From 8bb1806a21cc81f1b9efd4839e526dcdad388c2d Mon Sep 17 00:00:00 2001 From: fguisso Date: Thu, 3 Nov 2022 19:30:35 -0300 Subject: [PATCH] Adding A10:2020 SSRF exercise --- README.md | 1 + .../a10/doryl-site-check/Makefile | 39 ++ .../a10/doryl-site-check/README.md | 16 + .../a10/doryl-site-check/app/api/services.go | 120 ++++++ .../app/corp-server/admin/employers.html | 398 ++++++++++++++++++ .../app/corp-server/admin/logins.txt | 18 + .../a10/doryl-site-check/app/go.mod | 19 + .../a10/doryl-site-check/app/go.sum | 42 ++ .../a10/doryl-site-check/app/main.go | 48 +++ .../doryl-site-check/app/templates/base.html | 88 ++++ .../doryl-site-check/app/templates/check.html | 132 ++++++ .../doryl-site-check/app/templates/home.html | 3 + .../deployments/check-init.sh | 72 ++++ .../deployments/corp-server.Dockerfile | 7 + .../deployments/docker-compose.yml | 25 ++ .../deployments/doryl.Dockerfile | 10 + .../images/doryl-site-check.png | Bin 0 -> 55656 bytes 17 files changed, 1038 insertions(+) create mode 100644 owasp-top10-2021-apps/a10/doryl-site-check/Makefile create mode 100644 owasp-top10-2021-apps/a10/doryl-site-check/README.md create mode 100644 owasp-top10-2021-apps/a10/doryl-site-check/app/api/services.go create mode 100644 owasp-top10-2021-apps/a10/doryl-site-check/app/corp-server/admin/employers.html create mode 100644 owasp-top10-2021-apps/a10/doryl-site-check/app/corp-server/admin/logins.txt create mode 100644 owasp-top10-2021-apps/a10/doryl-site-check/app/go.mod create mode 100644 owasp-top10-2021-apps/a10/doryl-site-check/app/go.sum create mode 100644 owasp-top10-2021-apps/a10/doryl-site-check/app/main.go create mode 100644 owasp-top10-2021-apps/a10/doryl-site-check/app/templates/base.html create mode 100644 owasp-top10-2021-apps/a10/doryl-site-check/app/templates/check.html create mode 100644 owasp-top10-2021-apps/a10/doryl-site-check/app/templates/home.html create mode 100755 owasp-top10-2021-apps/a10/doryl-site-check/deployments/check-init.sh create mode 100644 owasp-top10-2021-apps/a10/doryl-site-check/deployments/corp-server.Dockerfile create mode 100644 owasp-top10-2021-apps/a10/doryl-site-check/deployments/docker-compose.yml create mode 100644 owasp-top10-2021-apps/a10/doryl-site-check/deployments/doryl.Dockerfile create mode 100644 owasp-top10-2021-apps/a10/doryl-site-check/images/doryl-site-check.png diff --git a/README.md b/README.md index 3204409c6..d273811e2 100644 --- a/README.md +++ b/README.md @@ -53,6 +53,7 @@ Disclaimer: You are about to install vulnerable apps in your machine! 🔥 | A7 - Identity and Authentication Failures | Golang | [Insecure go project](owasp-top10-2021-apps/a7/insecure-go-project) | | A8 - Software and Data Integrity Failures | Python | [Amarelo Designs](owasp-top10-2021-apps/a8/amarelo-designs) | | A9 - Security Logging and Monitoring Failures | Python | [GamesIrados.com](owasp-top10-2021-apps/a9/games-irados) | +| A10 - Server-Side Request Forgery | Go | [Doryl Site Check](owasp-top10-2021-apps/a10/doryl-site-check) | ## OWASP Top 10 (2016) Mobile apps: 📲 diff --git a/owasp-top10-2021-apps/a10/doryl-site-check/Makefile b/owasp-top10-2021-apps/a10/doryl-site-check/Makefile new file mode 100644 index 000000000..f15ce2704 --- /dev/null +++ b/owasp-top10-2021-apps/a10/doryl-site-check/Makefile @@ -0,0 +1,39 @@ +.SILENT: +.DEFAULT_GOAL := help + +COLOR_RESET = \033[0m +COLOR_COMMAND = \033[36m +COLOR_YELLOW = \033[33m +COLOR_GREEN = \033[32m +COLOR_RED = \033[31m + + +## Installs a development environment +install: compose msg + +## Composes project using docker-compose +compose: compose-down + docker-compose -f deployments/docker-compose.yml -p secdevlabs up -d --build --force-recreate + +## Down project using docker-compose +compose-down: + docker-compose -f deployments/docker-compose.yml -p secdevlabs down -v --remove-orphans + +## Prints initialization message after compose phase +msg: + chmod +x deployments/check-init.sh + ./deployments/check-init.sh + +## Prints help message +help: + printf "\n${COLOR_YELLOW}${PROJECT}\n------\n${COLOR_RESET}" + awk '/^[a-zA-Z\-\_0-9\.%]+:/ { \ + helpMessage = match(lastLine, /^## (.*)/); \ + if (helpMessage) { \ + helpCommand = substr($$1, 0, index($$1, ":")); \ + helpMessage = substr(lastLine, RSTART + 3, RLENGTH); \ + printf "${COLOR_COMMAND}$$ make %s${COLOR_RESET} %s\n", helpCommand, helpMessage; \ + } \ + } \ + { lastLine = $$0 }' $(MAKEFILE_LIST) | sort + printf "\n" diff --git a/owasp-top10-2021-apps/a10/doryl-site-check/README.md b/owasp-top10-2021-apps/a10/doryl-site-check/README.md new file mode 100644 index 000000000..7dabfefb2 --- /dev/null +++ b/owasp-top10-2021-apps/a10/doryl-site-check/README.md @@ -0,0 +1,16 @@ +# Doryl site-check +![image](images/doryl-site-check.png) +This is a simple Golang webapp that contains an example of a SSRF(Server Side Request Forgery) vulnerability and its main goal is to describe how a malicious user could exploit it. + +## What is SSRF? +*from ![PortSwigger Academy](https://portswigger.net/web-security/ssrf).* + +Server-side request forgery (also known as SSRF) is a web security vulnerability that allows an attacker to induce the server-side application to make requests to an unintended location. + +In a typical SSRF attack, the attacker might cause the server to make a connection to internal-only services within the organization's infrastructure. In other cases, they may be able to force the server to connect to arbitrary external systems, potentially leaking sensitive data such as authorization credentials. + +## What is the impact of SSRF attacks? + +A successful SSRF attack can often result in unauthorized actions or access to data within the organization, either in the vulnerable application itself or on other back-end systems that the application can communicate with. In some situations, the SSRF vulnerability might allow an attacker to perform arbitrary command execution. + +An SSRF exploit that causes connections to external third-party systems might result in malicious onward attacks that appear to originate from the organization hosting the vulnerable application. diff --git a/owasp-top10-2021-apps/a10/doryl-site-check/app/api/services.go b/owasp-top10-2021-apps/a10/doryl-site-check/app/api/services.go new file mode 100644 index 000000000..3902ca87a --- /dev/null +++ b/owasp-top10-2021-apps/a10/doryl-site-check/app/api/services.go @@ -0,0 +1,120 @@ +package api + +import ( + "fmt" + "io" + "net" + "net/http" + "net/url" + "strings" + + "github.com/labstack/echo" +) + +type missingSecurityHeaders struct { + ContentSecurityPolicy bool + XFrameOptions bool + XContentTypeOptions bool + ReferrerPolicy bool + PermissionsPolicy bool +} + +// Index renders the home page. +func Index(c echo.Context) error { + return c.Render(http.StatusOK, "index.html", map[string]interface{}{}) +} + +// SiteCheckPage renders page with results about headers check. +func SiteCheckPage(c echo.Context) error { + target := c.FormValue("target") + if !strings.Contains(target, "http") { + target = "http://" + target + } + + domain, ips := lookupIPDomain(target) + headers, missing, body := httpGet(target) + return c.Render(http.StatusOK, "check.html", map[string]interface{}{ + "target": target, + "domain": domain, + "ips": ips, + "headers": headers, + "secHeaders": missing, + "body": body, + }) +} + +func lookupIPDomain(target string) (string, string) { + domain, err := url.Parse(target) + if err != nil { + fmt.Println("URL parser error:", err) + } + + iprecords, err := net.LookupIP(domain.Hostname()) + if err != nil { + fmt.Println("LookupIP error:", err) + } + + var ips string + for i, ip := range iprecords { + if i != 0 { + ips = ips + ", " + } + ips = ips + ip.String() + } + + return domain.Hostname(), ips +} + +func verifySecurityHeaders(rawHeaders map[string]string) missingSecurityHeaders { + var missing missingSecurityHeaders + + if _, ok := rawHeaders["Content-Security-Policy"]; !ok { + missing.ContentSecurityPolicy = true + } + + if _, ok := rawHeaders["X-Frame-Options"]; !ok { + missing.XFrameOptions = true + } + + if _, ok := rawHeaders["X-Content-Type-Options"]; !ok { + missing.XContentTypeOptions = true + } + + if _, ok := rawHeaders["Referrer-Policy"]; !ok { + missing.ReferrerPolicy = true + } + + if _, ok := rawHeaders["Permissions-Policy"]; !ok { + missing.PermissionsPolicy = true + } + + return missing +} + +func httpGet(url string) (map[string]string, missingSecurityHeaders, string) { + rawHeader := make(map[string]string) + + res, err := http.Get(url) + if err != nil { + fmt.Println("HTTP: HTTP GET request error:", err) + return nil, missingSecurityHeaders{}, "" + } + defer res.Body.Close() + + if res.StatusCode != 200 { + fmt.Println("HTTP: Unexpect response status:", res.Status) + } + + for k, v := range res.Header { + rawHeader[k] = strings.Join(v, ", ") + } + + missing := verifySecurityHeaders(rawHeader) + + bodyBytes, err := io.ReadAll(res.Body) + if err != nil { + fmt.Println("HTTP: Read body error:", err) + } + + return rawHeader, missing, string(bodyBytes) +} diff --git a/owasp-top10-2021-apps/a10/doryl-site-check/app/corp-server/admin/employers.html b/owasp-top10-2021-apps/a10/doryl-site-check/app/corp-server/admin/employers.html new file mode 100644 index 000000000..5c5c3a4d3 --- /dev/null +++ b/owasp-top10-2021-apps/a10/doryl-site-check/app/corp-server/admin/employers.html @@ -0,0 +1,398 @@ + + + + + + + Employers Directory + + + + + + +
+
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
UserCreatedStatusEmail 
+ + Mila Kunis + Admin + + 2013/08/08 + + Inactive + + mila@kunis.com + + + + + + + + + + + + + + + + + + + +
+ + George Clooney + Member + + 2013/08/12 + + Active + + marlon@brando.com + + + + + + + + + + + + + + + + + + + +
+ + Ryan Gossling + Registered + + 2013/03/03 + + Banned + + jack@nicholson + + + + + + + + + + + + + + + + + + + +
+ + Emma Watson + Registered + + 2004/01/24 + + Pending + + humphrey@bogart.com + + + + + + + + + + + + + + + + + + + +
+ + Robert Downey Jr. + Admin + + 2013/12/31 + + Active + + spencer@tracy + + + + + + + + + + + + + + + + + + + +
+ + Mila Kunis + Admin + + 2013/08/08 + + Inactive + + mila@kunis.com + + + + + + + + + + + + + + + + + + + +
+ + George Clooney + Member + + 2013/08/12 + + Active + + marlon@brando.com + + + + + + + + + + + + + + + + + + + +
+ + Ryan Gossling + Registered + + 2013/03/03 + + Banned + + jack@nicholson + + + + + + + + + + + + + + + + + + + +
+ + Emma Watson + Registered + + 2004/01/24 + + Pending + + humphrey@bogart.com + + + + + + + + + + + + + + + + + + + +
+ + Robert Downey Jr. + Admin + + 2013/12/31 + + Active + + spencer@tracy + + + + + + + + + + + + + + + + + + + +
+
+
+
+
+
+ + diff --git a/owasp-top10-2021-apps/a10/doryl-site-check/app/corp-server/admin/logins.txt b/owasp-top10-2021-apps/a10/doryl-site-check/app/corp-server/admin/logins.txt new file mode 100644 index 000000000..002e5156c --- /dev/null +++ b/owasp-top10-2021-apps/a10/doryl-site-check/app/corp-server/admin/logins.txt @@ -0,0 +1,18 @@ +// Super sensitive information + +// WiFi +id: Doryl +password: 2022doryl@* + +// Guest WiFi +id: Doryl-Guest +password: dorylguest2022 + +// Intranet +login: admin +password: Adminqwert2022 + +// Ginpass +login: dorylAdmin +password: ginAndOrange + diff --git a/owasp-top10-2021-apps/a10/doryl-site-check/app/go.mod b/owasp-top10-2021-apps/a10/doryl-site-check/app/go.mod new file mode 100644 index 000000000..c4bf035e1 --- /dev/null +++ b/owasp-top10-2021-apps/a10/doryl-site-check/app/go.mod @@ -0,0 +1,19 @@ +module github.com/fguisso/doryl-site-check + +go 1.17 + +require github.com/labstack/echo v3.3.10+incompatible + +require ( + github.com/dgrijalva/jwt-go v3.2.0+incompatible // indirect + github.com/labstack/gommon v0.3.1 // indirect + github.com/mattn/go-colorable v0.1.11 // indirect + github.com/mattn/go-isatty v0.0.14 // indirect + github.com/stretchr/testify v1.7.1 // indirect + github.com/valyala/bytebufferpool v1.0.0 // indirect + github.com/valyala/fasttemplate v1.2.1 // indirect + golang.org/x/crypto v0.0.0-20220321153916-2c7772ba3064 // indirect + golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2 // indirect + golang.org/x/sys v0.0.0-20211103235746-7861aae1554b // indirect + golang.org/x/text v0.3.6 // indirect +) diff --git a/owasp-top10-2021-apps/a10/doryl-site-check/app/go.sum b/owasp-top10-2021-apps/a10/doryl-site-check/app/go.sum new file mode 100644 index 000000000..87ca0ef0f --- /dev/null +++ b/owasp-top10-2021-apps/a10/doryl-site-check/app/go.sum @@ -0,0 +1,42 @@ +github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= +github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/dgrijalva/jwt-go v3.2.0+incompatible h1:7qlOGliEKZXTDg6OTjfoBKDXWrumCAMpl/TFQ4/5kLM= +github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ= +github.com/labstack/echo v3.3.10+incompatible h1:pGRcYk231ExFAyoAjAfD85kQzRJCRI8bbnE7CX5OEgg= +github.com/labstack/echo v3.3.10+incompatible/go.mod h1:0INS7j/VjnFxD4E2wkz67b8cVwCLbBmJyDaka6Cmk1s= +github.com/labstack/gommon v0.3.1 h1:OomWaJXm7xR6L1HmEtGyQf26TEn7V6X88mktX9kee9o= +github.com/labstack/gommon v0.3.1/go.mod h1:uW6kP17uPlLJsD3ijUYn3/M5bAxtlZhMI6m3MFxTMTM= +github.com/mattn/go-colorable v0.1.11 h1:nQ+aFkoE2TMGc0b68U2OKSexC+eq46+XwZzWXHRmPYs= +github.com/mattn/go-colorable v0.1.11/go.mod h1:u5H1YNBxpqRaxsYJYSkiCWKzEfiAb1Gb520KVy5xxl4= +github.com/mattn/go-isatty v0.0.14 h1:yVuAays6BHfxijgZPzw+3Zlu5yQgKGP2/hcQbHb7S9Y= +github.com/mattn/go-isatty v0.0.14/go.mod h1:7GGIvUiUoEMVVmxf/4nioHXj79iQHKdU27kJ6hsGG94= +github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= +github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= +github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= +github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= +github.com/stretchr/testify v1.7.1 h1:5TQK59W5E3v0r2duFAb7P95B6hEeOyEnHRa8MjYSMTY= +github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= +github.com/valyala/bytebufferpool v1.0.0 h1:GqA5TC/0021Y/b9FG4Oi9Mr3q7XYx6KllzawFIhcdPw= +github.com/valyala/bytebufferpool v1.0.0/go.mod h1:6bBcMArwyJ5K/AmCkWv1jt77kVWyCJ6HpOuEn7z0Csc= +github.com/valyala/fasttemplate v1.2.1 h1:TVEnxayobAdVkhQfrfes2IzOB6o+z4roRkPF52WA1u4= +github.com/valyala/fasttemplate v1.2.1/go.mod h1:KHLXt3tVN2HBp8eijSv/kGJopbvo7S+qRAEEKiv+SiQ= +golang.org/x/crypto v0.0.0-20220321153916-2c7772ba3064 h1:S25/rfnfsMVgORT4/J61MJ7rdyseOZOyvLIrZEZ7s6s= +golang.org/x/crypto v0.0.0-20220321153916-2c7772ba3064/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= +golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2 h1:CIJ76btIcR3eFI5EgSo6k1qKw9KJexJuRLI9G7Hp5wE= +golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= +golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20210927094055-39ccf1dd6fa6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20211103235746-7861aae1554b h1:1VkfZQv42XQlA/jchYumAnv1UPo6RgF9rJFkTgZIxO4= +golang.org/x/sys v0.0.0-20211103235746-7861aae1554b/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= +golang.org/x/text v0.3.6 h1:aRYxNxv6iGQlyVaZmk6ZgYEDa+Jg18DxebPSrd6bg1M= +golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= +golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= +gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= +gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b h1:h8qDotaEPuJATrMmW04NCwg7v22aHH28wwpauUhK9Oo= +gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= diff --git a/owasp-top10-2021-apps/a10/doryl-site-check/app/main.go b/owasp-top10-2021-apps/a10/doryl-site-check/app/main.go new file mode 100644 index 000000000..c858d88df --- /dev/null +++ b/owasp-top10-2021-apps/a10/doryl-site-check/app/main.go @@ -0,0 +1,48 @@ +package main + +import ( + "errors" + "html/template" + "io" + "os" + + "github.com/fguisso/doryl-site-check/api" + "github.com/labstack/echo" + "github.com/labstack/echo/middleware" +) + +// TemplateRegistry defines the template registry struct. +type TemplateRegistry struct { + templates map[string]*template.Template +} + +// Render implement e.Renderer interface. +func (t *TemplateRegistry) Render(w io.Writer, name string, data interface{}, c echo.Context) error { + tmpl, ok := t.templates[name] + if !ok { + err := errors.New("This template is not found: " + name) + return err + } + return tmpl.ExecuteTemplate(w, "base.html", data) +} + +func main() { + e := echo.New() + e.HideBanner = true + + e.Use(middleware.Logger()) + e.Use(middleware.Recover()) + e.Use(middleware.RequestID()) + + templates := make(map[string]*template.Template) + templates["index.html"] = template.Must(template.ParseFiles("templates/home.html", "templates/base.html")) + templates["check.html"] = template.Must(template.ParseFiles("templates/check.html", "templates/base.html")) + + e.Renderer = &TemplateRegistry{ + templates: templates, + } + e.GET("/", api.Index) + e.POST("/check", api.SiteCheckPage) + + e.Logger.Fatal(e.Start("0.0.0.0:" + os.Getenv("PORT"))) +} diff --git a/owasp-top10-2021-apps/a10/doryl-site-check/app/templates/base.html b/owasp-top10-2021-apps/a10/doryl-site-check/app/templates/base.html new file mode 100644 index 000000000..96db0b5ef --- /dev/null +++ b/owasp-top10-2021-apps/a10/doryl-site-check/app/templates/base.html @@ -0,0 +1,88 @@ +{{define "base.html"}} + + + + + + + Doryl Site Check + + + + + + + + +
+
+ +
+ +
+
+
+

+ Check your website now! +

+

+ No more headaches with security headers and another http information leaks, test your website now to be part of most security projects in the World Wide Web. +

+
+
+

+ +

+

+ +

+
+
+
+
+
+ +
+ {{ template "body" .}} + + +{{ end }} diff --git a/owasp-top10-2021-apps/a10/doryl-site-check/app/templates/check.html b/owasp-top10-2021-apps/a10/doryl-site-check/app/templates/check.html new file mode 100644 index 000000000..9a6df51c9 --- /dev/null +++ b/owasp-top10-2021-apps/a10/doryl-site-check/app/templates/check.html @@ -0,0 +1,132 @@ +{{ define "body" }} +
+
+
+

+ Target +

+
+
+
+ + + + + + + + + + + +
Site{{ index . "domain" }}
IP Address{{ index . "ips" }}
+
+
+
+ +
+
+

+ Missing Headers +

+
+
+
+ + + {{ if .secHeaders.ContentSecurityPolicy }} + + + + + {{ end }} + + {{ if .secHeaders.XFrameOptions }} + + + + + {{ end }} + + {{ if .secHeaders.XContentTypeOptions }} + + + + + {{ end }} + + {{ if .secHeaders.ReferrerPolicy }} + + + + + {{ end }} + + {{ if .secHeaders.PermissionsPolicy }} + + + + + {{ end }} + + +
Content-Security-PolicyContent Security Policy is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross-Site Scripting (XSS) and data injection attacks.
X-Frame-OptionsThe X-Frame-Options The X-Frame-Options HTTP response header can be used to indicate whether or not a browser should be allowed to render a page in a frame, iframe, embed or object. Sites can use this to avoid click-jacking attacks, by ensuring that their content is not embedded into other sites.
X-Content-Type-OptionsThe X-Content-Type-Options response HTTP header is a marker used by the server to indicate that the MIME types advertised in the Content-Type headers should be followed and not be changed. The header allows you to avoid MIME type sniffing by saying that the MIME types are deliberately configured.
Referrer-PolicyThe Referrer-Policy HTTP header controls how much referrer information (sent with the Referer header) should be included with requests. Aside from the HTTP header, you can set this policy in HTML.
Permissions-PolicyPermissions-Policy is a new header that allows a site to control which features and APIs can be used in the browser.
+
+
+
+ +
+
+

+ Headers +

+
+
+
+ + + {{ range $key, $value := .headers }} + + + + + {{ end }} + +
{{ $key }}{{ $value}}
+
+
+
+ +
+
+

+ Raw Response +

+ +
+
+
+ 
+GET {{ .target }}
+{{ range $key, $value := .headers }}{{ $key }}: {{ $value }} 
{{ end }}
+{{ .body }}
+
+
+
+
+ +
+ +{{ end }} diff --git a/owasp-top10-2021-apps/a10/doryl-site-check/app/templates/home.html b/owasp-top10-2021-apps/a10/doryl-site-check/app/templates/home.html new file mode 100644 index 000000000..48fea2d83 --- /dev/null +++ b/owasp-top10-2021-apps/a10/doryl-site-check/app/templates/home.html @@ -0,0 +1,3 @@ +{{ define "body" }} +
+{{ end }} diff --git a/owasp-top10-2021-apps/a10/doryl-site-check/deployments/check-init.sh b/owasp-top10-2021-apps/a10/doryl-site-check/deployments/check-init.sh new file mode 100755 index 000000000..8070d0f35 --- /dev/null +++ b/owasp-top10-2021-apps/a10/doryl-site-check/deployments/check-init.sh @@ -0,0 +1,72 @@ +#!/bin/bash +# +# This script verifies if SecDevLabs app has properly start-up. +# + +COLOR_RED='\033[31m' +COLOR_YELLOW='\033[33m' +COLOR_GREEN='\033[32m' +COLOR_BLUE='\033[1;34m' +COLOR_RESET='\033[0m' + +PROJECT='A10 - Doryl Site Check' +PORT=10010 +TRIES=480 +LOADING=0 + +printf "${COLOR_YELLOW}SecDevLabs: 👀 Your app is starting!\n${COLOR_RESET}" + +while : ; do + `curl -s -f http://localhost:$PORT > /dev/null` + if [ $? == 0 ] ; then + break + fi + if [ $TRIES == 0 ] ; then + break + fi + TRIES=$((TRIES-1)) + sleep 0.25 + + # Loading animation + if [ $LOADING == 14 ]; then + LOADING=0 + fi + if [ $LOADING == 0 ]; then + printf "\r${COLOR_YELLOW}SecDevLabs: 👀 Your app is still starting... (*-------) ${COLOR_RESET}" + elif [ $LOADING == 1 ]; then + printf "\r${COLOR_YELLOW}SecDevLabs: 👀 Your app is still starting... (-*------) ${COLOR_RESET}" + elif [ $LOADING == 2 ]; then + printf "\r${COLOR_YELLOW}SecDevLabs: 👀 Your app is still starting... (--*-----) ${COLOR_RESET}" + elif [ $LOADING == 3 ]; then + printf "\r${COLOR_YELLOW}SecDevLabs: 👀 Your app is still starting... (---*----) ${COLOR_RESET}" + elif [ $LOADING == 4 ]; then + printf "\r${COLOR_YELLOW}SecDevLabs: 👀 Your app is still starting... (----*---) ${COLOR_RESET}" + elif [ $LOADING == 5 ]; then + printf "\r${COLOR_YELLOW}SecDevLabs: 👀 Your app is still starting... (-----*--) ${COLOR_RESET}" + elif [ $LOADING == 6 ]; then + printf "\r${COLOR_YELLOW}SecDevLabs: 👀 Your app is still starting... (------*-) ${COLOR_RESET}" + elif [ $LOADING == 7 ]; then + printf "\r${COLOR_YELLOW}SecDevLabs: 👀 Your app is still starting... (-------*) ${COLOR_RESET}" + elif [ $LOADING == 8 ]; then + printf "\r${COLOR_YELLOW}SecDevLabs: 👀 Your app is still starting... (------*-) ${COLOR_RESET}" + elif [ $LOADING == 9 ]; then + printf "\r${COLOR_YELLOW}SecDevLabs: 👀 Your app is still starting... (-----*--) ${COLOR_RESET}" + elif [ $LOADING == 10 ]; then + printf "\r${COLOR_YELLOW}SecDevLabs: 👀 Your app is still starting... (----*---) ${COLOR_RESET}" + elif [ $LOADING == 11 ]; then + printf "\r${COLOR_YELLOW}SecDevLabs: 👀 Your app is still starting... (---*----) ${COLOR_RESET}" + elif [ $LOADING == 12 ]; then + printf "\r${COLOR_YELLOW}SecDevLabs: 👀 Your app is still starting... (--*-----) ${COLOR_RESET}" + elif [ $LOADING == 13 ]; then + printf "\r${COLOR_YELLOW}SecDevLabs: 👀 Your app is still starting... (-*------) ${COLOR_RESET}" + fi + LOADING=$((LOADING+1)) + # End of loading animation + +done + +if [ $TRIES == 0 ]; then + printf "\n${COLOR_RED}SecDevLabs: Ooops! Something went wrong, please check api details for more information!\n${COLOR_RESET}" +else + printf "\n${COLOR_GREEN}SecDevLabs: 🔥 ${PROJECT} is now running at ${COLOR_RESET}${COLOR_BLUE}http://localhost:$PORT${COLOR_RESET}\n" +fi diff --git a/owasp-top10-2021-apps/a10/doryl-site-check/deployments/corp-server.Dockerfile b/owasp-top10-2021-apps/a10/doryl-site-check/deployments/corp-server.Dockerfile new file mode 100644 index 000000000..9d1872bd3 --- /dev/null +++ b/owasp-top10-2021-apps/a10/doryl-site-check/deployments/corp-server.Dockerfile @@ -0,0 +1,7 @@ +FROM python:3 + +WORKDIR /www/ + +COPY app/corp-server/ /www/ + +CMD python3 -m http.server 8080 diff --git a/owasp-top10-2021-apps/a10/doryl-site-check/deployments/docker-compose.yml b/owasp-top10-2021-apps/a10/doryl-site-check/deployments/docker-compose.yml new file mode 100644 index 000000000..727e76519 --- /dev/null +++ b/owasp-top10-2021-apps/a10/doryl-site-check/deployments/docker-compose.yml @@ -0,0 +1,25 @@ +version: '3' + +networks: + doryl_corp_net: + +services: + doryl: + container_name: doryl-site-check + build: + context: ../ + dockerfile: deployments/doryl.Dockerfile + environment: + PORT: "10010" + ports: + - "10010:10010" + networks: + - doryl_corp_net + + corp_server: + container_name: corp-server + build: + context: ../ + dockerfile: deployments/corp-server.Dockerfile + networks: + - doryl_corp_net diff --git a/owasp-top10-2021-apps/a10/doryl-site-check/deployments/doryl.Dockerfile b/owasp-top10-2021-apps/a10/doryl-site-check/deployments/doryl.Dockerfile new file mode 100644 index 000000000..c5615291d --- /dev/null +++ b/owasp-top10-2021-apps/a10/doryl-site-check/deployments/doryl.Dockerfile @@ -0,0 +1,10 @@ +FROM golang:1.17.7-alpine AS build + +WORKDIR /doryl-site-check + +COPY app/ . +RUN go mod download + +RUN go build -o /doryld + +ENTRYPOINT ["/doryld"] diff --git a/owasp-top10-2021-apps/a10/doryl-site-check/images/doryl-site-check.png b/owasp-top10-2021-apps/a10/doryl-site-check/images/doryl-site-check.png new file mode 100644 index 0000000000000000000000000000000000000000..fa8965df4b90daf911f8481634d2a9895a967478 GIT binary patch literal 55656 zcmeFZWmq1|(k_g<6EwKHyGw9)x8T9uogl&8Ed+OW5AGqjySw}MknH{LmG!Rk{XEzC zvAKqMW~RDYs;j%JtL~Xld08=d7;G3IARu@N@ehhXKwywSK)}sV5P&C+h4iw38-8

=T$OX<57ZLV)DqJI4V)AUEU8E>DNyU+EoiJ@;w~EMPs|Xgh{kgn zd+qox94FE zTP)BX>ni{6Uq3X0Vs=!$E5Ld$IJdNjg{fZf{QAm?vu7*=5!5mJ`uf@ixbGPD-C6yp z&v6D1WFo7V&;UJx4v?t3vATqbj0_MJ;2H`D3>X3k6mSI$1Ohmr{OcMRa82=_=fUPc zV87A;0r3HTfq+0`gMa{i1cU|fOuTF0GC$Ajs^s-R+iQdT&}!C zzfy1kuHPQh6A}DM;%LE3q%I>*AZ%lAOu$CRK*vDD2SY$Wz+-P@!ln2@^k3|NJ6<9) zM@L&OdU_WZ7djVaIvaaadPYu8PI?9=dL|}XKnhw1H)}@&S6XWa;@_G4JD(564u5_N!gLi{p9Aj7!+Y%GTc4!2wV$K1QBj1^n^sKh^u4UeVaW#?tAn6)M)|j(kl2 zV)@(SzjMh0I?M(ja(i<_32R4Vdq9zn25*`CPX_lz(yZ(7)-#Uv%WR0{(gm&_F&I9{T^$WUmaEt3;)w%&DY>0;Uj( zf&gZqolHPT9Li|b_w}@OYjnviMZ!dgNqWuYDbVe5#p`zYw(XX8H{D~bi8r6;ViY(h z8VLG-A2?ND-H~(LyAg5!L{$ef!&ws`07m)y;YXYf6agxB2efwlPmB?uIG`i~Ab&q> z15vZ>)}Zi#TD|^Pj=(6{cD{zbVB-Jlh_nSk7Q1`Cypi}DX)PP-YWzz=37PRgC@5-P zzu@%uI7Al^NZSAhcI6@FFiB%22`lksx(HChX2c8|{k-Vo-@UikV;%k#fq@!TAji437G2(tJtg@2xpTmX88vg&WaqPYd$9(LZlw z6?H7#OP;Jkl@!_(pty!u6#A28q72H6q6?DR*`J&*ej9$ z)~>f(+dZfcIL%U*Lw~2)8lj3uM8zZDS1~a#t3rGe8y+hbotM|7Km1|==*#06_+S@& zWe`FuoRA2ZB#X%LSX4+7P5B+`(s*)y+L(nPFTv06M#5xpQ;E_fE%K1)18+#c>0^^a z@Dvp%2_6w$6Y*C06;f|-qburF-SGCdY$jvYV^fjnNIf(g2oauLmexo#LcB{#tq!)R zJyhANO4b33C#x+NaKnuj7QwiX~a55EMIMik)F_(iiK2#m);jvbPU?e;gF zoNE~>8WTXA$#&wa$fOkW(a z(@~HqSn3{`G`F8QBf&~RwV>Rti-0sb34(Fk>iJk?W68Ec(l0ik!)(9(W%saoiNp4$ z@ZDq*Yy@b=kG9glzo=L?EOcP-=fTslW74?Cz6Q616yaE7#jFqa_lMxsCc!=(n-!_C zw7U_qiIl6+Q#SS9zh(^ax0(pvDi6&SY7aR0%{m)xT3= z8FHexs(U#}YZD$~py*&`6wYjK&AJNokSiSc<|lD+nBsP^aAD8+ivNBKj_0Z)Sjc;Q zPq_(QRZPqJ?iBrgzXbe7tqJA!t4{`@X{1b?p3Hd6vB&%EAT^k+k&d#Y789$a&9$<# zS*Zuf53U0UC1Z_VGlG8%aY&K1*wFn%1O4eSE;k>myd#HZ;M^M!*B!nN#|BnH*VFy` znGebQ7#S_~LO%?Njm&f{dIDZ#v)C9ER5iip<^z#8Xkub_E3^| z8Wd!`JTsQgE>!nng}buojyA_>tEDlJp)|(*UMfwBT3g&JEUiQ9CXY+VzJ=jE+Dq*= zM;(sb4p~jpja<&E3{VdbZR5*3`!MpVSqE0*!Z79e_?J=@#TD$HIB+>1 zA5GeL=f5Cr%NWBmImv%5T{xMsxoVwk+aMvNlIGJ;Ggryg?e{1SI2_}zS8M$cbQ|rl zy1c_ASvogE(vhY^5~VYzbusnT`0?aMxO8!|bJGtMN@LR(*V(YSVQ%q;u}vq!jURR$ zq5x4UvGfCvJQVPqr9(pNnOo6t8?PN|SZ+ zTbXDtNQ43Z(dmnBj6B!M)Tmn#rWn1fO!C{-2I2CISjtT#L?7N#1DDR;7y3&nqrv>0 zV1>gW>G0U#@l(={6cv*9F7>BW-{^x-DAr}~5zAj+icMg%@g65bn^e`in6r*!3(EIQ z+vFWzYgVxcY)Y4iD`;t_DiTG`yK@z{l2^{Foz>b}8$MNd8vQgxV|u{~WbpscT8Srm z6laB5iC95j9+QN$GQmwMiN3&nj)jX%){ve`uk_F_r7_Lt2Cj>E>fN@eLIh&1f`K1L zHw8f=VQ-l{BKG=hp->dofG%xgzz06Ux@9C`5b<;!m%-PA_EG$ zV`96UtgQbq8Uz@irSVfOKW`tf9&3a4GQjL*NpfDfDRD-2*_bEPh>{HFIxG>k&dB1w z7Mga7oZWbR)UE12T|)Ia z61Il^EeD1oN38jaiiP#vYadGxxL*CFL3jrclc_($hD}kMQ-ycZ0Jx2R3idP z0~-0RT`yC+QL6sPy7I-*V}HhkI8bx@1*|9VOT8WZQtAmG>$oJ*-r)miXG6YS$GcA3 z4VjnIT%vn=JRv3PF3=J}LZ4(UqF#oTCBIWKtQ>TzousqN6V_wZh0N<`f)<^p(dVVzGyv zl1=-e6LdcD<|@GdLNo;!G(dKys8H=(;!J)bRMTM<`ix{namVY%XFF0;qSI)zPRW6U zkE^wb=&1xXs(5_ve)ws!<>NYdj=NeE9xeQ*B3gP%NyW|7-LAHM6Az0UjhxLWA&f7f zP)Wf#1)kMalI`#TL!$*-O$(0Q(eIjIA0~@8xTN%clsrMZo!i5ily?Vri4M3U-1XdK z*0>MSG;S)N8c&O@{!#jW8Z%zR(GL+zR%?C3DZRG>S?+oCDl@a1b!sAQmQ7irToraFhqd>ns zo%WOdrPH6IC!EZBGy48FAR=nn78@%8~`=O`^ zDrKS)`dO)$AO84rMX`UKj0tOnbtM8=}(RSi1T61ZnUu}Z%AN!osA19SNbs)9a7N!udmYkqO@K$1vY;mq=GYWrJ zp5#`QF){JaJhZL;tp1`YHI0WqPD>F3o4G(RPDdF>;_9;+E-}ttflITRxh9*97qYUg z&=f_VZ=LTR;7&dMLqZd@i0ZZ2P@K*5KchQ^ZI)>^w_b)r2=hPQ~aLb*l#qg7k zRa;uhb_HJ1ldyFbb=x3*a%B4;W=^A)?<_2jGV!p_Buq@KU_l_+0sta=lkiXZ(@glquf@ zB#~_-k)NP;{i>t;WknK$LjM2{C5(nih=17#>jdaid13-L|1X}$K+A7TVbC_T&?}o zC7>#}>E74eXjJ1EK$gUaGa|JOFFteJrZlIll(;J#nFW~I>=97Od6q=gP#v}eF)gmF z>B2hpWGv5cAQ>Bx*1~}?z!ci8Vc1y51&=wuhr$L)-*&!PXBasuu{0Zm&K~k4TQW(H z1rO6jPTVw;TM2F%DI?z=$U;uzhZps~MY`Oqz$+n(qWHebPUP8HYwM*WPa5SjBmCma z@yuuY*sy%L_({t6n2$v1UDJCB)V3yca}#BoYT!)pBHB!FXMfQeZF)?r?z1ctiEA;* zHK!{0B|0Ay!@~_)eaFG?rC=^RiiiFuyh*$b8ZVv-^!L5t={-ND`@IU5i2fq)y-2Xc z(?Zm1+sr!WiY1V?Y{dA9&uPVZ*`){_muWr$7ALiW@(1+3i)~bER8HzTR$*CgL$$3h zs&{5$fXry=bQSG>3c#+AVi(=i;I4=SBn6B+0&`V%PSfhfrC5p8qwX}##Y#)=M}!B&TUbh zOEJUx*EzoPi*@W<7|@lWv`6>OP4D9e==tf3dUU$6D>53izrbXxQ&= zgghExDk>!1SOUM0c(f&63NvXLsIb$#5s-1FAUCT*Wi9X?Vtw0in8($)P+?=t#hE}s zvO4{9Akn+OSQEe~P^2Ig2Kz!fqB>}YkbG2$!~J=~tL@8>gU?G3y}g^vTL#ju3qinE zuVH$}&a}_Fr_W{=U0A{>WfFsO2ELVQK9|nz9S>bpBS#jIeoAYTl~C(5Tt(^%izI2; zYgrL0Tg6DRIw8;^diIMWo^EIUx@8C@Un@ev8yZR%)}mI7D=hT^LrGG_bmGauDzsk1 zfm8ZmcZRgqGb>!Z$=p3Nfx=G8JcBiq8;o$QzWiHO=!BMggDZc7Q^bku2rr0m>2=x! zR{Mu2Gy!Ps@GZ3bLO+2v2<4vw*+XCXYxXpCHzh;`fu}nt2Re(Sfcfm~@QVbPgd+4B zOb=Ey6s&0*ZXGb;9nbc-@*0TG4Zt8S9@QZ#c@-?yf^E;;j{H}u(L#ml?*}&a%kXf& zS5z!fs~KSR)uB(RFX`Dt6r>-_5?eNCnE z*N$o&XbIKswKMLkMTVbw=R5_Sr2F^OkHgW4N5!Z5`@*Bs+4Lx*ggGNNDKX@x>z|G2 zEf`T{|KV1`p#muu=WjAg!U0FzX1sg$fKEJ};=goxB9f*^ z{c2D{PsqnFe-AeZd6~nk9k}|0Pr&Hvu@U8+T>?$Bs2hg1!DN&(IR>uoCU{FLH0Q^g zdwT3{Bb1d2G!C7yr&M7m^HR_;e;Uk}Ermm8GkFd$8SA?Ua`4d9h}8UMVgfwc+}z9S zsskD<(jGH~6hCChw;m-+OI0ZHp5blTAEu!jV<{ZyZ%wHD@P^JXMQNp1mYcLaA*VZ` zHtosXw2hy6IVZGF!j5|-jn|QxGyQThWmsIg%5K4}J@DwN9%KpHbxn^pP_aV6AZO*E zbqVuSN1FK!hIzC3WmifsVHi^Wt|U6T8$BYT>E35?E2v20;%M8e%U>R9UgY2iCAe%hXfj0Ia8~0O0xDgmomkEICOqy|A6#-@_}j?tzXUS5^4Bb%_(BW zveZkBWdjedPXUd;*5q?d*j8-r6pe@`{>C_)+VE%vo9WS&%B-4v`)Ouf4--u~tV!iy zh&!2Q5JopB{i)d$(SE5?1ZhK?E=5PDaKW(u_nwcMkr+F~m(D}|w7O``2#2E-mvKe& z7e~fkWp^|(f%eN%TIV3<#~Zn`uIFJoXFDMYs~HLOt6ttU%3oz+{^;;P5Wl3#D;F5D zxpJH=vRy%Xd0er$$iyU|kVv$zKj2vxM=} zd_66O*EscuF|>-e4h(-7S5=MknRpk|-6}oRcYsPh^)hG{7UET7uS2gs-;yPrY)7q3 z1L2;ulm# z=5i*C6b7edcOBkNbSL@_Fmx&%DW&BpDSefxZTMG6@Hv2qemWutPd<@T8o-1!sc|E= z&T0F?KND8&IDxG2nFqDz8K4%ChiP~mm8;v(21zo$y|Smo6CMgudgzT9 zpWb`AzMq>lJ5{QwBO}r>2X967gqJ+FLGyT?x;fag`(qm2lLTq5Ua<2~pU#m==VDUv zwzUjW*0;ZC8Mktr&SC!P(^T0o(q+FL<Xx^=9m+tdWTZhfpYygG`e%xT7QE-GG|`05{UgiBxcm`?8iN zsf*(lCmxg`Fa+l#$D6j#mScWn?UV9_HqtiVtI`uqNkKeutS|puF$nyK(|p}mQ-gr> za_}Zt;Be+QH{_SR26k{b-Z3;kq{2ocZFxQ^{O@RjI6*wrgabjmdw|s+cG_>mRwTA+c*7N`vVaI!3Qq%Q~v7?+vLSxCYR z2P$txU+ZtpZbtKKdQWBCS6FL3ZNhdlfjYsMYe*g+_>Wb})UG2Frj zr|#mNRRqqU8A=K6M%+aHQ0w2~hoXE7DJZ*C zGXCL){~cvQ@&pjUvN$Wm|3UbKA^_n>A0V&={eyh{^>qW^fh+CS-7^qY=}J3+qxbI1L=&0XXG;#tb& zmwyt0A|M_ERdk|n__yAFyCt}LBl0=u#{7c_guc85i2iqo>{m;`vH-*`(=qDUKZo;M z_X&t2XWJ2cYYvF`r=he42=@KAGymI}{~ekC9hqSNoo2!QJIzJ|7Wn@=YbFvEn0q#1 zN~l8451jgdf311V@d6)`X2yozR{Aw4;%LnGgj2z!!y!wUgR&v-G7V_CV2byk}M zK};iL;*P$HV}xK}BuS{~#2tDtuwQX{t{v(AV5gN-MV}rTtw0x->1o$z^PBw?ECA6r z)P%`ge^mS_mOU|HUhn?5;fO>4uns`L`ZnIy__YWDlyHz)xzR+WU@{4#Li@k{~TLv(b*M z9eXzDVmc z)?8b4019ZW@ISw^fQ20|0IFkMoU zzU?u%9d+|vbf$lFyR{e-g(&H8#YH(w>O4F{*$a;Lm+;!y1`WLStZ#QR8?QW4FA3K% zb^P{-)o^=Wa|p%484etQU?@1NlfwE2Wa?a(0GNY4HF|Dpfcgj$Afcm^xn!o!4l$ga z(z^`9>ctPOV2`WscQx7BuVUTPAqLpap<45Eim4K3x;aQ#A!&|C0W70CDSbJo+@)vL z9J6?NEl#1QvZ!sYtWLfy2gbZmT;q*3wl|v*Oxl<1#5d*~?9E0rBeR`JR;EUu-#VXI z%DA{|-B1kzrmZP26m5TeGI4#^7*II9x)$7ToT6fz1~BLXq2yQLa>i^~de=D!WDpGf zaydGFn`pJdzL}uMKpO^c*`A54Eh(I!f!B`k7_HjSD><_=Rq)>o%HAJ}cxg}Lg~7d? zPp&KKtU8ljB^TOqqCqd_BS`z+3daBJ3U;14fpBvWY4WVA8&b)th~P-)$K91X!lic` zj6p%f*xMKqo%dCFx1!M`#zqL&jW5wd1;?x~zSqi8+J{8Qh-{$f&vD2~dVR5;+E$G& z8XXWb7!Ye@>78EkCAAOq;;CEbN9}6M_*qEixqj>(m7eM{$*Yd`!NbWCN3)H;baxhQ z$(KW;l~mpvwL@kqB5hgBbdr8}Ad5=L2>2vL68R%l_G| zoK$wS+fA7JPaIHdazxp9UCK$Q5_6LVE4hG?Adi<=nFQeR?*+uv&!5E#hNDZ(2K(pe z`&_5IJ*==6Lix<49GB##-AYf?=o)r~lpKv%wIW!<>z>S)D)Ewu-pWQ}3CB%F#l!~i6&9}2i(oqF zy;B|*!<2g9bC6`{PoGlCt~ypLtSNeu{k5T5BUpRkZ`}m?mx|qyO`uAEt8g-J4~{#h z=y_RNpmc9Tkzz)`?NJ@@GQh#4Q^~ZGpupVW)9oE|_0zES+MPcKae8R~PB(_!2FYjMs+-=P#B+_rDS%=bP~s2kP1@ z7n`YnE=x}~ewu%Sae2F#$f-T2wycv^pxr5duN&iqT5Y^CyR|prntB}j!V7SOx4iqZ zOoAzH+4P)Yb(4SX2KR2T#dIfZ=Q9H-#?U0i)%*zIAVUz#Ag+zgZSz96?N$=QVyUwzG*m#K#(2`Ag%L0uyw9^LKBiGBH^Gm2WRrj@Tr|8L1u@O!X7Z7g!F|foSPCD$QQ+3$ERH;$pm&(PgoV%yvCzQO5c+yq#89~N; z)7ehkv3Az0IyUI%O}t*N#Y^_pR2?TTm3_2*X%}v0)>Y#wU=PNNxFm9J;A!- z9a$3{^S-&m?^e!d>QzI*#DuEY?kfV$r6NF^nL?XZE$>p)Cp*zu$v6OLt#h1(>$EJ4 zaM>W>;pe!MQ&)WLNWSMTk_J18;lt{1azx2m)z5d+i=P$c584n}k^luAP^R)s$7_3H z#bVJ;=|44{-_f{jZDy3&=Yu(n96K~RaYTTdEH?c{Lr(Ak-@ckJ(hsBj-jC9Pkzq5B zH3pdtf#(KgJ zp9^-~DAZPl_7Pvm>Gr7susnc=p340;r48Wu(|iw+{#nJY8P<3@8#!bz{O)wz_C3Uv z%PTzq3#3$4f2c}21vf2E+&7urc1w2P#faC3q*c4xKDTA!LpCGrvz4w}1_$cw_Q*_4 zDD-kuwvwzPTkQhAeJM6otrG<7LwBd*S0EOO&7K|$DFW~%?VX>uE%l+cclZ=aw72=5(HBvtN|p{F;d(^tAaX@IaAnY(FG#hOSZ??t^B5ox8Sz+f-?EhNy{OZC*s8p z8zO!Ct3h@%D5p|+M(U;=MY3Uef?el&@5Us9_wNn1S(5MK$da`J`fry=CA3ku$ZY&| zo)d7BBs(2h-ctX1+fE||!%<4AWgk>zlO>CRBmd+NNE zv$E-wsWg2KhHafj(D7g)ZIFg@#$+#E7soGBeu|&hngQPFyz!kP+n4daQv|F_|zLZpV(!Oy!6^3#81*2I7}&wv}52Z z4;M5$Ie0dd{4CQ{!o`~TymRFlYU37p-Kk5n&jD%KA+V>2&r?9Y;q`3=v|gK$P9~Ai zatF56L)o8o=Ss7$M7BdRw|pMOVo?tg?R$N$NFSxP%jLw6}ZH+xhV z!zsV^V&|qOVWVJAhaE8iM8R1vRol1vib?l9zx93;&+Y6Pw_KR>Hbhv8 zJVchiU8gdG4msv~%JY~Da!d%t@I1U%#HyqGA0OY{Hgnn>>q=qOYTyKG7`9mzlrt1n z6!-}nu30Il=CAAXYL{0$-=bq&-cvkQh#+5#pgoK5LMo#mxu0c7q+A5gTcbOBWjq&I zUxSA%cD!_Gi7@X!Qo|xC*}R8z92{L?0J1V4w8(Y}Ki$skQqvuhdHm`kT53t_6!Fu(Ju>G`^>yxr4#l8zd`v&ZzdI!r^fsD{D%I{8av(F)~>yg&S&l+3$N!#`*f zs&QbBL(+l25+YI+5b*3)Tz=7>ts3Uyr`9jLTTL>aIk~hOWnt%YL%dZ7GfYw9+T?Vc znV)fi$G@MX*5bYJc|$JpxEt6+krZ#b_qy?z?sjf=UOg3lHXTLOT{?mRzJG`De7oDS z<+6JdL&?xNf1!l=k?ylyr}s<%BQ7FG5>u^5VAk7=4S+EF-FrG8Ve^E&X$1l| z$iAJmh`5a`YPwUx9^%R3>e7y);_+c=p#3F!JhD;{X3cKu#0e$|QH_XcbXMl7JDDEp z__Kj^sLsekdXSN4z4Q_O>H16?IOAs2n7K|ARk{u4@g$f@z}nZP#P1*TFV-*JJtz`i zg_v5C7Q`v`%J?$Mw9OiuO6<9j3}EsLL%&Bd&ps!Jm){ry$*6L1zYaHOF{|~S zB@M9Z55ZA1`US}+??P6W%_4kf$abP9#_7+zy&DBCq-jlrbk-3%s5~U)ZxFDe(zz(-YpiJ zjDzL9jJ=X@dM{r)f+f!KY3P)n${q{i=y?I-c6@;@PyER|%$+28+?}B>UDqRP9XNM2 z#X*2l{%vGtZ-U{xJ|4M>@Wj3KK_m$XD|}|?+>h)KmxRLgt|XyGIOf`XIOcFrF~X_F zbru4>E~(BUqxoGfHB647kYWD57(IhbV#ls>Vg9T@f2U20&*dHV!hQ_H`}Jf~Ef|A` zK}4W!v^K;%Yo`OXE69`5Px;bJs&Es}UPznP<9CNH*VvV4bBrNX>>6bOlwXD6I}e14M*mwvA`6cKV7x#Tl029Ax?OL*7t{u-S{kQV3%Jba2w`gu@-44o*0qNVe`M1wzJxGi_-9@sUBEeB?LG@p)E_{Um0wcz6W6Xa zfs@YEzc|1phO=x72P(~N808UyTZPiSn$a01tq%xJ&NSij=5s=LV!137D9Q*W+*RWSg@WIfVQ-;H_XuD04d!)4Ok z?pziZp3I=Q58(ax;8 zu^feXRG>tvkZ4!xM|j@;5mRxp+hYydrxtC^(nlXeECgaqW-xbn6(c^) zQ`I{sGL0T^OU`oReXi$n=2z+lteRB>RV^=9_&F!e9&yE-c;`Bt@Qs=QsHTbe^}D^D zn@HwZWV$ZtN~-o$+~hBtgALYw$H)sso@ z;@$X6O*mzW3w2@gNr=ufX`5?zH`R52-iMfFhHN6yzY5a~-#wu{Z_S^=MKkx+>K=EN z@9Oh&A9BKd!$q+1=#Z6hxY{%czBn!YkkrCL+JpRQI>B(PwftVY6G8O1rN#jTV$FOi zsNAje%iAPQTv`6z!9;d>8Z~C3;zuxdU0f6uv2X;EuZt>RZ6(>GS&ccZ)2(*!@*R0> zCjlK2Gdp65-`V?j-MkJtEhzJaHgUYXIu=Ej^+v+EX`?OE*P_V zB6XHuYtjulmJJvjX0|*R`D#(r|4_U8c}Y1_me=M`bmn#NZqtgo60%Qz6tOhd^z7f&gX zAaI@C1|zkFtCbf>YNrUfCvDHcXf?{K^=tinqp{DdoQ~5bI41O!9Ir&sR^LFQF0?&* zIQY(GiPXiYZjBlXqM)fHU@FX*C$n+l?6>vV%AGLn!^0SJcvx?wG{HkyUVYQT6OUnD zRHfAZ#@~B1BuwDjiiOTGL-V)s$?+B1jHrb(2)3oW(b_&g;b#di14e|D%c!HdhROoW zFqazPq&qw3#!j#^gZat>%J|#{a?sbpS;lPuYX9P5IzZc}AMQ+>Yl4Q`#xP-<)^418 zv5dp^F&P`CoP%xZ1$&~PIklrua z&aNA(jzLZZ@$jQ6ai2%jx>L^XE|%0&%5~A8eq~JfB+tzJV)0sv^-Au=M`Oo!?p0rR z(7EdNMpc&koG)}v1v%i&;a_QoD_7bmNke2Rgv%kdg8VYfL#l3Fwv-}J+l`W|-2D?L zcMD;BtRy(Q{T$~!-|N%Yk=>(ou`ZyFQV~@z2hk^WiXq|fIlG$X7X}>9yG?_ONx9V5 za!$g2Cs(}chqSMUU2+1|`~@Eju^ItTX3{2!n3=2{Ds{gUPrZ+(+_Omjk0z&Q6gSTR z9LzUl#8bP<4Emag4*?70#B10->60rO94D&AY1CR_93DDs;|yyW_Hh ze(Rmb@MqgM*wozZI%dzZZYk8LGOipHB_E2oQV#gbrA3w6h>od2s7M+#!_iZG4 zD|zom$vCkp#Qj7&y@tD=*mAgJYw8#08RLAU7-zIrLjvs?^6B6oU>$pL*6?|Z2B@#Q z{mx#kYX47*HPt|nmUwfhE1EnPA^iB1QwMeB4n$6V9)CKbThA6xeVY7j+GMO|^K57x1WsC8aJYp-E zj5Tl#Z!@be*aA7y+$;EEMHK0qIkgr-m@WAui*I?~uA><9b$96Hq6W*2$z1;{>me6} z6il)G#a_e1(6qe!@~6BIlU^TGjp-I4$DNa2W9uY4jEbK?o-KwBsc%CXj0sxoNA|B1t^;;& zW7InMiqfTOY2`O$L7F#y7?NzX=F}z~l&C2YobvU`bk*TL`qP9P~yLstMgsfX? z=Ffqq6Y!jf)nq@L=GR}*5k}%TOZ>j=3+Hf0QEAtg&-Dl#FO#0gN;wQs77~30!8X3P zzAwi`i>C(qm2w#XM6&13S?L7UoE*E_Fv}KqrO2V@&X0D0ds|5@RUL9HAf|^9QxRf3 zL}uW`roz~Ux(YTt0q)3|hPfMVBpx~p_a5TtqGUbq0;F$rJ7iH!VRMW=Mq3f}x$JXG zQ)H5-m}~Fs*~}e~q_Nfop-FXt;k_XI{3O5L1@cfCg=4U&*M_j^Rb^jy9(cFGYhJs%?@YrQzlx` zV!Z|(v(PUz2!-EVl}PO zKjOMWe7OW5Dx)>Uf=+M7V6PgRLsl<3Kr~=xU6fcd)tCL9R2Spf8RH&F;;{<~tDT;Q zwR$;~iofJeF=R7O0^Y&UU=x^x`hZ<&vRSb*Z_-4uxLagjz&znMBqmO?D`Rp$S7Geb zca>ygiE1-cUG!n$x;-N00CLr4R5EJycEwp^TYa*dZ~WzH_z6X0J;bdc%4vGHo7Vai z_z_#GmE>s=AV044 zQ|X7FArpxdJ;5dzbyOFNgwQYh|Na($2KR>u_WZq1;GY_mdLrfv4z}%kq_lWVMn^9_ ztvXt3r5(-1lzyHufOFD)jF687OqrvHj?*^|ur8tPS?OOP@Cpp{Ss%{()L=dcvv^9V zMK(PoE@9r(v9_-JA}IfcWeNlX08JBwmOPNW~L#c>ynAM@FPg&6H?oY|ZXYFQ@ z)>_;6a|t)zihDf3tE&Fp3pfJ3pUOa9wx_2ADxAV6ipTxK&(%mPP%Dls8OH6VsxeP% zpChbhjP-J%Pte#u9vvi?xX`#2t^hoitaq+)=eGL5DXt`#>C~AMXiwd~>v2ui0n#+lG(@dHWUv{A#W&)$hOxq@aMQ zlv1UUCdASPGb(YZ(~^tYY1{_ywW7|cP6|)RFu3O@O(BQHpYRP}Uk+ry%Rpi;AO-P& zy4&m*N^Ld|TigsrUO;3G*>^@91)}10e9IF1QM=9kiPo4by4Y!-`?#NkhO=<~Oe)7$ znIqoI=U`YSB9Z22OnP7wKNbKRKi70;y& zMiRQ>^33FN&7guizK-YZ@D7L|Kh>22OfbvW+lmzv@N+1>Vn_?q@ZfKM0Rkb95e>c794Ss zZ)oHHoF_y87`{EC%F@KQ!TYzP85V#VXqJ+z%J?mxKhFPea{{C8`7xsy5|OY`wT?RE z5_gx{8}QyqI{ITLqmn1##!;q7D2xdQKY1WJR@Pe$t$m}j3Y)2zoji1MkqD27rY1L) z=qR0YwjqT!zHS%03b$!ETGu2%(uEve>psV_zc`BzD9e``!w&@@SOxpP$53^-ui_MW zy1i*qj-YQxpl~k!91IG99~}V_8W!ES?!4ZMw>iH=MAVhrX9oa6VrV<>o^JDUtLI5z zwbrajU%L2PZ*Zn!c5`#R)yJ$rx?}J%y$T1+IS3=1lkKG#O8XnL1{7>ObTZB&g|c@Y z-{))(+k=hz9Vu7k%Xt9x^1wHZ5Rch}B*C*})v5#}B62<$UrF1DhDv z39$WnEjM<#DL`&^B)@eUM*@%$N346=tt5yTgCC^kkIS ze*hvrSeft1Q=r$YiyLKU&}KDZR6WqbPqQe_2b|8%Q+b)7>>dr>`vzY?A&n;Uspb_{ zJfC0YtL)$11OvXTQOA8~nxf%c}g_a zmBor#{AJi<>8QlH0fzZNi;4wZVzj!I#RYO^P0<`{Z6UU!;v`m)I>pt-ifOO?NS>uf z@pzdi*d*3H=CX!%bDxsxp-&&YnMnQ8P};%+gKBEfa}YTZ1De~IqC3V{6TB`aeYM= zD~2lJTBdqH!R6iB-ZR{14>$8`zWe;bKGu33x}EK?j$6!u#!0|?z2vH*0O!HV!*g}j zhpbWT*~{F1If3$!GR%U*2~{OUq>n5)HvXle_g0wit$6uW>K>mquD26ErErmGNK(Du zKJ=%$w4b@rZxw#hrx*6->zOX&EMz)5@+C zOm^2Onq|#ncl;I$H0Uia!_59)OT^yE+r)UnJ8%Pl@YG5P_}KD2DO5e3x2{}F#o2Gw zzoJP_@ihqT(oUvR!Let>lE-c3K#va(EQ;jG-?w(KC9FX=7$ zEigCpJ>dH?R1^%*lLq#T7w?yzR}dySPN@3}T5c?iPs@s;eLNM96hWS>gfZjS@nr|& zqt==D99*lXP0DOE2)*xwIDdTezs-uFk1>1ZHLVJLrk z+QN|tjLo_I1`)w4pKk4uD=$g4R5OtZbm8aVAt9?s;=Om8BpwfY7(*C#M*OsnSl{A( zb{O?w(P`Wly<_A*4gY8$4ISsT_P9sRZT!*)y|?A44mG_JR8++^h_^SsyULTD!`hukTS6dGXVCc3$- z&}&x6`$o(FyGJv>@Aa{V>B(CO5UFt^l5ZL6JTY(qB zK%cK9pJ_hzmf!s@+tu*$r{RwU@kgTjT!*W8LDA`I2X zQu)c_J;mh}_W2fMbwSeSOGqEZM)S%Rd*!AqiI)p)@si1+-s$TS^%#8*OD>mew#;m8 zI{`uNTR01IKv{^^mNX~cGoO)xWTSSja|+GiYuZc7zTrrl0w+WjzP-2DZP1*@hx|&( z+dZ-(UMI8s(y(^`g&;1YFrO1yk7z5N)$FE+@XosNjeq*=s5$>Sdn5lOB$}6If(b(> z2@oOU3Eft0wKdAPeJu5SDG5fC?!>yl71U_Bs^9roIWYNr@LQ^BR+ba%x8_cLThL?Jqqs~xP&b_vXV_;$a|#2`KEu>&I@)yB<}MSn>;mOA zE)54=W!eat*5}bhm}2D`S`@t!}9>pL;~BIi=Pc%So#o>$twDy=M(w- zT$AtHOR=$;@7^FB{WON1J??F%zWF$i>K)$6hd&=lv=(8#cCv}3#1R+**y3O7fFwDJ zhpcC^?YQGTKlmBHOE!!Hcjs08EKPXC+1Kkr-3r~W&`1Nm+>lxgX-m7XI(6Dhsa}s< zcA@sxk!&hZb^rZ2Qonh)g6E=@(F)!pG>V;ZO5QKj^U-Z3db!- zZ`T$gv#~Hx5wjm1`dkAgzI?z}GR*y|sKHz`b616!yC6_B#S~xRk}LK}s^)U8$6%Uq zBV24GthK@gddXQZW^tiH>=>7eZh5ka`ZZ&RrytJaqggicQgmX(ga?w?o0L*+whQ=+X~ zP$&4C6ryaJUsvUy%a^emN30W|BwQUlXULIFUI#(LmE75#5ZYdW)%(8bAQMP-Lz9ei z1m^w0qJ*aOg&|Z&2*${*y^$hKA9^!2@t{i2W&~iMZ65^ISJS$W zXexIv!i#x^dHQm(@DsadTM$Jo{U28j6rc60;U4{AHss^n0sAfuCw*_8$0m$X+_XVa z-V4sVhe0RL=ULO?f-;i)S+Z8b)^MjuqIjt0uH>UVH|~h}e9o1_ojjA*G^tfBV6qp- z^}R1s%6PA-t9K8hrf?$&O*df@*u2i_;R^BYS~-Vb^9blD7va2ks^wWoc|h6w{8yXM zE1bfdaqjpTVGl>C@maq3gSFc`3-XFZl6mkp1G)K8T?6*ULzhODhVT=|g-w`njP%z8 zP$}{ZMf!1r?K%@k)}D z@iX5!&m&vkIB2T?v5DFva?=Z-=8YEUlk?YS&J?|si^L%SFJOF;uk-5XIz52L-3{KV z68pwg^3$3OJYV^;hu58Tklp`yYSD|33DC~*KZ>aE9OKUXmON$iFaqlb%~;bX;|`4d zC0@f8q6Q`5KeFcvN9w;L2qQi$=ad>&-@RJmG@Sdy!qT1KtfkDJx%FK@BTQLgv6iy# zu>5-_FZI)}ZAd+bk65v^7l1Jq*l&T^RO&VhV0~L@wGM?&%dCJ9{uQ}4_Ahe5rqIM7 znj0i*E2gTQdpX*GubbceEOr}UQ)zFh;gUfK%h@E&ek;hA z$Bk=L?;j~#tuc|3EWQc}2sgOaXqXh+2_m<54(HubU2Mj1o-ZzaEdA`>zj--%>=r5O zh?;}TN6F8J1;MUc$=t5lL}O~|Noc7=CC5U0EU}-P#D(ja!=DxHO zj)C%+n;I@5FWX;UjV^ty%E17t1^`xb02gCC2@YK>>09P_wfNTlx4zrH6VxnVOXRcK$S?4qBq4d^oR6%LH67a-6J z9-TeKcPIQotO!`xtNPP$@Z3t02)6V$8kNj>b)!=l0g&O!!`r>OmxNr1RJ3oyFYCWL zJ$3(5`rm3muIt)z{u+kvQRwEv6n%vxYf-OIIoENmLa|$4WPf6|U5ckWT(!gv-q-lT zTP*bpO2O^2b0qBT(oZcK$iBn=U2q-&e#P~fwfr1%)H39ucOgXR=jgB>HvMhm{R7i- z>Zjqf%{J{i2f7q9pR}*G{5mROtM`+Ij-of!`NyEPYM?*e?T~TPJgJ1@7{EH zq55oB~sII^lcL%B9+1nuK#?`VV!&Ce-9 zZ;TH9Xj++`nMr1kYbYFMV8OypPjV?@Ek9?Zzmt8ceHBE!%5wiLp1EXx$Uou5tO#0| zUUo7AE)2`^_;M1@(#)g%LrP0ORp-l#yW~gFco{8ix&Ri&+j2^-*s|dB?b+^IQBMp* z6IDTW{7SjI%vVHLdfHbmD(JHqRJ6Rkw(4u%$D$q5i0!Pf4ws|0f3{G-q~~l0 zq2umLwRI0mJV5y6t=9Tx2f1>Z))C!4B?ziUT=41*EIdf_q)i#qPF6VfIl4Z^6TU)8`)dqiqhLA%Olwhx-w?$tkHo_!U zoWy>j&dSHjql4#UrZ$!9=A(jCMc#aAWw*o~Ro$rid+gos@BbVWr#C4AMm|=C65;N! z_e5t(;hwJhm|?e9{hYQsA-c~tnsPTHmhb8gYc|h85^D5Ztz3j89~di^em90;J=xNKVW0uqoXq^oa+A zwQ7E%dGnlplI}WHChhUONXgs1yj)r6FnS7f+E?)u*YeIJd6r=r-4$e=v*l!16Mza> z;(+DwaF_3wbC%$#r%+r5oF^N@aeBksmFUOYn$LouxZ6Qn6$Ho3=rm&3u`0T=<9Ip1 zQ4HN$5{V-&(DhFK?Xx=y>#7&8-lnl;8t^V6d(d==k9HGxDT+HkdOPDAX-mwSj=Mj; zscKj}nY}Q8ND5d4=r!rV^wKeA-ua16FQ@$y*F=)%m!83@qfj$ipI%tgpyGAtR3~SdRQ0?4!%-oi4A53EkBi0j7^#v ziU>t>#k5r|tP7+q>6aKcH)~`+14|i;Y?3cm_%~*K-gaG0!dl#eOa(P^-|oBn96EP8 z8a9|qCpc8cmX+?Ejq=RdKQnD^QD54ljUI10{u>NI=kRVs!=a-N3N{0?RwgS*=ni9m zA5MT`3{u-uEIG36Gz1eyh|l4Ref3IRS}`nQ&DT)Ap#Y3;nH4AddBl?CBEwV5!(l!@ zf^Aw$M#7f=R?%jxBMR#5LWf&8e&n%uJ;R+L^3h)hb)QPknh;b`WAu&sNoOopm^j4A z80`1vJ2LLfDEJ>4fWo?aGS&zmW4Av>OXSt}&@ma*GpQc}*7w2+m~}KjDvn36<@aT} z)a_AwSp`#7l_%`fJT2Bg$L5bK1uNf)&0>9GN(1xBt@OAEvw{t(-;;hFBQj1f-Z325 zgq`n7ku)rKNmiuqY*wmp**jx+adPW;kK%F%DdsC^%{BeLGL1?l9eL+*_#yC7+CJZ( z_y({mhSp4D0JZgNHGQmfE8~1Pn`OG5-1G}4WYx#Ab#x$YK#O}393nZ3E8Bt1WQMJs zzQiZz@pReCnoESxQCmK5B-`e^KJA)sc)<@p3u%@%>EyM5dJ36I_}U+~OEtlbWjIqI zjgQT2@pEA1+E@vJr+85GFs{PbM$1Qum zWv9!gdR0dNpPW2*V|Un?*;= zq`X3xLYnKNABMHg#y+SPE<{>x?*(XB))b>Mkxw7Aq6a--Tj{pxUQ{li!@Uc*+A zG28ci@SWh6vT<2*88*=qG@8FiGpCMQurfB$*lN^i zokDDA^i{Tw)k{UF?v^`xMwH^VRx?(cV?=3wA!8^AQoF+tp;UonKXCTwar05h@8DXm z%DZvS$YGB8?x;yZloQLH5FtO_XS>;&o@jpilAP>Vq=8vCp!8S$HYE1QnT6=(Xx-G} zJqIJ=L%gL|i43cjm12jOwo*>iGWJs91I^@xh5Q_RjW;Zfb5dQfqZ~MoQ8jXldX!&^ z`1D$oQuri5+%OF)}mvOH3Jnm7Pmn6{XccVgtX17S(2 zXdpM@7M!)eVTKqoEB{(@4&i(RLZ^=EJA<7n<#TZ;1iS-8eLE9osl=leZGck98Gb5| zJOk66`x~KVVvB9|^Oc_Hf0B1st~#xx{`sc|6pF>o&m+E%e0d^*p<=;gMjEal*}Qn6Lx5P)?l1qaW$@BW;SUhB-MMl6zay0SAj#FVDpJW{Cj+F zGMH-)A0zD&FDq}NodSQ=(tM5e?84aXG(E;m?yYrbND zo4;s8E)d=Dp9@6NFKM7V`7|Hi$IQFxnA|kJ-mYh#ri(&$cFB%Wq`urU=Ws=EPte`A zncU*WczX%IYBTPV0%T8OXUpBaN(%zw4fP0<3#s?M$&F^}3LsKR6 ziQs6ff9bspBG>p;CAw5OxV387xg`2xU&>yy<*^7EXM~I({?iK1wbJ}n(iv{e3F7*E zKZ4+h#+4e7C?uUeEPpHl7Vh@xmGza2pGBs_pRY~TU6?soY#AG?Mk~^B5*aG8aahB* zPgp152_p-vQlbnhW0B1xMVD=21wUuPbz(;jIV2;F01~6f$oos`nU_OQ)d6-)>o!afw}{vThmoUSoi|_j_5)@ zyKjG7tV#8Q0vHzy>ainA18kt*sY-Sfm9xZt%i#N5j{(WIPWj2_U-EdXaL1syS4prE z`DgeEY$fh5ex@N9kzHug+b?eqEycra2wZ}7&n0f2tP-}(mzj%n(yvAUD~sU zgV1sH>xmVd^B?d5p=%V+zkp{nt@@!iZGyg1_JOGOl)jUuo{8EETboSS&`lKRgWcgh zkc|D^(hjzF7>L5H@#&!zIMNJ|n>pdtn)A^eVs6O53)7Rly} z09iesQw7WeJ{QD+gzdf>jk~unNrFGS%Q5b`zRulMLM`>zSVO zN$g)0N@(Md$qA)=N!wAI;JASA5+Q^u)7jxj|8L%q`G@4XX36XS#D)I?Z9Kn+Qa*Cd zOk}>R8&cwMw-Ilg@EHkw%+)jfZ`3bW1>HwIQRJ&H@*nPz?nLQajA1K#aa6zJmlkqA ze9ytR|Dj^?Wd8d-C99td|Mz>6Li^xS5+OEuGm;m-?sLcQ!Sd2bYE_3vT+8)cNq z_)8PABH>8=pF#fzXGPCh;xGP~!&CD=aOMB?z<>r!!@eKW3daAxuqAq+wjA_pjmLlJ z{SVmtzYk&G(U7dPq7NaJ0$QoEag2l|WzkIM?usr9tb#I}VoX}{=dn_SP+Q1ml{+e|@!&&%~VJ zie8IGsMz|X8PR@poo^|i#>{m~;P3pq>CmfoDI4|AVst+aJE`R!REi_kam;d``}SNU zSUTUsN3)B$FJkx+nzmihJJuAe!)OR&X5wwvxvDH=8T@T(Gu$GH<9AZ7cJkP}wOevZ5(x6B77< zZPPb!tcawO60jFaos;2W_ftWS+O)>(74Zk~1vXYKcARl9 ziGGxiq##%&!0}|mkTlJXPEJLaR(e`sZggneO-ih^+&PN=eTibAXN&4SfTbT_HKoT@ zDL%p>P~R*0Xf32$&PF_*a40^xs>o|fh)=f|PdOR>!Ky7=euHbQb`lKx^N;c`W5Tn7NrUK)k-sDHPmVDum zV#^LvB_<8s5skiyfOTWTJf9Ox;##xi>io`^u*{B_BJ}pbqq!j3?+3zM1VNe~CT&;t z20=+yMAvyQcG%7V-tU%td%s)SiB8B~sucXX)oZ200d)*VIj6Ys)$LGpe$!nBZAA zw(02Do9g_+J0Ur@_o4q2>0xP^OQ*tU*#<;}7vKi0&Lf9i)3TH~CSkh@FcPcs1C(S` zzZ_NC2CrT6y~uyY={Z&V9Aa#hAOSQ9S~~z1VZhXam{us2M6`-gx*0U~my|Y8n5>^4HaC*9jj#@*n#i&EvkXCFu02;4@fg8OM0e)El9k z_h(mAK4~>Rd6F?r`vLFQNc*=?gxAMlpT;Yby5ZA*x`WzCF#P|=lN&rE$FsUgOZH&o z;54$&OO;bNuT9yV6@zRy!(gHA;L5`6a7(W%)cwc#BSX@O~DGcY1*e+=6a>WR0 z8}vg%{*8tioi*<4z;E-7y`MoMFVRffgO<1RGjwxtmtg^{V+%NPmuX&i9QPfdxVOs|{AM$&m&d8QtG6~vaZMu>K08^1PnF6%{r zwr^TYb)IOeQ>L&?n>qSf$cd!fV!5BbwI(4HzL zee-s~L`2d!?S<|z%-X5Hu~Mu3J~=*MBEbLf>;o%HRVp`2*7cpm7b@xm!K}}8=ib={ zJ*WmB+7mA$oqMVJotJ~|sTIpA(KKQb>Mn(e>N51-i3~o@Gp0Ox@ey5$N;Ll<%ouJu zfA{81nA-f;H(~q+{)%-Z%<}eel8IuerA2V+=>h+ z$@UnRKw@xBcW^o5P00-h-kYZe=O_mZU3DFpJSA_h^PxFUb23Rt>r{OGwnz{O*TKNw+?3VE2_$?~Rf&I=D8p7;inTWK1+) zSJ_MWWw9dd*^jbsnG6a2fV7QvT-(;aF-3#e$*Dx zE`l{FQKEtn%KVKd1#O~LQRWe5K4URA)hZ)f*|of z+|xmI-X0!(uaf(@kQQE}5%6G}@+RUg=G8??XM*Qmr8jLQsmd6e%)sdZlrB%bP1m!DIEM5}AS#4vbb!ggLUTfF|I+=V%c8`a6KakwHH zEc2Be69i><{@8j?rs4=d?i=4U$gPG;adYP^BWC7#|Rys|mB(AsIQg<&&$%{xtOWE6xy@dVYnT+2A*e3?Ht%Drxn8gD%S+qq6I7F<++& zF>t`0dmSqR@1B$hK$;58YvB?P75kTTc`Vr8><@xI-_-9U39S^|Xe^_Sj}pCesM7EI zEOZ9~7*mX3!*x1An14`iU7V<`1^m^36|?Bj5McVjbO~WYYxM&Nt^I-I({VE6u``EH zk?cU5wi3BZ$EQfZ?kWy%b^AUxzfvby=7$F7uqRTkZEH8ck5QqGS)=q_1%5&`CoUdV ze*&w^C+Z)^5i6v}IQ4%3F;_+!8?9ZN;Jy&?u0fOYy%apc{ckoBv8@~*`6Uo}X>BKOi}7sl`I za`*fjyHvDuGVfa9j8e$HLLr5Zx@knA4<5EX4ZBEapVm>-RDU9!JN#@SaxcO7?PU^j zm9uJr^qh7U`1$&zog*w?RMvU_St8Yamw!Sv9u_fcI-#$@;4>w{2UT6L`L|6A#_vKd ze_v}8rbu1{pIfR;B!@ujS`}uIFBg$U4B*GL{;$c}faf3==V`mZAF{o!ni~?eAAA8H ze}Vc}!5MvBhge>#L!vham1^E!sK~dA=~5TiA<$;pZjCFpD)`vz>nB~~0ZXY!N!VzL z56DqZxo9HplyGTI*{_E9rU|TtO^Mi4>bbr;qk=;5flvwO!uN(d?1u-a$z(`)9?l_6 zFo@KLCrQo+@()rp!5o+xZS92H)NPUb+AV#O{ z{iTkO$sjlVBvBmT%B#Y`UB&W;bS+(jUSRK$*&|!M)XAb z0j6=P^u4Krabs}`6($jjDCRYNN__{zf=U6QMi5JdkQSXCr7SgR9HD7zS((@oF_+gBpjV3cb4|`^6EwSqyQJ1bhoQ32)9cWm6D#xJ~eCX z=NZsj^_CM8ossPyH%(?aTaO;Ol`ZDttZ~tGNp0xsm!jJpQqq3W62_{1l)uz??>)8u zY^4+3n=~9JqJ0Spa(7ABeqExSlJ^d5SDK~BGey2P!EPQ}v&a5*rba+~YbSGC*7mhK zLxM?-f$2d6OXJnPWoFIUT6x#JvfLd1Pf7^gSei(;1^zp^f*?s)1cqP1GJJnA#YgRj zJT~(n*{Z ze||Ua-l!seEF<1^>9PVO5sw&*=D4X$XnuRXxVB4cl>|ygqC5S9WglP??LU18N4-3F z+L#|p6e``!kSnbP^FSiXR&RtCv5e&8IyT?GC;Vu1HSO|f@TrzA;V})1;0M>K!J#Ug zM;|+&*DWJVhi>sI#XAEKpGh(6pu^;%*q4(o6- zJ!|Xj$(Sqh60}0Em3Gde$QWB?v=t^Ui-XU$;lhF94{6Y8-GC7z@!o$|je`L8K2rflpE8(Og zr+A#_CpgWGH^QRqS^8kKjoX$_bya#%?>YDJir8H6>aX9i4dF?sH)oLtpM8lf*k{UZH767c* zC_}Q){=%vjx0R2$cs}aucJ}C%QylWs{bYb9naeVC^)(KykBMYkt`^a3K#hP|%J2)7NXt^Bo)6t$xCKLB?Y!L;o%L+((^ts+- z^b1@L!HBo|LHv}T@}=F80j?7ilJP+qR3>Am-Ko46;uq>)?|vsZ;SM4@1LwBBi^C#9 zUj_9M&O+Y^MX+?QeO0(cI)gqF9z5QNza&KcF9b^ zM~uXyrKjv&_nY|+Qu;-goc}UN;)mP>o>A8M-_iCcikTs=Yys?o^_=A=ZXm+aG+gxf zT@d0*Za=>t`JsvZufH&KU=@HCN8_{%{!DM*1n5uEnD+GdKKOdI>sC7Lz}BP58k=S% zQ(xj_io%(*4&y?TsacG zl3QW8q>6mUg?X#KaeUylAj#=JLR>U7BaWx+dXfciA5CY!N_YCYoDP3CRm*U|*@aR1zAV#h;XV}ZRDf6Toh~D(|x(@A{!jiBL4A8C?_EyX_ z>&Wr6i$8WqKy*sB%SBf~;?%Y=eHs%~nC>TkMYaXwCLgWtIngFG`joMUwpj~oD@<>& zHigPty@O3jO8#0G?-HDf!emy?@xkhmrENcZ-gQxPE{MCsS3MInhswaiIpx_NzLiW8 z3(4~EH7YJD&P%qvNYsS4a_Q`4a+Nu|x7Qn`P%D#Um!qTD=Q(0+GaY;`E5~NGJ$58F zkKUqsHz<|U#~X7Q)Y|AsD+T=NhRwXgsN5E1c3YlF_k|_5ukha}Tvi$#$z!t4QDPU{ zaqTf%)a+-WquojP%DM@&`Gks-URF4jy0Q^7E|?jQc$&0%Gl{3iGh)(0=Y`Vk$}_d( zW0RSnH#Hc4KtK4~?Ya&B@U;tBEd3_++o z0NXW%y#dmpxAz2PmMPLCe)+)pwEKjGk@%;w`Hs#nZJ9v#ev{+&24k zx5YnwoYBO7&ws}G5slV!So{mb`s)3jmv`ikYfpEL02urldJ|NA#VfW%`eyXg$$opE z2zaR>utDz#udgp;p`<7!rbRr@CZ64=CVjVNUG=uWN_++}EpX}q%LCVjD(ii-z7pv2 zNYG&3li0QqT`S4*u_f}i+Zi)k+8d{`Y7jTe!X)Y(u8HfoA%5!j%j6V+x}XqbYDw=$ zU;a$sA1)ByZ;gRH@J-JY`*ip?YJzEwKZjhTD6{Lm z9uWL~CAnky6Md~wkcxReIw`o*)If$mz z#0xyaha#f@5b|cGNX4G`lswJ%WC$dF-}7t_uNjpIURpg}YrC(OwAM5u_Z1YmQTk!y zxiHmnxn*O2^fwU&=AyLHxNf+n=^`s%CMw=Dm4guj`)z)_rAIpvPaVwBF4Z=BH5MVX zB0`_A9Ns#G7}x+LJwE0>e9|q0x&*G2#NK29UlG0;=kIK?GRpXTL>2PUfzA~KI;h^a z<@Arc0zjhSsLM#dnN%GKB_9cWl9ad8&uF2_%AI`}sqZ+;*Y1Z!fsWUq-H4`Uq@V+> zM^NC9mFSB22?sd$MB-EVLH841SP#j%evLwVG^H5`$V1Y?po`lxnt18WK=h| z?oWtMUv2k_kwgow{l&aS&Jxi>CieDsU+K!OhFwr+2Ebk{40};IwX))?F*@VgmE+9D zI(^rn-tm;Hf&R6{&G(}L52tnP#{!~K_5hM~W5L%wIBEoAzq^!VP;R9VWG%Zn{E6^% zYCV;W?xQgA9So0}{xM%}5w(J$O7aJfomw=yz~f^l5cwV&l+UrX;coTXhg#mK=R+`{ z+W}_+2b@tz*=}*_v3STMvX0&Tp0G)|eiy{eS=f~!6dVkV;GHubnSIqsF9MQlkywG- z5vmK#hHsYzYDEwM$mtJ#ONi|ec6JTWfIEGK?*CyO|<5O1YhEHz4jA*>@11<9-y;ldZH1nDM*5 zJ18%+(jC$wR z-|ucEhtn?8wbrwjoztFT5wK^aGR*saL%kOfXf&Itot~5<)@of;2^;f{v)lw!FQd1a zHeLSFB|$)2P0`Xj=e6*_r$Zc0zQzu0A}))+pw}xEeUBuDQ0MDIo&!_P(<3xi!P!TP z4N|^2??`t1P3;H1V7fWKh)FZ^?VG$|@z3#uJpF~7hA_>GIcv7ASO{4r8Pz<(e>{n3 z84a(Mk0bjDKQ0YwHPSHG=l_)pFb&BN0)wvztqI-cWV#A5xKN}9n!%No6nJqQa8{j6zEKIm{f zx0bqNpHSsm*N-CK-r5#;E(iKo5RX=hfM?yp6DF2}WPde8h<;+dqbK@35jN})Tcou6)Vb*bbRHh7Z@I@=NQ?6FTG4ZOfjIl43kyKb*+W6L`T?$+g4*| z*cyhaMSnG)BR!1wkVn5JNufb(@V}=B&FAQ0p3Culz(MO1`IGabNsv6=q0@D)lS8ZH zqO=$qRyVX+DuYwabv5H7x-PzN_3JG*b5dC8snglY4yjc6)Knv{9W^AOJ?)KttG;mV zn{Kyor{CRu4*4I+jd(1+8~e>ji#Z#0&3zj34Ga)Zjz{uV9Ho!jidk5x>{Pyi*y+(p zpc(I0g)Af%&^dbaY;iE1P>-JK|Fgg>-@3mC7hP;Q^ew$|acV&MR~P4sx1GK9F_K*L zhC0-a-~0PzS_nHR7a>kK_ciWeycH{THKS*+Z+J_|8VV^=YaX}5(-5ca(A6gA;nkVE zKfUYV8prygMj*7PNbG}`Lqh6>FVpA+@0!*e$i&11Y%S-U;NGOaG4SLc)p!|-ZeAC7 zA@}tkp~%XbWd(Rvt~NCfQ(_a~H_8Ug3F(3}@1x&ap7`1h?{exl8V3;0%X$E<7l5x_ zpW>q@L{Eq*(Qk5j;If^VQ}|DUlsYU5G<@{X2iLSK2!QZOKS^drH1iQcT-hp4`nCk(FWyOki`(v+ zY(iw&?p$F#;$H3{OPx2N(B-8T303-LghikB{CT3432npF6s@46G?yXtDl(}`)x6Df z7)i}H-{gM<2(|&n(HU6p(Ta2z``uk!wl+b<%^u%%wVb zJ}tm#K+x|8V#|JIil2hp&)A{*pTv-vYH;sw&1&sg*Alh)=`>r;V>W6BE~&vzrSZU( z8~T)!EauoM?pDr#vqye4OHJb!C9Te$%Qz+pte|11KgBD8R_|J~Av@x|!>vv};ZRL% z&LO>}5;4<8L#>R>u-W|FA9tGI7(A?=F~2qj|5bpE z;F&dxIYWC|%g#W4-H$ljpV0XUhAc^+uzBs$xQ zEDZZcdz7Cr@PDdj?iFuu*8OwLK~r(F?P}Auyr3*I$9~s*3_iPUoAUxXLsoN*OLWqg z>f?ZXyqb=m2Uls$bKdq1hVZNI@YkSBx(NPAW`6;H%i&t6M$(R*x7&qRF4y?1_2^Ch=)?p;b$+ypkmaL?k>jkC`2gu&<{ ztBPv_LaycAYx$ZVj^l-a)d~Bp0*;3xpvUvUT{+EHqm))341KzXwViElf{o9flGpLX zl&BZG9~zMbpf6W|crPTyp?S1T$3GR=TswD#OxF!Yn*TDX{F_o^!N&9@crMHS;W1jV zUtzGyQ3kYw1U57Pk|U{{4Xf4fhSZFfP^Wo1x?3H+d5U>AbBwcd!_xz59WHiJAq8pk zSvm;sJpgziECSm{@7O9NU{TZ11la$gYK?-{9)`SCcbEI{beY7(NzEyJ${Si24&CBt znKC)z!HB0!Bqs~lK9Ll(vZeE(TD53+!Mq&d!K!s=Nui4l8@~lz{$^+zPL1d^=_2&^ zTRTnIHKaAMx_PPGXKCZA@a3((d+gn~wM)Iip4Bk|*UzPV$p#?e(SpCvUUZEvO$hql zAZ9Bh)z-Ia0v5*jQj;T^)=$)*)J3r)gnla3IyTE zeppKFrz3N221o)Wt@7VbG=+42`W5H7;|aifeIHUoV)Wjf5kA~yNWr4B(ON_uw6VOQ zdpI)J_Spamwk~V9x}!3LrgJ&g7IY9?!C5`FM)t;No*4}{R(F>@fmOLO&XG2{+*wss zT{!Tiuqdo>!4N#FY-ghhm3Hnfia58oeg#M8ICr1Drv%>bMm(%T9g{$gylmJ+K&c2H zVDEKr5{J^zgD+79iR`R)4Z#d+`V4$}HLiR(eFNVcdu@6{IpR#ybT0sKeyQY(=^ z$*Fg-e+-x4*UC|O3zVh9+a{VJZ5;DJuq!`JEZkA7C2|h?-iPT*oQG_ zRCBX98h~l>p~)s;YP^)QAt6WG3g$Qu?MwZA_kN*y=D6KGHg11yI4&4Jc=S-Ryk4LE z5PB1$Px31-K2_CyYnCQm_c1bd@lAUdz);r)bun|@UHkLkCpzz(C~UFSB`f};gnVDW z-hG-=NSUAa{Sp8+K4klo);B0- z?3mp_>BqDO;vUKT2YLSVckB3Jklcpe(kO5SxKBEm=YSQb>Iv`_5a($^Fe@+kO5uW# z){u(2!erEtliJF#L+EU*AH3kMM?Q3&vM5*m+Q{dY=q8gdazP{T&Dm|?OOHb2lgK^{ z1SKt$4tl*W9;_$&k;W8AE?`hO??K^#&#yE>Qi1 z;Dq)fp%sp(OOBZLhY6&^Q`I_M$DRZXkj_Y51H=i6TNJvba-@1u@{4429}hYvZayo* zg+#PiFHHSiQ#m|VcdCDwtoJ1mwqjQ0TA|LSikV8Tf3wO$IbFj2*nO}~p4=EeOX5WV zz#1bWyWNAURDoL~3}HQcHe8N)v9jez1@$ss*5gLRqZem9J zvs3+(&PeOh7}nVds|ea3PSMm{H~*Gi<>w{HI+8d=k@5JqaDc`@M0G(*I=*uO<+^9At*Lnsn%sCg{m6YGp^x;5 z_1?d0B?WD)%(nm@99kbE)6x!U+9898CRgZKXqZ2B$Qhg|U~t&08aY4s#{}-I$8wE? z+WFkFPRhRN4`vPW2}t-<1(Y#8pj&JmSQZe2-iu^@CJgd3d}CzjA{E%iG;rhS15N!l znP7}@mxPRnXx~iB$&hbd#N+^SK(w}2vxSrk&`%3mLne)*T(rg;wMF1fxjehhU z@UJXwu=x!-t~M5`grmGG-_mx-yDm1YD+)D-II zDlY7qZH#Hj*8y!IeEa^U3Bfl#%rid&k|Ui6;-o>#M}9&g}*!TS}eHgR9-GZruJ)d+!+!*V^_C>n#{H(Tz?dYLKWSq7y<8J%WhnqL0B4 zgy_9Qi71hX-g}7>M2|j7^xk50o;BF}+Sk3`5AUbv_k6g0TGpC%mg79?|2WQb>8QMk zL~&%A$JV!tCet-c(}-00YAL-pXSa-zUz>D4nIf1Q;alR|xY>b{zJ1rO8CO z)>ypHr!I?3_`&^1F7f0{cl%IG3(?5*$JUOf4I zoV+f>s>dSGJ+(B2>+!OKR+d4xBqh4GrLB@*ISSM=9OG|_3elWiVkD-Wr&P_y5TTs; zRIHo%Y9X4$ph5ZHYx$g@-IaWg7*>WrjZWbjj642JJSEYaIdiqRM!UgKa7Q7DmjdHu zsuDCuexn@Q_UkHT?5oL2gPA3d zT(XAzyl0l z+|IQR$Nw>(895XCuI5c)%Z0nMxvynHc3a(jr+j6DqngIp`o6|b9`C+}JoE3E*v#iS zYOaxUGYH%r5~^?O;_){c2@NqK7q4#ua;TFNO#QaAWyL=wcv%BE)&wNodut>9_~N;+ zUqt#IYl(=~R&t84iF@P?Yk9j@l*%zcp*5jMhW&m;*(dHPt1XQ4*neJpheWN=RT*r} z?%bFpVfTYP1(sh;$#Ix3r;w<5K}jdX973H^+W^`t4VGf|(|S6TE#>8rfer{wNbX0z_tEdtQ4QiJm;EraV8K*c z4rBZ&mx?B^tD;Dwlc|C@4irLGl>|=Yc#a0158pR-=Mpcn*KaD}KD9hwOdmNVa~&B; z@SuLbSk*tTxFze2%JR0bJk3;d;SGq^uheE|@1pjQ&3g@ZFAY1&fA74Ok5_W5mP1$O z<;!ZT8gWLaUn%^#19h)mJo>5^dqbVfyZ1dtilDXe;*15)`D;mD?oBCBqJ?rT^SbHo?c1miX4)-;pOmB1Q;@p7Q zepuO7JOao^BK$q8YuXwXC7$ohyxut-JnN}YS=q&__z`)ONdy(^HC)0+1h-5M;YIC0ixJ>u{hI)aJw835%6q9DX*FRzG_0vymjiQ+Xda2erxmi zvrpB~(DmV5e3mz|5o(fP8~A}`XW`C~hcHM`_No@&8!PX~nSzeQbUs&li2eS3r-JKT z{78#fDm%|A<#5`|=!6xeeBW;=TZ0PcBX5LuG9O&TIlL&Z`L(ts8P0R@Q&}F@LBwl8 zj+Y4g$y4{%fOi#dPO+3FZr7Rl8k6r<2L*4Itv1!w2G%pZ(@!7cWNkqppq6>z#U@&bEe{6wkT=5E*SP<&L*E>*SZb-6NA|fM4j~8 z_H_4mzr^h={MLsZ?1}l|4}FziiWx&Udjn0NaelQZ`qL?4d=sQ+?2LM2i$b$DAT!R4 zfjm0Mui=c7tgb)fVP$GCjx0wlGtWIb5e$V$NiJ%b_-VS)I^&GShk2d?%hJX6wqubW z;zu$@cv1b543f8x;fGAa7ZV~D09PSg^a#Nv8UvQ8P7tB|+fwA+_t>RZRdZ{A)!8x4XwZL?#;ZcC>yfrM z>`WG`d?tCiXl|+!-0)~A(xMaBv=;;MRmz?>wfBR>9doKzK6 zF5c{9-)I1HH(pPj>q|qS+=DT zTX1?%<<9)QhBmWz$Nr!?JPCq0w;2d_g4pj5vq;8Ud;}S-+J;utUtqv-`H4N8P@QT5^9$7s$}3lI%q_-JITCQ>{Y+nW)0h zy+ab-lOr=ev1yCSzPij@o*S_$gvdkKSsuuy-<_@Z(ddF>Jxbb-N*5(Z`l8ZmMB3$H zdc#U0o!z@jZ9NjW8}}Qgd!6dl+-YqeO|a$-fasYOCD$M!bmk3UFdLV;zN)*eRH9aqfe{VExSzk=f*)FfbVQI8_^Abg^y%+8N6C3f8VPf}q zI$%fTQr~W@0w`3F(V~C;wo>HjPOdf>C>E{zd$>_=wYPOSIhZHRM6hQR0c+l{; z;jmHZWGJx(GfP{dS=2V@%^8q5Ozy6Z1f}76PS#~l)Bp)mX~@GAHHiyQ20wN-`DI-&+QO7 zr6^~9pF%E`xkMX(s=oMB(Gw~+ePGEUwLH>s*c3WN7{uauAwuhygLviek(SA+KC6g{ zeyk^|Yd@7Me0XXJ)UY@bA}BuSj#xHAr}1KD>8hKG1NEq?#OLm^Tk{(|E8aVV6(1_cQ*_Wm13u9yPe>A$TOZ zd0RI71L~G&SfkJGz;mUBIFIy+udFZ$VIPK`okKKHWBnM#!9SJ>(uUS5uGPoOo&=6J zf$vGivsZ5D|s7 z`nKDvu$ZX+vCM90XI*YBM>`$@cvq0%GEzScP84s`3b7h;om ztOsW*8M6ejlGcylXo5lcgBk~VW1HxACWvXSc`A-u4qIt0wi0x+%eh zTv+1f-dDs|nN<3;vyEV|Bt*QxaVa~Oz2d>N^`uiOLNZSwl{_&s%R&Pc@YPN@8Y?e! zAJ84~b&J>yTvl@CVQteb=iQa50({8F(%|HWLq`6S^fzdzB-Hd{xO7@|muxnU<~5A; z<8^oX+=p%;Zf58*3Cviz5OArD#SFc~b)E@048gveqW3{$qoe16v1ApE)%PbQF7wO+ zM%KB#M#G-@g9bgc*^2EDocG~}>cp)C?x)|r7sm6!B)bd>4y@hFou;*_i{xaSSj!~u zv7~fF#QaR4U>F&2Z$6tXz8ZRh8kAT6wnhEY&p?xU_h<%`#9Ocd5?@kIxZsP*AOZQH zbQwI){fyVivxAV=NgdvMD+&``oc-gSbh?Hn)78(=rIme|M5}1R^q@vzs1zLwSs7LQc9(9LjBhvpg%1dTsA(aJZF-G54-9h%>!F-N|qWgj=x30Hmp`+E>&)A^e)YuW`J4r-~&a6{N1Fs(tP z;gR;SAiLJM`5?~gGFi(mQ6pi~^vl$!iD$#j-dmdy#QD`9?(sm!w-Z#lazAxqPQ`nq zuFSt*3dKYAeuz2ubgj1tIXfKR(SA|oJ^VCopK#UwaJzox@ekoE+CnN=B2M&6Cq8~` zz9e*CEPieAmno0^J4N_1$=u%Z;XI%(!WqT!M9PEFQoo=_Y<78L)OWw2N8DvBSE>?u{c9qYt@a^ z<;BMpQ*q9DW91_ZN%~e|2XxEZ9-CvXjZxx{#P2{e|ApWj|=_cev5wJbNdwwrABYl60+ef>uvJG-57Zz zGSOHsVdJEg#vb^XK5<*v4dx7s-eAGqFTW8+Lt!s5Iru%4xc~cW`B*LU`d4jW+SzvI zD^Y@P%7H83;fPRz{j2mekJ|GF-~%P!#?0k);<4fD#P?VYdcvIwd>9z2YK&7>P{;rJR?LcMtg;+#Kh zevp(b>AYz-X*1!v0eUPoiP&#&U3j)Ok`uVGSIjjt9r&2a+SM&(5cnK0VY%9e4|o}z zkGJ-zFivXQFBav8M>F;lp~$882SGB{s~z>_nc4gsJEomBvuzT{Zn23CQ47JAz?*sF zL(Bb4bG_9YP@BOpm~^Cv8+C*IIj7h!Q;vI;Po$SFW*q#!wH+J3jM^DZSgY|&ZU!UKtrTcLfGye8v>*Zz zVk(^gTjqGBX)R$GI>&tGU0vm$O{*stxOT#g?5Nf2Pv%9T=I*fPPam{m zvU#<3-HM+xpl$#*DMD>^Q_fEPL(9v&(zHM;2JlM`QIy8xrH~2t0jnp z5rJ^=Q$6O`S`zlkz<>}ojdLAagjIWZZlU~=4KdlP@_-$`<58gYLfQO8T4&vyO8xY0 z`_$xX=mD@%aq?uwYAKv>_03w#S5>)K_55vch_cnexavhk^RVrdslYqWKQSL&sw%b| z8MSx+G=DSExZENJ*t87xzTz~~CpyW0>(uSG@kgLPLkg2{@;VN^xxs@f-_JgNK%B)c zPzu?>iK~vHLZ%wucUJFvbDq+WSCS=EBVMO_wt0q}(0RR4kdN0@nLdm4B(bhoaug`T zH*=?a6v***#i{#2{;P(0OYe5<^QLIv+ZMeWl!%+ogk2Pd41ztOw>R-g zvA7IsTaX)ee62VU#i#GM5e`*7(6f;m4DX6~!+q@(of^lxeo9$tT<+R&mY~*sExT~b zDQ%k9Oo`elR04diS{d}lMo;YIt9BmA(6eer2@-WXgNPOVX>a5wNp_?@D`k0?R%o>a z_gSfpbw&>ACa>d(V5lm#aRPZZ?^-=%UHdRj0J@Flx<8{t+0<)bPxKg}K<`b`#U`>V zZkO0M%c<@K`!0;2R}sR2D^6!aMPk6*5OA~>g1=n{M2t_2Z7cTu!8w9gcaHzeKXu!S zlK9!2k$MuIa*uV{SzE321%7QDokqGTdrj1704>SDkJmZ@Y|#d@o)XVGs!`&(KaO;7|?`l5;#+P5%7 z2l|*j)Y#FP^y5QH7qaZCP2MkTevlI#tB=GP@x@S+GX-ZVcl~9z`2lxFo$#9i{grnp zi;=Xs)!cGYgQ34D(QjVfO*!$?89&Piw{9`Omkjh>QZDS2$|;4@}MNpR%X6BkC@ zX*KE90R?~D)oAPK6n$Rrd++IgnEIl*_0#{@?=+jTbP<{uN)i?Bx>IG69IsaQ2Ufcz z{dTMV8cO*w$G~$VjrENXXPpj)b$2>))tjl9Rze1N$3vq^(slpi{`2f z7xe@}!GGDSe>#!rwB&A@PqqzThVbkq-ss%;IFcL|Z#*Xh5+2?<;3DGoopCLwNv>)e z3EVBm1&jA1CZNb=(hy@%g%vgOoOdi{ssx+_R4YDrC0pRPGasze==h4rs)1SN#&00;cmU|_gR_6ZT)a*o`#8={z4F5FI6>wn1YUe^L{q?eGr^vm%U#%#eD_~U-$m1ws)}6 zB{vZ*$xe9z+s3Vm`_rND|E!YkzT&UOAofthTKRHaF0Z9LW;HVEK_q z&Ml#kZm^MzLv^|%DCDvfYr4L6E0kb$HwxC3G9c7 zKwPk;nS*&IPA3JBD#$~OB;lgj=bz#OvpH+$c&#?dmA`C+am!5z_BbJsFlmxzV24C0 z4P$xw=_i2^36Lc0*gko7hx4Xe3J2)!4e?v|KFqiGS}U;C9U*?fnP$Z#Pnx@WFi^QG zfO-_P@W}?z;BSjVxR=zcCW5=?qt$OwfgUf*`F<9l#_0P4KbiEeo1$zM;^#$cr9X`1 z-YF9d9CwhsH+x4X?7+hSh)Q6F;THAqD4 z4PD%>4Z-}DYpT3(zTbuKe@mB0&CZwZQ{WOa; zjkM(8O_l`nS^se<01>H0>@3ueB`3Kv*RJ5eahL3h8pL3q>rURCOLyb{e7fCGU~5a3 z{K6lXlTM`4^?74ZYPj=tbW=pa`Cubo|!Oze^MTG0U-Y->XoKy2^9}Jv#9F$Ebl+32TVE+QjN0*X;xo_9ux# zSPxJ2Z}urhidXh^+{A6wCjn6*uN?J|HeY8 z>rMXp1aJgogx$W->Q>q%E(XwPfQ(bICKmXLF&Y*z8!)}VD9I&YZ{G_nJwBY$!UryV zQrE@mDajDvJR0w!EElKET}@Gd&pxC0Y;`fq5w%nL1*1Yyn&C&B7}9IKO%8Y3s%+#T zLBKzPIpSCWbZ7hnKyzVvr2t?Qwph%J44-5>F4oLc#h{`Lz`&3wr-S(_C z*V2v%^TF5??wKTq2DN#)h~0lm1q@FI5V3Je-b9&nF>-|iY;qbLvT2EKrM{E`&?@mI zBdp*pBdEGplRZMSwV8hm+Pq(XNr{>yI!eyaLIJLTTVv6LqJ?sOVieE|KettBrMV(7 z8ph6n*?dZ(p6WNB8>m;3QDbDM`T-OZypl`Lvb(uOY-y=eB0hR8@XOg)zOLpo4-54|r4jc_grnqazYhZAUphyevp^+QBb)g>C`on^41NB$C_`akhHCzt+TC zDHl?0;zjYkJFtEcw|K|^z&a5>^F%|jmdkD527W;eALyu<6qwkVEH%*AFu+^~7F{uCm-hiOMqrcF z03DZuNxVAVc9nNTi~qICaLC~%VLakv&k!L0_ffk-=m=InkYgZ%e7w6dB`thow{!a7RIdDK>Uwi&q-~2*lrAY~Tr~JStX+5c#l20{H@AgR)(j7jX*|Wkw}9I6hpZ;E zJ=^itpdDXuGP~Y}!^wbAUT4bq2bj7)ZeYgG=`) z!O3CwZL!y8x`QbjXUbc{QAkPrBY-auk-!`_M^}faF#=R*qyzXrE77MpkFefiQE zKuGPVVD;k%N?(^!!jF%SXU2q0n%~wEVF?g=E}m0TVUK^|k2>n;*xenVhc_*3TD6r$ z!@-_9FYsT@EwTWnD;*o)5IwXOlu}zGjcE5F#EgxN9sVQ_;^vz5`?6NX%m!$Z3@qZ~ z(Kixv-LqYxN^eEjZUug#D_qSNh zQ{msYJb&Nue=uJ>r0#3d5}<2oX$g223sjdJu)K~1?D)v@zBn(p9L%nL|K%f=!U@?c z-Zl>%;WCFc!{GiJn11vmQ(qm>>hjcv+6I$79{xQcs!}cK`MW+N5dD5uRDGx*$*Z4& zLlcW1IX^lG~)o5czD~^+`e*|1Sn<@ zeE^ujlv+3^16DOVx`%l6%bF*zFIj3?6w7VIC8azglVq6&U~#8VmyDPz{<)Gll$@f$ zU049QMD#`R143)0dGjGEbBhvS82$`@A8aBuNhTeJqKa|-{FSo%XA{e)jayE~>={1) zynEF!5|s;r9Yu-#rRo0uN%|n*zV)pnzr%Q#{tk~%rT869^p`6s2qc+7j4>rV0JOw& zZ33(-*+7jGwIDb#@#9j){B7CccW#K78`js`#>4iTw90Lk&hsok;VVIrg|nC*W5dU1 z+6_w(r(2gLbAahXjgim(G2o0jF<=l85tW<$h$_Wi9V^LE{cxXuquz=3U=v|=yf#u` zT#X1cn+T&9vpzfCmzH>%R+*<)*6DGuY10x20=axMs2V`7k3}m1OcwqeSokxWMj!Ot z4O$V~(iAb*@k)m|jfrPKcoQ7hI2H)%=;BLH>WWC8WB8z-O#bfNJPWCIOKalC9Cx0D z;_ry8P= zjZ2Ul5kiZJOH4?NXz*^ZnXX3&Tci971{E7#R^u?B_iAGJu92dRL@)Ewo5=tQw%4YhT2Zavjb#gPdlE{lqaYIHWXMbc!ampcApeBfvnVGHzLZr*h>+5%3o zwY$3u=B4Mz&CSIxkB^HRAO5DV8W6la3YMN{Owo6@JoFv-8gIPt+OFSS*k+u<4fJ-w zcI!*Ph6itncJW6>XG5ZkfLq-YkbM4UMm} ziTTpCf$o;r8HsnEuSEVr7HI~IDVlOy*U++Ty5|m`@3zHl-@9|^vNi$-95kAvj6C=T zI@erTSs8rSSWAoYPu^D!iF*{URO(~ALi-uT-Rxg`)*I}MeABn6aor*=|H@%xdrVWp z7#xDzDL)~UFC|(orSd6@ki1j5%@0sn*h_CBz`s8La7BRYq;Oscl*XZ?PBnYLy{Z$0#gDp{P_ByU+$??rUL zpCbKfL!0+!wNmzW{`+FcvAefI?qM4}y0pmYk!WhIayRn;2>`H9igopV5NSu5BptNC zW;GXtd7$_sUW3;T?HeFY5U<%SJ`mRyE-@V*#=#GJaHM0y%b!VLJ9jDtvqw}C9!}2< z@PspuQReM^V>yDzrQOtOBZCEZv?`js z*XOgz^9Wj;P2?#0FUbjrWU<9G`bnqESHmDin}!;P;<{Nu`fk0d!BjWs*Kfgunr^*7 z#d`vj*mL=ovIak%kyE%2;3qtz0p)XL@4=95^nboYsQ4h{M34;S6MDeF4Ww7R~5>`E4{(fRM9+XyRbJOiDkdQyof$R#6tzf{@? z|9DV6*r0PXZUGE__#qsMoQ@}_%?uSBiaGd!m>^GPU8hV1|qO=8ft(R zM2MA0hUEK>&;CRN3ZHc`|J=HL+$k2le7fuQu3fW_zf+9?PvBlDt7v#F9>txaZ-Km} zPLIn`N+aBd5Nk`~V`l(pnf^P~J7PA@%+gy7LVXP9Lngx`h>N-3;mZ1DLbJMM&s#RZ zUXZPUwq7l4uG*E!Na0pY;xM|QcAT2_raE4`Vt*@FApaw=7e*CFR-Evcx78udo`E=@<&EnO z1@Jh%-HFTui95g_1vqCi2EL|>YER)L9YM@{%;?n5gid^SBM%@?%_iUN5{&E#c|6)P zqX%qkEtaJBBHzhIJBPj%5$2cKk}Ye{?c)sqLhce?W4=zFJEcJo4SP)IZta>6Pn<&4_g>)>nq38 zbW`G4*iiUUUm`wVUb2%BMOyBD7yf)LMW;0n*=)kFF57GDWR9 z&^+AkH^#NQC60zhA*uLC`sv*geO@|qz&&ugk@k>w6*)0|;ibiQ1Kv|$Nz^dYAha;c zn@?*e0i$aYqdgeS@hWL{Io?M9p~GNgQ(bnlqVRQ4Z~pvSS#ls9kqY8?sNNEMD4osM@4`xifN!blc( zcjS|S2xnEOs?l|+?7vTwT7ME>jG(bpmE5K2+xh4_o#beL2Oz5h)*qEfY1^IOtuFJC z@{7*D2feqojaFjaAnv(mdz7Zu#~pEj^sRz0L=Ma8s^3@ZiJolu#qX8h4ML^q&1piYA&OOZ9wZs%p^A3JZP3-l-q1LCI=n9YlGYk}9ee zO4KfX#ek_ZC&CmpwhF~CNz{*4qe|!NzC=mkPFR_l z7aJFMlq$W={BM6;0_EVVRnK3;T9@5i zy||2la-QLG8Snl_bAUlXvH}ji#7flPl`((+B>e^o#lWTsV!jU3uLEz?55`e(Gcr?o z>hE9AkdQ5Fb>v|UUxc6t4(tF2;MI?m zxtPFi8H2Mf%=jk| z2226Mcl?*=7!?3paRz8-5(BRV`$(p?hfqf!|0F=oXY(mP6abEG9sM$dj}iC*t&S$J z7N7Gf6r^~7K2;_=)%X;IK@T_*kU*BDxBp|r09kuvQ4s2DkP;@`_K^=mxb4vBQxq%* z^vT>PCctaJ3cv&7Zvl1`Zc<Ac&M6MBs!BO)Msu57%$wr&LnFCw2FMJZz@HCP7>HOO56RQsnnzRl zW4{cU)UVHDf#_j0)$rTXD%A51X1`!T@jy9hg*FnSfPYBHI%d#ye=|yY>lF&A{J1WM zKm!u2uAinN?G%8&r`I`Vzn?)m$D>*DUU&}8~90E|GxAjM$ILF}`WHZem`$QJ=ygeRca zIYS#jdX@QE7xXHplAjlv&Rn(|(QA%l_+9!V{noc<&4<6@8jJduW3*p|y(3KNGk(GR z+d0_!>lM8Dj)CY0RGeHkblN1(@Xb`!YHum~CPYD$F+529&dVelGPzcGpF=)Bs9n7mf(30Yg`N?O>G05hlbfaq~Kk-|44|=~}9b3ft z!a0Dl4-SM_?mYER0;Zo5Ak3U|rIe;ZcL@^FaRYi?QjK&LKxe06ppFgHsp>2^VW2#CWZErvg za2y5gmMz{nHJS;XK;_~W@ca|^`Jn@*Mx=OYu-X@b%?W^-C6TTILu zc(U=DXZqk+Ne#(=Qk9jWQ+^U*df>7XV&-BtQyK>xz3uAY(Y^%Vm;j!(!HdoVhQ*N% z9J8C_wJYzWU$}X3&zVDkj!KY(vjFTKk#<3TR;iT2A}vwPUF7e5Egpdpkdj-PpPoPp z3WuEhJq}ul&^(U(d8NN8`P!&zGf((ZoMHkCm97OyL@5CyE?}0b$hOs(E2y#3WV{qK zN=5>s14seq?J<=no{$F#C!(qGYx>R!#{yHtu|j7VRwl}A0<51CEByQW+ohx(f?yL0 zb?PYIqIV|g{m)2XO>BF3gRW*f4}jWQ;BYnoXme40?9bGfiuH#y`st}=4ggG##!RNR zLDZQKI>EF=f(m97A_S}=IXz_gnFIc`s65RjsUsnWsljOv+t3sbwN8CHj`lw)(u0*Kvzq2CWk`&^X{g(w(iCX^;`fEOf42)Py53F{-s7_dau zr!Y(+njc99J;O55o)!4U1NjJbEzvgU=2GanLRF{&!v+T1hWEzJA| zb`YhX6Qs^`RQYz#gK}P*N8?hs09P~0=LLS{vQWIi+f9G5>T^_=um`N{&_dlYQi1M_iQ`8m91^6li8bp`Pgr_3qj}rD z*IL}!iouWB!Lbqy?63d$@)gU1v3K{91f{+JFdJ17gqMo`=j>Tl=IgZ+4}tD zIs;;7!9KH<|9y>Hqhmhcd4HwgPRWjI5~f7>^0`9XWfJ8THZX^8KJ6bb&D@`}f$wr8 zV>2{f&6Z%5nG@eF`U`p*{ASI!GQ`c(iE$<_i35L?qxS)3K#Y4t(ZXbaGRPA%3>|uL^fMQH-BP2CBhPqqMcBN!Dt02O0XBx>?#8 z(5sU<*-@g6FDC%>EkNGat|E#F4l%~^$xVvs$T=gUT&(d>L(gv=L!cmoc=m7IPF9SZU zRHVTlSlumY&A{Jn=<0*P8qrV-1Qnhq_)Z2HHQkMmLtrrOg(}Jpu!K}McL7EOkWxgE!G0P49@JlG!hX3+0jN8G+oJY8RJ?k58z0`I z0zM|C5Ttn9%G2?jgrWN{ZLWy-$k<&qc<6T+d+y<7F7zLc`@ACf+##lv;Je6DBKKul z1!bMyqw$va{9=f~!5|?4*wg?QU{VhD#&%5(Te@JJYo8Jrjrt=j4~i#-pHW)iKXqD*N4rOS&0RpVmlFUUQjh~}whko?T`%oFUR6hh8`zM!>l5jKF8+E5l&AsiseDs3 z{QK75Pye^8D|ZdGBL7Rk|7DB+8*&AY^5bcJ%Cw4#QvV~`mzNMPAVbp;ek=D{+x{i@ zz(ZMiKwb3n6H>i@*j0@y~toGlrKLgdzHIHDagO| zML$YkIH@Z6|9$K4r$?wN1V&zsf5RQYVSvHUu+q5w?`pJ;aNyCYTO`fjdhD-xt2+UT zo5C