From f3da3a76bc0f451b5015bec899243c99c9921493 Mon Sep 17 00:00:00 2001 From: Jeroen Beckers Date: Thu, 26 Dec 2024 06:50:42 +0000 Subject: [PATCH 01/40] Add libimobiledevice / update iproxy --- Document/0x06b-iOS-Security-Testing.md | 3 +- techniques/ios/MASTG-TECH-0052.md | 9 ++---- techniques/ios/MASTG-TECH-0063.md | 2 +- tools/ios/MASTG-TOOL-0055.md | 8 +++-- tools/ios/MASTG-TOOL-0126.md | 42 ++++++++++++++++++++++++++ 5 files changed, 53 insertions(+), 11 deletions(-) create mode 100644 tools/ios/MASTG-TOOL-0126.md diff --git a/Document/0x06b-iOS-Security-Testing.md b/Document/0x06b-iOS-Security-Testing.md index c97ebdc861..7fe9e7032a 100644 --- a/Document/0x06b-iOS-Security-Testing.md +++ b/Document/0x06b-iOS-Security-Testing.md @@ -37,10 +37,9 @@ It is also possible to get the UDID via various command line tools on macOS whil | "USB Serial Number" = "9e8ada44246cee813e2f8c1407520bf2f84849ec" ``` -- By using [ideviceinstaller](https://github.com/libimobiledevice/ideviceinstaller) (also available on Linux): +- By using @MASTG-TOOL-0126: ```sh - $ brew install ideviceinstaller $ idevice_id -l 316f01bd160932d2bf2f95f1f142bc29b1c62dbc ``` diff --git a/techniques/ios/MASTG-TECH-0052.md b/techniques/ios/MASTG-TECH-0052.md index 204ecce363..42ae34f4af 100644 --- a/techniques/ios/MASTG-TECH-0052.md +++ b/techniques/ios/MASTG-TECH-0052.md @@ -50,7 +50,6 @@ During a real black box test, a reliable Wi-Fi connection may not be available. Connect macOS to an iOS device by installing and starting @MASTG-TOOL-0055: ```bash -$ brew install libimobiledevice $ iproxy 2222 22 waiting for connection ``` @@ -60,13 +59,11 @@ The above command maps port `22` on the iOS device to port `2222` on localhost. With the following command in a new terminal window, you can connect to the device: ```bash -$ ssh -p 2222 root@localhost -root@localhost's password: -iPhone:~ root# +$ ssh -p 2222 mobile@localhost +mobile@localhost's password: +iPhone:~ mobile% ``` -> Small note on USB of an iDevice: on an iOS device you cannot make data connections anymore after 1 hour of being in a locked state, unless you unlock it again due to the USB Restricted Mode, which was introduced with iOS 11.4.1 - ## On-device Shell App While usually using an on-device shell (terminal emulator) might be very tedious compared to a remote shell, it can prove handy for debugging in case of, for example, network issues or check some configuration. For example, you can install [NewTerm 2](https://chariz.com/get/newterm "NewTerm 2") via Cydia for this purpose (it supports iOS 6.0 to 12.1.2 at the time of this writing). diff --git a/techniques/ios/MASTG-TECH-0063.md b/techniques/ios/MASTG-TECH-0063.md index 2c7c511c66..5e29735cb9 100644 --- a/techniques/ios/MASTG-TECH-0063.md +++ b/techniques/ios/MASTG-TECH-0063.md @@ -23,7 +23,7 @@ waiting for connection The next step is to make a remote port forwarding of port 8080 on the iOS device to the localhost interface on our computer to port 8080. ```bash -ssh -R 8080:localhost:8080 root@localhost -p 2222 +ssh -R 8080:localhost:8080 mobile@localhost -p 2222 ``` You should now be able to reach Burp on your iOS device. Open Safari on iOS and go to 127.0.0.1:8080 and you should see the Burp Suite Page. This would also be a good time to [install the CA certificate](https://support.portswigger.net/customer/portal/articles/1841109-installing-burp-s-ca-certificate-in-an-ios-device "Installing Burp\'s CA Certificate in an iOS Device") of Burp on your iOS device. diff --git a/tools/ios/MASTG-TOOL-0055.md b/tools/ios/MASTG-TOOL-0055.md index f6ae769520..678c6a9fa9 100644 --- a/tools/ios/MASTG-TOOL-0055.md +++ b/tools/ios/MASTG-TOOL-0055.md @@ -1,7 +1,11 @@ --- title: iProxy platform: ios -source: https://github.com/tcurdt/iProxy +source: https://github.com/libimobiledevice/libusbmuxd --- -A tool used to connect via SSH to a jailbroken iPhone via USB - +iProxy allows you to forward a port from a connected iOS device to a port on the host machine. iProxy can be useful for interacting with jailbroken devices, as some jailbreaks do not expose the SSH port on the public interface. With iProxy, the SSH port can be forwarded over USB to the host, allowing you to still connect to it. + +!!! warning + + While many package repositories (apt, brew, cargo, ...) have versions of libimobiledevice tools, they are often outdated. We recommend compiling the different tools from source for the best results. diff --git a/tools/ios/MASTG-TOOL-0126.md b/tools/ios/MASTG-TOOL-0126.md new file mode 100644 index 0000000000..6cc4eebd8c --- /dev/null +++ b/tools/ios/MASTG-TOOL-0126.md @@ -0,0 +1,42 @@ +--- +title: libimobiledevice suite +platform: ios +host: +- macOS +- windows +- linux +source: https://libimobiledevice.org/ +--- + +The libimobiledevice suite is cross-platform protocol library for interacting with iOS devices. The different libraries can be compiled into binaries for direct interaction with iOS devices from the commandline. + +!!! warning + + While many package repositories (apt, brew, cargo, ...) have versions of libimobiledevice tools, they are often outdated. We recommend compiling the different tools from source for the best results. + +The following tools are part of the libimobiledevice suite: + +| Tool | Purpose | +|------------------|---------------------| +| idevice_id | List attached devices or print device name of given device. | +| idevicebackup | Create or restore backup from the current or specified directory (= iOS 4). | +| idevicecrashreport | Move crash reports from device to a local DIRECTORY. | +| idevicedate | Display the current date or set it on a device. | +| idevicedebug | Interact with the debugserver service of a device. | +| idevicedebugserverproxy | Proxy debugserver connection from device to a local socket at PORT. | +| idevicediagnostics | Use diagnostics interface of a device running iOS 4 or later. | +| ideviceenterrecovery | Makes a device with the supplied UDID enter recovery mode immediately. | +| ideviceimagemounter | Mounts the specified disk image on the device. | +| ideviceinfo | Show information about a connected device. | +| ideviceinstaller | Manage apps on iOS devices. | +| idevicename | Display the device name or set it to NAME if specified. | +| idevicenotificationproxy | Post or observe notifications on a device. | +| idevicepair | Manage host pairings with devices and usbmuxd. | +| ideviceprovision | Manage provisioning profiles on a device. | +| idevicescreenshot | Gets a screenshot from a device. | +| idevicesetlocation | Sets the location on a device. | +| idevicesyslog | Relay syslog of a connected device. | +| inetcat | Opens a read/write interface via STDIN/STDOUT to a TCP port on a usbmux device. | +| iproxy | Proxy that binds local TCP ports to be forwarded to the specified ports on a usbmux device. | +| plistutil | Convert a plist FILE between binary, XML, JSON, and OpenStep format. | From 566208df62bcf6142a54d8ef76a088617edcbc9f Mon Sep 17 00:00:00 2001 From: Jeroen Beckers Date: Thu, 26 Dec 2024 07:54:19 +0000 Subject: [PATCH 02/40] Streamline TECH-0079 provisioning profile --- techniques/ios/MASTG-TECH-0079.md | 120 +++++++++++++++++++++++------- 1 file changed, 92 insertions(+), 28 deletions(-) diff --git a/techniques/ios/MASTG-TECH-0079.md b/techniques/ios/MASTG-TECH-0079.md index 51cfbde2a5..18f7862c1a 100644 --- a/techniques/ios/MASTG-TECH-0079.md +++ b/techniques/ios/MASTG-TECH-0079.md @@ -1,54 +1,118 @@ --- -title: Getting a Developer Provisioning Profile +title: Obtaining a Developer Provisioning Profile platform: ios --- The _provisioning profile_ is a plist file signed by Apple, which adds your code-signing certificate to its list of accepted certificates on one or more devices. In other words, this represents Apple explicitly allowing your app to run for certain reasons, such as debugging on selected devices (development profile). The provisioning profile also includes the _entitlements_ granted to your app. The _certificate_ contains the private key you'll use to sign. -Depending on whether you're registered as an iOS developer, you can obtain a certificate and provisioning profile in one of the following ways: +A valid provisioning profile can only be obtained from Apple. This means that you need a valid Apple account. -## With an iOS developer account +!!! info -If you've developed and deployed iOS apps with Xcode before, you already have your own code-signing certificate installed. Use the @MASTG-TOOL-0063 command (macOS only) to list your signing identities: + You can obtain a valid provisioning profile for both normal Apple accounts, and for Apple Developer accounts. The only difference is that the obtained certificates have a different lifetime: + + - Apple account: Certificates expire 7 days after creation + - Developer account: Certificates expire 1 year after creation + + An Apple Developer account costs $99 per year and is a nice-to-have due to the longer expiration, but not a requirement. + +The steps below work for both a normal Apple account and an Apple Developer account, but do require a macOS host. + +## Creating a signing identity + +Install @MASTG-TOOL-0070 and create a new iOS application with any language and configuration. Set up the project to use automatic signing and deploy the application to your iOS device. During this flow, you will have to accept your Developer certificate on the device, as well as enable Developer mode. + +After these steps, you can use the @MASTG-TOOL-0063 command to list your signing identities: ```bash -$ security find-identity -v - 1) 61FA3547E0AF42A11E233F6A2B255E6B6AF262CE "iPhone Distribution: Company Name Ltd." - 2) 8004380F331DCA22CC1B47FB1A805890AE41C938 "iPhone Developer: Bernhard Müller (RV852WND79)" +$ security find-identity -v -p codesigning + 1) 50034388646913B117AF1D6E51D9E045B77EA916 "Apple Development: MAS@owasp.org (LVGBSLUQB4)" + 1 valid identities found ``` -Log into the Apple Developer portal to issue a new App ID, then issue and download the profile. An App ID is a two-part string: a Team ID supplied by Apple and a bundle ID search string that you can set to an arbitrary value, such as `com.example.myapp`. Note that you can use a single App ID to re-sign multiple apps. Make sure you create a _development_ profile and not a _distribution_ profile so that you can debug the app. +Additionally, the provisioning profile is stored on your host in the ` ~/Library/Developer/Xcode/DerivedData` folder: -In the examples below, I use my signing identity, which is associated with my company's development team. I created the App ID "sg.vp.repackaged" and the provisioning profile "AwesomeRepackaging" for these examples. I ended up with the file `AwesomeRepackaging.mobileprovision`-replace this with your own filename in the shell commands below. +```bash +$ find ~/Library/Developer/Xcode/DerivedData | grep embedded +/Users/MAS/Library/Developer/Xcode/DerivedData/apptest-aijwmhfiximgzkhcmnluxrscflyc/Build/Products/Debug-iphoneos/apptest.app/embedded.mobileprovision +``` -## With a Regular Apple ID +This file can be copied to your local directory and can be used to sign any IPA file, even those with a different identifier. -Apple will issue a free development provisioning profile even if you're not a paying developer. You can obtain the profile via Xcode and your regular Apple account: simply create an empty iOS project and extract `embedded.mobileprovision` from the app container, which is in the Xcode subdirectory of your home directory: `~/Library/Developer/Xcode/DerivedData//Build/Products/Debug-iphoneos/.app/`. The [NCC blog post "iOS instrumentation without jailbreak"](https://research.nccgroup.com/2016/10/12/ios-instrumentation-without-jailbreak/ "iOS instrumentation without jailbreak") explains this process in great detail. +```bash +cp /Users/MAS/Library/Developer/Xcode/DerivedData/apptest-aijwmhfiximgzkhcmnluxrscflyc/Build/Products/Debug-iphoneos/apptest.app/embedded.mobileprovision ./embedded.mobileprovision +``` ## Inspecting the Provisioning Profile Once you've obtained the provisioning profile, you can inspect its contents with the @MASTG-TOOL-0063 command. You'll find the entitlements granted to the app in the profile, along with the allowed certificates and devices. You'll need these for code-signing, so extract them to a separate plist file as shown below. Have a look at the file contents to make sure everything is as expected. ```bash -$ security cms -D -i AwesomeRepackaging.mobileprovision > profile.plist -$ /usr/libexec/PlistBuddy -x -c 'Print :Entitlements' profile.plist > entitlements.plist -$ cat entitlements.plist +$ security cms -D -i embedded.mobileprovision +``` + +```xml - - application-identifier - LRUD9L355Y.sg.vantagepoint.repackage - com.apple.developer.team-identifier - LRUD9L355Y - get-task-allow - - keychain-access-groups - - LRUD9L355Y.* - - + + AppIDName + XC org mas testapp + ApplicationIdentifierPrefix + + QH868V5764 + + CreationDate + 2024-12-26T07:22:22Z + Platform + + iOS + xrOS + visionOS + + IsXcodeManaged + + DeveloperCertificates + + ...SNIP... + + DER-Encoded-Profile + ...SNIP... + Entitlements + + application-identifier + QH868V5764.org.mas.apptest + keychain-access-groups + + QH868V5764.* + + get-task-allow + + com.apple.developer.team-identifier + QH868V5764 + + ExpirationDate + 2025-01-02T07:22:22Z + Name + iOS Team Provisioning Profile: org.mas.testapp + ProvisionedDevices + + ...SNIP... + + LocalProvision + + TeamIdentifier + + QH868V5764 + + TeamName + OWASP MAS + TimeToLive + 7 + UUID + ...SNIP... + Version + 1 + ``` - -Note the application identifier, which is a combination of the Team ID (LRUD9L355Y) and Bundle ID (sg.vantagepoint.repackage). This provisioning profile is only valid for the app that has this App ID. The `get-task-allow` key is also important: when set to `true`, other processes, such as the debugging server, are allowed to attach to the app (consequently, this would be set to `false` in a distribution profile). From d39142b4ed41518c78912d867b5c8192eae7b4db Mon Sep 17 00:00:00 2001 From: Jeroen Beckers Date: Thu, 26 Dec 2024 10:07:30 +0000 Subject: [PATCH 03/40] Update TECH-0092 for IPA signing --- techniques/ios/MASTG-TECH-0092.md | 55 +++++++++++++++++++++++++------ 1 file changed, 45 insertions(+), 10 deletions(-) diff --git a/techniques/ios/MASTG-TECH-0092.md b/techniques/ios/MASTG-TECH-0092.md index 541a9c2664..ded75dbaa6 100644 --- a/techniques/ios/MASTG-TECH-0092.md +++ b/techniques/ios/MASTG-TECH-0092.md @@ -1,26 +1,30 @@ --- -title: Repackaging and Re-Signing +title: Signing IPA files platform: ios --- -Tampering with an app invalidates the code signature of the main executable, so it won't run on a non-jailbroken device. +To install an IPA file on a non-jailbroken device, it needs to have a valid signature. On a jailbroken device, this is not required after installing @MASTG-TOOL-0127. -Before re-signing and IPA you need to obtain a developer provisioning profile and certificate, see @MASTG-TECH-0079. +First, you need to obtain a developer provisioning profile and certificate, as explained in @MASTG-TECH-0079. -The re-signing process can be done manually using @MASTG-TOOL-0102, or by using automated tools like @MASTG-TOOL-0117 or @MASTG-TOOL-0114. +!!! Warning -## @MASTG-TOOL-0117 + If you have a normal Apple account, you will only be able to sign the IPA with a modified (unique) Bundle identifier. If you have a Developer account, you can sign with the original Bundle identifier. -Create a directory `fastlane` and create a `Fastfile` file as described in the documentation for [resigning](https://docs.fastlane.tools/actions/resign/). +The signing process can be done using @MASTG-TOOL-0102, @MASTG-TOOL-0117, @MASTG-TOOL-0118 or @MASTG-TOOL-0114. + +## Using fastlane + +Create a directory `fastlane` and create a `Fastfile` file as described in the documentation for [resigning](https://docs.fastlane.tools/actions/resign/). Put both the `Fastfile` and your IPA in the `fastlane` directory. Example: ```yaml lane :resignipa do resign( - ipa: ".mobileprovision", + ipa: "./filename.ipa", + signing_identity: "Apple Development: MAS@owasp.org (LVGBSLUQB4)", + provisioning_profile: "./embedded.mobileprovision", ) end ``` @@ -50,6 +54,37 @@ $ fastlane resignipa [15:22:03]: fastlane.tools finished successfully 🎉 ``` -After having this set up once, you only need to change the path in the `Fastfile` for the IPA you want to resign and execute the command again. +After setting this set up, you only need to change the path in the `Fastfile` for the IPA you want to resign and execute the command again. More information can be found in the official documentation: ["Codesign an existing ipa file with fastlane resign"](https://docs.fastlane.tools/actions/resign/) + +!!! warning + + By default, fastlane will always use the Bundle identifier from the given provisioning profile, both for normal Apple accounts and Developer accounts. If you have a Developer account, you can specify the desired Bundle identifyer by directly using the `resign.sh` script bundled with Fastlane and specifying the `--bundle-id` property: + + ```bash + $ /opt/homebrew/Cellar/fastlane/2.226.0/libexec/gems/fastlane-2.226.0/sigh/lib/assets/resign.sh /Users/MAS/uncrackable1.ipa -p /Users/MAS/embedded.mobileprovision /Users/MAS/signed.ipa -v --bundle-id "org.mas.myapp" + + Specified provisioning profile: '/Users/MAS/embedded.mobileprovision' + Original file: '/Users/MAS/uncrackable1.ipa' + Certificate: '' + Specified bundle identifier: 'org.mas.myapp' + Output file name: '/Users/MAS/signed.ipa' + Current bundle identifier is: 'org.mas.testapp' + New bundle identifier will be: 'org.mas.myapp' + Validating the new provisioning profile: /Users/MAS/embedded.mobileprovision + Profile app identifier prefix is '6FZT6QZ6X3' + Profile team identifier is '6FZT6QZ6X3' + Updating the bundle identifier from 'org.mas.testapp' to 'org.mas.myapp' + Fixing nested app and extension references + Extracting entitlements from provisioning profile + Resigning application using certificate: '' + and entitlements from provisioning profile: /Users/MAS/embedded.mobileprovision + _floatsignTemp/Payload/UnCrackable Level 1.app: replacing existing signature + _floatsignTemp/Payload/UnCrackable Level 1.app: signed app bundle with Mach-O universal (armv7 arm64) [org.mas.myapp] + Repackaging as /Users/MAS/signed.ipa + ``` + +## Using Sideloadly + +Sideloadly can take care of obtaining a valid certificate for your app, but it is not possible to simply sign an existing IPA file in-place. Sideloadly will sign the given IPA file and directly install it on the connected device. When using a normal Apple account, Sideloadly will modify the original package name by appending your team identifier (e.g. `sg.vp.UnCrackable1` becomes `sg.vp.UnCrackable1.QH868V5764`) From 522c1afaac5b7d7e802fcbd542984fe2658416e2 Mon Sep 17 00:00:00 2001 From: Jeroen Beckers Date: Thu, 26 Dec 2024 10:08:06 +0000 Subject: [PATCH 04/40] Update TECH-0079 to add cert limitation --- techniques/ios/MASTG-TECH-0079.md | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/techniques/ios/MASTG-TECH-0079.md b/techniques/ios/MASTG-TECH-0079.md index 18f7862c1a..fe98f87717 100644 --- a/techniques/ios/MASTG-TECH-0079.md +++ b/techniques/ios/MASTG-TECH-0079.md @@ -9,11 +9,18 @@ A valid provisioning profile can only be obtained from Apple. This means that yo !!! info - You can obtain a valid provisioning profile for both normal Apple accounts, and for Apple Developer accounts. The only difference is that the obtained certificates have a different lifetime: + You can obtain a valid provisioning profile for both normal Apple accounts, and for Apple Developer accounts. There are two important differences between the two types: + + **Certificate expiration** - Apple account: Certificates expire 7 days after creation - Developer account: Certificates expire 1 year after creation + **Wildcard certificates** + + - Apple account: Certificates are only valid for one Bundle Identifier. This Bundle Identifier has to be unique. + - Developer account: Certificates can be wildcards, allowing you to keep the original Bundle Identifier + An Apple Developer account costs $99 per year and is a nice-to-have due to the longer expiration, but not a requirement. The steps below work for both a normal Apple account and an Apple Developer account, but do require a macOS host. From f6f8dcace001b72972193973e9c8cc0092d0210a Mon Sep 17 00:00:00 2001 From: Jeroen Beckers Date: Thu, 26 Dec 2024 10:08:29 +0000 Subject: [PATCH 05/40] Add Appsync unified tool --- tools/ios/MASTG-TOOL-0127.md | 13 +++++++++++++ 1 file changed, 13 insertions(+) create mode 100644 tools/ios/MASTG-TOOL-0127.md diff --git a/tools/ios/MASTG-TOOL-0127.md b/tools/ios/MASTG-TOOL-0127.md new file mode 100644 index 0000000000..0f48cca1cd --- /dev/null +++ b/tools/ios/MASTG-TOOL-0127.md @@ -0,0 +1,13 @@ +--- +title: AppSync Unified +platform: ios +host: +- ios +source: https://github.com/akemin-dayo/AppSync +--- + +AppSync Unified disables various IPA signature verifications on jailbroken iOS devices, allowing you to install IPA files with missing or incorrect signatures. AppSync Unified does not require any configuration after installation. + +!!! warning + + You can normally install AppSync Unified from the `https://cydia.akemi.ai/` repository by adding it to the package manager on your iOS device. However, as this repository is not always available, we recommend building it from source and installing the created .deb file using `dpkg -i` on your device. From 679e62ebcfc3e80f79495f2ad0ab824636102a37 Mon Sep 17 00:00:00 2001 From: Jeroen Beckers Date: Thu, 26 Dec 2024 10:53:35 +0000 Subject: [PATCH 06/40] Installing and injecting IPA files --- .../Images/Techniques/0056-Sideloadly.png | Bin 0 -> 93041 bytes techniques/ios/MASTG-TECH-0056.md | 56 +++++------------- techniques/ios/MASTG-TECH-0090.md | 44 +++++++++++++- techniques/ios/MASTG-TECH-0091.md | 4 +- tools/ios/MASTG-TOOL-0118.md | 3 + 5 files changed, 60 insertions(+), 47 deletions(-) create mode 100644 Document/Images/Techniques/0056-Sideloadly.png diff --git a/Document/Images/Techniques/0056-Sideloadly.png b/Document/Images/Techniques/0056-Sideloadly.png new file mode 100644 index 0000000000000000000000000000000000000000..373c7363ff1a6d1d1fc0ade79181d4723c43516f GIT binary patch literal 93041 zcmZ^~1y~zf*9MA~0xd2rP^7q*;_mM5QXGoA2igJ!in~+XHMmpU-KA)7*FeZk&pDsm zd%u64nas}CnZ4IuS?hgQ!c>%`U!xJB!NI}3mX(oEgM&k=hJ!=!diesD<1RdyXjP6U9*| zDz!EhI32V$-8efwn&6U+e7#47GfxvCpFk3+BfLCD_(U`NsmnU3PJ=2|>=?7g(P-Tb zyBD3JA(+caDMT(i{y9-;Z-ZkdloR>O=%?~1i<}rlYBb$SlUrzN6x8t2B~jdUu}f|w zF0{YYG{oCCj$P0o*aoXJu~1q{v>XvGTwVh4mSJ>QErh1{L{0GaajmK^6Dkdc8VZEOI)`iqF z<_u>L#ZTn`ptVQkGzU&mN=gwfj^@R;?4uP`2}@p3!tJnm*gZWV90# zY4Elzybs5;S%(NGXMSM#<4$+Y*IVB!Jn z%QvHn^O^SLfB&f?vDHQHe$1oGr1)L^s;PrXm|RPcpfPz@3UhfIerpvA-x0&PEtlNE z+D=r+Aj8(bO(%)$UDYja)gZw)$udYcX5h;%#Gt^}3Dt#P56FpSmVJnPerLAOzIho) zVvfM(L}DHyMfLhxW|I>G@5=@S4r1SVQ(%x08(rX25q5ca{43YPGRna>$Lb|JfkjxL zAg37gvqVI>=}(wA-ME7?&zrGuS`h!ouJS~)>nidvA_Osv6kX88;pA+@ro)0 z=WCcp6UAwS?>6@NA!Zr+c(-8a*1f5+mz*`N!24BlH>^{Ic)THLFJ5dn5y~teR1;%HXvAZ8>Kge7@wI*;{_V??PRa8*Tq0l|kGje*UASrKC_5MQbBiARRV_lqIXz}}=!q1CR7vd0MXKRDsIJV-wG z>eb{i2()cwy((||xnzp+G!(=~xiFecTQ;2E(>&k2@{rfUYAnELT>sX4#-eUFZnWHw zi!gw#*RDfjpCjaC>v#(-@bED&puIi(?R_PA`8@0DmNEP}@A}3DbcT@Sm*V*t4c(eXFt7m+vL5iZEzDg>`v zb-S~muy-3&zr_2hR!w9Fhi^i>h+5ix_nX`rZtOP|4?0T_zpU>e% zv2etsQ@+EShU-vZd`IsQ^@}B^LI{(Li{+rgjeRd?&Qkk^UUL3D{vbyFiwAh#FBuXn z_g?|A48K%Lj7%}Ok?BQeNwEIp zp2WE3T@Hm;Ks5VgnL^p$?WKd4^u@x&#ZE};OX4R@op-(ZuxG(r;kghLVkAznp+j`Em>geD`% zwW6R8xEKK4fId6=gj4Bm8eYS?evc$49 zpHhq5Ayqr|=NQEymK_rpG+jBC_sOw$anZ3=aoMrLDnL3dJXSe8Nr_ZNUCAX$n_PoJ zH#H%Z`VuY;GFt)8^p@{>N)>roKiBg*rY9#qES%4NpNg?&nx$Ld$#FK?{@Kr;hB21a zpI0!Q089i50&#)-Ky5d^wX{=Z<)5G#?di|^Mf;fhj-07!N@;$Iv3m$(a$`PYWofK$ z@Ivsvj-(9JnJ2Jeu(7cF0O|DR^#quM=KU(q9KAY>vSt}5q zu9-)j#y()0S}Jjs1F_+n>3#54pm1e#CA@l7r=DE=Id5cPY@T@zV$`VEsI4qLp~;Pp^(;+t7W2b2REm?*`S1dHWDsyn}jSNmWU&Tl<0Y%*LXR9SeW5;keM)DJT0! zbWZiOlMkQSA59$0vP_K3J2sv=kmtUb#eS+;&+W@yn4WdX-8C4|8!;}Y(;_KjDvQ(t zm9Oip=+Nr2);m<6)=o8UuHY@tF0a-Vtbmust1D{T9i)NVi@S^VHLa%6%dJaROWMoE z9wP5n-%(-clPnKl^?OCdMwJk`j>PT_x-&VIyZi0;x`aD1xY#=Ru+6*J4KH$C8@8+($rK`;3R_%@j(JJA#ckQli zcRrqq)v4rJ)t`IJ$Xv;SCNQ!wj2j%&&OA0SgxQ6Ij1xB~0qB5Or~}l>fZu`3lk841 z&^1utw^J8!7NH~QnFKk(8yp>+MS^_X1S}2gYw|?_9`+`#ChlHlbEUyB6)|hC{j^Da zKeLV)<6md5uU@7TdhlfskP;eUKhyOHiIGlmU}wJJa$f88jn#^s9t@$w>WkJRbQfNx z@sYY#X6sGaPZ>@rs@XOL^=Czx^(#iK5a00$kq2l#ts$)-S%}HMr)1--p}A00Gnrn_ zkCHW`9ZPqkU;3aMx0)g*C#$fOInB*$eHk*8S>jOASHfMisF2FJ+oSQTq**;$$xH!P zfj>b?MqX|u{ZYRsIdd_S7eBl6-cQ}-y8JpltCa~Op-0_M zPMe;t=e#|<%&ud5ENPEUq@L?h4}(wF56tLH1WdY<%^%D^-Ml}{&5#r($6qWRh4lIws#)HvS)0iQO(hPm0<0(CEgdb%Zl9T*VKAW zx@k1zU-4*x`GZsgVtaS=jByv0hlxnmAQbNFc2{$LaYY+WOU9opP$10gYY8qd94RPk z=5Kl&c8muc`LXyu|17%qJlWvxtoFayCVK_|ZlkFU9h&ivD?Pi z1#j3Mr}zGR-T;0FT5GIc)baz$3z0iHQNRS>t0#MKZJzt6mGT~08Syj_jE-ML~Mnt4gvqrfXh9A z>-9x&d%EA`b4w!T@hnBd&U)Q|;x9KLj{+?$p2#W{&nOpUfRiEm*wlo&NL#C*Z{gOWIqw zeIoa=w{vji^AddjR}DT``cF3Nd-A`kxP2CUucN3!F7D`JLC(eUf#t({AvAJwasd}} zOFlITsehWoz6rj!c5`#$V`cU9^kng5XK{3~VrApy^hoS8oTmPhQLp zu9Saw@~?g*EL_c8Y@FO|939C2^!v%w(cMk({rf)y{rmX)IW4?w{xgz;>p!mrdqLJe zC9G^LA6Wn0H>|0^pIkl_8!rnxT?rd|*qp(}5aMG0DDYSP|6j>}M*OdqI{#_O_VL4q z|8DwUMgQNXnywZu;*R#PG2MjzvtIu+{_nzn8Va!fdG-IAiofUiuUyzf3!w?H{(I4c z(2yE!RAK8#Vk4of0lUMb?9Tx&0Q;c(`~D}rBG7K&R|W?s0w*gWs^JBHoQYzhq1geQ z$PY!rA*Y}Me#;F^5S75ghhH%2LXfFp47We>bu?bO+wed2eH`vs^FJ!3V_0Oo4S(&6 zEQ%*_Kn;&T^$knS>bY}+_s-K5q%=g8Y94pqp4NPq6(Dr?@ox0)dHl>v1HBO$oxn|A zQSsgOmA4fAE^BV5U-ZDt%-Nk=(R=m-)}Wq`*4eW?3^A{fMBx6{nd6F8tUc_Sl6IKa zDHlBe7(Ba6R@Fg;*vrbC1N7C^ug3iE*0ks1PQB9N4?x0DZy!ZPNHb}4%OvP3TgBKo zS;KfEhlq&iNyu0b@{kxUoM8NLpiahBgpiL6j|KO?&iw==92|jg4$5T#h9IST0Sbzt z_>`1=SvffkS=pf*yjy%5Db}Jwn)YYdcn>nbcad^kE#SklnHKk>fW(arCksVI!>Y72 z+l^StC(m!sr7}&XQ)t951L6MniG*Xq#wgfM3@M<^FDjzWFT6Cqgpa1Z*eop-$7D8a z0rGv2KG%&$m>=Wb5DNQN#$Q?%y`!z6!KI-=Vn-g&`ckW#2^#@{9PWRelSuF`vbzUU zl#Dgf(WAXU;580TZGh|D8URA2)=-Tw?+AEY`6lQq=U7!%W~gFhw7JsgXq-8*fK|fO z8}xrXaiE9>Y>IF+m6ViRJUpVm?d&8xUS7ID<$UlSC()M0&~$ck1bOM{4=_V9-U(F! zfxybrQU>$AoN288`H+8Qj*(AR=r?{_U0vN79UWaDCOQmIj9NchUHXc|)X>I2zjS4c zkB<*JS*|ae&x8m4@7IO(g!LH#85wylxKqF7I*1S$=zdU8cgo1T#!o?xuk^q7G;B!nC?pqG*G`>=<5Xfn*e;rw zS*SF;3$V9WbRk*!S}OWKb-|x@fg*Bpwrjt;zZQB`Hf@E6tu&nI;9*7J{%b1-VMvqH z(hl(ZTw81E>6LQXEmpTzR-TH4ex@Qq`hRT@HkuFClY!|19RBAFX+rmPZ;~q_h!bPe z*tpmQU1fY+8o%u11GDI5he$7p0XYpFl}#O$KI)o=b7{kri5sMqysHE^+?sofx%sco ze&>(=L`Gc$-zX^@Wgf`hx;`@ayZ1d3mvR$4VgTBkpU=~nZ=7w6{r%gy1qBrg3JS`0 z@~ILt;&Pv^jScPFZLN#drK2=vHn0;D5`Zlw9q&p1TC1FGY}oY5SqX=<;1->mFV&Ndtro|faU0$vss%N4Fvq|iPoE=bk;Ayi~#WU+x6UBF@A9U zf|0uL)46z&Hw#<3jg`X8!WUG)naNC@mGYUUwxNY!B&77xDX|4`v6XUTe}BHYj!h|j zc=`5sP%WZupD&}SR)@dpdy<$KKGW%Z*%C^rA1bI}VJ*x8mSvTds>XnJwF-lWo70w- za=1cZXAg_PJWo8EeJy0*gaeR-fkGgol*;pQv{kZ0_FqbWk1uFp07 zZ-vJZ4QE58>|3ai>OuQDPTAgQ{=9^BXlR(XOuKQlZFWaPI6BJa14Xt}|CTH6mNwIP z%9S9eJEvpPI~M(qDEelX#rT5By#2iA%EH{HRS_&A z|I!yUo?6uT47rAMnhhw`+bz{v`hz~lS}toaObY-Os-RirP3zWLZ>LG`0$!l%1WSG$ zy$Z{cuWG-wEyArHPvKHD#y?G0U!6gipVOW)OP2cJ7Kl-cn z?DdEZ_}vA6bN&l+pxm#LayltH`>g%AR$f!hG;R&hA?*E>H$Zl+>)oU#_`JBysi~=X zM47l71v8#b8l5(K3|N#qduMIqo1tQB&|NAaX5C8@kq!5^-0E)$03A?8-AmSx&%0(s zj8n*bI-~|6t%i!3b?!S)jFlwoWmZY_`h<>^&}d?SMpfIT9BfG$Ffac78(KjrGO-se zaBX=&@3Txc(~_%j>g}!TJ>zS2qnLYv(OF{J9?UH$P=u?D@a|$!EOfd{hAahMfNcKJ z@0svc^EAND@qsjxs-JA(iHg~=f2hPi9@qQc<^?Yp1&O;ipuUjUA~W5LQDTns9x@_S zvId!4nX{kn*x506tjcP?&KV65JT*13P89*M-Tjh=x8T^P&Zc{#(cH9&_eT$IDViMX zRCylGmdw5a*Y2T2JX0v6fESUD%#PrP)q9hfbk)Svo37bIjnKTMqTh0Q+}8}m1rLed zTnvyc#HXCwyMir{m})=P9&#gST@_MdO;BA4WU6k0 zGVQH)@^~Q3(-$ecFKfdcbN_i{++vmOb9^zdysMj)n7G@1Im|e;rB6J%0`WAqB6XdF z6eh9gw!|~l_Dvi~8iPBDXL%J*`Jc15=d+VTM0XtIg-+1*V>T(+j|h5whn z7176D{LOm;q-ULR?VPfaL@#UMDUu#vZ7UCuy_Oq&hye`>i*TY(DHp_YWdXMK+c^`!X>g=?H(pW63pF{x|y0?aiBBs&5<3MSp#wsryZ}t%q`)-B*F-Nk`ts= z{%r5(H@KcX;gKtFp_v~q`E5{gGTKi(@f;Y z%b3}kc&6&YHu>EfJH^!PmLjXwlx)FjWfvEQ6|OLzd=#APZpVHF>uuVFfuC&$B_ZH% z3OzPC)kT$+d+UZ4{HD9Op9LP;T6VtxgC3SpOMFO7OY4OnsGGPXt>WFDKXv=(h~UzQ z>#kup7-{>C_;Gr6sI{AE{_r!cnJCLxHAsw$Q&3=Hpg6QrS`83PnZ{7y5DXc9SA8ot zwc^t*hVN&(l>7$ej|RZfMu4E9wXs_vx1{@BPf0%nf87pkq5U+RFf-sa;8RiM*2%!K zUXc|5rq2v1RDI1vqOmA1j8e=Ux{u=L>|8_Hd0;9gW-6tsy7>V-RW&_5Q*Uva#H^18 zDK@s(H__$jLDji_+Sk(2@lx1$@=KI_esgq0e9dvgoZc8?c00{^T^gP(0H0pd#gO|U z>M}m?#%GZJ+s*`?J4{_tf^QgA)>`j!I%up#%_dF-ZAa#r)Av&chb0yx{W)(=R=5)( zp*N>X`tM4Fa&J%9%AnSVYj;$yv_eOY&Eu7FH-lf z=d}B&e(^F$Q$u4%QAvqS4NdZ_;2?WF*vm&<&E}9UQFLfFDwE$1z2$=T$6c1k zq0L@Pe9-;4A^%+6gb=YtNUO1UD8>y<%-|LsyLC8OSds46h!=#;GdJ}=zbdA4J&R z0&)7XK4IR`M|)sIeVUm*#|3$mRCR!D9dPitLQ0Ks15)S!B};x6)?}Js7=VicY>7=) zxIfX*gPWzaR`0YiqSSVXkQJ9skkIQpUo8D$&U1p4SeVW6InbIL?k|CaLtvv8Nn%>B zn-GY|a^HJQ??rS6Wda^UI{IWQtyk65)E=`Q;@QE6gu>TOFfT{jk(s+}tp>{p74m&S zxb)z$!)wCfW;Q-Zi;wE`M~mq*zU;L@4JpPG(k4ofsL=q69i$!^4}nAWwjk8xz{o0Fj-QciMY2=jH?VUl~ZhmFpds1)Kdbd9wdcud}`D68+Z;VP$DUse4iG}*}rAnr?)H5BMOKm1%-qh}9>ZlSXl!*utHS;~Vo zUk??)cr$46M)+wkZD8f8rir6BaeD6P|r3e%1%ZN_Ba&50*URs4M z8FS_-^B`*uKGH!2O_`TQiJ@>NjS9a_Fug6!$qg@Mu7sPza*yHfq_o?qAR$}wP#x;N zz8yNA65X#7z2!i?X-nOLaGQTmbp2yW65{zfvLS(^b8Ox;RIDSYSaX^x$)L z9}$S7E)7h|_1l?t$zVx?AC*weWaK1*n98R2yn>m% zjBDf$nckP+a*%K&!r+E^yU*4I?H8nQd6wp0`6T^>k1-|<_PpW-fb#`Y#_GhJAm zt~Rf?2^|x!{pg%8H>%Joe`y49y4_9oMF-#3KSEzC`ui_%j!oE#O**Vz4EQQ%3oKPa zJ01yU>~-2HSy>%l8b>o+-ZYdo-NRjMkR~jlk)zycy$ykG`JRW%o?89w>nqW{XbIOqy&iyoPVzKEVve+ zM3AkyPLc+urR@0|xl8G-9}ksiJrW%)oKzoLfj~YfRlyX}4@oM$6t@)Iqqf`XWU~nZ z*GfkuEi)!VD`lRJv@QKF785_RmFe+St8y2*A-Rx^iMR>3+Y~hx!z1ci5&Q#L0Wskl zx|(;B^j|D*>^-gitU4V2B|Y0u1|SEBuPh!G-=1$$9*HYXY-+ zWw^EtV33JwI&JRhmf^N$b%Je7=b&pXH?|My{bBr7*Ia<-CxhC!+7WVjng-xzGKKAA zmnZ{0?@%Rxowqh%h%GXlxf(6v#fo=k8CIP2JT#mU1TwcYR|&99*97P`8wn;CBHT`Q zt9jYmzpm)H`(9OB8&^Jyr^tDH+J3rxgfLy*Dcz7ZT$C)*=2JyL=(ZGavn9`ZIV+o+-`G zclH4#(5uVrT`u1^E>?^FfmA#mrGAj3x7SVNdet>=Q?Isj8&obN>mPRBtxJXuBKXGV zw?DTWwWqEzpUy%Fjs1o!U1xfN*Et9{ZUpmm+SJNy;@fJ4Lr*Ib<;X`OiA?<^$?HI28+SjD#YX zs>`1psmhqj#ok1{@A(Hp%Q<-o)awE-^sK&jwDd`On>2X-EtFC~1{e~~Q9CJAKqu2n z$o_3-^9AeFD7Krz!F>e-Cf0rC;o)%US7<}MTLepSFqx;pRK<5c6N>}WiduJl>MjQ? zWStw=7(2eVjiGK7q~uGik@WBnU3~Yf(Hi!#K<1@*D5j&-i}uJQGLjat)6RaA+i@_x zfjN%@O_5o+4_xsCT^HYW$R->3wG`8`E9Hl(^*64>`0AL7=i8v-R~uGJk|A@kU%q}*Z=8aXWQoEgIBJb8kCW>Q?9Jpes+Scw*O+h`N`!f zXSc^%Ur|elkx6>h?q_e3)T-+`m)*UQ|9Lmc?N#KvLBiK8`8{JPrZDKfI_Bp#XS#ma zYyO?WHUnrZrKY*)Ey5!?dUpuU7WN!=8bRUz1^fm z-5hZRTndv}*^9I|A8y@%DZF`c4n($tB4Nk@9SCxlYo?c1*Do7S<4v38mD{&b1&I`V zzTftE%(Ph>5Z-(Y*l}+0U+sON*A{q2F=MjKdkTm$Bh%&gJbgvida)5ju}{0JT4h(E zZ{Cv+HSelQ3a0zD#&XB2oY=OPRz{yPqF$PSG(AA(d#q2?IbRoO!Bnkam@d;6jL8&< zO7;)*Fj+Cp(ye zI0`DQBQWCyB5zT)Ed5o<P_cauLH!%Y6uMeKp;Yk_S-wML53JE&E*f8qYbGlnCu>mw%Ott2&p z&fB+td-=k0`J=E`&j^0OFI?fqv!7O0b&wjDWx8;NXR~+iR=X;6dlk*}&5lAsM=_Hx zm`S65ieB)?es|NBVeR6kw-wL^yQFxKs(_~B);155DXUa!rv3VASovxPaQ_?%hfX!_ zhNgR{z!Ow%R}OOIR6NiJTF0&hs5|XXbnnPOdJbkzp5wo|)gLce@Uhms_5Jml`vXVo zGcBoa&zR+J&IN-R#>7x|Er=4=GJ^bL*Or(-Y3*fyU@?b%wIDc zQY8SYIpy^gn>>)ay?BM5+g-ab*zfi2^$3M{h!<~4exgF4mIX1H;>z`1y81Jwa9x?ExU%r_FwGMN)+>GckwSwdYP<|U)2 zN8? zP>PQIEI*?B!i3Hke8F!gG^fkE8MyI>?O-(%#J^09@09QjKJ;{SZ#ZqQtvT%$RT2|Y zB#gKBcn_YQlR*>7#sQ*bJ^tmv2-wx-RlfD<8BGy^ni2>Yiko%Woet;}2bT|^%(HhM zqaUuy3#|Hma5&7T|6ova*-o5gAE}vEU6-k|76s)2zs%n4j z=fdaQ`LGwfZjKYW^8h6ZGZWU)5}W3_#pOzWdUZi_v*8WO)E`Wq6_ph)qx7JaucknJ z@k&MSDJKz0eQ4<^CkXMi^y^Tq`xQ}y`Hz$)Z0QH=EV`UA)} z`Yo3NiZkS>V?)Glee$?I(EUcU#n=E@nZm#i3TX)ZHGW6P(pFLhQ40eD&iwBVOZ@aC z_>O2jAV>26LUTh->q&AKpiEN*K&KG3v{Qbx8XvHO! zpEi~CF$}%BgV!mWVxU@dXLc8Xz zP`gZtGHa>1j*%gN*2a@SD-?*3tM@$ba$=qREa+8yX2$ydV%$u3(3y6__e`+fa*U|e zPhHBmH6W{}@u{Mb$qJJ74aW4D6&jllPnuD0LD$2(K8p3!A%wmn-D>}xi*EmXG>8y4 z+;}u`wz9zQi-D@6!D38V3EkB;s@bMYjO6(@(4jHLfX7FvKj4z8~!s$ZM(lO?F;b|e1kH!G?)PK;PCMa6>v6T=`3@j$J) zk;4`4D!NW`iscXJ7GBXAizm1NEURPV*(LLdtK! z-30aH4*QjcOsyVYmi6Tz|(;n+n5zFiG8?wc!ypow6e z&FG~`4c=Dhcn9)*SMD$aCMUS-BeRokjw;lGfh>%Dy<0p4=I=fp*NLj{fbY)!VE7|$ zs;k3^mGs}$q?;hCysmBjmzT%;p=1FmPojxctq)1Tl`I`>D5&xrY{)p;v8NZV8}F zs{*_Zy3*vIss8%m61VVc6aBIA7_Vei&8yn>++6*&e3Rm|4SKmQmB~e<6oAR3{qiFc)8^NIG15T7AT4yAh!FfAgYt?B zoTm7ZL0&tegn%ZGN2SI?2;= z9+yPc+!bQ?JL<}|*q=t5+DKkK4a;W+##VX{0)PJ>Zcp z;AN_|G85kY+~zM}OqM`KNe=1G@601%m}U%hy#MqSyq_2CMr@Au)7!ZZAt_aC&|*W% z0){*Uas@mKKVGxj!dPl}gzp|Q0c-Uhkc=dzFpQX(>P&x=OwqDyXVhr`%lB-+&FcWY zp=2W@-IE<~<7fC09hizMnJGMIGbn5@@a=Khc3q-jPrn#gxj`q6N~Zs&2C&%O45a^- z(XW7L&PeL;Gj#DOXWef*@^#~?-&GB&tewq3naK2Yw=W?wD$g;Z-TY|kJO@uScq@YS zo;4720o%dV7>X$b*0En{(Hu(`HeML9?l2@4V7@3VtGc}%9w%@+bgjLA+}T$Ca@c-7 zE#Gc;Ljy5x%*uqaV#*O#`YQ(4K}$YYHTS;Vi9?PByZ=8(a9T&To^bxYRW9HgyfZ%7YF9BK(HGi;uUh9xeFXi=p?ysxyD!Z~FQV z-};yTVM=?t{joJR-i@>}H4;TmfXH-e@CV(AbHR2Ob{@*ldEN+Pjt{>-&TEkJ-nYKt zbq3KKh(;O`E||QQq*G{(%Ow|n=LDe<^jFJB3Z*OA`HhG+ue1u7v86p-YhP=zNCCUM zSAt6-Js=vajXHB9@ z2@3RuaRq2S91_oNoVLj8I~<4{neB~^v_Zf(dF)q6&Po(*0o@3WmfU(8z2W}H7b0YO zeD8Zgb%U#A7L>1U=gO+uON+BxqPbU{1etYAnGBkO&pKMg{I3+Z@z_`zCevOF4Yat= z#zG&DjNQpBjfGayC!WKsx1Vc*$6-FFY(T=TePvZu72TH27mi@HEl(JKRBjQJxR6ZJ zdvstN!cd^?x#sSPl|C|v?F$&|pPjH}U2*}u$`L@O=1$11{>|-*BZ{Ht_(mEtGjscSVLE}i>qxVIYlQr4QiVRA ze!@ZIA>cBs$g5x^u*G{$(8ad!>RgNu-(uJHKwSRjTHFTnL5W!AdCrGgwbN_+(q>oA z!-Y&GDay^Cii*lI!>Q-~lO@l-s<{&3bWfQwS&P)w-tso9-kYwhy(OI&hQg%+25-H+ z{rCAM=1$C>kBdfm$7bd@9utZjjTC0M$Hc@|`CTCo>e1!j-(jMUt(k$V&XmzM1J+=n zP4gO3tuiG44z~hg|IukzU~`b+e37)!qt zPf_nqrg7f2pK$tX91daH%8~jMwP>DD(w44gthXyd6#5T43-ec`;046CRPhG%Z;lFG z^fK3LKpaUaeIpSw`rR}rDGBg@hlhy}_t#O!=M%xX}BV%JX z4g4S#mwr;ABGciwLEEgeM5CxV z_>0z#iUoI?$mb~&F-NAnemKwd;Y}<7Kw54Z03XbP+^PFgc(TOa$dT~gt-=5(Qho!% zZbf=}dew&qARk4h(~z?84PI!lA4{D|e0n!_H4B3?@@6=ax*6?=p5>EYB#GWdgUaj1N%>8YYCw^3C(AHNM{y<& zofd5J9!U!13J;`)ETqzRB7X}t)LV7A%^rwpbN;9|hmDX_7=-zc!DsD@P(e^FWmV|@ zcoVovu@r5$hBP%R zVA%NO`5veKq5hnZ5AHE_Xa_K#1M|o{Pp=#t{I2!oRgL=_?(b0A08+upZBaJ;m?@(& zJ&hMd1sf85eSP6Co})x_6Qch%F+_ZEekX2OgR=rs2Cp0m{iOl72SrRuoRcFzdPTp! zD4kKtEXO$*=C!GMyAO@Fb8@v^U_VS@#(}7J@t)zg z&XTG74+D^m8voXl-b}ICNbdE0MP+5o;%w&f+Zf6xrppPAw53T7VJnEJ`b%co(@|r6 zleNx8%L(^$shQ)p2qUF~Z3JPsbRN&x>x+_u}$MSB!#g~g^uTZG>4r4cihC?9mJ%Bf>XlX_;P z@q9u^PgWJc6iQeII}UdFR;p^e;10T9n4gd7to;3v#|VZN89$yhw!HHo zu6R5XJX+t9ialdIlcmixUzX1Pw(-NTnaLKf)BGeeU0#eTtV|2S^wMFuO|{4$&=;=w z`t|G3V+5za0z?0}n z`8N$wd-R%M_}+(i=>mXzUh(H>j)pAxfqdu|Ay@F8vO8P?~gQgP^xq>m~z25>z`#%wXBgsw^Zr}CLzl%)KsY4ufvA}kjYR52UwHLsa-JP!`X8|C||XUo@Bm4uhgenZsB zJ}4L@CJP%P>LO=GKspm-DHh@Bq`0_g5G>l3K}I3xE-dohT!q(8tn^$5Mp%X*P(F#Ne&vmUlF48Ug?O8}WHDlMz_vN5(kdeT=BvLzGlR1v^HE7jFdKZ;1vkjaDyx|B&P$iB0o*;H09Ys@c9z{< zolT;9yk;hmFbD5;68iLu+mi#?M0o0f1CNw`m6KUg2PV$Jwl%J1-XH$-Zz#glRG+dw z8jo!lm8^HTm>DW8OFN#nao9^t{Z?-ruFQ_Pw;?~M+~CMaE8V6?KO0jbo1LFy$np^l z;K?P;NL}Chw-sw{ZvKOsOe<@>-F2ToJu3{x2|g1n{CrAON;ihlyVAD1!N6T0 z=;NIxvoW89 z8YRqh2$T(Yc7_E;)E$8k6o(8-ZER$nQLD(`n9PYGgn7;%>xLtXC>_ks-?v>(Qe?gF z4?X~Up1vp3na2}Dnoqal>^g`RzP zCKfJI%-nl-^bWTd8b+H%6;UupoHMH~KMs zsh%d#XK;&ChafPp3s+eHJH~Rc`scdqgy2Li7v|oCc2*St79ni3=0vOi)V#u*FwAoX zqrXXRTdRcE96TU?Pyra}%l|#|LmPc}9XwL!G?mzoB3Z;vjkhwS`%?K!?O zvMaD1?4(%o-IE10`Yf=M&GiEPsko+yN7s9Ub{VuG2xfW`PPALqMWeEgj+_O zK7<$1G!#OAvr1dCfshA0k53<5_>OG(UiFJ zVOs2cu+~&AL&RAtYZq@zqQP1CAlhLMI_orK3%n2mc)VNJ$FB9W61rp4M>7;j5=;A{ z2?b@NfFE5zv99BP(DZ)CBukNR98?5J9y1B;p0geP-C72I#$zRmabD@&+o1x}2jO4Yx>p?2uQ#AM>j9t>xJ|WX8sF9*FbORh)+0`y|6Qg{ z%%$?y5hZ!53II5JmDVGd6jNIH)2JOhTt=}%x7&OdybM_F!?QcZs07_C7^5HN@so}J zJ3QZ1p4<|FfctZRk=FWk2C09%b;2N`fFRGNXgF!gjCl5o@bS$M(rR@$bh!k{x!CQ{ z~dr7(hWl=~7A>hM`M9y1NxbK)R$mhZwqHR1gK}?vn0qxSR8ybM$?G=iEQw zKKFU%%rl1>zu)g(YwgvawfCO3#=LAGIe16t6UP|gE*ln-M#K0paa3#omf7E5-n@%Z zP7x^`MZm9B8Pb}iOj^5jJ0&ZtB09f@^T_Qw$FyziZIYoX%f1I4rHR61ajml-Du5P0=gWt2jEk8`SF)u|3F&)j)w>+rh0Dte;jNJ$rDpC` zKA?WQ+i&4Ei?p*Xo0m3II4Py{p{?O_|gww zi9qE`oUR!yv2dcLw{$&xzMhLfsCuO2JsF5raWEM8^g~g>wj=RB{n;F8QMuY&k+*1= zOP0_c8a%q*_sn@@%2c~Q`s>Jc>o|W!Q|oe=K^BqP-VQ6~ie{!vhb8Q6^@ooyv&R?7 z)c&7cWp5_1zihWk-&**qyi$Q7F2_V8Agv0LCMqqI0v%6hxbQ8N6*WaX($_1`9+#U- z$#MVH@OlN?P80H&6nVS9YTY@a1U^vLDt(bK_If0^?~sgtv`cQkV|k=R zIbN-DMn`ci+=(!?u8c9bbu~$%7e_oNt-=^Bw4Bq#43hY9pxe}ltu~u0{TQFW$cJkG zucdfkJV?6i+Rcct_dQjRP=DF`Hcoq{;BeD@Z!hnw^3h08~Zz3_e z7k`vl=(F|I;7iD^!$QLo1|kOh=3}w2mhUbHtSskok>?_g=dJcq%cJ^TqNu+QYMopL zY_nG%8eC%#|F$^D^SD68P?!y$_dw-%*8Q!S;J(n zT9b3yk5s>eAT*uMM2FT zef;0hG6b=L@wo6X#0%(eJn?``SZi$n>nqM0ZKCAt9IN%xm%Jw?Dry>2aiOtp@mIq# z7WEZ0#9IyQC+NTE@E@=F&v&XPXxQ-7YN|iFz5nYQkgvN;*}Wz3^6D32!H7fq?Wz8b z4!{S3xGNa>T^aDY(jc^m$n zS^A$3J`b*-F+Cymx$K4hrOZg2OYk*>0(ajpSeX7_esBf5DcQ?t2&qeeobe>@g8bW^9%1mdP?^nSF>v`_=mj2)Fa(GGe3sWzWf8-hXqbL<%E99Q&zrpUB zk^xB%wb9G|Bdh=SoeBcDc5{jf_ur)d96Vz4#oZLlf8*LsAiM!ru;l;k`>luI5zhy& zF#nryzZV2d!+84svTXNHulEAr5w{wzzW#gD{*M3)VgNeRpoDJy3r_`4f#3yPa0uf4 zkI4T0zcgSA6QkWo`}+_7^I=97JmP5)n%e)7=|5LZ;0@@EZAF0j|BJ%^XGMXAX!GPO zjEJg28pnw@iIcgp9=FB4kF7^@?pUn%~CY8cfxiumE{}QAW zW^82F)afiY6@MA#QdZlotv3f9jajx|1$=iX!cWBZw=6XmUJDsDoHJ8jLqpK@g<@d{ zUy3FK_s#DYs=0=iJtZe6mjX(>MK(4zN-i!nlH%fvY-g)4$#aW}Q~*9JFF*g~+E}$B zF)68|6E)s}{OUTg!|6;NJSnrz+E8&ihr5Ut!D~_oXn^S26GWMij^$wdrUa;NV8HD* zkK7mq1hj)F_|)hgK19UD-BngsH&xefPE{3ik23TAGDEE$($}Y?tfG=VP^gKJl$5lq zf-l^BbDhr+Hw1 zbLX)NaR25PXvTTHzj297xf*3yp)SarG{A8d7|KkSMPFV65U36=!qnBXJL)3tZ z`|+;)+pE`?%iQOPkDc^QBh&3i8{BJ00FZMmAIUxA9;vB~u=M+U*VZ%g;e(Z(0^>W> zmJz2TCgc;P4G*XqpbW~%F&P<{K8_g?PTCjn5+G|*ar7%Wv{%qpa_UwWpZrp(cFqux z`E*&%o`NEIoX5{9z6Iu$L-K`viO=1Ipcn&@7ybd3ZRpYv{xcrT!xVF z_9j(v9b=j-ZTd&i`}E|50mo`BqStUDBJKuTGCziS98HuxFtKz zZ8hb^$jlscvfBm(b`L~`OzZ5G#e9{)4wMp;^?vPV*8NH5+^_9lR7?m&8s%RnS~_2l z?nzXw5KBJDE9!MUdK&r)S~;;CoBcK;;hn=gbPcCGWML1#KWV^62xW4e?vwBuZX?slliQyEn$tCQk!hAGK%k#{>+@zn; zF}x~KY*}&au5Z9EPbvldCc(7sOq2f_i;K_au5L`IhmZ>Z*o-t@&%hT8z9+v?e~@$x zz!k*oK`meRY|gfBA-P-KX-}Vj{a=B+m@9^j-gDxyXI5TrAGT zMC%pbDss4N7p+;IsCQkdhs*fSDHmzg+a3Dg5bbKgN+!#UBlwfq3<4$suRKu1byjYM zn*+H0v2Rfsvr;vbsvczbQ`1K1R(oXy`eC|TNYpa+K^U2hB4ofv1j{a3YM*q)J+A1J zrYOqUUib~aXQ87&{Y6P_H7hz{^A@evpum9UJ1=6>H2RI4`+(q32d8J26THoDuX-#N zYSs=ke3e0431n?RegOzRB`vKahvOwT@olf^n8wpgo2+v7@>!t_{&IbGIpW{s7!Gz* zTJ00w^|NMHk5s2lvJgjsaezt3fc4Y#04 zoUQA{gQummX)IQJo=6wN*WB%{b9t^_ytX>$V2{Ssvv(6M(EVD1_18N>5+{2r+4CKV z2$sfE8y<^`^D`50$qH=<4+QIXtwR1zu+A6Dfw!GZeQSr)27k+%E*iFecrfXy z{g7|1tamp_Q+@NRN3IhQrP^@@F{NU*jPhv<*~zt&#)}hywI_+4N6%RrvH9me>K`f% zo((ph_b0WdppP!0Lts>kSs3}F4re*+*D7EP*M5+no7v{6u5EXCeEIw^K;&gzp=W+A zE*g_$8lVY={jCQpmpitBcdLnLucTJJ(n7h`VXdSHa4ed(?r1)~-+oZ@VfON{QL?h< z;TOtP+XXari((un503_q#hA#*oT7$f$*qZM14F~*O0|1m&1WinN8q9nT-rc+D;gLW zFe)S`7$EzHL9Hd@7--Xzi`ftXMi!B)f*oZYvlwjD^ZeH+c;UsWJcHlYKp#`*44aO1 z#r2k7L?gHk+`(=+g^~WNJQfS)%>l&AplW*k+sF8Lghl-xY&7IHYd{mf-l%I}jMvSL z6Z(5b*zoCZcB`8*tUCTBEYUzl)uBa0-W;3+R)1)y6D+6Gtrq(jZMUuGdzKgbmJSE$ z#K@;#EIoF}IP||>ON?QD(8;^=BZXMiV-KO78_RBFf)(LFXE(KTRJORMeX*zQ@JQY5 z?7;J)l7B%N%%nVb;puQjIeTnJBrm31oOWI)fq(x&>jt+*GA(QT8-V5K$zi_Nxp#Ip zc~O6MRd#zb$=Nz_^;>T}FxO1$v+u5xLDJxI`q{~+4>k)bCwk_vXi+%7WVnpo+X)X} z&zr8HuujYJiZ^HsU)kAcIFZ>n@|(wbV^ z2>80_E_U>Oa4*FEf?DUf#4QLcG9~!)D*~j#o*ha~5j(LG{en#IQ*1$mlRg6KV8}4~ z1{3eHqDY@jeE_Q3$u*!nXs-eM6txDo>KPl=DLu5;lMU`@M?<7&_*zb##$Y}JZ+)aS zt$Z*Zyvj-!F7%R7$8Ud3%No0N`qIqd^X-OCNO2z|#VE`xlPAJ7Kq|k1`5NbwCyNd> zCo?Qq3%^99D;oG39MUl@9%h=&WU}^d08b`jc$d$m%tN9rjMDS8*kz}kOC-y*4dsM$ zd#fSj^J8Bx;^3DpH#T-51EZFW1vopcSBr-L9@y^jsX(u=a-ZZC?Y2eTFgEnl zl`h(RjWzXKus0HWsb+v;;YZ3mo%Xo`(M#R?f-kUWrRpnZIR7nBVM~^7R_usxLE|-j z%9LROa~^|pB%r9GVeQL5XB-IK-293j^*oSdX;v8l8%9Sb7o_Z1 zdV9H@@+X{Tuagr?pk{J??{$uv7S)qb8Cu_Fr8}!^JPX1v_dirMO3Y+rVk+<22ZNAQ z{YukaDoRG`UBUju-*0XnP@TE&jhS!Rcm`_;xx@aVR9r>|W;WbRqh@YikVyKQitd{D zLzEJ<%L1srz9Xh|+Z6it61b5no(GPe*|S6br`qS+F`-K%Y>%`cFX}eZtzJ^=_}=d= z{sLBB81f_0aG|}<{b(-6g%!8aO=wBb&Fjid;APc&%_TfI1ihs>0_R&HjC6F*1y)t- zbU!VCl7ZZ5ime6jT4*-qww;i}dzOnENA1H*MRjS3`L)?MxwG+0_HLbw5hi0yV?ZtN zSY3bc=T=c9jXZQtSkv|PC$HU+WCvwMdET{AsIwd65Um^E<(o3DfMq#Hed5fMEXIO>7@^m|tD^~SBE89cq zxQs6bVJz-FpYbV}WD=grF9iP_4QR>dwe{kn5a4!iT}C+^g5_aXGoY>fDB_d z8OaLWaxdrQkzH^_WDjEv+-)p%(!78l+=fI4(qlkL2@*IZK!6SQUgP;n<1&NOHRV&) z;w28*@`yFy=0$$-s{d$YOLbDBCq*}rz;v&qxgU5G1z%KuhA+MC$o05)M+T)QMNg99 zG|TE7YmcQ{2CA1ay$?HJiDxsC|v)XadZ&B@N9on8kz&Mo@S<`VNp-*7DM@285p`xviO@+ zYw5SQ@5icqoRWqL#4%!RiQ!+W2t2r%z5S2JEsOE9_@0MvwN$&-Y#HNtT9&RPok{w$ zGLr;1;RY}#3@rz6X{E|deBE+>inh`t#j1RhN7TXp*#YuqmA zYLXw+ay5S<5q1^h?`Uu&QLql=N0Emp!ZxNYh8n$Q+(c0fT8T!NJrj2@jVJd&W%Fl)d1Q*z+K-&)J3wLTho2DHg;wZeMmHVIX@4m}MFUW0M(17%H3^2h{VtHSt` zZ*Lzu@cxNt{X^4n(}3H8aVHK8pIBkefwV7!?s7=B$8kty>w6ZmCCX!!^@`PDd2xdB17{tlc^DBcV=y#vM za$3kE#GkkxUeksrvK2(v*!k)~(9e_elMN0ut?_k{0}tgr zkXt_aTJ5u=07E6a&)C~Rlh9ByBq?@Wkdkif5XJFaAbEEERs}{a}r$i>j?>`x7 z2t9)t8cNCejkN%sefKH`6vUhj*}*m2KXqGr2Ww_XWLBpew#hR3z((EIrei9y;`gw+ z*spAy6KQ^ntyS#%{AWM_u6_4&Qij-L1QDFFy1F`mytH&y>L5}lY5N3Be=_mgbR%~n z7StjS#nS4{mK}t_J4!z9`AfH4;t!gcnvqqUz^%WW31tKu*V5{K1ab~|299Iaeh#}G z2wcz|y~fR4^r6aWYsSmX?KA8(o6`(uD_f@!&duKva@LnA?i#$!Htll-1B2Kl{nS$( z10y5EWt8R;M#U0#R$wt)LRa%y|0Cm{x*GdWU0wUZiwJcV2KM&$0WnaAueL%mc=QY(Cx?nJm<~u}P&0OplkS!Eao5z% zwp+brQvC}MPRI8x!2~Xseo>PC2QNRSz^i70CQr|1NE@-Oetz%8QeD;44dPng;X4>h z4><~&zRoq4k}XjpQGK}E6L$D3ed_&`;C;*{RkZweZBW6UGm$pzjWEpr0x-jlpope@ z^!?5IyIO8){?AE@Ubm0_5lYX@!kZpiKTp3Ozx7FRX)2RWfW!Nf|6yLLd}siyu+;`WAW%8WA3^GEaEZNQZ)bXP5Y>V6sWS{4lT zNZu>pY17%UrXYCAMe<=NCdxICR_8i7w-Vnb3SF{+2%a%RY|z@;8acSqFC70d=@Qm6 zazPT)`Ia`RfgXY2`AmOVxFAf%xiCb0)S9ui>jej|rzA-)A+3XE@wLS3o>?v*<+pqu;0q3Rf&k z-_KDEZKXV-y(~$~b0`Pr;*}Lwy{AjX)-mM`o_6}4QGt5Ryn{2>kIHzKvA3TZ?e$aM zSUC)7EWQ9ea3PF4!NK!Hj6OL7`j1YRf`pUu=rEfaQ3M^wAJ2{BRO z6UQnZ*Z9O*rs(zRFX?6|Ozm644AeSz(AusN&U+P*IUh|~HKY#Z1*n`6S<@>$UcI;T zmCUkF@%s4I=|E6HjLY6~X8Pgv+eO0P&aubTY0(0EOE`!F71;=^7Z!Fx_>aX;#%=fB%( zwq5kgw2#uoj=+V!;^pA5Tb(QT5i`4unPc;xH|( z!X&2|oHJ6%(D0_y{lGKW)>l1}lRVt==gScpMmshnZB4}w{YvL&+i_f*tGoMSGe75Quh3Lg+$hEj{ICb7Ty3Ta^xpB zhdh0tUR}>id;4-d>X#Ea9AO30X~V1#S-)4)AEZAglBk3+zFJ|{Qj49uTVj8^$ZK|g zbnZuIw2|4TX7{gGf8~6(9&}AW2G+-G?PHqN8p}x(K$gMW(T6vQiJo2#OvrT^Yhi~t zZKb|$2{9km0qnCYU1`6D_#DSbE}!(;(9m4E4g2NL^Ntz&GyNcZ2#g4L{;FOY0l_O} zI00+7$)v_D!fvh6OWn0e{P>BTGWp}a{tzqa4{WMctJ7aHbw05!2t9)k zX&f4aC8i;YgkL+}`Ypz}0ududBcX8O5ZGVxDcB(#s9`1yiJM zP7&`qSto*MuR>~X<@L%Bklnadv^=iXa>zXQ?j$Gkr(OgrAOdIoqf9%XPx~V{S18O_ z5WOeLbj<42D;eiY+@6|m<=I}0mp@OY%w=DQ30f`eq^yT(ZzvKz{}x(LPsJU_Ppi=p zKP2Vg$ccj=QSZO_sCwj4mG5;EUC!nAS8QXbreWH~4V4qG>7LeCN5spuWYbzj&5D2W zBlS>y?T3Q2z3@i=OS^%H$eTqJwXnlLLKzH(<3+`pxZQ9}T_-2joL zsv}ty1q_%1s8C#qmJ!zhy(R!({MLHMv-z79W%I_@CG0=N0%ofFMlIooa%#VTYrm*J3H7)8CUv#b%%*~Y zwG4OG_Eq%k(p%Rwa5pPqlnX-Lq@z@r^M}zG#HFlL#$uaSuWSBSp4lKZjn%ig< zNxGCTE-OTyn)$ApH9R~Ht8%9?2?_Z#2JUoT)|5E@`=gGRr4B6-AQuMfbl7mTi!2Qn z;(AW(_b>t^#ChtkF4oH{r~ zNIzDhxHaW7GTeAU8X&GduDkFQ{NetPQE zVV;S^=-HWt7V7#|v~(={HGWchpg2ePBQJol-Vdjf@zKdxs>{ZAh9?Wkb1oZ`C+W`w zknO8X?aP7Z++W_V@<~@6hK4)$a$-FrC>*FJ9}}(0U@w2lPba+1lcr{~$S5OYt}B^W ze4j=Ig2u!~+4OrGg&jGBhJVxUa}u9xURoMWRFZ`oj$@*hLr~JaXEvhd!zIt7qN0|J z-$HdT&$5CPRjet?`3{5K&h)!4OL4^}w=G-^W*#s}Mq)`U!Ki4pKF^J1_<3QXNloI| zsDCr3sZ{)Uwj1@_;X|FTTD46k`Mci*6%3P<#1M7UF@^F2xhkmLB|SU!0Mo<8#8ynTvRQ7RmhmAn&ZT9q34Q=)YTVdX`+z=!|LkFyGJb{ zltn}vW7X_tSt_z4gb!qD?gxl|d{wA3+Vu@LMnU8I$cEBg+6Dw+_{;I}l6L;u#^D9> z^n)Z`Q{&OP=?5CnBB&Hp*5nJCAi>2+Fe_?u=k3IaRQqzs za+em7)~;anHL>Jb#Q$>eesCHo|&h2FQj4c69Z3~ z7x6HpjZopuF|BrJH!fY)l_RYv4FyTLtup-Q2J4Fm;f5)H>4B{prfy<{03;)+$ zMZKD_4zx4Y!6p}dcwCi*aV^;K;<>iVNw(dji1heF>E=pL{E^D9g$`%xl0`ds@b+7b zaj|uo8stYB;kWCHyW+8x{Pk4(dwmY>zS?&WqEk*ch%(TPin5$hWZ#>Jm`QSF*^7M@ zq*XIEE!~XA5YbuDmzVqGPRPgpyUMu+x#gp9lcR$Ak=pJIo~qH+m0)pS!wreDeb`Y2 zdmieQ(5Ig3#z{=hKV-l3vAZjWX%c4-kiuyPtUu zLf7Wv+XQh?FFnpT`xy7gVQx(}Y`D3{cZ~o%45-LG2rPcmIp?=T;@|3_2G?7LNvGZ| zEmn9j+;7H8GoR$}6^CHk=hl5y0~m+Wv*>1-#_pP+PtnTm(xVYQFWnUKp2gf4K`_Kk zy=Y^67UL8BJ(Odw%QL5scBu0C##!c9w$=#U@;0?ZxxKqNvwYvPJQ$+JGF1Ka0%#Y) zX&#Mjl)9PtTjt;Qd->U2FSlGM`6RHB{bYPzgB<#J$wV_+4aYlLEvTXF<#x130Gfu> zPNx?pOsboj@;7_@SH1B`Jc#2A@7o$7G03sucdubU56--8e`EMxNwF*51B8pa5SS?% z#)6~jZGWP@cPBgKUo-9_R14WdM5jlb8BD%gIgd|tN3;J zQKrR}Ri|h>oQO;;-?*;%(cwqVmR!J~z`yz6{BL$F{~K8T9PkO*u$%Ls0gx zs?H$~sE8&_q?p_Eq+vp3Zl=SCdjYZqnx^*d4i~Ksu?_>USS!fAWdZa3T<6rqkc@pYbzKWFOwy@pGBHgwrW&?Jw6#{_{yU)7a$_VLPe2JKkKes8b* z!@6IyLo{VkxKAQ+9HxH?GkoWxXtR0PTav%b{xW-ampxiJZ|Z48Z$*BI8%%=VbfY+? z-4;jJp+4(H<6-o+dbIe=*jX1vgiR;D%Lc2K(LPV(ab$^482L2gMX{~t; zM~G)bcck5ErefJM^ZW6YE!&J>pXkYFZ%%3rEc-KNcl{)gVn%2NA!vqvX1+3|ylqjb zJtFT4&&Dh18__*HglgrPWi!Y^J6F{pZI;(=5LrCL=KZ*3pGxkfjBS4F>9273Z&G-3 zf_A^Q&$wt(>#W#tVVWKa2#l8d{eK2m{MYZjhX@zzAOjesxVnl@#~e6pEEaa|Ou}$T zFDh?rf2i&frGt~G>M;Auj|2eI6k9p{)3>G zUFPBlka5m|)jqV=(Kpbf3N)%qVxeKbbt3$|rv<6*LK0yp7Y0eZd?Z0r*$a&PXO1fw zNjHr?LT5%>NnXFa>ggWjU&M}>%EgW8%o``Ot7|;uiLgjEU;tU)XQXY=w$I;KqhIt; zjFx<(bxeN8ai=7_#m%U^ZKJ2)%?Pnlag@+Dj#%>Cj#Q62e>pGTNi0E|U-ZMtlA#jj za$IRQHOJCQH&c#6e)_%GdN`{8?1(qwT*rS{isy&wX0`@a?f55&r$1-5osltY!gG#ZQMERjqmx5(VNL#a&B24NC{ zBB5jF(#gyBFAg?7o>A!QX6{?EGu()Yt*7&0$ZaW^GSM)Xd+GXed%q&X#*ydS8^-+R zFdpHK0*@!kp?2z3Ri(qts#ql>DdmjmldTI9ONKUv3oG>xJJsmeJTv%ZpBfk9RQ4P( zOR)=(NZ=21Do~W7^_lJZ3!IPAbjX3q^+cHi|-cQK?uei_`n0IKZXGa$`Tvo!+5fp>QOeXkWIyJp%K|C&R8}Xe^DD;Zqb2uo3 zd2YQc{I0M18dFs#N|glOtwo>9b*)os;MNG=Tm1iZBmb1I6lu^XSdx$jGAE9n{%msr zjySx`iG)imUzMfOAAzV3`#R*8DE@78re0Hb`D5lYGuONjdLvQ406mDJa z=OxbR&*-*+ygzY+tVS|IZ?UjqzsiWI$4T=+pCp^K1ZOpWi6 z?z(0T#+J8%x(?q)3Cc#+0MAjZYLqyVMdPj7?e#p?5e9eWA0&Nb>eaY|r&IR|u019` zA_~HUwRYZD*EwpFdg)%$ntEM4j+!KQ+=ljzNK8RPNWj_L9eipt8AFU5zi{(+rOHjiky~)sI z5p!?otOWn1!->+3dB2!RC--@pG4s?UxDB39&OutanI&c(fe(17^! z&EDN=AooT^!t^l%FeO^l2-nSZEtnkeE4*eInMZnaN~JzOh%-JZ3#dQ~m#I>l8|@db z4`+F8nQhlBUd05LX~r606+S`booTE3b{(R^R~U!YYy5zl@%^9OjATJS5@bMN;FtYH z-&rodpg=}p9}(^`Na(apZX{I*ub|n{fh0e%kJcP5)3NG$;%A!DgsO)fc=fotUv{GL^NRqng-8_BemtQr ztGY{7t<-njo|s_2%y|u4{e$Rxs{TlcXgl%4p`!w9$Eqf*f~&8^KB6-W5<{~+OmTHh z;CRqBELb(&JI)x#kH@Sh6>@RFbUyg6F!?XL`kD+BctI<3Ln#!k1thq@ zjtD1RmoaAk!WUIgX(9}yeViF)8_{L?%vzQZFF(v^5qm4@)+_J1lG`>hj0-~TR+vsM zq{{@INJWju(g~87-s5uTJq6t98!aKb6GQ_u-x((vTh^Gy1C)E(o3>)&Qhq+Ek6B)` zBb+h`DR7ji>dY=Zgw^Ym48TU8`*4Tqi8N#S&}A<6_G#Cp9VD%~)gPSP-EG+SG$0m^ z4Q3=C>}Ea(&HQ?H-?0B-E4PCJ10E#0+ITD=jE)y*f-_6pe{0M4uAuruZN2kb>;0yn z(KI9W`f_OF$S4V1WvoDiPy<20$!i4E&KN&ZV-7?0p6^W`+Nai$s^qL&C7y$HM{P~Q z^ctTCE$q9NW3t5xgEtFYRW??Vk9i^B0R&po7r zbgy6Z+~C?-TMI7hk<6}*=-A*5;ox!KuXG()9=B|uMkA#9?X}1XiDJ?zcy|BheQl3# zult6nRXI+y=&ZpJc5Rg?g$21g!@wMk&RflI`_GOxT&fGZZ=RW_Ti{uC2kBxPswg zV?$AmvwA+?lya9D3Ax4l`zrqY?9ERth!zNmt}j+UTPg$sYI^HCZ?EBL=J zcd-;b%={A~H66^wgiV4BW#rQ9nEbf2!sw?Hkd^5at4!;XL$MM z!4csV2*;QzhvYU|nIP2{>O(^-MQ8IOw2dxp>1NKR=}l{n$!5LF=u#~QBcqZ>0)7eG zK5GX!rm4|+=Am|b4O}07XwoJo#k62WuRUnXCKKyK zd{v9PZcPGLo?!7QAid}cJ}5uF-TSW4RN7_y>Qw_(L$7?k*WSb;?}q>HvS{U8Ah(e8 zI&*ahdL4rn5i}+q()sW!IHCXZ64WNh(Lgf|xs*mtH``S`2m6$TZoXNVqqD5-VVUL1vkissVnX<92iLaqZqbK%ixu!95MIM(x z4@nsyQY|kY)I6GXKYOJ|L}m|)e8}=2^=n_K^ZE?rCzyboT)>7BPD#8AtJy{s5kgG?sgnOVZE<15d^ zuVPiCNo8s7nCy9%7wmZ3N0p+un^bjz)IU}1FefB5D}-PUfXVv_n9(vK+3`;t*4`z| zgK_`QDB<@LFb66e4n$`=JNG7!)}?Ivwwn3@XD!`z$~8>fbz)Ii(VgsuZzvj5qSu9; zdXnkd4!rxf$rjK}gTV?(w1u#oZ|EJaZB6tLp@_`La$-`nv+i4q(> zO9{V20w;AQfj8_hk#m(AefMXYh#-N3vr_+QXJ$V9V;9#VcyqtfG3Xdvq^EmDCF0pi zcwvbD&ntx$TPfdbFT3C9=X7coZ#5!Q88tF_Y?7z-tOifFCE0_4+^+sKv}vhoeA5O$ zLjLX{YNVqQB{`3d*uw=>X(vg-1Wd^xft!3HHu5I<@e&g{X9zYhLO*UU;x50MTAxMC z4=h+d=70uR_al!mtbY3*OZ^Yh9T_R8iU&`2pU*ceN!WHrbiDsbVy;32r7k0R(GRrX+CeTp)X1Co z4u>a=t(J06j?11oZJ{z=K4L%8Zaftj-vbsOW)*l~!3gt>7ze=n_)?Ul0bECdBfT)0 zZDFppKIeSbIJ}p?{|I$g*IkF$(z`s6{L>LiA+StG?+*W0yR3%X==dC-&UcD4ZaQb; zj9HE6eH>lq8a;t;dZti_sc_duzQ^>p1w88Rfuqy-zRmvkF1>aYGI_S{i1o!7W1(x* z$YC2>t`*H$)OodbqoMl)uIxDIw=l53`XALy4W#-XRP!|!$SwM`!3f@O_a&*~(!7Z0 zD2ap4CpB=BOLZFtWji;q3lt4UuuW+ZpEIv&&>aG;>{T94*A8{=zfb=HEycvvMr z@{*5CKx7HZQFoJDAS*VP`#%~GC4%a8t)jb5e-n*_(o~kF=Q|^B4mWvYEdao+Amh_6 z>g{m6V0gA>aqyXX8GWS^h=7aM4;G&QDd}c5Xi1&736S{f*+VOe9Ia|1nYG-RdON=0 zM}zmu=WWq3W}VLHUMip@u><;l-=~amUbvi;?z{5OlUqQK`>XTJ5)=)-E6?Wn`*T&G z*0<^H10d0*s5Gy+akX1WUaD?d%zXL~VFhDiS3KjUnqRscd4)i{x$YjtH^pqho0+l{ zKX1|zNX!3mg}i*sd|3hI#^rs`kazB@FWghy6Nm)8;uP)<2eD_w3wrrZ3J-tn+UJc)%n-WS--!uTgo7YQl0R< z^TCy1*I_iwczVHYst|hb*TBFPrO=l0T6BJPcl<^Xz5^ov^S+BQQ zOl!K)P*VEp+mY@1$qLg&c|Q_(Y{uq6Z-2i5Qe@TyQDA6dYAS7NiZC`c#mg^dQ-Az7 zVZAU&G#~_s&2aoqY0$y|Yt=AY7 z&}a&^LN`?USg+v1(bCMYZXw+m_dn?-JGw*@2xkZ_u8rRF%#f5uIF*CrqT(}Sv_^g; z@~AW+B>5;i;{W2U7e>iVZ1s2}CfPVrBLmEvra!-h8Gik6XC4d;zxU{7;2Y^($#5)Z zQ5;dg=QLi)#5_3KN>WsTR}@YLl8XpXSD;$7CQr3@{YFk<_{fHU*fx*WaRgZ&^8D;5 zGZ9mzeR)(|er>-+VhpIU{)hYC2Fys4M9gSo({K;9ji!MGuVLc`Znux)ljg z=}0S6!oNe2+!NiJ*!_^UZSxu@t~=Cxj<81x1L%n{A)|BI%3gLP@GmkarFM!OCXYuw zv&VgrTXkz@F6%K4x7P-<*aXToTKdaWY?B=sbezR$b7%S`nF?s5jd$kT+h9S?zqYVk z7{+G)+f0wc!QrzyoIu;3dk=EvltHIOZf-gD=KUAnY(8I{A2g!V=*c7fwKV@n z`0Yr+aibIU2958*t>7Br5SRmt(|a;5iv(3&U*aY|k$trvbbm)U-mUkqbmOiQsF{*- zDid+CmCveh*G_2uw>F6tWXO_aIHZ;D?ZI^R2d2wz8 zPVlh3S^T6?Ko6HwzV)XNg*>GD)}Q+Vjyk5ggLfcIOKv3JJLf<>wm`E~WLQ8>J3z{? zhM&N+6im8NKASriBHiq{9C+Ju3^{J$8)ByD3EcvOLv}(INVG?N-sONyfV67X#7=nA{{gO{%uhc z_wwm?WUcDoQ@pT#0{gY+Lxx4-JU8cr$naVy@h#_ zvDE!vKbYmPrIUTgJ=s-NJnKNuN-cbGs%uQS8MHTM+qqXuOoB;P58-?e(lDJG{lSS^ zOT4Q+^)oEcw`{N`(`Gwa3FWdsY-F(5oh~L-Hxs}lIX1e}wZow71_p@5W!hE`aA6=e(|!) z(OjUdeN~Hdi0h%R;}Y2YO-8g6ak(Z?M^Hz?q z3!az6G-QMMy3B7Ol<=4hI?euz-K+kHudJ4}`^*Vrl?J_;19}Jx#FtF1nsWJ>0Unv+ zwYLlg7cDNrbtPoH^KYO5YJPQnfZAO_KJI{g@rPb_NSm7Yc40TF-M7nlRFulc=+@p zg)S#GVZvpFdFiq%kdTSeEY1hnL?|Vmu$!*ogsQnYz2SLL+XT;27e^UlVaJ=5_%|Vy zpbsJg#K5`_%S5U!&QIvhyF)x^A3Ioybu~ImT${pTMiQb1FK*ea35x@{AhDpsh2xy3 z9H-(^tZ&Md45*p`EGY zGuQc(!smej*bcxMzIy5s@&sxv>>0lYL#BEukNKv0Ma7e0=8w6#s7s2Q916Jl;|AQu(rw5Q&vFoadYu$N4R7J zhbf3+R{#&&lQ3cST7NK>f+AV=p~zd} z*BXY5d6IIU7qI5(wv1CNEAD-vTQ@1Qd@!F}?Ys6_b0I~5oa-C?su!rLYcc8oG?Rf2-S+J1V2b7SJ9O<2S;-W{AxIGpwIDgJ;y_U3F9ZH_uFG*%Q2#?8`E z@Q?9tNTqqQ$xj{2?70vj&QHl&UOCn+VEk(-qtHb+d0 zBzWzYmHfdXP5o80-R=GRg|Cx6rCMa!I6f#^2n;GC=wp*5q&rOUin@|^o-K%mAcL(E z0y9w+MXy75_;%Tk@eu#^MYRR;)77&_YR>rHtk-#UblO&iOO4`L8&4G~hFD$=SiN{= z(no)UW$VnF;s&5hS0Bv!a#uiKjb+$#jheBe8=XCE1kU{EBD!(UzV+VbRdayBB5kAq zFjB1YYsGi36W7c!WD7CG(AK4WZDG;yoQl(qX zxner3EMBds@C4>ipS%q7Q07{8T2Ym#oUp1Q?>t~8W)G|~OO$Po8oeXN^7~43TAE{ZK5Lyn%3JVB84 z;o7A#^0p5vM=gWQPMV6;!+5%ZBU5yhOqZj*xz~%-D&qOItPUQAldpaxm&CW@Lwm~Z z4+_1!)rWf{jrhQQQq6-}W%AuFaE|SKS|y{@P~2cXck?8AQ=GbGy>dd-JWUCJOJZ5h z$x+T6*t9VlIgIyDSh5>+Jn=l8rL?uDHn{YzhdnRO=9~aBbRG;P4A)P@_lW~oCeCz9 zUO{0vTtA582TdT9kXI*-=EvOQWN;SBXEy-Hy<`66&ZadQQ^kh+hU<39U6wD8eV}7T zPDI(3+Na#E>($w+BS*rQlMR26S=LRfEGgfm>0QcBrbw6tU?tKWfRSQeB+4hzw3C-u zi5Ft_Nq)k6I^$9Y&ZMDPH@>5HD9bbLLqv89c8P_YfA zhQqKyR%Rw0Iu=D<<&YlUO|-28TL4Ita98q?eGmHl25!x8&GoBjGpk+uJlQPku}wte zL3B+Q$DM@8CXwuT)G*%s#|tuZTFu!DwD&3XI3F(n`VR`j2d&6C@4rbLtAiWNU8Gx7 z`HTHE3jloe4L~s2CE`BnjqEO*2HZh>8vj?(| z?~4UryH}|a;Fa0%VfRFmSteXfXWIA98#Ns;+FzunSxql0usJM2bP-)j_@*5fH*W~d zqT_otjcH3xbyOf31}_hF4lBLH&r2m?;_bU2;`my-68}52v4b zO9ID9$<0gbg@CMaXnwjE-MveN@n!i7V=`nz9RCn!ZrVVpf5WMC8$i!bo`=7C6mcV$?=LtNP_QvzQqLkbcTsFNMREFaKIsEAhNgi-oy!#Wc>)QH}JA~r$ z+rFCN_ZcbyVTcs@S=Hf8;9N`0fcGI>+)MQY98s?>9+AT0p>w+FCvdIjDQICi;3CMq zElK-~OUbVa*ZT%6kRSy>j+fJ*B;6GFeuwdV3kkNb9)P1U;@=k@qWM#ndU&DUV~L)c z3(K{Hu$;OB82+BOw%}m_j-TF0io0if(NOWRt%q*XQE*_a%474^vzq9W)7H6$-V>Zj zWhdvoA2yBs`E`$*5D3046Ax1r(I0VcqtKm>m;r11i5s;{X4@S&+vK^dRP;IpOhdTD zjFNP6i|j_0%ssm!il`D2pz!E*mL^5PiSW!wmus(-{MWu0KV09|FRA6w$jz!f@2Au+ zc%slTs5}@$Dek;u=~z5ot%+xzw!prqg|C;bj|W^eo_nSztX&X9cPWakeJ3M1nn$)Y zA}`NAq8Fz+!$>!Cp(vBD*qrOf5z54Um64$bm~v024+YB%Q{%Fy;gehY0<;#1`#k=B zHJaE9Jb3xLb;A|)9?MUn;**PvNoW5bw$3^#%69GBQi6b#gwhB|4WK9?HFOP~Ll2;I zOUuxRNGZsG($X~y(%m49bfi+iqX&itLn8G*4{zQOde4vIQ~&ml!*X*p3_318H?7>=Zg zYI8M8Cih$imTb|h;PagA0Edeea;r*OK0k2&<`L?d zO0sSJVbU&UU2ZV(?6U=>Ngx9w{V0;-0!ZyCXQXAQnym3gc{hSc&Vd!*v7Uf~d%KSA zBV`gI`_X_BHW5tMQB6yGz8A88H|jI1xKOxS4icvD1rq(-2bO;UxyWv6b}t zpUp1{3SPnN1^Q89A^cNB#XzY5lt~uB5Kaw@7d=&9s1IPpa-(zhIdUOfDL;QgY2-b5M)uOo!k zOYVjcEetTd9R<}Jc~6P*iYR7b%FIil;*VwfQ!Kx_a}^$;_QL&A58F%dC4f-%7!9)mABRo= z;#M}UmaosIxTl5$VnqB+JURG6UcZO66S@1RE=hOy;oYXni|@uZiRWGVqlatCm_j z1#14yAu!R{C^^ilVk$q+Q zxdYUMVZQ11yUo^tyRVPa`raJWV|L-f5rHSpK@E$|0i&AF7tBDbnuorBD2B4Yt2#Z< zwo*2Pbi7^t(%&9!5kB^=;*Y8SE>DnHqXNty%UI`>j*m~W_M%~I+gY5r;^auGpe801 zO69H(6Q5RPuuKJ^_NLY3RKxU>PCs!VS$i2ySRPyi8s7SjFbA=F*w*g1%U3_xSR*`} zt-cPXLk2J1xSluHcY9V=N)K&p>Ei z)N`fFeA=%mf-ktW8`;T#kj^Xf;u#VOw9~ZXb@iSeYfsR5jT&dpX(}bPu0N~MmjPUOK5pQ4NYeL_EnkqNo2c%fQrs4sQ;W%oNsZTo`~o-dvFxP_LN=nI zxISs4{3e&vq0Bh4*FBkG9iI+58P=y?Gg6AE5!i00@fm&9X?1 z-cxj~HHF*`2FurdxXzZF7HGR*Qs}?zD(^oFSMEtM>e`10K`KAg^?#w=7@eCqelt}e z?30wCPggU#lI=xpS^a5(k>Ah5NHeeU=J>0pHNwk@hF0N2@)TM&JurxzD)J`V5* z3JDhQ)mw0C>42I=g@AA@pvWiWTZ_=(smsyV6b6p|wT4~KU<(Xy1~cS&ENZbr=cnZ!(I)l(A#T54XZ;sU0b4Gg%=X)3P#eI zg--BvgBZP4KfGS@r*bMbNr9idxELVJui1Ouc%VSH$FOHQ!BJ2!Y%G(8t_=mX1fIK& zP2588z6q_Q->f#$_^O~JBv^r~e=_ZJF_h8;kKFgUoSGxA?YsxV+}kU9%5fpycq^g; zzAp6yHUje?UP*DEC$4!N#poR5cgs>1e#zp8)33KVWYw(aUnlgtrm= zKC7*tNKwgN8*D(|vy)-XT~{3qLizT5;0C4!m1B(+Q!DVxqPxiijXXk#ouh^Cr&C9cAL9)aEoCpnQ-QaLy#47TwUDB)FZa7&88-&3r5i6U zoDj{<&q0*(THel=T%SyZF?wGw62>hp;25{o)1{-xs1csc*2+pHWgYH{ zlL_yiD7wopygVy2krqO$_th`B0Rzgt zAV^PY2G4|e9yyT1=g&I8H^oP~IeuC_Rk?)h_#bB|o9aLNy&?V42P*iof>5R=A2dmvDMvH{kyNqd3t`gY~~Gr*i{xS+v2qYL^GI;H_`W=1KI= zRh13TD$g4;V~dYEll~u}?>WgoLSr1Rg?H7PBj!Xx(Glodk;g(G&=J8BXx(}!tvoD* zH7zMh!uQW>0_-|0?Y+bza$a1?lv~4ky(4^)PWF_MB}DA^b>)2TimO>J`L!zto){e( znK;&sm5}O7=HU%(zU$02fw6h8QcZ$r}X?&??jRZNgN4zyK+5pOPC|R5bPpn*!dq z%{=(0?gEYBv=T-hqIdDy+^`DzndxDWgydOuUgal4$4|tlPa+k2b1w^0a6R8WE~gC> z0+w_vI`C4%Omb^vgAb1%pRyrdHhZZ`zOVx_fwpihMXEj455dlgBor@;Oeaa-b6vmI zeo=7wuYXJM9%BdM`u^3boeCOl8uRkan^S1TNUVeBas_}w5`5RQk}g$QeO2`CYBBt% zeK*;F9362p&=(I=yl;f0&zaAtfA8X67jN!aQU*&3 zEFBrt-(1+d9^S?G?Mxiim{YBWB-u-mx-qA^mb78?O0ItGM~5WU*uZD(REK~TCE$h2 zTn5kE+Pson$KKVY9Mv}-@}c{fF|56-uK%o!Ct9~NZbymM5KA=t6hbmX=jDS<=Z$)k zTZ6+H6^7>-`Dru#>-k-t;(7WA3v@3H=x&mGM#I@)*DL%Dp-{Gk4ne6L6t5%~8s6x0 zmPAL1`IPnwWOHtCVd>A;K9P@51AMicbb}rr{SI}m9Q!J4@!tsnQSWcXW+05?=$?K> zLlJU)l^V&_ba_`Ujih-Y3Nj?xV=gk*gkcxsyldeR6+UXQ#zO<6ngkQHVl;8!UnLp? za{nSS zzy56{_QDu}(Ea8~T%quQhoCC@N>g1cK4Kd4>&iY9Nn4-*HJ+I~%T8=B-;`ny2dD#I z|26r4;=CqT)(_IVhvjfV8gU0G;`RWLw zlQ=&ucEE!D;oB;S`b37h$q_|qS~*H+8Z9&2e>=%Jkvq3(kgHacT=ra{hF~h?qV7+H zsBIx-_1MSCWEWT*{4&6}aFKU?Y50#XmW4r)2n2+>ke7HbS@*L-PxW>l*rarKEBjzY$g%Fp}oku2ic>i&pG=H zX++OP&9NF|ip>F7ro1b;wy5qfuIgWny6*-4kf7-8sT~{9nx@(ug|0pa6QPSgaOi9X z8>w+$Nm8vk11th_C~5HJkQt6Zc8ZS|3Yh9tQ{FUXp*&j=-|MIG^mw1^@RJ^yV|@Q> zTktF{)FkbJLlL8Y)B^=qYS@U;eRpfy7@DLNx$6B*{dVQ}hP+C^=C;m9EF z90bR@IHTWo!&fa>!Y+<`)FN*7=7ap=4a=CpkvGuc&E0*zEja_V)C(4dztAgqbgI5D z#|~S-;tJ?9_8nXET=+&NZkV>Fu2%N3xtk9Y?wQYl=0c%0XKkF~JJRtu**FH1hFgB- zCI^rbsAT~Nr5T{G5<$HDgAEs|(A<7TSW$!^%2U0UJsd*qEJrUI#F=^U0D4C3Jgg?$ z`KG0N^E0uL7g5DKW5A5T8(%;5UYW-eZ=n86N8s_x?~%;4y11@~(ODC|uev-&E4pi! z$5I6Ur)8b;aulXogYX^=maoQzIk)~blczi;=m^7K4x<3NC-z}E%K9Rl$M*a^P+V6i zL-_@V2np1jN`q}5)Xw=_%3q^YULD=u6)Mh_#Bo3+=Ols5v7&2DV~qgO=_x!It3V(P z$7k@!jxFfnQIu1^z!JU_X_U>!%!C^ZoSg^5{?LuxH*A5cXN{5%Fu|A~SuZ}vq{}yn zqV@vG5kX$|K&eZ=9WheXF8M@CeWsiWAxm^GwnYp;-n~_~aMyo*ajI5-DE=Br#RqL9 zM4wK-SP?eXpPob626+@l>RkR%`ggq)Ls|Yj?bbki7u=wHcMBf2D|vA(ygpfl0+Ey{ zlyvCXSlI?KiVMd$%LhDrc0I%j3(m<`)v$u#9Fwxb*d9;;UQx96YL^oi`ukE!1CZ)+ zf;IZnD#uF-ejA=zYfl+m*u)ornYJ<1S3}%7Wrt!fr}nEkd7bYU-G)~`WMr}#XFG*V zU!=klQYedaGB$m^qwS(i7TyTi`@a4DwL;i(><=NhB_sVHReYstsWvw@xF7q_N0<^u64V^I!HD-<1>u6mb4 z=o|q!W0^%*ApFN}ec{}`wN;H#UEb*AlOGD-G>eAsA*A4V(?FS1X3jn};saojM_Ud! z1d={{4$hQuoTMd~4`TMd$l?Hv&oclTLwR4z{NM){g!&}G9W5_rpPf5EVV@rQDiBdR zCb}qY3+4J{9xs`O6BbKxCN&EWd$l=GkzYF&I`$GZUZPqEV$5oDr5YyCk%Wj~23T&2 zpf({M)CBu%L6iV|<(R&*T&W$;4{}CrCfz^!#u*exd=a@@GBPH-#hzP3*u+BSt+9*; z^zlq|pJ76S1a_+0gSZ7iHG%OV?;q4B5BFnFJ`C~;evfvFi7vIb7j4%0M^^e#BZ=Da zHL?3s9V5@TroUex30Gpo=wY0O@yr&vop!=YF1S#JoLF{PZtyM8-C(sy=Z+jU#o?|d z+WW~xebkoD#Wt)Ia`X*zuAwbRU6=YdI)?%{7Yk9p*7nk~JQbZh*|0^Nb8xs>!MJCq zGW{A}z-E7v{;b)EThS7SS2Gs~|f;gIg*l{tiPxD{tG?~h@1XCEr7jLO`6G;mD&&AlHIn?b* zp8`cBYzg&puZ3E`^26@kDxh4{_i?X7fUmPnCF-^az_EwzP`!z3%(>kw`N!XXd@9@Qs449L4Gd$wHc?f4Cv&v z2q*6KDE|y?qlMQYyCJsSn%Dq&$GBfWoX49$7zsi*K?B>bZ0K_%6VI7G2l?Sb`$2G@ z*^PuEfgW!M)4=o1TgqNA*s@R8x6MhiN7*L)`R(P8Ug5Jm_<2Hp)3cX-sQ_O(V@@~L z++P}v!-ZHf1TPPZ9IIeJNwv`gP!&}Z@J*dhS50H{>62j^)>^Sl{Pr{eaqh=d<(+HZ6AqGJ4LW_9vlECnI3 zEQTq}#NQNR^ZaN&EYo?0QeTR)OtDUUu-CU<##z<#dABC0B#GS+775K4>G&)1i6|rF!Vgyp1*~_ zT`a*KL)nq<7i4i4nW3M^lsaGrH<&0=C@00DdDz>P z4Z3GYf;kr4rL%wvReGTV)=qr;T&IwzC)07e7O( z-oz04sF9;G)Nqh#VSxR)60C!qAx>u*sA8@ zSaUADJ~K8sL~lGt1vJ-Lqi32+pGB^VQs-vECnfZa1k6bkZ%UYbc>4CyH;JJQMn%r9 z;U7xfG3}X)Uxv{kyL9jq0DYTTBesBfJVc)@%Im=TQ*fd$QgVY4CH4c__ot2=;VE`wlJy9%$}tASOH4EG()I| zf98X$lQl^xE+;YRCv(2U)bBSXv94YO7luAJ5(w&O=aIPbki`*VK1~`5nc94TSqVRx z=*Yoqn#Ov3tL=!f;H`Ho++?{^D3 z15D2Z4%?94G)y8DK-X2<8@X^B0)T63U}>N^VW=`X6ADJOMvU4D8#l0k&n-OaB}umq zWY?g*<&kXtxi~`N?-ATpW5_?`eW3JyfNQGh8Qm42QNzKrrT#;3BqaqO23e})*Gxpgw&nXWql~ptS2!7YN-F36RfDS#s_P#SanW1_~c4>rjjG%?mE`azFl^{X5c z(oN)0K4HFyr+9dvYbT!As4guWWT8(^vGVb4P_^0TlN3%aSv0)nWI=_H&p5aIj^lI$ zIe~{G{O^fw=adC|8NWdB73`@-27I>Mp)d`HorTHYU%skqP%+T zwcw)uMb^Dra?0R`aiznpfbGMzxMj#DPmlL;^Rj&Z!!gWmMiYMwJkb3+?K|rSz;7#E zY0a)YRoA?S4dEM^nP!HE`n3-P+M$cEt-jb zWdOk|A<4bG+r1cL2EgQ*q3}7V=^e#f1`F-f$WJ;0o#PKSoLRnhgsPjM5ggC6QW2Dt zaCS((4iGGnNs^`YWOAf;fJESUUC;+RgBrRiy3`t*6N?q!-4)p3XR?802p>p+Y%zSd$~3>0x+1B_k_h$yHn$ko`xK;TiwwBzkU2a$JbaQAOn1DwkfuZ3U=l5Oia zsXtbhmPDHzGnVuz$7HSa(=C-M#W7iWL=w~^*z=X|{OBqHrl0DkeWIvxq9-H2g}l9+ zWNBuZB&D=0$|f!#&h{o?tH+XX#W$N#e`!@ehlxe`xhf;A#dQ-uV&Ua;RJU<{wUJ{t zO1pXXvj2x)=6tmonJp`^g*>!VX#bIb;qmM!loVXhnOe4D-6@;cvs)akAdnww2nXu*`2y{LErdS7_%HdtQZX>VpkPHb`P8wQ+v$t~m`eAul;ABSW^>Xsi5E@7SRweg|^U^wDt-&Tw z2>Y#UV=r5eBwrc1_QRTF+sjRWoSVA(Vz=TFQhllOBO>g|r3I_dbyhG10~k3&H8lZQ z&}06ogG>V;MsHk=t#1;eY%;!Y@$S9o5+>*>Cxre36oWcUQn+b~>FRTP)FDbBxWfE~ zz!TuW^NueNnEKs^wysf7o-L+HwLKXYrycECJq*RXl_9bx+M~aNcXss!%9-K0&iE5w zH-*AUQeG^x!~9~SRbWA;{d6qIp92p5&)YYt@ntq zZVd#vW}|0-%rOVS3Jc}HNEUQ$#Z!rfBULZQ#ksfad3YhKQgtx-zCKMDp_nGF2aN1V=8wt^Y81l z{<`Wx2>|MniKzA(xRgneFN4>|lS9vOT;o{oEPysC6BdZ0^-k|faUI+2TZ_tRjG9)* zBnyX0;8|=|p@ULk4>B22{IG~IzyZ84wgt|L=^vd1#eFOZ#wlioMZ{74LK| zI8;7{M;LS3sPIk-`tZh{$4}+!{XE6*`Nxw}I9|_N^2U+rRoYeILgN|h6ZhvoZ+1U< zI(vOOM<<&3BaX9a!XlF~b(pwn~ST@%RM%u%_;0^iy{A?<8C7$|u@wOMlA@ zVk2K7`7!=FJjr{vbBk|(l|YhBs?|lfza1REl?H)WdThn*F5~JOSc$N|M=(E9banXg~7UZp3@6D%!ZB-Y`qEA>wjj=DERvM$?X$+nI|+4Yi98Y^>R> z?<`8m*WPz+!#>3P*YnOI+KSQ$7Cq?-^CvdNvChltk1te%1+EKcMo{asZ0g@{+V#92 z3LUA-S2P?GhPvLYbM-&%V(S$dau-HdP7`;6TFmK12wZrv<$SZ`?5f^YWtwrhWhSW* zb`5E5;tKhs>s$lAx+$CPAG>(*f)n)vroahH^4iG#`RaL!1A7nps0v`>-_Q^Iac)PJ zXk+)wv7Gzo9|B(usLeTAKx3rP4(q74i4CYQheqk5L*_1YU*>l;FG=- z3x8|jNKUw!X3$;GZ08tWUk+$JJ{iHDowH_e4o&R&|e_y(Mm<8oc5o8qN66F!+Th>Q=JcWN;4!WmS6q0eUTcq z*B5$@$v7D`!mc!LKp%A?C1sK2;<3d04#hkn5juag(#n%PtjD-Ir>u4ddk&tTrez3MW zgV5=0<8aZNJE)p~_4O`x$YA9I!jq$0lNm?s(RG}OWY>(w%K?ixRA#jfv)WHUcpZ%E zA&SUZbeYwHl(-^(r_hdQeHecsH>pCh+| zKQn?Kk7Po3<7{2uEysS6O(TciBn}Vm(A}aMvR!q=kL{Mhki}DsW~2Ap%*7W2&4(iB zMiNh9()R*xz)wRl|B|7|-?F;eblNHnqvwmwFckZVqjlpNh`zsW0=^p(ep#Bg6Ie9b z^JqJG(2#jqO9whG_PwJ(wk13hz;6>^;>RDDLSS%5Joc5>epsKvltpjSBr`kFl4vg-4mV+`GR=$TRGK1S}1SsoGF*5^*nX(V%tHKF+_=<#-T*8 zFwU1#g<1%UYx_f?z6G|`Bx;k5#NGSsLu>D;UW$6|hcD5{xt(m1F_0N&g<_rFn>IPG z?}gbcg(YxHtSK?y>8u&9K)WJQwg|mj=Y-agFiz(E0eIin%EPd4B>c0^d9CYNRU{Ob zX-i{;HyG=t<4vQB5V*faa;clVGq7Bvh^}V+~1+L~)GGs$Z(SO(C;TL1%jY8FTM; zCp*G*rR;&M+pTiW##nBKVw~=Fx=qhw%VfYqOBj3~(AEEHrw`UsClxwpYR8(m(C%iO zdCsh##N@eAUAC~%%)UO}obN6C^^qaZ+6Vbqd;iSU+~VZyS?mi_O<$Hx z_z(1AXN|D(T#al69bj=oVXN0I^YtyD81Q0tZk4~$NWIewR1jemQ2WYV8(^Z@OuUVY z&6K$oeig##FRnsw8yxE})+0{HxPrN`yB%*9`Q>ffoyho3+O4Q$9&`6ac1E{uy7am> zU&)s)AWZ)Qa3tOxjrAvt=-oc^;TvhD866r=Wm-R|neA;XADuHd_EsAYGbKa8q-PUS z(Y1@4gCYwNDw)oU$zMZop$>J&2u10*YM^Gd3&JEr4NuhIK4Lfcs@F)#O6&YHjgSmA zzsNwX`SCY%wqBMfOl$o2)$A-w=Hl-u<{&Ro%1zG=xEPwvcG=5guw!ti0R-nI zWDuPV>s zKm-TU(Dmhdg^xuIl}R2_e6UbOpH5}_)=P6RmpGjnse63MXXHi`n%@Dk>P~u#aN1UK zjrfC2*XInHnPk#kU-2Yy_c@4c-FARNN+S7FN|dZaP zKL59#%(~X+9uVD(_5ev~vM*fSzIGu*e-2j0QLyP%{80bKCn_Uhr+CS{fLN%Waz&OWZo{>E=x z<@0TF?|e62tD$}>obrXD8^h4tW7MKQH?^VH3|-9cIdgd|s-zg)M|)O!imGUmoRClJ zjMG_~=+ec)n!nW1WZ+LCXzhIa*LR$~W*4eX+xEo{2i~cVVY0*6DC$<>#oC+sSkXI! z+2{yk>Iul972J55& zhz?D3efMMQ*1@tR?die+2aPd(6(rfA4xaaKv%HZZvC54 ze|>0#j)5)D+lEBS6H$Gy9R1S}B#V&IJl^KYBW7Sjx;vXoY_zQP#*(rmXG|XX6K?ph zgOgutnT;J=u~mhTZrSZA77(V~xQEt=zE@c+Eh$iVSSDIBte$T@&N?;wjoy`4FJ|^= z8j#u^>c-|3Bea1m2z2ghKmGmfSow908>erb;h^0u>J!qbhF-z^G$c7B3opWEY+B+w zK6r181iQXyT6opS8TH4#`Y^Hv&wI|?T0YiY)XT8;6Sj{89*8hhfGpS#D|6)m58Ra0>eNcS0{Sg+Oh2O``wJwhW%QU)7> zXFpYER)f3R&>^90Du&H@r@GxFd_6?r~op5kDcicraX|bj#>Q{@=g!&BKg?mN-WbhKW-`cr5fHqOS z$iV5C-HoD|7Oy}cA>lE-wOV@bt8J~*lKeQ-R5HQs`LX)Tk>?VNE+I3@wd>_CnPzUf z9+hVcUr#A4s7%o(EhNed{dCQzNMOY-vw?PJOlt9cafzLJsH&7)y)sd@VrcBkwY>g1 zMZQ3}AIN3Yfa>;Z#n)*C)(cM2NXn|5!od+Xr&SgQ$n?pVr zJvtUXJT_+c4-f`WK8#)I)0hQoTevDf9|rB^HKUxlf2M*|K%|;97M@*}RZ&%n(p}l* zj6BVcEQ?q~n;6f5nZn4!q~vH2686Nqlw9M#&hHyAEBok1=TnIvD=;T6T5RA1ObVL= zgLS4!yhMv+D`^eAmQI+Ie@xhpybo^HO#B&fp=z|5%34UQ(G0>c(*-<@CrOrAWR;}> z7tI&N$F96@hUyGL3&+oM$vjq!T`T{%_ogrwyTz;rvaOBNu2mYj(N|j4haGdO*^6+Ni zn^h{P=<5S4TxJuq|1~G<{exXIr~bz>DJlpP3-n$Rn2!R7pFJitvDS-%4()S(;&135 zVd?&RUXETdb=o+?}c{Mn`sp7jqv$mNCMFw?L}hYvRozi?iQj0FzgmJnk{Lj~IyB@>_cejoF+~ z<}cQa30+`1g^j-+W`EEW$GUhFbarPX}ynIlULjIxYTW#0K8rVJkqt#frcc&%B7CS+e5nHE+3d3!mq@H1B4 zXcqT3;%PQ(J~#EbX<*vE$Roh|#H#zhK1EHm zP_pN?fcM!M4SV#}{}yj><6S2{Lyd|tB558G9SeZ`+Sd=;vp#Y>Vs^_@BSwq}XR-uIGO zpDX1Y%yX1>rSvI3jiuo6V3Yrt@hfoA^UT7R7h?gI1ua>5h1^A7zzquQ!(0{R`Ia3H zDf@Kt{dF6bp+mig22~X6z>PNN@iG!wesONpfDMN)g*DllaJzaN`g zO(o^ysv;UkvQnj#fBTxaUMxBy8m9PP?-WB{mKDQF07eMo=KkQu|Nari#a{N;6#;qA z()~{O{4ZKVplsv8ubfQP0-qn~VPjlQgWEU!Ta9dk8TMtnHCb-0ecXk?47 zq(=&UnHQ{d={a9t$FA=&=*I?J1-2RaUB3DMfAGoC*;VlohitKa(zJ+syHRUNcL_}T zFre~iBgypB0#(TY^8>`xivM}b-3u{Y;#4u>I_m#9_paSo?Ybz7kd6vf%$<0%4Sw9G zyQRrp{dJhiDSV38Vc7JGXKCGuyL^ActRB&miUgw!^>V4_s^!hewaM1j62ltgB7@(N z$Gb~^cMYxDhE_Fvav)0IwxDh_iiq#{rFnEo^I|DPBB;>v#L+Vyw^&0+ZzOaO6( znPP7rQs#$_Q2Ai>53m|~e_>2^okqPbUD)z#@rH4CIO*5?Mv^y7!j9Y4W0Mk;_;a@g zp&G8oB-u&ZD&52SOfyFVvE{;A%U#S}2Ma24oY@BTdQaOlIY$5d+U1Ie+KQ{T(0Jg+ z>J-#h1j#kT_Wp^4G_(H-_bi!}^^=R6rU|Fxa#Bi`lb}Ja)T8hx+Mo@%v#9OJO z)u&8SG#g7BpZ%|Nk9^b7@Vfv-*uEJ=^W%E11y(|u5FMxPvHljfQ(l*@Ue!s2dos&; zVZR70A&)s$>Ft^Q;FiSF)`6Nkw_d7Xj9bC^_dW`n>r}d^n3Wo@u6*l1PX`YrSf=Tn zddEXaY}^e?wp_1QqFb07Z2BljR<8#LN`LUzn`0w?26$pIR}t3U5S|B+L#zCYzy593 z|6_#}WPvj?LL@(5+Q_FL8k%OOCPgI}%OP7G=ys#mT287ftS+y=ZQ*~wPXq4(KAGub^+snHx(I-9In%y#{Y_^7@E~jY zcQ8KAb%08g#$1T4<|y)k*Xz$nSZCkflg#5EGZq=ci}s%(>)3DF6y}-W$+!Os><8d=%g0R0 zRZc^Nz0t|;Q&l7twXa4H`OC2xUIy+}Z@e=wE{BG$&Jai@T}fQ1r}$6wzwO9>F4ouZ zdsrapTy)t)pR{v5m8rH?fJ*ilVD0hal>8kr{}-%_z;v#jRAtpSzsR4{%cuMlZET#4N23Wn+8(6H5^2=g|Q0D$gKXx-w%CB4Gn* zuoBuPH3OiNYlw+|_8%+rUoYeoQk}61m_?PnBJ1*2@wCM)eEf?Hu*kN>N8%qiqXzl` zaL#0Ancmoy!ym_+84CI7iy{^#<;)seG7GC=Gs}!ed)T9;c8F7rnoj-S+I#t%mfwx* zP-OyCFU~<$sx^zJOa!1J!NO&&rIs;>&yZQgcqE1f$9Cu24w;)@dcRk)$uwbUnaf7h zV-Y&NDud|VEX}X};qZ?Bda&{KE;b)=T81EW#3P_lvRt(U{h#jb-*Uq7%nkz^Df6vM)(sa%Lv~ zo?$jDr-V*4i=Oph%n#@u`Hx@^PcZ+(qr71T{8*Igmsq_~MHR>2%uYz(zbJXLd_Di* z5zt6}LGF&It&p%FdR@g+tqNB#^+J2lt&fSdusL=G8zIf^I1#YXhKLR%4l$y4+72QM zAQzCU&~M5AmJ4Qaj zRbryQ7oXIYCb%Rd?OtIc5d|yRJ6{B5mc8G%9TjcAFQ*xPaQyXX;}@My&FSF`z0ZkB zY2yZ&58prBD}M?IN_T?t#d`c^j>9TLQ=uM-K+m`62_uI-k&74qA2HLvE)`tnF9P1~3c&nA>-?VK7fXis z@*nI*stOLiC|Wmv;XWpNL#1WjpTrY+S38`m-zW&J5zH1C_FLco}v+g$hcgFjz+ zRwQvdT?%nSY|Zlpk7sP9%PxOz(7ke+rVAhjit&8(s&stlZq_ zME^c%2OCt4Ib~?Erj5AheJ9XrGEpqo;m{d;n2PWa9}&i=@e1i(;R-_Iq5Y2q{QHF% z-J?_>f`VzOMz7O6Nw<8*nd-MJ#~LqeQ1<$i|YFoM#ec9C0n(nFTqEv)w-w&(t6YS1kk`*(?i<(M?Z=O}x7%!z)$oVXp@lSdA zG)#6aTaa?_aSoJDF{8{E6$V=*uz^HN5V9EAZ$9pY6z+SY z5HeydSesI`+-Wuz<6x30pqD>>?;hnJc`0$tLxKa>);}WYD<&l!*bmoQMZ}sg{>eo> z0=(HG>O@_<^X~6##>E0vJrzx^>?Tc70ixxHkpFn{zh9*O#L-0h@hWqogy#W(AqTzF zIkL)lX0xngJ^Cb_tTb)KMz0$${MwK(q@e8E(R0(eA>e`)e{5}X?2FDZYu}6ppRSZJ z?>N@~RLoNtJQsDD%-x{O6||k|EH@mLAi*yYR_KM!SF;EM+6=(umsl5zbSMG|}|L5l@0PyC)*%C5|&FROuk!&#O z&ukXG8GxGM@jw24E76@ZzYpN5Bp>hhjdP!VddcZg>d&q>DR#)ajmh3Sy77I~I`h+r z?1&q-T$E(Rtj?ll%X6x3iwdmo7ws2E@Xl|y^JOFzbteI>TIua_!ae7e*5k1E^4Zqb z%%gGiTTeQ)evoINFzOJd2B| zR`*_)HnNj5O#OG#^Y7;rO9KuQt5tJ<0AEXL@t`c3lhB2#5ZPO%murd(MPwXAEYZZx zO>F|ymD&2`d?a?-a^gTqo>Mw*k=ZVNB6>DBa^Rqw}d{lvf%Zey7^{KI|y z90;5r3l3JeCdv{0!!wK~<{ao^AdG&jh&$C1m<5+_)M#XXAmb+S52pB9A~gU&CsNaE z`Je~O9=N(!j~m_sbp~!S`)!rWF&|#zA+E^I6YFJ#Nq==-SM}Tl>>7Dt+f6tV(#WIO zAR_Rm%lmxl3PC#EL)u#9!6)@d13Zzs@$*Y8Pby3ewqF0p-S&r=`GZIHmi}5#KW}~b zhYy&9DAg}hLKYnwnrG?DK5og_J60NI_Oni}D%y=67fQ>B1wre^Xkq$?tE)-t-$jOM z2e|4ZY!?sf2y)P4AvWcGEgYj;PZtHS+Uc6IMh*(hdq{XjQFbRWl|D0^%z*Ry+`927 zAD(p_I&wBn$JDSqV!_1M*P-1$DDMl^uh|uibx4V#dg#m+;k(#4GlVZOz&Qk0K`AB|BAH(uVKMt+Rxo*JuMu+1Ip6G*8t-u(4~szsKSpI z*zfL#jadL7A6UdlfTuDen4FsG1#~B-_LU3wi)q7h+y4&&`tcF){bsIht*4Gg>6(|N zGO~mND@ekAa`|*z|nk!!#=zH7ZNJZs5C9Zt$+mZFbxtb>{pWnO^$HS>4+ItNT5> zHPdb5sdWLaxv|hvy#pxrKxEllgL)3aJR1?a)iyoq;V8uAgr1=d=Pz>T$jHdbeg_?Y z80hE6#m{HJ>GD?0`MhT;G9Uq@QRkz&^I94jW_&<*@*Oah^DPsh$1dj4%R3gIU|-E9 zclcjf*uNeC_`69_pXw&_9CLntAs{e_`aX(Q>Yr6+aL8-d&8uUx8gYGpGAU(O5D>c2 z|BN{YS#qsN2Z(b}rEes*KFB{xK@kzZJm^uMQexPC|k=>w@@Q?2R zASv-?4u!FIF|0d#k4M}%qf3ii)B$R0ay}pb!i=OO_4t3CfgDVn@h*zmB?n-v zd8m0jg1Y+8PiQU}tpw-fCchNYWlW2I*oiHwsb?pAMovRt#TCHI?-L#r) zn@l3Nnam%J8OEJV&1Uk>C~Ni%jWldwY%p|$!^A&NI74dkmw`{;fk5;Oc84OssTaUr z2Y^!LXHF8CKqIlcvEmVezIl?Bn!Yd5Wl(-4f`1mrB4M_?p9R*GP0@#E`khYn`bZ;? zIVM=Zr=MAUnf5Y}6aJV%x;}QQHS|&2YmwG+V1{&{CxO3zH{k!2s2-C7 z7ro7}9Y0tSit4zg(0{o>{ zz}8V-S65f_o#`s`%|bwRxLuxrBTVlC-0OH?V=q&n5!A1X^@wMl!g>yV8gVwXVRvZ& zIJ_`UbNjku?LYypp6|TfTMf52KZRfhNsc~TU)XhYD+xu~?LR!GS^zki6|dJ){~udl z9T(NwwN0l8N-2n7g0yr<2!cvCLl08YIUrpEN*PF}Gz>8`42=rX0z;=Dol5t2Z_o3* z?|bw+fAGWOID7B4*S+#u*9!b`Wyps7!ImTw8Uo)f01CJdJU)L08%^+ADnD_wnrR>H zMuZ2mzBr)flgRKlJ*WuO_3?L|TO=eqT40(A$k(6@U46Vg>AvhvsI*!!L7mIRS*Xnv z`MJA1{bKRl^M>s0&!qW&6{|(H31Dlz!IIX+cg}T13WLD zkVfNr<@kjd>6RnnXOsm=6mb6_zJj)2LHai}i%M-yrEb^F1dwJD6#y7Ay>M_GQ7|1K zK|;i*W?%g?Vrqil1UYJTLjLmux!?st>RW_9>uKM(zS*6eq&=Jly!OAUS$*rT>q2!k zO0HZS8ZVwgK)xikm?LqTcR1X5cBc(&s4vt3oO|P8R{z3bQIxJW1 zoq&LZr={Cw-%5K38=^bT{j+JT$4=K7&yYB4b65UTr%>@X>GXHwHNBGY0q8gK1qvk70g*zBei>Wb}l;8BMBXNCdd2BHaP=)qHi; zIzX7dasV7xap6B9_xoVyo3zulvl08o(=Nan!KMRC4*^_rQor>Rv;sA@01Ge4%X%;@ z%)W&P;(@(tR$I?_Bi=ET^nWO6|Ebh*vw$=^9ne2UfU5tDfa@AeI0b~vZw0TAM+(gn zIe)zo@-+`4@%Ep;%rj%^HCAppOV5@lNllZ6q9PyC9Bm=@J&?Xsq(We^*?8D(pQ&p< z-bM@qh@_fPF!X44L0^KMVF#D}(_O`c+oKfKOfK`JHIMT3%|?&DobE1Vypeln?;l+# zzWtYh!2niuZ4 zJ3f7;6*^;LgDkA<_!rUdf25iVD%C5io%Ae>c4(r)9`$uXpHc{*ls7!S z=ZHh|Ncf;e>IIk(RgjktyA~p0Wo7lb{TTGiZ=4m+ShE^^g=}r-(B`|x*DWFIeJ?#@ z&*o*^<9|oNC?+VIv3^)B^q{SS3B|;I;{o6`>H?s}EBbH2>k}3l!d+Xc0%U5|{Y_j$ zZH&I`%P1^-BSq28I%gFwFVtd+XF`;+xK61ZdigG3Ul{(739JdfSqD|we2iYl6~b!{ ze(viP!z}~%j)Y>LL?gQx9Zn8@5=3sdgT$w;~?Cads3+W$qUND^HkeEqLgEx8>FU*;@0jOB?q2CRz_|O5K&=%XtzHJISzW_ z3gR+6gi|zrG@4vCg3b)GijMt}UJij<`|Zp@cJNCZ(QSX`Au92}J!vi=<_bDrHNk07 zm0*VUrzQRm2;6kouIzJJ-uDxkARicW%=#b=pyXO2$&m*rsT&LC?F<tTQu^*)VP|}>KjCaP{KyoHBSkC#c2Kg8 zxr zJ4qY)N!=)jPx0Q#nqrKW(vVGvbbVZZhHVkpFB zL+173Vci%YY`jUM;<;855`W($xa)R3FHMT9(~fM(J{SL_T#-g0gaIe!2)i` z9^fiZxU(Hd=~4dh>-;r|=b!(o&g81#m~p@ziH(D%G)YIw3Cr+lytu?bbbXV(`MnjO z^A$Wi<5U*g)hGk3RGkJ}GlArx`06mfBY?*x^AdfCYNuhsYq^XBPLpNh_rb@7zh;Wz zECS(M^NTa=o>M?($t#q4`v$w(yslJSF;}=Jh!@&9UmE`;Sx043Ui^8Z{D$8+P{g}! zCw~^a{F_0|ZwOwS{vg$dnL7@@Kv8fKqwmyyr-d(1vb2@X`qk!LzLp*zlr9OW3Pk5g z=6dA;NOrp10IS`M2g1eW74@Zpx(1MbF)+xh~KemvMLFJDma3TO~7Fd9Ok&SM6| z2O<|he&0L-(|WaiHo56zVdy>|%_K36-E&pEj-p5W*k&8xtMC+C%pPWo`aKu)+_S-5 zRfh!_$38;5+#HrU8Zmjp4~0mtydBEVfov?0tq=Z8@N!>(5SsPu@-IAsgeEu*O76=L zZ5n68!LwyLd9n~Pdh;2U>t~4xiHT(wN5}VcM7!VX=;>LvM$j`48N)8V7B4Cm{d+_@ND=7OEoW$l;;b_>8FQ(qG{xev^ zBL2V&dLZ*&2%)M_CJ@D(o6(7RltaN@<}8?rvo-|GmM0NX{6Nbw)Z~8`a9Q7iE0EMZ zPjYg<1n$sqII!%G{Zl|qu6ThPB5Sbj;9ao*cYkzMDCE}v6iNU43v33sXWbc2VdZKJ zbpHt~$A5o_$)5$>uIhD#caqKEL)78nWPf^7kPM|kGWxwF=2&x;J;==*Fc`A_7 z?6f$J{b@TTaj2!it$fjERVvqqEj$D}p$f}`^v z(EfRfnEah?g3oIS`_Jk>VPXV#aY$5>^rv+OuP_vD$lzSXBZ&6XRJRz5fepB@ z^R&ARzTwNxXPxtk|Nm(EN4$Q^C@Xt`yvn=kV*9-6+k=GJ9#f00E{n0&Eb`b$ePc(% z+ra-X!JZQjpeM5LikTh+IG`W=f9g4QID-*J@n~{GzQJiPwHQDYA3bmOJ@W}1P9#}p zrGp6ZznYZs_nNH>LjGgQMuO7lAoi#Yx~-a*V6_pOLSP%XD&-Pjr>|bHE3eaiyNR75 z`lm2mD02@zvh#dbUzc7kVS)b~0u3z+99zm^ep~sXr*wa-&~5nV%hs*iX3_u{II2&g z^b(ICMsh&cGp^`k27&A4Ysr5JHqC~JukNR>*&HQku8&U8fH!)9-T#pOTFWE>;ofBj zmp@+^3mcARL|OMYUkMeOT1vGhR-|5F)D3_CTim`Gp9t(6BL6OntHj{Z8G3%!=smS* zT9n1MZsNjb2GE&@OsRhSCpD{`Ch1A|e?IzKNn^bHdfa)Uf1~t!hkZ6U zG!)v0{jw6`O>RBv%Ql-|{}l=YO3AyHT176z3{I#Iu@GoDlj8&t!4AmnKfk*4%pD(} zaaOaY!Ip&_{kMc}-%2CEren5_){*zkunebLqGYo`1!PxL40`d~1XvoFXLPlGPudXp zl-hVBiI=GjoP9h|!aM%IZmGQT!$%@lR;&PV;^v3x*ABA(SCdFD_*<)>heVP(C5IV|h?}KKz_0Jh+chGKk%pa&&TX zdK85H{2PgjI5lM|RiIxbGj8g8VO+LGJX}g%detMxdq?}UFNOv~7B8f3ran7xK!|>t zexrO927@&P!qS@We}mHq3JQMmysi_h%wt|1jvYoGjLnV({yRVC5RPvBFZcD@Bw^Br zFW*~#etc>luwx~y@kmC4-LC}xrrtP=j4!?Qaz@E*Iz9HjMvi9>Ghisef=i?<0dnf0 zp*t7*J&&h(g%U^iUH4t5Yr#;`o?vS4WUYPb{xN6Ux-;*#)|hjzm>@j~4iQydQ|Kv| zoTZ8d%vZg}$*c^-qKSh@?L;zqfjFHq^Q?)GXd)&*ES!ISe8_161u$cB-x+_xm_}1tQP}&ns76l7U-pfzqbb?kD? zoDe;dW=h6FDkY2T5hmfV2kG#dcfFFG&%^)EoiX`IJ|v-lQ~$8-O$_6_*QDlG?lX6H zpn90YT(y3(Yv&7nm{jJknmW1YaLWNysAc)HBpvPp0`)>Uv*UOrM6N0_MhE3-UuHLn z&SYk8l9T&Hf=BVSQc?svM%QRLB;iahP0BBNz4r4Vg(Ma>-tQk?*f{J)fy1hlPpIK} z6$3}RtBUL1oIGU-*DPabD$pIWc}5wfmcr)-Wlo>xDnT_a-BiA?Bxb|2VcjyS;36KZ z-4qsyg`-3Jgt^HIllxAm!YaBj(dU~YSl_j}`{N~$xg;6~nh+TUYlA{<&pNppGfzlO zN*G|j-^g2pKXA1PmA2zFqQxFK3W)+7l}T7^vdv*cB$*^A3=3Sn(A?Z{pRlXHLZ&;T z6t<#0ZA0hdQ3Fen-vtDh|<)M@*Ag@{N4e?^&Dr2_Ns~ z3~^nt9xg)EW+nxXGWTJx4j0=e2-sR_6~K(mdsC91N4@N9Ns{OiA1yE%aVE~yt+2{= zT_4NVQjL0cdO45lH0w#>*3NLcS!YcAmoVC#H8#eVk!WqqD(!+#@aW@xj&PYRA8YZh z!%u5bOA|7mZr{Fu0zs&SR+0YIDtVpc0S3Nsqd1Y5qiuut`#yLus~t|4qNYZjG!;K3 zv4N|WA51g6@}=JOcwFyeylH%5Fv3H-2g?hm<9iMVwVRx0IRlL9ZIKN0dP-ok;*1O) zz8XI4$lK$z$0AXuJF@#}w_cBTrw08w~m0eP2iBD@8 zp0uqu`^3nd&$y3oi&Qmsf!mHRhc^d|u%52#Av4i&6~3v)8O;S=o*BIBl8w^l1OqT1h{DzF|Guadi-ZLuL-QSb#UL7(a1B`!6*gWAQ6@e7j=8V(QZk8&UhbiJOA^Q$KTzdl=0b&y!vo)?&$T_TD#Xr5ev&A6Ztq7j1^d%S&wwMyvl`z8l(=_a9MC%;`?C9aHlLS_p1{LV!OCp-$GJ1R85 ztj{iml%r!0WjLJp;%dQ`UHLfgfVOXSXI5$cBkt^MB7Q3@_daizINHsa zz1#@(64Lj8MY5h+a?y62f>LpdD~;R;qB7-gt*JRvdVKFsjV=v|>J{aC|5n&Unln#~ zFT;P{;YVNciB(h^iAkn2I&~QjwsDcWo6!Fyd5xdpxnM=$Pmd-=Dr$$}KoQt@RpRgp-{B$$#)W`gOfAt}+ zH)KXkg82InCwg6Q3QXNz&Z|L1;pFVA!;l{ZVyxv}?K5i_`n>|vKkEa25ATLh&z}{iXd*mq%JbG97(?L+4G|+j0vj@9|c0LE+2}KFg^aIYd zU+(tAAXlzI!fDSADq>T8?NR@KEHbyONaJsdykv)B&&Rn#2;+){?UEl=@F1*h4kwR` z$bA**6zmv{7 z))CdifACJ6d$q65YW*X5`w^1uWy_S9Se7uah!1N%`NC-+Wl1B#&s4_+92Fj>*mKcct% zk8%jC#`e^>0vtgGGs#L`Amv>Jl)ev=eNy_|!XHh|`c>^GF1y4|zoSbX{52F4#rB+D zNC+8y+(u+_=|R=PCn&CZ-Lo#fcAFG+;@z>5v=L`~(t^3sC0-QyIvXSUuH!r=2$H1L zZ#8Sr{&Kz{d4kLx76n0sC;8lFOH2)_t>g38Qw0#vx)8!>G$D&2O%M&+)#haHpr_M_ zuyq>_2@4H^>9ruUOSa_bQ+E#7c|F^MM|@rzmY*C@0n~WFz3x&<Wx3xZa*%a-wOXCGqTt9#sKTrJuJd7< zyZP({MPdtTD{egV==ij( zx`j({0X6Og`hN?6VnM#fJDY9yllsRvUG_}YmB{U0-?M?bJzcw0_P6;(GNaSEPHr#KZ}!`7<#C3`eu#h;a`Hfjz~%L16;xxrm$waHxm z>rD9m`lP?5U(-OD#0U~UmU=(PHfeguN4^#Fe~(iT-{>ix(ZN!1)TlmJONz#2sq-+| z;So$6Dj#IFpnzxHiEfrPy9!?pOu)GtBnO%R<&0<%#EL0qU4^j@lK|gY>ND?4m-%8f zlJS__88j@u#6a!Dg}%p(5#7gJ`C5fm1Y~rkW0khnw18INv;@0jw^_NcoK-X5luzi_ z$>FxG+qDSkfwYIX8O>djQB4!~6ZtHkRjF2`tPCO(+oPCs#Nc)4-KEzKAha$UJ^*-x zs};H5+yk>RvE*HOH2OjeymQH76jl7EqbnHa4IFJRT6<*dqec$Ip;(#tKd|$&-E1x6Y%vM;b@8#d5Ojy%nj{w1!YeR z)`rL1ASupM{cl{cRCrDtGvaF?4m(nE@Buk=+78Z!g$TCRGKa9#9-iC<)J3{DM>CsO z2;DH4n-s%L(LSx|HABlrEol!*IB`0=ybb~Ejo4ls*<%d}vMV6ksv4)k_wnA9R(+`H zP*B)-x^D0K&D9pUB|Yb~{7JXe>GP$>S0YBU(%}k$eaNMd&AB%cc1Ek$MAysJ3$g-f z#0@YVtIdRr<*U?MyQ{;!Ng!twcu_)HZ@<#;;tRF*ZQIE#>jwaxv5wU}Ww$qczLdRzDoNzGy!gIiAh@mDOVk8L`s6Kg>KfE^$lQu(G%f4f{je6S(}{1Cus|7Q@7q@{=4*5vdL8U9LBiGS z+Go<%ypO-rMzJ4q`BWlx#ce(GUX$h>N(YGnV$^%$5|HHppV}LgzZXM+%pxn<@bLA? z-I8OrT4!}|d2M{%}D%S5B99MQ; zcu-fUIT%=-V6pW@0y9iw2!J(i>D|vdsUnwOziOr-CmAt~&41nnwE#YgqwbQTFe1_) z6Kj1U4zo~S$thYegXC#ygX*g;-k?ieWb3_9xx25tL-h$F>^4jt7w^+hF3>>fEZtcF z0ejE#bmS_!(&4+*ctFXwO+6ihMjx%^W~!sn{ZHf)anx*DBhssZk3I#HnUEL4YMip( z)k{4JdTqs@pNatWsq#V*$_hgcq=-|}648&&#>e}{Ay{l8n+#R~l238$^kr>x3~^5y z)!xIt7q~&9B3Vq)e#yphziH*rMv1FzFvsE&2x}Nvda>j=@<3||A21!J z0DW*vJ&ENCalTsrF@E2p<(xziKdEx@ayDbhGhP8Ztu)8;UDe?5O z&A@t!P_cdm>Q19EniW=qrK?=EYdpL*BPf^w=eV0#l)0*vpqz z9;zFX1UzpE`S96UGuG2JT)KvJB+38iJJNrqBL<=(qZtgE6bhS)>Zj&lmr4c@?t zSU=O;=+6oxvo4o3d6Y+=7RvY`H>>&Vc+*~wX(alp4=Di*L}vAeP=}a7W>E;N9awh? zlEo!#-G4KP^@};#<-NgX)mVQ3ICN7`$XZ1I;Dv*JTviZC({+!f8?}awSFX8^7z&g4m!hS zfu+`Z-f5!1kq6dhiER?Xjwp(L#=fJmq?ZmW`9hkGIm#kOpk2BLPjM^@6Or zPnnz4*dA2OI?E`hcDnX?s}paFcexsDuX}k+BlX}&twI}l_Qiq?`Xe*d=29P}C5y1u zI;37zk@swx&s{YVb*7c`>ysf2I0Y?UzD|RO%xOhyb_Zmq)9;tuT25+Nt@O42@hUp6 zosw*bK=8cduC_U^Lnv-6pdHC*FF?QBFU)GIZ>@WA-9&Ih{QnU9%1 zIwY=*E~}?`x?Oqm`ZBB_4E!}jxv1YR<2T>aU4DXx87uKV-jfYSs!@ z!k>4m3Lh_depkWZ6iZH71JiW)I#m3LFW8dlItco;Cdz@3ObT42a%bGZ3a-oB0Dv|A zvm2v$UsH9pNaA!^IZvRy76Bx(@+`X~N1v1rr=YI3`>H0)msp!r#`_+iXkj~D%swuT zNj$=LY7W4Eni`PM*FJK^--*J3(beVo>AOcVo6{g(YC~vNu^j|s;Rw?{A1+Eh%_uob zwo<^LeA#;rgH-%^E`8f%^iZx&pO)7kLM0Imcu_o|f#+?|byyg7Qg*FW>IHLj?CoNb z_EIcGRx3s}50Dqv61f>2cW*X1UB07miY0F_IWeNx?mAGdS){3s$_h^r$nj6p==m`H4>7wqO$pxpptit z$8kFMvJlBAxy)rtmnNpFT9pmp>up89Y7LH#kFjIWic?^vTZ!~?p4ICP&f2wS5}#Sp z2KMMAeE~HhSBYK@0k!vhwDx5N9{boVN_gIv)G6Ph2L=& zFRmBQ@q;#jlB7v&ewDvZFN1`S*9L1#{H+^l`vLU5L&X%>F~!ZRxun&-tFKq`QVcrT z1bIl&G~RZF8h85c&R5xN%a(P2O;ngv3|m8qMu%OeszT@D$I!9eW`p`6IGq6N_re(f zu|~4!x_*KTo80D-#45R6QIQD%i@DhZ_T#}k(vw?mM7!wDEOmPTINQkjV0Ww7G8gDv zn24{!wz|nt7)|BCEbDkS z01Eay1ew~Lxyb+uv5U(RQJg_z&w1@NL*3FBY{F}B7rW^FY2WFKw~K+_^zo|z(Axyy z?{yMKVw__QJ@UM}tA5}t16T5KfnXHm+8gb3pm|j9ryG%vk3a!PdD+OPCjsN!Z?JGi zX}>YD^D6|WbQDU&sgmePN;FPJef1{ZCF;9URkXw#*5OZheTnA23=LZ~fo7N%(2*fRy>G{hL4NrVz)bD!FjOt` zy0xg^gP%jQO8As8H+`#v@jRCg6wMABK&ZLqxVsL#=^J{BdzG_Qv|~eL7dApT!O=PL zUnh7r{GBQ(4;g865@QKsI!gy!kd<81CH2J8Cw6rnTRR=bjq>;ehf%0-66qupPVr>8*khjZSRn0F`a6~6#@ zXPcIVw{#!$4KgqcR)968WSe?645aNK2N~Zm1$D>rM|iNH1Euc?m;Tdp^Irmahs>g( zO4KYQ9os@J7;@N_JIu9aqF~%(c$SbQ{k(-zLmNe!i`DmO5s_k+BS(*mGgl zkYNDlLeL_#61;oqWJ_b%Ioi0$Hu%tO=@nLHXrkf*3+IAjE zQ8O6fCce2Q+|MwjM7^Z%_4A7(N2>mnOtOAr6yFtez_r~|tv>f)az>C?B(^T8y`4J> z0B3GU0(f6@uurc~o)_!}cOKHQ_)>qBKPB2TKQ-XKSeEjQNJgp}kyZ43b`gTrYRDU; zy(r~;XYQ3a;(Xt**E`D|}SJ_+a zuZho z>;nVK8+F@C8Qd~5-l^1b;S8cfmDkkV(3}S7I1rMGxZ*`bXWcJ5QA@y*Z&P*1gg;{Z zp}7;R?vU>A)IWxRPQy)b-$l|k13{9e52AtoN;-#r@4ejj(@c=X&mNqKXWvGwt!i?z$0g1VOt8N?y#BxP^pjk`xq}ZA zN%s)WyZ@R_uV5m=ryXwB`B((YgR} zBQ|msfWsDDx5yqG>siX{ek$L$xG7>Jp5lV2)Y4!jQLns>Jt|^yuP5W@JIoyw$==Cb}SX&|#M^uQkZF3#H@j8st(XWv_D1QA)N6yW>_zE^+d01G#GqMI_q`-DSfW zzK>pae7L7>gA~x#ww>E#1Tr?*+h_1*8yI@Pb|_oFql_r5Nw*+oS}yHmr7AARoy9+iSrx2o=)Oe@W2dp0MPJ0+=gJcQf{f!O=;|hjr+>>ZT z+4t}kX6^Du-COtc2M+l+LkW_Hub7|-#B{iYhTUsuMup&n z{ODmQ;nzdgh~#mSr z#TY&kexGXPy zeefO~m!~swva3KuG%l+%HulN~O~aCJ7`km;4`z^`N8_CR6)K>v*x@mS!gSvl}QZ$$Pl}} ziJBYzj*`CZ5KP^B<-GOBo|f6J*%SdxM|0Mch{_MxH!U8VQ%Ma$?Vt#`?ZKO^_AB#BZIsNJIYJ7FQ61RP(l_6}!C^xi zsO&U_{qmTV5f4?d_?L30q3~IYHTIi_ckybIq(NcpghmA$FZ~9}>WzA6ii;{H^FzRY zu`~Zc(MZ0N>}H(e*No{3eTk2)b=wX%T9RoWXLW4DcBo=ZY@hlg!5?=jOq(lk?5XbE z5i49Ag2cj(iGqhpek9eH>?oKxy7`di zeo_S$qC07Kv|Q{j@k{>~{_Jc6flHY=rLjU)%RNmo*rm(^+Pp#A~Ct20amTfXP12toMBR&rhMBS%^--$97{?|YF z2ZAJd8;=Ne(~&;+-{1D1zvRINT|*vrsOtQmc!4|M zH}XBLfRek;-Arh$uJCpjZ#O1Sy&H5KtU;GryJ&H4=KtRI?+d9o;uE1lH`c)-2rCF^ zve1)k?XkaMaAVVTAX~9}ra5rE0`!b5768et!i!{pwfH?hJ8GGeyyh_qmDh=@6f0GX zM?o7!A(~Zl?Jg97xX-?3es9|Y+SC7oFZ%Bp&jR;;sTV3Rf0Y$ztmD9{wj5KjA-F#RO&LDIzPyxF8i zTMyh+0+4&6Tr_LEu=7HkeZyg^(y1q=#N;uAOdFShR>O~$TShgC?0JCTssy*F7*^5} zewFub<%I9M4dDvqQqGqEgTn*mXKvTOc1dGsZ0dU@1BVPf#K>2d!Om z;OO>VkaU=q+f9lzltarO}aLll_Sq5xvz52^mr@WVnbwMGm49@6M;XHK=jWj^;#b65dh>^>Nk)3*5u zxfoamKFHTAZYbHz+jCJZJQs}yFsVf8i^4yu_|Fqfos`x!)%>XuyUtN4H2KWi}1xjt`pMLz^IYzNA>nO=fBo72-Q z)v7xyKTUg^>yXXH>x&^(=-Q*m~>NYEl|JfhUQUwGqhA$M@djF4bWnP z6yCn7N6K87()#@=(Y}QeGYC*%k&K7|pf^pMt6YD`k3y2k_xC9?82MeMtWq9vt~v+P zay;Oz$0x6YI;HKMA48|}T)y`iy?5RLSX0(|X^vfR=#nj7T2B>o3v@BhU=_{Da>@MFh=Re zv;s|PTcuz%@~E31ft1_i#)O{K_b^?YyrpX^N7=tVQ!2-a?TvhD(6VNWh@KBc4}ieE zPe=t~i`O&DG48$k1xtR;Wcldvo9hgi7&>rAc2HNb@-NZhwIqW)Hxgk~1sATmP8J|Mf?bDG*|EvYH!&j1Bi5 zE=k6<^hmOup>Mxk%BT2{6jE$3eMvbIFZdgDD%{72Ti28;Y$} z`ZmvTu5|%yN~ki?hsuAI9Zm#!+0b~(RjAbX1E{V5s7l-Bck6`w@0I`aoBK^kKTVg6 z7Cac3RV({lWve;_Q`zD5dq&Suj@lFOg$nE8%1L5=CU+G5NBSQI20t*#c2jlkc5dnk z&a(HL&|vJ%#DLR;_HaB5%$$#xKksYlVQ~5O&@r%7J5TM4uFDFho$vX#CQPB;uz0fr zcxCrJjy{rL$C%B~|LI_;rJzGA5KN3Z(b8CMpxnXKgEsG&ozJ*!)#%Rxz6>pG2pwTL z-B8bnyY75bH}yH7qpZ|tj~jV@s}+Jg#SfVEc}G54s|d z?O$S`r)c|P-o6o7(0^Afp#O-z0WG66-(4A8_$EzWp?;p0C2T>3TR?AD-CPGi0cUqw z4WS}lw$JI2tnzcr%sL77Y4awv3XqGpqX9c)3W3+{9WkMRe_?U=|3gP4r$`|cZ2>BZ z!$LM|SZ1y`ezXWpKmm*;*IuxSq-KUJSqAe)cRVk%-6X-yUMf8QK|P!R#VF#E+jpSN8p7yPt%HL5d#^Vb zfNcy5p!!-_h6hs$y7#BD9CAUrOa2KDhTioFV~Xh80n5z$Dyf|8NfC@*CqLUF2&|17 zed<9=#dE@=Q6_r)u{z=w<_he!+=z1w!Y_-NEx$9PNLBfQ7jVq8`N$zvF^?To=fuoz zg8N!Y8^l^bJ-!FZr2Jq&+RMfVOvYDklbmTl)CJB1ih`pvE1;8Gq3nWj(jjLQ*XOcb zo~S9SIX^pAtoPVmdw@M;&#myMqUB;iu3oSYABIk4^f@r@7|$<>OYz(gu8nA+j~L9P z(P9O71XN&ov3^ZIpB3ioHOJ4FN@%1R!LIL;pNZvfA_svlt}izOv-%6bQV4jE7^h#} zOEP1CC;J>NI~L|B34O-{KC>JaJwS%S$T)!Zw(B&AM8-BiI-|kY5Z&7N9vRwFlp^Li zHtgY%fxc=*aR8>Rr*>8bI|+hZ&H4mE!=oACP5*W8{wK5`!a#@k_-XcYXv(uyJaCdJ z%%=kAL8H=NkbeX&YDDsGbp!!V<3fVOTc4ZwCM zqNpYVK%ogR@F#$9u*P6Eo21g^Vq!0=cmP%-_joHx;c!XjAc!<4`m7isH}j4RXTfCX4-yv8;}f)a8-23X}B0x^r)@g ziiXQ)KRSM{lf9^cyo=Z!xB`}+>=yefx<1d?cmZY~KNu7rO#^WL7Z9gZ7Ltv*On_GM zSV<0*NR1O@g&gw*>?WS)Sl!Q>b-RJ7HnvD|4E9FDLEmtqs8Vwfv_Wm8b4OaH4Rb3J z2z;j<+Zaqfe(X60$dZJIfdujXxP)W#|4nJHPb9nlTgX7>U!{R1;;FMF$w&Yof}sK( z69^UuX7htXlwaiPCk<#mD(nH3sUpG2Swa}ecfPIqmRbSZu@T3Xo$}_x?M3EwspXyw zyTq03yk#)^+YMUeldRc)#eFKxAd+VtA&WSgzfFQlH?&y!+db4!Gc|P-`ZgznD0jwA zm^S=RaUm z-bDtHD-nn+|1m+Ek+-R|Qibb6W+a6Zu}_FfUYPvvzytJKAC<%R=iirZj@v;8Q$dv|N?s(urc8 zu7>zJ0BieVz(Ef0m!{;$L12azKrE^ViZKe{U9M3w4W{?t>m7R7V(9;M5OTlbSRpjQ zpvJLq5h#(FpC0W(Y`M`}%6oPyk`t1Cg0pYilxRDkY%;@Eq$dv!&Su0%4TlZXtX5{s=A8W{EKQnw<&>eC=Hz zS_p=z*74vJuuM^}yp(*2r@x9k-5Y^D}7b!A=140gH`FPgfLV zN>*d#c~AzfC}Qx7`oYC(LMY5;h$$_Y(;tt&6)DtGbR9V9t70B56WJuiRL}C*^(wn2 zKo?QAky7RNkt30wftEAUeM_c+1vxg>$lFZu6UmVtxSfxLmx+oNy?w)E@tO;!NReh7X| zBiaTEDmh97<#2#a`c1g#2!LpHL#vq75Q8_HLT_;l#DfNx@4+WV1prDm**ye#>w2|X zvzDUgdPS`8-iV3GcsC%435J=8acY55R{>7l?{u8y3AjK&-MT&>&LM}SU-b0;o3UGd zk}mj1d+XM^<&n8go^Yfo(7=g;K>MacnxI9(|U%3T`TdIZpn@e zTdil6RGAh!e^qVkpZWDVG~C4-Es-C)7p+}Nqi6QBK_!-^o)(e1b9MmQ%j?G~Z@jox z)42Nh%PxTP&VmPIELGj9e+!3N0R+bZlPa8q*myT@q>=xG+JJ>&;%k5hqHUp|tfzDv z!eB#@TfYbE3zgwwI)1Cqwi(}^eSLdFK!NDuY?1SF5-ZT4a0;1hu41AUd(Tw#K>@yolS$I9jEujXk74?(g8_}I218in?bAOw$9UN-j~ z7!}LCHF>@#-oTA?gZfJXs==dw8eq`i(lImlsly@I&k%RDl79+;9Rx32&sQLD9F{!g zWLHB$lpEPLW;x%UJj@KZ5e?=tro>hId#JpvwRb+WLkO^*{P8?AomD|cT9lNy0TM?| z`=aO?w{sIVVfE-U_4<&VJJJYujl+%F%`Q-Yx>QxTl1uZFE?oSDp=~Y`R77H<;fvYx zF8Op(G!B%P+A#$>yhY*(s(!n_I=RMGibv%BF(jt9f$CnOr3acz1>%Er2ija*93l-q zY>7u8hb0g9d3pjChuWmd=1M-9B%;2FA0`z9;p|`(R1-bjwK){mLFy-K#M&MZYdX%t zuDX=gbW>9`?53DlFSSIjL+5)%fXQ;?1!L*egMi5jwcMBSc%pPB947&=`*c(`Ij&+_ za+OoXD|bKW(In+Ze}gvcvg->U{)mEnb3h_fQ$;#u zcU>F$>$m_xgm#AKhn4zV?oH7CMHTixW1jy#*(lixBF(E&B|r*4bp5c{hTZ(OfpBCf zzlCf9TPH&E91tyu2|R&F>LBtsTP|(f8l+i-5oQ)tfjD1_H7gmQq2^>@D%4e_5x2TG zPfH8uw;B0%vaIY|io`ry25*gXXfPinD}eE%vSj=~Sz2RQaQO0*!Y|_IC(iU&?#+yV zYEwiD6?MfgRhA!e+_`ZeTp(Mavf{HI>Z+V_{0PWx&uz}YtEo0vugD#I&jtYU6@_mx z6{>}ud_GaDmzS$9s*&cCa#lA5bB$>mOoNFcb1*;_6d#ZXDlns;@`K*4AUPvh&(!z% zB*5am@o4q$?}~gu8XZP@5lSRPmhF9y6E9kZwcHkt(ZEn|g|ZdBvULSzs4EfgvTr&M z<8<0`gXyzz5+wtk3d7+!-Fx@0X&||RGI-v5f=Z6b$LxSMu7-n_>vI0FDdI`2O=?J_ zNu+RV@)&`WNaIS5b0_ezx~}!Q9rsLKzUx^|(E>!GUBPN5L8JDnShBhS^B`TpU!Z`zhv{ci6gid>_D7UJU z(r9CLm5tx&R_5-$#kr`B8CwP%NTnRlc0h4}IM0sNN9CiPvq(1j$gVnfk)LAHyui%vcY&X3hC$cuiHGCK@haBW1uwX2q1EZS5*+P?;|`KY)Z&d0Xl zP)JZYAF~#Set$_hVbdRDQ$ptBdE*v-3@Z;B6kiMH?U7MRR4#x=Y_}wbMjUWkl@vLW zyoTmN49KntanoF0PUBIl(iqmgcO@yB@0DjhR%fFGNn^mA`|=d4jnm@Z>h(SEj~h9H zQ!h-`;;JT`e8 zh`vsCtw>8Izc~90aeFm?v8vny5DKo%%#(cXjmig7|@vfbevm!-?koytzXxhz6YLJi5y@F&k|;QHRVZU< zx~sA?mhAj|h%rksZ){F}CLKAmf)I8~ZkrV`W9J7o&c`{7nv^2b3U|H7yvAC2T0!Zm zS{<6s&EUXHD$9^DV*3SC86vkz(-Ozu)8+ z9c6elM}@bK9N-?=k<1&$nUN4u9FsEoR5sPY{EI`7L1M7Acfvh|^k&TN=^@dk?Rw4V zy6vr#1fahaA5L{rkL@d9R13p6DLAoOdM6|uFNSL+G=X8u=#G6N>gUt4G+s#*Fk_9T z%HP{H7b~WZ>8ezwu(6Nmj}8a3ibph#zg~j}Vy?h`930e+hCTSGq&Iyw(`hGIiJ9a} z?QDeXk! zsCvsRkl6q_?O>ZM8ed9b7ABueU)67p8D}gd@_{6p!6ZuR^oAF}v{{+W3_@bCOI}*; zvheZ>@=Z8ahZ#$YSh}q9X`X0UfbSPun>2~Ah$8&6#bNu< zg+(-2;7tWniJb0zp)?h9BM-dIK&y+f<3ce7+7c;bz8ocA3T!+rQhS|O+EotA1oDH; zpGyg(o^6P8q2W!n@3GlWcPAFct}-;Amh&~S=;Fw$wSPrp@_Y;Zik89cYEAn=S-}>` z8OA|b=}*2zUkjJ4gp!M&)BD|IjFd|cUJ8{(G8Z?%vX=BNXU^>YH)!kHWU*S#2(Bq^ zFcYgtPKzz(PECeW2v0E>!-UzQL%qyoDkVABRR>_mF5WLiZP z6wOeWaNdy2k`5~N98Phs>Z8zIK@B8DIcwufqM0q{7Z*S6GIIm2h-=)0r8`yBs7$h5 zXmhMIajv=cHM6M)pfW;(d$w1n$I|vgZkj`SWl^tJkfqG$SV#_K*7T8+e#V?tY)qYg z9OcN7w8nryXX_jpHI6WK@p_yJ$2$tK# zr8I*Kc|l8Qu@7gdJ+U9MGiK~E6j}pNi77emg(b5X9(PByHlyjpCB~lmkSvnWp38h8 zAw9uwC0sxksOhDkw>O1f&cOX1PBw9psbp8rTB+0r*;U_(a5w<@8ZC^-&62YRU`UwB zc3)#hsa$9omrKVtcgjj%3O>!AcVuc#X;1X`^sro@%rpuFeT>h3j1j!GbnNwhLjyRM zLmNB)ipFw@zriZ5QvQ>mS*j|iYoA9#wfXkWa{RG4!SW^$sSr8FF$7ad_aMFm7Dc71 z2O$zNEzkfBEccOiYI#7SE=XBqNq^mRj6YpXdCqGUr06xltac^lQPrOIO6TOAY5JTO ztg0v7lclS^Hux+~k99OHO}JD9@a)L%oFe63mPlvQ;G~@i2o$t_boxBK-`%w$VHbql z*U9!w-}O+-yw^oDwv=ktu|B0YfLcYZ7O-ivN*H?+H zr}w6;@w{$Y)>#ljLitgt}hvR zvcyj~o40)SNBaSk*_|vG!DX})JFK00DX5KEBG;LB*|`KkWd3$9dL zOM46#R!5=dbJsy5N+_$a7@hjvP@*OSp;{C@X9)^Q;IE@!z3r(T3Um_5b92oH3>GQQ zaPX+9Pz&T8aghE_8u8|w56UiCul8wS6jl=%TuI3TiW+{20T%MYeQD^4f z@`3!^>XVCKl=#(rtLy=t`MGlh1g6X;X??Lpi|WN&(NXRLZxKZ2PD+0Pc3S5KM|dgd z^wje0pHcL!HCiN9VesMw@scQ9GPIqfXWlCF0o=$&vRdPAE*^{JP#?VqS!UaQx6k)y z>4?1qDyeCbZl^Z2(Ie?PfR$K9#L|3s7l<*SBiGWNlvq~!#@I9h4O*^QT#rpl?6~78 zC!CtakvvY-Hy^`tsIm~7iYHV<8Rrg#RNJaTdo8^=-%5wjpg6b!skvpq(X!C{)yeim zN~8D%^DJjSO?QFlV)oRbRgo4=L!%V--Ks7Ztde4t&o7RI7r*VzGp551yA~fUDv?^q zlh^yATX&@8+$a5%gBhj~K7xKXJwFHoS<;Eh>Po!F?tvlkq~f$A=9l{Ksw7zLK0CZM z5J`x6y1{*ds?X80%}7b3Q*)3yTCBa38`%MmjYw^ApG;xDf(Z~Hf9#$b|6F74W%b!M z3zzl5>x5usrj~sOk|Aly3d*zq$pUL)tSajW(lGfPZgw#zb}_l?4Sg(m05g{3-zka?8f!7&J`##~_l9#`YxG{N^3ZFm!;pl& zeOig(K@+bEy6QKujf677()+ptoOvCFp57cWYK)as<=Ma7YJ5S&_(v-E|1ouN0es~r zT766^y-D&})h^7;m3-iMvsc2ilqmhNW#_s5JDGY32hK^o0*uJSeRd2XkD2PYnkhS1 z=tL0mA=}Rv3b3%6t|X-imk!ud)MBS*6=(Mh0@194G)WbhkJ^lW0Qi6~b&lBF{ExhJ zRTwM^`euZ5#~@H-SZINvT1Im4ixwNG8A~ig8leCy@jrQwl?y@XE;YfJ;#G4$&vk1MGuXTaC^+zi51WnkFA1wt+^3{>w;> zFSLT5F2B&}@)KACuI^<6Y*u|`48ZRqNHuF`4uAm< zX27Jd3Sjc%t_$U%_KMjyhp|n>wb36b!nHM>ypGyG;>u({&SNT#9Qd=_g2+oJq`4hj$O$IsoKi;jMvcr5n zWH@hR<&E6jIb1?FQ&lf#l>3#OpoySj-;rw_?yDxM68X}wjZf)8iqkX6GIK5lMLsRZ ztw%}yrP`qe?i_`_PY)b@>HOyy1jvzOnS}jsY9dtS5*e*6@L|cnMvfd_dvxTHk#0he zm0qIe42eYEDLR1apzyMXvtO>xH!$yd9Sy%TVbLNQz$5V<{949S4d z`%?etm)`*g9?U=e_`upvoZdQ=QnFCN`r(C)y~k6?TFOZuGvjVin^x*<7f4ImuJWIT z17}7h$g=8#S>-IL@yU9uBpS^VlrvH+m(lLQ_fF$uC#q+MWp<_=Y*|CGf3bPkNde_v z0yx0ZHG!>MCLN;m_#I_tNUmd~mOy2;v*Uo6bD-9E@{S+Rx%RNgytqgyAI@I|z`0=X zCxhVy%BqaJFc3zdQix7h51=17uleOK}lovzw!!U2r22_%(^ZIOmwV#QMkOy(I<7H8S59j-w`3RxUAIQ0DYof73rk;K~KbCm#is7pMB` z8e*jb#==g$kS^;F`LuB}JS5BSo5Hmw>Kc+dFA{!W)xVym)*vSS207y=S%T?Exol_B zl7-&XKIm%+U#14D5=!=aRG#F*w=HB>QSuJqbMbdyQ^v31_dowd&IwKJ7?J2Y znV%Q=dATWRSX~AayJyb+{TUTPcapUEH!SFnfm!?A&jAoj%DXs5ZvXw+?qv83*X_#t zXP0a3nr|2&VYpVL*1T)ud4JvtExR&&hA#W6EBxmxMXqp<5BAD=`=n&HzduusfzQa@ zKNVU2K8`tm6JV!yc-_nmi+k z#&4@?|C@wJ%Z@NdZ+HWO?329-omN>ER?#++tyuzOh7Ny^Cv08tO|;C(%Fa?ZhZ~wN z2L5|_Bqcyv>#X|seG}mC#-0QE8n)kSSd}tcp!De`cl-*v(g`W6>Xt9Kd0_U_iUJdh zSvwC{Te;>fwSv}N?a&%%!er>4e8F{jlY3&($0FQK5Hc8l?R$l^5RJjL;pBEGwfiQO zZaWn1$l9$B?2{Tno9-@z`-MrM4B zV*(IqBLSH~2&nD-8Gai6XC4l7!a$vL*oQ6pVh-qy@HnAB1TvmyAJuP!Rc5DlQ;^@3W8D~eFmpXWon6sjnpWeUZa~# z3pT@?xqe`8<*BvN$q|Q_VpYDX>(-?qRl(ayD9D_(J8g<6vzixDq3f0i9j%1)Q;VBC zqtQS79t)0f(RPeuWu??GPoKlL5Ozz+4rm-pyy(o?Y|5TOBg`DVt!c3BpJMxRhjAV? zityrEJmA29@#**niaBcHxB1jR-1^R$S-y}OF^*_+M?}cF3p*cZ{lz}PJ>nrk)o5UL?IjTt2N#_&!Le{H7?<@{dT5Q& zGoJM*@cF(ZI2$&=(G;fno#tr|^P-_4>jqdElK9bCyC4n(&|BG;*EP~p;q~0A_UcFI z+MD>Eh%y0V4`bkE^?S(PS)&<1;(BuTcd&*J+~VkBct1>2{huCmo!$u&0CKMK@gs>a zWU~Kk%{6PP)&*Kzwp=4~hT!h!KIGJvF)bkeX#$a2yStwj5ZO&FyS?mM)HU~s7!Ndv z^jLPCv01XJU7Y#ZHh;9yHvjYT?CmHESk|E)V2J442}E##qV3l5c+mM14^9H&RnR2A z>$EmDq-MOAWjzjkiL6A9qe8l8Vo6Egll@wtW6C)A45;T3Al*JRd;JOU`Pxr?WwVZp z-M7(yM^=V%H-t7aty%HJipPz9S*5E*cGrFcKzp|LF!`Rri5%@zrAt$F2)kx0R~)Kt zJB}Z8|8abp0DQjSPNsg!WG&_8*fhCwMDYYr#0yfQ%p+k{G6t38As(uT8AVkeG@dL9 z?h*=3Wt8@G!sw4*UcRq#M$ptNssMOrGBiY$p+qD1_jj(kzC|*2P==3riq1k@@V#lg zq4b&3jlq)Q5$2YT2vpNzWk7Em%Z)#FXiUcJS_xchTmw0RBr3JT^C*}#Mwn)A%#epi zY@x41uuID&!ckp@N0p)<+lB#aC?b?cr_2YxswQ0bG8*6OF%6)f#_sub@p7_ zxsB*E8nM2U;g$ey{iiZ#Qdb+>KPZ7U|B)Vosi|jODjZB638dv#yl#;Ik!TgbB@sh4 zk=(;7creu8Cs|_YBMs}09K;iekz73k6v#RQN?^0P-?bOF(pT8VNG)f0c_UoKT;94{ z*LwyU;{>r2*h-XG3!e_>1fSbNKd=1766bW{IKXQ8O&}2LNLjH@&Ve>`yBSb-#&hFs z;MBScw`SI7)V{>Xhw!JIE+7rqNAtCeTtjM9Q z^$Q-dizP_{Y2?Mxbjh(*y%NwaCCn&QFr-|K_2Hz?`{E8n&M^xQx!u?xP>`;9)LAi> zfIJJKBRfuXb?k?JwX=aAmbXiFPRi=cdO?QsXO;Ap_BQJIkXxCmwVG7~a$+R3_@Lcm z>Jiv=7EYDu<&5L?pn3%E$Jmk?9=+n+cHtGDU})-le`S0o`?M8l#ETpaDP}kKYB^Wo z)dkZp`)igDiAHL6u`AV6uXC>JZ{rmMJE-@)NHFumNl(Tw75J2)%wW!&`|WQ(INgwK#GOs{I=4>_|y=l4bqa)?U35XCbO!I(k3Z z1@U1-?Eo5y3%M6ko}3;kc<&AfPv9!XRAfsl1dn=rxGzKZi2Z{Ut%50xsa235bxrpwyDh zl<-yI?mdkn04~Qd3Ln)$)MJ%2>(??5wPH^cZ7}I_5=+m z@b&~4HIYNB0uOL?1Y99${qpezq6T^}E<=rv7XajQEsS15I)yDu;Rk^9s|gb@$)j!Bt*6|3f>w|>^Ux&5xV7$X2DA! z_PuW139Mk;aU!a@NYMxJ2tn!;A31sfha7XJS8@3j72;s_tUVvZ)=mn@xhCVM7+)?U zeGWr&vlv%RdpMMfK9||Dj92Bta2_@l1@+tg*M-Im_{)`QTn8n1(aASkwc)?@8>;5JrE z)-%l@LqAui<)a{=eU=&@SlGUIZS+aVR4Gm0&mzZEHG@Bxb;8$#Qwu|fp8-d(unaju z%K>)N*IS&JMXVpYK}`LW|Dm2b}e@QKXkfxC0*%*ux5U&7)7$YX(Fd*Ml;kDW> z>ZF26n|m82_BzyWdzND$Vx)JF?c)1AVp}&PFD#Q#TT*6?MS{B8ZPg}%`o}zBNvM>f zIB;dUzZSu9zJRddpE$cT5HuOXLM|wjsOGq)N=eU+g#I-fygnfAJ=(hKXgDy2!tWnG z*ZB!C?90|eGEl+L(3LkyxV{$Y4}6zMxy8l5`cU)UI$#c|^8h4I!T?SSQRT9)2SMd* zGOAOR_61Gi{W5ngHSD}TaGA+-&oR7)qj6qMxK!^mX-{Elt9pC=JIrfZ)3FVO;|22F zEC-yLRS zuk|>PSp%53^_|Yoem23uE2U(cAkXXkYG*beoc4-E(4ScpekzscK3~b=B0z3|5h zgo#PaguN`$rl)*%1_s0$l=X&-q8%dQ+$M;&1~C`h{&u%N_~$lVUe8JqmK}Ye7o;d_ zUK@5wT+MtK&j=xl(5MzZQ_h8e#9Cx4NlI9TQEH^hkyuaL;_2Q$*h+tD4d*=cSi~m! zVxjG&#wy~218I=0IWvpwm$EHE40mlW9BKpX%O|bwioPBTy*`JQTA0k-qE5vA$G#h5 zgUBJ#1vnI(WQ{8zd$#@pH*iS6LJXn8J0eoK+^aAPosIUC!%NWPvZBW4x=P_ z|A*hK@d!e~C!o`G6?+dnMAf}GKWM~@#)Iai<29DSX-?2xVCTkkT2IN582u)}yO_ok z97KdmQ+12%i!?#BbEZ$1Op9^1LVDH+c%UOP^h-ei-(*`rS zOAVV|HmVZFzaA3wHAN|~9ztYYDh20`R?6-lvLiAsutX3*5FsaoC-zifnM=Q zo9J!Bo8S*qXC)(ix0oB0Un{zpYkGfKb>QB3sOFsjRNaO6lMNt&F&|NgKbGAU7OCX4 zwe!YC9Qkbud`GhiUH`CGvr|TGPQCHe%GbIPA$b46DwJ6mBXZTMOiUQK^2^?I`t3Vw zGjDgIwhaQ{`bBAjm!V$%a5dI zEkj0{JO5ipn@x%TyWsxNp zPg=oh$Fz4-YVna#)Pc}M!>b$NV9U08!BN21N!=a^dBJKo7BpagO3ft zO)V$)ZIS1)`*FY>z5#bX60(bgJQ}87n!(R9$o;zfcE3106#yFA+6qykEzuSB{k4ep zXAMySgx1c95p*u|O;1+N-l9)>zHQ?+Xc6{N{R9QcuVInYAYVcO&uT&dQXzjaFG!-1 zdZ`}jGZ535?b4Y8kx4k1ItvKDgJ$CT8pD~w@-lLkfM@!4d0qCK!>O$5-Om{psx@+| z5COlW8JXoinKS^}Y(*zx)m4}c2aS8k17=jOp<`vVhg%B^=fqwCPB}wCRAdK~Bvuxg z;JzP$R309Py)pbRk+@c@`95LyX;VaSTp;({4742zZ5evw*@$^DfcJ)QTq2X0LLn*j zMh^@}1ue*sjv&@Q##$0wjX3jQ4n_jw?>PdVw0;Gv&M>!$qQSnAwD&`RT?!+%pDLs2 zSe07|6E~}RN5Kj1IHH;%E`bq;AW{+|ryq1pAW}TU9?lKUVEzflbx`1w%c8v?9<2#f`Qt zfYu98MRhf8^9Abdav9hQ8H1N!~i{|t6_G1Xiv;WQaPHTd~~g#E}#q7pNZx-vAwn9B>{7^pbO2tJrh`G_8E zDI-F{s~k{8m#!7?M==JBiSeWe)Qrd}GH*^X{ak_$^eo==6MS+guEz{{>q{_MvK^%X z5Ni-xjg#sW$GZ@k)8b$Sn+WIYOmsc>qqZOqaa8700Vie0lj*r$HLPKKXR1}VZpnJc zX3?CiVhr&4#N$2YX$LW!k9fX5c6e(?&_+0HV5deLM?^A-xw(S&icH9XwaB^hUD-pu zn(6*yKWm$Y^OY1?<)FBZ_e^{Ah_Ox4?Yue_6;+q^r0>^SFftrc2>k?OsICUUO3`J|Hz~+FU-u3i%Nd9fVrwK9MH@(dO=3W7ob zI3y~wX$7!EVUSAXig|(~XyHNa&Ne#(uyz>~u}JrQK?yCbZyz6oKik9T+C+IYpiHdQUpN_hMIfz!&zQ7q3g-M?5Q-Sl; z361(vnL0LQEsqf@Fj$$`xk-eqsy*X)J#u?uGG%|P2+{EYLEWFMe^UP3A#Zxckb_zu zOOw}uS{ZV9lHE%mw)t=Zrh3dgGxjkCBB}#{4~!;`d?*p4)nZ2_NIsNxb1T{>=8PvO z!mE4g4^AsiZSP}KQ#o@EbO9=Mvm?(UY#y8qbeADwlPf*j*kiruaHXaH&Z%&_zwyE! zY?j>>g9b@4*g5nyt1SBRVJr~=*El=dhkj}^gIj+*|!`$!jV|n1@AU4 zO{ms0hlIO~FJ)*RbB+J)T)e8%ae5DBOie?BlSRcBoJ^I^Pt^#Bv^ze5Knh-&7xf^gB&x~PAT%XcuC z5drd$Eum&hmLNuw564;M9WGW0N`N1eiIb#38&7jt_9Cs`W%4YUz`Y-jdVX~ZLlW#Qh2)Ylu?)BKwSW@wUmeWlX0`F30uj<+!ZUBsPCR;jFM`dqU|Tus+CTif;MV#9u3yb#N|EjwUTNo z?C@mDX*!qJ>o%sy}hnE7j(d#MQeeVPHEA{8%*X3I6T91 z#BL+>j{S-63<*eA(5bC0OWXiX#il}zDgUmw>)K8Qn8E?W(kgs`ob>ec(2O}|T^J*V zWpKxNKyM|`UU!H(c1m&Rq9fv|F9dAqY4wZi&1T76Tf1OqnIK9QXeu$yC>DdDOa5K7 zIB^$w50fKHxQryp15l)~2z+i3%A%ebP<=#7Pk!m4T3r~1VDX%>?A-8+s2ltvpQ2AC z55IVX7Gq^)MaTv#&NAX1Lb=Lr&mNw`oS_gBvlk8U;-e;z2B0)VS2=Yzs7%3hln{5y zJmDowh%RWSSocBy*EY&}2_%TwMc|G4&pho?5IwCbORdY{wz}XOGsD`9BS{R(s|ku{ zcDA&1hhflK#hE@Pr&fK6^SCZ7LUYr6w#UnBuJ2J))VTEwG-V>d81p6h=cTgI$eH&~ zOg0wsFoQC9&PPlu#>|nCU(e0p^G=}AsI^L}J9`u}I z>LHb@Ds+9-^KS5f*l_%VK6RTfk1LqZP%_2GqJIR)22GZ|mF7bQ&21-GO*L~cPpA(S z2i>3m12f-hion=+76xwrGzUp&scyv%i!My13{H{c^g^l!Fzf`{W+AGDv@Q&i%0%%b zp9+QzlbTyRF)p{Bc&&8c^~*$659y;U5TQTtfHN{yGDk_(@v+gZo|HNjp3C*1Y#&HX z=sa~|zcRMxRZ4CBdOM>zpa&!m{@Juk@Je3WDvHxD~Q+l`hcTNDvGCr~4Sddy?^u5ECUDCKeIlglRd~$-e?VR4##D2TP-Yw<(!EX0StbXmjnOSMF;erTO=L{|)84Jmk*>cCxEJ zpZD=WKQny2BhGrc_V`Y{W;HlBMI%FT`sD0-`00IjNZ9}-xB6NWuk~>yY}B_E>FmUQ z6Q1wE0`Y`5Jl?|!4(U!EcjD1I^8)R0@BHg)AC3q;!pk`A?wWeR0vXw8BUf^?y~Cb8 zdl<>x1a~Tk`g;kZwQdg^cbM^8B*8JR2l6%wnV+>^Z-rJ&IV$v&1`k*Q)C`eE(3Q4n zHaEG$c0Q47e5RGQ0z+85+CMm0a={7=2?lm>+)C^wLRREZh8N8JpoD#ftwK9MO;8dO zIpvY^y4Xi+p-}VUMYHCsY32G?Ry;4Yk!3xXOF;HYH)XP;NW%I8`%d55AcbZ7+{eC2}nL$U+I!03G>H(JJ%V4=Ln0=#DBr zHuVn(h~xV>Wp{^BC{^WZ+OEpf7yIW>B>2LAAOFR;#AzYd#1!E1^$qs;aS)chlHV8O z01@gwstp3Yb!uv=sIT5UI< z`r)+dD*TK5^0)moh}rwyhR1zY@c5H57arAe%Z)lpeWAc9SQS zA@pdP3do=CeyFeGM2aY?Z7GATu;oqMF_ST3y=H?y4Y~di@vP@=DjOm7*P!DiOHrZr za`Vx0h829K!D5(Y^wG+&vyO@pDXE-ZMa2DKxp4BnvzUqNw{vw$TsDvh+Qq zY0w8OrbdPb$FW!M+ z*uIld=8JFq&`gg$YKbQ|e@cT0qU+Wla{o|3YGRjWEiU0Ss_xj4To&&T+Fc>Pet7*) zF&t~F{y~hpCX&F2cOsxaFs~Th>Y;e(s(&KU!)nnf`|P1(H@ z4qZ)1NZ@syexi|AAc(gGpk@GAS7{#4ClWfl4U|cq0UIR(OiPMbBHS+lE$;1;jJ#<6 zOFk;R_@UTtX{zG+e^oyWKIpK)@7F44Q`gszzPha;XKxyuvQl+GgH}aaN}B$O*eKZX zIWE@H>`81}5<{&alL-G1g^K8P`-1??RP~w4vDReX?&nfp%5=a=7Xnl9vOg zAT#79r>j08CBIF`XFgX}R<<6FFmO6y{J~a~)qE067;9>3>`2mTYh@k4xQ&VRkxe}^ z+mAk@z40yfXFc|_k9U1HJ3BjnZTiE=NQ>q(=Z~Wnp4!~jRw>!WHu@Xr8WXYg zJ1Ugs23|b@oC=0YFOxxletN4JFi|V@GPgLsHAQRCLY`5;(JlIOI z7?Chn!W>hpZ8NW>X0IxzI+^uoDzmceueXK52~yHlQr(oL!Q1LLZ^CF-1=9)oJNHl; zC-}@aAt-WC!?(|!{|#~YZM;yphve5#7T~tQVUWhb2ZoUpE?4cbLj4A~tDF3m87*9D z$M4nLAHCLi@Koj6e~9G&?~Q&(wF0M0wOm6@p9RV?V)TA3g?Y{1?qBO@<4=-|WRSdV z53>%IqpLKhbGF`uDH^Zj4P&CS{SZE1!TyC%+}{%tK|uEHY)?S7-ksGL7qAzz-lTa4 zNbU*TI2G0^$4d0N#kqAr;Xg4=;Ge9EBzV5@^d0Zsj2CYGd%nPxK9ZHIqDBq!8|*%I zZn77^FXE=DuNWCE%aPz&XEg@nSDm{^e$J;KJ%zRZ#JxxJL4?0$C4AITjqxXpvoSWv zE4k;1Ys7Mk~V@lE`iy1)HN@&t+4^)FjyDi@dumKO^XH=AC-D?W@S%>jZ! zkrEh%t-R~zWjkE(`RMPL`}vbcj%GE5E^)Wym1Tu?wp70CRH5GV38tyrb2a6-xVYXq zl5j^-j84v0j!pN3if#Td;oc2iPOrdyZ=evRp`xNg>c9nv2ye7nKv`|Y*CK)mtx zR%j_Vxu?)wUf+|Z7*o3?JF%0c^@;%wjw9LRIuUePb}44gL)i3oOcYAP&dzQY{F6_< zKGobKFoW&d0GaWHnZl`rZ;(;YAl<6G9x*;upwhrLL+Vq zshTibtEAZMmt%xNIXt!PnpO=4VxjBNVH66rbm6QN=8s#(9U(8zK8!loetq2Lr9}@G zB^MOn@2^eZ)%`S{=sD#SxcRaSM(bGKOrZdF^32_-si~108TXapxXE~z$!;r4%otrs zCfQ_C#}kc}{hRC*a6f&N>;)|)vnCna^~G&W7?*eyiP}l0$+LWTtYYW#VFIyr8hVT= zP+MWso)IUoUY#9J{#|@ Please note that iTunes is no longer available in macOS Catalina. If you are using an older version of macOS, iTunes is still available but since iTunes 12.7 it is not possible to install apps. +Different methods exist for installing an IPA package onto an iOS device, which are described in detail below. ## Sideloadly @MASTG-TOOL-0118 is a GUI tool that can automate all required steps for you. It requires valid Apple developer credentials, as it will obtain a valid signature from Apple servers. -!!! warning "Do not use your personal Apple account" - To sign an IPA file, you will need a valid iOS developer account, either free or paid. Both types come with certain restrictions, as explained on the Sideloadly website. We recommend creating a dedicated developer account for signing test applications, and **not** using your personal Apple account. - -## libimobiledevice +Simply connect your device via USB, enter your Apple ID and drag-and-drop the IPA file onto SideLoadly. Click start to automatically sign and install the given IPA. -On Linux and also macOS, you can alternatively use [libimobiledevice](https://www.libimobiledevice.org/ "libimobiledevice"), a cross-platform software protocol library and a set of tools for native communication with iOS devices. This allows you to install apps over a USB connection by executing ideviceinstaller. The connection is implemented with the USB multiplexing daemon [usbmuxd](https://www.theiphonewiki.com/wiki/Usbmux "Usbmux"), which provides a TCP tunnel over USB. + -The package for libimobiledevice will be available in your Linux package manager. On macOS you can install libimobiledevice via brew: - -```bash -brew install libimobiledevice -brew install ideviceinstaller -``` +## libimobiledevice -If you have any issues, try installing the libraries from source, as the precompiled version may be outdated. +On Linux and also macOS, you can alternatively use @MASTG-TOOL-0126. This allows you to install apps over a USB connection by executing ideviceinstaller. The connection is implemented with the USB multiplexing daemon [usbmuxd](https://www.theiphonewiki.com/wiki/Usbmux "Usbmux"), which provides a TCP tunnel over USB. -After the installation you have several new command line tools available, such as `ideviceinfo`, `ideviceinstaller` or `idevicedebug`. Let's install and debug the @MASTG-APP-0028 app with the following commands: +Let's install and debug the @MASTG-APP-0028 app with the following commands: ```bash -# The following command will show detailed information about the iOS device connected via USB. -$ ideviceinfo -# The following command will install the IPA to your iOS device. -$ ideviceinstaller -i iGoat-Swift_v1.0-frida-codesigned.ipa +$ ideviceinstaller -i Uncrackable.ipa ... Install: Complete -# The following command will start the app in debug mode, by providing the bundle name. The bundle name can be found in the previous command after "Installing". -$ idevicedebug -d run OWASP.iGoat-Swift ``` ## ipainstaller -The IPA can also be directly installed on the iOS device via the command line with [ipainstaller](https://github.com/autopear/ipainstaller "IPA Installer"). After copying the file over to the device, for example via scp, you can execute ipainstaller with the IPA's filename: +The IPA can also be directly installed on the iOS device via the command line with [ipainstaller](https://github.com/autopear/ipainstaller "IPA Installer"). Naturally, this requires a jailbroken device, as otherwise you cannot SSH into the device. After copying the file over to the device, for example via scp, you can execute ipainstaller with the IPA's filename: ```bash -ipainstaller App_name.ipa +ipainstaller Uncrackable.ipa ``` ## ios-deploy @@ -56,18 +43,12 @@ On macOS you can also use the @MASTG-TOOL-0054 tool to install iOS apps from the ```bash unzip Name.ipa -ios-deploy --bundle 'Payload/Name.app' -W -d -v -``` - -After the app is installed on the iOS device, you can simply start it by adding the `-m` flag which will directly start debugging without installing the app again. - -```bash -ios-deploy --bundle 'Payload/Name.app' -W -d -v -m +ios-deploy --bundle 'Payload/UnCrackable Level 1.app' -W -v ``` ## Xcode -It is also possible to use the Xcode IDE to install iOS apps by doing the following steps: +It is also possible to use the Xcode IDE to install iOS apps by executing the following steps: 1. Start Xcode 2. Select **Window/Devices and Simulators** @@ -89,7 +70,7 @@ Sometimes an application can require to be used on an iPad device. If you only h - + ``` It is important to note that changing this value will break the original signature of the IPA file so you need to re-sign the IPA, after the update, in order to install it on a device on which the signature validation has not been disabled. @@ -97,12 +78,3 @@ It is important to note that changing this value will break the original signatu This bypass might not work if the application requires capabilities that are specific to modern iPads while your iPhone or iPod is a bit older. Possible values for the property [UIDeviceFamily](https://developer.apple.com/library/archive/documentation/General/Reference/InfoPlistKeyReference/Articles/iPhoneOSKeys.html#//apple_ref/doc/uid/TP40009252-SW11 "UIDeviceFamily property") can be found in the Apple Developer documentation. - -One fundamental step when analyzing apps is information gathering. This can be done by inspecting the app package on your host computer or remotely by accessing the app data on the device. You'll find more advance techniques in the subsequent chapters but, for now, we will focus on the basics: getting a list of all installed apps, exploring the app package and accessing the app data directories on the device itself. This should give you a bit of context about what the app is all about without even having to reverse engineer it or perform more advanced analysis. We will be answering questions such as: - -- Which files are included in the package? -- Which Frameworks does the app use? -- Which capabilities does the app require? -- Which permissions does the app request to the user and for what reason? -- Does the app allow any unsecured connections? -- Does the app create any new files when being installed? diff --git a/techniques/ios/MASTG-TECH-0090.md b/techniques/ios/MASTG-TECH-0090.md index cd1512308a..ad286b123b 100644 --- a/techniques/ios/MASTG-TECH-0090.md +++ b/techniques/ios/MASTG-TECH-0090.md @@ -5,17 +5,55 @@ platform: ios If you want to enable dynamic testing with Frida but don't have access to a jailbroken device, you can patch and repackage the target app to load the [Frida gadget](https://www.frida.re/docs/gadget/). This way, you can instrument the app and do everything you need to do for dynamic analysis (of course, you can't break out of the sandbox this way). However, this technique only works if the app binary isn't FairPlay-encrypted (i.e., obtained from the App Store). -The easiest way to inject Frida into an installed application is by using frida-server. However, if this is not possible, the Frida Gadget can be injected into a decrypted IPA file. +On a jailbroken device, you can run `frida-server` which will take care of the injection for you, even in encrypted apps. However, on a non-jailbroken device we have to manually prepare the application. There are two approaches we can take: + +- Install a debug version of the application and inject during application launch +- Repackage the application to already include the Frida Gadget As an alternative to this automated approach, see @MASTG-TECH-0091. -## @MASTG-TOOL-0118 +You can inject Frida into an application using @MASTG-TOOL-0039, @MASTG-TOOL-0118 or @MASTG-TOOL-0038 + +## Frida + +After following any of the techniques of @MASTG-TECH-0057, your application will be running with the `get-task-allow` entitlement, which means it can be debugged. This means that the `frida` CLI tool can spawn the application and inject the Frida Gadget automatically, even on non-jailbroken devices. + +First, download the latest version of the Frida Gadget and move it to `/Users//.cache/frida/gadget-ios.dylib`: + +```bash +wget https://github.com/frida/frida/releases/download/16.5.9/frida-gadget-16.5.9-ios-universal.dylib.gz +gzip -d frida-gadget-16.5.9-ios-universal.dylib.gz +mv frida-gadget-16.5.9-ios-universal.dylib /Users/MAS/.cache/frida/gadget-ios.dylib +``` + +Next, simply run `frida` as you would normally: + +```bash +$ frida -U -f org.mas.myapp + ____ + / _ | Frida 16.5.9 - A world-class dynamic instrumentation toolkit + | (_| | + > _ | Commands: + /_/ |_| help -> Displays the help system + . . . . object? -> Display information about 'object' + . . . . exit/quit -> Exit + . . . . + . . . . More info at https://frida.re/docs/home/ + . . . . + . . . . Connected to iPhone (id=123456789) +Spawned `org.mas.myapp`. Resuming main thread! +[iPhone::org.mas.myapp]-> +``` + +## Sideloadly Sideloadly can be used to automatically inject libraries while repackaging and signing the app. To do so, click the `Advanced Options`, followed by `Inject dylibs/frameworks` and `+dylib/deb/bundle`: -## @MASTG-TOOL-0038 +After installation, you will not be able to launch the application from SpringBoard. However, you can launch the application in debug mode and attach Frida as explained in @MASTG-TECH-0055. + +## Objection Objection can inject the Frida Gadget into a given IPA file. Use a computer with macOS to perform all the steps indicated in the article ["Patching iOS Applications"](https://github.com/sensepost/objection/wiki/Patching-iOS-Applications) from the objection Wiki. Once you're done you'll be able to patch an IPA by calling the objection command: diff --git a/techniques/ios/MASTG-TECH-0091.md b/techniques/ios/MASTG-TECH-0091.md index 3d3d99bcdc..2f94ead922 100644 --- a/techniques/ios/MASTG-TECH-0091.md +++ b/techniques/ios/MASTG-TECH-0091.md @@ -3,9 +3,9 @@ title: Injecting Libraries into an IPA Manually platform: ios --- -This technique allows you to inject arbitrary libraries into an IPA file. +This technique allows you to inject arbitrary libraries into an IPA file. After injecting the library, you'll have to install the modified IPA onto your device using @MASTG-TECH-0056. -This is useful when you want to add additional functionality or testing capabilities to an application. For example, you can inject the Frida Gadget into an IPA file to enable dynamic instrumentation of the application. +This technique is useful when you want to add additional functionality or testing capabilities to an application. For example, you can inject the Frida Gadget into an IPA file to enable dynamic instrumentation of the application. We'll use the Frida Gadget (`FridaGadget.dylib`) as an example but you can use this technique to inject any `.dylib` library you want. diff --git a/tools/ios/MASTG-TOOL-0118.md b/tools/ios/MASTG-TOOL-0118.md index 8963f71746..464dbd8faa 100644 --- a/tools/ios/MASTG-TOOL-0118.md +++ b/tools/ios/MASTG-TOOL-0118.md @@ -8,3 +8,6 @@ source: https://sideloadly.io/ --- [Sideloadly](https://sideloadly.io/ "Sideloadly") allows you to obtain a valid signature for a given IPA file and then install it to a connected iOS device. In addition to signing and installing an IPA file, Sideloadly also allows you to inject tweaks, change the App or Bundle name or make other limited modifications to the IPA metadata. Sideloadly is available on both macOS and Windows. + +!!! warning "Do not use your personal Apple account" + To sign an IPA file, you will need a valid iOS developer account, either free or paid. Both types come with certain restrictions, as explained on the Sideloadly website. We recommend creating a dedicated developer account for signing test applications, and **not** using your personal Apple account. \ No newline at end of file From e9ff817f2433b7ce0d81b2626724f70cace523fd Mon Sep 17 00:00:00 2001 From: Jeroen Beckers Date: Thu, 26 Dec 2024 12:58:09 +0000 Subject: [PATCH 07/40] Fix ios debugging apps --- techniques/ios/MASTG-TECH-0055.md | 189 ++++++++++++++++++++++++++++-- techniques/ios/MASTG-TECH-0056.md | 23 ++++ 2 files changed, 205 insertions(+), 7 deletions(-) diff --git a/techniques/ios/MASTG-TECH-0055.md b/techniques/ios/MASTG-TECH-0055.md index 2fef60e060..2ced1b7946 100644 --- a/techniques/ios/MASTG-TECH-0055.md +++ b/techniques/ios/MASTG-TECH-0055.md @@ -3,19 +3,194 @@ title: Launching a Repackaged App in Debug Mode platform: ios --- -After the app has been installed on the device, it needs to be launched in debug mode. This is not the case when launching the app via springboard (the application will crash), but it is possible with various tools as explained in @MASTG-TECH-0056. When the application is running in debug mode, Frida can be injected into the process with name `Gadget`: +If you've repackaged an application with a Frida Gadget, or if you want to attach lldb to the application, you have to launch the application in debug mode. When you launch the application via SpringBoard, it will not launch in debug mode and the application will crash. + +After the application has been installed using @MASTG-TECH-TOOL-0056, you can launch it in debug mode using the following commands: + +## iOS17 and newer + +First, make sure you know the correct Bundle Identifier. Depending on how you signed the application, the actual Bundle Identifier might be different from the original Bundle Identifier. To get an overview of the installed applications, use the `ideviceinstaller` tool (see @MASTG-TOOL-0126): ```bash -idevicedebug -d run sg.vp.UnCrackable1 +$ ideviceinstaller list +CFBundleIdentifier, CFBundleShortVersionString, CFBundleDisplayName +sg.vp.UnCrackable1.QH868V5764, "1.0", "UnCrackable1" +org.owasp.mastestapp.MASTestApp, "3.0.0", "Adyen3DS2Demo" +com.apple.TestFlight, "3.5.2", "TestFlight" +``` + +In this example, @MASTG-TOOL-0118 appended the team identifier (`QH868V5764`) to the original Bundle Identifier. + +Next, we need to get the corect device identifier, which we can get using `idevice_id` (see @MASTG-TOOL-0126): + +```bash +$ idevice_id +00008101-1234567890123456 (USB) +00008101-1234567890123456 (Network) +``` + +Now that we have the correct Bundle Identifier and device ID, we can launch the app using `xrun` (see @MASTG-TOOL-0071): + +```bash +xcrun devicectl device process launch --device 00008101-1234567890123456 --start-stopped sg.vp.UnCrackable1.QH868V5764 +13:00:43 Enabling developer disk image services. +13:00:43 Acquired usage assertion. +Launched application with sg.vp.UnCrackable1.QH868V5764 bundle identifier. +``` -# In a new terminal +Finally, you can attach `lldb` using the following commands: + +```bash +$ lldb +(lldb) device select 00008101-1234567890123456 +(lldb) device process list +PID PARENT USER TRIPLE NAME +====== ====== ========== ============================== ============================ +1 0 launchd +... +771 0 +774 0 +781 0 ReportCrash +783 0 UnCrackable Level 1 +(lldb) device process attach --pid 783 +Process 783 stopped +* thread #1, stop reason = signal SIGSTOP + frame #0: 0x0000000104312920 dyld`_dyld_start +dyld`_dyld_start: +-> 0x104312920 <+0>: mov x0, sp + 0x104312924 <+4>: and sp, x0, #0xfffffffffffffff0 + 0x104312928 <+8>: mov x29, #0x0 ; =0 + 0x10431292c <+12>: mov x30, #0x0 ; =0 +Target 0: (UnCrackable Level 1) stopped. +(lldb) c +Process 783 resuming +(lldb) +``` + +If you manually injected a Frida Gadget, Frida will now be waiting for you to attach to it. Until you do so, the application will appear frozen. + +```bash +rida-ps -Ua +PID Name Identifier +--- ------------- ------------------------------- +389 Calendar com.apple.mobilecal +783 Gadget re.frida.Gadget +336 TestFlight com.apple.TestFlight +783 UnCrackable1 sg.vp.UnCrackable1.QH868V5764 +339 Weather com.apple.weather +``` + +The `783` process has launched a new thread called Gadget to which you can attach: + +```bash frida -U -n Gadget + ____ + / _ | Frida 16.5.9 - A world-class dynamic instrumentation toolkit + | (_| | + > _ | Commands: + /_/ |_| help -> Displays the help system + . . . . object? -> Display information about 'object' + . . . . exit/quit -> Exit + . . . . + . . . . More info at https://frida.re/docs/home/ + . . . . + . . . . Connected to iPhone (id=00008101-000628803A69001E) + +[iPhone::Gadget ]-> ObjC.available +true +``` + +After attaching, the application will continue executing as normal. + +## iOS16 and older + +On older verions of iOS, you can use either `idevicedebug` (see @MASTG-TOOL-0126) or @MASTG-TOOL-0054 to launch the app in debug mode. + +### Using idevicedebug + +```bash +# Get the package name +$ ideviceinstaller list +CFBundleIdentifier, CFBundleShortVersionString, CFBundleDisplayName +org.sec575.CoinGame, "1.0", "CoinGame" +sg.vp.UnCrackable1.QH868V5764, "1.0", "UnCrackable1" +com.apple.TestFlight, "3.7.0", "TestFlight" +com.google.Maps, "24.50.0", "Google Maps" + +# Run in debug mode +$ idevicedebug -d run sg.vp.UnCrackable1.QH868V5764 +working_directory: /private/var/mobile/Containers/Data/Application/438DE865-2714-4BD9-B1EE-881AD4E54AD1 + +Setting logging bitmask... +Setting maximum packet size... +Setting working directory... +Setting argv... +app_argv[0] = /private/var/containers/Bundle/Application/E21B5B13-DD85-4C83-9A0E-03FCEBF95CF5/UnCrackable Level 1.app/UnCrackable Level 1 +Checking if launch succeeded... +Setting thread... +Continue running process... +``` + +### Using ios-deploy + +To use @MASTG-TOOL-0054, you first have to unzip the IPA file: + +```bash +$ unzip Uncrackable1-frida-codesigned.ipa -d unzipped +``` + +Next, use ios-deploy with the path of the app folder inside of the unzipped IPA: + +```bash +$ ios-deploy --bundle 'unzipped/Payload/UnCrackable Level 1.app' -W -d -v +ios-deploy --bundle 'pram/Payload/UnCrackable Level 1.app' -W -d -v +[....] Waiting for iOS device to be connected +Handling device type: 1 +Already found device? 0 +Hardware Model: D211AP +Device Name: NVISO’s iPhone JBE +Model Name: iPhone 8 Plus +SDK Name: iphoneos +Architecture Name: arm64 +Product Version: 16.6.1 +Build Version: 20G81 +[....] Using 593ad60af30ad045b9cb99d2901031226c1b8c84 (D211AP, iPhone 8 Plus, iphoneos, arm64, 16.6.1, 20G81) a.k.a. '**NVISO**’s iPhone JBE'. +------ Install phase ------ +[ 0%] Found 593ad60af30ad045b9cb99d2901031226c1b8c84 (D211AP, iPhone 8 Plus, iphoneos, arm64, 16.6.1, 20G81) a.k.a. 'NVISO’s iPhone JBE' connected through USB, beginning install +[ 5%] Copying /Users/MAS/unzipped/Payload/UnCrackable Level 1.app/META-INF/ to device +[ 5%] Copying /Users/MAS/unzipped/Payload/UnCrackable Level 1.app/META-INF/com.apple.ZipMetadata.plist to device +[ 6%] Copying /Users/MAS/unzipped/Payload/UnCrackable Level 1.app/META-INF/com.apple.ZipMetadata.plist to device ... -[iPhone::Gadget ]-> ``` -## Starting with iOS 17 and Xcode 15 +### Attaching Frida + +If your application was repackaged with a Frida Gadget, the application will wait for you to attach to it before it continues launching. -Since Xcode 15 and iOS 17 the tool @MASTG-TOOL-0054 will [not work anymore to start an app in debug mode](https://github.com/ios-control/ios-deploy/issues/588). +In a new terminal window, connect to the Frida gadget, just like in the iOS17 scenario: -A workaround to start the re-packaged app with the `FridaGadget.dylib` in debug mode (without using @MASTG-TOOL-0054) can be found [here](https://github.com/ios-control/ios-deploy/issues/588#issuecomment-1907913430). +```bash +$ frida-ps -Ua +PID Name Identifier +--- ------------- ----------------------------- +... +468 Gadget re.frida.Gadget +... +468 UnCrackable1 sg.vp.UnCrackable1.QH868V5764 + + +$ frida -U -n Gadget + ____ + / _ | Frida 16.5.9 - A world-class dynamic instrumentation toolkit + | (_| | + > _ | Commands: + /_/ |_| help -> Displays the help system + . . . . object? -> Display information about 'object' + . . . . exit/quit -> Exit + . . . . + . . . . More info at https://frida.re/docs/home/ + . . . . + . . . . Connected to iPhone (id=593ad60af30ad045b9cb99d2901031226c1b8c84) +[iPhone::Gadget ]-> ObjC.available +true +``` diff --git a/techniques/ios/MASTG-TECH-0056.md b/techniques/ios/MASTG-TECH-0056.md index b5512b13b7..935f4eea58 100644 --- a/techniques/ios/MASTG-TECH-0056.md +++ b/techniques/ios/MASTG-TECH-0056.md @@ -46,6 +46,29 @@ unzip Name.ipa ios-deploy --bundle 'Payload/UnCrackable Level 1.app' -W -v ``` +## xcrun + +After installing @MASTG-TOOL-0071, you can execute the following command to install a signed IPA: + +```bash +# Get the correct device id +$ idevice_id +00008101-00FF28803FF9001E (USB) + +$ xcrun devicectl device install app --device 00008101-00FF28803FF9001E ~/signed.ipa +11:59:04 Acquired tunnel connection to device. +11:59:04 Enabling developer disk image services. +11:59:04 Acquired usage assertion. +4%... 12%... 28%... 30%... 31%... 32%... 33%... 35%... 36%... 37%... 39%... 40%... 42%... 43%... 45%... 49%... 51%... 52%... 54%... 55%... 57%... 59%... 60%... 62%... 66%... 68%... 72%... 76%... 80%... 84%... 88%... 92%... 96%... Complete! +App installed: +• bundleID: org.mas.myapp +• installationURL: file:///private/var/containers/Bundle/Application/DFC99D25-FC36-462E-91D2-18CDE717ED21/UnCrackable%20Level%201.app/ +• launchServicesIdentifier: unknown +• databaseUUID: DA52A5EB-5D39-4628-810E-8F42A5561CDF +• databaseSequenceNumber: 1516 +• options: +``` + ## Xcode It is also possible to use the Xcode IDE to install iOS apps by executing the following steps: From d95283f7e4365021066ce21552c3ebea0ca7a454 Mon Sep 17 00:00:00 2001 From: Jeroen Beckers Date: Thu, 26 Dec 2024 13:04:00 +0000 Subject: [PATCH 08/40] Fix linting and small update --- tools/ios/MASTG-TOOL-0118.md | 2 +- tools/ios/MASTG-TOOL-0126.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/tools/ios/MASTG-TOOL-0118.md b/tools/ios/MASTG-TOOL-0118.md index 464dbd8faa..819ac41ecf 100644 --- a/tools/ios/MASTG-TOOL-0118.md +++ b/tools/ios/MASTG-TOOL-0118.md @@ -10,4 +10,4 @@ source: https://sideloadly.io/ [Sideloadly](https://sideloadly.io/ "Sideloadly") allows you to obtain a valid signature for a given IPA file and then install it to a connected iOS device. In addition to signing and installing an IPA file, Sideloadly also allows you to inject tweaks, change the App or Bundle name or make other limited modifications to the IPA metadata. Sideloadly is available on both macOS and Windows. !!! warning "Do not use your personal Apple account" - To sign an IPA file, you will need a valid iOS developer account, either free or paid. Both types come with certain restrictions, as explained on the Sideloadly website. We recommend creating a dedicated developer account for signing test applications, and **not** using your personal Apple account. \ No newline at end of file + To sign an IPA file, you will need a valid iOS developer account, either free or paid. Both types come with certain restrictions, as explained on the Sideloadly website. We recommend creating a dedicated developer account for signing test applications, and **not** using your personal Apple account. diff --git a/tools/ios/MASTG-TOOL-0126.md b/tools/ios/MASTG-TOOL-0126.md index 6cc4eebd8c..0900abb447 100644 --- a/tools/ios/MASTG-TOOL-0126.md +++ b/tools/ios/MASTG-TOOL-0126.md @@ -12,7 +12,7 @@ The libimobiledevice suite is cross-platform protocol library for interacting wi !!! warning - While many package repositories (apt, brew, cargo, ...) have versions of libimobiledevice tools, they are often outdated. We recommend compiling the different tools from source for the best results. + While many package repositories (apt, brew, cargo, ...) have versions of libimobiledevice tools, they are often outdated. We recommend compiling the different tools from source for the best results. Note that even if your package manager has the latest version based on `-v`, the source code will still be more up-to-date. The following tools are part of the libimobiledevice suite: From 462784d5f4e002b98e23d72a97545bb22a61e26e Mon Sep 17 00:00:00 2001 From: Jeroen Beckers Date: Thu, 26 Dec 2024 13:04:57 +0000 Subject: [PATCH 09/40] Fix lint and reference --- techniques/ios/MASTG-TECH-0079.md | 120 +++++++++++++++--------------- techniques/ios/MASTG-TECH-0096.md | 2 +- techniques/ios/MASTG-TECH-0118.md | 2 +- 3 files changed, 62 insertions(+), 62 deletions(-) diff --git a/techniques/ios/MASTG-TECH-0079.md b/techniques/ios/MASTG-TECH-0079.md index fe98f87717..2febb2fa8a 100644 --- a/techniques/ios/MASTG-TECH-0079.md +++ b/techniques/ios/MASTG-TECH-0079.md @@ -37,7 +37,7 @@ $ security find-identity -v -p codesigning 1 valid identities found ``` -Additionally, the provisioning profile is stored on your host in the ` ~/Library/Developer/Xcode/DerivedData` folder: +Additionally, the provisioning profile is stored on your host in the `~/Library/Developer/Xcode/DerivedData` folder: ```bash $ find ~/Library/Developer/Xcode/DerivedData | grep embedded @@ -62,64 +62,64 @@ $ security cms -D -i embedded.mobileprovision - - AppIDName - XC org mas testapp - ApplicationIdentifierPrefix - - QH868V5764 - - CreationDate - 2024-12-26T07:22:22Z - Platform - - iOS - xrOS - visionOS - - IsXcodeManaged - - DeveloperCertificates - - ...SNIP... - - DER-Encoded-Profile - ...SNIP... - Entitlements - - application-identifier - QH868V5764.org.mas.apptest - keychain-access-groups - - QH868V5764.* - - get-task-allow - - com.apple.developer.team-identifier - QH868V5764 - - ExpirationDate - 2025-01-02T07:22:22Z - Name - iOS Team Provisioning Profile: org.mas.testapp - ProvisionedDevices - - ...SNIP... - - LocalProvision - - TeamIdentifier - - QH868V5764 - - TeamName - OWASP MAS - TimeToLive - 7 - UUID - ...SNIP... - Version - 1 - + + AppIDName + XC org mas testapp + ApplicationIdentifierPrefix + + QH868V5764 + + CreationDate + 2024-12-26T07:22:22Z + Platform + + iOS + xrOS + visionOS + + IsXcodeManaged + + DeveloperCertificates + + ...SNIP... + + DER-Encoded-Profile + ...SNIP... + Entitlements + + application-identifier + QH868V5764.org.mas.apptest + keychain-access-groups + + QH868V5764.* + + get-task-allow + + com.apple.developer.team-identifier + QH868V5764 + + ExpirationDate + 2025-01-02T07:22:22Z + Name + iOS Team Provisioning Profile: org.mas.testapp + ProvisionedDevices + + ...SNIP... + + LocalProvision + + TeamIdentifier + + QH868V5764 + + TeamName + OWASP MAS + TimeToLive + 7 + UUID + ...SNIP... + Version + 1 + ``` diff --git a/techniques/ios/MASTG-TECH-0096.md b/techniques/ios/MASTG-TECH-0096.md index 6039b34128..c993c425bf 100644 --- a/techniques/ios/MASTG-TECH-0096.md +++ b/techniques/ios/MASTG-TECH-0096.md @@ -60,7 +60,7 @@ If you're only interested into the modules (binaries and libraries) that the app As you might expect you can correlate the addresses of the libraries with the memory maps: e.g. the main app from @MASTG-APP-0028 is called "iGoat-Swift" and is located at `0x0000000100b7c000` and the Realm Framework at `0x0000000100f60000`. -You can also use objection to display the same information. +You can also use @MASTG-TOOL-0074 to display the same information. ```bash $ objection --gadget OWASP.iGoat-Swift explore diff --git a/techniques/ios/MASTG-TECH-0118.md b/techniques/ios/MASTG-TECH-0118.md index a0d3055494..415f8995f0 100644 --- a/techniques/ios/MASTG-TECH-0118.md +++ b/techniques/ios/MASTG-TECH-0118.md @@ -12,7 +12,7 @@ In radare2, the presence of these compiler-provided security features can be che **Check for PIC and Canaries:** Using the `i` command, you can check if the binary has Position Independent Code (PIC) enabled (`pic`) and if it has stack canaries (`canary`). ```sh -r2 MASTestApp +r2 MASTestApp [0x100007408]> i~canary,pic canary true pic true From 6ec210259e50b9eb7693c196657a41dd1eb2fe6e Mon Sep 17 00:00:00 2001 From: Jeroen Beckers Date: Thu, 26 Dec 2024 13:08:25 +0000 Subject: [PATCH 10/40] Spellcheck --- techniques/ios/MASTG-TECH-0055.md | 6 +++--- techniques/ios/MASTG-TECH-0092.md | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/techniques/ios/MASTG-TECH-0055.md b/techniques/ios/MASTG-TECH-0055.md index 2ced1b7946..d8d64f384d 100644 --- a/techniques/ios/MASTG-TECH-0055.md +++ b/techniques/ios/MASTG-TECH-0055.md @@ -3,7 +3,7 @@ title: Launching a Repackaged App in Debug Mode platform: ios --- -If you've repackaged an application with a Frida Gadget, or if you want to attach lldb to the application, you have to launch the application in debug mode. When you launch the application via SpringBoard, it will not launch in debug mode and the application will crash. +If you've repackaged an application with a Frida Gadget, or if you want to attach @MASTG-TOOL-0057 to the application, you have to launch the application in debug mode. When you launch the application via SpringBoard, it will not launch in debug mode and the application will crash. After the application has been installed using @MASTG-TECH-TOOL-0056, you can launch it in debug mode using the following commands: @@ -21,7 +21,7 @@ com.apple.TestFlight, "3.5.2", "TestFlight" In this example, @MASTG-TOOL-0118 appended the team identifier (`QH868V5764`) to the original Bundle Identifier. -Next, we need to get the corect device identifier, which we can get using `idevice_id` (see @MASTG-TOOL-0126): +Next, we need to get the correct device identifier, which we can get using `idevice_id` (see @MASTG-TOOL-0126): ```bash $ idevice_id @@ -104,7 +104,7 @@ After attaching, the application will continue executing as normal. ## iOS16 and older -On older verions of iOS, you can use either `idevicedebug` (see @MASTG-TOOL-0126) or @MASTG-TOOL-0054 to launch the app in debug mode. +On older versions of iOS, you can use either `idevicedebug` (see @MASTG-TOOL-0126) or @MASTG-TOOL-0054 to launch the app in debug mode. ### Using idevicedebug diff --git a/techniques/ios/MASTG-TECH-0092.md b/techniques/ios/MASTG-TECH-0092.md index ded75dbaa6..225953a647 100644 --- a/techniques/ios/MASTG-TECH-0092.md +++ b/techniques/ios/MASTG-TECH-0092.md @@ -60,7 +60,7 @@ More information can be found in the official documentation: ["Codesign an exist !!! warning - By default, fastlane will always use the Bundle identifier from the given provisioning profile, both for normal Apple accounts and Developer accounts. If you have a Developer account, you can specify the desired Bundle identifyer by directly using the `resign.sh` script bundled with Fastlane and specifying the `--bundle-id` property: + By default, fastlane will always use the Bundle identifier from the given provisioning profile, both for normal Apple accounts and Developer accounts. If you have a Developer account, you can specify the desired Bundle identifier by directly using the `resign.sh` script bundled with Fastlane and specifying the `--bundle-id` property: ```bash $ /opt/homebrew/Cellar/fastlane/2.226.0/libexec/gems/fastlane-2.226.0/sigh/lib/assets/resign.sh /Users/MAS/uncrackable1.ipa -p /Users/MAS/embedded.mobileprovision /Users/MAS/signed.ipa -v --bundle-id "org.mas.myapp" From 52dd89811720389f9e8852c138ccbda8f3307308 Mon Sep 17 00:00:00 2001 From: Jeroen Beckers Date: Mon, 30 Dec 2024 11:59:07 +0100 Subject: [PATCH 11/40] Update tools/ios/MASTG-TOOL-0055.md Co-authored-by: Sven --- tools/ios/MASTG-TOOL-0055.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/ios/MASTG-TOOL-0055.md b/tools/ios/MASTG-TOOL-0055.md index 678c6a9fa9..d50cded938 100644 --- a/tools/ios/MASTG-TOOL-0055.md +++ b/tools/ios/MASTG-TOOL-0055.md @@ -1,5 +1,5 @@ --- -title: iProxy +title: iproxy platform: ios source: https://github.com/libimobiledevice/libusbmuxd --- From e228714d239e149461dd5bfd856370efdb09dfd7 Mon Sep 17 00:00:00 2001 From: Jeroen Beckers Date: Mon, 30 Dec 2024 11:59:21 +0100 Subject: [PATCH 12/40] Update tools/ios/MASTG-TOOL-0055.md Co-authored-by: Sven --- tools/ios/MASTG-TOOL-0055.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/ios/MASTG-TOOL-0055.md b/tools/ios/MASTG-TOOL-0055.md index d50cded938..32cf294194 100644 --- a/tools/ios/MASTG-TOOL-0055.md +++ b/tools/ios/MASTG-TOOL-0055.md @@ -4,7 +4,7 @@ platform: ios source: https://github.com/libimobiledevice/libusbmuxd --- -iProxy allows you to forward a port from a connected iOS device to a port on the host machine. iProxy can be useful for interacting with jailbroken devices, as some jailbreaks do not expose the SSH port on the public interface. With iProxy, the SSH port can be forwarded over USB to the host, allowing you to still connect to it. +`iproxy` allows you to forward a port from a connected iOS device to a port on the host machine. This can be useful for interacting with jailbroken devices, as some jailbreaks do not expose the SSH port on the public interface. With `iproxy`, the SSH port can be forwarded over USB to the host, allowing you to still connect to it. !!! warning From ef4fabf071f6038955ebc2dc52f3cc8a37aa6369 Mon Sep 17 00:00:00 2001 From: Jeroen Beckers Date: Mon, 30 Dec 2024 12:01:44 +0100 Subject: [PATCH 13/40] Update tools/ios/MASTG-TOOL-0126.md Co-authored-by: Sven --- tools/ios/MASTG-TOOL-0126.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/ios/MASTG-TOOL-0126.md b/tools/ios/MASTG-TOOL-0126.md index 0900abb447..97e6dbe040 100644 --- a/tools/ios/MASTG-TOOL-0126.md +++ b/tools/ios/MASTG-TOOL-0126.md @@ -8,7 +8,7 @@ host: source: https://libimobiledevice.org/ --- -The libimobiledevice suite is cross-platform protocol library for interacting with iOS devices. The different libraries can be compiled into binaries for direct interaction with iOS devices from the commandline. +The libimobiledevice suite is cross-platform protocol library for interacting with iOS devices. The different libraries can be compiled into binaries for direct interaction with iOS devices from the command line. !!! warning From d28f7ae8879b191acc97eeeff66715f6457db1b5 Mon Sep 17 00:00:00 2001 From: Jeroen Beckers Date: Mon, 30 Dec 2024 12:02:39 +0100 Subject: [PATCH 14/40] Update tools/ios/MASTG-TOOL-0055.md Co-authored-by: Sven --- tools/ios/MASTG-TOOL-0055.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/tools/ios/MASTG-TOOL-0055.md b/tools/ios/MASTG-TOOL-0055.md index 32cf294194..5dd9bf6982 100644 --- a/tools/ios/MASTG-TOOL-0055.md +++ b/tools/ios/MASTG-TOOL-0055.md @@ -1,6 +1,10 @@ --- title: iproxy platform: ios +host: +- macOS +- windows +- linux source: https://github.com/libimobiledevice/libusbmuxd --- From 2ce8cbda274c87bd2a8e1d05a453bb82efd2cfc5 Mon Sep 17 00:00:00 2001 From: Jeroen Beckers Date: Sat, 4 Jan 2025 22:10:27 +0100 Subject: [PATCH 15/40] Update techniques/ios/MASTG-TECH-0055.md Co-authored-by: Sven --- techniques/ios/MASTG-TECH-0055.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/techniques/ios/MASTG-TECH-0055.md b/techniques/ios/MASTG-TECH-0055.md index d8d64f384d..ab0f0d97cf 100644 --- a/techniques/ios/MASTG-TECH-0055.md +++ b/techniques/ios/MASTG-TECH-0055.md @@ -70,7 +70,7 @@ Process 783 resuming If you manually injected a Frida Gadget, Frida will now be waiting for you to attach to it. Until you do so, the application will appear frozen. ```bash -rida-ps -Ua +$ frida-ps -Ua PID Name Identifier --- ------------- ------------------------------- 389 Calendar com.apple.mobilecal From a2611b6ae8e7df2665a9683cd6e91aea9ee37c20 Mon Sep 17 00:00:00 2001 From: Jeroen Beckers Date: Sat, 4 Jan 2025 22:10:38 +0100 Subject: [PATCH 16/40] Update techniques/ios/MASTG-TECH-0055.md Co-authored-by: Sven --- techniques/ios/MASTG-TECH-0055.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/techniques/ios/MASTG-TECH-0055.md b/techniques/ios/MASTG-TECH-0055.md index ab0f0d97cf..677f2da1a3 100644 --- a/techniques/ios/MASTG-TECH-0055.md +++ b/techniques/ios/MASTG-TECH-0055.md @@ -42,7 +42,9 @@ Finally, you can attach `lldb` using the following commands: ```bash $ lldb +# Select the iOS device you want to interact with (lldb) device select 00008101-1234567890123456 + (lldb) device process list PID PARENT USER TRIPLE NAME ====== ====== ========== ============================== ============================ From 90f5347bb0c63ec2c6c35268657fdaecd3d43d94 Mon Sep 17 00:00:00 2001 From: Jeroen Beckers Date: Sat, 4 Jan 2025 22:10:59 +0100 Subject: [PATCH 17/40] Update techniques/ios/MASTG-TECH-0055.md Co-authored-by: Sven --- techniques/ios/MASTG-TECH-0055.md | 1 + 1 file changed, 1 insertion(+) diff --git a/techniques/ios/MASTG-TECH-0055.md b/techniques/ios/MASTG-TECH-0055.md index 677f2da1a3..a0449e85ed 100644 --- a/techniques/ios/MASTG-TECH-0055.md +++ b/techniques/ios/MASTG-TECH-0055.md @@ -41,6 +41,7 @@ Launched application with sg.vp.UnCrackable1.QH868V5764 bundle identifier. Finally, you can attach `lldb` using the following commands: ```bash +# Execute the lldb debugger $ lldb # Select the iOS device you want to interact with (lldb) device select 00008101-1234567890123456 From 1d36e5010536bd8aed9ada479ceb8b36b8f53d38 Mon Sep 17 00:00:00 2001 From: Jeroen Beckers Date: Sat, 4 Jan 2025 22:11:25 +0100 Subject: [PATCH 18/40] Update techniques/ios/MASTG-TECH-0055.md Co-authored-by: Sven --- techniques/ios/MASTG-TECH-0055.md | 1 + 1 file changed, 1 insertion(+) diff --git a/techniques/ios/MASTG-TECH-0055.md b/techniques/ios/MASTG-TECH-0055.md index a0449e85ed..45bef2fa2a 100644 --- a/techniques/ios/MASTG-TECH-0055.md +++ b/techniques/ios/MASTG-TECH-0055.md @@ -55,6 +55,7 @@ PID PARENT USER TRIPLE NAME 774 0 781 0 ReportCrash 783 0 UnCrackable Level 1 +# Attach to a specific process by their process ID (lldb) device process attach --pid 783 Process 783 stopped * thread #1, stop reason = signal SIGSTOP From 5f774076ad190e5f27cb7a12fbd523d6eadc5889 Mon Sep 17 00:00:00 2001 From: Jeroen Beckers Date: Sat, 4 Jan 2025 22:11:57 +0100 Subject: [PATCH 19/40] Update techniques/ios/MASTG-TECH-0055.md Co-authored-by: Sven --- techniques/ios/MASTG-TECH-0055.md | 1 + 1 file changed, 1 insertion(+) diff --git a/techniques/ios/MASTG-TECH-0055.md b/techniques/ios/MASTG-TECH-0055.md index 45bef2fa2a..368de86d08 100644 --- a/techniques/ios/MASTG-TECH-0055.md +++ b/techniques/ios/MASTG-TECH-0055.md @@ -46,6 +46,7 @@ $ lldb # Select the iOS device you want to interact with (lldb) device select 00008101-1234567890123456 +# Query the processes on a device. (lldb) device process list PID PARENT USER TRIPLE NAME ====== ====== ========== ============================== ============================ From 7f02dd70dfaaf46f26a632d1352d3205eec70c8e Mon Sep 17 00:00:00 2001 From: Jeroen Beckers Date: Sat, 4 Jan 2025 22:12:08 +0100 Subject: [PATCH 20/40] Update techniques/ios/MASTG-TECH-0055.md Co-authored-by: Sven --- techniques/ios/MASTG-TECH-0055.md | 1 + 1 file changed, 1 insertion(+) diff --git a/techniques/ios/MASTG-TECH-0055.md b/techniques/ios/MASTG-TECH-0055.md index 368de86d08..55b0840f1a 100644 --- a/techniques/ios/MASTG-TECH-0055.md +++ b/techniques/ios/MASTG-TECH-0055.md @@ -67,6 +67,7 @@ dyld`_dyld_start: 0x104312928 <+8>: mov x29, #0x0 ; =0 0x10431292c <+12>: mov x30, #0x0 ; =0 Target 0: (UnCrackable Level 1) stopped. +# Continue execution of all threads in the current process. (lldb) c Process 783 resuming (lldb) From cc66983609f1f470b472d5e8c10fd45949c6a565 Mon Sep 17 00:00:00 2001 From: Jeroen Beckers Date: Sat, 4 Jan 2025 22:12:42 +0100 Subject: [PATCH 21/40] Update techniques/ios/MASTG-TECH-0055.md Co-authored-by: Sven --- techniques/ios/MASTG-TECH-0055.md | 1 + 1 file changed, 1 insertion(+) diff --git a/techniques/ios/MASTG-TECH-0055.md b/techniques/ios/MASTG-TECH-0055.md index 55b0840f1a..5b73b9cb42 100644 --- a/techniques/ios/MASTG-TECH-0055.md +++ b/techniques/ios/MASTG-TECH-0055.md @@ -56,6 +56,7 @@ PID PARENT USER TRIPLE NAME 774 0 781 0 ReportCrash 783 0 UnCrackable Level 1 + # Attach to a specific process by their process ID (lldb) device process attach --pid 783 Process 783 stopped From 8f8cc976a53d367c1e363d52bd0a945f148fa756 Mon Sep 17 00:00:00 2001 From: Jeroen Beckers Date: Sat, 4 Jan 2025 22:13:40 +0100 Subject: [PATCH 22/40] Update techniques/ios/MASTG-TECH-0055.md Co-authored-by: Sven --- techniques/ios/MASTG-TECH-0055.md | 1 + 1 file changed, 1 insertion(+) diff --git a/techniques/ios/MASTG-TECH-0055.md b/techniques/ios/MASTG-TECH-0055.md index 5b73b9cb42..49480d7483 100644 --- a/techniques/ios/MASTG-TECH-0055.md +++ b/techniques/ios/MASTG-TECH-0055.md @@ -68,6 +68,7 @@ dyld`_dyld_start: 0x104312928 <+8>: mov x29, #0x0 ; =0 0x10431292c <+12>: mov x30, #0x0 ; =0 Target 0: (UnCrackable Level 1) stopped. + # Continue execution of all threads in the current process. (lldb) c Process 783 resuming From 317b37e1ba9d54279411f08ed818944a142f996c Mon Sep 17 00:00:00 2001 From: Jeroen Beckers Date: Sat, 4 Jan 2025 22:15:16 +0100 Subject: [PATCH 23/40] Apply suggestions from code review Co-authored-by: Sven --- techniques/ios/MASTG-TECH-0055.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/techniques/ios/MASTG-TECH-0055.md b/techniques/ios/MASTG-TECH-0055.md index 49480d7483..c135bde993 100644 --- a/techniques/ios/MASTG-TECH-0055.md +++ b/techniques/ios/MASTG-TECH-0055.md @@ -91,7 +91,7 @@ PID Name Identifier The `783` process has launched a new thread called Gadget to which you can attach: ```bash -frida -U -n Gadget +$ frida -U -n Gadget ____ / _ | Frida 16.5.9 - A world-class dynamic instrumentation toolkit | (_| | From 697bc7692bf6ce9f7ba81466f8d5fc0026b72a3c Mon Sep 17 00:00:00 2001 From: Jeroen Beckers Date: Mon, 20 Jan 2025 08:07:17 +0100 Subject: [PATCH 24/40] Update techniques/ios/MASTG-TECH-0055.md Co-authored-by: Sven --- techniques/ios/MASTG-TECH-0055.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/techniques/ios/MASTG-TECH-0055.md b/techniques/ios/MASTG-TECH-0055.md index c135bde993..e671b1ea8f 100644 --- a/techniques/ios/MASTG-TECH-0055.md +++ b/techniques/ios/MASTG-TECH-0055.md @@ -5,7 +5,9 @@ platform: ios If you've repackaged an application with a Frida Gadget, or if you want to attach @MASTG-TOOL-0057 to the application, you have to launch the application in debug mode. When you launch the application via SpringBoard, it will not launch in debug mode and the application will crash. -After the application has been installed using @MASTG-TECH-TOOL-0056, you can launch it in debug mode using the following commands: +After the application has been installed using @MASTG-TECH-0056, you can launch it in debug mode using the following commands. + +> Note that the commands that are part of @MASTG-TOOL-0126 refer to the latest version available from Github. If you installed them via brew or other package managers, you may have an older version with different command line flags. ## iOS17 and newer From 67109709d435d99780d653fb446c19d41396505d Mon Sep 17 00:00:00 2001 From: Jeroen Beckers Date: Mon, 20 Jan 2025 08:09:10 +0100 Subject: [PATCH 25/40] Update tools/ios/MASTG-TOOL-0118.md --- tools/ios/MASTG-TOOL-0118.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/ios/MASTG-TOOL-0118.md b/tools/ios/MASTG-TOOL-0118.md index 819ac41ecf..708acaedf8 100644 --- a/tools/ios/MASTG-TOOL-0118.md +++ b/tools/ios/MASTG-TOOL-0118.md @@ -10,4 +10,4 @@ source: https://sideloadly.io/ [Sideloadly](https://sideloadly.io/ "Sideloadly") allows you to obtain a valid signature for a given IPA file and then install it to a connected iOS device. In addition to signing and installing an IPA file, Sideloadly also allows you to inject tweaks, change the App or Bundle name or make other limited modifications to the IPA metadata. Sideloadly is available on both macOS and Windows. !!! warning "Do not use your personal Apple account" - To sign an IPA file, you will need a valid iOS developer account, either free or paid. Both types come with certain restrictions, as explained on the Sideloadly website. We recommend creating a dedicated developer account for signing test applications, and **not** using your personal Apple account. + To sign an IPA file, you will need a valid iOS developer account, either free or paid. Both types come with certain restrictions, as explained in @MASTG-TECH-0079. We recommend creating a dedicated developer account for signing test applications, and **not** using your personal Apple account. From 3d5bc8b1eb88a9aeea37d80a55060cdee374e2b9 Mon Sep 17 00:00:00 2001 From: Jeroen Beckers Date: Mon, 20 Jan 2025 08:10:15 +0100 Subject: [PATCH 26/40] Update techniques/ios/MASTG-TECH-0056.md Co-authored-by: Sven --- techniques/ios/MASTG-TECH-0056.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/techniques/ios/MASTG-TECH-0056.md b/techniques/ios/MASTG-TECH-0056.md index 935f4eea58..25ba4f16bd 100644 --- a/techniques/ios/MASTG-TECH-0056.md +++ b/techniques/ios/MASTG-TECH-0056.md @@ -19,7 +19,7 @@ Simply connect your device via USB, enter your Apple ID and drag-and-drop the IP ## libimobiledevice -On Linux and also macOS, you can alternatively use @MASTG-TOOL-0126. This allows you to install apps over a USB connection by executing ideviceinstaller. The connection is implemented with the USB multiplexing daemon [usbmuxd](https://www.theiphonewiki.com/wiki/Usbmux "Usbmux"), which provides a TCP tunnel over USB. +On Linux and also macOS, you can alternatively use @MASTG-TOOL-0126. This allows you to install apps over a USB connection by executing `ideviceinstaller`. The connection is implemented with the USB multiplexing daemon [usbmuxd](https://www.theiphonewiki.com/wiki/Usbmux "Usbmux"), which provides a TCP tunnel over USB. Let's install and debug the @MASTG-APP-0028 app with the following commands: From 1441ca0552c9245fc0e97087df87dc0e0aaca175 Mon Sep 17 00:00:00 2001 From: Jeroen Beckers Date: Mon, 20 Jan 2025 08:10:25 +0100 Subject: [PATCH 27/40] Update techniques/ios/MASTG-TECH-0056.md Co-authored-by: Sven --- techniques/ios/MASTG-TECH-0056.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/techniques/ios/MASTG-TECH-0056.md b/techniques/ios/MASTG-TECH-0056.md index 25ba4f16bd..b01030387d 100644 --- a/techniques/ios/MASTG-TECH-0056.md +++ b/techniques/ios/MASTG-TECH-0056.md @@ -21,7 +21,7 @@ Simply connect your device via USB, enter your Apple ID and drag-and-drop the IP On Linux and also macOS, you can alternatively use @MASTG-TOOL-0126. This allows you to install apps over a USB connection by executing `ideviceinstaller`. The connection is implemented with the USB multiplexing daemon [usbmuxd](https://www.theiphonewiki.com/wiki/Usbmux "Usbmux"), which provides a TCP tunnel over USB. -Let's install and debug the @MASTG-APP-0028 app with the following commands: +Let's install the @MASTG-APP-0028 app with the following command: ```bash $ ideviceinstaller -i Uncrackable.ipa From c9f9d7338b0ece416651a9f2f0046c3026dff9b1 Mon Sep 17 00:00:00 2001 From: Jeroen Beckers Date: Mon, 20 Jan 2025 08:12:29 +0100 Subject: [PATCH 28/40] Update techniques/ios/MASTG-TECH-0056.md Co-authored-by: Sven --- techniques/ios/MASTG-TECH-0056.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/techniques/ios/MASTG-TECH-0056.md b/techniques/ios/MASTG-TECH-0056.md index b01030387d..e81f073403 100644 --- a/techniques/ios/MASTG-TECH-0056.md +++ b/techniques/ios/MASTG-TECH-0056.md @@ -52,7 +52,7 @@ After installing @MASTG-TOOL-0071, you can execute the following command to inst ```bash # Get the correct device id -$ idevice_id +$ xcrun devicectl list devices 00008101-00FF28803FF9001E (USB) $ xcrun devicectl device install app --device 00008101-00FF28803FF9001E ~/signed.ipa From ff73a79c2d39de24ae01f93233669a12e5846760 Mon Sep 17 00:00:00 2001 From: Jeroen Beckers Date: Mon, 20 Jan 2025 08:13:10 +0100 Subject: [PATCH 29/40] Update techniques/ios/MASTG-TECH-0090.md Co-authored-by: Sven --- techniques/ios/MASTG-TECH-0090.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/techniques/ios/MASTG-TECH-0090.md b/techniques/ios/MASTG-TECH-0090.md index ad286b123b..802d6aaca0 100644 --- a/techniques/ios/MASTG-TECH-0090.md +++ b/techniques/ios/MASTG-TECH-0090.md @@ -18,7 +18,7 @@ You can inject Frida into an application using @MASTG-TOOL-0039, @MASTG-TOOL-011 After following any of the techniques of @MASTG-TECH-0057, your application will be running with the `get-task-allow` entitlement, which means it can be debugged. This means that the `frida` CLI tool can spawn the application and inject the Frida Gadget automatically, even on non-jailbroken devices. -First, download the latest version of the Frida Gadget and move it to `/Users//.cache/frida/gadget-ios.dylib`: +First, download the latest version of the Frida Gadget and move it to `/Users//.cache/frida/gadget-ios.dylib`. Frida is released frequently, so find the latest version available on the [Github releases page](https://github.com/frida/frida/releases) or download via the command line after obtaining the latest URL: ```bash wget https://github.com/frida/frida/releases/download/16.5.9/frida-gadget-16.5.9-ios-universal.dylib.gz From 4781846735a1b234a19d301b62ac878ff9cb9a1a Mon Sep 17 00:00:00 2001 From: Jeroen Beckers Date: Mon, 20 Jan 2025 08:13:23 +0100 Subject: [PATCH 30/40] Update techniques/ios/MASTG-TECH-0090.md Co-authored-by: Sven --- techniques/ios/MASTG-TECH-0090.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/techniques/ios/MASTG-TECH-0090.md b/techniques/ios/MASTG-TECH-0090.md index 802d6aaca0..d28e2a5a26 100644 --- a/techniques/ios/MASTG-TECH-0090.md +++ b/techniques/ios/MASTG-TECH-0090.md @@ -23,7 +23,7 @@ First, download the latest version of the Frida Gadget and move it to `/Users/ Date: Mon, 20 Jan 2025 08:13:58 +0100 Subject: [PATCH 31/40] Update techniques/ios/MASTG-TECH-0092.md Co-authored-by: Sven --- techniques/ios/MASTG-TECH-0092.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/techniques/ios/MASTG-TECH-0092.md b/techniques/ios/MASTG-TECH-0092.md index 225953a647..0ad3533477 100644 --- a/techniques/ios/MASTG-TECH-0092.md +++ b/techniques/ios/MASTG-TECH-0092.md @@ -54,7 +54,7 @@ $ fastlane resignipa [15:22:03]: fastlane.tools finished successfully 🎉 ``` -After setting this set up, you only need to change the path in the `Fastfile` for the IPA you want to resign and execute the command again. +Once this is set up, all you need to do is change the path in the `Fastfile` for the IPA you want to resign and run the command again. More information can be found in the official documentation: ["Codesign an existing ipa file with fastlane resign"](https://docs.fastlane.tools/actions/resign/) From 58aab16dbd82b611759702c0250a8c11cc2057ba Mon Sep 17 00:00:00 2001 From: Jeroen Beckers Date: Mon, 20 Jan 2025 08:14:24 +0100 Subject: [PATCH 32/40] Update techniques/ios/MASTG-TECH-0056.md Co-authored-by: Sven --- techniques/ios/MASTG-TECH-0056.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/techniques/ios/MASTG-TECH-0056.md b/techniques/ios/MASTG-TECH-0056.md index e81f073403..4f22436761 100644 --- a/techniques/ios/MASTG-TECH-0056.md +++ b/techniques/ios/MASTG-TECH-0056.md @@ -53,7 +53,10 @@ After installing @MASTG-TOOL-0071, you can execute the following command to inst ```bash # Get the correct device id $ xcrun devicectl list devices -00008101-00FF28803FF9001E (USB) +Devices: +Name Hostname Identifier State Model +------------------ ------------------------------------------ ------------------------------------ ------------------ ------------------------------ +Foobar 00008101-00FF28803FF9001E.coredevice.local ABD1F3D8-7BC1-52CD-8DB6-9BFD794CE862 available (paired) iPhone 14 Pro Max (iPhone15,3) $ xcrun devicectl device install app --device 00008101-00FF28803FF9001E ~/signed.ipa 11:59:04 Acquired tunnel connection to device. From 27b0adb8a0c6dbc1949be696b478a85b4b5e695f Mon Sep 17 00:00:00 2001 From: Jeroen Beckers Date: Mon, 20 Jan 2025 08:14:53 +0100 Subject: [PATCH 33/40] Update techniques/ios/MASTG-TECH-0079.md Co-authored-by: Sven --- techniques/ios/MASTG-TECH-0079.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/techniques/ios/MASTG-TECH-0079.md b/techniques/ios/MASTG-TECH-0079.md index 2febb2fa8a..1d644419b4 100644 --- a/techniques/ios/MASTG-TECH-0079.md +++ b/techniques/ios/MASTG-TECH-0079.md @@ -52,7 +52,7 @@ cp /Users/MAS/Library/Developer/Xcode/DerivedData/apptest-aijwmhfiximgzkhcmnluxr ## Inspecting the Provisioning Profile -Once you've obtained the provisioning profile, you can inspect its contents with the @MASTG-TOOL-0063 command. You'll find the entitlements granted to the app in the profile, along with the allowed certificates and devices. You'll need these for code-signing, so extract them to a separate plist file as shown below. Have a look at the file contents to make sure everything is as expected. +Once you've obtained the provisioning profile, you can inspect its contents with the @MASTG-TOOL-0063 command. You'll find the entitlements granted to the app in the profile, along with the allowed certificates and devices. ```bash $ security cms -D -i embedded.mobileprovision From 2929ad3567d3a84409eac11adc21e6a44ba8eaaa Mon Sep 17 00:00:00 2001 From: Jeroen Beckers Date: Mon, 20 Jan 2025 08:18:24 +0100 Subject: [PATCH 34/40] Update techniques/ios/MASTG-TECH-0090.md Co-authored-by: Sven --- techniques/ios/MASTG-TECH-0090.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/techniques/ios/MASTG-TECH-0090.md b/techniques/ios/MASTG-TECH-0090.md index d28e2a5a26..5d5b44fd81 100644 --- a/techniques/ios/MASTG-TECH-0090.md +++ b/techniques/ios/MASTG-TECH-0090.md @@ -21,7 +21,7 @@ After following any of the techniques of @MASTG-TECH-0057, your application will First, download the latest version of the Frida Gadget and move it to `/Users//.cache/frida/gadget-ios.dylib`. Frida is released frequently, so find the latest version available on the [Github releases page](https://github.com/frida/frida/releases) or download via the command line after obtaining the latest URL: ```bash -wget https://github.com/frida/frida/releases/download/16.5.9/frida-gadget-16.5.9-ios-universal.dylib.gz +wget https://github.com/frida/frida/releases/download/X.Y.Z/frida-gadget-X.Y.Z-ios-universal.dylib.gz gzip -d frida-gadget-16.5.9-ios-universal.dylib.gz mv frida-gadget-X.Y.Z-ios-universal.dylib /Users/MAS/.cache/frida/gadget-ios.dylib ``` From db19d8e03480077fe4f63d74f9bbee0216022e1d Mon Sep 17 00:00:00 2001 From: Jeroen Beckers Date: Mon, 20 Jan 2025 08:19:15 +0100 Subject: [PATCH 35/40] Update techniques/ios/MASTG-TECH-0090.md Co-authored-by: Sven --- techniques/ios/MASTG-TECH-0090.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/techniques/ios/MASTG-TECH-0090.md b/techniques/ios/MASTG-TECH-0090.md index 5d5b44fd81..a85da190a7 100644 --- a/techniques/ios/MASTG-TECH-0090.md +++ b/techniques/ios/MASTG-TECH-0090.md @@ -22,7 +22,7 @@ First, download the latest version of the Frida Gadget and move it to `/Users/ Date: Mon, 20 Jan 2025 08:19:46 +0100 Subject: [PATCH 36/40] Update techniques/ios/MASTG-TECH-0090.md --- techniques/ios/MASTG-TECH-0090.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/techniques/ios/MASTG-TECH-0090.md b/techniques/ios/MASTG-TECH-0090.md index a85da190a7..9abc3815cf 100644 --- a/techniques/ios/MASTG-TECH-0090.md +++ b/techniques/ios/MASTG-TECH-0090.md @@ -12,7 +12,7 @@ On a jailbroken device, you can run `frida-server` which will take care of the i As an alternative to this automated approach, see @MASTG-TECH-0091. -You can inject Frida into an application using @MASTG-TOOL-0039, @MASTG-TOOL-0118 or @MASTG-TOOL-0038 +You can inject Frida into an application using @MASTG-TOOL-0118 or @MASTG-TOOL-0038 ## Frida From 3953ec9f90ca0abad826ecb0db3b7bfec642c048 Mon Sep 17 00:00:00 2001 From: Jeroen Beckers Date: Mon, 20 Jan 2025 08:20:04 +0100 Subject: [PATCH 37/40] Update techniques/ios/MASTG-TECH-0056.md Co-authored-by: Sven --- techniques/ios/MASTG-TECH-0056.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/techniques/ios/MASTG-TECH-0056.md b/techniques/ios/MASTG-TECH-0056.md index 4f22436761..ec351d7020 100644 --- a/techniques/ios/MASTG-TECH-0056.md +++ b/techniques/ios/MASTG-TECH-0056.md @@ -42,7 +42,7 @@ ipainstaller Uncrackable.ipa On macOS you can also use the @MASTG-TOOL-0054 tool to install iOS apps from the command line. You'll need to unzip your IPA since ios-deploy uses the app bundles to install apps. ```bash -unzip Name.ipa +unzip UnCrackable.ipa ios-deploy --bundle 'Payload/UnCrackable Level 1.app' -W -v ``` From 182ab62588d5e06a0a6743e4913d63e222dfabb2 Mon Sep 17 00:00:00 2001 From: Jeroen Beckers Date: Sat, 4 Jan 2025 22:43:46 +0100 Subject: [PATCH 38/40] Remove unnecessary app --- techniques/ios/MASTG-TECH-0055.md | 1 - 1 file changed, 1 deletion(-) diff --git a/techniques/ios/MASTG-TECH-0055.md b/techniques/ios/MASTG-TECH-0055.md index e671b1ea8f..65906b93d2 100644 --- a/techniques/ios/MASTG-TECH-0055.md +++ b/techniques/ios/MASTG-TECH-0055.md @@ -122,7 +122,6 @@ On older versions of iOS, you can use either `idevicedebug` (see @MASTG-TOOL-012 # Get the package name $ ideviceinstaller list CFBundleIdentifier, CFBundleShortVersionString, CFBundleDisplayName -org.sec575.CoinGame, "1.0", "CoinGame" sg.vp.UnCrackable1.QH868V5764, "1.0", "UnCrackable1" com.apple.TestFlight, "3.7.0", "TestFlight" com.google.Maps, "24.50.0", "Google Maps" From 430b2c200d519a64ce8d35df4d432b6d43c3e98f Mon Sep 17 00:00:00 2001 From: Jeroen Beckers Date: Mon, 20 Jan 2025 15:15:11 +0100 Subject: [PATCH 39/40] Fix technique ref --- techniques/ios/MASTG-TECH-0090.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/techniques/ios/MASTG-TECH-0090.md b/techniques/ios/MASTG-TECH-0090.md index 9abc3815cf..1158e82521 100644 --- a/techniques/ios/MASTG-TECH-0090.md +++ b/techniques/ios/MASTG-TECH-0090.md @@ -16,7 +16,7 @@ You can inject Frida into an application using @MASTG-TOOL-0118 or @MASTG-TOOL-0 ## Frida -After following any of the techniques of @MASTG-TECH-0057, your application will be running with the `get-task-allow` entitlement, which means it can be debugged. This means that the `frida` CLI tool can spawn the application and inject the Frida Gadget automatically, even on non-jailbroken devices. +After following any of the techniques of @MASTG-TECH-0055, your application will be running with the `get-task-allow` entitlement, which means it can be debugged. This means that the `frida` CLI tool can spawn the application and inject the Frida Gadget automatically, even on non-jailbroken devices. First, download the latest version of the Frida Gadget and move it to `/Users//.cache/frida/gadget-ios.dylib`. Frida is released frequently, so find the latest version available on the [Github releases page](https://github.com/frida/frida/releases) or download via the command line after obtaining the latest URL: From c0620484a3e16c290be0155c76998634b326a14c Mon Sep 17 00:00:00 2001 From: Jeroen Beckers Date: Mon, 20 Jan 2025 15:23:46 +0100 Subject: [PATCH 40/40] Fix lint issue --- techniques/ios/MASTG-TECH-0079.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/techniques/ios/MASTG-TECH-0079.md b/techniques/ios/MASTG-TECH-0079.md index 1d644419b4..ca709e651a 100644 --- a/techniques/ios/MASTG-TECH-0079.md +++ b/techniques/ios/MASTG-TECH-0079.md @@ -52,7 +52,7 @@ cp /Users/MAS/Library/Developer/Xcode/DerivedData/apptest-aijwmhfiximgzkhcmnluxr ## Inspecting the Provisioning Profile -Once you've obtained the provisioning profile, you can inspect its contents with the @MASTG-TOOL-0063 command. You'll find the entitlements granted to the app in the profile, along with the allowed certificates and devices. +Once you've obtained the provisioning profile, you can inspect its contents with the @MASTG-TOOL-0063 command. You'll find the entitlements granted to the app in the profile, along with the allowed certificates and devices. ```bash $ security cms -D -i embedded.mobileprovision