From b5a4ef948fa28eb38a652a5c57fcccd911db429a Mon Sep 17 00:00:00 2001 From: Marco Ochse Date: Mon, 25 Sep 2017 21:08:00 +0000 Subject: [PATCH 01/14] play with layout --- {installer => tpot}/bin/backup_es_folders.sh | 0 {installer => tpot}/bin/clean.sh | 0 {installer => tpot}/bin/dps.sh | 0 {installer => tpot}/bin/dump_es.sh | 0 {installer => tpot}/bin/export_kibana-objects.sh | 0 {installer => tpot}/bin/import_kibana-objects.sh | 0 {installer => tpot}/bin/myip.sh | 0 {installer => tpot}/bin/restore_es.sh | 0 {installer => tpot}/bin/updateip.sh | 0 {installer/etc/tpot => tpot/etc}/compose/all.yml | 0 {installer/etc/tpot => tpot/etc}/compose/hp.yml | 0 .../etc/tpot => tpot/etc}/compose/industrial.yml | 0 {installer/etc/tpot => tpot/etc}/compose/tpot.yml | 0 .../etc/tpot => tpot/etc}/curator/actions.yml | 0 .../etc/tpot => tpot/etc}/curator/curator.yml | 0 .../etc/tpot => tpot/etc}/logrotate/logrotate.conf | 0 .../etc/tpot => tpot/etc/objects}/elkbase.tgz | Bin .../tpot => tpot/etc/objects}/kibana-objects.tgz | Bin {installer => tpot/host}/etc/dialogrc | 0 {installer => tpot/host}/etc/issue | 0 {installer => tpot/host}/etc/nginx/nginx.conf | 0 .../host}/etc/nginx/ssl/dhparam4096.pem | 0 {installer => tpot/host}/etc/nginx/ssl/gen-cert.sh | 0 .../host}/etc/nginx/ssl/gen-dhparam.sh | 0 {installer => tpot/host}/etc/nginx/tpotweb.conf | 0 {installer => tpot/host}/etc/rc.local | 0 .../etc/tpot => tpot/host/etc}/systemd/tpot.service | 0 .../tpot => tpot/host/etc}/systemd/wetty.service | 0 {installer => tpot/host}/usr/share/dict/a.txt | 0 {installer => tpot/host}/usr/share/dict/n.txt | 0 {installer => tpot/host}/usr/share/dict/names | 0 .../host}/usr/share/nginx/html/error.html | 0 .../host}/usr/share/nginx/html/favicon.ico | Bin .../host}/usr/share/nginx/html/navbar.html | 0 .../host}/usr/share/nginx/html/style.css | 0 .../host}/usr/share/nginx/html/tpotweb.html | 0 {installer => tpot}/keys/authorized_keys | 0 37 files changed, 0 insertions(+), 0 deletions(-) rename {installer => tpot}/bin/backup_es_folders.sh (100%) rename {installer => tpot}/bin/clean.sh (100%) rename {installer => tpot}/bin/dps.sh (100%) rename {installer => tpot}/bin/dump_es.sh (100%) rename {installer => tpot}/bin/export_kibana-objects.sh (100%) rename {installer => tpot}/bin/import_kibana-objects.sh (100%) rename {installer => tpot}/bin/myip.sh (100%) rename {installer => tpot}/bin/restore_es.sh (100%) rename {installer => tpot}/bin/updateip.sh (100%) rename {installer/etc/tpot => tpot/etc}/compose/all.yml (100%) rename {installer/etc/tpot => tpot/etc}/compose/hp.yml (100%) rename {installer/etc/tpot => tpot/etc}/compose/industrial.yml (100%) rename {installer/etc/tpot => tpot/etc}/compose/tpot.yml (100%) rename {installer/etc/tpot => tpot/etc}/curator/actions.yml (100%) rename {installer/etc/tpot => tpot/etc}/curator/curator.yml (100%) rename {installer/etc/tpot => tpot/etc}/logrotate/logrotate.conf (100%) rename {installer/etc/tpot => tpot/etc/objects}/elkbase.tgz (100%) rename {installer/etc/tpot => tpot/etc/objects}/kibana-objects.tgz (100%) rename {installer => tpot/host}/etc/dialogrc (100%) rename {installer => tpot/host}/etc/issue (100%) rename {installer => tpot/host}/etc/nginx/nginx.conf (100%) rename {installer => tpot/host}/etc/nginx/ssl/dhparam4096.pem (100%) rename {installer => tpot/host}/etc/nginx/ssl/gen-cert.sh (100%) rename {installer => tpot/host}/etc/nginx/ssl/gen-dhparam.sh (100%) rename {installer => tpot/host}/etc/nginx/tpotweb.conf (100%) rename {installer => tpot/host}/etc/rc.local (100%) rename {installer/etc/tpot => tpot/host/etc}/systemd/tpot.service (100%) rename {installer/etc/tpot => tpot/host/etc}/systemd/wetty.service (100%) rename {installer => tpot/host}/usr/share/dict/a.txt (100%) rename {installer => tpot/host}/usr/share/dict/n.txt (100%) rename {installer => tpot/host}/usr/share/dict/names (100%) rename {installer => tpot/host}/usr/share/nginx/html/error.html (100%) rename {installer => tpot/host}/usr/share/nginx/html/favicon.ico (100%) rename {installer => tpot/host}/usr/share/nginx/html/navbar.html (100%) rename {installer => tpot/host}/usr/share/nginx/html/style.css (100%) rename {installer => tpot/host}/usr/share/nginx/html/tpotweb.html (100%) rename {installer => tpot}/keys/authorized_keys (100%) diff --git a/installer/bin/backup_es_folders.sh b/tpot/bin/backup_es_folders.sh similarity index 100% rename from installer/bin/backup_es_folders.sh rename to tpot/bin/backup_es_folders.sh diff --git a/installer/bin/clean.sh b/tpot/bin/clean.sh similarity index 100% rename from installer/bin/clean.sh rename to tpot/bin/clean.sh diff --git a/installer/bin/dps.sh b/tpot/bin/dps.sh similarity index 100% rename from installer/bin/dps.sh rename to tpot/bin/dps.sh diff --git a/installer/bin/dump_es.sh b/tpot/bin/dump_es.sh similarity index 100% rename from installer/bin/dump_es.sh rename to tpot/bin/dump_es.sh diff --git a/installer/bin/export_kibana-objects.sh b/tpot/bin/export_kibana-objects.sh similarity index 100% rename from installer/bin/export_kibana-objects.sh rename to tpot/bin/export_kibana-objects.sh diff --git a/installer/bin/import_kibana-objects.sh b/tpot/bin/import_kibana-objects.sh similarity index 100% rename from installer/bin/import_kibana-objects.sh rename to tpot/bin/import_kibana-objects.sh diff --git a/installer/bin/myip.sh b/tpot/bin/myip.sh similarity index 100% rename from installer/bin/myip.sh rename to tpot/bin/myip.sh diff --git a/installer/bin/restore_es.sh b/tpot/bin/restore_es.sh similarity index 100% rename from installer/bin/restore_es.sh rename to tpot/bin/restore_es.sh diff --git a/installer/bin/updateip.sh b/tpot/bin/updateip.sh similarity index 100% rename from installer/bin/updateip.sh rename to tpot/bin/updateip.sh diff --git a/installer/etc/tpot/compose/all.yml b/tpot/etc/compose/all.yml similarity index 100% rename from installer/etc/tpot/compose/all.yml rename to tpot/etc/compose/all.yml diff --git a/installer/etc/tpot/compose/hp.yml b/tpot/etc/compose/hp.yml similarity index 100% rename from installer/etc/tpot/compose/hp.yml rename to tpot/etc/compose/hp.yml diff --git a/installer/etc/tpot/compose/industrial.yml b/tpot/etc/compose/industrial.yml similarity index 100% rename from installer/etc/tpot/compose/industrial.yml rename to tpot/etc/compose/industrial.yml diff --git a/installer/etc/tpot/compose/tpot.yml b/tpot/etc/compose/tpot.yml similarity index 100% rename from installer/etc/tpot/compose/tpot.yml rename to tpot/etc/compose/tpot.yml diff --git a/installer/etc/tpot/curator/actions.yml b/tpot/etc/curator/actions.yml similarity index 100% rename from installer/etc/tpot/curator/actions.yml rename to tpot/etc/curator/actions.yml diff --git a/installer/etc/tpot/curator/curator.yml b/tpot/etc/curator/curator.yml similarity index 100% rename from installer/etc/tpot/curator/curator.yml rename to tpot/etc/curator/curator.yml diff --git a/installer/etc/tpot/logrotate/logrotate.conf b/tpot/etc/logrotate/logrotate.conf similarity index 100% rename from installer/etc/tpot/logrotate/logrotate.conf rename to tpot/etc/logrotate/logrotate.conf diff --git a/installer/etc/tpot/elkbase.tgz b/tpot/etc/objects/elkbase.tgz similarity index 100% rename from installer/etc/tpot/elkbase.tgz rename to tpot/etc/objects/elkbase.tgz diff --git a/installer/etc/tpot/kibana-objects.tgz b/tpot/etc/objects/kibana-objects.tgz similarity index 100% rename from installer/etc/tpot/kibana-objects.tgz rename to tpot/etc/objects/kibana-objects.tgz diff --git a/installer/etc/dialogrc b/tpot/host/etc/dialogrc similarity index 100% rename from installer/etc/dialogrc rename to tpot/host/etc/dialogrc diff --git a/installer/etc/issue b/tpot/host/etc/issue similarity index 100% rename from installer/etc/issue rename to tpot/host/etc/issue diff --git a/installer/etc/nginx/nginx.conf b/tpot/host/etc/nginx/nginx.conf similarity index 100% rename from installer/etc/nginx/nginx.conf rename to tpot/host/etc/nginx/nginx.conf diff --git a/installer/etc/nginx/ssl/dhparam4096.pem b/tpot/host/etc/nginx/ssl/dhparam4096.pem similarity index 100% rename from installer/etc/nginx/ssl/dhparam4096.pem rename to tpot/host/etc/nginx/ssl/dhparam4096.pem diff --git a/installer/etc/nginx/ssl/gen-cert.sh b/tpot/host/etc/nginx/ssl/gen-cert.sh similarity index 100% rename from installer/etc/nginx/ssl/gen-cert.sh rename to tpot/host/etc/nginx/ssl/gen-cert.sh diff --git a/installer/etc/nginx/ssl/gen-dhparam.sh b/tpot/host/etc/nginx/ssl/gen-dhparam.sh similarity index 100% rename from installer/etc/nginx/ssl/gen-dhparam.sh rename to tpot/host/etc/nginx/ssl/gen-dhparam.sh diff --git a/installer/etc/nginx/tpotweb.conf b/tpot/host/etc/nginx/tpotweb.conf similarity index 100% rename from installer/etc/nginx/tpotweb.conf rename to tpot/host/etc/nginx/tpotweb.conf diff --git a/installer/etc/rc.local b/tpot/host/etc/rc.local similarity index 100% rename from installer/etc/rc.local rename to tpot/host/etc/rc.local diff --git a/installer/etc/tpot/systemd/tpot.service b/tpot/host/etc/systemd/tpot.service similarity index 100% rename from installer/etc/tpot/systemd/tpot.service rename to tpot/host/etc/systemd/tpot.service diff --git a/installer/etc/tpot/systemd/wetty.service b/tpot/host/etc/systemd/wetty.service similarity index 100% rename from installer/etc/tpot/systemd/wetty.service rename to tpot/host/etc/systemd/wetty.service diff --git a/installer/usr/share/dict/a.txt b/tpot/host/usr/share/dict/a.txt similarity index 100% rename from installer/usr/share/dict/a.txt rename to tpot/host/usr/share/dict/a.txt diff --git a/installer/usr/share/dict/n.txt b/tpot/host/usr/share/dict/n.txt similarity index 100% rename from installer/usr/share/dict/n.txt rename to tpot/host/usr/share/dict/n.txt diff --git a/installer/usr/share/dict/names b/tpot/host/usr/share/dict/names similarity index 100% rename from installer/usr/share/dict/names rename to tpot/host/usr/share/dict/names diff --git a/installer/usr/share/nginx/html/error.html b/tpot/host/usr/share/nginx/html/error.html similarity index 100% rename from installer/usr/share/nginx/html/error.html rename to tpot/host/usr/share/nginx/html/error.html diff --git a/installer/usr/share/nginx/html/favicon.ico b/tpot/host/usr/share/nginx/html/favicon.ico similarity index 100% rename from installer/usr/share/nginx/html/favicon.ico rename to tpot/host/usr/share/nginx/html/favicon.ico diff --git a/installer/usr/share/nginx/html/navbar.html b/tpot/host/usr/share/nginx/html/navbar.html similarity index 100% rename from installer/usr/share/nginx/html/navbar.html rename to tpot/host/usr/share/nginx/html/navbar.html diff --git a/installer/usr/share/nginx/html/style.css b/tpot/host/usr/share/nginx/html/style.css similarity index 100% rename from installer/usr/share/nginx/html/style.css rename to tpot/host/usr/share/nginx/html/style.css diff --git a/installer/usr/share/nginx/html/tpotweb.html b/tpot/host/usr/share/nginx/html/tpotweb.html similarity index 100% rename from installer/usr/share/nginx/html/tpotweb.html rename to tpot/host/usr/share/nginx/html/tpotweb.html diff --git a/installer/keys/authorized_keys b/tpot/keys/authorized_keys similarity index 100% rename from installer/keys/authorized_keys rename to tpot/keys/authorized_keys From 1347eac88fd7d95b78b377a0b9d10c05b90c2473 Mon Sep 17 00:00:00 2001 From: Marco Ochse Date: Tue, 26 Sep 2017 15:15:17 +0000 Subject: [PATCH 02/14] update scripts to new file layout iso will not include tpot repo tpot repo will be cloned during install as all the other tools --- bin/backup_es_folders.sh | 38 + bin/clean.sh | 219 ++ bin/dps.sh | 71 + bin/dump_es.sh | 45 + bin/export_kibana-objects.sh | 77 + bin/import_kibana-objects.sh | 91 + bin/myip.sh | 88 + bin/restore_es.sh | 61 + bin/updateip.sh | 24 + etc/compose/all.yml | 313 ++ etc/compose/hp.yml | 156 + etc/compose/industrial.yml | 176 + etc/compose/tpot.yml | 283 ++ etc/curator/actions.yml | 26 + etc/curator/curator.yml | 21 + etc/logrotate/logrotate.conf | 38 + etc/objects/elkbase.tgz | Bin 0 -> 139574 bytes etc/objects/kibana-objects.tgz | Bin 0 -> 29381 bytes host/etc/dialogrc | 144 + host/etc/issue | 20 + host/etc/nginx/nginx.conf | 96 + host/etc/nginx/ssl/dhparam4096.pem | 13 + host/etc/nginx/ssl/gen-cert.sh | 12 + host/etc/nginx/ssl/gen-dhparam.sh | 16 + host/etc/nginx/tpotweb.conf | 155 + host/etc/rc.local | 2 + host/etc/systemd/tpot.service | 57 + host/etc/systemd/wetty.service | 13 + host/usr/share/dict/a.txt | 1466 ++++++++ host/usr/share/dict/n.txt | 4401 ++++++++++++++++++++++++ host/usr/share/dict/names | 3947 +++++++++++++++++++++ host/usr/share/nginx/html/error.html | 0 host/usr/share/nginx/html/favicon.ico | Bin 0 -> 805 bytes host/usr/share/nginx/html/navbar.html | 21 + host/usr/share/nginx/html/style.css | 17 + host/usr/share/nginx/html/tpotweb.html | 15 + iso/installer/dialogrc | 144 + iso/installer/install.sh | 509 +++ iso/installer/keys/authorized_keys | 1 + iso/installer/rc.local.install | 2 + iso/isolinux/txt.cfg | 7 + iso/preseed/tpot.seed | 125 + makeiso.sh | 26 +- 43 files changed, 12923 insertions(+), 13 deletions(-) create mode 100755 bin/backup_es_folders.sh create mode 100755 bin/clean.sh create mode 100755 bin/dps.sh create mode 100755 bin/dump_es.sh create mode 100755 bin/export_kibana-objects.sh create mode 100755 bin/import_kibana-objects.sh create mode 100755 bin/myip.sh create mode 100755 bin/restore_es.sh create mode 100755 bin/updateip.sh create mode 100644 etc/compose/all.yml create mode 100644 etc/compose/hp.yml create mode 100644 etc/compose/industrial.yml create mode 100644 etc/compose/tpot.yml create mode 100644 etc/curator/actions.yml create mode 100644 etc/curator/curator.yml create mode 100644 etc/logrotate/logrotate.conf create mode 100644 etc/objects/elkbase.tgz create mode 100644 etc/objects/kibana-objects.tgz create mode 100644 host/etc/dialogrc create mode 100644 host/etc/issue create mode 100644 host/etc/nginx/nginx.conf create mode 100644 host/etc/nginx/ssl/dhparam4096.pem create mode 100644 host/etc/nginx/ssl/gen-cert.sh create mode 100644 host/etc/nginx/ssl/gen-dhparam.sh create mode 100644 host/etc/nginx/tpotweb.conf create mode 100755 host/etc/rc.local create mode 100644 host/etc/systemd/tpot.service create mode 100644 host/etc/systemd/wetty.service create mode 100644 host/usr/share/dict/a.txt create mode 100644 host/usr/share/dict/n.txt create mode 100644 host/usr/share/dict/names create mode 100644 host/usr/share/nginx/html/error.html create mode 100644 host/usr/share/nginx/html/favicon.ico create mode 100644 host/usr/share/nginx/html/navbar.html create mode 100644 host/usr/share/nginx/html/style.css create mode 100644 host/usr/share/nginx/html/tpotweb.html create mode 100644 iso/installer/dialogrc create mode 100755 iso/installer/install.sh create mode 100644 iso/installer/keys/authorized_keys create mode 100755 iso/installer/rc.local.install create mode 100755 iso/isolinux/txt.cfg create mode 100755 iso/preseed/tpot.seed diff --git a/bin/backup_es_folders.sh b/bin/backup_es_folders.sh new file mode 100755 index 00000000..32409e0b --- /dev/null +++ b/bin/backup_es_folders.sh @@ -0,0 +1,38 @@ +#!/bin/bash +# Backup all ES relevant folders +# Make sure ES is available +myES="http://127.0.0.1:64298/" +myESSTATUS=$(curl -s -XGET ''$myES'_cluster/health' | jq '.' | grep -c green) +if ! [ "$myESSTATUS" = "1" ] + then + echo "### Elasticsearch is not available, try starting via 'systemctl start elk'." + exit + else + echo "### Elasticsearch is available, now continuing." + echo +fi + +# Set vars +myCOUNT=1 +myDATE=$(date +%Y%m%d%H%M) +myELKPATH="/data/elk/data" +myKIBANAINDEXNAME=$(curl -s -XGET ''$myES'_cat/indices/' | grep .kibana | awk '{ print $4 }') +myKIBANAINDEXPATH=$myELKPATH/nodes/0/indices/$myKIBANAINDEXNAME + +# Let's ensure normal operation on exit or if interrupted ... +function fuCLEANUP { + ### Start ELK + systemctl start tpot + echo "### Now starting T-Pot ..." +} +trap fuCLEANUP EXIT + +# Stop T-Pot to lift db lock +echo "### Now stopping T-Pot" +systemctl stop tpot +sleep 2 + +# Backup DB in 2 flavors +echo "### Now backing up Elasticsearch folders ..." +tar cvfz "elkall_"$myDATE".tgz" $myELKPATH +tar cvfz "elkbase_"$myDATE".tgz" $myKIBANAINDEXPATH diff --git a/bin/clean.sh b/bin/clean.sh new file mode 100755 index 00000000..44c805f9 --- /dev/null +++ b/bin/clean.sh @@ -0,0 +1,219 @@ +#!/bin/bash +# T-Pot Container Data Cleaner & Log Rotator + +# Set colors +myRED="" +myGREEN="" +myWHITE="" + +# Set persistence +myPERSISTENCE=$1 + +# Let's create a function to check if folder is empty +fuEMPTY () { + local myFOLDER=$1 + +echo $(ls $myFOLDER | wc -l) +} + +# Let's create a function to rotate and compress logs +fuLOGROTATE () { + local mySTATUS="/opt/tpot/etc/logrotate/status" + local myCONF="/opt/tpot/etc/logrotate/logrotate.conf" + local myCOWRIETTYLOGS="/data/cowrie/log/tty/" + local myCOWRIETTYTGZ="/data/cowrie/log/ttylogs.tgz" + local myCOWRIEDL="/data/cowrie/downloads/" + local myCOWRIEDLTGZ="/data/cowrie/downloads.tgz" + local myDIONAEABI="/data/dionaea/bistreams/" + local myDIONAEABITGZ="/data/dionaea/bistreams.tgz" + local myDIONAEABIN="/data/dionaea/binaries/" + local myDIONAEABINTGZ="/data/dionaea/binaries.tgz" + local myHONEYTRAPATTACKS="/data/honeytrap/attacks/" + local myHONEYTRAPATTACKSTGZ="/data/honeytrap/attacks.tgz" + local myHONEYTRAPDL="/data/honeytrap/downloads/" + local myHONEYTRAPDLTGZ="/data/honeytrap/downloads.tgz" + +# Ensure correct permissions and ownerships for logrotate to run without issues +chmod 760 /data/ -R +chown tpot:tpot /data -R + +# Run logrotate with force (-f) first, so the status file can be written and race conditions (with tar) be avoided +logrotate -f -s $mySTATUS $myCONF + +# Compressing some folders first and rotate them later +if [ "$(fuEMPTY $myCOWRIETTYLOGS)" != "0" ]; then tar cvfz $myCOWRIETTYTGZ $myCOWRIETTYLOGS; fi +if [ "$(fuEMPTY $myCOWRIEDL)" != "0" ]; then tar cvfz $myCOWRIEDLTGZ $myCOWRIEDL; fi +if [ "$(fuEMPTY $myDIONAEABI)" != "0" ]; then tar cvfz $myDIONAEABITGZ $myDIONAEABI; fi +if [ "$(fuEMPTY $myDIONAEABIN)" != "0" ]; then tar cvfz $myDIONAEABINTGZ $myDIONAEABIN; fi +if [ "$(fuEMPTY $myHONEYTRAPATTACKS)" != "0" ]; then tar cvfz $myHONEYTRAPATTACKSTGZ $myHONEYTRAPATTACKS; fi +if [ "$(fuEMPTY $myHONEYTRAPDL)" != "0" ]; then tar cvfz $myHONEYTRAPDLTGZ $myHONEYTRAPDL; fi + +# Ensure correct permissions and ownership for previously created archives +chmod 760 $myCOWRIETTYTGZ $myCOWRIEDLTGZ $myDIONAEABITGZ $myDIONAEABINTGZ $myHONEYTRAPATTACKSTGZ $myHONEYTRAPDLTGZ +chown tpot:tpot $myCOWRIETTYTGZ $myCOWRIEDLTGZ $myDIONAEABITGZ $myDIONAEABINTGZ $myHONEYTRAPATTACKSTGZ $myHONEYTRAPDLTGZ + +# Need to remove subfolders since too many files cause rm to exit with errors +rm -rf $myCOWRIETTYLOGS $myCOWRIEDL $myDIONAEABI $myDIONAEABIN $myHONEYTRAPATTACKS $myHONEYTRAPDL + +# Recreate subfolders with correct permissions and ownership +mkdir -p $myCOWRIETTYLOGS $myCOWRIEDL $myDIONAEABI $myDIONAEABIN $myHONEYTRAPATTACKS $myHONEYTRAPDL +chmod 760 $myCOWRIETTYLOGS $myCOWRIEDL $myDIONAEABI $myDIONAEABIN $myHONEYTRAPATTACKS $myHONEYTRAPDL +chown tpot:tpot $myCOWRIETTYLOGS $myCOWRIEDL $myDIONAEABI $myDIONAEABIN $myHONEYTRAPATTACKS $myHONEYTRAPDL + +# Run logrotate again to account for previously created archives - DO NOT FORCE HERE! +logrotate -s $mySTATUS $myCONF +} + +# Let's create a function to clean up and prepare conpot data +fuCONPOT () { + if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/conpot/*; fi + mkdir -p /data/conpot/log + chmod 760 /data/conpot -R + chown tpot:tpot /data/conpot -R +} + +# Let's create a function to clean up and prepare cowrie data +fuCOWRIE () { + if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/cowrie/*; fi + mkdir -p /data/cowrie/log/tty/ /data/cowrie/downloads/ /data/cowrie/keys/ /data/cowrie/misc/ + chmod 760 /data/cowrie -R + chown tpot:tpot /data/cowrie -R +} + +# Let's create a function to clean up and prepare dionaea data +fuDIONAEA () { + if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/dionaea/*; fi + mkdir -p /data/dionaea/log /data/dionaea/bistreams /data/dionaea/binaries /data/dionaea/rtp /data/dionaea/roots/ftp /data/dionaea/roots/tftp /data/dionaea/roots/www /data/dionaea/roots/upnp + chmod 760 /data/dionaea -R + chown tpot:tpot /data/dionaea -R +} + +# Let's create a function to clean up and prepare elasticpot data +fuELASTICPOT () { + if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/elasticpot/*; fi + mkdir -p /data/elasticpot/log + chmod 760 /data/elasticpot -R + chown tpot:tpot /data/elasticpot -R +} + +# Let's create a function to clean up and prepare elk data +fuELK () { + # ELK data will be kept for <= 90 days, check /etc/crontab for curator modification + # ELK daemon log files will be removed + if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/elk/log/*; fi + mkdir -p /data/elk + chmod 760 /data/elk -R + chown tpot:tpot /data/elk -R +} + +# Let's create a function to clean up and prepare emobility data +fuEMOBILITY () { + if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/emobility/*; fi + mkdir -p /data/emobility/log + chmod 760 /data/emobility -R + chown tpot:tpot /data/emobility -R +} + +# Let's create a function to clean up and prepare glastopf data +fuGLASTOPF () { + if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/glastopf/*; fi + mkdir -p /data/glastopf + chmod 760 /data/glastopf -R + chown tpot:tpot /data/glastopf -R +} + +# Let's create a function to clean up and prepare honeytrap data +fuHONEYTRAP () { + if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/honeytrap/*; fi + mkdir -p /data/honeytrap/log/ /data/honeytrap/attacks/ /data/honeytrap/downloads/ + chmod 760 /data/honeytrap/ -R + chown tpot:tpot /data/honeytrap/ -R +} + +# Let's create a function to clean up and prepare mailoney data +fuMAILONEY () { + if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/mailoney/*; fi + mkdir -p /data/mailoney/log/ + chmod 760 /data/mailoney/ -R + chown tpot:tpot /data/mailoney/ -R +} + +# Let's create a function to clean up and prepare rdpy data +fuRDPY () { + if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/rdpy/*; fi + mkdir -p /data/rdpy/log/ + chmod 760 /data/rdpy/ -R + chown tpot:tpot /data/rdpy/ -R +} + +# Let's create a function to prepare spiderfoot db +fuSPIDERFOOT () { + mkdir -p /data/spiderfoot + touch /data/spiderfoot/spiderfoot.db + chmod 760 -R /data/spiderfoot + chown tpot:tpot -R /data/spiderfoot +} + +# Let's create a function to clean up and prepare suricata data +fuSURICATA () { + if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/suricata/*; fi + mkdir -p /data/suricata/log + chmod 760 -R /data/suricata + chown tpot:tpot -R /data/suricata +} + +# Let's create a function to clean up and prepare p0f data +fuP0F () { + if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/p0f/*; fi + mkdir -p /data/p0f/log + chmod 760 -R /data/p0f + chown tpot:tpot -R /data/p0f +} + +# Let's create a function to clean up and prepare vnclowpot data +fuVNCLOWPOT () { + if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/vnclowpot/*; fi + mkdir -p /data/vnclowpot/log/ + chmod 760 /data/vnclowpot/ -R + chown tpot:tpot /data/vnclowpot/ -R +} + + +# Avoid unwanted cleaning +if [ "$myPERSISTENCE" = "" ]; + then + echo $myRED"!!! WARNING !!! - This will delete ALL honeypot logs. "$myWHITE + while [ "$myQST" != "y" ] && [ "$myQST" != "n" ]; + do + read -p "Continue? (y/n) " myQST + done + if [ "$myQST" = "n" ]; + then + echo $myGREEN"Puuh! That was close! Aborting!"$myWHITE + exit + fi +fi + +# Check persistence, if enabled compress and rotate logs +if [ "$myPERSISTENCE" = "on" ]; + then + echo "Persistence enabled, now rotating and compressing logs." + fuLOGROTATE + else + echo "Cleaning up and preparing data folders." + fuCONPOT + fuCOWRIE + fuDIONAEA + fuELASTICPOT + fuELK + fuEMOBILITY + fuGLASTOPF + fuHONEYTRAP + fuMAILONEY + fuRDPY + fuSPIDERFOOT + fuSURICATA + fuP0F + fuVNCLOWPOT + fi + diff --git a/bin/dps.sh b/bin/dps.sh new file mode 100755 index 00000000..8de11cba --- /dev/null +++ b/bin/dps.sh @@ -0,0 +1,71 @@ +#/bin/bash +# Show current status of all running containers +myPARAM="$1" +myIMAGES="$(cat /opt/tpot/etc/tpot.yml | grep -v '#' | grep container_name | cut -d: -f2)" +myRED="" +myGREEN="" +myBLUE="" +myWHITE="" +myMAGENTA="" + +function fuCONTAINERSTATUS { +local myNAME="$1" +local mySTATUS="$(/usr/bin/docker ps -f name=$myNAME --format "table {{.Status}}" -f status=running -f status=exited | tail -n 1)" +myDOWN="$(echo "$mySTATUS" | grep -o -E "(STATUS|NAMES|Exited)")" + +case "$myDOWN" in + STATUS) + mySTATUS="$myRED"DOWN"$myWHITE" + ;; + NAMES) + mySTATUS="$myRED"DOWN"$myWHITE" + ;; + Exited) + mySTATUS="$myRED$mySTATUS$myWHITE" + ;; + *) + mySTATUS="$myGREEN$mySTATUS$myWHITE" + ;; +esac + +printf "$mySTATUS" +} + +function fuCONTAINERPORTS { +local myNAME="$1" +local myPORTS="$(/usr/bin/docker ps -f name=$myNAME --format "table {{.Ports}}" -f status=running -f status=exited | tail -n 1 | sed s/","/",\n\t\t\t\t\t\t\t"/g)" + +if [ "$myPORTS" != "PORTS" ]; + then + printf "$myBLUE$myPORTS$myWHITE" +fi +} + +function fuGETSYS { +printf "========| System |========\n" +printf "%+10s %-20s\n" "Date: " "$(date)" +printf "%+10s %-20s\n" "Uptime: " "$(uptime | cut -b 2-)" +printf "%+10s %-20s\n" "CPU temp: " "$(sensors | grep 'Physical' | awk '{ print $4" " }' | tr -d [:cntrl:])" +echo +} + +while true + do + fuGETSYS + printf "%-19s %-36s %s\n" "NAME" "STATUS" "PORTS" + for i in $myIMAGES; do + myNAME="$myMAGENTA$i$myWHITE" + printf "%-32s %-49s %s" "$myNAME" "$(fuCONTAINERSTATUS $i)" "$(fuCONTAINERPORTS $i)" + echo + if [ "$myPARAM" = "vv" ]; + then + /usr/bin/docker exec -t "$i" /bin/ps awfuwfxwf | egrep -v -E "awfuwfxwf|/bin/ps" + fi + done + if [[ $myPARAM =~ ^([1-9]|[1-9][0-9]|[1-9][0-9][0-9])$ ]]; + then + sleep "$myPARAM" + else + break + fi +done diff --git a/bin/dump_es.sh b/bin/dump_es.sh new file mode 100755 index 00000000..d496a98e --- /dev/null +++ b/bin/dump_es.sh @@ -0,0 +1,45 @@ +#/bin/bash +# Dump all ES data +# Make sure ES is available +myES="http://127.0.0.1:64298/" +myESSTATUS=$(curl -s -XGET ''$myES'_cluster/health' | jq '.' | grep -c green) +if ! [ "$myESSTATUS" = "1" ] + then + echo "### Elasticsearch is not available, try starting via 'systemctl start elk'." + exit + else + echo "### Elasticsearch is available, now continuing." + echo +fi + +# Let's ensure normal operation on exit or if interrupted ... +function fuCLEANUP { + rm -rf tmp +} +trap fuCLEANUP EXIT + +# Set vars +myDATE=$(date +%Y%m%d%H%M) +myINDICES=$(curl -s -XGET ''$myES'_cat/indices/' | grep logstash | awk '{ print $3 }' | sort | grep -v 1970) +myES="http://127.0.0.1:64298/" +myCOL1="" +myCOL0="" + +# Dumping all ES data +echo $myCOL1"### The following indices will be dumped: "$myCOL0 +echo $myINDICES +echo + +mkdir tmp +for i in $myINDICES; + do + echo $myCOL1"### Now dumping: "$i $myCOL0 + elasticdump --input=$myES$i --output="tmp/"$i --limit 7500 + echo $myCOL1"### Now compressing: tmp/$i" $myCOL0 + gzip -f "tmp/"$i + done; + +# Build tar archive +echo $myCOL1"### Now building tar archive: es_dump_"$myDATE".tgz" $myCOL0 +tar cvf es_dump_$myDATE.tar tmp/* +echo $myCOL1"### Done."$myCOL0 diff --git a/bin/export_kibana-objects.sh b/bin/export_kibana-objects.sh new file mode 100755 index 00000000..a48b9011 --- /dev/null +++ b/bin/export_kibana-objects.sh @@ -0,0 +1,77 @@ +#!/bin/bash +# Export all Kibana objects +# Make sure ES is available +myES="http://127.0.0.1:64298/" +myESSTATUS=$(curl -s -XGET ''$myES'_cluster/health' | jq '.' | grep -c green) +if ! [ "$myESSTATUS" = "1" ] + then + echo "### Elasticsearch is not available, try starting via 'systemctl start elk'." + exit + else + echo "### Elasticsearch is available, now continuing." + echo +fi + +# Set vars +myDATE=$(date +%Y%m%d%H%M) +myINDEXCOUNT=$(curl -s -XGET ''$myES'.kibana/index-pattern/logstash-*' | tr '\\' '\n' | grep "scripted" | wc -w) +myDASHBOARDS=$(curl -s -XGET ''$myES'.kibana/dashboard/_search?filter_path=hits.hits._id&pretty&size=10000' | jq '.hits.hits[] | {_id}' | jq -r '._id') +myVISUALIZATIONS=$(curl -s -XGET ''$myES'.kibana/visualization/_search?filter_path=hits.hits._id&pretty&size=10000' | jq '.hits.hits[] | {_id}' | jq -r '._id') +mySEARCHES=$(curl -s -XGET ''$myES'.kibana/search/_search?filter_path=hits.hits._id&pretty&size=10000' | jq '.hits.hits[] | {_id}' | jq -r '._id') +myCOL1="" +myCOL0="" + +# Let's ensure normal operation on exit or if interrupted ... +function fuCLEANUP { + rm -rf patterns/ dashboards/ visualizations/ searches/ +} +trap fuCLEANUP EXIT + +# Export index patterns +mkdir -p patterns +echo $myCOL1"### Now exporting"$myCOL0 $myINDEXCOUNT $myCOL1"index patterns." $myCOL0 +curl -s -XGET ''$myES'.kibana/index-pattern/logstash-*?' | jq '._source' > patterns/index-patterns.json +echo + +# Export dashboards +mkdir -p dashboards +echo $myCOL1"### Now exporting"$myCOL0 $(echo $myDASHBOARDS | wc -w) $myCOL1"dashboards." $myCOL0 +for i in $myDASHBOARDS; + do + echo $myCOL1"###### "$i $myCOL0 + curl -s -XGET ''$myES'.kibana/dashboard/'$i'' | jq '._source' > dashboards/$i.json + done; +echo + +# Export visualizations +mkdir -p visualizations +echo $myCOL1"### Now exporting"$myCOL0 $(echo $myVISUALIZATIONS | wc -w) $myCOL1"visualizations." $myCOL0 +for i in $myVISUALIZATIONS; + do + echo $myCOL1"###### "$i $myCOL0 + curl -s -XGET ''$myES'.kibana/visualization/'$i'' | jq '._source' > visualizations/$i.json + done; +echo + +# Export searches +mkdir -p searches +echo $myCOL1"### Now exporting"$myCOL0 $(echo $mySEARCHES | wc -w) $myCOL1"searches." $myCOL0 +for i in $mySEARCHES; + do + echo $myCOL1"###### "$i $myCOL0 + curl -s -XGET ''$myES'.kibana/search/'$i'' | jq '._source' > searches/$i.json + done; +echo + +# Building tar archive +echo $myCOL1"### Now building archive"$myCOL0 "kibana-objects_"$myDATE".tgz" +tar cvfz kibana-objects_$myDATE.tgz patterns dashboards visualizations searches > /dev/null + +# Stats +echo +echo $myCOL1"### Statistics" +echo $myCOL1"###### Exported"$myCOL0 $myINDEXCOUNT $myCOL1"index patterns." $myCOL0 +echo $myCOL1"###### Exported"$myCOL0 $(echo $myDASHBOARDS | wc -w) $myCOL1"dashboards." $myCOL0 +echo $myCOL1"###### Exported"$myCOL0 $(echo $myVISUALIZATIONS | wc -w) $myCOL1"visualizations." $myCOL0 +echo $myCOL1"###### Exported"$myCOL0 $(echo $mySEARCHES | wc -w) $myCOL1"searches." $myCOL0 +echo diff --git a/bin/import_kibana-objects.sh b/bin/import_kibana-objects.sh new file mode 100755 index 00000000..2ae37e6a --- /dev/null +++ b/bin/import_kibana-objects.sh @@ -0,0 +1,91 @@ +#!/bin/bash +# Import Kibana objects +# Make sure ES is available +myES="http://127.0.0.1:64298/" +myESSTATUS=$(curl -s -XGET ''$myES'_cluster/health' | jq '.' | grep -c green) +if ! [ "$myESSTATUS" = "1" ] + then + echo "### Elasticsearch is not available, try starting via 'systemctl start elk'." + exit + else + echo "### Elasticsearch is available, now continuing." + echo +fi + +# Set vars +myDUMP=$1 +myCOL1="" +myCOL0="" + +# Let's ensure normal operation on exit or if interrupted ... +function fuCLEANUP { + rm -rf patterns/ dashboards/ visualizations/ searches/ +} +trap fuCLEANUP EXIT + +# Check if parameter is given and file exists +if [ "$myDUMP" = "" ]; + then + echo $myCOL1"### Please provide a backup file name."$myCOL0 + echo $myCOL1"### restore-kibana-objects.sh "$myCOL0 + echo + exit +fi +if ! [ -a $myDUMP ]; + then + echo $myCOL1"### File not found."$myCOL0 + exit +fi + +# Unpack tar +tar xvfz $myDUMP > /dev/null + +# Restore index patterns +myINDEXCOUNT=$(cat patterns/index-patterns.json | tr '\\' '\n' | grep "scripted" | wc -w) +echo $myCOL1"### Now importing"$myCOL0 $myINDEXCOUNT $myCOL1"index patterns." $myCOL0 +curl -s -XDELETE ''$myES'.kibana/index-pattern/logstash-*' > /dev/null +curl -s -XPUT ''$myES'.kibana/index-pattern/logstash-*' -T patterns/index-patterns.json > /dev/null +echo + +# Restore dashboards +myDASHBOARDS=$(ls dashboards/*.json | cut -c 12- | rev | cut -c 6- | rev) +echo $myCOL1"### Now importing "$myCOL0$(echo $myDASHBOARDS | wc -w)$myCOL1 "dashboards." $myCOL0 +for i in $myDASHBOARDS; + do + echo $myCOL1"###### "$i $myCOL0 + curl -s -XDELETE ''$myES'.kibana/dashboard/'$i'' > /dev/null + curl -s -XPUT ''$myES'.kibana/dashboard/'$i'' -T dashboards/$i.json > /dev/null + done; +echo + +# Restore visualizations +myVISUALIZATIONS=$(ls visualizations/*.json | cut -c 16- | rev | cut -c 6- | rev) +echo $myCOL1"### Now importing "$myCOL0$(echo $myVISUALIZATIONS | wc -w)$myCOL1 "visualizations." $myCOL0 +for i in $myVISUALIZATIONS; + do + echo $myCOL1"###### "$i $myCOL0 + curl -s -XDELETE ''$myES'.kibana/visualization/'$i'' > /dev/null + curl -s -XPUT ''$myES'.kibana/visualization/'$i'' -T visualizations/$i.json > /dev/null + done; +echo + +# Restore searches +mySEARCHES=$(ls searches/*.json | cut -c 10- | rev | cut -c 6- | rev) +echo $myCOL1"### Now importing "$myCOL0$(echo $mySEARCHES | wc -w)$myCOL1 "searches." $myCOL0 +for i in $mySEARCHES; + do + echo $myCOL1"###### "$i $myCOL0 + curl -s -XDELETE ''$myES'.kibana/search/'$i'' > /dev/null + curl -s -XPUT ''$myES'.kibana/search/'$i'' -T searches/$i.json > /dev/null + done; +echo + +# Stats +echo +echo $myCOL1"### Statistics" +echo $myCOL1"###### Imported"$myCOL0 $myINDEXCOUNT $myCOL1"index patterns." $myCOL0 +echo $myCOL1"###### Imported"$myCOL0 $(echo $myDASHBOARDS | wc -w) $myCOL1"dashboards." $myCOL0 +echo $myCOL1"###### Imported"$myCOL0 $(echo $myVISUALIZATIONS | wc -w) $myCOL1"visualizations." $myCOL0 +echo $myCOL1"###### Imported"$myCOL0 $(echo $mySEARCHES | wc -w) $myCOL1"searches." $myCOL0 +echo + diff --git a/bin/myip.sh b/bin/myip.sh new file mode 100755 index 00000000..86a9114e --- /dev/null +++ b/bin/myip.sh @@ -0,0 +1,88 @@ +#!/bin/bash + +## Get my external IP + +timeout=2 # seconds to wait for a reply before trying next server +verbose=1 # prints which server was used to STDERR + +dnslist=( + "dig +short myip.opendns.com @resolver1.opendns.com" + "dig +short myip.opendns.com @resolver2.opendns.com" + "dig +short myip.opendns.com @resolver3.opendns.com" + "dig +short myip.opendns.com @resolver4.opendns.com" + "dig +short -4 -t a whoami.akamai.net @ns1-1.akamaitech.net" + "dig +short whoami.akamai.net @ns1-1.akamaitech.net" +) + +httplist=( + alma.ch/myip.cgi + api.infoip.io/ip + api.ipify.org + bot.whatismyipaddress.com + canhazip.com + checkip.amazonaws.com + eth0.me + icanhazip.com + ident.me + ipecho.net/plain + ipinfo.io/ip + ipof.in/txt + ip.tyk.nu + l2.io/ip + smart-ip.net/myip + wgetip.com + whatismyip.akamai.com +) + +# function to shuffle the global array "array" +shuffle() { + local i tmp size max rand + size=${#array[*]} + max=$(( 32768 / size * size )) + for ((i=size-1; i>0; i--)); do + while (( (rand=$RANDOM) >= max )); do :; done + rand=$(( rand % (i+1) )) + tmp=${array[i]} array[i]=${array[rand]} array[rand]=$tmp + done +} + +# if we have dig and a list of dns methods, try that first +if hash dig 2>/dev/null && [ ${#dnslist[*]} -gt 0 ]; then + eval array=( \"\${dnslist[@]}\" ) + shuffle + + for cmd in "${array[@]}"; do + [ "$verbose" == 1 ] && echo Trying: $cmd 1>&2 + ip=$(timeout $timeout $cmd) + if [ -n "$ip" ]; then + echo $ip + exit + fi + done +fi + +# if we haven't succeeded with DNS, try HTTP +if [ ${#httplist[*]} == 0 ]; then + echo "No hosts in httplist array!" >&2 + exit 1 +fi + +# use curl or wget, depending on which one we find +curl_or_wget=$(if hash curl 2>/dev/null; then echo curl; elif hash wget 2>/dev/null; then echo "wget -qO-"; fi); + +if [ -z "$curl_or_wget" ]; then + echo "Neither curl nor wget found. Cannot use http method." >&2 + exit 1 +fi + +eval array=( \"\${httplist[@]}\" ) +shuffle + +for url in "${array[@]}"; do + [ "$verbose" == 1 ] && echo Trying: $curl_or_wget -s "$url" 1>&2 + ip=$(timeout $timeout $curl_or_wget -s "$url") + if [ -n "$ip" ]; then + echo $ip + exit + fi +done diff --git a/bin/restore_es.sh b/bin/restore_es.sh new file mode 100755 index 00000000..506a5c8c --- /dev/null +++ b/bin/restore_es.sh @@ -0,0 +1,61 @@ +#/bin/bash +# Restore folder based ES backup +# Make sure ES is available +myES="http://127.0.0.1:64298/" +myESSTATUS=$(curl -s -XGET ''$myES'_cluster/health' | jq '.' | grep -c green) +if ! [ "$myESSTATUS" = "1" ] + then + echo "### Elasticsearch is not available, try starting via 'systemctl start elk'." + exit + else + echo "### Elasticsearch is available, now continuing." +fi + +# Let's ensure normal operation on exit or if interrupted ... +function fuCLEANUP { + rm -rf tmp +} +trap fuCLEANUP EXIT + +# Set vars +myDUMP=$1 +myCOL1="" +myCOL0="" + +# Check if parameter is given and file exists +if [ "$myDUMP" = "" ]; + then + echo $myCOL1"### Please provide a backup file name."$myCOL0 + echo $myCOL1"### restore-elk.sh "$myCOL0 + echo + exit +fi +if ! [ -a $myDUMP ]; + then + echo $myCOL1"### File not found."$myCOL0 + exit +fi + +# Unpack tar archive +echo $myCOL1"### Now unpacking tar archive: "$myDUMP $myCOL0 +tar xvf $myDUMP + +# Build indices list +myINDICES=$(ls tmp/logstash*.gz | cut -c 5- | rev | cut -c 4- | rev) +echo $myCOL1"### The following indices will be restored: "$myCOL0 +echo $myINDICES +echo + +# Restore indices +for i in $myINDICES; + do + # Delete index if it already exists + curl -s -XDELETE $myES$i > /dev/null + echo $myCOL1"### Now uncompressing: tmp/$i.gz" $myCOL0 + gunzip -f tmp/$i.gz + # Restore index to ES + echo $myCOL1"### Now restoring: "$i $myCOL0 + elasticdump --input=tmp/$i --output=$myES$i --limit 7500 + rm tmp/$i + done; +echo $myCOL1"### Done."$myCOL0 diff --git a/bin/updateip.sh b/bin/updateip.sh new file mode 100755 index 00000000..fb9ff9cd --- /dev/null +++ b/bin/updateip.sh @@ -0,0 +1,24 @@ +#!/bin/bash +# Let's add the first local ip to the /etc/issue and external ip to ews.ip file +# If the external IP cannot be detected, the internal IP will be inherited. +source /etc/environment +myLOCALIP=$(hostname -I | awk '{ print $1 }') +myEXTIP=$(/opt/tpot/bin/myip.sh) +if [ "$myEXTIP" = "" ]; + then + myEXTIP=$myLOCALIP +fi +sed -i "s#IP:.*#IP: $myLOCALIP ($myEXTIP)#" /etc/issue +sed -i "s#SSH:.*#SSH: ssh -l tsec -p 64295 $myLOCALIP#" /etc/issue +sed -i "s#WEB:.*#WEB: https://$myLOCALIP:64297#" /etc/issue +tee /data/ews/conf/ews.ip << EOF +[MAIN] +ip = $myEXTIP +EOF +tee /opt/tpot/etc/compose/elk_environment << EOF +MY_EXTIP=$myEXTIP +MY_INTIP=$myLOCALIP +MY_HOSTNAME=$HOSTNAME +EOF +chown tpot:tpot /data/ews/conf/ews.ip +chmod 760 /data/ews/conf/ews.ip diff --git a/etc/compose/all.yml b/etc/compose/all.yml new file mode 100644 index 00000000..0662a310 --- /dev/null +++ b/etc/compose/all.yml @@ -0,0 +1,313 @@ +# T-Pot (Everything) +# For docker-compose ... +version: '2.1' + +networks: + conpot_local: + cowrie_local: + dionaea_local: + elasticpot_local: + emobility_local: + ewsposter_local: + glastopf_local: + mailoney_local: + rdpy_local: + spiderfoot_local: + ui-for-docker_local: + vnclowpot_local: + +services: + +# Conpot service + conpot: + container_name: conpot + restart: always + networks: + - conpot_local + ports: + - "1025:1025" + - "50100:50100" + image: "dtagdevsec/conpot:1710" + volumes: + - /data/conpot/log:/var/log/conpot + +# Cowrie service + cowrie: + container_name: cowrie + restart: always + networks: + - cowrie_local + cap_add: + - NET_BIND_SERVICE + ports: + - "22:2222" + - "23:2223" + image: "dtagdevsec/cowrie:1710" + volumes: + - /data/cowrie/downloads:/home/cowrie/cowrie/dl + - /data/cowrie/keys:/home/cowrie/cowrie/etc + - /data/cowrie/log:/home/cowrie/cowrie/log + - /data/cowrie/log/tty:/home/cowrie/cowrie/log/tty + +# Dionaea service + dionaea: + container_name: dionaea + stdin_open: true + restart: always + networks: + - dionaea_local + cap_add: + - NET_BIND_SERVICE + ports: + - "20:20" + - "21:21" + - "42:42" + - "69:69/udp" + - "8081:80" + - "135:135" + - "443:443" + - "445:445" + - "1433:1433" + - "1723:1723" + - "1883:1883" + - "1900:1900/udp" + - "3306:3306" + - "5060:5060" + - "5060:5060/udp" + - "5061:5061" + - "27017:27017" + image: "dtagdevsec/dionaea:1710" + volumes: + - /data/dionaea/roots/ftp:/opt/dionaea/var/dionaea/roots/ftp + - /data/dionaea/roots/tftp:/opt/dionaea/var/dionaea/roots/tftp + - /data/dionaea/roots/www:/opt/dionaea/var/dionaea/roots/www + - /data/dionaea/roots/upnp:/opt/dionaea/var/dionaea/roots/upnp + - /data/dionaea:/opt/dionaea/var/dionaea + - /data/dionaea/binaries:/opt/dionaea/var/dionaea/binaries + - /data/dionaea/log:/opt/dionaea/var/log + - /data/dionaea/rtp:/opt/dionaea/var/dionaea/rtp + +# Elasticpot service + elasticpot: + container_name: elasticpot + restart: always + networks: + - elasticpot_local + ports: + - "9200:9200" + image: "dtagdevsec/elasticpot:1710" + volumes: + - /data/elasticpot/log:/opt/ElasticpotPY/log + +# ELK services +## Elasticsearch service + elasticsearch: + container_name: elasticsearch + restart: always + environment: + - bootstrap.memory_lock=true +# - "ES_JAVA_OPTS=-Xms1g -Xmx1g" + cap_add: + - IPC_LOCK + ulimits: + memlock: + soft: -1 + hard: -1 + nofile: + soft: 65536 + hard: 65536 +# mem_limit: 2g + ports: + - "127.0.0.1:64298:9200" + image: "dtagdevsec/elasticsearch:1710" + volumes: + - /data:/data + +## Kibana service + kibana: + container_name: kibana + restart: always + depends_on: + elasticsearch: + condition: service_healthy + ports: + - "127.0.0.1:64296:5601" + image: "dtagdevsec/kibana:1710" + +## Logstash service + logstash: + container_name: logstash + restart: always + depends_on: + elasticsearch: + condition: service_healthy + env_file: + - /opt/tpot/etc/compose/elk_environment + image: "dtagdevsec/logstash:1710" + volumes: + - /data:/data + - /var/log:/data/host/log + +## Elasticsearch-head service + head: + container_name: head + restart: always + depends_on: + elasticsearch: + condition: service_healthy + ports: + - "127.0.0.1:64302:9100" + image: "dtagdevsec/head:1710" + +# Emobility service + emobility: + container_name: emobility + restart: always + networks: + - emobility_local + cap_add: + - NET_ADMIN + ports: + - "8080:8080" + image: "dtagdevsec/emobility:1710" + volumes: + - /data/emobility:/data/eMobility + - /data/ews:/data/ews + +# Ewsposter service + ewsposter: + container_name: ewsposter + restart: always + networks: + - ewsposter_local + image: "dtagdevsec/ewsposter:1710" + volumes: + - /data:/data + - /data/ews/conf/ews.ip:/opt/ewsposter/ews.ip + +# Glastopf service + glastopf: + container_name: glastopf + restart: always + networks: + - glastopf_local + ports: + - "80:80" + image: "dtagdevsec/glastopf:1710" + volumes: + - /data/glastopf/db:/opt/glastopf/db + - /data/glastopf/log:/opt/glastopf/log + +# Honeytrap service + honeytrap: + container_name: honeytrap + restart: always + network_mode: "host" + cap_add: + - NET_ADMIN + image: "dtagdevsec/honeytrap:1710" + volumes: + - /data/honeytrap/attacks:/opt/honeytrap/var/attacks + - /data/honeytrap/downloads:/opt/honeytrap/var/downloads + - /data/honeytrap/log:/opt/honeytrap/var/log + +# Mailoney service + mailoney: + container_name: mailoney + restart: always + networks: + - mailoney_local + ports: + - "25:2525" + image: "dtagdevsec/mailoney:1710" + volumes: + - /data/mailoney/log:/opt/mailoney/logs + +# Netdata service + netdata: + container_name: netdata + restart: always + network_mode: "host" + depends_on: + elasticsearch: + condition: service_healthy + cap_add: + - SYS_PTRACE + security_opt: + - apparmor=unconfined + image: "dtagdevsec/netdata:1710" + volumes: + - /proc:/host/proc:ro + - /sys:/host/sys:ro + - /var/run/docker.sock:/var/run/docker.sock + +# Rdpy service + rdpy: + container_name: rdpy + restart: always + networks: + - rdpy_local + ports: + - "3389:3389" + image: "dtagdevsec/rdpy:1710" + volumes: + - /data/rdpy/log:/var/log/rdpy + +# Spiderfoot service + spiderfoot: + container_name: spiderfoot + restart: always + networks: + - spiderfoot_local + ports: + - "127.0.0.1:64303:8080" + image: "dtagdevsec/spiderfoot:1710" + volumes: + - /data/spiderfoot/spiderfoot.db:/home/spiderfoot/spiderfoot.db + +# Ui-for-docker service + ui-for-docker: + container_name: ui-for-docker + command: -H unix:///var/run/docker.sock --no-auth + restart: always + networks: + - ui-for-docker_local + ports: + - "127.0.0.1:64299:9000" + image: "dtagdevsec/ui-for-docker:1710" + volumes: + - /var/run/docker.sock:/var/run/docker.sock + +# Suricata service + suricata: + container_name: suricata + restart: always + network_mode: "host" + cap_add: + - NET_ADMIN + - SYS_NICE + - NET_RAW + image: "dtagdevsec/suricata:1710" + volumes: + - /data/suricata/log:/var/log/suricata + +# P0f service + p0f: + container_name: p0f + restart: always + network_mode: "host" + image: "dtagdevsec/p0f:1710" + volumes: + - /data/p0f/log:/var/log/p0f + +# Vnclowpot service + vnclowpot: + container_name: vnclowpot + restart: always + networks: + - vnclowpot_local + ports: + - "5900:5900" + image: "dtagdevsec/vnclowpot:1710" + volumes: + - /data/vnclowpot/log:/var/log/vnclowpot diff --git a/etc/compose/hp.yml b/etc/compose/hp.yml new file mode 100644 index 00000000..04649b80 --- /dev/null +++ b/etc/compose/hp.yml @@ -0,0 +1,156 @@ +# T-Pot (HP) +# For docker-compose ... +version: '2.1' + +networks: + cowrie_local: + dionaea_local: + elasticpot_local: + ewsposter_local: + glastopf_local: + mailoney_local: + rdpy_local: + vnclowpot_local: + +services: + +# Cowrie service + cowrie: + container_name: cowrie + restart: always + networks: + - cowrie_local + cap_add: + - NET_BIND_SERVICE + ports: + - "22:2222" + - "23:2223" + image: "dtagdevsec/cowrie:1710" + volumes: + - /data/cowrie/downloads:/home/cowrie/cowrie/dl + - /data/cowrie/keys:/home/cowrie/cowrie/etc + - /data/cowrie/log:/home/cowrie/cowrie/log + - /data/cowrie/log/tty:/home/cowrie/cowrie/log/tty + +# Dionaea service + dionaea: + container_name: dionaea + stdin_open: true + restart: always + networks: + - dionaea_local + cap_add: + - NET_BIND_SERVICE + ports: + - "20:20" + - "21:21" + - "42:42" + - "69:69/udp" + - "8081:80" + - "135:135" + - "443:443" + - "445:445" + - "1433:1433" + - "1723:1723" + - "1883:1883" + - "1900:1900/udp" + - "3306:3306" + - "5060:5060" + - "5060:5060/udp" + - "5061:5061" + - "27017:27017" + image: "dtagdevsec/dionaea:1710" + volumes: + - /data/dionaea/roots/ftp:/opt/dionaea/var/dionaea/roots/ftp + - /data/dionaea/roots/tftp:/opt/dionaea/var/dionaea/roots/tftp + - /data/dionaea/roots/www:/opt/dionaea/var/dionaea/roots/www + - /data/dionaea/roots/upnp:/opt/dionaea/var/dionaea/roots/upnp + - /data/dionaea:/opt/dionaea/var/dionaea + - /data/dionaea/binaries:/opt/dionaea/var/dionaea/binaries + - /data/dionaea/log:/opt/dionaea/var/log + - /data/dionaea/rtp:/opt/dionaea/var/dionaea/rtp + +# Elasticpot service + elasticpot: + container_name: elasticpot + restart: always + networks: + - elasticpot_local + ports: + - "9200:9200" + image: "dtagdevsec/elasticpot:1710" + volumes: + - /data/elasticpot/log:/opt/ElasticpotPY/log + +# Ewsposter service + ewsposter: + container_name: ewsposter + restart: always + networks: + - ewsposter_local + image: "dtagdevsec/ewsposter:1710" + volumes: + - /data:/data + - /data/ews/conf/ews.ip:/opt/ewsposter/ews.ip + +# Glastopf service + glastopf: + container_name: glastopf + restart: always + networks: + - glastopf_local + ports: + - "80:80" + image: "dtagdevsec/glastopf:1710" + volumes: + - /data/glastopf/db:/opt/glastopf/db + - /data/glastopf/log:/opt/glastopf/log + +# Honeytrap service + honeytrap: + container_name: honeytrap + restart: always + network_mode: "host" + cap_add: + - NET_ADMIN + image: "dtagdevsec/honeytrap:1710" + volumes: + - /data/honeytrap/attacks:/opt/honeytrap/var/attacks + - /data/honeytrap/downloads:/opt/honeytrap/var/downloads + - /data/honeytrap/log:/opt/honeytrap/var/log + +# Mailoney service + mailoney: + container_name: mailoney + restart: always + networks: + - mailoney_local + ports: + - "25:2525" + image: "dtagdevsec/mailoney:1710" + volumes: + - /data/mailoney/log:/opt/mailoney/logs + +# Rdpy service + rdpy: + container_name: rdpy + restart: always + networks: + - rdpy_local + ports: + - "3389:3389" + image: "dtagdevsec/rdpy:1710" + volumes: + - /data/rdpy/log:/var/log/rdpy + +# Vnclowpot service + vnclowpot: + container_name: vnclowpot + restart: always + networks: + - vnclowpot_local + ports: + - "5900:5900" + image: "dtagdevsec/vnclowpot:1710" + volumes: + - /data/vnclowpot/log:/var/log/vnclowpot diff --git a/etc/compose/industrial.yml b/etc/compose/industrial.yml new file mode 100644 index 00000000..847b05af --- /dev/null +++ b/etc/compose/industrial.yml @@ -0,0 +1,176 @@ +# T-Pot (Industrial) +# For docker-compose ... +version: '2.1' + +networks: + conpot_local: + emobility_local: + ewsposter_local: + spiderfoot_local: + ui-for-docker_local: + +services: + +# Conpot service + conpot: + container_name: conpot + restart: always + networks: + - conpot_local + ports: + - "1025:1025" + - "50100:50100" + image: "dtagdevsec/conpot:1710" + volumes: + - /data/conpot/log:/var/log/conpot + +# ELK services +## Elasticsearch service + elasticsearch: + container_name: elasticsearch + restart: always + environment: + - bootstrap.memory_lock=true +# - "ES_JAVA_OPTS=-Xms1g -Xmx1g" + cap_add: + - IPC_LOCK + ulimits: + memlock: + soft: -1 + hard: -1 + nofile: + soft: 65536 + hard: 65536 +# mem_limit: 2g + ports: + - "127.0.0.1:64298:9200" + image: "dtagdevsec/elasticsearch:1710" + volumes: + - /data:/data + +## Kibana service + kibana: + container_name: kibana + restart: always + depends_on: + elasticsearch: + condition: service_healthy + ports: + - "127.0.0.1:64296:5601" + image: "dtagdevsec/kibana:1710" + +## Logstash service + logstash: + container_name: logstash + restart: always + depends_on: + elasticsearch: + condition: service_healthy + env_file: + - /opt/tpot/etc/compose/elk_environment + image: "dtagdevsec/logstash:1710" + volumes: + - /data:/data + - /var/log:/data/host/log + +## Elasticsearch-head service + head: + container_name: head + restart: always + depends_on: + elasticsearch: + condition: service_healthy + ports: + - "127.0.0.1:64302:9100" + image: "dtagdevsec/head:1710" + +# Emobility service + emobility: + container_name: emobility + restart: always + networks: + - emobility_local + cap_add: + - NET_ADMIN + ports: + - "8080:8080" + image: "dtagdevsec/emobility:1710" + volumes: + - /data/emobility:/data/eMobility + - /data/ews:/data/ews + +# Ewsposter service + ewsposter: + container_name: ewsposter + restart: always + networks: + - ewsposter_local + image: "dtagdevsec/ewsposter:1710" + volumes: + - /data:/data + - /data/ews/conf/ews.ip:/opt/ewsposter/ews.ip + +# Netdata service + netdata: + container_name: netdata + restart: always + network_mode: "host" + depends_on: + elasticsearch: + condition: service_healthy + cap_add: + - SYS_PTRACE + security_opt: + - apparmor=unconfined + image: "dtagdevsec/netdata:1710" + volumes: + - /proc:/host/proc:ro + - /sys:/host/sys:ro + - /var/run/docker.sock:/var/run/docker.sock + +# Spiderfoot service + spiderfoot: + container_name: spiderfoot + restart: always + networks: + - spiderfoot_local + ports: + - "127.0.0.1:64303:8080" + image: "dtagdevsec/spiderfoot:1710" + volumes: + - /data/spiderfoot/spiderfoot.db:/home/spiderfoot/spiderfoot.db + +# Ui-for-docker service + ui-for-docker: + container_name: ui-for-docker + command: -H unix:///var/run/docker.sock --no-auth + restart: always + networks: + - ui-for-docker_local + ports: + - "127.0.0.1:64299:9000" + image: "dtagdevsec/ui-for-docker:1710" + volumes: + - /var/run/docker.sock:/var/run/docker.sock + +# Suricata service + suricata: + container_name: suricata + restart: always + network_mode: "host" + cap_add: + - NET_ADMIN + - SYS_NICE + - NET_RAW + image: "dtagdevsec/suricata:1710" + volumes: + - /data/suricata/log:/var/log/suricata + +# P0f service + p0f: + container_name: p0f + restart: always + network_mode: "host" + image: "dtagdevsec/p0f:1710" + volumes: + - /data/p0f/log:/var/log/p0f diff --git a/etc/compose/tpot.yml b/etc/compose/tpot.yml new file mode 100644 index 00000000..7d09982d --- /dev/null +++ b/etc/compose/tpot.yml @@ -0,0 +1,283 @@ +# T-Pot (Standard) +# For docker-compose ... +version: '2.1' + +networks: + cowrie_local: + dionaea_local: + elasticpot_local: + ewsposter_local: + glastopf_local: + mailoney_local: + rdpy_local: + spiderfoot_local: + ui-for-docker_local: + vnclowpot_local: + +services: + +# Cowrie service + cowrie: + container_name: cowrie + restart: always + networks: + - cowrie_local + cap_add: + - NET_BIND_SERVICE + ports: + - "22:2222" + - "23:2223" + image: "dtagdevsec/cowrie:1710" + volumes: + - /data/cowrie/downloads:/home/cowrie/cowrie/dl + - /data/cowrie/keys:/home/cowrie/cowrie/etc + - /data/cowrie/log:/home/cowrie/cowrie/log + - /data/cowrie/log/tty:/home/cowrie/cowrie/log/tty + +# Dionaea service + dionaea: + container_name: dionaea + stdin_open: true + restart: always + networks: + - dionaea_local + cap_add: + - NET_BIND_SERVICE + ports: + - "20:20" + - "21:21" + - "42:42" + - "69:69/udp" + - "8081:80" + - "135:135" + - "443:443" + - "445:445" + - "1433:1433" + - "1723:1723" + - "1883:1883" + - "1900:1900/udp" + - "3306:3306" + - "5060:5060" + - "5060:5060/udp" + - "5061:5061" + - "27017:27017" + image: "dtagdevsec/dionaea:1710" + volumes: + - /data/dionaea/roots/ftp:/opt/dionaea/var/dionaea/roots/ftp + - /data/dionaea/roots/tftp:/opt/dionaea/var/dionaea/roots/tftp + - /data/dionaea/roots/www:/opt/dionaea/var/dionaea/roots/www + - /data/dionaea/roots/upnp:/opt/dionaea/var/dionaea/roots/upnp + - /data/dionaea:/opt/dionaea/var/dionaea + - /data/dionaea/binaries:/opt/dionaea/var/dionaea/binaries + - /data/dionaea/log:/opt/dionaea/var/log + - /data/dionaea/rtp:/opt/dionaea/var/dionaea/rtp + +# Elasticpot service + elasticpot: + container_name: elasticpot + restart: always + networks: + - elasticpot_local + ports: + - "9200:9200" + image: "dtagdevsec/elasticpot:1710" + volumes: + - /data/elasticpot/log:/opt/ElasticpotPY/log + +# ELK services +## Elasticsearch service + elasticsearch: + container_name: elasticsearch + restart: always + environment: + - bootstrap.memory_lock=true + - "ES_JAVA_OPTS=-Xms512m -Xmx512m" + cap_add: + - IPC_LOCK + ulimits: + memlock: + soft: -1 + hard: -1 + nofile: + soft: 65536 + hard: 65536 +# mem_limit: 2g + ports: + - "127.0.0.1:64298:9200" + image: "dtagdevsec/elasticsearch:1710" + volumes: + - /data:/data + +## Kibana service + kibana: + container_name: kibana + restart: always + depends_on: + elasticsearch: + condition: service_healthy + ports: + - "127.0.0.1:64296:5601" + image: "dtagdevsec/kibana:1710" + +## Logstash service + logstash: + container_name: logstash + restart: always + depends_on: + elasticsearch: + condition: service_healthy + env_file: + - /opt/tpot/etc/compose/elk_environment + image: "dtagdevsec/logstash:1710" + volumes: + - /data:/data + - /var/log:/data/host/log + +## Elasticsearch-head service + head: + container_name: head + restart: always + depends_on: + elasticsearch: + condition: service_healthy + ports: + - "127.0.0.1:64302:9100" + image: "dtagdevsec/head:1710" + +# Ewsposter service + ewsposter: + container_name: ewsposter + restart: always + networks: + - ewsposter_local + image: "dtagdevsec/ewsposter:1710" + volumes: + - /data:/data + - /data/ews/conf/ews.ip:/opt/ewsposter/ews.ip + +# Glastopf service + glastopf: + container_name: glastopf + restart: always + networks: + - glastopf_local + ports: + - "80:80" + image: "dtagdevsec/glastopf:1710" + volumes: + - /data/glastopf/db:/opt/glastopf/db + - /data/glastopf/log:/opt/glastopf/log + +# Honeytrap service + honeytrap: + container_name: honeytrap + restart: always + network_mode: "host" + cap_add: + - NET_ADMIN + image: "dtagdevsec/honeytrap:1710" + volumes: + - /data/honeytrap/attacks:/opt/honeytrap/var/attacks + - /data/honeytrap/downloads:/opt/honeytrap/var/downloads + - /data/honeytrap/log:/opt/honeytrap/var/log + +# Mailoney service + mailoney: + container_name: mailoney + restart: always + networks: + - mailoney_local + ports: + - "25:2525" + image: "dtagdevsec/mailoney:1710" + volumes: + - /data/mailoney/log:/opt/mailoney/logs + +# Netdata service + netdata: + container_name: netdata + restart: always + network_mode: "host" + depends_on: + elasticsearch: + condition: service_healthy + cap_add: + - SYS_PTRACE + security_opt: + - apparmor=unconfined + image: "dtagdevsec/netdata:1710" + volumes: + - /proc:/host/proc:ro + - /sys:/host/sys:ro + - /var/run/docker.sock:/var/run/docker.sock + +# Rdpy service + rdpy: + container_name: rdpy + restart: always + networks: + - rdpy_local + ports: + - "3389:3389" + image: "dtagdevsec/rdpy:1710" + volumes: + - /data/rdpy/log:/var/log/rdpy + +# Spiderfoot service + spiderfoot: + container_name: spiderfoot + restart: always + networks: + - spiderfoot_local + ports: + - "127.0.0.1:64303:8080" + image: "dtagdevsec/spiderfoot:1710" + volumes: + - /data/spiderfoot/spiderfoot.db:/home/spiderfoot/spiderfoot.db + +# Ui-for-docker service + ui-for-docker: + container_name: ui-for-docker + command: -H unix:///var/run/docker.sock --no-auth + restart: always + networks: + - ui-for-docker_local + ports: + - "127.0.0.1:64299:9000" + image: "dtagdevsec/ui-for-docker:1710" + volumes: + - /var/run/docker.sock:/var/run/docker.sock + +# Suricata service + suricata: + container_name: suricata + restart: always + network_mode: "host" + cap_add: + - NET_ADMIN + - SYS_NICE + - NET_RAW + image: "dtagdevsec/suricata:1710" + volumes: + - /data/suricata/log:/var/log/suricata + +# P0f service + p0f: + container_name: p0f + restart: always + network_mode: "host" + image: "dtagdevsec/p0f:1710" + volumes: + - /data/p0f/log:/var/log/p0f + +# Vnclowpot service + vnclowpot: + container_name: vnclowpot + restart: always + networks: + - vnclowpot_local + ports: + - "5900:5900" + image: "dtagdevsec/vnclowpot:1710" + volumes: + - /data/vnclowpot/log:/var/log/vnclowpot diff --git a/etc/curator/actions.yml b/etc/curator/actions.yml new file mode 100644 index 00000000..fe48bfb9 --- /dev/null +++ b/etc/curator/actions.yml @@ -0,0 +1,26 @@ +# Remember, leave a key empty if there is no value. None will be a string, +# not a Python "NoneType" +# +# Also remember that all examples have 'disable_action' set to True. If you +# want to use this action as a template, be sure to set this to False after +# copying it. +actions: + 1: + action: delete_indices + description: >- + Delete indices older than 90 days (based on index name), for logstash- + prefixed indices. Ignore the error if the filter does not result in an + actionable list of indices (ignore_empty_list) and exit cleanly. + options: + ignore_empty_list: True + disable_action: False + filters: + - filtertype: pattern + kind: prefix + value: logstash- + - filtertype: age + source: name + direction: older + timestring: '%Y.%m.%d' + unit: days + unit_count: 90 diff --git a/etc/curator/curator.yml b/etc/curator/curator.yml new file mode 100644 index 00000000..715bcd06 --- /dev/null +++ b/etc/curator/curator.yml @@ -0,0 +1,21 @@ +# Remember, leave a key empty if there is no value. None will be a string, +# not a Python "NoneType" +client: + hosts: + - 127.0.0.1 + port: 64298 + url_prefix: + use_ssl: False + certificate: + client_cert: + client_key: + ssl_no_validate: False + http_auth: + timeout: 30 + master_only: False + +logging: + loglevel: INFO + logfile: /var/log/curator.log + logformat: default + blacklist: ['elasticsearch', 'urllib3'] diff --git a/etc/logrotate/logrotate.conf b/etc/logrotate/logrotate.conf new file mode 100644 index 00000000..85d889bb --- /dev/null +++ b/etc/logrotate/logrotate.conf @@ -0,0 +1,38 @@ +/data/conpot/log/conpot.json +/data/conpot/log/conpot.log +/data/cowrie/log/cowrie.json +/data/cowrie/log/cowrie-textlog.log +/data/cowrie/log/lastlog.txt +/data/cowrie/log/ttylogs.tgz +/data/cowrie/downloads.tgz +/data/dionaea/log/dionaea.json +/data/dionaea/log/dionaea.sqlite +/data/dionaea/bistreams.tgz +/data/dionaea/binaries.tgz +/data/dionaea/dionaea-errors.log +/data/elasticpot/log/elasticpot.log +/data/elk/log/*.log +/data/emobility/log/centralsystem.log +/data/emobility/log/centralsystemEWS.log +/data/glastopf/log/glastopf.log +/data/glastopf/db/glastopf.db +/data/honeytrap/log/*.log +/data/honeytrap/log/*.json +/data/honeytrap/attacks.tgz +/data/honeytrap/downloads.tgz +/data/mailoney/log/commands.log +/data/p0f/log/p0f.json +/data/rdpy/log/rdpy.log +/data/suricata/log/*.log +/data/suricata/log/*.json +/data/vnclowpot/log/vnclowpot.log +{ + su tpot tpot + copytruncate + create 760 tpot tpot + daily + missingok + notifempty + rotate 30 + compress +} diff --git a/etc/objects/elkbase.tgz b/etc/objects/elkbase.tgz new file mode 100644 index 0000000000000000000000000000000000000000..23a09abc072a15ae03b1d985dbbe83e017d79324 GIT binary patch literal 139574 zcmX_Gc_38p*C&-qsBfeq)2>pf5D`-$Ns=T>gbi(G0D-n`(uxi_j%k!^RF#y-xR0-rm@3+-h>;y3l#g6w{KS) zw#mW5C3^p}?fre0w3Xk~H*9vIvn&~B22Jm^*7mfIZ$0O`wr~4$op>Yp505WYVy%CE z{H_W7bMUmr!7sv*m6x7NE>*Hs3{vE{zkJ$L^eNGMpvq3XKVT0luZHf1!md{BX^wo- zgo#1)Us!27&G~!{Rj0+o&;q>4Gy)2X!}t6rgv^?n6R&PBk*n#bUHg4{KD6=`#SM$; zvq~CR*(-UrgND4Tx6v54VSW;=XO$k937}*i&c9MxQZjO9>5YC%qtj9wckQfPAM85* zYgS)woyp~QZAq_%EVW7RXDZkZlCJ~F4#+Kc(Wd(f>F$@3%3>w+IFTDS4@O|MTQjRDp~PWxBNx*(0t4*)pajo(e;iZO1eMg?{1ew%A!n(<$t_M z%NcM#G4*_k>fkxnpca~h@cW81esP`@XD3`f^6{42@wSNN9`7#_(mhp&dLCuiHT*X` zkrN%;n(1T^a5AV=-ioFu4k zknd+gCeG? zjmaJyz2f(1@JGswTIEEqVy!<*SNF_neDcGRd9EguG-EQQxOZkp4a>gg zQ*J=$5%?`4WEh|umKo3Pmmhb}Hl(@;8IQ7dFq?k#ED^REcpkDp&wSWW@~4Pl{8#hT zG2MKGHD*q9oBpIIDVQ(c>(}|(VJ%GDKxAc2Bj|rCW!H-Q$SgGKeWPtrwf+Opb?jWF zt%IQQ;RTO<`$oQ@ZzgQfx$~_yc9%|DyUev6{&k3AJ^cB_1!wgP_xbo^IumkjX=9a- zGo>#$&&rJHI+C3$D=2G1~=hPJaY+90|$@*~3OzB^ya=BOQ(#dhx2RB1g}3Fi;M|Q zUrOuv?xfRkCico?L2gQ?EA?ye7D~s-^dyb83z>*#T~RM<4*?r2enA>hoGI!w+o3*F zIOAZdus$_!8#A8Yd^rDm59_Vl<%Y@X>7~MNXD9M0Iv|n?YhatxK<<3z1G8`AW%@t!i45AQk>Sc0o>4J3K2z*%QXl*rcquE{ zaX!=W?+;ny=gOw1-JMu3`E5L0W9Wfs1RMLNCMY6x^01yhl3Cqhqe|Cio*e(4-{$uTSg-%BUVIFKoy&yY=Y!rh3hF0V92(=)-;DW(HV4bP1p zHczScjGD-jymD#wLbT0*v981moywEw=sUOmbXr87{p1_<;(Xa`#(=A&I@wLTK|l1? zWyce=8yEU-wkp|QDt_}Th)Cf)^jtqeU?tBB7efPL`nG#abDoh*D>lt+_xZ%`jW z52SwG=5W&Lg8g{;<~rBTBEQgqd1(fr@qrQ^!sl`gZ#`Gm4axE zgn2rRJ!Yyqxbowr9pP@dL86a&W zDs7qmK9kd%k9~D|#FE=x{#&+k-?U zPeT*i^@ozz@DO!XQQ9J+VJoZI`!#l8&I2Vh6efYV!%E3#b{khK+-50>dtsk9M@J!A ztg-?P$m?Jc?Pfp3WHqfmCJ+l^1IBR9#GZT@1N|Ua9*fE3FiGb+6U3TTwpbT1Y7F13 z@lO=>?46kWLs2ltsI@y%Cy;kcp?c!d3@jk&!PBM`J5yqai=@-7n!>}yZnGmECVwXr zyG!%5Q%8PUaOz_I)HdF53)q;71It!c85ca++fRHD55nCDYKobexmoQ3iiKALaEDW-0l;~h1-3g#iJ8%d|b z@smES6bBmof~cbyvHj=_u$w4i?dP||Bg0VkkU_BL>qVYoq~bomaac7~4&f8(K)iIx zfuHx_8CVns;>`xAY|Ji9`yqFmsvw!q2F0LCKYl6DXHs_Jdt`TD)SEN(72G{OOn`tk z%vb>APVWtyBh{nC75EN?!!VSMxGze4S_(V*;p}7wp~rmev|8WI!85PQJp5g+E}H?F>@-EZi=Bb;|Juh?c_6dwr0licvn_ z9h!>!x%#1iG88*taw^a}i4pw3V6qnWWMU(i<>RdUk!M7;S4;$>!7jE~S0!vkqq-u2 zlFcNv=4mdV0t=*KBv}S6=1@3`sKcgkH(231f}9B_yzjZBy;%4%CTGvqe=z_dm*0YR zNimSeo1ntbO3lYsYPGT#MrO~#X{iV}#?me<22s}$%3bZUW4yMx2Q*jk?V1tyav4B^ z@8SUNfX9*r^JEN#ZWK8e`UiZxeL>%e4W3M6iG|03oPRD~bPh(^^)tzpuMFN|2Acq{ zHXHG%fq|tB-Zmld?5Q^9;NJ$sU`A5_?+{u*@GG>PJ$2_V_%EBs57QU~4Zu84VA;SQ zIEN9Ihyvo*21kNaqooNNn5>_reV}sjPe^L z-v!?#;W!FDf)XFzhrjO*BQ}`K3TgcO+rXhk`HMOiZUr6SM8Sw|Q1iI~^y!Ercg0a`YP6J7CQB*1ZJKUIj*}*$F zB`BNa5UbJ^_KvC2p&V}k8gEOInVifWbmDg7kQrq2aTX4vDWrXdvY`t41K9|-Rk+t? z;qL@SGBj}{%7?QEI{4-TSd`d~Dac_tk+c^;i(?WA5wbirFi0Lo3?|E=W26a!Rn^B{ zaxwc6KkQC0Wi|i4%R-hkLL~3`7a^991!;wP@o?DCD%_BWf) zMo2Ace9_41BMdUWn^@xK`~cp+aB`$0Y3Okrfd@~=gVw`oq-Mc*U^dtWd zpyxqFGFX126UU(RVKq*4cR{oOrR2?pj>FXCB+!h4A>FN6jQ9C4Ah_~fbf&`$2Z^~p zPaK8?lB$5%xp4?Q6?#gQ4cnOTiCfXDEd6J>SY{3rF71|GTw9G1_2!9U_yU8+=}1ps zz)U2U;JYwUFO=9``;CSCg%>{B9BOG2)JyNJF6H5kLu#KPhm3;w~j~XjLhOGvnm+bbfAA^z-4bV-fgkWra z2W+(Dn}PXi5Hbw8R62v41Hy`TAgc6{PDGo*+WvzA5LO3pNOqYpLChYK;8oHUn@{lbl8u#?NES5X38 z4a%;@Jg&@S8x&A*c% zTa7yOkS7;(%7ZdEzQ4+xN&Ex;0$fSx!bnsUD*JXAE^P!J8+*|KodHcYn2ciN8KkSr z5u?<4U{uo(>ISY)>|!_^t%PsYXc`Et;aZ{7@GBo@YbM1{(r*T~^t^_N-Wdor_Lt#d zF&UE?pQ0?KL;Bg%xDE_)0=#{(HSH|0H=n-F>&sE#pM-Dor1ucZ#u-c!5r zE{**Hf=jp{3VyFOFlgx7Tko*Ol(tASi8a|H$oMW(kmgbCI2?E| z0o`Hp?Ag7j6D~J}8j#w-($9*$x|;Wa0qEJs7dL}ax=tU&?cgIW-6msYlOymrQrISM zxiSs;&0{#?9X7~NZmEklDsQ>X*9%$83v8P~>Lq-^M1>YgFja7WBd&vZ-vOP}u6!=8dQ! zO5hpEEReAmxGl_~L~f5o2~W9oiNnwd_|Bm;fcZHt;c zaM+H^=C8YVvCKbx;E4NC%1;ldxq@^HbEWfP1JNI+G@m*0H)}{as9Xg{x%Qra6ma0t zPV26&faM|ZkcaFUDA~w&v4c)j`XF{95rS~@Elnrp-z5WSIMZ?0Kdeo*LGNFPTE?gXVmcqL5g#2G?1xm*7T=P>{?-V|Sp) zw|Pn$NC+)3@2o1cbwbtHtoI~aRKGg}9a`UOWeLPa_{d}48QgUQfN{cszHrsHQ-jGF6q{MJ7Mpa-O(~rL+x*Gu2D>`wg=od$xLC=((!&8!SGrdA>*J z*yE3%(leN@H*N^{jJX`ARil7a&aZ4e?Q%mYXd6|H7U4dAcnXF6K=by&8Uk7Y#&t69 zY?SIcJj#Jb6-ZemqW8{xo*0sR93x6dF$mvA2vw}fiOYh5_e64;#9y~Kq%~S52bHj& zJqUi6MJ2!yu3#bi#*jpe98+;otMQ3~bSAmmm-gQiZim`VCH5{XGjNHxLm*bGEY=P1p+6q(%cWCW7gNSvR=AT9-i zWC;-#d^Uqv*X(Ka{3wARPr6y;HWuQS{Oie%Ul%aB63FJm@Ea>Zjr_Vlu)psfIEYUp z*?g>7rIoX={U%@i1t7&%Q<8Uo1@cxA3{V$<3axW0)H?nv#c7bDiiWZgF`djF*SiS;TNu^2s)nk$>k{qq+lJ+vTo8&GMxUEW$n-SWO{X z&uSnNlasiLO*pJ;g6jrg_~sHDDaHuW^C3=4VxV@3W%t2zU@W(+CUjs0ez$G zI&TUw`eN?MDuMC(KTxY^qLj!amP5C<4@xYvhuM8=sU+2_}i~<%xYGG+o7NmP`UFoQo2dH$VVBZAyoOf1vNF z4^V&EgKS-tOiw^T^H+cP65lpQzIpO{+(ndPIf++fhD!aK3U5X*%J=($aVB)69QyGE zQ7tne3q}dNlYKHpoMj^C4Pr8zFydFZeETW9NE<=0tBh5=(o|!!zs=8ruCdm}8E`5& z28YWSpq`NIJ<`QjbL}%cDx^gB#=)1&pP*>;7{zZ;3*=FjT+W^T6+EO|Ly4J8L`-GA z*|P387!_bnh1W1hGXrFwzT{8tG45}N;!lwBsbXr5@CSPF6;cY4VaV={#MH)(U5cZO zlpQzu9!Rm86%3xRNK%fqVB~_5YCoGE;;nEW5W8ofcMzgvL!{ea>v2q!a22Ie_lHAn zCDbWw?*zeNguaM@qhXlXy|f_XC%hac$!`L(sK^v0b`*mK?^WH04;8qttA_Q7P?3{- zk&Xzn5J&DxRdex(nmktQde^IYe;DK@LBg~6=%G*iOyuw)F6OhK`4&pP$RS-&(1lgd zyJ!$U_6i6zn}DG028P=cu#}Zk#08kK5WK5OGhp2mM!gEzU8}&<0vDhyo+&&gSUE-+ z;Sd|JiYH6ipxpBjr)}0mraRk-M*^y-q@O8}>du$0(n`SOa6RPbAV~2(jC>X=3xwE_ zoIntqAq#!PFWO^d+F#7y&%Qil(L5r>kFq77pv3hpNaNRGWbo5coMN~j566VpqC|_v zSBV(m6%;S=oueYHy$JgF{#ochAEK*bV4w7Hc@+J3~eihJldgg>=$kW`Fvtz-l#U=ayY3~EC% z*r(e2ZYo&5v=~Ej+E^sNJ?nGgH84@_O&HB#-A^!KK$DhHMiYGex7T2d{@-s((me7c zM)pZe=`iBAl*@-)SX6`7>&r8hmSaCBfKPSf4C37|3f%%+G?{`^2Q<{4 zZ(Y?pf~d4Ca8~Xdxz7#Lr!LY|ya0v`n;}3{gbr^<>4=4b(E^-iA!`i2Y#dr{rFCsz*tPO-qW#u%8nWf@0U)14@@*pM343vJjPMl8m5jf%-2@dpkhre-gWWFEK1QbId=^R+EN^t#k=@d&m)Ni&7;GW zl>@-odo*JJRQ~W3x45hi%q)-m<`GU9$hSblC6HhtQ;WDgbQ&%lpU=Dx0f}~ugT*+K zN07^Wc+bQzDQ3+OIYSsm97_v<(mW2L+COjbid#HK@Smq#KZHH2!uz8JM=kkgGZN{7 zUX3sp_~9FlSvJp8zHbX5;6`vUi?(PE@0Sh^H62x=K~DVo3mAa`T{zhpkIq28=&)S3 zigJO|Iu5N&27mALhc^g?M*eNb@7#U$?5NdDxtr$5ki z@OnBoew_v*TtU3%$dqd>FhOmC+NvM<7dmv8YO%91MFZl0@b(4RF^T$Tx!hp`B-a`0 zD9HYvVv)~6kSLe8_G2}lAodJ#4-gnNOSpxOMLIlChsHgyh6kSxIaHZBE{M@`3|j)Q!KAKVJMuqH~cVsc+Xb`-J*JYmN<58sZM(H}(( zpSgug!PuHiuyw*xK3T`d_+3B=wYUSDMiA%IK(4l&aOAo)E=|pmO>iabyNBxIqRn$s zSr|3*K7sILYZX8R_}az#D3oaOpM}bKia%ZaHD(`K6mqaq0aZmziNHm7g%z zA0WY8z#fp&*|68{N!MtS+^EKw~8>4ly4)DQKMQ(<8en5SiJ_BUEhsB|KS|*f0pca9vGh! z*HK8skb^j6d3Bm0mvTso=M8*Oij?CAaQ(&xcfl0XDxT4*0KJPC?cNNW3Q4>;f~zcT zQ45Ziui$W8uuHiIVH6L;XIzvdqrM7IP>~$)KB0^w?kXjlUBY*ohpBau}K`OA!3^ zy}$r|bk{KQ2u6L|kTl^Wq1;4>({@l*j#}dG$DkSnKM!;(V zPdZ?tX}YUpfpRdy@(M`H#wZr$Igw>-#0Om{XEOMXu<#H}2oXUkbGSK@w9W+IlIjlL z;&J${Wl}U{vDhJ;)BCt73bzribwjiTvFkIHRqdM?%&nK$Pw)s1fAyj0EVnU{O_5NU*f+4@|TK=KqBk*?nV_PvzgY z4DD_~UUCCO@f>bgsD8V3pKR871!b$b-!=wamk!Ww|F|KbA6qK6EY>cs|#ptOv>>ltREBU0@Av_NG3{*LnVw%GFcG6 zVvsB-GJ|}>C4L6(DeywjcPxO7f?u);lc*U7#eyFIXD1BzzJy_reIix^4{_LY3x&UU z_hBI+yG=(RM1&3V__Joy*dQsmJkx1`lo4rs`V)VVrG%Sh0=N5HnAHA=-<>?9sj|79 zYXUWii^M{~j%&`jDvV3>QYOV&E3*f3_;G8lJO?*g$G{^YMf!hu@6P~-nIFSSNtsOIX>^2990ERAcGpLMZ+K*?_Xy>c4L|nd^8{lKsV)g4F2&7| zw+|r6W7kd>Vi}AZ|euXmu-X}{00q*7k_0Dh;a+_PcN(Qwe9TV1ydP4mTb+}gI#-50?a}CSa ze!&b?gJm-v(TH~7=cy~Vc9B>|6Qq~IRS=bv8b!i8Fi{e8ulQFO!df<**J;MFpp8#7 z91H~4@mX)ecymH1XgzqWzU&s)9Ivix&} zXJCU5O7ycnxq$%#%eZ=T26FJukB>hUa$mXv1YjX+C3DeCd17VlcdZqV*u6Zt$>3=wtbOz1fF z{l`0)Ar|gkD7*bH* z34Dl&Yn;P_JN_?^fNwx(U(6()+22wHS{?XMN~sM=z(+t_BydMk#VmsT2qJrTJY^le z2R{wYgh4J!y{vqPz=Qr7SYCmo-$(UV3mb@+wy^Mw(<{I|+hiLIp07Ja=3cW~(RX-dD(KB8sj}EgtA$G`$O0)yA2#e;e!6Dja zLTqE0qbx6`eZ?gFS>%w!qo{s_@*sR*!7oE!vxQ{Y26kD=5W6n^lP*3|8F-3I$`}iw z{V6nFNTzh;ategbBaF>0IM4G~igg2Dnj6GhH^RH4aD;1Jp3vcuBwv6zmU0Q725a!M z@hkuoN(V^z60t@979r}xBxa|P=jS=xeL1x`b8tj>d-YLZF+*SC0Gx+);=4|#l5@Z(UU8p|JYLzp@ zkZq<+;zuBG+0?ZKg(340N-qy4)nGOYuM`Z7EjzvguA4lMYK9UT$1sA{p=~DT6IqlM z_$Uxp?ogXdpf$F)6*%4Wn#C>gjXEgX--9Aofk@zaQIv8%6Qjh{9rlVV!U#NF&7DW& zmZHSU4PEacrI_oIrzlT5fVh9Kbq5c|;aEo-5|4D8O~NR<8PLb`fcBUi-ZNVbMER!i zkqJHtRE@!ELcY;>6&xLaCv7Z(pOrm-Z4VQ{GqTWCoUJr~WP$g-5zgOsAMwD`0`j9X zlxssAp#=hG!+-W*H^L%sUVrXpFLDzV?ZNXP8>cj!{qjKHc%|Mm8W)4=_*dP>W+?GP zPr`YMQ#?-@!N_-~<#axYFe!(7UO{GkGNi;d3oaNie2A4fMbtVVr+^nin%yj7cL_MdyQKzDZ-J;*?8M^lI}0)5%LUjYImr;UDMTWG1J=TgZ(yu&oej z^9*oJ;|_A~^K%2%0NhU=K@3tz;@r8PBbUy(p`s05-oW%@;TwmzaTq3XRwG-Ifoh!b zcOk~KB6VXdayA&hTUh}?k(km#@L+-)m)C|ij6y#zBc;L0VdR&U&{)ypTE?DDU^9l%y%5Mw7D&YMeMn;9~A0 zQk4vOBQD3$nl&q*u#xs=IPx6?r;+>obRKmlv*80BKJ*eoL1Q6;QU8u1t%;+e3ucQI zba9Ymmjr@z91(+Hn~SCFewV^SK2CM`H1B|ghGEG?kkeB-il6HTptUjsE>(N_{xe0* zYx4Qi6tNUM4E|by4;^qe3Hr;_f1jKc%KHSq)g;UuC7#zw9l+yO0JpbOMp^i;8dDAA320-H<74dJNT)zl{6|EZr}=owI0X7Ha4Jr~ zWD01RvJdpEtRnm;e$u z5%b&;cTN@q8QDONkyT;xUuXF;5p|yLWg&Zpk==K00@=QE35&+Z)hB$EQcKzK`#SzM zbQzO4$Mei%l<`BDjQ^88>+xUB-7eV-4zX&OYxQtY#e$Ka!2wOh2c|D*5Qpa~A9Fz)jql!E#^BxK91-~8sA@-$syjJ4b`3?>V zH{aUtH5+l(j08~`p2tTWGBM;PQ~x>sW(y-G{u}i*0oSJ+ZPPFm#*^_spI#06>o8(6 z9_Uu0l>0qjG1m|^3<`~r^~L{&E)y!4LlY>8l}>Ym4v$0{n8++0<}e~YGh4zvip$_? z3Z``yW{unMcP+SQ@bLkN?f|k{y2Kw)DZGlmb}<7(i;mOqc#fct(_ko^1%`Lg0b0hC zyYevUc`Ks#$Fi|j53TS!Hbxm3f+H_$m=nXZz^;E2q4Yv(h@p0UUqrk#nupI+RHxZN z+deaAwg|6=hiJKI~ zdsE*(Png{s`m0U-F*RbzetXhQc=+P0`MnvrPn>F0?V2GM7Ecm-F90PIb5WR@y;OzJY$f?S9lBTXHvf~U6m(iRCTr23RCEr+qdcp=`OuQsU}nSqovRn zvE_~axeh8bR&<*ecJ2s7~4l6ROBkD}<9T);l-Ub~0i{^mJ8}`qIQU z2xL@wP_v>x&Y|+P+UdG(r$^`;#@lcIZ1;7K7GsRJI-|9Jx7UBxXv{5tev2$O#In^T zZ8Me&G5sLVU*)+eDd$yyKAyNBb@o>#p+C zhOT>)Wp&5GO68LG3L&A164&c))50Oox5yi)#A`Z3Pu$8Un6&k>(?W@&XM{N40&^=v zgA8s>zAdn_*r*r%n)8%g)~$@F+?m-o|1z<}?s4GU`mlqv*B+Ki(%Cj4^zz7XlgEWg z0`h*WXImvAUhZDnLEWx$zw5)*SZ^KuyVS-k{Ab?VUY4)3SKly{8m+M5L045x>WVg_ zmDv+_74CQSnErjX^*grzai`c)a=>#@m*Ix%>gIh#SRzef@@(!I3#?G?}GHn(nSwk9n7LrPqDYDhG74>}$tIEff@OP8N5W?%UX*Ze#X1OZ$)XVdPF} zEhn)jar9P&h`!B5;^a}65k-IMO9kdo9?{731Mz-;J(+m-A+t8c=T2Z2Q;BAjK~R^! zWJY02{deY4(4Wbfb^*1&dMBKPogA`92WN*B=e^HJjIM9;VC-5G`X)mpfAshLUo?H$ zb>|KoAAO&PrWxNUS*j=-g_eg5mo^yout@CXq)L33;jR-X#I{CUiF|jt*VdeVMr2R>GU#~liP5<%S zCRTF)v&q)#%e8iQ3}f>nP2H%kRZJqzWqNkG#+G;<;ISgaZ(4E#Yxc+9{sM

Ko}9U* zom_Q~`S+^5*Q&eK@g2L-LIop*A0Ehl_KOCc*!^Ld)`bt*hy~U`J zf9aRP`^J^`w$xu#x_T_y@z;mnSI^5OtyHgVzr$G4Gg~Lgl9*+x>4!=*R|WrgVEmka3Y8i)tB7c zgSF#d;`VLSI`?L`i!bY>a*|l1mHC0N^FbZgYDQfuYR=dWefab0Sjy0OSEb~tlYc|} zO7^@{k2P}?b^DKfP}O~z$8{Muy>n)99>pck)2^N~Q%M$DePDa4$*K5qO=kwP*kW?L zR$M9KAgwfbjr~e{;iy8Jd-qj59*?R;8Eh<^U#uAYiDkLVBSPd^>&bY#=2wkh=GLB; zYYTa}`>%|mdiZOrd=cAa-Rg?n?^pesGg6ef1d!GD~cIxZWKd+MiL&zH5xM`yMAYJ`1VwQ**w_37-A9o~Sym zc4uwKj(0a69eflj&|w>&P^JIP>0mu8?n|<`ef9ROPF1P_M?$W37@OTvcdL}YQ>8zZ z;uLV?LhdV1Bh}y5(uCZE>L1qEUYxz=N$uOeVZQ>Up%`5(%)GVkP}U)4(`3KS8uc%_ zZL7=6^;n}-C!4A-A8{}%4ODeFnaz&2W-p@mJhr|Ujp0 zChzN$NcQ!F@n;|OB{uA6b|$yIh^xyN9#C9weFgheIH1TFGBhkX@MX!bqNnAxU$4ZbgKLOYAO1)GjoMjOetoR-YGq=EhlyL$`N(y zgVn4b*83Ue9~TKLPdhByFgbm|_56~iB{Cl|#?718jJlTpA!3z9EkmYrM$?<-7gJ8g zbf5ShCawRbYA!|l`PJugztq3$-ZQ!9|3jmxu6I+UYyOEMk3;ou%XH?J(?|4m?ny6i zUOup9!xA^vmczEXl0&Ig#wOY%+F)LHp!ONp+Mv$0?pe(GCWnmW@Th^jDR=VH9pdtd zBIT`7vm2(>J%wEh6z7D(u1xNT(5Y`^_HD8+m{?qX;rrtUC)BkjUZvcAx9x>p|4YYS z^(}-qKGuXUn_Q!PQwU1_&!f)t%2+T4PYs`Vp6|{WtTV8Xj?yL+bhm2_Ruf-J=Y>6L zpltRn53pFf9$l6#Shnw;-y@+28Kb$450uY78(;nY&5OP~K9fB^G&{G}yo&urn!Is5 z?!oCQfxtTJfX5qEPK+cZ$VR;#Y#nX=Y`CMb_H9VW;ndjEekY>X8GRoF^X$%zX5`2G zRr!(}e4Zq4qvspe=#kM^8N$$P`e(^k&&DMKm|i`Z-TDXK%dkbB;KFmS}A_PV|umjS#hk73r#5vn%-TP z{&D%7DMOg`)Kf9owrk?9SHq;j5g*S#T{cruA)b{bjf`)*Sw1@X_=vlMxGVVlS0~M3 zX5TwM?3V8P@NJ0^QZF1U)3~x)M|YP_u})o1 zJLjx~RN~VnEi1KDdO=+0jT4u)Fr2-`*ErR`Wi7W!xLx+~kArx1!Hq7v`rC8578?_8 z=Xez});+1xJ@LUfx|`9mI)=8SxmSSkomSg5S1d#8dhla|w)g8R!R8rTzDU2={ny*Q zPUZ`vS8L>VR`Q39c|4*Cxx&rN0IyFZlp^%`e8mXPp7j; z@Rukf-!HWe(Bx( z0ao`1b5YxvGB$%Q&GN1HHmUs^V)Uy=Pc(dct1X}_ zATJ=hh*^Hb_R;k8^eKhp)o&epKUueD#hwh`@AKgFg=GO<&P7K!8MT_~5>`>ozswo4 zQ(H`Ax1}79JMbm>_k-q;SA;L&hvMy6CF<^5kjhbsD`(X<%N*SCXM0#!wrfj7xk`7@ zk~Kopru8K~lY4`d#)j6c(5ip?__LC@Hfz8|(|dn(S#>^RVpVt8$+7Kr)f1%FTA6c= za{rwX`7~CMzzP=KUKdNFd0OXJH)S&d4!u)25cPSBX3A#qx|5eEVI%{#7~A}k9Lv1$Ni_+_C4ZPWV+?bX?+g&D3j~HY*Eud&wY1)67!1j zayUg}SEys0S=qbf*AYVxBNL3+g;rov)tp%Pt8r= zVx(+6{O6lt3OeW><~ZNqx@#bCqpEY8zFgHA5v}i`x0U;wBkc)wBoghmi}LpN7Pqn! zrv>L$%|H6FN8uG=@(QcWGu(zA>J> zsj?lD^n7#%iCr%Ai!_v5OYf6m$gsXGd29S@-?_~Xj*p8=uRYYDRQmY15ZaihDZRTUBoDO-Mi$$m}$w8)}zRSY}fvMN1LWrxjj!T6gs&#;+Ur^!9I_z7#181 zB%`d5e1~2vSa!&HAYpGTu{8VM*4C3GD}h$8L+6n3mR`Nn8G>;)#66#3UnYv(r`~S6 z`SK>QRkyNcqV9FRp7z`dwWbvl%k6HFnqOZ?*{O6{?!n8M`dQ8?&RuWw`=c|`rybO_ zM7wD(v(DE@A9gRF@fIv6#rbDywj3|Id-6q5z&!%mB)5E^py^HcAI1+YwYYSPHOr9` z7iLz9!cw$1Xn<{OV58&cXy7=d78iZ@yp5ydlv|pti`c~R&kO>3UXv&;Ue|Wr%{1-3 zZPfB44LbvY-S;0ygp|b{_-tvZH<0@C{fl7ln2!dZ2biC=7(=C{pPgRMpW3dyE5xBw zUP8P^>sxA1)!m)i0oPe6Ejg`TSF{Eudd1V8MVRd!?bOt9i%uocV6wyB zUHf)_7TCFaSNP*ox~Ft?2fLah!@otPMKgUmKftL|iEXC38wLj@%^^3)z;TV5VnDqC zW696wHqrWfcS*|I?hdh4OMj~VSz+ej_RsVxLERG@KS%GI2_M+Xs!`b+xzAa^qd(o+ znX@VLjVYzb|D<&pvi7m+4s2kONu*xuSf8u<#piaxL!_lz6k{~#6Okk5RSup)ltmi@ z{7zINp>RpfzC(g?|Zlv`ap4oT$ z-&m%9F7x_UPtiP|iLK-wcAe5(aD>6ZxB0WgGtwFfctVPqyc0lnYdR}2Ne&Qx*k5?- zq1+sHN?C*H5i(H0(Mq87;W$yc~ipcj}vxUt9)TQNBF##&!oHzog;(yjjy)_zQTZ2V~K zca>lcPkEofSUK&#hvGunr2IUE*vgVo)<+r|>%G2k}#I z+zR9FAx6{&aaTAk++0!1-kV^Q5~&E$@Q4==G+KMVNst@R0- z1?8;)bArQ*)K6Nya_g4)emM^7XA}rL^qV2YJP-B16p&k1qqU~?o|~#CXD+uaFepG) z=|((MbcPma8(0MNnl-A)cgP33zd1b~{HssBTx(gZ&aw|j3vTb)wB_OA|4yDP=kJbq zbbIllzC}eFi#B&Xek$R=VU_sgam`Y5aTC!Je@ioox<*JCj`+20u^A&t~;{2 zE_&*VtBq^3?fFXqIm3Qium&% zEzB*x{QkOLEPbfp?drH&{a*vW{7xHMzP;%6sUNn9Iqya4GgGi-Dw8e(lYKE6I#(WP z%ijJk^{o3AC1=Fy1%%^u1IptjIn6z&EHW;qnhrqiTnv^tROn_eY++4jZ#C zap~*fS5D!NU-NqSm5_IJN7;6j6oc!FPs!d+dM^}f>Ah)m@uc_v0c1d%zihx8GGUWU zcmq6$y-B9qCDREYa8w2yfHibVZ%6mZ9+N#MTa8|qeF*R?*$)8g!xxbMD|D^?uw z|7@jW)r#8k@)}2b+GqEzb2x77>`MZKka!1#w|xJ~vdSL;InzcA&Bbu+|YoA}yz62SPJI7v8K- z;&0fKnCLeon^5sgcIMl-j%8;$^>_Gf&`#HLY#sX&^`+E$VxZ8SlaZoC3tr(>C{|Z6 zvkg50rSDx@#%L)drLpiCXUQwL3K*~zTn3+)V8p3o3W151LIWv;Q2CjeZ?o^o{*G>- z)p!?PC+QPtJ0`t}Z_ziX8vhOY5+8wUIrJHRgj=q|b?_Rh16Q4-*TA(7uR&z|vIYr# zYEBd!+A=nLjZph~Zc^q5gK-ETaa*E8jg_^>A3D_9`z@pV=!q%k$7hGG5!%yd1I1tz z+Ci#ygqN{$IePd|8{z3VzH7$y9N(Xn>^-@0vwjR$FI|rAx7`1uuUBF12j8q{%?|x` zNbQM&hHXA)jD2c8_ys4(&Vct@{w_yGF=*SU;t*v7t% z-;`~XHOM~T9)e!pWo|q7j%+*k0QWd|iaWx+f?m3XehhkOzV7A_3fzG#fV3m89n=86 zqZ2<20wQ#FOsPKw_N~NznToU{QSU+S7zD9N{;I?UhN64rkIGl0c7i={;3Vu%lR4%!9(g z(cZ`R?BXAQ5&DtsV6_3i=ypmUMz6`A3;nZvTUxY*6f0{3G-c z#rJW~Dqc~%r}$j)55*Ch-)mx)^UeG&{$c(oI);?)=1HWfN8U!j8j!cSUb?_p-^F

Ys1Z=&7aaX5@}F zqvwe4abj)ZpvYX1Ig0~%553c^1N4qqOrR)8ZyD(8d?fpf*VGD4LYwfAa7;KOTo67L zz7=Ye4ayzL2b4#Zr<9sclz&q~;O{};U%)%-JnJf#H0XDvH=J9rAInb1==ConeLsGl zFjHl$RV@}w3x)Z@@&KVa80=a?s{u`jiwSKV=mKFWIBHekqzuOOKqRF3RG$^}AFGU_ z0hYyrXiH%^oi$=~wW9SguQGkBGJ)3`5cpB0y{Ua+rlmr)nBeMQWvyzNunfcuAB&MK2UoQ)3p7de zMVj1dK3E`8FBblxGQBAn-O?;2aj_t!)>xyewiC2KrTv(=MBk4g91@fP;HN6R<99xGkOt1y6nO2^mVI8SFj~osjGX!v#?L@DrA@J*(kzk0vY!~fL z{k2H`np}ieA~$hP4k``=F+gWvpWBHP(clHTW~Au(_1987m${MMqjCi(2I(X?(}i=^C_Qh)|BjxAwqg|UGVVqsvW_n&W%43Qk^i~7+ zn3DY+_u7=~Bf)@C-xd)=3FFri=h}hQ8D`VK>V%@TgB{<7o6@TXUoZyew2e~AlmOUQ zK6?Mp+=z=AA8>2iGB$Fj&*f}g1D(`ABg5i9BmJL|X+0u4?T*0cWFzfXfX{cxxDjY% zdaV)7pHJoquOdBAk3e^o%pBHX(@`Alrq1v;2o`nn-G)^S3;MR7nUHy3)0z2kdz)rO z&fT%^^5Gp5BJ$pK>{VseYzW=|ciZl9XC51?9Fg^0+OXz~6ic?Udgy_1p?k)zZX9(b zDc5e*@J4)O%*@_H*X~&rbI!7o6RIahg`_^P0k0i(u=j+hkU->@Pf-F(_K&2G72I2Zh6$!i0q*{u>)xR88dZczHL+s&u>VteSjfA;Tp zc6|Fb`>xj^Hs2@jJeWFa#n=HK`$x8oojE^K8Fyyo@|3LY+)8Bm3-_e#G1)HJZWtRk z$mW{gL);eie)Z$(s;a8expU{vo=c{I%ZRJ0YSE%a6~wh*K?@9Uy6QR?c20J)eg`fx zA5B&q%gRown}zgAz=K7hXtJ_R;t7cCy zvA^oIPxEZh5zUESCp2d@A80f`Xf&kybn zdL7Z8(Ed5#toBi;D(?Dm34Wj@t2bY2zl-^EuN&G`y7MtV_S&f1qdTnY(7mdAU-uU> z^827mH~z=Yem3d8uS193I@?zLXR@;~NC)~Q1fZ|Dm_2*;IyAe9rg*lP@Y$thWu;|g z=6tq9n|+M1G)c=T?$|o?4DmfitPdb(-$U<%z5tELd!WC8>udBEbPe>kaD7KHr;BVW zIqw?zpu!|Di=3*I05k)4E+x~Y1lQsN0ZSw`mjKuDLKOj5bYyqf3$mN_D{vi@KM(LI z|Geyf%cd};1D#d9T_Y3AMg#y|#qBdvOq1C2j zefo+M;W-zED4DfPa2imMFEiAkZ<8pg{MjO#;}y%`9Nl>~$+60knB#E{kXI~;S(I5_ zo72Xh1lv20u3MpR z(YNal>7UWRtlxm%)nC?sr(cUELXrE(y~w!_?Pfg7ijxZ@kas)h7W4)f=aF)FMOJHQ zGT zPYvH1YK#rW9mWTY3yvC38Jo~s#*d8)t{EMsb*62mZN4q&ps6YTNz)6a^QKFttEQh! zO+NLWTRiuBKJIza^PJ~J&#ygy^jz)L>b1}7h}Sjm7IeaEXRlSLwwrFDup?SMEMBj- zD*I`*S~Uz+eYJWht$sl&HSw;GRX&H_bQR*WULSbzl|m62k}VWW^M!dZT5bneLnsc= zgtQPy^`K|M$Z8>YwTs>`jI5`Wd7}0S_Y(A#zTsx0%GlLv2PPLP1>H&E1&0`ajc8SR zh5H*-rpic*(E^spRY!t|^|D%2+R8{`nVgpB558T<%Z-ABYJtP3nkCHhBI%p&74Au) zQDp#%QP9_@1c4bfrG<$Ot>bp2g*6;%ix#v2Cr&sH+3iKL?G&-iQz>yr!>(@)OSv7# zBQ3*LnQCNhY2mu;vo;;yxuhl{B6H*Uq;L=Jcy5v|`a2=5Cdblz-TtnSTysZT^9B2r zNbM?QHSRCSF$*;(W?F{X4GSUUuu(Y;p+SOdx#m*NlMaKi--_kP(Hb4v&b3uTKrx(3 zXse!aDC9$0h7l+6ufC5}tCTwRrE(?Jr) zSR9#wda@FygS6@u%U-j!U3VDt16D7)#AIe%BPq)bKDB?4g{!^8)^Xk8r584LSqN-! zEd-u&TL^TQw;G-DH0aG;)(9J%YlICquMuWmi`GE&lK9B>wnMe4DrI&J(lrdQ>jjEr z1nNDIMQ5}akjq3BJ;W6I;NqEh`d9Ebbh!aK#?OB+TBQ~K`NsIslZwYCH#ih2I#?d)vI0DD({Wnhv;-6 zH}g4JPkO)nIoU}Ge@U9BLWPO*loyc_74|;Ju3-0gZ$O8=pFw9_`WVu*pwKg@73s|_ z(sc%jn7^9X&!DGK2l|twsUHFUnltDGWd>1~*@FCUc9Kv|5-Gxe!s+-Mx{g-iow#1o z9cU}QipYkNuh7q6Uxg0JU(qtW2H$`;_e#7HuZC+4UMcB1xazUk8E8UF@XRD!*cFJT z5cE2P7g$~HPCBuUu}9f|;5v2}`w9L6u+8jAZD%+S;|}k7S2wB3iM;Af;Ca-qtLc9d z-3`byXxvd$2nKKwIf}-KJg3k^fD4O7ABs}P6>ryOy9E?h&8554HXyPmfnapayAD-U zEtm_v(Itx(ka?Rbx)4si=2pD#ecgM7xy9UW{*M0$`ZM?8fKxK=7tCuEE>)6VoWHwy z1X*?=3m|)u*Dh)R-_?nW-9Q2pm5(A(Qw|F3JBa-n721nLeIIhiAduH3p4TL_76sKH zOIPDxbr0B8`Bk}9xdZ{L0a3IT`LCd+)(KsPFlJHi1p~lpNBIC3Wl4It3j-9RN(gV5#@H*9c81#CjPOH}vf1r4%4Jx(fkog%iTPW%uu>Lcw zZ*uEbi@LJ_ZASESg%)%PExdw01-5kf_h2b8h-m z^ds?Y!NfxAp~id$Jy@qE1L9^0I-8M~fZl-`@oPxbucO!8G}*k~h#T?uXdU~xypCN* zbtx3ZC0h|GV_RW-QB}1SEvSM)%_-V{ejkRsa|x)T0MLyl!)a3e0hXo}WfY~Vcc2fDIRV_nA{W1M<;rE%!(4iR zrrH!*J*>oQxk+!Xc3#6o%wJ9IWy||6UsmD;Jj*~)&+1`I<>0T0UglLj>|rVb0l3Uc zlmE?564oPNpYme7~cVWfE(y-8g6 zOZrI{c0ZzQ;7b`^Hm~)1*Zf}GgY>;3+`jL8hfdHBaa4d!uCkg5{ChN9@blKlbRIKHACQ=MGHp z*90D$uph!XI4<(h3H!b8PdYMi&@Qq_+khKzGh8jWLDEfd?ZI2ndi*rBIve28llEjc z#hlcgKq1nX&28vAbFI%#)a29V^N^2{N!4-49fbbv;Zyz9hnt=;;%$V@pf`A#CLCw40 z9`fAA{D@%#OFxMi7S^(BhCF7qt+nxT#h-5^mHi<5MAjgCS>7OPlO2?8M~}+(1DxYjO9`k`G$~dp#4%NsxXp7e0pI%I zSw^!>;Kx7kL8SM+0ktQouK-1Luag5f|$`{=qP8~@{y+j`$){Va3- zxxle)+pV7r3o)!r>o@pJOTQ4VE(0k4IJNj(V5X(b^2FuEH-aiwHr#Rchi?b%TvGFH z=y%N{+F#4q)9^XRj@naJnAET;&#-rNU53qfWW%)(ZgqxrU6{!xocUZEIhwZ{uMT?m za};>Ml`CSJ3APd)1X!vC@0F6r=aT-yg%SNv6jTOG2Pspjwu#PY5zI+-ivI)NHuZS7 zt0taAJ2CkZ?mOB~`#bs;-XDL5p4xi+6NIn^`fBUoT94OAdM#W~lj&SpiSED@Jv3<1JcyKVT1g`@g!uegt z2j&B1KhC^m?7)rr3X`*vg9>c_J%AvK+I}sn$zptD6YBhwpV8)`MmsTIUsWqsyi;0 zrub_V?0*0m;6~}(=SH@=QT(S{?MnL>_PKo(_?!2-{q|Evu0v;@6fR;v;LDJu|4&?d z%Pvdn^3Sl$toOiO!_o=0S*acY)K**yt0j7#{g*S3V`O|*An1#x;!>KR=a>% z&G1#ss*C&vW@Q||05DY=<0$17jN>A8@|2}#Oq9JUVRYC;z-BpCfL=qaGct-R@BxCn zD8v2md4jbPa9%EXwn`)oZYMwi;j|(ACqiv=5@_f^?TlwRUZT-NPCbDmhYr<5{=lY0 zPThw5{g=GT4n2o7OFn>CPUMm+?Bi%ZI>oNWM}5V`Yj?fOg}o*_D`O?~jtk@0EHQ3r zG_7B|c8hUKYwP;8jqUBtja$HB+zrUuwQE1VapOkg4dUB)qZN1oYrL_u@kZlAm*#(T z>Cy*VjJsNQuK#H1M}KeL(70vOrjKrHY23VN!@`Bljo$)a;}=Ah2sIK>W9t^COZ8v= zv0+p5w#}RW^5eGVt(!M3Uc90CJK$^nipUb7W+H0bvd#G87I56S@#Br3;QntwOMe3` z`4Rfo#%AbSZG(h1OK#HPCZh^6XI%%E`*$!fPF+-5TDqXL6cs#d{-iFUNiC zd(HPxWUG`y_)*653PJcz2Jj@=PbIX-z~?C$FGMR|1;R4o^Q@dOiFlJtP;7%scu1xY zwh#nbh1X@D$;iIv$FRe1o!>UUgMLr?z2JA=?~BQ5j0fC0CTsm{LA;U%~5r@D_;L@#@mJ2q6z@A7Wvt__@qB_+fdJ!IR-ik0A zh1wIL-Zgw|3>Draqi5WV-b5XpNIr5{tQ;RR<-5YDKZTTQ`0PB+~?)KLS zrY9inqzT_1mjleer%i1GBk zDgX$dB)^O>lSqz1B#;>HMZL&Z0(>tQYaNnU5$?Du##AB&Af^q(=1j2*C*ZE=aqnHMPX#k4K>02!5R49D| z_#(U$F~W!ZNan1X&VPD15j~kQWt2>t2eKH*r07*Oa}{u)D-okbI<3S{ygFDP(jQW*pDlONqZTJSbr&3=dL{ZYYAGT!&!hW7hE?tjw%oPRwcU4LkJO2rRW zMXPiTa!#j}mWh_t9HKrf<~sKGCX_%9v2AmDyf zKxA@UW|!UP8M=4~HHPJsbLA=+~kD46P4)QFgO_ z6)v&^x>G-k{zPqY$`}=XhFb&viq@fh0Y?H(1dtCG-ol^YtzA~HiC*Et&IY`v{UG2- z+?N5>+8Y6@0yhTk2|OIw5%_B0`+-*iuLnM>SrN29t|jOb_3N(nEa-;(f_YxXJtXI# z_wteqS8;L<6()X!FpnSOxzjRyUBP{%;GR-&o7qoU?yQ1)M8SP6=Z^6N{$0+IUMr+4qV|ilYjL;&sJg#W(V&`ETUk$}a|Owh|g?*?5C`Yx!}!n`88Dx*X8kTPk|zK5({QoMjE zt7Zig{>|4P6vGp+KoT^67|0sJ_rgstQWY5d%WOFLZ zE9X_tBctn9G=KhTuoup+tgJkZ{!I0}Kco3zz}f_^`C%(idXwA16}P?TT7s*2}f@b0fuVt=%oP<62@hIyt5nrwzxZNdpRga`Diu&xfF`7BAT@z54kTN~SE=@k z-o|F2Eu&k^i9RprFRP5A*$-4|N#RJY6)GCfD$%-3x3phY3BvB<;ksndefwe|Lk(Sc`WTWex;nM3vn{1KEJT57kglGUEGw8X^(3b)lvoYL^O z41*zMxv!;RO@_ggR+H1#!iVGtV{s#MBqc;66x5`Tbc`RNQ>E67vb3axD1{VmBr=&p zuuz86W5Fv&xVDB4asn|cTxrgN&~v&F;oeP55(QhYn$1Y1e$jab)IulFc{h7wF znZ~gaf9HyC4ahW8{xxVBUWQk|wGuCr^m4dX;Z5NGC=GEd4WSu1DQnO=+cw)l+mp73 zpfz#o18}zwqFwZ*^Pu$dc@W)C{qCois2`O4w*Y*JN{D)Q7i>Fvh5Ell?fLWP&zU!G zUdg<9&b;i@n_Sonw)3`yr_fo{xw>`)t_RT#`c0qsUEh;#`ek$p{B8g&kEmc_>8t2rR8>{_BPy+O zcAJlN=|sPZK1SeO^&_#XF4?Zy_$3NYrD~DFOQ|y48XA-;ulYiV5UCX@i-icYpLV_* z6zNV%h`*n9na0g$2?@gC0-eq!yvyAQT!D3l8={WXEEFu>65&3#NEZ{nZeXbp64agM z^av0!F?9!oFlRXTAxe>~1E|x7?Cw;$o1;i`0BKEtJ%Y@t2c-*~#5#cdCFe01sXRmX zhCU@}%0d_qAfss?alR)CK7v#(^DxqOb*cf95Z|Ms?@`R@+KK4#6m#dgtctbBh0c|% zUF3|UvNC$8g=m$nM|6`1K`TT`#cs5C@#2LG>6x0MwXhL657}I}Sfnh*GcV(HoO|)- z>uQXx>rHFdtZ6m2Zrr$b&HA>s#`Ue>Fzy0m&6+iru3x{t{yOnpe|;nH0=EA8_Vw4- zKX7sJhZirt-)h{sar@d2mwouR#^&{{8#a7+y>mbGw6A(OYi&N{+(iz|SC2 zcc5q7^f`1H{2cf)st?{0yg&Hy;FH1Uf-eSt9n2O#&hAB(RSl@B9RZxXo*2p5?nZ1! zE*^k$8{l0*q@E?;;=22|MCUe2j6m50Ty=8c6q!5T0pNMrfO9foqf9tQCYU!8RM#fc z2_W#43^)L5=#(bsDHS@w8>pXXP$2=7Af34cg#OQ=yMgdD8ut_`d`e^~d`dFoV4#K; zSUY8i_lszvTL`FdL9x^GPwZ3dcX$=s#(s>iun@v`xRnLZ1;y06lkqia(s(lltREMKu;5% zon*WxnO$x;b;4LK1wwiWB~$Lx68dBCYJ01FH!sfCI1f7|7;&$`Tj{Z+qxK5eUNLa0o8CfIC87;9JnEA#e107CnoOqhpeOKZJizqlpwdaw*au5N`et zf=Kn3{312}J@ypcD=!I-ORR>?i6DBKDVt$ z-)?ttGcMj)=PImtk3C5^DSWxwe~vn!tMRE-PXuI@dU7o_fY-X=JP|aDzZvF)MZw?;lzp58LNk4onikaJB|u%Ei0cjEk@p!m8VnpHG3Cw9y2w&RHT&RLblTsV9}hyI)FE@{!^@Xu=h(I zTf#m?`@>eFzaf6vN@G)WHYZp~-ly0UTGaUc373RZ!>}x(Y+7Yvgb=vLC1k8iG0}p#e3~%`dA_a6PiP zn^nlN0?nu=XSvT>K}|iObmFU>oU5JCWhmzu3TLiDL+i;gD5A(1m#KHdsdE%S2>Ed| zO5{J{#3Az?WcSjN*|UqfC}`|!(4s|)901Os58U)wxGtdcpg*9n;yj&5JVp0Y(&JC5 z{s0<1!te;d8vFt3kn{-`M)Y}fh5FZEVyivc^4V~o)HCv&gz6UR2x>SZAFH1-gUj@D z82Hju#;%{z%w$@R^Gw6w8XdB%4jJKN3ePPV(_e z!(`ez&M*x_svD4H4W?{4T#dgL*itMV2EHMMu_riIGiD|7QXJxHqKVJ=Ac*wPKoY=W z62NyPfG;5c_5uVz*pet)AOujFP6Ehhla4+Y&R;~1R(&cPz8bON>ku2tPk*4WuwcfF z8PmZkm@&OzMnS>W!h*sX#93G{efsnQYw!%aMKT2hP)_0iK9IFoW(3XH3EIr*X9)oq-`!lnpJs=Ofy z9a2x3$*r=do|8Kg9aYLHGmwR6UX_<7p*D|;fozU1Gl-j#=xE@W8EmF6uz^gQnkfVa zur*Amet>DCGG|2}iv_p(rl!i`k{k}@ltRRqI?iEBMD-qy8N+7s%szR84rNPh88RJZ zo55W5{c0Q1@yp_{rJroSDOD*iH82j3i-l}zbjMpvPGa>QkBbG5qFJ)X&?p(rDafLN zlVRt=E{1&__G8%U@Ye7T<@>^y#~%ql5q>uOi2Q@_D{=E-KvPSGGc^E~#eRkabbspf z-A{U)XL~biEy0-{=W&wbmDI!>i9!&dbn)WPQLiL&DsFG2oh;fKyH)=pHkqu3gy*pp z++zEjs5d;16ZMy|#lX&lCUT|-ap6I-9I<#YU6K&3#jVl`1wA@av^L#z2;_PfhGwki zl#f4n|IBxtAUKL~3^!x^Who!*muk_;@X$liMr-OLFJr{y*iHT-?JCcq)W-9{xTC?2 z15(?@>TzlVU(7fxyaH$D5Q)PcDoe*B$1u?R1qh1AsH5>DI8#l6OJY6FylO85EL;tI zx^e!88c#g>sCsLYPBg@l9|knVC>w9xDa?;s7P5 z&|oZwSBX+({AFjQ(v!pk;c_yes~_+5q={Ij665Y!ei>mA8J0^Z36D%rXs}%5HI;A* zLFvt5g&Z5OMypbpx&>A*-5)S=z^TyjrH=G8OHKrh>W>~jScS(?r+Fe{;O zaH(x}48`+(ktINs*uMW&ro;N9f^)P*tH^N@N}Oi>HUK+P{WZX6#vEe_S8=CuqUT5@ zu0bqu^TZN-dyeQV!fA03p1i|ubQVwI3&oQcpAI}69t-3d-c;O5cppzF5Y9*GdZ6^l ztLT&0z>_bZ10;VA3my>0Eea(qNp8i7Kqb__lj2QVQx9b?$Hx;qRHR-RNWB7Qe=|le zG(>A%@iH$XfVk-QZc-c6wFmGoVw-+GevmP5hv4jm@#Fr5HXHP zjTXhm>y_PZ0NS>U638UGQr6+%HLjai$@=I#FeF#ChIwELuSkM22j$fgu3>5%ya$BL zD?0)4fXr;;F?L)epo_1IMe{EJF4A^|Y6{w8+an1e))m_gf=b?3s2iZux4jp|VmTrf zDaul>8zLVeQo2NTMc@`7)tnQNV!d)j;=Ix&Wsy#BrJKBs6XWhq?$lDaHp$uUx`kNj z7MzGvJ8z~l05J&XT^{arn3CY?1$eJ+x!vW_^aO5xT)zyYkfWf@T5%{^Pih|~6-6#q zlpZRcd!>y(Nt=m6mDWpa`gyDo8<_GI1+G)zbx2r_RP{&@TY{b#XQ}i+!$6Z$!p&`p zfwU<|Wn6|-V7b~S2yZ0{u0s}gL)OZ3!Csob5Of_`IVXBKvafWqtaL(`A#5Wk@8VRj z4j>}9bcCp@(TGlT_|g#z^Y2H)MJ_NR{$==$@Kq5TBlbinANy+I1fftSCRt=qFuEu8y2YIY&0@uh~aJ@*=J7f7(+wBFfa~Z~T`?|lj z^Q%G~S-J()YJua@P~6pMd$GI*TO6%b27RC9$8!_MHyDalHLpyyWIbRP`YcOBy437+ zLF<>+=2&G3wQ{xVa#K$q@#Xm%JXM#O@vfSL6VKbjO9VX9YRNic7kaNd9{R|I@DIFY z+fJl5w`LmCcn+s^o3-u?aP5?{sbh6UMffTymkwA5oE8)h_*e(5+VFA4L)X$tChxDk ze3CcZKK^xChLLd2KKVsPSRu`;vFY&-EL-I@rf`&E{VJV(hg;5nKy&_^*ytVCE`8Tz zgq+_~E4og9r6h%6fLIv5JbqFuLv5BYIgYa^d^^rsJTZ#Pu|efM;*G^(X0aD@j+X0s zuG*5JXOHVL^&GNf8o1_*nOZJQM*wlAPO)pDz>VdF6LIj~P17Iq#JIE``X2D+k)=Ae z1w%6tZSXsuV+rFs92S9t6!83sQeZxAx~_+p@&E&bHvl>bT+Nt^tLV0m^t6bp8Fq1N z2;^UhvWB}9muevoEe+2xTXX`y^+a2BO1+NfYDavOle%pvWO{ny#nzl~opZCuAbuI0 z><6T_nmN>(9q#Fx{uj8lAC;!o4+E(ap;z}?Mh0^jS&iez>cTwu~+s_$Sd*5+oWI;i50`F19`LP^7qB7!|yT zQNj246Z|ti$UYNEwhfadke4HOAYADFCn8a=a$(}1+T3-k3sZAXhEzujQ-__8TL=P2an1O^)U({7%(Q6r)skh4{4RbZzuxEg zGt?1SIZ-j5ad9aIBBXY| z9z{ss15HcpN2nY~tKGx-up9LO`HQksvId$>Xr}vL8;t5o9&J#pR@9>gR2#K6rWLQit#m)mGK#fIu8k6X zE&CAIwe+y;r^))NumZ1Qol=B*Ib3U5!ts-g*9yXQnO1m#EUs)$83t$**VbzlF!?ppu;(QW;EXRZ7C z_jTv`_w^puzn3`Izn3`IzmIqR1+{bi`&k!Cb{{oGZ9r{s(S6jf$jGK@vcp>XBpTou z^f%dBRCY#MqkYS@_57iz+M8CCI`ulVx|`nO!Vbpob=&9m9{EDxpRw!kak`25Sk#%Q ztLVD44UFjb(chphw&ROP)R)jjH~lSIjoU%5##N8d7Xi~v}TXt>+P0__~gW z^m7#doEvr$ufr#)W7I#W&sFYuAl;z&T_3T&AEIZt@2M+Cy`0;Co%ym3i8=KkKF3ze z4zmZ*N_G|c4(I&|wX>Viadrc8KjUq)OE9RXL$&^i-sVWt@iCU&@|>&Jk@7jT#T5?v zZEu;s(|c%;Qmy)JCxPt1ZQL~)0N?e4`!UC9-mS-t9Q)hSV*}g@SLyd`!lJL(K^t8+ zrXc0xMF{tAG)BQ~<7821)GgATFyC?)aOiXJ%w9sR>v`aAdL%+&sLV%+X4k+{mCTfw#{dG2a zy>we!T{rp-H?uQuEC5bGj>t()en)Rt7PalOzOR;Ve-Qx1ZV7hufNlGSJIg}iA?qSn zzV4Soo%3sP642x3g?~Zayw3kyzsuI_M1Rs=*FU2>CJTt_dpjQI?1*3a}%=BXXh!+&f}1s z=OjDNSGG$>J~v56KD*9YZt6S^`D?dhkzGeVOQ$AZ{#rWnS@QgvyVcp!t`nZSrl_W- z+mX*V9~J#8M?Oml>^v&knb2Dt_&?v8$I@TY}6d~=WI8Y1_09X^&~oXfJ3#)qbn3 z(KYCH=pN7=)t%D4rTbWSP3O?B({Ixs)IX_zL4RIJa2fUAZpYndo`(y8G z-VXCR^EUHA^ONQm%+Bg{@fYjZH{EQvKRo>p|Jd}p3;QhrkotYoK^vM&=KjCwc!R6v zpUm|>TYUEWJnnPS=bX<)pRav>^jYoO>buYPi0=vCv%Vkre(8I|ca`5pzde43{W|>K zfkOEY`-+eaA$vj|4LK3=s^9y5SNyK~t?+O0Z}&gs|BV03{_px<_W#bmHlQh>E#RSm zV*zIZE(ClU@NGa%U_;=Jzy|`420HKb%U{09|JBy;RNz~I9|v9wbOfyn+7@&$=*gfL zg3bqB3c4EfQ&7ESi)Fv%af>sOPyY|o=?viV|6v+VTFzN6TE4dYXjyG-weGVXv7WG= zwSHjz(t5+X%C^zA$9CA(VSCl~zU_+bx@|>pOK^Meq2OnNUk-jZ_;T=f!L{}#yTX=I zw(Gf-8vni>e^~}r%Ega}E2Y%UN+HB`z>@QqWiNK|d$EhatD3Q*D~0-L{rk0ve(quZ zzqm27&Hj-6nEj0Xf?X0i8}dO2`Xb~;$g0qdp?g9PhjxU%8v1_dmC);G8V zb6HPXevIX8(kiA%?_8w3)k2}POn60FsEp;@Rv_KhA8%fPyw&ofD}e5ctle+nR@xPS zYY9{GIqX`6Jxq0^6tdeACnaexR{qi@TJ2$n!k!6xIqcmqXMMf&dsg|6KIr1F`7W$B zyeYgb{Gsq;;b+1xgnt_TZFo&YL&S~VH5vL;FiugF zBU$TGURqCId*`hwSxnYqXp9e?nvIC2Y0xy-ayC|KEA;Qpj(MIkK{^yB%i26yvY{=OGW_vdArjo z=VDusSD-xIpx4WX1R8o9wFWQ$P!4XzpR;=SVx1oIX*cdRlQR zR$Jtj6jMM7a3sMcIuGK40mtx&9e8r_lI#Yw3zB*oEwPQy%+#mr)55*=MHapH(#T}} zcBBu`mnKI>-j;gzZK;zVL8Z^pb&)rap#^=0_Mz|5ljsaOgle(DFz7If9?xm?lkJ8+ zCQrS^9<5et^jd5-_0gw?83Mx0dQBS|8m*2VW$HD`^gdejHM-|f`m7q5OW-yFV4dUYQ5EXHHq!?5|oE4M*8mMmP z2uT-gP=SaCIDocEiw$IY++fy-0vu$q4mb>IBf+pms{^+|!$E91HHgrxawq-?m6ZGg z?LdZMNAZF?WBE*_Z!CY8UYj(CSNib^tuojWs}J>s2G3XF7pWI~!}~xb)%I2z?BTpt zX&9*&c&$&$?Z%NKeU;#?^$GR$6?luU(V!f}hxYL|_!^W3(NS_3)#G*O_9yT&=y^2Z z8}t=Cpv*^6=Hhm6zm3*IA)2)oCk&f4eR$=&X!fv`^pEEUp|l;L?Ma1G1giSpxp?UnWg z#rNFfZ!)EZOfuu)CU{`zZnBIx%TSLVMSc4&Hq3U`OuON)NbYpFkm647XV59M_&cbf zhQ)^UIO{3A1sNVkiwpzHdjA=yRV&f>nfDHT8I8Yd4|d5LwxDy!FnstfH0$oaqSv6n zgpMB)8rp=$Z$Y7cGiuFW!cUBDu!g;m zuqZ!b$TwWD;!OOad`o)5qTN1N-?B6O%xErb7;#$Cd$kacZJ!N0eXV|PM5eBOXZR`S zpS&4oYFtPs#ybB#onm?x!5d>Y0bvt{hJ`hw30qNEm`TTW{u+4x4diP04Ku?$JxzUB zw;z7?9se~*Y(<7ApjkSOE+ba_-=k=Sa8_;%mkQ9ztwn%tK!E9Whww+J$gmb|LLrGP z`MHcNST;_U4lr1@9s#-u0j4*w;_p9(n~bJDMx#+?>ddX>uH4$?%q^3cTUMG|N-?)g zVs2SUZdu)OD~IG(j+9%jMW@b%C>OTiPV(RO+b7KF{U>yL;c$H)edw&hsy>pIzzV`T%Z5zYjz^%(|*0*Ug>+)FqRu!sJL7D2 z-D;i~XDE#`L5wp`j5CzP8R`~iBZ;$7ic{l^z=d>TE6^HLhlY+XO*)E(7StkBcoOUW z85t|pLoeMhs3bWHWeJ{k=(TuFGxYXM*IS?)qW830_1^Rw2T!Zs)AfY|TqzdAhe)=l z^RBkL?n=tZ&Apo2E1rSkACU#c#C&FC{hsfK0$;z;^kKceXg7E?dG|ec7%&jq9d;(c zpm9D!o%1eSNGCR6j%QZyI~Md=iDb2%3E1gMz{k#PT_k2}*b5|E2Z`CbNX*u-=dTfu z&TRcFNz`AZ*!9k+Tu3K|e?f7#R5x|^-4w^MZi->pZt8zL7W(&;`!esppz^z`n^{Ok zKo_5-Hoa?V5g=nZISgCmGMS7MhXGD6ClB=G5&KKo*!5AMn;uTLe8kKm$t$e!& z^$YpeLppmVcM)V=iFOtaK;4TM45u)6>xbctgX^9xT{48`X}6ShxtU)o>)me}iFYif znLI?!74^;8=APA%^}qO7Z+(|HC)1fz)Fvp!2|z3iMP)KpE+a+D$twCenIHp*j59Ob z^B2Rglp`m*DR>1@CNCJVi;MzNv#gAl5fvsNoev6RVce*X7+_rP9|oh>Z^M8Di82v%ajR zdt*YBOb~Q#PJbAH3uNz(3c?*A1BXeVB%MqrupR<|L#1Mhz%n?kN{i~)cJ>p zld(7et>(5MOOWNZaH9K{-R6Nk^XJaJZSLIIxz@k|0|yT9z#e$ufB^%-W5WmBHu<(t zjb`rX+rq>3=(hYI%M?&kr%*L_H43s&GLg6~Uvm2Qb*ZkMqr2p3)us{qnsYN+hpao6 zwPMSNeVYq6Hs^+#rk!|q%Hys2J59O!juq~Cw=m(o+_C0y%gtG}ty#4bH0kxZCSOhJ z`|*3+;KQa|`Lc#S9f8%)Bynk;051#)Stf62 zHiOlWfjjsPTQ3@wF5#_spGcn)aG+;au-r z>YGJVUAV6$cZGNEbS^c+6VkLdF?&R9j&uh(-PHX#E{hV+9zAfN2tmT#XWW5_~lJG}gk56ut-{kFtkG=-p zBA(uIA?f71`jCbPjZ)AM)2Qmu^z#>zPHfHHw>p2hS&X_5}pP$aC)9HMDeRVny z1I2WHypJ{{&d=93qK`)Fmtwd3`vm|N8>i!IKnkERCB!Zw z_K<*-kbvz!%St0qW?0{~{L({s`^%JdTTk|j$Qro`H#{p*)%mlOvE zk!WOnwAv7hW$AQlNPyK6q=rb-M$u5C0|K%&sjH9_S4c=eKtM=}o$v>aGEcWctO0{Z zfgU?}R8A(vKyO5YN$eJo0>%K~j17q^!S2d?k#z-fO<@}dSch8B9`q-)U()wH zK@YC0r(4780b5XycB1>x24p2i&h3F~Z2{HQ44qIwT||rL-_!)FFlOeL@No zCX6nOACrB@lsl#r#uGT;ASx~{o*6Q`xVRb>7sgkk!uWeeRRVuXN=S-!c40i(CBGc5 z&VBd9b;lHKVLbSQ20J9ow6N>J(^XYfl~q;ssHzFl+=OZ#wJm+ri24rp`23k{Z zZ*M;+B)(o=aRC8(e}8|SzkfhNa)PL)B!Nm6K>}%>gCylZOL&!1P%4ysq~M|UfH(c* z^73-N+@susFISX%K)0$KdRM&S?tr`Ro-kfD>F&GlR%<-8+PlknomLYNp!NU;4+US& z^B(aaBy=i8V!1~=9}ke9CjLKHr~)#%APJN2$t5WvG-Xv{m8w$-y{i%vdsoQ?UZGa= z0!vbOr%t)o z9PDk?Pb0X|Wa!t=?CCjmf!W~YX<{I}xeNMP4TiNdNiZO9fIz(ao0$a=oPp%m0x{dx zA!b2;vw;aVTMZ0Bi9g2WF=??zN~?$^ny;)3u9i3zSqW0iN+hnY`ouyuIV0 z_?tYvyga=;LB)gH96u!92b7-(yobaO88Re3+FhA@yDNWVRFp9)GLk?e#V8@l7#R>H zBGf067?B=@d($Muvuu34g;*}N7sZ3=Jlkt0dKlnt`gg@06pAN*9fr$y2POJ~Z4^61 zHbbb*X0X9!G?`eP$p{LFwqQe!!44`^1hyOlWRXFm?xr+a>8MlcQ1?-HuB2+!ebs&X z^i}J$-IPwR*XhZcGIePCYW1B;+h5zaZ-1>IuKtDd(c$5II9!5KNxH7k$pm*8eLr4x2`W( z_vuRlgpkY-TtHf&%7Gwc^T4!$X-fvCIS@f4M+*Yav_P{eA~4LXqBvpgHg(`Ww?(QT zQN3NaO4V9Kegbn8UVoyV^f>)?VGUhdSp(SoHBc7!!7J3#hT4F&4PKCKl5U6VK4i04 zY`k1$v>BsKHX~S8&^9AQjkQL#%SfJpS&dGHT9dlPL_D{ty;@D`R*H*Awr8u_tH`*1 z{Y;~=9+<7h?Td|a)%qpI44ZMWkp{RM;3kuLvorKgK+^#1`dUQdvl+=r zeFcAcg0>y`V851H*;bGwk#)SCzi15h%{i7li zz+oH!2-MfbEiEmPEyOpnCEl1230P!H-^iB8ECamC<|P>W$M=m`;Jsj7RCHuQOw59o zgvi*KXoDdtaviWm))G-76Gr@A(G2GWt?&h;R*8=b%eJ&1~Oy3DaRNQQ;VBmqCMiGqdnkF z;h~1cls2b8i;nV`=t16iaUzJG=rM8PL=RUL>r@Jxoj*MN`4&S?Yg76i0fs_z)6@}b zLW?Hsn!dcnkexLuw6QKbB(A|WT!^$^cr^3mRP^8ilHkIhRP|y>jGAtwk>LsT{BoJ-_sc2kO+EW1eP{2sEfV%rR!&KrBD0j(S zOjbYKcOpRsPR4zy0lcpZ55#zQAR$rmJuFy?spBXC_aBP!z@fAh56r;8u9(_i^rwd4 zOBC(7@gY*M77|()-}LAHhpLR56>^ zb)>!R5gJ$3k@f=CMC;~ESymqyr<=13TwslOy)N9)(NrBRfOY)RFz!$%X9yl|9x&eW z7o;%rDIIAik5q-9y~|olICmePyg~=AUA4+2&&#TvrxxBna6Vo0)Lcf>e$7D?15^NqY<*$xqs|)J0Qa8%6Cj9K!T_lR* zsh8Hu7MN2XO?^#i$O);I((71O&-qUwY4YMzj)SErsERs!f@=|`h$$_I%sCplZII8X8!F*9^WE>5Qr0K{2xEFo})||Zxx0amZX(l&1 z-b3qw6)LO%$isUn#%>C>4IdF4V~mN8wg-odNKOt7i5US-V;{hvt*z3pHxfM}1TMlx z>}X?52;d>>O*>8NjY%Q*X?L4;0~SK84AXAyJZ+^Ow4qENV@!@tvbR(kOyD+!hJ}n6 z8515}X;=^95#eE4ZD>dx(yvFx5lJB-?Z~v)NN@<8gdaj;F-DJ!F?#BN91WB;NDpQ$ zGOQs|`ZaE5Erq+0N$&;BAQa-MOO8nb=p>K;a9FBqLc%hj#9}ezmzP^CFzmAh4jeRS z;Glt^ES9^0bO$ixTP*j0G7YCN>z?vKS%f+upV(S+83#Qp9(s)mt(Gk6LWfb%>tP)3 z0liigWN?I}Yy?27s)5d(TBW*O8dD4dGi+E`8mQDXNtsB?8si*Z*h1`dzGyCm_0m_$ z4Q^j5*CRuyAvAlWsO|uB#~sf0I24JC1Bx(3R9KiI3@)C`i;})9(859$;}j%iQ6dN% zr+@*VVs1KQM`=ZQ`AP(4AsNY#h1<@**bJbS{} zkc0`n4o`?l9zJq(UP$_w5W}bt!yVI?*JXUVKR4lxz6Z_OM_!$|!Wc8?bawNWU9~UW zL7ArglA^$OCHT{?V36&ZKh|4$!k}_xq&l{Azs7fnLfglBbP#KITM%H zRsDVc_?BhS1l|G8QR(C0KEe)fj+uI=oeaiW`!0qU#e`1{ zNf=|lvS-A#^Ml4+3`vykMh*fr`C}j}03T8FV@T5*9*@5FRKZ9ZoC@wQyCrf79+eJZ znE*LQk?1A(bth$1C-UNy7>bbFdW?l^qS!>ZQmGGpnwL(o;=dO0Q?7l8YF^# zUIm0!KrH_tKZ{HI>+kWi==1ft`dqL9MiRu|KLE5py+j3`S%kqbz|Yb@-_K&qlJsyF z23nsxFpK#2&nGr%L7*)ZRR{s`bow-Ap$SGLOHE6cE{%`v)ho6aX?;yIOiS-JJ%~(& zpk@_PwX_+T$j?2%iVm+LhungSj);tmh$O9O-lFjb(R6Yu>vXCXH9%MAAhg)fu~vB} zk;#dqIIS*8uhVEWQz|PflQfk{Ixw2bUX{AUUcD+cy?S}{x+nOad+wg7oeZxXy+N0h zWHjDWsWBN1!NGc6FW}boiUvuIF6o|1orcWAB#NNdJ>Yqd<{n~cWNBtusvyfW%QBoM z)gPcDO_m``RVU9gCx8ne7{#DP-#0zt=Q*!D~)Q&XSfcU(|KRo00^iaD=?>j8hq&M?kyce-E34w0YxJxrGKf{~~IzQDs zTurR};hOx}=KOR}cMy;c#Mx$`@DT|qX;G15#zhTFNluQAiWxU(P}ZW|OE z6BQNJw15BpaWVVHfj_{kl$c>DF$bR7KOpA#(@*b@dHU&TPgnajHa4vrHmJ{l=$%cL z#-`X_F%$1hiHmF6pAr)v*UQf@HfHbsaRXvvj%_8ufP75Muwf~84(qkQ58z}b;UHZ1 zyXF-R!1XkW-;eGb7Sn4`%7B<&6er9neb}ebZr8$V7v+~CssPb~q9Ce30zz$)N+3Yt zRGtL*B#SCQw3JR|CVAr9Q53zzQz7~sbO;A%%O<;uY7S+a}jez+QtM5kDOvTKZ1v4yBK@mQ) zW(qTB`uY2&r&|I7X4V8+d;`&|r(81qwvq>pWwk zrpt*F8&Qw|41+Dcf;P$$0Z?=jiS=j$w3){svqe4mN!lMGos=yA>&d3rHW*lJL=o-K z)b53AA8MEM9=Hx5==DTFN(??eK6)P?MOoHqnA2!QI`xZ@CyUEOVOJ=hJM_rkpoM*t*Y)) z*s2|dC#hwt8a5R|8T9ejS-Ok4x3R)M!ulF?L*1W$6jfpKqLwaP7_|_t@Q8@;h;UF* z)1nsM6$J?<)nkUZnQ7sA6h-bEEYzh}qX^|&ZBv%lRAjww)70rIGMBYy1Q;wA8gKv0 zgnstahVV~~&&BQVsr|Z6w<5Ry-|9YU9r^iFVca&u>`c97q|gWM3U02SJ>7R+#wsQE z^f>vWfL`?qJ<9k#$cU%`1EQl6!C@Q-2n4re!-fq}8;Ebzh6H0`6kt&s`bBMs8n)O7&$=qnI3S^4 z&ij6TEqodXXU(|9UON63`s4*eYxFG=?jg8HX8yZ2;KVW%o zK#9hv0g3&hC`K5_0<5?+0&RhbZm|$>2vR6BGe_l};uE6NtRZZZ!Q9aB>d6%g>=9`; zk2Rr|Q-?ksvN9n$KFvBz(Bx#!Xdk@S5D?zbK4Mk4y)R+$_%?Hy?ewaI=+=r8;Ad%T z_=H;?4&or7-Ik^Ma7eTI+X-=C0cTmw;KjVkC?6>B&^3cg0mdZA7gL%-qM2O2)XOAa z3m0Lr3xu*krIj}VrBS33lH`>27Kp8t=c{CbMv*7z`Dt+Fstk%;upv-+sGtBFLXtx) zc|ssC8DuIw;f2e@o5=1W668QIN??Vo0z=qHWMZOJltycjt18kc^4?^zLoWgN*?hz+ui2wQr6K8)?q*D##c~{4=OMY7AB5$Br2@cI;TZ8iit<6ep=5 z0`#1m!--Xx#|GtmWxTZD6@PCcsNN!ozZcYQsR4ePw!iQ;@g@tJW>fFg;wGsGaaAHF z94E%8)E-)$R%^A!>-09OK@X$k+_`h-YUk?b>a}y@=IS8{bG31C>bS}F$&)ADt-E*f z=EC@TG6<0+?j#Y!fqSxcGND?;PDE1g?3BJay+NlC z5Jv3e1F%WkHu9G zmQCZQd^xQ=J0Pj}!0zG^elrW+8?)lwEy?F!e|+EC$AI`;(JOv4r@VjRg?Cy5hWd>N zAYiCpqB(%)Jq6xq3{sf|legd{+$N+6-a?QHD1o5Kw5|`3B0NP$kzF z3dGD%8Kw(*5RZhQ!UeN1QwS^+47`bYn|uX7n$|RBkjh{17r?7pj4A+Jeu7*t*OT-v zrYTJmNVGmei;6eR5saP5m6GQpNGUZ2s?rI@Yf0JyRifuoK~Idzu#|+Rmz)xjKuABY zClXZHM*#6iz(}Nkx_LQ63=K-QTC#>)ZPwu7Nl790;NiWK?7>#6btQD)h#ns7yZ~$m zLPGEnx=&>-3MST_hft-N{MvOnszyl(wkAMoQMo-NczAYb=yJjq78*kKEVPo)5`u%< z&^j7!aBy}s_y&{T?2tb)cK(KE8(h0k>{^r^9G#R998Iy{p;VTj57G1Wa9%)eW(&nPAHg-Tfw^OfAfP z^jzphzkxPDD8)u8clix`qlwT#9xsx#z+kdoi>9ErljC=kW2|IKy9-~Run(k5#GpmMDbC(i8x<5t7jvhC59LX#of=9a1H0Um61>wn5iF&Bk zg{d=%Oqq&uREStISr_x5TMtCb!>(4VR1{N-1a*o^r6QY%U6wMGa8OJo5>)+6CX>-f zXCg$)81CHIWi*Kd6Dt-YKG?_DE7TNX59wv>6&o8G5|)w@9@YyS#=d}rgoG@B4q;d$ z@eON?HTDVvEUYm(tTAlpe9w9F=2i4Ero<+P&hwqOCOjgnS7hY8#$I7jkrAGr;bCil zFRYr#5}`06YK-k=Y>WlR+O_M~Hm(H)o#3^|yAky=hNbjM4x<=hm{Br|s4=rPBeIj| zu5nb&T1q}8T*?ig=Tk_>R8Sb{I<`V960|r8Q&ZHBXbdKaT%e2kPrAFP-<{(|7mh9j z60t^)3o}?HhN6B`CQ6*xSWGd(XDkLpa>Fax%iG)A)7zW$V|;@8P?eaJ-6tg{33ML< zLW$kGcT#V%U#w43N}r@DeWvF0Nlp=UN{S0hPEJY6nVJl~Q;8KD8|(b0rdB#%DCkRih7XaerMKK=-!Z|)~*(>SPBl|$Sq9~VeR$P5z>Wb|fldtZ&?~b+gi;AZGWm=G*4}ams7hV{Y9RJrx z)~_9ERc8dLhX$x84_9X>)d9l^BH?`!B^5?MI^?657oE))Ew4D|?7o+`Nbv5m_aZzT zb#a3lrcgkKkj`R=mORBds{tKJ(Q=KAai?Aqyc+QVfyM}nDJU=~!U!W|OOQ1o!DfvB z2Mn-mRv7J6tXZ?hx`y~#*Mu7*tbke9#97x^Q_Fql%$YMg!k7>qXPFZ;XSprd8ezB3 zSrcJ}caX2I&AJ@;tn-O15wa3dV|auS>I%G@R@SXtvl0~j@3H?H6k)U`M8sJsMi^|t zAr_~Gk=Kk6OYp29&>@x}$+lU7LEGphYVaEa*G$XM5X%VQu#ORR@E8|1$~q=!)`(HW ze+0GR?O=v1@>VFie)d4NL3(;Z|JZZtJgN%k%_%OPS6r+qhOXE>lcta!*}QS{inHcz zMf2_gHQ_F*imMS&w!*7)UhoXtY{B9{g1s3DmfEh@1i=E-;5@-TO|a()!MTEcju4zr zD8XY0Vp%9ymLb7fDg?9PwuJ&QO9-?t79=M%b_z+5A#5nHf&oN{4D#BERK(Gq-EpCDY`LC zO)F>W0HUW3hyx$W*R_#UaIfUTZQ$vL9t~g4*ezlpMsgYtydeD4>f1TZEj~o+jXS?Y zi;ljGBFn4|-g8N}u6b2@zmZn{^QW%teIV1&>{pr5zcyHjM}IbZ z|H{(Z+|*%{zIs#lwXQx~7`}DG_`SBw+Vp*Y9;Nw+KjCP3>Zx(7N5{r4n*3HHf4e+n z#xPxZ4L_xUZ-0ZPV{1$wl^s&HNj2icX-G;4^hO@7F%yRKmbB9mbFlxECjKuk#SGaV zp7ttltx2`5896!&?#*7U&^2wc1h3*7)(trP8euNO@)SoM;ZEoLJN?d2I9Ka`vBqr2 z;YUauAZg!wiob;I!RwuoDhsyk3n8@#thw{8PGn~cq?G7QtL`gGm87I5Ya-g{SSQ`o@5wM0TL=C)L<$d~$YE88CI3LyQJM|+;LL4* ze`uKX-2H7?#vMnV&q!&yzhQ)N$79cD$oh?|5NzddweDXz?4fG=$OUhB>OLQL)?WA8 z#HsB8kw>}4zF%aI9b6ar6!%EqFD7+{&qMge2EunamugV0Nyog>PXfcem|OKDE)IvP_WJQ zI)LGIuFYc3H-WZUOw}>-y=^h^qwPa7x34;7d5jyo>izl}RZgGhGB$8y z>n;F3fW-GfbnPh9IlVO{D`Q$_M(xEAJx;349C7I!A@-@ufIP?&Jj+hXS2Y^!gyW-- zk48XpYFk#1Y7~(nATZJ}*2i{xX5(o4$kWEdD<&N_*lX*=a5JUbdV$)To?ZQVvIWnr-7xxt`h8#!V`t%pfSWCSN|x9Ly^?yCC;g zaWLu>9=|w;=*wHaD(J|x&+N+}18dT8hDC$N2c3(A@s(RFhfOM2t;sSH< z%&@ZAv%_Z3_MaVQ4}l>YS;q*wGi>&-ux%)8JgAA|shVAb!pMKE!BULwP;Rh{s2;sX zI21XyI$1WXA++PbXzqgPVCqiRER+V1J%EcmE{1fhZQ-8OA9ifQy$Q=1Jc+;1F{0YH zCdY7b=z-C)gocQ>t4Hop=3B-bz?&VWmzjN2WQhz3Q=X$gNUS*Hl%Xe(5J67%uObKi zQ!E>)U1k{4cXeth1lG9{HrvsK5b4U!7kjj8(Ju5S(7TYKBfR;tvrl%k`BiJrUy1gp@^UM3d*v6+ z>P3;+C3*Sfz2bTm&dw{G23T?LqS<3d<;09BziUQi(a_?I8D+C$=7|jXRlV-5Oo*K} zy@vw@x+*e>oSc+I?8H6^aZFr18FBVzoU_cy3B8&4#Q5HTB*w+XGjRzC$w`TfCGOV( z{!ggN@`~Iti-oBuEvfiD;`@WC+uknn_Rg-HmOnecciiBT;?k1J*?B`|SCkdzmlOXt zisZNNzwf;v!%iG{ee$&fgBUdzJ9}=PBpoZ+{khobc~z35P_oBr@09{hx;HL1&n5J< zWKSeQQl2Ak(dLf3gyKM`w4_|5%PxpEX1LhA!eY^(kcdn{7om#6QjyH3N`d=!ONk^e zOqAsROahgXt?VNahmaeUIF*Ye;%Z3qY>B9nOKINRCHlOQX(C;_QxclpEqRi>PC61% zmE&H2AG!DX!_4oe{;m37oOb#%j^LJet?&oKa9*KYD(H;91WNmDfCxZh@2x09UAgyP;l+ZUoFGY%0}J?{ zyD91e;^p1Nzj2AXv))R4Zg=s2{wDEx-NX-|-z2`EySU-Eh*!pU7q|Z=@r3T;gMO2E zVt4U}f0KA}ck#dc>*AccqAYiIc~QxXdn+po^SlPnn?8JMVL{H=oV&7T=FY6lnHx82 z-YBDsX$AyamRnI+GMi0G?4u~3KYQA}g?Xm5JClm;x;G{`|kL{=NQRMOo+T@Yd>= z+yD5)!w|ihIjT zD$AzP4!^TfxjICgIo9$lVK#7RHGA<0g^6cW!=JIcYGV z>-)d(nE0ucg++NID~q{5_>;;lDv~kmANWam+&i84-#a@OUQ+TubfJ<}6jl`FEB?^g zsU|Ob$}$o%l>bAgRZgFLx$uWhq=qI^q>jifRsNw9>yei~J-4!`B8zlQRDbBCn%t8b zJ1c+wyppm!k3V#4>Mw@aZ+2zz)cmr3(hcO~R#fDd%~t=RbKCw)Nq6SH<`13w=Dfo4 zX(jMl@0UAcMtMI-cyW2Z^1=oAT85GR=U?%NSHU=7T3KN!8F%Ua&`*~uD6A;g|LPi9g{mZKktsIGxMiajL5IZ zjV;g5Et^&_h7MYWjk#l_=N~$g__>AUV=8hh^1c4h$y8Mq(o~WR_5MSrR9#NW!x&l! zvhvJ-=(Kv0&TA1=k$&X`CG*BsR+N+#<`(&2B>Us0**7n@ykKfcZdso5t(uWrHfwA_ zesR9JMe}+xzbQ%1*1YD$e2Kn7Osuw4UMMe-=gYYY zjGkJ@R(PSGHnL?wQWEf2kFyninn%kO+Y2#%_I_o#kJIPi3ARjf_}~qP*;41$HuTMR zY>|@`t3~Xdl~vq`fyzJ zeY&|`-NSh4nI40F`O_ZBuO94~{A!Qn*LL(w{-8(l*@t>2f7b(9( z1Y7FkA-`~fEzoiD7k5BGkjo#hVe@?+m+!yA=J{NaH(q0NeH486r^avWF<1DFKlMo7 zbhJnEzIS^dn*u+Y?!A1P{=>fN<;n8hi8B7ttwu(!VEFsqVpD>;g&{24(o@jF+Mdbl zdMs?hx}Gwe6V~_iFjdNBbGYZHV`2S^%A0+8`PL*PJn^%Fq*%EBD4WnN#lF2Zl!yJL z)V8-`A zb4R$BxJ%sk+!on#`8N5Z@-y;}-)RB= z|E>Pb_y643Y17MpEskH=|IsHQq4WKp*e99n|BH+3^WXRX@1aQjHFe+rn*n8kcy`}k zN4d?;-6A<9g|jQ9el3}8?NI`m`ny-wyJjRj`Ww0&|GZ_FL#g_xSoUEaWFOx+G7a4uk}DxDnBdcKFPyPv;QBHFCJs({ScZ(!FtW3(G5WiwYOeeR71?J>_HpK=bIfvA zSs{!ib9&tEL&XL!U6fw!@eum}8h)IsL-nYt8g+2bai`Gne?8iX{AIy%eu3A0C~G^n z@ENoWarL-}9%gwG>6_5&XdlY@5q*zdK#w4kehXsiaajv`8--nmd<IdK`_qg4Q86^f5F_ zHcO@V;uKg=ddsnZHQM{p@N(xjJ9YRA^dUm()tG_7B+FnHam;GON!c-YxFuL?o|4$R z4^x>GIb<)&>D&L#395a_CJ)Sy8)X{fJrSw&imClWlj(ixy#{3&#`)fd#N#^e)<+Z! z%xXpr=$=fIK7Kb6qGpG!MjgoPfM;tL;VtYy(uD1)m z>J0x8qpDE|8=5^zhP&NE`f%50M{TGE%|+^6$h}B>GjP7+mUa1-wI9kY=OBBEXh}~W zPQE_okb{Q{s1ETzg9+~OytD0FpI<0?8RAy?UnqLmV#UFnOs?PsrOHFC(UKpfnmoO{ z%|5<<{sDnO?y-HgdCD7fKU>$vC8Ka!#lO(D`1PDd8pN-p(t!pXU{M^3XXE4IxcK<| zJ}3bv6re=Zn@jH7r;kTUUf*f)@qLpLr{~6@z8rDzeWxY%&dci?C*?xZX<|twI*W3r<`)e>(CLGR z%KU;xZqS{ECQcqmH-JM&lBI}fkQ;upL2k_KEq#;z#&V>?LZ_+jEhvNp&nU|+)=H}o z^Yg1J$bNQ?tYUlRmF3Q(H$OGMVqSj!>{43R+5G%`MgHvEsYUsD^8C4kT}#FC^7HPU zO5TFyvgx@+<@qwY2}VA>un6+UcSe3mVQH+Cb9CdDbGnI}QC65In^9I$St__vgbVXj zG-FFkiXf@HGm~XBd*u|Cb4B^nD|iCP1Jj6wp|qsDkhJDZG_l%RX_N~YaQGlwgNt|UkDM?RahDn&BLqWm%ig;VFtOLHN2%6aEqs>*Wn3Mk`~pl&FnuN6GX^T|g_VnC|$eAiP~mKQ)( zp@p9#YiTM1rWKY=E6N8#;evcsc`<}tK+A-@d`=~B%gQU}7v;<7#tN#;H9pRf`gyZLGX z4SiTR0n`Ek=lNv+f(z*FHSAIFSpIBocE zZtuIc_R7vyQaAYoc0M|4RKuZ3cect>o7CBqxawP%AYSYmM8b#I`5tn;f>7T-@+&3* z?nBYzE9O?O9h5!!WwCJb&c^Ik2H%9-^EgdAaz! zUA|_Q#7!wtpIf@&U;h&7pNzVvFQJ(KH$Py)|6&q_m~^B;@h z=FeyTV?p0)t2XmT+;sb&D{MXOmHp4<=`FUnGQY5;^gkB4d&5+G`BW5XnDkwm$Xm|P zxr_d@??=6fXn-@~F=T6A9*w$uXl{9hbJG2$&*&LUU+Vox(|y9jJzn3 zqJ6wCjHR8@ z42DZ*WK~SBNw%jMtxw`aM*B3w4JPf#S4^(hwXb6S!F21{XEDrQnbEZ8x{pbLntPm) z1v0ku`4)yxLregJKzzRd6A!)0i%d{&f26*P4gji{&`CBw6bHSGl?V@Jw0_9ulQ5Ck z9KL|crTt*wG7c%liZT}YGE53e9|7afi8zCdiW*rQ#7q%Kq30N( zAM=QFIGI+J?_k(ZS;b|RS&X=|tmoiZWkmI>DkLjBEzWZAP}DicO4SA;b7F z%-zgz(nsIOaDGfG>0P%mOb`RbSFrXyMka>{ zp_9EI$=eyj;@%7%iox9=4JRiIiDdN^bx5he*JNZgnN3Cx>EdXTOu~mVidK|9$u^_x z8zg&*6vrhD8pJTqF#H7Q*D!K9!W$VT4NaS5BLnTvxe>uI{5-~R3CKFh*2<2e!^8U! zNN(8F?!nPUas5GSzh4lU7w& zgOeuN?$k0&JjVrM_0zaldHz$F&!eNV31b+=I+FD-GTMU-yB-ox$6`k?hK#VunXSm{ z?sS$t%HY2Vv5&RMQ7NH**RT#EUFI32sgIHXS;FjkJOe5nRcL%f?nE4Co zFDkAxOd=^(TAR$o)bmhurcAPB!{|B_G4)6>gNdAE8zM`F@pd4~6f?}<z{#&jD-tzxd?9wyM--zh5<$H%$5?b0Ht-(07*InRG%$Mt-`8oNy5`*Y7n!EsY0 z|A{@H`owl(--8rnw>|y_n6;L{hQ}M#{Z}5e{upn z|0lWkf6ssXUDR)^|Mpv+|LCfpuJa!Ydal$kL=n{+Jy#&;If=H)ttw*aOhj(8TUAtK zN+AvDx%pA7mHhwQb4$U`l>BeeQt;CGlJdQ7EroWmB(%EcHcjW8n4IWV)pfZNajaYG zse4Six0l`P|L39oof-6dsQ=XWA6<|5?5ck4{KurEo4@}^{_pvZzl-`!TMn9E6z19KA=nEQO5**2EZ%1_R>>z+^BQJiP!Ag|HGE5Nj}jH#SgTmNf_lgSV#{ ztBfXW4lgvCc0XOShBW4)=H3b!6ZH@B>`$hd_qEe@1(fi0Fn~L`>{}q zW&X!1^_RViN@hTMg&pWW57;uUnuplnIy?Bw~NJ{-0rubi-e}H#bXPDzq@apZYiZf93z_@n2$m0-gU!`tSEYzl-{9^?(02 z|I6q9E`pF|2zKs zUDR*=3g`;MF)F04zcP~70tw=6* z`Y026#{xNKYJ9w=h$hPEBTJ4=j*U~4l*f{(C0TB9UUHI&N|#m6CR?kWjA~clBow*y z&C2wm%JKpwNK0J0q}Zg`xR|~PG4%fuh0{8>XRDzgCZ;4O#q~*!k56V5q>xXWUM|`B zaOvjWR{5*G3+Y%j`#v665)|BEeJG(3@vf54Q$%CQ(WN9SSL7}ir8piqxu zL$nWoQ?F(PHXMF)fRs{72YZ)>But^!iI1L^2o5`y z6Z4R86K26E36q7`tcw#XoQO;!vK|;pqK07apgSQ5xP7(v1*A!1#UHej_&w-zQ;KqO zlGTFf2al>tO?U^51s**-6PXGE;qK>jdlb#%d0$WLEb_;q8I7oXkfs_JS&)5%X0y&+S>%F(8_#xER(4o!t5Zt7i~p%y@P_R591&!l-+kwrOc78tF`jA1f>7l zKwoR+;-RP~NJZYL7aa*kn>Epp7;gx6Ex)Ac4L*8f8u8N`ZG;j`x%H4C3V6t!N=9{O z-b2Z!wUv_P9QC9195Puh)p+cz{>`WfRiji|YiE#$@2Tc-UvF)2njgsxw?^nC{2;bw z&C8lc=BXXVs(B5X_v^uCzl$UB~NcP8>}ZW3F4(y zY1v?zLSO?}y?Ad>HQ-?>Mv?G0W2v-;M2Un82#>{of{>vQj)jc&5ZhK# zk;O#3gT?{RIIu($if?1ZOeQy~h16owIKz!YB@`QQIn+;1suD6%4@n9IRs~Hy3q|rx z>@$QlR-+-Tp6zeIM%loHGN?ymm00OP&aV)ZN@&bHcr}400eb*<{}93j!Vf~~ekN70 z@&e+=DnJD87AurIlo~lt8VH3+ffe9S&0QWOBa~Q1+B@t8&p+S-mU+o8V9txXDKp$M z3gU2ctw;1p%Mw^0b%+NibG~gv4k(gXBC&!Bp4TjrJ!#(BJqT|>_&jMcus4JV=B7B^ zil@L<={&+ZoG+7Fx|-kKs#$t&=@`UzkJ_1gPSuRYR3qjvf=3ln`6#*{`8|i9 zLh$4tLkG}fXg@ik!9Cw2@m%b8yO!L5iar(@sRv!(y?Hnjg44O)Qg^zVM&8ZVVP9-x z4QwE^h8B1ivrAZxzN6)AHtWkCKpRl7F^IK#u!^Om5iz>rl(QvvP^8z)qutniuwPf$Vu&e8g1>nhHJyD zj#L~^l85kmC;doxMMqv7d-2)Yyiq)j!5DFbk8blm;1d(7o-MR!U%XUMd zmjjInmO*==euie-GBrkq18F*k_bNUj(vw~St9z10rLED-b zlFMPD7!G z#CoYc*sy=GEwRzSHLUBYLWl+_T#iyXYD*WTi}6yIG=wCbM0kX>D-Q$}eeQr5A#Yfb zm%4c>!--*lQi|O*NB3G*lMYO9kAG;bsorGbj;L*XC zt8jPr_DIonE8>tA8A-K<_}#V>|BKlNHFPh6X9o=+jBlmR3(F4gftBT&vh0Vm>>KOs zEu+E#ZyJ@+RA)b&TLgG}RtVrtSs{ki03&Q!dCdY8#t9QPkdk-jggXI>r4R}sDT{l- zhb28d(*5J;xE<0+2li|`8odi?!fe>6N)w>dD3cj$5S|G4od%5n7RTrYJWkJHzl3ge z3|!Fn3I{uzwP<)Y;`gZZT^}Dyg`|=~Qs@5oOqk3^kmm=N##LY3-`2DkK~WP6HR+sU zZ_=ClpR~Yo?2|2XFZH2p17badU>e!l<4L5yA51)A?-Yn*h~5S>=TPAXN6LH4_?o#o@7mSig)p5uLSf)eA zW2Pg{gJm2#4~h{Vo?{$9LyQGHfF?)G6f*@pa-`}g4T)kMaU=kp2gh_w(P8As(P5_t z32zEv)^T#=fB;C86eE#Ccn(O$;|`sf#71c_I+KgJMf5Rr3GJ89CZikLh+N9Dw~*$; zP8yLOO`QveM&!3b)VHbt7t6Prwu$F73X zwNlZk9P!mB&JJRi8`MhD*oz?4n?Y?=>QqtmW88>rB;TMxP zOx`em+_+E1-RbsLrL|F1u7tWfSXL_9?#!Ljmz~lzD18@-&V)e%9UjwRZ%?z- zuR^R@;rT!6f~E0~ zqPi|KVHv)H-~aq|(Icq0%5*2=0XgX;nF*#}SH9|Yp!pBht+4ukrdwCO?e@N!QRWxo zxp@8seLZ1b9_&vghNje7{a>V^fb6zQ((S-Nf=qi!nhq)4T%=b)Fa@0~7q~c1PWytS z9xCYMxl_?;Bgu!VCe)6a*+I9gWKg`T@jzKWc&E?B<5?JeZo;>Vg56?_FsGh*-2joN{a?c7!PHW^lHd(+YFs=GLaW5bydx@3#Ju| zy26V}K`-k$9O2U|z*F5Ph7CycGj zN^PVh=X8*YHL|P^dz)5&>k5~N1Mn}VhBho7?5}j5wXVK%9{#29SSLc1TNM`jb(Cts zx9r$ax>Q|p1{OP}=gEXnw|SKRN#iIL1UKfM3c{xUkG-n_j-$Ho_ukvx+q={0?sO79 zVat|I5;h>j?(N>)o-r6-tNWM;~KKiOJXDfop}uj`)yTktb&|QyX4+vH8Q@+`9X6_g-HxWKa2jJH+4c`TCd@yTOQy^l?9 z(NFttqyL~S9IeMD5JD`<(o#4BZ?YdXR5(f7sJCW29Z?{*FnP=TSx6@&Sh8ka8c}Q( zVp0l&y(Cds`WCZUs}BFA$?`JM?wS^oFJoiudC7UmyAQ6=si+oz1u;<UXm&IDtSvb+&kCqQmBB0Xm+XOUeKYAK5;a0W~0?5s`L^JDB`y|a&YuCAcf;exA! z!%;@`G=7;7F8mMKB#4I7CN&Pxe4|OIGim z2k0!(vt@ub%a5u2E_flIU5p)h5#gp`gnx(*qc@PSnbs&%>3f;RR%Dh3FspM^AoT zt0Q>LeMeAZB~o-)k%-lF7lCEqMVsBb>$kAB694zlVJ3>u?nR9QmDBi_?>OsjuK9(#>6p zyV+COJY|%VX@Teq1jtOPI#Un4-rt@-&HpQARth#TlX+;2lIIaWj^YQ=G91C3u>Mj) zJ;B!FMKCkh;cJfISJAkWP1VSQxHUD2k0LJ<=lcA_)8b*R&l}WPj$Es<2Kd&1zEU_1 zY3Lf5qg#Qcf$W=0PS=$9HjHL$($o->>kz}tOaGsfgZm08d6FaKmp)r==Aczw7- z_1)i{{LxeevQ=DEwrXQn4waF zt=y}K@e($pmC(fZ~~ib1Wawz z*bi1gc3cnl(BKuQK~poNt2I(!UbOFNJP<0iEZzCkKvc5SR4dJM2)Exmj#$%Gk8=5D zS8y$)D@nQZFyem8fUbV}2THpH%F-QWFP545ss1~P&%Z({C+>+@3yc86TwsD9v#;1U zx|UO6keBtIIwrs|HK=T@&k2U;giK#qG`MEEw^4e%Y;LXcn$R9@Y^0M6Y`irSG=+Sm z!NH zP$kb>4Y$x5SWd-*WHDY$5>VF*1DC?tCurNc`z|E!Fkdufsih(pKPOugCw%-Ty!9AxRuQdBZjoPFc-_!nqKr66xqtvq@p^zf!dKM4+}BfqVy z>0Oi#j;13&yZ<+PR-6rvzCYR>8U4eG?xRQF|C2Ri|8!b@FgUzj`dsg5`di&{;ldU9EM zd}FO*`@gf^=0R~W@hW?~15jlysP2$wjZ*VOI-9ky*)K@J@t z70;t3r!Z+c1#9vt>~1`TJqu1b1^p$BK^&=O>>CcHc%fv{u@%2Ogj%~?j)(dh^2$0p z^D%$;6fQI#s^oo*qzm~|m@3G1y<^BvN>zKQTGT1a7f??7foIfydS?hXYLukK&Jez^Us&P|eFNOv5 zh}7&$tcU*;*(kt8O1!&u46(>l{->U!K*C%7CX#n^9)gz||1+|UqIHQ4tP8BXul)q} z^FF=>b^(rWp$}nL+?HoBSxLdSIRGw2Dhf7!)zmRFjp%XQqW}E}``OYL(iy>8fptn`S9D^#)MlMC`%i}QiSs8 zH7AISQH5$1EQlp-5*}J)fdgDgpUzPrD+PkH%LWcIAKgfe;9p@Fs^i#dUJDdvk7G9T zW$Ei&YTJFZBtE$F1PH3+HlU4c7xKCiKp- zkIfm&hs_Blx0M4Z7sJe!#Oap6*xFKDZA|)i5ONT8nKMy{zq*Czx3=D5skM~L$%f1C z((hTiAAN*)W>VKxkoRuN-!Acd9ku9p_BKHlU#2tELb8PC@2%>3ep_(3jV(<+@?EqE zyS_n>6{f~osr(Jn6DLk2#|mW{fFnn1xm!ZaKs`n6 z)4P^H@&_HM$;!OuT;RXmN3{cdnBU-N*cOjFYc;Lk^MTp8ye^`#X(ip{s*+L+-*&U< z8-cI4EH%p-gV{UD3FO~x^^-m1RmA+DkZXR8+IdLZ;_d3)PG=~y~mKyakM6!J&CSd0yXbr#aTJnLw6gUKHU=uKzMQr2 zhH&X3o<&XJ!v$T@=Wh6Qt~1iibJF9|os1_l_p)o3-jsx%c4PRO_OAQaA3}$)+1Bko z8w$?!_QK{r*z>T!G#*71;>hA*(mjD!QfCi#GJ~y_QP%rm8-%3HxQXtU24&dHwMzqVfpb6djRUW6{=D#>)-aKS`OOG0=CkhZZ+ZDZ@(#-%+p~w@ zwBxyTMR0!}Hb}66sna!+1e>PW6KDvgVa?$ef_nU!lS_-)yY6Wy;ngj2>E#dJP%(M=4=cM}6-!i94Y1EjDC>zuQ<7t5^Q zFXY+v>z-b)yC|Jq1%ED1QvKY4P1SYWvefX~A`|Adr7`!o5Wj$*rEeDeDe<#1mwRS! zo-`)~ZY3F8yc@JnAC7-oyrL8xpVTGF4BTZ-R=^QmSn&VImq|4|mE>%+E3BBZeo1CD zQj=KR2BTP0_(b#fSYjy2+=Q2CoNeTs8pHbf+|AkguxxyGNr7S+(uxLQt z>H~xtcn0)g#0CQ)PQ%X1N3%Y!m=6Ckj~WWAs5 z9gInfRtt>3I%XRu3JgJn^Qw+km7p6Nc`Y=&=-Ag9emgk9%@W((csSa>Sd-3{#>Z@& zZS6Vqce|&I5`@gK4{AB$n zufPA=^e@!u+u_pPaP|3hSHCcDbbMgtFIj&pKC0ZcHh&UUpDyqvF%BH*5!~r~vE`U~ zj=&edX9VVJv9A`lz{EvIP=h}Li&G6ImodRa1oLZY3f?a4oqx{|pIrwKh5X%l^!sqp z;lpRc;RCS$e=u$5i+eP>8CUF1p^_VO>(#60!PcpIZWQ*-!Ht5$8&fgDuh>YQgA)aZ z;%qL1_#246sHtqba4r&XWze*mq6!)q+{VmSWNE(W{UC>FtSXtZ`}CRJ(`R;0pV`kG z7VLh0(cMYIVZr|Cw+9nvcK#HuzP~t*+@|!D25=mjo6@ zfs!fjV~MGQ*W7m!RqBcWGgk!Il&s`j5$GI@51Y%YV|{n_rKJy8TIcyfp*Rch9`dbh zbw;h_B;3tWKB0`P{VklcEOEg6?bOpBH(>uFB%hd4ycr<*Ll+_W7a{rc1<9{E8h`dH zX_04Gk80mvbjt>ZouFfyQ@3A;g>PCm72Ly8x));5Sn+? zd&t1Nw>L4c`==h_u3H{j431%Xh|MW%Wks-ctW&8Jw#eZX_|M`0MXdTcVAV6TK&MAb zg41h1g}`)L9#R69zI(OZu8>vBTn!6nk07slCGpE%>YI33dZ{IHS{r^aa%1GB*2rmP z@rU2~x%N`)inF1wwO)5q=&vtd@yq?0XMZsIXD_uh{wy3xN8SmIzC1#K(2c*>MhD{W zM84J<`AOu_)QdN;rO`r?i^h@2(Bri^z<5|NyM8zyEIy9DhaTcDo3Fu9eH%1o75tP{ z5R}yl{a)V@_**_Tab#*rnL45>hZJSqvGIrRRF;p!)ztX%#}(xmBvYnVsjC!KW#h?$ zii`HWx7G#;w|Z{@9GqIA4U>DFc<`=shJ)wJfGnff8+UizUq$G5QR{>X=cM@pe!~lT zbkKJ=Oka@!ueTjyIzhHTb?>~=zc>L4U&#L+TXQ;xW&nP?o znq@(A zE_3@=Q2Z_A;yRU12}xe5Q<770nE2yZk_dDOBojHCL@}fgB`zVAQ?;0a;#^#g#kjaC z!I7#ezIaBFd;67iGTDz3DCtfnI;0LoLmJT_kCZ#5CE|Uu>+dIdX~k3QYtq8&SxcE6gL8{%fKF1Q!Rh8*yRy-8_l^mwQ=!3%!FL_tY*L!_(+t z@-%Yc>_N2Ag?;tfDDp?VmwX4gh*;}$p@zjZF4X8kk3wz`iJKK(`;>( zii%Ve7vr&xl-!{vJaMH%R^^U_NpgoQ$?Px|?~s+aHy-bZK}tC( zu|papl~$rR*$IPBN-4=WNkVC~MOvpKsfs2gv{)(;OKM7o(g{?trb3dC)|rqMHJ(yq zswAnZtOm8tR7_4lV`?!qCdX1J6-;%;Vw#qM!4K`M#uSK%EAdz?6;H%cs-`9(LQ`Re zP_$G^0|Hxir(`+VD@ndoJf4opN+PYL-MtA-Qu-xdUm_LPdQ)jl)6f?-o`NM$qiy*lqA~P;u#R(VG!6ougg{dg?g=;|91pGk7#wi|z4Eki^)YsB z(|m41n}U!fN>YW8fRG}ptdO{t zA@P(1Apt>y&`08#G>K;+E*pcOLWo01xRYv3>+6+Z-`vy?t@g7mqn-i8 zhXbCTK;WiXc6rZv(lXWhNYxRlZ)(x)VG z-yol+#E+QC?8pM0k*UdKD4DUdckr(4pa)KN?b>nAz!yn>Uq9Cmb0-Ih?(uEkKA7DO zt8w3sEZM$&54R&bc#n_%>+EIOg>A>3cV)kH->$)opT(tn@5yf8HTb0l$C;T%&m+Az zyKNv7wjG<-MHaVxz&IGp?$vYMlLew_;Q!eB79cr}D#6UE>d*9a*Ytceni-8gmfDgm zyT|?i2y9~;{Kc{?$p&n2Z*^66Pgy-(?XGUkj13FoXY<=d81Xe2fekDloAvSWF1uh3 zb1ZikdjT7F1Q#2`274^G$1NL#gF6m_^SzgqRbBlX2{5;DaZIbSGGAu>^1Xcd-piLy zolVs#nf0dD>9*N?f6=|mbUzsGe~lEU5g2LI8DSC3$y8z_M{FR75K$!hoOF)j*&z=6 zQI}*e&(2Ogwm&e}AWk<&r+-msiE-W^chN?p{Hr* zzNaV_iR2!NfXfjZ4nk!hPKCu`L^{S?{clf7Y6judHhJ>iB25E!<}%#w1)wBqZn+fCxqb?*y@uWCw8_e$IO*<;` z4YSGYP&K1vVd4xK8qDwcRH#-mU=m3M%r+=wN<*{lK*IzkBQ-lR$oi7iP^^a4j$mTz ztH7EjdA8YIt1Yu-00-9pkBsh?!v=EsaOpY_F;V53xa6 z?Ccl;bK9%Fy3H1w?=O0z&T4`vAGDes_)f(F?J$f<+hlf-XEp=YI+S7{`CDryG;5#I z8WCP>^?(9m^YyQpr&$I6l6VDgJX-nQP%YY=Huqfr;U;x>uzn4M4D4!CszcVBv12{i2$)0lv?-EL}YY}(6tlYS2Zz2US( zEKGYj4^sf?Y`|O`!VFYQiL={)TJx5^0?2OHO`I!WqUzWyP1b=?u9?jkPrc__>rG_i zz>;A+c_lu?w!xclR#au3b;e*Q!U(ei9A~jUL{4~kjCJ*s1{`&3MYq;MUB_f}s3$FY zKe?CB%XwYHA+@%(Htpryx+xA>W45i;QM%ebQ1+0-;V=rAd5Rg^`bvXs zT8+(0$J*9c@&*it+8vPQ>{(ylt&cjeZuK4*aC82G+am4<;-`l=pkqymvqzqVnZk{w-%rLbTt6dK^Q5ZHN{IqI;II1*t-Hu}7UL0xy1%jLF zOgM*{_Hte)^dLZsK`fbu>YThe1&elYLvM5qrXsg8m{F+$`5X2t{Q@h_6S18`bUQ)^ ziZ0N=Ir?m0OUY4M`LB2%1wrKF^yhou{!(XdkQF8Hh){cSw*s?SECQj*7b1F$IlODP zryvc#LH<1bbNa9h^USCV6dWIl+&93^(B`-3Yl(FI&p@ux(xBw0LZDBUbkHQrMzvhh zQi|5F*<>}Rvud?iN~bfSS~XLGsX#%KX@J{JLuP}S&6*V#=am{{kg+Wc0z9m_6>D1E z)VKAOdc59+8u_T3x6S*QcQKMO+tyd|gpD2)?YrJ3oQ=w6qY*G0AUXtjYDa);vUaNt z%xs@SP?;HvBVRM*n?C37{H&j=m4HvwxIg3rZgiaf%vA#&YmG zaHogq4<)YWdGHATQh*>*a4;! zZdf{>7AG23v(7<5A*4GeymGQ-0S!0!#k0P=_b8aw8h_I^%#s?L`Ffdv!xX0a$$3Y#TL+-X4 zlW=&W`jn|n!r_%SYPCr?d;~Z6lY9pyz4^A^J}C(9XO};A&xH_)Ec4`=J;vjKFeBL!mQb}S{gE~Jy2@mRMLP61Z_hz z0BCE5*|j5lo{5_V;|gvZN)3d}yBV#~m~->Yh`UM~DBNrlB-aITUO}2W=r6b(z3c&j zQJBVM{YAIc9v6(f312Za2yk02xfSY&M?|FFr0!wyAyD%{8X9i4Uoj}SXuDKN1L?|`U~D8_%LXjyTsY+u>Rq3+2~P} z7#>7n0NHpqXGAbQo8LjhlA;nSsa%g$IekaT9EnD+JQ`aV9sx+{Qy1|m9VkAsr+*A! zi>XB_y^Ve-`3r{HP#~zP$B3-LUo6HA6cR3mY&*D^I746kF}jr5a(H-zeuBu$SGk2i z2-Az!w;Cais1OH9H~WxGwXnX{;*$~2AX}rxL{HWS@sEX?6|<)4pyE1b52;Nqy@!Bh z!=R}vXvzv>veH^@Da}^56UD@1gJ>9PSup>?C60|~vI&}pFkR4A0Fm8_@zlLYYS|NZ z<&@d(bhSp*Hkge@aJU69FvDtgJ3+u@+iK@fYo+9K^aqM#kmR~8ohB5+OOe$60{}@J zlmM4YOV}a><=f7tzIxJ8O`ZPvAHmm4Z;{^4dr|e9AcGYm&Fn>yesWq?ZhkX8a0F!f zD_|1X)*RwN3~Q zv_4Mobq%Y^ zjH?IKE{?22i{0Q|2iG(XoTuJ>`pz-!97$u`Q{2^zaZeds?bth}oo^ZA(D|FVcN^?! zR|*<>+X3llVW7Uv)~pVLuHG}QqBlE_YXC@E8eNH4%0z+n$kbUMS735+SI@^8H7LF7 z?2W&AgvJ)svJY;B=1=TCkDKcAg$M7!I65+q8h7SYx!)y*ZIdJ7Lw0@`Y@_FgaN zuUoT>ZiDUha-Kv25ST-8$W*xcpBe=8?$TrpzWx!>U{KjhJoTn|!Jl>w@Ts8IS)GTY z_dHG(6>c6tYgTFy;4xg*UShzR09t40P!@&h2(pT4%=xTaCR3XAAmD1gZ=s~^uv9qP zs$j`+5OO$=P%LQNskl1CeqY|3{4BK1E?Iti?F=tf*hXismm8>qPuT0_Jhs#RQQ&s< z@_;-@GU{3SIr>uohZUu-BEi$_63`xc<;c;ATrTQc5q5v?qJQ(^r`}C>-W-mdkC6B} z%FhBnp#MnU!>KYF4-Bp8Wr%c)NQwP!`9&wx<=~_!1-31&ZVs9*hL79+DH!20H#cI3 zwDn4@&F-BNXK$K;@~YXfr^LBOF6))GPFHnKeyDBMRp;dOtI^twGtEE^(Xe!oPrA%j zK%ZZWV&a)DnPyusJ7d~gL(w~^kv6op#Gu3nJkr2SFWYO&K{&b2^s=6%nt{l~)z-L| zt02*`c94OzZg*7YNXYph^YTdjx7!Gw3tetlib3D&j=Qc;z~qs&W{pV zl1ON7l@u29GgD`&!wug~pSbBOAEi5T=cCT0J;GaIup$y2u*C*~3yY77MGQwG=n-UW zArO+4=-$=G=&f&}*WZ7J?t03%tntD>Rfqzdkp(a@0(`YM#24EbQb}81jq<3Nn};3_Iv}2M1Www%ReCdi2aorZFYXJxt=7P>ZulU}$D71cEermIfUbt2!rd zErB`GwX@>PyoJHQss<9u#H!Y2e9armc6TktQ*St|TI&%wbiUMW&p{Tb%G5yuhuNUP zPJx800uWxNV``1IwQh%@*a4zwTutSxZl&ZL{UJq+Prwfm{~8bFId155@;g8%zmDhf zKc=}{g5a<9A8z@(Phn>VPgDEdv`pwj!kFH}EHbI6C<3c_%`b+~om)k#rdtBkFBf95 z>kJq0dg-3WaH%S>Ke7MtHw(dBb-a3FUJL zPtHH06~*`ny_YZOh9j|AG-WFR7?pm(=Fm|mSAHlc*{j<@K-9T!h9me@gs1xMF>udP z(yO;cXS+@Ij<51$QD_285TL_P9R>G4Rn(7q>X@pYH4pSmyAwpe9vIgh7?Pa92e?Ti z*0;Vm;gkTYa)-47oi@|f0-Ql9xQr6O#11-(i)#PEqXayn+X9u{0wG$nTN|Nn+th&{ z1UBu4RfiO`-55{ZOUgmd2dyXBqKO0Iy2-_I#9EPxMc|;_siK;pk|) zhac~b*&`TsICn^O;6I?`3({%2`Y7#jfW(WCqg=)oOAh1}Uj_jfIdVv=>kX@G$RN&5 z!qJ=T8%@?x&;?rt-Wi6&MsAPmYcNr^CZUsEj~4|uJcQj{4~p4oFtuT?)OyQT^ZiAS z9{||2?JjE@%~@aGU*80_iXM$oCtqbXtIdK?u$!jpoIC+T6am9L>)>#vm-ROkgf!F3 zdNQvM1h=AA$Z}TDLV$e~oFxn7VPN*PZc~qN*CL?IW+&`=8OiM~3$>vVg@n##q~j?U zNMlw###2x5=F5PaEjH;ht=}zAC&<)x$`^#+NaML2P8$)DC*>m_rE6mh%_0X(h~A_p z-~x$$jedSAm+Q6u8vWkHGTj2!;%j8ly$goT{l__H;o2wSGDLMVO6*=>F zuadHJJvVj87Ru=yK2OP}_GaNta-ftK)1_>-SV(6PlFO9}#cZKi&XkJzLNE(Y$)<{0 z%_yXlY&wj)Q-b!ePl$fB!A zTCb&8nJL*qI9o^oyr^VLO18X^EoU?x?ouq^mD0C+56{K8I!b~}wW0_K^Xh4fv zu23jcQ(CFSXg-o(NtKI*JYW^Fxm-De+bN`cN`||I^C_d0DHT#uJ{<YB@!V zxKTtZX2Qj6wg3o9g^O^%LP3X2F{4*A(3{0-A*~g(lv30)8Kr3G(Av;74eFp|6v9Q8 zMK?q!v9f^)g9O{NDi*6)tkxjWGniywpuU-R;{gNtr3T_T$oxT=exem_kBU}o9cEXx;+V1{6_|I|B7AW~)*kzV zcr~pR(GNIWEoY2)wVcfXXM>Vfs0FK9d!?$`pb55C90y9Rf%&?1DqhvonRFSjSJkU5 zTxBd1uhz1_o`E-3YlRw6PAXV6o4dG6TXhpex{8g$=3v>Kp{pV8Mh8x+s;axk$2ZI7_;Ofc z>R^2R6Y3Wem)FAaV9@cSat0To9XEhP5v{N7pV4Oboxsd9fu|!McX;8X*moi?FRRNu zjyfldkB^v2bH`&#>W=Ko?)>Y3tUr5~Z2bHVnSJx9T>IcnGl0TVZSwskg0eOJ4o!7s%#QdG#dQ&>D4nmpFSJ4QB!09E5W< z`=nXbnws4BVJ5Ps>AJndQ%}y~PE_1$4;N0u==vE1qL_ihG3@}TWngQ*34$buyn_#bbbwet(^A3HOrV^ z>sg1w+!(rMH4SZZX>9|A`>M5ptDrYKYiZF%I+-IrZBL0t9c?cL#Iv9-Q(Prg37%y> zeJav9x^zIyq=lo%x9|J@rO#9mm3RI#MXtFW7dX}2t-lQYr|A*G&%}3w@AgE0MOok? z{QlI=vI=yfs&H17U}T01{1a!mBh)YGfg=vYF;L#~e%vt#h0M<-sTtMC1Z3SKX+XkSBr`64QtBv{~Z@J*hLrZ(k z>N#~;HuBoy|WWPhoA577|0dbRSYkZk|+#d7B}OG{mCrL)Sk+A4Z92fL;* z?{g51cAF-AL$upM6?EA-d75gs-I(_|oM7HvB3CS0XAGwx8s<=7`Gzag1f|1&(g_DxaGsmnYJploLvJ7Q23O|)`O=^dkKy%dVx3& z@u!;l5*(FP*P-N4U#a(~Ca9F_EvqA~2iI9O!WV6W>udH59L_*btgo-*rZIzcfH`o_ z0}is$AGVG22zu)}pcZ3B9lDuepYP%zyV209{HhF=K^L=Z)J7W(v(B12!8$0L43*NXD@oTlcF=%J&I@_*eK$7CdowLvuX5?pzRI0Wq}`$)C{p@Ml2UoLR_ z@6{g*Dab}cVu}y&$z7>H_l8~DO1RoJ8^)3DT1e+xb?ha>-M4YraQ0ce7})X&+|i+; zv$+$i;ILt>&-WL-fgvut5rvF7f5FrAjoxmJ1;Yd}1YYK_R;X z(ON-Xw3lnn^Bnf&zTr`=0~aMH3884orT7x<6$a$WT$9#{YFyQFcE~p9W#(9G#}B z@-_Mdl+Mw^e|7SXm%Be@MuwTOtZ73?8K1U~ha!Nr1)l9qe{&>Pw)RUz=%O}%mR!nNC zTqfyP*AuC9p@~Y4|oIC0xZn zSxV_O@wjTXm}I`)7YWxWkVI8MGy=sh>6fPyuE78wml^vwVN8IpD_5OHB@l9xezh~< z8XC6jg0u)duyrF5mmrBck!Yl)S<zh zxr#ZWB{vQ&uF?))XXM9GK|Yhs8LY(bR2zFIq3mO$!q`T_0)YL*#`TkH9Y9h^c|Bf8 z`fWN1*K&YVkQ#?O*Qx-IE4nmZtJad5Z*zIV)z9HhC1c#0~=@2Xi2_|6YDnerw~ zK)yoBQ`jlGkwTp;obK@q=-87y zYBKi~9ib+9<5BS}_W`#H#bf9JLlw>g7De?Pj-Amyy4uUhM4T_2Fs31q~u z2)!o{Vrbf}IN>fpMLh@%6YoJ|5Vh?k&c4$AVYtHw9qc53-C#HDAFdnK6RNKnbjEgH z@iw#qjCj%zVP5Z;w1z5XMMcf`Ig1`_@MC&4gP)QZtQqwoQLhnv#^P9tE23aN)D1sNs4IXa*`&Ok;CK)a+JJ}k^*@lc>%eayog*wZX@rfqJzO(=jzRg8_ z;8Aa~?6kPy#EGNHTeua_&uDy=$NAzv+`wSI7JGaxaCjuI#?2AF1`|#L_)77LgI~Da z0S}F>*wIuidFyePB##S!0bf__?!hq7P4c+wgyRyXS3g9uUd<564%Uq7vt3@J>%>-6 z_`bTSyS?UB^KQA;+4#j-$>=eS z0=RITLPpFny)GK!mdClvhJVr)kfBLiz=tO7e)y;^j)*4k=G#OT*f`d>j7>oCYXL$7ju zJ?|@F>#9$Fr!hgP++QOKM}Q*)P|wh}@U?qZZrF~l{kq<~;CyC3K;!c@DDam|s9}>C<>Vq$y8K?86K`YR{3t*;qJ+SdKB`uOA|C*9_QnH6M$yd?A_sx`i0X=icpHuP) zN*=%^gn9CHN~X!@(3P7!Ny#h78!35^l0PJ$q~tUuZ=&SglvK&f$t_iU|gc z{tijMb5vjRa$YYxvym}|G5DIZR9@3`XY{AXj9K4Dc_Sm$X93^W5ZnHehwgBU;rp@~ zVA2|lfkIhxnE|k5xG`geT3OE&YKGg^b>v8*myGyCJ)KULeDN|9qOGt=yc8bT196ob zLHh;BRsIlmnSl9}Dg+-CU{90r18)#ppE>Z5AIJrMgzgnkM-oQJE&)Lq*ncxmDD%Ix zkZKU*c7rBjUnWahHSbQftd{h<$hmFxY!$e+&bzlbrhDD@?y)of(`q8T4ANC$3|;N) zThiF~u|tUqk+*$l|XoPw3 zttOZozbWkctxT-CG#B9B3o5-o^Lc40*`8zZX2Z@%85@ zpoQXATQvr#!JwZMkbs^V7;>2cifDsSKn(>{(N8AxR@FWE`^2+Cpg`t(F;;HVR%vM3@=`rYV?I}lMHLS zF*^QQ(BOB97~Tz4qc2=qoDBraiZCyrmCE{JTV<$(fmekm9G+#K^Y6@a^I^&ZV%MMC z`2KV5dU(*cG);X=)&BKzKTPtSB_G^{MZ{7#`n)_5m~gzGpl@Sd4&QppDS2^uW(UgH zW=6n#k#y#VK|Fkd12$VxC*v$J$NdFtCaxX~kFzuy%yC$^q}7UoVNd2TSs4g`vM>tB z!|m`2Cz``xbd^z2R00UI z!Xpv(d3;Hh9dulkf?|^y4zzGf?0;Qswa4sE-#NAhZ?y=#0G-gS9g zHQtuqJKY}KK`FPpO=`Q#^R|C;o@)1PqYB!5?~`ixZHS84-j1lSEw)63Y_a#op`D2B zZLd-7zP&QnIB^ev9%ASZ$MZ-X{o8oM!h;64%y|*?spFR^JwTt__;05@?=2q}m>S?3 zZW~1$e(vGVM+Tf^&}n8;a1lRI4n%Xj1Co(q>kxRJ&?w+Nf3l?3M*I9LD*i~v~*i~v~*i~w3z*TB-tgDo~$?StJqZa)x z1CCbct02$)oIDRF`S_C?fAxj|raQFtBPh^-$K9eEJzpi!)h>zv4f%fx`-7GLzZ|3d zLPL80K3=zb$KNJiciy+J`oe$BCpR8^5Xca8@He`QfesA(=kds%QGUIE$D`vFdqIi^ zBN3lJzVB}p(f8L4+&d~nuN#WDCqo1-6j>lceD|%RdUoRZ#ZvK?f#1i~Jx^TS3lEmN zRh-<>k#P(30%F|`|EwoB-uX5};qwx{_5ud;dxJq|$HfHKEHE_aw3qWf(a}1he)VFm zPuFlK5UyGHV}ULXK|D11v=AO3bP$l88qia=59%#0$pG9Cu|We|i9v`PA(ZDukkBa4 zi#VYw6nw!z=lhG^<`Ayec)>pB`->x5aV4w2=zmc+_UEiG@753NB=kIFg#6^Ke|(`t z@mmnp72o=Ou+LvR*ysQKz@9JMnp(F0-T&mq-(CX+yj#u)-$LvHMYTm@k4g9bH(ed8MXWdBPq zpv~BRb$P<@D-SS>#j#eDi^khm#I-xNFtObI+whF@|Gr9}+<5j~|3Yl#c@d>Q5%^uk zEBlROmHp?0HZhqbGZa-+KL^FBuNG#brnckN}p-nD@&ULPYC zjWp6q4mO0k7)-FSOY=bu?tW-3!FqQs$;K}A!49Sn8r+h8kP`~V1l$w|DY&Jjr5w|w zoSc?_n&giF?V+L2a}xSbOLE9*PfvUAd-Fyk?W|*yuJ+BRBzxbx@4kEQ-23~{9QA1a zoJbB5!{Ki>TrkAKw4`Mlp6+00TNktFmd>#duaDdd$=J$q7ei|$dK2A{?sKiSrF+X} z-Wg@pmoKqrks{{O*>0|v{E{pB^TV?pgfH3ISpJv6*$4s5&}@_eru_xdNY2j2a=@&a z?IeL|e@cel1|r~C>tcYi+*!r@lAVpEYq=`^a@hN`F_bOkxQqG|JIH@gq)`nfMfbjA z1$wjlX-&-QX_!=R-v_e#BrzUCvBl>D`teLO^7>~TxOV5YX8jaC@^{oY8Rx2Bp!=Rb zk+Akw7yjuJPEGP04Ar6x1siH{d1 zB2)$IYcae9((@mTS~+0|;NtF;Npsw4Im0>xYBuhr6#!8xjLZ&Ri6HA0LT3a}n@- zcdi2#e_$>aB|mtVMxPj%i^a*e<`hDH&s--`esWHusm{J7zZNH z$k(-&LNSU~<3KghY8@VEwLuh}mc&mSZgs#Y+HxTkI4uXG2Et7dc{z$H2bV-HSm$20 z$kU0gPoIK??1SYb?pqPyp8knM|YY@{NC^0KzF=I?c?9mmQUAOGObPU;!7Z2Tk z^5e|-WjfMKlN`(Ca-197uwFd${7GtZ)@$X)e+{nQMmT-t(2Wn7cHZ+R{Boh>Ph=*$ z7`{7`9nYEKXiA&alwc+SqzUYh3otz!W%7%pLTZ8~rxu}IO4ZuDOOb3zMYOD7Ou|e} zp&_}FA+VN8tE3AJwwRkuE^3H>vDi?2Af~iEoG3<<%)jh!EX7do&dKCBjXBOrEhFt5 z%^MwK*kIwyF&xJ+&PpWofOm))y|C?-w_(gO@=eCt;bF;4gxA(y*4w`V&UT$W^wLS1 zc1DId)33C%YB245YPxoeq#Zn6xnk8IXMMe^2K##P4VFO?{S0oTovS`MGR)xfjM)b9 zx2zmpxx&08Iiu-|)ktxK{IMQC^6FEx$GzbUHCS$X2HGsk%@kR#>O-4=R)IFjyxcU) zm&zu{^_yl^nDZv@*0QR-Bn;#VTB@=Arq}idInP zZw00NR#2_ariyuJ1!z9B5}PgMu20F?L6@6Du``Mas&yVJOUWbpAbIU5dFmU~aS`JX zo5HHY_DH1RIp)tICS;I5i&&9*FW>W6a1Q|xPpihBB@#(ngoa%qd720B8@2_S_i4UJ^Cg;}p!qV*SA@o0aiTRZLIbThQ818g z-AJwOqCmB46;m0aULKzp@a*vOVS7=L!UJxF0=@bhdipg7>$UuL903pt@- zVQ9gl1z%_Y7+NUOLWve8XrW9C6(@>qLHrQC^@2fLY4PJgvtBSP>vp%*J&6JUu>Jrd zvIC^mU3>0nc8r|3=byh$kCBmkMUBE(z9}|30Oqj0S?qXdIWpXno#b6gnuQQC#RmMx&@?G*U`NqoHIp z;)y^MA_Qg4XEeTvz!JBN1~L&?=Y^Z9Ku8~fa7(zs)2Ug3C3?6iu=1It=iV#jSwi9( z?#}2KkXTICn?Abdf1kk){xXr83i^;C?kySF^OEZ30Ed-@IIJv+!^$E!tYmKEe^XN7 zSa``1nMi0%6OLtUPPF*UiQ=(vEQRA(pvDo<1veEZTHDAGF@_^b6UX8+j>V6r^nguS zGJu5vLYK;NEJPBzCYEDKo6vQwd}?~C%CT@z=qgsBD^=;#;f+pOqn;w(DJU141$fUi zAc>|5tx_VNwoy-Q4E_I?6UP4!j3SA8{R2qW8}GS zO11rrT2(>MNJ?pTt)YC|3brFocg;z`qM2At^F*%;59ES2_%LNLh3XJU}=g&&{L793? z2^(XufnStA8;oz1LGHraL{eOoL&@AZau=fsP~Vun~{Lyjp_b=0t;gsE*VYD}svKhsuj?+$WZ%>b% zOp4x2QaDa3ML&0&m3D47NPnNXR@Rp#!}t*Ig?~!?_!`wz7Q(xj$XR2Bzv_D2tp{F@Yv=gw7Yeuhpqaq&t_%G_->HQ9h=Na*bRsMKq} zT?@C<>1zx`2Y352pEt;UgWPG59=D0tdVBi&cN;{A-d^Zu=yQ9GK{lUcp;C(|GadY} zYKn-tt=?iJs8i30dO$kcrR}7gh3>u5eW8;dQG#SX5XSlDzCaar=s#KYq?905ST0e7 zn**IAoil`f;*n>apBu;$J-`P*)R^tB%?v^*_80hOQRYahzwFF0UMHk{R%k8DZbfIq#Oy^BPpZ!#Fxky&eE$u zyd1|FHps0~w1$Ql1@T(BA`M#9wl{CS5|knbEtr_bo|w3w8_97*YDBJz_owa zqkPWGdO1%X=8IXcP_&E1ELdOgo}4_ymh(x;o*2(-Iu7u&hs)!IoL?yCO67b7ESz#7 z+h$JbEsvML2`g57@WgYz@A;YXcqQ+Z3SPdP2L~-*$yCPk;Oc>;P{@J4&KKZ95i~nE z&ZT_CFZ&a4q3q{M@NZPWN`x;dxw-~bnYf`}5Ph}ZA>&8Te&zR1kdIyiW%-CSY{)L@ zL~-p_!O>~uD#KCqrB}U^L7)Q!Qu=P3Jx#Ve#b}$SCZ3~)dfdwmc)4--`-<>~7ZV;> zMIMG4F$9t4UO_;A!`QU{A3 z3k=hjh#HYkZ8}ZbrPz3Nml~wN;0)`x^*Mv>ju%)wSBxLB#4Jbqf}AfZbf73r6e|fS zGw6L%VIZBbyiKPRG`2J#(*dfqqVrCwtYpvzLAVeWfH`|EWVcR++y_=ba=_(dAF1LI zho3A46{xJScS>SLv*zMq8A4@X{%t2Z#~r!Ef)E5zf=xghlZ0$&{pANOnjge)Q9>?w zcvSp#_e!|F0~9;K-(HwmGZuhLxE32Dc|0Gq8Z;vTOy$Kq}ZHDt-I7-gJUv z$v9|A7DiK=4RpT6Z_|FX;oYy6@9uX|_C*#me+xbz;Z>t!&^6S4`xqEe4ZmGz=Q0 z<%6ewv{8ELm~ra?LT-Nl6#198=#W<|`trwhVa*sFg%zV%+=XL_zoVnS4WG{$1lA4@ zOqC3nD#ys9j zGDC92{q>SW#3-#=Zy=K~lQY{gkS1`{=%Y5BfAg2DD|3zA`-@{P^4%LxknL#|<2J^O>sCS65EdAc z#Mt)u?~w<-Luc0wqDD|C&BlM0GDUFS13k!2Cu)*ac zapehdBrQvgwFt1`0QHp7`W})&dq6EiA&?RY&=+41q6%!dC^+ZGs3=L;`Gw!Et@za_m;F zbkpEKNxqCRXgB=jqvVI*qpOF6xW}Nk7^GVD{btj$7(GT>zwtF#puu_CE$!S}Q2?bB zy6)Wu*|1^tYWP4;5BgYRTdz85o{LuMeA%Da^h=Jw^r}l|x{Gaxv8HoR=zgsUR&uSu z1iH!t5o(IQ5Q1eO;*h$5L)sTE{ew~0G&|Fnyi4k-scP%4YIR;#4}w~)R#&vW*1phd zb*uB3ELH2Nu}1#SLGA9Df+c9Cxd}%_GgqxK{2>Bk zG;G{UGT^Gwq|rlB1Ht-XB&mQA{xGoKuDBN8xbsh*AWyzYaWs5Cop#+q;cVhoGSfRc3QpSYn(wE;+WU~AZn_^#2C_!}ZeO^^AUEGHqR+cS z?|2|S?=pB0ZmC_9Ba>57(mA2ZwejdKnW>jhJRi0!3y@@;PLvO8g~ox2)@Zh2VuoT6 zUUUMEx~0n@MVm(pzSfi^T5X43phG_eszZDBDYZW&xvb=IeSTqa601Oa@l;VT!D5Dz zY2%fKqN8boBgDi82IA8JllpRVx!}P{1sv0r__wAFClgoq7eSlpOavT`g`v^v zY?lcG0ObXp_O1V!R4O5K2oCoSU&{#xl%lN1dYbi)u% z{e|brsSoJ)=s%KoK+l{e&ykNXh5*0YwsCIDAJ@f(KO^h$*!PFVOpa@&lyQ`BPPcr{ zaljeB#h{J~Ouz>0rUM3P7~~Fv_#ZMEZ3aQDc7d@J zXuUi6kJT5O>3S2C3u=4#;EV-l3-bqBrWA*S+%{Fv2Tl&-teC6Lwghe@sgqi(78jaz zsoGKTBycm?Na9W=+9VMWr#cTGUMAmfnFPOyQ{-`mN}qFL%-Ij7Y4Y&-eqHH@n$3%|`}f^PJP%inKP9lJXG?#~V!~T(uZkm?Try;ovjRpr?QB^A zqg*P&BNxQR5{f@A-N7H1itxutM~%!&S51Y{5^4fVzs(9bfXoFXNV66cO6@Tbv%Cy>GwvryPTVfeRYO1~c6P z!WOFy7aDdtOa$y13r-Q=2IGiqaei+kmMFA1CPM>5hZcJlJL@XLP$M231T{DllX;X< zYEq_6%HUrL7hbHEhKa!%)tUar(i*NvfUu|0S;#feh^^fUR}VR^EdwgdaYn%E0zbf@ z!v?9+*$G%I`&ybUd!W^(%kB&PY?W1l`nY8Xtv+87O7p!bCDpCZqg8L3ZQ z86xJvvx=gkq00nPWHY>oOmm0+?FZ!8*BJV0U|vzCW^=8k7Q5oc?Z5dhd73;!K0xuY z?W?Z_4dPyDkO!^z;M(t4wc6|a`{Zr%u$dV_1&k5*M1u3_|6}h-pyMd6{8iQ6bLbdp zBw4l&dom;MSaSw!!vf|A zhYt?tIV{I=1Y%&x#&5$uNStgi&aT-P7Q9u}-7`JX=CH8+06@xYA6Q%V{R$(>F!4IUB1AG8KvZ0z@8pOC)sly#lSc2$8qm z5}Bxkq6||p=#uoFx0$=54^uJH5c%!fG$jEiq%BoTIwFt1!*ZcfkEyX{naIg^#KOW1 ztZa=X_7jY48T&sFN!!y>U}t8>=lQpaZ3r_3l(d2kw~(yQ_UnYUJ2L#Q<^?}5?!0$K z|E0Gu{fsuPG;IbZk8IcL^#Yc~TQd>)X1ku|Mip#T&Ae%3-wyq&;!DEI2y3KV6WJ-k zS9ICp;!*;<)5qazjrnAa`vw zY$w~v{Rs2jU1cXG2a~({4OVM59;2jOT}8o%tdUQqNAIZE75ix3{j9DfdAtLMM?Zgg#_hic1%f}=TLORM zz?Lu-zQBeGZefR?q7}9Zf2f6hBdiFz1ECem>dP9UtLP+M7p!e-50%Aa1YdW>x{j{$ zsDH#XXz#Rn=wg)`&Ps<3Z1zeDZtl*&?Qw&h?QVD+4riqYYz~LVoXN)m~mzZd*s2 z+$1{(RUf0nT~3|Ln(X$>0MC@_BYMg`mCB$U(OKnT+jF*RC(*G^-rVX_%%~)H zdNf6@G`FpR9}VS~gGS|BPRkizZJaZ&Va2+J`g!weK}%HraL2=Y$Dy5vg0md|?d7d4 z-6N$j()hPmy5i&CQR!skpZZ@I|6>7c{1>O}%8gO^vR@cX3625If(!}0KI4%qe)hm4 zlj~pJQqynE1Zey3qE%nEUtU_{^3UJ>)_wbMaP{l1kbT8etmpr;AOCinhW}UQe~;6CVf>E;oCg1YjNxm?|KU^VV?6$I*aaEB z#f{xdI)h4Pqqxj|#$l*W4rCNsD!h++U<1OGR<@-tWzn%IvdjsqGO|@ z#UC8#)e>$V=+u#nERTa?f(k~~Ot3a_r19cN6x+@C+Q zX&n0L1vo!&*8Crx3r9+0c=~Urv#etv|L37g!VC0&41m%9T$L2e4F@Ak0Hv1p1?D-3 z0c6kQMEKfeCO83&t#!Vqrr$>sZ~RN(67_Rx%}d1j#ThD%UWYytn5r%ORY@DrM1RZYSl;)S>ePLmRj}xD~iMqqeT}q zEL}naufEP}Z4L*#)*5@M*XnPf7O&OqaJpK2!{2r4wU&ApLOrj6*$}bO(Cy(^8f>N( zel~3)8F!8bqBNZFWy}ldA|-cpQ6BKFnc$2p$Gg5z0rGLdH!5Y5{E*#D&6? zs_BAW+AVBSE^_@0neguf-7lcAZw+mz@N`iyihF4bv2BkP>wUp{gufuZ@zF=UJN7D>BvIP12aEJ*H(B|O6W5s&7JK+{<57juTsA!ORIa2p+&a7XUHPhQW1(sb7RB*SQ7~z9a{Xmbz0PuCRtv=G7h}MqDYIcx_dJ>JDFrBj z<-%VGBSCc&itBytJhJ*Q6M1Y?c{^F;POnnU$tqgBeNy7NhKerQ+1l#wMnlJ=B7m^2 z)8E1bP}MBrQD$+Zq(QHWe-ldXMr%;g%Y>|?A$-g#*mWlCcSQ%^Oy<`+O^y(3i?RlcAPI#jck)smht&@F7!8bUCYstw}uGW32T&MmdmFu*-Qn^k)mdbU; zr>R^$M^d`}HI-}SFS%>wvbMh4(H`^?`Zf9^+Jbjrxgt@SwptsS@bi2UPOjEke{;tu zYPC>(RhxKKyPxuRJc{A?92$Hxs@j8*O)s;$Zdf{U=!#H#m644^x<(-aq&iibX=X7K7KY-2Ii(J_cX@sn3*fq zewWodVAc#^#1h2<%F5y}WLyvgsABpIYP< zjg6_6(Vq3xE9;nKtuYB9sKm9#1J8jfM;Ve-_F;dERukWVbD;^{e9E~{jnWcDK35iv zWum9aN=W#z(ZO2xm@HGW=v5uB^u$%YSknlqn|h#EqT6VAiQ4c2O!)|NE=pxzWrmfrgmLao%TMsBKQHAJI?9Pv zJB4VbD=p!dc_Zy)8CQlm;7ahxYhgGbd5Io`5MB#pUHR!wn?>F(=-i*a^V3HwaMj2^wiG89ZNTiE4sW zrZ^m*bR=Fr4o_>^GN?{*oJKJ_wy*t>FsN>jS^-40ODcIGkS5NQjuO=PhVUyilgV=? zx2R;o-xQb>8D@1z&?-4uLWhHv?5j4KiG5b;cben(G|{s#{>fCj7RD(Ce4d2wnx>Nw zR*%ssxh}%^*mNaKvheOD_|q8=pi2;r57gvJC`R}QyQh%}*6I-cE3@NxdT~pB7XD?W zHH*pCx>;+kRkxMDuAUTR_&`Z?+1AIXIS3JX< zW!_1S;-~RJ9wyhEg#~;Ve}VPJQp-W{1N?v3eAzS1&+`=NC(m-*H!RhA$!p{fc(0n2 z<$lp%_zFMA5uO#^Ko8RQ=Y$(|H|w5?X9r$K`^6W;f6zT3VjcbaCyHZuUiHqrm%iSl z+ZRVapxUGt6Q39BZG9-!6G{*zm#Sa$+cskRZ}RcQJ2kJ z*4%j`x&xWa=3-V0!3vU*sDZrMto+j#nJ*Jqd9FumBxWw5(S`3s)u0x7p^iDnGptuj zVpLty)qH2FmMk@+*{X%kmN`X}EhV%VI)h{Kp(+CFcPG|0|tWOV35T^ks{Xy19B7; zXdGeoWHE%oGDaxW)lMU#ZyPqS$O0PzvKhEmHrkt5xDZb+99BY8^qvF&^z?N1#A2~- z3O&Hh9%k>3vA-BIDO$GzGM?h2fgZ&(riSc}bun94R}Xvd?4qCz5tCEo@k0*})7{(4 zTw}em$qnk(+tb?d2hd-xBZe(w&aMtn^4Has9BcqY!V#J60EI&cDMnc37*w`{ zz4NEcK15WuBc!k$96!kHoT;D>2nHe=wu3!`EC!AlX8a34fTJ*z0?4Lp$ob>!3bo5| z$hn9NYMQRDxJ9-qkGOjRu}el*eUxzQ1tMz}3ea&N9 z)`susY>{8-u_f032~!2S{gbi4Wa z&kOn=#s*H~{O1!4|L^Afr>n~Dba^~Pk~_JM8O^Ox#q^!=`KcX0T(Er{+Ic8A%kRIj zb8!Br(&dhy|8cnNF8TYf;8DRS~PT)T*d3n-0g(b>5K0;2nejiK+A@57Pl55Vh$ihsP z`SsB{fIq`rCM!M}{bw{uA^JbVREyUY5d1Fh=Lg z8UUX~(;e$;0QN)1hv@DVD&@NbewVC>xC9Fa0AGuBZd5U=qYi{g{%x?3X`F6@t*XM! z0z9+EVsFG5^-(r`)M4EgEH&X4SxNI{MC?Sc60+CWVYk<+YA}5tOe+!GPg|g+Wf4<- zT7Y$n2`T`nLf0(j%055FwM@JrK=2f}M%LI}1cn-TQq{~oyW6)J$SXwm3jz-#;Zc$| zw;Zbc(X!_WOoObzPJ-rvxCje(B5R;y2k5Q?Cplc+ zVDy1$7YGerYqXP1W^^&D9zHQVH$0lGdk$7^kCH(>Dv*7tr0=yHG; zL4P${)<_b8w#!n<%0H}<>Es*)Tr2mZwbC78#GUF@3RE9F}#Q?v;^{bew+s%;UNJF>~ zoOCX2L$jF1)@Mb-6fpe>>#nDbHJ4pSP$%d-7+(d_6BznHyc6MK*uphK&hGZ#iCtdn zl_r2DL2zRs8>ihVn7UEA{vI6;fUX;vZqR`c0@GG>O2Ctmv`VOm`Wgg1(-zt8yZQ*y zWn|F_b6h*rK zzUuBdGMRJ^lFTH8872sVNth#aR~$xKxGJ-BtsZTCLt5R7^C2Y2MBmQyjVdO zZ{u?jJfDa+`g3(%IaEMp#kcRbKBMm2!>5l|)!j4GGnq&xuz1mgbf&thrn{@_tLpmy zzwiGfPwoccAaB?U;!!RMg1n}S(`O1yKhp!6^&IWp@D9Siq4p@!XItd7!!_xe~&2TXOU6b1GM)p*9IXKSUvvyehAOZqmc2GTIewOv8mE5@5|^udMkbLsygVL_OgS>*G+)M_e6` zh;H8+H#IJu-gziqsw-{{C6C4>!^b1eCmF5^2nT#*)EeouORJWw!dvlS+>QJ3zZL!x z8q{~JaPr_IeRlQ5sOhcy)!CmUy#LkW7ZRqPscS!RvKR>`#E`{| z#_u7EP3=JzJFf>>Y^6DaBud{x=o2x^ss5f@E}ij8!lX3pFDY&D1-9D0J66PYyaXL9 zFv_vQO-Fw_I+)CfL{MgO-;2>D$xKFxOERHgwX$R%ghM2;5J`PQBhLg3b&+XTSTr%Y zP9>D2`rr>5>!PHRq^Ri&7mj)J0^6+!Aje6^=i~Fll@HM`kgH3{J(`S5x`p z{@`&AxsPx>>uo8~DjZ^r3P)Ca{S1yyJhaLLTakDaW7IFyQWFXXR?=;Vh$;|&{4o72 z4u4d{{pcY3Dm||R8+ z*>Q$!S&&&;Eca4NGCR3X&4e|7NxmJ*jt7*XQ&ZD@{p0a z=^2b9u9T3t{=w=$V2>8%Lu_<)*0||8H8~3k9Cka z0mEKQn_n9?ipLq1LgsX4^`GP?U8m|6F&;|C{ox`-is^gU4>-UiII8r)k{5@)WQ6bl z({sR4+coK~uIHkCX2Onq7&1j%yn!B7!xKglCvD_Uk0|nJGO-_{NP6@rQeXWh7d;b* zaRK9^Q#8>d3HBIjGJ3e!3ZNG}`okQle?n;LGW;Gr%ri>90*#SeJ;K;S)d9&?J3Yr} z8y%zUfaGs1Pd`j{KZ;}`Ipmb|8{{6U>`VgL>JkJ+aUg8gwH$f0gyU##xywhKnmBUQ z%?_xHwImKON55ti@f{EXR~dHWoXGu=M=Qe$^?S^^%>6qOiWh_N;>BDPju!*rcrlk` zh4Y0Y$6RCzzZLd;Py8aKyzlX15R9ke#hi{8^COQJL&u|^aV(awiOu>+MtX^UAu#L;h9#fZxw=!rSpqY*>#E<7(WAoAGXZ4tHVe8f-G8y@^@3;FI_?W}9BX#Rd_Z zYUf;!cij{q%REK}>rH7r%lp;~uQ|E&3k8-125|z)koDeuLlQ zeW)L9$`wCAlVKIPxaoDQ=zJWF)!T9D<>Wf#&ioxN75oMouruhX_SZ6Q~X!-&~vT*qxCK*tP@&TH7uI3KUvrAfX)vrL1L+<~)y_eDU+sOv45=EzUZdUciI6 zV5P}zkTet`i3o)Zc`+;CSgG+f0Vr zFr%rqBJ0=2>hh&`U_N)|^rZsnd3h6kN#To2Z+e=x;YIA)o{54Cwp@HovHJ7;`^J3U z>znOQdOJb>m*ZsX|G1qlIsX5TjsN#E-4ft`4Pp6zIs7lD!%;lCl*Rvd$ofChKB$o& z`hN4jrq7tT{Re30-nJ9wf1Wu1%jtGFV)>t?cKhl6e=4>__+MR+@T{s!HLF^UIa@f+ zFARN;TZ@0>_Hlc;ce%@M#OrY72D}Qd#f;mqeFI*Oh9J@2j9UcsuR_CS{0)MC4PHcU zK*AbzhXbXtR;4Vc=DzQ7YW`k~!Avr0dsH89@OLHc0nYjibI|>#5&AJ`e zCbSCB6Zl zU--$aFFZCwyD9-LSXZxHFpi5$*2;=Y%Nn>RUTWUvc&V1SG%`!v8V1LWh?*alFm}fK zQfg^=UHf|cEk1+q;AbH|(s$}xlzEx)^+c&iUHzaU6&%?0RKirGuKrSy{@%2wrtegw z*mh5liqsWFMe;r;NU;(X9@6m;Y6TBcb0&VJ;doq9>tUK!N0&yt=z&w?-V!KSvBboOhZbRHq#P7V|pT;3!|diR1P zX)li$Tw8OCKCDO|36jdNoEn9b6Z;Rt|4{+yPz969CAc1NHO7>uB{v{rQ3<_}r_|V; z`gaVACx#9Z4!FvPFuj;ykR%!jL>2nS{jx|Qp{Rz1EIjD<1yGG9h1`$*B85B5-<;PI!S74|>PL}GBv)JFBKUhOaS(i->>bSWEc&ROwQRPAY|Uq3 zP}NVlgxn7&@1HShIJ+BCbIX=Qvr|3VAHHkP_C#T%u2>l9p8uG2EMdZV*GVOu^WlV( zO*lW+x_w^1y!pD+-h3Yl>N-abzwW9&yA5nj47Fw&CTdWRy#1(Kj*g8DLOhK#6;|BdkCdMTxYz>E5lD)}*Zca9GvL+O@bQRtP z8+7vyrqso3ScPoUW;d@K0+o_+&4GVnxn%z)v`uJioX+f@6`a(NRl?Vz{5VUum)5D4 zkzze712Q@*;mRsz*685|NNr1n2~(+o+YS}f40>#5ft`*6P2gpcWB&SFNOQaaR$pK* zKswl|6}%6GFJP859t;7mY?DjCD_ij_&9%$7!+D?t~4@od<59KIBoH&m>tZh#VM$v5IGX>@oNoOA$s8ZZL}Pi)Tw zqQT@{P*Yi6RbicWKESK6iwRDJhMOt4x}#I}OqxkHD4t0j9xoxgQ1>ucf_rgbTBir# zA+Xaq%@^1oXQWxu;Qv?BXJ4d6@+9ajn80k;XzV8Q7f32t5p#Ged=hO9S2K^Kp3@Wc z)1JRpU#9+STzSd2z0Q&Twc82$f3INB$nn18c=(^&8NvTtrEY2c|3?@9<7c`tqnjPO z{y!zq#^{;scuW+~@4(124O*pik+Pp6#t70X=?XN2Ibw`Dt&+Y@$#>-!%e`z1o$PazL@&7S1vfMvFJNLGo zApY+>+3}z3c8A3Oah@LkPsx@*{~ycp|8n}j%js~s+>HO@RCqs5IS!QbgyKIv^5>-E z2FyQ&+ewK3bW-R4a{MP}Y02sM|EFY2Z2r$YN>tO@@cdsrt%b|woyHgcr9h)h>d~p1 zHS5eu;j`nvDd?({;}^!CwCf&KjvrLLDd?|P5_@@5(0{EQ@8wM)$t&-ZUsJsaWDi#g zsow;$e<$zxk5q3*18-7tPKp0^GjPAWCll57;lPdjEgPi>_`UhN<_zH*m;+OKy1QE9aDJKF?V@>$DFrKYIZi8+oTVqw0YCX0_dbVxe;Nrp&(n7I}XV4?_*-B|Bq_ zI+Hq+QqzMqn4NDXVhMqnE9tOMLXN!-hmn5HXCQ!?oP~EU;g?OOE$8)l^8occYI$)f zf9y%_BNR)CIU}Qy=gtPqrCGO)BI~C#(r3$GSFufV>~+l%6vxsmS!0Q2ERYE#_udI) zqp!TV*3TT>Eg*LA$94;!pg4}^${a_8a{w*0qOD^|>aQ;29nCF^27!1EIkubs7{xI( z(||FA9|M?224XwE@mvN1w6%I$XjNl~T-7E5;f>=g#;2{*< zw4SsekD~#zX_ie+GP1%>&-b-)74}6%^q^Qo_zYs)r@O3jIh{Uw+t!Q6USnrKOY-}4 z^aMx)pX|!=R<;M}V>1xM+chuY{7h|CrhZYTI60HgD7Y~*X;mgEKyoGGcbVc1Svyl) zS>$tePic?Yjvcnz<+NR9EN`-vIf_R)T?ID97k}DA*~4sQ4`hE$Yy~!%4^cSwVIUeRk{xwno!eq>(mY z83Qz`mQyp}_ck8Q+D?mw^a*R=#>w8+rBzIK&<5W^XKHd?b6}CbA-|-^Rb+n|W|lad z&X?hiw&Efeen>jLFjq(*%q_`yFT!-xeQut}7VQ6QE}`G}srjqq`8I#c!d71kP4qVU zTHA{1R`?eB>un1PY@eCWoNxQsjPGSa9teBQPDg=lnA!LTv!&xrGgxeInDxRYvui?Q z<1;1~?JP?`lLq4RTq$oy@db{nlUC`^TB7YXd>%4V^ z^)8>!y=Ziu)4izPpCy>Np;d)7S@EF5sIr_Y!egNo}5Yd!p)XpW#>Rh#>M%UKOCEO7%WiA=| zSH4+5Y8MQ25Tn&Dm*;O0oQs;=zwmgi1&ehlg@AX^Sr~^_aJ2Y+X;3KvTyq9(^VZi_ z$-yW7kH0b$nDJoV1P0Tj!uX2jpnsnQXFz%@Z`nW-{lUr2f#s=C~MYWXeH0zz9e$c!r}zQ|mqg45Lz+5mZXE9o*FH&4V;&9*FZmiwCtdqjnw) z4*IMX%m&T*%%sh@jDnn4+(rFax{+(Je37%_itsiJj^ZXBo zRSbtpo#?aRKfv1A`Hf|D2za`P+Bq3_dIiblbPVXo0N7{MkK$87uj94zFM!l z*injq(>_Gt;DpMNGs0+O7t!Vt<4#QV=MXH$QS`iTS0i*gv@Hrk_m)+=7qx{%_=@0e zq&Ib32aD<_kV!-gfPV0V%6*t@Ar5aaU;_LCv6R5`sL22gAvzZ^>;SJ!9w`A~2XIdi z{7)k803prg0=hS(%@_hHJ7Lr_4q%OpdTz5}IR`;QcMovW!SNs1 zzzPpXu+SVB&oE3Y5sJXt+&3)%ew%*?N?qA2quWKIN?*+dG`$Ph6_!S%LgNdH(?(Rki+q!}q<`+GXmRne;l7 zNe`K1X3{AVKq-n6il7n?2o;`c7^8MU3!LC1spjk*fkTMIu6>QL!2@|Z^yle>T z+{cK>xr44 zOx*A&v2K-rWtvwpITf3QDT@gGhCwrPH;mFO#kJn!6pCVdYXjm`r00}g!_4Bx3rzoj zsJ*NuQkr5Z;}f)$^uq0+Xhgg#ti|#*^tnY96~Tu3VEq~zQ*xKqM=KgCePvB0m7&J6 z`lgDqCj4Lx#mxGiTJxPfo={t(r$$Jf`!&9n0lTM8% z(A2SA9jz@NYht~jyu}>jE}Lg|@eB%Le3f>#FHJAtBP~-yLUVQ3b$AuXWaRV$aliBU z2Q(JiG+1roqb=QUHU&a~DzSfv0bSp;h1y12+<$*(L*;E2@=ObNEbiW9;pbB)uLMLO zO0LQ;pd;L!V1I#Zi{*E!dHex#y{DvfeypS60mAp%H21e+)ZHDe&0EtFzMVLQLgUwx zz8rXq@@vS))BWOxRm@P_jWZOb_gu6oBi#tQzG=|-5=j&qd z(|O@g_wk`+r?j^(6r*yU3th0frEN+_sG+61*5&sX1vUj&i`Pt(6;5p25p32VAN*rm z7vB?f1RTI0i-EKV4|JW$0`lR|@Yz;)?5&7Kv3??!}o9Xbtt8ia{Y+oj_PB-o`sx z7K&A~xZ}g%Ycj;4Gt?%luY}uT95Q5}phR36u@KiUW{w@TV%zTM@^o~zFKKxO{q;Sb z8vt9N#;B@tjx1d(&U2W9-)x)2Z!slr6^rpap%UtvJD;*aw@Fp({QKCrKx=!$-H1QJ zW?93iMojdU6U)?u_#KP8!V|*nvR`y(`+UIPOQ3;k!@yngyLx>`V;~f&swn+kEv^cm z!jyzZPGQb*zm>;(3K-w7>b63_Fv8Oc-a`0H)|442uV(J!XR!=1BONDny2Y?x9v0Yg zZvve~#q|G^k4~cebS0H{vOdin>||BscFN}@RVOFTNuu+hNqkpatK6d#u@P@}@*h$x z)?r|t!MGUcnc@#G5f z8;W6E?asc25T!f)R-d?UzJMQJ!wa&j%S!!a>l66}+2?c=dfVE&Tbk}DxL04wwvL&8 zLiF@faszb{6>>SMSciXNLsWMCfg>K=lzq zYjS01O)wH#QwrK(Xie__TSIF~{;SX$6kq+IYDNu4Sk1<0Sk1#mSj~fjVKoG;VpADG z;OT<{YN`hVY962n0fYU!}hxS^+3jUsB-<*H;DW1NBYyWfdj(%nEwm zv~X94m>=QgG|^T9xC@mHg!jHG@$3Oa)6gfFN6OwL+P$+K##&yH93 zPrXN4Y273lsnkLf&3?dS!kcK{xpe}R#kHa%P|TKk`cHR8Jtb&CR!4n*vhn7v#x~^< z+e&!8#*Z>v)Iu=NqD37orRLTB^7uKOE;YS5sGP;XiiNomWgKUwP8eK6&e6r@>TI19 zQPK};_?}*8l*`(0nqvCY#G6&`bfZ32*sKpXsh^n~;kD?fyMb|q<`wt$?ligJ0~23q zYIeJ?6Zd^4aroAfBHX`~oLAG?-rX*S|J8)E0^nB)9n(mVUnTy3mVoUZBL4K^6lvqT zg1q5QyMholomAqvN|iD}Lj5W})!5LdTKSDa`;>#qw~1q%O@QBH948UZuv_OV{AhkW zKVF$yXOLSF&*zhr5wI8ePWzOO`lgbqu;0Ja?rkjFY5z+RnzzYUT2>mY2m~4%1;OGY z`ZMJ2f!)005yIs)y_>9w?&Td~4t=Kj#V>Cuc$fAIJ$x%);Mffj_UPZv!^3p;g_D0m z@E3OQh8`#vuZ$Vo()Tz@#Fm}_HO78^jGh@Ra~ZpNfiqU@=G8J@(dwv{8_2(%v`u#` zz0nE#UFuXjyBNHSJO6b4LJr%w|EB+&jk`*0+%_lN1u)-9b~|u5P93s$mqqt(N7Iu4 z!%YHcqT6>{a{;XB-@TXWti`lAx^a&&Z5`aUFYn*BM-Sb$$5|lVWnXP-h$xmbO$`yH zaw)okb|?{oWw~>T5G-?Mv*kl}_1su6D_ITm{)*vuoA{Opdx_nBuWSuJxVzu%Qa>^u zvb(c$Frh>2?ZFOqerjU681ihP+;G=uGg);_sH^Mt*go{k2sJmfwl8iJyU65FXLHDE zfob6Oi~tpz5i%_pM`OBA1{8y%n{~*tZqpk=&&1aZm&NDX;@29a*Ai~KPJ{Odc-iKr z&h~{zhnqXYlj7j*`26m64xXm=`z>$`j0tzPG_}a0X^!cs6i)|7+e#YOngrfi;Vsq* zamZw-kygY>I(07D5$`GU&xbKx9W9+4UYAC>hVD>X^WxS}=dnf$gz@cd-P1pfgU?yT z!q76YD3_PsP1xr!PL`<~0os>YPy{3333hNF&!rno?}Bt*~y3p z;_)wlFRVBf#oDe~68J(ITP?m}$MNc1u^laJZ}bxRi{M=|(AyLJVuiJ+n56Qz5si zs1SG8qqK5tt+&j-MB`7;zMPoFjYRx1g@5UYg+B=2NN2KKYTZcFZ{A2ZNfwbJzF5;f zO;xWj(+A8rSNGO>e@;pvgf`;vBa6aI^;-q%Gzz z66cvu%y%gGN*o+REi_$L);n3_kEU5+Ht>^ZwLASQm4c79`2@P)#_OD}nGXUhfxvfSlcqA$Z`8J(Dw_!XoZ@h^@-Hj@+C%tt&Z({?7bDkI#8bU^p9ya! zu#n(#dE@!>rgX97E^z1GLkOKi;9e5r`!zNF!bgZ>+$G*A(ysFmNwk*&jzC2r_ztxQ zw9*s$63K5ICsBWAPhFvf?;tO`vv&vy+C0d%)T|^ z@fUCx;UDYOyp2+FEG_j-s%fJM+n-H1GiuWHT$aF}OOS>m%UsHzPw4CGTS4!jyopsO zC%vUHF`HgUNci=I1eyqS9%6MH>>el#0RtLK+)wU|tTExf{k6dvk=zO1hyR&jkroPYZsF;zN z(Dj~YZGX#)%5wg1_p9x#?aeK1Md&d(1G6(QKc0__pGp5De4Q9GzDqUA@~L%vs{8#d z6j*1f?L^AAPzN6=CgKXJJ*kODjIVQ-*sjmymQ3J*OwjBUu1SR-Gx_~)osVRUKaxqb zg&t`4s#_>upZNhfm-1KLr}1;>sVtLP&!Gtyzmh~Rf_jhG8M|9D3ut#5-!{s@M*%l) zr2NyQzCvZO2Tw$9<0<^aoLGKds*COuS6{7m7fn~Gb|rE89G;G-ZYoL^xA3H6@0@;X z?>~Ncy#48OU$uO6%(oMFd+`!w5C!@N$$-`I2rQ5%S)e4s0%f2NvOr$c1i4!sN&*9l z$pQNmqXm!ACuXR^YBI!EV+<^bNUd(CP*xeRrY2gGvrjM8= zHw~I5=>kyh0Y`&^gJ#KTL(Gyd9AcJ~>iuu15N9+C7DcO>j*zy=xzZmLZoLxL)O!2P zlfS@0_Q}r1GVlv6--Orpnxee_CZyO%LtfKC7#nwY!al7v&R0)w{JpFb8 z1N!wg;$Xvo-%9$9iRsvYg0Ek3r{6*-t0PC@0T!!Ik#hWc;(%NbnB8{_T(0sf#EX)z zAQWbia=g=a33+{7yA-vNiO`mz3yl%ktOmM4-AQy~UOYp_h_M!Ofqtbaqq%dEc{hk* z(qB4Rw%R$~R4vJKm$_OBsf$gJDR8s3{X$cJXvpE!zT!}DVa&3x5IUB%iDeYO*{riz1$m424&7}D9O+f1MvV4HPKf5V@<35|p6 z1}ifc;UY0bI((s~U6z3Oh#L`}KwJ){FA>kM@}F$6{GT=r8tkx$R7*$gsRX9NB5~Cu zN*r&+wFn=BJ4Ea!I!k6FC-&5-&7JLwJE}l$WGdKe46X6HRV)tlXPdiB9`PD`Vzjx{ z(F$1zaSeTTev6%}e^VR@m`)r^j-rc%kd(?e9y%fhfl0#&ONET!ykuC@U*`E=c9_S0 zku)>3K=lMRdiaXor|nh5uJWhs)yct^)P0G;PU>KzJU&xV$zkTVP!ALS4|NrPM#<(oRV!N9Xz}s4EAj5& z*Q!R_k=?7%Zx|*iaJNEFR!qBDnRvlls&nk^8YC+8Csnxx@mRpe(DaVVKhkpfd+J#F zm%`sw%h(iPg|X&4iTGO_$rIND>1u=@T>K2x0+|}$ucqVf7<#@&9|JD%M0pF%uL5t@ zg6w;OFT~u_7B<>HNtgC(p!}*)70DJ=1$|9_PqfuBe$S+u%S}87E&O)vVWB2hs*cIu znDHW=RS>>2ZYsnO{;Uo8E-eO1tvEtc9|!F$rhToEJ;>MT+O{F3)Qf3+*B2W9Jf6T+ zaco0;)L{P{Sf?Qm5yWwXcg1hC+^a3BuPP}m@mJidxvTEgl!SfvYUDVbZ_{F=S#kqH z2EmJoxs>sHw7z1}hWu_#=G}Fw>lwdGdx!iAypB(KqahG(stPpteHD!j!8^5mN@cLT z(id*@msU2F2P=YMKb|9Acz3^>yuDj|gw#{~0jup<1l)~AG;>YIF_iqfh;Q+=qcQ4E^r z^ry9T!V;xJ| z^TtbUz+D2x1B*LbUxPh(D2q>Z|8G!S6DS_Y6DU4b9Dhkn9?pk;77q#*UyZj(t%(t(Bq8e2DM4!oD{u37+`e*guBU+7 znV^jZ=tNQi_4To*4-==ylPRyJ1Ga?#a$7LaRzZw7)>sWL+T=2RZ=DdnJV1}#h#4`^F}i0A(T z_PYCQ@pi*(H8FvX0(cGRXKsh*b)S|1_<~Pvvf>4o`RGU@a1YAFQV#gFk1R&k1I&dW z#^jtCX#UGr<5|&L+xDZ6Ls5qM3E?-=V%$TNk(qwa>^Yaf2%(oQNmx`?RbSQESe~bQ zn|zbpwmdyy&3D`};X6LMy`$+{9>ZnuWDBah{QQc9KEl7|`D_uwH5xpV$-gva^L+hm z#y{upu-||`sTIe0AJgd5WtNAvX<``)H9f4wgr>Onv-*bmurF9&UR72Zs%ogLti&fj zW|hWPYGD&F_=D5Xj4VCZyqqxXBWfUHivg~-qt}2{Z=tCV;~tmKiE9KIUw$Wr@b>b zhRh7^hC|HreYxJ2&Ymji0KUTo(;+aUz56U5n=ojauZ{_JEnfJ!pT5eq=L*Q`pqk4` zmqXZ(DyTAbw?SoQ)n8VNH4}$FmU2 zI8tQOI2khvCvv*oVJpcSHfH*RfYTjXeVjE5`GYXbaD^|*jW|)B257VK3v=y`+JBEG zUzO-{(A~A3q&j;Wj)E}qnxo8W1LY|KPBVXtQHOX}Mx+9KRHKVXu&! zGx;mTF>xl_4KmVii2VJh${#T?X%;eXCtC*kyCi^q9SYuKro(veRl>%b{DSp%1dazM{*r7t0&aG-XgK?F_3*Ud=#?~ z-zLFYZ-5h=fv^xU7pxaW2=BLp32zjkUjf_zQw_ZPlt3KdD;7uq^%^1pfxiljcYym1 z>GB!CzQ>XMMDQX@M-&(CC#Dn>;3cCr_F z*nSX9%!lHxhWG6@^(Boju!D8Doi_-CIEL`CcDs=8E@dC^12(~QE6sh0<>7FJzg~*- zl8Vx3WMZhX-WRMYD{BY_O3E858}MoUaSeya^T#!pDu(m<2*U{45AvLC*N&E9Fy}k_ zCHgJQ<(W>MT|w9})L*vRj7?PT11qWZ7W02_nni_rAvs8>=PQojlO!tCJ$gi_H>ieC zzgvM(O0{_N(oY?RR^Lh@ZnKIbxy{bx|68p-(IMStH#$hJ1M6_8RR7R1DAo69TaM&2 z+iO<7vVw z{ZzAgmx~u#jVPEy{A3?H<7!W`9VF6!R0l+Qk+q8Vut~`&JxpB?iB8$8)icM0&*D}I z-RKdb;w!shUB_9dHZu5ktTeEP7=JykZvhGNs73vyxT1_P(-$yxeLVN-HoiVSlRX%* ztN%+!Oisjib?jC6cY30@lo8L+Bb|}Z#s^j zY(9p6>KP|~ex}q@p3SP^)(q_vkGM$MY;(fPv&~8d@LF>UuK*J-V0~4*n~vji#LKr4 z@oRN*-esD2G3m5u)3V%WU9J(53$WD|@q4>tth3`K_Pm{&2n0)7ncju*TEch@}` zV_01ZA7&Ub`L+zrQM(w4BUjN;5u1WF16_@n%J0c&;MEz4{KJeiMex`=8GZMiVweGY zv*NpwGPLx$u%=Qnj^*)n|IgAu$I3_)w)^7z|*KY+}qdSJT zxIaC(M_pOEV?~idjsdmVZ~B;V-TUEaal!7eR9p6I&s3BLo65_j1u0y$U)y(tIOCrk zH>TAYNez3oBpv{YiNxNZ=&Oi+zJFJDrGp4w6u$N8FAA z?dw83ONEpyD0b5}C7#C_v`HPwM z5V((+*MsSJtAKJOUl%A-0ON%wVlh4E5-}f60y@J1TMJE9RK0`KEvQTex=q7tse4{V zWh!4);N`dKeOKc@HGY#=O0%ZLl4c;&NSv?5F&g*SFVz`8DQLkH#Prl1V`~HYT+N(o z(YNS4pcS+28oy9?sb^B!5yVmxZ)L1pK-;6tRKoabhsTzt@EO5;Y(uu3<5kT5H<$`E zsa9GP=U8_To@e}ON36ct#A7kVv|fP?1-vFGxc_nGOvaCPyn}myU!hf7#yH+63p9j; z7Lm5)#(QV|D4};gFy?-Fk z!v_w39VE4L0Y~j^-EA;cb{K3LF9SVFrg!($K{(>YNP=mz!h$z~a-H331bP^~9R;2a z9}?JPiJpw&vTRL#A#C&^^!(y6FOR z9~tyFN^KujkTs%Tpe`UTgfRz^?r>0-;=w-0sYbSrm^&03ei+5rSB{9W#fM|;sD3}= z0)Q{2pYb6<=24W*?nl`>i8FI7jrB$TABkI(Ch8cs4PQIR#e5m?W@@&VNb*qT(TFoy zzi>$4?r3y%mysiL=?)y^(o8y(OXnfpgs#qGD8HXe_8i7ER~3gyH!bc5}vz;vK=D*4FqH_RsCWndvsHa86*_R+$KCv=^Orf-*)z@@p!~(C-}t+3uO> z2v-X>ovOo^=odTkzg6`!Rr?Ha1d{E9RHCu5JPW2BEkoQ(ziHm~#&1EJtXtm30SDt| zLg%5K(&+|U->rx*IMXhK8o`G(+h^b`u}GICeg>UUf7HY36wjoZt{>of_(K!B(RPCT z4HaPl+U8(uWH)+*z~?6TjyPu5gV>Ak0)){7_Yuodgmt>m)5s=Mp23n~mWnr{p;f*? zcpt08x36L)t>LE62(2_vkzrsV0?JXultf`A1qZ6PFy#&kDZp#QMwLmT8`aUw(Q_lf zDu(Y+eyMrVW^uhE#xp_VSt#Cue-L^llHG*gYd(l!lc`u|9yW7sA+Seb51FGLvHhC$ zLf~~2bs;>bT5M4t=y1(?9q>~u+*!SYkUtf$!O4U;5hqn3Qbbf9oz@0t%jkN;?IUF6JKZ(-)bCGyb`56wPer zDo>`;i{c_dnES#c|FOP)A#B8 zIdPmvgoM7(iEk5N7TXC9`*#F$IdyYOsRLbhe!H`;Z#Vyk-uDDC>HGz~+Hy>qIBDBX zJ#WALoMe5cK6-4Z^NeJ(r4aCIMR{E@Z;H{+aB?lFn2k>2>yur|`M}BnZvmbX&rBPV zO`pf{g~>K7OvGK@)Ve*(Ub%w-Y^u!px&Iq<1i(qt0vjjm;n9+UW5SoI^3SDC#NcfhDm4` z($rL;m62s5-0#f~ckN21m!tIjevx9nQ`&^&_PA8X$G~)K0tDmXbGJCXx(qom`mI5x z_GCB?cy6i{ZUA$>34hli0q8ezJSBxiox)pEY;ZD|I{;n>K0j5r+?1lGpy~KTH4pj6 z2`C-FXing3(vj~-2cjehd5*9v6W&S_TiftUlVK{@zDt*eoi#}v{2k54OR};chM1No zxw;Co4C78>mNf1J6Ol3*b~!97z3`}H>9C#eFdVkmYSqcX7RUYsA-NmFRWf3|tg>;y z0blMbsS1V~$^#V@+nB12dfk`-uO6#I$QwBBV;rjrSA-0R8Nus1_iu+KU{A&OwIg8@tFR2H4 z(oW4Az{y+E1Ww}5Kq^_8*p59Y?ji;l$wYPx(;_akDePdTtO0n@t8R&6r5ejG%*!Aj z5`H%=#-E6?Mwc{sfkBfG(r25R>VuV~M%+WggLFSVEJ@(jVX>>CZj<8JR4&dKwox^q zkRM3x>$``S#2S-4PPOU$8@)Kr`-M(V3nb@XY}H!9HX=6R`ge85gm-o6lw)a00zp;& zrkK#nxFr_BAA=Q6_}-4U5y2z2u`zU%9X_zS+QydhgjfqMF5n*(GrcngZLz#NCYxJh zZTt*~<7;CXm{7eT7VN+ia2V>bd|OdpAHx!7ymy!r&ZV$Bj@<9UdlI;-Xd4g5y~8Xz ze_gCNxv%TWd~w(HoHK0Zv_Hu}2D@isIMlr`)G;kiyL*(3IfzpgP+jxJh~GdtGe&N+ z=OtQ075Z^;^i4v(BvljJmt0+8%Z<}=;+)=B{A^z$PAZ?;b;9C>^i<<--K1U|it-I+=Rsl)@$N}ATvwnT_b07zp6 zP~8#kY-m3!*c?8-se~l~)ih;$D&(qKQ5xPDXZa&j|A0!H+VRLQNW+w_m8tx$3I_X< z@Y-a!7u+lEP19go8vY9Si#8^+tgLKKDvSnRmOROH!cqK%e4Ap8&+&G>fsx3Z9MroA z`zh}FT5o?Ga7-EbI1W<@J`g9yB6}l_6eQydadc#Y?Znc#ksz?Sm4P--%}g*o1N<)K zE&g$VOWRRGuOiq&>DgqFUua4pl~&`L&gS~OU|CrqgMhy@|5X%!&Vvj}oggU~M2+D8Qp6 zI2N4ZVQ#?hh0TGA@sku4NU$i*|eQCg&ja4UWx2MelzV{W(UmoeO@k4|P`dr`GfrqbQ7ly<|pI zBpdZMq)bkPrih>~grQ1#YBbREI4G<23c)-^2wVVH($@{u(tGGoF|m%%Tv|6006TsedL1tfl;bPS607m4@?Dbg2#6zPjVzjjcghoqlr zDcB6h_G3qIY>$RPvF2YwA`QNf<2p%1j{qJ{)N>dB~H4~BXNRf@EmnPbUf)*r!W z=y%7Y^~zy}%S&+XaQXUh<`4n@DLPi}&@r0L~EOL^KQj{lUATS&Y{7#1WJbF6X@6(;VXA!)c*$G;o zQ}_x+iS53~gcHFYi|QtYyQB)gSGPT_z-J)Dw#JiDhbld_bCp?YZ`f>tZ&dCx0rjfd zwYs9Cc^gq4lF447h6P_LaH?5ZU=owpbe94bGcrYS1x`}&B%~8m@qMNCKF@3wlF>X_ z$KP?2};mKCu9cD8gr$_;9(WQVs+6vbr->Ytxu@&hySgpr3{G{^9Du+F2`cahu z?N{rLz%D%?#@#piSTSt6Zr227WsL3l5gm11fQ8hWtJU0@?=ABN?_so_G+T&TFNo}lF z=`PQ)Cd`lzuuqTiylqv4)SjX`Jojr#f)KzON%Sl<3Hb}ZqalxX*zg(?Sp(kQLS5?L zWZZ00P6175-pK%;0$iq%2GfA@Z8S+o%2$95gj^2d-av>*56T*1(Gf-f-A+n{auBlj zRjGnCCu&KQ&H?2G)h~|mJ_(B5?ig_NYC;kxAndfOyLHx%zFO}d!1El=$=}*x7ic>X z#rJuT>7V23{)#JKa!CbGGf4#{9Ig^09@IHbi5Q!SnNCN25BNJ;!n*;kqZ8cTmEogzc& z?{X!<=O#W{i0xUZKJ1DH(JN_0mL&Pf^dn5x_>DT+PO?(J&M)FN{+g*TLD@u<7fsr& zF15y`?lQ%VyPu<={B9MVKzbSSD_zL{Ve&$O8E&v^!(#h`yX&3&Thqgy-rnso^aSLY z4jWyonqM)^F%;nprY1Vp^^3t)C;5lzXo+^yHHe89#{;;*qF)90suu5EuahTL^+U#Y zINmps>wY%Jt@tudN~Wc(#)xWqU(af7O->M>Hco?wb^eQk^Ihg?p^EzQK&X6|IkUbg zU$gBpyI;xIkpAHa)c1I-thlr1-J}G_*W^XPX9!(w7Aw#djOS~8eUI}w$u|324sOvv zD^KA)n$EMezLcnC@y~c^S=^=YJ_qu0t%)qsxL;K?i;?|6 zv~2T8F!!nO1vShWYF}Ts^i<{9^0M}i$on1E}XoNVq$6<UV#kQ}rE$-Ae!sWrz`i3$Y72R0=i*27$9}Wk74ONvT{)&b`xlm8I zRd=VdD}a8l{z<2|G`GochQY2L&$_i;MaF5_nex5r=+4cTp7C$ga3uO|c?P7rh6F55 z%tl8xI1={|p$89+d%LrJ%T`l9i&ZE460!tSqSF%R%VC%FTdhBGW!)3CSxd)FIQE(W zzs)438+NlcqE$08$wL?Efa;5*pQ(k&K<-5U3o?z1bGPR`JD8$zoezg$4X8;O+ zn@!?DJ(>4WqTQZlI)SQBGVkK9M#6umd1U-B{yw$yH|#F5lkiQnIyq+(rSpK*(^y|U z&BdqIQ+A(N^Ty3Q=4CBe_X8dv+8P>De*)20QvQ_I7srV}R1+AnYrzZ>lOOukbgPSJdMR%P6^u)_7z>^u!V| zpJk~7t2n%v**RjWY>VlrA^aXqFn>zxYw(wp&WBb68Io~j zxabZ|x$;bEYiJiYv3ZaTt0Wm79U;TAnG{cUe;d*JX!w6oL zez@+Q)-kYVMHG}K!~IcCl57_Z+#567psEtVhSMM zb*se12#KBzumlEjwpK^{lC@qB^k;3!b38O_s}OK25(N!LJQFq#I99%ft0fm2IP|5F zq@{cYenBBV6o@7{*Ap+5Hl9+a&W6acmw+9LpFGjg>W z$PURj{go;|MfPuuhB@@J-W&oZnXo0M+B1lsfO03shBiqnZf7K8E3^gi1;q1ltW59} zbXrGTfq%+`BAAbu1J=!vxV|?Ij_VT)c|O3$WWcfV_#v5FlLs=l($LXsBSVVMT|)+{ zYfPbZA~;(ekXZ9E87pD-d9lpalcQze)l^s#H43an*o%_5?gBU-)%|dZ#1aF#T0uD( z;~Mg?#)v4Mhy%d27S+G0bhO?{oh1=RD@h~Ht{l)#hKQ{xPI_6{u|#=9+?bBVGwE7! zgN^c<6~L6#NFX*%$$~Ux|4Rdcv)JGLyCXXhLpc62cxLjwQd*L1^nwJA0EH z#%)3386G%^ymnB)$S;YtiOb4hOd<)gyr0_sU-7NUfN>T7=w)_FtEd ziTZ_Gfvq8UD*f!>$}vl|eMy;3f)^?q%8fj@(*DMChn5+6)ApFQD(VEtn4$E$Oc*4NtwrZ)Jo-#@8lx7|%_?KdqdTAT7Sv<4W`wEHkoQg^*!Dex< z(9!*tRb1s^X3J4#M=f`f9II|dch{YeDkOR>zzdA8H=F4_z*oxs`z*6`*CpZ3Ap!8u zo@Tygz*4!=oW-lbWj-7EYP0kWT*JGaeT9l!QXjg8t@<$Wy*RFSx-HCh;X!L43 zKhc%)NN0E;Vq+wy37prt3ZNpzoXg=Oo2Ak&bQ1sBW=Ao8{#K_vQz4d+P_W)WwZGMU z%HhtZE0qOK<#LVxZUes9sj4Q)B2IIx772?mHSp<%t!!=@eJ_>wrN&M*aPp57S_#~d zrojYq;D;XE( z?%n4E*iQJXBtsFC>rGOf?BC&#@tJRXoxZodY?mY9ve%`({WtVXoH3)uBgWOd_C{F- z(CXrEne4nu2+pafT%qviNMB*Ktbp9>b}rnC`~d~|8)Pn468?%faKS5tGy^mdm+u-f zT~_1pogb5M)eA(~Pn@2Mys+QPpC?Wu7W7%tH#`bjX{rRR^RxL2q+3D4UlNDPdx?m1 zRIVp%7s>fvZ_xYLAn*)CU9VRnvg%>dpAqTIGJ>to%IgodUXtzd{F+5h${Lyu`C%5j zFp+oYIG7Asm=`*%Fwxbi9)HoBUg!_A{&%7y*lmVLaiZ^YB4O74TqDf-v>bY$?pS(k zTHf##i?XBHkZ);+XG4CN|G$Z_o`TMHZ)Sfsq>_0^He_q&K!`OwlC*iCFwx9xN8$3^ zP$bCu*erHjet$*57m^ODD0ul`ML}GX2j|GJlDE=|YrW5zfZUfK*ZE;ii4kSJd7zHs zsw_A!(@2Q?(X@Op#yZn{oSE-6ak7BPFzb`DWF}-!b|e#WdzR|XJ1EHd6Eh7FUWn#< zeEy<9MOj5oZO9d(=Un--XXUWLxT^ktoYJ5G5u?_=ViVB$d z>8!7Bu{g7TcyP1=mllxi`Mlm`6K`F}TLoS}L3xWfNItt1jf00zXi(Vv%zd2z6ar$l{3BKQ*?knCV6#nU7wYbYOuDvn*4)KVMR^ji8Y1b}< zZujD@SIA55;#Y`D8i>PpEzw^kIqxL>?fiutHN#ia-Yt|vq}aQ^@C%=sl8mbS)Sat1=74LlZ2Oe=UozTnox`wvUmj*H#S0s(&Qn~@SDuP$zf=?2^=La0^bA(+fe*Si?2w) zxe-&zCdh1TT$;8Q4>gn|j4BnE>lPAUdLzPp1XlyxLf{*ar;vhhIq(#53e8AU@Y!f_ zTxo!9NWs7HP~)q3W$8R3-hgl;D4PJTkZ0q7$v`(jN3`IvIFpe7Ry3Y)6Cz&KjPg@c z(6kZ6MdusE6JvmGgs2fM1&iyOHj3459}w|eU>?dtC(1MAw_;`}Viw*6#Z`@)#H(JD zAI4s1;(+2%g&ooG=UcG2DlCqoPNlF3(I%hF*2+kSQ9;)4-w5vdWK4wdlqMrS;D;X+ z*aXTI;&Pxot8$VOiWu2a&|RN`368RLAkY3@6koUimJs?3={Ja_$b$EYj6=iv}Wl>;PTVnV)6x-$S+OdRl;vZhd8GiqtNf4-f`kOmpo1W#zQOp9$=0# z2N8#ZZsR)NXxy$cB1eq8uCIc)U7?avS-QN8@B>Vo%WE)jt@+b}DvWZyHB>w)zRECS zT-qGt(%Lb4^ONPxSI5bM@C%aZ>n6vFbc zqW0QSeo2YPQFtO0msFkz)y1Wy;$LrB@I)|ul)Tp*tSqVu2FgnU!OCE1Fc7RN^aYEm zDl3CKlC&R^fTfJB@s*WK06rdvr&P@VvMt4k;@Xr<)G~T6HgXqZ^NWtsq}_Rg?( z_iP)X&L4Ha!{H&!*4`AW*_8^uU%C=WFS7p4QTeD=g=kBxZV`^Y7(_fL88 zn1<7)%!#|Aa(5xVV;eMR42XdL!K5*0$p}hI#;AxTV>Gx1Eg8Z8CoLI$@c(5?#`*sb zSu$$>e`m=stQYqmY`ypcW!;$_gVu{{{$t&lK2U!|N6Q2d@c8BbY{_W)Ke1$-@qf>f zAqlpW!BkXdL4QRXbtb?>;t9824%ZC^&+IWuQng_}(|!w>3FOjfocIq&e5~Iqy^D&0 z1uaCo7o5Q!;P(#rl#f%SPuUeUQA{QLaiGrX>yR+RI8j0zOQsJoPLLbGF=@)-mWj>i z86J2L54KFakB${zq4X&K3v9jYaH~Z8k*pGvl>J9?CwHn5qr`0WNJfd^;YNw-expR2 zSY?n7V*{b;19pj>YF|>OKO8La2P2-e`iNbkvZ>tfD{U$*FBc1v*lEJJhTAmQI+&e& zE$}~8n_2|eg$kqQeW-tee7Cxa|Dj~_pHwS*R#84z+*MyFHh0jjY3vSNMj+hH@Htf+ zE73XjEsb+6kt=$xyUVGKp|2@i>^CwT^Kz5eVG5&HBY#3gsMWY% zOUGQ5zSv)jN8mH#TeTqjk;sW=fz3lp@f7N^6wfYIt#PqkuCu=tTw?_CljYAAs(;t^`E8$f4>1Q*|qLW{dTXgN-A+g8n!QGH-vcP95 zdsdIe9X}7&>B#Ga?mU|ChqbE~)i;%kE9-w)b5}mBDaE_ghc!@6rPmDDOm=8ayI2IT zL8u_O$K>e#$}BxW&uUT2#&Kpx;4Kv{XG2UFnI`t9dU*MYSiAHDU2b*_|G<7&^@>xN zVb7Ri*fVOCX#EP!Jk%F-KSO^c)aEgE$P-EGmku(+v3Tp0Q` z#f^y1TTn+h&y0^53CHhS%!(#!5WrlWS5mv9HqlAE_WnWx#l5{%mW9c=RTlOsbNOQM zlOdLmGqfet97%EPwOE%?8H`%#O7K*FrJ3OLxY&W}eTdNaMyt zErm~pSojB3o$>So8s|+XSQw|BO3AC#?fuCWtG-QXCD>k}%F7gv)nuvp4_s3)M0p@a zSEh(}OrW{7-tpArK~_Q+35C!#uc%=MW)^krKyTfW9cc2I=_m>#Dc|pMxO*$j7q~|~ zq$-@25!$$K=|jR z?`T)Ut>~z;nfaIE{l#Ar6P543U!2Yhiu=aT#d{|TO0=f&7j=uqboF;LJxa%WEc9-R zwoZc)x^|1Ey`Ky>ATGDl&Ln&&)~F;Kr|W;{>IWKp#4?NKJtc$%vOQ+?7c+TN!*9&& z4p4s4EVqL`U03b^+N<+@8srw%?gK~d876C8D!GYap{ys6Y_aMRdnBu@4Vg&w6sy28G8>R&mvixfUKX=+T<)#xc&cr}{t zqsly$*JQZ($@UA~g>Q&`R}%V7;xez+-Iu>E7SH@FI46t0L}Vg1-#KU#n{A{uC7A`@ zzsf&MP?Y&Zd7kK|%zC47mFLDZZYqf3L7?U*2$Z>H^3oo&{#b&#NP*rg^I19kDuux@ z`4A|u>t6nQKHzz7xH1JBWA%6Q?I&iKlJa%4m+#HDiodFxb4?@i*;{5ADDp)<(es8y z@<}hY4Ca$=&&HGU*nt%Ofyc&Mvx>1hN4q%>b|QRU09ppG%`ED)A4K zsihg2{GohMSLK^ZHGCGa-iFT*@^va#(8iwuQ>Bo)yE6ERUZiiKHnu>9b-$LcJfVRX z@n3|0l3^?E3crcSFVkgAVSh&HvI3dw65m1$`56PRw2={xIX2AiGa_Qw#; zrZGLwr#M$kD&n`BX7VDhjb6yHoGN)<{(XVX-_hBAZ!v#YMgEJpD<_zf`9}pp=Bpb2 zprAS>dyARO1F}_%^W7S#!2R|wQZNhHvl@S~z-ko&{&A)hQFC&h{*LuwJJqCn2sAeMRs{c2ssiQpzNY%phH!m-MP(om#7FeIv^xeZt7CHY#Z~wm z#Crl*ddLlV_O$@R5$`&vskBV3`^=?m4}vLrO%jU_jsJ_P|4Xe|@(ewzwAGt#dw{f8-R2R7Wp}r7B+Ks2u!kPW zvP(_@{&p6S>m9M3x8#kJrq$;Ww)!JQ=RD<*Xs?zw)}w9w2kT7oZL0bN(mbNvM+Qu; zQ_SXHt@^f9{S~4Xq>*=H{H^T`^BvB%n-G#KB8J!5%%2Wl~YQO`ux~rwF*>er zt#;>}ObO$3^MJkaG#O|y?DIP}J+$CCRzGH3n=BEw=lQ}LQg>(Ig+uBsNBRl=kL8yC zht?|*SJ3}uy#10Wz{U=#uRNGjI}vD=(a7RR<(6m3a?6F$DEzj=$}LZblv`&1|50xF zvm=&UK4PboU^ERn>%Z@mGT`opA7mQz!-M6Pvxjs`ab;dk;(V8rfp#WmJV92~bQ%Vz z?Ih6}1e}42neaym^0fpG?Nl~7ol0%X!=Bl2q@cUY9&6%1|F)~S6yzx0z69T1F9Zal{ zmaoU5K4SUWg@h2X6cr36QB0Oe6ndc!U&|!QNRINiS|p8vh6yi5(^Es!GPY{wBEoM1 zaRj2Ql8F;Gm;tuufnN-9qr`dlptEEj;3$ec*pKyvnt}DFBTo<*+Mj2^?-!EeX&?hB z7LM*}Bd>7wC|#YfD`FB=IGf9u#!1?M}a%E!aQ*>v$yPVLO>)$)7`wQn!I)(iiNoD$Spm zAu*Duyh_;H1$5?#+p4={-Xq?J$_i?Jgy_{azS0694zfq@OW<$l#pGGSFXkw1 zd{-!uEP*q*=}{flYjBkUaljwYJvhuxZc_LQnvI_gRQx5?yq=&#rMhZK)X>EE^;!bf zDtwu?J+bQ|GrXtpUhP`b0ViLi+V}w{iI^H+X8MCn-RGPn`ybC!r-zp{v@V`&an{AU zKCf$SZ(p#uqpm5`(z>|wHygFP++{XbEPuk4$n*94;b}A9pxJq!Ye91Ue2v(&X+H5a zed9E3ftGVw;sQ-MUt{yNkz+%hH4bUc*byfK-(~5biwMaBvLmiaJpPnnDku+-s2yV# z(4fkkGWgVL<1rqvVh|t$*aC}MCe08mg9pXiyqq*Z(BtVfMG^tjHcl^dcs;X|AlXv` zXt5k6UUjEbG_V-x3_ad+B2bg8A})@mwObvY>rAA>DpnHu59aXPW1`mqjD(z8@7KT{ z1)2!1hTFJoS3e)rbAag@dlw2k9ushs>sy4RMy+ zkO-Zz!#Twh^!qOYg_YQ>7Xm%c31_3fy{+a#hxk-x0r~~T%(+Y&USy9IJO31|mTZT1 zg_u3|G2-mUihcNMjf}Tz*|OFMb_4H2vwDY18v|@HawL_eB8|qPbXeYr^f6r)i0W{% zW02>Pbj!T}r-GV8cs9{w7fL;gxC2=vKeyKViu`hg|3Z zr52T5pl>QbQF$f~hk@b+cpB`hh{+9nHgf(D3^OeRb59Ihqr|q1j?=bMI6+~_vH70h z7;&{?tS=zD3GoY)a;(fI(>_POhXb2|*0ZVLeiJJN+m{3$wkwHg`dNr2Y0k;%@sLTh zO%%4OFego0X_KiJacT5-0FxfGaF(LBE3gpsY)(unTnS{kDlY%qF1COwK0@o#Vmx!x zXc3BGu)(Qs2RItlOhWsd^m2eyi0wMVCG)W_aVjT*ZM9DBB<77yZ6$@L#8L`$4w9EZ z%hlD#0Ru70Jm8OmQ~A^)jbD$0HZDf-0Dl4)``ZFHnDTo%zDbk)wv&|<$jXuGIcPTl#Xh;jj#Yt+FJ7Os-u=0`a45i1yZ;L6$%@*|$lTj4xSZOJrVC_pR zt14?O56GaZvaml|?C>x)d|I!uqGwF^jn2uE4Qs5L)vLTA*svJjOrmPu{^*;1_OUYh zrqz1>K)cTyRF~)KR9TPwo*{hacPUq3ov{wBX9VMJ%lc@jPVLgyC`Az;Z+WAOYyh; zFUuUBpMmiS!CLQ<#Tkdh;Cz%ZSmw}@cEmD=YrV=@nbDf$r)B)-n&j_W;T*YA>`djq z#Q+&*QBG6GMXDS+f~MGNiH1pu@Quqr!x$HBP_e2c+81ED%y3bbruYu<41Pb6w5AA#Uk;(qSb+3l!!Mu#|-olgP5cUKNe=H zza<~UkKOtJKW@*gQtqOBH7kzup2p~tnM3O&?$+uV`M?orL3D3sqN&&@3#1CE@8$J*rW8|*v5~Ek}L~YA4B15_il1nP~)3voh&sZrK( z9{ne;7)A-lXn&~R*J{d@8b3pemt|1+e454QX>7DusISw^9F0kRhFgc@45L=LJC9*H!g{h>-4{Zvdl)SmD!W{yhM{} zWsJ-7kOLRRiPiY0pmbwox%d@{VA@tFOKYr;BM&9WLXDiSOI*T+#nbZ>cuW%D+ZrY! ztdCb;aN&nQD`avZz0(RLkrkDTrC9mEmE`GliM81FFv2g1>Sot~7vjkR>4jJUw8!G` zT*YPG#hZD&=N7{UaW5w)C&En#OQUWGJ}Tj!MGYm5fs&H&sD$F6Z&U(HIB#?L(r8R` zg~lJJns!WryiD*QRgX`g+o)-IEZv(=` zTr&T}N%-Y)+-{jBR3?oH=gNBie|F_mn|F3$|ZtFL(h~?;1 zqhk75(V}wq8P=3-gB8>N0;>>Ua$Rx;Pm)dLk9kV2OZ^6!7U*A}4yvcVZ_wg$U`Rc6 zGbM}2V3qw^fG|o6%+@0pqC1yHEHLZne_e>KDPn=SKT=Zt{lSvz=>rCs)4-YeEB)Fx zSj``wRUPcrXu^}xSJuTM6?tz(C7beC);ElwO2;``K0!WOCK=llSC zJwr-Fr$Tn1e1=e$gTkp(o#YY9DLop!e5F$536>=p(&=Hfz#}A;(OUHzX0%p4M>B5_ z@@b?NI~-96dG&tP^qMTD;aS{yqxOs9IYM{zqm}Qy*d@<^%>RRqCndeJk)a$gOb2O6e7s+;aYvIaV$K7e5=Ib*1} z$|6!+eF>HmVXD!2^<@}aE96=QiBM%+@8ft=t6^@H#?v~uHrhU3Mg-}!l9Yro_7535 zNMBcFDdPPmxj*%pBxHbDdem1_ODyuu0QjpC^`;ML`TDR~;g~0Y1jb0C>t576pj`@3 zihu;Z12)PW>p99S!>$hy%f2Dit#8x8M@&M`9SaBbg1r)W2Z6+nF%TPE4=gw0ZNC@H zcbn=AfVkHr;heXa?7QQdsv7I7DverO;qoXegqs4slCofvKhV(R4_AfHQOG%zuQPdY zv!bjwN$>m}5!%R97d6(G1pK80TIXo}f@Mgl_u%T(1LNdU8{QEYr<^nm{ zqTi^P|7CM|zO%^-KbPoxY?un*Cti=|FA5m|t#;ODvj{d+jhfDy9YzBg1$;PLB|wo~ zN6i=8Vmv37IN+6b@;ZUfDZPmZsEl^7dDLzZxSR&IVua`Iya*HUGET1ras2ZYr+7Tk z>f%(~+i$?#RfSX2Pxw@WW0BvehzSgAHfL88@!9~9!)*a)IRHN)tk(3uoOpoJ?*#|~ zk7q2-vqgtBK&w?aPTHEx+@~&HQdr&Ovtzrr97Q@h2AQt$bd7aoZ7uJV6hZn$ZdySZN;ZCuxd;LYT{eHiU zV{L5dYG@a8e)v?AbNHv^7iGBEpu)0sLZMgIcWo6L!SD`cs~Dl3V&nD>@Ak*s;BD*= zFP{q+936^8z=j`<>GZa>cegaPH0q~!4Hx@{*ql;fsx%{xf6v_K9NyTzRDAgH?QM;r z9&fM1+R)zC)Y6<;R#a9L#Melz4cIp}+t+x0e?+@?uDVG4GTU3%HOU$9&M90(+Rw<&^IkwtcABKnx~~P2-YVo{AdP{q}V_umw>j5 zDb>teW{F$)QXFkoNG%c}c{M8>&(toRKMu*}lU4B}uHV+YKc-sRn%_sdRSYZ88nmW} zmGnC&xdYU@0E$6>LF2o@vM3rQb~h)-0x2|^8gzaiabxog2O$5T;z*T z;}_ddZL!0jEURwbNXqUe_=$;kXbfKWjFe}8bUuOYcpLi0rV`^ z7zy)z6va82!(x%r;4HA*EIlXFoMNxA+(MLhZAuG+6Jfg0#o=YYJK-gyjH<_?c?qcX z1ayR_QN0fERJp>R5%Vb21HZt9 z){QP_=h?B2Y19cfLR{4-P=LHJ)a$a-)gK&eO=D-eEEzPW@t#=Ao5(7uc^E};aeWld zkqsDksrmv2g3qr)7a2#m4{b!ObZ?Lv!(zLdj|I;e%E(Ua}x5t!hM9EC%&cOhB<)|n3xo^@FrC~1L!D1 z1tVP#mTbb#q^6SzB}|+ht|FGFs8VAwEq94c0WPO}yE>_)Ewpe0HQX>05jZtH2$g)w&SW zD*^wFYChQZtB#&>Br5?P1u~Aoc;f2*Rnz8(#nDQyXI7IAZ2;HCTbn$1Pn>JX(~ORj zPLRt~!wKTWKXqIWaBMuh$&0%h9(0_)sJxX#M(atey3wpg_aDGQm~B+cwvw){>5hW1G&jo)ES1T$JxvlyOgEz=&Oq|z+5 zbIT9%NXcj&u&ob6zRp&}UqHrgLjI<;Oxnzqvyhm?9-#2tES+EF(uigyudVA4t;9188GH@9?kF;`wzN@Ji%* zCgne-#lVClB{4zy0?bDtKRE$xy=H=_ogHs|B0&*QX+hhc@%(&;Vc6~?B$I+UM*XXh zpOAU)s;a7BX;r9nfz?v{PtyV`UNcdUoS2ad!oL=(c)d;eQPaDu_K`sEC;AGj!hARp zY=0m>DYLI{)Qlx<4R!P0AiP(xD$iw;UWRiOzEUYGJ7JtBjjHKpelE*~?TnXs``nAl z%j!d=!OB=gJXGCp#41FoOXsnQM;u@L=<93e$C=D*gPGfuiHeJIlhPMn6{xBdZw#0e zOTtY_Bb1R=k7wLhRj@NnJZ-$wq(DYTOUVeHB4oWaMd#DFHx!BM@Od<=lPyZ*^ErXj zG_t_XEBGo_qti5-vezk8T(7hFtPz-;C8GrY5y!7EO@ez7-ZZgv!&3E!?fLd_sI;Oi zI5A*#U;R%?luMPl5xd+M8Sb|BIOFv&-E3} zGR$PH`LrG3OeuaF^q@3}O#%KkePfm1UlFb_eU)!Koz347N( zV)-ovKZ!fE9?6i@LT@xNz{ul)U)@JYFpL@=W=HaFWSoNZ{L8SI+7n@q>We5N-+(fb z=A)xvx2@l}6O7 z4+nyJqLzl$0CAP8A-1XuV71Kc5&z1}wbkI@fNHS5$F~98Jr>S`0%n)z2 z;;Sm5h(q2BG8@utXV*kbF}_JPYd}*s(WJl{P*ehI2%G|ZjdFk#Sk>XGg0yy zC$r3ApuY(2ecEm&tKj+z1wyF_u5ZC(!xGKwmp9mw|RpKA`3SCRmb$HJ7nZbDj>4O^iC1$|vCk=#$nEecM z;q(s`HItMywX~j%9nq>T6^vP+Gg{Q;IoN$@0hiI{nMQnEg^X$|C?)V9-eVw|41F8Z z+G(Z*KpzJg?c#)P!;a`^yvOXy{LEaA55?{^_tzx(&8*Q3;QP#}RD7ZRW~Z`5s4Rs~ zW(E59CbkAbk)%Vf#pPSB@;xS1_KTm!#J|eL01q4Kt3NA7QtjJ}odr{CI@`P3)2!A5 z7PVOw3WYC&0=PxBECW8@952);nV>iVUxRWMzz>R?2V(NvA?7V+i5J9a2Xrxgi?{=U zo@L`_Sz~Z2A#sxPQA1AkY?zCdD^Z*>aReR!(hXn+-VGEk5)&WgnOMY(|J`K5dMg!+ z#ofS96VIAa{4kz94M>V2-fzMcM5az_e?xym?b*7!YPKHl2>eXM*x+ldDko<5qNpcg zBe+9yrYtjN%4}4wlvY;QO65hkQhfA#AkK_j%(=&5as(C=u~?L9S0Kw!oHO2WSkuH8 z|3R9|aH9}?Fe)^|u;sm}+r&Dufx*!Zv3?Z5PN1E5aFv!m{F@wBrR5v5Be37XO^9Ma z#4E%lBzFF-xg#b}Y_VQz?lYH_lm&xTW#z%D(#p~bnG0K9QeF|Lthm-py@6oR#3!4F zrv^^9h>KAuet#<7IoV7frscSkA8)>QNDJ6`+E`D0kLMJY-Q)RptjAkeY{O%1(+u1A z>Ns@U_!x-6bgF#AN(CY$*wve?>-(cQkFji%hTLe(UXqQxY7t5)5gH<<-EzyPg@cVR z$1Dr)x5E2z^a(0M_&hCLf7w<`1AQcjZ>kZ*_f#D8THv-gzY)g=u6U2%KgTvsCYq+( z=GJ?s8P%!xeFbXEaqIl{YY%zkd36A!2>~kYP`Lq?zj)krE znrIN8pwOQHrXofPB|AF5v*H2l&nkGsA}4XY64NyjUmuE;-9nIdh4;kA);wW9s7kVo zb1eXwaj=fy-Go%2%s6njJOldb{*XKYfQ{VS-uO*_on$e83S~&fjKL7UC32sFV+bZ` zWy8hQA&a66+2x3qOFoa_yC~W4O@wIm;|icc$F2k0B8bN4y@p^BlbbkZR}mSWcQe3D zq?6Gk0Oud5B~wM`Y?+MCo9vW3!W@lPQY-ip@EYu|f&3%Dy_%j)WOUvEq%LCgAL&6* z1TFdrOg8$Ds7!f=$T+=bv6T%;V=zh~w-Ef?83;8ukHokY3CUzBX^un!-^i57;Aprf ziNuj=>9V??45YKhgL;+f>^+b~*W%E8)_*v$lPR;{Xc=U-Izb($82+it2Sb3*2dPre z!D{Jms!T*dm@9R8C%2kqaoSqNSvx$Xzgp8(I<`{NUEmCQf!_sMOC(sZBqhGfj`fjP z<2|Ty8MN~VIIABZL|0fBb1Yd&;RG63+}*xvpv=}w^supH*ath1CHqaoEe%N{(rsV|WyIk(!UFNvEaSxX zXlE(kr@FeI9A=)G>h6y7^j%B#3NUuW@XmCkgz)d(!`bVp{OAm(ukqm8R37i?`$)Xt zJnr}OO(PRDo+<++9WZ1{xO4XX}51+c()qVV{p25Gt`yIRJ`+a6_i7 zJ~F{+68q*~D*T*FK0ONV&!$~jbUCz#bGsC<&b0ACs6wL_hDNw9&i5Hgmt%*&G8hO1 zLgRzQ4Mri5FJ#G$>ba37E1MvztWs7ZIkd#pW~xmO!hNWuAjA{-_2MYsLe2aw|1i4A z&nNgtILh|rYp#*{6*+v=h-|)P#2CJL#28oApJ4hV@VBL;q^KfTT2fL~E)H2*QC{dP zEvhIj_g9sC8~`PsJ~N!J9`SUI(c-SYV53JIDSU>)W-`)6}{Yc%~{{v@c z!T$e4&Ybg~ICCuQwhnOS;h33VU}j8D7L1XMdFl|xyg9;{>%d*H4#?k!LFPKiL=p@I zQ>+vBDNFuva23sxFNON*aiS@%)QPcW47n3W93>!+A&3P>{QC@WCP?l=6h9nr9N5id zkmS~*3Uxr&L84!*hAR-a09Xjj0e-p=h0lTgbc5$sf(rjezEVii^W={-cjeiHL^_tQ z1~sl~KPCnK2KYsiZ<-K}f5$cY1EKN~nQkAf2uBNtH`O=!LKUS|fu{OUSz~3$PEdRw zJL=~kT#u5TAEoZ@iz(MO!lJUO`l`l8!C`J={6)&T+$a&x=Aw{I#E?}Zc=ax053`|o zHIp5VS0A%q@(sKyi{RD4XjEBL;x8?!^p{r#s{~e7mK2s0i7{ANT2djkV}y=U6gU9W3^4kR-7BNlyBZ8Wn<1#G4EPL4UKXXNS<<7b z%m8=Q41r5CaLkf$XV*0K7Yr00OiW8~kL&-En5vk1K1yIZ6RRaK&7kByz(HVg9S%%a zsY8LO2F27J3QVu5hXYe=qg{*7oS>ECXECR0gH`+HXqu781E4DqApQ4%IamF8|0C!T{N#PAe(!rxtRsX4hjoQ`%t<(9*T8wyEq&|RQN!}ULAh3!n3+E0r*PY2?;tc&`rgG(kme*r?l)! z7&F+2XCZn@%btXUswV;6gS~h>RpOugK*QrgRZcRx^hBESOoEI+ z<*_g<7(BMWEl(Ce8k{UnFjz5Zpfk^w{y&xkCJr>`nIHqTArlhCZ~g6g{(y{<@=cIe z>K{MYpl7^%;Vkj)(z5ZezQ0A!$LOj&3nd_0$^#{(WmToYQop~nG*DXTD=8|k3Y7ZG zgV&iU|HIVhjF0)lr0my5^CdDaLCUgUJt4tFXuL1yn` z6;(DUk_Ml$snZ5&@K^It8hqADdJm$(FU^P0V3@&IPTHWy^|#R3FwjCL0)xApFwD{+ zO_~uJOm_(yyx)3^q`{Z1)sh7>ZO|8C!JR``@H6K@Eck{i!h#e32Nv98p~ou*3*O|4 ztv&z0VZrzn!v;yvQR|6uw3qjz;Kd5K#a4AN3Jz(Sq>x}Pi3<->AYFjU1I)|i2Vm!OhG6{n*Aje-D&;Nb5P2Y>I!!NkW7Xmv)y@jfkEaF^WxLiyiM zn5qc~t4{In(a1dDy9J^>yjzR(9RFEB+DP%@pQ11R5mPk&qd0Q$j~ZzP{)1-9`PA{6 zTg*`YT)rmObN*C*DwYC&Jim#ogg%tDNqmtK8;1WPDZsHMon0B=8?rOtq#SxY3U6Y$(E=+4c=^w{&axjM|oG3+DPdh438ttj&cW#O|r7TL%0c zHZ!)D#7y#)z%}_~6~IwK9OS^poG5F}ONEzmm8@jbUj*(+gZn(zdrHU_=u02}7SHWmrIE=u@NPhwPMVkHMQdoj~w|L#Z@=d#e z_cGnS2OWWhRAQb0tmP5k$Og#3A2T4!>-G_*xC6^+6`Y<O$vWr&i(kSg?${OIy7+3c(s0KcV8Z5GpN%OH)JhfLL z{8Z+I-ze_}aZSEfIn)A~%J2rA|0c-g#)zNDqga0fA-7_2a}N97B)A#R1~^3*6r9KR zs>y1v2AzPbz_w85zpCzOCH{&~Q*UKV2>pDM-w7P)#mLRNDz1WiZlp&}S+Jz6%8wfF zRvqxJah2X7JQ*oZ5d7J#7VwS!5=U7=9(t>^nyNlaRZ*qb(uL};s;Vpz`+T7Zc-Ld<>i#QplUS38Q(a0d(6{y6-Q{^Hr|}$IvL*@kr{TLv zhnFY(59H~E-~JED^W^_Tp4I3eX=#qxuC%$B!WiIg<^Nb zIiNf#%L^Ia&6<{TK#wcC8u>XeFe z{D9U6X@`-A+S;;StWQRbC$aVVqE6OqablZ*WFx-|i}~>s=@cgM`913HIfa?k=@iBj zWg3NDhE?VRV`zUs9sGHMlBZ8#j^HpxDY9pn?KK8#LEwagUxDPBewg;X#uP_TZ1row zbO7LcP!32^kL70|N{a3UIjniFpy&kYS51SjiS-Kd^I&aS8R=ccG)M3=5Gx_Vwem-r zrea^*LEU$vW%Up3zY|XYs*UolW`mx@8&oxDI8#3vaHd{EhB#A`@i5y! ziFK%LU>pGp8EPA7vL0?5a5dgwjm>=DT8_W*pRCsnrb$fD$4Ne#pvQTxwR*gTdjyrz z2ptvL@N**T{o@N%*+L~5*;Vx}GC)QLU?>@RDOrm{$>?8j2pRPeSZ$;8SkzDUBpu=> zD-+-ST7)3NmAZ4@QX92L0yJj}(QOlaw3r&+vT_>rmTjg`2?inU5>mgPkT%(>#M(L( zl6veBNV=bjQ~Ui;Ncz@*B#qEj%r7A6DJ#4QEc-vzy~v0%k_REzPBSDW#n%3dWY>Cc z0DRHzXup9)Iq3`nJFM^sJJ@9wLfjR_q&o@fq#u)Rv&-2aG-|^UIq4>QY|T4N?3{m{H9Fv3h^Q&=%xr8o#-U~2piov)Ip|SrS=zPJ&R!$iVwg?ob*b;N^%&X zes#rn<@KYImFW3spwg>^#3*c~K&AVJpb|L=9g`Luk&|AHa8mgYPWoAJQl-&N^eWWP zRq(C>M*79%=q=YR1!l=eC9wu0mFmvvIrV@630wqa5r{ji))B zvIPl_B+6GB47bbvfL{p;DxMZqQsFZA|-@gHLh11-E30uOLp8q}o0xHKuQeu@#|N_kH) zwIM7~;pjx`4>{s(RDAecGvZEymAUN7RQ09|SQ{&aj95dzOEZepzXCRn{Aw=&aeWEG zoOB_>r~m@-Bb(fyiKk3(Dj016Y(jh$z_VZzGEDwCUy82kMbSD3r^dScr^fEVLu(v- zshE)PGczhR6ZWV0o(r_qBNVFxu1F?H2${$)5@3-mz+%3qgTCZ8w|FE_92!|tR#aMA z6%16)^DswwLXx)6qu*lV&7N#`g*5ngCD6WfzTN#`e9U&YQlsSJuIJSDNd2&P_usjF%N@QJx){Byx+j?Y!{JuAmg?Kjwz+8psWV}yRCruL^fxy-Jz zA4zKH&vd?=f>Q6tM=5?PWU|#H9{)l3k3>~FRCtWi<+MLZZKF`(ZpAK6@I=acs7(w6 zceMkojF&G=&z98fc>G!iO46>1aS++ z=bI-{xIwxLAYh2^8^wq3Mk&&x5y(QMYcJ`hm0Y<`VpAe?NoigmiQPpmXgNXsREI1? zE83nQa2fC zibstbq2Hj9MgIQWELU;0cTSU3nRT4%i6%p<;$d7bvwwuGy<|Glq5jo!gNa3RRT(t4fv3 zP<=Anr&czFn|xySS5;Q|E2P#qXyLYzrW(Y(3EnR6 zx{)x+ibbhvCg200jAC$6zF6T|LcY)&`29%yvVi?DjL6cH1?sQEHV9eK8Ey`B$HTVH zaHw&-tccj&P+JHy^PxBuKT1+J1N|BCG>PAg2jI10a{MqdzmRW+DUQ1P75#0WpylDR zYiuearh+*QW9nWf;`#Bg8D)pr^B``lV2;jUg>oBK%Ur#*LVg>j;*T&wJUxQ21mIgB z9;Y+&NFszY#sPnsB-I#HwKr9~rvEgh?h!hxzYD^UQ=TbBURNrtHX6mt&I0gst+&oF zILI7+6KokS+a^fXh=sk1kqsa17!a|Egc~PHZ)hY}yvInKUj~-*fW}Mui+w62DY+30cYJ8!uDICGA2}mj!|$yjZ&%cq48Gq7E0}*+}`L zLKR~Q`b!gR+myiHHFTqe^qdfOY?7j}%B-bt2{&A@YT zmAX);V&5yl9@|yGtMROBB5BuxYsUzIay9U=csBn#_Bj42OV!S@!0Qfq9Ei2@`D7_< z0`A2%d|JZsdOM);$0&TAHZP|AVmb6$KFARFx0}Ci>J^uc zPa`XjTHG1>)XOK6=1^E1qP1vt%xH1tE0v{YF|3})UUD^z7WZqqdzosS!MZ83+3sA@ z8#$qM?F++QU7_advRwR{++2RVBbC$>^>X0Daot?O|KXM;x8>=H8viq?MUYlxu%0oc zqqV25BBMv_YQ*@-SBRB*9DG<{oV~BGFuXVv&p*}Y zk6zr;cn_`|BaM!KB=f7aWs31-*7E6OISfNSldRg@6g2}DnSjqok{8+}KDCkbD%V2Y zLTMVjm>L(U9M|)!V|vt5EN(0d;+e-v^JFvO&2i02KoGgjBEHaLT8n(`i@1JdcYEg> z&iZn#3v+?(FDnd0<$Nb`kJX$;#2K?Mt_(FY8mAx;u&* zBJ~`)ib9>ui)BU9TGukZ6)1ljSL)-DPC>Jx@^)oDzZ&G2&8#sNwcTo@xr?y`Mb|p9 z48_8bb^2Fw*s2#8T=mAl9&NA|hb*koU%@0<8U@7a7YmyQ*1k3HNp$IpEUFhm92+K= zHo1_C@uv-4+UP{&f`KKbUI{e0Z3{$Ks#xH~SPV-*F7{g>X+{?t)p)l2=N$eQTMNTA zSLbC4KML0c8W)BhrRE;OUr`qpv~-Bw$pQQnt-iH2)ZNm(I8_xheBp}L_6FIG=S;mr zT#CAm_LjR$^5lxKVRU<2vmaNtcgSJf`aKc+U~bpMc*$bx+QlUni~C4is~N*~1HVdL zLr3-x;#Jb@wY@3+Prz5j6~^Z7kdOTi!sryw3x(Xcp6tK zr8q@=>z2KaNw~zx8y&Lppn0D|Ek`sKx-((2Hbt(r9b`2#KJ3goqls)4u14dd&K%tt zT3U*$<&Pk)O6j^%<(dlaU_<R@oN6S-`m?^IGu)KqA#2HKu}P<>ZCDk(GV9kx+6y#?Uryws@HEvp z$Fee8;lK2Y%k)vTWFg+lbyJBRcF|+Y*up4PchGqoZs5{k@c&I@PCum z;>Df&Nbl&yovn}K+TtZGkHz)CLu~YtmQVq%9loro=}W?oRoX_2-wJSzt1iRLeYk>( zkMZMLOfG0x)#irK? z>@_v>VeX#dmd0hYcU4PUT}xA_;nRd=%(!){iaQoBv@M&`($=x~rqq?Qjm)>L!}w`t z;Jeah%FXatvT|D2F`b?5&QemK$jg?Y%sZ#6Zb?gL_u|mm_UN)TzK|Ce)-G5OUN)w+ z`Bu&+i2?tiV%{5)m9z z#AhvDMSGyA|1Z^D;tR}GkCOvFr1Frt18<* zw<8oCgx&M3T95eGi>t0T^q|ml5S$#V6t2crkObwKV66YZ4B%e&kr@ z=rk11>d{^8ZC!L(T{t9u5!W4G)kllx?CIeQr-iXSf(?M5cMVTb32L3)>31nb>UPMkRKMIwO#KM8+~P;UZfCOi}n~ zeHj?%(mSmy+}73pRzAPm(is_9>-d}LJtPnLd+Dp_xNN?JE|p7#ke^e;Rb7nsWzH_+ zg)4`(EdN&J(~_Id>slywnR(&XR`)VRO!0@srxfCOQlg4$*Zwu>F&U@0wyv{5>_e|- z^kA4!LpiRgtCK6-za7iKA04wR{hbYU=R09psbKeITI6LsJImn+{94J?s;TV}OQDzq z98!CB7+r3RraDC(7o}I%$@o=2-%FP9>jbWTfGgEo;JmJ=EB1KYV7(D|4X$bLGKxT5 zPR9nPQM}lhOVH;W8@{_8e>t~Z9T%WB<53Rw-Bxz>LW{2BJ7TrmTqII`Y)Fz znQjk{9<(&|vBRXDTytnZY*))cId^aY6hKcp8qw%Vg0fsZcC#B;w{jh%1ll>FN$Y zi2NfmAC24JdtJ9rD4jZ~JZ@zA#Z26~mWae&SKQKZ23<=0D1IrxGe*~im)*yfu_D8K zBviMf#jNwqbcK+p;`Vn31rvmtpVgO*?hZ9St*<<%J6gJZ8{KYsKUGa8rBdUK_svI!AZ4 zwM-LpRs1-ftSRnVywY~sIC*?ynyrx~g1TDT?_#G#_V<;=-94w%W#V5CuJ*RJU+z*$ z6@G(#eqFa%4V%Rz7_qFbWkd|W)74CFLH?X|$>^Sr@ZH#(y7*4njJieQi&z#N9gkai zqO#PvI5KyNJ6khxnfO;cm)ZqZ-c09@79&z>I2ymAT1p;czVx)hBGyOQs> z^zvUVr@v?v4TzQ*usis*%#fP3r1zAiMllk~KQlK=`Em~Mhp}(6ai`4fk8FSqhU>aGQqy~MS8+yQ)QS~ZN=9$*ZFsWb z6s-r%1LqlyD;vAIZ-omxqJ0O0UVb9F=?vTrT^-?YW3#xL;i9&1ckvXcDe9QlFrf^?ylwJoBEbEArHe#i;oY9-!7tZ>O3IW!%BG_JHI_bT(?6O z%c5_}NX|t`bB?Fy>6y-SsF+XhJpQWgp0vA! z#qj_4A1!Y8^i=nBsH*qg_ul&+zn5k^*AX&=^6TL|8l?O;u!?+wSWqaPY|lD)rjiFl z`$MR?Xldigjjcj^t^EeumKHb4;F_Bi$1e3VEY#zBMpUKkjDhE?0Omcj)sBMxuT zG%vXeR*4I4658T|IU2tYE*~XqvBkKJJ!|8&O8$9^mURlXu&!lUw)HctUM$oU$>S$1 z#nxq`YBg=~h}w?kekHXbWm;kT;^qO8hHTd9Zg0EO{9OQ;N zu9LVqzk+yS4CEB8g+hLVO~v~=M=YFM*jPJaX{c^EdXH`rs_UsF57tpQQwe9?*2Gq)=!eB-OhVDZ&P7e5 z8tzB_TlB(3K(~1KUDyeCJLP*9dct{-#~)|M@$E2>Kh0*6;a1DnR(=~4LZXb=u2Y6v z`Q7kK;G3%X(=GzBl)A1p9O`Z#B+JnI+NTCqr_XdK^%D%fpMz5@Wa&- zAs!v4IQTXg#K+Sb)vEE^#c8Themx6IJPrNa{Cp_ne^Vwof8kPIM1=e7bYM`SnXe4WUjU?PoeiiS6Af+4N?IGI+Rn zqyzY|nbqV4i@cw?&OEq)aFjd}ouDmW+>ZIh|Y-p=N*p?r~&TrPUs{F&(KeS{} zUC9gYq&&TQEPfPI;N}R^(AM3ZdGS$gI_YO5-pz<~F%f({OiE(-G7KgWt{NSdG_4b4 zIKQ6zG6_EO2KFD#G6Qy3MMy~V8qL_ZSOQ0WZmT@!ewzb#lm2l=th)ag$1xhPQD@)2tD~7`~9a@+y8Gh`rG?JTxvPPlA%XL4+ zI6cA528a8Op5aS@qa;^K3UrzD1gUVUnc6lP@Y0COy9`{1m%)gZ*7<4RI$|t2O6KLH z!)P&QHf4b`4MxsrXsv~IGcM<^fPcr&EZxF>!bOIbpzde?lSSDnoD`I5os^QDK2 z5Zwqa-%a2dk}LU}-Hk~ydM5A&xSES(9SB1%9!t~-GB+lMIrmMF^&zg5Q83dWrRxOv zmKt2UMkNCyGNT?~AR$@cs(&5Wcwl2CQ-69|$q91J&_PK%n05D-!LxDIik?B`0h!_^ z<1SvIxxSjUOj`g-Hn_$Pq3OOcC^|8%p~b$kOmxoD>uj7L%SvRRjP*DZ$v9csJ1;GG zf?PB53U*AA!g)#UYuG=ya2UXIK>C69J$h%(QS1ZZ?RZwaiGn|rUO`WwKNk9Yi(r6clFID}eZ#aPz|w?f&6QfJY$9+BxKB(X*G8Fs zUzFsP$KbYT)v3RM)=mw+ysjXkCP;ezBIWW%%!FnF7!{C;f5Uf=|-=o?G6n>5D z*$9K)>r`jZdw}8uP!>?hp!b++>(9jNm?DXrF9b*fm~KR5T_Gv+`~kne6iEiC8xZ;% zC9@ya#MYTccvj1za}e^4+C*Da%W?*(pn9pvqjv?u0?DJtMOUrXYj)2DTL5sW1vZ1- zDPPO72Q|Ow8@D1JVc|m=aTxJWYtTPta>lS#dGx|7f2LaC)V4ha*fh}c;_osB^}B8 zK#I|EqawNW5+%1@!b_@UdYD;{wgNoF_)xTvLY+(RNE|H#y;dufqj=%$Imw3bJt}ro zvtWiE@0G+L53D0Vy_igqmDEQ>S@qTslT|OkST=FqD@zsKNh~H|UNvav$ZFt^fKbSy zlzG1+L_CX!?QjVu&mK$ZT|mB)I09w6(E2i1Gm&eG%Qljd4ivY$)C%W8ivMUaSrB*! zL=VvZ0Z<}o8F`-Kg|jU%7R+p!BM{C;F=&N&n4m}|y=)4L0KQQ9IB|muhz++x{_@s! z#JZ9)8*x}D|3uiajmkiE8I$aJj}ntT?+PN>^I$x>S7rdY%b?Huw<5IQ6YWk~NG(|w zGJ>wIX*Qx#m)Tir0wjX-$^=)(%mjD!d-mPwdKi@9bFTCct*osp3zwzt=68P4&M!?U zM06Q=?hBlN`g-Ru1O2|JSuUPM3 z{;{>~+rhcap^VXNv(Yv7*BahUER#{Iv(il9qlHrcs#?p2X?&j5uimIr@>LVqM&TsN z|42D+vQl0{HKkIsf3B*+!l|@6d4i&{4=8si8S2@DR{~nNk`oNrH01=HckdD_JV{k2 z6O;Xy6c!*AKU1O(SFcdqWAC#;6LVgvsGUe}VE7?{3qXdSD0a&Kjiap3D<;`qn##XW z6kb3Q_;)JsVog)?iO#r}M|icv!t+eVy;-(IW~cTYz~5xnSjN3uYz*5Fo>J9|Y?5*B zUS#iEdSTpiTeX~qr4F~4l5=XFwjwJdq+L!t+U>G#0jvh+aLEYeP^VJIVJZl*LNUy~ z_lCnMjC=BhW3-GUJ0?l5Yh&{9S+4icBSBs62nTa5P1b|CUcmeaMc>gf-1S5kOnSbXy;fn;TYm2nH}#NLJ_qXbD4P)y?EFlx&Dmuk7oziHkMkoh zJPzvBHsvECCZv18wjxp1rlFt67324LP}Zf<{_cegt6!_QJPpd=|9vX(s`Jv42)fxNzglwQN znpuzV!f)(+mg6_4`Wr&QQh(_zhkfuD_BT^EMQGHo$Vhl5Re4RLvm9zM(5ZIIQmxZ0 zDKjaBUzkL6()4!{!i7N3cX@o*u*42A!&>OAF?{J&X_iN9{JJFDrU*6q>)vt0e1Y9X3))PQH4EGzSwN1G!9O_z>H zO&&HS$vTr-o|PIw{^IuUQa=RI&m%|Cnz~JmP`x# zmCBFTX4}1}{0r4@6+T4Ei4>U`%$8>I5-p!(XGTcMVSTz$VrGI5wxIJU z@<1#>c`G{eb$)VJ@NR^4#GokWgVcvxLZx*T_45a*j;vjS)MsK#OPucUq>c#!{UeIW z4BR=AGyDka>Tux*SCTi-LdippZPBU`|E88BB#HQ*9yKHS1Ln50Z(y2G6Q9gW6!Z5i zpA6yu6Pc+yy0$Tyfm}$`RW`C5{4-lRN2U%M=Gy|U&J-9eYewuKGlZC1yl4mGezump zCS|bDw@$VO$4#Ai9|+@~l~6hmwW&x}NRq`9SPnnKZa+>h`Ou!iPqF}Pl?kjz*~ko5 zA}qT$B6mR~3(`E)oX&YI}}k5IQwL%~^!oAE2V~FGq_xiLX^ifaOJO|&Ndf}>y5@E}f zm;1M;=9F$vRR;e`JIX=w`;8JB#{e}Wp#tc3Y8k4Q>BZ{#U@=*Lm1zOh%{$!LCb6YY z9Vg9<*BPH;qn`HTbD)v%XOy+LmZ-l`sYc;`!mm~)@PAkb;#dz)F0|)#+@S;{x#i!e zNp3ltrSYYiTTd+u)R&Y5=D$GggTKpofs)Qd{?&jzgPo(S{CW@2c?>oZ>+Kc?O@u3n z&_c;VCh5@@CMLiyyzr6=7Z)VAUzbQG13LmVH{*p#8XwH4bE6_uHu5#NCRK3$?0`Lc zZ2Xs*8h<~7!EaT5QKr}SRu0+irsFIUE|?7b)|_IgZ}NUVO_`CTbjaeD;*ESH4m}P| z&*N2DjH}rWzKduu)r{`G7)vEe?n|5nD+)w$3Su^=x zvQzmz*+u*`Jd>O)R53erAwPZ4o;~*}FPG8Fm}RAl+{VZQZu{~C+_9j$S2y^)Rf;NaZZ zD=|>5=b>#$7x(c(wi|Y!J8ufGJ5u00Z*E@ufD$+oV35l-w`ABDS?t*fP*mP8IOJ`_ zov2yqvK9GzrA ztVY+Bl?DSPrHNTN<>e$Lr?Q+>;E6~xv97)@SX)xNLJ_S}bE?jPq2na7c=2&uS3&j$YiCG%ST#@a(DCDCH|t)(#rCRlJbhGU}Z&Fc{G%`qO56@ z+Lr4IemiokIHde=a4+$c!9Ancg7T!5+tSG8O6lT7&0i?6F{@I%j16f*?ab}!@{T-O zG_R1fj1*}wA8t`yd0hiL%{-!aM)6liXDRE4f=$D(MoHq3s?oV~Yo8uDdSzEvR~hoZ zjZ7{mYG~Ek^F#i!+S>Xh!R)}>WSXv7-hs(L9816a^U+`4Km5-AYp!{=zHsm`|L2SF z$rv^s2}4NeXm1&jI(D?*G{`(Nlvl4kVQS1h%121}X9`s7S&?JFFRTO`Z1TrYzLq%Q z56i{r%1zGKg)v!?ml|1-8zH%3BSeFMb4taYaWcVjBd}8e&ITFj`%4*^G_GY+3J6w5Kw}_*669L3{&gBtHIk5)H@yo(<9X z-?TtD0GQuPQhS8{CRJXIwvAxM{%ZG;Fln#+uF4o>4&;+*hLLLLP#7w)sdg9i!mHC? z=_S>!cVe6*B`)FZJth<0rgh0|yP4n#mci$Px+mMkM;XgeV1yaR5td4PZ6bIoCIa6I z!*VKPxOC3!l}qQFl>I}D60J1Ybb^tLxedg%G6(1B@ytyxtNO?&!EMo`xD@EnQ|4qG zmXQ~?Thk%4qDVE1{Dy|AvihpYELd08utNP>sjDq18|rVUtSkxE)|ZH$hF4in)plED zD6}uk{2Qsdo;Rd~;8b$Hj(kcS?N+VDz_-eQ!aR)(0#c+wDbVSlWPq}oxP8Y09tW+V zWu4XawM|cw%|40tNPr|D6^`1LcIm%u)8H=R_XUP*lBnC}`DShQ&|$*1E{EdImUK}3 z^IMw#LC*9U;KKY;*|M~{bNN|tvXKqu1K+IBW+WOqa{=;*Ym%3`mQ)JqfCI|>7r=N~ zzC9ga4n1B*J~e#|+ZHu8Pm~qn8&|w2%NBhMm5XYZr9;2+(san_7=el8cc2$-e+!h6 zuxeprLr8*sE5&`iEDMvmyL>QR_u?)_*X$(l`ffuZ8u2P+g1F8=uB@zS;)+|WF5eXd zCmLWQyI|rG8#Ed?;W40<5l`1TAeYP1J0vY=l;Dw2o>!3`+Sz(K z)eg|k10ou{BP&#en*IqTHF=AxX`AT{KE>v0E|lI6a*_=`1=yx)DLR5UP097uFuV4+ z5GIHcL<};r6xm8(UZeER!vGU$t%1tji=$-;o~M{SSCufr$#z%A6U<$GFWV7=BDgI1 zwRJAbXV@J=vwzVZxWS`;W@MG} zj4bCD)~jD*9;xMRK*i?3zp$h_G4mYfpeJaofUXH^*N;-S|6+uP@vZo}Y*!#Iq1Iez zH5KfCDs#j7HMw77EdaB@_NaJ0w`=rRfNZclrx`_i3VgmPGR1N$1ci3JjoD&!>)S}H zu3OjS8TEVm>-Br!Bntn4kO33F!)EBk)r6+47xNLCHoZ`VN?>m>KAnxI*VXLK=|rd~ zd;|fK0@^fY8nsi|Bq}EN72qsI#X}Q>3f+W!DbuU)Y__rc2&YK$Yx1tLu|lA~g8nT{ zH`(xUV!a3W2ZV`h|2xV8JRXJbVHZAVXcXl-U{meNs@uad*X?1WC1>|9RQ{?p!zqUJ z4aD|6BZF*WEISjmQ9@X~YTZ+hZxD1-evxu2TSHOw(EF_G5?d=NZ&fD2wFu8KqZ9GN zl{E3));2>Q@!u~Deycioi*|8>vRIv=lfcsizSEkiR)KOoQ`b98m3=3J)nNem1-tgN zW2X)Xn`OsbR%-^BdVFnyH5J@VlVO}Jmo?KpR=l3}DG4-z!fI=+#QDZ7yUFeHjRHs_ zyurGb-AU;Ez=v6<@eR)Wxq5KjVb;m;YvfPRm&0n^6Evq}y;CXN?S6u?x6}UBv+T_i zG%;_H3*Jgof6qaq>g+UZb|vNANZ}W0*1y{GYVzhwba8=KInE`_+F363skGesmh~=I z*F$N%4HQ>N9usTZViStFk-0m9!0xe&`TK4=|0TGuFfoqC&gGAROdGu%6ui{IF9*=h z@Qjg_Y&L`KCHpNg74Ng*&3N3tEy1<&dQcw)*XTDqsvnXYKk(EV*_IQdD%eV%rT09RfRIF!&Dv z+6aE)EE7FmPlO(sBC|J}vJ%0_gTB^9C&{uk?I}`pf1T=HI3<&280h;#z!NiFehrgb zzgNs$XjcmSJ%jE{Oj=oMhn;SBvzjDE4qVLX?j)f^dpfsy(Tg}Si+r67&33#hQ~MLb zNT8ppKB+UoSHcj(D3<;YbalQdk?+rX#nQuR&_fYUp|r?IgHB2*6=Qrmz{iQcrk4EF z(GozvHVG%B;&5W5L1(+wPXLrHk-ga4F=Z6?cU0A=tlT z;W#Tj0%0_Do`_~5^qmCXVeni!)B$Zq+>9`a;Mc^y6ya9FeGJ)=l;^T^I6V#55k2eq zeS}wqwdAu@F`4-M7V*@Vrs@2^wM0l#Vojs6OqdI`m4w|uC0ag>A*@lgtxRS=k7s)J z^QjD9rfdWx)x4DJ{6fQriLw>QD+C^M*taIL98XZ3veG_I8k)ZaSC=37@7)P)W^(V1 zS+vd3OK$Hf3%?_|P_?VMvrjxD!@eVVo@C$-hUWQ3)s@ZfZ&ixF;Qg)IXz5G5!cyG6 zJZQa19d9umb6FM{ud$n0>bX1b?NlTb#G4vQFcI*pRC;nc{yJZDjA3Ovh_|CEy-myk z(iv9*$~;0}O~VX@kFoAqYdf3qQtO@%`GYFbEa}&HOvBeGc)dRteWl?+iK1) z2U#oE1GH*jIV zC@-Sz8Q|-=6OIR4tMrV*S&4kAo7vBD@myCwUWgW)u0dC#;!YD%mv2u5@{}`m+A|3X zOH0c;g~N1kKAi|VP%B8rOBqXcIN!7@b%@OlET_pGMGlQ8TaNQO@{?Evad-U*X&aEv zB$=B}mpb5vM70ep-+C?Wpk_MZ7O*BbJsrvbcw;E4PP~%9vnoC%^X{!_PRG4qJ&VD+ z$#f@>BoE&ST5A0-l5GzIuRx|g1dflBhYyj}8u{rS#0kXqc@o^K@n^Lw+sc9^r46CV z+%)k?E&iwdI}SHQtBO9WVZZ*YSxxc1q^TuRgp&TC{$g;g0f{Gb6iWVb!e->diXr`E zHPJ9IUdM8MM@>n=XHs$dfaitv9EHZ;9Y`}YngehfRaAyMGihe#=9+Njbyk$(du0$t z0P;^$CrW_)oxva>@~@NNq^yC#vgvy9(Amj)@lf~F-w)OcuUl2Ua_Fvsdgag$`>8fc zU@&cv-niVw?J0wIvtDY4o}PR#HQ4F(2*FIDZ@pG5I+ijv3s!*o!O$f>qjcyILr9g5 zl>c>L1SyAeEsw<34P6RQ8!gHHmqDq+3Xsf;K;<`O_g*&?*IS{+I#SYJ6w>37y_Bd~ z)O=r!J5Av#ttM)vzn?ES3M?!AiN38vgyL5}P}T)KFH6=1yl% zUB0i1__ITD$(@N&MEu_w1|mK<0FM(wEchUjqexu!^)u9jRuaL*4+9qRN!2eqf8_I3 z^(AG(-t-SGud1lnp43`Z9|#PsY|vnORcXomTK^EgeZ&y|2Y>f`dmW4Gd?DR!uIWO1t1hXDN`SC#;w-n{EB0NHZ(?cCb ziA!4H$nn(#2k|O&N|>5orDRD3`@;-&t~I&li99A|`4_;k%MVGwKk-||G$_t9j1N{9 z*VQ(ZH`Ld?RUtm8#kXSlLuVJQz`cPH{Ycmn$yg*2kg zNv5v{_+KzNr|Y|%Ew%nYc~xEMRkWx)__TGJ4hlSgDiGUyMH^P_&d0aZo}ik~;B=0) z(V|f|17%t5QlqSPIas4*wFmyUmemd(NLlUA&HI)@qCU9T6{-e?xr{=HsY`}SyY zZGw(_KoN#xxANJeqvf+F$CS^mA>?kfTmv~B&!JI1`+AV&vp>S!gL^5T9VJcKXWiXT zNpID)C-tnZJqyU^pgwJs)~<|}){X=g)Lsa0=hxL%HIxS{bu)GTYS^Rnj4QZBxtM}$ zTs1jbhMZhX)5Rde4^g>}6ty;9NH-bb9%Gg@-iGwgFwZb3H&9w2 z49Z*>Ee*;&fWydKS$w(kczQG+ON*;@;N=l&`4v&eQBx=Un4W3|YaLAo6nAw6s0YSV zVRoO})(|Z9mxU@mAc>(5$R64QZoBRSf@C^{RqAxTC|U)D&6KZEQ`Ab}y9ggHuJ@0G z|D7Ozg`~n6ien7r6V#)`che2)wOAd<-z0an)z{XSR+g5&N%*4*7|6H_cMjP60hr78 z8B?3W?Qx^P@n*3>+6`m~|d9kUiJZko7g{DSu8p-YVh zp=HH$JKN_5i<%mj?E5$TVks{zmFtpN9{=N77PU%Dae_h9D!-4P2CjPtoUEvM zNrQQGk-0vM70qv0W`1Zi*E8kL@H4&FSkcS*T=UmT=lY8p!e?SNX1ilqQA4A726n5t z^Kki_i_D$hnmf-Dr*AfQDyJE1wJ36Wzc{_n0gV0jTZ}c%>h`^PywhT=t%JK=p80)p ziFy3sxZ@jI>W%#=bIglsmX~iHl=7sx^PISYT3b4d-Ki%SYf>3IbKdmrogc%`xBS5I z9~9%iV}HM~@9`ff6H9pfmx#~$_^${Y8vj4XBFDeC`}iL(`hxtj+u$Fmw|1MYOQyE8 zFY4H9)7UliK`&@;Y_P%3utP=xTo$A0 zdN;CQXP7ywqjP!FL|AQvx3siRhu_IO0NpsP$*Y9iG0Q4oj5K_!r9XMx45$^>Q^(N2 zN>I)Ri3}&hYMBfnpU!L;(-fNDnGDxSGu_DEITN50N;~Rnw}3JORvGU8nmnIbBjh0{ z5$8S}*fY`rG!}Q7`O@@QkPLaIOwkJV(9BnsAn7LiT3gUflLHr2u0wjYd z79d?kJb@Uv*>M4mkzS@R$j(@<-NOj|n~W4Qm}}o4kOYNYLyjfj(v!2d1M+8p@m9!r zUIrk^$Q0elbT6`9L_RS)Ow&C=za`cTq$;{g5>Xw1dx+^%jG!_dg_z*#dYAk{zoT)*bJ!+1e#K`EXVl0zt~*Q|Cy%rTu;UJ0?1Rhw1;sd(hVLF4_}u;ZfzSUUuBqn0O}o-eJv66TFMl2c#z2 z6CcMHaoBB`xdweJ|AMP=@{@Qjfrb6rKg8@S(BnEEw~4>s;lFTEmpySs*6VmVu0`Le zSs#e=eu+2YDO$44?zs(?Mj%TCq4O~#*>&mh*ErAe~xQNZ3xE_5c zJ1t3;L~ouw@f&;|hh2#0;3gc18FId1RLYthpUb@Qar1NY8w2NK$FjB+G%(~c^f z;oi>^ZUAiV;>HHaYaPBsa)6h(zn=!nT!UVvnaUX?eD(vqvje&E+NLH&bm|}d${lm{ zlzbiB?@)h=XQSw5fc8^dygeqs-4*i#0GjzeyrO6R`0oQ*VXqO+MKR&cA*oL#{S9OzI$2OKGeAJ2KclOAxnI@B%dj&X0h7r z4rc;)xjl*Aq~w&;wDgS3tn8fFUwd}@))TJ>)%#k;WX*~J*U``arldbAror1 z$xntE#Dqc9LF;PURU@U}W~^$3!E28(87yH_+7aHUT^8zy`Ow(m41bXJZik|q)&|qG z-7tQ1=~uyZ_hQJ~DmI2wi5|0EqsN#{4~ye;EIdKq9dwdPBLMyhnSp>Rl{a4jXX&rbQz(| zh_&2S^}T35PvdXo+o^L_#ymr*+lK#9snN+jVnYizpy6h*&)jItXNHT`eh za@9a%Ea4kebRRO4{0M4$i=00cNgEMTjmQDbsE*R`{AkZ5scV$Bct; zn~Xb%t^tHqFGJbV)tQLq5i1LmdX-KGD6`_HdE?Q>3Wcy}jff#9#xCh$UqH`=W;x@K zNAY~;09_D_+Zk`}o3+?_8vOD|ZVpiKPS~8A2-v6S^XL9%OT{(r z7et4q(b_iWcj4B-jgdJ!I$i%CoR0T91qQ_{)Ali2$Ia44t0U*!Vf0)}c*?-N%)%Jc zpxd7CfC#=%{v&4L_~|dGKMkVK6}Z>gm_+7k@#)Ap?~w4kOT&{ZiJ6HpX41g;CmTCM z>qk}nhW@{tfh!Mo_C03KrD0hWeRw2hj~f4UV<%t?&$}c>|IkljQL3$frKI6TrR5RZ zZ?RhZu0MLQs*}7|ASOS3YL3i?;Ynj%F(qEDKU*-@k996zN<)v(mc9dL2%Ue-Os(Zga=#(`&EX z8H)XU{Y!zIy$Xi^z2yhTfA!`r@3!nG{v%LY8j1f31}jRyA1o~|uQ=rY{W+GtqLkNu z6oXQl&|(DeQJrCouF705beUg$KPGwp{P2$wbG@i10J-R)2m;B>^$WB|s}~}z(2U%` zOBh8)SQNie6c+ia`w8&ohawkkwjxOmiVj&WJN$*shLNwjpMc~M())c-s5KIj+7P=F1#m= zVOpf!b>{kk9_=1TXP6#o_kg*6tw+1pvKVGX+P!A3zwB{+U*Ia01jCIVMGr8}N^k#ID^)0)lY7Zes0)h^wNdy;CO&*b$Rxk`Ci! zqKVEKuqBdfk}2~COMJere9)-_rs-KHxe!YpkO6Vz0S2SQRUjE9@_jyvumtiN8%iKC zFbI7*VQr{+1Y!o13R~h|k_aQIa~>YATesz5Hi>CrHi;Z?o`$3ewnYgxKNEtyQj0P+kdErcE;{w`s^t7{HTs%64~)%JBo8w-+5V| zLi9Wb8lv~+)>)Z-j&SkBI2}&I^lg-#q!j*%o`WybSLrMCCAu27;Mur*6P}41F!2&x zxd~54`(mP9h*v3V&`wS&-G*?|dR#%yL9!Kpg>7l}_V#sXU((riF)rJLcv9&_xC&d( z$3}Y6scX^Rl43uD7||t+08*+jVf#XQx}p^JOC6l=%Fas+dNS+|q76;6)6z=xxk;eJ zl4iH&*qwH7F(;)(DcV3_$(eRF#UA?*;NH{L^)<}Ha}Z%3_f5O&%|82~JO}HCI{DO3 zZ#!^5l;?-}p*(SZsJWLb7$AYL6Ka1jst#qU2B!0<*AeTjO`LOE4?KVR{Y;-P#8mNPPX+%^=74G4MsE0VhDSTb?IjrRg6Zy#5l1bb zb5CR}?!(a%Y0%9p6WONmANS#^3GcTm#pDfoWU;u)fb1Qrlf04C8~FWQ#{R+Yr!#wk z-v=_F4&sm`B)4bx3Vwf=-3$1wkTY`SZqcpfOHEP9dwH6QB(_J(+fN=qF6&n{Kt2uq zO&e2(x+PYWKcD!``F)D<^F(9(S|TxiOZOS$*BXiOTe6QBzgu5Bclv?H_<0V+_#KMz zI~3#hUl`-}qy50o94c6F+`MId4axR&56K?4`rAAE5YFG-^ooh0r*HHYS)bJF-i+^h z+nf1xZ+o+E?{#mlXUILHx4n72<`VR~Oy65^RQ>XE@oKyqpTqaVu*UbXk7&?)yRJLn z97s>xEBbEELhC{0Kzd?xARkm?&sn|YFS}zuuNnFK*P(CA5B2{>6SMce>@WYnG*H^j z|6Ae@lpMnUe~zUu`q{M~ff61TgTuZ}*ljVl@HT7M-L@j^I;ErR<`!dNIFUW(GPjg- zJm!{KooH@psY&6j*OSdH%atkSmUTg@xn&!Y5#IVN)7-M(o*lWdXt0GZvXyVPbFA#4 zA@1n zq`KfBkm|LcZT_UsZh?XrJ?50ui|8i&BVCIR(ue6o^a0x1zG4-gk6qS{xJg-QC5`7` z=aLH$8rR@?xEWi#)@ItcbTwKx;IeZO8`tB)HbR(UUF5NvS*1YHn>rxNV)LX9O0xD# zw9-OH!ca^fI9T&qRmRh-`L6yX7p(emiYJcd;L!^lt$k3+3i_&)c^>X@d z{mQtk*S)=-A?uUg_U1g^L;W)E{{1*#*$tiZ4%~<@IAp{hGU5*z@&AQJ{Lh}K_xkin z&-K;%F6eH3znk^Mls-oS6#R#zj3?*6G@{QgLyEl(-tS4t5 z4SITrV_mr8?>r_#7C$) z$-|!BT&8cQ?%!p4ds49|9gE%A!$z>V6x=i2B=*4Bq$R}BhArT$Od~eCQj4s=v>p%vO3G>3f9q42UcrHe>3yF0WX3^Z-UYFk z_gzZdb4$Jbv4aUiE(nJqzo6~zhriPH8HPL~GF+p9$b-Xy$ivJ)GQ-IfLU-} zgyDRh42*?a!QHjg3?fbq2N7QbPzmnFE1|3=FL0!cc&;^OxD1fBNzJl!Nu2~I%1Kb1 zI8v7GikPx={c$g4>DHol16Ve}-U`#nc;Wczb2H$lklVPzN%{r+Li0+28T!nq=pn-t z6*FGAG*FYb9GJ(bOE)bxQuuC+i4=Z_#8R{^&?(xo$Pb`s%cXuXi4Ueb_8a+IFA3V< zHmEa548H@t#N8ia!+%ewZ^utA2N3;R_esNm*w6P{FT8)RlKZDwexU!SJy5CT zd|_neK}Z;Jv8IH1P1~K1+k2BRlki|cVAX>22eXi?t?MIhc(R*>bec~Xh=jua+Z6I>DJh&#=iZ|R>4)T$rX z%{OvS!|~Vj(XAu~Y2V#S&(K}(^vO^D=})DquX^vrod@g!5tnhu1#-v*a>xa8$OZC~ zyFgxjm-OqS3q(%E@h*_lhUexTxUV}-HvQ-Ly6-w5Uw7$c&Gdj>7(Jdu-&`1Rhp)n; zZvIhS7}ol*&bxPKM!KQh87<@0JJR?g!mtN~y>`!Qi2|=j>XcV|^I~8(uodG#*!a8_ z1xdT<#pspc@rQUZdb%)-jsG$iMx1(V0=+#I6D1zpJvan+cXxLU5Zqk@fr|upcXxLWTnHY51&847!S&u}-*5NNR?VNO znwqZZ>Yj5>of*nFWSC5rG9wuHi-Mq}vhK{Nx9b=Diqy`IC+2d0kVB21@8VrR$AV5^ zonQOUh$h+so&t^pT)~aD(QW^UH^(U$OOh39kaWIv}4ymaLVt4ZpU$;Bz9fRNJPyDLURpa6FBJOLh4_eY!JLN*!Ed)W!nPISX5be?mdBfb z`x{{sy3t@t8^enmMG8CTtlwr;6c}mfZx=2hrTBNI#9D5Vf1^RHWkTCgl{&Fij3(PE zT({sVYbe`Iu$)%n!tLCGeZn!t0x#W-uv+dsXJKKu9quc9DQjG3OSF|5aqwx8LN0&) zA}xN?{>aPUQE#{W!x`EKB_;KKB(0!hl4Mj&D!xb>)i$o%R*R-)F}_-z1c}{I_!1d2 z??6)kF>gFzn5hKKK9{X0q}Dg7&%5YX3?H5@CqW+np>VUvB}VjKprIs_Es}ILTZmS~ z01!uSN6}F;<_m z1yGD-5nim0%u6PnHLZfpar|1%5_@qHtJcs}lUg&pu0E!b-0g9c5U?6?R1uW(STmlD zB7Yw4he`PAcb^w+eMFPaIYeqdY*=0*2|MXVav@=3&3$B#7n^`oxHLFK6)(8~rD}~10e^}y zRPwBSZL(qKcuzcsY~B8!cPzVb26qLpWG)MT^&K*naaMp`FGh*(d?+aZXj+HoYPHs7uj`6q_2ZsH5GLQB+eAi8?j zCnDXYRC}(_bpDnZM4b*^8KXk!h5BN+TEi=7qL?I3IUnm>t`zT_qdjLw_(~b<#grx1 zp9H5+cn#Vk*QjZ#vz{aBU9xo3Z1{G>Yma=`J`w}2P+c_LH0F@vQ~d8ZnEN5|FKC8O zy8Ls4jsgk`bMTD$J7IOCbo))}i25zO?|-|+XNhbZin%qVhJDz(^>T35<4?N3%My>; z9m4tC@qFp{?(mZtEjiFM9B!qT<`$;rwbl9}<%MiCSXkaWcQywFfw6OO=0l_QdHNw* zF=-}8F_YjZo$4540k&{N+2;b(TFWo4XM~bw*=+R9`RPc+zhm!_y~M1pY6C~27`8~s zbrIK;PNlJH{~^>54XtQ|*B2p~NF*1SCty?tK*>7pza3Ld=hoO9zO^;WGNQGSXqAofv@{WsbVp0x+Mu;w@E1! z*Hz2mG| zGOP>kfRu2;v3wPashT9+$&iZADX%i{sIo}MzM&8&wEo8%w)ROU9bC<#6*i1cERK{e zYWXSZsw3NlH0rdisYU1_YZWzT4>68vMM&;L2;1vi9z${JJ;I!==wZBMNUxv2-}taU zE>iUi=dU(LUECoZ=1JHG6}S)i^4}P@`tSEAuMP-BcXXA(W$Bun1}!L#pw>8t4ji>hS6%oKOTsYI%5dYHo}dow+~WUuuIo zjQ7K8NS}(nY!;gx!&Q?C_Jo|Jr{+t0n(Hghwdc}m#=W7Cxswv8kiu)DXuAhsaxh}l zWqn_jOGO~UBF+8{D~EzYRTL58WuRDilTiVqqzfapz$A4SgJy56JOr=x2}=&Ayw8^a zPqxEQBS)t9otZw`vEsM=-acA00fxZbj)THH*_@!^zd;=o<3U8n>Q7SB^)q+1>C-z* z?bt~wcy*eD<}eD4NTh<7RGSJKJDZA85AQzFvnCphIjuNI$%=^Bk_A*^^|CuKizg{f zqD14Xcsj%{xdu4ZEH;A{5#voi?x3*w9RL%&2xcCf)B=rXu_jjZ$(*LJ?dTO;RsF#E?=pv35C zIugk4q{A(b%Uo>gkX23hL>%MS?1a|fmYb}r(D*CI;4>>qqx=_cS~C~k69$dKof$R& z-%I!y?Qs`*uK$q$w>x0}ix<9pT8Ol9mR|u{x#OZr_9jY0N`@{rK^}~WLzyL972yN@ zzvbXY9Vy-V;h>*sVzMPWq1CwMZy*QZkAYefS=+b*6%0?=a6HOg*kN^Ru{@uo9zz(B z*lh7|OADDQ<1sy_oM{p2=`J#R5OMPhNlIO`3_(Il=l7x?RXB<|m=Upl7+W14eHq*Q z3n5=b-T#E$ZER9b5_v#?Mq$rvqb4$-BIT~Zc8bfS&&e|P2z2-kb%6d0u^!qX#GTH3M|_nLfwH%LI|P+cI?p-cw! zs=}%bRk`u4r^zC`I)mg7_ChqN%%~KUtt4k<7(=P}>D{*sFi=a)c1q>=7~KPGLNcc< zIbj}Rkc*YD5U~U^C>W;kYwr;2P!Tu@IzygDmdUgSOfWf?*fhR;Vk7#m`$}=BVs^yp zu=NwUNAPX@>xN`ZKR^p9!)Vh6VXJU>+bF9iL6m`MB(V_hNO37g9UoTvT(R%s`2_Bg zVoL;L@TP!|*z4KZnJ}`)0Z8M7%toT@;B|V5PsX(Jwf{w16u#NEm({@RFlu!G%fC>T zhU&4>f6MCi=;&y7*CM|py4)gvml3r}@bTX&?cK-NG*OmJ-6u{FMK>C0@x#fLQLKQs z!?+WMqQa3LnuEOup2b87u@>CmTvKGmA}NCdM2bP<(n^#uXu1*LPqu#{&#IgKJGJR0 zu0N($R*p(?wy^>!!^35ih$@-!=f%E*V1ibr4(lFzRLRT8$9>I1$2YZc#{JvqLkOgf-TE6d+*EaN ziDk{^>z_)odbU|g9%-5^(b%hVb`4I*pl`fZu4r(=2;v=K z#SPe@8m{W=dnSn4NZh4n*wCClnS!zYnPmX33eJ0*B@Q(7{1-boKaokSI|5_v&RKK_ z!Z|>e&_*IZq>BDWE1OVW*4XL6;zF(`X`9{sbv;fqcR-Fk=rXO#S@ZF+W_n7RKB`MZ z;z|4lq(fu8xdK{zOYUl$Jjd=28gx}i-ZLtp()=e@*LCZ0M-`%vf~l|?;XvAgM?j7c zSiq%ohcwD){B5j$a;B^a($6u|@wQL(o!M?c>mH_`K_v1<)^xaX$&d5?#idF`n!_%I zOy*m=nr7E-qC*`+>ptq|M>&O>WjDLUtH96NGWAH(lC7CixXA_YJS@EC2v=tgxY!Os z-4E)C=M8UN<*>Vpc!ax}dg2@tNFBea#O0eq>!JJ%PjK~XG>_Mtchw-Dv>RlHHG>yH z84KO&sjVv)Yd)g0?&M|(o;FNdu|bN9pO4;K5 zbW_aTeQk9Mq(@!6xn_!a68q5fMQ5dJ30yNJUj}89X)!aMlzHDd`oF?Klv<&?O%&@` zLR_(nj-}Q6Sx0hJ+~~*d5zH*IWjHbiL#$~~pR>s52VDGpM#%Uk$Mx5g?SX&sH2mLU zmU@2OTyJKw(ub7lBdoU|ydn*`yfE$^BezqaT*U6M zSCvF@(*+GT@SVEm)UsG*Vom0t^k6a*G>QkYnl27qlPu}WwT-YRseOkaEn{Kz> zZvU%BI=v-bMj>gX$GfWQv$D@S;6}*HK301m)JbnrXt@XD^5;bFlaLQ_8)n(nrh1S9 z790T=@daCjmWz%jT+YKZJGalMW9WRBVi`G=TEjGH{j8ncF)w-zPeMy+OQOp_M?mXm z9jVIXF^t~f>8EY`O&z2g{A5dnf4Vm-xDFoazgdgzO6rk}7bc8V_gd^5X6JGbge6;@2J(}Z z@r$}ftbwaqSeLx?O5&?BI5X{3p$I=7rz@lcH z#OVBi;d? zpE_i3V7lxq{K;1ho6$@hTm70})$W8x&qadM$cOAQTp}UY0Ddo{yx$4M8#r3-L+}`h z<)`kbAxt8V7Lin)rY*%VPUZ*;H|PYHDZc35p|y}m=rvP#U0M|9tr%Tcz~Q&>!*Ovl zz*M%rJGRYTIBpeuk;ho8tS>~c$6&_OUIq5`uR8*))+8r%Y$km%D%vB+m$JT15A{a! zQBDnEL&3I8XOV#0k7s~kZ5aZ9UMDTPo@Q0ZciyMO^?i(pE>$-F3>cH`{USYIaC{^a z(uDhJp8bndWZkh*Bv`SF++dTavUTj07o+9M*sR%)&w;$w0c54hk3Z|)95UZKd~YAW zBxX6fz`JZO7{5hcsgTrt_2`gWlXo=0$(Lj(-dT87m|4+hxRp0X8aehQGNY16ZS_Lk z>d8>cv!TvIubld;Iq9)su9>R8oKuSh-`D!{P6vm|(RZgQPKDH=N6x;?euoYV0xy`4 znSJ6x!KX$TTSC8ntRbK{Jxra(ujWFYpixCzz_k?8R-#K3WSm{U&H`}gwfM0Ls#;yX zl$b~G{TNcZ3QJi0oPSR~8>Cu6DdVf8=Fs!)^|e0=TF=`5^^sEITX#k<;jCqb>+t21 zMCbSCr1;}S;wxF)mixr#XCv%>iR9O6UD{oNv2r*6&iOW~v5;8rZUF-$_8@tixCM~c zQ}Fq0;~L}HGTz4z&?`&-1t31v?)vAW{bZBr+f`UcAlKV&k8AOf4%y|7 zb29!hmPfDN*NRydx9K=Z`Xly)i;p&nD@&{>JY{owe+T(kFO4`#SMn4FqOh_0HzIY` zD<|63l)Q8ga$;?A^f%Pb%9=*aoEHkGB`kC>aX$O5tJ%v5;4f)AtF@^vFMj&!Y|=TL zP+W-u!Ho%8Lt1xy1VnJRQ=MTxe93||oln1WOt+ftf&Z(FOQ00x!WSmi^MgOk=!e-O zxb&)Ru}7y%_`fNgu8T8w;Ak>+5W1Z7sqU%QL=MQ&%_dd0@!*vEZ*`$A4?r8`3F88r8`W8XeC? z6*&Tf{q6#?MUYw>m}A2bRNa#swySt6NuO7Dc_S|=EiWifzTV?SQ_y6|av?qciSt!y zZ>c!TJ<6^ZJINGEy>F?=Yb|p@dNlu$Dlw$r27vzq;|McAe6aByYk2YFBiQwf;|54` zK7Rx)A^5(*=&ixOhnx*pJs{TWe-DR*UcIC@z~5G)ZmJ&qGCW<7ZJckO5}}qL?^#Ss4p;;*tzgMUjy=zbOSY#xD($V2I{GFyt0j|ji)~U8^oZq zK25~!p7?i}DZ~kXXhV{C{yf0+CG3hbgU4g%VJ$AfvE5L&R&3eYw9RHgpIoQI*`+)o zC)DPgjXtA!3R5XVlQfcoC+hhfBIWYO7WL+no%y@X^knXTWi4XB^jF52D623WUhWS% zUortla!dG!Nq|q_R)SR~s0C1OZP);T$IN6YQrVBTYfq?i1`QWXb@13+zM|nU~e zPNC^;`b~FA%4Q9L0Bfo3C43`o<&>bv&HM$}UhAn2v%Z z_qv@e#0h*Pve|^X82D+UqP>0dV{PMY#<>$R$-WQ$o+y;b1C7#c(RTjVzO*qnG-ZsZ zB8Xq2Aa)auUJ%O7xqG6wYy6E~NS7mA-z8XY9{vKnWH+0Mtci1x2*L1j`X&>ewoUF9 z@sjzFV!?{4(pCSo$*xkBcldU!sLR+OHIdshSGH+d;O&RrN*J-RMe~&OQxAD|i!Uom zs4u4FQ=ceOwNZuEIn{QC?l`BY-n{DUV<9+dyG$=mOlJ6}?*eO^i0YEg{V5VjW(;pq z9|bdWSy|(;rIL@@cyr4BS|`N$%(LhPL0I2q<2Hg@y(a!JFxB!oHw{V^XUh9Zmb+Pv%Mnv8-rF!ajg01=sdBYhn;y3cm%%?Nlis8*=oDWwPpB zW~qZ=MF*XH-Tr=ZLB+B+kwDYStZBJ*Q}^`l&? zHeu_iKnqqQkv6N1wSyc!oyIKnhJR_M>7HrW~@Vtp**e@&&3Yg%X8x2eJPlFq4M;8V!{YrU;J zK}}(PBeg<-qvcdW$@$ghV{qLINaEjHGM$ifLeg=k=?zGYFArK|%g6!UX6p0-+}03$ z`#@8vAN)a6Nrh~8R*3F@ekAdSl-#lM&wiCn9Zg{$J5!)cwVYq+dAjXj(P+{zH%Vi| z$0xy@IK9$D&v3Pv!1Nt?m*@#p=8X4_3x1DTF2}HQ=GoU?aUO5sv-L=%TOzG9!L?9` zvUSN9OnV-U4O+|HSbvuoP<%K&21t5aEr7{0m3M&7#0yI424{K%+<1PN2Jp~I{F>h* zb72@~z#IQ`>Lk62(ts5ZNPtK7ase|%z%ZDtckY--Mk`X+%IXH|6pUQ}l?a?&-{@>P zgfNY4aRkCn(%U^>R85zuq0#jWc&xj2VZ>7lrN;a!W!6@TrvZYFM^}>Zm10V50x>lg zsiX3TbLPKFkfzdFOeU|Hp%0U>e(cIPb{icQW}-+ihP_COk zRfeuh^w;`IuNeSkBM~yfqXXTXQ_gF0^>rlA_&4W+t`+dqV2VWV;2>JkQWs_$J3M>y zrVysjg6ZlYYu~|#&REwoum&R(5v_MZbAoG-0 zzWp;V#J;f!ln*wR!%sN(PYIUV2Yyv6cJoe_BTr5dZ%7CBa1thP z(0qN+A9$OnRFVrE607BHHl~-LTiLJPiu6UJiMr=!?Rplj&Z81EwsX>IxQv+Ab(+FE z&6n+8IX?Q??y|9xa?VdoE?ES#u?t2chp&devb%qyU0|R*4$0t3ZgU?Fof!NHAINJe zHb801bo)5CeM7?ZT3j9x4M_4})PEW6nbK40k|)8A3|gAuNZCy5}&Q=n<`Cza^H z>-H(Y_d6HrR{h@OP+SYd{g*UoT<8aTU~keP18CLGpq`UhIOQGv!Xvuw)S767)+z4h z*5ow#vNC`(Tu|`x^z_i%OS?B8OcmHk&-i_aYiS%kOa8LOpmWK+;!~cN+q%&t%o2MH zmS32ymmf>xA=FdBN^==e)E;*;zGv;nmMi~0@77$18WkSv(=u ziQ@O#9!+1T>+Tfsw|&BfGz`34C!MESBM-^6Ky(KY!B$8l1#*A7qO_M=C>y#DzGYR( zTHCxn;gy#BzO7BLja>sG8;mFoML?yKaJyZrTKoQEu-BK*diMHP5momr73N|Dj8C9o zqPKZw&?gCkjs9 z=zo*$u>BrFvz`uRm7$ZKb_zvS8HknTGYW`@&)_#}0*0iOZIDkSi4Z|-r6FnayieiU%hi(L$Jc4W~} z(t9AWk$xyK{#_ZGhfsUFErQ=*PyWXhh4bUr5OjN3`^Z(BW7YQO8!_w|nG=gN;lbuD z-H}^fME7bUlrJDg?kXG&Qvq)=EG#+O5zWU|C1k|!h&eJTLTaP+*w`7^BIqQ4rSo3> ze8jZBE0mBU4e;UTn3+VJd0?xAnYwN4Uz`FDQFSP%Hr8jt`>#%OJeiek~%m28r$}iPBGo1-Z+qq-zZO=wwrC7Fz3P2hkcIZZc3iY_DM|W^TM}Kn_a=m`(;ys> zjrqByBpEob);&?ym|E%oMiREAy@(p97tRBtK}Q^1I_16_yf;kpcgOG(f%XDP!>1`3 z!gM-G4oLSML7b4JP1`K9tt@@XF)<0Gdo;#j6FH^WmFz$(a7V1DRSXueRNj0WhhlTS z5+4EJ6EXxt`OWC3Eq}J`4OZQC3QpdG)4`&-49($Cc(_!^xc%UtTUW9Vo9uzF*lCDbKSG28!c>yHF=f7OdIuJqKg=!HZ1YqL)!aezAL_Y4 z-Sk3LNq6_Pkeb(6i#SQ-T%E$;t6S)|D7mzcWAghofLigL}1PGk4@7MHq_ zcgT-=*u~)gHEQKekojva=b|1NJ`!TP%0A1_s?yXj1r3$3?Hxg?rj0Qzl$3s_PZ>-b z>1Jq1?i&`W-214rnQG!j$oC#A|9J`U=F>#e6VQQ3z`uDSVG$76B{L4Sc{MWs0_RYo-k*Br*FUw(Z zrFTuGy=QID3cpi_D~8oW{U&-G0T<$DIt9s;oEx@aN_LKfEeZERAwYFtWzt?Y|LB@wsCHyx9e?r zr_U{qT6}a}=%e{35Iif^^wf(UBJ&p6f98jNrPi*xDU*eJ$V+^rLx$N!8k+ZHIJTPT znvr_Y8G<1)mmUHSxd!VThq_zRTQFZiftF`M;xu8#02=5p_wV=#W*S~#*Cg_bUHkg( zs{r&T$1$biFmyGc%RhxbNH97!uY!h|li3khzYgj41>pYRK zt@++P+SqxWAPqR`4=yfQ_fVNPS841Pz1d9?OQL$qyq5O1`D2dSt#-I!hk<3OxK^k9 z8rmedhmYO_q9n)YAC27ccdW0sLuq*yUOmnAVDjT%wR?K~B)~kI0Wq(Kh0ujxgT7tln*xi3WEzTkpQfw0*oNyA) zA!h3=6O*(MMh85g(36@#;pcpKO)vhd!%MdV)f0bzQWGE}ve&VRJa6rwO#bS3H7udv?uQl*}x$DlW+vAw*+iN2 z1ZN*nQZ?%`i^JyfW03R6RS`JOaSy%6F#>WaVTYg{+Y(yd83>w)F#t&8EUWTeP0&!alxbaJ81s$NJblL7&yWVMY2H z<1}O5k%p0h`yzu**=Ait!afeTTsf>MQlBFL;9Y8<5}ZB?qkuXb+YQ+Ijc)*A+zH8D z4Nh9W_UiwltDS7d;!s0l&Gzt=*q>E^HjnJ)9GE-**U_EUA~*}m38@Gcsb>Tfje((0G5 z;j%y=?=Z;>a_^o5`9kVD0JGj(3g}3By#u?uMPgh3aW9=0_;iUKPEbhnn5c}OWbj-@ z%;%g5y}|Q+t__J(@0!QwBw&t4e_;`5DftX6`07Gu>E=j*p-ynq?e^>Ej4w}(z=HO6 zRULP7EkHZFYy=$Zk8GMZ=lbj~!@gp1g!?`6g%q~MX_o>ep~=VDyud;pGk`~oRJ{iB zk(vMRQvL+A`9X>z8R&8W%?Hr^8qOgovB{oCCnBs|TFTBQ2y{X!ao8)S`DuyCpDOtr z_>P<%Ir<8d8wQ-yXP;wwhaqyxY-5fe0hMN_z^_}NTE*}NKq>wOfQ&xWJx_TcQU&zy z#|Oa(xv-EJJ+1L)XzctAf|Kz?sBFEzHex?S@b^^@DfGDgCHBwxFFYE@y%-Uf)NjI` zR)34%C5VK*IIP|m7N6!>1PSS00KNB!e=7lH6J=zQrcg?gsE${+-djKwPVc424V>xn z-vC8TY(HjSKx%l&*%XBjM^}1A3{pw=*%HhYa^&K)Pe%C%0u!=K;#H99c^gfQN6vNs zrMR?DaG0Wb6w|28eFR&wCn{?rQQs46S)9Hi`w!t$oy6>G`y z_~&$*>Y`8g_vretTj9LIJ$qB0dWLxJKB8M4f2tSn!x1{IAtLp++sHQCR}g{Q!uO-E z34h>A7XY_aPvFCb<^v^tsQl|}XVH-j-yaC>QjOMkR1#*KH2pAI9eR16bu%NTA)p4=3RUO=PwZT^zv)E@ApgVVGWfcs!8~h{ zj5eA=!KQd`J`Qs>SmvrQd+e&%7^aU#M-NNn2KE-kg-u`!X)!*OZq9Zj!0mXZT zV`+?fB;5{Dsle8p?u36EaR-cM*88zx?`L4#Gac~5t^NgCd!)pHZXXlakwKbDA(Vmb z;98jSFo06;9~kupR9NcD?j%-T%`yo}#31Y>S2YG;g)4R9fKFXVl+qUva4nM;jCBer zXAS!G=ZPwF;GOre_um&B~sh5Qb|e7eW}S?pCt_HB|llYSeL5V^8vfQnAt zvBjQlLP}wfRrwv`49z464W5J|WitBxn1enQKsOO^ye(=t1F6EX-I`B2MlDm{Z9fvg zex$feL=(=h#lwhQXjJx}dpW-9#`{Fb>2aD3rnuN>37x0;nsj}g;F9R z!xoJK(XH?k^!JnjFo>PIf}K185C&wn9v~0XIRg+w(LDv;1SI+a^UM(`ub#JapkcN~ zk+K3Ps)IJs1W|m((EoMiE>t(Q);8+LWyEM~VqqO~qkBuZPcbXCDlB9FpTu{B)3k#o z>7)VP)dygu;vQgS=PKzE%l910%y6P~h)|$p^%1dO@(O@a-Ta9;4+N<^13?H4Jrup{ z2#g`UJ;a;PbK+)wU`_L-C`~d03YM9VB?Sj?hjdgDs7k(BZSSYU-R$NgISO%nG4Kkg zYU%o;LeN?4fy(Tv*DZ6YKSNjRhiazPZ)QbeJi~L6>;@+@B+|b9;svMnxR)$p9o@8R zfVO8|*w_mv{9tkosLwW92`<$X5m;VeNx@)oI%$Zux-O6~rW*^v^Sucku4oJp77U?*uAuzw=?Gy*WdrRR?!N(!_mn4@ z6}SH#AoD$G=pHni77Jy01ufqLLWhA9{{c51{ECls(3SK!-jyl?`cWi-G(6jv9l^2% z5Hf4q5#WUnDMBDU0rkp#yi|z)Bhr2<^Dwpl>00J=4|Xj$e+EJfYV4kTHF?RI<@^fn zyIVse=CWF8MB97*Xx6aDVNB{o*-RBA7$o;0NYZI6x%KPIMr)mOn7x|je%X|0G-q3g zu}9`Jd6$s2fVFwS0j0CYCZFKRtN(_vWB9{^)=}K38B}AcmH3kcF!C$h5kxU_a=<-4 z%M%V@V{%~HL+_}wylHqz+ehgkS{x7nDU;6%I6VRr4;;{wz#ULma`BKAV8J>g*Q0aU z!5H$u8-GK#mQnp0t-e+I@mus{q~RazVJ=(D16o%8pN;V$JmJNbXsXWqKWpM)cxJP6 z_$haqVO_t%c-vO;gztHo@(;3LaSr}&w!{7hTgaYSPi!Ihs9GfTWKN^FmyR@-50y}u zKUI=cfsTu`lT$) z?~VxMCw7)ZGjsU?Zu3Y+Rvmd7ZW{<}hbc)z@#9E~%`%r`jR;>MO<>Y5 zD@$A%nRffL`zcJr$@bLq-6v}QDaIaEWPwDu{Lj#DkfT?tA2A%0x29=v{(&#&eNIrK zENT9ng|u4@b@LuYPgo9b94oI`A-8#$yy98YoOyB_ISzq#ET+voHe&{Bmh8_dD%(sc zqwl8dT6n6sE^P@C3f^|_feCvP6?kVNhj=JR3slK>*)7tn4Cd^Qi2p$SKb@qu9&*GR zG}k_*u>D_!{gI+jP?utVccxAdTl_Bx(Qsp@VDw0542mC0aJW@1qw{|C_lZhg{AxOK zM27zuKM~w!G~1WH=l{&WR$ygL@BKdpXbX`1f$KbEvU#GMz5*pv%ld?pzr!Y#pw<8B zA&CFr2}lqTM~2?_)O|35C{PM}T?7sayhpeRxqkz|i02PrJ>W^HxCJ=>at%87QbrQ= zBH8JAgBAsT*dTnnZodJ0LKKEuN`3(a2)UPFF%roby5$q?2zg(fUVR!S9UXbx4O{qv zwha4)`f$w0(jcLh_hn^&8`Mon+&-Z_vw^NGt6vwFFzjnTan4;s3gHHgJVK6LP%}<| zCtiGER7MrDBt-9VVEGNm{sk5I4}m}}kYS&Y{#j-*$x)c14hl`0Z?myDiuaUM8%w)k z>!9Ye70}aBXE@u6Ok~Vw-e8EIW)iTJ@&2DgJOWK|B|y-I{J_P(P;}*=oyk)8DMT5%ayeJqc-d`Snis_Ba<5g$;!~c&Qu;LNV@ftzQ=YjDj zNkOcVD79#d=!f|`Fbr?VXMiaCe>`6^0}%h77r6X0Di-n?|tkpnYK0kPLp2^N%Z!iqv)tLBnFI5WsAm9PmX792SXn6)jPQWOVVo=KJ zSJ3|$0ssm$U;o>g(oj$o_G{cE@;mu=3DfaH4{e{rYSvFVxf2yXF3mDmp?D@C3Uc@2xqV<8wt3beylILCHObd zq=@9Ph%+k>+JF;}mrCjgdSSNCheI;B3m?m|)qf|958KB=C@}avghp}#22(0MwbDvS zDT$J*_D{7r`$uNTaKfv{2tu~`-`#WlBgI>!wE>aXGTkm34tE9%Yz_J}u2(?#1yl?q zNyb7Y3f=(anJ*EP_W*e(;3l*)2N1mi(!jQrvW;L16wFI2tm5-bw;p+OBe8%+GcNZG znx%O)x9{ssQKj!B80*|c-v*|5Oep|2;Sk_sgdyabIe%KKTj5RUH{0&`KZ$}H5QZHb zbbs!KQX}sW;@t9W3q2mTr?-DOSZYNK4qFj>!!;El@(NLW@*9@r!Xg98D~J1qgFP8b znj6&sQ05YtcueqOKBM?z-f6KW4b4J(FqfxRf*LrT+BsZhX}%gwyv5ei(K`GwV1qj& zBhI0lLr$v1Oh!R~a{d-Oxu?oZu+RSQd4of+_J!3#ykX1GW_%_EDGp^+zO-Bwev9g7 zTJ2~JR#J|&+DtPs&xY(@%Q6f`{SIX8x`=&m_G?kR#^2;FTRvPZaH2Rr+tth;Fcv;oJGhaV2clT1F?Lz}JNP`w^S{kJn7S zAg1;ss8qT8R1T%SfTOP>to;QPv~m0nu5^=xjx#PM133Nm)~{VEh$#iL zp1}?e1{0{E^~sm5(py=CR&P}IFnky(654Fu6Ez|Ev0QN*mMg*WYyZT|gE4D2l{L{+ z3&$rJwB29Lan~w$i(dg(dC=&G3dZ_)k`t!wYXBg7nK}q_yV7HOb~eb&wD~;zy+c6fGrYbX73c`oj;JdF_K$GjRWp_@6#Ax>-c4 zv$!+!+gNKWQ~5HYzn8OmNFRI%tInskUB$Ql+D=_?7vRTm@7JGvNx)PP1_?V#{6B=c}_NCC&K#6m8aKjc#K9f+TouA zYGb5;=gfG?P;|cjoH{T!l2^psSTigyk7QJ`nz=kZl9$VIc z{Wou|G3}|o#S%|=;N~!yi|S3%_h5b8syq0{IQ@9>l6Q+G&#a~PM7Ak&PndhZ^1e}z zWyI+H4|R!3qx@~ZjOmdq#=_8n5WWDLO^0OJAv#t%u9^{wavhy6Qzysln?=QNd>B|s zkfc?oBufzV7v>M;>5U$$i9KsH(j%Sxh^IE3Ql5E0(e-+c$h&SnQ&&}m$ zM8B#3!H$xVFxt~{QB_@R!dagw2E(g~s|nBA2`yYG43(&MELy+uqe0gn;pBSRF-^ut z1FN^n?bVKW)wj8;$JO7#%Zu~&CQ(py#=5Flc!8NR)?Jfqi2&55e|UT1D0uDBoON~d{_E4Ya0&9}ZPz?b1c6bQ&`w`acT=OK0|NSf^tY$N;`Vz=N^3|$Z$c>?4X zw&9@Gy-?5bwnjVB>&fmr$7DPBF&#-i{t8I5zdFJ(erP^oVw#*g4GaUuChyd?sBPNc zBa;`T4nyW5R2iNq1zYXt-(Uw~`iP(PEm;TwM)2%HKR!jZvXY;ox3|I?8SOK9e385I zI8IK(xBU|^9QFy|-6A%}ME&o70^!@&RXN?#5IH&le3)o!kp$uP$CbLCom+*oRwUA7 z!57M$5{Uvj#US+3R`d+JlbOXEQ4a2(lXT<*(57=_h(rl=Sa5M2c=77}wuN6;rb1PG z1D6^NBZXXR3G3J-8_rS|iSp=Y&3Q8NtH!4qGtTNp>UZW-ovw{MmbS6Gw@9FQM#30> z^~)#W!mQNV& zCC%6a$&yPZoDO3~7BP^T*mijFR4}-H?z0pt*N}m7&DKRMHp#(zmr@oY06k5{)K%>BDid!a<2{nMRzU;rvnOypv2 znZuh5@z$C${s55YH0GL22mxKByaL&U96Mn01th2hlF}>SeEz0ah#qYI@2xO)`)TpD z-TfV)tgbp`r67b~j0JZ0L6vqU$$%JY%R9IbdPPiiDii__M~1x>FJvbF z`IW;JUwFAZB&m<~5HL=pUIcYGCj({4%s`h3y!#e{v#_}(qO`{9a0k~%9@E4YhKm)s zZ-8OruN5b+*SD&thjEWF3=L|nQ!2$J;I61=lHWv?2g3X9=7(zh=Ge^kQOI?Vc;}FZ1pAS2ym-$F~O@zZz%6ToSJKEBs8Pk#BvwiPupWNS5x@sT=&eWZgvslYRI>AF>F25UAJf!=f}Rj_J(7!b{P5U7jSD_pVvfhFLfS$xpislZ3ZggdiU?uj-THGXt~$f z-!l%Bm{#o8#L|n~m6_BKm3kT1Qoo=;Ln5WP5L+(kmA;&q?Yxb=kmgm2E6ssItu$od z^P7$(^C18ZHC*eV_Z+Hb!!t+JHE=+}zY3ILI{{e>+vJc>LRKFyh*C*HAaEBeo7DaX zvv6;E9s%yNMLZt2+o-AwSQz*j8kVKRxn|`Wv<&KH6GhpTeBS_$4ZJgn9PtT&D>@Ds zs6Sqlc{(!xc~gH8HDf;P3;j8a;Q}tcBx;8USBB9uEI-!S%Gj;lp@E?>C)2Ue?G+)k z8P6V(Xsl`sz>e!d0u@MdlY}H`DQ*FM`Ow5m@YFEuwgA~mWiN9n@djW_5#55xcm6BvAHeYRVb#@P(TGkrGK?;0ec)9m&$!?8f#ISIb0v;V zHb(X(*pEkfy7so_x@~E=xuVW9*bl#>w%7%Ju6bk<=q=)V)I6DwQy*jsKvX}i!)t#5 zf(D>vHZOC)SF+SaKz?Cc05*gJX3G~tUnW@}CM!Ec`?%m|*aZRQiB5*eDUBNnCU5uL z25L}Sa65OHRx}IFlnJJC-jv@HwrU!vdy;yp)D7P8Vq_w81jO;2TO&lr>`)RKbj^t@ z_W3WjTc4rA=QBkjqJX^ZJh`6b+U66nl&xgMc70~{OXO=}u~INPwd3fB!}`ESJ;VSx z{6=Ul=`h*vfVDlI{Q-7d6qci6Sx+bg@{Cp}P(>z%=pCchY>IdfMVv-+IbZS)PzO{B zCX%YuQvipAbim9y*iSr^qzv0v6etl%h4@@Xo)pzP3lWo?xgF{eAz|XH$3Gw&B^p{fAAwS{!bh4 z9nNO_zkP>VwQJU>(9&TSwMo(1qeju9YSrGmMQloqQls{$UA1bD*pzCtHnsQO1W7(m z`upC$=lA`E-#z}KoL{;9knm7u-cha{$Tj5lC22jsK}4sXW) z0TC%t*um4ipmtGo#P)TJDPJ)Vp)5heJ#T?n*Y-kP4mNQ^X&2bXN7vh()>B{BlE<=F zdqKicJReB`Bzl=hHT)KX1@(TJcM3fO%K5zxj|M%@D@C4v6n1VJ$ddg+RrcLO!C7c+UBt*C zvdr~SI)i~+x>KZSsw;Q?E%=woljXldHASD?1ez2%@{()l4@Gb9(ekrpt#f)Eh!~-1 zXTuJLuTRrqpE@3u_ZAbM=6OHgc`~^FOc0|RDE6x+Vrt1;W&FMI5#+lozzGN;w1^8@ zdmEAO6xRYKP69!keCg%>j3}OcTX44&d1gE15S%!({a10IL?3|pqgO`|C)v1ypr?ok z(jMcV{N?hLceaCKv==yb(QLuf*$!~GI4%P}vHvdv#+(+wmyP}AltXC{$eX)3y5ae- zmpJuiDANzy?O#Q>l|F8_`}^*9YP)geQp&ip>hHOiz_|^7 z1LT10D6DDuNp8X4VmV(9a6H33aY{^%#SU{|c~-y`KW@vX&Ia!b5%2>8U$!R!97pel zKbm$P{2G6zy#y!Xh5YRVd?Sx8(C|Tg0PcV31RnelUa7F<%VEqdZioWmLP#0JuPx_Z zPLv+TG@5$&${|SSnP+#wITNTdmc?3Jy~eq~C~U=3NQ62fyb$3{W_U`^jukdW6PGYC zZe(BGq&jUaoxbN0LYP1e1rPB@+;?sRF|G?l?(UYN(C110n=|1x5olATeo)KXkK54b zFs4_l5H-yZ>DT?&zAZhDC;lqOCb)v95F(qSaAywNSG!Bhi#=C}xP%8|tzXEV;0%8n zZr|5NS77kJo>C=&oFk|nHe>+)?1G9LWa_RWLN+-#CxDYv0KaFu2^~z{@e;~?);9(} zG>!xx2w7RCyzDdDEM9h;siPFGA ze3nW(8oNFzn++UOp8;Fegf;ldD2C3uN}gbom^lCFP^RGB^(l+r#K;K>Lr;S}LDDW1 zUb?Z{(!Jp?PHi7sbB0=T^3u<$T6s`XNDZ?6$?L5eFnG+Hr5qn`mDw&oFk$ubjl^Tg zIXT*SP@rlDtt50Y!e%etbU@FaP#}phaB`h7urY#f=*qy;#(sXa;D$J#CG_DDVDZ2U zC~vyM&V`I;J_Z4UG0vFTYpQsE3-B%9VY89zpiy)M{y|>j0&a6zYkqm97r5g=p)VH5 z`nXnlC-E98gX+vbl88kJ5+tc@fwpEv*IT6eVY~;cJFvLxvIH|)K+FiZw47Q4Q>4m?QGKoSEnv|ty63@ zf5WNvipfNqn3$YXMw9&5oib%?V@uO=W{o9i>WOx0 zAltRL1UusOG&`09kllXQ$2KMPS5+(if*`2XpafQFZ1#fUVY5Np)GaMnJWaquKZ92T zms|mp3^+D+$bl6m{egk|SHr)oSCX^3!8Kv$>m$GK0am#^W^hbG_d zk;{b^Pj?JsIqIBM72H#p89JR(YA+U8`~=6nT`wCwcZ*k!0(T|f3|>7S5Z~Xt%V+3j zU)bTmAJ(9+<{IG4fjrDn2#Mu;zYKKkX*A3$+Tr3>K)|_F>YK$y;b+c5VJ0@PI2{b; z3DJG`IeUP=@@b!NWR(TRW;-BTkDhr<*%CRbIzmfs&Dk(93NKkJWVXiygT z5VA0^6-}~;{_f}#@5mwaPA)__M_8&u?miWwfw?(PZqA?%1az<`G$`_~CchQuBU%s5 zp>1s;^>Ov^%1jJ73=v31c6$Lh^1Ez_Hv=;vzQnxQ3ozHH@4?KG2_wpcrIz*w0(ri$67rD>+Pt1YU&*B zj$s^417^4x9rcOBb^s%-x-^x=Ojn3aM@%(s)lKECtNeP+b$`Y0?{47V!Exf$<)GB= z-$K&t;h|`R@%i5k1bexq;Dg~_U{Z*+_y{6YgCPJKnx<=v*sz!}sHZt2o<+3tQ}mHs}Z!qM{Rl&Eyco5}8#rRWtKcIW*`$6>*g-@!%qIqVVotfMx0d;YvH-8wt*)G zFUb}QXaV~#XaS^%pDY+W%f%w^cW=S76Ia!u&-$$WT#J<5T5hU*892F3%8}XCZ6D68 zoxIh}nHOH^t5i@|oV0a2n?;Z7oh!HH=kbE72_D^&C$$NZkpt^_BI;X#T!~)#-02?7 zbPT%=<_uTK^HaM|_Vcon{Xglvnz)+c(IdSHe}D9160h%ydsbbzLB{iK!j8163sSS}{zm2%%Gu*FlqYmtpBGFS zt=_Tn?_``jA0OT*{cCu(HrxBn%5plwtG@5eS&d?>qLIXj_2Vh2v@t8T!57tG7x`}t z^J<-h3kDv|#dDQwmhUCpGnv+#&fXca86k}hQuvkqW|XKmC#Ov|?9!$3$9PNQJ(XH7 z@BZ%rBjPq+U7Vmo&A_k5YbCZuGbY`}Qnb~kD@E!h<=dN=-)^Y8S@3-@cKE7MxT#ma zE0RhO4($$bBbV5CT%nYK$$pzm+w(2=N@eNB6->z3FlVs5S@URX{%GOFQtM_p$g`U)I}VNL5OQ1jZ# zuRwjSgKnQ)JB7h(LjKWr_^10Wqlk_z8H!iGOI~~?XswKRW%&FVGXcf5%SD$!VIbRfq z@ViXG{!2ozM!$Scy(MVpHzsO4Qp_QIm!{t?agIiYWeM@`o#;m@ayKW2Pwa8p{NlvB zoNzb*FWFbY^VuUMXX}{aG$h7d_SZQF^ZGSj`lyTRsmH`>ejv`)QX}KR7PygeG5>LQ z+m_DoBa_CRiF#rj7?6<1)>})ogFbd!?0Ma6HnZkEA64cb*ITo5&PTM*0;aX_H@4gD z3oca!$!8A z3=-x}-22egfIA!D=qXKUd z(@Y;KMOi`CUk>aB3?wZuhq>EJ7~MePmoCu#^G7Rk*>9rZdCk-@EYG?9NkN{dFXi&$ zC&ZnAy{RR)4BqD~2gVxk zb(;9nAs*rtz1Gj7Ln-`*Fd4T#I{F)(0zw;)TgJl3VOEHp&-?nZ=M zC;c=^{+jh`Xj4Fo6Z5Eua^7p5PYW6EifK+NWk%BJ)Dt*{Iwr>J89{ z$;?94sT+BC>v*`8dNN$7t}Bd(>AM!ta|ZUs5#rnGzCU;kpi2qL=Eh(=IO*q?Y(T!T3EfF_)H z9}Gf)`d0hL74)%CocVENo>D+7Ixc@bi6q?fmR@VvlPe|Bicd87mMV z6a2UYo6$#`m4pGQI*w6L=NE~ymq(XzU!1h&^WxC9yg=#0Hy$*j9r|%hb}}>UIoS|p zzM%TY?83KFOWe-f2gizM!J_BEQOPBJXWyRvjI?4YGW}_j<5ho8M|^|#-HJR1@(u?Z zFksjaP<@QaC>MLmhH@gz!OgeU{a6INBXzmBQ1Z(L(A9I{E<&_IMj2kmx8}-D9w{@% zt#E~3Qyoqyg6Wvg`1L887!7|htW=1wO$vOJyV%D>-3Pk5)t37CE)hjvfYJX;2Gf7kClr59lQhE9jgYxlU|9Of*t|~ z{s|by|BWLp9?Otc100{mA`D)LC}4{??gW+}!f@XCfTA7e(!OF1G~n|jIhRi&@#M)5 z*v$hKJoYze4z_Lt^GF-**x7!dd|nUz(rm2o+GS>vvm1{%>e^nrCOZKMN4rcIZ~>NML-v`5#f$sy9RE`V;Coha8RRr3!I*u zd*eUKBFoAVJ|@uqK#&UXX#0T7%yGF0_Yu616Wpt$k*Nw9t2MCsA6FM ztnIr-RhN;`?0i~v;rBlocFbu;)0+8|bme@z`}?JG7UeQqsZ7Tr1&d0z+F9P>@cP21 zFUcRoo$KrFRTt|n*kqbxh`f+uT!AZqH|{nz=|TTD8>G zP;dPJhM|QsYUhX@&Vg%*_DPDZi6%EbT|LdutoOJ}d)RY;G)BJO6w;l2a+q2R4>v7( z-oy!4+o?B0;EkDVIyaqAyT4a5EmdJ??fr|d-E?EBN8YbreVlV${SE)mSo{>dq>t(k zcg*xx`VZOEW4z1~?hrgO&2K@j+#Dw^C-j_tBLRX1nxq3ym3d^Tmk_H(dUu!l70S4n zU}Kqgi)LPbe5adbI%GZtJyWv#u24Pl(ptK9Dd5a~>6@z5hey9Oc--b?mz~67nxBw# z(TQl_A@vQF+TtTMn2vZ^v|$hSXV+;<-Y1$~)dY}CPt4zL6$fzG@1CPaE#BGH(V=uA zvV}Qx&Q?CTAujgD<~uLVQkNocS4OYg!J}BcgAH@B*0_9PG%@zX{vz~u^@t) ze$YDPjHe*?c-DOZ|J$x1JtB~XWVY=1{6E3`chEQZITwc?@Nfa|Xacy>ZP?PmJoU;7 zO_U`y);Hg23on0|^N_a&`IdCQP2SU6SHFZP3Hj$M0bvWn=vSHFQSk-(q0^p(ALguI zsg=-@=kbp>O=*Q`IqlBeuENkIP?c!Rnpkp0=d3a zYBOrma=h{HLk%MfrRQjM63Hs&Zjw`^)SUIM1cF`S;ehOgd{Jv>x8@?KqD+Kvi+wKs=orif{tqJ zOwLlo6vh)FV~?!8;#nETr_egOgoV_B?O_nN56n`BfhQ~O#^3ymDHA7igL9mpv%A3~ zeuUi;(YX2Vknz8M=HU)UwpCBN#^-_a2*1;{ZEDBS3ioEOBF=@gOJ_d}e8jaKcl-ai zg6ob{(2vZI-I@%*>nBJy_8L@Q$e?xJO9`7PsfUtFBJeTnhrn;p@gauWn3CqAW0V2N z{bH-b7H!Le6xYaekh3{4=O}81hVq#bmS;iteE83V|M^)T#o+Y3-hS<7J zmu1c}PU-u_6(1p&sHu8c9IRhe{P9sNjQM-un;D>9BaZmXovuw){e`mj%sQRknC*!O z^*!K7%*D_XzE{NY1CW%zFCy0Miv4r{gmnZe3A(;_<7VwS>H5Kq$Rq&E&uFl!E0K9J zz3y?*@<3lHnt#~Gsd;STcc(qMWaZkt+>azazLu$@fFypZ$~Ikz8TKc!=_`jgg;n=s z$wBtRjmZJv7*_+NCxWp1`SBuHQ%!h%1Kd}{=ZxrNXH|b)hH4H*Jx=v8llFESaNn6O z2{}SI&fmG1H>26qUudebntmnyK4Kg=&eVpXof%JnwsIbD)?d`2Y2S<@+Q#us{S_S! zy41zJ$%0o0g4a=78rP`RDF$r1B2PPVYlC{*&LM5Z3*6Frq3~_yjz9aEzMoP8-`cW~ z6Gh#Dcs5Zymyo9k{7kY%V~|f?q-#-UmpXo>>RId=!!KU0X_Dr?**e;_87>|&q}-yGSRLP$-^Zx+7*&8k`cB{5@o$Wp$ptZ5d1miW}poF%nqCZ z#BIZj{@MQ0OIYh55X&UZ3R;xDrlgI5PB%lz9$dgw@S;^!4yye{4bw6E&C;OWk8un4 zdcM>7yo5}IM;(wd$q&I$HJZh<)R{Qltm>l@eDw9@Mm#^^rjA9E6wx?y2c8@ETcIK_ zE4^MOyk2qH?AtWGAyyMXh`&%MC4u+ya9$oDZgY{GAZ|pCfq~75sLhGe&HXI`8=35` z2nEL+g)$1dy!Xw9DYV|O8O6uSsha{&#RoLqGT2JbVA)Y=49OPZ^RKMNf{#^~RzSD+ zR~5S3Xz%zBp`eZe$0LLs2CrSfh#nlw53K^LV&}R8_)y=AF(`zsR{JN*@K@h*A;UpD z(`#r8*a4MShkjhE;)7V*Jc6Ln(jTHY#cG@ev5Aca| zdN6h)3`wga5J;KIybYtgfxgOZ#pat$`Js_Q8~{#dR|*=Q9^ldh>Wh&6c?tcn&|zpO zw$31k3U>eg?=TJ>5*6>q5gLBL;Lc}5TIZEZXk99>RzQ2x>7d{|O59M|_eVQs%44?muA z7AyBZh0IV%ZvK52_Ii*Y1wj*@{;Nnl<{V$!=<~jekpqc>;ZR|Z6V6GxIESD93)&1nFPwd? zE~47(;^uq$M;A2#`)wuYea!lkx>)0BN<8m`Ada?Pq*X?qy47)iR>%6UX0WR$=yXb3 zL&cJsgW!xerQlH;ou7Pb{+j^JrIC)3=r2A z#YPGFMVx-gw+gKBr~3Ojfco;>9;f#5C%^w>7dm;LE*T0~VhdQ>cKdV(Rc==x_=Y=y zf7j|E2&X^+SDZFS2)I#TSdxBCZJe6eyzF7Ch5gpjxMBejXQRAoUD9RKx-OzIg7J3t zr<)Uua_KLyd1H{Nqn!QGN8Aj>zgg?2HBt-p4{ch?TI4Gt>g(V7s1Waoom}UNP~7i4 zJ)Yb3-|StIYN;K=ls|A+<}ne{P;ghfdRu($X+5Ce2$Z!k#aX;Y=lSmxJ5g&euOCxP#IbjRcClV zbdbNL*Z6+Z{ji%_rJw&^OU)6~o~S;;$JOedcGjx#kjPf%PE^j{0p?ppxs(seU9q3H znRv@R#x&^SUR-5fc)sKw>g20}rD2HlybBPULO1ow_0WAOb_qR@8}*MranN{G#k<@X z;z2dsa5wX!OGRdNCwv!5?UuPZ-^z0EP|R<=yF$Y8>x*{KT{m(Tr$51VN{@j2WQlYj zh3o@aYMQvE{~yJu&G%0+#@5(;*DA*;#@o;SmtrLD6yZm6{$Gl562jG|lPbfH5dH-1u*blC{?rvU!Bkdbws^8FWb)~np0uiG zl9OiCf2xb*N7Wn#l8-!RY74`ev|>b*iBC*;Ckwzj<4FVYUMFNaNE~RHr{-D{U%1tv zKcV1-zxAm6?+F%ZZ`@6EaY1LVzrcAMTy1UQe)lCD8+6c9gKE+u6x@{f3P7q|prg@# zX#svJB#m^M)ab=lr~YZYvk}2gQRnSFZ6b%OKQ`|k5R8{uyn1&_P_{6y7;pR!u~Q4p zYv)iU=g=Qj6~f9!O+>|C0*Aj#gcf$A?U=ZVee2fKtY<6X2{zEdsJ9R%rU;KB*RuKG z^ABoSYIVJ51Y9K%3nX{mXJF4amvOOZfoa&FnIyu(ZV-sbBn|=(4VDvxHg3JgE%tMc z&&t(sdWx?U3Kx&KOdT4zDtbn6cYVfbFvRJiQ*{lfc2Gc60^$> zDZ~sGO~J4Ds9;zBp2Df639FloyldsIW(h;tWGR9P`u|Z={#I`;u5>w`xR0ao28G^lMUa=|gV+VfhkLMz0pm`W9I+n0WuzpRnVIsY@Y)r)|HMJp33FOyw$vL~Dp9@jKODex11LZRET|Cgdt z))VqbteM$pOi2F!D5{5XicND(e@a$58SJBK`-kQ;enyAETeTQNOPHKL2rLiIWF?&a zFG(f({F2m|yfxeUp`1@!M^)eUb7o|}UIL43#Ymhj!+MI5mGG8a@@VdOo8`^5tG;_} zfnHz2FS8}h|0rzWIij?p`#^dY6>fo2HUYW{BlG!xi^8oWha~C8;Fj+*Tb?jBH4RkH zYc`MAM=74RStM;$9Uec6+Y^bb0B@!=6Ew;FX&QBRK-~Yx^-?MK!8tBL_zWn}aB_3p z7_)eKK8@*YD@YJ-Kc8Q_n(sI@jTIBeb{ta0!d=jawB_tKPpmi3sLW?H655Ab+t05H z-4oUDPsjoIeOckXi)FpI%|z@=&-nzrajuoz(jHs1esGyhh?(!@&+)X;_ylXsY_nKL6Rue?5^r7d`F1x}4J2~1fm@P^?A4^8;!y&a z5cW@;0Joqx7}b3QkUx$JoOdS(_3&)o`EbKp8|m(NYW|q7P3t&*N2V{ZlB#bm?>^I8 zSjzH%iTQS$*G=a8^pFC4B5ryJAzltUgpOcRLG*3kr{kvXQ+?ZYt3`WdDeE=XKfk!_ zSHF+^nxS(L5?t!bSC`$lYKq9+XT}RY5B(TD)civvbE__sD6#z@WKxSrWRoKuz3{#d ze(}ntuNa$6pMc)KAFDGP)zY3BDkuF}ou~qAHMYeA3RH!w@*m({Lz<#Ty^rgI_MVm` zjl+5t(kj@^oV$%$G9~gW4eU}LHn&Ecy)^y1N_{_aooKR?j~9-+!_lX0OB{6}V0I(b<*aa{PJ4bX*f2{U{ra*@(BC+_`ZvK3?;h7?yPdSj(k_BMdy{SqxE;e? zFapj?n_jQOs;n>D)~Q~B*%RJ2Y)JMz$qKlM!*{cT=oz(x^Q5K5%;01bigY~lhBvDf zv;5!t!(CaP^lYaukfzu!r|C)1h2QYIva9!hOcPrV@Ga~#W3&%pZHtj8DAfThKb{#} z%YoWpa!(mz0@r^-kX=z?xFgT&kFWh9j+Y&+&D|&Xjuj7murNjXx)KsHc2d_D)*(6k z4Z7e;%p8GR{l{n-@6ft)*_})gX7ocHdf+U^06O@+12;x-h=Jp>lGPIf zUt99nAkyMmdjIqhP&omSNyXm#~0n-o)zYg&AM0yU_E| zLzxAiP{iv$Qupdpr|S=$<)^K4&sFPx@2?R`IS=l5_)W;8=QXYas{bQ{z!o_-;d~O` z0j?6n3xNMe`<40RsW)mI!ydBA`0)fq_pcYq(GVt9zW)5hQuAL1py)UHp-7SWO9an# zaV%8B{pq}*4O)rrt?sPrtwFIN&WD+c+lUuz``{rj%Rd-?3Ot6ej3%&B)?Lg=sM7~D zsa%-uL2BeG5oPx}oFAK@dxsv&VnKJp4Kt5BH0=}R%f+T&N5koKa9?l~5}%8(vVFw+ z@*B@Fql+YI?l9T)V#Un&?Lu74-w25&1CtZY#)`ks@AJMX?B-@*HTt>6M_fQLTPrnL zeVufiGiVAu6Zqc!fL-poo>pLzw!2T?Lb2orc`EUA@)t^XYrlmE5D&fQX}!LDrg)Zc ztIB=3#hLbT<$SZbc%cJkpdI>$rTRr4y;m|3%JWIjABV?~Wg*mv=w0na`zb#S`i6!# zw_*-7)|MxOi(I~jvin6#+#k6EumPM6N^QxCrZJz(N#!T-OVolQpQ{bzamm|K(|IzK zCC~|XAoz!-khFZ)-#;eS^1}!SXA-?}*a)CWyfmd9Oy96I7f&p)zR;hBl1^uVEDD-y}SN$H4f5(74mI(7yenT>+ zA$Z#c8r|M5);3g|(&$q|F^xtVdv{c{1q4VscwCREqTZ@)10H2x=fv?Tx!%Tt#Ivy6 zNF7U?jUVZ~56jvj%>=oRjw}+);=dl(CCyciPetq*P3$yO2^A@4p!+U{d{|FSzY!~A zF}b(Eaud-!=<>(`xU{JZ{Lwfg^L)K>JNwu9?LS%C$M!dzlkph!>n2=pH$JO4v*14$ zLrx1?TcDVx^}?U4x|%ea-Ci1kA0nzD*nk4@eWb6)?{aBz|ak95IBDe)F14tJKT%b&TfQx%nv0!iQNY?;k z>dCwTLN{>g7OD8&aRDYnopIDTQBV1$SF7R%gt?i$sE~ zm&w_RI1D8xzXSUpx!MVFAABmSZw5|@n=yqD|dsQ@hw!oioZ*w*+K#N5K>&h{1hgHF=B)` z%4DCDJm3zb)U8M?p^O^6uCl73;;*Ta`8ymxJIcJkxcu3K;GAHR3We%B$(qva;~lfQ z2JwaIY%W@9VijC~_9pEmtQL&`=7=yp%ozozk6A(vt z`i{F+N9&{bg{k2pZupC}8lo4C_IA+i2e`t=h&bmV$lu&If~fkN6UV{y0)t7PJ;RF< zZqCK0`>%sks@QDFxjS@(+L?95nz>q8A;P;P@B4tU)o*ft+so$-f9cPSbkYIRqY(`s zsZsxT0l#8RH4tY`HP@Gc%>}p3Z?sjBi+0wObSs>+r{Aw_w@!Lv?cqKU*p&N%aKT@tF@WF<%Z>T*S zoX;lxEq&#DiN|C6AKF?V|Btr*G=hqyuU_u1TG4%T*RE_aq=Op%ciAWFU)g6(b^pK0 zKJexXANO>=nn6F5(^1Uk)=^v;3z{+3pLZ~jPCnC|A!_wB%-@W-e|G)h~2n)_15Ytb+Rj%oC!T7}S6}8daT25SlVVr_c3P!(8>J=7pTnR^R zpID^zT&(I(eRvzs}i_&3#0Gy3!Ht-UV$|vq4N9|xOd1F z`Qz$a*%IiP|BA7`tsJ?wcleoG(j99$1lulQ8aNRs*1)n{$a-N-MuIP?^5bt~l@6UA z^uaS6$1eo(Q9*Kq8|T@n@c9a|@fe>IMqc*nvBEi%chb?(AK#5CQQhHtL$LA;LV4U= z4m|}O`mTJ6@t?EH2;GC(FwK=Mdtw~=RC@tvQ$PDw$@>~7^5kHDHqNv%5v~9Ym~!(w z6uYqwbT1Y@if6B$^PSDDGrU79`_dJbRSpyHy|<}X@AJM}w~pHQYkcGJ4SA1_CFGUo zw?uXx#I&11p=?WQb3T6U2C=9H<05($v5Bdll9v1Cl~Z%d$q z2=v0tFQX6^&A2)--O?4{n=Ex}M{B*mSl%T3MWv_R1De0TnMwf@E2r>zpMxgxYt-(upIsVQ=nhnfYL?mfNcFalVWhJhay&fVjhJ;$G5@L>oUWdY{$MZPE_ zpUK707wUw{R{qC)JLYJzpILDmUmPUpy#(V4-ca4TYvGk+F5KB0K;95dCw@()VF^64 zbUz?@-HbtQ!(+{GyDh28!94EMeY#+*AsdHLKm7#i?d$^}Slqu`!g-(WE1X?CV~1#} zKt}Ckl_5F7+*tT=OIpw3T|Yt)w`dp)h>u{sxHg1vG=#H#Qzg(XSdIunuXhNaA^l*x zk&liWzMX_v796LQ(rC4%HkuQeGQtv@g1-6=AWZ3s%}y`VeS^7m2mUp5GOR}kySd7N zUs<+~Q2V&%?+*C_@023!?j)A|1w8AcgSUp9wL0aj4wmrAh7s5#=aEOIX;9ohj z>YM^uD}I-826mQa7_Sw9jYla8?x2*&9z}MAgpOf_H99~_S>7;kro$QP@_?nUa5}Ps zCy({JUs=@!frIYiC9pam5s!+axWF}#2Epg2E_t^XzShED%0d89=>=@|#OpQ0PztPX z1MzQ**Z!sK7(@^z`~Fpt1H}UNF>DxBk>ZIhU?s=?C*EE}Y~g;#4!nUm*5~UAJ!_nC YHRPNa|GyuSxS_b%(!o-QAu;6t0cE1thyVZp literal 0 HcmV?d00001 diff --git a/host/etc/dialogrc b/host/etc/dialogrc new file mode 100644 index 00000000..bb53e1b8 --- /dev/null +++ b/host/etc/dialogrc @@ -0,0 +1,144 @@ +# +# Run-time configuration file for dialog +# +# Automatically generated by "dialog --create-rc " +# +# +# Types of values: +# +# Number - +# String - "string" +# Boolean - +# Attribute - (foreground,background,highlight?) + +# Set aspect-ration. +aspect = 0 + +# Set separator (for multiple widgets output). +separate_widget = "" + +# Set tab-length (for textbox tab-conversion). +tab_len = 0 + +# Make tab-traversal for checklist, etc., include the list. +visit_items = OFF + +# Shadow dialog boxes? This also turns on color. +use_shadow = ON + +# Turn color support ON or OFF +use_colors = ON + +# Screen color +screen_color = (WHITE,MAGENTA,ON) + +# Shadow color +shadow_color = (BLACK,BLACK,ON) + +# Dialog box color +dialog_color = (BLACK,WHITE,OFF) + +# Dialog box title color +title_color = (MAGENTA,WHITE,OFF) + +# Dialog box border color +border_color = (WHITE,WHITE,ON) + +# Active button color +button_active_color = (WHITE,MAGENTA,OFF) + +# Inactive button color +button_inactive_color = dialog_color + +# Active button key color +button_key_active_color = button_active_color + +# Inactive button key color +button_key_inactive_color = (RED,WHITE,OFF) + +# Active button label color +button_label_active_color = (YELLOW,MAGENTA,ON) + +# Inactive button label color +button_label_inactive_color = (BLACK,WHITE,OFF) + +# Input box color +inputbox_color = dialog_color + +# Input box border color +inputbox_border_color = dialog_color + +# Search box color +searchbox_color = dialog_color + +# Search box title color +searchbox_title_color = title_color + +# Search box border color +searchbox_border_color = border_color + +# File position indicator color +position_indicator_color = title_color + +# Menu box color +menubox_color = dialog_color + +# Menu box border color +menubox_border_color = border_color + +# Item color +item_color = dialog_color + +# Selected item color +item_selected_color = button_active_color + +# Tag color +tag_color = title_color + +# Selected tag color +tag_selected_color = button_label_active_color + +# Tag key color +tag_key_color = button_key_inactive_color + +# Selected tag key color +tag_key_selected_color = (RED,MAGENTA,ON) + +# Check box color +check_color = dialog_color + +# Selected check box color +check_selected_color = button_active_color + +# Up arrow color +uarrow_color = (MAGENTA,WHITE,ON) + +# Down arrow color +darrow_color = uarrow_color + +# Item help-text color +itemhelp_color = (WHITE,BLACK,OFF) + +# Active form text color +form_active_text_color = button_active_color + +# Form text color +form_text_color = (WHITE,CYAN,ON) + +# Readonly form item color +form_item_readonly_color = (CYAN,WHITE,ON) + +# Dialog box gauge color +gauge_color = title_color + +# Dialog box border2 color +border2_color = dialog_color + +# Input box border2 color +inputbox_border2_color = dialog_color + +# Search box border2 color +searchbox_border2_color = dialog_color + +# Menu box border2 color +menubox_border2_color = dialog_color diff --git a/host/etc/issue b/host/etc/issue new file mode 100644 index 00000000..30dc8604 --- /dev/null +++ b/host/etc/issue @@ -0,0 +1,20 @@ + +┌──────────────────────────────────────────────┐ +│ _____ ____ _ _ _____ _ ___ │ +│|_ _| | _ \\ ___ | |_ / |___ / |/ _ \\ │ +│ | |_____| |_) / _ \\| __| | | / /| | | | |│ +│ | |_____| __/ (_) | |_ | | / /_| | |_| |│ +│ |_| |_| \\___/ \\__| |_|/_/(_)_|\\___/ │ +│ │ +└──────────────────────────────────────────────┘ + + +,---- [ \n ] [ \d ] [ \t ] +| +| IP: +| SSH: +| WEB: +| +`---- + + diff --git a/host/etc/nginx/nginx.conf b/host/etc/nginx/nginx.conf new file mode 100644 index 00000000..2e3e786e --- /dev/null +++ b/host/etc/nginx/nginx.conf @@ -0,0 +1,96 @@ +user www-data; +worker_processes auto; +pid /run/nginx.pid; + +events { + worker_connections 768; + # multi_accept on; +} + +http { + + ## + # Basic Settings + ## + + sendfile on; + tcp_nopush on; + tcp_nodelay on; + keepalive_timeout 65; + types_hash_max_size 2048; + # server_tokens off; + + # server_names_hash_bucket_size 64; + # server_name_in_redirect off; + + include /etc/nginx/mime.types; + default_type application/octet-stream; + + ## + # SSL Settings + ## + + ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE + ssl_prefer_server_ciphers on; + + ## + # Logging Settings + ## + + log_format le_json '{ "timestamp": "$time_iso8601", ' + '"src_ip": "$remote_addr", ' + '"remote_user": "$remote_user", ' + '"body_bytes_sent": "$body_bytes_sent", ' + '"request_time": "$request_time", ' + '"status": "$status", ' + '"request": "$request", ' + '"request_method": "$request_method", ' + '"http_referrer": "$http_referer", ' + '"http_user_agent": "$http_user_agent" }'; + + access_log /var/log/nginx/access.log le_json; + error_log /var/log/nginx/error.log; + + ## + # Gzip Settings + ## + + gzip on; + gzip_disable "msie6"; + + # gzip_vary on; + # gzip_proxied any; + # gzip_comp_level 6; + # gzip_buffers 16 8k; + # gzip_http_version 1.1; + # gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript; + + ## + # Virtual Host Configs + ## + + include /etc/nginx/conf.d/*.conf; + include /etc/nginx/sites-enabled/*; +} + + +#mail { +# # See sample authentication script at: +# # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript +# +# # auth_http localhost/auth.php; +# # pop3_capabilities "TOP" "USER"; +# # imap_capabilities "IMAP4rev1" "UIDPLUS"; +# +# server { +# listen localhost:110; +# protocol pop3; +# proxy on; +# } +# +# server { +# listen localhost:143; +# protocol imap; +# proxy on; +# } +#} diff --git a/host/etc/nginx/ssl/dhparam4096.pem b/host/etc/nginx/ssl/dhparam4096.pem new file mode 100644 index 00000000..78cbf6d7 --- /dev/null +++ b/host/etc/nginx/ssl/dhparam4096.pem @@ -0,0 +1,13 @@ +-----BEGIN DH PARAMETERS----- +MIICCAKCAgEAiHmfakVLOStSULBdaTbZY/zeFyEeQ19GY9Z5CJg06dIIgIzhxk9L +4xsQdQk8giKOjP6SfX0ZgF5CYaurQ3ljYlP0UlAQQo9+fEErbqj3hCzAxtIpd6Yj +SV6zFdnSjwxWuKAPPywiQNljnHH+Y1KBdbl5VQ9gC3ehtaLo1A4y8q96f6fC5rGU +nfgw4lTxLvPD7NwaOdFTCyK8tTxvUGNJIvf7805IxZ0BvAiBuVaXStaMcqf5BHLP +fYpvIiVaCrtto4elu18nL0tf2CN5n9ai4hlr0nPmNrE/Zrrur78Re5F4Ien9kr4d +xabXvVJJQa9j2NdQO7vk7Cz/dAIiqt/1XKFhll4TTYBqrFVXIwF+FNx636zyOjcO +nlZk/V+IL/UTPnZOv2PGt5+WetvJJubi6B9XgOgVLduI07woAp5qnRJJt6fJW1aA +M86By6WLy5P31Py6eFj8nYgj1V703XgQ5lESKYpeVgqA0bh7daNzOCoGQvvUKlTP +RTu6fs7clw5ta4yYUyvuIKTngH5yGBNdTuP0GWo6Y+Dy1BctVwl2xSw+FhYeuIf/ +EB2A3129H59HhbWyNH337+1dfntHfQRXBsT0YSyDxPurI5/FNGcmw+GZEYk4BB8j +g7TwH3GBjbKnjnr7SnhanqmWgybgQw6oR9gDC399eR4LiOk9sbxpX1MCAQI= +-----END DH PARAMETERS----- diff --git a/host/etc/nginx/ssl/gen-cert.sh b/host/etc/nginx/ssl/gen-cert.sh new file mode 100644 index 00000000..388e51ee --- /dev/null +++ b/host/etc/nginx/ssl/gen-cert.sh @@ -0,0 +1,12 @@ +#!/bin/bash + +# Got root? +myWHOAMI=$(whoami) +if [ "$myWHOAMI" != "root" ] + then + echo "Need to run as root ..." + exit +fi + +openssl req -nodes -x509 -sha512 -newkey rsa:8192 -keyout "nginx.key" -out "nginx.crt" -days 3650 + diff --git a/host/etc/nginx/ssl/gen-dhparam.sh b/host/etc/nginx/ssl/gen-dhparam.sh new file mode 100644 index 00000000..b4af43e6 --- /dev/null +++ b/host/etc/nginx/ssl/gen-dhparam.sh @@ -0,0 +1,16 @@ +#!/bin/bash + +# Got root? +myWHOAMI=$(whoami) +if [ "$myWHOAMI" != "root" ] + then + echo "Need to run as root ..." + exit +fi + +if [ "$1" = "2048" ] || [ "$1" = "4096" ] || [ "$1" = "8192" ] + then + openssl dhparam -outform PEM -out dhparam$1.pem $1 + else + echo "Usage: ./gen-dhparam [2048, 4096, 8192]..." +fi diff --git a/host/etc/nginx/tpotweb.conf b/host/etc/nginx/tpotweb.conf new file mode 100644 index 00000000..00eb95ee --- /dev/null +++ b/host/etc/nginx/tpotweb.conf @@ -0,0 +1,155 @@ +############################################ +### NGINX T-Pot configuration file by mo ### +############################################ + +################################### +### Allow for 60 reloads per minute +################################### +limit_req_zone $binary_remote_addr zone=base:1m rate=1r/s; + +server { + + ######################### + ### Basic server settings + ######################### + listen 64297 ssl http2; + index tpotweb.html; + ssl_protocols TLSv1.2; + server_name example.com; + error_page 300 301 302 400 401 402 403 404 500 501 502 503 504 /error.html; + + + ############################################## + ### Remove version number add different header + ############################################## + server_tokens off; + more_set_headers 'Server: apache'; + + + ############################################## + ### SSL settings and Cipher Suites + ############################################## + ssl_certificate /etc/nginx/ssl/nginx.crt; + ssl_certificate_key /etc/nginx/ssl/nginx.key; + + ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH:!DHE:!SHA:!SHA256'; + ssl_ecdh_curve secp384r1; + ssl_dhparam /etc/nginx/ssl/dhparam4096.pem; + + ssl_prefer_server_ciphers on; + ssl_session_cache shared:SSL:10m; + + + #################################### + ### OWASP recommendations / settings + #################################### + + ### Size Limits & Buffer Overflows + ### the size may be configured based on the needs. + client_body_buffer_size 100K; + client_header_buffer_size 1k; + client_max_body_size 100k; + large_client_header_buffers 2 1k; + + ### Mitigate Slow HHTP DoS Attack + ### Timeouts definition ## + client_body_timeout 10; + client_header_timeout 10; + keepalive_timeout 5 5; + send_timeout 10; + + ### X-Frame-Options is to prevent from clickJacking attack + add_header X-Frame-Options SAMEORIGIN; + + ### disable content-type sniffing on some browsers. + add_header X-Content-Type-Options nosniff; + + ### This header enables the Cross-site scripting (XSS) filter + add_header X-XSS-Protection "1; mode=block"; + + ### This will enforce HTTP browsing into HTTPS and avoid ssl stripping attack + add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;"; + + + ################################## + ### Restrict access and basic auth + ################################## + + # satisfy all; + satisfy any; + + # allow 10.0.0.0/8; + # allow 172.16.0.0/12; + # allow 192.168.0.0/16; + allow 127.0.0.1; + allow ::1; + deny all; + + auth_basic "closed site"; + auth_basic_user_file /etc/nginx/nginxpasswd; + + + ############################## + ### Limit brute-force attempts + ############################## + location = / { + limit_req zone=base burst=1 nodelay; + } + + + ################# + ### Proxied sites + ################# + + ### Kibana + location /kibana/ { + proxy_pass http://localhost:64296; + rewrite /kibana/(.*)$ /$1 break; + } + + ### ES + location /es/ { + proxy_pass http://localhost:64298/; + rewrite /es/(.*)$ /$1 break; + } + + ### head standalone + location /myhead/ { + proxy_pass http://localhost:64302/; + rewrite /myhead/(.*)$ /$1 break; + } + + ### portainer + location /ui { + proxy_pass http://127.0.0.1:64299; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection $http_connection; + proxy_set_header Host $host; + proxy_redirect off; + rewrite /ui/(.*)$ /$1 break; + } + ### web tty + location /wetty { + proxy_pass http://127.0.0.1:64300/wetty; + } + + ### netdata + location /netdata/ { + proxy_pass http://localhost:64301; + rewrite /netdata/(.*)$ /$1 break; + } + + ### spiderfoot + location /spiderfoot { + proxy_pass http://127.0.0.1:64303; + } + + location /static { + proxy_pass http://127.0.0.1:64303/spiderfoot/static; + } + + location /scanviz { + proxy_pass http://127.0.0.1:64303/spiderfoot/scanviz; + } +} diff --git a/host/etc/rc.local b/host/etc/rc.local new file mode 100755 index 00000000..06bd9865 --- /dev/null +++ b/host/etc/rc.local @@ -0,0 +1,2 @@ +#!/bin/bash +exit 0 diff --git a/host/etc/systemd/tpot.service b/host/etc/systemd/tpot.service new file mode 100644 index 00000000..bcad4477 --- /dev/null +++ b/host/etc/systemd/tpot.service @@ -0,0 +1,57 @@ +[Unit] +Description=tpot +Requires=docker.service +After=docker.service + +[Service] +Restart=always +RestartSec=5 + +# Get and set internal, external IP infos, but ignore errors +ExecStartPre=-/opt/tpot/bin/updateip.sh + +# Clear state or if persistence is enabled rotate and compress logs from /data +ExecStartPre=-/bin/bash -c '/opt/tpot/bin/clean.sh on' + +# Remove old containers, images and volumes +ExecStartPre=-/usr/local/bin/docker-compose -f /opt/tpot/etc/tpot.yml down -v +ExecStartPre=-/usr/local/bin/docker-compose -f /opt/tpot/etc/tpot.yml rm -v +ExecStartPre=-/bin/bash -c 'docker volume rm $(docker volume ls -q)' +ExecStartPre=-/bin/bash -c 'docker rm -v $(docker ps -aq)' +ExecStartPre=-/bin/bash -c 'docker rmi $(docker images | grep "" | awk \'{print $3}\')' + +# Get IF, disable offloading, enable promiscious mode for p0f and suricata +ExecStartPre=/bin/bash -c '/sbin/ethtool --offload $(/sbin/ip address | grep "^2: " | awk \'{ print $2 }\' | tr -d [:punct:]) rx off tx off' +ExecStartPre=/bin/bash -c '/sbin/ethtool -K $(/sbin/ip address | grep "^2: " | awk \'{ print $2 }\' | tr -d [:punct:]) gso off gro off' +ExecStartPre=/bin/bash -c '/sbin/ip link set $(/sbin/ip address | grep "^2: " | awk \'{ print $2 }\' | tr -d [:punct:]) promisc on' + +# Modify access rights on docker.sock for netdata +ExecStartPre=-/bin/chmod 666 /var/run/docker.sock + +# Set iptables accept rules to avoid forwarding to honeytrap / NFQUEUE +# Forward all other connections to honeytrap / NFQUEUE +ExecStartPre=/sbin/iptables -w -A INPUT -s 127.0.0.1 -j ACCEPT +ExecStartPre=/sbin/iptables -w -A INPUT -d 127.0.0.1 -j ACCEPT +ExecStartPre=/sbin/iptables -w -A INPUT -p tcp -m multiport --dports 64295:64303,7634 -j ACCEPT +ExecStartPre=/sbin/iptables -w -A INPUT -p tcp -m multiport --dports 20:23,25,42,69,80,135,443,445,1433,1723,1883,1900 -j ACCEPT +ExecStartPre=/sbin/iptables -w -A INPUT -p tcp -m multiport --dports 3306,3389,5060,5061,5601,5900,27017 -j ACCEPT +ExecStartPre=/sbin/iptables -w -A INPUT -p tcp -m multiport --dports 1025,50100,8080,8081,9200 -j ACCEPT +ExecStartPre=/sbin/iptables -w -A INPUT -p tcp --syn -m state --state NEW -j NFQUEUE + +# Compose T-Pot up +ExecStart=/usr/local/bin/docker-compose -f /opt/tpot/etc/tpot.yml up --no-color + +# Compose T-Pot down, remove containers and volumes +ExecStop=/usr/local/bin/docker-compose -f /opt/tpot/etc/tpot.yml down -v + +# Remove only previously set iptables rules +ExecStopPost=/sbin/iptables -w -D INPUT -s 127.0.0.1 -j ACCEPT +ExecStopPost=/sbin/iptables -w -D INPUT -d 127.0.0.1 -j ACCEPT +ExecStopPost=/sbin/iptables -w -D INPUT -p tcp -m multiport --dports 64295:64303,7634 -j ACCEPT +ExecStopPost=/sbin/iptables -w -D INPUT -p tcp -m multiport --dports 20:23,25,42,69,80,135,443,445,1433,1723,1883,1900 -j ACCEPT +ExecStopPost=/sbin/iptables -w -D INPUT -p tcp -m multiport --dports 3306,3389,5060,5061,5601,5900,27017 -j ACCEPT +ExecStopPost=/sbin/iptables -w -D INPUT -p tcp -m multiport --dports 1025,50100,8080,8081,9200 -j ACCEPT +ExecStopPost=/sbin/iptables -w -D INPUT -p tcp --syn -m state --state NEW -j NFQUEUE + +[Install] +WantedBy=multi-user.target diff --git a/host/etc/systemd/wetty.service b/host/etc/systemd/wetty.service new file mode 100644 index 00000000..5f6b9717 --- /dev/null +++ b/host/etc/systemd/wetty.service @@ -0,0 +1,13 @@ +[Unit] +Description=wetty +Requires=sshd.service +After=sshd.service + +[Service] +Restart=always +User=tsec +Group=tsec +ExecStart=/usr/bin/node /usr/local/lib/node_modules/wetty/app.js -p 64300 --host 127.0.0.1 --sshhost 127.0.0.1 --sshport 64295 + +[Install] +WantedBy=multi-user.target diff --git a/host/usr/share/dict/a.txt b/host/usr/share/dict/a.txt new file mode 100644 index 00000000..a663034c --- /dev/null +++ b/host/usr/share/dict/a.txt @@ -0,0 +1,1466 @@ +average +big +colossal +fat +giant +gigantic +great +huge +immense +large +little +long +mammoth +massive +miniature +petite +puny +short +small +tall +tiny +boiling +breezy +broken +bumpy +chilly +cold +cool +creepy +crooked +cuddly +curly +damaged +damp +dirty +dry +dusty +filthy +flaky +fluffy +wet +broad +chubby +crooked +curved +deep +flat +high +hollow +low +narrow +round +shallow +skinny +square +steep +straight +wide +ancient +brief +early +fast +late +long +modern +old +oldfashioned +quick +rapid +short +slow +swift +young +abundant +empty +few +heavy +light +many +numerous +Sound +cooing +deafening +faint +harsh +highpitched +hissing +hushed +husky +loud +melodic +moaning +mute +noisy +purring +quiet +raspy +resonant +screeching +shrill +silent +soft +squealing +thundering +voiceless +whispering +bitter +delicious +fresh +juicy +ripe +rotten +salty +sour +spicy +stale +sticky +strong +sweet +tasteless +tasty +thirsty +fluttering +fuzzy +greasy +grubby +hard +hot +icy +loose +melted +plastic +prickly +rainy +rough +scattered +shaggy +shaky +sharp +shivering +silky +slimy +slippery +smooth +soft +solid +steady +sticky +tender +tight +uneven +weak +wet +wooden +afraid +angry +annoyed +anxious +arrogant +ashamed +awful +bad +bewildered +bored +combative +condemned +confused +creepy +cruel +dangerous +defeated +defiant +depressed +disgusted +disturbed +eerie +embarrassed +envious +evil +fierce +foolish +frantic +frightened +grieving +helpless +homeless +hungry +hurt +ill +jealous +lonely +mysterious +naughty +nervous +obnoxious +outrageous +panicky +repulsive +scary +scornful +selfish +sore +tense +terrible +thoughtless +tired +troubled +upset +uptight +weary +wicked +worried +agreeable +amused +brave +calm +charming +cheerful +comfortable +cooperative +courageous +delightful +determined +eager +elated +enchanting +encouraging +energetic +enthusiastic +excited +exuberant +fair +faithful +fantastic +fine +friendly +funny +gentle +glorious +good +happy +healthy +helpful +hilarious +jolly +joyous +kind +lively +lovely +lucky +obedient +perfect +pleasant +proud +relieved +silly +smiling +splendid +successful +thoughtful +victorious +vivacious +witty +wonderful +zealous +zany +other +good +new +old +great +high +small +different +large +local +social +important +long +young +national +british +right +early +possible +big +little +political +able +late +general +full +far +low +public +available +bad +main +sure +clear +major +economic +only +likely +real +black +particular +international +special +difficult +certain +open +whole +white +free +short +easy +strong +european +central +similar +human +common +necessary +single +personal +hard +private +poor +financial +wide +foreign +simple +recent +concerned +american +various +close +fine +english +wrong +present +royal +natural +individual +nice +french +following +current +modern +labour +legal +happy +final +red +normal +serious +previous +total +prime +significant +industrial +sorry +dead +specific +appropriate +top +soviet +basic +military +original +successful +aware +hon +popular +heavy +professional +direct +dark +cold +ready +green +useful +effective +western +traditional +scottish +german +independent +deep +interesting +considerable +involved +physical +left +hot +existing +responsible +complete +medical +blue +extra +past +male +interested +fair +essential +beautiful +civil +primary +obvious +future +environmental +positive +senior +nuclear +annual +relevant +huge +rich +commercial +safe +regional +practical +official +separate +key +chief +regular +due +additional +active +powerful +complex +standard +impossible +light +warm +middle +fresh +sexual +front +domestic +actual +united +technical +ordinary +cheap +strange +internal +excellent +quiet +soft +potential +northern +religious +quick +very +famous +cultural +proper +broad +joint +formal +limited +conservative +lovely +usual +ltd +unable +rural +initial +substantial +christian +bright +average +leading +reasonable +immediate +suitable +equal +detailed +working +overall +female +afraid +democratic +growing +sufficient +scientific +eastern +correct +inc +irish +expensive +educational +mental +dangerous +critical +increased +familiar +unlikely +double +perfect +slow +tiny +dry +historical +thin +daily +southern +increasing +wild +alone +urban +empty +married +narrow +liberal +supposed +upper +apparent +tall +busy +bloody +prepared +russian +moral +careful +clean +attractive +japanese +vital +thick +alternative +fast +ancient +elderly +rare +external +capable +brief +wonderful +grand +typical +entire +grey +constant +vast +surprised +ideal +terrible +academic +funny +minor +pleased +severe +ill +corporate +negative +permanent +weak +brown +fundamental +odd +crucial +inner +used +criminal +contemporary +sharp +sick +near +roman +massive +unique +secondary +parliamentary +african +unknown +subsequent +angry +alive +guilty +lucky +enormous +well +communist +yellow +unusual +net +longterm +tough +dear +extensive +glad +remaining +agricultural +alright +healthy +italian +principal +tired +efficient +comfortable +chinese +relative +friendly +conventional +willing +sudden +proposed +voluntary +slight +valuable +dramatic +golden +temporary +federal +keen +flat +silent +indian +videotaped +worried +pale +statutory +welsh +dependent +firm +wet +competitive +armed +radical +outside +acceptable +sensitive +living +pure +global +emotional +sad +secret +rapid +adequate +fixed +sweet +administrative +wooden +remarkable +comprehensive +surprising +solid +rough +mere +mass +brilliant +maximum +absolute +tory +electronic +visual +electric +cool +spanish +literary +continuing +supreme +chemical +genuine +exciting +written +stupid +advanced +extreme +classical +fit +favourite +socialist +widespread +confident +straight +catholic +proud +numerous +opposite +distinct +mad +helpful +given +disabled +consistent +anxious +nervous +awful +stable +constitutional +satisfied +conscious +developing +strategic +holy +smooth +dominant +remote +theoretical +outstanding +pink +pretty +clinical +minimum +honest +impressive +related +residential +extraordinary +plain +visible +accurate +distant +still +greek +complicated +musical +precise +gentle +broken +live +silly +fat +tight +monetary +round +psychological +violent +unemployed +inevitable +junior +sensible +grateful +pleasant +dirty +structural +welcome +socalled +deaf +above +continuous +blind +overseas +mean +entitled +delighted +loose +occasional +evident +desperate +fellow +universal +square +steady +classic +equivalent +intellectual +victorian +level +ultimate +creative +lost +medieval +clever +linguistic +convinced +judicial +raw +sophisticated +asleep +vulnerable +illegal +outer +revolutionary +bitter +changing +australian +native +imperial +strict +wise +informal +flexible +collective +frequent +experimental +spiritual +intense +rational +ethnic +generous +inadequate +prominent +logical +bare +historic +modest +dutch +acute +electrical +valid +weekly +gross +automatic +loud +reliable +mutual +liable +multiple +ruling +curious +arab +sole +jewish +managing +pregnant +latin +nearby +exact +underlying +identical +satisfactory +marginal +distinctive +electoral +urgent +presidential +controversial +oral +everyday +encouraging +organic +continued +expected +statistical +desirable +innocent +improved +exclusive +marked +experienced +unexpected +superb +sheer +disappointed +frightened +fulltime +gastric +capitalist +romantic +naked +reluctant +magnificent +convenient +established +closed +uncertain +artificial +diplomatic +tremendous +marine +mechanical +retail +institutional +mixed +required +biological +known +functional +straightforward +superior +digital +parttime +spectacular +unhappy +confused +unfair +aggressive +spare +painful +abstract +asian +associated +legislative +monthly +intelligent +hungry +explicit +nasty +just +faint +coloured +ridiculous +amazing +comparable +successive +workingclass +realistic +back +decent +unnecessary +flying +fucking +random +influential +dull +genetic +neat +marvellous +crazy +damp +giant +secure +bottom +skilled +subtle +elegant +brave +lesser +parallel +steep +intensive +casual +tropical +lonely +partial +preliminary +concrete +alleged +assistant +vertical +upset +delicate +mild +occupational +excessive +progressive +iraqi +exceptional +integrated +striking +continental +okay +harsh +combined +fierce +handsome +characteristic +chronic +compulsory +interim +objective +splendid +magic +shortterm +systematic +obliged +payable +fun +horrible +primitive +fascinating +ideological +metropolitan +surrounding +estimated +peaceful +premier +operational +technological +kind +advisory +hostile +precious +gay +accessible +determined +excited +impressed +provincial +smart +endless +isolated +postwar +drunk +geographical +like +dynamic +boring +forthcoming +unfortunate +definite +super +notable +indirect +stiff +wealthy +awkward +lively +neutral +artistic +content +mature +colonial +ambitious +evil +magnetic +verbal +legitimate +sympathetic +wellknown +empirical +head +shallow +vague +naval +depressed +shared +added +shocked +mid +worthwhile +qualified +missing +blank +absent +favourable +polish +israeli +developed +profound +representative +enthusiastic +dreadful +rigid +reduced +cruel +coastal +peculiar +racial +ugly +swiss +crude +extended +selected +eager +feminist +canadian +bold +relaxed +corresponding +running +planned +applicable +immense +allied +comparative +uncomfortable +conservation +productive +beneficial +bored +charming +minimal +mobile +turkish +orange +rear +passive +suspicious +overwhelming +fatal +resulting +symbolic +registered +neighbouring +calm +irrelevant +patient +compact +profitable +rival +loyal +moderate +distinguished +interior +noble +insufficient +eligible +mysterious +varying +middleclass +managerial +molecular +olympic +linear +prospective +printed +parental +diverse +elaborate +furious +fiscal +burning +useless +semantic +embarrassed +inherent +philosophical +deliberate +awake +variable +promising +unpleasant +varied +sacred +selective +inclined +tender +hidden +worthy +intermediate +sound +protective +fortunate +slim +islamic +defensive +divine +stuck +driving +invisible +misleading +circular +mathematical +inappropriate +liquid +persistent +solar +doubtful +manual +architectural +intact +incredible +devoted +prior +tragic +respectable +optimistic +convincing +unacceptable +decisive +competent +spatial +respective +binding +relieved +nursing +toxic +select +redundant +integral +then +probable +amateur +fond +passing +specified +territorial +horizontal +oldfashioned +inland +cognitive +regulatory +miserable +resident +polite +scared +marxist +gothic +civilian +instant +lengthy +adverse +korean +unconscious +anonymous +aesthetic +orthodox +static +unaware +costly +fantastic +foolish +fashionable +causal +compatible +wee +implicit +dual +ok +cheerful +subjective +forward +surviving +exotic +purple +cautious +visiting +aggregate +ethical +protestant +teenage +largescale +dying +disastrous +delicious +confidential +underground +thorough +grim +autonomous +atomic +frozen +colourful +injured +uniform +ashamed +glorious +wicked +coherent +rising +shy +novel +balanced +delightful +arbitrary +adjacent +psychiatric +worrying +weird +unchanged +rolling +evolutionary +intimate +sporting +disciplinary +formidable +lexical +noisy +gradual +accused +homeless +supporting +coming +renewed +excess +retired +rubber +chosen +outdoor +embarrassing +preferred +bizarre +appalling +agreed +imaginative +governing +accepted +vocational +palestinian +mighty +puzzled +worldwide +handicapped +organisational +sunny +eldest +eventual +spontaneous +vivid +rude +nineteenthcentury +faithful +ministerial +innovative +controlled +conceptual +unwilling +civic +meaningful +disturbing +alive +brainy +breakable +busy +careful +cautious +clever +concerned +crazy +curious +dead +different +difficult +doubtful +easy +famous +fragile +helpful +helpless +important +impossible +innocent +inquisitive +modern +open +outstanding +poor +powerful +puzzled +real +rich +shy +sleepy +stupid +super +tame +uninterested +wandering +wild +wrong +adorable +alert +average +beautiful +blonde +bloody +blushing +bright +clean +clear +cloudy +colorful +crowded +cute +dark +drab +distinct +dull +elegant +fancy +filthy +glamorous +gleaming +graceful +grotesque +homely +light +misty +motionless +muddy +plain +poised +quaint +shiny +smoggy +sparkling +spotless +stormy +strange +ugly +unsightly +unusual +bad +better +beautiful +big +black +blue +bright +clumsy +crazy +dizzy +dull +fat +frail +friendly +funny +great +green +gigantic +gorgeous +grumpy +handsome +happy +horrible +itchy +jittery +jolly +kind +long +lazy +magnificent +magenta +many +mighty +mushy +nasty +new +nice +nosy +nutty +nutritious +odd +orange +ordinary +pretty +precious +prickly +purple +quaint +quiet +quick +quickest +rainy +rare +ratty +red +roasted +robust +round +sad +scary +scrawny +short +silly +stingy +strange +striped +spotty +tart +tall +tame +tan +tender +testy +tricky +tough +ugly +ugliest +vast +watery +wasteful +wideeyed +wonderful +yellow +yummy +zany diff --git a/host/usr/share/dict/n.txt b/host/usr/share/dict/n.txt new file mode 100644 index 00000000..0e5f2c37 --- /dev/null +++ b/host/usr/share/dict/n.txt @@ -0,0 +1,4401 @@ +aardvark +abacus +abbey +abdomen +ability +abolishment +abroad +accelerant +accelerator +accident +accompanist +accordion +account +accountant +achieve +achiever +acid +acknowledgment +acoustic +acoustics +acrylic +act +action +active +activity +actor +actress +acupuncture +ad +adapter +addiction +addition +address +adjustment +administration +adrenalin +adult +advancement +advantage +advertisement +advertising +advice +affair +affect +afghanistan +africa +aftermath +afternoon +aftershave +aftershock +afterthought +age +agency +agenda +agent +aglet +agreement +air +airbag +airbus +airfare +airforce +airline +airmail +airplane +airport +airship +alarm +alb +albatross +alcohol +alcove +alder +algebra +algeria +alibi +allergist +alley +alligator +alloy +almanac +almond +alpaca +alpenglow +alpenhorn +alpha +alphabet +alternative +altitude +alto +aluminium +aluminum +ambassador +ambition +ambulance +amendment +america +amount +amusement +anagram +analgesia +analog +analysis +analyst +anatomy +anesthesiology +anethesiologist +anger +angiosperm +angle +angora +angstrom +anguish +animal +anime +ankle +anklet +annual +anorak +answer +ant +antarctica +anteater +antechamber +antelope +anthony +anthropology +antler +anxiety +anybody +anything +anywhere +apartment +ape +aperitif +apology +apparatus +apparel +appeal +appearance +appendix +apple +applewood +appliance +application +appointment +approval +april +apron +apse +aquarius +aquifer +arch +archaeology +archeology +archer +architect +architecture +archrival +area +argentina +argument +aries +arithmetic +arm +armadillo +armament +armchair +armoire +armor +armrest +army +arrival +arrow +art +artichoke +article +artificer +ascot +ash +ashram +ashtray +asia +asparagus +aspect +asphalt +assignment +assistance +assistant +associate +association +assumption +asterisk +astrakhan +astrolabe +astrologer +astrology +astronomy +atelier +athelete +athlete +atm +atmosphere +atom +atrium +attachment +attack +attempt +attendant +attention +attenuation +attic +attitude +attorney +attraction +audience +auditorium +august +aunt +australia +author +authorisation +authority +authorization +automaton +avalanche +avenue +average +awareness +azimuth +babe +babies +baboon +babushka +baby +back +backbone +backdrop +backpack +bacon +bad +badge +badger +bafflement +bag +bagel +bagpipe +bagpipes +bail +bait +bake +baker +bakery +bakeware +balaclava +balalaika +balance +balcony +balinese +ball +balloon +ballpark +bamboo +banana +band +bandana +bandanna +bandolier +bangladesh +bangle +banjo +bank +bankbook +banker +banquette +baobab +bar +barbara +barbeque +barber +barbiturate +barge +baritone +barium +barn +barometer +barracks +barstool +base +baseball +basement +basin +basis +basket +basketball +bass +bassinet +bassoon +bat +bath +bather +bathhouse +bathrobe +bathroom +bathtub +batter +battery +batting +battle +battleship +bay +bayou +beach +bead +beak +beam +bean +beanie +beanstalk +bear +beard +beast +beat +beautician +beauty +beaver +bed +bedroom +bee +beech +beef +beer +beet +beetle +beggar +beginner +begonia +behavior +beheading +behest +belfry +belief +believe +bell +belligerency +bellows +belly +belt +bench +bend +beneficiary +benefit +bengal +beret +berry +bestseller +bestseller +betty +beverage +beyond +bibliography +bicycle +bid +bidet +bifocals +big +bigrig +bijou +bike +bikini +bill +billboard +bin +biology +biplane +birch +bird +birdbath +birdcage +birdhouse +birdwatcher +birth +birthday +bit +bite +black +blackberry +blackboard +blackfish +bladder +blade +blame +blank +blanket +blazer +blight +blinker +blister +blizzard +block +blocker +blood +bloodflow +bloom +bloomers +blossom +blouse +blow +blowgun +blowhole +blue +blueberry +boar +board +boat +boatbuilding +boatload +boatyard +bobcat +body +bog +bolero +bolt +bomb +bomber +bondsman +bone +bongo +bonnet +bonsai +bonus +boogeyman +book +bookcase +bookend +booklet +booster +boot +bootee +bootie +boots +booty +border +bore +bosom +botany +bottle +bottling +bottom +bottomline +boudoir +bough +boundary +bow +bower +bowl +bowler +bowling +bowtie +box +boxer +boxspring +boy +boyfriend +bra +brace +bracelet +bracket +brain +brake +branch +brand +brandy +brass +brassiere +bratwurst +brazil +bread +breadcrumb +break +breakfast +breakpoint +breast +breastplate +breath +breeze +bribery +brick +bricklaying +bridge +brief +briefs +brilliant +british +broccoli +brochure +broiler +broker +brome +bronchitis +bronco +bronze +brooch +brood +brook +broom +brother +brotherinlaw +brow +brown +brush +brushfire +brushing +bubble +bucket +buckle +bud +budget +buffer +buffet +bug +buggy +bugle +building +bulb +bull +bulldozer +bullet +bullfighter +bumper +bun +bunch +bungalow +bunghole +bunkhouse +burglar +burlesque +burma +burn +burnout +burst +bus +bush +business +bust +bustle +butane +butcher +butter +button +buy +buyer +buzzard +cabana +cabbage +cabin +cabinet +cable +caboose +cacao +cactus +caddy +cadet +cafe +caftan +cake +calcification +calculation +calculator +calculus +calendar +calf +calico +call +calm +camel +cameo +camera +camp +campaign +campanile +can +canada +canal +cancel +cancer +candelabra +candidate +candle +candy +cane +cannon +canoe +canon +canopy +canteen +canvas +cap +cape +capital +capitulation +capon +cappelletti +cappuccino +capricorn +captain +caption +car +caravan +carbon +card +cardboard +cardigan +care +cargo +carload +carnation +carol +carotene +carp +carpenter +carpet +carport +carriage +carrier +carrot +carry +cart +cartilage +cartload +cartoon +cartridge +cascade +case +casement +cash +cashier +casino +casserole +cassock +cast +castanet +castanets +castle +cat +catacomb +catamaran +category +caterpillar +cathedral +catsup +cattle +cauliflower +cause +caution +cave +cclamp +cd +ceiling +celebration +celeriac +celery +celeste +cell +cellar +cello +celsius +cement +cemetery +cenotaph +census +cent +centenarian +center +centimeter +centurion +century +cephalopod +ceramic +cereal +certification +cesspool +chador +chafe +chain +chainstay +chair +chairlift +chairman +chairperson +chairwoman +chaise +chalet +chalice +chalk +champion +championship +chance +chandelier +change +channel +chap +chapel +chapter +character +chard +charge +charity +charlatan +charles +charm +chart +chastity +chasuble +chateau +chauffeur +chauvinist +check +checkroom +cheek +cheese +cheetah +chef +chemistry +cheque +cherries +cherry +chess +chest +chick +chicken +chicory +chief +chiffonier +child +childhood +children +chill +chime +chimpanzee +chin +china +chinese +chino +chipmunk +chitchat +chivalry +chive +chocolate +choice +choker +chop +chopstick +chord +chowder +christmas +christopher +chrome +chromolithograph +chronograph +chronometer +chub +chug +church +churn +cicada +cigarette +cinema +circle +circulation +circumference +cirrus +citizenship +city +civilisation +clam +clank +clapboard +clarinet +clasp +class +classroom +claus +clave +clavicle +clavier +cleaner +cleat +cleavage +clef +cleric +clerk +click +client +cliff +climate +climb +clip +clipper +cloak +cloakroom +clock +clockwork +clogs +cloister +close +closet +cloth +clothes +clothing +cloud +cloudburst +cloudy +clove +clover +club +clutch +coach +coal +coast +coat +cob +cobweb +cockpit +cockroach +cocktail +cocoa +cod +codon +codpiece +coevolution +coffee +coffin +coil +coin +coinsurance +coke +cold +coliseum +collar +collection +college +collision +colloquia +colombia +colon +colonisation +colony +color +colt +column +columnist +comb +combat +combination +comfort +comfortable +comic +comma +command +commercial +commission +committee +communicant +communication +community +company +comparison +competition +competitor +complaint +complement +complex +component +comportment +composer +composition +compost +compulsion +computer +comradeship +concept +concert +conclusion +concrete +condition +condominium +condor +conductor +cone +confectionery +conference +confidence +confirmation +conflict +confusion +conga +congo +congressman +congressperson +congresswoman +conifer +connection +consent +consequence +console +consonant +conspirator +constant +constellation +construction +consul +consulate +contactlens +contagion +contest +context +continent +contract +contrail +contrary +contribution +control +convection +conversation +convert +convertible +cook +cookie +cooking +coonskin +cope +copout +copper +coproducer +copy +copyright +copywriter +cord +corduroy +cork +cormorant +corn +cornerstone +cornet +corral +correspondent +corridor +corsage +cost +costume +cot +cottage +cotton +couch +cougar +cough +council +councilman +councilor +councilperson +councilwoman +counter +counterforce +countess +country +county +couple +courage +course +court +cousin +covariate +cover +coverall +cow +cowbell +cowboy +crab +crack +cracker +crackers +cradle +craftsman +crash +crate +cravat +craw +crawdad +crayfish +crayon +cream +creative +creator +creature +creche +credenza +credit +creditor +creek +cremebrulee +crest +crew +crib +cribbage +cricket +cricketer +crime +criminal +crinoline +criteria +criterion +criticism +crocodile +crocus +croissant +crook +crop +cross +crosscontamination +crossstitch +crotch +croup +crow +crowd +crown +crude +crush +cry +crystallography +cub +cuban +cuckoo +cucumber +cufflinks +cultivar +cultivator +culture +culvert +cummerbund +cup +cupboard +cupcake +cupola +curio +curl +curler +currency +current +cursor +curtain +curve +cushion +custard +custodian +customer +cut +cuticle +cutlet +cutover +cutting +cyclamen +cycle +cyclone +cylinder +cymbal +cymbals +cynic +cyst +cytoplasm +dad +daffodil +dagger +dahlia +daisy +damage +dame +dance +dancer +danger +daniel +dark +dart +dash +dashboard +data +database +date +daughter +david +day +daybed +dead +deadline +deal +dealer +dear +death +deathwatch +deborah +debt +debtor +decade +december +decimal +decision +deck +declination +decongestant +decrease +decryption +dedication +deer +defense +deficit +definition +deformation +degree +delete +delivery +demand +demur +den +denim +dentist +deodorant +department +departure +dependent +deployment +deposit +depression +depressive +depth +deputy +derby +derrick +description +desert +design +designer +desire +desk +dessert +destiny +destroyer +destruction +detail +detainment +detective +detention +determination +development +deviance +device +dew +dhow +diadem +diamond +diaphragm +diarist +dibble +dickey +dictaphone +diction +dictionary +diet +dietician +difference +differential +difficulty +digestion +digger +digital +dilapidation +dill +dime +dimension +dimple +diner +dinghy +dinner +dinosaur +diploma +dipstick +direction +director +dirndl +dirt +disadvantage +disarmament +disaster +disco +disconnection +discount +discovery +discrepancy +discussion +disease +disembodiment +disengagement +disguise +disgust +dish +dishes +dishwasher +disk +display +disposer +distance +distribution +distributor +district +divan +diver +divide +divider +diving +division +dock +doctor +document +doe +dog +dogsled +dogwood +doll +dollar +dolman +dolphin +domain +donald +donkey +donna +door +doorknob +doorpost +dorothy +dory +dot +double +doubling +doubt +doubter +downforce +downgrade +downtown +draft +dragon +dragonfly +dragster +drain +drake +drama +dramaturge +draw +drawbridge +drawer +drawing +dream +dredger +dress +dresser +dressing +drill +drink +drive +driver +driveway +driving +drizzle +dromedary +drop +drug +drum +drummer +drunk +dry +dryer +duck +duckling +dud +duffel +dugout +dulcimer +dumbwaiter +dumptruck +dunebuggy +dungarees +dungeon +duplexer +dust +duststorm +duster +duty +dwarf +dwelling +dynamo +eagle +ear +eardrum +earmuffs +earplug +earrings +earth +earthquake +earthworm +ease +easel +east +eave +eavesdropper +ebook +ecclesia +eclipse +ecliptic +economics +ecumenist +eddy +edge +edger +editor +editorial +education +edward +eel +effacement +effect +effective +efficacy +efficiency +effort +egg +egghead +eggnog +eggplant +egypt +eight +ejector +elbow +election +electrocardiogram +element +elephant +elevator +elixir +elizabeth +elk +ellipse +elm +elongation +embossing +emergence +emergent +emery +emotion +emphasis +employ +employee +employer +employment +empowerment +emu +encirclement +encyclopedia +end +endothelium +enemy +energy +engine +engineer +engineering +english +enigma +enquiry +entertainment +enthusiasm +entrance +entry +environment +epauliere +epee +ephemera +ephemeris +epoch +eponym +epoxy +equinox +equipment +era +ereader +error +escape +espadrille +espalier +establishment +estate +estimate +estrogen +estuary +ethernet +ethiopia +euphonium +eurocentrism +europe +evaluator +evening +eveningwear +event +eviction +evidence +evocation +exam +examination +examiner +example +exchange +excitement +exclamation +excuse +executor +exhaust +exhusband +exile +existence +exit +expansion +expansionism +experience +expert +explanation +exposition +expression +extension +extent +extreme +exwife +eye +eyeball +eyebrow +eyebrows +eyeglasses +eyelash +eyelashes +eyelid +eyelids +eyeliner +eyestrain +face +facelift +facet +facilities +facsimile +fact +factor +factory +faculty +fahrenheit +failure +fairies +fairy +fall +fallingout +familiar +family +fan +fang +fanlight +fanny +fannypack +farm +farmer +fascia +fat +father +fatherinlaw +fatigues +faucet +fault +fawn +fax +fear +feast +feather +feature +february +fedelini +fedora +feed +feedback +feeling +feet +felony +female +fen +fence +fencing +fender +ferry +ferryboat +fertilizer +few +fiber +fiberglass +fibre +fiction +fiddle +field +fifth +fight +fighter +figurine +file +fill +filly +filth +final +finance +find +finding +fine +finger +fingernail +finisher +fir +fire +fireman +fireplace +firewall +fish +fishbone +fisherman +fishery +fishing +fishmonger +fishnet +fisting +fix +fixture +flag +flame +flanker +flare +flash +flat +flatboat +flavor +flax +fleck +fleece +flesh +flight +flintlock +flipflops +flock +flood +floor +floozie +flower +flu +flugelhorn +fluke +flute +fly +flytrap +foam +fob +focus +fog +fold +folder +fondue +font +food +foot +football +footnote +footrest +footrest +footstool +foray +force +forearm +forebear +forecast +forehead +forest +forestry +forgery +fork +form +formal +format +former +fort +fortnight +fortress +fortune +forum +foundation +fountain +fowl +fox +foxglove +fragrance +frame +france +fratricide +fraudster +frazzle +freckle +freedom +freeplay +freeze +freezer +freight +freighter +french +freon +fresco +friction +friday +fridge +friend +friendship +frigate +fringe +frock +frog +front +frost +frown +fruit +frustration +fuel +fulfillment +full +function +fundraising +funeral +funny +fur +furnace +furniture +fusarium +futon +future +gaffer +gaiters +gale +gallbladder +galleon +gallery +galley +gallon +galoshes +game +gamebird +gammaray +gander +gap +garage +garb +garbage +garden +garlic +garment +garter +gas +gasoline +gastropod +gate +gateway +gather +gauge +gauntlet +gazebo +gazelle +gear +gearshift +geese +gelding +gem +gemini +gemsbok +gender +gene +general +genetics +geography +geology +geometry +george +geranium +gerbil +geriatrician +german +germany +geyser +ghana +gherkin +ghost +giant +gigantism +ginseng +giraffe +girdle +girl +girlfriend +git +glad +gladiolus +gland +glass +glasses +glen +glider +gliding +glockenspiel +glove +gloves +glue +glut +goal +goat +gobbler +godmother +goggles +gokart +gold +goldfish +golf +gondola +gong +good +goodbye +goodbye +goodie +goose +gopher +goretex +gorilla +gosling +governance +government +governor +gown +grabbag +grade +grain +gram +granddaughter +grandfather +grandmom +grandmother +grandson +granny +grape +grapefruit +graph +graphic +grass +grasshopper +grassland +gray +grease +great +greatgrandfather +greatgrandmother +greece +greek +green +greenhouse +grenade +grey +grief +grill +grip +grit +grocery +ground +group +grouper +grouse +growth +guarantee +guatemalan +guest +guestbook +guidance +guide +guilty +guitar +guitarist +gum +gumshoes +gun +gutter +guy +gym +gymnast +gynaecology +gyro +hacienda +hacksaw +hackwork +hail +hair +haircut +half +halfbrother +halfsister +halibut +hall +hallway +hamaki +hamburger +hammer +hammock +hamster +hand +handball +handholding +handicap +handle +handlebar +handmaiden +handsaw +hang +harbor +harbour +hardboard +hardcover +hardening +hardhat +hardhat +hardware +harm +harmonica +harmony +harp +harpooner +harpsichord +hassock +hat +hatbox +hatchet +hate +haunt +haversack +hawk +hay +head +headlight +headline +headrest +health +hearing +heart +heartache +hearth +hearthside +heartthrob +heartwood +heat +heater +heaven +heavy +hedge +hedgehog +heel +height +heirloom +helen +helicopter +helium +hell +hellcat +helmet +helo +help +hemp +hen +herb +heron +herring +hexagon +heyday +hide +high +highlight +highrise +highway +hill +himalayan +hip +hippodrome +hippopotamus +historian +history +hit +hive +hobbies +hobbit +hobby +hockey +hoe +hog +hold +hole +holiday +home +homework +homogenate +homonym +honey +honeybee +honoree +hood +hoof +hook +hope +hops +horn +hornet +horse +hose +hosiery +hospice +hospital +host +hostel +hostess +hot +hotdog +hotel +hour +hourglass +house +houseboat +housing +hovel +hovercraft +howitzer +hub +hubcap +hugger +human +humidity +humor +hunger +hurdler +hurricane +hurry +hurt +husband +hut +hutch +hyacinth +hybridisation +hydrant +hydraulics +hydrofoil +hydrogen +hyena +hygienic +hyphenation +hypochondria +hypothermia +ice +icebreaker +icecream +icecream +icicle +icon +idea +ideal +igloo +ikebana +illegal +image +imagination +impact +implement +importance +impress +impression +imprisonment +improvement +impudence +impulse +inbox +incandescence +inch +income +increase +independence +independent +index +india +indication +indigence +indonesia +industry +infancy +inflammation +inflation +information +infusion +inglenook +ingrate +initial +initiative +injoke +injury +ink +inlaws +inlay +inn +innervation +innocent +input +inquiry +inscription +insect +inside +insolence +inspection +inspector +instance +instruction +instrument +instrumentalist +instrumentation +insulation +insurance +insurgence +intelligence +intention +interaction +interactive +interest +interferometer +interior +interloper +internal +internet +interpreter +intervenor +interview +interviewer +intestine +intestines +introduction +invention +inventor +inventory +investment +invite +invoice +iPad +iran +iraq +iridescence +iris +iron +ironclad +island +israel +issue +italy +jackal +jacket +jaguar +jail +jailhouse +jam +james +january +japan +japanese +jar +jasmine +jason +jaw +jeans +jeep +jeff +jelly +jellyfish +jennifer +jet +jewel +jewelry +jiffy +job +jockey +jodhpurs +joey +jogging +john +join +joke +joseph +jot +journey +judge +judgment +judo +juggernaut +juice +july +jumbo +jump +jumper +jumpsuit +june +junior +junk +junker +junket +jury +justice +jute +kale +kamikaze +kangaroo +karate +karen +kayak +kazoo +kendo +kenneth +kenya +ketch +ketchup +kettle +kettledrum +kevin +key +keyboard +keyboarding +keystone +kick +kickoff +kid +kidney +kidneys +kielbasa +kill +kilogram +kilometer +kilt +kimberly +kimono +kind +king +kingfish +kiosk +kiss +kitchen +kite +kitten +kitty +kleenex +klomps +knee +kneejerk +knickers +knife +knifeedge +knight +knitting +knot +knowledge +knuckle +koala +kohlrabi +korean +lab +laborer +lace +lacquerware +ladder +lady +ladybug +lake +lamb +lamp +lan +lanai +land +landform +landmine +language +lantern +lap +laparoscope +lapdog +laptop +larch +larder +lark +laryngitis +lasagna +latency +latex +lathe +latte +laugh +laundry +laura +law +lawn +lawsuit +lawyer +layer +lead +leader +leadership +leaf +league +leaker +learning +leash +leather +leaver +lecture +leek +leg +legal +legging +legume +lei +lemon +lemonade +lemur +length +lentil +leo +leopard +leotard +leprosy +let +letter +lettuce +level +lever +leverage +libra +librarian +library +license +lier +life +lift +light +lighting +lightning +lilac +lily +limit +limo +line +linen +liner +link +linseed +lion +lip +lipstick +liquid +liquor +lisa +list +literature +litigation +litter +liver +living +lizard +llama +loaf +loafer +loan +lobotomy +lobster +location +lock +locker +locket +locomotive +locust +loft +log +loggia +loincloth +look +loss +lot +lotion +lounge +lout +love +low +loyalty +luck +luggage +lumber +lumberman +lunch +luncheonette +lunchroom +lung +lunge +lute +luttuce +lycra +lye +lymphocyte +lynx +lyocell +lyre +lyric +macadamia +macaroni +machine +macrame +macrofauna +maelstrom +maestro +magazine +magic +magician +maid +maiden +mail +mailbox +mailman +maintenance +major +majorleague +makeup +malaysia +male +mall +mallet +mambo +mammoth +man +management +manager +mandarin +mandolin +mangrove +manhunt +maniac +manicure +manner +manor +mansard +manservant +mansion +mantel +mantle +mantua +manufacturer +manx +map +maple +maraca +maracas +marble +march +mare +margaret +margin +maria +mariachi +marimba +mark +market +marketing +marksman +marriage +marsh +marshland +marxism +mary +mascara +mask +mass +massage +master +mastication +mastoid +mat +match +material +math +mattock +mattress +maximum +may +maybe +mayonnaise +mayor +meal +meaning +measure +measurement +meat +mechanic +media +medicine +medium +meet +meeting +megalomaniac +melody +member +membership +memory +men +menorah +mention +menu +mercury +mess +message +metal +metallurgist +meteor +meteorology +meter +methane +method +methodology +metro +metronome +mexican +mexico +mezzanine +mice +michael +michelle +microlending +microwave +midcourse +middle +middleman +midi +midline +midnight +midwife +might +migrant +mile +milk +milkshake +millennium +millimeter +millisecond +mime +mimosa +mind +mine +mini +minibus +minion +miniskirt +minister +minor +minorleague +mint +minute +mirror +miscarriage +miscommunication +misfit +misogyny +misplacement +misreading +missile +mission +mist +mistake +mister +miter +mitten +mix +mixer +mixture +moat +mobile +moccasins +mocha +mode +model +modem +mole +mom +moment +monastery +monasticism +monday +money +monger +monitor +monkey +monocle +monotheism +monsoon +monster +month +mood +moon +moonscape +moonshine +mop +Mormon +morning +morocco +morsel +mortise +mosque +mosquito +most +motel +moth +mother +motherinlaw +motion +motor +motorboat +motorcar +motorcycle +mound +mountain +mouse +mouser +mousse +moustache +mouth +mouton +move +mover +movie +mower +mud +mug +mukluk +mule +multimedia +muscle +musculature +museum +music +musicbox +musician +musicmaking +mustache +mustard +mutt +myanmar +mycoplasma +nail +name +naming +nancy +nanoparticle +napkin +narcissus +nation +naturalisation +nature +neat +neck +necklace +necktie +necromancer +need +needle +negligee +negotiation +neologism +neon +nepal +nephew +nerve +nest +net +netball +netbook +netsuke +network +neurobiologist +neuropathologist +neuropsychiatry +news +newspaper +newsprint +newsstand +nexus +nic +nicety +niche +nickel +niece +nigeria +night +nightclub +nightgown +nightingale +nightlight +nitrogen +node +noise +nonbeliever +nonconformist +nondisclosure +noodle +normal +norse +north +northamerica +northkorea +nose +note +notebook +notice +notify +notoriety +nougat +novel +november +nudge +number +numeracy +numeric +numismatist +nurse +nursery +nurture +nut +nylon +oak +oar +oasis +oatmeal +obi +objective +obligation +oboe +observation +observatory +occasion +occupation +ocean +ocelot +octagon +octave +octavo +octet +october +octopus +odometer +oeuvre +offence +offer +office +official +offramp +oil +okra +oldie +olive +omega +omelet +oncology +one +onion +open +opening +opera +operation +ophthalmologist +opinion +opium +opossum +opportunist +opportunity +opposite +option +orange +orangutan +orator +orchard +orchestra +orchid +order +ordinary +ordination +organ +organisation +organization +original +ornament +osmosis +osprey +ostrich +others +otter +ottoman +ounce +outback +outcome +outfit +outhouse +outlay +output +outrigger +outset +outside +oval +ovary +oven +overcharge +overclocking +overcoat +overexertion +overflight +overnighter +overshoot +owl +owner +ox +oxen +oxford +oxygen +oyster +pacemaker +pack +package +packet +pad +paddle +paddock +page +pagoda +pail +pain +paint +painter +painting +paintwork +pair +pajama +pajamas +pakistan +paleontologist +paleontology +palm +pamphlet +pan +pancake +pancreas +panda +panic +pannier +panpipe +pansy +panther +panties +pantry +pants +pantsuit +panty +pantyhose +paper +paperback +parable +parachute +parade +parallelogram +paramedic +parcel +parchment +parent +parentheses +park +parka +parrot +parsnip +part +participant +particle +particular +partner +partridge +party +passage +passbook +passenger +passion +passive +pasta +paste +pastor +pastoralist +pastry +patch +path +patience +patient +patina +patio +patriarch +patricia +patrimony +patriot +patrol +pattern +paul +pavement +pavilion +paw +pawnshop +payee +payment +pea +peace +peach +peacoat +peacock +peak +peanut +pear +pearl +pedal +pedestrian +pediatrician +peen +peer +peertopeer +pegboard +pelican +pelt +pen +penalty +pencil +pendant +pendulum +penicillin +pension +pentagon +peony +people +pepper +percentage +perception +perch +performance +perfume +period +periodical +peripheral +permafrost +permission +permit +perp +person +personality +perspective +peru +pest +pet +petal +petticoat +pew +pharmacist +pharmacopoeia +phase +pheasant +philippines +philosopher +philosophy +phone +photo +photographer +phrase +physical +physician +physics +pianist +piano +piccolo +pick +pickax +picket +pickle +picture +pie +piece +pier +piety +pig +pigeon +pike +pile +pilgrimage +pillbox +pillow +pilot +pimp +pimple +pin +pinafore +pincenez +pine +pineapple +pinecone +ping +pink +pinkie +pinstripe +pint +pinto +pinworm +pioneer +pipe +piracy +piranha +pisces +piss +pitch +pitching +pith +pizza +place +plain +plane +planet +plant +plantation +planter +plaster +plasterboard +plastic +plate +platform +platinum +platypus +play +player +playground +playroom +pleasure +pleated +plier +plot +plough +plover +plow +plowman +plume +plunger +plywood +pneumonia +pocket +pocketbook +pocketwatch +poem +poet +poetry +poignance +point +poison +poisoning +poland +pole +polenta +police +policeman +policy +polish +politician +politics +pollution +polo +polyester +pompom +poncho +pond +pony +poof +pool +popcorn +poppy +popsicle +population +populist +porch +porcupine +port +porter +portfolio +porthole +position +positive +possession +possibility +postage +postbox +poster +pot +potato +potential +potty +pouch +poultry +pound +pounding +powder +power +precedent +precipitation +preface +preference +prelude +premeditation +premier +preoccupation +preparation +presence +presentation +president +pressroom +pressure +pressurisation +price +pride +priest +priesthood +primary +primate +prince +princess +principal +print +printer +priority +prison +prize +prizefight +probation +problem +procedure +process +processing +produce +producer +product +production +profession +professional +professor +profit +program +project +promotion +prompt +proofreader +propane +property +proposal +prose +prosecution +protection +protest +protocol +prow +pruner +pseudoscience +psychiatrist +psychoanalyst +psychologist +psychology +ptarmigan +publisher +pudding +puddle +puffin +pull +pulley +puma +pump +pumpkin +pumpkinseed +punch +punishment +pupa +pupil +puppy +purchase +puritan +purple +purpose +purse +push +pusher +put +pvc +pyjama +pyramid +quadrant +quail +quality +quantity +quart +quarter +quartz +queen +question +quicksand +quiet +quill +quilt +quince +quit +quiver +quotation +rabbi +rabbit +raccoon +race +racer +racing +racist +rack +radar +radiator +radio +radiosonde +radish +raffle +raft +rag +rage +rail +railway +raiment +rain +rainbow +raincoat +rainmaker +rainstorm +raise +rake +ram +rambler +ramie +ranch +random +randomisation +range +rank +raspberry +rat +rate +ratio +raven +ravioli +raw +rawhide +ray +rayon +reactant +reaction +read +reading +reality +reamer +rear +reason +receipt +reception +recess +recipe +recliner +recognition +recommendation +record +recorder +recording +recover +recruit +rectangle +red +redesign +rediscovery +reduction +reef +refectory +reflection +refrigerator +refund +refuse +region +register +regret +regular +regulation +reindeer +reinscription +reject +relation +relationship +relative +religion +relish +reminder +rent +repair +reparation +repeat +replace +replacement +replication +reply +report +representative +reprocessing +republic +reputation +request +requirement +resale +research +resident +resist +resolution +resource +respect +respite +response +responsibility +rest +restaurant +result +retailer +rethinking +retina +retouch +return +reveal +revenant +revenue +review +revolution +revolve +revolver +reward +rheumatism +rhinoceros +rhyme +rhythm +rice +richard +riddle +ride +rider +ridge +rifle +right +rim +ring +ringworm +ripple +rise +riser +risk +river +riverbed +rivulet +road +roadway +roast +robe +robert +robin +rock +rocker +rocket +rocketship +rod +role +roll +roller +romania +ronald +roof +room +rooster +root +rope +rose +rostrum +rotate +roundabout +route +router +routine +row +rowboat +royal +rub +rubber +rubric +ruckus +ruffle +rugby +rule +run +runaway +runner +russia +rutabaga +ruth +sabre +sack +sad +saddle +safe +safety +sage +sagittarius +sail +sailboat +sailor +salad +salary +sale +salesman +salmon +salon +saloon +salt +samovar +sampan +sample +samurai +sand +sandals +sandbar +sandra +sandwich +santa +sarah +sardine +sari +sarong +sash +satellite +satin +satire +satisfaction +saturday +sauce +saudiarabia +sausage +save +saving +savior +saviour +saw +saxophone +scale +scallion +scanner +scarecrow +scarf +scarification +scene +scent +schedule +scheme +schizophrenic +schnitzel +school +schoolhouse +schooner +science +scimitar +scissors +scooter +score +scorn +scorpio +scorpion +scow +scraper +screamer +screen +screenwriting +screw +screwdriver +screwup +scrim +scrip +sculpting +sculpture +sea +seagull +seal +seaplane +search +seashore +season +seat +second +secretariat +secretary +section +sectional +sector +secure +security +seed +seeder +segment +select +selection +self +sell +semicircle +semicolon +senator +sense +sentence +sepal +september +septicaemia +series +servant +server +service +session +set +setting +settler +sewer +sex +shack +shade +shadow +shadowbox +shake +shakedown +shaker +shallot +shame +shampoo +shanty +shape +share +shark +sharon +shawl +shearling +shears +sheath +shed +sheep +sheet +shelf +shell +sherry +shield +shift +shin +shine +shingle +ship +shirt +shirtdress +shoat +shock +shoe +shoehorn +shoehorn +shoelace +shoemaker +shoes +shoestring +shofar +shoot +shootdown +shop +shopper +shopping +shore +shortage +shorts +shortwave +shot +shoulder +shovel +show +shower +showstopper +shred +shrimp +shrine +siamese +sibling +sick +side +sideboard +sideburns +sidecar +sidestream +sidewalk +siding +sign +signature +signet +significance +signup +silica +silk +silkworm +sill +silo +silver +simple +sing +singer +single +sink +sir +sister +sisterinlaw +sit +sitar +situation +size +skate +skiing +skill +skin +skirt +skulduggery +skull +skullcap +skullduggery +skunk +sky +skylight +skyscraper +skywalk +slapstick +slash +slave +sled +sledge +sleep +sleet +sleuth +slice +slider +slime +slip +slipper +slippers +slope +sloth +smash +smell +smelting +smile +smock +smog +smoke +smuggling +snail +snake +snakebite +sneakers +sneeze +snob +snorer +snow +snowboarding +snowflake +snowman +snowmobiling +snowplow +snowstorm +snowsuit +snuggle +soap +soccer +society +sociology +sock +socks +soda +sofa +softball +softdrink +softening +software +soil +soldier +solid +solitaire +solution +sombrero +somersault +somewhere +son +song +songbird +sonnet +soot +soprano +sorbet +sort +soulmate +sound +soup +source +sourwood +sousaphone +south +southafrica +southamerica +southkorea +sow +soy +soybean +space +spacing +spade +spaghetti +spain +spandex +spank +spark +sparrow +spasm +speaker +speakerphone +spear +special +specialist +specific +spectacle +spectacles +spectrograph +speech +speedboat +spend +sphere +sphynx +spider +spike +spinach +spine +spiral +spirit +spiritual +spite +spleen +split +sponge +spoon +sport +spot +spotlight +spray +spread +spring +sprinter +sprout +spruce +spume +spur +spy +square +squash +squatter +squeegee +squid +squirrel +stable +stack +stacking +stadium +staff +stag +stage +stain +stair +staircase +stallion +stamen +stamina +stamp +stance +standoff +star +start +starter +state +statement +station +stationwagon +statistic +statistician +steak +steal +steam +steamroller +steel +steeple +stem +stencil +step +stepaunt +stepbrother +stepdaughter +stepdaughter +stepfather +stepgrandfather +stepgrandmother +stepmother +stepmother +steppingstone +steps +stepsister +stepson +stepson +stepuncle +steven +stew +stick +stiletto +still +stinger +stitch +stock +stocking +stockings +stockintrade +stole +stomach +stone +stonework +stool +stop +stopsign +stopwatch +storage +store +storey +storm +story +storyboard +storytelling +stove +strait +stranger +strap +strategy +straw +strawberry +stream +street +streetcar +stress +stretch +strike +string +strip +structure +struggle +stud +student +studio +study +stuff +stumbling +sturgeon +style +styling +stylus +subcomponent +subconscious +submarine +subroutine +subsidence +substance +suburb +subway +success +suck +sudan +suede +suffocation +sugar +suggestion +suit +suitcase +sultan +summer +sun +sunbeam +sunbonnet +sunday +sundial +sunflower +sunglasses +sunlamp +sunroom +sunshine +supermarket +supply +support +supporter +suppression +surface +surfboard +surgeon +surgery +surname +surprise +susan +sushi +suspect +suspenders +sustainment +SUV +swallow +swamp +swan +swath +sweat +sweater +sweats +sweatshirt +sweatshop +sweatsuit +swedish +sweets +swell +swim +swimming +swimsuit +swing +swiss +switch +switchboard +swivel +sword +swordfish +sycamore +sympathy +syndicate +synergy +synod +syria +syrup +system +tabby +tabernacle +table +tablecloth +tabletop +tachometer +tackle +tadpole +tail +tailor +tailspin +taiwan +tale +talk +tam +tambour +tambourine +tamo'shanter +tandem +tangerine +tank +tanker +tankful +tanktop +tanzania +tap +target +tassel +taste +tatami +tattler +tattoo +taurus +tavern +tax +taxi +taxicab +tea +teacher +teaching +team +tear +technician +technologist +technology +teen +teeth +telephone +telescreen +teletype +television +teller +temp +temper +temperature +temple +tempo +temporariness +temptress +tendency +tenement +tennis +tenor +tension +tent +tepee +term +terracotta +terrapin +territory +test +text +textbook +texture +thailand +thanks +thaw +theater +theism +theme +theoretician +theory +therapist +thermals +thermometer +thigh +thing +thinking +thistle +thomas +thong +thongs +thorn +thought +thread +thrill +throat +throne +thrush +thumb +thunder +thunderbolt +thunderhead +thunderstorm +thursday +tiara +tic +ticket +tie +tiger +tight +tights +tile +till +timbale +time +timeline +timeout +timer +timpani +tin +tinderbox +tinkle +tintype +tip +tire +tissue +titanium +title +toad +toast +toe +toenail +toga +togs +toilet +tom +tomato +tomography +tomorrow +tomtom +ton +tongue +toot +tooth +toothbrush +toothpaste +toothpick +top +tophat +topic +topsail +toque +torchiere +toreador +tornado +torso +tortellini +tortoise +tosser +total +tote +touch +tough +toughguy +tour +tourist +towel +tower +town +townhouse +towtruck +toy +trachoma +track +tracksuit +tractor +trade +tradition +traditionalism +traffic +trail +trailer +train +trainer +training +tram +tramp +transaction +translation +transmission +transom +transport +transportation +trapdoor +trapezium +trapezoid +trash +travel +tray +treatment +tree +trellis +tremor +trench +trial +triangle +tribe +trick +trigonometry +trim +trinket +trip +tripod +trolley +trombone +trooper +trouble +trousers +trout +trove +trowel +truck +truckit +trumpet +trunk +trust +truth +try +tshirt +tsunami +tub +tuba +tube +tuesday +tugboat +tulip +tummy +tuna +tune +tuneup +tunic +tunnel +turban +turkey +turkish +turn +turnip +turnover +turnstile +turret +turtle +tussle +tutu +tuxedo +tv +twig +twilight +twine +twist +twister +two +typewriter +typhoon +tyvek +uganda +ukraine +ukulele +umbrella +unblinking +uncle +underclothes +underground +underneath +underpants +underpass +undershirt +understanding +underwear +underwire +unibody +uniform +union +unit +unitedkingdom +university +urn +use +user +usher +utensil +uzbekistan +vacation +vacuum +vagrant +valance +valley +valuable +value +van +vane +vanity +variation +variety +vase +vast +vault +vaulting +veal +vegetable +vegetarian +vehicle +veil +vein +veldt +vellum +velodrome +velvet +venezuela +venezuelan +venom +veranda +verdict +vermicelli +verse +version +vertigo +verve +vessel +vest +vestment +vibe +vibraphone +vibration +video +vietnam +view +villa +village +vineyard +vinyl +viola +violet +violin +virginal +virgo +virtue +virus +viscose +vise +vision +visit +visitor +visor +vixen +voice +volcano +volleyball +volume +voyage +vulture +wad +wafer +waffle +waist +waistband +waiter +waitress +walk +walker +walkway +wall +wallaby +wallet +walnut +walrus +wampum +wannabe +war +warden +warlock +warmup +warning +wash +washbasin +washcloth +washer +washtub +wasp +waste +wastebasket +watch +watchmaker +water +waterbed +waterfall +waterskiing +waterspout +wave +wax +way +weakness +wealth +weapon +weasel +weather +web +wedding +wedge +wednesday +weed +weeder +weedkiller +week +weekend +weekender +weight +weird +well +west +western +wetbar +wetsuit +whale +wharf +wheel +whip +whirlpool +whirlwind +whisker +whiskey +whistle +white +whole +wholesale +wholesaler +whorl +wife +wilderness +will +william +willow +wind +windage +windchime +window +windscreen +windshield +wine +wing +wingman +wingtip +winner +winter +wire +wiseguy +wish +wisteria +witch +witchhunt +withdrawal +witness +wolf +woman +wombat +women +wood +woodland +woodshed +woodwind +wool +woolen +word +work +workbench +worker +workhorse +worklife +workshop +world +worm +worthy +wound +wrap +wraparound +wrecker +wren +wrench +wrestler +wrinkle +wrist +writer +writing +wrong +xylophone +yacht +yak +yam +yard +yarmulke +yarn +yawl +year +yellow +yesterday +yew +yin +yogurt +yoke +young +youth +yurt +zampone +zebra +zebrafish +zephyr +ziggurat +zinc +zipper +zither +zone +zoo +zoologist +zoology +zootsuit +zucchini diff --git a/host/usr/share/dict/names b/host/usr/share/dict/names new file mode 100644 index 00000000..9bd0182e --- /dev/null +++ b/host/usr/share/dict/names @@ -0,0 +1,3947 @@ +charlestiger +silvergore-tex +changebutter +bonsaiscrew +pajamabuilding +roosterrainbow +dungeongender +tempergrenade +fronttadpole +slavecarpenter +schoolcreator +mimosapayment +heronmexico +airportjudge +cuticleemery +rubberflute +timbaleselection +jellyfishforgery +hyenarabbit +revolveramie +biologygasoline +detailprofit +increaseverdict +hamsterguitar +patiodiamond +dugouthimalayan +turkeypropane +earthcollision +fleshlyocell +cablekilogram +athletealgeria +trombonethrill +carpentercement +bumperbrandy +transportcover +stockingdollar +spainaddress +whalegrade +denimhalibut +watchbritish +custardberry +penaltysecure +beardpendulum +activitycurtain +octopustsunami +ferrynumeric +snowflakecomposer +sentencemaraca +patioelizabeth +buttonblade +dessertattack +pansydetail +trianglehandle +gliderpound +jameschristmas +scannergalley +pimpletrumpet +governorfridge +parcelcrime +aluminiumfather +epochrevolve +hyacinthparent +museumchina +powertramp +patiocapital +frameeight +buglemichael +sharkowner +chickmouth +dressgiant +glidingtitanium +lotioncyclone +swordfishspider +bongobarometer +hockeypants +signaturevalley +headlightalibi +sundialattempt +layerraven +advantagefloor +mexicokayak +balineseoxygen +goldfishrelation +witnesstoilet +anglefireman +chequecomma +offernotify +margaretpolyester +insurancemetal +copperlinda +metalselection +pastekettle +bomberdoubt +canoegore-tex +whaleturret +frownpatio +brownchime +porchincome +sailboatturnover +kitchencheck +shrimpairbus +secondeagle +pictureplayroom +timerbroker +libraroute +copyrightaustralia +patchwoolen +rutabagavelvet +cannonthought +tsunamikeyboard +africaprison +airplaneexhaust +bandanacover +polandcandle +trumpetscreen +bufferdeadline +asteriskdrink +susancongo +respectgliding +enquiryhammer +coughhacksaw +malaysiahardhat +kayaktendency +peonydanger +separatedgearshift +desserteurope +shovelalmanac +lotioncabinet +airshipseashore +believeblinker +tortoiseapparatus +saturdayverse +chimefebruary +umbrellaquince +mosquepuppy +signaturecarnation +pantyslice +routercornet +nephewpassenger +georgefriday +locustgerman +screenfedelini +expertscorpio +trainswimming +comfortsundial +scarecrowradiator +kilometerrayon +poultrycreditor +februaryproperty +lungehacksaw +grillfibre +jumbosociology +bonsairainbow +equinoxfibre +coffeeinput +caravanshade +communityporcupine +sycamorelaugh +browngender +tradevacuum +troubleairport +pastepizza +octobersugar +reportmaraca +routenitrogen +helmetgemini +rocketpayment +ostrichknickers +inputbankbook +staircaseprofit +wristcrayon +blacksuede +objectivepackage +mailboxmailman +printshrine +octagonformat +almanacrotate +boardgeology +alibicello +willowmotion +radioclaus +wednesdayboard +microwavewitness +tuliptongue +xylophoneequinox +ronaldhearing +teethtempo +buttonattention +eggplantcredit +regretarcher +scorpionolive +crimecaptain +joggingspade +creamdeadline +jasonmusician +blacksparrow +hobbiescancer +aftermathpheasant +quicksandmiddle +brokerforce +kevinspain +cornetsidecar +brickselect +spherepillow +sharkhelen +pockettyvek +repairfrench +studycommunity +bladderlawyer +riverbedforecast +continenttuesday +laborerpressure +arrowquiver +larchcherry +whorlradiator +scarfboundary +partnersidecar +coloncloudy +dipsticktramp +vesselsandwich +salesmanlawyer +reductionmargin +quotationgender +mousewindow +secretarydentist +guidespandex +batteryweasel +banjorevolver +glassdorothy +elbowheron +africasandwich +kittynumber +japansoftdrink +bargecellar +bricktreatment +pyjamadrake +eggplantcrocus +templedoubt +francenapkin +wealthfactory +titaniumjourney +galleyclimb +bettysoftball +propanehardcover +doubtsausage +cupcakebowling +fighterseason +paymentquart +eyelinerbrick +manageracoustic +michaelsoldier +wristfriction +currentteaching +humorsociology +sneezeapparatus +underwearbirth +spinachbookcase +cattlespinach +touchcopper +octavehardware +copyrightlinen +processpantry +birchnapkin +downtownmacrame +typhoonargument +daisycello +relishfootball +disgustadvantage +diaphragmmeasure +doctorchildren +offenceoutput +meetingweapon +spherestation +portercylinder +piscescougar +dinnerfather +foreheadtsunami +optionnerve +whitequarter +marriedcough +quivercanoe +larchstomach +woundspain +forestwoolen +ministerfreeze +cookingkorean +treatmentdamage +shamecurrent +gardenknife +bladdergraphic +tankershelf +grapemechanic +bombercarrot +fedeliniwalrus +holidaywhite +supportriverbed +businesseggnog +captionevening +rangelotion +sparkvault +sausagemexican +colombiaorder +oliveacoustic +tadpoleslice +footballgoldfish +snowstormchinese +saturdaybalance +fairiessusan +directioncloudy +belieftreatment +butcherspring +marginsense +activechurch +clavesurname +decadetrowel +tempometal +buildingattempt +peacenight +railwayjudge +celerybrian +footnoteagreement +kettlegiraffe +geometrysaturday +lyocellbathtub +francebuffet +spearcattle +relativeshrimp +lycradigger +creditorrevolve +carrotpolice +tulipmosquito +kilometerdiploma +scrapertrial +cycleoctopus +pasteprose +printearth +smellkevin +flutemountain +marchkidney +typhoonstool +salmonmemory +statesurgeon +bronzedirection +handsawradar +crushexpert +trafficsturgeon +grasscomic +freezethought +dragonflylobster +luttucewrench +notebookporch +faucetbumper +systemscience +singerliquor +swimmingenquiry +tornadoteeth +partybakery +thronesquash +bassoonnotify +flavorpotato +rainbowscent +bookleteffect +pantryitaly +layerromanian +graphicavenue +meterslope +riddleslime +chineseshrine +ganderfragrance +teachingblack +magazinecalendar +servantorange +graincurler +carriageplaster +reportblowgun +sproutpeony +creditorinnocent +communityapparatus +editorpaper +featurereading +gazelleindia +routeattempt +sprucepuppy +equipmentglass +sleetcrack +cannonregret +capricornnigeria +surnamebench +dentisthedge +swedishaddition +mouseexpansion +firewallindustry +librallama +flaredecade +prosesquash +clippersubmarine +witchturnip +forecastlunge +inventionlunge +josephshallot +mimosacable +snowflakeharmonica +rewardposition +octavemedicine +circleasphalt +beechgymnast +conditiontimer +pantyhoseforehead +skatebrush +screenpromotion +playroomswamp +brasscannon +clarinetmailman +cameldiploma +wheelsquare +creammeter +michellepackage +noveldiploma +malaysiabottom +aluminumsingle +plaincamel +turkeyhimalayan +inventorycharacter +blowgunturnover +lunchroommuseum +vacuumathlete +kamikazerifle +clausweight +visionvision +networkplatinum +chicorymother +engineclarinet +treatmentoffence +bobcatturtle +exhaustmicrowave +snowplowprotest +dipstickguarantee +successrespect +afternoonpurple +smellknowledge +gradeeyebrow +leatherbarbara +chimeweight +eyelashrutabaga +dinghyproperty +postboxaccount +squarebattery +gore-texcomma +marchquicksand +brazilcucumber +securerailway +kenyaverse +weederitalian +frontbrian +selectionhandicap +squareweapon +licenseasterisk +flarecommunity +step-sonbaseball +toastmimosa +ceramicstopsign +heroncolon +snailskirt +congabreak +dieticianbeginner +cabinetrainbow +tyvekceleste +basketpoliceman +spiderlimit +chemistryfight +buildingdredger +benchplaster +oysterattic +networkpowder +servantzipper +saturdayflute +laundrycrocus +spoondryer +otterguarantee +livernoodle +designpigeon +cloudcraftsman +protocolgallon +britishpyjama +ocelotcrocodile +fendercartoon +digitalbehavior +limitsword +bumperbasket +americaexchange +placecatsup +cathedralalphabet +incomeshorts +wealthactivity +forecastparsnip +ministertortoise +swisserror +signaturesamurai +stampspeedboat +c-clampbulldozer +peanutindia +reductiondeborah +rugbyeyelash +euphoniumbrandy +matchstove +watchattention +basementhandball +commandapril +hedgedetective +separatedcolon +smellswing +currentflame +clutchferry +bloodcushion +stockliquid +odometerchristmas +napkincough +porcupineresult +clutchsalad +relativeskiing +saxophonedresser +readingdamage +goslingbrush +waterfallspoon +glidingwallet +cocoacotton +shouldergovernor +chillincrease +supplymessage +footballgrandson +heightsudan +collegestatistic +pilotornament +novembersusan +clothgroup +susanmaraca +hardwarelimit +treatmentlunge +badgerrotate +refundbandana +ostrichlightning +prefacepostage +drakeauthority +captionnigeria +barberbumper +radishskiing +quietporter +teethraincoat +fedeliniactor +jellybeaver +frameshake +employeehobbies +asparagusbrick +shearstreatment +davidswimming +herringpoint +pleasuresalad +breakdiscovery +waiterthrill +giantmilkshake +daughteroxygen +pendulumbirth +clarinetchill +novelcondor +magazinealibi +ouncedimple +scentpressure +skillspeedboat +novelbagel +umbrellariddle +frenchcatsup +riflevessel +processskate +sweetsvacuum +shampoocreator +passiverepair +bubbleprofit +rowboatdollar +earthbonsai +aluminiumcharacter +racingsubway +viscoseharmonica +ministerbrush +footnotefriday +agreementforehead +helenexpert +professorsuccess +mercurygeography +deathfight +chillvessel +quarterwitch +incomealcohol +armchairfemale +methanesleep +octavedorothy +pilotfeedback +valuespoon +lunchauthority +revolveapology +emerynewsprint +rubberdesert +floodlunchroom +spooncapricorn +islandrubber +authoritycelery +saturdaypenalty +businesscouch +cirrusorgan +periodnotebook +adviceshrine +waterfallgrowth +capricorntimpani +wealthrelish +brothercarbon +macaronigliding +powderleopard +invoicewhiskey +clockkarate +goslingdeficit +deadlinelatex +nursecuban +separatedjapanese +cricketpenalty +thingpotato +swallowwomen +glidingraven +powderex-wife +seederfedelini +candlecowbell +snailgazelle +step-auntaccordion +burstapparel +cheetahcongo +karenposition +armenianrooster +pencildancer +employerchocolate +burmaalbatross +clockcarrot +burglardomain +forestargument +tenorfaucet +enemynylon +nitrogendisgust +christmassoftball +mexicanscanner +desiredatabase +lentiltaurus +pyramidstone +effectswimming +courseacoustic +hourglassgrowth +marketdiscovery +cardiganyacht +tyvekstinger +graphicwhistle +handballchance +wristbeast +ethiopiastomach +croissanttaste +cinemaplywood +learningpuffin +chesspruner +backbonecattle +batteryarmenian +pricesurfboard +carnationcopyright +mittensuede +dramacircle +activedashboard +scheduleathlete +closedelete +kittencabinet +good-byemimosa +insectsalesman +bottledrama +meterseptember +hydrofoilrowboat +slopesushi +coastmarble +robertorder +cloudyjoseph +zebramouth +levelthought +mechanicpumpkin +kettlegrass +scienceriddle +radarjennifer +basketchicken +creamnickel +shieldbucket +michellefield +radiatorchocolate +revolvernylon +shortsfreon +bottomchance +dreampancreas +kendobanana +handballtrapezoid +euphoniumproperty +crackhearing +spinachbalance +housetimer +oysterjustice +linenmaraca +braceacrylic +zebraknowledge +needlepoint +legalrevolve +bathtubdress +drainsearch +balancecommand +liquidbanker +magicmaple +supportsneeze +marblecrocodile +stingerorange +accountdegree +freongliding +thailandfriend +freezerwallet +plasterronald +policefriday +garagetyphoon +alarmcollege +targetkamikaze +larchnumber +childrenpatio +keyboardradish +attentionpeony +effectburglar +castanetfeature +heavenukrainian +databasetwilight +mountainsister +postagecentury +witchcollision +knowledgemouth +temperceleste +prosebaseball +waterfallmailman +memoryankle +clothapple +exhaustwaste +belgianmattock +queenlipstick +threadrefund +mailboxmotorboat +daffodilviola +snailprocess +gearshiftseaplane +walrusfebruary +featurerayon +quarterelephant +schoolpastor +mimosaporter +breadglider +shamesanta +turnipreading +multi-hopintestine +glassbarber +preparedviolin +kettlecrime +fireplaceadapter +inventorybuffet +kittenbelief +elizabethtyphoon +postagepostbox +raincoatfootnote +softballmailbox +stretchliquid +francelevel +impulsecurve +innocentpumpkin +puppymirror +brandyillegal +quotationchess +climbschedule +discoverysusan +medicinediploma +thailandhardcover +cucumbernylon +freonghana +aardvarkdietician +draindesire +cloakroomprison +romanianblade +ashtrayshadow +visioncinema +nationprofit +crocusspring +kevinpants +feedbackpatio +popcornquartz +twilightbanker +storeagreement +dahliabiology +dieticianinsurance +hygienicraincoat +elizabethpizza +microwavescent +vaultbalance +notifycolon +epochpicture +animalchannel +deathcobweb +sheepmaple +semicolontanker +sproutbranch +edwardpaint +earthshoemaker +servergeometry +journeywheel +brazilarmenian +deborahcarriage +systempassbook +routearmchair +platecatsup +budgetstinger +bageleditorial +lathepropane +chainlumber +lumbercroissant +sausageshorts +giantchain +breakdistance +eyebrowpanther +babiescormorant +plieraluminum +curlerdaniel +parsnipbritish +septembersweater +radarcloud +ptarmiganturkey +operationchive +creditorbedroom +bucketcourse +clippermarble +ariescracker +velvetspeedboat +purpledeficit +ambulancehydrogen +driversushi +titlesatin +dugoutoctober +trouserscolumnist +dahliaattic +snowstormramie +athletethread +steeldigital +silveraddition +industryfender +buzzarddipstick +writerbroccoli +snowflakecelsius +denimnumber +birthshoemaker +beardmarch +sushilyric +sharkstation +policegarage +algebrahalibut +frontconsonant +languagewrecker +softballbadger +leatherbetty +garlicgender +giantlyric +asparaguswater +craftsmandistance +croissantladybug +scarecrownewsprint +pencilteeth +elbowstock +edwardbrazil +decademustard +birchacrylic +riddleporter +badgechauffeur +liquorghost +roastathlete +hydrantwrench +salmonexpansion +softdrinkkaren +skirtpromotion +cornetanthony +kittydrain +chinaapology +birchseeder +appliancesardine +napkintaiwan +priestquicksand +avenuewaiter +mimosatrunk +sphynxchalk +measurecolor +thursdayptarmigan +pollutionschool +clientprose +guitarhalibut +plantafternoon +dorothybrown +journeyfactory +viscosechain +rhythmscience +timerrefund +congobacon +squiddeficit +skillswordfish +skatesteel +bangleinput +orchestradorothy +reactionmulti-hop +rutabagafurniture +flameronald +actorcredit +condorronald +euphoniumsmash +accordionafternoon +seaplanenancy +mailmanrevolver +reindeerrailway +tablepound +pantsbronze +michellepilot +trampsugar +footballlettuce +circleground +employerstreetcar +numbercheese +theorybabies +australiaplane +quotationplace +ex-wifequiet +shapeincrease +handballcharles +branchguide +violincanvas +familyaugust +crayfishcompany +laughmeasure +perchliquid +bedroomincome +mittenvacation +februaryscorpion +japanpassenger +employeeground +judgetenor +conditionchauffeur +englishtwine +birchbutter +refundmistake +phoneaccordion +alloywrist +valleygliding +clockcourt +tradesurname +reductioncaution +pimpleclarinet +equipmenttexture +geesediamond +elementsemicolon +trafficporter +deficitfired +letterfortnight +burstcolony +novelchange +saucecracker +marketwasher +selectionbracket +shoulderdeborah +ellipsecopyright +denimastronomy +surprisecrown +locustturkish +zipperbrick +partridgesemicolon +stormsemicolon +secretaryjennifer +intestinecornet +fedelinisupport +writercough +divingblack +growthtrick +deficitrepair +wrinklegauge +classcomma +divorcedspade +trailfront +networkcream +frownbrochure +garlicdrawer +trumpetstock +beavertrouble +exchangemichelle +farmercover +adaptergoose +latexapparel +edgerstretch +thoughtquality +firemansession +berrycomfort +cancercolon +pastrystructure +marbleblanket +dentistcocktail +scenelicense +kenyabengal +questiondebtor +actionplant +jeansbassoon +damageoption +frameattack +mouthselect +bicyclediaphragm +divingsquirrel +switchjapan +recessillegal +comichurricane +turnipsoftware +hygienicjaguar +kennethvietnam +brianpamphlet +latencyclave +collarcymbal +rainboworgan +yellowcaravan +equipmentedger +fairiesbegonia +illegalappliance +routersurgeon +handlestation +badgelipstick +reportframe +soldiertexture +knowledgesandra +addressalphabet +harmonicaaftermath +gaugebrand +georgegosling +editorsupport +custardattic +reasonantelope +drakeshrimp +tradeappeal +driveoffice +morningmyanmar +cylinderpoison +fedelinizoology +vegetablevelvet +graphicchair +surgeongeranium +antelopeshoemaker +cupboardbassoon +handsawbudget +knifegymnast +mouthvalley +guiltyhydrofoil +heavenblack +startlathe +edwardterritory +odometerlobster +magiciannumeric +nylonobjective +smashdowntown +perchgateway +pendulumaccount +chemistrytreatment +bloodpollution +turkishbrian +ladybugsalary +authorsoprano +familyadapter +seagullalarm +periodtrunk +companygrass +jumperrouter +halibutbronze +optionelbow +reporttenor +airplaneblinker +kenyagrape +jewelclick +lentillevel +sweatshopkimberly +eagledimple +jamessampan +mexicansundial +partnerbrazil +romaniahelium +thrillharmony +mirrororchestra +subwayschool +mailboxravioli +secretarycloth +frownconifer +cicadapeanut +tankersword +sleepniece +recessschedule +healthdashboard +plywoodmagic +captionbasket +cucumbertraffic +pimpleairport +limitadult +customerbooklet +flowercement +diamondcandle +monkeyfender +romanianstinger +leopardlanguage +pajamaknowledge +arrowcricket +coverbomber +cartoonclass +fieldpiano +stevenwhite +badgesecurity +galleystamp +hexagonfisherman +timerchinese +dragonminute +slicereaction +hardboardnoise +dinnermosque +peanutopera +propanestation +diggerwinter +eggnoggirdle +milkshakearmenian +italiancooking +revolvetrain +languagefactory +textbookpreface +blinkerblock +pepperbeauty +eggplantheadlight +daffodilbeach +pantherwitch +michaelsword +alleycousin +indiachina +softballfrench +agreementcough +moustachehumor +forecastcloth +rocketprison +actresssilver +libradugout +beautyocean +sweatshopswitch +celsiusfeast +pepperskill +curlerreligion +cymbalbangle +mustardethiopia +ankleclimb +coughtower +sturgeonjelly +cautionchina +aquariusbankbook +stopsignperch +slicecreek +sprucezephyr +utensilcarbon +creatorsmash +tableprison +operationdeadline +rewardpantyhose +decreasehydrant +cookingairmail +frecklepurple +castanetellipse +shinglecamel +hurricanecousin +feastshingle +planetaccount +steeldolphin +ballooncheek +glidingshears +sheepchest +platinumrepair +bronzesundial +entrancecopyright +snowstormclock +gorillanylon +sunshinedivision +tortoiseharbor +tailordecision +dahliadowntown +thoughtintestine +cyclecolumn +bridgedahlia +cautionspinach +tabletopbrake +refundkeyboard +subwaybarge +carnationbladder +rabbirutabaga +cemeteryrussian +sparkthomas +bamboohardcover +michaelproduct +downtownsiberian +professorwasher +uncleshoemaker +colorbucket +wrenchbrake +decisionviola +climbgoldfish +closetplanet +elementbillboard +windowwrinkle +groundpoliceman +butanemattock +frictionvoice +dredgersurfboard +accordionbadge +canoebillboard +fridayslipper +middlecalendar +bombersilver +answerisrael +daviddrake +enquiryaluminium +scissorsstage +davidstatement +butchersmoke +aprilemployer +hardboardpheasant +downtownchime +kenyapigeon +hospitalcotton +offencequail +fatherclave +salmonamerica +dipstickwinter +bookcasedeposit +clipperdredger +defensepurpose +lentilceramic +rutabagaviolet +alibidefense +paintsilica +backboneclimb +saturdayanime +passivebasin +yachtwrecker +ferrycommittee +musicianspinach +asparaguspyramid +feathercheetah +vesseltanker +prosebrass +rocketyogurt +propertysoybean +collarplaster +startshovel +messagecello +thumboctave +diggerrecord +shapeargentina +chequevessel +peacebarometer +laughsuede +committeestamp +skiingshrine +crookcartoon +swallowcousin +apparatusinventory +successcougar +alarmantelope +nitrogenmanicure +typhoonbeggar +radarraven +nationdietician +trainheight +aquariusbutcher +angorasunflower +baseballstarter +ketchupmichael +structureostrich +crackskate +shellbadge +mistakepocket +stormmustard +bonsaistreetcar +aardvarkcommunity +packageorchid +directioneyebrow +whorlperch +systemcurtain +wednesdaymailbox +pumpkinreminder +requestbrochure +plastercroissant +refundbudget +fathernumeric +effectcardigan +canoecapricorn +wedgecandle +epochpepper +popcorndivision +turnoversubstance +headlinegallon +edwardsnowstorm +thingkilogram +childrensauce +middlestudy +aardvarkshark +cornetstatement +dieticianmouse +kilogrammallet +platescissors +courtshingle +lilacdistance +newsprintsegment +pyramidmustard +badgeskill +weederillegal +benchdenim +sweaterplier +innocentcontrol +budgetchristmas +jasonchristmas +sheetrutabaga +bomberpancreas +creaturedisease +ceilingcreature +securebamboo +chickcolumnist +tankerclipper +ramiechalk +libratyphoon +vaultshampoo +prefaceformat +serverminister +childanswer +museumukrainian +sharontheater +swingequinox +nancycatamaran +metalbankbook +marimbacentury +piccolomotion +clockdigger +buffereurope +successshark +reductioncustomer +vacuumdomain +sidecarmotion +englishbasement +salarysweatshop +sandrakilogram +commandbaker +appleoctagon +gaugecloakroom +glassbalinese +actorfired +gradeemery +olivesoprano +jumbolawyer +narcissusutensil +producenovember +secretaryairplane +discoverystore +inputproperty +trapezoidpropane +decisioncongo +fightscene +sweatshopcobweb +cupcakescrew +grapelilac +chiefnovember +receipttoenail +chesshydrant +parrotlaundry +signaturefrown +cirruscatsup +dresserblanket +trombonecrime +asphaltwhiskey +weightmagician +shellfeedback +throneprinter +flowerastronomy +storyrobert +josephcement +geesemarimba +yogurtclave +sopranodessert +germanwaitress +cottonweeder +shirtbathroom +narcissusstick +groupcathedral +dreamstranger +pastortrial +davidpaperback +cougarvirgo +recordturkish +rangetooth +vacuumoxygen +mirrorlinen +soybeanlibra +softwareradar +emerycrack +capitaldebtor +catamaranpolice +scallionsecurity +hallwayexpansion +cousinclaus +cylinderreason +harbordavid +shearsstomach +airportfather +kitchennight +doubtapparatus +ferryarrow +dibblesegment +tanzaniamissile +pancreasvision +beggarpriest +calculuscucumber +suedechicken +diggerriver +signaturemosquito +joggingdamage +effectbarbara +limitthrill +manicurecrown +centuryjelly +seaplanestaircase +penaltycooking +policemanegypt +beastrefund +attentioncushion +collisionsampan +humorvalley +skiingmargin +backbonegorilla +jameshistory +chickberry +titledesert +hamsterdredger +prefaceattic +relativeeditor +sweetschannel +crayonimpulse +frenchhumor +violetbritish +carolchurch +hardhatshorts +cockroachspark +whalespeedboat +pollutioncherry +brothercrown +raincoatdecision +septembertendency +willowdesire +lobstervinyl +carbonstep-son +sweatersoftball +shrinecelsius +cloversturgeon +passivelocket +daviddesign +selectionoperation +utensilairplane +accounttower +moustacheturtle +coveranger +northcemetery +glidingantelope +kittydivision +maracashrimp +herondrawer +goslingroute +stingershame +postboxvietnam +smokecrayon +cloudground +middlealcohol +continentgazelle +applecustard +goldfishattic +handballhexagon +chessmistake +grainmorocco +orchidpencil +pyramiddetective +diplomaegypt +brakemercury +guiltybehavior +mandolinnovel +eggnogfireman +shovelwitch +ounceaccordion +mercuryburglar +gymnastmother +harboranime +bakerysinger +blackbrain +kevinskill +yellowsilver +marbleflame +polanddaffodil +bronzespring +womanproperty +sidecarsprout +radiatorestimate +pakistanoxygen +quillsaturday +featherhelen +orchestraniece +kayaktoast +birthdaybronze +nephewhistory +condorjanuary +creditorchannel +almanacdesire +cirrusbiplane +brickcello +willowshare +quartzronald +cheeseglider +pandasnowflake +coursechick +domainarmenian +planebacon +marginoyster +currentcroissant +footballargentina +swimmingstraw +dressingbrother +vacuumhyena +americabeaver +porchpackage +blowgunvisitor +writercello +bladderroute +radiounderwear +potatohistory +titaniummagic +brazilweapon +dressflare +clothdigger +middletemple +crayonwinter +factoryattempt +hallwaybranch +giantptarmigan +troubletaste +sweatshoptyphoon +customerrespect +singledigger +authorrespect +siberianpriest +countrydecrease +nervegauge +handleerror +chickendigger +canadiandelivery +shapechalk +litterxylophone +seaplanesword +barbaraseaplane +mercuryhimalayan +algebramirror +clockwhite +ploughguilty +honeythistle +receiptwilliam +feastfootnote +grapeparent +waitereight +zoologyvinyl +frenchbomber +sudantrail +donnaacrylic +wedgecarrot +mechaniccomic +geographyfeather +noisefield +motherblouse +februarygender +visioncommittee +selectioncello +sailoreight +fatherappendix +frictionblinker +septemberwhiskey +routesphere +helenapartment +rubberreason +separatedcamel +sphynxbackbone +sheetdrink +jellydress +inventorythrone +lathemichael +pendulumblizzard +birthdayexchange +emerynancy +banglecattle +decisionbanker +voyagepuppy +rowboathardware +ornamentforehead +truckthumb +enquirycheese +turnipblowgun +arieswhite +nephewquiet +numericoption +napkinmicrowave +characterbaboon +uncleorder +moustachewater +thursdayinvention +angletarget +stationshovel +activeangora +fleshconga +sudanpheasant +musicianschedule +actorrotate +appealpakistan +purposesideboard +bathroomrevolve +insuranceeyebrow +tellerraincoat +powdercircle +collegegoose +drainmarble +commandhamster +thursdayfisherman +malletteaching +deliverymethane +mimosacarol +nursecloakroom +grousepantyhose +rewardcoast +commanddrizzle +kittydashboard +heavenbutter +diseasepromotion +drivercrocodile +ticketgarden +lyocellpickle +wreckerleopard +lasagnadonald +aprilarmchair +sugarsearch +cougaraustralia +moroccofridge +startquart +pantrysalary +badgerchauffeur +hamburgerlaugh +lunchapparatus +indexchain +congoavenue +phonegarden +butcherbugle +decisionslime +locustcoast +retailermanager +statevoice +sistercousin +roastpopcorn +mouthlotion +locustmacaroni +climbadvice +turretcrate +cyclehedge +soccertemper +donaldrichard +cautioncomma +softwarechina +clausraven +diaphragmbladder +digitalsneeze +canadianreading +locketspade +sunflowerapproval +sweatshopdefense +skatestory +thistlejapan +litterramie +herringwindow +missileminute +structurestep-son +revolverhydrogen +heavencrate +jumperdrake +sweaterpentagon +soybeancreature +crayfishdonna +washerchicory +haircutscarecrow +luttucebrake +dungeontwine +estimatebrother +broccoliravioli +angoraalcohol +camelwrecker +custardtenor +twilightconga +frictionnephew +chairgoldfish +hacksawsubmarine +sarahrichard +japanknowledge +latencyrhythm +chivepyramid +oxygenhobbies +bakeryspark +laundrysampan +ownertyphoon +croissantdredger +turtleladybug +thoughtmandolin +troublequilt +raincoatmailbox +kittystocking +damageflame +gardenbulldozer +printercrown +calculusepoch +wallabycontrol +bowlingticket +armeniantrapezoid +interestbeast +fibrewhorl +eventlocust +odometersunshine +blizzardpropane +ceramicgirdle +gondolatitanium +cloverprice +ghanabicycle +liquorjellyfish +eyebrowcreek +bandanapilot +volcanoclimb +shampoosardine +screwdrain +chocolatecolor +poppyaries +animalmarble +stickhedge +balancejogging +cockroachopinion +seederverdict +separatedshelf +grassglider +dungeonpeanut +toenailoutrigger +hospitalkimberly +turkeyfather +operaengine +mattockaccordion +baseballadult +birchtitanium +baseballnoise +grapeswallow +vegetablechest +landminebubble +satinsquare +familybrian +skiingcoast +squidsoprano +buzzardpassbook +deathlinda +quietmiddle +smokeoctagon +secondimpulse +skiingintestine +messageoctober +babiestextbook +snailmachine +workshopasterisk +cemeteryquestion +macaronisleet +uncleagreement +reindeershelf +pyjamaparent +decreasegerman +crawdadwasher +supplyrichard +ouncesarah +pigeonapple +drillselection +bicycleramie +chessjourney +eventclover +hygieniccamel +prunercemetery +cricketsteam +physicianhexagon +celeryindia +expertcontrol +argentinapaper +bladegasoline +cardboardtexture +floorgasoline +asphaltlight +botanycarnation +bomberswiss +friendhalibut +diamondhydrofoil +octopussidecar +franceclient +octopushockey +pastoremployer +saucepencil +comicinvoice +nigeriarange +guiltyankle +pricefelony +authorrichard +scalebattery +skirtpolice +romaniadaniel +pointwrinkle +animalimpulse +ukrainiannephew +scarecrowtrombone +chimecicada +romanialunge +ornamenttrout +partyfortnight +eggnogquestion +peacefaucet +nightwednesday +cherrysneeze +ravendeborah +coachradar +hedgebattery +cheesetreatment +ikebanajeans +ladybugeuphonium +badgerliver +pansysingle +lizardbabies +postboxplatinum +eyelinerberry +antelopeleopard +screwmanicure +priestjellyfish +tightsmonth +lightningperfume +liquorscorpio +hubcappyramid +squidmorning +enemyreminder +ministerturret +nationroadway +ravenpickle +racingstate +foresteffect +turnipcuban +lathemanager +churchhandball +groupcondor +lyocellsweatshop +fighterbranch +threadsteven +humidityvolcano +karenspandex +bathtubdamage +barberforgery +drinkceramic +faucettimpani +oliveapartment +heavenvault +checkequipment +hardwareinterest +separatedgasoline +attemptblanket +indextrumpet +controlsecure +georgerooster +textbookslave +greenwinter +randomthumb +violetmilkshake +eggplantpurpose +shellpeanut +flowersecure +middlebarge +numberdollar +layerpackage +gymnastwaitress +canoewaitress +oxygenperson +thrillflame +zephyrstate +washerseaplane +chequedigger +kayakbelgian +tanzaniapartridge +swedishcable +notebookdrizzle +lasagnapromotion +parcelforgery +needleslime +stitchbagel +knickersantelope +footballanthony +liquidtimer +ethernetgrease +zebraskill +jellyfishopera +valuemascara +camelbelgian +strangerbooklet +snakefeedback +stingerformat +englishegypt +cactuslyocell +clockalbatross +cocktailbabies +bangledrill +jellyfishswordfish +internetmicrowave +quillyellow +organdinghy +thunderplane +couchaugust +tom-tomanime +hydrantattic +greenblock +gazellesoftware +plastermalaysia +geologycartoon +statementbumper +woolenconsonant +velvetchemistry +successviolet +signatureaction +wallabygrandson +lizardrussian +coughhardware +womanadapter +objectiveinventory +stopsignearth +framevalley +karatehoney +canoeaddress +harmonicacheese +ticketpatch +engineerdavid +eightbucket +hamburgerhexagon +alleyairmail +selectionaugust +judgejames +quartzcrack +spandextwist +weederliver +successex-wife +illegalhimalayan +hardcovervinyl +sushicouch +witchdiscovery +pancreaslatex +bamboobattle +magicianskill +armadillobritish +cymbaleagle +buzzardtom-tom +behaviorsystem +turtlemilkshake +lemonadepamphlet +donalddefense +flowerteacher +mistakeslice +objectiveattempt +capitaldatabase +stateprotest +jennifergrowth +handlebritish +jeanshobbies +slopemethane +professoruncle +silverlyocell +crayonneedle +francekendo +heronairplane +pounddimple +fridgesoftball +tsunamiactivity +troutharmony +purchasebutane +stagecolumnist +skateberry +romanianbagel +storerange +croissantcrate +protestgateway +detectivekangaroo +polyesterchick +fleshkohlrabi +riverpancake +questionbench +argentinachicory +flaresupply +norwegianpartner +mexicanbarbara +checkbrochure +coachpantyhose +larchdungeon +toothhexagon +passivearmadillo +dentistindex +reasonoctopus +secondadvantage +sweaterswallow +porchbiplane +heightswitch +brassniece +femaledream +notifypilot +statementjudge +fieldfather +diaphragmgrandson +bonsaiscanner +bufferjumbo +myanmarfifth +circlecurtain +toastcopyright +woolencherries +pocketbakery +shadowpromotion +vacuumlaugh +nightstreetcar +recordnotebook +magicianobjective +chardexpansion +crackflare +blousealuminium +capricornwhiskey +mirrorpatch +apartmentbrace +bottomaluminium +substancepressure +apparatussecretary +ukrainiansecure +roadwaynepal +answerhubcap +juicewheel +spaghettiethernet +gladiolushardboard +ukrainiansentence +donkeyemployer +beggarparrot +zoologyalphabet +policemanoctopus +leathertemper +basementclient +postageviolet +ladybugfreon +sentenceparty +batteryptarmigan +memoryfiber +shaperussian +amusementparent +japanesesiamese +elementvacation +aftermathaftermath +columnistgoose +transportstove +networkbronze +butterlatex +lunchgemini +apartmentspark +trafficequinox +employeecanadian +tugboatcontrol +cancerpantry +sciencethistle +letterbanana +fatherhedge +lyocellasparagus +ugandasheet +employersecure +patientcouch +workshopparticle +femaledatabase +willowgreen +whalecrocodile +quivertrumpet +thoughtwillow +airbusjapanese +kamikazealphabet +edwarddiscovery +courtclaus +meetingenquiry +beretplanet +pepperreceipt +theorysalary +pointmarimba +missilenotebook +spikepentagon +gorillaex-wife +williamchief +scissorsdaisy +noisemissile +cherryburglar +skatefield +searchborder +womandance +dinghybranch +swingwriter +argentinamichelle +causeweather +radishbiology +linensquash +vinyloutrigger +outputsurfboard +anteaterumbrella +captainpakistan +bankerspark +quicksandepoch +consonantground +networktrombone +pantrypartridge +objectivepolice +fighthospital +roastsardine +gazelleviscose +debtorairship +bangleplayroom +wedgestate +dungeonarcher +washerdonkey +versesquirrel +bookcasepiccolo +templelocket +crooktraffic +nephewchord +coniferstore +pricebuilding +beginnerspleen +stormtsunami +weaponcoach +airshipcactus +hospitalpound +quailvirgo +brotherprose +effecttimpani +asphaltroadway +crackbanjo +spongeweapon +visitorelizabeth +belgianmarket +dragontitanium +spainsquid +insectchina +walrustanker +divisionrabbit +ashtraystart +margaretbandana +oxygenbattery +velvetumbrella +tom-tommandolin +radiosidewalk +strawsurfboard +oceaneditor +rubberoffence +smokeblowgun +chairshingle +bumperhygienic +robertbrochure +partyutensil +croissantvacuum +timerrugby +karenhalibut +blackoctopus +sprucegorilla +chestdiploma +hexagongeorge +poisonbasin +buildingplate +ketchupskill +humorzipper +drizzleenquiry +planecocktail +shallotspinach +crackerstove +spoonraincoat +sweatertractor +moneylipstick +thronec-clamp +seagullflame +fridaycommand +mirrorshield +beastrobert +towersaxophone +halibutgrape +statementbrush +boardcrowd +appendixchalk +bracedinner +lilacturnip +thoughtperson +poundsteel +chancethrone +mailboxemery +rainstormbugle +climbquail +step-sonevening +swedishoctober +modemhedge +airshipcredit +scissorsalmanac +digitalaccordion +jaguarsyria +houseramie +radarwilliam +creaturesunshine +preparedrotate +relationbumper +baboonframe +passivegemini +wedgebiplane +roosterhaircut +liquidwasher +bufferhaircut +cablenylon +asparagusdress +euphoniumflight +stampbroker +equinoxghost +pilotmatch +octobershoulder +pakistansponge +ashtraydefense +lunchroomwindchime +signaturescooter +witnessprison +knickersdelete +soldierniece +resultsinger +shapecloud +rhythmcurrency +fruitdiploma +trowelcrush +crocuspants +partridgeclipper +fedeliniknowledge +daffodiltrombone +narcissuscycle +geometryjuice +paintgoose +successappliance +marchopera +desiredanger +edwardbakery +bargelarch +faucetcrook +weederlinen +apparatusrobin +velvetclipper +prosetoilet +postboxswedish +replacemistake +fragranceweasel +syriadrive +pantiesapartment +theorydoctor +saxophonepilot +nitrogenquince +swallowpastor +prosematch +bubblepamphlet +novelgrease +appendixbandana +tom-tomregret +berrynurse +nursememory +soybeancatsup +sharonpenalty +smellcapital +step-auntarmadillo +alcoholpreface +israeldorothy +bengalaftermath +memoryfridge +computerlaundry +timbaleapology +germanysound +nitrogenstranger +ronaldairport +thunderrainstorm +streamparade +denimpanty +freighterforehead +beardbench +weaponsurgeon +nickeltheater +strangertaste +cobwebcurler +musclehandicap +cushionspark +cymbalscene +donaldchalk +shelfghost +bathroompuppy +educationpickle +creaturespear +continentorange +cylindersociety +transportketchup +lindapopcorn +mirroraluminum +turretcardboard +brainniece +quaildrake +haircutslipper +packagekitchen +lotionnoise +freighteremployer +minibusstart +attentionmattock +thailandpatio +parsnipamerica +kevinchain +spherequart +educationporter +riveryellow +geometryindustry +sweatshopreminder +karenalbatross +raincoatwaiter +hexagonglass +skirtscrew +canadianweasel +libraryquality +tulippanther +piscesemployee +gradepressure +amusementcocoa +accountwallaby +drivingsemicolon +crossclose +networkstool +exhaustparade +forcekevin +luttucedigger +cirrusbotany +propertylathe +basketcloakroom +armchairdinghy +bladehumor +hyacinthpaste +dinosaurmacaroni +greenfloor +stretchbrand +sparrowfebruary +reminderinternet +snailbeast +trousersshelf +algeriajacket +printerdaughter +capitalaustralia +creamhyena +voyageweight +timbalehurricane +spearpanties +frametexture +herringbeach +jenniferstep-aunt +saxophonenancy +agendajudge +fedelinipolish +giantfreeze +zoologydomain +cyclealloy +ptarmigansleep +printpuffin +voicetrade +dahliacheque +cockroachlaugh +currentgirdle +bettyplastic +mexicancirrus +williamhouse +arrowappendix +quartmercury +octoberbedroom +rainstormantelope +streamblock +cormorantyogurt +channelbaboon +orangepiano +balinesequotation +romanianromanian +bufferscorpion +indonesiaradiator +buildingvolcano +cucumberrouter +consonantbotany +seagulljuice +rocketjoseph +anteatertortoise +oatmealrecess +celerytrial +thingwrecker +underweardiaphragm +step-sonanthony +celestecousin +purpleequinox +chimespruce +taxicabshame +jenniferitalian +separatedmeter +bagelhalibut +butanepollution +grandsonkevin +timermulti-hop +quailsquare +haircutrussian +zephyrmakeup +baseballcheque +sugartanzania +potatoathlete +ceilingsardine +croissantsquash +offerswiss +borderpakistan +bettypolish +educationsharon +bumperbeard +pajamaoctave +messagebadger +healthglove +goldfishbowling +spruceagreement +witnesspostage +housewitness +pansystitch +armchairblade +replacequince +kidneyracing +childsubstance +gymnastdrink +chestherring +kennethmessage +thundersycamore +gianttruck +chauffeurfrost +tongueopinion +alloytemper +turnoverdaughter +controldigestion +musclepiano +chardreligion +securefight +clothbladder +quincetrial +melodyrequest +internetmakeup +epoxymitten +featureethernet +airmailbabies +peonycyclone +mirrorpassenger +rotatemosquito +checksupport +degreesphere +mexicolentil +whaleminute +beasttights +timerblanket +ceilingslice +computerdavid +singlebeetle +blockanimal +ronaldtoast +educationraincoat +partnerbudget +forestromanian +illegalfortnight +draineditor +ariescrayon +spoonrussia +coniferphone +interestcapital +shellsanta +toenailharbor +numerictsunami +bracetsunami +bettysociology +sphynxnorwegian +hobbiesformat +formatobjective +marimbatouch +magicblowgun +adapterprofessor +carriagebrandy +apparatusservant +plantsinger +collarpyramid +patchsoldier +propertyshingle +scorpioncurtain +januaryquarter +porcupinephysician +criminalcheque +debtorcactus +indiainternet +invoicepatricia +fightertrail +kendovenezuela +medicinecircle +streetcarnigeria +mistakethrone +comfortsearch +cirrusnickel +agendaamerica +turkeyevent +woundnoodle +scorpiongondola +greasechime +galleyvenezuela +frienddinghy +scorpioheaven +breadlegal +missiletheory +queencucumber +snowplowegypt +stretchdragonfly +beetlepurchase +teachingscanner +tendencymotorboat +wastecactus +zebraroute +boundaryamerica +bugleisland +cushionaftermath +algeriasquid +alcoholikebana +oniontrial +williamquestion +templegreen +saucebagel +dryerriver +tomatochild +sundialscorpion +animetextbook +processhardcover +firemansardine +ukraineadvice +dorothytooth +dressingquince +bookcasehistory +hacksawarmadillo +cuticlesilica +condorgender +eventtreatment +animewatch +floodbrass +rubberfibre +ghanafamily +inputpassbook +pyjamascooter +partyriver +chalkimpulse +tornadonewsstand +historygallon +carnationpastry +davidwound +forecasttuesday +actionsmell +backbonebladder +canadacancer +targetjapan +meterradiator +flightslave +offencereceipt +incomeairport +squirrelenergy +trialbrake +davidmachine +insectchurch +gliderturnover +airplaneorchid +colonvalue +motorboatinput +cherrypoison +stickmascara +pastorsparrow +alphabetcello +digitalnickel +hallwayflight +carolpimple +glovebutane +printoutput +salarybread +timpaniparsnip +changeburst +licensecougar +timpanilunch +cartoonbreak +brackethacksaw +searchtitle +driveprofessor +georgetaxicab +israelavenue +recordblock +hammertrunk +cottonraven +notifybeech +pancakequotation +chalkheadline +washerlentil +actionverdict +christmascreature +sarahpizza +chalkhoney +sturgeonwedge +cementmacrame +bracketorchid +harbordelivery +singlesurfboard +innocentunderwear +chainviolin +keyboarddream +typhoonmarket +zephyramount +davidsemicolon +algebraclick +profitvolcano +saturdaycanada +pendulummusic +sharksaxophone +orchiderror +recordprotocol +foxgloveaugust +cougargermany +spiderspinach +rutabagaspark +roadwaycrayfish +zephyrwhale +hubcaprussian +trialavenue +kayakaries +studymarket +blockfamily +chequeoutrigger +divorcedalphabet +blockdirection +potatospinach +basintornado +graphicgosling +numericdeficit +temperscreen +englishmustard +sopranohoney +airportbranch +oceanspoon +seashoresuede +inputcable +fairiesappliance +drizzleenglish +mexicoschool +turnipduckling +propertysideboard +bargefountain +bobcatbarometer +baritonecrowd +creatoractivity +porcupinelimit +breathfreezer +leopardbanana +breakdaisy +engineerhealth +forgerylibrary +treatmentobjective +dinghyikebana +ticketpromotion +systemchair +brokervision +liquidbutcher +russiashrine +siameseperson +drizzleincome +snowflakeceleste +ministerriver +picklemarble +dungeonbedroom +americatrial +tastehumidity +recesskenneth +trickaccount +newsstandfeather +brownswamp +crushhouse +pyjamaopinion +equipmentbookcase +musicianguilty +sugarquestion +englishswedish +closetcolumn +notifyotter +rainbowmarimba +healthbanjo +tsunamistomach +freighteraquarius +clockinvoice +reportankle +weaponsunshine +linenfeedback +coastpocket +distancedecrease +packethyena +companysurgeon +bargepeony +debtorbongo +jellyfishhearing +believemother +butchercuban +advantagemexico +friendstone +brazilearth +burglarwhite +kangaroocurtain +saucedrain +lyocellsidewalk +ownerwedge +crayonjewel +buffetwealth +pantrycemetery +threadclipper +orangejason +pastryplaster +algeriaagenda +cylinderarcher +monthbillboard +partyshears +fortnightharmonica +lightdeadline +lungepatient +burstapartment +companyknight +patchsalesman +securitywhite +spaghetticrook +storyvolcano +armenianbicycle +peacebroker +grouprepair +customerstocking +landminesurfboard +consonantrevolver +halibutcolor +officedessert +swordfishequinox +sailorsidecar +industryapparel +gore-texchinese +couchdorothy +englishanger +shoemakergemini +walletpayment +donnaapartment +chestpoint +brandtractor +answerbasket +cricketshrine +trunkcathedral +drawercarpenter +plasticknight +dinghysushi +subwayoatmeal +cartoonbudget +streetcaropera +studycomic +submarinebasement +elizabethwednesday +luttucechildren +squashinsurance +tastecontinent +patientteacher +jacketaftermath +japaneseexistence +plasticclaus +bedroomtrumpet +resultsanta +powersidecar +spaghettivalley +cyclefrench +bedroommiddle +tendencytrain +seagullravioli +latexpackage +streamselection +washerrelish +zoologyemployee +pantyhosedesign +managercentury +mascarahumor +edgerrhythm +trumpetcousin +romaniansoybean +microwavemoustache +ghostmaria +cricketdance +freoncondor +pentagontouch +magazineeight +cardboardwitness +optionjapanese +aprilbrake +mondayblouse +attackpickle +thoughtguide +harmonicatruck +shallotcarol +repairsmash +crosswalrus +streetclose +zoologyorchestra +cirruskitten +kilogrambaseball +shortstoenail +acrylicbooklet +cloudyblock +waitresscurrency +africaeyelash +jenniferalcohol +diaphragmslipper +pencilsprout +harborstreetcar +magicgarden +monkeybeggar +stockingbabies +novelgearshift +wastegemini +ministerpajama +egyptgazelle +armadilloplant +powderlizard +forcecougar +hallwayhydrofoil +clarinetswallow +womenpyjama +ariesbrand +kayakcollar +viscoseliquid +buzzarddouble +melodyschedule +outputyogurt +dipstickasparagus +hyenaneedle +cupcakebulldozer +messageorchestra +beachfisherman +clothexistence +recorderlunge +dorothycoast +propertyplough +karatemargaret +hallwaylearning +asteriskreindeer +mariabreakfast +creditsister +airbusholiday +trunkexhaust +aftermathgrenade +officesurprise +accordionthistle +moustacheanteater +eggplantbuffet +myanmarchord +spaghettisaturday +dahliahobbies +stingernight +stationwitness +interestburst +britishasparagus +snakegroup +gooseexample +step-sonpackage +cardigandorothy +printergeology +brokercellar +jewelbuzzard +jasoncaption +benchtoast +lightcellar +windowjelly +successtanker +insuranceicicle +sleepswiss +carolfrench +produceonion +pocketsnail +schedulelotion +brushkamikaze +guaranteemexico +cerealunderwear +sweatercourt +bottomcaption +crossepoch +wastelasagna +dogsledbranch +skilleffect +passivelemonade +congotiger +newsstandclass +tastethread +spaindetail +sandwichfather +statisticitalian +turtleolive +greekstring +ferryboattwilight +cheesealgeria +lobsterbeach +spinachlettuce +sentencewrench +ravioliquartz +mimosawriter +motherliver +felonywilliam +croissantchinese +inventoryex-wife +honeyperson +germanytrail +zipperracing +touchdrive +angoravault +offencecriminal +chinesedollar +bugleapril +celloplant +dinosaurshock +beliefvault +cupcakeberet +shadowbadger +educationorange +camelodometer +riverprofit +lindaburglar +dimplebladder +biplanemoney +periodrouter +japanindex +squirrelsheep +ariessmell +celsiuskorean +recordbirch +tailorbabies +barberkevin +baboonalarm +disgustfemale +packageshallot +halibutoxygen +norwegiannarcissus +sistercouch +kittenreport +dancercurler +stovefrance +islandsunflower +fluteinventory +decadeverse +heliumbarometer +creatorfrance +depositplate +richardunderwear +ferryboatcymbal +broccolialbatross +sentencebreakfast +saturdayleopard +barometergateway +cymbalsecure +hacksawswordfish +orchestratiger +accountporcupine +shearsaftermath +vinyljennifer +gallonparticle +pressurestart +handballplant +chalkmicrowave +inventorymallet +skillmexican +digestionpollution +garagenewsstand +sproutcelery +octopusaddition +raviolibugle +edwardperfume +violetprice +prunerhallway +apparatuscause +wreckerhyena +aprilrainbow +desiredivorced +anatomycannon +chairmarch +bargegarden +scalliongrandson +footnoteharmony +hurricanedragon +debtorsunflower +governorblanket +coastchurch +activebutcher +parsnipjoseph +fluteniece +priceafrica +tromboneheight +lobsterstick +discoverytrick +slopemustard +footnotequestion +stevensnowplow +bathtubvolcano +raviolilicense +chauffeurbubble +crayongeese +comictrial +patiotom-tom +europechick +snowstormfamily +anthonyregret +seashorecurrency +enquirygiant +dinosaurhamburger +cougarcricket +internetukraine +spandexcanadian +jeansgladiolus +asphaltedger +storyagenda +equinoxactive +spearrelative +columnistsoybean +vulturefisherman +scentastronomy +bufferbrace +treatmentplier +sunshineblizzard +collegeamount +breakfastspear +gasolineaddition +throneactivity +lightheart +stepsonbrass +williambuffet +thingsociety +bathtubcornet +nursewoolen +organstep-son +cinemapassbook +womenchill +newsprintethiopia +tendencytugboat +cactusepoch +tanzaniadoctor +spherepayment +cobwebmusic +postboxdollar +creaturemexico +disgustfountain +spadepajama +paperbackwaiter +italiantanzania +myanmardoubt +trialpoppy +slashrowboat +hacksawdeodorant +blizzardsweatshop +physicianpoland +nightriddle +sweetsmonday +vegetabledisgust +oniontoilet +strawgrandson +cowbellthursday +dibblemelody +stockingfactory +c-clampharmony +advantageknowledge +crawdadfireman +drivechicory +woundparsnip +yachtengine +venezuelanickel +chickjeans +enquirystopsign +rutabagashrimp +geminisuede +pancreaslatex +ikebanapatio +turtlecaptain +shellpassbook +glidingspoon +whorlmaraca +japanesescraper +kohlrabieggnog +marriedsharon +sweatshopsnowman +streamthrill +targethydrofoil +blizzardrooster +saxophonedollar +laborerpanty +purchaseyogurt +cyclonepromotion +sociologysnowflake +armchairprofit +whistlequeen +schoolstick +arrowuganda +creatureaddition +freonutensil +buildingflight +tenorroadway +poppysociology +chickenhorse +bearddorothy +crayonplatinum +susanmonday +trouserslumber +goosedrizzle +octavenigeria +kevinmachine +clipperclerk +disgustbelieve +pamphletsnowman +ex-wifeforehead +toiletscent +crackercuban +swordfishbritish +fishermancomposer +foxglovenephew +soybeangrandson +depositbobcat +sturgeoncaravan +waterfallcheese +potatoblood +broccoliforce +productseashore +treatmentshell +cricketaluminium +chickensponge +territorygondola +reportferry +chordchest +consonantniece +juicelentil +cherriesitaly +calendarpelican +throatporch +gore-texfeedback +outputclass +calendarlyocell +spaghettipants +bloodliquor +mustardspider +twistthing +libramosque +firewallkilogram +continentsheep +tradequeen +ploughcockroach +smokeheadlight +searchwhale +zebramotion +handicapcover +willowjames +apologylaborer +grousexylophone +cousindonkey +timbalesneeze +mosquitolatency +leopardseagull +criminalpersian +whiskeywalrus +multi-hopstep-aunt +radiatorgorilla +handledrizzle +coastdeborah +softwarestory +crossdryer +streetketchup +stoollipstick +silversaxophone +angledigger +angoraaugust +mandolindress +stoolactive +afternoonocelot +skillwheel +ladybugshape +centurysturgeon +girdleindonesia +walruslatex +discoverysheep +snowmanshark +williamengine +energyguilty +canvaswillow +cinemacherries +throneornament +shoemakerplayroom +giantalibi +formathandball +tuesdaynitrogen +moneypoint +ceramicpostage +timbaleskiing +scissorsamusement +glidertom-tom +ukrainianbuffer +borderlimit +lycradrama +additionhimalayan +eventagenda +barometerliquid +slipperrocket +bracketagreement +aquariusmichael +octavemacaroni +effectsignature +copperenemy +melodydirection +lizardflower +sandwichladybug +spinachcaution +turretvision +motherspoon +mistakeeggnog +jumpersnail +professordamage +pickletsunami +pyjamabelieve +decreaseronald +weaponfifth +theaterfirewall +belgiandugout +scorpionrubber +searchodometer +marketresult +sweetssalary +minibusketchup +mailboxbench +spleeneurope +geraniumhouse +dramamakeup +banglecrime +gondolacaption +dahliaparent +violettoenail +peppereducation +japanesefeeling +onionquotation +furnituretongue +surgeonselect +angercrate +knifecarrot +marginsearch +luttucesense +sessionforce +plainbongo +custardburglar +thursdayfreezer +historyscanner +mascarafelony +paperexample +recorderglider +marginbillboard +fluteavenue +collarvoyage +prosepantyhose +drilllyric +hexagonpancreas +sudanjellyfish +syrupforest +cubancaution +throatconifer +cemeterycornet +donnawaitress +clipperappeal +lentilestimate +jumperreduction +wastelatex +approvalplanet +dieticianshark +pencilsyrup +communitygoldfish +strangersubway +governormelody +thailandheron +georgetennis +springtimbale +cloverrabbit +chinesefemale +banjoswimming +shovelsalary +waterfallplier +calculusmaple +syrupbeard +babiestoast +step-auntgraphic +step-sonclaus +smokecoffee +skirtcactus +ferrybathroom +driverex-wife +pelicanconifer +riverbedmarket +actressbakery +trailretailer +mechaniccontrol +magicdeadline +epochkenya +broccolimulti-hop +alloyshield +drainspeedboat +geologymacrame +violetstorm +cicadarabbit +forecastheadline +companyaddition +featherstore +illegalheadlight +baboonoffice +herringaluminium +blanketdenim +tenorkettle +freightermailbox +furnitureeducation +pointsurprise +weaponflood +farmercanvas +chineseattention +versequiet +centurystudy +goldfishdungeon +slopesquirrel +canvasclaus +yogurtcanvas +lilacfaucet +bottlethumb +harmonicacereal +pantrycapricorn +tortoisenotify +toenailfloor +middletheater +calendarswallow +celestecopyright +monthcountry +zebraspace +alloyasphalt +propanewound +knickerssurfboard +deficitsmile +matchtriangle +paperdinner +teachingbrick +stopwatchthomas +authorbridge +readinggrade +minibusknowledge +armadilloformat +kittyminute +relativeindia +feelingaftermath +mustardquartz +gatewaybranch +prosechief +statisticthread +towerhaircut +processwalrus +temperreason +drilltoilet +karatefriction +summerpersian +tsunamibeard +pancreashelmet +separatedtugboat +shadowrespect +brakemotion +step-soncalendar +printerror +femalecomposer +chocolatesmash +taiwanvoice +formatrubber +apparatushourglass +shelfdugout +positionpollution +clothmuscle +visitorshrine +enquirykayak +anglepasta +kohlrabibronze +pansyequinox +susanpastor +liquormelody +canadianstraw +popcornpassenger +deadlinebamboo +bankbooksquare +pastordaniel +cuticlefarmer +bookcaseparsnip +ikebanabathroom +catsupjason +papergoose +syriawinter +scraperrainbow +exchangewinter +segmentwound +flavorjuice +clausquartz +chocolateminibus +layergermany +successsunflower +stepsonhealth +gallontyvek +nervebengal +pamphletspace +soccershorts +kevinparcel +timbalearies +paraderocket +yogurtcathedral +candlecreature +mountaincontinent +juiceradio +passbooksoccer +juiceknight +priestpurpose +shieldapartment +lizardangle +snowflakeclient +religionfireman +multi-hopbottle +februarysmell +zephyrrutabaga +effectnigeria +nickelbalance +apartmentquiet +impulsesidewalk +beavercrush +titlehistory +congojacket +aftermathgander +woundbamboo +mondayjaguar +titaniumbladder +beechwealth +ramieoxygen +blacktaiwan +tendencyclimb +lizardmoney +minutecylinder +carpenterinventory +richardperiod +operationpayment +bumpersharon +bargehammer +onionbutcher +ferrystore +surfboardviscose +numericpiccolo +successdogsled +quincemarket +softwarerelish +canadageese +cubannovember +liverbracket +babiesbulldozer +fightercarnation +sessionjewel +anteaterminibus +mondaypaper +gearshiftfelony +adaptertornado +shrimpcactus +valleygauge +lyocellpilot +applesparrow +atticdrink +step-sonsweatshop +elephantstocking +producefireman +macaroniwomen +decimaldresser +doctorrhythm +channelphysician +camerapyjama +cirruschicory +mandolinpurchase +pandacoast +laborerpolice +fridgemusician +decadehoney +summersycamore +stationlemonade +communityswimming +collisiongliding +educationbookcase +formatpersian +aluminumrhythm +colorweather +boardscarecrow +bumpersnowstorm +meetinggeese +couchbuffer +chancesoftdrink +airplanemeasure +muscletongue +adaptervirgo +mimosaalloy +bladderhamburger +childcolor +stopwatchtrial +middleletter +wallabyjeans +musicdenim +broccolination +slopecatsup +waterchick +currentnarcissus +quivermailman +selectiondanger +angerslime +avenueparrot +ukrainiansarah +davidradar +pelicanmascara +hurricanetimbale +liquorriver +drawerberry +replacehobbies +underwearseason +firewallbreak +sproutlarch +bracecarol +bottompolyester +hockeyheight +peonyseeder +clientmeter +wastetwilight +peppergarlic +gymnasthearing +drivingbutton +sliceikebana +zephyrviolet +badgerambulance +asteriskenglish +pantyhoseplanet +karatemodem +scalechildren +baseballpastor +crateoutput +recorderpanda +broccolitrumpet +brochureporcupine +passivehurricane +vulturevacation +pyjamaforgery +bubblecopyright +octavecloudy +grousestream +supplycannon +bagelbench +punchairplane +copperwhale +polandshears +canvasseptember +friendlight +lipstickrevolver +shrimpjewel +scorpionairship +bagpipeturkish +timpanivessel +airbustyvek +makeupbeetle +egyptriverbed +clutchpencil +equinoxbobcat +bronzesyria +brokersecure +astronomylilac +wrenchsponge +flightapproval +bucketmorning +lemonadestudy +condoreagle +diaphragmmanager +melodyheadline +decimaldrill +carolgoldfish +illegalferryboat +faucetfeather +mountaindebtor +trickgosling +knifejason +personreindeer +postboxknowledge +backbonesnowman +capricorncattle +shoemakerbirthday +shamecrawdad +pheasantsidecar +christmasburst +rainbowexhaust +monthholiday +hacksawradio +machinethailand +letterchildren +bracetoenail +edwardbudget +screenstation +giraffedeficit +eyelashpiccolo +workshopbrain +swordferryboat +quiverswing +animeturret +yellowsecure +pantsselection +edgeremery +donnadinosaur +fedelinielephant +latheposition +calculussushi +alligatorlicense +divingorchestra +custardankle +apparatusglass +librablanket +cheekdesign +dugouttwist +kangarooitalian +strawbarometer +friendappliance +cocoacoast +relationgirdle +kayakevent +tenorsauce +streamcurtain +ugandabuffet +questionappendix +rangesardine +mistakeliquor +italyoatmeal +bandanastep-son +swallowbrian +libraryrooster +guitarcormorant +alligatorarmadillo +olivediploma +mandolinvietnam +chequeonion +moustachestaircase +tugboatpepper +babiesmandolin +chickenbobcat +sleeptrade +ticketfeature +governortanker +priestsubstance +squarelegal +badgemacaroni +hospitalcream +chieffriction +birthdaycloudy +sandrapancreas +licensepimple +chauffeurstraw +sandrabalinese +sailboatboard +eyelinergreece +ceramicvulture +wasteturtle +dragonflybiplane +squareglass +doubleplywood +aluminumeyelash +cougarlearning +swordcanvas +digestioncloset +kittycuban +cratebarge +timbaleepoxy +mosquitocolor +stoolsurname +brushlocust +noisestatement +blockcrocus +weedermusic +ounceedward +preparedrabbi +umbrellatimbale +eveningpuffin +mondayoffence +ferrydrain +multi-hopfriday +clerkcollege +yogurtpatio +coastlotion +elizabethepoxy +denimlanguage +estimatelaugh +blackeffect +bugleheight +jasonrectangle +sneezebusiness +drainsarah +countryattack +fifthnephew +blacklaura +parcelbangle +russiaforce +australiavoice +linenviola +shelfcicada +sidewalkbusiness +slashhospital +saxophonereceipt +dressingmeasure +heavendressing +spinachsweets +marriedspeedboat +tendencyhobbies +barbarafront +doublemirror +pantiesnumeric +shademailman +hobbiesgarage +tradepyjama +engineerashtray +thunderlizard +targetbench +hydrantspleen +trunkfisherman +africapastry +violintrain +spoonstep-son +managereducation +brickalibi +kangaroofirewall +stovehydrogen +internetpassbook +expansioncupcake +operationsecretary +methanesmash +skillopera +prefacebulldozer +scorpionsaxophone +valleyangora +twistacrylic +puppymaria +acousticniece +nephewemployee +turretrelish +potatosleet +cupboardthistle +apartmentpunch +smelljaguar +sociologyquilt +modemfelony +otterlizard +guiltyharmony +spandexfridge +groundferryboat +onionwillow +cocoascience +pizzaentrance +mouthbattery +soccerviolet +tortoiseenemy +radiatorceiling +boardblood +grandsonwhite +fieldcushion +chequeelbow +freondriving +birthalbatross +armeniangirdle +davidbulldozer +applelipstick +policemanlatex +wristbranch +gendershare +yachtchest +macramefeeling +adaptercoach +successtennis +teacherfeeling +innocentsubmarine +furnituregalley +biplanetexture +coverwrinkle +cucumberspider +hobbiespriest +womenmichael +harmonicaskirt +valleypatch +agreementdungeon +quivermirror +crickethygienic +humorpoultry +fleshdolphin +broccolibrand +cylindermarried +noodlecanadian +leopardcowbell +chestglove +singlejames +cocktailsundial +inventoryconifer +nationnerve +swisspostage +hyacinthsociety +surgeonsidecar +otterswamp +pocketperson +cousinnoise +epoxyllama +teacherzipper +asphaltalarm +aluminiumdouble +submarinekarate +singerenquiry +airmailgermany +coppersquash +quicksandquartz +cucumbermotorboat +ostrichcurrent +numericparrot +pancakecolor +bracketflower +requestcicada +seaplanerouter +softballtoilet +segmentlibrary +lemonadeyacht +vacationmuseum +yellowtheater +officemagician +mechaniccheck +randomswallow +bargearcher +cricketbrother +guitarronald +fedeliniinnocent +spongecreek +firemandebtor +discoverytimpani +tigerbelgian +camelworkshop +yogurtmilkshake +himalayanferryboat +ceilingwhale +kidneyfortnight +japandancer +questionflight +chiveleopard +woolenanthony +indonesiatennis +greecehimalayan +jellydatabase +orchidsoybean +pelicanferryboat +luttucepancake +featuregander +spacebanjo +spherefoxglove +cormorantpaste +housebladder +dancercraftsman +pyramidjanuary +cicadachime +singlesweatshop +pancreasdebtor +kittyprice +cubansalad +prunergeorge +doubtbanjo +blowgunsquash +syriageranium +sentencebagel +substancekenya +ukrainianplatinum +camelitalian +kittytheory +relativeconga +alleypoland +wastebeast +dahliaflood +cannongeranium +objectiveappendix +parsnipspace +humorsmash +kimberlytractor +cookingbrand +paintnitrogen +asterisklyocell +calendarrainbow +lindadinner +interestbanana +richardmercury +algeriadragon +featuremarch +offencepackage +entrancesession +donkeyglove +messagehyacinth +slashsugar +invoicebiology +slavestock +fightfeather +wallabyhacksaw +bucketalloy +methaneliver +carolhalibut +pricecolony +staircasesoftdrink +insectcolor +telleremery +siberianrooster +messagerussian +gatewaymuseum +columnistpajama +adapterinterest +chemistrygeorge +flightporch +c-clampbeginner +egyptwalrus +honeyvessel +spherelentil +brandyjasmine +shadowshovel +ellipseshoulder diff --git a/host/usr/share/nginx/html/error.html b/host/usr/share/nginx/html/error.html new file mode 100644 index 00000000..e69de29b diff --git a/host/usr/share/nginx/html/favicon.ico b/host/usr/share/nginx/html/favicon.ico new file mode 100644 index 0000000000000000000000000000000000000000..a40c2372944cc1aa0c2d30ef2b93826395e58101 GIT binary patch literal 805 zcmV+=1KRwFP)Ywlll4TL&lkvfcL0`@QR)9jMdG%W)K2BkF5E~EPVjj~40 zJ#n4?2n|W7G$@uSFkrA~a_lzAzEEv=tZ@U#K-Ix~Hz*-ccqCZ>ROJBRQb_Rt)XxC_ z9%!Gr3VkRQsYB#_3DuDo`~g5D192qFwISe>6bjMO2JEQ<$g4%r4GW!%w|(V)^-n3B8=GRVu4<0GcyzN{L$D}W$eqvJxA zIIJ$|Co&#AytagTA!%vl(Zg#is&4e3%)kMlki?^)tRtyNCH}8A@%rJcw2dBGS1Vp@ zMPbW`^{sRitptrRf+%bqfL=(l&bCuM^^bpjJ*chxlxk1xP|ty`k#t>S-fxoa8B$gu zc?gNKC(y|p?7B8sSMEsm^7ad{w@a|zEJ?|LRx-vyk*L>x5XynI#9f6RqY*q>jj$Tl zjIox+Zz%o`Q}_(DJ^ + + + + + T-Pot + + + + +

+ Home + Kibana + ES Head + Netdata + Spiderfoot + Portainer + WebTTY +
+ + diff --git a/host/usr/share/nginx/html/style.css b/host/usr/share/nginx/html/style.css new file mode 100644 index 00000000..2696a613 --- /dev/null +++ b/host/usr/share/nginx/html/style.css @@ -0,0 +1,17 @@ +.btn { + -webkit-border-radius: 0; + -moz-border-radius: 0; + border-radius: 0px; + font-family: Arial; + color: #ffffff; + font-size: 12px; + background: #E20074; + padding: 2px 30px 2px 30px; + text-decoration: none; +} + +.btn:hover { + background: #c2c2c2; + text-decoration: none; +} + diff --git a/host/usr/share/nginx/html/tpotweb.html b/host/usr/share/nginx/html/tpotweb.html new file mode 100644 index 00000000..6f3a0146 --- /dev/null +++ b/host/usr/share/nginx/html/tpotweb.html @@ -0,0 +1,15 @@ + + + + + + T-Pot + + + + + + + + + diff --git a/iso/installer/dialogrc b/iso/installer/dialogrc new file mode 100644 index 00000000..bb53e1b8 --- /dev/null +++ b/iso/installer/dialogrc @@ -0,0 +1,144 @@ +# +# Run-time configuration file for dialog +# +# Automatically generated by "dialog --create-rc " +# +# +# Types of values: +# +# Number - +# String - "string" +# Boolean - +# Attribute - (foreground,background,highlight?) + +# Set aspect-ration. +aspect = 0 + +# Set separator (for multiple widgets output). +separate_widget = "" + +# Set tab-length (for textbox tab-conversion). +tab_len = 0 + +# Make tab-traversal for checklist, etc., include the list. +visit_items = OFF + +# Shadow dialog boxes? This also turns on color. +use_shadow = ON + +# Turn color support ON or OFF +use_colors = ON + +# Screen color +screen_color = (WHITE,MAGENTA,ON) + +# Shadow color +shadow_color = (BLACK,BLACK,ON) + +# Dialog box color +dialog_color = (BLACK,WHITE,OFF) + +# Dialog box title color +title_color = (MAGENTA,WHITE,OFF) + +# Dialog box border color +border_color = (WHITE,WHITE,ON) + +# Active button color +button_active_color = (WHITE,MAGENTA,OFF) + +# Inactive button color +button_inactive_color = dialog_color + +# Active button key color +button_key_active_color = button_active_color + +# Inactive button key color +button_key_inactive_color = (RED,WHITE,OFF) + +# Active button label color +button_label_active_color = (YELLOW,MAGENTA,ON) + +# Inactive button label color +button_label_inactive_color = (BLACK,WHITE,OFF) + +# Input box color +inputbox_color = dialog_color + +# Input box border color +inputbox_border_color = dialog_color + +# Search box color +searchbox_color = dialog_color + +# Search box title color +searchbox_title_color = title_color + +# Search box border color +searchbox_border_color = border_color + +# File position indicator color +position_indicator_color = title_color + +# Menu box color +menubox_color = dialog_color + +# Menu box border color +menubox_border_color = border_color + +# Item color +item_color = dialog_color + +# Selected item color +item_selected_color = button_active_color + +# Tag color +tag_color = title_color + +# Selected tag color +tag_selected_color = button_label_active_color + +# Tag key color +tag_key_color = button_key_inactive_color + +# Selected tag key color +tag_key_selected_color = (RED,MAGENTA,ON) + +# Check box color +check_color = dialog_color + +# Selected check box color +check_selected_color = button_active_color + +# Up arrow color +uarrow_color = (MAGENTA,WHITE,ON) + +# Down arrow color +darrow_color = uarrow_color + +# Item help-text color +itemhelp_color = (WHITE,BLACK,OFF) + +# Active form text color +form_active_text_color = button_active_color + +# Form text color +form_text_color = (WHITE,CYAN,ON) + +# Readonly form item color +form_item_readonly_color = (CYAN,WHITE,ON) + +# Dialog box gauge color +gauge_color = title_color + +# Dialog box border2 color +border2_color = dialog_color + +# Input box border2 color +inputbox_border2_color = dialog_color + +# Search box border2 color +searchbox_border2_color = dialog_color + +# Menu box border2 color +menubox_border2_color = dialog_color diff --git a/iso/installer/install.sh b/iso/installer/install.sh new file mode 100755 index 00000000..cdb398ff --- /dev/null +++ b/iso/installer/install.sh @@ -0,0 +1,509 @@ +#!/bin/bash +# T-Pot post install script + +# Set TERM, DIALOGRC +export TERM=linux +export DIALOGRC=/etc/dialogrc + +# Let's load dialog color theme +cp /root/installer/dialogrc /etc/ + +# Some global vars +myPROXYFILEPATH="/root/installer/proxy" +myNTPCONFPATH="/root/installer/ntp" +myPFXPATH="/root/installer/keys/8021x.pfx" +myPFXPWPATH="/root/installer/keys/8021x.pw" +myPFXHOSTIDPATH="/root/installer/keys/8021x.id" +myTPOTCOMPOSE="/opt/tpot/etc/tpot.yml" +myBACKTITLE="T-Pot-Installer" +mySITES="https://index.docker.io https://github.com https://pypi.python.org https://ubuntu.com" +myPROGRESSBOXCONF=" --backtitle "$myBACKTITLE" --progressbox 24 80" + +fuRANDOMWORD () { + local myWORDFILE="$1" + local myLINES=$(cat $myWORDFILE | wc -l) + local myRANDOM=$((RANDOM % $myLINES)) + local myNUM=$((myRANDOM * myRANDOM % $myLINES + 1)) + echo -n $(sed -n "$myNUM p" $myWORDFILE | tr -d \' | tr A-Z a-z) +} + +# Let's wait a few seconds to avoid interference with service messages +sleep 3 +tput civis +dialog --no-ok --no-cancel --backtitle "$myBACKTITLE" --title "[ Wait to avoid interference with service messages ]" --pause "" 6 80 7 + +# Let's setup the proxy for env +if [ -f $myPROXYFILEPATH ]; +then +dialog --title "[ Setting up the proxy ]" $myPROGRESSBOXCONF <&1>/dev/null <&1>/dev/null <&1>/dev/null <&1 | dialog --title "[ Stop docker service ]" $myPROGRESSBOXCONF +systemctl start docker 2>&1 | dialog --title "[ Start docker service ]" $myPROGRESSBOXCONF +fi + +# Let's test the internet connection +mySITESCOUNT=$(echo $mySITES | wc -w) +j=0 +for i in $mySITES; + do + dialog --title "[ Testing the internet connection ]" --backtitle "$myBACKTITLE" \ + --gauge "\n Now checking: $i\n" 8 80 $(expr 100 \* $j / $mySITESCOUNT) <&1>/dev/null + if [ $? -ne 0 ]; + then + dialog --backtitle "$myBACKTITLE" --title "[ Continue? ]" --yesno "\nInternet connection test failed. This might indicate some problems with your connection. You can continue, but the installation might fail." 10 50 + if [ $? = 1 ]; + then + dialog --backtitle "$myBACKTITLE" --title "[ Abort ]" --msgbox "\nInstallation aborted. Exiting the installer." 7 50 + exit + else + break; + fi; + fi; + let j+=1 + dialog --title "[ Testing the internet connection ]" --backtitle "$myBACKTITLE" \ + --gauge "\n Now checking: $i\n" 8 80 $(expr 100 \* $j / $mySITESCOUNT) <&1 | dialog --title "[ Removing NGINX default website. ]" $myPROGRESSBOXCONF; +rm -rf /etc/nginx/sites-available/default 2>&1 | dialog --title "[ Removing NGINX default website. ]" $myPROGRESSBOXCONF; +rm -rf /usr/share/nginx/html/index.html 2>&1 | dialog --title "[ Removing NGINX default website. ]" $myPROGRESSBOXCONF; + +# Let's ask user for install flavor +# Install types are TPOT, HP, INDUSTRIAL, ALL +tput cnorm +myFLAVOR=$(dialog --no-cancel --backtitle "$myBACKTITLE" --title "[ Choose your edition ]" --no-tags --menu \ +"\nRequired: 4GB RAM, 64GB disk\nRecommended: 8GB RAM, 128GB SSD" 14 60 4 \ +"TPOT" "Standard Honeypots, Suricata & ELK" \ +"HP" "Honeypots only, w/o Suricata & ELK" \ +"INDUSTRIAL" "Conpot, eMobility, Suricata & ELK" \ +"EVERYTHING" "Everything" 3>&1 1>&2 2>&3 3>&-) + +# Let's ask for a secure tsec password +myUSER="tsec" +myPASS1="pass1" +myPASS2="pass2" +mySECURE="0" +while [ "$myPASS1" != "$myPASS2" ] && [ "$mySECURE" == "0" ] + do + while [ "$myPASS1" == "pass1" ] || [ "$myPASS1" == "" ] + do + myPASS1=$(dialog --insecure --backtitle "$myBACKTITLE" \ + --title "[ Enter password for console user (tsec) ]" \ + --passwordbox "\nPassword" 9 60 3>&1 1>&2 2>&3 3>&-) + done + myPASS2=$(dialog --insecure --backtitle "$myBACKTITLE" \ + --title "[ Repeat password for console user (tsec) ]" \ + --passwordbox "\nPassword" 9 60 3>&1 1>&2 2>&3 3>&-) + if [ "$myPASS1" != "$myPASS2" ]; + then + dialog --backtitle "$myBACKTITLE" --title "[ Passwords do not match. ]" \ + --msgbox "\nPlease re-enter your password." 7 60 + myPASS1="pass1" + myPASS2="pass2" + fi + mySECURE=$(printf "%s" "$myPASS1" | cracklib-check | grep -c "OK") + if [ "$mySECURE" == "0" ] && [ "$myPASS1" == "$myPASS2" ]; + then + dialog --backtitle "$myBACKTITLE" --title "[ Password is not secure ]" --defaultno --yesno "\nKeep insecure password?" 7 50 + myOK=$? + if [ "$myOK" == "1" ]; + then + myPASS1="pass1" + myPASS2="pass2" + fi + fi + done +printf "%s" "$myUSER:$myPASS1" | chpasswd + +# Let's ask for a web username with secure password +myOK="1" +myUSER="tsec" +myPASS1="pass1" +myPASS2="pass2" +mySECURE="0" +while [ 1 != 2 ] + do + myUSER=$(dialog --backtitle "$myBACKTITLE" --title "[ Enter your web user name ]" --inputbox "\nUsername (tsec not allowed)" 9 50 3>&1 1>&2 2>&3 3>&-) + myUSER=$(echo $myUSER | tr -cd "[:alnum:]_.-") + dialog --backtitle "$myBACKTITLE" --title "[ Your username is ]" --yesno "\n$myUSER" 7 50 + myOK=$? + if [ "$myOK" = "0" ] && [ "$myUSER" != "tsec" ] && [ "$myUSER" != "" ]; + then + break + fi + done +while [ "$myPASS1" != "$myPASS2" ] && [ "$mySECURE" == "0" ] + do + while [ "$myPASS1" == "pass1" ] || [ "$myPASS1" == "" ] + do + myPASS1=$(dialog --insecure --backtitle "$myBACKTITLE" \ + --title "[ Enter password for your web user ]" \ + --passwordbox "\nPassword" 9 60 3>&1 1>&2 2>&3 3>&-) + done + myPASS2=$(dialog --insecure --backtitle "$myBACKTITLE" \ + --title "[ Repeat password for your web user ]" \ + --passwordbox "\nPassword" 9 60 3>&1 1>&2 2>&3 3>&-) + if [ "$myPASS1" != "$myPASS2" ]; + then + dialog --backtitle "$myBACKTITLE" --title "[ Passwords do not match. ]" \ + --msgbox "\nPlease re-enter your password." 7 60 + myPASS1="pass1" + myPASS2="pass2" + fi + mySECURE=$(printf "%s" "$myPASS1" | cracklib-check | grep -c "OK") + if [ "$mySECURE" == "0" ] && [ "$myPASS1" == "$myPASS2" ]; + then + dialog --backtitle "$myBACKTITLE" --title "[ Password is not secure ]" --defaultno --yesno "\nKeep insecure password?" 7 50 + myOK=$? + if [ "$myOK" == "1" ]; + then + myPASS1="pass1" + myPASS2="pass2" + fi + fi + done +htpasswd -b -c /etc/nginx/nginxpasswd "$myUSER" "$myPASS1" 2>&1 | dialog --title "[ Setting up user and password ]" $myPROGRESSBOXCONF; + +# Let's generate a SSL self-signed certificate without interaction (browsers will see it invalid anyway) +tput civis +mkdir -p /etc/nginx/ssl 2>&1 | dialog --title "[ Generating a self-signed-certificate for NGINX ]" $myPROGRESSBOXCONF; +openssl req \ + -nodes \ + -x509 \ + -sha512 \ + -newkey rsa:8192 \ + -keyout "/etc/nginx/ssl/nginx.key" \ + -out "/etc/nginx/ssl/nginx.crt" \ + -days 3650 \ + -subj '/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd' 2>&1 | dialog --title "[ Generating a self-signed-certificate for NGINX ]" $myPROGRESSBOXCONF; + +# Let's setup the ntp server +if [ -f $myNTPCONFPATH ]; + then +dialog --title "[ Setting up the ntp server ]" $myPROGRESSBOXCONF <&1 | dialog --title "[ Setting up the ntp server ]" $myPROGRESSBOXCONF +fi + +# Let's setup 802.1x networking +if [ -f $myPFXPATH ]; + then +dialog --title "[ Setting 802.1x networking ]" $myPROGRESSBOXCONF <&1 | dialog --title "[ Setting 802.1x networking ]" $myPROGRESSBOXCONF + if [ -f $myPFXPWPATH ]; + then +dialog --title "[ Setting up 802.1x password ]" $myPROGRESSBOXCONF <&1>/dev/null <&1>/dev/null <&1>/dev/null <&1>/dev/null < with the name of your physical interface name +# +#auto eth0 +#iface eth0 inet static +# address 192.168.1.1 +# netmask 255.255.255.0 +# network 192.168.1.0 +# broadcast 192.168.1.255 +# gateway 192.168.1.1 +# dns-nameservers 192.168.1.1 + +### Example wireless config without 802.1x +### This configuration was tested with the IntelNUC series +### If problems occur you can try and change wpa-driver to "iwlwifi" +# +#auto wlan0 +#iface wlan0 inet dhcp +# wpa-driver wext +# wpa-ssid +# wpa-ap-scan 1 +# wpa-proto RSN +# wpa-pairwise CCMP +# wpa-group CCMP +# wpa-key-mgmt WPA-PSK +# wpa-psk "" +EOF + +# Let's modify the sources list +sed -i '/cdrom/d' /etc/apt/sources.list + +# Let's make sure SSH roaming is turned off (CVE-2016-0777, CVE-2016-0778) +fuECHO "### Let's make sure SSH roaming is turned off." +tee -a /etc/ssh/ssh_config 2>&1>/dev/null <&1 | dialog --title "[ Pulling updates ]" $myPROGRESSBOXCONF +apt-get upgrade -y 2>&1 | dialog --title "[ Pulling updates ]" $myPROGRESSBOXCONF + +# Let's clean up apt +apt-get autoclean -y 2>&1 | dialog --title "[ Pulling updates ]" $myPROGRESSBOXCONF +apt-get autoremove -y 2>&1 | dialog --title "[ Pulling updates ]" $myPROGRESSBOXCONF + +# Installing docker-compose, wetty, ctop, elasticdump, tpot +pip install --upgrade pip 2>&1 | dialog --title "[ Installing pip ]" $myPROGRESSBOXCONF +pip install docker-compose==1.12.0 2>&1 | dialog --title "[ Installing docker-compose ]" $myPROGRESSBOXCONF +pip install elasticsearch-curator==5.1.1 2>&1 | dialog --title "[ Installing elasticsearch-curator ]" $myPROGRESSBOXCONF +ln -s /usr/bin/nodejs /usr/bin/node 2>&1 | dialog --title "[ Installing wetty ]" $myPROGRESSBOXCONF +npm install https://github.com/t3chn0m4g3/wetty -g 2>&1 | dialog --title "[ Installing wetty ]" $myPROGRESSBOXCONF +npm install https://github.com/t3chn0m4g3/elasticsearch-dump -g 2>&1 | dialog --title "[ Installing elasticsearch-dump ]" $myPROGRESSBOXCONF +wget https://github.com/bcicen/ctop/releases/download/v0.6.1/ctop-0.6.1-linux-amd64 -O ctop 2>&1 | dialog --title "[ Installing ctop ]" $myPROGRESSBOXCONF +git clone https://github.com/dtag-dev-sec/tpotce -b autoupdate /opt/tpot 2>&1 | dialog --title "[ Cloning T-Pot ]" $myPROGRESSBOXCONF +mv ctop /usr/bin/ 2>&1 | dialog --title "[ Installing ctop ]" $myPROGRESSBOXCONF +chmod +x /usr/bin/ctop 2>&1 | dialog --title "[ Installing ctop ]" $myPROGRESSBOXCONF +# Let's add a new user +addgroup --gid 2000 tpot 2>&1 | dialog --title "[ Adding new user ]" $myPROGRESSBOXCONF +adduser --system --no-create-home --uid 2000 --disabled-password --disabled-login --gid 2000 tpot 2>&1 | dialog --title "[ Adding new user ]" $myPROGRESSBOXCONF + +# Let's set the hostname +a=$(fuRANDOMWORD /opt/tpot/host/usr/share/dict/a.txt) +n=$(fuRANDOMWORD /opt/tpot/host/usr/share/dict/n.txt) +myHOST=$a$n +hostnamectl set-hostname $myHOST 2>&1 | dialog --title "[ Setting new hostname ]" $myPROGRESSBOXCONF +sed -i 's#127.0.1.1.*#127.0.1.1\t'"$myHOST"'#g' /etc/hosts 2>&1 | dialog --title "[ Setting new hostname ]" $myPROGRESSBOXCONF + +# Let's patch sshd_config +sed -i 's#Port 22#Port 64295#' /etc/ssh/sshd_config 2>&1 | dialog --title "[ SSH listen on tcp/64295 ]" $myPROGRESSBOXCONF +sed -i 's#\#PasswordAuthentication yes#PasswordAuthentication no#' /etc/ssh/sshd_config 2>&1 | dialog --title "[ SSH password authentication only from RFC1918 networks ]" $myPROGRESSBOXCONF +tee -a /etc/ssh/sshd_config 2>&1>/dev/null <&1>/dev/null + ;; + INDUSTRIAL) + echo "### Preparing INDUSTRIAL flavor installation." + cp /opt/tpot/etc/compose/industrial.yml $myTPOTCOMPOSE 2>&1>/dev/null + ;; + TPOT) + echo "### Preparing TPOT flavor installation." + cp /opt/tpot/etc/compose/tpot.yml $myTPOTCOMPOSE 2>&1>/dev/null + ;; + EVERYTHING) + echo "### Preparing EVERYTHING flavor installation." + cp /opt/tpot/etc/compose/all.yml $myTPOTCOMPOSE 2>&1>/dev/null + ;; +esac + +# Let's load docker images +myIMAGESCOUNT=$(cat $myTPOTCOMPOSE | grep -v '#' | grep image | cut -d: -f2 | wc -l) +j=0 +for name in $(cat $myTPOTCOMPOSE | grep -v '#' | grep image | cut -d'"' -f2) + do + dialog --title "[ Downloading docker images, please be patient ]" --backtitle "$myBACKTITLE" \ + --gauge "\n Now downloading: $name\n" 8 80 $(expr 100 \* $j / $myIMAGESCOUNT) <&1>/dev/null + let j+=1 + dialog --title "[ Downloading docker images, please be patient ]" --backtitle "$myBACKTITLE" \ + --gauge "\n Now downloading: $name\n" 8 80 $(expr 100 \* $j / $myIMAGESCOUNT) <&1>/dev/null <&1>/dev/null <&1>/dev/null <&1 | dialog --title "[ Creating some files and folders ]" $myPROGRESSBOXCONF +touch /data/spiderfoot/spiderfoot.db 2>&1 | dialog --title "[ Creating some files and folders ]" $myPROGRESSBOXCONF + +# Let's copy some files +tar xvfz /opt/tpot/etc/objetcs/elkbase.tgz -C / 2>&1 | dialog --title "[ Extracting elkbase.tgz ]" $myPROGRESSBOXCONF +cp /opt/tpot/host/etc/systemd/* /etc/systemd/system/ 2>&1 | dialog --title "[ Copy configs ]" $myPROGRESSBOXCONF +cp /opt/tpot/host/etc/issue /etc/ 2>&1 | dialog --title "[ Copy configs ]" $myPROGRESSBOXCONF +cp -R /opt/tpot/host/etc/nginx/ssl /etc/nginx/ 2>&1 | dialog --title "[ Copy configs ]" $myPROGRESSBOXCONF +cp /opt/tpot/host/etc/nginx/tpotweb.conf /etc/nginx/sites-available/ 2>&1 | dialog --title "[ Copy configs ]" $myPROGRESSBOXCONF +cp /opt/tpot/host/etc/nginx/nginx.conf /etc/nginx/nginx.conf 2>&1 | dialog --title "[ Copy configs ]" $myPROGRESSBOXCONF +cp /opt/tpot/host/usr/share/nginx/html/* /usr/share/nginx/html/ 2>&1 | dialog --title "[ Copy configs ]" $myPROGRESSBOXCONF +cp /root/installer/keys/authorized_keys /home/tsec/.ssh/authorized_keys 2>&1 | dialog --title "[ Copy configs ]" $myPROGRESSBOXCONF +systemctl enable tpot 2>&1 | dialog --title "[ Enabling service for tpot ]" $myPROGRESSBOXCONF +systemctl enable wetty 2>&1 | dialog --title "[ Enabling service for wetty ]" $myPROGRESSBOXCONF + +# Let's enable T-Pot website +ln -s /etc/nginx/sites-available/tpotweb.conf /etc/nginx/sites-enabled/tpotweb.conf 2>&1 | dialog --title "[ Enabling T-Pot website ]" $myPROGRESSBOXCONF + +# Let's take care of some files and permissions +chmod 760 -R /data 2>&1 | dialog --title "[ Set permissions and ownerships ]" $myPROGRESSBOXCONF +chown tpot:tpot -R /data 2>&1 | dialog --title "[ Set permissions and ownerships ]" $myPROGRESSBOXCONF +chmod 600 /home/tsec/.ssh/authorized_keys 2>&1 | dialog --title "[ Set permissions and ownerships ]" $myPROGRESSBOXCONF +chown tsec:tsec /home/tsec/.ssh /home/tsec/.ssh/authorized_keys 2>&1 | dialog --title "[ Set permissions and ownerships ]" $myPROGRESSBOXCONF + +# Let's replace "quiet splash" options, set a console font for more screen canvas and update grub +sed -i 's#GRUB_CMDLINE_LINUX_DEFAULT="quiet splash"#GRUB_CMDLINE_LINUX_DEFAULT="consoleblank=0"#' /etc/default/grub 2>&1>/dev/null +sed -i 's#GRUB_CMDLINE_LINUX=""#GRUB_CMDLINE_LINUX="cgroup_enable=memory swapaccount=1"#' /etc/default/grub 2>&1>/dev/null +update-grub 2>&1 | dialog --title "[ Update grub ]" $myPROGRESSBOXCONF +cp /usr/share/consolefonts/Uni2-Terminus12x6.psf.gz /etc/console-setup/ +gunzip /etc/console-setup/Uni2-Terminus12x6.psf.gz +sed -i 's#FONTFACE=".*#FONTFACE="Terminus"#' /etc/default/console-setup +sed -i 's#FONTSIZE=".*#FONTSIZE="12x6"#' /etc/default/console-setup +update-initramfs -u 2>&1 | dialog --title "[ Update initramfs ]" $myPROGRESSBOXCONF + +# Let's enable a color prompt and add /opt/tpot/bin to path +myROOTPROMPT='PS1="\[\033[38;5;8m\][\[$(tput sgr0)\]\[\033[38;5;1m\]\u\[$(tput sgr0)\]\[\033[38;5;6m\]@\[$(tput sgr0)\]\[\033[38;5;4m\]\h\[$(tput sgr0)\]\[\033[38;5;6m\]:\[$(tput sgr0)\]\[\033[38;5;5m\]\w\[$(tput sgr0)\]\[\033[38;5;8m\]]\[$(tput sgr0)\]\[\033[38;5;1m\]\\$\[$(tput sgr0)\]\[\033[38;5;15m\] \[$(tput sgr0)\]"' +myUSERPROMPT='PS1="\[\033[38;5;8m\][\[$(tput sgr0)\]\[\033[38;5;2m\]\u\[$(tput sgr0)\]\[\033[38;5;6m\]@\[$(tput sgr0)\]\[\033[38;5;4m\]\h\[$(tput sgr0)\]\[\033[38;5;6m\]:\[$(tput sgr0)\]\[\033[38;5;5m\]\w\[$(tput sgr0)\]\[\033[38;5;8m\]]\[$(tput sgr0)\]\[\033[38;5;2m\]\\$\[$(tput sgr0)\]\[\033[38;5;15m\] \[$(tput sgr0)\]"' +tee -a /root/.bashrc 2>&1>/dev/null <&1>/dev/null <&1>/dev/null + +# Final steps +cp /opt/tpot/host/etc/rc.local /etc/rc.local 2>&1>/dev/null && \ +rm -rf /root/installer 2>&1>/dev/null && \ +dialog --no-ok --no-cancel --backtitle "$myBACKTITLE" --title "[ Thanks for your patience. Now rebooting. ]" --pause "" 6 80 2 && \ +reboot diff --git a/iso/installer/keys/authorized_keys b/iso/installer/keys/authorized_keys new file mode 100644 index 00000000..8b137891 --- /dev/null +++ b/iso/installer/keys/authorized_keys @@ -0,0 +1 @@ + diff --git a/iso/installer/rc.local.install b/iso/installer/rc.local.install new file mode 100755 index 00000000..edb417d5 --- /dev/null +++ b/iso/installer/rc.local.install @@ -0,0 +1,2 @@ +#!/bin/bash +openvt -w -s /root/installer/install.sh diff --git a/iso/isolinux/txt.cfg b/iso/isolinux/txt.cfg new file mode 100755 index 00000000..e93d49f7 --- /dev/null +++ b/iso/isolinux/txt.cfg @@ -0,0 +1,7 @@ +default install +label install + menu label ^T-Pot 17.10 (Alpha) + menu default + kernel linux + append vga=788 initrd=initrd.gz console-setup/ask_detect=true -- + #append vga=788 initrd=initrd.gz console-setup/ask_detect=true DEBCONF_DEBUG=developer diff --git a/iso/preseed/tpot.seed b/iso/preseed/tpot.seed new file mode 100755 index 00000000..be71342d --- /dev/null +++ b/iso/preseed/tpot.seed @@ -0,0 +1,125 @@ +############################################## +### T-Pot Preseed Configuration File by mo ### +############################################## + +#################### +### Locale Selection +#################### +#d-i debian-installer/country string DE +d-i debian-installer/language string en +d-i debian-installer/locale string en_US.UTF-8 +d-i localechooser/preferred-locale string en_US.UTF-8 + +###################### +### Keyboard Selection +###################### +#d-i console-setup/ask_detect boolean true +#d-i keyboard-configuration/layoutcode string de +d-i console-setup/detected note + +############################# +### Unmount Active Partitions +############################# +#d-i preseed/early_command string umount /media || : + +######################### +### Network Configuration +######################### +#d-i netcfg/choose_interface select auto +#d-i netcfg/dhcp_timeout string 60 +d-i netcfg/get_hostname string t-pot + +############### +### Disk Layout +############### +d-i partman/early_command string \ +debconf-set partman-auto/disk $(parted_devices | sort -k2nr | head -1 | cut -f1) + +d-i partman-auto/method string regular +d-i partman-lvm/device_remove_lvm boolean true +d-i partman-md/device_remove_md boolean true +d-i partman-auto/choose_recipe select atomic +d-i partman-auto/expert_recipe string \ + root :: \ + 8192 8888 8192 linux-swap \ + $primary{ } \ + method{ swap } format{ } \ + . \ + 40960 44444 -1 ext4 \ + $primary{ } $bootable{ } \ + method{ format } format{ } \ + use_filesystem{ } filesystem{ ext4 } \ + mountpoint{ / } \ + . +d-i partman-partitioning/confirm_write_new_label boolean true +d-i partman/choose_partition select finish +d-i partman/confirm boolean true +d-i partman/confirm_nooverwrite boolean true + +###################### +### User Configuration +###################### +d-i passwd/root-login boolean false +d-i passwd/make-user boolean true +d-i passwd/user-fullname string tsec +d-i passwd/username string tsec +d-i passwd/user-password-crypted password $1$jAw1TW8v$a2WFamxQJfpPYZmn4qJT71 +d-i user-setup/encrypt-home boolean false + +######################################## +### Country Mirror & Proxy Configuration +######################################## +d-i mirror/country string manual +d-i mirror/http/hostname string archive.ubuntu.com +d-i mirror/http/directory string /ubuntu +d-i mirror/http/proxy string + +########################### +### Skip Grub Configuration +########################### +#d-i grub-installer/confirm boolean true +#d-i grub-installer/only_debian boolean true +#d-i grub-installer/with_other_os boolean true +d-i grub-installer/skip boolean true +d-i lilo-installer/skip boolean true + +###################### +### Time Configuration +###################### +#d-i time/zone string Europe/Berlin +d-i clock-setup/utc boolean true +d-i time/zone string UTC +d-i clock-setup/ntp boolean true +d-i clock-setup/ntp-server string ntp.ubuntu.com + +################## +### Package Groups +################## +tasksel tasksel/first multiselect ubuntu-server + +######################## +### Package Installation +######################## +d-i pkgsel/include string apache2-utils apparmor apt-transport-https aufs-tools bash-completion build-essential ca-certificates cgroupfs-mount curl dialog dnsutils docker.io dstat ethtool genisoimage git glances html2text htop iptables iw jq libcrack2 libltdl7 lm-sensors man nginx-extras nodejs npm ntp openssh-server openssl prips syslinux psmisc pv python-pip unzip vim wireless-tools wpasupplicant + +################# +### Update Policy +################# +d-i pkgsel/update-policy select unattended-upgrades + +######################################### +### Post install (Grub & T-Pot Installer) +######################################### +d-i preseed/late_command string \ +in-target apt-get -y install grub-pc; \ +in-target grub-install --force $(debconf-get partman-auto/disk); \ +in-target update-grub; \ +cp /opt/installer/rc.local.install /target/etc/rc.local; \ +cp /opt/installer -R /target/root/; + +########## +### Reboot +########## +d-i nobootloader/confirmation_common note +d-i finish-install/reboot_in_progress note +d-i cdrom-detect/eject boolean true diff --git a/makeiso.sh b/makeiso.sh index 1101802a..911f22bc 100755 --- a/makeiso.sh +++ b/makeiso.sh @@ -12,15 +12,15 @@ myUBUNTULINK="http://archive.ubuntu.com/ubuntu/dists/xenial-updates/main/install myUBUNTUISO="mini.iso" myTPOTISO="tpot.iso" myTPOTDIR="tpotiso" -myTPOTSEED="preseed/tpot.seed" +myTPOTSEED="iso/preseed/tpot.seed" myPACKAGES="dialog genisoimage syslinux syslinux-utils pv udisks2" -myAUTHKEYSPATH="installer/keys/authorized_keys" -myPFXPATH="installer/keys/8021x.pfx" -myPFXPWPATH="installer/keys/8021x.pw" -myPFXHOSTIDPATH="installer/keys/8021x.id" -myINSTALLERPATH="installer/install.sh" -myPROXYCONFIG="installer/etc/proxy" -myNTPCONFPATH="installer/etc/ntp" +myAUTHKEYSPATH="iso/installer/keys/authorized_keys" +myPFXPATH="iso/installer/keys/8021x.pfx" +myPFXPWPATH="iso/installer/keys/8021x.pw" +myPFXHOSTIDPATH="iso/installer/keys/8021x.id" +myINSTALLERPATH="iso/installer/install.sh" +myPROXYCONFIG="iso/installer/proxy" +myNTPCONFPATH="iso/installer/ntp" myTMP="tmp" # Got root? @@ -33,7 +33,7 @@ if [ "$myWHOAMI" != "root" ] fi # Let's load dialog color theme -cp installer/etc/dialogrc /etc/ +cp host/etc/dialogrc /etc/ # Let's clean up at the end or if something goes wrong ... function fuCLEANUP { @@ -228,10 +228,10 @@ rm initrd cd .. # Let's add the files for the automated install -mkdir -p $myTPOTDIR/tmp/opt/tpot -cp installer/* -R $myTPOTDIR/tmp/opt/tpot/ -cp isolinux/* $myTPOTDIR/ -cp preseed/tpot.seed $myTPOTDIR/tmp/preseed.cfg +mkdir -p $myTPOTDIR/tmp/opt/ +cp iso/installer -R $myTPOTDIR/tmp/opt/ +cp iso/isolinux/* $myTPOTDIR/ +cp iso/preseed/tpot.seed $myTPOTDIR/tmp/preseed.cfg # Let's create the new initrd cd $myTPOTDIR/tmp From 7b228c5be03ef8eef67eb798bbc82974bd102b69 Mon Sep 17 00:00:00 2001 From: Marco Ochse Date: Tue, 26 Sep 2017 15:18:06 +0000 Subject: [PATCH 03/14] some cleanup --- installer/install.sh | 524 --- installer/rc.local.install | 2 - isolinux/txt.cfg | 7 - preseed/tpot.seed | 126 - tpot/bin/backup_es_folders.sh | 38 - tpot/bin/clean.sh | 219 - tpot/bin/dps.sh | 71 - tpot/bin/dump_es.sh | 45 - tpot/bin/export_kibana-objects.sh | 77 - tpot/bin/import_kibana-objects.sh | 91 - tpot/bin/myip.sh | 88 - tpot/bin/restore_es.sh | 61 - tpot/bin/updateip.sh | 24 - tpot/etc/compose/all.yml | 313 -- tpot/etc/compose/hp.yml | 156 - tpot/etc/compose/industrial.yml | 176 - tpot/etc/compose/tpot.yml | 283 -- tpot/etc/curator/actions.yml | 26 - tpot/etc/curator/curator.yml | 21 - tpot/etc/logrotate/logrotate.conf | 38 - tpot/etc/objects/elkbase.tgz | Bin 139574 -> 0 bytes tpot/etc/objects/kibana-objects.tgz | Bin 29381 -> 0 bytes tpot/host/etc/dialogrc | 144 - tpot/host/etc/issue | 20 - tpot/host/etc/nginx/nginx.conf | 96 - tpot/host/etc/nginx/ssl/dhparam4096.pem | 13 - tpot/host/etc/nginx/ssl/gen-cert.sh | 12 - tpot/host/etc/nginx/ssl/gen-dhparam.sh | 16 - tpot/host/etc/nginx/tpotweb.conf | 155 - tpot/host/etc/rc.local | 2 - tpot/host/etc/systemd/tpot.service | 57 - tpot/host/etc/systemd/wetty.service | 13 - tpot/host/usr/share/dict/a.txt | 1466 ------ tpot/host/usr/share/dict/n.txt | 4401 ------------------- tpot/host/usr/share/dict/names | 3947 ----------------- tpot/host/usr/share/nginx/html/error.html | 0 tpot/host/usr/share/nginx/html/favicon.ico | Bin 805 -> 0 bytes tpot/host/usr/share/nginx/html/navbar.html | 21 - tpot/host/usr/share/nginx/html/style.css | 17 - tpot/host/usr/share/nginx/html/tpotweb.html | 15 - tpot/keys/authorized_keys | 1 - 41 files changed, 12782 deletions(-) delete mode 100755 installer/install.sh delete mode 100755 installer/rc.local.install delete mode 100755 isolinux/txt.cfg delete mode 100755 preseed/tpot.seed delete mode 100755 tpot/bin/backup_es_folders.sh delete mode 100755 tpot/bin/clean.sh delete mode 100755 tpot/bin/dps.sh delete mode 100755 tpot/bin/dump_es.sh delete mode 100755 tpot/bin/export_kibana-objects.sh delete mode 100755 tpot/bin/import_kibana-objects.sh delete mode 100755 tpot/bin/myip.sh delete mode 100755 tpot/bin/restore_es.sh delete mode 100755 tpot/bin/updateip.sh delete mode 100644 tpot/etc/compose/all.yml delete mode 100644 tpot/etc/compose/hp.yml delete mode 100644 tpot/etc/compose/industrial.yml delete mode 100644 tpot/etc/compose/tpot.yml delete mode 100644 tpot/etc/curator/actions.yml delete mode 100644 tpot/etc/curator/curator.yml delete mode 100644 tpot/etc/logrotate/logrotate.conf delete mode 100644 tpot/etc/objects/elkbase.tgz delete mode 100644 tpot/etc/objects/kibana-objects.tgz delete mode 100644 tpot/host/etc/dialogrc delete mode 100644 tpot/host/etc/issue delete mode 100644 tpot/host/etc/nginx/nginx.conf delete mode 100644 tpot/host/etc/nginx/ssl/dhparam4096.pem delete mode 100755 tpot/host/etc/nginx/ssl/gen-cert.sh delete mode 100755 tpot/host/etc/nginx/ssl/gen-dhparam.sh delete mode 100644 tpot/host/etc/nginx/tpotweb.conf delete mode 100755 tpot/host/etc/rc.local delete mode 100644 tpot/host/etc/systemd/tpot.service delete mode 100644 tpot/host/etc/systemd/wetty.service delete mode 100644 tpot/host/usr/share/dict/a.txt delete mode 100644 tpot/host/usr/share/dict/n.txt delete mode 100644 tpot/host/usr/share/dict/names delete mode 100644 tpot/host/usr/share/nginx/html/error.html delete mode 100644 tpot/host/usr/share/nginx/html/favicon.ico delete mode 100644 tpot/host/usr/share/nginx/html/navbar.html delete mode 100644 tpot/host/usr/share/nginx/html/style.css delete mode 100644 tpot/host/usr/share/nginx/html/tpotweb.html delete mode 100644 tpot/keys/authorized_keys diff --git a/installer/install.sh b/installer/install.sh deleted file mode 100755 index 68d1bf46..00000000 --- a/installer/install.sh +++ /dev/null @@ -1,524 +0,0 @@ -#!/bin/bash -# T-Pot post install script - -# Set TERM, DIALOGRC -export TERM=linux -export DIALOGRC=/etc/dialogrc - -# Let's load dialog color theme -cp /root/tpot/etc/dialogrc /etc/ - -# Some global vars -myPROXYFILEPATH="/root/tpot/etc/proxy" -myNTPCONFPATH="/root/tpot/etc/ntp" -myPFXPATH="/root/tpot/keys/8021x.pfx" -myPFXPWPATH="/root/tpot/keys/8021x.pw" -myPFXHOSTIDPATH="/root/tpot/keys/8021x.id" -myBACKTITLE="T-Pot-Installer" -mySITES="https://index.docker.io https://github.com https://pypi.python.org https://ubuntu.com" -myPROGRESSBOXCONF=" --backtitle "$myBACKTITLE" --progressbox 24 80" - -fuRANDOMWORD () { - local myWORDFILE="$1" - local myLINES=$(cat $myWORDFILE | wc -l) - local myRANDOM=$((RANDOM % $myLINES)) - local myNUM=$((myRANDOM * myRANDOM % $myLINES + 1)) - echo -n $(sed -n "$myNUM p" $myWORDFILE | tr -d \' | tr A-Z a-z) -} - -# Let's wait a few seconds to avoid interference with service messages -sleep 3 -tput civis -dialog --no-ok --no-cancel --backtitle "$myBACKTITLE" --title "[ Wait to avoid interference with service messages ]" --pause "" 6 80 7 - -# Let's setup the proxy for env -if [ -f $myPROXYFILEPATH ]; -then -dialog --title "[ Setting up the proxy ]" $myPROGRESSBOXCONF <&1>/dev/null <&1>/dev/null <&1>/dev/null <&1 | dialog --title "[ Stop docker service ]" $myPROGRESSBOXCONF -systemctl start docker 2>&1 | dialog --title "[ Start docker service ]" $myPROGRESSBOXCONF -fi - -# Let's test the internet connection -mySITESCOUNT=$(echo $mySITES | wc -w) -j=0 -for i in $mySITES; - do - dialog --title "[ Testing the internet connection ]" --backtitle "$myBACKTITLE" \ - --gauge "\n Now checking: $i\n" 8 80 $(expr 100 \* $j / $mySITESCOUNT) <&1>/dev/null - if [ $? -ne 0 ]; - then - dialog --backtitle "$myBACKTITLE" --title "[ Continue? ]" --yesno "\nInternet connection test failed. This might indicate some problems with your connection. You can continue, but the installation might fail." 10 50 - if [ $? = 1 ]; - then - dialog --backtitle "$myBACKTITLE" --title "[ Abort ]" --msgbox "\nInstallation aborted. Exiting the installer." 7 50 - exit - else - break; - fi; - fi; - let j+=1 - dialog --title "[ Testing the internet connection ]" --backtitle "$myBACKTITLE" \ - --gauge "\n Now checking: $i\n" 8 80 $(expr 100 \* $j / $mySITESCOUNT) <&1 | dialog --title "[ Removing NGINX default website. ]" $myPROGRESSBOXCONF; -rm -rf /etc/nginx/sites-available/default 2>&1 | dialog --title "[ Removing NGINX default website. ]" $myPROGRESSBOXCONF; -rm -rf /usr/share/nginx/html/index.html 2>&1 | dialog --title "[ Removing NGINX default website. ]" $myPROGRESSBOXCONF; - -# Let's ask user for install flavor -# Install types are TPOT, HP, INDUSTRIAL, ALL -tput cnorm -myFLAVOR=$(dialog --no-cancel --backtitle "$myBACKTITLE" --title "[ Choose your edition ]" --no-tags --menu \ -"\nRequired: 4GB RAM, 64GB disk\nRecommended: 8GB RAM, 128GB SSD" 14 60 4 \ -"TPOT" "Standard Honeypots, Suricata & ELK" \ -"HP" "Honeypots only, w/o Suricata & ELK" \ -"INDUSTRIAL" "Conpot, eMobility, Suricata & ELK" \ -"EVERYTHING" "Everything" 3>&1 1>&2 2>&3 3>&-) - -# Let's ask for a secure tsec password -myUSER="tsec" -myPASS1="pass1" -myPASS2="pass2" -mySECURE="0" -while [ "$myPASS1" != "$myPASS2" ] && [ "$mySECURE" == "0" ] - do - while [ "$myPASS1" == "pass1" ] || [ "$myPASS1" == "" ] - do - myPASS1=$(dialog --insecure --backtitle "$myBACKTITLE" \ - --title "[ Enter password for console user (tsec) ]" \ - --passwordbox "\nPassword" 9 60 3>&1 1>&2 2>&3 3>&-) - done - myPASS2=$(dialog --insecure --backtitle "$myBACKTITLE" \ - --title "[ Repeat password for console user (tsec) ]" \ - --passwordbox "\nPassword" 9 60 3>&1 1>&2 2>&3 3>&-) - if [ "$myPASS1" != "$myPASS2" ]; - then - dialog --backtitle "$myBACKTITLE" --title "[ Passwords do not match. ]" \ - --msgbox "\nPlease re-enter your password." 7 60 - myPASS1="pass1" - myPASS2="pass2" - fi - mySECURE=$(printf "%s" "$myPASS1" | cracklib-check | grep -c "OK") - if [ "$mySECURE" == "0" ] && [ "$myPASS1" == "$myPASS2" ]; - then - dialog --backtitle "$myBACKTITLE" --title "[ Password is not secure ]" --defaultno --yesno "\nKeep insecure password?" 7 50 - myOK=$? - if [ "$myOK" == "1" ]; - then - myPASS1="pass1" - myPASS2="pass2" - fi - fi - done -printf "%s" "$myUSER:$myPASS1" | chpasswd - -# Let's ask for a web username with secure password -myOK="1" -myUSER="tsec" -myPASS1="pass1" -myPASS2="pass2" -mySECURE="0" -while [ 1 != 2 ] - do - myUSER=$(dialog --backtitle "$myBACKTITLE" --title "[ Enter your web user name ]" --inputbox "\nUsername (tsec not allowed)" 9 50 3>&1 1>&2 2>&3 3>&-) - myUSER=$(echo $myUSER | tr -cd "[:alnum:]_.-") - dialog --backtitle "$myBACKTITLE" --title "[ Your username is ]" --yesno "\n$myUSER" 7 50 - myOK=$? - if [ "$myOK" = "0" ] && [ "$myUSER" != "tsec" ] && [ "$myUSER" != "" ]; - then - break - fi - done -while [ "$myPASS1" != "$myPASS2" ] && [ "$mySECURE" == "0" ] - do - while [ "$myPASS1" == "pass1" ] || [ "$myPASS1" == "" ] - do - myPASS1=$(dialog --insecure --backtitle "$myBACKTITLE" \ - --title "[ Enter password for your web user ]" \ - --passwordbox "\nPassword" 9 60 3>&1 1>&2 2>&3 3>&-) - done - myPASS2=$(dialog --insecure --backtitle "$myBACKTITLE" \ - --title "[ Repeat password for your web user ]" \ - --passwordbox "\nPassword" 9 60 3>&1 1>&2 2>&3 3>&-) - if [ "$myPASS1" != "$myPASS2" ]; - then - dialog --backtitle "$myBACKTITLE" --title "[ Passwords do not match. ]" \ - --msgbox "\nPlease re-enter your password." 7 60 - myPASS1="pass1" - myPASS2="pass2" - fi - mySECURE=$(printf "%s" "$myPASS1" | cracklib-check | grep -c "OK") - if [ "$mySECURE" == "0" ] && [ "$myPASS1" == "$myPASS2" ]; - then - dialog --backtitle "$myBACKTITLE" --title "[ Password is not secure ]" --defaultno --yesno "\nKeep insecure password?" 7 50 - myOK=$? - if [ "$myOK" == "1" ]; - then - myPASS1="pass1" - myPASS2="pass2" - fi - fi - done -htpasswd -b -c /etc/nginx/nginxpasswd "$myUSER" "$myPASS1" 2>&1 | dialog --title "[ Setting up user and password ]" $myPROGRESSBOXCONF; - -# Let's generate a SSL self-signed certificate without interaction (browsers will see it invalid anyway) -tput civis -mkdir -p /etc/nginx/ssl 2>&1 | dialog --title "[ Generating a self-signed-certificate for NGINX ]" $myPROGRESSBOXCONF; -openssl req \ - -nodes \ - -x509 \ - -sha512 \ - -newkey rsa:8192 \ - -keyout "/etc/nginx/ssl/nginx.key" \ - -out "/etc/nginx/ssl/nginx.crt" \ - -days 3650 \ - -subj '/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd' 2>&1 | dialog --title "[ Generating a self-signed-certificate for NGINX ]" $myPROGRESSBOXCONF; - -# Let's setup the ntp server -if [ -f $myNTPCONFPATH ]; - then -dialog --title "[ Setting up the ntp server ]" $myPROGRESSBOXCONF <&1 | dialog --title "[ Setting up the ntp server ]" $myPROGRESSBOXCONF -fi - -# Let's setup 802.1x networking -if [ -f $myPFXPATH ]; - then -dialog --title "[ Setting 802.1x networking ]" $myPROGRESSBOXCONF <&1 | dialog --title "[ Setting 802.1x networking ]" $myPROGRESSBOXCONF - if [ -f $myPFXPWPATH ]; - then -dialog --title "[ Setting up 802.1x password ]" $myPROGRESSBOXCONF <&1>/dev/null <&1>/dev/null <&1>/dev/null <&1>/dev/null < with the name of your physical interface name -# -#auto eth0 -#iface eth0 inet static -# address 192.168.1.1 -# netmask 255.255.255.0 -# network 192.168.1.0 -# broadcast 192.168.1.255 -# gateway 192.168.1.1 -# dns-nameservers 192.168.1.1 - -### Example wireless config without 802.1x -### This configuration was tested with the IntelNUC series -### If problems occur you can try and change wpa-driver to "iwlwifi" -# -#auto wlan0 -#iface wlan0 inet dhcp -# wpa-driver wext -# wpa-ssid -# wpa-ap-scan 1 -# wpa-proto RSN -# wpa-pairwise CCMP -# wpa-group CCMP -# wpa-key-mgmt WPA-PSK -# wpa-psk "" -EOF - -# Let's modify the sources list -sed -i '/cdrom/d' /etc/apt/sources.list - -# Let's make sure SSH roaming is turned off (CVE-2016-0777, CVE-2016-0778) -fuECHO "### Let's make sure SSH roaming is turned off." -tee -a /etc/ssh/ssh_config 2>&1>/dev/null <&1 | dialog --title "[ Pulling updates ]" $myPROGRESSBOXCONF -apt-get upgrade -y 2>&1 | dialog --title "[ Pulling updates ]" $myPROGRESSBOXCONF - -# Let's clean up apt -apt-get autoclean -y 2>&1 | dialog --title "[ Pulling updates ]" $myPROGRESSBOXCONF -apt-get autoremove -y 2>&1 | dialog --title "[ Pulling updates ]" $myPROGRESSBOXCONF - -# Installing docker-compose, wetty, ctop, elasticdump -pip install --upgrade pip 2>&1 | dialog --title "[ Installing pip ]" $myPROGRESSBOXCONF -pip install docker-compose==1.12.0 2>&1 | dialog --title "[ Installing docker-compose ]" $myPROGRESSBOXCONF -pip install elasticsearch-curator==5.1.1 2>&1 | dialog --title "[ Installing elasticsearch-curator ]" $myPROGRESSBOXCONF -ln -s /usr/bin/nodejs /usr/bin/node 2>&1 | dialog --title "[ Installing wetty ]" $myPROGRESSBOXCONF -npm install https://github.com/t3chn0m4g3/wetty -g 2>&1 | dialog --title "[ Installing wetty ]" $myPROGRESSBOXCONF -npm install https://github.com/t3chn0m4g3/elasticsearch-dump -g 2>&1 | dialog --title "[ Installing elasticsearch-dump ]" $myPROGRESSBOXCONF -wget https://github.com/bcicen/ctop/releases/download/v0.6.1/ctop-0.6.1-linux-amd64 -O ctop 2>&1 | dialog --title "[ Installing ctop ]" $myPROGRESSBOXCONF -mv ctop /usr/bin/ 2>&1 | dialog --title "[ Installing ctop ]" $myPROGRESSBOXCONF -chmod +x /usr/bin/ctop 2>&1 | dialog --title "[ Installing ctop ]" $myPROGRESSBOXCONF - -# Let's add a new user -addgroup --gid 2000 tpot 2>&1 | dialog --title "[ Adding new user ]" $myPROGRESSBOXCONF -adduser --system --no-create-home --uid 2000 --disabled-password --disabled-login --gid 2000 tpot 2>&1 | dialog --title "[ Adding new user ]" $myPROGRESSBOXCONF - -# Let's set the hostname -a=$(fuRANDOMWORD /usr/share/dict/a.txt) -n=$(fuRANDOMWORD /usr/share/dict/n.txt) -myHOST=$a$n -hostnamectl set-hostname $myHOST 2>&1 | dialog --title "[ Setting new hostname ]" $myPROGRESSBOXCONF -sed -i 's#127.0.1.1.*#127.0.1.1\t'"$myHOST"'#g' /etc/hosts 2>&1 | dialog --title "[ Setting new hostname ]" $myPROGRESSBOXCONF - -# Let's patch sshd_config -sed -i 's#Port 22#Port 64295#' /etc/ssh/sshd_config 2>&1 | dialog --title "[ SSH listen on tcp/64295 ]" $myPROGRESSBOXCONF -sed -i 's#\#PasswordAuthentication yes#PasswordAuthentication no#' /etc/ssh/sshd_config 2>&1 | dialog --title "[ SSH password authentication only from RFC1918 networks ]" $myPROGRESSBOXCONF -tee -a /etc/ssh/sshd_config 2>&1>/dev/null <&1>/dev/null - ;; - INDUSTRIAL) - echo "### Preparing INDUSTRIAL flavor installation." - cp /root/tpot/etc/tpot/compose/industrial.yml /root/tpot/etc/tpot/tpot.yml 2>&1>/dev/null - ;; - TPOT) - echo "### Preparing TPOT flavor installation." - cp /root/tpot/etc/tpot/compose/tpot.yml /root/tpot/etc/tpot/tpot.yml 2>&1>/dev/null - ;; - EVERYTHING) - echo "### Preparing EVERYTHING flavor installation." - cp /root/tpot/etc/tpot/compose/all.yml /root/tpot/etc/tpot/tpot.yml 2>&1>/dev/null - ;; -esac - -# Let's load docker images -myIMAGESCOUNT=$(cat /root/tpot/etc/tpot/tpot.yml | grep -v '#' | grep image | cut -d: -f2 | wc -l) -j=0 -for name in $(cat /root/tpot/etc/tpot/tpot.yml | grep -v '#' | grep image | cut -d'"' -f2) - do - dialog --title "[ Downloading docker images, please be patient ]" --backtitle "$myBACKTITLE" \ - --gauge "\n Now downloading: $name\n" 8 80 $(expr 100 \* $j / $myIMAGESCOUNT) <&1>/dev/null - let j+=1 - dialog --title "[ Downloading docker images, please be patient ]" --backtitle "$myBACKTITLE" \ - --gauge "\n Now downloading: $name\n" 8 80 $(expr 100 \* $j / $myIMAGESCOUNT) <&1>/dev/null <&1>/dev/null <&1>/dev/null <&1 | dialog --title "[ Creating some files and folders ]" $myPROGRESSBOXCONF -touch /data/spiderfoot/spiderfoot.db 2>&1 | dialog --title "[ Creating some files and folders ]" $myPROGRESSBOXCONF - -# Let's take care of some files and permissions before copying -chmod 500 /root/tpot/bin/* 2>&1 | dialog --title "[ Setting permissions ]" $myPROGRESSBOXCONF -chmod 600 -R /root/tpot/etc/tpot 2>&1 | dialog --title "[ Setting permissions ]" $myPROGRESSBOXCONF -chmod 644 /root/tpot/etc/issue 2>&1 | dialog --title "[ Setting permissions ]" $myPROGRESSBOXCONF -chmod 755 /root/tpot/etc/rc.local 2>&1 | dialog --title "[ Setting permissions ]" $myPROGRESSBOXCONF -chmod 644 /root/tpot/etc/tpot/systemd/* 2>&1 | dialog --title "[ Setting permissions ]" $myPROGRESSBOXCONF - -# Let's copy some files -tar xvfz /root/tpot/etc/tpot/elkbase.tgz -C / 2>&1 | dialog --title "[ Extracting elkbase.tgz ]" $myPROGRESSBOXCONF -cp -R /root/tpot/bin/* /usr/share/tpot/bin/ 2>&1 | dialog --title "[ Copy configs ]" $myPROGRESSBOXCONF -cp -R /root/tpot/etc/tpot/* /etc/tpot/ 2>&1 | dialog --title "[ Copy configs ]" $myPROGRESSBOXCONF -cp /root/tpot/etc/tpot/systemd/* /etc/systemd/system/ 2>&1 | dialog --title "[ Copy configs ]" $myPROGRESSBOXCONF -cp /root/tpot/etc/issue /etc/ 2>&1 | dialog --title "[ Copy configs ]" $myPROGRESSBOXCONF -cp -R /root/tpot/etc/nginx/ssl /etc/nginx/ 2>&1 | dialog --title "[ Copy configs ]" $myPROGRESSBOXCONF -cp /root/tpot/etc/nginx/tpotweb.conf /etc/nginx/sites-available/ 2>&1 | dialog --title "[ Copy configs ]" $myPROGRESSBOXCONF -cp /root/tpot/etc/nginx/nginx.conf /etc/nginx/nginx.conf 2>&1 | dialog --title "[ Copy configs ]" $myPROGRESSBOXCONF -cp /root/tpot/keys/authorized_keys /home/tsec/.ssh/authorized_keys 2>&1 | dialog --title "[ Copy configs ]" $myPROGRESSBOXCONF -cp /root/tpot/usr/share/nginx/html/* /usr/share/nginx/html/ 2>&1 | dialog --title "[ Copy configs ]" $myPROGRESSBOXCONF -systemctl enable tpot 2>&1 | dialog --title "[ Enabling service for tpot ]" $myPROGRESSBOXCONF -systemctl enable wetty 2>&1 | dialog --title "[ Enabling service for wetty ]" $myPROGRESSBOXCONF - -# Let's enable T-Pot website -ln -s /etc/nginx/sites-available/tpotweb.conf /etc/nginx/sites-enabled/tpotweb.conf 2>&1 | dialog --title "[ Enabling T-Pot website ]" $myPROGRESSBOXCONF - -# Let's take care of some files and permissions -chmod 760 -R /data 2>&1 | dialog --title "[ Set permissions and ownerships ]" $myPROGRESSBOXCONF -chown tpot:tpot -R /data 2>&1 | dialog --title "[ Set permissions and ownerships ]" $myPROGRESSBOXCONF -chmod 600 /home/tsec/.ssh/authorized_keys 2>&1 | dialog --title "[ Set permissions and ownerships ]" $myPROGRESSBOXCONF -chown tsec:tsec /home/tsec/.ssh /home/tsec/.ssh/authorized_keys 2>&1 | dialog --title "[ Set permissions and ownerships ]" $myPROGRESSBOXCONF - -# Let's replace "quiet splash" options, set a console font for more screen canvas and update grub -sed -i 's#GRUB_CMDLINE_LINUX_DEFAULT="quiet splash"#GRUB_CMDLINE_LINUX_DEFAULT="consoleblank=0"#' /etc/default/grub 2>&1>/dev/null -sed -i 's#GRUB_CMDLINE_LINUX=""#GRUB_CMDLINE_LINUX="cgroup_enable=memory swapaccount=1"#' /etc/default/grub 2>&1>/dev/null -#sed -i 's#\#GRUB_GFXMODE=640x480#GRUB_GFXMODE=800x600x32#' /etc/default/grub -#tee -a /etc/default/grub <&1 | dialog --title "[ Update grub ]" $myPROGRESSBOXCONF -cp /usr/share/consolefonts/Uni2-Terminus12x6.psf.gz /etc/console-setup/ -gunzip /etc/console-setup/Uni2-Terminus12x6.psf.gz -sed -i 's#FONTFACE=".*#FONTFACE="Terminus"#' /etc/default/console-setup -sed -i 's#FONTSIZE=".*#FONTSIZE="12x6"#' /etc/default/console-setup -update-initramfs -u 2>&1 | dialog --title "[ Update initramfs ]" $myPROGRESSBOXCONF - -# Let's enable a color prompt and add /usr/share/tpot/bin to path -myROOTPROMPT='PS1="\[\033[38;5;8m\][\[$(tput sgr0)\]\[\033[38;5;1m\]\u\[$(tput sgr0)\]\[\033[38;5;6m\]@\[$(tput sgr0)\]\[\033[38;5;4m\]\h\[$(tput sgr0)\]\[\033[38;5;6m\]:\[$(tput sgr0)\]\[\033[38;5;5m\]\w\[$(tput sgr0)\]\[\033[38;5;8m\]]\[$(tput sgr0)\]\[\033[38;5;1m\]\\$\[$(tput sgr0)\]\[\033[38;5;15m\] \[$(tput sgr0)\]"' -myUSERPROMPT='PS1="\[\033[38;5;8m\][\[$(tput sgr0)\]\[\033[38;5;2m\]\u\[$(tput sgr0)\]\[\033[38;5;6m\]@\[$(tput sgr0)\]\[\033[38;5;4m\]\h\[$(tput sgr0)\]\[\033[38;5;6m\]:\[$(tput sgr0)\]\[\033[38;5;5m\]\w\[$(tput sgr0)\]\[\033[38;5;8m\]]\[$(tput sgr0)\]\[\033[38;5;2m\]\\$\[$(tput sgr0)\]\[\033[38;5;15m\] \[$(tput sgr0)\]"' -tee -a /root/.bashrc 2>&1>/dev/null <&1>/dev/null <&1>/dev/null - -# Final steps -mv /root/tpot/etc/rc.local /etc/rc.local 2>&1>/dev/null && \ -rm -rf /root/tpot/ 2>&1>/dev/null && \ -dialog --no-ok --no-cancel --backtitle "$myBACKTITLE" --title "[ Thanks for your patience. Now rebooting. ]" --pause "" 6 80 2 && \ -reboot diff --git a/installer/rc.local.install b/installer/rc.local.install deleted file mode 100755 index 13f62044..00000000 --- a/installer/rc.local.install +++ /dev/null @@ -1,2 +0,0 @@ -#!/bin/bash -openvt -w -s /root/tpot/install.sh diff --git a/isolinux/txt.cfg b/isolinux/txt.cfg deleted file mode 100755 index e93d49f7..00000000 --- a/isolinux/txt.cfg +++ /dev/null @@ -1,7 +0,0 @@ -default install -label install - menu label ^T-Pot 17.10 (Alpha) - menu default - kernel linux - append vga=788 initrd=initrd.gz console-setup/ask_detect=true -- - #append vga=788 initrd=initrd.gz console-setup/ask_detect=true DEBCONF_DEBUG=developer diff --git a/preseed/tpot.seed b/preseed/tpot.seed deleted file mode 100755 index ca8c5931..00000000 --- a/preseed/tpot.seed +++ /dev/null @@ -1,126 +0,0 @@ -############################################## -### T-Pot Preseed Configuration File by mo ### -############################################## - -#################### -### Locale Selection -#################### -#d-i debian-installer/country string DE -d-i debian-installer/language string en -d-i debian-installer/locale string en_US.UTF-8 -d-i localechooser/preferred-locale string en_US.UTF-8 - -###################### -### Keyboard Selection -###################### -#d-i console-setup/ask_detect boolean true -#d-i keyboard-configuration/layoutcode string de -d-i console-setup/detected note - -############################# -### Unmount Active Partitions -############################# -#d-i preseed/early_command string umount /media || : - -######################### -### Network Configuration -######################### -#d-i netcfg/choose_interface select auto -#d-i netcfg/dhcp_timeout string 60 -d-i netcfg/get_hostname string t-pot - -############### -### Disk Layout -############### -d-i partman/early_command string \ -debconf-set partman-auto/disk $(parted_devices | sort -k2nr | head -1 | cut -f1) - -d-i partman-auto/method string regular -d-i partman-lvm/device_remove_lvm boolean true -d-i partman-md/device_remove_md boolean true -d-i partman-auto/choose_recipe select atomic -d-i partman-auto/expert_recipe string \ - root :: \ - 8192 8888 8192 linux-swap \ - $primary{ } \ - method{ swap } format{ } \ - . \ - 40960 44444 -1 ext4 \ - $primary{ } $bootable{ } \ - method{ format } format{ } \ - use_filesystem{ } filesystem{ ext4 } \ - mountpoint{ / } \ - . -d-i partman-partitioning/confirm_write_new_label boolean true -d-i partman/choose_partition select finish -d-i partman/confirm boolean true -d-i partman/confirm_nooverwrite boolean true - -###################### -### User Configuration -###################### -d-i passwd/root-login boolean false -d-i passwd/make-user boolean true -d-i passwd/user-fullname string tsec -d-i passwd/username string tsec -d-i passwd/user-password-crypted password $1$jAw1TW8v$a2WFamxQJfpPYZmn4qJT71 -d-i user-setup/encrypt-home boolean false - -######################################## -### Country Mirror & Proxy Configuration -######################################## -d-i mirror/country string manual -d-i mirror/http/hostname string archive.ubuntu.com -d-i mirror/http/directory string /ubuntu -d-i mirror/http/proxy string - -########################### -### Skip Grub Configuration -########################### -#d-i grub-installer/confirm boolean true -#d-i grub-installer/only_debian boolean true -#d-i grub-installer/with_other_os boolean true -d-i grub-installer/skip boolean true -d-i lilo-installer/skip boolean true - -###################### -### Time Configuration -###################### -#d-i time/zone string Europe/Berlin -d-i clock-setup/utc boolean true -d-i time/zone string UTC -d-i clock-setup/ntp boolean true -d-i clock-setup/ntp-server string ntp.ubuntu.com - -################## -### Package Groups -################## -tasksel tasksel/first multiselect ubuntu-server - -######################## -### Package Installation -######################## -d-i pkgsel/include string apache2-utils apparmor apt-transport-https aufs-tools bash-completion build-essential ca-certificates cgroupfs-mount curl dialog dnsutils docker.io dstat ethtool genisoimage git glances html2text htop iptables iw jq libcrack2 libltdl7 lm-sensors man nginx-extras nodejs npm ntp openssh-server openssl prips syslinux psmisc pv python-pip unzip vim wireless-tools wpasupplicant - -################# -### Update Policy -################# -d-i pkgsel/update-policy select unattended-upgrades - -######################################### -### Post install (Grub & T-Pot Installer) -######################################### -d-i preseed/late_command string \ -in-target apt-get -y install grub-pc; \ -in-target grub-install --force $(debconf-get partman-auto/disk); \ -in-target update-grub; \ -cp /opt/tpot/rc.local.install /target/etc/rc.local; \ -cp -r /opt/tpot/ /target/root/; \ -cp /opt/tpot/usr/share/dict/* /target/usr/share/dict/ - -########## -### Reboot -########## -d-i nobootloader/confirmation_common note -d-i finish-install/reboot_in_progress note -d-i cdrom-detect/eject boolean true diff --git a/tpot/bin/backup_es_folders.sh b/tpot/bin/backup_es_folders.sh deleted file mode 100755 index 32409e0b..00000000 --- a/tpot/bin/backup_es_folders.sh +++ /dev/null @@ -1,38 +0,0 @@ -#!/bin/bash -# Backup all ES relevant folders -# Make sure ES is available -myES="http://127.0.0.1:64298/" -myESSTATUS=$(curl -s -XGET ''$myES'_cluster/health' | jq '.' | grep -c green) -if ! [ "$myESSTATUS" = "1" ] - then - echo "### Elasticsearch is not available, try starting via 'systemctl start elk'." - exit - else - echo "### Elasticsearch is available, now continuing." - echo -fi - -# Set vars -myCOUNT=1 -myDATE=$(date +%Y%m%d%H%M) -myELKPATH="/data/elk/data" -myKIBANAINDEXNAME=$(curl -s -XGET ''$myES'_cat/indices/' | grep .kibana | awk '{ print $4 }') -myKIBANAINDEXPATH=$myELKPATH/nodes/0/indices/$myKIBANAINDEXNAME - -# Let's ensure normal operation on exit or if interrupted ... -function fuCLEANUP { - ### Start ELK - systemctl start tpot - echo "### Now starting T-Pot ..." -} -trap fuCLEANUP EXIT - -# Stop T-Pot to lift db lock -echo "### Now stopping T-Pot" -systemctl stop tpot -sleep 2 - -# Backup DB in 2 flavors -echo "### Now backing up Elasticsearch folders ..." -tar cvfz "elkall_"$myDATE".tgz" $myELKPATH -tar cvfz "elkbase_"$myDATE".tgz" $myKIBANAINDEXPATH diff --git a/tpot/bin/clean.sh b/tpot/bin/clean.sh deleted file mode 100755 index ce121d97..00000000 --- a/tpot/bin/clean.sh +++ /dev/null @@ -1,219 +0,0 @@ -#!/bin/bash -# T-Pot Container Data Cleaner & Log Rotator - -# Set colors -myRED="" -myGREEN="" -myWHITE="" - -# Set persistence -myPERSISTENCE=$1 - -# Let's create a function to check if folder is empty -fuEMPTY () { - local myFOLDER=$1 - -echo $(ls $myFOLDER | wc -l) -} - -# Let's create a function to rotate and compress logs -fuLOGROTATE () { - local mySTATUS="/etc/tpot/logrotate/status" - local myCONF="/etc/tpot/logrotate/logrotate.conf" - local myCOWRIETTYLOGS="/data/cowrie/log/tty/" - local myCOWRIETTYTGZ="/data/cowrie/log/ttylogs.tgz" - local myCOWRIEDL="/data/cowrie/downloads/" - local myCOWRIEDLTGZ="/data/cowrie/downloads.tgz" - local myDIONAEABI="/data/dionaea/bistreams/" - local myDIONAEABITGZ="/data/dionaea/bistreams.tgz" - local myDIONAEABIN="/data/dionaea/binaries/" - local myDIONAEABINTGZ="/data/dionaea/binaries.tgz" - local myHONEYTRAPATTACKS="/data/honeytrap/attacks/" - local myHONEYTRAPATTACKSTGZ="/data/honeytrap/attacks.tgz" - local myHONEYTRAPDL="/data/honeytrap/downloads/" - local myHONEYTRAPDLTGZ="/data/honeytrap/downloads.tgz" - -# Ensure correct permissions and ownerships for logrotate to run without issues -chmod 760 /data/ -R -chown tpot:tpot /data -R - -# Run logrotate with force (-f) first, so the status file can be written and race conditions (with tar) be avoided -logrotate -f -s $mySTATUS $myCONF - -# Compressing some folders first and rotate them later -if [ "$(fuEMPTY $myCOWRIETTYLOGS)" != "0" ]; then tar cvfz $myCOWRIETTYTGZ $myCOWRIETTYLOGS; fi -if [ "$(fuEMPTY $myCOWRIEDL)" != "0" ]; then tar cvfz $myCOWRIEDLTGZ $myCOWRIEDL; fi -if [ "$(fuEMPTY $myDIONAEABI)" != "0" ]; then tar cvfz $myDIONAEABITGZ $myDIONAEABI; fi -if [ "$(fuEMPTY $myDIONAEABIN)" != "0" ]; then tar cvfz $myDIONAEABINTGZ $myDIONAEABIN; fi -if [ "$(fuEMPTY $myHONEYTRAPATTACKS)" != "0" ]; then tar cvfz $myHONEYTRAPATTACKSTGZ $myHONEYTRAPATTACKS; fi -if [ "$(fuEMPTY $myHONEYTRAPDL)" != "0" ]; then tar cvfz $myHONEYTRAPDLTGZ $myHONEYTRAPDL; fi - -# Ensure correct permissions and ownership for previously created archives -chmod 760 $myCOWRIETTYTGZ $myCOWRIEDLTGZ $myDIONAEABITGZ $myDIONAEABINTGZ $myHONEYTRAPATTACKSTGZ $myHONEYTRAPDLTGZ -chown tpot:tpot $myCOWRIETTYTGZ $myCOWRIEDLTGZ $myDIONAEABITGZ $myDIONAEABINTGZ $myHONEYTRAPATTACKSTGZ $myHONEYTRAPDLTGZ - -# Need to remove subfolders since too many files cause rm to exit with errors -rm -rf $myCOWRIETTYLOGS $myCOWRIEDL $myDIONAEABI $myDIONAEABIN $myHONEYTRAPATTACKS $myHONEYTRAPDL - -# Recreate subfolders with correct permissions and ownership -mkdir -p $myCOWRIETTYLOGS $myCOWRIEDL $myDIONAEABI $myDIONAEABIN $myHONEYTRAPATTACKS $myHONEYTRAPDL -chmod 760 $myCOWRIETTYLOGS $myCOWRIEDL $myDIONAEABI $myDIONAEABIN $myHONEYTRAPATTACKS $myHONEYTRAPDL -chown tpot:tpot $myCOWRIETTYLOGS $myCOWRIEDL $myDIONAEABI $myDIONAEABIN $myHONEYTRAPATTACKS $myHONEYTRAPDL - -# Run logrotate again to account for previously created archives - DO NOT FORCE HERE! -logrotate -s $mySTATUS $myCONF -} - -# Let's create a function to clean up and prepare conpot data -fuCONPOT () { - if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/conpot/*; fi - mkdir -p /data/conpot/log - chmod 760 /data/conpot -R - chown tpot:tpot /data/conpot -R -} - -# Let's create a function to clean up and prepare cowrie data -fuCOWRIE () { - if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/cowrie/*; fi - mkdir -p /data/cowrie/log/tty/ /data/cowrie/downloads/ /data/cowrie/keys/ /data/cowrie/misc/ - chmod 760 /data/cowrie -R - chown tpot:tpot /data/cowrie -R -} - -# Let's create a function to clean up and prepare dionaea data -fuDIONAEA () { - if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/dionaea/*; fi - mkdir -p /data/dionaea/log /data/dionaea/bistreams /data/dionaea/binaries /data/dionaea/rtp /data/dionaea/roots/ftp /data/dionaea/roots/tftp /data/dionaea/roots/www /data/dionaea/roots/upnp - chmod 760 /data/dionaea -R - chown tpot:tpot /data/dionaea -R -} - -# Let's create a function to clean up and prepare elasticpot data -fuELASTICPOT () { - if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/elasticpot/*; fi - mkdir -p /data/elasticpot/log - chmod 760 /data/elasticpot -R - chown tpot:tpot /data/elasticpot -R -} - -# Let's create a function to clean up and prepare elk data -fuELK () { - # ELK data will be kept for <= 90 days, check /etc/crontab for curator modification - # ELK daemon log files will be removed - if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/elk/log/*; fi - mkdir -p /data/elk - chmod 760 /data/elk -R - chown tpot:tpot /data/elk -R -} - -# Let's create a function to clean up and prepare emobility data -fuEMOBILITY () { - if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/emobility/*; fi - mkdir -p /data/emobility/log - chmod 760 /data/emobility -R - chown tpot:tpot /data/emobility -R -} - -# Let's create a function to clean up and prepare glastopf data -fuGLASTOPF () { - if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/glastopf/*; fi - mkdir -p /data/glastopf - chmod 760 /data/glastopf -R - chown tpot:tpot /data/glastopf -R -} - -# Let's create a function to clean up and prepare honeytrap data -fuHONEYTRAP () { - if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/honeytrap/*; fi - mkdir -p /data/honeytrap/log/ /data/honeytrap/attacks/ /data/honeytrap/downloads/ - chmod 760 /data/honeytrap/ -R - chown tpot:tpot /data/honeytrap/ -R -} - -# Let's create a function to clean up and prepare mailoney data -fuMAILONEY () { - if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/mailoney/*; fi - mkdir -p /data/mailoney/log/ - chmod 760 /data/mailoney/ -R - chown tpot:tpot /data/mailoney/ -R -} - -# Let's create a function to clean up and prepare rdpy data -fuRDPY () { - if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/rdpy/*; fi - mkdir -p /data/rdpy/log/ - chmod 760 /data/rdpy/ -R - chown tpot:tpot /data/rdpy/ -R -} - -# Let's create a function to prepare spiderfoot db -fuSPIDERFOOT () { - mkdir -p /data/spiderfoot - touch /data/spiderfoot/spiderfoot.db - chmod 760 -R /data/spiderfoot - chown tpot:tpot -R /data/spiderfoot -} - -# Let's create a function to clean up and prepare suricata data -fuSURICATA () { - if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/suricata/*; fi - mkdir -p /data/suricata/log - chmod 760 -R /data/suricata - chown tpot:tpot -R /data/suricata -} - -# Let's create a function to clean up and prepare p0f data -fuP0F () { - if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/p0f/*; fi - mkdir -p /data/p0f/log - chmod 760 -R /data/p0f - chown tpot:tpot -R /data/p0f -} - -# Let's create a function to clean up and prepare vnclowpot data -fuVNCLOWPOT () { - if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/vnclowpot/*; fi - mkdir -p /data/vnclowpot/log/ - chmod 760 /data/vnclowpot/ -R - chown tpot:tpot /data/vnclowpot/ -R -} - - -# Avoid unwanted cleaning -if [ "$myPERSISTENCE" = "" ]; - then - echo $myRED"!!! WARNING !!! - This will delete ALL honeypot logs. "$myWHITE - while [ "$myQST" != "y" ] && [ "$myQST" != "n" ]; - do - read -p "Continue? (y/n) " myQST - done - if [ "$myQST" = "n" ]; - then - echo $myGREEN"Puuh! That was close! Aborting!"$myWHITE - exit - fi -fi - -# Check persistence, if enabled compress and rotate logs -if [ "$myPERSISTENCE" = "on" ]; - then - echo "Persistence enabled, now rotating and compressing logs." - fuLOGROTATE - else - echo "Cleaning up and preparing data folders." - fuCONPOT - fuCOWRIE - fuDIONAEA - fuELASTICPOT - fuELK - fuEMOBILITY - fuGLASTOPF - fuHONEYTRAP - fuMAILONEY - fuRDPY - fuSPIDERFOOT - fuSURICATA - fuP0F - fuVNCLOWPOT - fi - diff --git a/tpot/bin/dps.sh b/tpot/bin/dps.sh deleted file mode 100755 index 0c262732..00000000 --- a/tpot/bin/dps.sh +++ /dev/null @@ -1,71 +0,0 @@ -#/bin/bash -# Show current status of all running containers -myPARAM="$1" -myIMAGES="$(cat /etc/tpot/tpot.yml | grep -v '#' | grep container_name | cut -d: -f2)" -myRED="" -myGREEN="" -myBLUE="" -myWHITE="" -myMAGENTA="" - -function fuCONTAINERSTATUS { -local myNAME="$1" -local mySTATUS="$(/usr/bin/docker ps -f name=$myNAME --format "table {{.Status}}" -f status=running -f status=exited | tail -n 1)" -myDOWN="$(echo "$mySTATUS" | grep -o -E "(STATUS|NAMES|Exited)")" - -case "$myDOWN" in - STATUS) - mySTATUS="$myRED"DOWN"$myWHITE" - ;; - NAMES) - mySTATUS="$myRED"DOWN"$myWHITE" - ;; - Exited) - mySTATUS="$myRED$mySTATUS$myWHITE" - ;; - *) - mySTATUS="$myGREEN$mySTATUS$myWHITE" - ;; -esac - -printf "$mySTATUS" -} - -function fuCONTAINERPORTS { -local myNAME="$1" -local myPORTS="$(/usr/bin/docker ps -f name=$myNAME --format "table {{.Ports}}" -f status=running -f status=exited | tail -n 1 | sed s/","/",\n\t\t\t\t\t\t\t"/g)" - -if [ "$myPORTS" != "PORTS" ]; - then - printf "$myBLUE$myPORTS$myWHITE" -fi -} - -function fuGETSYS { -printf "========| System |========\n" -printf "%+10s %-20s\n" "Date: " "$(date)" -printf "%+10s %-20s\n" "Uptime: " "$(uptime | cut -b 2-)" -printf "%+10s %-20s\n" "CPU temp: " "$(sensors | grep 'Physical' | awk '{ print $4" " }' | tr -d [:cntrl:])" -echo -} - -while true - do - fuGETSYS - printf "%-19s %-36s %s\n" "NAME" "STATUS" "PORTS" - for i in $myIMAGES; do - myNAME="$myMAGENTA$i$myWHITE" - printf "%-32s %-49s %s" "$myNAME" "$(fuCONTAINERSTATUS $i)" "$(fuCONTAINERPORTS $i)" - echo - if [ "$myPARAM" = "vv" ]; - then - /usr/bin/docker exec -t "$i" /bin/ps awfuwfxwf | egrep -v -E "awfuwfxwf|/bin/ps" - fi - done - if [[ $myPARAM =~ ^([1-9]|[1-9][0-9]|[1-9][0-9][0-9])$ ]]; - then - sleep "$myPARAM" - else - break - fi -done diff --git a/tpot/bin/dump_es.sh b/tpot/bin/dump_es.sh deleted file mode 100755 index d496a98e..00000000 --- a/tpot/bin/dump_es.sh +++ /dev/null @@ -1,45 +0,0 @@ -#/bin/bash -# Dump all ES data -# Make sure ES is available -myES="http://127.0.0.1:64298/" -myESSTATUS=$(curl -s -XGET ''$myES'_cluster/health' | jq '.' | grep -c green) -if ! [ "$myESSTATUS" = "1" ] - then - echo "### Elasticsearch is not available, try starting via 'systemctl start elk'." - exit - else - echo "### Elasticsearch is available, now continuing." - echo -fi - -# Let's ensure normal operation on exit or if interrupted ... -function fuCLEANUP { - rm -rf tmp -} -trap fuCLEANUP EXIT - -# Set vars -myDATE=$(date +%Y%m%d%H%M) -myINDICES=$(curl -s -XGET ''$myES'_cat/indices/' | grep logstash | awk '{ print $3 }' | sort | grep -v 1970) -myES="http://127.0.0.1:64298/" -myCOL1="" -myCOL0="" - -# Dumping all ES data -echo $myCOL1"### The following indices will be dumped: "$myCOL0 -echo $myINDICES -echo - -mkdir tmp -for i in $myINDICES; - do - echo $myCOL1"### Now dumping: "$i $myCOL0 - elasticdump --input=$myES$i --output="tmp/"$i --limit 7500 - echo $myCOL1"### Now compressing: tmp/$i" $myCOL0 - gzip -f "tmp/"$i - done; - -# Build tar archive -echo $myCOL1"### Now building tar archive: es_dump_"$myDATE".tgz" $myCOL0 -tar cvf es_dump_$myDATE.tar tmp/* -echo $myCOL1"### Done."$myCOL0 diff --git a/tpot/bin/export_kibana-objects.sh b/tpot/bin/export_kibana-objects.sh deleted file mode 100755 index a48b9011..00000000 --- a/tpot/bin/export_kibana-objects.sh +++ /dev/null @@ -1,77 +0,0 @@ -#!/bin/bash -# Export all Kibana objects -# Make sure ES is available -myES="http://127.0.0.1:64298/" -myESSTATUS=$(curl -s -XGET ''$myES'_cluster/health' | jq '.' | grep -c green) -if ! [ "$myESSTATUS" = "1" ] - then - echo "### Elasticsearch is not available, try starting via 'systemctl start elk'." - exit - else - echo "### Elasticsearch is available, now continuing." - echo -fi - -# Set vars -myDATE=$(date +%Y%m%d%H%M) -myINDEXCOUNT=$(curl -s -XGET ''$myES'.kibana/index-pattern/logstash-*' | tr '\\' '\n' | grep "scripted" | wc -w) -myDASHBOARDS=$(curl -s -XGET ''$myES'.kibana/dashboard/_search?filter_path=hits.hits._id&pretty&size=10000' | jq '.hits.hits[] | {_id}' | jq -r '._id') -myVISUALIZATIONS=$(curl -s -XGET ''$myES'.kibana/visualization/_search?filter_path=hits.hits._id&pretty&size=10000' | jq '.hits.hits[] | {_id}' | jq -r '._id') -mySEARCHES=$(curl -s -XGET ''$myES'.kibana/search/_search?filter_path=hits.hits._id&pretty&size=10000' | jq '.hits.hits[] | {_id}' | jq -r '._id') -myCOL1="" -myCOL0="" - -# Let's ensure normal operation on exit or if interrupted ... -function fuCLEANUP { - rm -rf patterns/ dashboards/ visualizations/ searches/ -} -trap fuCLEANUP EXIT - -# Export index patterns -mkdir -p patterns -echo $myCOL1"### Now exporting"$myCOL0 $myINDEXCOUNT $myCOL1"index patterns." $myCOL0 -curl -s -XGET ''$myES'.kibana/index-pattern/logstash-*?' | jq '._source' > patterns/index-patterns.json -echo - -# Export dashboards -mkdir -p dashboards -echo $myCOL1"### Now exporting"$myCOL0 $(echo $myDASHBOARDS | wc -w) $myCOL1"dashboards." $myCOL0 -for i in $myDASHBOARDS; - do - echo $myCOL1"###### "$i $myCOL0 - curl -s -XGET ''$myES'.kibana/dashboard/'$i'' | jq '._source' > dashboards/$i.json - done; -echo - -# Export visualizations -mkdir -p visualizations -echo $myCOL1"### Now exporting"$myCOL0 $(echo $myVISUALIZATIONS | wc -w) $myCOL1"visualizations." $myCOL0 -for i in $myVISUALIZATIONS; - do - echo $myCOL1"###### "$i $myCOL0 - curl -s -XGET ''$myES'.kibana/visualization/'$i'' | jq '._source' > visualizations/$i.json - done; -echo - -# Export searches -mkdir -p searches -echo $myCOL1"### Now exporting"$myCOL0 $(echo $mySEARCHES | wc -w) $myCOL1"searches." $myCOL0 -for i in $mySEARCHES; - do - echo $myCOL1"###### "$i $myCOL0 - curl -s -XGET ''$myES'.kibana/search/'$i'' | jq '._source' > searches/$i.json - done; -echo - -# Building tar archive -echo $myCOL1"### Now building archive"$myCOL0 "kibana-objects_"$myDATE".tgz" -tar cvfz kibana-objects_$myDATE.tgz patterns dashboards visualizations searches > /dev/null - -# Stats -echo -echo $myCOL1"### Statistics" -echo $myCOL1"###### Exported"$myCOL0 $myINDEXCOUNT $myCOL1"index patterns." $myCOL0 -echo $myCOL1"###### Exported"$myCOL0 $(echo $myDASHBOARDS | wc -w) $myCOL1"dashboards." $myCOL0 -echo $myCOL1"###### Exported"$myCOL0 $(echo $myVISUALIZATIONS | wc -w) $myCOL1"visualizations." $myCOL0 -echo $myCOL1"###### Exported"$myCOL0 $(echo $mySEARCHES | wc -w) $myCOL1"searches." $myCOL0 -echo diff --git a/tpot/bin/import_kibana-objects.sh b/tpot/bin/import_kibana-objects.sh deleted file mode 100755 index 2ae37e6a..00000000 --- a/tpot/bin/import_kibana-objects.sh +++ /dev/null @@ -1,91 +0,0 @@ -#!/bin/bash -# Import Kibana objects -# Make sure ES is available -myES="http://127.0.0.1:64298/" -myESSTATUS=$(curl -s -XGET ''$myES'_cluster/health' | jq '.' | grep -c green) -if ! [ "$myESSTATUS" = "1" ] - then - echo "### Elasticsearch is not available, try starting via 'systemctl start elk'." - exit - else - echo "### Elasticsearch is available, now continuing." - echo -fi - -# Set vars -myDUMP=$1 -myCOL1="" -myCOL0="" - -# Let's ensure normal operation on exit or if interrupted ... -function fuCLEANUP { - rm -rf patterns/ dashboards/ visualizations/ searches/ -} -trap fuCLEANUP EXIT - -# Check if parameter is given and file exists -if [ "$myDUMP" = "" ]; - then - echo $myCOL1"### Please provide a backup file name."$myCOL0 - echo $myCOL1"### restore-kibana-objects.sh "$myCOL0 - echo - exit -fi -if ! [ -a $myDUMP ]; - then - echo $myCOL1"### File not found."$myCOL0 - exit -fi - -# Unpack tar -tar xvfz $myDUMP > /dev/null - -# Restore index patterns -myINDEXCOUNT=$(cat patterns/index-patterns.json | tr '\\' '\n' | grep "scripted" | wc -w) -echo $myCOL1"### Now importing"$myCOL0 $myINDEXCOUNT $myCOL1"index patterns." $myCOL0 -curl -s -XDELETE ''$myES'.kibana/index-pattern/logstash-*' > /dev/null -curl -s -XPUT ''$myES'.kibana/index-pattern/logstash-*' -T patterns/index-patterns.json > /dev/null -echo - -# Restore dashboards -myDASHBOARDS=$(ls dashboards/*.json | cut -c 12- | rev | cut -c 6- | rev) -echo $myCOL1"### Now importing "$myCOL0$(echo $myDASHBOARDS | wc -w)$myCOL1 "dashboards." $myCOL0 -for i in $myDASHBOARDS; - do - echo $myCOL1"###### "$i $myCOL0 - curl -s -XDELETE ''$myES'.kibana/dashboard/'$i'' > /dev/null - curl -s -XPUT ''$myES'.kibana/dashboard/'$i'' -T dashboards/$i.json > /dev/null - done; -echo - -# Restore visualizations -myVISUALIZATIONS=$(ls visualizations/*.json | cut -c 16- | rev | cut -c 6- | rev) -echo $myCOL1"### Now importing "$myCOL0$(echo $myVISUALIZATIONS | wc -w)$myCOL1 "visualizations." $myCOL0 -for i in $myVISUALIZATIONS; - do - echo $myCOL1"###### "$i $myCOL0 - curl -s -XDELETE ''$myES'.kibana/visualization/'$i'' > /dev/null - curl -s -XPUT ''$myES'.kibana/visualization/'$i'' -T visualizations/$i.json > /dev/null - done; -echo - -# Restore searches -mySEARCHES=$(ls searches/*.json | cut -c 10- | rev | cut -c 6- | rev) -echo $myCOL1"### Now importing "$myCOL0$(echo $mySEARCHES | wc -w)$myCOL1 "searches." $myCOL0 -for i in $mySEARCHES; - do - echo $myCOL1"###### "$i $myCOL0 - curl -s -XDELETE ''$myES'.kibana/search/'$i'' > /dev/null - curl -s -XPUT ''$myES'.kibana/search/'$i'' -T searches/$i.json > /dev/null - done; -echo - -# Stats -echo -echo $myCOL1"### Statistics" -echo $myCOL1"###### Imported"$myCOL0 $myINDEXCOUNT $myCOL1"index patterns." $myCOL0 -echo $myCOL1"###### Imported"$myCOL0 $(echo $myDASHBOARDS | wc -w) $myCOL1"dashboards." $myCOL0 -echo $myCOL1"###### Imported"$myCOL0 $(echo $myVISUALIZATIONS | wc -w) $myCOL1"visualizations." $myCOL0 -echo $myCOL1"###### Imported"$myCOL0 $(echo $mySEARCHES | wc -w) $myCOL1"searches." $myCOL0 -echo - diff --git a/tpot/bin/myip.sh b/tpot/bin/myip.sh deleted file mode 100755 index 86a9114e..00000000 --- a/tpot/bin/myip.sh +++ /dev/null @@ -1,88 +0,0 @@ -#!/bin/bash - -## Get my external IP - -timeout=2 # seconds to wait for a reply before trying next server -verbose=1 # prints which server was used to STDERR - -dnslist=( - "dig +short myip.opendns.com @resolver1.opendns.com" - "dig +short myip.opendns.com @resolver2.opendns.com" - "dig +short myip.opendns.com @resolver3.opendns.com" - "dig +short myip.opendns.com @resolver4.opendns.com" - "dig +short -4 -t a whoami.akamai.net @ns1-1.akamaitech.net" - "dig +short whoami.akamai.net @ns1-1.akamaitech.net" -) - -httplist=( - alma.ch/myip.cgi - api.infoip.io/ip - api.ipify.org - bot.whatismyipaddress.com - canhazip.com - checkip.amazonaws.com - eth0.me - icanhazip.com - ident.me - ipecho.net/plain - ipinfo.io/ip - ipof.in/txt - ip.tyk.nu - l2.io/ip - smart-ip.net/myip - wgetip.com - whatismyip.akamai.com -) - -# function to shuffle the global array "array" -shuffle() { - local i tmp size max rand - size=${#array[*]} - max=$(( 32768 / size * size )) - for ((i=size-1; i>0; i--)); do - while (( (rand=$RANDOM) >= max )); do :; done - rand=$(( rand % (i+1) )) - tmp=${array[i]} array[i]=${array[rand]} array[rand]=$tmp - done -} - -# if we have dig and a list of dns methods, try that first -if hash dig 2>/dev/null && [ ${#dnslist[*]} -gt 0 ]; then - eval array=( \"\${dnslist[@]}\" ) - shuffle - - for cmd in "${array[@]}"; do - [ "$verbose" == 1 ] && echo Trying: $cmd 1>&2 - ip=$(timeout $timeout $cmd) - if [ -n "$ip" ]; then - echo $ip - exit - fi - done -fi - -# if we haven't succeeded with DNS, try HTTP -if [ ${#httplist[*]} == 0 ]; then - echo "No hosts in httplist array!" >&2 - exit 1 -fi - -# use curl or wget, depending on which one we find -curl_or_wget=$(if hash curl 2>/dev/null; then echo curl; elif hash wget 2>/dev/null; then echo "wget -qO-"; fi); - -if [ -z "$curl_or_wget" ]; then - echo "Neither curl nor wget found. Cannot use http method." >&2 - exit 1 -fi - -eval array=( \"\${httplist[@]}\" ) -shuffle - -for url in "${array[@]}"; do - [ "$verbose" == 1 ] && echo Trying: $curl_or_wget -s "$url" 1>&2 - ip=$(timeout $timeout $curl_or_wget -s "$url") - if [ -n "$ip" ]; then - echo $ip - exit - fi -done diff --git a/tpot/bin/restore_es.sh b/tpot/bin/restore_es.sh deleted file mode 100755 index 506a5c8c..00000000 --- a/tpot/bin/restore_es.sh +++ /dev/null @@ -1,61 +0,0 @@ -#/bin/bash -# Restore folder based ES backup -# Make sure ES is available -myES="http://127.0.0.1:64298/" -myESSTATUS=$(curl -s -XGET ''$myES'_cluster/health' | jq '.' | grep -c green) -if ! [ "$myESSTATUS" = "1" ] - then - echo "### Elasticsearch is not available, try starting via 'systemctl start elk'." - exit - else - echo "### Elasticsearch is available, now continuing." -fi - -# Let's ensure normal operation on exit or if interrupted ... -function fuCLEANUP { - rm -rf tmp -} -trap fuCLEANUP EXIT - -# Set vars -myDUMP=$1 -myCOL1="" -myCOL0="" - -# Check if parameter is given and file exists -if [ "$myDUMP" = "" ]; - then - echo $myCOL1"### Please provide a backup file name."$myCOL0 - echo $myCOL1"### restore-elk.sh "$myCOL0 - echo - exit -fi -if ! [ -a $myDUMP ]; - then - echo $myCOL1"### File not found."$myCOL0 - exit -fi - -# Unpack tar archive -echo $myCOL1"### Now unpacking tar archive: "$myDUMP $myCOL0 -tar xvf $myDUMP - -# Build indices list -myINDICES=$(ls tmp/logstash*.gz | cut -c 5- | rev | cut -c 4- | rev) -echo $myCOL1"### The following indices will be restored: "$myCOL0 -echo $myINDICES -echo - -# Restore indices -for i in $myINDICES; - do - # Delete index if it already exists - curl -s -XDELETE $myES$i > /dev/null - echo $myCOL1"### Now uncompressing: tmp/$i.gz" $myCOL0 - gunzip -f tmp/$i.gz - # Restore index to ES - echo $myCOL1"### Now restoring: "$i $myCOL0 - elasticdump --input=tmp/$i --output=$myES$i --limit 7500 - rm tmp/$i - done; -echo $myCOL1"### Done."$myCOL0 diff --git a/tpot/bin/updateip.sh b/tpot/bin/updateip.sh deleted file mode 100755 index f9c0892a..00000000 --- a/tpot/bin/updateip.sh +++ /dev/null @@ -1,24 +0,0 @@ -#!/bin/bash -# Let's add the first local ip to the /etc/issue and external ip to ews.ip file -# If the external IP cannot be detected, the internal IP will be inherited. -source /etc/environment -myLOCALIP=$(hostname -I | awk '{ print $1 }') -myEXTIP=$(/usr/share/tpot/bin/myip.sh) -if [ "$myEXTIP" = "" ]; - then - myEXTIP=$myLOCALIP -fi -sed -i "s#IP:.*#IP: $myLOCALIP ($myEXTIP)#" /etc/issue -sed -i "s#SSH:.*#SSH: ssh -l tsec -p 64295 $myLOCALIP#" /etc/issue -sed -i "s#WEB:.*#WEB: https://$myLOCALIP:64297#" /etc/issue -tee /data/ews/conf/ews.ip << EOF -[MAIN] -ip = $myEXTIP -EOF -tee /etc/tpot/elk/environment << EOF -MY_EXTIP=$myEXTIP -MY_INTIP=$myLOCALIP -MY_HOSTNAME=$HOSTNAME -EOF -chown tpot:tpot /data/ews/conf/ews.ip -chmod 760 /data/ews/conf/ews.ip diff --git a/tpot/etc/compose/all.yml b/tpot/etc/compose/all.yml deleted file mode 100644 index a5e4b2d0..00000000 --- a/tpot/etc/compose/all.yml +++ /dev/null @@ -1,313 +0,0 @@ -# T-Pot (Everything) -# For docker-compose ... -version: '2.1' - -networks: - conpot_local: - cowrie_local: - dionaea_local: - elasticpot_local: - emobility_local: - ewsposter_local: - glastopf_local: - mailoney_local: - rdpy_local: - spiderfoot_local: - ui-for-docker_local: - vnclowpot_local: - -services: - -# Conpot service - conpot: - container_name: conpot - restart: always - networks: - - conpot_local - ports: - - "1025:1025" - - "50100:50100" - image: "dtagdevsec/conpot:1710" - volumes: - - /data/conpot/log:/var/log/conpot - -# Cowrie service - cowrie: - container_name: cowrie - restart: always - networks: - - cowrie_local - cap_add: - - NET_BIND_SERVICE - ports: - - "22:2222" - - "23:2223" - image: "dtagdevsec/cowrie:1710" - volumes: - - /data/cowrie/downloads:/home/cowrie/cowrie/dl - - /data/cowrie/keys:/home/cowrie/cowrie/etc - - /data/cowrie/log:/home/cowrie/cowrie/log - - /data/cowrie/log/tty:/home/cowrie/cowrie/log/tty - -# Dionaea service - dionaea: - container_name: dionaea - stdin_open: true - restart: always - networks: - - dionaea_local - cap_add: - - NET_BIND_SERVICE - ports: - - "20:20" - - "21:21" - - "42:42" - - "69:69/udp" - - "8081:80" - - "135:135" - - "443:443" - - "445:445" - - "1433:1433" - - "1723:1723" - - "1883:1883" - - "1900:1900/udp" - - "3306:3306" - - "5060:5060" - - "5060:5060/udp" - - "5061:5061" - - "27017:27017" - image: "dtagdevsec/dionaea:1710" - volumes: - - /data/dionaea/roots/ftp:/opt/dionaea/var/dionaea/roots/ftp - - /data/dionaea/roots/tftp:/opt/dionaea/var/dionaea/roots/tftp - - /data/dionaea/roots/www:/opt/dionaea/var/dionaea/roots/www - - /data/dionaea/roots/upnp:/opt/dionaea/var/dionaea/roots/upnp - - /data/dionaea:/opt/dionaea/var/dionaea - - /data/dionaea/binaries:/opt/dionaea/var/dionaea/binaries - - /data/dionaea/log:/opt/dionaea/var/log - - /data/dionaea/rtp:/opt/dionaea/var/dionaea/rtp - -# Elasticpot service - elasticpot: - container_name: elasticpot - restart: always - networks: - - elasticpot_local - ports: - - "9200:9200" - image: "dtagdevsec/elasticpot:1710" - volumes: - - /data/elasticpot/log:/opt/ElasticpotPY/log - -# ELK services -## Elasticsearch service - elasticsearch: - container_name: elasticsearch - restart: always - environment: - - bootstrap.memory_lock=true -# - "ES_JAVA_OPTS=-Xms1g -Xmx1g" - cap_add: - - IPC_LOCK - ulimits: - memlock: - soft: -1 - hard: -1 - nofile: - soft: 65536 - hard: 65536 -# mem_limit: 2g - ports: - - "127.0.0.1:64298:9200" - image: "dtagdevsec/elasticsearch:1710" - volumes: - - /data:/data - -## Kibana service - kibana: - container_name: kibana - restart: always - depends_on: - elasticsearch: - condition: service_healthy - ports: - - "127.0.0.1:64296:5601" - image: "dtagdevsec/kibana:1710" - -## Logstash service - logstash: - container_name: logstash - restart: always - depends_on: - elasticsearch: - condition: service_healthy - env_file: - - /etc/tpot/elk/environment - image: "dtagdevsec/logstash:1710" - volumes: - - /data:/data - - /var/log:/data/host/log - -## Elasticsearch-head service - head: - container_name: head - restart: always - depends_on: - elasticsearch: - condition: service_healthy - ports: - - "127.0.0.1:64302:9100" - image: "dtagdevsec/head:1710" - -# Emobility service - emobility: - container_name: emobility - restart: always - networks: - - emobility_local - cap_add: - - NET_ADMIN - ports: - - "8080:8080" - image: "dtagdevsec/emobility:1710" - volumes: - - /data/emobility:/data/eMobility - - /data/ews:/data/ews - -# Ewsposter service - ewsposter: - container_name: ewsposter - restart: always - networks: - - ewsposter_local - image: "dtagdevsec/ewsposter:1710" - volumes: - - /data:/data - - /data/ews/conf/ews.ip:/opt/ewsposter/ews.ip - -# Glastopf service - glastopf: - container_name: glastopf - restart: always - networks: - - glastopf_local - ports: - - "80:80" - image: "dtagdevsec/glastopf:1710" - volumes: - - /data/glastopf/db:/opt/glastopf/db - - /data/glastopf/log:/opt/glastopf/log - -# Honeytrap service - honeytrap: - container_name: honeytrap - restart: always - network_mode: "host" - cap_add: - - NET_ADMIN - image: "dtagdevsec/honeytrap:1710" - volumes: - - /data/honeytrap/attacks:/opt/honeytrap/var/attacks - - /data/honeytrap/downloads:/opt/honeytrap/var/downloads - - /data/honeytrap/log:/opt/honeytrap/var/log - -# Mailoney service - mailoney: - container_name: mailoney - restart: always - networks: - - mailoney_local - ports: - - "25:2525" - image: "dtagdevsec/mailoney:1710" - volumes: - - /data/mailoney/log:/opt/mailoney/logs - -# Netdata service - netdata: - container_name: netdata - restart: always - network_mode: "host" - depends_on: - elasticsearch: - condition: service_healthy - cap_add: - - SYS_PTRACE - security_opt: - - apparmor=unconfined - image: "dtagdevsec/netdata:1710" - volumes: - - /proc:/host/proc:ro - - /sys:/host/sys:ro - - /var/run/docker.sock:/var/run/docker.sock - -# Rdpy service - rdpy: - container_name: rdpy - restart: always - networks: - - rdpy_local - ports: - - "3389:3389" - image: "dtagdevsec/rdpy:1710" - volumes: - - /data/rdpy/log:/var/log/rdpy - -# Spiderfoot service - spiderfoot: - container_name: spiderfoot - restart: always - networks: - - spiderfoot_local - ports: - - "127.0.0.1:64303:8080" - image: "dtagdevsec/spiderfoot:1710" - volumes: - - /data/spiderfoot/spiderfoot.db:/home/spiderfoot/spiderfoot.db - -# Ui-for-docker service - ui-for-docker: - container_name: ui-for-docker - command: -H unix:///var/run/docker.sock --no-auth - restart: always - networks: - - ui-for-docker_local - ports: - - "127.0.0.1:64299:9000" - image: "dtagdevsec/ui-for-docker:1710" - volumes: - - /var/run/docker.sock:/var/run/docker.sock - -# Suricata service - suricata: - container_name: suricata - restart: always - network_mode: "host" - cap_add: - - NET_ADMIN - - SYS_NICE - - NET_RAW - image: "dtagdevsec/suricata:1710" - volumes: - - /data/suricata/log:/var/log/suricata - -# P0f service - p0f: - container_name: p0f - restart: always - network_mode: "host" - image: "dtagdevsec/p0f:1710" - volumes: - - /data/p0f/log:/var/log/p0f - -# Vnclowpot service - vnclowpot: - container_name: vnclowpot - restart: always - networks: - - vnclowpot_local - ports: - - "5900:5900" - image: "dtagdevsec/vnclowpot:1710" - volumes: - - /data/vnclowpot/log:/var/log/vnclowpot diff --git a/tpot/etc/compose/hp.yml b/tpot/etc/compose/hp.yml deleted file mode 100644 index 04649b80..00000000 --- a/tpot/etc/compose/hp.yml +++ /dev/null @@ -1,156 +0,0 @@ -# T-Pot (HP) -# For docker-compose ... -version: '2.1' - -networks: - cowrie_local: - dionaea_local: - elasticpot_local: - ewsposter_local: - glastopf_local: - mailoney_local: - rdpy_local: - vnclowpot_local: - -services: - -# Cowrie service - cowrie: - container_name: cowrie - restart: always - networks: - - cowrie_local - cap_add: - - NET_BIND_SERVICE - ports: - - "22:2222" - - "23:2223" - image: "dtagdevsec/cowrie:1710" - volumes: - - /data/cowrie/downloads:/home/cowrie/cowrie/dl - - /data/cowrie/keys:/home/cowrie/cowrie/etc - - /data/cowrie/log:/home/cowrie/cowrie/log - - /data/cowrie/log/tty:/home/cowrie/cowrie/log/tty - -# Dionaea service - dionaea: - container_name: dionaea - stdin_open: true - restart: always - networks: - - dionaea_local - cap_add: - - NET_BIND_SERVICE - ports: - - "20:20" - - "21:21" - - "42:42" - - "69:69/udp" - - "8081:80" - - "135:135" - - "443:443" - - "445:445" - - "1433:1433" - - "1723:1723" - - "1883:1883" - - "1900:1900/udp" - - "3306:3306" - - "5060:5060" - - "5060:5060/udp" - - "5061:5061" - - "27017:27017" - image: "dtagdevsec/dionaea:1710" - volumes: - - /data/dionaea/roots/ftp:/opt/dionaea/var/dionaea/roots/ftp - - /data/dionaea/roots/tftp:/opt/dionaea/var/dionaea/roots/tftp - - /data/dionaea/roots/www:/opt/dionaea/var/dionaea/roots/www - - /data/dionaea/roots/upnp:/opt/dionaea/var/dionaea/roots/upnp - - /data/dionaea:/opt/dionaea/var/dionaea - - /data/dionaea/binaries:/opt/dionaea/var/dionaea/binaries - - /data/dionaea/log:/opt/dionaea/var/log - - /data/dionaea/rtp:/opt/dionaea/var/dionaea/rtp - -# Elasticpot service - elasticpot: - container_name: elasticpot - restart: always - networks: - - elasticpot_local - ports: - - "9200:9200" - image: "dtagdevsec/elasticpot:1710" - volumes: - - /data/elasticpot/log:/opt/ElasticpotPY/log - -# Ewsposter service - ewsposter: - container_name: ewsposter - restart: always - networks: - - ewsposter_local - image: "dtagdevsec/ewsposter:1710" - volumes: - - /data:/data - - /data/ews/conf/ews.ip:/opt/ewsposter/ews.ip - -# Glastopf service - glastopf: - container_name: glastopf - restart: always - networks: - - glastopf_local - ports: - - "80:80" - image: "dtagdevsec/glastopf:1710" - volumes: - - /data/glastopf/db:/opt/glastopf/db - - /data/glastopf/log:/opt/glastopf/log - -# Honeytrap service - honeytrap: - container_name: honeytrap - restart: always - network_mode: "host" - cap_add: - - NET_ADMIN - image: "dtagdevsec/honeytrap:1710" - volumes: - - /data/honeytrap/attacks:/opt/honeytrap/var/attacks - - /data/honeytrap/downloads:/opt/honeytrap/var/downloads - - /data/honeytrap/log:/opt/honeytrap/var/log - -# Mailoney service - mailoney: - container_name: mailoney - restart: always - networks: - - mailoney_local - ports: - - "25:2525" - image: "dtagdevsec/mailoney:1710" - volumes: - - /data/mailoney/log:/opt/mailoney/logs - -# Rdpy service - rdpy: - container_name: rdpy - restart: always - networks: - - rdpy_local - ports: - - "3389:3389" - image: "dtagdevsec/rdpy:1710" - volumes: - - /data/rdpy/log:/var/log/rdpy - -# Vnclowpot service - vnclowpot: - container_name: vnclowpot - restart: always - networks: - - vnclowpot_local - ports: - - "5900:5900" - image: "dtagdevsec/vnclowpot:1710" - volumes: - - /data/vnclowpot/log:/var/log/vnclowpot diff --git a/tpot/etc/compose/industrial.yml b/tpot/etc/compose/industrial.yml deleted file mode 100644 index aefeac65..00000000 --- a/tpot/etc/compose/industrial.yml +++ /dev/null @@ -1,176 +0,0 @@ -# T-Pot (Industrial) -# For docker-compose ... -version: '2.1' - -networks: - conpot_local: - emobility_local: - ewsposter_local: - spiderfoot_local: - ui-for-docker_local: - -services: - -# Conpot service - conpot: - container_name: conpot - restart: always - networks: - - conpot_local - ports: - - "1025:1025" - - "50100:50100" - image: "dtagdevsec/conpot:1710" - volumes: - - /data/conpot/log:/var/log/conpot - -# ELK services -## Elasticsearch service - elasticsearch: - container_name: elasticsearch - restart: always - environment: - - bootstrap.memory_lock=true -# - "ES_JAVA_OPTS=-Xms1g -Xmx1g" - cap_add: - - IPC_LOCK - ulimits: - memlock: - soft: -1 - hard: -1 - nofile: - soft: 65536 - hard: 65536 -# mem_limit: 2g - ports: - - "127.0.0.1:64298:9200" - image: "dtagdevsec/elasticsearch:1710" - volumes: - - /data:/data - -## Kibana service - kibana: - container_name: kibana - restart: always - depends_on: - elasticsearch: - condition: service_healthy - ports: - - "127.0.0.1:64296:5601" - image: "dtagdevsec/kibana:1710" - -## Logstash service - logstash: - container_name: logstash - restart: always - depends_on: - elasticsearch: - condition: service_healthy - env_file: - - /etc/tpot/elk/environment - image: "dtagdevsec/logstash:1710" - volumes: - - /data:/data - - /var/log:/data/host/log - -## Elasticsearch-head service - head: - container_name: head - restart: always - depends_on: - elasticsearch: - condition: service_healthy - ports: - - "127.0.0.1:64302:9100" - image: "dtagdevsec/head:1710" - -# Emobility service - emobility: - container_name: emobility - restart: always - networks: - - emobility_local - cap_add: - - NET_ADMIN - ports: - - "8080:8080" - image: "dtagdevsec/emobility:1710" - volumes: - - /data/emobility:/data/eMobility - - /data/ews:/data/ews - -# Ewsposter service - ewsposter: - container_name: ewsposter - restart: always - networks: - - ewsposter_local - image: "dtagdevsec/ewsposter:1710" - volumes: - - /data:/data - - /data/ews/conf/ews.ip:/opt/ewsposter/ews.ip - -# Netdata service - netdata: - container_name: netdata - restart: always - network_mode: "host" - depends_on: - elasticsearch: - condition: service_healthy - cap_add: - - SYS_PTRACE - security_opt: - - apparmor=unconfined - image: "dtagdevsec/netdata:1710" - volumes: - - /proc:/host/proc:ro - - /sys:/host/sys:ro - - /var/run/docker.sock:/var/run/docker.sock - -# Spiderfoot service - spiderfoot: - container_name: spiderfoot - restart: always - networks: - - spiderfoot_local - ports: - - "127.0.0.1:64303:8080" - image: "dtagdevsec/spiderfoot:1710" - volumes: - - /data/spiderfoot/spiderfoot.db:/home/spiderfoot/spiderfoot.db - -# Ui-for-docker service - ui-for-docker: - container_name: ui-for-docker - command: -H unix:///var/run/docker.sock --no-auth - restart: always - networks: - - ui-for-docker_local - ports: - - "127.0.0.1:64299:9000" - image: "dtagdevsec/ui-for-docker:1710" - volumes: - - /var/run/docker.sock:/var/run/docker.sock - -# Suricata service - suricata: - container_name: suricata - restart: always - network_mode: "host" - cap_add: - - NET_ADMIN - - SYS_NICE - - NET_RAW - image: "dtagdevsec/suricata:1710" - volumes: - - /data/suricata/log:/var/log/suricata - -# P0f service - p0f: - container_name: p0f - restart: always - network_mode: "host" - image: "dtagdevsec/p0f:1710" - volumes: - - /data/p0f/log:/var/log/p0f diff --git a/tpot/etc/compose/tpot.yml b/tpot/etc/compose/tpot.yml deleted file mode 100644 index d7097bb2..00000000 --- a/tpot/etc/compose/tpot.yml +++ /dev/null @@ -1,283 +0,0 @@ -# T-Pot (Standard) -# For docker-compose ... -version: '2.1' - -networks: - cowrie_local: - dionaea_local: - elasticpot_local: - ewsposter_local: - glastopf_local: - mailoney_local: - rdpy_local: - spiderfoot_local: - ui-for-docker_local: - vnclowpot_local: - -services: - -# Cowrie service - cowrie: - container_name: cowrie - restart: always - networks: - - cowrie_local - cap_add: - - NET_BIND_SERVICE - ports: - - "22:2222" - - "23:2223" - image: "dtagdevsec/cowrie:1710" - volumes: - - /data/cowrie/downloads:/home/cowrie/cowrie/dl - - /data/cowrie/keys:/home/cowrie/cowrie/etc - - /data/cowrie/log:/home/cowrie/cowrie/log - - /data/cowrie/log/tty:/home/cowrie/cowrie/log/tty - -# Dionaea service - dionaea: - container_name: dionaea - stdin_open: true - restart: always - networks: - - dionaea_local - cap_add: - - NET_BIND_SERVICE - ports: - - "20:20" - - "21:21" - - "42:42" - - "69:69/udp" - - "8081:80" - - "135:135" - - "443:443" - - "445:445" - - "1433:1433" - - "1723:1723" - - "1883:1883" - - "1900:1900/udp" - - "3306:3306" - - "5060:5060" - - "5060:5060/udp" - - "5061:5061" - - "27017:27017" - image: "dtagdevsec/dionaea:1710" - volumes: - - /data/dionaea/roots/ftp:/opt/dionaea/var/dionaea/roots/ftp - - /data/dionaea/roots/tftp:/opt/dionaea/var/dionaea/roots/tftp - - /data/dionaea/roots/www:/opt/dionaea/var/dionaea/roots/www - - /data/dionaea/roots/upnp:/opt/dionaea/var/dionaea/roots/upnp - - /data/dionaea:/opt/dionaea/var/dionaea - - /data/dionaea/binaries:/opt/dionaea/var/dionaea/binaries - - /data/dionaea/log:/opt/dionaea/var/log - - /data/dionaea/rtp:/opt/dionaea/var/dionaea/rtp - -# Elasticpot service - elasticpot: - container_name: elasticpot - restart: always - networks: - - elasticpot_local - ports: - - "9200:9200" - image: "dtagdevsec/elasticpot:1710" - volumes: - - /data/elasticpot/log:/opt/ElasticpotPY/log - -# ELK services -## Elasticsearch service - elasticsearch: - container_name: elasticsearch - restart: always - environment: - - bootstrap.memory_lock=true - - "ES_JAVA_OPTS=-Xms512m -Xmx512m" - cap_add: - - IPC_LOCK - ulimits: - memlock: - soft: -1 - hard: -1 - nofile: - soft: 65536 - hard: 65536 -# mem_limit: 2g - ports: - - "127.0.0.1:64298:9200" - image: "dtagdevsec/elasticsearch:1710" - volumes: - - /data:/data - -## Kibana service - kibana: - container_name: kibana - restart: always - depends_on: - elasticsearch: - condition: service_healthy - ports: - - "127.0.0.1:64296:5601" - image: "dtagdevsec/kibana:1710" - -## Logstash service - logstash: - container_name: logstash - restart: always - depends_on: - elasticsearch: - condition: service_healthy - env_file: - - /etc/tpot/elk/environment - image: "dtagdevsec/logstash:1710" - volumes: - - /data:/data - - /var/log:/data/host/log - -## Elasticsearch-head service - head: - container_name: head - restart: always - depends_on: - elasticsearch: - condition: service_healthy - ports: - - "127.0.0.1:64302:9100" - image: "dtagdevsec/head:1710" - -# Ewsposter service - ewsposter: - container_name: ewsposter - restart: always - networks: - - ewsposter_local - image: "dtagdevsec/ewsposter:1710" - volumes: - - /data:/data - - /data/ews/conf/ews.ip:/opt/ewsposter/ews.ip - -# Glastopf service - glastopf: - container_name: glastopf - restart: always - networks: - - glastopf_local - ports: - - "80:80" - image: "dtagdevsec/glastopf:1710" - volumes: - - /data/glastopf/db:/opt/glastopf/db - - /data/glastopf/log:/opt/glastopf/log - -# Honeytrap service - honeytrap: - container_name: honeytrap - restart: always - network_mode: "host" - cap_add: - - NET_ADMIN - image: "dtagdevsec/honeytrap:1710" - volumes: - - /data/honeytrap/attacks:/opt/honeytrap/var/attacks - - /data/honeytrap/downloads:/opt/honeytrap/var/downloads - - /data/honeytrap/log:/opt/honeytrap/var/log - -# Mailoney service - mailoney: - container_name: mailoney - restart: always - networks: - - mailoney_local - ports: - - "25:2525" - image: "dtagdevsec/mailoney:1710" - volumes: - - /data/mailoney/log:/opt/mailoney/logs - -# Netdata service - netdata: - container_name: netdata - restart: always - network_mode: "host" - depends_on: - elasticsearch: - condition: service_healthy - cap_add: - - SYS_PTRACE - security_opt: - - apparmor=unconfined - image: "dtagdevsec/netdata:1710" - volumes: - - /proc:/host/proc:ro - - /sys:/host/sys:ro - - /var/run/docker.sock:/var/run/docker.sock - -# Rdpy service - rdpy: - container_name: rdpy - restart: always - networks: - - rdpy_local - ports: - - "3389:3389" - image: "dtagdevsec/rdpy:1710" - volumes: - - /data/rdpy/log:/var/log/rdpy - -# Spiderfoot service - spiderfoot: - container_name: spiderfoot - restart: always - networks: - - spiderfoot_local - ports: - - "127.0.0.1:64303:8080" - image: "dtagdevsec/spiderfoot:1710" - volumes: - - /data/spiderfoot/spiderfoot.db:/home/spiderfoot/spiderfoot.db - -# Ui-for-docker service - ui-for-docker: - container_name: ui-for-docker - command: -H unix:///var/run/docker.sock --no-auth - restart: always - networks: - - ui-for-docker_local - ports: - - "127.0.0.1:64299:9000" - image: "dtagdevsec/ui-for-docker:1710" - volumes: - - /var/run/docker.sock:/var/run/docker.sock - -# Suricata service - suricata: - container_name: suricata - restart: always - network_mode: "host" - cap_add: - - NET_ADMIN - - SYS_NICE - - NET_RAW - image: "dtagdevsec/suricata:1710" - volumes: - - /data/suricata/log:/var/log/suricata - -# P0f service - p0f: - container_name: p0f - restart: always - network_mode: "host" - image: "dtagdevsec/p0f:1710" - volumes: - - /data/p0f/log:/var/log/p0f - -# Vnclowpot service - vnclowpot: - container_name: vnclowpot - restart: always - networks: - - vnclowpot_local - ports: - - "5900:5900" - image: "dtagdevsec/vnclowpot:1710" - volumes: - - /data/vnclowpot/log:/var/log/vnclowpot diff --git a/tpot/etc/curator/actions.yml b/tpot/etc/curator/actions.yml deleted file mode 100644 index fe48bfb9..00000000 --- a/tpot/etc/curator/actions.yml +++ /dev/null @@ -1,26 +0,0 @@ -# Remember, leave a key empty if there is no value. None will be a string, -# not a Python "NoneType" -# -# Also remember that all examples have 'disable_action' set to True. If you -# want to use this action as a template, be sure to set this to False after -# copying it. -actions: - 1: - action: delete_indices - description: >- - Delete indices older than 90 days (based on index name), for logstash- - prefixed indices. Ignore the error if the filter does not result in an - actionable list of indices (ignore_empty_list) and exit cleanly. - options: - ignore_empty_list: True - disable_action: False - filters: - - filtertype: pattern - kind: prefix - value: logstash- - - filtertype: age - source: name - direction: older - timestring: '%Y.%m.%d' - unit: days - unit_count: 90 diff --git a/tpot/etc/curator/curator.yml b/tpot/etc/curator/curator.yml deleted file mode 100644 index 715bcd06..00000000 --- a/tpot/etc/curator/curator.yml +++ /dev/null @@ -1,21 +0,0 @@ -# Remember, leave a key empty if there is no value. None will be a string, -# not a Python "NoneType" -client: - hosts: - - 127.0.0.1 - port: 64298 - url_prefix: - use_ssl: False - certificate: - client_cert: - client_key: - ssl_no_validate: False - http_auth: - timeout: 30 - master_only: False - -logging: - loglevel: INFO - logfile: /var/log/curator.log - logformat: default - blacklist: ['elasticsearch', 'urllib3'] diff --git a/tpot/etc/logrotate/logrotate.conf b/tpot/etc/logrotate/logrotate.conf deleted file mode 100644 index 85d889bb..00000000 --- a/tpot/etc/logrotate/logrotate.conf +++ /dev/null @@ -1,38 +0,0 @@ -/data/conpot/log/conpot.json -/data/conpot/log/conpot.log -/data/cowrie/log/cowrie.json -/data/cowrie/log/cowrie-textlog.log -/data/cowrie/log/lastlog.txt -/data/cowrie/log/ttylogs.tgz -/data/cowrie/downloads.tgz -/data/dionaea/log/dionaea.json -/data/dionaea/log/dionaea.sqlite -/data/dionaea/bistreams.tgz -/data/dionaea/binaries.tgz -/data/dionaea/dionaea-errors.log -/data/elasticpot/log/elasticpot.log -/data/elk/log/*.log -/data/emobility/log/centralsystem.log -/data/emobility/log/centralsystemEWS.log -/data/glastopf/log/glastopf.log -/data/glastopf/db/glastopf.db -/data/honeytrap/log/*.log -/data/honeytrap/log/*.json -/data/honeytrap/attacks.tgz -/data/honeytrap/downloads.tgz -/data/mailoney/log/commands.log -/data/p0f/log/p0f.json -/data/rdpy/log/rdpy.log -/data/suricata/log/*.log -/data/suricata/log/*.json -/data/vnclowpot/log/vnclowpot.log -{ - su tpot tpot - copytruncate - create 760 tpot tpot - daily - missingok - notifempty - rotate 30 - compress -} diff --git a/tpot/etc/objects/elkbase.tgz b/tpot/etc/objects/elkbase.tgz deleted file mode 100644 index 23a09abc072a15ae03b1d985dbbe83e017d79324..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 139574 zcmX_Gc_38p*C&-qsBfeq)2>pf5D`-$Ns=T>gbi(G0D-n`(uxi_j%k!^RF#y-xR0-rm@3+-h>;y3l#g6w{KS) zw#mW5C3^p}?fre0w3Xk~H*9vIvn&~B22Jm^*7mfIZ$0O`wr~4$op>Yp505WYVy%CE z{H_W7bMUmr!7sv*m6x7NE>*Hs3{vE{zkJ$L^eNGMpvq3XKVT0luZHf1!md{BX^wo- zgo#1)Us!27&G~!{Rj0+o&;q>4Gy)2X!}t6rgv^?n6R&PBk*n#bUHg4{KD6=`#SM$; zvq~CR*(-UrgND4Tx6v54VSW;=XO$k937}*i&c9MxQZjO9>5YC%qtj9wckQfPAM85* zYgS)woyp~QZAq_%EVW7RXDZkZlCJ~F4#+Kc(Wd(f>F$@3%3>w+IFTDS4@O|MTQjRDp~PWxBNx*(0t4*)pajo(e;iZO1eMg?{1ew%A!n(<$t_M z%NcM#G4*_k>fkxnpca~h@cW81esP`@XD3`f^6{42@wSNN9`7#_(mhp&dLCuiHT*X` zkrN%;n(1T^a5AV=-ioFu4k zknd+gCeG? zjmaJyz2f(1@JGswTIEEqVy!<*SNF_neDcGRd9EguG-EQQxOZkp4a>gg zQ*J=$5%?`4WEh|umKo3Pmmhb}Hl(@;8IQ7dFq?k#ED^REcpkDp&wSWW@~4Pl{8#hT zG2MKGHD*q9oBpIIDVQ(c>(}|(VJ%GDKxAc2Bj|rCW!H-Q$SgGKeWPtrwf+Opb?jWF zt%IQQ;RTO<`$oQ@ZzgQfx$~_yc9%|DyUev6{&k3AJ^cB_1!wgP_xbo^IumkjX=9a- zGo>#$&&rJHI+C3$D=2G1~=hPJaY+90|$@*~3OzB^ya=BOQ(#dhx2RB1g}3Fi;M|Q zUrOuv?xfRkCico?L2gQ?EA?ye7D~s-^dyb83z>*#T~RM<4*?r2enA>hoGI!w+o3*F zIOAZdus$_!8#A8Yd^rDm59_Vl<%Y@X>7~MNXD9M0Iv|n?YhatxK<<3z1G8`AW%@t!i45AQk>Sc0o>4J3K2z*%QXl*rcquE{ zaX!=W?+;ny=gOw1-JMu3`E5L0W9Wfs1RMLNCMY6x^01yhl3Cqhqe|Cio*e(4-{$uTSg-%BUVIFKoy&yY=Y!rh3hF0V92(=)-;DW(HV4bP1p zHczScjGD-jymD#wLbT0*v981moywEw=sUOmbXr87{p1_<;(Xa`#(=A&I@wLTK|l1? zWyce=8yEU-wkp|QDt_}Th)Cf)^jtqeU?tBB7efPL`nG#abDoh*D>lt+_xZ%`jW z52SwG=5W&Lg8g{;<~rBTBEQgqd1(fr@qrQ^!sl`gZ#`Gm4axE zgn2rRJ!Yyqxbowr9pP@dL86a&W zDs7qmK9kd%k9~D|#FE=x{#&+k-?U zPeT*i^@ozz@DO!XQQ9J+VJoZI`!#l8&I2Vh6efYV!%E3#b{khK+-50>dtsk9M@J!A ztg-?P$m?Jc?Pfp3WHqfmCJ+l^1IBR9#GZT@1N|Ua9*fE3FiGb+6U3TTwpbT1Y7F13 z@lO=>?46kWLs2ltsI@y%Cy;kcp?c!d3@jk&!PBM`J5yqai=@-7n!>}yZnGmECVwXr zyG!%5Q%8PUaOz_I)HdF53)q;71It!c85ca++fRHD55nCDYKobexmoQ3iiKALaEDW-0l;~h1-3g#iJ8%d|b z@smES6bBmof~cbyvHj=_u$w4i?dP||Bg0VkkU_BL>qVYoq~bomaac7~4&f8(K)iIx zfuHx_8CVns;>`xAY|Ji9`yqFmsvw!q2F0LCKYl6DXHs_Jdt`TD)SEN(72G{OOn`tk z%vb>APVWtyBh{nC75EN?!!VSMxGze4S_(V*;p}7wp~rmev|8WI!85PQJp5g+E}H?F>@-EZi=Bb;|Juh?c_6dwr0licvn_ z9h!>!x%#1iG88*taw^a}i4pw3V6qnWWMU(i<>RdUk!M7;S4;$>!7jE~S0!vkqq-u2 zlFcNv=4mdV0t=*KBv}S6=1@3`sKcgkH(231f}9B_yzjZBy;%4%CTGvqe=z_dm*0YR zNimSeo1ntbO3lYsYPGT#MrO~#X{iV}#?me<22s}$%3bZUW4yMx2Q*jk?V1tyav4B^ z@8SUNfX9*r^JEN#ZWK8e`UiZxeL>%e4W3M6iG|03oPRD~bPh(^^)tzpuMFN|2Acq{ zHXHG%fq|tB-Zmld?5Q^9;NJ$sU`A5_?+{u*@GG>PJ$2_V_%EBs57QU~4Zu84VA;SQ zIEN9Ihyvo*21kNaqooNNn5>_reV}sjPe^L z-v!?#;W!FDf)XFzhrjO*BQ}`K3TgcO+rXhk`HMOiZUr6SM8Sw|Q1iI~^y!Ercg0a`YP6J7CQB*1ZJKUIj*}*$F zB`BNa5UbJ^_KvC2p&V}k8gEOInVifWbmDg7kQrq2aTX4vDWrXdvY`t41K9|-Rk+t? z;qL@SGBj}{%7?QEI{4-TSd`d~Dac_tk+c^;i(?WA5wbirFi0Lo3?|E=W26a!Rn^B{ zaxwc6KkQC0Wi|i4%R-hkLL~3`7a^991!;wP@o?DCD%_BWf) zMo2Ace9_41BMdUWn^@xK`~cp+aB`$0Y3Okrfd@~=gVw`oq-Mc*U^dtWd zpyxqFGFX126UU(RVKq*4cR{oOrR2?pj>FXCB+!h4A>FN6jQ9C4Ah_~fbf&`$2Z^~p zPaK8?lB$5%xp4?Q6?#gQ4cnOTiCfXDEd6J>SY{3rF71|GTw9G1_2!9U_yU8+=}1ps zz)U2U;JYwUFO=9``;CSCg%>{B9BOG2)JyNJF6H5kLu#KPhm3;w~j~XjLhOGvnm+bbfAA^z-4bV-fgkWra z2W+(Dn}PXi5Hbw8R62v41Hy`TAgc6{PDGo*+WvzA5LO3pNOqYpLChYK;8oHUn@{lbl8u#?NES5X38 z4a%;@Jg&@S8x&A*c% zTa7yOkS7;(%7ZdEzQ4+xN&Ex;0$fSx!bnsUD*JXAE^P!J8+*|KodHcYn2ciN8KkSr z5u?<4U{uo(>ISY)>|!_^t%PsYXc`Et;aZ{7@GBo@YbM1{(r*T~^t^_N-Wdor_Lt#d zF&UE?pQ0?KL;Bg%xDE_)0=#{(HSH|0H=n-F>&sE#pM-Dor1ucZ#u-c!5r zE{**Hf=jp{3VyFOFlgx7Tko*Ol(tASi8a|H$oMW(kmgbCI2?E| z0o`Hp?Ag7j6D~J}8j#w-($9*$x|;Wa0qEJs7dL}ax=tU&?cgIW-6msYlOymrQrISM zxiSs;&0{#?9X7~NZmEklDsQ>X*9%$83v8P~>Lq-^M1>YgFja7WBd&vZ-vOP}u6!=8dQ! zO5hpEEReAmxGl_~L~f5o2~W9oiNnwd_|Bm;fcZHt;c zaM+H^=C8YVvCKbx;E4NC%1;ldxq@^HbEWfP1JNI+G@m*0H)}{as9Xg{x%Qra6ma0t zPV26&faM|ZkcaFUDA~w&v4c)j`XF{95rS~@Elnrp-z5WSIMZ?0Kdeo*LGNFPTE?gXVmcqL5g#2G?1xm*7T=P>{?-V|Sp) zw|Pn$NC+)3@2o1cbwbtHtoI~aRKGg}9a`UOWeLPa_{d}48QgUQfN{cszHrsHQ-jGF6q{MJ7Mpa-O(~rL+x*Gu2D>`wg=od$xLC=((!&8!SGrdA>*J z*yE3%(leN@H*N^{jJX`ARil7a&aZ4e?Q%mYXd6|H7U4dAcnXF6K=by&8Uk7Y#&t69 zY?SIcJj#Jb6-ZemqW8{xo*0sR93x6dF$mvA2vw}fiOYh5_e64;#9y~Kq%~S52bHj& zJqUi6MJ2!yu3#bi#*jpe98+;otMQ3~bSAmmm-gQiZim`VCH5{XGjNHxLm*bGEY=P1p+6q(%cWCW7gNSvR=AT9-i zWC;-#d^Uqv*X(Ka{3wARPr6y;HWuQS{Oie%Ul%aB63FJm@Ea>Zjr_Vlu)psfIEYUp z*?g>7rIoX={U%@i1t7&%Q<8Uo1@cxA3{V$<3axW0)H?nv#c7bDiiWZgF`djF*SiS;TNu^2s)nk$>k{qq+lJ+vTo8&GMxUEW$n-SWO{X z&uSnNlasiLO*pJ;g6jrg_~sHDDaHuW^C3=4VxV@3W%t2zU@W(+CUjs0ez$G zI&TUw`eN?MDuMC(KTxY^qLj!amP5C<4@xYvhuM8=sU+2_}i~<%xYGG+o7NmP`UFoQo2dH$VVBZAyoOf1vNF z4^V&EgKS-tOiw^T^H+cP65lpQzIpO{+(ndPIf++fhD!aK3U5X*%J=($aVB)69QyGE zQ7tne3q}dNlYKHpoMj^C4Pr8zFydFZeETW9NE<=0tBh5=(o|!!zs=8ruCdm}8E`5& z28YWSpq`NIJ<`QjbL}%cDx^gB#=)1&pP*>;7{zZ;3*=FjT+W^T6+EO|Ly4J8L`-GA z*|P387!_bnh1W1hGXrFwzT{8tG45}N;!lwBsbXr5@CSPF6;cY4VaV={#MH)(U5cZO zlpQzu9!Rm86%3xRNK%fqVB~_5YCoGE;;nEW5W8ofcMzgvL!{ea>v2q!a22Ie_lHAn zCDbWw?*zeNguaM@qhXlXy|f_XC%hac$!`L(sK^v0b`*mK?^WH04;8qttA_Q7P?3{- zk&Xzn5J&DxRdex(nmktQde^IYe;DK@LBg~6=%G*iOyuw)F6OhK`4&pP$RS-&(1lgd zyJ!$U_6i6zn}DG028P=cu#}Zk#08kK5WK5OGhp2mM!gEzU8}&<0vDhyo+&&gSUE-+ z;Sd|JiYH6ipxpBjr)}0mraRk-M*^y-q@O8}>du$0(n`SOa6RPbAV~2(jC>X=3xwE_ zoIntqAq#!PFWO^d+F#7y&%Qil(L5r>kFq77pv3hpNaNRGWbo5coMN~j566VpqC|_v zSBV(m6%;S=oueYHy$JgF{#ochAEK*bV4w7Hc@+J3~eihJldgg>=$kW`Fvtz-l#U=ayY3~EC% z*r(e2ZYo&5v=~Ej+E^sNJ?nGgH84@_O&HB#-A^!KK$DhHMiYGex7T2d{@-s((me7c zM)pZe=`iBAl*@-)SX6`7>&r8hmSaCBfKPSf4C37|3f%%+G?{`^2Q<{4 zZ(Y?pf~d4Ca8~Xdxz7#Lr!LY|ya0v`n;}3{gbr^<>4=4b(E^-iA!`i2Y#dr{rFCsz*tPO-qW#u%8nWf@0U)14@@*pM343vJjPMl8m5jf%-2@dpkhre-gWWFEK1QbId=^R+EN^t#k=@d&m)Ni&7;GW zl>@-odo*JJRQ~W3x45hi%q)-m<`GU9$hSblC6HhtQ;WDgbQ&%lpU=Dx0f}~ugT*+K zN07^Wc+bQzDQ3+OIYSsm97_v<(mW2L+COjbid#HK@Smq#KZHH2!uz8JM=kkgGZN{7 zUX3sp_~9FlSvJp8zHbX5;6`vUi?(PE@0Sh^H62x=K~DVo3mAa`T{zhpkIq28=&)S3 zigJO|Iu5N&27mALhc^g?M*eNb@7#U$?5NdDxtr$5ki z@OnBoew_v*TtU3%$dqd>FhOmC+NvM<7dmv8YO%91MFZl0@b(4RF^T$Tx!hp`B-a`0 zD9HYvVv)~6kSLe8_G2}lAodJ#4-gnNOSpxOMLIlChsHgyh6kSxIaHZBE{M@`3|j)Q!KAKVJMuqH~cVsc+Xb`-J*JYmN<58sZM(H}(( zpSgug!PuHiuyw*xK3T`d_+3B=wYUSDMiA%IK(4l&aOAo)E=|pmO>iabyNBxIqRn$s zSr|3*K7sILYZX8R_}az#D3oaOpM}bKia%ZaHD(`K6mqaq0aZmziNHm7g%z zA0WY8z#fp&*|68{N!MtS+^EKw~8>4ly4)DQKMQ(<8en5SiJ_BUEhsB|KS|*f0pca9vGh! z*HK8skb^j6d3Bm0mvTso=M8*Oij?CAaQ(&xcfl0XDxT4*0KJPC?cNNW3Q4>;f~zcT zQ45Ziui$W8uuHiIVH6L;XIzvdqrM7IP>~$)KB0^w?kXjlUBY*ohpBau}K`OA!3^ zy}$r|bk{KQ2u6L|kTl^Wq1;4>({@l*j#}dG$DkSnKM!;(V zPdZ?tX}YUpfpRdy@(M`H#wZr$Igw>-#0Om{XEOMXu<#H}2oXUkbGSK@w9W+IlIjlL z;&J${Wl}U{vDhJ;)BCt73bzribwjiTvFkIHRqdM?%&nK$Pw)s1fAyj0EVnU{O_5NU*f+4@|TK=KqBk*?nV_PvzgY z4DD_~UUCCO@f>bgsD8V3pKR871!b$b-!=wamk!Ww|F|KbA6qK6EY>cs|#ptOv>>ltREBU0@Av_NG3{*LnVw%GFcG6 zVvsB-GJ|}>C4L6(DeywjcPxO7f?u);lc*U7#eyFIXD1BzzJy_reIix^4{_LY3x&UU z_hBI+yG=(RM1&3V__Joy*dQsmJkx1`lo4rs`V)VVrG%Sh0=N5HnAHA=-<>?9sj|79 zYXUWii^M{~j%&`jDvV3>QYOV&E3*f3_;G8lJO?*g$G{^YMf!hu@6P~-nIFSSNtsOIX>^2990ERAcGpLMZ+K*?_Xy>c4L|nd^8{lKsV)g4F2&7| zw+|r6W7kd>Vi}AZ|euXmu-X}{00q*7k_0Dh;a+_PcN(Qwe9TV1ydP4mTb+}gI#-50?a}CSa ze!&b?gJm-v(TH~7=cy~Vc9B>|6Qq~IRS=bv8b!i8Fi{e8ulQFO!df<**J;MFpp8#7 z91H~4@mX)ecymH1XgzqWzU&s)9Ivix&} zXJCU5O7ycnxq$%#%eZ=T26FJukB>hUa$mXv1YjX+C3DeCd17VlcdZqV*u6Zt$>3=wtbOz1fF z{l`0)Ar|gkD7*bH* z34Dl&Yn;P_JN_?^fNwx(U(6()+22wHS{?XMN~sM=z(+t_BydMk#VmsT2qJrTJY^le z2R{wYgh4J!y{vqPz=Qr7SYCmo-$(UV3mb@+wy^Mw(<{I|+hiLIp07Ja=3cW~(RX-dD(KB8sj}EgtA$G`$O0)yA2#e;e!6Dja zLTqE0qbx6`eZ?gFS>%w!qo{s_@*sR*!7oE!vxQ{Y26kD=5W6n^lP*3|8F-3I$`}iw z{V6nFNTzh;ategbBaF>0IM4G~igg2Dnj6GhH^RH4aD;1Jp3vcuBwv6zmU0Q725a!M z@hkuoN(V^z60t@979r}xBxa|P=jS=xeL1x`b8tj>d-YLZF+*SC0Gx+);=4|#l5@Z(UU8p|JYLzp@ zkZq<+;zuBG+0?ZKg(340N-qy4)nGOYuM`Z7EjzvguA4lMYK9UT$1sA{p=~DT6IqlM z_$Uxp?ogXdpf$F)6*%4Wn#C>gjXEgX--9Aofk@zaQIv8%6Qjh{9rlVV!U#NF&7DW& zmZHSU4PEacrI_oIrzlT5fVh9Kbq5c|;aEo-5|4D8O~NR<8PLb`fcBUi-ZNVbMER!i zkqJHtRE@!ELcY;>6&xLaCv7Z(pOrm-Z4VQ{GqTWCoUJr~WP$g-5zgOsAMwD`0`j9X zlxssAp#=hG!+-W*H^L%sUVrXpFLDzV?ZNXP8>cj!{qjKHc%|Mm8W)4=_*dP>W+?GP zPr`YMQ#?-@!N_-~<#axYFe!(7UO{GkGNi;d3oaNie2A4fMbtVVr+^nin%yj7cL_MdyQKzDZ-J;*?8M^lI}0)5%LUjYImr;UDMTWG1J=TgZ(yu&oej z^9*oJ;|_A~^K%2%0NhU=K@3tz;@r8PBbUy(p`s05-oW%@;TwmzaTq3XRwG-Ifoh!b zcOk~KB6VXdayA&hTUh}?k(km#@L+-)m)C|ij6y#zBc;L0VdR&U&{)ypTE?DDU^9l%y%5Mw7D&YMeMn;9~A0 zQk4vOBQD3$nl&q*u#xs=IPx6?r;+>obRKmlv*80BKJ*eoL1Q6;QU8u1t%;+e3ucQI zba9Ymmjr@z91(+Hn~SCFewV^SK2CM`H1B|ghGEG?kkeB-il6HTptUjsE>(N_{xe0* zYx4Qi6tNUM4E|by4;^qe3Hr;_f1jKc%KHSq)g;UuC7#zw9l+yO0JpbOMp^i;8dDAA320-H<74dJNT)zl{6|EZr}=owI0X7Ha4Jr~ zWD01RvJdpEtRnm;e$u z5%b&;cTN@q8QDONkyT;xUuXF;5p|yLWg&Zpk==K00@=QE35&+Z)hB$EQcKzK`#SzM zbQzO4$Mei%l<`BDjQ^88>+xUB-7eV-4zX&OYxQtY#e$Ka!2wOh2c|D*5Qpa~A9Fz)jql!E#^BxK91-~8sA@-$syjJ4b`3?>V zH{aUtH5+l(j08~`p2tTWGBM;PQ~x>sW(y-G{u}i*0oSJ+ZPPFm#*^_spI#06>o8(6 z9_Uu0l>0qjG1m|^3<`~r^~L{&E)y!4LlY>8l}>Ym4v$0{n8++0<}e~YGh4zvip$_? z3Z``yW{unMcP+SQ@bLkN?f|k{y2Kw)DZGlmb}<7(i;mOqc#fct(_ko^1%`Lg0b0hC zyYevUc`Ks#$Fi|j53TS!Hbxm3f+H_$m=nXZz^;E2q4Yv(h@p0UUqrk#nupI+RHxZN z+deaAwg|6=hiJKI~ zdsE*(Png{s`m0U-F*RbzetXhQc=+P0`MnvrPn>F0?V2GM7Ecm-F90PIb5WR@y;OzJY$f?S9lBTXHvf~U6m(iRCTr23RCEr+qdcp=`OuQsU}nSqovRn zvE_~axeh8bR&<*ecJ2s7~4l6ROBkD}<9T);l-Ub~0i{^mJ8}`qIQU z2xL@wP_v>x&Y|+P+UdG(r$^`;#@lcIZ1;7K7GsRJI-|9Jx7UBxXv{5tev2$O#In^T zZ8Me&G5sLVU*)+eDd$yyKAyNBb@o>#p+C zhOT>)Wp&5GO68LG3L&A164&c))50Oox5yi)#A`Z3Pu$8Un6&k>(?W@&XM{N40&^=v zgA8s>zAdn_*r*r%n)8%g)~$@F+?m-o|1z<}?s4GU`mlqv*B+Ki(%Cj4^zz7XlgEWg z0`h*WXImvAUhZDnLEWx$zw5)*SZ^KuyVS-k{Ab?VUY4)3SKly{8m+M5L045x>WVg_ zmDv+_74CQSnErjX^*grzai`c)a=>#@m*Ix%>gIh#SRzef@@(!I3#?G?}GHn(nSwk9n7LrPqDYDhG74>}$tIEff@OP8N5W?%UX*Ze#X1OZ$)XVdPF} zEhn)jar9P&h`!B5;^a}65k-IMO9kdo9?{731Mz-;J(+m-A+t8c=T2Z2Q;BAjK~R^! zWJY02{deY4(4Wbfb^*1&dMBKPogA`92WN*B=e^HJjIM9;VC-5G`X)mpfAshLUo?H$ zb>|KoAAO&PrWxNUS*j=-g_eg5mo^yout@CXq)L33;jR-X#I{CUiF|jt*VdeVMr2R>GU#~liP5<%S zCRTF)v&q)#%e8iQ3}f>nP2H%kRZJqzWqNkG#+G;<;ISgaZ(4E#Yxc+9{sM

Ko}9U* zom_Q~`S+^5*Q&eK@g2L-LIop*A0Ehl_KOCc*!^Ld)`bt*hy~U`J zf9aRP`^J^`w$xu#x_T_y@z;mnSI^5OtyHgVzr$G4Gg~Lgl9*+x>4!=*R|WrgVEmka3Y8i)tB7c zgSF#d;`VLSI`?L`i!bY>a*|l1mHC0N^FbZgYDQfuYR=dWefab0Sjy0OSEb~tlYc|} zO7^@{k2P}?b^DKfP}O~z$8{Muy>n)99>pck)2^N~Q%M$DePDa4$*K5qO=kwP*kW?L zR$M9KAgwfbjr~e{;iy8Jd-qj59*?R;8Eh<^U#uAYiDkLVBSPd^>&bY#=2wkh=GLB; zYYTa}`>%|mdiZOrd=cAa-Rg?n?^pesGg6ef1d!GD~cIxZWKd+MiL&zH5xM`yMAYJ`1VwQ**w_37-A9o~Sym zc4uwKj(0a69eflj&|w>&P^JIP>0mu8?n|<`ef9ROPF1P_M?$W37@OTvcdL}YQ>8zZ z;uLV?LhdV1Bh}y5(uCZE>L1qEUYxz=N$uOeVZQ>Up%`5(%)GVkP}U)4(`3KS8uc%_ zZL7=6^;n}-C!4A-A8{}%4ODeFnaz&2W-p@mJhr|Ujp0 zChzN$NcQ!F@n;|OB{uA6b|$yIh^xyN9#C9weFgheIH1TFGBhkX@MX!bqNnAxU$4ZbgKLOYAO1)GjoMjOetoR-YGq=EhlyL$`N(y zgVn4b*83Ue9~TKLPdhByFgbm|_56~iB{Cl|#?718jJlTpA!3z9EkmYrM$?<-7gJ8g zbf5ShCawRbYA!|l`PJugztq3$-ZQ!9|3jmxu6I+UYyOEMk3;ou%XH?J(?|4m?ny6i zUOup9!xA^vmczEXl0&Ig#wOY%+F)LHp!ONp+Mv$0?pe(GCWnmW@Th^jDR=VH9pdtd zBIT`7vm2(>J%wEh6z7D(u1xNT(5Y`^_HD8+m{?qX;rrtUC)BkjUZvcAx9x>p|4YYS z^(}-qKGuXUn_Q!PQwU1_&!f)t%2+T4PYs`Vp6|{WtTV8Xj?yL+bhm2_Ruf-J=Y>6L zpltRn53pFf9$l6#Shnw;-y@+28Kb$450uY78(;nY&5OP~K9fB^G&{G}yo&urn!Is5 z?!oCQfxtTJfX5qEPK+cZ$VR;#Y#nX=Y`CMb_H9VW;ndjEekY>X8GRoF^X$%zX5`2G zRr!(}e4Zq4qvspe=#kM^8N$$P`e(^k&&DMKm|i`Z-TDXK%dkbB;KFmS}A_PV|umjS#hk73r#5vn%-TP z{&D%7DMOg`)Kf9owrk?9SHq;j5g*S#T{cruA)b{bjf`)*Sw1@X_=vlMxGVVlS0~M3 zX5TwM?3V8P@NJ0^QZF1U)3~x)M|YP_u})o1 zJLjx~RN~VnEi1KDdO=+0jT4u)Fr2-`*ErR`Wi7W!xLx+~kArx1!Hq7v`rC8578?_8 z=Xez});+1xJ@LUfx|`9mI)=8SxmSSkomSg5S1d#8dhla|w)g8R!R8rTzDU2={ny*Q zPUZ`vS8L>VR`Q39c|4*Cxx&rN0IyFZlp^%`e8mXPp7j; z@Rukf-!HWe(Bx( z0ao`1b5YxvGB$%Q&GN1HHmUs^V)Uy=Pc(dct1X}_ zATJ=hh*^Hb_R;k8^eKhp)o&epKUueD#hwh`@AKgFg=GO<&P7K!8MT_~5>`>ozswo4 zQ(H`Ax1}79JMbm>_k-q;SA;L&hvMy6CF<^5kjhbsD`(X<%N*SCXM0#!wrfj7xk`7@ zk~Kopru8K~lY4`d#)j6c(5ip?__LC@Hfz8|(|dn(S#>^RVpVt8$+7Kr)f1%FTA6c= za{rwX`7~CMzzP=KUKdNFd0OXJH)S&d4!u)25cPSBX3A#qx|5eEVI%{#7~A}k9Lv1$Ni_+_C4ZPWV+?bX?+g&D3j~HY*Eud&wY1)67!1j zayUg}SEys0S=qbf*AYVxBNL3+g;rov)tp%Pt8r= zVx(+6{O6lt3OeW><~ZNqx@#bCqpEY8zFgHA5v}i`x0U;wBkc)wBoghmi}LpN7Pqn! zrv>L$%|H6FN8uG=@(QcWGu(zA>J> zsj?lD^n7#%iCr%Ai!_v5OYf6m$gsXGd29S@-?_~Xj*p8=uRYYDRQmY15ZaihDZRTUBoDO-Mi$$m}$w8)}zRSY}fvMN1LWrxjj!T6gs&#;+Ur^!9I_z7#181 zB%`d5e1~2vSa!&HAYpGTu{8VM*4C3GD}h$8L+6n3mR`Nn8G>;)#66#3UnYv(r`~S6 z`SK>QRkyNcqV9FRp7z`dwWbvl%k6HFnqOZ?*{O6{?!n8M`dQ8?&RuWw`=c|`rybO_ zM7wD(v(DE@A9gRF@fIv6#rbDywj3|Id-6q5z&!%mB)5E^py^HcAI1+YwYYSPHOr9` z7iLz9!cw$1Xn<{OV58&cXy7=d78iZ@yp5ydlv|pti`c~R&kO>3UXv&;Ue|Wr%{1-3 zZPfB44LbvY-S;0ygp|b{_-tvZH<0@C{fl7ln2!dZ2biC=7(=C{pPgRMpW3dyE5xBw zUP8P^>sxA1)!m)i0oPe6Ejg`TSF{Eudd1V8MVRd!?bOt9i%uocV6wyB zUHf)_7TCFaSNP*ox~Ft?2fLah!@otPMKgUmKftL|iEXC38wLj@%^^3)z;TV5VnDqC zW696wHqrWfcS*|I?hdh4OMj~VSz+ej_RsVxLERG@KS%GI2_M+Xs!`b+xzAa^qd(o+ znX@VLjVYzb|D<&pvi7m+4s2kONu*xuSf8u<#piaxL!_lz6k{~#6Okk5RSup)ltmi@ z{7zINp>RpfzC(g?|Zlv`ap4oT$ z-&m%9F7x_UPtiP|iLK-wcAe5(aD>6ZxB0WgGtwFfctVPqyc0lnYdR}2Ne&Qx*k5?- zq1+sHN?C*H5i(H0(Mq87;W$yc~ipcj}vxUt9)TQNBF##&!oHzog;(yjjy)_zQTZ2V~K zca>lcPkEofSUK&#hvGunr2IUE*vgVo)<+r|>%G2k}#I z+zR9FAx6{&aaTAk++0!1-kV^Q5~&E$@Q4==G+KMVNst@R0- z1?8;)bArQ*)K6Nya_g4)emM^7XA}rL^qV2YJP-B16p&k1qqU~?o|~#CXD+uaFepG) z=|((MbcPma8(0MNnl-A)cgP33zd1b~{HssBTx(gZ&aw|j3vTb)wB_OA|4yDP=kJbq zbbIllzC}eFi#B&Xek$R=VU_sgam`Y5aTC!Je@ioox<*JCj`+20u^A&t~;{2 zE_&*VtBq^3?fFXqIm3Qium&% zEzB*x{QkOLEPbfp?drH&{a*vW{7xHMzP;%6sUNn9Iqya4GgGi-Dw8e(lYKE6I#(WP z%ijJk^{o3AC1=Fy1%%^u1IptjIn6z&EHW;qnhrqiTnv^tROn_eY++4jZ#C zap~*fS5D!NU-NqSm5_IJN7;6j6oc!FPs!d+dM^}f>Ah)m@uc_v0c1d%zihx8GGUWU zcmq6$y-B9qCDREYa8w2yfHibVZ%6mZ9+N#MTa8|qeF*R?*$)8g!xxbMD|D^?uw z|7@jW)r#8k@)}2b+GqEzb2x77>`MZKka!1#w|xJ~vdSL;InzcA&Bbu+|YoA}yz62SPJI7v8K- z;&0fKnCLeon^5sgcIMl-j%8;$^>_Gf&`#HLY#sX&^`+E$VxZ8SlaZoC3tr(>C{|Z6 zvkg50rSDx@#%L)drLpiCXUQwL3K*~zTn3+)V8p3o3W151LIWv;Q2CjeZ?o^o{*G>- z)p!?PC+QPtJ0`t}Z_ziX8vhOY5+8wUIrJHRgj=q|b?_Rh16Q4-*TA(7uR&z|vIYr# zYEBd!+A=nLjZph~Zc^q5gK-ETaa*E8jg_^>A3D_9`z@pV=!q%k$7hGG5!%yd1I1tz z+Ci#ygqN{$IePd|8{z3VzH7$y9N(Xn>^-@0vwjR$FI|rAx7`1uuUBF12j8q{%?|x` zNbQM&hHXA)jD2c8_ys4(&Vct@{w_yGF=*SU;t*v7t% z-;`~XHOM~T9)e!pWo|q7j%+*k0QWd|iaWx+f?m3XehhkOzV7A_3fzG#fV3m89n=86 zqZ2<20wQ#FOsPKw_N~NznToU{QSU+S7zD9N{;I?UhN64rkIGl0c7i={;3Vu%lR4%!9(g z(cZ`R?BXAQ5&DtsV6_3i=ypmUMz6`A3;nZvTUxY*6f0{3G-c z#rJW~Dqc~%r}$j)55*Ch-)mx)^UeG&{$c(oI);?)=1HWfN8U!j8j!cSUb?_p-^F

Ys1Z=&7aaX5@}F zqvwe4abj)ZpvYX1Ig0~%553c^1N4qqOrR)8ZyD(8d?fpf*VGD4LYwfAa7;KOTo67L zz7=Ye4ayzL2b4#Zr<9sclz&q~;O{};U%)%-JnJf#H0XDvH=J9rAInb1==ConeLsGl zFjHl$RV@}w3x)Z@@&KVa80=a?s{u`jiwSKV=mKFWIBHekqzuOOKqRF3RG$^}AFGU_ z0hYyrXiH%^oi$=~wW9SguQGkBGJ)3`5cpB0y{Ua+rlmr)nBeMQWvyzNunfcuAB&MK2UoQ)3p7de zMVj1dK3E`8FBblxGQBAn-O?;2aj_t!)>xyewiC2KrTv(=MBk4g91@fP;HN6R<99xGkOt1y6nO2^mVI8SFj~osjGX!v#?L@DrA@J*(kzk0vY!~fL z{k2H`np}ieA~$hP4k``=F+gWvpWBHP(clHTW~Au(_1987m${MMqjCi(2I(X?(}i=^C_Qh)|BjxAwqg|UGVVqsvW_n&W%43Qk^i~7+ zn3DY+_u7=~Bf)@C-xd)=3FFri=h}hQ8D`VK>V%@TgB{<7o6@TXUoZyew2e~AlmOUQ zK6?Mp+=z=AA8>2iGB$Fj&*f}g1D(`ABg5i9BmJL|X+0u4?T*0cWFzfXfX{cxxDjY% zdaV)7pHJoquOdBAk3e^o%pBHX(@`Alrq1v;2o`nn-G)^S3;MR7nUHy3)0z2kdz)rO z&fT%^^5Gp5BJ$pK>{VseYzW=|ciZl9XC51?9Fg^0+OXz~6ic?Udgy_1p?k)zZX9(b zDc5e*@J4)O%*@_H*X~&rbI!7o6RIahg`_^P0k0i(u=j+hkU->@Pf-F(_K&2G72I2Zh6$!i0q*{u>)xR88dZczHL+s&u>VteSjfA;Tp zc6|Fb`>xj^Hs2@jJeWFa#n=HK`$x8oojE^K8Fyyo@|3LY+)8Bm3-_e#G1)HJZWtRk z$mW{gL);eie)Z$(s;a8expU{vo=c{I%ZRJ0YSE%a6~wh*K?@9Uy6QR?c20J)eg`fx zA5B&q%gRown}zgAz=K7hXtJ_R;t7cCy zvA^oIPxEZh5zUESCp2d@A80f`Xf&kybn zdL7Z8(Ed5#toBi;D(?Dm34Wj@t2bY2zl-^EuN&G`y7MtV_S&f1qdTnY(7mdAU-uU> z^827mH~z=Yem3d8uS193I@?zLXR@;~NC)~Q1fZ|Dm_2*;IyAe9rg*lP@Y$thWu;|g z=6tq9n|+M1G)c=T?$|o?4DmfitPdb(-$U<%z5tELd!WC8>udBEbPe>kaD7KHr;BVW zIqw?zpu!|Di=3*I05k)4E+x~Y1lQsN0ZSw`mjKuDLKOj5bYyqf3$mN_D{vi@KM(LI z|Geyf%cd};1D#d9T_Y3AMg#y|#qBdvOq1C2j zefo+M;W-zED4DfPa2imMFEiAkZ<8pg{MjO#;}y%`9Nl>~$+60knB#E{kXI~;S(I5_ zo72Xh1lv20u3MpR z(YNal>7UWRtlxm%)nC?sr(cUELXrE(y~w!_?Pfg7ijxZ@kas)h7W4)f=aF)FMOJHQ zGT zPYvH1YK#rW9mWTY3yvC38Jo~s#*d8)t{EMsb*62mZN4q&ps6YTNz)6a^QKFttEQh! zO+NLWTRiuBKJIza^PJ~J&#ygy^jz)L>b1}7h}Sjm7IeaEXRlSLwwrFDup?SMEMBj- zD*I`*S~Uz+eYJWht$sl&HSw;GRX&H_bQR*WULSbzl|m62k}VWW^M!dZT5bneLnsc= zgtQPy^`K|M$Z8>YwTs>`jI5`Wd7}0S_Y(A#zTsx0%GlLv2PPLP1>H&E1&0`ajc8SR zh5H*-rpic*(E^spRY!t|^|D%2+R8{`nVgpB558T<%Z-ABYJtP3nkCHhBI%p&74Au) zQDp#%QP9_@1c4bfrG<$Ot>bp2g*6;%ix#v2Cr&sH+3iKL?G&-iQz>yr!>(@)OSv7# zBQ3*LnQCNhY2mu;vo;;yxuhl{B6H*Uq;L=Jcy5v|`a2=5Cdblz-TtnSTysZT^9B2r zNbM?QHSRCSF$*;(W?F{X4GSUUuu(Y;p+SOdx#m*NlMaKi--_kP(Hb4v&b3uTKrx(3 zXse!aDC9$0h7l+6ufC5}tCTwRrE(?Jr) zSR9#wda@FygS6@u%U-j!U3VDt16D7)#AIe%BPq)bKDB?4g{!^8)^Xk8r584LSqN-! zEd-u&TL^TQw;G-DH0aG;)(9J%YlICquMuWmi`GE&lK9B>wnMe4DrI&J(lrdQ>jjEr z1nNDIMQ5}akjq3BJ;W6I;NqEh`d9Ebbh!aK#?OB+TBQ~K`NsIslZwYCH#ih2I#?d)vI0DD({Wnhv;-6 zH}g4JPkO)nIoU}Ge@U9BLWPO*loyc_74|;Ju3-0gZ$O8=pFw9_`WVu*pwKg@73s|_ z(sc%jn7^9X&!DGK2l|twsUHFUnltDGWd>1~*@FCUc9Kv|5-Gxe!s+-Mx{g-iow#1o z9cU}QipYkNuh7q6Uxg0JU(qtW2H$`;_e#7HuZC+4UMcB1xazUk8E8UF@XRD!*cFJT z5cE2P7g$~HPCBuUu}9f|;5v2}`w9L6u+8jAZD%+S;|}k7S2wB3iM;Af;Ca-qtLc9d z-3`byXxvd$2nKKwIf}-KJg3k^fD4O7ABs}P6>ryOy9E?h&8554HXyPmfnapayAD-U zEtm_v(Itx(ka?Rbx)4si=2pD#ecgM7xy9UW{*M0$`ZM?8fKxK=7tCuEE>)6VoWHwy z1X*?=3m|)u*Dh)R-_?nW-9Q2pm5(A(Qw|F3JBa-n721nLeIIhiAduH3p4TL_76sKH zOIPDxbr0B8`Bk}9xdZ{L0a3IT`LCd+)(KsPFlJHi1p~lpNBIC3Wl4It3j-9RN(gV5#@H*9c81#CjPOH}vf1r4%4Jx(fkog%iTPW%uu>Lcw zZ*uEbi@LJ_ZASESg%)%PExdw01-5kf_h2b8h-m z^ds?Y!NfxAp~id$Jy@qE1L9^0I-8M~fZl-`@oPxbucO!8G}*k~h#T?uXdU~xypCN* zbtx3ZC0h|GV_RW-QB}1SEvSM)%_-V{ejkRsa|x)T0MLyl!)a3e0hXo}WfY~Vcc2fDIRV_nA{W1M<;rE%!(4iR zrrH!*J*>oQxk+!Xc3#6o%wJ9IWy||6UsmD;Jj*~)&+1`I<>0T0UglLj>|rVb0l3Uc zlmE?564oPNpYme7~cVWfE(y-8g6 zOZrI{c0ZzQ;7b`^Hm~)1*Zf}GgY>;3+`jL8hfdHBaa4d!uCkg5{ChN9@blKlbRIKHACQ=MGHp z*90D$uph!XI4<(h3H!b8PdYMi&@Qq_+khKzGh8jWLDEfd?ZI2ndi*rBIve28llEjc z#hlcgKq1nX&28vAbFI%#)a29V^N^2{N!4-49fbbv;Zyz9hnt=;;%$V@pf`A#CLCw40 z9`fAA{D@%#OFxMi7S^(BhCF7qt+nxT#h-5^mHi<5MAjgCS>7OPlO2?8M~}+(1DxYjO9`k`G$~dp#4%NsxXp7e0pI%I zSw^!>;Kx7kL8SM+0ktQouK-1Luag5f|$`{=qP8~@{y+j`$){Va3- zxxle)+pV7r3o)!r>o@pJOTQ4VE(0k4IJNj(V5X(b^2FuEH-aiwHr#Rchi?b%TvGFH z=y%N{+F#4q)9^XRj@naJnAET;&#-rNU53qfWW%)(ZgqxrU6{!xocUZEIhwZ{uMT?m za};>Ml`CSJ3APd)1X!vC@0F6r=aT-yg%SNv6jTOG2Pspjwu#PY5zI+-ivI)NHuZS7 zt0taAJ2CkZ?mOB~`#bs;-XDL5p4xi+6NIn^`fBUoT94OAdM#W~lj&SpiSED@Jv3<1JcyKVT1g`@g!uegt z2j&B1KhC^m?7)rr3X`*vg9>c_J%AvK+I}sn$zptD6YBhwpV8)`MmsTIUsWqsyi;0 zrub_V?0*0m;6~}(=SH@=QT(S{?MnL>_PKo(_?!2-{q|Evu0v;@6fR;v;LDJu|4&?d z%Pvdn^3Sl$toOiO!_o=0S*acY)K**yt0j7#{g*S3V`O|*An1#x;!>KR=a>% z&G1#ss*C&vW@Q||05DY=<0$17jN>A8@|2}#Oq9JUVRYC;z-BpCfL=qaGct-R@BxCn zD8v2md4jbPa9%EXwn`)oZYMwi;j|(ACqiv=5@_f^?TlwRUZT-NPCbDmhYr<5{=lY0 zPThw5{g=GT4n2o7OFn>CPUMm+?Bi%ZI>oNWM}5V`Yj?fOg}o*_D`O?~jtk@0EHQ3r zG_7B|c8hUKYwP;8jqUBtja$HB+zrUuwQE1VapOkg4dUB)qZN1oYrL_u@kZlAm*#(T z>Cy*VjJsNQuK#H1M}KeL(70vOrjKrHY23VN!@`Bljo$)a;}=Ah2sIK>W9t^COZ8v= zv0+p5w#}RW^5eGVt(!M3Uc90CJK$^nipUb7W+H0bvd#G87I56S@#Br3;QntwOMe3` z`4Rfo#%AbSZG(h1OK#HPCZh^6XI%%E`*$!fPF+-5TDqXL6cs#d{-iFUNiC zd(HPxWUG`y_)*653PJcz2Jj@=PbIX-z~?C$FGMR|1;R4o^Q@dOiFlJtP;7%scu1xY zwh#nbh1X@D$;iIv$FRe1o!>UUgMLr?z2JA=?~BQ5j0fC0CTsm{LA;U%~5r@D_;L@#@mJ2q6z@A7Wvt__@qB_+fdJ!IR-ik0A zh1wIL-Zgw|3>Draqi5WV-b5XpNIr5{tQ;RR<-5YDKZTTQ`0PB+~?)KLS zrY9inqzT_1mjleer%i1GBk zDgX$dB)^O>lSqz1B#;>HMZL&Z0(>tQYaNnU5$?Du##AB&Af^q(=1j2*C*ZE=aqnHMPX#k4K>02!5R49D| z_#(U$F~W!ZNan1X&VPD15j~kQWt2>t2eKH*r07*Oa}{u)D-okbI<3S{ygFDP(jQW*pDlONqZTJSbr&3=dL{ZYYAGT!&!hW7hE?tjw%oPRwcU4LkJO2rRW zMXPiTa!#j}mWh_t9HKrf<~sKGCX_%9v2AmDyf zKxA@UW|!UP8M=4~HHPJsbLA=+~kD46P4)QFgO_ z6)v&^x>G-k{zPqY$`}=XhFb&viq@fh0Y?H(1dtCG-ol^YtzA~HiC*Et&IY`v{UG2- z+?N5>+8Y6@0yhTk2|OIw5%_B0`+-*iuLnM>SrN29t|jOb_3N(nEa-;(f_YxXJtXI# z_wteqS8;L<6()X!FpnSOxzjRyUBP{%;GR-&o7qoU?yQ1)M8SP6=Z^6N{$0+IUMr+4qV|ilYjL;&sJg#W(V&`ETUk$}a|Owh|g?*?5C`Yx!}!n`88Dx*X8kTPk|zK5({QoMjE zt7Zig{>|4P6vGp+KoT^67|0sJ_rgstQWY5d%WOFLZ zE9X_tBctn9G=KhTuoup+tgJkZ{!I0}Kco3zz}f_^`C%(idXwA16}P?TT7s*2}f@b0fuVt=%oP<62@hIyt5nrwzxZNdpRga`Diu&xfF`7BAT@z54kTN~SE=@k z-o|F2Eu&k^i9RprFRP5A*$-4|N#RJY6)GCfD$%-3x3phY3BvB<;ksndefwe|Lk(Sc`WTWex;nM3vn{1KEJT57kglGUEGw8X^(3b)lvoYL^O z41*zMxv!;RO@_ggR+H1#!iVGtV{s#MBqc;66x5`Tbc`RNQ>E67vb3axD1{VmBr=&p zuuz86W5Fv&xVDB4asn|cTxrgN&~v&F;oeP55(QhYn$1Y1e$jab)IulFc{h7wF znZ~gaf9HyC4ahW8{xxVBUWQk|wGuCr^m4dX;Z5NGC=GEd4WSu1DQnO=+cw)l+mp73 zpfz#o18}zwqFwZ*^Pu$dc@W)C{qCois2`O4w*Y*JN{D)Q7i>Fvh5Ell?fLWP&zU!G zUdg<9&b;i@n_Sonw)3`yr_fo{xw>`)t_RT#`c0qsUEh;#`ek$p{B8g&kEmc_>8t2rR8>{_BPy+O zcAJlN=|sPZK1SeO^&_#XF4?Zy_$3NYrD~DFOQ|y48XA-;ulYiV5UCX@i-icYpLV_* z6zNV%h`*n9na0g$2?@gC0-eq!yvyAQT!D3l8={WXEEFu>65&3#NEZ{nZeXbp64agM z^av0!F?9!oFlRXTAxe>~1E|x7?Cw;$o1;i`0BKEtJ%Y@t2c-*~#5#cdCFe01sXRmX zhCU@}%0d_qAfss?alR)CK7v#(^DxqOb*cf95Z|Ms?@`R@+KK4#6m#dgtctbBh0c|% zUF3|UvNC$8g=m$nM|6`1K`TT`#cs5C@#2LG>6x0MwXhL657}I}Sfnh*GcV(HoO|)- z>uQXx>rHFdtZ6m2Zrr$b&HA>s#`Ue>Fzy0m&6+iru3x{t{yOnpe|;nH0=EA8_Vw4- zKX7sJhZirt-)h{sar@d2mwouR#^&{{8#a7+y>mbGw6A(OYi&N{+(iz|SC2 zcc5q7^f`1H{2cf)st?{0yg&Hy;FH1Uf-eSt9n2O#&hAB(RSl@B9RZxXo*2p5?nZ1! zE*^k$8{l0*q@E?;;=22|MCUe2j6m50Ty=8c6q!5T0pNMrfO9foqf9tQCYU!8RM#fc z2_W#43^)L5=#(bsDHS@w8>pXXP$2=7Af34cg#OQ=yMgdD8ut_`d`e^~d`dFoV4#K; zSUY8i_lszvTL`FdL9x^GPwZ3dcX$=s#(s>iun@v`xRnLZ1;y06lkqia(s(lltREMKu;5% zon*WxnO$x;b;4LK1wwiWB~$Lx68dBCYJ01FH!sfCI1f7|7;&$`Tj{Z+qxK5eUNLa0o8CfIC87;9JnEA#e107CnoOqhpeOKZJizqlpwdaw*au5N`et zf=Kn3{312}J@ypcD=!I-ORR>?i6DBKDVt$ z-)?ttGcMj)=PImtk3C5^DSWxwe~vn!tMRE-PXuI@dU7o_fY-X=JP|aDzZvF)MZw?;lzp58LNk4onikaJB|u%Ei0cjEk@p!m8VnpHG3Cw9y2w&RHT&RLblTsV9}hyI)FE@{!^@Xu=h(I zTf#m?`@>eFzaf6vN@G)WHYZp~-ly0UTGaUc373RZ!>}x(Y+7Yvgb=vLC1k8iG0}p#e3~%`dA_a6PiP zn^nlN0?nu=XSvT>K}|iObmFU>oU5JCWhmzu3TLiDL+i;gD5A(1m#KHdsdE%S2>Ed| zO5{J{#3Az?WcSjN*|UqfC}`|!(4s|)901Os58U)wxGtdcpg*9n;yj&5JVp0Y(&JC5 z{s0<1!te;d8vFt3kn{-`M)Y}fh5FZEVyivc^4V~o)HCv&gz6UR2x>SZAFH1-gUj@D z82Hju#;%{z%w$@R^Gw6w8XdB%4jJKN3ePPV(_e z!(`ez&M*x_svD4H4W?{4T#dgL*itMV2EHMMu_riIGiD|7QXJxHqKVJ=Ac*wPKoY=W z62NyPfG;5c_5uVz*pet)AOujFP6Ehhla4+Y&R;~1R(&cPz8bON>ku2tPk*4WuwcfF z8PmZkm@&OzMnS>W!h*sX#93G{efsnQYw!%aMKT2hP)_0iK9IFoW(3XH3EIr*X9)oq-`!lnpJs=Ofy z9a2x3$*r=do|8Kg9aYLHGmwR6UX_<7p*D|;fozU1Gl-j#=xE@W8EmF6uz^gQnkfVa zur*Amet>DCGG|2}iv_p(rl!i`k{k}@ltRRqI?iEBMD-qy8N+7s%szR84rNPh88RJZ zo55W5{c0Q1@yp_{rJroSDOD*iH82j3i-l}zbjMpvPGa>QkBbG5qFJ)X&?p(rDafLN zlVRt=E{1&__G8%U@Ye7T<@>^y#~%ql5q>uOi2Q@_D{=E-KvPSGGc^E~#eRkabbspf z-A{U)XL~biEy0-{=W&wbmDI!>i9!&dbn)WPQLiL&DsFG2oh;fKyH)=pHkqu3gy*pp z++zEjs5d;16ZMy|#lX&lCUT|-ap6I-9I<#YU6K&3#jVl`1wA@av^L#z2;_PfhGwki zl#f4n|IBxtAUKL~3^!x^Who!*muk_;@X$liMr-OLFJr{y*iHT-?JCcq)W-9{xTC?2 z15(?@>TzlVU(7fxyaH$D5Q)PcDoe*B$1u?R1qh1AsH5>DI8#l6OJY6FylO85EL;tI zx^e!88c#g>sCsLYPBg@l9|knVC>w9xDa?;s7P5 z&|oZwSBX+({AFjQ(v!pk;c_yes~_+5q={Ij665Y!ei>mA8J0^Z36D%rXs}%5HI;A* zLFvt5g&Z5OMypbpx&>A*-5)S=z^TyjrH=G8OHKrh>W>~jScS(?r+Fe{;O zaH(x}48`+(ktINs*uMW&ro;N9f^)P*tH^N@N}Oi>HUK+P{WZX6#vEe_S8=CuqUT5@ zu0bqu^TZN-dyeQV!fA03p1i|ubQVwI3&oQcpAI}69t-3d-c;O5cppzF5Y9*GdZ6^l ztLT&0z>_bZ10;VA3my>0Eea(qNp8i7Kqb__lj2QVQx9b?$Hx;qRHR-RNWB7Qe=|le zG(>A%@iH$XfVk-QZc-c6wFmGoVw-+GevmP5hv4jm@#Fr5HXHP zjTXhm>y_PZ0NS>U638UGQr6+%HLjai$@=I#FeF#ChIwELuSkM22j$fgu3>5%ya$BL zD?0)4fXr;;F?L)epo_1IMe{EJF4A^|Y6{w8+an1e))m_gf=b?3s2iZux4jp|VmTrf zDaul>8zLVeQo2NTMc@`7)tnQNV!d)j;=Ix&Wsy#BrJKBs6XWhq?$lDaHp$uUx`kNj z7MzGvJ8z~l05J&XT^{arn3CY?1$eJ+x!vW_^aO5xT)zyYkfWf@T5%{^Pih|~6-6#q zlpZRcd!>y(Nt=m6mDWpa`gyDo8<_GI1+G)zbx2r_RP{&@TY{b#XQ}i+!$6Z$!p&`p zfwU<|Wn6|-V7b~S2yZ0{u0s}gL)OZ3!Csob5Of_`IVXBKvafWqtaL(`A#5Wk@8VRj z4j>}9bcCp@(TGlT_|g#z^Y2H)MJ_NR{$==$@Kq5TBlbinANy+I1fftSCRt=qFuEu8y2YIY&0@uh~aJ@*=J7f7(+wBFfa~Z~T`?|lj z^Q%G~S-J()YJua@P~6pMd$GI*TO6%b27RC9$8!_MHyDalHLpyyWIbRP`YcOBy437+ zLF<>+=2&G3wQ{xVa#K$q@#Xm%JXM#O@vfSL6VKbjO9VX9YRNic7kaNd9{R|I@DIFY z+fJl5w`LmCcn+s^o3-u?aP5?{sbh6UMffTymkwA5oE8)h_*e(5+VFA4L)X$tChxDk ze3CcZKK^xChLLd2KKVsPSRu`;vFY&-EL-I@rf`&E{VJV(hg;5nKy&_^*ytVCE`8Tz zgq+_~E4og9r6h%6fLIv5JbqFuLv5BYIgYa^d^^rsJTZ#Pu|efM;*G^(X0aD@j+X0s zuG*5JXOHVL^&GNf8o1_*nOZJQM*wlAPO)pDz>VdF6LIj~P17Iq#JIE``X2D+k)=Ae z1w%6tZSXsuV+rFs92S9t6!83sQeZxAx~_+p@&E&bHvl>bT+Nt^tLV0m^t6bp8Fq1N z2;^UhvWB}9muevoEe+2xTXX`y^+a2BO1+NfYDavOle%pvWO{ny#nzl~opZCuAbuI0 z><6T_nmN>(9q#Fx{uj8lAC;!o4+E(ap;z}?Mh0^jS&iez>cTwu~+s_$Sd*5+oWI;i50`F19`LP^7qB7!|yT zQNj246Z|ti$UYNEwhfadke4HOAYADFCn8a=a$(}1+T3-k3sZAXhEzujQ-__8TL=P2an1O^)U({7%(Q6r)skh4{4RbZzuxEg zGt?1SIZ-j5ad9aIBBXY| z9z{ss15HcpN2nY~tKGx-up9LO`HQksvId$>Xr}vL8;t5o9&J#pR@9>gR2#K6rWLQit#m)mGK#fIu8k6X zE&CAIwe+y;r^))NumZ1Qol=B*Ib3U5!ts-g*9yXQnO1m#EUs)$83t$**VbzlF!?ppu;(QW;EXRZ7C z_jTv`_w^puzn3`Izn3`IzmIqR1+{bi`&k!Cb{{oGZ9r{s(S6jf$jGK@vcp>XBpTou z^f%dBRCY#MqkYS@_57iz+M8CCI`ulVx|`nO!Vbpob=&9m9{EDxpRw!kak`25Sk#%Q ztLVD44UFjb(chphw&ROP)R)jjH~lSIjoU%5##N8d7Xi~v}TXt>+P0__~gW z^m7#doEvr$ufr#)W7I#W&sFYuAl;z&T_3T&AEIZt@2M+Cy`0;Co%ym3i8=KkKF3ze z4zmZ*N_G|c4(I&|wX>Viadrc8KjUq)OE9RXL$&^i-sVWt@iCU&@|>&Jk@7jT#T5?v zZEu;s(|c%;Qmy)JCxPt1ZQL~)0N?e4`!UC9-mS-t9Q)hSV*}g@SLyd`!lJL(K^t8+ zrXc0xMF{tAG)BQ~<7821)GgATFyC?)aOiXJ%w9sR>v`aAdL%+&sLV%+X4k+{mCTfw#{dG2a zy>we!T{rp-H?uQuEC5bGj>t()en)Rt7PalOzOR;Ve-Qx1ZV7hufNlGSJIg}iA?qSn zzV4Soo%3sP642x3g?~Zayw3kyzsuI_M1Rs=*FU2>CJTt_dpjQI?1*3a}%=BXXh!+&f}1s z=OjDNSGG$>J~v56KD*9YZt6S^`D?dhkzGeVOQ$AZ{#rWnS@QgvyVcp!t`nZSrl_W- z+mX*V9~J#8M?Oml>^v&knb2Dt_&?v8$I@TY}6d~=WI8Y1_09X^&~oXfJ3#)qbn3 z(KYCH=pN7=)t%D4rTbWSP3O?B({Ixs)IX_zL4RIJa2fUAZpYndo`(y8G z-VXCR^EUHA^ONQm%+Bg{@fYjZH{EQvKRo>p|Jd}p3;QhrkotYoK^vM&=KjCwc!R6v zpUm|>TYUEWJnnPS=bX<)pRav>^jYoO>buYPi0=vCv%Vkre(8I|ca`5pzde43{W|>K zfkOEY`-+eaA$vj|4LK3=s^9y5SNyK~t?+O0Z}&gs|BV03{_px<_W#bmHlQh>E#RSm zV*zIZE(ClU@NGa%U_;=Jzy|`420HKb%U{09|JBy;RNz~I9|v9wbOfyn+7@&$=*gfL zg3bqB3c4EfQ&7ESi)Fv%af>sOPyY|o=?viV|6v+VTFzN6TE4dYXjyG-weGVXv7WG= zwSHjz(t5+X%C^zA$9CA(VSCl~zU_+bx@|>pOK^Meq2OnNUk-jZ_;T=f!L{}#yTX=I zw(Gf-8vni>e^~}r%Ega}E2Y%UN+HB`z>@QqWiNK|d$EhatD3Q*D~0-L{rk0ve(quZ zzqm27&Hj-6nEj0Xf?X0i8}dO2`Xb~;$g0qdp?g9PhjxU%8v1_dmC);G8V zb6HPXevIX8(kiA%?_8w3)k2}POn60FsEp;@Rv_KhA8%fPyw&ofD}e5ctle+nR@xPS zYY9{GIqX`6Jxq0^6tdeACnaexR{qi@TJ2$n!k!6xIqcmqXMMf&dsg|6KIr1F`7W$B zyeYgb{Gsq;;b+1xgnt_TZFo&YL&S~VH5vL;FiugF zBU$TGURqCId*`hwSxnYqXp9e?nvIC2Y0xy-ayC|KEA;Qpj(MIkK{^yB%i26yvY{=OGW_vdArjo z=VDusSD-xIpx4WX1R8o9wFWQ$P!4XzpR;=SVx1oIX*cdRlQR zR$Jtj6jMM7a3sMcIuGK40mtx&9e8r_lI#Yw3zB*oEwPQy%+#mr)55*=MHapH(#T}} zcBBu`mnKI>-j;gzZK;zVL8Z^pb&)rap#^=0_Mz|5ljsaOgle(DFz7If9?xm?lkJ8+ zCQrS^9<5et^jd5-_0gw?83Mx0dQBS|8m*2VW$HD`^gdejHM-|f`m7q5OW-yFV4dUYQ5EXHHq!?5|oE4M*8mMmP z2uT-gP=SaCIDocEiw$IY++fy-0vu$q4mb>IBf+pms{^+|!$E91HHgrxawq-?m6ZGg z?LdZMNAZF?WBE*_Z!CY8UYj(CSNib^tuojWs}J>s2G3XF7pWI~!}~xb)%I2z?BTpt zX&9*&c&$&$?Z%NKeU;#?^$GR$6?luU(V!f}hxYL|_!^W3(NS_3)#G*O_9yT&=y^2Z z8}t=Cpv*^6=Hhm6zm3*IA)2)oCk&f4eR$=&X!fv`^pEEUp|l;L?Ma1G1giSpxp?UnWg z#rNFfZ!)EZOfuu)CU{`zZnBIx%TSLVMSc4&Hq3U`OuON)NbYpFkm647XV59M_&cbf zhQ)^UIO{3A1sNVkiwpzHdjA=yRV&f>nfDHT8I8Yd4|d5LwxDy!FnstfH0$oaqSv6n zgpMB)8rp=$Z$Y7cGiuFW!cUBDu!g;m zuqZ!b$TwWD;!OOad`o)5qTN1N-?B6O%xErb7;#$Cd$kacZJ!N0eXV|PM5eBOXZR`S zpS&4oYFtPs#ybB#onm?x!5d>Y0bvt{hJ`hw30qNEm`TTW{u+4x4diP04Ku?$JxzUB zw;z7?9se~*Y(<7ApjkSOE+ba_-=k=Sa8_;%mkQ9ztwn%tK!E9Whww+J$gmb|LLrGP z`MHcNST;_U4lr1@9s#-u0j4*w;_p9(n~bJDMx#+?>ddX>uH4$?%q^3cTUMG|N-?)g zVs2SUZdu)OD~IG(j+9%jMW@b%C>OTiPV(RO+b7KF{U>yL;c$H)edw&hsy>pIzzV`T%Z5zYjz^%(|*0*Ug>+)FqRu!sJL7D2 z-D;i~XDE#`L5wp`j5CzP8R`~iBZ;$7ic{l^z=d>TE6^HLhlY+XO*)E(7StkBcoOUW z85t|pLoeMhs3bWHWeJ{k=(TuFGxYXM*IS?)qW830_1^Rw2T!Zs)AfY|TqzdAhe)=l z^RBkL?n=tZ&Apo2E1rSkACU#c#C&FC{hsfK0$;z;^kKceXg7E?dG|ec7%&jq9d;(c zpm9D!o%1eSNGCR6j%QZyI~Md=iDb2%3E1gMz{k#PT_k2}*b5|E2Z`CbNX*u-=dTfu z&TRcFNz`AZ*!9k+Tu3K|e?f7#R5x|^-4w^MZi->pZt8zL7W(&;`!esppz^z`n^{Ok zKo_5-Hoa?V5g=nZISgCmGMS7MhXGD6ClB=G5&KKo*!5AMn;uTLe8kKm$t$e!& z^$YpeLppmVcM)V=iFOtaK;4TM45u)6>xbctgX^9xT{48`X}6ShxtU)o>)me}iFYif znLI?!74^;8=APA%^}qO7Z+(|HC)1fz)Fvp!2|z3iMP)KpE+a+D$twCenIHp*j59Ob z^B2Rglp`m*DR>1@CNCJVi;MzNv#gAl5fvsNoev6RVce*X7+_rP9|oh>Z^M8Di82v%ajR zdt*YBOb~Q#PJbAH3uNz(3c?*A1BXeVB%MqrupR<|L#1Mhz%n?kN{i~)cJ>p zld(7et>(5MOOWNZaH9K{-R6Nk^XJaJZSLIIxz@k|0|yT9z#e$ufB^%-W5WmBHu<(t zjb`rX+rq>3=(hYI%M?&kr%*L_H43s&GLg6~Uvm2Qb*ZkMqr2p3)us{qnsYN+hpao6 zwPMSNeVYq6Hs^+#rk!|q%Hys2J59O!juq~Cw=m(o+_C0y%gtG}ty#4bH0kxZCSOhJ z`|*3+;KQa|`Lc#S9f8%)Bynk;051#)Stf62 zHiOlWfjjsPTQ3@wF5#_spGcn)aG+;au-r z>YGJVUAV6$cZGNEbS^c+6VkLdF?&R9j&uh(-PHX#E{hV+9zAfN2tmT#XWW5_~lJG}gk56ut-{kFtkG=-p zBA(uIA?f71`jCbPjZ)AM)2Qmu^z#>zPHfHHw>p2hS&X_5}pP$aC)9HMDeRVny z1I2WHypJ{{&d=93qK`)Fmtwd3`vm|N8>i!IKnkERCB!Zw z_K<*-kbvz!%St0qW?0{~{L({s`^%JdTTk|j$Qro`H#{p*)%mlOvE zk!WOnwAv7hW$AQlNPyK6q=rb-M$u5C0|K%&sjH9_S4c=eKtM=}o$v>aGEcWctO0{Z zfgU?}R8A(vKyO5YN$eJo0>%K~j17q^!S2d?k#z-fO<@}dSch8B9`q-)U()wH zK@YC0r(4780b5XycB1>x24p2i&h3F~Z2{HQ44qIwT||rL-_!)FFlOeL@No zCX6nOACrB@lsl#r#uGT;ASx~{o*6Q`xVRb>7sgkk!uWeeRRVuXN=S-!c40i(CBGc5 z&VBd9b;lHKVLbSQ20J9ow6N>J(^XYfl~q;ssHzFl+=OZ#wJm+ri24rp`23k{Z zZ*M;+B)(o=aRC8(e}8|SzkfhNa)PL)B!Nm6K>}%>gCylZOL&!1P%4ysq~M|UfH(c* z^73-N+@susFISX%K)0$KdRM&S?tr`Ro-kfD>F&GlR%<-8+PlknomLYNp!NU;4+US& z^B(aaBy=i8V!1~=9}ke9CjLKHr~)#%APJN2$t5WvG-Xv{m8w$-y{i%vdsoQ?UZGa= z0!vbOr%t)o z9PDk?Pb0X|Wa!t=?CCjmf!W~YX<{I}xeNMP4TiNdNiZO9fIz(ao0$a=oPp%m0x{dx zA!b2;vw;aVTMZ0Bi9g2WF=??zN~?$^ny;)3u9i3zSqW0iN+hnY`ouyuIV0 z_?tYvyga=;LB)gH96u!92b7-(yobaO88Re3+FhA@yDNWVRFp9)GLk?e#V8@l7#R>H zBGf067?B=@d($Muvuu34g;*}N7sZ3=Jlkt0dKlnt`gg@06pAN*9fr$y2POJ~Z4^61 zHbbb*X0X9!G?`eP$p{LFwqQe!!44`^1hyOlWRXFm?xr+a>8MlcQ1?-HuB2+!ebs&X z^i}J$-IPwR*XhZcGIePCYW1B;+h5zaZ-1>IuKtDd(c$5II9!5KNxH7k$pm*8eLr4x2`W( z_vuRlgpkY-TtHf&%7Gwc^T4!$X-fvCIS@f4M+*Yav_P{eA~4LXqBvpgHg(`Ww?(QT zQN3NaO4V9Kegbn8UVoyV^f>)?VGUhdSp(SoHBc7!!7J3#hT4F&4PKCKl5U6VK4i04 zY`k1$v>BsKHX~S8&^9AQjkQL#%SfJpS&dGHT9dlPL_D{ty;@D`R*H*Awr8u_tH`*1 z{Y;~=9+<7h?Td|a)%qpI44ZMWkp{RM;3kuLvorKgK+^#1`dUQdvl+=r zeFcAcg0>y`V851H*;bGwk#)SCzi15h%{i7li zz+oH!2-MfbEiEmPEyOpnCEl1230P!H-^iB8ECamC<|P>W$M=m`;Jsj7RCHuQOw59o zgvi*KXoDdtaviWm))G-76Gr@A(G2GWt?&h;R*8=b%eJ&1~Oy3DaRNQQ;VBmqCMiGqdnkF z;h~1cls2b8i;nV`=t16iaUzJG=rM8PL=RUL>r@Jxoj*MN`4&S?Yg76i0fs_z)6@}b zLW?Hsn!dcnkexLuw6QKbB(A|WT!^$^cr^3mRP^8ilHkIhRP|y>jGAtwk>LsT{BoJ-_sc2kO+EW1eP{2sEfV%rR!&KrBD0j(S zOjbYKcOpRsPR4zy0lcpZ55#zQAR$rmJuFy?spBXC_aBP!z@fAh56r;8u9(_i^rwd4 zOBC(7@gY*M77|()-}LAHhpLR56>^ zb)>!R5gJ$3k@f=CMC;~ESymqyr<=13TwslOy)N9)(NrBRfOY)RFz!$%X9yl|9x&eW z7o;%rDIIAik5q-9y~|olICmePyg~=AUA4+2&&#TvrxxBna6Vo0)Lcf>e$7D?15^NqY<*$xqs|)J0Qa8%6Cj9K!T_lR* zsh8Hu7MN2XO?^#i$O);I((71O&-qUwY4YMzj)SErsERs!f@=|`h$$_I%sCplZII8X8!F*9^WE>5Qr0K{2xEFo})||Zxx0amZX(l&1 z-b3qw6)LO%$isUn#%>C>4IdF4V~mN8wg-odNKOt7i5US-V;{hvt*z3pHxfM}1TMlx z>}X?52;d>>O*>8NjY%Q*X?L4;0~SK84AXAyJZ+^Ow4qENV@!@tvbR(kOyD+!hJ}n6 z8515}X;=^95#eE4ZD>dx(yvFx5lJB-?Z~v)NN@<8gdaj;F-DJ!F?#BN91WB;NDpQ$ zGOQs|`ZaE5Erq+0N$&;BAQa-MOO8nb=p>K;a9FBqLc%hj#9}ezmzP^CFzmAh4jeRS z;Glt^ES9^0bO$ixTP*j0G7YCN>z?vKS%f+upV(S+83#Qp9(s)mt(Gk6LWfb%>tP)3 z0liigWN?I}Yy?27s)5d(TBW*O8dD4dGi+E`8mQDXNtsB?8si*Z*h1`dzGyCm_0m_$ z4Q^j5*CRuyAvAlWsO|uB#~sf0I24JC1Bx(3R9KiI3@)C`i;})9(859$;}j%iQ6dN% zr+@*VVs1KQM`=ZQ`AP(4AsNY#h1<@**bJbS{} zkc0`n4o`?l9zJq(UP$_w5W}bt!yVI?*JXUVKR4lxz6Z_OM_!$|!Wc8?bawNWU9~UW zL7ArglA^$OCHT{?V36&ZKh|4$!k}_xq&l{Azs7fnLfglBbP#KITM%H zRsDVc_?BhS1l|G8QR(C0KEe)fj+uI=oeaiW`!0qU#e`1{ zNf=|lvS-A#^Ml4+3`vykMh*fr`C}j}03T8FV@T5*9*@5FRKZ9ZoC@wQyCrf79+eJZ znE*LQk?1A(bth$1C-UNy7>bbFdW?l^qS!>ZQmGGpnwL(o;=dO0Q?7l8YF^# zUIm0!KrH_tKZ{HI>+kWi==1ft`dqL9MiRu|KLE5py+j3`S%kqbz|Yb@-_K&qlJsyF z23nsxFpK#2&nGr%L7*)ZRR{s`bow-Ap$SGLOHE6cE{%`v)ho6aX?;yIOiS-JJ%~(& zpk@_PwX_+T$j?2%iVm+LhungSj);tmh$O9O-lFjb(R6Yu>vXCXH9%MAAhg)fu~vB} zk;#dqIIS*8uhVEWQz|PflQfk{Ixw2bUX{AUUcD+cy?S}{x+nOad+wg7oeZxXy+N0h zWHjDWsWBN1!NGc6FW}boiUvuIF6o|1orcWAB#NNdJ>Yqd<{n~cWNBtusvyfW%QBoM z)gPcDO_m``RVU9gCx8ne7{#DP-#0zt=Q*!D~)Q&XSfcU(|KRo00^iaD=?>j8hq&M?kyce-E34w0YxJxrGKf{~~IzQDs zTurR};hOx}=KOR}cMy;c#Mx$`@DT|qX;G15#zhTFNluQAiWxU(P}ZW|OE z6BQNJw15BpaWVVHfj_{kl$c>DF$bR7KOpA#(@*b@dHU&TPgnajHa4vrHmJ{l=$%cL z#-`X_F%$1hiHmF6pAr)v*UQf@HfHbsaRXvvj%_8ufP75Muwf~84(qkQ58z}b;UHZ1 zyXF-R!1XkW-;eGb7Sn4`%7B<&6er9neb}ebZr8$V7v+~CssPb~q9Ce30zz$)N+3Yt zRGtL*B#SCQw3JR|CVAr9Q53zzQz7~sbO;A%%O<;uY7S+a}jez+QtM5kDOvTKZ1v4yBK@mQ) zW(qTB`uY2&r&|I7X4V8+d;`&|r(81qwvq>pWwk zrpt*F8&Qw|41+Dcf;P$$0Z?=jiS=j$w3){svqe4mN!lMGos=yA>&d3rHW*lJL=o-K z)b53AA8MEM9=Hx5==DTFN(??eK6)P?MOoHqnA2!QI`xZ@CyUEOVOJ=hJM_rkpoM*t*Y)) z*s2|dC#hwt8a5R|8T9ejS-Ok4x3R)M!ulF?L*1W$6jfpKqLwaP7_|_t@Q8@;h;UF* z)1nsM6$J?<)nkUZnQ7sA6h-bEEYzh}qX^|&ZBv%lRAjww)70rIGMBYy1Q;wA8gKv0 zgnstahVV~~&&BQVsr|Z6w<5Ry-|9YU9r^iFVca&u>`c97q|gWM3U02SJ>7R+#wsQE z^f>vWfL`?qJ<9k#$cU%`1EQl6!C@Q-2n4re!-fq}8;Ebzh6H0`6kt&s`bBMs8n)O7&$=qnI3S^4 z&ij6TEqodXXU(|9UON63`s4*eYxFG=?jg8HX8yZ2;KVW%o zK#9hv0g3&hC`K5_0<5?+0&RhbZm|$>2vR6BGe_l};uE6NtRZZZ!Q9aB>d6%g>=9`; zk2Rr|Q-?ksvN9n$KFvBz(Bx#!Xdk@S5D?zbK4Mk4y)R+$_%?Hy?ewaI=+=r8;Ad%T z_=H;?4&or7-Ik^Ma7eTI+X-=C0cTmw;KjVkC?6>B&^3cg0mdZA7gL%-qM2O2)XOAa z3m0Lr3xu*krIj}VrBS33lH`>27Kp8t=c{CbMv*7z`Dt+Fstk%;upv-+sGtBFLXtx) zc|ssC8DuIw;f2e@o5=1W668QIN??Vo0z=qHWMZOJltycjt18kc^4?^zLoWgN*?hz+ui2wQr6K8)?q*D##c~{4=OMY7AB5$Br2@cI;TZ8iit<6ep=5 z0`#1m!--Xx#|GtmWxTZD6@PCcsNN!ozZcYQsR4ePw!iQ;@g@tJW>fFg;wGsGaaAHF z94E%8)E-)$R%^A!>-09OK@X$k+_`h-YUk?b>a}y@=IS8{bG31C>bS}F$&)ADt-E*f z=EC@TG6<0+?j#Y!fqSxcGND?;PDE1g?3BJay+NlC z5Jv3e1F%WkHu9G zmQCZQd^xQ=J0Pj}!0zG^elrW+8?)lwEy?F!e|+EC$AI`;(JOv4r@VjRg?Cy5hWd>N zAYiCpqB(%)Jq6xq3{sf|legd{+$N+6-a?QHD1o5Kw5|`3B0NP$kzF z3dGD%8Kw(*5RZhQ!UeN1QwS^+47`bYn|uX7n$|RBkjh{17r?7pj4A+Jeu7*t*OT-v zrYTJmNVGmei;6eR5saP5m6GQpNGUZ2s?rI@Yf0JyRifuoK~Idzu#|+Rmz)xjKuABY zClXZHM*#6iz(}Nkx_LQ63=K-QTC#>)ZPwu7Nl790;NiWK?7>#6btQD)h#ns7yZ~$m zLPGEnx=&>-3MST_hft-N{MvOnszyl(wkAMoQMo-NczAYb=yJjq78*kKEVPo)5`u%< z&^j7!aBy}s_y&{T?2tb)cK(KE8(h0k>{^r^9G#R998Iy{p;VTj57G1Wa9%)eW(&nPAHg-Tfw^OfAfP z^jzphzkxPDD8)u8clix`qlwT#9xsx#z+kdoi>9ErljC=kW2|IKy9-~Run(k5#GpmMDbC(i8x<5t7jvhC59LX#of=9a1H0Um61>wn5iF&Bk zg{d=%Oqq&uREStISr_x5TMtCb!>(4VR1{N-1a*o^r6QY%U6wMGa8OJo5>)+6CX>-f zXCg$)81CHIWi*Kd6Dt-YKG?_DE7TNX59wv>6&o8G5|)w@9@YyS#=d}rgoG@B4q;d$ z@eON?HTDVvEUYm(tTAlpe9w9F=2i4Ero<+P&hwqOCOjgnS7hY8#$I7jkrAGr;bCil zFRYr#5}`06YK-k=Y>WlR+O_M~Hm(H)o#3^|yAky=hNbjM4x<=hm{Br|s4=rPBeIj| zu5nb&T1q}8T*?ig=Tk_>R8Sb{I<`V960|r8Q&ZHBXbdKaT%e2kPrAFP-<{(|7mh9j z60t^)3o}?HhN6B`CQ6*xSWGd(XDkLpa>Fax%iG)A)7zW$V|;@8P?eaJ-6tg{33ML< zLW$kGcT#V%U#w43N}r@DeWvF0Nlp=UN{S0hPEJY6nVJl~Q;8KD8|(b0rdB#%DCkRih7XaerMKK=-!Z|)~*(>SPBl|$Sq9~VeR$P5z>Wb|fldtZ&?~b+gi;AZGWm=G*4}ams7hV{Y9RJrx z)~_9ERc8dLhX$x84_9X>)d9l^BH?`!B^5?MI^?657oE))Ew4D|?7o+`Nbv5m_aZzT zb#a3lrcgkKkj`R=mORBds{tKJ(Q=KAai?Aqyc+QVfyM}nDJU=~!U!W|OOQ1o!DfvB z2Mn-mRv7J6tXZ?hx`y~#*Mu7*tbke9#97x^Q_Fql%$YMg!k7>qXPFZ;XSprd8ezB3 zSrcJ}caX2I&AJ@;tn-O15wa3dV|auS>I%G@R@SXtvl0~j@3H?H6k)U`M8sJsMi^|t zAr_~Gk=Kk6OYp29&>@x}$+lU7LEGphYVaEa*G$XM5X%VQu#ORR@E8|1$~q=!)`(HW ze+0GR?O=v1@>VFie)d4NL3(;Z|JZZtJgN%k%_%OPS6r+qhOXE>lcta!*}QS{inHcz zMf2_gHQ_F*imMS&w!*7)UhoXtY{B9{g1s3DmfEh@1i=E-;5@-TO|a()!MTEcju4zr zD8XY0Vp%9ymLb7fDg?9PwuJ&QO9-?t79=M%b_z+5A#5nHf&oN{4D#BERK(Gq-EpCDY`LC zO)F>W0HUW3hyx$W*R_#UaIfUTZQ$vL9t~g4*ezlpMsgYtydeD4>f1TZEj~o+jXS?Y zi;ljGBFn4|-g8N}u6b2@zmZn{^QW%teIV1&>{pr5zcyHjM}IbZ z|H{(Z+|*%{zIs#lwXQx~7`}DG_`SBw+Vp*Y9;Nw+KjCP3>Zx(7N5{r4n*3HHf4e+n z#xPxZ4L_xUZ-0ZPV{1$wl^s&HNj2icX-G;4^hO@7F%yRKmbB9mbFlxECjKuk#SGaV zp7ttltx2`5896!&?#*7U&^2wc1h3*7)(trP8euNO@)SoM;ZEoLJN?d2I9Ka`vBqr2 z;YUauAZg!wiob;I!RwuoDhsyk3n8@#thw{8PGn~cq?G7QtL`gGm87I5Ya-g{SSQ`o@5wM0TL=C)L<$d~$YE88CI3LyQJM|+;LL4* ze`uKX-2H7?#vMnV&q!&yzhQ)N$79cD$oh?|5NzddweDXz?4fG=$OUhB>OLQL)?WA8 z#HsB8kw>}4zF%aI9b6ar6!%EqFD7+{&qMge2EunamugV0Nyog>PXfcem|OKDE)IvP_WJQ zI)LGIuFYc3H-WZUOw}>-y=^h^qwPa7x34;7d5jyo>izl}RZgGhGB$8y z>n;F3fW-GfbnPh9IlVO{D`Q$_M(xEAJx;349C7I!A@-@ufIP?&Jj+hXS2Y^!gyW-- zk48XpYFk#1Y7~(nATZJ}*2i{xX5(o4$kWEdD<&N_*lX*=a5JUbdV$)To?ZQVvIWnr-7xxt`h8#!V`t%pfSWCSN|x9Ly^?yCC;g zaWLu>9=|w;=*wHaD(J|x&+N+}18dT8hDC$N2c3(A@s(RFhfOM2t;sSH< z%&@ZAv%_Z3_MaVQ4}l>YS;q*wGi>&-ux%)8JgAA|shVAb!pMKE!BULwP;Rh{s2;sX zI21XyI$1WXA++PbXzqgPVCqiRER+V1J%EcmE{1fhZQ-8OA9ifQy$Q=1Jc+;1F{0YH zCdY7b=z-C)gocQ>t4Hop=3B-bz?&VWmzjN2WQhz3Q=X$gNUS*Hl%Xe(5J67%uObKi zQ!E>)U1k{4cXeth1lG9{HrvsK5b4U!7kjj8(Ju5S(7TYKBfR;tvrl%k`BiJrUy1gp@^UM3d*v6+ z>P3;+C3*Sfz2bTm&dw{G23T?LqS<3d<;09BziUQi(a_?I8D+C$=7|jXRlV-5Oo*K} zy@vw@x+*e>oSc+I?8H6^aZFr18FBVzoU_cy3B8&4#Q5HTB*w+XGjRzC$w`TfCGOV( z{!ggN@`~Iti-oBuEvfiD;`@WC+uknn_Rg-HmOnecciiBT;?k1J*?B`|SCkdzmlOXt zisZNNzwf;v!%iG{ee$&fgBUdzJ9}=PBpoZ+{khobc~z35P_oBr@09{hx;HL1&n5J< zWKSeQQl2Ak(dLf3gyKM`w4_|5%PxpEX1LhA!eY^(kcdn{7om#6QjyH3N`d=!ONk^e zOqAsROahgXt?VNahmaeUIF*Ye;%Z3qY>B9nOKINRCHlOQX(C;_QxclpEqRi>PC61% zmE&H2AG!DX!_4oe{;m37oOb#%j^LJet?&oKa9*KYD(H;91WNmDfCxZh@2x09UAgyP;l+ZUoFGY%0}J?{ zyD91e;^p1Nzj2AXv))R4Zg=s2{wDEx-NX-|-z2`EySU-Eh*!pU7q|Z=@r3T;gMO2E zVt4U}f0KA}ck#dc>*AccqAYiIc~QxXdn+po^SlPnn?8JMVL{H=oV&7T=FY6lnHx82 z-YBDsX$AyamRnI+GMi0G?4u~3KYQA}g?Xm5JClm;x;G{`|kL{=NQRMOo+T@Yd>= z+yD5)!w|ihIjT zD$AzP4!^TfxjICgIo9$lVK#7RHGA<0g^6cW!=JIcYGV z>-)d(nE0ucg++NID~q{5_>;;lDv~kmANWam+&i84-#a@OUQ+TubfJ<}6jl`FEB?^g zsU|Ob$}$o%l>bAgRZgFLx$uWhq=qI^q>jifRsNw9>yei~J-4!`B8zlQRDbBCn%t8b zJ1c+wyppm!k3V#4>Mw@aZ+2zz)cmr3(hcO~R#fDd%~t=RbKCw)Nq6SH<`13w=Dfo4 zX(jMl@0UAcMtMI-cyW2Z^1=oAT85GR=U?%NSHU=7T3KN!8F%Ua&`*~uD6A;g|LPi9g{mZKktsIGxMiajL5IZ zjV;g5Et^&_h7MYWjk#l_=N~$g__>AUV=8hh^1c4h$y8Mq(o~WR_5MSrR9#NW!x&l! zvhvJ-=(Kv0&TA1=k$&X`CG*BsR+N+#<`(&2B>Us0**7n@ykKfcZdso5t(uWrHfwA_ zesR9JMe}+xzbQ%1*1YD$e2Kn7Osuw4UMMe-=gYYY zjGkJ@R(PSGHnL?wQWEf2kFyninn%kO+Y2#%_I_o#kJIPi3ARjf_}~qP*;41$HuTMR zY>|@`t3~Xdl~vq`fyzJ zeY&|`-NSh4nI40F`O_ZBuO94~{A!Qn*LL(w{-8(l*@t>2f7b(9( z1Y7FkA-`~fEzoiD7k5BGkjo#hVe@?+m+!yA=J{NaH(q0NeH486r^avWF<1DFKlMo7 zbhJnEzIS^dn*u+Y?!A1P{=>fN<;n8hi8B7ttwu(!VEFsqVpD>;g&{24(o@jF+Mdbl zdMs?hx}Gwe6V~_iFjdNBbGYZHV`2S^%A0+8`PL*PJn^%Fq*%EBD4WnN#lF2Zl!yJL z)V8-`A zb4R$BxJ%sk+!on#`8N5Z@-y;}-)RB= z|E>Pb_y643Y17MpEskH=|IsHQq4WKp*e99n|BH+3^WXRX@1aQjHFe+rn*n8kcy`}k zN4d?;-6A<9g|jQ9el3}8?NI`m`ny-wyJjRj`Ww0&|GZ_FL#g_xSoUEaWFOx+G7a4uk}DxDnBdcKFPyPv;QBHFCJs({ScZ(!FtW3(G5WiwYOeeR71?J>_HpK=bIfvA zSs{!ib9&tEL&XL!U6fw!@eum}8h)IsL-nYt8g+2bai`Gne?8iX{AIy%eu3A0C~G^n z@ENoWarL-}9%gwG>6_5&XdlY@5q*zdK#w4kehXsiaajv`8--nmd<IdK`_qg4Q86^f5F_ zHcO@V;uKg=ddsnZHQM{p@N(xjJ9YRA^dUm()tG_7B+FnHam;GON!c-YxFuL?o|4$R z4^x>GIb<)&>D&L#395a_CJ)Sy8)X{fJrSw&imClWlj(ixy#{3&#`)fd#N#^e)<+Z! z%xXpr=$=fIK7Kb6qGpG!MjgoPfM;tL;VtYy(uD1)m z>J0x8qpDE|8=5^zhP&NE`f%50M{TGE%|+^6$h}B>GjP7+mUa1-wI9kY=OBBEXh}~W zPQE_okb{Q{s1ETzg9+~OytD0FpI<0?8RAy?UnqLmV#UFnOs?PsrOHFC(UKpfnmoO{ z%|5<<{sDnO?y-HgdCD7fKU>$vC8Ka!#lO(D`1PDd8pN-p(t!pXU{M^3XXE4IxcK<| zJ}3bv6re=Zn@jH7r;kTUUf*f)@qLpLr{~6@z8rDzeWxY%&dci?C*?xZX<|twI*W3r<`)e>(CLGR z%KU;xZqS{ECQcqmH-JM&lBI}fkQ;upL2k_KEq#;z#&V>?LZ_+jEhvNp&nU|+)=H}o z^Yg1J$bNQ?tYUlRmF3Q(H$OGMVqSj!>{43R+5G%`MgHvEsYUsD^8C4kT}#FC^7HPU zO5TFyvgx@+<@qwY2}VA>un6+UcSe3mVQH+Cb9CdDbGnI}QC65In^9I$St__vgbVXj zG-FFkiXf@HGm~XBd*u|Cb4B^nD|iCP1Jj6wp|qsDkhJDZG_l%RX_N~YaQGlwgNt|UkDM?RahDn&BLqWm%ig;VFtOLHN2%6aEqs>*Wn3Mk`~pl&FnuN6GX^T|g_VnC|$eAiP~mKQ)( zp@p9#YiTM1rWKY=E6N8#;evcsc`<}tK+A-@d`=~B%gQU}7v;<7#tN#;H9pRf`gyZLGX z4SiTR0n`Ek=lNv+f(z*FHSAIFSpIBocE zZtuIc_R7vyQaAYoc0M|4RKuZ3cect>o7CBqxawP%AYSYmM8b#I`5tn;f>7T-@+&3* z?nBYzE9O?O9h5!!WwCJb&c^Ik2H%9-^EgdAaz! zUA|_Q#7!wtpIf@&U;h&7pNzVvFQJ(KH$Py)|6&q_m~^B;@h z=FeyTV?p0)t2XmT+;sb&D{MXOmHp4<=`FUnGQY5;^gkB4d&5+G`BW5XnDkwm$Xm|P zxr_d@??=6fXn-@~F=T6A9*w$uXl{9hbJG2$&*&LUU+Vox(|y9jJzn3 zqJ6wCjHR8@ z42DZ*WK~SBNw%jMtxw`aM*B3w4JPf#S4^(hwXb6S!F21{XEDrQnbEZ8x{pbLntPm) z1v0ku`4)yxLregJKzzRd6A!)0i%d{&f26*P4gji{&`CBw6bHSGl?V@Jw0_9ulQ5Ck z9KL|crTt*wG7c%liZT}YGE53e9|7afi8zCdiW*rQ#7q%Kq30N( zAM=QFIGI+J?_k(ZS;b|RS&X=|tmoiZWkmI>DkLjBEzWZAP}DicO4SA;b7F z%-zgz(nsIOaDGfG>0P%mOb`RbSFrXyMka>{ zp_9EI$=eyj;@%7%iox9=4JRiIiDdN^bx5he*JNZgnN3Cx>EdXTOu~mVidK|9$u^_x z8zg&*6vrhD8pJTqF#H7Q*D!K9!W$VT4NaS5BLnTvxe>uI{5-~R3CKFh*2<2e!^8U! zNN(8F?!nPUas5GSzh4lU7w& zgOeuN?$k0&JjVrM_0zaldHz$F&!eNV31b+=I+FD-GTMU-yB-ox$6`k?hK#VunXSm{ z?sS$t%HY2Vv5&RMQ7NH**RT#EUFI32sgIHXS;FjkJOe5nRcL%f?nE4Co zFDkAxOd=^(TAR$o)bmhurcAPB!{|B_G4)6>gNdAE8zM`F@pd4~6f?}<z{#&jD-tzxd?9wyM--zh5<$H%$5?b0Ht-(07*InRG%$Mt-`8oNy5`*Y7n!EsY0 z|A{@H`owl(--8rnw>|y_n6;L{hQ}M#{Z}5e{upn z|0lWkf6ssXUDR)^|Mpv+|LCfpuJa!Ydal$kL=n{+Jy#&;If=H)ttw*aOhj(8TUAtK zN+AvDx%pA7mHhwQb4$U`l>BeeQt;CGlJdQ7EroWmB(%EcHcjW8n4IWV)pfZNajaYG zse4Six0l`P|L39oof-6dsQ=XWA6<|5?5ck4{KurEo4@}^{_pvZzl-`!TMn9E6z19KA=nEQO5**2EZ%1_R>>z+^BQJiP!Ag|HGE5Nj}jH#SgTmNf_lgSV#{ ztBfXW4lgvCc0XOShBW4)=H3b!6ZH@B>`$hd_qEe@1(fi0Fn~L`>{}q zW&X!1^_RViN@hTMg&pWW57;uUnuplnIy?Bw~NJ{-0rubi-e}H#bXPDzq@apZYiZf93z_@n2$m0-gU!`tSEYzl-{9^?(02 z|I6q9E`pF|2zKs zUDR*=3g`;MF)F04zcP~70tw=6* z`Y026#{xNKYJ9w=h$hPEBTJ4=j*U~4l*f{(C0TB9UUHI&N|#m6CR?kWjA~clBow*y z&C2wm%JKpwNK0J0q}Zg`xR|~PG4%fuh0{8>XRDzgCZ;4O#q~*!k56V5q>xXWUM|`B zaOvjWR{5*G3+Y%j`#v665)|BEeJG(3@vf54Q$%CQ(WN9SSL7}ir8piqxu zL$nWoQ?F(PHXMF)fRs{72YZ)>But^!iI1L^2o5`y z6Z4R86K26E36q7`tcw#XoQO;!vK|;pqK07apgSQ5xP7(v1*A!1#UHej_&w-zQ;KqO zlGTFf2al>tO?U^51s**-6PXGE;qK>jdlb#%d0$WLEb_;q8I7oXkfs_JS&)5%X0y&+S>%F(8_#xER(4o!t5Zt7i~p%y@P_R591&!l-+kwrOc78tF`jA1f>7l zKwoR+;-RP~NJZYL7aa*kn>Epp7;gx6Ex)Ac4L*8f8u8N`ZG;j`x%H4C3V6t!N=9{O z-b2Z!wUv_P9QC9195Puh)p+cz{>`WfRiji|YiE#$@2Tc-UvF)2njgsxw?^nC{2;bw z&C8lc=BXXVs(B5X_v^uCzl$UB~NcP8>}ZW3F4(y zY1v?zLSO?}y?Ad>HQ-?>Mv?G0W2v-;M2Un82#>{of{>vQj)jc&5ZhK# zk;O#3gT?{RIIu($if?1ZOeQy~h16owIKz!YB@`QQIn+;1suD6%4@n9IRs~Hy3q|rx z>@$QlR-+-Tp6zeIM%loHGN?ymm00OP&aV)ZN@&bHcr}400eb*<{}93j!Vf~~ekN70 z@&e+=DnJD87AurIlo~lt8VH3+ffe9S&0QWOBa~Q1+B@t8&p+S-mU+o8V9txXDKp$M z3gU2ctw;1p%Mw^0b%+NibG~gv4k(gXBC&!Bp4TjrJ!#(BJqT|>_&jMcus4JV=B7B^ zil@L<={&+ZoG+7Fx|-kKs#$t&=@`UzkJ_1gPSuRYR3qjvf=3ln`6#*{`8|i9 zLh$4tLkG}fXg@ik!9Cw2@m%b8yO!L5iar(@sRv!(y?Hnjg44O)Qg^zVM&8ZVVP9-x z4QwE^h8B1ivrAZxzN6)AHtWkCKpRl7F^IK#u!^Om5iz>rl(QvvP^8z)qutniuwPf$Vu&e8g1>nhHJyD zj#L~^l85kmC;doxMMqv7d-2)Yyiq)j!5DFbk8blm;1d(7o-MR!U%XUMd zmjjInmO*==euie-GBrkq18F*k_bNUj(vw~St9z10rLED-b zlFMPD7!G z#CoYc*sy=GEwRzSHLUBYLWl+_T#iyXYD*WTi}6yIG=wCbM0kX>D-Q$}eeQr5A#Yfb zm%4c>!--*lQi|O*NB3G*lMYO9kAG;bsorGbj;L*XC zt8jPr_DIonE8>tA8A-K<_}#V>|BKlNHFPh6X9o=+jBlmR3(F4gftBT&vh0Vm>>KOs zEu+E#ZyJ@+RA)b&TLgG}RtVrtSs{ki03&Q!dCdY8#t9QPkdk-jggXI>r4R}sDT{l- zhb28d(*5J;xE<0+2li|`8odi?!fe>6N)w>dD3cj$5S|G4od%5n7RTrYJWkJHzl3ge z3|!Fn3I{uzwP<)Y;`gZZT^}Dyg`|=~Qs@5oOqk3^kmm=N##LY3-`2DkK~WP6HR+sU zZ_=ClpR~Yo?2|2XFZH2p17badU>e!l<4L5yA51)A?-Yn*h~5S>=TPAXN6LH4_?o#o@7mSig)p5uLSf)eA zW2Pg{gJm2#4~h{Vo?{$9LyQGHfF?)G6f*@pa-`}g4T)kMaU=kp2gh_w(P8As(P5_t z32zEv)^T#=fB;C86eE#Ccn(O$;|`sf#71c_I+KgJMf5Rr3GJ89CZikLh+N9Dw~*$; zP8yLOO`QveM&!3b)VHbt7t6Prwu$F73X zwNlZk9P!mB&JJRi8`MhD*oz?4n?Y?=>QqtmW88>rB;TMxP zOx`em+_+E1-RbsLrL|F1u7tWfSXL_9?#!Ljmz~lzD18@-&V)e%9UjwRZ%?z- zuR^R@;rT!6f~E0~ zqPi|KVHv)H-~aq|(Icq0%5*2=0XgX;nF*#}SH9|Yp!pBht+4ukrdwCO?e@N!QRWxo zxp@8seLZ1b9_&vghNje7{a>V^fb6zQ((S-Nf=qi!nhq)4T%=b)Fa@0~7q~c1PWytS z9xCYMxl_?;Bgu!VCe)6a*+I9gWKg`T@jzKWc&E?B<5?JeZo;>Vg56?_FsGh*-2joN{a?c7!PHW^lHd(+YFs=GLaW5bydx@3#Ju| zy26V}K`-k$9O2U|z*F5Ph7CycGj zN^PVh=X8*YHL|P^dz)5&>k5~N1Mn}VhBho7?5}j5wXVK%9{#29SSLc1TNM`jb(Cts zx9r$ax>Q|p1{OP}=gEXnw|SKRN#iIL1UKfM3c{xUkG-n_j-$Ho_ukvx+q={0?sO79 zVat|I5;h>j?(N>)o-r6-tNWM;~KKiOJXDfop}uj`)yTktb&|QyX4+vH8Q@+`9X6_g-HxWKa2jJH+4c`TCd@yTOQy^l?9 z(NFttqyL~S9IeMD5JD`<(o#4BZ?YdXR5(f7sJCW29Z?{*FnP=TSx6@&Sh8ka8c}Q( zVp0l&y(Cds`WCZUs}BFA$?`JM?wS^oFJoiudC7UmyAQ6=si+oz1u;<UXm&IDtSvb+&kCqQmBB0Xm+XOUeKYAK5;a0W~0?5s`L^JDB`y|a&YuCAcf;exA! z!%;@`G=7;7F8mMKB#4I7CN&Pxe4|OIGim z2k0!(vt@ub%a5u2E_flIU5p)h5#gp`gnx(*qc@PSnbs&%>3f;RR%Dh3FspM^AoT zt0Q>LeMeAZB~o-)k%-lF7lCEqMVsBb>$kAB694zlVJ3>u?nR9QmDBi_?>OsjuK9(#>6p zyV+COJY|%VX@Teq1jtOPI#Un4-rt@-&HpQARth#TlX+;2lIIaWj^YQ=G91C3u>Mj) zJ;B!FMKCkh;cJfISJAkWP1VSQxHUD2k0LJ<=lcA_)8b*R&l}WPj$Es<2Kd&1zEU_1 zY3Lf5qg#Qcf$W=0PS=$9HjHL$($o->>kz}tOaGsfgZm08d6FaKmp)r==Aczw7- z_1)i{{LxeevQ=DEwrXQn4waF zt=y}K@e($pmC(fZ~~ib1Wawz z*bi1gc3cnl(BKuQK~poNt2I(!UbOFNJP<0iEZzCkKvc5SR4dJM2)Exmj#$%Gk8=5D zS8y$)D@nQZFyem8fUbV}2THpH%F-QWFP545ss1~P&%Z({C+>+@3yc86TwsD9v#;1U zx|UO6keBtIIwrs|HK=T@&k2U;giK#qG`MEEw^4e%Y;LXcn$R9@Y^0M6Y`irSG=+Sm z!NH zP$kb>4Y$x5SWd-*WHDY$5>VF*1DC?tCurNc`z|E!Fkdufsih(pKPOugCw%-Ty!9AxRuQdBZjoPFc-_!nqKr66xqtvq@p^zf!dKM4+}BfqVy z>0Oi#j;13&yZ<+PR-6rvzCYR>8U4eG?xRQF|C2Ri|8!b@FgUzj`dsg5`di&{;ldU9EM zd}FO*`@gf^=0R~W@hW?~15jlysP2$wjZ*VOI-9ky*)K@J@t z70;t3r!Z+c1#9vt>~1`TJqu1b1^p$BK^&=O>>CcHc%fv{u@%2Ogj%~?j)(dh^2$0p z^D%$;6fQI#s^oo*qzm~|m@3G1y<^BvN>zKQTGT1a7f??7foIfydS?hXYLukK&Jez^Us&P|eFNOv5 zh}7&$tcU*;*(kt8O1!&u46(>l{->U!K*C%7CX#n^9)gz||1+|UqIHQ4tP8BXul)q} z^FF=>b^(rWp$}nL+?HoBSxLdSIRGw2Dhf7!)zmRFjp%XQqW}E}``OYL(iy>8fptn`S9D^#)MlMC`%i}QiSs8 zH7AISQH5$1EQlp-5*}J)fdgDgpUzPrD+PkH%LWcIAKgfe;9p@Fs^i#dUJDdvk7G9T zW$Ei&YTJFZBtE$F1PH3+HlU4c7xKCiKp- zkIfm&hs_Blx0M4Z7sJe!#Oap6*xFKDZA|)i5ONT8nKMy{zq*Czx3=D5skM~L$%f1C z((hTiAAN*)W>VKxkoRuN-!Acd9ku9p_BKHlU#2tELb8PC@2%>3ep_(3jV(<+@?EqE zyS_n>6{f~osr(Jn6DLk2#|mW{fFnn1xm!ZaKs`n6 z)4P^H@&_HM$;!OuT;RXmN3{cdnBU-N*cOjFYc;Lk^MTp8ye^`#X(ip{s*+L+-*&U< z8-cI4EH%p-gV{UD3FO~x^^-m1RmA+DkZXR8+IdLZ;_d3)PG=~y~mKyakM6!J&CSd0yXbr#aTJnLw6gUKHU=uKzMQr2 zhH&X3o<&XJ!v$T@=Wh6Qt~1iibJF9|os1_l_p)o3-jsx%c4PRO_OAQaA3}$)+1Bko z8w$?!_QK{r*z>T!G#*71;>hA*(mjD!QfCi#GJ~y_QP%rm8-%3HxQXtU24&dHwMzqVfpb6djRUW6{=D#>)-aKS`OOG0=CkhZZ+ZDZ@(#-%+p~w@ zwBxyTMR0!}Hb}66sna!+1e>PW6KDvgVa?$ef_nU!lS_-)yY6Wy;ngj2>E#dJP%(M=4=cM}6-!i94Y1EjDC>zuQ<7t5^Q zFXY+v>z-b)yC|Jq1%ED1QvKY4P1SYWvefX~A`|Adr7`!o5Wj$*rEeDeDe<#1mwRS! zo-`)~ZY3F8yc@JnAC7-oyrL8xpVTGF4BTZ-R=^QmSn&VImq|4|mE>%+E3BBZeo1CD zQj=KR2BTP0_(b#fSYjy2+=Q2CoNeTs8pHbf+|AkguxxyGNr7S+(uxLQt z>H~xtcn0)g#0CQ)PQ%X1N3%Y!m=6Ckj~WWAs5 z9gInfRtt>3I%XRu3JgJn^Qw+km7p6Nc`Y=&=-Ag9emgk9%@W((csSa>Sd-3{#>Z@& zZS6Vqce|&I5`@gK4{AB$n zufPA=^e@!u+u_pPaP|3hSHCcDbbMgtFIj&pKC0ZcHh&UUpDyqvF%BH*5!~r~vE`U~ zj=&edX9VVJv9A`lz{EvIP=h}Li&G6ImodRa1oLZY3f?a4oqx{|pIrwKh5X%l^!sqp z;lpRc;RCS$e=u$5i+eP>8CUF1p^_VO>(#60!PcpIZWQ*-!Ht5$8&fgDuh>YQgA)aZ z;%qL1_#246sHtqba4r&XWze*mq6!)q+{VmSWNE(W{UC>FtSXtZ`}CRJ(`R;0pV`kG z7VLh0(cMYIVZr|Cw+9nvcK#HuzP~t*+@|!D25=mjo6@ zfs!fjV~MGQ*W7m!RqBcWGgk!Il&s`j5$GI@51Y%YV|{n_rKJy8TIcyfp*Rch9`dbh zbw;h_B;3tWKB0`P{VklcEOEg6?bOpBH(>uFB%hd4ycr<*Ll+_W7a{rc1<9{E8h`dH zX_04Gk80mvbjt>ZouFfyQ@3A;g>PCm72Ly8x));5Sn+? zd&t1Nw>L4c`==h_u3H{j431%Xh|MW%Wks-ctW&8Jw#eZX_|M`0MXdTcVAV6TK&MAb zg41h1g}`)L9#R69zI(OZu8>vBTn!6nk07slCGpE%>YI33dZ{IHS{r^aa%1GB*2rmP z@rU2~x%N`)inF1wwO)5q=&vtd@yq?0XMZsIXD_uh{wy3xN8SmIzC1#K(2c*>MhD{W zM84J<`AOu_)QdN;rO`r?i^h@2(Bri^z<5|NyM8zyEIy9DhaTcDo3Fu9eH%1o75tP{ z5R}yl{a)V@_**_Tab#*rnL45>hZJSqvGIrRRF;p!)ztX%#}(xmBvYnVsjC!KW#h?$ zii`HWx7G#;w|Z{@9GqIA4U>DFc<`=shJ)wJfGnff8+UizUq$G5QR{>X=cM@pe!~lT zbkKJ=Oka@!ueTjyIzhHTb?>~=zc>L4U&#L+TXQ;xW&nP?o znq@(A zE_3@=Q2Z_A;yRU12}xe5Q<770nE2yZk_dDOBojHCL@}fgB`zVAQ?;0a;#^#g#kjaC z!I7#ezIaBFd;67iGTDz3DCtfnI;0LoLmJT_kCZ#5CE|Uu>+dIdX~k3QYtq8&SxcE6gL8{%fKF1Q!Rh8*yRy-8_l^mwQ=!3%!FL_tY*L!_(+t z@-%Yc>_N2Ag?;tfDDp?VmwX4gh*;}$p@zjZF4X8kk3wz`iJKK(`;>( zii%Ve7vr&xl-!{vJaMH%R^^U_NpgoQ$?Px|?~s+aHy-bZK}tC( zu|papl~$rR*$IPBN-4=WNkVC~MOvpKsfs2gv{)(;OKM7o(g{?trb3dC)|rqMHJ(yq zswAnZtOm8tR7_4lV`?!qCdX1J6-;%;Vw#qM!4K`M#uSK%EAdz?6;H%cs-`9(LQ`Re zP_$G^0|Hxir(`+VD@ndoJf4opN+PYL-MtA-Qu-xdUm_LPdQ)jl)6f?-o`NM$qiy*lqA~P;u#R(VG!6ougg{dg?g=;|91pGk7#wi|z4Eki^)YsB z(|m41n}U!fN>YW8fRG}ptdO{t zA@P(1Apt>y&`08#G>K;+E*pcOLWo01xRYv3>+6+Z-`vy?t@g7mqn-i8 zhXbCTK;WiXc6rZv(lXWhNYxRlZ)(x)VG z-yol+#E+QC?8pM0k*UdKD4DUdckr(4pa)KN?b>nAz!yn>Uq9Cmb0-Ih?(uEkKA7DO zt8w3sEZM$&54R&bc#n_%>+EIOg>A>3cV)kH->$)opT(tn@5yf8HTb0l$C;T%&m+Az zyKNv7wjG<-MHaVxz&IGp?$vYMlLew_;Q!eB79cr}D#6UE>d*9a*Ytceni-8gmfDgm zyT|?i2y9~;{Kc{?$p&n2Z*^66Pgy-(?XGUkj13FoXY<=d81Xe2fekDloAvSWF1uh3 zb1ZikdjT7F1Q#2`274^G$1NL#gF6m_^SzgqRbBlX2{5;DaZIbSGGAu>^1Xcd-piLy zolVs#nf0dD>9*N?f6=|mbUzsGe~lEU5g2LI8DSC3$y8z_M{FR75K$!hoOF)j*&z=6 zQI}*e&(2Ogwm&e}AWk<&r+-msiE-W^chN?p{Hr* zzNaV_iR2!NfXfjZ4nk!hPKCu`L^{S?{clf7Y6judHhJ>iB25E!<}%#w1)wBqZn+fCxqb?*y@uWCw8_e$IO*<;` z4YSGYP&K1vVd4xK8qDwcRH#-mU=m3M%r+=wN<*{lK*IzkBQ-lR$oi7iP^^a4j$mTz ztH7EjdA8YIt1Yu-00-9pkBsh?!v=EsaOpY_F;V53xa6 z?Ccl;bK9%Fy3H1w?=O0z&T4`vAGDes_)f(F?J$f<+hlf-XEp=YI+S7{`CDryG;5#I z8WCP>^?(9m^YyQpr&$I6l6VDgJX-nQP%YY=Huqfr;U;x>uzn4M4D4!CszcVBv12{i2$)0lv?-EL}YY}(6tlYS2Zz2US( zEKGYj4^sf?Y`|O`!VFYQiL={)TJx5^0?2OHO`I!WqUzWyP1b=?u9?jkPrc__>rG_i zz>;A+c_lu?w!xclR#au3b;e*Q!U(ei9A~jUL{4~kjCJ*s1{`&3MYq;MUB_f}s3$FY zKe?CB%XwYHA+@%(Htpryx+xA>W45i;QM%ebQ1+0-;V=rAd5Rg^`bvXs zT8+(0$J*9c@&*it+8vPQ>{(ylt&cjeZuK4*aC82G+am4<;-`l=pkqymvqzqVnZk{w-%rLbTt6dK^Q5ZHN{IqI;II1*t-Hu}7UL0xy1%jLF zOgM*{_Hte)^dLZsK`fbu>YThe1&elYLvM5qrXsg8m{F+$`5X2t{Q@h_6S18`bUQ)^ ziZ0N=Ir?m0OUY4M`LB2%1wrKF^yhou{!(XdkQF8Hh){cSw*s?SECQj*7b1F$IlODP zryvc#LH<1bbNa9h^USCV6dWIl+&93^(B`-3Yl(FI&p@ux(xBw0LZDBUbkHQrMzvhh zQi|5F*<>}Rvud?iN~bfSS~XLGsX#%KX@J{JLuP}S&6*V#=am{{kg+Wc0z9m_6>D1E z)VKAOdc59+8u_T3x6S*QcQKMO+tyd|gpD2)?YrJ3oQ=w6qY*G0AUXtjYDa);vUaNt z%xs@SP?;HvBVRM*n?C37{H&j=m4HvwxIg3rZgiaf%vA#&YmG zaHogq4<)YWdGHATQh*>*a4;! zZdf{>7AG23v(7<5A*4GeymGQ-0S!0!#k0P=_b8aw8h_I^%#s?L`Ffdv!xX0a$$3Y#TL+-X4 zlW=&W`jn|n!r_%SYPCr?d;~Z6lY9pyz4^A^J}C(9XO};A&xH_)Ec4`=J;vjKFeBL!mQb}S{gE~Jy2@mRMLP61Z_hz z0BCE5*|j5lo{5_V;|gvZN)3d}yBV#~m~->Yh`UM~DBNrlB-aITUO}2W=r6b(z3c&j zQJBVM{YAIc9v6(f312Za2yk02xfSY&M?|FFr0!wyAyD%{8X9i4Uoj}SXuDKN1L?|`U~D8_%LXjyTsY+u>Rq3+2~P} z7#>7n0NHpqXGAbQo8LjhlA;nSsa%g$IekaT9EnD+JQ`aV9sx+{Qy1|m9VkAsr+*A! zi>XB_y^Ve-`3r{HP#~zP$B3-LUo6HA6cR3mY&*D^I746kF}jr5a(H-zeuBu$SGk2i z2-Az!w;Cais1OH9H~WxGwXnX{;*$~2AX}rxL{HWS@sEX?6|<)4pyE1b52;Nqy@!Bh z!=R}vXvzv>veH^@Da}^56UD@1gJ>9PSup>?C60|~vI&}pFkR4A0Fm8_@zlLYYS|NZ z<&@d(bhSp*Hkge@aJU69FvDtgJ3+u@+iK@fYo+9K^aqM#kmR~8ohB5+OOe$60{}@J zlmM4YOV}a><=f7tzIxJ8O`ZPvAHmm4Z;{^4dr|e9AcGYm&Fn>yesWq?ZhkX8a0F!f zD_|1X)*RwN3~Q zv_4Mobq%Y^ zjH?IKE{?22i{0Q|2iG(XoTuJ>`pz-!97$u`Q{2^zaZeds?bth}oo^ZA(D|FVcN^?! zR|*<>+X3llVW7Uv)~pVLuHG}QqBlE_YXC@E8eNH4%0z+n$kbUMS735+SI@^8H7LF7 z?2W&AgvJ)svJY;B=1=TCkDKcAg$M7!I65+q8h7SYx!)y*ZIdJ7Lw0@`Y@_FgaN zuUoT>ZiDUha-Kv25ST-8$W*xcpBe=8?$TrpzWx!>U{KjhJoTn|!Jl>w@Ts8IS)GTY z_dHG(6>c6tYgTFy;4xg*UShzR09t40P!@&h2(pT4%=xTaCR3XAAmD1gZ=s~^uv9qP zs$j`+5OO$=P%LQNskl1CeqY|3{4BK1E?Iti?F=tf*hXismm8>qPuT0_Jhs#RQQ&s< z@_;-@GU{3SIr>uohZUu-BEi$_63`xc<;c;ATrTQc5q5v?qJQ(^r`}C>-W-mdkC6B} z%FhBnp#MnU!>KYF4-Bp8Wr%c)NQwP!`9&wx<=~_!1-31&ZVs9*hL79+DH!20H#cI3 zwDn4@&F-BNXK$K;@~YXfr^LBOF6))GPFHnKeyDBMRp;dOtI^twGtEE^(Xe!oPrA%j zK%ZZWV&a)DnPyusJ7d~gL(w~^kv6op#Gu3nJkr2SFWYO&K{&b2^s=6%nt{l~)z-L| zt02*`c94OzZg*7YNXYph^YTdjx7!Gw3tetlib3D&j=Qc;z~qs&W{pV zl1ON7l@u29GgD`&!wug~pSbBOAEi5T=cCT0J;GaIup$y2u*C*~3yY77MGQwG=n-UW zArO+4=-$=G=&f&}*WZ7J?t03%tntD>Rfqzdkp(a@0(`YM#24EbQb}81jq<3Nn};3_Iv}2M1Www%ReCdi2aorZFYXJxt=7P>ZulU}$D71cEermIfUbt2!rd zErB`GwX@>PyoJHQss<9u#H!Y2e9armc6TktQ*St|TI&%wbiUMW&p{Tb%G5yuhuNUP zPJx800uWxNV``1IwQh%@*a4zwTutSxZl&ZL{UJq+Prwfm{~8bFId155@;g8%zmDhf zKc=}{g5a<9A8z@(Phn>VPgDEdv`pwj!kFH}EHbI6C<3c_%`b+~om)k#rdtBkFBf95 z>kJq0dg-3WaH%S>Ke7MtHw(dBb-a3FUJL zPtHH06~*`ny_YZOh9j|AG-WFR7?pm(=Fm|mSAHlc*{j<@K-9T!h9me@gs1xMF>udP z(yO;cXS+@Ij<51$QD_285TL_P9R>G4Rn(7q>X@pYH4pSmyAwpe9vIgh7?Pa92e?Ti z*0;Vm;gkTYa)-47oi@|f0-Ql9xQr6O#11-(i)#PEqXayn+X9u{0wG$nTN|Nn+th&{ z1UBu4RfiO`-55{ZOUgmd2dyXBqKO0Iy2-_I#9EPxMc|;_siK;pk|) zhac~b*&`TsICn^O;6I?`3({%2`Y7#jfW(WCqg=)oOAh1}Uj_jfIdVv=>kX@G$RN&5 z!qJ=T8%@?x&;?rt-Wi6&MsAPmYcNr^CZUsEj~4|uJcQj{4~p4oFtuT?)OyQT^ZiAS z9{||2?JjE@%~@aGU*80_iXM$oCtqbXtIdK?u$!jpoIC+T6am9L>)>#vm-ROkgf!F3 zdNQvM1h=AA$Z}TDLV$e~oFxn7VPN*PZc~qN*CL?IW+&`=8OiM~3$>vVg@n##q~j?U zNMlw###2x5=F5PaEjH;ht=}zAC&<)x$`^#+NaML2P8$)DC*>m_rE6mh%_0X(h~A_p z-~x$$jedSAm+Q6u8vWkHGTj2!;%j8ly$goT{l__H;o2wSGDLMVO6*=>F zuadHJJvVj87Ru=yK2OP}_GaNta-ftK)1_>-SV(6PlFO9}#cZKi&XkJzLNE(Y$)<{0 z%_yXlY&wj)Q-b!ePl$fB!A zTCb&8nJL*qI9o^oyr^VLO18X^EoU?x?ouq^mD0C+56{K8I!b~}wW0_K^Xh4fv zu23jcQ(CFSXg-o(NtKI*JYW^Fxm-De+bN`cN`||I^C_d0DHT#uJ{<YB@!V zxKTtZX2Qj6wg3o9g^O^%LP3X2F{4*A(3{0-A*~g(lv30)8Kr3G(Av;74eFp|6v9Q8 zMK?q!v9f^)g9O{NDi*6)tkxjWGniywpuU-R;{gNtr3T_T$oxT=exem_kBU}o9cEXx;+V1{6_|I|B7AW~)*kzV zcr~pR(GNIWEoY2)wVcfXXM>Vfs0FK9d!?$`pb55C90y9Rf%&?1DqhvonRFSjSJkU5 zTxBd1uhz1_o`E-3YlRw6PAXV6o4dG6TXhpex{8g$=3v>Kp{pV8Mh8x+s;axk$2ZI7_;Ofc z>R^2R6Y3Wem)FAaV9@cSat0To9XEhP5v{N7pV4Oboxsd9fu|!McX;8X*moi?FRRNu zjyfldkB^v2bH`&#>W=Ko?)>Y3tUr5~Z2bHVnSJx9T>IcnGl0TVZSwskg0eOJ4o!7s%#QdG#dQ&>D4nmpFSJ4QB!09E5W< z`=nXbnws4BVJ5Ps>AJndQ%}y~PE_1$4;N0u==vE1qL_ihG3@}TWngQ*34$buyn_#bbbwet(^A3HOrV^ z>sg1w+!(rMH4SZZX>9|A`>M5ptDrYKYiZF%I+-IrZBL0t9c?cL#Iv9-Q(Prg37%y> zeJav9x^zIyq=lo%x9|J@rO#9mm3RI#MXtFW7dX}2t-lQYr|A*G&%}3w@AgE0MOok? z{QlI=vI=yfs&H17U}T01{1a!mBh)YGfg=vYF;L#~e%vt#h0M<-sTtMC1Z3SKX+XkSBr`64QtBv{~Z@J*hLrZ(k z>N#~;HuBoy|WWPhoA577|0dbRSYkZk|+#d7B}OG{mCrL)Sk+A4Z92fL;* z?{g51cAF-AL$upM6?EA-d75gs-I(_|oM7HvB3CS0XAGwx8s<=7`Gzag1f|1&(g_DxaGsmnYJploLvJ7Q23O|)`O=^dkKy%dVx3& z@u!;l5*(FP*P-N4U#a(~Ca9F_EvqA~2iI9O!WV6W>udH59L_*btgo-*rZIzcfH`o_ z0}is$AGVG22zu)}pcZ3B9lDuepYP%zyV209{HhF=K^L=Z)J7W(v(B12!8$0L43*NXD@oTlcF=%J&I@_*eK$7CdowLvuX5?pzRI0Wq}`$)C{p@Ml2UoLR_ z@6{g*Dab}cVu}y&$z7>H_l8~DO1RoJ8^)3DT1e+xb?ha>-M4YraQ0ce7})X&+|i+; zv$+$i;ILt>&-WL-fgvut5rvF7f5FrAjoxmJ1;Yd}1YYK_R;X z(ON-Xw3lnn^Bnf&zTr`=0~aMH3884orT7x<6$a$WT$9#{YFyQFcE~p9W#(9G#}B z@-_Mdl+Mw^e|7SXm%Be@MuwTOtZ73?8K1U~ha!Nr1)l9qe{&>Pw)RUz=%O}%mR!nNC zTqfyP*AuC9p@~Y4|oIC0xZn zSxV_O@wjTXm}I`)7YWxWkVI8MGy=sh>6fPyuE78wml^vwVN8IpD_5OHB@l9xezh~< z8XC6jg0u)duyrF5mmrBck!Yl)S<zh zxr#ZWB{vQ&uF?))XXM9GK|Yhs8LY(bR2zFIq3mO$!q`T_0)YL*#`TkH9Y9h^c|Bf8 z`fWN1*K&YVkQ#?O*Qx-IE4nmZtJad5Z*zIV)z9HhC1c#0~=@2Xi2_|6YDnerw~ zK)yoBQ`jlGkwTp;obK@q=-87y zYBKi~9ib+9<5BS}_W`#H#bf9JLlw>g7De?Pj-Amyy4uUhM4T_2Fs31q~u z2)!o{Vrbf}IN>fpMLh@%6YoJ|5Vh?k&c4$AVYtHw9qc53-C#HDAFdnK6RNKnbjEgH z@iw#qjCj%zVP5Z;w1z5XMMcf`Ig1`_@MC&4gP)QZtQqwoQLhnv#^P9tE23aN)D1sNs4IXa*`&Ok;CK)a+JJ}k^*@lc>%eayog*wZX@rfqJzO(=jzRg8_ z;8Aa~?6kPy#EGNHTeua_&uDy=$NAzv+`wSI7JGaxaCjuI#?2AF1`|#L_)77LgI~Da z0S}F>*wIuidFyePB##S!0bf__?!hq7P4c+wgyRyXS3g9uUd<564%Uq7vt3@J>%>-6 z_`bTSyS?UB^KQA;+4#j-$>=eS z0=RITLPpFny)GK!mdClvhJVr)kfBLiz=tO7e)y;^j)*4k=G#OT*f`d>j7>oCYXL$7ju zJ?|@F>#9$Fr!hgP++QOKM}Q*)P|wh}@U?qZZrF~l{kq<~;CyC3K;!c@DDam|s9}>C<>Vq$y8K?86K`YR{3t*;qJ+SdKB`uOA|C*9_QnH6M$yd?A_sx`i0X=icpHuP) zN*=%^gn9CHN~X!@(3P7!Ny#h78!35^l0PJ$q~tUuZ=&SglvK&f$t_iU|gc z{tijMb5vjRa$YYxvym}|G5DIZR9@3`XY{AXj9K4Dc_Sm$X93^W5ZnHehwgBU;rp@~ zVA2|lfkIhxnE|k5xG`geT3OE&YKGg^b>v8*myGyCJ)KULeDN|9qOGt=yc8bT196ob zLHh;BRsIlmnSl9}Dg+-CU{90r18)#ppE>Z5AIJrMgzgnkM-oQJE&)Lq*ncxmDD%Ix zkZKU*c7rBjUnWahHSbQftd{h<$hmFxY!$e+&bzlbrhDD@?y)of(`q8T4ANC$3|;N) zThiF~u|tUqk+*$l|XoPw3 zttOZozbWkctxT-CG#B9B3o5-o^Lc40*`8zZX2Z@%85@ zpoQXATQvr#!JwZMkbs^V7;>2cifDsSKn(>{(N8AxR@FWE`^2+Cpg`t(F;;HVR%vM3@=`rYV?I}lMHLS zF*^QQ(BOB97~Tz4qc2=qoDBraiZCyrmCE{JTV<$(fmekm9G+#K^Y6@a^I^&ZV%MMC z`2KV5dU(*cG);X=)&BKzKTPtSB_G^{MZ{7#`n)_5m~gzGpl@Sd4&QppDS2^uW(UgH zW=6n#k#y#VK|Fkd12$VxC*v$J$NdFtCaxX~kFzuy%yC$^q}7UoVNd2TSs4g`vM>tB z!|m`2Cz``xbd^z2R00UI z!Xpv(d3;Hh9dulkf?|^y4zzGf?0;Qswa4sE-#NAhZ?y=#0G-gS9g zHQtuqJKY}KK`FPpO=`Q#^R|C;o@)1PqYB!5?~`ixZHS84-j1lSEw)63Y_a#op`D2B zZLd-7zP&QnIB^ev9%ASZ$MZ-X{o8oM!h;64%y|*?spFR^JwTt__;05@?=2q}m>S?3 zZW~1$e(vGVM+Tf^&}n8;a1lRI4n%Xj1Co(q>kxRJ&?w+Nf3l?3M*I9LD*i~v~*i~v~*i~w3z*TB-tgDo~$?StJqZa)x z1CCbct02$)oIDRF`S_C?fAxj|raQFtBPh^-$K9eEJzpi!)h>zv4f%fx`-7GLzZ|3d zLPL80K3=zb$KNJiciy+J`oe$BCpR8^5Xca8@He`QfesA(=kds%QGUIE$D`vFdqIi^ zBN3lJzVB}p(f8L4+&d~nuN#WDCqo1-6j>lceD|%RdUoRZ#ZvK?f#1i~Jx^TS3lEmN zRh-<>k#P(30%F|`|EwoB-uX5};qwx{_5ud;dxJq|$HfHKEHE_aw3qWf(a}1he)VFm zPuFlK5UyGHV}ULXK|D11v=AO3bP$l88qia=59%#0$pG9Cu|We|i9v`PA(ZDukkBa4 zi#VYw6nw!z=lhG^<`Ayec)>pB`->x5aV4w2=zmc+_UEiG@753NB=kIFg#6^Ke|(`t z@mmnp72o=Ou+LvR*ysQKz@9JMnp(F0-T&mq-(CX+yj#u)-$LvHMYTm@k4g9bH(ed8MXWdBPq zpv~BRb$P<@D-SS>#j#eDi^khm#I-xNFtObI+whF@|Gr9}+<5j~|3Yl#c@d>Q5%^uk zEBlROmHp?0HZhqbGZa-+KL^FBuNG#brnckN}p-nD@&ULPYC zjWp6q4mO0k7)-FSOY=bu?tW-3!FqQs$;K}A!49Sn8r+h8kP`~V1l$w|DY&Jjr5w|w zoSc?_n&giF?V+L2a}xSbOLE9*PfvUAd-Fyk?W|*yuJ+BRBzxbx@4kEQ-23~{9QA1a zoJbB5!{Ki>TrkAKw4`Mlp6+00TNktFmd>#duaDdd$=J$q7ei|$dK2A{?sKiSrF+X} z-Wg@pmoKqrks{{O*>0|v{E{pB^TV?pgfH3ISpJv6*$4s5&}@_eru_xdNY2j2a=@&a z?IeL|e@cel1|r~C>tcYi+*!r@lAVpEYq=`^a@hN`F_bOkxQqG|JIH@gq)`nfMfbjA z1$wjlX-&-QX_!=R-v_e#BrzUCvBl>D`teLO^7>~TxOV5YX8jaC@^{oY8Rx2Bp!=Rb zk+Akw7yjuJPEGP04Ar6x1siH{d1 zB2)$IYcae9((@mTS~+0|;NtF;Npsw4Im0>xYBuhr6#!8xjLZ&Ri6HA0LT3a}n@- zcdi2#e_$>aB|mtVMxPj%i^a*e<`hDH&s--`esWHusm{J7zZNH z$k(-&LNSU~<3KghY8@VEwLuh}mc&mSZgs#Y+HxTkI4uXG2Et7dc{z$H2bV-HSm$20 z$kU0gPoIK??1SYb?pqPyp8knM|YY@{NC^0KzF=I?c?9mmQUAOGObPU;!7Z2Tk z^5e|-WjfMKlN`(Ca-197uwFd${7GtZ)@$X)e+{nQMmT-t(2Wn7cHZ+R{Boh>Ph=*$ z7`{7`9nYEKXiA&alwc+SqzUYh3otz!W%7%pLTZ8~rxu}IO4ZuDOOb3zMYOD7Ou|e} zp&_}FA+VN8tE3AJwwRkuE^3H>vDi?2Af~iEoG3<<%)jh!EX7do&dKCBjXBOrEhFt5 z%^MwK*kIwyF&xJ+&PpWofOm))y|C?-w_(gO@=eCt;bF;4gxA(y*4w`V&UT$W^wLS1 zc1DId)33C%YB245YPxoeq#Zn6xnk8IXMMe^2K##P4VFO?{S0oTovS`MGR)xfjM)b9 zx2zmpxx&08Iiu-|)ktxK{IMQC^6FEx$GzbUHCS$X2HGsk%@kR#>O-4=R)IFjyxcU) zm&zu{^_yl^nDZv@*0QR-Bn;#VTB@=Arq}idInP zZw00NR#2_ariyuJ1!z9B5}PgMu20F?L6@6Du``Mas&yVJOUWbpAbIU5dFmU~aS`JX zo5HHY_DH1RIp)tICS;I5i&&9*FW>W6a1Q|xPpihBB@#(ngoa%qd720B8@2_S_i4UJ^Cg;}p!qV*SA@o0aiTRZLIbThQ818g z-AJwOqCmB46;m0aULKzp@a*vOVS7=L!UJxF0=@bhdipg7>$UuL903pt@- zVQ9gl1z%_Y7+NUOLWve8XrW9C6(@>qLHrQC^@2fLY4PJgvtBSP>vp%*J&6JUu>Jrd zvIC^mU3>0nc8r|3=byh$kCBmkMUBE(z9}|30Oqj0S?qXdIWpXno#b6gnuQQC#RmMx&@?G*U`NqoHIp z;)y^MA_Qg4XEeTvz!JBN1~L&?=Y^Z9Ku8~fa7(zs)2Ug3C3?6iu=1It=iV#jSwi9( z?#}2KkXTICn?Abdf1kk){xXr83i^;C?kySF^OEZ30Ed-@IIJv+!^$E!tYmKEe^XN7 zSa``1nMi0%6OLtUPPF*UiQ=(vEQRA(pvDo<1veEZTHDAGF@_^b6UX8+j>V6r^nguS zGJu5vLYK;NEJPBzCYEDKo6vQwd}?~C%CT@z=qgsBD^=;#;f+pOqn;w(DJU141$fUi zAc>|5tx_VNwoy-Q4E_I?6UP4!j3SA8{R2qW8}GS zO11rrT2(>MNJ?pTt)YC|3brFocg;z`qM2At^F*%;59ES2_%LNLh3XJU}=g&&{L793? z2^(XufnStA8;oz1LGHraL{eOoL&@AZau=fsP~Vun~{Lyjp_b=0t;gsE*VYD}svKhsuj?+$WZ%>b% zOp4x2QaDa3ML&0&m3D47NPnNXR@Rp#!}t*Ig?~!?_!`wz7Q(xj$XR2Bzv_D2tp{F@Yv=gw7Yeuhpqaq&t_%G_->HQ9h=Na*bRsMKq} zT?@C<>1zx`2Y352pEt;UgWPG59=D0tdVBi&cN;{A-d^Zu=yQ9GK{lUcp;C(|GadY} zYKn-tt=?iJs8i30dO$kcrR}7gh3>u5eW8;dQG#SX5XSlDzCaar=s#KYq?905ST0e7 zn**IAoil`f;*n>apBu;$J-`P*)R^tB%?v^*_80hOQRYahzwFF0UMHk{R%k8DZbfIq#Oy^BPpZ!#Fxky&eE$u zyd1|FHps0~w1$Ql1@T(BA`M#9wl{CS5|knbEtr_bo|w3w8_97*YDBJz_owa zqkPWGdO1%X=8IXcP_&E1ELdOgo}4_ymh(x;o*2(-Iu7u&hs)!IoL?yCO67b7ESz#7 z+h$JbEsvML2`g57@WgYz@A;YXcqQ+Z3SPdP2L~-*$yCPk;Oc>;P{@J4&KKZ95i~nE z&ZT_CFZ&a4q3q{M@NZPWN`x;dxw-~bnYf`}5Ph}ZA>&8Te&zR1kdIyiW%-CSY{)L@ zL~-p_!O>~uD#KCqrB}U^L7)Q!Qu=P3Jx#Ve#b}$SCZ3~)dfdwmc)4--`-<>~7ZV;> zMIMG4F$9t4UO_;A!`QU{A3 z3k=hjh#HYkZ8}ZbrPz3Nml~wN;0)`x^*Mv>ju%)wSBxLB#4Jbqf}AfZbf73r6e|fS zGw6L%VIZBbyiKPRG`2J#(*dfqqVrCwtYpvzLAVeWfH`|EWVcR++y_=ba=_(dAF1LI zho3A46{xJScS>SLv*zMq8A4@X{%t2Z#~r!Ef)E5zf=xghlZ0$&{pANOnjge)Q9>?w zcvSp#_e!|F0~9;K-(HwmGZuhLxE32Dc|0Gq8Z;vTOy$Kq}ZHDt-I7-gJUv z$v9|A7DiK=4RpT6Z_|FX;oYy6@9uX|_C*#me+xbz;Z>t!&^6S4`xqEe4ZmGz=Q0 z<%6ewv{8ELm~ra?LT-Nl6#198=#W<|`trwhVa*sFg%zV%+=XL_zoVnS4WG{$1lA4@ zOqC3nD#ys9j zGDC92{q>SW#3-#=Zy=K~lQY{gkS1`{=%Y5BfAg2DD|3zA`-@{P^4%LxknL#|<2J^O>sCS65EdAc z#Mt)u?~w<-Luc0wqDD|C&BlM0GDUFS13k!2Cu)*ac zapehdBrQvgwFt1`0QHp7`W})&dq6EiA&?RY&=+41q6%!dC^+ZGs3=L;`Gw!Et@za_m;F zbkpEKNxqCRXgB=jqvVI*qpOF6xW}Nk7^GVD{btj$7(GT>zwtF#puu_CE$!S}Q2?bB zy6)Wu*|1^tYWP4;5BgYRTdz85o{LuMeA%Da^h=Jw^r}l|x{Gaxv8HoR=zgsUR&uSu z1iH!t5o(IQ5Q1eO;*h$5L)sTE{ew~0G&|Fnyi4k-scP%4YIR;#4}w~)R#&vW*1phd zb*uB3ELH2Nu}1#SLGA9Df+c9Cxd}%_GgqxK{2>Bk zG;G{UGT^Gwq|rlB1Ht-XB&mQA{xGoKuDBN8xbsh*AWyzYaWs5Cop#+q;cVhoGSfRc3QpSYn(wE;+WU~AZn_^#2C_!}ZeO^^AUEGHqR+cS z?|2|S?=pB0ZmC_9Ba>57(mA2ZwejdKnW>jhJRi0!3y@@;PLvO8g~ox2)@Zh2VuoT6 zUUUMEx~0n@MVm(pzSfi^T5X43phG_eszZDBDYZW&xvb=IeSTqa601Oa@l;VT!D5Dz zY2%fKqN8boBgDi82IA8JllpRVx!}P{1sv0r__wAFClgoq7eSlpOavT`g`v^v zY?lcG0ObXp_O1V!R4O5K2oCoSU&{#xl%lN1dYbi)u% z{e|brsSoJ)=s%KoK+l{e&ykNXh5*0YwsCIDAJ@f(KO^h$*!PFVOpa@&lyQ`BPPcr{ zaljeB#h{J~Ouz>0rUM3P7~~Fv_#ZMEZ3aQDc7d@J zXuUi6kJT5O>3S2C3u=4#;EV-l3-bqBrWA*S+%{Fv2Tl&-teC6Lwghe@sgqi(78jaz zsoGKTBycm?Na9W=+9VMWr#cTGUMAmfnFPOyQ{-`mN}qFL%-Ij7Y4Y&-eqHH@n$3%|`}f^PJP%inKP9lJXG?#~V!~T(uZkm?Try;ovjRpr?QB^A zqg*P&BNxQR5{f@A-N7H1itxutM~%!&S51Y{5^4fVzs(9bfXoFXNV66cO6@Tbv%Cy>GwvryPTVfeRYO1~c6P z!WOFy7aDdtOa$y13r-Q=2IGiqaei+kmMFA1CPM>5hZcJlJL@XLP$M231T{DllX;X< zYEq_6%HUrL7hbHEhKa!%)tUar(i*NvfUu|0S;#feh^^fUR}VR^EdwgdaYn%E0zbf@ z!v?9+*$G%I`&ybUd!W^(%kB&PY?W1l`nY8Xtv+87O7p!bCDpCZqg8L3ZQ z86xJvvx=gkq00nPWHY>oOmm0+?FZ!8*BJV0U|vzCW^=8k7Q5oc?Z5dhd73;!K0xuY z?W?Z_4dPyDkO!^z;M(t4wc6|a`{Zr%u$dV_1&k5*M1u3_|6}h-pyMd6{8iQ6bLbdp zBw4l&dom;MSaSw!!vf|A zhYt?tIV{I=1Y%&x#&5$uNStgi&aT-P7Q9u}-7`JX=CH8+06@xYA6Q%V{R$(>F!4IUB1AG8KvZ0z@8pOC)sly#lSc2$8qm z5}Bxkq6||p=#uoFx0$=54^uJH5c%!fG$jEiq%BoTIwFt1!*ZcfkEyX{naIg^#KOW1 ztZa=X_7jY48T&sFN!!y>U}t8>=lQpaZ3r_3l(d2kw~(yQ_UnYUJ2L#Q<^?}5?!0$K z|E0Gu{fsuPG;IbZk8IcL^#Yc~TQd>)X1ku|Mip#T&Ae%3-wyq&;!DEI2y3KV6WJ-k zS9ICp;!*;<)5qazjrnAa`vw zY$w~v{Rs2jU1cXG2a~({4OVM59;2jOT}8o%tdUQqNAIZE75ix3{j9DfdAtLMM?Zgg#_hic1%f}=TLORM zz?Lu-zQBeGZefR?q7}9Zf2f6hBdiFz1ECem>dP9UtLP+M7p!e-50%Aa1YdW>x{j{$ zsDH#XXz#Rn=wg)`&Ps<3Z1zeDZtl*&?Qw&h?QVD+4riqYYz~LVoXN)m~mzZd*s2 z+$1{(RUf0nT~3|Ln(X$>0MC@_BYMg`mCB$U(OKnT+jF*RC(*G^-rVX_%%~)H zdNf6@G`FpR9}VS~gGS|BPRkizZJaZ&Va2+J`g!weK}%HraL2=Y$Dy5vg0md|?d7d4 z-6N$j()hPmy5i&CQR!skpZZ@I|6>7c{1>O}%8gO^vR@cX3625If(!}0KI4%qe)hm4 zlj~pJQqynE1Zey3qE%nEUtU_{^3UJ>)_wbMaP{l1kbT8etmpr;AOCinhW}UQe~;6CVf>E;oCg1YjNxm?|KU^VV?6$I*aaEB z#f{xdI)h4Pqqxj|#$l*W4rCNsD!h++U<1OGR<@-tWzn%IvdjsqGO|@ z#UC8#)e>$V=+u#nERTa?f(k~~Ot3a_r19cN6x+@C+Q zX&n0L1vo!&*8Crx3r9+0c=~Urv#etv|L37g!VC0&41m%9T$L2e4F@Ak0Hv1p1?D-3 z0c6kQMEKfeCO83&t#!Vqrr$>sZ~RN(67_Rx%}d1j#ThD%UWYytn5r%ORY@DrM1RZYSl;)S>ePLmRj}xD~iMqqeT}q zEL}naufEP}Z4L*#)*5@M*XnPf7O&OqaJpK2!{2r4wU&ApLOrj6*$}bO(Cy(^8f>N( zel~3)8F!8bqBNZFWy}ldA|-cpQ6BKFnc$2p$Gg5z0rGLdH!5Y5{E*#D&6? zs_BAW+AVBSE^_@0neguf-7lcAZw+mz@N`iyihF4bv2BkP>wUp{gufuZ@zF=UJN7D>BvIP12aEJ*H(B|O6W5s&7JK+{<57juTsA!ORIa2p+&a7XUHPhQW1(sb7RB*SQ7~z9a{Xmbz0PuCRtv=G7h}MqDYIcx_dJ>JDFrBj z<-%VGBSCc&itBytJhJ*Q6M1Y?c{^F;POnnU$tqgBeNy7NhKerQ+1l#wMnlJ=B7m^2 z)8E1bP}MBrQD$+Zq(QHWe-ldXMr%;g%Y>|?A$-g#*mWlCcSQ%^Oy<`+O^y(3i?RlcAPI#jck)smht&@F7!8bUCYstw}uGW32T&MmdmFu*-Qn^k)mdbU; zr>R^$M^d`}HI-}SFS%>wvbMh4(H`^?`Zf9^+Jbjrxgt@SwptsS@bi2UPOjEke{;tu zYPC>(RhxKKyPxuRJc{A?92$Hxs@j8*O)s;$Zdf{U=!#H#m644^x<(-aq&iibX=X7K7KY-2Ii(J_cX@sn3*fq zewWodVAc#^#1h2<%F5y}WLyvgsABpIYP< zjg6_6(Vq3xE9;nKtuYB9sKm9#1J8jfM;Ve-_F;dERukWVbD;^{e9E~{jnWcDK35iv zWum9aN=W#z(ZO2xm@HGW=v5uB^u$%YSknlqn|h#EqT6VAiQ4c2O!)|NE=pxzWrmfrgmLao%TMsBKQHAJI?9Pv zJB4VbD=p!dc_Zy)8CQlm;7ahxYhgGbd5Io`5MB#pUHR!wn?>F(=-i*a^V3HwaMj2^wiG89ZNTiE4sW zrZ^m*bR=Fr4o_>^GN?{*oJKJ_wy*t>FsN>jS^-40ODcIGkS5NQjuO=PhVUyilgV=? zx2R;o-xQb>8D@1z&?-4uLWhHv?5j4KiG5b;cben(G|{s#{>fCj7RD(Ce4d2wnx>Nw zR*%ssxh}%^*mNaKvheOD_|q8=pi2;r57gvJC`R}QyQh%}*6I-cE3@NxdT~pB7XD?W zHH*pCx>;+kRkxMDuAUTR_&`Z?+1AIXIS3JX< zW!_1S;-~RJ9wyhEg#~;Ve}VPJQp-W{1N?v3eAzS1&+`=NC(m-*H!RhA$!p{fc(0n2 z<$lp%_zFMA5uO#^Ko8RQ=Y$(|H|w5?X9r$K`^6W;f6zT3VjcbaCyHZuUiHqrm%iSl z+ZRVapxUGt6Q39BZG9-!6G{*zm#Sa$+cskRZ}RcQJ2kJ z*4%j`x&xWa=3-V0!3vU*sDZrMto+j#nJ*Jqd9FumBxWw5(S`3s)u0x7p^iDnGptuj zVpLty)qH2FmMk@+*{X%kmN`X}EhV%VI)h{Kp(+CFcPG|0|tWOV35T^ks{Xy19B7; zXdGeoWHE%oGDaxW)lMU#ZyPqS$O0PzvKhEmHrkt5xDZb+99BY8^qvF&^z?N1#A2~- z3O&Hh9%k>3vA-BIDO$GzGM?h2fgZ&(riSc}bun94R}Xvd?4qCz5tCEo@k0*})7{(4 zTw}em$qnk(+tb?d2hd-xBZe(w&aMtn^4Has9BcqY!V#J60EI&cDMnc37*w`{ zz4NEcK15WuBc!k$96!kHoT;D>2nHe=wu3!`EC!AlX8a34fTJ*z0?4Lp$ob>!3bo5| z$hn9NYMQRDxJ9-qkGOjRu}el*eUxzQ1tMz}3ea&N9 z)`susY>{8-u_f032~!2S{gbi4Wa z&kOn=#s*H~{O1!4|L^Afr>n~Dba^~Pk~_JM8O^Ox#q^!=`KcX0T(Er{+Ic8A%kRIj zb8!Br(&dhy|8cnNF8TYf;8DRS~PT)T*d3n-0g(b>5K0;2nejiK+A@57Pl55Vh$ihsP z`SsB{fIq`rCM!M}{bw{uA^JbVREyUY5d1Fh=Lg z8UUX~(;e$;0QN)1hv@DVD&@NbewVC>xC9Fa0AGuBZd5U=qYi{g{%x?3X`F6@t*XM! z0z9+EVsFG5^-(r`)M4EgEH&X4SxNI{MC?Sc60+CWVYk<+YA}5tOe+!GPg|g+Wf4<- zT7Y$n2`T`nLf0(j%055FwM@JrK=2f}M%LI}1cn-TQq{~oyW6)J$SXwm3jz-#;Zc$| zw;Zbc(X!_WOoObzPJ-rvxCje(B5R;y2k5Q?Cplc+ zVDy1$7YGerYqXP1W^^&D9zHQVH$0lGdk$7^kCH(>Dv*7tr0=yHG; zL4P${)<_b8w#!n<%0H}<>Es*)Tr2mZwbC78#GUF@3RE9F}#Q?v;^{bew+s%;UNJF>~ zoOCX2L$jF1)@Mb-6fpe>>#nDbHJ4pSP$%d-7+(d_6BznHyc6MK*uphK&hGZ#iCtdn zl_r2DL2zRs8>ihVn7UEA{vI6;fUX;vZqR`c0@GG>O2Ctmv`VOm`Wgg1(-zt8yZQ*y zWn|F_b6h*rK zzUuBdGMRJ^lFTH8872sVNth#aR~$xKxGJ-BtsZTCLt5R7^C2Y2MBmQyjVdO zZ{u?jJfDa+`g3(%IaEMp#kcRbKBMm2!>5l|)!j4GGnq&xuz1mgbf&thrn{@_tLpmy zzwiGfPwoccAaB?U;!!RMg1n}S(`O1yKhp!6^&IWp@D9Siq4p@!XItd7!!_xe~&2TXOU6b1GM)p*9IXKSUvvyehAOZqmc2GTIewOv8mE5@5|^udMkbLsygVL_OgS>*G+)M_e6` zh;H8+H#IJu-gziqsw-{{C6C4>!^b1eCmF5^2nT#*)EeouORJWw!dvlS+>QJ3zZL!x z8q{~JaPr_IeRlQ5sOhcy)!CmUy#LkW7ZRqPscS!RvKR>`#E`{| z#_u7EP3=JzJFf>>Y^6DaBud{x=o2x^ss5f@E}ij8!lX3pFDY&D1-9D0J66PYyaXL9 zFv_vQO-Fw_I+)CfL{MgO-;2>D$xKFxOERHgwX$R%ghM2;5J`PQBhLg3b&+XTSTr%Y zP9>D2`rr>5>!PHRq^Ri&7mj)J0^6+!Aje6^=i~Fll@HM`kgH3{J(`S5x`p z{@`&AxsPx>>uo8~DjZ^r3P)Ca{S1yyJhaLLTakDaW7IFyQWFXXR?=;Vh$;|&{4o72 z4u4d{{pcY3Dm||R8+ z*>Q$!S&&&;Eca4NGCR3X&4e|7NxmJ*jt7*XQ&ZD@{p0a z=^2b9u9T3t{=w=$V2>8%Lu_<)*0||8H8~3k9Cka z0mEKQn_n9?ipLq1LgsX4^`GP?U8m|6F&;|C{ox`-is^gU4>-UiII8r)k{5@)WQ6bl z({sR4+coK~uIHkCX2Onq7&1j%yn!B7!xKglCvD_Uk0|nJGO-_{NP6@rQeXWh7d;b* zaRK9^Q#8>d3HBIjGJ3e!3ZNG}`okQle?n;LGW;Gr%ri>90*#SeJ;K;S)d9&?J3Yr} z8y%zUfaGs1Pd`j{KZ;}`Ipmb|8{{6U>`VgL>JkJ+aUg8gwH$f0gyU##xywhKnmBUQ z%?_xHwImKON55ti@f{EXR~dHWoXGu=M=Qe$^?S^^%>6qOiWh_N;>BDPju!*rcrlk` zh4Y0Y$6RCzzZLd;Py8aKyzlX15R9ke#hi{8^COQJL&u|^aV(awiOu>+MtX^UAu#L;h9#fZxw=!rSpqY*>#E<7(WAoAGXZ4tHVe8f-G8y@^@3;FI_?W}9BX#Rd_Z zYUf;!cij{q%REK}>rH7r%lp;~uQ|E&3k8-125|z)koDeuLlQ zeW)L9$`wCAlVKIPxaoDQ=zJWF)!T9D<>Wf#&ioxN75oMouruhX_SZ6Q~X!-&~vT*qxCK*tP@&TH7uI3KUvrAfX)vrL1L+<~)y_eDU+sOv45=EzUZdUciI6 zV5P}zkTet`i3o)Zc`+;CSgG+f0Vr zFr%rqBJ0=2>hh&`U_N)|^rZsnd3h6kN#To2Z+e=x;YIA)o{54Cwp@HovHJ7;`^J3U z>znOQdOJb>m*ZsX|G1qlIsX5TjsN#E-4ft`4Pp6zIs7lD!%;lCl*Rvd$ofChKB$o& z`hN4jrq7tT{Re30-nJ9wf1Wu1%jtGFV)>t?cKhl6e=4>__+MR+@T{s!HLF^UIa@f+ zFARN;TZ@0>_Hlc;ce%@M#OrY72D}Qd#f;mqeFI*Oh9J@2j9UcsuR_CS{0)MC4PHcU zK*AbzhXbXtR;4Vc=DzQ7YW`k~!Avr0dsH89@OLHc0nYjibI|>#5&AJ`e zCbSCB6Zl zU--$aFFZCwyD9-LSXZxHFpi5$*2;=Y%Nn>RUTWUvc&V1SG%`!v8V1LWh?*alFm}fK zQfg^=UHf|cEk1+q;AbH|(s$}xlzEx)^+c&iUHzaU6&%?0RKirGuKrSy{@%2wrtegw z*mh5liqsWFMe;r;NU;(X9@6m;Y6TBcb0&VJ;doq9>tUK!N0&yt=z&w?-V!KSvBboOhZbRHq#P7V|pT;3!|diR1P zX)li$Tw8OCKCDO|36jdNoEn9b6Z;Rt|4{+yPz969CAc1NHO7>uB{v{rQ3<_}r_|V; z`gaVACx#9Z4!FvPFuj;ykR%!jL>2nS{jx|Qp{Rz1EIjD<1yGG9h1`$*B85B5-<;PI!S74|>PL}GBv)JFBKUhOaS(i->>bSWEc&ROwQRPAY|Uq3 zP}NVlgxn7&@1HShIJ+BCbIX=Qvr|3VAHHkP_C#T%u2>l9p8uG2EMdZV*GVOu^WlV( zO*lW+x_w^1y!pD+-h3Yl>N-abzwW9&yA5nj47Fw&CTdWRy#1(Kj*g8DLOhK#6;|BdkCdMTxYz>E5lD)}*Zca9GvL+O@bQRtP z8+7vyrqso3ScPoUW;d@K0+o_+&4GVnxn%z)v`uJioX+f@6`a(NRl?Vz{5VUum)5D4 zkzze712Q@*;mRsz*685|NNr1n2~(+o+YS}f40>#5ft`*6P2gpcWB&SFNOQaaR$pK* zKswl|6}%6GFJP859t;7mY?DjCD_ij_&9%$7!+D?t~4@od<59KIBoH&m>tZh#VM$v5IGX>@oNoOA$s8ZZL}Pi)Tw zqQT@{P*Yi6RbicWKESK6iwRDJhMOt4x}#I}OqxkHD4t0j9xoxgQ1>ucf_rgbTBir# zA+Xaq%@^1oXQWxu;Qv?BXJ4d6@+9ajn80k;XzV8Q7f32t5p#Ged=hO9S2K^Kp3@Wc z)1JRpU#9+STzSd2z0Q&Twc82$f3INB$nn18c=(^&8NvTtrEY2c|3?@9<7c`tqnjPO z{y!zq#^{;scuW+~@4(124O*pik+Pp6#t70X=?XN2Ibw`Dt&+Y@$#>-!%e`z1o$PazL@&7S1vfMvFJNLGo zApY+>+3}z3c8A3Oah@LkPsx@*{~ycp|8n}j%js~s+>HO@RCqs5IS!QbgyKIv^5>-E z2FyQ&+ewK3bW-R4a{MP}Y02sM|EFY2Z2r$YN>tO@@cdsrt%b|woyHgcr9h)h>d~p1 zHS5eu;j`nvDd?({;}^!CwCf&KjvrLLDd?|P5_@@5(0{EQ@8wM)$t&-ZUsJsaWDi#g zsow;$e<$zxk5q3*18-7tPKp0^GjPAWCll57;lPdjEgPi>_`UhN<_zH*m;+OKy1QE9aDJKF?V@>$DFrKYIZi8+oTVqw0YCX0_dbVxe;Nrp&(n7I}XV4?_*-B|Bq_ zI+Hq+QqzMqn4NDXVhMqnE9tOMLXN!-hmn5HXCQ!?oP~EU;g?OOE$8)l^8occYI$)f zf9y%_BNR)CIU}Qy=gtPqrCGO)BI~C#(r3$GSFufV>~+l%6vxsmS!0Q2ERYE#_udI) zqp!TV*3TT>Eg*LA$94;!pg4}^${a_8a{w*0qOD^|>aQ;29nCF^27!1EIkubs7{xI( z(||FA9|M?224XwE@mvN1w6%I$XjNl~T-7E5;f>=g#;2{*< zw4SsekD~#zX_ie+GP1%>&-b-)74}6%^q^Qo_zYs)r@O3jIh{Uw+t!Q6USnrKOY-}4 z^aMx)pX|!=R<;M}V>1xM+chuY{7h|CrhZYTI60HgD7Y~*X;mgEKyoGGcbVc1Svyl) zS>$tePic?Yjvcnz<+NR9EN`-vIf_R)T?ID97k}DA*~4sQ4`hE$Yy~!%4^cSwVIUeRk{xwno!eq>(mY z83Qz`mQyp}_ck8Q+D?mw^a*R=#>w8+rBzIK&<5W^XKHd?b6}CbA-|-^Rb+n|W|lad z&X?hiw&Efeen>jLFjq(*%q_`yFT!-xeQut}7VQ6QE}`G}srjqq`8I#c!d71kP4qVU zTHA{1R`?eB>un1PY@eCWoNxQsjPGSa9teBQPDg=lnA!LTv!&xrGgxeInDxRYvui?Q z<1;1~?JP?`lLq4RTq$oy@db{nlUC`^TB7YXd>%4V^ z^)8>!y=Ziu)4izPpCy>Np;d)7S@EF5sIr_Y!egNo}5Yd!p)XpW#>Rh#>M%UKOCEO7%WiA=| zSH4+5Y8MQ25Tn&Dm*;O0oQs;=zwmgi1&ehlg@AX^Sr~^_aJ2Y+X;3KvTyq9(^VZi_ z$-yW7kH0b$nDJoV1P0Tj!uX2jpnsnQXFz%@Z`nW-{lUr2f#s=C~MYWXeH0zz9e$c!r}zQ|mqg45Lz+5mZXE9o*FH&4V;&9*FZmiwCtdqjnw) z4*IMX%m&T*%%sh@jDnn4+(rFax{+(Je37%_itsiJj^ZXBo zRSbtpo#?aRKfv1A`Hf|D2za`P+Bq3_dIiblbPVXo0N7{MkK$87uj94zFM!l z*injq(>_Gt;DpMNGs0+O7t!Vt<4#QV=MXH$QS`iTS0i*gv@Hrk_m)+=7qx{%_=@0e zq&Ib32aD<_kV!-gfPV0V%6*t@Ar5aaU;_LCv6R5`sL22gAvzZ^>;SJ!9w`A~2XIdi z{7)k803prg0=hS(%@_hHJ7Lr_4q%OpdTz5}IR`;QcMovW!SNs1 zzzPpXu+SVB&oE3Y5sJXt+&3)%ew%*?N?qA2quWKIN?*+dG`$Ph6_!S%LgNdH(?(Rki+q!}q<`+GXmRne;l7 zNe`K1X3{AVKq-n6il7n?2o;`c7^8MU3!LC1spjk*fkTMIu6>QL!2@|Z^yle>T z+{cK>xr44 zOx*A&v2K-rWtvwpITf3QDT@gGhCwrPH;mFO#kJn!6pCVdYXjm`r00}g!_4Bx3rzoj zsJ*NuQkr5Z;}f)$^uq0+Xhgg#ti|#*^tnY96~Tu3VEq~zQ*xKqM=KgCePvB0m7&J6 z`lgDqCj4Lx#mxGiTJxPfo={t(r$$Jf`!&9n0lTM8% z(A2SA9jz@NYht~jyu}>jE}Lg|@eB%Le3f>#FHJAtBP~-yLUVQ3b$AuXWaRV$aliBU z2Q(JiG+1roqb=QUHU&a~DzSfv0bSp;h1y12+<$*(L*;E2@=ObNEbiW9;pbB)uLMLO zO0LQ;pd;L!V1I#Zi{*E!dHex#y{DvfeypS60mAp%H21e+)ZHDe&0EtFzMVLQLgUwx zz8rXq@@vS))BWOxRm@P_jWZOb_gu6oBi#tQzG=|-5=j&qd z(|O@g_wk`+r?j^(6r*yU3th0frEN+_sG+61*5&sX1vUj&i`Pt(6;5p25p32VAN*rm z7vB?f1RTI0i-EKV4|JW$0`lR|@Yz;)?5&7Kv3??!}o9Xbtt8ia{Y+oj_PB-o`sx z7K&A~xZ}g%Ycj;4Gt?%luY}uT95Q5}phR36u@KiUW{w@TV%zTM@^o~zFKKxO{q;Sb z8vt9N#;B@tjx1d(&U2W9-)x)2Z!slr6^rpap%UtvJD;*aw@Fp({QKCrKx=!$-H1QJ zW?93iMojdU6U)?u_#KP8!V|*nvR`y(`+UIPOQ3;k!@yngyLx>`V;~f&swn+kEv^cm z!jyzZPGQb*zm>;(3K-w7>b63_Fv8Oc-a`0H)|442uV(J!XR!=1BONDny2Y?x9v0Yg zZvve~#q|G^k4~cebS0H{vOdin>||BscFN}@RVOFTNuu+hNqkpatK6d#u@P@}@*h$x z)?r|t!MGUcnc@#G5f z8;W6E?asc25T!f)R-d?UzJMQJ!wa&j%S!!a>l66}+2?c=dfVE&Tbk}DxL04wwvL&8 zLiF@faszb{6>>SMSciXNLsWMCfg>K=lzq zYjS01O)wH#QwrK(Xie__TSIF~{;SX$6kq+IYDNu4Sk1<0Sk1#mSj~fjVKoG;VpADG z;OT<{YN`hVY962n0fYU!}hxS^+3jUsB-<*H;DW1NBYyWfdj(%nEwm zv~X94m>=QgG|^T9xC@mHg!jHG@$3Oa)6gfFN6OwL+P$+K##&yH93 zPrXN4Y273lsnkLf&3?dS!kcK{xpe}R#kHa%P|TKk`cHR8Jtb&CR!4n*vhn7v#x~^< z+e&!8#*Z>v)Iu=NqD37orRLTB^7uKOE;YS5sGP;XiiNomWgKUwP8eK6&e6r@>TI19 zQPK};_?}*8l*`(0nqvCY#G6&`bfZ32*sKpXsh^n~;kD?fyMb|q<`wt$?ligJ0~23q zYIeJ?6Zd^4aroAfBHX`~oLAG?-rX*S|J8)E0^nB)9n(mVUnTy3mVoUZBL4K^6lvqT zg1q5QyMholomAqvN|iD}Lj5W})!5LdTKSDa`;>#qw~1q%O@QBH948UZuv_OV{AhkW zKVF$yXOLSF&*zhr5wI8ePWzOO`lgbqu;0Ja?rkjFY5z+RnzzYUT2>mY2m~4%1;OGY z`ZMJ2f!)005yIs)y_>9w?&Td~4t=Kj#V>Cuc$fAIJ$x%);Mffj_UPZv!^3p;g_D0m z@E3OQh8`#vuZ$Vo()Tz@#Fm}_HO78^jGh@Ra~ZpNfiqU@=G8J@(dwv{8_2(%v`u#` zz0nE#UFuXjyBNHSJO6b4LJr%w|EB+&jk`*0+%_lN1u)-9b~|u5P93s$mqqt(N7Iu4 z!%YHcqT6>{a{;XB-@TXWti`lAx^a&&Z5`aUFYn*BM-Sb$$5|lVWnXP-h$xmbO$`yH zaw)okb|?{oWw~>T5G-?Mv*kl}_1su6D_ITm{)*vuoA{Opdx_nBuWSuJxVzu%Qa>^u zvb(c$Frh>2?ZFOqerjU681ihP+;G=uGg);_sH^Mt*go{k2sJmfwl8iJyU65FXLHDE zfob6Oi~tpz5i%_pM`OBA1{8y%n{~*tZqpk=&&1aZm&NDX;@29a*Ai~KPJ{Odc-iKr z&h~{zhnqXYlj7j*`26m64xXm=`z>$`j0tzPG_}a0X^!cs6i)|7+e#YOngrfi;Vsq* zamZw-kygY>I(07D5$`GU&xbKx9W9+4UYAC>hVD>X^WxS}=dnf$gz@cd-P1pfgU?yT z!q76YD3_PsP1xr!PL`<~0os>YPy{3333hNF&!rno?}Bt*~y3p z;_)wlFRVBf#oDe~68J(ITP?m}$MNc1u^laJZ}bxRi{M=|(AyLJVuiJ+n56Qz5si zs1SG8qqK5tt+&j-MB`7;zMPoFjYRx1g@5UYg+B=2NN2KKYTZcFZ{A2ZNfwbJzF5;f zO;xWj(+A8rSNGO>e@;pvgf`;vBa6aI^;-q%Gzz z66cvu%y%gGN*o+REi_$L);n3_kEU5+Ht>^ZwLASQm4c79`2@P)#_OD}nGXUhfxvfSlcqA$Z`8J(Dw_!XoZ@h^@-Hj@+C%tt&Z({?7bDkI#8bU^p9ya! zu#n(#dE@!>rgX97E^z1GLkOKi;9e5r`!zNF!bgZ>+$G*A(ysFmNwk*&jzC2r_ztxQ zw9*s$63K5ICsBWAPhFvf?;tO`vv&vy+C0d%)T|^ z@fUCx;UDYOyp2+FEG_j-s%fJM+n-H1GiuWHT$aF}OOS>m%UsHzPw4CGTS4!jyopsO zC%vUHF`HgUNci=I1eyqS9%6MH>>el#0RtLK+)wU|tTExf{k6dvk=zO1hyR&jkroPYZsF;zN z(Dj~YZGX#)%5wg1_p9x#?aeK1Md&d(1G6(QKc0__pGp5De4Q9GzDqUA@~L%vs{8#d z6j*1f?L^AAPzN6=CgKXJJ*kODjIVQ-*sjmymQ3J*OwjBUu1SR-Gx_~)osVRUKaxqb zg&t`4s#_>upZNhfm-1KLr}1;>sVtLP&!Gtyzmh~Rf_jhG8M|9D3ut#5-!{s@M*%l) zr2NyQzCvZO2Tw$9<0<^aoLGKds*COuS6{7m7fn~Gb|rE89G;G-ZYoL^xA3H6@0@;X z?>~Ncy#48OU$uO6%(oMFd+`!w5C!@N$$-`I2rQ5%S)e4s0%f2NvOr$c1i4!sN&*9l z$pQNmqXm!ACuXR^YBI!EV+<^bNUd(CP*xeRrY2gGvrjM8= zHw~I5=>kyh0Y`&^gJ#KTL(Gyd9AcJ~>iuu15N9+C7DcO>j*zy=xzZmLZoLxL)O!2P zlfS@0_Q}r1GVlv6--Orpnxee_CZyO%LtfKC7#nwY!al7v&R0)w{JpFb8 z1N!wg;$Xvo-%9$9iRsvYg0Ek3r{6*-t0PC@0T!!Ik#hWc;(%NbnB8{_T(0sf#EX)z zAQWbia=g=a33+{7yA-vNiO`mz3yl%ktOmM4-AQy~UOYp_h_M!Ofqtbaqq%dEc{hk* z(qB4Rw%R$~R4vJKm$_OBsf$gJDR8s3{X$cJXvpE!zT!}DVa&3x5IUB%iDeYO*{riz1$m424&7}D9O+f1MvV4HPKf5V@<35|p6 z1}ifc;UY0bI((s~U6z3Oh#L`}KwJ){FA>kM@}F$6{GT=r8tkx$R7*$gsRX9NB5~Cu zN*r&+wFn=BJ4Ea!I!k6FC-&5-&7JLwJE}l$WGdKe46X6HRV)tlXPdiB9`PD`Vzjx{ z(F$1zaSeTTev6%}e^VR@m`)r^j-rc%kd(?e9y%fhfl0#&ONET!ykuC@U*`E=c9_S0 zku)>3K=lMRdiaXor|nh5uJWhs)yct^)P0G;PU>KzJU&xV$zkTVP!ALS4|NrPM#<(oRV!N9Xz}s4EAj5& z*Q!R_k=?7%Zx|*iaJNEFR!qBDnRvlls&nk^8YC+8Csnxx@mRpe(DaVVKhkpfd+J#F zm%`sw%h(iPg|X&4iTGO_$rIND>1u=@T>K2x0+|}$ucqVf7<#@&9|JD%M0pF%uL5t@ zg6w;OFT~u_7B<>HNtgC(p!}*)70DJ=1$|9_PqfuBe$S+u%S}87E&O)vVWB2hs*cIu znDHW=RS>>2ZYsnO{;Uo8E-eO1tvEtc9|!F$rhToEJ;>MT+O{F3)Qf3+*B2W9Jf6T+ zaco0;)L{P{Sf?Qm5yWwXcg1hC+^a3BuPP}m@mJidxvTEgl!SfvYUDVbZ_{F=S#kqH z2EmJoxs>sHw7z1}hWu_#=G}Fw>lwdGdx!iAypB(KqahG(stPpteHD!j!8^5mN@cLT z(id*@msU2F2P=YMKb|9Acz3^>yuDj|gw#{~0jup<1l)~AG;>YIF_iqfh;Q+=qcQ4E^r z^ry9T!V;xJ| z^TtbUz+D2x1B*LbUxPh(D2q>Z|8G!S6DS_Y6DU4b9Dhkn9?pk;77q#*UyZj(t%(t(Bq8e2DM4!oD{u37+`e*guBU+7 znV^jZ=tNQi_4To*4-==ylPRyJ1Ga?#a$7LaRzZw7)>sWL+T=2RZ=DdnJV1}#h#4`^F}i0A(T z_PYCQ@pi*(H8FvX0(cGRXKsh*b)S|1_<~Pvvf>4o`RGU@a1YAFQV#gFk1R&k1I&dW z#^jtCX#UGr<5|&L+xDZ6Ls5qM3E?-=V%$TNk(qwa>^Yaf2%(oQNmx`?RbSQESe~bQ zn|zbpwmdyy&3D`};X6LMy`$+{9>ZnuWDBah{QQc9KEl7|`D_uwH5xpV$-gva^L+hm z#y{upu-||`sTIe0AJgd5WtNAvX<``)H9f4wgr>Onv-*bmurF9&UR72Zs%ogLti&fj zW|hWPYGD&F_=D5Xj4VCZyqqxXBWfUHivg~-qt}2{Z=tCV;~tmKiE9KIUw$Wr@b>b zhRh7^hC|HreYxJ2&Ymji0KUTo(;+aUz56U5n=ojauZ{_JEnfJ!pT5eq=L*Q`pqk4` zmqXZ(DyTAbw?SoQ)n8VNH4}$FmU2 zI8tQOI2khvCvv*oVJpcSHfH*RfYTjXeVjE5`GYXbaD^|*jW|)B257VK3v=y`+JBEG zUzO-{(A~A3q&j;Wj)E}qnxo8W1LY|KPBVXtQHOX}Mx+9KRHKVXu&! zGx;mTF>xl_4KmVii2VJh${#T?X%;eXCtC*kyCi^q9SYuKro(veRl>%b{DSp%1dazM{*r7t0&aG-XgK?F_3*Ud=#?~ z-zLFYZ-5h=fv^xU7pxaW2=BLp32zjkUjf_zQw_ZPlt3KdD;7uq^%^1pfxiljcYym1 z>GB!CzQ>XMMDQX@M-&(CC#Dn>;3cCr_F z*nSX9%!lHxhWG6@^(Boju!D8Doi_-CIEL`CcDs=8E@dC^12(~QE6sh0<>7FJzg~*- zl8Vx3WMZhX-WRMYD{BY_O3E858}MoUaSeya^T#!pDu(m<2*U{45AvLC*N&E9Fy}k_ zCHgJQ<(W>MT|w9})L*vRj7?PT11qWZ7W02_nni_rAvs8>=PQojlO!tCJ$gi_H>ieC zzgvM(O0{_N(oY?RR^Lh@ZnKIbxy{bx|68p-(IMStH#$hJ1M6_8RR7R1DAo69TaM&2 z+iO<7vVw z{ZzAgmx~u#jVPEy{A3?H<7!W`9VF6!R0l+Qk+q8Vut~`&JxpB?iB8$8)icM0&*D}I z-RKdb;w!shUB_9dHZu5ktTeEP7=JykZvhGNs73vyxT1_P(-$yxeLVN-HoiVSlRX%* ztN%+!Oisjib?jC6cY30@lo8L+Bb|}Z#s^j zY(9p6>KP|~ex}q@p3SP^)(q_vkGM$MY;(fPv&~8d@LF>UuK*J-V0~4*n~vji#LKr4 z@oRN*-esD2G3m5u)3V%WU9J(53$WD|@q4>tth3`K_Pm{&2n0)7ncju*TEch@}` zV_01ZA7&Ub`L+zrQM(w4BUjN;5u1WF16_@n%J0c&;MEz4{KJeiMex`=8GZMiVweGY zv*NpwGPLx$u%=Qnj^*)n|IgAu$I3_)w)^7z|*KY+}qdSJT zxIaC(M_pOEV?~idjsdmVZ~B;V-TUEaal!7eR9p6I&s3BLo65_j1u0y$U)y(tIOCrk zH>TAYNez3oBpv{YiNxNZ=&Oi+zJFJDrGp4w6u$N8FAA z?dw83ONEpyD0b5}C7#C_v`HPwM z5V((+*MsSJtAKJOUl%A-0ON%wVlh4E5-}f60y@J1TMJE9RK0`KEvQTex=q7tse4{V zWh!4);N`dKeOKc@HGY#=O0%ZLl4c;&NSv?5F&g*SFVz`8DQLkH#Prl1V`~HYT+N(o z(YNS4pcS+28oy9?sb^B!5yVmxZ)L1pK-;6tRKoabhsTzt@EO5;Y(uu3<5kT5H<$`E zsa9GP=U8_To@e}ON36ct#A7kVv|fP?1-vFGxc_nGOvaCPyn}myU!hf7#yH+63p9j; z7Lm5)#(QV|D4};gFy?-Fk z!v_w39VE4L0Y~j^-EA;cb{K3LF9SVFrg!($K{(>YNP=mz!h$z~a-H331bP^~9R;2a z9}?JPiJpw&vTRL#A#C&^^!(y6FOR z9~tyFN^KujkTs%Tpe`UTgfRz^?r>0-;=w-0sYbSrm^&03ei+5rSB{9W#fM|;sD3}= z0)Q{2pYb6<=24W*?nl`>i8FI7jrB$TABkI(Ch8cs4PQIR#e5m?W@@&VNb*qT(TFoy zzi>$4?r3y%mysiL=?)y^(o8y(OXnfpgs#qGD8HXe_8i7ER~3gyH!bc5}vz;vK=D*4FqH_RsCWndvsHa86*_R+$KCv=^Orf-*)z@@p!~(C-}t+3uO> z2v-X>ovOo^=odTkzg6`!Rr?Ha1d{E9RHCu5JPW2BEkoQ(ziHm~#&1EJtXtm30SDt| zLg%5K(&+|U->rx*IMXhK8o`G(+h^b`u}GICeg>UUf7HY36wjoZt{>of_(K!B(RPCT z4HaPl+U8(uWH)+*z~?6TjyPu5gV>Ak0)){7_Yuodgmt>m)5s=Mp23n~mWnr{p;f*? zcpt08x36L)t>LE62(2_vkzrsV0?JXultf`A1qZ6PFy#&kDZp#QMwLmT8`aUw(Q_lf zDu(Y+eyMrVW^uhE#xp_VSt#Cue-L^llHG*gYd(l!lc`u|9yW7sA+Seb51FGLvHhC$ zLf~~2bs;>bT5M4t=y1(?9q>~u+*!SYkUtf$!O4U;5hqn3Qbbf9oz@0t%jkN;?IUF6JKZ(-)bCGyb`56wPer zDo>`;i{c_dnES#c|FOP)A#B8 zIdPmvgoM7(iEk5N7TXC9`*#F$IdyYOsRLbhe!H`;Z#Vyk-uDDC>HGz~+Hy>qIBDBX zJ#WALoMe5cK6-4Z^NeJ(r4aCIMR{E@Z;H{+aB?lFn2k>2>yur|`M}BnZvmbX&rBPV zO`pf{g~>K7OvGK@)Ve*(Ub%w-Y^u!px&Iq<1i(qt0vjjm;n9+UW5SoI^3SDC#NcfhDm4` z($rL;m62s5-0#f~ckN21m!tIjevx9nQ`&^&_PA8X$G~)K0tDmXbGJCXx(qom`mI5x z_GCB?cy6i{ZUA$>34hli0q8ezJSBxiox)pEY;ZD|I{;n>K0j5r+?1lGpy~KTH4pj6 z2`C-FXing3(vj~-2cjehd5*9v6W&S_TiftUlVK{@zDt*eoi#}v{2k54OR};chM1No zxw;Co4C78>mNf1J6Ol3*b~!97z3`}H>9C#eFdVkmYSqcX7RUYsA-NmFRWf3|tg>;y z0blMbsS1V~$^#V@+nB12dfk`-uO6#I$QwBBV;rjrSA-0R8Nus1_iu+KU{A&OwIg8@tFR2H4 z(oW4Az{y+E1Ww}5Kq^_8*p59Y?ji;l$wYPx(;_akDePdTtO0n@t8R&6r5ejG%*!Aj z5`H%=#-E6?Mwc{sfkBfG(r25R>VuV~M%+WggLFSVEJ@(jVX>>CZj<8JR4&dKwox^q zkRM3x>$``S#2S-4PPOU$8@)Kr`-M(V3nb@XY}H!9HX=6R`ge85gm-o6lw)a00zp;& zrkK#nxFr_BAA=Q6_}-4U5y2z2u`zU%9X_zS+QydhgjfqMF5n*(GrcngZLz#NCYxJh zZTt*~<7;CXm{7eT7VN+ia2V>bd|OdpAHx!7ymy!r&ZV$Bj@<9UdlI;-Xd4g5y~8Xz ze_gCNxv%TWd~w(HoHK0Zv_Hu}2D@isIMlr`)G;kiyL*(3IfzpgP+jxJh~GdtGe&N+ z=OtQ075Z^;^i4v(BvljJmt0+8%Z<}=;+)=B{A^z$PAZ?;b;9C>^i<<--K1U|it-I+=Rsl)@$N}ATvwnT_b07zp6 zP~8#kY-m3!*c?8-se~l~)ih;$D&(qKQ5xPDXZa&j|A0!H+VRLQNW+w_m8tx$3I_X< z@Y-a!7u+lEP19go8vY9Si#8^+tgLKKDvSnRmOROH!cqK%e4Ap8&+&G>fsx3Z9MroA z`zh}FT5o?Ga7-EbI1W<@J`g9yB6}l_6eQydadc#Y?Znc#ksz?Sm4P--%}g*o1N<)K zE&g$VOWRRGuOiq&>DgqFUua4pl~&`L&gS~OU|CrqgMhy@|5X%!&Vvj}oggU~M2+D8Qp6 zI2N4ZVQ#?hh0TGA@sku4NU$i*|eQCg&ja4UWx2MelzV{W(UmoeO@k4|P`dr`GfrqbQ7ly<|pI zBpdZMq)bkPrih>~grQ1#YBbREI4G<23c)-^2wVVH($@{u(tGGoF|m%%Tv|6006TsedL1tfl;bPS607m4@?Dbg2#6zPjVzjjcghoqlr zDcB6h_G3qIY>$RPvF2YwA`QNf<2p%1j{qJ{)N>dB~H4~BXNRf@EmnPbUf)*r!W z=y%7Y^~zy}%S&+XaQXUh<`4n@DLPi}&@r0L~EOL^KQj{lUATS&Y{7#1WJbF6X@6(;VXA!)c*$G;o zQ}_x+iS53~gcHFYi|QtYyQB)gSGPT_z-J)Dw#JiDhbld_bCp?YZ`f>tZ&dCx0rjfd zwYs9Cc^gq4lF447h6P_LaH?5ZU=owpbe94bGcrYS1x`}&B%~8m@qMNCKF@3wlF>X_ z$KP?2};mKCu9cD8gr$_;9(WQVs+6vbr->Ytxu@&hySgpr3{G{^9Du+F2`cahu z?N{rLz%D%?#@#piSTSt6Zr227WsL3l5gm11fQ8hWtJU0@?=ABN?_so_G+T&TFNo}lF z=`PQ)Cd`lzuuqTiylqv4)SjX`Jojr#f)KzON%Sl<3Hb}ZqalxX*zg(?Sp(kQLS5?L zWZZ00P6175-pK%;0$iq%2GfA@Z8S+o%2$95gj^2d-av>*56T*1(Gf-f-A+n{auBlj zRjGnCCu&KQ&H?2G)h~|mJ_(B5?ig_NYC;kxAndfOyLHx%zFO}d!1El=$=}*x7ic>X z#rJuT>7V23{)#JKa!CbGGf4#{9Ig^09@IHbi5Q!SnNCN25BNJ;!n*;kqZ8cTmEogzc& z?{X!<=O#W{i0xUZKJ1DH(JN_0mL&Pf^dn5x_>DT+PO?(J&M)FN{+g*TLD@u<7fsr& zF15y`?lQ%VyPu<={B9MVKzbSSD_zL{Ve&$O8E&v^!(#h`yX&3&Thqgy-rnso^aSLY z4jWyonqM)^F%;nprY1Vp^^3t)C;5lzXo+^yHHe89#{;;*qF)90suu5EuahTL^+U#Y zINmps>wY%Jt@tudN~Wc(#)xWqU(af7O->M>Hco?wb^eQk^Ihg?p^EzQK&X6|IkUbg zU$gBpyI;xIkpAHa)c1I-thlr1-J}G_*W^XPX9!(w7Aw#djOS~8eUI}w$u|324sOvv zD^KA)n$EMezLcnC@y~c^S=^=YJ_qu0t%)qsxL;K?i;?|6 zv~2T8F!!nO1vShWYF}Ts^i<{9^0M}i$on1E}XoNVq$6<UV#kQ}rE$-Ae!sWrz`i3$Y72R0=i*27$9}Wk74ONvT{)&b`xlm8I zRd=VdD}a8l{z<2|G`GochQY2L&$_i;MaF5_nex5r=+4cTp7C$ga3uO|c?P7rh6F55 z%tl8xI1={|p$89+d%LrJ%T`l9i&ZE460!tSqSF%R%VC%FTdhBGW!)3CSxd)FIQE(W zzs)438+NlcqE$08$wL?Efa;5*pQ(k&K<-5U3o?z1bGPR`JD8$zoezg$4X8;O+ zn@!?DJ(>4WqTQZlI)SQBGVkK9M#6umd1U-B{yw$yH|#F5lkiQnIyq+(rSpK*(^y|U z&BdqIQ+A(N^Ty3Q=4CBe_X8dv+8P>De*)20QvQ_I7srV}R1+AnYrzZ>lOOukbgPSJdMR%P6^u)_7z>^u!V| zpJk~7t2n%v**RjWY>VlrA^aXqFn>zxYw(wp&WBb68Io~j zxabZ|x$;bEYiJiYv3ZaTt0Wm79U;TAnG{cUe;d*JX!w6oL zez@+Q)-kYVMHG}K!~IcCl57_Z+#567psEtVhSMM zb*se12#KBzumlEjwpK^{lC@qB^k;3!b38O_s}OK25(N!LJQFq#I99%ft0fm2IP|5F zq@{cYenBBV6o@7{*Ap+5Hl9+a&W6acmw+9LpFGjg>W z$PURj{go;|MfPuuhB@@J-W&oZnXo0M+B1lsfO03shBiqnZf7K8E3^gi1;q1ltW59} zbXrGTfq%+`BAAbu1J=!vxV|?Ij_VT)c|O3$WWcfV_#v5FlLs=l($LXsBSVVMT|)+{ zYfPbZA~;(ekXZ9E87pD-d9lpalcQze)l^s#H43an*o%_5?gBU-)%|dZ#1aF#T0uD( z;~Mg?#)v4Mhy%d27S+G0bhO?{oh1=RD@h~Ht{l)#hKQ{xPI_6{u|#=9+?bBVGwE7! zgN^c<6~L6#NFX*%$$~Ux|4Rdcv)JGLyCXXhLpc62cxLjwQd*L1^nwJA0EH z#%)3386G%^ymnB)$S;YtiOb4hOd<)gyr0_sU-7NUfN>T7=w)_FtEd ziTZ_Gfvq8UD*f!>$}vl|eMy;3f)^?q%8fj@(*DMChn5+6)ApFQD(VEtn4$E$Oc*4NtwrZ)Jo-#@8lx7|%_?KdqdTAT7Sv<4W`wEHkoQg^*!Dex< z(9!*tRb1s^X3J4#M=f`f9II|dch{YeDkOR>zzdA8H=F4_z*oxs`z*6`*CpZ3Ap!8u zo@Tygz*4!=oW-lbWj-7EYP0kWT*JGaeT9l!QXjg8t@<$Wy*RFSx-HCh;X!L43 zKhc%)NN0E;Vq+wy37prt3ZNpzoXg=Oo2Ak&bQ1sBW=Ao8{#K_vQz4d+P_W)WwZGMU z%HhtZE0qOK<#LVxZUes9sj4Q)B2IIx772?mHSp<%t!!=@eJ_>wrN&M*aPp57S_#~d zrojYq;D;XE( z?%n4E*iQJXBtsFC>rGOf?BC&#@tJRXoxZodY?mY9ve%`({WtVXoH3)uBgWOd_C{F- z(CXrEne4nu2+pafT%qviNMB*Ktbp9>b}rnC`~d~|8)Pn468?%faKS5tGy^mdm+u-f zT~_1pogb5M)eA(~Pn@2Mys+QPpC?Wu7W7%tH#`bjX{rRR^RxL2q+3D4UlNDPdx?m1 zRIVp%7s>fvZ_xYLAn*)CU9VRnvg%>dpAqTIGJ>to%IgodUXtzd{F+5h${Lyu`C%5j zFp+oYIG7Asm=`*%Fwxbi9)HoBUg!_A{&%7y*lmVLaiZ^YB4O74TqDf-v>bY$?pS(k zTHf##i?XBHkZ);+XG4CN|G$Z_o`TMHZ)Sfsq>_0^He_q&K!`OwlC*iCFwx9xN8$3^ zP$bCu*erHjet$*57m^ODD0ul`ML}GX2j|GJlDE=|YrW5zfZUfK*ZE;ii4kSJd7zHs zsw_A!(@2Q?(X@Op#yZn{oSE-6ak7BPFzb`DWF}-!b|e#WdzR|XJ1EHd6Eh7FUWn#< zeEy<9MOj5oZO9d(=Un--XXUWLxT^ktoYJ5G5u?_=ViVB$d z>8!7Bu{g7TcyP1=mllxi`Mlm`6K`F}TLoS}L3xWfNItt1jf00zXi(Vv%zd2z6ar$l{3BKQ*?knCV6#nU7wYbYOuDvn*4)KVMR^ji8Y1b}< zZujD@SIA55;#Y`D8i>PpEzw^kIqxL>?fiutHN#ia-Yt|vq}aQ^@C%=sl8mbS)Sat1=74LlZ2Oe=UozTnox`wvUmj*H#S0s(&Qn~@SDuP$zf=?2^=La0^bA(+fe*Si?2w) zxe-&zCdh1TT$;8Q4>gn|j4BnE>lPAUdLzPp1XlyxLf{*ar;vhhIq(#53e8AU@Y!f_ zTxo!9NWs7HP~)q3W$8R3-hgl;D4PJTkZ0q7$v`(jN3`IvIFpe7Ry3Y)6Cz&KjPg@c z(6kZ6MdusE6JvmGgs2fM1&iyOHj3459}w|eU>?dtC(1MAw_;`}Viw*6#Z`@)#H(JD zAI4s1;(+2%g&ooG=UcG2DlCqoPNlF3(I%hF*2+kSQ9;)4-w5vdWK4wdlqMrS;D;X+ z*aXTI;&Pxot8$VOiWu2a&|RN`368RLAkY3@6koUimJs?3={Ja_$b$EYj6=iv}Wl>;PTVnV)6x-$S+OdRl;vZhd8GiqtNf4-f`kOmpo1W#zQOp9$=0# z2N8#ZZsR)NXxy$cB1eq8uCIc)U7?avS-QN8@B>Vo%WE)jt@+b}DvWZyHB>w)zRECS zT-qGt(%Lb4^ONPxSI5bM@C%aZ>n6vFbc zqW0QSeo2YPQFtO0msFkz)y1Wy;$LrB@I)|ul)Tp*tSqVu2FgnU!OCE1Fc7RN^aYEm zDl3CKlC&R^fTfJB@s*WK06rdvr&P@VvMt4k;@Xr<)G~T6HgXqZ^NWtsq}_Rg?( z_iP)X&L4Ha!{H&!*4`AW*_8^uU%C=WFS7p4QTeD=g=kBxZV`^Y7(_fL88 zn1<7)%!#|Aa(5xVV;eMR42XdL!K5*0$p}hI#;AxTV>Gx1Eg8Z8CoLI$@c(5?#`*sb zSu$$>e`m=stQYqmY`ypcW!;$_gVu{{{$t&lK2U!|N6Q2d@c8BbY{_W)Ke1$-@qf>f zAqlpW!BkXdL4QRXbtb?>;t9824%ZC^&+IWuQng_}(|!w>3FOjfocIq&e5~Iqy^D&0 z1uaCo7o5Q!;P(#rl#f%SPuUeUQA{QLaiGrX>yR+RI8j0zOQsJoPLLbGF=@)-mWj>i z86J2L54KFakB${zq4X&K3v9jYaH~Z8k*pGvl>J9?CwHn5qr`0WNJfd^;YNw-expR2 zSY?n7V*{b;19pj>YF|>OKO8La2P2-e`iNbkvZ>tfD{U$*FBc1v*lEJJhTAmQI+&e& zE$}~8n_2|eg$kqQeW-tee7Cxa|Dj~_pHwS*R#84z+*MyFHh0jjY3vSNMj+hH@Htf+ zE73XjEsb+6kt=$xyUVGKp|2@i>^CwT^Kz5eVG5&HBY#3gsMWY% zOUGQ5zSv)jN8mH#TeTqjk;sW=fz3lp@f7N^6wfYIt#PqkuCu=tTw?_CljYAAs(;t^`E8$f4>1Q*|qLW{dTXgN-A+g8n!QGH-vcP95 zdsdIe9X}7&>B#Ga?mU|ChqbE~)i;%kE9-w)b5}mBDaE_ghc!@6rPmDDOm=8ayI2IT zL8u_O$K>e#$}BxW&uUT2#&Kpx;4Kv{XG2UFnI`t9dU*MYSiAHDU2b*_|G<7&^@>xN zVb7Ri*fVOCX#EP!Jk%F-KSO^c)aEgE$P-EGmku(+v3Tp0Q` z#f^y1TTn+h&y0^53CHhS%!(#!5WrlWS5mv9HqlAE_WnWx#l5{%mW9c=RTlOsbNOQM zlOdLmGqfet97%EPwOE%?8H`%#O7K*FrJ3OLxY&W}eTdNaMyt zErm~pSojB3o$>So8s|+XSQw|BO3AC#?fuCWtG-QXCD>k}%F7gv)nuvp4_s3)M0p@a zSEh(}OrW{7-tpArK~_Q+35C!#uc%=MW)^krKyTfW9cc2I=_m>#Dc|pMxO*$j7q~|~ zq$-@25!$$K=|jR z?`T)Ut>~z;nfaIE{l#Ar6P543U!2Yhiu=aT#d{|TO0=f&7j=uqboF;LJxa%WEc9-R zwoZc)x^|1Ey`Ky>ATGDl&Ln&&)~F;Kr|W;{>IWKp#4?NKJtc$%vOQ+?7c+TN!*9&& z4p4s4EVqL`U03b^+N<+@8srw%?gK~d876C8D!GYap{ys6Y_aMRdnBu@4Vg&w6sy28G8>R&mvixfUKX=+T<)#xc&cr}{t zqsly$*JQZ($@UA~g>Q&`R}%V7;xez+-Iu>E7SH@FI46t0L}Vg1-#KU#n{A{uC7A`@ zzsf&MP?Y&Zd7kK|%zC47mFLDZZYqf3L7?U*2$Z>H^3oo&{#b&#NP*rg^I19kDuux@ z`4A|u>t6nQKHzz7xH1JBWA%6Q?I&iKlJa%4m+#HDiodFxb4?@i*;{5ADDp)<(es8y z@<}hY4Ca$=&&HGU*nt%Ofyc&Mvx>1hN4q%>b|QRU09ppG%`ED)A4K zsihg2{GohMSLK^ZHGCGa-iFT*@^va#(8iwuQ>Bo)yE6ERUZiiKHnu>9b-$LcJfVRX z@n3|0l3^?E3crcSFVkgAVSh&HvI3dw65m1$`56PRw2={xIX2AiGa_Qw#; zrZGLwr#M$kD&n`BX7VDhjb6yHoGN)<{(XVX-_hBAZ!v#YMgEJpD<_zf`9}pp=Bpb2 zprAS>dyARO1F}_%^W7S#!2R|wQZNhHvl@S~z-ko&{&A)hQFC&h{*LuwJJqCn2sAeMRs{c2ssiQpzNY%phH!m-MP(om#7FeIv^xeZt7CHY#Z~wm z#Crl*ddLlV_O$@R5$`&vskBV3`^=?m4}vLrO%jU_jsJ_P|4Xe|@(ewzwAGt#dw{f8-R2R7Wp}r7B+Ks2u!kPW zvP(_@{&p6S>m9M3x8#kJrq$;Ww)!JQ=RD<*Xs?zw)}w9w2kT7oZL0bN(mbNvM+Qu; zQ_SXHt@^f9{S~4Xq>*=H{H^T`^BvB%n-G#KB8J!5%%2Wl~YQO`ux~rwF*>er zt#;>}ObO$3^MJkaG#O|y?DIP}J+$CCRzGH3n=BEw=lQ}LQg>(Ig+uBsNBRl=kL8yC zht?|*SJ3}uy#10Wz{U=#uRNGjI}vD=(a7RR<(6m3a?6F$DEzj=$}LZblv`&1|50xF zvm=&UK4PboU^ERn>%Z@mGT`opA7mQz!-M6Pvxjs`ab;dk;(V8rfp#WmJV92~bQ%Vz z?Ih6}1e}42neaym^0fpG?Nl~7ol0%X!=Bl2q@cUY9&6%1|F)~S6yzx0z69T1F9Zal{ zmaoU5K4SUWg@h2X6cr36QB0Oe6ndc!U&|!QNRINiS|p8vh6yi5(^Es!GPY{wBEoM1 zaRj2Ql8F;Gm;tuufnN-9qr`dlptEEj;3$ec*pKyvnt}DFBTo<*+Mj2^?-!EeX&?hB z7LM*}Bd>7wC|#YfD`FB=IGf9u#!1?M}a%E!aQ*>v$yPVLO>)$)7`wQn!I)(iiNoD$Spm zAu*Duyh_;H1$5?#+p4={-Xq?J$_i?Jgy_{azS0694zfq@OW<$l#pGGSFXkw1 zd{-!uEP*q*=}{flYjBkUaljwYJvhuxZc_LQnvI_gRQx5?yq=&#rMhZK)X>EE^;!bf zDtwu?J+bQ|GrXtpUhP`b0ViLi+V}w{iI^H+X8MCn-RGPn`ybC!r-zp{v@V`&an{AU zKCf$SZ(p#uqpm5`(z>|wHygFP++{XbEPuk4$n*94;b}A9pxJq!Ye91Ue2v(&X+H5a zed9E3ftGVw;sQ-MUt{yNkz+%hH4bUc*byfK-(~5biwMaBvLmiaJpPnnDku+-s2yV# z(4fkkGWgVL<1rqvVh|t$*aC}MCe08mg9pXiyqq*Z(BtVfMG^tjHcl^dcs;X|AlXv` zXt5k6UUjEbG_V-x3_ad+B2bg8A})@mwObvY>rAA>DpnHu59aXPW1`mqjD(z8@7KT{ z1)2!1hTFJoS3e)rbAag@dlw2k9ushs>sy4RMy+ zkO-Zz!#Twh^!qOYg_YQ>7Xm%c31_3fy{+a#hxk-x0r~~T%(+Y&USy9IJO31|mTZT1 zg_u3|G2-mUihcNMjf}Tz*|OFMb_4H2vwDY18v|@HawL_eB8|qPbXeYr^f6r)i0W{% zW02>Pbj!T}r-GV8cs9{w7fL;gxC2=vKeyKViu`hg|3Z zr52T5pl>QbQF$f~hk@b+cpB`hh{+9nHgf(D3^OeRb59Ihqr|q1j?=bMI6+~_vH70h z7;&{?tS=zD3GoY)a;(fI(>_POhXb2|*0ZVLeiJJN+m{3$wkwHg`dNr2Y0k;%@sLTh zO%%4OFego0X_KiJacT5-0FxfGaF(LBE3gpsY)(unTnS{kDlY%qF1COwK0@o#Vmx!x zXc3BGu)(Qs2RItlOhWsd^m2eyi0wMVCG)W_aVjT*ZM9DBB<77yZ6$@L#8L`$4w9EZ z%hlD#0Ru70Jm8OmQ~A^)jbD$0HZDf-0Dl4)``ZFHnDTo%zDbk)wv&|<$jXuGIcPTl#Xh;jj#Yt+FJ7Os-u=0`a45i1yZ;L6$%@*|$lTj4xSZOJrVC_pR zt14?O56GaZvaml|?C>x)d|I!uqGwF^jn2uE4Qs5L)vLTA*svJjOrmPu{^*;1_OUYh zrqz1>K)cTyRF~)KR9TPwo*{hacPUq3ov{wBX9VMJ%lc@jPVLgyC`Az;Z+WAOYyh; zFUuUBpMmiS!CLQ<#Tkdh;Cz%ZSmw}@cEmD=YrV=@nbDf$r)B)-n&j_W;T*YA>`djq z#Q+&*QBG6GMXDS+f~MGNiH1pu@Quqr!x$HBP_e2c+81ED%y3bbruYu<41Pb6w5AA#Uk;(qSb+3l!!Mu#|-olgP5cUKNe=H zza<~UkKOtJKW@*gQtqOBH7kzup2p~tnM3O&?$+uV`M?orL3D3sqN&&@3#1CE@8$J*rW8|*v5~Ek}L~YA4B15_il1nP~)3voh&sZrK( z9{ne;7)A-lXn&~R*J{d@8b3pemt|1+e454QX>7DusISw^9F0kRhFgc@45L=LJC9*H!g{h>-4{Zvdl)SmD!W{yhM{} zWsJ-7kOLRRiPiY0pmbwox%d@{VA@tFOKYr;BM&9WLXDiSOI*T+#nbZ>cuW%D+ZrY! ztdCb;aN&nQD`avZz0(RLkrkDTrC9mEmE`GliM81FFv2g1>Sot~7vjkR>4jJUw8!G` zT*YPG#hZD&=N7{UaW5w)C&En#OQUWGJ}Tj!MGYm5fs&H&sD$F6Z&U(HIB#?L(r8R` zg~lJJns!WryiD*QRgX`g+o)-IEZv(=` zTr&T}N%-Y)+-{jBR3?oH=gNBie|F_mn|F3$|ZtFL(h~?;1 zqhk75(V}wq8P=3-gB8>N0;>>Ua$Rx;Pm)dLk9kV2OZ^6!7U*A}4yvcVZ_wg$U`Rc6 zGbM}2V3qw^fG|o6%+@0pqC1yHEHLZne_e>KDPn=SKT=Zt{lSvz=>rCs)4-YeEB)Fx zSj``wRUPcrXu^}xSJuTM6?tz(C7beC);ElwO2;``K0!WOCK=llSC zJwr-Fr$Tn1e1=e$gTkp(o#YY9DLop!e5F$536>=p(&=Hfz#}A;(OUHzX0%p4M>B5_ z@@b?NI~-96dG&tP^qMTD;aS{yqxOs9IYM{zqm}Qy*d@<^%>RRqCndeJk)a$gOb2O6e7s+;aYvIaV$K7e5=Ib*1} z$|6!+eF>HmVXD!2^<@}aE96=QiBM%+@8ft=t6^@H#?v~uHrhU3Mg-}!l9Yro_7535 zNMBcFDdPPmxj*%pBxHbDdem1_ODyuu0QjpC^`;ML`TDR~;g~0Y1jb0C>t576pj`@3 zihu;Z12)PW>p99S!>$hy%f2Dit#8x8M@&M`9SaBbg1r)W2Z6+nF%TPE4=gw0ZNC@H zcbn=AfVkHr;heXa?7QQdsv7I7DverO;qoXegqs4slCofvKhV(R4_AfHQOG%zuQPdY zv!bjwN$>m}5!%R97d6(G1pK80TIXo}f@Mgl_u%T(1LNdU8{QEYr<^nm{ zqTi^P|7CM|zO%^-KbPoxY?un*Cti=|FA5m|t#;ODvj{d+jhfDy9YzBg1$;PLB|wo~ zN6i=8Vmv37IN+6b@;ZUfDZPmZsEl^7dDLzZxSR&IVua`Iya*HUGET1ras2ZYr+7Tk z>f%(~+i$?#RfSX2Pxw@WW0BvehzSgAHfL88@!9~9!)*a)IRHN)tk(3uoOpoJ?*#|~ zk7q2-vqgtBK&w?aPTHEx+@~&HQdr&Ovtzrr97Q@h2AQt$bd7aoZ7uJV6hZn$ZdySZN;ZCuxd;LYT{eHiU zV{L5dYG@a8e)v?AbNHv^7iGBEpu)0sLZMgIcWo6L!SD`cs~Dl3V&nD>@Ak*s;BD*= zFP{q+936^8z=j`<>GZa>cegaPH0q~!4Hx@{*ql;fsx%{xf6v_K9NyTzRDAgH?QM;r z9&fM1+R)zC)Y6<;R#a9L#Melz4cIp}+t+x0e?+@?uDVG4GTU3%HOU$9&M90(+Rw<&^IkwtcABKnx~~P2-YVo{AdP{q}V_umw>j5 zDb>teW{F$)QXFkoNG%c}c{M8>&(toRKMu*}lU4B}uHV+YKc-sRn%_sdRSYZ88nmW} zmGnC&xdYU@0E$6>LF2o@vM3rQb~h)-0x2|^8gzaiabxog2O$5T;z*T z;}_ddZL!0jEURwbNXqUe_=$;kXbfKWjFe}8bUuOYcpLi0rV`^ z7zy)z6va82!(x%r;4HA*EIlXFoMNxA+(MLhZAuG+6Jfg0#o=YYJK-gyjH<_?c?qcX z1ayR_QN0fERJp>R5%Vb21HZt9 z){QP_=h?B2Y19cfLR{4-P=LHJ)a$a-)gK&eO=D-eEEzPW@t#=Ao5(7uc^E};aeWld zkqsDksrmv2g3qr)7a2#m4{b!ObZ?Lv!(zLdj|I;e%E(Ua}x5t!hM9EC%&cOhB<)|n3xo^@FrC~1L!D1 z1tVP#mTbb#q^6SzB}|+ht|FGFs8VAwEq94c0WPO}yE>_)Ewpe0HQX>05jZtH2$g)w&SW zD*^wFYChQZtB#&>Br5?P1u~Aoc;f2*Rnz8(#nDQyXI7IAZ2;HCTbn$1Pn>JX(~ORj zPLRt~!wKTWKXqIWaBMuh$&0%h9(0_)sJxX#M(atey3wpg_aDGQm~B+cwvw){>5hW1G&jo)ES1T$JxvlyOgEz=&Oq|z+5 zbIT9%NXcj&u&ob6zRp&}UqHrgLjI<;Oxnzqvyhm?9-#2tES+EF(uigyudVA4t;9188GH@9?kF;`wzN@Ji%* zCgne-#lVClB{4zy0?bDtKRE$xy=H=_ogHs|B0&*QX+hhc@%(&;Vc6~?B$I+UM*XXh zpOAU)s;a7BX;r9nfz?v{PtyV`UNcdUoS2ad!oL=(c)d;eQPaDu_K`sEC;AGj!hARp zY=0m>DYLI{)Qlx<4R!P0AiP(xD$iw;UWRiOzEUYGJ7JtBjjHKpelE*~?TnXs``nAl z%j!d=!OB=gJXGCp#41FoOXsnQM;u@L=<93e$C=D*gPGfuiHeJIlhPMn6{xBdZw#0e zOTtY_Bb1R=k7wLhRj@NnJZ-$wq(DYTOUVeHB4oWaMd#DFHx!BM@Od<=lPyZ*^ErXj zG_t_XEBGo_qti5-vezk8T(7hFtPz-;C8GrY5y!7EO@ez7-ZZgv!&3E!?fLd_sI;Oi zI5A*#U;R%?luMPl5xd+M8Sb|BIOFv&-E3} zGR$PH`LrG3OeuaF^q@3}O#%KkePfm1UlFb_eU)!Koz347N( zV)-ovKZ!fE9?6i@LT@xNz{ul)U)@JYFpL@=W=HaFWSoNZ{L8SI+7n@q>We5N-+(fb z=A)xvx2@l}6O7 z4+nyJqLzl$0CAP8A-1XuV71Kc5&z1}wbkI@fNHS5$F~98Jr>S`0%n)z2 z;;Sm5h(q2BG8@utXV*kbF}_JPYd}*s(WJl{P*ehI2%G|ZjdFk#Sk>XGg0yy zC$r3ApuY(2ecEm&tKj+z1wyF_u5ZC(!xGKwmp9mw|RpKA`3SCRmb$HJ7nZbDj>4O^iC1$|vCk=#$nEecM z;q(s`HItMywX~j%9nq>T6^vP+Gg{Q;IoN$@0hiI{nMQnEg^X$|C?)V9-eVw|41F8Z z+G(Z*KpzJg?c#)P!;a`^yvOXy{LEaA55?{^_tzx(&8*Q3;QP#}RD7ZRW~Z`5s4Rs~ zW(E59CbkAbk)%Vf#pPSB@;xS1_KTm!#J|eL01q4Kt3NA7QtjJ}odr{CI@`P3)2!A5 z7PVOw3WYC&0=PxBECW8@952);nV>iVUxRWMzz>R?2V(NvA?7V+i5J9a2Xrxgi?{=U zo@L`_Sz~Z2A#sxPQA1AkY?zCdD^Z*>aReR!(hXn+-VGEk5)&WgnOMY(|J`K5dMg!+ z#ofS96VIAa{4kz94M>V2-fzMcM5az_e?xym?b*7!YPKHl2>eXM*x+ldDko<5qNpcg zBe+9yrYtjN%4}4wlvY;QO65hkQhfA#AkK_j%(=&5as(C=u~?L9S0Kw!oHO2WSkuH8 z|3R9|aH9}?Fe)^|u;sm}+r&Dufx*!Zv3?Z5PN1E5aFv!m{F@wBrR5v5Be37XO^9Ma z#4E%lBzFF-xg#b}Y_VQz?lYH_lm&xTW#z%D(#p~bnG0K9QeF|Lthm-py@6oR#3!4F zrv^^9h>KAuet#<7IoV7frscSkA8)>QNDJ6`+E`D0kLMJY-Q)RptjAkeY{O%1(+u1A z>Ns@U_!x-6bgF#AN(CY$*wve?>-(cQkFji%hTLe(UXqQxY7t5)5gH<<-EzyPg@cVR z$1Dr)x5E2z^a(0M_&hCLf7w<`1AQcjZ>kZ*_f#D8THv-gzY)g=u6U2%KgTvsCYq+( z=GJ?s8P%!xeFbXEaqIl{YY%zkd36A!2>~kYP`Lq?zj)krE znrIN8pwOQHrXofPB|AF5v*H2l&nkGsA}4XY64NyjUmuE;-9nIdh4;kA);wW9s7kVo zb1eXwaj=fy-Go%2%s6njJOldb{*XKYfQ{VS-uO*_on$e83S~&fjKL7UC32sFV+bZ` zWy8hQA&a66+2x3qOFoa_yC~W4O@wIm;|icc$F2k0B8bN4y@p^BlbbkZR}mSWcQe3D zq?6Gk0Oud5B~wM`Y?+MCo9vW3!W@lPQY-ip@EYu|f&3%Dy_%j)WOUvEq%LCgAL&6* z1TFdrOg8$Ds7!f=$T+=bv6T%;V=zh~w-Ef?83;8ukHokY3CUzBX^un!-^i57;Aprf ziNuj=>9V??45YKhgL;+f>^+b~*W%E8)_*v$lPR;{Xc=U-Izb($82+it2Sb3*2dPre z!D{Jms!T*dm@9R8C%2kqaoSqNSvx$Xzgp8(I<`{NUEmCQf!_sMOC(sZBqhGfj`fjP z<2|Ty8MN~VIIABZL|0fBb1Yd&;RG63+}*xvpv=}w^supH*ath1CHqaoEe%N{(rsV|WyIk(!UFNvEaSxX zXlE(kr@FeI9A=)G>h6y7^j%B#3NUuW@XmCkgz)d(!`bVp{OAm(ukqm8R37i?`$)Xt zJnr}OO(PRDo+<++9WZ1{xO4XX}51+c()qVV{p25Gt`yIRJ`+a6_i7 zJ~F{+68q*~D*T*FK0ONV&!$~jbUCz#bGsC<&b0ACs6wL_hDNw9&i5Hgmt%*&G8hO1 zLgRzQ4Mri5FJ#G$>ba37E1MvztWs7ZIkd#pW~xmO!hNWuAjA{-_2MYsLe2aw|1i4A z&nNgtILh|rYp#*{6*+v=h-|)P#2CJL#28oApJ4hV@VBL;q^KfTT2fL~E)H2*QC{dP zEvhIj_g9sC8~`PsJ~N!J9`SUI(c-SYV53JIDSU>)W-`)6}{Yc%~{{v@c z!T$e4&Ybg~ICCuQwhnOS;h33VU}j8D7L1XMdFl|xyg9;{>%d*H4#?k!LFPKiL=p@I zQ>+vBDNFuva23sxFNON*aiS@%)QPcW47n3W93>!+A&3P>{QC@WCP?l=6h9nr9N5id zkmS~*3Uxr&L84!*hAR-a09Xjj0e-p=h0lTgbc5$sf(rjezEVii^W={-cjeiHL^_tQ z1~sl~KPCnK2KYsiZ<-K}f5$cY1EKN~nQkAf2uBNtH`O=!LKUS|fu{OUSz~3$PEdRw zJL=~kT#u5TAEoZ@iz(MO!lJUO`l`l8!C`J={6)&T+$a&x=Aw{I#E?}Zc=ax053`|o zHIp5VS0A%q@(sKyi{RD4XjEBL;x8?!^p{r#s{~e7mK2s0i7{ANT2djkV}y=U6gU9W3^4kR-7BNlyBZ8Wn<1#G4EPL4UKXXNS<<7b z%m8=Q41r5CaLkf$XV*0K7Yr00OiW8~kL&-En5vk1K1yIZ6RRaK&7kByz(HVg9S%%a zsY8LO2F27J3QVu5hXYe=qg{*7oS>ECXECR0gH`+HXqu781E4DqApQ4%IamF8|0C!T{N#PAe(!rxtRsX4hjoQ`%t<(9*T8wyEq&|RQN!}ULAh3!n3+E0r*PY2?;tc&`rgG(kme*r?l)! z7&F+2XCZn@%btXUswV;6gS~h>RpOugK*QrgRZcRx^hBESOoEI+ z<*_g<7(BMWEl(Ce8k{UnFjz5Zpfk^w{y&xkCJr>`nIHqTArlhCZ~g6g{(y{<@=cIe z>K{MYpl7^%;Vkj)(z5ZezQ0A!$LOj&3nd_0$^#{(WmToYQop~nG*DXTD=8|k3Y7ZG zgV&iU|HIVhjF0)lr0my5^CdDaLCUgUJt4tFXuL1yn` z6;(DUk_Ml$snZ5&@K^It8hqADdJm$(FU^P0V3@&IPTHWy^|#R3FwjCL0)xApFwD{+ zO_~uJOm_(yyx)3^q`{Z1)sh7>ZO|8C!JR``@H6K@Eck{i!h#e32Nv98p~ou*3*O|4 ztv&z0VZrzn!v;yvQR|6uw3qjz;Kd5K#a4AN3Jz(Sq>x}Pi3<->AYFjU1I)|i2Vm!OhG6{n*Aje-D&;Nb5P2Y>I!!NkW7Xmv)y@jfkEaF^WxLiyiM zn5qc~t4{In(a1dDy9J^>yjzR(9RFEB+DP%@pQ11R5mPk&qd0Q$j~ZzP{)1-9`PA{6 zTg*`YT)rmObN*C*DwYC&Jim#ogg%tDNqmtK8;1WPDZsHMon0B=8?rOtq#SxY3U6Y$(E=+4c=^w{&axjM|oG3+DPdh438ttj&cW#O|r7TL%0c zHZ!)D#7y#)z%}_~6~IwK9OS^poG5F}ONEzmm8@jbUj*(+gZn(zdrHU_=u02}7SHWmrIE=u@NPhwPMVkHMQdoj~w|L#Z@=d#e z_cGnS2OWWhRAQb0tmP5k$Og#3A2T4!>-G_*xC6^+6`Y<O$vWr&i(kSg?${OIy7+3c(s0KcV8Z5GpN%OH)JhfLL z{8Z+I-ze_}aZSEfIn)A~%J2rA|0c-g#)zNDqga0fA-7_2a}N97B)A#R1~^3*6r9KR zs>y1v2AzPbz_w85zpCzOCH{&~Q*UKV2>pDM-w7P)#mLRNDz1WiZlp&}S+Jz6%8wfF zRvqxJah2X7JQ*oZ5d7J#7VwS!5=U7=9(t>^nyNlaRZ*qb(uL};s;Vpz`+T7Zc-Ld<>i#QplUS38Q(a0d(6{y6-Q{^Hr|}$IvL*@kr{TLv zhnFY(59H~E-~JED^W^_Tp4I3eX=#qxuC%$B!WiIg<^Nb zIiNf#%L^Ia&6<{TK#wcC8u>XeFe z{D9U6X@`-A+S;;StWQRbC$aVVqE6OqablZ*WFx-|i}~>s=@cgM`913HIfa?k=@iBj zWg3NDhE?VRV`zUs9sGHMlBZ8#j^HpxDY9pn?KK8#LEwagUxDPBewg;X#uP_TZ1row zbO7LcP!32^kL70|N{a3UIjniFpy&kYS51SjiS-Kd^I&aS8R=ccG)M3=5Gx_Vwem-r zrea^*LEU$vW%Up3zY|XYs*UolW`mx@8&oxDI8#3vaHd{EhB#A`@i5y! ziFK%LU>pGp8EPA7vL0?5a5dgwjm>=DT8_W*pRCsnrb$fD$4Ne#pvQTxwR*gTdjyrz z2ptvL@N**T{o@N%*+L~5*;Vx}GC)QLU?>@RDOrm{$>?8j2pRPeSZ$;8SkzDUBpu=> zD-+-ST7)3NmAZ4@QX92L0yJj}(QOlaw3r&+vT_>rmTjg`2?inU5>mgPkT%(>#M(L( zl6veBNV=bjQ~Ui;Ncz@*B#qEj%r7A6DJ#4QEc-vzy~v0%k_REzPBSDW#n%3dWY>Cc z0DRHzXup9)Iq3`nJFM^sJJ@9wLfjR_q&o@fq#u)Rv&-2aG-|^UIq4>QY|T4N?3{m{H9Fv3h^Q&=%xr8o#-U~2piov)Ip|SrS=zPJ&R!$iVwg?ob*b;N^%&X zes#rn<@KYImFW3spwg>^#3*c~K&AVJpb|L=9g`Luk&|AHa8mgYPWoAJQl-&N^eWWP zRq(C>M*79%=q=YR1!l=eC9wu0mFmvvIrV@630wqa5r{ji))B zvIPl_B+6GB47bbvfL{p;DxMZqQsFZA|-@gHLh11-E30uOLp8q}o0xHKuQeu@#|N_kH) zwIM7~;pjx`4>{s(RDAecGvZEymAUN7RQ09|SQ{&aj95dzOEZepzXCRn{Aw=&aeWEG zoOB_>r~m@-Bb(fyiKk3(Dj016Y(jh$z_VZzGEDwCUy82kMbSD3r^dScr^fEVLu(v- zshE)PGczhR6ZWV0o(r_qBNVFxu1F?H2${$)5@3-mz+%3qgTCZ8w|FE_92!|tR#aMA z6%16)^DswwLXx)6qu*lV&7N#`g*5ngCD6WfzTN#`e9U&YQlsSJuIJSDNd2&P_usjF%N@QJx){Byx+j?Y!{JuAmg?Kjwz+8psWV}yRCruL^fxy-Jz zA4zKH&vd?=f>Q6tM=5?PWU|#H9{)l3k3>~FRCtWi<+MLZZKF`(ZpAK6@I=acs7(w6 zceMkojF&G=&z98fc>G!iO46>1aS++ z=bI-{xIwxLAYh2^8^wq3Mk&&x5y(QMYcJ`hm0Y<`VpAe?NoigmiQPpmXgNXsREI1? zE83nQa2fC zibstbq2Hj9MgIQWELU;0cTSU3nRT4%i6%p<;$d7bvwwuGy<|Glq5jo!gNa3RRT(t4fv3 zP<=Anr&czFn|xySS5;Q|E2P#qXyLYzrW(Y(3EnR6 zx{)x+ibbhvCg200jAC$6zF6T|LcY)&`29%yvVi?DjL6cH1?sQEHV9eK8Ey`B$HTVH zaHw&-tccj&P+JHy^PxBuKT1+J1N|BCG>PAg2jI10a{MqdzmRW+DUQ1P75#0WpylDR zYiuearh+*QW9nWf;`#Bg8D)pr^B``lV2;jUg>oBK%Ur#*LVg>j;*T&wJUxQ21mIgB z9;Y+&NFszY#sPnsB-I#HwKr9~rvEgh?h!hxzYD^UQ=TbBURNrtHX6mt&I0gst+&oF zILI7+6KokS+a^fXh=sk1kqsa17!a|Egc~PHZ)hY}yvInKUj~-*fW}Mui+w62DY+30cYJ8!uDICGA2}mj!|$yjZ&%cq48Gq7E0}*+}`L zLKR~Q`b!gR+myiHHFTqe^qdfOY?7j}%B-bt2{&A@YT zmAX);V&5yl9@|yGtMROBB5BuxYsUzIay9U=csBn#_Bj42OV!S@!0Qfq9Ei2@`D7_< z0`A2%d|JZsdOM);$0&TAHZP|AVmb6$KFARFx0}Ci>J^uc zPa`XjTHG1>)XOK6=1^E1qP1vt%xH1tE0v{YF|3})UUD^z7WZqqdzosS!MZ83+3sA@ z8#$qM?F++QU7_advRwR{++2RVBbC$>^>X0Daot?O|KXM;x8>=H8viq?MUYlxu%0oc zqqV25BBMv_YQ*@-SBRB*9DG<{oV~BGFuXVv&p*}Y zk6zr;cn_`|BaM!KB=f7aWs31-*7E6OISfNSldRg@6g2}DnSjqok{8+}KDCkbD%V2Y zLTMVjm>L(U9M|)!V|vt5EN(0d;+e-v^JFvO&2i02KoGgjBEHaLT8n(`i@1JdcYEg> z&iZn#3v+?(FDnd0<$Nb`kJX$;#2K?Mt_(FY8mAx;u&* zBJ~`)ib9>ui)BU9TGukZ6)1ljSL)-DPC>Jx@^)oDzZ&G2&8#sNwcTo@xr?y`Mb|p9 z48_8bb^2Fw*s2#8T=mAl9&NA|hb*koU%@0<8U@7a7YmyQ*1k3HNp$IpEUFhm92+K= zHo1_C@uv-4+UP{&f`KKbUI{e0Z3{$Ks#xH~SPV-*F7{g>X+{?t)p)l2=N$eQTMNTA zSLbC4KML0c8W)BhrRE;OUr`qpv~-Bw$pQQnt-iH2)ZNm(I8_xheBp}L_6FIG=S;mr zT#CAm_LjR$^5lxKVRU<2vmaNtcgSJf`aKc+U~bpMc*$bx+QlUni~C4is~N*~1HVdL zLr3-x;#Jb@wY@3+Prz5j6~^Z7kdOTi!sryw3x(Xcp6tK zr8q@=>z2KaNw~zx8y&Lppn0D|Ek`sKx-((2Hbt(r9b`2#KJ3goqls)4u14dd&K%tt zT3U*$<&Pk)O6j^%<(dlaU_<R@oN6S-`m?^IGu)KqA#2HKu}P<>ZCDk(GV9kx+6y#?Uryws@HEvp z$Fee8;lK2Y%k)vTWFg+lbyJBRcF|+Y*up4PchGqoZs5{k@c&I@PCum z;>Df&Nbl&yovn}K+TtZGkHz)CLu~YtmQVq%9loro=}W?oRoX_2-wJSzt1iRLeYk>( zkMZMLOfG0x)#irK? z>@_v>VeX#dmd0hYcU4PUT}xA_;nRd=%(!){iaQoBv@M&`($=x~rqq?Qjm)>L!}w`t z;Jeah%FXatvT|D2F`b?5&QemK$jg?Y%sZ#6Zb?gL_u|mm_UN)TzK|Ce)-G5OUN)w+ z`Bu&+i2?tiV%{5)m9z z#AhvDMSGyA|1Z^D;tR}GkCOvFr1Frt18<* zw<8oCgx&M3T95eGi>t0T^q|ml5S$#V6t2crkObwKV66YZ4B%e&kr@ z=rk11>d{^8ZC!L(T{t9u5!W4G)kllx?CIeQr-iXSf(?M5cMVTb32L3)>31nb>UPMkRKMIwO#KM8+~P;UZfCOi}n~ zeHj?%(mSmy+}73pRzAPm(is_9>-d}LJtPnLd+Dp_xNN?JE|p7#ke^e;Rb7nsWzH_+ zg)4`(EdN&J(~_Id>slywnR(&XR`)VRO!0@srxfCOQlg4$*Zwu>F&U@0wyv{5>_e|- z^kA4!LpiRgtCK6-za7iKA04wR{hbYU=R09psbKeITI6LsJImn+{94J?s;TV}OQDzq z98!CB7+r3RraDC(7o}I%$@o=2-%FP9>jbWTfGgEo;JmJ=EB1KYV7(D|4X$bLGKxT5 zPR9nPQM}lhOVH;W8@{_8e>t~Z9T%WB<53Rw-Bxz>LW{2BJ7TrmTqII`Y)Fz znQjk{9<(&|vBRXDTytnZY*))cId^aY6hKcp8qw%Vg0fsZcC#B;w{jh%1ll>FN$Y zi2NfmAC24JdtJ9rD4jZ~JZ@zA#Z26~mWae&SKQKZ23<=0D1IrxGe*~im)*yfu_D8K zBviMf#jNwqbcK+p;`Vn31rvmtpVgO*?hZ9St*<<%J6gJZ8{KYsKUGa8rBdUK_svI!AZ4 zwM-LpRs1-ftSRnVywY~sIC*?ynyrx~g1TDT?_#G#_V<;=-94w%W#V5CuJ*RJU+z*$ z6@G(#eqFa%4V%Rz7_qFbWkd|W)74CFLH?X|$>^Sr@ZH#(y7*4njJieQi&z#N9gkai zqO#PvI5KyNJ6khxnfO;cm)ZqZ-c09@79&z>I2ymAT1p;czVx)hBGyOQs> z^zvUVr@v?v4TzQ*usis*%#fP3r1zAiMllk~KQlK=`Em~Mhp}(6ai`4fk8FSqhU>aGQqy~MS8+yQ)QS~ZN=9$*ZFsWb z6s-r%1LqlyD;vAIZ-omxqJ0O0UVb9F=?vTrT^-?YW3#xL;i9&1ckvXcDe9QlFrf^?ylwJoBEbEArHe#i;oY9-!7tZ>O3IW!%BG_JHI_bT(?6O z%c5_}NX|t`bB?Fy>6y-SsF+XhJpQWgp0vA! z#qj_4A1!Y8^i=nBsH*qg_ul&+zn5k^*AX&=^6TL|8l?O;u!?+wSWqaPY|lD)rjiFl z`$MR?Xldigjjcj^t^EeumKHb4;F_Bi$1e3VEY#zBMpUKkjDhE?0Omcj)sBMxuT zG%vXeR*4I4658T|IU2tYE*~XqvBkKJJ!|8&O8$9^mURlXu&!lUw)HctUM$oU$>S$1 z#nxq`YBg=~h}w?kekHXbWm;kT;^qO8hHTd9Zg0EO{9OQ;N zu9LVqzk+yS4CEB8g+hLVO~v~=M=YFM*jPJaX{c^EdXH`rs_UsF57tpQQwe9?*2Gq)=!eB-OhVDZ&P7e5 z8tzB_TlB(3K(~1KUDyeCJLP*9dct{-#~)|M@$E2>Kh0*6;a1DnR(=~4LZXb=u2Y6v z`Q7kK;G3%X(=GzBl)A1p9O`Z#B+JnI+NTCqr_XdK^%D%fpMz5@Wa&- zAs!v4IQTXg#K+Sb)vEE^#c8Themx6IJPrNa{Cp_ne^Vwof8kPIM1=e7bYM`SnXe4WUjU?PoeiiS6Af+4N?IGI+Rn zqyzY|nbqV4i@cw?&OEq)aFjd}ouDmW+>ZIh|Y-p=N*p?r~&TrPUs{F&(KeS{} zUC9gYq&&TQEPfPI;N}R^(AM3ZdGS$gI_YO5-pz<~F%f({OiE(-G7KgWt{NSdG_4b4 zIKQ6zG6_EO2KFD#G6Qy3MMy~V8qL_ZSOQ0WZmT@!ewzb#lm2l=th)ag$1xhPQD@)2tD~7`~9a@+y8Gh`rG?JTxvPPlA%XL4+ zI6cA528a8Op5aS@qa;^K3UrzD1gUVUnc6lP@Y0COy9`{1m%)gZ*7<4RI$|t2O6KLH z!)P&QHf4b`4MxsrXsv~IGcM<^fPcr&EZxF>!bOIbpzde?lSSDnoD`I5os^QDK2 z5Zwqa-%a2dk}LU}-Hk~ydM5A&xSES(9SB1%9!t~-GB+lMIrmMF^&zg5Q83dWrRxOv zmKt2UMkNCyGNT?~AR$@cs(&5Wcwl2CQ-69|$q91J&_PK%n05D-!LxDIik?B`0h!_^ z<1SvIxxSjUOj`g-Hn_$Pq3OOcC^|8%p~b$kOmxoD>uj7L%SvRRjP*DZ$v9csJ1;GG zf?PB53U*AA!g)#UYuG=ya2UXIK>C69J$h%(QS1ZZ?RZwaiGn|rUO`WwKNk9Yi(r6clFID}eZ#aPz|w?f&6QfJY$9+BxKB(X*G8Fs zUzFsP$KbYT)v3RM)=mw+ysjXkCP;ezBIWW%%!FnF7!{C;f5Uf=|-=o?G6n>5D z*$9K)>r`jZdw}8uP!>?hp!b++>(9jNm?DXrF9b*fm~KR5T_Gv+`~kne6iEiC8xZ;% zC9@ya#MYTccvj1za}e^4+C*Da%W?*(pn9pvqjv?u0?DJtMOUrXYj)2DTL5sW1vZ1- zDPPO72Q|Ow8@D1JVc|m=aTxJWYtTPta>lS#dGx|7f2LaC)V4ha*fh}c;_osB^}B8 zK#I|EqawNW5+%1@!b_@UdYD;{wgNoF_)xTvLY+(RNE|H#y;dufqj=%$Imw3bJt}ro zvtWiE@0G+L53D0Vy_igqmDEQ>S@qTslT|OkST=FqD@zsKNh~H|UNvav$ZFt^fKbSy zlzG1+L_CX!?QjVu&mK$ZT|mB)I09w6(E2i1Gm&eG%Qljd4ivY$)C%W8ivMUaSrB*! zL=VvZ0Z<}o8F`-Kg|jU%7R+p!BM{C;F=&N&n4m}|y=)4L0KQQ9IB|muhz++x{_@s! z#JZ9)8*x}D|3uiajmkiE8I$aJj}ntT?+PN>^I$x>S7rdY%b?Huw<5IQ6YWk~NG(|w zGJ>wIX*Qx#m)Tir0wjX-$^=)(%mjD!d-mPwdKi@9bFTCct*osp3zwzt=68P4&M!?U zM06Q=?hBlN`g-Ru1O2|JSuUPM3 z{;{>~+rhcap^VXNv(Yv7*BahUER#{Iv(il9qlHrcs#?p2X?&j5uimIr@>LVqM&TsN z|42D+vQl0{HKkIsf3B*+!l|@6d4i&{4=8si8S2@DR{~nNk`oNrH01=HckdD_JV{k2 z6O;Xy6c!*AKU1O(SFcdqWAC#;6LVgvsGUe}VE7?{3qXdSD0a&Kjiap3D<;`qn##XW z6kb3Q_;)JsVog)?iO#r}M|icv!t+eVy;-(IW~cTYz~5xnSjN3uYz*5Fo>J9|Y?5*B zUS#iEdSTpiTeX~qr4F~4l5=XFwjwJdq+L!t+U>G#0jvh+aLEYeP^VJIVJZl*LNUy~ z_lCnMjC=BhW3-GUJ0?l5Yh&{9S+4icBSBs62nTa5P1b|CUcmeaMc>gf-1S5kOnSbXy;fn;TYm2nH}#NLJ_qXbD4P)y?EFlx&Dmuk7oziHkMkoh zJPzvBHsvECCZv18wjxp1rlFt67324LP}Zf<{_cegt6!_QJPpd=|9vX(s`Jv42)fxNzglwQN znpuzV!f)(+mg6_4`Wr&QQh(_zhkfuD_BT^EMQGHo$Vhl5Re4RLvm9zM(5ZIIQmxZ0 zDKjaBUzkL6()4!{!i7N3cX@o*u*42A!&>OAF?{J&X_iN9{JJFDrU*6q>)vt0e1Y9X3))PQH4EGzSwN1G!9O_z>H zO&&HS$vTr-o|PIw{^IuUQa=RI&m%|Cnz~JmP`x# zmCBFTX4}1}{0r4@6+T4Ei4>U`%$8>I5-p!(XGTcMVSTz$VrGI5wxIJU z@<1#>c`G{eb$)VJ@NR^4#GokWgVcvxLZx*T_45a*j;vjS)MsK#OPucUq>c#!{UeIW z4BR=AGyDka>Tux*SCTi-LdippZPBU`|E88BB#HQ*9yKHS1Ln50Z(y2G6Q9gW6!Z5i zpA6yu6Pc+yy0$Tyfm}$`RW`C5{4-lRN2U%M=Gy|U&J-9eYewuKGlZC1yl4mGezump zCS|bDw@$VO$4#Ai9|+@~l~6hmwW&x}NRq`9SPnnKZa+>h`Ou!iPqF}Pl?kjz*~ko5 zA}qT$B6mR~3(`E)oX&YI}}k5IQwL%~^!oAE2V~FGq_xiLX^ifaOJO|&Ndf}>y5@E}f zm;1M;=9F$vRR;e`JIX=w`;8JB#{e}Wp#tc3Y8k4Q>BZ{#U@=*Lm1zOh%{$!LCb6YY z9Vg9<*BPH;qn`HTbD)v%XOy+LmZ-l`sYc;`!mm~)@PAkb;#dz)F0|)#+@S;{x#i!e zNp3ltrSYYiTTd+u)R&Y5=D$GggTKpofs)Qd{?&jzgPo(S{CW@2c?>oZ>+Kc?O@u3n z&_c;VCh5@@CMLiyyzr6=7Z)VAUzbQG13LmVH{*p#8XwH4bE6_uHu5#NCRK3$?0`Lc zZ2Xs*8h<~7!EaT5QKr}SRu0+irsFIUE|?7b)|_IgZ}NUVO_`CTbjaeD;*ESH4m}P| z&*N2DjH}rWzKduu)r{`G7)vEe?n|5nD+)w$3Su^=x zvQzmz*+u*`Jd>O)R53erAwPZ4o;~*}FPG8Fm}RAl+{VZQZu{~C+_9j$S2y^)Rf;NaZZ zD=|>5=b>#$7x(c(wi|Y!J8ufGJ5u00Z*E@ufD$+oV35l-w`ABDS?t*fP*mP8IOJ`_ zov2yqvK9GzrA ztVY+Bl?DSPrHNTN<>e$Lr?Q+>;E6~xv97)@SX)xNLJ_S}bE?jPq2na7c=2&uS3&j$YiCG%ST#@a(DCDCH|t)(#rCRlJbhGU}Z&Fc{G%`qO56@ z+Lr4IemiokIHde=a4+$c!9Ancg7T!5+tSG8O6lT7&0i?6F{@I%j16f*?ab}!@{T-O zG_R1fj1*}wA8t`yd0hiL%{-!aM)6liXDRE4f=$D(MoHq3s?oV~Yo8uDdSzEvR~hoZ zjZ7{mYG~Ek^F#i!+S>Xh!R)}>WSXv7-hs(L9816a^U+`4Km5-AYp!{=zHsm`|L2SF z$rv^s2}4NeXm1&jI(D?*G{`(Nlvl4kVQS1h%121}X9`s7S&?JFFRTO`Z1TrYzLq%Q z56i{r%1zGKg)v!?ml|1-8zH%3BSeFMb4taYaWcVjBd}8e&ITFj`%4*^G_GY+3J6w5Kw}_*669L3{&gBtHIk5)H@yo(<9X z-?TtD0GQuPQhS8{CRJXIwvAxM{%ZG;Fln#+uF4o>4&;+*hLLLLP#7w)sdg9i!mHC? z=_S>!cVe6*B`)FZJth<0rgh0|yP4n#mci$Px+mMkM;XgeV1yaR5td4PZ6bIoCIa6I z!*VKPxOC3!l}qQFl>I}D60J1Ybb^tLxedg%G6(1B@ytyxtNO?&!EMo`xD@EnQ|4qG zmXQ~?Thk%4qDVE1{Dy|AvihpYELd08utNP>sjDq18|rVUtSkxE)|ZH$hF4in)plED zD6}uk{2Qsdo;Rd~;8b$Hj(kcS?N+VDz_-eQ!aR)(0#c+wDbVSlWPq}oxP8Y09tW+V zWu4XawM|cw%|40tNPr|D6^`1LcIm%u)8H=R_XUP*lBnC}`DShQ&|$*1E{EdImUK}3 z^IMw#LC*9U;KKY;*|M~{bNN|tvXKqu1K+IBW+WOqa{=;*Ym%3`mQ)JqfCI|>7r=N~ zzC9ga4n1B*J~e#|+ZHu8Pm~qn8&|w2%NBhMm5XYZr9;2+(san_7=el8cc2$-e+!h6 zuxeprLr8*sE5&`iEDMvmyL>QR_u?)_*X$(l`ffuZ8u2P+g1F8=uB@zS;)+|WF5eXd zCmLWQyI|rG8#Ed?;W40<5l`1TAeYP1J0vY=l;Dw2o>!3`+Sz(K z)eg|k10ou{BP&#en*IqTHF=AxX`AT{KE>v0E|lI6a*_=`1=yx)DLR5UP097uFuV4+ z5GIHcL<};r6xm8(UZeER!vGU$t%1tji=$-;o~M{SSCufr$#z%A6U<$GFWV7=BDgI1 zwRJAbXV@J=vwzVZxWS`;W@MG} zj4bCD)~jD*9;xMRK*i?3zp$h_G4mYfpeJaofUXH^*N;-S|6+uP@vZo}Y*!#Iq1Iez zH5KfCDs#j7HMw77EdaB@_NaJ0w`=rRfNZclrx`_i3VgmPGR1N$1ci3JjoD&!>)S}H zu3OjS8TEVm>-Br!Bntn4kO33F!)EBk)r6+47xNLCHoZ`VN?>m>KAnxI*VXLK=|rd~ zd;|fK0@^fY8nsi|Bq}EN72qsI#X}Q>3f+W!DbuU)Y__rc2&YK$Yx1tLu|lA~g8nT{ zH`(xUV!a3W2ZV`h|2xV8JRXJbVHZAVXcXl-U{meNs@uad*X?1WC1>|9RQ{?p!zqUJ z4aD|6BZF*WEISjmQ9@X~YTZ+hZxD1-evxu2TSHOw(EF_G5?d=NZ&fD2wFu8KqZ9GN zl{E3));2>Q@!u~Deycioi*|8>vRIv=lfcsizSEkiR)KOoQ`b98m3=3J)nNem1-tgN zW2X)Xn`OsbR%-^BdVFnyH5J@VlVO}Jmo?KpR=l3}DG4-z!fI=+#QDZ7yUFeHjRHs_ zyurGb-AU;Ez=v6<@eR)Wxq5KjVb;m;YvfPRm&0n^6Evq}y;CXN?S6u?x6}UBv+T_i zG%;_H3*Jgof6qaq>g+UZb|vNANZ}W0*1y{GYVzhwba8=KInE`_+F363skGesmh~=I z*F$N%4HQ>N9usTZViStFk-0m9!0xe&`TK4=|0TGuFfoqC&gGAROdGu%6ui{IF9*=h z@Qjg_Y&L`KCHpNg74Ng*&3N3tEy1<&dQcw)*XTDqsvnXYKk(EV*_IQdD%eV%rT09RfRIF!&Dv z+6aE)EE7FmPlO(sBC|J}vJ%0_gTB^9C&{uk?I}`pf1T=HI3<&280h;#z!NiFehrgb zzgNs$XjcmSJ%jE{Oj=oMhn;SBvzjDE4qVLX?j)f^dpfsy(Tg}Si+r67&33#hQ~MLb zNT8ppKB+UoSHcj(D3<;YbalQdk?+rX#nQuR&_fYUp|r?IgHB2*6=Qrmz{iQcrk4EF z(GozvHVG%B;&5W5L1(+wPXLrHk-ga4F=Z6?cU0A=tlT z;W#Tj0%0_Do`_~5^qmCXVeni!)B$Zq+>9`a;Mc^y6ya9FeGJ)=l;^T^I6V#55k2eq zeS}wqwdAu@F`4-M7V*@Vrs@2^wM0l#Vojs6OqdI`m4w|uC0ag>A*@lgtxRS=k7s)J z^QjD9rfdWx)x4DJ{6fQriLw>QD+C^M*taIL98XZ3veG_I8k)ZaSC=37@7)P)W^(V1 zS+vd3OK$Hf3%?_|P_?VMvrjxD!@eVVo@C$-hUWQ3)s@ZfZ&ixF;Qg)IXz5G5!cyG6 zJZQa19d9umb6FM{ud$n0>bX1b?NlTb#G4vQFcI*pRC;nc{yJZDjA3Ovh_|CEy-myk z(iv9*$~;0}O~VX@kFoAqYdf3qQtO@%`GYFbEa}&HOvBeGc)dRteWl?+iK1) z2U#oE1GH*jIV zC@-Sz8Q|-=6OIR4tMrV*S&4kAo7vBD@myCwUWgW)u0dC#;!YD%mv2u5@{}`m+A|3X zOH0c;g~N1kKAi|VP%B8rOBqXcIN!7@b%@OlET_pGMGlQ8TaNQO@{?Evad-U*X&aEv zB$=B}mpb5vM70ep-+C?Wpk_MZ7O*BbJsrvbcw;E4PP~%9vnoC%^X{!_PRG4qJ&VD+ z$#f@>BoE&ST5A0-l5GzIuRx|g1dflBhYyj}8u{rS#0kXqc@o^K@n^Lw+sc9^r46CV z+%)k?E&iwdI}SHQtBO9WVZZ*YSxxc1q^TuRgp&TC{$g;g0f{Gb6iWVb!e->diXr`E zHPJ9IUdM8MM@>n=XHs$dfaitv9EHZ;9Y`}YngehfRaAyMGihe#=9+Njbyk$(du0$t z0P;^$CrW_)oxva>@~@NNq^yC#vgvy9(Amj)@lf~F-w)OcuUl2Ua_Fvsdgag$`>8fc zU@&cv-niVw?J0wIvtDY4o}PR#HQ4F(2*FIDZ@pG5I+ijv3s!*o!O$f>qjcyILr9g5 zl>c>L1SyAeEsw<34P6RQ8!gHHmqDq+3Xsf;K;<`O_g*&?*IS{+I#SYJ6w>37y_Bd~ z)O=r!J5Av#ttM)vzn?ES3M?!AiN38vgyL5}P}T)KFH6=1yl% zUB0i1__ITD$(@N&MEu_w1|mK<0FM(wEchUjqexu!^)u9jRuaL*4+9qRN!2eqf8_I3 z^(AG(-t-SGud1lnp43`Z9|#PsY|vnORcXomTK^EgeZ&y|2Y>f`dmW4Gd?DR!uIWO1t1hXDN`SC#;w-n{EB0NHZ(?cCb ziA!4H$nn(#2k|O&N|>5orDRD3`@;-&t~I&li99A|`4_;k%MVGwKk-||G$_t9j1N{9 z*VQ(ZH`Ld?RUtm8#kXSlLuVJQz`cPH{Ycmn$yg*2kg zNv5v{_+KzNr|Y|%Ew%nYc~xEMRkWx)__TGJ4hlSgDiGUyMH^P_&d0aZo}ik~;B=0) z(V|f|17%t5QlqSPIas4*wFmyUmemd(NLlUA&HI)@qCU9T6{-e?xr{=HsY`}SyY zZGw(_KoN#xxANJeqvf+F$CS^mA>?kfTmv~B&!JI1`+AV&vp>S!gL^5T9VJcKXWiXT zNpID)C-tnZJqyU^pgwJs)~<|}){X=g)Lsa0=hxL%HIxS{bu)GTYS^Rnj4QZBxtM}$ zTs1jbhMZhX)5Rde4^g>}6ty;9NH-bb9%Gg@-iGwgFwZb3H&9w2 z49Z*>Ee*;&fWydKS$w(kczQG+ON*;@;N=l&`4v&eQBx=Un4W3|YaLAo6nAw6s0YSV zVRoO})(|Z9mxU@mAc>(5$R64QZoBRSf@C^{RqAxTC|U)D&6KZEQ`Ab}y9ggHuJ@0G z|D7Ozg`~n6ien7r6V#)`che2)wOAd<-z0an)z{XSR+g5&N%*4*7|6H_cMjP60hr78 z8B?3W?Qx^P@n*3>+6`m~|d9kUiJZko7g{DSu8p-YVh zp=HH$JKN_5i<%mj?E5$TVks{zmFtpN9{=N77PU%Dae_h9D!-4P2CjPtoUEvM zNrQQGk-0vM70qv0W`1Zi*E8kL@H4&FSkcS*T=UmT=lY8p!e?SNX1ilqQA4A726n5t z^Kki_i_D$hnmf-Dr*AfQDyJE1wJ36Wzc{_n0gV0jTZ}c%>h`^PywhT=t%JK=p80)p ziFy3sxZ@jI>W%#=bIglsmX~iHl=7sx^PISYT3b4d-Ki%SYf>3IbKdmrogc%`xBS5I z9~9%iV}HM~@9`ff6H9pfmx#~$_^${Y8vj4XBFDeC`}iL(`hxtj+u$Fmw|1MYOQyE8 zFY4H9)7UliK`&@;Y_P%3utP=xTo$A0 zdN;CQXP7ywqjP!FL|AQvx3siRhu_IO0NpsP$*Y9iG0Q4oj5K_!r9XMx45$^>Q^(N2 zN>I)Ri3}&hYMBfnpU!L;(-fNDnGDxSGu_DEITN50N;~Rnw}3JORvGU8nmnIbBjh0{ z5$8S}*fY`rG!}Q7`O@@QkPLaIOwkJV(9BnsAn7LiT3gUflLHr2u0wjYd z79d?kJb@Uv*>M4mkzS@R$j(@<-NOj|n~W4Qm}}o4kOYNYLyjfj(v!2d1M+8p@m9!r zUIrk^$Q0elbT6`9L_RS)Ow&C=za`cTq$;{g5>Xw1dx+^%jG!_dg_z*#dYAk{zoT)*bJ!+1e#K`EXVl0zt~*Q|Cy%rTu;UJ0?1Rhw1;sd(hVLF4_}u;ZfzSUUuBqn0O}o-eJv66TFMl2c#z2 z6CcMHaoBB`xdweJ|AMP=@{@Qjfrb6rKg8@S(BnEEw~4>s;lFTEmpySs*6VmVu0`Le zSs#e=eu+2YDO$44?zs(?Mj%TCq4O~#*>&mh*ErAe~xQNZ3xE_5c zJ1t3;L~ouw@f&;|hh2#0;3gc18FId1RLYthpUb@Qar1NY8w2NK$FjB+G%(~c^f z;oi>^ZUAiV;>HHaYaPBsa)6h(zn=!nT!UVvnaUX?eD(vqvje&E+NLH&bm|}d${lm{ zlzbiB?@)h=XQSw5fc8^dygeqs-4*i#0GjzeyrO6R`0oQ*VXqO+MKR&cA*oL#{S9OzI$2OKGeAJ2KclOAxnI@B%dj&X0h7r z4rc;)xjl*Aq~w&;wDgS3tn8fFUwd}@))TJ>)%#k;WX*~J*U``arldbAror1 z$xntE#Dqc9LF;PURU@U}W~^$3!E28(87yH_+7aHUT^8zy`Ow(m41bXJZik|q)&|qG z-7tQ1=~uyZ_hQJ~DmI2wi5|0EqsN#{4~ye;EIdKq9dwdPBLMyhnSp>Rl{a4jXX&rbQz(| zh_&2S^}T35PvdXo+o^L_#ymr*+lK#9snN+jVnYizpy6h*&)jItXNHT`eh za@9a%Ea4kebRRO4{0M4$i=00cNgEMTjmQDbsE*R`{AkZ5scV$Bct; zn~Xb%t^tHqFGJbV)tQLq5i1LmdX-KGD6`_HdE?Q>3Wcy}jff#9#xCh$UqH`=W;x@K zNAY~;09_D_+Zk`}o3+?_8vOD|ZVpiKPS~8A2-v6S^XL9%OT{(r z7et4q(b_iWcj4B-jgdJ!I$i%CoR0T91qQ_{)Ali2$Ia44t0U*!Vf0)}c*?-N%)%Jc zpxd7CfC#=%{v&4L_~|dGKMkVK6}Z>gm_+7k@#)Ap?~w4kOT&{ZiJ6HpX41g;CmTCM z>qk}nhW@{tfh!Mo_C03KrD0hWeRw2hj~f4UV<%t?&$}c>|IkljQL3$frKI6TrR5RZ zZ?RhZu0MLQs*}7|ASOS3YL3i?;Ynj%F(qEDKU*-@k996zN<)v(mc9dL2%Ue-Os(Zga=#(`&EX z8H)XU{Y!zIy$Xi^z2yhTfA!`r@3!nG{v%LY8j1f31}jRyA1o~|uQ=rY{W+GtqLkNu z6oXQl&|(DeQJrCouF705beUg$KPGwp{P2$wbG@i10J-R)2m;B>^$WB|s}~}z(2U%` zOBh8)SQNie6c+ia`w8&ohawkkwjxOmiVj&WJN$*shLNwjpMc~M())c-s5KIj+7P=F1#m= zVOpf!b>{kk9_=1TXP6#o_kg*6tw+1pvKVGX+P!A3zwB{+U*Ia01jCIVMGr8}N^k#ID^)0)lY7Zes0)h^wNdy;CO&*b$Rxk`Ci! zqKVEKuqBdfk}2~COMJere9)-_rs-KHxe!YpkO6Vz0S2SQRUjE9@_jyvumtiN8%iKC zFbI7*VQr{+1Y!o13R~h|k_aQIa~>YATesz5Hi>CrHi;Z?o`$3ewnYgxKNEtyQj0P+kdErcE;{w`s^t7{HTs%64~)%JBo8w-+5V| zLi9Wb8lv~+)>)Z-j&SkBI2}&I^lg-#q!j*%o`WybSLrMCCAu27;Mur*6P}41F!2&x zxd~54`(mP9h*v3V&`wS&-G*?|dR#%yL9!Kpg>7l}_V#sXU((riF)rJLcv9&_xC&d( z$3}Y6scX^Rl43uD7||t+08*+jVf#XQx}p^JOC6l=%Fas+dNS+|q76;6)6z=xxk;eJ zl4iH&*qwH7F(;)(DcV3_$(eRF#UA?*;NH{L^)<}Ha}Z%3_f5O&%|82~JO}HCI{DO3 zZ#!^5l;?-}p*(SZsJWLb7$AYL6Ka1jst#qU2B!0<*AeTjO`LOE4?KVR{Y;-P#8mNPPX+%^=74G4MsE0VhDSTb?IjrRg6Zy#5l1bb zb5CR}?!(a%Y0%9p6WONmANS#^3GcTm#pDfoWU;u)fb1Qrlf04C8~FWQ#{R+Yr!#wk z-v=_F4&sm`B)4bx3Vwf=-3$1wkTY`SZqcpfOHEP9dwH6QB(_J(+fN=qF6&n{Kt2uq zO&e2(x+PYWKcD!``F)D<^F(9(S|TxiOZOS$*BXiOTe6QBzgu5Bclv?H_<0V+_#KMz zI~3#hUl`-}qy50o94c6F+`MId4axR&56K?4`rAAE5YFG-^ooh0r*HHYS)bJF-i+^h z+nf1xZ+o+E?{#mlXUILHx4n72<`VR~Oy65^RQ>XE@oKyqpTqaVu*UbXk7&?)yRJLn z97s>xEBbEELhC{0Kzd?xARkm?&sn|YFS}zuuNnFK*P(CA5B2{>6SMce>@WYnG*H^j z|6Ae@lpMnUe~zUu`q{M~ff61TgTuZ}*ljVl@HT7M-L@j^I;ErR<`!dNIFUW(GPjg- zJm!{KooH@psY&6j*OSdH%atkSmUTg@xn&!Y5#IVN)7-M(o*lWdXt0GZvXyVPbFA#4 zA@1n zq`KfBkm|LcZT_UsZh?XrJ?50ui|8i&BVCIR(ue6o^a0x1zG4-gk6qS{xJg-QC5`7` z=aLH$8rR@?xEWi#)@ItcbTwKx;IeZO8`tB)HbR(UUF5NvS*1YHn>rxNV)LX9O0xD# zw9-OH!ca^fI9T&qRmRh-`L6yX7p(emiYJcd;L!^lt$k3+3i_&)c^>X@d z{mQtk*S)=-A?uUg_U1g^L;W)E{{1*#*$tiZ4%~<@IAp{hGU5*z@&AQJ{Lh}K_xkin z&-K;%F6eH3znk^Mls-oS6#R#zj3?*6G@{QgLyEl(-tS4t5 z4SITrV_mr8?>r_#7C$) z$-|!BT&8cQ?%!p4ds49|9gE%A!$z>V6x=i2B=*4Bq$R}BhArT$Od~eCQj4s=v>p%vO3G>3f9q42UcrHe>3yF0WX3^Z-UYFk z_gzZdb4$Jbv4aUiE(nJqzo6~zhriPH8HPL~GF+p9$b-Xy$ivJ)GQ-IfLU-} zgyDRh42*?a!QHjg3?fbq2N7QbPzmnFE1|3=FL0!cc&;^OxD1fBNzJl!Nu2~I%1Kb1 zI8v7GikPx={c$g4>DHol16Ve}-U`#nc;Wczb2H$lklVPzN%{r+Li0+28T!nq=pn-t z6*FGAG*FYb9GJ(bOE)bxQuuC+i4=Z_#8R{^&?(xo$Pb`s%cXuXi4Ueb_8a+IFA3V< zHmEa548H@t#N8ia!+%ewZ^utA2N3;R_esNm*w6P{FT8)RlKZDwexU!SJy5CT zd|_neK}Z;Jv8IH1P1~K1+k2BRlki|cVAX>22eXi?t?MIhc(R*>bec~Xh=jua+Z6I>DJh&#=iZ|R>4)T$rX z%{OvS!|~Vj(XAu~Y2V#S&(K}(^vO^D=})DquX^vrod@g!5tnhu1#-v*a>xa8$OZC~ zyFgxjm-OqS3q(%E@h*_lhUexTxUV}-HvQ-Ly6-w5Uw7$c&Gdj>7(Jdu-&`1Rhp)n; zZvIhS7}ol*&bxPKM!KQh87<@0JJR?g!mtN~y>`!Qi2|=j>XcV|^I~8(uodG#*!a8_ z1xdT<#pspc@rQUZdb%)-jsG$iMx1(V0=+#I6D1zpJvan+cXxLU5Zqk@fr|upcXxLWTnHY51&847!S&u}-*5NNR?VNO znwqZZ>Yj5>of*nFWSC5rG9wuHi-Mq}vhK{Nx9b=Diqy`IC+2d0kVB21@8VrR$AV5^ zonQOUh$h+so&t^pT)~aD(QW^UH^(U$OOh39kaWIv}4ymaLVt4ZpU$;Bz9fRNJPyDLURpa6FBJOLh4_eY!JLN*!Ed)W!nPISX5be?mdBfb z`x{{sy3t@t8^enmMG8CTtlwr;6c}mfZx=2hrTBNI#9D5Vf1^RHWkTCgl{&Fij3(PE zT({sVYbe`Iu$)%n!tLCGeZn!t0x#W-uv+dsXJKKu9quc9DQjG3OSF|5aqwx8LN0&) zA}xN?{>aPUQE#{W!x`EKB_;KKB(0!hl4Mj&D!xb>)i$o%R*R-)F}_-z1c}{I_!1d2 z??6)kF>gFzn5hKKK9{X0q}Dg7&%5YX3?H5@CqW+np>VUvB}VjKprIs_Es}ILTZmS~ z01!uSN6}F;<_m z1yGD-5nim0%u6PnHLZfpar|1%5_@qHtJcs}lUg&pu0E!b-0g9c5U?6?R1uW(STmlD zB7Yw4he`PAcb^w+eMFPaIYeqdY*=0*2|MXVav@=3&3$B#7n^`oxHLFK6)(8~rD}~10e^}y zRPwBSZL(qKcuzcsY~B8!cPzVb26qLpWG)MT^&K*naaMp`FGh*(d?+aZXj+HoYPHs7uj`6q_2ZsH5GLQB+eAi8?j zCnDXYRC}(_bpDnZM4b*^8KXk!h5BN+TEi=7qL?I3IUnm>t`zT_qdjLw_(~b<#grx1 zp9H5+cn#Vk*QjZ#vz{aBU9xo3Z1{G>Yma=`J`w}2P+c_LH0F@vQ~d8ZnEN5|FKC8O zy8Ls4jsgk`bMTD$J7IOCbo))}i25zO?|-|+XNhbZin%qVhJDz(^>T35<4?N3%My>; z9m4tC@qFp{?(mZtEjiFM9B!qT<`$;rwbl9}<%MiCSXkaWcQywFfw6OO=0l_QdHNw* zF=-}8F_YjZo$4540k&{N+2;b(TFWo4XM~bw*=+R9`RPc+zhm!_y~M1pY6C~27`8~s zbrIK;PNlJH{~^>54XtQ|*B2p~NF*1SCty?tK*>7pza3Ld=hoO9zO^;WGNQGSXqAofv@{WsbVp0x+Mu;w@E1! z*Hz2mG| zGOP>kfRu2;v3wPashT9+$&iZADX%i{sIo}MzM&8&wEo8%w)ROU9bC<#6*i1cERK{e zYWXSZsw3NlH0rdisYU1_YZWzT4>68vMM&;L2;1vi9z${JJ;I!==wZBMNUxv2-}taU zE>iUi=dU(LUECoZ=1JHG6}S)i^4}P@`tSEAuMP-BcXXA(W$Bun1}!L#pw>8t4ji>hS6%oKOTsYI%5dYHo}dow+~WUuuIo zjQ7K8NS}(nY!;gx!&Q?C_Jo|Jr{+t0n(Hghwdc}m#=W7Cxswv8kiu)DXuAhsaxh}l zWqn_jOGO~UBF+8{D~EzYRTL58WuRDilTiVqqzfapz$A4SgJy56JOr=x2}=&Ayw8^a zPqxEQBS)t9otZw`vEsM=-acA00fxZbj)THH*_@!^zd;=o<3U8n>Q7SB^)q+1>C-z* z?bt~wcy*eD<}eD4NTh<7RGSJKJDZA85AQzFvnCphIjuNI$%=^Bk_A*^^|CuKizg{f zqD14Xcsj%{xdu4ZEH;A{5#voi?x3*w9RL%&2xcCf)B=rXu_jjZ$(*LJ?dTO;RsF#E?=pv35C zIugk4q{A(b%Uo>gkX23hL>%MS?1a|fmYb}r(D*CI;4>>qqx=_cS~C~k69$dKof$R& z-%I!y?Qs`*uK$q$w>x0}ix<9pT8Ol9mR|u{x#OZr_9jY0N`@{rK^}~WLzyL972yN@ zzvbXY9Vy-V;h>*sVzMPWq1CwMZy*QZkAYefS=+b*6%0?=a6HOg*kN^Ru{@uo9zz(B z*lh7|OADDQ<1sy_oM{p2=`J#R5OMPhNlIO`3_(Il=l7x?RXB<|m=Upl7+W14eHq*Q z3n5=b-T#E$ZER9b5_v#?Mq$rvqb4$-BIT~Zc8bfS&&e|P2z2-kb%6d0u^!qX#GTH3M|_nLfwH%LI|P+cI?p-cw! zs=}%bRk`u4r^zC`I)mg7_ChqN%%~KUtt4k<7(=P}>D{*sFi=a)c1q>=7~KPGLNcc< zIbj}Rkc*YD5U~U^C>W;kYwr;2P!Tu@IzygDmdUgSOfWf?*fhR;Vk7#m`$}=BVs^yp zu=NwUNAPX@>xN`ZKR^p9!)Vh6VXJU>+bF9iL6m`MB(V_hNO37g9UoTvT(R%s`2_Bg zVoL;L@TP!|*z4KZnJ}`)0Z8M7%toT@;B|V5PsX(Jwf{w16u#NEm({@RFlu!G%fC>T zhU&4>f6MCi=;&y7*CM|py4)gvml3r}@bTX&?cK-NG*OmJ-6u{FMK>C0@x#fLQLKQs z!?+WMqQa3LnuEOup2b87u@>CmTvKGmA}NCdM2bP<(n^#uXu1*LPqu#{&#IgKJGJR0 zu0N($R*p(?wy^>!!^35ih$@-!=f%E*V1ibr4(lFzRLRT8$9>I1$2YZc#{JvqLkOgf-TE6d+*EaN ziDk{^>z_)odbU|g9%-5^(b%hVb`4I*pl`fZu4r(=2;v=K z#SPe@8m{W=dnSn4NZh4n*wCClnS!zYnPmX33eJ0*B@Q(7{1-boKaokSI|5_v&RKK_ z!Z|>e&_*IZq>BDWE1OVW*4XL6;zF(`X`9{sbv;fqcR-Fk=rXO#S@ZF+W_n7RKB`MZ z;z|4lq(fu8xdK{zOYUl$Jjd=28gx}i-ZLtp()=e@*LCZ0M-`%vf~l|?;XvAgM?j7c zSiq%ohcwD){B5j$a;B^a($6u|@wQL(o!M?c>mH_`K_v1<)^xaX$&d5?#idF`n!_%I zOy*m=nr7E-qC*`+>ptq|M>&O>WjDLUtH96NGWAH(lC7CixXA_YJS@EC2v=tgxY!Os z-4E)C=M8UN<*>Vpc!ax}dg2@tNFBea#O0eq>!JJ%PjK~XG>_Mtchw-Dv>RlHHG>yH z84KO&sjVv)Yd)g0?&M|(o;FNdu|bN9pO4;K5 zbW_aTeQk9Mq(@!6xn_!a68q5fMQ5dJ30yNJUj}89X)!aMlzHDd`oF?Klv<&?O%&@` zLR_(nj-}Q6Sx0hJ+~~*d5zH*IWjHbiL#$~~pR>s52VDGpM#%Uk$Mx5g?SX&sH2mLU zmU@2OTyJKw(ub7lBdoU|ydn*`yfE$^BezqaT*U6M zSCvF@(*+GT@SVEm)UsG*Vom0t^k6a*G>QkYnl27qlPu}WwT-YRseOkaEn{Kz> zZvU%BI=v-bMj>gX$GfWQv$D@S;6}*HK301m)JbnrXt@XD^5;bFlaLQ_8)n(nrh1S9 z790T=@daCjmWz%jT+YKZJGalMW9WRBVi`G=TEjGH{j8ncF)w-zPeMy+OQOp_M?mXm z9jVIXF^t~f>8EY`O&z2g{A5dnf4Vm-xDFoazgdgzO6rk}7bc8V_gd^5X6JGbge6;@2J(}Z z@r$}ftbwaqSeLx?O5&?BI5X{3p$I=7rz@lcH z#OVBi;d? zpE_i3V7lxq{K;1ho6$@hTm70})$W8x&qadM$cOAQTp}UY0Ddo{yx$4M8#r3-L+}`h z<)`kbAxt8V7Lin)rY*%VPUZ*;H|PYHDZc35p|y}m=rvP#U0M|9tr%Tcz~Q&>!*Ovl zz*M%rJGRYTIBpeuk;ho8tS>~c$6&_OUIq5`uR8*))+8r%Y$km%D%vB+m$JT15A{a! zQBDnEL&3I8XOV#0k7s~kZ5aZ9UMDTPo@Q0ZciyMO^?i(pE>$-F3>cH`{USYIaC{^a z(uDhJp8bndWZkh*Bv`SF++dTavUTj07o+9M*sR%)&w;$w0c54hk3Z|)95UZKd~YAW zBxX6fz`JZO7{5hcsgTrt_2`gWlXo=0$(Lj(-dT87m|4+hxRp0X8aehQGNY16ZS_Lk z>d8>cv!TvIubld;Iq9)su9>R8oKuSh-`D!{P6vm|(RZgQPKDH=N6x;?euoYV0xy`4 znSJ6x!KX$TTSC8ntRbK{Jxra(ujWFYpixCzz_k?8R-#K3WSm{U&H`}gwfM0Ls#;yX zl$b~G{TNcZ3QJi0oPSR~8>Cu6DdVf8=Fs!)^|e0=TF=`5^^sEITX#k<;jCqb>+t21 zMCbSCr1;}S;wxF)mixr#XCv%>iR9O6UD{oNv2r*6&iOW~v5;8rZUF-$_8@tixCM~c zQ}Fq0;~L}HGTz4z&?`&-1t31v?)vAW{bZBr+f`UcAlKV&k8AOf4%y|7 zb29!hmPfDN*NRydx9K=Z`Xly)i;p&nD@&{>JY{owe+T(kFO4`#SMn4FqOh_0HzIY` zD<|63l)Q8ga$;?A^f%Pb%9=*aoEHkGB`kC>aX$O5tJ%v5;4f)AtF@^vFMj&!Y|=TL zP+W-u!Ho%8Lt1xy1VnJRQ=MTxe93||oln1WOt+ftf&Z(FOQ00x!WSmi^MgOk=!e-O zxb&)Ru}7y%_`fNgu8T8w;Ak>+5W1Z7sqU%QL=MQ&%_dd0@!*vEZ*`$A4?r8`3F88r8`W8XeC? z6*&Tf{q6#?MUYw>m}A2bRNa#swySt6NuO7Dc_S|=EiWifzTV?SQ_y6|av?qciSt!y zZ>c!TJ<6^ZJINGEy>F?=Yb|p@dNlu$Dlw$r27vzq;|McAe6aByYk2YFBiQwf;|54` zK7Rx)A^5(*=&ixOhnx*pJs{TWe-DR*UcIC@z~5G)ZmJ&qGCW<7ZJckO5}}qL?^#Ss4p;;*tzgMUjy=zbOSY#xD($V2I{GFyt0j|ji)~U8^oZq zK25~!p7?i}DZ~kXXhV{C{yf0+CG3hbgU4g%VJ$AfvE5L&R&3eYw9RHgpIoQI*`+)o zC)DPgjXtA!3R5XVlQfcoC+hhfBIWYO7WL+no%y@X^knXTWi4XB^jF52D623WUhWS% zUortla!dG!Nq|q_R)SR~s0C1OZP);T$IN6YQrVBTYfq?i1`QWXb@13+zM|nU~e zPNC^;`b~FA%4Q9L0Bfo3C43`o<&>bv&HM$}UhAn2v%Z z_qv@e#0h*Pve|^X82D+UqP>0dV{PMY#<>$R$-WQ$o+y;b1C7#c(RTjVzO*qnG-ZsZ zB8Xq2Aa)auUJ%O7xqG6wYy6E~NS7mA-z8XY9{vKnWH+0Mtci1x2*L1j`X&>ewoUF9 z@sjzFV!?{4(pCSo$*xkBcldU!sLR+OHIdshSGH+d;O&RrN*J-RMe~&OQxAD|i!Uom zs4u4FQ=ceOwNZuEIn{QC?l`BY-n{DUV<9+dyG$=mOlJ6}?*eO^i0YEg{V5VjW(;pq z9|bdWSy|(;rIL@@cyr4BS|`N$%(LhPL0I2q<2Hg@y(a!JFxB!oHw{V^XUh9Zmb+Pv%Mnv8-rF!ajg01=sdBYhn;y3cm%%?Nlis8*=oDWwPpB zW~qZ=MF*XH-Tr=ZLB+B+kwDYStZBJ*Q}^`l&? zHeu_iKnqqQkv6N1wSyc!oyIKnhJR_M>7HrW~@Vtp**e@&&3Yg%X8x2eJPlFq4M;8V!{YrU;J zK}}(PBeg<-qvcdW$@$ghV{qLINaEjHGM$ifLeg=k=?zGYFArK|%g6!UX6p0-+}03$ z`#@8vAN)a6Nrh~8R*3F@ekAdSl-#lM&wiCn9Zg{$J5!)cwVYq+dAjXj(P+{zH%Vi| z$0xy@IK9$D&v3Pv!1Nt?m*@#p=8X4_3x1DTF2}HQ=GoU?aUO5sv-L=%TOzG9!L?9` zvUSN9OnV-U4O+|HSbvuoP<%K&21t5aEr7{0m3M&7#0yI424{K%+<1PN2Jp~I{F>h* zb72@~z#IQ`>Lk62(ts5ZNPtK7ase|%z%ZDtckY--Mk`X+%IXH|6pUQ}l?a?&-{@>P zgfNY4aRkCn(%U^>R85zuq0#jWc&xj2VZ>7lrN;a!W!6@TrvZYFM^}>Zm10V50x>lg zsiX3TbLPKFkfzdFOeU|Hp%0U>e(cIPb{icQW}-+ihP_COk zRfeuh^w;`IuNeSkBM~yfqXXTXQ_gF0^>rlA_&4W+t`+dqV2VWV;2>JkQWs_$J3M>y zrVysjg6ZlYYu~|#&REwoum&R(5v_MZbAoG-0 zzWp;V#J;f!ln*wR!%sN(PYIUV2Yyv6cJoe_BTr5dZ%7CBa1thP z(0qN+A9$OnRFVrE607BHHl~-LTiLJPiu6UJiMr=!?Rplj&Z81EwsX>IxQv+Ab(+FE z&6n+8IX?Q??y|9xa?VdoE?ES#u?t2chp&devb%qyU0|R*4$0t3ZgU?Fof!NHAINJe zHb801bo)5CeM7?ZT3j9x4M_4})PEW6nbK40k|)8A3|gAuNZCy5}&Q=n<`Cza^H z>-H(Y_d6HrR{h@OP+SYd{g*UoT<8aTU~keP18CLGpq`UhIOQGv!Xvuw)S767)+z4h z*5ow#vNC`(Tu|`x^z_i%OS?B8OcmHk&-i_aYiS%kOa8LOpmWK+;!~cN+q%&t%o2MH zmS32ymmf>xA=FdBN^==e)E;*;zGv;nmMi~0@77$18WkSv(=u ziQ@O#9!+1T>+Tfsw|&BfGz`34C!MESBM-^6Ky(KY!B$8l1#*A7qO_M=C>y#DzGYR( zTHCxn;gy#BzO7BLja>sG8;mFoML?yKaJyZrTKoQEu-BK*diMHP5momr73N|Dj8C9o zqPKZw&?gCkjs9 z=zo*$u>BrFvz`uRm7$ZKb_zvS8HknTGYW`@&)_#}0*0iOZIDkSi4Z|-r6FnayieiU%hi(L$Jc4W~} z(t9AWk$xyK{#_ZGhfsUFErQ=*PyWXhh4bUr5OjN3`^Z(BW7YQO8!_w|nG=gN;lbuD z-H}^fME7bUlrJDg?kXG&Qvq)=EG#+O5zWU|C1k|!h&eJTLTaP+*w`7^BIqQ4rSo3> ze8jZBE0mBU4e;UTn3+VJd0?xAnYwN4Uz`FDQFSP%Hr8jt`>#%OJeiek~%m28r$}iPBGo1-Z+qq-zZO=wwrC7Fz3P2hkcIZZc3iY_DM|W^TM}Kn_a=m`(;ys> zjrqByBpEob);&?ym|E%oMiREAy@(p97tRBtK}Q^1I_16_yf;kpcgOG(f%XDP!>1`3 z!gM-G4oLSML7b4JP1`K9tt@@XF)<0Gdo;#j6FH^WmFz$(a7V1DRSXueRNj0WhhlTS z5+4EJ6EXxt`OWC3Eq}J`4OZQC3QpdG)4`&-49($Cc(_!^xc%UtTUW9Vo9uzF*lCDbKSG28!c>yHF=f7OdIuJqKg=!HZ1YqL)!aezAL_Y4 z-Sk3LNq6_Pkeb(6i#SQ-T%E$;t6S)|D7mzcWAghofLigL}1PGk4@7MHq_ zcgT-=*u~)gHEQKekojva=b|1NJ`!TP%0A1_s?yXj1r3$3?Hxg?rj0Qzl$3s_PZ>-b z>1Jq1?i&`W-214rnQG!j$oC#A|9J`U=F>#e6VQQ3z`uDSVG$76B{L4Sc{MWs0_RYo-k*Br*FUw(Z zrFTuGy=QID3cpi_D~8oW{U&-G0T<$DIt9s;oEx@aN_LKfEeZERAwYFtWzt?Y|LB@wsCHyx9e?r zr_U{qT6}a}=%e{35Iif^^wf(UBJ&p6f98jNrPi*xDU*eJ$V+^rLx$N!8k+ZHIJTPT znvr_Y8G<1)mmUHSxd!VThq_zRTQFZiftF`M;xu8#02=5p_wV=#W*S~#*Cg_bUHkg( zs{r&T$1$biFmyGc%RhxbNH97!uY!h|li3khzYgj41>pYRK zt@++P+SqxWAPqR`4=yfQ_fVNPS841Pz1d9?OQL$qyq5O1`D2dSt#-I!hk<3OxK^k9 z8rmedhmYO_q9n)YAC27ccdW0sLuq*yUOmnAVDjT%wR?K~B)~kI0Wq(Kh0ujxgT7tln*xi3WEzTkpQfw0*oNyA) zA!h3=6O*(MMh85g(36@#;pcpKO)vhd!%MdV)f0bzQWGE}ve&VRJa6rwO#bS3H7udv?uQl*}x$DlW+vAw*+iN2 z1ZN*nQZ?%`i^JyfW03R6RS`JOaSy%6F#>WaVTYg{+Y(yd83>w)F#t&8EUWTeP0&!alxbaJ81s$NJblL7&yWVMY2H z<1}O5k%p0h`yzu**=Ait!afeTTsf>MQlBFL;9Y8<5}ZB?qkuXb+YQ+Ijc)*A+zH8D z4Nh9W_UiwltDS7d;!s0l&Gzt=*q>E^HjnJ)9GE-**U_EUA~*}m38@Gcsb>Tfje((0G5 z;j%y=?=Z;>a_^o5`9kVD0JGj(3g}3By#u?uMPgh3aW9=0_;iUKPEbhnn5c}OWbj-@ z%;%g5y}|Q+t__J(@0!QwBw&t4e_;`5DftX6`07Gu>E=j*p-ynq?e^>Ej4w}(z=HO6 zRULP7EkHZFYy=$Zk8GMZ=lbj~!@gp1g!?`6g%q~MX_o>ep~=VDyud;pGk`~oRJ{iB zk(vMRQvL+A`9X>z8R&8W%?Hr^8qOgovB{oCCnBs|TFTBQ2y{X!ao8)S`DuyCpDOtr z_>P<%Ir<8d8wQ-yXP;wwhaqyxY-5fe0hMN_z^_}NTE*}NKq>wOfQ&xWJx_TcQU&zy z#|Oa(xv-EJJ+1L)XzctAf|Kz?sBFEzHex?S@b^^@DfGDgCHBwxFFYE@y%-Uf)NjI` zR)34%C5VK*IIP|m7N6!>1PSS00KNB!e=7lH6J=zQrcg?gsE${+-djKwPVc424V>xn z-vC8TY(HjSKx%l&*%XBjM^}1A3{pw=*%HhYa^&K)Pe%C%0u!=K;#H99c^gfQN6vNs zrMR?DaG0Wb6w|28eFR&wCn{?rQQs46S)9Hi`w!t$oy6>G`y z_~&$*>Y`8g_vretTj9LIJ$qB0dWLxJKB8M4f2tSn!x1{IAtLp++sHQCR}g{Q!uO-E z34h>A7XY_aPvFCb<^v^tsQl|}XVH-j-yaC>QjOMkR1#*KH2pAI9eR16bu%NTA)p4=3RUO=PwZT^zv)E@ApgVVGWfcs!8~h{ zj5eA=!KQd`J`Qs>SmvrQd+e&%7^aU#M-NNn2KE-kg-u`!X)!*OZq9Zj!0mXZT zV`+?fB;5{Dsle8p?u36EaR-cM*88zx?`L4#Gac~5t^NgCd!)pHZXXlakwKbDA(Vmb z;98jSFo06;9~kupR9NcD?j%-T%`yo}#31Y>S2YG;g)4R9fKFXVl+qUva4nM;jCBer zXAS!G=ZPwF;GOre_um&B~sh5Qb|e7eW}S?pCt_HB|llYSeL5V^8vfQnAt zvBjQlLP}wfRrwv`49z464W5J|WitBxn1enQKsOO^ye(=t1F6EX-I`B2MlDm{Z9fvg zex$feL=(=h#lwhQXjJx}dpW-9#`{Fb>2aD3rnuN>37x0;nsj}g;F9R z!xoJK(XH?k^!JnjFo>PIf}K185C&wn9v~0XIRg+w(LDv;1SI+a^UM(`ub#JapkcN~ zk+K3Ps)IJs1W|m((EoMiE>t(Q);8+LWyEM~VqqO~qkBuZPcbXCDlB9FpTu{B)3k#o z>7)VP)dygu;vQgS=PKzE%l910%y6P~h)|$p^%1dO@(O@a-Ta9;4+N<^13?H4Jrup{ z2#g`UJ;a;PbK+)wU`_L-C`~d03YM9VB?Sj?hjdgDs7k(BZSSYU-R$NgISO%nG4Kkg zYU%o;LeN?4fy(Tv*DZ6YKSNjRhiazPZ)QbeJi~L6>;@+@B+|b9;svMnxR)$p9o@8R zfVO8|*w_mv{9tkosLwW92`<$X5m;VeNx@)oI%$Zux-O6~rW*^v^Sucku4oJp77U?*uAuzw=?Gy*WdrRR?!N(!_mn4@ z6}SH#AoD$G=pHni77Jy01ufqLLWhA9{{c51{ECls(3SK!-jyl?`cWi-G(6jv9l^2% z5Hf4q5#WUnDMBDU0rkp#yi|z)Bhr2<^Dwpl>00J=4|Xj$e+EJfYV4kTHF?RI<@^fn zyIVse=CWF8MB97*Xx6aDVNB{o*-RBA7$o;0NYZI6x%KPIMr)mOn7x|je%X|0G-q3g zu}9`Jd6$s2fVFwS0j0CYCZFKRtN(_vWB9{^)=}K38B}AcmH3kcF!C$h5kxU_a=<-4 z%M%V@V{%~HL+_}wylHqz+ehgkS{x7nDU;6%I6VRr4;;{wz#ULma`BKAV8J>g*Q0aU z!5H$u8-GK#mQnp0t-e+I@mus{q~RazVJ=(D16o%8pN;V$JmJNbXsXWqKWpM)cxJP6 z_$haqVO_t%c-vO;gztHo@(;3LaSr}&w!{7hTgaYSPi!Ihs9GfTWKN^FmyR@-50y}u zKUI=cfsTu`lT$) z?~VxMCw7)ZGjsU?Zu3Y+Rvmd7ZW{<}hbc)z@#9E~%`%r`jR;>MO<>Y5 zD@$A%nRffL`zcJr$@bLq-6v}QDaIaEWPwDu{Lj#DkfT?tA2A%0x29=v{(&#&eNIrK zENT9ng|u4@b@LuYPgo9b94oI`A-8#$yy98YoOyB_ISzq#ET+voHe&{Bmh8_dD%(sc zqwl8dT6n6sE^P@C3f^|_feCvP6?kVNhj=JR3slK>*)7tn4Cd^Qi2p$SKb@qu9&*GR zG}k_*u>D_!{gI+jP?utVccxAdTl_Bx(Qsp@VDw0542mC0aJW@1qw{|C_lZhg{AxOK zM27zuKM~w!G~1WH=l{&WR$ygL@BKdpXbX`1f$KbEvU#GMz5*pv%ld?pzr!Y#pw<8B zA&CFr2}lqTM~2?_)O|35C{PM}T?7sayhpeRxqkz|i02PrJ>W^HxCJ=>at%87QbrQ= zBH8JAgBAsT*dTnnZodJ0LKKEuN`3(a2)UPFF%roby5$q?2zg(fUVR!S9UXbx4O{qv zwha4)`f$w0(jcLh_hn^&8`Mon+&-Z_vw^NGt6vwFFzjnTan4;s3gHHgJVK6LP%}<| zCtiGER7MrDBt-9VVEGNm{sk5I4}m}}kYS&Y{#j-*$x)c14hl`0Z?myDiuaUM8%w)k z>!9Ye70}aBXE@u6Ok~Vw-e8EIW)iTJ@&2DgJOWK|B|y-I{J_P(P;}*=oyk)8DMT5%ayeJqc-d`Snis_Ba<5g$;!~c&Qu;LNV@ftzQ=YjDj zNkOcVD79#d=!f|`Fbr?VXMiaCe>`6^0}%h77r6X0Di-n?|tkpnYK0kPLp2^N%Z!iqv)tLBnFI5WsAm9PmX792SXn6)jPQWOVVo=KJ zSJ3|$0ssm$U;o>g(oj$o_G{cE@;mu=3DfaH4{e{rYSvFVxf2yXF3mDmp?D@C3Uc@2xqV<8wt3beylILCHObd zq=@9Ph%+k>+JF;}mrCjgdSSNCheI;B3m?m|)qf|958KB=C@}avghp}#22(0MwbDvS zDT$J*_D{7r`$uNTaKfv{2tu~`-`#WlBgI>!wE>aXGTkm34tE9%Yz_J}u2(?#1yl?q zNyb7Y3f=(anJ*EP_W*e(;3l*)2N1mi(!jQrvW;L16wFI2tm5-bw;p+OBe8%+GcNZG znx%O)x9{ssQKj!B80*|c-v*|5Oep|2;Sk_sgdyabIe%KKTj5RUH{0&`KZ$}H5QZHb zbbs!KQX}sW;@t9W3q2mTr?-DOSZYNK4qFj>!!;El@(NLW@*9@r!Xg98D~J1qgFP8b znj6&sQ05YtcueqOKBM?z-f6KW4b4J(FqfxRf*LrT+BsZhX}%gwyv5ei(K`GwV1qj& zBhI0lLr$v1Oh!R~a{d-Oxu?oZu+RSQd4of+_J!3#ykX1GW_%_EDGp^+zO-Bwev9g7 zTJ2~JR#J|&+DtPs&xY(@%Q6f`{SIX8x`=&m_G?kR#^2;FTRvPZaH2Rr+tth;Fcv;oJGhaV2clT1F?Lz}JNP`w^S{kJn7S zAg1;ss8qT8R1T%SfTOP>to;QPv~m0nu5^=xjx#PM133Nm)~{VEh$#iL zp1}?e1{0{E^~sm5(py=CR&P}IFnky(654Fu6Ez|Ev0QN*mMg*WYyZT|gE4D2l{L{+ z3&$rJwB29Lan~w$i(dg(dC=&G3dZ_)k`t!wYXBg7nK}q_yV7HOb~eb&wD~;zy+c6fGrYbX73c`oj;JdF_K$GjRWp_@6#Ax>-c4 zv$!+!+gNKWQ~5HYzn8OmNFRI%tInskUB$Ql+D=_?7vRTm@7JGvNx)PP1_?V#{6B=c}_NCC&K#6m8aKjc#K9f+TouA zYGb5;=gfG?P;|cjoH{T!l2^psSTigyk7QJ`nz=kZl9$VIc z{Wou|G3}|o#S%|=;N~!yi|S3%_h5b8syq0{IQ@9>l6Q+G&#a~PM7Ak&PndhZ^1e}z zWyI+H4|R!3qx@~ZjOmdq#=_8n5WWDLO^0OJAv#t%u9^{wavhy6Qzysln?=QNd>B|s zkfc?oBufzV7v>M;>5U$$i9KsH(j%Sxh^IE3Ql5E0(e-+c$h&SnQ&&}m$ zM8B#3!H$xVFxt~{QB_@R!dagw2E(g~s|nBA2`yYG43(&MELy+uqe0gn;pBSRF-^ut z1FN^n?bVKW)wj8;$JO7#%Zu~&CQ(py#=5Flc!8NR)?Jfqi2&55e|UT1D0uDBoON~d{_E4Ya0&9}ZPz?b1c6bQ&`w`acT=OK0|NSf^tY$N;`Vz=N^3|$Z$c>?4X zw&9@Gy-?5bwnjVB>&fmr$7DPBF&#-i{t8I5zdFJ(erP^oVw#*g4GaUuChyd?sBPNc zBa;`T4nyW5R2iNq1zYXt-(Uw~`iP(PEm;TwM)2%HKR!jZvXY;ox3|I?8SOK9e385I zI8IK(xBU|^9QFy|-6A%}ME&o70^!@&RXN?#5IH&le3)o!kp$uP$CbLCom+*oRwUA7 z!57M$5{Uvj#US+3R`d+JlbOXEQ4a2(lXT<*(57=_h(rl=Sa5M2c=77}wuN6;rb1PG z1D6^NBZXXR3G3J-8_rS|iSp=Y&3Q8NtH!4qGtTNp>UZW-ovw{MmbS6Gw@9FQM#30> z^~)#W!mQNV& zCC%6a$&yPZoDO3~7BP^T*mijFR4}-H?z0pt*N}m7&DKRMHp#(zmr@oY06k5{)K%>BDid!a<2{nMRzU;rvnOypv2 znZuh5@z$C${s55YH0GL22mxKByaL&U96Mn01th2hlF}>SeEz0ah#qYI@2xO)`)TpD z-TfV)tgbp`r67b~j0JZ0L6vqU$$%JY%R9IbdPPiiDii__M~1x>FJvbF z`IW;JUwFAZB&m<~5HL=pUIcYGCj({4%s`h3y!#e{v#_}(qO`{9a0k~%9@E4YhKm)s zZ-8OruN5b+*SD&thjEWF3=L|nQ!2$J;I61=lHWv?2g3X9=7(zh=Ge^kQOI?Vc;}FZ1pAS2ym-$F~O@zZz%6ToSJKEBs8Pk#BvwiPupWNS5x@sT=&eWZgvslYRI>AF>F25UAJf!=f}Rj_J(7!b{P5U7jSD_pVvfhFLfS$xpislZ3ZggdiU?uj-THGXt~$f z-!l%Bm{#o8#L|n~m6_BKm3kT1Qoo=;Ln5WP5L+(kmA;&q?Yxb=kmgm2E6ssItu$od z^P7$(^C18ZHC*eV_Z+Hb!!t+JHE=+}zY3ILI{{e>+vJc>LRKFyh*C*HAaEBeo7DaX zvv6;E9s%yNMLZt2+o-AwSQz*j8kVKRxn|`Wv<&KH6GhpTeBS_$4ZJgn9PtT&D>@Ds zs6Sqlc{(!xc~gH8HDf;P3;j8a;Q}tcBx;8USBB9uEI-!S%Gj;lp@E?>C)2Ue?G+)k z8P6V(Xsl`sz>e!d0u@MdlY}H`DQ*FM`Ow5m@YFEuwgA~mWiN9n@djW_5#55xcm6BvAHeYRVb#@P(TGkrGK?;0ec)9m&$!?8f#ISIb0v;V zHb(X(*pEkfy7so_x@~E=xuVW9*bl#>w%7%Ju6bk<=q=)V)I6DwQy*jsKvX}i!)t#5 zf(D>vHZOC)SF+SaKz?Cc05*gJX3G~tUnW@}CM!Ec`?%m|*aZRQiB5*eDUBNnCU5uL z25L}Sa65OHRx}IFlnJJC-jv@HwrU!vdy;yp)D7P8Vq_w81jO;2TO&lr>`)RKbj^t@ z_W3WjTc4rA=QBkjqJX^ZJh`6b+U66nl&xgMc70~{OXO=}u~INPwd3fB!}`ESJ;VSx z{6=Ul=`h*vfVDlI{Q-7d6qci6Sx+bg@{Cp}P(>z%=pCchY>IdfMVv-+IbZS)PzO{B zCX%YuQvipAbim9y*iSr^qzv0v6etl%h4@@Xo)pzP3lWo?xgF{eAz|XH$3Gw&B^p{fAAwS{!bh4 z9nNO_zkP>VwQJU>(9&TSwMo(1qeju9YSrGmMQloqQls{$UA1bD*pzCtHnsQO1W7(m z`upC$=lA`E-#z}KoL{;9knm7u-cha{$Tj5lC22jsK}4sXW) z0TC%t*um4ipmtGo#P)TJDPJ)Vp)5heJ#T?n*Y-kP4mNQ^X&2bXN7vh()>B{BlE<=F zdqKicJReB`Bzl=hHT)KX1@(TJcM3fO%K5zxj|M%@D@C4v6n1VJ$ddg+RrcLO!C7c+UBt*C zvdr~SI)i~+x>KZSsw;Q?E%=woljXldHASD?1ez2%@{()l4@Gb9(ekrpt#f)Eh!~-1 zXTuJLuTRrqpE@3u_ZAbM=6OHgc`~^FOc0|RDE6x+Vrt1;W&FMI5#+lozzGN;w1^8@ zdmEAO6xRYKP69!keCg%>j3}OcTX44&d1gE15S%!({a10IL?3|pqgO`|C)v1ypr?ok z(jMcV{N?hLceaCKv==yb(QLuf*$!~GI4%P}vHvdv#+(+wmyP}AltXC{$eX)3y5ae- zmpJuiDANzy?O#Q>l|F8_`}^*9YP)geQp&ip>hHOiz_|^7 z1LT10D6DDuNp8X4VmV(9a6H33aY{^%#SU{|c~-y`KW@vX&Ia!b5%2>8U$!R!97pel zKbm$P{2G6zy#y!Xh5YRVd?Sx8(C|Tg0PcV31RnelUa7F<%VEqdZioWmLP#0JuPx_Z zPLv+TG@5$&${|SSnP+#wITNTdmc?3Jy~eq~C~U=3NQ62fyb$3{W_U`^jukdW6PGYC zZe(BGq&jUaoxbN0LYP1e1rPB@+;?sRF|G?l?(UYN(C110n=|1x5olATeo)KXkK54b zFs4_l5H-yZ>DT?&zAZhDC;lqOCb)v95F(qSaAywNSG!Bhi#=C}xP%8|tzXEV;0%8n zZr|5NS77kJo>C=&oFk|nHe>+)?1G9LWa_RWLN+-#CxDYv0KaFu2^~z{@e;~?);9(} zG>!xx2w7RCyzDdDEM9h;siPFGA ze3nW(8oNFzn++UOp8;Fegf;ldD2C3uN}gbom^lCFP^RGB^(l+r#K;K>Lr;S}LDDW1 zUb?Z{(!Jp?PHi7sbB0=T^3u<$T6s`XNDZ?6$?L5eFnG+Hr5qn`mDw&oFk$ubjl^Tg zIXT*SP@rlDtt50Y!e%etbU@FaP#}phaB`h7urY#f=*qy;#(sXa;D$J#CG_DDVDZ2U zC~vyM&V`I;J_Z4UG0vFTYpQsE3-B%9VY89zpiy)M{y|>j0&a6zYkqm97r5g=p)VH5 z`nXnlC-E98gX+vbl88kJ5+tc@fwpEv*IT6eVY~;cJFvLxvIH|)K+FiZw47Q4Q>4m?QGKoSEnv|ty63@ zf5WNvipfNqn3$YXMw9&5oib%?V@uO=W{o9i>WOx0 zAltRL1UusOG&`09kllXQ$2KMPS5+(if*`2XpafQFZ1#fUVY5Np)GaMnJWaquKZ92T zms|mp3^+D+$bl6m{egk|SHr)oSCX^3!8Kv$>m$GK0am#^W^hbG_d zk;{b^Pj?JsIqIBM72H#p89JR(YA+U8`~=6nT`wCwcZ*k!0(T|f3|>7S5Z~Xt%V+3j zU)bTmAJ(9+<{IG4fjrDn2#Mu;zYKKkX*A3$+Tr3>K)|_F>YK$y;b+c5VJ0@PI2{b; z3DJG`IeUP=@@b!NWR(TRW;-BTkDhr<*%CRbIzmfs&Dk(93NKkJWVXiygT z5VA0^6-}~;{_f}#@5mwaPA)__M_8&u?miWwfw?(PZqA?%1az<`G$`_~CchQuBU%s5 zp>1s;^>Ov^%1jJ73=v31c6$Lh^1Ez_Hv=;vzQnxQ3ozHH@4?KG2_wpcrIz*w0(ri$67rD>+Pt1YU&*B zj$s^417^4x9rcOBb^s%-x-^x=Ojn3aM@%(s)lKECtNeP+b$`Y0?{47V!Exf$<)GB= z-$K&t;h|`R@%i5k1bexq;Dg~_U{Z*+_y{6YgCPJKnx<=v*sz!}sHZt2o<+3tQ}mHs}Z!qM{Rl&Eyco5}8#rRWtKcIW*`$6>*g-@!%qIqVVotfMx0d;YvH-8wt*)G zFUb}QXaV~#XaS^%pDY+W%f%w^cW=S76Ia!u&-$$WT#J<5T5hU*892F3%8}XCZ6D68 zoxIh}nHOH^t5i@|oV0a2n?;Z7oh!HH=kbE72_D^&C$$NZkpt^_BI;X#T!~)#-02?7 zbPT%=<_uTK^HaM|_Vcon{Xglvnz)+c(IdSHe}D9160h%ydsbbzLB{iK!j8163sSS}{zm2%%Gu*FlqYmtpBGFS zt=_Tn?_``jA0OT*{cCu(HrxBn%5plwtG@5eS&d?>qLIXj_2Vh2v@t8T!57tG7x`}t z^J<-h3kDv|#dDQwmhUCpGnv+#&fXca86k}hQuvkqW|XKmC#Ov|?9!$3$9PNQJ(XH7 z@BZ%rBjPq+U7Vmo&A_k5YbCZuGbY`}Qnb~kD@E!h<=dN=-)^Y8S@3-@cKE7MxT#ma zE0RhO4($$bBbV5CT%nYK$$pzm+w(2=N@eNB6->z3FlVs5S@URX{%GOFQtM_p$g`U)I}VNL5OQ1jZ# zuRwjSgKnQ)JB7h(LjKWr_^10Wqlk_z8H!iGOI~~?XswKRW%&FVGXcf5%SD$!VIbRfq z@ViXG{!2ozM!$Scy(MVpHzsO4Qp_QIm!{t?agIiYWeM@`o#;m@ayKW2Pwa8p{NlvB zoNzb*FWFbY^VuUMXX}{aG$h7d_SZQF^ZGSj`lyTRsmH`>ejv`)QX}KR7PygeG5>LQ z+m_DoBa_CRiF#rj7?6<1)>})ogFbd!?0Ma6HnZkEA64cb*ITo5&PTM*0;aX_H@4gD z3oca!$!8A z3=-x}-22egfIA!D=qXKUd z(@Y;KMOi`CUk>aB3?wZuhq>EJ7~MePmoCu#^G7Rk*>9rZdCk-@EYG?9NkN{dFXi&$ zC&ZnAy{RR)4BqD~2gVxk zb(;9nAs*rtz1Gj7Ln-`*Fd4T#I{F)(0zw;)TgJl3VOEHp&-?nZ=M zC;c=^{+jh`Xj4Fo6Z5Eua^7p5PYW6EifK+NWk%BJ)Dt*{Iwr>J89{ z$;?94sT+BC>v*`8dNN$7t}Bd(>AM!ta|ZUs5#rnGzCU;kpi2qL=Eh(=IO*q?Y(T!T3EfF_)H z9}Gf)`d0hL74)%CocVENo>D+7Ixc@bi6q?fmR@VvlPe|Bicd87mMV z6a2UYo6$#`m4pGQI*w6L=NE~ymq(XzU!1h&^WxC9yg=#0Hy$*j9r|%hb}}>UIoS|p zzM%TY?83KFOWe-f2gizM!J_BEQOPBJXWyRvjI?4YGW}_j<5ho8M|^|#-HJR1@(u?Z zFksjaP<@QaC>MLmhH@gz!OgeU{a6INBXzmBQ1Z(L(A9I{E<&_IMj2kmx8}-D9w{@% zt#E~3Qyoqyg6Wvg`1L887!7|htW=1wO$vOJyV%D>-3Pk5)t37CE)hjvfYJX;2Gf7kClr59lQhE9jgYxlU|9Of*t|~ z{s|by|BWLp9?Otc100{mA`D)LC}4{??gW+}!f@XCfTA7e(!OF1G~n|jIhRi&@#M)5 z*v$hKJoYze4z_Lt^GF-**x7!dd|nUz(rm2o+GS>vvm1{%>e^nrCOZKMN4rcIZ~>NML-v`5#f$sy9RE`V;Coha8RRr3!I*u zd*eUKBFoAVJ|@uqK#&UXX#0T7%yGF0_Yu616Wpt$k*Nw9t2MCsA6FM ztnIr-RhN;`?0i~v;rBlocFbu;)0+8|bme@z`}?JG7UeQqsZ7Tr1&d0z+F9P>@cP21 zFUcRoo$KrFRTt|n*kqbxh`f+uT!AZqH|{nz=|TTD8>G zP;dPJhM|QsYUhX@&Vg%*_DPDZi6%EbT|LdutoOJ}d)RY;G)BJO6w;l2a+q2R4>v7( z-oy!4+o?B0;EkDVIyaqAyT4a5EmdJ??fr|d-E?EBN8YbreVlV${SE)mSo{>dq>t(k zcg*xx`VZOEW4z1~?hrgO&2K@j+#Dw^C-j_tBLRX1nxq3ym3d^Tmk_H(dUu!l70S4n zU}Kqgi)LPbe5adbI%GZtJyWv#u24Pl(ptK9Dd5a~>6@z5hey9Oc--b?mz~67nxBw# z(TQl_A@vQF+TtTMn2vZ^v|$hSXV+;<-Y1$~)dY}CPt4zL6$fzG@1CPaE#BGH(V=uA zvV}Qx&Q?CTAujgD<~uLVQkNocS4OYg!J}BcgAH@B*0_9PG%@zX{vz~u^@t) ze$YDPjHe*?c-DOZ|J$x1JtB~XWVY=1{6E3`chEQZITwc?@Nfa|Xacy>ZP?PmJoU;7 zO_U`y);Hg23on0|^N_a&`IdCQP2SU6SHFZP3Hj$M0bvWn=vSHFQSk-(q0^p(ALguI zsg=-@=kbp>O=*Q`IqlBeuENkIP?c!Rnpkp0=d3a zYBOrma=h{HLk%MfrRQjM63Hs&Zjw`^)SUIM1cF`S;ehOgd{Jv>x8@?KqD+Kvi+wKs=orif{tqJ zOwLlo6vh)FV~?!8;#nETr_egOgoV_B?O_nN56n`BfhQ~O#^3ymDHA7igL9mpv%A3~ zeuUi;(YX2Vknz8M=HU)UwpCBN#^-_a2*1;{ZEDBS3ioEOBF=@gOJ_d}e8jaKcl-ai zg6ob{(2vZI-I@%*>nBJy_8L@Q$e?xJO9`7PsfUtFBJeTnhrn;p@gauWn3CqAW0V2N z{bH-b7H!Le6xYaekh3{4=O}81hVq#bmS;iteE83V|M^)T#o+Y3-hS<7J zmu1c}PU-u_6(1p&sHu8c9IRhe{P9sNjQM-un;D>9BaZmXovuw){e`mj%sQRknC*!O z^*!K7%*D_XzE{NY1CW%zFCy0Miv4r{gmnZe3A(;_<7VwS>H5Kq$Rq&E&uFl!E0K9J zz3y?*@<3lHnt#~Gsd;STcc(qMWaZkt+>azazLu$@fFypZ$~Ikz8TKc!=_`jgg;n=s z$wBtRjmZJv7*_+NCxWp1`SBuHQ%!h%1Kd}{=ZxrNXH|b)hH4H*Jx=v8llFESaNn6O z2{}SI&fmG1H>26qUudebntmnyK4Kg=&eVpXof%JnwsIbD)?d`2Y2S<@+Q#us{S_S! zy41zJ$%0o0g4a=78rP`RDF$r1B2PPVYlC{*&LM5Z3*6Frq3~_yjz9aEzMoP8-`cW~ z6Gh#Dcs5Zymyo9k{7kY%V~|f?q-#-UmpXo>>RId=!!KU0X_Dr?**e;_87>|&q}-yGSRLP$-^Zx+7*&8k`cB{5@o$Wp$ptZ5d1miW}poF%nqCZ z#BIZj{@MQ0OIYh55X&UZ3R;xDrlgI5PB%lz9$dgw@S;^!4yye{4bw6E&C;OWk8un4 zdcM>7yo5}IM;(wd$q&I$HJZh<)R{Qltm>l@eDw9@Mm#^^rjA9E6wx?y2c8@ETcIK_ zE4^MOyk2qH?AtWGAyyMXh`&%MC4u+ya9$oDZgY{GAZ|pCfq~75sLhGe&HXI`8=35` z2nEL+g)$1dy!Xw9DYV|O8O6uSsha{&#RoLqGT2JbVA)Y=49OPZ^RKMNf{#^~RzSD+ zR~5S3Xz%zBp`eZe$0LLs2CrSfh#nlw53K^LV&}R8_)y=AF(`zsR{JN*@K@h*A;UpD z(`#r8*a4MShkjhE;)7V*Jc6Ln(jTHY#cG@ev5Aca| zdN6h)3`wga5J;KIybYtgfxgOZ#pat$`Js_Q8~{#dR|*=Q9^ldh>Wh&6c?tcn&|zpO zw$31k3U>eg?=TJ>5*6>q5gLBL;Lc}5TIZEZXk99>RzQ2x>7d{|O59M|_eVQs%44?muA z7AyBZh0IV%ZvK52_Ii*Y1wj*@{;Nnl<{V$!=<~jekpqc>;ZR|Z6V6GxIESD93)&1nFPwd? zE~47(;^uq$M;A2#`)wuYea!lkx>)0BN<8m`Ada?Pq*X?qy47)iR>%6UX0WR$=yXb3 zL&cJsgW!xerQlH;ou7Pb{+j^JrIC)3=r2A z#YPGFMVx-gw+gKBr~3Ojfco;>9;f#5C%^w>7dm;LE*T0~VhdQ>cKdV(Rc==x_=Y=y zf7j|E2&X^+SDZFS2)I#TSdxBCZJe6eyzF7Ch5gpjxMBejXQRAoUD9RKx-OzIg7J3t zr<)Uua_KLyd1H{Nqn!QGN8Aj>zgg?2HBt-p4{ch?TI4Gt>g(V7s1Waoom}UNP~7i4 zJ)Yb3-|StIYN;K=ls|A+<}ne{P;ghfdRu($X+5Ce2$Z!k#aX;Y=lSmxJ5g&euOCxP#IbjRcClV zbdbNL*Z6+Z{ji%_rJw&^OU)6~o~S;;$JOedcGjx#kjPf%PE^j{0p?ppxs(seU9q3H znRv@R#x&^SUR-5fc)sKw>g20}rD2HlybBPULO1ow_0WAOb_qR@8}*MranN{G#k<@X z;z2dsa5wX!OGRdNCwv!5?UuPZ-^z0EP|R<=yF$Y8>x*{KT{m(Tr$51VN{@j2WQlYj zh3o@aYMQvE{~yJu&G%0+#@5(;*DA*;#@o;SmtrLD6yZm6{$Gl562jG|lPbfH5dH-1u*blC{?rvU!Bkdbws^8FWb)~np0uiG zl9OiCf2xb*N7Wn#l8-!RY74`ev|>b*iBC*;Ckwzj<4FVYUMFNaNE~RHr{-D{U%1tv zKcV1-zxAm6?+F%ZZ`@6EaY1LVzrcAMTy1UQe)lCD8+6c9gKE+u6x@{f3P7q|prg@# zX#svJB#m^M)ab=lr~YZYvk}2gQRnSFZ6b%OKQ`|k5R8{uyn1&_P_{6y7;pR!u~Q4p zYv)iU=g=Qj6~f9!O+>|C0*Aj#gcf$A?U=ZVee2fKtY<6X2{zEdsJ9R%rU;KB*RuKG z^ABoSYIVJ51Y9K%3nX{mXJF4amvOOZfoa&FnIyu(ZV-sbBn|=(4VDvxHg3JgE%tMc z&&t(sdWx?U3Kx&KOdT4zDtbn6cYVfbFvRJiQ*{lfc2Gc60^$> zDZ~sGO~J4Ds9;zBp2Df639FloyldsIW(h;tWGR9P`u|Z={#I`;u5>w`xR0ao28G^lMUa=|gV+VfhkLMz0pm`W9I+n0WuzpRnVIsY@Y)r)|HMJp33FOyw$vL~Dp9@jKODex11LZRET|Cgdt z))VqbteM$pOi2F!D5{5XicND(e@a$58SJBK`-kQ;enyAETeTQNOPHKL2rLiIWF?&a zFG(f({F2m|yfxeUp`1@!M^)eUb7o|}UIL43#Ymhj!+MI5mGG8a@@VdOo8`^5tG;_} zfnHz2FS8}h|0rzWIij?p`#^dY6>fo2HUYW{BlG!xi^8oWha~C8;Fj+*Tb?jBH4RkH zYc`MAM=74RStM;$9Uec6+Y^bb0B@!=6Ew;FX&QBRK-~Yx^-?MK!8tBL_zWn}aB_3p z7_)eKK8@*YD@YJ-Kc8Q_n(sI@jTIBeb{ta0!d=jawB_tKPpmi3sLW?H655Ab+t05H z-4oUDPsjoIeOckXi)FpI%|z@=&-nzrajuoz(jHs1esGyhh?(!@&+)X;_ylXsY_nKL6Rue?5^r7d`F1x}4J2~1fm@P^?A4^8;!y&a z5cW@;0Joqx7}b3QkUx$JoOdS(_3&)o`EbKp8|m(NYW|q7P3t&*N2V{ZlB#bm?>^I8 zSjzH%iTQS$*G=a8^pFC4B5ryJAzltUgpOcRLG*3kr{kvXQ+?ZYt3`WdDeE=XKfk!_ zSHF+^nxS(L5?t!bSC`$lYKq9+XT}RY5B(TD)civvbE__sD6#z@WKxSrWRoKuz3{#d ze(}ntuNa$6pMc)KAFDGP)zY3BDkuF}ou~qAHMYeA3RH!w@*m({Lz<#Ty^rgI_MVm` zjl+5t(kj@^oV$%$G9~gW4eU}LHn&Ecy)^y1N_{_aooKR?j~9-+!_lX0OB{6}V0I(b<*aa{PJ4bX*f2{U{ra*@(BC+_`ZvK3?;h7?yPdSj(k_BMdy{SqxE;e? zFapj?n_jQOs;n>D)~Q~B*%RJ2Y)JMz$qKlM!*{cT=oz(x^Q5K5%;01bigY~lhBvDf zv;5!t!(CaP^lYaukfzu!r|C)1h2QYIva9!hOcPrV@Ga~#W3&%pZHtj8DAfThKb{#} z%YoWpa!(mz0@r^-kX=z?xFgT&kFWh9j+Y&+&D|&Xjuj7murNjXx)KsHc2d_D)*(6k z4Z7e;%p8GR{l{n-@6ft)*_})gX7ocHdf+U^06O@+12;x-h=Jp>lGPIf zUt99nAkyMmdjIqhP&omSNyXm#~0n-o)zYg&AM0yU_E| zLzxAiP{iv$Qupdpr|S=$<)^K4&sFPx@2?R`IS=l5_)W;8=QXYas{bQ{z!o_-;d~O` z0j?6n3xNMe`<40RsW)mI!ydBA`0)fq_pcYq(GVt9zW)5hQuAL1py)UHp-7SWO9an# zaV%8B{pq}*4O)rrt?sPrtwFIN&WD+c+lUuz``{rj%Rd-?3Ot6ej3%&B)?Lg=sM7~D zsa%-uL2BeG5oPx}oFAK@dxsv&VnKJp4Kt5BH0=}R%f+T&N5koKa9?l~5}%8(vVFw+ z@*B@Fql+YI?l9T)V#Un&?Lu74-w25&1CtZY#)`ks@AJMX?B-@*HTt>6M_fQLTPrnL zeVufiGiVAu6Zqc!fL-poo>pLzw!2T?Lb2orc`EUA@)t^XYrlmE5D&fQX}!LDrg)Zc ztIB=3#hLbT<$SZbc%cJkpdI>$rTRr4y;m|3%JWIjABV?~Wg*mv=w0na`zb#S`i6!# zw_*-7)|MxOi(I~jvin6#+#k6EumPM6N^QxCrZJz(N#!T-OVolQpQ{bzamm|K(|IzK zCC~|XAoz!-khFZ)-#;eS^1}!SXA-?}*a)CWyfmd9Oy96I7f&p)zR;hBl1^uVEDD-y}SN$H4f5(74mI(7yenT>+ zA$Z#c8r|M5);3g|(&$q|F^xtVdv{c{1q4VscwCREqTZ@)10H2x=fv?Tx!%Tt#Ivy6 zNF7U?jUVZ~56jvj%>=oRjw}+);=dl(CCyciPetq*P3$yO2^A@4p!+U{d{|FSzY!~A zF}b(Eaud-!=<>(`xU{JZ{Lwfg^L)K>JNwu9?LS%C$M!dzlkph!>n2=pH$JO4v*14$ zLrx1?TcDVx^}?U4x|%ea-Ci1kA0nzD*nk4@eWb6)?{aBz|ak95IBDe)F14tJKT%b&TfQx%nv0!iQNY?;k z>dCwTLN{>g7OD8&aRDYnopIDTQBV1$SF7R%gt?i$sE~ zm&w_RI1D8xzXSUpx!MVFAABmSZw5|@n=yqD|dsQ@hw!oioZ*w*+K#N5K>&h{1hgHF=B)` z%4DCDJm3zb)U8M?p^O^6uCl73;;*Ta`8ymxJIcJkxcu3K;GAHR3We%B$(qva;~lfQ z2JwaIY%W@9VijC~_9pEmtQL&`=7=yp%ozozk6A(vt z`i{F+N9&{bg{k2pZupC}8lo4C_IA+i2e`t=h&bmV$lu&If~fkN6UV{y0)t7PJ;RF< zZqCK0`>%sks@QDFxjS@(+L?95nz>q8A;P;P@B4tU)o*ft+so$-f9cPSbkYIRqY(`s zsZsxT0l#8RH4tY`HP@Gc%>}p3Z?sjBi+0wObSs>+r{Aw_w@!Lv?cqKU*p&N%aKT@tF@WF<%Z>T*S zoX;lxEq&#DiN|C6AKF?V|Btr*G=hqyuU_u1TG4%T*RE_aq=Op%ciAWFU)g6(b^pK0 zKJexXANO>=nn6F5(^1Uk)=^v;3z{+3pLZ~jPCnC|A!_wB%-@W-e|G)h~2n)_15Ytb+Rj%oC!T7}S6}8daT25SlVVr_c3P!(8>J=7pTnR^R zpID^zT&(I(eRvzs}i_&3#0Gy3!Ht-UV$|vq4N9|xOd1F z`Qz$a*%IiP|BA7`tsJ?wcleoG(j99$1lulQ8aNRs*1)n{$a-N-MuIP?^5bt~l@6UA z^uaS6$1eo(Q9*Kq8|T@n@c9a|@fe>IMqc*nvBEi%chb?(AK#5CQQhHtL$LA;LV4U= z4m|}O`mTJ6@t?EH2;GC(FwK=Mdtw~=RC@tvQ$PDw$@>~7^5kHDHqNv%5v~9Ym~!(w z6uYqwbT1Y@if6B$^PSDDGrU79`_dJbRSpyHy|<}X@AJM}w~pHQYkcGJ4SA1_CFGUo zw?uXx#I&11p=?WQb3T6U2C=9H<05($v5Bdll9v1Cl~Z%d$q z2=v0tFQX6^&A2)--O?4{n=Ex}M{B*mSl%T3MWv_R1De0TnMwf@E2r>zpMxgxYt-(upIsVQ=nhnfYL?mfNcFalVWhJhay&fVjhJ;$G5@L>oUWdY{$MZPE_ zpUK707wUw{R{qC)JLYJzpILDmUmPUpy#(V4-ca4TYvGk+F5KB0K;95dCw@()VF^64 zbUz?@-HbtQ!(+{GyDh28!94EMeY#+*AsdHLKm7#i?d$^}Slqu`!g-(WE1X?CV~1#} zKt}Ckl_5F7+*tT=OIpw3T|Yt)w`dp)h>u{sxHg1vG=#H#Qzg(XSdIunuXhNaA^l*x zk&liWzMX_v796LQ(rC4%HkuQeGQtv@g1-6=AWZ3s%}y`VeS^7m2mUp5GOR}kySd7N zUs<+~Q2V&%?+*C_@023!?j)A|1w8AcgSUp9wL0aj4wmrAh7s5#=aEOIX;9ohj z>YM^uD}I-826mQa7_Sw9jYla8?x2*&9z}MAgpOf_H99~_S>7;kro$QP@_?nUa5}Ps zCy({JUs=@!frIYiC9pam5s!+axWF}#2Epg2E_t^XzShED%0d89=>=@|#OpQ0PztPX z1MzQ**Z!sK7(@^z`~Fpt1H}UNF>DxBk>ZIhU?s=?C*EE}Y~g;#4!nUm*5~UAJ!_nC YHRPNa|GyuSxS_b%(!o-QAu;6t0cE1thyVZp diff --git a/tpot/host/etc/dialogrc b/tpot/host/etc/dialogrc deleted file mode 100644 index bb53e1b8..00000000 --- a/tpot/host/etc/dialogrc +++ /dev/null @@ -1,144 +0,0 @@ -# -# Run-time configuration file for dialog -# -# Automatically generated by "dialog --create-rc " -# -# -# Types of values: -# -# Number - -# String - "string" -# Boolean - -# Attribute - (foreground,background,highlight?) - -# Set aspect-ration. -aspect = 0 - -# Set separator (for multiple widgets output). -separate_widget = "" - -# Set tab-length (for textbox tab-conversion). -tab_len = 0 - -# Make tab-traversal for checklist, etc., include the list. -visit_items = OFF - -# Shadow dialog boxes? This also turns on color. -use_shadow = ON - -# Turn color support ON or OFF -use_colors = ON - -# Screen color -screen_color = (WHITE,MAGENTA,ON) - -# Shadow color -shadow_color = (BLACK,BLACK,ON) - -# Dialog box color -dialog_color = (BLACK,WHITE,OFF) - -# Dialog box title color -title_color = (MAGENTA,WHITE,OFF) - -# Dialog box border color -border_color = (WHITE,WHITE,ON) - -# Active button color -button_active_color = (WHITE,MAGENTA,OFF) - -# Inactive button color -button_inactive_color = dialog_color - -# Active button key color -button_key_active_color = button_active_color - -# Inactive button key color -button_key_inactive_color = (RED,WHITE,OFF) - -# Active button label color -button_label_active_color = (YELLOW,MAGENTA,ON) - -# Inactive button label color -button_label_inactive_color = (BLACK,WHITE,OFF) - -# Input box color -inputbox_color = dialog_color - -# Input box border color -inputbox_border_color = dialog_color - -# Search box color -searchbox_color = dialog_color - -# Search box title color -searchbox_title_color = title_color - -# Search box border color -searchbox_border_color = border_color - -# File position indicator color -position_indicator_color = title_color - -# Menu box color -menubox_color = dialog_color - -# Menu box border color -menubox_border_color = border_color - -# Item color -item_color = dialog_color - -# Selected item color -item_selected_color = button_active_color - -# Tag color -tag_color = title_color - -# Selected tag color -tag_selected_color = button_label_active_color - -# Tag key color -tag_key_color = button_key_inactive_color - -# Selected tag key color -tag_key_selected_color = (RED,MAGENTA,ON) - -# Check box color -check_color = dialog_color - -# Selected check box color -check_selected_color = button_active_color - -# Up arrow color -uarrow_color = (MAGENTA,WHITE,ON) - -# Down arrow color -darrow_color = uarrow_color - -# Item help-text color -itemhelp_color = (WHITE,BLACK,OFF) - -# Active form text color -form_active_text_color = button_active_color - -# Form text color -form_text_color = (WHITE,CYAN,ON) - -# Readonly form item color -form_item_readonly_color = (CYAN,WHITE,ON) - -# Dialog box gauge color -gauge_color = title_color - -# Dialog box border2 color -border2_color = dialog_color - -# Input box border2 color -inputbox_border2_color = dialog_color - -# Search box border2 color -searchbox_border2_color = dialog_color - -# Menu box border2 color -menubox_border2_color = dialog_color diff --git a/tpot/host/etc/issue b/tpot/host/etc/issue deleted file mode 100644 index 30dc8604..00000000 --- a/tpot/host/etc/issue +++ /dev/null @@ -1,20 +0,0 @@ - -┌──────────────────────────────────────────────┐ -│ _____ ____ _ _ _____ _ ___ │ -│|_ _| | _ \\ ___ | |_ / |___ / |/ _ \\ │ -│ | |_____| |_) / _ \\| __| | | / /| | | | |│ -│ | |_____| __/ (_) | |_ | | / /_| | |_| |│ -│ |_| |_| \\___/ \\__| |_|/_/(_)_|\\___/ │ -│ │ -└──────────────────────────────────────────────┘ - - -,---- [ \n ] [ \d ] [ \t ] -| -| IP: -| SSH: -| WEB: -| -`---- - - diff --git a/tpot/host/etc/nginx/nginx.conf b/tpot/host/etc/nginx/nginx.conf deleted file mode 100644 index 2e3e786e..00000000 --- a/tpot/host/etc/nginx/nginx.conf +++ /dev/null @@ -1,96 +0,0 @@ -user www-data; -worker_processes auto; -pid /run/nginx.pid; - -events { - worker_connections 768; - # multi_accept on; -} - -http { - - ## - # Basic Settings - ## - - sendfile on; - tcp_nopush on; - tcp_nodelay on; - keepalive_timeout 65; - types_hash_max_size 2048; - # server_tokens off; - - # server_names_hash_bucket_size 64; - # server_name_in_redirect off; - - include /etc/nginx/mime.types; - default_type application/octet-stream; - - ## - # SSL Settings - ## - - ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE - ssl_prefer_server_ciphers on; - - ## - # Logging Settings - ## - - log_format le_json '{ "timestamp": "$time_iso8601", ' - '"src_ip": "$remote_addr", ' - '"remote_user": "$remote_user", ' - '"body_bytes_sent": "$body_bytes_sent", ' - '"request_time": "$request_time", ' - '"status": "$status", ' - '"request": "$request", ' - '"request_method": "$request_method", ' - '"http_referrer": "$http_referer", ' - '"http_user_agent": "$http_user_agent" }'; - - access_log /var/log/nginx/access.log le_json; - error_log /var/log/nginx/error.log; - - ## - # Gzip Settings - ## - - gzip on; - gzip_disable "msie6"; - - # gzip_vary on; - # gzip_proxied any; - # gzip_comp_level 6; - # gzip_buffers 16 8k; - # gzip_http_version 1.1; - # gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript; - - ## - # Virtual Host Configs - ## - - include /etc/nginx/conf.d/*.conf; - include /etc/nginx/sites-enabled/*; -} - - -#mail { -# # See sample authentication script at: -# # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript -# -# # auth_http localhost/auth.php; -# # pop3_capabilities "TOP" "USER"; -# # imap_capabilities "IMAP4rev1" "UIDPLUS"; -# -# server { -# listen localhost:110; -# protocol pop3; -# proxy on; -# } -# -# server { -# listen localhost:143; -# protocol imap; -# proxy on; -# } -#} diff --git a/tpot/host/etc/nginx/ssl/dhparam4096.pem b/tpot/host/etc/nginx/ssl/dhparam4096.pem deleted file mode 100644 index 78cbf6d7..00000000 --- a/tpot/host/etc/nginx/ssl/dhparam4096.pem +++ /dev/null @@ -1,13 +0,0 @@ ------BEGIN DH PARAMETERS----- -MIICCAKCAgEAiHmfakVLOStSULBdaTbZY/zeFyEeQ19GY9Z5CJg06dIIgIzhxk9L -4xsQdQk8giKOjP6SfX0ZgF5CYaurQ3ljYlP0UlAQQo9+fEErbqj3hCzAxtIpd6Yj -SV6zFdnSjwxWuKAPPywiQNljnHH+Y1KBdbl5VQ9gC3ehtaLo1A4y8q96f6fC5rGU -nfgw4lTxLvPD7NwaOdFTCyK8tTxvUGNJIvf7805IxZ0BvAiBuVaXStaMcqf5BHLP -fYpvIiVaCrtto4elu18nL0tf2CN5n9ai4hlr0nPmNrE/Zrrur78Re5F4Ien9kr4d -xabXvVJJQa9j2NdQO7vk7Cz/dAIiqt/1XKFhll4TTYBqrFVXIwF+FNx636zyOjcO -nlZk/V+IL/UTPnZOv2PGt5+WetvJJubi6B9XgOgVLduI07woAp5qnRJJt6fJW1aA -M86By6WLy5P31Py6eFj8nYgj1V703XgQ5lESKYpeVgqA0bh7daNzOCoGQvvUKlTP -RTu6fs7clw5ta4yYUyvuIKTngH5yGBNdTuP0GWo6Y+Dy1BctVwl2xSw+FhYeuIf/ -EB2A3129H59HhbWyNH337+1dfntHfQRXBsT0YSyDxPurI5/FNGcmw+GZEYk4BB8j -g7TwH3GBjbKnjnr7SnhanqmWgybgQw6oR9gDC399eR4LiOk9sbxpX1MCAQI= ------END DH PARAMETERS----- diff --git a/tpot/host/etc/nginx/ssl/gen-cert.sh b/tpot/host/etc/nginx/ssl/gen-cert.sh deleted file mode 100755 index 388e51ee..00000000 --- a/tpot/host/etc/nginx/ssl/gen-cert.sh +++ /dev/null @@ -1,12 +0,0 @@ -#!/bin/bash - -# Got root? -myWHOAMI=$(whoami) -if [ "$myWHOAMI" != "root" ] - then - echo "Need to run as root ..." - exit -fi - -openssl req -nodes -x509 -sha512 -newkey rsa:8192 -keyout "nginx.key" -out "nginx.crt" -days 3650 - diff --git a/tpot/host/etc/nginx/ssl/gen-dhparam.sh b/tpot/host/etc/nginx/ssl/gen-dhparam.sh deleted file mode 100755 index b4af43e6..00000000 --- a/tpot/host/etc/nginx/ssl/gen-dhparam.sh +++ /dev/null @@ -1,16 +0,0 @@ -#!/bin/bash - -# Got root? -myWHOAMI=$(whoami) -if [ "$myWHOAMI" != "root" ] - then - echo "Need to run as root ..." - exit -fi - -if [ "$1" = "2048" ] || [ "$1" = "4096" ] || [ "$1" = "8192" ] - then - openssl dhparam -outform PEM -out dhparam$1.pem $1 - else - echo "Usage: ./gen-dhparam [2048, 4096, 8192]..." -fi diff --git a/tpot/host/etc/nginx/tpotweb.conf b/tpot/host/etc/nginx/tpotweb.conf deleted file mode 100644 index 00eb95ee..00000000 --- a/tpot/host/etc/nginx/tpotweb.conf +++ /dev/null @@ -1,155 +0,0 @@ -############################################ -### NGINX T-Pot configuration file by mo ### -############################################ - -################################### -### Allow for 60 reloads per minute -################################### -limit_req_zone $binary_remote_addr zone=base:1m rate=1r/s; - -server { - - ######################### - ### Basic server settings - ######################### - listen 64297 ssl http2; - index tpotweb.html; - ssl_protocols TLSv1.2; - server_name example.com; - error_page 300 301 302 400 401 402 403 404 500 501 502 503 504 /error.html; - - - ############################################## - ### Remove version number add different header - ############################################## - server_tokens off; - more_set_headers 'Server: apache'; - - - ############################################## - ### SSL settings and Cipher Suites - ############################################## - ssl_certificate /etc/nginx/ssl/nginx.crt; - ssl_certificate_key /etc/nginx/ssl/nginx.key; - - ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH:!DHE:!SHA:!SHA256'; - ssl_ecdh_curve secp384r1; - ssl_dhparam /etc/nginx/ssl/dhparam4096.pem; - - ssl_prefer_server_ciphers on; - ssl_session_cache shared:SSL:10m; - - - #################################### - ### OWASP recommendations / settings - #################################### - - ### Size Limits & Buffer Overflows - ### the size may be configured based on the needs. - client_body_buffer_size 100K; - client_header_buffer_size 1k; - client_max_body_size 100k; - large_client_header_buffers 2 1k; - - ### Mitigate Slow HHTP DoS Attack - ### Timeouts definition ## - client_body_timeout 10; - client_header_timeout 10; - keepalive_timeout 5 5; - send_timeout 10; - - ### X-Frame-Options is to prevent from clickJacking attack - add_header X-Frame-Options SAMEORIGIN; - - ### disable content-type sniffing on some browsers. - add_header X-Content-Type-Options nosniff; - - ### This header enables the Cross-site scripting (XSS) filter - add_header X-XSS-Protection "1; mode=block"; - - ### This will enforce HTTP browsing into HTTPS and avoid ssl stripping attack - add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;"; - - - ################################## - ### Restrict access and basic auth - ################################## - - # satisfy all; - satisfy any; - - # allow 10.0.0.0/8; - # allow 172.16.0.0/12; - # allow 192.168.0.0/16; - allow 127.0.0.1; - allow ::1; - deny all; - - auth_basic "closed site"; - auth_basic_user_file /etc/nginx/nginxpasswd; - - - ############################## - ### Limit brute-force attempts - ############################## - location = / { - limit_req zone=base burst=1 nodelay; - } - - - ################# - ### Proxied sites - ################# - - ### Kibana - location /kibana/ { - proxy_pass http://localhost:64296; - rewrite /kibana/(.*)$ /$1 break; - } - - ### ES - location /es/ { - proxy_pass http://localhost:64298/; - rewrite /es/(.*)$ /$1 break; - } - - ### head standalone - location /myhead/ { - proxy_pass http://localhost:64302/; - rewrite /myhead/(.*)$ /$1 break; - } - - ### portainer - location /ui { - proxy_pass http://127.0.0.1:64299; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection $http_connection; - proxy_set_header Host $host; - proxy_redirect off; - rewrite /ui/(.*)$ /$1 break; - } - ### web tty - location /wetty { - proxy_pass http://127.0.0.1:64300/wetty; - } - - ### netdata - location /netdata/ { - proxy_pass http://localhost:64301; - rewrite /netdata/(.*)$ /$1 break; - } - - ### spiderfoot - location /spiderfoot { - proxy_pass http://127.0.0.1:64303; - } - - location /static { - proxy_pass http://127.0.0.1:64303/spiderfoot/static; - } - - location /scanviz { - proxy_pass http://127.0.0.1:64303/spiderfoot/scanviz; - } -} diff --git a/tpot/host/etc/rc.local b/tpot/host/etc/rc.local deleted file mode 100755 index 06bd9865..00000000 --- a/tpot/host/etc/rc.local +++ /dev/null @@ -1,2 +0,0 @@ -#!/bin/bash -exit 0 diff --git a/tpot/host/etc/systemd/tpot.service b/tpot/host/etc/systemd/tpot.service deleted file mode 100644 index 7c4a43a5..00000000 --- a/tpot/host/etc/systemd/tpot.service +++ /dev/null @@ -1,57 +0,0 @@ -[Unit] -Description=tpot -Requires=docker.service -After=docker.service - -[Service] -Restart=always -RestartSec=5 - -# Get and set internal, external IP infos, but ignore errors -ExecStartPre=-/usr/share/tpot/bin/updateip.sh - -# Clear state or if persistence is enabled rotate and compress logs from /data -ExecStartPre=-/bin/bash -c '/usr/share/tpot/bin/clean.sh on' - -# Remove old containers, images and volumes -ExecStartPre=-/usr/local/bin/docker-compose -f /etc/tpot/tpot.yml down -v -ExecStartPre=-/usr/local/bin/docker-compose -f /etc/tpot/tpot.yml rm -v -ExecStartPre=-/bin/bash -c 'docker volume rm $(docker volume ls -q)' -ExecStartPre=-/bin/bash -c 'docker rm -v $(docker ps -aq)' -ExecStartPre=-/bin/bash -c 'docker rmi $(docker images | grep "" | awk \'{print $3}\')' - -# Get IF, disable offloading, enable promiscious mode for p0f and suricata -ExecStartPre=/bin/bash -c '/sbin/ethtool --offload $(/sbin/ip address | grep "^2: " | awk \'{ print $2 }\' | tr -d [:punct:]) rx off tx off' -ExecStartPre=/bin/bash -c '/sbin/ethtool -K $(/sbin/ip address | grep "^2: " | awk \'{ print $2 }\' | tr -d [:punct:]) gso off gro off' -ExecStartPre=/bin/bash -c '/sbin/ip link set $(/sbin/ip address | grep "^2: " | awk \'{ print $2 }\' | tr -d [:punct:]) promisc on' - -# Modify access rights on docker.sock for netdata -ExecStartPre=-/bin/chmod 666 /var/run/docker.sock - -# Set iptables accept rules to avoid forwarding to honeytrap / NFQUEUE -# Forward all other connections to honeytrap / NFQUEUE -ExecStartPre=/sbin/iptables -w -A INPUT -s 127.0.0.1 -j ACCEPT -ExecStartPre=/sbin/iptables -w -A INPUT -d 127.0.0.1 -j ACCEPT -ExecStartPre=/sbin/iptables -w -A INPUT -p tcp -m multiport --dports 64295:64303,7634 -j ACCEPT -ExecStartPre=/sbin/iptables -w -A INPUT -p tcp -m multiport --dports 20:23,25,42,69,80,135,443,445,1433,1723,1883,1900 -j ACCEPT -ExecStartPre=/sbin/iptables -w -A INPUT -p tcp -m multiport --dports 3306,3389,5060,5061,5601,5900,27017 -j ACCEPT -ExecStartPre=/sbin/iptables -w -A INPUT -p tcp -m multiport --dports 1025,50100,8080,8081,9200 -j ACCEPT -ExecStartPre=/sbin/iptables -w -A INPUT -p tcp --syn -m state --state NEW -j NFQUEUE - -# Compose T-Pot up -ExecStart=/usr/local/bin/docker-compose -f /etc/tpot/tpot.yml up --no-color - -# Compose T-Pot down, remove containers and volumes -ExecStop=/usr/local/bin/docker-compose -f /etc/tpot/tpot.yml down -v - -# Remove only previously set iptables rules -ExecStopPost=/sbin/iptables -w -D INPUT -s 127.0.0.1 -j ACCEPT -ExecStopPost=/sbin/iptables -w -D INPUT -d 127.0.0.1 -j ACCEPT -ExecStopPost=/sbin/iptables -w -D INPUT -p tcp -m multiport --dports 64295:64303,7634 -j ACCEPT -ExecStopPost=/sbin/iptables -w -D INPUT -p tcp -m multiport --dports 20:23,25,42,69,80,135,443,445,1433,1723,1883,1900 -j ACCEPT -ExecStopPost=/sbin/iptables -w -D INPUT -p tcp -m multiport --dports 3306,3389,5060,5061,5601,5900,27017 -j ACCEPT -ExecStopPost=/sbin/iptables -w -D INPUT -p tcp -m multiport --dports 1025,50100,8080,8081,9200 -j ACCEPT -ExecStopPost=/sbin/iptables -w -D INPUT -p tcp --syn -m state --state NEW -j NFQUEUE - -[Install] -WantedBy=multi-user.target diff --git a/tpot/host/etc/systemd/wetty.service b/tpot/host/etc/systemd/wetty.service deleted file mode 100644 index 5f6b9717..00000000 --- a/tpot/host/etc/systemd/wetty.service +++ /dev/null @@ -1,13 +0,0 @@ -[Unit] -Description=wetty -Requires=sshd.service -After=sshd.service - -[Service] -Restart=always -User=tsec -Group=tsec -ExecStart=/usr/bin/node /usr/local/lib/node_modules/wetty/app.js -p 64300 --host 127.0.0.1 --sshhost 127.0.0.1 --sshport 64295 - -[Install] -WantedBy=multi-user.target diff --git a/tpot/host/usr/share/dict/a.txt b/tpot/host/usr/share/dict/a.txt deleted file mode 100644 index a663034c..00000000 --- a/tpot/host/usr/share/dict/a.txt +++ /dev/null @@ -1,1466 +0,0 @@ -average -big -colossal -fat -giant -gigantic -great -huge -immense -large -little -long -mammoth -massive -miniature -petite -puny -short -small -tall -tiny -boiling -breezy -broken -bumpy -chilly -cold -cool -creepy -crooked -cuddly -curly -damaged -damp -dirty -dry -dusty -filthy -flaky -fluffy -wet -broad -chubby -crooked -curved -deep -flat -high -hollow -low -narrow -round -shallow -skinny -square -steep -straight -wide -ancient -brief -early -fast -late -long -modern -old -oldfashioned -quick -rapid -short -slow -swift -young -abundant -empty -few -heavy -light -many -numerous -Sound -cooing -deafening -faint -harsh -highpitched -hissing -hushed -husky -loud -melodic -moaning -mute -noisy -purring -quiet -raspy -resonant -screeching -shrill -silent -soft -squealing -thundering -voiceless -whispering -bitter -delicious -fresh -juicy -ripe -rotten -salty -sour -spicy -stale -sticky -strong -sweet -tasteless -tasty -thirsty -fluttering -fuzzy -greasy -grubby -hard -hot -icy -loose -melted -plastic -prickly -rainy -rough -scattered -shaggy -shaky -sharp -shivering -silky -slimy -slippery -smooth -soft -solid -steady -sticky -tender -tight -uneven -weak -wet -wooden -afraid -angry -annoyed -anxious -arrogant -ashamed -awful -bad -bewildered -bored -combative -condemned -confused -creepy -cruel -dangerous -defeated -defiant -depressed -disgusted -disturbed -eerie -embarrassed -envious -evil -fierce -foolish -frantic -frightened -grieving -helpless -homeless -hungry -hurt -ill -jealous -lonely -mysterious -naughty -nervous -obnoxious -outrageous -panicky -repulsive -scary -scornful -selfish -sore -tense -terrible -thoughtless -tired -troubled -upset -uptight -weary -wicked -worried -agreeable -amused -brave -calm -charming -cheerful -comfortable -cooperative -courageous -delightful -determined -eager -elated -enchanting -encouraging -energetic -enthusiastic -excited -exuberant -fair -faithful -fantastic -fine -friendly -funny -gentle -glorious -good -happy -healthy -helpful -hilarious -jolly -joyous -kind -lively -lovely -lucky -obedient -perfect -pleasant -proud -relieved -silly -smiling -splendid -successful -thoughtful -victorious -vivacious -witty -wonderful -zealous -zany -other -good -new -old -great -high -small -different -large -local -social -important -long -young -national -british -right -early -possible -big -little -political -able -late -general -full -far -low -public -available -bad -main -sure -clear -major -economic -only -likely -real -black -particular -international -special -difficult -certain -open -whole -white -free -short -easy -strong -european -central -similar -human -common -necessary -single -personal -hard -private -poor -financial -wide -foreign -simple -recent -concerned -american -various -close -fine -english -wrong -present -royal -natural -individual -nice -french -following -current -modern -labour -legal -happy -final -red -normal -serious -previous -total -prime -significant -industrial -sorry -dead -specific -appropriate -top -soviet -basic -military -original -successful -aware -hon -popular -heavy -professional -direct -dark -cold -ready -green -useful -effective -western -traditional -scottish -german -independent -deep -interesting -considerable -involved -physical -left -hot -existing -responsible -complete -medical -blue -extra -past -male -interested -fair -essential -beautiful -civil -primary -obvious -future -environmental -positive -senior -nuclear -annual -relevant -huge -rich -commercial -safe -regional -practical -official -separate -key -chief -regular -due -additional -active -powerful -complex -standard -impossible -light -warm -middle -fresh -sexual -front -domestic -actual -united -technical -ordinary -cheap -strange -internal -excellent -quiet -soft -potential -northern -religious -quick -very -famous -cultural -proper -broad -joint -formal -limited -conservative -lovely -usual -ltd -unable -rural -initial -substantial -christian -bright -average -leading -reasonable -immediate -suitable -equal -detailed -working -overall -female -afraid -democratic -growing -sufficient -scientific -eastern -correct -inc -irish -expensive -educational -mental -dangerous -critical -increased -familiar -unlikely -double -perfect -slow -tiny -dry -historical -thin -daily -southern -increasing -wild -alone -urban -empty -married -narrow -liberal -supposed -upper -apparent -tall -busy -bloody -prepared -russian -moral -careful -clean -attractive -japanese -vital -thick -alternative -fast -ancient -elderly -rare -external -capable -brief -wonderful -grand -typical -entire -grey -constant -vast -surprised -ideal -terrible -academic -funny -minor -pleased -severe -ill -corporate -negative -permanent -weak -brown -fundamental -odd -crucial -inner -used -criminal -contemporary -sharp -sick -near -roman -massive -unique -secondary -parliamentary -african -unknown -subsequent -angry -alive -guilty -lucky -enormous -well -communist -yellow -unusual -net -longterm -tough -dear -extensive -glad -remaining -agricultural -alright -healthy -italian -principal -tired -efficient -comfortable -chinese -relative -friendly -conventional -willing -sudden -proposed -voluntary -slight -valuable -dramatic -golden -temporary -federal -keen -flat -silent -indian -videotaped -worried -pale -statutory -welsh -dependent -firm -wet -competitive -armed -radical -outside -acceptable -sensitive -living -pure -global -emotional -sad -secret -rapid -adequate -fixed -sweet -administrative -wooden -remarkable -comprehensive -surprising -solid -rough -mere -mass -brilliant -maximum -absolute -tory -electronic -visual -electric -cool -spanish -literary -continuing -supreme -chemical -genuine -exciting -written -stupid -advanced -extreme -classical -fit -favourite -socialist -widespread -confident -straight -catholic -proud -numerous -opposite -distinct -mad -helpful -given -disabled -consistent -anxious -nervous -awful -stable -constitutional -satisfied -conscious -developing -strategic -holy -smooth -dominant -remote -theoretical -outstanding -pink -pretty -clinical -minimum -honest -impressive -related -residential -extraordinary -plain -visible -accurate -distant -still -greek -complicated -musical -precise -gentle -broken -live -silly -fat -tight -monetary -round -psychological -violent -unemployed -inevitable -junior -sensible -grateful -pleasant -dirty -structural -welcome -socalled -deaf -above -continuous -blind -overseas -mean -entitled -delighted -loose -occasional -evident -desperate -fellow -universal -square -steady -classic -equivalent -intellectual -victorian -level -ultimate -creative -lost -medieval -clever -linguistic -convinced -judicial -raw -sophisticated -asleep -vulnerable -illegal -outer -revolutionary -bitter -changing -australian -native -imperial -strict -wise -informal -flexible -collective -frequent -experimental -spiritual -intense -rational -ethnic -generous -inadequate -prominent -logical -bare -historic -modest -dutch -acute -electrical -valid -weekly -gross -automatic -loud -reliable -mutual -liable -multiple -ruling -curious -arab -sole -jewish -managing -pregnant -latin -nearby -exact -underlying -identical -satisfactory -marginal -distinctive -electoral -urgent -presidential -controversial -oral -everyday -encouraging -organic -continued -expected -statistical -desirable -innocent -improved -exclusive -marked -experienced -unexpected -superb -sheer -disappointed -frightened -fulltime -gastric -capitalist -romantic -naked -reluctant -magnificent -convenient -established -closed -uncertain -artificial -diplomatic -tremendous -marine -mechanical -retail -institutional -mixed -required -biological -known -functional -straightforward -superior -digital -parttime -spectacular -unhappy -confused -unfair -aggressive -spare -painful -abstract -asian -associated -legislative -monthly -intelligent -hungry -explicit -nasty -just -faint -coloured -ridiculous -amazing -comparable -successive -workingclass -realistic -back -decent -unnecessary -flying -fucking -random -influential -dull -genetic -neat -marvellous -crazy -damp -giant -secure -bottom -skilled -subtle -elegant -brave -lesser -parallel -steep -intensive -casual -tropical -lonely -partial -preliminary -concrete -alleged -assistant -vertical -upset -delicate -mild -occupational -excessive -progressive -iraqi -exceptional -integrated -striking -continental -okay -harsh -combined -fierce -handsome -characteristic -chronic -compulsory -interim -objective -splendid -magic -shortterm -systematic -obliged -payable -fun -horrible -primitive -fascinating -ideological -metropolitan -surrounding -estimated -peaceful -premier -operational -technological -kind -advisory -hostile -precious -gay -accessible -determined -excited -impressed -provincial -smart -endless -isolated -postwar -drunk -geographical -like -dynamic -boring -forthcoming -unfortunate -definite -super -notable -indirect -stiff -wealthy -awkward -lively -neutral -artistic -content -mature -colonial -ambitious -evil -magnetic -verbal -legitimate -sympathetic -wellknown -empirical -head -shallow -vague -naval -depressed -shared -added -shocked -mid -worthwhile -qualified -missing -blank -absent -favourable -polish -israeli -developed -profound -representative -enthusiastic -dreadful -rigid -reduced -cruel -coastal -peculiar -racial -ugly -swiss -crude -extended -selected -eager -feminist -canadian -bold -relaxed -corresponding -running -planned -applicable -immense -allied -comparative -uncomfortable -conservation -productive -beneficial -bored -charming -minimal -mobile -turkish -orange -rear -passive -suspicious -overwhelming -fatal -resulting -symbolic -registered -neighbouring -calm -irrelevant -patient -compact -profitable -rival -loyal -moderate -distinguished -interior -noble -insufficient -eligible -mysterious -varying -middleclass -managerial -molecular -olympic -linear -prospective -printed -parental -diverse -elaborate -furious -fiscal -burning -useless -semantic -embarrassed -inherent -philosophical -deliberate -awake -variable -promising -unpleasant -varied -sacred -selective -inclined -tender -hidden -worthy -intermediate -sound -protective -fortunate -slim -islamic -defensive -divine -stuck -driving -invisible -misleading -circular -mathematical -inappropriate -liquid -persistent -solar -doubtful -manual -architectural -intact -incredible -devoted -prior -tragic -respectable -optimistic -convincing -unacceptable -decisive -competent -spatial -respective -binding -relieved -nursing -toxic -select -redundant -integral -then -probable -amateur -fond -passing -specified -territorial -horizontal -oldfashioned -inland -cognitive -regulatory -miserable -resident -polite -scared -marxist -gothic -civilian -instant -lengthy -adverse -korean -unconscious -anonymous -aesthetic -orthodox -static -unaware -costly -fantastic -foolish -fashionable -causal -compatible -wee -implicit -dual -ok -cheerful -subjective -forward -surviving -exotic -purple -cautious -visiting -aggregate -ethical -protestant -teenage -largescale -dying -disastrous -delicious -confidential -underground -thorough -grim -autonomous -atomic -frozen -colourful -injured -uniform -ashamed -glorious -wicked -coherent -rising -shy -novel -balanced -delightful -arbitrary -adjacent -psychiatric -worrying -weird -unchanged -rolling -evolutionary -intimate -sporting -disciplinary -formidable -lexical -noisy -gradual -accused -homeless -supporting -coming -renewed -excess -retired -rubber -chosen -outdoor -embarrassing -preferred -bizarre -appalling -agreed -imaginative -governing -accepted -vocational -palestinian -mighty -puzzled -worldwide -handicapped -organisational -sunny -eldest -eventual -spontaneous -vivid -rude -nineteenthcentury -faithful -ministerial -innovative -controlled -conceptual -unwilling -civic -meaningful -disturbing -alive -brainy -breakable -busy -careful -cautious -clever -concerned -crazy -curious -dead -different -difficult -doubtful -easy -famous -fragile -helpful -helpless -important -impossible -innocent -inquisitive -modern -open -outstanding -poor -powerful -puzzled -real -rich -shy -sleepy -stupid -super -tame -uninterested -wandering -wild -wrong -adorable -alert -average -beautiful -blonde -bloody -blushing -bright -clean -clear -cloudy -colorful -crowded -cute -dark -drab -distinct -dull -elegant -fancy -filthy -glamorous -gleaming -graceful -grotesque -homely -light -misty -motionless -muddy -plain -poised -quaint -shiny -smoggy -sparkling -spotless -stormy -strange -ugly -unsightly -unusual -bad -better -beautiful -big -black -blue -bright -clumsy -crazy -dizzy -dull -fat -frail -friendly -funny -great -green -gigantic -gorgeous -grumpy -handsome -happy -horrible -itchy -jittery -jolly -kind -long -lazy -magnificent -magenta -many -mighty -mushy -nasty -new -nice -nosy -nutty -nutritious -odd -orange -ordinary -pretty -precious -prickly -purple -quaint -quiet -quick -quickest -rainy -rare -ratty -red -roasted -robust -round -sad -scary -scrawny -short -silly -stingy -strange -striped -spotty -tart -tall -tame -tan -tender -testy -tricky -tough -ugly -ugliest -vast -watery -wasteful -wideeyed -wonderful -yellow -yummy -zany diff --git a/tpot/host/usr/share/dict/n.txt b/tpot/host/usr/share/dict/n.txt deleted file mode 100644 index 0e5f2c37..00000000 --- a/tpot/host/usr/share/dict/n.txt +++ /dev/null @@ -1,4401 +0,0 @@ -aardvark -abacus -abbey -abdomen -ability -abolishment -abroad -accelerant -accelerator -accident -accompanist -accordion -account -accountant -achieve -achiever -acid -acknowledgment -acoustic -acoustics -acrylic -act -action -active -activity -actor -actress -acupuncture -ad -adapter -addiction -addition -address -adjustment -administration -adrenalin -adult -advancement -advantage -advertisement -advertising -advice -affair -affect -afghanistan -africa -aftermath -afternoon -aftershave -aftershock -afterthought -age -agency -agenda -agent -aglet -agreement -air -airbag -airbus -airfare -airforce -airline -airmail -airplane -airport -airship -alarm -alb -albatross -alcohol -alcove -alder -algebra -algeria -alibi -allergist -alley -alligator -alloy -almanac -almond -alpaca -alpenglow -alpenhorn -alpha -alphabet -alternative -altitude -alto -aluminium -aluminum -ambassador -ambition -ambulance -amendment -america -amount -amusement -anagram -analgesia -analog -analysis -analyst -anatomy -anesthesiology -anethesiologist -anger -angiosperm -angle -angora -angstrom -anguish -animal -anime -ankle -anklet -annual -anorak -answer -ant -antarctica -anteater -antechamber -antelope -anthony -anthropology -antler -anxiety -anybody -anything -anywhere -apartment -ape -aperitif -apology -apparatus -apparel -appeal -appearance -appendix -apple -applewood -appliance -application -appointment -approval -april -apron -apse -aquarius -aquifer -arch -archaeology -archeology -archer -architect -architecture -archrival -area -argentina -argument -aries -arithmetic -arm -armadillo -armament -armchair -armoire -armor -armrest -army -arrival -arrow -art -artichoke -article -artificer -ascot -ash -ashram -ashtray -asia -asparagus -aspect -asphalt -assignment -assistance -assistant -associate -association -assumption -asterisk -astrakhan -astrolabe -astrologer -astrology -astronomy -atelier -athelete -athlete -atm -atmosphere -atom -atrium -attachment -attack -attempt -attendant -attention -attenuation -attic -attitude -attorney -attraction -audience -auditorium -august -aunt -australia -author -authorisation -authority -authorization -automaton -avalanche -avenue -average -awareness -azimuth -babe -babies -baboon -babushka -baby -back -backbone -backdrop -backpack -bacon -bad -badge -badger -bafflement -bag -bagel -bagpipe -bagpipes -bail -bait -bake -baker -bakery -bakeware -balaclava -balalaika -balance -balcony -balinese -ball -balloon -ballpark -bamboo -banana -band -bandana -bandanna -bandolier -bangladesh -bangle -banjo -bank -bankbook -banker -banquette -baobab -bar -barbara -barbeque -barber -barbiturate -barge -baritone -barium -barn -barometer -barracks -barstool -base -baseball -basement -basin -basis -basket -basketball -bass -bassinet -bassoon -bat -bath -bather -bathhouse -bathrobe -bathroom -bathtub -batter -battery -batting -battle -battleship -bay -bayou -beach -bead -beak -beam -bean -beanie -beanstalk -bear -beard -beast -beat -beautician -beauty -beaver -bed -bedroom -bee -beech -beef -beer -beet -beetle -beggar -beginner -begonia -behavior -beheading -behest -belfry -belief -believe -bell -belligerency -bellows -belly -belt -bench -bend -beneficiary -benefit -bengal -beret -berry -bestseller -bestseller -betty -beverage -beyond -bibliography -bicycle -bid -bidet -bifocals -big -bigrig -bijou -bike -bikini -bill -billboard -bin -biology -biplane -birch -bird -birdbath -birdcage -birdhouse -birdwatcher -birth -birthday -bit -bite -black -blackberry -blackboard -blackfish -bladder -blade -blame -blank -blanket -blazer -blight -blinker -blister -blizzard -block -blocker -blood -bloodflow -bloom -bloomers -blossom -blouse -blow -blowgun -blowhole -blue -blueberry -boar -board -boat -boatbuilding -boatload -boatyard -bobcat -body -bog -bolero -bolt -bomb -bomber -bondsman -bone -bongo -bonnet -bonsai -bonus -boogeyman -book -bookcase -bookend -booklet -booster -boot -bootee -bootie -boots -booty -border -bore -bosom -botany -bottle -bottling -bottom -bottomline -boudoir -bough -boundary -bow -bower -bowl -bowler -bowling -bowtie -box -boxer -boxspring -boy -boyfriend -bra -brace -bracelet -bracket -brain -brake -branch -brand -brandy -brass -brassiere -bratwurst -brazil -bread -breadcrumb -break -breakfast -breakpoint -breast -breastplate -breath -breeze -bribery -brick -bricklaying -bridge -brief -briefs -brilliant -british -broccoli -brochure -broiler -broker -brome -bronchitis -bronco -bronze -brooch -brood -brook -broom -brother -brotherinlaw -brow -brown -brush -brushfire -brushing -bubble -bucket -buckle -bud -budget -buffer -buffet -bug -buggy -bugle -building -bulb -bull -bulldozer -bullet -bullfighter -bumper -bun -bunch -bungalow -bunghole -bunkhouse -burglar -burlesque -burma -burn -burnout -burst -bus -bush -business -bust -bustle -butane -butcher -butter -button -buy -buyer -buzzard -cabana -cabbage -cabin -cabinet -cable -caboose -cacao -cactus -caddy -cadet -cafe -caftan -cake -calcification -calculation -calculator -calculus -calendar -calf -calico -call -calm -camel -cameo -camera -camp -campaign -campanile -can -canada -canal -cancel -cancer -candelabra -candidate -candle -candy -cane -cannon -canoe -canon -canopy -canteen -canvas -cap -cape -capital -capitulation -capon -cappelletti -cappuccino -capricorn -captain -caption -car -caravan -carbon -card -cardboard -cardigan -care -cargo -carload -carnation -carol -carotene -carp -carpenter -carpet -carport -carriage -carrier -carrot -carry -cart -cartilage -cartload -cartoon -cartridge -cascade -case -casement -cash -cashier -casino -casserole -cassock -cast -castanet -castanets -castle -cat -catacomb -catamaran -category -caterpillar -cathedral -catsup -cattle -cauliflower -cause -caution -cave -cclamp -cd -ceiling -celebration -celeriac -celery -celeste -cell -cellar -cello -celsius -cement -cemetery -cenotaph -census -cent -centenarian -center -centimeter -centurion -century -cephalopod -ceramic -cereal -certification -cesspool -chador -chafe -chain -chainstay -chair -chairlift -chairman -chairperson -chairwoman -chaise -chalet -chalice -chalk -champion -championship -chance -chandelier -change -channel -chap -chapel -chapter -character -chard -charge -charity -charlatan -charles -charm -chart -chastity -chasuble -chateau -chauffeur -chauvinist -check -checkroom -cheek -cheese -cheetah -chef -chemistry -cheque -cherries -cherry -chess -chest -chick -chicken -chicory -chief -chiffonier -child -childhood -children -chill -chime -chimpanzee -chin -china -chinese -chino -chipmunk -chitchat -chivalry -chive -chocolate -choice -choker -chop -chopstick -chord -chowder -christmas -christopher -chrome -chromolithograph -chronograph -chronometer -chub -chug -church -churn -cicada -cigarette -cinema -circle -circulation -circumference -cirrus -citizenship -city -civilisation -clam -clank -clapboard -clarinet -clasp -class -classroom -claus -clave -clavicle -clavier -cleaner -cleat -cleavage -clef -cleric -clerk -click -client -cliff -climate -climb -clip -clipper -cloak -cloakroom -clock -clockwork -clogs -cloister -close -closet -cloth -clothes -clothing -cloud -cloudburst -cloudy -clove -clover -club -clutch -coach -coal -coast -coat -cob -cobweb -cockpit -cockroach -cocktail -cocoa -cod -codon -codpiece -coevolution -coffee -coffin -coil -coin -coinsurance -coke -cold -coliseum -collar -collection -college -collision -colloquia -colombia -colon -colonisation -colony -color -colt -column -columnist -comb -combat -combination -comfort -comfortable -comic -comma -command -commercial -commission -committee -communicant -communication -community -company -comparison -competition -competitor -complaint -complement -complex -component -comportment -composer -composition -compost -compulsion -computer -comradeship -concept -concert -conclusion -concrete -condition -condominium -condor -conductor -cone -confectionery -conference -confidence -confirmation -conflict -confusion -conga -congo -congressman -congressperson -congresswoman -conifer -connection -consent -consequence -console -consonant -conspirator -constant -constellation -construction -consul -consulate -contactlens -contagion -contest -context -continent -contract -contrail -contrary -contribution -control -convection -conversation -convert -convertible -cook -cookie -cooking -coonskin -cope -copout -copper -coproducer -copy -copyright -copywriter -cord -corduroy -cork -cormorant -corn -cornerstone -cornet -corral -correspondent -corridor -corsage -cost -costume -cot -cottage -cotton -couch -cougar -cough -council -councilman -councilor -councilperson -councilwoman -counter -counterforce -countess -country -county -couple -courage -course -court -cousin -covariate -cover -coverall -cow -cowbell -cowboy -crab -crack -cracker -crackers -cradle -craftsman -crash -crate -cravat -craw -crawdad -crayfish -crayon -cream -creative -creator -creature -creche -credenza -credit -creditor -creek -cremebrulee -crest -crew -crib -cribbage -cricket -cricketer -crime -criminal -crinoline -criteria -criterion -criticism -crocodile -crocus -croissant -crook -crop -cross -crosscontamination -crossstitch -crotch -croup -crow -crowd -crown -crude -crush -cry -crystallography -cub -cuban -cuckoo -cucumber -cufflinks -cultivar -cultivator -culture -culvert -cummerbund -cup -cupboard -cupcake -cupola -curio -curl -curler -currency -current -cursor -curtain -curve -cushion -custard -custodian -customer -cut -cuticle -cutlet -cutover -cutting -cyclamen -cycle -cyclone -cylinder -cymbal -cymbals -cynic -cyst -cytoplasm -dad -daffodil -dagger -dahlia -daisy -damage -dame -dance -dancer -danger -daniel -dark -dart -dash -dashboard -data -database -date -daughter -david -day -daybed -dead -deadline -deal -dealer -dear -death -deathwatch -deborah -debt -debtor -decade -december -decimal -decision -deck -declination -decongestant -decrease -decryption -dedication -deer -defense -deficit -definition -deformation -degree -delete -delivery -demand -demur -den -denim -dentist -deodorant -department -departure -dependent -deployment -deposit -depression -depressive -depth -deputy -derby -derrick -description -desert -design -designer -desire -desk -dessert -destiny -destroyer -destruction -detail -detainment -detective -detention -determination -development -deviance -device -dew -dhow -diadem -diamond -diaphragm -diarist -dibble -dickey -dictaphone -diction -dictionary -diet -dietician -difference -differential -difficulty -digestion -digger -digital -dilapidation -dill -dime -dimension -dimple -diner -dinghy -dinner -dinosaur -diploma -dipstick -direction -director -dirndl -dirt -disadvantage -disarmament -disaster -disco -disconnection -discount -discovery -discrepancy -discussion -disease -disembodiment -disengagement -disguise -disgust -dish -dishes -dishwasher -disk -display -disposer -distance -distribution -distributor -district -divan -diver -divide -divider -diving -division -dock -doctor -document -doe -dog -dogsled -dogwood -doll -dollar -dolman -dolphin -domain -donald -donkey -donna -door -doorknob -doorpost -dorothy -dory -dot -double -doubling -doubt -doubter -downforce -downgrade -downtown -draft -dragon -dragonfly -dragster -drain -drake -drama -dramaturge -draw -drawbridge -drawer -drawing -dream -dredger -dress -dresser -dressing -drill -drink -drive -driver -driveway -driving -drizzle -dromedary -drop -drug -drum -drummer -drunk -dry -dryer -duck -duckling -dud -duffel -dugout -dulcimer -dumbwaiter -dumptruck -dunebuggy -dungarees -dungeon -duplexer -dust -duststorm -duster -duty -dwarf -dwelling -dynamo -eagle -ear -eardrum -earmuffs -earplug -earrings -earth -earthquake -earthworm -ease -easel -east -eave -eavesdropper -ebook -ecclesia -eclipse -ecliptic -economics -ecumenist -eddy -edge -edger -editor -editorial -education -edward -eel -effacement -effect -effective -efficacy -efficiency -effort -egg -egghead -eggnog -eggplant -egypt -eight -ejector -elbow -election -electrocardiogram -element -elephant -elevator -elixir -elizabeth -elk -ellipse -elm -elongation -embossing -emergence -emergent -emery -emotion -emphasis -employ -employee -employer -employment -empowerment -emu -encirclement -encyclopedia -end -endothelium -enemy -energy -engine -engineer -engineering -english -enigma -enquiry -entertainment -enthusiasm -entrance -entry -environment -epauliere -epee -ephemera -ephemeris -epoch -eponym -epoxy -equinox -equipment -era -ereader -error -escape -espadrille -espalier -establishment -estate -estimate -estrogen -estuary -ethernet -ethiopia -euphonium -eurocentrism -europe -evaluator -evening -eveningwear -event -eviction -evidence -evocation -exam -examination -examiner -example -exchange -excitement -exclamation -excuse -executor -exhaust -exhusband -exile -existence -exit -expansion -expansionism -experience -expert -explanation -exposition -expression -extension -extent -extreme -exwife -eye -eyeball -eyebrow -eyebrows -eyeglasses -eyelash -eyelashes -eyelid -eyelids -eyeliner -eyestrain -face -facelift -facet -facilities -facsimile -fact -factor -factory -faculty -fahrenheit -failure -fairies -fairy -fall -fallingout -familiar -family -fan -fang -fanlight -fanny -fannypack -farm -farmer -fascia -fat -father -fatherinlaw -fatigues -faucet -fault -fawn -fax -fear -feast -feather -feature -february -fedelini -fedora -feed -feedback -feeling -feet -felony -female -fen -fence -fencing -fender -ferry -ferryboat -fertilizer -few -fiber -fiberglass -fibre -fiction -fiddle -field -fifth -fight -fighter -figurine -file -fill -filly -filth -final -finance -find -finding -fine -finger -fingernail -finisher -fir -fire -fireman -fireplace -firewall -fish -fishbone -fisherman -fishery -fishing -fishmonger -fishnet -fisting -fix -fixture -flag -flame -flanker -flare -flash -flat -flatboat -flavor -flax -fleck -fleece -flesh -flight -flintlock -flipflops -flock -flood -floor -floozie -flower -flu -flugelhorn -fluke -flute -fly -flytrap -foam -fob -focus -fog -fold -folder -fondue -font -food -foot -football -footnote -footrest -footrest -footstool -foray -force -forearm -forebear -forecast -forehead -forest -forestry -forgery -fork -form -formal -format -former -fort -fortnight -fortress -fortune -forum -foundation -fountain -fowl -fox -foxglove -fragrance -frame -france -fratricide -fraudster -frazzle -freckle -freedom -freeplay -freeze -freezer -freight -freighter -french -freon -fresco -friction -friday -fridge -friend -friendship -frigate -fringe -frock -frog -front -frost -frown -fruit -frustration -fuel -fulfillment -full -function -fundraising -funeral -funny -fur -furnace -furniture -fusarium -futon -future -gaffer -gaiters -gale -gallbladder -galleon -gallery -galley -gallon -galoshes -game -gamebird -gammaray -gander -gap -garage -garb -garbage -garden -garlic -garment -garter -gas -gasoline -gastropod -gate -gateway -gather -gauge -gauntlet -gazebo -gazelle -gear -gearshift -geese -gelding -gem -gemini -gemsbok -gender -gene -general -genetics -geography -geology -geometry -george -geranium -gerbil -geriatrician -german -germany -geyser -ghana -gherkin -ghost -giant -gigantism -ginseng -giraffe -girdle -girl -girlfriend -git -glad -gladiolus -gland -glass -glasses -glen -glider -gliding -glockenspiel -glove -gloves -glue -glut -goal -goat -gobbler -godmother -goggles -gokart -gold -goldfish -golf -gondola -gong -good -goodbye -goodbye -goodie -goose -gopher -goretex -gorilla -gosling -governance -government -governor -gown -grabbag -grade -grain -gram -granddaughter -grandfather -grandmom -grandmother -grandson -granny -grape -grapefruit -graph -graphic -grass -grasshopper -grassland -gray -grease -great -greatgrandfather -greatgrandmother -greece -greek -green -greenhouse -grenade -grey -grief -grill -grip -grit -grocery -ground -group -grouper -grouse -growth -guarantee -guatemalan -guest -guestbook -guidance -guide -guilty -guitar -guitarist -gum -gumshoes -gun -gutter -guy -gym -gymnast -gynaecology -gyro -hacienda -hacksaw -hackwork -hail -hair -haircut -half -halfbrother -halfsister -halibut -hall -hallway -hamaki -hamburger -hammer -hammock -hamster -hand -handball -handholding -handicap -handle -handlebar -handmaiden -handsaw -hang -harbor -harbour -hardboard -hardcover -hardening -hardhat -hardhat -hardware -harm -harmonica -harmony -harp -harpooner -harpsichord -hassock -hat -hatbox -hatchet -hate -haunt -haversack -hawk -hay -head -headlight -headline -headrest -health -hearing -heart -heartache -hearth -hearthside -heartthrob -heartwood -heat -heater -heaven -heavy -hedge -hedgehog -heel -height -heirloom -helen -helicopter -helium -hell -hellcat -helmet -helo -help -hemp -hen -herb -heron -herring -hexagon -heyday -hide -high -highlight -highrise -highway -hill -himalayan -hip -hippodrome -hippopotamus -historian -history -hit -hive -hobbies -hobbit -hobby -hockey -hoe -hog -hold -hole -holiday -home -homework -homogenate -homonym -honey -honeybee -honoree -hood -hoof -hook -hope -hops -horn -hornet -horse -hose -hosiery -hospice -hospital -host -hostel -hostess -hot -hotdog -hotel -hour -hourglass -house -houseboat -housing -hovel -hovercraft -howitzer -hub -hubcap -hugger -human -humidity -humor -hunger -hurdler -hurricane -hurry -hurt -husband -hut -hutch -hyacinth -hybridisation -hydrant -hydraulics -hydrofoil -hydrogen -hyena -hygienic -hyphenation -hypochondria -hypothermia -ice -icebreaker -icecream -icecream -icicle -icon -idea -ideal -igloo -ikebana -illegal -image -imagination -impact -implement -importance -impress -impression -imprisonment -improvement -impudence -impulse -inbox -incandescence -inch -income -increase -independence -independent -index -india -indication -indigence -indonesia -industry -infancy -inflammation -inflation -information -infusion -inglenook -ingrate -initial -initiative -injoke -injury -ink -inlaws -inlay -inn -innervation -innocent -input -inquiry -inscription -insect -inside -insolence -inspection -inspector -instance -instruction -instrument -instrumentalist -instrumentation -insulation -insurance -insurgence -intelligence -intention -interaction -interactive -interest -interferometer -interior -interloper -internal -internet -interpreter -intervenor -interview -interviewer -intestine -intestines -introduction -invention -inventor -inventory -investment -invite -invoice -iPad -iran -iraq -iridescence -iris -iron -ironclad -island -israel -issue -italy -jackal -jacket -jaguar -jail -jailhouse -jam -james -january -japan -japanese -jar -jasmine -jason -jaw -jeans -jeep -jeff -jelly -jellyfish -jennifer -jet -jewel -jewelry -jiffy -job -jockey -jodhpurs -joey -jogging -john -join -joke -joseph -jot -journey -judge -judgment -judo -juggernaut -juice -july -jumbo -jump -jumper -jumpsuit -june -junior -junk -junker -junket -jury -justice -jute -kale -kamikaze -kangaroo -karate -karen -kayak -kazoo -kendo -kenneth -kenya -ketch -ketchup -kettle -kettledrum -kevin -key -keyboard -keyboarding -keystone -kick -kickoff -kid -kidney -kidneys -kielbasa -kill -kilogram -kilometer -kilt -kimberly -kimono -kind -king -kingfish -kiosk -kiss -kitchen -kite -kitten -kitty -kleenex -klomps -knee -kneejerk -knickers -knife -knifeedge -knight -knitting -knot -knowledge -knuckle -koala -kohlrabi -korean -lab -laborer -lace -lacquerware -ladder -lady -ladybug -lake -lamb -lamp -lan -lanai -land -landform -landmine -language -lantern -lap -laparoscope -lapdog -laptop -larch -larder -lark -laryngitis -lasagna -latency -latex -lathe -latte -laugh -laundry -laura -law -lawn -lawsuit -lawyer -layer -lead -leader -leadership -leaf -league -leaker -learning -leash -leather -leaver -lecture -leek -leg -legal -legging -legume -lei -lemon -lemonade -lemur -length -lentil -leo -leopard -leotard -leprosy -let -letter -lettuce -level -lever -leverage -libra -librarian -library -license -lier -life -lift -light -lighting -lightning -lilac -lily -limit -limo -line -linen -liner -link -linseed -lion -lip -lipstick -liquid -liquor -lisa -list -literature -litigation -litter -liver -living -lizard -llama -loaf -loafer -loan -lobotomy -lobster -location -lock -locker -locket -locomotive -locust -loft -log -loggia -loincloth -look -loss -lot -lotion -lounge -lout -love -low -loyalty -luck -luggage -lumber -lumberman -lunch -luncheonette -lunchroom -lung -lunge -lute -luttuce -lycra -lye -lymphocyte -lynx -lyocell -lyre -lyric -macadamia -macaroni -machine -macrame -macrofauna -maelstrom -maestro -magazine -magic -magician -maid -maiden -mail -mailbox -mailman -maintenance -major -majorleague -makeup -malaysia -male -mall -mallet -mambo -mammoth -man -management -manager -mandarin -mandolin -mangrove -manhunt -maniac -manicure -manner -manor -mansard -manservant -mansion -mantel -mantle -mantua -manufacturer -manx -map -maple -maraca -maracas -marble -march -mare -margaret -margin -maria -mariachi -marimba -mark -market -marketing -marksman -marriage -marsh -marshland -marxism -mary -mascara -mask -mass -massage -master -mastication -mastoid -mat -match -material -math -mattock -mattress -maximum -may -maybe -mayonnaise -mayor -meal -meaning -measure -measurement -meat -mechanic -media -medicine -medium -meet -meeting -megalomaniac -melody -member -membership -memory -men -menorah -mention -menu -mercury -mess -message -metal -metallurgist -meteor -meteorology -meter -methane -method -methodology -metro -metronome -mexican -mexico -mezzanine -mice -michael -michelle -microlending -microwave -midcourse -middle -middleman -midi -midline -midnight -midwife -might -migrant -mile -milk -milkshake -millennium -millimeter -millisecond -mime -mimosa -mind -mine -mini -minibus -minion -miniskirt -minister -minor -minorleague -mint -minute -mirror -miscarriage -miscommunication -misfit -misogyny -misplacement -misreading -missile -mission -mist -mistake -mister -miter -mitten -mix -mixer -mixture -moat -mobile -moccasins -mocha -mode -model -modem -mole -mom -moment -monastery -monasticism -monday -money -monger -monitor -monkey -monocle -monotheism -monsoon -monster -month -mood -moon -moonscape -moonshine -mop -Mormon -morning -morocco -morsel -mortise -mosque -mosquito -most -motel -moth -mother -motherinlaw -motion -motor -motorboat -motorcar -motorcycle -mound -mountain -mouse -mouser -mousse -moustache -mouth -mouton -move -mover -movie -mower -mud -mug -mukluk -mule -multimedia -muscle -musculature -museum -music -musicbox -musician -musicmaking -mustache -mustard -mutt -myanmar -mycoplasma -nail -name -naming -nancy -nanoparticle -napkin -narcissus -nation -naturalisation -nature -neat -neck -necklace -necktie -necromancer -need -needle -negligee -negotiation -neologism -neon -nepal -nephew -nerve -nest -net -netball -netbook -netsuke -network -neurobiologist -neuropathologist -neuropsychiatry -news -newspaper -newsprint -newsstand -nexus -nic -nicety -niche -nickel -niece -nigeria -night -nightclub -nightgown -nightingale -nightlight -nitrogen -node -noise -nonbeliever -nonconformist -nondisclosure -noodle -normal -norse -north -northamerica -northkorea -nose -note -notebook -notice -notify -notoriety -nougat -novel -november -nudge -number -numeracy -numeric -numismatist -nurse -nursery -nurture -nut -nylon -oak -oar -oasis -oatmeal -obi -objective -obligation -oboe -observation -observatory -occasion -occupation -ocean -ocelot -octagon -octave -octavo -octet -october -octopus -odometer -oeuvre -offence -offer -office -official -offramp -oil -okra -oldie -olive -omega -omelet -oncology -one -onion -open -opening -opera -operation -ophthalmologist -opinion -opium -opossum -opportunist -opportunity -opposite -option -orange -orangutan -orator -orchard -orchestra -orchid -order -ordinary -ordination -organ -organisation -organization -original -ornament -osmosis -osprey -ostrich -others -otter -ottoman -ounce -outback -outcome -outfit -outhouse -outlay -output -outrigger -outset -outside -oval -ovary -oven -overcharge -overclocking -overcoat -overexertion -overflight -overnighter -overshoot -owl -owner -ox -oxen -oxford -oxygen -oyster -pacemaker -pack -package -packet -pad -paddle -paddock -page -pagoda -pail -pain -paint -painter -painting -paintwork -pair -pajama -pajamas -pakistan -paleontologist -paleontology -palm -pamphlet -pan -pancake -pancreas -panda -panic -pannier -panpipe -pansy -panther -panties -pantry -pants -pantsuit -panty -pantyhose -paper -paperback -parable -parachute -parade -parallelogram -paramedic -parcel -parchment -parent -parentheses -park -parka -parrot -parsnip -part -participant -particle -particular -partner -partridge -party -passage -passbook -passenger -passion -passive -pasta -paste -pastor -pastoralist -pastry -patch -path -patience -patient -patina -patio -patriarch -patricia -patrimony -patriot -patrol -pattern -paul -pavement -pavilion -paw -pawnshop -payee -payment -pea -peace -peach -peacoat -peacock -peak -peanut -pear -pearl -pedal -pedestrian -pediatrician -peen -peer -peertopeer -pegboard -pelican -pelt -pen -penalty -pencil -pendant -pendulum -penicillin -pension -pentagon -peony -people -pepper -percentage -perception -perch -performance -perfume -period -periodical -peripheral -permafrost -permission -permit -perp -person -personality -perspective -peru -pest -pet -petal -petticoat -pew -pharmacist -pharmacopoeia -phase -pheasant -philippines -philosopher -philosophy -phone -photo -photographer -phrase -physical -physician -physics -pianist -piano -piccolo -pick -pickax -picket -pickle -picture -pie -piece -pier -piety -pig -pigeon -pike -pile -pilgrimage -pillbox -pillow -pilot -pimp -pimple -pin -pinafore -pincenez -pine -pineapple -pinecone -ping -pink -pinkie -pinstripe -pint -pinto -pinworm -pioneer -pipe -piracy -piranha -pisces -piss -pitch -pitching -pith -pizza -place -plain -plane -planet -plant -plantation -planter -plaster -plasterboard -plastic -plate -platform -platinum -platypus -play -player -playground -playroom -pleasure -pleated -plier -plot -plough -plover -plow -plowman -plume -plunger -plywood -pneumonia -pocket -pocketbook -pocketwatch -poem -poet -poetry -poignance -point -poison -poisoning -poland -pole -polenta -police -policeman -policy -polish -politician -politics -pollution -polo -polyester -pompom -poncho -pond -pony -poof -pool -popcorn -poppy -popsicle -population -populist -porch -porcupine -port -porter -portfolio -porthole -position -positive -possession -possibility -postage -postbox -poster -pot -potato -potential -potty -pouch -poultry -pound -pounding -powder -power -precedent -precipitation -preface -preference -prelude -premeditation -premier -preoccupation -preparation -presence -presentation -president -pressroom -pressure -pressurisation -price -pride -priest -priesthood -primary -primate -prince -princess -principal -print -printer -priority -prison -prize -prizefight -probation -problem -procedure -process -processing -produce -producer -product -production -profession -professional -professor -profit -program -project -promotion -prompt -proofreader -propane -property -proposal -prose -prosecution -protection -protest -protocol -prow -pruner -pseudoscience -psychiatrist -psychoanalyst -psychologist -psychology -ptarmigan -publisher -pudding -puddle -puffin -pull -pulley -puma -pump -pumpkin -pumpkinseed -punch -punishment -pupa -pupil -puppy -purchase -puritan -purple -purpose -purse -push -pusher -put -pvc -pyjama -pyramid -quadrant -quail -quality -quantity -quart -quarter -quartz -queen -question -quicksand -quiet -quill -quilt -quince -quit -quiver -quotation -rabbi -rabbit -raccoon -race -racer -racing -racist -rack -radar -radiator -radio -radiosonde -radish -raffle -raft -rag -rage -rail -railway -raiment -rain -rainbow -raincoat -rainmaker -rainstorm -raise -rake -ram -rambler -ramie -ranch -random -randomisation -range -rank -raspberry -rat -rate -ratio -raven -ravioli -raw -rawhide -ray -rayon -reactant -reaction -read -reading -reality -reamer -rear -reason -receipt -reception -recess -recipe -recliner -recognition -recommendation -record -recorder -recording -recover -recruit -rectangle -red -redesign -rediscovery -reduction -reef -refectory -reflection -refrigerator -refund -refuse -region -register -regret -regular -regulation -reindeer -reinscription -reject -relation -relationship -relative -religion -relish -reminder -rent -repair -reparation -repeat -replace -replacement -replication -reply -report -representative -reprocessing -republic -reputation -request -requirement -resale -research -resident -resist -resolution -resource -respect -respite -response -responsibility -rest -restaurant -result -retailer -rethinking -retina -retouch -return -reveal -revenant -revenue -review -revolution -revolve -revolver -reward -rheumatism -rhinoceros -rhyme -rhythm -rice -richard -riddle -ride -rider -ridge -rifle -right -rim -ring -ringworm -ripple -rise -riser -risk -river -riverbed -rivulet -road -roadway -roast -robe -robert -robin -rock -rocker -rocket -rocketship -rod -role -roll -roller -romania -ronald -roof -room -rooster -root -rope -rose -rostrum -rotate -roundabout -route -router -routine -row -rowboat -royal -rub -rubber -rubric -ruckus -ruffle -rugby -rule -run -runaway -runner -russia -rutabaga -ruth -sabre -sack -sad -saddle -safe -safety -sage -sagittarius -sail -sailboat -sailor -salad -salary -sale -salesman -salmon -salon -saloon -salt -samovar -sampan -sample -samurai -sand -sandals -sandbar -sandra -sandwich -santa -sarah -sardine -sari -sarong -sash -satellite -satin -satire -satisfaction -saturday -sauce -saudiarabia -sausage -save -saving -savior -saviour -saw -saxophone -scale -scallion -scanner -scarecrow -scarf -scarification -scene -scent -schedule -scheme -schizophrenic -schnitzel -school -schoolhouse -schooner -science -scimitar -scissors -scooter -score -scorn -scorpio -scorpion -scow -scraper -screamer -screen -screenwriting -screw -screwdriver -screwup -scrim -scrip -sculpting -sculpture -sea -seagull -seal -seaplane -search -seashore -season -seat -second -secretariat -secretary -section -sectional -sector -secure -security -seed -seeder -segment -select -selection -self -sell -semicircle -semicolon -senator -sense -sentence -sepal -september -septicaemia -series -servant -server -service -session -set -setting -settler -sewer -sex -shack -shade -shadow -shadowbox -shake -shakedown -shaker -shallot -shame -shampoo -shanty -shape -share -shark -sharon -shawl -shearling -shears -sheath -shed -sheep -sheet -shelf -shell -sherry -shield -shift -shin -shine -shingle -ship -shirt -shirtdress -shoat -shock -shoe -shoehorn -shoehorn -shoelace -shoemaker -shoes -shoestring -shofar -shoot -shootdown -shop -shopper -shopping -shore -shortage -shorts -shortwave -shot -shoulder -shovel -show -shower -showstopper -shred -shrimp -shrine -siamese -sibling -sick -side -sideboard -sideburns -sidecar -sidestream -sidewalk -siding -sign -signature -signet -significance -signup -silica -silk -silkworm -sill -silo -silver -simple -sing -singer -single -sink -sir -sister -sisterinlaw -sit -sitar -situation -size -skate -skiing -skill -skin -skirt -skulduggery -skull -skullcap -skullduggery -skunk -sky -skylight -skyscraper -skywalk -slapstick -slash -slave -sled -sledge -sleep -sleet -sleuth -slice -slider -slime -slip -slipper -slippers -slope -sloth -smash -smell -smelting -smile -smock -smog -smoke -smuggling -snail -snake -snakebite -sneakers -sneeze -snob -snorer -snow -snowboarding -snowflake -snowman -snowmobiling -snowplow -snowstorm -snowsuit -snuggle -soap -soccer -society -sociology -sock -socks -soda -sofa -softball -softdrink -softening -software -soil -soldier -solid -solitaire -solution -sombrero -somersault -somewhere -son -song -songbird -sonnet -soot -soprano -sorbet -sort -soulmate -sound -soup -source -sourwood -sousaphone -south -southafrica -southamerica -southkorea -sow -soy -soybean -space -spacing -spade -spaghetti -spain -spandex -spank -spark -sparrow -spasm -speaker -speakerphone -spear -special -specialist -specific -spectacle -spectacles -spectrograph -speech -speedboat -spend -sphere -sphynx -spider -spike -spinach -spine -spiral -spirit -spiritual -spite -spleen -split -sponge -spoon -sport -spot -spotlight -spray -spread -spring -sprinter -sprout -spruce -spume -spur -spy -square -squash -squatter -squeegee -squid -squirrel -stable -stack -stacking -stadium -staff -stag -stage -stain -stair -staircase -stallion -stamen -stamina -stamp -stance -standoff -star -start -starter -state -statement -station -stationwagon -statistic -statistician -steak -steal -steam -steamroller -steel -steeple -stem -stencil -step -stepaunt -stepbrother -stepdaughter -stepdaughter -stepfather -stepgrandfather -stepgrandmother -stepmother -stepmother -steppingstone -steps -stepsister -stepson -stepson -stepuncle -steven -stew -stick -stiletto -still -stinger -stitch -stock -stocking -stockings -stockintrade -stole -stomach -stone -stonework -stool -stop -stopsign -stopwatch -storage -store -storey -storm -story -storyboard -storytelling -stove -strait -stranger -strap -strategy -straw -strawberry -stream -street -streetcar -stress -stretch -strike -string -strip -structure -struggle -stud -student -studio -study -stuff -stumbling -sturgeon -style -styling -stylus -subcomponent -subconscious -submarine -subroutine -subsidence -substance -suburb -subway -success -suck -sudan -suede -suffocation -sugar -suggestion -suit -suitcase -sultan -summer -sun -sunbeam -sunbonnet -sunday -sundial -sunflower -sunglasses -sunlamp -sunroom -sunshine -supermarket -supply -support -supporter -suppression -surface -surfboard -surgeon -surgery -surname -surprise -susan -sushi -suspect -suspenders -sustainment -SUV -swallow -swamp -swan -swath -sweat -sweater -sweats -sweatshirt -sweatshop -sweatsuit -swedish -sweets -swell -swim -swimming -swimsuit -swing -swiss -switch -switchboard -swivel -sword -swordfish -sycamore -sympathy -syndicate -synergy -synod -syria -syrup -system -tabby -tabernacle -table -tablecloth -tabletop -tachometer -tackle -tadpole -tail -tailor -tailspin -taiwan -tale -talk -tam -tambour -tambourine -tamo'shanter -tandem -tangerine -tank -tanker -tankful -tanktop -tanzania -tap -target -tassel -taste -tatami -tattler -tattoo -taurus -tavern -tax -taxi -taxicab -tea -teacher -teaching -team -tear -technician -technologist -technology -teen -teeth -telephone -telescreen -teletype -television -teller -temp -temper -temperature -temple -tempo -temporariness -temptress -tendency -tenement -tennis -tenor -tension -tent -tepee -term -terracotta -terrapin -territory -test -text -textbook -texture -thailand -thanks -thaw -theater -theism -theme -theoretician -theory -therapist -thermals -thermometer -thigh -thing -thinking -thistle -thomas -thong -thongs -thorn -thought -thread -thrill -throat -throne -thrush -thumb -thunder -thunderbolt -thunderhead -thunderstorm -thursday -tiara -tic -ticket -tie -tiger -tight -tights -tile -till -timbale -time -timeline -timeout -timer -timpani -tin -tinderbox -tinkle -tintype -tip -tire -tissue -titanium -title -toad -toast -toe -toenail -toga -togs -toilet -tom -tomato -tomography -tomorrow -tomtom -ton -tongue -toot -tooth -toothbrush -toothpaste -toothpick -top -tophat -topic -topsail -toque -torchiere -toreador -tornado -torso -tortellini -tortoise -tosser -total -tote -touch -tough -toughguy -tour -tourist -towel -tower -town -townhouse -towtruck -toy -trachoma -track -tracksuit -tractor -trade -tradition -traditionalism -traffic -trail -trailer -train -trainer -training -tram -tramp -transaction -translation -transmission -transom -transport -transportation -trapdoor -trapezium -trapezoid -trash -travel -tray -treatment -tree -trellis -tremor -trench -trial -triangle -tribe -trick -trigonometry -trim -trinket -trip -tripod -trolley -trombone -trooper -trouble -trousers -trout -trove -trowel -truck -truckit -trumpet -trunk -trust -truth -try -tshirt -tsunami -tub -tuba -tube -tuesday -tugboat -tulip -tummy -tuna -tune -tuneup -tunic -tunnel -turban -turkey -turkish -turn -turnip -turnover -turnstile -turret -turtle -tussle -tutu -tuxedo -tv -twig -twilight -twine -twist -twister -two -typewriter -typhoon -tyvek -uganda -ukraine -ukulele -umbrella -unblinking -uncle -underclothes -underground -underneath -underpants -underpass -undershirt -understanding -underwear -underwire -unibody -uniform -union -unit -unitedkingdom -university -urn -use -user -usher -utensil -uzbekistan -vacation -vacuum -vagrant -valance -valley -valuable -value -van -vane -vanity -variation -variety -vase -vast -vault -vaulting -veal -vegetable -vegetarian -vehicle -veil -vein -veldt -vellum -velodrome -velvet -venezuela -venezuelan -venom -veranda -verdict -vermicelli -verse -version -vertigo -verve -vessel -vest -vestment -vibe -vibraphone -vibration -video -vietnam -view -villa -village -vineyard -vinyl -viola -violet -violin -virginal -virgo -virtue -virus -viscose -vise -vision -visit -visitor -visor -vixen -voice -volcano -volleyball -volume -voyage -vulture -wad -wafer -waffle -waist -waistband -waiter -waitress -walk -walker -walkway -wall -wallaby -wallet -walnut -walrus -wampum -wannabe -war -warden -warlock -warmup -warning -wash -washbasin -washcloth -washer -washtub -wasp -waste -wastebasket -watch -watchmaker -water -waterbed -waterfall -waterskiing -waterspout -wave -wax -way -weakness -wealth -weapon -weasel -weather -web -wedding -wedge -wednesday -weed -weeder -weedkiller -week -weekend -weekender -weight -weird -well -west -western -wetbar -wetsuit -whale -wharf -wheel -whip -whirlpool -whirlwind -whisker -whiskey -whistle -white -whole -wholesale -wholesaler -whorl -wife -wilderness -will -william -willow -wind -windage -windchime -window -windscreen -windshield -wine -wing -wingman -wingtip -winner -winter -wire -wiseguy -wish -wisteria -witch -witchhunt -withdrawal -witness -wolf -woman -wombat -women -wood -woodland -woodshed -woodwind -wool -woolen -word -work -workbench -worker -workhorse -worklife -workshop -world -worm -worthy -wound -wrap -wraparound -wrecker -wren -wrench -wrestler -wrinkle -wrist -writer -writing -wrong -xylophone -yacht -yak -yam -yard -yarmulke -yarn -yawl -year -yellow -yesterday -yew -yin -yogurt -yoke -young -youth -yurt -zampone -zebra -zebrafish -zephyr -ziggurat -zinc -zipper -zither -zone -zoo -zoologist -zoology -zootsuit -zucchini diff --git a/tpot/host/usr/share/dict/names b/tpot/host/usr/share/dict/names deleted file mode 100644 index 9bd0182e..00000000 --- a/tpot/host/usr/share/dict/names +++ /dev/null @@ -1,3947 +0,0 @@ -charlestiger -silvergore-tex -changebutter -bonsaiscrew -pajamabuilding -roosterrainbow -dungeongender -tempergrenade -fronttadpole -slavecarpenter -schoolcreator -mimosapayment -heronmexico -airportjudge -cuticleemery -rubberflute -timbaleselection -jellyfishforgery -hyenarabbit -revolveramie -biologygasoline -detailprofit -increaseverdict -hamsterguitar -patiodiamond -dugouthimalayan -turkeypropane -earthcollision -fleshlyocell -cablekilogram -athletealgeria -trombonethrill -carpentercement -bumperbrandy -transportcover -stockingdollar -spainaddress -whalegrade -denimhalibut -watchbritish -custardberry -penaltysecure -beardpendulum -activitycurtain -octopustsunami -ferrynumeric -snowflakecomposer -sentencemaraca -patioelizabeth -buttonblade -dessertattack -pansydetail -trianglehandle -gliderpound -jameschristmas -scannergalley -pimpletrumpet -governorfridge -parcelcrime -aluminiumfather -epochrevolve -hyacinthparent -museumchina -powertramp -patiocapital -frameeight -buglemichael -sharkowner -chickmouth -dressgiant -glidingtitanium -lotioncyclone -swordfishspider -bongobarometer -hockeypants -signaturevalley -headlightalibi -sundialattempt -layerraven -advantagefloor -mexicokayak -balineseoxygen -goldfishrelation -witnesstoilet -anglefireman -chequecomma -offernotify -margaretpolyester -insurancemetal -copperlinda -metalselection -pastekettle -bomberdoubt -canoegore-tex -whaleturret -frownpatio -brownchime -porchincome -sailboatturnover -kitchencheck -shrimpairbus -secondeagle -pictureplayroom -timerbroker -libraroute -copyrightaustralia -patchwoolen -rutabagavelvet -cannonthought -tsunamikeyboard -africaprison -airplaneexhaust -bandanacover -polandcandle -trumpetscreen -bufferdeadline -asteriskdrink -susancongo -respectgliding -enquiryhammer -coughhacksaw -malaysiahardhat -kayaktendency -peonydanger -separatedgearshift -desserteurope -shovelalmanac -lotioncabinet -airshipseashore -believeblinker -tortoiseapparatus -saturdayverse -chimefebruary -umbrellaquince -mosquepuppy -signaturecarnation -pantyslice -routercornet -nephewpassenger -georgefriday -locustgerman -screenfedelini -expertscorpio -trainswimming -comfortsundial -scarecrowradiator -kilometerrayon -poultrycreditor -februaryproperty -lungehacksaw -grillfibre -jumbosociology -bonsairainbow -equinoxfibre -coffeeinput -caravanshade -communityporcupine -sycamorelaugh -browngender -tradevacuum -troubleairport -pastepizza -octobersugar -reportmaraca -routenitrogen -helmetgemini -rocketpayment -ostrichknickers -inputbankbook -staircaseprofit -wristcrayon -blacksuede -objectivepackage -mailboxmailman -printshrine -octagonformat -almanacrotate -boardgeology -alibicello -willowmotion -radioclaus -wednesdayboard -microwavewitness -tuliptongue -xylophoneequinox -ronaldhearing -teethtempo -buttonattention -eggplantcredit -regretarcher -scorpionolive -crimecaptain -joggingspade -creamdeadline -jasonmusician -blacksparrow -hobbiescancer -aftermathpheasant -quicksandmiddle -brokerforce -kevinspain -cornetsidecar -brickselect -spherepillow -sharkhelen -pockettyvek -repairfrench -studycommunity -bladderlawyer -riverbedforecast -continenttuesday -laborerpressure -arrowquiver -larchcherry -whorlradiator -scarfboundary -partnersidecar -coloncloudy -dipsticktramp -vesselsandwich -salesmanlawyer -reductionmargin -quotationgender -mousewindow -secretarydentist -guidespandex -batteryweasel -banjorevolver -glassdorothy -elbowheron -africasandwich -kittynumber -japansoftdrink -bargecellar -bricktreatment -pyjamadrake -eggplantcrocus -templedoubt -francenapkin -wealthfactory -titaniumjourney -galleyclimb -bettysoftball -propanehardcover -doubtsausage -cupcakebowling -fighterseason -paymentquart -eyelinerbrick -manageracoustic -michaelsoldier -wristfriction -currentteaching -humorsociology -sneezeapparatus -underwearbirth -spinachbookcase -cattlespinach -touchcopper -octavehardware -copyrightlinen -processpantry -birchnapkin -downtownmacrame -typhoonargument -daisycello -relishfootball -disgustadvantage -diaphragmmeasure -doctorchildren -offenceoutput -meetingweapon -spherestation -portercylinder -piscescougar -dinnerfather -foreheadtsunami -optionnerve -whitequarter -marriedcough -quivercanoe -larchstomach -woundspain -forestwoolen -ministerfreeze -cookingkorean -treatmentdamage -shamecurrent -gardenknife -bladdergraphic -tankershelf -grapemechanic -bombercarrot -fedeliniwalrus -holidaywhite -supportriverbed -businesseggnog -captionevening -rangelotion -sparkvault -sausagemexican -colombiaorder -oliveacoustic -tadpoleslice -footballgoldfish -snowstormchinese -saturdaybalance -fairiessusan -directioncloudy -belieftreatment -butcherspring -marginsense -activechurch -clavesurname -decadetrowel -tempometal -buildingattempt -peacenight -railwayjudge -celerybrian -footnoteagreement -kettlegiraffe -geometrysaturday -lyocellbathtub -francebuffet -spearcattle -relativeshrimp -lycradigger -creditorrevolve -carrotpolice -tulipmosquito -kilometerdiploma -scrapertrial -cycleoctopus -pasteprose -printearth -smellkevin -flutemountain -marchkidney -typhoonstool -salmonmemory -statesurgeon -bronzedirection -handsawradar -crushexpert -trafficsturgeon -grasscomic -freezethought -dragonflylobster -luttucewrench -notebookporch -faucetbumper -systemscience -singerliquor -swimmingenquiry -tornadoteeth -partybakery -thronesquash -bassoonnotify -flavorpotato -rainbowscent -bookleteffect -pantryitaly -layerromanian -graphicavenue -meterslope -riddleslime -chineseshrine -ganderfragrance -teachingblack -magazinecalendar -servantorange -graincurler -carriageplaster -reportblowgun -sproutpeony -creditorinnocent -communityapparatus -editorpaper -featurereading -gazelleindia -routeattempt -sprucepuppy -equipmentglass -sleetcrack -cannonregret -capricornnigeria -surnamebench -dentisthedge -swedishaddition -mouseexpansion -firewallindustry -librallama -flaredecade -prosesquash -clippersubmarine -witchturnip -forecastlunge -inventionlunge -josephshallot -mimosacable -snowflakeharmonica -rewardposition -octavemedicine -circleasphalt -beechgymnast -conditiontimer -pantyhoseforehead -skatebrush -screenpromotion -playroomswamp -brasscannon -clarinetmailman -cameldiploma -wheelsquare -creammeter -michellepackage -noveldiploma -malaysiabottom -aluminumsingle -plaincamel -turkeyhimalayan -inventorycharacter -blowgunturnover -lunchroommuseum -vacuumathlete -kamikazerifle -clausweight -visionvision -networkplatinum -chicorymother -engineclarinet -treatmentoffence -bobcatturtle -exhaustmicrowave -snowplowprotest -dipstickguarantee -successrespect -afternoonpurple -smellknowledge -gradeeyebrow -leatherbarbara -chimeweight -eyelashrutabaga -dinghyproperty -postboxaccount -squarebattery -gore-texcomma -marchquicksand -brazilcucumber -securerailway -kenyaverse -weederitalian -frontbrian -selectionhandicap -squareweapon -licenseasterisk -flarecommunity -step-sonbaseball -toastmimosa -ceramicstopsign -heroncolon -snailskirt -congabreak -dieticianbeginner -cabinetrainbow -tyvekceleste -basketpoliceman -spiderlimit -chemistryfight -buildingdredger -benchplaster -oysterattic -networkpowder -servantzipper -saturdayflute -laundrycrocus -spoondryer -otterguarantee -livernoodle -designpigeon -cloudcraftsman -protocolgallon -britishpyjama -ocelotcrocodile -fendercartoon -digitalbehavior -limitsword -bumperbasket -americaexchange -placecatsup -cathedralalphabet -incomeshorts -wealthactivity -forecastparsnip -ministertortoise -swisserror -signaturesamurai -stampspeedboat -c-clampbulldozer -peanutindia -reductiondeborah -rugbyeyelash -euphoniumbrandy -matchstove -watchattention -basementhandball -commandapril -hedgedetective -separatedcolon -smellswing -currentflame -clutchferry -bloodcushion -stockliquid -odometerchristmas -napkincough -porcupineresult -clutchsalad -relativeskiing -saxophonedresser -readingdamage -goslingbrush -waterfallspoon -glidingwallet -cocoacotton -shouldergovernor -chillincrease -supplymessage -footballgrandson -heightsudan -collegestatistic -pilotornament -novembersusan -clothgroup -susanmaraca -hardwarelimit -treatmentlunge -badgerrotate -refundbandana -ostrichlightning -prefacepostage -drakeauthority -captionnigeria -barberbumper -radishskiing -quietporter -teethraincoat -fedeliniactor -jellybeaver -frameshake -employeehobbies -asparagusbrick -shearstreatment -davidswimming -herringpoint -pleasuresalad -breakdiscovery -waiterthrill -giantmilkshake -daughteroxygen -pendulumbirth -clarinetchill -novelcondor -magazinealibi -ouncedimple -scentpressure -skillspeedboat -novelbagel -umbrellariddle -frenchcatsup -riflevessel -processskate -sweetsvacuum -shampoocreator -passiverepair -bubbleprofit -rowboatdollar -earthbonsai -aluminiumcharacter -racingsubway -viscoseharmonica -ministerbrush -footnotefriday -agreementforehead -helenexpert -professorsuccess -mercurygeography -deathfight -chillvessel -quarterwitch -incomealcohol -armchairfemale -methanesleep -octavedorothy -pilotfeedback -valuespoon -lunchauthority -revolveapology -emerynewsprint -rubberdesert -floodlunchroom -spooncapricorn -islandrubber -authoritycelery -saturdaypenalty -businesscouch -cirrusorgan -periodnotebook -adviceshrine -waterfallgrowth -capricorntimpani -wealthrelish -brothercarbon -macaronigliding -powderleopard -invoicewhiskey -clockkarate -goslingdeficit -deadlinelatex -nursecuban -separatedjapanese -cricketpenalty -thingpotato -swallowwomen -glidingraven -powderex-wife -seederfedelini -candlecowbell -snailgazelle -step-auntaccordion -burstapparel -cheetahcongo -karenposition -armenianrooster -pencildancer -employerchocolate -burmaalbatross -clockcarrot -burglardomain -forestargument -tenorfaucet -enemynylon -nitrogendisgust -christmassoftball -mexicanscanner -desiredatabase -lentiltaurus -pyramidstone -effectswimming -courseacoustic -hourglassgrowth -marketdiscovery -cardiganyacht -tyvekstinger -graphicwhistle -handballchance -wristbeast -ethiopiastomach -croissanttaste -cinemaplywood -learningpuffin -chesspruner -backbonecattle -batteryarmenian -pricesurfboard -carnationcopyright -mittensuede -dramacircle -activedashboard -scheduleathlete -closedelete -kittencabinet -good-byemimosa -insectsalesman -bottledrama -meterseptember -hydrofoilrowboat -slopesushi -coastmarble -robertorder -cloudyjoseph -zebramouth -levelthought -mechanicpumpkin -kettlegrass -scienceriddle -radarjennifer -basketchicken -creamnickel -shieldbucket -michellefield -radiatorchocolate -revolvernylon -shortsfreon -bottomchance -dreampancreas -kendobanana -handballtrapezoid -euphoniumproperty -crackhearing -spinachbalance -housetimer -oysterjustice -linenmaraca -braceacrylic -zebraknowledge -needlepoint -legalrevolve -bathtubdress -drainsearch -balancecommand -liquidbanker -magicmaple -supportsneeze -marblecrocodile -stingerorange -accountdegree -freongliding -thailandfriend -freezerwallet -plasterronald -policefriday -garagetyphoon -alarmcollege -targetkamikaze -larchnumber -childrenpatio -keyboardradish -attentionpeony -effectburglar -castanetfeature -heavenukrainian -databasetwilight -mountainsister -postagecentury -witchcollision -knowledgemouth -temperceleste -prosebaseball -waterfallmailman -memoryankle -clothapple -exhaustwaste -belgianmattock -queenlipstick -threadrefund -mailboxmotorboat -daffodilviola -snailprocess -gearshiftseaplane -walrusfebruary -featurerayon -quarterelephant -schoolpastor -mimosaporter -breadglider -shamesanta -turnipreading -multi-hopintestine -glassbarber -preparedviolin -kettlecrime -fireplaceadapter -inventorybuffet -kittenbelief -elizabethtyphoon -postagepostbox -raincoatfootnote -softballmailbox -stretchliquid -francelevel -impulsecurve -innocentpumpkin -puppymirror -brandyillegal -quotationchess -climbschedule -discoverysusan -medicinediploma -thailandhardcover -cucumbernylon -freonghana -aardvarkdietician -draindesire -cloakroomprison -romanianblade -ashtrayshadow -visioncinema -nationprofit -crocusspring -kevinpants -feedbackpatio -popcornquartz -twilightbanker -storeagreement -dahliabiology -dieticianinsurance -hygienicraincoat -elizabethpizza -microwavescent -vaultbalance -notifycolon -epochpicture -animalchannel -deathcobweb -sheepmaple -semicolontanker -sproutbranch -edwardpaint -earthshoemaker -servergeometry -journeywheel -brazilarmenian -deborahcarriage -systempassbook -routearmchair -platecatsup -budgetstinger -bageleditorial -lathepropane -chainlumber -lumbercroissant -sausageshorts -giantchain -breakdistance -eyebrowpanther -babiescormorant -plieraluminum -curlerdaniel -parsnipbritish -septembersweater -radarcloud -ptarmiganturkey -operationchive -creditorbedroom -bucketcourse -clippermarble -ariescracker -velvetspeedboat -purpledeficit -ambulancehydrogen -driversushi -titlesatin -dugoutoctober -trouserscolumnist -dahliaattic -snowstormramie -athletethread -steeldigital -silveraddition -industryfender -buzzarddipstick -writerbroccoli -snowflakecelsius -denimnumber -birthshoemaker -beardmarch -sushilyric -sharkstation -policegarage -algebrahalibut -frontconsonant -languagewrecker -softballbadger -leatherbetty -garlicgender -giantlyric -asparaguswater -craftsmandistance -croissantladybug -scarecrownewsprint -pencilteeth -elbowstock -edwardbrazil -decademustard -birchacrylic -riddleporter -badgechauffeur -liquorghost -roastathlete -hydrantwrench -salmonexpansion -softdrinkkaren -skirtpromotion -cornetanthony -kittydrain -chinaapology -birchseeder -appliancesardine -napkintaiwan -priestquicksand -avenuewaiter -mimosatrunk -sphynxchalk -measurecolor -thursdayptarmigan -pollutionschool -clientprose -guitarhalibut -plantafternoon -dorothybrown -journeyfactory -viscosechain -rhythmscience -timerrefund -congobacon -squiddeficit -skillswordfish -skatesteel -bangleinput -orchestradorothy -reactionmulti-hop -rutabagafurniture -flameronald -actorcredit -condorronald -euphoniumsmash -accordionafternoon -seaplanenancy -mailmanrevolver -reindeerrailway -tablepound -pantsbronze -michellepilot -trampsugar -footballlettuce -circleground -employerstreetcar -numbercheese -theorybabies -australiaplane -quotationplace -ex-wifequiet -shapeincrease -handballcharles -branchguide -violincanvas -familyaugust -crayfishcompany -laughmeasure -perchliquid -bedroomincome -mittenvacation -februaryscorpion -japanpassenger -employeeground -judgetenor -conditionchauffeur -englishtwine -birchbutter -refundmistake -phoneaccordion -alloywrist -valleygliding -clockcourt -tradesurname -reductioncaution -pimpleclarinet -equipmenttexture -geesediamond -elementsemicolon -trafficporter -deficitfired -letterfortnight -burstcolony -novelchange -saucecracker -marketwasher -selectionbracket -shoulderdeborah -ellipsecopyright -denimastronomy -surprisecrown -locustturkish -zipperbrick -partridgesemicolon -stormsemicolon -secretaryjennifer -intestinecornet -fedelinisupport -writercough -divingblack -growthtrick -deficitrepair -wrinklegauge -classcomma -divorcedspade -trailfront -networkcream -frownbrochure -garlicdrawer -trumpetstock -beavertrouble -exchangemichelle -farmercover -adaptergoose -latexapparel -edgerstretch -thoughtquality -firemansession -berrycomfort -cancercolon -pastrystructure -marbleblanket -dentistcocktail -scenelicense -kenyabengal -questiondebtor -actionplant -jeansbassoon -damageoption -frameattack -mouthselect -bicyclediaphragm -divingsquirrel -switchjapan -recessillegal -comichurricane -turnipsoftware -hygienicjaguar -kennethvietnam -brianpamphlet -latencyclave -collarcymbal -rainboworgan -yellowcaravan -equipmentedger -fairiesbegonia -illegalappliance -routersurgeon -handlestation -badgelipstick -reportframe -soldiertexture -knowledgesandra -addressalphabet -harmonicaaftermath -gaugebrand -georgegosling -editorsupport -custardattic -reasonantelope -drakeshrimp -tradeappeal -driveoffice -morningmyanmar -cylinderpoison -fedelinizoology -vegetablevelvet -graphicchair -surgeongeranium -antelopeshoemaker -cupboardbassoon -handsawbudget -knifegymnast -mouthvalley -guiltyhydrofoil -heavenblack -startlathe -edwardterritory -odometerlobster -magiciannumeric -nylonobjective -smashdowntown -perchgateway -pendulumaccount -chemistrytreatment -bloodpollution -turkishbrian -ladybugsalary -authorsoprano -familyadapter -seagullalarm -periodtrunk -companygrass -jumperrouter -halibutbronze -optionelbow -reporttenor -airplaneblinker -kenyagrape -jewelclick -lentillevel -sweatshopkimberly -eagledimple -jamessampan -mexicansundial -partnerbrazil -romaniahelium -thrillharmony -mirrororchestra -subwayschool -mailboxravioli -secretarycloth -frownconifer -cicadapeanut -tankersword -sleepniece -recessschedule -healthdashboard -plywoodmagic -captionbasket -cucumbertraffic -pimpleairport -limitadult -customerbooklet -flowercement -diamondcandle -monkeyfender -romanianstinger -leopardlanguage -pajamaknowledge -arrowcricket -coverbomber -cartoonclass -fieldpiano -stevenwhite -badgesecurity -galleystamp -hexagonfisherman -timerchinese -dragonminute -slicereaction -hardboardnoise -dinnermosque -peanutopera -propanestation -diggerwinter -eggnoggirdle -milkshakearmenian -italiancooking -revolvetrain -languagefactory -textbookpreface -blinkerblock -pepperbeauty -eggplantheadlight -daffodilbeach -pantherwitch -michaelsword -alleycousin -indiachina -softballfrench -agreementcough -moustachehumor -forecastcloth -rocketprison -actresssilver -libradugout -beautyocean -sweatshopswitch -celsiusfeast -pepperskill -curlerreligion -cymbalbangle -mustardethiopia -ankleclimb -coughtower -sturgeonjelly -cautionchina -aquariusbankbook -stopsignperch -slicecreek -sprucezephyr -utensilcarbon -creatorsmash -tableprison -operationdeadline -rewardpantyhose -decreasehydrant -cookingairmail -frecklepurple -castanetellipse -shinglecamel -hurricanecousin -feastshingle -planetaccount -steeldolphin -ballooncheek -glidingshears -sheepchest -platinumrepair -bronzesundial -entrancecopyright -snowstormclock -gorillanylon -sunshinedivision -tortoiseharbor -tailordecision -dahliadowntown -thoughtintestine -cyclecolumn -bridgedahlia -cautionspinach -tabletopbrake -refundkeyboard -subwaybarge -carnationbladder -rabbirutabaga -cemeteryrussian -sparkthomas -bamboohardcover -michaelproduct -downtownsiberian -professorwasher -uncleshoemaker -colorbucket -wrenchbrake -decisionviola -climbgoldfish -closetplanet -elementbillboard -windowwrinkle -groundpoliceman -butanemattock -frictionvoice -dredgersurfboard -accordionbadge -canoebillboard -fridayslipper -middlecalendar -bombersilver -answerisrael -daviddrake -enquiryaluminium -scissorsstage -davidstatement -butchersmoke -aprilemployer -hardboardpheasant -downtownchime -kenyapigeon -hospitalcotton -offencequail -fatherclave -salmonamerica -dipstickwinter -bookcasedeposit -clipperdredger -defensepurpose -lentilceramic -rutabagaviolet -alibidefense -paintsilica -backboneclimb -saturdayanime -passivebasin -yachtwrecker -ferrycommittee -musicianspinach -asparaguspyramid -feathercheetah -vesseltanker -prosebrass -rocketyogurt -propertysoybean -collarplaster -startshovel -messagecello -thumboctave -diggerrecord -shapeargentina -chequevessel -peacebarometer -laughsuede -committeestamp -skiingshrine -crookcartoon -swallowcousin -apparatusinventory -successcougar -alarmantelope -nitrogenmanicure -typhoonbeggar -radarraven -nationdietician -trainheight -aquariusbutcher -angorasunflower -baseballstarter -ketchupmichael -structureostrich -crackskate -shellbadge -mistakepocket -stormmustard -bonsaistreetcar -aardvarkcommunity -packageorchid -directioneyebrow -whorlperch -systemcurtain -wednesdaymailbox -pumpkinreminder -requestbrochure -plastercroissant -refundbudget -fathernumeric -effectcardigan -canoecapricorn -wedgecandle -epochpepper -popcorndivision -turnoversubstance -headlinegallon -edwardsnowstorm -thingkilogram -childrensauce -middlestudy -aardvarkshark -cornetstatement -dieticianmouse -kilogrammallet -platescissors -courtshingle -lilacdistance -newsprintsegment -pyramidmustard -badgeskill -weederillegal -benchdenim -sweaterplier -innocentcontrol -budgetchristmas -jasonchristmas -sheetrutabaga -bomberpancreas -creaturedisease -ceilingcreature -securebamboo -chickcolumnist -tankerclipper -ramiechalk -libratyphoon -vaultshampoo -prefaceformat -serverminister -childanswer -museumukrainian -sharontheater -swingequinox -nancycatamaran -metalbankbook -marimbacentury -piccolomotion -clockdigger -buffereurope -successshark -reductioncustomer -vacuumdomain -sidecarmotion -englishbasement -salarysweatshop -sandrakilogram -commandbaker -appleoctagon -gaugecloakroom -glassbalinese -actorfired -gradeemery -olivesoprano -jumbolawyer -narcissusutensil -producenovember -secretaryairplane -discoverystore -inputproperty -trapezoidpropane -decisioncongo -fightscene -sweatshopcobweb -cupcakescrew -grapelilac -chiefnovember -receipttoenail -chesshydrant -parrotlaundry -signaturefrown -cirruscatsup -dresserblanket -trombonecrime -asphaltwhiskey -weightmagician -shellfeedback -throneprinter -flowerastronomy -storyrobert -josephcement -geesemarimba -yogurtclave -sopranodessert -germanwaitress -cottonweeder -shirtbathroom -narcissusstick -groupcathedral -dreamstranger -pastortrial -davidpaperback -cougarvirgo -recordturkish -rangetooth -vacuumoxygen -mirrorlinen -soybeanlibra -softwareradar -emerycrack -capitaldebtor -catamaranpolice -scallionsecurity -hallwayexpansion -cousinclaus -cylinderreason -harbordavid -shearsstomach -airportfather -kitchennight -doubtapparatus -ferryarrow -dibblesegment -tanzaniamissile -pancreasvision -beggarpriest -calculuscucumber -suedechicken -diggerriver -signaturemosquito -joggingdamage -effectbarbara -limitthrill -manicurecrown -centuryjelly -seaplanestaircase -penaltycooking -policemanegypt -beastrefund -attentioncushion -collisionsampan -humorvalley -skiingmargin -backbonegorilla -jameshistory -chickberry -titledesert -hamsterdredger -prefaceattic -relativeeditor -sweetschannel -crayonimpulse -frenchhumor -violetbritish -carolchurch -hardhatshorts -cockroachspark -whalespeedboat -pollutioncherry -brothercrown -raincoatdecision -septembertendency -willowdesire -lobstervinyl -carbonstep-son -sweatersoftball -shrinecelsius -cloversturgeon -passivelocket -daviddesign -selectionoperation -utensilairplane -accounttower -moustacheturtle -coveranger -northcemetery -glidingantelope -kittydivision -maracashrimp -herondrawer -goslingroute -stingershame -postboxvietnam -smokecrayon -cloudground -middlealcohol -continentgazelle -applecustard -goldfishattic -handballhexagon -chessmistake -grainmorocco -orchidpencil -pyramiddetective -diplomaegypt -brakemercury -guiltybehavior -mandolinnovel -eggnogfireman -shovelwitch -ounceaccordion -mercuryburglar -gymnastmother -harboranime -bakerysinger -blackbrain -kevinskill -yellowsilver -marbleflame -polanddaffodil -bronzespring -womanproperty -sidecarsprout -radiatorestimate -pakistanoxygen -quillsaturday -featherhelen -orchestraniece -kayaktoast -birthdaybronze -nephewhistory -condorjanuary -creditorchannel -almanacdesire -cirrusbiplane -brickcello -willowshare -quartzronald -cheeseglider -pandasnowflake -coursechick -domainarmenian -planebacon -marginoyster -currentcroissant -footballargentina -swimmingstraw -dressingbrother -vacuumhyena -americabeaver -porchpackage -blowgunvisitor -writercello -bladderroute -radiounderwear -potatohistory -titaniummagic -brazilweapon -dressflare -clothdigger -middletemple -crayonwinter -factoryattempt -hallwaybranch -giantptarmigan -troubletaste -sweatshoptyphoon -customerrespect -singledigger -authorrespect -siberianpriest -countrydecrease -nervegauge -handleerror -chickendigger -canadiandelivery -shapechalk -litterxylophone -seaplanesword -barbaraseaplane -mercuryhimalayan -algebramirror -clockwhite -ploughguilty -honeythistle -receiptwilliam -feastfootnote -grapeparent -waitereight -zoologyvinyl -frenchbomber -sudantrail -donnaacrylic -wedgecarrot -mechaniccomic -geographyfeather -noisefield -motherblouse -februarygender -visioncommittee -selectioncello -sailoreight -fatherappendix -frictionblinker -septemberwhiskey -routesphere -helenapartment -rubberreason -separatedcamel -sphynxbackbone -sheetdrink -jellydress -inventorythrone -lathemichael -pendulumblizzard -birthdayexchange -emerynancy -banglecattle -decisionbanker -voyagepuppy -rowboathardware -ornamentforehead -truckthumb -enquirycheese -turnipblowgun -arieswhite -nephewquiet -numericoption -napkinmicrowave -characterbaboon -uncleorder -moustachewater -thursdayinvention -angletarget -stationshovel -activeangora -fleshconga -sudanpheasant -musicianschedule -actorrotate -appealpakistan -purposesideboard -bathroomrevolve -insuranceeyebrow -tellerraincoat -powdercircle -collegegoose -drainmarble -commandhamster -thursdayfisherman -malletteaching -deliverymethane -mimosacarol -nursecloakroom -grousepantyhose -rewardcoast -commanddrizzle -kittydashboard -heavenbutter -diseasepromotion -drivercrocodile -ticketgarden -lyocellpickle -wreckerleopard -lasagnadonald -aprilarmchair -sugarsearch -cougaraustralia -moroccofridge -startquart -pantrysalary -badgerchauffeur -hamburgerlaugh -lunchapparatus -indexchain -congoavenue -phonegarden -butcherbugle -decisionslime -locustcoast -retailermanager -statevoice -sistercousin -roastpopcorn -mouthlotion -locustmacaroni -climbadvice -turretcrate -cyclehedge -soccertemper -donaldrichard -cautioncomma -softwarechina -clausraven -diaphragmbladder -digitalsneeze -canadianreading -locketspade -sunflowerapproval -sweatshopdefense -skatestory -thistlejapan -litterramie -herringwindow -missileminute -structurestep-son -revolverhydrogen -heavencrate -jumperdrake -sweaterpentagon -soybeancreature -crayfishdonna -washerchicory -haircutscarecrow -luttucebrake -dungeontwine -estimatebrother -broccoliravioli -angoraalcohol -camelwrecker -custardtenor -twilightconga -frictionnephew -chairgoldfish -hacksawsubmarine -sarahrichard -japanknowledge -latencyrhythm -chivepyramid -oxygenhobbies -bakeryspark -laundrysampan -ownertyphoon -croissantdredger -turtleladybug -thoughtmandolin -troublequilt -raincoatmailbox -kittystocking -damageflame -gardenbulldozer -printercrown -calculusepoch -wallabycontrol -bowlingticket -armeniantrapezoid -interestbeast -fibrewhorl -eventlocust -odometersunshine -blizzardpropane -ceramicgirdle -gondolatitanium -cloverprice -ghanabicycle -liquorjellyfish -eyebrowcreek -bandanapilot -volcanoclimb -shampoosardine -screwdrain -chocolatecolor -poppyaries -animalmarble -stickhedge -balancejogging -cockroachopinion -seederverdict -separatedshelf -grassglider -dungeonpeanut -toenailoutrigger -hospitalkimberly -turkeyfather -operaengine -mattockaccordion -baseballadult -birchtitanium -baseballnoise -grapeswallow -vegetablechest -landminebubble -satinsquare -familybrian -skiingcoast -squidsoprano -buzzardpassbook -deathlinda -quietmiddle -smokeoctagon -secondimpulse -skiingintestine -messageoctober -babiestextbook -snailmachine -workshopasterisk -cemeteryquestion -macaronisleet -uncleagreement -reindeershelf -pyjamaparent -decreasegerman -crawdadwasher -supplyrichard -ouncesarah -pigeonapple -drillselection -bicycleramie -chessjourney -eventclover -hygieniccamel -prunercemetery -cricketsteam -physicianhexagon -celeryindia -expertcontrol -argentinapaper -bladegasoline -cardboardtexture -floorgasoline -asphaltlight -botanycarnation -bomberswiss -friendhalibut -diamondhydrofoil -octopussidecar -franceclient -octopushockey -pastoremployer -saucepencil -comicinvoice -nigeriarange -guiltyankle -pricefelony -authorrichard -scalebattery -skirtpolice -romaniadaniel -pointwrinkle -animalimpulse -ukrainiannephew -scarecrowtrombone -chimecicada -romanialunge -ornamenttrout -partyfortnight -eggnogquestion -peacefaucet -nightwednesday -cherrysneeze -ravendeborah -coachradar -hedgebattery -cheesetreatment -ikebanajeans -ladybugeuphonium -badgerliver -pansysingle -lizardbabies -postboxplatinum -eyelinerberry -antelopeleopard -screwmanicure -priestjellyfish -tightsmonth -lightningperfume -liquorscorpio -hubcappyramid -squidmorning -enemyreminder -ministerturret -nationroadway -ravenpickle -racingstate -foresteffect -turnipcuban -lathemanager -churchhandball -groupcondor -lyocellsweatshop -fighterbranch -threadsteven -humidityvolcano -karenspandex -bathtubdamage -barberforgery -drinkceramic -faucettimpani -oliveapartment -heavenvault -checkequipment -hardwareinterest -separatedgasoline -attemptblanket -indextrumpet -controlsecure -georgerooster -textbookslave -greenwinter -randomthumb -violetmilkshake -eggplantpurpose -shellpeanut -flowersecure -middlebarge -numberdollar -layerpackage -gymnastwaitress -canoewaitress -oxygenperson -thrillflame -zephyrstate -washerseaplane -chequedigger -kayakbelgian -tanzaniapartridge -swedishcable -notebookdrizzle -lasagnapromotion -parcelforgery -needleslime -stitchbagel -knickersantelope -footballanthony -liquidtimer -ethernetgrease -zebraskill -jellyfishopera -valuemascara -camelbelgian -strangerbooklet -snakefeedback -stingerformat -englishegypt -cactuslyocell -clockalbatross -cocktailbabies -bangledrill -jellyfishswordfish -internetmicrowave -quillyellow -organdinghy -thunderplane -couchaugust -tom-tomanime -hydrantattic -greenblock -gazellesoftware -plastermalaysia -geologycartoon -statementbumper -woolenconsonant -velvetchemistry -successviolet -signatureaction -wallabygrandson -lizardrussian -coughhardware -womanadapter -objectiveinventory -stopsignearth -framevalley -karatehoney -canoeaddress -harmonicacheese -ticketpatch -engineerdavid -eightbucket -hamburgerhexagon -alleyairmail -selectionaugust -judgejames -quartzcrack -spandextwist -weederliver -successex-wife -illegalhimalayan -hardcovervinyl -sushicouch -witchdiscovery -pancreaslatex -bamboobattle -magicianskill -armadillobritish -cymbaleagle -buzzardtom-tom -behaviorsystem -turtlemilkshake -lemonadepamphlet -donalddefense -flowerteacher -mistakeslice -objectiveattempt -capitaldatabase -stateprotest -jennifergrowth -handlebritish -jeanshobbies -slopemethane -professoruncle -silverlyocell -crayonneedle -francekendo -heronairplane -pounddimple -fridgesoftball -tsunamiactivity -troutharmony -purchasebutane -stagecolumnist -skateberry -romanianbagel -storerange -croissantcrate -protestgateway -detectivekangaroo -polyesterchick -fleshkohlrabi -riverpancake -questionbench -argentinachicory -flaresupply -norwegianpartner -mexicanbarbara -checkbrochure -coachpantyhose -larchdungeon -toothhexagon -passivearmadillo -dentistindex -reasonoctopus -secondadvantage -sweaterswallow -porchbiplane -heightswitch -brassniece -femaledream -notifypilot -statementjudge -fieldfather -diaphragmgrandson -bonsaiscanner -bufferjumbo -myanmarfifth -circlecurtain -toastcopyright -woolencherries -pocketbakery -shadowpromotion -vacuumlaugh -nightstreetcar -recordnotebook -magicianobjective -chardexpansion -crackflare -blousealuminium -capricornwhiskey -mirrorpatch -apartmentbrace -bottomaluminium -substancepressure -apparatussecretary -ukrainiansecure -roadwaynepal -answerhubcap -juicewheel -spaghettiethernet -gladiolushardboard -ukrainiansentence -donkeyemployer -beggarparrot -zoologyalphabet -policemanoctopus -leathertemper -basementclient -postageviolet -ladybugfreon -sentenceparty -batteryptarmigan -memoryfiber -shaperussian -amusementparent -japanesesiamese -elementvacation -aftermathaftermath -columnistgoose -transportstove -networkbronze -butterlatex -lunchgemini -apartmentspark -trafficequinox -employeecanadian -tugboatcontrol -cancerpantry -sciencethistle -letterbanana -fatherhedge -lyocellasparagus -ugandasheet -employersecure -patientcouch -workshopparticle -femaledatabase -willowgreen -whalecrocodile -quivertrumpet -thoughtwillow -airbusjapanese -kamikazealphabet -edwarddiscovery -courtclaus -meetingenquiry -beretplanet -pepperreceipt -theorysalary -pointmarimba -missilenotebook -spikepentagon -gorillaex-wife -williamchief -scissorsdaisy -noisemissile -cherryburglar -skatefield -searchborder -womandance -dinghybranch -swingwriter -argentinamichelle -causeweather -radishbiology -linensquash -vinyloutrigger -outputsurfboard -anteaterumbrella -captainpakistan -bankerspark -quicksandepoch -consonantground -networktrombone -pantrypartridge -objectivepolice -fighthospital -roastsardine -gazelleviscose -debtorairship -bangleplayroom -wedgestate -dungeonarcher -washerdonkey -versesquirrel -bookcasepiccolo -templelocket -crooktraffic -nephewchord -coniferstore -pricebuilding -beginnerspleen -stormtsunami -weaponcoach -airshipcactus -hospitalpound -quailvirgo -brotherprose -effecttimpani -asphaltroadway -crackbanjo -spongeweapon -visitorelizabeth -belgianmarket -dragontitanium -spainsquid -insectchina -walrustanker -divisionrabbit -ashtraystart -margaretbandana -oxygenbattery -velvetumbrella -tom-tommandolin -radiosidewalk -strawsurfboard -oceaneditor -rubberoffence -smokeblowgun -chairshingle -bumperhygienic -robertbrochure -partyutensil -croissantvacuum -timerrugby -karenhalibut -blackoctopus -sprucegorilla -chestdiploma -hexagongeorge -poisonbasin -buildingplate -ketchupskill -humorzipper -drizzleenquiry -planecocktail -shallotspinach -crackerstove -spoonraincoat -sweatertractor -moneylipstick -thronec-clamp -seagullflame -fridaycommand -mirrorshield -beastrobert -towersaxophone -halibutgrape -statementbrush -boardcrowd -appendixchalk -bracedinner -lilacturnip -thoughtperson -poundsteel -chancethrone -mailboxemery -rainstormbugle -climbquail -step-sonevening -swedishoctober -modemhedge -airshipcredit -scissorsalmanac -digitalaccordion -jaguarsyria -houseramie -radarwilliam -creaturesunshine -preparedrotate -relationbumper -baboonframe -passivegemini -wedgebiplane -roosterhaircut -liquidwasher -bufferhaircut -cablenylon -asparagusdress -euphoniumflight -stampbroker -equinoxghost -pilotmatch -octobershoulder -pakistansponge -ashtraydefense -lunchroomwindchime -signaturescooter -witnessprison -knickersdelete -soldierniece -resultsinger -shapecloud -rhythmcurrency -fruitdiploma -trowelcrush -crocuspants -partridgeclipper -fedeliniknowledge -daffodiltrombone -narcissuscycle -geometryjuice -paintgoose -successappliance -marchopera -desiredanger -edwardbakery -bargelarch -faucetcrook -weederlinen -apparatusrobin -velvetclipper -prosetoilet -postboxswedish -replacemistake -fragranceweasel -syriadrive -pantiesapartment -theorydoctor -saxophonepilot -nitrogenquince -swallowpastor -prosematch -bubblepamphlet -novelgrease -appendixbandana -tom-tomregret -berrynurse -nursememory -soybeancatsup -sharonpenalty -smellcapital -step-auntarmadillo -alcoholpreface -israeldorothy -bengalaftermath -memoryfridge -computerlaundry -timbaleapology -germanysound -nitrogenstranger -ronaldairport -thunderrainstorm -streamparade -denimpanty -freighterforehead -beardbench -weaponsurgeon -nickeltheater -strangertaste -cobwebcurler -musclehandicap -cushionspark -cymbalscene -donaldchalk -shelfghost -bathroompuppy -educationpickle -creaturespear -continentorange -cylindersociety -transportketchup -lindapopcorn -mirroraluminum -turretcardboard -brainniece -quaildrake -haircutslipper -packagekitchen -lotionnoise -freighteremployer -minibusstart -attentionmattock -thailandpatio -parsnipamerica -kevinchain -spherequart -educationporter -riveryellow -geometryindustry -sweatshopreminder -karenalbatross -raincoatwaiter -hexagonglass -skirtscrew -canadianweasel -libraryquality -tulippanther -piscesemployee -gradepressure -amusementcocoa -accountwallaby -drivingsemicolon -crossclose -networkstool -exhaustparade -forcekevin -luttucedigger -cirrusbotany -propertylathe -basketcloakroom -armchairdinghy -bladehumor -hyacinthpaste -dinosaurmacaroni -greenfloor -stretchbrand -sparrowfebruary -reminderinternet -snailbeast -trousersshelf -algeriajacket -printerdaughter -capitalaustralia -creamhyena -voyageweight -timbalehurricane -spearpanties -frametexture -herringbeach -jenniferstep-aunt -saxophonenancy -agendajudge -fedelinipolish -giantfreeze -zoologydomain -cyclealloy -ptarmigansleep -printpuffin -voicetrade -dahliacheque -cockroachlaugh -currentgirdle -bettyplastic -mexicancirrus -williamhouse -arrowappendix -quartmercury -octoberbedroom -rainstormantelope -streamblock -cormorantyogurt -channelbaboon -orangepiano -balinesequotation -romanianromanian -bufferscorpion -indonesiaradiator -buildingvolcano -cucumberrouter -consonantbotany -seagulljuice -rocketjoseph -anteatertortoise -oatmealrecess -celerytrial -thingwrecker -underweardiaphragm -step-sonanthony -celestecousin -purpleequinox -chimespruce -taxicabshame -jenniferitalian -separatedmeter -bagelhalibut -butanepollution -grandsonkevin -timermulti-hop -quailsquare -haircutrussian -zephyrmakeup -baseballcheque -sugartanzania -potatoathlete -ceilingsardine -croissantsquash -offerswiss -borderpakistan -bettypolish -educationsharon -bumperbeard -pajamaoctave -messagebadger -healthglove -goldfishbowling -spruceagreement -witnesspostage -housewitness -pansystitch -armchairblade -replacequince -kidneyracing -childsubstance -gymnastdrink -chestherring -kennethmessage -thundersycamore -gianttruck -chauffeurfrost -tongueopinion -alloytemper -turnoverdaughter -controldigestion -musclepiano -chardreligion -securefight -clothbladder -quincetrial -melodyrequest -internetmakeup -epoxymitten -featureethernet -airmailbabies -peonycyclone -mirrorpassenger -rotatemosquito -checksupport -degreesphere -mexicolentil -whaleminute -beasttights -timerblanket -ceilingslice -computerdavid -singlebeetle -blockanimal -ronaldtoast -educationraincoat -partnerbudget -forestromanian -illegalfortnight -draineditor -ariescrayon -spoonrussia -coniferphone -interestcapital -shellsanta -toenailharbor -numerictsunami -bracetsunami -bettysociology -sphynxnorwegian -hobbiesformat -formatobjective -marimbatouch -magicblowgun -adapterprofessor -carriagebrandy -apparatusservant -plantsinger -collarpyramid -patchsoldier -propertyshingle -scorpioncurtain -januaryquarter -porcupinephysician -criminalcheque -debtorcactus -indiainternet -invoicepatricia -fightertrail -kendovenezuela -medicinecircle -streetcarnigeria -mistakethrone -comfortsearch -cirrusnickel -agendaamerica -turkeyevent -woundnoodle -scorpiongondola -greasechime -galleyvenezuela -frienddinghy -scorpioheaven -breadlegal -missiletheory -queencucumber -snowplowegypt -stretchdragonfly -beetlepurchase -teachingscanner -tendencymotorboat -wastecactus -zebraroute -boundaryamerica -bugleisland -cushionaftermath -algeriasquid -alcoholikebana -oniontrial -williamquestion -templegreen -saucebagel -dryerriver -tomatochild -sundialscorpion -animetextbook -processhardcover -firemansardine -ukraineadvice -dorothytooth -dressingquince -bookcasehistory -hacksawarmadillo -cuticlesilica -condorgender -eventtreatment -animewatch -floodbrass -rubberfibre -ghanafamily -inputpassbook -pyjamascooter -partyriver -chalkimpulse -tornadonewsstand -historygallon -carnationpastry -davidwound -forecasttuesday -actionsmell -backbonebladder -canadacancer -targetjapan -meterradiator -flightslave -offencereceipt -incomeairport -squirrelenergy -trialbrake -davidmachine -insectchurch -gliderturnover -airplaneorchid -colonvalue -motorboatinput -cherrypoison -stickmascara -pastorsparrow -alphabetcello -digitalnickel -hallwayflight -carolpimple -glovebutane -printoutput -salarybread -timpaniparsnip -changeburst -licensecougar -timpanilunch -cartoonbreak -brackethacksaw -searchtitle -driveprofessor -georgetaxicab -israelavenue -recordblock -hammertrunk -cottonraven -notifybeech -pancakequotation -chalkheadline -washerlentil -actionverdict -christmascreature -sarahpizza -chalkhoney -sturgeonwedge -cementmacrame -bracketorchid -harbordelivery -singlesurfboard -innocentunderwear -chainviolin -keyboarddream -typhoonmarket -zephyramount -davidsemicolon -algebraclick -profitvolcano -saturdaycanada -pendulummusic -sharksaxophone -orchiderror -recordprotocol -foxgloveaugust -cougargermany -spiderspinach -rutabagaspark -roadwaycrayfish -zephyrwhale -hubcaprussian -trialavenue -kayakaries -studymarket -blockfamily -chequeoutrigger -divorcedalphabet -blockdirection -potatospinach -basintornado -graphicgosling -numericdeficit -temperscreen -englishmustard -sopranohoney -airportbranch -oceanspoon -seashoresuede -inputcable -fairiesappliance -drizzleenglish -mexicoschool -turnipduckling -propertysideboard -bargefountain -bobcatbarometer -baritonecrowd -creatoractivity -porcupinelimit -breathfreezer -leopardbanana -breakdaisy -engineerhealth -forgerylibrary -treatmentobjective -dinghyikebana -ticketpromotion -systemchair -brokervision -liquidbutcher -russiashrine -siameseperson -drizzleincome -snowflakeceleste -ministerriver -picklemarble -dungeonbedroom -americatrial -tastehumidity -recesskenneth -trickaccount -newsstandfeather -brownswamp -crushhouse -pyjamaopinion -equipmentbookcase -musicianguilty -sugarquestion -englishswedish -closetcolumn -notifyotter -rainbowmarimba -healthbanjo -tsunamistomach -freighteraquarius -clockinvoice -reportankle -weaponsunshine -linenfeedback -coastpocket -distancedecrease -packethyena -companysurgeon -bargepeony -debtorbongo -jellyfishhearing -believemother -butchercuban -advantagemexico -friendstone -brazilearth -burglarwhite -kangaroocurtain -saucedrain -lyocellsidewalk -ownerwedge -crayonjewel -buffetwealth -pantrycemetery -threadclipper -orangejason -pastryplaster -algeriaagenda -cylinderarcher -monthbillboard -partyshears -fortnightharmonica -lightdeadline -lungepatient -burstapartment -companyknight -patchsalesman -securitywhite -spaghetticrook -storyvolcano -armenianbicycle -peacebroker -grouprepair -customerstocking -landminesurfboard -consonantrevolver -halibutcolor -officedessert -swordfishequinox -sailorsidecar -industryapparel -gore-texchinese -couchdorothy -englishanger -shoemakergemini -walletpayment -donnaapartment -chestpoint -brandtractor -answerbasket -cricketshrine -trunkcathedral -drawercarpenter -plasticknight -dinghysushi -subwayoatmeal -cartoonbudget -streetcaropera -studycomic -submarinebasement -elizabethwednesday -luttucechildren -squashinsurance -tastecontinent -patientteacher -jacketaftermath -japaneseexistence -plasticclaus -bedroomtrumpet -resultsanta -powersidecar -spaghettivalley -cyclefrench -bedroommiddle -tendencytrain -seagullravioli -latexpackage -streamselection -washerrelish -zoologyemployee -pantyhosedesign -managercentury -mascarahumor -edgerrhythm -trumpetcousin -romaniansoybean -microwavemoustache -ghostmaria -cricketdance -freoncondor -pentagontouch -magazineeight -cardboardwitness -optionjapanese -aprilbrake -mondayblouse -attackpickle -thoughtguide -harmonicatruck -shallotcarol -repairsmash -crosswalrus -streetclose -zoologyorchestra -cirruskitten -kilogrambaseball -shortstoenail -acrylicbooklet -cloudyblock -waitresscurrency -africaeyelash -jenniferalcohol -diaphragmslipper -pencilsprout -harborstreetcar -magicgarden -monkeybeggar -stockingbabies -novelgearshift -wastegemini -ministerpajama -egyptgazelle -armadilloplant -powderlizard -forcecougar -hallwayhydrofoil -clarinetswallow -womenpyjama -ariesbrand -kayakcollar -viscoseliquid -buzzarddouble -melodyschedule -outputyogurt -dipstickasparagus -hyenaneedle -cupcakebulldozer -messageorchestra -beachfisherman -clothexistence -recorderlunge -dorothycoast -propertyplough -karatemargaret -hallwaylearning -asteriskreindeer -mariabreakfast -creditsister -airbusholiday -trunkexhaust -aftermathgrenade -officesurprise -accordionthistle -moustacheanteater -eggplantbuffet -myanmarchord -spaghettisaturday -dahliahobbies -stingernight -stationwitness -interestburst -britishasparagus -snakegroup -gooseexample -step-sonpackage -cardigandorothy -printergeology -brokercellar -jewelbuzzard -jasoncaption -benchtoast -lightcellar -windowjelly -successtanker -insuranceicicle -sleepswiss -carolfrench -produceonion -pocketsnail -schedulelotion -brushkamikaze -guaranteemexico -cerealunderwear -sweatercourt -bottomcaption -crossepoch -wastelasagna -dogsledbranch -skilleffect -passivelemonade -congotiger -newsstandclass -tastethread -spaindetail -sandwichfather -statisticitalian -turtleolive -greekstring -ferryboattwilight -cheesealgeria -lobsterbeach -spinachlettuce -sentencewrench -ravioliquartz -mimosawriter -motherliver -felonywilliam -croissantchinese -inventoryex-wife -honeyperson -germanytrail -zipperracing -touchdrive -angoravault -offencecriminal -chinesedollar -bugleapril -celloplant -dinosaurshock -beliefvault -cupcakeberet -shadowbadger -educationorange -camelodometer -riverprofit -lindaburglar -dimplebladder -biplanemoney -periodrouter -japanindex -squirrelsheep -ariessmell -celsiuskorean -recordbirch -tailorbabies -barberkevin -baboonalarm -disgustfemale -packageshallot -halibutoxygen -norwegiannarcissus -sistercouch -kittenreport -dancercurler -stovefrance -islandsunflower -fluteinventory -decadeverse -heliumbarometer -creatorfrance -depositplate -richardunderwear -ferryboatcymbal -broccolialbatross -sentencebreakfast -saturdayleopard -barometergateway -cymbalsecure -hacksawswordfish -orchestratiger -accountporcupine -shearsaftermath -vinyljennifer -gallonparticle -pressurestart -handballplant -chalkmicrowave -inventorymallet -skillmexican -digestionpollution -garagenewsstand -sproutcelery -octopusaddition -raviolibugle -edwardperfume -violetprice -prunerhallway -apparatuscause -wreckerhyena -aprilrainbow -desiredivorced -anatomycannon -chairmarch -bargegarden -scalliongrandson -footnoteharmony -hurricanedragon -debtorsunflower -governorblanket -coastchurch -activebutcher -parsnipjoseph -fluteniece -priceafrica -tromboneheight -lobsterstick -discoverytrick -slopemustard -footnotequestion -stevensnowplow -bathtubvolcano -raviolilicense -chauffeurbubble -crayongeese -comictrial -patiotom-tom -europechick -snowstormfamily -anthonyregret -seashorecurrency -enquirygiant -dinosaurhamburger -cougarcricket -internetukraine -spandexcanadian -jeansgladiolus -asphaltedger -storyagenda -equinoxactive -spearrelative -columnistsoybean -vulturefisherman -scentastronomy -bufferbrace -treatmentplier -sunshineblizzard -collegeamount -breakfastspear -gasolineaddition -throneactivity -lightheart -stepsonbrass -williambuffet -thingsociety -bathtubcornet -nursewoolen -organstep-son -cinemapassbook -womenchill -newsprintethiopia -tendencytugboat -cactusepoch -tanzaniadoctor -spherepayment -cobwebmusic -postboxdollar -creaturemexico -disgustfountain -spadepajama -paperbackwaiter -italiantanzania -myanmardoubt -trialpoppy -slashrowboat -hacksawdeodorant -blizzardsweatshop -physicianpoland -nightriddle -sweetsmonday -vegetabledisgust -oniontoilet -strawgrandson -cowbellthursday -dibblemelody -stockingfactory -c-clampharmony -advantageknowledge -crawdadfireman -drivechicory -woundparsnip -yachtengine -venezuelanickel -chickjeans -enquirystopsign -rutabagashrimp -geminisuede -pancreaslatex -ikebanapatio -turtlecaptain -shellpassbook -glidingspoon -whorlmaraca -japanesescraper -kohlrabieggnog -marriedsharon -sweatshopsnowman -streamthrill -targethydrofoil -blizzardrooster -saxophonedollar -laborerpanty -purchaseyogurt -cyclonepromotion -sociologysnowflake -armchairprofit -whistlequeen -schoolstick -arrowuganda -creatureaddition -freonutensil -buildingflight -tenorroadway -poppysociology -chickenhorse -bearddorothy -crayonplatinum -susanmonday -trouserslumber -goosedrizzle -octavenigeria -kevinmachine -clipperclerk -disgustbelieve -pamphletsnowman -ex-wifeforehead -toiletscent -crackercuban -swordfishbritish -fishermancomposer -foxglovenephew -soybeangrandson -depositbobcat -sturgeoncaravan -waterfallcheese -potatoblood -broccoliforce -productseashore -treatmentshell -cricketaluminium -chickensponge -territorygondola -reportferry -chordchest -consonantniece -juicelentil -cherriesitaly -calendarpelican -throatporch -gore-texfeedback -outputclass -calendarlyocell -spaghettipants -bloodliquor -mustardspider -twistthing -libramosque -firewallkilogram -continentsheep -tradequeen -ploughcockroach -smokeheadlight -searchwhale -zebramotion -handicapcover -willowjames -apologylaborer -grousexylophone -cousindonkey -timbalesneeze -mosquitolatency -leopardseagull -criminalpersian -whiskeywalrus -multi-hopstep-aunt -radiatorgorilla -handledrizzle -coastdeborah -softwarestory -crossdryer -streetketchup -stoollipstick -silversaxophone -angledigger -angoraaugust -mandolindress -stoolactive -afternoonocelot -skillwheel -ladybugshape -centurysturgeon -girdleindonesia -walruslatex -discoverysheep -snowmanshark -williamengine -energyguilty -canvaswillow -cinemacherries -throneornament -shoemakerplayroom -giantalibi -formathandball -tuesdaynitrogen -moneypoint -ceramicpostage -timbaleskiing -scissorsamusement -glidertom-tom -ukrainianbuffer -borderlimit -lycradrama -additionhimalayan -eventagenda -barometerliquid -slipperrocket -bracketagreement -aquariusmichael -octavemacaroni -effectsignature -copperenemy -melodydirection -lizardflower -sandwichladybug -spinachcaution -turretvision -motherspoon -mistakeeggnog -jumpersnail -professordamage -pickletsunami -pyjamabelieve -decreaseronald -weaponfifth -theaterfirewall -belgiandugout -scorpionrubber -searchodometer -marketresult -sweetssalary -minibusketchup -mailboxbench -spleeneurope -geraniumhouse -dramamakeup -banglecrime -gondolacaption -dahliaparent -violettoenail -peppereducation -japanesefeeling -onionquotation -furnituretongue -surgeonselect -angercrate -knifecarrot -marginsearch -luttucesense -sessionforce -plainbongo -custardburglar -thursdayfreezer -historyscanner -mascarafelony -paperexample -recorderglider -marginbillboard -fluteavenue -collarvoyage -prosepantyhose -drilllyric -hexagonpancreas -sudanjellyfish -syrupforest -cubancaution -throatconifer -cemeterycornet -donnawaitress -clipperappeal -lentilestimate -jumperreduction -wastelatex -approvalplanet -dieticianshark -pencilsyrup -communitygoldfish -strangersubway -governormelody -thailandheron -georgetennis -springtimbale -cloverrabbit -chinesefemale -banjoswimming -shovelsalary -waterfallplier -calculusmaple -syrupbeard -babiestoast -step-auntgraphic -step-sonclaus -smokecoffee -skirtcactus -ferrybathroom -driverex-wife -pelicanconifer -riverbedmarket -actressbakery -trailretailer -mechaniccontrol -magicdeadline -epochkenya -broccolimulti-hop -alloyshield -drainspeedboat -geologymacrame -violetstorm -cicadarabbit -forecastheadline -companyaddition -featherstore -illegalheadlight -baboonoffice -herringaluminium -blanketdenim -tenorkettle -freightermailbox -furnitureeducation -pointsurprise -weaponflood -farmercanvas -chineseattention -versequiet -centurystudy -goldfishdungeon -slopesquirrel -canvasclaus -yogurtcanvas -lilacfaucet -bottlethumb -harmonicacereal -pantrycapricorn -tortoisenotify -toenailfloor -middletheater -calendarswallow -celestecopyright -monthcountry -zebraspace -alloyasphalt -propanewound -knickerssurfboard -deficitsmile -matchtriangle -paperdinner -teachingbrick -stopwatchthomas -authorbridge -readinggrade -minibusknowledge -armadilloformat -kittyminute -relativeindia -feelingaftermath -mustardquartz -gatewaybranch -prosechief -statisticthread -towerhaircut -processwalrus -temperreason -drilltoilet -karatefriction -summerpersian -tsunamibeard -pancreashelmet -separatedtugboat -shadowrespect -brakemotion -step-soncalendar -printerror -femalecomposer -chocolatesmash -taiwanvoice -formatrubber -apparatushourglass -shelfdugout -positionpollution -clothmuscle -visitorshrine -enquirykayak -anglepasta -kohlrabibronze -pansyequinox -susanpastor -liquormelody -canadianstraw -popcornpassenger -deadlinebamboo -bankbooksquare -pastordaniel -cuticlefarmer -bookcaseparsnip -ikebanabathroom -catsupjason -papergoose -syriawinter -scraperrainbow -exchangewinter -segmentwound -flavorjuice -clausquartz -chocolateminibus -layergermany -successsunflower -stepsonhealth -gallontyvek -nervebengal -pamphletspace -soccershorts -kevinparcel -timbalearies -paraderocket -yogurtcathedral -candlecreature -mountaincontinent -juiceradio -passbooksoccer -juiceknight -priestpurpose -shieldapartment -lizardangle -snowflakeclient -religionfireman -multi-hopbottle -februarysmell -zephyrrutabaga -effectnigeria -nickelbalance -apartmentquiet -impulsesidewalk -beavercrush -titlehistory -congojacket -aftermathgander -woundbamboo -mondayjaguar -titaniumbladder -beechwealth -ramieoxygen -blacktaiwan -tendencyclimb -lizardmoney -minutecylinder -carpenterinventory -richardperiod -operationpayment -bumpersharon -bargehammer -onionbutcher -ferrystore -surfboardviscose -numericpiccolo -successdogsled -quincemarket -softwarerelish -canadageese -cubannovember -liverbracket -babiesbulldozer -fightercarnation -sessionjewel -anteaterminibus -mondaypaper -gearshiftfelony -adaptertornado -shrimpcactus -valleygauge -lyocellpilot -applesparrow -atticdrink -step-sonsweatshop -elephantstocking -producefireman -macaroniwomen -decimaldresser -doctorrhythm -channelphysician -camerapyjama -cirruschicory -mandolinpurchase -pandacoast -laborerpolice -fridgemusician -decadehoney -summersycamore -stationlemonade -communityswimming -collisiongliding -educationbookcase -formatpersian -aluminumrhythm -colorweather -boardscarecrow -bumpersnowstorm -meetinggeese -couchbuffer -chancesoftdrink -airplanemeasure -muscletongue -adaptervirgo -mimosaalloy -bladderhamburger -childcolor -stopwatchtrial -middleletter -wallabyjeans -musicdenim -broccolination -slopecatsup -waterchick -currentnarcissus -quivermailman -selectiondanger -angerslime -avenueparrot -ukrainiansarah -davidradar -pelicanmascara -hurricanetimbale -liquorriver -drawerberry -replacehobbies -underwearseason -firewallbreak -sproutlarch -bracecarol -bottompolyester -hockeyheight -peonyseeder -clientmeter -wastetwilight -peppergarlic -gymnasthearing -drivingbutton -sliceikebana -zephyrviolet -badgerambulance -asteriskenglish -pantyhoseplanet -karatemodem -scalechildren -baseballpastor -crateoutput -recorderpanda -broccolitrumpet -brochureporcupine -passivehurricane -vulturevacation -pyjamaforgery -bubblecopyright -octavecloudy -grousestream -supplycannon -bagelbench -punchairplane -copperwhale -polandshears -canvasseptember -friendlight -lipstickrevolver -shrimpjewel -scorpionairship -bagpipeturkish -timpanivessel -airbustyvek -makeupbeetle -egyptriverbed -clutchpencil -equinoxbobcat -bronzesyria -brokersecure -astronomylilac -wrenchsponge -flightapproval -bucketmorning -lemonadestudy -condoreagle -diaphragmmanager -melodyheadline -decimaldrill -carolgoldfish -illegalferryboat -faucetfeather -mountaindebtor -trickgosling -knifejason -personreindeer -postboxknowledge -backbonesnowman -capricorncattle -shoemakerbirthday -shamecrawdad -pheasantsidecar -christmasburst -rainbowexhaust -monthholiday -hacksawradio -machinethailand -letterchildren -bracetoenail -edwardbudget -screenstation -giraffedeficit -eyelashpiccolo -workshopbrain -swordferryboat -quiverswing -animeturret -yellowsecure -pantsselection -edgeremery -donnadinosaur -fedelinielephant -latheposition -calculussushi -alligatorlicense -divingorchestra -custardankle -apparatusglass -librablanket -cheekdesign -dugouttwist -kangarooitalian -strawbarometer -friendappliance -cocoacoast -relationgirdle -kayakevent -tenorsauce -streamcurtain -ugandabuffet -questionappendix -rangesardine -mistakeliquor -italyoatmeal -bandanastep-son -swallowbrian -libraryrooster -guitarcormorant -alligatorarmadillo -olivediploma -mandolinvietnam -chequeonion -moustachestaircase -tugboatpepper -babiesmandolin -chickenbobcat -sleeptrade -ticketfeature -governortanker -priestsubstance -squarelegal -badgemacaroni -hospitalcream -chieffriction -birthdaycloudy -sandrapancreas -licensepimple -chauffeurstraw -sandrabalinese -sailboatboard -eyelinergreece -ceramicvulture -wasteturtle -dragonflybiplane -squareglass -doubleplywood -aluminumeyelash -cougarlearning -swordcanvas -digestioncloset -kittycuban -cratebarge -timbaleepoxy -mosquitocolor -stoolsurname -brushlocust -noisestatement -blockcrocus -weedermusic -ounceedward -preparedrabbi -umbrellatimbale -eveningpuffin -mondayoffence -ferrydrain -multi-hopfriday -clerkcollege -yogurtpatio -coastlotion -elizabethepoxy -denimlanguage -estimatelaugh -blackeffect -bugleheight -jasonrectangle -sneezebusiness -drainsarah -countryattack -fifthnephew -blacklaura -parcelbangle -russiaforce -australiavoice -linenviola -shelfcicada -sidewalkbusiness -slashhospital -saxophonereceipt -dressingmeasure -heavendressing -spinachsweets -marriedspeedboat -tendencyhobbies -barbarafront -doublemirror -pantiesnumeric -shademailman -hobbiesgarage -tradepyjama -engineerashtray -thunderlizard -targetbench -hydrantspleen -trunkfisherman -africapastry -violintrain -spoonstep-son -managereducation -brickalibi -kangaroofirewall -stovehydrogen -internetpassbook -expansioncupcake -operationsecretary -methanesmash -skillopera -prefacebulldozer -scorpionsaxophone -valleyangora -twistacrylic -puppymaria -acousticniece -nephewemployee -turretrelish -potatosleet -cupboardthistle -apartmentpunch -smelljaguar -sociologyquilt -modemfelony -otterlizard -guiltyharmony -spandexfridge -groundferryboat -onionwillow -cocoascience -pizzaentrance -mouthbattery -soccerviolet -tortoiseenemy -radiatorceiling -boardblood -grandsonwhite -fieldcushion -chequeelbow -freondriving -birthalbatross -armeniangirdle -davidbulldozer -applelipstick -policemanlatex -wristbranch -gendershare -yachtchest -macramefeeling -adaptercoach -successtennis -teacherfeeling -innocentsubmarine -furnituregalley -biplanetexture -coverwrinkle -cucumberspider -hobbiespriest -womenmichael -harmonicaskirt -valleypatch -agreementdungeon -quivermirror -crickethygienic -humorpoultry -fleshdolphin -broccolibrand -cylindermarried -noodlecanadian -leopardcowbell -chestglove -singlejames -cocktailsundial -inventoryconifer -nationnerve -swisspostage -hyacinthsociety -surgeonsidecar -otterswamp -pocketperson -cousinnoise -epoxyllama -teacherzipper -asphaltalarm -aluminiumdouble -submarinekarate -singerenquiry -airmailgermany -coppersquash -quicksandquartz -cucumbermotorboat -ostrichcurrent -numericparrot -pancakecolor -bracketflower -requestcicada -seaplanerouter -softballtoilet -segmentlibrary -lemonadeyacht -vacationmuseum -yellowtheater -officemagician -mechaniccheck -randomswallow -bargearcher -cricketbrother -guitarronald -fedeliniinnocent -spongecreek -firemandebtor -discoverytimpani -tigerbelgian -camelworkshop -yogurtmilkshake -himalayanferryboat -ceilingwhale -kidneyfortnight -japandancer -questionflight -chiveleopard -woolenanthony -indonesiatennis -greecehimalayan -jellydatabase -orchidsoybean -pelicanferryboat -luttucepancake -featuregander -spacebanjo -spherefoxglove -cormorantpaste -housebladder -dancercraftsman -pyramidjanuary -cicadachime -singlesweatshop -pancreasdebtor -kittyprice -cubansalad -prunergeorge -doubtbanjo -blowgunsquash -syriageranium -sentencebagel -substancekenya -ukrainianplatinum -camelitalian -kittytheory -relativeconga -alleypoland -wastebeast -dahliaflood -cannongeranium -objectiveappendix -parsnipspace -humorsmash -kimberlytractor -cookingbrand -paintnitrogen -asterisklyocell -calendarrainbow -lindadinner -interestbanana -richardmercury -algeriadragon -featuremarch -offencepackage -entrancesession -donkeyglove -messagehyacinth -slashsugar -invoicebiology -slavestock -fightfeather -wallabyhacksaw -bucketalloy -methaneliver -carolhalibut -pricecolony -staircasesoftdrink -insectcolor -telleremery -siberianrooster -messagerussian -gatewaymuseum -columnistpajama -adapterinterest -chemistrygeorge -flightporch -c-clampbeginner -egyptwalrus -honeyvessel -spherelentil -brandyjasmine -shadowshovel -ellipseshoulder diff --git a/tpot/host/usr/share/nginx/html/error.html b/tpot/host/usr/share/nginx/html/error.html deleted file mode 100644 index e69de29b..00000000 diff --git a/tpot/host/usr/share/nginx/html/favicon.ico b/tpot/host/usr/share/nginx/html/favicon.ico deleted file mode 100644 index a40c2372944cc1aa0c2d30ef2b93826395e58101..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 805 zcmV+=1KRwFP)Ywlll4TL&lkvfcL0`@QR)9jMdG%W)K2BkF5E~EPVjj~40 zJ#n4?2n|W7G$@uSFkrA~a_lzAzEEv=tZ@U#K-Ix~Hz*-ccqCZ>ROJBRQb_Rt)XxC_ z9%!Gr3VkRQsYB#_3DuDo`~g5D192qFwISe>6bjMO2JEQ<$g4%r4GW!%w|(V)^-n3B8=GRVu4<0GcyzN{L$D}W$eqvJxA zIIJ$|Co&#AytagTA!%vl(Zg#is&4e3%)kMlki?^)tRtyNCH}8A@%rJcw2dBGS1Vp@ zMPbW`^{sRitptrRf+%bqfL=(l&bCuM^^bpjJ*chxlxk1xP|ty`k#t>S-fxoa8B$gu zc?gNKC(y|p?7B8sSMEsm^7ad{w@a|zEJ?|LRx-vyk*L>x5XynI#9f6RqY*q>jj$Tl zjIox+Zz%o`Q}_(DJ^ - - - - - T-Pot - - - - -

- Home - Kibana - ES Head - Netdata - Spiderfoot - Portainer - WebTTY -
- - diff --git a/tpot/host/usr/share/nginx/html/style.css b/tpot/host/usr/share/nginx/html/style.css deleted file mode 100644 index 2696a613..00000000 --- a/tpot/host/usr/share/nginx/html/style.css +++ /dev/null @@ -1,17 +0,0 @@ -.btn { - -webkit-border-radius: 0; - -moz-border-radius: 0; - border-radius: 0px; - font-family: Arial; - color: #ffffff; - font-size: 12px; - background: #E20074; - padding: 2px 30px 2px 30px; - text-decoration: none; -} - -.btn:hover { - background: #c2c2c2; - text-decoration: none; -} - diff --git a/tpot/host/usr/share/nginx/html/tpotweb.html b/tpot/host/usr/share/nginx/html/tpotweb.html deleted file mode 100644 index 6f3a0146..00000000 --- a/tpot/host/usr/share/nginx/html/tpotweb.html +++ /dev/null @@ -1,15 +0,0 @@ - - - - - - T-Pot - - - - - - - - - diff --git a/tpot/keys/authorized_keys b/tpot/keys/authorized_keys deleted file mode 100644 index 8b137891..00000000 --- a/tpot/keys/authorized_keys +++ /dev/null @@ -1 +0,0 @@ - From e5e8ad4785f3e1882ad0f5ae0f165d53ded47b45 Mon Sep 17 00:00:00 2001 From: Marco Ochse Date: Tue, 26 Sep 2017 17:56:57 +0200 Subject: [PATCH 04/14] fix typo --- iso/installer/install.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/iso/installer/install.sh b/iso/installer/install.sh index cdb398ff..657a33e5 100755 --- a/iso/installer/install.sh +++ b/iso/installer/install.sh @@ -457,7 +457,7 @@ mkdir -p /data/conpot/log \ touch /data/spiderfoot/spiderfoot.db 2>&1 | dialog --title "[ Creating some files and folders ]" $myPROGRESSBOXCONF # Let's copy some files -tar xvfz /opt/tpot/etc/objetcs/elkbase.tgz -C / 2>&1 | dialog --title "[ Extracting elkbase.tgz ]" $myPROGRESSBOXCONF +tar xvfz /opt/tpot/etc/objects/elkbase.tgz -C / 2>&1 | dialog --title "[ Extracting elkbase.tgz ]" $myPROGRESSBOXCONF cp /opt/tpot/host/etc/systemd/* /etc/systemd/system/ 2>&1 | dialog --title "[ Copy configs ]" $myPROGRESSBOXCONF cp /opt/tpot/host/etc/issue /etc/ 2>&1 | dialog --title "[ Copy configs ]" $myPROGRESSBOXCONF cp -R /opt/tpot/host/etc/nginx/ssl /etc/nginx/ 2>&1 | dialog --title "[ Copy configs ]" $myPROGRESSBOXCONF From 65c7d9cc88079e57667846852ce338d8d29de27d Mon Sep 17 00:00:00 2001 From: Marco Ochse Date: Thu, 28 Sep 2017 13:30:39 +0200 Subject: [PATCH 05/14] check valid ipv4 --- bin/myip.sh | 131 +++++++++++++++++++++++++++++----------------------- 1 file changed, 73 insertions(+), 58 deletions(-) diff --git a/bin/myip.sh b/bin/myip.sh index 86a9114e..e464b421 100755 --- a/bin/myip.sh +++ b/bin/myip.sh @@ -6,83 +6,98 @@ timeout=2 # seconds to wait for a reply before trying next server verbose=1 # prints which server was used to STDERR dnslist=( - "dig +short myip.opendns.com @resolver1.opendns.com" - "dig +short myip.opendns.com @resolver2.opendns.com" - "dig +short myip.opendns.com @resolver3.opendns.com" - "dig +short myip.opendns.com @resolver4.opendns.com" - "dig +short -4 -t a whoami.akamai.net @ns1-1.akamaitech.net" - "dig +short whoami.akamai.net @ns1-1.akamaitech.net" + "dig +short myip.opendns.com @resolver1.opendns.com" + "dig +short myip.opendns.com @resolver2.opendns.com" + "dig +short myip.opendns.com @resolver3.opendns.com" + "dig +short myip.opendns.com @resolver4.opendns.com" + "dig +short -4 -t a whoami.akamai.net @ns1-1.akamaitech.net" + "dig +short whoami.akamai.net @ns1-1.akamaitech.net" ) httplist=( - alma.ch/myip.cgi - api.infoip.io/ip - api.ipify.org - bot.whatismyipaddress.com - canhazip.com - checkip.amazonaws.com - eth0.me - icanhazip.com - ident.me - ipecho.net/plain - ipinfo.io/ip - ipof.in/txt - ip.tyk.nu - l2.io/ip - smart-ip.net/myip - wgetip.com - whatismyip.akamai.com + alma.ch/myip.cgi + api.infoip.io/ip + api.ipify.org + bot.whatismyipaddress.com + canhazip.com + checkip.amazonaws.com + eth0.me + icanhazip.com + ident.me + ipecho.net/plain + ipinfo.io/ip + ipof.in/txt + ip.tyk.nu + l2.io/ip + smart-ip.net/myip + wgetip.com + whatismyip.akamai.com ) +# function to check for valid ip +function valid_ip() +{ + local ip=$1 + local stat=1 + + if [[ $ip =~ ^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$ ]]; then + OIFS=$IFS + IFS='.' + ip=($ip) + IFS=$OIFS + [[ ${ip[0]} -le 255 && ${ip[1]} -le 255 \ + && ${ip[2]} -le 255 && ${ip[3]} -le 255 ]] + stat=$? + fi + return $stat +} + # function to shuffle the global array "array" shuffle() { - local i tmp size max rand - size=${#array[*]} - max=$(( 32768 / size * size )) - for ((i=size-1; i>0; i--)); do - while (( (rand=$RANDOM) >= max )); do :; done - rand=$(( rand % (i+1) )) - tmp=${array[i]} array[i]=${array[rand]} array[rand]=$tmp - done + local i tmp size max rand + size=${#array[*]} + max=$(( 32768 / size * size )) + for ((i=size-1; i>0; i--)); do + while (( (rand=$RANDOM) >= max )); do :; done + rand=$(( rand % (i+1) )) + tmp=${array[i]} array[i]=${array[rand]} array[rand]=$tmp + done } - # if we have dig and a list of dns methods, try that first if hash dig 2>/dev/null && [ ${#dnslist[*]} -gt 0 ]; then - eval array=( \"\${dnslist[@]}\" ) - shuffle - - for cmd in "${array[@]}"; do - [ "$verbose" == 1 ] && echo Trying: $cmd 1>&2 - ip=$(timeout $timeout $cmd) - if [ -n "$ip" ]; then - echo $ip - exit - fi - done + eval array=( \"\${dnslist[@]}\" ) + shuffle + for cmd in "${array[@]}"; do + [ "$verbose" == 1 ] && echo Trying: $cmd 1>&2 + ip=$(timeout $timeout $cmd) + if [ -n "$ip" ]; then + if valid_ip $ip; then + echo $ip + exit + fi + fi + done fi - # if we haven't succeeded with DNS, try HTTP if [ ${#httplist[*]} == 0 ]; then - echo "No hosts in httplist array!" >&2 - exit 1 + echo "No hosts in httplist array!" >&2 + exit 1 fi - # use curl or wget, depending on which one we find -curl_or_wget=$(if hash curl 2>/dev/null; then echo curl; elif hash wget 2>/dev/null; then echo "wget -qO-"; fi); - +curl_or_wget=$(if hash curl 2>/dev/null; then echo "curl -s"; elif hash wget 2>/dev/null; then echo "wget -qO-"; fi); if [ -z "$curl_or_wget" ]; then - echo "Neither curl nor wget found. Cannot use http method." >&2 - exit 1 + echo "Neither curl nor wget found. Cannot use http method." >&2 + exit 1 fi - eval array=( \"\${httplist[@]}\" ) shuffle - for url in "${array[@]}"; do - [ "$verbose" == 1 ] && echo Trying: $curl_or_wget -s "$url" 1>&2 - ip=$(timeout $timeout $curl_or_wget -s "$url") - if [ -n "$ip" ]; then - echo $ip - exit + [ "$verbose" == 1 ] && echo Trying: $curl_or_wget "$url" 1>&2 + ip=$(timeout $timeout $curl_or_wget "$url") + if [ -n "$ip" ]; then + if valid_ip $ip; then + echo $ip + exit fi + fi done From dbaccf18f03b67d366d4fa4655ac2e7fd57a5337 Mon Sep 17 00:00:00 2001 From: Marco Ochse Date: Thu, 28 Sep 2017 20:00:51 +0000 Subject: [PATCH 06/14] start with update script and some testing --- iso/installer/install.sh | 7 ++-- update.sh | 74 ++++++++++++++++++++++++++++++++++++++++ 2 files changed, 78 insertions(+), 3 deletions(-) create mode 100755 update.sh diff --git a/iso/installer/install.sh b/iso/installer/install.sh index 657a33e5..34841d1a 100755 --- a/iso/installer/install.sh +++ b/iso/installer/install.sh @@ -329,15 +329,16 @@ apt-get autoremove -y 2>&1 | dialog --title "[ Pulling updates ]" $myPROGRESSBOX # Installing docker-compose, wetty, ctop, elasticdump, tpot pip install --upgrade pip 2>&1 | dialog --title "[ Installing pip ]" $myPROGRESSBOXCONF -pip install docker-compose==1.12.0 2>&1 | dialog --title "[ Installing docker-compose ]" $myPROGRESSBOXCONF -pip install elasticsearch-curator==5.1.1 2>&1 | dialog --title "[ Installing elasticsearch-curator ]" $myPROGRESSBOXCONF +pip install docker-compose==1.16.1 2>&1 | dialog --title "[ Installing docker-compose ]" $myPROGRESSBOXCONF +pip install elasticsearch-curator==5.2.0 2>&1 | dialog --title "[ Installing elasticsearch-curator ]" $myPROGRESSBOXCONF ln -s /usr/bin/nodejs /usr/bin/node 2>&1 | dialog --title "[ Installing wetty ]" $myPROGRESSBOXCONF npm install https://github.com/t3chn0m4g3/wetty -g 2>&1 | dialog --title "[ Installing wetty ]" $myPROGRESSBOXCONF npm install https://github.com/t3chn0m4g3/elasticsearch-dump -g 2>&1 | dialog --title "[ Installing elasticsearch-dump ]" $myPROGRESSBOXCONF wget https://github.com/bcicen/ctop/releases/download/v0.6.1/ctop-0.6.1-linux-amd64 -O ctop 2>&1 | dialog --title "[ Installing ctop ]" $myPROGRESSBOXCONF -git clone https://github.com/dtag-dev-sec/tpotce -b autoupdate /opt/tpot 2>&1 | dialog --title "[ Cloning T-Pot ]" $myPROGRESSBOXCONF mv ctop /usr/bin/ 2>&1 | dialog --title "[ Installing ctop ]" $myPROGRESSBOXCONF chmod +x /usr/bin/ctop 2>&1 | dialog --title "[ Installing ctop ]" $myPROGRESSBOXCONF +git clone https://github.com/dtag-dev-sec/tpotce -b autoupdate /opt/tpot 2>&1 | dialog --title "[ Cloning T-Pot ]" $myPROGRESSBOXCONF + # Let's add a new user addgroup --gid 2000 tpot 2>&1 | dialog --title "[ Adding new user ]" $myPROGRESSBOXCONF adduser --system --no-create-home --uid 2000 --disabled-password --disabled-login --gid 2000 tpot 2>&1 | dialog --title "[ Adding new user ]" $myPROGRESSBOXCONF diff --git a/update.sh b/update.sh new file mode 100755 index 00000000..2aac0552 --- /dev/null +++ b/update.sh @@ -0,0 +1,74 @@ +#!/bin/bash + +# Got root? +myWHOAMI=$(whoami) +if [ "$myWHOAMI" != "root" ] + then + echo "Need to run as root ..." + sudo ./$0 + exit +fi + +# Only run with command switch +if [ "$1" != "-y" ]; then + echo "This script will update / upgrade all T-Pot related scripts, tools and packages" + echo "Some of your changes might be overwritten, so make sure to save your work" + echo "This feature is still experimental, run with \"-y\" switch" + echo + exit +fi + +echo "Now running T-Pot update script..." + +echo +echo "### Now stopping T-Pot" +systemctl stop tpot + +echo +echo "### Now upgrading packages" +apt-get autoclean -y +apt-get autoremove -y +apt-get update +apt-get dist-upgrade -y +pip install --upgrade pip +pip install docker-compose==1.16.1 +pip install elasticsearch-curator==5.2.0 +ln -s /usr/bin/nodejs /usr/bin/node 2>&1 +npm install https://github.com/t3chn0m4g3/wetty -g +npm install https://github.com/t3chn0m4g3/elasticsearch-dump -g +wget https://github.com/bcicen/ctop/releases/download/v0.6.1/ctop-0.6.1-linux-amd64 -O /usr/bin/ctop && chmod +x /usr/bin/ctop + +echo +echo "### Now pulling T-Pot Repo" +git pull + +echo +echo "### Now replacing T-Pot related config files on host" +cp host/etc/systemd/* /etc/systemd/system/ +cp host/etc/issue /etc/ +cp -R host/etc/nginx/ssl /etc/nginx/ +cp host/etc/nginx/tpotweb.conf /etc/nginx/sites-available/ +cp host/etc/nginx/nginx.conf /etc/nginx/nginx.conf +cp host/usr/share/nginx/html/* /usr/share/nginx/html/ + +echo +echo "### Now reloading systemd, nginx" +systemctl daemon-reload +nginx -s reload + +echo +echo "### Now restarting wetty, nginx, docker" +systemctl restart wetty.service +systemctl restart nginx.service +systemctl restart docker.service + +echo +echo "### Now pulling latest docker images" +docker-compose -f /opt/tpot/etc/tpot.yml pull + +echo +echo "### Now starting T-Pot service" +systemctl start tpot + +echo +echo "### Done. If all services run correctly (dps.sh) you should perform a reboot." From 2e7a0fdf4ca9f6d138d7a6ced77e33075966a31f Mon Sep 17 00:00:00 2001 From: Marco Ochse Date: Thu, 5 Oct 2017 19:13:58 +0000 Subject: [PATCH 07/14] tweaking and testing --- update.sh | 55 +++++++++++++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 53 insertions(+), 2 deletions(-) diff --git a/update.sh b/update.sh index 2aac0552..caf907e0 100755 --- a/update.sh +++ b/update.sh @@ -1,5 +1,12 @@ #!/bin/bash +# Some vars +myCONFIGFILE="/opt/tpot/etc/tpot.yml" +myRED="" +myGREEN="" +myWHITE="" +myBLUE="" + # Got root? myWHOAMI=$(whoami) if [ "$myWHOAMI" != "root" ] @@ -9,6 +16,43 @@ if [ "$myWHOAMI" != "root" ] exit fi +# Check for existing tpot.yml +function fuCONFIGCHECK () { + echo "### Checking for T-Pot configuration file ..." + echo -n "###### $myBLUE$myCONFIGFILE$myWHITE " + if ! [ -f $myCONFIGFILE ]; + then + echo + echo $myRED"Error - No T-Pot configuration file present." + echo "Please copy one of the preconfigured configuration files from /opt/tpot/etc/compose/*.yml to /opt/tpot/etc/tpot.yml."$myWHITE + echo + exit 1 + else + echo $myGREEN"OK"$myWHITE + fi +} + +# Let's test the internet connection +function fuCHECKINET () { +mySITES=$1 + echo "### Now checking availability of ..." + for i in $mySITES; + do + echo -n "###### $myBLUE$i$myWHITE " + curl --connect-timeout 5 -IsS $i 2>&1>/dev/null + if [ $? -ne 0 ]; + then + echo + echo $myRED"Error - Internet connection test failed. This might indicate some problems with your connection." + echo "Exiting."$myWHITE + echo + exit 1 + else + echo $myGREEN"OK"$myWHITE + fi + done; +} + # Only run with command switch if [ "$1" != "-y" ]; then echo "This script will update / upgrade all T-Pot related scripts, tools and packages" @@ -17,8 +61,15 @@ if [ "$1" != "-y" ]; then echo exit fi - -echo "Now running T-Pot update script..." +######################################### Prevent race condition on updated update.sh!!!! What happens if update.sh will be overwritten by git pull? +######################################### git pull needs to run first, if Already up to date => no action, if update, then fork +echo "### Now running T-Pot update script." +echo +fuCHECKINET "https://index.docker.io https://github.com https://pypi.python.org https://ubuntu.com" +echo +fuCONFIGCHECK +echo +exit echo echo "### Now stopping T-Pot" From 3f444ef22f95951b8c256c8253b7d2909d65ef7e Mon Sep 17 00:00:00 2001 From: Marco Ochse Date: Thu, 5 Oct 2017 21:02:36 +0000 Subject: [PATCH 08/14] tweaking and testing --- update.sh | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/update.sh b/update.sh index caf907e0..799c45ec 100755 --- a/update.sh +++ b/update.sh @@ -61,17 +61,16 @@ if [ "$1" != "-y" ]; then echo exit fi -######################################### Prevent race condition on updated update.sh!!!! What happens if update.sh will be overwritten by git pull? -######################################### git pull needs to run first, if Already up to date => no action, if update, then fork + echo "### Now running T-Pot update script." echo + fuCHECKINET "https://index.docker.io https://github.com https://pypi.python.org https://ubuntu.com" echo + fuCONFIGCHECK echo -exit -echo echo "### Now stopping T-Pot" systemctl stop tpot From 4409f9bca06b52b590f00b50ca32994d46f5c423 Mon Sep 17 00:00:00 2001 From: Marco Ochse Date: Thu, 5 Oct 2017 22:02:02 +0000 Subject: [PATCH 09/14] tweaking and testing --- update.sh | 36 +++++++++++++++++++++++++++++++----- 1 file changed, 31 insertions(+), 5 deletions(-) diff --git a/update.sh b/update.sh index 799c45ec..fff0d3e9 100755 --- a/update.sh +++ b/update.sh @@ -1,5 +1,9 @@ #!/bin/bash +################################################### +# Do not change any contents of this script! +################################################### + # Some vars myCONFIGFILE="/opt/tpot/etc/tpot.yml" myRED="" @@ -53,6 +57,30 @@ mySITES=$1 done; } +function fuSELFUPDATE () { + echo "### Now checking for newer update script ..." + git fetch + myRESULT=$(git diff --name-only origin/autoupdate | grep update.sh) + myLOCALSTAT=$(git status -uno | grep -c update.sh) + if [ "$myRESULT" == "update.sh" ]; + then + if [ "$myLOCALSTATUS" == "0" ]; + then + echo "###### $myBLUE"Found newer version, will update myself and restart."$myWHITE" + git pull --force + exec "$1" "$2" + exit 1 + else + echo $myRED"Error - Update script was changed locally, cannot update." + echo "Exiting."$myWHITE + echo + exit 1 + fi + else + echo "###### Update script is already up-to-date." + fi +} + # Only run with command switch if [ "$1" != "-y" ]; then echo "This script will update / upgrade all T-Pot related scripts, tools and packages" @@ -64,10 +92,12 @@ fi echo "### Now running T-Pot update script." echo - fuCHECKINET "https://index.docker.io https://github.com https://pypi.python.org https://ubuntu.com" echo +fuSELFUPDATE "$0" "$@" +echo + fuCONFIGCHECK echo @@ -88,10 +118,6 @@ npm install https://github.com/t3chn0m4g3/wetty -g npm install https://github.com/t3chn0m4g3/elasticsearch-dump -g wget https://github.com/bcicen/ctop/releases/download/v0.6.1/ctop-0.6.1-linux-amd64 -O /usr/bin/ctop && chmod +x /usr/bin/ctop -echo -echo "### Now pulling T-Pot Repo" -git pull - echo echo "### Now replacing T-Pot related config files on host" cp host/etc/systemd/* /etc/systemd/system/ From 8159e98e720dfecb64c90c1d12f135b1cb4619b3 Mon Sep 17 00:00:00 2001 From: Marco Ochse Date: Thu, 5 Oct 2017 22:34:41 +0000 Subject: [PATCH 10/14] tweaking and testing --- update.sh | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/update.sh b/update.sh index fff0d3e9..26d4ff13 100755 --- a/update.sh +++ b/update.sh @@ -58,8 +58,14 @@ mySITES=$1 } function fuSELFUPDATE () { - echo "### Now checking for newer update script ..." + echo "### Now checking for newer files in repository ..." git fetch + myREMOTESTAT=$(git status | grep -c "up-to-date") + if [ "$myREMOTESTAT" != "0" ]; + then + echo "###### $myBLUE"No updates found in repository."$myWHITE" + return + fi myRESULT=$(git diff --name-only origin/autoupdate | grep update.sh) myLOCALSTAT=$(git status -uno | grep -c update.sh) if [ "$myRESULT" == "update.sh" ]; @@ -92,6 +98,7 @@ fi echo "### Now running T-Pot update script." echo + fuCHECKINET "https://index.docker.io https://github.com https://pypi.python.org https://ubuntu.com" echo @@ -147,4 +154,4 @@ echo "### Now starting T-Pot service" systemctl start tpot echo -echo "### Done. If all services run correctly (dps.sh) you should perform a reboot." +echo "### Done." From 9ef39d1af6c39969233cbf3168eeb84ad1887ef6 Mon Sep 17 00:00:00 2001 From: Marco Ochse Date: Thu, 5 Oct 2017 22:40:31 +0000 Subject: [PATCH 11/14] fix typo --- update.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/update.sh b/update.sh index 26d4ff13..89f8fa9e 100755 --- a/update.sh +++ b/update.sh @@ -70,7 +70,7 @@ function fuSELFUPDATE () { myLOCALSTAT=$(git status -uno | grep -c update.sh) if [ "$myRESULT" == "update.sh" ]; then - if [ "$myLOCALSTATUS" == "0" ]; + if [ "$myLOCALSTAT" == "0" ]; then echo "###### $myBLUE"Found newer version, will update myself and restart."$myWHITE" git pull --force From b2ba5f1ea7c3eed220e15a75d2077100d9ba2837 Mon Sep 17 00:00:00 2001 From: Marco Ochse Date: Thu, 5 Oct 2017 22:41:57 +0000 Subject: [PATCH 12/14] test 1 --- update.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/update.sh b/update.sh index 89f8fa9e..901527e0 100755 --- a/update.sh +++ b/update.sh @@ -1,5 +1,5 @@ #!/bin/bash - +### test 1 ################################################### # Do not change any contents of this script! ################################################### From 9ec38852ae8172e7a43590d32ab8f5a4974f8c7b Mon Sep 17 00:00:00 2001 From: Marco Ochse Date: Thu, 5 Oct 2017 22:46:48 +0000 Subject: [PATCH 13/14] test 2 --- update.sh | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/update.sh b/update.sh index 901527e0..1266b8a5 100755 --- a/update.sh +++ b/update.sh @@ -1,5 +1,5 @@ #!/bin/bash -### test 1 +### test 2 ################################################### # Do not change any contents of this script! ################################################### @@ -20,6 +20,8 @@ if [ "$myWHOAMI" != "root" ] exit fi +echo "#############>>>>>> I just got updated WOOT" + # Check for existing tpot.yml function fuCONFIGCHECK () { echo "### Checking for T-Pot configuration file ..." From a584d9869e9a7e48bf2b2e38c1f9baf5f9bfc871 Mon Sep 17 00:00:00 2001 From: Marco Ochse Date: Thu, 5 Oct 2017 22:53:35 +0000 Subject: [PATCH 14/14] prepare for merge autoupdate is functional as far as the test branch can tell --- update.sh | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/update.sh b/update.sh index 1266b8a5..30767342 100755 --- a/update.sh +++ b/update.sh @@ -1,5 +1,5 @@ #!/bin/bash -### test 2 + ################################################### # Do not change any contents of this script! ################################################### @@ -20,8 +20,6 @@ if [ "$myWHOAMI" != "root" ] exit fi -echo "#############>>>>>> I just got updated WOOT" - # Check for existing tpot.yml function fuCONFIGCHECK () { echo "### Checking for T-Pot configuration file ..." @@ -68,7 +66,7 @@ function fuSELFUPDATE () { echo "###### $myBLUE"No updates found in repository."$myWHITE" return fi - myRESULT=$(git diff --name-only origin/autoupdate | grep update.sh) + myRESULT=$(git diff --name-only origin/17.06 | grep update.sh) myLOCALSTAT=$(git status -uno | grep -c update.sh) if [ "$myRESULT" == "update.sh" ]; then