From ccb5ef05ab4a7028341d33765126ab28867745df Mon Sep 17 00:00:00 2001
From: secureness <nosecureness@gmail.com>
Date: Sun, 30 Apr 2023 14:52:53 +0200
Subject: [PATCH 01/20] strapi CVE-2023-22893

---
 .../detectors/strapi_cve_2023_22893/README.md |  31 +++
 .../strapi_cve_2023_22893/build.gradle        |  68 +++++++
 .../gradle/wrapper/gradle-wrapper.jar         | Bin 0 -> 58910 bytes
 .../gradle/wrapper/gradle-wrapper.properties  |   5 +
 .../detectors/strapi_cve_2023_22893/gradlew   | 185 ++++++++++++++++++
 .../strapi_cve_2023_22893/gradlew.bat         | 104 ++++++++++
 .../strapi_cve_2023_22893/settings.gradle     |   2 +
 .../Cve202322893DetectorBootstrapModule.java  |  29 +++
 .../Cve202322893VulnDetector.java             | 184 +++++++++++++++++
 .../Cve202322893VulnDetectorTest.java         | 153 +++++++++++++++
 10 files changed, 761 insertions(+)
 create mode 100644 community/detectors/strapi_cve_2023_22893/README.md
 create mode 100644 community/detectors/strapi_cve_2023_22893/build.gradle
 create mode 100644 community/detectors/strapi_cve_2023_22893/gradle/wrapper/gradle-wrapper.jar
 create mode 100644 community/detectors/strapi_cve_2023_22893/gradle/wrapper/gradle-wrapper.properties
 create mode 100755 community/detectors/strapi_cve_2023_22893/gradlew
 create mode 100644 community/detectors/strapi_cve_2023_22893/gradlew.bat
 create mode 100644 community/detectors/strapi_cve_2023_22893/settings.gradle
 create mode 100644 community/detectors/strapi_cve_2023_22893/src/main/java/com/google/tsunami/plugins/detectors/cves/cve202322893/Cve202322893DetectorBootstrapModule.java
 create mode 100644 community/detectors/strapi_cve_2023_22893/src/main/java/com/google/tsunami/plugins/detectors/cves/cve202322893/Cve202322893VulnDetector.java
 create mode 100644 community/detectors/strapi_cve_2023_22893/src/test/java/com/google/tsunami/plugins/detectors/cves/cve202322893/Cve202322893VulnDetectorTest.java

diff --git a/community/detectors/strapi_cve_2023_22893/README.md b/community/detectors/strapi_cve_2023_22893/README.md
new file mode 100644
index 000000000..e3eb6510f
--- /dev/null
+++ b/community/detectors/strapi_cve_2023_22893/README.md
@@ -0,0 +1,31 @@
+# CVE-2019-20933 VulnDetector
+
+InfluxDB before 1.7.6 has an authentication bypass vulnerability in the authenticate function in
+services/httpd/handler.go because a JWT token may have an empty SharedSecret (aka shared secret).
+
+# Missing authentication in InfluxDB 1.x
+
+This plugin also checks for missing authentication in InfluxDB 1.x versions.
+
+The authentication doesn't enable by default in the influxDB generated config file
+to enable authentication you must:
+
+1. change  `auth-enabled = false` to `auth-enabled = true` in your influxDB config file that
+   initially can be generated by following command:
+   `docker run --rm influxdb:1.x influxd config > influxdb.conf`
+2. according to [documentation](https://github.com/docker-library/docs/blob/master/influxdb/README.md#influxdb_admin_user) you must set a value for `INFLUXDB_ADMIN_USER` environment variable (with `-e` switch) to enable authentication.
+
+InfluxDB version after 2 has a web setup instruction after first run, and you will be prompt to add username and password before start using InfluxDB.
+
+- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20933
+- https://github.com/docker-library/docs/blob/master/influxdb/README.md
+
+## Build jar file for this plugin
+
+Using `gradlew`:
+
+```shell
+./gradlew jar
+```
+
+Tsunami identifiable jar file is located at `build/libs` directory.
diff --git a/community/detectors/strapi_cve_2023_22893/build.gradle b/community/detectors/strapi_cve_2023_22893/build.gradle
new file mode 100644
index 000000000..ccf566341
--- /dev/null
+++ b/community/detectors/strapi_cve_2023_22893/build.gradle
@@ -0,0 +1,68 @@
+plugins {
+    id 'java-library'
+}
+
+description = 'Tsunami CVE-2023-22893 VulnDetector plugin.'
+group 'com.google.tsunami'
+version '0.0.1-SNAPSHOT'
+
+
+repositories {
+    maven { // The google mirror is less flaky than mavenCentral()
+        url 'https://maven-central.storage-download.googleapis.com/repos/central/data/'
+    }
+    mavenCentral()
+    mavenLocal()
+}
+
+java {
+    sourceCompatibility = JavaVersion.VERSION_11
+    targetCompatibility = JavaVersion.VERSION_11
+
+    jar.manifest {
+        attributes('Implementation-Title': name,
+                'Implementation-Version': version,
+                'Built-By': System.getProperty('user.name'),
+                'Built-JDK': System.getProperty('java.version'),
+                'Source-Compatibility': sourceCompatibility,
+                'Target-Compatibility': targetCompatibility)
+    }
+
+    javadoc.options {
+        encoding = 'UTF-8'
+        use = true
+        links 'https://docs.oracle.com/javase/8/docs/api/'
+    }
+
+    // Log stacktrace to console when test fails.
+    test {
+        testLogging {
+            exceptionFormat = 'full'
+            showExceptions true
+            showCauses true
+            showStackTraces true
+        }
+        maxHeapSize = '1500m'
+    }
+}
+
+ext {
+    tsunamiVersion = '0.0.14'
+    junitVersion = '4.13'
+    mockitoVersion = '2.28.2'
+    truthVersion = '1.0.1'
+    okhttpVersion = '3.12.0'
+}
+
+dependencies {
+    implementation "com.google.tsunami:tsunami-common:${tsunamiVersion}"
+    implementation "com.google.tsunami:tsunami-plugin:${tsunamiVersion}"
+    implementation "com.google.tsunami:tsunami-proto:${tsunamiVersion}"
+
+    testImplementation "junit:junit:${junitVersion}"
+    testImplementation "org.mockito:mockito-core:${mockitoVersion}"
+    testImplementation "com.google.truth:truth:${truthVersion}"
+    testImplementation "com.squareup.okhttp3:mockwebserver:${okhttpVersion}"
+    testImplementation "com.google.truth.extensions:truth-java8-extension:${truthVersion}"
+    testImplementation "com.google.truth.extensions:truth-proto-extension:${truthVersion}"
+}
diff --git a/community/detectors/strapi_cve_2023_22893/gradle/wrapper/gradle-wrapper.jar b/community/detectors/strapi_cve_2023_22893/gradle/wrapper/gradle-wrapper.jar
new file mode 100644
index 0000000000000000000000000000000000000000..62d4c053550b91381bbd28b1afc82d634bf73a8a
GIT binary patch
literal 58910
zcma&ObC74zk}X`WF59+k+qTVL*+!RbS9RI8Z5v&-ZFK4Nn|tqzcjwK__x+Iv5xL`>
zj94dg?X`0sMHx^qXds{;KY)OMg#H>35XgTVfq<a?p5??;h3KT@#Th_>6#vc9ww|9)
z@UMfwUqk)B9p!}NrNqTlRO#i!ALOPcWo78-=iy}NsAr~T8<iQCSay%@r|8C{rsbw-
zq-cSm&qGa94~w*^+AzpU4vVORG04zSi_q_!?wo-C(-Z$b<o~=H*xze=CyW2*t^RKx
zn1A|MI2oDRnEj8gDF5#2?quZPVCMAy3`rqdENKS@0>T0X0%G{DhX~u-yEwc29WQ4D
zuv2j{a&j?qB4wgCu`zOXj!~YpTNFg)TWoV>DhYlR^Gp^rkOEluvxkGLB?!{fD!T@(
z%3cy>OkhbIKz*R%uoKqrg1%A?)uTZD&~ssOCUBlvZhx7XHQ4b7@`&sPdT475?*zWy
z>xq*iK=5G&N6!HiZaD{NSNhWL;+>Quw_#ZqZbyglna!Fqn3N!$L`=;TFPrhodD-Q`
z1l*=DP2gKJP@)cwI@-M}?M$$$%u~=vkeC%>cwR$~?y6cXx-M{=wdT4|3X(@)a|KkZ
z`w$6CNS@5gWS7s7P86L<=vg$Mxv$?)vMj3`o*7W4U~*Nden}wz=y+QtuMmZ{(Ir1D
zGp)ZsNiy{mS}Au5;(fYf93rs^xvi(H;|H8ECYdC`CiC&G`zw?@)#DjMc7j~daL_A$
z7e3nF2$TKlTi=mOftyFBt8*Xju-OY@2k@f3YBM)-v8+5_o}M?7pxlNn)C0M<uXotM
zSq>cd@87?+AA4{Ti2ptnYYKGp`^FhcJLlT%RwP4k$ad!ho}-^vW;s{6hnjD0*c39k
zrm@PkI8_p}mnT&5I@=O1^m?g}PN^8O8rB`;t`6H+?Su0IR?;8txBqwK1Au8O3BZAX
zNdJB{bpQWR@J|e=Z>XSXV1DB{uhr3pGf_tb)(cAkp)fS7*Qv))&Vkbb+cvG!j}ukd
zxt*C8&RN}5ck{jkw0=Q7ldUp0FQ&Pb_$M7a@^nf`8F%$ftu^jEz36d#^M8Ia{VaTy
z5(h$I)*l3i!VpPMW+XGgzL~fcN?{~1QWu9!Gu0jOW<HKb8|{ilL^sv#S99zl5SCZ0
z331RHfJ9biCT=4#!Q~+HS&h*5Ar*o#Qd*seDkOxbH<B9h111bD2sVQ-n_z9vW@>WE
zNW%&&by0DbXL&^)r-A*7R@;T$P}@3eOj#gqJ!uvTqBL5bupU91UK#d|IdxBUZAeh1
z>rAI#*Y4jv>uhOh7`S@mnsl0g@1C;k$Z%!d*n8#_$)l}-1&z2kr@M+xWoK<npW$w?
zLm%afv@2#fg&=Uhvvf<~y|f{jBJ`%Gs75wAvr{)ey=_~}lskP$J-byKh0|$n0--Qo
zT4Zcb(oa{x(G+eMEz?6DjD^^tmuf@*z`CZ@0T0y-`Z=8jo8!KKA4lrWL1AZGoYN&)
zxu!B$D%BI^l+w#rSlwof?Bc{;pLs$PYnNdL)mp|a)1jr<9GPKo+=64^UqI$sJ+2r{
z=LijWf3g679DeAKo1^oN(KWA*%svT}im=j{OlHh81PX$dKfs$9Q0H_;Tb!5q@Lz>R
z!KySy-7h&Bf}02%JeXmQGjO3ntu={K$jy$rFwfSV8!zqAL_*&e2|CJ06`4&<l8I{l
zQ60Pi4Vw&xeBXG&MOF-i!v#%SCHblu05?%ym>0+ceI026REfNT>JzAdwmIlKLEr2?
zaZ#d*XFUN*g<P=9;v-*8tsSVmp{xdOuqy*@uxEW<<h8&Os&-t^1Krbah^JeP%^IZ&
z3w)>pzOxq)cysr&<Pt5+W;Z;L;Fe@?j)t1?k-yd-aNnW{cXSEJ7S|?~N!44hY)~N2
z$zC40dpcLQpFfV+UKZD=3ixS4Hzk*_Bii6-Svrz+!L630nwy{+a+f->#6zNdDDPH%
zd8_>3B}uA7;bP4fKVdd~Og@}dW#7<IdSV&DiG9!BYvUY)yqQwFI-vN;w{W;p2z_gI
zZMsfduelF?%?;b}yJgj|bE##`hPcV=Znmo^IY<6p?1G^z%e`u&tC-G;?>4ceETOE-
zlZgQqQfEc?-5ly(Z5`L_CCM!&Uxk5#wgo=OLs-kFHFG*cTZ)$VE?c_gQUW&*!2@W2
z7Lq&_Kf88OCo?BHCtwe*&fu&8PQ(R5&lnYo8%+U73U)Ec2&|A)Y~m7(^bh299REPe
zn#gyaJ4%o4>diN3z%P5&_aFUmlKytY$t21WGwx;3?UC}vlxi-vdEQgsKQ;=#sJ#ll
zZeytjOad$kyON4XxC}frS|Ybh`Yq!<(IrlOXP3*q86ImyV*mJyBn$m~?#xp;EplcM
z+6sez%+K}Xj3$YN6{}VL;BZ7Fi|iJj-ywlR+AP8lq~mnt5p_%VmN{Sq$L^z!otu_u
znVCl@FgcVXo510e@5(wnko%Pv+^r^)GRh;>#Z(|#cLnu_Y$#_xG&nvuT+~gzJsoSi
zBv<tDs(g9hqTub+(+8z~)4}5g;<=ne?XlYAC;sQfDbCu^*Cxci8g4q)CyriW+-I*K
z_7k4(7=A}F8Xz1AQ;{=UwVZO<DqgS@>X`|IS~xaold!`P!h(v|=>!5gk)Q+!0R<D7
z7wj2q^atm->1Ge7!WpRP{*Ajz$oGG$_?Ajvz6F0X?809o`L8prsJ*+LjlGfSziO;+
zv>fyRBVx#oC0jGK8$%$>Z;0+dfn8x;kHFQ?Rpi7(Rc{Uq{63Kgs{IwLV>pDK7yX-2
zls;?`h!I9YQVVbAj7<z}<Pn_>Ok1%Y+F?CJa-Jl>1x#UVL(lpzBBH4(6<w|b>v0^4
z3Tf`INjml5`F_kZc5M#^J|f%7Hgxg3#o}Zwx%4l9<O!k6ZMK~z7)CyZU$EaCr!F$4
zRRHVPe+rSXl&O^GFPm9~{0IB`-=yZBgyml><o|>yYG!WaYUA>+dqpRE3nw#YXIX%=
zi<zC7(?1GKvD%gjjvDIsmJK`1B!sdgWpc~U7B(>H3iYO<YTE!yOUe{Q#A@!eLw1|a
z%YAduPn<uyDh7WF6yyzj&Z2)TXFSVUaQk(iM$eqS?vB1P9r*8hT$A~@Ky%_Hjkmkc
zwx4|XotW6;e>~jr0nP5xp*VIa#-aa;H&%>{mfAPPlh5Fc!N7^{!z$;p-p38aW{gGx
z)dFS62;V;%%fKp&i@+5x=Cn7Q>H`NofJGXmNeh{sOL+Nk>bQJJBw3K*H_$}%<F1Xy
z3hhXA5Y2!L+&guH4C^NQedlpjaFgPzRDO6RO{ja+;ogrC)uK^t^9#vOsSOx(66s57
zqd901_9Uqj(Svp@hbr_oUW2$s&T|6|qvD})Aos8l9+3H<pTMKC*?QzGhXsFp2`zF`
z*EUcoU#DUUL36UeeRwM^7C%_N<$?Dn&Qdi~wA`EqjJHfZ^teq2oh&rf^o!cy5TF5e
zCWF#Gby_wxzFV9K+c)=GmqDccs0)pK7@`AzT-Hzsd+g<a#U%Y>*xJM=Kh;s#$@RBR
z|75|g85da@#qT=pD777m$wI!Q8SC4Yw3(PVU53bzzGq$IdGQoFb-c_(iA_~qD|eAy
z@J+2!tc{|!8fF;%6rY9`Q!Kr>MFwEH%TY0y>Q(D}xGVJM{J{aGN0drG&|1xO!Ttdw
z-1^gQ&y~KS5SeslMmoA$Wv$ly={f}f9<{Gm!8ycp*D9m*5Ef{ymIq!MU01*)#J1_!
zM_i4{LYButqlQ>Q#o{~W!E_#(S=hR}kIrea_67Z5{W>8PD>g$f;dTvlD<w0Z4y?s8
zfD1Dt>=X@T$8D0;BWkle@{VTd&D5^)U>(>g(jFt4lRV6A2(Te->ooI{nk-bZ(gwgh
zaH4GT^wXPBq^Gcu%xW#S#p_&x)pNla5%S5;*OG_T^PhIIw1gXP&u5c;{^S(AC*+$>
z)GuVq(FT@zq9;i{*9lEsNJZ)??BbSc5vF+Kdh-kL@`(`l5tB4P!9Okin2!-T?}(w%
zEpbEU67|lU#@>DppToestmu8Ce=gz=e#V+o)v)#e=N`{$MI<vT<GM$R1^~WLnc5!{
z@958o<EvPQ&k11@cjnB#>5P0O)_fHt1@aIC_QCv=FO`Qf=Ga%^_NhqGI)xtN*^1n{
z&vgl|TrKZ3Vam@wE0p{c3xCCAl+RqFEse@r*a<3}wmJl-hoJoN<|O2zcvMRl<#BtZ
z#}-bPCv&OTw`GMp&n4tutf|er`@#d~7X+);##YFSJ)BitGALu}-N*DJdCzs(cQ?I-
z6u(WAKH^NUCcOtpt5QTsQRJ$}jN28ZsYx+4CrJUQ%egH<Phd6Sk}<Xro4d#<Y0mKC
zQkt%DvN^gqGi$mVBl#*VzYGhXkkGDf@U(rqLeWQ^q3J}YiccOqls_L9j)Hj2EWcp>
zo#tMoywhR*oeIkS%}%WUAIbM`D)R6Ya&@sZvvUEM7`fR0Ga03*=qaEGq4G7-+30Ck
zRkje{6A{`ebq?2BTFFYnMM$xcQbz0nEGe!s%}O)m={`075R0N9KTZ>vbv2^e<WY4X
z@UXn(IA6Crv-JA;^MKtVD&WZ)t_Wc_vL7p_yF1{(P|=punYOs&(jL?Vf$`$duwOGp
z_x>ml>@}722%!r#6<YxxJhDQJXwBZj%iq4sjwiNLTk&WcRx_OWG*spYVn1R}-n^)G
zbx{%JE_0+q6Zzwc3Z(|+*-7_9r9yi77ANwz$eufzeRJ@=!MGi&w7vm1gQ9u5)sJqW
z#~RhA09`_oP_bIY&oKc<0pxW8c<PO|*}B~r+AeK&Jsoed&~})gurno>Wto}?vNst?
zs`IasBtcROZG9+%rYaZe^=5y3chDzBf><MO&yc^#<=bEx#}i|gS>;|5sP0!sP(t^=
z^~go8msT@|rp8LJ8km?4l?Hb%o10h7(ixqV65~5Y>n_zG3AMqM3UxUNj6K-FUgMT7
z*Dy2Y8Ws+%<f!Dy6ZMTc2jU5ojXRCWdHD+DrWPxu27RD3&ExYh1ph)Q6L>`Z*~m9P
zCWQ8L^kA2$rf-S@qHow$J86t)hoU#XZ2YK~<gQ;1-*5`g{R*_GXMchJ*KDa1{rpdo
z#807<TvA6?!fb(5azh9e-?Nh@ZC?YMw%Sdmyqn2OJ7eyWt;jo;HuSWXvL}$5fqpp9
z$&&wE1d~Z_rsffVfVc^PfQbHQsQshJRck?c;EcNZ#R1jJIC%a@q!enP)ub3+Omt0b
zFit2SmFyCYPbShzOzTSw1~c9p77jz%NI+S0G=2-umH{NP%U$5MkdPr!W=JJBMJ%*Q
zcom%`w45d21F~{zyvdBduxJH;23wXIyg@ax*l%~e9OHdY)#!hY(-@E!$bI-RROjtH
zD5v-61#I6$9rF~tfrfm|$>9GXVR|*`f6`0&8j|ss_Ai-x=_;Df^*&=bW$1nc{Gplm
zF}VF`w)`5A;W@KM`@<9Bw_7~?_@b{Z`n_A6c1AG#h#>Z$K>gX6reEZ*bZRjCup|0#
zQ{XAb`n^}2cIwLTN%5Ix`PB*H^(|5S{j?BwItu+MS`1)VW=TnUtt6{3J!WR`4b`LW
z?AD#ZmoyYpL=903q3LSM=&5eNP^dwTDRD~iP=}FXgZ@2WqfdyPYl$9do?wX{RU*$S
zgQ{OqXK-Yuf4+}x6P#A*la&^G2c2TC;aNNZEYuB(f25|5eYi|rd$;i0qk7^3Ri8of
ziP~PVT_|4$n!~F-B1_E<iCG)1M`bUD+FtpMK82&QOYEq6V8mAV-7UqvY_r6vbAm^$
zN9Rb7x>t<0OJZ*e+MN;5FFH`iec(lHR+O%O%_RQhvbk-NBQ+$)w{D+dlA0jxI;z|P
zEKW`!X)${xzi}Ww5G&@g0akBb_F`ziv$u^hs0W&FXuz=Ap>SUMw9=M?X$`lgPRq11
zqq+<rS8mCv3w!cdS8PuzZ!odE*{%sd$=^+&Cx`C{KaVKy@Xxc~5!9e`DR34r?Gzm{
z)Uz<Kx7Ro!Wc`H+`|R=r2bXgS<>n44qL;pgGO+*DEc+Euv*j(#%;>p)yqdl`dT+Og
zZH?FXXt`<0XL2@PWYp|7DWzFqxLK)yDXae&3P*#+f+E{I&h=$UPj;ey9b`H?qe*Oj
zV|-qgI~v%&oh7rzICXf<TFBT?!jsDAwTMCz%2pOP1h?nUQZO3kN<%&ZKW`g1ig<|j
zkO7M_?Me5p)$(rM>Zmg$8$B|zkjli<S+t?|6j)AedXb>Q=e4jFgYCLR%yi!9gc7>N
z&5G#KG&Hr+UEfB;M(M>$Eh}P$)<_IqC_WKOhO4(cY@Gn4XF(#aENkp&D{sMQgrhDT
zXClOHrr9|POHqlmm+*L6CK=OENXbZ+kb}t>oRHE2xVW<;VKR@ykYq04LM9L-b;eo&
zl!QQo!Sw{_$-qosixZJWhciN>Gbe8|vEVV2l)`#5vKyrXc<gy!bun3%k2qG-T9N=b
zMvRY8vT4J4=8k^s>6E`zmH(76nGRdL)pqLb@j<&&b!qJRLf>d`rdz}^ZSm7E;+XUJ
ziy;xY&>LM?MA^v0Fu8{7hvh_ynOls6CI;kQkS2g^OZr70A}PU;i^~b_hUYN1*j-DD
zn$lHQG9(lh&sDii)ip*{;Sb_-Anluh`=l~qhqbI+;=ZzpFrRp&T+UICO!OoqX@Xr_
z32iJ`xSpx=lDDB_IG}k+GTYG@K8{rhTS)aoN8D~Xfe?ul&;jv^E;w$nhu-ICs&Q)%
zZ=~kPNZP0-A$pB8)!`T<aB9KJMxDz@-$Jj~C4@&77BcfV0J-%~spcFrsc2EwFsg(M
zZK;Ea9l&J(XpF;+!9@?_%f!a!PeJ&oGD}&#g12ktJsa4(k`1-qc_~|t;bsIS4}-9~
zgSN}(#k`=AFk7!oWt0iiR=WnauwUj}OH$vOruZa6cJ)KvS+7q-un`<24}|a+PC*~5
z#M90qM+SW`Ei-85;h|W?o9f~NP(y&!Imr%pXfo?YBwowJ4e~0neUtP<FhcgGnQgFl
zMn@g^XG}UrM&E)*UZTWLkYY$+Gy4mn;{d!fOfd@3odW%(h`Z^1Of=a|F=YdeF%+10
zI_Y5<JwD6_hckd5zvfi}0z>EqE`tY3Mx^`%O`?EDiWsZpoP`e-iQ#E>fIyUx8XN0L
z@S-NQwc;0HjSZKWDL}Au_Zkbh!juuB&mGL0=nO5)tUd_4scpPy&O7SNS^aRxUy0^<
zX}j*jPrLP4Pa0|PL+nrbd4G;YCxCK-=G7TG?dby~``AIHwxqFu^OJhyIUJkO0O<>_
zcpvg5Fk$Wpj}YE3;GxRK67P_Z@1V#+pu>pRj0!mFf(m_WR3w3*oQy$<!cy1C(1uEe
zxw2t`s3C^K;tPSLWOD=@KXZ+>s39~U7Cb}p(N&8SEwt+)@%o-kW9Ck=^?tvC2$b9%
ze9(Jn+H`;uAJE|;$Flha?!*lJ0@lKfZM>B|c)3lIAHb;5OEOT(2453m!LgH2AX=jK
zQ93An1-#l@I@mwB#pLc;M7=u6V5IgLl>E%gvE|}Hvd4-bE1>gs(P^C}gTv*&t>W#+
zASLRX$y^DD3Jr<oR!_Gl`^bd;6|r{kFhrLMO)AS1FHMm|z9b5omko*v0T27qchh5Y
z*1}m#Gl4T|$yC21WS?+&v;4{h42B%5BhRy2#YF<?V%;zpffZ?7qTOH-fYD9dK)>ht
zwyt`yuA1j(TcP*0p*Xkv>gh+YTLrcN_HuaRMso~0AJg`^nL#52dGBzY+_7i)Ud#X)
zVwg;6$WV20U2uyKt8<)jN#^1>PLg`I`@Mmut*Zy!c!zshSA!e^tWVoKJD%jN&ml#{
z@}B$j=U5J_#rc%T7(DGKF+WwIblEZ;Vq;CsG~OKxhWYGJx#g7fxb-_ya*D0=_Ys#f
zhXktl=Vnw#Z_neW>Xe#EXT(4sT^3p6srKby4Ma5LLfh6Xr<HHShTfTbBDm)Dm@_=`
z=I}+(0z8#g-0|7+t+diLEtP}JotX9}HW7M#v-6AJD^!|!E7=b6#6_H2xRI?=$9OsQ
zZsV<wovu&!gz~VC8!g%|E-skb$4`*3`&3$5p-?|4bxpN%?C5TeFW7b%s`dxa8#_1d
zWiEKYKuJiWT_z;_kF_I<s`Qv5<=vpX$ENR8F|gJ>HGFGgM;5Z}jv-T!f~=jT&n>Rk
z4U0RT-#2fsYCQhwtW&wNp6T(im4dq>363H^ivz#>Sj;TEKY<)dOQU=g=XsLZhnR>e
zd}@p1<i_4z?&ZjCbfs^<TVyq_gn-ZPma2Tl+Rr3cG$VY7%R>B;hMsL~QH2Wq>9Zb;
zK`0`09fzuYg9MLJe~cdMS6oxoAD{kW3sFAqDxvFM#{GpP^NU@9$d5;w^WgLYknCTN
z0)N425mjsJTI@#2kG-kB!({*+S(WZ-{SckG5^OiyP%(6DpRsx60$H8M$V65a_>oME
z^T~>oG7r!ew>Y)&^MOBrgc-3PezgTZ2xIhXv%ExMFgSf5dQbD=Kj*!J4k^Xx!Z>AW
ziZfvqJvtm|EXYsD%A|;>m1Md}j5f2>kt*gngL=enh<>#5iu<V0AwsLagi<qWph#{n
zilo3pn-vUsh3~2{N}RyPu1&1Wf1_^4`M9oB-DVWaaWGjVrP7cB7a5NJ+K@uZ?aP0n
zAKQ{$ZVEx4SLd|HsV=@+D4Et8_sm*3vel+&)gkvjDV8gssB#X9#E=^8;0Msn6X(8Q
zt8EvZQ!NbeN~!%W(_Y<AY*C$jy1E^f*Ou%ovZL#qng47$JPIM?7nv0nTj`{4uPdPv
zVZ*B6+azr1Ff@<TYVRa!1^tw#;)vHv+);t+PRmK^usZehB2e!k@a3Q!o&Oe;&$wXq
zJape+zdmZYAF)21oEu=DMWusQnBQka{VlhUsNYK=BD1jx7vuLr`nGp(W*fP4rE{&p
z?2@(9ZRl$oYUiFq^LY&mzCMAmw1~0Ht`>d0dS1P%u2o+>VQ{U%(nQ_WTySY(s#~~>
zrTsvp{lTSup_7*Xq@qgjY@1#bisPCRMMHnOL48qi*jQ0xg~TSW%KMG9z<AVs`$48n
z4j5^v2xW+0|DmmS<ZAV-*l6HNS2LzK39~qBG;w4-J(vA;pH=i{lBKEsjr@tt!g3L&
zsaFmOy42FyBeCVR#oRJ$^~7xl{*ig<ScAO$Q(Q+5Kop6%U)$~oo>N<LGiN=<$-9Oi
z&^t1D#F7O`Q2b>1(tjXix()2$N}}K$AJ@GUth+AyIhH6Aeh7qDgt#t*`iF5#A&g4+
zWr0$h9Zx6&Uo2!Ztcok($F>4NA<`dS&Js%L+67FT@WmI)z#fF~S75TUut%V($oUHw
z<dq>$IJsL0X$KfGPZYjB9jaj-LaoDD$OMY4QxuQ&vOGo?-*9@O!Nj>QBSA6n$Lx|^
zky)4+sy{#6)FRqRt6nM9j2Lzba!U;aL%ZcG&ki1=3gFx6(&A3J-oo|S2_`*w9zT)W
z4MBOVCp}?4nY)1))SOX#6Zu0fQQ7V{RJq{H)S#;sElY)S)lXTVyUXTepu4N)n85Xo
zIpWPT&rgnw$D2Fsut#Xf-hO&6uA0n~a;a3!=_!Tq^TdGE&<*c?1b|PovU}3tfiIUu
z){4W|@PY}zJOXkGviCw^x27%K_Fm9GuKVpd{P2>NJlnk^I|h2XW0IO~LTMj>2<;S*
zZh2uRNSdJM$U$@=`zz}%;ucRx{aKVxxF7?0hdKh6&GxO6f`l2kFncS3xu0Ly{ew0&
zeEP*#lk-8-B$LD(5yj>YFJ{yf5zb41PlW7S{D9zC4Aa4nVdkDNH{UsFJp)q-`9OYt
zbOKkigbmm5hF?ttt<p~r3Qg2`@yJOV`f20inh6w0i@GUo=RO&Bi2rW<I^<0DVsu8b
zyO>n;S4g^142AF^`kiLUC?e7=*JH%Qe>uW=dB24NQa`;lm5yL>Dyh@HbHy-f%6Vz^
zh&MgwYsh(z#_fhhqY$3*f>Ha}*^cU-r4uTHaT?)~LUj5``FcS46oyoI5F3ZRizVD%
zPFY(_S&5GN8$Nl2=+YO6j4d|M6O7CmUyS&}m4LSn6}J`$M0ZzT&Ome)ZbJDFvM&}A
zZdhDn(*viM-JHf84$!I(8eakl#zRjJ<!59ig7G8GV`ZI^M_a-~N&Yt3A}07Fn-b_~
zX#(FhFBF*6aANJE97Pg?5ouuiJVzi(!zhN(#)eChItW)9&s*SwtqxrS>H4qfw8=60
z11Ely^FyXjVvtv48-Fae7p=adlt9_F^j5#ZDf7)n!#j?{W?@j$Pi=k`>Ii>XxrJ?$
z^bhh|X6qC8d{NS4rX5P!%jXy=>(P+r9?W(2)|(=a<ahaquu+U!HM5@y-`9$(F%q7X
z(X3D*e14Cpy%ebGI3j!63MkmcTrM%>^s^l~x*^$Enw$~u%WRuRHHFan{X|S;FD(Mr
z@r@h^@Bs#C3G;~IJMrERd+D!o?HmFX&#i|~q(7<upnDy~H=_Lnn3!RG#x8wy{satU
z&x)0N<hr6c(>QR3f8QDip?ms6|GV_$86aDb|5pc?_-jo6vmWqYi{P#?{m_AesA4xX
zi&ki&lh0yvf*Yw~@jt|r-=zpj!bw<6zI3Aa^Wq{|*WEC}I=O!Re!l~&8|Vu<$yZ1p
zs-SlwJD8K!$(WWyhZ+sOqa8cciwvyh%zd`r$u;;fsHn!hub0VU)bUv^QH?x30#;tH
zTc_VbZj|prj7)d%ORU;Vs{#ERb>K8>GOLSImnF7JhR|g$7FQTU{(a7RHQ*ii-{U3X
z^7+vM0R$8b3k1aSU&kxvVPfOz3~)0O2iTYinV9_5{pF18j4b{o`=@AZIOAwwedB2@
ztXI1F04mg{<>a-gdFoRjq$6#FaevDn$^06L)k%wYq03&ysdXE+LL1#w$rRS1Y;BoS
zH1x<vfMvOott9mbeJr119K?b32afaI3&Fx<>}{ms>LHWmdtP(ydD!aRdAa(d@csEo
z0EF9L>%tppp`CZ2)jVb8AuoYyu;d^wfje6^n6`A?6$&%$p>HcE_De-Zh)%3o5)LDa
zskQ}%o7?bg$xUj|n8gN9YB)z!N&-K&!_hVQ?#SFj+MpQA4@4oq!UQ$Vm3B`W_Pq3J
z=ngFP4h_y=`Iar<`EESF9){%YZVyJqLPGq07TP7&fSDmnYs2NZQKiR%>){imTBJth
zPHr@p>8b+N@~%43rSeNuOz;rgEm?14hNtI|KC6Xz1d?|2J`QS#`OW7gTF_;TPPxu@
z)9J9>3Lx*bc>Ielg|F3cou$O0+&LTb34_*ZJhpS&$8DP>s%47a)4ZLw`|>s=P_J4u
z?I_%AvR_z8of@UYWJV?~c4Yb|A!9n!LEUE6{sn@9+D=0w_-`szJ_T++x3MN$v-)0d
zy`?1QG}C^KiNlnJBRZBLr4G~15V3$QqC%1G5b#CEB0VTr#z?Ug%Jyv@a`QqAYUV~^
zw)d|%0g&kl{j#FMdf$cn(~L@8s~6eQ)6{`ik(RI(o9s0g30Li{4YoxcVoYd+LpeLz
zai?~r)UcbYr@lv*Z>E%BsvTNd`Sc?}*}>mzJ|cr0Y(6rA7H_6&t>F{{mJ^xovc2a@
zFGGDUcGgI-z6H#o@Gj29C=Uy{<kA$h8|s=?6E2OBcx29=^6+bRV*Gl|MfNNy<2>wv
zQHY2`HZu8+sBQK*_~I-_>fOTKEAQ8_Q~YE$c?cSCxI;vs-JGO`RS464Ft06rpjn+a
zqRS0Y3oN(9HCP@{J4mOWqIyD8PirA!pgU^Ne{LHBG;S*bZpx3|JyQDGO&(;Im8!ed
zNdpE&?3U?E@O~>`@B;oY>#?gXEDl3pE@J30R1;?QNNxZ?YePc)3=NS>!STCrXu*lM
z69WkLB_RBwb1^-zEm*tkcHz3H;?v<RWY@dX)dRkh9|+|TpkW%)^_l5%$Dw3vn{~Nu
zzM5_zat<k<S-Q-2xofOm+XGr1wFensKae%F=6Hl^qgs4fK)|0jQJiAlJDXKVIyc~>
z;q+x0Jg$|?5;e1-kbJnuT+^$bWnYc~1qnyVTKh*cvM+8yJT-HBs1X@cD;L$su65;i
z2c1MxyL~NuZ9+)hF=^-#;dS#lFy^Idcb>AEDXu1!G4Kd8YPy~0lZz$2gbv?su}Zn}
zGtIbeYz3X8OA9{sT(aleold_?UEV{hWRl(@)NH6GFH@$<8hUt=dNte%e#Jc>7u9xi
zuqv!CRE@!fmZZ}3&@$D>p0z=*<BIEuLx27-hwsSaC;3TU6feX9=H(Gd7$DCk*mk4J
z5<E+J^C$kuE4@_fp0ymqcNQ)@M~{GTq46D*wHxDy0D8DsyPM-y96D|vJnvK-Iw4-<
z-r}q5YcXOvQolS_q{BBSzYKk5#0M5r6Ucr9ny3ZB3ZjmX&ocz8U6!@wnXE&3e_Ozc
zN_W?^n94l1o9?K|`Pwr&^7)z{o*vC<diA86n{xQ(3!AC?HhO#d*f7?_C*KW;(==~I
zgsx1*Q5>dfQ_=IE4bG0hLmT@OP>x$e`qaqf_=#baJ8XPtOpWi%$ep1Y)o2(sR=v)M
zt(z*pGS$Z#j_xq_lnCr+x9fwiT?h{NEn#iK(o)G&Xw-#DK?=Ms6T;%&EE${Gq_%99
z6(;P~jPKq9llc+cmI(MKQ6*7PcL)BmoI}MYFO)b3-{j>9FhNdXLR<^mnMP`I7z0v`
zj3wxcXAqi4Z0kpeSf>?V_+D}NULgU$DBvZ^=0G8Bypd7P2>;u`yW9`%4~&tzNJpgp
zqB+iLIM~IkB;ts!)exn643mAJ8-WlgFE%Rpq!UMYtB?$5QAMm)%PT0$$2{>Yu7&U@
zh}gD^Qdgu){y3ANdB5{75P;lRxSJPSpQPMJOiwmpMdT|?=q;&$aTt|dl~k<aJt>vS
z+*i;6cEQJ1V`R4Fd>-Uzsc=DPQ7A7#VPCIf!R!KK%LM&G%MoZ0{-8&99H!|UW$Ejv
zhDLX3ESS6CgWTm#1ZeS2HJb`=UM^gsQ84dQpX(ES<z(&&3-aTkgymIxhy>WSkjn>O
zVxg%`@mh(X9&&wN$lDIc*@>rf?C0AD_mge3f2KkT6kGySOhXqZjtA?5z`vKl_{(5g
z&%Y~9p?_DL{+q@siT~*3Q*$<RlC-xqleM?Ec6In?W0lH={DvSR9}KBmbih)w3^b}V
z6=~BD`1%5jSb?D+v2L<p5w94z7I;uS$!LCo!EzK>nWXQfNN;%s_eHP_A;O`N`SaoB
z6xYR;z_;HQ2xAa9xKgx~2f2xEKiEDpGPH1d@||v#f#_Ty6_gY>^oZ#xac?pc-F<Yh
zR_K?RiJ2oubCQ7^1AS@qhuw(e$?q0+SO_{-L;S1`TW&JG1MgIoKYffYS!p}+_O>`@
z*}8sPV@xiz?efDMcmmezYVw~qw=vT;G1xh+xRVBkmN66!u(mRG3G6P#v|;w@anEh7
zCf94arw%YB*=&3=RTqX?z4mID$W*^+&d6qI*LA-yGme;F9+wT<b@sM1y@yn4yfx{P
z9%qz6XAom3tkCH+4C-y<f5k@Iqr-DdIWdY4&_H<h82%2S#%euBYujZW%8ZeU^rQBg
zA7yk@0FV}qNUK9BTrUzJ>sNXNaX~zl2+qIK&D-aeN4lr0+yP;W>|Dh?ms_ogT{DT+
ztXFy<Fw<O&uN$I0yh{4kw%T3c-3IOeEqAa9Q=sJ%Fg2yM^<K4`&IuS{#_e=-Mwq*o
zmtrN@38$|+o}@!NTFNIFo$J$G$cM1(bSJ+vZkw{_%ngPw;8=;t;^L?=xu}ryFVg{U
zJDboU4GdWnuPTJgXDGqT<plV`P%=gC0bTZ!L|VoC1cp_PHT)5Gk<|+}{S#3AglpUW
zw4=y?IH6Q|t0Bi7w)rDspNF`hiUxuTN(r~ff>*R7j4IX;w@@R9Oct5k2M%&j=c_<x
zARHp2${;hHY<Zu<0hr7^)J=|ztMqh^o9b7=1tjqRcBfHw+P<aX%bEYbV>rWvoul+`
z<18FH5D@i$P38W9VU2(EnEvlJ(SHCqTNBa)brkIjGP|jCnK&Qi%97tikU}Y#3L?s!
z2ujL<P!NRJ;pb74B&2(*v3*=3C!ajoaM60iA_@<lvU~#?VK-;@%lYHB2=eH-KxgS<
z3i#RNOMZJchy9nvNjDb0=f@rmka`3-bWXl8OHR4)aO2^v4cBJ%E*CX5X*<ZQ+AS~m
z?8^bTUzZ~COr-~s{^h95hevs!x9XDgh_-Hg6obm0Q<rc*joOsUc&+lC)h3P6P12zC
z;jK2>%YiHO-#!|g5066V01hgT#>fzls7P>+%D~ogO<LgVQBY|7$Ac^C0gtdq_kF$l
zi!CRQINa@vQ85Af^0J}#!;epD{+|dHV}_c;Kk$|B7{$?iB>T<KE*!;%_1exy!;V7Z
zUhkB^36gRN(xP$|@1%SxpmRqoP<e^D1Zaq)zHs>&!Whb4iF=CnCto82Yb#b`YoVsj
zS2q^W0Rj!RrM@=_GuPQy5*_X@Zmu`TKSbqEOP@;Ga&Rrr>#H@L41@ZX)LAkbo{G8+
z;!5EH6vv-ip0`tLB)xUuOX(*YEDSWf?PIxXe`+_B8=KH#HFCfthu}QJylPMTNmoV;
zC63g%?57(&osaH^sxCyI-+gwVB|Xs2TOf=mgUAq<u+6a=o_#tNo<$cUz+tJYgt74L
z&bXb|lg8YWz0xqU_>?V~N_5!4A=b{AXbDae+yABuuu3B_XSa<ShO1FW&?3jUN>4~c
z1s-OW>!cIkjwJf4ZhvT|*IKaRTU)WAK=G|H#B5#NB9<{*kt?7`+G*-^<)7$Iup@Um
z7u*ABkG3F*Foj)W9-I&@BrN8(#$7Hdi`BU#SR1Uz4rh&=Ey!b76Qo?RqBJ!U+rh(1
znw@xw5$)4D8OWtB_^pJO*d~2Mb-f~>I!U#*=Eh*xa6$LX?4Evp4%;ENQR!mF4`f7F
zpG!NX=qnCwE8@<qR|&r{mxRcyemI&JFVUqTNe$Yqx3)%E2Ra>NAbQV`*?!v0;NJ(|
zBip8}VgFVsXFqslXUV>_Z>1gmD(7p#=WACXaB|Y`=Kxa=p@_ALsL&yAJ`*QW^`2@%
zW7~Yp(Q@ihmkf{vMF?kqkY%<z|HOVSkQhWsSTQ6i-lIJIJttZ!JjiiJ_ow$&kvWXq
z`4$VhLEd>SwG^t&CtfRWZ{syK@W$#DzegcQ1>~r7foTw3^V1)f2Tq_5f$igmfch;8
zT-<)?RKcCdQh6x^mMEOS;4IpQ@F2q-4IC4%*dU@jfHR<!`n5T9XSWr^nRn_u@rV=u
zWX}y_M)4?RA-|XAaToL3ZVTT=syG^~aU{{FH*Jsr?3^#XwL!huM!u*w-JwRve<&BM
z>4UdG>Usw4;7ESpORL|2^#jd+@zxz{(|<QJ)PEm)axi-e#yUYztv}U&Z^voJ1p2FR
z&+$VepO9z>RV*1WKrw-)ln*8LnxVkKDfGDHA%7`HaiuvhMu%*mY9*Ya{Ti#{DW?i0
zXXsp+Bb(_~wv(3t70QU3a$*<$1&zm1t++x#wDLCRI4K)kU?Vm9n2c0m@T<Z=DL!m#
zR31}F2Sr7!8C9b&9FSRt1}wG&Fy>yUV&&l9%}fulj!Z9)&@yIcQ3gX}l0b1LbIh4S
z5C*IDrYxR%qm4LVzSk{0;*npO_SocYWbkAjA6(^IAwUnoAzw_Uo}xYFo?Y<-4Zqec
z&k7HtVlFGyt_pA&kX%P8PaRD8y!Wsnv}NMLNLy-CHZf(ObmzV|t-iC#@Z9*d-zUsx
zxcYWw{H)nYX<H!OG74jpEvhynVg$Z6r^t$teoZF6&9mSZRfQSgzy#)7=dgb*gX2L6
zkLoVmidaPj$WO9534y?PN?$Pa*jcoSGD~uM4eiqhcderFtU*s!koalLsXq58q7OKr
z8mL~&vDPR1o!}gGqE@mB9)ll0Y+I3pg_@?($X#+g<X*Bc<fN?K>VdnJu5o-U+fn~W
z-$h1ax>h{NlWLA7;;6TcQHA>UJB$KNk74T1xNWh9)kwK~wX0m|Jo_Z;g;>^E4-k4R
zRj#pQb-Hg&dAh}*=2;JY*aiNZzT=IU&v|lQY%Q|=^V5pvTR7^t9+@+ST&sr!J1Y9a
z514dYZn5rg6@4Cy6P`-<Ip*0h@4^E-te%|Hygl8G7!?4YJmmD)iTnFnXlRh>?!3Y&
z?B*5zw!mTiD2)>f@3XYrW^9V-@%YFkE_;PCyCJ7*?_3cR%tHng9%ZpIU}LJM=a+0s
z(SDDLvcVa~b9O!cVL8)Q{d^R^(bbG=Ia$)dVN_tGMee3PMssZ7Z;c^Vg_1CjZYTnq
z)wnF8?=-MmqVOMX!iE?YDvHCN?%TQtKJMFHp$~kX4}jZ;EDqP$?jqJZjoa2PM@$uZ
zF4}iab<QEgXXhnd2;4rDSDgrcTv7~<DDN^=G=PSLBDxkg$c{YxQKz`lJO^y?8pfm9
zt^nd=ih;P9fmU8c=`6;a7jt^1&=Y67cw(v4eSp%ElSN)TuO|J=3b=0!maKgZW`DFf
zSy{X`Q)Gr|MoRxBY@krh6yO>1b5ep)L;jdegC3{<!<?;*J=R#rpw0<3&}6qn&=Qj)
z&e+IcP9Rz*wB8am3aW`T=#OJ#D@k8{jz0Y29E7R~mAMhtu?g3TAvkw^;&xX`tmgE|
zv^HiNoJBppf(Xm?i1;syXnI4Kn!IJlt@sOk+<|QQOYt{eZdrGA;vkZbOkt?Ba2HIo
zzjIO-T$11Tq)1`{dVa~e5V0({5ZU}cg(#C<A!}p9utp!2_QB+luRxxnNctT}@wh<9
zd*7bN#JQxas1}&Holy6BMg#{Lu_fw~`KJ<7j}u1ll;wth+Lnnxrq1~QmSi!Y(Nlgt
zxGphCr!e$X^);_GRTzJywtv&3ll_kEI;?Q|01;m03Qwiop_SN!O?|Kz%cH7e4$=v$
zufVL~L9kPYkFA}j-7Iv;Uh3q?Gq2+gV#BJM-fh7{Ftjp7y?9TBKX|T0oyT2`?;m+*
z)IkQ#@=2?2udS-L0MiL|9982kJ0h|{Yr`C`SZ0rYj)HfBOR~UYpVz^I_0K5WK!$+)
zs4$uUD>K4VnCH#OV;pRcSa(&Nm50ze-yZ8*cGv;@+N+A?ncc^2z9~|(xFhwOHmPW@
zR5&)E^YKQj@`g=;zJ_+CLamsPuvppUr$G1#9urUj+p-mPW_QSSHkPMS!52t>Hqy|g
z_@Yu3z%|wE=uYq8G>4`Q!4zivS}+}{m5Zjr7kMRGn_p&hNf|pc&f9iQ`^%78rl#~8
z;os@rpMA{ZioY~(<F66_*K|+nU;VoOpm}0{rO5$C*wF8(vtv}GE@=HH<Nk{pYFIF#
zdGD=>Rm!Wf#Wx##A0PthOI341QiJ=G*#}pDAkDm+{0kz&*NB?rC0-)glB{0_Tq*^o
zVS1>3REsv*Qb;qg!G^9;VoK)P*?f<*H&4Su1=}bP^Y<2PwFpoqw#up4Ig<U<gHghm
zE0#Y7<GK&2%{El%_Y)ca#APbrf%FUE9U^Nx(6!PnH=8Urc7uMy{d=TbHmLjRfA@%m
zBLDZ1+Bv%z+1UK66+2tg(+AZZ?fa`?lr{-?K~WgPGE3XWnPHDQcu-iF$rhQAC>X3L
z`w~8jsFCI3k~Y9g(Y9Km`y$0FS5vHb)kb)J<XzCZ+kRfXT7vI_;8{h?*WR3CZHtzQ
zDR=g3#{F~qz31g!ZszkOKMc5PK;YO2l-4eBvnw7aD+`q)HX6N%3^xI3AUwE`*|f;h
zDO#d6?3Vc2V2Xxe@3?pq_v9EJ3#v<2oI`(RI{U!^L%+YU)2s`*);LjP(gW@qYOh)L
zPY0s@Y{NF;L5v4VZC5+)%RZg#t9njPHLg-uH!f3GP}V%+^}&(*ga^hpok@JP<SyT4
zm&U-mu!sK-f**T9L_U(@DEw161V#V~QXkb3?oEb8C;{@l17vyW*I>b6q-9MbO{Hbb
zxg?IWQ1ZIGgE}wKm{axO6CCh~4DyoFU+i1xn#oyfe+<{>=^B5tm!!*1M?AW<qAZ%p
zqBl>8c=6g+%2Ft97_Hq&ZmOGvqGQ!Bn<_Vw`0DRuDoB6q8ME<;oL4kocr8E$NGoLI
zXWmI7Af-DR|KJw!vKp2SI4W*x%A%5BgDu%8%Iato+pWo5`vH@!XqC!yK}KLzvfS(q
z{!y(S-PKbk!qHsgVyxKsQWk_8HUSSmslUA9nWOjkKn0%cwn%yxnkfxn?Y2rys<JE*
zd6z;KD=#Q%;cSb%PH2V)%o{=Fx|k`{>XKS=t-TeI%DN$sQ{lcD!(s>(4y#CSxZ4R}
zFDI^HPC_l?uh_)-^ppeYRkPTPu~V^0Mt}#jrTL1Q(M;qVt4zb(L|J~sxx7Lva9`mh
zz!#A9tA*6?q)xThc7(gB<ny#3-hALo#K5~(NTrDll#>2Ryam$YG4qlh00c}r&$y6u
zIN#Qxn{7RKJ+_r|1G1KEv!&uKfXpOVZ8tK{M775ws%nDyoZ?bi3NufNbZs)zqXiqc
zqOsK@^OnlFMAT&mO3`@3nZP$3lLF;ds|;Z{W(Q-STa2>;)tjhR17OD|G>Q#zJHb*>
zMO<{WIgB%_4MG0SQi2;%f0J8l_FH)Lfaa>*GLobD#AeMttYh4Yfg22@q4|Itq};NB
z8;o*+@APqy@fPgrc&PTbGEwdEK=(x5K!If@R$NiO^7{#j9{~w=RBG)ZkbOw@$7Nhl
zyp{*&QoVBd<?r(PmG5eJ$o3z+HV5w1eeDp-rvnyYr;XeO2s}3%;u7*GZh4@3HEtn4
zl=_oilL7?}7({hJ(u2#?X>5lo<R;7Ivsy34t)%m;MhoOwp@KWu*vvBMNS|tbc6;}3
zpmPR_`W65;uBCDk3YIFuYZ@-W*_Ve$jbt<chLPyLl*T~u-9Iw2^SX15#ZeP(M%;??
z8Tyv)tkk-x*$;`<N;zq%`npv4>{iwl2gfyip@}IirZK;ia(&ozNl!-EEYc=QpYH_=
zJkv7gA{!n4up6$CrzDJIBAdC7D5D<_VLH*;OYN>_Dx3AT`K4Wyx8Tm{I+xplKP6k7
z2sb!i7)~%R#J0$|hK?~=u~rnH7HCUpsQJujDDE*GD`qrWWog+C+E~GGy|Hp_t4--}
zrxtrgnPh}r=9o}P6jpAQuDN}I*GI`8&%Lp-C0IOJt#o<LWWo^Dmj%NMD<@h&?0Gs;
z6)FA<Vxp%+oiZa^QrOWz-cjprk#BXB+XKySd9_XES;@3;wLHUg*Su?kSpjjdU`Su<
z!|N$yj0`p!E|t@nEV0e(1YB{2*>p)}XSr!ova@w{jG2V=?GXl3zEJJFXg)U3N>BQP
z*Lb@%Mx|Tu;|u>$-K(q^-<d@dEl3DmQcZJ9w#wRZ>HG!EQ3o93%w(A7@<y+Q*X@<~
zjX&YNFdh8ctHtbvY&9|NRffuw3miwYf8_fe>ngGU)HRWoO&&^}U$5x+T&#zri>6ct
zXOB#EF-;z3j311K`jrYyv6pOPF=*`SOz!ack=DuEi({UnAkL5H)@R?YbRKAeP|06U
z?-Ns0ZxD0h9D8)P66Sq$w-yF+1hEVTaul%&=kKDrQtF<$RnQPZ)ezm1`aHIjAY=!S
z`%vboP`?7mItgEo4w50C*}Ycqp9_3ZEr^F1;cEhkb`BNhbc6PvnXu@wi=AoezF4~K
zkxx%ps<8zb=wJ+9I8o#do)&{(=yAlNdduaDn!=xGSiuo~fLw~Edw$6;l-qaq#Z7?#
zGrdU(Cf-V@$x>O%yRc6!C1Vf`b19ly;=mEu8u9|zitcG^O`lbNh}k=$%a<a(jkHD&
z5E|{xtrO@buz>)UHhDwTEKis2yc4rBGR>l*(B$AC7ung&ssaZGkY-<sFP@AP+_60R
zAg>h(fpwcPyJSx*9EIJMRKbMP9}$nVrh6$g-Q^5Cw)BeWqb-qi#37ZXKL!GR;ql)~
z@PP*-oP?T|Thql<lGlaq*SE}O|Kg5v{p9U1#^sO|4i6$GN_=Fxac6SnsB!!bQwmxR
zzF`Y4Z9dIMc=u(+A?+H4+93(PKM20zf!d;g+9`$FibL)pAerKmD)Ym>GKR84zi^CN
z4TZ1A)7vL>ivoL2EU_~xl-P{p+sE}9CRwGJDKy{>0KP+gj`H9C+4fUMPnIB1_D`A-
z$1`G}g0lQmqMN{Y&8R*$xYUB*V}dQPxGVZQ+rH!DVohIoTbh%#z#Tru%Px@C<=|og
zGDDwGq7yz`%^?r~6t&>x*^We^tZ4!E4dhwsht#Pb1kCY{q#Kv;z%Dp#Dq;$vH$-(9
z8S5tu<X6lOB_R@a0Vr<O`jiFw>tZ}&JM2Iw&Y-7KY4h5BBvS=Ove0#+H2qPdR)WyI
zYcj)vB=MA{7T|3Ij_PN@FM@w(C9ANBq&|NoW30ccr~i#)EcH)T^3St~rJ0HKKd4wr
z@_+132;Bj+>UC@h)A<n=_{iu`>p*8B4r5A1lZ!Dh%H7&&hBnlFj@eayk=VD*i5AQc
z$uN8<jj%Mz=t#q{%FRx#WxsIUtYvHo`1^l=C=QT-Iv$#7$}3Wi-3pe_a7Q}nvc(HZ
zjbaBWJ-znO=(Ae|8a4S0?Kn>YG#PL;cuQa)Hyt-}R?&NAE1QT>svJDKt*)AQOZAJ@
zyxJoBebiobHeFlcLwu_iI&NEZuipnOR;Tn;PbT1Mt-#5v5b*8ULo7m)L-eti=UcGf
zRZXidmxeFgY!y80-*PH-*=(-W+fK%KyUKpg$X@tuv``tXj^*4qq@UkW$ZrAo%+hay
zU@a?z&2_@y)o@D!_g>NVxFBO!EyB&6Z!nd4=<EpWAIw*i`_(95Du;<hh`i0(OvU)o
zJAWpE*}wvy3Se90u|cilV!M2Sk<G3v`?@llEvy2X_;kh^wm@5miOB8tQzMjgS&WFy
z1_T#|P_NH5Ei^j{NKjDP=mteXU4Cz5b(0viVv>KyDP^hl!*(k{dEF6@NkXztO7gIh
zQ&PC+p-8WBv;N(rpfKdF^@Z~|E6pa)M1NBUrCZvLRW$%N%xIbv^uv?=C!=dDVq3%*
zgvbEBnG*JB*@vXx8>)7XL*!{1Jh=#2UrByF7U?Rj_}VYw88BwqefT_c<e4Q|cAR_y
zzPGw5XY8YH)i0W+ow;U(xdI9oqV)sU`cZ3Yu$@AG*n~rtRQ!HcH8>CTv8aTrRVjnn
z1HNCF=44?*&gs2`<Sd^EHgz7rQJ_Qfl@T}YZe28Av14ZY$;b?@?424@^eB+;ztot*
zn$~^)m?8zUpZ_NqAG(1!6#o5-0{veM6aF{Th=0KNAISZ?|G`Ifd0Bv>vCGJVHX@kO
z240eo#z+FhI0=yy6NHQwZs}a+J~4U<d8dmBO0TIJt+~2d+v+cq);kTXE+e(1USHSN
zNwc!GuI}8z==5Fp^DCD7KIzFAC-waC`u-a7zTNq<={$QcaFXMF687DGgNa19*9!??
zIFV5yoW@#^O(=1|%`9I)9Y1LzOmUJtIK$u1<;5%_oQ<!~SeSyox8YaGbcjE>-6X`@
zZ7j+tb##m`x%J66$a9qXDHG&^kp|GkFFMmjD(Y-k_ClY~N$H|n@NkSDz=gg?*2ga5
z)+f)MEY>2Lp15;~o`t`qj;S>BaE;%dv@Ux11yq}I(k|o&`5UZFUHn}1kE^gIK@qV&
z!S2IhyU;->VfA4Qb}m7YnkIa9%z{l~iPWo2YPk-`hy2-Eg=6E$21plQA5W2qMZDFU
z-a-@Dndf%#on6chT`dOKnU9}BJo|kJwgGC<^nfo34zOKH96LbWY7@Wc%EoFF=}`VU
zksP@wd%@W;-p!e^&-)N7#oR331Q)@9cx=mOoU?_Kih2!Le*8fhsZ8Qvo6t2vt+UOZ
zw|mCB*t2%z21YqL>whu!j?s~}-L`OS+jdg1(XnmYw$rg~r(?5Y+qTg`$F}q3J?GtL
z@BN&8#`u2RqkdG4yGGTus@7U_%{6C{XAhFE!2SelH?KtMtX@B1GBhEIDL-Bj#~{4!
zd}p7!#XE9Lt;sy@p5#Wj*jf8zGv6tTotCR2X$EVOOup;GnRPRVU5A6N@Lh8?eA7k?
zn~hz&gY;B0ybSpF?qwQ|sv_yO=8}zeg2$0n3A8KpE@q26)?707pPw?H76lCpjp=5r
z6jjp|auXJDnW}uLb6d7rsxekbET9(=zdTqC8(F5@NNqII2+~yB;X5iJNQSiv`#ozm
zf&p!;>8xAlwoxUC3DQ#!31ylK%VrcwS<$WeCY4V63V!|221oj+5#r}fGFQ}|uwC0)
zNl8(<?LlMOX%-wA6l`L9X38|nR$3cyaFLKGwqh<}hN1^NTPIB&B-fiVD=GN;!mkEd
zrZ~-Q^oflbYHe0^3!eS?_zBa=rmG1eKCb2a_YwtCHY7C`6Zqyde5Pu%W%v`?3Cqbo
z_ALc6sQ8bL3pMNAO~7O!ZDdor!-;=sGnJW2-pk6m>CF}PD`&Sj+p{d!B&&JtC+VuH
z#>US`)YQrhb6lIAYb08H22y(?)&L8MIQsA{26X`R5Km{YU)s!x(&gIsjDvq63@X`{
z=7{SiH*_ZsPME#t2m|bS76Uz*z{cpp1m|s}HIX}Ntx#v7Eo!1%G9__4dGSGl`p+xi
zZ!VK#Qe;Re=9bqXuW+0DSP{<gq0>uZ5-QXrNn-7qW19K0qU}OhVru7}3vqsG?#D67
zb}crN;QwsH*vymw(maZr_o|w&@sQki(X+D)gc5Bt&@iXisFG;eH@5d43~Wxq|HO(@
zV-rip4n#PEkHCWCa5d?@cQp^B;I-PzOfag|t-cuvTapQ@MWLmh*41NH`<+A+JGyKX
zyYL6Ba7qqa5j@3lOk~`OMO7f0!@FaOeZxkbG@vX<vJA&<M7ielhajv3<pqIc#T=<d
z5!XC6$9Zzd5N1yB3YIkxmE=Or75JkK(;tk5NYO;e2%y0~7Iq4(@^zemjVu3gn;k2h
z3pr-l^^1t)oS{lBub=&q*v-{Yor+}q*C%$OBr{Bh7_`KeZS3d~+}U*z^Vr7FCWCm$
z2w4q^9o%PrY=y+J<kc!1(Z8gb`+${nNibOU!ujz<plR`4ar9x6#1eT(9c_$fmz0&-
zVXep$WkZ4Nbvm%w$hWlUAA$2zWy&wWmG)?7m%&}>P<wwEw`l*m2D-%gz@e8LdJ@aK
z$*6HmJp<0gZmI6BLQM`}YJ$<M(i0=A?gL%JBkoHytmi7#XD+OZgsP8pN?#gLW@5=&
z=aZtd@1TB*YUW6yi5jlC6iDRHzo7(PY8G+Vmn$*S(%8%F+cb5~gJ|$XOXpQ&GMrT?
z$!W2eBPo$vsitpW`1GTw?A#Wer%N>(t3#U*fq8=GAPqUAS>vW2uxMk{a(<0=IxB;#
zMW;M+owrHaZBp`3{e@7gJCHP!I(EeyGFF;pdFPdeP+KphrulPSVidmg#!@W`GpD&d
z9p6R`dpjaR2E1Eg)Ws{BVCBU9-aCgN57N~uLvQZH`@T+2eOBD%73rr&sV~m#2~IZx
zY_8f8O;XLu2~E3JDXnGhFvsyb^>*!D>5EtlKPe%kOLv6*@=Jpci`8h0z?+fbBUg_7
zu6DjqO=$SjAv{|Om5)nz41ZkS4E_|fk%NDY509VV5yNeo%O|sb>7C#wj8mL9cEOFh
z>nDz%?vb!h*!0dHdnxDA>97~EoT~!N40>+)G2CeYdOvJr5^VnkGz)et<vAmb+D7=`
zfLJG@2}biua8X0Z?(4lCZZqmGg2`>&T9hr<I;LKB@tJlwjj=}SR5fOy_EE<RK~9`Q
z&ornH<N`P)8cCNMiZogO?-t5{Y4I1mn5zZP_@1H0n**GvGdSsVGgripNsyzrmvp(@
z(hXN%f5OF=4MuABi}-rV`4T5@&beK7woSv{whQOT{h=ES|BVz1v-^;aXz3}3O3UGa
zX5_O}5~5Ai-yIkjBTFZ}ks%lK17gOZn61m7u>D(VAgCAJjQ7V$O?csICB*HFd<a3I
z#UL=^i3%GiXMKM!n8|H4kN`Q50rX8eUS6#OQiBGB8&c#$sB%or3TUuL7_Ekj=1aSK
zCXT#G3Ij^I<M9hQ52o7fa#d=2z*!D4G>^k@$M5*v$PZJD-OVL?Ze(U=XGqZPVG8JQ
z<~ukO%&%nNXYaaRibq#B1KfW4+XMliC*Tng2G(T1VvP;2K~;b$EAqthc${gjn_P!b
zs62UT(->A>!ot}cJXMZHuy)^qfqW~xO-In2);e>Ta{LD6VG2u&UT&a@>r-;4<)cJ9
zjpQThb4^CY)Ev0KR7TBuT#-v}W?Xzj{c7$S5_zJA57Qf=$4^npEjl9clH0=jWO8sX
z3Fuu0@S!WY>0XX7arjH`?)I<%2|8HfL!~#c+&!ZVmhbh`wbzy0Ux|Jpy9A{_7GGB0
zadZ48dW0oUwUAHl%|E-Q{gA{z6TXsvU#Hj09<7i)d}wa+Iya)S$CVwG{4LqtB>w%S
zKZx(QbV7J9pYt`W4+0~f{hoo5ZG<0O&&5L57oF%hc0xGJ@<Y95+$+g)SR2pZ*)dUD
z?$BX<*_7NXdw*vzVF}Lap6Q0EUy-YcegUmTNhJrU=$zitBEB@MZ_`dx0mMD?QR0F!
zEjhLuBZEDX>Zrg_D&lNO=-I^0y#3mxCSZFxN2-tN_mU@7<@PnWG?L5OSqkm8TR!`|
zRcTeWH~0z1JY^%!N<(TtxSP5^G9*Vw1wub`tC-F`=U)&sJVfvmh#Pi`*44kSdG};1
zJbHOmy4Ot|%_?@$N?RA9fF?|CywR8Sf(SCN_luM8>(u0NSEbKUy7C(Sk&OuWffj)f
za`+mo+kM_8OLuCUiA*CNE|?jra$M=$F3t+h-)?pXz&r^F!ck;r##`)i)t?AWq-9A9
zSY{m~TC1w>HdEaiR*%j)L);H{IULw)uxDO>#+WcBUe^HU)~L|9#0D<*Ld459xTyew
zbh5vCg$a>`RCVk)#~ByCv@Ce!nm<#EW|9j><#jQ8JfTmK#~jJ&o0Fs9jz0Ux<k+gm
zL|9F;P_7C~4u+%F&P?7Noh+NS+akvy!A8oEC2J-Yo9jyF5JYlZZ@q=-n6Ud7v2R51
znk*L+%&a0NLLwqVi!`(br(74WFXEStMQj%FSK(A_4oz+gvccGHF<dj>{svdM4__<1
zrb>H(qBO;v(pXPf5_?XDq!*3KW^4>(XTo=6O2MJdM^N4IIcYn1sZZpnmMAEdt}4SU
zPO54j2d|(xJtQ9EX-YrlXU1}6*h{zjn`in-N!Ls}IJsG@X&lfycsoCemt_Ym(PXhv
zc*QTnkNIV=Ia%tg%pwJtT^+`v8ng>;2~ps~wdqZSNI7+}-3r+#r6p`8*G;~bVFzg=
z!S3&y)#iNSUF6z;%o)%h!ORhE?CUs%g(k2a-d576uOP2@QwG-6LT*G!I$JQLpd`cz
z-2=Brr_+z96a0*aIhY2%0(Sz=|D`_v<DoOMX7~<nR!^8v^o_|!7Xd+!_b3H^wzXam
zrWq}Irc@k4f?o)Ad^|2*P0ca*-84nqV$ZOte`HRMl7IbM|D}Z51;Zp=yrCS+{_aF8
zI+=_21od8$<bi_uw-;*p?PAvGU%@L^7d|hM%tACW_?f1^AFP(BnPal1PqQMO2kPF!
z+rBhqk7N7MR{XD&!S6w=#l>_7h%Yqbw2)<Wxg|d&MBQT(8_>8@1DwH4s*A82krEk{
zoa`LbCdS)R?egRWNeHV8KJG0Ypy!#}kslun?67}^+J&02<Q<uxIOk<bvz%abzMQB{
zJ{ld`rU&h}79#G%bOVV!V#@GH<;w=Kb`|^ho3VPTdE8Mhw16yi3)yd1vo<gvoRwzK
zc7|+ghkj}y-+IF2A5;Yi_f(vhu0cxHK2AuFehG;3=V)Hw7dcD-O_e`-sy)Mg5MTY?
zuvGj3AJQ4}Sxm?&<y_emzbtR=X<v9lymKJ>!D??lN~t@<Q+s{amrrTZ_TnxyD(S+W
z0}DJ;jPr0$)o_s~)QGQ8iHe3SaAef#ftVwys3pLJ#T@I2QJqg_rl}Hl1R<q}`Y<bZ
zTC8?jXb037w+$=MO;~pp62YKOapf-w3zWn#i)omR<l!694X5n3|3L&-Jx8x4r{7oB
zYUj7i_I6Uq$l4FXr(al0yH;By>;h?GS8#WX`)6<H)cPdLh4L9%BQ1d)tl2l_(MqLg
zP8Vlu3TI3Bo?=R`b}pgUkBV>yC**~5YNhN_Hj}YG<%2ao^bpD8RpgV|V|GQwlL27B
zEuah|)%m1s8C6>FLY0DFe9Ob66fo&b8%iUN=y_Qj;t3WGlNqP9^d#75ftCPA*R4E8
z)SWKBKkEzTr4JqRMEs`)0;x8C35yRAV++n(Cm5++?WB@ya=l8pFL`N0ag`lWhrYo3
z<j3kcuZAyDq24RTu&b#ib_b!cQHSIKmz-fttSrCWok16}nI{l8r`Zc}Dw_C`>JJ$<
zQ*_YAqIGR*;`VzAEx1Pd4b3_oWtdcs7LU2#1#Ls>Ynvd8k^M{Ef?8`RxA3!Th<MX`
zGjpE&sT~Q!q{k(_v&8L^`DWC=%t2Y2dPkdROg^3w=3DY}5f^Dscs!EsmD8Gp@%f6B
ziaI4*56fGwD(ZezB~pFC!a1|O6Yyob`uvLAjR|UmQB((5T0Q`41&w4<SadZiWqaC$
zphkyuZ&=2Dvj-`mX1D~rL?t@XmJbt9eHhfD-7Z)9zL4O2A<;e{WI_EgLHjF-v;f;2
zK*88Y^d&y%5I9t6b5AG8R6t|(k#;gXy#5(`hn-c<IltcKNMX{F%%LP@CcuW7VtoDi
zLnF*!XZhBE{~Ae_#_fF>-?ui{_WJvhzY4FiPxA?E4+N<!D(PLv0#~dJ$_A-y?DgcH
zYVm@f{doxVdd92K-{BQF;_~zXz2$UL7y#Ddm%!DAIC;l-vBS%g1zl8$>FmaC-Uh*a
zeLKkkECqy>Qx&1xxEhh8SzMML=8VP}?b*sgT9ypBLF)Zh#w&JzP>ymrM?nnvt!@$2
zh>N$Q>mbPAC2kNd&ab;FkBJ}39s*TYY0=@e?N7GX>wqaM>P=Y12lciUmve_jMF0lY
zBfI3U2{33vWo(DiSOc}!5##TDr|dgX1Uojq9!vW3$m#zM_83EGsP6&O`@v-PDdO3P
z>#!BEbqpOXd5s?QNnN!p+92SHy{sdpePXHL{d@c6UilT<#~I!tH$S(~o}c#(j<2%!
zQvm}MvAj-95Ekx3D4+|e%!?lO(F+DFw9bxb-}rsWQl)b44###eUg4N?N-P(sFH2hF
z`{zu?LmAxn2=2wCE8?;%ZDi#Y;Fzp+RnY8fWlzVz_*PDO6?Je&aEmuS>=uCXgdP6r
zoc_JB^TA~rU5*geh{G*gl%_HnISMS~^@{@KVC;(aL^ZA-De+1zwUSXgT>OY)W?d6~
z72znET0m`53q%AVUcGraYxIcAB?OZA8AT!uK8jU+=t;WneL~|IeQ>$*dWa#x%rB(+
z5?xEkZ&b{HsZ4Ju9TQ|)c_SIp`7r2qMJgaglfSBHhl)QO1a<VzKC^7j-g7z2Ad#{M
zvsgN~w60ZT{vl|Qd`NIm@OG$v;5-4JA~1~#)QySKY!9+bBDpd?4s7wP)GoMxA;<-K
zZ`2B#iCtg}xLy$u(m9_3^8$IS6jA;wh_x@G=2!e<Z(qLrSV7l3wt{^=(CzOu`rc`K
zLGCD<2e^JpC7H_s`bGxpUJC!1V+O1bT-lN@!5Uxu;TOp0CwcC$&$Mm9FOX8dpcN!?
zjaGPM1l0Q<WZ4s|!s>NtkGr0LUn{@mvAt=}nd7#>7ru}&I)FNsa*x?Oe3-4G`HcaR
zJ}c%iKlwh`x)yX1vBB<Fb|>;-Nr=7>$~(u=AuPX2#&Eh~IeFw%afU+U)td0KC!pHd
zyn+<y@H~@-|HAj3b<;(_C}QIT9{CiS8AVL~sK+;Y2c>X$L|(H3uNit-bpn<BTXt;L
zTy?!IgGx)I+O^{DaLfke%wDfNbFEh<rGXHiJEHvKj5UceUn@iAj+5VfhGAN(0PC?^
zShE02b=ul$#@&hzkw{zQtMs&HfM)nMR@&BO#*ya0FrO0gPxZcK{uz@rU3E%|u{|Q3
z`m%4+ARM{SDsey%J~Hd8{5m!c9>7%G%{&LsAaEfEsD?yM<;U2}WtD4KuVKuX=ec9X
zIe*ibp1?$gPL7<0uj*vmj2lWKe`U(f9E{KVbr&q*RsO;O>K{i-7W)8KG5~~uS++56
zm@XGrX@x+lGEjDQJp~XCkEyJG5Y57omJhGN{^2z5lj-()PVR&wWnDk2M?n_TYR(gM
zw4kQ|+i}3z6YZq8gVU<?mGHS7@zD<Oub^@JO}~F^I9>N}KiYre^sL{ynS}o{z$s&I
z{(rWaLXxcQ=MB(Cz7W$??Tn*$1y(7XX)tv;I-{7F$fPB%6YC7>-Dk#=Y8o1=&|>t5
z<nzVM_h9+`3CBHtDPhO5NiQrMIZc1L)1O@N^ZNl?<Y9}$wHUPqZZN4R#1w|Mv$_|x
z(M~mksP@GM>V_VVts>Eb@)&4%m}!K*WfLoLl|3FW)V~E1Z!yu`Sn+bAP5<C$JuzuB
zw%$B<9Etb-V%#IZCJi+jadT01_t-%@g$zRs>sRDyu7NEbLt?khAyz-ZyL-}MYb&nQ
zU16f@q7E1rh!)d%f^tTHE3cVoa%Xs%rKFc|temN1sa)aSlT*)*4k?Z>b3NP(IRXfq
zlB^#G6BDA1%t9^Nw1BD>lBV(0XW5c?l%vyB3)q*;Z5V~SU;HkN;1kA3Nx!$!9wti=
zB8>n`gt;VlBt%5xmDxjfl0>`K$fTU-C6_Z;!A_liu0@Os5reMLNk;jrlVF^FbLETI
zW+Z_5m|ozNBn7AaQ<&7zk}(jmEdCsPgmo%^GXo>YYt82n&7I-uQ%A;k{nS~VYGDTn
zlr3}HbWQG6xu8+bFu^9%%^PYCbkLf=*J|hr>Sw+#l(Y#ZGKDufa#f-f0k-{-XOb4i
zwVG1Oa0L2+&(u$S7TvedS<1m45*>a~5tuOZ;3x%!f``{=2QQlJk|b4>NpD4&L+xI+
z+}S(m3}|8|Vv(KYAGyZK5x*sgwOOJklN0jsq|BomM>OuRDVFf_?cMq%B*iQ*&|vS9
zVH7Kh)SjrCBv+FYAE=$0V&NIW=xP>d-s7@wM*sdfjVx6-Y@=~>rz%2L*rKp|*WXIz
z*vR^4tV&7MQpS9%{9b*>E9d_ls|toL7J|;srnW{l-}1gP_Qr-bBHt=}PL@WlE|&KH
zCUmDLZb%J$ZzN<D#Z=#5T)Bf2TA_muafrra2vX5d1$NtR6x+o}u9Zak6&oP?T!X$-
zIl5^NRuFYhPG)4VIGa6PeEdZh0G`k+V$2B$!nQTjo$SysaImgV(HW;0aA@nZ_axf?
zBM@p-s!k(06u+I4AoGZo>ii-5VeygOM?K8e$EcK=z-hIk63o4y63^_*RdaitO<V5B
za6+bDKg4KeMXpt9Qk*l&X>^THC{boKstphXZ2Z+&3ToeLQUG(0<j4{Nr{ry0FMWlF
zSGML4orU++CDT_v%%0nPebR1N6tB%g4p?Zdt|)+g?<UvIJR%MfMFe%=E81<>Frs?b
zCxB+65h7R$+LsbmL51Kc)pz_`YpGEzFEclzb=?FJ=>rJwgcp0QH-UuKRS1*yCHsO)
z-8t?Zw|6t($Eh&4K+u$I7HqVJBOOFCRcmMMH};RX_b?;rnk`rz@vxT_&|6V@q0~Uk
z9ax|!pA@Lwn8h7syrEtDl<WQqu`!%qrH)QqDdkQl)y?<^ZL9If#e?HpaWMe_2#DhU
z#}WT~UZ{5Bhr5K%XDp55$*Whe3eE1OkS$;$*_;U^o0Xot${f*KuWP>uZ6G!;@=GL>
zse#PRQrdDs=qa_v@<d3zJqn`;t)*z9<x>{Wv(3YjYD0|qocDC;-F~&{oaTP?@pi$n
z1L6SlmFU2~%)<yH+pnsVBtdhda43jrc>M^$@C(^cD!y)-2SeHo3t?u3JiN7UBa7E2
z;<+_A$V084@>&u)*C<4h7jw9joHuSpVsy8GZVT;(>lZ(RAr!;)bwM~o__Gm~exd`K
zKEgh2)w?ReH&syI`~;Uo4`x4$&X+dYKI{e`dS~b<eXyFbn{XKM`5J)C0L#f}e2}7~
z)nKDM!PRVb3~~@%Q+cQ&`I~MD#o@WX|K)!2e*JduzJGnF?fiayZ(hjkG0=Z>QuS|p
zA`P_{Q<DUc*G-jw4YhEKjcAK{a$+IO@h|;!Zx=7Ca^H#$3!0F`cAN4;(ZWd_f@rfM
zf;lM~!C(qj-G&)xi@2B?C@2|haHX@1ITzPu>LV3r$*~lb=9vR^H0AxK9_+dmHX}Y}
z<Mg3qa~jtH6?S$N7Pi{ev!k&}X3I>IV*#65%jRWem5Z($ji{!6ug$En4O*=^CiG=K
zp4S?+xE|6!cn$A%XutqNEgUqYY3fw&N(Z6=@W6*bxdp~i_yz5VcgSj=lf-6X1Nz75
z^DabwZ4*70$$8NsEy@U^W67tcy7^lNb<HNa;<A#a0;@HUP(E_$DV`ED`{MeJFNzNX
zyNSb7n+{%T0V2XT_k20~!zFnBAH)-Ef*2UK<bHrko9B>u;|kOLcJ40A%J#pZe0d#n
zC{)}+p+?8*ftUlxJE*!%$`h~|KZSaCb=jpK3byAcuHk7wk@?YxkT1!|r({P*KY^`u
z!hw#`5$JJZGt@nkBK_nwWA31_Q9UGvv9r-{NU<&7HHMQsq=sn@O?e~fwl20tnSBG*
zO%4?Ew6`aX=I5lqmy&OkmtU}b<pd?ip22G=uBEYij80TLN&YOpF?bC>H-+zvJ_CFy
z_nw#!8Rap5Wcex#5}Ldtqhr_Z$}@jPuYljTosS1+WG+TxZ>dGeT)?ZP3#3>sf#KOG
z0)s%{cEHBkS)019<O(Z?D$|I#4#d_d_ldFn9Qa+RHx|wEXzP>}-1A2kd*it>y65-C
zh7J9zogM74?PU)0c0YavY7g~%j%yiWEGDb+;Ew5g5Gq@MpVFFBNOpu0x)>Yn>G6uo
zKE%z1EhkG_N5$a<pLUdQd9Fv?Q#!(kSQhMqfih^ei*+r-a{ZsIlr=w+nG%<Zir-Hz
zA0JBlW@flNKk%$irvUzHogE?<ll#XEya-Q?ygeNYJ6j}DmXS_l3gPV*)ar|-%BT)S
z4^#FcGTU7gn_mlUoi&M$J@K9eK2Bdi7aOnroBW-ZnBg%_U$9)b;6oIx2IseA9T+sv
z%R;}STNVf>8f6SRm(25iH#FMeaJ1^TBcBy<04ID47(1(D)q}g=_6#^V@yI?Y&@HUf
z`;ojGDdsvRCoTmasXndENqfWkOw=#cV-9*Q<VCM(zaeSnb4*k5ZTq{y{R!fP2PP~~
z#ocTCysmLg^j&0;L|7nbQoxy+JN3;3&kVZ330~1zikqdHgM%aWC-q1tTT|}$l$oCd
zQvT6PS~S*<0y>ClpI03)FWcx(m5(P1DW+2-{Hr-`5M{v##Zu-i-9Cvt;V|n)1pR^y
ztp3IXzHjYWqabuPqnCY9^^;adc!a%Z35VN~TzwAxq{NU&Kp35m?fw_^<uSo(A?{k?
znbg>D{wzB}4FVXX5Zk@#={6jRh%wx|!eu@Xp;%x+{2;}!&J4X*_SvtkqE#KDIPPn@
z5BE$3uRlb>N<2A$g_cuRQM1T<!a^u8Xz^h<N#gmUt8_xxC^g_r`N0T-H`{x4$Fk6Y
z26%nmS7U+?DP<V>#5ra9u2x9pQuqF1l2#N{Q!jVJ<>HlLeVW|fN|#vqSn<pDm;gF#
zylmOTrj8b-MjRrg0XDo7KD{Bnlymmj8Zj{{^^wcgQE}=M#eVDHE8du-W3m=+>Rr<0
zTVs=)7d`=EsJXkZLJgv~9JB&ay16xDG6v(J2eZy;U%a@EbAB-=C?PpA9@}?_Yfb&)
zBpsih5m1U9Px<+2$TBJ@7s9HW>W){i&XKLZ_{1Wzh-o!l5_S+f$j^RNYo85}uVhN#
zq}_mN-d=n{>fZD2Lx$Twd2)}X2ceasu91}<ZaWW{@M=mTK>n&BS+4U9=Y{aZCgV5#
z?z_Hq-knIbgIpnkGzJz-NW*=p?3l(}y3(aPCW=A({g9CpjJfYuZ%#Tz81Y)al?!S~
z9AS5#&nzm*NF?2tCR#|D-EjBWifFR=da6hW^PHTl&km-WI9*F4o>5J{LBSieVk`KO
z2(^9R(zC$@g|i3}`mK-qFZ33PD34jd_qOAFj29687wCUy>;(Hwo%Me&c=~)V$ua)V
zsaM(aThQ3{TiM~;gTckp)LFvN?%TlO-;$y+YX4i`SU0hbm<})t0zZ!t1=wY&j#N>q
zONEHIB^RW6D5N*cq6^+?T}$3m|L{Fe+L!rxJ=KRjlJS~|z-&CC{#CU8`}2|lo~)<|
zk?Wi1;Cr;`?02-C_3^gD{|R<Y(hZx3stAq>yhw!8i?yx5i0v<rV+>5?p)9wZxSkwn
z3C;pz25KR&7{|rc4H)V~y8%+6lX&KN&=^$Wqu+}}n{Y~K4XpI-#O?L=(2qncYNePX
zTsB6_3`7q&e0K67=Kg7G=j#?r!j0S^w7;0?CJbB3_C4_8X*Q%F1%cmB{g%XE&|IA7
z(#?AeG{l)s_orNJp!$Q~qGrj*YnuKlV`nVdg4vkTNS~w$4d^Oc3(dxi(W5jq0e>x}
z<H43&U$@div|rbvDBRe6R$HFqIJAjE9hq%N%9L!GLWw1FEuE)zU{;}8`R?Y#wBqj3
zO1MTO!b+Rq_TNLtY>(GN1?u2%Sy;GA|B%Sk)ukr#v*UJU%(BE9X54!&KL9A^&rR%v
zIdYt0&D59ggM}CKWy<L@eudu7gPlf&1Jo$iD(Kka*IF8ue_nRsix(9}FH}z&>xGS@
z>T#})2Bk8sZMGJYFJtc>D#k0+Rrrs)2DG;(u(DB_v-sVg=<wfp1+=C#pn3%q#ZtQX
zD1=sc0GEPiJ}zf0)>GFMlSCx<&RL;BH}d6AG3VqP!JpC0Gv6f8d|+7YRC@g|=N=C2
zo>^0CE0*RW?W))S(N)}NKA)aSwsR{1*rs$(cZIs?nF9)G*bSr%%SZo^YQ|TSz={jX
z4Z+(~v_>RH0(|IZ-_D<c%xSf6;b@*khDx7hhK^c`_h5a>_h@~p_i%k^XEi+CJVC~B
zsPir<ubE`+28G6(*`wUO8K@4An-4YU3YVz}e1E{HueFVnk`ls7#`gZ^TlvhQLhcq>
zA0Jm2yIdo4`&I`hd%$Bv=Rq#-#bh{Mxb_{PN%trcf(#J3S1UKDfC1QjH2E;>wUf5=
ze8tY9QSYx0J;$JUR-0ar6fuiQTCQP#P|WEq;Ez|*@d?JHu-(?*tTpGHC+=Q%H>&I>
z*jC7%nJIy+HeoURWN%3X47UUusY2h7nckRxh8-)J61Zvn@j-uPA@99|y48pO)0XcW
zX^d&kW^p7xsvdX?2QZ8cEUbMZ7`&n{%Bo*xgFr4&fd#tHOEboQos~xm8q&W;fqrj}
z%KYnnE%R`=`+?lu-O+J9r@+$%YnqYq!SVs>xp;%Q8p^$wA~oynhnvIFp^)Z2CvcyC
zIN-_3EUHW}1^VQ0;Oj>q?mkPx$Wj-i7QoXgQ!HyRh<ktNSk=ZCcXXN8!+J8h{~XS6
zT=<Bp^&0qN#WipnKl|Rm@@-CTN7rLioC8AhnP|G*7-;}YkgtW5gFmh?d1QA48gE#V
zwavzj>6G<ji;QTn%&v3NF}(p<36+>j8p~gH22k&nmEqUR^)9qni{%uNeV{&0-H60C
zibHZtbV=8=aX!xF<rD22qR+?h8zFIglsMM+UFM823u*9)GfrLdQ{p!OTt9dn{K<Rl
z3rQA6jF72Gy$?$j{71+H40tV{|5sw*YiwAVvcnCb46i}S%2ukrQK+MO$NN91Uln}i
zh;`qcCjWOk^8a8k{(Dte*xt^}(%jX_@IPD3m?Yb8ePyH(^ZfhueJSZ&Fdq<fOT^tG
z7#I?02~`<%VQ`e4ctG}FiMGU!N(x^ZSu%?5YtZNXXcl+aWYes43YG?zyWEe9%ZHgA
z{T|>vkO}T@lJ_4&ki$d+0ns3FXb+iP-VAVN`B7f-hO)jyh#4#_$XG%Txk6M<+q6D~
zi*UcgRBOoP$7P6RmaPZ2%MG}CMfs=>*~(b97V4+2qdwvwA@>U3QQAA$hiN9zi%Mq{
z*#fH57zUmi)GEefh7@<KLA^%Ax?eS1H6Jz3n{{1?opUfxc2{@H2v2xgQ6_YpE<O-{
zwKlA^Wa9`MZO)=b<mGH;)??nIn%~AO-FW5b!n5qw`(BHa%%x0U&Mo!raOia}iI=lk
zX}GmMZ8rZ}kH1tL3Y}QhTDiEW-$qmMkUY5QK8No#6cwKCuQ?z4K9N+242X)-onFMY
z*!Q>`Uy7?@@=BL7<w31rMSsgn9#*|}|BRkF+Fj~d*V3(3eQG{is_t6Jvaf_NF-Y%A
z7i!;q1-5U(Dw<}#PkDhbF<kZM%>c<DmcWfKq*nfVQ6(A~BDG<UJ^uirxUNm?|5C?$
zwIC7u8I18-b<MSV*N-Wb3nF$T&J$RvJIQj-F_qgpY4b%rIBD~a*2pLq?0D-<MJTEr
z4BY4$ZdkM*4`&v|7|Jh@=YXUWhI@=H)-p(e;Z*^j&M)xg_JfWd40A8Q`NkFta}WLe
zve3@?7404tjc-ye?@*32AImiY8f~s?b{KWl5uJ=8NQOr6vY!uKLI#4maQGZp2vHbU
zo<@)r+e8f7NguvojL5mH{2piwCZ3vnG!Krs7L2-F5W+NGbdl}>Xbd{O9)*lJh*v!@
z-6}p9u0AreiGauxn7JBEa-2w&d=!*TLJ49`U@D7%2ppIh)ynMaAE2Q4dl@47cNu{9
z&3vT#pG$#%hrXzXsj=&Ss*0;W`Jo<RfBgcy9PDc_L)gF}5Bta4z=1*07Okf5Eeki<
zgcDbDNt?e3EK`@F{z1!}n|CRqwatvbbeYXa$FRZS$VXjwx$1f|KUjG5+~z4t;-vZz
zyz=_>^mcy4*L8b^sSi;H{*`zW9xX2HAtQ*sO|x$c6UbRA(7*9=;D~(%wfo(Z6#s$S
zuFk`dr%DfVX5KC|Af8@AIr8@OAVj=6iX!~8D_P>p7>s!Hj+X0_t}Y*T4L5V->A@Zx
zcm1wN;TNq=h`5W&>z5cNA99U1lY6+!!u$ib|41VMcJk8`+<hOmY7f)%fn4t=S8#3J
z>kP{PEOUvc@2@fW(bh5pp6>C3T55@XlpsAd#vn~__3H;Dz2w=t9v&{v*)1m4)vX;4
zX4YAjM66?Z7kD@XX{e`f1t_ZvYyi*puSNhVPq%jeyBteaOH<WPi3v0p=onKV{I^71
zf?y{jqn$s3h>o7vOr8!qqp7wV;)%jtD5>}-a?xavZ;<UY$b88#oaE*iTwC?<d<=%=
zg<gH^%oh=RT;)A^gRZ@!@t?4GasxI;e2$AnljrG7^oGK5mN6}H+FIO&ExGlLcw5%|
z=aV^sr3RMGhGr*9Tj`bw+52AO+x8l)najz+)pJhQ8^mro%gW&GVg><nEV7w^bEbMP
zeM2Xe7KkRrWwuS@lEz8mDQ1r=g8Ho*om=XYT@VTyxSZU^ro{+7z|nT)nz0GIcWv+k
zy4Gul-2gE(if-i-ndr(%@-JsTq&iACC!dL&j8<0j6RxTGCtOddsyUD#IL**t(K+~7
z|0=r{M0gixfm^dasT3jA0xD7PTjs-25$TnAka@g%W*1^(tCL_#fRI=!islMMlw17V
z)|yVATde!Ub7*v$NvF&u;figoR}pSbGPs@)@9URIL=`Mz{P&)TxIH~Re~}%1v&?YX
zvSB9sN$FoNwr1%Dn=KSa7>i|2P3<Gnpkzio3250CR4T)<GQ>~7c)vP2O#Fb`Y&Kce
zQNr7%fr4#S)OOV-1piOf7NgQvR<X5R=PS8{`PX!{(amEWo-3%6a0Zppc|tmc{L*r&
zSP7_KCKA}{)U{N<WhXA#Zas|vYn5c87(7j_MFk}6^-$1LUmb3vF!sNt!qu*MHrU-e
zelK3C!0ly`t=G0^JOT(pReW%F@`rWnJ@ew5VkEmXtWdOcb4bXqN3p0;HG9~5ek8J6
zX0cs_`({>{lcvZ*SNbLMq(olrdDC6su;ubp5un!&oT=jVTC3uTw7|r;@&y*s)a<{J
zkzG(PApmMCpMmuh6GkM_`AsBE@t~)EDcq1AJ~N@7bqyW_i!mtHGnVgBA`Dxi^P93i
z5R;}AQ60wy=Q2GUnSwz+W6C^}qn`S-lY7=J(3#BlOK%pCl=|RVWhC|I<E|<9C^<&k
zez1XlLG-BJ@aTOIh?grCPh?tzqEis&hWsSe+>Dj1E#+|M{TV0vE;vMZLy7KpD1$Yk
zi0!9%qy8>CyrcRK`juQ)I};r)5|_<<9x)32b3DT1M`>v^ld!yabX6@ihf`3ZVTgME
zfy(l-ocFuZ(L&OM4=1N#Mrrm_<>1DZpoWTO70U8+x4r3BpqH6z@(4~sqv!A9_L}@7
z7o~;|?~s-b?ud&Wx6==9{4uTcS|0-p@d<s-!-`6eP|mxu$inV|(_7!k6r}7zjyvws
z30jY+CV`@NfF#Tox6uKfqtteXBNalcv?KfPjg}pwq7Y0gXo`%?*%$EinQv5{$HcZ2
z6oVgIYRBP0^sy)@i@IIF5N^GsENCc&(Cpp9i99hyaR(9f5UPZkVq?+c%sk0P2Du0D
z!$xF%^JJw@mi^gPtj9d{ete_99b+dh5=QuU<|pxFp`TEbMX%nbc*n|Y4NR6r&rE~9
z*c-x(FZcxy-<xXV&ea;nLia?2eiUPiwN_Z0aa4vE=hU5~8=_Z4L!4VqSw8wKBc!DV
zg6hC;hX*<kXDEc30yB);M*p+YIYXT=u$T&GXnUmDCM+tDSYeFD<yAPL8KW0GtFQs7
zKjf3RHL>Ki0y#tPm2`A!^o3fZ8Uidxq|uz2vxf;wr<n<8ol2;(_XgZT#cwA<{&FS8
z4H^Qyu+ScJrgX7QdSaXyJ<;u)md*t7!`ih5lIJLjW{Uhl#YWhA!wYb!GX;haG1F@>
zM^%#9)h^R&T;}cxVI(XX7kKPEVb);AQO?cFT-ub=%lZPwxefymBk+!H!W(o(>I{jW
z$h;xuNUr#^0ivvSB-YEbUqe$GLSGrU$B3q28&oA55l)ChKOrwi<YbI635M+2d(w~|
z|L|T8!J>TyI~e*uN;^V@g-Dm4d|MK!ol8hoaSB%iOQ#i_@`EYK_9ZEjFZ8Ho7P^er
z^2U6ZNQ{*hcEm?R-lK)pD_r(e=Jfe?5VkJ$2~Oq^7YjE^5(6a6Il--j@6dBHx2Ulq
z!%hz{d-S~i9Eo~WvQYDt7O7*G9CP#nrKE#DtIEbe_uxptcCSmYZMqT2F}7Kw0AWWC
zPjwo0IYZ6klc(h9uL|NY$;{SGm4R8Bt^^q{e#foMxfCSY^-c&IVPl|A_ru!ebwR#7
z3<4+nZL(mEsU}O9e`^XB4^*m)73hd04HH%6ok^!;4|JAENnEr~%s6W~8KWD)3MD*+
zRc46yo<}8|!|yW-+KulE86aB_T4pDgL$XyiRW(OOcnP4|2;v!m2fB7Hw-IkY#wYfF
zP4w;k-RInWr4fbz=X$J;z2E8pvAuy9kLJUSl8_USi;rW`kZGF?*Ur%%(t$^{Rg!=v
zg;h3@!Q$eTa7S0#APEDHL<mR8`O&Qd`q;XL6FF22gl<y|&n1r$8i^uI6;3}cL8)5=
z8mw|b)bvWc_KRpcdazQtu>vK%RCn^o0u!xC1Y0Jg!Baht*a4mmKHy~88md{YmN#x)
zBOAp_i-z2h#V~*oO-9k(BizR^l#Vm%uSa^~3337d;f=AhVp?heJ)nlZGm`}D(U^2w
z#vC}o1g1h?RAV^90N|Jd@M00PoNUPyA?@HeX0P7`TKSA=*4s@R;Ulo4Ih{W^CD{c8
ze(ipN{CAXP(KHJ7UvpOc@9SUAS^wKo3h-}BDZu}-qjdNlVtp^Z{|CxKOEo?tB}-4;
zEXyDzGbXttJ3V$lLo-D?HYwZm7vvwdRo}P#KVF>F|M&eJ44n*ZO~0)#0e0Vy&j00I
z{%IrnUvKp70P?>~J^$^0Wo%>le>re2ZSvRfes@dC-*e=DD1-j%<$^~4^4>Id5w^Fr
z{RWL>EbUCcyC%1980kOYqZAcgdz5cS8c^7%vvrc@CSPIx<Txc7`4S|Qc?(wJYUKIB
z5kt)tTZ1$>;X=RuodO2dxk17|am?HJ@d~Mp_l8H?T;5l0&WGFoTKM{eP!L-a0O8?w
zgBPhY78tqf^+xv4#OK2I#0L-cSbEUWH2z+sDur85*!hjEhFfD!i0Eyr-RRLFEm5(n
z-RV6Zf_qMxN5S6#8fr9vDL01PxzHr7wgOn%0Htmvk9*gP^Um=<AAOp(CAL*GTy33v
zX!^>n^+7GLs#GmU&a#U^4jr)BkIubQO7oUG!4CneO2Ixa`e~+Jp9m{l6apL8SOqA^
zvrfEUPwnHQ8;yBt!&(hAwASmL?Axitiqvx%KZRRP?tj2521wyxN3ZD9buj4e;2y6U
zw=TKh$4%tt(eh|y#*{flUJ5t4VyP*@3af`hyY^YU3LCE3Z|22iRK7M7E;1SZVHbXF
zKVw!L?2bS|kl7rN4(*4h2qxyLjWG0vR@`M~QFPsf^KParmCX;Gh4OX6Uy9#4e_%oK
zv1DRnfvd$pu(kUoV(MmAc09ckDiu<gn&}G=_6q@%fcoGeF)8P2%xtVoGBq)NfvqDv
z5OEA!ZUs@+$X~*PG(eZEcV{4`u8-z!5%UDz;;6@2o6-;W=@hu<)W;K?z=S0od=v}!
z%T?1Lh8>qS$a%!AQ1Z>@DM#}-yAP$l`oV`BDYpkqpk(I|+qk!yoo$TwWr6dRzLy(c
zi+qbVlYGz0XUq@;Fm3r~_p%by)S&SVWS+wS0rC9bk^3K^_@6N5|2rtF)wI>WJ=;Fz
zn8$h<|Dr%k<fGRu1{V!VOE*a>N|nciMwJAv;_%3XG9sDnO@i&pKVNEfziH_gxKy{l
zo`2m4rnUT(qenuq9B0<#Iy(RPxP8R)=5~9wBku=%&EBoZ82x1GlV<>R=hIqf0PK!V
zw?{z9e^B`bGyg2nH!^x}06oE%J_JLk)^QyHLipoCs2MWIqc>vaxsJj(=gg1ZSa=u{
zt}od#V;e7sA4S(V9^<^TZ#InyVBFT(V#$fvI7Q+pgsr_2X`N~8)IOZtX}e(Bn(;eF
zsNj#qOF_bHl$nw5!ULY{lNx@93Fj}%R@lewUuJ*X*1$K`DNA<AupwZ?bdMd14>FpE
z7_lPE+!}uZ6c?+6NY1!QREg#iFy=Z!OEW}CXBd~wW|r_9%zkUPR0A3m+@Nk%4p>)F
zXVut7$aOZ6`w}%+WV$te6<w?=noFuDBs5m3>-IX7g2yms@aLygaTlIv3=Jl#Nr}nN
zp|vH-3L03#%-1-!mY`1z?+K1E>8K09G~JcxfS)%DZbteGQnQhaCGE2Y<{ut#(k-DL
zh&5PLpi9x3$HM82dS!M?<MhWyhk+U12yj&7nerConN0;2dy<sxbT{Jih@kLMe!k&@
zqGZx$@q}KI7gp1SzWbr8cO**Xz%qzenOxKt;y%d`G;5fH^A6aSd!UoTeUx5Qc);(|
zP%zT(OQYKpQSQ^C#|h#j`Iw`&NAvFF1KF2T8EA)=e_Q3!M6N0u_LX#YR~H1=V(0Y-
zRQ3yJAigD&%ciL!53v?+ws|3My^wFph`Rc?WMXBSw=g*hxo%S@Kfz5{lQ9iEN4>(Z
zEsqW?dx-K_GMQu5K54pYJD=5+Rn&@bGjB?3$xgYl-|`FElp}?zP&RAd<522c$Rv6}
zcM%rYClU%JB#GuS>FNb{P2q*oHy}UcQ-pZ2UlT~zXt5*k-ZalE(`p7<`0n7i(r2k{
zb84&^LA7+aW<I?zm-paWE?w58xOABQS~Q6(lq=onZrGLJ>1Gx5!wK!<XU1ai#9=^5
z$;+@p4LHf|^(_iPEM$cMXNhLIZbt`c4W95PyXhu6j9BL#Gf(uySGN+ACc7wov7)<%
z>xTbw0slM?6-i32CaOcLC2B>ZRI16d{&-$QBEu1fKF0dVU>GTP05x2>Tmdy`75Qx!
z^IG;HB9V1-D5&&)zjJ&~G}VU1-x7EUlT3QgNT<&eIDU<fVd)sK%jMHjgiO7tEx2Pt
zg!fDU>PYey$M|RD6%mVkoDe|;2`8Z+_{0&scCq>Mh3hj|E*|W3;y@{$qhu77<sig;
z6!9+DJ}91#MCTo11^V0V<UVG>D)QJ`<Zj~-r)6A`aT~3BdKd7DdO|AgdgVOry0?j>
znD9C1AHCKSAHQqdWBiP`-cAjq7`V%~JFES1=i-s5h6xVT<50kiAH_dn0KQB4t*=ua
zz}<XOsVTeLoPP8P{@-hYpViZz;@`X$>F@mcKjhB;^7ka@WbSJFZRPeYI&JFkpJ-!B
z!ju#!6IzJ;D@$Qhvz9IGY5!%TD&(db3<*sCpZ?U#1<Q0XGnBE(vf95DfBGS>^9RWQ
zs*O-)j!E85SMKtoZzE^8{w%E0R0b2lwwSJ%@E}Lou)iLmPQyO=eirG8h#o&E4~eew
z;h><=|4m0$`ANTOixHQOGpksXlF0yy17E&JksB4_(vKR5s$Ve+i;gco2}^RRJI+~R
zWJ82WGigLIUwP!uSELh3AAs9HmY-kz=_EL-w|9}noKE#(a;QBp<Zl*1v6QBUl>Ex9
z4BT-zY=6dJT>72Hkz=9J1E=}*MC;zzzUWb@<JR_200$2Y=_#O0s4m~sg9T5yE4dC9
zaL?aQwA`sx>x(Ho8cU_aRZ?fxse5_Ru2YOv<Jqo-<_8a#%{(K@2fqD}E(_fu_><!p
zjP3|5r8MkSL$VvXZ(#rZR2p{nUa`MV#r*qJ{#8l+7X#3LRW$$QRQ^%P#3;&2f76S8
zE-Vi()>cr?kg&pt@v;{ai7G--k$LQtoYj+Wjk+nnZty;XzANsrhoH#7=xVqfPIW(p
zX5{YF+5<gty3e{gNI4|R09x6DeHpUr!S9qyg1?Mf&GwTa$<JMR|3*M}(uf@M(xZM_
znv@(OOheg`g&0w+WIL!+@=_Tl%qc|}U=2F{S(Em-49URgp0!DI;+HJ`8otk#7hAI#
zUL;GlI-0I=k6(Xocf%o6LbKIZ4JVh%&j-EAnZ+IasJN+flTu7Q3+5kNJk?J=5IZAx
z_}O8EOy9y|-;L7#1%Tq%h(OdjV5yljQ?>=k4_LBnhLUZxX*O?29olfPS?u*ybhM_y
z*XHUqM6OLB#lyTB`v<<RYzDIg@~sYF{(n<_{_*|F|CdnDQPXxuRmIv$D#>BZ&<k(0
z%-1;}u@u5>YRs$N)S@5Kn_b3;gjz6>fh@^j%y2-ya({>Hd@kv{CZZ2e)tva7gxLLp
z`HoGW);eRtov~Ro5te<I<J{fQv+*f+_~hsN3En&LOc8C%NxAQX1)OayN|>tU2y72~
zQh>D`@dt@s^csdfN-*U&o*)i3c4oBufCa<WIE<yJgcp>0e|BwT2y%Y~=U7A^ny}tx
zHwA>Wm|!SCko~UN?hporyQHRUWl3djIc722EKbTIXQ6>>iC!x+cq^sUxVSj~u)dsY
zW8QgfZlE*2Os%=K;_vy3wx{0u!2%A)qEG-$R^`($%AOfnA^LpkB_}Dd7AymC)zSQr
z>C&N8V57)aeX8ap!|7vWaK6=-3~ko9meugAlBKYGOjc#36+KJwQKRNa_`W@7;a>ot
zdR<FQXd?aB!o>iJkz?+Q<Tq=~R2cU{KOPB>gC$b}-Owzuaw3zBVLEugOp6UeMH<uE
zy<x~@0D7I4o2Bz?O-}W2qydoMF%PtGhEslI9dz0_wPy8t+L-BHGfp+$N>AKo2$m4w
zpw?i%Lft^UtuLI}wd4(-9Z^*lVoa}11~+0|Hs6zAgJ01`dEA&^>Ai=mr0nC%eBd_B
zzgv2G_~1c1wr*q@QqVW*Wi1zn=}KCtSwLj<qxLWJf>wT>ndXE_Xa22HHL_xCDhkM(
zhbw+j4uZM|r&3h=Z#YrxGo}GX`)AZyv@7#7+nd-D?BZV>thtc|3jt30j$9{aIw9)v
zDY)*fsSLPQTNa&>UL^RWH(vpNXT7HBv@9=*=(Q?3#H<zaXjbEJ$$qZ&TQ=1R(ZVzv
zhec<>*crA2>KYx7Ab?-(HU~a275)MBp~`P)hhzSsbj|d`aBe(L*(;zif{iFJu**ZR
zkL-tPyh!#*r-JVQJq>5b0?cCy!uS<A;*Wvgz?qwn*0<uo+Uur3p8or3^Ww7po3+2R
zTA81s);rM;vXn693+#X}M%Xi8?pN3nIW@4OnOr_%;v(<JEp!<TNP}`yW-qZ0$;!TL
z7S%_cG4eS%^rli%Heq4i8!cVI-GFx6xmHc#X3ce@6>Kef+R=$s3iA7*k*_l&*e!$F
zYwGI;=S^0)b`mP8&Ry@{R(dPfykD&?H)na^ihVS7KXkxb36TbGm%X1!QSmbV9^#>A
z-%X>wljnTMU0#d;tpw?O1W<r+<x28~CVK?-zKmFSg&XXNv+|2bdy31|5R(~tec@=4
zZw{%!7((}uFeg1j_XV&~0n=@JzaD`WfG6y=!V<@Bv_<BF@*NMWy>@{X-k*>aOImeG
z#N^x?ehaaQd}ReQykp>i;92q@%<dSD!yL^|Llp-lf7=O<$7h<{k8zUSMM3!?SD{^3
zs^AQz<C;a%I(BJ3zXlb?JJr*$KXL0NUuWrVkjJmIx?_p!#B*>$a!y1PNyPYDIvMm&
zyYVwn;+0({W@3h(r&i#FuCDE)AC(y&Vu>4?1@j0|CWnhHUx4|zL7cdaA32RSk?wl%
zMK^n42@i5AU>f70(huWfOwaucbaToxj%+)7hnG^CjH|O`A}+GHZyQ-X57(WuiyRXV
zPf>0N3GJ<2Myg!sE4XJY?Z7@K3ZgHy8f7CS5ton0Eq)Cp`iLROAglnsiEXpnI+S8;
zZn>g2VqLxi^p8#F#Laf3<00AcT}Qh&kQnd^28u!9l1m^`lfh9+5$VNv=?(~Gl2wAl
zx(w$Z2!_oESg_3Kk0hUsBJ<;OTPyL(?z6xj6LG5|Ic4II*P+_=ac7KRJZ`(k2R$L#
zv|oWM@116K7r3^EL*j2ktjEEOY9c!IhnyqD&oy7+645^+@z5Y|;0+dyR2X6^%7GD*
zXrbPqT<Kirj}eqVE`=Re1hk5TPq-3KdpW*%b9wbtq_MbqX&N0ZcWkQu^emn>O}O={
z4cGaI#DdpP;5u?lcNb($V`l>H7k7otl_jQFu1hh>=(?CTPN#IPO%O_rlVX}_Nq;L<
z@YNiY>-W~&E@=EC5%o_z<^3YEw)i_c|NXxHF{=7U7Ev&C`c^0Z4-LGKXu*Hkk&Av=
zG&RAv{cR7o4${k~f{F~J48Ks&o(D@j-PQ2`LL@I~b=ifx3q!p6`d>~Y!<-^mMk3)e
zhi1;(YLU<lldLg|L*4T}iOaurmv8Bz7h<MU98>5KH}zzZNhl^`0HT(r`5FfmDEzxa
zk&J7WQ|!v~TyDWdXQ)!AN_Y%xM*!jv^`s)A`|F%;eGg27KYsrCE2H}7*r)zvum6B{
z$k5Har9pv!dcG%f|3hE<UkZ|ce^f!UZ*)b>(#hFH+12RZPycVi?2y`-9I7JHryMn3
z9Y8?==_(vOAJ7PnT<0&85`_jMD0#ipta~Q3M!q5H1D@Nj-YXI$W%OQplM(GWZ5Lpq
z-He6ul|3<;ZQsqs!{Y7x`FV@pOQc4|N;)qgtRe(Uf?|YqZv^$k8On7DJ5>f2%M=TV
zw~x}9o=mh$JVF{v4H5Su1pq66+mhTG6?F>Do}x{V(TgFwuLfvNP^ijkrp5#s4UT!~
zEU7pr8aA)2z1zb|X9IpmJykQcqI#(rS|A4&=TtWu@g^;JCN`2kL}%+K!K<D}3AN-+
zI5_@)l)VFYChW2;nhrX)ZQD*dNyoO;amTikH@0otwr$(CeR9^?<Bq$(v+o(}{)VUO
zsadnC<~%JZ!C)?xXHa#X6&Cxs)m}&`LPU=a1*IOrVF#nso5RtOVlW1!s)z?E6jxc1
zTB~2!D6PE2fdo_WxauS<5m&8qPsYB#WJf}8-ZETjR;)p%Lw90ttOJn7IW;6Er>lgC
z>P)v<K`x1%RuEn>+uCeI{1KZpewf>C=?N7%1e10Y3pQCZST1GT5fVyB1`q)JqCLXM
zSN0qlreH1=%Zg-5`(dlfSHI&2?^SQdbEE&W4#%Eve2-EnX>NfboD<2l((>>34lE%)
zS6PWibEvuBG7)KQo_`?KHSPk+2P;`}#xEs}0!;yPaTrR#j(2H|#-CbVnTt_?9aG`o
z(4IPU*n>`cw2V~HM#O`Z^bv|cK|K};buJ|#{reT8R)f+P2<3$0YGh!lqx3&a_wi2Q
zN^U|U$w4NP!Z>5|O)>$GjS5wqL3T8jTn%Vfg3_K<D)so2PwqtCvLJM9&0mg;J9XK)
zVP40y_h%+vU8bt_rT&r*^wY92PWJUxc`N8Jo&nStP*-`EycgQ0MK$Wj%QUAeIPDgA
zxFlx;xGQ@|l|YN3uW%z6m2vFY54ar!>nyUM{M`?bm)9oqZP&1w1)o=@+(5eUF@=P~
zk2B5AKxQ96n-6lyjh&xD!gHCzD$}OOdKQQk7LXS-fk2uy#h{ktqDo{o&>O!6%B|)`
zg?|JgcH{P*5SoE3(}QyGc=@hqlB5w;bnmF#pL4iH`TSuft$dE5j^qP2S)?)@pjRQZ
zBfo6g>c!|bN-Y|(Wah2o61Vd|OtXS?1`Fu&mFZ^yzUd4lgu7V|MRdGj3e#V`=mnk-
zZ@LHn?@dDi=I^}R?}mZwduik!hC%=Hcl56u{Wrk1|1SxlgnzG&e7Vzh*wNM(6Y!~m
z`cm8Ygc1$@z9u9=m5vs1(XXvH;q16fxyX4&e5dP-{!Kd555FD6G^sOXHyaCLka|8j
zKKW^E>}>URx736WWNf?U6Dbd37Va3wQkiE;5F!quSnVKnmaIRl)b5rM_ICu4txs+w
zj<t-;b)lgm^h`~*#bSA(z%vUBFpn$B@u>}nsd0I_VG^<%DMR8Zf}vh}kk;heOQTbl
ziEoE;9@FBIfR7OO9y4Pwyz02OeA$n<auF;U6I`|%IfwvAmpU@okr+n@;6z>)mESpj
zdd=xPwA`nO06uGGsXr4n>Cjot7m^~2X~V4<NSez__E*s`-FOfMj+2d!%||DS>yH&-
zv2llS{|und45}Pm1-_W@)a-`vFBpD~>eVP(-rVHIIA|HD@%7>k8JPI-O*<7X{L*Ik
zh^K`aEN!BteiRaY82FVo6<^8_22=aDIa8P&2A3V<(BQ;;x8Zs-1WuLRWjQvKv1rd2
zt%+fZ!L|ISVKT?$3iCK#7whp|1ivz1rV*R>yc5dS3kIKy_0`)n*%bfNyw%e7<nCbM
z)E`&(mdUy4LP*Dl3F=;}@C3F%^w$H5xc0PCR!l)qy=cA}i-}Yt_ymoYz@H=~*bbIQ
zA_4BKys(NsJ?!Ba%j}a#9vNWY{OWM8qG^1=BU2R}ja`GV1S0I^FbE-YMwZ%iI1GOd
zbSAtxxX{RTXOg9`LlY7ufOZxf5cQAhX$Q+6_JnfcN8+<$oj#I;Zj9wCa`U^Y`Qx6Y
zIV#I&v*RK8f9r=u;?h+Eb>Uo}Mnnf>QwDgeH$X5eg_)!pI4EJjh6?kkG2oc6Af0py
z(txE}$ukD|Zn=c+R`Oq;m~CSY{ebu9?!is}01sOK_mB?{lSY33E=!KkKtMeI*FO2b
z%95awv9;Z|UDp3xm+aP*5I!R-_M2;GxeCRx3ATS0iF<_Do2M<CNyh4gV56`9Ot*_e
zT_~<8h@_e81di&~jK@qyVfwaF*}-)|!FUw2`m-dn&ycY*)pEX4_jXalTlR66rRxR4
z5ER5DV{iisE6D_?9*&74)K?clOX~Yx2*tq<oq!rDm1`pt8gz`rCS2cdCf#G>i)Hk2
zjBF35VB>(oamIYjunu?g0O-?LuOvtfs5F(iiIicbu$HMPPF%F>pE@hIRjzT)>aa=m
zwe;H9&+2|S!m74!<R+!98b&XcTW0LUBUrHfHQMMbN-QG@Ii!`YuqtgNe3Z^1*=B;N
zIEAOx?9yL$ELx^uw`8Jdl2&Y5D*fA08Mm5CKkT9^gkq+~Eq5U(V?qN1lBn*Wv_{F}
z1T(h(9H2j~>E3xfO{l3E_ab`Q^tZ4yH9=~o2DUEtEMDqG=&D*8!>?2uao%w`&)THr
z^>=L3HJquY>6)>dW4pCWbzrIB+>rdr{s}}cL_?#!sOPztRwPm1B=!jP7lQG|Iy6rP
zVqZDNA;xaUx<Pc9O5Y-d$!|e8=VK}8OVsp%U_brzo#vrvKD46UTTigG=lDHlFj5P~
z{`Y64YoIJ<niscL>&xUt<T^>?Ox|;`9?oz`C0#}mc<1Urs#vTW4wd{1_r`eX=BeSV
z_9WV*9mz>PH6b^z{VYQJ1nSTSqOFHE9u>cY)m`Q>=w1NzUShxcHsAxasnF2BG;NQ;
zqL1tjLjImz_`q=|bAOr_i5_NEijqYZ^;d5y3ZFj6kCYakJh**N_wbfH;ICXq?-p#r
z{{ljNDPSytOaG#7=yPmA&5gyYI%^7pLnMOw-RK}#*dk=@usL;|4US?{@K%7esmc&n
z5$D*+l&C9)Bo@$d;Nwipd!68&+NnOj^<~vRcKLX>e03E|;to;$ndgR;9~&S-ly5gf
z{rzj+j-g$;O|u?;wwxrEpD<di&<XL~_wh%&(4M&M;Ni>=8iFzUHQfl{B>bLHqH(9P
zI59SS2PEBE;{zJUlcmf(T4DrcO?XRWR}?fekN<($1&AJTRDyW+D*2(Gyi?Qx-i}gy
z&BpIO!NeVdLReO!YgdUfnT}7?5Z#~t5rMWqG+$N2n%5o#Np6ccNly}#IZQsW4?|NV
zR9hrcyP(l#A+U4XcQvT;4{#i)dU>HK>aS!k1<3s2LyAhm2(!Nu%vRC9T`_yn9D+r}
z1i&U~IcQ?4xhZYyH6WL-f%<GmTrw_HZ;_l0-6mQ?ICpgJe;RzCFPB=5SDOQ#%yfi<
zJM|KKp$TN}nn_;wX=3N$rXUn!5PoO1|C|9cu?5e~n%p&@^r1KXREYih2PaxjRi+{R
zT}ZFK2RS1D$*&@$Z*TOiBxz)2Z|3mr#;5pw^Jiu94SN6g#Pk1IP%BXUm#`$S^IMHv
zlfqa~C{eJosQ{V_V_`tCv{dSRRDQry4({o;Q_{Fqi1)x(cNl&0v!2HzKIYBd<mFF)
zVe?&~qsjH})pU0m6MpZnYs79cHt1@3O1*I!&UMx?UTjIS4vRcvgMmRR!ma`jR7+&0
zu?20xMnnfv{oDeN7mw+!I5*LA*L2DzzsPH+K$XLEvbq^+RHQ>}qIhZkc&}n2N0PM|
z6|XA9d-y;!`D{p;xu*gv7a|zaZ*MiQ)}zPzW4GB0mr)}N-DmB&hl1&x`2@sxN572_
zS)RdJyR%<7kW0v3Q_|57JKy&9tUdbqz}|hwn84}U*0r^jt6Ss<ODJnG$L(HZaEdcW
ztsTqU(HX^j=_PEI>rp+#1y=JBcZ+F`f(N?O0XL1OFGN`1-r?S<#t4*C9|y~e)!UYZ
zRQ3M8m%~M)VriIvn~XzoP;5qeu(ZI>Y#<A^N^qq9jQ)IkJ@)=uu|E$X=$#i1g$T>r
zAd)J)G9)*BeE%gmm&M@Olg3DI_zokjh9Nv<wfr7vi|TE!t~N-{$LV3mi8Q2j!CUU!
zUL&{9Y8`tImgIUx0wk3^9uppDR%7gtXy9t}0Ge{q(lk7Qo96kLT$hquVu5gv>dGbT
z+u4(Y&uC6tBBefIg~e=J#8i1Zxr>RT)#rGaB2C71usdsT=}mm`<#WY^6V{L*J6v&l
z1^Tkr6-+^PA)yC;s1O^3Q!)Reb=fxs)P~I*?i&j{Vbb(Juc?La;cA5(H7#FKIj0Or
zgV0BO{DUs`I9HgQ{-!g@5P^Vr|C4}~w6b=#`Zx0XcVSd?(04HUHwK(gJNafgQNB9Z
zCi3TgNXAeJ+x|X|b@27$RxuYYuNSUBqo#uyiH6H(b~K*#!@g__4i%HP5wb<+Q7GSb
zTZjJw96htUaGZ89$K_iBo4xEOJ#DT#KRu9ozu!GH0cqR>hP$nk=KXM%Y!(%vWQ#}s
zy=O#BZ>xjUejMH^F39Bf0}>D}yiAh^toa-ts#gt6Mk9h1D<9_mGMBhLT0Ce2O3d_U
znaTkBaxd-8XgwSp<E94!@6Yff)Vg1gtLyLHJdY0yU49*3@@nngIH}k8fbYXc;%qgc
zO8u0MO3P$%$SFj_3s4A8r_@3#=X{o-8C>5)x-pqX5=+{cS<PL_yn;R~ocZzJN&2Vk
zW{r7kVdS&Aln9Tc5Hwt{C9*=xs5dy(Kq2HrjK0xgqd2Pej*wHx4ON2lAfTyXXIwwB
zlyMgo%o=NJ&Fk388}hY@7iNt(=r$6bu*4PZ=hzr^cn;hOzA|RV4JGxQvFkL=k^yUE
zHrZYP9qP-H-N=-b8(2@^95`x$#f$+8-jkk)R?o6VM&amEI_k=TSC+NyD<BLza2Pw~
z2dp_PM$ZZ|*RR`MC=@c%sgcALEAl!2))Oc#&8(|UKnj2@*XTw0pbj}%IQWKkV^vOX
z!y+=!xQ+K!B}oZUO@rScr7o`3-T!c(hO)xCxsN%LB1nPDy<}XHb5v^#clx41poBt5
zhl4rG^&}4cf`FQ&oj^Y*03FQh?dwR(_S{HEC(%NCbc{(y!&QB9463rv%!VN7NyCi0
zQrFr>uk6kyl@k|5D<q-)93?re?9yp%vC%f<Zb1@?ZomjC*HmTNuK+4BN4dvND|cI@
z95FaUBSQ+Qd=+cSznBibGEKpu>Q!5zLUVV%1X9vjY0gerbuG6nwZu5KDMdq(&UMLZ
zy?jW#F6joUtVyz`Y?-#Yc0=i*htOFwQ3`hk$8oq35D}0m$FAOp#UFTV3|U3F>@N?d
zeXLZCZjRC($%?dz(41e~)CN10qjh^1C<Uj{)9z=p=!$Q9Q8W2l9_;O=FrW#gJ;E8K
zJ!}ICZkreE%ARDkb&hf=8*8lAX&!N7v1sC*fKTq4Q1c6sFLU3qOAE!L7w!usOZ-{u
z7p)2p6x>dAcY(<=GMGk@`b1ptA&L*{L@_M{%Vd5b*x#b1(qh=7((<_l%ZUaHtmgq}
zjchBdiis<nc^flW#d2`g)2<}+WRkPCLNpZEBw&y~Iyv7v;EJs&4&XfM8S{7KT`&;k
zq)3Xz%zsSLlxBiWWedt<&f~LVs4yp~D!1ke6ReB6U(KFgn9Vv+HFzqyCwGmg6BXbu
zlTV~5k4H*G4vZjp8;8wOcv{+g_QIx0+x0z5W5nSxhnk~|6ewQ(o^+Kxg+8IH$*{|$
z>{Afxf@3CjPR09E*2#X(`W#-n`~6PcbaL_(^3tfDLk?Nb6CkW9v!v#&pWJ3iV-9hz
zngp#Q`w`r~2wt&cQ9#S7z0CA^>Mzm7fpt72g<0y-KT{G~l-@L#edm<wxG7_gpd{-+
z*MkZ%C$Setpo(Zn{_#wi*TF^=nM>jZQ}7{*$mLgSdJfS$Ge{hrD=mr;GD)uYq8}xS
zT>(w_;}894Kb}(P5~FOpFIEjadhmxD(PsZbKwa-qxVa7Oc7~ebPKMeN(pCRzq8s@l
z`|l^*X1eK1+Spz--WkSW_nK`Cs@JmkY4+p=U91nJoy{tSH;TzuIyS)Q_(S@;Iakua
zpuDo5W54Mo;jY@Ly1dY)j|+M%$FJ0`C=FW#%UvOd&?p}0QqL20Xt!#pr8ujy6CA-2
zFz6Ex5H1i)c9&HUNwG{8K%FRK7HL$RJwvGakle<U4&TwVA*pfQ%dWjrn2_86dZylh
z2?~VH#ST=0&%Fa=e#7jfSj?|g@|EQPOc_7BaH1c?J@8;zI;Q(;2t6{@)}r$40?J!4
zM`#WtVbI<O>LLo}tsb>t_nBCIuABNo$G--_j!gV&t8L^4N6wC|aLC)l&w04CD6V<Y
z9{N)UZDxABziwA(@QTt$cQVp?$}aQ+AsQ~XyS!&>c#h^(YH@Zs4nwUGkhc_-yt{dK
zMZ<%$swLmU<!_)nV!iroZ@9gXyth?td+$`^J!->l8`E~RLihGt@J5v;r;vT&*Q!Cx
zZ55-zpb;W7_Q{tf$mQvF61(K>kwTq0x{#Din||)B{+6O#ArLi)kiHWVC4`fOT&B(h
zw&YV`J1|^FLx~9Q%r-SFhYl4PywI7sF2Q$>4o50~dfp5nn}XHv-_DM?RGs#+4gM;%
znU>k=81G~f6u%^Z{bcX&sUv*h|L+|mNq=W<!8f+M|1OvRQO784W^ezE=KftQzh~h8
zuS%Km&6do`eG8H}V{a^?Vp0W1N&Q{{sfCRpEQXv6!XQu8W9U&uUmQ=pM6>43y@{~C
zpL-TW3hYPs0^*OqS#KQwA^CGG_A-6#`_{1LBCD&*3nY0UHWJj1D|VP%oQlFxLllaA
zVI@2^)HZ%E*=RbQcFOKIP7?+|_xV<mPFu0kZJil2yht#)_OJaCt2Uq|l^A;fu<y7=
zW3{SMbIOvYHE*8C0Ma!=98DT(w}h1FoRt%M0UoVs5UiZRb-<htqpC3htJt}V&6bf~
z$(gpUvp1{Y=7MpzsS$rUY(M5mI|C6tR*R_8FwGrSnW-evI>K+2oG(t_EGl2y;Ovox
zZb^qVpe!4^reKvpIBFzx;Ji=PmrV>uu-Hb>`s?k?YZQ?>av45>i(w0V!|n?AP|v5H
zm`e&Tgli#lqGEt?=(?~f<mr*}O%w4&P9ce@Z{Jo6<6gOllzn0-aW!^^n2os<^XIoH
zPtw{?hjb=}C`J%e8jR*($)A^cJdwhHm(Rpt{a2C?qhwxJ5KJ<+CV%}?j6O)LjOz6d
zu-OkY>y<(%#nDU`O@}Vjib6^rfE2xn;qgU6{u36j_+Km%v*2RLnGpsvS+THbZ>p(B
zgb{QvqE?~50pkLP^0(`~K<?k-Z0R|5Gu=2Q;(qj$G<jQ`;epcw2&D(mZNZ-AcPy>&
zjT=2Pt2nSnwmnDFi2>;*C|OM1dY|CAZ5R|%SAuU|5KkjRM!<b+Rt)`=;^dTqw?^SX
z+wS^);$Ve1dqFu_+;&opIU`Pym|C#%sJig-@q1@q7jp^RZ+@U}r+eYu4BZ6+ip^+(
zc(Fz-rptKClR1W|xTsES7PHpvv6XuO-I@5Sl!8=W$bM4}QVhliFlv3!(>LW_)LC*A
zf{f>XaD+;rl6<A#;otuq{{InD{I9ro*0(eIKagUD@|xA$zqCwjcbiG#*|bJU^C_h_
zBv*e?cGys&3Zv!_fC*DsV-JDO^;a&!1<LL~yX^cRfeM!Rb}|Y~mfnb^5}-q+-^@s<
zI|?^3{?35TFCe-84i2Q@l4%Ai=Orb#@RDHzt-we~usA9dDQb%1U;`Ba`5s3=zz$2=
zdSwF5n&EIFjy(N5SQYEI-%K@>Y>Umr>M8y>lF+=nSxZX_-Z7lkTXyuZ(O6?UHw^q;
z&$Zsm4U~}KLWz8>_{p*<YgwVoU>WQ!OgxT1JC&B&>|+LE3Z2mFNTUho<0u?@r^d=2
z-av!n8r#5M|F%l;=D=<m`;L@jZAIzN#=o(o?Vd1wa-H{~U59}`o6Z7j$!Xd;Sw7PV
z$Az`Y)=~2lIUWH9_y{DCB<@}4+BSotbLT}7H4n+wZ>S1mGLjgFsiYAOODAR}#e^a8
zfVt$k=_o}kt3PTz?Ep<Rx$0tl$T1ju-<0z9YpEJz$R+BgQm<tF>Lkt54dY}kyd$rU
zVqc9SN>0<qL)m3Tz=(HAg<l(tL63cAn&p)3xE*|JIwY3IDOS}2Ui%Gb)wRgj`<S6}
zYf0;T$<8{1)Y8Pn#564)?_ftfa@&LM<&~{@-DZK4U8MyBU2M)&fe8LA!p{Q_kdpXx
zm)iiu96~IhKFnH)0EoHNS#qZyheuRGPdoG-*-!Op_0T#RB{n~jG5uf<v(On#jVX|e
zjClyeBQTh^@i0S4C8exqzu_REPKtq^TU?$Qp-c+8U8Dg_I^w;%^X#e!s?#h)vQj>c
z753j-gdN~UiW*FUDMOpYEkVzP)}{Ds*3_)ZBi)4v26MQr140|QRqhFoP=a|;C{#KS
zD^9b-9HM11W+cb1Y)HAuk<^GUUo(ut!5kILBzAe)Vaxwu4U<W?$J@S>p!7Ql*#DDu
z>EB84&xSrh>0jT!*X81jJQq$CRHqNj29!V3FN9DCx)~bvZbLwSlo3l^zPb1sqBnp)
zfZpo|amY^H*I==3#8D%x3>zh#_SBf?r2QrD(Y@El!wa;Ja6G9Y1947P*DC|{9~nO&
z<z8S3A~azdaWQ-D2y!A74iDviMMQI=MNBs~skM7{%vdm^C;<v?@SlAZrDoXN6^ETW
zoik6gw=gOhtyUK&l_M9!l+RaEQG{*o`)QHdPN|};Wp9yV1gaKmHe-pGu0IJAOC#6h
zuq(avF#m2aDfhBDzWEfnR<vdA$mkwSWAwY}$>*vDnnU!8(c<MO1<yg=BlRhHbd!3-
zOs=xH&g(tM@h>V%HevsraF%Y%2{Z>CL0?64eu9r^t#WjW4~3uw8d}WHzsV%oq-T)Y
z0-c!FWX5j1{1##?{aTeCW2b$PEnwe;t`VPCm@sQ`+$$L2=3kBR%2XU1{_|__XJ$xt
zibjY2QlDVs)RgHH*kl&+jn*JqquF)k_Ypibo00lcc<2RYqsi-G%}k0r(N97H7<vq{
zz0yJ3J(z+oypJw8G^a@YX3aCx(7ho)jU|S621w5^5U>JEn7@E3ZTH0JK>d8)E~A-D
z!B&z9zJw0Bi^fgQZI%LirYaBKnWBXgc`An*qvO^*$xymqKOp(+3}IsnVhu?YnN7qz
zNJxDN-JWd7-vIiv2M9ih>x3gNVY%DzzY~dCnA}76IRl!`VM=6=TYQ=o&uuE8kHqZT
zoUNod0v+s9D)7aLJ|hVqL0li1hg)%&MAciI(4YJ=%D4H<c$k8~le3q3a4lk42-~FF
z+%Yb!5>$fGQ&Lu-?@>>@p<eb=iH&;=)j#)%Vp(HDiuuajJw=4N4`dXR2Z=RgcWr&9
z@({$pn#5(~CzvP{<~dI8#|lRj`*~K(V#hH4>EgC;ER<aIy=|8F&7}WB+v<NF9Q}VV
z2MMuT64(MLgI#s%b*+V1Un~oai^V_kP?jXDCGzD!3IekO#pv48Ncy;HQxaA}o}oN(
zszB*qfjo<6nbUlN16kV8w^Hi1UT`PVKR%9j(0z#K1yQOIdxu1PCV-R$Z`90;_>rL=
zI^cS&3q8fvEGTJZgZwL5j&jp%j9U^Of6pR{wA^u=tVt#yCQepXNIbynGnuWbsC_EE
zRyMFq{5DK692-*kyGy~An>AdVR9u___fzmmJ4;^s0yAGgO^h{YFmqJ%ZJ_^0BgCET
zE6(B*SzeZ4pAxe<NAxO^%xML+EphJeV~)R?c@FEzsm%zIZ_<WQN}c0j?TD&6<g=qd
zYXKXthSxy=O@C*1vEq-Yw6^-WoRg8NQOo?>ar^B-YW<%BK->X&Cr`g9_;qH~pCle#
zdY|UB5cS<}DFRMO;&czbmV(?vzikf)Ks`d$LL801@HTP5@r><}$xp}+Ip`u_AZ~!K
zT}{+R9Wkj}DtC=4QIqJok5(~0Ll&_6PPVQ`hZ+2iX1H{YjI8axG_Bw#QJy`6T>1Nn
z%u^l`>XJ<Uxx|n=_#|BR{TViXA5Z*8Q^S8h{=YfSe=|l2N?$VH2j`!UZU>{^vX`L0
z<q^Z`MaSg(vk0)vrNSY|D1LrvRwmiGbeLbl<wflxKhu){hmi64T;+d@n;}@l3C2xc
zj!$~rO^jcDyxx6~`+O@53-e25^w&qSgbLCYFy!rF(ZJSmv7iJ}Kr<%wTJCUH?NkEX
zVIc7qF>1%w-ie!dE|<z1I2=A!frVtJgEzX1CUVc(ZodDj&W)-K1vL{nYJmlP3^gZD
z6QiQelK|`I!lPg*--!-KyjDSL%mtUR2#j#$lxj$!Q|K+{-q4}E;T%PCP6%@q+I{7z
z8jGn0DuIs4k5aLl)SwvTLzzLvA1A5E{PuZ(A^xgsu7j3jdIzd{Z`#AhAk}ul6Vv9Y
z=urQ|8UQ#9{gjfkvzO5d_Q6~^f)U{%hMh@>!SP<>#c%ma9)8K4gm=!inHn2U+GR+~
zqZVoa!#aS0SP(|**WfQSe?cA=1|Jwk`UDsny%_y{@AV??N>xWekf>_IZLUEK3{Ksi
zWWW$if&Go~@Oz)`#=6t_bNtD$d9FMBN#&97+XKa+K2C@I9xWgTE{?Xnh<XYecBl$z
zLk7;WP-S9%_QvWrgUl4Yw5)25lLEb25-M#WE2X7>c9_KKPcujj@NprM@e|KtV_SR+
zSpeJ!1FGJ=Te6={;;+;a46-*DW*FjTnBfeuzI_=I1yk8M(}IwEIGWV0Y~wia;}^dg
z{BK#G7^J`SE10z4(_Me=kF&4ld*}wpNs91%2Ute>Om`byv<kX@8r@ci;FFPE3Wxa!
zm)S_Af-^Wpm6;P^l1Il%=Z6=+i%`2H+?E2bq|@OEu5jZ<ZZWM}wBoS;?)zOvh-Ebj
z2-b#+6Ejq34lH3aRywf~Jtj6rM$!<_83h(O@Ib+Oz}51TVb0MddqDs1&7g^ZZEgH_
z?7Mu&{{Ig&{6F*i8A?;%vI{7m#!hR2M$o7^R2sj^rxgq-2?F8~#E@gjl%@WP-Lu6@
zt7|!pTqZtOb&sSa>9qgK4VfwPj$`axsiZ)wxS4k4KTLb-d~!7I@^Jq`>?TrixHk|9
zqC<yu{f>X7@sWcVfNP8N;(T>>PJgsklQ#GF>F;fz_Rogh3r!dy*0qMr#>hvSua;$d
z3TCZ4tlkyWPTD<=5&*bUck~J;oaIzSQ0E03_2x{?weax^jL3o`ZP#uvK{Z5^%H4b6
z%Kbp6K?>{;8>BnQy64Jy$~DN?l(ufkcs6TpaO&i~dC>0f<Vc$|V{rA$Nt9BD!LZT<
zk~g~UgGZte1RNJHF^<Pu(O)Y{yeJW>vi-I^7YT#h?m;TVG|nba%CKRG%}3P*wejg)
zI(ow&(5X3HR_xk{jrnkA-hbwxEQh|$CET9Qv6UpM+-bY?E!XVorBvHoU59;q<9$hK
z%w5K-SK<tWK~)xDY1pfU-uh2F5s`TjYWMPe<qa`ryY7tDKBk}@3e-et05NCtf09o>
zWT#1OX__$ceoq0cRt>9|)v}$7{PlfwN}%Wh3rwSl;%JD|k~@IBMd5}JD#TOvp=S57
zae=J#0%+oH`-Av}a(Jqhd4h5~eG5ASOD)DfuqujI6p!;xF_GFcc;hZ9k^a7c%%h(J
zhY;n&SyJWxju<+r`;pmAAWJmHDs{)V-x7(0-;E?I9FWK@Z6G+?7Py8uLc2~Fh1^0K
zzC*V#P88(6U$XBjLmnahi2C!a+|4a)5Ho5>owQw$jaBm<)H2fR=-B*AI8G@@P-8I8
zHios92Q6Nk-n0;;c|WV$Q);Hu4;+y%C@3alP`cJ2{z~*m-@de%OKVgiWp;4Q)qf9n
zJ!vmx(C=_>{+??w{U^Bh|LFJ<6t}Er<-Tu{C{dv8eb(kVQ4!fOuopTo!^x1OrG}0D
zR{A#SrmN`=7T29bzQ}bwX8OUufW9d9T4>WY2n15=k3_rfGOp6sK0oj7(0xGaEe+-C
zVuWa;hS*MB{^$=0`bWF(h|{}?53{5Wf!1M%YxVw}io4u-G2AYN|FdmhI13Hv<wqNx
zyJ0aCDbf+6Xh)}VQ07NMBoDjFcTiqJ*FU};bE20sFe&dJcFxGT;@r?<LbS{0CUJaF
zat)G84W<W4B1Xma3~&F1w20lod?U`$8EsI6PbnM8J%KE^2~AIcnKP(y025h_G>noK
zNS2fStm=?8ZpKt}v1@Dmz0FD(9pu}N@aDG3BY8y`O*xFsSz9f+Y({hFx;P_h>ER_&
z`~{z?_vCNS>agYZI?ry*V96_uh;|EFc0*-x*`$f4A$*==p`TUVG;YDO+I4{gJGrj^
zn?ud(B4BlQr;<f7($6G0*wm%8Yx9)oXWeL*3fyb0-Z83=jX!Y^ZOz2xr_W6UE(jaH
zJ(oBs$}&9}P-B_Th=g2Z2$cnLESxH4YOC^yN6^ay)`W&sUCb|})aAB7Rs`hAJsBwv
z^t5#H^){uYP=n4Y>NN?<ynxz#$}3sutUA_0g9(%*1-IHHw^|pUAX|0TLH=Ip#<bz<
zG|Td2HdTu~wl!K<`h$PM2b&2s*p2U)GXGvW;{Q)#O4-W%|1x~)P##nGUJm4Sjur1^
z_yvJ*6BtY(4iS(94_XsFJ4*#sA*f#6Mxtozz$7G1HcJ0YPnRDmngGq;oq(+i&2F`R
zOt0o7TPPSHM@YBsu(j4Sb<$a6O?Kto<q56_)x_E#y)X@^Vbh4H8>vaz_7{&(D9mfd
z8esj=a4tR-ybJjCMtqV8>zn`r{0g$hwoWRUI3}X5=dofN){;vNoftEwX>2t@nUJro
z#%7rpie2eH1sRa9i6TbBA4hLE8SBK@blOs=ouBvk{zFCYn4xY;v3QSM%y6?_+FGDn
z4A;m)W?JL!gw^*tRx$gqmBXk&VU=Nh$gYp+Swu!h!+e(26(6*3Q!(!MsrMiLri`S=
zKItik^R9g!0q7y$lh+L4zBc-?Fsm8`CX1+f>4GK7^X2#*H|oK}reQnT{Mm|0ar<+S
zRc_dM%M?a3bC2ILD`|;6vKA`a3*N~(cjw~Xy`zhuY2s{(7KLB{S>QtR3NBQ3>vd+=
z#}Q)AJr7Y_-eV(sMN#x!uGX08oE*g=grB*|bBs}%^3!RVA4f%m3=1f0K=T^}iI&2K
zuM2GG5_%+#v-&V>?x4W9wQ|jE2Q7Be8mOyJtZrqn#gXy-1fF1P$C8+We&B*-pi#q5
zETp%H6g+%#sH+L4=ww?-h;MRCd2J9zwQUe4gHAbCbH08gD<n$4JOZfr1dy|4NISDt
zJq9Sb#*`qZqnLfVcKv#FZN&$4ZJ7x}GY49-9TIs=D0h|`xDX?Qt@)~Scwt?@CJhLF
z9Rla4t_bZ<5MDoVRcnCg5*U?ktKW{=ZsYTDs7n`bhz$sTiTGtX|El}NsYR5zLfGJh
zuqqUv?$%w*81@|EbW>JY;F6F)HtWCRW1fLR;)ysGZanlz*a+|V&@(ipWdB!tz=m_0
z6F}`d$r%33bw?G*azn*}Z;UMr{z4d9j~s`0*foZkUPwpJsGgoR0aF>&@DC;$A&(av
z?b|oo;`_jd>_5nye`D<obu&G!ftXK;)D(8NZ(rAyT3$Vi9gwp`#>VOcMLr-*Nw&nA
z82E8Dw^$Lpso)gEMh?N|Uc^X*NIhg=U%enuzZOGi-xcZRUZmkmq~(cP{S|*+A6P;Q
zprIkJkIl51@ng)8cR6QSXJtoa$AzT@*(zN3M+6`BTO~ZMo0`9$s;pg0HE3C;&;D@q
zd^0zcpT+jC%&=cYJF+j&uzX87d(gP9&kB9|-zN=69ymQS9_K@h3ph&wD5_!4q@qI@
zBMbd`2JJ2%yNX?`3(u&+nUUJLZ=|{t7^Rpw#v-pqD2_3}UEz!QazhRty%|Q~WCo7$
z+sIugHA%Lmm{lBP#bnu_>G}Ja<*6YOvSC;89z67M%iG0dagOt1HDpDn$<&H0DWxMU
zxOYaaks6%R@{`l~zlZ*~2}n53mn2|O&gE+j*^ypbrtBv{xd~G(NF?Z%F3>S6+qcry
z?ZdF9R*a;3lqX_!rI(Cov8ER_mOqSn6g&ZU(I|DHo7Jj`GJ}mF;T(vax`2+B8)H_D
zD0I;%I?*oGD616DsC#j0x*p+ZpBfd=9gR|TvB)832C<yhYAik<@H8~5#F6>R<A)^I
z813lsSPg>hsW_7g&WI@zp@r7dhg}{+4f=(cO2s+)jg0x(*6|^+6W_=YIfSH0lTcK*
z%)LyaOL6em@*-_u)}Swe8rU)~#zT-vNiW(D*~?Zp3NWl1y#fo!3sK-5Ek6F$F5l3|
zrFFD~WHz1}WHmzzZ!n&O8rTgfytJG*7iE~0`0;HGXgWTgx@2fD`oodipOM*MOWN-}
zJY-^>VMEi8v23ZlOn0NXp{7!QV3F1FY_URZjRK<l6h;TB{8A>McY(2PV_ms}EIC^x
z=EYB5UUQ{@R~$2Mwiw$_JAcF+szKB*<Pw8cE2gEj`x6sRWVOul$DOLM!NtNwjh^{(
zxfNtkDejs|AW>n(`MYpDCl>~ss54uDQ%Xf-8|dgO<D$o)tF6&E3o0(-+0v~XPcyB>
zY)B_qju=IaShS|XsQo=nSYxV$_vQR@hd~;qW)TEfU|BA0&-JSwO}-a*T;^}l;MgLM
zz}CjPlJX|W2vCzm3oHw3vqsRc3RY=2()}iw_k2#eKf&VEP7TQ;(<?;Dnz16vQ+EoX
z@YdXY3d=X;dXLc}GT10b@w?2#72%e6QoQ~Iso^XKa_A4FB-0kTb0gS}kCU)ekOmu4
z`X~-Y)K_*yRzFYC^5Ptoh0>DDzEAUgj!z_h2Br;Z3u=K~LqM6YOrlh)v9`!n|6M-s
z<LVy)p%e_Z0jAJF#}rF8BlQPu39Pb$)R=fT$F_oL3&Gro%^1<m;FD=A%JqXnheJY~
z0!=4l7633anV`XdE3ll;7?y>?XvA~y<5?WJ{+yM~uPh7uVM&g-(;IC3>uA}ud?B3F
zelSyc)Nx>(?F=H88O&_70%{<kvt?}pFSnnx$A+E#AvNZ=)Q67#lW<Bj=R~TC*34x<
zsIV$*icLF#lNv_`<!<@@H{3F&kUnVFe+}@wjNGQ{nYZ9?6}hda@t66<wlx96{_cE`
z$$a0j(_1tmoC?aiBGP^t4#2R1mY4;l4FmKUhoJ&lF<t;G=;U^CT{wVhc2vX(qHL;%
z-OQ&LUiC1Cq?IW2HC41#NaIch2w>ATsLVTAp88F-`+|egQ7C4rpIgOf;1tU1au+D3
zlz?k$jJtTOrl&B2%}D}8d=+$NINOZjY$lb{O<;oT<<w(P7-d7Q=?T(2)6S%4F4dsT
zi35lCeu|eW*ukuaYQn7hV8gDLi){5={4VyTorE0ZZjK<M1=NR{ZM!$i%JHC_!^QU0
zGv-ULw)i^~1DdoZqL(7f9gCW|Sy!yY)SNJoVu}g1?HCbB->zXoAp01KYG<PZ9H6O!
z))_mlm9Vu1mn+KG9d>$Y4*=)!&4g|FL(!54OhR-?)DXC&VS5E|1HGk8LY;)FRJqnz
zb_rV2F7=BGwHgDK&4J3{%&IK~rQx<&Kea|qEre;%A~5YD6x`mo>mdR)l?Nd%T2(5U
z_ciT02-zt_*C|vn?BYDuqSFrk3R(4B0M@CRFmG{5sovIq4%8AhjXA5UwRGo)MxZlI
zI%<!zxK{ej1*xOK@{q@yU&&2m0M<#J$s-)9nQJ#J9D$?MIi+@1qA-Ly$)60970|=L
z+)<dANvJ|$+x@*644bs*eF)w6b%Z+UpG@tteAy4c0qa=<nZV{kcyc?3DR^0UBf(tQ
zKVV;Sv@C}GZxNnStZ-+dFobV*{|x92_fZWDwisl5`v83Kseqc1BGi=gVi-fNboe{}
zDQ!10Gf30nF>vz`v8B+#ff*XtGnciczFG}l(I}{YuCco#2E6|+5WJ|>BSDfz0oT+F
z%QI^ixD|<Ire%}nK@2Aibp{~e4lq-hC}BRMRW9up0eGmQ%x;+z;N*J>^(AN`MS6J$
zXlKNTFhb>KDkJp*4*LaZ2WWA5YR~{`={F^hwXGG*rJYQA7kx|nwnC58!eogSIvy{F
zm1C#9@$LhK^Tl>&iM0wsnbG7Y^MnQ=q))MgApj4)DQt!Q5S`h+5a%c7M!m%)?+h65
z0NHDiEM^`W+<QZOD?Stcbud)jBUdJz>M4)=q^#sk(g!GTpB}edwIe>FJQ+jAbCo#b
zXmtd3raGJNH8vnqMtjem<_<RAJPF&-%GsWQ`YEcs5zd_a``?ag+n~zXrDsEJ{An$<
zo)|`>)9`gU_-RF&ZK!aIenv7B2Y0rZhon=2yh&VsHzM|`y|0x$Zez$bUg5Nqj?@~^
zPN43MB}q0kF&^=#3C;2T*bDBTyO(+#nZnULkVy0JcGJ36or7yl1wt7HI_>V7>mdud
zv2II9P61FyEXZuF$=69dn%Z6F;SOwyGL4<q<2ZxdTxZCB-(@VdZQg%XDDHH@cCjt3
zP;=X$AV;rcZN_7x<1S;3!mHBF>D5mKfW)q4l$8yUhv7|>>h_-4T*_CwAyu7;DW}_H
zo>N_7Gm6eed=UaiEp_7aZko@CC61@(E1be&5I9TUq%AOJW>s^9w%pR5g2{7HW9qyF
zh+ZvX;5}PN0!B4q2FUy+C#w5J?0Tkd&S#~94(AP4%fRb^742pgH7Tb1))siXWXHUT
z1Wn5C<yb=gsf8XFbOO5NR5v8J9|IBwD{uf)70TYaVeM&IZTi0M)$sw_JCuWq`=}b=
z8)W|q3IAjGL>G&!mGtr#jq6(P#!ck@K+FNprcWP?^wA2>mHA03W?kj>5b|P0ErXS)
zg2qDTjQ|grCgYhrH-RapWCvMq5vCa<vxi|F`?A!XHVHe)L4-tH;pd9Luqo?aPV!2s
z8*d5d)uG>F?{R%*mu}1)UDll~6;}<K4?1~CX;L1}g9u=o%>3Q*^QOfj!dlt02lSzK
z?+P)02Rrq``NbU3j&s*;<%i4Y>y9NK&=&KsYwvEmf5jwTG6?+Pu1q9M8lLlx)uZZ7
zizhr~e0ktGs-=$li-2jz^_48-jk**y&5u0`B2gc#i$T1~t+AS*kEfR*b{^Ec>2-F~
zKYRl&uQ5yO@EtAZX8ZSqx;8+AKf+CqhlUSpp*VfyBMv+%wxN5GukZEi^_to%MFRc0
zdXqJ*jk?#uYT6EJe446@(f6G4vhnxQP|pGeJ?-#|Ksq?g*ky=}x+Qnx+!<>Y(XStN
zQIND`{KU}&l)E*ntI^}kJ=ly8DML{!(58Xk4_bzIc@v~e;><z^97=`HZn*MMu&-Yg
z9OAP2=XoiJ9#|Bv1ibhQ?<i#4eQ8KaA1LcUI{C(jbJ_+e)%i?BCAr%VhAS6nBqnm&
zOKb5-QIs^)7Q^g>wKl_`7G%pGz~4KH*CTp;_|52)d!+ximd<F#sm2#+seBL|&Qg6U
zIH4|`rVu%b=4T?QFSuA{o^yZh^3fF1#a33<b;8dD%}OGkEXGV&tUFs68_~;DEn5o*
zhZd2`_dN1Q=^;r8BcE2oQQPvZJwW^cY1{+8&&E{!Lp-O4Y+%WZH;Bd)0e!Qy9ICrV
z)Gj&tR1KSz2R1ZAMXWdKQa?gzn)Js(jFRg>$|8v@zzEq%j68QXkgf$7eM~xdM5q5i
z{?qFx_W|eq@L03bW<UGBkQSwPH|s5CWgP#W8z%tU-Yz+j>Jfjy^z@()-iCjzjREuf
zb_a(yTz)ZKWCF%Lp>^2-%Q?*t{06}x#DLN3cO=i>h6#-a`z;<5rBGGM6GA(W<Lg(m
zm7?V_PW;n-_4B>qvRcX%Pn?Uvs1#e|ePSNJEC%+X(YI$x)`<aw5r?K?ufdtUbafv;
z1B#{SqMg66Z&7-Y0LFnjlW=}Nq{ztJ%nE?EXz`3b4cEBoJ5tdh4j`(po~Ft76f!ca
zUl9&xVkcY>s$%>O#%}D<Bxkxp>9dgqWfq4yfVz^%Fglo<Vpj$oQI(M`vqm^LsnI-r
zt^E2B$e1;rT?Mc7W`EHotX()0JY`gPQ@x=x)KDff#-DF|vIk(^5&pKNe6JswT{HWW
zFuclvp;&}aQJ8*m-TB?W)>kdFR}uJQhx|}_w`9Ulx38Ha>ZslKs58c-@IFI&f;?xM
zbK>rKNfPFsf>%+k6%(A6=7Aac^_qrOCNqb3ZVJ;8pt!?1DR*ynJb#@II9h?)xB)A~
zm9Kk)Hy}!Z+W}i6ZJDy+?yY_=#kWrzgV)2eZAx_E=}Nh7*#<&mQz`Umfe$+l^P(xd
zN}PA2qII4}ddCU+PN+yxkH%y!Qe(;iH3W%bwM3NKbU_saBo<8x9fGNtTAc_SizU=o
zC3n2;c%LoU^j90Sz>B_p--Fzqv7x7*?|~-x{haH8RP)p|^u$}S9pD-}5;88pu0J~9
zj}EC`Q^Fw}`^pvAs4qOIuxKvGN@DUdRQ8p-RXh=3S#<`3{+Qv6&nEm)uV|kRVnu6f
zco{(rJaWw(T0PWim?kkj9pJ)ZsUk9)dSNLDHf`y&@wbd;_ita>6RXFJ+8XC*-wsiN
z(HR|9IF283fn=DI#3Ze&#y3yS5;!yoIBAH(v}3p5_Zr+F99*%+)cp!Sy8e+lG?dOc
zuEz<;3X9Z5kkpL_ZYQa`sio<mu7#<R;P#^AzDZpNEFF-x6ISg?yJomJ7bPqcQ@V3r
zkdE38i3ZP3F@ZZPv}Ns~hi}3&z|z~Xe(PuXCDF99=C6$5T-)OJ35rFuX$2>R_@_cG
z8tT~GOSTWnO~#?$u)AcaBSaV7P~RT?Nn8(OSL1RmzPWRWQ$K2`6*)+&7^zZBeWzud
z*xb3|Fc~|R9eH+lQ#4wF#c;)Gka6lL(63C;>(bZob!i8F-3EhYU3|6-JBC0*5`y0|
zBs!Frs=s!Sy0qmQNgIH|F`6(SrD1js2prni_QbG9Sv@^Pu2szR9NZl8GU89gWWvVg
z2^-b*t+F{Nt>v?js7hnlC`tR<QFJb#1J-AD2Y_-!x0cUa7k-QE>U(an0qQG7;h6T~
z-`vf#R-AE$pzk`M{gCaia}F`->O<OWl)Ry@|N215RIbK)7oBxY(8>2)60AuGFAJg>
z*O2IZqTx=AzDvC49?A92>bQLdb&32_4>0Bgp0ESXXnd4B)!$<JlJM9H^R~a{?XOeJ
z<WSm_vo)2siYOYkAN5~Wm)}oOK5O{3aTYJ@>t$g{*FG%HYdt3b3a^J9#so%BJMyr2
z{y?rzW!><Q>lr097b9(75#&4&@lkB1vT*w&0E>!dS+a|ZOu6t^zro2tiP)bhcNNxn
zbJs3_Fz+?t;4bkd8GfDI7ccJ<q<OaN41j;vu2MUKpK*-OB+^@8|0UMdox>5zU`Bs~
zN~bci`c`a%DoCMel<-KUCBdZRmew`MbZEPYE|R#|*hhvhyhOL#9Yt7$g_)!X?fK^F
z8UDz)(zpsvriJ5aro5>qy`Fnz%;IR$@Kg3Z3EE!fv9CAdrAym6QU82=_$_N5*({_1
z7!-=zy(R<Q*94!ZMOOc>{xg9S519S6W{HpJZ8Is|kQ!0?`!vxDggmslD59)>iQ15f
z7J8NqdR<ga))e0)Ur%S+E}ec?+y~twFJ4A_Mss-AP+eF02kLp3zzFe*?#O4_dDZRy
zbv?H&>`9f8H|~iFGNsPV!N)(CC9JRmzL9S}7U-K@`X893f3f<8|8<l7zt!;mYl^FC
z=8SEE>Ls!^eA^#(O6nA+ByFIXcz_WLbfeG|nHJ5_sJJ^gNJ%SI9#XEfNRbzV+!RkI
zXS$MOVYb2!0vU}Gt7oUy*|WpF^*orBot~b2<Y_`8x!BAodNjWNH0hc3w0T6w{5sUZ
z|B2cC<DJgWDVgdP@mX(?FeHqs9Kvrhmw>J@^be?Gq;U%#a<fuYTr&+FHC3kSjUcEr
z1F>m8`PmH-UCFZ&uTJlnetYij0z{K1mmivk$bdPbLodu;-R@@#gAV!=d%(caz$E?r
zURX0pqAn7UuF6dULnoF1dZ$WM)t<Ee9jxt3VRL)Qt|k=L#J7L7eIPM4b7R6tK}kw`
zHvJihFn1ho^6Xt7)TuGkNxBs}tx(U%X%X=xQ`ylh2weAdzF7hIY+~jp76|mpcz0Z@
zGK0e2;cRTCq_nZ!Af@Z>HAM{eZK6DbU1J`V5<Z{7GK*`z#-439Xzh11z9N?3ixocB
zSP-RtvWs+6Vp`grGL8az-zi;6TP;MKqBV%8JdIbyz@d+w=tXA^^E62X5uQdV<T7<#
z7$$iHb4Gb1CEzftHC<QNnt*7os(xfMNgN<BkpflUzCR8rBH+;$KdU;oQRjSzM}Owi
zkxc2bytqB5!YVo6=u(rNUBNY<;6b_GhxbVQ<SZ-KWiYsio@tOFPJz0ma)S%jr{lVe
zmOHGx%qCf|iFEal|Mh34KB7kJZ|^w7YscJW1GAD%jIt<2a5&0^$BfFf{I^UOW1KW*
zA_2Q1M`8_By~1RuhkM|WdK&Rs<HLQEl{|fXX*sKo`HZA>Dw<;xk}Nl`h+nfMO_Rdv
z3SyOMzAbYaD;mkxA7_I_DOs#Bk;e5D%gsS3q)hlmi1w{FsjKNJE22`AjmNiAPRnIc
zcIkN25;rOn3FipAFd(PnlK9{03w6Q<(68#1Jw`{axEGQE{Ac>^U$<ZUy$k8K8eCOn
z#=x%Gb4$bF>h);h2ADICmaNxrfpb`Jdr*)Y1SicpYKCFv$3vf~;5aW>n^7QGa63MJ
z;B1+Z>WQ615R2D8JmmT`T{QcgZ+Kz1hTu{9FOL}Q8+iFx-Vyi}ZVVcGjTe>QfA`7W
zFoS__+;E_rQIQxd(Bq4$egKeKsk#-9=&A!)(|hBvydsr5ts0Zjp*%*C0lM2sIOx1s
zg$xz?Fh?x!P^!vWa|}^+SY8oZHub7f;E!S&Q;F?dZmvBxuFEISC}$^B_x*N-xRRJh
zn4W*ThEWaPD*$KBr8_?}XRhHY7h^U1aN6>m=n~?YJQd8+!Uyq_3^)~4>XjelM&!c9
zCo|0KsGq7!KsZ~9@%G?i>LaU7#uSTMpypocm*oqJHR|wOgVWc7_8PVuuw>x{kEG4T
z$p^DV`}jUK39zqFc(d5;N+M!Zd3zhZN&?Ww(<@AV-&f!<LI7*F8&iPDLUXltu(<}V
z$njn`XVpn?WJ*LB)uE)%4)wh=Ssn%11If>v$uV>%z+dg9((35o@4rqLvTC-se<GZ^
z@`nqI3i&X>@hkn^6k7+xHiK-vTRvM8{bCejbU;1@U=*r}GTI?Oc$!b6NRcj83-zF;
z=TB#ESDB`F`jf4)z=OS76Se}tQDDHh{VKJk#Ad6FDB_=afpK#pyRkGrk~OuzmQG)}
z*$t!nZu$KN&B;|O-aD=H<|n6aGGJZ=K9QFLG0y=Jye_ElJFNZJT;f<ekwWkA`guR1
z{-6+Q;C36hq*EaO#_dD=Ic~!kNe)DbJHR-5r$35y6?w=}fE@osSS>U8P8CZ<ru2E$
z&FfHRsx;HT;644Ji*zE#J;Iw#-X5!#zOw>cLBERjioAOC0Vz_pIXIc};)8HjfPwNy
zE!g|lkRv3qpmU?shz(BBt5%TbpJC3HzP9!t7k*Fh48!-HlJ4TTgdCr3rCU!iF}kgu
z4Qs;K@XOY~4f~N}Jl8V_mGbwzvNLbl&0e9UG4W;kvjTK|5`-Ld+eQ6YRF`N0ct%u%
z^3J_{7r#_W1zm|>IPN!yWCRrN)N!7v`~ptNkIXKipQ6ogFvcnI5ugxdoa{d;uD67g
zgo^}QuZRkB540Vc!@c80(wFG=$ct}oHq(#W0+-XX(;Rrt`x=<45X}ficNtI2(&}=~
zb(!}tNz?s`wm{g<VYvmC<DPs!Ffwi9p4hH_2+;OCs<0@Sl*DKhB3opORuW(|H@1FS
ze>K?2tdf+OEF;tzx<(3fMd7_tM@Ghs$Z(Os-H(kYq#qB|J-aC9Ku?fsWwJhB36c)A
zu|a7ZF?V8X<LT_AM+fJcpWO4|XIP|4e8O^HWt;P@;zk>7l2g5~xqZf>2=6Dsi5lfo
zKIRL&@MLJyaBE)V_9=pJYu%U2wxR*-(0MI5_|yqP`?h@cks(5LR@XUKLMI_xuVtiu
zRvpDS8MyUMRFM6`P+Sjc!A_e^H38Qu7b{b7QZ>NHyA6k-YYygQuW&C_OGO(<j^C?J
z61}&6UL&AH*ee~5X{4DF=YTk{e;k%C6cdMGz^_On5%_auAHK->7V7?}r)zedSVpBI
zuk29Z4GW3C0GpfozbZQya454sjt@ndQmsp=DA&@sWw&xmOlDk1JIcMNp~-ES$&A~k
zG#W(6hBj?!Fu8Q4WYexoSBa8_5=v20xnx6H?e;$t)5|f&{7=vOye^&3_c-Ug?|a@e
z=X`&qT_5B7N9vZoPBhXOTEDV;4&x2Je4}T(UB~O-$D#CjX77$R?RZ*`ed~$G;$4YS
z4n*|Pop(!NN79Hk2}U#cfEEwdxM)xQm}$~rV03xc=#U@@Y*}qEmot5KvDb=8{!E-n
zl4p?}&g2h^sUGyTcGh=0aQzQb*k;K;dvbeZUgmwEv>%#(EPtj=gHKdi|E8@w+|>KC
zxEU>b>P+9Xf}pEyQK(}#QrBG4Jaf!iE!qpMbTu>gb!<Yl`oJ2Qs~OjI2pYS$miOgf
z)oSAgm*%yXC(J_2Y^|lxT(Bj@)g{NCe_$2-#(IBW(>gtdq<`@xO+roQl+S_7)!G(%
zdy)$iGmJ1cwP?F=IyyV1-$|kf|EKM3B@I&lZ%NI@VV;*mQdLWjc#t|Vbk_Q~>&O03
zIcSr$(<C;?@SJ~enHTzBdHOa_kK%x}yPPx{Y@f-N;CqfpesVsIl6V%=e>qLAINj7a
z;!||v&1D5SX#X@5jNd}jUsi-CH_Scjyht&}q2p*CJCC-`&NyXf)vD5{e!HO629D-O
z%bZelTcq=DoRX>zeWCa^RmR3*{x9;3lZ75M#S)!W0bRIFH#P6b%{|HRSZ5!!I#s)W
z_|XXZQ<0_`>b^^0Z>LU64Yg1w)8}#M^9se(OZ9~baZ7fsKFc;EtnB>kesci#>=icG
zuHdjax2^=!_(9?0l7;G7^<S6vtx8KDwD(k*-}3X}*xp2~Q1QN_ey3mFbI>-}9>Y#M
zm;9*GT~dBuYWdk49%mZM0=H#FY1)}7NE5DE_vsqrA0`?0R0q535qHjWXcl|gz9Fq$
zMKxgL;68l!<x_iqb^g3P8sp{2wKCDUTct5DGCbp|qE`>gm3y0durIr3LHv~y*ABm`
zYhQG0UW#hg@*A{&G!;$FS43}rIF$e6yRdGJWVR<}uuJ_5_8qa3xaHH^!VzUteVp;>
z<0`M>3tnY$ZFb$(`0sg93TwGyP;`9UYUWxO&CvAnSzei&ap))NcW;R`tA=y^?<xF<
zJ6D(2{U$a%*dRJ!gY>mBmG+M*&bqW5kL$V(O;(p)aEk`^ci?2Jwxu>0sy>a7+Wa9t
z5#I2<E%eUDNU#8Q4p;zdEZ`amruvh;8KRi>o;+gr^9^&km^z7>xJWbN&Ft>Vna34E
zI@BBzwX)R}K3SL?)enrDJ45QLt;-7CFJk{`cF3L4Z^CtG_r5)0)HV>BOYPIUh#D%|
zYQAu31f{bm-D*`_k7DTTr?Nkw_gY%J1cb2&TdtibY?V=|SSIOlA;|5C!2@?Y<Jt;u
zTinN{+OAB61<CH4BTDj)y{EVI$2@cXn`zQ)eM(Dbn7!)2{+OWRfGx3V-oYUR*TG>Q
z-$?G0jj^mG|MP>DmbF7}T~C$H<GM1s9vtq{ctRL%)ku?lESW6RpB$5{h>6=CpZ~hd
zZ1C|xV@=h#^~`3LSCnmI(vZ|5r3>eq5*UB)dhdy``*gKY3Eg%jSK8I-`G+OWWlD)T
zt$wSQ=||lSkiKy}YF-k}@W9EiS?)z`hK{R!dd-$BCJvBtAN-yXn3njU$MisEtp!?Q
z%Vk-*(wy9dd15(-WFw_&^tT;;IpF?ox1`Qq3-0zVTk+$W_?q}GfAQlPcrB^?&tWSI
z2BB!K=sH7FUYmXa_dcV^Z3>5z8}~W{S!$j<QUfCP%Ei_-oejKF^4Px--@10AEb&&%
zqLhV;HtP}J?mNDW`>VR_3hu_|wl2|gmRH8ftn^z@fW75*;-`;wU+<qN{VVFPa<NJ=
z%5Tc^lT;~kS#GTR;uLu{UODRC`W1CjJDdMWF)yj9vSv5?EPGCP_CvxR<KVQ-ee^@d
z78utxn{J&uQMkX-;nbX#VhJS^U-x-G%_1q+m&vwTsVtWC=)Kmk)ap=ZslgW21X=O5
zOUYhn>fY+BR_yx6BZnE5_Hn<I7^Or<lw2y==ekF86`e-dVL;X`oN4E*Ej{e$8eW~9
zFj$ec3n$^oM&ZRdR&2#v#3~m#W`~$<;051(m(Jf=zQzdK;~#$hN`0a9c`p5??@+C@
zPeVp_&;r9RRci}cJlMLHOu2?574*VcMuRULYQ*CoWVc^hl7W#;r;q5FXFB;v*<w1q
zi{_E#wde=#Y3Y}v8)x>a({jrPiubRp$jZ=T=t$hx&NeCV1!vuCcl4PJ0p0Fjp>6K}
zHkoD1gQk=P2hYcT%)cJ2Q5WuA|5_x+dX0%hnozfTF>$#Wz~X!MY>){H4#fB#7^ID*
z1*o2Hzp}?WVs&gbS?Uq(CT0sP+F)u9{xfgg6o_{8J#m;|NeJqDHhb(Q8%z8aM_qeM
zn83>d`uDd47WIuKp78JBYo2SYupGcNXIzeou^eMY`@%Bv8elZ>q~3uq#~IX)g%g;h
zoUXymEd>|kVsMky<L3uw4pRyIQ~+QjmCB$4=YE<!$u9_OyX5)x^DXq?()o#LpIr_{
zIO?ELcmdP+iNjO_aw5V<2R$&_*Wtgt*?{*59BO<nICGdup!Efyall)FLM82-s;tU+
z`gtaxwVJ>b&1l~lrE-`w(0PObapYa35DJ4Y03Jv_!DKp}0HTbOgZRM=;PSsuAJJJ1
zItc+tu9;ANG;qHaCI|T85!euhFK~VK^G2LZV1+cbzS?>ar@>emg;JTI5VAn1g5U~|
zU=p&k0OlSzc$U=s#9_uL3&n|6A1X$XvrE9vFV@`A4G#!D1QcFCeE`F2N(deJx>)*A
z$XIW0P~-NbAd=5i6`s<~(vAQX9t$dbVqc5|E|CHRtb$1(l&KSNh_t2#k_l95KnP86
z)ns_DGspv-M0z0#h2a+*oH<N$Eg|T!fN8wzNHF)Gc7@I}fYSmF)d^g^wF0>|{5~j{
zXGD=}cLrBSESQ0u$XmQlFfWMCAW<k&T{2B`kEln2DqRfPZDN&P+#r+(TzPn03tzH#
zfZ(FO3Kgg2fV;0Q;3`k}(?hYs(1K|nDvXDyprC8Oy@>aS;wKK%#aSSYK=qljBiY(s
zT$v;We24&$w=avIILsMt0%1fDyah|AlLNg#WL$Lu)tf}YfqO%+pH~QC*bZO4aM*i9
zrPF<S6~WcOg5voiOp=#CCOjOQ5ZxCpF&rHeq3`w)NFVF}U|<Kw%7oEy^g#qo@fU`k
z7>f|5!hv@XY8CzaFh*Dy9vH|2fKKr(@x}`L#9^*vOae|lk`adG#oZZAyk|TOV8`9L
zc-sQu%y1MQes&J?)a1<kKqylWyJ0*WSp~sk!X}lCj~C^Y4HkkUA|OI7dnO5uEB_Sn
z5nw!Q?T_Gh?-hoJ-b!FB>}Zc*>-P!6j-T#<nXtbx!dw(1jQMR&Y09A*Y$c3P#bZUF
zPHij<7a#URMTBzWMHL#Yo-ub+SO9jPL<BMtMGz3;MF}gxj&z7pUy2AyBKgz7ny{%D
zqRCDbK~tE;7%T;wvLI45$3>75V$lLC!TuMB(!G-+D2;XptUxymSPFI-K&0x}B1?h$
z3-9**-9!);fwyiWB5gS$i;P~c<BV-!6?l&@qSAU=WR=lflY++!@J38Tpeg_V6qv5Y
z;7xFdRMlA#q^7MactaGzUwT0VzVPi)aKpfRNDwinqUps1w*|a<0AXIdIf?nLIwr3r
zfXfMg2!SyFs+pcC>=^}5-6G@{4<?gEpU8#(0(d$R(J6j7Ne3RyjvFOR^B9MxxDc5*
zF#j;kgcn?9US|F%QG-tcXAbk}L>TWDBRDc6(M|%qa-mS`z`u9kWo{Xl_uc;hXOkRd

literal 0
HcmV?d00001

diff --git a/community/detectors/strapi_cve_2023_22893/gradle/wrapper/gradle-wrapper.properties b/community/detectors/strapi_cve_2023_22893/gradle/wrapper/gradle-wrapper.properties
new file mode 100644
index 000000000..622ab64a3
--- /dev/null
+++ b/community/detectors/strapi_cve_2023_22893/gradle/wrapper/gradle-wrapper.properties
@@ -0,0 +1,5 @@
+distributionBase=GRADLE_USER_HOME
+distributionPath=wrapper/dists
+distributionUrl=https\://services.gradle.org/distributions/gradle-6.5-bin.zip
+zipStoreBase=GRADLE_USER_HOME
+zipStorePath=wrapper/dists
diff --git a/community/detectors/strapi_cve_2023_22893/gradlew b/community/detectors/strapi_cve_2023_22893/gradlew
new file mode 100755
index 000000000..fbd7c5158
--- /dev/null
+++ b/community/detectors/strapi_cve_2023_22893/gradlew
@@ -0,0 +1,185 @@
+#!/usr/bin/env sh
+
+#
+# Copyright 2015 the original author or authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+##############################################################################
+##
+##  Gradle start up script for UN*X
+##
+##############################################################################
+
+# Attempt to set APP_HOME
+# Resolve links: $0 may be a link
+PRG="$0"
+# Need this for relative symlinks.
+while [ -h "$PRG" ] ; do
+    ls=`ls -ld "$PRG"`
+    link=`expr "$ls" : '.*-> \(.*\)$'`
+    if expr "$link" : '/.*' > /dev/null; then
+        PRG="$link"
+    else
+        PRG=`dirname "$PRG"`"/$link"
+    fi
+done
+SAVED="`pwd`"
+cd "`dirname \"$PRG\"`/" >/dev/null
+APP_HOME="`pwd -P`"
+cd "$SAVED" >/dev/null
+
+APP_NAME="Gradle"
+APP_BASE_NAME=`basename "$0"`
+
+# Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script.
+DEFAULT_JVM_OPTS='"-Xmx64m" "-Xms64m"'
+
+# Use the maximum available, or set MAX_FD != -1 to use that value.
+MAX_FD="maximum"
+
+warn () {
+    echo "$*"
+}
+
+die () {
+    echo
+    echo "$*"
+    echo
+    exit 1
+}
+
+# OS specific support (must be 'true' or 'false').
+cygwin=false
+msys=false
+darwin=false
+nonstop=false
+case "`uname`" in
+  CYGWIN* )
+    cygwin=true
+    ;;
+  Darwin* )
+    darwin=true
+    ;;
+  MINGW* )
+    msys=true
+    ;;
+  NONSTOP* )
+    nonstop=true
+    ;;
+esac
+
+CLASSPATH=$APP_HOME/gradle/wrapper/gradle-wrapper.jar
+
+
+# Determine the Java command to use to start the JVM.
+if [ -n "$JAVA_HOME" ] ; then
+    if [ -x "$JAVA_HOME/jre/sh/java" ] ; then
+        # IBM's JDK on AIX uses strange locations for the executables
+        JAVACMD="$JAVA_HOME/jre/sh/java"
+    else
+        JAVACMD="$JAVA_HOME/bin/java"
+    fi
+    if [ ! -x "$JAVACMD" ] ; then
+        die "ERROR: JAVA_HOME is set to an invalid directory: $JAVA_HOME
+
+Please set the JAVA_HOME variable in your environment to match the
+location of your Java installation."
+    fi
+else
+    JAVACMD="java"
+    which java >/dev/null 2>&1 || die "ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
+
+Please set the JAVA_HOME variable in your environment to match the
+location of your Java installation."
+fi
+
+# Increase the maximum file descriptors if we can.
+if [ "$cygwin" = "false" -a "$darwin" = "false" -a "$nonstop" = "false" ] ; then
+    MAX_FD_LIMIT=`ulimit -H -n`
+    if [ $? -eq 0 ] ; then
+        if [ "$MAX_FD" = "maximum" -o "$MAX_FD" = "max" ] ; then
+            MAX_FD="$MAX_FD_LIMIT"
+        fi
+        ulimit -n $MAX_FD
+        if [ $? -ne 0 ] ; then
+            warn "Could not set maximum file descriptor limit: $MAX_FD"
+        fi
+    else
+        warn "Could not query maximum file descriptor limit: $MAX_FD_LIMIT"
+    fi
+fi
+
+# For Darwin, add options to specify how the application appears in the dock
+if $darwin; then
+    GRADLE_OPTS="$GRADLE_OPTS \"-Xdock:name=$APP_NAME\" \"-Xdock:icon=$APP_HOME/media/gradle.icns\""
+fi
+
+# For Cygwin or MSYS, switch paths to Windows format before running java
+if [ "$cygwin" = "true" -o "$msys" = "true" ] ; then
+    APP_HOME=`cygpath --path --mixed "$APP_HOME"`
+    CLASSPATH=`cygpath --path --mixed "$CLASSPATH"`
+    
+    JAVACMD=`cygpath --unix "$JAVACMD"`
+
+    # We build the pattern for arguments to be converted via cygpath
+    ROOTDIRSRAW=`find -L / -maxdepth 1 -mindepth 1 -type d 2>/dev/null`
+    SEP=""
+    for dir in $ROOTDIRSRAW ; do
+        ROOTDIRS="$ROOTDIRS$SEP$dir"
+        SEP="|"
+    done
+    OURCYGPATTERN="(^($ROOTDIRS))"
+    # Add a user-defined pattern to the cygpath arguments
+    if [ "$GRADLE_CYGPATTERN" != "" ] ; then
+        OURCYGPATTERN="$OURCYGPATTERN|($GRADLE_CYGPATTERN)"
+    fi
+    # Now convert the arguments - kludge to limit ourselves to /bin/sh
+    i=0
+    for arg in "$@" ; do
+        CHECK=`echo "$arg"|egrep -c "$OURCYGPATTERN" -`
+        CHECK2=`echo "$arg"|egrep -c "^-"`                                 ### Determine if an option
+
+        if [ $CHECK -ne 0 ] && [ $CHECK2 -eq 0 ] ; then                    ### Added a condition
+            eval `echo args$i`=`cygpath --path --ignore --mixed "$arg"`
+        else
+            eval `echo args$i`="\"$arg\""
+        fi
+        i=`expr $i + 1`
+    done
+    case $i in
+        0) set -- ;;
+        1) set -- "$args0" ;;
+        2) set -- "$args0" "$args1" ;;
+        3) set -- "$args0" "$args1" "$args2" ;;
+        4) set -- "$args0" "$args1" "$args2" "$args3" ;;
+        5) set -- "$args0" "$args1" "$args2" "$args3" "$args4" ;;
+        6) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" ;;
+        7) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" ;;
+        8) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" ;;
+        9) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" "$args8" ;;
+    esac
+fi
+
+# Escape application args
+save () {
+    for i do printf %s\\n "$i" | sed "s/'/'\\\\''/g;1s/^/'/;\$s/\$/' \\\\/" ; done
+    echo " "
+}
+APP_ARGS=`save "$@"`
+
+# Collect all arguments for the java command, following the shell quoting and substitution rules
+eval set -- $DEFAULT_JVM_OPTS $JAVA_OPTS $GRADLE_OPTS "\"-Dorg.gradle.appname=$APP_BASE_NAME\"" -classpath "\"$CLASSPATH\"" org.gradle.wrapper.GradleWrapperMain "$APP_ARGS"
+
+exec "$JAVACMD" "$@"
diff --git a/community/detectors/strapi_cve_2023_22893/gradlew.bat b/community/detectors/strapi_cve_2023_22893/gradlew.bat
new file mode 100644
index 000000000..5093609d5
--- /dev/null
+++ b/community/detectors/strapi_cve_2023_22893/gradlew.bat
@@ -0,0 +1,104 @@
+@rem
+@rem Copyright 2015 the original author or authors.
+@rem
+@rem Licensed under the Apache License, Version 2.0 (the "License");
+@rem you may not use this file except in compliance with the License.
+@rem You may obtain a copy of the License at
+@rem
+@rem      https://www.apache.org/licenses/LICENSE-2.0
+@rem
+@rem Unless required by applicable law or agreed to in writing, software
+@rem distributed under the License is distributed on an "AS IS" BASIS,
+@rem WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+@rem See the License for the specific language governing permissions and
+@rem limitations under the License.
+@rem
+
+@if "%DEBUG%" == "" @echo off
+@rem ##########################################################################
+@rem
+@rem  Gradle startup script for Windows
+@rem
+@rem ##########################################################################
+
+@rem Set local scope for the variables with windows NT shell
+if "%OS%"=="Windows_NT" setlocal
+
+set DIRNAME=%~dp0
+if "%DIRNAME%" == "" set DIRNAME=.
+set APP_BASE_NAME=%~n0
+set APP_HOME=%DIRNAME%
+
+@rem Resolve any "." and ".." in APP_HOME to make it shorter.
+for %%i in ("%APP_HOME%") do set APP_HOME=%%~fi
+
+@rem Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script.
+set DEFAULT_JVM_OPTS="-Xmx64m" "-Xms64m"
+
+@rem Find java.exe
+if defined JAVA_HOME goto findJavaFromJavaHome
+
+set JAVA_EXE=java.exe
+%JAVA_EXE% -version >NUL 2>&1
+if "%ERRORLEVEL%" == "0" goto init
+
+echo.
+echo ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
+echo.
+echo Please set the JAVA_HOME variable in your environment to match the
+echo location of your Java installation.
+
+goto fail
+
+:findJavaFromJavaHome
+set JAVA_HOME=%JAVA_HOME:"=%
+set JAVA_EXE=%JAVA_HOME%/bin/java.exe
+
+if exist "%JAVA_EXE%" goto init
+
+echo.
+echo ERROR: JAVA_HOME is set to an invalid directory: %JAVA_HOME%
+echo.
+echo Please set the JAVA_HOME variable in your environment to match the
+echo location of your Java installation.
+
+goto fail
+
+:init
+@rem Get command-line arguments, handling Windows variants
+
+if not "%OS%" == "Windows_NT" goto win9xME_args
+
+:win9xME_args
+@rem Slurp the command line arguments.
+set CMD_LINE_ARGS=
+set _SKIP=2
+
+:win9xME_args_slurp
+if "x%~1" == "x" goto execute
+
+set CMD_LINE_ARGS=%*
+
+:execute
+@rem Setup the command line
+
+set CLASSPATH=%APP_HOME%\gradle\wrapper\gradle-wrapper.jar
+
+
+@rem Execute Gradle
+"%JAVA_EXE%" %DEFAULT_JVM_OPTS% %JAVA_OPTS% %GRADLE_OPTS% "-Dorg.gradle.appname=%APP_BASE_NAME%" -classpath "%CLASSPATH%" org.gradle.wrapper.GradleWrapperMain %CMD_LINE_ARGS%
+
+:end
+@rem End local scope for the variables with windows NT shell
+if "%ERRORLEVEL%"=="0" goto mainEnd
+
+:fail
+rem Set variable GRADLE_EXIT_CONSOLE if you need the _script_ return code instead of
+rem the _cmd.exe /c_ return code!
+if  not "" == "%GRADLE_EXIT_CONSOLE%" exit 1
+exit /b 1
+
+:mainEnd
+if "%OS%"=="Windows_NT" endlocal
+
+:omega
diff --git a/community/detectors/strapi_cve_2023_22893/settings.gradle b/community/detectors/strapi_cve_2023_22893/settings.gradle
new file mode 100644
index 000000000..a46035b3d
--- /dev/null
+++ b/community/detectors/strapi_cve_2023_22893/settings.gradle
@@ -0,0 +1,2 @@
+rootProject.name = 'CVE-2023-22893'
+
diff --git a/community/detectors/strapi_cve_2023_22893/src/main/java/com/google/tsunami/plugins/detectors/cves/cve202322893/Cve202322893DetectorBootstrapModule.java b/community/detectors/strapi_cve_2023_22893/src/main/java/com/google/tsunami/plugins/detectors/cves/cve202322893/Cve202322893DetectorBootstrapModule.java
new file mode 100644
index 000000000..612460000
--- /dev/null
+++ b/community/detectors/strapi_cve_2023_22893/src/main/java/com/google/tsunami/plugins/detectors/cves/cve202322893/Cve202322893DetectorBootstrapModule.java
@@ -0,0 +1,29 @@
+/*
+ * Copyright 2022 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.google.tsunami.plugins.detectors.cves.cve202322893;
+
+import com.google.tsunami.plugin.PluginBootstrapModule;
+
+/**
+ * An CVE-2019-20933 Guice module that bootstraps the {@link Cve202322893VulnDetector}.
+ */
+public final class Cve202322893DetectorBootstrapModule extends PluginBootstrapModule {
+
+  @Override
+  protected void configurePlugin() {
+    registerPlugin(Cve202322893VulnDetector.class);
+  }
+}
diff --git a/community/detectors/strapi_cve_2023_22893/src/main/java/com/google/tsunami/plugins/detectors/cves/cve202322893/Cve202322893VulnDetector.java b/community/detectors/strapi_cve_2023_22893/src/main/java/com/google/tsunami/plugins/detectors/cves/cve202322893/Cve202322893VulnDetector.java
new file mode 100644
index 000000000..7dd670db4
--- /dev/null
+++ b/community/detectors/strapi_cve_2023_22893/src/main/java/com/google/tsunami/plugins/detectors/cves/cve202322893/Cve202322893VulnDetector.java
@@ -0,0 +1,184 @@
+/*
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.google.tsunami.plugins.detectors.cves.cve202322893;
+
+import static com.google.common.base.Preconditions.checkNotNull;
+import static com.google.common.collect.ImmutableList.toImmutableList;
+import static com.google.common.net.HttpHeaders.ACCEPT_LANGUAGE;
+import static com.google.common.net.HttpHeaders.UPGRADE_INSECURE_REQUESTS;
+import static com.google.tsunami.common.data.NetworkEndpointUtils.toUriAuthority;
+import static com.google.tsunami.common.net.http.HttpRequest.get;
+
+import com.google.common.annotations.VisibleForTesting;
+import com.google.common.collect.ImmutableList;
+import com.google.common.flogger.GoogleLogger;
+import com.google.gson.JsonObject;
+import com.google.protobuf.util.Timestamps;
+import com.google.tsunami.common.data.NetworkServiceUtils;
+import com.google.tsunami.common.net.http.HttpClient;
+import com.google.tsunami.common.net.http.HttpHeaders;
+import com.google.tsunami.common.net.http.HttpResponse;
+import com.google.tsunami.common.net.http.HttpStatus;
+import com.google.tsunami.common.time.UtcClock;
+import com.google.tsunami.plugin.PluginType;
+import com.google.tsunami.plugin.VulnDetector;
+import com.google.tsunami.plugin.annotations.PluginInfo;
+import com.google.tsunami.proto.AdditionalDetail;
+import com.google.tsunami.proto.DetectionReport;
+import com.google.tsunami.proto.DetectionReportList;
+import com.google.tsunami.proto.DetectionStatus;
+import com.google.tsunami.proto.NetworkService;
+import com.google.tsunami.proto.Severity;
+import com.google.tsunami.proto.TargetInfo;
+import com.google.tsunami.proto.TextData;
+import com.google.tsunami.proto.Vulnerability;
+import com.google.tsunami.proto.VulnerabilityId;
+import java.io.IOException;
+import java.time.Clock;
+import java.time.Instant;
+import javax.inject.Inject;
+
+/**
+ * A {@link VulnDetector} that detects the CVE-2023-22893 & missing auth vulnerability in InfluxDB.
+ */
+@PluginInfo(
+    type = PluginType.VULN_DETECTION,
+    name = "Cve202322893VulnDetector",
+    version = "0.1",
+    description =
+        "CVE-2019-20933: InfluxDB before 1.7.6 has an authentication bypass vulnerability because a"
+            + " JWT token may have an empty SharedSecret (aka shared secret). Missing auth:"
+            + " authentication is not enabled for InfluxDB",
+    author = "Secureness",
+    bootstrapModule = Cve202322893DetectorBootstrapModule.class)
+public final class Cve202322893VulnDetector implements VulnDetector {
+
+  private static final GoogleLogger logger = GoogleLogger.forEnclosingClass();
+
+  @VisibleForTesting
+  static final String VULNERABLE_REQUEST_PATH =
+      "api/auth/cognito/callback?access_token=something&id_token=eyJ0eXAiOiJKV1QiLCJhbGciOiJub25lIn0.eyJjb2duaXRvOnVzZXJuYW1lIjoiYXV0aC1ieXBhc3MtZXhhbXBsZSIsImVtYWlsIjoibm90ZXhpc3RzQG5vdGV4aXN0LmNvbSJ9.";
+
+  @VisibleForTesting static final int DETECTION_STRING_BY_STATUS = HttpStatus.OK.code();
+  private final HttpClient httpClient;
+
+  private final Clock utcClock;
+
+  @Inject
+  Cve202322893VulnDetector(@UtcClock Clock utcClock, HttpClient httpClient) {
+    this.httpClient = checkNotNull(httpClient);
+    this.utcClock = checkNotNull(utcClock);
+  }
+
+  private static StringBuilder buildTarget(NetworkService networkService) {
+    StringBuilder targetUrlBuilder = new StringBuilder();
+    if (NetworkServiceUtils.isWebService(networkService)) {
+      targetUrlBuilder.append(NetworkServiceUtils.buildWebApplicationRootUrl(networkService));
+    } else {
+      targetUrlBuilder
+          .append("http://")
+          .append(toUriAuthority(networkService.getNetworkEndpoint()))
+          .append("/");
+    }
+    return targetUrlBuilder;
+  }
+
+  @Override
+  public DetectionReportList detect(
+      TargetInfo targetInfo, ImmutableList<NetworkService> matchedServices) {
+    logger.atInfo().log("CVE-2023-22893 starts detecting.");
+    return DetectionReportList.newBuilder()
+        .addAllDetectionReports(
+            matchedServices.stream()
+                .filter(NetworkServiceUtils::isWebService)
+                .filter(this::isServiceVulnerable)
+                .map(networkService -> buildDetectionReport(targetInfo, networkService))
+                .collect(toImmutableList()))
+        .build();
+  }
+
+  private boolean isServiceVulnerable(NetworkService networkService) {
+    HttpHeaders httpHeaders =
+        HttpHeaders.builder()
+            .addHeader(UPGRADE_INSECURE_REQUESTS, "1")
+            .addHeader(ACCEPT_LANGUAGE, "en-US,en;q=0.5")
+            .build();
+    String targetUrl = buildTarget(networkService).append(VULNERABLE_REQUEST_PATH).toString();
+    try {
+      HttpResponse httpResponse =
+          httpClient.send(get(targetUrl).setHeaders(httpHeaders).build(), networkService);
+      // Sample successful exploitation response
+      //
+      // {"jwt":"a jwt
+      // token","user":{"id":2,"username":"auth-bypass-example","email":"notexists@notexist.com"
+      // ,"provider":"cognito","confirmed":true,"blocked":false,"createdAt":"2023-04-28T06:56:20.344Z"
+      // ,"updatedAt":"2023-04-28T06:56:20.344Z"}}
+
+      // Sample unsuccessful exploitation response
+      //
+      // {"data":null,"error":{"status":400,"name":"ApplicationError","message":"Invalid
+      // URL","details":{}}}
+      // if no cognito authentication available
+      //
+      // {"data":null,"error":{"status":400,"name":"ApplicationError","message":"This provider is
+      // disabled","details":{}}}
+      if (httpResponse.status().code() != DETECTION_STRING_BY_STATUS
+          || httpResponse.bodyJson().isEmpty()) {
+        return false;
+      }
+
+      JsonObject jsonResponse = (JsonObject) httpResponse.bodyJson().get();
+      if (jsonResponse.keySet().contains("user") && jsonResponse.keySet().contains("jwt")) {
+        return true;
+      }
+    } catch (IOException | AssertionError e) {
+      logger.atWarning().withCause(e).log("Request to target %s failed", networkService);
+      return false;
+    }
+    return false;
+  }
+
+  private DetectionReport buildDetectionReport(
+      TargetInfo targetInfo, NetworkService vulnerableNetworkService) {
+    return DetectionReport.newBuilder()
+        .setTargetInfo(targetInfo)
+        .setNetworkService(vulnerableNetworkService)
+        .setDetectionTimestamp(Timestamps.fromMillis(Instant.now(utcClock).toEpochMilli()))
+        .setDetectionStatus(DetectionStatus.VULNERABILITY_VERIFIED)
+        .setVulnerability(
+            Vulnerability.newBuilder()
+                .setMainId(
+                    VulnerabilityId.newBuilder()
+                        .setPublisher("TSUNAMI_COMMUNITY")
+                        .setValue("CVE_2023_22893"))
+                .setSeverity(Severity.CRITICAL)
+                .setTitle("Authentication Bypass for AWS Cognito Login Provider")
+                .setDescription(
+                    "Strapi through 4.5.5 does not verify the access or ID tokens issued during the OAuth flow "
+                        + "when the AWS Cognito login provider is used for authentication. ")
+                .setRecommendation("Upgrade to higher versions")
+                .addAdditionalDetails(
+                    AdditionalDetail.newBuilder()
+                        .setTextData(
+                            TextData.newBuilder()
+                                .setText(
+                                    "A remote attacker could forge an ID token that is signed using the 'None' type algorithm "
+                                        + "to bypass authentication and impersonate any user that use AWS Cognito for authentication."
+                                        + " with the help of CVE-2023-22621 and CVE-2023-22894 attackers can gain "
+                                        + "Unauthenticated Remote Code Execution on this version of Strapi"))))
+        .build();
+  }
+}
diff --git a/community/detectors/strapi_cve_2023_22893/src/test/java/com/google/tsunami/plugins/detectors/cves/cve202322893/Cve202322893VulnDetectorTest.java b/community/detectors/strapi_cve_2023_22893/src/test/java/com/google/tsunami/plugins/detectors/cves/cve202322893/Cve202322893VulnDetectorTest.java
new file mode 100644
index 000000000..ffc0053c0
--- /dev/null
+++ b/community/detectors/strapi_cve_2023_22893/src/test/java/com/google/tsunami/plugins/detectors/cves/cve202322893/Cve202322893VulnDetectorTest.java
@@ -0,0 +1,153 @@
+/*
+ * Copyright 2022 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.google.tsunami.plugins.detectors.cves.cve202322893;
+
+import static com.google.common.net.HttpHeaders.CONTENT_TYPE;
+import static com.google.common.truth.extensions.proto.ProtoTruth.assertThat;
+import static com.google.tsunami.common.data.NetworkEndpointUtils.forHostnameAndPort;
+import static com.google.tsunami.plugins.detectors.cves.cve202322893.Cve202322893VulnDetector.DETECTION_STRING_BY_STATUS;
+
+import com.google.common.collect.ImmutableList;
+import com.google.common.net.MediaType;
+import com.google.inject.Guice;
+import com.google.protobuf.util.Timestamps;
+import com.google.tsunami.common.net.http.HttpClientModule;
+import com.google.tsunami.common.time.testing.FakeUtcClock;
+import com.google.tsunami.common.time.testing.FakeUtcClockModule;
+import com.google.tsunami.proto.AdditionalDetail;
+import com.google.tsunami.proto.DetectionReport;
+import com.google.tsunami.proto.DetectionReportList;
+import com.google.tsunami.proto.DetectionStatus;
+import com.google.tsunami.proto.NetworkService;
+import com.google.tsunami.proto.Severity;
+import com.google.tsunami.proto.Software;
+import com.google.tsunami.proto.TargetInfo;
+import com.google.tsunami.proto.TextData;
+import com.google.tsunami.proto.TransportProtocol;
+import com.google.tsunami.proto.Vulnerability;
+import com.google.tsunami.proto.VulnerabilityId;
+import java.io.IOException;
+import java.time.Instant;
+import javax.inject.Inject;
+import okhttp3.mockwebserver.MockResponse;
+import okhttp3.mockwebserver.MockWebServer;
+import org.junit.After;
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.junit.runners.JUnit4;
+
+/** Unit tests for {@link Cve202322893VulnDetector}. */
+@RunWith(JUnit4.class)
+public final class Cve202322893VulnDetectorTest {
+
+  private final FakeUtcClock fakeUtcClock =
+      FakeUtcClock.create().setNow(Instant.parse("2023-01-01T00:00:00.00Z"));
+
+  @Inject private Cve202322893VulnDetector detector;
+
+  private final MockWebServer mockWebServer = new MockWebServer();
+  private NetworkService strapiService;
+  private TargetInfo targetInfo;
+
+  @Before
+  public void setUp() throws IOException {
+    mockWebServer.start();
+    mockWebServer.url("/");
+    Guice.createInjector(
+            new FakeUtcClockModule(fakeUtcClock),
+            new HttpClientModule.Builder().build(),
+            new Cve202322893DetectorBootstrapModule())
+        .injectMembers(this);
+
+    strapiService =
+        NetworkService.newBuilder()
+            .setNetworkEndpoint(
+                forHostnameAndPort(mockWebServer.getHostName(), mockWebServer.getPort()))
+            .setTransportProtocol(TransportProtocol.TCP)
+            .setSoftware(Software.newBuilder().setName("strapi"))
+            .setServiceName("http")
+            .build();
+
+    targetInfo =
+        TargetInfo.newBuilder()
+            .addNetworkEndpoints(
+                forHostnameAndPort(mockWebServer.getHostName(), mockWebServer.getPort()))
+            .build();
+  }
+
+  @After
+  public void tearDown() throws IOException {
+    mockWebServer.shutdown();
+  }
+
+  @Test
+  public void detectWhenVulnerable() {
+    MockResponse response =
+        new MockResponse()
+            .setBody(
+                "{\"jwt\":\"a jwt\n"
+                    + "token\",\"user\":{\"id\":2,\"username\":\"auth-bypass-example\",\"email\":\"notexists@notexist.com\",\"provider\":\"cognito\",\"confirmed\":true,\"blocked\":false,\"createdAt\":\"2023-04-28T06:56:20.344Z\",\"updatedAt\":\"2023-04-28T06:56:20.344Z\"}}")
+            .setResponseCode(DETECTION_STRING_BY_STATUS)
+            .setHeader(CONTENT_TYPE, MediaType.JSON_UTF_8.toString());
+    mockWebServer.enqueue(response);
+
+    DetectionReport actual =
+        detector.detect(targetInfo, ImmutableList.of(strapiService)).getDetectionReports(0);
+
+    DetectionReport expected =
+        DetectionReport.newBuilder()
+            .setTargetInfo(targetInfo)
+            .setNetworkService(strapiService)
+            .setDetectionTimestamp(Timestamps.fromMillis(Instant.now(fakeUtcClock).toEpochMilli()))
+            .setDetectionStatus(DetectionStatus.VULNERABILITY_VERIFIED)
+            .setVulnerability(
+                Vulnerability.newBuilder()
+                    .setMainId(
+                        VulnerabilityId.newBuilder()
+                            .setPublisher("TSUNAMI_COMMUNITY")
+                            .setValue("CVE_2023_22893"))
+                    .setSeverity(Severity.CRITICAL)
+                    .setTitle("Authentication Bypass for AWS Cognito Login Provider")
+                    .setDescription(
+                        "Strapi through 4.5.5 does not verify the access or ID tokens issued during the OAuth flow "
+                            + "when the AWS Cognito login provider is used for authentication. ")
+                    .setRecommendation("Upgrade to higher versions")
+                    .addAdditionalDetails(
+                        AdditionalDetail.newBuilder()
+                            .setTextData(
+                                TextData.newBuilder()
+                                    .setText(
+                                        "A remote attacker could forge an ID token that is signed using the 'None' type algorithm "
+                                            + "to bypass authentication and impersonate any user that use AWS Cognito for authentication."
+                                            + " with the help of CVE-2023-22621 and CVE-2023-22894 attackers can gain "
+                                            + "Unauthenticated Remote Code Execution on this version of Strapi"))))
+            .build();
+    assertThat(actual).isEqualTo(expected);
+  }
+
+  @Test
+  public void detectWhenNotVulnerableReturnsNoVulnerability() {
+    mockWebServer.url("/notexistpath123321");
+    MockResponse response =
+        new MockResponse().setBody("NotExistDetectionString").setResponseCode(400);
+    mockWebServer.enqueue(response);
+
+    DetectionReportList findings = detector.detect(targetInfo, ImmutableList.of(strapiService));
+
+    assert (findings.getDetectionReportsList().isEmpty());
+  }
+}

From 248e5bf97e0320cff334502d8f2583d9801dae7b Mon Sep 17 00:00:00 2001
From: secureness <nosecureness@gmail.com>
Date: Sun, 30 Apr 2023 15:16:15 +0200
Subject: [PATCH 02/20] fix README.md

---
 .../detectors/strapi_cve_2023_22893/README.md | 23 ++++---------------
 .../Cve202322893VulnDetectorTest.java         |  2 +-
 2 files changed, 5 insertions(+), 20 deletions(-)

diff --git a/community/detectors/strapi_cve_2023_22893/README.md b/community/detectors/strapi_cve_2023_22893/README.md
index e3eb6510f..9cc64e2d2 100644
--- a/community/detectors/strapi_cve_2023_22893/README.md
+++ b/community/detectors/strapi_cve_2023_22893/README.md
@@ -1,24 +1,9 @@
-# CVE-2019-20933 VulnDetector
+# CVE-2023-22893 VulnDetector
 
-InfluxDB before 1.7.6 has an authentication bypass vulnerability in the authenticate function in
-services/httpd/handler.go because a JWT token may have an empty SharedSecret (aka shared secret).
+A remote attacker could forge an ID token that is signed using the 'None' type algorithm to bypass authentication and impersonate any user that use AWS Cognito for authentication. with the help of CVE-2023-22621 and CVE-2023-22894 attackers can gain Unauthenticated Remote Code Execution on these versions of Strapi.
 
-# Missing authentication in InfluxDB 1.x
-
-This plugin also checks for missing authentication in InfluxDB 1.x versions.
-
-The authentication doesn't enable by default in the influxDB generated config file
-to enable authentication you must:
-
-1. change  `auth-enabled = false` to `auth-enabled = true` in your influxDB config file that
-   initially can be generated by following command:
-   `docker run --rm influxdb:1.x influxd config > influxdb.conf`
-2. according to [documentation](https://github.com/docker-library/docs/blob/master/influxdb/README.md#influxdb_admin_user) you must set a value for `INFLUXDB_ADMIN_USER` environment variable (with `-e` switch) to enable authentication.
-
-InfluxDB version after 2 has a web setup instruction after first run, and you will be prompt to add username and password before start using InfluxDB.
-
-- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20933
-- https://github.com/docker-library/docs/blob/master/influxdb/README.md
+- https://www.ghostccamm.com/blog/multi_strapi_vulns
+- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22893
 
 ## Build jar file for this plugin
 
diff --git a/community/detectors/strapi_cve_2023_22893/src/test/java/com/google/tsunami/plugins/detectors/cves/cve202322893/Cve202322893VulnDetectorTest.java b/community/detectors/strapi_cve_2023_22893/src/test/java/com/google/tsunami/plugins/detectors/cves/cve202322893/Cve202322893VulnDetectorTest.java
index ffc0053c0..356f5808c 100644
--- a/community/detectors/strapi_cve_2023_22893/src/test/java/com/google/tsunami/plugins/detectors/cves/cve202322893/Cve202322893VulnDetectorTest.java
+++ b/community/detectors/strapi_cve_2023_22893/src/test/java/com/google/tsunami/plugins/detectors/cves/cve202322893/Cve202322893VulnDetectorTest.java
@@ -134,7 +134,7 @@ public void detectWhenVulnerable() {
                                         "A remote attacker could forge an ID token that is signed using the 'None' type algorithm "
                                             + "to bypass authentication and impersonate any user that use AWS Cognito for authentication."
                                             + " with the help of CVE-2023-22621 and CVE-2023-22894 attackers can gain "
-                                            + "Unauthenticated Remote Code Execution on this version of Strapi"))))
+                                            + "Unauthenticated Remote Code Execution on these versions of Strapi."))))
             .build();
     assertThat(actual).isEqualTo(expected);
   }

From 52abe12dce54f421a1aa81ee39d5d5445fbb6586 Mon Sep 17 00:00:00 2001
From: secureness <nosecureness@gmail.com>
Date: Sun, 30 Apr 2023 15:17:42 +0200
Subject: [PATCH 03/20] fix README.md

---
 community/detectors/strapi_cve_2023_22893/README.md | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/community/detectors/strapi_cve_2023_22893/README.md b/community/detectors/strapi_cve_2023_22893/README.md
index 9cc64e2d2..33a070b77 100644
--- a/community/detectors/strapi_cve_2023_22893/README.md
+++ b/community/detectors/strapi_cve_2023_22893/README.md
@@ -1,6 +1,8 @@
 # CVE-2023-22893 VulnDetector
 
-A remote attacker could forge an ID token that is signed using the 'None' type algorithm to bypass authentication and impersonate any user that use AWS Cognito for authentication. with the help of CVE-2023-22621 and CVE-2023-22894 attackers can gain Unauthenticated Remote Code Execution on these versions of Strapi.
+Strapi through 4.5.5 does not verify the access or ID tokens issued during the OAuth flow when the AWS Cognito login provider is used for authentication. 
+A remote attacker could forge an ID token that is signed using the 'None' type algorithm to bypass authentication and impersonate any user that use AWS Cognito for authentication. 
+with the help of CVE-2023-22621 and CVE-2023-22894 attackers can gain Unauthenticated Remote Code Execution on these versions of Strapi.
 
 - https://www.ghostccamm.com/blog/multi_strapi_vulns
 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22893

From 97ece1e77ba7f425a6ede6c5a2e767fc0528c6e0 Mon Sep 17 00:00:00 2001
From: secureness <nosecureness@gmail.com>
Date: Sun, 30 Apr 2023 17:44:06 +0200
Subject: [PATCH 04/20] fix test bug

---
 .../cves/cve202322893/Cve202322893VulnDetectorTest.java         | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/community/detectors/strapi_cve_2023_22893/src/test/java/com/google/tsunami/plugins/detectors/cves/cve202322893/Cve202322893VulnDetectorTest.java b/community/detectors/strapi_cve_2023_22893/src/test/java/com/google/tsunami/plugins/detectors/cves/cve202322893/Cve202322893VulnDetectorTest.java
index 356f5808c..ffc0053c0 100644
--- a/community/detectors/strapi_cve_2023_22893/src/test/java/com/google/tsunami/plugins/detectors/cves/cve202322893/Cve202322893VulnDetectorTest.java
+++ b/community/detectors/strapi_cve_2023_22893/src/test/java/com/google/tsunami/plugins/detectors/cves/cve202322893/Cve202322893VulnDetectorTest.java
@@ -134,7 +134,7 @@ public void detectWhenVulnerable() {
                                         "A remote attacker could forge an ID token that is signed using the 'None' type algorithm "
                                             + "to bypass authentication and impersonate any user that use AWS Cognito for authentication."
                                             + " with the help of CVE-2023-22621 and CVE-2023-22894 attackers can gain "
-                                            + "Unauthenticated Remote Code Execution on these versions of Strapi."))))
+                                            + "Unauthenticated Remote Code Execution on this version of Strapi"))))
             .build();
     assertThat(actual).isEqualTo(expected);
   }

From 89d71cb218c2fa659fab24d6cb582805dbd62d53 Mon Sep 17 00:00:00 2001
From: secureness <nosecureness@gmail.com>
Date: Mon, 1 May 2023 10:13:23 +0200
Subject: [PATCH 05/20] fix descriptions

---
 .../cves/cve202322893/Cve202322893VulnDetector.java   | 11 ++++-------
 1 file changed, 4 insertions(+), 7 deletions(-)

diff --git a/community/detectors/strapi_cve_2023_22893/src/main/java/com/google/tsunami/plugins/detectors/cves/cve202322893/Cve202322893VulnDetector.java b/community/detectors/strapi_cve_2023_22893/src/main/java/com/google/tsunami/plugins/detectors/cves/cve202322893/Cve202322893VulnDetector.java
index 7dd670db4..d38dbf41f 100644
--- a/community/detectors/strapi_cve_2023_22893/src/main/java/com/google/tsunami/plugins/detectors/cves/cve202322893/Cve202322893VulnDetector.java
+++ b/community/detectors/strapi_cve_2023_22893/src/main/java/com/google/tsunami/plugins/detectors/cves/cve202322893/Cve202322893VulnDetector.java
@@ -51,17 +51,14 @@
 import java.time.Instant;
 import javax.inject.Inject;
 
-/**
- * A {@link VulnDetector} that detects the CVE-2023-22893 & missing auth vulnerability in InfluxDB.
- */
+/** A {@link VulnDetector} that detects the CVE-2023-22893. */
 @PluginInfo(
     type = PluginType.VULN_DETECTION,
     name = "Cve202322893VulnDetector",
     version = "0.1",
     description =
-        "CVE-2019-20933: InfluxDB before 1.7.6 has an authentication bypass vulnerability because a"
-            + " JWT token may have an empty SharedSecret (aka shared secret). Missing auth:"
-            + " authentication is not enabled for InfluxDB",
+        "CVE-2023-22893: Strapi through 4.5.5 does not verify the access or ID tokens issued during the OAuth flow "
+            + "when the AWS Cognito login provider is used for authentication.",
     author = "Secureness",
     bootstrapModule = Cve202322893DetectorBootstrapModule.class)
 public final class Cve202322893VulnDetector implements VulnDetector {
@@ -168,7 +165,7 @@ private DetectionReport buildDetectionReport(
                 .setTitle("Authentication Bypass for AWS Cognito Login Provider")
                 .setDescription(
                     "Strapi through 4.5.5 does not verify the access or ID tokens issued during the OAuth flow "
-                        + "when the AWS Cognito login provider is used for authentication. ")
+                        + "when the AWS Cognito login provider is used for authentication.")
                 .setRecommendation("Upgrade to higher versions")
                 .addAdditionalDetails(
                     AdditionalDetail.newBuilder()

From 48989f1a7ade89150c179a9e1e197b0842a66eea Mon Sep 17 00:00:00 2001
From: secureness <nosecureness@gmail.com>
Date: Mon, 1 May 2023 10:21:06 +0200
Subject: [PATCH 06/20] fix test descriptions too.

---
 .../cves/cve202322893/Cve202322893VulnDetectorTest.java         | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/community/detectors/strapi_cve_2023_22893/src/test/java/com/google/tsunami/plugins/detectors/cves/cve202322893/Cve202322893VulnDetectorTest.java b/community/detectors/strapi_cve_2023_22893/src/test/java/com/google/tsunami/plugins/detectors/cves/cve202322893/Cve202322893VulnDetectorTest.java
index ffc0053c0..b0f900705 100644
--- a/community/detectors/strapi_cve_2023_22893/src/test/java/com/google/tsunami/plugins/detectors/cves/cve202322893/Cve202322893VulnDetectorTest.java
+++ b/community/detectors/strapi_cve_2023_22893/src/test/java/com/google/tsunami/plugins/detectors/cves/cve202322893/Cve202322893VulnDetectorTest.java
@@ -124,7 +124,7 @@ public void detectWhenVulnerable() {
                     .setTitle("Authentication Bypass for AWS Cognito Login Provider")
                     .setDescription(
                         "Strapi through 4.5.5 does not verify the access or ID tokens issued during the OAuth flow "
-                            + "when the AWS Cognito login provider is used for authentication. ")
+                            + "when the AWS Cognito login provider is used for authentication.")
                     .setRecommendation("Upgrade to higher versions")
                     .addAdditionalDetails(
                         AdditionalDetail.newBuilder()

From 1b1c350470812244441f81198fd39ca0ec47c360 Mon Sep 17 00:00:00 2001
From: tooryx <1128705+tooryx@users.noreply.github.com>
Date: Thu, 4 Jan 2024 13:58:14 +0100
Subject: [PATCH 07/20] Update build.gradle

Bump the version of tsunami core to the latest
---
 community/detectors/strapi_cve_2023_22893/build.gradle | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/community/detectors/strapi_cve_2023_22893/build.gradle b/community/detectors/strapi_cve_2023_22893/build.gradle
index ccf566341..a3416c4dc 100644
--- a/community/detectors/strapi_cve_2023_22893/build.gradle
+++ b/community/detectors/strapi_cve_2023_22893/build.gradle
@@ -47,7 +47,7 @@ java {
 }
 
 ext {
-    tsunamiVersion = '0.0.14'
+    tsunamiVersion = 'latest.release'
     junitVersion = '4.13'
     mockitoVersion = '2.28.2'
     truthVersion = '1.0.1'

From 1c17e9a43ade9deece3041b6ab4e138d6a0c73c0 Mon Sep 17 00:00:00 2001
From: leonardo <leonardo@doyensec.com>
Date: Fri, 22 Dec 2023 16:55:27 +0100
Subject: [PATCH 08/20] Created RabbitMQ Management Portal Weak Credentials
 Plugin

---
 ...WeakCredentialDetectorBootstrapModule.java |   2 +
 .../rabbitmq/RabbitMQCredentialTester.java    | 208 ++++++++++++++++++
 .../service_default_credentials.textproto     |   5 +
 .../RabbitMQCredentialTesterTest.java         | 164 ++++++++++++++
 .../testdata/successfulAuthdResponse.json     |   1 +
 5 files changed, 380 insertions(+)
 create mode 100644 google/detectors/credentials/generic_weak_credential_detector/src/main/java/com/google/tsunami/plugins/detectors/credentials/genericweakcredentialdetector/testers/rabbitmq/RabbitMQCredentialTester.java
 create mode 100644 google/detectors/credentials/generic_weak_credential_detector/src/test/java/com/google/tsunami/plugins/detectors/credentials/genericweakcredentialdetector/testers/rabbitmq/RabbitMQCredentialTesterTest.java
 create mode 100644 google/detectors/credentials/generic_weak_credential_detector/src/test/resources/com/google/tsunami/plugins/detectors/credentials/genericweakcredentialdetector/testers/rabbitmq/testdata/successfulAuthdResponse.json

diff --git a/google/detectors/credentials/generic_weak_credential_detector/src/main/java/com/google/tsunami/plugins/detectors/credentials/genericweakcredentialdetector/GenericWeakCredentialDetectorBootstrapModule.java b/google/detectors/credentials/generic_weak_credential_detector/src/main/java/com/google/tsunami/plugins/detectors/credentials/genericweakcredentialdetector/GenericWeakCredentialDetectorBootstrapModule.java
index 0106a9c49..6faa91091 100644
--- a/google/detectors/credentials/generic_weak_credential_detector/src/main/java/com/google/tsunami/plugins/detectors/credentials/genericweakcredentialdetector/GenericWeakCredentialDetectorBootstrapModule.java
+++ b/google/detectors/credentials/generic_weak_credential_detector/src/main/java/com/google/tsunami/plugins/detectors/credentials/genericweakcredentialdetector/GenericWeakCredentialDetectorBootstrapModule.java
@@ -38,6 +38,7 @@
 import com.google.tsunami.plugins.detectors.credentials.genericweakcredentialdetector.tester.CredentialTester;
 import com.google.tsunami.plugins.detectors.credentials.genericweakcredentialdetector.testers.grafana.GrafanaCredentialTester;
 import com.google.tsunami.plugins.detectors.credentials.genericweakcredentialdetector.testers.hydra.HydraCredentialTester;
+import com.google.tsunami.plugins.detectors.credentials.genericweakcredentialdetector.testers.rabbitmq.RabbitMQCredentialTester;
 import com.google.tsunami.plugins.detectors.credentials.genericweakcredentialdetector.testers.jenkins.JenkinsCredentialTester;
 import com.google.tsunami.plugins.detectors.credentials.genericweakcredentialdetector.testers.mysql.MysqlCredentialTester;
 import com.google.tsunami.plugins.detectors.credentials.genericweakcredentialdetector.testers.ncrack.NcrackCredentialTester;
@@ -69,6 +70,7 @@ protected void configurePlugin() {
     credentialTesterBinder.addBinding().to(PostgresCredentialTester.class);
     credentialTesterBinder.addBinding().to(WordpressCredentialTester.class);
     credentialTesterBinder.addBinding().to(GrafanaCredentialTester.class);
+    credentialTesterBinder.addBinding().to(RabbitMQCredentialTester.class);
 
     Multibinder<CredentialProvider> credentialProviderBinder =
         Multibinder.newSetBinder(binder(), CredentialProvider.class);
diff --git a/google/detectors/credentials/generic_weak_credential_detector/src/main/java/com/google/tsunami/plugins/detectors/credentials/genericweakcredentialdetector/testers/rabbitmq/RabbitMQCredentialTester.java b/google/detectors/credentials/generic_weak_credential_detector/src/main/java/com/google/tsunami/plugins/detectors/credentials/genericweakcredentialdetector/testers/rabbitmq/RabbitMQCredentialTester.java
new file mode 100644
index 000000000..5351db8e6
--- /dev/null
+++ b/google/detectors/credentials/generic_weak_credential_detector/src/main/java/com/google/tsunami/plugins/detectors/credentials/genericweakcredentialdetector/testers/rabbitmq/RabbitMQCredentialTester.java
@@ -0,0 +1,208 @@
+/*
+ * Copyright 2023 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.google.tsunami.plugins.detectors.credentials.genericweakcredentialdetector.testers.rabbitmq;
+
+import static com.google.common.base.Preconditions.checkNotNull;
+import static com.google.common.collect.ImmutableList.toImmutableList;
+import static com.google.tsunami.common.net.http.HttpRequest.get;
+import static java.nio.charset.StandardCharsets.UTF_8;
+
+import com.google.common.collect.ImmutableList;
+import com.google.common.flogger.GoogleLogger;
+import com.google.gson.JsonObject;
+import com.google.gson.JsonParser;
+import com.google.tsunami.common.data.NetworkEndpointUtils;
+import com.google.tsunami.common.data.NetworkServiceUtils;
+import com.google.tsunami.common.net.http.HttpClient;
+import com.google.tsunami.common.net.http.HttpHeaders;
+import com.google.tsunami.common.net.http.HttpResponse;
+import com.google.tsunami.plugins.detectors.credentials.genericweakcredentialdetector.provider.TestCredential;
+import com.google.tsunami.plugins.detectors.credentials.genericweakcredentialdetector.tester.CredentialTester;
+import com.google.tsunami.proto.NetworkService;
+import java.io.IOException;
+import java.util.Base64;
+import java.util.List;
+import javax.inject.Inject;
+import org.jsoup.Jsoup;
+import org.jsoup.nodes.Document;
+
+/** Credential tester for RabbitMQ Management Portal. */
+public final class RabbitMQCredentialTester extends CredentialTester {
+  private static final GoogleLogger logger = GoogleLogger.forEnclosingClass();
+  private final HttpClient httpClient;
+
+  private static final String RABBITMQ_SERVICE = "rabbitmq";
+  private static final String RABBITMQ_PAGE_TITLE = "RabbitMQ Management";
+  private static final String RABBITMQ_SERVER_HEADER = "Cowboy";
+  private static final String RABBITMQ_WWW_HEADER = "Basic realm=\"RabbitMQ Management\"";
+
+  @Inject
+  RabbitMQCredentialTester(HttpClient httpClient) {
+    this.httpClient = checkNotNull(httpClient);
+  }
+
+  @Override
+  public String name() {
+    return "RabbitMQCredentialTester";
+  }
+
+  @Override
+  public String description() {
+    return "RabbitMQ credential tester.";
+  }
+
+  private static String buildTargetUrl(NetworkService networkService, String path) {
+    StringBuilder targetUrlBuilder = new StringBuilder();
+
+    if (NetworkServiceUtils.isWebService(networkService)) {
+      targetUrlBuilder.append(NetworkServiceUtils.buildWebApplicationRootUrl(networkService));
+
+    } else {
+      // Default to HTTP protocol when the scanner cannot identify the actual service.
+      targetUrlBuilder
+          .append("http://")
+          .append(NetworkEndpointUtils.toUriAuthority(networkService.getNetworkEndpoint()))
+          .append("/");
+    }
+    targetUrlBuilder.append(path);
+    return targetUrlBuilder.toString();
+  }
+
+  // Checks if the response body contains the title element of rabbitmq management page.
+  // Custom fingerprint phase.
+  private static boolean bodyContainsRabbitMQElements(String responseBody) {
+    Document doc = Jsoup.parse(responseBody);
+    String title = doc.title();
+
+    if (title.contains(RABBITMQ_PAGE_TITLE)) {
+      logger.atInfo().log(
+          "Found RabbitMQ Management endpoint (RABBITMQ_PAGE_TITLE string present in the page)");
+      return true;
+    } else {
+      return false;
+    }
+  }
+
+  /**
+   * Determines if this tester can accept the {@link NetworkService} based on the name of the
+   * service or a custom fingerprint. The fingerprint is necessary since nmap doesn't recognize a
+   * rabbitmq management instance correctly.
+   *
+   * @param networkService the network service passed by tsunami
+   * @return true if a rabbitmq management instance is recognized
+   */
+  @Override
+  public boolean canAccept(NetworkService networkService) {
+    boolean canAcceptByNmapReport =
+        NetworkServiceUtils.getWebServiceName(networkService).equals(RABBITMQ_SERVICE);
+    if (canAcceptByNmapReport) {
+      return true;
+    }
+    boolean canAcceptByCustomFingerprint = false;
+
+    String url = buildTargetUrl(networkService, "");
+    try {
+      logger.atInfo().log("Probing RabbitMQ Management Portal - custom fingerprint phase");
+      HttpResponse response = httpClient.send(get(url).withEmptyHeaders().build());
+      canAcceptByCustomFingerprint =
+          response.status().isSuccess()
+              && response.headers().get("server").isPresent()
+              && response.headers().get("server").get().trim().equals(RABBITMQ_SERVER_HEADER)
+              && response
+                  .bodyString()
+                  .map(RabbitMQCredentialTester::bodyContainsRabbitMQElements)
+                  .orElse(false);
+      url = buildTargetUrl(networkService, "api/overview");
+      response = httpClient.send(get(url).withEmptyHeaders().build());
+      canAcceptByCustomFingerprint =
+          canAcceptByCustomFingerprint
+              && response.headers().get("www-authenticate").isPresent()
+              && response.headers().get("www-authenticate").get().equals(RABBITMQ_WWW_HEADER);
+    } catch (IOException e) {
+      logger.atWarning().withCause(e).log("Unable to query '%s'.", url);
+      return false;
+    }
+    return canAcceptByCustomFingerprint;
+  }
+
+  @Override
+  public ImmutableList<TestCredential> testValidCredentials(
+      NetworkService networkService, List<TestCredential> credentials) {
+
+    return credentials.stream()
+        .filter(cred -> isRabbitMQAccessible(networkService, cred))
+        .collect(toImmutableList());
+  }
+
+  private boolean isRabbitMQAccessible(NetworkService networkService, TestCredential credential) {
+    var url = buildTargetUrl(networkService, "api/whoami");
+    try {
+      logger.atInfo().log(
+          "url: %s, username: %s, password: %s",
+          url, credential.username(), credential.password().orElse(""));
+      HttpResponse response = sendRequestWithCredentials(url, credential);
+
+      return response.status().isSuccess()
+          && response
+              .bodyString()
+              .map(RabbitMQCredentialTester::bodyContainsSuccessfulLoginElements)
+              .orElse(false);
+    } catch (IOException e) {
+      logger.atWarning().withCause(e).log("Unable to query '%s'.", url);
+      return false;
+    }
+  }
+
+  private HttpResponse sendRequestWithCredentials(String url, TestCredential credential)
+      throws IOException {
+
+    var headers =
+        HttpHeaders.builder()
+            .addHeader(
+                "Authorization",
+                "Basic "
+                    + Base64.getEncoder()
+                        .encodeToString(
+                            (credential.username() + ":" + credential.password().orElse(""))
+                                .getBytes(UTF_8)))
+            .build();
+
+    return httpClient.send(get(url).setHeaders(headers).build());
+  }
+
+  /**
+   * A successful authenticated request to the /api/whoami endpoint 
+   * returns a JSON with at least the following keys:
+   * {"name":"username","tags":["roles"]}
+  */
+  private static boolean bodyContainsSuccessfulLoginElements(String responseBody) {
+    try {
+      JsonObject response = JsonParser.parseString(responseBody).getAsJsonObject();
+
+      if (response.has("name") && response.has("tags")) {
+        logger.atInfo().log("Successfully logged in to RabbitMQ Management Portal");
+        return true;
+      } else {
+        return false;
+      }
+    } catch (Exception e) {
+      logger.atWarning().withCause(e).log(
+          "An error occurred while parsing the json response: %s", responseBody);
+      return false;
+    }
+  }
+}
diff --git a/google/detectors/credentials/generic_weak_credential_detector/src/main/resources/detectors/credentials/genericweakcredentialdetector/data/service_default_credentials.textproto b/google/detectors/credentials/generic_weak_credential_detector/src/main/resources/detectors/credentials/genericweakcredentialdetector/data/service_default_credentials.textproto
index 9388d3748..35d38fddf 100644
--- a/google/detectors/credentials/generic_weak_credential_detector/src/main/resources/detectors/credentials/genericweakcredentialdetector/data/service_default_credentials.textproto
+++ b/google/detectors/credentials/generic_weak_credential_detector/src/main/resources/detectors/credentials/genericweakcredentialdetector/data/service_default_credentials.textproto
@@ -55,3 +55,8 @@ service_default_credentials {
   default_usernames: "admin"
   default_passwords: "admin"
 }
+service_default_credentials {
+  service_name: "rabbitmq"
+  default_usernames: "guest"
+  default_passwords: "guest"
+}
diff --git a/google/detectors/credentials/generic_weak_credential_detector/src/test/java/com/google/tsunami/plugins/detectors/credentials/genericweakcredentialdetector/testers/rabbitmq/RabbitMQCredentialTesterTest.java b/google/detectors/credentials/generic_weak_credential_detector/src/test/java/com/google/tsunami/plugins/detectors/credentials/genericweakcredentialdetector/testers/rabbitmq/RabbitMQCredentialTesterTest.java
new file mode 100644
index 000000000..ca1b9fbe8
--- /dev/null
+++ b/google/detectors/credentials/generic_weak_credential_detector/src/test/java/com/google/tsunami/plugins/detectors/credentials/genericweakcredentialdetector/testers/rabbitmq/RabbitMQCredentialTesterTest.java
@@ -0,0 +1,164 @@
+/*
+ * Copyright 2023 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.google.tsunami.plugins.detectors.credentials.genericweakcredentialdetector.testers.rabbitmq;
+
+import static com.google.common.base.Preconditions.checkNotNull;
+import static com.google.common.truth.Truth.assertThat;
+import static com.google.tsunami.common.data.NetworkEndpointUtils.forHostnameAndPort;
+import static java.nio.charset.StandardCharsets.UTF_8;
+
+import com.google.common.collect.ImmutableList;
+import com.google.common.io.BaseEncoding;
+import com.google.common.io.Resources;
+import com.google.inject.Guice;
+import com.google.tsunami.common.net.http.HttpClientModule;
+import com.google.tsunami.common.net.http.HttpStatus;
+import com.google.tsunami.plugins.detectors.credentials.genericweakcredentialdetector.provider.TestCredential;
+import com.google.tsunami.proto.NetworkService;
+import com.google.tsunami.proto.ServiceContext;
+import com.google.tsunami.proto.Software;
+import com.google.tsunami.proto.WebServiceContext;
+import java.io.IOException;
+import java.util.Optional;
+import javax.inject.Inject;
+import okhttp3.mockwebserver.Dispatcher;
+import okhttp3.mockwebserver.MockResponse;
+import okhttp3.mockwebserver.MockWebServer;
+import okhttp3.mockwebserver.RecordedRequest;
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.junit.runners.JUnit4;
+
+/** Tests for {@link RabbitMQCredentialTester}. */
+@RunWith(JUnit4.class)
+public class RabbitMQCredentialTesterTest {
+  @Inject private RabbitMQCredentialTester tester;
+  private MockWebServer mockWebServer;
+
+  private static final TestCredential WEAK_CRED_1 =
+      TestCredential.create("user", Optional.of("1234"));
+  private static final TestCredential WEAK_CRED_2 =
+      TestCredential.create("root", Optional.of("pass"));
+  private static final TestCredential WRONG_CRED_1 =
+      TestCredential.create("wrong", Optional.of("pass"));
+
+  private static final String WEAK_CRED_AUTH_1 = "Basic dXNlcjoxMjM0";
+  private static final String WEAK_CRED_AUTH_2 = "Basic cm9vdDpwYXNz";
+  private static final ServiceContext.Builder RABBITMQ_SERVICE_CONTEXT =
+      ServiceContext.newBuilder()
+          .setWebServiceContext(
+              WebServiceContext.newBuilder()
+                  .setSoftware(Software.newBuilder().setName("rabbitmq")));
+
+  @Before
+  public void setup() {
+    mockWebServer = new MockWebServer();
+    Guice.createInjector(new HttpClientModule.Builder().build()).injectMembers(this);
+  }
+
+  @Test
+  public void detect_weakCredentialsExists_returnsWeakCredentials() throws Exception {
+    startMockWebServer(
+        "/",
+        Resources.toString(
+            Resources.getResource(this.getClass(), "testdata/successfulAuthdResponse.json"),
+            UTF_8));
+    NetworkService targetNetworkService =
+        NetworkService.newBuilder()
+            .setNetworkEndpoint(
+                forHostnameAndPort(mockWebServer.getHostName(), mockWebServer.getPort()))
+            .setServiceName("http")
+            .setServiceContext(RABBITMQ_SERVICE_CONTEXT)
+            .setSoftware(Software.newBuilder().setName("http"))
+            .build();
+
+    assertThat(tester.testValidCredentials(targetNetworkService, ImmutableList.of(WEAK_CRED_1)))
+        .containsExactly(WEAK_CRED_1);
+    mockWebServer.shutdown();
+  }
+
+  @Test
+  public void detect_weakCredentialsExist_returnsAllWeakCredentials() throws Exception {
+    startMockWebServer(
+        "/",
+        Resources.toString(
+            Resources.getResource(this.getClass(), "testdata/successfulAuthdResponse.json"),
+            UTF_8));
+    NetworkService targetNetworkService =
+        NetworkService.newBuilder()
+            .setNetworkEndpoint(
+                forHostnameAndPort(mockWebServer.getHostName(), mockWebServer.getPort()))
+            .setServiceName("http")
+            .setServiceContext(RABBITMQ_SERVICE_CONTEXT)
+            .build();
+    assertThat(
+            tester.testValidCredentials(
+                targetNetworkService, ImmutableList.of(WEAK_CRED_1, WEAK_CRED_2)))
+        .containsExactly(WEAK_CRED_1, WEAK_CRED_2);
+    mockWebServer.shutdown();
+  }
+
+  @Test
+  public void detect_noWeakCredentials_returnsNoCredentials() throws Exception {
+    startMockWebServer(
+        "/",
+        Resources.toString(
+            Resources.getResource(this.getClass(), "testdata/successfulAuthdResponse.json"),
+            UTF_8));
+    NetworkService targetNetworkService =
+        NetworkService.newBuilder()
+            .setNetworkEndpoint(
+                forHostnameAndPort(mockWebServer.getHostName(), mockWebServer.getPort()))
+            .setServiceName("http")
+            .setServiceContext(RABBITMQ_SERVICE_CONTEXT)
+            .build();
+    assertThat(tester.testValidCredentials(targetNetworkService, ImmutableList.of(WRONG_CRED_1)))
+        .isEmpty();
+    mockWebServer.shutdown();
+  }
+
+  private void startMockWebServer(String url, String response) throws IOException {
+    mockWebServer.setDispatcher(new RespondUserInfoResponseDispatcher(response));
+    mockWebServer.start();
+    mockWebServer.url(url);
+  }
+
+  static final class RespondUserInfoResponseDispatcher extends Dispatcher {
+    private final String userInfoResponse;
+
+    RespondUserInfoResponseDispatcher(String authenticatedUserResponse) {
+      this.userInfoResponse = checkNotNull(authenticatedUserResponse);
+    }
+
+    @Override
+    public MockResponse dispatch(RecordedRequest recordedRequest) {
+      var isUserEndpoint = recordedRequest.getPath().startsWith("/api/whoami");
+      var authHeader = recordedRequest.getHeaders().get("Authorization").toString();
+      var hasWeakCred1 = authHeader.contains(WEAK_CRED_AUTH_1);
+      var hasWeakCred2 = authHeader.contains(WEAK_CRED_AUTH_2);
+
+      if (isUserEndpoint && (hasWeakCred1 || hasWeakCred2)) {
+        String username = BaseEncoding.base64().decode(authHeader).toString().split(":")[0];
+        return new MockResponse()
+            .setResponseCode(HttpStatus.OK.code())
+            .setBody(userInfoResponse.replace("<PLACEHOLDER>", username));
+      }
+      return new MockResponse().setResponseCode(HttpStatus.UNAUTHORIZED.code());
+    }
+  }
+}
diff --git a/google/detectors/credentials/generic_weak_credential_detector/src/test/resources/com/google/tsunami/plugins/detectors/credentials/genericweakcredentialdetector/testers/rabbitmq/testdata/successfulAuthdResponse.json b/google/detectors/credentials/generic_weak_credential_detector/src/test/resources/com/google/tsunami/plugins/detectors/credentials/genericweakcredentialdetector/testers/rabbitmq/testdata/successfulAuthdResponse.json
new file mode 100644
index 000000000..56c74c66e
--- /dev/null
+++ b/google/detectors/credentials/generic_weak_credential_detector/src/test/resources/com/google/tsunami/plugins/detectors/credentials/genericweakcredentialdetector/testers/rabbitmq/testdata/successfulAuthdResponse.json
@@ -0,0 +1 @@
+{"name":"<PLACEHOLDER>","tags":["administrator"]}
\ No newline at end of file

From dd934ed5508597c284f5b41016aa82b7eea61260 Mon Sep 17 00:00:00 2001
From: leonardo <leonardo@doyensec.com>
Date: Fri, 22 Dec 2023 17:25:36 +0100
Subject: [PATCH 09/20] Fixed error in test

---
 .../testers/rabbitmq/RabbitMQCredentialTesterTest.java         | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/google/detectors/credentials/generic_weak_credential_detector/src/test/java/com/google/tsunami/plugins/detectors/credentials/genericweakcredentialdetector/testers/rabbitmq/RabbitMQCredentialTesterTest.java b/google/detectors/credentials/generic_weak_credential_detector/src/test/java/com/google/tsunami/plugins/detectors/credentials/genericweakcredentialdetector/testers/rabbitmq/RabbitMQCredentialTesterTest.java
index ca1b9fbe8..71c9efd8e 100644
--- a/google/detectors/credentials/generic_weak_credential_detector/src/test/java/com/google/tsunami/plugins/detectors/credentials/genericweakcredentialdetector/testers/rabbitmq/RabbitMQCredentialTesterTest.java
+++ b/google/detectors/credentials/generic_weak_credential_detector/src/test/java/com/google/tsunami/plugins/detectors/credentials/genericweakcredentialdetector/testers/rabbitmq/RabbitMQCredentialTesterTest.java
@@ -153,7 +153,8 @@ public MockResponse dispatch(RecordedRequest recordedRequest) {
       var hasWeakCred2 = authHeader.contains(WEAK_CRED_AUTH_2);
 
       if (isUserEndpoint && (hasWeakCred1 || hasWeakCred2)) {
-        String username = BaseEncoding.base64().decode(authHeader).toString().split(":")[0];
+        String b64 = authHeader.split("Basic")[1].trim();
+        String username = BaseEncoding.base64().decode(b64).toString().split(":")[0];
         return new MockResponse()
             .setResponseCode(HttpStatus.OK.code())
             .setBody(userInfoResponse.replace("<PLACEHOLDER>", username));

From 902c152ef883192b3391843baa653bb39a57abde Mon Sep 17 00:00:00 2001
From: leonardo <leonardo@doyensec.com>
Date: Tue, 9 Jan 2024 20:20:02 +0100
Subject: [PATCH 10/20] Changed web-service detection, and fixed style

---
 .../rabbitmq/RabbitMQCredentialTester.java    | 36 ++++++++-----------
 .../testdata/successfulAuthdResponse.json     |  2 +-
 2 files changed, 15 insertions(+), 23 deletions(-)

diff --git a/google/detectors/credentials/generic_weak_credential_detector/src/main/java/com/google/tsunami/plugins/detectors/credentials/genericweakcredentialdetector/testers/rabbitmq/RabbitMQCredentialTester.java b/google/detectors/credentials/generic_weak_credential_detector/src/main/java/com/google/tsunami/plugins/detectors/credentials/genericweakcredentialdetector/testers/rabbitmq/RabbitMQCredentialTester.java
index 5351db8e6..52af963bc 100644
--- a/google/detectors/credentials/generic_weak_credential_detector/src/main/java/com/google/tsunami/plugins/detectors/credentials/genericweakcredentialdetector/testers/rabbitmq/RabbitMQCredentialTester.java
+++ b/google/detectors/credentials/generic_weak_credential_detector/src/main/java/com/google/tsunami/plugins/detectors/credentials/genericweakcredentialdetector/testers/rabbitmq/RabbitMQCredentialTester.java
@@ -25,7 +25,6 @@
 import com.google.common.flogger.GoogleLogger;
 import com.google.gson.JsonObject;
 import com.google.gson.JsonParser;
-import com.google.tsunami.common.data.NetworkEndpointUtils;
 import com.google.tsunami.common.data.NetworkServiceUtils;
 import com.google.tsunami.common.net.http.HttpClient;
 import com.google.tsunami.common.net.http.HttpHeaders;
@@ -65,19 +64,14 @@ public String description() {
     return "RabbitMQ credential tester.";
   }
 
+  @Override
+  public boolean batched() {
+    return false;
+  }
+
   private static String buildTargetUrl(NetworkService networkService, String path) {
     StringBuilder targetUrlBuilder = new StringBuilder();
-
-    if (NetworkServiceUtils.isWebService(networkService)) {
-      targetUrlBuilder.append(NetworkServiceUtils.buildWebApplicationRootUrl(networkService));
-
-    } else {
-      // Default to HTTP protocol when the scanner cannot identify the actual service.
-      targetUrlBuilder
-          .append("http://")
-          .append(NetworkEndpointUtils.toUriAuthority(networkService.getNetworkEndpoint()))
-          .append("/");
-    }
+    targetUrlBuilder.append(NetworkServiceUtils.buildWebApplicationRootUrl(networkService));
     targetUrlBuilder.append(path);
     return targetUrlBuilder.toString();
   }
@@ -107,10 +101,9 @@ private static boolean bodyContainsRabbitMQElements(String responseBody) {
    */
   @Override
   public boolean canAccept(NetworkService networkService) {
-    boolean canAcceptByNmapReport =
-        NetworkServiceUtils.getWebServiceName(networkService).equals(RABBITMQ_SERVICE);
-    if (canAcceptByNmapReport) {
-      return true;
+    boolean isWebService = NetworkServiceUtils.isWebService(networkService);
+    if (!isWebService) {
+      return false;
     }
     boolean canAcceptByCustomFingerprint = false;
 
@@ -144,11 +137,11 @@ public ImmutableList<TestCredential> testValidCredentials(
       NetworkService networkService, List<TestCredential> credentials) {
 
     return credentials.stream()
-        .filter(cred -> isRabbitMQAccessible(networkService, cred))
+        .filter(cred -> isCredentialValid(networkService, cred))
         .collect(toImmutableList());
   }
 
-  private boolean isRabbitMQAccessible(NetworkService networkService, TestCredential credential) {
+  private boolean isCredentialValid(NetworkService networkService, TestCredential credential) {
     var url = buildTargetUrl(networkService, "api/whoami");
     try {
       logger.atInfo().log(
@@ -185,10 +178,9 @@ private HttpResponse sendRequestWithCredentials(String url, TestCredential crede
   }
 
   /**
-   * A successful authenticated request to the /api/whoami endpoint 
-   * returns a JSON with at least the following keys:
-   * {"name":"username","tags":["roles"]}
-  */
+   * A successful authenticated request to the /api/whoami endpoint returns a JSON with at least the
+   * following keys: {"name":"username","tags":["roles"]}
+   */
   private static boolean bodyContainsSuccessfulLoginElements(String responseBody) {
     try {
       JsonObject response = JsonParser.parseString(responseBody).getAsJsonObject();
diff --git a/google/detectors/credentials/generic_weak_credential_detector/src/test/resources/com/google/tsunami/plugins/detectors/credentials/genericweakcredentialdetector/testers/rabbitmq/testdata/successfulAuthdResponse.json b/google/detectors/credentials/generic_weak_credential_detector/src/test/resources/com/google/tsunami/plugins/detectors/credentials/genericweakcredentialdetector/testers/rabbitmq/testdata/successfulAuthdResponse.json
index 56c74c66e..c156202b6 100644
--- a/google/detectors/credentials/generic_weak_credential_detector/src/test/resources/com/google/tsunami/plugins/detectors/credentials/genericweakcredentialdetector/testers/rabbitmq/testdata/successfulAuthdResponse.json
+++ b/google/detectors/credentials/generic_weak_credential_detector/src/test/resources/com/google/tsunami/plugins/detectors/credentials/genericweakcredentialdetector/testers/rabbitmq/testdata/successfulAuthdResponse.json
@@ -1 +1 @@
-{"name":"<PLACEHOLDER>","tags":["administrator"]}
\ No newline at end of file
+{"name":"<PLACEHOLDER>","tags":["administrator"]}

From e007f770b574585c1cdd19ac35d42cf84fc95db2 Mon Sep 17 00:00:00 2001
From: secureness <nosecureness@gmail.com>
Date: Tue, 16 Jan 2024 23:18:10 +0400
Subject: [PATCH 11/20] change new username and email to tsunami, update
 detection report, some other updates thanks to @tooryx

---
 .../Cve202322893VulnDetector.java             | 80 ++++++++-----------
 .../Cve202322893VulnDetectorTest.java         | 30 +++----
 2 files changed, 47 insertions(+), 63 deletions(-)

diff --git a/community/detectors/strapi_cve_2023_22893/src/main/java/com/google/tsunami/plugins/detectors/cves/cve202322893/Cve202322893VulnDetector.java b/community/detectors/strapi_cve_2023_22893/src/main/java/com/google/tsunami/plugins/detectors/cves/cve202322893/Cve202322893VulnDetector.java
index d38dbf41f..9119a339d 100644
--- a/community/detectors/strapi_cve_2023_22893/src/main/java/com/google/tsunami/plugins/detectors/cves/cve202322893/Cve202322893VulnDetector.java
+++ b/community/detectors/strapi_cve_2023_22893/src/main/java/com/google/tsunami/plugins/detectors/cves/cve202322893/Cve202322893VulnDetector.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2020 Google LLC
+ * Copyright 2023 Google LLC
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -20,6 +20,7 @@
 import static com.google.common.net.HttpHeaders.ACCEPT_LANGUAGE;
 import static com.google.common.net.HttpHeaders.UPGRADE_INSECURE_REQUESTS;
 import static com.google.tsunami.common.data.NetworkEndpointUtils.toUriAuthority;
+import static com.google.tsunami.common.data.NetworkServiceUtils.buildWebApplicationRootUrl;
 import static com.google.tsunami.common.net.http.HttpRequest.get;
 
 import com.google.common.annotations.VisibleForTesting;
@@ -67,9 +68,8 @@ public final class Cve202322893VulnDetector implements VulnDetector {
 
   @VisibleForTesting
   static final String VULNERABLE_REQUEST_PATH =
-      "api/auth/cognito/callback?access_token=something&id_token=eyJ0eXAiOiJKV1QiLCJhbGciOiJub25lIn0.eyJjb2duaXRvOnVzZXJuYW1lIjoiYXV0aC1ieXBhc3MtZXhhbXBsZSIsImVtYWlsIjoibm90ZXhpc3RzQG5vdGV4aXN0LmNvbSJ9.";
+      "api/auth/cognito/callback?access_token=something&id_token=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJjb2duaXRvOnVzZXJuYW1lIjoidHN1bmFtaS1zZWN1cml0eS1zY2FubmVyIiwiZW1haWwiOiJ0c3VuYW1pLXNlY3VyaXR5LXNjYW5uZXJAZ29vZ2xlLmNvbSJ9.";
 
-  @VisibleForTesting static final int DETECTION_STRING_BY_STATUS = HttpStatus.OK.code();
   private final HttpClient httpClient;
 
   private final Clock utcClock;
@@ -80,17 +80,8 @@ public final class Cve202322893VulnDetector implements VulnDetector {
     this.utcClock = checkNotNull(utcClock);
   }
 
-  private static StringBuilder buildTarget(NetworkService networkService) {
-    StringBuilder targetUrlBuilder = new StringBuilder();
-    if (NetworkServiceUtils.isWebService(networkService)) {
-      targetUrlBuilder.append(NetworkServiceUtils.buildWebApplicationRootUrl(networkService));
-    } else {
-      targetUrlBuilder
-          .append("http://")
-          .append(toUriAuthority(networkService.getNetworkEndpoint()))
-          .append("/");
-    }
-    return targetUrlBuilder;
+  private static String buildTarget(NetworkService networkService) {
+    return buildWebApplicationRootUrl(networkService);
   }
 
   @Override
@@ -113,27 +104,31 @@ private boolean isServiceVulnerable(NetworkService networkService) {
             .addHeader(UPGRADE_INSECURE_REQUESTS, "1")
             .addHeader(ACCEPT_LANGUAGE, "en-US,en;q=0.5")
             .build();
-    String targetUrl = buildTarget(networkService).append(VULNERABLE_REQUEST_PATH).toString();
+    String targetUrl = buildTarget(networkService) + VULNERABLE_REQUEST_PATH;
     try {
       HttpResponse httpResponse =
           httpClient.send(get(targetUrl).setHeaders(httpHeaders).build(), networkService);
-      // Sample successful exploitation response
-      //
-      // {"jwt":"a jwt
-      // token","user":{"id":2,"username":"auth-bypass-example","email":"notexists@notexist.com"
-      // ,"provider":"cognito","confirmed":true,"blocked":false,"createdAt":"2023-04-28T06:56:20.344Z"
-      // ,"updatedAt":"2023-04-28T06:56:20.344Z"}}
-
-      // Sample unsuccessful exploitation response
-      //
-      // {"data":null,"error":{"status":400,"name":"ApplicationError","message":"Invalid
-      // URL","details":{}}}
-      // if no cognito authentication available
-      //
-      // {"data":null,"error":{"status":400,"name":"ApplicationError","message":"This provider is
-      // disabled","details":{}}}
-      if (httpResponse.status().code() != DETECTION_STRING_BY_STATUS
-          || httpResponse.bodyJson().isEmpty()) {
+      /*
+      if the target is vulnerable, we expect
+      ```
+      {"jwt":"a jwt
+      token","user":{"id":2,"username":"tsunami-security-scanner","email":"tsunami-security-scanner@google.com"
+      ,"provider":"cognito","confirmed":true,"blocked":false,"createdAt":"current date"
+      ,"updatedAt":"current date"}}
+      ```
+      otherwise the response will contain
+      ```
+      {"data":null,"error":{"status":400,"name":"ApplicationError","message":"Invalid
+      URL","details":{}}}
+      if no cognito authentication available
+      ```
+      or
+      ```
+      {"data":null,"error":{"status":400,"name":"ApplicationError","message":"This provider is
+      disabled","details":{}}}
+      ```
+      */
+      if (httpResponse.status().code() != 200 || httpResponse.bodyJson().isEmpty()) {
         return false;
       }
 
@@ -162,20 +157,15 @@ private DetectionReport buildDetectionReport(
                         .setPublisher("TSUNAMI_COMMUNITY")
                         .setValue("CVE_2023_22893"))
                 .setSeverity(Severity.CRITICAL)
-                .setTitle("Authentication Bypass for AWS Cognito Login Provider")
+                .setTitle("Authentication Bypass For Strapi AWS Cognito Login Provider")
                 .setDescription(
-                    "Strapi through 4.5.5 does not verify the access or ID tokens issued during the OAuth flow "
-                        + "when the AWS Cognito login provider is used for authentication.")
-                .setRecommendation("Upgrade to higher versions")
-                .addAdditionalDetails(
-                    AdditionalDetail.newBuilder()
-                        .setTextData(
-                            TextData.newBuilder()
-                                .setText(
-                                    "A remote attacker could forge an ID token that is signed using the 'None' type algorithm "
-                                        + "to bypass authentication and impersonate any user that use AWS Cognito for authentication."
-                                        + " with the help of CVE-2023-22621 and CVE-2023-22894 attackers can gain "
-                                        + "Unauthenticated Remote Code Execution on this version of Strapi"))))
+                    "Strapi before 4.5.5 does not verify the access or ID tokens issued during the OAuth flow "
+                        + "when the AWS Cognito login provider is used for authentication."
+                        + "A remote attacker could forge an ID token that is signed using the 'None' type algorithm "
+                        + "to bypass authentication and impersonate any user that use AWS Cognito for authentication."
+                        + " with the help of CVE-2023-22621 and CVE-2023-22894 attackers can gain "
+                        + "Unauthenticated Remote Code Execution on this version of Strapi")
+                .setRecommendation("Upgrade to version 4.5.6 and higher"))
         .build();
   }
 }
diff --git a/community/detectors/strapi_cve_2023_22893/src/test/java/com/google/tsunami/plugins/detectors/cves/cve202322893/Cve202322893VulnDetectorTest.java b/community/detectors/strapi_cve_2023_22893/src/test/java/com/google/tsunami/plugins/detectors/cves/cve202322893/Cve202322893VulnDetectorTest.java
index b0f900705..ac4eefecc 100644
--- a/community/detectors/strapi_cve_2023_22893/src/test/java/com/google/tsunami/plugins/detectors/cves/cve202322893/Cve202322893VulnDetectorTest.java
+++ b/community/detectors/strapi_cve_2023_22893/src/test/java/com/google/tsunami/plugins/detectors/cves/cve202322893/Cve202322893VulnDetectorTest.java
@@ -18,7 +18,6 @@
 import static com.google.common.net.HttpHeaders.CONTENT_TYPE;
 import static com.google.common.truth.extensions.proto.ProtoTruth.assertThat;
 import static com.google.tsunami.common.data.NetworkEndpointUtils.forHostnameAndPort;
-import static com.google.tsunami.plugins.detectors.cves.cve202322893.Cve202322893VulnDetector.DETECTION_STRING_BY_STATUS;
 
 import com.google.common.collect.ImmutableList;
 import com.google.common.net.MediaType;
@@ -95,13 +94,13 @@ public void tearDown() throws IOException {
   }
 
   @Test
-  public void detectWhenVulnerable() {
+  public void detect_whenVulnerable_returnsDetection() {
     MockResponse response =
         new MockResponse()
             .setBody(
                 "{\"jwt\":\"a jwt\n"
                     + "token\",\"user\":{\"id\":2,\"username\":\"auth-bypass-example\",\"email\":\"notexists@notexist.com\",\"provider\":\"cognito\",\"confirmed\":true,\"blocked\":false,\"createdAt\":\"2023-04-28T06:56:20.344Z\",\"updatedAt\":\"2023-04-28T06:56:20.344Z\"}}")
-            .setResponseCode(DETECTION_STRING_BY_STATUS)
+            .setResponseCode(200)
             .setHeader(CONTENT_TYPE, MediaType.JSON_UTF_8.toString());
     mockWebServer.enqueue(response);
 
@@ -121,26 +120,21 @@ public void detectWhenVulnerable() {
                             .setPublisher("TSUNAMI_COMMUNITY")
                             .setValue("CVE_2023_22893"))
                     .setSeverity(Severity.CRITICAL)
-                    .setTitle("Authentication Bypass for AWS Cognito Login Provider")
+                    .setTitle("Authentication Bypass For Strapi AWS Cognito Login Provider")
                     .setDescription(
-                        "Strapi through 4.5.5 does not verify the access or ID tokens issued during the OAuth flow "
-                            + "when the AWS Cognito login provider is used for authentication.")
-                    .setRecommendation("Upgrade to higher versions")
-                    .addAdditionalDetails(
-                        AdditionalDetail.newBuilder()
-                            .setTextData(
-                                TextData.newBuilder()
-                                    .setText(
-                                        "A remote attacker could forge an ID token that is signed using the 'None' type algorithm "
-                                            + "to bypass authentication and impersonate any user that use AWS Cognito for authentication."
-                                            + " with the help of CVE-2023-22621 and CVE-2023-22894 attackers can gain "
-                                            + "Unauthenticated Remote Code Execution on this version of Strapi"))))
+                        "Strapi before 4.5.5 does not verify the access or ID tokens issued during the OAuth flow "
+                            + "when the AWS Cognito login provider is used for authentication."
+                            + "A remote attacker could forge an ID token that is signed using the 'None' type algorithm "
+                            + "to bypass authentication and impersonate any user that use AWS Cognito for authentication."
+                            + " with the help of CVE-2023-22621 and CVE-2023-22894 attackers can gain "
+                            + "Unauthenticated Remote Code Execution on this version of Strapi")
+                    .setRecommendation("Upgrade to version 4.5.6 and higher"))
             .build();
     assertThat(actual).isEqualTo(expected);
   }
 
   @Test
-  public void detectWhenNotVulnerableReturnsNoVulnerability() {
+  public void detect_whenNotVulnerable_returnsNoVulnerability() {
     mockWebServer.url("/notexistpath123321");
     MockResponse response =
         new MockResponse().setBody("NotExistDetectionString").setResponseCode(400);
@@ -148,6 +142,6 @@ public void detectWhenNotVulnerableReturnsNoVulnerability() {
 
     DetectionReportList findings = detector.detect(targetInfo, ImmutableList.of(strapiService));
 
-    assert (findings.getDetectionReportsList().isEmpty());
+    assertThat(findings.getDetectionReportsList()).isEmpty();
   }
 }

From ec56b6fb0b116aef443a67ac69d21fa9324d828d Mon Sep 17 00:00:00 2001
From: tooryx <1128705+tooryx@users.noreply.github.com>
Date: Thu, 18 Jan 2024 13:56:32 +0100
Subject: [PATCH 12/20] Update Cve202322893VulnDetectorTest.java

Remove unused imports
---
 .../cves/cve202322893/Cve202322893VulnDetectorTest.java         | 2 --
 1 file changed, 2 deletions(-)

diff --git a/community/detectors/strapi_cve_2023_22893/src/test/java/com/google/tsunami/plugins/detectors/cves/cve202322893/Cve202322893VulnDetectorTest.java b/community/detectors/strapi_cve_2023_22893/src/test/java/com/google/tsunami/plugins/detectors/cves/cve202322893/Cve202322893VulnDetectorTest.java
index ac4eefecc..18e35f110 100644
--- a/community/detectors/strapi_cve_2023_22893/src/test/java/com/google/tsunami/plugins/detectors/cves/cve202322893/Cve202322893VulnDetectorTest.java
+++ b/community/detectors/strapi_cve_2023_22893/src/test/java/com/google/tsunami/plugins/detectors/cves/cve202322893/Cve202322893VulnDetectorTest.java
@@ -26,7 +26,6 @@
 import com.google.tsunami.common.net.http.HttpClientModule;
 import com.google.tsunami.common.time.testing.FakeUtcClock;
 import com.google.tsunami.common.time.testing.FakeUtcClockModule;
-import com.google.tsunami.proto.AdditionalDetail;
 import com.google.tsunami.proto.DetectionReport;
 import com.google.tsunami.proto.DetectionReportList;
 import com.google.tsunami.proto.DetectionStatus;
@@ -34,7 +33,6 @@
 import com.google.tsunami.proto.Severity;
 import com.google.tsunami.proto.Software;
 import com.google.tsunami.proto.TargetInfo;
-import com.google.tsunami.proto.TextData;
 import com.google.tsunami.proto.TransportProtocol;
 import com.google.tsunami.proto.Vulnerability;
 import com.google.tsunami.proto.VulnerabilityId;

From 8f278a9f480891b671c913c9a3e94253967b484c Mon Sep 17 00:00:00 2001
From: tooryx <1128705+tooryx@users.noreply.github.com>
Date: Thu, 18 Jan 2024 14:02:08 +0100
Subject: [PATCH 13/20] Update Cve202322893VulnDetector.java

Remove unused imports
---
 .../detectors/cves/cve202322893/Cve202322893VulnDetector.java | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/community/detectors/strapi_cve_2023_22893/src/main/java/com/google/tsunami/plugins/detectors/cves/cve202322893/Cve202322893VulnDetector.java b/community/detectors/strapi_cve_2023_22893/src/main/java/com/google/tsunami/plugins/detectors/cves/cve202322893/Cve202322893VulnDetector.java
index 9119a339d..d5a87e77f 100644
--- a/community/detectors/strapi_cve_2023_22893/src/main/java/com/google/tsunami/plugins/detectors/cves/cve202322893/Cve202322893VulnDetector.java
+++ b/community/detectors/strapi_cve_2023_22893/src/main/java/com/google/tsunami/plugins/detectors/cves/cve202322893/Cve202322893VulnDetector.java
@@ -19,7 +19,6 @@
 import static com.google.common.collect.ImmutableList.toImmutableList;
 import static com.google.common.net.HttpHeaders.ACCEPT_LANGUAGE;
 import static com.google.common.net.HttpHeaders.UPGRADE_INSECURE_REQUESTS;
-import static com.google.tsunami.common.data.NetworkEndpointUtils.toUriAuthority;
 import static com.google.tsunami.common.data.NetworkServiceUtils.buildWebApplicationRootUrl;
 import static com.google.tsunami.common.net.http.HttpRequest.get;
 
@@ -32,19 +31,16 @@
 import com.google.tsunami.common.net.http.HttpClient;
 import com.google.tsunami.common.net.http.HttpHeaders;
 import com.google.tsunami.common.net.http.HttpResponse;
-import com.google.tsunami.common.net.http.HttpStatus;
 import com.google.tsunami.common.time.UtcClock;
 import com.google.tsunami.plugin.PluginType;
 import com.google.tsunami.plugin.VulnDetector;
 import com.google.tsunami.plugin.annotations.PluginInfo;
-import com.google.tsunami.proto.AdditionalDetail;
 import com.google.tsunami.proto.DetectionReport;
 import com.google.tsunami.proto.DetectionReportList;
 import com.google.tsunami.proto.DetectionStatus;
 import com.google.tsunami.proto.NetworkService;
 import com.google.tsunami.proto.Severity;
 import com.google.tsunami.proto.TargetInfo;
-import com.google.tsunami.proto.TextData;
 import com.google.tsunami.proto.Vulnerability;
 import com.google.tsunami.proto.VulnerabilityId;
 import java.io.IOException;

From df08aec6d340ce60790122b9155ce40e27eaece6 Mon Sep 17 00:00:00 2001
From: tooryx <1128705+tooryx@users.noreply.github.com>
Date: Thu, 18 Jan 2024 14:03:58 +0100
Subject: [PATCH 14/20] Update Cve202322893VulnDetector.java

Add a comment explaining the content of the JWT token. Simplify another comment that explains expectations on the HTTP response from Strapi if it is vulnerable.
---
 .../Cve202322893VulnDetector.java             | 25 ++++---------------
 1 file changed, 5 insertions(+), 20 deletions(-)

diff --git a/community/detectors/strapi_cve_2023_22893/src/main/java/com/google/tsunami/plugins/detectors/cves/cve202322893/Cve202322893VulnDetector.java b/community/detectors/strapi_cve_2023_22893/src/main/java/com/google/tsunami/plugins/detectors/cves/cve202322893/Cve202322893VulnDetector.java
index d5a87e77f..2d76433a4 100644
--- a/community/detectors/strapi_cve_2023_22893/src/main/java/com/google/tsunami/plugins/detectors/cves/cve202322893/Cve202322893VulnDetector.java
+++ b/community/detectors/strapi_cve_2023_22893/src/main/java/com/google/tsunami/plugins/detectors/cves/cve202322893/Cve202322893VulnDetector.java
@@ -62,6 +62,10 @@ public final class Cve202322893VulnDetector implements VulnDetector {
 
   private static final GoogleLogger logger = GoogleLogger.forEnclosingClass();
 
+  /*
+  ** This JWT token uses HS256 and defines the cognito username to tsunami-security-scanner and
+  ** the email to tsunami-security-scanner@google.com.
+  */
   @VisibleForTesting
   static final String VULNERABLE_REQUEST_PATH =
       "api/auth/cognito/callback?access_token=something&id_token=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJjb2duaXRvOnVzZXJuYW1lIjoidHN1bmFtaS1zZWN1cml0eS1zY2FubmVyIiwiZW1haWwiOiJ0c3VuYW1pLXNlY3VyaXR5LXNjYW5uZXJAZ29vZ2xlLmNvbSJ9.";
@@ -104,26 +108,7 @@ private boolean isServiceVulnerable(NetworkService networkService) {
     try {
       HttpResponse httpResponse =
           httpClient.send(get(targetUrl).setHeaders(httpHeaders).build(), networkService);
-      /*
-      if the target is vulnerable, we expect
-      ```
-      {"jwt":"a jwt
-      token","user":{"id":2,"username":"tsunami-security-scanner","email":"tsunami-security-scanner@google.com"
-      ,"provider":"cognito","confirmed":true,"blocked":false,"createdAt":"current date"
-      ,"updatedAt":"current date"}}
-      ```
-      otherwise the response will contain
-      ```
-      {"data":null,"error":{"status":400,"name":"ApplicationError","message":"Invalid
-      URL","details":{}}}
-      if no cognito authentication available
-      ```
-      or
-      ```
-      {"data":null,"error":{"status":400,"name":"ApplicationError","message":"This provider is
-      disabled","details":{}}}
-      ```
-      */
+      // if the target is vulnerable, we expect a JSON response that contains a JWT token.
       if (httpResponse.status().code() != 200 || httpResponse.bodyJson().isEmpty()) {
         return false;
       }

From adf43988900ebca2f0b656a3cd4709d9cff7579a Mon Sep 17 00:00:00 2001
From: tooryx <1128705+tooryx@users.noreply.github.com>
Date: Thu, 18 Jan 2024 14:05:22 +0100
Subject: [PATCH 15/20] Update Cve202322893VulnDetector.java

Formating
---
 .../cve202322893/Cve202322893VulnDetector.java     | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/community/detectors/strapi_cve_2023_22893/src/main/java/com/google/tsunami/plugins/detectors/cves/cve202322893/Cve202322893VulnDetector.java b/community/detectors/strapi_cve_2023_22893/src/main/java/com/google/tsunami/plugins/detectors/cves/cve202322893/Cve202322893VulnDetector.java
index 2d76433a4..f36319670 100644
--- a/community/detectors/strapi_cve_2023_22893/src/main/java/com/google/tsunami/plugins/detectors/cves/cve202322893/Cve202322893VulnDetector.java
+++ b/community/detectors/strapi_cve_2023_22893/src/main/java/com/google/tsunami/plugins/detectors/cves/cve202322893/Cve202322893VulnDetector.java
@@ -71,7 +71,6 @@ public final class Cve202322893VulnDetector implements VulnDetector {
       "api/auth/cognito/callback?access_token=something&id_token=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJjb2duaXRvOnVzZXJuYW1lIjoidHN1bmFtaS1zZWN1cml0eS1zY2FubmVyIiwiZW1haWwiOiJ0c3VuYW1pLXNlY3VyaXR5LXNjYW5uZXJAZ29vZ2xlLmNvbSJ9.";
 
   private final HttpClient httpClient;
-
   private final Clock utcClock;
 
   @Inject
@@ -140,12 +139,13 @@ private DetectionReport buildDetectionReport(
                 .setSeverity(Severity.CRITICAL)
                 .setTitle("Authentication Bypass For Strapi AWS Cognito Login Provider")
                 .setDescription(
-                    "Strapi before 4.5.5 does not verify the access or ID tokens issued during the OAuth flow "
-                        + "when the AWS Cognito login provider is used for authentication."
-                        + "A remote attacker could forge an ID token that is signed using the 'None' type algorithm "
-                        + "to bypass authentication and impersonate any user that use AWS Cognito for authentication."
-                        + " with the help of CVE-2023-22621 and CVE-2023-22894 attackers can gain "
-                        + "Unauthenticated Remote Code Execution on this version of Strapi")
+                    "Strapi before 4.5.5 does not verify the access or ID tokens issued during the"
+                        + " OAuth flow when the AWS Cognito login provider is used for"
+                        + " authentication. A remote attacker could forge an ID token that is"
+                        + " signed using the 'None' type algorithm to bypass authentication and"
+                        + " impersonate any user that use AWS Cognito for authentication. with the"
+                        + " help of CVE-2023-22621 and CVE-2023-22894 attackers can gain"
+                        + " Unauthenticated Remote Code Execution on this version of Strapi")
                 .setRecommendation("Upgrade to version 4.5.6 and higher"))
         .build();
   }

From b596bd105b2da873b7576663ef3465debbbc72f5 Mon Sep 17 00:00:00 2001
From: tooryx <1128705+tooryx@users.noreply.github.com>
Date: Thu, 18 Jan 2024 14:06:09 +0100
Subject: [PATCH 16/20] Update Cve202322893VulnDetectorTest.java

Sync expected description in the test with the latest formatting change.
---
 .../cve202322893/Cve202322893VulnDetectorTest.java  | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

diff --git a/community/detectors/strapi_cve_2023_22893/src/test/java/com/google/tsunami/plugins/detectors/cves/cve202322893/Cve202322893VulnDetectorTest.java b/community/detectors/strapi_cve_2023_22893/src/test/java/com/google/tsunami/plugins/detectors/cves/cve202322893/Cve202322893VulnDetectorTest.java
index 18e35f110..297f5e98b 100644
--- a/community/detectors/strapi_cve_2023_22893/src/test/java/com/google/tsunami/plugins/detectors/cves/cve202322893/Cve202322893VulnDetectorTest.java
+++ b/community/detectors/strapi_cve_2023_22893/src/test/java/com/google/tsunami/plugins/detectors/cves/cve202322893/Cve202322893VulnDetectorTest.java
@@ -120,12 +120,13 @@ public void detect_whenVulnerable_returnsDetection() {
                     .setSeverity(Severity.CRITICAL)
                     .setTitle("Authentication Bypass For Strapi AWS Cognito Login Provider")
                     .setDescription(
-                        "Strapi before 4.5.5 does not verify the access or ID tokens issued during the OAuth flow "
-                            + "when the AWS Cognito login provider is used for authentication."
-                            + "A remote attacker could forge an ID token that is signed using the 'None' type algorithm "
-                            + "to bypass authentication and impersonate any user that use AWS Cognito for authentication."
-                            + " with the help of CVE-2023-22621 and CVE-2023-22894 attackers can gain "
-                            + "Unauthenticated Remote Code Execution on this version of Strapi")
+                        "Strapi before 4.5.5 does not verify the access or ID tokens issued during"
+                            + " the OAuth flow when the AWS Cognito login provider is used for"
+                            + " authentication. A remote attacker could forge an ID token that is"
+                            + " signed using the 'None' type algorithm to bypass authentication and"
+                            + " impersonate any user that use AWS Cognito for authentication. with"
+                            + " the help of CVE-2023-22621 and CVE-2023-22894 attackers can gain"
+                            + " Unauthenticated Remote Code Execution on this version of Strapi")
                     .setRecommendation("Upgrade to version 4.5.6 and higher"))
             .build();
     assertThat(actual).isEqualTo(expected);

From b9d485118fffd2cda699aaa20ac41e7218e08881 Mon Sep 17 00:00:00 2001
From: leonardo <leonardo@doyensec.com>
Date: Thu, 18 Jan 2024 16:25:13 +0100
Subject: [PATCH 17/20] Fixed calling toString on an array

---
 .../testers/rabbitmq/RabbitMQCredentialTesterTest.java         | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/google/detectors/credentials/generic_weak_credential_detector/src/test/java/com/google/tsunami/plugins/detectors/credentials/genericweakcredentialdetector/testers/rabbitmq/RabbitMQCredentialTesterTest.java b/google/detectors/credentials/generic_weak_credential_detector/src/test/java/com/google/tsunami/plugins/detectors/credentials/genericweakcredentialdetector/testers/rabbitmq/RabbitMQCredentialTesterTest.java
index 71c9efd8e..0253c717c 100644
--- a/google/detectors/credentials/generic_weak_credential_detector/src/test/java/com/google/tsunami/plugins/detectors/credentials/genericweakcredentialdetector/testers/rabbitmq/RabbitMQCredentialTesterTest.java
+++ b/google/detectors/credentials/generic_weak_credential_detector/src/test/java/com/google/tsunami/plugins/detectors/credentials/genericweakcredentialdetector/testers/rabbitmq/RabbitMQCredentialTesterTest.java
@@ -34,6 +34,7 @@
 import com.google.tsunami.proto.WebServiceContext;
 import java.io.IOException;
 import java.util.Optional;
+import java.util.Arrays;
 import javax.inject.Inject;
 import okhttp3.mockwebserver.Dispatcher;
 import okhttp3.mockwebserver.MockResponse;
@@ -154,7 +155,7 @@ public MockResponse dispatch(RecordedRequest recordedRequest) {
 
       if (isUserEndpoint && (hasWeakCred1 || hasWeakCred2)) {
         String b64 = authHeader.split("Basic")[1].trim();
-        String username = BaseEncoding.base64().decode(b64).toString().split(":")[0];
+        String username = Arrays.toString(BaseEncoding.base64().decode(b64)).split(":")[0];
         return new MockResponse()
             .setResponseCode(HttpStatus.OK.code())
             .setBody(userInfoResponse.replace("<PLACEHOLDER>", username));

From 9d53673c258a789eff15e59b619e444ee060a7e6 Mon Sep 17 00:00:00 2001
From: leonardo <leonardo@doyensec.com>
Date: Thu, 18 Jan 2024 16:48:10 +0100
Subject: [PATCH 18/20] Fixed minor style issues

---
 .../testers/rabbitmq/RabbitMQCredentialTester.java        | 8 ++++----
 .../testers/rabbitmq/RabbitMQCredentialTesterTest.java    | 8 ++++----
 2 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/google/detectors/credentials/generic_weak_credential_detector/src/main/java/com/google/tsunami/plugins/detectors/credentials/genericweakcredentialdetector/testers/rabbitmq/RabbitMQCredentialTester.java b/google/detectors/credentials/generic_weak_credential_detector/src/main/java/com/google/tsunami/plugins/detectors/credentials/genericweakcredentialdetector/testers/rabbitmq/RabbitMQCredentialTester.java
index 52af963bc..c36691e4a 100644
--- a/google/detectors/credentials/generic_weak_credential_detector/src/main/java/com/google/tsunami/plugins/detectors/credentials/genericweakcredentialdetector/testers/rabbitmq/RabbitMQCredentialTester.java
+++ b/google/detectors/credentials/generic_weak_credential_detector/src/main/java/com/google/tsunami/plugins/detectors/credentials/genericweakcredentialdetector/testers/rabbitmq/RabbitMQCredentialTester.java
@@ -25,6 +25,7 @@
 import com.google.common.flogger.GoogleLogger;
 import com.google.gson.JsonObject;
 import com.google.gson.JsonParser;
+import com.google.gson.JsonSyntaxException;
 import com.google.tsunami.common.data.NetworkServiceUtils;
 import com.google.tsunami.common.net.http.HttpClient;
 import com.google.tsunami.common.net.http.HttpHeaders;
@@ -44,7 +45,6 @@ public final class RabbitMQCredentialTester extends CredentialTester {
   private static final GoogleLogger logger = GoogleLogger.forEnclosingClass();
   private final HttpClient httpClient;
 
-  private static final String RABBITMQ_SERVICE = "rabbitmq";
   private static final String RABBITMQ_PAGE_TITLE = "RabbitMQ Management";
   private static final String RABBITMQ_SERVER_HEADER = "Cowboy";
   private static final String RABBITMQ_WWW_HEADER = "Basic realm=\"RabbitMQ Management\"";
@@ -78,7 +78,7 @@ private static String buildTargetUrl(NetworkService networkService, String path)
 
   // Checks if the response body contains the title element of rabbitmq management page.
   // Custom fingerprint phase.
-  private static boolean bodyContainsRabbitMQElements(String responseBody) {
+  private static boolean bodyContainsRabbitMqElements(String responseBody) {
     Document doc = Jsoup.parse(responseBody);
     String title = doc.title();
 
@@ -117,7 +117,7 @@ public boolean canAccept(NetworkService networkService) {
               && response.headers().get("server").get().trim().equals(RABBITMQ_SERVER_HEADER)
               && response
                   .bodyString()
-                  .map(RabbitMQCredentialTester::bodyContainsRabbitMQElements)
+                  .map(RabbitMQCredentialTester::bodyContainsRabbitMqElements)
                   .orElse(false);
       url = buildTargetUrl(networkService, "api/overview");
       response = httpClient.send(get(url).withEmptyHeaders().build());
@@ -191,7 +191,7 @@ private static boolean bodyContainsSuccessfulLoginElements(String responseBody)
       } else {
         return false;
       }
-    } catch (Exception e) {
+    } catch (JsonSyntaxException e) {
       logger.atWarning().withCause(e).log(
           "An error occurred while parsing the json response: %s", responseBody);
       return false;
diff --git a/google/detectors/credentials/generic_weak_credential_detector/src/test/java/com/google/tsunami/plugins/detectors/credentials/genericweakcredentialdetector/testers/rabbitmq/RabbitMQCredentialTesterTest.java b/google/detectors/credentials/generic_weak_credential_detector/src/test/java/com/google/tsunami/plugins/detectors/credentials/genericweakcredentialdetector/testers/rabbitmq/RabbitMQCredentialTesterTest.java
index 0253c717c..4f2be8418 100644
--- a/google/detectors/credentials/generic_weak_credential_detector/src/test/java/com/google/tsunami/plugins/detectors/credentials/genericweakcredentialdetector/testers/rabbitmq/RabbitMQCredentialTesterTest.java
+++ b/google/detectors/credentials/generic_weak_credential_detector/src/test/java/com/google/tsunami/plugins/detectors/credentials/genericweakcredentialdetector/testers/rabbitmq/RabbitMQCredentialTesterTest.java
@@ -60,7 +60,7 @@ public class RabbitMQCredentialTesterTest {
 
   private static final String WEAK_CRED_AUTH_1 = "Basic dXNlcjoxMjM0";
   private static final String WEAK_CRED_AUTH_2 = "Basic cm9vdDpwYXNz";
-  private static final ServiceContext.Builder RABBITMQ_SERVICE_CONTEXT =
+  private static final ServiceContext.Builder rabbitmqServiceContext =
       ServiceContext.newBuilder()
           .setWebServiceContext(
               WebServiceContext.newBuilder()
@@ -84,7 +84,7 @@ public void detect_weakCredentialsExists_returnsWeakCredentials() throws Excepti
             .setNetworkEndpoint(
                 forHostnameAndPort(mockWebServer.getHostName(), mockWebServer.getPort()))
             .setServiceName("http")
-            .setServiceContext(RABBITMQ_SERVICE_CONTEXT)
+            .setServiceContext(rabbitmqServiceContext)
             .setSoftware(Software.newBuilder().setName("http"))
             .build();
 
@@ -105,7 +105,7 @@ public void detect_weakCredentialsExist_returnsAllWeakCredentials() throws Excep
             .setNetworkEndpoint(
                 forHostnameAndPort(mockWebServer.getHostName(), mockWebServer.getPort()))
             .setServiceName("http")
-            .setServiceContext(RABBITMQ_SERVICE_CONTEXT)
+            .setServiceContext(rabbitmqServiceContext)
             .build();
     assertThat(
             tester.testValidCredentials(
@@ -126,7 +126,7 @@ public void detect_noWeakCredentials_returnsNoCredentials() throws Exception {
             .setNetworkEndpoint(
                 forHostnameAndPort(mockWebServer.getHostName(), mockWebServer.getPort()))
             .setServiceName("http")
-            .setServiceContext(RABBITMQ_SERVICE_CONTEXT)
+            .setServiceContext(rabbitmqServiceContext)
             .build();
     assertThat(tester.testValidCredentials(targetNetworkService, ImmutableList.of(WRONG_CRED_1)))
         .isEmpty();

From 701782bf6c6541b25ae6bcb5b6ed9028def80210 Mon Sep 17 00:00:00 2001
From: tooryx <pprc@google.com>
Date: Tue, 23 Jan 2024 10:20:56 +0000
Subject: [PATCH 19/20] add gradle wrappers for Strapi CVE-2023-22893

---
 .../gradle/wrapper/gradle-wrapper.jar         | Bin 0 -> 43462 bytes
 .../gradle/wrapper/gradle-wrapper.properties  |   7 +
 .../detectors/strapi_cve_2023_22893/gradlew   | 249 ++++++++++++++++++
 .../strapi_cve_2023_22893/gradlew.bat         |  92 +++++++
 4 files changed, 348 insertions(+)
 create mode 100644 community/detectors/strapi_cve_2023_22893/gradle/wrapper/gradle-wrapper.jar
 create mode 100644 community/detectors/strapi_cve_2023_22893/gradle/wrapper/gradle-wrapper.properties
 create mode 100755 community/detectors/strapi_cve_2023_22893/gradlew
 create mode 100644 community/detectors/strapi_cve_2023_22893/gradlew.bat

diff --git a/community/detectors/strapi_cve_2023_22893/gradle/wrapper/gradle-wrapper.jar b/community/detectors/strapi_cve_2023_22893/gradle/wrapper/gradle-wrapper.jar
new file mode 100644
index 0000000000000000000000000000000000000000..d64cd4917707c1f8861d8cb53dd15194d4248596
GIT binary patch
literal 43462
zcma&NWl&^owk(X(xVyW%ySuwf;qI=D6|RlDJ2cR^yEKh!<L)kv!^b;wzjN=MbLPE6
z#Qs54Mb(a4xpF<3xwf(#I0QP#moHyHKtM=7umAmr3<3k9AfYb8AfqVBBrhW-p{ORI
zp$-WG`qx|5b@g0VIWYsKzV}*LSf1fX%5<DxH2bTXmT7RMuqAb62#S(Z1H@42g>@I-
zp9QeisK*rlxC>+~7Dk4IxIRsKBHqdR9b3+fyL=ynHmIDe&|>O*VlvO+%z5;9Z$|DJ
zb4dO}-R=MKr^6EKJiOrJdLnCJn>np<Vr_Xn3)te~Xt>?~vU-1sSFgPu;pthGwf}bG
z(1db%xwr#x)r+`4AGu$j7~u2MpVs3VpLp|mx&;>`0p0vH6kF+D2CY0fVdQOZ@h;A`
z{infNyvmFUiu*X<?lkm_Rwc7`N28EaGe!}kzj7nfhW^@lTVlH-#Uo^46(tYuSUgOx
zQr0fsq(~O?24S?tV(okgsek@TWWcu+UvB}S%m>G}RNMNwXrbec_*a3N=2zJ|Wh5z*
z5rAX$JJR{#zP>KY**>xHTuw?|-Rg|o24V)74HcfVT;WtQHXlE+_4iPE8QE#DUm%x0
zEKr75ur~W%w#-My3Tj`hH6EuEW+8K-^5P62$7Sc5OK+22qj&Pd1;)1#4tKihi=~8C
zHiQSst0cpri6%OeaR`PY>HH_;CPaRNty%WTm4{wDK8V6gCZlG@U3$~JQZ;<Vs5#qH
zEVy+t;!5@Xu1$jID=`9nIoF+Jc9_az6+@ZeQX+!p62E#%NU_ikW&7u6D)sZpOG{u|
z={bCQI06wwYzSWO$q~5IHw{K<h(x`GAQV}I+HC2mJ9);BffzPtNZV^JzK+Q*#E)sp
z_;y^CR19xFFVGX1#sx$S&@R1md`SKw94gSZefoLMIz1SgFUJeHlDdu>HPvDJcT1V{
z?>H@13MJcCNe#5z+MecYNi@VT5|&UiN1D4ATT+%M+h4c$t;C#UAs3O_q=GxK0}8%8
z8J(_M9bayxN}69ex4dzM_P3oh@ZGREjVvn%%r7=xjkqxJP4kj}5tlf;QosR=%4L5y
zWhgejO=vao5oX%mOHbhJ8V+SG&K5dABn6!WiKl{|oPkq(9z8l&Mm%(=qGcFzI=eLu
zWc_oCLyf;hVlB@dnwY98?75B20=n$>u3b|NB28H0u-6Rpl((%KWEBOfElVWJx+5yg
z#SGqwza7f}$z;n~g%4HDU{;V{gXIhft*q2=4zSezGK~nBgu9-Q*rZ#2f=Q}i2|qOp
z!!y4p)4o=LVUNhlkp#JL{tfkhXNbB=Ox>M=n6soptJw-IDI|_$is2w}(XY>a=H52d
z3zE$tjPUhW<B7^QI+mzDc0r|3FgQFs!Jsdf2mD!`%+)SGMT!&dDeNq8Wnr~TJ=;SJ
zCjA5AMnKC>WS+5h=KVH&uqQS=$v3nRs&p$%11b%5qtF}S2#Pc`IiyBIF4%A!;AVoI
zXU8-Rpv!DQNcF~(qQnyyMy=-AN~U>#&X1j5BLDP{?K!%h!;hfJI>$mdLSvktEr*89
zdJHvby^$xEX0^l9g$xW-d?J;L0#(`UT~zpL&*cEh$L|HPAu=P8`OQZV!-}l`noSp_
zQ-1$q$R-gDL)?6YaM!=8H=QGW$NT2SeZlb8PKJdc=F-cT@j7Xags+Pr*jPtlHFnf-
zh?q<6;)27IdPc^Wdy-mX%2s84C1xZq9Xms+==F4);O`VUASmu3(RlgE#0+#giLh-&
zc<QGvU&1r_Xz58P7NkF*I*90qex!^xxfEgH#K;#C|KMCf;CA5Qt-NV8mGe5b-lG!j
zRL`7OWA4AJCL!FWu3g%<l7t>xm3_e}n4<JRr%rS6Swi_EMqL;`T8Bl3(r42Q<|~(Y
zc;e@g+fVh%OUP%og+-&}AUrto$4spr+PoQd2Zp+clpMO`)?XEs_x|w9_1so-38=4Y
zn`D1h2@&{Ai|aMqEbZDK1O5PGO%pa3=lgn}`i!wzdMR^A4OKHJ)Gs9YZ1vnbkiv-D
z$-P%T9AC{vA3^Up7DULFj^rOQ`7gHyAFny;2s;Lb$MDVB@Qs!<`=}5GFJ_Xz>{%|X
zJp{G_j+%`j_q5}k{eW&TlP}J2wtZ2^<^E(O)4OQX8FDp6RJq!F{(6eHWSD3=f~(h}
zJXCf7=r<16X{pHkm%yzYI_=VDP&9bmI1*)Y<!NUzHwGU;+XI38Q(`+NB8>XZeB}F?
z(%QsB5fo*FUZxK$<e}vt0yO7dH1jD~7>oX~X^69;x~j7ms8xlzpt-T15e9}$4T-pC
z6PFg@;B-j|Ywajpe4~bk#S6(fO^|mm1hKOPfA%8-_iGCfICE|=P_~e;Wz6my&)h_~
zkv&_xSAw7AZ%ThYF(4jADW4vg=oEdJGVOs>FqamoL3Np8>?!W#!R-0%2Bg4h?kz5I
zKV-rKN2n(vUL%D<4oj@|`eJ>0i#TmYBtYmfla;c!ATW%;xGQ0*TW@PTlGG><@dxUI
zg>+3SiGdZ%?5N=8uoLA|$<tQF__q{Hb+omJ>4isK$aJ%i{hECP$bK{J#0W2gQ3YEa
zZQ50Stn6hqdfxJ*9#NuSLwKFCU<kW<Z$>Gk@c=(igyVL;;2^wi4o30YXSIb2g_ud$
zgpCr@H0qWtk2hK8Q|&wx)}4+hTYlf;$a4#oUM=V@Cw#!$(nOFFpZ;0lc!qd=c$S}Z
zGGI-0jg~S~cgVT=4Vo)b)|4phjStD49*EqC)IPwyeKBLcN;Wu@Aeph;emROAwJ-0<
z_#>wVm$)ygH|qyxZaet&(Vf%pVdnvKWJn9`%DAxj3ot;v>S$I}jJ$FLBF*~iZ!ZXE
zkvui&p}fI0Y=IDX)mm0@tAd|fEHl~J&K}ZX(Mm3cm1UAuwJ42+AO5@HwYfDH7ipIc
zmI;1J;J@+aCNG1M`Btf>YT>~c&3<N>j~Qi@Py5JT6;zjx$cvOQW@3oQ>|}GH?TW-E
z1R;q^QFjm5W~7f}c3Ww|awg1BAJ^slEV~Pk`Kd`PS$7;SqJZNj->it4DW2l15}xP6
zoCl$kyEF%yJni0(L!Z&14m!1ur<bj#167-*(B|jp)F*o{Q;Hn)6)_<P63qS{7s)%O
z``Aek8i5TJj-mjjYtt1A_~`C%@M}|?ur(!4Oz?<A^)?FLyfSWzL9}|;jFV^_SWWx7
zZqoBj%8Zht{DR?*BSX3Fo`9QF2<={td!w9oLBkZ!>Xh6Btj_5JYt1{#+H8w?5QI%%
zo-$KYWNMJVH?Hh@1n7OSu~QhSswL8x0=$<8QG_zepi_<zlB#8m+hcE7gc<MZ-I}wy
z>`y_79=nK=_ZP_`Em2UI*tyQoB+r{1QYZCpb?2OrgUw#oRH$?^Tj!Req>XiE#~B|~
z+%HB;=ic+R@px4Ld8mwpY;W^A%8%l8$@B@1m5n`TlKI6bz2mp*^^^1mK$COW$HOfp
zUGTz-cN9?BGEp}5A!mDFjaiWa2_J2Iq8qj<W!S?C&KT9grEb&=%wm;aC1~>0mXzk;
z66JBKRP{p%wN7XobR0YjhAuW9T1Gw3FDvR5dWJ8ElNYF94e<ioutKi#n7!$mwZ7cG
z1bc^4#{Lo^rv1yy&HM`wbm`jfSY+G{qjDC1m?i9np*9^ecJ6!CKPZ;Z?_@`Nrs+nA
zB6#eGiAgK!RqyysJp%o~7rj*4vtuR7j|$OCbL9xyI9^gP(08>F3ebu+QwKjtvVu4L
zI9ip#mQ@4uqVdkl-TUQMb^XBJVLW(-$s;Nq;@5gr4`UfLgF$adIhd?rHOa%D);whv
z=;krPp~@I+-Z|r#s3yCH+c1US?dnm+C*)r{m+86sTJusLdNu^sqLrfWed^ndHXH`m
zd3#cOe3>w-ga(Dus_^ppG9AC>Iq{y%%CK+Cro_sqLCs{VLuK=dev>OL1dis4(PQ5R
zcz<j+gH(MtWYW4^8ed>)>DjEkfV+M<e_sEdzrS<1AHM%agf4oS_E5Eo5a@5bZSJRE
z-3LG-!nD1<2E1K6xQ;KRI>O;~>VUlYF00SgfUo~@(&9$Iy2|G0T9BSP?&T22>K46D
zL*~j#yJ?)^*%J3!16f)@Y2Z^kS*BzwfAQ7K96rFRIh>#$*$_Io;z>ux@}G98!fWR@
zGTFxv4r~v)Gsd|pF91*-eaZ3Qw1MH$K^7JhWIdX%o$2kCbvGDXy)a?@8T&1dY4`;L
z4Kn+f%SSFWE_rpEpL9bnlmYq`D!6F%di<&Hh=+!VI~j)2mfil03T#jJ_s?}VV0_hp
z7T9bWxc>Jm2Z0WMU?`Z$xE74Gu~%s{mW!d4uvK<j&<1yHv!7+02LGZ>Cx@WD+gPUQ
zV0vQS(Ig++z=EHN)BR44*EDSWIyT~R4$FcF*VEY*8@l=218Q05D2$|fXKFhRgBIEE
zdDFB}1dKkoO^7}{5crKX!p?dZWNz$m>1icsXG2N+((x0OIST9Zo^DW_tytvlwXGpn
zs8?pJXjEG;T@qrZi%#h<Ub!eG-{OloH-RpCzw35}x@i|jcqI|*S)Mk#vJASbW?htA
zkoiPl104oY;UP=8R1euujt$?djSOx?y-rqs2lMK%Qb9yZr^vF%!MGNK6X7qcO{3$l
z`SpE|3;1<tJDRMxF=rVtiibsxjcy7ac&I!rJ(vX~wSh6hna0U?6s6xBR8R}cWK=Mr
z0w`kyzSZL7v262fj&Zs-DwNn*X?a01@1FD@>93?FP$!&P4JA(&H61tqQi=opRzNpm
zkrG}$^t9&XduK*Qa1?<l%^7R<o*-c=iC4sk-`i4!S6!9X4fSx+qbvvgrLLuj@E8FE
zq?-x^MET$9MfCquFDi&A%1BD6sWU1_{+DLFRrob7FUP<*gCNI1JNawshbr?t+t&Wg
zFNRT>355wd8G2CI6QEh@Ua>AsD;7oRUNLPb76m4HG3K?)wF~IyS3`fXuNM>${?wmB
zpVz;?6_(Fiadfd{vUCBM*_kt$+F3J+IojI;9L(gc9n3{sEZyzR9o!_mOwFC#tQ{Q~
zP3-`#uK#tP3Q7~Q;4H|wjZHO8h7e4IuBxl&vz2w~D8)w=Wtg31zpZhz%+kzSzL*dV
zwp@{WU4i;hJ7c2f1O;7Mz6<tj2!R+wyuceauj<?kVu{wyl=%JHPkLzkWmg+Z?RG$#
zRU+Lf6+%iJNryt(CfbHrg5cMQPHCKXNZUXf@5VtUpcIZ(1nKR6v)V%+OF~*L&Q2bo
zXdQmkq&Da<4ZR}a$I6XIt`dd!z6Ld%&o(8?bghVIHa*@Mm4a2#r;SUX#A+KRSH^xk
zTs2!r=Ribpu&~Zx#mw!4jE91^t<FzpP{8m$mj$1xwQ{_Z*|&XtH^s|T`GZmEqGKAk
zj@Xz#kk3*eWc-B>qRKeASoIv0_bV=i@NMG*l<#+;INk-^`5w@}Dj~;k=|}qM1vq_P
z|GpBGe_IKq|LNy9SJhKOQ$c=5L{Dv|Q_lZl=-ky*BFBJLW9&y_C|!vyM~rQx=!vun
z?rZJQB5t}Dctmui5i31C_;_}C<yrm%u8E>En}_W%>oSXtt>@kE1=JW*4*v4tPp;O6
zmAk{)m!)}34pTWg8{i>($%NQ(Tl;QC@J@FfBoc%Gr&m560^kgSfodAFrIjF}aIw)X
zoXZ`@IsMkc8_=w%-7`D6Y4e*CG8k%Ud=GXhsTR50jUnm+R*0A(O3UKFg0`K;qp1bl
z7``HN=?39ic_kR|^R^~w-*pa?Vj#7|e9F1iRx{GN2?wK!xR1GW!qa=~pjJb-#u1K8
zeR?Y2i-pt}yJq;SCiVHODIvQJX|ZJaT8nO+(?HXbLefulKKgM^B(UIO1r+S=7;kLJ
zcH}1J=Px2jsh3Tec&v8Jcbng8;V-`#*UHt?hB(pmOipKwf3Lz8rG$heEB30Sg*2rx
zV<|KN86$soN(I!BwO`1n^^uF2*x&vJ$2d$>+`(romzHP|)K_KkO6Hc>_dwMW-M(#S
zK(~SiXT1@fvc#U+?|?PniDRm01)f^#55;nhM|wi?oG>yBsa?~?^xTU|fX-R(sTA+5
zaq}-8Tx7zrOy#3*JLIIVsBmHYLdD}!0NP!+ITW+Thn0)8SS!$@)HXwB3tY!fMxc#1
zMp3H?q3eD?u&Njx4;KQ5G>32+GRp1Ee5qMO0lZjaRRu&{W<&~DoJNGkcYF<5(Ab+J
zgO>VhBl{okDPn78<%&e2mR{jwVCz5Og;*Z;;3%VvoGo_;HaGLWYF7q#jDX=Z#Ml`H
z858YVV$%J|e<1n`%6Vsvq7GmnAV0wW4$5qQ3uR@1i>tW{xrl|ExywIc?fNgYlA?C5
zh$ezAFb5{rQu6i7BSS5*J-|9DQ{6^BVQ{b*lq`xS@RyrsJN?-t=MTMPY;WYeKBCNg
z^2|pN!Q^WPJuuO4!|P@jzt&tY1Y8d%FNK5xK(!@<w&%9D$8VsECTj#p>`jO2aEA*4
zkO6b|UVBipci?){-Ke=+1;mGlND8)6+P;8sq}UXw2hn;fc7nM>g}GSMWu&v&fqh<p
z##88~l{cY%DBl|WjH>iViYT=fZ(|3Ox^$aWPp4a8h24tD<|8-!aK0lHgL$N7Efw}J
zVIB!7=T$U`ao1?upi5V4Et*-lTG0XvExbf!ya{cua==$WJyVG(CmA6Of*8E@DSE%L
z`V^$qz&RU$7G5mg;8;=#`@rRG`-uS<w08Td3B}9G%N}FK9HR~!f^Cj{`y^tJfREum
z*~gqwb#dcwc-QI{m8GKpLpC4_K%Vfi)$F_F!#pL|shy<Q%NAC^CU`RL!|-5srD#ZO
zn{I~O)p%c{5m;d<;UUXgV+yNvL<rtSIQngc|6F6>18$0WPN@!v2d{H2sOqP|!(cQ@
zUHo!d>>yFArLPf1q`uBvY32miqShLT1B@gDL4XoVTK&@owOoD)OIHXrYK-a1d$B{v
zF^}8D3Y^g%^cnvScOSJR5QNH+BI%d|;J;wWM3~l>${fb8DNPg)wrf|GBP8p%LNGN#
z3EaIiItgwtGgT&iYCFy9-LG}bMI|4LdmmJ<aSE*uYY8*ef191mD07amYtQ+>t@V@%
zb6B)1kc=T)(|L@0;wr<>=?r04N;E&ef+7C^`wPWtyQe(*pD1pI_&XHy|0gIGHMekd
zF_*M<adlI3H~C+q^IzcHq+zQxXN(?TC=A;~jCHxB64cks3Odw>4yi6J&Z4LQj65)S
zXwdM{SwUo%3<O37{DHPAG$A+a&Uh?}DLaiJmVVmFZ1SIa$#%_k^;QaeeZ7P1{c?b9
zC=eLHcdO3e<gc?V;V!z6HlJL{r#Zyj=E&V_!6PB!qLm)(8_YSrHh0%Boz_*kUx6mK
zb|)@dlgu8i#ZFeI!mo!f$fZhLo%K}Hqt2m#>SbPwFsHgqF@V|6afT|R6?&S;lw=8%
z3}@9<sV<+=?Zw{9R&#fEo?wO?NZ(DJrAWh4NL*AP6WG<pY>B=#JI3@B*#4s!O))~z
zc>2_4Q_#&+5V`GFd?88^;c1i7;Vv_I*qt!_Yx*n=;rj!82rrR2rQ8u5(Ejlo{15P%
zs~!{%XJ>FmJ})H^I9<JZ=qNB8Uvp_IODk79lcQ%6N8nJ<layarnSw*wERT@1y+@T9
zbCRk63Z9EFi*?65Y?t(rNyKH`R2OmS8*97sR}##9$$k=`zv4t1*Bd!||1<$^?K3bV
zch~R<>bn^Re&38H{xA!0l3^89k(oU;bZWXM@kn$#aoS&Y4l^-WEn<v2GMB&`=$+t{
zsqH-Hrg^zC-u%NR+$BDUf%Zr&u$O+4nJ{Bn;W>-fH39Jb9lA%s*WsKJQl?n9B7_~P
z-XM&WL7Z!PcoF6_D>V@$CvUIEy=+Z&0kt{szMk=f1|M+r*a43^$$B^MidrT0J;RI`
z(?f!O<8UZkm$_Ny$<xT<$ZIyDj(fr1FYD^^at+o!IT*&wJZ2YcAjrNtR7B|~_E5=s
zOz!Ci^%eTS=@CxD@zJ?@F7iX3EI*kkt`>Hth1J#^4ni+im8M9mr&k|3cIgwvjAgjH
z8`N&h25xV#v*d$qBX5jkI|xOhQn!>IYZK7l5#^P4M&twe9&Ey@@GxYMxBZq2e7?`q
z$~Szs0!g{2fGcp9PZEt|rdQ6bhAgpcLHPz?f-vB?$dc*!9OL?Q8mn7->bFD2Si60*
z<SxIYe5*?<(^};SmYZJUE5uTQgi>!O%y)fCdMSV|lkF9w%x~J*A&srMyYY3{=&$}H
zGQ4VG_?$2X(0|vT0{=;W$~icCI{b6W{B!Q8xdGhF|D{25G_5_+%s(46lhvNLkik~R
z><gHECVNA9lSE@px%4b)MU9AlX-3O&uNmc}yl!RiOZVkYH*st9io|}a-%W^-z%%sS
zBRKzv>nr(&C#5wwOzJZQo9m|U<;&Wk!_#q|V>fsmj1g<6%hB{jGoNUPjgJslld><h
z0D4sDtR`m}US*Y@1-q?v_8uo!>xmODzGjY<PkPw{-%~Z34UsBBxRhv{JbTqaVf$5q
z{S2pJqjiGYd2`{L@&>c?7JSuA?A_QzjDw5AsRgi@Y|Z0{F{!1=!NES-#*f^s4l0Hu
zz468))2IY5dmD9pa*(yT5{EyP^G>@ZWumealS-*WeRcZ}B%gxq{MiJ|RyX-^C1V=0
z@iKdrGi1jTe8Ya^x7yyH$kBNvM4R~`fbPq$BzHum-3Zo8C6=KW@||>zsA8-Y9uV5V
z#oq-f5L5}V<&wF4@X@<3^C%ptp6+Ce)~hGl`kwj)bsAjmo_GU^r940Z-|`<)oGnh7
zFF0Tde3>ui?8Yj{sF-Z@)yQd~CGZ*w-6p2U<8}JO-sRsVI5dBji`01W8A&3$?<gda
z?BZWzCe?!+Mzz3|voidco80@c=7!Ur=?8_d@M{njoqdXf;HO=-j8&nJI$X=2*nR5b
zdkQR1yvkj-(Jw_Mm=h7q^yxfjEp7^;bcyq6D@_K&VWKp^Sop&nM1y{dpIssXCy2i4
z=LyazjEE+1j0KJwbLD2TWETW$BXbT?w}d!pg$Bwi+bH5Fd+>}lxBaC&vn0E$c5tW*
zX>5(zzZ=qn&!J~KdsPl;P@bmA-Pr8T*)eh_+Dv5=Ma|XSle6t(k8qcgNyar{*ReQ8
zTXwi=8vr>!3Ywr+BhggHDw8ke==NTQVMCK`$69fhzEFB*4+H9LIvdt-#IbhZvpS}}
zO3lz;P?zr0*0$%-Rq_y^k(?I{Mk}h@w}cZpMUp|ucs55bcloL2)($u%mXQw({Wzc~
z;6nu5MkjP)0C(@%6Q_I_vsWrfhl7Zpoxw#WoE~r&GOSCz;_ro6i(^hM>I$8y>`!wW
z*U^@?B!MMmb89I}2(hcE4zN2G^kwyWCZp5JG>$Ez7zP~D=J^LMjSM)27_0B_X^C(M
z`fFT+%DcKlu?^)FCK>QzSnV%IsXVcUFhFdBP!6~se&xxrIxsvySAWu++IrH;FbcY$
z2DWTvSBRfLwdhr0nMx+URA$j3i7_*6BWv#DXfym?ZRDcX9C?cY9sD3q)uBDR3uWg=
z(lUIzB)G$Hr!){>E{s4Dew+tb9kvToZp-1&c?y2wn@Z~(VBhqz`cB;{E4(P3N2*nJ
z_>~g@;UF2iG{Kt(<1PyePTKahF8<)pozZ*xH~U-kfoAayCwJViIrnqwqO}7{0pHw$
zs2Kx?s#<e4dK%3b&+)k6Y|;S4DL85-WyrKVIj_j{{6I$&%2Do^b$2hE@5=a;FpA#?
zj?ue-OJN&$@J%?YKM$eGC(JtcZy!B$NWApB@di<X3W1e<da}udYMoeI3o7_<JF=Zh
zYpeXWvB)_@QIIYWL@3|7rB4|sFVTbw@}gXInS&gjZDpG1DvPM{2=+Ykc&(i5ifc$_
zh}LZ8qwN(P?@iKtl~(pPzWr%^DDJwnMm5!z?#c5FjG;&ZIUT6z@~tYZ+k;3g@lXUv
zc!5>vQr7XZ264>5RNKSL8|Ty^=PsIx^}QqOOcfpGUU4tRkUc|kc7-!Ae6!+<d3LhN
z&XzYh?Io|}4gfQtnbqxLyJD!7AFApf16JvF_cy6Y`x$Llw|Gfz;B@D2LO~qGw&vqe
zsH^CM_BX(-!fK<Eo8IYbMVZ6+S7(ZE0!FE(^I(-o-1+IZ<U0&RNxqDrwiyUBYR)d<
z#!m|@8#oaZv2FVRDr{+-;DajT%LpK4DvrtxtKBx!-{g~??&MQ(9~5@mIpt?Y@cvL%
zN}LG<11t5Cf)G^&gR<1lgJ{-R<J>B{o~7nFpm3|G5^=0#Bnm6`V}oSQlrX(u%OWnC
zoLPy&Q;1J<Q=Rw7zP0W`<I7X@-?=Nf;Xee%N*w}vJKiE|cD<4a=^PO7MQlM02j-+$
zKCm^lM#p{(Wj}5i#kBavYT-0#nTBp`m_35(`HY&Y@4YUMZTiPw%I|bpPk6PK|CYyI
z`Xes=050k(L_<N^Jv(Mpm{{2H2c!?vIl%96&k^E-?K&Vk`$KkeX~Jw~Fsfk(d16L!
z-bf)Sz$PAGgB&vJhQ}eDyRs{2lK?Gq>ui&7ST0~#+}I^&?vcE*t47~Xq#YwvA^6^}
z`WkC)$AkNub|t@S!$8CBlwbV~?yp&@9h{D|3<UyWg7|l{^glZ5Dp<R^T02<&bDDly
zL;vF_RkK%`Q$`P93~`T9H0DLwoQ7TLazhh0=(S3=G6^=$?i+3C_*1LCvRZO39g|43
z<9HQ9$%`iR2>z-vJXgzRC5^nYm+PyPcgRzAnEi6Q^gslXYRv4nycsy-SJu?lMps-?
zV`U*#WnFsdPLL)Q$AmD|0`UaC4ND07+&UmOu!eHruzV|OUox<+Jl|Mr@6~C`T@P%s
zW7sgXLF2SSe9Fl^O(I*{9wsFSYb2l%-;&Pi^d<d5gZY$ouXkSxh!i;YM~orayzvd9
z$>pv!{)C3d0AlNY6!4fgmSgj_wQ*7Am<LG|<(H6ae*!sIhw}*%cn8L{G&Qz)Il&k~
zdUB%q=yN3Oz|C{wnn*7=Y}H`Tp)^(dl#`ZFq_B51Ks``*Lp3oxGdwsr3V(Qn1t<fg
ziSMz83x=Ap$h4F(3LJRw8rYw8Xe?}PuG+VUk_bdjjrHLOpBsF^D$Ey0j+dIBQyzkk
z^3ERO0R}UDBy9?czbAa9qFbE3)`4Z5^?OXpH_#GiC*r#QhzMY=jT%oM-$ku0=Z=SS
zPUHZ>7&$z;Jg&wgR-Ih;lUvWS|KTSg!&s_E9_bXBkZvGiC6bFKDWZxsD$*NZ#_8bl
zG1P-#@?OQzE<T`h^Ta9L)yZGSKEF-RZ;~y;F=H0>D7@jlMJTH@V!6k;W>auvft)}g
zhoV{7$q=*<qV(a={b8n4s4yhm_oFzSM6cYhPn}4ss!6ccUzX#rKA~T>;=l{O>Q4a@
ziMjf_u*o^PsO)#BjC%0^h>Xp@;5$p{JSYDt)zbb}s{Kbt!T*I@Pk@X0zds6wsefuU
zW$XY%yyRGC94=6mf?x+bbA5CDQ2AgW1T-jVAJbm7K(gp+;v6E0WI#kuACgV$r}6L?
zd|Tj?^%^*N&b>Dd{Wr$FS2qI#Ucs1yd4N+RBUQiSZGujH`#I)mG&VKoDh=KKFl4=G
z&MagXl6*<)$6P}*Tiebpz5L=oMaPrN+caUXRJ`D?=K9!e0f{@D&cZLKN?iNP@X0aF
zE(^pl+;*T5qt?1jRC=5PMgV!XNITRLS_=9{CJExaQj;<KOp}Ss$xf3w95Awwovm~a
z$iUieZ+;LRH(+2InXK7*7kZ|*f#fpjzjcGEbKAy*9*Q%Ik>lt!&pdzpK?8p>%Mb+D
z?yO*uSung=-`QQ@yX@Hyd4@CI^r{2oiu`%^bNkz+Nkk!IunjwNC|WcqvX~k=><-I3
zDQdbdb|!v+I<k8C-8h1&l^p%~4R~&So2|v->z01$w@aMl!R)koD77Xp;eZwzSl-AT
zr@Vu{=xvgfq9akRrrM)}=!=xcs+U1JO}{t(avgz`6RqiiX<|hGG1pmop8k6Q+G_mv
zJv|RfDheUp2L3=^C=4aCBMBn0aRCU(DQwX-W(RkRwmLeuJYF<0urcaf(=7)JPg<3P
zQs!~G)9CT18o!J4{zX{_e}4eS)U-E)0FAt}wEI(c0%HkxgggW;(1E=>J17_hsH^sP
z%lT0LGgbUXHx-K*CI-MCrP66UP0PvGqM$MkeLyqHdbgP|_Cm!7te~b8p+e6sQ_3k|
zVcwTh6d83ltdnR>D^)BYQpDKlLk3g0Hdcgz2}%qUs9~~Rie)A-BV1mS&naYai#xcZ
z(d{8=-LVpTp}2*y)|gR~;qc7fp26}lPcLZ#=JpYcn3AT9(UIdOyg+d(P5T7D&*P}#
zQCYplZO5|7+r19%9e`v^vfSS1sbX1c%=w1;oyruXB%Kl$ACgKQ6=qNWLsc=28xJjg
zwvsI5-%SGU|3p>&zXVl^vVtQT3o-#$UT9LI@Npz~6=4!>mc431VRNN8od&Ul^+G<O
z&+UaGr()Me%6V)8@*Bx3oT4=TBj_vjymMyd8nWP{_ePd?ZpLR5y@P!PwPSnq@b%?+
z-3jAw7s2p_He|nVH%u;ROIVANf3n6TyT+w(2_c_sy)MF$<SLbp^<>_kHC`G=6WVWM
z%9eWNyy(FTO|A+@x}Ou3CH)oi;t#7rAxdIXfNFwOj_@Y&TGz6P_sqiB`Q6<Z9`{@I
zG)gW^Bs^4xVzBtFwh6KfO16ddPYr(3GPqiVlbqYNdp{z1`WEdF){s~pqbp&T6o|uZ
zd@{Wd+K`h(<$gjo>Lxy|Q{`|fgmRG(k+!#b*M+Z9zFce)f-7;?Km5O=LHV9f9_87;
zF7%R2B+$?@sH&&-$@tzaPYkw0;=i|;vWdI|Wl3q_Zu>l;XdIw2FjV=;Mq5t1Q0|f<
zs08j54Bp`3RzqE=2enlkZxmX6OF+@|2<)A^RNQpBd6o@OXl+i)<H_i&N`daO9#gRD
zbNRiucg54Gy(2fGrWtv`LB0NuWCH3@RHOJamGJ+B#lKG`{v$j0pO8><bNM_W{ENJH
zS2a-j%gz<EZJA$~1=AFf&`NH0`}A|!jr|e^sYu1)OS{vLFWmU*j55~$42^zF3vE?V
zDx)gAg1%Glt~U?HFUqs}9{v)ryb$pHbibYndMV|B@l;eyS(h=KEpcIvczVDE78@Xj
zSAm;1J^1Dwm>zO%D4iGiQNuXd+zIR{_lb96{lc~bxsBveIw6umhShTX+3@ZJ=YHh@
zWY3(d0azg;7oHn>H<>?4@*RQbi>SmM=JrHvIG(~BrvI)#W(<iZ@?A1TuACNgdXURW
z+)gvyNh;kbU(liR<_1NHe=TW&=0kt+K?wKELV`s)-;TebXWQlc!-`aY6o(nMsy+|=
z(E4T?*-uU}N^Du>EAeO6fS+}mxxcc+X~W6&YVl86W9WFSS}Vz-f9vS?XUDBk)3TcF
z8V?$4Q)`uKFq>xT=)Y9mMFVTUk*NIA!0$?RP6Ig0TBmUFrq*Q-Agq~DzxjStQyJ({
zBeZ;o5qUUKg=4Hypm|}>>L=XKsZ!<FKQ_ntYAcXmoND))pw_T3pH%fHY!pNqk5cuV
zOHA2*8nP`0K~OlwGy0SH3EWaDB-i#4%#|`_{yB={(lcN;3!10+Pxox-HkRohVDL0|
z8{E!B)=^(A?$N_ctiS3J)!iY`)ts!F9ODnu96)<93qPUBnzlYuy=Jt+bF8r45!B4r
zWzRGHHPnO9ti}*NAt&~?DFW+%!bE>F$yNTDO)jt4H0gdQ5$f|d&bnVCMMXhNh)~mN
z@_UV6D7MVlsWz+zM+inZZp&P4fj=tm6fX)<V@r2uJW+0vvpHTeeFv#Sgo7s}BAm4K
zjGGF<Q!n^&4xvzX0>SG5H>OsQf_I8c<Dg8clrV~^w3Z*%r!X6dX4x@j9;{JD(8l7}
z(Qgx)wY{>~uGCig$GzuwViK54bcgL;VN|FnyQl>Ed7(@>=8$a_UKIz|V6CeVSd2(P
z0Uu>A8A+muM%HLFJQ9UZ5c)<?oM~-8FHMf~w|t%VP|2Tazr<2Sjx#;msM?}B)jn`T
z*pYak+6)TB+ee7iYW3p=zQkY>BSAv_zH#1f02x?h9C}@pN@6{>UiAp>({Fn(T9Q8B
z^`zB;kJ5b`>%dLm+Ol}ty!3;8f1XDSVX0AUe5P#@I+FQ-`$(a;zNgz)4x5hz$Hfbg
z!Q(z26wHLXko(1`;(BAOg_wShpX0ixfWq3ponndY+u%1gyX)_h=v1zR#V}#q{au6;
z!3K=7fQwnRfg6FXtNQmP>`<;!N137paFS%y?;lb1@BEdbvQHYC{976l`cLqn;b8lp
zIDY>~m{gDj(wfnK!lpW6pli)HyLEiUrNc%eXTil|F2s(AY+LW5hkKb>TQ3|Q4S9rr
zpDs4uK_co6XPsn_z$LeS{K4jFF`2>U`tbgKdyDne`xmR<@6AA+_hPNKCOR-Zqv;xk
zu5!HsBUb^!4uJ7v0RuH-7?l?}b=w5lzzXJ~gZcxRKOovSk@|#V<jQ-(2_xKpDYt{m
zs6<ysaM*D{ARcUnlk4D!8f*k1G{Ip@*-dFQ!bhc3zg>+MuX%Y+=;14i*<yct;~?4+
z8a$HdaeCZdGnM?f>%{)_gSW9(#4%)AV#3__kac1|qUy!uyP{>?U#5wYNq}y$S9pCc
zF<Mndv5MKme1!JVgsoWscJ<knfP)Xe)2}9N1^EiWQ;6~WJPU`LW&2l%<A5V5ht~*^
zy?4tqc_+c^CwHLPg-(Ehm=L2yf~2Mxlz*2rKsp2n_Y-esI>c~4mgSC*G~j0u#qqp9
z${>3HV~@->GqEhr_Xwoxq?Hjn#=s2;i~g^&Hn|aDKpA<n^4$fC$Kuspwq}<LNwu8C
zbf6;H40RGwOB}XjobHn85?fmF9ub`bI+IQM@Py%7F9WcE4R&_4B5<%dGT-3U#$8JL
z+9W_t43rJ$Gf^G?+|wOo&KIwqf2&OR?zMoHUZhcc%t4i);VELMxvn-h%aEuLgl_t^
zn}SzihDXMuweFhp8a#vz8k>>Oc%HlW(KA1?BXqpxB;Ydx)w;2z^MpjJ(Qi(X!$5RC
z*P{~%JGDQqojV>2JbEeCE*OEu!$XJ>bWA9Oa_Hd;y)F%MhBRi*LPcdqR8X`NQ&1L#
z5#9L*@qxrx8n}LfeB^J{%-?SU{FCwiWyHp682F+|pa+CQa3ZLzBqN1{)h4d6+vBbV
zC#NEbQLC;}me3eeYnOG*nXOJZEU$xLZ1<1Y=7r0(-U0P6<g54#mo~h%m97FKEIHpA
zi1;stE`DWrPG;ZcvR%GkPkplBUD5E>-AqwMAM`a(Ed#7vJkn6plb4eI4?2y3y<C7^
zMN|!317AP-8b+h`frBg^oc&CV#@gdFKbOG_+V@md3_}H++3*0>OTGmmDQ!z9`wzbf
z_OY#0@5=bnep;MV<TyaesE-ymV~)h1zKx)bzGTLWVIp8Jc0Xjtfz?g}02XS&L-sgn
zz+J7FV@}%gTsBPancF*aFOCi$QUrJa8Ibmw3#H6HwLunm!~S7uJfJF*x^4TdZ((BQ
z!OA8ez?xzj5&N>0X_;;<l|1-%NB+RStv%4V3*k9dM&8$D*6KHj&I{f#=G0sJycjJ9
zsbnF%tPoJ^)WY9aH4DzA@Up>SJJWEf^E6Bd^tVJ9znWx&Ks8t*<NkWUjNZuHXm?wX
z&k+-16-gZ2l39lpjw5PGa}Nvw$IGx#fYlU<*{);MA3*W3V0a83>B>AM@?;D4oWUGc
z!H*`6d7Cxo6VuyS4Eye&L1ZRhrRmN6Lr`{NL(wDbif|y&z)JN>Fl5#Wi&mMIr5i;x
zBx}3YfF>><oG8>8EC(fYnmpu~)CYHuHCyr5*`ECap%t@y=jD>!_%3iiE|LN$mK9>-
zHdtpy8fGZtkZF?%TW~29JIAfi2jZT8>OA7=h;8T{{k<t+bcx0feOM-&l9hI?Xmy(z
z-fq}pe2pf8j{{(B0xe64n-!77hMklQf7$y)E8W+2Z@Tt{aWpu0WCZ>?c2`nCEx9$r
zS+*&vt~2o^^J+}RDG@+9&M^K*z4p{5#IEVbz`1%`m5c2};aGt=V?~vI<yv(rk2~bL
zj=};pL9GggLHjow%gVWrUmkyePLZ<Qj(q4u0~rKInZFBgS5;8-hpCcg={gcFHnWum
zMonS>M}ZdPECD<VzUqoNT#)>I)47|CWBCfDWUbxBCnmYivQ*0Nu_xb*C>~C9(VjHM
zxe<*D<#dQ8TlpMX2c@M<9$w!RP$hpG4cs%AI){jp*Sj|*`m)5(Bw*A0$*i-(C<so-
zb=dYmBN5sxWooS6f<r|QIT;nm(*5IP;!0gq<>A5#%>a)$+jI2C9r6|(>J8InryENI
z$NohnxDUB;wAYDwrb*!N3noBTKP<UImuz_p@!@WwtKs6Oq=w->pPN}~09SEL18tkG
zxgz(RYU_;DPT{l?Q$+eaZaxnsWCA^ds^0PVRkIM%bOd|G2IEBBiz{&^JtNsODs;5z
zICt_Zj8wo^KT$7Bg4H+y!Df#3mbl%%?|EXe!&(Vmac1DJ*y~3+kRKAD=Ovde4^^%~
zw<9av18HLyrf*_>Slp;^i`Uy~`mvBjZ|?Ad63<fPCD(QY8B|u!l)brK@3#~ULtEdK
zqfCRe>yQa#YK`4+c6;pW4?XIY9G1(Xh9WO8{F-Aju+nS9Vmv=$Ac0ienZ+p9*O%NG
zMZKy5?%Z6TAJTE?o5vEr0r>f>hb#2w2U3DL64*au_@P!J!TL`oH2r*{>ffu6|A7tv
zL4juf$DZ1MW5ZPsG!5)`k8d8c$J$o;%EIL0va9&GzWvkS%ZsGb#S(?{!UFOZ9<$a|
zY|a+5kmD5N&{vRqkgY>aHsBT&`rg|&kezoD)gP0fsNYHsO#TRc_<dLhZf-oCe<uor
zVn+D3J+?dI`OPTIwX%7HL4coV@n&0F`$sgzfV#jy^Nxhx;htyfm`2*%2*E<EEua3X
z>$n6Lf1Z{?+DLziXlHrq4sf(!>O{?Tj;Eh@%)+nRE_2VxbN&&%%caU#JDU%vL3}Cb
zsb4AazPI<wjJ5Xm?P>{>8H&d=jUaZDS$-0^AxE@utGs;-Ez_F(qC9T=UZX=>ok2k2
ziTn{K?y~a5reD2A)P${NoI^>JXn>`IeArow(41c-Wm~)wiryEP(OS{YXWi7;%dG9v
zI?mwu1MxD{yp_rrk!j^cKM)dc4@p4Ezyo%lRN|XyD}}>v=Xoib0gOcdXrQ^*61HNj
z=NP|pd>@yfvr-=m{8$3A8TQGMTE7g=z!%yt`8`Bk-0MMwW~h^++;qyUP!J~ykh1GO
z(FZ59xuFR$(WE;F@UUyE@Sp>`aVNjyj=Ty>_Vo}xf`e7`F;j-IgL5`1<e8<5GZ9t_
zSKJ;j#8L2sA)KLlG+guS4jf40SgEe!dKKK0Hbs4NAYj<w(>~-#70$9_=uBMq!2&1l
zomRgpD58@)YYfvLtPW}{C5B35R;ZVvB<<#)x%srmc_S=A7F@DW8>QOEGwD6suhwCg
z>Pa+YyULhmw%BA*4yjDp|2{!T98~<6Yf<Ht&p|`G9M?uugEk_wVc(bM<s*XMD&4B1
z!i3%8q|snVIZ`!_i1*YyreC8Lohwejbmzog)&}vE7Rz1dcR%OnN}_3vj`{K=-3O~_
zu1c5_k};f^gB06dul({<`Lcpka0Ph<!;#yPQz#pwe?I#d5?HpUA@y)AJdD~*W6*^J
z9IAb}`aqXze3Z5+o@S&yu8d^LhgI0a?q{$=xrJP?yBJszi{*k);E$b`3mcYPuTL=d
zCCNFg0QG16+KKF$c43P(5eJVL61PLUzK~wHo_6%n7f<5cmB2yHn6OgGuGvm#^QB$O
zIXl<)?hk{+{p_;>d(wo1mQ!KWwq0eg+6)o1>W~f~kL<-S+P@$wx*zeI|1t7z#Sxr5
zt6w+;YblPQNplq4Z#T$GLX#j6yldXAqj>4gAnnWtBICUnA&-dtnlh=t0Ho_vEKwV`
z)DlJi#!@nkYV#$!)@>udAU*hF?V`2$Hf=V&6PP_|r#Iv*J$9)pF@X3`k;5})9^o4y
z&)~?EjX5yX1<xGQ%1@{UCW^23>2O(BsFy-l6}nYeuKkiq`u9145&3Ssg^y{5G3Pse
z9w(YVa0)N-fLaBq1`P!_#>SS(8fh_5!f{UrgZ~uEdeMJIz7DzI5!NHHqQtm~#CPij
z?=N|J>nPR6_sL7!f4hD_|KH`vf8(Wpnj-(gPWH+ZvID}%?~68SwhPTC3u1_cB`otq
z)U?6qo!ZLi5b>*KnYHWW=3F!p%h1;h{L&(Q&{qY6)_qxNfbP6E3yYpW!EO+IW3?@J
z);4>g4gnl^8klu7uA>eGF6rIGSynacogr)KUwE_R4E5Xzi*Qir@b-jy55-JPC8c~(
zo!W8y9OGZ&`xmc8;=4-U9=h{vCqfCNzYirONmGbRQlR`WWlgnY+1wCXbMz&NT~9*|
z6@FrzP!LX&{no2!Ln_3|I==_4`@}V?4a;YZKTdw;vT<+K+z=uWbW(&bXEaWJ^W8Td
z-3&1bY^Z*oM<=M}LVt>_<PFYrPfhFhSu%npt;+8<VSwjlcQC8wPbX!R<;Rgr<C++E
zby{kGH;!C6486yrVIwy8>j+p=2Iu7<ee5Yzkv)1V_(^OyjiyljyAy{*({<c49<wJ_
zD`WoEKZ35Gv<M<<pCYpQZ?|m!#mlmG_*_DC0N62ESbuImD+AoD)Lj4`<}R)PJ25MB
zQ(JSFe<_~3nt|(_B)R}zmNZN0*RPG}Ru~x4q$U+I`RU|gs%W~s18LSc)J(SC3~+Y<
zk0lr!;49KA_>pZmbXrhQ_k)ysE9yXKygFNw$5hwDn(M>H+e1&9BM5!|81vd%r%vEm
zqxY3?F@fb6O#5UunwgAHR9jp_W2zZ}NGp2%mTW@(hz7$^<W>+a`A?mb8|_G*GNMJ)
zjqegXQio=i@AINre&%ofexAr95aop5C+0MZ0m-l=MeO8m3epm7U%vZB8+I+C*iNFM
z#T3l`gknX;D$-`2XT^Cg*vrv=RH+P;_dfF++cP?B_msQI4j+lt&rX2)3GaJx%W*Nn
zkML%D{z5tpHH=dk<tahvnnE?`>sQ*gzc|}gzW;lwAbxoR07VNgS*-c3d&8J|;@3t^
zVUz*J*&r7DFRuFVDCJDK8V9NN5hvpgGjwx+5n)qa;YCKe8TKtdnh{I7NU9BCN!0dq
zczrBk8pE{{@vJa9ywR@mq*J=v+PG;?fwqlJVhijG!3VmIKs>9T6r7MJpC)m!Tc#>g
zMtVsU>wbwFJEfwZ{vB|ZlttNe83)$iz`~#8UJ^r)lJ@HA&G#}W&ZH*;k{=TavpjWE
z7hdyLZPf*X%Gm}i`Y{OGeeu^~nB8=`{r#TUrM-`;1cBvEd#d!kPqIgYySYhN-*1;L
z^byj%Yi}Gx)Wnkosi337BKs}+5H5dth1JA{Ir-JKN$7zC)*}hqeoD(WfaUDPT>0`-
z(6sa0AoIqASwF`>hP}^|)a_j2s^P<w)m}Rj^15uY<n!4_%<!d#{vZ=Z_P}@eeW-Ox
z;JQLPzZSHN-l$$DLG%r}N3ZZZvwUxH+BWNXE{dS!hk|G5x)?-llV>Qn*qVC{Q}htR
z5-)duBFXT_V56-+UohKXlq~^6uf!6sA#ttk1o~*QEy_Y-S$gAvq47J9Vtk$5oA$Ct
zYhYJ@8{hsC^98${!#Ho?4y5MCa7iGnfz}b9jE~h%EA<g+BN#3fNo`|_hPZ+|%)bb7
zIn_D<^wYb`{#zL<_<s|myPLHg(|`4wmJ7hi$=pTU+V#^hHu-$b(Luw-PR!Bav-v(-
z@?W|xOvONHUKm|~3~s1|_Dl38>Av~Qxu)_rAV;^cygV~5r_~?l=B`zObj7S=H=~$W
z<UmLzInv1Ql%M`_G9-u94*9n+0oO@^hhKgl*ZXu|6{=bN1o_txgnax72@;~Z7?^Oq
z7?^&}>PtI_m%g$`kL_fVUk9J<CtwAz7a!$Q&-Jh3I_W5n|1(dhB)p#U+Wl>@>EiBH
zOO&jtn~&`hIFMS5S`g8w94R4H40mdNUH4W@@XQk1sr17b{@y|JB*G9z1|CrQjd+GX
z6+KyURG3;!*BQrentw{B2R&@2&`2}n(z-2&X7#r!{yg@<!&3xwQWd$^>Soy}cRD~j
zj<Og|6*w}HqZTw8{Il!Ft=<O5!dlKfOz|j$Z^w5&_=~)z5Z-}bt_7jqebZL&Vjmk}
z(RA*=wrL0UL*<vcZEZprIhH<3JJLr)CAtGH+&D8sC~U9fHYR9L!BM()S6a1mtsI!E
z--M=*g<DRnwm1hG$L!!=946pI4AzFaqTKQdn(cd9nxm|_%Tp(UbUJVdmn&m&OV5sT
zjBA&CZ;!B-hP7XTLul+iNP4Dg{KGjcnsK_H51vQ)!>9@UBW+N|4HW4AWapy4wfUI-
zZ`gSL6DUlgj*f1hSOGXG0IVH8HxK?o2|3HZ;KW{K+yPAlxtb)NV_2AwJm|E)FRs&&
z=c^e7bvUsztY|+f^k7NXs$o1EUq>cR7C0$UKi6IooHWlK_#?IWDkvywnzg&ThWo^?
z2O_N{5X39#?eV9l)xI(>@!vSB{DLt*oY!K1R8}_?<kMv(YfJ|7amweKbCcwmp-oP{
zR^MH3r^g&R=wr#qxEEp(KK<zYcr_;1=X$Imnu<Z`RiZwY8*iRY{cWxHh1c@XJZ&pv
zV{U_Z%$qRKL70X;eBqb*t1O=8k$SB(oK)NPT~SfHMOv=9#+69sQt>%+0^C{d9a%N4
zoxHVT1&Lm<qomrTXsCPGIz?rb+qQLuzE?D*s2JcateF>|uDX%$QrBun5e-F`HJ^T$
zmzv)p@4ZHd_w9!%Hf9UYNvGCw2TTTbrj9pl+T9<ayV5<}<wvT;Sn~c<QFT@1O08w<
zkEzBm=w)jYybjnZrhSE(k<3uFR)#=txys^{+XA;N)s*?BH^)|A82SR=)(_iGhC7T3
z6;In+x<8Dm5KW<GS7?86#S~&}Tl{Cy3IDd}BL8#I#Xpxf?HmDS<l^QQ0CzjL|Nnnw
z7e`AMb5~dSPx>%-_-}L(tES>Or-}Z4F*{##n3~L~TuxjirGuIY#H7{%$E${?p{Q01
zi6T`n;rbK1yIB9jmQNycD~yZq&mbIsFWHo|ZAChSFPQa<(%d8mGw<NE-PqxpYmaZY
z>*V3fh|yFoxOOiWJd(qvVb!Z$b88cg->N=qO*4<Ju1L$F55Eg|&pd*ih%*g;pO{D%
z0by!&Tpi~?D_*9Y{Y99`;u%i~<7J9|%7CE#RGy9%il*j9uH#6qR8ZZ3+-)Oz_wKW(
z^pYp_3KlClW0cl`;)I55^HEmIrxSK3i7Y3l?;+5qj8LrRLEa*uvXRuegx26kvwYL_
zb#;U>k~6;R==|9ihg&riu#P~s4Oap9O7f%crSr^rljeIfXDEg>wi)&v*a%7zpz<9w
z*r!3q9J|390x`Zk;g$&OeN&ctp)VKRpDSV@kU2Q>jtok($Y-*x8_$2piTxun81@vt
z!Vj?COa0fg2RPXMSIo26T=~0d`{oGP*eV+$!0I<(4azk&Vj3SiG=Q!6mX0p$z7I};
z9BJUFgT-K9MQQ-0@Z=^7R<{bn2Fm48endsSs`V7_@%8?Bxkqv>BDoVcj?K#dV#uUP
zL1ND~?D-|VGKe3Rw_7-Idpht>H6XRLh*U7epS6byiGvJpr%d}XwfusjH9g;Z98H`x
zyde%%5mhGOiL4wljCaWCk-&uE4_OOccb9c!ZaWt4B(wYl!?vyzl%7n~QepN&eFUrw
zFIOl9c({``6~QD+43*_tzP{f2x41h(?b43^y6=iwyB)2os5hBE!@YUS5?N_tXd=h(
z)WE286Fbd>R4M^P{!G)f;h<3<yF&*^O7$OuoRrI)h{eq;PvnVS@*1~LuT)USkQaNv
zOM$`oAtUE4j7%H>Q>Fipuy+d2q-)!RyTgt;wr$(?9ox3;q+{E*ZQHhOn;lM`cjnu9
zXa48ks-v(~b*;MAI<>YZH(^NV8vjb34be<!O&B^}ixjt}bVWn%lGLAylA+d{-I3Ov
zYGthSdKw$ke{f2yKKz!}A?+JRYrVrnNgphJxf8a2-SUbcd-<f$tEQ|wN=!zhIVy6o
z{e*aA58OB1vmh4GpWd_ASE)%_0rN^UY7rBTo&!Y1@Ctrd$H;scFhnl=M`1%EsufNC
z-OLaEwV5;h{|wOY5$Wp2@8oFu?G`jM&~vo;?-m}Z`0Z8WNBRVdp)MQ|2K`3!%98{%
zdNe?VYC=$}mLx4b>E<_cwKlJoR;k6lJNSP6v}uiyRD?|0w+X@o1ONrH8a$fCxXpf?
z?$DL0)7|X}Oc%h^zrMKWc-NS9I0Utu@>*j}b@tJ=ixQSJ={4@854wzW@E>VSL+Y{i
z#0b=WpbCZS>kUCO_iQz)LoE>P5LIG-hv9E+oG}DtlIDF>$tJ1aw9^LuhLEHt?BCj&
z(O4I8v1s#HUi5A>nIS-JK{v!7dJx<eVzUtPaTI7fl_Lc9Q7H|gBw|{WKmed^JnGV(
zu>)^Yg%XjNmlkWAq2*cv#tHgz`Y(bETc6CuO1VkN^L-L3j_x<4NqYb5rzrLC-7uOv
z!5e`GZt%B782C5-fGnn*GhDF$%(qP<74Z}3xx+{$4cYKy2ik<NlkqF%3WflOIsu<r
zJ1Ia^)U`#vAWMh>xI7B2N+2r07DN;|-T->nU&!=Cm#rZt%O_5c&1Z%nlWq3TKAW0w
zQqemZw_ue--2uKQsx+niCUou?HjD`xhEjjQd3%rrBi82crq*~#uA4+>vR<_S{~5ce
z-2<NdSzF&R56UcB$b`5iPf1tk$#inbE+bN7x7fQ!g0(-tUeP$5mD|<oEEQs$_4x-D
zh0c}WhYdr7ofXz6ohh@zpmk*n(FlBp!zEgxx$uEo2H<WsrEGtxER628jLj$t%l9)Q
zpgsl-$*Z~WylJ9&D{WG%{31lN8lbCEKy<E~v-RJ-A&Im)1f}cclb5D<{1Q#Vu%0dO
zWKBG_7m(=clSMuCN`u^GxdNe&YF`-TUb|;%bmJ`YPw4~vsx(y)NXfrJ;zl=TdJvdM
zgjB=Fy{n+66I+(Z4-Ri^DAN$}Va@@|i(LY(Ta%N-!9$yT@Di8@Q|ICHs-$>EIl?~s
z1=<moH2Vo(ywx9NJa$4J-?u#55cOFdV)B}0g(o*O*fidd5c?ici{Ux!YWxH)lJBu&
zebpoNCFHe!@Sp-PDw*l@?whO<W~J*cdfDfxv>GVL{NxP1N3%=AOaC}j_Fv=ur&THz
zyO!d9kHq|c73kpq`$+t+8Bw7MgeR5~`d7ChYyGCBWSteTB>8WAU(NPYt2Dk`@#+}=
zI4SvLlyk#pBgV<A2?oY=e+fBwTE4;jq%tyXWMQiSYYYO}#)dHPJlDLuJulo6SGjK1
z`gH3!=BMJnht1ob+aBAuUFTlcx2QPoAUzlvdTgFMd@}Q&V?T*GzNthb2P4Otx?F}b
zQU!B?T171=l1DVswq8U{dUopH<i_9aHNW4O!%Ue4mI5N4Rk3KVw;&F(OhCj^%kuG+
z8MtBDbnF(k2oZuHMNq<)Iaf2h9OF2sY%r9g4<_CbzLUIxWdSMTHg+tXTNiq(CW|G{
zGd*nwn$nSQ3yn2F)sHm_LxN&3a)|o1Bxxow1q4-amB&cP3_zydal7X0#bqu|rbi}z
za?8dV(p~@OkF-Z^V2VNz4r_~<b6L?KbFZxteo)3x8MUXZIB5k|m&5ONIJ2mEmpJ8+
zS^3scTkT>igEe`?NG*vl7V6m+<}%FwPV=~PvvA)=#ths==DRTDEYh4V5}Cf$z@#;<
zyWfLY_5sP$gc3LLl2x+Ii)#b2nhNXJ{R~vk`s5U7Nyu^3yFg&D%Txwj6QezMX`V(x
z=C`{76*mNb!qHHs)#GgGZ_7|vkt9izl_&PBrsu@}L`X{95-2jf99K)0=*N)VxBX2q
z((vkpP2RneSIiIUEnGb?VqbMb=Zia+rF~+iqslydE34cSLJ&BJW^3knX@M;t*b=EA
zNvGzv41Ld_T+WT#XjDB840vovUU^FtN_)G}7v)1lPetgpEK9YS^OWFkPoE{ovj^=@
zO9N$S=G$1ecndT_=5ehth2Lmd1II-PuT~C9`XVePw$y8J#dpZ?Tss<6wtVglm(Ok7
z3?^oi@pPio6l&!z8JY(pJvG=*pI?GIOu}e<i-gr8K;Jwm`jb9}cg?7%k?$ozkvP<q
z^_0<VPv%dHn>^EB6QYk$#FJQ%^AIK$I4epJ+9t?KjqA+bkj&PQ*|vLttme+`9G=L%
ziadyMw_7-M)hS(3E$QGNCu|o23|%O+VN7;Qggp?PB3K-iSeBa2b}V4_wY`G1Jsfz4
z9|SdB^;|I8E8gWqHKx!vj_@SMY^hLEIb<lAtPrMWpQ?Gx@0V+>SMCuE?WKq=c2mJK
z8LoG-pnY!uhqFv&L?yEuxo{dpMTsmCn)95xanqBrNPTgXP((H$9N${Ow~Is-FBg%h
z53;|Y5$MUN)9W2HBe2TD`ct^LHI<(xWrw}$qSoei?}s)&w$;&!14w6B6>Yr6Y8b)S
z0r71`WmAvJJ`1h&poLftLU<!Z5k{sKI&`B$86NJr<vepFmH?(W7PH*&i|mr?Ft$yK
zlQ2hYqAhr7MyE%yewrikAeSqlmaqf6`n)*-iF$8(XN#mJ2C<)bI6Vjy(bW4=>S6Ir
zC$bG9!Im_4Zjse)<TV^7Y-skQbZaPLqlJGP?6u?Ar53a`=TEMdV9Pz$A~Oa(Rc*59
zlP6c&tH(X*j_BPct#psJ_4ej*FB0-ZmxrgT1go#{dSJYBN5b(ilJd0C{DrQAlZa_y
z_`$lr_=xcxo6aRz`CVouz-G0iMAr=_WWB~^j&$tY`E*!!JHXJsUn?rao*@+eB&qDA
zW99F#`#iK!JA{ggeYTsjHg%UzJKlG}4g|0~H1^LtyCeCE^d_K<#AGK3JmN+YTaC5S
z91&>#K=oJM9mHW1{%l8sz$1o?ltdKlLTxWWPB>Vk22czVt|1%^wn<WkC7-mZ1~!CF
z*?s-mfPHuh>N@*!l)}?EgtvhC>vlHm^t+ogpgHI1_$1ox9e;>0!+b(tBrmXR<YSIe
z+ujWarO6U*;i)~AxpZt4t`{u9*(+s;XcKm*(c~N9u#mFIlYU2WORAXM_UYQcUg$Ee
zx5S=-_TAMk8a1Q-)f_5{=PkrVgJA;Ro116-3NLM9UpBJ!h?qkH2BSize2e<I)M16H
z`{Y|kfSkRI?YvZ4;f|#JKgvo95q7X$@!Rjljd&2-g(yOk)xl#i>B`PY1vp-R**8N7
zGP|QqI$m(Rdu#=(?!(N<WmSu~%G3p+kgCkb(yT{~ITG_cvZ}c9BIo-Bx{A8PA+JSS
zM`u{@ucuz=u?fnE^32?!>}G9QhQ%o!aXE=aN{&wtGP8|_qh+7a_j_sU5|J^)vxq;#
zjvzLn%_QPHZZIWu1&mRAj;Sa_97p_lLq_{~j!M9N^1yp3U_SxRqK&JnR%6VI#^E12
z>CdOVI^_9aPK2eZ4h&^{pQs}xsijXgFYRIxJ~N7&BB9jUR1fm!(xl)mvy|3e6-B3j
zJn#ajL;bFTYJ2+Q)tDjx=3IklO@Q+FFM}6UJr6km7hj7th9n_&JR7fnqC!hTZoM~T
zBeaVFp%)0cbPhejX<8pf5HyRUj2>aXnXBqDJe73~J%P(2C?-RT{c<cL>3NjE`)om!
zl$uewSgWkE66$Kb34+QZZvRn`fob~Cl9=cRk@Es}KQm=?E~CE%spXaMO6YmrMl%9Q
zl<Oi>A3Q$3|L1QJ4?->UjT&<QWaf5;5SDgEG|O+++eQ`L7IecmPP{~vvxpw+mh_w?
z)_nm*UV;|XpG)3akT+?)#!p)ksH$g>CBd!~ru<az8{#I2>{Ih^in&JXO=|<6J!&qp
zRe*OZ*cj5bHYlz!!~iEKcuE|;U4vN1rk$xq6>bUWD*u(V@8sG^7>kVuo(QL@Ki;yL
zWC!FT(q{E8#on>%1iAS0HMZDJg{Z{^!De(vSIq&;1$+b)oRMwA3nc3mdTSG#3uYO_
z>+x;7p4I;uHz?ZB>dA-BKl+t-3IB!jBRgdvAbW!aJ(Q{aT>+iz?91`C-xbe)IBoND
z9_Xth{6?(y3rddwY$GD65IT#f3<(0o#`di{sh2gm{dw*#-Vnc3r=4==&PU^hCv$qd
zjw;<UDv>>i&?L*Wq#TxG$mFIUf>eK+170KG;~+o&1;Tom9}}mKo23KwdEM6UonXgc
z!6N(@k8q@HPw{O8O!lAyi{rZv|DpgfU{py+j(X_cwpKqcalcqKIr0kM^%Br3SdeD>
zHSKV94Yxw;pjzDHo!Q?8^0bb%L|wC;4U^9I#pd5O&eexX<SpYMUi;NrGyaua!-+-%
z(b6a1gZ;D+I4*J4ZzM0c^5vOx!1kF+S*rg^EpYq4Q$8Zv`)iCLe*9oY_%}BDzxap$
zLASmGRxF(y%$&cS<d#PK1_s~QhLoPQp2`0OZ5YXZBV6=I+(qKW;)rW-X|QN4Rtu+O
zUSe{k6uD&;e7|DG*7jRd*&ewJO@NTU@h#Yzt1=3xB&wH^G8Ykks+&HQ<6Vd9>+Im{
z?jKnCcsE|H?{uGMqVie_C~w7GX)kYGWAg%-?8|N_1#W-|4F)3YTDC+QSq1s!DnO<W
zN9@pSmktp>ML3@d`mG%o2YbYd#jww|jD$gotpa)kntakp#K;+yo-_ZF9qrNZw<%#C
zuPE@#3RocLgPyiBZ+R_-FJ_$xP!RzWm|aN)S+{$LY9vvN+IW~Kf3TsEIvP+B9Mtm!
zpfNNxObWQpLoaO&cJh5>%sl<u+Ou}Gr38*?+PIrbJtKK2C4@@i^3b)w#L5cfzsc$p
zGS#mh6Pugtp<?+N{dA+4Q%bSY%c7pXA|R9VW%COsIn2Bo=M^XtO8d8nsr~aAmv2eX
zu1Bz3botI2)|TFV6HCJkzYB4<>ZnHl_Q~(-Tfh!DMz(dTWld@LG1VRF`9`DYKhyNv
z2pU|UZ$#_yUx_B_|MxUq^glT}O5Xt(Vm4Mr02><%C)@v;vPb@pT$*yzJ4aPc_FZ3z
z3}PLoMBIM>q_9U2rl^sGhk1VUJ89=*?7|v`{!Z{6bqFMq<nxEmclgCD+90@&@li(W
z@s`8&MDulaH_%E?T~GV|zVm+MR`OB^kjC~xrEgb}MlNn^7GQ&p?tO;j2-%IuU~fD(
z0>(mYiA?%KbsI~JwuqVA9$H5vDE+VocjX+G^%bieqx->s;XWlKcuv(s%y%D5Xbc9+
zc(_2nYS1&^yL*ey664&4`IoOeDIig}y-E~_GS?m;D!xv5-xwz+G`5l6V+}CpeJDi^
z%4ed$qowm88=iYG+(`ld5Uh&>Dgs4uPHSJ^TngXP_V6fPyl~>2bhi20QB%lSd#yYn
zO05?KT1z@?^-bqO8Cg`;ft>ilejsw<PFMVi?0Z@%ZV7rUN23RZ3KB-HQ4YJB9u)4=
za)vbs@fTDRfs8YOO9lTq9t(nMd5S}gTT;muT}2|Lp9^&=2z~`<$j8jb{Rm0Lj+(J;
zBs1-Ce%8FDmkdHi5cJ6Wi^?0Snek8_6eCPHqaWM%UBUa}9l;;Shpu<^ueJT0tU&6s
zM}#unAgS&xl(DwgfMw$=1QcnDcIW6g!~<;08&1lIeTOvuGw?sf1Lf^Kz4~1^b^i*7
zQv6%-{2%J%9~}I@Dko75!V~i_(Z_~qE@Eg*k5ZaIz;BO8D2h5gAVv@$PDearM7jpi
z&t7+EZUrTlNkkN39;K<FA&>@2%RR7;`$Vs;FmO(Yr3Fp`pHGr@P2hC%QcA|X&N2Dn
zYf`MqXdHi%cGR@%y7Rg7?d3?an){s$zA{!H;Ie5exE#c~@NhQUFG8V=SQh%UxUeiV
zd7#UcYqD=lk-}sEwlpu&H^T_V0{#G?<Ioj?HL)KBNR`OQ7)HFN^?vHg<3bOCMy{-_
zoJlS{0I_uDhHNKG64k_@&-j<$nist8llO}aD}1PO>lZMxL7ih_&{(g)MWBnCZxtXg
znr#}>U^6!jA%e}@Gj49LWG@*&<lmaA<6<$*MXpyYdp&6c<H(Q`F-~?W^X9RVJSh6?
zS8Z8DnkwU?#%B!h%)j^e-VAuVDAU!JK1md@BbHM`aL3Du8QeW#u5Ow!LJ{cJE;g7g
zfS6lhpcAG^4%Z7tD(JDejR@8=mF27gB&U9t&uA8@v6X<1)e#$W_^iPrw&Q6FYe!O;
z;mr4?<{+g_EB>t0V>Cxc3?oO7LSG%~)Y5}f7vqUUnQ;STjdDU}P9IF9d9<$;=QaXc
zL1^X7>fa^jHBu_}9}J~#-oz3Oq^JmGR#?GO7b9a(=R@fw@}Q{{@`Wy1vIQ#Bw?>@X
z-_RGG@wt|%u`XUc%W{J<m*s=4j2#hKvp}Xrwm)9{h;W6E2ZrwT0V)(gGD?GnU0RwM
z#HcK41SrivBddca)fHXF?z{gCQT_P@wx-H|POi8hsVAB%nToV4iMN+KZh1=!UMaa>
z>iSeiz8C3H7@St3mOr_mU+&bL#Uif;+Xw-aZdNYUpdf>Rvu0i0t6k*}vwU`XNO2he
z%miH|1tQ8~ZK!zmL&wa3E;l?!!XzgV#%PMVU!0xrDsNNZUWKlbi<KaWZPRa*yQzPD
z?-!`siNqS2^Ar7FQc!m$_+UxWcy|gEk+B~FLt>OjzH-1Uoxm8E#r`#2Sz;-o&qcqB
zC-O_R{QGuynW14@)7&@yw1U}uP(1cov)t<bZtw#(M)(XiJYfL8BvaF25ezUn8smY%
zIL-I&o$OIFs>wxeLus0s|7ayrtT8c#`&2~Fiu2=R;1_4bCaD=*E@cYI>7YSnt)nQc
zohw5CsK%m?8Ack)qNx`W0_v$5S}nO|(V|RZKBD+btO?JXe|~^Qqur%@eO~<8-L^9d
z=GA3-V14ng9L29~XJ>a5k~xT2152zLhM*@zlp2P5Eu}bywkcqR;ISbas&#T#;HZSf
z2m69qTV(V@EkY(<qXx5YNic%z2;It?O+T%icQRw=w~P}(cE?O$<=1P^LjThO*$J$+
z*<@biHe!q%g+LQ{F#~S5QTZUfOZ3GP3D<=D3j0f!9E7HkjxKc_g)z1!o;_rP|9bAk
z`BjEQCx<KIvi^GM1jRkNM0nRs6P0hPcy|5t18}ZQi<ZQS>1Dk3`}j)JMo%ZVJ*5eB
zYOjIisi+igK0#yW*gBGj?@I{~mUOvRFQR^pJbEbzFxTubnrw(Muk%}jI+vXmJ;{Q6
zrSobKD>T%}jV4Ub?L1+MGOD~0Ir%-`iTnWZN^~YPrcP5y3VMAzQ+&en^VzKEb$K!Q
z<7Dbg&DNXuow*eD5yMr+#08nF!;%4vGrJI++5HdCFcGLfMW!KS*Oi@=7hFwDG!h2<
zPunUEAF+HncQkbfFj&pbzp|MU*~60Z(|Ik%Tn{BXMN!hZOosNIseT?R;A`W?=d?5X
zK(FB=9mZusYahp|K-wyb={rOpdn=@;4YI2W0E<s2&%i8x7RnmR_dIeK2wKPtVA?`W
z&(y5N6Uhf;St!k{QtA^2hklC0F0jNQ1^WG!Djrw#gypMTn;8cIm2IT14W4+8Zfd?P
z(RlNsG)S|I($<XQ_wo(zU~QxgZ&c8}J!LwJ+gC5c>cbMKyo~-#^?h`BA9~o285%oY
zfifCh5Lk$SY@|2A@a!T2V+{^!psQkx4?x0HSV`(w9{l75QxMk!)U52Lbhn{8ol?S)
zCKo*7<MT2Z&#yn*rVnwZQkr>R(z!uk<6*qO=wh!Pul{(qq6g6xW;X68GI_CXp`XwO
zxuSgPRAtM8K7}5E#-GM!*ydOOG_{A{)hkCII<|2=ma*71ci_-}VPARm3crFQjLYV!
z9zbz82$|l01mv`$WahE2$<xD1<`ujC!7ijORpLN)M&U@lEiyOfPgz+#&<j+G)Ve@{
z49uhDM!il+f+1Ohddi`=p(=u!h7sLm7yGqK4%#ZKd%YvUI(=BCzpn|IbHf!`E?jjq
zNkN-}Pa3AG2My;G@zYOnXl4g(LduE~%FKPJPA6{M4Z@(IC6iu#g0fgCkY2yVR!o7w
zSAe0_FH9n8VszXsaA+KDe(<8VA=dXe;@Mvzyql~A=eKPoX4qg$E{b4p|B|j96u7YW
zNCPo=y&#Ttz?U7fK~W6j?Kuo=wXeV4?w*;OO9xZst|SP^Q4kbKqBIl8hkGC7OOt_I
zzHTK9Aly><gDl|FkR~>=fAGWkd^X2kY(J7<hlY%A5J0#uldARym;T+|d;|>iz}WGS
z@%MyBEO=A?HB9=^?nX`@nh;7;la<vP=GJ_DWqB#{#!`KAdu6%FTU8VbENgD#KJ^CI
z);B^q)Y@yF(YlyL5A}rZXOX1<`Dd>Ajs+fbo!|K^mE!tOB>$2a_O0y-*uaIn8k^6Y
zSbuv;5~##*4Y~+y7Z5O*3w<R;J{o5i>4qgI5V^17u*ZeupVGH^nM&$qmAk|anf*>r
zWc5CV;-JY-Z@Uq1Irpb^O`L_7AGiqd*YpGUShb==os$uN3yYvb`wm6d=?T*it&pDk
zo`vhw)RZX|91^^Wa_ti2zBFyWy4cJu#g)_S6~jT}CC{DJ_kKpT`$oAL%b^!2M;JgT
zM3ZNbUB?}kP(*YYvXDIH8^7LUxz5oE%kMhF!rnPqv!GiY0o}NR$OD=ITDo9r<LYGN
z?2+*it!7d=84FF3EQ!5V&5166oc{Z1O8<?lF+=(kiua&7_M#TrD_|it=_mE6Cz1eX
zwfacTRHwa2jO`w@vfr7ByY*=K7se2@f$`RJFOlykOa!$prgR<-&f{zzV_tCE6E=v(
zZk!PdC3n<fkSRL#m(DteyDn?OK=a6ita@qk4DQ*rtk@>%4E>E0Y^R(rS^~XjWyVI6
zMOR5rPXhTp*G*M&X#NTL`Hu*R+u*QNoiOKg4CtNPrjgH>c?H<b@rgzW2`xq%+zxdV
zGQjVif3BBaXojc?{FLuym0L2fO1Nh(c42RW12b^>i4MUG#I917fx**+<zC5r06AVA
zs!KCNuuLq&Z|e$b{bN7-`NGtKU0>pJfOo!z<a0Lrf~l|OU$j3PPNH#8yRT5C5cWK;
z4Ck57(G?59g@;(s9m49`EtaF2lDH|dGl0xCg>FM&*da&G_x)L(`k&TPI*t3e^{crd
zX<4I$5nBQ8Ax_lmNRa~E*zS-R0sxkz`|>7q_?*e%7bxqNm3_eRG#1ae3gtV9!fQpY
z+!^a38o4ZGy9!J5sylDxZTx$JmG!wg7;>&5H1)>f4dXj;B+@6tMlL=)cLl={jLMxY
zbbf1ax3S4>bwB9-$;SN2?+GULu;UA-35;VY*^9Blx)Jwyb$=U!D>HhB&=jSsd^6yw
zL)?a|>GxU!W}ocTC(?-%z3!IUhw^uzc`Vz_g>-tv)(XA#JK^)ZnC|l1`@CdX1@|!|
z_9gQ)7uOf?cR@KDp97*>6X|;t@Y`k_N@)aH7gY27)COv^P3ya9I{4z~vUjLR9~z1Z
z5=G{mVtKH*&$*t0@}-i_v|3B$AHHYale7>E+jP`ClqG%L{u;*ff_h@)al?RuL7tOO
z->;I}>%WI{;vbLP3VIQ^iA$4wl6@0sDj|~112Y4OFjMs`13!$JGkp%b&E8QzJw_L5
zOnw9joc0^;O%OpF$Qp)W1HI!$4BaXX84`%@#^dk^hFp^pQ@rx4g(8Xjy#!X%<A@Ix
z5U>+X5Jd@fs3amGT`}mhq#L97R>OwT5-m|h#yT_-v@(k$q7P*9X~T*3)LTdzP!*B}
z+SldbVWrrwQo9wX*%FyK+sRXTa@O?WM^FGWOE?S`R(0P{<6p#f?0NJvnBia?k^fX2
zNQs7K-?EijgHJY}&zsr;qJ<*PCZUd*x|dD=IQPUK_nn)@X4KWtqoJNHkT?ZWL_hF?
zS8lp2(q>;RXR|F;1O}EE#}gCrY~#n^O`_I&?&z5~7N;zL0)3Tup`%)oHMK-^r$NT%
zbFg|o?b9w(q@)6w5V%si<$!U<#}s#x@0<ZXLbXYKvlKR0q_0uaLFS0K_yZx{oRI6O
zi*Yz=QW(i&SHEhi(35LX5YAi{vy`;KnIJ$O_Y#C4gG~=hcxXw*NH*okugRb;j#&_y
z)}Rg9+nz^&!aY|=fJZ?L&1;1?%7EYHgT5ryT&e6MH~EPzrS<7r*22}w^{P@eQei1e
zd>aX-hP>zwS#9*75VXA4K*%gUc>+yzupTDBOKH8WR4V0pM(HrfbQ&eJ79>HdCvE=F
z|J>s;;iDLB^3(9}?biKbxf1$lI!*Z%*0&8UUq}wMyPs_hclyQQi4;NUY+x2qy|0J;
zhn8;5)4ED1oHwg+VZF|80<4MrL97tGGXc5Sw$wAI#|2*cvQ=jB5+{AjMiDHmhUC*a
zlmiZ`LAuAn_}hftXh;`Kq0zblDk8?O-`tnilIh|;3lZp@F_osJUV9`*R29M?7H{Fy
z`nfVEIDIWXmU&YW;NjU8)EJpXhxe5t+scf|VXM!^bBlwNh)~7|3?fWwo_~ZFk(22%
zTMesYw+LNx3J-_|DM~`v<!_@4wF#cHZ_E9}9+lbenMh?8-P99`3uA4wl$95cN^e{4
z^f$@0?%=HSAz>93yXe=jPD{q;li<xOVXMn1yKMTqv6XhqrnsCUXSTSsjJ{x^XFo@J
z{WA$2#dyTq?%~VAg|L)nty{-VrW88Lu82|x7td?b;LG2_DA_BpkSSx!@P8<G?h<XX
zNw7xGt`p+BMOcS|$jn%|wK)WAaS99%p8&_kFrLJVp7_Jg4yOpvWS`>;5PD?Dyk+b?
zo21|XpT@)$BM$%F=P9J19Vi&1#{jM3!^Y&fr&_`toi`XB1!n>sbL%U9I5<7!@?t)~
z;&H%z>bAaQ4f$wIzkjH70;<8tp<T&Yl>UoxzKrPhn#IQfS%9l5=Iu))^XC<58D!-O
z{B+o5R^Z21H0T9JQ5gNJnqh#qH^na|z92=hONIM~@_i<m8HDcej!764)8GxDF)RMg
z!DFoaWC9)+nME7X6Bjpkb{QXd4;jG|u8$8kw{X8T%Z{fASla5Kj43Dc#xwsm?e^ow
zcpj5R3LQeCN@Z#}!7^cGYJ3aEd-Gp-Jj@_K{U*}A((dH-)nN*GjCV>uOi|F>jBh<M
zWxy1uqU)B}MVkHZ;j2o<4&9z0o{ro;0~$*^2bQ$8Q;vmWoz6BD$xqze?6Q)tzTZs7
zG{RspTbUAmB!P|sU1Q@1do~tC7@>-?aA20}Qx~EpDGElELNn~|7WRXRFnw+Wdo`|#
zBpU=Cz3z%cUJ0mx_1($X<40XEIYz(`noWeO+x#yb_pwj6)R(__%@_Cf>txOQ74wSJ
z0#F3(zWWaR-jMEY$7C*3HJrohc79>MCUu26mfYN)f4M~4gD`}EX4e}A!U}QV8!S47
z6y-U-%+h`1n`*pQuKE%Av0@)+wBZr9mH}@vH@i{v(m-6QK7Ncf17x_D=)32`FOjjo
zg|^VPf5c6-!FxN{25dvVh#f<C2j|FW^wcEVOx|0?I*o1i)tbC%E;daCUUqnT*va?<
z#^@&RTCo<xj8b($3`PD<adop6xc~jgfA19=fzjFXxO)$!??RO(s_s88E>og=NNpXz
zfB$o+0jbRkHH{!TKhE709f+jI^$3#v1Nmf80w`@7-5$1Iv_`)W^px8P-({xwb;D0y
z7LKDAHgX<84?l!I*Dvi2#D@oAE^J|g$3!)x1Ua;_;<@#l1fD}lqU2_tS^6Ht$1Wl}
zBESo7o^)9-Tjuz$8YQSGhfs{BQV6zW7dA?0b(Dbt=UnQs&4zHfe_sj{RJ4uS-vQpC
zX;Bbsuju4%!o8?&m4UZU@~Z<l{fpuI7gBNBuLonV&UnEv8Mm+}6y;;iZ7)_U-2H6P
zik(*@ZnhVtEFTNE*=&MLnOTGYcGC{O?!<?O$^7><Ix|i$iDSBHQSY+=yJ@Z(hm=j8
zLng0c8d`c!aP=6?o|-71!|y*rlW^s|L>ZjeFF6ex2ss5_60_JS_|iNc+R0GIjH1@Z
z=rLT9%B|WWgOrR7IiIwr2=T;Ne?30M!@{%Qf8o`!>=s<2CBpCK_TWc(DX51>e^xh8
z&@$^b6CgOd7KXQV&Y4%}_#uN*mbanXq(2=Nj`L7H7*k(6F8s6{FOw@(DzU`4-*77{
zF+dxpv}%mFpYK?>N_2*#Y?oB*qEKB}VoQ@bzm>ptmVS_EC(#}Lxxx730trt0G)#$b
zE=wVvtqOct1%*9}U{q<)2?{+0TzZzP0jgf9*)arV)*e!f`|jgT{7_9iS@e)recI#z
zbzolURQ+TOzE!ymqvBY7+5NnAbWxvMLsLTwEbFqW=CPyCsmJ}P1^V30|D5E|p3BC5
z)3|qgw@ra7aXb-wsa|l^in~1_<?%wr8cBwUUhaLFkF#>fm{7bS9jhVRkYVO#U{qMp
z)Wce+|DJ}4<2gp8r0_xfZpMo#{Hl2MfjLcZdRB9(B(A(f;+4s*FxV{1F|4d`*sRNd
zp4#@sEY|?^FIJ;tmH{@keZ$P(sLh5IdOk@k^0uB^<vY$Teo5@@0*v8p)6|Qc!#V-V
z19rz;O<~HzAD{>BWr@pk6mHy$qf&~rI>P*a;h0C{%oA*i!VjWn&D~O#MxN&f@1Po#
zKN+<Mx&_V;mQ6by$gOOv@*=130y8ws;u!(S9My%BQ_xyRTms3Q+kzSy&vNnQacNo>
zrGrkSjcr?^R#nGl<#Q722^wbYcgW@{+6CBS<1@%dPA8HC!~a`jTz<`g_l5N1M<n^b
zu`mSxZ+unU+QCuJ((?b36-TN-d1@FTfBA^ddw8UCuT`zjb=Fz?S6Qufs*9jSR|1nK
zFf2vJS;<?+uRmFfTer5Vv1$_#5QG8wt@)CbC^|w;&`=|x<yh14$tmJUYy0g0%PA`M
zOgeNCX{{Nxe0ra@9=~<n^L&fj)_rb#gMU)NmxDTM+6}H9CM!Fi?NW<y$)i_5yC^Lw
z2UV(8qc395hk@%W59BzlhhVt(<xJvm!~c3l+ocXQq>@9wn9GOAZ>nqNgq!yOCb<ux
z3a7GGof9{?JXCwFGGvl~3dP~BNs%SovKoTvXW8FuXj`m7Bnn?jUZ$?pzzIRqprlp7
z2WeoTGz*SooG8Jko3Cp>Z@1z`U_N`Z>}+1HIZxk*5RDc&rd5{3qjRh8QmT$VyS;jK
z;AF+r6XnnCp=wQYoG|rT2@8&IvKq*IB_WvS%nt%e{MCFm`&W*#LX<V7)65J}gDBN(
zk<mMjk3Ksz1;V7!3@X8he*FSaSG=@7E0@=@yHKsO4iF;tj3{tU-4xewSJc&$#1UMZ
zuOWXXn?>c|HrD?nVBo=(8*=Aq?u$sDA_sC_RPDUiQ+wnIJET8vx$&fxkW~kP9qXKt
zozR)@xGC!P)CTkjeWvXW5&@2?)qt)jiYWWBU?AUtzAN}{JE1I)dfz~7$;}~BmQF`k
zpn11qmObXwRB8&rnEG*#4Xax3XBkKlw(;tb?Np^i+H8m(Wyz9k{~ogba@laiEk;2!
zV*QV^6g6(QG%vX5Um#^sT&_e`B1pBW5yVth<mfskR&uj=IULHb38<tse=w*}Q<7Qz
z3<|`SLDlf5BpLb9#iQyjF6U}7JJ`^RZ>~xUs#0}nv?~C#l?W+9Lsb_5)!71rirGvY
zTIJ$OPOY516Y|_014sNv+Z8cc5t_V=i>lWV=vN<QPmtSpXv;kT!7hs-HH@i&RiI&9
z!dO2CvGs>u#!58y9Zl&G<qC8KlC>sMEW#pPYPYGHQ|;vFvd*9eM==$_=vc7xnyz0~
zY}r??$<`wAO?JQk@?RGvkWVJlq2dk9vB(yV^vm{=NVI8dhsX<)O(#nr9YD?I?(VmQ
z^r7VfUBn<~p3()8yOBjm$#KWx!5hRW)5Jl7wY@ky9lNM^jaT##8QGVsYeaVy<knK7
z-|ItZG@v_5HqwNL*X;&)fE*o2En9}_QSQ~Sxpo=`)<(LLcGS!($DADohdab0N6KTw
zF9i4%@WsNPJ2f@Kf&OK)$mJTfFx16uGFyQhd(9)Ota05_m2b4&e^Iw3r!jC#Hp$0t
zt!S{)s#CdvfKjo>wmpv>X|Xj7gWE1Ezai&wVLt3p)k4w~yrskT-!PR!kiyQlaxl((
zXhF%Q9x}1TMt3~u@|#wWm-Vq?ZerK={8@~&@9r5JW}r#45#rWii};t`{5#&3$W)|@
zbAf<Wd~LF&Fa+z%sLq|a7`8BxH;x+F8(HU&VXoK6B>2yDNe0q}NEUvq_Quq3cTjcw
z@H_;$hu&xllCI9CFDLuScEMg|x{S7GdV8<&Mq=ezDnRZAyX-8gv97YTm0bg=d)(>N
z+B2F<g3)ia(W`M0HCo-hfSmEqFQ$W5j$wJ;?r7W^?`K&S(*5L=PU?;K=%mT~AoyLc
zmB9dB0BfY<$42H7qp*b&gqwjPG@?GHqEWMaXbG2l^~e?yEl$rb2e+7tNeQjQi!%mG
z!n&myqi%P$bT;(Jy7TA*2tP}NXfszN-aSbAw)CRWi!Y&moQuMP!ZIYY+|-Hi;nfsw
zSAibHD0K*Rx488O94=w;IYZ)nc%KdXcP-D4kAzBYZwl}PDc(ZIiFm=)7;@JjuDF@@
zh({Ks)K#T@$U#?|cc5wW7j|#<s#)XeeNmP*9S3P%QoJ+84!)t-Q3y&LB4VHT${%s|
zTG3XIg~2`B_RVw|0J-Nqqo+Pe*FeW61Sh*R7{v~e$s_}74Z{>cqvI9>jGtnK%eO%y
zoBPkJTk%y`8TLf4)IXPBn`U|9>O~WL2C~C$z~9|0m*YH<-vg2CD^SX#&)B4ngOSG$
zV^wmy_iQk>dfN@Pv(ckfy&#ak@MLC7&Q6Ro#!ezM*VEh`+b3Jt%m(^T&p&WJ2Oqvj
zs-4nq0TW6cv~(YI$n0UkfwN}kg3_fp?(ijSV#tR9L0}l2qjc7W?i*q01=St0eZ=4h
zyGQbEw`9OEH>NMuIe)hVwYHsGERWOD;JxEiO7cQv%pFCeR+IyhwQ|y@&^24k+|8fD
zLiOWFNJ2&vu2&`Jv96_z-Cd5RLgmeY3*4rDOQo?Jm`;I_(+ejsPM03!ly!*Cu}Cco
zrQSrEDHNyzT(D5s1rZq!8#?f6@v6dB7a-aWs(Qk>N?UGAo{gyt<fmzm5NzZ|fs&#}
zncD~rYY0$e-KIJ+=Op({4j(9PIkXkc_SkA;(m*CznUsh<u&YaQ2?WX;ffj?q#rkaD
zhgb+R9A8jgPt^w}K)OK@H5E_#!Z=VQBe3%qPvYY%REdJYYg39A`{$NP_M^}lrMFR7
z+z-hJlg#zeS)0^WAq|DzTPsJlg*U_m2#Hg-0Wmz@?iH!<yiUNaD#c-kYUp!%4RSKq
z{aEO|^oK+y2EtPt%bwO#VBE9DxJ9N@ufrh+8SIe+8$#E{7>lh$%_IhyL7h?DLXDGx
zgxGE<S);`7Ye2u;8Dq575#~501>BQoCAWo-$LRvM=F5MTle`M})t3vVv;2j0HZY&G
z22^iGhV@uaJh(X<Ji#4pfqzo+6CV|xa;=Mz*tzH^bNhkjCY|vEWb}4_nF}mp3zj6F
z<RK*`vdncONn`be@hcYCs`Fx)%bT8wV$T8!b%e<R8G~jKI85M<1J$4NY<nL0CutfG
z<0HvW$c5I*1#_hw)1(15*aH)~KVw0;{Zp_ZQI?8k=6OO?W$jqY0waZgj%rb>yyY%}
zd4iH_UfdV#T=3n}(Lj^|n;O4|$;xhu*8T3hR1mc_A}fK}jfZ7LX~*n5+`8N2q#rI$
z@<<NwLoApZ<e3!J$+qrZqXhfixi{}uCew+VjVR``fj1Lf`2I-jD>_2VANlYF$vIH$
zl<)+*tIWW78IIINA7Rr7i{<Y3K#4WL2gwP{V}$lxr|)k#^h4W{mX@Le*u!g#hfAGO
zCeSa;u(-xw0ZspUEBo+8Ru(%}-m6Ro%1{7aEL$_dA#RWFH+pZ@3`vn|LIY-BbZ`xA
z;0Hf*V6m6EEIJ?MTj|I!l!v*XnqWfITy`ve|BDjjbn-XMEaj|oNyd!_<K^Ti36kh1
z(%3QLBv(><;#^yzxoLNkXL)eSs=%<Gis)1JtKs|A*=kDqutu=D>|P>$YQIh+ea_3k
z_s7r4%j7%&*NHSl?R4k%1>Z=M9o#zxY!n8sL5>BO-ZP;T3Gut>iLS@U%IBrX6BA3k
z)&@q}V8a{X<5B}K5s(c(LQ=%v1ocr`t$EqqY0EqVjr65usa=0bkf|O#ky{<C<t3zu
z`hM@H`e*c^To>j3)WBR<Rk0XEu3I97LQj|W=oPZA>(((L^wmyHRzoWuL2~WTC=`yZ
zn%VX`L=|Ok0v7?s<AoD@n8D7kz^e<8kpe+<X#n2|WDSoR5^oCGt<jgs)X#u5@PWV+
z<b`lm>>IHg?yA<ed=nI4vx^O}jp~R0s4CS5p`R9jtX~z7xF-Z5gJMA(5vqNQrH2}B
zLEIs&NxKWPrwn0(*pI+NhLe0_cU!>rBcync5rG#^+u)>a%qjES%dRZoIyA8gQ;StH
z1Ao7{<&}6U=5}4v<)1T7t!J_CL%U}CKNs<r5fMyAUKFZK{y9U{q!s_ZSKXqW%qBRr
z?bu0a7Zic(_|KEJWkFJk=&bobT<sZBi;dXUmO?)}m$)B<s0Nr7^=$mY+Dr7ke?^*x
z4Vt?Ovyz0Mk+fmZjXJTAv@hijH2y5Cf|5J3ryKO57~3?_EAxOUYF##HdjopeNH4%@
zuGqW!`j7vRX*U7T5B1|m8}h%c4gNobJO8sb_&>-0xWoTTeqj{5{?Be$L0_tk>M9o8
zo371}S#30rKZFM{`H_(L`EM9DGp+Mifk&IP|C2Zu_)Ghr4Qtpmkm1osCf@%Z$%t+7
zYH$Cr)Ro@3-QDeQJ8m+x6%;?YYT;k6Z0E-?kr>x33`H%*ueBD7Zx~3&HtWn0?2Wt}
zTG}*|v?{$ajzt}xPzV%lL1t-URi8*Zn)YljXNGDb>;!905Td|mpa@mHjIH%VIiGx-
zd@MqhpYFu<g)7l4&_bNaog=DANE?ZcfM)*NEMkm~{>4_?y5N4xiHn3vX&|e6r~Xt>
zZG`aGq|yTNjv;9E+Txuoa@A(9V7g?1_T5FzRI;!=NP1Kqou1z5?%X~Wwb{trRfd>i
z8&y^H)8YnKyA_Fyx>}RNmQIczT?w2J4SNvI{5J&}Wto|8FR(W;Qw#b1G<1%#tmYzQ
zQ2mZA-PAdi%RQOhkHy9Ea#TPSw?WxwL@H@cbkZwIq0B!@ns}niALidmn&W?!Vd4Gj
zO7FiuV4*6Mr^2xlFSvM;Cp_#r8UaqIzHJQg_z^rEJw&OMm_8NGAY2)rKvki|o1bH~
z$2IbfVeY2L(^*rMRU1lM5Y_sgrDS`Z??nR2lX;zyR=c%UyGb*%TC-Dil?Si<D{nTD
zMw8K;)%(lo#`W8jOV@qoJ#X}Mwbyz4a;PcPaSBZqr;F)uJhh<vQG%Y4Mw<phKlLRw
zIw!C3k>hkjrQy~TMv6;BMs7P8il`H7DmpVm@rJ;b)hW)BL)GjS154b*xq-NXq2cwE
z^;VP7ua2pxvCmxrnqUYQMH%a%nHmwmI33nJM(>4LznvY*k&C0{<x1=XMzKZ~Bs`;;
zzjN;>8f*%?zggpDgkuz&JBx{9mfb@wegEl2v!=}Sq2Gaty0<)UrOT0{MZtZ~j5y&w
zXlYa_jY)I_+VA-^#mEox#+G>UgvM!Ac8zI<%JRXM_73Q!#i3O|)lOP*qBeJG#BST0
zqohi)<I-A(NiPhXic7WGcd${Bs6q40O%lhVI#-EDK6jPHL9qSG))QSk?b4HNO46Kt
zq~AhM!n=+cMgd8rvaDcAUqe9_Py+)1zbv_Wy{}+a|F1es@~Qc9kW@MgedI!i{HhtJ
z!kAvsCV6n8=$My(7M_90IyH+8**uSL-iyt^&8vOeIRo?HTA5+#Xr^9U=2eV`Xlmc$
zFjy%l4c$~))iDJkH$oB2LfNc)TX?BjEeaRo@~X+PeGiiD85sGHqRqi@$1TzmJ+rd3
zVg^Gn@P5KfN#t5@T7Lvq5F&=Y)v)n4Cjfha{J2+Jic#JjOH^ggzd<;^a<68vsD0fr
zC*U$7*i1uw{BlNp8mMWqc46bk3VHJ?|MSSFbx~ox6ZBjsfPa3I5EWvc##{^VJo^EN
z<}Cr>O!|$|2SeJQo(w6w7%*92S})XfnhrH_Z8qe!G5>CglP=nI7JAOW?(Z29;pXJ9
zR9`KzQ=WEhy*)WH>$;7Cdz|>*i>=##0bB)oU0OR>>N<21e4rMCHDemNi2LD>Nc$;&
zQRFthpWniC1J6@Zh~iJCoLOxN`oCKD5Q4r%ynwgUKPlIEd#?QViIqovY|czyK8>6B
zSP%{2-<;%;1`#0mG^B(8KbtXF;Nf>K#Di72UWE4gQ%(_26Koiad)q$xRL~?pN71ZZ
zujaaCx~jXjygw;<Ay^b{e7rQ>rI!WB=xrOJO6HJ!!w}7eiivtCg5K|F6$EXa)=xUC
za^JXSX98W`7g-tm@uo|BKj39Dl;sg5ta;4qjo^pCh~{-HdLl6qI9Ix6f$+qiZ$}s=
zNguKrU;u+T@ko(Vr1>)Q%h$?UKXCY<ELeH%x_-+;N!NPjI@5|c>>3se%&;h2osl2D
zE4A9bd7_|^njDd)6cI*FupHpE3){4NQ*$k*cOWZ_?CZ>Z4_fl@n(mMnYK62Q1d@+I
zr&<rzyB}9!OG>O))G4hMih<XQCmlZu^@8%Z@1T|FyI_m%FM=cL3%T#%II(MZ`FKla
zpXXu4TSaVkB7;tYPyY<uMC(fA=<j-47<k>gBqRIAJkLdk(p(D~X{-oBUA+If@B}j&
zsHbeJ3RzTq96lB7d($h$xTeZ^gP0c{t!Y0c)aQE;$FY2!mACg!GDEMKXFOPI^)nHZ
z`aSPJpvV0|bbrzhWWkuPURlDeN%<qMpCcxwvwqRMaqc9@{O;iK_N2snE#x<P5c1;#
zmjI^QLBwgKbA!596SF19-xAg`j~Dtp%yL%PsIy-Iy#n3_juW-DvzXBY7{iAZ@^xZK
z@xr2R*rSktAvjWK{FY-U0t8|bspU3(%@64Udl&2uFK6|JrwGTmi+3cF9F%O9@lnIC
zs=6lONtdy$oHQyWIz$zmM@0(12^Y0f!FDBU-xO1sA%B@8>VT8tndV8?d)eN*i4I@u
zVKl^6{?}A?P)Fsy?3oi#clf}L18t;TjNI2>eI&(ezDK7RyqFxcv%>?oxUlonv(px)
z$vnPzRH`y5A(x!yOIfL0bmgeMQB$H5wenx~!ujQK*nUBW;@Em&6Xv2%s(~H5WcU2R
z;%Nw<$tI)a`Ve!>x+qegJnQsN2N7HaKzrFqM>`6R*gvh%O*-%THt<rb___hz1Q*?5
z6WlWA+_DZ_V%@(Z;W6IiWcwb%0tQS@7FVT8L%H@;-K!LOiZIstqiCW*I~5y<2j59v
z*;R0rbBXIxu3n@3a3wxbyp;2oPnr)69p#+<DwNc<oL?vCKSPPJA(K9!1O*f4{YL62
zn|Sj8G%K~6J)K=!JP_YX8V=PjLK~TW_=@Nh@Cw-!NlZLY;2_j0TFoobFt-2R;qd|Z
z5LA6AxE3z?^1m|nTtbf_LVu#lgMMaoQSi!)(ir+k@yiKNqZa8D=pY1qBEL59w8xB>
zrB$Nk;lE;z{s{r^PPm5qz(&lM{sO*g+W{sK+m3M_z=4=&CC>T`{X}1Vg2PEfSj2x_
zmT*(x;ov%3F?qoEeeM>dUn$a*?SIGyO8m<CDx(PoF9Z7P(-Vz@5G~R_9zlbonzZYL
z!@f`rWC1aNE3{SDF~{lPR$(P=;{QgE*BcIk`ok>806J1W1o+4HRhc2`9$s6hM#qAm
zChQ87b~GEw{ADfs+5}FJ8+|bIlIv(jT$Ap#hSHoXdd9#w<#cA<1Rkq^*EEkknUd4&
zoIWIY)sAswy6fSERVm&!SO~#iN$OgOX*{9@_BWFyJTvC%S++ilSfCrO(?u=Dc?CXZ
zzCG&0yVR{Z`|ZF0eEApWE<q~aV-3QaRPuwFB`iCbViORA{tX~ST{rFw+In$j?7gLL
zT8ETr1QUOZxkIpI@5JqQk|b^xG*nZ910-;>o#s9osV>F{uK{QA@BES#&;#KsScf>y
zvs?vIbI>VrT<*!;XmQS=bhq%46-aambZ(8KU-wOO2=en~D}MCToB_u;Yz{)1ySrPZ
z@=$}EvjTdzTWU7c0ZI6L8=yP+YRD_eMMos}b5vY^S*~VZysrkq<`cK3>>v%uy7jgq
z0ilW9KjVDHLv0b<1K_`1IkbTOINs0=m-22c%M~l=^S}%hbli-3?BnNq?b`hx^HX2J
zIe6ECljRL0uBWb`%{EA=%!<byF4eC4KX4aZdAqSwE!&>i^4sMcj+U_TaTZRb+~GOk
z^ZW!nky0n*Wb*r+Q|9H@ml@Z5gU&W`(z4-j!OzC1wOke`TRAYGZVl$PmQ16{3196(
zO*?`--I}Qf(2HIwb2&1FB^!faPA2=sLg(@6P4mN)>Dc3i(B0;@O-y2;lM4akD>@^v
z=u>*|!s&9zem70g7zfw9FXl1bpJW(C#5w#uy5!V?Q(U35A~$dR%LDVnq@}kQm13{}
zd53q3N(s$Eu{R}k2esbftfjfOITCL;jWa$}(mmm}d(&7JZ6d3%IABCapFFYjdEjdK
z&4Edqf$G^MNAtL=uCDRs&Fu@FXRgX{*0<(@c3|PNHa>L%zvxWS={L8%qw`STm+=Rd
zA}FLspESSIpE_^41~#5yI2bJ=9`oc;GIL!JuW&7YetZ?0H}$$%8rW@*J37L<XFjIr
zWJ?$CMV^YggN$kCs0w8InCxL-qk`fNzT7&VA*&~~T=_(uA$CzC9vrKbN28^=3?MLv
zFoK23^axE9-(UuJp6l-WH~flb#LWz<-GZXz4PS*&{c?IaOs6}Rx>-~Rsx!)8($nI4
zZhcZ2^=Y+p4YPl%j!nFJA|*M^gc(0o$i3nlphe+~-_m}jVkRN{spFs(o0ajW@f3K{
zDV!#BwL322CET$}Y}^0ixYj2w>&Xh12|R8&yEw|wLDvF!lZ#dOTHM9pK6<Y!obdB7
zJ?!B#A1=BS7Ka=6k6_mfjXh1lGwLZR4PT*9n^^MB#jyfEy~L|)^EN8(11T8rrN7f?
z?@)HsizJFWKFr(u1x(=}jA~A*@;u9iCG}YS49mN9degGJEr@RQbFX&wZoBr{H3Nr7
z?H=$Zj>@Nm-@9Lnng4ZHBgBSrr7KI8YCC9DX5Kg|`HsiwJHg2(7#nS;A{b3tVO?Z%
za{m5b3rFV6EpX;=;n#wltDv1LE*|g5pQ+OY&*6qCJZc5oDS6Z6JD#6F)bWxZSF@q%
z+1WV;m!lRB!n^PC>RgQCI#D1br_o^#iPk>;K2hB~0^<~)?p}LG%kigm@moD#q3PE+
zA^Qca)(xnqw6x>XFhV6ku9r$E>bWNrVH9fum0?4s?Rn2LG{Vm_+QJHse6xa%nzQ?k
zKug4PW~#Gtb;#5+9!QBgyB@q=s<UxAOfSGI17`#WQPoP8A+0%MXyAyK3J=T4^Kbj7
zlt}Oe#L`UOUU8o&zkUW`eBtn39$xzlz~(3x_>k9=$S{4T>wjFICStOM?__fr+Kei1
z3j~xPqW;W@YkiUM;HngG!;>@AITg}vAE`M2Pj9Irl4w1fo4w<|Bu!%rh%a(Ai^Zhi
zs92>v5;@Y(Zi#RI*ua*h`d_7;byQSa*v9E{2x$<hp}Q26jsc}%C<*BjhE^Jt66tP1
zKtKU0Q9$V-l~zCy7`juGR=*kVy&nUYi+t;Q*P6xR{P8}s&pC7U+3()_`4tk8P7SO*
zts+C&EBA;W!X3G&`&E+LxzU~6Q<emFH@kgR*8?20u2XLWT3aI!YMwas1=TsetFPnK
zg5`qHR`D=R<(><-_=5Z<7{%)}4XExANcz@rK69T0x3%H<@frW>RA8^swA+^a(FxK|
zFl3LD*ImHN=X<Tm`8DfC>DUkrR<xW<(jZxC)!wKS)92Mp`by<@CGgeKED~ZJ3Jy$+
zjW_5$gXkQl+$Z+QJ~I#o6Pp!?bb78VSX!(@(92a;u-;wW%qe9fMiUm=#PwkrAbXT5
zVo>hp6RY5$rQ{bRgSO*(vEHYV)3Mo6Jy3puiLmU&g82p{qr0F?ohmbz)f2r{X2|T2
z$4fdQ=>0BeKbiVM!e-lIIs8wVTuC_m7}<Ui;+XED-5oBiR>y4A_%ikI;Wm5$9j(^Y
z(cD%U%k)X>_>9~t8;pGzL6L-fm<ULs+oY32iJK8t`MZXpBuoD$6OMAKyL46!gYNWE
zud<`{zju@c#T_7EyRG#xA7t1QT}ZgtiYwog7J*c#?<fNv<K7Htr4Bz79uv2x*w)<k
z=a;7q%vaAz-hD(kAxqWM%g9t=$}0NKb?)GaBa8K156rk8wWyI)MB=&^_{THh+}COk
zUzRKn7T0APWWnx<r&J-F&{b%n+JRIgYHuv;^|;Hor$0q~|8BI{QjuMG8JYxvYF}Gn
zy*In4ANN}0dpJx*JPO@eiJFX7bD|1WV+M;rfsj3PIBa@gpsi3FnkV~X3nx%2?_ypI
zh}S3zV-DKR|K!F9Z3-RZumjj)P_`}W2J~q|bB0)a9xHmA&%h{<vyYF9&zIJ>QO@K;
zo&vQzMlgY95;1BSkngY)e{`n0!NfVgf}2mB3t}D9@*N;FQ{HZ3Pb%BK6;5#-O|WI(
zb6h@qTLU~AbVW#_6?c!?Dj65Now7*pU{h!1+eCV^KCuPAGs28~3k@ueL5+u|Z-7}t
z9|lskE`4B7W8wMs@<RoRq4K_1jQ|2oJg$O-rP`~;Bzz?@Jlrn0Z@<=ZmJTM3jjq_~
zRZ}mS?n&K}m}#OA-nYs)kQ@R^-(uFAD{$CgCv6|t>xJa{#bsCGDFoRSNSnmNYB&U7
zVGKWe%+kFB6kb)e;<v}cel^QYVzboCh<hrVzAa>TyHfqtU6~fRg)f|>=5(N36)0+C
z`hv65J<$B}WUc!wFAb^QtY31yNleq4dzmG`1wHTj=c*=hay9iD071Hc?oYoUk|M*_
zU1GihAMBsM@5rUJ(qS?9ZYJ6@{bNqJ`2Mr+5#hKf?doa?F|+^IR!8lq9)wS3tF_9n
zW_?hm)G(M+MYb?V9YoX^_mu5h-LP^TL^!Q9Z7|@sO(rg_4+@=PdI)WL(B7`!K^ND-
z-uIuVDCVEdH_C@c71YGYT^_Scf_dhB8Z2Xy6vGtBSlYud9vggOqv^L~F{BraSE_t}
zIkP+Hp2&nH^-MNEs}^`oMLy11`PQW$T|K(`Bu*(f@)mv1-qY(_YG&J2M2<7k;;RK~
zL{Fqj9yCz8(S{}@c)S!65aF<=&eLI{hAMErCx&>i7OeDN>okvegO87OaG{Jmi<|}D
zaT@b|0X{d@OIJ7zvT>r+eTzgLq~|Dpu)Z&db-P4z*`M$UL51lf>FLlq6rfG)%doyp
z)3kk_YIM!03eQ8Vu_2fg{+osaEJPtJ-<V*830?$46vO`8Mw##QM*`Rr?w|#MyZ6A&
z_}pwQU2m8=Sp54^L})3wA`G=0rsaz56>s36R+5_AEG12`NG)IQ#TF9c@$99%0iye+
zUzZ57=m2)$D(5Nx!n)=5Au&O0BBgwxIBaeI(mro$#&UGCr<;C{UjJVAbVi%|+WP(a
zL$U@TYCxJ=1{Z~}rnW;7UVb7+ZnzgmrogDxhjLGo>c~MiJAWs&&;AGg@%U?Y^0JhL
ze(x6Z74JG6FlOFK(T}SXQfhr}RIFl@QXKnIcXYF)5|V~e-}suHILKT-k|<*~Ij|VF
zC;t@=uj=hot~*!C68G8hTA%8SzOfETOXQ|3FSaIEjvBJp(A)7SWUi5!Eu#yWgY+;n
zlm<$+UDou*V+246_o#V4kMdto8hF%%Lki#zPh}KYXmMf?hrN0;>Mv%`@{0Qn`Ujp)
z=lZe+13>^Q!9zT);H<(#bIeRWz%#*}sgUX9P|9($kexOyKIOc`dLux}c$7It4u|Rl
z6SSkY*V~g_B-hMPo_ak>>z@AVQ(_N)VY2kB3IZ0G(iDUYw+2d7W^~(Jq}KY=JnWS(
z#rzEa&0uNhJ>QE8iiyz;n2H|SV#Og+wEZv=f2%1ELX!SX-(d3tEj$5$1}70Mp<&eI
zCkfbByL7af=qQE@5vDVxx1}FSGt_a1DoE3SDI+G)mBAna)KBG4p8Epxl9QZ4BfdAN
zFnF|Y(umr;gRgG6NLQ$?ZWgllE<HJXYDr?-K8^D!ZlPa8ZG&+c+DJy(x5;Feg3L)*
zvdpRL&@{hyOZBRzTt*TCk9hewUpi`*Kt|w8q}nwi%?T`D?1ox^RZSRut44vMd{LO!
z5<xD{qy<T%oDMUy9H#9$W-Wu8GwxNdV(5T7B?RP@ZWH6Jt?*TpR4hY26nALXC@f!D
z_AE{^bi`q0U%atoVV5-5alLF?pA>eeq~z^ZS7L?<(~O&$5|y)Al^iMKy}&W+eMm1W
z7EMU)u^ke(A1#XCV>CZ71}P}0x)4wtHO8#JRG3MA-6g=`ZM!FcICCZ{IEw8Dm2&LQ
z1|r)BUG^0GzI6f946RrBlfB1Vs)~8toZf~7)+G;pv&XiUO(%5bm)pl=p>nV^o*;&T
z;}@oZSibzto$arQgfkp|<o4}2aWyA-u@g@X@*3Qq>z4Z($P>dTXE{4O=vY0!)kDO*
zGF8a4wq#VaFpLfK!iELy@?-SeRrdz%F*}hjKcA*y@mj~VD3!it9lhRhX}5YOaR9$}
z3m<U!dsnGfk?KY|+&M@U4to6WN5Fr~Z2Y~S6z;ugWov!c#T4Pid7?1x8wY`#cM-K&
zXZ31E^^+4l<8TS_eV}PTTl9cUjRQB-789L;;mi28ms9Ok_n}yunSfm?pRC6bk9iMK
z{Me@L*Hx9gKeGtG68!~RS?gRYfl2zINnyRg@p)U*X(<_ksV`=o%2XWE5-Y+=UYL-Y
ztqFc{r$bTOOr%6GK_kGlR5`+;tTS|8zSb;+levJ}UbU#B1Mej>S%$2Be7{l(+MVx3
z(4?h;P!jnRmX9J9sYN#7i=iyj_5q7n#X(!cdqI2lnr8T$IfOW<_v`eB!d9xY1<?8m
zc=9ctC~_znEmY{3do4Y&tSr#K8MEwV*K>P=2q&WtOXY=D9QYteP)De?S4}FK6#6Ma
z=E*V+#<o63M9PbR(KQau)lC&KzK0v*^~#=c>s8>L;8aVroK^6iKo=MH{4yEZ_>N-N
z`(|;aOATba1^asjxlILk<4}f~`39dBFlxj>Dw(hMYKPO3EEt1@S`1lxFNM+J@uB7T
zZ8WKjz7HF1-5&2=l=fqF-*@>n5J}jIxdDwpT?oKM3s8Nr`x8JnN-kCE?~aM1H!hAE
z%%w(3kHfGwMnMmNj(SU(w42OrC-euI>Dsjk&jz3ts}WHqmMpzQ3vZrsXrZ|}+MHA7
z068obeXZTsO*6RS@o3x80E4ok``rV^Y3hr&C1;|ZZ0|*EKO`$lECUYG2gVFtUTw)R
z4Um<0ZzlON`zTdvVdL#KFoMFQX*a5wM0Czp%wTtfK4Sjs)P**RW&?lP$(<}q%r68Z
zS53Y!d@<WHAUBA*8bUiRbm%Z;gZhfNqOZBHucO1A@&fFR43kejZro_v)VLcPwS7}~
zK5k!0!+rSL*HKlXVA@0UZ>&~ne9O)A^tNrXHhXBkj~$8j%pT1%%mypa9A<G!EKb<E
z`}8*o7Vl;U@K#TU5!9`Os$JU!y8FCud{w+#5g>W5E&s9)rjF4@O3ytH{0z6riz|@<
zB~UPh*wRFg2^7EbQrHf0y?E~dHlkOxof_a?M{LqQ^C!i2dawHTPYUE=X@2(<D?FV&
zcM@&VpBXA?L{0tb_j)NYM}%xYbEn~9R`f?;g|efm#wA%S{AP`lHyTMh8%rB%5P`TA
z^U37=Hfa1dqP}{-l>3<=OOxs8qn_(y>pU>u^}3y&df{JarR0@VJn0f+U%UiF=$Wyq
zQvnVHESil@d|8&R<%}uidGh7@u^(%?$#|&J$pvFC-n8&A>utA=n3#)yMkz+qnG3wd
zP7xCnF|$9Dif@N~L)Vde3hW8W!UY0BgT2v(wzp;tlLmyk2%N|0jfG$%<;A&IVrOI<
z!L)o>j>;dFaqA3pL}b-Je(bB@VJ4%!JeX@3x!i{yIeIso^=n?<yGgTTZ!PNB?9gX<
zIb-Mwo=t8!k;=1f5ke{{mjD;8+drvc=j_XPyvGfArKBJEaX2!s2-K1+v_zbm8v7BT
za`|K1N2}$TyJ@nhBOHb0du-5xRz>fDX`3bU=eG7sTc%g%ye8$v8P@yKE^XD=NYxTb
zbf!Mk=h|otpqjFaA-vs5YOF-*GwWPc7VbaOW&stlANnCN8iftFMMrUdYNJ_Bnn5Vt
zxfz@Ah|+4&P;reZxp;MmEI7C|FOv8NKUm8njF7Wb6Gi7DeODLl&G~}G4be&*Hi0Qw
z5}77vL0P+7-B%UL@3<Hx#GB2%vG%0rC1(94hq216=?s(ssfs{vDgp`%$+N_!WRy9C
za}K<}u;;Pqc=!2V0k{Hgo5p0-m1!D$f?OU9<FJ2<5oh^cbOGSGfdj2^%OxwDfU-z~
z(XR@2k_uf5r(>n1&JPxW^d@vVwp?u#gVcJqY9#@-3X{ok#UfW3<1fb%FT`|)V~ggq
z(3AUoUS-;7)^hCjdT0Kf{i}h)mBg4qhtHHBti=~h^n^OTH5U*XMgDLIR@sre`AaB$
zg)IGBET_4??m@cx&c~bA80O7B8CHR7(LX7%HThkeC*@vi{-pL%e)yXp!B2InafbDF
zjPXf1mko3h59{lT6EEbxKO1Z5GF71)WwowO6kY|6tjSVSWdQ}NsK2x{>i|MKZK8%Q
zfu&_0D;CO-Jg0#YmyfctyJ!mRJp)e#@O0mYdp|8x;G1%OZQ3Q847YWTyy|%^cpA;m
zze0(5p{tMu^lDkpe?HynyO?a1$_LJl2L&mpeKu%8YvgRNr=%2z${%WThHG=vrWY@4
zsA`OP#O&)TetZ>s%h!=+CE15lOOls&nvC~$Qz0Ph7tHiP;O$i|eDwpT{cp>+)0-|;
zY$|bB+Gbel>5aRN3>c0x<ruzyyQ%Zy5vf6}`4)t?d-C#9!GHs<@Hns>)4U=|X+z+{
zn*_p*EQ<B%95agq4hNqm^)z*%GD}I4q^^7sH5Hy)x3mf2i}!E6)Yg(THpWRZ7O-FM
zN0W_>oquRL+=+p;=lm`d71&1NqBz&_ph)MXu(Nv6&XE7(RsS)^MGj5Q?Fwude-(sq
zjJ>aOq!7!EN>@(fK7EE#;i_BGvli`5U;r!YA{JRodLBc6-`n8K+Fjgwb%sX;j=qHQ
z7&Tr!)!{HXoO<2BQrV9Sw?JRa<KG5emNB(T<y(NWmqssKxUatWWx*DdyYw_kOIJd)
z;k&Pys2Tnf4Po((JL<eVe)|O!Lv`GXH>LXV8HrsNevvnf>Y-6|{T!pYLl7jp$-nEE
z#X!4G4L#K0qG_4Z;Cj6=;b|Be$hi4JvMH!-voxqx^@8cXp`B??eFBz2lLD8RRaRGh
zn7kUfy!YV~p(R|p7iC1Rdgt$_24i0cd-S8HpG|`@my70g^y`gu%#Tf_L2<gJMO);m
zEk>1-k?sRRZHK&at(*ED0P8iw{7?R$9~OF$Ko;Iu5)ur5<->x!m<Z%nn+oUd>93Eb
zFYpIx60s=Wxxw=`$aS-O&dCO_9?b1yKiPCQmSQb>T)963`*U+Ydj5kI(B(B?HNP8r
z*bfSBpSu)w(Z3j7HQoRjUG(+d=IaE~tv}y14zHHs|0UcN52fT8V_<@2ep_ee{QgZG
zmgp8iv4V{k;~8@I%M3<#B;2R>Ef(Gg_cQM7%}0s*^)SK6!Ym+~P^58*wnwV1BW@eG
z4sZLqsUvBbFsr#8u7S1r4teQ;t)Y@jnn_m5jS$CsW1um!p&PqAcc8!zyiXHVta9QC
zY~wCwC<otwTnmD(e1ezd?<0DwVxo}=Fub>F0U%xiQPD_INKtTb;A|Zf29(mu9NI;E
zc-e>*1%(LSXB`g}kd`#}O;veb<(sk~RWL|f3ljxCnEZDdNSTDV6#Td({6l&y4IjKF
z^}lIUq*ZUqgTPumD)RrCN{M^jhY>E~1pn|KOZ5((%F)G|*ZQ|r4zIbrEiV%42hJV8
z3xS)=!X1+=olbdGJ=yZil?oXLct8FM{(6ikLL3E%=q#O6(H$p~gQu6T8N!plf!96|
z&Q3=`L~>U0zZh;z(pGR2^S^{#PrPxTRHD1RQOON&f)Siaf`GLj#UOk&(|@0?zm;Sx
ztsGt8=29-MZs5CSf1l1jNFtNt5rFNZxJPvkNu~2}7*9468TWm>nN9TP&^!;J{-h)_
z7WsHH9|F%I`Pb!>KAS3jQWKfGivTVkMJLO-HUGM_a4UQ_%RgL6WZvrW+Z4ujZn;y@
zz9$=oO!7qVTaQAA^BhX&ZxS*|5dj803M=k&2%QrXda`-Q#IoZL6E(g+tN!6CA!CP*
zCpWtCujIea)ENl0liwVfj)Nc<9mV%+e@=d`haoZ*<oI1yD0)ode<2{}h3=ee3^GUp
zK^Zv;a(K^#^f3JYFh@>`B7+PNjEbXBkv=B+Pi^~L#EO$D$ZqTiD8f<5$eyb54-(=3
zh)6i8i|jp(@OnRrY5B8t|LFXFQVQ895n*P16cEKTrT*~yLH6Z4e*bZ5otpRDri&+A
zfNbK1D5@O=sm`fN=WzWyse!za5n%^+6dHPGX#8DyIK>?9qyX}2XvBWVqbP%%D)7$=
z=#$WulZlZR<{m#gU7lwqK4WS1Ne$#_P{b17qe$~UOXCl>5b|6WVh;5vVnR<%d+Lnp
z$uEmML38}U4vaW8>shm6CzB(Wei3s#NAWE3)a2)z@i{4jTn;;aQS)O@l{rUM`J@K&
l00vQ5JBs~;vo!vr%%-k{2_Fq1Mn4QF81S)AQ99zk{{c4yR+0b!

literal 0
HcmV?d00001

diff --git a/community/detectors/strapi_cve_2023_22893/gradle/wrapper/gradle-wrapper.properties b/community/detectors/strapi_cve_2023_22893/gradle/wrapper/gradle-wrapper.properties
new file mode 100644
index 000000000..8f9797cb5
--- /dev/null
+++ b/community/detectors/strapi_cve_2023_22893/gradle/wrapper/gradle-wrapper.properties
@@ -0,0 +1,7 @@
+distributionBase=GRADLE_USER_HOME
+distributionPath=wrapper/dists
+distributionUrl=https\://services.gradle.org/distributions/gradle-6.5-bin.zip
+networkTimeout=10000
+validateDistributionUrl=true
+zipStoreBase=GRADLE_USER_HOME
+zipStorePath=wrapper/dists
diff --git a/community/detectors/strapi_cve_2023_22893/gradlew b/community/detectors/strapi_cve_2023_22893/gradlew
new file mode 100755
index 000000000..1aa94a426
--- /dev/null
+++ b/community/detectors/strapi_cve_2023_22893/gradlew
@@ -0,0 +1,249 @@
+#!/bin/sh
+
+#
+# Copyright © 2015-2021 the original authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+##############################################################################
+#
+#   Gradle start up script for POSIX generated by Gradle.
+#
+#   Important for running:
+#
+#   (1) You need a POSIX-compliant shell to run this script. If your /bin/sh is
+#       noncompliant, but you have some other compliant shell such as ksh or
+#       bash, then to run this script, type that shell name before the whole
+#       command line, like:
+#
+#           ksh Gradle
+#
+#       Busybox and similar reduced shells will NOT work, because this script
+#       requires all of these POSIX shell features:
+#         * functions;
+#         * expansions «$var», «${var}», «${var:-default}», «${var+SET}»,
+#           «${var#prefix}», «${var%suffix}», and «$( cmd )»;
+#         * compound commands having a testable exit status, especially «case»;
+#         * various built-in commands including «command», «set», and «ulimit».
+#
+#   Important for patching:
+#
+#   (2) This script targets any POSIX shell, so it avoids extensions provided
+#       by Bash, Ksh, etc; in particular arrays are avoided.
+#
+#       The "traditional" practice of packing multiple parameters into a
+#       space-separated string is a well documented source of bugs and security
+#       problems, so this is (mostly) avoided, by progressively accumulating
+#       options in "$@", and eventually passing that to Java.
+#
+#       Where the inherited environment variables (DEFAULT_JVM_OPTS, JAVA_OPTS,
+#       and GRADLE_OPTS) rely on word-splitting, this is performed explicitly;
+#       see the in-line comments for details.
+#
+#       There are tweaks for specific operating systems such as AIX, CygWin,
+#       Darwin, MinGW, and NonStop.
+#
+#   (3) This script is generated from the Groovy template
+#       https://github.com/gradle/gradle/blob/HEAD/subprojects/plugins/src/main/resources/org/gradle/api/internal/plugins/unixStartScript.txt
+#       within the Gradle project.
+#
+#       You can find Gradle at https://github.com/gradle/gradle/.
+#
+##############################################################################
+
+# Attempt to set APP_HOME
+
+# Resolve links: $0 may be a link
+app_path=$0
+
+# Need this for daisy-chained symlinks.
+while
+    APP_HOME=${app_path%"${app_path##*/}"}  # leaves a trailing /; empty if no leading path
+    [ -h "$app_path" ]
+do
+    ls=$( ls -ld "$app_path" )
+    link=${ls#*' -> '}
+    case $link in             #(
+      /*)   app_path=$link ;; #(
+      *)    app_path=$APP_HOME$link ;;
+    esac
+done
+
+# This is normally unused
+# shellcheck disable=SC2034
+APP_BASE_NAME=${0##*/}
+# Discard cd standard output in case $CDPATH is set (https://github.com/gradle/gradle/issues/25036)
+APP_HOME=$( cd "${APP_HOME:-./}" > /dev/null && pwd -P ) || exit
+
+# Use the maximum available, or set MAX_FD != -1 to use that value.
+MAX_FD=maximum
+
+warn () {
+    echo "$*"
+} >&2
+
+die () {
+    echo
+    echo "$*"
+    echo
+    exit 1
+} >&2
+
+# OS specific support (must be 'true' or 'false').
+cygwin=false
+msys=false
+darwin=false
+nonstop=false
+case "$( uname )" in                #(
+  CYGWIN* )         cygwin=true  ;; #(
+  Darwin* )         darwin=true  ;; #(
+  MSYS* | MINGW* )  msys=true    ;; #(
+  NONSTOP* )        nonstop=true ;;
+esac
+
+CLASSPATH=$APP_HOME/gradle/wrapper/gradle-wrapper.jar
+
+
+# Determine the Java command to use to start the JVM.
+if [ -n "$JAVA_HOME" ] ; then
+    if [ -x "$JAVA_HOME/jre/sh/java" ] ; then
+        # IBM's JDK on AIX uses strange locations for the executables
+        JAVACMD=$JAVA_HOME/jre/sh/java
+    else
+        JAVACMD=$JAVA_HOME/bin/java
+    fi
+    if [ ! -x "$JAVACMD" ] ; then
+        die "ERROR: JAVA_HOME is set to an invalid directory: $JAVA_HOME
+
+Please set the JAVA_HOME variable in your environment to match the
+location of your Java installation."
+    fi
+else
+    JAVACMD=java
+    if ! command -v java >/dev/null 2>&1
+    then
+        die "ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
+
+Please set the JAVA_HOME variable in your environment to match the
+location of your Java installation."
+    fi
+fi
+
+# Increase the maximum file descriptors if we can.
+if ! "$cygwin" && ! "$darwin" && ! "$nonstop" ; then
+    case $MAX_FD in #(
+      max*)
+        # In POSIX sh, ulimit -H is undefined. That's why the result is checked to see if it worked.
+        # shellcheck disable=SC2039,SC3045
+        MAX_FD=$( ulimit -H -n ) ||
+            warn "Could not query maximum file descriptor limit"
+    esac
+    case $MAX_FD in  #(
+      '' | soft) :;; #(
+      *)
+        # In POSIX sh, ulimit -n is undefined. That's why the result is checked to see if it worked.
+        # shellcheck disable=SC2039,SC3045
+        ulimit -n "$MAX_FD" ||
+            warn "Could not set maximum file descriptor limit to $MAX_FD"
+    esac
+fi
+
+# Collect all arguments for the java command, stacking in reverse order:
+#   * args from the command line
+#   * the main class name
+#   * -classpath
+#   * -D...appname settings
+#   * --module-path (only if needed)
+#   * DEFAULT_JVM_OPTS, JAVA_OPTS, and GRADLE_OPTS environment variables.
+
+# For Cygwin or MSYS, switch paths to Windows format before running java
+if "$cygwin" || "$msys" ; then
+    APP_HOME=$( cygpath --path --mixed "$APP_HOME" )
+    CLASSPATH=$( cygpath --path --mixed "$CLASSPATH" )
+
+    JAVACMD=$( cygpath --unix "$JAVACMD" )
+
+    # Now convert the arguments - kludge to limit ourselves to /bin/sh
+    for arg do
+        if
+            case $arg in                                #(
+              -*)   false ;;                            # don't mess with options #(
+              /?*)  t=${arg#/} t=/${t%%/*}              # looks like a POSIX filepath
+                    [ -e "$t" ] ;;                      #(
+              *)    false ;;
+            esac
+        then
+            arg=$( cygpath --path --ignore --mixed "$arg" )
+        fi
+        # Roll the args list around exactly as many times as the number of
+        # args, so each arg winds up back in the position where it started, but
+        # possibly modified.
+        #
+        # NB: a `for` loop captures its iteration list before it begins, so
+        # changing the positional parameters here affects neither the number of
+        # iterations, nor the values presented in `arg`.
+        shift                   # remove old arg
+        set -- "$@" "$arg"      # push replacement arg
+    done
+fi
+
+
+# Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script.
+DEFAULT_JVM_OPTS='"-Xmx64m" "-Xms64m"'
+
+# Collect all arguments for the java command:
+#   * DEFAULT_JVM_OPTS, JAVA_OPTS, JAVA_OPTS, and optsEnvironmentVar are not allowed to contain shell fragments,
+#     and any embedded shellness will be escaped.
+#   * For example: A user cannot expect ${Hostname} to be expanded, as it is an environment variable and will be
+#     treated as '${Hostname}' itself on the command line.
+
+set -- \
+        "-Dorg.gradle.appname=$APP_BASE_NAME" \
+        -classpath "$CLASSPATH" \
+        org.gradle.wrapper.GradleWrapperMain \
+        "$@"
+
+# Stop when "xargs" is not available.
+if ! command -v xargs >/dev/null 2>&1
+then
+    die "xargs is not available"
+fi
+
+# Use "xargs" to parse quoted args.
+#
+# With -n1 it outputs one arg per line, with the quotes and backslashes removed.
+#
+# In Bash we could simply go:
+#
+#   readarray ARGS < <( xargs -n1 <<<"$var" ) &&
+#   set -- "${ARGS[@]}" "$@"
+#
+# but POSIX shell has neither arrays nor command substitution, so instead we
+# post-process each arg (as a line of input to sed) to backslash-escape any
+# character that might be a shell metacharacter, then use eval to reverse
+# that process (while maintaining the separation between arguments), and wrap
+# the whole thing up as a single "set" statement.
+#
+# This will of course break if any of these variables contains a newline or
+# an unmatched quote.
+#
+
+eval "set -- $(
+        printf '%s\n' "$DEFAULT_JVM_OPTS $JAVA_OPTS $GRADLE_OPTS" |
+        xargs -n1 |
+        sed ' s~[^-[:alnum:]+,./:=@_]~\\&~g; ' |
+        tr '\n' ' '
+    )" '"$@"'
+
+exec "$JAVACMD" "$@"
diff --git a/community/detectors/strapi_cve_2023_22893/gradlew.bat b/community/detectors/strapi_cve_2023_22893/gradlew.bat
new file mode 100644
index 000000000..93e3f59f1
--- /dev/null
+++ b/community/detectors/strapi_cve_2023_22893/gradlew.bat
@@ -0,0 +1,92 @@
+@rem
+@rem Copyright 2015 the original author or authors.
+@rem
+@rem Licensed under the Apache License, Version 2.0 (the "License");
+@rem you may not use this file except in compliance with the License.
+@rem You may obtain a copy of the License at
+@rem
+@rem      https://www.apache.org/licenses/LICENSE-2.0
+@rem
+@rem Unless required by applicable law or agreed to in writing, software
+@rem distributed under the License is distributed on an "AS IS" BASIS,
+@rem WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+@rem See the License for the specific language governing permissions and
+@rem limitations under the License.
+@rem
+
+@if "%DEBUG%"=="" @echo off
+@rem ##########################################################################
+@rem
+@rem  Gradle startup script for Windows
+@rem
+@rem ##########################################################################
+
+@rem Set local scope for the variables with windows NT shell
+if "%OS%"=="Windows_NT" setlocal
+
+set DIRNAME=%~dp0
+if "%DIRNAME%"=="" set DIRNAME=.
+@rem This is normally unused
+set APP_BASE_NAME=%~n0
+set APP_HOME=%DIRNAME%
+
+@rem Resolve any "." and ".." in APP_HOME to make it shorter.
+for %%i in ("%APP_HOME%") do set APP_HOME=%%~fi
+
+@rem Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script.
+set DEFAULT_JVM_OPTS="-Xmx64m" "-Xms64m"
+
+@rem Find java.exe
+if defined JAVA_HOME goto findJavaFromJavaHome
+
+set JAVA_EXE=java.exe
+%JAVA_EXE% -version >NUL 2>&1
+if %ERRORLEVEL% equ 0 goto execute
+
+echo.
+echo ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
+echo.
+echo Please set the JAVA_HOME variable in your environment to match the
+echo location of your Java installation.
+
+goto fail
+
+:findJavaFromJavaHome
+set JAVA_HOME=%JAVA_HOME:"=%
+set JAVA_EXE=%JAVA_HOME%/bin/java.exe
+
+if exist "%JAVA_EXE%" goto execute
+
+echo.
+echo ERROR: JAVA_HOME is set to an invalid directory: %JAVA_HOME%
+echo.
+echo Please set the JAVA_HOME variable in your environment to match the
+echo location of your Java installation.
+
+goto fail
+
+:execute
+@rem Setup the command line
+
+set CLASSPATH=%APP_HOME%\gradle\wrapper\gradle-wrapper.jar
+
+
+@rem Execute Gradle
+"%JAVA_EXE%" %DEFAULT_JVM_OPTS% %JAVA_OPTS% %GRADLE_OPTS% "-Dorg.gradle.appname=%APP_BASE_NAME%" -classpath "%CLASSPATH%" org.gradle.wrapper.GradleWrapperMain %*
+
+:end
+@rem End local scope for the variables with windows NT shell
+if %ERRORLEVEL% equ 0 goto mainEnd
+
+:fail
+rem Set variable GRADLE_EXIT_CONSOLE if you need the _script_ return code instead of
+rem the _cmd.exe /c_ return code!
+set EXIT_CODE=%ERRORLEVEL%
+if %EXIT_CODE% equ 0 set EXIT_CODE=1
+if not ""=="%GRADLE_EXIT_CONSOLE%" exit %EXIT_CODE%
+exit /b %EXIT_CODE%
+
+:mainEnd
+if "%OS%"=="Windows_NT" endlocal
+
+:omega

From 8a0af079cae50d266b1189e681c5104783fce4d3 Mon Sep 17 00:00:00 2001
From: Pierre Precourt <pprecourt@google.com>
Date: Tue, 23 Jan 2024 23:48:11 -0800
Subject: [PATCH 20/20] Change the user-agent used by NMAP when performing HTTP
 method detection.

PiperOrigin-RevId: 601023392
Change-Id: I949214301a85dc0b5afcf8b225efeef2119e0af5
---
 .../google/tsunami/plugins/portscan/nmap/NmapPortScanner.java   | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/google/portscan/nmap/src/main/java/com/google/tsunami/plugins/portscan/nmap/NmapPortScanner.java b/google/portscan/nmap/src/main/java/com/google/tsunami/plugins/portscan/nmap/NmapPortScanner.java
index 245618117..32a6c29c8 100644
--- a/google/portscan/nmap/src/main/java/com/google/tsunami/plugins/portscan/nmap/NmapPortScanner.java
+++ b/google/portscan/nmap/src/main/java/com/google/tsunami/plugins/portscan/nmap/NmapPortScanner.java
@@ -110,7 +110,7 @@ public PortScanningReport scan(ScanTarget scanTarget) {
               .withVersionDetectionIntensity(5)
               .withScript("banner")
               .withScript("ssl-enum-ciphers")
-              .withScript("http-methods")
+              .withScript("http-methods", "http.useragent=TsunamiSecurityScanner")
               .withTimingTemplate(TimingTemplate.AGGRESSIVE)
               .withTargetNetworkEndpoint(scanTarget.getNetworkEndpoint())
               .run(commandExecutor);