From f67f4ad60218f945e6aa1becdd7d91e661a866f1 Mon Sep 17 00:00:00 2001 From: hahwul Date: Fri, 26 Jul 2019 00:07:29 +0900 Subject: [PATCH] (1.0.9) Releases 1.0.9 / Add --raw options, code refactoring, fixed bugs --- README.md | 26 ++++++++++++++++++++------ XSpear-1.0.8.gem | Bin 25600 -> 0 bytes XSpear-1.0.9.gem | Bin 0 -> 26624 bytes exe/XSpear | 2 +- lib/XSpear.rb | 28 ++++++++++++++-------------- raw_sample.txt | 8 ++++++++ 6 files changed, 43 insertions(+), 21 deletions(-) delete mode 100644 XSpear-1.0.8.gem create mode 100644 XSpear-1.0.9.gem create mode 100644 raw_sample.txt diff --git a/README.md b/README.md index 668b98f..07bfce8 100644 --- a/README.md +++ b/README.md @@ -14,6 +14,7 @@ XSpear is XSS Scanner on ruby gems + Find SQL Error pattern + Analysis Security headers(`CSP` `HSTS` `X-frame-options`, `XSS-protection` etc.. ) + Analysis Other headers..(Server version, Content-Type, etc...) +- Scanning from Raw file(Burp suite, ZAP Request) - XSpear running on ruby code(with Gem library) - Show `table base cli-report` and `filtered rule`, `testing raw query`(url) - Testing at selected parameters @@ -64,6 +65,7 @@ $ ruby a.rb -u 'https://www.hahwul.com/?q=123' --cookie='role=admin' -d, --data=POST Body [optional] POST Method Body data --headers=HEADERS [optional] Add HTTP Headers --cookie=COOKIE [optional] Add Cookie + --raw=FILENAME [optional] Load raw file(e.g raw_sample.txt) -p, --param=PARAM [optional] Test paramters -b, --BLIND=URL [optional] Add vector of Blind XSS + with XSS Hunter, ezXSS, HBXSS, etc... @@ -78,6 +80,7 @@ $ ruby a.rb -u 'https://www.hahwul.com/?q=123' --cookie='role=admin' -h, --help Prints this help --version Show XSpear version --update Update with online + ``` ### Result types - (I)NFO: Get information ( e.g sql error , filterd rule, reflected params, etc..) @@ -180,9 +183,10 @@ __((_)(_)) /(/( /((_))(_))(()\ +----+-------+------------------+--------+-------+-------------------------------------+--------------------------------------------+ < Available Objects > [cat] param - + Available Special Char: ' \ ` ] . : ) } [ { $ - + Available Event Handler: "onActivate","onBeforeCopy","onAfterPrint","onAfterUpdate","onAbort","onBeforeActivate","onBeforeDeactivate","onBlur","onBeforeCut","onBounce","onBeforeUnload","onBeforeEditFocus","onBeforePaste","onBeforeUpdate","onBegin","onBeforePrint","onClick","onChange","onControlSelect","onDataSetChanged","onCopy","onDataSetComplete","onContextMenu","onDataAvailable","onCellChange","onCut","onDeactivate","onDblClick","onDragEnd","onDragOver","onDragDrop","onDrop","onDragStart","onDrag","onDragEnter","onDragLeave","onFilterChange","onFocusIn","onEnd","onHelp","onError","onErrorUpdate","onFocus","onFinish","onHashChange","onFocusOut","onLoad","onLoseCapture","onInput","onLayoutComplete","onKeyDown","onMessage","onKeyUp","onMediaError","onMediaComplete","onKeyPress","onMouseOver","onMove","onMouseEnter","onMouseWheel","onMouseLeave","onMoveEnd","onMouseDown","onMouseMove","onMouseUp","onMouseOut","onPropertyChange","onMoveStart","onPaste","onPopState","onOutOfSync","onProgress","onOnline","onReadyStateChange","onOffline","onPause","onResize","onReverse","onRepeat","onRedo","onResizeEnd","onRowExit","onReset","onRowsEnter","onResizeStart","onResume","onRowInserted","onScroll","onStorage","onSelectStart","onRowDelete","onSeek","onSelectionChange","onSelect","onStart","onStop","onUndo","onTrackChange","onURLFlip","onTimeError","onSyncRestored","onSubmit","onUnload" - + Available HTML Tag: "svg","iframe","script","audio","video","meta","frame","img","embeded","frameset","object","style" + + Available Special Char: ' \ ` ) [ } : . { ] $ + + Available Event Handler: "onActivate","onBeforeActivate","onAfterUpdate","onAbort","onAfterPrint","onBeforeCopy","onBeforeCut","onBeforePaste","onBlur","onBeforePrint","onBeforeDeactivate","onBeforeUpdate","onBeforeEditFocus","onBegin","onBeforeUnload","onBounce","onDataSetChanged","onCellChange","onClick","onDataAvailable","onChange","onContextMenu","onCopy","onControlSelect","onDataSetComplete","onCut","onDragStart","onDragEnter","onDragOver","onDblClick","onDragEnd","onDrop","onDeactivate","onDragLeave","onDrag","onDragDrop","onHashChange","onFocusOut","onFilterChange","onEnd","onFocus","onHelp","onErrorUpdate","onFocusIn","onFinish","onError","onLayoutComplete","onKeyDown","onKeyUp","onMediaError","onLoad","onMediaComplete","onInput","onKeyPress","onloadstart","onLoseCapture","onMouseOut","onMouseDown","onMouseWheel","onMove","onMouseLeave","onMessage","onMouseEnter","onMouseMove","onMouseOver","onMouseUp","onPropertyChange","onMoveStart","onProgress","onPopState","onPaste","onOnline","onMoveEnd","onPause","onOutOfSync","onOffline","onReverse","onResize","onRedo","onRowsEnter","onRepeat","onReset","onResizeEnd","onResizeStart","onReadyStateChange","onResume","onRowInserted","onStart","onScroll","onRowExit","onSelectionChange","onSeek","onStop","onRowDelete","onSelectStart","onSelect","ontouchstart","ontouchend","onTrackChange","onSyncRestored","onTimeError","onUndo","onURLFlip","onStorage","onUnload","onSubmit","ontouchmove" + + Available HTML Tag: "meta","video","iframe","embed","script","audio","svg","object","img","frameset","applet","style","frame" + + Available Useful Code: "document.cookie","document.location","window.location" < Raw Query > [0] http://testphp.vulnweb.com/listproducts.php?cat=z?cat=zXsPeaR%22 [1] http://testphp.vulnweb.com/listproducts.php?cat=z?- @@ -208,9 +212,19 @@ $ xspear -u "http://testphp.vulnweb.com/search.php?test=query" -d "searchFor=yy" ```ruby require 'XSPear' -s = XspearScan.new "https://www.hahwul.com?target_url", "post_body=thisisbodydata", "CustomHeader: wow", 3, 10, "result.json", "3", "blind-xss-url" -# s = XspearScan.new options.url, options.data, options.headers, options.level, options.thread.to_i, options.output, options.verbose, options.blind -s.run +# Set options +options = {} +options['thread'] = 30 +options['cookie'] = "data=123" +options['blind'] = "https://hahwul.xss.ht" +options['output'] = json + +# Create XSpear object with url, options +s = XspearScan.new "https://www.hahwul.com?target_url", options + +# Scanning +result = s.run +r = JSON.parse result ``` ## Add Scanning Module diff --git a/XSpear-1.0.8.gem b/XSpear-1.0.8.gem deleted file mode 100644 index bc980aabbb5a75ecce512a62a7624105a2ad1494..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 25600 zcmeFZQ;;vg^CvpC&e*nX+x8jTwr$(Czhj*-&RAz`+xDH`|32)-|7D+c?>^j$j;QXg z>Ws{+%uiKhX0)xTi=m03iy^(a7tsH%#`x1%Sy_Sp)Bm*p-ZQbWvH>x%uraYSF|jdo zFaa?#v9SKUB4qsE#nAsu*VWm@(CLRIcMDTfoBw&>zuo_@#{Xa0{)ce??eqUz9|@wN zfI6}`bwNNcHMi{-7?J#*^$p+p@{-EdNePjmn$cOI*_(ld2~oMG+1T#m4S3eaLH&8m zDGFW0D!LWX=G3dMC%C>oUa#h@lSm)(Y$py^Qt|`eKfo(^du;-uJ9Z{vizCfooZj$- z%*NO>!wtTowXQp5LgoqNlUZd5lEj$>IMfeWCy8nvVU2a=kvk2dv(+JnG+*XnqG1!2 zPo!6J2I!CwmN0z!!L}~;DU_Mw@xxaSl#=))5#lY=4sVmq2BZB5(O3&;W_1L0Oq0)C zZZwJ4?ff?+jfXV^3(AWG-}Nu=ja;#Emp2?c0!Ux*eZ85Z#2Ni5)Susouwc^Uk)9?X zv<_Pr^(y+R00u%J&QLR%E)B??n#Bzyy>&j5KLs(|{0lps(>=%=L=RWnTsNRcS2^Lcu z7gINU0|;=-R{OuCHs`jKttRT+@aG|uZ3IHEJnXBR2knfHl?g7(=M&w)<9^S*K)L#2 zqajG7KP0i#_A3_~UyE5Q#swG&*R9o;yEdrUq4uXmw*hiSM=Gyhcb0+?U^`br3N5t^ zX$GS^pz?q(#5v7VmIfHsoIXA-S05fO#5z@-Sa*t+R!&^YDgt7=(3F{8M3DvuRfU)7 z|L6{;I(*QZRH0+^1aDz_A7YOfhK^F6hyDH1ZVy}@dv#II5nzy?o+-0e*ea z8JL?`NM2n%q=9I<3|^b`C@G^4MUe-g>g%YXU3Qu?K0*liakh zucKW7x%l7EzmvV@ncgBpzhCa*%J2qiA-Gh2_ZXvI?Aud^8Dk3g@qgVsyT^?tciCWw z65OPV8O(+1;kh-PZa9htRYy?i>I@>8yYjyowL9=pmZ^tnJG<=eUno4$p5#x{(tfHU)cYHfdAj&KN}MZ zJJWy1e-?Ju{~!PVPZ-Ys!2gRsa?T`DjfCvx8GfR&>KdRGAjsQu6cVnJe)31Aq6 zU7cde1|X6^tEqxU%qSljMtt7k?wacpXN`@inR%;cgvpt*;Y^t}wutljbGK6;P#xZ) ze#F2al&IC-VU}v5W@r_!Q_w@qJB zzNQXgUbhcnN_Du>X%0D@5_&W@C_my%{hz^Rh8odO6g%)L&bq4v&<>Kqry;6J znTJ&~*|6f_7u36IIIvt>l=9(Y>#CXnbt`;>xY_{BYdW+iqXIZP3NM?Ql`^Xs!T>f^ z$z`QgI#NTJCc@sjMwPq(Iod^BDiJobm_?;(Eqyejnm*tCw+OqoJWQwjjdX|Ys{_#^ZdoT z`ue}lPp-ukXXVDWl%!a>eT<4E0y_x~@=cc+psMU=CSB|5GG_HFb5K5~B#*~`wAMuk zuPfb1jQehU+I-A;bz?~VPn-Qn)ciZng&9=^cN)hrv< zC#*2u0Lni#rbWc`KN-}wu5n{7i%Jd!&wp~ri5%8rL>bgln0tVpByWX=L(PzsExSRV zUCq;+vDwvN|1!K&VHRK;tuh*4!$A7NC-{C@Xa{b4o__3ZiJ%ccxJ^yTPv`z>uFNoW4J$e@RkJJC%`MkZy-%mBQyIbs3E(TzW z6gx5^2~Gui7>akA;lxf}%xC;>;SEIvK=cY=2I(wm2q*Nnosbwfuc8g4 z%y5N>6VKShcs#Q5T9QvrLx}%1%y@0Bo~-yWWuexEF2Y1N)rp{@ z!q>wM6*SwEu*y%ZP@|^1qhvH|YJ!HpxM}yQsw2W*HL;O>ic2V|R+XLH^W=jMwQE;d z4Iu;5Y6*cI{8%upRtPPLMdh}owJ58FrA-Q|oHd;R@s+1_X8q$wJ+9TRhNi)sDH;Pr zed(<%IV3%=T^ZkaarR^G3ccUSQ^5@cS>GIa&;EY8_q{7E9xko*QQgQYottfs`=Em% zuWvwRMj0fQ*1ILsggGPs+{6PuYvYTy-(Co;)Q_X#K0`88aP_Vuqg22H&T{vZT>5L9`aHyg}^a8!^=3#ec8$319Do1Z4!rs5{;eb0d-$v6KV z{4j`3jeA2o_>MJd#ZCK`Ssl3l_|C@t_6E&ZT_l-;xt=^l8tSxC$UJ$9Gs#9#Gt$P` zsj$+cvpt$0R(2=Ry|6J|xNJ<4ss8QRvO;fr)YhqMF4jBK#G(f!oPwD*Bz()0ba0o7 zAlB5n#v=RZLS7E#;w448y)5g_pm4fc)#2bLeL0h-g-fJs%@Z?W!w@P>c}z>%$|6}y zDOK~fur>GU=i1w%A@B-V;|y+V@~VEiD%t9*MJ39-eHs@9w!mN72Bq(kcyzbByD_T} z_%yuS-2L?-Fo=v8XXR}^B^GttnEOvbyUW|Wg`m3j&){aV`(m;7y-i_Jyj!+;t$2%; z0JlK(qQVAmcPngEp7)-tjXoe%k-$E0dAjPNz)jUQ_bLx>55JsKU|;SbctIJ79+14b ze-<|soB^83rV88HP6pV2^Sdli-wYShqCRem3cXP0@6AlsZ1US$2}XW#(*Tvh8ejXX z?yCDP<`$JQY~TpAkBm!xj1&7*i*rmtk&$ZLs1csF?WN8@G7fK36Dw}DEY{7!Bu7bJ8|x4~5AD_{NS?}$ z%XAL+TB5YMDNr{)SjT{IfCH<{vJrZ@qDfj_D!o{MCV~B$&$h(Ib4l9Uu*kzRwcx{{ zI*F*e?*;}qi!IxVx~UeF^6)UCX&r}Bl+n0~g?1P`I#s%)O-ZmY&~}R+G%Ty4snAZo zqAY{q#7r~02Un%n$QX~F3OdcGiw(eht)(;Rc{7Pv5JxD3*HZyX7@=B}f1eL6Hak#} z*gVm}{Pj0Evr213zok-B<`T2GPUTkd>JmKlkr0W0NyRK)C!PqW=uN*}Vr$LCicO>^5~- zw1^92`GJye2C*NH?vyp!?SkScgd~c7aqN6Y?A?brH7ef~%CKR#YLmwdYk1`N{xNUH zKF4aFEx3VyYS^T$*>RgO{dJ46ry0-DUDG;%w;0d)RqImotG2b+?x9zj#4Z)zawtdv zHDfa(lq;yOMx1sM71XafmQsCIzm$l;T0)=2ZrWyqtG1o17|oo0@5sLLSLo!tMmS{@ zpYORTfn^VT{p($*)>Io)*H3?Pw4Sl(6S}Q>&z6EnE&g!^b|O}ll&SgmnVwUT+C$Uz1b61gg!!?s0n6U7I()EgJxn z)Kh7jdZ98AhZX?V1m4QWf;)gbIsr-U^JmzaD{aUNMc3Xqv? zf4k#kg$zlJ2u_v*Ji&&%_UgpGO=Yj<1BP5rA+8a-2AK_AtvT)9n9UVnYWbc8O&Fjd zE*uE$4KuL~wkJf%sPHwogy-=sV6%Bzv)gf19rOZujIAU5{xKfR$v6Dn)?tI6(kY?> zDU99W)W#z~#~2)^mO-j!Jrn6@HqR8_i9xkpeOYETK$QI zSwvA>FjT(=9iJ!5STm@~43>)U_fyF|aM16)ie55QNSy{k*?wxcG?ADj=E+A*s^Z&( zf;L$+(PZ@*M)M%V>1QH`I31Gv!}tr@)Pp!@w#r&>Fvi6^nDgd1>aN$$Gfj>wQ+huw zSQw7jF$;YFgsliuSE6t+*PL3>A2w&hd50vhP8A@SFIPvzjTY|U=?kNqX;$(E{7aId z**Auwgi=_$dAgZY>ECLakZh`FCU^BdN_;vUlU!(rQ$9;ekM&^O0+F^;O-t;)Fv9M@wjWRZ>tinKQ&Z$;-G zzD%0oBtuRtG$#XP-3xy+_9c4GDGyina`n6ZQ5?E~N7Ojnb9si7nhB!D3YA+CtNw|)m?Lm%$Fk6be`Sl6oJ4kT_H` z<{$|-tJFUTXBf+)eEYjzK3_j_TGg=eq-S?c@l~#yv=v$ntsn5W(vsO`VG(Gn)6SK7 zZfulNKjx&)sFsIe*<>SjU>MphsW8j{-dl5qH7pJvqlDhPNi5P;tk_Vrupx2k?NOWf z4t+dy%BfOkKm>)s-qE`0!DDIaVo9AVeRB=UWQsxg>`1*(b!B5?{Iw~KgQN9BtBqxa z=pz^Uy1^iWD&C(~rOC2_LfmntchKiVYJ zhNu^yM48%}MxkYCnv}XE%q(yvlUQ>>k~x0}_O6Z<*Sk+TNb|xH*`h^>EN3k2=%^D%5s7uj*)L5NlD6u)@^MxRRNxz%_f4Gh~f9a3dOZE^SCzDRM@2F#83_U_j+)qLGE7fqm?_>x?+r z>p}hXDa@xmJJATr>LtFOk%cE$u3V|OMvcLtequudd)>hXea*j-UbLV*;9aRYX?p*= z6z%0>e8AhzSr^R7Q9nx1Z`aqtrDf|+{$e(8?L87ex?_H1iP~soJjln+T6gGYPMGHF z#W9k#byGLsD=j!IWrgMai&6iqf+QQ+5Ms=43Bj9d5Cm1<94C_IIUS)I z9a{U8dq!P4g}*(S_JZvM;Fxw<`-fuWZt zP2ZC*fuT0K;y-S)*oz;4zrs%YxczlEL;Kw3|LMP?|6T5H=>IvP|MkZ3o%ea!`^Dh@ z$?(0d|2_Ks(f0kBzqGNRsTKy^>qDxzx_4gpCvX$XE3sg#%_F1!vJ@8 z=&H0Z>`P^3=c8n0mool}R?%^H_v2gqRxm&7Qs)0E7~Gj+!g;ga$$r+DpCw2B!2F3a z)8?Or`Q*+g*QUnGxJ^j%)Q5Z13PbPc>BE}H;T*~gbz6G4Z1I|!PWZ}3C*<>ER0p+C z#Q7*d?6#-mqP4`+-q{lb$A=nv!3S+iVsseKrWI;`!z$I}^&XmePAnM4HDc^5R-)jW zX0IgYuIZ+-obfw5)K)0%5AP=2+XlwZlLoSu$bJlm*uah*n4@kbujt&i^nQ1!!LUGN zXZtJuJN@&q_iLi}v#s~z@%zKx8H<##Id$q#edUI>rrVC{U`br|$0H&#^W`S@(B7U0 zP@??bCwjjwzu$TZ3U!%&Z){M~Gx%eu>-|N&J1@$Oepha$nJn8pLfij?XvG+IDi*pJ z6U0%AW-jZ@cau3ZX`42&dMI{3Fdm&LY-l^=;-DXuF}ymo;S@pT;>jifq2TUfOAa0# zYGY~b$<^I(w^yd9g9DEDqhbTgtRPvN%z4TqRe;l*t?gBxx^DboMA=i{?5Wi0opN3sBqBxTjOscATz|7b1utlb@n;n_^XYN33 z1pdkn&o6Xav6N#1Fk8D+!%wv>oiE9*hC7(j1^|85e<(IhX%#;)&3RULcW6!9(J^rU z2yB7+gJ?8A%CTT;nO%W;tcOqIJmOh|9NJWtZQ*Im$@!r@Frsef97@!AcUIg`w-_G& zZi5W5Nl`$A**#)-iG|V~bc(L}aC-3DWokkDMmd6AbtYtDWcDyYaIV#`m@k8+)(_&kl{0ZeyUP7N@W#@zIIlm1qGL&v1hmUmK8 z;&-5y`gCgastr@S?H)rAt(;(493PV!1~GkPbKP2Fpx^>yFiwb}1>|^aApZp|hBiNl zwu_(XKP=3IV%wEgrh^tfbvoF!5&iXH76QTUUiIi>8(Hx$7>^c)gEr|SlsiMAr;vOp_n^DjfrKyhG)z{0qjEAKaMlSq>>qwrCtptKz z6YMR3H7fOoiq>4{+TJ>C|i2aLkY(x0HpCOs|&{8C0WA2IXo$<-N@ze2KvgY2*HbrN9bU9LC+azd)S28<1YjFTN*7 zO18ajchds1BEMuF6!jy!1e4k-U{B4#CgAXZtsyx0|Ea1l@dUqHxB(bF{Ffh_U}n5} zc$9d#>w#C>K}+1vpc;Z#bGq}VvQ_Ye*4TENcW}>EZKArdy>x8Z-M7{7DkjdWIv?W$ zSZnLJ7#?+Ehdr@;rM;Vy=&IY;VdX>4mNtk9h~{b8qP0$o+2D`Z`;)>iovm5UyFKwi z@|_R3VXwxIO`3q}-YZT3PG#~kM`oHgeFj39u-BOkQ1(l$w?V5ITU@$GTOU({5&^Ug z{;h=A@is(!VWTm+DWS9a4H|UaX?gn;ruBX?eym^~r_MV9?D4m3S&Z9QS(L?-op~J9 zu}g-Z?QigHE`ci2;+!uu-gQ=Af_!c2%7Yl>E*rvw z^t0WA7{t#KSOOX3k88R9ylLzR8vJp|Go=2CM&aTK|Es^w`{6~!YdZA_s{nfs*C22j z!#YFuFPRwGvEorwZwCFrqqVcGNx!93)?i^5)%o#Oys*Tfgk^S4~~ynbuU>sRj_r3%%-H;=y0 z)AuK<0{7H2zm^8)T;XPeCbm|c;Xr-mmt|2VrA=indLC_s*@frI$7hWHy6TV1^$?ut z+kOmIAjW4N4&lFO6v<=&3@Xsl8fxDw~?=w7EY627! z%se{??T6a)-_qC{6)9?jM=plKlS51GF)#ZBSYq`Ln>4oTThAaZ!o9zJuHn@075Kj< zJTWi&Z}le+ooDvHsq!#%#-yzk9M*y4R^w9=;Td#OvG`&x|@hfzqp=LgbEN2>aKowL{f3b|5MWD*sso|j`VOGW2u`Xa1#v}$AlxYIuG@8XK z!(jwNzAIX|%Zf5=1u3aZ8<}Wbn&a4y(x%xcO@ycW9fX29j9+4-aFP?vwpl{qQB?r6 zw2Yf9YN?g(gxwY=bD)SmnO?;`zX0#@sRF;K%s_E0$Hs6 zDwTfJN!643Dr;X5#E8rHfWO`Td(O2f~d)FVssr~zf_{))b z@1%gaU1IL(&oUi=-_I&n=oTe9?3caJiJWe_^h!esr|DfC3zlPNmArE?dw&GYR0dP2 zcQF)5Ze|!l^_w3|`C4S$!)+bVKgK-U(!W&Oq6-Q5L?i|rXQhupL3nbTe}db9 zGPhtHw5-0;GY_c;Gq%nC-j&Y=&v6-coGZ7`8@pCwRgrn0-lv`X`VaL}q=1Ty-` zf+FpEFo8z}2jCM#21MU%@5d!WXh_Uis9FmyW+0nPIIkYve3s)B#79Ehrufw_pt6eu2>h@*JVkQOcw%@IO|pU4={ z1f>IDb3Kt@v|a%{+nI&U%^bs~S<%eVXk;RA;AMmm2A5Apnp?DM{y9Lxx~9Agqm*ZJ z6(pFhq>WaZ9PKLt1lfo4$Bb=*1em5-9gD6W4UmL8A^1Gkw3V9aR4Gd5lX9`R4ae29 zib4oT=W?=E=A*fo$Qg(V@I47k3h}^ONopp#c+9o2Nip`ERF}~9KGWcy=}35I>cLEy ze6Ub4?RHoUxbGzeA-&+XYFI{_kmEaUMc=a$+7q+9%oz`Hh7 zRpqgEiUfdo>0zDD0aZatmx7>}8I|Tieu4$svs>!3S2x9Mok=#oBauPGmr64?auFez z%%eJ>=`1vsg5$d)De`?$(*yr7Qj{dCif7os@j$v0Bjiv(lRITFE{{VtlHln-5K1ON zST{ikN1RBrI)pd|d5g2;6G8dV4h*FEYjcP0^}zm42*+%E*{l(|DQR3rLv;L6#rz&a z7vsLzLUc`Sh5nMbYJx0EysO|x}hIi2x~EB^`r#N_!#(}*A|&}r)w{eeG;${B3?@d?Qq4cfsWX2*uoM@)cJs@ zTw<;er7v<8%7*PQ8my6lAy)?vl`61a@2h2L(-IH3s=w@!B;th>GQ0|U;BwV4mF*nT{MsEyP2IY2LHu)c&CfMos!Q%AP5Hw2 z@}j}dZ-h|H`1#<%TwTDRi$b7DU`hT-k9(lVsOvbu7xdQH`*9&3 zr^P+o{D;40{m{NPwLUoAw!5MNWp9bDmVMOqZN4pEjZz)gfcXeR<~TfWf6ZY+T6>JI z%R+C(ni0LvgBsv`stVKn$*H%VrJAx8yW%C$AY9h7(MrrD6sLdCPzOAfPLz^X=oY^u zgSL;Ss$df?HQeKY&{=1s3SJM6wLY)U9aBAevp)1`O<+~t1P*OZJ-__3?gi-ojJ_bs zpL+1Mt`DF5DYy?Fca^@u&=a8aI4NgwRr=zutB28Gz_p85c_V;#cV z5`8NDG3Qega%NViosxeIRb^MbK*-%K@C5byTy5X)ML4eAafi6On|JMKUJ4{ z2!bmp5Qx2WI?&@6QVLr($<_WX*X)YtD1(9HbGkR*da-vMy}-Zlx%9o?T)afAN)zZ= zKElk8;YSoN^FM5LV)T2W-CQQnQUOp^zTxtz++NcBs@%d0S6G-_i3{3AjMdU=f07Fd5aRMf+*8@sC9$Vl(<54Yyj_ATo?BfczixtCWeIr7B$ zz413!n4qkwW{JPne(Pyu!3M8NSpifNk>r`dPEVjJE;sS!`xXFUot4rvDEWZA)8R2{ z01)rh?vPhGf{>Zrei&uhsIi(GUF%SyAfB$wJ>Ryq)rR%6{GXqw{m^!Yx;=Fp+*_ol ze=gA7+k3oG*V|IJ%+3_bvKnd1GIS|X3qw~M$lTUypn=S7-QTyVQTM362Ilqx{#`dHfh|%sa85F z?`w1?qxP*Jm-NgpYUlnSn*GGt9%#g&<2pVerNdV@qTx@Qciefx30L;sXs}_PZU&p0 zRNVe1zXL^#UoD>d*QjA-gBrvu-(kl9ekw}c4468+Cs!tGegHpdO@8c@-OL|WrtUMB zakWVLh!!k;?Mf8g7?!VI%c2KX!QBU66BGNX0%m6>N1l{>HrI3vG+SeOWPFavdwGqE zOTZ5nb`mRfzY_CJ;ED=mv#voW4U`E9%KVK7vZeTJ?8?yDR>b?j5c5Fyf1d?A+q%4Iz`)Dke`c$CIWP21}*lAVi-^s5{jjU($H8S@bl$ttju zZ6?r`%mD-E>nj%Rk$fMgSO?t?9sL<@El(F|8mUGk zjxea9#Rb}Q(s~TJ$~Ef;{Q%1Ln*CH$%C`MEOR8B@Fj|o9d>SXZ5`o)68(~eaZG?lD z2VS56(oj#>19hHI=)u1?rU*B;Y-;V7c+3z-P;>D^-6FmnQqpomW5nKfMiD32A(;?W z@|qzC^E)%hfJ{>3NKA(yS&%IT$HSCvS<>W4QDl*v@LuIL(IW6uLSLH9?lQ&~P$Cdf z;w39Xe9H-XZ4NNz?PY!bK}n{0umMCeL%=uM%xU#9ByES_ku-$i7+UG3IqZeEQe% zQVV5#*JEZUfodt=y{f_Rgjs~(I@1RB#M^-R?_cqTp ztr!%#lhL!K+3cmE@QzVsksT3cJqMZx2nlr=60>A{FU*aJB3NM!A1V9IZ3th|)H|~xv zlxW1{uY9hl5FWp%8D&;W4eYkzN9|ijCzouxA$oHQum38S7;tsC?tU2q9pOr5;A@;s z8@)dFhP#o7B-!hDtYiH`K4Rjr589t(Z}H1_3osjOf8#wcTlR$BD7tfAT3on!NFVZ9 zEms?3;3bqf=Q%Pn^y!fw6!G`z?KyURAtRRal5Y(~9>rg&nhEWK9;5MWVJ-occ%v6f+awaALAezB!>7?( zXWh7qqDw-6!&(l?OM`E}C752K*M~a|zi=3C%t-xu@)fW%5EdRn5ZxSL5423IGNuEP z9S@$%tGWW^v|;Mxq%YDcbcZm`oXVq0bJ?_#L9x{Uk``}JlLk8Wg=)yqa&~fYErAAHK24+osSj|Sh27;M*`6ZcXu@W%> z^bRsW1{HOqmL_l7iw1MHZIkYEkW{WJ3LONqKvaiM#PChPn%tg1ZhZr1m&r2W*;vg$ z(gg}sAi*j}KitM>SOcfNVG`5Y@Ocv9qcqivhs+bDqI)X8yEmhSh4?ZPikaH6$-NcLMVxNs)N93_!N-3u>nNE0spz<9CKn>fq>S3TI1(3d`IC zFE|~rJM|lK(#fp|RA9bZK;DOzoy3U+Q79DbQaVtK1bEfOk=Y}q+zN$foxPGuk4S+} z>z(1dJ(UmD#dYs`kXU`6D;%+a7YF?mKa^+l4F&?#_4G$cH9HSS9mJt<^ttvCsbf^% zpXyhjq~LB2fsuUX}nBRQj*Q~e7C4?sr6{CuH z;cjW5{`Dt~qdoG5K7q!$T$7-g-D%ICAD53{s+qh%9@IZ)Jr~D;mR>Ja%a3wDtSP2m z@tNNB*WY&)fpG5-Clz%-+(t=APxH`{+TO0Q`AFqjam1{jXqJ9 zSXOXDTa(BPN9RAlFJu)uYjfBRx?pF<%M*a@yXm{Gw^UXU_>498y*$C&FbMP=)jIMc zw-8_3_ShW97K7^UN6zYIFV`nrD1!D)_j}Ic!@xjop&fLUD7ltB1RfTV>qzgZaCP6T zBI%__X^8O7#t?o5v6lA5C(Gj)v3J9+mNHZ6%x00pgqUuFwgpNJEl%{0k$AU!4CH(t z!j`7L`dkpV!6dj`5ceAO3`D&~(Hzm#X4H2xJ4y}2>Dtu5?U-63W*wOpzBM+CBD&}~ zd%l_)_UeS(tPCHW_2K>P_8;IGlViBg9-g20Ko{+vBxrX8MAyzRL?S|iS-Ta$!c3ax*VuJzn4`Arrn)Uaw(G!zzR9VbzP+t6Jk2W=30Yw(I8lEn6%FFyVCJeO z=I}LbKujD_ulkTtJS`+Z$96U;r?zgWHkU3DH$fAQd=Xe%G?6_>b{O0$y{HUbL{ zs1+td^ZQ1NK;h9m52?@qe*~5oQBaV*>W~Um^#$EHB~2ZzVXR)m3|~k69<)97ru3C| zq;<*<4jm-nNE;yLj}`NS*F>$7F}yXyjvk<;-H;2;F=Awm*Sw+) z6Kw+KK3*4$IpG=;|I4B#SSBq^WSU7Yem>h|;ehkHnZ^kt=xtb6!$k;|46i-XF6!hDVY$HwE zs1|(2)#1R$v9jkW7BRM3VWCZS!&;wq?pgoUiT;DLYXcI@^}Ll9eC_lLR@l<*U4*>+rvQlQN;p%?C$y2O4`u zO%OE8$i(?b#_W(AvJ{y43^&ME8HGA8q}U}bK82DB<%s_EhUZ&ect?<3Pgc%Whe<+u zH9cT^@gTW?9JqFGvD-E?ddFbsCC3Rn^N%&>8OJM^$N+w$*#GuOe{$)LvJ&*p#CCbH zwn2nE0Zss`M6l>eF(;M~?YGGebxwxS)VSO&l`cepp#0p?iAx1^O$btj(N5}JyQJhMbD9^cdWe3W3z&cG$f$Pq_5BG{TstgYqvsW1q>!8`cID>@j zqe!(iu1S(q2l%U_uuiuxZ=o*3Np`ftB!grV+=N{sY&E%pgk*2yB`!c8Wr6cdDv+nA zAzgJxRbW(_p0|t>Q27r@4U!w7g$=a27Tn(|2;X zBIx7lVmn^tmlk^^G5m8pzF0`c&@eQbO@4X&7g?IsBNMTQ9NSJMof=T0dtl^YVhjM& z-jw3zngyE@UDkRF6V55&Jrrc>`bx3LSs3vavN-xxzvjyUPAKlqQ^{y&nLMqp1!*n! z97WMuJ(@8fZm?Wezij=zDc9S<)F{h^JT?bOfE816fEjY*FoQJz8M7=j2U2N=h3~RE z{*+Z$oJ=R(C$&rN-VsI7hAtDvhQ^E)`7900+osG%+La1mLFDOt4mn^KpBB^dyLGGB zDfM2g#NPBMjc$m!L4U0;6c0Oh(lzAd>fmS=gEgwnsa7q9&PoGG zmO%j*6t+{&Jd@~r)TCt3t$olfUZn@wk7O&*G<-WHUkLiQ!hOk>q*QmfSP@(hTOqY%iS#*3M@(D$cIBmup5Kzh)w<)_07KYk~L* zqAR+O)=x7U1WJ;e6(^@MRa8dc+QC)IuH3KeWihkTVkgh;)v;(UvYgs#2xGl$V##jM z$#1f&by}oFJ4&t6963Eia>SUdb0@5#z47r=#oVwk9LqhIYDl@oa%Sl`@jg(s9YXu> zUdRwZcR?0|KUiPy+(0}pzQz%T2U8saK8Pz8%?U;k4gKMdA(#nDdUYsBJ>kpu^UOEP zvq?Mz2(HZBncXG`WX2D9y^g?X3< zy{%apo&hPI_l!kLcCzsWkqr|VTO95z(PW{EN^XBii*jV## z1%*3KYY(XxYvFY%y59hP&7`iL^uH2>ld5IXe(_X#QN!33y&9DlLLQ|-c&Bg!j-I&{ z24N<&VbEG)8;7IO45{W54ZU>~7G2NPG5#6IgJ0WG319ySETb&6u+wHD8o(q7{RP>r z4xM&HPNFRq(V-gFrrQX#X-NY7lmW?~yF6bg=Ec+mE;XSfkU|@gV}aj`@%+X@y}nH> z*tggry#8lcI*&^J-N8bl1LO+-6tH;*O`1FjQqS)pMy#*o!1kTgPKEVxdKp%r4o_>Q$vc5#0 zEB>{n0bL)r>^eZaM zT`7j)=n-2FZrI?eyusKBF-Gb}Z8Au`l=VX#O;O4i{Z7E10D#T7Bem0+Sqt`LI(%+i zR@IFnf(iB5vSz0%bRp_y?(B>|VsoIm&`cGUeEUq@s1ELxwNT2^l8EKL)WLZ&T2-I0 zluy7Ti+BP_xxF#ZoWXDVPNnb!*O`%*Ve06l?eia{ft884WDLl*j&zz)luUHhq@;xM zl*C^YKKFSsXR6C~vkH76LT|Y5=}a*7XH5D?H!3ihPb4zh6ju{0jE?=|S;ULlkj1V$ zpo@AqBYl>0l|2;12AlX*puL-fjb&0aDuaTTpOtfF^@~Kr?&_AF&|o4bM)6nO;v;Q? zRNOE#FUm_f2Q7{LIM*pacHwDK^eHHZ=IC&s7%1pzTJ#7vB{vlW)BVrq&|yPfsw35; zIWV;049E#Xf_}tS(ZNShha$2&WvVVKVwrwAu6_-pKEXy;VoKM^{=rd44 z_EF)Kwz)YjqQ7rAb^G^sP`0!)?-XMK7V9D$-l6PCMhFi|sfzTLrwZlWu2O8BuV6kX zgQoBbSgxjyn`}RvKveRuW;37E`hzY~_?0eb`9R6(^{woBEj6hiUXaSY9yz!(fh%hh z-LO?`8!z!LU5cOae!liI?Dh8)&iAX0;rO=<)i>`~@4ySBmJ?EOv92qKHMnif(=3k3 zWkJWi+=r73^f`OfpN{C^A);c=ze7ZAGZ=IobX#xB3J9_}JgC15MxI`u!i*llO6n33yAS92-8#`6*u1I@Wc2RTFBs)s<*< zM34-1=sLr5@zn|VI?5+VxzyxUbq=n$%1c zEV?$FUsp?HB@OtZZa(Q;5bbOFBYMw=l9(4gxV3{u91hosGiGh5_r?}6$hQw*j~4^v z-AuIePVT%?sd#+tUgj&p%o=;xudI`0+vo)rh}|jD6~QIWP^ysnmM8{eU^g1zQ?uE0_=rai zJP(tQZQUUIlFtm5f=}j*st}2U-a;iGB}NV$O_-BLv8wTtT=F&@utX4_y<)0CV2o?FZ(Ohe4{N*K}k5Ev*01H+`ABdTUHnkJ{?EKt2TRD#_#LR4*m1d@8gUZdke~G z;$xsZ`$vzCGe1mq+!^dF5RN0T8RlBed^RvCw7uOyt4Axy7lswx(>c&lIzfhabyDMi zCw{^#2~7iXbvfrm)TB* zRw$)l4RD?LQ0GP7ufwoApkVMG?7UcQ3iUgP=jVS33S>lYAoGpO@ydJS{pmen2XkS) zlRdepo-CDDI&!cZ|434)xQ@!0)x3@3hKB#>E~s9ioTw@fuO;_)lw?1!6=%RKAbaey zLjU0i6sO%CmS*+0%TtU0j1>EV5upC1uh;LvK_3$0LIQ4A+dmL1Q_8>}k;&)592c7jE@c%~nw-`jX|`52#(l**5MA3Tsr zKMlaRmg4U2OmX*t!H2fANbv&2io3hJ7bq}DffjctrMMS&DegLh4LZyJYLmU#yZw?) zzU17UiH$Xv4(mOtLvf=Ac24nMd{@o9EUbX5 z1HreH`cc3o=nIK>sqDHZjoiogwV^Fa)02+BCE_M*DbRS$G0Vt!j;ER6k7>%yWu;Xg zX0F!vwK-q-E8AfZ;$$rtFxF|39u(yU1}Udi0+eI1mN!P+=t@DQU_7HE4fkUa zgN~~cEcXijR}D(*8kQly6&|7k$-#GpHq3vUP2?yo-UX{-+@wq32h(!q-bm7DbC5?` zbetMnR2yR!wex1rQX6D}!0mAB05vsZ^dPdY(RYjMlQ5sg$ud#D0_g_&Bc7f?8=h7)lqy9vK+S}~1*irMU?|WJi?Ss17=og2-J{-d7I_Um#vz?j^ zS4Z5;LIw9Hb&_#5?;@!!0vE~l0>dWrt?H*AJ{J0@)>Vei_52U--AA z<0s6;tXPy99?6=HoCkj$?$!^tc1t5;)sO1DcT)5N+;2O)9T&M~=qlfv38$!yzi@(CO5@jiG%0I~D zcKp!E7K*`&91bzA$ZbqvrArZ$MVm#oF`KF)~m(zjlM3(U(fcpSxGr7V6-M{yVm{Gt!`l6R)(1)_D^4c_qe2k zv#Ac(*{n#ZYKcohaFXfDJFWmc0;$^anpiQ~v#m+hhhawAHHx?hwwo7%uMeD~PMwv) z(X~RodL(jWCH-P;zZDP1rrv-5+DThHKXo%@$2SDG1Pd@n{0x+8bpIhwZ?mY(#OXRf z_tdK`g+9EW6MRPkdCh}fqK%9@ZW21hxfbD^?Jw@=F|B@8o>!MwcZ(-zvQZy%9X(@+ zmT=1EXH}k?NRvwVQ_t4F!lfGD3tK;4`h76#1babm2;Gm+P9ILR2LV_SFpg`6eJZxu zM(Es0+5zIvtHtDrwYB-?kz`5o8V{l8B(`Pxli-ac(~Qdsg?vq{wxO6Yl=fjjT9gl> zJs+$Ngtv-8uR&V(B@Fd z&w>!RXcE7;Fl-I$F6y4hQRf)EAQhzDXoFyb!pmip&Vok19B_>1Xu9P(r4YrCoLVbD z1eZwsM>HaJK&uCGuzaF)vb!C(SI;y;WZ_oMfws#z;meoox!uwIpMlyszoC+Uum=h* zaNvh()h?P?$)sTH1P!6{3SGf z@_qA7ft`Y2pbjt;D^V6AH?X4xbOJiUa&LfPMay5K*2|ThS22{(BFp#1@o^%-nMw&^ z-%y!-8l2XNacGpn#I-^~x(F-MACSUB!hS-u%g%*_NDnW}N#bzt8E^(X;+?R3XmBF+ z58VjzY(Zg~$&-8j)?DTSxgqjni3-69qDAGVZvH}~gVMyB=#l{mA%rU%uQ@c{$%ZL@ zD-BPoFDe_1QUhUx>lZuyBEh-5mB#5yLM=AUIuhh0Id0X*Q7&Nq<}`R2#@8-@j{5oI z6eaMS9!IxlHCQ21423gI-OxH6z+l~4^`)I)z%CVl=i>@vrNEF02e1R=#JpiBEt%|R z%g~+e@T8Gax#aDgA@Wz@X?xVex-bg;%IzODeP1z~Bv8@Q+5JcZx5ise?xWOY6x5sp z>+BE%o==IG2v9d7`7+S&xxoSr;j&c^^rVQ$V}#1Btnt0<)KelYVn8(D5J~h{(@j8& z@R;;BhbYb&W$+ZD;Gs;auYS*Yu{Xp96EjS_plFp3ZNsl~p700Fy(M6H$;cTd`DHlu!sRompAE>j@aRN$}J|7R@I?&A;^nKsq3w5wWV{rbmFr)eS_Yd z;?}?6Wqhg9@QXVz%0Ob&s`>0BYjPs?64t{n|-_bHm$QA!OCvge$I(({MfhKKV^Veh8)6Op+g7e97^Dm|BTr7N?KNsjeUN%+I*Zs6UH)igCsNmO^1>gaMi64d zm%~^nf=mGQX4uSEeNvx9nuJX}EbLoFmF@1iC%KPT$j8wSHDavnX%_1BqqtUP@)TlB zQUZSE)~M+#3eQQRWBxeTYZ5L%+}67g>?~65GD?P4Qs4QTh#sRK!eSQ;sh877f4J?= zy6?`iJ|%uKR{f$|Ef77*ea-bT*UjzoS!g7Qx|IN+{vJ^O6HvdJsn42{r3bt8kW1f2mr39hkv!^GCFdr{C9+iB66o?_r8!DD1|p$R z`<>=)K;iecnBeFUF>nASIAA^{*(+227_hbG-bz(0pgdjgi>i6XW-#Oh!<~(AWYm_t zvlUEipXipFhEcS-$QV5(`ATdGW)p7Oy!S3euBZ;_?B+GM-6x6WCLHu)9w+h1$@iM# zhWP9RLu_J?zcNb+@l<2E!qQAujviU6t_-k(9MfTrVEI_bhbEqer#yni7Nc~NxF)+_ zIBPo)fn5w;Q_}6#c=0U^#+E$+9Py{V&g6ImEKHSYP$YDjjfEZVU}yV-3}0Mly{usTa|o9&R7_Vq!`FZe#_l=$#c zTppzdTqX|kE?9}pJqww=?4y@cEFLk|Bt6rKyB`b7W;4uEt&$u4oboG!Zy#Q~X|9m3 zn_tD3i{wUww1%uvSalK>yS?V6zu>)B@HUtXr!lH}&_Y|7uH;pDFW0S_-QTbqQT||IzX^Sjb;=L*O7=!Xwl~LB1{3W!6t~?>xl6~>& z&^iT*Xo`7IdnMh-J(6NqHQp#zgG!XJv$#@pKdc3j!;i}ma9>vnU688GN{A_cn~LFa zmB#E_oJ(AvcGN}o$6x)P+d@z4%7x4M_~|-#M}$b7zyIkGK}v?zuWXv|6WjzC!Ii7jO<#@ zw6Pkxl-Eo1dpeF7RQMV{f8{x9n9KEE$~O7T6l=X9g=SMe3Iv*myb8Z7r=+40bo!jC z+G&DXm#|bHdD%Ntpg%?}Z1#-^7u;X?O?I9JlkN2THrMv`bGC4QkK2Kh#Dt%=%{IWl`VW0gXUD1bYPC1c$??Q(6Y%Kf(Gn3v86$GE%u)~6)S%E^)#8#hCiz|p z|1PA$YR%j_u+Gmn@~JiH!;irWl{_}5_`-O6UDZI6& zpVaEWq2-fd_s29TzCqp|Zu2^^4TF1^&Q3ioEq;*k!OI%i3VY0FovMmh`H0Z!`65I* zVvrrrzbj}Lj(2jo6b9Ff$f9E6?(bNhbT-3O&_X!KWBpnBShryNcEzh$Y$W~#DBU^ z1lu6^>DaFma<62q~NvnZ)pYL4dixsHVEiO$e%DH6#843P@^c*0k_1L>!Zbn1^ zT7lTZAXy&n8XlBdkav4ZwYFn^-=W(J3BC8ZJN@}pneY6y=sbNpuUZ% zmy)pd{9%Vk!d3^wX%mG!(D-=qaiAHfMrFG2j0Q1UZiWec6@hbHy`sYF5xv&mdMM*6 zVIdBsnhj-k7GqpB>jeK{`(hHJ+X3kI0DB|`ILy6jiS4?V%|E8Q?~%QwqM3{Fisw$& zG@6h`{l1I7hE4`IoG^hubmdf|&wh($Z3^~2+b9+OcoW6<{axNN^8}r}Z;nyaw=UlR zJL}{=Dwdjy zJ{#mhH_gw+Oig?~d`{e6uG3~^#*|P2Gz6>9d9^QLbA@6L5pY_x@T1%)!5u~%pxdSf$HZ;@)- zoN{TRn1i^fjH*jUCSw!XzT)@9f{wt)`4djz45#e<)f^BgCB3k$vsD)@ktAzjXLUUM zDjKdTofnh;=w}d~Z&2^8l_#9=<5T37zstpX3s8LZk#aRn@%y8#YxQeM>1VKMQ&*;j zt%|`DIKMspB9Xxe=U6WNLnUq+Mzp!${m=)1HrLtPC95iF)c52?2k|}rg`gZ!BAK!q z&Z?557ufFW@zibin}`O9C%}f`Mjt2$b`WzhI8U@kF*b(Obv=CHJstE?71lVBJOi^fPOOZ(UU&BdQi{gk}8^mVz7^k`EO4qQb&I z>J8^E(PA;kBC2ah8M4C(lciwkWHGNKW9#@Hug$ZB`0RVzLsb-aPsQrxu zNV^62%Ch_ft_vb8_KoY~sIgmMfu1Q|_;g!;YOU81V}^|-12&6wqrn$UwjPt=X`jyD z<#RoXN65*e?NG<)n9d1QJ&UG~^ngz?j)5{O(td#fB(yn$Y~1O?*IL`Dd9`P!z68*d zfmFgmN1AXHkBiNZgOC~a%ZI(K@(yS<^&?;lbvGHB&keo}7#Wh-fr;QS7g%?n3$6^hE_E*O7%Cp zoj;-eGPY>uYIP~mX=!8Ne~iI?t2%Lz=#6a8d@qpHg)qOP#{+Oz{o1d%Y(`(G3`ljAx{+pC9ada z_}L#^tRTLTo_kB_hoel8&^Q6i_R}HJzUiv5k@!+4S=#4unrZWROMbr`gW~WW9x-qZ*aTUaSa8lcZv~*5fw0cpe1-n{2rl4_>UDbo?k_TBm@`{f$#u zwg>`36~26ZxA|%}f=p>F6#82n)q|!c)aKoY1=R<6%5=HA3N3*@Q)>u`?em(I=e->nyVuhK*(vMK2E13uqqwr$&4`Sw2e*Y%(5qqWyMSbfq@ zU;T7-Rdw~<-BsN-Ce8-N2F?cbW}YDbs}kdPVr69o`A`0x{(H{E#>x)D#KOkJ&ce#f z#>xi5$i%|R#tK5r_`iyw|Cz3fle2;2H%o5jCMMSZbH#uA{{O1~e`WhG;r?6m|5J-Z zQ7|AT16(>_;1}v!c5{p7Y_GD2p|woW4263ix%k-)EA;b{efYae)%K+K5UMBVpgIsVSFk^g$vOM#_FS2JuNAietEYo1(XT1tFd=i zxDdVV2YZP+$x8|&EZ^Y4ZoF@bnE+-VGRdgAK( z-!9zlvp_@RQq}pDl|5PKnl}Z`j#rF) zs|*v+vs&es|ETjbql&jz1X|l6_|0 z<4&bkPNgpSdytXl&h@_vFU{?!fF@}?$R|O+n{tKSI+|5h4Vvqm%HkfCP9)pGhN{fH zgWLFH;KB;vJ^y7a>X*&bJ^f|-B_YT}qIR(~$GuF&5ve~mu%2jK zfI8nQZL@MmiqjX5StSa7OSmSc(;0EEw$~`xMa0;TV!h|=*_xYXG6!qOtYofv$WBp( zB)mKfap(A8-O<$j^^j%x^RhUcLjW;aw__E%G_QLJZ%JC{0=_u4i# z#wABgDEdL3Ki$&#=NUe3P~1vPg$eHhqI#w$_?Z#KHhe*z0h{IS*2)cXd1P43`&w8OP?`*Bk>TMlNxAgP?-tD^T@^QDJzQ@6uAOEM${r~Xw|6u<&0{-vA ze>N5tW|ses|12EL{}=!N|FE0?!vFJ59j86XMB?SC#uwC?@p96P-+^1n{fYHbR7^_e zi%W@$CJU0>aO6U$Da8Mv1bv*PjP9n9joOjhpBT-YOj*p@kvQb(2;5qBRfd;uJ+WG?EEag= zTW`@Dxx(Q&v1%Gr1{giMvoh03oYil-FE50tS?jy91;rpNoMbHa#11^0m(`p30R33l z4apYjSe;;CEAxfAVh3%B;gvEF4-jJr?hvf4trq18%$b}D5w!^B7#m{?^sMFpghJv? zdnWfJ9V}XWKAx>xSs6K(N3PE1ftyanSe&R_9j>Oe`mTkpn`LUaos2TAinG?7xW;Ri zS}cYHPK?;dE=Sc1P4|}z(Wd7uTq`uABjTwqWURkK*OiaTU!-C zQW7kG39|Du{=ll+^8WmQ^MxBX|FAUITpg;|L;cJhQ@bVk)T2Ed%YFG$daswlYl+P_ zG154Y1-6;~OtrazmOM>g>M^Unrjf($Y!CFiNLU=v#HGh%@8AwnV8`?tq?I<~Q{fn_ z&E&*nl-DO^3YpasG&8gIGllQ2eL;@O&HU)%npFnO2n1d~J-;*L)nX-n!M*ezy?mi} zPuST)Lj`Hro*mlLO^FgP1WlMq-O+me*a5B$6K)bZ;?2@_JoZRwNkq%|i;PQCEh5Tk$~= zY^MdF)DwnF`iHH?_*-Pk!pIKcbEi95<7nOF*qRgPdjDgxxmd*0>-WHjpKEN(RKeq3 z%r;NvKetLnn!UPeyD~Lyn5bKr(anM?9Ks2Y`k8sLET3Vyyc+FDyr5C;f@S79)c>?M zIOF!Pv1+T`7};PDMNtDUB}-M9!DhQ<0w<-QF%~U#AQhRdV-Xa^$BeF34A@x~S&W<=Y`&B9grz^sD7U0}C|3eM)h0By8|RU5`)J(NvH$v96iu<`!(G ztuHk>Jh52u`t$42kwCi|GY;@?4)pq8uN=L#T76zWa_&NX@4 zR+mIqIF;Hr)Fhy5WZ)OimTG_W;r`Zw50gNcwUD(jg8W4XBNp|%TD!@aU91zfjGym6#8FM~A5fyJ$FZ{3ue?_X?_U)lVX=c`?|VQz;Al7>1} zC9#NRG?(f|bd&e=Ju{7gs=8BVQU{ls#q%q}CaV~1xijo=nq@k=4A#!=)#BY_Q7pQ! z!qF_e5h16|yAE+R&c`fPR(x}_v1FWL1x=k^@=8!3>1L}7bav2k7hIVSl2oH)Sfi7A zt*#ZYltB3l$2#P)&FMAzxW-j@0~Bg5#E1!6SLx(wwKre0FX!f_wN)kSS?fOo?`@u27O}CW0tA(xei@vX)>U(D&uam!>axC8s z!z9A0F0zwe-GGaen~ytLtG=Bc%xVj7YZFPT1&h3^0(@me1fC}DR!7N>Zv8iF)u*NT zC-b~jx%10sufA0-9X|D8Yh}Bov2HWXwsJzAe+X=e=9_kTBUdg(R~%gJ8@2p& zYA$-;8PwqLiVSTF%iHrvw={H%<}j71vsIf1-q(c;T|Vo;xL}y$UFtu|S1cF5nif}Ui00)qyK6vy z3}{at3I6(9o4}86se^noxm=%@8O`6nAHMt z0|SG#lz@S^2WqUV6$P)HXAQNa_H*wD&M$(#2(dlEgi(h+0TD#~qSZ9FYhN4}*{f;s*W6qi9gfRSf8S{i3d$slojGveJpq-P92t=| zG22{4)poI8P3tVZuX^oRj;$8c4Bj~A--|GOu7k^`{UFegXeNu&E(aJv1(+O%^Lwu*Sq;l&D#^A~j%NSj!R4RTFEqYMne8bz&^A3|j zI%B^v)lG(p+gW)0fbOR43k+R?`n^gH_Gr_g*+v8XFjCHO+s?W_BX;PHO6-hR@7gJf z4pNlNWp~Vz{)^bvt%%b7X722 zt(gvV(Ba;n4cgaq5E8DOF9t&dlxrSnFx=q%8+L49D$Qun#uD^q|)42d*Uh+Xtahp3dJbGJV5_S8Sl1* z=AWnwjAd0PXY(5R*sU%k`#h1|_pShDWkOaQM_Az6Js2!?cvLBlWtO(e@B|vPF3f5&i91)N=2XhGnusPiIh0?+35avn5HE>crD^qvO1*f%Aq5l4^ zFw<1}2fg%$!l_oR(DGW)Ql2>LP$LIK%mqnZoD-BgGmliOu82Xnlik@(<14YB!$x*f zY2RX3slcOR)ie?zTU}GaND9rOVEh9nf31i7)Z6T@Oq3PjBw(InnJ7X zkYxLpUS+MmmwVdnwm5U^Rq}EgyZNej=`dcJ`0%dP{+D30kSg>c2w17*Mo28B4q3ZC zWY@GLdri!oNPT>1H)<+aa@&UcTy(=#)03RluQ`5IDC9#Nb1q%fmrVkJ6h8#f?-jt= zui0g_(t$-A)Vz0?qV4|i^LLd)IK|1jALu-^+fca;QANw10-o-g?o5w#$S&|o&N6J` zb%vzk%635ShQ@1$zkGvxb-LI~D(SnPN1sZ{( zGZ&2$f70a&Psz#5ps2F`sAV*N76KW@%Ezk}vv+|;&IiBh2w_@~Rixmh^!C}(iZMmK z_&|(j_8?-5&bor|M`efl-QyT|Q^y3HD4E(^3vy7$P4lIea?bo<#2@q!=iqW+C zGWTj;G$$Y^AW+hmk```3imf)+X&m;jfds9mXjh|~>C9L>=c{Xv9T>MqhSv{BIdm#k zC*Mr>Gia@+j zzyzk^H~=&>fd#`zrIa^Nfw;BT3l|iN5WJ|fbzZ@UR+_Fo4h{-1uMV(eI$xKe(8z~D zV`%0ai3B87wlF8QwlIj+&q60vDvx6t8D92>(?v^J*A>Z0kr%KNtoA*!z+t|en_8(^RVjy9aM*_&z)c*+L0np5iOduQ` z^nwMAuRCA@7NgEWc6Z5s=~Hx~1em63M+?$l!lVA`#tw)K5w^9#0i&ZUKf0?RjSqVh zhDa29uu;GEZOr$*tdAoP$#?B*IiFq(i>H~u>di1-|D{TOUE8uAucw(eg{3MgPV^Kq ztd5W{L%9dnZpST6RH}As>mIIL3U!2~_izhX&Yxaf_=U{y$XVDpDyxDbUo40oc~Ya6R>e zaE9++NdP;*nIaWjI|z&NDkgL~I3=nk-ARl^Og&n7K-5#n?C7tFe_-_jAlIcZ3); zKSrCsyFb*-!J@M$T@Qyz=exD30XGu>3p*G=?$_tT)Yt9Z*MlBWz7Ca|rXCF)y&qPZ zs&Qn9%FJY+56LP<$(-#+;LQv)9rnN5zX9w8yDC--*>meC-qcKYXDL#)4l^Asjm%24 z)zRtynbi%f+39%nOd(7)m!sPmvH5aE`eo@fcC_?i-(+ngi&7M(2Yg82Qh!nn_oq@# z7}D=76HNbANc=Y)SlE z5Q|!xs58G+F52*5(eTJL<55uGr8{CnOV9ny7;EGiO+m^xx;AFYvn~qnS;bHwKg&K? z?b=!ta}kLBmLc2Gbg&`o?&?R^(R}+=E%kQ&jc&n3uop(zH2t`j!F65BaC-o;EgWnU z#Y6?r-$@Ch(mBm_2^Ez`OOYudu$r2hcvMxAcnROjK;8>XAk^UgtFoq$$pHmBoD_ft zujqZ${68pFMVTBEGrwZh)qi;B9dmIHoa9NxUemO*o^An%&ekMXpi>w9_*L+Y&K4mB zjkqBqgFYm$7-rKo_WvNx(0q%sV%aV^f5#Tx{;~0KIq<%)am#*CY4=OWlv;aGG_irD zIh&n*l_+arUTynU#o8>w>f!Tp<2>GNtr$BDJw=H^t+qBzN?I)^4PBLAvQ)+2yl)&s zr=7~vM}7JMbqEY~7+x0(wvFB~U8=3n+{iS^z&v%02zZr!<1m_N<2igOcJyb4DGzxV zxXMgURaKNaNSRq4@ZpXLBFUUiz|-w(bQ@=ClfR~>eo_1?ma)Y>=VEX<1-}pt4nfkn zL{Pp+N8)zsJ@3&B^+k)yI|M9&5>-vz5u%n?g~>K7R~><#O+Gk^AysM1sjge3oK;En zRm|#CWsw{OOjq%v29F(YZzw;JJvClz>5_YEzSf$B!i6sbtLkKZAJf@#0C4}X~?@3`iqBB4~0Y{gs&{=poiIDS=?8#LLW6d*_kY> zFNA1B1*7O|ka&F1q#9+0n4mj=(BFO|xsj^u?rW=O`ew_|#F!g-TmP+BLxTcsTGd5N z(54FDkQ!mjUxeyLm_ON8x#dMKZRBv$KH;e>yzyoJs=Bz}u7nLTWN8zU^7L%CVNp>H z<&C%aEmvBfLg1>=Fjw@o$@MRF4ELX!g!W|ExrS#^f-kbz%;!D$jnaMK^>rvVqTeTe zn90nF0mZHk-BE`56l4CLM;SlogS(1!TmFSxK#Xsc*HeLzRc|D3;V{v@JM{6)?x%F- z+r!4|4xWc)7(Xo|Wf5+30C~+dbrA0ZRt7EDBKl{0iB+nl%d6WAf}!p8t$s>I5E1*3 z)-OVxC4Xz);axl%nB{+#vZ$(NRb`j_=|_PMlWg-(t=K24J9&%Nw%uhOsQ4678Z{>Q zymQiT#RqXswppoOIN&uFwWh0_6T;gfkYjMJ z)jRx!ed&&WO2=ZzQ^~-ipuF!&fR-i;fA*c{-F4+9efe{|4Efv@$a%%1+9);seI`zO z1Q6?6O}gJ(l*irQe=37hbmwI8%gb9h?C~iV54loFBhx5kV6GK0(p8I^?2#b>sT6qm zxf4WYczhKScvJy95rTL`9@G<&F*k(`?y8L~as#rYy@)>d`TRzOey1oR6$B@9MovD? zxOU^DwQNSY?B*9L<@KgsUv!(*6jYp-Q>XT}bMZ&Ghq3v=B%e)lblr6v#qqlE&WZt~U?HR*F?<(geD>(0c`=UpM z?v($cH;T3RpN^jS_9*2%y`mlILL+d>MW6}Wa9O;b>v%3X>y{hL&dsgsj6}|KE$Y;L zhW~U8(s@sJfYv`scs}nGP2Pj6Sj$=&y=cCG2uQi*;Nk*|PBu&c+&Yo4)lD+c4 zM4yT1q$HFvoTMeizP`eW&HeQ@v6%WeLOzoZ&&|hmO!X*y$3DD5A(iye#N;ESDw5_lqxF>c_ zJiQO|2j|z#e~26qoG0Q|CVJKD7IV^FACqPQ&o(0C?Ot`ZmK?6Y$0lEU?wv<1pQAq1 zPnG(z4D}V$m!7}39f}83Q<;*A(pOUHUbPIxyV9z*t3V41S;}jj_2DA>|LHnqj61$Y z4F{x-&s#;GSuJI*t1$U2GY#rg;YRV9m9U%Mx1(oCZ`sfu&=bVpq=e?qw1B=s#T9@? zRd1f%+yqb`4F~5m>HLL#U6#K``~kAJEX>10U_)Lht*`PA&7!iz=!6sL9CY6oQIUoO zl57`Bt7L6j8#|uQvidL%dU*Xji-YwCGKfFl&{s$Ez(C!wSBwES9$ z`P(E>>M~)5=1=*Lw5{>L=V=^dE*-Y!_M3J0VVj`J^wmyP$N*W| zIgo`%>KMSqvf!(+0dXce^W$U;z^DYaoTHynyvl-jhtnK*hZH~%w-&mYUz6$^gWD}& zu|DOR3ll9`kEYAd>VTH-GB-}>_R5&=fbei-T@L;en|gyW_8w^%!Lm6@3B0)L@_wQ& zXv20}Sr{LhTL!oEM)DrAj^J340K{#)E})p1n!N}Syr60(T#!zy4;AKah#8bA7E39g zTk`lO1EwW>*?p7O!oC78+Z2eT90N;s1_G`~Hvyayf|tcrBoG1KZxZ}~kVw0b<=n;F zd=B^61AhbA*~T84!2RP8`zmY1Jeposa=L5{56-zuti}^KHo%KU0xbh~)#4vwWN=!l z{C5qUh^;ph;YXP&fD%F$Mp6hK+BPqA9J>6c;AibFlE?`tqPFe58}~sd`td*=rFafc z8AOASQXKXT5&6(`aCgs6XdtOidQ(0{7$=dpRiEWFm;5>TXqX`PJogvjgx4+^{+*da6{V&!dSSfaL9;3fsVT>%wlH~KCT3l@4k!q6jE zN-sGQ20XgbfiS-n+IxgUaRj_e4RjL9sY`vD9~>N`g===0x*xTV9OhMjd{ zALpT`qF{F?Wqo+eha+4)UiG1s6(R~W@`(w>Nvni+lSkU|$goU#w$AB6GZp?l;aSr+ zqYlz=Qp0@5=BFTQn`+;?sJ%6sLLk^iL9I<+_|9iu{%o&%K><<-0*o49hS$eE#xzaM z{Ccd2W*joOciVXQ+1pDP|Bh*+7_}z9{Rv6aGYTkf%Fp`YpL?om#*0!YZ+-!{UAe}D zCQe_IY0NCEEMB)E$xKofD&CD!s=XXYkEwtS?G*<1t8Pgb3+z{rCkO@9@js+tV%?uJ zqYM9D24H23egrjG);@v>4{o5xy3KKDERoyJ1&Pgd2lL!`2QU=3Tis8b*;>m3>4jbwb-6*tP zxc_m4OA8anx7`udCPyX$HifZ78`9X$4Pw(w?)S)OfG;c-Bil~bnZ00kBqtc)e z;b+PX7Hp`gcG>F9o=d0mCn7CMeLPIpB+ftFV}NjidMWjzL+e_!n`0G3E{Ff*)2~Y% z;p$86HuvG{=gUeSD|lGc-hQKjYa3KPC)r+4ntBrUEkV1;1#TC)_17U(y|I3VkQFff z?dfj+732N!j0f0fD&t_AEywl+-zvr5@s-PPB=DcrB0tYfUclhZQ$nPb36`Nu-FgUr z!-0)y<#(MheK(1yDoP`-3jyR06bIILmugy!qIcGU81{G#ZepQ5{!Dqz7k&tqwO^SI z9}x3p?byG?KnB^pCJ`+|$#Yf`n&BIw#J`!})9&SE<@~dL3@k5^Dg%f>m96$3F{2JVP zA7dZgtm2=`q0$Z1opmu-EzSJeedA5r*Pz$zER|1T@>mViV~mD2FBceL&(=b}Tp91# z*^Q2luM0tIEX+;z`e|O9HYn?oN`{snK{7m`+49pgO$Q8*ycYF#=ybz^r8tv{9(L%a= z)UD*>@jKIbtRJGT8`jDA*bi7&G#r${$LB5k=&-ak{mn9lD{-q|@)+pqdL5Ks%d885 zCe%Z0$qk@`c*MxSv|+Pszezh+h?jSITxH{gEWJxT;f}%tv(R6kjKts_8^}gMNO_>E zItsEE3>HMYisc$U-RC17TiUjB&+Ea|Io-?KWk@3>3OhoL@B2Y+jc0j8&@)laU;%&f zv`TPhLCx(}XM{spO;{gr>U@j)c`X#Jg9%{;!cAm(7UkS<^L+ivC zNbWm@5elZOSgbVLWU{%;$eY->b`)v^0BuBbV8EXk+-5qnk=z~RT|^Khu#Fm7bt6N0 z=ob==(`wjt$mFi&STh!Q31sU)9=Z?sq1Uc9bA!p1_D&uEMoEVBJp9r*Xx^5F*0vFUO1 zG^9%a^}fw#md{{KXrxxb{Yd-p<~+9%{FCepg*}f)>m2W(E2~`Q_0bzbE6r#)d_$Ur zq$N8GKMBK2kx43C;DLk%Sn*%-to`zl4P@!Le*!r%1st#rR~eae_w;^yltv=jt1?}< zT4eFh&dJVSu5Z|$p`O?Pm`#Hi53V$eZBW#oS9mrcimrIg@?}u>Q}$HsGYN$RB2(8o zy8v9Iw44S|D{J#*!=){dO_ERW&5BNG;jm#cSr^_UbN+C97R(YMC*Hpm7sRJ=gRw2M zNPFwk0WH{A4~fT6S1L=n>Y0!zlD9&znNW&B)elnk-FvY({Q-Wr$bzJ)kW`)^d-MPp zHx&t)-xS=n#~>Cwy=0)sM!#4oaA%jwi?WQg@aKioT&6_>58boZ)ErnQ(%p^ZDQu@f zKt1#L1IFW;hV&p1>LGID2sCsRYtaF-AFQVr^9U#zPlhmj+o{MVQ9BQ|vt-98(3!$( zV$QUSB+6*)Xj(BKFSoaem18Kbf#5RwhO|vGui@;*t8~(E5_i+vhsKftW<7Oa31UWR z{fG|&meaXS+hQ4bRU5#2D?^xA`|+fF61U&uMVlh{FE;}V>5~b+;~dw@WAmewxfwXF z*Q1khE$~Y~DWJ!usZa>7fnl8W#BQ3Dj4@xej^gx==%k{wl7`Jx`THZLAf6QiqecH7wZD4+=JVu$01N3?HnbYNlz&goZ zoo-uOTl6l{nIF#+L`}CLhJpDHwJ)+uO+QjC%(X1ByPDGnm$kdGXd4eh)3m!VClC=~6(Qd`b)r(3)p-Lt%_|S%=C|%K_kC_mK5rdfBR)M`6d3zd2+qj@G68u^( z-87TLOjQY?9wF@)vVOLj=Z=3`k)x<-#&xbeX^=(x2LOE&^fm#3kiR79(|DVi{GY%M zqHH~Uk)n%|81EEZ(aG9#i#;r(iv_uwj;H^q5|2|(Fg`uA>`IVh)<+FfV(i;8lU1PQ zM4O{Kp+QY*IXLWY$mC4OKT9quh1JBB*E(|6k9^x|Dez05F$O|JZFd_?!c&;om0*r| z_)4)P>`moyV_EP>@0aLI<%$qAqdB&Jpm!?#l?KT~gMVJE;G>d+T}6+EZScBq6VLMw zvC3LiE}`;BqY*ER-zMPuqKJxyUiT?9zrvoIB!5>yciqtx-|rvSUZ2{PuAif5SU-Dz z-A2EX9pK_ZoZ-NcGKO!V-&@m}h&Cn!)%!6MPfnb&v?SjKv7~0}` zi1Q``-Dm{cKG6C{&Xj@=Ap56MnK5$+)n%N3;-+yuoc?>M7VL~LNDzz zjuUD!ZL$219=^EjhCA9ZQ;iCjI3i7XY^OPv0s*GS#5x(*P0PAFuT+0OC5=>ze*#qi z*Ep)DI%^uQP3~?xpyrBKaZh)8rwj5|q1Mw=m6s^3eM4eI|Mb-#6Aq)Rse`QwqQ|DE z&74cX?-A{C%_>`4u}|hW23G%#L+!Dd7l0dq>C!q6c6iSegE5|k;*>cn)%}Q{M3DW& zkHHh;Lg>Ds8FbfF2AgYIeB2E!iathK0JN^K$xsIuQ=iSSHuP`av`;>7_@+z!`mx0{4DtJ*hQM*daH#s zJX@{p*T^WKXS^-(CFxhR6?H8lnlm14=wuSR(O}|dw%J8#w?8l&e~Hy&XrN)}qMnx_ zLD`&2m7K2sPwbJjIbp1>JL_F_GRn^TVHhj;q5Jk1W_PlKgM0tw$_VmMUhh_eXM+ds z^ug7N(1r1pITqowDct9W!FRyf&Gl~CwyO0zls#wgRuhWJ^%vBnqH(6ZW^A<DMux79U-v zVAK^$&58Ng23Ag>SVpmt&(r;OfqvZ_Z%&w->OP^xyzbSK>-6R@I0utNrKVg3FBE6T zT+r$xE$yN)tvyGkMln|_2@8u$d#k$kA(eQ z41tjDC`daS-J`pQ_IOv;f%ABBePc9^k*JcZm;d^AvIgHfV`4u$85+IlQpEPOUR-GX zcvWqhNsX*Wh=k=`*<60m!NTVFPtKkE07`;4QJIxo9>Ug!ySo35HU#xf8Zz0|b7Sq> zzItDn=DF(VAUt{Ipu(dUZ=MWb$B%NGu}2Lp`u!Fkz&%h6H$?%{U{$6jv#xxzX^CDl z>ci9Ks<#>%jB{`nY39^V6e!xq`(d~h(o4~hl39unGB!nGr$&b8WsG9!yl4EMm zNlxPs(_>yts}z7ZnEH*(o;0b>m5gaRYk><#Wsb@*z?4&r#QH zHp_gE$r<{(kSAhMeUu0@erMEbx{gcOh#+SwS3$x#bq~Xp=S)4s(>=7#Y2IoRk>@>T zOQYxr$}_2U!^|03R~NkBr!hKig8m8m7< zV{YaCmAv_pSlgcwx?@_taZ0-K5b^V$mE|grf@ZYsueu74y`Z!N!8f#drlIUE0m)+( zG@JZ%J4ZG_A;Aq$Br@h>@Cl;45)q-sxxr5>5u#RXjZ5r=WksiT!ehl0cP~D|{Uu{0 z*T1@;6;LPNm(Y%Lk*&7tL3puKu*(Dau24+ z9Z3ZVYi0XLzp{I-VrTc^X7Ertz|Pt&FO?wQvifq zS!qM~n%bfwo?G!MJW37x8T|La;*V=F0e;MVIP=n@J#G3e{xKgNS|6QNZ0okGpl6Xx zql7OMT5ZDCCKSww-?VTvJ%81;V4~8J)X_@}b}kI12LiBHML$rzFm+9eR8YEV<&&oN zl5FT}Kw_k9Nm%KB)|FQN{nDcg9#~3JudMnDSj6fj<%$@1g{xIx(}0P3`%TNPDijqH zQY$HDU$RaeUbo!iP82Xm-D2#)#5zejtqz$*dqp2SCZaNoDvc*Pa3Zd3Ozv^EJ_I$p~5)bYly%~@J)`>+@VgR9)m>V z1s`1wgq*d@j@>LGEw9hXWj~~LEdpiD42GBA)T4i#k0e}>v70UvcIz4+n8o`9ap3dMpai-S! zN6?#N>bAIF1iU2u;k$8{gy@Jv+eIP+`rfA*bKHSmNjlI|qt%A>K>cZrHg9<2hk+)Zj>{}c z=iIQb-jO)J?@zw|ViYpnY z4Bf~#%A!E}*RW}%w`hdAs^a1Lw6si7L<99xqRU`Q@yH|9+6?;%3is+R z#q7!>HS9TLxF}!Fs|KXC1#3T3!*V(1#qUOsbfwO6XM~825yv)i3WO81cPojirtVe# zr(J~Kd?M?N`}83zhpMC(KfV%Jmfg+a4d&!;4k1yG%^wsS#jtQf@ z#^}-55(||%GMkOt7^;u@^~rAlEk;@mg%zp0hH)*(fEfQuosO|UGf8&9Uyi@YT3|YN z(TG7N)l>r$qfU=16*NbpB}GV^D#A}`?)leeupmrr|D;kJkPDrm#``$tE>7z9GE|G} z(3Xp^o*xvu@~PVm$l|g^5(t6-iDWXPvAvI9+Wxd!t5WKQGVd(2{cyj$fbkynEgVikU%VuCcZ) z0hWAlcIZa+grlbMn8f-`sRw2rZL6aQ`&C<)+Cz<;8zL5K(|lP+06Rvo4CoR|l+^yw z>kF*Fn!Y8ml(tEQ8eX$qLa>6mjgp#P9OfGFPRCB$Ju_PS2#!Jqk7=vC-i&jdD^i>T zCx(Hr+M|V}b=7WMJy_QS?HQJ27}mfr-yFW0tNr$LuReA}5u2>kYcN?tcX0X-k(`ILEcgv+hbnE&u>6Jl4h)Bcf(!|C0+@3Ku-c)44B&7lRNFA;9RSv3-oM-3clpe_}Ev2`bbE{I&4#8 z6^A&&t3S#DUZEc*AAwz70weFxi$t+ss-smtk6(}E-Rb$wLTuiM0DrJv2pAkXgxI8L z8aVOSm=cYO5HFi5Rq98`OW)J#gQ_=#Xcy`Yh9 z#qpFYWOiAHm-zzB5Mf`m#cPHuw_0Jh;U?a zL%FQfcUqe{I6!{%PUPnYQ>g48UX!s2>T)#LV;&f}SZ|tR4$|NH9Jd-I#`3NCP6?zL zWe%z_-gKx+YRNg$n7!=ZjkeLh@M)7mbom2#Y6?-zKUDqo@rKy>jfOD0Vf|kb;*3e0 zx#QXK{Cn~88{?}7fx_eE0ovtrO+Vb!^Xedc=Jl=r9jR_LW<#iK4-b?=pJI2)gTXp6&u6?&Rb=Hjo_EiI=maXZY z^D+@?7*{2b29gdP*eUFk-~*-@CQXKTXUW95d6-&cXr0)yMuBaQ3Jb0DyTM%$=TbbP z1JSA3LAp~>VZqeFmEP53my{jRmGMfPg1)J{v_V_$T3hL`EB%6hz*Ly8Zf&6>oCqe+ zaP1hWCb#jtTG(D*q+Rr2rIrO>>M$-X+B&+mfL03aG|?Pw%O?*;+y>F;(79E_uoRh? z>Qens?Bk@pLQAS-YoTf%A_(wHO4!hrN}pRa40aqnG9WuTck6JMN-S8!bL!ITsj?*A zYG6NY@$HK$;*I8yRVzKV(n=V*S9q(IRj>h`$cOrmpL4cscGQj~W~Ftj_cL}$j*zbc z3qdy*ptKVHnjz(6%)`cUOO#OjE?mF`O7YP3^&=g@o>Vr%zawfDXKzYT?Vm&TS8rFk z^?&NC_xIv3GVf(6Be7Dv%kt2PAW`mhDdCRtFSU979hSB@v=GiLAhCMAapO@QY5hO( z4?>RVEa}HJ;3yo@6k9#U^pR>pvRG5I-O1Kg$uI(Mgw3){h? z!~V?ffL=NY?1fF)7UDoL2UTn2lSMHRKws8gUe6^%+FN0@~YZ(>=Gq* z{k^Bj`kHSi^7yh_d}r8?M7z0a6v&O|j&UNp!+)B0bmM~DiU_29dN4`{59i`^v+6XRj z8U~ud3Bd4k@Of7vDbZG%LKRJ=#JnU1#WO}(aIO%n`V4G4NkXxCP=eD_%<_WyTycgw zP7Fa7h4^|Y@ju;KchWhz{uG`V_9R_FT96 zLuMgH{%xP6UCmQry)Tb1_86PZ0dB|?Uu(o|Bfm2Hj7eF z=++#q@dn{hSXXp zHA1EnItpT1b5{l<5Gw!u5wG87^kESZm@24jgL zgv7^di2p}BXB86%_pN=jxH}XE26rg#QXC4!y@R{E4TF1eErmf#fda*?Kyhb)LXqMQ z#cc*DoWA)kzT{k-yYs&|d9$zfzFEnWm7SH9=lSVgsd38s!6!6k<}`a0FPuEKHv7BW zBd46cD5hn`rN4QiccgkB#%eti}m?}B3xSa zc$4ZrdMlUP^zeGJ_n?(`D|HlO=L+=$uvY>ttb>MPVmiis zijB0F3~35S>Xn-6zE8MM6Az&_(=vg-K#Ik5`6}>p+9Zi$H>s)qPqqNksp|Do@JYCT zq(uymdg5lMb2_kDT3EY>>3qj~lbEEPW&H0Z$I>Z~cR>T~Q)oZk&v**0SdG9%_hKr3 zcR6Jp1+$fO%yj(MNf#2vQ24;phtQZcKX(+P6D_M}Qxj88t>b5XH7NYK@aL0=OFqTZ z_q#D0@dLh$_{V?JXvtkUQEwrIJne$3q!bLbGr_DTY zIv|K!*!YKbta)nn;U8y6^TuCy8C7C;2?b%vYl_QmGGcWH%kA|LRYxx=yc5%V8tU4R zH-rHtxZfwqv;Ph`zP1BRgjXxg52p3H^kf(0lJ`6jc53V9Zweq3iK!oZK^JToC(ccx zqkZ|b{GN(wkH0$;vnYj|-htKUl;L4x)8AAZnTYZa`ej){by1B=Iim1q#7?Cav)My> zu%lncMa{GdP;}+zk;ChyZ)x8^g&!^N=O;&;^OaA#R=*3`H8kp5z2i~$9{Txq#c8dD z>xL&jEl$WqN^DOf&=|ybuVWiT%)3)Ddn_KW8N1o5DGYHaoWtLlC<)1e)+LJcSbY0J}(7(s*3mszbFaDc z#id4gu6aFebu7W?Ku+*HFF_SZn4~f`afDoR8pTmG-zXNK$#sW+v4Zwcqg>yJmO@Tw zGiZZ09?9lScUqq4sMg}|6U|GtFvHIF2qk)Ue*vEDi7K-&Lvh%*xgjVtIi0+)SeG}T zJfmgxwyJzhlQz<}S;m?+JdFy7YkWCKA7?5^yBmON8I|2nPuWW^+iYP=aJ2ykzp!=$ z1lKniMwY6V^IfxdQ7Nzy5?cx(qQYWEgtf~R!~!Ff=3FO~6XT2s5^?GL73`DWygt*w zb%D^NKZ^^yy`Mz2FCl#7R45-@=C3J*;^#&}S5Bv7?BS))ws{Bkm zH9p-^JkRJ!Yz|RQ^dKL#KdXt&Y$_jy>q%2eDvf;>qE^PkYHGT>9kHOAkTEJM89{!v zA0cjSn|m(FzkkVhoF|GFXFpuQ)6fJM=0&&3po9-~(}*9{Tt05#ubr+}k<$^e!!Z1B z0ZG}Hk94!o7ISVA)IGP}g%hi5pvcE1TRr)|0VfNKf8&*JxRT)euFr~rQ|jtb zP3R1fOH*EXctSsZO?~SQ=y~#h__;wvcqLzP!eHydXD-T-Kdmjoy%ky16!u~&{T>cn zpUjr17E||S&x}|)uoyH5^u02B8KO9$s>6GiK9cSLp%#JtRrqe~1Ecy$5eNs3=^cxz z@6*rY0~HRjK^+EL@&uG?FHySu7H?a}X_Z~E3%vHz88To$MkjQJ_9C{FlR6td>|Qm` zG70P}4stg!+#idhDB`kKj)kNYe_e2d>zR@T&F%@jjWRZ%4dqvBwre)Fu;yKIf_S+2 zi?^|VlsxOUsB~9|eXRBC^O)Q0qBZFE&|B^rq12RK1~>QjZP*d8Av=mqghzFh7T7~D zZm?Yf)3?E8)p8}K;5kINSqTc3+nbC!rM$jwL96cVl3S~v4Wx9_ zev_pa=sT9R$K;7|sQ8$Vz~LDkX*eq(0^pYjSwz3f493uY9 z==Y4u_NL!soOy>J8Ou2+LOa%6BR?ao4(*3QQ2p7smqiPCI&LhS_V8SEc61|v$;ZDv-3koVWGnF-GrhIXCgkxw}-P<5N z>Y+t!=DW0R7MXyw?mlRr9<<1xzGHERRYt}5T7>AH<60XH3#VN3P!|_nI8TShkClXd zO<(UFWlqLuo3Bh>g7z?rE<3%hsMtqO6xI)|M5@}`O87S9PZ7nV@{Sq(rV0XyDw5d# zRe-nLnVK)&dtpa&;;_VHI*`PZPPhPX1kv~?b-1rxtv&==&h$}rAsl)M!ULR%pg?g2 z1tlEj4*s9ObVj8NfD1Q}cKf3ula@~cMIbj&OhZxT$W#>Ez?0A*oJYxDqS(~@c8d=< zi8o8Gk!(>zy2zc$1niI2Q9N&p*JIx^J2w?IGetNr;8s{Dw0V4}dBd`)9iXs`MpcgF zMFJR##G)ka=E*!5`jW3QMDIlsFR8hr&_I*Lg9yhc$0>JQ?(`VjX&_86rMTfQnMqT% zBxkpph$b$#@Ga&g4d%(+Q*6LtejqxJ0Py`Z7q#`0qX<8bhz}j;iu2)?eEIDl;L(XB zr)}ESQFi(gxN*nsmMY0k@M19I6)s90u&oeEZ*_QwC5a7vK8;zp(p8X@u2iFY2h+-x z9U~ZHou4SZQpIZt{JLOJQCFfJGk2cj)%)g>~R_81&z#6=@!XfI*`63lc`$Z08oW5Ln=ZmmL*7K zjWwT$GI}O_CEj}=Unmyb+ge}ZP=}xqw@pc;5g*{z9x<_IptMJ^WG1QL>?C4NQ(nxx z-#>tSz}y;9ooqFiMCXuuiW$|W6m#6GU`P-RZ6Lj5kvt?ROz3#dpa?kF9YH-;M)C!x zTwY8whLa7?ohk{DpqG!aOzF{8&d4v48grc&{rF|$P(MH_bNl!<--J4DOH%B|pGfgv z5|#N0wBo-~WP;uO=~h&HHWwT!9x_>v1J;|DRiY0 ztvh#!{$Jnl02OJ&CDHx*vkgkZn4ObjrXYz5#QXvvZ z$D0xgT$_5E+jM0UgkpwKg)Yw$lNdMPb-Q2jJwexO~1+p8j zr7Sg89ZK{Y{$MWXuL&K;nRGJb`&41AFJbA3iv#M=@o0h~tT?3^+9n)K)Q+1)NBQEuud*>&>uW#Kcw+S zgzmBD!r;v2RCqxZJ^MW5h~K4x?19fk#2uqFC!cZe0KZ{qlB-KujWVK=$HXEi10|KX zk)B!lYu0{=Vaed9C6K+JszRxZ%lVfe+GK^tv_4LUzAsr6zjLj_ZyVpZtN7e`1CT!3 zaXL&o<(!RVOBw{B*C5WLrHHQ%ckMP`cF9hUSy1~M#vD$}d;tv7ZI4viLG2r0yp1r} z#k0a~pyb12pl}{|s?dJ2Ke_nq+ZB;@rOWO3%4tsf39t7mueXyh&X@JO-sufqzEbdg zHJG5LvJw%0OWT+?;SMTXCzrVOH(Yx2I4mhR;p%u~--s}OKuQLRK-)dlWj=53P8w@M zMQ3Aep)i-ra}}=W{H0G1e1eYqw1sWdPsHlDN-;+cydofx76K8^^ZfjY>Tci`5pj0S2X|8T)B z`Q2i2nvXxQaAOHZQdwt;O?)O9_a|`cH;)LBzVg91xT20`)rK=m1zh&?+#LHzxl*Wc z1V?HDhdVi~LT!4GvfQ3tx}TlBdp-}M(^o4<=-!s-NLza7iHd{n&S}#3=_cI1i_p$d zn$iTu7KYi^ufkmw2b13&{BwY@sXeKL6hf2N^DyMx2Tgsysh3_t>3?`rx^(+eeyj1- zTjiAn3O19cu3{1n;EIZx0oXEM+YO*)m^Ra!;?$!KENbL%xBPG+0*;HVTB}~%hp(;T z^iouYfeO-)wEDRn^pD=%?5!z9XojFEUNEsI>n*sT`=?o$=OwOEZ0F79-ezF7EE*j z1Qx`;g4%;3O-z+QzDqNovgTZilh1q4X-r8a1BdQRCy^)eg8#cmp35s4lPS^%Ay7cE|e zVM1J!mpg{@fHz>uEzs%tSD}hs+6s-oAS}+z;p#bt?m5OraW9U~0h?jm37>xaOa)bdZosVnYd8432uHvN=>O1q&`07zuiOt}tI>JSk-P z)HS_-5I%caCiRSZTFea>@~|^U(+VCmgzNO8&(@A};XcwKyn-!%^^!jHg_9MLXdJ&= z!J9`e8wwdZ^mZwtD3KdzAW6UJ-nRmh@3e=M4T-HM7|!^|r>P8MT?Ggw!(SaqcxERv z8X>0QNh*v9>Q-_TSEM{^?&nI1u2R1{lKIDDuuIc+sa$7r=n4pmecD)N0d)4D*_dZ| zEY0WPuX-(i#(_*51#*x#KL*li@_8GUE}Dvnh}0B1;-w=gVVM_h-2K5@m;pOzlTgKN zudbsG6Jr&&qWM6F%dOa*Q!D(Wz93%DDFdQU!6PCL6m6v0gEG7;?NRzV^L*l+oAW#) zy?Zo;Xf7u1j6%(psUJ`-=7y=zf8=p_n^!7M^eeyk-WuxDD%JtiX zM=9IMWMH6_#&Zk`O-DDi=mVPcR{K6jN+Bu9nQao<3PLiLb@><=4XT z$;>acLuWg4!*Md^94q&xDG32n*@~b$v%+|qWaG!&T#Mq`92g zgGr8|!Rj;^l~x~Xoi%ruF{I8yK2DSU$yNV!MNO9USPbF2GfB48RpnEvrE_PyZ_zvM zo93n~v@URD{RD{Ad@wk~yG%pCvb^{Km(ND*wOP^+kPx-!lz0n5btBKCw*KDIuBg85 z1HRj8Gl$Q!(wKuGL>w0S30B8L;56CxM4kn?3|MsAEnV2wG;^yTT?nsY?F5Yc%d&ck z!r%i(xfGk6piO1iiWfe4%%&^)UK)rgiL~4($535CLg|BQyFPPt`5jvB(tH@j&U}vsz?oao+V!KDy&i~-vI1fR@ zUC65_oEW3M;PC`WzxZq3pj!{3QjU%7qZ1B&k9B}Zg|-ghg{;d2(G1IWE%VU=Ec)dB zdb++#)u|3Y8kM6(8Ms>s)`o)-RQ-;Ee#YBAJ>*)$+!{`Qy2EN4$1ZD9He85LUmD!jE3wY^z;AKS1GfkPtP=+gGryx&59 z*ZD>`WegB^W`|s#_eZDsmyphLLLV5X0WRJd1@X1LoWYz2X?NmGU$vL=#dm|>p*gpv zezRr2ARCP?(@Xrex=3fes2SgXZV+5jajI5;uPBoG6VD{jN6*wZm3|Y7@}xTeQCn*f z!+>Rh!U&h4c#2S2k$cY+p^!GUGLS0I`(A-0k8>ssL+5_zwl1*RA{{ z$}kPMO61J%p7IEp0!p;F`QYUN%Rz*;tJ_2t*#%!F9~ z&9Y^|ekB8g}UwSdG* zv!QtcD0^I^LT#9wq&@6G#x|0o@LrQ*Ovh#;SPme z7`X%#AFaFNyq`9Y7WFbfoutv2F$-@KO?wW5LHBOB+$ zZwL!Z->IHa_S>kWsRjJ>;nT#j!PiH4+4-JM=E%O^PQDgDZ9}TmIjho;#1x@?KakC^ zD2I7kULVjju5cC)Ck|%7qrTHL&5AEiS{LXS*x51EHyWJ*y;1Ak{>+4Xl<5`Syj7t8 z`J930-4Dv5i64`URoE-9apus?#cOzA?e1u@@F{&Ha=(RF-!<>RY=Rp2-)a2mQ1@pS z3exayVrGyH0$47a)0593}zGf1F_vvvU*{??As^N%xFz2P5cFpTOPACaL^o<2(Y zsa@ttr9ESmd@l-Eqj!`}ya~`Cwn(oxz!BK=pHT8>$dy+`x_gv-u>^xPa^>6B{FDlH zWiNl<5s=+jVe|Ft z0TBR9DX!ZG*0Xfe2ru>sCZK%Kx6+z@6q%?_Awk_syMxwca{SE;bL`5TJxeV;Dp!-R z5*}~niIVs*3ZFaRuQ>D@1b_ZU5X=%XOd}Uy<|ic_1EdJ8yySH$Go~fvvbx3+RQ(Zg zO}RcRR~;H8Iqs@=mF3hP;HhMFk52L~#bO$8j=gAdIxf35J4ofQYP^Dyn_Y1EYv+sL zbaEpFMTql+Ki|f$NA`LZ)7B6dlQJ|xV6k_Z+xMR=p4sgxY$9ME6LIB@DEl+?7=l8B zJ>(V=?UPieAbg=T6$PP5l=4^)Gp3e)uC@h+wsmB)6by zJw87Czmxdz=lL%u_xTwWNt!YK4(TiMe}bC(f2W4EgRQl*x38-=PoSl%%l{4q`X4m@ z|G@v}6BOe6Z~SLLVSa&s`Op7}F8lxdXWJBsbW%QC^eeGJGYhsqwysJ_Q&>#nKwvS; z)^#o(LxbAw?}gB=cPVG<-RaB2+jozFYfE=iyfUE>NhxKf53aKs)zvy|<87u>wY0W& z<`rya^%#@z^G~))t|vM0(V+c0t+kiuNG26G$u=zJgyqf7)V>F0t6aja>ZGP)3ilS{6ucm__rT4Le=l=au T{u8bEZ;gKy_*a4dumb-D#A{fY literal 0 HcmV?d00001 diff --git a/exe/XSpear b/exe/XSpear index 34b9988..bcb4f07 100755 --- a/exe/XSpear +++ b/exe/XSpear @@ -36,7 +36,7 @@ class Parser end - opts.on('--raw=FILENAME', '[optional] Add HTTP Headers') do |n| + opts.on('--raw=FILENAME', '[optional] Load raw file(e.g raw_sample.txt)') do |n| args.options['raw'] = n end diff --git a/lib/XSpear.rb b/lib/XSpear.rb index e47491c..0f35ded 100644 --- a/lib/XSpear.rb +++ b/lib/XSpear.rb @@ -406,20 +406,20 @@ def run r.push makeQueryPattern('x', "\"'><#{t} autofocus onfocus=alert(45)>", "<#{t} autofocus onfocus=alert(45)>", 'h', "reflected "+"onfocus XSS Code".red, CallbackStringMatch) end - # Check Selenium Payloads - r.push makeQueryPattern('x', '">', '', 'v', "triggered "+"".red, CallbackXSSSelenium) - r.push makeQueryPattern('x', '">', '', 'v', "triggered "+" (x0c)".red, CallbackXSSSelenium) - r.push makeQueryPattern('x', '

', '

<p title="">', 'v', "triggered "+"

".red, CallbackXSSSelenium) - r.push makeQueryPattern('x', '\'">', '\'">', 'v', "triggered "+"".red, CallbackXSSSelenium) - r.push makeQueryPattern('x', '"\'>

', '

<p title="">', 'v', "triggered ".yellow+"

".red, CallbackXSSSelenium) + r.push makeQueryPattern('x', '\'">', '\'">', 'v', "triggered ".yellow+"".red, CallbackXSSSelenium) + r.push makeQueryPattern('x', '"\'>