From cecce3ffcbeb5c15849d2cc628c510b7890ed1ee Mon Sep 17 00:00:00 2001 From: Vladimir Stoilov Date: Wed, 14 Jun 2023 17:35:09 +0300 Subject: [PATCH] Fix ebpf source port, add event validation and simpify tcp monitoring --- firewall/interception/ebpf/bpf_bpfeb.go | 12 +-- firewall/interception/ebpf/bpf_bpfeb.o | Bin 43632 -> 42760 bytes firewall/interception/ebpf/bpf_bpfel.go | 12 +-- firewall/interception/ebpf/bpf_bpfel.o | Bin 43632 -> 42760 bytes firewall/interception/ebpf/program/monitor.c | 96 ++++++------------- firewall/interception/ebpf/worker.go | 55 +++++++---- 6 files changed, 73 insertions(+), 102 deletions(-) diff --git a/firewall/interception/ebpf/bpf_bpfeb.go b/firewall/interception/ebpf/bpf_bpfeb.go index f7fe5544..be2d6d56 100644 --- a/firewall/interception/ebpf/bpf_bpfeb.go +++ b/firewall/interception/ebpf/bpf_bpfeb.go @@ -21,7 +21,8 @@ type bpfEvent struct { Pid uint32 IpVersion uint8 Protocol uint8 - _ [2]byte + Direction uint8 + _ [1]byte } // loadBpf returns the embedded CollectionSpec for bpf. @@ -65,8 +66,7 @@ type bpfSpecs struct { // // It can be passed ebpf.CollectionSpec.Assign. type bpfProgramSpecs struct { - TcpV4Connect *ebpf.ProgramSpec `ebpf:"tcp_v4_connect"` - TcpV6Connect *ebpf.ProgramSpec `ebpf:"tcp_v6_connect"` + TcpConnect *ebpf.ProgramSpec `ebpf:"tcp_connect"` UdpV4Connect *ebpf.ProgramSpec `ebpf:"udp_v4_connect"` UdpV6Connect *ebpf.ProgramSpec `ebpf:"udp_v6_connect"` } @@ -110,16 +110,14 @@ func (m *bpfMaps) Close() error { // // It can be passed to loadBpfObjects or ebpf.CollectionSpec.LoadAndAssign. type bpfPrograms struct { - TcpV4Connect *ebpf.Program `ebpf:"tcp_v4_connect"` - TcpV6Connect *ebpf.Program `ebpf:"tcp_v6_connect"` + TcpConnect *ebpf.Program `ebpf:"tcp_connect"` UdpV4Connect *ebpf.Program `ebpf:"udp_v4_connect"` UdpV6Connect *ebpf.Program `ebpf:"udp_v6_connect"` } func (p *bpfPrograms) Close() error { return _BpfClose( - p.TcpV4Connect, - p.TcpV6Connect, + p.TcpConnect, p.UdpV4Connect, p.UdpV6Connect, ) diff --git a/firewall/interception/ebpf/bpf_bpfeb.o b/firewall/interception/ebpf/bpf_bpfeb.o index 643b21ba7f6626842ac0ce7336d8a0e608b09ac7..a2bc593da2e3f89cdb662f341d25c4140947ee49 100644 GIT binary patch literal 42760 zcmcJY37lL2!k=fKtjY8J8W*YUy``p&6S+o@Bh>ej6uy=dFc8`9~NYhEe$3vhzbi~-zz!l)=bXS&p}!-m~`bsx^_ z@?reEFJtJk`__2Q%Y5+C2f96&)9tPj3jFD{es_uJ`+Po=YdN<{^h0_$m&td#iv@~v z-E@TydAY7bIhPR){~U$TO9O2Z2fADbbUHWJO%y+*%j9#SoP%#yf^X?UJtj_aZixiQ zKh7@$IW@#@&#iFV75|X9s%MXd?tv9PJkL^7&dkS^Z}ow%`X%dSG<<7MqFzRaayLIN z|G92+TRv9bvy?kqa%U-bUf{QvyHNZ@zpNDf!1;Q@&sY%m0TSc*iI7qyMU#I%NQAbyPVVg(m&B$KJpZ_J&kD_YF}#p<>XqQ@X-b5Q z+y&tz;XebD*Q9RnJHY$Fb@1PS4>&hD0)N``CyW18@Xb_J{O^ECtE#1b&SMTZ150%g zj=-{e$#fH(4}J!?PN?e^a07k@e5-FtTJzFv;5z&b0XM)~z>!x;dN-Inr)CJA88C6_ ze(<&MyTM1mq@P+R)b)ID1O7|Fv%xpCJS1 z)v=Np1J4&uxmk~b*9QDO@DAb0Zr1m~YS$~RJKUsR@TVftLS&T&I_Re6%+|@UBKOq{5nGQeI1O>oP66!u=;xOMCa}VKV3NG z+#A5zfZqr%1&kk>%(z!yxKVCh8SVyr`c1Z!iomqbEd$rVq}TkCYJlJ2aXJEj5WJeK z8icymW3vR4|CYy<;D}JyW{)S!9;p9>1~NYi_%xxeC&M4Z-zfup3$1ZeWCP?gF+-^9 zx)@LL^=C{>kv`FH^P1_=l*@?JH3OL|1D+}dIjikTD;>@f4=f!DXTS%7{A}=Z0-giz zL9e=0xr{)l2lSLOBr>|DjPQ`na!q-8NKd<`+!4~Ne58!j1&@>N_i-`7Jf5HDN{ zeK_UbRvnvdQa#>F{Dnd0!-UG0vZj18$cwhgi~!wD`E00@0uu>sQkt*ATf)sXgRWzDC|BiJLeIB%HHvs#-$z+{Vq-d5DMd&wvjT z?%|HWLm}-A;1{*(L#%W1Gj^eqxGg7OsBEszSGD9jUk^ib99QQ(ANsa`GrvKC5j311f35-?iLUHZ63nd zPv@gS9zWCh!+@ESI)4+=;s>Y7uLm7Y)fn2#9l@U$WMqdl#qHzfn!1#SaKvpDCLqn! z70B~XbBf6yP<)UVj=&l_*paJ)<8nu#<9uEx+{$OFY&Q}Q`K>(C+!?Uy8S=FD3fH+q zKItXGR9f;hd+K(=XNm`wz5{N`pQjiJb3GfGTd2bV%q#=$g||!*VA+`Rj=-`p;RaZ3 zc@8ENfscZjGgEc&3&GfSY83nua30(Mp8!YRjHkW|jEt3~_6rj?^^E~{gWm!^2)_=# z7u*kSfZq)+(Ngi>4<2A{5dIK&kfsZN6kMjyBe2#271sXnZBE3lrcsxvUxF4s3I1BZ zcY?na@F@8EVC-tzDe%96tKbIsm*8RE0|=%~;DJss0XI!+Ce~K->fj4HAh@2Z2f9rW zz_Ky*d*UGz`wjfWw6(~jVTNR`TN3bP4;q6R?zn#uopwEBBwo03F$nocW;;CEsB79D z9zEQazbYLr#Um^KGVPfF;g#TCLfWNk+VgnGj_Y7_;1t(D57HZbr=~S+sUUoA%oO2V zpB`!)SDrj>qma6y*=PA z`0ooi1O7n3YeIj{MLvT6N%;7b6ndHVg@A7Xe?8!C@VCL#GgSxw0L)lOje^gFPLf{K zCld%%?r#Y-PPxue`z|-=&Ot;v)pbs1NIM670c{i+fiEMR!OeBflX(b7;GF^2!Ll3i z8{mq^()~HF2si@Y9dI4|!GIg!hbW7G((O5qcs@^e&JP2Qz&{JP4*t)88}#O65~@8I z`MK!Z{3XG;OL)kB>fq(bNDte=^qJnbb)9=Xk34q+EI+itXLat)K@W%FKU=NfN|A@L zRTy$JiOa#81`&bLzZ>G_YT7{qKI2|>OGV(@z}JAg!7m0=KlR_aFAw+x_>O>2f?pf( zo!~cum39<-PrwcEI|CjAzlZv$os^ff%X4LC>iatUuM=WhZj{@E6>`oLgeph*hdk0|TNt8v==j_(5FSuG z_+NOuz@R(#ha^;YNJjP`e{Pp$X76?9{@Oap@|qrh?Fehf=~GCrs?e_KD)S{i^>q2h z+1wHQ3j^*Z4E0MGPF@*KlXJW4--b3%frSZnKSziTFPW@oHAw zG>eDE7N)2%O$OoRr`Gg29Zw1qDn#ZUA zdBCIKzXIcnCp5tK1$-L(K)_?*&w<~H%o*_4!Iz{wemG#-KK=W`X*b~~VCh0K*zNSk z0{(aQ+0<6?e-1`HhJOKO3~QWDK=wS1SL!#B;JnQ|DA(}QBs0O|eZna>5&J&xxd9_| zUY~H$N-*jn>q53mMyS4{Dy6L((;Q8R^ z1$+Vc)__?rc4;iBZVSP03iv|ssel)OKN9d_a9sZk_{)L61Uv?&eiPRa>UtYE!hT)_ zroI!qk@+5&zMNPGtFOf$1=Fuu2TW`*J*L3Q=QN?NcYw#>qif02MgDpxI1@0so)jU2 zj+A!N9`LGwyTR86Tmfq=Qr4t8_?Eyw2`&aa3LXjg6!@iJ>}pa2AN6hUUwS;_4+9>f zjhZ*!k+@H1bpYeHkL1xAn_=VgN zY1NOyb?#*T>eG$lA@egHA={+POm*NLl3>4Awtd{7n|Xmco-0L2U40`Ja>*{Kmfr^n z`sz{y*WEstiEYL@nz;_#Y#Rwx59DWRT^9H=HBR2b9dXAMy+@b<8>%A8&#~&Da9u*E zy4aQA&xXOWX799?!hR8tLa$B~%?HpC!bGb@>RvSq~D;YG`=pz?%l%Z zOsY5_%(c-6v8{HN6Zo%9OaA?6jvv>v zZiX+MK_&;j4;-;p{5F_EC)eSZz>MR`qu^S=_>fsI1uJa>d^=b&W8l{Xdfj<;*9sJpV8{n^cte(>M3(0px;Ku^4)8%xF%I#=?2@Q`CG9Rc8odmPh|MYDq zHa7dRfQg%Z4VZRyX292j@j>dl**m}=V2&b~y+2^_Ww+wj!O{b~^BUk61Uv>l3I3or z=h=6IKMaoGtGyoq*THIU1I#`9Q{a!`O9*CvfyXDn5%}xizXjL9kAfcrH^4sy)0UY8 zv;Q+-6f{Rl6`wZFQN@L6=V| z10yppA}{&GFM{h}>F^Rb9Kl}${zq^fya7y|=QqID1v~~m0RD>q zJaxWwh};DceA*%XTu=wU4E#^v2KXeH`Ya$gf0PGpSP+3J(~W`aVA&6TWI+Rr4%EL3 z3C^c3?pxm7o&Rm{5^x0n$KWylDeU~8f~n^s_;b}>;coD3FliRm!50L61FZJar;EnG zo4^m7d6<6PkH8UpjTh>4eebP!G96_YuLW)2LBOwFSrhV zJ^0_8TTU?dZJxh80^bMzNrzkB0DlxrUdtH|bFnG+(=NCCH29wbe+>Mu;Gg-=BXj=~ z{Bv+bUrq!s1J}XR!035J13U}-i{|!+bJ)bn2z~}W=~vdlmw4* zgUKg~kl{{oZxN>7Q-27qgVBNXyrlt_9(IGrz%M|C_RC!6-Ol5?;0R29sXqqq0pAIJ zEypW_??HxqwvK_{4gXL47V*5l0lyBcv<)z6w$;JtD0LSY-n_4Re1il3kO%d+Ap+BG zHz(z8*pBT^2$=qye-4;_xuFhTMA|>~+w${Qf!_#@;9moN6Ie1k!EXUK9G5Z*7x6X$ zb%{fzD^^Lt1;7XtqL8X@CL*Zddq z5RSmF2)GV@b-)d<>aKt!Q2Be)(2hRw&0bc4cEpitSFPVuESe+(Z2OkKy0WNwxiQs};1CGEa z0ajy9X2mJxjl_{y&=F&r9$>p5V_<@IRU0Uy$H` zD#4eti}U|wjJ58F@kK4{zDz!!IZHklw`9_4LtHN7@`5jhK9UcM*XCan z=K2@nzZ2rW4*m~1OzF87$cJ$)P&+W<1?vc@_JZpPWpr^FvYEK9%My4+0?$t1l?l8& zfmgM#dxUbd-=wgM{+U4R9s2=}~a}E%1BbTQwTF zv}c#_8SV$f)m!Dodo~hXaDs=*%OvU%!Pi)quWN88?Fj#C^%gtH|Nay3zZ3YzB!ygkMHm?3=PLo*_`?v+~@S+Pe&d6`U7YLRABZOqN;FpBtu~0*B z61Ng65Akd~5?&6iy2Snb@4^_S@r1eL(m^0`HE@CrOE4F#zgv~A&G!vEmr zS~$W(_2F9hA|Ago$io`t?3`STFIAl9yI&*!@+q-!i~k$!BJ+5@sxa@87JuQZkK6Z& zG&ZvEE~*%^UHE6U@sV!8*IbEO)U<`~2Tun_VEIAj z+6i^=X98}38N;dbd>1Zc9H#Km>Vk#e0^&c&7Ub5=2^oH@Qui9WGxNr!e@f7 z1V`XJ4Dy^+2M@sC%-kiJBj6{2B}3n(t_t{e@YP_+qXTu>><0Kw_)i9pVM&MJQ#NMf zE_@@8ZQu;}?O@896M?1AYrzfh2fy;7ts|Vw9f8qV3iC_V!RRKXK5Kx9(;6u?23CH;-vs9Z{ucOXz~2U+4ESNf zFc$RLD4tJkuP5fG6EdW2%734Ht|pNxNw8>?5Iy_L64@HGDK9@4=P6x;xjXgK1ph|~ z{IBTb%Vey2WyoKB`T@nGH|#}yExj%JE2_{1?gqb?Q0=dSKTN_|BehJm?>n0ly&NCEz~*V_)*ui(eP;Mc}std@=Y`z{|iN518^7e<|P<;C~Ky zCHRqmSAo?gjnfFt%TA@g?t~52snP`MdA>ErWsphXqiB-LsIAm39f7H<;VoeDHGCad zeL}m^*MpU}@K*2v^1+9s>)~n=40tm5X91IVNeWE6rZA3{$mc1aPVl0D z@!Lz#sqv?QuM8ObUGlVm@!Lyo5oX^g1Ma2%q?rdJM08O2icAyNk zlVIsALdw;ZnE*pL1D}32CrYrCwx{L-BJf2)W}deh%@4YkZs4J@5`p7yiQAz=<|%Z% zlylLVr%mPnc`i^q{AcmF!&gb?AW{ptBlrgiGu(CN2>Q&vIXB>=L&Fb(YXP4IOP@C( z{}u2{6K$cac+cL>Tu_#4aL0AKP?%0bCn@zaS86eNyawZtKFDh6Ta4|NzF(2TiU4BA zP0V;&`bmVbJL%BAImG^{7hcehzD1{&LN|~P=de;2LC1MsEbQweq${;d&rs%)1pasO z_&W8JepJuzDUMKMn|fZPx{&N5^)vV)*)DPyZ6Xb!;Vpz*7wzPsG|wbd8uV{%iOa>F znsvBTm^%6@iLmvJg_n``h_^TWCLk6{J(j@#k-)!9;9n*1ZxVRDFoTaPrTH~3_;?Ga zHVJzfU#;+@O|g7h?YdPBk1sEi`mX4Je~irSzWyov<3+CwZIQ2xWqy*tQ39JTLp`6G z;9oD?)~6bzaeil7IIVtqL!y8FQgQIG8|$C%5UL%j1F{!u+^YXqj$cb$OrNK=!;g^B z7`_Qy2VV}p1Ka?kSN*odR20``2XU$^d8eKxOsM=7-snS#UVKf^i}`?{J8bCUZPZ6( z*ZBJA+=%5DDUTq(OZW-O+O0S)6Akiv$bUEaPk|qSpG%&UsY~Y{Qcnle;r9@}in{@R z9{l~>kQd9p$oE9xqXE~!F97S7{7ZbhQjFJ&UlH&=@Li$3@^x|j|2ctg7N#w9UFsRa zgz{|)WBr9TrJf)72SZ4`FMdZT>lW~P0%j~;{P9q3U9v$B&xWsc%N$sbg7JB&=O`Zh zHE;BHrwZJoY&DXl)>P8NvU9-XuM(HdhSvwqfER$z z14rQHVA?Q2_%d)2Tn9@>zmIznz8d~9a047Uo7*M{%eLqv)a91ZCx#=i>U*o7@0XFc z`fhRq{$cQKzU!9}Z#d()P_8P8y)Anwd~8D3vO9PjG3b`Pj)qAIs8Zi&Q@`i=KA}&u z>~3V@eBK7HJEVOlI0ueIO91-odItQB1V;Bwey{LUJ#6j0>^-zpjis1n=vddX&+(vM z%akA4E&CDS1izmwx#hG;&08LyX{0}vUm9$qAH2?Ew+?(A36y`v&&@hVs%yE%*ekdr zFgBfHJh(a-8`5us+$dP~BHRG?5~^uqk|#sTx4Il67Dfd7TC!X1Ipso^^K*8w-!N2hDVrwML_e5G&%UJQdfT?bzZzXooAWyfHe z>Q>wsa0Grk2eyv{bJhD;@H1-eTOgC$QMDeQ7$9gIDv(C5U4vnw^?)x9G8 zz9cmuHu_Wp33UD`HE5!4MVOaTW%7AVumjq^BAh8tF4`pj9d8*9@yrj2>bys_oO=b^T?3bqy|{?$nX0u^0k6~82%5uUQ;gx>nw^I0&C^Z zfXBgHE5kd6*9$Ufm>Iq~O(CT1x>hmfEWRO10zA=Kj8i9sB}Bg8(bLPM7)vX^(kj<& zCH@Z-uPfxUzJ>idC8V`EcY;akk&1YbmECdvC!yoDBlB3CX9~SG`Il3Foh??j1h#K) zd1Jrl!xP5#y@yapS+C)tvfB81PigT({V#+UwtNPV`Yr0>2KaX5X@3UR8hEKsfFtlIjQzX=ivO29X#3Iz_`}CZNHefA>}_5*cnnOt^euP|W6@!&^XlNA2mVR$Z^-9e z@EiQ>UZzF4^9j~!Y|zH}8Sn)GuLP@t;;#X(3V1VE{(!TO^CR$80dE0c7ck-48w0)` zyf0vMzxLSyZv!6;_y+J`z)uAq4R|~Fj)3W(wenFa_i5mF2vfH`;P(W43-|%B+SLty zFyJ~Edz0SgkAl%#>aV~J@HfGy{Bp<=A|`u{ahmovF>PJ@$V5+~Puu@^x8mXdJL%rb z-2gv^jQWnW_FEC`S=T!1W%E-8jQ&%qcLbhBD49BVHlgH3!3zj)<8FXuj5m>nU>$v< zwrelh`tDJ17iGN){+qxV`Z{uE52-cC%l?nUhiB*8t^wEKSwTFXgv?dcS(&55brJA= zir0m6Aj*@MyplFyp{vM!+8cD{US8DZ-a?kAnY!I{Y=b0j7T?V|x2VXk!OI znHIc{IIi{6VCb3wo=F7%)OYI=?X}-sU_a8K{r*9?8+ith{+5LFx&A_Q#XqHAzXG1> z$F=@)@CO545B^ZVR}+$tuJw$Q)JHtF45T0OiGS;(nE3ZSey$=?GP4aeYQvchlwDIdew%=(?7?f4EWP>Rx>%yS18w>VG3ds_LV$R|0sS-X|b1o5Q|(tcb|2B3Hc zgt<2Q!0ij6@q_#)#S8MD)sm0X!(TsioEH>CM_cVx%JnazOxa%@%ot2P=`flBD7x;7F2>zdgKM$^BOXx23_uvNn_d4r;na2i=E&6g|MBToL%xQ2P z{wIk=hbm*k7YMOoT^pol@$1|MNb_mosd@xC2D@aqH#|!G-&u@1_d-G&Poj_eL!XlQ zSMgI~x(z=K7;*#sWqf2dDq1qw?#9l5sp3ZK3-}bdabDn024@1M-5aeRk?8=h4Se$0 zcvZkuedCsZ@yn(Ym30pMrv*O4U?bz)>M)%!v^~8cfo&|Q;lyrA@UJ9ofy!#!QQx>P zBw@CF6Ck2o^}FzPZWC6>^(JnT>)!ZkE8L~jCsZ-6N9rNs-hcpYbj)k=JE<=z9{jq1 z>)`jnV7;%T=0k<4lkK%!1J01o-9%E4RD|m%-Y|9A_!j~1AxzefbaDNr9|`sQB0LJ& z_}AxIs1&I$>&c~l_+X1~brzp`Z2V}8pJKkUi)KyxIvp9Vjh{~7e@x(n%=8&8{<3$r z@Ww|H`1>uq=<*ic_{$dFG%9gACdMXiOeT%N$|6Zk0! zyeolw6SzNts|kEt0>83_=QUdR$~PqNUncP1Byd6xSDsGrznZ|`P2e9T@MA5!xhsJ$ zNZ=I-Y%dhva5ryB@DpvHeX7Nu{hf zC-^T&;DqgMPT1b&w95f3I4|u__GQ8jRgKd3(q^y!kd5H!t-tO#p~@!(^~xH z3B9dI*u%;(UL34APpk2i5~aL8q|TlVhV^33eM9nad9 z-T%xz+p<|VbgWWv1G$lGVQ{EgEYw`#2&m?U2W!QHgN5EqsXTbl9xgvL;)e2-Y`#1= zSjZ2#J|#JJMUqvimJe2Q16K@`2a7}H>gv3s+{|@*ZpiN0yZfmt6QY-8YD3lG{7|M= z&L7HLQaiLNa~ps2gY1igedWwGnVw2twptuK*fUI6s1>S53M-fU%8|BsYoXk?GGwt$ zRbF*jX3eUrU1zZ`vvNtC&$vu4zqV5BCFg9mXSi4zDh_6QYDaUG_3Kuy9A3X}l?psq z7|P~{t5x#LBAgvMSnOT7O4-IaUVd$Fu}bTU@tzd94S1D$Ty_RME2zs>yXrfRR zs+3E`{4t9i$@bQ)CIqc=%L9dhR>rl#-jKyn@vXL&w~@{AhiZqjeWlz%YvfQ{OO95H zLy2}&3WY=2a-Y@9M^y@gz1V;%rK$u{7T8y;4p^;oc?7bxq1@20l|j9RiUWnRA_aWg zs>L#8S?dOJRa1S%r>y3NOsg6LZLGd(&Wf&h7kbL5!SZ+-#pesXO`(Iea@K|x zwGdYBGFsKjbd!?>Ssh3EbG3fol-{_phYHoftl16ngXJtepQkw^5^IuGBkA3$tjQW5 z8c^#m_F4bMRftVe>6_Il_)aOIzd}{2vPxjQ*?hH-WB7{BQ(M_r(_%4B@d>D)FGbM_ z8&q4{Si|1zD%C99h140lu?ra^)mjf5(T6fe@#qwyY;Pggi!KV;fpV{@BJit)O1V1Z z2W7BglOG;L^;Ro&l&`otBioxB%BfxqyW!aA@&~JxW(4CUZ-ynS#jyHw^ng+*CC)C_ zYjyQQphllsr1uKGHWCgRm*)_9Bv&euzK|UmC=SVCScV1fB8963YG+N!Tb%q|jb6_A zva9)F^HeP-mCyF&28t!sC2s>v)yVsNT1Yt>RjeG@R2~fCgE&$;JI}16G(F{EI;OX9 zBwN(z&Szzi1`xFH$R=9f+bi43XCY`+w$^0i%jH8wUwm(Qa427{9Lx3;4i?q9dB%lz zKa8?U#k&itc~)ktO3i$5F_w!8tK^DRTy+8tZ`xq7t;)4(#zazBzYck(kJf~#nO3z5 z!#bZGUb{({xfRK^n_7~!{#bWXVko-_l}B$=yMx06B=0FC(_=VZUuO1$-fYn=nW+VM z3JkfwRK#-{94w3sxe9~uh^v%qwPH`HkX1(wIrTzuaFaFMz_1(k)aDqdV9)YR-t2G@ z1I7HN4W!T0zc!7aEoM5Nt!0DS5f9LOR<$V%npdXdjxqtZ^r1ASx@J=bhfAf}xOTJ{ z%C|Vklq&z9uVB3})Hz2(hmyOosALW#u{Q%{Mh1^21oXs&dKEJ}xc*7%j;Abxhpw*8Ja$eBXmPnDvWUr z%z_gwdTnYB^2I3ILal}Yqki}shTQDwoED_Z+8q$xL7ViA_($p|U;ncxmK9$v$m`ia;&v$nt!!0W$0>t z?qlUQjMZQnn)(j*RX~R@7BTF3NUevG@5{2TDG!I0O|j-zI4n@*U>WyeiBzE{G%ah` z%PZhYnSE^OByZzbk7Nh?c%!uSkKD{aj+uh6pIJQ2jmS2Fr-M zKBMrH1-VOefWE~n*C*`cadX~jymHasvux#e;>TRxOK=1LpFLg1(mk1|ZPI;Qrv zVskA94aoN8u>)C8ZMfuL5xgx)5qa`UuBuUNc))$(RX_AbF9ucpOY1^;^thrYdO8|`WK!mi(A!^ zs+7u%sSsxSj`rfkc=d`IrS&b|5DUyhXwO?l-!b+XvN_f2pd1*}h=1uuv3=F@K$G8F z$XAb5hF~M_y`SEci!3s2^%e9W?`Uu+UvxMktA?*T{WfTR)&>%e)3edW(Q@_Bc&3cf zTZi|!G}%2aeOt;zn%JZw+da?rsv)H>WBIQ7aYD_ekWo|If zy3}dE!t^dg?u9;0>%HNH0s%9}Z1!l=D*cFwJ6{8{x#K{4F%&J*WT9e$cK*lfVy^)Zn$Cx`*s>Lug zLlW{)zQ=j1Kjh!)S!vp$s&^pA48hXX>_U%hvcbmCyfaKgH3P|4vOU+tg9Qc~j*sq_ zm`Z0pQ()O^!b3qm8@+zn0jyjjE3{_ctR)_|$Z@_9sh(YgzO+I2|-A2zS6bhTytXsQw9JO(Sk!CYW zrWUATj@M_$D`)d9T0R&P8qXT(r7(7U9R|WM7_Rl(GD|BX8(VlEG-l&~wwvw5HiE$f z=+_LGWbts*uLr*$7G6xR{k;Fzn$bN~CYF2-cSJTgm28!j0gi)riLAZuI&GDyuJM{E zQT-O{u%_<>_#dz?JnS7tfB=!FIf&@UYBF;EguYf zj_l;N$g-a=vS$D2vBu8dP`S4poQSo+FPO|yEv=7}TMAyQSR23(uwJp_A*ZoYMpfiH|bw)@zjI7ePT6wXT{70N@lom7>0O`{VB8Eff&?|)%t2#8~bc~ z8G*XJuDnNR)kNd1xv!|zWRuV)V{g8PD%51`#Wn>kF`?kFy#FqmVb19#Q0oizYT zz*`OB$~B%fzcNd+EU+35Q~nT{@rE>5)S?2#jpsR8g;%|~2k#gxS8B@CWRYg=@tX+s zjUg)ZZz*bny{^Eqtvz0mo5;q#Svb=>RkW2Ug4pQ6q5fDNM)?SB2+1My)qH|t?q_;z z#r75Z$_Wyu!Ukr{pzvIeUjekL6T9*jCz%IH@VC{W9^M%e*@O*~R=HYyY8~h2j0EL( zkQi(9oK5cXKTLg1$LTkgyq}|#Dzl6EDwzb$ja`V|h{zzpp*Y;<*?4a6E!pi`c5U6c zZEyDa-MjW3xM|zgByY>E-TSw1+nZ!1PHG5#!j$J$U@7S`FZ*^N^ zCJ{UK?ccVy#W}Dm=Iz+^)L5*=Yzgk&wsYH-eJy(Hftzl6rrW!J*Us$D9lLJKCQCaD zSGk8JPVgVzZ``z#FMB&~&hFa1YnzLS>$mK3wmpJLYoOo(d{B|A3)qhpcc|R+Jl@!~ zl;tlD;anM;TG?r^_u|Ls@d|H3d|nywGlge{S%dE~BkW-f^7W&l>Dg6~!f&uK%=)jw zGO$*R88|`QH?+A81Gcsv$l1VWNkGrB?UFC|7i?wSU8D-Ll8T43v+^$JwiuzF;u1d7r0uEf_>tajfEb&)~(|zB|;84f4r~)fuZnd#zAk z=)qUbI;l^!C4LAkF_NlmIWGn*7e>=*T|}bM@Rj<#t*aENSD|G zMD4Vi$fQd46~gM}w(iVs-6q@3ZpDTf^MS#)>g#0if%K7C`_LQn4(vi=tAtbytj;D1 zv%xSoNUcY6hYG_Lms1Vc8Q=wiHxnArO9E>dTPCz$<`17e2QT7@!7_`c@hk=cvrAKm z{esE>+eX#WG0JDB&c7w=3y!_)hXEAcPy$z<9Yei*fcXyb{qa~W&vu6PAgElt;lzL$ z#y!cKGA0Ld$NX!0phHc`>sW8aoxfyNMB)N7Hb0As>%&(chv9J83O zz3g``b9qyfmN<$gYkm71?xEYfE936_X_6Je*0R?x>9?Z_7ynZ^wzt!3>jx-_N))Yka`91 zJLP`)XbD3u>Mh%9+rD@Ij+>a2ckSN0ZQuSad-uDT6VtXO6F%7(j^}+^6)S)5o}03J zw>{lYNHMX4+1|y(z61OAY~z1cjOi^0_U~@zQ6lRCS0&@ni;`v)fSU*j5zz1#Kcr@I zO;C!|zN`F0a~=?(O~tSW?@69oHMZP1PHD&W+i1p3yKmld-Og<^WJ8n6Pl&wvQJvzzYSMT)85muI(H-LOXY?4~V)SNgT4Qun7dW*6g znsJ^I-(EVjy~3o3k3NV;X9lxR*ls`*rFOZJZEvTC!zz${hc>}>MiA^PQuDs-Ft>Ry zJ|dZ2^)a2pvsu0`>p!CR>!WO67^i)~A@=z_0c{C{$=4uqeiA}newpJ(IUcM;vu^FZ6PW zMMJWq0^O(0n=trvG{cTZ>F}7&b`$g3^I_+(Fq6uL{hM)m&I=c>ftz z8G8FBM&EastT4x{-t!oqTBqnMQ?*(v9HxXL?0zvwMKjCpUBd_WB+%uv;;a=`GQQLR4Zh3YV&MGKdxDu;&!dwpdO(X ziE8+k760okOCB^@tphN_tDA>ho?U!yXz$wfk1xu%_`g?_r8#>soyp^_j4)i6otBl` z@CRG933X%xQ&@cXcBD9TMX|EMW*;58ZAOhdayvfR*-zd64&^TyXH%WZQPskHl9gr| z_uo6C8|PzZbYtRwbw;<9$^T?vHXFtfU+skc--lyD`hPW^68Zek2T`lx#mdcookHz5 zFuamI6wE3XPMFoErtS0YV?LA)K#vZT2+&f6ug-O_Ki#7UtRrLV`f zX4QVa*5R&_ujxZcC13SHqIjl>xC{;lm-uAE-iI&LK1P&}*@q&IUg-F`;pR?-CU}-j z_Il{zL+otd6!UCrsOi4dyje&Ko?#!V_&zo?#6gCE+QG2y@R9Z{!ywB>3)w}oua~@S z$48}j(boqZ%VEH0RN;fDeHWsdEcyAM#&@SY+k*PQqH~rylftpX65sLE#!5H>z*>iO zBs?|;?8Vp)o!G%l)l&;dZLQ!}cr&t`v(>)*hRvHd_^piQ2-IY&dg16PpYQwnzD_Is z@dgTL0&Bl&p_dAof^Vl#wvTg?9E@vm>|>;k9?=j^dS*)v`LqCra^~@ zZ6ktH97p*K$xCZriAvfJ7?^hW(74I<@;apGm~RB%Q8<4QppIe$Xs0d$Rs#cM+liNm zKxpMwjtO6*Sd4G)tp8OSCu&=eZ#7zq$1(QdM6Xi*tDMP)?>SDQB-ANdPBvN81~*(P zdYBbb|I}PDKY*Tk2R+57J}Y5>(-nE!@!&HI8~c`l4@$WnHarF@i9%704n%W`U0;y2 zcX^02@0^_yX)c8QC;LH%x-np7$u5pEQ!n`u$Dv_6X`Wr{`pXPZJCoOBuEXZEfkc#E zIRvGC&lIYTsM9&Hs?4#yiiNdmo>e`kUUdxGOjR3Git@#eqj=-RYWc)0do0$<+GnzH zL!o~6ZpaSqaGp}fA?PA&BvlFLw)rrFmBp0lCAM25blOWsYy@Uz1j^FJug+vuM>H%k zX7m|USgaKNX=D-(OOk`c+VIm@ZVo898O@1|L|b=n&=j?DxOVxqc-GaGybM|^^fj8XI6=y;4+mMD z{d|dLgqb_+;%cv9bq{ZDt9ggx5JV7;or(WhfZy>r(pMYM$!1;}83=kc)Y%8yH?7$R z7XPhgKyP^Z&6R)miX~#Ey|)H|uq9>tDcVT!2eWJ#_}5!L(fAtZJ(bVICdrwb@LCqq zhZi~RfoX>;e9zJ66q~C2*O2fP&ra<42>B@jYJs61N8l_U_RI zXW#9!kCkL!XzWeWULUmtqmsOT#=o{G>MWq0m0=5*W$P@Hsu7=O($p7# z)S(L#($4~^2Yp-es-Xdu;T}xVZ+$6F-|^9wKboRhjt}>7744*G^XDh-XoXKBR)%jl z-oelNI$M!_y3M}+88qW#n+HAgeok^bnGsUjhsE&8(Qxgk&N^uCmfpAH2X)VlS)+9F%V&9}Hw_FnbX*>fTHJ&jfFKfPv12_TNPECtsglF-3&2;VuZ?d1lXTlG} z^_zU|DbL|P$?wkZfY$Hg_j8*dA;0avwD}u)*l**%?O550PrV(?@6j!d{#JypgWSiQ zyNACuU~!`P8w;oS+W`9gzQuo!|9*_WKVZM%SNyN|vupbM1NzN8w0=`Rc0RZ}&^i9= zqdDMyPn-Nqa3w*j9wVM!btC`Hg8sHZJweX~pGeS3e=^X2%zqJdG5F2|t@zPEKj_@A zRiAqkwCaD#)BH(_l+)iyxIaP912+=1(vy$ccga4Nnkf0x30m@BNzjr%6X-kn^8@<3 z5RWBj^r^q$WBL6Pf6D(-=&l5^z@}$UFu@V-m(ICH1Q=$^8%&YMgX< z`m%+nQ1M*}T6Pxlx$J2!HKK8}J;cA#rJk?&J%N4`D%Ci;B|*!MyA!nX?ho|CF7<{@ z;7WqlI2lRMN?-T%1` zLeH!3cIk8IZ~c8C_0#HyT)Io~n>|fGq*tmR`UCw+m%dE#u^!*#(vkWh)}!cz9xoH! zMf?eF^1tk1m)@yuk@ono_NK}-Hjf|mSa3EG@qf<`{}M{)kKKZ@%U`=hu%sZ1h0`N#g}il?}AN%?R0 z@kT5EJqcR!wj_%&Cla*e?+o;xy7coEKbnYF`g;?! z;!k;c<58DBA%A_^(>(2p{mtdSaOr!nN84!CFPUGXjXvE* zkG0Wf#?#6wnVG ze5Q?F(?&;a^qw}lyN#~2(e*a^WE(x&MxSb<8*TLIHhQd$J~N({sU-C=xvP!Nw9#wY z=%|g}(?)l<(Ums3-bSBnqet85Q*CskjXvE*kG0Wf#?v;8~w*^^gV6#hoBSv)A89h`fF|U58LQpkEc7&X`>gm(U-;a%-M6!pXFBb z(}p3pnv=AvuiJma>Xe{gZ3qu3k&g-sQlf6>Gy6h%TS+Fj<(Nh+z&93*< zdbIJszvQFa*2QtAZ+@9a@&6eb^UcO%LiVm(mpLpC?HMI-5(fWnta&_tM|xYQC)3O3 z;%hb_UUx?^(}#D)bQd(s@Mb&X^y2U0euDDT{lw{d%m>Y9oL-ElaX(S{dqRr1{P=w$ zPA~oy+)q&cgl^)v#=k$oh|?>QJ-;U`zgq%aaryCkOPpT(w{yqkx7op@ZsK$$`%82z zFZ`MW-JZT*0$eI5dBx?6_bTp~ZcjfF62Y|4w4&q>xNmLZ%J(%=5$1XD2Co(G|y zsQ)S<-5NsKkNlIaxISu^-tC^C{8#o%nCzeI!{#$tzWU^e${+P9I>rc9{&Y`|EB~(Y rZ+DvB>LIcfyg6pYb{9t_>)U|&I0N&7e{!!6Z4XIl;`i9N{qz10A&T1U literal 43632 zcmcJY37lM2mH%&bXX(xY+0!HtDhr|6LY7Vl2v~sx5+@`vBpOAnuCA_5m+9`RR8=P( z*HRJUjw3p__b7}wZaC_IqEh4Fh~vhLsOYHwR$OpE#T}Qw{=dI-@2h(K2p^sK&%96G zyT5bpx!bwtp1ZtPofmG~c|}`W$~CW)`wck8XvP3;DI1ju&jl`ZEN9pi7r8k?`{%e* z3EJ*j8p@-w>VV#ovH}r6}(*1Y!aJz5+_S|Z>UHROX*3+f)6${;6t9^L# zav$dAJw|V)NBA9*i0R2__@?(5-{?^8=Evl}$ZbyKV>LWMxeFwBf^xe8-S-p8@q-e9+jgWcwW-7XGxn+tZkIHCVA&T^CN zamw67eF?kG`Fclo7sgj)H;=X37y0@YyPEC22+oYVOuJ2cd*xldUXFHc68ekvQ4ZHW16rs3YVn`vPvvk{y<|dVlM+v<<4-QZBF00>0paj0p}wgr3|;5?PVmgmAjLBJ5EDlGr8Y?t#eNgwfPWq$lBcnzMQ6H2tUJ3I92#wZt|Mi zOZZLhec(FbL)`oEK^el|bHkrjrx^LCr%=@lSfiJ;s#;1G#dOe-25$&B1HKe2nO^XA z@KeEcLS6JlM+5#|@N;}qQqKTC7hH!w5O4!r1!ufUQZE9N=ZrM`R|HI4>P=wEo6!rt z72E@^6Y6>%xB>qoVA?g4AoXb;v}{CQ&W34f0!;q1((r!zqwL?H>VCpLuEcY9r;&TMPac_+{V>_(x#$HLni- zHJET-1G}e8M;Y@8rl|8tJ3j+f8;P6W3tj;x|M_*W+DLuokAp7&XTS|Gp~*~u|4KOJ z=06Cg{|!_A6ztbsHOQ-|ad%gbGwpMu2MxcQ5k&gk9WqaEVa9?FO*=`t&Kz-2{G#aLT#2 zfL|N%TfuJ&m~iU*z-q%dx2`mI1O6uoS5emtSib8Fa2@<5a5uOC{-(!m8Ssz6^j}+p zP}c@*fne&RJm|~z456;g9#4}!Q2+J@J}w>by@a|hhCcy+BluGEO)xFPgM6l>33Z`I zkEi2SVyVChge4Zc3eF95$f;Dz8D z(W@?1E-eu10X^++A(7EF?eBT0U%95;5z^D{X`c+~Rle0(+6tEpMfoZ&p6?eRmx>pz zQ++t?8?8Dv+oXDYpZL>)%uflGFJ(>pO^_FDlNrJ3@c$UGFTvxqv&1b9$qsZ#uY!gD--`Y_?S0UsqiFW?u2a%sO$==tt!LW+1y-$9_OH z_~4p;H;+vQ-SjU;>7g^?d7Zi0E!<|~B35^asP1;f`ka1g_Vf3_7kY{5zeHGRq+|8D z<|8ia^Cti@qC&ZrCSa2b?IDW}U?kQdABXSP)vDh78nH<+Fz{ z!_C#PKgetm)smSm-G^#4b*i+oov5s03_mA^Ul#J*3Qu`Tb!pQ64dFI!u8z0zQ2uG~ zI|)ObI{q%Cy#oFRTlGQ0xhw6-14Tq_`55GO&+llo00C(_pN2gD zG^d#Se#HlQ;S6|y5Ib^pFtn9BP8j8*{!}I*pUy*&8S#*3o;I;GSoMtZRC|T%+##Q~ zmBQ%1jX-*nEj>*$3q9*ZHM@d%<4;A4H}O{swpu z+yFlS9-^h<{}4Qk?uCB>9--;NzW|pAGu)4Y%dGw3+nk7v%{T80gEfs`kM@$jUX$)B72=b(R zABBXr&bS?(bj~&7qdbJu;5(6#f;WR@BSmhm8L|=KI#@PxnlEa`e*`=S{tp69gC7of zEm-}DUr1%ZzX9V@QhVrAsYCbx_~d|l!3)9EQ+7R*avXh;8V9cko%C#Y>Jz1>+?mX) z(RyyC^mQIL*USrepi^BlpAgcL_spHNQDg=zo3Jqn#*Ph(|AK();2Q#NfZyS0wPNOXTNw>3Ptf8z~%L2~8Umb8Ae15Zksjbw|L*!JiBmea`w!z&C+qTS_|){%XJt z@V5e<0DmvElk(zrIZJjnpSw}|8(+O3M@(+2mscw<~K*zHszF#~rb#Tu&=w>e?q4JiD z>_PTtmt|)Ay4h>2lPv4mJ)t6D?Kt~F(kpNBoP9ari+$?Z+X?AUwQII)NVu0f)Gsvw ze_zP=TJS)?*y-$N2h5n6T@Ltqr44l@=y(M3xOm7M4KnhbQTx}ouzQ8@3_V;5nc2?| z@@vKM?QD}y0v4M6(oj|q)xOtXjDIDG_^ELOad3uE*WZ$D1OC5*doY6x^RH}|ervD8zdzt{@OQwA z;WxlP3iw{|&jOwR{|S5xGLLX>b~54pXLr z-x2uJ!S4x}emv5J}GvA){`+(8M$+9Wc z6WcgB9r(iM1DRr>=TKsWvH<&V~G{76c%I97}U4IXrfPXO4PY0YK?Z1LaGp!E(GMK)cHV*ze_ygbup<2{VK!4fwMjy=i9-;b-YtBPF_8R1Y z!3O!q+q0PDn|RiR$RC}{7tMKuQ0?TJ^GhB*26;$;>mL}it6TYFeodLV>faY|XIOfu zABF4OvHa(*gxn||GOKxnY$wTF0RNSeKn8udYYn=&J5wH{2xV8+NY8R_C!|{b93<## zPKbMl59dCaFz9G*Ke*X85~?1^&mC#;=W3k1lRLv5RrF?I25hK`C_l$a;o&-)P<62@ z#>X~W{GfB>=DrmEtzO!m@Ai1^%dL@q9#ulsQSz@P#D;avRsRcHTVr`DKiMMJ+}n5r z+|)Dq*#1j(;+lIWkARyplsESa@EHrb=6;ih+Qv2aKSSLtUsa5Yu^;KF4HZS$eNY&N zRIy)}YoiY$TN8ioZ?Cm8@6HV8{M66MpK{H^pSllo*TM4%Kf>Jr%f@|3dITnwI?jXrUk1^Nzz8 zP9yU=@a^CXYeje}bXpz$+rW(DY2)Bq0;YfFsZC1T0DlxLnF;V`1AYW7pYRgak_7X< z8*m2vlYr~sKL*@jsXEJJ_0;@R1I~cehvd^y2R{)^xg8Dgl>tu>p2AHXr26^0dC<3= zbHL9En7H{RFzxD0gGa&CTYWeGx!{j64-m}1E@1Ixx8m2q(gVDc8({pL;R*1kz}O;1 zx%v0;_yjlu{x0~F;5u0CZGgGw{}xP|xdaQ;fp>#5U={u^;5v8-_#SWrdfm348QY5*7VX>@y&GAGF5H*E8TeA_tHE`!#@fGu8{ie-f48Q&g|a1N zx-#%LfWHi`gQY|Iud4yx1OAFPsfAAizaN}|-v|C0xDM7>qn@WU2xnYnEI%?3#p^~Ki~{_0?fU%4*m)FJKzTRPhfPX;ju`@ z{$20x7Eu?SjhvQ&PpGuZ2o}kHh+CEctG&X#;48onfa~C$f!_eDz4Ym_3Gg8Jd)`eh zs(`7-=^6OX1yj${8{p&MN1RI&EP5S}yuB`Si$Z(P$iV*~{7X2#>jnQacrUmPra#@! zoLfz>=az|sTbaLWYv1IWDAUfH?DABF!za0Y$@{*B;0VEQ&i z`mMrYTx^{HKLGy?{-|~_<0ADpV5R*z_$F{2{5$X)!Q|I9%VTwOmkgoo+!YzH8nH0t zuGkLV81N48rC{2BMIB7p`kvuRSY6kE-wMuvOW?PICG!ICJHZWvPPDF>BYvA6u5E@r zJ)WsxijPW@kL*W!=juYQhU=nyT6c%AW#HOqQ`e28T?`9;*DZvMFI`=?@es~{?+myO zzB}LsSoVetUFo{M7H|eXC3_aX4!$nn1~T9AST*UAFG8j*1IE4#*BSrQ18#s9dE8EL z%Bp}fVAYGey$-%S;0Ab~$F#_uG7xYEJQi>re0{(T@S8oJN^r`11I~ay7H}PWPX`3o z8a;vzKQ0_}XwjbE))kYvD<*SFjQ>wD{*oB~pJV)`G5)7xd^xG84xfqfPmA$C8{^AP zb~JI3fKe>g!tt6MT{(^}Yl1HV5t^wEEak0VPFd{da~+r%#p@!tZULt^QG zd&wmx;g&p^kTgsB390ImQ9>DAsJCCUhBlnp;M)>R)?vCMeTG;)7a&+FL zx?nfadj&}>`D-51Rh^+3{F)nwk1ujR=5B!B5!&=1IC>ZOBk+6GcrJZ89rGFb25iYc zw91RlY$Uow_O9~Mv3g|S-wp3!?gn?Y8iU}a=X$xN7ZXn9Rzl@L+NJns zT}!h(RF}|i?pMOWegt*NM}+t`{N&Ojv3y>xIC#t*J|7BFJ!sp~cM|@Vn``Oc^Z1=X zxAcRAzxTMAuj(3=ab63%Kalp0$BqT}N9z;%Bt@OYgqc-cPh)BTGL=6-|d= z#%ik5m$($aotgp8!2dd!`nS~`gAhCu+<^Z87`3QrOMeJvOt)viKY{UTa2-rt4L4Xz z(f$H`BDvc>MOt(fHUCN!ywQ3 zbue>sYBOtO$=nLQ5GoTHG{U!J^uw>9}YAd+TdQ`e4pGC-@Cf!~^pCf;o z?7p0Gi_>8FCE?{@^k;YlI1}(n@Kph$`_rC^qGmx8uYI>{K$pEAq@LoN&1f7okk`2R zJaPo5^%F8AQW@~G2{FG^9Xw2^x;DTS1X&}cCcqSB_&ea&1^iv`y90gz{HcJyM;OM1 zUK>SouATKn{I;0P_ha~B@);(PDoJqKzZ0Toe_0}1gEsU3iDCj@x`^H#{3^zOB!+)V zzjTnX>Xjyc_36hHPs&3)=p&bbPdig{z`bDAPx`Ebe@enoH#;-Tz~@>vHROr?Et3IC zo@?1M9wF_rZjY6G*#@$i$6W_sL`SGT+{>;c*p&SBvd;#*68x2bSAoA9@EKs~P4cVR*I*Nd&jjN~ z4AX|wgUxCqaJt&WSdq>;xlMn)F&nHSvypl-ILOuZO(}d7O>(EJt(4W40bd>P7VtFz zUj|m6(5|-2!AAq$3cjBFmXJ>!{CfDPWs2}S;V%a_z_&X4?q;g+hv3tuX_C1Ue#ZN= z(?1jN1pF_97q+|U1gC#TIOV3dgMSh56x0iC{Hfsi0n>eH@-{w+(;L9FYkCLx^1$x| z?+F;coqk%tGr`4xvETIb0!H8ImkV=llm@?n`kx8TfZqm2@6&t1??a{yTnDRN!sFmC zfYHhH2KZ|pQyrInAm9x6=KOMz(Zpt1CHJ$Zifz; zr+y9pg``zABy&A!mnt6oN*>&*lD>mToywho|3<}2cZ!T0`gFC9*X~MHf$UlvFuGHz|@#$$^gshf-#q*c{P?5q? z0uVcH;zyDD4Z`iP(#)ryCXDdJZ&gQgy-<%(@88GpZ)2Fbwkh*}TiB-xX*DjR{U3FV zKX#8XjFC?Tg%7vKd!hdv_-x$l3}gT#F-f0 zB8-#ZN?oaE$n$dHM4xJqM)4ZY0k_eYE4~=(pZ}vcc-W2lXXRo-vR%1~khZPVxK;nt z=kc|~O8Pvt9exHGjp3`nbuep*R2Ty*3*c9A6BU)8+96C`$vgEVVM67vP<}y|$}a`I zm=6f;+zJ0E^$|H|a((pOh~<|F84#p)2|rF*yA{V}S%>^-$I2Ix|8)2n@N39}GIik48Cfv`R0lz!oI+%Gk^?Yv0f7rK6zpGh!XTVp3KNs5D zLq@(*F7>S#eu^+{q3cpl6()Ro2qXQ4Hl;LIaHS50kb1BDW+>|b_4k^C-}L(>sP%u;I!jHxvC`gw(2ABpD7;rlRSgq2g^l4VzhfI{u*WvYAlv_m~r*hzo=pb)nGT`sT_}`AJE#SqL4_&*6%k6!Rk1HTTA z>NF1iW#Bi!zja=I0*wBY4=Qx4RZrP_8jLNZ%G?<+wBb5mJZyuNKr)l4OBHM&cUf+c?o7`vQO z2fq(|6x?ujrN+FvSBKx1q$tyJPyX+{?pLdiEI)Lz9UR8t znc7rNgHH1vLpE>eyze$&mVr+j4EKW50oTF!DdUfWH_(=Y&<*aWAZ+K%i-R66iSggw z!l@Ss&yKa1d>+q7zc7}rPTt$7`+Ru!fcFuGx}W*XfHUy>$xrF(VA-W`16(6~3pBx* z_%@|YiO;yy?=hvSGhYLKF*pN8Rx)jMuW`uzE;pbfUiRkuGCAw z`W8hEfz`blc&$ab?y$%3dO=2wN+WY2q1waMeK8N(_f-`X~|aO$`)mEcPKP)}t7 z{xNB1w93_QckQ>U7VBl&Hi-!GwoVCnxA-l4Ph}v<%I--12Iy#giH~UJ^Vc!{`P4z* z7Aso%j)o@D*Vr~aj?ev+296v8JOQ+ zE+enC=LGy&@aBO36?{d&jK8&vQIr2XxHsT0&}{iZ*6+*ig%31J>9Qu7lNXZ0__1SpMN|8-i}_XTbjg&cMef=sWTi z1Z%&;gSM||fPY586xvSR?3*#VMAzEillB9)<#+3ll@IL7@Y8z5KM3vxF91{Lt}<8^ zKMh<5Q+MOv0A5c%x500Kp8%h{P9a$LBp%3}k_PVzxEuVGfY*ZMVmPI>)sLYmEiXTydB&KcnA32fT{1gZwphO zJ>VY%d;t6lu-erN{zJfZ=hn*sqqkGW!RRgZL2v_%t)>3KFPHq_fW8M=8z?-brwDIA ze#sP1-oRPI846hI=D2Ld{Z9=XTVP+luR8= zo2|HUu>9F`xf|fC39ljz!TM+LpzS(qw!V81JO|rGPUpm_G&WNMV-Kmd$oGP;1!s`? z3iuLmoiJ+G#mJ0MXJw8K*ONB&kBZlY;)pUn{hPYom~Q=x!OUN})?Wwyr+{A${#3xP zBH>JMH!^P`q+fKczlDcz8hjg}Y&Qe`I3ewFyUeYZZ=Ui)1JeJ35- z?<0hJkyoGG$z2CO8C~&D={H;hPwnB_kOO}r;Dg{#23#VPJ#cL}3cq2H2N_5|1krDS z6chda$IoR!Msga&(i_(X*^96>X>vZPyCmWBF^tV@sE4*=D^{Qsr8}PI_2h$2lQv*_ z=tew4o?jwfxIvz;2Gg##3^?egtrvWgv%YAngU88}fBJTHlAiJDs#}z&;XSQ3_$Vr3v+Gsf&Jc5(D*@Kwid~IR!crg4}Zh0*RrribiCDGrQGl# z%B0?|4*nGQUw!>Id@*40zd^igrUCvwST;EU{wa9zbgTJ>-+>?ObZyfa*Vl{B**$&K zqxLPH=Gw5&o|A(N{nfJsOugFD;8g){B+- z^SXeKgWm*3KW*dScY)DQTLX-5Har1_PN7qEYtI+J*j#%C{0;EE;5xSS1n|Fsk?r{* zg7n`Mf}WoToIz$GGXD<04*$2rs?RBJ<5WUySl34BS^PS;0n)Ippy%}nawL!p_r_C+ zr%t-;w`4Y+L|yAY3YE-qNc693XnWfQF^q3)@-K|x zi%9!MDyt5{Zlk`CgxR)iC_}mGcj4{aCajQ)xyw3B?fn-k+@-z@&s2tT1iwn$y$H}= z{S5;7oz&MX%KWn7I{Y8N+wGH@4;7|PXAo!eUz&W#%jVP!)qPRG$vUYIC{Fk6TSJ|` z0!^JZPGBTfH-h`&>5}fh-{N~e44<+$KGfpd-|LY)`OZ99jq%sUU$pQhy;u&{rs*v_ z`|=iE^{p1(G$)1^wD4)!7T&ZfhS$XK<`}*zhMyM0g&3~I@JnL&H8K3g7``=z|1pN| zYT;93-#~5pLX7{z7T$D!41X_%e;&iXZ{Z70is4gZ_?#Ht6vNwEc>0rDc=atUd_ioV zcfm7b{9+7`#qg_R_^)I5EioL=|MnJtajabz{7Z{}!PjE=ff$a<|E|T~JSB$b#&A~* zuZZD`Vt8u|$8@s!ni&6349D6&|GO>z{GY_|Z(Ddldkn|M!h$6&{^sjjc)_n*c=PLG zIHu3k_89+NF&wkK%`w~C{H2)8H)41qhJPHxu{vDX+2UWgu!R@L>U`nq7QZW|w+lD6 z_-E8x_`=Itc=h{Q_{=+7_`+CUT$qdTD={1!n-|^~Pc z?2(>qzBDpY$k*IJVXRm?Kfx?lN(U>s;q!+}BgI;&vL^2+Jbl@oE3$j`?!K~nvh=y> zYOOMwucfP{{Gs&O)k9~cpX-FFZS@cZ4U>%n4T(qCUn!NV0+sxcq0-S@O}J30lq%W7 zqlM9eMU9cRFPqQh2R&WL7m7y;ErGsV{?JhApkxP1m7}>ze>OKn31SQlWk;(8gCn_e zF`KWSXq`x>~EmKtjsSX<`R)($CxjX{d zYAshAwKAwztvFmLDN?|eacF%W?GfiBv=ELoE2RujZ)2gF7%X9 zBc;hSiq9ANn?eVxrK}kvwGdYB)#7ukB-2f4ja zW$F1m%^8zeldKp??^a|@*7(qX>R@re`Y);iMqDf9OG8TEtWLpq$`JZ1RHQ1a1d`c& zrI5qcMdzul?5k<97^nCIRM3~A=$H+vtqInsH@kABFi@yu`$ntBWNucSCIP$uV8N=5 zAyl&EkVcpaMRwclT)KR?tg6(iO#|yIj`U~CgJ$m4!O>cO>8K62TJ=!DI{!KO0P@nA zFQGQ3JhT0UTtB)fWQR-rri#F?6w0Ma%@4|8#U?*Gg6geS>L_1vbw;*7SIenh47<_D z=<)|Ef!bM9@)p-u9$?s%uyM=2k{>ls)pAn#>_Bd~IHbDdZGcHG@AGLP zvd# zO-8;{I#l$<_m@U$`BM2~y9t#? ze^a|7qr)WcE5y@dI9^|7_9NbG(Jh&&1$YV!d2pzR=QKD{7^}H5gYbwem#Wob-%uf| zj;cBJLUCl1HQd0c8}-!Y2&iDs@=f0Ca1q1B{H7k#=jmUYM$i^B9naQ8t9C>KG@n&% z3M1x~>A0gzfGvF}jj68Ll#$V)q3Wb|v>3{_IKq@F|DP{oy)e`{M?;5_yT}n5tqzho zs+v@{3B%}su7>6iYxzW8IiEd>PbnSE=7+qyv05|9SiXMbn{QM?o7HhSxP_yKT@_mt zM==39bJebrJDP2=AS_|7k{@icNp!d=!q`TkIGKJI&4{C$11FjkT`gA}a25?(k4y#8q08zDNYrGCi}j!i^17hNG3kSXtKO z`i^Pw(08oZKW2(%IACo~KC|Ku7DjNo=&;Wkzfv5*&(>TnZCyy~ob@MTqJ!gND6J7mt=H_PXyHRmx`7%LYmjP-%h5nny4fHm$2e=Wb68yumWKM{&|9&dtO8wMi6vF`GCeKp+HiTuVakOO7KhR7St%Trb(?oal?7KS z%WN6al$#r35tif02r2l06_+T>kc2n^*Ib0zNR?%22v(W7{7BU%q!P`7uF{vSl$c%# z&5`1eaewAq%S`rJThz1@KDKm{w{fgTvLgd*z-;{^H#3}L zrXU<-7E|cGSv0+8amFQ_to913zo*;ss#@&CYvoEV#Z)w85I`Mjtyn0!m@F|jSOUK6|K^Wa^@N4MQ6C;$%=?8x>K zEb^*ayp{34$8adjy=@O2&2>UqY8t3#Lnr`QpJr8}vg3+m^{1`wO!D z$Si8nmZ>j0Y%q(x+agj9q*i63!7OtldDf*)=M|=RA#yJaXj<9JAS@O{?@H zChB|*%;t#$?bR-hMVbt?a)e^ET)|BZCyXeNMV6`RHY#BY67vkUPSq}=$XFZ6;o0@@ zPOdn>{wG&;TCPaD3Vnt8a=3py5KCokw@i_yRjZw$(UD5wpr6F?9*7&aY{OoYgGbeJ zAL1QAL$Gu;yU-&W zZ?G{m?~Kw=%|P;%9M3iJNP)qIf}rqY?u6j=6}@KBJ?M%yo2Ko%>9-Duto=S@(N zRX?#+vxhWVu=rt|?WoSFu)5*Vp<0my@~`517gih@DB-Ac*>bJI;rg2ZJDK&k&P|94;r&^K-DPnb4+}4**FpCG)n;^Gg^4Af z!ySKd(yV%2Z44r^+Y75mkNIuhdGP^piWT92uLeWOGC zw@_o{s!kX1FILflpO-9$Ft5uo_m>WaGe=HxTV%=47g@7^^jPKOuU6_W1t(%H@Czoh zR7>mQi>Dr8_lebL&x)B1 z51HXcVHn~$&Zo?Fha*ruRvoBjZR~UGWd!Q>y7C^ORTGW3=DDI)lTAX0jQ#mOs%+y| zeS*%}L~}kmc34#fm$#pjE;=x z96+agHglM=-BDafVI;>v2kvT6Cu;zdfVZmQ$~B%fzcNd+EU+4mQhtrh*ddJ+wWvUG zlX*^7;Z<+$!8-=am6|d&S)^Hev=gDe5k!T4m!dYfJP(rK zZ!5Jv_6)IX!huPvTrEDej`MRyjPfT)j5T`BCU^NCroN`*^ao4c&rwQ+*~NU7OoHY{ zE<`&bGKg^~4)=K?p4)pMyM4>9tvk2v&0fBH*VX&4+O{>$+p=r-zU|xg##!4AY`J`2 zoUv!i)mNKKP<_oUj8vEabcR%`m@QX1hhg8v(;xB${~^C#@>?4lNNhJ`fHwO&UTI*9 zySDAyyY0&C{#`qE?bx?t%TC^IZH<^j?6`X0w!JOR{#_Ao$F3_Qu@xOdymZCkEx z(OdUlb=A|{-hI1vW_Rw`^;g+=X(!++_prnX{=@r?t9J4lY{yfwyLRu|<|5+qExVi@ zk6_XoD0l!Ll;!FI_G85zD)l{^9lMsY{M{a$D`QhDI}P@J{1`o6W+%k!m0>?qcxIS2 zcrP=?8P*7IKgyb(T^T9-1_#5e|H>=_tHp?c6U2Q(o7*s8YwO{h4Sbda^c=@7`O;v) zR@O}pb;*kG$00)O8rVq7KZ&CH!_-!YH495>5G~3%9VyvzrZnJJsRKv-LF_0JhR}j7 z@3B{3FBrmF$M}7+Cf8BitJX`bWF2mCc+|UPkBJ#B9g&Z-t(D$jFtK@`r@a;oBCI%8 z@$56$c-wo2>ah`CS+P1}HE7!k^@ZMp+G^yGe|OaH4zctPDbzizBysRj9;_T~Y6t=h z-0Y~mbJghtX9QM|Rj@EAA`-%b$}`Xge>m%OdRlQM{%0~fv^4ju0~4H84S%d7(XcGg z*t4$pPP$4~LwI!5&o+LP!$!Kq79eV;)kG#WWN#s?UT*8o?AC3v-RxFum@yw1yx6@= z1|LWtnZ0cH{#{!m-u_)kY?Y9zfz{bWVKx}%2C4OE?oeU0>~g9BCj)FC*qP9PeiB&A zI5MIAGJp7-Id~CIjFeb3O=d9=m|dDeoEMabIX0>c9ix0s>ijNQZ*Xk09|lm^p#-j8 zJBE7s0Q0T!{_$8f&vAy%AgEk);KYC##XZTJGA4&}$NV-u(4i(_$zw-j(divCFI)ZA zxw92%3*f4bpu)aju*m6}$H8Rjoiep4vXKaLblx9>aEiuGx%mp%cP(m*>K0Z(dJ7w| zSQFS$Rc=(LqyDreuOb=UYG)q#QAKm6%AsdLS%wr^f zjI|ZpFt+gpcbJ1jx|0N^c3f~BR#3rd#Ox20w(WnluskbQ0p&92X@om$g;}s@FeDpy)Iy0EP!gj-&D0RveZ+ns+ z4XZ%T9TI{`Mi3k*QuBfAD7SeqULu)Y4KSUtCV|>ZR;J7^eflArAO60UZg1 z$=4uqeiA}netCe|o(C%tEyF?0_xjpr$s^koKaee`*r@rG+^03MUPKe ztKyuUyRpnzl5GcAaANEOp_hkPG{ie9&;vTW34>3cW^nr@puX)W=%E86PN?_n*lJ&6 z5jOF@D`Ui-IB|6>;;JnNoT+?N-pU* z=L66(g}}ZSAXHk>l|G#_GwalJ*l>{gz#Jad(_SoT<1He*?bpjL4#8CCBdm8hXl7X+ zk&@GifYKhs;w+s;v>5Sm#k8c?HM#zrMvPx)NydMz29mx9a_sg7SW9s3Q$DDA&_EAD zz{?g`lUtyfH`>+cNP_bSeH5epJw~BpIC45@bG%!7(b|hPxX$80y1RPlyh~%B^R2ND z9PCS(^zuv6TdrU)wQZk1{Oj~Rm)7aJ-j=1$u2s{Qr0v5SzE#i>NQfcNv!38{UtX(P zT1CldLIRm4C*hhcb$;Hx+JD)|2ZwZcX`nk4wN2kUo^@_|Z7aKw&!kMxyOiNe&U{fa z$_IdW`abD-!}{)SK9x92HRMyQECbATLN?Yh)9$m#R+?CU(YlM)xz4DL=Ur;=P{{B^ zy1^;5Qmu`rvX|YDlgi?Jy0wofO$P+mtbOJQTX3Q(G{4yi^;eFQYw};s(cauk$t@ie z%TMuh1l8&xMp}%zjX{GqvadzeslJ1hluw;b@cC(r`Ph$5n{g-n*z_;A&`k*w-Sqf2 z>Z81os{7aV$Oc?ztnv1()-}byyi4NWc&*X5N26<+-xrZj=%{rY9#fKO{=Zm~r8#ja zu{OjzaMKg)*zYl42N%mdHs9-;;AYQF>Li^OwvwH=lO*#$F}S0AtSckp|7UP_wlev% zLpmn=7YyW>w6~T2=J1W><1OL8kWX{awptnQ^T!#qk+2`Mq8>A7i)DSjSj+txtN1fR zH~4T$h{ob*V!mib#V3qWKVifa^S>|{J7d}ZPmjPz!RK8X?+rf!y(TmkIXEfQ_y`gG zYce&Gv!2Q!EjPj^H+E*Ft-ZdN-ehlqngnmO{I?X*3jr2p&6fl0uQ_&p46UKN$|6(7WkXPSx1;PdDqURrVb;|sOdF{NYns*Fz=^Z~!&=2?xF zI4m4(gY2Tu_&LBT<~i6=(|xPiTS*I^p-D?`2x~PyW53vT(MLb2NK@ z%Xvfeu^2}kdZlGK4Ev1Ayb`uIV^ot(53dw?^OomeRIixyrK!Hk;ls-z-ejtc&y@a+`J4)CR@8{im1sq`GRMW@qx_u`kW(xrXX zq0gx8D2DG?j`AXwZTr9wIoVG*mt64GfTj zH-5De2(4X95#ehTiShLTJ0O+DH^nW;+bV5Fq8NL1q|Ky%FKP1Ojh2%r3H2Q@-*#D4 zj~g8-dYBbb|5RNuKa8IGM?A&LPAg%U?@RJ_=EI99UTs(gJ{ZdNapW^xjunb(^hr41 z@#`I$PHzwK)jwa4i8L3&37q|;MI95cvg8~~nW>ljh~u+q`_?|Y&JC6rp!QW_ler$7 z(-9g`+H?s@{hldQ8B?e8$*wZT_R1DkD|z-ceD|vl!Oc{4G^Z$E{3MD!KUT|2cG+XG zTGC0IjT;K}=a)76bcruY^+5<-WR0XM;mdViO<`pbWqOJ1)(Cy?CL=ZiGcy8Z>F8Tu zrB%i>EHP&E8B|y-7yb9xBmzYv+BU>Aj$u~vL1oNpgBn7}JEvi3#X?#@A$%?o0qW@) z5vYuL#f?R69OJh%2Z^--rLo)`P#SES|Y#u7zfV^|M>k$BuOkdsjaG2qG#=F2w&F!k_dU8K@5Hi*7c{n7_8f`sTyV zi>vlx$sbS*YiFxpW%)g4BoQ%fza9j_QJkG4=>W-pkY>j3xAnZ5@-@)@oY&(f$+t#f zI~vl54Xn=obg~!TW9c=LO;G+VP}C?k0j3WxL6(kMsTc6^@I`FV6|%6Cfk zs~faODLS(c@4a+n89Nsakva(08!@)Zk)RH}LmCre7VuWfUR}oq8cxxhFTO+2*;mva zBzR|mF8Jo(UUyj??9G(zpl#c%?GKe?-yQwRq^NHo?HeJEzWHp@e{tIShD+6mzT=YD z4#lY=`UFkCUZ9em8~a{Jp9i1}MyL<;g}Qltd2c(^=Hp)cVTIAJLC7@4`I>!StGE6- zGw^mx&ia;9ADftven3b)=-VN$8X8a@?ZYJfk)Pu9{Q}zZpX6w6?2~QI_0OOgAKU!EMduPEXUopFK0eM~sD@XqhO0;Qjfc*x zacuV4g?*%9eHo56^v;a2mc{?5g63(GXDE?_Y6?V7YBB>yHJMS9t2Kv30Rh^9Rg2UQ z#UFaR{Tw|Vel)(7kh^0Q_aMJf|1dPaPj^q{4!>L1Z~xEM@8F}~vA>I-)$4BrMD)A) zZ$MrVqu&GOx9pZj^fwNMp!xd&H|p;vD1YegWBkdnMPSKBG=Hx^f4A6Z%DGLrJJ9@w z|HF!38|Vl4bL;#q0@v&5vsOEIui|Nk(x1iOAo$){;Bt(f2Of*jD!U%&>-jH+(1ZP7 zs!A_f@;8L|Pw?OWDE_7xt@!ak{|b%hZynqkqt*V~V)R1r9iBe>N|%}<`FjHW3jX|n z^l@)2Ug__T(MmrN=v!Q>TYvK4QBOzuwZ2ljb^}NY?Pt_;uJ$2(`y{B%RtoPK7ll7h&pRD)P_+-7OZl0|7)Xj7x8V?_M?TdN zi$`96TOyu+YHgr@=28vGZ;sKD&%|iuzdc4veou^+{DBxP`Q8{U`N0@1`Erbw{8)^Z z{Bcj8yOTeiqWBwP@k)PFj8^=(r_aVNAH**0?<>XZ&wPgLR~P(qZ*Xl>Vs?o?Xq!bo zF@MlDD`uDHHeA~(*F#dxqq1^YogG zYa3L1?})`KeIrII{XL#uLw)NS?-QPm^k=^J9C*4YXU*TawztIe%J^=(Ii^>mV|rcl zRo8Zh#`{{I{`?Nt_Ho5;_O$eVpY$H-4ZYv5_(*T){bA{S%*#vf4@*z=7(E9Z>5Xe{==KN{cXi&p;IWAVy=PmGrQ zffz0M-WV)babj|i0 z4|LR?aZg9>u`#Z;=q6oLPf@x^PwKOHzPEZhs=tjP)i<;+l@9Sydp0L%(x=|b-zB;k z{-3?tC;h3WNL>G?p(Dz!M?+`PsAjA9nL4Je_&gg@8FNE&5Fqh%BBw?pJKP?_1h5x=qMj+~ z=~LuCGZGBp6vEHLrw=Dx9f4X)s5D`1ZazIucO~N0-?8`|^tH7?<#6q|n}^~f`kP?> zL{&uV?`v6EA>LgKEnP+QPOx+l(a!)&2N7KctF94UPtZ3c=;&gX{mi@%zwL9k;$|~VpaT(aH3*js)G6pt}?F<^;VxK_5uag9&;p zK_5@hHznv>6Z9Pk`kn-Re}aB6K|eZ~p5Bq5yApJFg5I2Q*&$hht3M z5&qBfo$yl&$wtv9_&!Ik^<&>`w4@VXV3}MG@2~vd15C)ZBK)^^@z+#qhKBeQQ7@_Z z3O4p;EBpnFHN0Qq(^R*ndTiLj&^EX8vdcDPH~C0CensiU%W*$m`Q0H=RKCWNt|-0u7jQpL`R$6= z^@tCe&nUeZvV+GfU;a>6RDQI-i_(iP9X(F@Q8(E-T=_&-lwR}#?#C;Cdq@zKAIU}O z#lM?7DnII7w_HN5uGT1T9ht|kMfAqKZF^T zAH|0-N`L&kL`1wj4-gmWB{Ny>O$P$KmQeQV|9o?+zN%kre;lNn!K*VK&bYYA@*rNm zY~u0CKkmgl?cFG$=A(M{hJ*T;^X@I4|qB^KEZWU-81d1PibZZ Jp-BH-{||XpzTMN|HA`1qls@vaZraXTt zlO(6|=u;E?^Vf5`mg~OBUOr;-IS!;hn5%L9$xi+h;mD*heU6hK<~Pe#oP2_l%bR7L zBoAXZmHVdYS&2z`^MUTZY5H*{>uHj#@9Iv7N>bQ7(aG|cg^JUih~D2jdhbv1kdH~p zEN4*O9Ky>cQ_$%7GVX=Ceu)n+$#O5AD2a5|{r!+>{$7}se!rIsvwQ}2-tXnYET5i^ z-phLLqJ4$GSz4bjS?C3N8wU-%L)BAGXG~+lY zx9jukmN~gypHFgPa^LIx{m<6t8Goie&-gR-c}A)}r^A13sy@&7Gxd4KpQ+C?_O8z= zSJ$tclq%O5zJ71+{fXY3 zYak}Cg?(*Ik~hH@@;pZ(Z-H}SBJeI)VfDaw!Rz2A{AqZ-Y)IVKf*$?>e3|q__GhsC zCPeNj_y{lyccB#L-~(Y7K0FuW%D?!oP!ya0`Cc?3MA|l!5$a;i<6VlY@^nZo>27*UB$^4t%X_4xvnq zoA3tX7CZ>^3O5*UgI%6exo(7CFTe0xVZFBpeh+*p+?<+peaM(Dvg^~vuY-3PUkiWF z_`0dd#7B*{6V8+HD#Fw&1eyIQ%O3dh|?!l51h5B@4e5)_do{e-GaX=ipDlZ-ATdm*6Jcf_K9=!3o3K z_hI?X!H>di6TSxiYxFJn4e(oJPr=>{-zsa|G}ic&_vc40ncpsIy-|e-@a7!K3;PL$vC&{MsfyVy93 zwBGEgCdtcC0TKEE`<9I z{Af%J?)e6HTDXd%9QG6C|KsS7cA6yl9ISAaKVLR`$>#P~oq53P-HJ(hBByuD&kuMu z%W0D2@rZv9>wU6OAslBmQ{dy_oXOlW!M`}zi8a1W^)Ku`(d<#Vayb_LNv5+~=2;#d zk6t!<@2T*d$c9XGah{L<6w{vzpK81mKFxR)jO$kV&ABo-89{ld@Xa~B@>6>6%{_5? z)g9?|t+Oy+=pOrcN|onlp6NE4&FRRSjOW9fJ%_mmNp#J~)$gl$wm=Hp>)|s!CU1ck z8ozUI|E5hc2L&R(r&3_%T-+rp-oYWe{JV>=W|{KiaG1i~4`b6VbHB=Ent=XX>~kR? z%z__OnPA6DT|4=f564+Q3ajsz+Y|AhU|hHA_5|i6;=khOU|8j^cpn4jxXT@HHjBO3 zwo%>_=e7%RI2HTw-m@ZJ7V%3h%q8XF|G$l1W4qi>jn!@*H+%InPZ+-h{!dtb)ejy_M;!9- zFnA5R9M?=(HVQ|Te=T>paE&q?Tsiwjfs>+PZJ#W}78u~p4D0uvuszKUlEQ|T2q&5m1UmJ9_x>d7+fFZZfsWyGe+9AftJ@-lulU_(DY zF-rmV!5VwzHo>#F=eRZ-w_v5k&Go26TVaivP59NY>h>7?I=Be8;O%e@P6+?aW}|n# z)i?*=X50h67v6|@6TTB3fLrk0a7Fq_N%Bc}P|SGnS$IfHIeY=G!a4HkD{xJE=KdNJ zRmZl&-$5_l0Y7YfEBq7VG58m->ex>BH*g(p!M}$`;N(D(gFH)2#hMPgxfOgAjO%`d zyLI|wwW(K{?s&7wBcBdaByRlC;~xFs&PKnSdsYGt8`owpM4xjS|5J!q;ZUEFW!Qu^ zwHoe4NA?6qZu;l4m2f#Ws)w`TKG>xTz7p0L(B!JaecW4I$~V`Kbs>0{DH)(TC@A{_ z5d9*2HDM@@ip%R^wGX))jI;2KFxfkC5&TxT%w6s_<0kxG_-HA4*$0iM!k;kC!uJ}_ zgH@jD7jp2I(Vq;jh95NE06${f1OF5zo~~a165a%lq2B}Jy03IMmv?UL`V;yvpUV*W z)9m>qSa~Y9KaA@>f}f*c@?c^PJ{8tnQSL>?Ie3L}6Mm&}3$6uw;&WrLhi?z|@MnTO z{B2leo5k;ArU#QJjC1gl#!dK-#w~a5xkDO z+=Z~pyv4N=Ry|T+m%+I1&HTK~a~IKc`Jo56%rxu@JR@6O9&Lh${j+vGXdw@wSKL&t zSHr54D!f>dgJZzO~yOmTa0goZ-eDmWqgNm3;uiKark4f(y8~w_3~cyD*Gl^ zs6%70IlQp<&P5p{les>Rz4A1SHCxfiJ%E0cdrpFP8TBdVGTRJ@3YOjlzew&qR{(ks z;RlyF)C6uCs*(rstuaLIU*KyzCQrbG?b_y(@T*O4w+!pLXls;W5Vs)VoX?*uQ8VW>tT&S%Fj2!s-IadbD7`ZIq=^apzTkP)`Z`WUOWbW6joo{fg#{Ujy4)K1Uf)6r&8lGwV4B?*)zn}2ca2COOulN$PfhVjro-i@#dWA8SudCmf zfjLt%-VgmYWA@IvUTeHRe53Ic`0d6A!0$6Y5dM(yLGZoC2g6@8J_PBnFgKvdh+kxK$YmPkze*pd{ z+=At(zLPW_$-T|rl8<4dzFO|na2T^CWB(V|EV6k!S5trs{oCgW=N(>^+z+dbM=tX* z1dSOX{BK4!+T+z&lH>ZhaTAsc;r|BxnO>DV39GDw3pSIcF@Br!K=?Z2qhMT^Ls*Zb zs3gg|xl|qINx&(;s4~voZuevHzs7hz9H)(UyYcKrk$xHcUhH$`hg;?jV_x3wf7f@O zySS)LC@zt6dezNXuk=b@%X{vOj6Z0+0X@#`Q3w=A+2_%#{>xoy9MT%X+=5>9O77JW zOAa<#f4TO8?nZ0^2OI2?cc52Wkh=?3+T`wmac++5h+w0=uFL`Q>|N$=12W;DkXNA& zgt{jER|)eLid$>Ce}+G9{=Nr)0&a5s82%*p7T3?=1>7}G{l-}1)E|tS@FXT|vT4Bw zz-wer+zvNx!p8(X5u6kB@PeQx)6Wlj_)_>E6b|iL>!TyYwA0Jbi?eV6{uG>p+iMKC zf?n--3~m_jgs(NfE%*l0kHc>@-UELCz81d;YvG;7IjxJ0oA3k1E%*n)o=FDZFZ}l? z_?ci2A4H)m&Mo)|<8fH)XxHCR7DuC3*-nK|HJ%Bd2dkK~@P+WFVU^u-_+D5a8`c@; z;Jk4YuE04=TJSZ-fn@L}-R@tcK@Hhq@-n`=B9KFfF>e4+6o zconQX%)zfTUJaLwd*C7C8ax6oRh;4LVCC%?ydC~WxCOt_xJlgKY@FkME7t?q=-bg9 zF#ox4M>~ys(0>}Pq1Sh$FTvk{TktpGZ^G(Sz6<{on1g==zZq`AKZhTLTkszEpJ65L z8MDd3U4->5*~5px-jjZ-Pi}ugTE(xcmYgMNejNfcpP32KP10Lk%#aC zFbCIQiS!kw&%vL9e~Y?xV$%Hu zSao0*`hSFf2k$;HnfgQ1kE8z;{3LpPAo(Nw6qtiGq2M)16FvY|KDXe*;HTlR0rCu( zn@tkX{}FD&C&Pb&Td?LBZV;ct_dN7(rf<&WxZs?4G35^bHQa=Yu&Wzz4PHe!pg>$g#tM&<+@Gkgm za0~u{adHv+DX{V|2R{uf%w-oPT@$FU;^pvxuqzjAj)C80!RNv6*1O;p z@O$+x*c>BJXI?WkXsHHnQSRl;{uu*`CktLiIC`(#%Z-~(azB}SIy_|xetWT@h$l+l zfYrX_UTvI%Z!~VgZ!vDc?+Et9`+dP4R{yVXny~tRaSQ%vu;;y>4)*YujGORxj9c)d z!JeG>ZLo(kv~w3ee5i2?KF&Cq$aCWyd{MB6*9UvJ9PB4?W+m9e+k-v)cQCGduDiLP z%x611Wis(Jm(iJ+!1o1WSu!Kie<9M(jPzfO^hZYeFGu>LBK=n*{qrLI*CPG%J9=`* zk8dP9$#UI6x_Io?2=UtC9n6Xx*z9f*!bu0Ri1ThOH-&&a+zNuYwQc}3wt)GlkMpB zzARUWM-F}q`X{)zxXih1QU9y_i=5N{0>!@cKQq1J^ftmIQf}|@4*0kz5YUD5Z)P9& zc_Hg2TiM-(U%C5yc*%p@W%C$!1@e3Dipvznb(*nrJa^@8#}<>*cos4UgUr919lG|~ z?j5Gn^CJjg34TI28(_Io6b|op`-Gd({fB>?jKaS+ehvHwW4mQ^PA>2%5kHIadhBs~ zwW28w);1+y0 z`h#Ro;ywu<7jR_fw|Y|u;%vNu+H~tZht83##ZH;j?597vVLshX>(BvSIAn0-r4#_%-l3#y7y{!fqZ8lTGf-*RAl2(2rxUZyD#I zSL3=3{ZcRse-PHYa_}eN^RaKipMn1hPMBlf4_^T1;IG3=;3oWCc&Y5+hvAE4&j9`y zTvPZnlCGzXXTg6mJ`O&ZIjC%oho5JB0{jB_K&`uZrggXKfSkS$x_H8>Gn4dQ_%!U@ zS_64LJehlrYZ1I3_a@i5a5wiBR}Ln5$#_@NwZ{0zaKV`IrE9D4PvITLkHUD9%S;SJ zb$z$jIen>_0=(1s1@IS*PlUf?d=mUaW0nD3j~TNJ=z0o1kMMI`I(MM_ z>){G@unAAd(liuLu7lwt#U$zoSaHi`lCD|Ci{UxO7r!)}Cg33~Vz<8k;su--+lJ>jFqoH^|Jg7HN7 zLE}mAkBuk8Pa5wBcg^zY>V^-673Ti%F~(EilZ+35&oVv`zQp(-c!P14QKSz(sf&2S z6?it>178i31@4^1jmBf>-vKL6TJZaf^#S*8;~d;FZo=Pz=X9Zie+-`tC)Dq!;nQI4 z5B&kgbsvG;eVi*!*A5PY6$iNqS;rH(B}bxn`3WBb&rmq<@oV$FLO8dlX()mOVJa>i8)m3;pds(E8v@ChOBcC&*z@w+K4{Oy~(9L#Y-`1!4>r4 zU2wyAH+;46L-4h5hIeJL)4SfuT~22%^sbf!?=nYYFURemV~mgGezOn5we9!9a-ZaG zCK5BM$L2Cm!C&S%ZQZ?B-yA~!6xvh{V||N04%-&|pbxkE_$ZtcjJaXy-3y}UY9r<{ z{|-Mw7?Z3I`neA;d5XKtCeUGIxF5!ycqJ!sr+Fm{{oSQ)F)X)&yZl_vU4AxlpP&cc zWuA`Sdx|l3?Krym4YsH9YzuyI-LG*s_mg=h^8X(Z|32bBMEsu-pV8qdf9h~X?ZjMW zVMjm3CBQ$(xQV%Oh6rEf-N)M$C(v8Uy7dR z?%PfrADtUfcsXb4?N?fO`+C=^=w0R|vl`th!l!F={m3g|y;Dx-A6^1C;a>EbC%3q+ zgxAT2s}8T{t}@$d+=Q=zui@U}dL4}GUIX7~ycT|&F=KdenIEDzm$}S%GWqsW<16eQ z@-L)Ge`h4O(e8@(T^9ZZ_+!SG!(TLRIv?&Q^D^|`LQfw(@o`iS!7oQA_b{A?oA6KJ zUg^1h2^YC5?R(&*sFn7o;S%>Tu8A-3eO3!T5O!k#g?TvKk1h*84?YCW!6(8>LyiJG z6)wX~cmezdg+GxwA-oNJ3)Wuhb?94@s0*;lC?Uhv8|UC&_$q}1Z-iBLEqF70HLSwF z$~X(l5f%6C@mln+kPYr8c#Fs6tuSi02G(Nnm1bj)GxBpgHiYBq?FZl2f7R^A;cu8;5&9Oa`kICR1+FQ4u3sBB;b)Co@RXChjS_p9aSlEf zW@_x_r>DRTY+LBhHCAF@Y@CCyFmA#+&+7UeSZ5oD@vBVPgv|(?gB$P`xCvhkZ&mop zINYf0$?)sZzbmA_;I}Q$UKgBqQem*RJP52z+7JLEh=Ab-VX7(-krSNOHE3;k!zYfm9SDH-| zZoscc--54#HP3EQayP=)%bvu%1-=1p!f%5Ww-$Um?9xY_x(im_%)$4w4RAssnaezi{7dw>?rY&EVQ#KYiLaAA?hj@Y@`dP5%%b0KPG|l-1$J?h2k$cT zF$}!j!a|<%vkqr|2`g^g+d+L&GxRe{!&cz{z#uWI(lz5;{76iyc3_y zJ32h&ov^-n;r4UC{wMRU$YyR7&KP=q3&T14*_JNF=PdXk_lSKp_;ze_CUeWYuoI3; z<9m3nv^c@rWsd9EWF{G7=Gxp6Z1(56{}flA2fm*Na_Q$s&h^jlknASR9D4CMyxe#XyxLeVd?~CrOoeq;^$Wy# zCj3hDx1i6#1IA5w8+@uFs!t<;LpK$yH4jpbtWt< zM81mt!wQFq{5N6xIQL!n`|#s%5BhOfY0Xz(0m}DsSm4 z%w=4C^+INm0y91be$0nCaR)l>f7~s6taSBo-E2Gnj~UnC4;zod_rmhqDAxgsO)n1(ceFad*CCn|1|d| z*U>QDpF6*J5_~T@xzpg!7@q-u*7#ibFmIAv2!G!6Qju3~40|u{Qd^b_f8R6Ji_S)Q zN;P)*CiTUHPDO=$_IvgmnX^} zaSP8^V1JnOygcMj58Q{|l^0xrmCsbuz3P?1RNQi03RAqAs~rw(&JAZuE8!&Z*!D%U zLHC@qm21uOdb@MWd^xfwYR;W$_h2XeFmXPSrZfhJ^vdit=)X!BP5905E?Dt@yKxhK zKYSR^l|OgG%7=0IGqB71OtRlsV6|oD6Z@;rl%BsI?%HiO{4LAmADRv4C-#2~R=l$O z>@m*4zlXn0*gdfNYBw$rjwW{E&2YDI9ai5ieIt`hxP~!K%)c+vHPvjkqCe93D)h%0 zUk%SQeif|#Tz;>C)o+Vm4PRh3uYuRVDzheW%NuWp`{BdTkHHQ2aJU7(+ISqk34VZd zsj%M$e*@0J?}xt$H(~Xw{{*+-kE3_xM+N!3aSm3Wzgzb3m(dgS#KQ^pL0ENI?uTCQ z%G7I;%-8T^&XzIGubVzSj{QH{bN#KD(jMF))EVB9{0bY>cm2*7FI~Sk#-^)_iYFVQ z-?hIn(d?RPO#jj~)0j5dl{IFP*fqzv8$R8bsa4lG##7+M#x$)i<%!rlGzj9nEckwbVb9m{T>mt3$TL=et z@Po=AhwdlyZG?C7j5JO>6_wiIcg#S2hq#GeecUQ}K~^6s))=Y17L9*d_;$i^af0>t z4K7abhfJ@2$DE6w{3&j_G#A7j{4H!`_7C{sPEj+5HGjl0`AnpjET?|=3z7bx&0gU? zLR@if&i^%R0)H>!M#8*fBrie9f5AS_vr2lZlpN@D}#JeN@LB#(W z@vkF(CgQ1!I`2Iy;*%miJ>ta?uZ&pd)kFMsUOlkRs|VJ3^}sr>9$4qq1HU2)Q)jk= zz8vZ65!)F=*QTzC^fyI(OT_PscxS}_5b+lyejwr>Mf}T%b#^zz^VvwRv#&vaz}X#E zKNa-agAA-arNA>I``Hnn9q}a*zbxV_Bi+`EmtV0ozwYwY zOY`|;cw4QM3>HT7rJ><^xztEXTcAcVGSnz<94hr?E7hTm?k6b@k0!&#TE18v8Y&fs zlYV*G_QF_It5-MH3xh8ltPYijtM$1>y*GQo>WlKL*Q~mDc4T^LwlQ2EDGp~F)#9e? z$&F2OvR5bj%b+~eU(KGE?XC6a>*b-1y(8R9jZ%F}Y4(Xea`-J@RjT&Swjh=&%5zT5 z&YN>?vVXZhJ9}0LXRkm{JHJ-$BjkL(ccfeyE)V5<8(RytGv?2pJ#xnUIeOv7(r~^w zQm+$U9^?G*#&X~6ISMv}c-r}W@%t?+!^g{#j^ zltS{pv5A};Bxe$+A|3a>dbQRN)Qejx)vbkLaj9Of*7KW3N+TurXcWJ_`C_3s;N?=W zRNhkR81xp3n<~|fvhA3SYEDd%7ZVdHV5L=~pv2|fPvHkwx#^!u~rLfT@ayXTet@ZM7 zl#W`dv?*Whck%L%YNeq*>VP7psFx>y&A7~~tnh2atR4&pUj9xPS$P~g*6 zFIRb&OWk0h?y|n-ebx)ZE?3nCQmX!X!M(a(9U+>WHa z;w=Gzosut<3i(&6E2~^2sJ!`Ny;Pw2N-h#x)vtDqrE*HojR^X; z=y6mBmDZGM#8~XoHWQ&xZ`*}Skq_2nG2CcZ zu-@`eU%ocrs(WK#WVo-o)n{^JQ^^(nRYilM^31_>*kdKW7dl#jRyBi~mTE+}3!yOB`oiW}>-_5<2W(N!$fS}N8+ffA4p z`J}Te^trhDCeWZv-9z6i_}IwUa$G%!#4UwN8ULmH=wNwR9fk|AQi|@G z`nv|DT=4I%7e`!A)#;>)`ToLSxuUofT?11ziawkUDMTlgYg-mphs=D4j+DYKGU~`r zZ*_!%=__r?m({w9c~wXU7`pqGg`~c(Pj#!9M<7-CMq5#=RyURX>-(xh!^LWCTfVon zv8=)^(k^`WLo2J*e0M=K_o?hesT~eoj0;6Cs};(1y6Ol=7A|m4JCWF6jFZh43yRsDalM(stR!r5vCO6U@YNVEz_)ltzTx^1-9f!wg<@YID9 zdgWq%D}73JYra_V-HnSigNzH;w|v((%A*_A>2l~6wr)-u)J19Z#4vGPby6>E&39A? z&SRlo9B8ZYw7G3U+a^QlWcrdYB91IFO&AoD;X=8RsD5oN&;hvdI6pvNLP#l%^O@*b z;wpzDS1r`7jP&TCGG_VvK|AnyD2v9AZIn2*#c;$d>$M}!8=>y@ZPo*g(Jex93Gt#XT=Z3$DHM5BLP zn{9SIP_6XE=xeclnFS`j)oLZlU!Y$X^zdM zM@olG_vbp-8iRe_O>0F7bM1!4UrkJDx*DJRnfZ-SYp59-`Zo60piNX3DctWSr5;Ir zU!HkQb;M>i<%XZ(FhNxZOS`uzQjL<(u&idUUV*NZ(Z@}l)Y~M?NAg4ctSH_5N8QX| zfsumy0Hc`hzBdcQd!Ej?N++weg5vL`WT=XH((fet$&$KD*8%zj_tTTPsW(F)5iD*i zR!Xi5VJXGHSYp9j9ioC#5lZ!jCOmX8`Fw2?BL<7)@UkE$ERU;orj7l{P=9{7u31{S zmT!y<4)We=wVJPPDr`$C3v42=)!(<$Of@?u_HM?ObQB~Y-(RF2sP;5QDt?LJ>yk2} zNZ5&f%%_jrmP%oW=@ctuhBnKPSm%8(Ox7wTnsj5US5#O^S3C|eK6){hUO`bgqoW&U zg1L#@^EIP?8~Y6Tf?~B%9T>xiUv!hP{q^c#Ti;hI*051IiVwR(eQDn+=g5~>lzXrr&p63TdVa=dn;8beeLi)E=f+F<3Hsy@)IhS=9{|Q zGJ!pil52kIwJG{eJ*@Y-#;XCE&S{ITe51%}wKzbnq;1#eODJ+;!EmWIU*0(28hxeY zmSw7qeI?cXP%VbTlBqX8=rB)xcaunUAj1s?8meVssK~rD(SC)?cM+kN`ZcWg*@6NC zR~_^Dt?gRrTTCc?HO%&o1L>urXp*Li%2p2D3DXt2slikwGO^4wRmDam+=RsS3~rvP zRYaM#HdLTz*N^Yy%KfZ=3XMe573Hq(K0>_(x_^2grpj7wxr}tV>SE_;WT;-+=m&9n z56qpm=9;|*2TzS!sYvTBGO%1}7WFbcrrX`H?o+!t8@Rpr={E~4|4cHZbnTI^F%hRcOYN6Cyiuh?jz?(WD@ zL|vw;hu%2ko3!iWUGC8o*&Cwy*VN`Zh?d^BFw|F}2^9-TsU)3|y zbd##S!2%-$Q&(3n^plSh>=YVzMo6eeAoZ1O&$W4|L}R1lqxfZ}w=R+YzU6^)9>8K0& z+Hjr8XN|`I`v%NrL^OJTTj(E*&Og&DN~O}GdGk*{eJ|}c6<{m2+d%mG2o_Ini;vaMejq7xpqL>UEK+FgbHKm=L}TI^5%BG zZvDPZyck{wSpPTLk9+G3EX4xd5y8-@w_8s;oiLkL!?IoqI#FW6^k;xMr&58*vW)%LIwA-)00 zLcdB;8r*UPjoaE|iQFdF_FWBUcqfW(W{M$obmQo@tV|4_eP^-CMqkXUZ00=m&R;gbe+aplr=YnEP|U%zts%H`{pFJ8g7x+Ou$ zgXL@2EnU;mtX~;)%U50;%sR@B;hLo@mM&h~k(aE$^wP_dHS1Qc$gfzw^2Pc1ZTrwF zberN>|Ka$gbOP;O5qY1=sMI5>Rq%yA-PfB{#EfYlur;g5M4iv1(u;t^P?8(H|tX zBIYbisUcES;Qs)~AfT@S)qX!q?ceG*Vn?uWL@v1LJ@wVc3x!zo7{5-|;5tJ0s`(N# z*@SL!aKv}Zo_R7@-J(9uEv@tggMrQWd0K0s2=8YW&pLyJxBKqU*fzu`D`scR2Hmnk zWuXtdZZ@*Xe>>_+HZk=#A1WSZl63GP3}%jQXfOjBZhpjlq}A>Odj#%9E`p`K9t0zL zQ1uL?!Eeqc+C8l&)y8Jqc~cQ-!-URinEqH>qBbp1+jB+lJLv{NRp`;lewOhgY&KFP zZUUlox|pa+Roqty7q4W=iu{tLs=N6m)M47ZDfm`>fhxR-{$bvI=ncB{E3sH2BSnK+ z=LQN_2W@Onwr(wKDvi{Vf?~kV01F6KCM2K_4{qRL%Y^i+`lDyh!JBwtsLG^iZxs!J z(WPy~enD-JZKHZ+8}DbQ&aaa71;;J+tpV8z#kBhDXz}tls_!u0AGbA%Y-eZ>g2;sp zCmPHM-IID#+T>tin_s4zY%#GZkJ}mxyLXJdEcHA4&hC|N0^HCRl&uQ}%IvOrwkk{M z)QC-)g@ldKMZXQgE*dN4_9tLpv}9X|o6Ums6*j1t6S%Fa!iaW9{ccTBucUP=ot;Fw zj4t&1okE$1vhrz)G;V?EJ8{aV>iZr`f<-Y2?^PwE$_3Glhe;F`X{~67h>5J5&Vb;eRLiz6qT0SYFoBu-SSHrlvl1=vvlpc#cS3jK@()RC1am#9EWkARE5l6 zv-;Bfnx!xC15yx{GukIXSi64h>ZL0g^UZSc`gN<)I^M{jaQXj9Sl;JwJNW{sV0oK9)^g-c1srK>Jme8GyPBxW5iS-pDI znsvP7Igi(`eDTUvFI^cPT(o?{KCIl_q};2M41V@bxolx(sc{436JlG`ET)l2<7q^j z*Th?r3!(kYOVYbVhqhN36zQWk(xWqixlh>1pax3qa>Z#+%Of@mWZxlWm{yo!f0>x~ z=SR3)55`9%SFidR&e6G1zCZ6jq7Ue!Y`?YBe(MnX{holf1Z?nih@BsVuvfp#@uLDi z%tSN|huYuuwa!wH?1uRMd`Yhj$>+_zniI?3V1&as8qWGzuog$$2=5erCg9RANHqHx zIP2T^E|qt&e(9R!>y|P{yU41+(sjvRD&}30ymlFNBvvrHUB3R(ShHdkH8b+EbORGk zDto_`a)n7lTu>(WYxBk$pN?j@<54<1rn4O-{b<989qQG~m$3u~hX zmoDCrxGW!0ZNakyLpggZSRzawKpuO z)Zec|TU$y_>UCcYP!|S!%bKTLNzcd9QRmIrAf^gdhuSjB$s($@?AMWPF$_$2&(paN z=xY<7-Z??%dTiFk?hA>VA8aBGWUc>g_X3FSOPqBIiY{|7|CLUHWjaWYJEXe9Qi1WY zUa+Z#?>}vpq187}^nHiHit3oxI*;b5d5XR=)$5JYX5O%c-7gwx2p-Xg18ADU&7BwE zF29oNz1nAH)EU-h!$#tRa&S<;?!%H6-V*F6r=S$l|tKagtXC(@yWb%=AASDoYVOmx#%dM`*QHy6NRTQoZZ-T+WFCu zzqvY7K;z&fVF+km9FY6!OF;Yb=AL{b0f}C$bE&~KJjAFSCB+M3etVY{+|TtJm_5IHQ7?7QOfGn=DuG2oMbHw z={kLZN`zQM(QpTbURM6^rz}2bG*<^;M&`B;xe$(}_w+NK`zoK}|JkdYpMAe(|M<8o zEsUhOlt>cCw*6?YBe#2d+xMy4|045e?Nz7t zSBQ!h)hCWL)42cH8Ql<$JEI$f|I-=WP9XoAhS^RSM|`yt`j?wyWbJF+|FS(r;r#C# zQ77T$+GT#8LhKjNyy6nFY88y5YPGOkclt}dTIn?2aN)nGR&8(p$7Tx~o1 zoDi{XP#We4p7x$Oc;Q5LI_jG=*xG>;w_~G)txgLsbl*VQ0^f7|NrJE)&a|YxHO}gi zWw-J-U*V)sN7C10H)qv;zUJXct=Q0ql3KCuZ_(=+Cc-;799-d(4SOH{rS4-yb({N8 z#L){KUw7Qzsn7t=w8Tg?VECuZ4D*er<#?8a=|Oyhbq304G(jWVX(2$<{kc_ z`o(yv%(QK72f(<#dLb54?jaUG5O7^$5!62fVG6{Y`} zpuJgrdGM1q<)u5*phLuNBZ5;LTloyhqP4$5B;6k{FzoQ5abeQOa!8MZ-U)n1;rxZ6 zj$#hO~u0#_u)iKDgRZ@+1vM= zM5cJuDOyf8xkn3t!rAPkt zdr7Q#skMA!R(&its@i9A?S_~7-Me9TaEJ4hIu1b*xkM5bJGae;8ERROT)u>Q>ja(l zQYCf*)yxTGmNtHMCaXTGW=UlxKP?N(wX#2rj3+3xXtx|BaWu24ztu-wY{&+?^TlOQ zx#I4mfR}JsAOP|7iU9RdpK+rhjidY}$wr>K=BKvYZcyrGG$zs#-Mo8&hN#&ijnmGj zXPsLsszPgqK2IYSCrH`#;UH_`{(OmK*vM_WxY}!&+sn#rE^9arL6~vqO#Gh(_#KZe z{f$ALY-Z6&L(tMtXCK_YX~TVB@!x6&wZhZiT=}(Eun0=GZZ!kjl5+bg+DP#Svs^Rq z%UeFt_!wxN%4cF{$(b8lmYIKB$Y~EuJ6!fXN1s#NQ02dd*jGGvV#gmR4ED~*HmMuc z5w>>SHgaD3$YJ-8^E&RYPsm4Y)Ux4@?uW||L!GgVe@`AJP?z4}3llwyBR+4V{s3{ncWc?Zb+M=wpfbOgeTfiJ2 z^d~PnXPFd@aGps+pS?~I(NQd&;wO?`8=afcXL2%wwra=HIjQYNKK0{nbC*M|^o(`- z0X0Xz&*aXT>g%`G&b|f{vd%Q>(1kP7p9K;R%C_ROh6L0`da06r>r2n{9iQCtM^iM) z@!>v1(VY}+|M^L>wZ^9r_YR+MdIvx5>ug2-C2sWfzm_xpY5Smu*5`P4Co{~a`><%A z933~d>a2tIZYh0t{JF#~LFk(l~*WdOh51!JI zKfr_8b35_}k@ffJ^20x!;M_)jw{cCn!#|V!ey)Rd`oG_o{By3!pYVUfFIoS7|D0V( zvYNZ(9N|tMPm&&!3&=-&+yDQpgZ(t@YxZ3Jry`G<{Ng$M8@NySzvY*`2%d@LgOK%a_$WT#=lLl!yWGD~5ac6~`LF$a z2Ex2Zmi?kgmc8;l_?P{%NS3|+O@r`U_8THu_C1j-`+-Q7eJzq@zr*Au)Ui`e=yLy` zAcZgaNaV5T`3&ScBU$!4BU$$MM6&E#ku3XNku3Y&ku3X%B3bt1ku3YiBU$#(m`s$t zTJSP*UM)G9jnI>Pt^Mghy7n9$F zJo#0Wi^=aso!;wcLc^Y!l`yH>edKayu6hkTSg9eF%uAM!ES?}?tv{+UQt_=(m3VBa0dvY#5s zvY#2ricdC@WuG(ouU<&}E17oxBY7tB>gf4&xC17KcsETB@eb(-@x0TXhj^+jE6jAb+s!V7J7#hSH>5wL zM{Ofc&+JtEb17M6cNbU9|2sGM{>yHH{^g>Sd(g=f+&B}NA2`my$ffNDS0d< z?@Y<9l)O77kEi54DLFLVklv}*bp<(_lINx5TuNS@l6z8eEhTS{WVN4LQ}UfD`JR-# zDT`BpY zl)NXBT_34|87H;msVO;|lINx5TuNS@l6z8eEhRTo@{W`|mXdd-@}89J z3OP={3O$muDS2K>&ZXqlDY+*l*HUsbCGSYdV<~xON^Yg(-6?rICGSbeVTf&)zfA#x zoK4B|QgSXOuTIH5DY=%Cn<-iQO>zE@rR2{>vbydEQu4zo`H7VLY)U@RCJIWg!h3#7 zJ~bu3C?&5*$$gQmtR7Cu*QMmYP04qpz545RMDBtI&epoV>KW!LJ=5msD?gi^Enj3_D{G)5K`3v9ekhQek*ZX_+@qTqN!GC!F2hl10={nF8jYm9g zJK4tWW`uqDA29#nJ;6_Se~{k{NSA*9sQFLZr{xFmn~syh4*vh`21y;4u7A6Dw6FZD zS^mv4uc|*hc(asLmg2-1iE literal 43632 zcmcJY37lM2mH%H?78+y;OCYk@0mOh10)!9{umTAr8j=ta4I)-oS68RYbaz#%s*?`5 z6dENWDk>@{YL9^8!iXyVvH3F5FrCMQKR~_xtcm2ZZu|>T~y# z8R^MBcb4n@Ipk;hPV4btv-`X2(c4F5V{Fe)xAy#Z*B5D!n>qb&wA<-N*!{{zZ@2sR zx$NzB|HDi!Zp@Uw_p@TEJx<-5c6;O;v+tDS{@!kjrcTtp<^E>74aJyLE{*v;HMHAH zyWy??Z|~%5f!+AK%cIkekF#)pv;AJ0>BpCPd3ZnWwBJ`PwRoP=eqUwk>~d zNY<@L?E3sE9jlxY5uTj%sD<`*#Kh94<|h3?T+_I4(Jn|ylJlk{d518vm6AB7sx@lH z@Mk55!iq1?6-L5jPc^N0AIxdI4Wnz)qtPPIC5O!(O4nkpUAfeP(Cz*-{D0(nk%n|q z@(DP!LfSig7FV9kd|AFO5^xW`;_8Pr7p>uH!4KoF<;s(}zeGK}I}dt+^d$BGSYZ!lydl3_lN69^3Fb_y|~?dl-H(n1{E(JT7U$E$2!23Rq>^ zhTrA99sWo7wdfP3pHIO`TOa%tSm~Ju{{Vg+oQHo7UkR6VS) zd3b+V>FI|LgRQLKxv`BI_yqWR+H}IY;7s@iI1ir(Z<0N{4rZ*{x(!)wui)8FqOh`%a3EJd*C6&9V_RHR zSYz9jTwCC0;9t%7_iE>B8LHmw{BHO?&hLS5f>jrjTylL}ZLTk%KLS5bTE7fG6K=tG z!*k#^{D5sS*~+0_gC!K zqQ|r6z63rhWkVrang`K8+x4UHG0vOeW1TOBalOjFJFA1E5mbh$_GEgMr}VLWK+~)3 zNU!U)9_MkeoYE=#H>00tnk2c#ZH`BNxAO_`b%EpBgP`^RYu`6 z-HK^=3HI^1l@wo`;@5eci#<-lPVIx=fqseW-VG~$>92!V;pe&D?_tk|KL*D%BPQqQ zhdcCECZEM-sq3^(i}rWH%UpjSjO%?KKYp6Bk@ETa;V$O!QEc*2iN8F>D^g7Qrz#J> z!(MZ;++UpWk}0eSalPsra=ce%r5h{LmfdoeZ_1eL9^BfBcMx7#boh5Wc2d&c>xeN^Dv z;b*$xyW!bzp6fd2wq)4WdNh^~!kRN%@XfH=_9XmCxCFQ1&%$|Foj~h++2~ncan8ec zJNLuihSy`$g1-k3!)^FMctrYXN%AvzR7~0b3LX>FXnqS?5wXo)Z7T5LgAby)m)^ed`{9`|>9lrz2)qHFM1L5J>wT$tR(3Xb9gjY)=jOx5`u&q( zm8slwJnT$(IZPQ$&BHH&wN{iHbI!xBaBjhBtFmcxy)W96p4*~5d~dXee;MuJ=_*YA z^$~U!9G`Wla~}PX&Mo*j=Qg|$R()ygTnTIJlRF<)`)YBmgK0xkm%=ZF*Wk;I!>aQ( zm-f(VM~ZA4jO*RVk2eJFA(>Vlx`E5>huvGbM>edC-VHayy-qu5BTu4N+ElMM!D^GL zzfZuHKKNGWZSWVIuY|wsd^LPGtgx!%`<&bG51hBdKZcc0JulrZA3?9WZ*j#oGzq&S z2xl8y)Ilrw1grg5&>j85*a=qK>=5`xQVOmUan;y_Y5{VRs$mObZ1fSyDA(dG7a z0ng@#DTLM>A~yqmdBEgQn7FNP9tpp~_3q`^*Clh&<8(}t%n#gIJD!59@=?Cdf?p*| z+)`NmJkPb#xgU0yQ`xRTkL%sak0EEZ)0aA{&(xeRgXNS~7WxU)8 zN^Ees*GJ-%X#)|w-0kOe^|=`-d#PW8O)MA5SL%m5Osz~MzS(t3kMa>6b-oo<@^<1m zHz<4F<4n9gH#!s7^p85r{uWqskjnFRSnacq%U$lb1de=_11c?gszr{N#qHj#f5z502chM+Z!>a7Le zk6t_p{}9$#+=hSdtiAYeoVUYI!Z%>^D7@F6VT^`*_ILgbe6aIlQNqcj^<44G+yc4lJEz0Y|U z^dENag+JlED}0;tZt&NgIjidVj`QyDzd7##KjOS6{1@lF;OTpXbj~21eX!;*xaU~s zz2P&Q_aSY|ocBZjLg$(A24~L5au++#Lch)V>F~AA2f`n5J_!E2^TF`HIv)c6$oWwC zQRipCe{t@Eduh~4^K5t@SnXjRd6D}7S02_{QR7BGd=NG?ucQSZ4og1?&w&qt+wh4V z&poi*hq$)Gr@4JH&D6<<@%o%U0_Wky9(EOcp>sc6bFRU9-K1x=;LBZqCHyYuN%%v~ zH^ZNT)vnsG*6lYr{}X!gcJx}?|0A3*NPG#sI1hgnw!Q;@3)UKY68$=Ls=dluQeldC1bQRX(jJxV<93aaFHu=;q)Y&B^GmaOD~BR_Em~F0LVbL{d^XOXpH^ zm?r_J@*?@>-sk>#gpXx32*-5mHqW;CY%Ha}7`~2sc^L$kyWW9^QwqVYjbM)r?Oka} zIZLD3a$2waN`4K`xiMw@LFdcSVG~)hY`BuU(5o-VJpijO%l!hz^~Ptwxzt%#t~2?d|CpIt;p`F1>Ll02wkG|b zi1Te!xAt^X_X+R3WVS2(N&FVqzVN5;+gu01^YJxL9qz1o>R9I%e6n*JJ{?{ydop&m za|>P-_0-aZQ4bGAJ%wJ2dia&_rxg$VTKl7!V*2Se^x{7Ft?(^y9`5Wh;P;?cKc0kd zaK0J-l!tA@pK<+m_$$tj!rz5oP1uCJ@Q@EJ{uj6f z9|+$Gx8Y~P)=nv>~(whvzE`aYi7?>q;tIM0K}ofpEF!Yac& ze5La$_#Mvu@T7AM{s6p0X@)-yt86FX&%$4W+wkX|Tlj6~JQes=`0Lo{-O+up>QwKJ ze&pN_KMdE99@Hb&)?r68k!zaSu zl0Cc#zE}3}D)`&7r%_!1+uR2az~7NQJOuMEX~RwD?eJyr{R(>^WeCp)^YHs%l}`)4 z1^zDFhQA0a%{u7%Cj9SU9^MXbhg@>h_UI?{8tXfjiOv2mD+3 zo+H^FQm@i)NB<1?cd%ZN90&ga%)<*{9+R}-(_xi!8(sqc5sn8SkAwL+qznCjz%BU2 z@RM*G)*8bm@uQNYjQ)*`&G|fK0_VkxsCW2Ha0`ALtTJ!I?}Jyu+u@JGZ^lM1?LGtl z49vr7qgSC{1%DNOn|Lw(0#-cR;RoTjE9?^b1^f;;4?hO$oS+5&8NLQ?!@JXt#mU(; z16XC1hmV34=hCy2o|BxH!Dql$FW9Vt^*w_Q<}ZZb4d>x1{9d>PzXHAvZo}@T$bT=_ zR4$4vy4-HLh)M2g&UjP%P;Vn1Jy-6H&MlMdNAA`x@3uREuEK_FPL=)!Sp7@xX6HP7 zn{x}k!?_LL741p)ccMM4@n7+@V2%IcHvGeA&vPG+_V6E^TktOQd9#Q2ch+L=24({=Q^S|LA;P-z3KO3eDrmGxI5BlUhd}VPE zUr~?aTYBz%( zpnn9v&E?LDMdPo^FXc@C3luxk|HSo5)7OZTMA_NneehwaNI;9{*KVI4^J39W_quz4 zuyVf%@g-B3%VjeQUy&Sxue6+oPd7HleXI9n=;R9cv49YBzc;PvI(xf!xlZ>FAc9SV ziSbkx6+R99cI@>oL+dnkuDj7M0sG+Z z!+KU8{u!+AD%$2a$XTo{-33xHAb$jn2#3OrnPxx%vQ|Ghbn&Lko={d@I zHhjGEVX)S+vN;?+*ZBzeg)m9on&+PO-D(4JdOv9CgwA7$Ld)sRu55m*&^IR{5 zcfoIQjl#Y7ZLT^@_Vg`g&sOIj!f$o{5&S{t2jMR|Gw%@ETyAP4nyc1C?sBnBBj0d3${VEk!-^IGy?e|^IJ(}WQ!)oU=@u__nf1mh2>w)w> zS9P7|`XTxm*!IIefvt_fzlKp;+H_`^M<+LpeS+d#2=52WUhYum7Ca~FiQq(dAN&^A zsW4$}j5`OGTZhlBWIevx=q31c(c}tz)>&KC*RF>5lM(KESasD$u#Y;=hCdIh?HmSw z#rbgf+s;S8KXQI1{Cnpk;a#2)!afV$!f8G*n&^O zW`CuVOZ%p$i^^qCwoF~!W1*=Tj@OPY(UgiYnJp7n*3*Kcmdm`d&!~4QV!wL0y6nreKx;+-g z_0B{-6~?oEumn~bs@M| z{mA_RyH}zoiBt2aE`tw3CwB#Wg#cOKK^%;q=eh=cAAXBVXNu=y(uUuIUVJBfgY!M` zP0shjpMqmv^sH+YKTh9V=vi$E!Q~FYUJh@ML!F<2|E1X$hxP4m!*V~v=T>w%wPSa= z$KgM6pT2HosCN!=e2RT4kFnlGABJrko^lvJD3-%h@f_id*I5%iGj(5m#9i)>@Lt40 zH?edc6yi(f;LGeJ{2cxge2qaD;M2X5;ow`C1}ygqe1&;Eeh&W{e1&nB`*Z5K&vwSH zlSW(LV0;YsZX_(O_m$?^kKA8U;s2E4CsO<$DYis}@HzcXguC5(l(^t>>L>1U3sN?@ zl+BbB>!Y}j9A+U@4AJF&-VK}k4g8s4(|bC6d*oX@fZK2xeuE;_6>*2Nd zsYND zH6gqOeH*UBTNOVI_GPf@D51bEbI!w8!51qY_!?Ms*M_fyFM(D0A93!3vRwr{bT9KMj8^KF;3#UF1AWz(MB| zxY>k>e`+7Bx%tKTayqAe9e$o`EBsQzwct0vuf?C_db4vIemhJ#B-^=UKh4wpZdmSv z_)7Dq@n!eV_)7EL_)7El@ec%VhPT6ce7X3%KKQ5TM~Ea3{{mJz`ni7X`W771GztIC z^==iGwlI=A7|oRx_s(H=ezW+`Or(~IB+wr%vI z&dTh|o%8S&&MjEqv)Z@=>)XaAVO1#a#%3JO!#BX2;1+xnyjk(9;BXVNpT-#kdR*_Q zWE`HY*Yy3}7JQWRBzz*Q zaiemk$r|JE4&%2fVZ@Dk$YsAB4!#J2{HX}`!h zkA4tVxE4I(+=iR5twFhWvD>%d*TI+KtFYb#zY5O7*Sbv$z5#v>`ZoL#SnKRIHFq2Q zTG^ACJK)RU7W_3>X=}sx!j?bU)B~{EW*&Y7);QmS^$zKEiXYw$z8p@ba|M_CDe@uc zalNmG^(*Fh)~3W;Wsf`7ZDP5Q+^K!&PeC8o->1QrHU$VScM^t?w|QL1yZx-oxnIIc z8=gIPF$S;i-dFJ4f>boW8>pv*eG?p7mCLR#ty5R(gI)pL<5?xre2A*A)Mvo1Waey1d)9u-?kzn>d&+51Dsg!?!Cjr%W~8}5II`wtx#>P2n)G597A^9T4& z@e!Qq!5rIdZIRe%^LQujHu}97B~kB@cSEnSXA<5QCW(pODIW@JPPp^Xr03broXPYo zbp9%Qw)5BE)y`js`rCca=N5bu{8sdB_%`?s<*|>lhW`c5!}r2#Q0rjnhp_VAhJOPSY^%N()i+~2 z&fH(ne^l|%UUJ9V7?|kWgFWDfQ1`?8!OBYweg@1@n|+gTwCk@#e*%0n@#y=6=fHZd z4!xfTE02Bf3g=JqP|Iwt4uuu-bf!YbmTpPI9e;FTrnfoeyiwN(l2}SoPHltM1eWX25OQ_Iu$z zIJWJ1a6k52(dS`(|E9UQ1-r|g#skN&K{a(9$|n5j?)^mFRr*cnZ*l#r;Lke07XBya z%i%9NzX4_mX8YoI!pfK24bFY=&G3Hsd9KgF%2z+vmz{^`9urliZJX(%(p$kEAP2!ZE)x`vm&05JwCCBK%cY>Hmgv z3;rIwFZWeGKY>*a+u>isR`$7Mmp{Ym%gooiYRr_L-`D7wIzKSK+cFVRh5zcvdF8p=k?uRv2+q^(L^U;ep!lyacVU6w5H*(1o{f>rs6Z*w&vl;!l&iq}E zo)Vw*Ke!El+<80P zhQC3+RM~gIcf)!3d+Gs)~(?9BMmv)q|J*|Wx(MP$!K&b@Hinc==?%$Y9QGw#f|+@ms4dPr{1D_l?Y z_gvw;C+vC1ovaK5ms^n_r?Nb?e)t_X(0C+nq1PCMTa{UmtuQ@mQMR zOBoC;O|UyllWdh9U0VO)_WU+BGTTmge5#lAx`(6elb@vYlI1kkKAh6u>-LIQzgLH| zeZX(AiQKcG%e$mlzke2ObT$@wM#^Tt6zkn}v^gTBpPS-^DLyyF7o@nH;%16po#Hp8 z_?i^onBq^T`1Ta*oqtT{T`9f37l``%Q~DpL_^}lKCB=K5+zoqhil3e01u0&VV*S00 z_*|VCMP8M%xhTbz6i=l1jVXRhimy%a4Jp1Q#rifgKKEZz`tPLp!4yB1;y7wX#rlRlreEK%N7gs&k@XFGWPQUPS>LcnzAP1| zzT=Mix2E*hrg&-SUsi)3Na;VF;@eYvcZ$E4;_WH^Ws3ih;$2Vare|h~^*wJ)=aDJB zzK4zalTvz(O;LYlO0P4@sMncO+MHUYEC50 zQmwFQexXzy8!MNZ$xwNs(mXDstktXQ>&4OIMyq3$X0<-Iq=)yNx$5k~s?{scnX{wy zF@23@eZ17{Yg9`c`i^dFII8cGL`-TM8+gzt(In7_bohhyYONutmo|-5Hy4}Ya=l)y z7dDQU$IEtWg0KUHQn54~M%)-1^e8qhDo zP3%0s+1OYZ8Y!-~Og1w)*<7zQQ~9Ws%Nq*SAxl@dRV$ATR>mx6N{WlBu%SwQ)KXn6 zVNhr^i_LL+2I*>6M$1**6okChD^;Flxf?Ckt>|kZWWCt5QdO(TsD|oAdvv`zPBKeH zuPKwpsyoUQe5pLxFDY^Q7(*D2dyYvUoY3H^=9al-ipnBe2k*ERH>pu!c`fC!D6$h zbkXg`W1}mruh%*^=r1K}SZcL2tl=Uxpb!dKpzH@Nt)UAvs8hQcMum_X8GDIqzv9YHdqlpuE1K$}Q0^!tg^ctJT7AK{9u$>?Wxb4?~Q_ zqKDOrl{!Op3da}Bx4YfMbyHR#4JV#}{Ww26Q;g;&rOLZ?sW5*00x`1@md7vXS~iAb z*{Kly*&S3IgPqbH8y_Y3Ksgg47(9Op@C{?;Xeu&klDjo;WI(3Y!^Is+$X?kucm?s+nXg-q7=HY*av- z)fsXa7B+888ni`ebjLBVp*pD-Hy64p1PfTKmxeoP0&VP=(6=d22ARPm&WPg+T@xq8 zq*<(tBx+xqiwpoZ9~XuhONc3>v5<-GCDu5MtXXJS86O(5aLLAz@>o*uPWlotP|ozT zKrWJrq55cCIZV{lnv#JnT09JFsSHk7LDL;*ZHdOrda}Me#-Lk^(=kO`o=7S~T9$-) zxje#3jHzdYsfFQF-sa-S2BH|*7@}resf;nsHj`q>CehHiEG1+0B#v2e@HPD=RzQ|6 zT1_r< zkA>t}0xWZz_=8y{HDWG(RIza`^mY5mK-OT55<0(r28E{2$^_L=P!UFMz|8KHVkk|` zLE$lqw%lmY0E+XI;sSMS60WsHnN?wB@Wd0iWeFOo43%wCD-F>Dnbr#fTbN2lD$FGb zqs(Ahw)@OV%z0^x9W-Xc^9x=anhdLBgN+c`&Td!;(!TQ$JG+rd`FNcwZc_3gA#`XS zuS_KhY+xb6I=7%!W!r=;2}_(rvwylZ`|5hQIx?8X(2DhwRbVnuWl2>yQ$H>0=4fps zp(&TgSRBULvtHh))@`FRMOjX&H8oqhG|w%Lum~&ilO9qI9xEiLKGBowAAF4qcXe?6L&kf2wlE%IQ>zeAguWTxfu)<-1ssWaM?@Oc_HKA!)-Cm;t zLn*V5EuA#lB&7*`o&wO3I3gOrR_F;9j} zVw@~%xU>N$?VC1XQ{W?ieaO0CcsA06en)oQg+-B8?;jLi3iz~yA+#kGM2WZ){qT?>ZJS1lV=Sl2w1#F(V_FwNFiqA*%5>?* z=Aam1XFL*cj1@n_BE`RxEf)K)M#`HMDrEG5&60Kw&1gwVXB=VZ&2rajP^^ zHzQU0l>3FD&4Y|$Y`vmlM7wfAyZ*u!_smuyy*8vTe)M8VAd2`>|OxKJu;y4OZ0@wm&|_ldt7CRf9LTSBaV*l*Q0tp`jFu}5 zQ=^$i&l_B;&#YUp#ib_|0NYFr$;hzzR zrLwkLR*+VzmO7*Hv3hxZn8X=9FgI<@y1gccK#f|tMDHyzvAonR>J>&zJKgZ%Q>QuW zgT|)KQ0X>?jW)*_WXpr(U0Tb#%bl`_qi-_2xib>81YvDG*p;m*r!5&Gx_9a4jjp84 zJ`JT=DUNiNte6W*jW+7$Bc~E-g{l#H{aEPIHpW}&(G@uxqWjm>=emfN(YH7@I6@aH z73-Y6)eFoEw&3n4v>SKTX8QAp)+Qc^l~vSOzbH3{n@p<(mFLKbqiX!ZFdB(8Jw|PF zq!H1xAq$OBp~l(OZwR}3R+_e`8XPS$L$GwUcA+1IbcRi#d1suAY6j9+$?;r=$I5gz z20p4^W_mjFnLLYL6CMQ=qS5xt7Lb+t#$>#djF!w$HydGMYZNx9x6tB88EnUOPDQI5 z9Uo~{2%zy*`Y?o5#)hg4)Wt%rS!eNC<2Jy#0jn7ioj!OA!i|X&P6~>0xx8@R3CAD5 zgLKk-6RpiCm~x>Zl_cKRMa=T(R%ohb~|CD2clfPzluyN6;bTU}=CPTmMy^Q08o+IUk+asH6fV zl`Si`D$6N~e1g8D8&cMWwu)}fpfCZWWsCLJ4E9R*E&d~8hT06N{XnZpV@*~}19 z9xHOt!EiOKlQn=sV6ZO##+|Tsby*pGHs-{E+6%H_?f`=Ce!U~|9oH&$sHR(7A!gyP64zOoPMdJr1 z-RElYsdZeKGg4AGL87lwb2hna{9)?r44mO$DU5SGrOxbPW0jf&*^NVpc0@#w((pKj z&z-a1Qs5y>ZO4Z@At*kp5(o&ER zjzdK38rVo{e3C@+M@g-SH495>h#VCY9VyvzraBZ>sY9E?LF_mdMwEgr?`f|gT`0s_ z$Ao>dCf9L>SFM*=$tDboqvK&%4$Pg=>L!hGwzbk53?{ZP=4r2mf*bZYR`KjJ*m&D} zhsKsMURkj^V>M{o3e|<)gW76jLwI*Im~3F_?;%t@tRxxWV;rm;ZEA1>I&NXy-nr^@ zf-?epkR`CZ!;NUf2&$2RJcPs9M5m|qq}tf%CvU1E9hfj!H5rd}BN7@3o zp(7~Y7YtW8T?_0@mfES2nhF~UpQB6R7=%+acFLVsz@cg>wwN|w1?eqpRIw(oqpIS# zPDjIOO-YZWcPpRWOjWn! zp||$hYRC*$)}Hl(7*Sh*a8e$Yj~38lQEk~#+tSr*mYvI_ykh0*CFieMw0cbvHBq)B z8GmJC9Or#<6$^j$s&fmgmz)`X(SFC*Dig@GfW$SigWowhlfWBl1t9R;U6Dv#28z8R` zJEB%GjYOJ2<2t-1-I6SZ&b=T>Z<`JsuP`YxMz3c?X9lxZ*vY6SN}Y10^PZK*eHF;L zL&h+xaKoVrDIY3~bJ+;SOC)PoLrmxBY?dD?gqP^UdMP{P{dC9&#G!B|pd$gFd=0S+ zlMwbAmxq|``N2v=%W$akUSInxjmS2|4;9LKY|K7S9?+Ut_73BGjHBsnhz)CL+-7)F zgq48hVU%PJGI8=Asm_71QvJf!%hoJmjdr#-gC%QrRI%<#nVi3rHj-Abx?Q&R+_Yx- zN?K+r$dYv|IBD!dUdtma8qyWz@{kU1yz}YP46d*Q)VCdF{m_9CC)BH!Ew-<*@H@Qb zoRqLCEu5daaqgmZi52;{Myq7K;TOG9jAdJ;Y3m@# zI^L-?bv7)iJT%10hUKJ51NPPcb#Zi{qIJqkS$48@tgGQR7%Zvij?8wlgsLNlePl=s!UuuN$(^nbVeRD_ecbKebjs@-W=$=}q=q*#d-Y9S637a_mqLaqx5kowH zmMM7ly#T(#O0Ey+oS9jtsl$f#qzC2bsD9duC2hPV_}hNH?BWniY2L(omxE@O_V+Xj9m5gRdYj{ud8f`h^~7Y?%23~&#)f0hNPW&X*FJEt zFJ<~>pWe6VZ1z%1*672(T|>?F>2zIh%leLPHu_HQvk!0hRzXJ~eup@ZdQOOacC%q& zbxV!L1E^_o60X@&=jU^d3|}_#!66l19h&2hTB7eAk2u^aCpA6Hk~khfgJrQVRJLt3U^{osji)n(3UQh*l+W!l}ofdVI2LOyjX<*gF&= z+*#Q$D0D;3ONX+T-G3vL-3#I7J>_XSAh>YeMLW&G&XUmiX2;X77X;ZbFV_~ zmO-WVf-pyrtohtgDaLA}(=Zy@*P^P_P(cdHr%pTh{Isil>c^&?dprHu^zUz>3o=b~ z!QXD9;Z|s*s{Z5Ws|_T(rZR8eYF$|Q`>Q1Vjn`a#do(_`^L-KVctst5;!~bvCI8=i zl7-p%Q&M?ISKxx@*s9pNkrtAD~blPYfI<2IqblOTypD#9x z|3$0#FS@Re;XEPs#qrF1(YckLFvi1#kt&$~gU+~XD*FH5JunvVv1g=fBlN&f66%W_ zoRs;69vN#gHIcKP`UWjG{F56yv(naH-%BsBw?G|%H(KFaiugi+g<0q20Q+kW9tw(l zgm0y~lHQ-&s$Fk1G}k7zQbVtbYNdMcQjceviO=Bk=n-C8arzS;YOiCeTkKUCpEBqJ ze&fzrjg~kp9BqS~#LxISz^aru*iqI)uGw3u6oNvNmfjFHn|#VK+F0)^uW-}e<`}YY zHlK4edw?>#D+cz47IUFKRGPnV;rwuz(-}=QSu0)4 zi#(rIh`ul&m*E2s9?${Hzfz%Xm6}4xr>HQ*m!ioK#}FzyyJyxa10~F=GQ3XF>9pRx zgk`JB(!T1@XVi8S!*?v3c@fLDeQ1Q3>{mFL26)xFAQ@yssM}F*0&kM|0>x1uqd3}k zC(g>CBL{E%)`|;SyH=wRQWVYj`hXpfp2j!DUF2<*HY4$ly*konGQ5{Gdw-*q$drKk zj+k$|?AH8be54YvAX5D_l1gcmavB^95-&UL38Q>pQnE82UPSR~!y*XYNO6E8pV3-ig8wyoMS06)l%qjd^T<0+82&bhO2Z? z`zo=cJb^Z+BQ$Pl(Vpuf$TCS%{L6J-P0`AtWaSdutqJ=ICbC;MFHAH57yUymJ~=shCd= zcnF_ML?E3(5urX23T`6iaf08aSk#3jXVXw)R9|$n zS*H1GORR4`?7X;PFP6dq#i(|+`mL<6=ZqFnY5R3I@S`|8N74aO_#n+1f7sUZYAU2a z`*U88n&Oo_gH$3WD`_)3*>Jv?MtQb8D+FLBR`yPRL42ew&U}H z&d=kiDc>pCZ{1LOJVj^r{@zPRmZ@`Lzo~;@y%A%p91V5o?P1J_Ss=7p_Ubw|Pf5C^Fp6%156Dw-N< zZNTCIj&@+x74?gu@8u7~^$Bo`{W^kQLLcVR-<#3zqrZ^LfBjs)`=8u*bXWcWH^%wJ z`gs3?!0W@`dBQSDK8&p2Wmg>G*IW5JYw#<$rd<`{m%L>Tf47=HIwspFPe<0TzDoW8 z_h;Q4{@#M*?;ubAWca`ABtM9}$JdjjAC`RNQQW^L{D0Y!7a||^WB%Te-GJ1w|9AY2l9ap;@}$eZ=l&^_%8e*qoRViE-|F%? zl<6t_C6zl}em(O3`~iY{Quhzw{{1O=Ch~TdZ@@k`rzd&bg#H-|n&h zTS50F&qB_p?(dJR-&c?KWxpyV%YI!-mVJLpmi=%_mVGTH%YGsy%YK{7%a5V_?x8+X z_Z9x?l&tWRE?c{Ni1K$iwm*#-Gs&Nv@^K~dH2ykKugf+b@SiWuNXgTYXSv+Qeh>a= z-BOpQ97})aKayGH@=WBT_(N6eQu02?{V90{^03PD@*J-Dc4?w;;b$=%Eq{~mp{>8aYJIym@?mwLCv{T(bfcx!~{Y>OL zU49YvxmK>zPGk9L?4`+=Q@Oq$dD^wza<%?`eYadCPe+dBdLQ;rzcttC-@V6i|8u!y zA#o`_EBAZ52?%gxFiIhLE1`xD)AvvNni z+2h-f^c}tXluo%xo`u{_-QOSi{*)~H?I~II52a+;$NnATe>`=)i{JpJ~fhX&Z6AQ-)57G@~n(JCnGP+$Sj?92)`~Pv((w) z{zOLJmXWW{$Tw!>TQl;V8TtN<{7^=IJR|q|(ACL*MrKOfA^i(8^3sgFE+Y?TL(UM*d_*z9S>wn~@($ z$r{?8$jH0wt!75vnvt){$k%7&&!uEl)z>rf0~z^| zjQm7K-hDSB!Nu}FI3pjEk@wzrznS~*lg#C}dYZ{xJ|drc=9;tTMj`xpzMXz*A=`L+ zC*SAjwSMZGjjna(3oNsn&-<(J_W(0?-5cTCyYy?Sxg#Tdil~=Vdu?-T^}$zE@adCeaw8T(+MkRT^+=$J%BuAB|bl%7yLijL@P!B diff --git a/firewall/interception/ebpf/program/monitor.c b/firewall/interception/ebpf/program/monitor.c index 341aaa8c..66177495 100644 --- a/firewall/interception/ebpf/program/monitor.c +++ b/firewall/interception/ebpf/program/monitor.c @@ -11,6 +11,9 @@ #define UDP 17 #define UDPLite 136 +#define OUTBOUND 0 +#define INBOUND 1 + char __license[] SEC("license") = "GPL"; // Ring buffer for all connection events @@ -28,24 +31,14 @@ struct Event { u32 pid; u8 ipVersion; u8 protocol; + u8 direction; }; struct Event *unused __attribute__((unused)); -// Fexit of tcp_v4_connect will be executed when equivalent kernel function returns. -// In the kernel function all IPs and ports are set and then tcp_connect is called. tcp_v4_connect -> tcp_connect -> [this-function] -SEC("fexit/tcp_v4_connect") -int BPF_PROG(tcp_v4_connect, struct sock *sk) { - // Ignore everything else then IPv4 - if (sk->__sk_common.skc_family != AF_INET) { - return 0; - } - - // Make sure it's tcp sock - struct tcp_sock *ts = bpf_skc_to_tcp_sock(sk); - if (!ts) { - return 0; - } - +// Fentry of tcp_connect will be executed when equivalent kernel function is called. +// In the kernel all IP address and ports should be set before tcp_connect is called. [this-function] -> tcp_connect +SEC("fentry/tcp_connect") +int BPF_PROG(tcp_connect, struct sock *sk) { // Alloc space for the event struct Event *tcp_info; tcp_info = bpf_ringbuf_reserve(&events, sizeof(struct Event), 0); @@ -56,67 +49,32 @@ int BPF_PROG(tcp_v4_connect, struct sock *sk) { // Read PID tcp_info->pid = __builtin_bswap32((u32)bpf_get_current_pid_tgid()); - // Set src and dist ports - tcp_info->sport = sk->__sk_common.skc_num; - tcp_info->dport = sk->__sk_common.skc_dport; - - // Set src and dist IPs - tcp_info->saddr[0] = __builtin_bswap32(sk->__sk_common.skc_rcv_saddr); - tcp_info->daddr[0] = __builtin_bswap32(sk->__sk_common.skc_daddr); - - // Set IP version - tcp_info->ipVersion = 4; - // Set protocol tcp_info->protocol = TCP; - // Send event - bpf_ringbuf_submit(tcp_info, 0); - return 0; -}; - -// Fexit(function exit) of tcp_v6_connect will be executed when equivalent kernel function returns. -// In the kernel function all IPs and ports are set and then tcp_connect is called. tcp_v6_connect -> tcp_connect -> [this-function] -SEC("fexit/tcp_v6_connect") -int BPF_PROG(tcp_v6_connect, struct sock *sk) { - // Ignore everything else then IPv6 - if (sk->__sk_common.skc_family != AF_INET6) { - return 0; - } - - // Make sure its a tcp6 sock - struct tcp6_sock *ts = bpf_skc_to_tcp6_sock(sk); - if (!ts) { - return 0; - } - - // Alloc space for the event - struct Event *tcp_info; - tcp_info = bpf_ringbuf_reserve(&events, sizeof(struct Event), 0); - if (!tcp_info) { - return 0; - } - - // Read PID - tcp_info->pid = __builtin_bswap32((u32)bpf_get_current_pid_tgid()); + // Set direction + tcp_info->direction = OUTBOUND; // Set src and dist ports - tcp_info->sport = sk->__sk_common.skc_num; + tcp_info->sport = __builtin_bswap16(sk->__sk_common.skc_num); tcp_info->dport = sk->__sk_common.skc_dport; // Set src and dist IPs - for(int i = 0; i < 4; i++) { - tcp_info->saddr[i] = __builtin_bswap32(sk->__sk_common.skc_v6_rcv_saddr.in6_u.u6_addr32[i]); + if (sk->__sk_common.skc_family == AF_INET) { + tcp_info->saddr[0] = __builtin_bswap32(sk->__sk_common.skc_rcv_saddr); + tcp_info->daddr[0] = __builtin_bswap32(sk->__sk_common.skc_daddr); + // Set IP version + tcp_info->ipVersion = 4; + } else if (sk->__sk_common.skc_family == AF_INET6) { + for(int i = 0; i < 4; i++) { + tcp_info->saddr[i] = __builtin_bswap32(sk->__sk_common.skc_v6_rcv_saddr.in6_u.u6_addr32[i]); + } + for(int i = 0; i < 4; i++) { + tcp_info->daddr[i] = __builtin_bswap32(sk->__sk_common.skc_v6_daddr.in6_u.u6_addr32[i]); + } + // Set IP version + tcp_info->ipVersion = 6; } - for(int i = 0; i < 4; i++) { - tcp_info->daddr[i] = __builtin_bswap32(sk->__sk_common.skc_v6_daddr.in6_u.u6_addr32[i]); - } - - // Set IP version - tcp_info->ipVersion = 6; - - // Set protocol - tcp_info->protocol = TCP; // Send event bpf_ringbuf_submit(tcp_info, 0); @@ -143,7 +101,7 @@ int BPF_PROG(udp_v4_connect, struct sock *sk) { udp_info->pid = __builtin_bswap32((u32)bpf_get_current_pid_tgid()); // Set src and dist ports - udp_info->sport = sk->__sk_common.skc_num; + udp_info->sport = __builtin_bswap16(sk->__sk_common.skc_num); udp_info->dport = sk->__sk_common.skc_dport; // Set src and dist IPs @@ -187,7 +145,7 @@ int BPF_PROG(udp_v6_connect, struct sock *sk) { udp_info->pid = __builtin_bswap32((u32)bpf_get_current_pid_tgid()); // Set src and dist ports - udp_info->sport = sk->__sk_common.skc_num; + udp_info->sport = __builtin_bswap16(sk->__sk_common.skc_num); udp_info->dport = sk->__sk_common.skc_dport; // Set src and dist IPs diff --git a/firewall/interception/ebpf/worker.go b/firewall/interception/ebpf/worker.go index b1798315..ecd7eddb 100644 --- a/firewall/interception/ebpf/worker.go +++ b/firewall/interception/ebpf/worker.go @@ -32,23 +32,14 @@ func StartEBPFWorker(ch chan packet.Packet) { } defer objs.Close() - // Create a link to the tcp_v4_connect program. - linkTCPIPv4, err := link.AttachTracing(link.TracingOptions{ - Program: objs.bpfPrograms.TcpV4Connect, + // Create a link to the tcp_connect program. + linkTCPConnect, err := link.AttachTracing(link.TracingOptions{ + Program: objs.bpfPrograms.TcpConnect, }) if err != nil { log.Errorf("ebpf: failed to attach to tcp_v4_connect: %s ", err) } - defer linkTCPIPv4.Close() - - // Create a link to the tcp_v6_connect program. - linkTCPIPv6, err := link.AttachTracing(link.TracingOptions{ - Program: objs.bpfPrograms.TcpV6Connect, - }) - if err != nil { - log.Errorf("ebpf: failed to attach to tcp_v6_connect: %s ", err) - } - defer linkTCPIPv6.Close() + defer linkTCPConnect.Close() // Create a link to the udp_v4_connect program. linkUDPV4, err := link.AttachTracing(link.TracingOptions{ @@ -102,7 +93,7 @@ func StartEBPFWorker(ch chan packet.Packet) { } info := packet.Info{ - Inbound: false, + Inbound: event.Direction == 1, InTunnel: false, Version: packet.IPVersion(event.IpVersion), Protocol: packet.IPProtocol(event.Protocol), @@ -112,11 +103,16 @@ func StartEBPFWorker(ch chan packet.Packet) { Dst: arrayToIP(event.Daddr, packet.IPVersion(event.IpVersion)), PID: event.Pid, } - log.Debugf("ebpf: PID: %d conn: %s:%d -> %s:%d %s %s", info.PID, info.LocalIP(), info.LocalPort(), info.RemoteIP(), info.RemotePort(), info.Version.String(), info.Protocol.String()) + if isEventValid(event) { + log.Debugf("ebpf: PID: %d conn: %s:%d -> %s:%d %s %s", info.PID, info.LocalIP(), info.LocalPort(), info.RemoteIP(), info.RemotePort(), info.Version.String(), info.Protocol.String()) + + p := &infoPacket{} + p.SetPacketInfo(info) + ch <- p + } else { + log.Debugf("ebpf: invalid event PID: %d conn: %s:%d -> %s:%d %s %s", info.PID, info.LocalIP(), info.LocalPort(), info.RemoteIP(), info.RemotePort(), info.Version.String(), info.Protocol.String()) + } - p := &infoPacket{} - p.SetPacketInfo(info) - ch <- p } }() } @@ -125,7 +121,28 @@ func StopEBPFWorker() { close(stopper) } -// arrayToIP converts IPv4 number to net.IP +func isEventValid(event bpfEvent) bool { + if event.Dport == 0 { + return false + } + + if event.Sport == 0 { + return false + } + + if event.IpVersion == 4 { + if event.Saddr[0] == 0 { + return false + } + + if event.Daddr[0] == 0 { + return false + } + } + return true +} + +// arrayToIP converts IP number array to net.IP func arrayToIP(ipNum [4]uint32, ipVersion packet.IPVersion) net.IP { if ipVersion == packet.IPv4 { return unsafe.Slice((*byte)(unsafe.Pointer(&ipNum)), 4)